2227 files changed, 116648 insertions, 100265 deletions

diff --git a/lib/Makefile b/lib/Makefile
index 98d746925f..402e73722a 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -33,20 +33,6 @@ ifeq ($(findstring vxworks,$(TARGET)),vxworks)
 	cosFileTransfer cosEventDomain
   endif
 else
-  ifeq ($(findstring ose,$(TARGET)),ose)
-    ERTS_SUB_DIRECTORIES = stdlib sasl kernel compiler erl_interface
-    OTHER_SUB_DIRECTORIES =	\
-      snmp otp_mibs appmon tools
-#    OTHER_SUB_DIRECTORIES =	\
-#      appmon os_mon tools runtime_tools
-    ifdef BUILD_ALL
-      OTHER_SUB_DIRECTORIES += mnesia  \
-        inets pman tv observer
-#      OTHER_SUB_DIRECTORIES += mnesia ic asn1 debugger \
-#        inets orber pman tv observer cosTransactions cosEvent \
-#        cosTime cosNotification cosProperty cosFileTransfer cosEventDomain
-    endif
-  else
 #
 # unix and win32
 # --------------
@@ -59,10 +45,11 @@ else
           snmp otp_mibs appmon erl_interface asn1 jinterface gs wx inets ic \
           mnesia crypto orber os_mon parsetools syntax_tools pman \
           public_key ssl toolbar tv observer debugger reltool odbc \
-          runtime_tools diameter \
+          diameter \
           cosTransactions cosEvent cosTime cosNotification cosProperty \
           cosFileTransfer cosEventDomain et megaco webtool \
-	  xmerl edoc eunit ssh inviso typer docbuilder erl_docgen common_test percept
+	  xmerl edoc eunit ssh inviso typer erl_docgen \
+	  common_test percept dialyzer
 # dialyzer
         OTHER_SUB_DIRECTORIES += hipe
       else # BUILD_ALL on unix
@@ -70,15 +57,15 @@ else
           snmp otp_mibs appmon erl_interface asn1 jinterface wx debugger reltool gs inets \
           ic mnesia crypto orber os_mon parsetools syntax_tools \
           pman public_key ssl toolbar tv observer odbc \
-          runtime_tools diameter \
+          diameter \
           cosTransactions cosEvent cosTime cosNotification \
           cosProperty cosFileTransfer cosEventDomain et megaco webtool \
-	  xmerl edoc eunit ssh inviso typer docbuilder erl_docgen common_test percept
+	  xmerl edoc eunit ssh inviso typer erl_docgen \
+	  common_test percept dialyzer
 # dialyzer
         OTHER_SUB_DIRECTORIES += hipe $(TSP_APP)
       endif
     endif
-  endif
 endif
 
 ifdef BOOTSTRAP
@@ -89,7 +76,7 @@ else
     SUB_DIRECTORIES = hipe parsetools asn1/src
   else
     ifdef TERTIARY_BOOTSTRAP
-      SUB_DIRECTORIES = snmp sasl jinterface ic syntax_tools
+      SUB_DIRECTORIES = snmp sasl jinterface ic syntax_tools wx
     else # Not bootstrap build
       SUB_DIRECTORIES = $(ERTS_SUB_DIRECTORIES) $(OTHER_SUB_DIRECTORIES)
     endif
diff --git a/lib/appmon/doc/src/make.dep b/lib/appmon/doc/src/make.dep
deleted file mode 100644
index ce0d7571a3..0000000000
--- a/lib/appmon/doc/src/make.dep
+++ /dev/null
@@ -1,26 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: appmon.tex appmon_chapter.tex book.tex part.tex \
-		ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: app_win.ps listbox_win.ps main_win.ps pinfo_win.ps
-
diff --git a/lib/appmon/doc/src/notes.xml b/lib/appmon/doc/src/notes.xml
index ace163bcad..c469880abd 100644
--- a/lib/appmon/doc/src/notes.xml
+++ b/lib/appmon/doc/src/notes.xml
@@ -30,6 +30,27 @@
   </header>
   <p>This document describes the changes made to the Appmon application.</p>
 
+<section><title>Appmon 2.1.14</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Appmon 2.1.13</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/appmon/src/appmon_web.erl b/lib/appmon/src/appmon_web.erl
index fb7144246c..048f7fa165 100644
--- a/lib/appmon/src/appmon_web.erl
+++ b/lib/appmon/src/appmon_web.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -578,9 +578,9 @@ htmlify_pid([],New)->
 %% the HTTP protocol                                                  %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 urlify_pid(Pid) ->
-    case regexp:first_match(Pid,"[<].*[>]") of
-	{match,Start,Len}->
-	    "%3C"++string:substr(Pid,Start+1,Len-2)++"%3E";
+    case re:run(Pid,"[<](.*)[>]",[{capture,all_but_first,list}]) of
+	{match,[PidStr]}->
+	    "%3C"++PidStr++"%3E";
 	_->
 	    Pid
     end.
diff --git a/lib/appmon/vsn.mk b/lib/appmon/vsn.mk
index fa17345daf..047f1eadc1 100644
--- a/lib/appmon/vsn.mk
+++ b/lib/appmon/vsn.mk
@@ -1 +1 @@
-APPMON_VSN = 2.1.13
+APPMON_VSN = 2.1.14
diff --git a/lib/asn1/c_src/Makefile b/lib/asn1/c_src/Makefile
index 9e9cb18524..8c06be56f8 100644
--- a/lib/asn1/c_src/Makefile
+++ b/lib/asn1/c_src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2002-2010. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -51,33 +51,26 @@ EI_LIBDIR = $(ERL_TOP)/lib/erl_interface/obj$(TYPEMARKER)/$(TARGET)
 # ----------------------------------------------------
 # FLAGS
 # ----------------------------------------------------
-EI_INCLUDES = -I$(ERL_TOP)/lib/erl_interface/include
 CFLAGS = $(DED_INCLUDES) $(EI_INCLUDES) $(DED_CFLAGS)
 LDFLAGS += $(DED_LDFLAGS)
 
-LD_INCL_EI = -L$(EI_LIBDIR)
-
 # ----------------------------------------------------
 # Target Specs
 # ----------------------------------------------------
 
-C_FILES = asn1_erl_driver.c
+NIF_OBJ_FILES = $(OBJDIR)/asn1_erl_nif.o
 
 
 ifeq ($(TARGET),win32)
-LD_EI = -lei_md 
-SHARED_OBJ_FILES = $(LIBDIR)/asn1_erl_drv.dll
-OBJ_FILES = $(OBJDIR)/asn1_erl_drv.o
+NIF_SHARED_OBJ_FILE = $(LIBDIR)/asn1_erl_nif.dll
 CLIB_FLAGS =
 LN=cp
 else
-LD_EI = -lei 
-OBJ_FILES = $(OBJDIR)/asn1_erl_drv.o
 ifeq ($(findstring vxworks,$(TARGET)),vxworks)
-SHARED_OBJ_FILES = $(LIBDIR)/asn1_erl_drv.eld
+NIF_SHARED_OBJ_FILE = $(LIBDIR)/asn1_erl_nif.eld
 CLIB_FLAGS =
 else
-SHARED_OBJ_FILES = $(LIBDIR)/asn1_erl_drv.so
+NIF_SHARED_OBJ_FILE = $(LIBDIR)/asn1_erl_nif.so
 CLIB_FLAGS = -lc
 endif
 LN= ln -s
@@ -87,7 +80,9 @@ endif
 # Targets
 # ----------------------------------------------------
 
-opt: $(OBJDIR) $(LIBDIR) $(SHARED_OBJ_FILES)
+_create_dirs := $(shell mkdir -p $(OBJDIR) $(LIBDIR))
+
+opt: $(NIF_SHARED_OBJ_FILE)
 
 debug: opt
 
@@ -103,20 +98,12 @@ docs:
 # ----------------------------------------------------
 
 
-$(OBJ_FILES): $(C_FILES)
-	$(CC) -c $(CFLAGS) -o $(OBJ_FILES) $(C_FILES) 
-
-$(SHARED_OBJ_FILES): $(OBJ_FILES)
-	$(LD) $(LDFLAGS) $(LD_INCL_EI) -o $(SHARED_OBJ_FILES) $(OBJ_FILES) $(LD_EI) $(CLIB_FLAGS) $(LIBS) 
-
-$(LIBDIR):
-	-mkdir -p $(LIBDIR)
-
-$(OBJDIR):
-	-mkdir -p $(OBJDIR)
+$(OBJDIR)/%.o: %.c
+	$(CC) -c $(CFLAGS) -O3 -o $@ $<
 
+$(NIF_SHARED_OBJ_FILE): $(NIF_OBJ_FILES)
+	$(LD) $(LDFLAGS) -o $(NIF_SHARED_OBJ_FILE) $(NIF_OBJ_FILES) $(CLIB_FLAGS) $(LIBS)
 
- 
 # ----------------------------------------------------
 # Release Target
 # ----------------------------------------------------
@@ -124,9 +111,9 @@ include $(ERL_TOP)/make/otp_release_targets.mk
 
 release_spec: opt
 	$(INSTALL_DIR) $(RELSYSDIR)/priv/lib
-	$(INSTALL_PROGRAM) $(SHARED_OBJ_FILES) $(RELSYSDIR)/priv/lib
+	$(INSTALL_PROGRAM) $(NIF_SHARED_OBJ_FILE) $(RELSYSDIR)/priv/lib
 	$(INSTALL_DIR) $(RELSYSDIR)/c_src
-	$(INSTALL_DATA) $(C_FILES) $(RELSYSDIR)/c_src
+	$(INSTALL_DATA) *.c $(RELSYSDIR)/c_src
 
 release_docs_spec:
 
diff --git a/lib/asn1/c_src/asn1_erl_driver.c b/lib/asn1/c_src/asn1_erl_driver.c
deleted file mode 100644
index 18d4157941..0000000000
--- a/lib/asn1/c_src/asn1_erl_driver.c
+++ /dev/null
@@ -1,1677 +0,0 @@
-/*
- * %CopyrightBegin%
- *
- * Copyright Ericsson AB 2002-2011. All Rights Reserved.
- *
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * %CopyrightEnd%
- *
- */
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include "erl_driver.h"
-#include "ei.h"
-
-
-/* #define ASN1_DEBUG 1 */
-
-#define ASN1_OK 0
-#define ASN1_ERROR -1
-#define ASN1_COMPL_ERROR 1
-#define ASN1_MEMORY_ERROR 0
-#define ASN1_DECODE_ERROR 2
-#define ASN1_TAG_ERROR -3
-#define ASN1_LEN_ERROR -4
-#define ASN1_INDEF_LEN_ERROR -5
-#define ASN1_VALUE_ERROR -6
-
-
-#define ASN1_CLASS 0xc0
-#define ASN1_FORM 0x20
-#define ASN1_CLASSFORM (ASN1_CLASS | ASN1_FORM)
-#define ASN1_TAG 0x1f
-#define ASN1_LONG_TAG 0x7f
-
-#define ASN1_INDEFINITE_LENGTH 0x80
-#define ASN1_SHORT_DEFINITE_LENGTH 0
-
-#define ASN1_PRIMITIVE 0
-#define ASN1_CONSTRUCTED 0x20
-
-#define ASN1_COMPLETE 1
-#define ASN1_BER_TLV_DECODE 2
-#define ASN1_BER_TLV_PARTIAL_DECODE 3
-
-#define ASN1_NOVALUE 0
-
-#define ASN1_SKIPPED 0
-#define ASN1_OPTIONAL 1
-#define ASN1_CHOOSEN 2
-
-
-#define CEIL(X,Y) ((X-1) / Y + 1)
-
-#define INVMASK(X,M) (X & (M ^ 0xff))
-#define MASK(X,M) (X & M)
-
-typedef struct {
-  ErlDrvPort port;
-  int buffer_size;
-} asn1_data;
-
-/* int min_alloc_bytes; */
-
-
-static ErlDrvData asn1_drv_start(ErlDrvPort, char *);
-
-static void asn1_drv_stop(ErlDrvData);
-
-int asn1_drv_control(ErlDrvData, unsigned int, char *, int, char **, int);
-
-int complete(ErlDrvBinary **,unsigned char *,unsigned char *, int);
-
-int insert_octets(int, unsigned char **, unsigned char **, int *);
-
-int insert_octets_except_unused(int, unsigned char **, unsigned char **,
-				int *, int);
-
-int insert_octets_as_bits_exact_len(int, int, unsigned char **,
-				    unsigned char **, int *);
-
-int insert_octets_as_bits(int, unsigned char **, unsigned char **,int *);
-
-int pad_bits(int, unsigned char **, int *);
-
-int insert_least_sign_bits(int, unsigned char, unsigned char **, int *);
-
-int insert_most_sign_bits(int, unsigned char, unsigned char **, int *);
-
-int insert_bits_as_bits(int, int, unsigned char **, unsigned char **, int *);
-
-int insert_octets_unaligned(int, unsigned char **, unsigned char **, int);
-
-int realloc_decode_buf(ErlDrvBinary **,int);
-
-int realloc_memory(ErlDrvBinary **,int,unsigned char **,unsigned char **);
-
-int decode_begin(ErlDrvBinary **,unsigned char *, int, unsigned int *);
-
-int decode(ErlDrvBinary **,int *,unsigned char *,int *, int);
-
-int decode_tag(char *,int *,unsigned char *,int,int *);
-
-int decode_value(int *,unsigned char *,int *,ErlDrvBinary **,int ,int);
-
-
-/* declaration of functions used for partial decode of a BER encoded
-   message */
-
-int decode_partial(ErlDrvBinary **,unsigned char *, int);
-
-int skip_tag(unsigned char *,int *,int);
-
-int skip_length_and_value(unsigned char *,int *,int);
-
-int get_tag(unsigned char *,int *,int);
-
-int get_length(unsigned char *,int *,int *,int);
-
-int get_value(char *,unsigned char *,int *,int);
-
-static ErlDrvEntry asn1_drv_entry = {
-  NULL,              /* init, always NULL for dynamic drivers */
-  asn1_drv_start,    /* start, called when port is opened */
-  asn1_drv_stop,     /* stop, called when port is closed */
-  NULL,              /* output, called when erlang has sent */
-  NULL,              /* ready_input, called when input descriptor ready */
-  NULL,              /* ready_output, called when output descriptor ready */
-  "asn1_erl_drv",    /* char *driver_name, the argument to open_port */
-  NULL,              /* finish, called when unloaded */
-  NULL,              /* void * that is not used (BC) */
-  asn1_drv_control,  /* control, port_control callback */
-  NULL,              /* timeout, called on timeouts */
-  NULL,              /* outputv, vector output interface */
-  
-  NULL,              /* ready_async */
-  NULL,              /* flush */
-  NULL,              /* call */
-  NULL,              /* event */
-  ERL_DRV_EXTENDED_MARKER,
-  ERL_DRV_EXTENDED_MAJOR_VERSION,
-  ERL_DRV_EXTENDED_MINOR_VERSION,
-  ERL_DRV_FLAG_USE_PORT_LOCKING,
-  NULL,              /* handle2 */
-  NULL               /* process_exit */
-};    
-
-
-
-DRIVER_INIT(asn1_erl_drv) /* must match name in driver_entry */
-{
-  return &asn1_drv_entry;
-}
-
-static ErlDrvData asn1_drv_start(ErlDrvPort port, char *buff)
-{
-  /* extern int min_alloc_bytes; */
-  char  *ptr;
-  asn1_data* d;
-
-  d = (asn1_data*)driver_alloc(sizeof(asn1_data));
-  set_port_control_flags(port, PORT_CONTROL_FLAG_BINARY);
-  d->port = port;
-  
-  if ((ptr = getenv("ASN1_MIN_BUF_SIZE")) == NULL)
-    d->buffer_size = 1024;
-  else
-    d->buffer_size = atoi(ptr);
-  return (ErlDrvData)d;
-}
-
-
-static void asn1_drv_stop(ErlDrvData handle)
-{
-  driver_free((char*)handle);
-}
-
-
-
-int asn1_drv_control(ErlDrvData   handle, 
-		     unsigned int command, 
-		     char         *buf,
-		     int          buf_len,
-		     char       **res_buf,
-		     int          res_buf_len) 
-{
-  unsigned char *complete_buf;
-  int complete_len, decode_len;
-  ErlDrvBinary *drv_binary;
-  ErlDrvBinary **drv_bin_ptr;
-  asn1_data* a_data;
-  int min_alloc_bytes;
-  unsigned int err_pos = 0; /* in case of error, return last correct position */
-  int ret_err; /* return value in case of error in TLV decode, i.e. length of list in res_buf */
-
-  /* In case previous call to asn1_drv_control resulted in a change of
-     return value from binary to integer list */
-  a_data = (asn1_data *)handle;
-  min_alloc_bytes = a_data->buffer_size; 
-  set_port_control_flags(a_data->port, PORT_CONTROL_FLAG_BINARY);
-
-  if (command == ASN1_COMPLETE)
-    { 
-      if (buf_len==0) {
-	  return 0; /* Avoid binary buffer overwrite (OTP-8451) */
-      }
-      /* Do the PER complete encode step */
-      if ((drv_binary = driver_alloc_binary(buf_len))==NULL) {
-	/* error handling */
-	set_port_control_flags(a_data->port, 0);
-	return ASN1_MEMORY_ERROR;
-      }
-      complete_buf = (unsigned char*) drv_binary->orig_bytes;
-      if ((complete_len = complete(&drv_binary,complete_buf,(unsigned char*) buf,buf_len)) == ASN1_ERROR)
-	{
-	  /* error handling due to failure in complete */
-	  /*       printf("error when running complete\n\r"); */
-	  driver_free_binary(drv_binary);
-	  set_port_control_flags(a_data->port, 0);
-	  **res_buf = '1';
-	  return ASN1_COMPL_ERROR;
-	}
-      /* printf("complete_len=%dbuf_len=%d,orig_size=%d\n\r",complete_len,buf_len,drv_binary->orig_size); */
-      /* now the message is complete packed, return to Erlang */
-      /*      if (complete_len < buf_len) {*/
-      if (complete_len < drv_binary->orig_size) {	
-	ErlDrvBinary *tmp;
-	if ((tmp=driver_realloc_binary(drv_binary,complete_len)) == NULL){
-	  /*error handling due to memory allocation failure */
-	  driver_free_binary(drv_binary);
-	  set_port_control_flags(a_data->port, 0);
-	  return ASN1_MEMORY_ERROR;
-	}else
-	  drv_binary=tmp;
-      }
-      *res_buf = (char *)drv_binary;
-      return complete_len;
-    } else if (command == ASN1_BER_TLV_DECODE) { /* control == 2 */
-      /* Do the tlv decode,
-	 return the resulting term encoded on the Erlang 
-	 external format */
-/*       printf("driver: buffer_len = %d, min_alloc_bytes = %d\r\n",buf_len,min_alloc_bytes); */
-      if ((drv_binary = driver_alloc_binary((buf_len*5)+min_alloc_bytes))==NULL) {
-	/* error handling */
-	set_port_control_flags(a_data->port, 0);
-	return ASN1_MEMORY_ERROR;
-      }
-      drv_bin_ptr = &drv_binary;
-      if ((decode_len = decode_begin(drv_bin_ptr,(unsigned char*)buf,buf_len,&err_pos)) <= ASN1_ERROR)
-	{
-	  /* error handling due to failure in decode  */
- 	  char tmp_res_buf[5];
-	  driver_free_binary(*drv_bin_ptr);
-	  set_port_control_flags(a_data->port, 0);
-	  
-	  if(decode_len==ASN1_ERROR)
- 	    tmp_res_buf[0]='1';
-	  else if(decode_len==ASN1_TAG_ERROR)
- 	    tmp_res_buf[0]='2';
-	  else if(decode_len==ASN1_LEN_ERROR)
- 	    tmp_res_buf[0]='3';
-	  else if(decode_len==ASN1_INDEF_LEN_ERROR)
- 	    tmp_res_buf[0]='4';
-	  else if(decode_len==ASN1_VALUE_ERROR)
-	    tmp_res_buf[0]='5';
-/* 	  printf("err_pos=%d\r\n",err_pos); */
-/* 	  printf("decode_len:%d\r\n",decode_len); */
-	  ret_err = 1;
-	  while(err_pos>0){
-	    tmp_res_buf[ret_err] =(char)err_pos;/* c;*/
-	    err_pos = err_pos >> 8;
-	    ret_err++;
-	  }
- 	  strncpy(*res_buf,tmp_res_buf,ret_err);
-	  return ret_err;
-	}
-/*       printf("decode_len=%d\r\n",decode_len); */
-      if (decode_len < ((buf_len * 5) + min_alloc_bytes)) {
-	/* not all memory was used => we have to reallocate */
-	ErlDrvBinary *tmp;
-	if ((tmp=driver_realloc_binary(*drv_bin_ptr,decode_len)) == NULL){
-	  /*error handling due to memory allocation failure */
-	  driver_free_binary(*drv_bin_ptr);
-	  set_port_control_flags(a_data->port, 0);
-	  return ASN1_MEMORY_ERROR;
-	}else
-	  *drv_bin_ptr=tmp;
-      }
-      *res_buf = (char *)(*drv_bin_ptr);
-      return decode_len;
-    } else { /*command == ASN1_BER_TLV_PARTIAL_DECODE */
-      if ((drv_binary = driver_alloc_binary(buf_len))==NULL) {
-	/* error handling */
-	set_port_control_flags(a_data->port, 0);
-	return ASN1_MEMORY_ERROR;
-      }
-      drv_bin_ptr = &drv_binary;
-      if ((decode_len = decode_partial(drv_bin_ptr,(unsigned char*)buf,buf_len))
-	  <= ASN1_ERROR) {
-	/* error handling due to failure in decode  */
-	driver_free_binary(*drv_bin_ptr);
-	set_port_control_flags(a_data->port, 0);
-	
-/* 	printf("asn1_drv_control 1: decode_len=%d\r\n",decode_len); */
-	  
-	if(decode_len==ASN1_ERROR)
-	  **res_buf = '1';
-	return ASN1_DECODE_ERROR;
-      }
-      if (decode_len < buf_len) { 
-	/* not all memory was used => we have to reallocate */
-	ErlDrvBinary *tmp;
-/* 	printf("asn1_drv_control 2: decode_len=%d\r\n",decode_len); */
-	if ((tmp=driver_realloc_binary(*drv_bin_ptr,decode_len)) == NULL){
-	  /*error handling due to memory allocation failure */
-	  driver_free_binary(*drv_bin_ptr);
-	  set_port_control_flags(a_data->port, 0);
-	  return ASN1_MEMORY_ERROR;
-	}else
-	  *drv_bin_ptr=tmp;
-      }
-      *res_buf = (char *)(*drv_bin_ptr);
-      return decode_len;
-    }
-}
-
-
-
-/*
- * 
- * This section defines functionality for the complete encode of a
- * PER encoded message
- *
- */
-
-int complete(ErlDrvBinary **drv_binary,unsigned char *complete_buf,
-	     unsigned char *in_buf, int in_buf_len)
-{
-  int counter = in_buf_len;
-  /* counter keeps track of number of bytes left in the
-     input buffer */
-
-  int buf_space = in_buf_len;
-  /* This is the amount of allocated space left of the complete_buf. It
-     is possible when padding is applied that more space is needed than
-     was originally allocated. */
-
-  int buf_size = in_buf_len;
-  /* Size of the buffer. May become reallocated and thus other than 
-     in_buf_len */
-
-  unsigned char *in_ptr, *ptr;
-  /* in_ptr points at the next byte in in_buf to be moved to
-     complete_buf.
-     ptr points into the new completed buffer, complete_buf, at the
-     position of the next byte that will be set */
-  int unused =  8;
-  /* unused = [1,...,8] indicates how many of the rigthmost bits of 
-     the byte that ptr points at that are unassigned */
-
-  int no_bits,no_bytes,in_unused,desired_len,ret, saved_mem, needed, pad_bits;
-
-  unsigned char val;
-  
-  in_ptr = in_buf;
-  ptr = complete_buf;
-  *ptr = 0x00;
-  while(counter > 0) {
-    counter--;
-/*     printf("*in_ptr = %d\n\r",*in_ptr); */
-    switch (*in_ptr) {
-    case 0: 
-      /* just one zero-bit should be added to the buffer */
-      if(unused == 1){
-	unused = 8;
-	*++ptr = 0x00;
-	buf_space--;
-      } else 
-	unused--;
-      break;
-
-    case 1:
-      /* one one-bit should be added to the buffer */
-      if(unused == 1){
-	*ptr = *ptr | 1;
-	unused = 8;
-	*++ptr = 0x00;
-	buf_space--;
-      } else {
-	*ptr = *ptr | (1 << (unused - 1));
-	unused--;
-      }
-      break;
-
-    case 2:
-      /* align buffer to end of byte */
-      if (unused != 8) {
-	*++ptr = 0x00;
-	buf_space--;
-	unused = 8;
-      }
-      break;
-
-    case 10:
-      /* next byte in in_buf tells how many bits in the second next
-	 byte that will be used */
-      /* The leftmost unused bits in the value byte are supposed to be
-	 zero bits */
-      no_bits =  (int)*(++in_ptr);
-      val = *(++in_ptr);
-      counter -= 2;
-      if ((ret=insert_least_sign_bits(no_bits,val,&ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-
-    case 20:
-      /* in this case the next value in_ptr points at holds the number
-	 of following bytes that holds the value that will be inserted
-	 in the completed buffer */
-      no_bytes = (int)*(++in_ptr);
-      counter -= (no_bytes + 1);
-      if ((counter<0) || 
-	  (ret=insert_octets(no_bytes,&in_ptr,&ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-
-    case 21:
-      /* in this case the next two bytes in_ptr points at holds the number
-	 of following bytes that holds the value that will be inserted
-	 in the completed buffer */
-      no_bytes = (int)*(++in_ptr);
-      no_bytes = no_bytes << 8;
-      no_bytes = no_bytes | (int)*(++in_ptr);
-      counter -= (2 + no_bytes);
-      if ((counter<0) || 
-	  (ret=insert_octets(no_bytes,&in_ptr,&ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-
-    case 30:
-      /* If we call the following bytes, in the buffer in_ptr points at,
-	 By1,By2,Rest then Rest is the value that will be transfered to
-	 the completed buffer. By1 tells how many of the rightmost bits in 
-	 Rest that should not be used. By2 is the length of Rest in bytes.*/
-      in_unused = (int)*(++in_ptr);
-      no_bytes = (int)*(++in_ptr);
-      counter -= (2 + no_bytes);
-/*        printf("%d: case 30: in_unused=%d, no_bytes=%d,counter=%d\n\r",__LINE__,in_unused,no_bytes,counter); */
-      ret = -4711;
-      if ((counter<0) || 
-	  (ret=insert_octets_except_unused(no_bytes,&in_ptr,&ptr,&unused,in_unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-/*        printf("%d: ret=%d\n\r",__LINE__, ret); */
-      buf_space -= ret;
-      break;
-
-    case 31:
-      /* If we call the following bytes, in the buffer in_ptr points at,
-	 By1,By2,By3,Rest then Rest is the value that will be transfered to
-	 the completed buffer. By1 tells how many of the rightmost bits in 
-	 Rest that should not be used. By2 and By3 is the length of 
-	 Rest in bytes.*/
-      in_unused = (int)*(++in_ptr);
-      no_bytes = (int)*(++in_ptr);
-      no_bytes = no_bytes << 8;
-      no_bytes = no_bytes | (int)*(++in_ptr);
-      counter -= (3 + no_bytes);
-      if ((counter<0) || 
-	  (ret=insert_octets_except_unused(no_bytes,&in_ptr,&ptr,&unused,in_unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-
-    case 40:
-      /* This case implies that next byte,By1,(..,By1,By2,Bin,...)
-	 is the desired length of the completed value, maybe needs 
-	 padding zero bits or removal of trailing zero bits from Bin.
-	 By2 is the length of Bin and Bin is the value that will be 
-	 put into the completed buffer. Each byte in Bin has the value
-	 1 or 0.*/
-      desired_len = (int)*(++in_ptr);
-      no_bytes=(int)*(++in_ptr);
- 
-      /* This is the algorithm for need of memory reallocation:
-	 Only when padding (cases 40 - 43,45 - 47) more memory may be
-	 used than allocated. Therefore one has to keep track of how
-	 much of the allocated memory that has been saved, i.e. the 
-	 difference between the number of parsed bytes of the input buffer
-	 and the number of used bytes of the output buffer. 
-	 If saved memory is less than needed for the padding then we
-	 need more memory. */
-      saved_mem = buf_space - counter;
-      pad_bits = desired_len - no_bytes - unused;
-      needed = (pad_bits > 0) ? CEIL(pad_bits,8) : 0;
-      if (saved_mem < needed) {
-	/* Have to allocate more memory */
-	buf_size += needed;
-	buf_space += needed;
-	if (realloc_memory(drv_binary,buf_size,&ptr,
-			   &complete_buf) == ASN1_ERROR)
-	  return ASN1_ERROR;
-      }
-
-      counter -= (2 + no_bytes);
-     if ((counter<0) || 
-	  (ret=insert_octets_as_bits_exact_len(desired_len,no_bytes,&in_ptr,
-					       &ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-      
-    case 41:
-      /* Same as case 40 apart from By2, the length of Bin, which is in 
-	 two bytes*/
-      desired_len = (int)*(++in_ptr);
-      no_bytes=(int)*(++in_ptr);
-      no_bytes = no_bytes << 8;
-      no_bytes = no_bytes | (int)*(++in_ptr);
-
-      saved_mem = buf_space - counter;
-      needed = CEIL((desired_len-unused),8) - no_bytes;
-      if (saved_mem < needed) {
-	/* Have to allocate more memory */
-	buf_size += needed;
-	buf_space += needed;
-	if (realloc_memory(drv_binary,buf_size,&ptr,
-			   &complete_buf) == ASN1_ERROR)
-	  return ASN1_ERROR;
-      }
-
-      counter -= (3 + no_bytes);
-      if ((counter<0) || 
-	  (ret=insert_octets_as_bits_exact_len(desired_len,no_bytes,&in_ptr,
-					       &ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-      
-    case 42:
-      /* Same as case 40 apart from By1, the desired length, which is in 
-	 two bytes*/
-      desired_len = (int)*(++in_ptr);
-      desired_len = desired_len << 8;
-      desired_len = desired_len | (int)*(++in_ptr);
-      no_bytes=(int)*(++in_ptr);
-
-      saved_mem = buf_space - counter;
-      needed = CEIL((desired_len-unused),8) - no_bytes;
-      if (saved_mem < needed) {
-	/* Have to allocate more memory */
-	buf_size += needed;
-	buf_space += needed;
-	if (realloc_memory(drv_binary,buf_size,&ptr,
-			   &complete_buf) == ASN1_ERROR)
-	  return ASN1_ERROR;
-      }
-
-      counter -= (3 + no_bytes);
-      if ((counter<0) || 
-	  (ret=insert_octets_as_bits_exact_len(desired_len,no_bytes,&in_ptr,
-					       &ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-      
-    case 43:
-      /* Same as case 40 apart from By1 and By2, the desired length and
-	 the length of Bin, which are in two bytes each. */
-      desired_len = (int)*(++in_ptr);
-      desired_len = desired_len << 8;
-      desired_len = desired_len | (int)*(++in_ptr);
-      no_bytes=(int)*(++in_ptr);
-      no_bytes = no_bytes << 8;
-      no_bytes = no_bytes | (int)*(++in_ptr);
-
-      saved_mem = buf_space - counter;
-      needed = CEIL((desired_len-unused),8) - no_bytes;
-      if (saved_mem < needed) {
-	/* Have to allocate more memory */
-	buf_size += needed;
-	buf_space += needed;
-	if (realloc_memory(drv_binary,buf_size,&ptr,
-			   &complete_buf) == ASN1_ERROR)
-	  return ASN1_ERROR;
-      }
-
-      counter -= (4 + no_bytes);
-      if ((counter<0) || 
-	  (ret=insert_octets_as_bits_exact_len(desired_len,no_bytes,&in_ptr,
-					       &ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-      
-    case 45:
-      /* This case assumes that the following bytes in the incoming buffer
-	 (called By1,By2,Bin) is By1, which is the number of bits (n) that 
-	 will be inserted in the completed buffer. By2 is the number of
-	 bytes in Bin. Each bit in the buffer Bin should be inserted from
-	 the leftmost until the nth.*/
-      desired_len = (int)*(++in_ptr);
-      no_bytes=(int)*(++in_ptr);
- 
-      saved_mem = buf_space - counter;
-      needed = CEIL((desired_len-unused),8) - no_bytes;
-/*       printf("buf_space=%d, counter=%d, needed=%d",buf_space,counter,needed);  */
-      if (saved_mem < needed) {
-	/* Have to allocate more memory */
-	buf_size += needed;
-	buf_space += needed;
-	if (realloc_memory(drv_binary,buf_size,&ptr,
-			   &complete_buf) == ASN1_ERROR)
-	  return ASN1_ERROR;
-      }
-
-      counter -= (2 + no_bytes);
-/*       printf("calling insert_bits_as_bits: desired_len=%d, no_bytes=%d\n\r",desired_len,no_bytes); */
-/*       printf("1in_ptr=%d\n\r",in_ptr); */
-
-      if((counter<0) || 
-	 (ret=insert_bits_as_bits(desired_len,no_bytes,&in_ptr,
-				  &ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-/*       printf("2in_ptr=%d, ptr=%d, complete_buf=%d\n\r",in_ptr,ptr,complete_buf); */
-/*       printf("buf_space=%d, ret=%d, counter=%d\n\r",buf_space,ret,counter); */
-      buf_space -= ret;
-      break;
-      
-    case 46:
-      /* Same as case 45 apart from By1, the desired length, which is
-	 in two bytes. */
-      desired_len = (int)*(++in_ptr);
-      desired_len = desired_len << 8;
-      desired_len = desired_len | (int)*(++in_ptr);
-      no_bytes=(int)*(++in_ptr);
- 
-      saved_mem = buf_space - counter;
-      needed = CEIL((desired_len-unused),8) - no_bytes;
-      if (saved_mem < needed) {
-	/* Have to allocate more memory */
-	buf_size += needed;
-	buf_space += needed;
-	if (realloc_memory(drv_binary,buf_size,&ptr,
-			   &complete_buf) == ASN1_ERROR)
-	  return ASN1_ERROR;
-      }
-
-      counter -= (3 + no_bytes);
-      if((counter<0) || 
-	 (ret=insert_bits_as_bits(desired_len,no_bytes,&in_ptr,
-				  &ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-      
-    case 47:
-      /* Same as case 45 apart from By1 and By2, the desired length
-	 and the length of Bin, which are in two bytes each. */
-      desired_len = (int)*(++in_ptr);
-      desired_len = desired_len << 8;
-      desired_len = desired_len | (int)*(++in_ptr);
-      no_bytes=(int)*(++in_ptr);
-      no_bytes = no_bytes << 8;
-      no_bytes = no_bytes | (int)*(++in_ptr);
- 
-      saved_mem = buf_space - counter;
-      needed = CEIL((desired_len-unused),8) - no_bytes;
-      if (saved_mem < needed) {
-	/* Have to allocate more memory */
-	buf_size += needed;
-	buf_space += needed;
-	if (realloc_memory(drv_binary,buf_size,&ptr,
-			   &complete_buf) == ASN1_ERROR)
-	  return ASN1_ERROR;
-      }
-
-      counter -= (4 + no_bytes);
-      if((counter<0) || 
-	 (ret=insert_bits_as_bits(desired_len,no_bytes,&in_ptr,
-				  &ptr,&unused)) == ASN1_ERROR)
-	return ASN1_ERROR;
-      buf_space -= ret;
-      break;
-      
-    default:
-      return ASN1_ERROR;
-    }
-    in_ptr++;
-  }
-  /* The returned buffer must be at least one byte and
-     it must be octet aligned */
-  if ((unused == 8) && (ptr != complete_buf)) 
-    return (ptr - complete_buf);
-  else {
-    ptr++; /* octet align buffer */
-    return (ptr - complete_buf);
-  }
-}
-
-
-int realloc_memory(ErlDrvBinary **drv_binary,
-		   int amount,
-		   unsigned char **ptr,
-		   unsigned char **complete_buf) {
-
-  ErlDrvBinary *tmp_bin;
-  int i;
-
-/*   printf("realloc_momory: amount = %d\n",amount); */
-  if ((tmp_bin=driver_realloc_binary(*drv_binary,amount)) == NULL) {
-    /*error handling due to memory allocation failure */
-/*     printf("error when allocating memory\n"); */
-    return ASN1_ERROR;
-  }else {
-    i = *ptr - *complete_buf;
-    *drv_binary=tmp_bin;
-    *complete_buf = (unsigned char*)(*drv_binary)->orig_bytes;
-    *ptr = *complete_buf + i;
-  }
-  return ASN1_OK;
-}
-
-
-int insert_most_sign_bits(int no_bits,
-			  unsigned char val,
-			  unsigned char **output_ptr,
-			  int *unused) {
-  unsigned char *ptr = *output_ptr;
-  
-  if (no_bits < *unused){
-    *ptr = *ptr | (val >> (8 - *unused));
-    *unused -= no_bits;
-  } else if (no_bits == *unused) {
-    *ptr = *ptr | (val >> (8 - *unused));
-    *unused = 8;
-    *++ptr = 0x00;
-  } else {
-    *ptr = *ptr | (val >> (8 - *unused));
-    *++ptr = 0x00;
-    *ptr = *ptr | (val << *unused);
-    *unused = 8 - (no_bits - *unused);
-  }
-  *output_ptr = ptr;
-  return ASN1_OK;
-}
-
-
-int insert_least_sign_bits(int no_bits,
-			   unsigned char val,
-			   unsigned char **output_ptr,
-			   int *unused) {
-  unsigned char *ptr = *output_ptr;
-  int ret = 0;
-
-  if (no_bits < *unused){
-    *ptr = *ptr | (val << (*unused - no_bits));
-    *unused -= no_bits;
-  } else if (no_bits == *unused){
-    *ptr = *ptr | val;
-    *unused = 8;
-    *++ptr = 0x00;
-    ret++;
-  } else {
-    /* first in the begun byte in the completed buffer insert 
-       so many bits that fit, then insert the rest in next byte.*/
-    *ptr = *ptr | (val >> (no_bits - *unused));
-    *++ptr = 0x00;
-    ret++;
-    *ptr = *ptr | (val << (8 - (no_bits - *unused)));
-    *unused = 8 - (no_bits - *unused);
-  }
-  *output_ptr = ptr;
-  return ret;
-}
-
-/* pad_bits adds no_bits bits in the buffer that output_ptr 
-   points at.
- */
-int pad_bits(int no_bits, unsigned char **output_ptr, int *unused) 
-  {
-    unsigned char *ptr = *output_ptr;
-    int ret = 0;
-    
-    while (no_bits > 0) {
-      if(*unused == 1){
-	*unused = 8;
-	*++ptr = 0x00;
-	ret++;
-      } else 
-	(*unused)--;
-      no_bits--;
-    }
-    *output_ptr = ptr;
-    return ret;
-  }
-
-
-/* insert_bits_as_bits removes no_bytes bytes from the buffer that in_ptr
-   points at and takes the desired_no leftmost bits from those removed
-   bytes and inserts them in the buffer(output buffer) that ptr points at.
-   The unused parameter tells how many bits that are not set in the 
-   actual byte in the output buffer. If desired_no is more bits than the
-   input buffer has in no_bytes bytes, then zero bits is padded.*/
-int insert_bits_as_bits(int desired_no,
-			int no_bytes,
-			unsigned char **input_ptr,
-			unsigned char **output_ptr,
-			int *unused)
-{
-  unsigned char *in_ptr = *input_ptr;
-  unsigned char val;
-  int no_bits, ret, ret2;
-
-  if (desired_no == (no_bytes * 8)) {
-    if(insert_octets_unaligned(no_bytes,&in_ptr,output_ptr,*unused)
-       == ASN1_ERROR)
-      return ASN1_ERROR;
-    ret = no_bytes;
-  }
-  else if (desired_no < (no_bytes * 8)) {
-/*     printf("insert_bits_as_bits 1\n\r"); */
-    if(insert_octets_unaligned(desired_no/8,&in_ptr,output_ptr,*unused)
-       == ASN1_ERROR)
-      return ASN1_ERROR;
-/*     printf("insert_bits_as_bits 2\n\r"); */
-    val = *++in_ptr;
-/*     printf("val = %d\n\r",(int)val); */
-    no_bits = desired_no % 8;
-/*     printf("no_bits = %d\n\r",no_bits); */
-    insert_most_sign_bits(no_bits,val,output_ptr,unused);
-    ret = CEIL(desired_no,8);
-  }
-  else {
-    if(insert_octets_unaligned(no_bytes,&in_ptr,output_ptr,*unused) 
-       == ASN1_ERROR)
-      return ASN1_ERROR;
-    ret2 = pad_bits(desired_no - (no_bytes * 8),output_ptr,unused);
-/*     printf("ret2 = %d\n\r",ret2); */
-    ret = CEIL(desired_no,8);
-/*     printf("ret = %d\n\r",ret); */
-  }
-/*   printf("*unused = %d\n\r",*unused); */
-  *input_ptr = in_ptr;
-  return ret;
-}
-
-
-/* insert_octets_as_bits_exact_len */
-int
-insert_octets_as_bits_exact_len(int desired_len,
-				int in_buff_len,
-				unsigned char **in_ptr,
-				unsigned char **ptr,
-				int *unused)
-{
-  int ret = 0;
-  int ret2 = 0;
-
-  if (desired_len == in_buff_len) {
-    if ((ret = insert_octets_as_bits(in_buff_len,in_ptr,ptr,unused)) == ASN1_ERROR)
-      return ASN1_ERROR;
-  }
-  else if(desired_len > in_buff_len) {
-    if((ret = insert_octets_as_bits(in_buff_len,in_ptr,ptr,unused)) == ASN1_ERROR)
-      return ASN1_ERROR;
-    /* now pad with zero bits */
-/*     printf("~npad_bits: called with %d bits padding~n~n~r",desired_len - in_buff_len); */
-    if ((ret2=pad_bits(desired_len - in_buff_len,ptr,unused)) == ASN1_ERROR)
-      return ASN1_ERROR;
-  }
-  else {/* desired_len < no_bits */
-    if ((ret=insert_octets_as_bits(desired_len,in_ptr,ptr,unused)) == ASN1_ERROR)
-      return ASN1_ERROR;
-    /* now remove no_bits - desired_len bytes from in buffer */
-    *in_ptr += (in_buff_len - desired_len);
-  }
-  return (ret+ret2);
-}
-
-
-
-/* insert_octets_as_bits takes no_bytes bytes from the buffer that input_ptr
-   points at and inserts the least significant bit of it in the buffer that
-   output_ptr points at. Each byte in the input buffer must be 1 or 0
-   otherwise the function returns ASN1_ERROR. The output buffer is concatenated
-   without alignment.
- */
-int insert_octets_as_bits(int no_bytes,
-			  unsigned char **input_ptr,
-			  unsigned char **output_ptr,
-			  int *unused)
-{
-  unsigned char *in_ptr = *input_ptr;
-  unsigned char *ptr = *output_ptr;
-  int used_bits = 8 - *unused;
-
-  while (no_bytes > 0) {
-    switch (*++in_ptr) {
-    case 0:
-      if(*unused == 1){
-	*unused = 8;
-	*++ptr = 0x00;
-      } else 
-	(*unused)--;
-      break;
-    case 1:
-      if(*unused == 1){
-	*ptr = *ptr | 1;
-	*unused = 8;
-	*++ptr = 0x00;
-      } else {
-	*ptr = *ptr | (1 << (*unused - 1));
-	(*unused)--;
-      }
-      break;
-    default:
-      return ASN1_ERROR;
-    }
-    no_bytes--;
-  }
-  *input_ptr = in_ptr;
-  *output_ptr = ptr;
-  return ((used_bits+no_bytes) / 8); /*return number of new bytes
-				      in completed buffer */
-}
-
-/* insert_octets inserts bytes from the input buffer, *input_ptr,
-   into the output buffer, *output_ptr. Before the first byte is
-   inserted the input buffer is aligned.
- */
-int insert_octets(int no_bytes,
-		  unsigned char **input_ptr,
-		  unsigned char **output_ptr,
-		  int *unused)
-{
-    unsigned char *in_ptr = *input_ptr;
-    unsigned char *ptr = *output_ptr;
-    int ret = 0;
-      
-    if (*unused != 8) {/* must align before octets are added */
-      *++ptr = 0x00;
-      ret++;
-      *unused = 8;
-    }
-    while(no_bytes > 0) {
-      *ptr = *(++in_ptr);
-      *++ptr = 0x00;
-      /*      *unused = *unused - 1; */
-      no_bytes--;
-    }
-  *input_ptr = in_ptr;
-  *output_ptr = ptr;
-  return (ret + no_bytes);
-}
-
-/* insert_octets_unaligned inserts bytes from the input buffer, *input_ptr,
-   into the output buffer, *output_ptr.No alignment is done.
- */
-int insert_octets_unaligned(int no_bytes,
-			    unsigned char **input_ptr,
-			    unsigned char **output_ptr,
-			    int unused)
-{
-  unsigned char *in_ptr = *input_ptr;
-  unsigned char *ptr = *output_ptr;
-  int n = no_bytes;
-  unsigned char val;
-  
-  while (n > 0) {
-    if (unused == 8) {
-      *ptr = *++in_ptr;
-      *++ptr = 0x00;
-    }else {
-      val = *++in_ptr;
-      *ptr =  *ptr | val >> (8 - unused);
-      *++ptr = 0x00;
-      *ptr = val << unused;
-    }
-    n--;
-  }
-  *input_ptr = in_ptr;
-  *output_ptr = ptr;
-  return no_bytes;
-}
-
-
-int insert_octets_except_unused(int no_bytes,
-				unsigned char **input_ptr,
-				unsigned char **output_ptr,
-				int *unused,
-				int in_unused)
-{
-  unsigned char *in_ptr = *input_ptr;
-  unsigned char *ptr = *output_ptr;
-  int val, no_bits;
-  int ret = 0;
-  
-  if (in_unused == 0){
-/*      printf("%d: insert_octets_except_unused: if\n\r",__LINE__); */
-    if ((ret = insert_octets_unaligned(no_bytes,&in_ptr,&ptr,
-				       *unused)) == ASN1_ERROR)
-      return ASN1_ERROR;
-  }
-    else {
-/*        printf("%d: insert_octets_except_unused: else\n\r",__LINE__); */
-      if ((ret=insert_octets_unaligned(no_bytes - 1,&in_ptr,&ptr,*unused)) != ASN1_ERROR) {
-	val = (int) *(++in_ptr);
-	no_bits = 8 - in_unused;
-	/* no_bits is always less than *unused since the buffer is
-	   octet aligned after insert:octets call, so the following
-	   if clasuse is obsolete I think */
-	if(no_bits < *unused){
-	  *ptr = *ptr | (val >> (8 - *unused));
-	  *unused = *unused - no_bits;
-	} else if (no_bits == *unused) {
-	  *ptr = *ptr | (val >> (8 - *unused));
-	  *++ptr = 0x00;
-	  ret++;
-	  *unused = 8;
-	} else {
-	  *ptr = *ptr | (val >> (8 - *unused));
-	  *++ptr = 0x00;
-	  ret++;
-	  *ptr = *ptr | (val << *unused);
-	  *unused = 8 - (no_bits - *unused);
-	}
-      } else
-	return ASN1_ERROR;
-    }
-  *input_ptr = in_ptr;
-  *output_ptr = ptr;
-/*    printf("%d: insert_octets_except_unused: ret=%d\n\r",__LINE__,ret); */
-  return ret;
-}
-
-
-
-/*
- * 
- * This section defines functionality for the partial decode of a
- * BER encoded message
- *
- */
-
-/*
- * int decode(ErlDrvBinary **drv_binary,unsigned char *decode_buf,
- *            unsigned char *in_buf, int in_buf_len) 
- * drv_binary is a pointer to a pointer to an allocated driver binary.
- * in_buf is a pointer into the buffer of incoming bytes.
- * in_buf_len is the length of the incoming buffer.
- * The function reads the bytes in the incoming buffer and structures
- * it in a nested way as Erlang terms. The buffer contains data in the
- * order tag - length - value. Tag, length and value has the following
- * format:
- * A tag is normally one byte but may be of any length, if the tag number
- * is greater than 30. +----------+
- *		       |CL|C|NNNNN|
- * 		       +----------+
- * If NNNNN is 31 then will the 7 l.s.b of each of the following tag number
- * bytes contain the tag number. Each tag number byte that is not the last one
- * has the m.s.b. set to 1.
- * The length can be short definite length (sdl), long definite length (ldl)
- * or indefinite length (il).
- * sdl: +---------+ the L bits is the length
- *	|0|LLLLLLL|
- *	+---------+
- * ldl:	+---------+ +---------+ +---------+     +-----------+
- *	|1|lllllll| |first len| |	  |     |the Nth len|
- *	+---------+ +---------+ +---------+ ... +-----------+
- *    	The first byte tells how many len octets will follow, max 127
- * il:  +---------+ +----------------------+ +--------+ +--------+
- *	|1|0000000| |content octets (Value)| |00000000| |00000000|
- *	+---------+ +----------------------+ +--------+ +--------+
- *	The value octets are preceded by one octet and followed by two 
- *	exactly as above. The value must be some tag-length-value encoding.
- *
- * The function returns a value in Erlnag term format:
- * {{TagNo,Value},Rest}
- * TagNo is an integer ((CL bsl 16) + tag number) which limits the tag number 
- * to 65535.
- * Value is a binary if the C bit in tag was unset, otherwise (if tag was
- * constructed) Value is a list, List.
- * List is like: [{TagNo,Value},{TagNo,Value},...]
- * Rest is a binary, i.e. the undecoded part of the buffer. Most often Rest
- * is the empty binary.
- * If some error occured during the decoding of the in_buf an error is returned.
- */
-int decode_begin(ErlDrvBinary **drv_binary,unsigned char *in_buf, int in_buf_len, unsigned int *err_pos)
-{
-  int maybe_ret;
-  char *decode_buf = (*drv_binary)->orig_bytes;
-  int ei_index = 0;
-  int ib_index = 0;
-  /* ei_index is the index used by the ei functions to encode an
-     Erlang term into the buffer decode_buf */
-  /* ib_index is the index were to read the next byte from in_buf */
-
-
-#ifdef ASN1_DEBUG
-    printf("decode_begin1: ei_index=%d, ib_index=%d\n\r",ei_index,ib_index);
-#endif
-  /* the first byte must be a "version magic" */
-  if(ei_encode_version(decode_buf,&ei_index) == ASN1_ERROR)
-    return ASN1_ERROR;		/* 1 byte */
-#ifdef ASN1_DEBUG
-    printf("decode_begin2: ei_index=%d, ib_index=%d\n\r",ei_index,ib_index);
-#endif
-  if (ei_encode_tuple_header(decode_buf,&ei_index,2) == ASN1_ERROR)
-    return ASN1_ERROR;		/* 2 bytes */
-#ifdef ASN1_DEBUG
-    printf("decode_begin3: ei_index=%d, ib_index=%d\n\r",ei_index,ib_index);
-#endif
-  if((maybe_ret=decode(drv_binary,&ei_index,in_buf,&ib_index,in_buf_len)) <= ASN1_ERROR) 
-    {
-      *err_pos = ib_index;
-#ifdef ASN1_DEBUG
-       printf("err_pos=%d,ib_index=%d\r\n",*err_pos,ib_index);
-#endif
-      return maybe_ret;
-    };
-  
-  decode_buf = (*drv_binary)->orig_bytes; /* maybe a realloc during decode_value */
-#ifdef ASN1_DEBUG
-    printf("decode_begin4: in_buf_len=%d, ei_index=%d, ib_index=%d\n\r",
-  	 in_buf_len,ei_index,ib_index);
-#endif
-  /* "{{TagNo,Value},Rest}" */
-  if (ei_encode_binary(decode_buf,&ei_index,&(in_buf[ib_index]),in_buf_len-ib_index)
-      == ASN1_ERROR)		/* at least 5 bytes */
-    return ASN1_ERROR;
-#ifdef ASN1_DEBUG
-    printf("decode_begin5: ei_index=%d, ib_index=%d\n\r",ei_index,ib_index);
-#endif
-  return ei_index;
-}
-
-int decode(ErlDrvBinary **drv_binary,int *ei_index,unsigned char *in_buf,
-	   int *ib_index, int in_buf_len)
-{
-  int maybe_ret;
-  char *decode_buf = (*drv_binary)->orig_bytes;
-  int form;
-#ifdef ASN1_DEBUG
-    printf("decode 1\n\r");
-#endif
-  if (((*drv_binary)->orig_size - *ei_index) < 19) {/* minimum amount of bytes */
-    /* allocate more memory */
-    if (realloc_decode_buf(drv_binary,(*drv_binary)->orig_size * 2) == 
-	ASN1_ERROR)
-      return ASN1_ERROR;
-    decode_buf = (*drv_binary)->orig_bytes;
-  }
-/*    printf("decode 2\n\r"); */
-    /* "{" */
-    if (ei_encode_tuple_header(decode_buf,ei_index,2) == ASN1_ERROR)
-    return ASN1_ERROR;		/* 2 bytes */
-#ifdef ASN1_DEBUG
-    printf("decode 3:orig_size=%ld, ei_index=%d, ib_index=%d\n\r",(*drv_binary)->orig_size,*ei_index,*ib_index);
-#endif
-
-    /*buffer must hold at least two bytes*/	
-    if ((*ib_index +2) > in_buf_len)
-      return ASN1_VALUE_ERROR;
-    /* "{{TagNo," */
-    if ((form = decode_tag(decode_buf,ei_index,in_buf,in_buf_len,ib_index)) <= ASN1_ERROR)
-      return form;		/* 5 bytes */
-#ifdef ASN1_DEBUG
-    printf("i_i=%d,in_buf_len=%d\r\n",*ei_index,in_buf_len);
-#endif
-    if (*ib_index >= in_buf_len){
-      return ASN1_TAG_ERROR;
-    }
-#ifdef ASN1_DEBUG
-    printf("decode 5 ib_index=%d\n\r",*ib_index);
-#endif
-    /* buffer must hold at least one byte (0 as length and nothing as
-       value) */
-    /* "{{TagNo,Value}," */
-    if ((maybe_ret=decode_value(ei_index,in_buf,ib_index,drv_binary,form,
-				in_buf_len)) <= ASN1_ERROR)
-      return maybe_ret;		/* at least 5 bytes */
-#ifdef ASN1_DEBUG
-     printf("decode 7\n\r");
-#endif
-    return *ei_index;
-}
-
-/* 
- * decode_tag decodes the BER encoded tag in in_buf and puts it in the
- * decode_buf encoded by the Erlang extern format as an Erlang term.
- */
-int decode_tag(char *decode_buf,int *db_index,unsigned char *in_buf,
-	       int in_buf_len, int *ib_index)
-{
-  int tag_no, tmp_tag, form;
-  
-
-  /* first get the class of tag and bit shift left 16*/
-  tag_no = ((MASK(in_buf[*ib_index],ASN1_CLASS)) << 10);
-
-  form = (MASK(in_buf[*ib_index],ASN1_FORM));
-#ifdef ASN1_DEBUG
-     printf("decode_tag0:ii=%d, tag_no=%d, form=%d.\r\n",
-	    *ib_index,tag_no,form);
-#endif
-
-  /* then get the tag number */
-  if((tmp_tag = (int) INVMASK(in_buf[*ib_index],ASN1_CLASSFORM)) < 31) {
-    ei_encode_ulong(decode_buf,db_index,tag_no+tmp_tag); /* usual case */
-    (*ib_index)++;
-#ifdef ASN1_DEBUG
-     printf("decode_tag1:ii=%d.\r\n",*ib_index);
-#endif
-  }
-  else
-    {
-      int n = 0; /* n is used to check that the 64K limit is not
-		    exceeded*/
-#ifdef ASN1_DEBUG
-     printf("decode_tag1:ii=%d, in_buf_len=%d.\r\n",*ib_index,in_buf_len);
-#endif
-
-      /* should check that at least three bytes are left in
-	 in-buffer,at least two tag byte and at least one length byte */
-      if ((*ib_index +3) > in_buf_len)
-	return ASN1_VALUE_ERROR;
-      (*ib_index)++;
-#ifdef ASN1_DEBUG
-       printf("decode_tag2:ii=%d.\r\n",*ib_index);
-#endif
-      /* The tag is in the following bytes in in_buf as 
-	 1ttttttt 1ttttttt ... 0ttttttt, where the t-bits
-	 is the tag number*/
-      /* In practice is the tag size limited to 64K, i.e. 16 bits. If
-	 the tag is greater then 64K return an error */
-      while (((tmp_tag = (int)in_buf[*ib_index]) >= 128) && n < 2){
-	/* m.s.b. = 1 */
-	tag_no = tag_no + (MASK(tmp_tag,ASN1_LONG_TAG) << 7);
-	(*ib_index)++;
-#ifdef ASN1_DEBUG
- 	printf("decode_tag3:ii=%d.\r\n",*ib_index);
-#endif
-	n++;
-      };
-      if ((n==2) && in_buf[*ib_index] > 3)
-	return ASN1_TAG_ERROR; /* tag number > 64K */
-      tag_no = tag_no + in_buf[*ib_index];
-      (*ib_index)++;
-#ifdef ASN1_DEBUG
-       printf("decode_tag4:ii=%d.\r\n",*ib_index);
-#endif
-      ei_encode_ulong(decode_buf,db_index,tag_no);
-    }
-  return form;
-}
-
-
-/*
- * decode_value decodes the BER encoded length and value fields in the
- * in_buf and puts the value part in the decode_buf as an Erlang term
- * encoded by the Erlang extern format
- */
-int decode_value(int *ei_index,unsigned char *in_buf,
-		 int *ib_index,ErlDrvBinary **drv_binary,int form,
-		 int in_buf_len)
-{
-  int maybe_ret;
-  char *decode_buf = (*drv_binary)->orig_bytes;
-  unsigned int len = 0;
-  unsigned int lenoflen = 0;
-  int indef = 0;
-  
-#ifdef ASN1_DEBUG
-    printf("decode_value1:ib_index=%d\n\r",*ib_index);
-#endif
-  if (((in_buf[*ib_index]) & 0x80) == ASN1_SHORT_DEFINITE_LENGTH) {
-    len = in_buf[*ib_index];
-  }
-  else if (in_buf[*ib_index] == ASN1_INDEFINITE_LENGTH)
-    indef = 1;
-  else /* long definite length */ {
-    lenoflen = (in_buf[*ib_index] & 0x7f); /*length of length */
-#ifdef ASN1_DEBUG
-     printf("decode_value,lenoflen:%d\r\n",lenoflen);
-#endif
-     if (lenoflen > (in_buf_len - (*ib_index+1)))
-       return ASN1_LEN_ERROR;
-     len = 0;
-     while (lenoflen-- ) {
-       (*ib_index)++;
-#ifdef ASN1_DEBUG
-       printf("decode_value1:*ib_index=%d, byte = %d.\r\n",*ib_index,in_buf[*ib_index]);
-#endif
-       if (!(len < (1 << (sizeof(len)-1)*8))) 
-	 return ASN1_LEN_ERROR; /* length does not fit in 32 bits */
-       len = (len << 8) + in_buf[*ib_index];
-     }
-  }
-  if (len > (in_buf_len - (*ib_index + 1)))
-    return ASN1_VALUE_ERROR;
-  (*ib_index)++;
-#ifdef ASN1_DEBUG
-   printf("decode_value2:ii=%d.\r\n",*ib_index);
-#endif
-  if (indef == 1)
-    { /* in this case it is desireably to check that indefinite length
-	 end bytes exist in inbuffer */
-      while (!(in_buf[*ib_index]==0 && in_buf[*ib_index + 1]==0)) {
-#ifdef ASN1_DEBUG
-	printf("decode_value while:ib_index=%d in_buf_len=%d\n\r",
-	 *ib_index,in_buf_len);
-#endif
-	if(*ib_index >= in_buf_len)
-	  return ASN1_INDEF_LEN_ERROR;
-	ei_encode_list_header(decode_buf,ei_index,1); /* 5 bytes */
-	if((maybe_ret=decode(drv_binary,ei_index,in_buf,
-			     ib_index,in_buf_len)) <= ASN1_ERROR)
-	  return maybe_ret;
-	decode_buf = (*drv_binary)->orig_bytes;
-      }
-      (*ib_index) += 2; /* skip the indefinite length end bytes */
-#ifdef ASN1_DEBUG
-       printf("decode_value3:ii=%d.\r\n",*ib_index);
-#endif
-      ei_encode_empty_list(decode_buf,ei_index); /* 1 byte */
-    }
-  else if (form == ASN1_CONSTRUCTED)
-    {
-      int end_index = *ib_index + len;
-      if(end_index > in_buf_len)
-	return ASN1_LEN_ERROR;
-      while (*ib_index < end_index) {
-
-#ifdef ASN1_DEBUG
-  	printf("decode_value3:*ib_index=%d, end_index=%d\n\r",*ib_index,end_index);
-#endif
-	ei_encode_list_header(decode_buf,ei_index,1); /* 5 bytes */
-	if((maybe_ret=decode(drv_binary,ei_index,in_buf,
-			     ib_index,in_buf_len))<=ASN1_ERROR)
-	  return maybe_ret;
-	decode_buf = (*drv_binary)->orig_bytes;
-      }
-      ei_encode_empty_list(decode_buf,ei_index); /* 1 byte */
-    }
-  else
-    {
-      if (((*drv_binary)->orig_size - *ei_index) < 10+len) { /* 5+len for the  binary*/
-	if (realloc_decode_buf(drv_binary,(*drv_binary)->orig_size * 2) == 
-	    ASN1_ERROR)
-	  return ASN1_ERROR;
-	decode_buf = (*drv_binary)->orig_bytes;
-      }
-      if((*ib_index + len) > in_buf_len)
-	return ASN1_LEN_ERROR;
-      ei_encode_binary(decode_buf,ei_index,&in_buf[*ib_index],len);
-      *ib_index = *ib_index + len;
-#ifdef ASN1_DEBUG
-       printf("decode_value4:ii=%d.\r\n",*ib_index);
-#endif
-    }
-  return ASN1_OK;
-}
-
-int realloc_decode_buf(ErlDrvBinary **drv_binary,int amount) {
-  ErlDrvBinary *tmp_bin;
-
-  if ((tmp_bin=driver_realloc_binary(*drv_binary,amount)) == NULL)
-    return ASN1_ERROR;
-  *drv_binary = tmp_bin;
-  return ASN1_OK;
-}
-
-
-
-/*
- * int decode_partial(drv_binary,in_buf,in_buf_len) 
- */
-/*
- * The in_buf contains two parts: first information about which value
- * will be decoded, as a sequence of tags and tag codes, then the
- * encoded BER value. First of all comes a length field that tells how
- * many following bytes contains the sequence of tags. Then starts the
- * BER encoded message. The tag sequence length field is a single
- * byte. The sequence of tags/tag codes may be one of the codes
- * ASN1_SKIPPED, ASN1_CHOOSEN and a tag or ASN1_OPTIONAL and a
- * tag. ASN1_SKIPPED means that the following tag is mandatory and is
- * skipped. ASN1_CHOOSEN means that the value of this tag shall, if
- * this was the last tag in tag sequence, be returned or be searched
- * in for the next tag. ASN1_OPTIONAL means that this tag shall be
- * skipped but it may be missing. Each tag in the tag sequence
- * correspond to a tag in the BER encoded message. If the decode
- * arives to a position where there is no matching tag, an error is
- * returned (if it wasn't the last tag and it was OPTIONAL). After the
- * right value has been detected it is returned in the out_buf.
- *
- */
-int decode_partial(ErlDrvBinary **drv_binary,unsigned char *in_buf, int in_buf_len)
-{
-  char *out_buf = (*drv_binary)->orig_bytes;
-  int tag_index_val = 1;
-  int msg_index_val;
-  int *msg_index, *tag_index, tmp_index;
-  int tag_seq_length;
-  int wanted_tag, next_tag;
-  int buf_end_index = in_buf_len;
-  int ret = 0, length, old_index;
-  
-  tag_index = &tag_index_val;
-  tag_seq_length = in_buf[0];
-  msg_index = &msg_index_val;
-  *msg_index = tag_seq_length + 1;
-
-
-/*   printf("decode_partial 1: in_buf_len=%d, tag_index=%d, msg_index=%d\r\n,tag_seq_length=%d\r\n",in_buf_len,*tag_index,*msg_index,tag_seq_length); */
-  while(*tag_index < tag_seq_length) {
-    switch(in_buf[*tag_index]) {
-    case ASN1_SKIPPED:
-/*       printf("decode_partial ASN1_SKIPPED: in_buf[*msg_index]=%d\r\n",in_buf[*msg_index]); */
-      (*tag_index)++;
-/*       printf("decode_partial ASN1_SKIPPED 2: *msg_index=%d\r\n",*msg_index); */
-      skip_tag(in_buf,msg_index,buf_end_index);
-/*       printf("decode_partial ASN1_SKIPPED 3: *msg_index=%d\r\n",*msg_index); */
-      skip_length_and_value(in_buf,msg_index,buf_end_index);
-/*       printf("decode_partial ASN1_SKIPPED 4: *msg_index=%d\r\n",*msg_index); */
-      break;
-    case ASN1_OPTIONAL:
-      (*tag_index)++;
-/*       printf("decode_partial ASN1_OPTIONAL: in_buf[*tag_index]=%d\r\n",in_buf[*tag_index]); */
-      wanted_tag = in_buf[*tag_index];
-      (*tag_index)++;
-      tmp_index = *msg_index;
-      next_tag = get_tag(in_buf,msg_index,buf_end_index);
-      if (wanted_tag != next_tag) {
-	*msg_index = tmp_index;
-      } else 
-	skip_length_and_value(in_buf,msg_index,buf_end_index);
-      break;
-    case ASN1_CHOOSEN:
-/*       printf("decode_partial ASN1_CHOOSEN: in_buf[*msg_index]=%d, *msg_index=%d\r\n",in_buf[*msg_index],*msg_index); */
-      (*tag_index)++;
-      wanted_tag = in_buf[*tag_index];
-      (*tag_index)++;
-      old_index = *msg_index;
-/*       printf("decode_partial ASN1_CHOOSEN 2: *msg_index=%d\r\n",*msg_index); */
-      next_tag = get_tag(in_buf,msg_index,buf_end_index);
-/*       printf("decode_partial ASN1_CHOOSEN 3: *msg_index=%d\r\n,wanted_tag=%d, next_tag=%d\r\n",*msg_index,wanted_tag,next_tag); */
-      if (wanted_tag != next_tag)
-	return ASN1_NOVALUE; /* an empty binary will be returned to Erlang */
-      if (*tag_index == (tag_seq_length + 1)) { 
-	/* get the value and return*/
-	if((ret = get_value(out_buf,in_buf,msg_index,buf_end_index)) <= ASN1_ERROR)
-	  return ASN1_ERROR;
-	return ret;
-      } 
-      else { 
-	/* calculate the length of the sub buffer and let *msg_index
-	   be at the value part of this BER encoded type*/
-	int indef;
-	indef = 0;
-	length = get_length(in_buf,msg_index,&indef,buf_end_index);
-/* 	printf("decode_partial ASN1_CHOOSEN 4: length=%d, *msg_index=%d\r\n",length,*msg_index); */
-	if ((length == 0) && (indef == 1)) {
-	  /* indefinite length of value */
-	  old_index = *msg_index;
-	  length = skip_length_and_value(in_buf,msg_index,buf_end_index);
-	  *msg_index = old_index;
-	  buf_end_index = *msg_index + length - 2; 
-	  /* remove two bytes due to indefinete length end zeros */
-	} else 
-	  buf_end_index = (*msg_index + length);
-      }
-      break;
-    default:
-      return ASN1_ERROR;
-    }
-  }
-  return ASN1_ERROR;
-}
-
-
-/*
- * int skip_tag(unsigned char *in_buf,int *index,int buf_len)
- * steps past the BER encoded tag in in_buf and updates *index.
- * Returns the number of skipped bytes.
- */
-int skip_tag(unsigned char *in_buf,int *index,int buf_len)
-{
-  int start_index = *index;
-  if ((MASK(in_buf[*index],ASN1_TAG)) == 31){
-    do {
-      (*index)++;
-      if (*index >= buf_len)
-	return ASN1_ERROR;
-    }
-    while(in_buf[*index] >=128);
-  }
-  (*index)++;
-  return (*index - start_index);
-}
-
-
-/*
- * int skip_length_and_value(unsigned char *in_buf,int *index,int buf_len)
- * steps past the BER encoded length and value in in_buf and updates *index.
- * returns the length if the skipped "length value".
- * Returns the number of skipped bytes.
- */
-int skip_length_and_value(unsigned char *in_buf,int *index,int buf_len)
-{
-  long len;
-  int indef = 0, lenoflen;
-  int start_index = *index;
-
-  if ((MASK(in_buf[*index],0x80)) == ASN1_SHORT_DEFINITE_LENGTH){
-    len = in_buf[*index];
-    if (len > (buf_len - (*index + 1)))
-      return ASN1_LEN_ERROR;
-  } else if (in_buf[*index] == ASN1_INDEFINITE_LENGTH)
-    indef = 1;
-  else /* long definite length */ {
-    lenoflen = (in_buf[*index] & 0x7f); /*length of length */
-    len = 0;
-    while (lenoflen--) {
-      (*index)++;
-      len = (len << 8) + in_buf[*index];
-    }
-    if (len > (buf_len - (*index + 1)))
-      return ASN1_LEN_ERROR;
-  }
-  (*index)++;
-  if (indef == 1)
-    {
-      while(!(in_buf[*index]==0 && in_buf[*index + 1]==0)) {
-	skip_tag(in_buf,index,buf_len);
-	skip_length_and_value(in_buf,index,buf_len);
-      }
-      (*index) += 2;
-    }
-  else 
-    (*index) += len;
-  return (*index - start_index);
-}
-
-/* int get_tag(unsigned char *in_buf,int *index)
- *
- * assumes next byte/bytes in in_buf is an encoded BER tag. A tag
- * number has theoretically no upper limit in size. Here the tag
- * number is assumed to be less than 64K. Returns an integer value
- * on the format:
- * xxxxxxxx xxxxxxcc tttttttt tttttttt
- * the x-bits are 0 (insignificant)
- * the c-bits are the class of the tag
- * the t-bits are the tag number. This implies that the tag number
- * is limited to 64K-1
- * 
- */
-int get_tag(unsigned char *in_buf,int *index,int buf_len)
-{
-  int tag_no = 0,tmp_tag = 0;
-
-  tag_no = (MASK(in_buf[*index],ASN1_CLASSFORM));
-  if ((MASK(in_buf[*index],ASN1_TAG)) == ASN1_TAG) {
-    /* long form of tag */
-    do {
-      (*index)++;
-      if (*index >= buf_len)
-	return ASN1_TAG_ERROR;
-      tmp_tag = tmp_tag << 7;
-      tmp_tag += (MASK(in_buf[*index],ASN1_LONG_TAG));
-    } while (in_buf[*index] >= 128);
-    (*index)++;
-    tag_no = tag_no + tmp_tag;
-  } else {
-    tag_no += (MASK(in_buf[*index],ASN1_TAG));
-    (*index)++;
-  }
-  if (*index >= buf_len)
-    return ASN1_TAG_ERROR;
-  return tag_no;
-}
-
-
-/*
- * int get_value(char *out_buf,unsigned char *in_buf,
- *               int *msg_index,int in_buf_len)
- */
-/* assumes next byte/bytes in in_buf is an encoded BER value preceeded by a BER encoded length. Puts value in out_buf.
- */
-int get_value(char *out_buf,
-	      unsigned char *in_buf,
-	      int *msg_index,
-	      int in_buf_len)
-{
-  int len, lenoflen, indef=0, skip_len;
-  int ret=0;
-  int start_index;
-  
-/*   printf("get_value 1\n\r"); */
-  if (in_buf[*msg_index] < 0x80){ /* short definite length */
-    len = in_buf[*msg_index];
-/*     printf("short definite length\r\n"); */
-  } else if (in_buf[*msg_index] > 0x80) { /* long definite length */
-    lenoflen = (in_buf[*msg_index] & 0x7f); /*length of length */
-    len = 0;
-    while (lenoflen--) {
-      (*msg_index)++;
-      len = (len << 8) + in_buf[*msg_index];
-    }
-    if (len > (in_buf_len - (*msg_index + 1)))
-      return ASN1_LEN_ERROR;
-  } else 
-    indef = 1;
-  (*msg_index)++;
-/*   printf("get_value 2: len = %d, *msg_index = %d\r\n",len,*msg_index); */
-  if (indef == 1) {
-    while(!(in_buf[*msg_index]==0 && in_buf[*msg_index + 1]==0)) {
-      start_index = *msg_index;
-      skip_len = skip_tag(in_buf,msg_index,in_buf_len);
-/*       printf("get_value 3: skip_len=%d,start_index=%d,*msg_index=%d\n\r", */
-/* 	     skip_len,start_index,*msg_index); */
-      memcpy(&out_buf[ret],&in_buf[start_index],skip_len);
-      ret += skip_len;
-      start_index = *msg_index;
-      skip_len = skip_length_and_value(in_buf,msg_index,in_buf_len);
-/*       printf("get_value 4: skip_len=%d,start_index=%d,*msg_index=%d\n\r", */
-/* 	     skip_len,start_index,*msg_index); */
-      memcpy(&out_buf[ret],&in_buf[start_index],skip_len);
-      ret += skip_len;
-    }
-    return ret;
-  }
-  else
-    memcpy(&out_buf[ret],&in_buf[*msg_index],len);
-  return len;
-}
-
-
-/*
- * int get_length(unsigned char *in_buf,int *msg_index)
- * assumes next byte/bytes contain a BER encoded length field,
- * which is decoded. The value of the length is returned. If it
- * is an indefinite length the *indef is set to one.
- */
-int get_length(unsigned char *in_buf,int *msg_index,
-	       int *indef,int in_buf_len)
-{
-  int len=0, lenoflen;
-  
-  if (in_buf[*msg_index] < 0x80) /* short definite length */
-    len = in_buf[*msg_index];
-  else if (in_buf[*msg_index] > 0x80) { /* long definite length */
-    lenoflen = (in_buf[*msg_index] & 0x7f); /*length of length */
-    len = 0;
-    while (lenoflen--) {
-      (*msg_index)++;
-      len = (len << 8) + in_buf[*msg_index];
-    }
-    if (len > (in_buf_len - (*msg_index + 1)))
-      return ASN1_LEN_ERROR;
-  } else 
-    *indef = 1;
-  (*msg_index)++;
-  return len;
-}
diff --git a/lib/asn1/c_src/asn1_erl_nif.c b/lib/asn1/c_src/asn1_erl_nif.c
new file mode 100644
index 0000000000..accd368af1
--- /dev/null
+++ b/lib/asn1/c_src/asn1_erl_nif.c
@@ -0,0 +1,1304 @@
+/*
+ * %CopyrightBegin%
+ *
+ * Copyright Ericsson AB 2002-2011. All Rights Reserved.
+ *
+ * The contents of this file are subject to the Erlang Public License,
+ * Version 1.1, (the "License"); you may not use this file except in
+ * compliance with the License. You should have received a copy of the
+ * Erlang Public License along with this software. If not, it can be
+ * retrieved online at http://www.erlang.org/.
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ * the License for the specific language governing rights and limitations
+ * under the License.
+ *
+ * %CopyrightEnd%
+ *
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include "erl_nif.h"
+
+/* #define ASN1_DEBUG 1 */
+
+#define ASN1_OK 0
+#define ASN1_ERROR -1
+#define ASN1_COMPL_ERROR 1
+#define ASN1_MEMORY_ERROR 0
+#define ASN1_DECODE_ERROR 2
+#define ASN1_TAG_ERROR -3
+#define ASN1_LEN_ERROR -4
+#define ASN1_INDEF_LEN_ERROR -5
+#define ASN1_VALUE_ERROR -6
+
+#define ASN1_CLASS 0xc0
+#define ASN1_FORM 0x20
+#define ASN1_CLASSFORM (ASN1_CLASS | ASN1_FORM)
+#define ASN1_TAG 0x1f
+#define ASN1_LONG_TAG 0x7f
+
+#define ASN1_INDEFINITE_LENGTH 0x80
+#define ASN1_SHORT_DEFINITE_LENGTH 0
+
+#define ASN1_PRIMITIVE 0
+#define ASN1_CONSTRUCTED 0x20
+
+#define ASN1_NOVALUE 0
+
+#define ASN1_SKIPPED 0
+#define ASN1_OPTIONAL 1
+#define ASN1_CHOOSEN 2
+
+#define CEIL(X,Y) ((X-1) / Y + 1)
+
+#define INVMASK(X,M) (X & (M ^ 0xff))
+#define MASK(X,M) (X & M)
+
+/* PER COMPLETE */
+int per_complete(ErlNifBinary *, unsigned char *, int);
+
+int per_insert_octets(int, unsigned char **, unsigned char **, int *);
+
+int per_insert_octets_except_unused(int, unsigned char **, unsigned char **,
+	int *, int);
+
+int per_insert_octets_as_bits_exact_len(int, int, unsigned char **,
+	unsigned char **, int *);
+
+int per_insert_octets_as_bits(int, unsigned char **, unsigned char **, int *);
+
+int per_pad_bits(int, unsigned char **, int *);
+
+int per_insert_least_sign_bits(int, unsigned char, unsigned char **, int *);
+
+int per_insert_most_sign_bits(int, unsigned char, unsigned char **, int *);
+
+int per_insert_bits_as_bits(int, int, unsigned char **, unsigned char **, int *);
+
+int per_insert_octets_unaligned(int, unsigned char **, unsigned char **, int);
+
+int per_realloc_memory(ErlNifBinary *, int, unsigned char **);
+
+/* BER DECODE */
+int ber_decode_begin(ErlNifEnv *, ERL_NIF_TERM *, unsigned char *, int,
+	unsigned int *);
+
+int ber_decode(ErlNifEnv *, ERL_NIF_TERM *, unsigned char *, int *, int);
+
+int ber_decode_tag(ErlNifEnv *, ERL_NIF_TERM *, unsigned char *, int, int *);
+
+int ber_decode_value(ErlNifEnv*, ERL_NIF_TERM *, unsigned char *, int *, int,
+	int);
+
+/* BER ENCODE */
+typedef struct ber_encode_mem_chunk mem_chunk_t;
+
+int ber_encode(ErlNifEnv *, ERL_NIF_TERM , mem_chunk_t **, unsigned int *);
+
+void ber_free_chunks(mem_chunk_t *chunk);
+mem_chunk_t *ber_new_chunk(unsigned int length);
+int ber_check_memory(mem_chunk_t **curr, unsigned int needed);
+
+int ber_encode_tag(ErlNifEnv *, ERL_NIF_TERM , unsigned int ,
+	mem_chunk_t **, unsigned int *);
+
+int ber_encode_length(size_t , mem_chunk_t **, unsigned int *);
+
+/*
+ *
+ * This section defines functionality for the complete encode of a
+ * PER encoded message
+ *
+ */
+
+int per_complete(ErlNifBinary *out_binary, unsigned char *in_buf,
+	int in_buf_len) {
+    int counter = in_buf_len;
+    /* counter keeps track of number of bytes left in the
+     input buffer */
+
+    int buf_space = in_buf_len;
+    /* This is the amount of allocated space left of the out_binary. It
+     is possible when padding is applied that more space is needed than
+     was originally allocated. */
+
+    int buf_size = in_buf_len;
+    /* Size of the buffer. May become reallocated and thus other than
+     in_buf_len */
+
+    unsigned char *in_ptr, *ptr;
+    /* in_ptr points at the next byte in in_buf to be moved to
+     complete_buf.
+     ptr points into the new completed buffer, complete_buf, at the
+     position of the next byte that will be set */
+    int unused = 8;
+    /* unused = [1,...,8] indicates how many of the rigthmost bits of
+     the byte that ptr points at that are unassigned */
+
+    int no_bits, no_bytes, in_unused, desired_len, ret, saved_mem, needed,
+	    pad_bits;
+
+    unsigned char val;
+
+    in_ptr = in_buf;
+    ptr = out_binary->data;
+    *ptr = 0x00;
+    while (counter > 0) {
+	counter--;
+	switch (*in_ptr) {
+	case 0:
+	    /* just one zero-bit should be added to the buffer */
+	    if (unused == 1) {
+		unused = 8;
+		*++ptr = 0x00;
+		buf_space--;
+	    } else
+		unused--;
+	    break;
+
+	case 1:
+	    /* one one-bit should be added to the buffer */
+	    if (unused == 1) {
+		*ptr = *ptr | 1;
+		unused = 8;
+		*++ptr = 0x00;
+		buf_space--;
+	    } else {
+		*ptr = *ptr | (1 << (unused - 1));
+		unused--;
+	    }
+	    break;
+
+	case 2:
+	    /* align buffer to end of byte */
+	    if (unused != 8) {
+		*++ptr = 0x00;
+		buf_space--;
+		unused = 8;
+	    }
+	    break;
+
+	case 10:
+	    /* next byte in in_buf tells how many bits in the second next
+	     byte that will be used */
+	    /* The leftmost unused bits in the value byte are supposed to be
+	     zero bits */
+	    no_bits = (int) *(++in_ptr);
+	    val = *(++in_ptr);
+	    counter -= 2;
+	    if ((ret = per_insert_least_sign_bits(no_bits, val, &ptr, &unused))
+		    == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 20:
+	    /* in this case the next value in_ptr points at holds the number
+	     of following bytes that holds the value that will be inserted
+	     in the completed buffer */
+	    no_bytes = (int) *(++in_ptr);
+	    counter -= (no_bytes + 1);
+	    if ((counter < 0)
+		    || (ret = per_insert_octets(no_bytes, &in_ptr, &ptr,
+			    &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 21:
+	    /* in this case the next two bytes in_ptr points at holds the number
+	     of following bytes that holds the value that will be inserted
+	     in the completed buffer */
+	    no_bytes = (int) *(++in_ptr);
+	    no_bytes = no_bytes << 8;
+	    no_bytes = no_bytes | (int) *(++in_ptr);
+	    counter -= (2 + no_bytes);
+	    if ((counter < 0)
+		    || (ret = per_insert_octets(no_bytes, &in_ptr, &ptr,
+			    &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 30:
+	    /* If we call the following bytes, in the buffer in_ptr points at,
+	     By1,By2,Rest then Rest is the value that will be transfered to
+	     the completed buffer. By1 tells how many of the rightmost bits in
+	     Rest that should not be used. By2 is the length of Rest in bytes.*/
+	    in_unused = (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+	    counter -= (2 + no_bytes);
+	    ret = -4711;
+	    if ((counter < 0)
+		    || (ret = per_insert_octets_except_unused(no_bytes, &in_ptr,
+			    &ptr, &unused, in_unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 31:
+	    /* If we call the following bytes, in the buffer in_ptr points at,
+	     By1,By2,By3,Rest then Rest is the value that will be transfered to
+	     the completed buffer. By1 tells how many of the rightmost bits in
+	     Rest that should not be used. By2 and By3 is the length of
+	     Rest in bytes.*/
+	    in_unused = (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+	    no_bytes = no_bytes << 8;
+	    no_bytes = no_bytes | (int) *(++in_ptr);
+	    counter -= (3 + no_bytes);
+	    if ((counter < 0)
+		    || (ret = per_insert_octets_except_unused(no_bytes, &in_ptr,
+			    &ptr, &unused, in_unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 40:
+	    /* This case implies that next byte,By1,(..,By1,By2,Bin,...)
+	     is the desired length of the completed value, maybe needs
+	     padding zero bits or removal of trailing zero bits from Bin.
+	     By2 is the length of Bin and Bin is the value that will be
+	     put into the completed buffer. Each byte in Bin has the value
+	     1 or 0.*/
+	    desired_len = (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+
+	    /* This is the algorithm for need of memory reallocation:
+	     Only when padding (cases 40 - 43,45 - 47) more memory may be
+	     used than allocated. Therefore one has to keep track of how
+	     much of the allocated memory that has been saved, i.e. the
+	     difference between the number of parsed bytes of the input buffer
+	     and the number of used bytes of the output buffer.
+	     If saved memory is less than needed for the padding then we
+	     need more memory. */
+	    saved_mem = buf_space - counter;
+	    pad_bits = desired_len - no_bytes - unused;
+	    needed = (pad_bits > 0) ? CEIL(pad_bits,8) : 0;
+	    if (saved_mem < needed) {
+		/* Have to allocate more memory */
+		buf_size += needed;
+		buf_space += needed;
+		if (per_realloc_memory(out_binary, buf_size, &ptr) == ASN1_ERROR
+		)
+		    return ASN1_ERROR;
+	    }
+
+	    counter -= (2 + no_bytes);
+	    if ((counter < 0)
+		    || (ret = per_insert_octets_as_bits_exact_len(desired_len,
+			    no_bytes, &in_ptr, &ptr, &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 41:
+	    /* Same as case 40 apart from By2, the length of Bin, which is in
+	     two bytes*/
+	    desired_len = (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+	    no_bytes = no_bytes << 8;
+	    no_bytes = no_bytes | (int) *(++in_ptr);
+
+	    saved_mem = buf_space - counter;
+	    needed = CEIL((desired_len-unused),8) - no_bytes;
+	    if (saved_mem < needed) {
+		/* Have to allocate more memory */
+		buf_size += needed;
+		buf_space += needed;
+		if (per_realloc_memory(out_binary, buf_size, &ptr) == ASN1_ERROR
+		)
+		    return ASN1_ERROR;
+	    }
+
+	    counter -= (3 + no_bytes);
+	    if ((counter < 0)
+		    || (ret = per_insert_octets_as_bits_exact_len(desired_len,
+			    no_bytes, &in_ptr, &ptr, &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 42:
+	    /* Same as case 40 apart from By1, the desired length, which is in
+	     two bytes*/
+	    desired_len = (int) *(++in_ptr);
+	    desired_len = desired_len << 8;
+	    desired_len = desired_len | (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+
+	    saved_mem = buf_space - counter;
+	    needed = CEIL((desired_len-unused),8) - no_bytes;
+	    if (saved_mem < needed) {
+		/* Have to allocate more memory */
+		buf_size += needed;
+		buf_space += needed;
+		if (per_realloc_memory(out_binary, buf_size, &ptr) == ASN1_ERROR
+		)
+		    return ASN1_ERROR;
+	    }
+
+	    counter -= (3 + no_bytes);
+	    if ((counter < 0)
+		    || (ret = per_insert_octets_as_bits_exact_len(desired_len,
+			    no_bytes, &in_ptr, &ptr, &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 43:
+	    /* Same as case 40 apart from By1 and By2, the desired length and
+	     the length of Bin, which are in two bytes each. */
+	    desired_len = (int) *(++in_ptr);
+	    desired_len = desired_len << 8;
+	    desired_len = desired_len | (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+	    no_bytes = no_bytes << 8;
+	    no_bytes = no_bytes | (int) *(++in_ptr);
+
+	    saved_mem = buf_space - counter;
+	    needed = CEIL((desired_len-unused),8) - no_bytes;
+	    if (saved_mem < needed) {
+		/* Have to allocate more memory */
+		buf_size += needed;
+		buf_space += needed;
+		if (per_realloc_memory(out_binary, buf_size, &ptr) == ASN1_ERROR
+		)
+		    return ASN1_ERROR;
+	    }
+
+	    counter -= (4 + no_bytes);
+	    if ((counter < 0)
+		    || (ret = per_insert_octets_as_bits_exact_len(desired_len,
+			    no_bytes, &in_ptr, &ptr, &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 45:
+	    /* This case assumes that the following bytes in the incoming buffer
+	     (called By1,By2,Bin) is By1, which is the number of bits (n) that
+	     will be inserted in the completed buffer. By2 is the number of
+	     bytes in Bin. Each bit in the buffer Bin should be inserted from
+	     the leftmost until the nth.*/
+	    desired_len = (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+
+	    saved_mem = buf_space - counter;
+	    needed = CEIL((desired_len-unused),8) - no_bytes;
+	    if (saved_mem < needed) {
+		/* Have to allocate more memory */
+		buf_size += needed;
+		buf_space += needed;
+		if (per_realloc_memory(out_binary, buf_size, &ptr) == ASN1_ERROR
+		)
+		    return ASN1_ERROR;
+	    }
+
+	    counter -= (2 + no_bytes);
+
+	    if ((counter < 0)
+		    || (ret = per_insert_bits_as_bits(desired_len, no_bytes,
+			    &in_ptr, &ptr, &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 46:
+	    /* Same as case 45 apart from By1, the desired length, which is
+	     in two bytes. */
+	    desired_len = (int) *(++in_ptr);
+	    desired_len = desired_len << 8;
+	    desired_len = desired_len | (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+
+	    saved_mem = buf_space - counter;
+	    needed = CEIL((desired_len-unused),8) - no_bytes;
+	    if (saved_mem < needed) {
+		/* Have to allocate more memory */
+		buf_size += needed;
+		buf_space += needed;
+		if (per_realloc_memory(out_binary, buf_size, &ptr) == ASN1_ERROR
+		)
+		    return ASN1_ERROR;
+	    }
+
+	    counter -= (3 + no_bytes);
+	    if ((counter < 0)
+		    || (ret = per_insert_bits_as_bits(desired_len, no_bytes,
+			    &in_ptr, &ptr, &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	case 47:
+	    /* Same as case 45 apart from By1 and By2, the desired length
+	     and the length of Bin, which are in two bytes each. */
+	    desired_len = (int) *(++in_ptr);
+	    desired_len = desired_len << 8;
+	    desired_len = desired_len | (int) *(++in_ptr);
+	    no_bytes = (int) *(++in_ptr);
+	    no_bytes = no_bytes << 8;
+	    no_bytes = no_bytes | (int) *(++in_ptr);
+
+	    saved_mem = buf_space - counter;
+	    needed = CEIL((desired_len-unused),8) - no_bytes;
+	    if (saved_mem < needed) {
+		/* Have to allocate more memory */
+		buf_size += needed;
+		buf_space += needed;
+		if (per_realloc_memory(out_binary, buf_size, &ptr) == ASN1_ERROR
+		)
+		    return ASN1_ERROR;
+	    }
+
+	    counter -= (4 + no_bytes);
+	    if ((counter < 0)
+		    || (ret = per_insert_bits_as_bits(desired_len, no_bytes,
+			    &in_ptr, &ptr, &unused)) == ASN1_ERROR
+		    )
+		return ASN1_ERROR;
+	    buf_space -= ret;
+	    break;
+
+	default:
+	    return ASN1_ERROR;
+	}
+	in_ptr++;
+    }
+    /* The returned buffer must be at least one byte and
+     it must be octet aligned */
+    if ((unused == 8) && (ptr != out_binary->data))
+	return (ptr - out_binary->data);
+    else {
+	ptr++; /* octet align buffer */
+	return (ptr - out_binary->data);
+    }
+}
+
+int per_realloc_memory(ErlNifBinary *binary, int amount, unsigned char **ptr) {
+
+    int i = *ptr - binary->data;
+
+    if (!enif_realloc_binary(binary, amount)) {
+	/*error handling due to memory allocation failure */
+	return ASN1_ERROR;
+    } else {
+	*ptr = binary->data + i;
+    }
+    return ASN1_OK;
+}
+
+int per_insert_most_sign_bits(int no_bits, unsigned char val,
+	unsigned char **output_ptr, int *unused) {
+    unsigned char *ptr = *output_ptr;
+
+    if (no_bits < *unused) {
+	*ptr = *ptr | (val >> (8 - *unused));
+	*unused -= no_bits;
+    } else if (no_bits == *unused) {
+	*ptr = *ptr | (val >> (8 - *unused));
+	*unused = 8;
+	*++ptr = 0x00;
+    } else {
+	*ptr = *ptr | (val >> (8 - *unused));
+	*++ptr = 0x00;
+	*ptr = *ptr | (val << *unused);
+	*unused = 8 - (no_bits - *unused);
+    }
+    *output_ptr = ptr;
+    return ASN1_OK;
+}
+
+int per_insert_least_sign_bits(int no_bits, unsigned char val,
+	unsigned char **output_ptr, int *unused) {
+    unsigned char *ptr = *output_ptr;
+    int ret = 0;
+
+    if (no_bits < *unused) {
+	*ptr = *ptr | (val << (*unused - no_bits));
+	*unused -= no_bits;
+    } else if (no_bits == *unused) {
+	*ptr = *ptr | val;
+	*unused = 8;
+	*++ptr = 0x00;
+	ret++;
+    } else {
+	/* first in the begun byte in the completed buffer insert
+	 so many bits that fit, then insert the rest in next byte.*/
+	*ptr = *ptr | (val >> (no_bits - *unused));
+	*++ptr = 0x00;
+	ret++;
+	*ptr = *ptr | (val << (8 - (no_bits - *unused)));
+	*unused = 8 - (no_bits - *unused);
+    }
+    *output_ptr = ptr;
+    return ret;
+}
+
+/* per_pad_bits adds no_bits bits in the buffer that output_ptr
+ points at.
+ */
+int per_pad_bits(int no_bits, unsigned char **output_ptr, int *unused) {
+    unsigned char *ptr = *output_ptr;
+    int ret = 0;
+
+    while (no_bits > 0) {
+	if (*unused == 1) {
+	    *unused = 8;
+	    *++ptr = 0x00;
+	    ret++;
+	} else
+	    (*unused)--;
+	no_bits--;
+    }
+    *output_ptr = ptr;
+    return ret;
+}
+
+/* insert_bits_as_bits removes no_bytes bytes from the buffer that in_ptr
+ points at and takes the desired_no leftmost bits from those removed
+ bytes and inserts them in the buffer(output buffer) that ptr points at.
+ The unused parameter tells how many bits that are not set in the
+ actual byte in the output buffer. If desired_no is more bits than the
+ input buffer has in no_bytes bytes, then zero bits is padded.*/
+int per_insert_bits_as_bits(int desired_no, int no_bytes,
+	unsigned char **input_ptr, unsigned char **output_ptr, int *unused) {
+    unsigned char *in_ptr = *input_ptr;
+    unsigned char val;
+    int no_bits, ret;
+
+    if (desired_no == (no_bytes * 8)) {
+	if (per_insert_octets_unaligned(no_bytes, &in_ptr, output_ptr, *unused)
+		== ASN1_ERROR
+		)
+	    return ASN1_ERROR;
+	ret = no_bytes;
+    } else if (desired_no < (no_bytes * 8)) {
+	/*     printf("per_insert_bits_as_bits 1\n\r"); */
+	if (per_insert_octets_unaligned(desired_no / 8, &in_ptr, output_ptr,
+		*unused) == ASN1_ERROR
+	)
+	    return ASN1_ERROR;
+	/*     printf("per_insert_bits_as_bits 2\n\r"); */
+	val = *++in_ptr;
+	/*     printf("val = %d\n\r",(int)val); */
+	no_bits = desired_no % 8;
+	/*     printf("no_bits = %d\n\r",no_bits); */
+	per_insert_most_sign_bits(no_bits, val, output_ptr, unused);
+	ret = CEIL(desired_no,8);
+    } else {
+	if (per_insert_octets_unaligned(no_bytes, &in_ptr, output_ptr, *unused)
+		== ASN1_ERROR
+		)
+	    return ASN1_ERROR;
+	per_pad_bits(desired_no - (no_bytes * 8), output_ptr, unused);
+	ret = CEIL(desired_no,8);
+	/*     printf("ret = %d\n\r",ret); */
+    }
+    /*   printf("*unused = %d\n\r",*unused); */
+    *input_ptr = in_ptr;
+    return ret;
+}
+
+/* per_insert_octets_as_bits_exact_len */
+int per_insert_octets_as_bits_exact_len(int desired_len, int in_buff_len,
+	unsigned char **in_ptr, unsigned char **ptr, int *unused) {
+    int ret = 0;
+    int ret2 = 0;
+
+    if (desired_len == in_buff_len) {
+	if ((ret = per_insert_octets_as_bits(in_buff_len, in_ptr, ptr, unused))
+		== ASN1_ERROR
+		)
+	    return ASN1_ERROR;
+    } else if (desired_len > in_buff_len) {
+	if ((ret = per_insert_octets_as_bits(in_buff_len, in_ptr, ptr, unused))
+		== ASN1_ERROR
+		)
+	    return ASN1_ERROR;
+	/* now pad with zero bits */
+	/*     printf("~npad_bits: called with %d bits padding~n~n~r",desired_len - in_buff_len); */
+	if ((ret2 = per_pad_bits(desired_len - in_buff_len, ptr, unused))
+		== ASN1_ERROR
+		)
+	    return ASN1_ERROR;
+    } else {/* desired_len < no_bits */
+	if ((ret = per_insert_octets_as_bits(desired_len, in_ptr, ptr, unused))
+		== ASN1_ERROR
+		)
+	    return ASN1_ERROR;
+	/* now remove no_bits - desired_len bytes from in buffer */
+	*in_ptr += (in_buff_len - desired_len);
+    }
+    return (ret + ret2);
+}
+
+/* insert_octets_as_bits takes no_bytes bytes from the buffer that input_ptr
+ points at and inserts the least significant bit of it in the buffer that
+ output_ptr points at. Each byte in the input buffer must be 1 or 0
+ otherwise the function returns ASN1_ERROR. The output buffer is concatenated
+ without alignment.
+ */
+int per_insert_octets_as_bits(int no_bytes, unsigned char **input_ptr,
+	unsigned char **output_ptr, int *unused) {
+    unsigned char *in_ptr = *input_ptr;
+    unsigned char *ptr = *output_ptr;
+    int used_bits = 8 - *unused;
+
+    while (no_bytes > 0) {
+	switch (*++in_ptr) {
+	case 0:
+	    if (*unused == 1) {
+		*unused = 8;
+		*++ptr = 0x00;
+	    } else
+		(*unused)--;
+	    break;
+	case 1:
+	    if (*unused == 1) {
+		*ptr = *ptr | 1;
+		*unused = 8;
+		*++ptr = 0x00;
+	    } else {
+		*ptr = *ptr | (1 << (*unused - 1));
+		(*unused)--;
+	    }
+	    break;
+	default:
+	    return ASN1_ERROR;
+	}
+	no_bytes--;
+    }
+    *input_ptr = in_ptr;
+    *output_ptr = ptr;
+    return ((used_bits + no_bytes) / 8); /*return number of new bytes
+     in completed buffer */
+}
+
+/* insert_octets inserts bytes from the input buffer, *input_ptr,
+ into the output buffer, *output_ptr. Before the first byte is
+ inserted the input buffer is aligned.
+ */
+int per_insert_octets(int no_bytes, unsigned char **input_ptr,
+	unsigned char **output_ptr, int *unused) {
+    unsigned char *in_ptr = *input_ptr;
+    unsigned char *ptr = *output_ptr;
+    int ret = 0;
+
+    if (*unused != 8) {/* must align before octets are added */
+	*++ptr = 0x00;
+	ret++;
+	*unused = 8;
+    }
+    while (no_bytes > 0) {
+	*ptr = *(++in_ptr);
+	*++ptr = 0x00;
+	/*      *unused = *unused - 1; */
+	no_bytes--;
+    }
+    *input_ptr = in_ptr;
+    *output_ptr = ptr;
+    return (ret + no_bytes);
+}
+
+/* per_insert_octets_unaligned inserts bytes from the input buffer, *input_ptr,
+ into the output buffer, *output_ptr.No alignment is done.
+ */
+int per_insert_octets_unaligned(int no_bytes, unsigned char **input_ptr,
+	unsigned char **output_ptr, int unused) {
+    unsigned char *in_ptr = *input_ptr;
+    unsigned char *ptr = *output_ptr;
+    int n = no_bytes;
+    unsigned char val;
+
+    while (n > 0) {
+	if (unused == 8) {
+	    *ptr = *++in_ptr;
+	    *++ptr = 0x00;
+	} else {
+	    val = *++in_ptr;
+	    *ptr = *ptr | val >> (8 - unused);
+	    *++ptr = 0x00;
+	    *ptr = val << unused;
+	}
+	n--;
+    }
+    *input_ptr = in_ptr;
+    *output_ptr = ptr;
+    return no_bytes;
+}
+
+int per_insert_octets_except_unused(int no_bytes, unsigned char **input_ptr,
+	unsigned char **output_ptr, int *unused, int in_unused) {
+    unsigned char *in_ptr = *input_ptr;
+    unsigned char *ptr = *output_ptr;
+    int val, no_bits;
+    int ret = 0;
+
+    if (in_unused == 0) {
+	if ((ret = per_insert_octets_unaligned(no_bytes, &in_ptr, &ptr, *unused))
+		== ASN1_ERROR
+		)
+	    return ASN1_ERROR;
+    } else {
+	if ((ret = per_insert_octets_unaligned(no_bytes - 1, &in_ptr, &ptr, *unused))
+		!= ASN1_ERROR) {
+	    val = (int) *(++in_ptr);
+	    no_bits = 8 - in_unused;
+	    /* no_bits is always less than *unused since the buffer is
+	     octet aligned after insert:octets call, so the following
+	     if clasuse is obsolete I think */
+	    if (no_bits < *unused) {
+		*ptr = *ptr | (val >> (8 - *unused));
+		*unused = *unused - no_bits;
+	    } else if (no_bits == *unused) {
+		*ptr = *ptr | (val >> (8 - *unused));
+		*++ptr = 0x00;
+		ret++;
+		*unused = 8;
+	    } else {
+		*ptr = *ptr | (val >> (8 - *unused));
+		*++ptr = 0x00;
+		ret++;
+		*ptr = *ptr | (val << *unused);
+		*unused = 8 - (no_bits - *unused);
+	    }
+	} else
+	    return ASN1_ERROR;
+    }
+    *input_ptr = in_ptr;
+    *output_ptr = ptr;
+    return ret;
+}
+
+/*
+ *
+ * This section defines functionality for the partial decode of a
+ * BER encoded message
+ *
+ */
+
+/*
+ * int decode(ErlNifEnv* env, ERL_NIF_TERM *term, unsigned char *in_buf,
+ int in_buf_len, unsigned int *err_pos)
+ * term is a pointer to the term which is to be returned to erlang
+ * in_buf is a pointer into the buffer of incoming bytes.
+ * in_buf_len is the length of the incoming buffer.
+ * The function reads the bytes in the incoming buffer and structures
+ * it in a nested way as Erlang terms. The buffer contains data in the
+ * order tag - length - value. Tag, length and value has the following
+ * format:
+ * A tag is normally one byte but may be of any length, if the tag number
+ * is greater than 30. +----------+
+ *		       |CL|C|NNNNN|
+ * 		       +----------+
+ * If NNNNN is 31 then will the 7 l.s.b of each of the following tag number
+ * bytes contain the tag number. Each tag number byte that is not the last one
+ * has the m.s.b. set to 1.
+ * The length can be short definite length (sdl), long definite length (ldl)
+ * or indefinite length (il).
+ * sdl: +---------+ the L bits is the length
+ *	|0|LLLLLLL|
+ *	+---------+
+ * ldl:	+---------+ +---------+ +---------+     +-----------+
+ *	|1|lllllll| |first len| |	  |     |the Nth len|
+ *	+---------+ +---------+ +---------+ ... +-----------+
+ *    	The first byte tells how many len octets will follow, max 127
+ * il:  +---------+ +----------------------+ +--------+ +--------+
+ *	|1|0000000| |content octets (Value)| |00000000| |00000000|
+ *	+---------+ +----------------------+ +--------+ +--------+
+ *	The value octets are preceded by one octet and followed by two
+ *	exactly as above. The value must be some tag-length-value encoding.
+ *
+ * The function returns a value in Erlang nif term format:
+ * {{TagNo,Value},Rest}
+ * TagNo is an integer ((CL bsl 16) + tag number) which limits the tag number
+ * to 65535.
+ * Value is a binary if the C bit in tag was unset, otherwise (if tag was
+ * constructed) Value is a list, List.
+ * List is like: [{TagNo,Value},{TagNo,Value},...]
+ * Rest is a binary, i.e. the undecoded part of the buffer. Most often Rest
+ * is the empty binary.
+ * If some error occured during the decoding of the in_buf an error is returned.
+ */
+int ber_decode_begin(ErlNifEnv* env, ERL_NIF_TERM *term, unsigned char *in_buf,
+	int in_buf_len, unsigned int *err_pos) {
+    int maybe_ret;
+    int ib_index = 0;
+    unsigned char *rest_data;
+    ERL_NIF_TERM decoded_term, rest;
+
+    if ((maybe_ret = ber_decode(env, &decoded_term, in_buf, &ib_index,
+	    in_buf_len)) <= ASN1_ERROR)
+    {
+	*err_pos = ib_index;
+	return maybe_ret;
+    };
+
+    // The remaining binary after one ASN1 segment has been decoded
+    if ((rest_data = enif_make_new_binary(env, in_buf_len - ib_index, &rest))
+	    == NULL) {
+	*term = enif_make_atom(env, "could_not_alloc_binary");
+	return ASN1_ERROR;
+    }
+
+    *term = enif_make_tuple2(env, decoded_term, rest);
+    return ASN1_OK;
+}
+
+int ber_decode(ErlNifEnv* env, ERL_NIF_TERM *term, unsigned char *in_buf,
+	int *ib_index, int in_buf_len) {
+    int maybe_ret;
+    int form;
+    ERL_NIF_TERM tag, value;
+
+    /*buffer must hold at least two bytes*/
+    if ((*ib_index + 2) > in_buf_len)
+	return ASN1_VALUE_ERROR;
+    /* "{{TagNo," */
+    if ((form = ber_decode_tag(env, &tag, in_buf, in_buf_len, ib_index))
+	    <= ASN1_ERROR
+	    )
+	return form; /* 5 bytes */
+    if (*ib_index >= in_buf_len) {
+	return ASN1_TAG_ERROR;
+    }
+    /* buffer must hold at least one byte (0 as length and nothing as
+     value) */
+    /* "{{TagNo,Value}," */
+    if ((maybe_ret = ber_decode_value(env, &value, in_buf, ib_index, form,
+	    in_buf_len)) <= ASN1_ERROR
+    )
+	return maybe_ret; /* at least 5 bytes */
+    *term = enif_make_tuple2(env, tag, value);
+    return ASN1_OK;
+}
+
+/*
+ * decode_tag decodes the BER encoded tag in in_buf and creates an
+ * nif term tag
+ */
+int ber_decode_tag(ErlNifEnv* env, ERL_NIF_TERM *tag, unsigned char *in_buf,
+	int in_buf_len, int *ib_index) {
+    int tag_no, tmp_tag, form;
+
+    /* first get the class of tag and bit shift left 16*/
+    tag_no = ((MASK(in_buf[*ib_index],ASN1_CLASS)) << 10);
+
+    form = (MASK(in_buf[*ib_index],ASN1_FORM));
+
+    /* then get the tag number */
+    if ((tmp_tag = (int) INVMASK(in_buf[*ib_index],ASN1_CLASSFORM)) < 31) {
+	*tag = enif_make_uint(env, tag_no + tmp_tag);
+	(*ib_index)++;
+    } else {
+	int n = 0; /* n is used to check that the 64K limit is not
+	 exceeded*/
+
+	/* should check that at least three bytes are left in
+	 in-buffer,at least two tag byte and at least one length byte */
+	if ((*ib_index + 3) > in_buf_len)
+	    return ASN1_VALUE_ERROR;
+	(*ib_index)++;
+	/* The tag is in the following bytes in in_buf as
+	 1ttttttt 1ttttttt ... 0ttttttt, where the t-bits
+	 is the tag number*/
+	/* In practice is the tag size limited to 64K, i.e. 16 bits. If
+	 the tag is greater then 64K return an error */
+	while (((tmp_tag = (int) in_buf[*ib_index]) >= 128) && n < 2) {
+	    /* m.s.b. = 1 */
+	    tag_no = tag_no + (MASK(tmp_tag,ASN1_LONG_TAG) << 7);
+	    (*ib_index)++;
+	    n++;
+	};
+	if ((n == 2) && in_buf[*ib_index] > 3)
+	    return ASN1_TAG_ERROR; /* tag number > 64K */
+	tag_no = tag_no + in_buf[*ib_index];
+	(*ib_index)++;
+	*tag = enif_make_uint(env, tag_no);
+    }
+    return form;
+}
+
+/*
+ * ber_decode_value decodes the BER encoded length and value fields in the
+ * in_buf and puts the value part in the decode_buf as an Erlang
+ * nif term into value
+ */
+int ber_decode_value(ErlNifEnv* env, ERL_NIF_TERM *value, unsigned char *in_buf,
+	int *ib_index, int form, int in_buf_len) {
+    int maybe_ret;
+    unsigned int len = 0;
+    unsigned int lenoflen = 0;
+    int indef = 0;
+    unsigned char *tmp_out_buff;
+    ERL_NIF_TERM term = 0, curr_head = 0;
+
+    if (((in_buf[*ib_index]) & 0x80) == ASN1_SHORT_DEFINITE_LENGTH) {
+	len = in_buf[*ib_index];
+    } else if (in_buf[*ib_index] == ASN1_INDEFINITE_LENGTH
+    )
+	indef = 1;
+    else /* long definite length */{
+	lenoflen = (in_buf[*ib_index] & 0x7f); /*length of length */
+	if (lenoflen > (in_buf_len - (*ib_index + 1)))
+	    return ASN1_LEN_ERROR;
+	len = 0;
+	while (lenoflen--) {
+	    (*ib_index)++;
+	    if (!(len < (1 << (sizeof(len) - 1) * 8)))
+		return ASN1_LEN_ERROR; /* length does not fit in 32 bits */
+	    len = (len << 8) + in_buf[*ib_index];
+	}
+    }
+    if (len > (in_buf_len - (*ib_index + 1)))
+	return ASN1_VALUE_ERROR;
+    (*ib_index)++;
+    if (indef == 1) { /* in this case it is desireably to check that indefinite length
+     end bytes exist in inbuffer */
+	curr_head = enif_make_list(env, 0);
+	while (!(in_buf[*ib_index] == 0 && in_buf[*ib_index + 1] == 0)) {
+	    if (*ib_index >= in_buf_len)
+		return ASN1_INDEF_LEN_ERROR;
+
+	    if ((maybe_ret = ber_decode(env, &term, in_buf, ib_index, in_buf_len))
+		    <= ASN1_ERROR
+		    )
+		return maybe_ret;
+	    curr_head = enif_make_list_cell(env, term, curr_head);
+	}
+	enif_make_reverse_list(env, curr_head, value);
+	(*ib_index) += 2; /* skip the indefinite length end bytes */
+    } else if (form == ASN1_CONSTRUCTED)
+    {
+	int end_index = *ib_index + len;
+	if (end_index > in_buf_len)
+	    return ASN1_LEN_ERROR;
+	curr_head = enif_make_list(env, 0);
+	while (*ib_index < end_index) {
+
+	    if ((maybe_ret = ber_decode(env, &term, in_buf, ib_index,
+		    in_buf_len)) <= ASN1_ERROR
+	    )
+		return maybe_ret;
+	    curr_head = enif_make_list_cell(env, term, curr_head);
+	}
+	enif_make_reverse_list(env, curr_head, value);
+    } else {
+	if ((*ib_index + len) > in_buf_len)
+	    return ASN1_LEN_ERROR;
+	tmp_out_buff = enif_make_new_binary(env, len, value);
+	memcpy(tmp_out_buff, in_buf + *ib_index, len);
+	*ib_index = *ib_index + len;
+    }
+    return ASN1_OK;
+}
+
+struct ber_encode_mem_chunk {
+    mem_chunk_t *next;
+    int length;
+    char *top;
+    char *curr;
+};
+
+int ber_encode(ErlNifEnv *env, ERL_NIF_TERM term, mem_chunk_t **curr, unsigned int *count) {
+
+    const ERL_NIF_TERM *tv;
+    unsigned int form;
+    int arity;
+
+    if (!enif_get_tuple(env, term, &arity, &tv))
+	return ASN1_ERROR;
+
+    form = enif_is_list(env, tv[1]) ? ASN1_CONSTRUCTED : ASN1_PRIMITIVE;
+
+    switch (form) {
+    case ASN1_PRIMITIVE: {
+	ErlNifBinary value;
+	if (!enif_inspect_binary(env, tv[1], &value))
+	    return ASN1_ERROR;
+
+	if (ber_check_memory(curr, value.size))
+	    return ASN1_ERROR;
+	memcpy((*curr)->curr - value.size + 1, value.data, value.size);
+	(*curr)->curr -= value.size;
+	*count += value.size;
+
+	if (ber_encode_length(value.size, curr, count))
+	    return ASN1_ERROR;
+
+	break;
+    }
+    case ASN1_CONSTRUCTED: {
+	ERL_NIF_TERM head, tail;
+	unsigned int tmp_cnt;
+
+	if(!enif_make_reverse_list(env, tv[1], &head))
+	    return ASN1_ERROR;
+
+	if (!enif_get_list_cell(env, head, &head, &tail)) {
+	    if (enif_is_empty_list(env, tv[1])) {
+		*((*curr)->curr) = 0;
+		(*curr)->curr -= 1;
+		(*count)++;
+		break;
+	    } else
+		return ASN1_ERROR;
+	}
+
+	do {
+	    tmp_cnt = 0;
+	    if (ber_encode(env, head, curr, &tmp_cnt)) {
+		return ASN1_ERROR;
+	    }
+	    *count += tmp_cnt;
+	} while (enif_get_list_cell(env, tail, &head, &tail));
+
+	if (ber_check_memory(curr, *count)) {
+	    return ASN1_ERROR;
+	}
+
+	if (ber_encode_length(*count, curr, count)) {
+	    return ASN1_ERROR;
+	}
+
+	break;
+    }
+    }
+
+    // We need atleast 5 bytes to encode the next tlv
+    if (ber_check_memory(curr, 3))
+	return ASN1_ERROR;
+
+    if (ber_encode_tag(env, tv[0], form, curr, count))
+	return ASN1_ERROR;
+
+    return ASN1_OK;
+}
+
+int ber_encode_tag(ErlNifEnv *env, ERL_NIF_TERM tag, unsigned int form,
+	mem_chunk_t **curr, unsigned int *count) {
+    unsigned int class_tag_no, head_tag;
+    if (!enif_get_uint(env, tag, &class_tag_no))
+	return ASN1_ERROR;
+
+    head_tag = form | ((class_tag_no & 0x30000) >> 10);
+    class_tag_no = class_tag_no & 0xFFFF;
+
+    if (class_tag_no <= 30) {
+	*(*curr)->curr = head_tag | class_tag_no;
+	(*curr)->curr -= 1;
+	(*count)++;
+	return ASN1_OK;
+    } else {
+	*(*curr)->curr = class_tag_no & 127;
+	class_tag_no = class_tag_no >> 7;
+	(*curr)->curr -= 1;
+	(*count)++;
+
+	while (class_tag_no > 0) {
+	    *(*curr)->curr = (class_tag_no & 127) | 0x80;
+	    class_tag_no >>= 7;
+	    (*curr)->curr -= 1;
+	    (*count)++;
+	}
+
+	*(*curr)->curr = head_tag | 0x1F;
+	(*curr)->curr -= 1;
+	(*count)++;
+
+	return ASN1_OK;
+    }
+}
+
+int ber_encode_length(size_t size, mem_chunk_t **curr, unsigned int *count) {
+    if (size < 128) {
+	if (ber_check_memory(curr, 1u))
+	    return ASN1_ERROR;
+	*(*curr)->curr = size;
+	(*curr)->curr -= 1;
+	(*count)++;
+    } else {
+	int chunks = size / 256 + 1;
+	if (ber_check_memory(curr, chunks + 1))
+	    return ASN1_ERROR;
+
+	while (size > 0)
+	{
+	    *(*curr)->curr = size & 0xFF;
+	    size >>= 8;
+	    (*curr)->curr -= 1;
+	    (*count)++;
+	}
+
+	*(*curr)->curr = chunks | 0x80;
+	(*curr)->curr -= 1;
+	(*count)++;
+    }
+    return ASN1_OK;
+}
+
+mem_chunk_t *ber_new_chunk(unsigned int length) {
+    mem_chunk_t *new = enif_alloc(sizeof(mem_chunk_t));
+    if (new == NULL)
+	return NULL;
+    new->next = NULL;
+    new->top = enif_alloc(sizeof(char) * length);
+    if (new->top == NULL) {
+	free(new);
+	return NULL;
+    }
+    new->curr = new->top + length - 1;
+    new->length = length;
+    return new;
+}
+
+void ber_free_chunks(mem_chunk_t *chunk) {
+    mem_chunk_t *curr, *next = chunk;
+    while (next != NULL) {
+	curr = next;
+	next = curr->next;
+	enif_free(curr->top);
+	enif_free(curr);
+    }
+}
+
+int ber_check_memory(mem_chunk_t **curr, unsigned int needed) {
+    mem_chunk_t *new;
+    if ((*curr)->curr-needed >= (*curr)->top)
+	return ASN1_OK;
+
+    if ((new = ber_new_chunk((*curr)->length > needed ? (*curr)->length * 2 : (*curr)->length + needed)) == NULL)
+	return ASN1_ERROR;
+    new->next = *curr;
+    *curr = new;
+    return ASN1_OK;
+}
+
+static ERL_NIF_TERM encode_per_complete(ErlNifEnv* env, int argc,
+	const ERL_NIF_TERM argv[]) {
+    ERL_NIF_TERM err_code;
+    ErlNifBinary in_binary;
+    ErlNifBinary out_binary;
+    int complete_len;
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &in_binary))
+	return enif_make_atom(env, "badarg");
+
+    if (!enif_alloc_binary(in_binary.size, &out_binary))
+	return enif_make_atom(env, "alloc_binary_failed");
+
+    if (in_binary.size == 0)
+	return enif_make_binary(env, &out_binary);
+
+    if ((complete_len = per_complete(&out_binary, in_binary.data,
+	    in_binary.size)) <= ASN1_ERROR) {
+	enif_release_binary(&out_binary);
+	if (complete_len == ASN1_ERROR
+	)
+	    err_code = enif_make_uint(env, '1');
+	else
+	    err_code = enif_make_uint(env, 0);
+	return enif_make_tuple2(env, enif_make_atom(env, "error"), err_code);
+    }
+    if (complete_len < out_binary.size)
+	enif_realloc_binary(&out_binary, complete_len);
+
+    return enif_make_binary(env, &out_binary);
+}
+
+static ERL_NIF_TERM decode_ber_tlv(ErlNifEnv* env, int argc,
+	const ERL_NIF_TERM argv[]) {
+    ErlNifBinary in_binary;
+    ERL_NIF_TERM return_term;
+    unsigned int err_pos = 0, return_code;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &in_binary))
+	return enif_make_badarg(env);
+
+    if ((return_code = ber_decode_begin(env, &return_term, in_binary.data,
+	    in_binary.size, &err_pos)) != ASN1_OK
+    )
+	return enif_make_tuple2(env, enif_make_atom(env,"error"), enif_make_tuple2(env,
+			enif_make_int(env, return_code),enif_make_int(env, err_pos)));
+    return return_term;
+}
+
+static ERL_NIF_TERM encode_ber_tlv(ErlNifEnv* env, int argc,
+	const ERL_NIF_TERM argv[]) {
+    ErlNifBinary out_binary;
+    unsigned int length = 0, pos = 0;
+    int encode_err;
+    mem_chunk_t *curr, *top;
+    ERL_NIF_TERM err_code;
+
+    curr = ber_new_chunk(40);
+
+    if ((encode_err = ber_encode(env, argv[0], &curr, &length))
+	    <= ASN1_ERROR) {
+	ber_free_chunks(curr);
+	err_code = enif_make_int(env, encode_err);
+	return enif_make_tuple2(env, enif_make_atom(env, "error"), err_code);
+    }
+
+    if (!enif_alloc_binary(length, &out_binary)) {
+	ber_free_chunks(curr);
+	return enif_make_tuple2(env, enif_make_atom(env, "error"), enif_make_atom(env,"oom"));
+    }
+
+    top = curr;
+
+    while (curr != NULL) {
+	length = curr->length - (curr->curr-curr->top) -1;
+	if (length > 0)
+	    memcpy(out_binary.data + pos, curr->curr+1, length);
+	pos += length;
+	curr = curr->next;
+    }
+
+    ber_free_chunks(top);
+
+    return enif_make_binary(env, &out_binary);
+}
+
+static int is_ok_load_info(ErlNifEnv* env, ERL_NIF_TERM load_info) {
+    int i;
+    return enif_get_int(env, load_info, &i) && i == 1;
+}
+
+static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info) {
+    if (!is_ok_load_info(env, load_info))
+	return -1;
+    return 0;
+}
+
+static int upgrade(ErlNifEnv* env, void** priv_data, void** old_priv_data,
+	ERL_NIF_TERM load_info) {
+    if (!is_ok_load_info(env, load_info))
+	return -1;
+    return 0;
+}
+
+static void unload(ErlNifEnv* env, void* priv_data) {
+
+}
+
+static ErlNifFunc nif_funcs[] = { { "encode_per_complete", 1,
+	encode_per_complete }, { "decode_ber_tlv", 1, decode_ber_tlv }, {
+	"encode_ber_tlv", 1, encode_ber_tlv } };
+
+ERL_NIF_INIT(asn1rt_nif, nif_funcs, load, NULL, upgrade, unload)
diff --git a/lib/asn1/doc/src/Makefile b/lib/asn1/doc/src/Makefile
index d29225f6c9..20bd00a3b8 100644
--- a/lib/asn1/doc/src/Makefile
+++ b/lib/asn1/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -27,15 +27,6 @@ include ../../vsn.mk
 VSN=$(ASN1_VSN)
 APPLICATION=asn1
 
-
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
 # ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
@@ -86,34 +77,10 @@ EXTRA_FILES = \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex) \
-	$(BOOK_FILES:%.xml=%.sgml) part.tex
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-TOP_PS_FILE  = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -126,8 +93,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -142,32 +107,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f $(GEN_XML) errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -179,8 +118,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -191,31 +128,4 @@ release_docs_spec: docs
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
 
-else 
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-	$(HTML_APPHISTORY) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-endif
-endif
-
-endif
-
 release_spec:
-
-
-
diff --git a/lib/asn1/doc/src/asn1_spec.xmlsrc b/lib/asn1/doc/src/asn1_spec.xmlsrc
index 8d61834da8..07cba17816 100644
--- a/lib/asn1/doc/src/asn1_spec.xmlsrc
+++ b/lib/asn1/doc/src/asn1_spec.xmlsrc
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2003</year><year>2009</year>
+      <year>2003</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -43,7 +43,7 @@
   <p>So far this functionality is only provided when using the
     optimized BER_BIN version, that is when compiling with the
     options <c>ber_bin</c> and <c>optimize</c>. It does also work
-    using the <c>driver</c> option. We have no intent to make this
+    using the <c>nif</c> option. We have no intent to make this
     available on the default BER version, but maybe in the PER_BIN
     version (<c>per_bin</c>).
     </p>
@@ -661,7 +661,9 @@ ValAction = {'Action',17,{'Button',4711,false}}.
       <p>The ASN.1 specs in the test are compiled with the options
         <c>ber_bin, optimize, driver</c> and <c>asn1config</c>. If the
         <c>driver</c> option had been omitted there should have been
-        higher values for <c>decode</c> and <c>decode_part</c>.
+        higher values for <c>decode</c> and <c>decode_part</c>. These tests have
+	not been re-run using nifs, but are expected to perform about 5% better
+	than the linked-in driver.
         </p>
       <p>The test program runs 10000 decodes on the value, resulting
         in a printout with the elapsed time in microseconds for the
diff --git a/lib/asn1/doc/src/asn1_ug.xml b/lib/asn1/doc/src/asn1_ug.xml
index 12d986308f..1b399fb641 100644
--- a/lib/asn1/doc/src/asn1_ug.xml
+++ b/lib/asn1/doc/src/asn1_ug.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -347,7 +347,7 @@ erlc -o ../asnfiles -I ../asnfiles -I /usr/local/standards/asn1 Person.asn
           <p>This flag has effect only when used together with one of
             <c>per_bin</c> or <c>ber_bin</c> flags. It gives time optimized
             code in the generated modules and it uses another runtime module.
-            In the <c>per_bin</c> case a linked-in driver is used. The
+            In the <c>per_bin</c> case a nif is used. The
             result from an encode is a binary.</p>
           <p><em>When this flag is used you cannot use the old format</em><c>{TypeName,Value}</c> when you encode values. Since it is
             an unnecessary construct it has been removed in favor of
@@ -362,9 +362,14 @@ erlc -o ../asnfiles -I ../asnfiles -I /usr/local/standards/asn1 Person.asn
         </item>
         <tag><c>+driver</c></tag>
         <item>
-          <p>Together with the flags <c>ber_bin</c> and <c>optimize</c>
-            you choose to use a linked in driver for considerable faster
-            decode.</p>
+           <p>As of R15B this means the same as the <c>nif</c> option. Kept for
+	    backwards compatability reasons.</p>
+        </item>
+	<tag><c>+nif</c></tag>
+        <item>
+          <p>Together with the flags <c>ber_bin</c>
+	  and <c>optimize</c> you choose to use a nif for considerable
+	  faster encode and decode. </p>
         </item>
         <tag><c>+asn1config</c></tag>
         <item>
@@ -492,7 +497,7 @@ asn1ct:decode('H323-MESSAGES','SomeChoiceType',Bytes).      </pre>
       </row>
       <row>
         <cell align="left" valign="middle">BER</cell>
-        <cell align="left" valign="middle"><em>[ber_bin, optimize, driver]</em></cell>
+        <cell align="left" valign="middle"><em>[ber_bin, optimize, nif]</em></cell>
         <cell align="left" valign="middle">EAVF</cell>
         <cell align="left" valign="middle">iolist</cell>
         <cell align="left" valign="middle">iolist / binary</cell>
@@ -557,7 +562,7 @@ asn1ct:decode('H323-MESSAGES','SomeChoiceType',Bytes).      </pre>
       </row>
       <row>
         <cell align="left" valign="middle">DER</cell>
-        <cell align="left" valign="middle"><em>[ber_bin, optimize, driver, der]</em></cell>
+        <cell align="left" valign="middle"><em>[ber_bin, optimize, nif, der]</em></cell>
         <cell align="left" valign="middle">EAVF</cell>
         <cell align="left" valign="middle">iolist</cell>
         <cell align="left" valign="middle">binary</cell>
@@ -626,23 +631,24 @@ asn1ct:decode('H323-MESSAGES','SomeChoiceType',Bytes).      </pre>
     </table>
 
     <p>
-      The sole compile options <c>ber</c>, <c>ber_bin</c> and <c>per</c>
-      are kept for backwards compatibility and should not be used in
-      new code.
+      The compile options <c>ber</c>, <c>per</c> and
+      <c>driver</c> are kept for backwards compatibility and should not be 
+      used in new code. The nif implementation which replaces the linked-in
+      driver has been shown to be about 5-15% faster.
     </p>
     <p>
       You are strongly recommended to use the appropriate alternative
       of the bold typed options. The <c>optimize</c> and
-      <c>driver</c> options does not affect the encode or decode
+      <c>nif</c> options does not affect the encode or decode
       result, just the time spent in run-time. When <c>ber_bin</c> and
-      <c>driver</c> or <c>per_bin, optimize</c> and <c>driver</c> is
-      combined the C-code driver is used in chosen parts of encode /
+      <c>nif</c> or <c>per_bin</c> and <c>optimize</c> is
+      combined the C-code nif is used in chosen parts of encode /
       decode procedure.
     </p>
     <table>
       <row>
         <cell align="left" valign="middle"><em>Compile options, allowed combinations</em></cell>
-        <cell align="left" valign="middle"><em>use of linked-in driver</em></cell>
+        <cell align="left" valign="middle"><em>use of nif</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle">[ber]</cell>
@@ -657,7 +663,7 @@ asn1ct:decode('H323-MESSAGES','SomeChoiceType',Bytes).      </pre>
         <cell align="left" valign="middle">no</cell>
       </row>
       <row>
-        <cell align="left" valign="middle"><em>[ber_bin, optimize, driver]</em></cell>
+        <cell align="left" valign="middle"><em>[ber_bin, optimize, nif]</em></cell>
         <cell align="left" valign="middle">yes</cell>
       </row>
       <row>
@@ -690,12 +696,12 @@ asn1ct:decode('H323-MESSAGES','SomeChoiceType',Bytes).      </pre>
         <cell align="left" valign="middle">no</cell>
       </row>
       <row>
-        <cell align="left" valign="middle"><em>[ber_bin, optimize, driver, der]</em></cell>
+        <cell align="left" valign="middle"><em>[ber_bin, optimize, nif, der]</em></cell>
         <cell align="left" valign="middle">yes</cell>
       </row>
 
 
-      <tcaption>When the ASN1 linked-in driver is used.</tcaption>
+      <tcaption>When the ASN1 nif is used.</tcaption>
     </table>
 
     </section>
@@ -712,14 +718,14 @@ asn1rt:decode('H323-MESSAGES','SomeChoiceType',Bytes).      </pre>
       <pre>
 'H323-MESSAGES':encode('SomeChoiceType',{call,"octetstring"}).
 'H323-MESSAGES':decode('SomeChoiceType',Bytes).      </pre>
-      <p>The asn1 linked-in driver is enabled in two occasions: encoding of
+      <p>The asn1 nif is enabled in two occasions: encoding of
         asn1 values when the asn1 spec is compiled with <c>per_bin</c> and
         <c>optimize</c> or decode of encoded asn1 values when the asn1 spec is
-        compiled with <c>ber_bin</c>, <c>optimize</c> and <c>driver</c>. In
-        those cases the driver will be loaded automatically at the first call
+        compiled with <c>ber_bin</c>, <c>optimize</c> and <c>nif</c>. In
+        those cases the nif will be loaded automatically at the first call
         to <c>encode</c>/<c>decode</c>. If one doesn't want the performance
-        overhead of the driver being loaded at the first call it is possible
-        to load the driver separately by <c>asn1rt:load_driver()</c>.  </p>
+        overhead of the nif being loaded at the first call it is possible
+        to load the nif separately by loading the <c>asn1rt_nif</c> module.</p>
       <p>By invoking the function <c>info/0</c> in a generated module, one
         gets information about which compiler options were used.</p>
     </section>
diff --git a/lib/asn1/doc/src/asn1ct.xml b/lib/asn1/doc/src/asn1ct.xml
index 29b5d4be75..0b9ec3df7f 100644
--- a/lib/asn1/doc/src/asn1ct.xml
+++ b/lib/asn1/doc/src/asn1ct.xml
@@ -52,7 +52,7 @@
         <v>Options = [Option| OldOption]</v>
         <v>Option = ber_bin | per_bin | uper_bin | der | compact_bit_string | 
 	noobj | {n2n,EnumTypeName} |{outdir,Dir} | {i,IncludeDir} | optimize | 
-	driver | asn1config | undec_rest | {inline,OutputName} | inline |
+	nif | asn1config | undec_rest | {inline,OutputName} | inline |
 	{macro_name_prefix, Prefix} | {record_name_prefix, Prefix} | verbose | warnings_as_errors</v>
         <v>OldOption = ber | per</v> 
         <v>Reason = term()</v>
@@ -212,16 +212,21 @@ Binary = binary()
               <c>per_bin</c> 
               or <c>ber_bin</c> option. It gives time optimized code 
               generated and it uses another runtime module and 
-              in the <c>per_bin</c> case a linked-in driver. The result 
+              in the <c>per_bin</c> case a nif. The result 
               in the <c>per_bin</c> case from an encode when compiled
               with this option will be a binary.</p>
           </item>
           <tag><c>driver</c></tag>
           <item>
+            <p>As of R15B this means the same as the <c>nif</c> option. Kept for
+	    backwards compatability reasons.</p>
+          </item>
+	  <tag><c>nif</c></tag>
+          <item>
             <p>Option valid together with <c>ber_bin</c> and <c>optimize</c>
-              options. It enables the use of a linked-in driver that gives
-              considerable faster decode. In <c>ber_bin</c> the driver is
-              enabled only by explicit use of the option <c>driver</c>.</p>
+	      options. It enables the use of several nifs that gives faster 
+	      encode and decode. Nifs are only enabled by the explicit use of 
+	      the option <c>nif</c></p>
           </item>
           <tag><c>asn1config</c></tag>
           <item>
@@ -264,7 +269,11 @@ Binary = binary()
               <c>.set.asn</c> are exported, unless a
               <c>{export,[atom()]}</c> or <c>{export_all,true}</c> option
               are provided. The list of atoms are names of chosen asn1
-              specs from the <c>.set.asn</c> file.</p>
+              specs from the <c>.set.asn</c> file. </p>
+	      <p>When used together with <c>nif</c> for <c>ber_bin</c>, the
+	      asn1 nifs will be used if the <c>asn1rt_nif</c> module is 
+	      available. If it is not available, a slower erlang fallback
+	      will be used.</p>
           </item>
           <tag><c>inline</c></tag>
           <item>
@@ -347,18 +356,6 @@ Binary = binary()
       </desc>
     </func>
     <func>
-      <name>validate(Module,Type,Value) ->  ok | {error,Reason}</name>
-      <fsummary>Validate an ASN.1 value.</fsummary>
-      <type>
-        <v>Module = Type = atom()</v>
-        <v>Value = term()</v>
-      </type>
-      <desc>
-        <p>Validates that <c>Value</c> conforms  to <c>Type</c> 
-          from <c>Module</c>. <em>Not implemented in this version of the ASN.1 application.</em></p>
-      </desc>
-    </func>
-    <func>
       <name>value(Module ,Type) -> {ok,Value} | {error,Reason}</name>
       <fsummary>Create an ASN.1 value for test purposes.</fsummary>
       <type>
diff --git a/lib/asn1/doc/src/asn1rt.xml b/lib/asn1/doc/src/asn1rt.xml
index 1217a07e9b..0c3c257189 100644
--- a/lib/asn1/doc/src/asn1rt.xml
+++ b/lib/asn1/doc/src/asn1rt.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -42,36 +42,6 @@
   <funcs>
 
     <func>
-      <name>start() -> ok |{error,Reason}</name>
-      <fsummary>Starts the asn1 server.</fsummary>
-      <type>
-        <v>Reason = term()</v>
-      </type>
-      <desc>
-	<p>Starts the asn1 server that loads the drivers.</p> 
-	<p>The server schedules a driver that is not blocked by
-	another caller. The driver is used by the asn1 application if
-	specs are compiled with options <c>[per_bin, optimize]</c> or
-	<c>[ber_bin, optimize, driver]</c>. The server will be started
-	automatically at encode/decode if it isn't done explicitly. If
-	encode/decode with driver is used in test or industrial code
-	it is a performance gain to start it explicitly to avoid the
-	one time load in run-time.</p>
-      </desc>
-    </func>
-
-    <func>
-      <name>stop() -> ok |{error,Reason}</name>
-      <fsummary>Stops the asn1 server.</fsummary>
-      <type>
-        <v>Reason = term()</v>
-      </type>
-      <desc>
-	<p>Stops the asn1 server and unloads the drivers.</p>
-      </desc>
-    </func>
-
-    <func>
       <name>decode(Module,Type,Bytes) -> {ok,Value}|{error,Reason}</name>
       <fsummary>Decode from bytes into an ASN.1 value.</fsummary>
       <type>
@@ -126,35 +96,23 @@
 
     <func>
       <name>load_driver() ->  ok | {error,Reason}</name>
-      <fsummary>Loads the linked-in driver.</fsummary>
+      <fsummary>Loads the linked-in driver. (deprecated)</fsummary>
       <type>
         <v>Reason = term()</v>
       </type>
       <desc>
-        <p>This function loads the linked-in driver before the first call
-          to encode. If this function is not called the driver will be loaded
-          automatically at the first call to encode. If one doesn't want the
-          performance cost of a driver load when the application is running,
-          this function makes it possible to load the driver in an 
-          initialization.</p>
-        <p>The driver is only used when encoding/decoding ASN.1 files that
-          were compiled with the options <c>per_bin</c> and <c>optimize</c>.</p>
+	<p>This function is obsolete and will be removed in R16A</p>
       </desc>
     </func>
 
     <func>
       <name>unload_driver() ->  ok | {error,Reason}</name>
-      <fsummary>Unloads the linked-in driver.</fsummary>
+      <fsummary>Unloads the linked-in driver. (deprecated)</fsummary>
       <type>
         <v>Reason = term()</v>
       </type>
       <desc>
-        <p>This function unloads the linked-in driver.
-          When the driver has been loaded it remains in the environment until
-          it is unloaded. Normally the driver should remain loaded, it is
-          crucial for the performance of ASN.1 encoding. </p>
-        <p>The driver is only used when ASN.1 modules have been compiled
-          with the flags <c>per_bin</c> and <c>optimize</c>.</p>
+	<p>This function is obsolete and will be removed in R16A</p>
       </desc>
     </func>
 
@@ -188,19 +146,6 @@
           value, to a UTF8 encoded binary.</p>
       </desc>
     </func>
-  
-    <func>
-      <name>validate(Module,Type,Value) ->  ok | {error,Reason}</name>
-      <fsummary>Validate an ASN.1 value.</fsummary>
-      <type>
-        <v>Module = Type = atom()</v>
-        <v>Value = term()</v>
-      </type>
-      <desc>
-        <p>Validates that <c>Value</c> conforms  to <c>Type</c> 
-          from <c>Module</c>. <em>Not implemented in this version of the ASN.1 application.</em></p>
-      </desc>
-    </func>
 
   </funcs>
 
diff --git a/lib/asn1/doc/src/make.dep b/lib/asn1/doc/src/make.dep
deleted file mode 100644
index eb2c0e9a98..0000000000
--- a/lib/asn1/doc/src/make.dep
+++ /dev/null
@@ -1,31 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/gandalf/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: asn1_spec.tex asn1_ug.tex asn1ct.tex asn1rt.tex \
-		book.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-asn1_spec.tex: Seq.asn Seq.asn1config
-
-book.tex: part.xml ref_man.xml
-
-asn1_ug.tex: ../../../../system/doc/definitions/cite.defs
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: exclusive_Win_But.ps selective_TypeList.ps \
-		selective_Window2.ps
-
diff --git a/lib/asn1/doc/src/notes.xml b/lib/asn1/doc/src/notes.xml
index 52d770c9f6..9b6c482c0a 100644
--- a/lib/asn1/doc/src/notes.xml
+++ b/lib/asn1/doc/src/notes.xml
@@ -31,6 +31,57 @@
   <p>This document describes the changes made to the asn1 application.</p>
 
 
+<section><title>Asn1 1.6.19</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    The linked-in driver used for ber decode and per encode
+	    has been replaced with nifs. To enable the usage of nifs
+	    pass the nif option to erlc or asn1rt:compile when
+	    compiling. If you previously used the linked-in driver,
+	    you have to recompile your ASN1 modules with the current
+	    version of asn1 application as the linked-in driver
+	    modules have been removed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9419</p>
+        </item>
+        <item>
+          <p>
+	    A few of the heavy calculations which are done for
+	    encoding and decoding operations when dealing with
+	    SEQUENCE OF and DEFAULT in runtime have been moved to be
+	    done in compile time instead.</p>
+          <p>
+	    Own Id: OTP-9440</p>
+        </item>
+        <item>
+          <p>
+	    When compiling an ASN.1 ber module with the +nif option,
+	    the module will use a new nif for ber encoding,
+	    increasing performance by about 5%.</p>
+          <p>
+	    Own Id: OTP-9441</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Asn1 1.6.18</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/asn1/src/Makefile b/lib/asn1/src/Makefile
index 2733cde3f8..3a59773d93 100644
--- a/lib/asn1/src/Makefile
+++ b/lib/asn1/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -68,7 +68,7 @@ RT_MODULES= \
 	asn1rt_per_bin_rt2ct \
 	asn1rt_uper_bin \
 	asn1rt_check \
-	asn1rt_driver_handler
+	asn1rt_nif
 #	asn1_sup \
 #	asn1_app \
 #	asn1_server
diff --git a/lib/asn1/src/asn1.app.src b/lib/asn1/src/asn1.app.src
index abacb0a1e9..09144ba2f7 100644
--- a/lib/asn1/src/asn1.app.src
+++ b/lib/asn1/src/asn1.app.src
@@ -9,12 +9,11 @@
 	asn1rt_ber_bin,
 	asn1rt_ber_bin_v2,
 	asn1rt_check,
-	asn1rt_driver_handler
+        asn1rt_nif
              ]},
   {registered, [
 	asn1_ns,
-	asn1db,
-	asn1_driver_owner
+	asn1db
 		]},
   {env, []},
   {applications, [kernel, stdlib]}
diff --git a/lib/asn1/src/asn1_app.erl b/lib/asn1/src/asn1_app.erl
index 2d3eed1743..9fff96e0bf 100644
--- a/lib/asn1/src/asn1_app.erl
+++ b/lib/asn1/src/asn1_app.erl
@@ -28,7 +28,7 @@
 %%                             {error, Reason}
 %%
 start(_Type, _StartArgs) ->
-    asn1_sup:start_link().
+    {ok, self()}.
 
 %% stop(State)
 %%
diff --git a/lib/asn1/src/asn1_server.erl b/lib/asn1/src/asn1_server.erl
deleted file mode 100644
index aeb59d8b0c..0000000000
--- a/lib/asn1/src/asn1_server.erl
+++ /dev/null
@@ -1,107 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
-%% AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
-
-%% Purpose: Provide complete encode/and pre-decode of asn1.
--module(asn1_server).
-
-
-
--behaviour(gen_server).
-
--export([start_link/0,client_port/0]).
-
-%% Internal exports, call-back functions.
--export([init/1,handle_call/3,handle_cast/2,handle_info/2,code_change/3,
-	 terminate/2]).
-
-
-%% Macros
--define(port_names,
-	{ asn1_drv01, asn1_drv02, asn1_drv03, asn1_drv04,
-	  asn1_drv05, asn1_drv06, asn1_drv07, asn1_drv08,
-	  asn1_drv09, asn1_drv10, asn1_drv11, asn1_drv12,
-	  asn1_drv13, asn1_drv14, asn1_drv15, asn1_drv16 }).
-%%% --------------------------------------------------------
-%%% Interface Functions. 
-%%% --------------------------------------------------------
-
-start_link() ->
-    gen_server:start_link({local, asn1_server}, asn1_server, [], []).
-
-init([]) ->
-    process_flag(trap_exit, true),
-    erl_ddll:start(),
-    PrivDir = code:priv_dir(asn1),
-    LibDir1 = filename:join([PrivDir, "lib"]),
-    case erl_ddll:load_driver(LibDir1, asn1_erl_drv) of
-	ok -> ok;
-	{error,_} ->
-	    LibDir2 = 
-		filename:join(LibDir1, 
-			      erlang:system_info(system_architecture)),
-	    erl_ddll:load_driver(LibDir2, asn1_erl_drv)
-    end,
-    open_ports("asn1_erl_drv",size(?port_names)).
-
-open_ports(_,0) ->
-    {ok, []};
-open_ports(Cmd,N) ->   
-    Port = open_port({spawn, Cmd}, []),
-    %% check that driver is loaded, linked and working
-    case catch port_control(Port, 0, []) of
-	{'EXIT', _} ->
-	    {stop, nodriver};
-	_ ->
-	    register(element(N,?port_names), Port),
-	    open_ports(Cmd,N-1)
-    end.
-
-client_port() ->
-    element(erlang:system_info(scheduler_id) rem size(?port_names) + 1,
-	    ?port_names).
-
-
-%%% --------------------------------------------------------
-%%% The call-back functions.
-%%% --------------------------------------------------------
-
-handle_call(_, _, State) ->
-    {noreply, State}.
-
-handle_cast(_, State) ->
-    {noreply, State}.
-
-handle_info({'EXIT', Pid, _Reason}, State) when is_pid(Pid) ->
-    {noreply, State};
-
-handle_info({'EXIT', Port, Reason}, State) when is_port(Port) ->
-    {stop, {port_died, Reason}, State};
-handle_info(_, State) ->
-    {noreply, State}.
-
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-terminate(_Reason, _State) ->
-    close_ports(size(?port_names)).
-
-close_ports(0) ->
-    ok;
-close_ports(N) ->   
-    element(N,?port_names) ! {self(), close}, %% almost same as port_close(Name)
-    close_ports(N-1).
diff --git a/lib/asn1/src/asn1_sup.erl b/lib/asn1/src/asn1_sup.erl
deleted file mode 100644
index a241dec6f4..0000000000
--- a/lib/asn1/src/asn1_sup.erl
+++ /dev/null
@@ -1,37 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
-%% AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
-
-%% Purpose: Main supervisor in asn1 application.
-
--module(asn1_sup).
-
--behaviour(supervisor).
-
--export([start_link/0, init/1]).
-
-start_link() ->
-    supervisor:start_link({local, asn1_sup}, asn1_sup, []).
-
-
-%% init([])
-%% Returns: {ok,  {SupFlags,  [ChildSpec]}}
-%%
-init([]) ->
-    Child = {asn1_server, {asn1_server, start_link, []},
-	     permanent, 2000, worker, [asn1_server]},
-    {ok, {{one_for_all, 10, 3600}, [Child]}}.
diff --git a/lib/asn1/src/asn1ct.erl b/lib/asn1/src/asn1ct.erl
index e26fadd160..85bb5b2f28 100644
--- a/lib/asn1/src/asn1ct.erl
+++ b/lib/asn1/src/asn1ct.erl
@@ -47,6 +47,10 @@
 
 -import(asn1ct_gen_ber_bin_v2,[encode_tag_val/3,decode_class/1]).
 
+-ifndef(vsn).
+-define(vsn,"0.0.1").
+-endif.
+
 -define(unique_names,0).
 -define(dupl_uniquedefs,1).
 -define(dupl_equaldefs,2).
@@ -81,6 +85,12 @@ compile(File) ->
     compile(File,[]).
 
 compile(File,Options) when is_list(Options) ->
+    case lists:member(driver, Options) of %% remove me in R16A!
+	true ->
+	    io:format("Warning: driver option is obsolete and will be removed in R16A, use nif instead!");
+	false ->
+	    ok
+    end,
     Options1 = optimize_ber_bin(Options),
     Options2 = includes(File,Options1),
     Includes=[I||{i,I}<-Options2],
@@ -1085,7 +1095,7 @@ get_runtime_mod(Options) ->
 	    ber_bin_v2 -> ["asn1rt_ber_bin_v2.erl"];
 	    uper_bin -> ["asn1rt_uper_bin.erl"]
 	end,
-    RtMod1++["asn1rt_check.erl","asn1rt_driver_handler.erl","asn1rt.erl"].
+    RtMod1++["asn1rt_check.erl","asn1rt.erl"].
     
 
 erl_compile(OutFile,Options) ->
diff --git a/lib/asn1/src/asn1ct_constructed_ber.erl b/lib/asn1/src/asn1ct_constructed_ber.erl
index 77b78dcac7..360de77663 100644
--- a/lib/asn1/src/asn1ct_constructed_ber.erl
+++ b/lib/asn1/src/asn1ct_constructed_ber.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -1542,7 +1542,7 @@ mkfunname(Erule,TopType,Cname,WhatKind,DecOrEnc,Arity) ->
 	    F = lists:concat(["fun '",DecOrEnc,"_",EType,"'/",Arity]),
 	    {F, "?MODULE", F};
 	#'Externaltypereference'{module=Mod,type=EType} ->
-	    {lists:concat(["{'",Mod,"','",DecOrEnc,"_",EType,"'}"]),Mod,
+	    {lists:concat(["fun '",Mod,"':'",DecOrEnc,"_",EType,"'/",Arity]),Mod,
 	     lists:concat(["'",DecOrEnc,"_",EType,"'"])};
 	{constructed,bif} ->
 	    F =
diff --git a/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl b/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
index e3be914af4..2c4b44996d 100644
--- a/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
+++ b/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -877,13 +877,13 @@ gen_dec_choice(Erules,TopType, _ChTag, CompList, Ext) ->
 	    emit([indent(9),"exit({error,{asn1,{invalid_choice_tag,",
 		  {curr,else},"}}})",nl]);
 	_ ->
-	    emit([indent(9),"{asn1_ExtAlt, ?RT_BER:encode(",{curr,else},")}",nl])
+	    emit([indent(9),"{asn1_ExtAlt, ?RT_BER:encode(",{curr,else},
+		  asn1ct_gen:nif_parameter(),")}",nl])
     end,
     emit([indent(3),"end",nl]),
     asn1ct_name:new(tag),
     asn1ct_name:new(else).
 
-
 gen_dec_choice_cases(_Erules,_TopType, []) ->
     ok;
 gen_dec_choice_cases(Erules,TopType, [H|T]) ->
@@ -1227,7 +1227,7 @@ gen_dec_call({typefield,_},_,_,_Cname,Type,BytesVar,Tag,_,_,false,_) ->
     emit([nl,indent(6),"begin",nl]),
 %    emit([indent(9),{curr,opendec}," = ?RT_BER:decode_open_type(",
     emit([indent(9),{curr,tmptlv}," = ?RT_BER:decode_open_type(",
-	  BytesVar,",",{asis,Tag},"),",nl]),
+	  BytesVar,",",{asis,Tag},asn1ct_gen:nif_parameter(),"),",nl]),
 %     emit([indent(9),"{",{curr,tmptlv},",_} = ?RT_BER:decode(",
 % 	  {curr,opendec},"),",nl]),
 
@@ -1242,7 +1242,8 @@ gen_dec_call({typefield,_},_,_,_Cname,Type,BytesVar,Tag,_,_,false,_) ->
     emit([indent(9),"end",nl,indent(6),"end",nl]),
     [];
 gen_dec_call({typefield,_},_,_,Cname,Type,BytesVar,Tag,_,_,_DecObjInf,OptOrMandComp) ->
-    emit(["?RT_BER:decode_open_type(",BytesVar,",",{asis,Tag},")"]),
+    emit(["?RT_BER:decode_open_type(",BytesVar,",",{asis,Tag},
+	  asn1ct_gen:nif_parameter(),")"]),
     RefedFieldName = 
 % 	asn1ct_gen:get_constraint(Type#type.constraint,
 % 				  tableconstraint_info),
@@ -1250,7 +1251,8 @@ gen_dec_call({typefield,_},_,_,Cname,Type,BytesVar,Tag,_,_,_DecObjInf,OptOrMandC
     [{Cname,RefedFieldName,asn1ct_gen:mk_var(asn1ct_name:curr(term)),
       asn1ct_gen:mk_var(asn1ct_name:curr(tmpterm)),Tag,OptOrMandComp}];
 gen_dec_call({objectfield,PrimFieldName,PFNList},_,_,Cname,_,BytesVar,Tag,_,_,_,OptOrMandComp) ->
-    emit(["?RT_BER:decode_open_type(",BytesVar,",",{asis,Tag},")"]),
+    emit(["?RT_BER:decode_open_type(",BytesVar,",",{asis,Tag},
+	  asn1ct_gen:nif_parameter(),")"]),
     [{Cname,{PrimFieldName,PFNList},asn1ct_gen:mk_var(asn1ct_name:curr(term)),
       asn1ct_gen:mk_var(asn1ct_name:curr(tmpterm)),Tag,OptOrMandComp}];
 gen_dec_call(InnerType,Erules,TopType,Cname,Type,BytesVar,Tag,PrimOptOrMand,
diff --git a/lib/asn1/src/asn1ct_constructed_per.erl b/lib/asn1/src/asn1ct_constructed_per.erl
index c1b6aa5713..e07680f10b 100644
--- a/lib/asn1/src/asn1ct_constructed_per.erl
+++ b/lib/asn1/src/asn1ct_constructed_per.erl
@@ -73,16 +73,23 @@ gen_encode_constructed(Erule,Typename,D) when is_record(D,type) ->
 	_ ->
 	    ok
     end,
-    case {Optionals = optionals(to_textual_order(CompList)),CompList} of
-	{[],EmptyCL} when EmptyCL == {[],[],[]};EmptyCL == {[],[]};EmptyCL == [] -> 
+    case {Optionals = optionals(to_textual_order(CompList)),CompList,
+	  is_optimized(Erule)} of
+	{[],EmptyCL,_} when EmptyCL == {[],[],[]};EmptyCL == {[],[]};EmptyCL == [] -> 
 	    emit(["%%Variable setting just to eliminate ",
 		  "compiler warning for unused vars!",nl,
 		  "_Val = ",{curr,val},",",nl]);
-	{[],_} ->
+	{[],_,_} ->
 	    emit([{next,val}," = ?RT_PER:list_to_record("]),
 	    emit(["'",asn1ct_gen:list2rname(Typename),"'"]),
 	    emit([", ",{curr,val},"),",nl]);
-	_ ->
+	{_,_,true} ->
+	    gen_fixoptionals(Optionals),
+	    FixOpts = param_map(fun(Var) ->
+					{var,Var}
+				end,asn1ct_name:all(fixopt)),
+	    emit({"{",{next,val},",Opt} = {",{curr,val},",[",FixOpts,"]},",nl});
+	{_,_,false} ->
 	    Fixoptcall = ",Opt} = ?RT_PER:fixoptionals(",
 	    emit({"{",{next,val},Fixoptcall,
 		  {asis,Optionals},",",length(Optionals),
@@ -439,9 +446,7 @@ gen_encode_sof(Erule,Typename,SeqOrSetOf,D) when is_record(D,type) ->
 	    _->
 		""
 	end,
-    emit({nl,indent(3),"?RT_PER:encode_length(",
-	  {asis,SizeConstraint},
-	  ",length(Val)),",nl}),
+    gen_encode_length(SizeConstraint, is_optimized(Erule)),
     emit({indent(3),"'enc_",asn1ct_gen:list2name(Typename),
 	      "_components'(Val",ObjFun,", [])"}),
     emit({nl,"].",nl}),
@@ -453,6 +458,42 @@ gen_encode_sof(Erule,Typename,SeqOrSetOf,D) when is_record(D,type) ->
 	end,
     gen_encode_sof_components(Erule,Typename,SeqOrSetOf,NewComponentType).
 
+
+%% Logic copied from asn1_per_bin_rt2ct:encode_constrained_number
+gen_encode_length({Lb,Ub},true) when Ub =< 65535, Lb >= 0 ->
+    Range = Ub - Lb + 1,
+    V2 = ["(length(Val) - ",Lb,")"],
+    Encode = if
+		 Range  == 1 ->
+		     "[]";
+		 Range  == 2 ->
+		     {"[",V2,"]"};
+		 Range  =< 4 ->
+		     {"[10,2,",V2,"]"};
+		 Range  =< 8 ->
+		     {"[10,3,",V2,"]"};
+		 Range  =< 16 ->
+		     {"[10,4,",V2,"]"};
+		 Range  =< 32 ->
+		     {"[10,5,",V2,"]"};
+		 Range  =< 64 ->
+		     {"[10,6,",V2,"]"};
+		 Range  =< 128 ->
+		     {"[10,7,",V2,"]"};
+		 Range  =< 255 ->
+		     {"[10,8,",V2,"]"};
+		 Range  =< 256 ->
+		     {"[20,1,",V2,"]"};
+		 Range  =< 65536 ->
+		     {"[20,2,<<",V2,":16>>]"};
+		 true ->
+		     {"?RT_PER:encode_length(",{asis,{Lb,Ub}},",length(Val))"}
+	     end,
+    emit({nl,Encode,",",nl});
+gen_encode_length(SizeConstraint,_) ->
+    emit({nl,indent(3),"?RT_PER:encode_length(",
+	  {asis,SizeConstraint},",length(Val)),",nl}).
+
 gen_decode_sof(Erules,Typename,SeqOrSetOf,D) when is_record(D,type) ->
     asn1ct_name:start(),
     {_SeqOrSetOf,ComponentType} = D#type.def,
@@ -469,7 +510,8 @@ gen_decode_sof(Erules,Typename,SeqOrSetOf,D) when is_record(D,type) ->
 	    _ ->
 		""
 	end,
-    emit({nl,"{Num,Bytes1} = ?RT_PER:decode_length(Bytes,",{asis,SizeConstraint},"),",nl}),
+    gen_decode_length(SizeConstraint,
+		      is_optimized(Erules)),
     emit({"'dec_",asn1ct_gen:list2name(Typename),
 	      "_components'(Num, Bytes1, telltype",ObjFun,", []).",nl}),
     NewComponentType =
@@ -480,6 +522,41 @@ gen_decode_sof(Erules,Typename,SeqOrSetOf,D) when is_record(D,type) ->
 	end,
     gen_decode_sof_components(Erules,Typename,SeqOrSetOf,NewComponentType).
 
+%% Logic copied from asn1_per_bin_rt2ct:decode_constrained_number
+gen_decode_length({Lb,Ub},true) when Ub =< 65535, Lb >= 0 ->
+    Range = Ub - Lb + 1,
+    Call = if
+	       Range  == 1 ->
+		   "{0,Bytes}";
+	       Range  == 2 ->
+		   "?RT_PER:getbits(Bytes,1)";
+	       Range  =< 4 ->
+		   "?RT_PER:getbits(Bytes,2)";
+	       Range  =< 8 ->
+		   "?RT_PER:getbits(Bytes,3)";
+	       Range  =< 16 ->
+		   "?RT_PER:getbits(Bytes,4)";
+	       Range  =< 32 ->
+		   "?RT_PER:getbits(Bytes,5)";
+	       Range  =< 64 ->
+		   "?RT_PER:getbits(Bytes,6)";
+	       Range  =< 128 ->
+		   "?RT_PER:getbits(Bytes,7)";
+	       Range  =< 255 ->
+		   "?RT_PER:getbits(Bytes,8)";
+	       Range  =< 256 ->
+		   "?RT_PER:getoctets(Bytes,1)";
+	       Range  =< 65536 ->
+		   "?RT_PER:getoctets(Bytes,2)";
+	       true ->
+		   ["exit({not_supported,{integer_range,",Range,"}}"]
+	   end,
+    emit({nl,"{Val,Remain} = ",Call,",",nl}),
+    emit({nl,"{Num,Bytes1} = {Val+",Lb,",Remain},",nl});
+gen_decode_length(SizeConstraint,_) ->
+    emit({nl,"{Num,Bytes1} = ?RT_PER:decode_length(Bytes,",
+	  {asis,SizeConstraint},"),",nl}).
+
 gen_encode_sof_components(Erule,Typename,SeqOrSetOf,Cont) ->
     {ObjFun,ObjFun_Var} =
 	case Cont#type.tablecinf of
@@ -636,6 +713,27 @@ gen_dec_extension_value(_) ->
     emit({"{Ext,",{next,bytes},"} = ?RT_PER:getext(",{curr,bytes},")"}),
     asn1ct_name:new(bytes).
 
+gen_fixoptionals([{Pos,Def}|R]) ->
+    asn1ct_name:new(fixopt),
+    emit({{curr,fixopt}," = case element(",{asis,Pos},",",{curr,val},") of",nl,
+	  "asn1_DEFAULT -> 0;",nl,
+	  {asis,Def}," -> 0;",nl,
+	  "_ -> 1",nl,
+	  "end,",nl}),
+    gen_fixoptionals(R);
+gen_fixoptionals([Pos|R]) ->
+    gen_fixoptionals([{Pos,asn1_NOVALUE}|R]);
+gen_fixoptionals([]) ->
+    ok.
+
+    
+param_map(Fun, [H]) ->
+    [Fun(H)];
+param_map(Fun, [H|T]) ->
+    [Fun(H),","|param_map(Fun,T)].
+
+    
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Produce a list with positions (in the Value record) where
 %% there are optional components, start with 2 because first element
@@ -922,7 +1020,7 @@ gen_enc_line(Erule,TopType,Cname,Type,Element, _Pos,DynamicEnc,Ext) ->
     end,
     case Ext of 
 	{ext,_Ep2,_} ->
-	    emit(["))"]);
+	    emit("))");
 	_ -> true
     end.
 gen_dec_components_call(Erule,TopType,{Root1,ExtList,Root2},MaybeComma,DecInfObj,Ext,NumberOfOptionals) ->
diff --git a/lib/asn1/src/asn1ct_gen.erl b/lib/asn1/src/asn1ct_gen.erl
index e49829d82f..0f8833f716 100644
--- a/lib/asn1/src/asn1ct_gen.erl
+++ b/lib/asn1/src/asn1ct_gen.erl
@@ -47,6 +47,7 @@
 	 un_hyphen_var/1]).
 -export([gen_encode_constructed/4,
 	 gen_decode_constructed/4]).
+-export([nif_parameter/0]).
 
 %% pgen(Outfile, Erules, Module, TypeOrVal, Options)
 %% Generate Erlang module (.erl) and (.hrl) file corresponding to an ASN.1 module
@@ -938,13 +939,13 @@ pgen_dispatcher(Erules,_Module,{Types,_Values,_,_,_Objects,_ObjectSets}) ->
     NoFinalPadding = lists:member(no_final_padding,get(encoding_options)),
     Call = case Erules of
 	       per -> "?RT_PER:complete(encode_disp(Type,Data))";
-	       per_bin -> "?RT_PER:complete(encode_disp(Type,Data))";
+	       per_bin -> ["?RT_PER:complete(encode_disp(Type,Data))"];
 	       ber -> "encode_disp(Type,Data)";
 	       ber_bin -> "encode_disp(Type,Data)";
 	       ber_bin_v2 -> "encode_disp(Type,Data)";
 	       uper_bin when NoFinalPadding == true -> 
 		   "?RT_PER:complete_NFP(encode_disp(Type,Data))";
-	       uper_bin -> "?RT_PER:complete(encode_disp(Type,Data))"
+	       uper_bin -> ["?RT_PER:complete(encode_disp(Type,Data))"]
 	   end,
     EncWrap = case Erules of
 	       ber -> "wrap_encode(Bytes)";
@@ -974,7 +975,7 @@ pgen_dispatcher(Erules,_Module,{Types,_Values,_,_,_Objects,_ObjectSets}) ->
 %     case Erules of
 % 	ber_bin_v2 ->
 % 	    emit(["decode(Type,Data0) ->",nl]),
-% 	    emit(["{Data,_RestBin} = ?RT_BER:decode(Data0",driver_parameter(),"),",nl]);
+% 	    emit(["{Data,_RestBin} = ?RT_BER:decode(Data0",nif_parameter(),"),",nl]);
 % 	_ ->
 % 	    emit(["decode(Type,Data) ->",nl])
 %     end,
@@ -991,10 +992,10 @@ pgen_dispatcher(Erules,_Module,{Types,_Values,_,_,_Objects,_ObjectSets}) ->
 	    {ber_bin_v2,false} ->
 		io_lib:format("~s~s~s~n",
 			      ["element(1,?RT_BER:decode(Data",
-			       driver_parameter(),"))"]);
+			       nif_parameter(),"))"]);
 	    {ber_bin_v2,true} ->
 		emit(["{Data,Rest} = ?RT_BER:decode(Data0",
-		      driver_parameter(),"),",nl]),
+		      nif_parameter(),"),",nl]),
 		"Data";
 	    _ ->
 		"Data"
@@ -1130,13 +1131,8 @@ gen_decode_partial_incomplete(Erule) when Erule == ber;Erule==ber_bin;
 			  "Data) of",nl]),
 		    EmitCaseClauses(),
 		    emit(["decode_part(Type,Data0) ->",nl]),
-		    Driver =
-			case lists:member(driver,get(encoding_options)) of
-			    true ->
-				",driver";
-			    _ -> ""
-			end,
-		    emit(["  case catch decode_inc_disp(Type,element(1,?RT_BER:decode(Data0",Driver,"))) of",nl]),
+		    emit(["  case catch decode_inc_disp(Type,element(1,"
+			  "?RT_BER:decode(Data0",nif_parameter(),"))) of",nl]),
 % 			  "  {Data,_RestBin} = ?RT_BER:decode(Data0),",nl,
 % 			  "  case catch decode_inc_disp(Type,Data) of",nl]),
 		    EmitCaseClauses();
@@ -1179,12 +1175,12 @@ gen_partial_inc_dispatcher([],_) ->
     emit(["decode_partial_inc_disp(Type,_Data) ->",nl,
 	  "  exit({error,{asn1,{undefined_type,Type}}}).",nl]).
 
-driver_parameter() ->
+nif_parameter() ->
     Options = get(encoding_options),
-    case lists:member(driver,Options) of
-	true ->
-	    ",driver";
-	_ -> ""
+    case {lists:member(driver,Options),lists:member(nif,Options)} of
+	{true,_} -> ",nif";
+	{_,true} -> ",nif";
+	_ ->  ""
     end.
 
 gen_wrapper() ->
@@ -1525,8 +1521,9 @@ gen_head(Erules,Mod,Hrl) ->
     emit({"-module('",Mod,"').",nl}),
     put(currmod,Mod),
     %emit({"-compile(export_all).",nl}),
-    case Hrl of
-	0 -> true;
+    case {Hrl,lists:member(inline,get(encoding_options))} of
+	{0,_} -> true;
+	{_,true} -> true;
 	_ -> 
 	    emit({"-include(\"",Mod,".hrl\").",nl})
     end,
diff --git a/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl b/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
index 9ec458e351..365bb84d52 100644
--- a/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
+++ b/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -416,7 +416,7 @@ gen_decode_selected(Erules,Type,FuncName) ->
 	end,
     emit(["  case ?RT_BER:decode_selective(",{asis,Pattern},",Bin) of",nl,
 	  "    {ok,Bin2} when is_binary(Bin2) ->",nl,
-	  "      {Tlv,_} = ?RT_BER:decode(Bin2),",nl]),
+	  "      {Tlv,_} = ?RT_BER:decode(Bin2",asn1ct_gen:nif_parameter(),"),",nl]),
     emit("{ok,"),
     gen_decode_selected_type(Erules,Type),
     emit(["};",nl,"    Err -> exit({error,{selctive_decode,Err}})",nl,
@@ -708,7 +708,7 @@ gen_dec_prim(Erules,Att,BytesVar,DoTag,TagIn,Form,OptOrMand) ->
 	'ASN1_OPEN_TYPE' ->
 	    emit(["?RT_BER:decode_open_type_as_binary(",
 		  BytesVar,","]),
-	    add_func({decode_open_type_as_binary,2});
+	    add_func({decode_open_type_as_binary,3});
 	#'ObjectClassFieldType'{} ->
 		case asn1ct_gen:get_inner(Att#type.def) of
 		    {fixedtypevaluefield,_,InnerType} -> 
@@ -716,7 +716,7 @@ gen_dec_prim(Erules,Att,BytesVar,DoTag,TagIn,Form,OptOrMand) ->
 		    'ASN1_OPEN_TYPE' ->
 			emit(["?RT_BER:decode_open_type_as_binary(",
 			      BytesVar,","]),
-			add_func({decode_open_type_as_binary,2});
+			add_func({decode_open_type_as_binary,3});
 		    Other ->
 			exit({'can not decode' ,Other})
 		end;
@@ -728,13 +728,13 @@ gen_dec_prim(Erules,Att,BytesVar,DoTag,TagIn,Form,OptOrMand) ->
 	{_,#'ObjectClassFieldType'{}} ->
 	    case asn1ct_gen:get_inner(Att#type.def) of
 		'ASN1_OPEN_TYPE' ->
-		    emit([{asis,DoTag},")"]);
+		    emit([{asis,DoTag},asn1ct_gen:nif_parameter(),")"]);
 		_ -> ok
 	    end;
 	{{string,TagStr},'ASN1_OPEN_TYPE'} ->
-	    emit([TagStr,")"]);
+	    emit([TagStr,asn1ct_gen:nif_parameter(),")"]);
 	{_,'ASN1_OPEN_TYPE'} ->
-	    emit([{asis,DoTag},")"]);
+	    emit([{asis,DoTag},asn1ct_gen:nif_parameter(),")"]);
 	{{string,TagStr},_} ->
 	    emit([TagStr,")"]);
 	_ when is_list(DoTag) ->
@@ -1064,7 +1064,7 @@ emit_tlv_format_function() ->
     end.
 emit_tlv_format_function1() ->
     emit(["tlv_format(Bytes) when is_binary(Bytes) ->",nl,
-	  "  {Tlv,_}=?RT_BER:decode(Bytes),",nl,
+	  "  {Tlv,_}=?RT_BER:decode(Bytes",asn1ct_gen:nif_parameter(),"),",nl,
 	  "  Tlv;",nl,
 	  "tlv_format(Bytes) ->",nl,
 	  "  Bytes.",nl]).
@@ -1502,13 +1502,14 @@ gen_objset_dec(Erules,ObjSetName,_UniqueName,['EXTENSIONMARK'],_ClName,
 	       _ClFields,_NthObj) ->
     emit(["'getdec_",ObjSetName,"'(_, _) ->",nl]),
     emit([indent(2),"fun(_,Bytes, _RestPrimFieldName) ->",nl]),
+    
     case Erules of
 	ber_bin_v2 ->
 	    emit([indent(4),"case Bytes of",nl,
 		  indent(6),"Bin when is_binary(Bin) -> ",nl,
 		  indent(8),"Bin;",nl,
 		  indent(6),"_ ->",nl,
-		  indent(8),"?RT_BER:encode(Bytes)",nl,
+		  indent(8),"?RT_BER:encode(Bytes",driver_parameter(),")",nl,
 		  indent(4),"end",nl]);
 	_ ->
 	    emit([indent(6),"Len = case Bytes of",nl,indent(9),
@@ -1521,6 +1522,14 @@ gen_objset_dec(Erules,ObjSetName,_UniqueName,['EXTENSIONMARK'],_ClName,
 gen_objset_dec(_,_,_,[],_,_,_) ->
     ok.
 
+driver_parameter() ->
+    Options = get(encoding_options),
+    case {lists:member(driver,Options),lists:member(nif,Options)} of
+	{true,_} -> ",nif";
+	{_,true} -> ",nif";
+	_ ->  ",erlang"
+    end.
+
 emit_default_getdec(ObjSetName,UniqueName) ->
     emit(["'getdec_",ObjSetName,"'(",{asis,UniqueName},", ErrV) ->",nl]),
     emit([indent(2), "fun(C,V,_) -> exit({{component,C},{value,V},{unique_name_and_value,",{asis,UniqueName},", ErrV}}) end"]).
diff --git a/lib/asn1/src/asn1ct_gen_per.erl b/lib/asn1/src/asn1ct_gen_per.erl
index 8313cf1b60..b90a0adf81 100644
--- a/lib/asn1/src/asn1ct_gen_per.erl
+++ b/lib/asn1/src/asn1ct_gen_per.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -238,7 +238,8 @@ gen_encode_prim(Erules,D,DoTag,Value) when is_record(D,type) ->
 			       "?RT_PER:complete(enc_~s(~s))",[Tname,Value]);
 			   [#type{def=#'Externaltypereference'{type=Tname}}] ->
 			       io_lib:format(
-				 "?RT_PER:complete(enc_~s(~s))",[Tname,Value]);
+				 "?RT_PER:complete(enc_~s(~s))",
+				 [Tname,Value]);
 			 _ -> Value
 		     end,
 	    emit(["?RT_PER:encode_open_type(", {asis,Constraint}, ",", 
diff --git a/lib/asn1/src/asn1ct_gen_per_rt2ct.erl b/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
index 4f4fcfafc3..1a0a0e211d 100644
--- a/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
+++ b/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -230,7 +230,8 @@ gen_encode_prim(Erules,D,DoTag,Value) when is_record(D,type) ->
 			       "?RT_PER:complete(enc_~s(~s))",[Tname,Value]);
 			   [#type{def=#'Externaltypereference'{type=Tname}}] ->
 			       io_lib:format(
-				 "?RT_PER:complete(enc_~s(~s))",[Tname,Value]);
+				 "?RT_PER:complete(enc_~s(~s))",
+				 [Tname,Value]);
 			 _ -> Value
 		     end,
 	    emit(["?RT_PER:encode_open_type(", {asis,Constraint}, ",", 
diff --git a/lib/asn1/src/asn1rt.erl b/lib/asn1/src/asn1rt.erl
index 9ef68efab5..d18f81346a 100644
--- a/lib/asn1/src/asn1rt.erl
+++ b/lib/asn1/src/asn1rt.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,12 +21,12 @@
 
 %% Runtime functions for ASN.1 (i.e encode, decode)
 
--include("asn1_records.hrl").
-
 -export([encode/2,encode/3,decode/3,load_driver/0,unload_driver/0,info/1]).
 
 -export([utf8_binary_to_list/1,utf8_list_to_binary/1]).
     
+-deprecated([load_driver/0,unload_driver/0]).
+
 encode(Module,{Type,Term}) ->
     encode(Module,Type,Term).
 
@@ -46,38 +46,12 @@ decode(Module,Type,Bytes) ->
 	    Result
     end.
 
-%% asn1-1.6.8.1	
-%% load_driver() ->
-%%     asn1rt_driver_handler:load_driver(),
-%%     receive
-%% 	driver_ready ->
-%% 	    ok;
-%% 	Err={error,_Reason} ->
-%% 	    Err;
-%% 	Error ->
-%% 	    {error,Error}
-%%     end.
-
-%% asn1-1.6.9
- load_driver() ->
-     case catch asn1rt_driver_handler:load_driver() of
- 	ok ->
- 	    ok;
- 	{error,{already_started,asn1}} ->
- 	    ok;
- 	Err ->
- 	    {error,Err}
-     end.
-
+%% Remove in R16A
+load_driver() ->
+    ok.
 
 unload_driver() ->
-    case catch asn1rt_driver_handler:unload_driver() of
-	ok ->
-	    ok;
-	Error ->
-	    {error,Error}
-    end.
-
+    ok.
 
 info(Module) ->
     case catch apply(Module,info,[]) of
diff --git a/lib/asn1/src/asn1rt_ber_bin_v2.erl b/lib/asn1/src/asn1rt_ber_bin_v2.erl
index a3bb570282..17e66f77c9 100644
--- a/lib/asn1/src/asn1rt_ber_bin_v2.erl
+++ b/lib/asn1/src/asn1rt_ber_bin_v2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
  
 %% encoding / decoding of BER  
 
--export([decode/1, decode/2, match_tags/2, encode/1]). 
+-export([decode/1, decode/2, match_tags/2, encode/1, encode/2]). 
 -export([fixoptionals/2, cindex/3,
 	 list_to_record/2,
 	 encode_tag_val/1,
@@ -49,11 +49,13 @@
 	 decode_tag_and_length/1]).
 
 -export([encode_open_type/1,encode_open_type/2, 
-	 decode_open_type/2,decode_open_type_as_binary/2]).
+	 decode_open_type/2,decode_open_type/3,
+	 decode_open_type_as_binary/2,
+	 decode_open_type_as_binary/3]).
 
 -export([decode_primitive_incomplete/2,decode_selective/2]).
- 
--include("asn1_records.hrl"). 
+
+-export([is_nif_loadable/0]).
  
 % the encoding of class of tag bits 8 and 7 
 -define(UNIVERSAL,   0). 
@@ -125,15 +127,28 @@
 % encode(Tlv) ->
 %     encode_constructed(Tlv).
 
-encode([Tlv]) ->
-    encode(Tlv);
-encode({TlvTag,TlvVal}) when is_list(TlvVal) ->
+encode(Tlv) ->
+    encode(Tlv,erlang).
+
+encode(Tlv,_) when is_binary(Tlv) ->
+    Tlv;
+encode([Tlv],Method) ->
+    encode(Tlv,Method);
+encode(Tlv, nif) ->
+    case is_nif_loadable() of
+	true ->
+	    asn1rt_nif:encode_ber_tlv(Tlv);
+	false ->
+	    encode_erl(Tlv)
+    end;
+encode(Tlv, _) ->
+    encode_erl(Tlv).
+
+encode_erl({TlvTag,TlvVal}) when is_list(TlvVal) ->
     %% constructed form of value
     encode_tlv(TlvTag,TlvVal,?CONSTRUCTED);
-encode({TlvTag,TlvVal}) ->
-    encode_tlv(TlvTag,TlvVal,?PRIMITIVE);
-encode(Bin) when is_binary(Bin) ->
-    Bin.
+encode_erl({TlvTag,TlvVal}) ->
+    encode_tlv(TlvTag,TlvVal,?PRIMITIVE).
 
 encode_tlv(TlvTag,TlvVal,Form) ->
     Tag = encode_tlv_tag(TlvTag,Form),
@@ -152,70 +167,61 @@ encode_tlv_val(Bin) ->
     {Bin,size(Bin)}.
 
 encode_tlv_list([Tlv|Tlvs],Acc) ->
-    EncTlv = encode(Tlv),
+    EncTlv = encode_erl(Tlv),
     encode_tlv_list(Tlvs,[EncTlv|Acc]);
 encode_tlv_list([],Acc) ->
     Bin=list_to_binary(lists:reverse(Acc)),
     {Bin,size(Bin)}.
 
-%% asn1-1.6.8.1
-%% decode(B,driver) ->
-%%     case catch port_control(asn1_driver_port,2,B) of
-%% 	Bin when is_binary(Bin) ->
-%% 	    binary_to_term(Bin);
-%% 	List when is_list(List) -> handle_error(List,B);
-%% 	{'EXIT',{badarg,Reason}} ->
-%% 	    asn1rt_driver_handler:load_driver(),
-%% 	    receive
-%% 		driver_ready ->
-%% 		    case catch port_control(asn1_driver_port,2,B) of
-%% 			Bin2 when is_binary(Bin2) -> binary_to_term(Bin2);
-%% 			List when is_list(List) -> handle_error(List,B);
-%% 			Error -> exit(Error)
-%% 		    end;
-%% 		{error,Error} -> % error when loading driver
-%% 		    %% the driver could not be loaded
-%% 		    exit(Error);
-%% 		Error={port_error,Reason} ->
-%% 		    exit(Error)
-%% 	    end;
-%% 	{'EXIT',Reason} ->
-%% 	    exit(Reason)
-%%     end.
-
-%% asn1-1.6.9
-decode(B,driver) ->
-    case catch control(?TLV_DECODE,B) of
- 	Bin when is_binary(Bin) ->
- 	    binary_to_term(Bin);
- 	List when is_list(List) -> handle_error(List,B);
- 	{'EXIT',{badarg,_Reason}} ->
- 	    case asn1rt:load_driver() of
- 		ok ->
- 		    case control(?TLV_DECODE,B) of
- 			Bin when is_binary(Bin) -> binary_to_term(Bin);
- 			List when is_list(List) -> handle_error(List,B)
- 		    end;
- 		Err ->
- 		    Err
- 	    end
-    end.
+decode(B) ->
+    decode(B, erlang).
 
+%% asn1-1.7
+decode(B, nif) ->
+    case is_nif_loadable() of
+	true ->
+	    case asn1rt_nif:decode_ber_tlv(B) of
+		{error, Reason} -> handle_error(Reason, B);
+		Else -> Else
+	    end;
+	false ->
+	    decode(B)
+    end;
+decode(B,erlang) when is_binary(B) ->
+    decode_primitive(B);
+decode(Tlv,erlang) ->
+    {Tlv,<<>>}.
+
+%% Have to check this since asn1 is not guaranteed to be available
+is_nif_loadable() ->
+    case application:get_env(asn1, nif_loadable) of
+	{ok,R} ->
+	    R;
+	undefined ->
+	    case catch code:load_file(asn1rt_nif) of
+		{module, asn1rt_nif} ->
+		    application:set_env(asn1, nif_loadable, true),
+		    true;
+		_Else ->
+		    application:set_env(asn1, nif_loadable, false),
+		    false
+	    end
+    end.
 
 handle_error([],_)->
     exit({error,{asn1,{"memory allocation problem"}}});
-handle_error([$1|_],L) -> % error in driver
+handle_error({$1,_},L) -> % error in nif
     exit({error,{asn1,L}});
-handle_error([$2|T],L) -> % error in driver due to wrong tag
+handle_error({$2,T},L) -> % error in nif due to wrong tag
     exit({error,{asn1,{"bad tag after byte:",error_pos(T),L}}});
-handle_error([$3|T],L) -> % error in driver due to length error
+handle_error({$3,T},L) -> % error in driver due to length error
     exit({error,{asn1,{"bad length field after byte:",
 			     error_pos(T),L}}});
-handle_error([$4|T],L) -> % error in driver due to indefinite length error
+handle_error({$4,T},L) -> % error in driver due to indefinite length error
     exit({error,{asn1,
 		 {"indefinite length without end bytes after byte:",
 		  error_pos(T),L}}});
-handle_error([$5|T],L) -> % error in driver due to indefinite length error
+handle_error({$5,T},L) -> % error in driver due to indefinite length error
     exit({error,{asn1,{"bad encoded value after byte:",
 			     error_pos(T),L}}});
 handle_error(ErrL,L) ->
@@ -228,16 +234,6 @@ error_pos([B])->
 error_pos([B|Bs]) ->
     BS = 8 * length(Bs),
     B bsl BS + error_pos(Bs).
-%% asn1-1.6.9
-control(Cmd, Data) ->
-    Port = asn1rt_driver_handler:client_port(),
-    erlang:port_control(Port, Cmd, Data).
-
-decode(Bin) when is_binary(Bin) ->
-    decode_primitive(Bin);
-decode(Tlv) -> % assume it is a tlv
-    {Tlv,<<>>}.
-
 
 decode_primitive(Bin) ->
     {Form,TagNo,V,Rest} = decode_tag_and_length(Bin),
@@ -796,20 +792,24 @@ encode_open_type(Val,Tag) ->
 %% Value = binary with decoded data (which must be decoded again as some type)
 %%
 decode_open_type(Tlv, TagIn) ->
+    decode_open_type(Tlv, TagIn, erlang).
+decode_open_type(Tlv, TagIn, Method) ->
     case match_tags(Tlv,TagIn) of
 	Bin when is_binary(Bin) ->
-	    {InnerTlv,_} = decode(Bin),
+	    {InnerTlv,_} = decode(Bin,Method),
 	    InnerTlv;
 	TlvBytes -> TlvBytes
     end.
 
  
-decode_open_type_as_binary(Tlv,TagIn)->
+decode_open_type_as_binary(Tlv, TagIn) ->
+    decode_open_type_as_binary(Tlv, TagIn, erlang).
+decode_open_type_as_binary(Tlv,TagIn, Method)->
     case match_tags(Tlv,TagIn) of
 	V when is_binary(V) ->
 	    V;
-	[Tlv2] -> encode(Tlv2);
-	Tlv2 -> encode(Tlv2)
+	[Tlv2] -> encode(Tlv2, Method);
+	Tlv2 -> encode(Tlv2, Method)
     end.
  
 %%=============================================================================== 
@@ -1056,7 +1056,7 @@ encode_real(C,Val, TagIn) when is_tuple(Val); is_list(Val) ->
 
 
 encode_real(C,Val) ->
-    ?RT_COMMON:encode_real(C,Val). 
+    asn1rt_ber_bin:encode_real(C,Val). 
  
  
 %%============================================================================ 
@@ -1081,7 +1081,7 @@ decode_real_notag(Buffer) ->
 	    {_T,_V} ->
 		exit({error,{asn1,{real_not_in_primitive_form,Buffer}}})
 	end,
-    {Val,_Rest,Len} = ?RT_COMMON:decode_real(Buffer,Len),
+    {Val,_Rest,Len} = asn1rt_ber_bin:decode_real(Buffer,Len),
     Val.
 %%    exit({error,{asn1, {unimplemented,real}}}).
 %%  decode_real2(Buffer, Form, size(Buffer)).
@@ -1577,14 +1577,12 @@ e_object_identifier(V) when is_tuple(V) ->
 e_object_identifier([E1, E2 | Tail]) -> 
     Head = 40*E1 + E2,  % wow! 
     {H,Lh} = mk_object_val(Head),
-    {R,Lr} = enc_obj_id_tail(Tail, [], 0),
+    {R,Lr} = lists:mapfoldl(fun enc_obj_id_tail/2,0,Tail),
     {[H|R], Lh+Lr}.
 
-enc_obj_id_tail([], Ack, Len) ->
-    {lists:reverse(Ack), Len};
-enc_obj_id_tail([H|T], Ack, Len) ->
+enc_obj_id_tail(H, Len) ->
     {B, L} = mk_object_val(H),
-    enc_obj_id_tail(T, [B|Ack], Len+L).
+    {B,Len+L}.
 
 
 %%%%%%%%%%% 
diff --git a/lib/asn1/src/asn1rt_check.erl b/lib/asn1/src/asn1rt_check.erl
index 24a2a3802d..d9856901b8 100644
--- a/lib/asn1/src/asn1rt_check.erl
+++ b/lib/asn1/src/asn1rt_check.erl
@@ -19,8 +19,6 @@
 %%
 -module(asn1rt_check).
 
--include("asn1_records.hrl").
-
 -export([check_bool/2,
 	 check_int/3,
 	 check_bitstring/3,
diff --git a/lib/asn1/src/asn1rt_driver_handler.erl b/lib/asn1/src/asn1rt_driver_handler.erl
deleted file mode 100644
index 146d0043f9..0000000000
--- a/lib/asn1/src/asn1rt_driver_handler.erl
+++ /dev/null
@@ -1,144 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-%%
-
--module(asn1rt_driver_handler).
-
--include("asn1_records.hrl").
-
--export([load_driver/0,unload_driver/0,client_port/0]).
-
-%% Internal exports
--export([init/2]).
-
-%% Macros
--define(port_names,
-	{ asn1_drv01, asn1_drv02, asn1_drv03, asn1_drv04,
-	  asn1_drv05, asn1_drv06, asn1_drv07, asn1_drv08,
-	  asn1_drv09, asn1_drv10, asn1_drv11, asn1_drv12,
-	  asn1_drv13, asn1_drv14, asn1_drv15, asn1_drv16 }).
-
-%%% --------------------------------------------------------
-%%% Interface Functions. 
-%%% --------------------------------------------------------
-load_driver() ->
-    load_driver(noreason).
-
-load_driver(Reason) ->
-    Ref = make_ref(),
-    case whereis(asn1_driver_owner) of % to prevent unnecessary spawn
-	Pid when is_pid(Pid) ->
-	    asn1_driver_owner ! {self(),Ref,are_you_ready},
-	    receive
-		{Ref,driver_ready} ->
-		    ok
-	    after 10000 ->
-		    {error,{timeout,waiting_for_drivers}}
-	    end;
-	_ ->
-	    {_,Mref} = spawn_monitor(asn1rt_driver_handler, init, [self(),Ref]),
-	    receive
-		{'DOWN', Mref, _, _, NewReason} ->
-		    case NewReason of
-			Reason -> {error,Reason};
-			_ -> load_driver(NewReason)
-		    end;
-		{Ref,driver_ready} ->
-		    erlang:demonitor(Mref),
-		    ok;
-		{Ref,Error = {error,_Reason}} ->
-		    erlang:demonitor(Mref),
-		    Error
-	    after 10000 -> %% 10 seconds
-		    {error,{timeout,waiting_for_drivers}}
-	    end
-    end.
-
-init(FromPid,FromRef) ->
-    case catch register(asn1_driver_owner,self()) of
-	true -> true;
-	_Other -> exit(normal)
-    end,
-    Dir = filename:join([code:priv_dir(asn1),"lib"]),
-    case catch erl_ddll:load_driver(Dir,asn1_erl_drv) of
-	ok ->
-	    Result = open_named_ports(),
-	    catch (FromPid ! {FromRef,Result}),
-	    loop(Result);
-	{error,Err} -> % if erl_ddll:load_driver fails
-	    ForErr = erl_ddll:format_error(Err),
-	    OSDir = filename:join(Dir,erlang:system_info(system_architecture)),
-	    case catch erl_ddll:load_driver(OSDir,asn1_erl_drv) of
-		ok ->
-		    Result = open_named_ports(),
-		    catch (FromPid ! {FromRef,Result}),
-		    loop(Result);
-		{error,Err2} ->
-%		    catch (FromPid ! {FromRef,Error})
-		    ForErr2 = erl_ddll:format_error(Err2),
-		    catch (FromPid ! {FromRef,{error,{{Dir,ForErr},{OSDir,ForErr2}}}})
-	    end
-    end.
-
-    
-open_named_ports() ->
-    open_named_ports(size(?port_names)).
-
-open_named_ports(0) ->
-    driver_ready;
-open_named_ports(N) ->
-    case catch open_port({spawn,"asn1_erl_drv"},[]) of
-	{'EXIT',Reason} ->
-	    {error,{port_error,Reason}};
-	Port ->
-	    register(element(N,?port_names),Port),
-	    open_named_ports(N-1)
-    end.
-
-loop(Result) ->
-    receive
-	{_FromPid,_FromRef,unload} ->
-	    close_ports(size(?port_names)),
-	    erl_ddll:unload_driver(asn1_erl_drv),
-	    ok;
-	{FromPid,FromRef,are_you_ready} ->
-	    catch (FromPid ! {FromRef,driver_ready}),
-	    loop(Result);
-	_ ->
-	    loop(Result)
-    end.
-
-unload_driver() ->
-    case whereis(asn1_driver_owner) of
-	Pid when is_pid(Pid) ->
-	    Pid ! {self(),make_ref(),unload},
-	    ok;
-	_ -> 
-	    ok
-    end.
-
-close_ports(0) ->
-    ok;
-close_ports(N) ->   
-    element(N,?port_names) ! {self(), close}, %% almost same as port_close(Name)
-    close_ports(N-1).
-
-client_port() ->
-    element(erlang:system_info(scheduler_id) rem size(?port_names) + 1,
-	    ?port_names).
diff --git a/lib/asn1/src/asn1rt_nif.erl b/lib/asn1/src/asn1rt_nif.erl
new file mode 100644
index 0000000000..de1fb94816
--- /dev/null
+++ b/lib/asn1/src/asn1rt_nif.erl
@@ -0,0 +1,87 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%%
+-module(asn1rt_nif).
+
+%% Nif interface for asn1
+
+-export([encode_per_complete/1,
+	 decode_ber_tlv/1,
+	 encode_ber_tlv/1]).
+
+-on_load(load_nif/0).
+
+-define(ASN1_NIF_VSN,1).
+
+load_nif() ->
+    LibBaseName = "asn1_erl_nif",
+    PrivDir = code:priv_dir(asn1),
+    LibName = case erlang:system_info(build_type) of
+		  opt ->
+		      LibBaseName;
+		  Type ->
+		      LibTypeName = LibBaseName ++ "."  ++ atom_to_list(Type),
+		      case (filelib:wildcard(
+			      filename:join(
+				[PrivDir,
+				 "lib",
+				 LibTypeName ++ "*"])) /= []) orelse
+			  (filelib:wildcard(
+			     filename:join(
+			       [PrivDir,
+				"lib",
+				erlang:system_info(system_architecture),
+				LibTypeName ++ "*"])) /= []) of
+			  true -> LibTypeName;
+			  false -> LibBaseName
+		      end
+	      end,
+    Lib = filename:join([PrivDir, "lib", LibName]),
+    Status = case erlang:load_nif(Lib, ?ASN1_NIF_VSN) of
+		 ok -> ok;
+		 {error, {load_failed, _}}=Error1 ->
+		     ArchLibDir =
+			 filename:join([PrivDir, "lib",
+					erlang:system_info(system_architecture)]),
+		     Candidate =
+			 filelib:wildcard(filename:join([ArchLibDir,LibName ++ "*" ])),
+		     case Candidate of
+			 [] -> Error1;
+			 _ ->
+			     ArchLib = filename:join([ArchLibDir, LibName]),
+			     erlang:load_nif(ArchLib, ?ASN1_NIF_VSN)
+		     end;
+		 Error1 -> Error1
+	     end,
+    case Status of
+	ok -> ok;
+	{error, {E, Str}} ->
+	    error_logger:error_msg("Unable to load asn1 nif library. "
+				   "Failed with error:~n\"~p, ~s\"~n",[E,Str]),
+	    Status
+    end.
+
+encode_per_complete(_TagValueList) ->
+    erlang:nif_error({nif_not_loaded,module,?MODULE,line,?LINE}).
+
+decode_ber_tlv(_Binary) ->
+    erlang:nif_error({nif_not_loaded,module,?MODULE,line,?LINE}).
+
+encode_ber_tlv(_TagValueList) ->
+    erlang:nif_error({nif_not_loaded,module,?MODULE,line,?LINE}).
diff --git a/lib/asn1/src/asn1rt_per_bin.erl b/lib/asn1/src/asn1rt_per_bin.erl
index 6bbca26209..a124c7553d 100644
--- a/lib/asn1/src/asn1rt_per_bin.erl
+++ b/lib/asn1/src/asn1rt_per_bin.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -57,7 +57,7 @@
 	 encode_NumericString/2, decode_NumericString/2,
 	 encode_ObjectDescriptor/2, decode_ObjectDescriptor/1
 	]).
--export([complete_bytes/1]).
+-export([complete_bytes/1, getbits/2, getoctets/2]).
 
 -define('16K',16384).
 -define('32K',32768).
diff --git a/lib/asn1/src/asn1rt_per_bin_rt2ct.erl b/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
index f4aecf9322..750b59aba6 100644
--- a/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
+++ b/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -1734,143 +1734,24 @@ get_constraint(C,Key) ->
 -ifdef(nodriver).
 
 complete(L) ->
-    case complete1(L) of
-	{[],[]} ->
-	    <<0>>;
-	{Acc,[]} ->
-	    Acc;
-	{Acc,Bacc}  ->
-	    [Acc|complete_bytes(Bacc)]
-    end.
-
-
-% this function builds the ugly form of lists [E1|E2] to avoid having to reverse it at the end.
-% this is done because it is efficient and that the result always will be sent on a port or
-% converted by means of list_to_binary/1
- complete1(InList) when is_list(InList) ->
-     complete1(InList,[],[]);
- complete1(InList) ->
-     complete1([InList],[],[]).
-
- complete1([],Acc,Bacc) ->
-     {Acc,Bacc};
- complete1([H|T],Acc,Bacc) when is_list(H) ->
-     {NewH,NewBacc} = complete1(H,Acc,Bacc),
-     complete1(T,NewH,NewBacc);
-
- complete1([{octets,Bin}|T],Acc,[]) ->
-     complete1(T,[Acc|Bin],[]);
-
- complete1([{octets,Bin}|T],Acc,Bacc) ->
-     complete1(T,[Acc|[complete_bytes(Bacc),Bin]],[]);
-
- complete1([{debug,_}|T], Acc,Bacc) ->
-     complete1(T,Acc,Bacc);
-
- complete1([{bits,N,Val}|T],Acc,Bacc) ->
-     complete1(T,Acc,complete_update_byte(Bacc,Val,N));
-
- complete1([{bit,Val}|T],Acc,Bacc) ->
-     complete1(T,Acc,complete_update_byte(Bacc,Val,1));
-
- complete1([align|T],Acc,[]) ->
-     complete1(T,Acc,[]);
- complete1([align|T],Acc,Bacc) ->
-     complete1(T,[Acc|complete_bytes(Bacc)],[]);
- complete1([{0,Bin}|T],Acc,[]) when is_binary(Bin) ->
-     complete1(T,[Acc|Bin],[]);
- complete1([{Unused,Bin}|T],Acc,[]) when is_integer(Unused),is_binary(Bin) ->
-     Size = size(Bin)-1,
-     <<Bs:Size/binary,B>> = Bin,
-     NumBits = 8-Unused,
-     complete1(T,[Acc|Bs],[[B bsr Unused]|NumBits]);
- complete1([{Unused,Bin}|T],Acc,Bacc) when is_integer(Unused),is_binary(Bin) ->
-     Size = size(Bin)-1,
-     <<Bs:Size/binary,B>> = Bin,
-     NumBits = 8 - Unused,
-     Bf = complete_bytes(Bacc),
-     complete1(T,[Acc|[Bf,Bs]],[[B bsr Unused]|NumBits]).
-
-
- complete_update_byte([],Val,Len) ->
-     complete_update_byte([[0]|0],Val,Len);
- complete_update_byte([[Byte|Bacc]|NumBits],Val,Len) when NumBits + Len == 8 ->
-     [[0,((Byte bsl Len) + Val) band 255|Bacc]|0];
- complete_update_byte([[Byte|Bacc]|NumBits],Val,Len) when NumBits + Len > 8  ->
-     Rem = 8 - NumBits,
-     Rest = Len - Rem,
-     complete_update_byte([[0,((Byte bsl Rem) + (Val bsr Rest)) band 255 |Bacc]|0],Val,Rest);
- complete_update_byte([[Byte|Bacc]|NumBits],Val,Len) ->
-     [[((Byte bsl Len) + Val) band 255|Bacc]|NumBits+Len].
-
- 
- complete_bytes([[Byte|Bacc]|0]) ->
-     lists:reverse(Bacc);
- complete_bytes([[Byte|Bacc]|NumBytes]) ->
-     lists:reverse([(Byte bsl (8-NumBytes)) band 255|Bacc]);
- complete_bytes([]) ->
-     [].
+    erlang_complete(L).
 
 -else.
 
-%% asn1-1.6.8.1_dev
-%% complete(L) ->
-%%     case catch port_control(asn1_driver_port,1,L) of
-%% 	Bin when is_binary(Bin) ->
-%% 	    Bin;
-%% 	List when is_list(List) -> handle_error(List,L);
-%% 	{'EXIT',{badarg,Reason}} ->
-%% 	    asn1rt_driver_handler:load_driver(),
-%% 	    receive
-%% 		driver_ready ->
-%% 		    case catch port_control(asn1_driver_port,1,L) of
-%% 			Bin2 when is_binary(Bin2) -> Bin2;
-%% 			List when is_list(List) -> handle_error(List,L);
-%% 			{'EXIT',Reason2={badarg,_R}} -> 
-%% 			    exit({"failed to call driver probably due to bad asn1 value",Reason2});
-%% 			Reason2 -> exit(Reason2)
-%% 		    end;
-%% 		{error,Error} -> % error when loading driver
-%% 		    %% the driver could not be loaded
-%% 		    exit(Error);
-%% 		Error={port_error,Reason} ->
-%% 		    exit(Error)
-%% 	    end;
-%% 	{'EXIT',Reason} ->
-%% 	    exit(Reason)
-%%     end.
-
-%% asn1-1.6.9
+%% asn1-1.7
 complete(L) ->
-    case catch control(?COMPLETE_ENCODE,L) of
- 	Bin when is_binary(Bin) ->
- 	    Bin;
- 	List when is_list(List) -> handle_error(List,L);
- 	{'EXIT',{badarg,_Reason}} ->
- 	    case asn1rt:load_driver() of
- 		ok ->
- 		    case control(?COMPLETE_ENCODE,L) of
- 			Bin when is_binary(Bin) ->Bin;
- 			List when is_list(List) -> handle_error(List,L)
- 		    end;
- 		Err ->
- 		    Err
- 	    end
+    case asn1rt_nif:encode_per_complete(L) of
+	{error, Reason} -> handle_error(Reason, L);
+	Else when is_binary(Else) -> Else
     end.
 
-
 handle_error([],_)->
     exit({error,{asn1,{"memory allocation problem in driver"}}});
-handle_error("1",L) -> % error in complete in driver
+handle_error($1,L) -> % error in complete in driver
     exit({error,{asn1,L}});
 handle_error(ErrL,L) ->
     exit({error,{asn1,ErrL,L}}).
 
-%% asn1-1.6.9
-control(Cmd, Data) ->
-    Port = asn1rt_driver_handler:client_port(),
-    erlang:port_control(Port, Cmd, Data).
-
 -endif.
 
 
diff --git a/lib/asn1/test/asn1.cover b/lib/asn1/test/asn1.cover
index 589a8b7e3d..ad3a0f3db9 100644
--- a/lib/asn1/test/asn1.cover
+++ b/lib/asn1/test/asn1.cover
@@ -1,2 +1,3 @@
 {incl_app,asn1,details}.
 
+{excl_mods, asn1, [asn1rt_nif]}.
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE.erl.src b/lib/asn1/test/asn1_SUITE.erl.src
index e7f93a4053..124ee2d2bb 100644
--- a/lib/asn1/test/asn1_SUITE.erl.src
+++ b/lib/asn1/test/asn1_SUITE.erl.src
@@ -2036,11 +2036,7 @@ rtUI(Config) ->
     ?line {ok,_} = asn1rt:info('Prim'),
 
     ?line ok = asn1ct:compile(filename:join(DataDir,"Prim"),[?PER]),
-    ?line {ok,_} = asn1rt:info('Prim'),
-
-    ?line ok = asn1rt:load_driver(),
-    ?line ok = asn1rt:load_driver(),
-    ?line ok = asn1rt:unload_driver().
+    ?line {ok,_} = asn1rt:info('Prim').
 
 testROSE(suite) -> [];
 testROSE(Config) -> 
diff --git a/lib/asn1/test/asn1_SUITE_data/DirectoryAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/DirectoryAbstractService.asn
index 5a5d310729..5a5d310729 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/DirectoryAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/DirectoryAbstractService.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/InformationFramework.asn b/lib/asn1/test/asn1_SUITE_data/InformationFramework.asn
index ef236e98a9..ef236e98a9 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/InformationFramework.asn
+++ b/lib/asn1/test/asn1_SUITE_data/InformationFramework.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/LDAP.asn1 b/lib/asn1/test/asn1_SUITE_data/LDAP.asn1
index 4d845942e1..4d845942e1 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/LDAP.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/LDAP.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/Nortel.asn b/lib/asn1/test/asn1_SUITE_data/Nortel.asn
index a27c78a0b5..a27c78a0b5 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/Nortel.asn
+++ b/lib/asn1/test/asn1_SUITE_data/Nortel.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/UpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/UpperBounds.asn
index 247260495b..247260495b 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/UpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/UpperBounds.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/UsefulDefinitions.asn b/lib/asn1/test/asn1_SUITE_data/UsefulDefinitions.asn
index d9601bb7d0..d9601bb7d0 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/UsefulDefinitions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/UsefulDefinitions.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-CommonDataTypes.asn b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-CommonDataTypes.asn
index e3f6e83d6b..e3f6e83d6b 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-CommonDataTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-CommonDataTypes.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-Constants.asn b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-Constants.asn
index 1411d455b7..1411d455b7 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-Constants.asn
+++ b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-Constants.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-Containers.asn b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-Containers.asn
index fb08451103..fb08451103 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-Containers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-Containers.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-IEs.asn b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-IEs.asn
index 848d8f6099..848d8f6099 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-IEs.asn
+++ b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-IEs.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-PDU-Contents.asn b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-PDU-Contents.asn
index 9ecfa688a2..9ecfa688a2 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-PDU-Contents.asn
+++ b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-PDU-Contents.asn
diff --git a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-PDU-Discriptions.asn b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-PDU-Discriptions.asn
index b9be9934e4..b9be9934e4 100755..100644
--- a/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-PDU-Discriptions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/nbapsystem/NBAP-PDU-Discriptions.asn
diff --git a/lib/asn1/test/asn1_bin_v2_particular_SUITE.erl.src b/lib/asn1/test/asn1_bin_v2_particular_SUITE.erl.src
index abd21b0d78..4c3c8c7808 100644
--- a/lib/asn1/test/asn1_bin_v2_particular_SUITE.erl.src
+++ b/lib/asn1/test/asn1_bin_v2_particular_SUITE.erl.src
@@ -11,37 +11,219 @@ smp(Config)  ->
 
             ?line Msg = {initiatingMessage, testNBAPsystem:cell_setup_req_msg()},
 	    ?line ok = testNBAPsystem:compile(Config,per_bin,[optimize]),
-
-            Parent = self(),
 	    
-	    ?line ok = asn1rt:load_driver(),
-	
-	    smp2(Parent,NumOfProcs,Msg,2),
+	    enc_dec(NumOfProcs,Msg,2),
 
 	    N = 10000,
 
-            ?line {Time1,ok} = timer:tc(?MODULE,smp2,[Parent,NumOfProcs,Msg, N]),
-	    ?line {Time1S,ok} = timer:tc(?MODULE,sequential,[NumOfProcs * N,Msg]),
+            ?line {Time1,ok} = timer:tc(?MODULE,enc_dec,[NumOfProcs,Msg, N]),
+	    ?line {Time1S,ok} = timer:tc(?MODULE,enc_dec,[1, Msg, NumOfProcs * N]),
 
-	    ?line ok = testNBAPsystem:compile(Config,ber_bin,[optimize,driver]),
-            ?line {Time2,ok} = timer:tc(?MODULE,smp2,[Parent,NumOfProcs,Msg, N]),
+	    ?line ok = testNBAPsystem:compile(Config,ber_bin,[optimize,nif]),
+            ?line {Time3,ok} = timer:tc(?MODULE,enc_dec,[NumOfProcs,Msg, N]),
 
-	    ?line {Time2S,ok} = timer:tc(?MODULE,sequential,[NumOfProcs * N,Msg]),
+	    ?line {Time3S,ok} = timer:tc(?MODULE,enc_dec,[1, Msg, NumOfProcs * N]),
 
-            {comment,lists:flatten(io_lib:format("Encode/decode time parallell with ~p cores: ~p [microsecs]~nEncode/decode time sequential: ~p [microsecs]",[NumOfProcs,Time1+Time2,Time1S+Time2S]))};
+            {comment,lists:flatten(
+		       io_lib:format(
+			 "Encode/decode time parallell with ~p cores: ~p [microsecs]~n"
+			 "Encode/decode time sequential: ~p [microsecs]",
+			 [NumOfProcs,Time1+Time3,Time1S+Time3S]))};
         false ->
             {skipped,"No smp support"}
     end.
 
-smp2(Parent,NumOfProcs,Msg, N) ->
-    Pids = [spawn_link(fun() -> worker(Msg,Parent, N) end)
-		    || _ <- lists:seq(1,NumOfProcs)],
-    ?line ok = wait_pids(Pids).
+per_performance(Config) ->
+    PrivDir = proplists:get_value(priv_dir, Config),
+    NifDir = filename:join(PrivDir,"nif"),
+    ErlDir = filename:join(PrivDir,"erl"),
+    file:make_dir(NifDir),file:make_dir(ErlDir),
+
+    ?line Msg = {initiatingMessage, testNBAPsystem:cell_setup_req_msg()},
+    ?line ok = testNBAPsystem:compile([{priv_dir,NifDir}|Config],per_bin,
+				      [optimize]),
+    ?line ok = testNBAPsystem:compile([{priv_dir,ErlDir}|Config],per_bin,
+				      []),
+
+    Modules = ['NBAP-CommonDataTypes',
+	       'NBAP-Constants',
+	       'NBAP-Containers',
+	       'NBAP-IEs',
+	       'NBAP-PDU-Contents',
+	       'NBAP-PDU-Discriptions'],
+
+
+    PreNif = fun() ->
+		     code:add_patha(NifDir),
+		     lists:foreach(fun(M) ->
+					   code:purge(M),
+					   code:load_file(M)
+				   end,Modules)
+	     end,
+    
+    PreErl = fun() ->
+		     code:add_patha(ErlDir),
+		     lists:foreach(fun(M) ->
+					   code:purge(M),
+					   code:load_file(M)
+				   end,Modules)
+	     end,
+
+    Func = fun() ->
+		   element(1,timer:tc(
+			       asn1_wrapper,encode,['NBAP-PDU-Discriptions',
+						    'NBAP-PDU',
+						    Msg]))
+	   end,
+
+    nif_vs_erlang_performance({{{PreNif,Func},{PreErl,Func}},100000,32}).
+
+ber_performance(Config) ->
+
+    ?line Msg = {initiatingMessage, testNBAPsystem:cell_setup_req_msg()},
+    ?line ok = testNBAPsystem:compile(Config,ber_bin,[optimize,nif]),
+
+
+    BerFun = fun() ->
+		     {ok,B} = asn1_wrapper:encode('NBAP-PDU-Discriptions',
+						  'NBAP-PDU', Msg),
+		     asn1_wrapper:decode(
+			'NBAP-PDU-Discriptions',
+			'NBAP-PDU',
+			B)
+	     end,
+    nif_vs_erlang_performance({BerFun,100000,32}).
+
+cert_pem_performance(Config) when is_list(Config) ->
+    cert_pem_performance({100000, 32});
+cert_pem_performance({N,S}) ->
+    nif_vs_erlang_performance({fun cert_pem/0,N,S}).
+
+dsa_pem_performance(Config) when is_list(Config) ->
+    cert_pem_performance({100000, 32});
+dsa_pem_performance({N,S}) ->
+    nif_vs_erlang_performance({fun dsa_pem/0,N,S}).
+
+
+nif_vs_erlang_performance({{TC1,TC2},N,Sched}) ->
+    random:seed({123,456,789}),
+    io:format("Running a ~p sample with ~p max procs...~n~n",[N,Sched]),
+    
+    {True,False} = exec(TC1,TC2,Sched,N+1),
+        
+    io:format("~ndone!~n"),
+
+    io:format("~n"),TStats = print_stats(strip(True,N div 20)),
+    io:format("~n"),FStats = print_stats(strip(False,N div 20)),
+    Str = io_lib:format("~nNifs are ~.3f% faster than erlang!~n",
+			[(element(2,FStats) - element(2,TStats)) / 
+			     element(2,FStats) * 100]),
+    io:format(Str),
+    {comment, lists:flatten(Str)};
+nif_vs_erlang_performance({T,N,Sched}) ->
+    PTC1 = fun() ->
+		  application:set_env(asn1, nif_loadable, true)
+	   end,
+    PTC2 = fun() ->
+		  application:set_env(asn1, nif_loadable, false)
+	   end,
+    TC = fun() ->
+		 element(1,timer:tc(T))
+	 end,
+    nif_vs_erlang_performance({{{PTC1,TC},{PTC2,TC}},N,Sched}).
+    
+
+print_stats(Data) ->
+    Length = length(Data),
+    Mean = lists:sum(Data) / Length,
+    Variance = lists:foldl(fun(N,Acc) -> math:pow(N - Mean, 2)+Acc end, 0, Data),
+    StdDev = math:sqrt(Variance / Length),
+    Median = lists:nth(round(Length/2),Data),
+    Min = lists:min(Data),
+    Max = lists:max(Data),
+    if Length < 20 ->
+	    io:format("Data: ~w~n",[Data]);
+       true ->
+	    ok
+    end,
+    io:format("Length: ~p~nMean: ~p~nStdDev: ~p~nMedian: ~p~nMin: ~p~nMax: ~p~n",
+	      [Length,Mean,StdDev,Median,Min,Max]),
+    {Length,Mean,StdDev,Median,Min,Max}.
+    
+collect(Acc) ->
+    receive
+	{Tag,Val} ->
+	    Prev = proplists:get_value(Tag,Acc,[]),
+	    collect(lists:keystore(Tag,1,Acc,{Tag,[Val|Prev]}))
+    after 100 ->
+	    Acc
+    end.
+
+exec(One,Two,Max,N) ->
+    exec(One,Two,Max,N,{[],[]}).
+exec(_,_,_,1,{D1,D2}) ->
+    {lists:flatten(D1),lists:flatten(D2)};
+exec({PreOne,One} = O,{PreTwo,Two} = T,MaxProcs, N, {D1,D2}) ->
+    Num = random:uniform(round(N/2)),
+    if Num rem 3 == 0 ->
+	    timer:sleep(Num rem 1000);
+       true ->
+	    ok
+    end,
+    Procs = random:uniform(MaxProcs),
+    io:format("\tBatch: ~p items in ~p processes, ~p left~n",[Num,Procs,N-Num]),
+    if Num rem 2 == 1 ->
+	    erlang:garbage_collect(),
+	    PreOne(),
+	    MoreOne = pexec(One, Num, Procs, []),
+	    erlang:garbage_collect(),
+	    PreTwo(),
+	    MoreTwo = pexec(Two, Num, Procs, []);
+       true ->
+	    erlang:garbage_collect(),
+	    PreTwo(),
+	    MoreTwo = pexec(Two, Num, Procs, []),
+	    erlang:garbage_collect(),
+	    PreOne(),
+	    MoreOne = pexec(One, Num, Procs, [])
+    end,
+    exec(O,T,MaxProcs,N-Num,{[MoreOne|D1],
+			     [MoreTwo|D2]}).
+
+pexec(_Fun, _, 0, []) ->
+    [];
+pexec(Fun, _, 0, [{Ref,Pid}|Rest]) ->
+    receive
+	{data,D} ->
+	    [D|pexec(Fun,0,0,[{Ref,Pid}|Rest])];
+	{'DOWN', Ref, process, Pid, normal} ->
+	    pexec(Fun, 0,0,Rest)
+    end;
+pexec(Fun, 0, 1, AccProcs) ->
+    pexec(Fun, 0, 0, AccProcs);
+pexec(Fun, N, 1, AccProcs) ->
+    [Fun()|pexec(Fun, N - 1, 1, AccProcs)];
+pexec(Fun, N, Procs, AccProcs) ->
+    S = self(),
+    Pid = spawn(fun() ->
+			S ! {data,pexec(Fun,N,1,[])}
+		end),
+    Ref = erlang:monitor(process, Pid),
+    pexec(Fun, N, Procs - 1, [{Ref,Pid}|AccProcs]).
 
-worker(Msg, Parent, N) ->
-    %% io:format("smp worker ~p with ~p worker loops.~n",[self(), N]),
-    worker_loop(N, Msg),
-    Parent ! self().
+strip(Data,Num) ->
+    {_,R} = lists:split(Num,lists:sort(Data)),
+    element(2,lists:split(Num,lists:reverse(R))).
+
+faster(A,B) ->
+    (B - A)/B * 100.
+
+enc_dec(1, Msg, N) ->
+    worker_loop(N, Msg);
+enc_dec(NumOfProcs,Msg, N) ->
+    pforeach(fun(_) ->
+		     worker_loop(N, Msg)
+	     end, [I || I <- lists:seq(1,NumOfProcs)]).
 
 worker_loop(0, _Msg) ->
     ok;
@@ -50,28 +232,24 @@ worker_loop(N, Msg) ->
 				     'NBAP-PDU',
 				     Msg),
     ?line {ok,_Msg}=asn1_wrapper:decode('NBAP-PDU-Discriptions',
-				     'NBAP-PDU',
-				     B),
+					'NBAP-PDU',
+					B),
     worker_loop(N - 1, Msg).
 
 
-wait_pids([]) -> 
-    ok;
-wait_pids(Pids) ->
+pforeach(Fun, List) ->
+    pforeach(Fun, List, []).
+pforeach(Fun, [], [{Pid,Ref}|Pids]) ->
     receive
-	Pid when is_pid(Pid) ->
-	    ?line true = lists:member(Pid,Pids),
-	    Others = lists:delete(Pid,Pids),
-	    io:format("wait_pid got ~p, still waiting for ~p\n",[Pid,Others]),
-	    wait_pids(Others);
-        Err ->
-	    io:format("Err: ~p~n",[Err]),
-	    ?line exit(Err)
-    end.
-
-sequential(N,Msg) ->
-     %%io:format("sequential encode/decode with N = ~p~n",[N]),
-     worker_loop(N,Msg).
+	{'DOWN', Ref, process, Pid, normal} ->
+	    pforeach(Fun, [], Pids)
+    end;
+pforeach(Fun, [H|T], Pids) ->
+    Pid = spawn(fun() -> Fun(H) end),
+    Ref = erlang:monitor(process, Pid),
+    pforeach(Fun, T, [{Pid, Ref}|Pids]);
+pforeach(_Fun,[],[]) ->
+    ok.
     
 -record('InitiatingMessage',{procedureCode,criticality,value}).
 -record('Iu-ReleaseCommand',{first,second}).
@@ -93,3 +271,21 @@ ticket7904(Config) ->
     ?line {ok,_} = 'RANAPextract1':encode('InitiatingMessage', Val1),
     asn1rt:unload_driver(),
     ?line {ok,_} = 'RANAPextract1':encode('InitiatingMessage', Val1).
+
+cert_pem() ->
+    'OTP-PUB-KEY':decode('Certificate',<<48,130,3,184,48,130,3,33,160,3,2,1,2,2,1,1,48,13,6,9,42,134,72,134,247,13,1,1,5,5,0,48,129,131,49,14,48,12,6,3,85,4,3,19,5,111,116,112,67,65,49,19,48,17,6,3,85,4,11,19,10,69,114,108,97,110,103,32,79,84,80,49,20,48,18,6,3,85,4,10,19,11,69,114,105,99,115,115,111,110,32,65,66,49,11,48,9,6,3,85,4,6,19,2,83,69,49,18,48,16,6,3,85,4,7,19,9,83,116,111,99,107,104,111,108,109,49,37,48,35,6,9,42,134,72,134,247,13,1,9,1,22,22,112,101,116,101,114,64,101,114,105,120,46,101,114,105,99,115,115,111,110,46,115,101,48,30,23,13,48,56,48,49,48,57,48,56,50,57,51,48,90,23,13,49,55,49,49,49,55,48,56,50,57,51,48,90,48,129,132,49,15,48,13,6,3,85,4,3,19,6,99,108,105,101,110,116,49,19,48,17,6,3,85,4,11,19,10,69,114,108,97,110,103,32,79,84,80,49,20,48,18,6,3,85,4,10,19,11,69,114,105,99,115,115,111,110,32,65,66,49,11,48,9,6,3,85,4,6,19,2,83,69,49,18,48,16,6,3,85,4,7,19,9,83,116,111,99,107,104,111,108,109,49,37,48,35,6,9,42,134,72,134,247,13,1,9,1,22,22,112,101,116,101,114,64,101,114,105,120,46,101,114,105,99,115,115,111,110,46,115,101,48,129,159,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,129,141,0,48,129,137,2,129,129,0,245,56,68,254,220,239,193,190,63,221,182,60,67,77,121,163,214,136,137,183,139,8,166,30,100,27,45,17,126,58,15,173,151,218,75,224,148,14,22,164,10,100,186,183,104,175,197,97,96,182,146,150,106,129,140,100,194,106,90,62,133,233,155,46,155,33,101,220,83,193,182,232,240,99,253,249,114,8,159,172,143,77,179,132,229,205,29,110,185,233,224,52,25,149,249,100,80,229,199,125,23,106,146,233,159,26,13,8,161,206,221,43,240,149,42,45,194,190,85,6,235,152,220,219,160,32,144,67,2,3,1,0,1,163,130,1,55,48,130,1,51,48,9,6,3,85,29,19,4,2,48,0,48,11,6,3,85,29,15,4,4,3,2,5,224,48,29,6,3,85,29,14,4,22,4,20,26,59,44,5,72,211,158,214,23,34,30,241,125,27,123,115,93,163,231,120,48,129,179,6,3,85,29,35,4,129,171,48,129,168,128,20,6,171,128,52,58,164,184,118,178,189,157,46,40,229,109,145,222,125,1,155,161,129,140,164,129,137,48,129,134,49,17,48,15,6,3,85,4,3,19,8,101,114,108,97,110,103,67,65,49,19,48,17,6,3,85,4,11,19,10,69,114,108,97,110,103,32,79,84,80,49,20,48,18,6,3,85,4,10,19,11,69,114,105,99,115,115,111,110,32,65,66,49,18,48,16,6,3,85,4,7,19,9,83,116,111,99,107,104,111,108,109,49,11,48,9,6,3,85,4,6,19,2,83,69,49,37,48,35,6,9,42,134,72,134,247,13,1,9,1,22,22,112,101,116,101,114,64,101,114,105,120,46,101,114,105,99,115,115,111,110,46,115,101,130,1,1,48,33,6,3,85,29,17,4,26,48,24,129,22,112,101,116,101,114,64,101,114,105,120,46,101,114,105,99,115,115,111,110,46,115,101,48,33,6,3,85,29,18,4,26,48,24,129,22,112,101,116,101,114,64,101,114,105,120,46,101,114,105,99,115,115,111,110,46,115,101,48,13,6,9,42,134,72,134,247,13,1,1,5,5,0,3,129,129,0,93,11,112,227,121,15,121,179,247,135,110,216,17,197,84,18,149,166,147,142,190,178,0,209,190,0,142,233,144,100,194,205,220,182,73,204,108,42,95,23,48,63,4,120,239,42,194,25,184,35,117,107,96,229,18,45,76,122,125,40,171,210,132,50,146,178,160,55,17,35,255,208,114,30,47,55,185,154,155,165,204,180,14,143,20,234,6,234,201,225,72,235,5,87,61,255,250,23,217,1,144,246,98,221,223,102,49,168,177,13,70,241,26,27,254,251,217,14,244,18,242,197,151,50,186,214,15,42>>).
+
+dsa_pem() ->
+    'OTP-PUB-KEY':decode('DSAPrivateKey',<<48,130,1,187,2,1,0,2,129,129,0,183,179,230,217,37,99,144,157,21,228,204,162,207,61,246,144,58,139,139,184,184,43,108,206,0,115,173,208,100,233,201,121,21,90,179,119,53,140,25,52,34,202,121,211,164,107,43,56,68,162,159,51,244,232,138,126,164,109,121,89,237,142,57,28,32,188,44,67,253,111,121,104,40,141,211,255,140,118,37,234,150,201,155,160,16,17,51,59,26,249,41,129,16,211,119,128,95,254,182,235,132,0,92,206,93,77,106,217,201,132,203,4,75,201,246,204,216,162,1,84,79,211,10,21,152,195,103,145,2,21,0,213,30,184,86,247,16,247,69,192,241,35,138,84,57,140,3,71,65,206,233,2,129,129,0,148,179,24,63,74,91,128,25,96,29,5,78,223,246,175,0,121,86,54,178,42,231,98,241,147,180,157,60,149,160,50,243,227,76,175,89,234,203,252,242,76,108,9,204,157,182,59,206,227,127,99,215,42,156,194,78,116,25,7,62,243,169,45,5,101,179,247,127,199,144,135,103,23,42,154,125,231,248,154,101,175,155,101,42,232,41,80,41,47,128,208,11,31,106,63,12,202,207,135,80,200,136,250,171,31,118,52,91,200,138,112,111,179,23,214,123,21,118,194,179,0,185,217,52,197,182,236,13,2,129,128,124,66,0,111,121,139,142,209,95,136,95,237,177,150,248,252,49,135,117,100,155,232,138,244,132,89,40,5,70,125,202,96,78,239,76,37,125,149,82,64,107,54,227,73,25,180,227,41,0,234,73,47,80,242,242,129,250,61,68,62,39,38,156,193,146,40,241,247,106,215,223,202,194,110,130,62,186,90,18,28,196,174,99,47,193,61,130,100,150,25,248,115,164,231,153,99,46,69,66,139,33,187,51,49,35,219,234,29,44,172,166,247,42,16,177,187,9,162,81,243,33,26,100,46,78,57,203,135,2,20,89,128,159,14,187,249,182,172,15,88,162,110,211,71,179,209,29,125,217,38>>),
+    'OTP-PUB-KEY':decode('SubjectPublicKeyInfo',<<48,130,1,183,48,130,1,44,6,7,42,134,72,206,56,4,1,48,130,1,31,2,129,129,0,183,179,230,217,37,99,144,157,21,228,204,162,207,61,246,144,58,139,139,184,184,43,108,206,0,115,173,208,100,233,201,121,21,90,179,119,53,140,25,52,34,202,121,211,164,107,43,56,68,162,159,51,244,232,138,126,164,109,121,89,237,142,57,28,32,188,44,67,253,111,121,104,40,141,211,255,140,118,37,234,150,201,155,160,16,17,51,59,26,249,41,129,16,211,119,128,95,254,182,235,132,0,92,206,93,77,106,217,201,132,203,4,75,201,246,204,216,162,1,84,79,211,10,21,152,195,103,145,2,21,0,213,30,184,86,247,16,247,69,192,241,35,138,84,57,140,3,71,65,206,233,2,129,129,0,148,179,24,63,74,91,128,25,96,29,5,78,223,246,175,0,121,86,54,178,42,231,98,241,147,180,157,60,149,160,50,243,227,76,175,89,234,203,252,242,76,108,9,204,157,182,59,206,227,127,99,215,42,156,194,78,116,25,7,62,243,169,45,5,101,179,247,127,199,144,135,103,23,42,154,125,231,248,154,101,175,155,101,42,232,41,80,41,47,128,208,11,31,106,63,12,202,207,135,80,200,136,250,171,31,118,52,91,200,138,112,111,179,23,214,123,21,118,194,179,0,185,217,52,197,182,236,13,3,129,132,0,2,129,128,124,66,0,111,121,139,142,209,95,136,95,237,177,150,248,252,49,135,117,100,155,232,138,244,132,89,40,5,70,125,202,96,78,239,76,37,125,149,82,64,107,54,227,73,25,180,227,41,0,234,73,47,80,242,242,129,250,61,68,62,39,38,156,193,146,40,241,247,106,215,223,202,194,110,130,62,186,90,18,28,196,174,99,47,193,61,130,100,150,25,248,115,164,231,153,99,46,69,66,139,33,187,51,49,35,219,234,29,44,172,166,247,42,16,177,187,9,162,81,243,33,26,100,46,78,57,203,135>>),
+    'OTP-PUB-KEY':decode('DSAParams',<<48,130,1,31,2,129,129,0,183,179,230,217,37,99,144,157,21,228,204,162,207,61,246,144,58,139,139,184,184,43,108,206,0,115,173,208,100,233,201,121,21,90,179,119,53,140,25,52,34,202,121,211,164,107,43,56,68,162,159,51,244,232,138,126,164,109,121,89,237,142,57,28,32,188,44,67,253,111,121,104,40,141,211,255,140,118,37,234,150,201,155,160,16,17,51,59,26,249,41,129,16,211,119,128,95,254,182,235,132,0,92,206,93,77,106,217,201,132,203,4,75,201,246,204,216,162,1,84,79,211,10,21,152,195,103,145,2,21,0,213,30,184,86,247,16,247,69,192,241,35,138,84,57,140,3,71,65,206,233,2,129,129,0,148,179,24,63,74,91,128,25,96,29,5,78,223,246,175,0,121,86,54,178,42,231,98,241,147,180,157,60,149,160,50,243,227,76,175,89,234,203,252,242,76,108,9,204,157,182,59,206,227,127,99,215,42,156,194,78,116,25,7,62,243,169,45,5,101,179,247,127,199,144,135,103,23,42,154,125,231,248,154,101,175,155,101,42,232,41,80,41,47,128,208,11,31,106,63,12,202,207,135,80,200,136,250,171,31,118,52,91,200,138,112,111,179,23,214,123,21,118,194,179,0,185,217,52,197,182,236,13>>),
+    'OTP-PUB-KEY':decode('DSAPublicKey',<<2,129,128,124,66,0,111,121,139,142,209,95,136,95,237,177,150,248,252,49,135,117,100,155,232,138,244,132,89,40,5,70,125,202,96,78,239,76,37,125,149,82,64,107,54,227,73,25,180,227,41,0,234,73,47,80,242,242,129,250,61,68,62,39,38,156,193,146,40,241,247,106,215,223,202,194,110,130,62,186,90,18,28,196,174,99,47,193,61,130,100,150,25,248,115,164,231,153,99,46,69,66,139,33,187,51,49,35,219,234,29,44,172,166,247,42,16,177,187,9,162,81,243,33,26,100,46,78,57,203,135>>),
+    'OTP-PUB-KEY':encode('DSAParams',{params,{'Dss-Parms',129000451850199666185842362389296595317127259539517666765336291347244303954511451744518587442120964433734460998523119938005801396466878889993179871123036311260456172022864663021425348874648247531097042575063545128239655736096045972718934778583429973433661785691086624069991876932064334822608460064613803976593,1216700114794736143432235288305776850295620488937,104420402274523493329542694749036577763086597934731674202966304958550599470165597750883637440049774107540742087494301536297571301945349213110548764383811017178451900599240379681904765817950545426764751538502808499880604633364255316249231153053427235538288687666086821781456733226598288985591031656134573747213}}),
+    'OTP-PUB-KEY':encode(
+      'SubjectPublicKeyInfo',
+      {'SubjectPublicKeyInfo',
+       {'AlgorithmIdentifier',
+        {1,2,840,10040,4,1},
+        <<48,130,1,31,2,129,129,0,183,179,230,217,37,99,144,157,21,228,204,162,207,61,246,144,58,139,139,184,184,43,108,206,0,115,173,208,100,233,201,121,21,90,179,119,53,140,25,52,34,202,121,211,164,107,43,56,68,162,159,51,244,232,138,126,164,109,121,89,237,142,57,28,32,188,44,67,253,111,121,104,40,141,211,255,140,118,37,234,150,201,155,160,16,17,51,59,26,249,41,129,16,211,119,128,95,254,182,235,132,0,92,206,93,77,106,217,201,132,203,4,75,201,246,204,216,162,1,84,79,211,10,21,152,195,103,145,2,21,0,213,30,184,86,247,16,247,69,192,241,35,138,84,57,140,3,71,65,206,233,2,129,129,0,148,179,24,63,74,91,128,25,96,29,5,78,223,246,175,0,121,86,54,178,42,231,98,241,147,180,157,60,149,160,50,243,227,76,175,89,234,203,252,242,76,108,9,204,157,182,59,206,227,127,99,215,42,156,194,78,116,25,7,62,243,169,45,5,101,179,247,127,199,144,135,103,23,42,154,125,231,248,154,101,175,155,101,42,232,41,80,41,47,128,208,11,31,106,63,12,202,207,135,80,200,136,250,171,31,118,52,91,200,138,112,111,179,23,214,123,21,118,194,179,0,185,217,52,197,182,236,13>>},
+       {0,
+	<<2,129,128,124,66,0,111,121,139,142,209,95,136,95,237,177,150,248,252,49,135,117,100,155,232,138,244,132,89,40,5,70,125,202,96,78,239,76,37,125,149,82,64,107,54,227,73,25,180,227,41,0,234,73,47,80,242,242,129,250,61,68,62,39,38,156,193,146,40,241,247,106,215,223,202,194,110,130,62,186,90,18,28,196,174,99,47,193,61,130,100,150,25,248,115,164,231,153,99,46,69,66,139,33,187,51,49,35,219,234,29,44,172,166,247,42,16,177,187,9,162,81,243,33,26,100,46,78,57,203,135>>}}).
diff --git a/lib/asn1/test/ber_decode_error.erl b/lib/asn1/test/ber_decode_error.erl
index 96d6545636..a566e0b07f 100644
--- a/lib/asn1/test/ber_decode_error.erl
+++ b/lib/asn1/test/ber_decode_error.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -45,6 +45,10 @@ run([]) ->
 run([driver]) ->
     %% test of OTP-4797, bad indata to driver does not cause an EXIT
     ?line {error,_Reason} = asn1rt:decode('Constructed','S3',[3,5]),
+    ok;
+run([nif]) ->
+    %% test of OTP-4797, bad indata to driver does not cause an EXIT
+    ?line {error,_Reason} = asn1rt:decode('Constructed','S3',[3,5]),
     ok.
 
 
diff --git a/lib/asn1/test/testPrim.erl b/lib/asn1/test/testPrim.erl
index 97f99e7b1c..39c1e4d1d8 100644
--- a/lib/asn1/test/testPrim.erl
+++ b/lib/asn1/test/testPrim.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -37,21 +37,10 @@ compile(Config,Rules,Opt) ->
     ?line DataDir = ?config(data_dir,Config),
     ?line OutDir = ?config(priv_dir,Config),
     ?line true = code:add_patha(?config(priv_dir,Config)),
-    case Opt of
-	[optimize] ->
-	    ?line ok = asn1ct:compile(DataDir ++ "Prim",
-				      [Rules,optimize,{outdir,OutDir}]),
-	    ?line ok = asn1ct:compile(DataDir ++ "Real",
-				      [Rules,optimize,{outdir,OutDir}]);
-	__ ->
-	    ?line ok = asn1ct:compile(DataDir ++ "Prim",
-				      [Rules,{outdir,OutDir}]),
-	    ?line ok = asn1ct:compile(DataDir ++ "Real",
-				      [Rules,{outdir,OutDir}])
-    end.
-
-
-
+    ?line ok = asn1ct:compile(DataDir ++ "Prim",
+			      [Rules,{outdir,OutDir}] ++ Opt),
+    ?line ok = asn1ct:compile(DataDir ++ "Real",
+			      [Rules,{outdir,OutDir}] ++ Opt).
 
 bool(Rules) ->
 
diff --git a/lib/asn1/vsn.mk b/lib/asn1/vsn.mk
index b1132155e6..ae92fcb11b 100644
--- a/lib/asn1/vsn.mk
+++ b/lib/asn1/vsn.mk
@@ -1,2 +1,2 @@
 #next version number to use is 1.6.15 | 1.7 | 2.0
-ASN1_VSN = 1.6.18
+ASN1_VSN = 1.6.19
diff --git a/lib/common_test/doc/src/Makefile b/lib/common_test/doc/src/Makefile
index 3ea6ae65d5..d9651f13b0 100644
--- a/lib/common_test/doc/src/Makefile
+++ b/lib/common_test/doc/src/Makefile
@@ -61,6 +61,7 @@ XML_PART_FILES = part.xml
 
 XML_CHAPTER_FILES = \
 	basics_chapter.xml \
+	getting_started_chapter.xml \
 	install_chapter.xml \
 	write_test_chapter.xml \
 	test_structure_chapter.xml \
@@ -80,7 +81,10 @@ MAKE_EDOC = make_edoc
 
 BOOK_FILES = book.xml
 
-GIF_FILES =
+GIF_FILES = \
+	tc_execution.gif \
+	config.gif \
+	html_logs.gif
 
 INSTALL_NOTES = ../../notes.html
 
@@ -138,12 +142,6 @@ man: $(MAN6_FILES) $(MAN3_FILES) $(MAN1_FILES)
 
 debug opt: 
 
-#
-# checkout make.dep before generating new dependecies
-#
-#make_doc_depend: xml
-#	docdepend > make.dep
-
 clean clean_docs:
 	rm -f $(CT_XML_FILES)
 	rm -rf $(HTMLDIR)/*
@@ -176,12 +174,3 @@ release_docs_spec: docs
 release_spec:
 
 release_tests_spec:
-
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-include make.dep
-# DO NOT DELETE
-
-
diff --git a/lib/common_test/doc/src/basics_chapter.xml b/lib/common_test/doc/src/basics_chapter.xml
index c1bb365b1f..20141d2561 100644
--- a/lib/common_test/doc/src/basics_chapter.xml
+++ b/lib/common_test/doc/src/basics_chapter.xml
@@ -28,54 +28,65 @@
     <rev></rev>
     <file>basics_chapter.xml</file>
   </header>
-
+  <marker id="basics"></marker>
   <section>
     <title>Introduction</title>
 
-    <p>
-      The Common Test framework (CT) is a tool which can support
-      implementation and automated execution of test cases towards different
-      types of target systems. The framework is based on the OTP Test
-      Server. Test cases can be run individually or in batches. Common
-      Test also features a distributed testing mode with central
-      control and logging. This feature makes it possible to test
-      multiple systems independently in one common session. This
-      can be very useful e.g. for running automated large-scale regression 
-      tests.
+    <p>The <em>Common Test</em> framework (CT) is a tool which supports
+      implementation and automated execution of test cases towards arbitrary
+      types of target systems. The CT framework is based on the OTP Test
+      Server and it's the main tool being used in all testing- and verification
+      activities that are part of Erlang/OTP system development- and maintenance.
+    </p>
+
+    <p>Test cases can be executed individually or in batches. Common Test
+      also features a distributed testing mode with central control and logging
+      (a feature that makes it possible to test multiple systems independently in
+      one common session, useful e.g. for running automated large-scale regression
+      tests).
     </p>
 
     <p>
       The SUT (System Under Test) may consist of one or several target
-      nodes.  CT contains a generic test server which together with
-      other test utilities is used to perform test case execution. 
-      It is possible to start the tests from the CT GUI or from an OS- or
-      Erlang shell prompt. <em>Test suites</em> are files (Erlang
+      nodes. CT contains a generic test server which, together with
+      other test utilities, is used to perform test case execution. 
+      It is possible to start the tests from a GUI or from the OS- or
+      Erlang shell. <em>Test suites</em> are files (Erlang
       modules) that contain the <em>test cases</em> (Erlang functions)
       to be executed. <em>Support modules</em> provide functions
       that the test cases utilize in order to carry out the tests.
     </p>
     
-    <p>
-      The main idea is that CT based test programs connect to
-      the target system(s) via standard O&amp;M interfaces. CT
-      provides implementations and wrappers of some of these O&amp;M
-      interfaces and will be extended with more interfaces later. 
-      There are a number of target independent interfaces
-      supported in CT such as Generic Telnet, FTP etc. which can be
-      specialized or used directly for controlling instruments, 
-      traffic generators etc.</p> 
+    <p>In a black-box testing scenario, CT based test programs connect to
+      the target system(s) via standard O&amp;M and CLI protocols. CT
+      provides implementations of, and wrapper interfaces to, some of these
+      protocols (most of which exist as stand-alone components and
+      applications in OTP). The wrappers simplify configuration and add
+      verbosity for logging purposes. CT will be continously extended with
+      useful support modules. (Note however that it's
+      a straightforward task to use any arbitrary Erlang/OTP component
+      for testing purposes with Common Test, without needing a CT wrapper
+      for it. It's as simple as calling Erlang functions). There
+      are a number of target independent interfaces supported in CT, such as
+      Generic Telnet, FTP, etc, which can be specialized or used
+      directly for controlling instruments, traffic load generators, etc.
+    </p> 
     
     <p>Common Test is also a very useful tool for white-box testing Erlang
-      code since the test programs can call Erlang API functions directly. 
-      For black-box testing Erlang software, Erlang RPC as well as 
-      standard O&amp;M interfaces can be used.
+      code (e.g. module testing), since the test programs can call exported Erlang
+      functions directly and there's very little overhead required for
+      implementing basic test suites and executing simple tests. For black-box
+      testing Erlang software, Erlang RPC as well as standard O&amp;M interfaces
+      can for example be used.
     </p>
     
     <p>A test case can handle several connections towards one or
       several target systems, instruments and traffic generators in
       parallel in order to perform the necessary actions for a
       test. The handling of many connections in parallel is one of
-      the major strengths of Common Test!      
+      the major strengths of Common Test (thanks to the efficient
+      support for concurrency in the Erlang runtime system - which CT users
+      can take great advantage of!).
     </p>
   </section>
 
@@ -186,7 +197,7 @@
     
     <taglist>
       <tag>all()</tag>
-        <item>Returns a list of all test cases in the suite. (Mandatory)</item>
+        <item>Returns a list of all test cases and groups in the suite. (Mandatory)</item>
       <tag>suite()</tag>
         <item>Info function used to return properties for the suite. (Optional)</item>
       <tag>groups()</tag>
@@ -197,12 +208,14 @@
       <tag>end_per_suite(Config)</tag>
         <item>Suite level configuration function, executed after the last 
 	test case. (Optional)</item>
+      <tag>group(GroupName)</tag>
+        <item>Info function used to return properties for a test case group. (Optional)</item>	
       <tag>init_per_group(GroupName, Config)</tag>
         <item>Configuration function for a group, executed before the first 
-	test case. (Mandatory if groups are defined)</item>
+	test case. (Optional)</item>
       <tag>end_per_group(GroupName, Config)</tag>
         <item>Configuration function for a group, executed after the last 
-	test case. (Mandatory if groups are defined)</item>
+	test case. (Optional)</item>
       <tag>init_per_testcase(TestCase, Config)</tag>
         <item>Configuration function for a testcase, executed before each 
 	test case. (Optional)</item>
diff --git a/lib/common_test/doc/src/common_test_app.xml b/lib/common_test/doc/src/common_test_app.xml
index f58b2ab0a9..c7f6c7ce5c 100644
--- a/lib/common_test/doc/src/common_test_app.xml
+++ b/lib/common_test/doc/src/common_test_app.xml
@@ -69,12 +69,25 @@
   
   <funcs>
     <func>
-      <name>Module:all() -> TestCases | {skip,Reason} </name>
-      <fsummary>Returns the list of all test cases in the module.</fsummary>
+      <name>Module:all() -> Tests | {skip,Reason} </name>
+      <fsummary>Returns the list of all test case groups and test cases
+	in the module.</fsummary>
       <type>
-	<v>TestCases = [atom() | {group,GroupName}]</v>
-	<v>Reason = term()</v>
+	<v>Tests = [TestCase | {group,GroupName} |
+	            {group,GroupName,Properties} |
+	            {group,GroupName,Properties,SubGroups}]</v>
+	<v>TestCase = atom()</v>
 	<v>GroupName = atom()</v>
+	<v>Properties = [parallel | sequence | Shuffle | {RepeatType,N}] |
+	                default</v>
+	<v>SubGroups = [{GroupName,Properties} |
+	                {GroupName,Properties,SubGroups}]</v>
+	<v>Shuffle = shuffle | {shuffle,Seed}</v>
+	<v>Seed = {integer(),integer(),integer()}</v>
+	<v>RepeatType = repeat | repeat_until_all_ok | repeat_until_all_fail |
+                        repeat_until_any_ok | repeat_until_any_fail</v>
+	<v>N = integer() | forever</v>
+	<v>Reason = term()</v>
       </type>
       
       <desc>	
@@ -85,9 +98,14 @@
 	  This list also specifies the order the cases and groups will
 	  be executed by Common Test. A test case is represented by an atom,
 	  the name of the test case function. A test case group is
-	  represented by a <c>{group,GroupName}</c> tuple, where 
-	  <c>GroupName</c>, an atom, is the name of the group (defined
-	  with <c>groups/0</c>).</p>
+	  represented by a <c>group</c> tuple, where <c>GroupName</c>,
+	  an atom, is the name of the group (defined in <c>groups/0</c>).
+	  Execution properties for groups may also be specified, both
+	  for a top level group and for any of its sub-groups.
+	  Group execution properties specified here, will override
+	  properties in the group definition (see <c>groups/0</c>).
+	  (With value <c>default</c>, the group definition properties
+	  will be used).</p>
 	
 	<p> If <c>{skip,Reason}</c> is returned, all test cases
           in the module will be skipped, and the <c>Reason</c> will
@@ -120,14 +138,16 @@
       <desc>	
 	<p> OPTIONAL </p>
 	
-	<p>See <seealso marker="write_test_chapter#test_case_groups">Test case 
+	<p>Function for defining test case groups. Please see
+	  <seealso marker="write_test_chapter#test_case_groups">Test case 
 	  groups</seealso> in the User's Guide for details.</p>      
       </desc>
     </func>
 
       <func>
 	<name>Module:suite() -> [Info] </name>
-	<fsummary>Test suite info function (providing default data for the suite).</fsummary>
+	<fsummary>Test suite info function (providing default data
+	  for the suite).</fsummary>
 	<type>
 	<v> Info = {timetrap,Time} | {require,Required} | 
 	    {require,Name,Required} | {userdata,UserData} |
@@ -160,11 +180,11 @@
 	  
 	<p>This is the test suite info function. It is supposed to 
 	  return a list of tagged tuples that specify various properties
-	  regarding the execution of this test suite (common for all
+	  related to the execution of this test suite (common for all
 	  test cases in the suite).</p>
 	  
 	<p>The <c>timetrap</c> tag sets the maximum time each
-	  test case is allowed to take (including <c>init_per_testcase/2</c>
+	  test case is allowed to execute (including <c>init_per_testcase/2</c>
 	  and <c>end_per_testcase/2</c>). If the timetrap time is
 	  exceeded, the test case fails with reason
 	  <c>timetrap_timeout</c>. If a <c>TimeFunc</c> function is specified,
@@ -172,9 +192,9 @@
 	  <c>TimeVal</c> format.</p>
 	
 	<p>The <c>require</c> tag specifies configuration variables
-	  that are required by test cases in the suite. If the required
-	  configuration variables are not found in any of the
-	  configuration files, all test cases are skipped. For more
+	  that are required by test cases (and/or configuration functions)
+	  in the suite. If the required configuration variables are not found
+	  in any of the configuration files, all test cases are skipped. For more
 	  information about the 'require' functionality, see the
 	  reference manual for the function
 	  <c>ct:require/[1,2]</c>.</p>
@@ -196,8 +216,9 @@
     </func>
 
       <func>
-	<name>Module:init_per_suite(Config) -> NewConfig | {skip,Reason} | {skip_and_save,Reason,SaveConfig}</name>
-	<fsummary>Test suite initialization.</fsummary>
+	<name>Module:init_per_suite(Config) -> NewConfig | {skip,Reason} |
+	  {skip_and_save,Reason,SaveConfig}</name>
+	<fsummary>Test suite initializations.</fsummary>
 	<type>
 	  <v> Config = NewConfig = SaveConfig = [{Key,Value}]</v>
 	  <v> Key = atom()</v>
@@ -208,15 +229,15 @@
 	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called as the first function in the
-	  suite. It typically contains initialization which is common for
+	  <p>This configuration function is called as the first function in the
+	  suite. It typically contains initializations which are common for
 	  all test cases in the suite, and which shall only be done
-	  once. The <c>Config</c> parameter is the configuration
+	  once. The <c>Config</c> parameter is the configuration data
 	  which can be modified here. Whatever is returned from this
 	  function is given as <c>Config</c> to all configuration functions
 	  and test cases in the suite. If <c>{skip,Reason}</c> 
-	  is returned, all test cases in the suite will be skipped and <c>Reason</c> 
-	  printed in the overview log for the suite.</p>
+	  is returned, all test cases in the suite will be skipped
+	  and <c>Reason</c> printed in the overview log for the suite.</p>
 	  <p>For information on <c>save_config</c> and <c>skip_and_save</c>, 
 	  please see 
 	  <seealso marker="dependencies_chapter#save_config">Dependencies 
@@ -224,29 +245,106 @@
     </desc>      
     </func>
       
-      <func>
-	<name>Module:end_per_suite(Config) -> void() | {save_config,SaveConfig}</name>
-	<fsummary>Test suite finalization. </fsummary>
-	<type>
-	  <v> Config = SaveConfig = [{Key,Value}]</v>
-	  <v> Key = atom()</v>
-	  <v> Value = term()</v>
-	</type>
+    <func>
+      <name>Module:end_per_suite(Config) -> void() | 
+	{save_config,SaveConfig}</name>
+      <fsummary>Test suite finalization. </fsummary>
+      <type>
+	<v> Config = SaveConfig = [{Key,Value}]</v>
+	<v> Key = atom()</v>
+	<v> Value = term()</v>
+      </type>
+      
+      <desc>	
+	<p> OPTIONAL </p>
 	
+	<p>This function is called as the last test case in the
+	  suite. It is meant to be used for cleaning up after
+	  <c>init_per_suite/1</c>.
+	  For information on <c>save_config</c>, please see 
+	  <seealso marker="dependencies_chapter#save_config">Dependencies
+	    between Test Cases and Suites</seealso> in the User's Guide.</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>Module:group(GroupName) -> [Info] </name>
+      <fsummary>Test case group info function (providing default data
+	for a test case group, i.e. its test cases and sub-groups).</fsummary>
+      <type>
+	<v> Info = {timetrap,Time} | {require,Required} | 
+	  {require,Name,Required} | {userdata,UserData} |
+	  {silent_connections,Conns} | {stylesheet,CSSFile} | 
+	  {ct_hooks, CTHs}</v>
+	<v> Time = TimeVal | TimeFunc</v>
+	<v> TimeVal = MilliSec | {seconds,integer()} | {minutes,integer()} |
+	  {hours,integer()}</v>
+	<v> TimeFunc = {Mod,Func,Args} | Fun</v>
+	<v> MilliSec = integer()</v>
+	<v> Mod = atom()</v>
+	<v> Func = atom()</v>
+	<v> Args = list()</v>
+	<v> Fun = fun()</v>
+	<v> Required = Key | {Key,SubKeys}</v>
+	<v> Key = atom()</v>
+	<v> SubKeys = SubKey | [SubKey]</v>
+	<v> SubKey = atom()</v>
+	<v> Name = atom()</v>
+	<v> UserData = term()</v>
+	<v> Conns = [atom()]</v>
+	<v> CSSFile = string()</v>
+	<v> CTHs = [CTHModule | {CTHModule, CTHInitArgs} |
+	  {CTHModule, CTHInitArgs, CTHPriority}]</v>
+	<v> CTHModule = atom()</v>
+	<v> CTHInitArgs = term()</v>
+	</type>
 	<desc>	
+	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called as the last test case in the
-	    suite. It is meant to be used for cleaning up after <c>init_per_suite/1</c>.
-	    For information on <c>save_config</c>, please see 
-	    <seealso marker="dependencies_chapter#save_config">Dependencies between 
-	    Test Cases and Suites</seealso> in the User's Guide.</p>
-    </desc>
+	<p>This is the test case group info function. It is supposed to 
+	  return a list of tagged tuples that specify various properties
+	  related to the execution of a test case group (i.e. its test cases
+	  and sub-groups). Properties set by <c>groups/1</c> override
+	  properties with the same key that have been previously set by
+	  <c>suite/0</c>.</p>
+	  
+	<p>The <c>timetrap</c> tag sets the maximum time each
+	  test case is allowed to execute (including <c>init_per_testcase/2</c>
+	  and <c>end_per_testcase/2</c>). If the timetrap time is
+	  exceeded, the test case fails with reason
+	  <c>timetrap_timeout</c>. If a <c>TimeFunc</c> function is specified,
+	  it will be called initially and must return a value on
+	  <c>TimeVal</c> format.</p>
+	
+	<p>The <c>require</c> tag specifies configuration variables
+	  that are required by test cases (and/or configuration functions)
+	  in the suite. If the required configuration variables are not found
+	  in any of the configuration files, all test cases in this group are skipped.
+	  For more information about the 'require' functionality, see the
+	  reference manual for the function
+	  <c>ct:require/[1,2]</c>.</p>
+
+	<p>With <c>userdata</c>, it is possible for the user to
+	  specify arbitrary test case group related information which can be 
+	  read by calling <c>ct:userdata/2</c>.</p>
+
+	  <p>The <c>ct_hooks</c> tag specifies which 
+	  <seealso marker="ct_hooks_chapter">Common Test Hooks</seealso>
+	  are to be run together with this suite.</p>
+	
+	<p>Other tuples than the ones defined will simply be ignored.</p>
+
+	<p>For more information about the test case group info function,
+	  see <seealso marker="write_test_chapter#suite">Test
+	  case group info function</seealso> in the User's Guide.</p>
+    </desc>      
     </func>
 
       <func>
-	<name>Module:init_per_group(GroupName, Config) -> NewConfig | {skip,Reason}</name>
-	<fsummary>Test case group initialization.</fsummary>
+	<name>Module:init_per_group(GroupName, Config) -> NewConfig |
+	  {skip,Reason}</name>
+	<fsummary>Test case group initializations.</fsummary>
 	<type>
 	  <v> GroupName = atom()</v>
 	  <v> Config = NewConfig = [{Key,Value}]</v>
@@ -258,16 +356,16 @@
 	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called before execution of a test case group.
-	  It typically contains initialization which is common for
-	  all test cases in the group, and which shall only be performed
-	  once. <c>GroupName</c> is the name of the group, as specified in
-	  the group definition (see <c>groups/0</c>). The <c>Config</c> 
-	  parameter is the configuration which can be modified here. 
-	  Whatever is returned from this function is given as <c>Config</c> 
-	  to all test cases in the group. If <c>{skip,Reason}</c> is returned, 
-	  all test cases in the group will be skipped and <c>Reason</c> printed
-	  in the overview log for the group.</p>
+	  <p>This configuration function is called before execution of a
+	    test case group. It typically contains initializations which are 
+	    common for all test cases and sub-groups in the group, and which
+	    shall only be performed once. <c>GroupName</c> is the name of the
+	    group, as specified in the group definition (see <c>groups/0</c>). The
+	    <c>Config</c> parameter is the configuration data which can be modified
+	    here. The return value of this function is given as <c>Config</c> 
+	    to all test cases and sub-groups in the group. If <c>{skip,Reason}</c>
+	    is returned, all test cases in the group will be skipped and
+	    <c>Reason</c> printed in the overview log for the group.</p>
 
 	  <p>For information about test case groups, please see 
 	    <seealso marker="write_test_chapter#test_case_groups">Test case 
@@ -276,7 +374,8 @@
     </func>
       
       <func>
-	<name>Module:end_per_group(GroupName, Config) -> void() | {return_group_result,Status}</name>
+	<name>Module:end_per_group(GroupName, Config) -> void() |
+	  {return_group_result,Status}</name>
 	<fsummary>Test case group finalization.</fsummary>
 	<type>
 	  <v> GroupName = atom()</v>
@@ -305,7 +404,7 @@
 
       <func>
 	<name>Module:init_per_testcase(TestCase, Config) -> NewConfig | {fail,Reason} | {skip,Reason}</name>
-	<fsummary>Test case initialization.</fsummary>
+	<fsummary>Test case initializations.</fsummary>
 	<type>
 	  <v> TestCase = atom()</v>
 	  <v> Config = NewConfig = [{Key,Value}]</v>
@@ -385,10 +484,13 @@
 	  
 	<p>This is the test case info function. It is supposed to 
 	  return a list of tagged tuples that specify various properties
-	  regarding the execution of this particular test case.</p>
+	  related to the execution of this particular test case.
+	  Properties set by <c>Testcase/0</c> override
+	  properties that have been previously set for the test case
+	  by <c>group/1</c> or <c>suite/0</c>.</p>
 	  
 	<p>The <c>timetrap</c> tag sets the maximum time the
-	  test case is allowed to take. If the timetrap time is
+	  test case is allowed to execute. If the timetrap time is
 	  exceeded, the test case fails with reason
 	  <c>timetrap_timeout</c>. <c>init_per_testcase/2</c>
 	  and <c>end_per_testcase/2</c> are included in the
@@ -397,16 +499,16 @@
 	  and must return a value on <c>TimeVal</c> format.</p>
 	
 	<p>The <c>require</c> tag specifies configuration variables
-	  that are required by the test case. If the required
-	  configuration variables are not found in any of the
+	  that are required by the test case (and/or <c>init/end_per_testcase/2</c>).
+	  If the required configuration variables are not found in any of the
 	  configuration files, the test case is skipped. For more
 	  information about the 'require' functionality, see the
 	  reference manual for the function
 	  <c>ct:require/[1,2]</c>.</p>
 
 	<p>If <c>timetrap</c> and/or <c>require</c> is not set, the
-	  default values specified in the <c>suite/0</c> return list
-	  will be used.</p>
+	  default values specified by <c>suite/0</c> (or
+	  <c>group/1</c>) will be used.</p>
 
 	<p>With <c>userdata</c>, it is possible for the user to
 	  specify arbitrary test case related information which can be 
@@ -438,12 +540,12 @@
 	<p>This is the implementation of a test case. Here you must
 	  call the functions you want to test, and do whatever you
 	  need to check the result. If something fails, make sure the
-	  function causes a runtime error, or call <c>ct:fail/[0,1]</c> 
-	  (which also causes the test case process to crash).</p>
+	  function causes a runtime error, or call <c>ct:fail/1/2</c> 
+	  (which also causes the test case process to terminate).</p>
 	
-	<p>Elements from the <c>Config</c> parameter can be read
-	  with the <c>?config</c> macro. The <c>config</c>
-	  macro is defined in <c>ct.hrl</c></p>
+	<p>Elements from the <c>Config</c> list can e.g. be read
+	  with <c>proplists:get_value/2</c> (or the macro <c>?config</c>
+	  defined in <c>ct.hrl</c>).</p>
 
 	<p>You can return <c>{skip,Reason}</c> if you decide not to
 	  run the test case after all. <c>Reason</c> will then be
diff --git a/lib/common_test/doc/src/config.gif b/lib/common_test/doc/src/config.gif
new file mode 100644
index 0000000000..ac8006c4fb
--- /dev/null
+++ b/lib/common_test/doc/src/config.gif
diff --git a/lib/common_test/doc/src/config_file_chapter.xml b/lib/common_test/doc/src/config_file_chapter.xml
index 6fc6638bf7..6a860bb58b 100644
--- a/lib/common_test/doc/src/config_file_chapter.xml
+++ b/lib/common_test/doc/src/config_file_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/common_test/doc/src/ct_hooks.xml b/lib/common_test/doc/src/ct_hooks.xml
index f9fc1858d0..b98c04a850 100644
--- a/lib/common_test/doc/src/ct_hooks.xml
+++ b/lib/common_test/doc/src/ct_hooks.xml
@@ -37,12 +37,6 @@
 
   <description>
 
-    <warning><p>This feature is in alpha release right now. This means that the 
-	interface may change in the future and that there may be bugs. We 
-	encourage you to use this feature, but be prepared 
-	that there might be bugs and that the interface might change
-	inbetween releases.</p></warning>
-
     <p>The <em>Common Test Hook</em> (henceforth called CTH) framework allows 
       extensions of the default behaviour of Common Test by means of callbacks 
       before and after all test suite calls. It is meant for advanced users of
diff --git a/lib/common_test/doc/src/ct_hooks_chapter.xml b/lib/common_test/doc/src/ct_hooks_chapter.xml
index dbb4310040..8505ee8469 100644
--- a/lib/common_test/doc/src/ct_hooks_chapter.xml
+++ b/lib/common_test/doc/src/ct_hooks_chapter.xml
@@ -32,11 +32,6 @@
   <marker id="general"></marker>
   <section>
     <title>General</title>
-    <warning><p>This feature is in alpha release right now. This means that the 
-	interface may change in the future and that there may be bugs. We 
-	encourage you to use this feature, but be prepared 
-	that there might be bugs and that the interface might change
-	inbetween releases.</p></warning>
     <p>
       The <em>Common Test Hook</em> (henceforth called CTH) framework allows 
       extensions of the default behaviour of Common Test by means of hooks 
@@ -113,9 +108,10 @@
     </section>
    
     <section>
-      <title>CTH Priority</title>
+      <title>CTH Execution order</title>
       <p>By default each CTH installed will be executed in the order which
-      they are installed. This is not always wanted so common_test allows 
+      they are installed for init calls, and then reversed for end calls.
+      This is not always wanted so common_test allows
       the user to specify a priority for each hook. The priority can either
       be specified in the CTH <seealso marker="ct_hooks#Module:init-2">init/2
       </seealso> function or when installing the hook. The priority given at
@@ -405,6 +401,38 @@ terminate(State) ->
     ok.</code>
   </section>
 
+  <marker id="builtin_cths"/>
+  <section>
+    <title>Built-in CTHs</title>
+    <p>Common Test is delivered with a couple of general purpose CTHs that
+    can be enabled by the user to provide some generic testing functionality.
+    Some of these are enabled by default when starting running common_test,
+    they can be disabled by setting <c>enable_builtin_hooks</c> to
+    <c>false</c> on the command line or in the test specification. In the
+    table below there is a list of all current CTHs which are delivered with
+    Common Test.</p>
+
+    <table>
+      <row>
+	<cell><em>CTH Name</em></cell>
+	<cell><em>Is Built-in</em></cell>
+	<cell><em>Description</em></cell>
+      </row>
+      <row>
+	<cell>cth_log_redirect</cell>
+	<cell>yes</cell>
+	<cell>Captures all error_logger and SASL logging events and prints them
+	to the current test case log. If an event can not be associated with a
+	testcase it will be printed in the common test framework log. This will
+	happen for testcases which are run in parallel and events which occur
+	inbetween testcases. You can configure the level of
+	<seealso marker="sasl:sasl_app">SASL</seealso> events report
+	using the normal SASL mechanisms. </cell>
+      </row>
+    </table>
+
+  </section>
+
 </chapter>
 
 
diff --git a/lib/common_test/doc/src/ct_run.xml b/lib/common_test/doc/src/ct_run.xml
index 9045646733..b01ab3667d 100644
--- a/lib/common_test/doc/src/ct_run.xml
+++ b/lib/common_test/doc/src/ct_run.xml
@@ -4,7 +4,7 @@
 <comref>
   <header>
     <copyright>
-      <year>2007</year><year>2010</year>
+      <year>2007</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/common_test/doc/src/event_handler_chapter.xml b/lib/common_test/doc/src/event_handler_chapter.xml
index b41b233ce6..a5886b9687 100644
--- a/lib/common_test/doc/src/event_handler_chapter.xml
+++ b/lib/common_test/doc/src/event_handler_chapter.xml
@@ -174,6 +174,16 @@
 	are also given.
 	</p></item>
 
+      <item><c>#event{name = tc_logfile, data = {{Suite,Func},LogFileName}}</c>
+        <p><c>Suite = atom()</c>, name of the test suite.</p>
+        <p><c>Func = atom()</c>, name of test case or configuration function.</p>
+        <p><c>LogFileName = string()</c>, full name of test case log file.</p>
+        <p>This event is sent at the start of each test case (and configuration function
+	  except <c>init/end_per_testcase</c>) and carries information about the
+	  full name (i.e. the file name including the absolute directory path) of
+	  the current test case log file.
+	</p></item>
+
       <marker id="tc_done"/>
       <item><c>#event{name = tc_done, data = {Suite,FuncOrGroup,Result}}</c>
         <p><c>Suite = atom()</c>, name of the suite.</p>
diff --git a/lib/common_test/doc/src/filestruct.gif b/lib/common_test/doc/src/filestruct.gif
index 2b06833d0b..2b06833d0b 100755..100644
--- a/lib/common_test/doc/src/filestruct.gif
+++ b/lib/common_test/doc/src/filestruct.gif
diff --git a/lib/common_test/doc/src/getting_started_chapter.xml b/lib/common_test/doc/src/getting_started_chapter.xml
new file mode 100644
index 0000000000..7de0912036
--- /dev/null
+++ b/lib/common_test/doc/src/getting_started_chapter.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>2007</year><year>2010</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+
+    </legalnotice>
+
+    <title>Getting Started</title>
+    <prepared>Peter Andersson</prepared>
+    <docno></docno>
+    <date>2011-12-12</date>
+    <rev></rev>
+    <file>getting_started_chapter.xml</file>
+  </header>
+
+  <section>
+    <title>Are you new around here?</title>
+    <p>
+      The purpose of this short chapter is to, with a "learning by example"
+      approach, give the newcomer a chance to get started quickly writing and
+      executing some first simple tests. The chapter will introduce some of the
+      basics, but leave most explanations and details for the later
+      chapters in this User's Guide. Hopefully though, after this chapter, you
+      will be inspired and unintimidated enough to go on and get into the
+      nitty-gritty that follows in this rather heavy User's Guide! If you're
+      not much into "learning by example" and prefer to get into more technical
+      detail right away, go ahead and skip to the next chapter. Again, the basics
+      presented here will be covered in detail in later chapters.
+    </p>
+    <p>
+      This chapter also tries to demonstrate how dead simple it actually is
+      to write a very basic (yet for many module testing purposes, often sufficiently
+      complex) test suite, and execute its test cases. This is not necessarily
+      obvious when you read the rest of the chapters in the User's Guide.
+    </p>
+    <p>
+      A quick note before we start: In order to understand what's discussed and
+      examplified here, it is recommended that you first read through the
+      opening <seealso marker="basics_chapter#basics">Common Test Basics</seealso>
+      chapter.
+    </p>
+    </section>
+
+    <section>
+    <title>Test case execution</title>
+    <p>Execution of test cases is handled this way:</p>
+    
+    <p>
+    <image file="tc_execution.gif">
+      <icaption>
+	Successful vs unsuccessful test case execution.
+      </icaption>
+    </image>
+    </p>
+
+    <p>For each test case that Common Test is told to execute, it spawns a
+      dedicated process on which the test case function in question starts
+      running. (In parallel to the test case process, an idle waiting timer
+      process is started which is linked to the test case process. If the timer
+      process runs out of waiting time, it sends an exit signal to terminate
+      the test case process and this is what's called a <em>timetrap</em>).
+    </p>
+    <p>In scenario 1, the test case process terminates normally after case A has
+      finished executing its test code without detecting any errors. The test
+      case function simply returns a value and Common Test logs the test case as
+      successful.
+    </p>
+    <p>In scenario 2, an error is detected during test case execution
+      which causes the test case B function to generate an exception.
+      This causes the test case process to exit with reason
+      other than normal, and as a result, Common Test will log this as an
+      unsuccessful test case.
+    </p>
+    <p>As you can understand from the illustration above, Common Test requires
+      that a test case generates a runtime error to indicate failure (e.g.
+      by causing a bad match error or by calling <c>exit/1</c>, preferrably
+      through the <c>ct:fail/1/2</c> help function). A succesful execution is
+      indicated by means of a normal return from the test case function.
+    </p>
+    </section>
+
+    <section>
+    <title>A simple test suite</title>
+    <p>As you've seen in the basics chapter, the test suite module implements
+      callback functions (mandatory or optional) for various purposes, e.g:
+      <list>
+	<item>Init/end configuration function for the test suite</item>
+	<item>Init/end configuration function for a test case</item>
+	<item>Init/end configuration function for a test case group</item>
+	<item>Test cases</item>
+      </list>
+      The configuration functions are optional and if you don't need them for
+      your test, a test suite with one simple test case could look like this:
+    </p>
+    <pre>
+      -module(my1st_SUITE).
+      -compile(export_all).
+
+      all() ->
+          [mod_exists].
+
+      mod_exists(_) ->
+          {module,mymod} = code:load_file(mymod).</pre>
+    <p>
+      In this example we check that the <c>mymod</c> module exists (i.e. can be
+      successfully loaded by the code server). If the operation fails, we will
+      get a bad match error which terminates the test case.
+    </p>
+    </section>
+
+    <section>
+    <title>A test suite with configuration functions</title>
+    <p>
+      If we need to perform configuration operations in order to run our test, we
+      implement configuration functions in our suite. The result from a
+      configuration function is configuration data, or simply <em><c>Config</c></em>.
+      This is a list of key-value tuples which get passed from the configuration
+      function to the test cases (possibly through configuration functions on
+      "lower level"). The data flow looks like this:
+    </p>
+
+    <p>
+    <image file="config.gif">
+      <icaption>
+	Config data flow in the suite.
+      </icaption>
+    </image>
+    </p>
+
+    <p>
+      Here's an example of a test suite which uses configuration functions
+      to open and close a log file for the test cases (an operation that would
+      be unnecessary and irrelevant to perform by each test case):
+    </p>
+    <pre>
+      -module(check_log_SUITE).
+      -export([all/0, init_per_suite/1, end_per_suite/1]).
+      -export([check_restart_result/1, check_no_errors/1]).
+      
+      -define(value(Key,Config), proplists:get_value(Key,Config)).
+
+      all() -> [check_restart_result, check_no_errors].
+
+      init_per_suite(InitConfigData) ->
+          [{logref,open_log()} | InitConfigData].
+
+      end_per_suite(ConfigData) ->
+          close_log(?value(logref, ConfigData)).
+
+      check_restart_result(ConfigData) ->
+          TestData = read_log(restart, ?value(logref, ConfigData)),
+          {match,_Line} = search_for("restart successful", TestData).
+      
+      check_no_errors(ConfigData) ->
+          TestData = read_log(all, ?value(logref, ConfigData)),
+          case search_for("error", TestData) of
+              {match,Line} -> ct:fail({error_found_in_log,Line});
+              nomatch -> ok
+          end.</pre>
+    <p>
+      In this example we have test cases that verify, by parsing a
+      log file, that our SUT has performed a successful restart and
+      that no unexpected errors have been printed.
+    </p>
+
+    <p>To execute the test cases in the test suite above, we could type this on
+      the Unix/Linux command line (assuming for this example that the suite module
+      is in the current working directory):
+    </p>
+    <pre>
+      $ ct_run -dir .</pre>
+    <p>or</p>
+    <pre>
+    $ ct_run -suite check_log_SUITE</pre>
+
+    <p>If we want to use the Erlang shell to run our test, we could evaluate this call:
+    </p>
+    <pre>
+      1> ct:run_test([{dir, "."}]).</pre>
+    <p>or</p>
+    <pre>
+      1> ct:run_test([{suite, "check_log_SUITE"}]).</pre>
+    <p>
+      The result from running our test is printed in log files on HTML format
+      (stored in unique log directories on different level). This illustration
+      shows the log file structure:
+    </p>
+
+    <p>
+    <image file="html_logs.gif">
+      <icaption>
+	HTML log file structure.
+      </icaption>
+    </image>
+    </p>
+  </section>
+
+  <section>
+    <title>What happens next?</title>
+    <p>
+      You will find detailed information about the basics introduced here in this
+      chapter in the following chapters in the User's Guide, as well as
+      presentations of many more useful features. Have fun!
+    </p>
+    </section>
+</chapter>
+
+
+
+
+
+
+
+
diff --git a/lib/common_test/doc/src/html_logs.gif b/lib/common_test/doc/src/html_logs.gif
new file mode 100644
index 0000000000..3a3fd86bde
--- /dev/null
+++ b/lib/common_test/doc/src/html_logs.gif
diff --git a/lib/common_test/doc/src/make.dep b/lib/common_test/doc/src/make.dep
deleted file mode 100644
index e34075888d..0000000000
--- a/lib/common_test/doc/src/make.dep
+++ /dev/null
@@ -1,27 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: basics_chapter.tex book.tex common_test_app.tex \
-		config_file_chapter.tex cover_chapter.tex \
-		ct.tex ct_cover.tex ct_ftp.tex ct_master.tex \
-		ct_master_chapter.tex ct_rpc.tex ct_snmp.tex \
-		ct_ssh.tex ct_telnet.tex dependencies_chapter.tex \
-		event_handler_chapter.tex example_chapter.tex \
-		install_chapter.tex part.tex ref_man.tex run_test.tex \
-		run_test_chapter.tex test_structure_chapter.tex \
-		unix_telnet.tex why_test_chapter.tex write_test_chapter.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/common_test/doc/src/notes.xml b/lib/common_test/doc/src/notes.xml
index af96ef621f..da0b6b2d65 100644
--- a/lib/common_test/doc/src/notes.xml
+++ b/lib/common_test/doc/src/notes.xml
@@ -32,6 +32,163 @@
     <file>notes.xml</file>
     </header>
 
+<section><title>Common_Test 1.6</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    A Getting Started chapter has been added to the Common
+	    Test User's Guide.</p>
+          <p>
+	    Own Id: OTP-9156</p>
+        </item>
+        <item>
+          <p>
+	    The test case group info function has been implemented in
+	    Common Test. Before execution of a test case group, a
+	    call is now made to <c>TestSuite:group(GroupName)</c>.
+	    The function returns a list of test properties, e.g. to
+	    specify timetrap values, require configuration data, etc
+	    (analogue to the test suite- and test case info
+	    function). The scope of the properties set by
+	    <c>group(GroupName)</c> is all test cases and sub-groups
+	    of group <c>GroupName</c>.</p>
+          <p>
+	    Own Id: OTP-9235</p>
+        </item>
+        <item>
+          <p>
+	    Common Test hooks are now in a final supported version.
+	    The Common Test hooks allow you to abstract out
+	    initialization behaviour that is common to multiple test
+	    suites into one place and also extend the behaviour of a
+	    suite without changing the suite itself. For more
+	    information see the Common Test user's guide.</p>
+          <p>
+	    Own Id: OTP-9449</p>
+        </item>
+        <item>
+          <p>
+	    A new built-in common test hook has been added which
+	    captures error_logger and SASL event and prints them in
+	    the testcase log. To disable this (and any other built-in
+	    hooks) pass 'enable_builtin_hooks false' to common test.</p>
+          <p>
+	    Own Id: OTP-9543</p>
+        </item>
+        <item>
+          <p>
+	    Common Test now calls info functions also for the
+	    <c>init/end_per_suite/1</c> and
+	    <c>init/end_per_group/2</c> configuration functions.
+	    These can be used e.g. to set timetraps and require
+	    external configuration data relevant only for the
+	    configuration functions in question (without affecting
+	    properties set for groups and test cases in the suite).
+	    The info function for <c>init/end_per_suite(Config)</c>
+	    is <c>init/end_per_suite()</c>, and for
+	    <c>init/end_per_group(GroupName,Config)</c> it's
+	    <c>init/end_per_group(GroupName)</c>. Info functions can
+	    not be used with <c>init/end_per_testcase(TestCase,
+	    Config)</c>, since these configuration functions execute
+	    on the test case process and will use the same properties
+	    as the test case (i.e. properties set by the test case
+	    info function, <c>TestCase()</c>).</p>
+          <p>
+	    Own Id: OTP-9569</p>
+        </item>
+        <item>
+          <p>
+	    It's now possible to read the full name of the test case
+	    log file during execution. One way to do this is to
+	    lookup it up as value of the key <c>tc_logfile</c> in the
+	    test case <c>Config</c> list (which means it can also be
+	    read by a pre- or post Common Test hook function). The
+	    data is also sent with the event
+	    <c>#event{name=tc_logfile,data={{Suite,Func},LogFileName}}</c>,
+	    and can be read by any installed event handler.</p>
+          <p>
+	    Own Id: OTP-9676 Aux Id: seq11941 </p>
+        </item>
+        <item>
+          <p>
+	    The look of the HTML log files generated by Common Test
+	    and Test Server has been improved (and made easier to
+	    customize) by means of a CSS file.</p>
+          <p>
+	    Own Id: OTP-9706</p>
+        </item>
+        <item>
+          <p>
+	    Functions ct:fail(Format, Args) and ct:comment(Format,
+	    Args) have been added in order to make printouts of
+	    formatted error and comment strings easier (no need for
+	    the user to call io_lib:format/2 explicitly).</p>
+          <p>
+	    Own Id: OTP-9709 Aux Id: seq11951 </p>
+        </item>
+        <item>
+          <p>
+	    The order in which ct hooks are executed for cleanup
+	    hooks (i.e. *_end_per_* hooks) has been reversed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9774 Aux Id: seq11913 </p>
+        </item>
+        <item>
+          <p>
+	    Printouts to stdout may be captured during test case
+	    execution. This is useful in order to e.g. read and parse
+	    tty printouts from the SUT during test case execution (if
+	    necessary, say, to determine the outcome of the test).
+	    The capturing session is started with
+	    <c>ct:capture_start/0</c>, and stopped with
+	    <c>ct:capture_stop/0</c>. The list of buffered strings is
+	    read and purged with <c>ct:capture_get/0/1</c>. It's
+	    possible to filter out printouts made with
+	    <c>ct:log/2/3</c> and <c>ct:pal/2/3</c> from the captured
+	    list of strings. This is done by calling
+	    <c>capture_get/1</c> with a list of log categories to
+	    exclude.</p>
+          <p>
+	    Own Id: OTP-9775</p>
+        </item>
+        <item>
+          <p>
+	    The syntax for specifying test case groups in the all/0
+	    list has been extended to include execution properties
+	    for both groups and sub-groups. The properties specified
+	    in all/0 for a group overrides the properties specified
+	    in the group declaration (in groups/0). The main purpose
+	    of this extension is to make it possible to run the same
+	    set of tests, but with different properties, without
+	    having to declare copies of the group in question. Also,
+	    the same syntax may be used in test specifications in
+	    order to change properties of groups at the time of
+	    execution, without having to edit the test suite. Please
+	    see the User's Guide for details and examples.</p>
+          <p>
+	    Own Id: OTP-9809 Aux Id: OTP-9235 </p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Known Bugs and Problems</title>
+      <list>
+        <item>
+          <p>
+	    Fix problems in CT/TS due to line numbers in exceptions.</p>
+          <p>
+	    Own Id: OTP-9203</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Common_Test 1.5.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/common_test/doc/src/part.xml b/lib/common_test/doc/src/part.xml
index 3284bcadaa..a74185221d 100644
--- a/lib/common_test/doc/src/part.xml
+++ b/lib/common_test/doc/src/part.xml
@@ -65,6 +65,7 @@
   </description>
 
   <xi:include href="basics_chapter.xml"/>
+  <xi:include href="getting_started_chapter.xml"/>
   <xi:include href="install_chapter.xml"/>
   <xi:include href="write_test_chapter.xml"/>
   <xi:include href="test_structure_chapter.xml"/>
diff --git a/lib/common_test/doc/src/run_test_chapter.xml b/lib/common_test/doc/src/run_test_chapter.xml
index d3c6847d85..848f278fa6 100644
--- a/lib/common_test/doc/src/run_test_chapter.xml
+++ b/lib/common_test/doc/src/run_test_chapter.xml
@@ -159,6 +159,8 @@
         <seealso marker="event_handler_chapter#event_handling">event handlers</seealso> including start arguments.</item>
       <item><c><![CDATA[-ct_hooks <ct_hooks>]]></c>, to install
         <seealso marker="ct_hooks_chapter#installing">Common Test Hooks</seealso> including start arguments.</item>
+      <item><c><![CDATA[-enable_builtin_hooks <bool>]]></c>, to enable/disable
+        <seealso marker="ct_hooks_chapter#builtin_cths">Built-in Common Test Hooks</seealso>. Default is <c>true</c>.</item>
       <item><c><![CDATA[-include]]></c>, specifies include directories (see above).</item>
       <item><c><![CDATA[-no_auto_compile]]></c>, disables the automatic test suite compilation feature (see above).</item>
       <item><c><![CDATA[-multiply_timetraps <n>]]></c>, extends <seealso marker="write_test_chapter#timetraps">timetrap
@@ -410,6 +412,16 @@
       the way from <c>init_per_suite</c> down to the test cases in the
       sub group).</p>
 
+    <p>With the <c>GroupSpec</c> element (below) it's possible to specify
+      group execution properties that will override those specified in the
+      group definition (i.e. in <c>groups/0</c>). Execution properties for
+      sub-groups may be overridden as well. This feature makes it possible to
+      change properties of groups at the time of execution,
+      without even having to edit the test suite. More detailed documentation,
+      and examples, can be found in the
+      <seealso marker="write_test_chapter#test_case_groups">
+      Test case groups</seealso> chapter.</p>
+
     <p>Below is the test specification syntax. Test specifications can
       be used to run tests both in a single test host environment and
       in a distributed Common Test environment (Large Scale
@@ -462,6 +474,8 @@
 
       {ct_hooks, CTHModules}.
       {ct_hooks, NodeRefs, CTHModules}.
+
+      {enable_builtin_hooks, Bool}.
     </pre>
       <p>Test terms:</p>
     <pre>
@@ -471,8 +485,8 @@
       {groups, DirRef, Suite, Groups}.
       {groups, NodeRefsDirRef, Suite, Groups}.
 
-      {groups, DirRef, Suite, Group, {cases,Cases}}.
-      {groups, NodeRefsDirRef, Suite, Group, {cases,Cases}}.
+      {groups, DirRef, Suite, GroupSpec, {cases,Cases}}.
+      {groups, NodeRefsDirRef, Suite, GroupSpec, {cases,Cases}}.
 
       {cases, DirRef, Suite, Cases}.                           
       {cases, NodeRefs, DirRef, Suite, Cases}.
@@ -506,7 +520,8 @@
       DirRef        = DirAlias | Dir
       Suites        = atom() | [atom()] | all
       Suite         = atom()
-      Groups        = atom() | [atom()] | all
+      Groups        = GroupSpec | [GroupSpec] | all
+      GroupSpec     = Group | {Group,Properties} | {Group,Properties,GroupSpec}
       Group         = atom()
       Cases         = atom() | [atom()] | all
       Comment       = string() | ""
@@ -640,10 +655,25 @@
 	to each individual test case log file for quick viewing with an HTML 
 	browser.</p>
       
-      <p>The minor log file contain full details of every single test
-	case, each one in a separate file. This way the files should
-	be easy to compare with previous test runs, even if the set of
-	test cases change.</p>
+      <p>The minor log files contain full details of every single test
+	case, each one in a separate file. This way, it should be
+	straightforward	to compare the latest results to that of previous
+	test runs, even if the set of test cases changes. If SASL is running,
+	its logs will also be printed to the current minor log file by the
+	<seealso marker="common_test:ct_hooks_chapter#builtin_cths">
+	  cth_log_redirect built-in hook</seealso>.
+      </p>
+
+      <p>The full name of the minor log file (i.e. the name of the file
+	including the absolute directory path) can be read during execution
+	of the test case. It comes as value in the tuple
+	<c>{tc_logfile,LogFileName}</c> in the <c>Config</c> list (which means it
+	can also be read by a pre- or post Common Test hook function). Also,
+	at the start of a test case, this data is sent with an event
+	to any installed event handler.	Please see the
+	<seealso marker="event_handler_chapter#event_handling">Event Handling</seealso>
+	chapter for details.
+      </p>
       
       <p>Which information goes where is user configurable via the
 	test server controller. Three threshold values determine what
@@ -685,8 +715,15 @@
       <section>
 	<marker id="html_stylesheet"></marker>
 	<title>HTML Style Sheets</title>
-	<p>Common Test includes the <em>optional</em> feature to use
-	  HTML style sheets (CSS) for customizing user printouts. The
+	<p>Common Test uses a CSS file to control the look of the HTML
+	  files generated during test runs. If, for some reason, the
+	  log files are not displayed correctly in the HTML browser of your
+	  choice, or you prefer the "pre Common Test v1.6 look"
+	  of the log files (i.e. not using CSS), use the start flag/option
+	  <c>basic_html</c> to revert to the old style.</p>
+	  
+	<p>Common Test includes an <em>optional</em> feature to allow
+	  user HTML style sheets for customizing printouts. The
 	  functions in <c>ct</c> that print to a test case HTML log
 	  file (<c>log/3</c> and <c>pal/3</c>) accept <c>Category</c>
 	  as first argument. With this argument it's possible to
@@ -700,22 +737,16 @@
 	  look like this:</p>
 
 	<pre>
-&lt;style&gt;
-  div.ct_internal { background:lightgrey; color:black }
-  div.default     { background:lightgreen; color:black }
-  div.sys_config  { background:blue; color:white }
-  div.sys_state   { background:yellow; color:black }
-  div.error       { background:red; color:white }
-&lt;/style&gt;
-	</pre>
+	  div.sys_config  { background:blue; color:white }
+	  div.sys_state   { background:yellow; color:black }
+	  div.error       { background:red; color:white }</pre>
 
 	<p>To install the CSS file (Common Test inlines the definition in the 
 	  HTML code), the name may be provided when executing <c>ct_run</c>.
 	  Example:</p>
 
 	<pre>
-	  $ ct_run -dir $TEST/prog -stylesheet $TEST/styles/test_categories.css
-	</pre>
+	  $ ct_run -dir $TEST/prog -stylesheet $TEST/styles/test_categories.css</pre>
 
 	  <p>Categories in a CSS file installed with the <c>-stylesheet</c> flag
 	    are on a global test level in the sense that they can be used in any 
@@ -736,8 +767,7 @@
 	      ct:log(sys_state, "Connections: ~p", [ConnectionInfo]),
 	      ...
 	      ct:pal(error, "Error ~p detected! Info: ~p", [SomeFault,ErrorInfo]),
-	      ct:fail(SomeFault).
-	  </pre>
+	      ct:fail(SomeFault).</pre>
 
 	<p>If the style sheet is installed as in this example, the categories are 
 	  private to the suite in question. They can be used by all test cases in the 
@@ -761,21 +791,6 @@
 	<p>The <c>Category</c> argument in the example above may have the
 	  value (atom) <c>sys_config</c> (white on blue), <c>sys_state</c>
 	  (black on yellow) or <c>error</c> (white on red).</p>
-
-	<p>If the <c>Category</c> argument is not specified, Common Test will
-	  use the CSS selector <c>div.default</c> for the
-	  printout. For this reason a user supplied style sheet must
-	  include this selector. Also the selector
-	  <c>div.ct_internal</c> must be included. Hence a minimal
-	  user style sheet should look like this (which is also the
-	  default style sheet Common Test uses if no user CSS file is
-	  provided):</p>
-	<pre>
-	  &lt;style&gt;
-	  div.ct_internal { background:lightgrey; color:black }
-	  div.default     { background:lightgreen; color:black }
-	  &lt;/style&gt;
-	</pre>	  
   </section>
 
   <section>
diff --git a/lib/common_test/doc/src/tc_execution.gif b/lib/common_test/doc/src/tc_execution.gif
new file mode 100644
index 0000000000..7c89d7be57
--- /dev/null
+++ b/lib/common_test/doc/src/tc_execution.gif
diff --git a/lib/common_test/doc/src/write_test_chapter.xml b/lib/common_test/doc/src/write_test_chapter.xml
index e35888e68f..c0ec26ddcc 100644
--- a/lib/common_test/doc/src/write_test_chapter.xml
+++ b/lib/common_test/doc/src/write_test_chapter.xml
@@ -68,7 +68,7 @@
 
     <p>Each test suite module must export the function <c>all/0</c>
       which returns the list of all test case groups and test cases 
-      in that module. 
+      to be executed in that module. 
     </p>
 
   </section>
@@ -369,10 +369,12 @@
     <title>Test suite info function</title>
 
       <p>The <c>suite/0</c> function can be used in a test suite
-	module to set the default values for the <c>timetrap</c> and
-	<c>require</c> tags. If a test case info function also specifies
-	any of these tags, the default value is overruled. See above for
-	more information.
+	module to e.g. set a default <c>timetrap</c> value and to
+	<c>require</c> external configuration data. If a test case-, or
+	group info function also specifies any of the info tags, it
+	overrides the default values set by <c>suite/0</c>. See the test
+	case info function above, and group info function below, for more
+	details.
       </p>
       
       <p>Other options that may be specified with the suite info list are:</p>
@@ -450,11 +452,65 @@
     <pre>
       all() -> [testcase1, {group,group1}, testcase2, {group,group2}].</pre>
 
-    <p>Properties may be combined so that e.g. if <c>shuffle</c>, 
-    <c>repeat_until_any_fail</c> and <c>sequence</c> are all specified, the test 
-    cases in the group will be executed repeatedly and in random order until
-    a test case fails, when execution is immediately stopped and the rest of 
-    the cases skipped.</p>
+    <p>It is also possible to specify execution properties with a group
+      tuple in <c>all/0</c>: <c>{group,GroupName,Properties}</c>. These
+      properties will override those specified in the group definition (see
+      <c>groups/0</c> above). This way, it's possible to run the same set of tests,
+      but with different properties, without having to make copies of the group
+      definition in question.</p>
+
+    <p>If a group contains sub-groups, the execution properties for these may
+      also be specified in the group tuple:
+      <c>{group,GroupName,Properties,SubGroups}</c>, where <c>SubGroups</c>
+      is a list of tuples, <c>{GroupName,Properties}</c>, or
+      <c>{GroupName,Properties,SubGroups}</c>, representing the sub-groups.
+      Any sub-groups defined in <c>group/0</c> for a group, that are not specified
+      in the <c>SubGroups</c> list, will simply execute with their pre-defined
+      properties.</p>
+
+    <p>Example:</p>
+    <pre>
+      groups() -> {tests1, [], [{tests2, [], [t2a,t2b]},
+                                {tests3, [], [t31,t3b]}]}.</pre>
+    <p>To execute group 'tests1' twice with different properties for 'tests2'
+      each time:</p>
+    <pre>
+      all() ->
+         [{group, tests1, default, [{tests2, [parallel]}]},
+          {group, tests1, default, [{tests2, [shuffle,{repeat,10}]}]}].</pre>
+    <p>Note that this is equivalent to this specification:</p>
+    <pre>
+      all() ->
+         [{group, tests1, default, [{tests2, [parallel]},
+                                    {tests3, default}]},
+          {group, tests1, default, [{tests2, [shuffle,{repeat,10}]},
+                                    {tests3, default}]}].</pre>
+    <p>The value <c>default</c> states that the pre-defined properties
+      should be used.</p>
+    <p>Here's an example of how to override properties in a scenario
+      with deeply nested groups:</p>
+    <pre>
+      groups() ->
+         [{tests1, [], [{group, tests2}]},
+          {tests2, [], [{group, tests3}]},
+          {tests3, [{repeat,2}], [t3a,t3b,t3c]}].
+
+      all() ->
+         [{group, tests1, default, 
+           [{tests2, default,
+             [{tests3, [parallel,{repeat,100}]}]}]}].</pre>
+
+    <p>The syntax described above may also be used in Test Specifications
+      in order to change properties of groups at the time of execution,
+      without even having to edit the test suite (please see the
+      <seealso marker="run_test_chapter#test_specifications">Test
+	Specifications</seealso> chapter for more info).</p>
+
+    <p>As illustrated above, properties may be combined. If e.g.
+      <c>shuffle</c>, <c>repeat_until_any_fail</c> and <c>sequence</c>
+      are all specified, the test cases in the group will be executed
+      repeatedly, and in random order, until a test case fails. Then
+      execution is immediately stopped and the rest of the cases skipped.</p>
 
     <p>Before execution of a group begins, the configuration function
     <c>init_per_group(GroupName, Config)</c> is called (the function is
@@ -641,6 +697,51 @@
   </section>
 
   <section>
+    <marker id="group_info"></marker>
+    <title>Group info function</title>
+
+      <p>The test case group info function, <c>group(GroupName)</c>,
+	serves the same purpose as the suite- and test case info
+	functions previously described in this chapter. The scope for
+	the group info, however, is all test cases and sub-groups in the
+	group in question (<c>GroupName</c>).</p>
+      <p>Example:</p>
+      <pre>
+	group(connection_tests) ->
+	   [{require,login_data},
+	    {timetrap,1000}].</pre>
+	
+      <p>The group info properties override those set with the
+	suite info function, and may in turn be overridden by test
+	case info properties. Please see the test case info
+	function above for a list of valid info properties and more
+	general information.</p>
+  </section>
+
+  <section>
+    <title>Info functions for init- and end-configuration</title>
+      <p>It is possible to use info functions also for the <c>init_per_suite</c>,
+	<c>end_per_suite</c>, <c>init_per_group</c>, and <c>end_per_group</c>
+	functions, and it works the same way as with info functions
+	for test cases (see above). This is useful e.g. for setting
+	timetraps and requiring external configuration data relevant
+	only for the configuration function in question (without
+	affecting properties set for groups and test cases in the suite).</p>
+
+      <p>The info function <c>init/end_per_suite()</c> is called for
+	<c>init/end_per_suite(Config)</c>, and info function
+	<c>init/end_per_group(GroupName)</c> is called for
+	<c>init/end_per_group(GroupName,Config)</c>. Info functions
+	can not be used with <c>init/end_per_testcase(TestCase, Config)</c>,
+	however, since these configuration functions execute on the test case process
+	and will use the same properties as the test case (i.e. the properties
+	set by the test case info function, <c>TestCase()</c>). Please see the test case
+	info function above for a list of valid info properties and more
+	general information.
+      </p>
+  </section>
+
+  <section>
     <marker id="data_priv_dir"></marker>
     <title>Data and Private Directories</title>
 
diff --git a/lib/common_test/include/ct.hrl b/lib/common_test/include/ct.hrl
index aa1cc832cf..5a77108e1a 100644
--- a/lib/common_test/include/ct.hrl
+++ b/lib/common_test/include/ct.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -18,5 +18,4 @@
 %%
 
 -include_lib("test_server/include/test_server.hrl").
--compile({parse_transform,ct_line}).
 
diff --git a/lib/common_test/priv/Makefile.in b/lib/common_test/priv/Makefile.in
index f4a0c181f9..d9033f6ef1 100644
--- a/lib/common_test/priv/Makefile.in
+++ b/lib/common_test/priv/Makefile.in
@@ -59,6 +59,7 @@ ifneq ($(findstring win32,$(TARGET)),win32)
 FILES = vts.tool
 SCRIPTS = 
 IMAGES = tile1.jpg
+CSS = ct_default.css
 
 #
 # Rules
@@ -85,11 +86,11 @@ include $(ERL_TOP)/make/otp_release_targets.mk
 ifeq ($(XNIX),true)
 release_spec: opt
 	$(INSTALL_DIR) $(RELSYSDIR)/priv
-	$(INSTALL_DATA) $(FILES) $(IMAGES) $(RELSYSDIR)/priv
+	$(INSTALL_DATA) $(FILES) $(IMAGES) $(CSS) $(RELSYSDIR)/priv
 else
 release_spec: opt
 	$(INSTALL_DIR) $(RELSYSDIR)/priv
-	$(INSTALL_DATA) $(FILES) $(IMAGES) $(RELSYSDIR)/priv
+	$(INSTALL_DATA) $(FILES) $(IMAGES) $(CSS) $(RELSYSDIR)/priv
 endif
 
 release_docs_spec:
@@ -105,6 +106,7 @@ else
 #
 FILES = vts.tool 
 IMAGES = tile1.jpg
+CSS = ct_default.css
 
 #
 # Rules
@@ -124,7 +126,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
 
 release_spec: opt
 	$(INSTALL_DIR) $(RELSYSDIR)/priv
-	$(INSTALL_DATA) $(FILES) $(IMAGES) $(RELSYSDIR)/priv
+	$(INSTALL_DATA) $(FILES) $(IMAGES) $(CSS) $(RELSYSDIR)/priv
 
 release_docs_spec:
 
diff --git a/lib/common_test/priv/auxdir/config.guess b/lib/common_test/priv/auxdir/config.guess
index fefabd7dd0..38a833903b 120000..100755
--- a/lib/common_test/priv/auxdir/config.guess
+++ b/lib/common_test/priv/auxdir/config.guess
@@ -1 +1,1519 @@
-../../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/common_test/priv/auxdir/config.sub b/lib/common_test/priv/auxdir/config.sub
index 90979e8924..f43233b104 120000..100755
--- a/lib/common_test/priv/auxdir/config.sub
+++ b/lib/common_test/priv/auxdir/config.sub
@@ -1 +1,1630 @@
-../../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/common_test/priv/auxdir/install-sh b/lib/common_test/priv/auxdir/install-sh
index 9422c370df..a5897de6ea 120000..100755
--- a/lib/common_test/priv/auxdir/install-sh
+++ b/lib/common_test/priv/auxdir/install-sh
@@ -1 +1,519 @@
-../../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/common_test/priv/ct_default.css b/lib/common_test/priv/ct_default.css
new file mode 100644
index 0000000000..75f8d5db8a
--- /dev/null
+++ b/lib/common_test/priv/ct_default.css
@@ -0,0 +1,186 @@
+/* Stylesheet for Common Test */
+
+body {
+    padding: 10px; margin: 10px;
+    -webkit-font-smoothing: antialiased; 
+    background-color: #FBFFFC;
+}
+
+a:link {
+    color: #2B507D;
+}
+
+a:visited {
+    color: #85ABD5
+}
+
+h1 {
+    font-family: verdana, arial, sans-serif; font-size: 200%; 
+    letter-spacing: -2px; word-spacing: 2px; font-weight: bold;
+    color: #3F3F3F;
+}
+
+h2 {
+    font-family: verdana, arial, sans-serif; font-size: 175%;
+    letter-spacing: -2px; word-spacing: 2px; font-weight: normal;
+    color: #3F3F3F;
+}
+
+h3 {
+    font-family: verdana, arial, sans-serif; font-size: 140%;
+    letter-spacing: -2px; word-spacing: 2px; font-weight: bold;
+    color: #3F3F3F;
+}
+
+h4 {
+    font-family: verdana, arial, sans-serif; font-size: 120%;
+    letter-spacing: -2px; word-spacing: 2px; font-weight: normal;
+    color: #3F3F3F;
+}
+
+p {
+    font-family: "Trebuchet MS", "Lucida Sans Unicode", verdana, arial, sans-serif;
+    font-size: .9em; color: #000000;
+}
+
+ul {
+    list-style-type: none;
+    padding: 0em;
+    margin:  1em;
+}
+li {
+    font-size: 0.95em; color: #000000;
+    margin: .3em 0;
+}
+
+pre {
+    color: black; 
+    font-family: "Monaco", "Andale Mono", "Consolas", monospace;
+    font-size: .8em;
+    }
+
+code {
+    color: black; 
+    font-family: "Monaco", "Andale Mono", "Consolas", monospace;
+    font-size: .8em;
+}
+
+div.mono_sm {
+    font-family: "Courier New", monospace; font-size: .75em;
+    word-spacing: 1px; color: #000000;
+}
+
+div.mono_la {
+    font-family: "Courier New", monospace; font-size: .8em;
+    color: #000000;
+}
+
+div.copyright {
+    padding: 20px 0px 0px 0px; 
+    font-family: "Courier New", monospace; font-size: .7em;
+    color: #000000;
+}
+
+div.ct_internal { 
+    background: lightgrey; color: black; 
+    font-family: "Monaco", "Andale Mono", "Consolas", monospace;
+    font-size: .95em;
+    margin: .2em 0 0 0;
+}
+
+div.default { 
+    background: lightgreen; color: black; 
+    font-family: "Monaco", "Andale Mono", "Consolas", monospace;
+    font-size: 1.05em;
+    margin: .2em 0 0 0;
+}
+
+div.label {
+    font-family: verdana, arial, sans-serif; font-size: 200%; 
+    letter-spacing: -2.5px; word-spacing: 2px;
+    font-weight: bold; color: #2B507D;
+}
+
+table {
+    border-collapse: collapse; border: 6px solid #3F3F3F;
+    background: #FFFFFF;
+    font: .8em/1.2em "Lucida Sans Unicode", verdana, arial, sans-serif; 
+    color: #222;
+}
+
+caption {
+    font-size: 1.3em; font-weight: bold;
+    text-align: center; padding: 1em 4px;
+}
+
+td, th {
+    padding: .5em 7px .5em 7px; line-height: 1.3em; 
+    border-bottom: 3px solid #F5C4C1;
+    border-left: 2px dashed #809FFF;
+}
+
+th {
+    background: #3F3F3F; color: #fff; 
+    font-family: arial, sans-serif; font-size: 120%;
+    letter-spacing: -0.5px;
+    font-weight: bold; text-align: center; 
+    padding-right: .5em; vertical-align: top;
+}
+
+thead th {
+    background: #2C5755; text-align: center;
+}
+
+.odd td {
+    background: #F3F3F3;
+}
+.odd th {
+    background: #F3F3F3;
+}
+
+td a, td a:link {
+    color: #2B507D;
+}
+
+td a:visited {
+    color: #85ABD5;
+}
+
+tr:hover th[scope=row], tr:hover td { 
+    background-color: #D1D1D1;
+    color: #fff;
+} 
+
+td a:hover, td a:focus {
+    color: #85ABD5;
+}
+
+th a, td a:active {
+    color: #85ABD5;
+}
+
+tfoot th, tfoot td {
+    background: #3F3F3F; color: #fff;
+}
+
+th + td {
+    padding-left: .5em;
+}
+
+#button_holder {
+    display: block; float: center;
+    font-family: arial, verdana, sans-serif;
+    font-size: 12px; text-shadow: 1px 1px lightgray;
+} 
+
+.btn a {
+    padding: 6px 12px; float: center; 
+    text-decoration: none; color: #3F3F3F;
+    font-weight: bold; border: 3px outset #3F3F3F;
+    background-color: #F3F3F3;
+}
+
+.btn a:hover {
+    color: #fff;
+    background-color: #809FFF;
+}
diff --git a/lib/common_test/src/Makefile b/lib/common_test/src/Makefile
index 84b122b5e4..125aa828fb 100644
--- a/lib/common_test/src/Makefile
+++ b/lib/common_test/src/Makefile
@@ -40,7 +40,6 @@ RELSYSDIR = $(RELEASE_PATH)/lib/common_test-$(VSN)
 # ----------------------------------------------------
 
 MODULES= \
-	ct_line \
 	ct \
 	ct_logs \
 	ct_framework \
@@ -69,9 +68,11 @@ MODULES= \
 	ct_config_xml \
 	ct_slave \
         ct_hooks\
-        ct_hooks_lock
+        ct_hooks_lock\
+	cth_log_redirect
 
 TARGET_MODULES= $(MODULES:%=$(EBIN)/%)
+BEAM_FILES= $(MODULES:%=$(EBIN)/%.$(EMULATOR))
 
 ERL_FILES= $(MODULES:=.erl)
 HRL_FILES = \
@@ -97,7 +98,7 @@ ERL_COMPILE_FLAGS += -pa ../ebin -I../include -I $(ERL_TOP)/lib/snmp/include/ \
 # ----------------------------------------------------
 TARGET_FILES = \
 	$(GEN_ERL_FILES:%.erl=$(EBIN)/%.$(EMULATOR)) \
-	$(MODULES:%=$(EBIN)/%.$(EMULATOR)) \
+	$(BEAM_FILES) \
 	$(APP_TARGET) $(APPUP_TARGET)
 
 APP_FILE= common_test.app
diff --git a/lib/common_test/src/common_test.app.src b/lib/common_test/src/common_test.app.src
index b42173f412..7fba484b18 100644
--- a/lib/common_test/src/common_test.app.src
+++ b/lib/common_test/src/common_test.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,6 @@
 	     ct_framework,
 	     ct_ftp,
 	     ct_gen_conn,
-	     ct_line,
 	     ct_logs,
 	     ct_make,
 	     ct_master,
diff --git a/lib/common_test/src/ct.erl b/lib/common_test/src/ct.erl
index f3c2029734..e0e82283c4 100644
--- a/lib/common_test/src/ct.erl
+++ b/lib/common_test/src/ct.erl
@@ -63,9 +63,10 @@
 	 log/1, log/2, log/3,
 	 print/1, print/2, print/3,
 	 pal/1, pal/2, pal/3,
-	 fail/1, comment/1,
+	 capture_start/0, capture_stop/0, capture_get/0, capture_get/1,
+	 fail/1, fail/2, comment/1, comment/2,
 	 testcases/2, userdata/2, userdata/3,
-	 timetrap/1, sleep/1]).
+	 timetrap/1, get_timetrap_info/0, sleep/1]).
 
 %% New API for manipulating with config handlers
 -export([add_config/2, remove_config/2]).
@@ -108,7 +109,7 @@ install(Opts) ->
 %%%   Cases = atom() | [atom()]
 %%%   Result = [TestResult] | {error,Reason}
 %%%
-%%% @doc Run the given testcase(s).
+%%% @doc Run the given test case(s).
 %%%
 %%% <p>Requires that <code>ct:install/1</code> has been run first.</p>
 %%%
@@ -121,7 +122,7 @@ run(TestDir,Suite,Cases) ->
 %%%-----------------------------------------------------------------
 %%% @spec run(TestDir,Suite) -> Result
 %%%
-%%% @doc Run all testcases in the given suite.
+%%% @doc Run all test cases in the given suite.
 %%% @see run/3.
 run(TestDir,Suite) ->
     ct_run:run(TestDir,Suite).
@@ -130,7 +131,7 @@ run(TestDir,Suite) ->
 %%% @spec run(TestDirs) -> Result
 %%%   TestDirs = TestDir | [TestDir]
 %%%
-%%% @doc Run all testcases in all suites in the given directories.
+%%% @doc Run all test cases in all suites in the given directories.
 %%% @see run/3.
 run(TestDirs) ->
     ct_run:run(TestDirs).
@@ -148,8 +149,8 @@ run(TestDirs) ->
 %%%               {auto_compile,Bool} | {multiply_timetraps,M} | {scale_timetraps,Bool} |
 %%%               {repeat,N} | {duration,DurTime} | {until,StopTime} |
 %%%               {force_stop,Bool} | {decrypt,DecryptKeyOrFile} |
-%%%               {refresh_logs,LogDir} | {logopts,LogOpts} | {basic_html,Bool} |
-%%%               {ct_hooks, CTHs}
+%%%               {refresh_logs,LogDir} | {logopts,LogOpts} | {basic_html,Bool} | 
+%%%               {ct_hooks, CTHs} | {enable_builtin_hooks,Bool}
 %%%   TestDirs = [string()] | string()
 %%%   Suites = [string()] | [atom()] | string() | atom()
 %%%   Cases = [atom()] | atom()
@@ -440,11 +441,10 @@ log(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Printout from a testcase to the log. 
+%%% @doc Printout from a test case to the log file. 
 %%%
-%%% <p>This function is meant for printing stuff directly from a
-%%% testcase (i.e. not from within the CT framework) in the test
-%%% log.</p>
+%%% <p>This function is meant for printing a string directly from a
+%%% test case to the test case log file.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
@@ -473,10 +473,10 @@ print(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Printout from a testcase to the console. 
+%%% @doc Printout from a test case to the console. 
 %%%
-%%% <p>This function is meant for printing stuff from a testcase on
-%%% the console.</p>
+%%% <p>This function is meant for printing a string from a test case
+%%% to the console.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
@@ -508,16 +508,75 @@ pal(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Print and log from a testcase. 
+%%% @doc Print and log from a test case. 
 %%%
-%%% <p>This function is meant for printing stuff from a testcase both
-%%% in the log and on the console.</p>
+%%% <p>This function is meant for printing a string from a test case,
+%%% both to the test case log file and to the console.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
 pal(Category,Format,Args) ->
     ct_logs:tc_pal(Category,Format,Args).
 
+%%%-----------------------------------------------------------------
+%%% @spec capture_start() -> ok
+%%%
+%%% @doc Start capturing all text strings printed to stdout during
+%%% execution of the test case.
+%%%
+%%% @see capture_stop/0
+%%% @see capture_get/1
+capture_start() ->
+    test_server:capture_start().
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_stop() -> ok
+%%%
+%%% @doc Stop capturing text strings (a session started with
+%%% <code>capture_start/0</code>).
+%%%
+%%% @see capture_start/0
+%%% @see capture_get/1
+capture_stop() ->
+    test_server:capture_stop().
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_get() -> ListOfStrings
+%%%      ListOfStrings = [string()]
+%%%
+%%% @equiv capture_get([default])
+capture_get() ->
+    %% remove default log printouts (e.g. ct:log/2 printouts)
+    capture_get([default]).
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_get(ExclCategories) -> ListOfStrings
+%%%      ExclCategories = [atom()]
+%%%      ListOfStrings = [string()]
+%%%
+%%% @doc Return and purge the list of text strings buffered
+%%% during the latest session of capturing printouts to stdout.
+%%% With <code>ExclCategories</code> it's possible to specify
+%%% log categories that should be ignored in <code>ListOfStrings</code>.
+%%% If <code>ExclCategories = []</code>, no filtering takes place.
+%%%
+%%% @see capture_start/0
+%%% @see capture_stop/0
+%%% @see log/3
+capture_get([ExclCat | ExclCategories]) ->
+    Strs = test_server:capture_get(),
+    CatsStr = [atom_to_list(ExclCat) | 
+	       [[$| | atom_to_list(EC)] || EC <- ExclCategories]],
+    {ok,MP} = re:compile("<div class=\"(" ++ lists:flatten(CatsStr) ++ ")\">.*"),
+    lists:flatmap(fun(Str) ->
+			  case re:run(Str, MP) of
+			      {match,_} -> [];
+			      nomatch -> [Str]
+			  end
+		  end, Strs);
+
+capture_get([]) ->
+    test_server:capture_get().
 
 %%%-----------------------------------------------------------------
 %%% @spec fail(Reason) -> void()
@@ -528,18 +587,35 @@ pal(Category,Format,Args) ->
 fail(Reason) ->
     exit({test_case_failed,Reason}).
 
+
+%%%-----------------------------------------------------------------
+%%% @spec fail(Format, Args) -> void()
+%%%      Format = string()
+%%%      Args = list()
+%%%
+%%% @doc Terminate a test case with an error message specified
+%%% by a format string and a list of values (used as arguments to
+%%% <code>io_lib:format/2</code>).
+fail(Format, Args) ->
+    try io_lib:format(Format, Args) of
+	Str ->
+	    exit({test_case_failed,lists:flatten(Str)})
+    catch
+	_:BadArgs ->
+	    exit({BadArgs,{?MODULE,fail,[Format,Args]}})
+    end.
+
+
 %%%-----------------------------------------------------------------
 %%% @spec comment(Comment) -> void()
 %%%      Comment = term()
 %%%
-%%% @doc Print the given <code>Comment</code> in the comment field of
+%%% @doc Print the given <code>Comment</code> in the comment field in
 %%% the table on the test suite result page.
 %%%
 %%% <p>If called several times, only the last comment is printed.
-%%% <code>comment/1</code> is also overwritten by the return value
-%%% <code>{comment,Comment}</code> or by the function
-%%% <code>fail/1</code> (which prints <code>Reason</code> as a
-%%% comment).</p>
+%%% The test case return value <code>{comment,Comment}</code>
+%%% overwrites the string set by this function.</p>
 comment(Comment) when is_list(Comment) ->
     Formatted =
 	case (catch io_lib:format("~s",[Comment])) of
@@ -553,6 +629,29 @@ comment(Comment) ->
     Formatted = io_lib:format("~p",[Comment]),
     send_html_comment(lists:flatten(Formatted)).
 
+%%%-----------------------------------------------------------------
+%%% @spec comment(Format, Args) -> void()
+%%%      Format = string()
+%%%      Args = list()
+%%%
+%%% @doc Print the formatted string in the comment field in
+%%% the table on the test suite result page.
+%%% 
+%%% <p>The <code>Format</code> and <code>Args</code> arguments are
+%%% used in call to <code>io_lib:format/2</code> in order to create
+%%% the comment string. The behaviour of <code>comment/2</code> is
+%%% otherwise the same as the <code>comment/1</code> function (see
+%%% above for details).</p>
+comment(Format, Args) when is_list(Format), is_list(Args) ->
+    Formatted =
+	case (catch io_lib:format(Format, Args)) of
+	    {'EXIT',Reason} ->  % bad args
+		exit({Reason,{?MODULE,comment,[Format,Args]}});
+	    String ->
+		lists:flatten(String)
+	end,
+    send_html_comment(Formatted).
+
 send_html_comment(Comment) ->
     Html = "<font color=\"green\">" ++ Comment ++ "</font>",
     ct_util:set_testdata({comment,Html}),
@@ -606,7 +705,7 @@ listenv(Telnet) ->
 %%%       Testcases = list()
 %%%       Reason = term()
 %%%
-%%% @doc Returns all testcases in the specified suite.
+%%% @doc Returns all test cases in the specified suite.
 testcases(TestDir, Suite) ->
     case make_and_load(TestDir, Suite) of
 	E = {error,_} ->
@@ -664,7 +763,8 @@ userdata(TestDir, Suite) ->
 	    get_userdata(Info, "suite/0")
     end.
 
-get_userdata({'EXIT',{undef,_}}, Spec) ->
+get_userdata({'EXIT',{Undef,_}}, Spec) when Undef == undef;
+					     Undef == function_clause ->
     {error,list_to_atom(Spec ++ " is not defined")};
 get_userdata({'EXIT',Reason}, Spec) ->
     {error,{list_to_atom("error in " ++ Spec),Reason}};
@@ -680,16 +780,27 @@ get_userdata(_BadTerm, Spec) ->
     {error,list_to_atom(Spec ++ " must return a list")}.
    
 %%%-----------------------------------------------------------------
-%%% @spec userdata(TestDir, Suite, Case) -> TCUserData | {error,Reason}
+%%% @spec userdata(TestDir, Suite, GroupOrCase) -> TCUserData | {error,Reason}
 %%%       TestDir = string()
 %%%       Suite = atom()
-%%%       Case = atom()
+%%%       GroupOrCase = {group,GroupName} | atom()
+%%%       GroupName = atom()
 %%%       TCUserData = [term()]
 %%%       Reason = term()
 %%%
 %%% @doc Returns any data specified with the tag <code>userdata</code>
-%%% in the list of tuples returned from <code>Suite:Case/0</code>.
-userdata(TestDir, Suite, Case) ->
+%%% in the list of tuples returned from <code>Suite:group(GroupName)</code>
+%%% or <code>Suite:Case()</code>.
+userdata(TestDir, Suite, {group,GroupName}) ->
+    case make_and_load(TestDir, Suite) of
+	E = {error,_} ->
+	    E;
+	_ ->
+	    Info = (catch apply(Suite, group, [GroupName])),
+	    get_userdata(Info, "group("++atom_to_list(GroupName)++")")
+    end;
+
+userdata(TestDir, Suite, Case) when is_atom(Case) ->
     case make_and_load(TestDir, Suite) of
 	E = {error,_} ->
 	    E;
@@ -867,6 +978,18 @@ timetrap(Time) ->
     test_server:timetrap(Time).
 
 %%%-----------------------------------------------------------------
+%%% @spec get_timetrap_info() -> {Time,Scale}
+%%%       Time = integer() | infinity
+%%%       Scale = true | false
+%%%
+%%% @doc <p>Read info about the timetrap set for the current test case.
+%%%      <c>Scale</c> indicates if Common Test will attempt to automatically
+%%%      compensate timetraps for runtime delays introduced by e.g. tools like
+%%%      cover.</p>
+get_timetrap_info() ->
+    test_server:get_timetrap_info().
+
+%%%-----------------------------------------------------------------
 %%% @spec sleep(Time) -> ok
 %%%       Time = {hours,Hours} | {minutes,Mins} | {seconds,Secs} | Millisecs | infinity
 %%%       Hours = integer()
diff --git a/lib/common_test/src/ct_config.erl b/lib/common_test/src/ct_config.erl
index fc51aea7f3..9277af5bc1 100644
--- a/lib/common_test/src/ct_config.erl
+++ b/lib/common_test/src/ct_config.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_config_plain.erl b/lib/common_test/src/ct_config_plain.erl
index 6698332379..237df5c8f3 100644
--- a/lib/common_test/src/ct_config_plain.erl
+++ b/lib/common_test/src/ct_config_plain.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_config_xml.erl b/lib/common_test/src/ct_config_xml.erl
index 794174e663..6e0a016161 100644
--- a/lib/common_test/src/ct_config_xml.erl
+++ b/lib/common_test/src/ct_config_xml.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_framework.erl b/lib/common_test/src/ct_framework.erl
index 482c5242ce..c24a7c238b 100644
--- a/lib/common_test/src/ct_framework.erl
+++ b/lib/common_test/src/ct_framework.erl
@@ -27,7 +27,7 @@
 -export([init_tc/3, end_tc/3, end_tc/4, get_suite/2, get_all_cases/1]).
 -export([report/2, warn/1, error_notification/4]).
 
--export([get_logopts/0, format_comment/1, overview_html_header/1]).
+-export([get_logopts/0, format_comment/1, get_html_wrapper/3]).
 
 -export([error_in_suite/1, ct_init_per_group/2, ct_end_per_group/2]).
 
@@ -36,6 +36,10 @@
 -include("ct_event.hrl").
 -include("ct_util.hrl").
 
+-define(val(Key, List), proplists:get_value(Key, List)). 
+-define(val(Key, List, Def), proplists:get_value(Key, List, Def)).
+-define(rev(L), lists:reverse(L)).
+
 %%%-----------------------------------------------------------------
 %%% @spec init_tc(Mod,Func,Args) -> {ok,NewArgs} | {error,Reason} |
 %%%         {skip,Reason} | {auto_skip,Reason}
@@ -48,6 +52,8 @@
 %%% @doc Test server framework callback, called by the test_server
 %%% when a new test case is started.
 init_tc(Mod,Func,Config) ->
+    %% in case Mod == ct_framework, lookup the suite name
+    Suite = get_suite_name(Mod, Config),
     %% check if previous testcase was interpreted and has left
     %% a "dead" trace window behind - if so, kill it
     case ct_util:get_testdata(interpret) of
@@ -57,34 +63,36 @@ init_tc(Mod,Func,Config) ->
 	_ ->
 	    ok
     end,
-	    
     %% check if we need to add defaults explicitly because
     %% there's no init_per_suite exported from Mod
     {InitFailed,DoInit} =
 	case ct_util:get_testdata(curr_tc) of
-	    {Mod,{suite0_failed,_}=Failure} ->
+	    {Suite,{suite0_failed,_}=Failure} ->
 		{Failure,false};
-	    {Mod,_} ->
+	    {?MODULE,_} ->		    % should not really happen
 		{false,false};
-	    _ when Func == init_per_suite ->
+	    {Suite,_} ->	            % Func is not 1st case in suite
 		{false,false};
-	    _ ->
+	    _ when Func == init_per_suite ->	% defaults will be added anyway
+		{false,false};
+	    _ ->				% first case in suite
 		{false,true}
 	end,
     case InitFailed of
 	false ->
-	    ct_util:set_testdata({curr_tc,{Mod,Func}}),
-	    case ct_util:read_suite_data({seq,Mod,Func}) of
+	    ct_util:set_testdata({curr_tc,{Suite,Func}}),
+	    case ct_util:read_suite_data({seq,Suite,Func}) of
 		undefined ->
 		    init_tc1(Mod,Func,Config,DoInit);
 		Seq when is_atom(Seq) ->
-		    case ct_util:read_suite_data({seq,Mod,Seq}) of
+		    case ct_util:read_suite_data({seq,Suite,Seq}) of
 			[Func|TCs] ->		% this is the 1st case in Seq
 			    %% make sure no cases in this seq are marked as failed
 			    %% from an earlier execution in the same suite
-			    lists:foreach(fun(TC) ->
-						  ct_util:save_suite_data({seq,Mod,TC},Seq)
-					  end, TCs);
+			    lists:foreach(
+			      fun(TC) ->
+				      ct_util:save_suite_data({seq,Suite,TC},Seq)
+			      end, TCs);
 			_ ->
 			    ok
 		    end,
@@ -98,6 +106,17 @@ init_tc(Mod,Func,Config) ->
 	    {skip,InitFailed}
     end.	    
 
+init_tc1(?MODULE,error_in_suite,[Config0],_) when is_list(Config0) ->
+    ct_logs:init_tc(false),
+    ct_event:notify(#event{name=tc_start,
+			   node=node(),
+			   data={?MODULE,error_in_suite}}),
+    case ?val(error, Config0) of
+	undefined ->
+	    {skip,"unknown_error_in_suite"};
+	Reason ->
+	    {skip,Reason}
+    end;
 init_tc1(Mod,Func,[Config0],DoInit) when is_list(Config0) ->
     Config1 = 
 	case ct_util:read_suite_data(last_saved_config) of
@@ -122,35 +141,40 @@ init_tc1(Mod,Func,[Config0],DoInit) when is_list(Config0) ->
 	    %% release all name -> key bindings (once per suite)
 	    ct_config:release_allocated()
     end,
-    TestCaseInfo =
-	case catch apply(Mod,Func,[]) of
-	    Result when is_list(Result) -> Result;
-	    _ -> []
-	end,
+
+    GroupPath = ?val(tc_group_path, Config, []),
+    AllGroups =	[?val(tc_group_properties, Config, []) | GroupPath],
+
     %% clear all config data default values set by previous
     %% testcase info function (these should only survive the
     %% testcase, not the whole suite)
-    ct_config:delete_default_config(testcase),
-    case add_defaults(Mod,Func,TestCaseInfo,DoInit) of
+    FuncSpec = group_or_func(Func,Config0),
+    if is_tuple(FuncSpec) ->			% group
+	    ok;
+       true ->
+	    ct_config:delete_default_config(testcase)
+    end,
+    %% in case Mod == ct_framework, lookup the suite name
+    Suite = get_suite_name(Mod, Config),
+    case add_defaults(Mod,Func,AllGroups,DoInit) of
 	Error = {suite0_failed,_} ->
 	    ct_logs:init_tc(false),
-	    FuncSpec = group_or_func(Func,Config0),
 	    ct_event:notify(#event{name=tc_start,
 				   node=node(),
 				   data={Mod,FuncSpec}}),
-	    ct_util:set_testdata({curr_tc,{Mod,Error}}),
+	    ct_util:set_testdata({curr_tc,{Suite,Error}}),
 	    {error,Error};
 	{SuiteInfo,MergeResult} ->
 	    case MergeResult of
 		{error,Reason} when DoInit == false ->
 		    ct_logs:init_tc(false),
-		    FuncSpec = group_or_func(Func,Config0),
 		    ct_event:notify(#event{name=tc_start,
 					   node=node(),
 					   data={Mod,FuncSpec}}),
 		    {skip,Reason};
 		_ ->
-		    init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit)
+		    init_tc2(Mod,Func,SuiteInfo,MergeResult,
+			     Config,DoInit)
 	    end
     end;
 init_tc1(_Mod,_Func,Args,_DoInit) ->
@@ -203,8 +227,9 @@ init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit) ->
     ct_event:notify(#event{name=tc_start,
 			   node=node(),
 			   data={Mod,FuncSpec}}),
-    
-    case catch configure(MergedInfo1,MergedInfo1,SuiteInfo,{Func,DoInit},Config) of
+
+    case catch configure(MergedInfo1,MergedInfo1,SuiteInfo,
+			 {FuncSpec,DoInit},Config) of
 	{suite0_failed,Reason} ->
 	    ct_util:set_testdata({curr_tc,{Mod,{suite0_failed,{require,Reason}}}}),
 	    {skip,{require_failed_in_suite0,Reason}};
@@ -212,7 +237,7 @@ init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit) ->
 	    {auto_skip,{require_failed,Reason}};
 	{'EXIT',Reason} ->
 	    {auto_skip,Reason};
-	{ok, FinalConfig} ->
+	{ok,FinalConfig} ->
 	    case MergeResult of
 		{error,Reason} ->
 		    %% suite0 configure finished now, report that 
@@ -241,19 +266,20 @@ ct_suite_init(Mod, Func, [Config]) when is_list(Config) ->
 	    Else
     end.
 
-add_defaults(Mod,Func,FuncInfo,DoInit) ->
-    case (catch Mod:suite()) of
+add_defaults(Mod,Func, GroupPath, DoInit) ->
+    Suite = get_suite_name(Mod, GroupPath),
+    case (catch Suite:suite()) of
 	{'EXIT',{undef,_}} ->
-	    SuiteInfo = merge_with_suite_defaults(Mod,[]),
+	    SuiteInfo = merge_with_suite_defaults(Suite,[]),
 	    SuiteInfoNoCTH = [I || I <- SuiteInfo, element(1,I) =/= ct_hooks],
-	    case add_defaults1(Mod,Func,FuncInfo,SuiteInfoNoCTH,DoInit) of
+	    case add_defaults1(Mod,Func, GroupPath, SuiteInfoNoCTH, DoInit) of
 		Error = {error,_} -> {SuiteInfo,Error};
 		MergedInfo -> {SuiteInfo,MergedInfo}
 	    end;
 	{'EXIT',Reason} ->
 	    ErrStr = io_lib:format("~n*** ERROR *** "
 				   "~w:suite/0 failed: ~p~n",
-				   [Mod,Reason]),
+				   [Suite,Reason]),
 	    io:format(ErrStr, []),
 	    io:format(user, ErrStr, []),
 	    {suite0_failed,{exited,Reason}};
@@ -262,18 +288,18 @@ add_defaults(Mod,Func,FuncInfo,DoInit) ->
 			      (_) -> false
 			   end, SuiteInfo) of
 		true ->
-		    SuiteInfo1 = merge_with_suite_defaults(Mod,SuiteInfo),
+		    SuiteInfo1 = merge_with_suite_defaults(Suite, SuiteInfo),
 		    SuiteInfoNoCTH = [I || I <- SuiteInfo1,
 					   element(1,I) =/= ct_hooks],
-		    case add_defaults1(Mod,Func,FuncInfo,
-				       SuiteInfoNoCTH,DoInit) of
+		    case add_defaults1(Mod,Func, GroupPath,
+				       SuiteInfoNoCTH, DoInit) of
 			Error = {error,_} -> {SuiteInfo1,Error};
 			MergedInfo -> {SuiteInfo1,MergedInfo}
 		    end;
 		false ->
 		    ErrStr = io_lib:format("~n*** ERROR *** "
 					   "Invalid return value from "
-					   "~w:suite/0: ~p~n", [Mod,SuiteInfo]),
+					   "~w:suite/0: ~p~n", [Suite,SuiteInfo]),
 		    io:format(ErrStr, []),
 		    io:format(user, ErrStr, []),
 		    {suite0_failed,bad_return_value}
@@ -281,57 +307,178 @@ add_defaults(Mod,Func,FuncInfo,DoInit) ->
 	SuiteInfo ->
 	    ErrStr = io_lib:format("~n*** ERROR *** "
 				   "Invalid return value from "
-				   "~w:suite/0: ~p~n", [Mod,SuiteInfo]),
+				   "~w:suite/0: ~p~n", [Suite,SuiteInfo]),
 	    io:format(ErrStr, []),
 	    io:format(user, ErrStr, []),
 	    {suite0_failed,bad_return_value}
     end.
 
-add_defaults1(_Mod,init_per_suite,[],SuiteInfo,_DoInit) ->
-    SuiteInfo;
-
-add_defaults1(Mod,Func,FuncInfo,SuiteInfo,DoInit) ->
-    %% mustn't re-require suite variables in test case info function,
-    %% can result in weird behaviour (suite values get overwritten)
+add_defaults1(Mod,Func, GroupPath, SuiteInfo, DoInit) ->
+    Suite = get_suite_name(Mod, GroupPath),
+    %% GroupPathInfo (for subgroup on level X) =
+    %%     [LevelXGroupInfo, LevelX-1GroupInfo, ..., TopLevelGroupInfo]
+    GroupPathInfo =  
+	lists:map(fun(GroupProps) ->
+			  Name = ?val(name, GroupProps),
+			  case catch Suite:group(Name) of
+			      GrInfo when is_list(GrInfo) -> GrInfo;
+			      _ -> []
+			  end
+		  end, GroupPath),
+    Args = if Func == init_per_group; Func == ct_init_per_group;
+	      Func == end_per_group; Func == ct_end_per_group ->
+		   [?val(name, hd(GroupPath))];
+	      true ->
+		   []
+	   end,
+    TestCaseInfo =
+	case catch apply(Mod,Func,Args) of
+	    TCInfo when is_list(TCInfo) -> TCInfo;
+	    _ -> []
+	end,
+    %% let test case info (also for all config funcs) override group info,
+    %% and lower level group info override higher level info
+    TCAndGroupInfo = [TestCaseInfo | remove_info_in_prev(TestCaseInfo,
+							 GroupPathInfo)],
+    %% find and save require terms found in suite info
     SuiteReqs = 
 	[SDDef || SDDef <- SuiteInfo,
 		  ((require == element(1,SDDef)) or
 		   (default_config == element(1,SDDef)))],
-    FuncReqs =
-	[FIDef || FIDef <- FuncInfo,
-		  require == element(1,FIDef)],
-    case [element(2,Clash) || Clash <- SuiteReqs,
-			      require == element(1, Clash),
-			      true == lists:keymember(element(2,Clash),2,
-						      FuncReqs)] of
+    case check_for_clashes(TestCaseInfo, GroupPathInfo, SuiteReqs) of
 	[] ->
-	    add_defaults2(Mod,Func,FuncInfo,SuiteInfo,SuiteReqs,DoInit);
+	    add_defaults2(Mod,Func, TCAndGroupInfo,SuiteInfo,SuiteReqs, DoInit);
 	Clashes ->
 	    {error,{config_name_already_in_use,Clashes}}
     end.
 
-add_defaults2(Mod,init_per_suite,IPSInfo,SuiteInfo,SuiteReqs,false) ->
-    %% not common practise to use a test case info function for
-    %% init_per_suite (usually handled by suite/0), but let's support
-    %% it just in case...
-    add_defaults2(Mod,init_per_suite,IPSInfo,SuiteInfo,SuiteReqs,true);
-
-add_defaults2(_Mod,_Func,FuncInfo,SuiteInfo,_,false) ->
-    %% include require elements from test case info, but not from suite/0
-    %% (since we've already required those vars)
-    FuncInfo ++
-	[SFDef || SFDef <- SuiteInfo,
-		  require /= element(1,SFDef),
-		  false == lists:keymember(element(1,SFDef),1,FuncInfo)];
-
-add_defaults2(_Mod,_Func,FuncInfo,SuiteInfo,SuiteReqs,true) ->
-    %% We must include require elements from suite/0 here since
-    %% there's no init_per_suite call before this first test case.
-    %% Let other test case info elements override those from suite/0.
-    FuncInfo ++ SuiteReqs ++
-	[SDDef || SDDef <- SuiteInfo,
-		  require /= element(1,SDDef),
-		  false == lists:keymember(element(1,SDDef),1,FuncInfo)].    
+get_suite_name(?MODULE, [Cfg|_]) when is_list(Cfg), Cfg /= [] ->
+    get_suite_name(?MODULE, Cfg);
+
+get_suite_name(?MODULE, Cfg) when is_list(Cfg), Cfg /= [] ->
+    case ?val(tc_group_properties, Cfg) of
+	undefined ->
+	    case ?val(suite, Cfg) of
+		undefined -> ?MODULE;
+		Suite -> Suite
+	    end;
+	GrProps ->
+	    case ?val(suite, GrProps) of
+		undefined -> ?MODULE;
+		Suite -> Suite
+	    end
+    end;
+get_suite_name(Mod, _) ->
+    Mod.
+
+%% Check that alias names are not already in use
+check_for_clashes(TCInfo, GrPathInfo, SuiteInfo) ->
+    {CurrGrInfo,SearchIn} = case GrPathInfo of
+				[] -> {[],[SuiteInfo]};
+				[Curr|Path] -> {Curr,[SuiteInfo|Path]}
+			    end,
+    ReqNames = fun(Info) -> [element(2,R) || R <- Info,
+					     size(R) == 3,
+					     require == element(1,R)]
+	       end,
+    ExistingNames = lists:flatten([ReqNames(L)  || L <- SearchIn]),
+    CurrGrReqNs = ReqNames(CurrGrInfo),
+    GrClashes = [Name || Name <- CurrGrReqNs,
+			 true == lists:member(Name, ExistingNames)],
+    AllReqNs = CurrGrReqNs ++ ExistingNames,
+    TCClashes = [Name || Name <- ReqNames(TCInfo),
+			 true == lists:member(Name, AllReqNs)],
+    TCClashes ++ GrClashes.
+
+%% Delete the info terms in Terms from all following info lists
+remove_info_in_prev(Terms, [[] | Rest]) ->
+    [[] | remove_info_in_prev(Terms, Rest)];
+remove_info_in_prev(Terms, [Info | Rest]) ->
+    UniqueInInfo = [U || U <- Info,
+			  ((timetrap == element(1,U)) and
+			   (not lists:keymember(timetrap,1,Terms))) or 
+			  ((require == element(1,U)) and
+			   (not lists:member(U,Terms))) or
+			  ((default_config == element(1,U)) and
+                           (not keysmember([default_config,1,
+					    element(2,U),2], Terms)))],
+    OtherTermsInInfo = [T || T <- Info,
+			     timetrap /= element(1,T),
+			     require /= element(1,T),
+			     default_config /= element(1,T),
+			     false == lists:keymember(element(1,T),1,
+						      Terms)],
+    KeptInfo = UniqueInInfo ++ OtherTermsInInfo,
+    [KeptInfo | remove_info_in_prev(Terms ++ KeptInfo, Rest)];
+remove_info_in_prev(_, []) ->
+    [].
+
+keysmember([Key,Pos|Next], List) ->
+    case [Elem || Elem <- List, Key == element(Pos,Elem)] of
+	[]    -> false;
+	Found -> keysmember(Next, Found)
+    end;
+keysmember([], _) -> true.
+
+
+add_defaults2(Mod,init_per_suite, IPSInfo, SuiteInfo,SuiteReqs, false) ->
+    add_defaults2(Mod,init_per_suite, IPSInfo, SuiteInfo,SuiteReqs, true);
+
+add_defaults2(_Mod,IPG, IPGAndGroupInfo, SuiteInfo,SuiteReqs, DoInit) when
+      IPG == init_per_group ; IPG == ct_init_per_group ->
+    %% If DoInit == true, we have to process the suite() list, otherwise
+    %% it has already been handled (see clause for init_per_suite)
+    case DoInit of		
+	true ->
+	    %% note: we know for sure this is a top level group
+	    Info = lists:flatten([IPGAndGroupInfo, SuiteReqs]),
+	    Info ++ remove_info_in_prev(Info, [SuiteInfo]);
+	false ->
+	    SuiteInfo1 =
+		remove_info_in_prev(lists:flatten([IPGAndGroupInfo,
+						   SuiteReqs]), [SuiteInfo]),
+	    %% don't require terms in prev groups (already processed)
+	    case IPGAndGroupInfo of
+		[IPGInfo] ->
+		    lists:flatten([IPGInfo,SuiteInfo1]);
+		[IPGInfo | [CurrGroupInfo | PrevGroupInfo]] ->
+		    PrevGroupInfo1 = delete_require_terms(PrevGroupInfo),
+		    lists:flatten([IPGInfo,CurrGroupInfo,PrevGroupInfo1,
+				   SuiteInfo1])
+	    end
+    end;
+
+add_defaults2(_Mod,_Func, TCAndGroupInfo, SuiteInfo,SuiteReqs, false) ->
+    %% Include require elements from test case info and current group,
+    %% but not from previous groups or suite/0 (since we've already required
+    %% those vars). Let test case info elements override group and suite
+    %% info elements.
+    SuiteInfo1 = remove_info_in_prev(lists:flatten([TCAndGroupInfo,
+						    SuiteReqs]), [SuiteInfo]),
+    %% don't require terms in prev groups (already processed)
+    case TCAndGroupInfo of
+	[TCInfo] ->
+	    lists:flatten([TCInfo,SuiteInfo1]);
+	[TCInfo | [CurrGroupInfo | PrevGroupInfo]] ->
+	    PrevGroupInfo1 = delete_require_terms(PrevGroupInfo),
+	    lists:flatten([TCInfo,CurrGroupInfo,PrevGroupInfo1,
+			   SuiteInfo1])
+    end;
+
+add_defaults2(_Mod,_Func, TCInfo, SuiteInfo,SuiteReqs, true) ->
+    %% Here we have to process the suite info list also (no call to
+    %% init_per_suite before this first test case). This TC can't belong
+    %% to a group, or the clause for (ct_)init_per_group would've caught this.
+    Info = lists:flatten([TCInfo, SuiteReqs]),
+    lists:flatten([Info,remove_info_in_prev(Info, [SuiteInfo])]).
+
+delete_require_terms([Info | Prev]) ->
+    Info1 = [T || T <- Info, 
+		  require /= element(1,T),
+		  default_config /= element(1,T)],
+    [Info1 | delete_require_terms(Prev)];
+delete_require_terms([]) ->
+    [].
 
 merge_with_suite_defaults(Mod,SuiteInfo) ->
     case lists:keysearch(suite_defaults,1,Mod:module_info(attributes)) of
@@ -355,16 +502,17 @@ timetrap_first([Trap = {timetrap,_} | Rest],Info,Found) ->
 timetrap_first([Other | Rest],Info,Found) ->
     timetrap_first(Rest,[Other | Info],Found);
 timetrap_first([],Info,[]) ->
-    [{timetrap,{minutes,30}} | lists:reverse(Info)];
+    [{timetrap,{minutes,30}} | ?rev(Info)];
 timetrap_first([],Info,Found) ->
-    lists:reverse(Found) ++ lists:reverse(Info).
+    ?rev(Found) ++ ?rev(Info).
 
 configure([{require,Required}|Rest],Info,SuiteInfo,Scope,Config) ->
     case ct:require(Required) of
 	ok ->
 	    configure(Rest,Info,SuiteInfo,Scope,Config);
 	Error = {error,Reason} ->
-	    case required_default('_UNDEF',Required,Info,SuiteInfo,Scope) of
+	    case required_default('_UNDEF',Required,Info,
+				  SuiteInfo,Scope) of
 		ok ->
 		    configure(Rest,Info,SuiteInfo,Scope,Config);
 		_ ->
@@ -406,18 +554,24 @@ configure([],_,_,_,Config) ->
     {ok,[Config]}.
 
 %% the require element in Info may come from suite/0 and
-%% should be scoped 'suite', or come from the testcase info
-%% function and should then be scoped 'testcase'
-required_default(Name,Key,Info,SuiteInfo,{Func,true}) ->
+%% should be scoped 'suite', or come from the group info
+%% function and be scoped 'group', or come from the testcase
+%% info function and then be scoped 'testcase'
+
+required_default(Name,Key,Info,SuiteInfo,{FuncSpec,true}) ->
     case try_set_default(Name,Key,SuiteInfo,suite) of
 	ok ->
 	    ok;
 	_ ->
-	    required_default(Name,Key,Info,[],{Func,false})
+	    required_default(Name,Key,Info,[],{FuncSpec,false})
     end;
 required_default(Name,Key,Info,_,{init_per_suite,_}) ->
     try_set_default(Name,Key,Info,suite);
-required_default(Name,Key,Info,_,_) ->
+required_default(Name,Key,Info,_,{{init_per_group,GrName,_},_}) ->
+    try_set_default(Name,Key,Info,{group,GrName});
+required_default(Name,Key,Info,_,{{ct_init_per_group,GrName,_},_}) ->
+    try_set_default(Name,Key,Info,{group,GrName});
+required_default(Name,Key,Info,_,_FuncSpec) ->
     try_set_default(Name,Key,Info,testcase).
 
 try_set_default(Name,Key,Info,Where) ->
@@ -484,7 +638,11 @@ end_tc(Mod,Func,TCPid,Result,Args,Return) ->
     ct_util:delete_suite_data(last_saved_config),
     FuncSpec =
 	case group_or_func(Func,Args) of
-	    {_,GroupName,_Props} = Group ->			       
+	    {_,GroupName,_Props} = Group ->
+		if Func == end_per_group; Func == ct_end_per_group ->
+			ct_config:delete_default_config({group,GroupName});
+		   true -> ok
+		end,
 		case lists:keysearch(save_config,1,Args) of
 		    {value,{save_config,SaveConfig}} ->
 			ct_util:save_suite_data(
@@ -703,12 +861,14 @@ mark_as_failed1(_,_,_,[]) ->
     ok.
 
 group_or_func(Func, Config) when Func == init_per_group; 
-				 Func == end_per_group ->
-    case proplists:get_value(tc_group_properties,Config) of
+				 Func == end_per_group;
+				 Func == ct_init_per_group; 
+				 Func == ct_end_per_group ->
+    case ?val(tc_group_properties, Config) of
 	undefined ->
 	    {Func,unknown,[]};
 	GrProps ->
-	    GrName = proplists:get_value(name,GrProps),
+	    GrName = ?val(name,GrProps),
 	    {Func,GrName,proplists:delete(name,GrProps)}
     end;	  
 group_or_func(Func, _Config) ->
@@ -732,7 +892,7 @@ get_suite(Mod, all) ->
 		    %% (and only) test case so we can report Error properly
 		    [{?MODULE,error_in_suite,[[Error]]}];
 		ConfTests ->
-		    get_all(Mod, ConfTests)
+		    get_all(Mod, ConfTests)		    
 	    end;
 	_ ->
 	    E = "Bad return value from "++atom_to_list(Mod)++":groups/0",
@@ -746,7 +906,7 @@ get_suite(Mod, all) ->
 
 %% group
 get_suite(Mod, Group={conf,Props,_Init,TCs,_End}) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     case catch apply(Mod, groups, []) of
 	{'EXIT',_} ->
 	    [Group];
@@ -764,14 +924,25 @@ get_suite(Mod, Group={conf,Props,_Init,TCs,_End}) ->
 			    %% a *subgroup* specified *only* as skipped (and not
 			    %% as an explicit test) should not be returned, or
 			    %% init/end functions for top groups will be executed
-			    case catch proplists:get_value(name, element(2, hd(ConfTests))) of
+			    case catch ?val(name, element(2, hd(ConfTests))) of
 				Name ->		% top group
 				    delete_subs(ConfTests, ConfTests);
 				_ ->
 				    []
 			    end;
 			false ->
-			    delete_subs(ConfTests, ConfTests)
+			    ConfTests1 = delete_subs(ConfTests, ConfTests),
+			    case ?val(override, Props) of
+				undefined ->
+				    ConfTests1;
+				[] ->
+				    ConfTests1;
+				ORSpec ->
+				    ORSpec1 = if is_tuple(ORSpec) -> [ORSpec];
+						 true -> ORSpec end,
+				    search_and_override(ConfTests1,
+							ORSpec1, Mod)
+			    end							      
 		    end
 	    end;
 	_ ->
@@ -793,13 +964,12 @@ get_all_cases(Suite) ->
 	    {error,Error};
 	Tests ->
 	    Cases = get_all_cases1(Suite, Tests),
-	    lists:reverse(
-	      lists:foldl(fun(TC, TCs) ->
-				  case lists:member(TC, TCs) of
+	    ?rev(lists:foldl(fun(TC, TCs) ->
+				     case lists:member(TC, TCs) of
 				      true  -> TCs;
-				      false -> [TC | TCs]
-				  end
-			  end, [], Cases))
+					 false -> [TC | TCs]
+				     end
+			     end, [], Cases))
     end.
 
 get_all_cases1(Suite, [{conf,_Props,_Init,GrTests,_End} | Tests]) ->
@@ -918,14 +1088,14 @@ delete_subs([], All) ->
     All.
 
 delete_conf({conf,Props,_,_,_}, Confs) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     [Conf || Conf = {conf,Props0,_,_,_} <- Confs,
-	     Name =/= proplists:get_value(name, Props0)].
+	     Name =/= ?val(name, Props0)].
 
 is_sub({conf,Props,_,_,_}=Conf, [{conf,_,_,Tests,_} | Confs]) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     case lists:any(fun({conf,Props0,_,_,_}) ->
-			   case proplists:get_value(name, Props0) of
+			   case ?val(name, Props0) of
 			       N when N == Name ->
 				   true;
 			       _ ->
@@ -1078,29 +1248,116 @@ expand_groups([H | T], ConfTests, Mod) ->
 expand_groups([], _ConfTests, _Mod) ->
     [];
 expand_groups({group,Name}, ConfTests, Mod) ->
-    FindConf = 
-	fun({conf,Props,_,_,_}) ->
-		case proplists:get_value(name, Props) of
-		    Name -> true;
-		    _    -> false
+    expand_groups({group,Name,default,[]}, ConfTests, Mod);
+expand_groups({group,Name,default}, ConfTests, Mod) ->
+    expand_groups({group,Name,default,[]}, ConfTests, Mod);
+expand_groups({group,Name,ORProps}, ConfTests, Mod) when is_list(ORProps) ->
+    expand_groups({group,Name,ORProps,[]}, ConfTests, Mod);
+expand_groups({group,Name,ORProps,SubORSpec}, ConfTests, Mod) ->
+    FindConf =
+	fun(Conf = {conf,Props,Init,Ts,End}) ->
+		case ?val(name, Props) of
+		    Name when ORProps == default ->
+			[Conf];
+		    Name ->
+			[{conf,[{name,Name}|ORProps],Init,Ts,End}];
+		    _    -> 
+			[]
 		end
 	end,					 
-    case lists:filter(FindConf, ConfTests) of
-	[ConfTest|_] ->
-	    expand_groups(ConfTest, ConfTests, Mod);
+    case lists:flatmap(FindConf, ConfTests) of
 	[] ->
-	    E = "Invalid reference to group "++
-		atom_to_list(Name)++" in "++
-		atom_to_list(Mod)++":all/0",
-	    throw({error,list_to_atom(E)})
+	    throw({error,invalid_ref_msg(Name, Mod)});
+	Matching when SubORSpec == [] -> 
+	    Matching;
+	Matching -> 
+	    override_props(Matching, SubORSpec, Name,Mod)
     end;
 expand_groups(SeqOrTC, _ConfTests, _Mod) ->
     SeqOrTC.
 
+%% search deep for the matching conf test and modify it and any 
+%% sub tests according to the override specification
+search_and_override([Conf = {conf,Props,Init,Tests,End}], ORSpec, Mod) ->
+    Name = ?val(name, Props),
+    case lists:keysearch(Name, 1, ORSpec) of
+	{value,{Name,default}} ->
+	    [Conf];
+	{value,{Name,ORProps}} ->
+	    [{conf,[{name,Name}|ORProps],Init,Tests,End}];
+	{value,{Name,default,[]}} ->
+	    [Conf];
+	{value,{Name,default,SubORSpec}} ->
+	    override_props([Conf], SubORSpec, Name,Mod);
+	{value,{Name,ORProps,SubORSpec}} ->
+	    override_props([{conf,[{name,Name}|ORProps],
+			    Init,Tests,End}], SubORSpec, Name,Mod);
+	_ ->
+	    [{conf,Props,Init,search_and_override(Tests,ORSpec,Mod),End}]
+    end.
+
+%% Modify the Tests element according to the override specification
+override_props([{conf,Props,Init,Tests,End} | Confs], SubORSpec, Name,Mod) ->
+    {Subs,SubORSpec1} = override_sub_props(Tests, [], SubORSpec, Mod),
+    [{conf,Props,Init,Subs,End} | override_props(Confs, SubORSpec1, Name,Mod)];
+override_props([], [], _,_) ->
+    [];
+override_props([], SubORSpec, Name,Mod) ->
+    Es = [invalid_ref_msg(Name, element(1,Spec), Mod) || Spec <- SubORSpec],
+    throw({error,Es}).
+
+override_sub_props([], New, ORSpec, _) ->    
+    {?rev(New),ORSpec};
+override_sub_props([T = {conf,Props,Init,Tests,End} | Ts],
+		   New, ORSpec, Mod) ->
+    Name = ?val(name, Props),
+    case lists:keysearch(Name, 1, ORSpec) of
+	{value,Spec} ->				% group found in spec
+	    Props1 =
+		case element(2, Spec) of
+		    default -> Props;
+		    ORProps -> [{name,Name} | ORProps]
+		end,
+	    case catch element(3, Spec) of
+		Undef when Undef == [] ; 'EXIT' == element(1, Undef) ->
+		    override_sub_props(Ts, [{conf,Props1,Init,Tests,End} | New],
+				       lists:keydelete(Name, 1, ORSpec), Mod);
+		SubORSpec when is_list(SubORSpec) ->
+		    case override_sub_props(Tests, [], SubORSpec, Mod) of
+			{Subs,[]} ->
+			    override_sub_props(Ts, [{conf,Props1,Init,
+						     Subs,End} | New],
+					       lists:keydelete(Name, 1, ORSpec),
+					       Mod);
+			{_,NonEmptySpec} ->
+			    Es = [invalid_ref_msg(Name, element(1, GrRef),
+						  Mod) || GrRef <- NonEmptySpec],
+			    throw({error,Es})
+		    end;
+		BadGrSpec ->
+		    throw({error,{invalid_form,BadGrSpec}})
+	    end;
+	_ ->					% not a group in spec
+	    override_sub_props(Ts, [T | New], ORSpec, Mod)
+    end;
+override_sub_props([TC | Ts], New, ORSpec, Mod) ->
+    override_sub_props(Ts, [TC | New], ORSpec, Mod).
+
+invalid_ref_msg(Name, Mod) ->
+    E = "Invalid reference to group "++
+	atom_to_list(Name)++" in "++
+	atom_to_list(Mod)++":all/0",
+    list_to_atom(E).
+
+invalid_ref_msg(Name0, Name1, Mod) ->
+    E = "Invalid reference to group "++
+	atom_to_list(Name1)++" from "++atom_to_list(Name0)++
+	" in "++atom_to_list(Mod)++":all/0",
+    list_to_atom(E).
 
 %%!============================================================
 %%! The support for sequences by means of using sequences/0
-%%! will be removed in OTP R14. The code below is only kept 
+%%! will be removed in OTP R15. The code below is only kept 
 %%! for backwards compatibility. From OTP R13 groups with
 %%! sequence property should be used instead!
 %%!============================================================
@@ -1234,8 +1491,8 @@ report(What,Data) ->
 	loginfo ->
 	    %% logfiles and direcories have been created for a test and the
 	    %% top level test index page needs to be refreshed
-	    TestName = filename:basename(proplists:get_value(topdir, Data), ".logs"),
-	    RunDir = proplists:get_value(rundir, Data),
+	    TestName = filename:basename(?val(topdir, Data), ".logs"),
+	    RunDir = ?val(rundir, Data),
 	    ct_logs:make_all_suites_index({TestName,RunDir}),
 	    ok;
 	tests_start ->
@@ -1274,6 +1531,10 @@ report(What,Data) ->
 	tests_done ->
 	    ok;
 	tc_start ->
+	    %% Data = {{Suite,Func},LogFileName}
+	    ct_event:sync_notify(#event{name=tc_logfile,
+					node=node(),
+					data=Data}),
 	    ok;
 	tc_done ->
 	    {_Suite,Case,Result} = Data,
@@ -1337,11 +1598,24 @@ report(What,Data) ->
 					node=node(),
 					data=Data}),
 	    ct_hooks:on_tc_skip(What, Data),
-	    if Case /= end_per_suite, Case /= end_per_group -> 
+	    if Case /= end_per_suite, 
+	       Case /= end_per_group,
+	       Case /= ct_end_per_group -> 
 		    add_to_stats(auto_skipped);
 	       true -> 
 		    ok
 	    end;
+	framework_error ->
+	    case Data of
+		{{M,F},E} ->
+		    ct_event:sync_notify(#event{name=tc_done,
+						node=node(),
+						data={M,F,{framework_error,E}}});
+		_ ->
+		    ct_event:sync_notify(#event{name=tc_done,
+						node=node(),
+						data=Data})
+	    end;
 	_ ->
 	    ok
     end,
@@ -1411,30 +1685,6 @@ format_comment(Comment) ->
     "<font color=\"green\">" ++ Comment ++ "</font>".
 
 %%%-----------------------------------------------------------------
-%%% @spec overview_html_header(TestName) -> Header
-overview_html_header(TestName) ->
-    TestName1 = lists:flatten(io_lib:format("~p", [TestName])),
-    Label = case application:get_env(common_test, test_label) of
-		{ok,Lbl} when Lbl =/= undefined ->
-		    "<H1><FONT color=\"green\">" ++ Lbl ++ "</FONT></H1>\n";
-		_        ->
-		    ""
-	    end,
-    Bgr = case ct_logs:basic_html() of
-	      true ->
-		  "";
-	      false ->
-		  CTPath = code:lib_dir(common_test),
-		  TileFile = filename:join(filename:join(CTPath,"priv"),"tile1.jpg"),
-		  " background=\"" ++ TileFile ++ "\""
-	  end,
-
-    ["<html>\n",
-     "<head><title>Test ", TestName1, " results</title>\n",
-     "<meta http-equiv=\"cache-control\" content=\"no-cache\">\n",
-     "</head>\n",
-     "<body", Bgr, " bgcolor=\"white\" text=\"black\" ",
-     "link=\"blue\" vlink=\"purple\" alink=\"red\">\n",
-     Label,
-     "<H2>Results from test ", TestName1, "</H2>\n"].
-
+%%% @spec get_html_wrapper(TestName, PrintLabel, Cwd) -> Header
+get_html_wrapper(TestName, PrintLabel, Cwd) ->
+    ct_logs:get_ts_html_wrapper(TestName, PrintLabel, Cwd).
diff --git a/lib/common_test/src/ct_hooks.erl b/lib/common_test/src/ct_hooks.erl
index f243b87f54..c42adbbdd9 100644
--- a/lib/common_test/src/ct_hooks.erl
+++ b/lib/common_test/src/ct_hooks.erl
@@ -34,6 +34,12 @@
 %% If you change this, remember to update ct_util:look -> stop clause as well.
 -define(config_name, ct_hooks).
 
+%% All of the hooks which are to be started by default. Remove by issuing
+%% -enable_builtin_hooks false to when starting common test.
+-define(BUILTIN_HOOKS,[#ct_hook_config{ module = cth_log_redirect,
+					opts = [],
+					prio = ctfirst }]).
+
 -record(ct_hook_config, {id, module, prio, scope, opts = [], state = []}).
 
 %% -------------------------------------------------------------------------
@@ -44,7 +50,8 @@
 -spec init(State :: term()) -> ok |
 			       {error, Reason :: term()}.
 init(Opts) ->
-    call(get_new_hooks(Opts, undefined), ok, init, []).
+    call(get_new_hooks(Opts, undefined) ++ get_builtin_hooks(Opts),
+	 ok, init, []).
 		      
 
 %% @doc Called after all suites are done.
@@ -171,8 +178,9 @@ call_generic(#ct_hook_config{ module = Mod, state = State} = Hook,
 call(Fun, Config, Meta) ->
     maybe_lock(),
     Hooks = get_hooks(),
-    Res = call(get_new_hooks(Config, Fun) ++
-		   [{HookId,Fun} || #ct_hook_config{id = HookId} <- Hooks],
+    Calls = get_new_hooks(Config, Fun) ++
+	[{HookId,Fun} || #ct_hook_config{id = HookId} <- Hooks],
+    Res = call(resort(Calls,Hooks,Meta),
 	       remove(?config_name,Config), Meta, Hooks),
     maybe_unlock(),
     Res.
@@ -198,7 +206,7 @@ call([{Hook, call_id, NextFun} | Rest], Config, Meta, Hooks) ->
 		    {Hooks ++ [NewHook],
 		     [{NewId, call_init}, {NewId,NextFun} | Rest]}
 	    end,
-	call(resort(NewRest,NewHooks), Config, Meta, NewHooks)
+	call(resort(NewRest,NewHooks,Meta), Config, Meta, NewHooks)
     catch Error:Reason ->
 	    Trace = erlang:get_stacktrace(),
 	    ct_logs:log("Suite Hook","Failed to start a CTH: ~p:~p",
@@ -214,7 +222,7 @@ call([{HookId, Fun} | Rest], Config, Meta, Hooks) ->
         {NewConf, NewHook} =  Fun(Hook, Config, Meta),
         NewCalls = get_new_hooks(NewConf, Fun),
         NewHooks = lists:keyreplace(HookId, #ct_hook_config.id, Hooks, NewHook),
-        call(resort(NewCalls ++ Rest,NewHooks), %% Resort if call_init changed prio
+        call(resort(NewCalls ++ Rest,NewHooks,Meta), %% Resort if call_init changed prio
 	     remove(?config_name, NewConf), Meta,
              terminate_if_scope_ends(HookId, Meta, NewHooks))
     catch throw:{error_in_cth_call,Reason} ->
@@ -283,6 +291,14 @@ get_new_hooks(Config) when is_list(Config) ->
 get_new_hooks(_Config) ->
     [].
 
+get_builtin_hooks(Opts) ->
+    case proplists:get_value(enable_builtin_hooks,Opts) of
+	false ->
+	    [];
+	_Else ->
+	    [{HookConf, call_id, undefined} || HookConf <- ?BUILTIN_HOOKS]
+    end.
+
 save_suite_data_async(Hooks) ->
     ct_util:save_suite_data_async(?config_name, Hooks).
 
@@ -290,9 +306,21 @@ get_hooks() ->
     lists:keysort(#ct_hook_config.prio,ct_util:read_suite_data(?config_name)).
 
 %% Sort all calls in this order:
-%% call_id < call_init < Hook Priority 1 < .. < Hook Priority N
+%% call_id < call_init < ctfirst < Priority 1 < .. < Priority N < ctlast
 %% If Hook Priority is equal, check when it has been installed and
 %% sort on that instead.
+%% If we are doing a cleanup call i.e. {post,pre}_end_per_*, all priorities
+%% are reversed. Probably want to make this sorting algorithm pluginable
+%% as some point...
+resort(Calls,Hooks,[F|_R]) when F == post_end_per_testcase;
+				F == pre_end_per_group;
+				F == post_end_per_group;
+				F == pre_end_per_suite;
+				F == post_end_per_suite ->
+    lists:reverse(resort(Calls,Hooks));
+resort(Calls,Hooks,_Meta) ->
+    resort(Calls,Hooks).
+    
 resort(Calls, Hooks) ->
     lists:sort(
       fun({_,_,_},_) ->
@@ -311,6 +339,14 @@ resort(Calls, Hooks) ->
 		      %% If priorities are equal, we check the position in the
 		      %% hooks list
 		      pos(Id1,Hooks) < pos(Id2,Hooks);
+		  P1 == ctfirst ->
+		      true;
+		  P2 == ctfirst ->
+		      false;
+		  P1 == ctlast ->
+		      false;
+		  P2 == ctlast ->
+		      true;
 		  true ->
 		      P1 < P2
 	      end
@@ -331,7 +367,7 @@ catch_apply(M,F,A, Default) ->
     catch error:Reason ->
 	    case erlang:get_stacktrace() of
             %% Return the default if it was the CTH module which did not have the function.
-		[{M,F,A}|_] when Reason == undef ->
+		[{M,F,A,_}|_] when Reason == undef ->
 		    Default;
 		Trace ->
 		    ct_logs:log("Suite Hook","Call to CTH failed: ~p:~p",
diff --git a/lib/common_test/src/ct_line.erl b/lib/common_test/src/ct_line.erl
deleted file mode 100644
index 4af9da5463..0000000000
--- a/lib/common_test/src/ct_line.erl
+++ /dev/null
@@ -1,266 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-
-%%% @doc Parse transform for inserting line numbers
-
--module(ct_line).
-
--record(vars, {module,                      % atom() Module name
-	       vsn,                         % atom()
-	       
-	       init_info=[],                % [{M,F,A,C,L}]
-
-	       function,                    % atom()
-	       arity,                       % int()
-	       clause,                      % int()
-	       lines,                       % [int()]
-	       depth,                       % int()
-	       is_guard=false               % boolean
-	      }).
-
--export([parse_transform/2,
-	line/1]).
-
-line(LOC={{Mod,Func},_Line}) ->
-    Lines = case get(test_server_loc) of
-		[{{Mod,Func},_}|Ls] -> 
-		    Ls;
-		Ls when is_list(Ls) -> 
-		    case length(Ls) of
-			10 ->
-			    [_|T]=lists:reverse(Ls),
-			    lists:reverse(T);
-			_ ->
-			    Ls
-		    end;
-		_ -> 
-		    [] 
-	    end,
-    put(test_server_loc,[LOC|Lines]).
-
-parse_transform(Forms, _Options) ->
-    transform(Forms, _Options).
-
-%% forms(Fs) -> lists:map(fun (F) -> form(F) end, Fs).
-
-transform(Forms, _Options)->
-    Vars0 = #vars{},
-    {ok, MungedForms, _Vars} = transform(Forms, [], Vars0),
-    MungedForms.
-    
-
-transform([Form|Forms], MungedForms, Vars) ->
-    case munge(Form, Vars) of
-	ignore ->
-	    transform(Forms, MungedForms, Vars);
-	{MungedForm, Vars2} ->
-	    transform(Forms, [MungedForm|MungedForms], Vars2)
-    end;
-transform([], MungedForms, Vars) ->
-    {ok, lists:reverse(MungedForms), Vars}.
-
-%% This code traverses the abstract code, stored as the abstract_code
-%% chunk in the BEAM file, as described in absform(3) for Erlang/OTP R8B
-%% (Vsn=abstract_v2).
-%% The abstract format after preprocessing differs slightly from the abstract
-%% format given eg using epp:parse_form, this has been noted in comments.
-munge(Form={attribute,_,module,Module}, Vars) ->
-    Vars2 = Vars#vars{module=Module},
-    {Form, Vars2};
-
-munge({function,0,module_info,_Arity,_Clauses}, _Vars) ->
-    ignore; % module_info will be added again when the forms are recompiled
-munge({function,Line,Function,Arity,Clauses}, Vars) ->
-    Vars2 = Vars#vars{function=Function,
-		      arity=Arity,
-		      clause=1,
-		      lines=[],
-		      depth=1},
-    {MungedClauses, Vars3} = munge_clauses(Clauses, Vars2, []),
-    {{function,Line,Function,Arity,MungedClauses}, Vars3};
-munge(Form, Vars) -> % attributes
-    {Form, Vars}.
-
-munge_clauses([{clause,Line,Pattern,Guards,Body}|Clauses], Vars, MClauses) ->
-    {MungedGuards, _Vars} = munge_exprs(Guards, Vars#vars{is_guard=true},[]),
-
-    case Vars#vars.depth of
-	1 -> % function clause
-	    {MungedBody, Vars2} = munge_body(Body, Vars#vars{depth=2}, []),
-	    ClauseInfo = {Vars2#vars.module,
-			  Vars2#vars.function,
-			  Vars2#vars.arity,
-			  Vars2#vars.clause,
-			  length(Vars2#vars.lines)},
-	    InitInfo = [ClauseInfo | Vars2#vars.init_info],
-	    Vars3 = Vars2#vars{init_info=InitInfo,
-			       clause=(Vars2#vars.clause)+1,
-			       lines=[],
-			       depth=1},
-	    munge_clauses(Clauses, Vars3,
-			  [{clause,Line,Pattern,MungedGuards,MungedBody}|
-			   MClauses]);
-
-	2 -> % receive-,  case- or if clause
-	    {MungedBody, Vars2} = munge_body(Body, Vars, []),
-	    munge_clauses(Clauses, Vars2,
-			  [{clause,Line,Pattern,MungedGuards,MungedBody}|
-			   MClauses])
-    end;
-munge_clauses([], Vars, MungedClauses) -> 
-    {lists:reverse(MungedClauses), Vars}.
-
-munge_body([Expr|Body], Vars, MungedBody) ->
-    %% Here is the place to add a call to cover:bump/6!
-    Line = element(2, Expr),
-    Lines = Vars#vars.lines,
-    case lists:member(Line,Lines) of
-	true -> % already a bump at this line!
-	    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-	    munge_body(Body, Vars2, [MungedExpr|MungedBody]);
-	false ->
-	    Bump = {call, 0, {remote,0,{atom,0,?MODULE},{atom,0,line}},
-		    [{tuple,0,[{tuple,0,[{atom,0,Vars#vars.module},
-					 {atom, 0, Vars#vars.function}]},
-		     {integer, 0, Line}]}]},
-	    Lines2 = [Line|Lines],
-
-	    {MungedExpr, Vars2} = munge_expr(Expr, Vars#vars{lines=Lines2}),
-	    munge_body(Body, Vars2, [MungedExpr,Bump|MungedBody])
-    end;
-munge_body([], Vars, MungedBody) ->
-    {lists:reverse(MungedBody), Vars}.
-
-munge_expr({match,Line,ExprL,ExprR}, Vars) ->
-    {MungedExprL, Vars2} = munge_expr(ExprL, Vars),
-    {MungedExprR, Vars3} = munge_expr(ExprR, Vars2),
-    {{match,Line,MungedExprL,MungedExprR}, Vars3};
-munge_expr({tuple,Line,Exprs}, Vars) ->
-    {MungedExprs, Vars2} = munge_exprs(Exprs, Vars, []),
-    {{tuple,Line,MungedExprs}, Vars2};
-munge_expr({record,Line,Expr,Exprs}, Vars) ->
-    %% Only for Vsn=raw_abstract_v1
-    {MungedExprName, Vars2} = munge_expr(Expr, Vars),
-    {MungedExprFields, Vars3} = munge_exprs(Exprs, Vars2, []),
-    {{record,Line,MungedExprName,MungedExprFields}, Vars3};
-munge_expr({record_field,Line,ExprL,ExprR}, Vars) ->
-    %% Only for Vsn=raw_abstract_v1
-    {MungedExprL, Vars2} = munge_expr(ExprL, Vars),
-    {MungedExprR, Vars3} = munge_expr(ExprR, Vars2),
-    {{record_field,Line,MungedExprL,MungedExprR}, Vars3};
-munge_expr({cons,Line,ExprH,ExprT}, Vars) ->
-    {MungedExprH, Vars2} = munge_expr(ExprH, Vars),
-    {MungedExprT, Vars3} = munge_expr(ExprT, Vars2),
-    {{cons,Line,MungedExprH,MungedExprT}, Vars3};
-munge_expr({op,Line,Op,ExprL,ExprR}, Vars) ->
-    {MungedExprL, Vars2} = munge_expr(ExprL, Vars),
-    {MungedExprR, Vars3} = munge_expr(ExprR, Vars2),
-    {{op,Line,Op,MungedExprL,MungedExprR}, Vars3};
-munge_expr({op,Line,Op,Expr}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {{op,Line,Op,MungedExpr}, Vars2};
-munge_expr({'catch',Line,Expr}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {{'catch',Line,MungedExpr}, Vars2};
-munge_expr({call,Line1,{remote,Line2,ExprM,ExprF},Exprs},
-	   Vars) when Vars#vars.is_guard==false->
-    {MungedExprM, Vars2} = munge_expr(ExprM, Vars),
-    {MungedExprF, Vars3} = munge_expr(ExprF, Vars2),
-    {MungedExprs, Vars4} = munge_exprs(Exprs, Vars3, []),
-    {{call,Line1,{remote,Line2,MungedExprM,MungedExprF},MungedExprs}, Vars4};
-munge_expr({call,Line1,{remote,_Line2,_ExprM,ExprF},Exprs},
-	   Vars) when Vars#vars.is_guard==true ->
-    %% Difference in abstract format after preprocessing: BIF calls in guards
-    %% are translated to {remote,...} (which is not allowed as source form)
-    %% NOT NECESSARY FOR Vsn=raw_abstract_v1
-    munge_expr({call,Line1,ExprF,Exprs}, Vars);
-munge_expr({call,Line,Expr,Exprs}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {MungedExprs, Vars3} = munge_exprs(Exprs, Vars2, []),
-    {{call,Line,MungedExpr,MungedExprs}, Vars3};
-munge_expr({lc,Line,Expr,LC}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {MungedLC, Vars3} = munge_lc(LC, Vars2, []),
-    {{lc,Line,MungedExpr,MungedLC}, Vars3};
-munge_expr({block,Line,Body}, Vars) ->
-    {MungedBody, Vars2} = munge_body(Body, Vars, []),
-    {{block,Line,MungedBody}, Vars2};
-munge_expr({'if',Line,Clauses}, Vars) -> 
-    {MungedClauses,Vars2} = munge_clauses(Clauses, Vars, []),
-    {{'if',Line,MungedClauses}, Vars2};
-munge_expr({'case',Line,Expr,Clauses}, Vars) ->
-    {MungedExpr,Vars2} = munge_expr(Expr,Vars),
-    {MungedClauses,Vars3} = munge_clauses(Clauses, Vars2, []),
-    {{'case',Line,MungedExpr,MungedClauses}, Vars3};
-munge_expr({'receive',Line,Clauses}, Vars) -> 
-    {MungedClauses,Vars2} = munge_clauses(Clauses, Vars, []),
-    {{'receive',Line,MungedClauses}, Vars2};
-munge_expr({'receive',Line,Clauses,Expr,Body}, Vars) ->
-    {MungedClauses,Vars2} = munge_clauses(Clauses, Vars, []),
-    {MungedExpr, Vars3} = munge_expr(Expr, Vars2),
-    {MungedBody, Vars4} = munge_body(Body, Vars3, []),
-    {{'receive',Line,MungedClauses,MungedExpr,MungedBody}, Vars4};
-munge_expr({'try',Line,Exprs,Clauses,CatchClauses}, Vars) ->
-    {MungedExprs, Vars1} = munge_exprs(Exprs, Vars, []),
-    {MungedClauses, Vars2} = munge_clauses(Clauses, Vars1, []),
-    {MungedCatchClauses, Vars3} = munge_clauses(CatchClauses, Vars2, []),
-    {{'try',Line,MungedExprs,MungedClauses,MungedCatchClauses}, Vars3};
-%% Difference in abstract format after preprocessing: Funs get an extra
-%% element Extra.
-%% NOT NECESSARY FOR Vsn=raw_abstract_v1
-munge_expr({'fun',Line,{function,Name,Arity},_Extra}, Vars) ->
-    {{'fun',Line,{function,Name,Arity}}, Vars};
-munge_expr({'fun',Line,{clauses,Clauses},_Extra}, Vars) ->
-    {MungedClauses,Vars2}=munge_clauses(Clauses, Vars, []),
-    {{'fun',Line,{clauses,MungedClauses}}, Vars2};
-munge_expr({'fun',Line,{clauses,Clauses}}, Vars) ->
-    %% Only for Vsn=raw_abstract_v1
-    {MungedClauses,Vars2}=munge_clauses(Clauses, Vars, []),
-    {{'fun',Line,{clauses,MungedClauses}}, Vars2};
-munge_expr(Form, Vars) -> % var|char|integer|float|string|atom|nil|bin|eof
-    {Form, Vars}.
-
-munge_exprs([Expr|Exprs], Vars, MungedExprs) when Vars#vars.is_guard==true,
-						  is_list(Expr) ->
-    {MungedExpr, _Vars} = munge_exprs(Expr, Vars, []),
-    munge_exprs(Exprs, Vars, [MungedExpr|MungedExprs]);
-munge_exprs([Expr|Exprs], Vars, MungedExprs) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    munge_exprs(Exprs, Vars2, [MungedExpr|MungedExprs]);
-munge_exprs([], Vars, MungedExprs) ->
-    {lists:reverse(MungedExprs), Vars}.
-
-munge_lc([{generate,Line,Pattern,Expr}|LC], Vars, MungedLC) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    munge_lc(LC, Vars2, [{generate,Line,Pattern,MungedExpr}|MungedLC]);
-munge_lc([Expr|LC], Vars, MungedLC) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    munge_lc(LC, Vars2, [MungedExpr|MungedLC]);
-munge_lc([], Vars, MungedLC) ->
-    {lists:reverse(MungedLC), Vars}.
-
-
-
-
-
-
-
-
-
-
diff --git a/lib/common_test/src/ct_logs.erl b/lib/common_test/src/ct_logs.erl
index faec461775..19ad7b26d8 100644
--- a/lib/common_test/src/ct_logs.erl
+++ b/lib/common_test/src/ct_logs.erl
@@ -29,14 +29,16 @@
 -module(ct_logs).
 
 -export([init/1,close/2,init_tc/1,end_tc/1]).
--export([get_log_dir/0,log/3,start_log/1,cont_log/2,end_log/0]).
+-export([get_log_dir/0,get_log_dir/1]).
+-export([log/3,start_log/1,cont_log/2,end_log/0]).
 -export([set_stylesheet/2,clear_stylesheet/1]).
 -export([add_external_logs/1,add_link/3]).
 -export([make_last_run_index/0]).
 -export([make_all_suites_index/1,make_all_runs_index/1]).
+-export([get_ts_html_wrapper/3]).
 
 %% Logging stuff directly from testcase
--export([tc_log/3,tc_print/3,tc_pal/3,
+-export([tc_log/3,tc_print/3,tc_pal/3,ct_log/3,
 	 basic_html/0]).
 
 %% Simulate logger process for use without ct environment running
@@ -53,6 +55,7 @@
 -define(all_runs_name, "all_runs.html").
 -define(index_name, "index.html").
 -define(totals_name, "totals.info").
+-define(css_default, "ct_default.css").
 
 -define(table_color1,"#ADD8E6").
 -define(table_color2,"#E4F0FE").
@@ -162,7 +165,12 @@ clear_stylesheet(TC) ->
 %%%-----------------------------------------------------------------
 %%% @spec get_log_dir() -> {ok,Dir} | {error,Reason}
 get_log_dir() ->
-    call(get_log_dir).
+    call({get_log_dir,false}).
+
+%%%-----------------------------------------------------------------
+%%% @spec get_log_dir(ReturnAbsName) -> {ok,Dir} | {error,Reason}
+get_log_dir(ReturnAbsName) ->
+    call({get_log_dir,ReturnAbsName}).
 
 %%%-----------------------------------------------------------------
 %%% make_last_run_index() -> ok
@@ -205,6 +213,7 @@ cast(Msg) ->
 %%% <p>This function is called by ct_framework:init_tc/3</p>
 init_tc(RefreshLog) ->
     call({init_tc,self(),group_leader(),RefreshLog}),
+    io:format(xhtml("", "<br />")),
     ok.
 
 %%%-----------------------------------------------------------------
@@ -374,6 +383,23 @@ tc_pal(Category,Format,Args) ->
     ok.
 
 
+%%%-----------------------------------------------------------------
+%%% @spec tc_pal(Category,Format,Args) -> ok
+%%%      Category = atom()
+%%%      Format = string()
+%%%      Args = list()
+%%%
+%%% @doc Print and log to the ct framework log
+%%%
+%%% <p>This function is called by internal ct functions to
+%%% force logging to the ct framework log</p>
+ct_log(Category,Format,Args) ->
+    cast({ct_log,[{div_header(Category),[]},
+		  {Format,Args},
+		  {div_footer(),[]}]}),
+    ok.
+
+
 %%%=================================================================
 %%% Internal functions
 int_header() ->
@@ -431,7 +457,6 @@ logger(Parent,Mode) ->
 		timer:sleep(1000),
 		Time1 = calendar:local_time(),
 		Dir1 = make_dirname(Time1),
-
 		{Time1,Dir1};
 	    false ->
 		{Time0,Dir0}
@@ -439,8 +464,44 @@ logger(Parent,Mode) ->
     %%! <---
 
     file:make_dir(Dir),
+    AbsDir = ?abs(Dir),
+    put(ct_run_dir, AbsDir),
+
+    case basic_html() of
+	true ->
+	    put(basic_html, true);
+	BasicHtml ->
+	    put(basic_html, BasicHtml),
+	    %% copy stylesheet to log dir (both top dir and test run
+	    %% dir) so logs are independent of Common Test installation
+	    {ok,Cwd} = file:get_cwd(),
+	    CTPath = code:lib_dir(common_test),
+	    CSSFileSrc = filename:join(filename:join(CTPath, "priv"),
+				       ?css_default),
+	    CSSFileDestTop = filename:join(Cwd, ?css_default),
+	    CSSFileDestRun = filename:join(AbsDir, ?css_default),
+	    case file:copy(CSSFileSrc, CSSFileDestTop) of
+		{error,Reason0} ->
+		    io:format(user, "ERROR! "++
+			      "CSS file ~p could not be copied to ~p. "++
+			      "Reason: ~p~n",
+			      [CSSFileSrc,CSSFileDestTop,Reason0]),
+		    exit({css_file_error,CSSFileDestTop});
+		_ ->
+		    case file:copy(CSSFileSrc, CSSFileDestRun) of
+			{error,Reason1} ->
+			    io:format(user, "ERROR! "++
+				      "CSS file ~p could not be copied to ~p. "++
+				      "Reason: ~p~n",
+				      [CSSFileSrc,CSSFileDestRun,Reason1]),
+			    exit({css_file_error,CSSFileDestRun});
+			_ ->
+			    ok
+		    end
+	    end
+    end,
     ct_event:notify(#event{name=start_logging,node=node(),
-			   data=?abs(Dir)}),
+			   data=AbsDir}),
     make_all_runs_index(start),
     make_all_suites_index(start),
     case Mode of
@@ -455,7 +516,7 @@ logger(Parent,Mode) ->
     Parent ! {started,self(),{Time,filename:absname("")}},
     set_evmgr_gl(CtLogFd),
     logger_loop(#logger_state{parent=Parent,
-			      log_dir=Dir,
+			      log_dir=AbsDir,
 			      start_time=Time,
 			      orig_GL=group_leader(),
 			      ct_log_fd=CtLogFd,
@@ -519,12 +580,15 @@ logger_loop(State) ->
 	    set_evmgr_gl(State#logger_state.ct_log_fd),
 	    return(From,ok),
 	    logger_loop(State#logger_state{tc_groupleaders=rm_tc_gl(TCPid,State)});
-	{get_log_dir,From} ->
+	{{get_log_dir,true},From} ->
 	    return(From,{ok,State#logger_state.log_dir}),
 	    logger_loop(State);
+	{{get_log_dir,false},From} ->
+	    return(From,{ok,filename:basename(State#logger_state.log_dir)}),
+	    logger_loop(State);
 	{make_last_run_index,From} ->
 	    make_last_run_index(State#logger_state.start_time),
-	    return(From,State#logger_state.log_dir),
+	    return(From,filename:basename(State#logger_state.log_dir)),
 	    logger_loop(State);
 	{set_stylesheet,_,SSFile} when State#logger_state.stylesheet == SSFile ->
 	    logger_loop(State);
@@ -535,7 +599,12 @@ logger_loop(State) ->
 	{clear_stylesheet,_} when State#logger_state.stylesheet == undefined ->
 	    logger_loop(State);
 	{clear_stylesheet,_} ->
-	    logger_loop(State#logger_state{stylesheet=undefined});	   
+	    logger_loop(State#logger_state{stylesheet=undefined});
+	{ct_log, List} ->
+	    Fd = State#logger_state.ct_log_fd,
+	    [begin io:format(Fd,Str,Args),io:nl(Fd) end ||
+				{Str,Args} <- List],
+	    logger_loop(State);
 	stop ->
 	    io:format(State#logger_state.ct_log_fd,
 		      int_header()++int_footer(),
@@ -635,7 +704,7 @@ set_evmgr_gl(GL) ->
 
 open_ctlog() ->
     {ok,Fd} = file:open(?ct_log_name,[write]),
-    io:format(Fd,header("Common Test Framework"),[]),
+    io:format(Fd, header("Common Test Framework Log"), []),
     case file:consult(ct_run:variables_file_name("../")) of
 	{ok,Vars} ->
 	    io:format(Fd, config_table(Vars), []);
@@ -650,17 +719,22 @@ open_ctlog() ->
     end,
     print_style(Fd,undefined),
     io:format(Fd, 
-	      "<br><br><h2>Progress Log</h2>\n"
-	      "<pre>\n",[]),
+	      xhtml("<br><br><h2>Progress Log</h2>\n<pre>\n",
+		    "<br /><br /><h4>PROGRESS LOG</h4>\n<pre>\n"), []),
     Fd.
 
 print_style(Fd,undefined) ->
-    io:format(Fd,
-	      "<style>\n"
-	      "div.ct_internal { background:lightgrey; color:black }\n"
-	      "div.default     { background:lightgreen; color:black }\n"
-	      "</style>\n",
-	      []);
+    case basic_html() of
+	true ->
+	    io:format(Fd,
+		      "<style>\n"
+		      "div.ct_internal { background:lightgrey; color:black; }\n"
+		      "div.default     { background:lightgreen; color:black; }\n"
+		      "</style>\n",
+		      []);
+	_ ->
+	    ok
+    end;
 
 print_style(Fd,StyleSheet) ->
     case file:read_file(StyleSheet) of
@@ -670,20 +744,19 @@ print_style(Fd,StyleSheet) ->
 		       0 -> string:str(Str,"<STYLE>");
 		       N0 -> N0
 		   end,
-	    case Pos0 of
-		0 -> print_style_error(Fd,StyleSheet,missing_style_tag);
-		_ -> 
-		    Pos1 = case string:str(Str,"</style>") of
-			       0 -> string:str(Str,"</STYLE>");
-			       N1 -> N1
-			   end,
-		    case Pos1 of
-			0 -> 
-			    print_style_error(Fd,StyleSheet,missing_style_end_tag);
-			_ -> 
-			    Style = string:sub_string(Str,Pos0,Pos1+7),
-			    io:format(Fd,"~s\n",[Style])
-		    end
+	    Pos1 = case string:str(Str,"</style>") of
+		       0 -> string:str(Str,"</STYLE>");
+		       N1 -> N1
+		   end,
+	    if (Pos0 == 0) and (Pos1 /= 0) ->
+		    print_style_error(Fd,StyleSheet,missing_style_start_tag);
+	       (Pos0 /= 0) and (Pos1 == 0) ->
+		    print_style_error(Fd,StyleSheet,missing_style_end_tag);
+	       Pos0 /= 0 ->
+		    Style = string:sub_string(Str,Pos0,Pos1+7),
+		    io:format(Fd,"~s\n",[Style]);
+	       Pos0 == 0 ->
+		    io:format(Fd,"<style>~s</style>\n",[Str])
 	    end;
 	{error,Reason} ->
 	    print_style_error(Fd,StyleSheet,Reason)  
@@ -701,7 +774,7 @@ print_style_error(Fd,StyleSheet,Reason) ->
     print_style(Fd,undefined).    
 
 close_ctlog(Fd) ->
-    io:format(Fd,"</pre>",[]),
+    io:format(Fd,"\n</pre>\n",[]),
     io:format(Fd,footer(),[]),
     file:close(Fd).
 
@@ -832,8 +905,8 @@ make_one_index_entry1(SuiteName, Link, Label, Success, Fail, UserSkip, AutoSkip,
 			    CrashDumpName = SuiteName ++ "_erl_crash.dump",
 			    case filelib:is_file(CrashDumpName) of
 				true ->
-				    ["&nbsp;<A HREF=\"", CrashDumpName,
-				     "\">(CrashDump)</A>"];
+				    ["&nbsp;<a href=\"", CrashDumpName,
+				     "\">(CrashDump)</a>"];
 				false ->
 				    ""
 			    end
@@ -847,32 +920,41 @@ make_one_index_entry1(SuiteName, Link, Label, Success, Fail, UserSkip, AutoSkip,
 			    0 -> "-";
 			    _ -> NodeOrDate
 			end,
-		N = ["<TD ALIGN=right><FONT SIZE=-1>",Node1,"</FONT></TD>\n"],
-		L = ["<TD ALIGN=center><FONT SIZE=-1><B>",Label,"</FONT></B></TD>\n"],
-		T = ["<TD><FONT SIZE=-1>",timestamp(CtRunDir),"</FONT></TD>\n"],
+		TS = timestamp(CtRunDir),
+		N = xhtml(["<td align=right><font size=\"-1\">",Node1,
+			   "</font></td>\n"],
+			  ["<td align=right>",Node1,"</td>\n"]),
+		L = xhtml(["<td align=center><font size=\"-1\"><b>",Label,
+			   "</font></b></td>\n"],
+			  ["<td align=center><b>",Label,"</b></td>\n"]),
+		T = xhtml(["<td><font size=\"-1\">",TS,"</font></td>\n"],
+			  ["<td>",TS,"</td>\n"]),
 		CtLogFile = filename:join(CtRunDir,?ct_log_name),
 		OldRunsLink = 
 		    case OldRuns of
 			[] -> "none";
-			_ ->  "<A HREF=\""++?all_runs_name++"\">Old Runs</A>"
+			_ ->  "<a href=\""++?all_runs_name++"\">Old Runs</a>"
 		    end,
-		A=["<TD><FONT SIZE=-1><A HREF=\"",CtLogFile,"\">CT Log</A></FONT></TD>\n",
-		   "<TD><FONT SIZE=-1>",OldRunsLink,"</FONT></TD>\n"],
+		A = xhtml(["<td><font size=\"-1\"><a href=\"",CtLogFile,
+			   "\">CT Log</a></font></td>\n",
+			   "<td><font size=\"-1\">",OldRunsLink,"</font></td>\n"],
+			  ["<td><a href=\"",CtLogFile,"\">CT Log</a></td>\n",
+			   "<td>",OldRunsLink,"</td>\n"]),
 		{L,T,N,A};
 	    false ->
 		{"","","",""}
 	end,
     NotBuiltStr =
 	if NotBuilt == 0 ->
-		["<TD ALIGN=right>",integer_to_list(NotBuilt),"</TD>\n"];
+		["<td align=right>",integer_to_list(NotBuilt),"</td>\n"];
 	   true ->
-		["<TD ALIGN=right><A HREF=\"",filename:join(CtRunDir,?ct_log_name),"\">",
-		integer_to_list(NotBuilt),"</A></TD>\n"]
+		["<td align=right><a href=\"",filename:join(CtRunDir,?ct_log_name),"\">",
+		integer_to_list(NotBuilt),"</a></td>\n"]
 	end,
     FailStr =
 	if Fail > 0 ->  
-		["<FONT color=\"red\">",
-		 integer_to_list(Fail),"</FONT>"];
+		["<font color=\"red\">",
+		 integer_to_list(Fail),"</font>"];
 	   true ->
 		integer_to_list(Fail)
 	end,
@@ -880,31 +962,33 @@ make_one_index_entry1(SuiteName, Link, Label, Success, Fail, UserSkip, AutoSkip,
 	if AutoSkip == undefined -> {UserSkip,"?","?"};
 	   true ->
 		ASStr = if AutoSkip > 0 ->
-				["<FONT color=\"brown\">",
-				 integer_to_list(AutoSkip),"</FONT>"];
+				["<font color=\"brown\">",
+				 integer_to_list(AutoSkip),"</font>"];
 			   true -> integer_to_list(AutoSkip)
 			end,
 		{UserSkip+AutoSkip,integer_to_list(UserSkip),ASStr}
 	end,
-    ["<TR valign=top>\n",
-     "<TD><FONT SIZE=-1><A HREF=\"",LogFile,"\">",SuiteName,"</A>",CrashDumpLink,"</FONT></TD>\n",
-     Lbl,
-     Timestamp,
-     "<TD ALIGN=right>",integer_to_list(Success),"</TD>\n",
-     "<TD ALIGN=right>",FailStr,"</TD>\n",
-     "<TD ALIGN=right>",integer_to_list(AllSkip),
-     " (",UserSkipStr,"/",AutoSkipStr,")</TD>\n",  
-     NotBuiltStr,
-     Node,
-     AllInfo,
-     "</TR>\n"].
+    [xhtml("<tr valign=top>\n",
+	   ["<tr class=\"",odd_or_even(),"\">\n"]),
+     xhtml("<td><font size=\"-1\"><a href=\"", "<td><a href=\""),
+     LogFile,"\">",SuiteName,"</a>", CrashDumpLink,
+     xhtml("</font></td>\n", "</td>\n"),
+     Lbl, Timestamp,
+     "<td align=right>",integer_to_list(Success),"</td>\n",
+     "<td align=right>",FailStr,"</td>\n",
+     "<td align=right>",integer_to_list(AllSkip),
+     " (",UserSkipStr,"/",AutoSkipStr,")</td>\n",  
+     NotBuiltStr, Node, AllInfo, "</tr>\n"].
+
 total_row(Success, Fail, UserSkip, AutoSkip, NotBuilt, All) ->
     {Label,TimestampCell,AllInfo} =
 	case All of
 	    true ->
-		{"<TD>&nbsp;</TD>\n",
-		 "<TD>&nbsp;</TD>\n",
-		 "<TD>&nbsp;</TD>\n<TD>&nbsp;</TD>\n"};
+		{"<td>&nbsp;</td>\n",
+		 "<td>&nbsp;</td>\n",
+		 "<td>&nbsp;</td>\n"
+		 "<td>&nbsp;</td>\n"
+		 "<td>&nbsp;</td>\n"};
 	    false ->
 		{"","",""}
 	end,
@@ -914,17 +998,15 @@ total_row(Success, Fail, UserSkip, AutoSkip, NotBuilt, All) ->
 	   true -> {UserSkip+AutoSkip,
 		    integer_to_list(UserSkip),integer_to_list(AutoSkip)}
 	end,
-    ["<TR valign=top>\n",
-     "<TD><B>Total</B></TD>",
-     Label,
-     TimestampCell,
-     "<TD ALIGN=right><B>",integer_to_list(Success),"<B></TD>\n",
-     "<TD ALIGN=right><B>",integer_to_list(Fail),"<B></TD>\n",
-     "<TD ALIGN=right>",integer_to_list(AllSkip),
-     " (",UserSkipStr,"/",AutoSkipStr,")</TD>\n",  
-     "<TD ALIGN=right><B>",integer_to_list(NotBuilt),"<B></TD>\n",
-     AllInfo,
-     "</TR>\n"].
+    [xhtml("<tr valign=top>\n", 
+	   ["<tr class=\"",odd_or_even(),"\">\n"]),
+     "<td><b>Total</b></td>\n", Label, TimestampCell,
+     "<td align=right><b>",integer_to_list(Success),"<b></td>\n",
+     "<td align=right><b>",integer_to_list(Fail),"<b></td>\n",
+     "<td align=right>",integer_to_list(AllSkip),
+     " (",UserSkipStr,"/",AutoSkipStr,")</td>\n",  
+     "<td align=right><b>",integer_to_list(NotBuilt),"<b></td>\n",
+     AllInfo, "</tr>\n"].
 
 not_built(_BaseName,_LogDir,_All,[]) ->
     0;
@@ -983,41 +1065,52 @@ index_header(Label, StartTime) ->
 	    undefined ->
 		header("Test Results", format_time(StartTime));
 	    _ ->
-		header("Test Results for \"" ++ Label ++ "\"",
+		header("Test Results for '" ++ Label ++ "'",
 		       format_time(StartTime))
 	end,
     [Head |
-     ["<CENTER>\n",
-      "<P><A HREF=\"",?ct_log_name,"\">Common Test Framework Log</A></P>",
-      "<TABLE border=\"3\" cellpadding=\"5\" "
-      "BGCOLOR=\"",?table_color3,"\">\n"
-      "<th><B>Test Name</B></th>\n",
-            "<th><font color=\"",?table_color3,"\">_</font>Ok"
-          "<font color=\"",?table_color3,"\">_</font></th>\n"
+     ["<center>\n",
+      xhtml(["<p><a href=\"",?ct_log_name,
+	     "\">Common Test Framework Log</a></p>"],
+	    ["<br />"
+	     "<div id=\"button_holder\" class=\"btn\">\n"
+	     "<a href=\"",?ct_log_name,
+	     "\">COMMON TEST FRAMEWORK LOG</a>\n</div>"]),
+      xhtml("<br>\n", "<br /><br /><br />\n"),
+      xhtml(["<table border=\"3\" cellpadding=\"5\" "
+	     "bgcolor=\"",?table_color3,"\">\n"], "<table>\n"),
+      "<th><b>Test Name</b></th>\n",
+      xhtml(["<th><font color=\"",?table_color3,"\">_</font>Ok"
+	     "<font color=\"",?table_color3,"\">_</font></th>\n"],
+	    "<th>Ok</th>\n"),
       "<th>Failed</th>\n",
-      "<th>Skipped<br>(User/Auto)</th>\n"
-      "<th>Missing<br>Suites</th>\n"
+      "<th>Skipped", xhtml("<br>", "<br />"), "(User/Auto)</th>\n"
+      "<th>Missing", xhtml("<br>", "<br />"), "Suites</th>\n"
       "\n"]].
 
-
 all_suites_index_header() ->
     {ok,Cwd} = file:get_cwd(),
     all_suites_index_header(Cwd).
 
 all_suites_index_header(IndexDir) ->
     LogDir = filename:basename(IndexDir),
-    AllRuns = "All test runs in \"" ++ LogDir ++ "\"",
+    AllRuns = xhtml(["All test runs in \"" ++ LogDir ++ "\""],
+		    "ALL RUNS"),
+    AllRunsLink = xhtml(["<a href=\"",?all_runs_name,"\">",AllRuns,"</a>\n"],
+			["<div id=\"button_holder\" class=\"btn\">\n"
+			 "<a href=\"",?all_runs_name,"\">",AllRuns,"</a>\n</div>"]),
     [header("Test Results") | 
-     ["<CENTER>\n",
-      "<A HREF=\"",?all_runs_name,"\">",AllRuns,"</A>\n",
-      "<br><br>\n",
-      "<TABLE border=\"3\" cellpadding=\"5\" "
-      "BGCOLOR=\"",?table_color2,"\">\n"
+     ["<center>\n",
+      AllRunsLink,
+      xhtml("<br><br>\n", "<br /><br />\n"),
+      xhtml(["<table border=\"3\" cellpadding=\"5\" "
+	     "bgcolor=\"",?table_color2,"\">\n"], "<table>\n"),
       "<th>Test Name</th>\n",
       "<th>Label</th>\n",
       "<th>Test Run Started</th>\n",
-      "<th><font color=\"",?table_color2,"\">_</font>Ok"
-          "<font color=\"",?table_color2,"\">_</font></th>\n"
+      xhtml(["<th><font color=\"",?table_color2,"\">_</font>Ok"
+	     "<font color=\"",?table_color2,"\">_</font></th>\n"],
+	    "<th>Ok</th>\n"),
       "<th>Failed</th>\n",
       "<th>Skipped<br>(User/Auto)</th>\n"
       "<th>Missing<br>Suites</th>\n"
@@ -1030,17 +1123,25 @@ all_runs_header() ->
     {ok,Cwd} = file:get_cwd(),
     LogDir = filename:basename(Cwd),
     Title = "All test runs in \"" ++ LogDir ++ "\"",
+    IxLink = [xhtml(["<p><a href=\"",?index_name,
+		     "\">Test Index Page</a></p>"],
+		    ["<div id=\"button_holder\" class=\"btn\">\n"
+		     "<a href=\"",?index_name,
+		     "\">TEST INDEX PAGE</a>\n</div>"]),
+	      xhtml("<br>\n", "<br /><br />\n")],
     [header(Title) |
-     ["<CENTER><TABLE border=\"3\" cellpadding=\"5\" "
-      "BGCOLOR=\"",?table_color1,"\">\n"
-      "<th><B>History</B></th>\n"
-      "<th><B>Node</B></th>\n"
-      "<th><B>Label</B></th>\n"
+     ["<center>\n", IxLink,
+      xhtml(["<table border=\"3\" cellpadding=\"5\" "
+	     "bgcolor=\"",?table_color1,"\">\n"], "<table>\n"),
+      "<th><b>History</b></th>\n"
+      "<th><b>Node</b></th>\n"
+      "<th><b>Label</b></th>\n"
       "<th>Tests</th>\n"
-      "<th><B>Test Names</B></th>\n"
-      "<th>Total</th>\n"
-      "<th><font color=\"",?table_color1,"\">_</font>Ok"
-          "<font color=\"",?table_color1,"\">_</font></th>\n"
+      "<th><b>Test Names</b></th>\n"
+      "<th>Total</th>\n",
+      xhtml(["<th><font color=\"",?table_color1,"\">_</font>Ok"
+	     "<font color=\"",?table_color1,"\">_</font></th>\n"],
+	    "<th>Ok</th>\n"),
       "<th>Failed</th>\n"
       "<th>Skipped<br>(User/Auto)</th>\n"
       "<th>Missing<br>Suites</th>\n"
@@ -1053,60 +1154,56 @@ header(Title, SubTitle) ->
 
 header1(Title, SubTitle) ->
     SubTitleHTML = if SubTitle =/= "" ->
-			   ["<CENTER>\n",
-			    "<H2>" ++ SubTitle ++ "</H2>\n",
-			    "</CENTER>\n<BR>\n"];
-		      true -> "<BR>\n"
+			   ["<center>\n",
+			    "<h3>" ++ SubTitle ++ "</h3>\n",
+			    xhtml("</center>\n<br>\n", "</center>\n<br />\n")];
+		      true -> xhtml("<br>\n", "<br />\n")
 		   end,
-    ["<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n"
-     "<!-- autogenerated by '"++atom_to_list(?MODULE)++"'. -->\n"
-     "<HTML>\n",
-     "<HEAD>\n",
-
-     "<TITLE>" ++ Title ++ " " ++ SubTitle ++ "</TITLE>\n",
-     "<META HTTP-EQUIV=\"CACHE-CONTROL\" CONTENT=\"NO-CACHE\">\n",
-
-     "</HEAD>\n",
-
-     body_tag(),
-
-     "<!-- ---- DOCUMENT TITLE  ---- -->\n",
-
-     "<CENTER>\n",
-     "<H1>" ++ Title ++ "</H1>\n",
-     "</CENTER>\n",
-     SubTitleHTML,
-
-     "<!-- ---- CONTENT ---- -->\n"].
+    CSSFile = xhtml(fun() -> "" end, 
+		    fun() -> make_relative(locate_default_css_file()) end),
+    [xhtml(["<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n",
+	    "<html>\n"],
+	   ["<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n",
+	    "\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n",
+	    "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n"]),
+    "<!-- autogenerated by '"++atom_to_list(?MODULE)++"' -->\n",
+    "<head>\n",
+    "<title>" ++ Title ++ " " ++ SubTitle ++ "</title>\n",
+    "<meta http-equiv=\"cache-control\" content=\"no-cache\">\n",
+    xhtml("",
+	  ["<link rel=\"stylesheet\" href=\"",CSSFile,"\" type=\"text/css\">"]),
+    "</head>\n",
+    body_tag(),
+    "<center>\n",
+    "<h1>" ++ Title ++ "</h1>\n",
+    "</center>\n",
+    SubTitleHTML,"\n"].
 
 index_footer() ->
-    ["</TABLE>\n"
-     "</CENTER>\n" | footer()].
+    ["</table>\n"
+     "</center>\n" | footer()].
 
 footer() ->
-     ["<P><CENTER>\n"
-      "<BR><BR>\n"
-      "<HR>\n"
-      "<P><FONT SIZE=-1>\n"
+     ["<center>\n",
+      xhtml("<br><br>\n<hr>\n", "<br /><br />\n"),
+      xhtml("<p><font size=\"-1\">\n", "<div class=\"copyright\">"),
       "Copyright &copy; ", year(),
-      " <A HREF=\"http://erlang.ericsson.se\">Open Telecom Platform</A><BR>\n"
-      "Updated: <!date>", current_time(), "<!/date><BR>\n"
-      "</FONT>\n"
-      "</CENTER>\n"
+      " <a href=\"http://www.erlang.org\">Open Telecom Platform</a>",
+      xhtml("<br>\n", "<br />\n"),
+      "Updated: <!date>", current_time(), "<!/date>",
+      xhtml("<br>\n", "<br />\n"),
+      xhtml("</font></p>\n", "</div>\n"),
+      "</center>\n"
       "</body>\n"].
 
 
 body_tag() ->
-    case basic_html() of
-	true ->
-	    "<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\" "
-		"vlink=\"#800080\" alink=\"#FF0000\">\n";
-	false ->
-	    CTPath = code:lib_dir(common_test),
-	    TileFile = filename:join(filename:join(CTPath,"priv"),"tile1.jpg"),
-	    "<body background=\"" ++ TileFile ++ "\" bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\" "
-		"vlink=\"#800080\" alink=\"#FF0000\">\n"
-    end.
+    CTPath = code:lib_dir(common_test),
+    TileFile = filename:join(filename:join(CTPath,"priv"),"tile1.jpg"),
+    xhtml("<body background=\"" ++ TileFile ++
+	      "\" bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\" "
+	  "vlink=\"#800080\" alink=\"#FF0000\">\n",
+	  "<body>\n").
 
 current_time() ->
     format_time(calendar:local_time()).
@@ -1236,20 +1333,25 @@ config_table(Vars) ->
     [config_table_header()|config_table1(Vars)].
 
 config_table_header() ->
-    ["<h2>Configuration</h2>\n",
-     "<table border=\"3\" cellpadding=\"5\" bgcolor=\"",?table_color1,
-     "\"\n",
+    [
+     xhtml(["<h2>Configuration</h2>\n"
+	    "<table border=\"3\" cellpadding=\"5\" bgcolor=\"",?table_color1,"\"\n"],
+	   "<h4>CONFIGURATION</h4>\n<table>\n"),
      "<tr><th>Key</th><th>Value</th></tr>\n"].
 
 config_table1([{Key,Value}|Vars]) ->
-    ["<tr><td>", atom_to_list(Key), "</td>\n",
-     "<td><pre>",io_lib:format("~p",[Value]),"</pre></td></tr>\n" | 
+    [xhtml(["<tr><td>", atom_to_list(Key), "</td>\n",
+	   "<td><pre>",io_lib:format("~p",[Value]),"</pre></td></tr>\n"],
+	   ["<tr class=\"", odd_or_even(), "\">\n",
+	    "<td>", atom_to_list(Key), "</td>\n",
+	    "<td>", io_lib:format("~p",[Value]), "</td>\n</tr>\n"]) | 
      config_table1(Vars)];
 config_table1([]) ->
     ["</table>\n"].
 
 
 make_all_runs_index(When) ->
+    put(basic_html, basic_html()),
     AbsName = ?abs(?all_runs_name),
     notify_and_lock_file(AbsName),
     if When == start -> ok;
@@ -1258,8 +1360,7 @@ make_all_runs_index(When) ->
     Dirs = filelib:wildcard(logdir_prefix()++"*.*"),
     DirsSorted = (catch sort_all_runs(Dirs)),
     Header = all_runs_header(),
-    BasicHtml = basic_html(),
-    Index = [runentry(Dir, BasicHtml) || Dir <- DirsSorted],
+    Index = [runentry(Dir) || Dir <- DirsSorted],
     Result = file:write_file(AbsName,Header++Index++index_footer()),
     if When == start -> ok;
        true -> io:put_chars("done\n")
@@ -1287,22 +1388,22 @@ sort_all_runs(Dirs) ->
 interactive_link() ->
     [Dir|_] = lists:reverse(filelib:wildcard(logdir_prefix()++"*.*")),
     CtLog = filename:join(Dir,"ctlog.html"),
-    Body = ["Log from last interactive run: <A HREF=\"",CtLog,"\">",
-	    timestamp(Dir),"</A>"],
+    Body = ["Log from last interactive run: <a href=\"",CtLog,"\">",
+	    timestamp(Dir),"</a>"],
     file:write_file("last_interactive.html",Body),
     io:format("~n~nUpdated ~s\n"
 	      "Any CT activities will be logged here\n",
 	      [?abs("last_interactive.html")]).
 
-runentry(Dir, BasicHtml) ->
+runentry(Dir) ->
     TotalsFile = filename:join(Dir,?totals_name),
     TotalsStr =
 	case read_totals_file(TotalsFile) of
 	    {Node,Label,Logs,{TotSucc,TotFail,UserSkip,AutoSkip,NotBuilt}} ->
 		TotFailStr =
 		    if TotFail > 0 ->  
-			    ["<FONT color=\"red\">",
-			     integer_to_list(TotFail),"</FONT>"];
+			    ["<font color=\"red\">",
+			     integer_to_list(TotFail),"</font>"];
 		       true ->
 			    integer_to_list(TotFail)
 		    end,
@@ -1310,8 +1411,8 @@ runentry(Dir, BasicHtml) ->
 		    if AutoSkip == undefined -> {UserSkip,"?","?"};
 		       true ->
 			    ASStr = if AutoSkip > 0 ->
-					    ["<FONT color=\"brown\">",
-					     integer_to_list(AutoSkip),"</FONT>"];
+					    ["<font color=\"brown\">",
+					     integer_to_list(AutoSkip),"</font>"];
 				       true -> integer_to_list(AutoSkip)
 				    end,
 			    {UserSkip+AutoSkip,integer_to_list(UserSkip),ASStr}
@@ -1343,30 +1444,49 @@ runentry(Dir, BasicHtml) ->
 			    lists:flatten(io_lib:format("~s...",[Trunc]))
 		    end,
 		Total = TotSucc+TotFail+AllSkip,
-		A = ["<TD ALIGN=center><FONT SIZE=-1>",Node,"</FONT></TD>\n",
-		     "<TD ALIGN=center><FONT SIZE=-1><B>",Label,"</B></FONT></TD>\n",
-		     "<TD ALIGN=right>",NoOfTests,"</TD>\n"],
-		B = if BasicHtml ->
-			    ["<TD ALIGN=center><FONT SIZE=-1>",TestNamesTrunc,"</FONT></TD>\n"];
-		       true ->		     
-			    ["<TD ALIGN=center TITLE='",TestNames,"'><FONT SIZE=-1> ",
-			     TestNamesTrunc,"</FONT></TD>\n"]
-		    end,
-		C = ["<TD ALIGN=right>",integer_to_list(Total),"</TD>\n",
-		     "<TD ALIGN=right>",integer_to_list(TotSucc),"</TD>\n",
-		     "<TD ALIGN=right>",TotFailStr,"</TD>\n",
-		     "<TD ALIGN=right>",integer_to_list(AllSkip),
-		     " (",UserSkipStr,"/",AutoSkipStr,")</TD>\n",
-		     "<TD ALIGN=right>",integer_to_list(NotBuilt),"</TD>\n"],
+		A = xhtml(["<td align=center><font size=\"-1\">",Node,
+			   "</font></td>\n",
+			   "<td align=center><font size=\"-1\"><b>",Label,
+			   "</b></font></td>\n",
+			   "<td align=right>",NoOfTests,"</td>\n"],
+			  ["<td align=center>",Node,"</td>\n",
+			   "<td align=center><b>",Label,"</b></td>\n",
+			   "<td align=right>",NoOfTests,"</td>\n"]),
+		B = xhtml(["<td align=center title='",TestNames,"'><font size=\"-1\"> ",
+			   TestNamesTrunc,"</font></td>\n"],
+			  ["<td align=center title='",TestNames,"'> ",
+			   TestNamesTrunc,"</td>\n"]),
+		C = ["<td align=right>",integer_to_list(Total),"</td>\n",
+		     "<td align=right>",integer_to_list(TotSucc),"</td>\n",
+		     "<td align=right>",TotFailStr,"</td>\n",
+		     "<td align=right>",integer_to_list(AllSkip),
+		     " (",UserSkipStr,"/",AutoSkipStr,")</td>\n",
+		     "<td align=right>",integer_to_list(NotBuilt),"</td>\n"],
 		A++B++C;
 	    _ ->
-		["<TD ALIGN=center><FONT size=-1 color=\"red\">",
-		 "Test data missing or corrupt","</FONT></TD>\n"]
+		A = xhtml(["<td align=center><font size=\"-1\" color=\"red\">"
+			   "Test data missing or corrupt</font></td>\n",
+			   "<td align=center><font size=\"-1\">?</font></td>\n",
+			   "<td align=right>?</td>\n"],
+			  ["<td align=center><font color=\"red\">"
+			   "Test data missing or corrupt</font></td>\n",
+			   "<td align=center>?</td>\n",
+			   "<td align=right>?</td>\n"]),
+		B = xhtml(["<td align=center><font size=\"-1\">?</font></td>\n"],
+			  ["<td align=center>?</td>\n"]),
+		C = ["<td align=right>?</td>\n",
+		     "<td align=right>?</td>\n",
+		     "<td align=right>?</td>\n",
+		     "<td align=right>?</td>\n",
+		     "<td align=right>?</td>\n"],
+		A++B++C
 	end,	    
     Index = filename:join(Dir,?index_name),
-    ["<TR>\n"
-     "<TD><FONT SIZE=-1><A HREF=\"",Index,"\">",timestamp(Dir),"</A>",TotalsStr,"</FONT></TD>\n"
-     "</TR>\n"].
+    [xhtml("<tr>\n", ["<tr class=\"",odd_or_even(),"\">\n"]),
+     xhtml(["<td><font size=\"-1\"><a href=\"",Index,"\">",timestamp(Dir),"</a>",
+	    TotalsStr,"</font></td>\n"],
+	   ["<td><a href=\"",Index,"\">",timestamp(Dir),"</a>",TotalsStr,"</td>\n"]),
+     "</tr>\n"].
 
 write_totals_file(Name,Label,Logs,Totals) ->
     AbsName = ?abs(Name),
@@ -1460,6 +1580,7 @@ timestamp(Dir) ->
 %% Creates the top level index file. When == start | refresh.
 %% A copy of the dir tree under logdir is cached as a result.
 make_all_suites_index(When) when is_atom(When) ->
+    put(basic_html, basic_html()),
     AbsIndexName = ?abs(?index_name),
     notify_and_lock_file(AbsIndexName),
     LogDirs = filelib:wildcard(logdir_prefix()++".*/*"++?logdir_ext),
@@ -1471,6 +1592,7 @@ make_all_suites_index(When) when is_atom(When) ->
 %% This updates the top level index file using cached data from
 %% the initial index file creation.
 make_all_suites_index(NewTestData = {_TestName,DirName}) ->
+    put(basic_html, basic_html()),
     %% AllLogDirs = [{TestName,Label,Missing,{LastLogDir,Summary},OldDirs}|...]
     {AbsIndexName,LogDirData} = ct_util:get_testdata(test_index),
 
@@ -1828,6 +1950,38 @@ last_test([], Latest) ->
     Latest.
 
 %%%-----------------------------------------------------------------
+%%% @spec xhtml(HTML, XHTML) -> HTML | XHTML
+%%%
+%%% @doc
+%%%
+xhtml(HTML, XHTML) when is_function(HTML),
+			is_function(XHTML) ->
+    case get(basic_html) of
+	true -> HTML();
+	_    -> XHTML()
+    end;
+xhtml(HTML, XHTML) ->
+    case get(basic_html) of
+	true -> HTML;
+	_    -> XHTML
+    end.
+
+%%%-----------------------------------------------------------------
+%%% @spec odd_or_even() -> "odd" | "even"
+%%%
+%%% @doc
+%%%
+odd_or_even() ->
+    case get(odd_or_even) of
+	even ->
+	    put(odd_or_even, odd),
+	    "even";
+	_ ->
+	    put(odd_or_even, even),
+	    "odd"
+    end.
+
+%%%-----------------------------------------------------------------
 %%% @spec basic_html() -> true | false
 %%%
 %%% @doc
@@ -1839,3 +1993,149 @@ basic_html() ->
 	_ ->
 	    false
     end.
+
+%%%-----------------------------------------------------------------
+%%% @spec locate_default_css_file() -> CSSFile
+%%%
+%%% @doc
+%%%
+locate_default_css_file() ->
+    {ok,CWD} = file:get_cwd(),
+    CSSFileInCwd = filename:join(CWD, ?css_default),
+    case filelib:is_file(CSSFileInCwd) of
+	true ->
+	    CSSFileInCwd;
+	false ->
+	    CSSResultFile =
+		case {whereis(?MODULE),self()} of
+		    {Self,Self} ->
+			%% executed on the ct_logs process
+			filename:join(get(ct_run_dir), ?css_default);
+		    _ ->			
+			%% executed on other process than ct_logs
+			{ok,RunDir} = get_log_dir(true),
+			filename:join(RunDir, ?css_default)
+		end,
+	    case filelib:is_file(CSSResultFile) of
+		true ->
+		    CSSResultFile;
+		false ->
+		    %% last resort, try use css file in CT installation
+		    CTPath = code:lib_dir(common_test),		
+		    filename:join(filename:join(CTPath, "priv"), ?css_default)
+	    end
+    end.
+
+%%%-----------------------------------------------------------------
+%%% @spec make_relative(AbsDir, Cwd) -> RelDir
+%%%
+%%% @doc Return directory path to File (last element of AbsDir), which
+%%%      is the path relative to Cwd. Examples when Cwd == "/ldisk/test/logs":
+%%%      make_relative("/ldisk/test/logs/run/trace.log") -> "run/trace.log"
+%%%      make_relative("/ldisk/test/trace.log") -> "../trace.log"
+%%%      make_relative("/ldisk/test/logs/trace.log") -> "trace.log"
+make_relative(AbsDir) ->
+    {ok,Cwd} = file:get_cwd(),
+    make_relative(AbsDir, Cwd).
+
+make_relative(AbsDir, Cwd) ->
+    DirTokens = filename:split(AbsDir),
+    CwdTokens = filename:split(Cwd),
+    filename:join(make_relative1(DirTokens, CwdTokens)).
+
+make_relative1([T | DirTs], [T | CwdTs]) ->
+    make_relative1(DirTs, CwdTs);
+make_relative1(Last = [_File], []) ->
+    Last;
+make_relative1(Last = [_File], CwdTs) ->
+    Ups = ["../" || _ <- CwdTs],
+    Ups ++ Last;
+make_relative1(DirTs, []) ->
+    DirTs;
+make_relative1(DirTs, CwdTs) ->
+    Ups = ["../" || _ <- CwdTs],
+    Ups ++ DirTs.
+
+%%%-----------------------------------------------------------------
+%%% @spec get_ts_html_wrapper(TestName, PrintLabel, Cwd) -> {Mode,Header,Footer}
+%%%
+%%% @doc
+%%%
+get_ts_html_wrapper(TestName, PrintLabel, Cwd) ->
+    TestName1 = if is_list(TestName) ->
+			lists:flatten(TestName);
+		   true ->
+			lists:flatten(io_lib:format("~p", [TestName]))
+		end,
+    Basic = basic_html(),
+    LabelStr =
+	if not PrintLabel ->
+		"";
+	   true ->
+		case {Basic,application:get_env(common_test, test_label)} of
+		    {true,{ok,Lbl}} when Lbl =/= undefined ->
+			"<h1><font color=\"green\">" ++ Lbl ++ "</font></h1>\n";
+		    {_,{ok,Lbl}} when Lbl =/= undefined ->
+			"<div class=\"label\">'" ++ Lbl ++ "'</div>\n";
+		    _ ->
+			""
+		end
+	end,
+    CTPath = code:lib_dir(common_test),
+    {ok,CtLogdir} = get_log_dir(true),
+    AllRuns = make_relative(filename:join(filename:dirname(CtLogdir),
+					  ?all_runs_name), Cwd),
+    TestIndex = make_relative(filename:join(filename:dirname(CtLogdir),
+					    ?index_name), Cwd),
+    case Basic of
+	true ->
+	    TileFile = filename:join(filename:join(CTPath,"priv"),"tile1.jpg"),
+	    Bgr = " background=\"" ++ TileFile ++ "\"",
+	    Copyright =
+		     ["<p><font size=\"-1\">\n",
+		      "Copyright &copy; ", year(),
+		      " <a href=\"http://www.erlang.org\">",
+		      "Open Telecom Platform</a><br>\n",
+		      "Updated: <!date>", current_time(), "<!/date>",
+		      "<br>\n</font></p>\n"],
+	    {basic_html,
+	     ["<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n",
+	      "<html>\n",
+	      "<head><title>", TestName1, "</title>\n",
+	      "<meta http-equiv=\"cache-control\" content=\"no-cache\">\n",
+	      "</head>\n",
+	      "<body", Bgr, " bgcolor=\"white\" text=\"black\" ",
+	      "link=\"blue\" vlink=\"purple\" alink=\"red\">\n",
+	      LabelStr, "\n"],
+	     ["<center>\n<br><hr><p>\n",
+	      "<a href=\"", AllRuns,
+	      "\">Test run history\n</a>  |  ",
+	      "<a href=\"", TestIndex,
+	      "\">Top level test index\n</a>\n</p>\n",
+	      Copyright,"</center>\n</body>\n</html>\n"]};
+	_ ->
+	    Copyright = 
+		["<div class=\"copyright\">",
+		 "Copyright &copy; ", year(),
+		 " <a href=\"http://www.erlang.org\">",
+		 "Open Telecom Platform</a><br />\n",
+		 "Updated: <!date>", current_time(), "<!/date>",
+		 "<br />\n</div>\n"],
+	    CSSFile = xhtml(fun() -> "" end, 
+			    fun() -> make_relative(locate_default_css_file(), Cwd) end),
+	    {xhtml,
+	     ["<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n",
+	      "\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n",
+	      "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n",
+	      "<head>\n<title>", TestName1, "</title>\n",
+	      "<meta http-equiv=\"cache-control\" content=\"no-cache\">\n",
+	      "<link rel=\"stylesheet\" href=\"", CSSFile, "\" type=\"text/css\">",
+	      "</head>\n","<body>\n", 
+	      LabelStr, "\n"],
+	     ["<center>\n<br /><hr /><p>\n",
+	      "<a href=\"", AllRuns,
+	      "\">Test run history\n</a>  |  ",
+	      "<a href=\"", TestIndex,
+	      "\">Top level test index\n</a>\n</p>\n",
+	      Copyright,"</center>\n</body>\n</html>\n"]}
+    end.
diff --git a/lib/common_test/src/ct_make.erl b/lib/common_test/src/ct_make.erl
index 40e9e99f37..8ddb91d355 100644
--- a/lib/common_test/src/ct_make.erl
+++ b/lib/common_test/src/ct_make.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_run.erl b/lib/common_test/src/ct_run.erl
index 26ca4f3cb4..05b10bca32 100644
--- a/lib/common_test/src/ct_run.erl
+++ b/lib/common_test/src/ct_run.erl
@@ -57,6 +57,7 @@
 	       config = [],
 	       event_handlers = [],
 	       ct_hooks = [],
+	       enable_builtin_hooks = true,
 	       include = [],
 	       silent_connections,
 	       stylesheet,
@@ -179,6 +180,10 @@ script_start1(Parent, Args) ->
 			    end, false, Args),
     EvHandlers = event_handler_args2opts(Args),
     CTHooks = ct_hooks_args2opts(Args),
+    EnableBuiltinHooks = get_start_opt(enable_builtin_hooks,
+				       fun([CT]) -> list_to_atom(CT);
+					  ([]) -> true
+				       end, true, Args),
 
     %% check flags and set corresponding application env variables
 
@@ -245,6 +250,7 @@ script_start1(Parent, Args) ->
 		     logdir = LogDir, logopts = LogOpts,
 		     event_handlers = EvHandlers,
 		     ct_hooks = CTHooks,
+		     enable_builtin_hooks = EnableBuiltinHooks,
 		     include = IncludeDirs,
 		     silent_connections = SilentConns,
 		     stylesheet = Stylesheet,
@@ -325,6 +331,11 @@ script_start2(StartOpts = #opts{vts = undefined,
 			AllCTHooks = merge_vals(
 					[StartOpts#opts.ct_hooks,
 					 SpecStartOpts#opts.ct_hooks]),
+
+			EnableBuiltinHooks =
+			    choose_val(
+			      StartOpts#opts.enable_builtin_hooks,
+			      SpecStartOpts#opts.enable_builtin_hooks),
 			
 			AllInclude = merge_vals([StartOpts#opts.include,
 						 SpecStartOpts#opts.include]),
@@ -339,6 +350,8 @@ script_start2(StartOpts = #opts{vts = undefined,
 					   config = SpecStartOpts#opts.config,
 					   event_handlers = AllEvHs,
 					   ct_hooks = AllCTHooks,
+					   enable_builtin_hooks =
+					       EnableBuiltinHooks,
 					   include = AllInclude,
 					   multiply_timetraps = MultTT,
 					   scale_timetraps = ScaleTT}}
@@ -355,9 +368,7 @@ script_start2(StartOpts = #opts{vts = undefined,
 	{[],_} ->
 	    {error,no_testspec_specified};
 	{undefined,_} ->   % no testspec used
-	    case check_and_install_configfiles(InitConfig, TheLogDir,
-					       Opts#opts.event_handlers,
-					       Opts#opts.ct_hooks) of
+	    case check_and_install_configfiles(InitConfig, TheLogDir, Opts) of
 		ok ->      % go on read tests from start flags
 		    script_start3(Opts#opts{config=InitConfig,
 					    logdir=TheLogDir}, Args);
@@ -367,9 +378,7 @@ script_start2(StartOpts = #opts{vts = undefined,
 	{_,_} ->           % testspec used
 	    %% merge config from start flags with config from testspec
 	    AllConfig = merge_vals([InitConfig, Opts#opts.config]),
-	    case check_and_install_configfiles(AllConfig, TheLogDir,
-					       Opts#opts.event_handlers,
-					       Opts#opts.ct_hooks) of
+	    case check_and_install_configfiles(AllConfig, TheLogDir, Opts) of
 		ok ->      % read tests from spec
 		    {Run,Skip} = ct_testspec:prepare_tests(Terms, node()),
 		    do_run(Run, Skip, Opts#opts{config=AllConfig,
@@ -383,9 +392,7 @@ script_start2(StartOpts, Args) ->
     %% read config/userconfig from start flags
     InitConfig = ct_config:prepare_config_list(Args),
     LogDir = which(logdir, StartOpts#opts.logdir),
-    case check_and_install_configfiles(InitConfig, LogDir,
-				       StartOpts#opts.event_handlers,
-				       StartOpts#opts.ct_hooks) of
+    case check_and_install_configfiles(InitConfig, LogDir, StartOpts) of
 	ok ->      % go on read tests from start flags
 	    script_start3(StartOpts#opts{config=InitConfig,
 					 logdir=LogDir}, Args);
@@ -393,12 +400,17 @@ script_start2(StartOpts, Args) ->
 	    Error
     end.
 
-check_and_install_configfiles(Configs, LogDir, EvHandlers, CTHooks) ->
+check_and_install_configfiles(
+  Configs, LogDir, #opts{
+	     event_handlers = EvHandlers,
+	     ct_hooks = CTHooks,
+	     enable_builtin_hooks = EnableBuiltinHooks} ) ->
     case ct_config:check_config_files(Configs) of
 	false ->
 	    install([{config,Configs},
 		     {event_handler,EvHandlers},
-		     {ct_hooks,CTHooks}], LogDir);
+		     {ct_hooks,CTHooks},
+		     {enable_builtin_hooks,EnableBuiltinHooks}], LogDir);
 	{value,{error,{nofile,File}}} ->
 	    {error,{cant_read_config_file,File}};
 	{value,{error,{wrong_config,Message}}}->
@@ -490,23 +502,23 @@ script_start4(#opts{label = Label, profile = Profile,
 		    shell = true, config = Config,
 		    event_handlers = EvHandlers,
 		    ct_hooks = CTHooks,
-		    logdir = LogDir,
 		    logopts = LogOpts,
-		    testspecs = Specs}, _Args) ->
+		    enable_builtin_hooks = EnableBuiltinHooks,
+		    logdir = LogDir, testspecs = Specs}, _Args) ->
     %% label - used by ct_logs
     application:set_env(common_test, test_label, Label),
 
     %% profile - used in ct_util
     application:set_env(common_test, profile, Profile),
 
-    InstallOpts = [{config,Config},{event_handler,EvHandlers},
-		   {ct_hooks, CTHooks}],
     if Config == [] ->
 	    ok;
        true ->
 	    io:format("\nInstalling: ~p\n\n", [Config])
     end,
-    case install(InstallOpts) of
+    case install([{config,Config},{event_handler,EvHandlers},
+		  {ct_hooks, CTHooks},
+		  {enable_builtin_hooks,EnableBuiltinHooks}]) of
 	ok ->
 	    ct_util:start(interactive, LogDir),
 	    ct_util:set_testdata({logopts, LogOpts}),
@@ -747,6 +759,11 @@ run_test2(StartOpts) ->
 
     %% CT Hooks
     CTHooks = get_start_opt(ct_hooks, value, [], StartOpts),
+    EnableBuiltinHooks = get_start_opt(enable_builtin_hooks,
+				       fun(EBH) when EBH == true;
+						     EBH == false ->
+					       EBH
+				       end, true, StartOpts),
 
     %% silent connections
     SilentConns = get_start_opt(silent_connections,
@@ -820,6 +837,7 @@ run_test2(StartOpts) ->
 		 logopts = LogOpts, config = CfgFiles,
 		 event_handlers = EvHandlers,
 		 ct_hooks = CTHooks,
+		 enable_builtin_hooks = EnableBuiltinHooks,
 		 include = Include,
 		 silent_connections = SilentConns,
 		 stylesheet = Stylesheet,
@@ -878,26 +896,29 @@ run_spec_file(Relaxed,
 
 	    AllCTHooks = merge_vals([Opts#opts.ct_hooks,
 				      SpecOpts#opts.ct_hooks]),
+	    EnableBuiltinHooks = choose_val(Opts#opts.enable_builtin_hooks,
+					    SpecOpts#opts.enable_builtin_hooks),
 	    
 	    application:set_env(common_test, include, AllInclude),
 
-	    case check_and_install_configfiles(AllConfig,
-					       which(logdir,LogDir),
-					       AllEvHs,
-					       AllCTHooks) of
+	    Opts1 = Opts#opts{label = Label,
+			      profile = Profile,
+			      cover = Cover,
+			      logdir = which(logdir, LogDir),
+			      logopts = AllLogOpts,
+			      config = AllConfig,
+			      event_handlers = AllEvHs,
+			      include = AllInclude,
+			      testspecs = AbsSpecs,
+			      multiply_timetraps = MultTT,
+			      scale_timetraps = ScaleTT,
+			      ct_hooks = AllCTHooks,
+			      enable_builtin_hooks = EnableBuiltinHooks
+			     },
+
+	    case check_and_install_configfiles(AllConfig,Opts1#opts.logdir,
+					       Opts1) of
 		ok ->
-		    Opts1 = Opts#opts{label = Label,
-				      profile = Profile,
-				      cover = Cover,
-				      logdir = which(logdir, LogDir),
-				      logopts = AllLogOpts,
-				      config = AllConfig,
-				      event_handlers = AllEvHs,
-				      include = AllInclude,
-				      testspecs = AbsSpecs,
-				      multiply_timetraps = MultTT,
-				      scale_timetraps = ScaleTT,
-				      ct_hooks = AllCTHooks},
 		    {Run,Skip} = ct_testspec:prepare_tests(TS, node()),
 		    reformat_result(catch do_run(Run, Skip, Opts1, StartOpts));
 		{error,GCFReason} ->
@@ -906,13 +927,10 @@ run_spec_file(Relaxed,
     end.
 
 run_prepared(Run, Skip, Opts = #opts{logdir = LogDir,
-				     config = CfgFiles,
-				     event_handlers = EvHandlers,
-				     ct_hooks = CTHooks},
+				     config = CfgFiles },
 	     StartOpts) ->
     LogDir1 = which(logdir, LogDir),
-    case check_and_install_configfiles(CfgFiles, LogDir1,
-				       EvHandlers, CTHooks) of
+    case check_and_install_configfiles(CfgFiles, LogDir1, Opts) of
 	ok ->
 	    reformat_result(catch do_run(Run, Skip, Opts#opts{logdir = LogDir1},
 					 StartOpts));
@@ -944,7 +962,8 @@ check_config_file(Callback, File)->
 run_dir(Opts = #opts{logdir = LogDir,
 		     config = CfgFiles,
 		     event_handlers = EvHandlers,
-		     ct_hooks = CTHook }, StartOpts) ->
+		     ct_hooks = CTHook,
+		     enable_builtin_hooks = EnableBuiltinHooks }, StartOpts) ->
     LogDir1 = which(logdir, LogDir),
     Opts1 = Opts#opts{logdir = LogDir1},
     AbsCfgFiles =
@@ -967,7 +986,8 @@ run_dir(Opts = #opts{logdir = LogDir,
 		  end, CfgFiles),
     case install([{config,AbsCfgFiles},
 		  {event_handler,EvHandlers},
-		  {ct_hooks, CTHook}], LogDir1) of
+		  {ct_hooks, CTHook},
+		  {enable_builtin_hooks,EnableBuiltinHooks}], LogDir1) of
 	ok -> ok;
 	{error,IReason} -> exit(IReason)
     end,
@@ -1125,9 +1145,8 @@ run_testspec2(TestSpec) ->
 		end,
 	    application:set_env(common_test, include, AllInclude),
 	    LogDir1 = which(logdir,Opts#opts.logdir),
-	    case check_and_install_configfiles(Opts#opts.config, LogDir1,
-					       Opts#opts.event_handlers,
-					       Opts#opts.ct_hooks) of
+	    case check_and_install_configfiles(
+		   Opts#opts.config, LogDir1, Opts) of
 		ok ->
 		    Opts1 = Opts#opts{testspecs = [],
 				      logdir = LogDir1,
@@ -1148,6 +1167,7 @@ get_data_for_node(#testspec{label = Labels,
 			    userconfig = UsrCfgs,
 			    event_handler = EvHs,
 			    ct_hooks = CTHooks,
+			    enable_builtin_hooks = EnableBuiltinHooks,
 			    include = Incl,
 			    multiply_timetraps = MTs,
 			    scale_timetraps = STs}, Node) ->
@@ -1177,6 +1197,7 @@ get_data_for_node(#testspec{label = Labels,
 	  config = ConfigFiles,
 	  event_handlers = EvHandlers,
 	  ct_hooks = FiltCTHooks,
+	  enable_builtin_hooks = EnableBuiltinHooks,
 	  include = Include,
 	  multiply_timetraps = MT,
 	  scale_timetraps = ST}.
@@ -1639,6 +1660,14 @@ final_tests1([{TestDir,Suite,GrsOrCs}|Tests], Final, Skip, Bad) when
 		     ({skipped,Group,TCs}) ->
 			  [ct_framework:make_conf(TestDir, Suite,
 						  Group, [skipped], TCs)];
+		     ({GrSpec = {Group,_},TCs}) ->
+			  Props = [{override,GrSpec}],
+			  [ct_framework:make_conf(TestDir, Suite,
+						  Group, Props, TCs)];
+		     ({GrSpec = {Group,_,_},TCs}) ->
+			  Props = [{override,GrSpec}],
+			  [ct_framework:make_conf(TestDir, Suite,
+						  Group, Props, TCs)];
 		     ({Group,TCs}) ->
 			  [ct_framework:make_conf(TestDir, Suite,
 						  Group, [], TCs)];
@@ -2254,8 +2283,11 @@ try_get_start_opt(Key, IfExists, IfNotExists, Args) ->
     end.
 
 ct_hooks_args2opts(Args) ->
-    ct_hooks_args2opts(
-      proplists:get_value(ct_hooks, Args, []),[]).
+    lists:foldl(fun({ct_hooks,Hooks}, Acc) ->
+			ct_hooks_args2opts(Hooks,Acc);
+		   (_,Acc) ->
+			Acc
+		end,[],Args).
 
 ct_hooks_args2opts([CTH,Arg,Prio,"and"| Rest],Acc) ->
     ct_hooks_args2opts(Rest,[{list_to_atom(CTH),
diff --git a/lib/common_test/src/ct_telnet.erl b/lib/common_test/src/ct_telnet.erl
index 71a784870c..f4a551e3ff 100644
--- a/lib/common_test/src/ct_telnet.erl
+++ b/lib/common_test/src/ct_telnet.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_testspec.erl b/lib/common_test/src/ct_testspec.erl
index 2cba1d8410..b68cbd3aa1 100644
--- a/lib/common_test/src/ct_testspec.erl
+++ b/lib/common_test/src/ct_testspec.erl
@@ -670,6 +670,10 @@ add_tests([{ct_hooks, _Node, []}|Ts], Spec) ->
 add_tests([{ct_hooks, Hooks}|Ts], Spec) ->
     add_tests([{ct_hooks, all_nodes, Hooks}|Ts], Spec);
 
+%% -- enable_builtin_hooks --
+add_tests([{enable_builtin_hooks,Bool}|Ts],Spec) ->
+    add_tests(Ts, Spec#testspec{ enable_builtin_hooks = Bool });
+
 %% --- include ---
 add_tests([{include,all_nodes,InclDirs}|Ts],Spec) ->
     Tests = lists:map(fun(N) -> {include,N,InclDirs} end, list_nodes(Spec)),
@@ -874,7 +878,11 @@ separate([],_,_,_) ->
 %%              {Suite2,[GrOrCase21,GrOrCase22,...]},...]}
 %% {{Node,Dir},[{Suite1,{skip,Cmt}},
 %%              {Suite2,[{GrOrCase21,{skip,Cmt}},GrOrCase22,...]},...]}
-%% GrOrCase = {GroupName,[Case1,Case2,...]} | Case
+%% GrOrCase = {GroupSpec,[Case1,Case2,...]} | Case
+%% GroupSpec = {GroupName,OverrideProps} |
+%%             {GroupName,OverrideProps,SubGroupSpec}
+%% OverrideProps = Props | default
+%% SubGroupSpec = GroupSpec | []
 
 insert_suites(Node,Dir,[S|Ss],Tests, MergeTests) ->
     Tests1 = insert_cases(Node,Dir,S,all,Tests,MergeTests),
@@ -885,7 +893,7 @@ insert_suites(Node,Dir,S,Tests,MergeTests) ->
     insert_suites(Node,Dir,[S],Tests,MergeTests).
 
 insert_groups(Node,Dir,Suite,Group,Cases,Tests,MergeTests) 
-  when is_atom(Group) ->
+  when is_atom(Group); is_tuple(Group) ->
     insert_groups(Node,Dir,Suite,[Group],Cases,Tests,MergeTests);
 insert_groups(Node,Dir,Suite,Groups,Cases,Tests,false) when
       ((Cases == all) or is_list(Cases)) and is_list(Groups) ->
@@ -1130,6 +1138,7 @@ valid_terms() ->
      {event_handler,4},
      {ct_hooks,2},
      {ct_hooks,3},
+     {enable_builtin_hooks,1},
      {multiply_timetraps,2},
      {multiply_timetraps,3},
      {scale_timetraps,2},
diff --git a/lib/common_test/src/ct_util.hrl b/lib/common_test/src/ct_util.hrl
index 73898fe371..bde832811a 100644
--- a/lib/common_test/src/ct_util.hrl
+++ b/lib/common_test/src/ct_util.hrl
@@ -39,6 +39,7 @@
 		   userconfig=[],
 		   event_handler=[],
 		   ct_hooks=[],
+		   enable_builtin_hooks=true,
 		   include=[],
 		   multiply_timetraps=[],
 		   scale_timetraps=[],
diff --git a/lib/common_test/src/cth_log_redirect.erl b/lib/common_test/src/cth_log_redirect.erl
new file mode 100644
index 0000000000..14663b7738
--- /dev/null
+++ b/lib/common_test/src/cth_log_redirect.erl
@@ -0,0 +1,111 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(cth_log_redirect).
+
+%%% @doc Common Test Framework functions handling test specifications.
+%%%
+%%% <p>This module redirects sasl and error logger info to common test log.</p>
+%%% @end
+
+
+%% CTH Callbacks
+-export([id/1, init/2, post_init_per_group/4, pre_end_per_group/3,
+	 post_end_per_testcase/4]).
+
+%% Event handler Callbacks
+-export([init/1,
+	 handle_event/2, handle_call/2, handle_info/2,
+	 terminate/2]).
+
+id(_Opts) ->
+    ?MODULE.
+
+init(?MODULE, _Opts) ->
+    error_logger:add_report_handler(?MODULE),
+    tc_log.
+
+post_init_per_group(Group, Config, Result, tc_log) ->
+    case lists:member(parallel,proplists:get_value(
+				 tc_group_properties,Config,[])) of
+	true ->
+	    {Result, {set_log_func(ct_log),Group}};
+	false ->
+	    {Result, tc_log}
+    end;
+post_init_per_group(_Group, _Config, Result, State) ->
+    {Result, State}.
+
+post_end_per_testcase(_TC, _Config, Result, State) ->
+    %% Make sure that the event queue is flushed
+    %% before ending this test case.
+    gen_event:call(error_logger, ?MODULE, flush),
+    {Result, State}.
+
+pre_end_per_group(Group, Config, {ct_log, Group}) ->
+    {Config, set_log_func(tc_log)};
+pre_end_per_group(_Group, Config, State) ->
+    {Config, State}.
+
+
+%% Copied and modified from sasl_report_tty_h.erl
+init(_Type) ->
+    {ok, tc_log}.
+
+handle_event({_Type, GL, _Msg}, State) when node(GL) /= node() ->
+    {ok, State};
+handle_event(Event, LogFunc) ->
+    case lists:keyfind(sasl, 1, application:which_applications()) of
+	false ->
+	    sasl_not_started;
+	_Else ->
+	    {ok, ErrLogType} = application:get_env(sasl, errlog_type),
+	    SReport = sasl_report:format_report(group_leader(), ErrLogType,
+						tag_event(Event)),
+	    if is_list(SReport) ->
+		    ct_logs:LogFunc(sasl, SReport, []);
+	       true -> %% Report is an atom if no logging is to be done
+		    ignore
+	    end
+    end,
+    EReport = error_logger_tty_h:write_event(
+		tag_event(Event),io_lib),
+    if is_list(EReport) ->
+	    ct_logs:LogFunc(error_logger, EReport, []);
+       true -> %% Report is an atom if no logging is to be done
+	    ignore
+    end,
+    {ok, LogFunc}.
+
+
+handle_info(_,State) -> {ok, State}.
+
+handle_call(flush,State) ->
+    {ok, ok, State};
+handle_call({set_logfunc,NewLogFunc},_) ->
+    {ok, NewLogFunc, NewLogFunc};
+handle_call(_Query, _State) -> {error, bad_query}.
+
+terminate(_Reason, _Type) ->
+    [].
+
+tag_event(Event) ->
+    {calendar:local_time(), Event}.
+
+set_log_func(Func) ->
+    gen_event:call(error_logger, ?MODULE, {set_logfunc, Func}).
diff --git a/lib/common_test/test/Makefile b/lib/common_test/test/Makefile
index b7b099069c..284612b8f7 100644
--- a/lib/common_test/test/Makefile
+++ b/lib/common_test/test/Makefile
@@ -30,8 +30,11 @@ MODULES= \
 	ct_userconfig_callback \
 	ct_smoke_test_SUITE \
 	ct_event_handler_SUITE \
+	ct_config_info_SUITE \
 	ct_groups_test_1_SUITE \
 	ct_groups_test_2_SUITE \
+	ct_group_info_SUITE \
+	ct_groups_spec_SUITE \
 	ct_sequence_1_SUITE \
 	ct_repeat_1_SUITE \
 	ct_testspec_1_SUITE \
diff --git a/lib/common_test/test/ct_config_SUITE.erl b/lib/common_test/test/ct_config_SUITE.erl
index 8ce75f582a..18218bee47 100644
--- a/lib/common_test/test/ct_config_SUITE.erl
+++ b/lib/common_test/test/ct_config_SUITE.erl
@@ -228,7 +228,7 @@ expected_events(config_static_SUITE)->
      {?eh,tc_start,{config_static_SUITE,test_config_name_already_in_use2}},
      {?eh,tc_done,
       {config_static_SUITE,test_config_name_already_in_use2,
-       {skipped,{config_name_already_in_use,[x1,alias]}}}},
+       {skipped,{config_name_already_in_use,[alias,x1]}}}},
      {?eh,test_stats,{4,0,{2,0}}},
      {?eh,tc_start,{config_static_SUITE,test_alias_tclocal}},
      {?eh,tc_done,{config_static_SUITE,test_alias_tclocal,ok}},
diff --git a/lib/common_test/test/ct_config_info_SUITE.erl b/lib/common_test/test/ct_config_info_SUITE.erl
new file mode 100644
index 0000000000..40da377ee5
--- /dev/null
+++ b/lib/common_test/test/ct_config_info_SUITE.erl
@@ -0,0 +1,178 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_config_info_SUITE
+%%%
+%%% Description: Test how Common Test handles info functions
+%%% for the config functions.
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_config_info_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     config_info
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+config_info(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "config_info_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,config_info}], Config),
+    ok = execute(config_info, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(config_info) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,6}},
+     {?eh,tc_done,{config_info_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,
+		    {init_per_group,unknown,[]},
+		    {failed,{timetrap_timeout,350}}}},
+      {?eh,tc_auto_skip,{config_info_1_SUITE,t11,
+	{failed,{config_info_1_SUITE,init_per_group,{timetrap_timeout,350}}}}},
+      {?eh,tc_auto_skip,{config_info_1_SUITE,end_per_group,
+			 {failed,{config_info_1_SUITE,init_per_group,
+				  {timetrap_timeout,350}}}}}],
+
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{config_info_1_SUITE,t21,ok}},
+      {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,
+		    {end_per_group,unknown,[]},
+		    {failed,{timetrap_timeout,450}}}}],
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,
+		     {init_per_group,unknown,[]},
+		     {failed,{timetrap_timeout,400}}}},
+       {?eh,tc_auto_skip,{config_info_1_SUITE,t41,
+	 {failed,{config_info_1_SUITE,init_per_group,
+		  {timetrap_timeout,400}}}}},
+       {?eh,tc_auto_skip,{config_info_1_SUITE,end_per_group,
+	 {failed,{config_info_1_SUITE,init_per_group,
+		  {timetrap_timeout,400}}}}}],
+      {?eh,tc_start,{config_info_1_SUITE,t31}},
+      {?eh,tc_done,{config_info_1_SUITE,t31,
+		    {skipped,{failed,{config_info_1_SUITE,init_per_testcase,
+				      {timetrap_timeout,250}}}}}},
+      {?eh,tc_start,{config_info_1_SUITE,t32}},
+      {?eh,tc_done,{config_info_1_SUITE,t32,
+		    {failed,{config_info_1_SUITE,end_per_testcase,
+			     {timetrap_timeout,250}}}}},
+
+      [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{config_info_1_SUITE,t51,ok}},
+       {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,
+		     {end_per_group,unknown,[]},
+		     {failed,{timetrap_timeout,400}}}}],
+      {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_start,{config_info_1_SUITE,end_per_suite}},
+     {?eh,tc_done,{config_info_1_SUITE,end_per_suite,
+		   {failed,{timetrap_timeout,300}}}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
diff --git a/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl b/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl
new file mode 100644
index 0000000000..53a233b7a4
--- /dev/null
+++ b/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl
@@ -0,0 +1,168 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(config_info_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+%%%-----------------------------------------------------------------
+
+suite() ->
+    [{timetrap,500}].
+
+%%%-----------------------------------------------------------------
+
+group(_) ->
+    [{timetrap,250}].
+
+%%%-----------------------------------------------------------------
+
+init_per_suite() ->
+    ct:pal("init_per_suite info called", []),
+    [{timetrap,1000},
+     {require,suite_data},
+     {default_config,suite_data,suite_data_val}].
+
+init_per_suite(Config) ->
+    suite_data_val = ct:get_config(suite_data),
+    ct:sleep(750),
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_suite() ->
+    ct:pal("end_per_suite info called", []),
+    [{timetrap,300},
+     {require,suite_data2},
+     {default_config,suite_data2,suite_data2_val}].
+
+end_per_suite(_Config) ->
+    suite_data2_val = ct:get_config(suite_data2),
+    ct:sleep(500),
+    ok.
+
+%%%-----------------------------------------------------------------
+
+init_per_group(g1) ->
+    ct:pal("init_per_group(g1) info called", []),
+    [{timetrap,350}];
+init_per_group(G) ->
+    ct:pal("init_per_group(~w) info called", [G]),
+    [{timetrap,400}].
+
+init_per_group(g1, _Config) ->
+    ct:sleep(1000);
+init_per_group(g4, _Config) ->
+    ct:sleep(1000);
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, GrProps1])),
+    ct:pal("init( ~w ): ~p", [G, GrProps1]),
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_group(g2) ->
+    ct:pal("end_per_group(g2) info called", []),
+    [{timetrap,450}];
+end_per_group(G) ->
+    ct:pal("end_per_group(~w) info called", [G]),
+    [{timetrap,400}].
+
+end_per_group(g2, _Config) ->
+    ct:sleep(1000);
+end_per_group(g5, _Config) ->
+    ct:sleep(1000);
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w ): ~p", [G, GrProps1])),
+    ct:pal("end( ~w ): ~p", [G, GrProps1]),
+    ok.
+
+%%%-----------------------------------------------------------------
+init_per_testcase() ->
+    [{timetrap,750}].
+
+init_per_testcase(t1, _Config) ->
+    ct:sleep(1000);
+init_per_testcase(t31, _Config) ->
+    ct:sleep(1000);
+init_per_testcase(_TestCase, Config) ->
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_testcase() ->
+    [{timetrap,600}].
+
+end_per_testcase(t2, _Config) ->
+    ct:sleep(1000);
+end_per_testcase(t32, _Config) ->
+    ct:sleep(1000);
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%--------------------------------------------------------------------
+%% TEST DECLARATIONS
+%%--------------------------------------------------------------------
+
+groups() ->
+    [
+     {g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{g4,[],[t41]}, t31, t32, {g5,[],[t51]}]}
+    ].
+
+all() -> 
+    [
+     {group,g1},
+     {group,g2},
+     {group,g3}
+    ].
+
+%%-----------------------------------------------------------------
+%% TEST CASES
+%%-----------------------------------------------------------------
+
+t1(_) ->
+    exit(should_not_execute).
+
+t2(_) ->
+    ok.
+
+t11(_) ->
+    exit(should_not_execute).
+
+t21(_) ->
+    ok.
+
+t31(_) ->
+    exit(should_not_execute).
+
+t32(_) ->
+    ok.
+
+t41(_) ->
+    exit(should_not_execute).
+
+t51(_) ->
+    ok.
diff --git a/lib/common_test/test/ct_error_SUITE.erl b/lib/common_test/test/ct_error_SUITE.erl
index d6ee8eed10..2b3157ff3b 100644
--- a/lib/common_test/test/ct_error_SUITE.erl
+++ b/lib/common_test/test/ct_error_SUITE.erl
@@ -303,41 +303,21 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_2_SUITE,init_per_suite}},
      {?eh,tc_done,
       {cfg_error_2_SUITE,init_per_suite,
-       {failed,{error,{{badmatch,[1,2]},
-		       [{cfg_error_2_SUITE,init_per_suite,1},
-			{test_server,my_apply,3},
-			{test_server,ts_tc,3},
-			{test_server,run_test_case_eval1,6},
-			{test_server,run_test_case_eval,9}]}}}}},
+       {failed,{error,{{badmatch,[1,2]},'_'}}}}},
      {?eh,tc_auto_skip,
       {cfg_error_2_SUITE,tc1,
        {failed,{cfg_error_2_SUITE,init_per_suite,      
-		{'EXIT',{{badmatch,[1,2]},
-			 [{cfg_error_2_SUITE,init_per_suite,1},
-			  {test_server,my_apply,3},
-			  {test_server,ts_tc,3},
-			  {test_server,run_test_case_eval1,6},
-			  {test_server,run_test_case_eval,9}]}}}}}},
+		{'EXIT',{{badmatch,[1,2]},'_'}}}}}},
      {?eh,test_stats,{0,0,{0,3}}},
      {?eh,tc_auto_skip,
       {cfg_error_2_SUITE,tc2,
        {failed,{cfg_error_2_SUITE,init_per_suite,      
-		{'EXIT',{{badmatch,[1,2]},
-			 [{cfg_error_2_SUITE,init_per_suite,1},
-			  {test_server,my_apply,3},
-			  {test_server,ts_tc,3},
-			  {test_server,run_test_case_eval1,6},
-			  {test_server,run_test_case_eval,9}]}}}}}},
+		{'EXIT',{{badmatch,[1,2]},'_'}}}}}},
      {?eh,test_stats,{0,0,{0,4}}},
      {?eh,tc_auto_skip,
       {cfg_error_2_SUITE,end_per_suite,
        {failed,{cfg_error_2_SUITE,init_per_suite,      
-		{'EXIT',{{badmatch,[1,2]},
-			 [{cfg_error_2_SUITE,init_per_suite,1},
-			  {test_server,my_apply,3},
-			  {test_server,ts_tc,3},
-			  {test_server,run_test_case_eval1,6},
-			  {test_server,run_test_case_eval,9}]}}}}}},
+		{'EXIT',{{badmatch,[1,2]},'_'}}}}}},
 
      {?eh,tc_start,{cfg_error_3_SUITE,init_per_suite}},
      {?eh,tc_done,
@@ -396,12 +376,7 @@ test_events(cfg_error) ->
       {?eh,tc_done,{cfg_error_6_SUITE,{end_per_group,g1,[]},ok}}],
      {?eh,tc_start,{cfg_error_6_SUITE,end_per_suite}},
      {?eh,tc_done,{cfg_error_6_SUITE,end_per_suite,
-		   {failed,{error,{{badmatch,[1,2]},
-				   [{cfg_error_6_SUITE,end_per_suite,1},
-				    {test_server,my_apply,3},
-				    {test_server,ts_tc,3},
-				    {test_server,run_test_case_eval1,6},
-				    {test_server,run_test_case_eval,9}]}}}}},
+		   {failed,{error,{{badmatch,[1,2]},'_'}}}}},
 
      {?eh,tc_start,{cfg_error_7_SUITE,init_per_suite}},
      {?eh,tc_done,{cfg_error_7_SUITE,init_per_suite,ok}},
@@ -450,31 +425,16 @@ test_events(cfg_error) ->
      [{?eh,tc_start,{cfg_error_8_SUITE,{init_per_group,g3,[]}}},
       {?eh,tc_done,
        {cfg_error_8_SUITE,{init_per_group,g3,[]},
-	{failed,{error,{{badmatch,42},
-			[{cfg_error_8_SUITE,init_per_group,2},
-			 {test_server,my_apply,3},
-			 {test_server,ts_tc,3},
-			 {test_server,run_test_case_eval1,6},
-			 {test_server,run_test_case_eval,9}]}}}}},
+	{failed,{error,{{badmatch,42},'_'}}}}},
       {?eh,tc_auto_skip,
        {cfg_error_8_SUITE,tc1,
 	{failed,{cfg_error_8_SUITE,init_per_group,
-		 {'EXIT',{{badmatch,42},
-			  [{cfg_error_8_SUITE,init_per_group,2},
-			   {test_server,my_apply,3},
-			   {test_server,ts_tc,3},
-			   {test_server,run_test_case_eval1,6},
-			   {test_server,run_test_case_eval,9}]}}}}}},
+		 {'EXIT',{{badmatch,42},'_'}}}}}},
       {?eh,test_stats,{4,0,{0,13}}},
       {?eh,tc_auto_skip,
        {cfg_error_8_SUITE,end_per_group,
 	{failed,{cfg_error_8_SUITE,init_per_group,
-		 {'EXIT',{{badmatch,42},
-			  [{cfg_error_8_SUITE,init_per_group,2},
-			   {test_server,my_apply,3},
-			   {test_server,ts_tc,3},
-			   {test_server,run_test_case_eval1,6},
-			   {test_server,run_test_case_eval,9}]}}}}}}],
+		 {'EXIT',{{badmatch,42},'_'}}}}}}],
 
      [{?eh,tc_start,{cfg_error_8_SUITE,{init_per_group,g4,[]}}},
       {?eh,tc_done,{cfg_error_8_SUITE,{init_per_group,g4,[]},ok}},
@@ -533,7 +493,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_9_SUITE,tc1}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc1,
 		   {skipped,{failed,{cfg_error_9_SUITE,init_per_testcase,
-				     tc1_should_be_skipped}}}}},
+				     {tc1_should_be_skipped,'_'}}}}}},
      {?eh,test_stats,{9,0,{0,15}}},
      {?eh,tc_start,{cfg_error_9_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc2,
@@ -543,12 +503,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_9_SUITE,tc3}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc3,
 		   {skipped,{failed,{cfg_error_9_SUITE,init_per_testcase,
-				     {{badmatch,undefined},
-				      [{cfg_error_9_SUITE,init_per_testcase,2},
-				       {test_server,my_apply,3},
-				       {test_server,init_per_testcase,3},
-				       {test_server,run_test_case_eval1,6},
-				       {test_server,run_test_case_eval,9}]}}}}}},
+				     {{badmatch,undefined},'_'}}}}}},
      {?eh,test_stats,{9,0,{0,17}}},
      {?eh,tc_start,{cfg_error_9_SUITE,tc4}},
      {?eh,tc_done,
@@ -580,12 +535,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_9_SUITE,tc13}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc13,
 		   {failed,{cfg_error_9_SUITE,end_per_testcase,
-			    {'EXIT',{{badmatch,undefined},
-				     [{cfg_error_9_SUITE,end_per_testcase,2},
-				      {test_server,my_apply,3},
-				      {test_server,do_end_per_testcase,4},
-				      {test_server,run_test_case_eval1,6},
-				      {test_server,run_test_case_eval,9}]}}}}}},
+			    {'EXIT',{{badmatch,undefined},'_'}}}}}},
      {?eh,test_stats,{12,3,{0,18}}},
      {?eh,tc_start,{cfg_error_9_SUITE,tc14}},
      {?eh,tc_done,
@@ -613,8 +563,8 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_11_SUITE,init_per_suite}},
      {?eh,tc_done,{cfg_error_11_SUITE,init_per_suite,ok}},
      {?eh,tc_start,{cfg_error_11_SUITE,tc1}},
-     {?eh,tc_done,{cfg_error_11_SUITE,tc1,
-		   {skipped,{config_name_already_in_use,[dummy0]}}}},
+     {?eh,tc_done, {cfg_error_11_SUITE,tc1,
+		    {skipped,{config_name_already_in_use,[dummy_alias]}}}},
      {?eh,test_stats,{12,6,{1,19}}},
      {?eh,tc_start,{cfg_error_11_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_11_SUITE,tc2,ok}},
@@ -622,7 +572,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_11_SUITE,end_per_suite}},
      {?eh,tc_done,{cfg_error_11_SUITE,end_per_suite,ok}},
      {?eh,tc_start,{cfg_error_12_SUITE,tc1}},
-     {?eh,tc_done,{cfg_error_12_SUITE,tc1,{failed,{timetrap_timeout,500}}}},
+     {?eh,tc_done,{ct_framework,init_tc,{framework_error,{timetrap,500}}}},
      {?eh,test_stats,{13,7,{1,19}}},
      {?eh,tc_start,{cfg_error_12_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_12_SUITE,tc2,{failed,
@@ -668,13 +618,7 @@ test_events(lib_error) ->
      {?eh,tc_done,
       {lib_error_1_SUITE,lines_error,{failed,
 				      {error,
-				       {{badmatch,[1,2]},
-					[{lib_lines,do_error,0},
-					 {lib_error_1_SUITE,lines_error,1},
-					 {test_server,my_apply,3},
-					 {test_server,ts_tc,3},
-					 {test_server,run_test_case_eval1,6},
-					 {test_server,run_test_case_eval,9}]}}}}},
+				       {{badmatch,[1,2]},'_'}}}}},
      {?eh,test_stats,{0,1,{0,0}}},
      {?eh,tc_start,{lib_error_1_SUITE,lines_exit}},
      {?eh,tc_done,
@@ -693,13 +637,7 @@ test_events(lib_error) ->
      {?eh,tc_done,
       {lib_error_1_SUITE,no_lines_error,{failed,
 					 {error,
-					  {{badmatch,[1,2]},
-					   [{lib_no_lines,do_error,0},
-					    {lib_error_1_SUITE,no_lines_error,1},
-					    {test_server,my_apply,3},
-					    {test_server,ts_tc,3},
-					    {test_server,run_test_case_eval1,6},
-					    {test_server,run_test_case_eval,9}]}}}}},
+					  {{badmatch,[1,2]},'_'}}}}},
      {?eh,test_stats,{0,5,{0,0}}},
      {?eh,tc_start,{lib_error_1_SUITE,no_lines_exit}},
      {?eh,tc_done,
@@ -932,10 +870,10 @@ test_events(timetrap_fun) ->
      {?eh,tc_done,
       {timetrap_6_SUITE,init_per_suite,{skipped,{timetrap_error,kaboom}}}},
      {?eh,tc_auto_skip,
-      {timetrap_6_SUITE,tc0,{fw_auto_skip,{timetrap_error,kaboom}}}},
+      {timetrap_6_SUITE,tc0,{timetrap_error,kaboom}}},
      {?eh,test_stats,{0,8,{0,5}}},
      {?eh,tc_auto_skip,
-      {timetrap_6_SUITE,end_per_suite,{fw_auto_skip,{timetrap_error,kaboom}}}},
+      {timetrap_6_SUITE,end_per_suite,{timetrap_error,kaboom}}},
 
      {?eh,tc_done,{timetrap_7_SUITE,init_per_suite,ok}},
      {?eh,tc_start,{timetrap_7_SUITE,tc0}},
diff --git a/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl b/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
index ce94533110..879561ebb9 100644
--- a/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
+++ b/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -29,10 +29,7 @@
 suite() ->
     [{timetrap,{seconds,2}},
      {require, dummy0}, {default_config, dummy0, "suite/0"},
-     {require, dummy1}, {default_config, dummy1, "suite/0"},
-     {require, dummy2}, {default_config, dummy2, "suite/0"}].
-
-
+     {require, dummy_alias, dummy1}, {default_config, dummy1, "suite/0"}].
 
 %%--------------------------------------------------------------------
 %% Function: init_per_suite(Config0) ->
@@ -119,16 +116,17 @@ groups() ->
 %% Reason = term()
 %%--------------------------------------------------------------------
 all() ->
-    [tc1, tc2].
+    [tc1,tc2].
 
 tc1() ->
-    [{require, dummy0}, {default_config, dummy0, "tc1"}].
+    [{require, dummy0}, {default_config, dummy0, "tc1"},
+     {require, dummy_alias, dummy2}, {default_config, dummy2, "tc1"}].
 
 tc1(_) ->
     dummy.
 
 tc2() ->
-    [{timetrap,1}].
+    [{timetrap,10}].
 
 tc2(_) ->
     dummy.
diff --git a/lib/common_test/test/ct_group_info_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE.erl
new file mode 100644
index 0000000000..2da8219196
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE.erl
@@ -0,0 +1,859 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_group_info_SUITE
+%%%
+%%% Description: 
+%%% Test that the group info function works as expected with regards
+%%% to timetraps and require (and default config values).
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_group_info_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     timetrap_all,
+     timetrap_group,
+     timetrap_group_case,
+     timetrap_all_no_ips,
+     timetrap_all_no_ipg,
+     require,
+     require_default,
+     require_no_ips,
+     require_no_ipg
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all}], Config),
+    ok = execute(timetrap_all, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_group(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,[g1,g3,g7]},
+			  {label,timetrap_group}], Config),
+    ok = execute(timetrap_group, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_group_case(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,g4},{testcase,t41},
+			  {label,timetrap_group_case}], Config),
+    ok = execute(timetrap_group_case, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all_no_ips(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_2_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all_no_ips}], Config),
+    ok = execute(timetrap_all_no_ips, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all_no_ipg(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_3_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all_no_ipg}], Config),
+    ok = execute(timetrap_all_no_ipg, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_1_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require}], Config),
+    ok = execute(require, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_default(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,require_default}], Config),
+    ok = execute(require_default, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_no_ips(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_2_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require_no_ips}], Config),
+    ok = execute(require_no_ips, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_no_ipg(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_3_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require_no_ipg}], Config),
+    ok = execute(require_no_ipg, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(timetrap_all) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g6,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g6,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g7,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_group) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,7}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,test_stats,{0,7,{0,0}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g7,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_group_case) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,1}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,test_stats,{0,1,{0,0}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_all_no_ips) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_2_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g6,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g6,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_2_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g7,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_all_no_ipg) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g1,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g1,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g1,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g1,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g2,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g2,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g2,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g2,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g3,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g3,[{suite,group_timetrap_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g4,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g4,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g4,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g4,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_timetrap_3_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g5,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g5,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g5,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g5,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g3,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g3,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g6,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g6,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g6,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g6,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g7,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g7,[{suite,group_timetrap_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g8,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g8,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g8,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g8,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_timetrap_3_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g9,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g9,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g9,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g9,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g7,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g7,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g10,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g10,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g10,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g10,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g11,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g11,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g11,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g11,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_1_SUITE,init_per_suite,ok}},
+     {?eh,tc_done,{group_require_1_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g4,[]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t41,
+			  {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+	{require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_1_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_require_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_default) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_1_SUITE,init_per_suite,ok}},
+     {?eh,tc_done,{group_require_1_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g4,[]},
+		    {skipped,{require_failed,{not_available,common3}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t41,
+			 {require_failed,{not_available,common3}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,common3}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_1_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_require_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_no_ips) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_2_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g4,[]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,t41,
+			  {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,end_per_group,
+			 {require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_2_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_no_ipg) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_3_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g1,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g1,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t11,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g1,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g1,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g2,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g2,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t21,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g2,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g2,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g3,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g3,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t31,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g3,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g3,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g4,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g4,[{suite,group_require_3_SUITE}]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_3_SUITE,t41,
+			 {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{ct_framework,ct_end_per_group,
+			 {require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g5,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g5,[{suite,group_require_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g6,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g6,[{suite,group_require_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t61,ok}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g6,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g6,[{suite,group_require_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_require_3_SUITE,t51,ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g7,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g7,[{suite,group_require_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t72,ok}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g7,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g7,[{suite,group_require_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g5,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g5,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g8,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g8,[{suite,group_require_3_SUITE}]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_3_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{ct_framework,ct_end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g9,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g9,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g9,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g9,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g10,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g10,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t101,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g10,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g10,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g11,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g11,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g11,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g11,[{suite,group_require_3_SUITE}]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl
new file mode 100644
index 0000000000..16df897752
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl
@@ -0,0 +1,259 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_suite(Config) ->
+    ct:comment(io_lib:format("init( ~w ): ~p", [?MODULE, suite()])),
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, Config) ->
+    ok;
+end_per_testcase(t111, Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl
new file mode 100644
index 0000000000..adb53ff564
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl
@@ -0,0 +1,252 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_2_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, Config) ->
+    ok;
+end_per_testcase(t111, Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl
new file mode 100644
index 0000000000..1f2dfd2a30
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl
@@ -0,0 +1,241 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_3_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+%% init_per_suite(Config) ->
+%%     Config.
+%% end_per_suite(_) ->
+%%     ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, _Config) ->
+    ok;
+end_per_testcase(t111, _Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl
new file mode 100644
index 0000000000..0a81edf729
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl
@@ -0,0 +1,191 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_suite(Config) ->
+    ct:comment(io_lib:format("init( ~w ): ~p", [?MODULE, suite()])),
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    ok.
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl
new file mode 100644
index 0000000000..1ebe8bd510
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl
@@ -0,0 +1,184 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_2_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    ok.
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl
new file mode 100644
index 0000000000..66d29802e2
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl
@@ -0,0 +1,171 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_3_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg b/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg
new file mode 100644
index 0000000000..8a1960d121
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg
@@ -0,0 +1,19 @@
+{suite_cfg,suite_cfg_val}.
+{g1_cfg,g1_cfg_val}.
+{g2_cfg,g2_cfg_val}.
+{g3_cfg,g3_cfg_val}.
+{g4_cfg,g4_cfg_val}.
+{g5_cfg,g5_cfg_val}.
+{g6_cfg,g6_cfg_val}.
+{g7_cfg,g7_cfg_val}.
+{g8_cfg,g8_cfg_val}.
+{g9_cfg,g9_cfg_val}.
+{g10_cfg,g10_cfg_val}.
+{g11_cfg,g11_cfg_val}.
+
+{t72_cfg,t72_cfg_val}.
+{t91_cfg,t91_cfg_val}.
+
+{common1,common1_val}.
+{common2,common2_val}.
+{common3,common3_val}.
diff --git a/lib/common_test/test/ct_groups_spec_SUITE.erl b/lib/common_test/test/ct_groups_spec_SUITE.erl
new file mode 100644
index 0000000000..5a6d5ac0ac
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE.erl
@@ -0,0 +1,586 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_groups_spec_SUITE
+%%%
+%%% Description: 
+%%% Test that overriding default group properties with group terms
+%%% in all/0 and in test specifications works as expected.
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_groups_spec_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     simple_group_opt,
+     simple_group_case_opt,
+     override_with_all,
+     override_with_spec
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+simple_group_opt(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,[g1,g5]},
+			  {label,simple_group_opt}], Config),
+    ok = execute(simple_group_opt, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+simple_group_case_opt(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,g5},{testcase,[t52,t54]},
+			  {label,simple_group_case_opt}], Config),
+    ok = execute(simple_group_case_opt, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+override_with_all(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{label,override_with_all}], Config),
+    ok = execute(override_with_all, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+override_with_spec(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Spec = filename:join(DataDir, "override.spec"),
+    {Opts,ERPid} = setup([{spec,Spec},{label,override_with_spec}], Config),
+    ok = execute(override_with_spec, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(simple_group_opt) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,7}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{4,3,{0,0}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(simple_group_case_opt) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,2}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{1,1,{0,0}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(override_with_all) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,45}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     %% TEST: {group,g1,default}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     %% TEST: {group,g1,[sequence]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{3,2,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+
+     %% TEST: {group,g1,[parallel],[]}
+     {parallel,
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]},ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t11}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t12}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t13}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+       {?eh,test_stats,{5,3,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]},ok}}]},
+
+     %% TEST: {group,g2,[],[]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{6,3,{0,1}}},
+
+      {parallel,
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]},ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t31}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t32}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t33}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t33,ok}},
+	{?eh,test_stats,{8,4,{0,1}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]},ok}}]},
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{8,5,{0,1}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{9,5,{0,1}}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{11,7,{0,1}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{11,8,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{12,8,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     %% TEST: {group,g2,default,[{g3,[sequence]}]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{13,8,{0,1}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{14,9,{0,2}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t41,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t51,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t52,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t42,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t23,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,test_stats,{14,10,{0,9}}},
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     %% TEST: {group,g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{15,10,{0,9}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{16,11,{0,10}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{16,12,{0,10}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{17,12,{0,10}}},
+
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,test_stats,{18,13,{0,12}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]},ok}}],
+
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{18,14,{0,12}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{19,14,{0,12}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(override_with_spec) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{7,4,49}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g1,default}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, [{g1,[sequence]},
+     %%                                           {g1,[parallel],[]}]}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{3,2,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+     {parallel,
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]},ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t11}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t12}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t13}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+       {?eh,test_stats,{5,3,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]},ok}}]},
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g2,[],[]}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_start,{groups_spec_1_SUITE,t21}},
+      {?eh,test_stats,{6,3,{0,1}}},
+      {parallel,
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]},ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t31}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t32}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t33}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t33,ok}},
+	{?eh,test_stats,{8,4,{0,1}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]},ok}}]},
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{8,5,{0,1}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{9,5,{0,1}}},
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{11,7,{0,1}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{11,8,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{12,8,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g2,default,[{g3,[sequence]}]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{13,8,{0,1}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{14,9,{0,2}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t41,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t51,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t52,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t42,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t23,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,test_stats,{14,10,{0,9}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE,
+     %%        {g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{15,10,{0,9}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{16,11,{0,10}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{16,12,{0,10}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{17,12,{0,10}}},
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,test_stats,{18,13,{0,12}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]},ok}}],
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{18,14,{0,12}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{19,14,{0,12}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g1,[sequence]}, {cases,[t12,t13]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{19,15,{0,13}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g5,[]}, {cases,[t53,t54]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	{?eh,test_stats,{20,16,{0,13}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[]},ok}}],
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
+
diff --git a/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl b/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl
new file mode 100644
index 0000000000..ae6065bae4
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl
@@ -0,0 +1,124 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(groups_spec_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+%%--------------------------------------------------------------------
+%% INFO FUNCS
+%%--------------------------------------------------------------------
+suite() ->
+    [{timetrap,1000}].
+
+group(_) ->
+    [{timetrap,2000}].
+
+%%--------------------------------------------------------------------
+%% CONFIG FUNCS
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, GrProps1])),
+    ct:pal("init( ~w ): ~p", [G, GrProps1]),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w ): ~p", [G, GrProps1])),
+    ct:pal("end( ~w ): ~p", [G, GrProps1]),
+    ok.
+
+init_per_testcase(_TestCase, Config) ->
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%--------------------------------------------------------------------
+%% TEST DECLARATIONS
+%%--------------------------------------------------------------------
+
+groups() ->
+    [
+     {g1,[],[t11,t12,t13]},
+     {g2,[sequence],[t21,{group,g3},t22,{group,g4},t23]},
+     {g3,[parallel],[t31,t32,t33]},
+     {g4,[],[t41,{group,g5},t42]},
+     {g5,[parallel],[t51,t52,t53,t54]}
+    ].
+
+all() -> 
+    [
+     {group,g1,default},
+     {group,g1,[sequence]},
+     {group,g1,[parallel],[]},
+     
+     {group,g2,[],[]},
+     {group,g2,default,[{g3,[sequence]}]},
+     {group,g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}
+    ].
+
+%%-----------------------------------------------------------------
+%% TEST CASES
+%%-----------------------------------------------------------------
+
+t11(_) ->
+    ok.
+t12(_) ->
+    exit(crashes).
+t13(_) ->
+    ok.
+
+t21(_) ->
+    ok.
+t22(_) ->
+    exit(crashes).
+t23(_) ->
+    ok.
+
+t31(_) ->
+    ok.
+t32(_) ->
+    exit(crashes).
+t33(_) ->
+    ok.
+
+t41(_) ->
+    ok.	
+t42(_) ->
+    exit(crashes).
+
+t51(_) ->
+    ok.
+t52(_) ->
+    ct:sleep(3000).
+t53(_) ->
+    exit(crashes).
+t54(_) ->
+    ok.
diff --git a/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec b/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec
new file mode 100644
index 0000000000..1bfc6405c9
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec
@@ -0,0 +1,15 @@
+{merge_tests,false}.
+
+{alias,dir,"."}.
+
+{groups, dir, groups_spec_1_SUITE, {g1,default}}.
+{groups, dir, groups_spec_1_SUITE, [{g1,[sequence]},
+				    {g1,[parallel],[]}]}.
+
+{groups, dir, groups_spec_1_SUITE, {g2,[],[]}}.
+{groups, dir, groups_spec_1_SUITE, {g2,default,[{g3,[sequence]}]}}.
+{groups, dir, groups_spec_1_SUITE, {g2,[],[{g4,[sequence],[{g5,[sequence]}]},
+					   {g3,[sequence]}]}}.
+
+{groups, dir, groups_spec_1_SUITE, {g1,[sequence]}, {cases,[t12,t13]}}.
+{groups, dir, groups_spec_1_SUITE, {g5,[]}, {cases,[t53,t54]}}.
diff --git a/lib/common_test/test/ct_groups_test_2_SUITE.erl b/lib/common_test/test/ct_groups_test_2_SUITE.erl
index 940d791b15..2392b0b850 100644
--- a/lib/common_test/test/ct_groups_test_2_SUITE.erl
+++ b/lib/common_test/test/ct_groups_test_2_SUITE.erl
@@ -171,16 +171,16 @@ test_events(missing_conf) ->
      {?eh,start_logging,{'DEF','RUNDIR'}},
      {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
      {?eh,start_info,{1,1,2}},
-     {?eh,tc_start,{ct_framework,ct_init_per_group}},
-     {?eh,tc_done,{ct_framework,ct_init_per_group,ok}},
+     {?eh,tc_start,{ct_framework,{ct_init_per_group,group1,[]}}},
+     {?eh,tc_done,{ct_framework,{ct_init_per_group,group1,[]},ok}},
      {?eh,tc_start,{missing_conf_SUITE,tc1}},
      {?eh,tc_done,{missing_conf_SUITE,tc1,ok}},
      {?eh,test_stats,{1,0,{0,0}}},
      {?eh,tc_start,{missing_conf_SUITE,tc2}},
      {?eh,tc_done,{missing_conf_SUITE,tc2,ok}},
      {?eh,test_stats,{2,0,{0,0}}},
-     {?eh,tc_start,{ct_framework,ct_end_per_group}},
-     {?eh,tc_done,{ct_framework,ct_end_per_group,ok}},
+     {?eh,tc_start,{ct_framework,{ct_end_per_group,group1,[]}}},
+     {?eh,tc_done,{ct_framework,{ct_end_per_group,group1,[]},ok}},
      {?eh,test_done,{'DEF','STOP_TIME'}},
      {?eh,stop_logging,[]}
     ];
diff --git a/lib/common_test/test/ct_hooks_SUITE.erl b/lib/common_test/test/ct_hooks_SUITE.erl
index 5c99f0f9f7..2c519f08b5 100644
--- a/lib/common_test/test/ct_hooks_SUITE.erl
+++ b/lib/common_test/test/ct_hooks_SUITE.erl
@@ -1046,29 +1046,34 @@ test_events(prio_cth) ->
 		     [900],[900,900],[500,900],[1000],[1200,1050],
 		     [1100],[1200]]) ++
 	     GenPost(post_end_per_testcase,
-		     [[1100,100],[600,200],[600,600],[600],[700],[800],
-		      [900],[900,900],[500,900],[1000],[1200,1050],
-		      [1100],[1200]]) ++
+		     lists:reverse(
+		       [[1100,100],[600,200],[600,600],[600],[700],[800],
+			[900],[900,900],[500,900],[1000],[1200,1050],
+			[1100],[1200]])) ++
 	     [{?eh,tc_done,{ct_cth_prio_SUITE,test_case,ok}},
 
 	      {?eh,tc_start,{ct_cth_prio_SUITE,{end_per_group,'_',[]}}}] ++
 	     GenPre(pre_end_per_group, 
-		    [[1100,100],[600,200],[600,600],[600],[700],[800],
-		     [900],[900,900],[500,900],[1000],[1200,1050],
-		     [1100],[1200]]) ++
+		    lists:reverse(
+		      [[1100,100],[600,200],[600,600],[600],[700],[800],
+		       [900],[900,900],[500,900],[1000],[1200,1050],
+		       [1100],[1200]])) ++
 	     GenPost(post_end_per_group,
-		     [[1100,100],[600,200],[600,600],[600],[700],[800],
-		      [900],[900,900],[500,900],[1000],[1200,1050],
-		      [1100],[1200]]) ++
+		     lists:reverse(
+		       [[1100,100],[600,200],[600,600],[600],[700],[800],
+			[900],[900,900],[500,900],[1000],[1200,1050],
+			[1100],[1200]])) ++
 	     [{?eh,tc_done,{ct_cth_prio_SUITE,{end_per_group,'_',[]},ok}}],
 
 	 {?eh,tc_start,{ct_cth_prio_SUITE,end_per_suite}}] ++
 	GenPre(pre_end_per_suite,
-	       [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
-		[1200,1050],[1100],[1200]]) ++
+	       lists:reverse(
+		 [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
+		  [1200,1050],[1100],[1200]])) ++
 	GenPost(post_end_per_suite,
-		[[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
-		[1200,1050],[1100],[1200]]) ++
+		lists:reverse(
+		  [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
+		   [1200,1050],[1100],[1200]])) ++
 	[{?eh,tc_done,{ct_cth_prio_SUITE,end_per_suite,ok}},
 	 {?eh,test_done,{'DEF','STOP_TIME'}},
 	 {?eh,stop_logging,[]}];
diff --git a/lib/common_test/test/ct_repeat_1_SUITE.erl b/lib/common_test/test/ct_repeat_1_SUITE.erl
index 99e3b83ea9..090002d0c2 100644
--- a/lib/common_test/test/ct_repeat_1_SUITE.erl
+++ b/lib/common_test/test/ct_repeat_1_SUITE.erl
@@ -560,12 +560,7 @@ test_events(repeat_cs_until_any_fail) ->
 	{repeat_1_SUITE,tc_fail_1,
 	 {failed,
 	  {error,
-	   {{badmatch,2},
-	    [{repeat_1_SUITE,tc_fail_1,1},
-	     {test_server,my_apply,3},
-	     {test_server,ts_tc,3},
-	     {test_server,run_test_case_eval1,6},
-	     {test_server,run_test_case_eval,9}]}}}}},
+	   {{badmatch,2},'_'}}}}},
        {?eh,test_stats,{5,2,{0,0}}},
        {?eh,tc_start,{repeat_1_SUITE,tc_fail_2}},
        {?eh,tc_done,
diff --git a/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl b/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
index fb8d31edd4..4c5b880e39 100644
--- a/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
+++ b/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
@@ -1,11 +1,21 @@
-%%%-------------------------------------------------------------------
-%%% @author Peter Andersson <[email protected]>
-%%% @copyright (C) 2010, Peter Andersson
-%%% @doc
-%%%
-%%% @end
-%%% Created : 11 Aug 2010 by Peter Andersson <[email protected]>
-%%%-------------------------------------------------------------------
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
 -module(repeat_1_SUITE).
 
 -compile(export_all).
diff --git a/lib/common_test/test/ct_skip_SUITE.erl b/lib/common_test/test/ct_skip_SUITE.erl
index 6a8c57a6bd..b8be55f43a 100644
--- a/lib/common_test/test/ct_skip_SUITE.erl
+++ b/lib/common_test/test/ct_skip_SUITE.erl
@@ -197,7 +197,7 @@ test_events(auto_skip) ->
      {?eh,tc_done,
       {auto_skip_3_SUITE,tc1,
        {skipped,{failed,{auto_skip_3_SUITE,init_per_testcase,
-			 {init_per_testcase,tc1,failed}}}}}},
+			 {{init_per_testcase,tc1,failed},'_'}}}}}},
      {?eh,test_stats,{0,0,{0,4}}},
      {?eh,tc_start,{auto_skip_3_SUITE,tc2}},
      {?eh,tc_done,{auto_skip_3_SUITE,tc2,ok}},
@@ -364,12 +364,7 @@ test_events(auto_skip) ->
 	 {?eh,tc_done,
 	  {auto_skip_9_SUITE,tc8,
 	   {skipped,{failed,{auto_skip_9_SUITE,init_per_testcase,
-			     {{badmatch,undefined},
-			      [{auto_skip_9_SUITE,init_per_testcase,2},
-			       {test_server,my_apply,3},
-			       {test_server,init_per_testcase,3},
-			       {test_server,run_test_case_eval1,6},
-			       {test_server,run_test_case_eval,9}]}}}}}},
+			     {{badmatch,undefined},'_'}}}}}},
 	 {?eh,tc_start,
 	  {auto_skip_9_SUITE,{end_per_group,g5,[parallel]}}},
 	 {?eh,tc_done,
diff --git a/lib/common_test/test/ct_test_server_if_1_SUITE.erl b/lib/common_test/test/ct_test_server_if_1_SUITE.erl
index 4471915e69..efc0309781 100644
--- a/lib/common_test/test/ct_test_server_if_1_SUITE.erl
+++ b/lib/common_test/test/ct_test_server_if_1_SUITE.erl
@@ -228,39 +228,39 @@ test_events(ts_if_1) ->
 			{failed,{error,{suite0_failed,{exited,suite0_goes_boom}}}}}},
 
      {?eh,tc_start,{ct_framework,error_in_suite}},
-     {?eh,test_stats,{3,6,{3,7}}},
+     {?eh,test_stats,{3,5,{4,7}}},
 
      {?eh,tc_start,{ct_framework,error_in_suite}},
-     {?eh,test_stats,{3,7,{3,7}}},
+     {?eh,test_stats,{3,5,{5,7}}},
 
      {?eh,tc_start,{ts_if_5_SUITE,init_per_suite}},
      {?eh,tc_done,{ts_if_5_SUITE,init_per_suite,
 		   {skipped,{require_failed_in_suite0,{not_available,undef_variable}}}}},
      {?eh,tc_auto_skip,{ts_if_5_SUITE,my_test_case,
 			{require_failed_in_suite0,{not_available,undef_variable}}}},
-     {?eh,test_stats,{3,7,{3,8}}},
+     {?eh,test_stats,{3,5,{5,8}}},
      {?eh,tc_auto_skip,{ts_if_5_SUITE,end_per_suite,
 			{require_failed_in_suite0,{not_available,undef_variable}}}},
 
      {?eh,tc_start,{ts_if_6_SUITE,tc1}},
      {?eh,tc_done,{ts_if_6_SUITE,tc1,{failed,{error,{suite0_failed,{exited,suite0_byebye}}}}}},
-     {?eh,test_stats,{3,7,{4,8}}},
+     {?eh,test_stats,{3,5,{6,8}}},
 
      {?eh,tc_start,{ts_if_7_SUITE,tc1}},
      {?eh,tc_done,{ts_if_7_SUITE,tc1,ok}},
-     {?eh,test_stats,{4,7,{4,8}}},
+     {?eh,test_stats,{4,5,{6,8}}},
 
      {?eh,tc_start,{ts_if_8_SUITE,tc1}},
      {?eh,tc_done,{ts_if_8_SUITE,tc1,{failed,{error,failed_on_purpose}}}},
-     {?eh,test_stats,{4,8,{4,8}}},
+     {?eh,test_stats,{4,6,{6,8}}},
 
      {?eh,tc_user_skip,{skipped_by_spec_1_SUITE,all,"should be skipped"}},
-     {?eh,test_stats,{4,8,{5,8}}},
+     {?eh,test_stats,{4,6,{7,8}}},
 
      {?eh,tc_start,{skipped_by_spec_2_SUITE,init_per_suite}},
      {?eh,tc_done,{skipped_by_spec_2_SUITE,init_per_suite,ok}},
      {?eh,tc_user_skip,{skipped_by_spec_2_SUITE,tc1,"should be skipped"}},
-     {?eh,test_stats,{4,8,{6,8}}},
+     {?eh,test_stats,{4,6,{8,8}}},
      {?eh,tc_start,{skipped_by_spec_2_SUITE,end_per_suite}},
      {?eh,tc_done,{skipped_by_spec_2_SUITE,end_per_suite,ok}},
 
diff --git a/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl b/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
index bda7d91161..06fa6ac638 100644
--- a/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
+++ b/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/vsn.mk b/lib/common_test/vsn.mk
index 4782a32933..2f43c1bc17 100644
--- a/lib/common_test/vsn.mk
+++ b/lib/common_test/vsn.mk
@@ -1,3 +1 @@
-COMMON_TEST_VSN = 1.5.5
-
-
+COMMON_TEST_VSN = 1.6
diff --git a/lib/compiler/doc/src/compile.xml b/lib/compiler/doc/src/compile.xml
index 830c89ae84..522c1dc411 100644
--- a/lib/compiler/doc/src/compile.xml
+++ b/lib/compiler/doc/src/compile.xml
@@ -395,6 +395,14 @@ module.beam: module.erl \
 	  <code>-compile({no_auto_import,[error/1]}).</code>
 	  </item>
 
+          <tag><c>no_line_info</c></tag>
+
+          <item>
+            <p>Omit line number information in order to produce a slightly
+	      smaller output file.
+	    </p>
+          </item>
+
         </taglist>
 
         <p>If warnings are turned on (the <c>report_warnings</c> option
diff --git a/lib/compiler/doc/src/make.dep b/lib/compiler/doc/src/make.dep
deleted file mode 100644
index f5c097afad..0000000000
--- a/lib/compiler/doc/src/make.dep
+++ /dev/null
@@ -1,19 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex compile.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/compiler/doc/src/notes.xml b/lib/compiler/doc/src/notes.xml
index 740cbcf8eb..3f53a71764 100644
--- a/lib/compiler/doc/src/notes.xml
+++ b/lib/compiler/doc/src/notes.xml
@@ -31,6 +31,105 @@
   <p>This document describes the changes made to the Compiler
     application.</p>
 
+<section><title>Compiler 4.8</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+          <p>
+	    The calculation of the 'uniq' value for a fun (see
+	    <c>erlang:fun_info/1</c>) was too weak and has been
+	    strengthened. It used to be based on the only the code
+	    for the fun body, but it is now based on the MD5 of the
+	    BEAM code for the module.</p>
+          <p>
+	    Own Id: OTP-9667</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+        <item>
+	    <p>Inlining binary matching could cause an internal
+	    compiler error. (Thanks to Rene Kijewski for reporting
+	    this bug.)</p>
+          <p>
+	    Own Id: OTP-9770</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Compiler 4.7.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/compiler/src/Makefile b/lib/compiler/src/Makefile
index 1238d113e1..3415517fff 100644
--- a/lib/compiler/src/Makefile
+++ b/lib/compiler/src/Makefile
@@ -53,12 +53,14 @@ MODULES =  \
 	beam_dead \
 	beam_dict \
 	beam_disasm \
+	beam_except \
 	beam_flatten \
 	beam_jump \
 	beam_listing \
 	beam_opcodes \
 	beam_peep \
 	beam_receive \
+	beam_split \
 	beam_trim \
 	beam_type \
 	beam_utils \
diff --git a/lib/compiler/src/beam_asm.erl b/lib/compiler/src/beam_asm.erl
index 89d64834cf..a7c8508321 100644
--- a/lib/compiler/src/beam_asm.erl
+++ b/lib/compiler/src/beam_asm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,7 +23,7 @@
 -export([module/4]).
 -export([encode/2]).
 
--import(lists, [map/2,member/2,keymember/3,duplicate/2]).
+-import(lists, [map/2,member/2,keymember/3,duplicate/2,splitwith/2]).
 -include("beam_opcodes.hrl").
 
 module(Code, Abst, SourceFile, Opts) ->
@@ -31,22 +31,20 @@ module(Code, Abst, SourceFile, Opts) ->
 
 assemble({Mod,Exp,Attr0,Asm0,NumLabels}, Abst, SourceFile, Opts) ->
     {1,Dict0} = beam_dict:atom(Mod, beam_dict:new()),
+    {0,Dict1} = beam_dict:fname(atom_to_list(Mod) ++ ".erl", Dict0),
     NumFuncs = length(Asm0),
     {Asm,Attr} = on_load(Asm0, Attr0),
-    {Code,Dict1} = assemble_1(Asm, Exp, Dict0, []),
-    build_file(Code, Attr, Dict1, NumLabels, NumFuncs, Abst, SourceFile, Opts).
+    {Code,Dict2} = assemble_1(Asm, Exp, Dict1, []),
+    build_file(Code, Attr, Dict2, NumLabels, NumFuncs, Abst, SourceFile, Opts).
 
 on_load(Fs0, Attr0) ->
     case proplists:get_value(on_load, Attr0) of
 	undefined ->
 	    {Fs0,Attr0};
 	[{Name,0}] ->
-	    Fs = map(fun({function,N,0,Entry,Asm0}) when N =:= Name ->
-			     [{label,_}=L,
-			      {func_info,_,_,_}=Fi,
-			      {label,_}=E|Asm1] = Asm0,
-			     Asm = [L,Fi,E,on_load|Asm1],
-			     {function,N,0,Entry,Asm};
+	    Fs = map(fun({function,N,0,Entry,Is0}) when N =:= Name ->
+			     Is = insert_on_load_instruction(Is0, Entry),
+			     {function,N,0,Entry,Is};
 			(F) ->
 			     F
 		     end, Fs0),
@@ -54,6 +52,13 @@ on_load(Fs0, Attr0) ->
 	    {Fs,Attr}
     end.
 
+insert_on_load_instruction(Is0, Entry) ->
+    {Bef,[{label,Entry}=El|Is]} =
+	splitwith(fun({label,L}) when L =:= Entry -> false;
+		     (_) -> true
+		  end, Is0),
+    Bef ++ [El,on_load|Is].
+
 assemble_1([{function,Name,Arity,Entry,Asm}|T], Exp, Dict0, Acc) ->
     Dict1 = case member({Name,Arity}, Exp) of
 		true ->
@@ -132,14 +137,19 @@ build_file(Code, Attr, Dict, NumLabels, NumFuncs, Abst, SourceFile, Opts) ->
 			   LitTab = iolist_to_binary(zlib:compress(LitTab2)),
 			   chunk(<<"LitT">>, <<(byte_size(LitTab2)):32>>, LitTab)
 		   end,
+
+    %% Create the line chunk.
     
+    LineChunk = chunk(<<"Line">>, build_line_table(Dict)),
 
     %% Create the attributes and compile info chunks.
 
     Essentials0 = [AtomChunk,CodeChunk,StringChunk,ImportChunk,
 		   ExpChunk,LambdaChunk,LiteralChunk],
-    Essentials = [iolist_to_binary(C) || C <- Essentials0],
-    {Attributes,Compile} = build_attributes(Opts, SourceFile, Attr, Essentials),
+    Essentials1 = [iolist_to_binary(C) || C <- Essentials0],
+    MD5 = module_md5(Essentials1),
+    Essentials = finalize_fun_table(Essentials1, MD5),
+    {Attributes,Compile} = build_attributes(Opts, SourceFile, Attr, MD5),
     AttrChunk = chunk(<<"Attr">>, Attributes),
     CompileChunk = chunk(<<"CInf">>, Compile),
 
@@ -150,11 +160,32 @@ build_file(Code, Attr, Dict, NumLabels, NumFuncs, Abst, SourceFile, Opts) ->
     %% Create IFF chunk.
 
     Chunks = case member(slim, Opts) of
-		 true -> [Essentials,AttrChunk,AbstChunk];
-		 false -> [Essentials,LocChunk,AttrChunk,CompileChunk,AbstChunk]
+		 true ->
+		     [Essentials,AttrChunk,AbstChunk];
+		 false ->
+		     [Essentials,LocChunk,AttrChunk,
+		      CompileChunk,AbstChunk,LineChunk]
 	     end,
     build_form(<<"BEAM">>, Chunks).
 
+%% finalize_fun_table(Essentials, MD5) -> FinalizedEssentials
+%%  Update the 'old_uniq' field in the entry for each fun in the
+%%  'FunT' chunk. We'll use part of the MD5 for the module as a
+%%  unique value.
+
+finalize_fun_table(Essentials, MD5) ->
+    [finalize_fun_table_1(E, MD5) || E <- Essentials].
+
+finalize_fun_table_1(<<"FunT",Keep:8/binary,Table0/binary>>, MD5) ->
+    <<Uniq:27,_:101/bits>> = MD5,
+    Table = finalize_fun_table_2(Table0, Uniq, <<>>),
+    <<"FunT",Keep/binary,Table/binary>>;
+finalize_fun_table_1(Chunk, _) -> Chunk.
+
+finalize_fun_table_2(<<Keep:20/binary,0:32,T/binary>>, Uniq, Acc) ->
+    finalize_fun_table_2(T, Uniq, <<Acc/binary,Keep/binary,Uniq:32>>);
+finalize_fun_table_2(<<>>, _, Acc) -> Acc.
+
 %% Build an IFF form.
 
 build_form(Id, Chunks0) when byte_size(Id) =:= 4, is_list(Chunks0) ->
@@ -191,7 +222,7 @@ flatten_exports(Exps) ->
 flatten_imports(Imps) ->
     list_to_binary(map(fun({M,F,A}) -> <<M:32,F:32,A:32>> end, Imps)).
 
-build_attributes(Opts, SourceFile, Attr, Essentials) ->
+build_attributes(Opts, SourceFile, Attr, MD5) ->
     Misc = case member(slim, Opts) of
 	       false ->
 		   {{Y,Mo,D},{H,Mi,S}} = erlang:universaltime(),
@@ -199,7 +230,32 @@ build_attributes(Opts, SourceFile, Attr, Essentials) ->
 	       true -> []
 	   end,
     Compile = [{options,Opts},{version,?COMPILER_VSN}|Misc],
-    {term_to_binary(calc_vsn(Attr, Essentials)),term_to_binary(Compile)}.
+    {term_to_binary(set_vsn_attribute(Attr, MD5)),term_to_binary(Compile)}.
+
+build_line_table(Dict) ->
+    {NumLineInstrs,NumFnames0,Fnames0,NumLines,Lines0} =
+	beam_dict:line_table(Dict),
+    NumFnames = NumFnames0 - 1,
+    [_|Fnames1] = Fnames0,
+    Fnames2 = [unicode:characters_to_binary(F) || F <- Fnames1],
+    Fnames = << <<(byte_size(F)):16,F/binary>> || F <- Fnames2 >>,
+    Lines1 = encode_line_items(Lines0, 0),
+    Lines = iolist_to_binary(Lines1),
+    Ver = 0,
+    Bits = 0,
+    <<Ver:32,Bits:32,NumLineInstrs:32,NumLines:32,NumFnames:32,
+     Lines/binary,Fnames/binary>>.
+
+%% encode_line_items([{FnameIndex,Line}], PrevFnameIndex)
+%%  Encode the line items compactly. Tag the FnameIndex with
+%%  an 'a' tag (atom) and only include it when it has changed.
+%%  Tag the line numbers with an 'i' (integer) tag.
+
+encode_line_items([{F,L}|T], F) ->
+    [encode(?tag_i, L)|encode_line_items(T, F)];
+encode_line_items([{F,L}|T], _) ->
+    [encode(?tag_a, F),encode(?tag_i, L)|encode_line_items(T, F)];
+encode_line_items([], _) -> [].
 
 %%
 %% If the attributes contains no 'vsn' attribute, we'll insert one
@@ -207,32 +263,30 @@ build_attributes(Opts, SourceFile, Attr, Essentials) ->
 %% We'll not change an existing 'vsn' attribute.
 %%
 
-calc_vsn(Attr, Essentials0) ->
+set_vsn_attribute(Attr, MD5) ->
     case keymember(vsn, 1, Attr) of
 	true -> Attr;
 	false ->
-	    Essentials = filter_essentials(Essentials0),
-	    <<Number:128>> = erlang:md5(Essentials),
+	    <<Number:128>> = MD5,
 	    [{vsn,[Number]}|Attr]
     end.
 
+module_md5(Essentials0) ->
+    Essentials = filter_essentials(Essentials0),
+    erlang:md5(Essentials).
+
 %% filter_essentials([Chunk]) -> [Chunk']
 %%  Filter essentials so that we obtain the same MD5 as code:module_md5/1 and
-%%  beam_lib:md5/1 would calculate for this module.
+%%  beam_lib:md5/1 would calculate for this module.  Note that at this
+%%  point, the 'old_uniq' entry for each fun in the 'FunT' chunk is zeroed,
+%%  so there is no need to go through the 'FunT' chunk.
 
-filter_essentials([<<"FunT",_Sz:4/binary,Entries:4/binary,Table0/binary>>|T]) ->
-    Table = filter_funtab(Table0, <<0:32>>),
-    [Entries,Table|filter_essentials(T)];
 filter_essentials([<<_Tag:4/binary,Sz:32,Data:Sz/binary,_Padding/binary>>|T]) ->
     [Data|filter_essentials(T)];
 filter_essentials([<<>>|T]) ->
     filter_essentials(T);
 filter_essentials([]) -> [].
 
-filter_funtab(<<Important:20/binary,_OldUniq:4/binary,T/binary>>, Zero) ->
-    [Important,Zero|filter_funtab(T, Zero)];
-filter_funtab(<<>>, _) -> [].
-
 bif_type(fnegate, 1) -> {op,fnegate};
 bif_type(fadd, 2)   -> {op,fadd};
 bif_type(fsub, 2)   -> {op,fsub};
@@ -243,6 +297,9 @@ bif_type(_, 2)      -> bif2.
 
 make_op({'%',_}, Dict) ->
     {[],Dict};
+make_op({line,Location}, Dict0) ->
+    {Index,Dict} = beam_dict:line(Location, Dict0),
+    encode_op(line, [Index], Dict);
 make_op({bif, Bif, {f,_}, [], Dest}, Dict) ->
     %% BIFs without arguments cannot fail.
     encode_op(bif0, [{extfunc, erlang, Bif, 0}, Dest], Dict);
@@ -271,8 +328,8 @@ make_op({test,Cond,Fail,Ops}, Dict) when is_list(Ops) ->
     encode_op(Cond, [Fail|Ops], Dict);
 make_op({test,Cond,Fail,Live,[Op|Ops],Dst}, Dict) when is_list(Ops) ->
     encode_op(Cond, [Fail,Op,Live|Ops++[Dst]], Dict);
-make_op({make_fun2,{f,Lbl},Index,OldUniq,NumFree}, Dict0) ->
-    {Fun,Dict} = beam_dict:lambda(Lbl, Index, OldUniq, NumFree, Dict0),
+make_op({make_fun2,{f,Lbl},_Index,_OldUniq,NumFree}, Dict0) ->
+    {Fun,Dict} = beam_dict:lambda(Lbl, NumFree, Dict0),
     make_op({make_fun2,Fun}, Dict);
 make_op({kill,Y}, Dict) ->
     make_op({init,Y}, Dict);
diff --git a/lib/compiler/src/beam_block.erl b/lib/compiler/src/beam_block.erl
index c45874597a..cd568097fa 100644
--- a/lib/compiler/src/beam_block.erl
+++ b/lib/compiler/src/beam_block.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -36,13 +36,14 @@ function({function,Name,Arity,CLabel,Is0}, Lc0) ->
 
 	%% Collect basic blocks and optimize them.
 	Is2 = blockify(Is1),
-	Is3 = move_allocates(Is2),
-	Is4 = beam_utils:live_opt(Is3),
-	Is5 = opt_blocks(Is4),
-	Is6 = beam_utils:delete_live_annos(Is5),
+	Is3 = embed_lines(Is2),
+	Is4 = move_allocates(Is3),
+	Is5 = beam_utils:live_opt(Is4),
+	Is6 = opt_blocks(Is5),
+	Is7 = beam_utils:delete_live_annos(Is6),
 
 	%% Optimize bit syntax.
-	{Is,Lc} = bsm_opt(Is6, Lc0),
+	{Is,Lc} = bsm_opt(Is7, Lc0),
 
 	%% Done.
 	{{function,Name,Arity,CLabel,Is},Lc}
@@ -148,6 +149,24 @@ collect(remove_message)      -> {set,[],[],remove_message};
 collect({'catch',R,L})       -> {set,[R],[],{'catch',L}};
 collect(_)                   -> error.
 
+%% embed_lines([Instruction]) -> [Instruction]
+%%  Combine blocks that would be split by line/1 instructions.
+%%  Also move a line instruction before a block into the block,
+%%  but leave the line/1 instruction after a block outside.
+
+embed_lines(Is) ->
+    embed_lines(reverse(Is), []).
+
+embed_lines([{block,B2},{line,_}=Line,{block,B1}|T], Acc) ->
+    B = {block,B1++[{set,[],[],Line}]++B2},
+    embed_lines([B|T], Acc);
+embed_lines([{block,B1},{line,_}=Line|T], Acc) ->
+    B = {block,[{set,[],[],Line}|B1]},
+    embed_lines([B|T], Acc);
+embed_lines([I|Is], Acc) ->
+    embed_lines(Is, [I|Acc]);
+embed_lines([], Acc) -> Acc.
+
 opt_blocks([{block,Bl0}|Is]) ->
     %% The live annotation at the beginning is not useful.
     [{'%live',_}|Bl] = Bl0,
@@ -225,10 +244,12 @@ opt([{set,[Dst],As,{bif,Bif,Fail}}=I1,
  	RevBif -> [{set,[Dst],As,{bif,RevBif,Fail}}|opt(Is)]
     end;
 opt([{set,[X],[X],move}|Is]) -> opt(Is);
-opt([{set,[D1],[{integer,Idx1},Reg],{bif,element,{f,0}}}=I1,
+opt([{set,_,_,{line,_}}=Line1,
+     {set,[D1],[{integer,Idx1},Reg],{bif,element,{f,0}}}=I1,
+     {set,_,_,{line,_}}=Line2,
      {set,[D2],[{integer,Idx2},Reg],{bif,element,{f,0}}}=I2|Is])
   when Idx1 < Idx2, D1 =/= D2, D1 =/= Reg, D2 =/= Reg ->
-    opt([I2,I1|Is]);
+    opt([Line2,I2,Line1,I1|Is]);
 opt([{set,Ds0,Ss,Op}|Is0]) ->	
     {Ds,Is} = opt_moves(Ds0, Is0),
     [{set,Ds,Ss,Op}|opt(Is)];
diff --git a/lib/compiler/src/beam_bsm.erl b/lib/compiler/src/beam_bsm.erl
index 415864b8e9..1217f7f777 100644
--- a/lib/compiler/src/beam_bsm.erl
+++ b/lib/compiler/src/beam_bsm.erl
@@ -20,7 +20,7 @@
 -module(beam_bsm).
 -export([module/2,format_error/1]).
 
--import(lists, [member/2,foldl/3,reverse/1,sort/1,all/2]).
+-import(lists, [member/2,foldl/3,reverse/1,sort/1,all/2,dropwhile/2]).
 
 %%%
 %%% We optimize bit syntax matching where the tail end of a binary is
@@ -376,6 +376,8 @@ btb_reaches_match_2([{func_info,_,_,Arity}=I|_], Regs0, D) ->
 	[] -> D;
 	_ -> {binary_used_in,I}
     end;
+btb_reaches_match_2([{line,_}|Is], Regs, D) ->
+    btb_reaches_match_1(Is, Regs, D);
 btb_reaches_match_2([I|_], Regs, _) ->
     btb_error({btb_context_regs(Regs),I,not_handled}).
 
@@ -580,7 +582,10 @@ btb_index(Fs) ->
     btb_index_1(Fs, []).
 
 btb_index_1([{function,_,_,Entry,Is0}|Fs], Acc0) ->
-    [{label,_},{func_info,_,_,_},{label,Entry}|Is] = Is0,
+    [{label,Entry}|Is] =
+	dropwhile(fun({label,L}) when L =:= Entry -> false;
+		     (_) -> true
+		  end, Is0),
     Acc = btb_index_2(Is, Entry, false, Acc0),
     btb_index_1(Fs, Acc);
 btb_index_1([], Acc) -> gb_trees:from_orddict(sort(Acc)).
diff --git a/lib/compiler/src/beam_clean.erl b/lib/compiler/src/beam_clean.erl
index 64c93e11f7..a7994ab3b3 100644
--- a/lib/compiler/src/beam_clean.erl
+++ b/lib/compiler/src/beam_clean.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2000-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,9 +23,9 @@
 -export([module/2]).
 -export([bs_clean_saves/1]).
 -export([clean_labels/1]).
--import(lists, [map/2,foldl/3,reverse/1]).
+-import(lists, [map/2,foldl/3,reverse/1,filter/2]).
 
-module({Mod,Exp,Attr,Fs0,_}, _Opt) ->
+module({Mod,Exp,Attr,Fs0,_}, Opts) ->
     Order = [Lbl || {function,_,_,Lbl,_} <- Fs0],
     All = foldl(fun({function,_,_,Lbl,_}=Func,D) -> dict:store(Lbl, Func, D) end,
 		dict:new(), Fs0),
@@ -33,7 +33,8 @@ module({Mod,Exp,Attr,Fs0,_}, _Opt) ->
     Used = find_all_used(WorkList, All, sets:from_list(WorkList)),
     Fs1 = remove_unused(Order, Used, All),
     {Fs2,Lc} = clean_labels(Fs1),
-    Fs = bs_fix(Fs2),
+    Fs3 = bs_fix(Fs2),
+    Fs = maybe_remove_lines(Fs3, Opts),
     {ok,{Mod,Exp,Attr,Fs,Lc}}.
 
 %% Remove all bs_save2/2 instructions not referenced by a bs_restore2/2.
@@ -375,3 +376,20 @@ bs_clean_saves_1([{bs_save2,_,{_,_}=SavePoint}=I|Is], Needed, Acc) ->
 bs_clean_saves_1([I|Is], Needed, Acc) ->
     bs_clean_saves_1(Is, Needed, [I|Acc]);
 bs_clean_saves_1([], _, Acc) -> reverse(Acc).
+
+%%%
+%%% Remove line instructions if requested.
+%%%
+
+maybe_remove_lines(Fs, Opts) ->
+    case proplists:get_bool(no_line_info, Opts) of
+	false -> Fs;
+	true -> remove_lines(Fs)
+    end.
+
+remove_lines([{function,N,A,Lbl,Is0}|T]) ->
+    Is = filter(fun({line,_}) -> false;
+		   (_)  -> true
+		end, Is0),
+    [{function,N,A,Lbl,Is}|remove_lines(T)];
+remove_lines([]) -> [].
diff --git a/lib/compiler/src/beam_dead.erl b/lib/compiler/src/beam_dead.erl
index 1365f3d20a..5f12a98f09 100644
--- a/lib/compiler/src/beam_dead.erl
+++ b/lib/compiler/src/beam_dead.erl
@@ -131,10 +131,9 @@
 -import(lists, [mapfoldl/3,reverse/1]).
 
 module({Mod,Exp,Attr,Fs0,_}, _Opts) ->
-    Fs1 = [split_blocks(F) || F <- Fs0],
-    {Fs2,Lc1} = beam_clean:clean_labels(Fs1),
-    {Fs,Lc} = mapfoldl(fun function/2, Lc1, Fs2),
-    %%{Fs,Lc} = {Fs2,Lc1},
+    {Fs1,Lc1} = beam_clean:clean_labels(Fs0),
+    {Fs,Lc} = mapfoldl(fun function/2, Lc1, Fs1),
+    %%{Fs,Lc} = {Fs1,Lc1},
     {ok,{Mod,Exp,Attr,Fs,Lc}}.
 
 function({function,Name,Arity,CLabel,Is0}, Lc0) ->
@@ -144,9 +143,9 @@ function({function,Name,Arity,CLabel,Is0}, Lc0) ->
 	%% Initialize label information with the code
 	%% for the func_info label. Without it, a register
 	%% may seem to be live when it is not.
-	[{label,L},{func_info,_,_,_}=FI|_] = Is1,
+	[{label,L}|FiIs] = Is1,
 	D0 = beam_utils:empty_label_index(),
-	D = beam_utils:index_label(L, [FI], D0),
+	D = beam_utils:index_label(L, FiIs, D0),
 
 	%% Optimize away dead code.
 	{Is2,Lc} = forward(Is1, Lc0),
@@ -160,62 +159,6 @@ function({function,Name,Arity,CLabel,Is0}, Lc0) ->
 	    erlang:raise(Class, Error, Stack)
     end.
 
-%% We must split the basic block when we encounter instructions with labels,
-%% such as catches and BIFs. All labels must be visible outside the blocks.
-
-split_blocks({function,Name,Arity,CLabel,Is0}) ->
-    Is = split_blocks(Is0, []),
-    {function,Name,Arity,CLabel,Is}.
-
-split_blocks([{block,Bl}|Is], Acc0) ->
-    Acc = split_block(Bl, [], Acc0),
-    split_blocks(Is, Acc);
-split_blocks([I|Is], Acc) ->
-    split_blocks(Is, [I|Acc]);
-split_blocks([], Acc) -> reverse(Acc).
-
-split_block([{set,[R],[_,_,_]=As,{bif,is_record,{f,Lbl}}}|Is], Bl, Acc) ->
-    %% is_record/3 must be translated by beam_clean; therefore,
-    %% it must be outside of any block.
-    split_block(Is, [], [{bif,is_record,{f,Lbl},As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],As,{bif,N,{f,Lbl}=Fail}}|Is], Bl, Acc) when Lbl =/= 0 ->
-    split_block(Is, [], [{bif,N,Fail,As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],As,{alloc,Live,{gc_bif,N,{f,Lbl}=Fail}}}|Is], Bl, Acc)
-  when Lbl =/= 0 ->
-    split_block(Is, [], [{gc_bif,N,Fail,Live,As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],[],{'catch',L}}|Is], Bl, Acc) ->
-    split_block(Is, [], [{'catch',R,L}|make_block(Bl, Acc)]);
-split_block([I|Is], Bl, Acc) ->
-    split_block(Is, [I|Bl], Acc);
-split_block([], Bl, Acc) -> make_block(Bl, Acc).
-
-make_block([], Acc) -> Acc;
-make_block([{set,[D],Ss,{bif,Op,Fail}}|Bl]=Bl0, Acc) ->
-    %% If the last instruction in the block is a comparison or boolean operator
-    %% (such as '=:='), move it out of the block to facilitate further
-    %% optimizations.
-    Arity = length(Ss),
-    case erl_internal:comp_op(Op, Arity) orelse
-	erl_internal:new_type_test(Op, Arity) orelse
-	erl_internal:bool_op(Op, Arity) of
-	false ->
-	    [{block,reverse(Bl0)}|Acc];
-	true ->
-	    I = {bif,Op,Fail,Ss,D},
-	    case Bl =:= [] of
-		true -> [I|Acc];
-		false -> [I,{block,reverse(Bl)}|Acc]
-	    end
-    end;
-make_block([{set,[Dst],[Src],move}|Bl], Acc) ->
-    %% Make optimization of {move,Src,Dst}, {jump,...} possible.
-    I = {move,Src,Dst},
-    case Bl =:= [] of
-	true -> [I|Acc];
-	false -> [I,{block,reverse(Bl)}|Acc]
-    end;
-make_block(Bl, Acc) -> [{block,reverse(Bl)}|Acc].
-
 %% 'move' instructions outside of blocks may thwart the jump optimizer.
 %% Move them back into the block.
 
@@ -406,7 +349,7 @@ backward([{test,Op,{f,To0},Live,Ops0,Dst}|Is], D, Acc) ->
 	 end,
     I = {test,Op,{f,To},Live,Ops0,Dst},
     backward(Is, D, [I|Acc]);
-backward([{kill,_}=I|Is], D, [Exit|_]=Acc) ->
+backward([{kill,_}=I|Is], D, [{line,_},Exit|_]=Acc) ->
     case beam_jump:is_exit_instruction(Exit) of
 	false -> backward(Is, D, [I|Acc]);
 	true -> backward(Is, D, Acc)
@@ -471,7 +414,7 @@ shortcut_fail_label(To0, Reg, Val, D) ->
 
 shortcut_boolean_label(To0, Reg, Bool0, D) when is_boolean(Bool0) ->
     case beam_utils:code_at(To0, D) of
-	[{bif,'not',_,[Reg],Reg},{jump,{f,To}}|_] ->
+	[{line,_},{bif,'not',_,[Reg],Reg},{jump,{f,To}}|_] ->
 	    Bool = not Bool0,
 	    {shortcut_select_label(To, Reg, Bool, D),Bool};
 	_ ->
diff --git a/lib/compiler/src/beam_dict.erl b/lib/compiler/src/beam_dict.erl
index c50ed28aa9..531968b3c8 100644
--- a/lib/compiler/src/beam_dict.erl
+++ b/lib/compiler/src/beam_dict.erl
@@ -22,9 +22,10 @@
 
 -export([new/0,opcode/2,highest_opcode/1,
 	 atom/2,local/4,export/4,import/4,
-	 string/2,lambda/5,literal/2,
+	 string/2,lambda/3,literal/2,line/2,fname/2,
 	 atom_table/1,local_table/1,export_table/1,import_table/1,
-	 string_table/1,lambda_table/1,literal_table/1]).
+	 string_table/1,lambda_table/1,literal_table/1,
+	 line_table/1]).
 
 -type label() :: non_neg_integer().
 
@@ -36,6 +37,9 @@
 	 strings = <<>>		    :: binary(),	%String pool
 	 lambdas = [],				%[{...}]
 	 literals = dict:new()	    :: dict(),	%Format: {Literal,Number}
+	 fnames = gb_trees:empty()  :: gb_tree(),       %{Name,Index}
+	 lines = gb_trees:empty()   :: gb_tree(),	%{{Fname,Line},Index}
+	 num_lines = 0		    :: non_neg_integer(), %Number of line instructions
 	 next_import = 0	    :: non_neg_integer(),
 	 string_offset = 0	    :: non_neg_integer(),
 	 next_literal = 0	    :: non_neg_integer(),
@@ -129,13 +133,18 @@ string(Str, Dict) when is_list(Str) ->
 	    {NextOffset-Offset,Dict}
     end.
 
-%% Returns the index for a funentry (adding it to the table if necessary).
-%%    lambda(Lbl, Index, Uniq, NumFree, Dict) -> {Index,Dict'}
--spec lambda(label(), non_neg_integer(), integer(), non_neg_integer(), bdict()) ->
+%% Returns the index for a fun entry.
+%%    lambda(Lbl, NumFree, Dict) -> {Index,Dict'}
+-spec lambda(label(), non_neg_integer(), bdict()) ->
         {non_neg_integer(), bdict()}.
 
-lambda(Lbl, Index, OldUniq, NumFree, #asm{lambdas=Lambdas0}=Dict) ->
+lambda(Lbl, NumFree, #asm{lambdas=Lambdas0}=Dict) ->
     OldIndex = length(Lambdas0),
+    %% Set Index the same as OldIndex.
+    Index = OldIndex,
+    %% Initialize OldUniq to 0. It will be set to an unique value
+    %% based on the MD5 checksum of the BEAM code for the module.
+    OldUniq = 0,
     Lambdas = [{Lbl,{OldIndex,Lbl,Index,NumFree,OldUniq}}|Lambdas0],
     {OldIndex,Dict#asm{lambdas=Lambdas}}.
 
@@ -152,6 +161,36 @@ literal(Lit, #asm{literals=Tab0,next_literal=NextIndex}=Dict) ->
 	    {NextIndex,Dict#asm{literals=Tab,next_literal=NextIndex+1}}
     end.
 
+%% Returns the index for a line instruction (adding information
+%% to the location information table).
+-spec line(list(), bdict()) -> {non_neg_integer(), bdict()}.
+
+line([], #asm{num_lines=N}=Dict) ->
+    %% No location available. Return the special pre-defined
+    %% index 0.
+    {0,Dict#asm{num_lines=N+1}};
+line([{location,Name,Line}], #asm{lines=Lines0,num_lines=N}=Dict0) ->
+    {FnameIndex,Dict1} = fname(Name, Dict0),
+    case gb_trees:lookup({FnameIndex,Line}, Lines0) of
+	{value,Index} ->
+	    {Index,Dict1#asm{num_lines=N+1}};
+	none ->
+	    Index = gb_trees:size(Lines0) + 1,
+	    Lines = gb_trees:insert({FnameIndex,Line}, Index, Lines0),
+	    Dict = Dict1#asm{lines=Lines,num_lines=N+1},
+	    {Index,Dict}
+    end.
+
+fname(Name, #asm{fnames=Fnames0}=Dict) ->
+    case gb_trees:lookup(Name, Fnames0) of
+	{value,Index} ->
+	    {Index,Dict};
+	none ->
+	    Index = gb_trees:size(Fnames0),
+	    Fnames = gb_trees:insert(Name, Index, Fnames0),
+	    {Index,Dict#asm{fnames=Fnames}}
+    end.
+
 %% Returns the atom table.
 %%    atom_table(Dict) -> {LastIndex,[Length,AtomString...]}
 -spec atom_table(bdict()) -> {non_neg_integer(), [[non_neg_integer(),...]]}.
@@ -219,6 +258,21 @@ literal_table(#asm{literals=Tab,next_literal=NumLiterals}) ->
 my_term_to_binary(Term) ->
     term_to_binary(Term, [{minor_version,1}]).
 
+%% Return the line table.
+-spec line_table(bdict()) ->
+    {non_neg_integer(),				%Number of line instructions.
+     non_neg_integer(),[string()],
+     non_neg_integer(),[{non_neg_integer(),non_neg_integer()}]}.
+
+line_table(#asm{fnames=Fnames0,lines=Lines0,num_lines=NumLineInstrs}) ->
+    NumFnames = gb_trees:size(Fnames0),
+    Fnames1 = lists:keysort(2, gb_trees:to_list(Fnames0)),
+    Fnames = [Name || {Name,_} <- Fnames1],
+    NumLines = gb_trees:size(Lines0),
+    Lines1 = lists:keysort(2, gb_trees:to_list(Lines0)),
+    Lines = [L || {L,_} <- Lines1],
+    {NumLineInstrs,NumFnames,Fnames,NumLines,Lines}.
+
 %% Search for binary string Str in the binary string pool Pool.
 %%    old_string(Str, Pool) -> none | Index
 -spec old_string(binary(), binary()) -> 'none' | pos_integer().
diff --git a/lib/compiler/src/beam_disasm.erl b/lib/compiler/src/beam_disasm.erl
index 5c4d8e12b5..7103d2390f 100644
--- a/lib/compiler/src/beam_disasm.erl
+++ b/lib/compiler/src/beam_disasm.erl
@@ -296,6 +296,8 @@ get_function_chunks(Code) ->
 labels_r([], R) -> {R, []};
 labels_r([{label,_}=I|Is], R) ->
     labels_r(Is, [I|R]);
+labels_r([{line,_}=I|Is], R) ->
+    labels_r(Is, [I|R]);
 labels_r(Is, R) -> {R, Is}.
 
 get_funs({[],[]}) -> [];
@@ -335,20 +337,17 @@ local_labels(Funs) ->
 				   local_labels_1(function__code(F), R)
 			   end, [], Funs)).
 
-%% The first clause below attempts to provide some (limited form of)
-%% backwards compatibility; it is not needed for .beam files generated
-%% by the R8 compiler.  The clause should one fine day be taken out.
-local_labels_1([{label,_}|[{label,_}|_]=Code], R) ->
-    local_labels_1(Code, R);
-local_labels_1([{label,_},{func_info,{atom,M},{atom,F},A}|Code], R)
-  when is_atom(M), is_atom(F) ->
-    local_labels_2(Code, R, M, F, A);
-local_labels_1(Code, _) ->
-    ?exit({'local_labels: no label in code',Code}).
+local_labels_1(Code0, R) ->
+    Code1 = lists:dropwhile(fun({label,_}) -> true;
+			       ({line,_}) -> true;
+			       ({func_info,_,_,_}) -> false
+			    end, Code0),
+    [{func_info,{atom,M},{atom,F},A}|Code] = Code1,
+    local_labels_2(Code, R, {M,F,A}).
 
-local_labels_2([{label,[{u,L}]}|Code], R, M, F, A) ->
-    local_labels_2(Code, [{L,{M,F,A}}|R], M, F, A);
-local_labels_2(_, R, _, _, _) -> R.
+local_labels_2([{label,[{u,L}]}|Code], R, MFA) ->
+    local_labels_2(Code, [{L,MFA}|R], MFA);
+local_labels_2(_, R, _) -> R.
 
 %%-----------------------------------------------------------------------
 %% Disassembles a single BEAM instruction; most instructions are handled
@@ -1105,6 +1104,12 @@ resolve_inst({recv_set,[Lbl]},_,_,_) ->
     {recv_set,Lbl};
 
 %%
+%% R15A.
+%%
+resolve_inst({line,[Index]},_,_,_) ->
+    {line,resolve_arg(Index)};
+
+%%
 %% Catches instructions that are not yet handled.
 %%
 resolve_inst(X,_,_,_) -> ?exit({resolve_inst,X}).
diff --git a/lib/compiler/src/beam_except.erl b/lib/compiler/src/beam_except.erl
new file mode 100644
index 0000000000..fb1a43cd9e
--- /dev/null
+++ b/lib/compiler/src/beam_except.erl
@@ -0,0 +1,149 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(beam_except).
+-export([module/2]).
+
+%%% Rewrite certain calls to erlang:error/{1,2} to specialized
+%%% instructions:
+%%%
+%%% erlang:error({badmatch,Value})       => badmatch Value
+%%% erlang:error({case_clause,Value})    => case_end Value
+%%% erlang:error({try_clause,Value})     => try_case_end Value
+%%% erlang:error(if_clause)              => if_end
+%%% erlang:error(function_clause, Args)  => jump FuncInfoLabel
+%%%
+
+-import(lists, [reverse/1]).
+
+module({Mod,Exp,Attr,Fs0,Lc}, _Opt) ->
+    Fs = [function(F) || F <- Fs0],
+    {ok,{Mod,Exp,Attr,Fs,Lc}}.
+
+function({function,Name,Arity,CLabel,Is0}) ->
+    try
+	Is = function_1(Is0),
+	{function,Name,Arity,CLabel,Is}
+    catch
+	Class:Error ->
+	    Stack = erlang:get_stacktrace(),
+	    io:fwrite("Function: ~w/~w\n", [Name,Arity]),
+	    erlang:raise(Class, Error, Stack)
+    end.
+
+-record(st,
+	{lbl,					%func_info label
+	 loc					%location for func_info
+	 }).
+
+function_1(Is0) ->
+    case Is0 of
+	[{label,Lbl},{line,Loc}|_] ->
+	    St = #st{lbl=Lbl,loc=Loc},
+	    translate(Is0, St, []);
+	[{label,_}|_] ->
+	    %% No line numbers. The source must be a .S file.
+	    %% There is no need to do anything.
+	    Is0
+    end.
+
+translate([{call_ext,Ar,{extfunc,erlang,error,Ar}}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([{call_ext_only,Ar,{extfunc,erlang,error,Ar}}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([{call_ext_last,Ar,{extfunc,erlang,error,Ar},_}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([I|Is], St, Acc) ->
+    translate(Is, St, [I|Acc]);
+translate([], _, Acc) ->
+    reverse(Acc).
+
+translate_1(Ar, I, Is, St, [{line,_}=Line|Acc1]=Acc0) ->
+    case dig_out(Ar, Acc1) of
+	no ->
+	    translate(Is, St, [I|Acc0]);
+	{yes,function_clause,Acc2} ->
+	    case {Line,St} of
+		{{line,Loc},#st{lbl=Fi,loc=Loc}} ->
+		    Instr = {jump,{f,Fi}},
+		    translate(Is, St, [Instr|Acc2]);
+		{_,_} ->
+		    %% This must be "error(function_clause, Args)" in
+		    %% the Erlang source code. Don't translate.
+		    translate(Is, St, [I|Acc0])
+	    end;
+	{yes,Instr,Acc2} ->
+	    translate(Is, St, [Instr,Line|Acc2])
+    end.
+
+dig_out(Ar, [{kill,_}|Is]) ->
+    dig_out(Ar, Is);
+dig_out(1, [{block,Bl0}|Is]) ->
+    case dig_out_block(reverse(Bl0)) of
+	no -> no;
+	{yes,What,[]} ->
+	    {yes,What,Is};
+	{yes,What,Bl} ->
+	    {yes,What,[{block,Bl}|Is]}
+    end;
+dig_out(2, [{block,Bl}|Is]) ->
+    case dig_out_block_fc(Bl) of
+	no -> no;
+	{yes,What} -> {yes,What,Is}
+    end;
+dig_out(_, _) -> no.
+
+dig_out_block([{set,[{x,0}],[{atom,if_clause}],move}]) ->
+    {yes,if_end,[]};
+dig_out_block([{set,[{x,0}],[{literal,{Exc,Value}}],move}|Is]) ->
+    translate_exception(Exc, {literal,Value}, Is, 0);
+dig_out_block([{set,[{x,0}],[Tuple],move},
+	       {set,[],[Value],put},
+	       {set,[],[{atom,Exc}],put},
+	       {set,[Tuple],[],{put_tuple,2}}|Is]) ->
+    translate_exception(Exc, Value, Is, 3);
+dig_out_block([{set,[],[Value],put},
+	       {set,[],[{atom,Exc}],put},
+	       {set,[{x,0}],[],{put_tuple,2}}|Is]) ->
+    translate_exception(Exc, Value, Is, 3);
+dig_out_block(_) -> no.
+
+translate_exception(badmatch, Val, Is, Words) ->
+    {yes,{badmatch,Val},fix_block(Is, Words)};
+translate_exception(case_clause, Val, Is, Words) ->
+    {yes,{case_end,Val},fix_block(Is, Words)};
+translate_exception(try_clause, Val, Is, Words) ->
+    {yes,{try_case_end,Val},fix_block(Is, Words)};
+translate_exception(_, _, _, _) -> no.
+
+fix_block(Is, 0) ->
+    reverse(Is);
+fix_block(Is0, Words) ->
+    [{set,[],[],{alloc,Live,{F1,F2,Needed,F3}}}|Is] = reverse(Is0),
+    [{set,[],[],{alloc,Live,{F1,F2,Needed-Words,F3}}}|Is].
+
+dig_out_block_fc([{set,[],[],{alloc,Live,_}}|Bl]) ->
+    dig_out_fc(Bl, Live-1, nil);
+dig_out_block_fc(_) -> no.
+
+dig_out_fc([{set,[Dst],[{x,Reg},Dst0],put_list}|Is], Reg, Dst0) ->
+    dig_out_fc(Is, Reg-1, Dst);
+dig_out_fc([{set,[{x,0}],[{atom,function_clause}],move}], -1, {x,1}) ->
+    {yes,function_clause};
+dig_out_fc(_, _, _) -> no.
diff --git a/lib/compiler/src/beam_jump.erl b/lib/compiler/src/beam_jump.erl
index 3cab55c4cb..db67d24514 100644
--- a/lib/compiler/src/beam_jump.erl
+++ b/lib/compiler/src/beam_jump.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -169,7 +169,7 @@ share_1([{label,L}=Lbl|Is], Dict0, Seq, Acc) ->
 	    share_1(Is, Dict0, [], [Lbl,{jump,{f,Label}}|Acc])
     end;
 share_1([{func_info,_,_,_}=I|Is], _, [], Acc) ->
-    Is++[I|Acc];
+    reverse(Is, [I|Acc]);
 share_1([I|Is], Dict, Seq, Acc) ->
     case is_unreachable_after(I) of
 	false ->
@@ -206,25 +206,35 @@ is_label(_) -> false.
 move(Is) ->
     move_1(Is, [], []).
 
-move_1([I|Is], End, Acc) ->
+move_1([I|Is], End0, Acc0) ->
     case is_exit_instruction(I) of
-	false -> move_1(Is, End, [I|Acc]);
-	true -> move_2(I, Is, End, Acc)
+	false ->
+	    move_1(Is, End0, [I|Acc0]);
+	true ->
+	    case extract_seq(Acc0, [I|End0]) of
+		no ->
+		    move_1(Is, End0, [I|Acc0]);
+		{yes,End,Acc} ->
+		    move_1(Is, End, Acc)
+	    end
     end;
-move_1([], End, Acc) ->
-    reverse(Acc, reverse(End)).
-
-move_2(Exit, Is, End, [{block,_},{label,_},{func_info,_,_,_}|_]=Acc) ->
-    move_1(Is, End, [Exit|Acc]);
-move_2(Exit, Is, End, [{block,_}=Blk,{label,_}=Lbl,Unreachable|More]) ->
-    move_1([Unreachable|Is], [Exit,Blk,Lbl|End], More);
-move_2(Exit, Is, End, [{bs_context_to_binary,_}=Bs,{label,_}=Lbl,
-		       Unreachable|More]) ->
-    move_1([Unreachable|Is], [Exit,Bs,Lbl|End], More);
-move_2(Exit, Is, End, [{label,_}=Lbl,Unreachable|More]) ->
-    move_1([Unreachable|Is], [Exit,Lbl|End], More);
-move_2(Exit, Is, End, Acc) ->
-    move_1(Is, End, [Exit|Acc]).
+move_1([], End, Acc) -> reverse(Acc, End).
+
+extract_seq([{line,_}=Line|Is], Acc) ->
+    extract_seq(Is, [Line|Acc]);
+extract_seq([{block,_}=Bl|Is], Acc) ->
+    extract_seq_1(Is, [Bl|Acc]);
+extract_seq([{label,_}|_]=Is, Acc) ->
+    extract_seq_1(Is, Acc);
+extract_seq(_, _) -> no.
+
+extract_seq_1([{line,_}=Line|Is], Acc) ->
+    extract_seq_1(Is, [Line|Acc]);
+extract_seq_1([{label,_},{func_info,_,_,_}|_], _) ->
+    no;
+extract_seq_1([{label,_}=Lbl|Is], Acc) ->
+    {yes,[Lbl|Acc],Is};
+extract_seq_1(_, _) -> no.
 
 %%%
 %%% (3) (4) (5) (6) Jump and unreachable code optimizations.
@@ -454,6 +464,7 @@ is_label_used_in_2({set,_,_,Info}, Lbl) ->
 	{put_tuple,_} -> false;
 	{get_tuple_element,_} -> false;
 	{set_tuple_element,_} -> false;
+	{line,_} -> false;
 	_ when is_atom(Info) -> false
     end.
 
@@ -487,6 +498,8 @@ rem_unused([], _, Acc) -> reverse(Acc).
 initial_labels(Is) ->
     initial_labels(Is, []).
 
+initial_labels([{line,_}|Is], Acc) ->
+    initial_labels(Is, Acc);
 initial_labels([{label,Lbl}|Is], Acc) ->
     initial_labels(Is, [Lbl|Acc]);
 initial_labels([{func_info,_,_,_},{label,Lbl}|_], Acc) ->
diff --git a/lib/compiler/src/beam_listing.erl b/lib/compiler/src/beam_listing.erl
index be7b14c3dd..50d1f3cdb1 100644
--- a/lib/compiler/src/beam_listing.erl
+++ b/lib/compiler/src/beam_listing.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -61,7 +61,7 @@ print_op(Stream, Label) when element(1, Label) == label ->
 print_op(Stream, Op) ->
     io:format(Stream, "    ~p.\n", [Op]).
 
-function(File, {function,Name,Arity,Args,Body,Vdb}) ->
+function(File, {function,Name,Arity,Args,Body,Vdb,_Anno}) ->
     io:nl(File),
     io:format(File, "function ~p/~p.\n", [Name,Arity]),
     io:format(File, " ~p.\n", [Args]),
diff --git a/lib/compiler/src/beam_receive.erl b/lib/compiler/src/beam_receive.erl
index 9ed44ad5d7..bd1f44f66b 100644
--- a/lib/compiler/src/beam_receive.erl
+++ b/lib/compiler/src/beam_receive.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -175,6 +175,8 @@ opt_update_regs({label,Lbl}, R, L) ->
     end;
 opt_update_regs({try_end,_}, R, L) ->
     {R,L};
+opt_update_regs({line,_}, R, L) ->
+    {R,L};
 opt_update_regs(_I, _R, L) ->
     %% Unrecognized instruction. Abort the search.
     {regs_init(),L}.
diff --git a/lib/compiler/src/beam_split.erl b/lib/compiler/src/beam_split.erl
new file mode 100644
index 0000000000..cacaaebffe
--- /dev/null
+++ b/lib/compiler/src/beam_split.erl
@@ -0,0 +1,85 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(beam_split).
+-export([module/2]).
+
+-import(lists, [reverse/1]).
+
+module({Mod,Exp,Attr,Fs0,Lc}, _Opts) ->
+    Fs = [split_blocks(F) || F <- Fs0],
+    {ok,{Mod,Exp,Attr,Fs,Lc}}.
+
+%% We must split the basic block when we encounter instructions with labels,
+%% such as catches and BIFs. All labels must be visible outside the blocks.
+
+split_blocks({function,Name,Arity,CLabel,Is0}) ->
+    Is = split_blocks(Is0, []),
+    {function,Name,Arity,CLabel,Is}.
+
+split_blocks([{block,Bl}|Is], Acc0) ->
+    Acc = split_block(Bl, [], Acc0),
+    split_blocks(Is, Acc);
+split_blocks([I|Is], Acc) ->
+    split_blocks(Is, [I|Acc]);
+split_blocks([], Acc) -> reverse(Acc).
+
+split_block([{set,[R],[_,_,_]=As,{bif,is_record,{f,Lbl}}}|Is], Bl, Acc) ->
+    %% is_record/3 must be translated by beam_clean; therefore,
+    %% it must be outside of any block.
+    split_block(Is, [], [{bif,is_record,{f,Lbl},As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],As,{bif,N,{f,Lbl}=Fail}}|Is], Bl, Acc) when Lbl =/= 0 ->
+    split_block(Is, [], [{bif,N,Fail,As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],As,{alloc,Live,{gc_bif,N,{f,Lbl}=Fail}}}|Is], Bl, Acc)
+  when Lbl =/= 0 ->
+    split_block(Is, [], [{gc_bif,N,Fail,Live,As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],[],{'catch',L}}|Is], Bl, Acc) ->
+    split_block(Is, [], [{'catch',R,L}|make_block(Bl, Acc)]);
+split_block([{set,[],[],{line,_}=Line}|Is], Bl, Acc) ->
+    split_block(Is, [], [Line|make_block(Bl, Acc)]);
+split_block([I|Is], Bl, Acc) ->
+    split_block(Is, [I|Bl], Acc);
+split_block([], Bl, Acc) -> make_block(Bl, Acc).
+
+make_block([], Acc) -> Acc;
+make_block([{set,[D],Ss,{bif,Op,Fail}}|Bl]=Bl0, Acc) ->
+    %% If the last instruction in the block is a comparison or boolean operator
+    %% (such as '=:='), move it out of the block to facilitate further
+    %% optimizations.
+    Arity = length(Ss),
+    case erl_internal:comp_op(Op, Arity) orelse
+	erl_internal:new_type_test(Op, Arity) orelse
+	erl_internal:bool_op(Op, Arity) of
+	false ->
+	    [{block,reverse(Bl0)}|Acc];
+	true ->
+	    I = {bif,Op,Fail,Ss,D},
+	    case Bl =:= [] of
+		true -> [I|Acc];
+		false -> [I,{block,reverse(Bl)}|Acc]
+	    end
+    end;
+make_block([{set,[Dst],[Src],move}|Bl], Acc) ->
+    %% Make optimization of {move,Src,Dst}, {jump,...} possible.
+    I = {move,Src,Dst},
+    case Bl =:= [] of
+	true -> [I|Acc];
+	false -> [I,{block,reverse(Bl)}|Acc]
+    end;
+make_block(Bl, Acc) -> [{block,reverse(Bl)}|Acc].
diff --git a/lib/compiler/src/beam_trim.erl b/lib/compiler/src/beam_trim.erl
index 790aba0a9a..5f4fa3b1f8 100644
--- a/lib/compiler/src/beam_trim.erl
+++ b/lib/compiler/src/beam_trim.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -222,7 +222,9 @@ remap([{call_last,Ar,Name,N}|Is], Map, Acc) ->
     reverse(Acc, [I|Is]);
 remap([{call_ext_last,Ar,Name,N}|Is], Map, Acc) ->
     I = {call_ext_last,Ar,Name,Map({frame_size,N})},
-    reverse(Acc, [I|Is]).
+    reverse(Acc, [I|Is]);
+remap([{line,_}=I|Is], Map, Acc) ->
+    remap(Is, Map, [I|Acc]).
     
 remap_block([{set,Ds0,Ss0,Info}|Is], Map, Acc) ->
     Ds = [Map(D) || D <- Ds0],
@@ -230,14 +232,15 @@ remap_block([{set,Ds0,Ss0,Info}|Is], Map, Acc) ->
     remap_block(Is, Map, [{set,Ds,Ss,Info}|Acc]);
 remap_block([], _, Acc) -> reverse(Acc).
     
-safe_labels([{label,L},{badmatch,{Tag,_}}|Is], Acc) when Tag =/= y ->
+safe_labels([{label,L},{line,_},{badmatch,{Tag,_}}|Is], Acc) when Tag =/= y ->
     safe_labels(Is, [L|Acc]);
-safe_labels([{label,L},{case_end,{Tag,_}}|Is], Acc) when Tag =/= y ->
+safe_labels([{label,L},{line,_},{case_end,{Tag,_}}|Is], Acc) when Tag =/= y ->
     safe_labels(Is, [L|Acc]);
-safe_labels([{label,L},if_end|Is], Acc) ->
+safe_labels([{label,L},{line,_},if_end|Is], Acc) ->
     safe_labels(Is, [L|Acc]);
 safe_labels([{label,L},
 	     {block,[{set,[{x,0}],[{Tag,_}],move}]},
+	     {line,_},
 	     {call_ext,1,{extfunc,erlang,error,1}}|Is], Acc) when Tag =/= y ->
     safe_labels(Is, [L|Acc]);
 safe_labels([_|Is], Acc) ->
@@ -321,6 +324,8 @@ frame_size([{make_fun2,_,_,_,_}|Is], Safe) ->
 frame_size([{deallocate,N}|_], _) -> N;
 frame_size([{call_last,_,_,N}|_], _) -> N;
 frame_size([{call_ext_last,_,_,N}|_], _) -> N;
+frame_size([{line,_}|Is], Safe) ->
+    frame_size(Is, Safe);
 frame_size([_|_], _) -> throw(not_possible).
 
 frame_size_branch(0, Is, Safe) ->
diff --git a/lib/compiler/src/beam_type.erl b/lib/compiler/src/beam_type.erl
index f83f73b224..6f0ffb5b25 100644
--- a/lib/compiler/src/beam_type.erl
+++ b/lib/compiler/src/beam_type.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -168,6 +168,8 @@ simplify_float_1([{set,[D0],[A,B],{alloc,_,{gc_bif,Op0,{f,0}}}}=I|Is]=Is0, Ts0,
 simplify_float_1([{set,_,_,{'catch',_}}=I|Is]=Is0, _Ts, Rs0, Acc0) ->
     Acc = flush_all(Rs0, Is0, Acc0),
     simplify_float_1(Is, tdb_new(), Rs0, [I|Acc]);
+simplify_float_1([{set,_,_,{line,_}}=I|Is], Ts, Rs, Acc) ->
+    simplify_float_1(Is, Ts, Rs, [I|Acc]);
 simplify_float_1([I|Is]=Is0, Ts0, Rs0, Acc0) ->
     Ts = update(I, Ts0),
     {Rs,Acc} = flush(Rs0, Is0, Acc0),
@@ -400,6 +402,7 @@ update({call_ext,3,{extfunc,erlang,setelement,3}}, Ts0) ->
 update({call,_Arity,_Func}, Ts) -> tdb_kill_xregs(Ts);
 update({call_ext,_Arity,_Func}, Ts) -> tdb_kill_xregs(Ts);
 update({make_fun2,_,_,_,_}, Ts) -> tdb_kill_xregs(Ts);
+update({line,_}, Ts) -> Ts;
 
 %% The instruction is unknown.  Kill all information.
 update(_I, _Ts) -> tdb_new().
diff --git a/lib/compiler/src/beam_utils.erl b/lib/compiler/src/beam_utils.erl
index 45cdf8a659..116ede0bc9 100644
--- a/lib/compiler/src/beam_utils.erl
+++ b/lib/compiler/src/beam_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,7 +26,7 @@
 	 code_at/2,bif_to_test/3,is_pure_test/1,
 	 live_opt/1,delete_live_annos/1,combine_heap_needs/2]).
 
--import(lists, [member/2,sort/1,reverse/1]).
+-import(lists, [member/2,sort/1,reverse/1,splitwith/2]).
 
 -record(live,
 	{bl,					%Block check fun.
@@ -195,10 +195,14 @@ is_pure_test({test,Op,_,Ops}) ->
 %%  Also insert {'%live',Live} annotations at the beginning
 %%  and end of each block.
 %%
-live_opt([{label,Fail}=I1,
-	  {func_info,_,_,Live}=I2|Is]) ->
+live_opt(Is0) ->
+    {[{label,Fail}|_]=Bef,[Fi|Is]} =
+	splitwith(fun({func_info,_,_,_}) -> false;
+		     (_) -> true
+		  end, Is0),
+    {func_info,_,_,Live} = Fi,
     D = gb_trees:insert(Fail, live_call(Live), gb_trees:empty()),
-    [I1,I2|live_opt(reverse(Is), 0, D, [])].
+    Bef ++ [Fi|live_opt(reverse(Is), 0, D, [])].
 
 
 %% delete_live_annos([Instruction]) -> [Instruction].
@@ -470,8 +474,15 @@ check_liveness(R, [{make_fun2,_,_,_,NumFree}|Is], St) ->
     end;
 check_liveness(R, [{try_end,Y}|Is], St) ->
     case R of
-	Y -> {killed,St};
-	_ -> check_liveness(R, Is, St)
+	Y ->
+	    {killed,St};
+	{y,_} ->
+	    %% y registers will be used if an exception occurs and
+	    %% control transfers to the label given in the previous
+	    %% try/2 instruction.
+	    {used,St};
+	_ ->
+	    check_liveness(R, Is, St)
     end;
 check_liveness(R, [{catch_end,Y}|Is], St) ->
     case R of
@@ -499,6 +510,8 @@ check_liveness(R, [{loop_rec,{f,_},{x,0}}|_], St) ->
     end;
 check_liveness(R, [{loop_rec_end,{f,Fail}}|_], St) ->
     check_liveness_at(R, Fail, St);
+check_liveness(R, [{line,_}|Is], St) ->
+    check_liveness(R, Is, St);
 check_liveness(_R, Is, St) when is_list(Is) ->
 %%     case Is of
 %% 	[I|_] ->
@@ -799,6 +812,8 @@ live_opt([{wait,_}=I|Is], Regs, D, Acc) ->
     live_opt(Is, Regs, D, [I|Acc]);
 live_opt([{wait_timeout,_,{Tag,_}}=I|Is], Regs, D, Acc) when Tag =/= x ->
     live_opt(Is, Regs, D, [I|Acc]);
+live_opt([{line,_}=I|Is], Regs, D, Acc) ->
+    live_opt(Is, Regs, D, [I|Acc]);
 
 %% The following instructions can occur if the "compilation" has been
 %% started from a .S file using the 'asm' option.
diff --git a/lib/compiler/src/beam_validator.erl b/lib/compiler/src/beam_validator.erl
index fb267b35b6..a52e7bb761 100644
--- a/lib/compiler/src/beam_validator.erl
+++ b/lib/compiler/src/beam_validator.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -166,12 +166,17 @@ validate(Module, Fs) ->
     Ft = index_bs_start_match(Fs, []),
     validate_0(Module, Fs, Ft).
 
-index_bs_start_match([{function,_,_,Entry,Code}|Fs], Acc0) ->
+index_bs_start_match([{function,_,_,Entry,Code0}|Fs], Acc0) ->
+    Code = dropwhile(fun({label,L}) when L =:= Entry -> false;
+			(_) -> true
+		     end, Code0),
     case Code of
-	[_,_,{label,Entry}|Is] ->
+	[{label,Entry}|Is] ->
 	    Acc = index_bs_start_match_1(Is, Entry, Acc0),
 	    index_bs_start_match(Fs, Acc);
 	_ ->
+	    %% Something serious is wrong. Ignore it for now.
+	    %% It will be detected and diagnosed later.
 	    index_bs_start_match(Fs, Acc0)
     end;
 index_bs_start_match([], Acc) ->
@@ -292,6 +297,8 @@ labels(Is) ->
 
 labels_1([{label,L}|Is], R) ->
     labels_1(Is, [L|R]);
+labels_1([{line,_}|Is], R) ->
+    labels_1(Is, R);
 labels_1(Is, R) ->
     {lists:reverse(R),Is}.
 
@@ -433,6 +440,8 @@ valfun_1(remove_message, Vst) ->
     Vst;
 valfun_1({'%',_}, Vst) ->
     Vst;
+valfun_1({line,_}, Vst) ->
+    Vst;
 %% Exception generating calls
 valfun_1({call_ext,Live,Func}=I, Vst) ->
     case return_type(Func, Vst) of
@@ -661,10 +670,20 @@ valfun_4({get_tuple_element,Src,I,Dst}, Vst) ->
 valfun_4({test,bs_start_match2,{f,Fail},Live,[Ctx,NeedSlots],Ctx}, Vst0) ->
     %% If source and destination registers are the same, match state
     %% is OK as input.
-    _ = get_move_term_type(Ctx, Vst0),
+    CtxType = get_move_term_type(Ctx, Vst0),
     verify_live(Live, Vst0),
     Vst1 = prune_x_regs(Live, Vst0),
-    Vst = branch_state(Fail, Vst1),
+    BranchVst = case CtxType of
+		    {match_context,_,_} ->
+			%% The failure branch will never be taken when Ctx
+			%% is a match context. Therefore, the type for Ctx
+			%% at the failure label must not be match_context
+			%% (or we could reject legal code).
+			set_type_reg(term, Ctx, Vst1);
+		    _ ->
+			Vst1
+		end,
+    Vst = branch_state(Fail, BranchVst),
     set_type_reg(bsm_match_state(NeedSlots), Ctx, Vst);
 valfun_4({test,bs_start_match2,{f,Fail},Live,[Src,Slots],Dst}, Vst0) ->
     assert_term(Src, Vst0),
@@ -870,6 +889,8 @@ val_dsetel({set_tuple_element,_,_,_}, #vst{current=#st{setelem=false}}) ->
     error(illegal_context_for_set_tuple_element);
 val_dsetel({set_tuple_element,_,_,_}, #vst{current=#st{setelem=true}}=Vst) ->
     Vst;
+val_dsetel({line,_}, Vst) ->
+    Vst;
 val_dsetel(_, #vst{current=#st{setelem=true}=St}=Vst) ->
     Vst#vst{current=St#st{setelem=false}};
 val_dsetel(_, Vst) -> Vst.
diff --git a/lib/compiler/src/compile.erl b/lib/compiler/src/compile.erl
index e46c667e47..9b505ad15c 100644
--- a/lib/compiler/src/compile.erl
+++ b/lib/compiler/src/compile.erl
@@ -172,9 +172,11 @@ expand_opt(report, Os) ->
 expand_opt(return, Os) ->
     [return_errors,return_warnings|Os];
 expand_opt(r12, Os) ->
-    [no_recv_opt|Os];
+    [no_recv_opt,no_line_info|Os];
 expand_opt(r13, Os) ->
-    [no_recv_opt|Os];
+    [no_recv_opt,no_line_info|Os];
+expand_opt(r14, Os) ->
+    [no_line_info|Os];
 expand_opt({debug_info_key,_}=O, Os) ->
     [encrypt_debug_info,O|Os];
 expand_opt(no_float_opt, Os) ->
@@ -235,7 +237,8 @@ format_error({module_name,Mod,Filename}) ->
 		  code=[],
 		  core_code=[],
 		  abstract_code=[],		%Abstract code for debugger.
-		  options=[]  :: [option()],
+		  options=[]  :: [option()],	%Options for compilation
+		  mod_options=[]  :: [option()], %Options for module_info
 		  errors=[],
 		  warnings=[]}).
 
@@ -246,10 +249,11 @@ internal(Master, Input, Opts) ->
 
 internal({forms,Forms}, Opts) ->
     {_,Ps} = passes(forms, Opts),
-    internal_comp(Ps, "", "", #compile{code=Forms,options=Opts});
+    internal_comp(Ps, "", "", #compile{code=Forms,options=Opts,
+				       mod_options=Opts});
 internal({file,File}, Opts) ->
     {Ext,Ps} = passes(file, Opts),
-    Compile = #compile{options=Opts},
+    Compile = #compile{options=Opts,mod_options=Opts},
     internal_comp(Ps, File, Ext, Compile).
 
 internal_comp(Passes, File, Suffix, St0) ->
@@ -625,11 +629,15 @@ asm_passes() ->
       [{unless,no_postopt,
 	[{pass,beam_block},
 	 {iff,dblk,{listing,"block"}},
+	 {unless,no_except,{pass,beam_except}},
+	 {iff,dexcept,{listing,"except"}},
 	 {unless,no_bopt,{pass,beam_bool}},
 	 {iff,dbool,{listing,"bool"}},
 	 {unless,no_topt,{pass,beam_type}},
 	 {iff,dtype,{listing,"type"}},
-	 {pass,beam_dead},	      %Must always run since it splits blocks.
+	 {pass,beam_split},
+	 {iff,dsplit,{listing,"split"}},
+	 {unless,no_dead,{pass,beam_dead}},
 	 {iff,ddead,{listing,"dead"}},
 	 {unless,no_jopt,{pass,beam_jump}},
 	 {iff,djmp,{listing,"jump"}},
@@ -1228,12 +1236,13 @@ beam_unused_labels(#compile{code=Code0}=St) ->
     Code = beam_jump:module_labels(Code0),
     {ok,St#compile{code=Code}}.
 
-beam_asm(#compile{ifile=File,code=Code0,abstract_code=Abst,options=Opts0}=St) ->
+beam_asm(#compile{ifile=File,code=Code0,
+		  abstract_code=Abst,mod_options=Opts0}=St) ->
     Source = filename:absname(File),
     Opts1 = lists:map(fun({debug_info_key,_}) -> {debug_info_key,'********'};
 			 (Other) -> Other
 		      end, Opts0),
-    Opts2 = [O || O <- Opts1, is_informative_option(O)],
+    Opts2 = [O || O <- Opts1, effects_code_generation(O)],
     case beam_asm:module(Code0, Abst, Source, Opts2) of
 	{ok,Code} -> {ok,St#compile{code=Code,abstract_code=[]}}
     end.
@@ -1303,15 +1312,23 @@ embed_native_code(St, {Architecture,NativeCode}) ->
     {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
     St#compile{code=BeamPlusNative}.
 
-%% Returns true if the option is informative and therefore should be included
-%% in the option list of the compiled module.
-
-is_informative_option(beam) -> false;
-is_informative_option(report_warnings) -> false;
-is_informative_option(report_errors) -> false;
-is_informative_option(binary) -> false;
-is_informative_option(verbose) -> false;
-is_informative_option(_) -> true.
+%% effects_code_generation(Option) -> true|false.
+%%  Determine whether the option could have any effect on the
+%%  generated code in the BEAM file (as opposed to how
+%%  errors will be reported).
+
+effects_code_generation(Option) ->
+    case Option of 
+	beam -> false;
+	report_warnings -> false;
+	report_errors -> false;
+	return_errors-> false;
+	return_warnings-> false;
+	binary -> false;
+	verbose -> false;
+	{cwd,_} -> false;
+	_ -> true
+    end.
 
 save_binary(#compile{code=none}=St) -> {ok,St};
 save_binary(#compile{module=Mod,ofile=Outfile,
@@ -1438,6 +1455,8 @@ iofile(File) when is_atom(File) ->
 iofile(File) ->
     {filename:dirname(File), filename:basename(File, ".erl")}.
 
+erlfile(".", Base, Suffix) ->
+    Base ++ Suffix;
 erlfile(Dir, Base, Suffix) ->
     filename:join(Dir, Base ++ Suffix).
 
@@ -1510,6 +1529,8 @@ restore_expand_module([{attribute,Line,opaque,[Type]}|Fs]) ->
     [{attribute,Line,opaque,Type}|restore_expand_module(Fs)];
 restore_expand_module([{attribute,Line,spec,[Arg]}|Fs]) ->
     [{attribute,Line,spec,Arg}|restore_expand_module(Fs)];
+restore_expand_module([{attribute,Line,callback,[Arg]}|Fs]) ->
+    [{attribute,Line,callback,Arg}|restore_expand_module(Fs)];
 restore_expand_module([F|Fs]) ->
     [F|restore_expand_module(Fs)];
 restore_expand_module([]) -> [].
diff --git a/lib/compiler/src/compiler.app.src b/lib/compiler/src/compiler.app.src
index 4ac879c9a4..1133882728 100644
--- a/lib/compiler/src/compiler.app.src
+++ b/lib/compiler/src/compiler.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -28,12 +28,14 @@
 	     beam_dead,
 	     beam_dict,
 	     beam_disasm,
+	     beam_except,
 	     beam_flatten,
 	     beam_jump,
 	     beam_listing,
 	     beam_opcodes,
 	     beam_peep,
 	     beam_receive,
+	     beam_split,
 	     beam_trim,
 	     beam_type,
 	     beam_utils,
diff --git a/lib/compiler/src/erl_bifs.erl b/lib/compiler/src/erl_bifs.erl
index f8128702dd..9ad2378d00 100644
--- a/lib/compiler/src/erl_bifs.erl
+++ b/lib/compiler/src/erl_bifs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -72,7 +72,6 @@ is_pure(erlang, binary_to_list, 1) -> true;
 is_pure(erlang, binary_to_list, 3) -> true;
 is_pure(erlang, bit_size, 1) -> true;
 is_pure(erlang, byte_size, 1) -> true;
-is_pure(erlang, concat_binary, 1) -> true;
 is_pure(erlang, element, 2) -> true;
 is_pure(erlang, float, 1) -> true;
 is_pure(erlang, float_to_list, 1) -> true;
@@ -137,6 +136,7 @@ is_pure(math, sinh, 1) -> true;
 is_pure(math, sqrt, 1) -> true;
 is_pure(math, tan, 1) -> true;
 is_pure(math, tanh, 1) -> true;
+is_pure(math, pi, 0) -> true;
 is_pure(_, _, _) -> false.
 
 
diff --git a/lib/compiler/src/genop.tab b/lib/compiler/src/genop.tab
index 63527bda8f..75ac91907a 100644
--- a/lib/compiler/src/genop.tab
+++ b/lib/compiler/src/genop.tab
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1998-2010. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -280,3 +280,7 @@ BEAM_FORMAT_NUMBER=0
 150: recv_mark/1
 151: recv_set/1
 152: gc_bif3/7
+
+# R15A
+
+153: line/1
diff --git a/lib/compiler/src/sys_core_fold.erl b/lib/compiler/src/sys_core_fold.erl
index 6ea67741fa..5b155398dc 100644
--- a/lib/compiler/src/sys_core_fold.erl
+++ b/lib/compiler/src/sys_core_fold.erl
@@ -2641,9 +2641,9 @@ bsm_leftmost_2([_|Ps], Cs, N, Pos) ->
 bsm_leftmost_2([], Cs, _, Pos) ->
     bsm_leftmost_1(Cs, Pos).
 
-%% bsm_notempty(Cs, Pos) -> true|false
+%% bsm_nonempty(Cs, Pos) -> true|false
 %%  Check if at least one of the clauses matches a non-empty
-%%  binary in the given argumet position.
+%%  binary in the given argument position.
 %%
 bsm_nonempty([#c_clause{pats=Ps}|Cs], Pos) ->
     case nth(Pos, Ps) of
@@ -2704,7 +2704,7 @@ bsm_ensure_no_partition_2([P|_], 1, _, Vstate, State) ->
 	    %%
 	    %% But if the clauses can't be freely rearranged, as in
 	    %%
-	    %% b(Var, <<>>) -> ...
+	    %% b(Var, <<X>>) -> ...
 	    %% b(1, 2) -> ...
 	    %%
 	    %% we do have a problem.
diff --git a/lib/compiler/src/sys_expand_pmod.erl b/lib/compiler/src/sys_expand_pmod.erl
index 4fee26f2a6..da644b4f0b 100644
--- a/lib/compiler/src/sys_expand_pmod.erl
+++ b/lib/compiler/src/sys_expand_pmod.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -317,6 +317,8 @@ expr({'try',Line,Es0,Scs0,Ccs0,As0},St) ->
     Ccs1 = icr_clauses(Ccs0,St),
     As1 = exprs(As0,St),
     {'try',Line,Es1,Scs1,Ccs1,As1};
+expr({'fun',_,{function,_,_,_}}=ExtFun,_St) ->
+    ExtFun;
 expr({'fun',Line,Body,Info},St) ->
     case Body of
 	{clauses,Cs0} ->
diff --git a/lib/compiler/src/sys_pre_expand.erl b/lib/compiler/src/sys_pre_expand.erl
index 249bd7a8e7..ba9cde1de0 100644
--- a/lib/compiler/src/sys_pre_expand.erl
+++ b/lib/compiler/src/sys_pre_expand.erl
@@ -31,8 +31,6 @@
 -import(ordsets, [from_list/1,add_element/2,union/2]).
 -import(lists,   [member/2,foldl/3,foldr/3]).
 
--compile({nowarn_deprecated_function, {erlang,hash,2}}).
-
 -include("../include/erl_bits.hrl").
 
 -record(expand, {module=[],                     %Module name
@@ -43,12 +41,12 @@
                  mod_imports,                   %Module Imports
                  compile=[],                    %Compile flags
                  attributes=[],                 %Attributes
+                 callbacks=[],                  %Callbacks
                  defined=[],                    %Defined functions
                  vcount=0,                      %Variable counter
                  func=[],                       %Current function
                  arity=[],                      %Arity for current function
                  fcount=0,                      %Local fun count
-                 fun_index=0,                   %Global index for funs
                  bitdefault,
                  bittypes
                 }).
@@ -172,10 +170,41 @@ define_functions(Forms, #expand{defined=Predef}=St) ->
                end, Predef, Forms),
     St#expand{defined=ordsets:from_list(Fs)}.
 
-module_attrs(St) ->
-    {[{attribute,Line,Name,Val} || {Name,Line,Val} <- St#expand.attributes],St}.
+module_attrs(#expand{attributes=Attributes}=St) ->
+    Attrs = [{attribute,Line,Name,Val} || {Name,Line,Val} <- Attributes],
+    Callbacks = [Callback || {_,_,callback,_}=Callback <- Attrs],
+    {Attrs,St#expand{callbacks=Callbacks}}.
 
 module_predef_funcs(St) ->
+    {Mpf1,St1}=module_predef_func_beh_info(St),
+    {Mpf2,St2}=module_predef_funcs_mod_info(St1),
+    {Mpf1++Mpf2,St2}.
+
+module_predef_func_beh_info(#expand{callbacks=[]}=St) ->
+    {[], St};
+module_predef_func_beh_info(#expand{callbacks=Callbacks,defined=Defined,
+				    exports=Exports}=St) ->
+    PreDef=[{behaviour_info,1}],
+    PreExp=PreDef,
+    {[gen_beh_info(Callbacks)],
+     St#expand{defined=union(from_list(PreDef), Defined),
+	       exports=union(from_list(PreExp), Exports)}}.
+
+gen_beh_info(Callbacks) ->
+    List = make_list(Callbacks),
+    {function,0,behaviour_info,1,
+     [{clause,0,[{atom,0,callbacks}],[],
+       [List]}]}.
+
+make_list([]) -> {nil,0};
+make_list([{_,_,_,[{{Name,Arity},_}]}|Rest]) ->
+    {cons,0,
+     {tuple,0,
+      [{atom,0,Name},
+       {integer,0,Arity}]},
+     make_list(Rest)}.
+
+module_predef_funcs_mod_info(St) ->
     PreDef = [{module_info,0},{module_info,1}],
     PreExp = PreDef,
     {[{function,0,module_info,0,
@@ -506,32 +535,34 @@ lc_tq(_Line, [], St0) ->
 %% Transform an "explicit" fun {'fun', Line, {clauses, Cs}} into an
 %% extended form {'fun', Line, {clauses, Cs}, Info}, unless it is the
 %% name of a BIF (erl_lint has checked that it is not an import).
-%% Process the body sequence directly to get the new and used variables.
 %% "Implicit" funs {'fun', Line, {function, F, A}} are not changed.
 
 fun_tq(Lf, {function,F,A}=Function, St0) ->
-    {As,St1} = new_vars(A, Lf, St0),
-    Cs = [{clause,Lf,As,[],[{call,Lf,{atom,Lf,F},As}]}],
     case erl_internal:bif(F, A) of
         true ->
+	    {As,St1} = new_vars(A, Lf, St0),
+	    Cs = [{clause,Lf,As,[],[{call,Lf,{atom,Lf,F},As}]}],
             fun_tq(Lf, {clauses,Cs}, St1);
         false ->
-            Index = St0#expand.fun_index,
-            Uniq = erlang:hash(Cs, (1 bsl 27)-1),
-            {Fname,St2} = new_fun_name(St1),
-            {{'fun',Lf,Function,{Index,Uniq,Fname}},
-             St2#expand{fun_index=Index+1}}
+            {Fname,St1} = new_fun_name(St0),
+            Index = Uniq = 0,
+            {{'fun',Lf,Function,{Index,Uniq,Fname}},St1}
     end;
-fun_tq(L, {function,M,F,A}, St) ->
-    {{call,L,{remote,L,{atom,L,erlang},{atom,L,make_fun}},
-      [{atom,L,M},{atom,L,F},{integer,L,A}]},St};
+fun_tq(L, {function,M,F,A}, St) when is_atom(M), is_atom(F), is_integer(A) ->
+    %% This is the old format for external funs, generated by a pre-R15
+    %% compiler. That means that a tool, such as the debugger or xref,
+    %% directly invoked this module with the abstract code from a
+    %% pre-R15 BEAM file. Be helpful, and translate it to the new format.
+    fun_tq(L, {function,{atom,L,M},{atom,L,F},{integer,L,A}}, St);
+fun_tq(Lf, {function,_,_,_}=ExtFun, St) ->
+    {{'fun',Lf,ExtFun},St};
 fun_tq(Lf, {clauses,Cs0}, St0) ->
-    Uniq = erlang:hash(Cs0, (1 bsl 27)-1),
     {Cs1,St1} = fun_clauses(Cs0, St0),
-    Index = St1#expand.fun_index,
     {Fname,St2} = new_fun_name(St1),
-    {{'fun',Lf,{clauses,Cs1},{Index,Uniq,Fname}},
-     St2#expand{fun_index=Index+1}}.
+    %% Set dummy values for Index and Uniq -- the real values will
+    %% be assigned by beam_asm.
+    Index = Uniq = 0,
+    {{'fun',Lf,{clauses,Cs1},{Index,Uniq,Fname}},St2}.
 
 fun_clauses([{clause,L,H0,G0,B0}|Cs0], St0) ->
     {H,St1} = head(H0, St0),
diff --git a/lib/compiler/src/v3_codegen.erl b/lib/compiler/src/v3_codegen.erl
index 55e3c58d2a..6623485609 100644
--- a/lib/compiler/src/v3_codegen.erl
+++ b/lib/compiler/src/v3_codegen.erl
@@ -53,7 +53,6 @@
 
 %% Main codegen structure.
 -record(cg, {lcount=1,				%Label counter
-	     finfo,				%Function info label
 	     bfail,				%Fail label for BIFs
 	     break,				%Break label
 	     recv,				%Receive label
@@ -79,9 +78,10 @@ module({Mod,Exp,Attr,Forms}, Options) ->
 functions(Forms, AtomMod) ->
     mapfoldl(fun (F, St) -> function(F, AtomMod, St) end, #cg{lcount=1}, Forms).
 
-function({function,Name,Arity,Asm0,Vb,Vdb}, AtomMod, St0) ->
+function({function,Name,Arity,Asm0,Vb,Vdb,Anno}, AtomMod, St0) ->
     try
-	{Asm,EntryLabel,St} = cg_fun(Vb, Asm0, Vdb, AtomMod, {Name,Arity}, St0),
+	{Asm,EntryLabel,St} = cg_fun(Vb, Asm0, Vdb, AtomMod,
+				     {Name,Arity}, Anno, St0),
 	Func = {function,Name,Arity,EntryLabel,Asm},
 	{Func,St}
     catch
@@ -93,7 +93,7 @@ function({function,Name,Arity,Asm0,Vb,Vdb}, AtomMod, St0) ->
 
 %% cg_fun([Lkexpr], [HeadVar], Vdb, State) -> {[Ainstr],State}
 
-cg_fun(Les, Hvs, Vdb, AtomMod, NameArity, St0) ->
+cg_fun(Les, Hvs, Vdb, AtomMod, NameArity, Anno, St0) ->
     {Fi,St1} = new_label(St0),			%FuncInfo label
     {Fl,St2} = local_func_label(NameArity, St1),
 
@@ -125,11 +125,10 @@ cg_fun(Les, Hvs, Vdb, AtomMod, NameArity, St0) ->
 			 stk=[]}, 0, Vdb),
     {B,_Aft,St} = cg_list(Les, 0, Vdb, Bef,
 			  St3#cg{bfail=0,
-				 finfo=Fi,
 				 ultimate_failure=UltimateMatchFail,
 				 is_top_block=true}),
     {Name,Arity} = NameArity,
-    Asm = [{label,Fi},{func_info,AtomMod,{atom,Name},Arity},
+    Asm = [{label,Fi},line(Anno),{func_info,AtomMod,{atom,Name},Arity},
 	   {label,Fl}|B++[{label,UltimateMatchFail},if_end]],
     {Asm,Fl,St}.
 
@@ -146,8 +145,6 @@ cg({match,M,Rs}, Le, Vdb, Bef, St) ->
     match_cg(M, Rs, Le, Vdb, Bef, St);
 cg({guard_match,M,Rs}, Le, Vdb, Bef, St) ->
     guard_match_cg(M, Rs, Le, Vdb, Bef, St);
-cg({match_fail,F}, Le, Vdb, Bef, St) ->
-    match_fail_cg(F, Le, Vdb, Bef, St);
 cg({call,Func,As,Rs}, Le, Vdb, Bef, St) ->
     call_cg(Func, As, Rs, Le, Vdb, Bef, St);
 cg({enter,Func,As}, Le, Vdb, Bef, St) ->
@@ -293,39 +290,6 @@ match_cg({block,Es}, Le, _Fail, Bef, St) ->
     Int = clear_dead(Bef, Le#l.i, Le#l.vdb),
     block_cg(Es, Le, Int, St).
 
-%% match_fail_cg(FailReason, Le, Vdb, StackReg, State) ->
-%%	{[Ainstr],StackReg,State}.
-%%  Generate code for the match_fail "call".  N.B. there is no generic
-%%  case for when the fail value has been created elsewhere.
-
-match_fail_cg({function_clause,As}, Le, Vdb, Bef, St) ->
-    %% Must have the args in {x,0}, {x,1},...
-    {Sis,Int} = cg_setup_call(As, Bef, Le#l.i, Vdb),
-    {Sis ++ [{jump,{f,St#cg.finfo}}],
-     Int#sr{reg=clear_regs(Int#sr.reg)},St};
-match_fail_cg({badmatch,Term}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Term, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis ++ [{badmatch,R}],
-     Int#sr{reg=clear_regs(Int0#sr.reg)},St};
-match_fail_cg({case_clause,Reason}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Reason, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis++[{case_end,R}],
-     Int#sr{reg=clear_regs(Bef#sr.reg)},St};
-match_fail_cg(if_clause, Le, Vdb, Bef, St) ->
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int1} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis++[if_end],Int1#sr{reg=clear_regs(Int1#sr.reg)},St};
-match_fail_cg({try_clause,Reason}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Reason, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis ++ [{try_case_end,R}],
-     Int#sr{reg=clear_regs(Int0#sr.reg)},St}.
-
 %% bsm_rename_ctx([Clause], Var) -> [Clause]
 %%  We know from an annotation that the register for a binary can
 %%  be reused for the match context because the two are not truly
@@ -1047,7 +1011,7 @@ call_cg({var,_V} = Var, As, Rs, Le, Vdb, Bef, St0) ->
     %% Build complete code and final stack/register state.
     Arity = length(As),
     {Frees,Aft} = free_dead(clear_dead(Int#sr{reg=Reg}, Le#l.i, Vdb)),
-    {Sis ++ Frees ++ [{call_fun,Arity}],Aft,
+    {Sis ++ Frees ++ [line(Le),{call_fun,Arity}],Aft,
      need_stack_frame(St0)};
 call_cg({remote,Mod,Name}, As, Rs, Le, Vdb, Bef, St0)
   when element(1, Mod) =:= var;
@@ -1057,11 +1021,10 @@ call_cg({remote,Mod,Name}, As, Rs, Le, Vdb, Bef, St0)
     Reg = load_vars(Rs, clear_regs(Int#sr.reg)),
     %% Build complete code and final stack/register state.
     Arity = length(As),
-    Call = {apply,Arity},
     St = need_stack_frame(St0),
     %%{Call,St1} = build_call(Func, Arity, St0),
     {Frees,Aft} = free_dead(clear_dead(Int#sr{reg=Reg}, Le#l.i, Vdb)),
-    {Sis ++ Frees ++ [Call],Aft,St};
+    {Sis ++ Frees ++ [line(Le),{apply,Arity}],Aft,St};
 call_cg(Func, As, Rs, Le, Vdb, Bef, St0) ->
     case St0 of
 	#cg{bfail=Fail} when Fail =/= 0 ->
@@ -1091,7 +1054,7 @@ call_cg(Func, As, Rs, Le, Vdb, Bef, St0) ->
 	    Arity = length(As),
 	    {Call,St1} = build_call(Func, Arity, St0),
 	    {Frees,Aft} = free_dead(clear_dead(Int#sr{reg=Reg}, Le#l.i, Vdb)),
-	    {Sis ++ Frees ++ Call,Aft,St1}
+	    {Sis ++ Frees ++ [line(Le)|Call],Aft,St1}
     end.
 
 build_call({remote,{atom,erlang},{atom,'!'}}, 2, St0) ->
@@ -1118,7 +1081,7 @@ enter_cg({var,_V} = Var, As, Le, Vdb, Bef, St0) ->
     {Sis,Int} = cg_setup_call(As++[Var], Bef, Le#l.i, Vdb),
     %% Build complete code and final stack/register state.
     Arity = length(As),
-    {Sis ++ [{call_fun,Arity},return],
+    {Sis ++ [line(Le),{call_fun,Arity},return],
      clear_dead(Int#sr{reg=clear_regs(Int#sr.reg)}, Le#l.i, Vdb),
      need_stack_frame(St0)};
 enter_cg({remote,Mod,Name}, As, Le, Vdb, Bef, St0)
@@ -1127,9 +1090,8 @@ enter_cg({remote,Mod,Name}, As, Le, Vdb, Bef, St0)
     {Sis,Int} = cg_setup_call(As++[Mod,Name], Bef, Le#l.i, Vdb),
     %% Build complete code and final stack/register state.
     Arity = length(As),
-    Call = {apply_only,Arity},
     St = need_stack_frame(St0),
-    {Sis ++ [Call],
+    {Sis ++ [line(Le),{apply_only,Arity}],
      clear_dead(Int#sr{reg=clear_regs(Int#sr.reg)}, Le#l.i, Vdb),
      St};
 enter_cg(Func, As, Le, Vdb, Bef, St0) ->
@@ -1137,7 +1099,8 @@ enter_cg(Func, As, Le, Vdb, Bef, St0) ->
     %% Build complete code and final stack/register state.
     Arity = length(As),
     {Call,St1} = build_enter(Func, Arity, St0),
-    {Sis ++ Call,
+    Line = enter_line(Func, Arity, Le),
+    {Sis ++ Line ++ Call,
      clear_dead(Int#sr{reg=clear_regs(Int#sr.reg)}, Le#l.i, Vdb),
      St1}.
 
@@ -1153,6 +1116,23 @@ build_enter(Name, Arity, St0) when is_atom(Name) ->
     {Lbl,St1} = local_func_label(Name, Arity, St0),
     {[{call_only,Arity,{f,Lbl}}],St1}.
 
+enter_line({remote,{atom,Mod},{atom,Name}}, Arity, Le) ->
+    case erl_bifs:is_safe(Mod, Name, Arity) of
+	false ->
+	    %% Tail-recursive call, possibly to a BIF.
+	    %% We'll need a line instruction in case the
+	    %% BIF call fails.
+	    [line(Le)];
+	true ->
+	    %% Call to a safe BIF. Since it cannot fail,
+	    %% we don't need any line instruction here.
+	    []
+    end;
+enter_line(_, _, _) ->
+    %% Tail-recursive call to a local function. A line
+    %% instruction will not be useful.
+    [].
+
 %% local_func_label(Name, Arity, State) -> {Label,State'}
 %% local_func_label({Name,Arity}, State) -> {Label,State'}
 %%  Get the function entry label for a local function.
@@ -1226,9 +1206,10 @@ bif_cg(Bif, As, [{var,V}], Le, Vdb, Bef, St0) ->
     %%   Currently, we are somewhat pessimistic in
     %% that we save any variable that will be live after this BIF call.
 
+    MayFail = not erl_bifs:is_safe(erlang, Bif, length(As)),
     {Sis,Int0} = case St0#cg.in_catch andalso
 		     St0#cg.bfail =:= 0 andalso
-		     not erl_bifs:is_safe(erlang, Bif, length(As)) of
+		     MayFail of
 		     true -> adjust_stack(Bef, Le#l.i, Le#l.i+1, Vdb);
 		     false -> {[],Bef}
 		 end,
@@ -1237,7 +1218,14 @@ bif_cg(Bif, As, [{var,V}], Le, Vdb, Bef, St0) ->
     Int = Int1#sr{reg=Reg},
     Dst = fetch_reg(V, Reg),
     BifFail = {f,St0#cg.bfail},
-    {Sis++[{bif,Bif,BifFail,Ars,Dst}],
+    %% We need a line instructions for BIFs that may fail in a body.
+    Line = case BifFail of
+	       {f,0} when MayFail ->
+		   [line(Le)];
+	       _ ->
+		   []
+	   end,
+    {Sis++Line++[{bif,Bif,BifFail,Ars,Dst}],
      clear_dead(Int, Le#l.i, Vdb), St0}.
 
 
@@ -1266,7 +1254,11 @@ gc_bif_cg(Bif, As, [{var,V}], Le, Vdb, Bef, St0) ->
     Int = Int1#sr{reg=Reg},
     Dst = fetch_reg(V, Reg),
     BifFail = {f,St0#cg.bfail},
-    {Sis++[{gc_bif,Bif,BifFail,max_reg(Bef#sr.reg),Ars,Dst}],
+    Line = case BifFail of
+	       {f,0} -> [line(Le)];
+	       {f,_} -> []
+	   end,
+    {Sis++Line++[{gc_bif,Bif,BifFail,max_reg(Bef#sr.reg),Ars,Dst}],
      clear_dead(Int, Le#l.i, Vdb), St0}.
 
 %% recv_loop_cg(TimeOut, ReceiveVar, ReceiveMatch, TimeOutExprs,
@@ -1284,7 +1276,7 @@ recv_loop_cg(Te, Rvar, Rm, Tes, Rs, Le, Vdb, Bef, St0) ->
     {Wis,Taft,St6} = cg_recv_wait(Te, Tes, Le#l.i, Int1, St5),
     Int2 = sr_merge(Raft, Taft),		%Merge stack/registers
     Reg = load_vars(Rs, Int2#sr.reg),
-    {Sis ++ Ris ++ [{label,Tl}] ++ Wis ++ [{label,Bl}],
+    {Sis ++ [line(Le)] ++ Ris ++ [{label,Tl}] ++ Wis ++ [{label,Bl}],
      clear_dead(Int2#sr{reg=Reg}, Le#l.i, Vdb),
      St6#cg{break=St0#cg.break,recv=St0#cg.recv}}.
 
@@ -1463,12 +1455,13 @@ cg_binary([{bs_put_binary,Fail,{atom,all},U,_Flags,Src}|PutCode],
 		 {bs_append,Fail,Target,0,MaxRegs,U,Src,BinFlags,Target}
 	 end] ++ PutCode,
     cg_bin_opt(Code);
-cg_binary(PutCode, Target, Temp, Fail, MaxRegs, _Anno) ->
+cg_binary(PutCode, Target, Temp, Fail, MaxRegs, Anno) ->
+    Line = line(Anno),
     Live = cg_live(Target, MaxRegs),
     {InitOp,SzCode} = cg_binary_size(PutCode, Target, Temp, Fail, Live),
 
-    Code = SzCode ++ [{InitOp,Fail,Target,0,MaxRegs,
-		       {field_flags,[]},Target}|PutCode],
+    Code = [Line|SzCode] ++ [{InitOp,Fail,Target,0,MaxRegs,
+			      {field_flags,[]},Target}|PutCode],
     cg_bin_opt(Code).
 
 cg_live({x,X}, MaxRegs) when X =:= MaxRegs -> MaxRegs+1;
@@ -2052,6 +2045,38 @@ drop_catch(Tag, [Other|Stk]) -> [Other|drop_catch(Tag, Stk)].
 new_label(#cg{lcount=Next}=St) ->
     {Next,St#cg{lcount=Next+1}}.
 
+%% line(Le) -> {line,[] | {location,File,Line}}
+%%  Create a line instruction, containing information about
+%%  the current filename and line number. A line information
+%%  instruction should be placed before any operation that could
+%%  cause an exception.
+
+line(#l{a=Anno}) ->
+    line(Anno);
+line([Line,{file,Name}]) when is_integer(Line) ->
+    line_1(Name, Line);
+line([_|_]=A) ->
+    {Name,Line} = find_loc(A, no_file, 0),
+    line_1(Name, Line);
+line([]) ->
+    {line,[]}.
+
+line_1(no_file, _) ->
+    {line,[]};
+line_1(_, 0) ->
+    %% Missing line number or line number 0.
+    {line,[]};
+line_1(Name, Line) ->
+    {line,[{location,Name,abs(Line)}]}.
+
+find_loc([Line|T], File, _) when is_integer(Line) ->
+    find_loc(T, File, Line);
+find_loc([{file,File}|T], _, Line) ->
+    find_loc(T, File, Line);
+find_loc([_|T], File, Line) ->
+    find_loc(T, File, Line);
+find_loc([], File, Line) -> {File,Line}.
+
 flatmapfoldl(F, Accu0, [Hd|Tail]) ->
     {R,Accu1} = F(Hd, Accu0),
     {Rs,Accu2} = flatmapfoldl(F, Accu1, Tail),
diff --git a/lib/compiler/src/v3_core.erl b/lib/compiler/src/v3_core.erl
index 87bb5bec25..6885405ae0 100644
--- a/lib/compiler/src/v3_core.erl
+++ b/lib/compiler/src/v3_core.erl
@@ -180,7 +180,7 @@ body(Cs0, Name, Arity, St0) ->
     {Args,St1} = new_vars(Anno, Arity, St0),
     {Cs1,St2} = clauses(Cs0, St1),
     {Ps,St3} = new_vars(Arity, St2),    %Need new variables here
-    Fc = function_clause(Ps, {Name,Arity}),
+    Fc = function_clause(Ps, Anno, {Name,Arity}),
     {#ifun{anno=#a{anno=Anno},id=[],vars=Args,clauses=Cs1,fc=Fc},St3}.
 
 %% clause(Clause, State) -> {Cclause,State} | noclause.
@@ -507,15 +507,15 @@ expr({block,_,Es0}, St0) ->
     {E1,Es1 ++ Eps,St2};
 expr({'if',L,Cs0}, St0) ->
     {Cs1,St1} = clauses(Cs0, St0),
-    Fc = fail_clause([], #c_literal{val=if_clause}),
     Lanno = lineno_anno(L, St1),
+    Fc = fail_clause([], Lanno, #c_literal{val=if_clause}),
     {#icase{anno=#a{anno=Lanno},args=[],clauses=Cs1,fc=Fc},[],St1};
 expr({'case',L,E0,Cs0}, St0) ->
     {E1,Eps,St1} = novars(E0, St0),
     {Cs1,St2} = clauses(Cs0, St1),
     {Fpat,St3} = new_var(St2),
-    Fc = fail_clause([Fpat], c_tuple([#c_literal{val=case_clause},Fpat])),
-    Lanno = lineno_anno(L, St3),
+    Lanno = lineno_anno(L, St2),
+    Fc = fail_clause([Fpat], Lanno, c_tuple([#c_literal{val=case_clause},Fpat])),
     {#icase{anno=#a{anno=Lanno},args=[E1],clauses=Cs1,fc=Fc},Eps,St3};
 expr({'receive',L,Cs0}, St0) ->
     {Cs1,St1} = clauses(Cs0, St0),
@@ -541,9 +541,10 @@ expr({'try',L,Es0,Cs0,Ecs,[]}, St0) ->
     {V,St2} = new_var(St1),		%This name should be arbitrary
     {Cs1,St3} = clauses(Cs0, St2),
     {Fpat,St4} = new_var(St3),
-    Fc = fail_clause([Fpat], c_tuple([#c_literal{val=try_clause},Fpat])),
+    Lanno = lineno_anno(L, St4),
+    Fc = fail_clause([Fpat], Lanno,
+		     c_tuple([#c_literal{val=try_clause},Fpat])),
     {Evs,Hs,St5} = try_exception(Ecs, St4),
-    Lanno = lineno_anno(L, St1),
     {#itry{anno=#a{anno=lineno_anno(L, St5)},args=Es1,
 	   vars=[V],body=[#icase{anno=#a{anno=Lanno},args=[V],clauses=Cs1,fc=Fc}],
 	   evars=Evs,handler=Hs},
@@ -572,6 +573,13 @@ expr({'catch',L,E0}, St0) ->
 expr({'fun',L,{function,F,A},{_,_,_}=Id}, St) ->
     Lanno = lineno_anno(L, St),
     {#c_var{anno=Lanno++[{id,Id}],name={F,A}},[],St};
+expr({'fun',L,{function,M,F,A}}, St0) ->
+    {As,Aps,St1} = safe_list([M,F,A], St0),
+    Lanno = lineno_anno(L, St1),
+    {#icall{anno=#a{anno=Lanno},
+	    module=#c_literal{val=erlang},
+	    name=#c_literal{val=make_fun},
+	    args=As},Aps,St1};
 expr({'fun',L,{clauses,Cs},Id}, St) ->
     fun_tq(Id, Cs, L, St);
 expr({call,L,{remote,_,M,F},As0}, #core{wanted=Wanted}=St0) ->
@@ -607,8 +615,8 @@ expr({match,L,P0,E0}, St0) ->
 		 Thrown
 	 end,
     {Fpat,St4} = new_var(St3),
-    Fc = fail_clause([Fpat], c_tuple([#c_literal{val=badmatch},Fpat])),
     Lanno = lineno_anno(L, St4),
+    Fc = fail_clause([Fpat], Lanno, c_tuple([#c_literal{val=badmatch},Fpat])),
     case P2 of
 	nomatch ->
 	    St = add_warning(L, nomatch, St4),
@@ -828,8 +836,9 @@ fun_tq({_,_,Name}=Id, Cs0, L, St0) ->
     {Cs1,St1} = clauses(Cs0, St0),
     {Args,St2} = new_vars(Arity, St1),
     {Ps,St3} = new_vars(Arity, St2),		%Need new variables here
-    Fc = function_clause(Ps, {Name,Arity}),
-    Fun = #ifun{anno=#a{anno=lineno_anno(L, St3)},
+    Anno = lineno_anno(L, St3),
+    Fc = function_clause(Ps, Anno, {Name,Arity}),
+    Fun = #ifun{anno=#a{anno=Anno},
 		id=[{id,Id}],				%We KNOW!
 		vars=Args,clauses=Cs1,fc=Fc},
     {Fun,[],St3}.
@@ -929,7 +938,7 @@ lc_tq(Line, E, [{b_generate,Lg,P,G}|Qs0], Mc, St0) ->
      [],St};
 lc_tq(Line, E, [Fil0|Qs0], Mc, St0) ->
     %% Special case sequences guard tests.
-    LA = lineno_anno(Line, St0),
+    LA = lineno_anno(element(2, Fil0), St0),
     LAnno = #a{anno=LA},
     case is_guard_test(Fil0) of
 	true ->
@@ -945,7 +954,8 @@ lc_tq(Line, E, [Fil0|Qs0], Mc, St0) ->
 	false ->
 	    {Lc,Lps,St1} = lc_tq(Line, E, Qs0, Mc, St0),
 	    {Fpat,St2} = new_var(St1),
-	    Fc = fail_clause([Fpat], c_tuple([#c_literal{val=case_clause},Fpat])),
+	    Fc = fail_clause([Fpat], LA,
+			     c_tuple([#c_literal{val=case_clause},Fpat])),
 	    %% Do a novars little optimisation here.
 	    {Filc,Fps,St3} = novars(Fil0, St2),
 	    {#icase{anno=LAnno,
@@ -1072,7 +1082,7 @@ bc_tq1(Line, E, [{b_generate,Lg,P,G}|Qs0], AccExpr, St0) ->
      [],St};
 bc_tq1(Line, E, [Fil0|Qs0], AccVar, St0) ->
     %% Special case sequences guard tests.
-    LA = lineno_anno(Line, St0),
+    LA = lineno_anno(element(2, Fil0), St0),
     LAnno = #a{anno=LA},
     case is_guard_test(Fil0) of
 	true ->
@@ -1089,7 +1099,8 @@ bc_tq1(Line, E, [Fil0|Qs0], AccVar, St0) ->
 	false ->
 	    {Bc,Bps,St1} = bc_tq1(Line, E, Qs0, AccVar, St0),
 	    {Fpat,St2} = new_var(St1),
-	    Fc = fail_clause([Fpat], c_tuple([#c_literal{val=case_clause},Fpat])),
+	    Fc = fail_clause([Fpat], LA,
+			     c_tuple([#c_literal{val=case_clause},Fpat])),
 	    %% Do a novars little optimisation here.
 	    {Filc,Fps,St} = novars(Fil0, St2),
 	    {#icase{anno=LAnno,
@@ -1562,17 +1573,11 @@ new_vars_1(N, Anno, St0, Vs) when N > 0 ->
     new_vars_1(N-1, Anno, St1, [V|Vs]);
 new_vars_1(0, _, St, Vs) -> {Vs,St}.
 
-function_clause(Ps, Name) ->
-    function_clause(Ps, [], Name).
-
 function_clause(Ps, LineAnno, Name) ->
-    FcAnno = [{function_name,Name}],
+    FcAnno = [{function_name,Name}|LineAnno],
     fail_clause(Ps, FcAnno,
 		ann_c_tuple(LineAnno, [#c_literal{val=function_clause}|Ps])).
 
-fail_clause(Pats, Arg) ->
-    fail_clause(Pats, [], Arg).
-
 fail_clause(Pats, Anno, Arg) ->
     #iclause{anno=#a{anno=[compiler_generated]},
 	     pats=Pats,guard=[],
diff --git a/lib/compiler/src/v3_kernel.erl b/lib/compiler/src/v3_kernel.erl
index 3b33a08cf7..f2eaa37617 100644
--- a/lib/compiler/src/v3_kernel.erl
+++ b/lib/compiler/src/v3_kernel.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -83,8 +83,7 @@
 -import(lists, [map/2,foldl/3,foldr/3,mapfoldl/3,splitwith/2,member/2,
 		keymember/3,keyfind/3]).
 -import(ordsets, [add_element/2,del_element/2,union/2,union/1,subtract/2]).
-
--compile({nowarn_deprecated_function, {erlang,hash,2}}).
+-import(cerl, [c_tuple/1]).
 
 -include("core_parse.hrl").
 -include("v3_kernel.hrl").
@@ -247,7 +246,7 @@ expr(#c_var{anno=A,name={_Name,Arity}}=Fname, Sub, St) ->
     %% instead of one for each occurrence as done now.
     Vs = [#c_var{name=list_to_atom("V" ++ integer_to_list(V))} ||
 	     V <- integers(1, Arity)],
-    Fun = #c_fun{anno=A,vars=Vs,body=#c_apply{op=Fname,args=Vs}},
+    Fun = #c_fun{anno=A,vars=Vs,body=#c_apply{anno=A,op=Fname,args=Vs}},
     expr(Fun, Sub, St);
 expr(#c_var{anno=A,name=V}, Sub, St) ->
     {#k_var{anno=A,name=get_vsub(V, Sub)},[],St};
@@ -291,7 +290,7 @@ expr(#c_binary{anno=A,segments=Cv}, Sub, St0) ->
 	    Erl = #c_literal{val=erlang},
 	    Name = #c_literal{val=error},
 	    Args = [#c_literal{val=badarg}],
-	    Error = #c_call{module=Erl,name=Name,args=Args},
+	    Error = #c_call{anno=A,module=Erl,name=Name,args=Args},
 	    expr(Error, Sub, St0)
     end;
 expr(#c_fun{anno=A,vars=Cvs,body=Cb}, Sub0, #kern{ff=OldFF,func=Func}=St0) ->
@@ -424,10 +423,11 @@ expr(#c_call{anno=A,module=M0,name=F0,args=Cargs}, Sub, St0) ->
     end;
 expr(#c_primop{anno=A,name=#c_literal{val=match_fail},args=Cargs0}, Sub, St0) ->
     Cargs = translate_match_fail(Cargs0, Sub, A, St0),
-    %% This special case will disappear.
     {Kargs,Ap,St} = atomic_list(Cargs, Sub, St0),
     Ar = length(Cargs),
-    Call = #k_call{anno=A,op=#k_internal{name=match_fail,arity=Ar},args=Kargs},
+    Call = #k_call{anno=A,op=#k_remote{mod=#k_atom{val=erlang},
+				       name=#k_atom{val=error},
+				       arity=Ar},args=Kargs},
     {Call,Ap,St};
 expr(#c_primop{anno=A,name=#c_literal{val=N},args=Cargs}, Sub, St0) ->
     {Kargs,Ap,St1} = atomic_list(Cargs, Sub, St0),
@@ -457,14 +457,14 @@ expr(#ireceive_accept{anno=A}, _Sub, St) -> {#k_receive_accept{anno=A},[],St}.
 translate_match_fail(Args, Sub, Anno, St) ->
     case Args of
 	[#c_tuple{es=[#c_literal{val=function_clause}|As]}] ->
-	    translate_match_fail_1(Anno, Args, As, Sub, St);
+	    translate_match_fail_1(Anno, As, Sub, St);
 	[#c_literal{val=Tuple}] when is_tuple(Tuple) ->
 	    %% The inliner may have created a literal out of
 	    %% the original #c_tuple{}.
 	    case tuple_to_list(Tuple) of
 		[function_clause|As0] ->
 		    As = [#c_literal{val=E} || E <- As0],
-		    translate_match_fail_1(Anno, Args, As, Sub, St);
+		    translate_match_fail_1(Anno, As, Sub, St);
 		_ ->
 		    Args
 	    end;
@@ -473,7 +473,7 @@ translate_match_fail(Args, Sub, Anno, St) ->
 	    Args
     end.
 
-translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
+translate_match_fail_1(Anno, As, Sub, #kern{ff=FF}) ->
     AnnoFunc = case keyfind(function_name, 1, Anno) of
 		   false ->
 		       none;			%Force rewrite.
@@ -483,10 +483,10 @@ translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
     case {AnnoFunc,FF} of
 	{Same,Same} ->
 	    %% Still in the correct function.
-	    Args;
+	    translate_fc(As);
 	{{F,_},F} ->
 	    %% Still in the correct function.
-	    Args;
+	    translate_fc(As);
 	_ ->
 	    %% Wrong function or no function_name annotation.
 	    %%
@@ -495,9 +495,12 @@ translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
 	    %% the current function). match_fail(function_clause) will
 	    %% only work at the top level of the function it was originally
 	    %% defined in, so we will need to rewrite it to a case_clause.
-	    [#c_tuple{es=[#c_literal{val=case_clause},#c_tuple{es=As}]}]
+	    [c_tuple([#c_literal{val=case_clause},c_tuple(As)])]
     end.
 
+translate_fc(Args) ->
+    [#c_literal{val=function_clause},make_list(Args)].
+
 %% call_type(Module, Function, Arity) -> call | bif | apply | error.
 %%  Classify the call.
 call_type(#c_literal{val=M}, #c_literal{val=F}, Ar) when is_atom(M), is_atom(F) ->
@@ -1167,9 +1170,7 @@ select_bin_int_1(_, _, _, _) -> throw(not_possible).
 
 select_assert_match_possible(Sz, Val, Fs) ->
     EmptyBindings = erl_eval:new_bindings(),
-    MatchFun = fun({integer,_,_}, NewV, Bs) when NewV =:= Val ->
-		       {match,Bs}
-	       end,
+    MatchFun = match_fun(Val),
     EvalFun = fun({integer,_,S}, B) -> {value,S,B} end,
     Expr = [{bin_element,0,{integer,0,Val},{integer,0,Sz},[{unit,1}|Fs]}],
     {value,Bin,EmptyBindings} = eval_bits:expr_grp(Expr, EmptyBindings, EvalFun),
@@ -1184,6 +1185,11 @@ select_assert_match_possible(Sz, Val, Fs) ->
 	    throw(not_possible)
     end.
 
+match_fun(Val) ->
+    fun(match, {{integer,_,_},NewV,Bs}) when NewV =:= Val ->
+	    {match,Bs}
+    end.
+
 select_utf8(Val0) ->
     try
 	Bin = <<Val0/utf8>>,
@@ -1493,7 +1499,6 @@ iletrec_funs_gen(Fs, FreeVs, St) ->
 %% is_exit_expr(Kexpr) -> boolean().
 %%  Test whether Kexpr always exits and never returns.
 
-is_exit_expr(#k_call{op=#k_internal{name=match_fail,arity=1}}) -> true;
 is_exit_expr(#k_receive_next{}) -> true;
 is_exit_expr(_) -> false.
 
@@ -1655,31 +1660,31 @@ uexpr(#k_catch{anno=A,body=B0}, {break,Rs0}, St0) ->
     {Ns,St3} = new_vars(1 - length(Rs0), St2),
     Rs1 = Rs0 ++ Ns,
     {#k_catch{anno=#k{us=Bu,ns=lit_list_vars(Rs1),a=A},body=B1,ret=Rs1},Bu,St3};
-uexpr(#ifun{anno=A,vars=Vs,body=B0}=IFun, {break,Rs}, St0) ->
+uexpr(#ifun{anno=A,vars=Vs,body=B0}, {break,Rs}, St0) ->
     {B1,Bu,St1} = ubody(B0, return, St0),	%Return out of new function
     Ns = lit_list_vars(Vs),
     Free = subtract(Bu, Ns),			%Free variables in fun
     Fvs = make_vars(Free),
     Arity = length(Vs) + length(Free),
-    {{Index,Uniq,Fname}, St3} =
+    {Fname,St} =
 	case lists:keyfind(id, 1, A) of 
-	    {id,Id} ->
-		{Id, St1};
+	    {id,{_,_,Fname0}} ->
+		{Fname0,St1};
 	    false ->
-		%% No id annotation. Must invent one.
-		I = St1#kern.fcount,
-		U = erlang:hash(IFun, (1 bsl 27)-1),
-		{N, St2} = new_fun_name(St1),
-		{{I,U,N}, St2}
+		%% No id annotation. Must invent a fun name.
+		new_fun_name(St1)
 	end,
     Fun = #k_fdef{anno=#k{us=[],ns=[],a=A},func=Fname,arity=Arity,
 		  vars=Vs ++ Fvs,body=B1},
+    %% Set dummy values for Index and Uniq -- the real values will
+    %% be assigned by beam_asm.
+    Index = Uniq = 0,
     {#k_bif{anno=#k{us=Free,ns=lit_list_vars(Rs),a=A},
  	    op=#k_internal{name=make_fun,arity=length(Free)+3},
  	    args=[#k_atom{val=Fname},#k_int{val=Arity},
  		  #k_int{val=Index},#k_int{val=Uniq}|Fvs],
  	    ret=Rs},
-     Free,add_local_function(Fun, St3)};
+     Free,add_local_function(Fun, St)};
 uexpr(Lit, {break,Rs}, St) ->
     %% Transform literals to puts here.
     %%ok = io:fwrite("uexpr ~w:~p~n", [?LINE,Lit]),
diff --git a/lib/compiler/src/v3_life.erl b/lib/compiler/src/v3_life.erl
index a7a4d4dc91..93f8034230 100644
--- a/lib/compiler/src/v3_life.erl
+++ b/lib/compiler/src/v3_life.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -65,7 +65,7 @@ functions([], Acc) -> reverse(Acc).
 
 %% function(Kfunc) -> Func.
 
-function(#k_fdef{func=F,arity=Ar,vars=Vs,body=Kb}) ->
+function(#k_fdef{anno=#k{a=Anno},func=F,arity=Ar,vars=Vs,body=Kb}) ->
     try
 	As = var_list(Vs),
 	Vdb0 = foldl(fun ({var,N}, Vdb) -> new_var(N, 0, Vdb) end, [], As),
@@ -80,7 +80,7 @@ function(#k_fdef{func=F,arity=Ar,vars=Vs,body=Kb}) ->
 	put(guard_refc, 0),
 	{B1,_,Vdb1} = body(B0, 1, Vdb0),
 	erase(guard_refc),
-	{function,F,Ar,As,B1,Vdb1}
+	{function,F,Ar,As,B1,Vdb1,Anno}
     catch
 	Class:Error ->
 	    Stack = erlang:get_stacktrace(),
@@ -89,19 +89,8 @@ function(#k_fdef{func=F,arity=Ar,vars=Vs,body=Kb}) ->
     end.
 
 %% body(Kbody, I, Vdb) -> {[Expr],MaxI,Vdb}.
-%%  Handle a body, need special cases for transforming match_fails.
-%%  We KNOW that they only occur last in a body.
-
-body(#k_seq{arg=#k_put{anno=Pa,arg=Arg,ret=[R]},
-	    body=#k_enter{anno=Ea,op=#k_internal{name=match_fail,arity=1},
-			  args=[R]}},
-      I, Vdb0) ->
-    Vdb1 = use_vars(Pa#k.us, I, Vdb0),		%All used here
-    {[match_fail(Arg, I, Pa#k.a ++ Ea#k.a)],I,Vdb1};
-body(#k_enter{anno=Ea,op=#k_internal{name=match_fail,arity=1},args=[Arg]},
-      I, Vdb0) ->
-    Vdb1 = use_vars(Ea#k.us, I, Vdb0),
-    {[match_fail(Arg, I, Ea#k.a)],I,Vdb1};
+%%  Handle a body.
+
 body(#k_seq{arg=Ke,body=Kb}, I, Vdb0) ->
     %%ok = io:fwrite("life ~w:~p~n", [?LINE,{Ke,I,Vdb0}]),
     A = get_kanno(Ke),
@@ -353,25 +342,6 @@ guard_clause(#k_guard_clause{anno=A,guard=Kg,body=Kb}, Ls, I, Ctxt, Vdb0) ->
        i=I,vdb=use_vars((get_kanno(Kg))#k.us, I+2, Vdb1),
        a=A#k.a}.
 
-%% match_fail(FailValue, I, Anno) -> Expr.
-%%  Generate the correct match_fail instruction.  N.B. there is no
-%%  generic case for when the fail value has been created elsewhere.
-
-match_fail(#k_literal{anno=Anno,val={Atom,Val}}, I, A) when is_atom(Atom) ->
-    match_fail(#k_tuple{anno=Anno,es=[#k_atom{val=Atom},#k_literal{val=Val}]}, I, A);
-match_fail(#k_literal{anno=Anno,val={Atom}}, I, A) when is_atom(Atom) ->
-    match_fail(#k_tuple{anno=Anno,es=[#k_atom{val=Atom}]}, I, A);
-match_fail(#k_tuple{es=[#k_atom{val=function_clause}|As]}, I, A) ->
-    #l{ke={match_fail,{function_clause,literal_list(As, [])}},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=badmatch},Val]}, I, A) ->
-    #l{ke={match_fail,{badmatch,literal(Val, [])}},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=case_clause},Val]}, I, A) ->
-    #l{ke={match_fail,{case_clause,literal(Val, [])}},i=I,a=A};
-match_fail(#k_atom{val=if_clause}, I, A) ->
-    #l{ke={match_fail,if_clause},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=try_clause},Val]}, I, A) ->
-    #l{ke={match_fail,{try_clause,literal(Val, [])}},i=I,a=A}.
-
 %% type(Ktype) -> Type.
 
 type(k_literal) -> literal;
diff --git a/lib/compiler/test/Makefile b/lib/compiler/test/Makefile
index b90adaf917..e13ad4ae90 100644
--- a/lib/compiler/test/Makefile
+++ b/lib/compiler/test/Makefile
@@ -10,6 +10,7 @@ MODULES= \
 	apply_SUITE \
 	beam_validator_SUITE \
 	beam_disasm_SUITE \
+	beam_expect_SUITE \
 	bs_bincomp_SUITE \
 	bs_bit_binaries_SUITE \
 	bs_construct_SUITE \
@@ -29,7 +30,6 @@ MODULES= \
 	misc_SUITE \
 	num_bif_SUITE \
 	pmod_SUITE \
-	parteval_SUITE \
 	receive_SUITE \
 	record_SUITE \
 	trycatch_SUITE \
@@ -39,6 +39,7 @@ MODULES= \
 NO_OPT= \
 	andor \
 	apply \
+	beam_expect \
 	bs_construct \
         bs_match \
 	bs_utf \
diff --git a/lib/compiler/test/beam_expect_SUITE.erl b/lib/compiler/test/beam_expect_SUITE.erl
new file mode 100644
index 0000000000..6f216eac4f
--- /dev/null
+++ b/lib/compiler/test/beam_expect_SUITE.erl
@@ -0,0 +1,67 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(beam_expect_SUITE).
+
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+	 init_per_group/2,end_per_group/2,
+	 coverage/1]).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+    [coverage].
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(_GroupName, Config) ->
+    Config.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+coverage(_) ->
+    File = {file,"fake.erl"},
+    ok = fc(a),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[[x]],[File,{line,2}]}|_]}} =
+	(catch fc([x])),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[y],[File,{line,2}]}|_]}} =
+	(catch fc(y)),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[[a,b,c]],[File,{line,6}]}|_]}} =
+	(catch fc([a,b,c])),
+
+    {'EXIT',{undef,[{erlang,error,[a,b,c],_}|_]}} =
+	(catch erlang:error(a, b, c)),
+    ok.
+
+-file("fake.erl", 1).
+fc(a) ->	                                %Line 2
+    ok;						%Line 3
+fc(L) when length(L) > 2 ->			%Line 4
+    %% Not the same as a "real" function_clause error.
+    error(function_clause, [L]).		%Line 6
diff --git a/lib/compiler/test/beam_validator_SUITE.erl b/lib/compiler/test/beam_validator_SUITE.erl
index 556dc54a8f..902867bc19 100644
--- a/lib/compiler/test/beam_validator_SUITE.erl
+++ b/lib/compiler/test/beam_validator_SUITE.erl
@@ -79,21 +79,18 @@ beam_files(Config) when is_list(Config) ->
     %% a grammatical error in the output of the io:format/2 call below. ;-)
     ?line [_,_|_] = Fs = filelib:wildcard(Wc),
     ?line io:format("~p files\n", [length(Fs)]),
-    beam_files_1(Fs, 0).
-
-beam_files_1([F|Fs], Errors) ->
-    ?line case beam_validator:file(F) of
-	      ok ->
-		  beam_files_1(Fs, Errors);
-	      {error,Es} ->
-		  io:format("File:  ~s", [F]),
-		  io:format("Error: ~p\n", [Es]),
-		  beam_files_1(Fs, Errors+1)
-	  end;
-beam_files_1([], 0) -> ok;
-beam_files_1([], Errors) ->
-    ?line io:format("~p error(s)", [Errors]),
-    ?line ?t:fail().
+    test_lib:p_run(fun do_beam_file/1, Fs).
+
+
+do_beam_file(F) ->
+    case beam_validator:file(F) of
+	ok ->
+	    ok;
+	{error,Es} ->
+	    io:format("File:  ~s", [F]),
+	    io:format("Error: ~p\n", [Es]),
+	    error
+    end.
 
 compiler_bug(Config) when is_list(Config) ->
     %% Check that the compiler returns an error if we try to
diff --git a/lib/compiler/test/bs_match_SUITE.erl b/lib/compiler/test/bs_match_SUITE.erl
index 6a795f6634..01b7568122 100644
--- a/lib/compiler/test/bs_match_SUITE.erl
+++ b/lib/compiler/test/bs_match_SUITE.erl
@@ -342,6 +342,10 @@ partitioned_bs_match(Config) when is_list(Config) ->
 
     ?line fc(partitioned_bs_match_2, [4,<<0:17>>],
 	     catch partitioned_bs_match_2(4, <<0:17>>)),
+
+    anything = partitioned_bs_match_3(anything, <<42>>),
+    ok = partitioned_bs_match_3(1, 2),
+
     ok.
 
 partitioned_bs_match(_, <<42:8,T/binary>>) ->
@@ -356,6 +360,9 @@ partitioned_bs_match_2(1, <<B:8,T/binary>>) ->
 partitioned_bs_match_2(Len, <<_:8,T/binary>>) ->
     {Len,T}.
 
+partitioned_bs_match_3(Var, <<_>>) -> Var;
+partitioned_bs_match_3(1, 2) -> ok.
+
 function_clause(Config) when is_list(Config)  ->
     ?line ok = function_clause_1(<<0,7,0,7,42>>),
     ?line fc(function_clause_1, [<<0,1,2,3>>],
@@ -1028,8 +1035,8 @@ haystack_2(Haystack) ->
 fc({'EXIT',{function_clause,_}}) -> ok;
 fc({'EXIT',{{case_clause,_},_}}) when ?MODULE =:= bs_match_inline_SUITE -> ok.
 
-fc(Name, Args, {'EXIT',{function_clause,[{?MODULE,Name,Args}|_]}}) -> ok;
-fc(Name, Args, {'EXIT',{function_clause,[{?MODULE,Name,Arity}|_]}})
+fc(Name, Args, {'EXIT',{function_clause,[{?MODULE,Name,Args,_}|_]}}) -> ok;
+fc(Name, Args, {'EXIT',{function_clause,[{?MODULE,Name,Arity,_}|_]}})
   when length(Args) =:= Arity ->
     true = test_server:is_native(?MODULE);
 fc(_, Args, {'EXIT',{{case_clause,ActualArgs},_}})
diff --git a/lib/compiler/test/bs_utf_SUITE.erl b/lib/compiler/test/bs_utf_SUITE.erl
index f30a4d3fef..94549ad0d3 100644
--- a/lib/compiler/test/bs_utf_SUITE.erl
+++ b/lib/compiler/test/bs_utf_SUITE.erl
@@ -264,18 +264,10 @@ literals(Config) when is_list(Config) ->
     ?line {'EXIT',{badarg,_}} = (catch <<(-1)/utf32,I/utf8>>),
     ?line {'EXIT',{badarg,_}} = (catch <<(-1)/little-utf32,I/utf8>>),
     ?line {'EXIT',{badarg,_}} = (catch <<16#D800/utf8,I/utf8>>),
-    ?line {'EXIT',{badarg,_}} = (catch <<16#FFFE/utf8,I/utf8>>),
-    ?line {'EXIT',{badarg,_}} = (catch <<16#FFFF/utf8,I/utf8>>),
     ?line {'EXIT',{badarg,_}} = (catch <<16#D800/utf16,I/utf8>>),
     ?line {'EXIT',{badarg,_}} = (catch <<16#D800/little-utf16,I/utf8>>),
-    ?line {'EXIT',{badarg,_}} = (catch <<16#FFFE/utf16,I/utf8>>),
-    ?line {'EXIT',{badarg,_}} = (catch <<16#FFFE/little-utf16,I/utf8>>),
-    ?line {'EXIT',{badarg,_}} = (catch <<16#FFFF/utf16,I/utf8>>),
-    ?line {'EXIT',{badarg,_}} = (catch <<16#FFFF/little-utf16,I/utf8>>),
     ?line {'EXIT',{badarg,_}} = (catch <<16#D800/utf32,I/utf8>>),
     ?line {'EXIT',{badarg,_}} = (catch <<16#D800/little-utf32,I/utf8>>),
-    ?line {'EXIT',{badarg,_}} = (catch <<16#FFFE/utf32,I/utf8>>),
-    ?line {'EXIT',{badarg,_}} = (catch <<16#FFFF/little-utf32,I/utf8>>),
 
     B = 16#10FFFF+1,
     ?line {'EXIT',{badarg,_}} = (catch <<B/utf8>>),
@@ -286,20 +278,11 @@ literals(Config) when is_list(Config) ->
 
     %% Matching of bad literals.
     ?line error = bad_literal_match(<<237,160,128>>), %16#D800 in UTF-8
-    ?line error = bad_literal_match(<<239,191,190>>), %16#FFFE in UTF-8
-    ?line error = bad_literal_match(<<239,191,191>>), %16#FFFF in UTF-8
     ?line error = bad_literal_match(<<244,144,128,128>>), %16#110000 in UTF-8
 
-    ?line error = bad_literal_match(<<255,254>>), %16#FFFE in UTF-16
-    ?line error = bad_literal_match(<<255,255>>), %16#FFFF in UTF-16
-
     ?line error = bad_literal_match(<<16#D800:32>>),
-    ?line error = bad_literal_match(<<16#FFFE:32>>),
-    ?line error = bad_literal_match(<<16#FFFF:32>>),
     ?line error = bad_literal_match(<<16#110000:32>>),
     ?line error = bad_literal_match(<<16#D800:32/little>>),
-    ?line error = bad_literal_match(<<16#FFFE:32/little>>),
-    ?line error = bad_literal_match(<<16#FFFF:32/little>>),
     ?line error = bad_literal_match(<<16#110000:32/little>>),
 
     ok.
@@ -314,11 +297,7 @@ match_literal(<<"bj\366rn"/big-utf16>>) -> bjorn_utf16be;
 match_literal(<<"bj\366rn"/little-utf16>>) -> bjorn_utf16le.
 
 bad_literal_match(<<16#D800/utf8>>) -> ok;
-bad_literal_match(<<16#FFFE/utf8>>) -> ok;
-bad_literal_match(<<16#FFFF/utf8>>) -> ok;
 bad_literal_match(<<16#110000/utf8>>) -> ok;
-bad_literal_match(<<16#FFFE/utf16>>) -> ok;
-bad_literal_match(<<16#FFFF/utf16>>) -> ok;
 bad_literal_match(<<16#D800/utf32>>) -> ok;
 bad_literal_match(<<16#110000/utf32>>) -> ok;
 bad_literal_match(<<16#D800/little-utf32>>) -> ok;
diff --git a/lib/compiler/test/compilation_SUITE.erl b/lib/compiler/test/compilation_SUITE.erl
index 1343fbd1c9..664582a3a8 100644
--- a/lib/compiler/test/compilation_SUITE.erl
+++ b/lib/compiler/test/compilation_SUITE.erl
@@ -44,7 +44,7 @@ all() ->
      trycatch_4, opt_crash, otp_5404, otp_5436, otp_5481,
      otp_5553, otp_5632, otp_5714, otp_5872, otp_6121,
      otp_6121a, otp_6121b, otp_7202, otp_7345, on_load,
-     string_table,otp_8949_a,otp_8949_a].
+     string_table,otp_8949_a,otp_8949_a,split_cases].
 
 groups() -> 
     [{vsn, [], [vsn_1, vsn_2, vsn_3]}].
@@ -427,9 +427,9 @@ self_compile_1(Config, Prefix, Opts) ->
     %% Compile the compiler again using the newly compiled compiler.
     %% (In another node because reloading the compiler would disturb cover.)
     CompilerB = Prefix++"compiler_b",
-    ?line CompB = make_compiler_dir(Priv, Prefix++"compiler_b"),
+    CompB = make_compiler_dir(Priv, CompilerB),
     ?line VsnB = VsnA ++ ".0",
-    ?line self_compile_node(CompilerB, CompA, CompB, VsnB, Opts),
+    self_compile_node(CompA, CompB, VsnB, Opts),
 
     %% Compare compiler directories.
     ?line compare_compilers(CompA, CompB),
@@ -438,21 +438,26 @@ self_compile_1(Config, Prefix, Opts) ->
     ?line CompilerC = Prefix++"compiler_c",
     ?line CompC = make_compiler_dir(Priv, CompilerC),
     ?line VsnC = VsnB ++ ".0",
-    ?line self_compile_node(CompilerC, CompB, CompC, VsnC, Opts),
+    self_compile_node(CompB, CompC, VsnC, Opts),
     ?line compare_compilers(CompB, CompC),
 
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
-self_compile_node(NodeName0, CompilerDir, OutDir, Version, Opts) ->
-    ?line NodeName = list_to_atom(NodeName0),
-    ?line Dog = test_server:timetrap(test_server:minutes(10)),
+self_compile_node(CompilerDir, OutDir, Version, Opts) ->
+    ?line Dog = test_server:timetrap(test_server:minutes(15)),
     ?line Pa = "-pa " ++ filename:dirname(code:which(?MODULE)) ++
 	" -pa " ++ CompilerDir,
-    ?line {ok,Node} = start_node(NodeName, Pa),
     ?line Files = compiler_src(),
-    ?line ok = rpc:call(Node, ?MODULE, compile_compiler, [Files,OutDir,Version,Opts]),
-    ?line test_server:stop_node(Node),
+
+    %% We don't want the cover server started on the other node,
+    %% because it will load the same cover-compiled code as on this
+    %% node. Use a shielded node to prevent the cover server from
+    %% being started.
+    ?t:run_on_shielded_node(
+       fun() ->
+	       compile_compiler(Files, OutDir, Version, Opts)
+       end, Pa),
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
@@ -465,9 +470,12 @@ compile_compiler(Files, OutDir, Version, InlineOpts) ->
 	    {d,'COMPILER_VSN',"\""++Version++"\""},
 	    nowarn_shadow_vars,
 	    {i,filename:join(code:lib_dir(stdlib), "include")}|InlineOpts],
-    lists:foreach(fun(File) ->
-			  {ok,_} = compile:file(File, Opts)
-		  end, Files).
+    test_lib:p_run(fun(File) ->
+			   case compile:file(File, Opts) of
+			       {ok,_} -> ok;
+			       _ -> error
+			   end
+		   end, Files).
 
 compiler_src() ->
     filelib:wildcard(filename:join([code:lib_dir(compiler), "src", "*.erl"])).
@@ -657,5 +665,19 @@ otp_8949_b(A, B) ->
 	    id(Var)
     end.
     
+split_cases(_) ->
+    dummy1 = do_split_cases(x),
+    {'EXIT',{{badmatch,b},_}} = (catch do_split_cases(y)),
+    ok.
+
+do_split_cases(A) ->
+    case A of
+        x ->
+	    Z = dummy1;
+        _ ->
+	    Z = dummy2,
+	    a=b
+    end,
+    Z.
 
 id(I) -> I.
diff --git a/lib/compiler/test/compile_SUITE.erl b/lib/compiler/test/compile_SUITE.erl
index b3e5376ffd..640849f2ec 100644
--- a/lib/compiler/test/compile_SUITE.erl
+++ b/lib/compiler/test/compile_SUITE.erl
@@ -29,7 +29,8 @@
 	 binary/1, makedep/1, cond_and_ifdef/1, listings/1, listings_big/1,
 	 other_output/1, package_forms/1, encrypted_abstr/1,
 	 bad_record_use1/1, bad_record_use2/1, strict_record/1,
-	 missing_testheap/1, cover/1, env/1, core/1, asm/1]).
+	 missing_testheap/1, cover/1, env/1, core/1, asm/1,
+	 sys_pre_attributes/1]).
 
 -export([init/3]).
 
@@ -45,7 +46,8 @@ all() ->
      binary, makedep, cond_and_ifdef, listings, listings_big,
      other_output, package_forms, encrypted_abstr,
      {group, bad_record_use}, strict_record,
-     missing_testheap, cover, env, core, asm].
+     missing_testheap, cover, env, core, asm,
+     sys_pre_attributes].
 
 groups() -> 
     [{bad_record_use, [],
@@ -77,11 +79,22 @@ file_1(Config) when is_list(Config) ->
     ?line {Simple, Target} = files(Config, "file_1"),
     ?line {ok, Cwd} = file:get_cwd(),
     ?line ok = file:set_cwd(filename:dirname(Target)),
-    ?line {ok,simple} = compile:file(Simple),	%Smoke test only.
+
+    %% Native from BEAM without compilation info.
     ?line {ok,simple} = compile:file(Simple, [slim]), %Smoke test only.
-    ?line {ok,simple} = compile:file(Simple, [native,report]), %Smoke test.
     ?line {ok,simple} = compile:file(Target, [native,from_beam]), %Smoke test.
-    ?line {ok,simple} = compile:file(Simple, [debug_info]),
+
+    %% Native from BEAM with compilation info.
+    ?line {ok,simple} = compile:file(Simple),	%Smoke test only.
+    ?line {ok,simple} = compile:file(Target, [native,from_beam]), %Smoke test.
+
+    ?line {ok,simple} = compile:file(Simple, [native,report]), %Smoke test.
+
+    ?line compile_and_verify(Simple, Target, []),
+    ?line compile_and_verify(Simple, Target, [native]),
+    ?line compile_and_verify(Simple, Target, [debug_info]),
+    ?line {ok,simple} = compile:file(Simple, [no_line_info]), %Coverage
+
     ?line ok = file:set_cwd(Cwd),
     ?line true = exists(Target),
     ?line passed = run(Target, test, []),
@@ -112,10 +125,9 @@ big_file(Config) when is_list(Config) ->
     ?line Big = filename:join(DataDir, "big.erl"),
     ?line Target = filename:join(PrivDir, "big.beam"),
     ?line ok = file:set_cwd(PrivDir),
-    ?line {ok,big} = compile:file(Big, []),
-    ?line {ok,big} = compile:file(Big, [r9,debug_info]),
-    ?line {ok,big} = compile:file(Big, [no_postopt]),
-    ?line true = exists(Target),
+    ?line compile_and_verify(Big, Target, []),
+    ?line compile_and_verify(Big, Target, [debug_info]),
+    ?line compile_and_verify(Big, Target, [no_postopt]),
 
     %% Cleanup.
     ?line ok = file:delete(Target),
@@ -774,3 +786,46 @@ do_asm(Beam, Outdir) ->
 		      [M,Class,Error,erlang:get_stacktrace()]),
 	    error
     end.
+
+sys_pre_attributes(Config) ->
+    DataDir = ?config(data_dir, Config),
+    File = filename:join(DataDir, "attributes.erl"),
+    Mod = attributes,
+    CommonOpts = [binary,report,verbose,
+		  {parse_transform,sys_pre_attributes}],
+    PreOpts = [{attribute,delete,deleted}],
+    PostOpts = [{attribute,insert,inserted,"value"}],
+    PrePostOpts = [{attribute,replace,replaced,42},
+		   {attribute,replace,replace_nonexisting,new}],
+    {ok,Mod,Code} = compile:file(File, PrePostOpts ++ PreOpts ++
+				     PostOpts ++ CommonOpts),
+    code:load_binary(Mod, File, Code),
+    Attr = Mod:module_info(attributes),
+    io:format("~p", [Attr]),
+    {inserted,"value"} = lists:keyfind(inserted, 1, Attr),
+    {replaced,[42]} = lists:keyfind(replaced, 1, Attr),
+    {replace_nonexisting,[new]} = lists:keyfind(replace_nonexisting, 1, Attr),
+    false = lists:keymember(deleted, 1, Attr),
+
+    %% Cover more code.
+    {ok,Mod,_} = compile:file(File, PostOpts ++ CommonOpts),
+    {ok,Mod,_} = compile:file(File, CommonOpts -- [verbose]),
+    {ok,Mod,_} = compile:file(File, PreOpts ++ CommonOpts),
+    {ok,Mod,_} = compile:file(File,
+			      [{attribute,replace,replaced,42}|CommonOpts]),
+    {ok,Mod,_} = compile:file(File, PrePostOpts ++ PreOpts ++
+				  PostOpts ++ CommonOpts --
+				  [report,verbose]),
+    ok.
+
+%%%
+%%% Utilities.
+%%%
+
+compile_and_verify(Name, Target, Opts) ->
+    Mod = list_to_atom(filename:basename(Name, ".erl")),
+    {ok,Mod} = compile:file(Name, Opts),
+    {ok,{Mod,[{compile_info,CInfo}]}} = 
+	beam_lib:chunks(Target, [compile_info]),
+    {options,BeamOpts} = lists:keyfind(options, 1, CInfo),
+    Opts = BeamOpts.
diff --git a/lib/compiler/test/compile_SUITE_data/attributes.erl b/lib/compiler/test/compile_SUITE_data/attributes.erl
new file mode 100644
index 0000000000..9c3451d272
--- /dev/null
+++ b/lib/compiler/test/compile_SUITE_data/attributes.erl
@@ -0,0 +1,23 @@
+%%
+%% %CopyrightBegin%
+%% 
+%% Copyright Ericsson AB 2012. All Rights Reserved.
+%% 
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%% 
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%% 
+%% %CopyrightEnd%
+%%
+
+-module(attributes).
+-deleted(dummy).
+-replaced(dummy).
+
diff --git a/lib/compiler/test/compiler.cover b/lib/compiler/test/compiler.cover
index 9fc4c7dd43..3fd7fc1937 100644
--- a/lib/compiler/test/compiler.cover
+++ b/lib/compiler/test/compiler.cover
@@ -1,5 +1,5 @@
 {incl_app,compiler,details}.
 
 %% -*- erlang -*-
-{excl_mods,[sys_pre_attributes,core_scan,core_parse]}.
+{excl_mods,compiler,[core_scan,core_parse]}.
 
diff --git a/lib/compiler/test/core_SUITE.erl b/lib/compiler/test/core_SUITE.erl
index 26173c62b8..874e02803d 100644
--- a/lib/compiler/test/core_SUITE.erl
+++ b/lib/compiler/test/core_SUITE.erl
@@ -21,7 +21,9 @@
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
-	 dehydrated_itracer/1,nested_tries/1]).
+	 dehydrated_itracer/1,nested_tries/1,
+	 make_effect_seq/1,eval_is_boolean/1,
+	 unsafe_case/1,nomatch_shadow/1,reversed_annos/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -41,7 +43,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     test_lib:recompile(?MODULE),
-    [dehydrated_itracer, nested_tries].
+    [dehydrated_itracer,nested_tries,make_effect_seq,
+     eval_is_boolean,unsafe_case,nomatch_shadow,reversed_annos].
 
 groups() -> 
     [].
@@ -61,19 +64,18 @@ end_per_group(_GroupName, Config) ->
 
 ?comp(dehydrated_itracer).
 ?comp(nested_tries).
+?comp(make_effect_seq).
+?comp(eval_is_boolean).
+?comp(unsafe_case).
+?comp(nomatch_shadow).
+?comp(reversed_annos).
 
 try_it(Mod, Conf) ->
-    ?line Src = filename:join(?config(data_dir, Conf), atom_to_list(Mod)),
-    ?line Out = ?config(priv_dir,Conf),
-    ?line io:format("Compiling: ~s\n", [Src]),
-    ?line CompRc0 = compile:file(Src, [from_core,{outdir,Out},report,time]),
-    ?line io:format("Result: ~p\n",[CompRc0]),
-    ?line {ok,Mod} = CompRc0,
-
-    ?line {module,Mod} = code:load_abs(filename:join(Out, Mod)),
-    ?line ok = Mod:Mod(),
-    ok.
-
-
-
-
+    Src = filename:join(?config(data_dir, Conf), atom_to_list(Mod)),
+    compile_and_load(Src, []),
+    compile_and_load(Src, [no_copt]).
+
+compile_and_load(Src, Opts) ->
+    {ok,Mod,Bin} = compile:file(Src, [from_core,report,time,binary|Opts]),
+    {module,Mod} = code:load_binary(Mod, Mod, Bin),
+    ok = Mod:Mod().
diff --git a/lib/compiler/test/core_SUITE_data/eval_is_boolean.core b/lib/compiler/test/core_SUITE_data/eval_is_boolean.core
new file mode 100644
index 0000000000..6a68b1414d
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/eval_is_boolean.core
@@ -0,0 +1,22 @@
+module 'eval_is_boolean' ['eval_is_boolean'/0]
+    attributes []
+'eval_is_boolean'/0 =
+    %% Line 4
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+		case call 'erlang':'is_boolean'(call 'erlang':'make_ref'()) of
+		    <'false'> when 'true' ->
+			'ok'
+		    ( <_cor1> when 'true' ->
+			  primop 'match_fail'
+			      ({'badmatch',_cor1})
+		      -| ['compiler_generated'] )
+		  end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'eval_is_boolean',0}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/make_effect_seq.core b/lib/compiler/test/core_SUITE_data/make_effect_seq.core
new file mode 100644
index 0000000000..9941e63b76
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/make_effect_seq.core
@@ -0,0 +1,51 @@
+module 'make_effect_seq' ['make_effect_seq'/0]
+    attributes []
+'make_effect_seq'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      let <_cor0> =
+		  catch
+		      apply 't'/1
+			  ('a')
+	      in
+		  case _cor0 of
+		    <{'EXIT',{'badarg',_cor3}}> when 'true' ->
+			let <_cor4> =
+			    apply 't'/1
+				({'a','b','c'})
+			in
+			    case _cor4 of
+			      <'ok'> when 'true' ->
+				  ( _cor4
+				    -| ['compiler_generated'] )
+			      ( <_cor2> when 'true' ->
+				    primop 'match_fail'
+					({'badmatch',_cor2})
+				-| ['compiler_generated'] )
+			    end
+		    ( <_cor1> when 'true' ->
+			  primop 'match_fail'
+			      ({'badmatch',_cor1})
+		      -| ['compiler_generated'] )
+		  end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'make_effect_seq',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <T> when 'true' ->
+	      do
+		  {'ok',call 'erlang':'element'(2, T)}
+		  'ok'
+	  ( <_cor2> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor2})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/nomatch_shadow.core b/lib/compiler/test/core_SUITE_data/nomatch_shadow.core
new file mode 100644
index 0000000000..565d9dc0f3
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/nomatch_shadow.core
@@ -0,0 +1,28 @@
+module 'nomatch_shadow' ['nomatch_shadow'/0]
+    attributes []
+'nomatch_shadow'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      apply 't'/1
+		  (42)
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'nomatch_shadow',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <42> when 'true' ->
+	      'ok'
+	  <42> when 'true' ->
+	      'ok'
+	  ( <_cor1> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor1})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/reversed_annos.core b/lib/compiler/test/core_SUITE_data/reversed_annos.core
new file mode 100644
index 0000000000..95b3cd52d6
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/reversed_annos.core
@@ -0,0 +1,49 @@
+module 'reversed_annos' ['reversed_annos'/0]
+    attributes []
+'reversed_annos'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      case apply 't'/1
+		       (['a']) of
+		<'ok'> when 'true' ->
+		    let <_cor2> =
+			apply 't'/1
+			    (['a'|['b']])
+		    in
+			case _cor2 of
+			  <'ok'> when 'true' ->
+			      ( _cor2
+				-| ['compiler_generated'] )
+			  ( <_cor1> when 'true' ->
+				primop 'match_fail'
+				    ({'badmatch',_cor1})
+			    -| ['compiler_generated'] )
+			end
+		( <_cor0> when 'true' ->
+		      primop 'match_fail'
+			  ({'badmatch',_cor0})
+		  -| ['compiler_generated'] )
+	      end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'reversed_annos',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <[_cor2|_cor3]> when 'true' ->
+	      'ok'
+	  %% Cover v3_kernel:get_line/1.
+	  ( <['a']> when 'true' ->
+	      'error'
+            -| [{'file',"reversed_annos.erl"},11] )
+	  ( <_cor1> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor1})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/unsafe_case.core b/lib/compiler/test/core_SUITE_data/unsafe_case.core
new file mode 100644
index 0000000000..84cb2c310a
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/unsafe_case.core
@@ -0,0 +1,25 @@
+module 'unsafe_case' ['unsafe_case'/0]
+    attributes []
+'unsafe_case'/0 =
+    fun () ->
+	case apply 't'/1
+		 (42) of
+	  <{'ok',42}> when 'true' ->
+	      'ok'
+	  ( <_cor0> when 'true' ->
+		primop 'match_fail'
+		    ({'badmatch',_cor0})
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <X>
+	      when call 'erlang':'>'
+		    (_cor0,
+		     0) ->
+	      {'ok',X}
+	  %% The default case is intentionally missing
+	  %% to cover v3_kernel:build_match/2.
+	end
+end
diff --git a/lib/compiler/test/core_fold_SUITE.erl b/lib/compiler/test/core_fold_SUITE.erl
index ac14d36e82..fb5ec88c9f 100644
--- a/lib/compiler/test/core_fold_SUITE.erl
+++ b/lib/compiler/test/core_fold_SUITE.erl
@@ -214,6 +214,7 @@ coverage(Config) when is_list(Config) ->
 	(catch cover_will_match_list_type({a,b,c,d})),
     ?line a = cover_remove_non_vars_alias({a,b,c}),
     ?line error = cover_will_match_lit_list(),
+    {ok,[a]} = cover_is_safe_bool_expr(a),
 
     %% Make sure that we don't attempt to make literals
     %% out of pids. (Putting a pid into a #c_literal{}
@@ -249,4 +250,17 @@ cover_will_match_lit_list() ->
 	    error
     end.
 
+cover_is_safe_bool_expr(X) ->
+    %% Use a try...catch that looks like a try...catch in a guard.
+    try
+	%% let V = [X] in {ok,V}
+	%%    is_safe_simple([X]) ==> true
+	%%    is_safe_bool_expr([X]) ==> false
+	V = [X],
+	{ok,V}
+    catch
+	_:_ ->
+	    false
+    end.
+
 id(I) -> I.
diff --git a/lib/compiler/test/fun_SUITE.erl b/lib/compiler/test/fun_SUITE.erl
index 368a5815bf..6067ee8e06 100644
--- a/lib/compiler/test/fun_SUITE.erl
+++ b/lib/compiler/test/fun_SUITE.erl
@@ -20,7 +20,11 @@
 
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2,
-	 test1/1,overwritten_fun/1,otp_7202/1,bif_fun/1]).
+	 test1/1,overwritten_fun/1,otp_7202/1,bif_fun/1,
+	 external/1]).
+
+%% Internal export.
+-export([call_me/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -28,7 +32,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     test_lib:recompile(?MODULE),
-    [test1, overwritten_fun, otp_7202, bif_fun].
+    [test1,overwritten_fun,otp_7202,bif_fun,external].
 
 groups() -> 
     [].
@@ -45,7 +49,6 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
-
 %%% The help functions below are copied from emulator:bs_construct_SUITE.
 
 -define(T(B, L), {B, ??B, L}).
@@ -152,4 +155,47 @@ bif_fun(Config) when is_list(Config) ->
     ?line F = fun abs/1,
     ?line 5 = F(-5),
     ok.
+
+-define(APPLY(M, F, A), (fun(Fun) -> {ok,{a,b}} = Fun({a,b}) end)(fun M:F/A)).
+-define(APPLY2(M, F, A),
+	(fun(Map) ->
+		 Id = fun(I) -> I end,
+		 List = [x,y],
+		 List = Map(Id, List),
+		 {type,external} = erlang:fun_info(Map, type)
+	 end)(fun M:F/A)).
     
+external(Config) when is_list(Config) ->
+    Mod = id(?MODULE),
+    Func = id(call_me),
+    Arity = id(1),
+
+    ?APPLY(?MODULE, call_me, 1),
+    ?APPLY(?MODULE, call_me, Arity),
+    ?APPLY(?MODULE, Func, 1),
+    ?APPLY(?MODULE, Func, Arity),
+    ?APPLY(Mod, call_me, 1),
+    ?APPLY(Mod, call_me, Arity),
+    ?APPLY(Mod, Func, 1),
+    ?APPLY(Mod, Func, Arity),
+
+    ListsMod = id(lists),
+    ListsMap = id(map),
+    ListsArity = id(2),
+
+    ?APPLY2(lists, map, 2),
+    ?APPLY2(lists, map, ListsArity),
+    ?APPLY2(lists, ListsMap, 2),
+    ?APPLY2(lists, ListsMap, ListsArity),
+    ?APPLY2(ListsMod, map, 2),
+    ?APPLY2(ListsMod, map, ListsArity),
+    ?APPLY2(ListsMod, ListsMap, 2),
+    ?APPLY2(ListsMod, ListsMap, ListsArity),
+
+    ok.
+
+call_me(I) ->
+    {ok,I}.
+
+id(I) ->
+    I.
diff --git a/lib/compiler/test/guard_SUITE.erl b/lib/compiler/test/guard_SUITE.erl
index 0e69efba6b..40711783ed 100644
--- a/lib/compiler/test/guard_SUITE.erl
+++ b/lib/compiler/test/guard_SUITE.erl
@@ -32,7 +32,8 @@
 	 t_is_boolean/1,is_function_2/1,
 	 tricky/1,rel_ops/1,literal_type_tests/1,
 	 basic_andalso_orelse/1,traverse_dcd/1,
-	 check_qlc_hrl/1,andalso_semi/1,t_tuple_size/1,binary_part/1]).
+	 check_qlc_hrl/1,andalso_semi/1,t_tuple_size/1,binary_part/1,
+	 bad_constants/1]).
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
@@ -44,7 +45,8 @@ all() ->
      more_xor_guards, build_in_guard, old_guard_tests, gbif,
      t_is_boolean, is_function_2, tricky, rel_ops,
      literal_type_tests, basic_andalso_orelse, traverse_dcd,
-     check_qlc_hrl, andalso_semi, t_tuple_size, binary_part].
+     check_qlc_hrl, andalso_semi, t_tuple_size, binary_part,
+     bad_constants].
 
 groups() -> 
     [].
@@ -1517,8 +1519,27 @@ bptest(B,A,C)  when erlang:binary_part(B,{A,C}) =:= <<3,3>> ->
 bptest(_,_,_) ->
     error.
 
-
-
+-define(FAILING(C),
+	if
+	    C -> ?t:fail(should_fail);
+	    true -> ok
+	end,
+	if
+	    true, C -> ?t:fail(should_fail);
+	    true -> ok
+	end).
+
+bad_constants(Config) when is_list(Config) ->
+    ?line ?FAILING(false),
+    ?line ?FAILING([]),
+    ?line ?FAILING([a]),
+    ?line ?FAILING([Config]),
+    ?line ?FAILING({a,b}),
+    ?line ?FAILING({a,Config}),
+    ?line ?FAILING(<<1>>),
+    ?line ?FAILING(42),
+    ?line ?FAILING(3.14),
+    ok.
 
 %% Call this function to turn off constant propagation.
 id(I) -> I.
diff --git a/lib/compiler/test/inline_SUITE.erl b/lib/compiler/test/inline_SUITE.erl
index af2b8ec92a..2e17d3fde6 100644
--- a/lib/compiler/test/inline_SUITE.erl
+++ b/lib/compiler/test/inline_SUITE.erl
@@ -33,7 +33,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 all() -> 
     test_lib:recompile(?MODULE),
     [attribute, bsdecode, bsdes, barnes2, decode1, smith,
-     itracer, pseudoknot, lists, really_inlined, otp_7223,
+     itracer, pseudoknot, comma_splitter, lists, really_inlined, otp_7223,
      coverage].
 
 groups() -> 
@@ -78,6 +78,7 @@ attribute(Config) when is_list(Config) ->
 ?comp(smith).
 ?comp(itracer).
 ?comp(pseudoknot).
+?comp(comma_splitter).
 
 try_inline(Mod, Config) ->
     ?line Src = filename:join(?config(data_dir, Config), atom_to_list(Mod)),
@@ -263,7 +264,8 @@ my_apply(M, F, A, Init) ->
 
 really_inlined(Config) when is_list(Config) ->
     %% Make sure that badarg/2 really gets inlined.
-    {'EXIT',{badarg,[{?MODULE,fail_me_now,[]}|_]}} = (catch fail_me_now()),
+    {'EXIT',{badarg,[{?MODULE,fail_me_now,[],_}|_]}} =
+	(catch fail_me_now()),
     ok.
 
 fail_me_now() ->
diff --git a/lib/compiler/test/inline_SUITE_data/comma_splitter.erl b/lib/compiler/test/inline_SUITE_data/comma_splitter.erl
new file mode 100644
index 0000000000..eaa89e0edc
--- /dev/null
+++ b/lib/compiler/test/inline_SUITE_data/comma_splitter.erl
@@ -0,0 +1,18 @@
+-module(comma_splitter).
+-export([?MODULE/0]).
+
+?MODULE() ->
+    {<<"def">>,<<"cba">>} = split_at_comma(<<"abc,   def">>, <<>>),
+    ok.
+
+strip_leading_ws(<<N, Rest/binary>>) when N =< $\s ->
+    strip_leading_ws(Rest);
+strip_leading_ws(B) ->
+    B.
+
+split_at_comma(<<>>, Accu) ->
+    {<<>>, Accu};
+split_at_comma(<<$,, Rest/binary>>, Accu) ->
+    {strip_leading_ws(Rest), Accu};
+split_at_comma(<<C, Rest/binary>>, Accu) ->
+    split_at_comma(Rest, <<C, Accu/binary>>).
diff --git a/lib/compiler/test/lc_SUITE.erl b/lib/compiler/test/lc_SUITE.erl
index c8908858ba..f5948504b3 100644
--- a/lib/compiler/test/lc_SUITE.erl
+++ b/lib/compiler/test/lc_SUITE.erl
@@ -179,8 +179,8 @@ empty_generator(Config) when is_list(Config) ->
 
 id(I) -> I.
     
-fc(Args, {'EXIT',{function_clause,[{?MODULE,_,Args}|_]}}) -> ok;
-fc(Args, {'EXIT',{function_clause,[{?MODULE,_,Arity}|_]}})
+fc(Args, {'EXIT',{function_clause,[{?MODULE,_,Args,_}|_]}}) -> ok;
+fc(Args, {'EXIT',{function_clause,[{?MODULE,_,Arity,_}|_]}})
   when length(Args) =:= Arity ->
     true = test_server:is_native(?MODULE);
 fc(Args, {'EXIT',{{case_clause,ActualArgs},_}})
diff --git a/lib/compiler/test/misc_SUITE.erl b/lib/compiler/test/misc_SUITE.erl
index c941a80e61..5e13a93c52 100644
--- a/lib/compiler/test/misc_SUITE.erl
+++ b/lib/compiler/test/misc_SUITE.erl
@@ -179,7 +179,7 @@ silly_coverage(Config) when is_list(Config) ->
     ?line expect_error(fun() -> v3_life:module(BadKernel, []) end),
 
     %% v3_codegen
-    CodegenInput = {?MODULE,[{foo,0}],[],[{function,foo,0,[a|b],a,b}]},
+    CodegenInput = {?MODULE,[{foo,0}],[],[{function,foo,0,[a|b],a,b,[]}]},
     ?line expect_error(fun() -> v3_codegen:module(CodegenInput, []) end),
 
     %% beam_block
@@ -187,9 +187,18 @@ silly_coverage(Config) when is_list(Config) ->
 		  [{function,foo,0,2,
 		    [{label,1},
 		     {func_info,{atom,?MODULE},{atom,foo},0},
-		     {label,2}|non_proper_list],99}]},
+		     {label,2}|non_proper_list]}],99},
     ?line expect_error(fun() -> beam_block:module(BlockInput, []) end),
 
+    %% beam_except
+    ExceptInput = {?MODULE,[{foo,0}],[],
+		   [{function,foo,0,2,
+		     [{label,1},
+		      {line,loc},
+		      {func_info,{atom,?MODULE},{atom,foo},0},
+		      {label,2}|non_proper_list]}],99},
+    expect_error(fun() -> beam_except:module(ExceptInput, []) end),
+
     %% beam_bool
     BoolInput = {?MODULE,[{foo,0}],[],
 		  [{function,foo,0,2,
@@ -253,8 +262,15 @@ expect_error(Fun) ->
 	    io:format("~p", [Any]),
 	    ?t:fail(call_was_supposed_to_fail)
     catch
-	_:_ ->
-	    io:format("~p\n", [erlang:get_stacktrace()])
+	Class:Reason ->
+	    Stk = erlang:get_stacktrace(),
+	    io:format("~p:~p\n~p\n", [Class,Reason,Stk]),
+	    case {Class,Reason} of
+		{error,undef} ->
+		    ?t:fail(not_supposed_to_fail_with_undef);
+		{_,_} ->
+		    ok
+	    end
     end.
 
 confused_literals(Config) when is_list(Config) ->
diff --git a/lib/compiler/test/parteval_SUITE.erl b/lib/compiler/test/parteval_SUITE.erl
deleted file mode 100644
index 6b1ae38c1b..0000000000
--- a/lib/compiler/test/parteval_SUITE.erl
+++ /dev/null
@@ -1,66 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(parteval_SUITE).
-
--include_lib("test_server/include/test_server.hrl").
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2, pe2/1]).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [pe2].
-
-groups() -> 
-    [].
-
-init_per_suite(Config) ->
-    Config.
-
-end_per_suite(_Config) ->
-    ok.
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-%% (This is more general than needed, since we once compiled the same
-%% source code with and without a certain option.)
-compile_and_load(Srcname, Outdir, Module, Options) ->
-    ?line Objname = filename:join(Outdir, "t1") ++ code:objfile_extension(),
-    ?line {ok, Module} =
-	compile:file(Srcname,
-		     [{d, 'M', Module}, {outdir, Outdir}] ++ Options),
-    ?line {ok, B} = file:read_file(Objname),
-    ?line {module, Module} = code:load_binary(Module, Objname, B),
-    B.
-
-pe2(Config) when is_list(Config) ->
-    ?line DataDir = ?config(data_dir, Config),
-    ?line PrivDir = ?config(priv_dir, Config),
-    ?line Srcname = filename:join(DataDir, "t1.erl"),
-    ?line compile_and_load(Srcname, PrivDir, t1, []),
-
-    ?line {Correct, Actual} = t1:run(),
-    ?line Correct = Actual,
-    ok.
diff --git a/lib/compiler/test/parteval_SUITE_data/t1.erl b/lib/compiler/test/parteval_SUITE_data/t1.erl
deleted file mode 100644
index 5e4a40f103..0000000000
--- a/lib/compiler/test/parteval_SUITE_data/t1.erl
+++ /dev/null
@@ -1,140 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(?M).
-
--compile(export_all).
-
-%%% The arity-0 functions are all called from the test suite.
-
-f2() ->
-    size({1,2}).
-
-i() ->
-    case [] of
-	[] ->
-	    ok;
-	X ->
-	    hopp
-    end.
-
-e() ->
-    case 4+5 of
-%	X when X>10 -> kvock;	% not removed by BEAM opt.
-	{X,X} when list(X) ->
-	    kvack;
-	9 ->
-	    ok;
-	_ ->
-	    ko
-    end.
-
-f() ->
-    element(2,{a,b,c,d}),
-    erlang:element(2,{a,b,c,d}),
-    "hej" ++ "hopp".
-
-g(X) ->
-    if
-	float(3.4) ->
-	    hej;
-	X == 5, 4==4 ->
-	    japp;
-	4 == 4, size({1,2}) == 1 ->
-	    ok
-    end.
-
-g() ->
-    {g(3),g(5)}.
-
-bliff() ->
-    if
-	3==4 ->
-	    himm
-    end.
-
-fi() ->
-    case 4 of
-	X when 4==3 ->
-	    {X};
-	4 ->
-	    4;
-	_ ->
-	    ok
-    end.
-
-iff() when 3==2 ->
-    if
-	3 == 4 ->
-	    baff;
-	3 == 3 ->
-	    nipp
-    end.
-
-sleep(I) -> receive after I -> ok end.
-
-sleep() ->
-    sleep(45).
-
-s() ->
-    case 4 of
-	3 ->
-	    ok
-    end.
-
-error_reason(R) when atom(R) ->
-    R;
-error_reason(R) when tuple(R) ->
-    error_reason(element(1, R)).
-
-plusplus() ->
-    ?MODULE ++ " -> mindre snygg felhantering".
-
-call_it(F) ->
-    case (catch apply(?MODULE, F, [])) of
-	{'EXIT', R0} ->
-	    {'EXIT', error_reason(R0)};
-	V ->
-	    V
-    end.
-
-run() ->
-    L = [{f2, 2},
-	 {i, ok},
-	 {e, ok},
-	 {f, "hejhopp"},
-	 {g, {hej, hej}},
-	 {bliff, {'EXIT', if_clause}},
-	 {fi, 4},
-	 {iff, {'EXIT', function_clause}},
-	 {sleep, ok},
-	 {s, {'EXIT', case_clause},
-	 {plusplus, {'EXIT', badarg}}}],
-    Actual = [call_it(F) || {F, _} <- L],
-    Correct = [C || {_, C} <- L],
-    {Correct, Actual}.
-
-
-%%% Don't call, only compile.
-t(A) ->
-    receive
-	A when 1==2 ->
-	    ok;
-	B ->
-	    B
-    end.
diff --git a/lib/compiler/test/pmod_SUITE.erl b/lib/compiler/test/pmod_SUITE.erl
index 9a317b5762..5dd09a7245 100644
--- a/lib/compiler/test/pmod_SUITE.erl
+++ b/lib/compiler/test/pmod_SUITE.erl
@@ -96,6 +96,11 @@ basic_1(Config, Opts) ->
     ?line error = Prop4:bar_bar({s,a,b}),
     ?line error = Prop4:bar_bar([]),
 
+    %% Call from a fun.
+    Fun = fun(Arg) -> Prop4:bar(Arg) end,
+    ?line ok = Fun({s,0}),
+
+    [{y,[1,2]},{x,[5,19]}] = Prop4:collapse([{y,[2,1]},{x,[19,5]}]),
     ok.
 
 otp_8447(Config) when is_list(Config) ->
diff --git a/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl b/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
index 0d46cffe00..19cce452dc 100644
--- a/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
+++ b/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,7 @@
 -export([lookup/1,or_props/1,prepend/1,append/1,stupid_sum/0]).
 -export([bar/1,bar_bar/1]).
 -export([bc1/0, bc2/0]).
+-export([collapse/1]).
 
 lookup(Key) ->
     proplists:lookup(Key, Props).
@@ -77,3 +78,6 @@ bc1() ->
 
 bc2() ->
     << <<A:1>> || A <- [1,0,1,0] >>.
+
+collapse(L) ->
+    lists:keymap(fun lists:sort/1, 2, L).
diff --git a/lib/compiler/test/test_lib.erl b/lib/compiler/test/test_lib.erl
index 53d8c04169..2295592a38 100644
--- a/lib/compiler/test/test_lib.erl
+++ b/lib/compiler/test/test_lib.erl
@@ -77,7 +77,14 @@ get_data_dir(Config) ->
 %%  Will fail the test case if there were any errors.
 
 p_run(Test, List) ->
-    N = erlang:system_info(schedulers) + 1,
+    N = case ?t:is_cover() of
+	    false ->
+		erlang:system_info(schedulers);
+	    true ->
+		%% Cover is running. Using more than one process
+		%% will probably only slow down compilation.
+		1
+	end,
     p_run_loop(Test, List, N, [], 0, 0).
 
 p_run_loop(_, [], _, [], Errors, Ws) ->
diff --git a/lib/compiler/test/trycatch_SUITE.erl b/lib/compiler/test/trycatch_SUITE.erl
index c6e0f8d85d..09a23724fe 100644
--- a/lib/compiler/test/trycatch_SUITE.erl
+++ b/lib/compiler/test/trycatch_SUITE.erl
@@ -24,7 +24,7 @@
 	 catch_oops/1,after_oops/1,eclectic/1,rethrow/1,
 	 nested_of/1,nested_catch/1,nested_after/1,
 	 nested_horrid/1,last_call_optimization/1,bool/1,
-	 plain_catch_coverage/1,andalso_orelse/1]).
+	 plain_catch_coverage/1,andalso_orelse/1,get_in_try/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -35,7 +35,7 @@ all() ->
     [basic, lean_throw, try_of, try_after, catch_oops,
      after_oops, eclectic, rethrow, nested_of, nested_catch,
      nested_after, nested_horrid, last_call_optimization,
-     bool, plain_catch_coverage, andalso_orelse].
+     bool, plain_catch_coverage, andalso_orelse, get_in_try].
 
 groups() -> 
     [].
@@ -314,19 +314,19 @@ eclectic(Conf) when is_list(Conf) ->
     V = {make_ref(),3.1415926535,[[]|{}]},
     ?line {{value,{value,V},V},V} = 
 	eclectic_1({foo,{value,{value,V}}}, undefined, {value,V}),
-    ?line {{'EXIT',{V,[{?MODULE,foo,1}|_]}},V} = 
+    ?line {{'EXIT',{V,[{?MODULE,foo,1,_}|_]}},V} =
 	eclectic_1({catch_foo,{error,V}}, undefined, {value,V}),
     ?line {{error,{exit,V},{'EXIT',V}},V} =
 	eclectic_1({foo,{error,{exit,V}}}, error, {value,V}),
     ?line {{value,{value,V},V},
-	   {'EXIT',{badarith,[{?MODULE,my_add,2}|_]}}} =
+	   {'EXIT',{badarith,[{?MODULE,my_add,2,_}|_]}}} =
 	eclectic_1({foo,{value,{value,V}}}, undefined, {'add',{0,a}}),
     ?line {{'EXIT',V},V} =
 	eclectic_1({catch_foo,{exit,V}}, undefined, {throw,V}),
-    ?line {{error,{'div',{1,0}},{'EXIT',{badarith,[{?MODULE,my_div,2}|_]}}},
+    ?line {{error,{'div',{1,0}},{'EXIT',{badarith,[{?MODULE,my_div,2,_}|_]}}},
 	   {'EXIT',V}} =
 	eclectic_1({foo,{error,{'div',{1,0}}}}, error, {exit,V}),
-    ?line {{{error,V},{'EXIT',{V,[{?MODULE,foo,1}|_]}}},
+    ?line {{{error,V},{'EXIT',{V,[{?MODULE,foo,1,_}|_]}}},
 	   {'EXIT',V}} =
 	eclectic_1({catch_foo,{throw,{error,V}}}, undefined, {exit,V}),
     %%
@@ -336,15 +336,15 @@ eclectic(Conf) when is_list(Conf) ->
 	eclectic_2({throw,{value,V}}, throw, {value,V}),
     ?line {{caught,{'EXIT',V}},undefined} =
 	eclectic_2({value,{value,V}}, undefined, {exit,V}),
-    ?line {{caught,{'EXIT',{V,[{?MODULE,foo,1}|_]}}},undefined} =
+    ?line {{caught,{'EXIT',{V,[{?MODULE,foo,1,_}|_]}}},undefined} =
 	eclectic_2({error,{value,V}}, throw, {error,V}),
-    ?line {{caught,{'EXIT',{badarg,[{erlang,abs,[V]}|_]}}},V} =
+    ?line {{caught,{'EXIT',{badarg,[{erlang,abs,[V],_}|_]}}},V} =
 	eclectic_2({value,{'abs',V}}, undefined, {value,V}),
-    ?line {{caught,{'EXIT',{badarith,[{?MODULE,my_add,2}|_]}}},V} =
+    ?line {{caught,{'EXIT',{badarith,[{?MODULE,my_add,2,_}|_]}}},V} =
 	eclectic_2({exit,{'add',{0,a}}}, exit, {value,V}),
     ?line {{caught,{'EXIT',V}},undefined} =
 	eclectic_2({value,{error,V}}, undefined, {exit,V}),
-    ?line {{caught,{'EXIT',{V,[{?MODULE,foo,1}|_]}}},undefined} =
+    ?line {{caught,{'EXIT',{V,[{?MODULE,foo,1,_}|_]}}},undefined} =
 	eclectic_2({throw,{'div',{1,0}}}, throw, {error,V}),
     ok.
 
@@ -928,3 +928,17 @@ andalso_orelse_2({Type,Keyval}) ->
 
 zero() ->
     0.0.
+
+get_in_try(_) ->
+    undefined = get_valid_line([a], []),
+    ok.
+
+get_valid_line([_|T]=Path, Annotations) ->
+    try
+        get(Path)
+	%% beam_dead used to optimize away an assignment to {y,1}
+	%% because it didn't appear to be used.
+    catch
+        _:not_found ->
+            get_valid_line(T, Annotations)
+    end.
diff --git a/lib/compiler/vsn.mk b/lib/compiler/vsn.mk
index 04290c0a7f..416c2f08bb 100644
--- a/lib/compiler/vsn.mk
+++ b/lib/compiler/vsn.mk
@@ -1 +1 @@
-COMPILER_VSN = 4.7.5
+COMPILER_VSN = 4.8
diff --git a/lib/configure.in.src b/lib/configure.in.src
index 792a7f932a..fea3c7bffa 100644
--- a/lib/configure.in.src
+++ b/lib/configure.in.src
@@ -1,7 +1,7 @@
 dnl
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 1999-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 1999-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -17,7 +17,7 @@ dnl
 dnl %CopyrightEnd%
 dnl
 
-dnl Turn of caching
+dnl Turn off caching
 define([AC_CACHE_LOAD], )dnl
 define([AC_CACHE_SAVE], )dnl
 
diff --git a/lib/cosEvent/doc/src/Makefile b/lib/cosEvent/doc/src/Makefile
index 4b76a64b7d..6a9b4201d7 100644
--- a/lib/cosEvent/doc/src/Makefile
+++ b/lib/cosEvent/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -26,13 +26,6 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk
 include ../../vsn.mk
 VSN=$(COSEVENT_VSN)
 APPLICATION=cosEvent
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
 
 # ----------------------------------------------------
 # Release directory specification
@@ -98,32 +91,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-
-TOP_PS_FILE = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -136,8 +107,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -153,31 +122,6 @@ clean clean_docs:
 	rm -f errs core *~
 	rm -f $(JD_HTML) $(JD_PACK)
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(INTERNAL_HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -192,8 +136,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -204,30 +146,4 @@ release_docs_spec: docs
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
-
 release_spec:
-
diff --git a/lib/cosEvent/doc/src/make.dep b/lib/cosEvent/doc/src/make.dep
deleted file mode 100644
index b8a95c2d58..0000000000
--- a/lib/cosEvent/doc/src/make.dep
+++ /dev/null
@@ -1,34 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosEventChannelAdmin.tex CosEventChannelAdmin_ConsumerAdmin.tex \
-		CosEventChannelAdmin_EventChannel.tex CosEventChannelAdmin_ProxyPullConsumer.tex \
-		CosEventChannelAdmin_ProxyPullSupplier.tex \
-		CosEventChannelAdmin_ProxyPushConsumer.tex \
-		CosEventChannelAdmin_ProxyPushSupplier.tex \
-		CosEventChannelAdmin_SupplierAdmin.tex book.tex \
-		ch_contents.tex ch_event_service.tex ch_introduction.tex \
-		cosEventApp.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-CosEventChannelAdmin.tex: ../../src/CosEventChannelAdmin.idl
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: e_s_components.ps e_s_models.ps
-
diff --git a/lib/cosEvent/doc/src/notes.xml b/lib/cosEvent/doc/src/notes.xml
index 1da5399755..de98a44b6a 100644
--- a/lib/cosEvent/doc/src/notes.xml
+++ b/lib/cosEvent/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosEvent 2.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosEvent 2.1.11</title>
 
     <section>
diff --git a/lib/cosEvent/src/Makefile b/lib/cosEvent/src/Makefile
index a62d47ce74..f8e751f218 100644
--- a/lib/cosEvent/src/Makefile
+++ b/lib/cosEvent/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -164,7 +164,7 @@ debug:
 	@${MAKE} TYPE=debug opt
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC)
@@ -177,16 +177,18 @@ docs:
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
-$(GEN_ERL_FILES1) $(EXTERNAL_GEN_HRL_FILES1): CosEventChannelAdmin.idl
+
+IDL-GENERATED: CosEventChannelAdmin.idl cosEventApp.idl CosEventComm.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosEventChannelAdmin.cfg"}' CosEventChannelAdmin.idl
 	mv $(GEN_HRL_FILES1) $(EXTERNAL_INC_PATH)
-
-$(GEN_ERL_FILES2) $(GEN_HRL_FILES2): cosEventApp.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"cosEventApp.cfg"}' cosEventApp.idl
-
-$(GEN_ERL_FILES3) $(EXTERNAL_GEN_HRL_FILES3): CosEventComm.idl
 	erlc $(ERL_IDL_FLAGS) CosEventComm.idl
 	mv $(GEN_HRL_FILES3) $(EXTERNAL_INC_PATH)
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/cosEvent/test/Makefile b/lib/cosEvent/test/Makefile
index c59c7ee315..c3f07c156f 100644
--- a/lib/cosEvent/test/Makefile
+++ b/lib/cosEvent/test/Makefile
@@ -121,17 +121,13 @@ docs:
 # Special Targets
 # ----------------------------------------------------
 
-#
-# Each IDL file produces many target files so no pattern
-# rule can be used.
-#
-TGT_COS = \
-	$(GEN_HRL_COS:%=$(IDLOUTDIR)/%) \
-	$(GEN_MOD_COS:%=$(IDLOUTDIR)/%.erl)
+IDL-GENERATED: event_test_server.idl
+	erlc $(ERL_IDL_FLAGS) -o$(IDLOUTDIR) event_test_server.idl
+	>IDL-GENERATED
 
+$(GEN_FILES): IDL-GENERATED
 
-$(TGT_COS): event_test_server.idl
-	erlc $(ERL_IDL_FLAGS) -o$(IDLOUTDIR) event_test_server.idl
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Targets
diff --git a/lib/cosEvent/vsn.mk b/lib/cosEvent/vsn.mk
index 85d3cf552b..2cd943e4b2 100644
--- a/lib/cosEvent/vsn.mk
+++ b/lib/cosEvent/vsn.mk
@@ -1,3 +1,3 @@
 
-COSEVENT_VSN = 2.1.11
+COSEVENT_VSN = 2.1.12
 
diff --git a/lib/cosEventDomain/doc/src/Makefile b/lib/cosEventDomain/doc/src/Makefile
index 6a0d3c353a..cd159c623c 100644
--- a/lib/cosEventDomain/doc/src/Makefile
+++ b/lib/cosEventDomain/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -28,14 +28,6 @@ VSN=$(COSEVENTDOMAIN_VSN)
 APPLICATION=cosEventDomain
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -93,33 +85,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-
-TOP_PS_FILE = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -132,8 +101,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT 
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -149,32 +116,6 @@ clean clean_docs:
 	rm -f errs core *~
 	rm -f $(JD_HTML) $(JD_PACK)
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(INTERNAL_HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -189,9 +130,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -201,30 +139,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
 
 release_spec:
-
diff --git a/lib/cosEventDomain/doc/src/make.dep b/lib/cosEventDomain/doc/src/make.dep
deleted file mode 100644
index 2f3f1ae53d..0000000000
--- a/lib/cosEventDomain/doc/src/make.dep
+++ /dev/null
@@ -1,23 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosEventDomainAdmin.tex CosEventDomainAdmin_EventDomain.tex \
-		CosEventDomainAdmin_EventDomainFactory.tex \
-		book.tex ch_QoS.tex ch_contents.tex ch_event_domain_service.tex \
-		ch_introduction.tex cosEventDomainApp.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/cosEventDomain/doc/src/notes.xml b/lib/cosEventDomain/doc/src/notes.xml
index 585761ce65..fa96792c33 100644
--- a/lib/cosEventDomain/doc/src/notes.xml
+++ b/lib/cosEventDomain/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosEventDomain 1.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosEventDomain 1.1.11</title>
 
     <section>
diff --git a/lib/cosEventDomain/src/Makefile b/lib/cosEventDomain/src/Makefile
index 56a67cd225..409cac47f1 100644
--- a/lib/cosEventDomain/src/Makefile
+++ b/lib/cosEventDomain/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -137,7 +137,7 @@ debug:
 	@${MAKE} TYPE=debug opt
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC)
@@ -150,9 +150,14 @@ docs:
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
-$(GEN_ERL_FILES) $(EXTERNAL_GEN_HRL_FILES): CosEventDomainAdmin.idl
+IDL-GENERATED: CosEventDomainAdmin.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosEventDomainAdmin.cfg"}' CosEventDomainAdmin.idl
 	mv $(GEN_HRL_FILES) $(EXTERNAL_INC_PATH)
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/cosEventDomain/vsn.mk b/lib/cosEventDomain/vsn.mk
index 7df47cef2e..5ad421e319 100644
--- a/lib/cosEventDomain/vsn.mk
+++ b/lib/cosEventDomain/vsn.mk
@@ -1,3 +1,3 @@
 
-COSEVENTDOMAIN_VSN = 1.1.11
+COSEVENTDOMAIN_VSN = 1.1.12
 
diff --git a/lib/cosFileTransfer/doc/src/Makefile b/lib/cosFileTransfer/doc/src/Makefile
index 2286db43ff..d9c68987e4 100644
--- a/lib/cosFileTransfer/doc/src/Makefile
+++ b/lib/cosFileTransfer/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -26,14 +26,6 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk
 include ../../vsn.mk
 VSN=$(COSFILETRANSFER_VSN)
 APPLICATION=cosFileTransfer
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
 
 # ----------------------------------------------------
 # Release directory specification
@@ -97,33 +89,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-
-TOP_PS_FILE = $(APPLICATION)-$-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -136,8 +105,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -152,32 +119,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(INTERNAL_HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -192,9 +133,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -204,30 +142,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
 
 release_spec:
-
diff --git a/lib/cosFileTransfer/doc/src/make.dep b/lib/cosFileTransfer/doc/src/make.dep
deleted file mode 100644
index 3be0c185c3..0000000000
--- a/lib/cosFileTransfer/doc/src/make.dep
+++ /dev/null
@@ -1,30 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosFileTransfer_Directory.tex CosFileTransfer_File.tex \
-		CosFileTransfer_FileIterator.tex CosFileTransfer_FileTransferSession.tex \
-		CosFileTransfer_VirtualFileSystem.tex book.tex \
-		ch_contents.tex ch_example.tex ch_install.tex \
-		ch_introduction.tex ch_system.tex cosFileTransferApp.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosFileTransfer.ps
-
diff --git a/lib/cosFileTransfer/doc/src/notes.xml b/lib/cosFileTransfer/doc/src/notes.xml
index c7a4fd4504..f38597db10 100644
--- a/lib/cosFileTransfer/doc/src/notes.xml
+++ b/lib/cosFileTransfer/doc/src/notes.xml
@@ -30,7 +30,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>cosFileTransfer 1.1.12</title>
+  <section><title>cosFileTransfer 1.1.13</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>cosFileTransfer 1.1.12</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/cosFileTransfer/src/Makefile b/lib/cosFileTransfer/src/Makefile
index 773ed7f6b7..1d51304f6b 100644
--- a/lib/cosFileTransfer/src/Makefile
+++ b/lib/cosFileTransfer/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -147,7 +147,7 @@ cleanb:
 	rm -f errs core *~
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC)
@@ -161,9 +161,14 @@ docs:
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
-$(GEN_ERL_FILES) $(GEN_HRL_FILES): CosFileTransfer.idl
+IDL-GENERATED: CosFileTransfer.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosFileTransfer.cfg"}' CosFileTransfer.idl
 	mv $(LOCAL_HRL_FILES) $(EXTERNAL_INC_PATH)
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/cosFileTransfer/test/fileTransfer_SUITE.erl b/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
index e94c307ef8..79a234bd28 100644
--- a/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
+++ b/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
@@ -131,10 +131,10 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 init_per_suite(Config) ->
-    case code:which(crypto) of
-	Res when is_atom(Res) ->
+    case crypto_works() of
+	false ->
 	    {skip,"Could not start crypto!"};
-	_Else ->
+	true ->
 	    orber:jump_start(),
 	    cosProperty:install(),
 	    cosProperty:start(),
@@ -165,6 +165,15 @@ init_per_suite(Config) ->
 	    end
     end.
 
+crypto_works() ->
+    try crypto:start() of
+	{error,{already_started,crypto}} -> true;
+	ok -> true
+    catch
+	error:_ ->
+	    false
+    end.
+
 end_per_suite(Config) ->
     ssl:stop(),
     crypto:stop(),
diff --git a/lib/cosFileTransfer/vsn.mk b/lib/cosFileTransfer/vsn.mk
index fe0226e3b3..6d0c6669a3 100644
--- a/lib/cosFileTransfer/vsn.mk
+++ b/lib/cosFileTransfer/vsn.mk
@@ -1 +1 @@
-COSFILETRANSFER_VSN = 1.1.12
+COSFILETRANSFER_VSN = 1.1.13
diff --git a/lib/cosNotification/doc/src/Makefile b/lib/cosNotification/doc/src/Makefile
index bfdd2f1f8c..5caee09ec5 100644
--- a/lib/cosNotification/doc/src/Makefile
+++ b/lib/cosNotification/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -28,14 +28,6 @@ VSN=$(COSNOTIFICATION_VSN)
 APPLICATION=cosNotification
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -122,33 +114,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-
-TOP_PS_FILE = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -161,8 +130,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT 
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -177,32 +144,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(INTERNAL_HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -217,8 +158,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -228,30 +167,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
 
 release_spec:
-
diff --git a/lib/cosNotification/doc/src/make.dep b/lib/cosNotification/doc/src/make.dep
deleted file mode 100644
index 031a2b3e98..0000000000
--- a/lib/cosNotification/doc/src/make.dep
+++ /dev/null
@@ -1,48 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosNotification.tex CosNotification_AdminPropertiesAdmin.tex \
-		CosNotification_QoSAdmin.tex CosNotifyChannelAdmin_ConsumerAdmin.tex \
-		CosNotifyChannelAdmin_EventChannel.tex CosNotifyChannelAdmin_EventChannelFactory.tex \
-		CosNotifyChannelAdmin_ProxyConsumer.tex CosNotifyChannelAdmin_ProxyPullConsumer.tex \
-		CosNotifyChannelAdmin_ProxyPullSupplier.tex \
-		CosNotifyChannelAdmin_ProxyPushConsumer.tex \
-		CosNotifyChannelAdmin_ProxyPushSupplier.tex \
-		CosNotifyChannelAdmin_ProxySupplier.tex CosNotifyChannelAdmin_SequenceProxyPullConsumer.tex \
-		CosNotifyChannelAdmin_SequenceProxyPullSupplier.tex \
-		CosNotifyChannelAdmin_SequenceProxyPushConsumer.tex \
-		CosNotifyChannelAdmin_SequenceProxyPushSupplier.tex \
-		CosNotifyChannelAdmin_StructuredProxyPullConsumer.tex \
-		CosNotifyChannelAdmin_StructuredProxyPullSupplier.tex \
-		CosNotifyChannelAdmin_StructuredProxyPushConsumer.tex \
-		CosNotifyChannelAdmin_StructuredProxyPushSupplier.tex \
-		CosNotifyChannelAdmin_SupplierAdmin.tex CosNotifyComm_NotifyPublish.tex \
-		CosNotifyComm_NotifySubscribe.tex CosNotifyFilter_Filter.tex \
-		CosNotifyFilter_FilterAdmin.tex CosNotifyFilter_FilterFactory.tex \
-		CosNotifyFilter_MappingFilter.tex book.tex \
-		ch_BNF.tex ch_QoS.tex ch_contents.tex ch_example.tex \
-		ch_install.tex ch_introduction.tex ch_system.tex \
-		cosNotificationApp.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: eventstructure.ps
-
-book.dvi: notificationFlow.ps
-
diff --git a/lib/cosNotification/doc/src/notes.xml b/lib/cosNotification/doc/src/notes.xml
index a54230c9f7..c79d040f9a 100644
--- a/lib/cosNotification/doc/src/notes.xml
+++ b/lib/cosNotification/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>cosNotification 1.1.17</title>
+  <section><title>cosNotification 1.1.18</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>cosNotification 1.1.17</title>
 
     <section><title>Improvements and New Features</title>
       <list>
diff --git a/lib/cosNotification/src/Makefile b/lib/cosNotification/src/Makefile
index 637c633e52..92225c6cfd 100644
--- a/lib/cosNotification/src/Makefile
+++ b/lib/cosNotification/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -242,20 +242,26 @@ GEN_OE_EVENTCOMM_HRL_FILES =  \
 	oe_CosNotificationComm.hrl \
 	oe_CosNotificationComm_Event.hrl
 
-GEN_ERL_FILES = \
+IDL_GEN_ERL_FILES = \
 	$(GEN_NOTIFICATION_ERL_FILES) \
 	$(GEN_OE_EVENTCOMM_ERL_FILES) \
 	$(GEN_NOTIFYCOMM_ERL_FILES) \
 	$(GEN_NOTIFYFILTER_ERL_FILES) \
-	$(GEN_CHANNELADMIN_ERL_FILES) \
-	$(GEN_YECC_ERL_FILES)
+	$(GEN_CHANNELADMIN_ERL_FILES)
 
-GEN_HRL_FILES = \
+IDL_GEN_HRL_FILES = \
 	$(EXTERNAL_GEN_NOTIFICATION_HRL_FILES) \
 	$(GEN_OE_EVENTCOMM_HRL_FILES) \
 	$(EXTERNAL_GEN_NOTIFYCOMM_HRL_FILES) \
 	$(EXTERNAL_GEN_NOTIFYFILTER_HRL_FILES) \
-	$(EXTERNAL_GEN_CHANNELADMIN_HRL_FILES) \
+	$(EXTERNAL_GEN_CHANNELADMIN_HRL_FILES)
+
+GEN_ERL_FILES = \
+	$(IDL_GEN_ERL_FILES) \
+	$(GEN_YECC_ERL_FILES)
+
+GEN_HRL_FILES = \
+	$(IDL_GEN_HRL_FILES) \
 	$(GEN_YECC_HRL_FILES)
 
 
@@ -322,7 +328,7 @@ cleanb:
 	rm -f errs core *~
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC)
@@ -336,20 +342,23 @@ docs:
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
-$(GEN_NOTIFICATION_ERL_FILES) $(EXTERNAL_GEN_NOTIFICATION_HRL_FILES): CosNotification.idl
+IDL-GENERATED: CosNotification.idl CosNotifyChannelAdmin.idl \
+  CosNotifyFilter.idl cosNotificationAppComm.idl CosNotifyComm.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosNotification.cfg"}' CosNotification.idl
 	mv $(GEN_NOTIFICATION_HRL_FILES) $(EXTERNAL_INC_PATH)
-$(GEN_CHANNELADMIN_ERL_FILES) $(EXTERNAL_GEN_CHANNELADMIN_HRL_FILES): CosNotifyChannelAdmin.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosNotifyChannelAdmin.cfg"}' CosNotifyChannelAdmin.idl
 	mv $(GEN_CHANNELADMIN_HRL_FILES) $(EXTERNAL_INC_PATH)
-$(GEN_NOTIFYFILTER_ERL_FILES) $(EXTERNAL_GEN_NOTIFYFILTER_HRL_FILES): CosNotifyFilter.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosNotifyFilter.cfg"}' CosNotifyFilter.idl
 	mv $(GEN_NOTIFYFILTER_HRL_FILES) $(EXTERNAL_INC_PATH)
-$(GEN_OE_EVENTCOMM_ERL_FILES) $(GEN_OE_EVENTCOMM_HRL_FILES): cosNotificationAppComm.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"cosNotificationComm.cfg"}' cosNotificationAppComm.idl
-$(GEN_NOTIFYCOMM_ERL_FILES) $(EXTERNAL_GEN_NOTIFYCOMM_HRL_FILES): CosNotifyComm.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosNotifyComm.cfg"}' CosNotifyComm.idl
 	mv $(GEN_NOTIFYCOMM_HRL_FILES) $(EXTERNAL_INC_PATH)
+	>IDL-GENERATED
+
+$(IDL_GEN_ERL_FILES) $(IDL_GEN_HRL_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
+
 $(GEN_YECC_ERL_FILES) $(GEN_YECC_HRL_FILES): cosNotification_Grammar.yrl
 
 # ----------------------------------------------------
diff --git a/lib/cosNotification/test/Makefile b/lib/cosNotification/test/Makefile
index 43f73addae..f509370430 100644
--- a/lib/cosNotification/test/Makefile
+++ b/lib/cosNotification/test/Makefile
@@ -161,13 +161,14 @@ docs:
 # Special Targets
 # ----------------------------------------------------
 
-TGT_TEST = \
-        $(GEN_HRL_FILES:%=$(IDLOUTDIR)/%) \
-        $(GEN_MODULES:%=$(IDLOUTDIR)/%.erl)
-
-$(TGT_TEST): notify_test_server.idl
+IDL-GENERATED: notify_test_server.idl
 	erlc $(ERL_COMPILE_FLAGS) -o$(IDLOUTDIR) \
                 +'{cfgfile,"notify_test_server.cfg"}' notify_test_server.idl
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Targets
diff --git a/lib/cosNotification/vsn.mk b/lib/cosNotification/vsn.mk
index b32919a2ef..e7c5465fe4 100644
--- a/lib/cosNotification/vsn.mk
+++ b/lib/cosNotification/vsn.mk
@@ -1,2 +1,2 @@
-COSNOTIFICATION_VSN = 1.1.17
+COSNOTIFICATION_VSN = 1.1.18
 
diff --git a/lib/cosProperty/doc/src/Makefile b/lib/cosProperty/doc/src/Makefile
index baf995d35e..50f2e06f6c 100644
--- a/lib/cosProperty/doc/src/Makefile
+++ b/lib/cosProperty/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -28,14 +28,6 @@ VSN=$(COSPROPERTY_VSN)
 APPLICATION=cosProperty
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -99,35 +91,10 @@ EXTRA_FILES = summary.html.src \
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 MAN6_FILES = $(XML_REF6_FILES:%.xml=$(MAN6DIR)/%.6)
 
-
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_REF6_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-
-TOP_PS_FILE = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -140,8 +107,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -156,42 +121,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(INTERNAL_HTML_FILES)
-
-tex_users_guide: $(TEX_FILES_USERS_GUIDE) 
-tex_ref_man: $(TEX_FILES_REF_MAN)
-tex: tex_users_guide tex_ref_man $(TEX_FILES_BOOK)
-
-$(DOCDIR)/latexlog: $(BOOK_FILES:%.xml=%.dvi)
-	-fgrep -i "latex warning" $(BOOK_FILES:%.xml=%.log) >$(DOCDIR)/latexlog
-
-clean_tex:
-	-rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-
-clean:
-	rm -f ../html/* $(MAN3_FILES) $(MAN6_FILES) $(TEX_FILES_USERS_GUIDE) 
-	rm -f *xmls_output *xmls_errs
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES) $(MAN6_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -206,8 +135,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -217,30 +144,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
 
 release_spec:
-
diff --git a/lib/cosProperty/doc/src/make.dep b/lib/cosProperty/doc/src/make.dep
deleted file mode 100644
index 383af54244..0000000000
--- a/lib/cosProperty/doc/src/make.dep
+++ /dev/null
@@ -1,26 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosPropertyService_PropertiesIterator.tex \
-		CosPropertyService_PropertyNamesIterator.tex \
-		CosPropertyService_PropertySet.tex CosPropertyService_PropertySetDef.tex \
-		CosPropertyService_PropertySetDefFactory.tex \
-		CosPropertyService_PropertySetFactory.tex \
-		book.tex ch_contents.tex ch_example.tex ch_install.tex \
-		ch_introduction.tex cosProperty.tex part.tex \
-		ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/cosProperty/doc/src/notes.xml b/lib/cosProperty/doc/src/notes.xml
index 85b2119e9d..f5f737e2a3 100644
--- a/lib/cosProperty/doc/src/notes.xml
+++ b/lib/cosProperty/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosProperty 1.1.15</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosProperty 1.1.14</title>
 
     <section>
diff --git a/lib/cosProperty/src/Makefile b/lib/cosProperty/src/Makefile
index 1d2119dfb3..8060421b4e 100644
--- a/lib/cosProperty/src/Makefile
+++ b/lib/cosProperty/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -147,7 +147,7 @@ cleanb:
 	rm -f errs core *~
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC)
@@ -161,10 +161,14 @@ docs:
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
-$(GEN_ERL_FILES) $(GEN_HRL_FILES): CosProperty.idl
+IDL-GENERATED: CosProperty.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosProperty.cfg"}' CosProperty.idl
 	mv $(LOCAL_HRL_FILES) $(EXTERNAL_INC_PATH)
+	>IDL-GENERATED
 
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/cosProperty/vsn.mk b/lib/cosProperty/vsn.mk
index ecc4a2746c..a4b1a2c94e 100644
--- a/lib/cosProperty/vsn.mk
+++ b/lib/cosProperty/vsn.mk
@@ -1,2 +1,2 @@
-COSPROPERTY_VSN = 1.1.14
+COSPROPERTY_VSN = 1.1.15
 
diff --git a/lib/cosTime/doc/src/Makefile b/lib/cosTime/doc/src/Makefile
index 83abc5e7c2..4e97b07cf4 100644
--- a/lib/cosTime/doc/src/Makefile
+++ b/lib/cosTime/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -28,14 +28,6 @@ VSN=$(COSTIME_VSN)
 APPLICATION=cosTime
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -93,33 +85,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-
-TOP_PS_FILE = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -132,8 +101,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -148,32 +115,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(INTERNAL_HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -188,8 +129,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -199,30 +138,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
 
 release_spec:
-
diff --git a/lib/cosTime/doc/src/make.dep b/lib/cosTime/doc/src/make.dep
deleted file mode 100644
index 69a584ab95..0000000000
--- a/lib/cosTime/doc/src/make.dep
+++ /dev/null
@@ -1,22 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosTime_TIO.tex CosTime_TimeService.tex CosTime_UTO.tex \
-		CosTimerEvent_TimerEventHandler.tex CosTimerEvent_TimerEventService.tex \
-		book.tex ch_contents.tex ch_example.tex ch_install.tex \
-		ch_introduction.tex cosTime.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/cosTime/doc/src/notes.xml b/lib/cosTime/doc/src/notes.xml
index 3698e4813e..c70978df2b 100644
--- a/lib/cosTime/doc/src/notes.xml
+++ b/lib/cosTime/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosTime 1.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosTime 1.1.11</title>
 
     <section>
diff --git a/lib/cosTime/src/Makefile b/lib/cosTime/src/Makefile
index 3b6f7bae2e..18c25ca8f1 100644
--- a/lib/cosTime/src/Makefile
+++ b/lib/cosTime/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -162,7 +162,7 @@ cleanb:
 	rm -f errs core *~
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC)
@@ -176,17 +176,18 @@ docs:
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
-$(GEN_TIMEBASE_ERL_FILES) $(EXTERNAL_TIMEBASE_HRL_FILES): TimeBase.idl
+IDL-GENERATED: TimeBase.idl CosTime.idl CosTimerEvent.idl
 	erlc $(ERL_IDL_FLAGS) TimeBase.idl
 	mv $(GEN_TIMEBASE_HRL_FILES) $(EXTERNAL_INC_PATH)
-
-$(GEN_COSTIME_ERL_FILES) $(EXTERNAL_COSTIME_HRL_FILES): CosTime.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosTime.cfg"}' CosTime.idl
 	mv $(GEN_COSTIME_HRL_FILES) $(EXTERNAL_INC_PATH)
-
-$(GEN_COSTIMEREVENT_ERL_FILES) $(EXTERNAL_COSTIMEREVENT_HRL_FILES): CosTimerEvent.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosTimerEvent.cfg"}' CosTimerEvent.idl
 	mv $(GEN_COSTIMEREVENT_HRL_FILES) $(EXTERNAL_INC_PATH)
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/cosTime/vsn.mk b/lib/cosTime/vsn.mk
index 4d982f3013..14d3b61bc6 100644
--- a/lib/cosTime/vsn.mk
+++ b/lib/cosTime/vsn.mk
@@ -1,2 +1,2 @@
-COSTIME_VSN = 1.1.11
+COSTIME_VSN = 1.1.12
 
diff --git a/lib/cosTransactions/doc/src/Makefile b/lib/cosTransactions/doc/src/Makefile
index 1af9ed24b7..4341ec04a3 100644
--- a/lib/cosTransactions/doc/src/Makefile
+++ b/lib/cosTransactions/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -28,14 +28,6 @@ VSN=$(COSTRANSACTIONS_VSN)
 APPLICATION=cosTransactions
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -97,33 +89,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-
-TOP_PS_FILE = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -136,8 +105,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -152,32 +119,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(INTERNAL_HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -192,8 +133,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -203,30 +142,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
 
 release_spec:
-
diff --git a/lib/cosTransactions/doc/src/make.dep b/lib/cosTransactions/doc/src/make.dep
deleted file mode 100644
index bd45aea286..0000000000
--- a/lib/cosTransactions/doc/src/make.dep
+++ /dev/null
@@ -1,27 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosTransactions_Control.tex CosTransactions_Coordinator.tex \
-		CosTransactions_RecoveryCoordinator.tex CosTransactions_Resource.tex \
-		CosTransactions_SubtransactionAwareResource.tex \
-		CosTransactions_Terminator.tex CosTransactions_TransactionFactory.tex \
-		book.tex ch_contents.tex ch_example.tex ch_install.tex \
-		ch_introduction.tex ch_skeletons.tex cosTransactions.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-ch_example.tex: ../../../../system/doc/definitions/term.defs
-
diff --git a/lib/cosTransactions/doc/src/notes.xml b/lib/cosTransactions/doc/src/notes.xml
index 29addf424d..f3a7a83fb0 100644
--- a/lib/cosTransactions/doc/src/notes.xml
+++ b/lib/cosTransactions/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosTransactions 1.2.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosTransactions 1.2.11</title>
     <section>
       <title>Improvements and New Features</title>
diff --git a/lib/cosTransactions/src/Makefile b/lib/cosTransactions/src/Makefile
index 7e10ec175b..3c799ca0ca 100644
--- a/lib/cosTransactions/src/Makefile
+++ b/lib/cosTransactions/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -141,7 +141,7 @@ debug:
 	@${MAKE} TYPE=debug
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC)
@@ -155,9 +155,14 @@ docs:
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
-$(GEN_ERL_FILES) $(EXTERNAL_GEN_HRL_FILES): CosTransactions.idl
+IDL-GENERATED: CosTransactions.idl
 	erlc $(ERL_IDL_FLAGS) +'{cfgfile,"CosTransactions.cfg"}' CosTransactions.idl
 	mv $(GEN_HRL_FILES) $(EXTERNAL_INC_PATH)
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/cosTransactions/test/Makefile b/lib/cosTransactions/test/Makefile
index 44c90e8f84..0bc8c007da 100644
--- a/lib/cosTransactions/test/Makefile
+++ b/lib/cosTransactions/test/Makefile
@@ -121,13 +121,14 @@ docs:
 # Special Targets
 # ----------------------------------------------------
 
-TGT_TEST = \
-        $(GEN_HRL_FILES:%=$(IDLOUTDIR)/%) \
-        $(GEN_MODULES:%=$(IDLOUTDIR)/%.erl)
-
-$(TGT_TEST): etrap_test.idl
+IDL-GENERATED: etrap_test.idl
 	erlc $(ERL_IDL_FLAGS) -o$(IDLOUTDIR) \
                 +'{cfgfile,"etrap_test.cfg"}' etrap_test.idl
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Targets
diff --git a/lib/cosTransactions/vsn.mk b/lib/cosTransactions/vsn.mk
index 3960c58c5b..7ca604b589 100644
--- a/lib/cosTransactions/vsn.mk
+++ b/lib/cosTransactions/vsn.mk
@@ -1 +1 @@
-COSTRANSACTIONS_VSN = 1.2.11
+COSTRANSACTIONS_VSN = 1.2.12
diff --git a/lib/crypto/c_src/Makefile.in b/lib/crypto/c_src/Makefile.in
index c2a986c334..285537643e 100644
--- a/lib/crypto/c_src/Makefile.in
+++ b/lib/crypto/c_src/Makefile.in
@@ -95,13 +95,9 @@ endif
 # Targets
 # ----------------------------------------------------
 
-debug opt valgrind: $(OBJDIR) $(LIBDIR) $(NIF_LIB)
+_create_dirs := $(shell mkdir -p $(OBJDIR) $(LIBDIR))
 
-$(OBJDIR):
-	-@mkdir -p $(OBJDIR)
-
-$(LIBDIR):
-	-@mkdir -p $(LIBDIR)
+debug opt valgrind: $(NIF_LIB)
 
 $(OBJDIR)/%$(TYPEMARKER).o: %.c
 	$(INSTALL_DIR) $(OBJDIR)
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index c781ccb302..4dc62421d2 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -53,6 +53,17 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA256) && defined(NID_sha256)
+# define HAVE_SHA256
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA384) && defined(NID_sha384)\
+         && !defined(OPENSSL_NO_SHA512) /* disabled like this in my sha.h (?) */
+# define HAVE_SHA384
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA512) && defined(NID_sha512)
+# define HAVE_SHA512
+#endif
+
 #ifdef VALGRIND
     #  include <valgrind/memcheck.h>
 
@@ -124,6 +135,14 @@ static ERL_NIF_TERM sha(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_final(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -134,8 +153,10 @@ static ERL_NIF_TERM hmac_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[
 static ERL_NIF_TERM hmac_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM hmac_final(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM des_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM des_cfb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM des_ecb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM des_ede3_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM des_ede3_cfb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_ctr_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -146,13 +167,13 @@ static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NI
 static ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM mod_exp_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM rsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM exor(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rc4_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rc4_set_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rc4_encrypt_with_state(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM rc2_40_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM rc2_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dss_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rsa_public_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -199,6 +220,14 @@ static ErlNifFunc nif_funcs[] = {
     {"sha_init", 0, sha_init},
     {"sha_update", 2, sha_update},
     {"sha_final", 1, sha_final},
+    {"sha256_nif", 1, sha256_nif},
+    {"sha256_init_nif", 0, sha256_init_nif},
+    {"sha256_update_nif", 2, sha256_update_nif},
+    {"sha256_final_nif", 1, sha256_final_nif},
+    {"sha512_nif", 1, sha512_nif},
+    {"sha512_init_nif", 0, sha512_init_nif},
+    {"sha512_update_nif", 2, sha512_update_nif},
+    {"sha512_final_nif", 1, sha512_final_nif},
     {"md4", 1, md4},
     {"md4_init", 0, md4_init},
     {"md4_update", 2, md4_update},
@@ -210,8 +239,10 @@ static ErlNifFunc nif_funcs[] = {
     {"hmac_final", 1, hmac_final},
     {"hmac_final_n", 2, hmac_final},
     {"des_cbc_crypt", 4, des_cbc_crypt},
+    {"des_cfb_crypt", 4, des_cfb_crypt},
     {"des_ecb_crypt", 3, des_ecb_crypt},
     {"des_ede3_cbc_crypt", 6, des_ede3_cbc_crypt},
+    {"des_ede3_cfb_crypt", 6, des_ede3_cfb_crypt},
     {"aes_cfb_128_crypt", 4, aes_cfb_128_crypt},
     {"aes_ctr_encrypt", 3, aes_ctr_encrypt},
     {"aes_ctr_decrypt", 3, aes_ctr_encrypt},
@@ -224,13 +255,13 @@ static ErlNifFunc nif_funcs[] = {
     {"rand_uniform_nif", 2, rand_uniform_nif},
     {"mod_exp_nif", 3, mod_exp_nif},
     {"dss_verify", 4, dss_verify},
-    {"rsa_verify", 4, rsa_verify},
+    {"rsa_verify_nif", 4, rsa_verify_nif},
     {"aes_cbc_crypt", 4, aes_cbc_crypt},
     {"exor", 2, exor},
     {"rc4_encrypt", 2, rc4_encrypt},
     {"rc4_set_key", 1, rc4_set_key},
     {"rc4_encrypt_with_state", 2, rc4_encrypt_with_state},
-    {"rc2_40_cbc_crypt", 4, rc2_40_cbc_crypt},
+    {"rc2_cbc_crypt", 4, rc2_cbc_crypt},
     {"rsa_sign_nif", 3, rsa_sign_nif},
     {"dss_sign_nif", 3, dss_sign_nif},
     {"rsa_public_crypt", 4, rsa_public_crypt},
@@ -256,6 +287,9 @@ ERL_NIF_INIT(crypto,nif_funcs,load,reload,upgrade,unload)
 #define SHA_CTX_LEN     (sizeof(SHA_CTX))
 #define SHA_LEN         20
 #define SHA_LEN_96      12
+#define SHA256_LEN	(256/8)
+#define SHA384_LEN	(384/8)
+#define SHA512_LEN	(512/8)
 #define HMAC_INT_LEN    64
 
 #define HMAC_IPAD       0x36
@@ -266,6 +300,9 @@ static ErlNifRWLock** lock_vec = NULL; /* Static locks used by openssl */
 static ERL_NIF_TERM atom_true;
 static ERL_NIF_TERM atom_false;
 static ERL_NIF_TERM atom_sha;
+static ERL_NIF_TERM atom_sha256;
+static ERL_NIF_TERM atom_sha384;
+static ERL_NIF_TERM atom_sha512;
 static ERL_NIF_TERM atom_md5;
 static ERL_NIF_TERM atom_ripemd160;
 static ERL_NIF_TERM atom_error;
@@ -282,6 +319,7 @@ static ERL_NIF_TERM atom_not_suitable_generator;
 static ERL_NIF_TERM atom_check_failed;
 static ERL_NIF_TERM atom_unknown;
 static ERL_NIF_TERM atom_none;
+static ERL_NIF_TERM atom_notsup;
 
 
 static int is_ok_load_info(ErlNifEnv* env, ERL_NIF_TERM load_info)
@@ -336,6 +374,9 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
     atom_true = enif_make_atom(env,"true");
     atom_false = enif_make_atom(env,"false");
     atom_sha = enif_make_atom(env,"sha");
+    atom_sha256 = enif_make_atom(env,"sha256");
+    atom_sha384 = enif_make_atom(env,"sha384");
+    atom_sha512 = enif_make_atom(env,"sha512");
     atom_md5 = enif_make_atom(env,"md5");
     atom_ripemd160 = enif_make_atom(env,"ripemd160");
     atom_error = enif_make_atom(env,"error");
@@ -351,6 +392,7 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
     atom_check_failed = enif_make_atom(env,"check_failed");
     atom_unknown = enif_make_atom(env,"unknown");
     atom_none = enif_make_atom(env,"none");
+    atom_notsup = enif_make_atom(env,"notsup");
 
     *priv_data = NULL;
     library_refc++;
@@ -515,6 +557,129 @@ static ERL_NIF_TERM sha_final(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[
     return ret;
 }
 
+static ERL_NIF_TERM sha256_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Data) */
+#ifdef HAVE_SHA256
+    ErlNifBinary ibin;
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &ibin)) {
+	return enif_make_badarg(env);
+    }
+    SHA256((unsigned char *) ibin.data, ibin.size,
+	 enif_make_new_binary(env,SHA256_LEN, &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* () */   
+#ifdef HAVE_SHA256
+    ERL_NIF_TERM ret;
+    SHA256_Init((SHA256_CTX *) enif_make_new_binary(env, sizeof(SHA256_CTX), &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context, Data) */
+#ifdef HAVE_SHA256
+    SHA256_CTX* new_ctx;
+    ErlNifBinary ctx_bin, data_bin;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA256_CTX)
+	|| !enif_inspect_iolist_as_binary(env, argv[1], &data_bin)) {
+	return enif_make_badarg(env);
+    }
+    new_ctx = (SHA256_CTX*) enif_make_new_binary(env,sizeof(SHA256_CTX), &ret);
+    memcpy(new_ctx, ctx_bin.data, sizeof(SHA256_CTX));
+    SHA256_Update(new_ctx, data_bin.data, data_bin.size);
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context) */
+#ifdef HAVE_SHA256
+    ErlNifBinary ctx_bin;
+    SHA256_CTX ctx_clone;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA256_CTX)) {
+	return enif_make_badarg(env);
+    }
+    memcpy(&ctx_clone, ctx_bin.data, sizeof(SHA256_CTX)); /* writable */
+    SHA256_Final(enif_make_new_binary(env, SHA256_LEN, &ret), &ctx_clone);    
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+
+static ERL_NIF_TERM sha512_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Data) */
+#ifdef HAVE_SHA512
+    ErlNifBinary ibin;
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &ibin)) {
+	return enif_make_badarg(env);
+    }
+    SHA512((unsigned char *) ibin.data, ibin.size,
+	 enif_make_new_binary(env,SHA512_LEN, &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* () */   
+#ifdef HAVE_SHA512
+    ERL_NIF_TERM ret;
+    SHA512_Init((SHA512_CTX *) enif_make_new_binary(env, sizeof(SHA512_CTX), &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context, Data) */
+#ifdef HAVE_SHA512
+    SHA512_CTX* new_ctx;
+    ErlNifBinary ctx_bin, data_bin;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA512_CTX)
+	|| !enif_inspect_iolist_as_binary(env, argv[1], &data_bin)) {
+	return enif_make_badarg(env);
+    }
+    new_ctx = (SHA512_CTX*) enif_make_new_binary(env,sizeof(SHA512_CTX), &ret);
+    memcpy(new_ctx, ctx_bin.data, sizeof(SHA512_CTX));
+    SHA512_Update(new_ctx, data_bin.data, data_bin.size);
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context) */
+#ifdef HAVE_SHA512
+    ErlNifBinary ctx_bin;
+    SHA512_CTX ctx_clone;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA512_CTX)) {
+	return enif_make_badarg(env);
+    }
+    memcpy(&ctx_clone, ctx_bin.data, sizeof(SHA512_CTX)); /* writable */
+    SHA512_Final(enif_make_new_binary(env, SHA512_LEN, &ret), &ctx_clone);    
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+
+
 static ERL_NIF_TERM md4(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Data) */    
     ErlNifBinary ibin;
@@ -693,6 +858,25 @@ static ERL_NIF_TERM des_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM a
     return ret;
 }
 
+static ERL_NIF_TERM des_cfb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Key, Ivec, Text, IsEncrypt) */
+    ErlNifBinary key, ivec, text;
+    DES_key_schedule schedule;
+    DES_cblock ivec_clone; /* writable copy */
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &key) || key.size != 8
+	|| !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 8
+	|| !enif_inspect_iolist_as_binary(env, argv[2], &text)) {
+	return enif_make_badarg(env);
+    }
+    memcpy(&ivec_clone, ivec.data, 8);
+    DES_set_key((const_DES_cblock*)key.data, &schedule);
+    DES_cfb_encrypt(text.data, enif_make_new_binary(env, text.size, &ret),
+		     8, text.size, &schedule, &ivec_clone, (argv[3] == atom_true));
+    return ret;
+}
+
 static ERL_NIF_TERM des_ecb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Key, Text/Cipher, IsEncrypt) */
     ErlNifBinary key, text;
@@ -735,6 +919,31 @@ static ERL_NIF_TERM des_ede3_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_T
     return ret;
 }
 
+static ERL_NIF_TERM des_ede3_cfb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Key1, Key2, Key3, IVec, Text/Cipher, IsEncrypt) */
+    ErlNifBinary key1, key2, key3, ivec, text;
+    DES_key_schedule schedule1, schedule2, schedule3;
+    DES_cblock ivec_clone; /* writable copy */
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &key1) || key1.size != 8
+	|| !enif_inspect_iolist_as_binary(env, argv[1], &key2) || key2.size != 8
+	|| !enif_inspect_iolist_as_binary(env, argv[2], &key3) || key3.size != 8
+	|| !enif_inspect_binary(env, argv[3], &ivec) || ivec.size != 8
+	|| !enif_inspect_iolist_as_binary(env, argv[4], &text)) {
+	return enif_make_badarg(env);
+    }
+
+    memcpy(&ivec_clone, ivec.data, 8);
+    DES_set_key((const_DES_cblock*)key1.data, &schedule1);
+    DES_set_key((const_DES_cblock*)key2.data, &schedule2);
+    DES_set_key((const_DES_cblock*)key3.data, &schedule3);
+    DES_ede3_cfb_encrypt(text.data, enif_make_new_binary(env,text.size,&ret),
+			 8, text.size, &schedule1, &schedule2, &schedule3,
+			 &ivec_clone, (argv[5] == atom_true));
+    return ret;
+}
+
 static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Key, IVec, Data, IsEncrypt) */    
     ErlNifBinary key, ivec, text;
@@ -1047,17 +1256,14 @@ static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv
     return(i > 0) ? atom_true : atom_false;
 }
 
-static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM rsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Type, Data, Signature, Key=[E,N]) */
     ErlNifBinary data_bin, sign_bin;
-    unsigned char hmacbuf[SHA_DIGEST_LENGTH];
+    unsigned char hmacbuf[SHA512_LEN];
     ERL_NIF_TERM head, tail, ret;
-    int i, is_sha;
+    int i;
     RSA* rsa = RSA_new();
-
-    if (argv[0] == atom_sha) is_sha = 1;
-    else if (argv[0] == atom_md5) is_sha = 0;
-    else goto badarg;
+    const ERL_NIF_TERM type = argv[0];
 
     if (!inspect_mpint(env, argv[1], &data_bin)
 	|| !inspect_mpint(env, argv[2], &sign_bin)
@@ -1066,22 +1272,57 @@ static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv
 	|| !enif_get_list_cell(env, tail, &head, &tail)
 	|| !get_bn_from_mpint(env, head, &rsa->n)
 	|| !enif_is_empty_list(env, tail)) {
-    badarg:
+	
 	ret = enif_make_badarg(env);
     }
     else {
-	if (is_sha) {
+	if (type == atom_sha) {
 	    SHA1(data_bin.data+4, data_bin.size-4, hmacbuf);
 	    i = RSA_verify(NID_sha1, hmacbuf, SHA_DIGEST_LENGTH,
 			   sign_bin.data+4, sign_bin.size-4, rsa);
 	}
-	else {
+	else if (type == atom_sha256) {
+	  #ifdef HAVE_SHA256
+	    SHA256(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha256, hmacbuf, SHA256_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;
+	  #endif 
+	}
+	else if (type == atom_sha384) {
+	  #ifdef HAVE_SHA384
+	    SHA384(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha384, hmacbuf, SHA384_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;
+	  #endif 
+	}
+	else if (type == atom_sha512) {
+	  #ifdef HAVE_SHA512
+	    SHA512(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha512, hmacbuf, SHA512_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;	    
+	  #endif
+	}
+	else if (type == atom_md5) {
 	    MD5(data_bin.data+4, data_bin.size-4, hmacbuf);
 	    i = RSA_verify(NID_md5, hmacbuf, MD5_DIGEST_LENGTH,
 			   sign_bin.data+4, sign_bin.size-4, rsa);
 	}
+	else {
+	    ret = enif_make_badarg(env);
+	    goto done;
+	}
 	ret = (i==1 ? atom_true : atom_false);
-    }
+    }    
+done:
     RSA_free(rsa);
     return ret;
 }
@@ -1189,30 +1430,31 @@ static ERL_NIF_TERM rc4_encrypt_with_state(ErlNifEnv* env, int argc, const ERL_N
     return enif_make_tuple2(env,new_state,new_data);
 }   
 
-static ERL_NIF_TERM rc2_40_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM rc2_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Key,IVec,Data,IsEncrypt) */
     ErlNifBinary key_bin, ivec_bin, data_bin;
     RC2_KEY rc2_key;
     ERL_NIF_TERM ret;
-
+    unsigned char iv_copy[8];
+    
     if (!enif_inspect_iolist_as_binary(env, argv[0], &key_bin)
-	|| key_bin.size != 5
+	|| (key_bin.size != 5 && key_bin.size != 8 && key_bin.size != 16)
 	|| !enif_inspect_binary(env, argv[1], &ivec_bin)
 	|| ivec_bin.size != 8
-	|| !enif_inspect_iolist_as_binary(env, argv[2], &data_bin)) {
-
+	|| !enif_inspect_iolist_as_binary(env, argv[2], &data_bin)
+	|| data_bin.size % 8 != 0) {
 	return enif_make_badarg(env);
     }
-
-    RC2_set_key(&rc2_key, 5, key_bin.data, 40);
+    
+    RC2_set_key(&rc2_key, key_bin.size, key_bin.data, key_bin.size*8);
+    memcpy(iv_copy, ivec_bin.data, 8);
     RC2_cbc_encrypt(data_bin.data,
-		    enif_make_new_binary(env, data_bin.size, &ret), 
+		    enif_make_new_binary(env, data_bin.size, &ret),
 		    data_bin.size, &rc2_key,
-		    ivec_bin.data,
+		    iv_copy,
 		    (argv[3] == atom_true));
-
     return ret;
-}   
+}
 
 static ERL_NIF_TERM rsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Type,Data,Key=[E,N,D]) */
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 4c20f81cae..8cb893cd1c 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
@@ -334,14 +334,16 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
     </func>
     <func>
       <name>sha_mac(Key, Data) -> Mac</name>
+      <name>sha_mac(Key, Data, MacLength) -> Mac</name>
       <fsummary>Compute an <c>MD5 MAC</c>message authentification code</fsummary>
       <type>
         <v>Key = Data = iolist() | binary()</v>
         <v>Mac = binary()</v>
+	<v>MacLenength = integer() =&lt; 20 </v>
       </type>
       <desc>
         <p>Computes an <c>SHA MAC</c> message authentification code
-          from <c>Key</c> and <c>Data</c>, where the length of the Mac
+          from <c>Key</c> and <c>Data</c>, where the default length of the Mac
           is 160 bits (20 bytes).</p>
       </desc>
     </func>
@@ -404,6 +406,51 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </desc>
     </func>
     <func>
+      <name>des_cfb_encrypt(Key, IVec, Text) -> Cipher</name>
+      <fsummary>Encrypt <c>Text</c>according to DES in CFB mode</fsummary>
+      <type>
+        <v>Key = Text = iolist() | binary()</v>
+        <v>IVec = Cipher = binary()</v>
+      </type>
+      <desc>
+        <p>Encrypts <c>Text</c> according to DES in 8-bit CFB
+          mode. <c>Key</c> is the DES key, and <c>IVec</c> is an
+          arbitrary initializing vector. The lengths of <c>Key</c> and
+          <c>IVec</c> must be 64 bits (8 bytes).</p>
+      </desc>
+    </func>
+    <func>
+      <name>des_cfb_decrypt(Key, IVec, Cipher) -> Text</name>
+      <fsummary>Decrypt <c>Cipher</c>according to DES in CFB mode</fsummary>
+      <type>
+        <v>Key = Cipher = iolist() | binary()</v>
+        <v>IVec = Text = binary()</v>
+      </type>
+      <desc>
+        <p>Decrypts <c>Cipher</c> according to DES in 8-bit CFB mode.
+          <c>Key</c> is the DES key, and <c>IVec</c> is an arbitrary
+          initializing vector.  <c>Key</c> and <c>IVec</c> must have
+          the same values as those used when encrypting.  The lengths of
+          <c>Key</c> and <c>IVec</c> must be 64 bits (8 bytes).</p>
+      </desc>
+    </func>
+    <func>
+      <name>des_cfb_ivec(IVec, Data) -> NextIVec</name>
+      <fsummary>Get <c>IVec</c> to be used in next iteration of
+                <c>des_cfb_[ecrypt|decrypt]</c></fsummary>
+      <type>
+        <v>IVec = iolist() | binary()</v>
+        <v>Data = iolist() | binary()</v>
+        <v>NextIVec = binary()</v>
+      </type>
+      <desc>
+        <p>Returns the <c>IVec</c> to be used in a next iteration of
+          <c>des_cfb_[encrypt|decrypt]</c>. <c>IVec</c> is the vector
+          used in the previous iteration step. <c>Data</c> is the encrypted
+          data from the previous iteration step.</p>
+      </desc>
+    </func>
+    <func>
       <name>des3_cbc_encrypt(Key1, Key2, Key3, IVec, Text) -> Cipher</name>
       <fsummary>Encrypt <c>Text</c>according to DES3 in CBC mode</fsummary>
       <type>
@@ -421,7 +468,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
     </func>
     <func>
       <name>des3_cbc_decrypt(Key1, Key2, Key3, IVec, Cipher) -> Text</name>
-      <fsummary>Decrypt <c>Cipher</c>according to DES in CBC mode</fsummary>
+      <fsummary>Decrypt <c>Cipher</c>according to DES3 in CBC mode</fsummary>
       <type>
         <v>Key1 = Key2 = Key3 = Cipher = iolist() | binary()</v>
         <v>IVec = Text = binary()</v>
@@ -437,6 +484,38 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
           <c>Key3</c>, and <c>IVec</c> must be 64 bits (8 bytes).</p>
       </desc>
     </func>
+    <func>
+      <name>des3_cfb_encrypt(Key1, Key2, Key3, IVec, Text) -> Cipher</name>
+      <fsummary>Encrypt <c>Text</c>according to DES3 in CFB mode</fsummary>
+      <type>
+        <v>Key1 =Key2 = Key3 Text = iolist() | binary()</v>
+        <v>IVec = Cipher = binary()</v>
+      </type>
+      <desc>
+        <p>Encrypts <c>Text</c> according to DES3 in 8-bit CFB
+          mode. <c>Key1</c>, <c>Key2</c>, <c>Key3</c>, are the DES
+          keys, and <c>IVec</c> is an arbitrary initializing
+          vector. The lengths of each of <c>Key1</c>, <c>Key2</c>,
+          <c>Key3</c> and <c>IVec</c> must be 64 bits (8 bytes).</p>
+      </desc>
+    </func>
+    <func>
+      <name>des3_cfb_decrypt(Key1, Key2, Key3, IVec, Cipher) -> Text</name>
+      <fsummary>Decrypt <c>Cipher</c>according to DES3 in CFB mode</fsummary>
+      <type>
+        <v>Key1 = Key2 = Key3 = Cipher = iolist() | binary()</v>
+        <v>IVec = Text = binary()</v>
+      </type>
+      <desc>
+        <p>Decrypts <c>Cipher</c> according to DES3 in 8-bit CFB mode.
+          <c>Key1</c>, <c>Key2</c>, <c>Key3</c> are the DES key, and
+          <c>IVec</c> is an arbitrary initializing vector.
+          <c>Key1</c>, <c>Key2</c>, <c>Key3</c> and <c>IVec</c> must
+          and <c>IVec</c> must have the same values as those used when
+          encrypting.  The lengths of <c>Key1</c>, <c>Key2</c>,
+          <c>Key3</c>, and <c>IVec</c> must be 64 bits (8 bytes).</p>
+      </desc>
+    </func>
 
     <func>
       <name>des_ecb_encrypt(Key, Text) -> Cipher</name>
@@ -817,7 +896,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
         <v>Key = [E, N]</v>
         <v>E, N = Mpint</v>
         <d>Where <c>E</c> is the public exponent and <c>N</c> is public modulus.</d>
-	<v>DigestType = md5 | sha</v>
+	<v>DigestType = md5 | sha | sha256 | sha384 | sha512</v>
 	<d> The default <c>DigestType</c> is sha.</d>
         <v>Mpint = binary()</v>
       </type>
@@ -826,6 +905,8 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
           and verifies that the digest matches the RSA signature using the
           signer's public key <c>Key</c>.
 	</p>
+	<p>May throw exception <c>notsup</c> in case the chosen <c>DigestType</c>
+	is not supported by the underlying OpenSSL implementation.</p>
       </desc>
     </func>
     
@@ -969,6 +1050,30 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
     </func>
 
     <func>
+      <name>rc2_cbc_encrypt(Key, IVec, Text) -> Cipher</name>
+      <fsummary>Encrypt <c>Text</c>according to RC2 in CBC mode</fsummary>
+      <type>
+        <v>Key = Text = iolist() | binary()</v>
+        <v>Ivec = Cipher = binary()</v>
+      </type>
+      <desc>
+        <p>Encrypts <c>Text</c> according to RC2 in CBC mode.</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>rc2_cbc_decrypt(Key, IVec, Cipher) -> Text</name>
+      <fsummary>Decrypts <c>Cipher</c>according to RC2 in CBC mode</fsummary>
+      <type>
+        <v>Key = Text = iolist() | binary()</v>
+        <v>Ivec = Cipher = binary()</v>
+      </type>
+      <desc>
+        <p>Decrypts <c>Cipher</c> according to RC2 in CBC mode.</p>
+      </desc>
+    </func>
+    
+    <func>
       <name>rc4_encrypt(Key, Data) -> Result</name>
       <fsummary>Encrypt data using RC4</fsummary>
       <type>
diff --git a/lib/crypto/doc/src/make.dep b/lib/crypto/doc/src/make.dep
deleted file mode 100644
index 73b090bbb6..0000000000
--- a/lib/crypto/doc/src/make.dep
+++ /dev/null
@@ -1,20 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex crypto.tex crypto_app.tex licenses.tex \
-		ref_man.tex usersguide.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 763f79e02d..3a44550ae2 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -30,6 +30,44 @@
   </header>
   <p>This document describes the changes made to the Crypto application.</p>
 
+<section><title>Crypto 2.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Add DES and Triple DES cipher feedback (CFB) mode
+	    functions to <c>crypto</c>. (Thanks to Paul Guyot)</p>
+          <p>
+	    Own Id: OTP-9640</p>
+        </item>
+        <item>
+          <p>
+	    Add sha256, sha384 and sha512 support for
+	    <c>crypto:rsa_verify</c>.</p>
+          <p>
+	    Own Id: OTP-9778</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Crypto 2.0.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index c3e13d6b91..d7aac27825 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -25,13 +25,15 @@
 -export([md4/1, md4_init/0, md4_update/2, md4_final/1]).
 -export([md5/1, md5_init/0, md5_update/2, md5_final/1]).
 -export([sha/1, sha_init/0, sha_update/2, sha_final/1]).
-%-export([sha256/1, sha256_init/0, sha256_update/2, sha256_final/1]).
-%-export([sha512/1, sha512_init/0, sha512_update/2, sha512_final/1]).
--export([md5_mac/2, md5_mac_96/2, sha_mac/2, sha_mac_96/2]).
+-export([sha256/1, sha256_init/0, sha256_update/2, sha256_final/1]).
+-export([sha512/1, sha512_init/0, sha512_update/2, sha512_final/1]).
+-export([md5_mac/2, md5_mac_96/2, sha_mac/2, sha_mac/3, sha_mac_96/2]).
 -export([hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]).
 -export([des_cbc_encrypt/3, des_cbc_decrypt/3, des_cbc_ivec/1]).
 -export([des_ecb_encrypt/2, des_ecb_decrypt/2]).
+-export([des_cfb_encrypt/3, des_cfb_decrypt/3, des_cfb_ivec/2]).
 -export([des3_cbc_encrypt/5, des3_cbc_decrypt/5]).
+-export([des3_cfb_encrypt/5, des3_cfb_decrypt/5]).
 -export([blowfish_ecb_encrypt/2, blowfish_ecb_decrypt/2]).
 -export([blowfish_cbc_encrypt/3, blowfish_cbc_decrypt/3]).
 -export([blowfish_cfb64_encrypt/3, blowfish_cfb64_decrypt/3]).
@@ -40,7 +42,7 @@
 -export([aes_cfb_128_encrypt/3, aes_cfb_128_decrypt/3]).
 -export([exor/2]).
 -export([rc4_encrypt/2, rc4_set_key/1, rc4_encrypt_with_state/2]).
--export([rc2_40_cbc_encrypt/3, rc2_40_cbc_decrypt/3]).
+-export([rc2_cbc_encrypt/3, rc2_cbc_decrypt/3, rc2_40_cbc_encrypt/3, rc2_40_cbc_decrypt/3]).
 -export([dss_verify/3, dss_verify/4, rsa_verify/3, rsa_verify/4]).
 -export([dss_sign/2, dss_sign/3, rsa_sign/2, rsa_sign/3]).
 -export([rsa_public_encrypt/3, rsa_private_decrypt/3]).
@@ -62,14 +64,16 @@
 -define(FUNC_LIST, [md4, md4_init, md4_update, md4_final,
 		    md5, md5_init, md5_update, md5_final,
 		    sha, sha_init, sha_update, sha_final,
-%% 		    sha256, sha256_init, sha256_update, sha256_final,
-%% 		    sha512, sha512_init, sha512_update, sha512_final,
+ 		    sha256, sha256_init, sha256_update, sha256_final,
+ 		    sha512, sha512_init, sha512_update, sha512_final,
 		    md5_mac,  md5_mac_96,
 		    sha_mac,  sha_mac_96,
                     sha_mac_init, sha_mac_update, sha_mac_final,
 		    des_cbc_encrypt, des_cbc_decrypt,
+		    des_cfb_encrypt, des_cfb_decrypt,
 		    des_ecb_encrypt, des_ecb_decrypt,
 		    des_ede3_cbc_encrypt, des_ede3_cbc_decrypt,
+		    des_ede3_cfb_encrypt, des_ede3_cfb_decrypt,
 		    aes_cfb_128_encrypt, aes_cfb_128_decrypt,
 		    rand_bytes,
 		    strong_rand_bytes,
@@ -79,7 +83,7 @@
 		    dss_verify,dss_sign,
 		    rsa_verify,rsa_sign,
 		    rsa_public_encrypt,rsa_private_decrypt, 
-		    rsa_private_encrypt,rsa_public_decrypt, 
+		    rsa_private_encrypt,rsa_public_decrypt,
 		    dh_generate_key, dh_compute_key,
 		    aes_cbc_128_encrypt, aes_cbc_128_decrypt,
 		    exor,
@@ -87,11 +91,11 @@
 		    rc2_40_cbc_encrypt, rc2_40_cbc_decrypt,
 		    %% idea_cbc_encrypt, idea_cbc_decrypt,
 		    aes_cbc_256_encrypt, aes_cbc_256_decrypt,
-            aes_ctr_encrypt, aes_ctr_decrypt,
+		    aes_ctr_encrypt, aes_ctr_decrypt,
                     aes_ctr_stream_init, aes_ctr_stream_encrypt, aes_ctr_stream_decrypt,
 		    info_lib]).
 
--type rsa_digest_type() :: 'md5' | 'sha'.
+-type rsa_digest_type() :: 'md5' | 'sha' | 'sha256' | 'sha384' | 'sha512'.
 -type dss_digest_type() :: 'none' | 'sha'.
 -type crypto_integer() :: binary() | integer().
 
@@ -215,6 +219,73 @@ sha_init() -> ?nif_stub.
 sha_update(_Context, _Data) -> ?nif_stub.
 sha_final(_Context) -> ?nif_stub.
 
+%
+%% SHA256
+%%
+-spec sha256(iodata()) -> binary().
+-spec sha256_init() -> binary().
+-spec sha256_update(binary(), iodata()) -> binary().
+-spec sha256_final(binary()) -> binary().
+
+sha256(Data) ->
+    case sha256_nif(Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_init() ->
+    case sha256_init_nif() of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_update(Context, Data) ->
+    case sha256_update_nif(Context, Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_final(Context) ->
+    case sha256_final_nif(Context) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+
+sha256_nif(_Data) -> ?nif_stub.
+sha256_init_nif() -> ?nif_stub.
+sha256_update_nif(_Context, _Data) -> ?nif_stub.
+sha256_final_nif(_Context) -> ?nif_stub.
+
+%
+%% SHA512
+%%
+-spec sha512(iodata()) -> binary().
+-spec sha512_init() -> binary().
+-spec sha512_update(binary(), iodata()) -> binary().
+-spec sha512_final(binary()) -> binary().
+
+sha512(Data) ->
+    case sha512_nif(Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_init() ->
+    case sha512_init_nif() of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_update(Context, Data) ->
+    case sha512_update_nif(Context, Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_final(Context) ->
+    case sha512_final_nif(Context) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+
+sha512_nif(_Data) -> ?nif_stub.
+sha512_init_nif() -> ?nif_stub.
+sha512_update_nif(_Context, _Data) -> ?nif_stub.
+sha512_final_nif(_Context) -> ?nif_stub.
 
 %%
 %%  MESSAGE AUTHENTICATION CODES
@@ -256,6 +327,9 @@ md5_mac_n(_Key,_Data,_MacSz) -> ?nif_stub.
 sha_mac(Key, Data) ->
     sha_mac_n(Key,Data,20).
 
+sha_mac(Key, Data, Size) ->
+    sha_mac_n(Key, Data, Size).
+
 sha_mac_96(Key, Data) ->
     sha_mac_n(Key,Data,12).
 
@@ -294,6 +368,33 @@ des_cbc_ivec(Data) when is_list(Data) ->
     des_cbc_ivec(list_to_binary(Data)).
 
 %%
+%% DES - in 8-bits cipher feedback mode (CFB)
+%%
+-spec des_cfb_encrypt(iodata(), binary(), iodata()) -> binary().
+-spec des_cfb_decrypt(iodata(), binary(), iodata()) -> binary().
+
+des_cfb_encrypt(Key, IVec, Data) ->
+    des_cfb_crypt(Key, IVec, Data, true).
+
+des_cfb_decrypt(Key, IVec, Data) ->
+    des_cfb_crypt(Key, IVec, Data, false).
+
+des_cfb_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub.
+
+%%
+%% dec_cfb_ivec(IVec, Data) -> binary()
+%%
+%% Returns the IVec to be used in the next iteration of
+%% des_cfb_[encrypt|decrypt].
+%%
+-spec des_cfb_ivec(iodata(), iodata()) -> binary().
+
+des_cfb_ivec(IVec, Data) ->
+    IVecAndData = list_to_binary([IVec, Data]),
+    {_, NewIVec} = split_binary(IVecAndData, byte_size(IVecAndData) - 8),
+    NewIVec.
+
+%%
 %% DES - in electronic codebook mode (ECB)
 %%
 -spec des_ecb_encrypt(iodata(), iodata()) -> binary().
@@ -326,6 +427,26 @@ des_ede3_cbc_decrypt(Key1, Key2, Key3, IVec, Data) ->
 des_ede3_cbc_crypt(_Key1, _Key2, _Key3, _IVec, _Data, _IsEncrypt) -> ?nif_stub.    
 
 %%
+%% DES3 - in 8-bits cipher feedback mode (CFB)
+%%
+-spec des3_cfb_encrypt(iodata(), iodata(), iodata(), binary(), iodata()) ->
+			     binary().
+-spec des3_cfb_decrypt(iodata(), iodata(), iodata(), binary(), iodata()) ->
+			     binary().
+
+des3_cfb_encrypt(Key1, Key2, Key3, IVec, Data) ->
+    des_ede3_cfb_encrypt(Key1, Key2, Key3, IVec, Data).
+des_ede3_cfb_encrypt(Key1, Key2, Key3, IVec, Data) ->
+    des_ede3_cfb_crypt(Key1, Key2, Key3, IVec, Data, true).
+
+des3_cfb_decrypt(Key1, Key2, Key3, IVec, Data) ->
+    des_ede3_cfb_decrypt(Key1, Key2, Key3, IVec, Data).
+des_ede3_cfb_decrypt(Key1, Key2, Key3, IVec, Data) ->
+    des_ede3_cfb_crypt(Key1, Key2, Key3, IVec, Data, false).
+
+des_ede3_cfb_crypt(_Key1, _Key2, _Key3, _IVec, _Data, _IsEncrypt) -> ?nif_stub.
+
+%%
 %% Blowfish
 %%
 -spec blowfish_ecb_encrypt(iodata(), iodata()) -> binary().
@@ -468,8 +589,14 @@ dss_verify(_Type,_Data,_Signature,_Key) -> ?nif_stub.
 
 % Key = [E,N]  E=PublicExponent N=PublicModulus
 rsa_verify(Data,Signature,Key) ->
-    rsa_verify(sha, Data,Signature,Key).
-rsa_verify(_Type,_Data,_Signature,_Key) -> ?nif_stub.
+    rsa_verify_nif(sha, Data,Signature,Key).
+rsa_verify(Type, Data, Signature, Key) ->
+    case rsa_verify_nif(Type, Data, Signature, Key) of
+    	notsup -> erlang:error(notsup);
+	Bool -> Bool
+    end.
+
+rsa_verify_nif(_Type, _Data, _Signature, _Key) -> ?nif_stub.
 
 
 %%
@@ -638,16 +765,25 @@ rc4_encrypt(_Key, _Data) -> ?nif_stub.
 rc4_set_key(_Key) -> ?nif_stub.
 rc4_encrypt_with_state(_State, _Data) -> ?nif_stub.
 
+
+%% RC2 block cipher
+
+rc2_cbc_encrypt(Key, IVec, Data) ->
+    rc2_cbc_crypt(Key,IVec,Data,true).
+
+rc2_cbc_decrypt(Key, IVec, Data) ->
+    rc2_cbc_crypt(Key,IVec,Data,false).
+
+rc2_cbc_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub.
+
 %%
-%% RC2 - 40 bits block cipher
+%% RC2 - 40 bits block cipher - Backwards compatibility not documented.
 %%
-rc2_40_cbc_encrypt(Key, IVec, Data) ->
-    rc2_40_cbc_crypt(Key,IVec,Data,true).
-
-rc2_40_cbc_decrypt(Key, IVec, Data) ->
-    rc2_40_cbc_crypt(Key,IVec,Data,false).
+rc2_40_cbc_encrypt(Key, IVec, Data) when erlang:byte_size(Key) == 5 ->
+    rc2_cbc_crypt(Key,IVec,Data,true).
 
-rc2_40_cbc_crypt(_Key, _IVec, _Data, _IsEncrypt) -> ?nif_stub.    
+rc2_40_cbc_decrypt(Key, IVec, Data)  when erlang:byte_size(Key) == 5 ->
+    rc2_cbc_crypt(Key,IVec,Data,false).
 
 %%
 %% DH Diffie-Hellman functions
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 486751766b..627c966dfb 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -44,7 +44,12 @@
 	 md5_mac_io/1,
 	 des_cbc/1,
 	 des_cbc_iter/1,
+	 des_cfb/1,
+	 des_cfb_iter/1,
 	 des_ecb/1,
+	 des3_cbc/1,
+	 des3_cfb/1,
+	 rc2_cbc/1,
 	 aes_cfb/1,
 	 aes_cbc/1,
 	 aes_cbc_iter/1,
@@ -63,28 +68,29 @@
 	 rc4_test/1,
 	 rc4_stream_test/1,
 	 blowfish_cfb64/1,
-	 smp/1,
-	 cleanup/1]).
+	 smp/1]).
 
 -export([hexstr2bin/1]).
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [link_test, md5, md5_update, md4, md4_update, md5_mac,
-     md5_mac_io, sha, sha_update, 
-     hmac_update_sha, hmac_update_sha_n, hmac_update_md5_n, hmac_update_md5_io, hmac_update_md5,
-     %% sha256, sha256_update, sha512,sha512_update,
-     des_cbc, aes_cfb, aes_cbc,
-     aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_ecb,
-     rand_uniform_test, strong_rand_test,
-     rsa_verify_test, dsa_verify_test, rsa_sign_test,
-     dsa_sign_test, rsa_encrypt_decrypt, dh, exor_test,
-     rc4_test, rc4_stream_test, mod_exp_test, blowfish_cfb64,
-     smp].
-
-groups() -> 
-    [].
+    [link_test, {group, info}].
+
+groups() ->
+    [{info, [sequence],[info, {group, rest}]},
+     {rest, [],
+      [md5, md5_update, md4, md4_update, md5_mac,
+       md5_mac_io, sha, sha_update,
+       hmac_update_sha, hmac_update_sha_n, hmac_update_md5_n,
+       hmac_update_md5_io, hmac_update_md5,
+       des_cbc, aes_cfb, aes_cbc,
+       aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_ecb,
+       rand_uniform_test, strong_rand_test,
+       rsa_verify_test, dsa_verify_test, rsa_sign_test,
+       dsa_sign_test, rsa_encrypt_decrypt, dh, exor_test,
+       rc4_test, rc4_stream_test, mod_exp_test, blowfish_cfb64,
+       smp]}].
 
 init_per_suite(Config) ->
     Config.
@@ -98,11 +104,15 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
+init_per_testcase(info, Config) ->
+    Config;
 init_per_testcase(_Name,Config) ->
     io:format("init_per_testcase\n"),
     ?line crypto:start(),
     Config.
 
+end_per_testcase(info, Config) ->
+    Config;
 end_per_testcase(_Name,Config) ->
     io:format("end_per_testcase\n"),
     ?line crypto:stop(),
@@ -190,13 +200,6 @@ info(Config) when is_list(Config) ->
 	    ?line crypto:stop()
     end.
 
-cleanup(doc) ->
-    ["Cleanup (dummy)."];
-cleanup(suite) ->
-    [];
-cleanup(Config) when is_list(Config) ->
-    Config.
-
 %%
 %%
 md5(doc) ->
@@ -292,7 +295,7 @@ sha(Config) when is_list(Config) ->
 		hexstr2bin("84983E441C3BD26EBAAE4AA1F95129E5E54670F1")).
 
 
-%% 
+%%
 hmac_update_sha_n(doc) ->
     ["Request a larger-than-allowed SHA1 HMAC using hmac_init, hmac_update, and hmac_final_n. "
      "Expected values for examples are generated using crypto:sha_mac." ];
@@ -343,7 +346,7 @@ hmac_update_md5(Config) when is_list(Config) ->
     Key2 = "A fine speach by a fine man!",
     ?line Long1 = "Four score and seven years ago our fathers brought forth on this continent a new nation, conceived in liberty, and dedicated to the proposition that all men are created equal.",
     ?line Long2 = "Now we are engaged in a great civil war, testing whether that nation, or any nation, so conceived and so dedicated, can long endure. We are met on a great battle-field of that war. We have come to dedicate a portion of that field, as a final resting place for those who here gave their lives that that nation might live. It is altogether fitting and proper that we should do this.",
-    ?line Long3 = "But, in a larger sense, we can not dedicate, we can not consecrate, we can not hallow this ground. The brave men, living and dead, who struggled here, have consecrated it, far above our poor power to add or detract. The world will little note, nor long remember what we say here, but it can never forget what they did here. It is for us the living, rather, to be dedicated here to the unfinished work which they who fought here have thus far so nobly advanced. It is rather for us to be here dedicated to the great task remaining before us-that from these honored dead we take increased devotion to that cause for which they gave the last full measure of devotion—that we here highly resolve that these dead shall not have died in vain-that this nation, under God, shall have a new birth of freedom-and that government of the people, by the people, for the people, shall not perish from the earth.",
+    ?line Long3 = "But, in a larger sense, we can not dedicate, we can not consecrate, we can not hallow this ground. The brave men, living and dead, who struggled here, have consecrated it, far above our poor power to add or detract. The world will little note, nor long remember what we say here, but it can never forget what they did here. It is for us the living, rather, to be dedicated here to the unfinished work which they who fought here have thus far so nobly advanced. It is rather for us to be here dedicated to the great task remaining before us-that from these honored dead we take increased devotion to that cause for which they gave the last full measure of devotion that we here highly resolve that these dead shall not have died in vain-that this nation, under God, shall have a new birth of freedom-and that government of the people, by the people, for the people, shall not perish from the earth.",
     ?line CtxA = crypto:hmac_init(md5, Key2),
     ?line CtxB = crypto:hmac_update(CtxA, Long1),
     ?line CtxC = crypto:hmac_update(CtxB, Long2),
@@ -547,6 +550,40 @@ des_cbc_iter(Config) when is_list(Config) ->
 
 %%
 %%
+des_cfb(doc) ->
+    "Encrypt and decrypt according to CFB DES. and check the result. "
+	"Example is from FIPS-81.";
+des_cfb(suite) ->
+    [];
+des_cfb(Config) when is_list(Config) ->
+    ?line Key =  hexstr2bin("0123456789abcdef"),
+    ?line IVec = hexstr2bin("1234567890abcdef"),
+    ?line Plain = "Now is the",
+    ?line Cipher = crypto:des_cfb_encrypt(Key, IVec, Plain),
+    ?line m(Cipher, hexstr2bin("f31fda07011462ee187f")),
+    ?line m(list_to_binary(Plain),
+	    crypto:des_cfb_decrypt(Key, IVec, Cipher)).
+
+%%
+%%
+des_cfb_iter(doc) ->
+        "Encrypt and decrypt according to CFB DES in two steps, and "
+    "check the result. Example is from FIPS-81.";
+des_cfb_iter(suite) ->
+    [];
+des_cfb_iter(Config) when is_list(Config) ->
+    ?line Key =  hexstr2bin("0123456789abcdef"),
+    ?line IVec = hexstr2bin("1234567890abcdef"),
+    ?line Plain1 = "Now i",
+    ?line Plain2 = "s the",
+    ?line Cipher1 = crypto:des_cfb_encrypt(Key, IVec, Plain1),
+    ?line IVec2 = crypto:des_cfb_ivec(IVec, Cipher1),
+    ?line Cipher2 = crypto:des_cfb_encrypt(Key, IVec2, Plain2),
+    ?line Cipher = list_to_binary([Cipher1, Cipher2]),
+    ?line m(Cipher, hexstr2bin("f31fda07011462ee187f")).
+
+%%
+%%
 des_ecb(doc) ->
     "Encrypt and decrypt according to ECB DES and check the result. "
     "Example are from FIPS-81.";
@@ -566,6 +603,81 @@ des_ecb(Config) when is_list(Config) ->
     ?line m(Cipher5, <<"he time ">>),
     ?line Cipher6 = crypto:des_ecb_decrypt(Key, hexstr2bin("893d51ec4b563b53")),
     ?line m(Cipher6, <<"for all ">>).
+%%
+%%
+rc2_cbc(doc) ->
+    "Encrypt and decrypt according to RC2 CBC and check the result. "
+    "Example stripped out from public_key application test";
+rc2_cbc(Config) when is_list(Config) ->
+   
+    Key = <<146,210,160,124,215,227,153,239,227,17,222,140,3,93,27,191>>,
+    IV = <<72,91,135,182,25,42,35,210>>,
+
+    Cipher = <<36,245,206,158,168,230,58,69,148,137,32,192,250,41,237,181,181,251, 192,2,175,135,177,171,57,30,111,117,159,149,15,28,88,158,28,81,28,115, 85,219,241,82,117,222,91,85,73,117,164,25,182,52,191,64,123,57,26,19, 211,27,253,31,194,219,231,104,247,240,172,130,119,21,225,154,101,247, 32,216,42,216,133,169,78,22,97,27,227,26,196,224,172,168,17,9,148,55, 203,91,252,40,61,226,236,221,215,160,78,63,13,181,68,57,196,241,185, 207, 116,129,152,237,60,139,247,153,27,146,161,246,222,98,185,222,152, 187,135, 236,86,34,7,110,91,230,173,34,160,242,202,222,121,127,181,140, 101,203,195, 190,88,250,86,147,127,87,72,126,171,16,71,47,110,248,88, 14,29,143,161,152, 129,236,148,22,152,186,208,119,70,8,174,193,203,100, 193,203,200,117,102,242, 134,142,96,125,135,200,217,190,76,117,50,70, 209,186,101,241,200,91,40,193,54, 90,195,38,47,59,197,38,234,86,223,16, 51,253,204,129,20,171,66,21,241,26,135,216, 196,114,110,91,15,53,40, 164,201,136,113,95,247,51,181,208,241,68,168,98,151,36, 155,72,24,57, 42,191,14,125,204,10,167,214,233,138,115,125,234,121,134,227,26,247, 77,200,117,110,117,111,168,156,206,67,159,149,189,173,150,193,91,199, 216,153,22, 189,137,185,89,160,13,131,132,58,109,28,110,246,252,251,14, 232,91,38,52,29,101,188,69,123,50,0,130,178,93,73,239,118,7,77,35,59, 253,10,159,45,86,142,37,78,232,48>>,
+    Text = <<48,130,1,85,2,1,0,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,4,130,1,63,48,130, 1,59,2,1,0,2,65,0,222,187,252,44,9,214,27,173,162,169,70,47,36,34,78,84,204, 107,60,192,117,95,21,206,49,142,245,126,121,223,23,2,107,106,133,204,161,36, 40,2,114,69,4,93,242,5,42,50,154,47,154,211,209,123,120,161,5,114,173,155,34, 191,52,59,2,3,1,0,1,2,64,45,144,169,106,220,236,71,39,67,82,123,192,35,21,61, 143,13,110,150,180,12,142,210,40,39,109,70,125,132,51,6,66,159,134,112,85, 155,243,118,221,65,133,127,99,151,194,252,141,149,224,229,62,214,45,228,32, 184,85,67,14,228,161,184,161,2,33,0,255,202,240,131,130,57,49,224,115,255,83, 79,6,165,212,21,179,212,20,188,97,74,69,68,163,223,247,237,39,24,23,235,2,33, 0,222,234,48,36,33,23,219,45,59,136,55,245,143,29,165,48,255,131,207,146,131, 104,13,163,54,131,236,78,88,54,16,241,2,33,0,230,2,99,129,173,176,166,131, 241,106,143,76,9,107,70,41,121,185,228,39,124,200,159,62,216,169,5,180,111, 169,255,159,2,33,0,151,193,70,212,209,210,179,219,175,83,165,4,255,81,103,76, 92,39,24,0,222,132,208,3,244,241,10,198,171,54,227,129,2,32,43,250,20,31,16, 189,168,116,225,1,125,132,94,130,118,124,28,56,232,39,69,218,244,33,240,200, 205,9,215,101,35,135,7,7,7,7,7,7,7>>,
+    
+    Text = crypto:rc2_cbc_decrypt(Key, IV, Cipher),
+    Cipher = crypto:rc2_cbc_encrypt(Key, IV, Text).
+
+%%
+%%
+des3_cbc(doc) ->
+    "Encrypt and decrypt according to CBC 3DES, and check the result.";
+des3_cbc(suite) ->
+    [];
+des3_cbc(Config) when is_list(Config) ->
+    ?line Key1 = hexstr2bin("0123456789abcdef"),
+    ?line Key2 = hexstr2bin("fedcba9876543210"),
+    ?line Key3 = hexstr2bin("0f2d4b6987a5c3e1"),
+    ?line IVec = hexstr2bin("1234567890abcdef"),
+    ?line Plain = "Now is the time for all ",
+    ?line Cipher = crypto:des3_cbc_encrypt(Key1, Key2, Key3, IVec, Plain),
+    ?line m(Cipher, hexstr2bin("8a2667ee5577267cd9b1af2c5a0480"
+			       "0bac1ae66970fb2b89")),
+    ?line m(list_to_binary(Plain),
+	    crypto:des3_cbc_decrypt(Key1, Key2, Key3, IVec, Cipher)),
+    ?line Plain2 = "7654321 Now is the time for " ++ [0, 0, 0, 0],
+    ?line Cipher2 = crypto:des3_cbc_encrypt(Key1, Key2, Key3, IVec, Plain2),
+    ?line m(Cipher2, hexstr2bin("eb33ec6ede2c8e90f6877e77b95d5"
+				"4c83cee22907f7f0041ca1b7abe202bfafe")),
+    ?line m(list_to_binary(Plain2),
+	    crypto:des3_cbc_decrypt(Key1, Key2, Key3, IVec, Cipher2)),
+
+    ?line Key =  hexstr2bin("0123456789abcdef"),
+    ?line DESCipher = crypto:des3_cbc_encrypt(Key, Key, Key, IVec, Plain),
+    ?line m(DESCipher, hexstr2bin("e5c7cdde872bf27c43e934008c389c"
+			       "0f683788499a7c05f6")),
+    ?line m(list_to_binary(Plain),
+	    crypto:des3_cbc_decrypt(Key, Key, Key, IVec, DESCipher)),
+    ?line DESCipher2 = crypto:des3_cbc_encrypt(Key, Key, Key, IVec, Plain2),
+    ?line m(DESCipher2, hexstr2bin("b9916b8ee4c3da64b4f44e3cbefb9"
+				"9484521388fa59ae67d58d2e77e86062733")),
+    ?line m(list_to_binary(Plain2),
+	    crypto:des3_cbc_decrypt(Key, Key, Key, IVec, DESCipher2)).
+
+%%
+%%
+des3_cfb(doc) ->
+    "Encrypt and decrypt according to CFB 3DES, and check the result.";
+des3_cfb(suite) ->
+    [];
+des3_cfb(Config) when is_list(Config) ->
+    ?line Key1 = hexstr2bin("0123456789abcdef"),
+    ?line Key2 = hexstr2bin("fedcba9876543210"),
+    ?line Key3 = hexstr2bin("0f2d4b6987a5c3e1"),
+    ?line IVec = hexstr2bin("1234567890abcdef"),
+    ?line Plain = "Now is the time for all ",
+    ?line Cipher = crypto:des3_cfb_encrypt(Key1, Key2, Key3, IVec, Plain),
+    ?line m(Cipher, hexstr2bin("fc0ba7a20646ba53cc8bff263f0937"
+			       "1deab42a00666db02c")),
+    ?line m(list_to_binary(Plain),
+	    crypto:des3_cfb_decrypt(Key1, Key2, Key3, IVec, Cipher)),
+    ?line Plain2 = "7654321 Now is the time for " ++ [0, 0, 0, 0],
+    ?line Cipher2 = crypto:des3_cfb_encrypt(Key1, Key2, Key3, IVec, Plain2),
+    ?line m(Cipher2, hexstr2bin("8582c59ac01897422632c0accb66c"
+				"e413f5efab838fce7e41e2ba67705bad5bc")),
+    ?line m(list_to_binary(Plain2),
+	    crypto:des3_cfb_decrypt(Key1, Key2, Key3, IVec, Cipher2)).
 
 %%
 %%
@@ -1233,8 +1345,8 @@ rc4_test(doc) ->
 rc4_test(suite) ->
     [];
 rc4_test(Config) when is_list(Config) ->
-    CT1 = <<"hej p� dig">>,
-    R1 = <<71,112,14,44,140,33,212,144,155,47>>,
+    CT1 = <<"Yo baby yo">>,
+    R1 = <<118,122,68,110,157,166,141,212,139,39>>,
     K = "apaapa",
     R1 = crypto:rc4_encrypt(K, CT1),
     CT1 = crypto:rc4_encrypt(K, R1),
@@ -1248,14 +1360,14 @@ rc4_stream_test(doc) ->
 rc4_stream_test(suite) ->
     [];
 rc4_stream_test(Config) when is_list(Config) ->
-    CT1 = <<"hej">>,
-    CT2 = <<" p� dig">>,
+    CT1 = <<"Yo ">>,
+    CT2 = <<"baby yo">>,
     K = "apaapa",
     State0 = crypto:rc4_set_key(K),
     {State1, R1} = crypto:rc4_encrypt_with_state(State0, CT1),
     {_State2, R2} = crypto:rc4_encrypt_with_state(State1, CT2),
     R = list_to_binary([R1, R2]),
-    <<71,112,14,44,140,33,212,144,155,47>> = R,
+    <<118,122,68,110,157,166,141,212,139,39>> = R,
     ok.
 
 blowfish_cfb64(doc) -> ["Test Blowfish encrypt/decrypt."];
diff --git a/lib/crypto/vsn.mk b/lib/crypto/vsn.mk
index 33fa9b1ec3..7e82e47d38 100644
--- a/lib/crypto/vsn.mk
+++ b/lib/crypto/vsn.mk
@@ -1 +1 @@
-CRYPTO_VSN = 2.0.4
+CRYPTO_VSN = 2.1
diff --git a/lib/debugger/doc/src/debugger_chapter.xml b/lib/debugger/doc/src/debugger_chapter.xml
index 1f5d4dd5ff..de7784b240 100644
--- a/lib/debugger/doc/src/debugger_chapter.xml
+++ b/lib/debugger/doc/src/debugger_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
 <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -254,19 +254,17 @@ c_break(Bindings) ->
       used, for example, if an error occurs:</p>
     <pre>
 1> <input>catch a+1.</input>
-{'EXIT',{badarith,[{erlang,'+',[a,1]},
-                   {erl_eval,do_apply,5},
-                   {erl_eval,expr,5},
-                   {shell,exprs,6},
-                   {shell,eval_exprs,6},
-                   {shell,eval_loop,3}]}}</pre>
-
-    <p>In the case above, the stack trace shows that the function called
-      last was <c>erl_eval:eval_op/3</c>. See <em>Erlang Reference
-	Manual, Errors and Error handling</em>, for more information
-      about stack trace.</p>
-
-    <p>Debugger emulates the stack trace by keeping track of recently
+{'EXIT',{badarith,[{erlang,'+',[a,1],[]},
+                   {erl_eval,do_apply,5,[{file,"erl_eval.erl"},{line,562}]},
+                   {erl_eval,expr,5,[{file,"erl_eval.erl"},{line,359}]},
+                   {shell,exprs,7,[{file,"shell.erl"},{line,668}]},
+                   {shell,eval_exprs,7,[{file,"shell.erl"},{line,623}]},
+                   {shell,eval_loop,3,[{file,"shell.erl"},{line,608}]}]}}</pre>
+
+    <p>See the <em>Erlang Reference Manual, Errors and Error handling</em>,
+      for more information about the stack trace.</p>
+
+    <p>The Debugger emulates the stack trace by keeping track of recently
       called interpreted functions. (The real stack trace cannot be
       used, as it shows which functions of the Debugger have been
       called, rather than which interpreted functions).</p>
@@ -276,17 +274,15 @@ c_break(Bindings) ->
       <seealso marker="#attach">the Attach Process window</seealso>.
     </p>
 
-    <p>By default, the Debugger saves information about all current
+    <p>By default, the Debugger only saves information about recursive
       function calls, that is, function calls that have not yet returned
-      a value (option 'Stack On, Tail').</p>
-
-    <p>This means, however, that information is saved also for tail
-      recursive calls. For example, repeated calls to the <c>loop</c>
-      function of an Erlang process. This may consume unnecessary
-      amounts of memory for debugged processes with long lifetimes and
-      many tail recursive calls. It is therefore possible to set
-      the option 'Stack On, no tail', in which case information about
-      previous calls are discarded when a tail recursive call is made.
+      a value (option 'Stack On, No Tail').</p>
+
+    <p>Sometimes, however, it can be useful to save all calls, even
+      tail-recursive calls. That can be done with the 'Stack On, Tail'
+      option. Note that this option will consume more memory and slow
+      down execution of interpreted functions when there are many
+      tail-recursive calls.
     </p>
 
     <p>It is also possible to turn off the Debugger stack trace
diff --git a/lib/debugger/doc/src/int.xml b/lib/debugger/doc/src/int.xml
index 8b55461a44..0794685f34 100644
--- a/lib/debugger/doc/src/int.xml
+++ b/lib/debugger/doc/src/int.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1998</year><year>2009</year>
+      <year>1998</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -284,12 +284,12 @@ spawn(Module, Name, [Pid | Args])
 	<list>
 	  <item><c>all</c> - save information about all current calls,
 	    that is, function calls that have not yet returned a value.
-	    This is the default.</item>
+	    </item>
 	  <item><c>no_tail</c> - save information about current calls,
 	    but discard previous information when a tail recursive call
 	    is made. This option consumes less memory and may be
 	    necessary to use for processes with long lifetimes and many
-	    tail recursive calls.</item>
+	    tail recursive calls. This is the default.</item>
 	  <item><c>false</c> - do not save any information about current
 	    calls.</item>
 	</list>
diff --git a/lib/debugger/doc/src/make.dep b/lib/debugger/doc/src/make.dep
deleted file mode 100644
index c11fd3c21c..0000000000
--- a/lib/debugger/doc/src/make.dep
+++ /dev/null
@@ -1,29 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex debugger.tex debugger_chapter.tex \
-		i.tex int.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: part.xml ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: images/attach.ps images/cond_break_dialog.ps \
-		images/function_break_dialog.ps images/interpret.ps \
-		images/line_break_dialog.ps images/monitor.ps \
-		images/view.ps
-
diff --git a/lib/debugger/doc/src/notes.xml b/lib/debugger/doc/src/notes.xml
index 93e447848a..4d8bd8ebe4 100644
--- a/lib/debugger/doc/src/notes.xml
+++ b/lib/debugger/doc/src/notes.xml
@@ -32,6 +32,50 @@
   <p>This document describes the changes made to the Debugger
     application.</p>
 
+<section><title>Debugger 3.2.7</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix "OK" spelling in debugger messages and variables</p>
+          <p>
+	    Simple code refactor in the debugger: renames all the
+	    occurrences of "Ok" to "OK" in the code, variable names
+	    and strings. This improves the consistency of the code
+	    and follows the GTK UI where "OK" is always used.(Thanks
+	    to Ricardo Catalinas Jim�nez)</p>
+          <p>
+	    Own Id: OTP-9699</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Debugger 3.2.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/debugger/src/Makefile b/lib/debugger/src/Makefile
index 8551fe887d..be9a2d13cb 100644
--- a/lib/debugger/src/Makefile
+++ b/lib/debugger/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -44,6 +44,7 @@ MODULES= \
 	dbg_ieval \
 	dbg_iload \
 	dbg_iserver \
+	dbg_istk \
 	dbg_ui_break \
 	dbg_ui_break_win \
 	dbg_ui_edit \
diff --git a/lib/debugger/src/dbg_debugged.erl b/lib/debugger/src/dbg_debugged.erl
index 3732c40c73..4d9ffc4f3b 100644
--- a/lib/debugger/src/dbg_debugged.erl
+++ b/lib/debugger/src/dbg_debugged.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -76,8 +76,8 @@ msg_loop(Meta, Mref, SaveStacktrace) ->
 	    msg_loop(Meta, Mref, SaveStacktrace);
 
 	%% Meta needs something evaluated within context of real process
-	{sys, Meta, {command, Command, Stacktrace}} ->
-	    Reply = handle_command(Command, Stacktrace),
+	{sys, Meta, {command,Command}} ->
+	    Reply = handle_command(Command),
 	    Meta ! {sys, self(), Reply},
 	    msg_loop(Meta, Mref, SaveStacktrace);
 
@@ -93,11 +93,12 @@ msg_loop(Meta, Mref, SaveStacktrace) ->
 	    end
     end.
 
-handle_command(Command, Stacktrace) ->
-    try reply(Command)
+handle_command(Command) ->
+    try
+	reply(Command)
     catch Class:Reason ->
-	    Stacktrace2 = stacktrace_f(erlang:get_stacktrace()),
-	    {exception, {Class,Reason,Stacktrace2++Stacktrace}}
+	    Stacktrace = stacktrace_f(erlang:get_stacktrace()),
+	    {exception,{Class,Reason,Stacktrace}}
     end.
 
 reply({apply,M,F,As}) ->
@@ -116,5 +117,5 @@ demonitor(Mref) ->
 %% Fix stacktrace - keep all above call to this module.
 %%
 stacktrace_f([]) -> [];
-stacktrace_f([{?MODULE,_,_}|_]) -> [];
+stacktrace_f([{?MODULE,_,_,_}|_]) -> [];
 stacktrace_f([F|S]) -> [F|stacktrace_f(S)].
diff --git a/lib/debugger/src/dbg_icmd.erl b/lib/debugger/src/dbg_icmd.erl
index e9502eaa2b..b230efaa7a 100644
--- a/lib/debugger/src/dbg_icmd.erl
+++ b/lib/debugger/src/dbg_icmd.erl
@@ -273,7 +273,7 @@ handle_int_msg({old_code,Mod}, Status, Bs,
 	    erase([Mod|db]),
 	    put(cache, []);
 	true ->
-	    case dbg_ieval:in_use_p(Mod, M) of
+	    case dbg_istk:in_use_p(Mod, M) of
 		true ->
 		    %% A call to Mod is on the stack (or might be),
 		    %% so we must terminate.
@@ -342,11 +342,11 @@ handle_user_msg({set,stack_trace,Flag}, _Status, _Bs, _Ieval) ->
 handle_user_msg({get,bindings,From,SP}, _Status, Bs, _Ieval) ->
     reply(From, bindings, bindings(Bs, SP));
 handle_user_msg({get,stack_frame,From,{Dir,SP}}, _Status, _Bs,_Ieval) ->
-    reply(From, stack_frame, dbg_ieval:stack_frame(Dir, SP));
+    reply(From, stack_frame, dbg_istk:stack_frame(Dir, SP));
 handle_user_msg({get,messages,From,_}, _Status, _Bs, _Ieval) ->
     reply(From, messages, messages());
-handle_user_msg({get,backtrace,From,N}, _Status, _Bs, _Ieval) ->
-    reply(From, backtrace, dbg_ieval:backtrace(N)).
+handle_user_msg({get,backtrace,From,N}, _Status, _Bs, Ieval) ->
+    reply(From, backtrace, dbg_istk:backtrace(N, Ieval)).
 
 set_stack_trace(true) ->
     set_stack_trace(all);
@@ -366,11 +366,11 @@ reply(From, Tag, Reply) ->
 bindings(Bs, nostack) ->
     Bs;
 bindings(Bs, SP) ->
-    case dbg_ieval:stack_level() of
+    case dbg_istk:stack_level() of
 	Le when SP > Le ->
 	    Bs;
 	_ ->
-	    dbg_ieval:bindings(SP)
+	    dbg_istk:bindings(SP)
     end.
 
 messages() ->
@@ -422,7 +422,7 @@ eval_nonrestricted({From, _Mod, Cmd, _SP}, Bs,
 
 eval_nonrestricted_1({match,_,{var,_,Var},Expr}, Bs, Ieval) ->
     {value,Res,Bs2} = 
-	dbg_ieval:eval_expr(Expr, Bs, Ieval#ieval{last_call=false}),
+	dbg_ieval:eval_expr(Expr, Bs, Ieval#ieval{top=false}),
     Bs3 = case lists:keyfind(Var, 1, Bs) of
 	      {Var,_Value} ->
 		  lists:keyreplace(Var, 1, Bs2, {Var,Res});
@@ -437,7 +437,7 @@ eval_nonrestricted_1({var,_,Var}, Bs, _Ieval) ->
     {Res,Bs};
 eval_nonrestricted_1(Expr, Bs, Ieval) ->
     {value,Res,Bs2} = 
-	dbg_ieval:eval_expr(Expr, Bs, Ieval#ieval{last_call=false}),
+	dbg_ieval:eval_expr(Expr, Bs, Ieval#ieval{top=false}),
     {Res,Bs2}.
 
 mark_running(LineNo, Le) ->
diff --git a/lib/debugger/src/dbg_ieval.erl b/lib/debugger/src/dbg_ieval.erl
index 306323f8ea..2e88c35741 100644
--- a/lib/debugger/src/dbg_ieval.erl
+++ b/lib/debugger/src/dbg_ieval.erl
@@ -20,8 +20,7 @@
 
 -export([eval/3,exit_info/5]).
 -export([eval_expr/3]).
--export([check_exit_msg/3,exception/4,in_use_p/2]).
--export([stack_level/0, bindings/1, stack_frame/2, backtrace/1]).
+-export([check_exit_msg/3,exception/4]).
 
 -include("dbg_ieval.hrl").
 
@@ -71,13 +70,12 @@ exit_info(Int, AttPid, OrigPid, Reason, ExitInfo) ->
     
     case ExitInfo of
 	{{Mod,Line},Bs,S} ->
-	    Stack = binary_to_term(S),
-	    put(stack, Stack),
-	    Le = stack_level(Stack),
+	    dbg_istk:from_external(S),
+	    Le = dbg_istk:stack_level(),
 	    dbg_icmd:tell_attached({exit_at, {Mod, Line}, Reason, Le}),
 	    exit_loop(OrigPid, Reason, Bs,#ieval{module=Mod,line=Line});
 	{} ->
-	    put(stack, []),
+	    dbg_istk:init(),
 	    dbg_icmd:tell_attached({exit_at, null, Reason, 1}),
 	    exit_loop(OrigPid, Reason, erl_eval:new_bindings(),#ieval{})
     end.
@@ -142,12 +140,12 @@ check_exit_msg({'DOWN',_,_,_,Reason}, Bs,
 	    undefined when Le =:= 1 -> % died outside interpreted code
 		{};
 	    undefined when Le > 1 ->
-		StackBin = term_to_binary(get(stack)),
-		{{Mod, Li}, Bs, StackBin};
+		StackExternal = (dbg_istk:delayed_to_external())(),
+		{{Mod, Li}, Bs, StackExternal};
 
 	    %% Debugged has terminated due to an exception
-	    ExitInfo0 ->
-		ExitInfo0
+	    ExitInfo0 when is_function(ExitInfo0, 0) ->
+		ExitInfo0()
 	end,
     dbg_iserver:cast(get(int), {set_exit_info,self(),ExitInfo}),
 
@@ -170,30 +168,26 @@ check_exit_msg(_Msg, _Bs, _Ieval) ->
 %% and then raise the exception.
 %%--------------------------------------------------------------------
 exception(Class, Reason, Bs, Ieval) ->
-    exception(Class, Reason, fix_stacktrace(1), Bs, Ieval).
-
-exception(Class, Reason, Stacktrace, Bs, #ieval{module=M, line=Line}) ->
-    ExitInfo = {{M,Line}, Bs, term_to_binary(get(stack))},
+    exception(Class, Reason, Bs, Ieval, false).
+
+exception(Class, Reason, Bs, Ieval, false) ->
+    do_exception(Class, Reason,
+		 dbg_istk:delayed_stacktrace(no_args, Ieval),
+		 Bs, Ieval);
+exception(Class, Reason, Bs, Ieval, true) ->
+    do_exception(Class, Reason,
+		 dbg_istk:delayed_stacktrace(include_args, Ieval),
+		 Bs, Ieval).
+
+do_exception(Class, Reason, Stacktrace, Bs, #ieval{module=M, line=Line}) ->
+    StackFun = dbg_istk:delayed_to_external(),
+    ExitInfo = fun() ->
+		       {{M,Line},Bs,StackFun()}
+	       end,
     put(exit_info, ExitInfo),
     put(stacktrace, Stacktrace),
     erlang:Class(Reason).
 
-%%--------------------------------------------------------------------
-%% in_use_p(Mod, Cm) -> boolean()
-%%   Mod = Cm = atom()
-%% Returns true if Mod is found on the stack, otherwise false.
-%%--------------------------------------------------------------------
-in_use_p(Mod, Mod) -> true;
-in_use_p(Mod, _Cm) ->
-    case get(trace_stack) of
-	false -> true;
-	_ -> %  all | no_tail
-	    lists:any(fun({_,{M,_,_,_}}) when M =:= Mod -> true;
-			 (_) -> false
-		      end,
-		      get(stack))
-    end.
-
 %%====================================================================
 %% Internal functions
 %%====================================================================
@@ -225,7 +219,7 @@ meta(Int, Debugged, M, F, As) ->
     put(cache, []),
     put(next_break, Status), % break | running (other values later)
     put(self, Debugged),     % pid() interpreted process
-    put(stack, []),
+    dbg_istk:init(),
     put(stacktrace, []),
     put(trace_stack, dbg_iserver:call(Int, get_stack_trace)),
     put(trace, false),       % bool() Trace on/off
@@ -243,8 +237,7 @@ meta(Int, Debugged, M, F, As) ->
 
 debugged_cmd(Cmd, Bs, Ieval) ->
     Debugged = get(self),
-    Stacktrace = fix_stacktrace(2),
-    Debugged ! {sys, self(), {command,Cmd,Stacktrace}},
+    Debugged ! {sys, self(), {command,Cmd}},
     meta_loop(Debugged, Bs, Ieval).
 
 meta_loop(Debugged, Bs, #ieval{level=Le} = Ieval) ->
@@ -257,12 +250,17 @@ meta_loop(Debugged, Bs, #ieval{level=Le} = Ieval) ->
 	    {value, Val, Bs};
 	{sys, Debugged, {value,Val,Bs2}} ->
 	    {value, Val, Bs2};
-	{sys, Debugged, {exception,{Class,Reason,Stacktrace}}} ->
+	{sys, Debugged, {exception,{Class,Reason,Stk}}} ->
 	    case get(exit_info) of
 
-		%% Error occured outside interpreted code
+		%% Error occurred outside of interpreted code.
 		undefined ->
-		    exception(Class,Reason,Stacktrace,Bs,Ieval);
+		    MakeStk0 = dbg_istk:delayed_stacktrace(),
+		    MakeStk = fun(Depth0) ->
+				      Depth = max(0, Depth0 - length(Stk)),
+				      Stk ++ MakeStk0(Depth)
+			      end,
+		    do_exception(Class, Reason, MakeStk, Bs, Ieval);
 
 		%% Error must have occured within a re-entry to
 		%% interpreted code, simply raise the exception
@@ -275,7 +273,7 @@ meta_loop(Debugged, Bs, #ieval{level=Le} = Ieval) ->
 	    %% Reset process dictionary
 	    %% This is really only necessary if the process left
 	    %% interpreted code at a call level > 1
-	    put(stack, []),
+	    dbg_istk:init(),
 	    put(stacktrace, []),
 	    put(exit_info, undefined),
 	    
@@ -313,177 +311,6 @@ exit_loop(OrigPid, Reason, Bs, Ieval) ->
 	    exit_loop(OrigPid, Reason, Bs, Ieval)
     end.
 
-%%--Stack emulation---------------------------------------------------
-
-%% We keep track of a call stack that is used for
-%%  1) saving stack frames that can be inspected from an Attached
-%%     Process GUI (using dbg_icmd:get(Meta, stack_frame, {Dir, SP})
-%%  2) generate an approximation of regular stacktrace -- sent to
-%%     Debugged when it should raise an exception or evaluate a
-%%     function (since it might possible raise an exception)
-%%
-%% Stack = [Entry]
-%%   Entry = {Le, {MFA, Where, Bs}}
-%%     Le = int()         % current call level
-%%     MFA = {M,F,Args}   % called function (or fun)
-%%         | {Fun,Args}   %
-%%     Where = {M,Li}     % from where (module+line) function is called
-%%     Bs = bindings()    % current variable bindings
-%%
-%% How to push depends on the "Stack Trace" option (value saved in
-%% process dictionary item 'trace_stack').
-%%   all - everything is pushed
-%%   no_tail - tail recursive push
-%%   false - nothing is pushed
-%% Whenever a function returns, the corresponding call frame is popped.
-
-push(MFA, Bs, #ieval{level=Le,module=Cm,line=Li,last_call=Lc}) ->
-    Entry = {Le, {MFA, {Cm,Li}, Bs}},
-    case get(trace_stack) of
-	false -> ignore;
-	no_tail when Lc ->
-	    case get(stack) of
-		[] -> put(stack, [Entry]);
-		[_Entry|Entries] -> put(stack, [Entry|Entries])
-	    end;
-	_ -> % all | no_tail when Lc =:= false
-	    put(stack, [Entry|get(stack)])
-    end.
-
-pop() ->
-    case get(trace_stack) of
-	false -> ignore;
-	_ -> % all � no_tail
-	    case get(stack) of
-		[_Entry|Entries] ->
-		    put(stack, Entries);
-		[] ->
-		    ignore
-	    end
-    end.
-
-pop(Le) ->
-    case get(trace_stack) of
-	false -> ignore;
-	_ -> % all | no_tail
-	    put(stack, pop(Le, get(stack)))
-    end.
-
-pop(Level, [{Le, _}|Stack]) when Level=<Le ->
-    pop(Level, Stack);
-pop(_Level, Stack) ->
-    Stack.
-
-
-%% stack_level() -> Le
-%% stack_level(Stack) -> Le
-%% Top call level
-stack_level() ->
-    stack_level(get(stack)).
-
-stack_level([]) -> 1;
-stack_level([{Le,_}|_]) -> Le.
-
-%% fix_stacktrace(Start) -> Stacktrace
-%%   Start = 1|2
-%%   Stacktrace = [{M,F,Args|Arity} | {Fun,Args}]
-%% Convert internal stack format to imitation of regular stacktrace.
-%% Max three elements, no repeated (recursive) calls to the same
-%% function and convert argument lists to arity for all but topmost
-%% entry (and funs).
-%% 'Start' indicates where at get(stack) to start. This somewhat ugly
-%% solution is because fix_stacktrace has two uses: 1) to imitate
-%% the stacktrace in the case of an exception in the interpreted code,
-%% in which case the current call (top of the stack = first of the list)
-%% should be included, and 2) to send a current stacktrace to Debugged
-%% when evaluation passes into non-interpreted code, in which case
-%% the current call should NOT be included (as it is Debugged which
-%% will make the actual function call).
-fix_stacktrace(Start) ->
-    case fix_stacktrace2(sublist(get(stack), Start, 3)) of
-	[] ->
-	    [];
-	[H|T] ->
-	    [H|args2arity(T)]
-    end.
-
-sublist([], _Start, _Length) ->
-    []; % workaround, lists:sublist([],2,3) fails
-sublist(L, Start, Length) ->
-    lists:sublist(L, Start, Length).
-
-fix_stacktrace2([{_,{{M,F,As1},_,_}}, {_,{{M,F,As2},_,_}}|_])
-  when length(As1) =:= length(As2) ->
-    [{M,F,As1}];
-fix_stacktrace2([{_,{{Fun,As1},_,_}}, {_,{{Fun,As2},_,_}}|_])
-  when length(As1) =:= length(As2) ->
-    [{Fun,As1}];
-fix_stacktrace2([{_,{MFA,_,_}}|Entries]) ->
-    [MFA|fix_stacktrace2(Entries)];
-fix_stacktrace2([]) ->
-    [].
-
-args2arity([{M,F,As}|Entries]) when is_list(As) ->
-    [{M,F,length(As)}|args2arity(Entries)];
-args2arity([Entry|Entries]) ->
-    [Entry|args2arity(Entries)];
-args2arity([]) ->
-    [].
-
-%% bindings(SP) -> Bs
-%%   SP = Le  % stack pointer
-%% Return the bindings for the specified call level
-bindings(SP) ->
-    bindings(SP, get(stack)).
-
-bindings(SP, [{SP,{_MFA,_Wh,Bs}}|_]) ->
-    Bs;
-bindings(SP, [_Entry|Entries]) ->
-    bindings(SP, Entries);
-bindings(_SP, []) ->
-    erl_eval:new_bindings().
-
-%% stack_frame(Dir, SP) -> {Le, Where, Bs} | top | bottom
-%%   Dir = up | down
-%%   Where = {Cm, Li}
-%%     Cm = Module | undefined  % module
-%%     Li = int()  | -1         % line number
-%%     Bs = bindings()
-%% Return stack frame info one step up/down from given stack pointer
-%%  up = to lower call levels
-%%  down = to higher call levels
-stack_frame(up, SP) ->
-    stack_frame(SP, up, get(stack));
-stack_frame(down, SP) ->
-    stack_frame(SP, down, lists:reverse(get(stack))).
-
-stack_frame(SP, up, [{Le, {_MFA,Where,Bs}}|_]) when Le<SP ->
-    {Le, Where, Bs};
-stack_frame(SP, down, [{Le, {_MFA,Where,Bs}}|_]) when Le>SP ->
-    {Le, Where, Bs};
-stack_frame(SP, Dir, [{SP, _}|Stack]) ->
-    case Stack of
-	[{Le, {_MFA,Where,Bs}}|_] ->
-	    {Le, Where, Bs};
-	[] when Dir =:= up ->
-	    top;
-	[] when Dir =:= down ->
-	    bottom
-    end;
-stack_frame(SP, Dir, [_Entry|Stack]) ->
-    stack_frame(SP, Dir, Stack).
-
-%% backtrace(HowMany) -> Backtrace
-%%   HowMany = all | int()
-%%   Backtrace = {Le, MFA}
-%% Return all/the last N called functions, in reversed call order
-backtrace(HowMany) ->
-    Stack = case HowMany of
-		all -> get(stack);
-		N -> lists:sublist(get(stack), N)
-	    end,
-    [{Le, MFA} || {Le,{MFA,_Wh,_Bs}} <- Stack].
-
 %%--Trace function----------------------------------------------------
 
 %%--------------------------------------------------------------------
@@ -558,7 +385,7 @@ format_args1([]) ->
 
 %% Mimic catch behaviour
 catch_value(error, Reason) ->
-    {'EXIT',{Reason,get(stacktrace)}};
+    {'EXIT',{Reason,get_stacktrace()}};
 catch_value(exit, Reason) ->
     {'EXIT',Reason};
 catch_value(throw, Reason) ->
@@ -570,11 +397,13 @@ catch_value(throw, Reason) ->
 %% Top level function of meta evaluator. 
 %% Return message to be replied to the target process.
 %%--------------------------------------------------------------------
-eval_mfa(Debugged, M, F, As, Ieval) ->
+eval_mfa(Debugged, M, F, As, #ieval{level=Le}=Ieval0) ->
     Int = get(int),
     Bs = erl_eval:new_bindings(),
-    try eval_function(M,F,As,Bs,extern,Ieval#ieval{last_call=true}) of
+    Ieval = Ieval0#ieval{level=Le+1,top=true},
+    try do_eval_function(M, F, As, Bs, extern, Ieval) of
 	{value, Val, _Bs} ->
+	    trace(return, {Le,Val}),
 	    {ready, Val}
     catch
 	exit:{Debugged, Reason} ->
@@ -582,76 +411,68 @@ eval_mfa(Debugged, M, F, As, Ieval) ->
 	exit:{Int, Reason} ->
 	    exit(Reason);
 	Class:Reason ->
-	    {exception, {Class, Reason, get(stacktrace)}}
+	    {exception, {Class, Reason, get_stacktrace()}}
     end.
 
-eval_function(Mod, Fun, As0, Bs0, _Called, Ieval) when is_function(Fun);
-						       Mod =:= ?MODULE,
-						       Fun =:= eval_fun ->
-    #ieval{level=Le, line=Li, last_call=Lc} = Ieval,
+eval_function(Mod, Name, As, Bs, Called, Ieval0, Lc) ->
+    Tail = Lc andalso get(trace_stack) =:= no_tail,
+    case Tail of
+	false ->
+	    Ieval = dbg_istk:push(Bs, Ieval0, Lc),
+	    {value,Val,_} = do_eval_function(Mod, Name, As, Bs, Called, Ieval),
+	    dbg_istk:pop(),
+	    trace(return, {Ieval#ieval.level,Val}),
+	    {value,Val,Bs};
+	true ->
+	    do_eval_function(Mod, Name, As, Bs, Called, Ieval0)
+    end.
+
+do_eval_function(Mod, Fun, As0, Bs0, _, Ieval0) when is_function(Fun);
+						    Mod =:= ?MODULE,
+						    Fun =:= eval_fun ->
+    #ieval{level=Le,line=Li,top=Top} = Ieval0,
     case lambda(Fun, As0) of
-	{Cs,Module,Name,As,Bs} ->
-	    push({Module,Name,As}, Bs0, Ieval),
+	{[{clause,Fc,_,_,_}|_]=Cs,Module,Name,As,Bs} ->
+	    Ieval = Ieval0#ieval{module=Module,function=Name,
+				 arguments=As0,line=Fc},
 	    trace(call_fun, {Le,Li,Name,As}),
-	    {value, Val, _Bs} =
-		fnk_clauses(Cs, Module, Name, As, Bs,
-			    Ieval#ieval{level=Le+1}),
-	    pop(),
-	    trace(return, {Le,Val}),
-	    {value, Val, Bs0};
+	    fnk_clauses(Cs, As, Bs, Ieval);
 
-	not_interpreted when Lc -> % We are leaving interpreted code
+	not_interpreted when Top -> % We are leaving interpreted code
 	    trace(call_fun, {Le,Li,Fun,As0}),
 	    {value, {dbg_apply,erlang,apply,[Fun,As0]}, Bs0};
 	not_interpreted ->
-	    push({Fun,As0}, Bs0, Ieval),
 	    trace(call_fun, {Le,Li,Fun,As0}),
-	    {value, Val, _Bs} =
-		debugged_cmd({apply,erlang,apply,[Fun,As0]},Bs0,
-			     Ieval#ieval{level=Le+1}),
-	    pop(),
-	    trace(return, {Le,Val}),
-	    {value, Val, Bs0};
+	    debugged_cmd({apply,erlang,apply,[Fun,As0]}, Bs0, Ieval0);
 
 	{error,Reason} ->
 	    %% It's ok not to push anything in this case, the error
 	    %% reason contains information about the culprit
 	    %% ({badarity,{{Mod,Name},As}})
-	    exception(error, Reason, Bs0, Ieval)
+	    exception(error, Reason, Bs0, Ieval0)
     end;
 
 %% Common Test adaptation
-eval_function(ct_line, line, As, Bs, extern, #ieval{level=Le}=Ieval) ->
+do_eval_function(ct_line, line, As, Bs, extern, #ieval{level=Le}=Ieval) ->
     debugged_cmd({apply,ct_line,line,As}, Bs, Ieval#ieval{level=Le+1}),
     {value, ignore, Bs};
 
-eval_function(Mod, Name, As0, Bs0, Called, Ieval) ->
-    #ieval{level=Le, line=Li, last_call=Lc} = Ieval,
-
-    push({Mod,Name,As0}, Bs0, Ieval),
+do_eval_function(Mod, Name, As0, Bs0, Called, Ieval0) ->
+    #ieval{level=Le,line=Li,top=Top} = Ieval0,
     trace(call, {Called, {Le,Li,Mod,Name,As0}}),
-
+    Ieval = Ieval0#ieval{module=Mod,function=Name,arguments=As0},
     case get_function(Mod, Name, As0, Called) of
-	Cs when is_list(Cs) ->
-	    {value, Val, _Bs} =
-		fnk_clauses(Cs, Mod, Name, As0, erl_eval:new_bindings(),
-			    Ieval#ieval{level=Le+1}),
-	    pop(),
-	    trace(return, {Le,Val}),
-	    {value, Val, Bs0};
+	[{clause,FcLine,_,_,_}|_]=Cs ->
+	    fnk_clauses(Cs, As0, erl_eval:new_bindings(),
+			Ieval#ieval{line=FcLine});
 
-	not_interpreted when Lc -> % We are leaving interpreted code
+	not_interpreted when Top -> % We are leaving interpreted code
 	    {value, {dbg_apply,Mod,Name,As0}, Bs0};
 	not_interpreted ->
-	    {value, Val, _Bs} =
-		debugged_cmd({apply,Mod,Name,As0}, Bs0,
-			     Ieval#ieval{level=Le+1}),
-	    pop(),
-	    trace(return, {Le,Val}),
-	    {value, Val, Bs0};
+	    debugged_cmd({apply,Mod,Name,As0}, Bs0, Ieval);
 
 	undef ->
-	    exception(error, undef, Bs0, Ieval)
+	    exception(error, undef, Bs0, Ieval, true)
     end.
 
 lambda(eval_fun, [Cs,As,Bs,{Mod,Name}=F]) ->
@@ -752,23 +573,21 @@ cached(Key) ->
 
 %% Try to find a matching function clause
 %% #ieval.level is set, the other fields must be set in this function
-fnk_clauses([{clause,Line,Pars,Gs,Body}|Cs], M, F, As, Bs0, Ieval) ->
+fnk_clauses([{clause,Line,Pars,Gs,Body}|Cs], As, Bs0, Ieval) ->
     case head_match(Pars, As, [], Bs0) of
 	{match,Bs1} ->
 	    Bs = add_bindings(Bs1, Bs0),
 	    case guard(Gs, Bs) of
 		true ->
-		    seq(Body, Bs,
-			Ieval#ieval{line=Line,
-				    module=M,function=F,arguments=As});
+		    seq(Body, Bs, Ieval#ieval{line=Line});
 		false ->
-		    fnk_clauses(Cs, M, F, As, Bs0, Ieval)
+		    fnk_clauses(Cs, As, Bs0, Ieval)
 	    end;
 	nomatch ->
-	    fnk_clauses(Cs, M, F, As, Bs0, Ieval)
+	    fnk_clauses(Cs, As, Bs0, Ieval)
     end;
-fnk_clauses([], _M, _F, _As, Bs, Ieval) ->
-    exception(error, function_clause, Bs, Ieval).
+fnk_clauses([], _As, Bs, Ieval) ->
+    exception(error, function_clause, Bs, Ieval, true).
 
 seq([E], Bs0, Ieval) ->
     case dbg_icmd:cmd(E, Bs0, Ieval) of
@@ -782,7 +601,7 @@ seq([E|Es], Bs0, Ieval) ->
 	{skip,Bs} ->
 	    seq(Es, Bs, Ieval);
 	Bs1 ->
-	    {value,_,Bs} = expr(E, Bs1, Ieval#ieval{last_call=false}),
+	    {value,_,Bs} = expr(E, Bs1, Ieval#ieval{top=false}),
 	    seq(Es, Bs, Ieval)
     end;
 seq([], Bs, _) ->
@@ -804,10 +623,9 @@ expr({value,Val}, Bs, _Ieval) -> % Special case straight values
 
 %% List
 expr({cons,Line,H0,T0}, Bs0, Ieval0) ->
-    Ieval = Ieval0#ieval{line=Line},
-    Ieval1 = Ieval#ieval{last_call=false},
-    {value,H,Bs1} = expr(H0,Bs0,Ieval1),
-    {value,T,Bs2} = expr(T0,Bs0,Ieval1),
+    Ieval = Ieval0#ieval{line=Line,top=false},
+    {value,H,Bs1} = expr(H0, Bs0, Ieval),
+    {value,T,Bs2} = expr(T0, Bs0, Ieval),
     {value,[H|T],merge_bindings(Bs2, Bs1, Ieval)};
 
 %% Tuple
@@ -821,12 +639,12 @@ expr({block,Line,Es},Bs,Ieval) ->
 
 %% Catch statement
 expr({'catch',Line,Expr}, Bs0, Ieval) ->
-    try expr(Expr, Bs0, Ieval#ieval{line=Line, last_call=false})
+    try expr(Expr, Bs0, Ieval#ieval{line=Line, top=false})
     catch
 	Class:Reason ->
 	    %% Exception caught, reset exit info
 	    put(exit_info, undefined),
-	    pop(Ieval#ieval.level),
+	    dbg_istk:pop(Ieval#ieval.level),
 	    Value = catch_value(Class, Reason),
 	    trace(return, {Ieval#ieval.level,Value}),
 	    {value, Value, Bs0}
@@ -835,7 +653,7 @@ expr({'catch',Line,Expr}, Bs0, Ieval) ->
 %% Try-catch statement
 expr({'try',Line,Es,CaseCs,CatchCs,[]}, Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    try seq(Es, Bs0, Ieval#ieval{last_call=false}) of
+    try seq(Es, Bs0, Ieval#ieval{top=false}) of
 	{value,Val,Bs} = Value ->
 	    case CaseCs of
 		[] -> Value;
@@ -848,7 +666,7 @@ expr({'try',Line,Es,CaseCs,CatchCs,[]}, Bs0, Ieval0) ->
     end;
 expr({'try',Line,Es,CaseCs,CatchCs,As}, Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    try seq(Es, Bs0, Ieval#ieval{last_call=false}) of
+    try seq(Es, Bs0, Ieval#ieval{top=false}) of
 	{value,Val,Bs} = Value ->
 	    case CaseCs of
 		[] -> Value;
@@ -859,13 +677,13 @@ expr({'try',Line,Es,CaseCs,CatchCs,As}, Bs0, Ieval0) ->
 	Class:Reason when CatchCs =/= [] ->
 	    catch_clauses({Class,Reason,[]}, CatchCs, Bs0, Ieval)
     after
-            seq(As, Bs0, Ieval#ieval{last_call=false})
+            seq(As, Bs0, Ieval#ieval{top=false})
     end;
 
 %% Case statement
 expr({'case',Line,E,Cs}, Bs0, Ieval) ->
     {value,Val,Bs} =
-	expr(E, Bs0, Ieval#ieval{line=Line, last_call=false}),
+	expr(E, Bs0, Ieval#ieval{line=Line, top=false}),
     case_clauses(Val, Cs, Bs, case_clause, Ieval#ieval{line=Line});
 
 %% If statement
@@ -874,20 +692,20 @@ expr({'if',Line,Cs}, Bs, Ieval) ->
 
 %% Andalso/orelse
 expr({'andalso',Line,E1,E2}, Bs, Ieval) ->
-    case expr(E1, Bs, Ieval#ieval{line=Line, last_call=false}) of
+    case expr(E1, Bs, Ieval#ieval{line=Line, top=false}) of
 	{value,false,_}=Res ->
 	    Res;
 	{value,true,_} -> 
-	    expr(E2, Bs, Ieval#ieval{line=Line, last_call=false});
+	    expr(E2, Bs, Ieval#ieval{line=Line, top=false});
 	{value,Val,Bs} ->
 	    exception(error, {badarg,Val}, Bs, Ieval)
     end;
 expr({'orelse',Line,E1,E2}, Bs, Ieval) ->
-    case expr(E1, Bs, Ieval#ieval{line=Line, last_call=false}) of
+    case expr(E1, Bs, Ieval#ieval{line=Line, top=false}) of
 	{value,true,_}=Res ->
 	    Res;
 	{value,false,_} ->
-	    expr(E2, Bs, Ieval#ieval{line=Line, last_call=false});
+	    expr(E2, Bs, Ieval#ieval{line=Line, top=false});
 	{value,Val,_} ->
 	    exception(error, {badarg,Val}, Bs, Ieval)
     end;
@@ -895,7 +713,7 @@ expr({'orelse',Line,E1,E2}, Bs, Ieval) ->
 %% Matching expression
 expr({match,Line,Lhs,Rhs0}, Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    {value,Rhs,Bs1} = expr(Rhs0, Bs0, Ieval#ieval{last_call=false}),
+    {value,Rhs,Bs1} = expr(Rhs0, Bs0, Ieval#ieval{top=false}),
     case match(Lhs, Rhs, Bs1) of
 	{match,Bs} ->
 	    {value,Rhs,Bs};
@@ -950,22 +768,37 @@ expr({make_fun,Line,Name,Cs}, Bs, #ieval{module=Module}=Ieval) ->
 	end,
     {value,Fun,Bs};
 
+%% Construct an external fun.
+expr({make_ext_fun,Line,MFA0}, Bs0, Ieval0) ->
+    {[M,F,A],Bs} = eval_list(MFA0, Bs0, Ieval0),
+    try erlang:make_fun(M, F, A) of
+	Value ->
+	    {value,Value,Bs}
+    catch
+	error:badarg ->
+	    Ieval1 = Ieval0#ieval{line=Line},
+	    Ieval2 = dbg_istk:push(Bs0, Ieval1, false),
+	    Ieval = Ieval2#ieval{module=erlang,function=make_fun,
+				 arguments=[M,F,A],line=-1},
+	    exception(error, badarg, Bs, Ieval, true)
+    end;
+
 %% Common test adaptation
-expr({call_remote,0,ct_line,line,As0}, Bs0, Ieval0) ->
+expr({call_remote,0,ct_line,line,As0,Lc}, Bs0, Ieval0) ->
     {As,_Bs} = eval_list(As0, Bs0, Ieval0),
-    eval_function(ct_line, line, As, Bs0, extern, Ieval0);
+    eval_function(ct_line, line, As, Bs0, extern, Ieval0, Lc);
 
 %% Local function call
-expr({local_call,Line,F,As0}, Bs0, #ieval{module=M} = Ieval0) ->
+expr({local_call,Line,F,As0,Lc}, Bs0, #ieval{module=M} = Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
     {As,Bs} = eval_list(As0, Bs0, Ieval),
-    eval_function(M, F, As, Bs, local, Ieval);
+    eval_function(M, F, As, Bs, local, Ieval, Lc);
 
 %% Remote function call
-expr({call_remote,Line,M,F,As0}, Bs0, Ieval0) ->
+expr({call_remote,Line,M,F,As0,Lc}, Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
     {As,Bs} = eval_list(As0, Bs0, Ieval),
-    eval_function(M, F, As, Bs, extern, Ieval);
+    eval_function(M, F, As, Bs, extern, Ieval, Lc);
 
 %% Emulated semantics of some BIFs
 expr({dbg,Line,self,[]}, Bs, #ieval{level=Le}) ->
@@ -975,9 +808,28 @@ expr({dbg,Line,self,[]}, Bs, #ieval{level=Le}) ->
     {value,Self,Bs};
 expr({dbg,Line,get_stacktrace,[]}, Bs, #ieval{level=Le}) ->
     trace(bif, {Le,Line,erlang,get_stacktrace,[]}),
-    Stacktrace = get(stacktrace),
+    Stacktrace = get_stacktrace(),
     trace(return, {Le,Stacktrace}),
     {value,Stacktrace,Bs};
+expr({dbg,Line,raise,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
+    %% Since erlang:get_stacktrace/0 is emulated, we will
+    %% need to emulate erlang:raise/3 too so that we can
+    %% capture the stacktrace.
+    Ieval = Ieval0#ieval{line=Line},
+    {[Class,Reason,Stk0]=As,Bs} = eval_list(As0, Bs0, Ieval),
+    trace(bif, {Le,Line,erlang,raise,As}),
+    try
+	%% Evaluate raise/3 for error checking and
+	%% truncating of the stacktrace to the correct depth.
+	Error = erlang:raise(Class, Reason, Stk0),
+	trace(return, {Le,Error}),
+	{value,Error,Bs}
+    catch
+	_:_ ->
+	    Stk = erlang:get_stacktrace(),	%Possibly truncated.
+	    StkFun = fun(_) -> Stk end,
+	    do_exception(Class, Reason, StkFun, Bs, Ieval)
+    end;
 expr({dbg,Line,throw,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
     {[Term],Bs} = eval_list(As0, Bs0, Ieval),
@@ -988,11 +840,6 @@ expr({dbg,Line,error,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
     {[Term],Bs} = eval_list(As0, Bs0, Ieval),
     trace(bif, {Le,Line,erlang,error,[Term]}),
     exception(error, Term, Bs, Ieval);
-expr({dbg,Line,fault,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
-    Ieval = Ieval0#ieval{line=Line},
-    {[Term],Bs} = eval_list(As0, Bs0, Ieval),
-    trace(bif, {Le,Line,erlang,fault,[Term]}),
-    exception(fault, Term, Bs, Ieval);
 expr({dbg,Line,exit,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
     {[Term],Bs} = eval_list(As0, Bs0, Ieval),
@@ -1001,36 +848,26 @@ expr({dbg,Line,exit,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
 
 %% Call to "safe" BIF, ie a BIF that can be executed in Meta process
 expr({safe_bif,Line,M,F,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
-    Ieval = Ieval0#ieval{line=Line},
-    {As,Bs} = eval_list(As0, Bs0, Ieval),
+    Ieval1 = Ieval0#ieval{line=Line},
+    {As,Bs} = eval_list(As0, Bs0, Ieval1),
     trace(bif, {Le,Line,M,F,As}),
-    push({M,F,As}, Bs0, Ieval),
+    Ieval2 = dbg_istk:push(Bs0, Ieval1, false),
+    Ieval = Ieval2#ieval{module=M,function=F,arguments=As,line=-1},
     {_,Value,_} = Res = safe_bif(M, F, As, Bs, Ieval),
     trace(return, {Le,Value}),
-    pop(),
+    dbg_istk:pop(),
     Res;
 
 %% Call to a BIF that must be evaluated in the correct process
 expr({bif,Line,M,F,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
-    Ieval = Ieval0#ieval{line=Line},
-    {As,Bs} = eval_list(As0, Bs0, Ieval),
+    Ieval1 = Ieval0#ieval{line=Line},
+    {As,Bs} = eval_list(As0, Bs0, Ieval1),
     trace(bif, {Le,Line,M,F,As}),
-    push({M,F,As}, Bs0, Ieval),
-    {_,Value,_} =
-	Res = debugged_cmd({apply,M,F,As}, Bs, Ieval#ieval{level=Le+1}),
+    Ieval2 = dbg_istk:push(Bs0, Ieval1, false),
+    Ieval = Ieval2#ieval{module=M,function=F,arguments=As,line=-1},
+    {_,Value,_} = Res = debugged_cmd({apply,M,F,As}, Bs, Ieval),
     trace(return, {Le,Value}),
-    pop(),
-    Res;
-
-%% Call to a BIF that spawns a new process
-expr({spawn_bif,Line,M,F,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
-    Ieval = Ieval0#ieval{line=Line},
-    {As,Bs} = eval_list(As0, Bs0, Ieval),
-    trace(bif, {Le,Line,M,F,As}),
-    push({M,F,As}, Bs0, Ieval),
-    Res = debugged_cmd({apply,M,F,As}, Bs,Ieval#ieval{level=Le+1}),
-    trace(return, {Le,Res}),
-    pop(),
+    dbg_istk:pop(),
     Res;
 
 %% Call to an operation
@@ -1046,7 +883,7 @@ expr({op,Line,Op,As0}, Bs0, Ieval0) ->
     end;
 
 %% apply/2 (fun)
-expr({apply_fun,Line,Fun0,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
+expr({apply_fun,Line,Fun0,As0,Lc}, Bs0, #ieval{level=Le}=Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
     FunValue = case expr(Fun0, Bs0, Ieval) of
 		   {value,{dbg_apply,Mx,Fx,Asx},Bsx} ->
@@ -1058,31 +895,20 @@ expr({apply_fun,Line,Fun0,As0}, Bs0, #ieval{level=Le}=Ieval0) ->
     case FunValue of
 	{value,Fun,Bs1} when is_function(Fun) ->
 	    {As,Bs} = eval_list(As0, Bs1, Ieval),
-	    eval_function(undefined, Fun, As, Bs, extern, Ieval);
+	    eval_function(undefined, Fun, As, Bs, extern, Ieval, Lc);
 	{value,{M,F},Bs1} when is_atom(M), is_atom(F) ->
 	    {As,Bs} = eval_list(As0, Bs1, Ieval),
-	    eval_function(M, F, As, Bs, extern, Ieval);
+	    eval_function(M, F, As, Bs, extern, Ieval, Lc);
 	{value,BadFun,Bs1} ->
 	    exception(error, {badfun,BadFun}, Bs1, Ieval)
     end;
 
 %% apply/3
-expr({apply,Line,As0}, Bs0, Ieval0) ->
+expr({apply,Line,As0,Lc}, Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
     {[M,F,As],Bs} = eval_list(As0, Bs0, Ieval),
-    eval_function(M, F, As, Bs, extern, Ieval);
+    eval_function(M, F, As, Bs, extern, Ieval, Lc);
     
-%% Mod:module_info/0,1
-expr({module_info_0,_,Mod}, Bs, _Ieval) ->
-    {value,[{compile,module_info(Mod,compile)},
-	    {attributes,module_info(Mod,attributes)},
-	    {imports,module_info(Mod,imports)},
-	    {exports,module_info(Mod,exports)}],Bs};
-expr({module_info_1,Line,Mod,[As0]}, Bs0, Ieval0) ->
-    Ieval = Ieval0#ieval{line=Line},
-    {value,What,Bs} = expr(As0, Bs0, Ieval),
-    {value,module_info(Mod, What),Bs};
-
 %% Receive statement
 expr({'receive',Line,Cs}, Bs0, #ieval{level=Le}=Ieval) ->
     trace(receivex, {Le,false}),
@@ -1091,7 +917,7 @@ expr({'receive',Line,Cs}, Bs0, #ieval{level=Le}=Ieval) ->
 %% Receive..after statement
 expr({'receive',Line,Cs,To,ToExprs}, Bs0, #ieval{level=Le}=Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    {value,ToVal,ToBs} = expr(To, Bs0, Ieval#ieval{last_call=false}),
+    {value,ToVal,ToBs} = expr(To, Bs0, Ieval#ieval{top=false}),
     trace(receivex, {Le,true}),
     check_timeoutvalue(ToVal, ToBs, To, Ieval),
     {Stamp,_} = statistics(wall_clock),
@@ -1101,7 +927,7 @@ expr({'receive',Line,Cs,To,ToExprs}, Bs0, #ieval{level=Le}=Ieval0) ->
 %% Send (!)
 expr({send,Line,To0,Msg0}, Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    Ieval1 = Ieval#ieval{last_call=false},
+    Ieval1 = Ieval#ieval{top=false},
     {value,To,Bs1} = expr(To0, Bs0, Ieval1),
     {value,Msg,Bs2} = expr(Msg0, Bs0, Ieval1),
     Bs = merge_bindings(Bs2, Bs1, Ieval),
@@ -1110,10 +936,15 @@ expr({send,Line,To0,Msg0}, Bs0, Ieval0) ->
 %% Binary
 expr({bin,Line,Fs}, Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    eval_bits:expr_grp(Fs, Bs0,
-		       fun (E, B) -> expr(E, B, Ieval) end,
-		       [],
-		       false);
+    try
+	eval_bits:expr_grp(Fs, Bs0,
+			   fun (E, B) -> expr(E, B, Ieval) end,
+			   [],
+			   false)
+    catch
+	Class:Reason ->
+	    exception(Class, Reason, Bs0, Ieval)
+    end;
 
 %% List comprehension
 expr({lc,_Line,E,Qs}, Bs, Ieval) ->
@@ -1138,12 +969,12 @@ eval_lc(E, Qs, Bs, Ieval) ->
 
 eval_lc1(E, [{generate,Line,P,L0}|Qs], Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    {value,L1,Bs1} = expr(L0, Bs0, Ieval#ieval{last_call=false}),
+    {value,L1,Bs1} = expr(L0, Bs0, Ieval#ieval{top=false}),
     CompFun = fun(NewBs) -> eval_lc1(E, Qs, NewBs, Ieval) end,
     eval_generate(L1, P, Bs1, CompFun, Ieval);
 eval_lc1(E, [{b_generate,Line,P,L0}|Qs], Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    {value,Bin,_} = expr(L0, Bs0, Ieval#ieval{last_call=false}),
+    {value,Bin,_} = expr(L0, Bs0, Ieval#ieval{top=false}),
     CompFun = fun(NewBs) -> eval_lc1(E, Qs, NewBs, Ieval) end,
     eval_b_generate(Bin, P, Bs0, CompFun, Ieval);
 eval_lc1(E, [{guard,Q}|Qs], Bs0, Ieval) ->
@@ -1152,13 +983,13 @@ eval_lc1(E, [{guard,Q}|Qs], Bs0, Ieval) ->
 	false -> []
     end;
 eval_lc1(E, [Q|Qs], Bs0, Ieval) ->
-    case expr(Q, Bs0, Ieval#ieval{last_call=false}) of
+    case expr(Q, Bs0, Ieval#ieval{top=false}) of
 	{value,true,Bs} -> eval_lc1(E, Qs, Bs, Ieval);
 	{value,false,_Bs} -> [];
 	{value,V,Bs} -> exception(error, {bad_filter,V}, Bs, Ieval)
     end;
 eval_lc1(E, [], Bs, Ieval) ->
-    {value,V,_} = expr(E, Bs, Ieval#ieval{last_call=false}),
+    {value,V,_} = expr(E, Bs, Ieval#ieval{top=false}),
     [V].
 
 %% eval_bc(Expr,[Qualifier],Bindings,IevalState) ->
@@ -1171,12 +1002,12 @@ eval_bc(E, Qs, Bs, Ieval) ->
 
 eval_bc1(E, [{generate,Line,P,L0}|Qs], Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    {value,L1,Bs1} = expr(L0, Bs0, Ieval#ieval{last_call=false}),
+    {value,L1,Bs1} = expr(L0, Bs0, Ieval#ieval{top=false}),
     CompFun = fun(NewBs) -> eval_bc1(E, Qs, NewBs, Ieval) end,
     eval_generate(L1, P, Bs1, CompFun, Ieval);
 eval_bc1(E, [{b_generate,Line,P,L0}|Qs], Bs0, Ieval0) ->
     Ieval = Ieval0#ieval{line=Line},
-    {value,Bin,_} = expr(L0, Bs0, Ieval#ieval{last_call=false}),
+    {value,Bin,_} = expr(L0, Bs0, Ieval#ieval{top=false}),
     CompFun = fun(NewBs) -> eval_bc1(E, Qs, NewBs, Ieval) end,
     eval_b_generate(Bin, P, Bs0, CompFun, Ieval);
 eval_bc1(E, [{guard,Q}|Qs], Bs0, Ieval) ->
@@ -1185,13 +1016,13 @@ eval_bc1(E, [{guard,Q}|Qs], Bs0, Ieval) ->
 	false -> []
     end;
 eval_bc1(E, [Q|Qs], Bs0, Ieval) ->
-    case expr(Q, Bs0, Ieval#ieval{last_call=false}) of
+    case expr(Q, Bs0, Ieval#ieval{top=false}) of
 	{value,true,Bs} -> eval_bc1(E, Qs, Bs, Ieval);
 	{value,false,_Bs} -> [];
 	{value,V,Bs} -> exception(error, {bad_filter,V}, Bs, Ieval)
     end;
 eval_bc1(E, [], Bs, Ieval) ->
-    {value,V,_} = expr(E, Bs, Ieval#ieval{last_call=false}),
+    {value,V,_} = expr(E, Bs, Ieval#ieval{top=false}),
     [V].
 
 eval_generate([V|Rest], P, Bs0, CompFun, Ieval) ->
@@ -1208,7 +1039,7 @@ eval_generate(Term, _P, Bs, _CompFun, Ieval) ->
     exception(error, {bad_generator,Term}, Bs, Ieval).
 
 eval_b_generate(<<_/bitstring>>=Bin, P, Bs0, CompFun, Ieval) ->
-    Mfun = fun(L, R, Bs) -> match1(L, R, Bs, Bs0) end,
+    Mfun = match_fun(Bs0),
     Efun = fun(Exp, Bs) -> expr(Exp, Bs, #ieval{}) end,
     case eval_bits:bin_gen(P, Bin, erl_eval:new_bindings(), Bs0, Mfun, Efun) of
 	{match,Rest,Bs1} ->
@@ -1222,24 +1053,13 @@ eval_b_generate(<<_/bitstring>>=Bin, P, Bs0, CompFun, Ieval) ->
 eval_b_generate(Term, _P, Bs, _CompFun, Ieval) ->
     exception(error, {bad_generator,Term}, Bs, Ieval).
 
-module_info(Mod, module) -> Mod;
-module_info(_Mod, compile) -> [];
-module_info(Mod, attributes) ->
-    {ok, Attr} = dbg_iserver:call(get(int), {lookup, Mod, attributes}),
-    Attr;
-module_info(_Mod, imports) -> [];
-module_info(Mod, exports) ->
-    {ok, Exp} = dbg_iserver:call(get(int), {lookup, Mod, exports}),
-    Exp;
-module_info(_Mod, functions) -> [].
-
 safe_bif(M, F, As, Bs, Ieval) ->
     try apply(M, F, As) of
        	Value ->
 	    {value,Value,Bs}
     catch
 	Class:Reason ->
-	    exception(Class, Reason, Bs, Ieval)
+	    exception(Class, Reason, Bs, Ieval, true)
     end.
 
 eval_send(To, Msg, Bs, Ieval) ->
@@ -1408,12 +1228,12 @@ flush_traces(Debugged) ->
 %% eval_list(ExpressionList, Bindings, Ieval)
 %%  Evaluate a list of expressions "in parallel" at the same level.
 eval_list(Es, Bs, Ieval) ->
-    eval_list(Es, [], Bs, Bs, Ieval).
+    eval_list_1(Es, [], Bs, Bs, Ieval#ieval{top=false}).
 
-eval_list([E|Es], Vs, BsOrig, Bs0, Ieval) ->
-    {value,V,Bs1} = expr(E, BsOrig, Ieval#ieval{last_call=false}),
-    eval_list(Es, [V|Vs], BsOrig, merge_bindings(Bs1,Bs0,Ieval), Ieval);
-eval_list([], Vs, _, Bs, _Ieval) ->
+eval_list_1([E|Es], Vs, BsOrig, Bs0, Ieval) ->
+    {value,V,Bs1} = expr(E, BsOrig, Ieval),
+    eval_list_1(Es, [V|Vs], BsOrig, merge_bindings(Bs1, Bs0, Ieval), Ieval);
+eval_list_1([], Vs, _, Bs, _Ieval) ->
     {lists:reverse(Vs,[]),Bs}.
 
 %% if_clauses(Clauses, Bindings, Ieval)
@@ -1453,7 +1273,7 @@ catch_clauses(Exception, [{clause,_,[P],G,B}|CatchCs], Bs0, Ieval) ->
 		true ->
 		    %% Exception caught, reset exit info
 		    put(exit_info, undefined),
-		    pop(Ieval#ieval.level),
+		    dbg_istk:pop(Ieval#ieval.level),
 		    seq(B, Bs, Ieval);
 		false ->
 		    catch_clauses(Exception, CatchCs, Bs0, Ieval)
@@ -1588,11 +1408,9 @@ match1({cons,_,H,T}, [H1|T1], Bs0, BBs) ->
 match1({tuple,_,Elts}, Tuple, Bs, BBs) 
   when length(Elts) =:= tuple_size(Tuple) ->
     match_tuple(Elts, Tuple, 1, Bs, BBs);
-match1({bin,_,Fs}, B, Bs0, BBs0) when is_bitstring(B) ->
-    Bs1 = lists:sort(Bs0),  %Kludge.
-    BBs = lists:sort(BBs0),
-    try eval_bits:match_bits(Fs, B, Bs1, BBs,
-			     fun(L, R, Bs) -> match1(L, R, Bs, BBs) end,
+match1({bin,_,Fs}, B, Bs0, BBs) when is_bitstring(B) ->
+    try eval_bits:match_bits(Fs, B, Bs0, BBs,
+			     match_fun(BBs),
 			     fun(E, Bs) -> expr(E, Bs, #ieval{}) end,
 			     false)
     catch
@@ -1601,6 +1419,12 @@ match1({bin,_,Fs}, B, Bs0, BBs0) when is_bitstring(B) ->
 match1(_,_,_,_) ->
     throw(nomatch).
 
+match_fun(BBs) ->
+    fun(match, {L,R,Bs}) -> match1(L, R, Bs, BBs);
+       (binding, {Name,Bs}) -> binding(Name, Bs);
+       (add_binding, {Name,Val,Bs}) -> add_binding(Name, Val, Bs)
+    end.
+
 match_tuple([E|Es], Tuple, I, Bs0, BBs) ->
     {match,Bs} = match1(E, element(I, Tuple), Bs0, BBs),
     match_tuple(Es, Tuple, I+1, Bs, BBs);
@@ -1731,3 +1555,19 @@ add_binding(N,Val,[B1|Bs]) ->
     [B1|add_binding(N,Val,Bs)];
 add_binding(N,Val,[]) ->
     [{N,Val}].
+
+%% get_stacktrace() -> Stacktrace
+%%  Return the latest stacktrace for the process.
+get_stacktrace() ->
+    case get(stacktrace) of
+	MakeStk when is_function(MakeStk, 1) ->
+	    %% The stacktrace has not been constructed before.
+	    %% Construct it and remember the result.
+	    Depth = erlang:system_flag(backtrace_depth, 8),
+	    erlang:system_flag(backtrace_depth, Depth),
+	    Stk = MakeStk(Depth),
+	    put(stacktrace, Stk),
+	    Stk;
+	Stk when is_list(Stk) ->
+	    Stk
+    end.
diff --git a/lib/debugger/src/dbg_ieval.hrl b/lib/debugger/src/dbg_ieval.hrl
index a344748f48..1abf39d247 100644
--- a/lib/debugger/src/dbg_ieval.hrl
+++ b/lib/debugger/src/dbg_ieval.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,8 @@
 		module,           % MFA which called the currently
 		function,         %  interpreted function
 		arguments,        %
-		last_call = false % True if current expression is
-	       }).                % the VERY last to be evaluated
-                                  % (ie at all, not only in a clause)
+
+		%% True if the current expression is at the top level
+		%% (i.e. the next call will leave interpreted code).
+		top = false
+	       }).
diff --git a/lib/debugger/src/dbg_iload.erl b/lib/debugger/src/dbg_iload.erl
index 2ae0c333da..3c95ef8068 100644
--- a/lib/debugger/src/dbg_iload.erl
+++ b/lib/debugger/src/dbg_iload.erl
@@ -62,22 +62,23 @@ load_mod1(Mod, File, Binary, Db) ->
 store_module(Mod, File, Binary, Db) ->
     {interpreter_module, Exp, Abst, Src, MD5} = binary_to_term(Binary),
     Forms = case abstr(Abst) of
-		{abstract_v1,Forms0} -> Forms0;
-		{abstract_v2,Forms0} -> Forms0;
+		{abstract_v1,_} ->
+		    exit({Mod,too_old_beam_file});
+		{abstract_v2,_} ->
+		    exit({Mod,too_old_beam_file});
 		{raw_abstract_v1,Code0} ->
                     Code = interpret_file_attribute(Code0),
 		    {_,_,Forms0,_} = sys_pre_expand:module(Code, []),
 		    Forms0
 	    end,
     dbg_idb:insert(Db, mod_file, File),
-    dbg_idb:insert(Db, exports, Exp),
     dbg_idb:insert(Db, defs, []),
 
     put(vcount, 0),
     put(fun_count, 0),
     put(funs, []),
     put(mod_md5, MD5),
-    Attr = store_forms(Forms, Mod, Db, Exp, []),
+    store_forms(Forms, Mod, Db, Exp),
     erase(mod_md5),
     erase(current_function),
     %% store_funs(Db, Mod),
@@ -85,11 +86,10 @@ store_module(Mod, File, Binary, Db) ->
     erase(funs),
     erase(fun_count),
     
-    dbg_idb:insert(Db, attributes, Attr),
     NewBinary = store_mod_line_no(Mod, Db, binary_to_list(Src)),
     dbg_idb:insert(Db, mod_bin, NewBinary),
-    dbg_idb:insert(Db, mod_raw, <<Src/binary,0:8>>), %% Add eos
-    dbg_idb:insert(Db, module, Mod).
+    dbg_idb:insert(Db, mod_raw, <<Src/binary,0:8>>). %% Add eos
+
 %% Adjust line numbers using the file/2 attribute. 
 %% Also take the absolute value of line numbers.
 %% This simple fix will make the marker point at the correct line
@@ -111,27 +111,19 @@ abstr(Term) -> Term.
 %     store_funs_1(Fs, Db, Mod);
 % store_funs_1([], _, _) -> ok.
 
-store_forms([{function,_,module_info,0,_}|Fs], Mod, Db, Exp, Attr) ->
-    Cs = [{clause,0,[],[], [{module_info_0,0,Mod}]}],
-    dbg_idb:insert(Db, {Mod,module_info,0,true}, Cs),
-    store_forms(Fs, Mod, Db, Exp, Attr);
-store_forms([{function,_,module_info,1,_}|Fs], Mod, Db, Exp, Attr) ->
-    Cs = [{clause,0,[{var,0,'What'}],[], [{module_info_1,0,Mod,[{var,0,'What'}]}]}],
-    dbg_idb:insert(Db, {Mod,module_info,1,true}, Cs),
-    store_forms(Fs, Mod, Db, Exp, Attr);
-store_forms([{function,_,Name,Arity,Cs0}|Fs], Mod, Db, Exp, Attr) ->
+store_forms([{function,_,Name,Arity,Cs0}|Fs], Mod, Db, Exp) ->
     FA = {Name,Arity},
     put(current_function, FA),
     Cs = clauses(Cs0),
     Exported = lists:member(FA, Exp),
     dbg_idb:insert(Db, {Mod,Name,Arity,Exported}, Cs),
-    store_forms(Fs, Mod, Db, Exp, Attr);
-store_forms([{attribute,_,Name,Val}|Fs], Mod, Db, Exp, Attr) ->
-    store_forms(Fs, Mod, Db, Exp, [{Name,Val}|Attr]);
-store_forms([F|_], _Mod, _Db, _Exp, _Attr) ->
+    store_forms(Fs, Mod, Db, Exp);
+store_forms([{attribute,_,_Name,_Val}|Fs], Mod, Db, Exp) ->
+    store_forms(Fs, Mod, Db, Exp);
+store_forms([F|_], _Mod, _Db, _Exp) ->
     exit({unknown_form,F});
-store_forms([], _, _, _, Attr) ->
-    lists:reverse(Attr).
+store_forms([], _, _, _) ->
+    ok.
 
 store_mod_line_no(Mod, Db, Contents) ->
     store_mod_line_no(Mod, Db, Contents, 1, 0, []).
@@ -164,14 +156,14 @@ get_nl([],Pos,Head) -> {lists:reverse(Head),[],Pos}.
 %%% to interpret.
 
 clauses([C0|Cs]) ->
-    C1 = clause(C0),
+    C1 = clause(C0, true),
     [C1|clauses(Cs)];
 clauses([]) -> [].
 
-clause({clause,Line,H0,G0,B0}) ->
+clause({clause,Line,H0,G0,B0}, Lc) ->
     H1 = head(H0),
     G1 = guard(G0),
-    B1 = exprs(B0),
+    B1 = exprs(B0, Lc),
     {clause,Line,H1,G1,B1}.
 
 head(Ps) -> patterns(Ps).
@@ -219,7 +211,7 @@ pattern({bin,Line,Grp}) ->
     {bin,Line,Grp1};
 pattern({bin_element,Line,Expr,Size,Type}) ->
     Expr1 = pattern(Expr),
-    Size1 = expr(Size),
+    Size1 = expr(Size, false),
     {bin_element,Line,Expr1,Size1,Type}.
 
 %%  These patterns are processed "in parallel" for purposes of variable
@@ -235,8 +227,6 @@ guard([G0|Gs]) ->
     [G1|guard(Gs)];
 guard([]) -> [].
 
-and_guard([{atom,_,true}|Gs]) ->
-    and_guard(Gs);
 and_guard([G0|Gs]) ->
     G1 = guard_test(G0),
     [G1|and_guard(Gs)];
@@ -244,12 +234,7 @@ and_guard([]) -> [].
 
 guard_test({call,Line,{remote,_,{atom,_,erlang},{atom,_,F}},As0}) ->
     As = gexpr_list(As0),
-    case map_guard_bif(F, length(As0)) of
-	{ok,Name} ->
-	    {safe_bif,Line,erlang,Name,As};
-	error ->
-	    {safe_bif,Line,erlang,F,As}
-    end;
+    {safe_bif,Line,erlang,F,As};
 guard_test({op,Line,Op,L0}) ->
     true = erl_internal:arith_op(Op, 1) orelse %Assertion.
 	erl_internal:bool_op(Op, 1),
@@ -266,25 +251,18 @@ guard_test({op,Line,Op,L0,R0}) ->
     L1 = gexpr(L0),
     R1 = gexpr(R0),				%They see the same variables
     {safe_bif,Line,erlang,Op,[L1,R1]};
-guard_test({integer,_,_}=I) -> I;
-guard_test({char,_,_}=C) -> C;
-guard_test({float,_,_}=F) -> F;
-guard_test({atom,_,_}=A) -> A;
-guard_test({nil,_}=N) -> N;
-guard_test({var,_,_}=V) ->V.    % Boolean var
-
-map_guard_bif(integer, 1) -> {ok,is_integer};
-map_guard_bif(float, 1) -> {ok,is_float};
-map_guard_bif(number, 1) -> {ok,is_number};
-map_guard_bif(atom, 1) -> {ok,is_atom};
-map_guard_bif(list, 1) -> {ok,is_list};
-map_guard_bif(tuple, 1) -> {ok,is_tuple};
-map_guard_bif(pid, 1) -> {ok,is_pid};
-map_guard_bif(reference, 1) -> {ok,is_reference};
-map_guard_bif(port, 1) -> {ok,is_port};
-map_guard_bif(binary, 1) -> {ok,is_binary};
-map_guard_bif(function, 1) -> {ok,is_function};
-map_guard_bif(_, _) -> error.
+guard_test({var,_,_}=V) ->V;    % Boolean var
+guard_test({atom,Line,true}) -> {value,Line,true};
+%% All other constants at this level means false.
+guard_test({atom,Line,_}) -> {value,Line,false};
+guard_test({integer,Line,_}) -> {value,Line,false};
+guard_test({char,Line,_}) -> {value,Line,false};
+guard_test({float,Line,_}) -> {value,Line,false};
+guard_test({string,Line,_}) -> {value,Line,false};
+guard_test({nil,Line}) -> {value,Line,false};
+guard_test({cons,Line,_,_}) -> {value,Line,false};
+guard_test({tuple,Line,_}) -> {value,Line,false};
+guard_test({bin,Line,_}) ->  {value,Line,false}.
 
 gexpr({var,Line,V}) -> {var,Line,V};
 gexpr({integer,Line,I}) -> {value,Line,I};
@@ -341,186 +319,187 @@ gexpr_list([]) -> [].
 %%  These expressions are processed "sequentially" for purposes of variable
 %%  definition etc.
 
-exprs([E0|Es]) ->
-    E1 = expr(E0),
-    [E1|exprs(Es)];
-exprs([]) -> [].
-
-expr({var,Line,V}) -> {var,Line,V};
-expr({integer,Line,I}) -> {value,Line,I};
-expr({char,Line,I}) -> {value,Line,I};
-expr({float,Line,F}) -> {value,Line,F};
-expr({atom,Line,A}) -> {value,Line,A};
-expr({string,Line,S}) -> {value,Line,S};
-expr({nil,Line}) -> {value,Line,[]};
-expr({cons,Line,H0,T0}) ->
-    case {expr(H0),expr(T0)} of
+exprs([E], Lc) ->
+    [expr(E, Lc)];
+exprs([E0|Es], Lc) ->
+    E1 = expr(E0, false),
+    [E1|exprs(Es, Lc)];
+exprs([], _Lc) -> [].
+
+expr({var,Line,V}, _Lc) -> {var,Line,V};
+expr({integer,Line,I}, _Lc) -> {value,Line,I};
+expr({char,Line,I}, _Lc) -> {value,Line,I};
+expr({float,Line,F}, _Lc) -> {value,Line,F};
+expr({atom,Line,A}, _Lc) -> {value,Line,A};
+expr({string,Line,S}, _Lc) -> {value,Line,S};
+expr({nil,Line}, _Lc) -> {value,Line,[]};
+expr({cons,Line,H0,T0}, _Lc) ->
+    case {expr(H0, false),expr(T0, false)} of
 	{{value,Line,H1},{value,Line,T1}} -> {value,Line,[H1|T1]};
 	{H1,T1} -> {cons,Line,H1,T1}
     end;
-expr({tuple,Line,Es0}) ->
+expr({tuple,Line,Es0}, _Lc) ->
     Es1 = expr_list(Es0),
     {tuple,Line,Es1};
-expr({block,Line,Es0}) ->
+expr({block,Line,Es0}, Lc) ->
     %% Unfold block into a sequence.
-    Es1 = exprs(Es0),
+    Es1 = exprs(Es0, Lc),
     {block,Line,Es1};
-expr({'if',Line,Cs0}) ->
-    Cs1 = icr_clauses(Cs0),
+expr({'if',Line,Cs0}, Lc) ->
+    Cs1 = icr_clauses(Cs0, Lc),
     {'if',Line,Cs1};
-expr({'case',Line,E0,Cs0}) ->
-    E1 = expr(E0),
-    Cs1 = icr_clauses(Cs0),
+expr({'case',Line,E0,Cs0}, Lc) ->
+    E1 = expr(E0, false),
+    Cs1 = icr_clauses(Cs0, Lc),
     {'case',Line,E1,Cs1};
-expr({'receive',Line,Cs0}) ->
-    Cs1 = icr_clauses(Cs0),
+expr({'receive',Line,Cs0}, Lc) ->
+    Cs1 = icr_clauses(Cs0, Lc),
     {'receive',Line,Cs1};
-expr({'receive',Line,Cs0,To0,ToEs0}) ->
-    To1 = expr(To0),
-    ToEs1 = exprs(ToEs0),
-    Cs1 = icr_clauses(Cs0),
+expr({'receive',Line,Cs0,To0,ToEs0}, Lc) ->
+    To1 = expr(To0, false),
+    ToEs1 = exprs(ToEs0, Lc),
+    Cs1 = icr_clauses(Cs0, Lc),
     {'receive',Line,Cs1,To1,ToEs1};
-expr({'fun',Line,{clauses,Cs0},{_,_,Name}}) when is_atom(Name) ->
+expr({'fun',Line,{clauses,Cs0},{_,_,Name}}, _Lc) when is_atom(Name) ->
     %% New R10B-2 format (abstract_v2).
     Cs = fun_clauses(Cs0),
     {make_fun,Line,Name,Cs};
-expr({'fun',Line,{clauses,Cs0},{_,_,_,_,Name}}) when is_atom(Name) ->
-    %% New R8 format (abstract_v2).
-    Cs = fun_clauses(Cs0),
-    {make_fun,Line,Name,Cs};
-expr({'fun',Line,{function,F,A},{_Index,_OldUniq,Name}}) ->
+expr({'fun',Line,{function,F,A},{_Index,_OldUniq,Name}}, _Lc) ->
     %% New R8 format (abstract_v2).
     As = new_vars(A, Line),
-    Cs = [{clause,Line,As,[],[{local_call,Line,F,As}]}],
+    Cs = [{clause,Line,As,[],[{local_call,Line,F,As,true}]}],
     {make_fun,Line,Name,Cs};
-expr({'fun',_,{clauses,_},{_OldUniq,_Hvss,_Free}}) ->
-    %% Old format (abstract_v1).
-    exit({?MODULE,old_funs});
-expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,self}},[]}) ->
+expr({'fun',Line,{function,{atom,_,M},{atom,_,F},{integer,_,A}}}, _Lc)
+  when 0 =< A, A =< 255 ->
+    %% New format in R15 for fun M:F/A (literal values).
+    {value,Line,erlang:make_fun(M, F, A)};
+expr({'fun',Line,{function,M,F,A}}, _Lc) ->
+    %% New format in R15 for fun M:F/A (one or more variables).
+    MFA = expr_list([M,F,A]),
+    {make_ext_fun,Line,MFA};
+expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,self}},[]}, _Lc) ->
     {dbg,Line,self,[]};
-expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,get_stacktrace}},[]}) ->
+expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,get_stacktrace}},[]}, _Lc) ->
     {dbg,Line,get_stacktrace,[]};
-expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,throw}},[_]=As}) ->
+expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,throw}},[_]=As}, _Lc) ->
     {dbg,Line,throw,expr_list(As)};
-expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,error}},[_]=As}) ->
+expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,error}},[_]=As}, _Lc) ->
     {dbg,Line,error,expr_list(As)};
-expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,fault}},[_]=As}) ->
-    {dbg,Line,fault,expr_list(As)};
-expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,exit}},[_]=As}) ->
+expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,exit}},[_]=As}, _Lc) ->
     {dbg,Line,exit,expr_list(As)};
-expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,apply}},[_,_,_]=As0}) ->
+expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,raise}},[_,_,_]=As}, _Lc) ->
+    {dbg,Line,raise,expr_list(As)};
+expr({call,Line,{remote,_,{atom,_,erlang},{atom,_,apply}},[_,_,_]=As0}, Lc) ->
     As = expr_list(As0),
-    {apply,Line,As};
-expr({call,Line,{remote,_,{atom,_,Mod},{atom,_,Func}},As0}) ->
+    {apply,Line,As,Lc};
+expr({call,Line,{remote,_,{atom,_,Mod},{atom,_,Func}},As0}, Lc) ->
     As = expr_list(As0),
     case erlang:is_builtin(Mod, Func, length(As)) of
 	false ->
-	    {call_remote,Line,Mod,Func,As};
+	    {call_remote,Line,Mod,Func,As,Lc};
 	true ->
-	    case bif_type(Mod, Func) of
+	    case bif_type(Mod, Func, length(As0)) of
 		safe -> {safe_bif,Line,Mod,Func,As};
-		spawn -> {spawn_bif,Line,Mod,Func,As};
 		unsafe ->{bif,Line,Mod,Func,As}
 	    end
     end;
-expr({call,Line,{remote,_,Mod0,Func0},As0}) ->
+expr({call,Line,{remote,_,Mod0,Func0},As0}, Lc) ->
     %% New R8 format (abstract_v2).
-    Mod = expr(Mod0),
-    Func = expr(Func0),
+    Mod = expr(Mod0, false),
+    Func = expr(Func0, false),
     As = consify(expr_list(As0)),
-    {apply,Line,[Mod,Func,As]};
-expr({call,Line,{atom,_,Func},As0}) ->
+    {apply,Line,[Mod,Func,As],Lc};
+expr({call,Line,{atom,_,Func},As0}, Lc) ->
     As = expr_list(As0),
-    {local_call,Line,Func,As};
-expr({call,Line,Fun0,As0}) ->
-    Fun = expr(Fun0),
+    {local_call,Line,Func,As,Lc};
+expr({call,Line,Fun0,As0}, Lc) ->
+    Fun = expr(Fun0, false),
     As = expr_list(As0),
-    {apply_fun,Line,Fun,As};
-expr({'catch',Line,E0}) ->
+    {apply_fun,Line,Fun,As,Lc};
+expr({'catch',Line,E0}, _Lc) ->
     %% No new variables added.
-    E1 = expr(E0),
+    E1 = expr(E0, false),
     {'catch',Line,E1};
-expr({'try',Line,Es0,CaseCs0,CatchCs0,As0}) ->
+expr({'try',Line,Es0,CaseCs0,CatchCs0,As0}, Lc) ->
     %% No new variables added.
     Es = expr_list(Es0),
-    CaseCs = icr_clauses(CaseCs0),
-    CatchCs = icr_clauses(CatchCs0),
+    CaseCs = icr_clauses(CaseCs0, Lc),
+    CatchCs = icr_clauses(CatchCs0, Lc),
     As = expr_list(As0),
     {'try',Line,Es,CaseCs,CatchCs,As};
-expr({'query', Line, E0}) ->
-    E = expr(E0),
-    {'query', Line, E};
-expr({lc,Line,E0,Gs0}) ->			%R8.
+expr({lc,Line,E0,Gs0}, _Lc) ->			%R8.
     Gs = lists:map(fun ({generate,L,P0,Qs}) ->
-			   {generate,L,expr(P0),expr(Qs)};
+			   {generate,L,expr(P0, false),expr(Qs, false)};
 		       ({b_generate,L,P0,Qs}) -> %R12.
-			   {b_generate,L,expr(P0),expr(Qs)};
+			   {b_generate,L,expr(P0, false),expr(Qs, false)};
 		       (Expr) ->
-			   case is_guard_test(Expr) of
-			       true -> {guard,[[guard_test(Expr)]]};
-			       false -> expr(Expr)
+			   case is_guard(Expr) of
+			       true -> {guard,guard([[Expr]])};
+			       false -> expr(Expr, false)
 			   end
 		   end, Gs0),
-    {lc,Line,expr(E0),Gs};
-expr({bc,Line,E0,Gs0}) ->			%R12.
+    {lc,Line,expr(E0, false),Gs};
+expr({bc,Line,E0,Gs0}, _Lc) ->			%R12.
     Gs = lists:map(fun ({generate,L,P0,Qs}) ->
-			   {generate,L,expr(P0),expr(Qs)};
+			   {generate,L,expr(P0, false),expr(Qs, false)};
 		       ({b_generate,L,P0,Qs}) -> %R12.
-			   {b_generate,L,expr(P0),expr(Qs)};
+			   {b_generate,L,expr(P0, false),expr(Qs, false)};
 		       (Expr) ->
-			   case is_guard_test(Expr) of
-			       true -> {guard,[[guard_test(Expr)]]};
-			       false -> expr(Expr)
+			   case is_guard(Expr) of
+			       true -> {guard,guard([[Expr]])};
+			       false -> expr(Expr, false)
 			   end
 		   end, Gs0),
-    {bc,Line,expr(E0),Gs};
-expr({match,Line,P0,E0}) ->
-    E1 = expr(E0),
+    {bc,Line,expr(E0, false),Gs};
+expr({match,Line,P0,E0}, _Lc) ->
+    E1 = expr(E0, false),
     P1 = pattern(P0),
     {match,Line,P1,E1};
-expr({op,Line,Op,A0}) ->
-    A1 = expr(A0),
+expr({op,Line,Op,A0}, _Lc) ->
+    A1 = expr(A0, false),
     {op,Line,Op,[A1]};
-expr({op,Line,'++',L0,R0}) ->
-    L1 = expr(L0),
-    R1 = expr(R0),				%They see the same variables
+expr({op,Line,'++',L0,R0}, _Lc) ->
+    L1 = expr(L0, false),
+    R1 = expr(R0, false),		  %They see the same variables
     {op,Line,append,[L1,R1]};
-expr({op,Line,'--',L0,R0}) ->
-    L1 = expr(L0),
-    R1 = expr(R0),				%They see the same variables
+expr({op,Line,'--',L0,R0}, _Lc) ->
+    L1 = expr(L0, false),
+    R1 = expr(R0, false),		  %They see the same variables
     {op,Line,subtract,[L1,R1]};
-expr({op,Line,'!',L0,R0}) ->
-    L1 = expr(L0),
-    R1 = expr(R0),				%They see the same variables
+expr({op,Line,'!',L0,R0}, _Lc) ->
+    L1 = expr(L0, false),
+    R1 = expr(R0, false),		  %They see the same variables
     {send,Line,L1,R1};
-expr({op,Line,Op,L0,R0}) when Op =:= 'andalso'; Op =:= 'orelse' ->
-    L1 = expr(L0),
-    R1 = expr(R0),				%They see the same variables
+expr({op,Line,Op,L0,R0}, _Lc) when Op =:= 'andalso'; Op =:= 'orelse' ->
+    L1 = expr(L0, false),
+    R1 = expr(R0, false),		  %They see the same variables
     {Op,Line,L1,R1};
-expr({op,Line,Op,L0,R0}) ->
-    L1 = expr(L0),
-    R1 = expr(R0),				%They see the same variables
+expr({op,Line,Op,L0,R0}, _Lc) ->
+    L1 = expr(L0, false),
+    R1 = expr(R0, false),		  %They see the same variables
     {op,Line,Op,[L1,R1]};
-expr({bin,Line,Grp}) ->
+expr({bin,Line,Grp}, _Lc) ->
     Grp1 = expr_list(Grp),
     {bin,Line,Grp1};
-expr({bin_element,Line,Expr,Size,Type}) ->
-    Expr1 = expr(Expr),
-    Size1 = expr(Size),
+expr({bin_element,Line,Expr,Size,Type}, _Lc) ->
+    Expr1 = expr(Expr, false),
+    Size1 = expr(Size, false),
     {bin_element,Line,Expr1,Size1,Type};
-expr(Other) ->
+expr(Other, _Lc) ->
     exit({?MODULE,{unknown_expr,Other}}).
 
-%% is_guard_test(Expression) -> true | false.
-%%  Test if a general expression is a guard test.  Cannot use erl_lint
-%%  here as sys_pre_expand has transformed source.
+%% is_guard(Expression) -> true | false.
+%%  Test if a general expression is a guard test or guard BIF.
+%%  Cannot use erl_lint here as sys_pre_expand has transformed source.
 
-is_guard_test({op,_,Op,L,R}) ->
+is_guard({op,_,Op,L,R}) ->
     erl_internal:comp_op(Op, 2) andalso is_gexpr_list([L,R]);
-is_guard_test({call,_,{remote,_,{atom,_,erlang},{atom,_,Test}},As}) ->
-    erl_internal:type_test(Test, length(As)) andalso is_gexpr_list(As);
-is_guard_test({atom,_,true}) -> true;
-is_guard_test(_) -> false.
+is_guard({call,_,{remote,_,{atom,_,erlang},{atom,_,Test}},As}) ->
+    Arity = length(As),
+    (erl_internal:guard_bif(Test, Arity) orelse
+     erl_internal:old_type_test(Test, Arity)) andalso is_gexpr_list(As);
+is_guard({atom,_,true}) -> true;
+is_guard(_) -> false.
 
 is_gexpr({var,_,_}) -> true;
 is_gexpr({atom,_,_}) -> true;
@@ -555,17 +534,17 @@ consify([]) -> {value,0,[]}.
 %%  definition etc.
 
 expr_list([E0|Es]) ->
-    E1 = expr(E0),
+    E1 = expr(E0, false),
     [E1|expr_list(Es)];
 expr_list([]) -> [].
 
-icr_clauses([C0|Cs]) ->
-    C1 = clause(C0),
-    [C1|icr_clauses(Cs)];
-icr_clauses([]) -> [].
+icr_clauses([C0|Cs], Lc) ->
+    C1 = clause(C0, Lc),
+    [C1|icr_clauses(Cs, Lc)];
+icr_clauses([], _) -> [].
 
 fun_clauses([{clause,L,H,G,B}|Cs]) ->
-    [{clause,L,head(H),guard(G),exprs(B)}|fun_clauses(Cs)];
+    [{clause,L,head(H),guard(G),exprs(B, true)}|fun_clauses(Cs)];
 fun_clauses([]) -> [].
 
 %% new_var_name() -> VarName.
@@ -585,24 +564,21 @@ new_vars(N, L, Vs) when N > 0 ->
     new_vars(N-1, L, [V|Vs]);
 new_vars(0, _, Vs) -> Vs.
 
-bif_type(erlang, Name) -> bif_type(Name);
-bif_type(_, _) -> unsafe.
+bif_type(erlang, Name, Arity) ->
+    case erl_internal:guard_bif(Name, Arity) of
+	true ->
+	    %% Guard BIFs are safe (except for self/0, but it is
+	    %% handled with a special instruction anyway).
+	    safe;
+	false ->
+	    bif_type(Name)
+    end;
+bif_type(_, _, _) -> unsafe.
 
 bif_type(register)           -> safe;
 bif_type(unregister)         -> safe;
 bif_type(whereis)            -> safe;
 bif_type(registered)         -> safe;
-bif_type(abs)                -> safe;
-bif_type(float)              -> safe;
-bif_type(trunc)              -> safe;
-bif_type(round)              -> safe;
-bif_type(math)               -> safe;
-bif_type(node)               -> safe;
-bif_type(length)             -> safe;
-bif_type(hd)                 -> safe;
-bif_type(tl)                 -> safe;
-bif_type(size)               -> safe;
-bif_type(element)            -> safe;
 bif_type(setelement)         -> safe;
 bif_type(atom_to_list)       -> safe;
 bif_type(list_to_atom)       -> safe;
@@ -627,22 +603,14 @@ bif_type(list_to_pid)        -> safe;
 bif_type(module_loaded)      -> safe;
 bif_type(binary_to_term)     -> safe;
 bif_type(term_to_binary)     -> safe;
-bif_type(alive)              -> safe;
-bif_type(notalive)           -> safe;
 bif_type(nodes)              -> safe;
 bif_type(is_alive)           -> safe;
 bif_type(disconnect_node)    -> safe;
 bif_type(binary_to_list)     -> safe;
 bif_type(list_to_binary)     -> safe;
 bif_type(split_binary)       -> safe;
-bif_type(concat_binary)      -> safe;
-bif_type(term_to_atom)       -> safe;
 bif_type(hash)               -> safe;
 bif_type(pre_loaded)         -> safe;
-bif_type(info)               -> safe;
 bif_type(set_cookie)         -> safe;
 bif_type(get_cookie)         -> safe;
-bif_type(spawn)              -> spawn;
-bif_type(spawn_link)         -> spawn;
-bif_type(spawn_opt)          -> spawn;
 bif_type(_)                  -> unsafe.
diff --git a/lib/debugger/src/dbg_iserver.erl b/lib/debugger/src/dbg_iserver.erl
index 212bc2b8ab..1bb73a43b9 100644
--- a/lib/debugger/src/dbg_iserver.erl
+++ b/lib/debugger/src/dbg_iserver.erl
@@ -97,13 +97,10 @@ ensure_started() ->
 %%
 %% Key                        Value
 %% ---                        -----
-%% attributes                 Attr
-%% exports                    Exp
 %% defs                       []
 %% mod_bin                    Binary
 %% mod_raw                    Raw Binary
 %% mod_file                   File
-%% module                     Mod
 %% {Mod,Name,Arity,Exported}  Cs
 %% {'fun',Mod,Index,Uniq}     {Name,Arity,Cs}
 %% Line                       {Pos,PosNL}
@@ -117,7 +114,7 @@ init([]) ->
     process_flag(trap_exit, true),
     global:register_name(?MODULE, self()),
     Db = ets:new(?MODULE, [ordered_set, protected]),
-    {ok, #state{db=Db, auto=false, stack=all}}.
+    {ok, #state{db=Db, auto=false, stack=no_tail}}.
 
 %% Attaching to a process
 handle_call({attached, AttPid, Pid}, _From, State) ->
diff --git a/lib/debugger/src/dbg_istk.erl b/lib/debugger/src/dbg_istk.erl
new file mode 100644
index 0000000000..c6922a80e4
--- /dev/null
+++ b/lib/debugger/src/dbg_istk.erl
@@ -0,0 +1,245 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(dbg_istk).
+-export([init/0,delayed_to_external/0,from_external/1,
+	 push/3,pop/0,pop/1,stack_level/0,
+	 delayed_stacktrace/0,delayed_stacktrace/2,
+	 bindings/1,stack_frame/2,backtrace/2,
+	 in_use_p/2]).
+
+-include("dbg_ieval.hrl").
+
+-define(STACK, ?MODULE).
+
+-record(e,
+	{level,					%Level
+	 mfa,					%{Mod,Func,Args|Arity}|{Fun,Args}
+	 line,					%Line called from
+	 bindings,
+	 lc					%Last call (true|false)
+	 }).
+
+init() ->
+    init([]).
+
+delayed_to_external() ->
+    Stack = get(?STACK),
+    fun() -> {stack,term_to_binary(Stack)} end.
+
+from_external({stack,Stk}) ->
+    put(?STACK, binary_to_term(Stk)).
+
+init(Stack) ->
+    put(?STACK, Stack).
+
+%% We keep track of a call stack that is used for
+%%  1) saving stack frames that can be inspected from an Attached
+%%     Process GUI (using dbg_icmd:get(Meta, stack_frame, {Dir, SP})
+%%  2) generate an approximation of regular stacktrace -- sent to
+%%     Debugged when it should raise an exception or evaluate a
+%%     function (since it might possible raise an exception)
+%%
+%% How to push depends on the "Stack Trace" option (value saved in
+%% process dictionary item 'trace_stack').
+%%   all - everything is pushed
+%%   no_tail - tail recursive push
+%%   false - nothing is pushed
+%% Whenever a function returns, the corresponding call frame is popped.
+
+push(Bs, #ieval{level=Le,module=Mod,function=Name,
+		arguments=As,line=Li}=Ieval, Lc) ->
+    Entry = #e{level=Le,mfa={Mod,Name,As},line=Li,bindings=Bs,lc=Lc},
+    case get(trace_stack) of
+	false ->
+	    Ieval#ieval{level=Le+1};
+	no_tail when Lc ->
+	    Ieval;
+	_ -> % all | no_tail when Lc =:= false
+	    put(?STACK, [Entry|get(?STACK)]),
+	    Ieval#ieval{level=Le+1}
+    end.
+
+pop() ->
+    case get(trace_stack) of
+	false -> ignore;
+	_ -> % all ¦ no_tail
+	    case get(?STACK) of
+		[_Entry|Entries] ->
+		    put(?STACK, Entries);
+		[] ->
+		    ignore
+	    end
+    end.
+
+pop(Le) ->
+    case get(trace_stack) of
+	false -> ignore;
+	_ -> % all | no_tail
+	    put(?STACK, pop(Le, get(?STACK)))
+    end.
+
+pop(Level, [#e{level=Le}|Stack]) when Level =< Le ->
+    pop(Level, Stack);
+pop(_Level, Stack) ->
+    Stack.
+
+%% stack_level() -> Le
+%% stack_level(Stack) -> Le
+%% Top call level
+stack_level() ->
+    stack_level(get(?STACK)).
+
+stack_level([]) -> 1;
+stack_level([#e{level=Le}|_]) -> Le.
+
+%% delayed_stacktrace() -> CreateStacktraceFun
+%% delayed_stacktrace(ArgFlag, #ieval{}) -> CreateStacktraceFun
+%%   ArgFlag = no_args | include_args
+%%   CreateStacktraceFun = fun(NumberOfEntries)
+%%
+%% Return a fun that can convert the internal stack format to
+%% an imitation of the regular stacktrace.
+
+delayed_stacktrace() ->
+    Stack0 = get(?STACK),
+    fun(NumEntries) ->
+	    Stack = stacktrace(NumEntries, Stack0, []),
+	    [finalize(ArityOnly) || {ArityOnly,_} <- Stack]
+    end.
+
+delayed_stacktrace(include_args, Ieval) ->
+    #ieval{module=Mod,function=Name,arguments=As,line=Li} = Ieval,
+    Stack0 = [#e{mfa={Mod,Name,As},line=Li}|get(?STACK)],
+    fun(NumEntries) ->
+	    case stacktrace(NumEntries, Stack0, []) of
+		[] ->
+		    [];
+		[{_,WithArgs}|Stack] ->
+		    [finalize(WithArgs) |
+		     [finalize(ArityOnly) || {ArityOnly,_} <- Stack]]
+	    end
+    end;
+delayed_stacktrace(no_args, Ieval) ->
+    #ieval{module=Mod,function=Name,arguments=As,line=Li} = Ieval,
+    Stack0 = [#e{mfa={Mod,Name,As},line=Li}|get(?STACK)],
+    fun(NumEntries) ->
+	    Stack = stacktrace(NumEntries, Stack0, []),
+	    [finalize(ArityOnly) || {ArityOnly,_} <- Stack]
+    end.
+
+stacktrace(N, [#e{lc=true}|T], Acc) ->
+    stacktrace(N, T, Acc);
+stacktrace(N, [E|T], []) ->
+    stacktrace(N-1, T, [normalize(E)]);
+stacktrace(N, [E|T], [{P,_}|_]=Acc) when N > 0 ->
+    case normalize(E) of
+	{P,_} ->
+	    stacktrace(N, T, Acc);
+	New ->
+	    stacktrace(N-1, T, [New|Acc])
+    end;
+stacktrace(_, _, Acc) ->
+    lists:reverse(Acc).
+
+normalize(#e{mfa={M,Fun,As},line=Li}) when is_function(Fun) ->
+    Loc = {M,Li},
+    {{Fun,length(As),Loc},{Fun,As,Loc}};
+normalize(#e{mfa={M,F,As},line=Li}) ->
+    Loc = {M,Li},
+    {{M,F,length(As),Loc},{M,F,As,Loc}}.
+
+finalize({M,F,A,Loc}) -> {M,F,A,line(Loc)};
+finalize({Fun,A,Loc}) -> {Fun,A,line(Loc)}.
+
+line({Mod,Line}) when Line > 0 ->
+    [{file,atom_to_list(Mod)++".erl"},{line,Line}];
+line(_) -> [].
+
+%% bindings(SP) -> Bs
+%%   SP = Le  % stack pointer
+%% Return the bindings for the specified call level
+bindings(SP) ->
+    bindings(SP, get(?STACK)).
+
+bindings(SP, [#e{level=SP,bindings=Bs}|_]) ->
+    Bs;
+bindings(SP, [_Entry|Entries]) ->
+    bindings(SP, Entries);
+bindings(_SP, []) ->
+    erl_eval:new_bindings().
+
+%% stack_frame(Dir, SP) -> {Le, Where, Bs} | top | bottom
+%%   Dir = up | down
+%%   Where = {Cm, Li}
+%%     Cm = Module | undefined  % module
+%%     Li = int()  | -1         % line number
+%%     Bs = bindings()
+%% Return stack frame info one step up/down from given stack pointer
+%%  up = to lower call levels
+%%  down = to higher call levels
+stack_frame(up, SP) ->
+    stack_frame(SP, up, get(?STACK));
+stack_frame(down, SP) ->
+    stack_frame(SP, down, lists:reverse(get(?STACK))).
+
+stack_frame(SP, up, [#e{level=Le,mfa={Cm,_,_},line=Li,bindings=Bs}|_])
+  when Le < SP ->
+    {Le,{Cm,Li},Bs};
+stack_frame(SP, down, [#e{level=Le,mfa={Cm,_,_},line=Li,bindings=Bs}|_])
+  when Le > SP ->
+    {Le,{Cm,Li},Bs};
+stack_frame(SP, Dir, [#e{level=SP}|Stack]) ->
+    case Stack of
+	[#e{level=Le,mfa={Cm,_,_},line=Li,bindings=Bs}|_] ->
+	    {Le,{Cm,Li},Bs};
+	[] when Dir =:= up ->
+	    top;
+	[] when Dir =:= down ->
+	    bottom
+    end;
+stack_frame(SP, Dir, [_Entry|Stack]) ->
+    stack_frame(SP, Dir, Stack).
+
+%% backtrace(HowMany) -> Backtrace
+%%   HowMany = all | int()
+%%   Backtrace = {Le, MFA}
+%% Return all/the last N called functions, in reversed call order
+backtrace(HowMany, Ieval) ->
+    #ieval{level=Level,module=Mod,function=Name,arguments=As} = Ieval,
+    Stack0 = [#e{level=Level,mfa={Mod,Name,As}}|get(?STACK)],
+    Stack = case HowMany of
+		all -> Stack0;
+		N -> lists:sublist(Stack0, N)
+	    end,
+    [{Le,MFA} || #e{level=Le,mfa=MFA} <- Stack].
+
+%%--------------------------------------------------------------------
+%% in_use_p(Mod, Cm) -> boolean()
+%%   Mod = Cm = atom()
+%% Returns true if Mod is found on the stack, otherwise false.
+%%--------------------------------------------------------------------
+in_use_p(Mod, Mod) -> true;
+in_use_p(Mod, _Cm) ->
+    case get(trace_stack) of
+	false -> true;
+	_ -> %  all | no_tail
+	    lists:any(fun(#e{mfa={M,_,_}}) when M =:= Mod -> true;
+			 (_) -> false
+		      end, get(?STACK))
+    end.
diff --git a/lib/debugger/src/dbg_ui_break_win.erl b/lib/debugger/src/dbg_ui_break_win.erl
index 4039bf785f..abbec158b0 100644
--- a/lib/debugger/src/dbg_ui_break_win.erl
+++ b/lib/debugger/src/dbg_ui_break_win.erl
@@ -81,12 +81,12 @@ create_win(GS, {X, Y}, function, Mod, _Line) ->
 			  {pack_x, 2}, {pack_y, 3},
 			  {selectmode, multiple}]),
 
-    %% Add Ok and Cancel buttons
-    {Wbtn, Hbtn} = dbg_ui_win:min_size(["Ok","Cancel"], 70, 30),
+    %% Add OK and Cancel buttons
+    {Wbtn, Hbtn} = dbg_ui_win:min_size(["OK","Cancel"], 70, 30),
     Bot = gs:frame(Frm, [{pack_x, {1, 3}}, {pack_y, 4}]),
-    Ok = gs:button(Bot, [{x, Pad}, {y, Pad},
+    OK = gs:button(Bot, [{x, Pad}, {y, Pad},
 			 {width, Wbtn}, {height, Hbtn},
-			 {label, {text,"Ok"}}, {font, Font}]),
+			 {label, {text,"OK"}}, {font, Font}]),
     Cancel = gs:button(Bot, [{x, W-Pad-Wbtn}, {y, Pad},
 			     {width, Wbtn}, {height, Hbtn},
 			     {label, {text,"Cancel"}}, {font, Font}]),
@@ -95,7 +95,7 @@ create_win(GS, {X, Y}, function, Mod, _Line) ->
     gs:config(Win, [{width, Wfrm}, {height, Hfrm}, {map, true}]),
     #winInfo{type=function, win=Win,
 	     packer=Frm, entries=Entries, trigger=enable,
-	     ok=Ok, cancel=Cancel, listbox=Lb, funcs=[]};
+	     ok=OK, cancel=Cancel, listbox=Lb, funcs=[]};
 create_win(GS, {X, Y}, Type, Mod, Line) ->
     Pad = 8,
     W = 230,
@@ -161,12 +161,12 @@ create_win(GS, {X, Y}, Type, Mod, Line) ->
 			 {align, w}, {group, Grp},
 			 {data, {trigger, delete}}]),
 
-    %% Add Ok and Cancel buttons
-    {Wbtn, Hbtn} = dbg_ui_win:min_size(["Ok","Cancel"], 70, 30),
+    %% Add OK and Cancel buttons
+    {Wbtn, Hbtn} = dbg_ui_win:min_size(["OK","Cancel"], 70, 30),
     Ybtn = Yacc + Pad + Hfrm + Pad,
-    Ok = gs:button(Win, [{x, Pad}, {y, Ybtn},
+    OK = gs:button(Win, [{x, Pad}, {y, Ybtn},
 			 {width, Wbtn}, {height, Hbtn},
-			 {label, {text,"Ok"}}, {font, Font}]),
+			 {label, {text,"OK"}}, {font, Font}]),
     gs:button(Win, [{x, W-Pad-Wbtn}, {y, Ybtn},
 		    {width, Wbtn}, {height, Hbtn},
 		    {label, {text,"Cancel"}}, {font, Font}]),
@@ -175,7 +175,7 @@ create_win(GS, {X, Y}, Type, Mod, Line) ->
     gs:config(Win, [{width, W}, {height, Hwin}, {map, true}]),
 
     #winInfo{type=Type, win=Win,
-	     entries=Entries, trigger=enable, ok=Ok}.
+	     entries=Entries, trigger=enable, ok=OK}.
 
 %%--------------------------------------------------------------------
 %% update_functions(WinInfo, Funcs) -> WinInfo
@@ -229,7 +229,7 @@ handle_event({gs, LB, keypress, window, [Key|_]}, WinInfo) ->
 	Key/='Tab', Key/='Return' ->
 	    ignore;
 	true ->
-	    handle_event({gs, LB, click, listbox, ["Ok"]}, WinInfo)
+	    handle_event({gs, LB, click, listbox, ["OK"]}, WinInfo)
     end;
 handle_event({gs, Ent, keypress, Data, [Key|_]}, WinInfo) ->
     case WinInfo#winInfo.type of
@@ -249,14 +249,14 @@ handle_event({gs, Ent, keypress, Data, [Key|_]}, WinInfo) ->
 	    case next_entry(Ent, WinInfo#winInfo.entries) of
 		last ->
 		    gs:config(WinInfo#winInfo.ok, flash),
-		    handle_event({gs, Ent, click, Data, ["Ok"]}, WinInfo);
+		    handle_event({gs, Ent, click, Data, ["OK"]}, WinInfo);
 		Next ->
 		    gs:config(Next, {setfocus, true}),
 		    ignore
 	    end;
 	_Type -> ignore
     end;
-handle_event({gs, _Id, click, _Data, ["Ok"|_]}, WinInfo) ->
+handle_event({gs, _Id, click, _Data, ["OK"|_]}, WinInfo) ->
     case check_input(WinInfo#winInfo.entries) of
 	error -> ignore;
 	Data when WinInfo#winInfo.type/=function ->
diff --git a/lib/debugger/src/dbg_ui_edit_win.erl b/lib/debugger/src/dbg_ui_edit_win.erl
index badaf4bef4..9b0441b44c 100644
--- a/lib/debugger/src/dbg_ui_edit_win.erl
+++ b/lib/debugger/src/dbg_ui_edit_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -64,13 +64,13 @@ create_win(GS, {X, Y}, Title, Prompt, {Type, Value}) ->
 			 {text, Value},
 			 {keypress, true}]),
 
-    %% Ok and Cancel buttons
+    %% OK and Cancel buttons
     W = Pad + Wlbl + Went + Pad,
     {Wbtn, Hbtn} = dbg_ui_win:min_size(["Cancel"], 70, 30),
     Ybtn = Pad + Hlbl + Pad,
     Btn = gs:button(Win, [{x, Pad}, {y, Ybtn},
 			  {width, Wbtn}, {height, Hbtn},
-			  {label, {text,"Ok"}}, {font, Font}]),
+			  {label, {text,"OK"}}, {font, Font}]),
     gs:button(Win, [{x, W-Pad-Wbtn}, {y, Ybtn},
 		    {width, Wbtn}, {height, Hbtn},
 		    {label, {text,"Cancel"}}, {font, Font}]),
@@ -100,8 +100,8 @@ handle_event({gs, _Id, destroy, _Data, _Arg}, _WinInfo) ->
     stopped;
 handle_event({gs, Id, keypress, Data, ['Return'|_]}, WinInfo) ->
     gs:config(WinInfo#winInfo.button, flash),
-    handle_event({gs, Id, click, Data, ["Ok"]}, WinInfo);
-handle_event({gs, _Id, click, _Data, ["Ok"|_]}, WinInfo) ->
+    handle_event({gs, Id, click, Data, ["OK"]}, WinInfo);
+handle_event({gs, _Id, click, _Data, ["OK"|_]}, WinInfo) ->
     Ent = WinInfo#winInfo.entry,
     Str = gs:read(Ent, text),
     Type = WinInfo#winInfo.type,
diff --git a/lib/debugger/src/dbg_ui_filedialog_win.erl b/lib/debugger/src/dbg_ui_filedialog_win.erl
index 3203991c1f..1eced1104d 100644
--- a/lib/debugger/src/dbg_ui_filedialog_win.erl
+++ b/lib/debugger/src/dbg_ui_filedialog_win.erl
@@ -100,7 +100,7 @@ create_win(GS, Title, {X,Y}, Mode, Filter, Extra, FileName) ->
     Opts = [{y, Y4}, {width, Wbtn}, {height, Hbtn}, {font, Font}],
     case Mode of
 	normal ->
-	    gs:button(Win, [{label, {text,"Ok"}}, {x, Pad},
+	    gs:button(Win, [{label, {text,"OK"}}, {x, Pad},
 			    {data, select} | Opts]),
 	    gs:button(Win, [{label, {text,"Filter"}}, {x, Wlb/2-Wbtn/2},
 			    {data, filter} | Opts]),
diff --git a/lib/debugger/src/dbg_ui_interpret.erl b/lib/debugger/src/dbg_ui_interpret.erl
index 952e73b537..73392d40cb 100644
--- a/lib/debugger/src/dbg_ui_interpret.erl
+++ b/lib/debugger/src/dbg_ui_interpret.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -145,7 +145,7 @@ interpret_all(State, Dir, [File0|Files]) ->
 	    Window = dbg_ui_filedialog_win:get_window(State#state.win),
 	    Error = format_error(int:interpretable(File)),
 	    Msg = ["Error when interpreting:", File, Error,
-		   "Ok to continue?"],
+		   "OK to continue?"],
 	    case tool_utils:confirm(Window, Msg) of
 		ok -> interpret_all(State, Dir, Files);
 		cancel -> true
diff --git a/lib/debugger/src/dbg_ui_settings.erl b/lib/debugger/src/dbg_ui_settings.erl
index 146aa7e239..fcfd67966f 100644
--- a/lib/debugger/src/dbg_ui_settings.erl
+++ b/lib/debugger/src/dbg_ui_settings.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -136,8 +136,8 @@ default_settings_dir(GS) ->
 	    {ok, CWD} = file:get_cwd(),
 	    
 	    Msg = ["Default directory", DefDir, "does not exist.",
-		   "Click Ok to create it or", 
-		   "Cancel to use other directory!"],
+		   "Click OK to create it or",
+		   "Cancel to use other directory."],
 	    case tool_utils:confirm(GS, Msg) of
 		ok ->
 		    ToolsDir = filename:dirname(DefDir),
diff --git a/lib/debugger/src/dbg_wx_break_win.erl b/lib/debugger/src/dbg_wx_break_win.erl
index 7ac82c8fb4..062da3937a 100644
--- a/lib/debugger/src/dbg_wx_break_win.erl
+++ b/lib/debugger/src/dbg_wx_break_win.erl
@@ -82,8 +82,8 @@ create_win(Parent, Pos, function, Mod, _Line) ->
     wxComboBox:connect(Text, command_text_updated),
     wxListBox:connect(LB, command_listbox_selected),
     wxListBox:connect(LB, command_listbox_doubleclicked),
-    OkId   = wxDialog:getAffirmativeId(Win),
-    OKButt = wxWindow:findWindowById(OkId, [{parent, Win}]),
+    OKId   = wxDialog:getAffirmativeId(Win),
+    OKButt = wxWindow:findWindowById(OKId, [{parent, Win}]),
     wxWindow:disable(OKButt),
     wxDialog:centreOnParent(Win),
     wxDialog:show(Win),
@@ -141,8 +141,8 @@ create_win(Parent, Pos, Type, Mod, Line) ->
     wxComboBox:setFocus(ModT),
     wxDialog:connect(Win, command_button_clicked),
     wxDialog:connect(Win, command_text_updated),
-    OkId   = wxDialog:getAffirmativeId(Win),
-    OKButt = wxWindow:findWindowById(OkId),
+    OKId   = wxDialog:getAffirmativeId(Win),
+    OKButt = wxWindow:findWindowById(OKId),
     wxWindow:disable(OKButt),
     wxDialog:centreOnParent(Win),
     wxDialog:show(Win),
@@ -180,30 +180,30 @@ handle_event(#wx{id=?wxID_CANCEL}, #winInfo{win=Win}) ->
     wxDialog:destroy(Win),
     stopped;
 handle_event(#wx{event=#wxCommand{type=command_text_updated}}, 
-	     #winInfo{type=function, text=Text, ok=Ok}) ->
+	     #winInfo{type=function, text=Text, ok=OK}) ->
     Module = wxComboBox:getValue(Text),
-    wxWindow:disable(Ok),
+    wxWindow:disable(OK),
     {module, list_to_atom(Module)};
 handle_event(#wx{event=#wxCommand{type=command_text_updated}}, 
-	     #winInfo{text=Text, ok=Ok, entries=Es}) ->
+	     #winInfo{text=Text, ok=OK, entries=Es}) ->
     Module = wxComboBox:getValue(Text),
     case check_input(Es) of
-	error -> wxWindow:disable(Ok);
-	_Data when Module =/= "" -> wxWindow:enable(Ok);
-	_ -> wxWindow:disable(Ok)
+	error -> wxWindow:disable(OK);
+	_Data when Module =/= "" -> wxWindow:enable(OK);
+	_ -> wxWindow:disable(OK)
     end,
     ignore;
 handle_event(#wx{event=#wxCommand{type=command_listbox_selected}}, 
-	     #winInfo{type=function, listbox=LB, ok=Ok}) ->
+	     #winInfo{type=function, listbox=LB, ok=OK}) ->
     case wxListBox:getSelections(LB) of
-	{N,_} when N > 0 -> wxWindow:enable(Ok);
-	_ -> wxWindow:disable(Ok)
+	{N,_} when N > 0 -> wxWindow:enable(OK);
+	_ -> wxWindow:disable(OK)
     end,
     ignore;
-handle_event(#wx{id=OKorListBox, event=#wxCommand{type=OkorDoubleClick}},
+handle_event(#wx{id=OKorListBox, event=#wxCommand{type=OKorDoubleClick}},
 	     #winInfo{type=function,win=Win,listbox=LB,funcs=Funcs,text=Text})
   when OKorListBox =:= ?wxID_OK; 
-       OkorDoubleClick =:= command_listbox_doubleclicked ->
+       OKorDoubleClick =:= command_listbox_doubleclicked ->
     Mod = wxComboBox:getValue(Text),
     {_, IndexL} = wxListBox:getSelections(LB),
     Breaks = [[list_to_atom(Mod)|lists:nth(Index+1, Funcs)] || Index <- IndexL],
diff --git a/lib/debugger/src/dbg_wx_filedialog_win.erl b/lib/debugger/src/dbg_wx_filedialog_win.erl
index 9687efa981..f109652a70 100644
--- a/lib/debugger/src/dbg_wx_filedialog_win.erl
+++ b/lib/debugger/src/dbg_wx_filedialog_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,7 +24,7 @@
 -export([new/3, getFilename/1, getFilenames/1, getDirectory/1, destroy/1]).
 
 %% Internal 
--export([init/1, handle_call/3, handle_event/2, 
+-export([init/1, handle_call/3, handle_event/2, handle_cast/2,
 	 handle_info/2, code_change/3, terminate/2]).
 
 -include_lib("wx/include/wx.hrl").
@@ -151,7 +151,7 @@ init([Parent, Id, Options0]) ->
     Bott = wxDialog:createButtonSizer(Dlg, ?wxCANCEL bor ?wxOK),
     wxDialog:connect(Dlg, command_button_clicked), 
     
-    %% Ok done 
+    %% OK done
     Box  = wxBoxSizer:new(?wxVERTICAL),
     wxSizer:add(Box, Top,  [{border, 2}, {flag,?wxALL bor ?wxEXPAND}]),
     wxSizer:add(Box, Dir,  [{border, 2}, {flag,?wxALL bor ?wxEXPAND}]),
@@ -193,6 +193,9 @@ handle_call(getDirectory, _From, State = #state{path=Dir}) ->
 handle_call(destroy, _From, State) ->
     {stop, normal, ok, State}.
 
+handle_cast(_, State) ->
+    {noreply, State}.
+
 %%  events
 handle_event(#wx{id=?wxID_UP}, State0) ->
     State = update_window(change_dir(0, State0)),
diff --git a/lib/debugger/src/dbg_wx_settings.erl b/lib/debugger/src/dbg_wx_settings.erl
index 8f87815949..3be93c495c 100644
--- a/lib/debugger/src/dbg_wx_settings.erl
+++ b/lib/debugger/src/dbg_wx_settings.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -83,9 +83,9 @@ default_settings_dir(Win) ->
 	false ->
 	    {ok, CWD} = file:get_cwd(),
 	    
-	    Msg = ["Default directory", DefDir, "does not exist.",
-		   "Click Ok to create it or", 
-		   "Cancel to use other directory!"],
+	    Msg = ["Default directory ", DefDir, " does not exist. ",
+		   "Click OK to create it or ",
+		   "Cancel to use other directory."],
 	    case dbg_wx_win:confirm(Win, Msg) of
 		ok ->
 		    ToolsDir = filename:dirname(DefDir),
diff --git a/lib/debugger/src/dbg_wx_trace_win.erl b/lib/debugger/src/dbg_wx_trace_win.erl
index 720b913024..79cf87ae62 100755..100644
--- a/lib/debugger/src/dbg_wx_trace_win.erl
+++ b/lib/debugger/src/dbg_wx_trace_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_wx_winman.erl b/lib/debugger/src/dbg_wx_winman.erl
index 79dcc47f6f..79dcc47f6f 100755..100644
--- a/lib/debugger/src/dbg_wx_winman.erl
+++ b/lib/debugger/src/dbg_wx_winman.erl
diff --git a/lib/debugger/src/debugger.app.src b/lib/debugger/src/debugger.app.src
index 21cf59a2e1..807054c983 100644
--- a/lib/debugger/src/debugger.app.src
+++ b/lib/debugger/src/debugger.app.src
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,6 +26,7 @@
 	     dbg_ieval,
 	     dbg_iload,
 	     dbg_iserver,
+	     dbg_istk,
 	     dbg_ui_break,
 	     dbg_ui_break_win,
 	     dbg_ui_edit,
diff --git a/lib/debugger/test/Makefile b/lib/debugger/test/Makefile
index 2296bd0ae6..3dfbed31ff 100644
--- a/lib/debugger/test/Makefile
+++ b/lib/debugger/test/Makefile
@@ -43,6 +43,7 @@ MODULES= \
 	exception_SUITE \
 	fun_SUITE \
 	lc_SUITE \
+	line_number_SUITE \
 	record_SUITE \
 	trycatch_SUITE \
 	test_lib \
diff --git a/lib/debugger/test/bs_construct_SUITE.erl b/lib/debugger/test/bs_construct_SUITE.erl
index 5c7d49e951..187c9f53b0 100644
--- a/lib/debugger/test/bs_construct_SUITE.erl
+++ b/lib/debugger/test/bs_construct_SUITE.erl
@@ -19,18 +19,31 @@
 
 -module(bs_construct_SUITE).
 
+%% Copied from bs_construct_SUITE in the emulator test suite.
+%% The following test cases have been omitted since they don't
+%% make much sense for the debugger:
+%%  bs_add
+%%  kostis
+
 -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
 	 init_per_suite/1,end_per_suite/1,
-	 test1/1, test2/1, test3/1, test4/1, test5/1, testf/1, not_used/1, in_guard/1,
-	 coerce_to_float/1]).
+	 test1/1, test2/1, test3/1, test4/1, test5/1, testf/1,
+	 not_used/1, in_guard/1,
+	 mem_leak/1, coerce_to_float/1, bjorn/1,
+	 huge_float_field/1, huge_binary/1, system_limit/1, badarg/1,
+	 copy_writable_binary/1, dynamic/1,
+	 otp_7422/1, zero_width/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    cases().
+    [test1, test2, test3, test4, test5, testf, not_used,
+     in_guard, mem_leak, coerce_to_float, bjorn,
+     huge_float_field, huge_binary, system_limit, badarg,
+     copy_writable_binary, dynamic, otp_7422, zero_width].
 
 groups() -> 
     [].
@@ -41,11 +54,6 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
-
-cases() -> 
-    [test1, test2, test3, test4, test5, testf, not_used,
-     in_guard, coerce_to_float].
-
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
     Dog = test_server:timetrap(?t:minutes(1)),
@@ -75,7 +83,9 @@ r(L) ->
 -define(T(B, L), {B, ??B, L}).
 -define(N(B), {B, ??B, unknown}).
 
--define(FAIL(Expr), ?line {'EXIT',{badarg,_}} = (catch Expr)).
+-define(FAIL(Expr), ?line fail_check(catch Expr, ??Expr, [])).
+
+-define(FAIL_VARS(Expr, Vars), ?line fail_check(catch Expr, ??Expr, Vars)).
 
 l(I_13, I_big1) ->
     [
@@ -143,7 +153,13 @@ l(I_13, I_big1) ->
 	native_3798()),
 
      ?T(<<32978297842987249827298387697777669766334937:128/native-integer>>,
-	native_bignum())
+	native_bignum()),
+
+     %% Unit tests.
+     ?T(<<<<5:3>>/bitstring>>, <<5:3>>),
+     ?T(<<42,<<7:4>>/binary-unit:4>>, <<42,7:4>>),
+     ?T(<<<<344:17>>/binary-unit:17>>, <<344:17>>),
+     ?T(<<<<42,3,7656:16>>/binary-unit:16>>, <<42,3,7656:16>>)
 
      ].
 
@@ -179,7 +195,7 @@ eval_list([{C_bin, Str, Bytes} | Rest], Vars) ->
 	    [{C_bin, E_bin, Str, Bytes} | eval_list(Rest, Vars)]
     end.
 
-one_test({C_bin, E_bin, Str, Bytes}) when list(Bytes) ->
+one_test({C_bin, E_bin, Str, Bytes}) when is_list(Bytes) ->
     io:format("  ~s, ~p~n", [Str, Bytes]),
     Bin = list_to_binary(Bytes),
     if
@@ -222,7 +238,7 @@ one_test({C_bin, E_bin, Str, Result}) ->
 		    ok;
 		%% For situations where the final bits may not matter, like
 		%% for floats:
-		N when integer(N) ->
+		N when is_integer(N) ->
 		    io:format("Info: compiled and interpreted differ in the"
 			      " last bytes:~n ~p, ~p.~n",
 			      [binary_to_list(C_bin), binary_to_list(E_bin)]),
@@ -248,9 +264,22 @@ equal_lists(A, B, R) ->
 	    false
     end.
 
+fail_check({'EXIT',{badarg,_}}, Str, Vars) ->
+    try	evaluate(Str, Vars) of
+	Res ->
+	    io:format("Interpreted result: ~p", [Res]),
+	    ?t:fail(did_not_fail_in_intepreted_code)
+    catch
+	error:badarg ->
+	    ok
+    end;
+fail_check(Res, _, _) ->
+    io:format("Compiled result: ~p", [Res]),
+    ?t:fail(did_not_fail_in_compiled_code).
+
 %%% Simple working cases
 test1(suite) -> [];
-test1(Config) when list(Config) ->
+test1(Config) when is_list(Config) ->
     ?line I_13 = i(13),
     ?line I_big1 = big(1),
     ?line Vars = [{'I_13', I_13},
@@ -272,7 +301,7 @@ gen_l(N, S, A) ->
     [?T(<<A:S/little, A:(N-S)/little>>, comp(N, A, S))].
 
 test2(suite) -> [];
-test2(Config) when list(Config) ->
+test2(Config) when is_list(Config) ->
     ?line test2(0, 8, 2#10101010101010101),
     ?line test2(0, 8, 2#1111111111).
 
@@ -300,7 +329,7 @@ t3() ->
     ].
 
 test3(suite) -> [];
-test3(Config) when list(Config) ->
+test3(Config) when is_list(Config) ->
     ?line Vars = [],
     ?line lists:foreach(fun one_test/1, eval_list(t3(), Vars)).
 
@@ -311,7 +340,7 @@ gen_u_l(N, S, A) ->
     [?N(<<A:S/little, A:(N-S)/little>>)].
 
 test4(suite) -> [];
-test4(Config) when list(Config) ->
+test4(Config) when is_list(Config) ->
     ?line test4(0, 16, 2#10101010101010101),
     ?line test4(0, 16, 2#1111111111).
 
@@ -333,7 +362,7 @@ gen_b(N, S, A) ->
 
 test5(suite) -> [];
 test5(doc) -> ["OTP-3995"];
-test5(Config) when list(Config) ->
+test5(Config) when is_list(Config) ->
     ?line test5(0, 8, <<73>>),
     ?line test5(0, 8, <<68>>).
 
@@ -350,40 +379,63 @@ test5(S, A) ->
 
 %%% Failure cases
 testf(suite) -> [];
-testf(Config) when list(Config) ->
-    ?FAIL(<<3.14>>),
-    ?FAIL(<<<<1,2>>>>),
-
-    ?FAIL(<<2.71/binary>>),
-    ?FAIL(<<24334/binary>>),
-    ?FAIL(<<24334344294788947129487129487219847/binary>>),
-
-    ?FAIL(<<<<1,2,3>>/float>>),
+testf(Config) when is_list(Config) ->
+    ?line ?FAIL(<<3.14>>),
+    ?line ?FAIL(<<<<1,2>>>>),
+
+    ?line ?FAIL(<<2.71/binary>>),
+    ?line ?FAIL(<<24334/binary>>),
+    ?line ?FAIL(<<24334344294788947129487129487219847/binary>>),
+    BigInt = id(24334344294788947129487129487219847),
+    ?line ?FAIL_VARS(<<BigInt/binary>>, [{'BigInt',BigInt}]),
+    ?line ?FAIL_VARS(<<42,BigInt/binary>>, [{'BigInt',BigInt}]),
+    ?line ?FAIL_VARS(<<BigInt:2/binary>>, [{'BigInt',BigInt}]),
+
+    %% One negative field size, but the sum of field sizes will be 1 byte.
+    %% Make sure that we reject that properly.
+    I_minus_777 = id(-777),
+    I_minus_2047 = id(-2047),
+    ?line ?FAIL_VARS(<<I_minus_777:2048/unit:8,57:I_minus_2047/unit:8>>,
+		     ordsets:from_list([{'I_minus_777',I_minus_777},
+					{'I_minus_2047',I_minus_2047}])),
+    ?line ?FAIL(<<<<1,2,3>>/float>>),
 
     %% Negative field widths.
-    testf_1(-8, <<1,2,3,4,5>>),
-
-    ?FAIL(<<42:(-16)>>),
-    ?FAIL(<<3.14:(-8)/float>>),
-    ?FAIL(<<<<23,56,0,2>>:(-16)/binary>>),
-    ?FAIL(<<<<23,56,0,2>>:(2.5)/binary>>),
-    ?FAIL(<<<<23,56,0,2>>:(anka)>>),
+    ?line testf_1(-8, <<1,2,3,4,5>>),
+    ?line ?FAIL(<<0:(-(1 bsl 100))>>),
+
+    ?line ?FAIL(<<42:(-16)>>),
+    ?line ?FAIL(<<3.14:(-8)/float>>),
+    ?line ?FAIL(<<<<23,56,0,2>>:(-16)/binary>>),
+    ?line ?FAIL(<<<<23,56,0,2>>:(2.5)/binary>>),
+    ?line ?FAIL(<<<<23,56,0,2>>:(anka)>>),
+    ?line ?FAIL(<<<<23,56,0,2>>:(anka)>>),
+
+    %% Unit failures.
+    ?line ?FAIL(<<<<1:1>>/binary>>),
+    Sz = id(1),
+    ?line ?FAIL_VARS(<<<<1:Sz>>/binary>>, [{'Sz',Sz}]),
+    ?line {'EXIT',{badarg,_}} = (catch <<<<1:(id(1))>>/binary>>),
+    ?line ?FAIL(<<<<7,8,9>>/binary-unit:16>>),
+    ?line ?FAIL(<<<<7,8,9,3:7>>/binary-unit:16>>),
+    ?line ?FAIL(<<<<7,8,9,3:7>>/binary-unit:17>>),
 
     ok.
 
 testf_1(W, B) ->
-    ?FAIL(<<42:W>>),
-    ?FAIL(<<3.14:W/float>>),
-    ?FAIL(<<B:W/binary>>).
+    Vars = [{'W',W}],
+    ?FAIL_VARS(<<42:W>>, Vars),
+    ?FAIL_VARS(<<3.14:W/float>>, Vars),
+    ?FAIL_VARS(<<B:W/binary>>, [{'B',B}|Vars]).
 
 not_used(doc) ->
     "Test that constructed binaries that are not used will still give an exception.";
 not_used(Config) when is_list(Config) ->
     ?line ok = not_used1(3, <<"dum">>),
-    ?line ?FAIL(not_used1(3, "dum")),
-    ?line ?FAIL(not_used2(444, -2)),
-    ?line ?FAIL(not_used2(444, anka)),
-    ?line ?FAIL(not_used3(444)),
+    ?line {'EXIT',{badarg,_}} = (catch not_used1(3, "dum")),
+    ?line {'EXIT',{badarg,_}} = (catch not_used2(444, -2)),
+    ?line {'EXIT',{badarg,_}} = (catch not_used2(444, anka)),
+    ?line {'EXIT',{badarg,_}} = (catch not_used3(444)),
     ok.
 
 not_used1(I, BinString) ->
@@ -398,7 +450,7 @@ not_used3(I) ->
     <<I:(-8)>>,
     ok.
 
-in_guard(Config) when list(Config) ->
+in_guard(Config) when is_list(Config) ->
     ?line 1 = in_guard(<<16#74ad:16>>, 16#e95, 5),
     ?line 2 = in_guard(<<16#3A,16#F7,"hello">>, 16#3AF7, <<"hello">>),
     ?line 3 = in_guard(<<16#FBCD:14,3.1415/float,3:2>>, 16#FBCD, 3.1415),
@@ -415,6 +467,36 @@ in_guard(Bin, A, B) when <<A:14,B/float,3:2>> == Bin -> 3;
 in_guard(Bin, A, B) when {a,b,<<A:14,B/float,3:2>>} == Bin -> cant_happen;
 in_guard(_, _, _) -> nope.
 
+mem_leak(doc) -> "Make sure that construction has no memory leak";
+mem_leak(Config) when is_list(Config) ->
+    ?line B = make_bin(16, <<0>>),
+    ?line mem_leak(1024, B),
+    ok.
+
+mem_leak(0, _) -> ok;
+mem_leak(N, B) ->
+    ?line big_bin(B, <<23>>),
+    ?line {'EXIT',{badarg,_}} = (catch big_bin(B, bad)),
+    maybe_gc(),
+    mem_leak(N-1, B).
+
+big_bin(B1, B2) ->
+    <<B1/binary,B1/binary,B1/binary,B1/binary,
+      B1/binary,B1/binary,B1/binary,B1/binary,
+      B1/binary,B1/binary,B1/binary,B1/binary,
+      B1/binary,B1/binary,B1/binary,B1/binary,
+      B2/binary>>.
+
+make_bin(0, Acc) -> Acc;
+make_bin(N, Acc) -> make_bin(N-1, <<Acc/binary,Acc/binary>>).
+
+maybe_gc() ->
+    case erlang:system_info(heap_type) of
+	shared -> erlang:garbage_collect();
+	hybrid -> erlang:garbage_collect();
+	private -> ok
+    end.
+
 -define(COF(Int0),
 	?line (fun(Int) ->
 		       true = <<Int:32/float>> =:= <<(float(Int)):32/float>>,
@@ -431,7 +513,7 @@ in_guard(_, _, _) -> nope.
 
 nonliteral(X) -> X.
 
-coerce_to_float(Config) when list(Config) ->
+coerce_to_float(Config) when is_list(Config) ->
     ?COF(0),
     ?COF(-1),
     ?COF(1),
@@ -444,3 +526,232 @@ coerce_to_float(Config) when list(Config) ->
     ?COF64(298748888888888888888888888883478264866528467367364766666666666666663),
     ?COF64(-367546729879999999999947826486652846736736476555566666663),
     ok.
+
+bjorn(Config) when is_list(Config) ->
+    ?line error = bjorn_1(),
+    ok.
+
+bjorn_1() ->
+    Bitstr = <<7:13>>,
+    try
+	do_something()
+    catch
+	throw:blurf ->
+	    ignore
+    end,
+    do_more(Bitstr, 13).
+
+do_more(Bin, Sz) ->
+    %% Previous bug in the bs_bits_to_bytes instruction: The exeption code
+    %% was not set - the previous exception (throw:blurf) would be used,
+    %% causing the catch to slip.
+    try <<Bin:Sz/binary>> of
+	_V -> ok
+    catch
+	error:_ ->
+	    error
+    end.
+
+do_something() ->
+    throw(blurf).
+
+huge_float_field(Config) when is_list(Config) ->
+    ?line {'EXIT',{badarg,_}} = (catch <<0.0:9/float-unit:8>>),
+    ?line huge_float_check(catch <<0.0:67108865/float-unit:64>>),
+    ?line huge_float_check(catch <<0.0:((1 bsl 26)+1)/float-unit:64>>),
+    ?line huge_float_check(catch <<0.0:(id(67108865))/float-unit:64>>),
+%%  ?line huge_float_check(catch <<0.0:((1 bsl 60)+1)/float-unit:64>>),
+    ?line huge_float_check(catch <<3839739387439387383739387987347983:((1 bsl 26)+1)/float-unit:64>>),
+%%  ?line huge_float_check(catch <<3839739387439387383739387987347983:((1 bsl 60)+1)/float-unit:64>>),
+    ok.
+
+huge_float_check({'EXIT',{system_limit,_}}) -> ok;
+huge_float_check({'EXIT',{badarg,_}}) -> ok.
+
+huge_binary(Config) when is_list(Config) ->
+    ?line 16777216 = size(<<0:(id(1 bsl 26)),(-1):(id(1 bsl 26))>>),
+    ok.
+
+system_limit(Config) when is_list(Config) ->
+    WordSize = erlang:system_info(wordsize),
+    BitsPerWord = WordSize * 8,
+    ?line {'EXIT',{system_limit,_}} =
+	(catch <<0:(id(0)),42:(id(1 bsl BitsPerWord))>>),
+    ?line {'EXIT',{system_limit,_}} =
+	(catch <<42:(id(1 bsl BitsPerWord)),0:(id(0))>>),
+    ?line {'EXIT',{system_limit,_}} =
+	(catch <<(id(<<>>))/binary,0:(id(1 bsl 100))>>),
+
+    case WordSize of
+	4 ->
+	    system_limit_32();
+	8 ->
+	    ok
+    end.
+
+system_limit_32() ->
+    ?line {'EXIT',{badarg,_}} = (catch <<42:(-1)>>),
+    ?line {'EXIT',{badarg,_}} = (catch <<42:(id(-1))>>),
+    ?line {'EXIT',{badarg,_}} = (catch <<42:(id(-389739873536870912))/unit:8>>),
+    ?line {'EXIT',{system_limit,_}} = (catch <<42:536870912/unit:8>>),
+    ?line {'EXIT',{system_limit,_}} = (catch <<42:(id(536870912))/unit:8>>),
+    ?line {'EXIT',{system_limit,_}} = (catch <<0:(id(8)),42:536870912/unit:8>>),
+    ?line {'EXIT',{system_limit,_}} =
+	(catch <<0:(id(8)),42:(id(536870912))/unit:8>>),
+    ok.
+
+badarg(Config) when is_list(Config) ->
+    %% BEAM will generate a badarg exception for:
+    %%   <<0:(id(1 bsl 100)),0:(id(-1))>>
+    %% but the debugger will generate a system_limit exception.
+    %% It does not seems worthwhile to fix the debugger.
+
+    ?line {'EXIT',{badarg,_}} =
+	(catch <<(id(<<>>))/binary,0:(id(-(1 bsl 100)))>>),
+
+    ok.
+
+copy_writable_binary(Config) when is_list(Config) ->
+    ?line [copy_writable_binary_1(I) || I <- lists:seq(0, 256)],
+    ok.
+
+copy_writable_binary_1(_) ->
+    ?line Bin0 = <<(id(<<>>))/binary,0,1,2,3,4,5,6,7>>,
+    ?line SubBin = make_sub_bin(Bin0),
+    ?line id(<<42,34,55,Bin0/binary>>),		%Make reallocation likelier.
+    ?line Pid = spawn(fun() ->
+			      copy_writable_binary_holder(Bin0, SubBin)
+		      end),
+    ?line Tab = ets:new(holder, []),
+    ?line ets:insert(Tab, {17,Bin0}),
+    ?line ets:insert(Tab, {42,SubBin}),
+    ?line id(<<Bin0/binary,0:(64*1024*8)>>),
+    ?line Pid ! self(),
+    ?line [{17,Bin0}] = ets:lookup(Tab, 17),
+    ?line [{42,Bin0}] = ets:lookup(Tab, 42),
+    receive
+	{Pid,Bin0,Bin0} -> ok;
+	Other ->
+	    io:format("Unexpected message: ~p", [Other]),
+	    ?line ?t:fail()
+    end,
+    ok.
+
+copy_writable_binary_holder(Bin, SubBin) ->
+    receive
+	Pid ->
+	    Pid ! {self(),Bin,SubBin}
+    end.
+
+make_sub_bin(Bin0) ->
+    N = bit_size(Bin0),
+    <<_:17,Bin:N/bitstring,_:5>> = <<(-1):17,Bin0/bitstring,(-1):5>>,
+    Bin = Bin0,					%Assertion.
+    Bin.
+
+%% Test that different ways of using bit syntax instructions
+%% give the same result.
+
+dynamic(Config) when is_list(Config) ->
+    ?line dynamic_1(fun dynamic_big/5),
+    ?line dynamic_1(fun dynamic_little/5),
+    ok.
+
+dynamic_1(Dynamic) ->
+    <<Lpad:128>> = erlang:md5([0]),
+    <<Rpad:128>> = erlang:md5([1]),
+    <<Int:128>> = erlang:md5([2]),
+    8385 = dynamic_2(0, {Int,Lpad,Rpad,Dynamic}, 0).
+
+dynamic_2(129, _, Count) -> Count;
+dynamic_2(Bef, Data, Count0) ->
+    Count = dynamic_3(Bef, 128-Bef, Data, Count0),
+    dynamic_2(Bef+1, Data, Count).
+
+dynamic_3(_, -1, _, Count) -> Count;
+dynamic_3(Bef, N, {Int0,Lpad,Rpad,Dynamic}=Data, Count) ->
+    Int1 = Int0 band ((1 bsl (N+3))-1),
+    Dynamic(Bef, N, Int1, Lpad, Rpad),
+    Dynamic(Bef, N, -Int1, Lpad, Rpad),
+
+    %% OTP-7085: Test a small number in a wide field.
+    Int2 = Int0 band 16#FFFFFF,
+    Dynamic(Bef, N, Int2, Lpad, Rpad),
+    Dynamic(Bef, N, -Int2, Lpad, Rpad),
+    dynamic_3(Bef, N-1, Data, Count+1).
+
+dynamic_big(Bef, N, Int, Lpad, Rpad) ->
+    NumBin = id(<<Int:N>>),
+    MaskedInt = Int band ((1 bsl N) - 1),
+    <<MaskedInt:N>> = NumBin,
+
+    %% Construct the binary in two different ways.
+    Bin = id(<<Lpad:Bef,NumBin/bitstring,Rpad:(128-Bef-N)>>),
+    Bin = <<Lpad:Bef,Int:N,Rpad:(128-Bef-N)>>,
+
+    %% Further verify the result by matching.
+    LpadMasked = Lpad band ((1 bsl Bef) - 1),
+    RpadMasked = Rpad band ((1 bsl (128-Bef-N)) - 1),
+    Rbits = (128-Bef-N),
+    <<LpadMasked:Bef,MaskedInt:N,RpadMasked:Rbits>> = id(Bin),
+    ok.
+
+dynamic_little(Bef, N, Int, Lpad, Rpad) ->
+    NumBin = id(<<Int:N/little>>),
+    MaskedInt = Int band ((1 bsl N) - 1),
+    <<MaskedInt:N/little>> = NumBin,
+
+    %% Construct the binary in two different ways.
+    Bin = id(<<Lpad:Bef/little,NumBin/bitstring,Rpad:(128-Bef-N)/little>>),
+    Bin = <<Lpad:Bef/little,Int:N/little,Rpad:(128-Bef-N)/little>>,
+
+    %% Further verify the result by matching.
+    LpadMasked = Lpad band ((1 bsl Bef) - 1),
+    RpadMasked = Rpad band ((1 bsl (128-Bef-N)) - 1),
+    Rbits = (128-Bef-N),
+    <<LpadMasked:Bef/little,MaskedInt:N/little,RpadMasked:Rbits/little>> = id(Bin),
+    ok.
+
+otp_7422(Config) when is_list(Config) ->
+    otp_7422_int(0),
+    otp_7422_bin(0).
+
+otp_7422_int(N) when N < 512 ->
+    T = erlang:make_tuple(N, []),
+    spawn_link(fun() ->
+		       id(T),
+		       %% A size of field 0 would write one byte beyond
+		       %% the current position in the binary. It could
+		       %% overwrite the continuation pointer stored on
+		       %% the stack if HTOP was equal to E (the stack pointer).
+		       id(<<0:(id(0))>>)
+	       end),
+    otp_7422_int(N+1);
+otp_7422_int(_) -> ok.
+
+otp_7422_bin(N) when N < 512 ->
+    T = erlang:make_tuple(N, []),
+    Z = id(<<>>),
+    spawn_link(fun() ->
+		       id(T),
+		       id(<<Z:(id(0))/bits>>)
+	       end),
+    otp_7422_bin(N+1);
+otp_7422_bin(_) -> ok.
+
+zero_width(Config) when is_list(Config) ->
+    ?line Z = id(0),
+    Small = id(42),
+    Big = id(1 bsl 128),
+    ?line <<>> = <<Small:Z>>,
+    ?line <<>> = <<Small:0>>,
+    ?line <<>> = <<Big:Z>>,
+    ?line <<>> = <<Big:0>>,
+
+    ?line {'EXIT',{badarg,_}} = (catch <<not_a_number:0>>),
+    ?line {'EXIT',{badarg,_}} = (catch <<(id(not_a_number)):Z>>),
+    ?line {'EXIT',{badarg,_}} = (catch <<(id(not_a_number)):0>>),
+
+    ok.
+
+id(I) -> I.
diff --git a/lib/debugger/test/bs_match_bin_SUITE.erl b/lib/debugger/test/bs_match_bin_SUITE.erl
index b42b84aef2..5a7c30f16b 100644
--- a/lib/debugger/test/bs_match_bin_SUITE.erl
+++ b/lib/debugger/test/bs_match_bin_SUITE.erl
@@ -24,14 +24,14 @@
 -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
 	 init_per_suite/1,end_per_suite/1,
-	 byte_split_binary/1,bit_split_binary/1]).
+	 byte_split_binary/1,bit_split_binary/1,match_huge_bin/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    cases().
+    [byte_split_binary, bit_split_binary, match_huge_bin].
 
 groups() -> 
     [].
@@ -42,10 +42,6 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
-
-cases() -> 
-    [byte_split_binary, bit_split_binary].
-
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
     Dog = test_server:timetrap(?t:minutes(1)),
@@ -65,11 +61,12 @@ end_per_suite(Config) when is_list(Config) ->
     ok.
 
 byte_split_binary(doc) -> "Tries to split a binary at all byte-aligned positions.";
-byte_split_binary(suite) -> [];
-byte_split_binary(Config) when list(Config) ->
+byte_split_binary(Config) when is_list(Config) ->
     ?line L = lists:seq(0, 57),
     ?line B = mkbin(L),
-    ?line byte_split(L, B, size(B)).
+    ?line byte_split(L, B, size(B)),
+    ?line Unaligned = make_unaligned_sub_binary(B),
+    ?line byte_split(L, Unaligned, size(Unaligned)).
 
 byte_split(L, B, Pos) when Pos >= 0 ->
     ?line Sz1 = Pos,
@@ -78,18 +75,19 @@ byte_split(L, B, Pos) when Pos >= 0 ->
     ?line B1 = list_to_binary(lists:sublist(L, 1, Pos)),
     ?line B2 = list_to_binary(lists:nthtail(Pos, L)),
     ?line byte_split(L, B, Pos-1);
-byte_split(_L, _B, _) -> ok.
+byte_split(_, _, _) -> ok.
 
 bit_split_binary(doc) -> "Tries to split a binary at all positions.";
-bit_split_binary(suite) -> [];
-bit_split_binary(Config) when list(Config) ->
+bit_split_binary(Config) when is_list(Config) ->
     Fun = fun(Bin, List, SkipBef, N) ->
 		  ?line SkipAft = 8*size(Bin) - N - SkipBef,
-		  io:format("~p, ~p, ~p", [SkipBef,N,SkipAft]),
-		  ?line <<_I1:SkipBef,OutBin:N/binary-unit:1,_I2:SkipAft>> = Bin,
+		  %%io:format("~p, ~p, ~p", [SkipBef,N,SkipAft]),
+		  ?line <<_:SkipBef,OutBin:N/binary-unit:1,_:SkipAft>> = Bin,
 		  ?line OutBin = make_bin_from_list(List, N)
 	  end,
     ?line bit_split_binary1(Fun, erlang:md5(<<1,2,3>>)),
+    ?line bit_split_binary1(Fun,
+			    make_unaligned_sub_binary(erlang:md5(<<1,2,3>>))),
     ok.
 
 bit_split_binary1(Action, Bin) ->
@@ -99,24 +97,23 @@ bit_split_binary1(Action, Bin) ->
 bit_split_binary2(Action, Bin, [_|T]=List, Bef) ->
     bit_split_binary3(Action, Bin, List, Bef, size(Bin)*8),
     bit_split_binary2(Action, Bin, T, Bef+1);
-bit_split_binary2(_Action, _Bin, [], _Bef) -> ok.
+bit_split_binary2(_, _, [], _) -> ok.
 
 bit_split_binary3(Action, Bin, List, Bef, Aft) when Bef =< Aft ->
     Action(Bin, List, Bef, (Aft-Bef) div 8 * 8),
     bit_split_binary3(Action, Bin, List, Bef, Aft-8);
 bit_split_binary3(_, _, _, _, _) -> ok.
 
-make_bin_from_list(_List, 0) ->
-    mkbin([]);
+make_bin_from_list(_, 0) -> mkbin([]);
 make_bin_from_list(List, N) ->
     list_to_binary([make_int(List, 8, 0),
 		    make_bin_from_list(lists:nthtail(8, List), N-8)]).
 
 
-make_int(_List, 0, Acc) -> Acc;
+make_int(_, 0, Acc) -> Acc;
 make_int([H|T], N, Acc) -> make_int(T, N-1, Acc bsl 1 bor H).
 
-bits_to_list([_H|T], 0) -> bits_to_list(T, 16#80);
+bits_to_list([_|T], 0) -> bits_to_list(T, 16#80);
 bits_to_list([H|_]=List, Mask) ->
     [case H band Mask of
 	 0 -> 0;
@@ -124,5 +121,109 @@ bits_to_list([H|_]=List, Mask) ->
      end|bits_to_list(List, Mask bsr 1)];
 bits_to_list([], _) -> [].
 
+mkbin(L) when is_list(L) -> list_to_binary(L).
+
+make_unaligned_sub_binary(Bin0) ->
+    Bin1 = <<0:3,Bin0/binary,31:5>>,
+    Sz = size(Bin0),
+    <<0:3,Bin:Sz/binary,31:5>> = id(Bin1),
+    Bin.
+
+id(I) -> I.
+
+match_huge_bin(Config) when is_list(Config) ->
+    ?line Bin = <<0:(1 bsl 27),13:8>>,
+    ?line skip_huge_bin_1(1 bsl 27, Bin),
+    ?line 16777216 = match_huge_bin_1(1 bsl 27, Bin),
+
+    %% Test overflowing the size of a binary field.
+    ?line nomatch = overflow_huge_bin_skip_32(Bin),
+    ?line nomatch = overflow_huge_bin_32(Bin),
+    ?line nomatch = overflow_huge_bin_skip_64(Bin),
+    ?line nomatch = overflow_huge_bin_64(Bin),
+
+    %% Size in variable
+    ?line ok = overflow_huge_bin(Bin, lists:seq(25, 32)++lists:seq(50, 64)),
+    ?line ok = overflow_huge_bin_unit128(Bin, lists:seq(25, 32)++lists:seq(50, 64)),
+
+    ok.
+
+overflow_huge_bin(Bin, [Sz0|Sizes]) ->
+    Sz = id(1 bsl Sz0),
+    case Bin of
+	<<_:Sz/binary-unit:8,0,_/binary>> ->
+	    {error,Sz};
+	_ ->
+	    case Bin of
+		<<NewBin:Sz/binary-unit:8,0,_/binary>> ->
+		    {error,Sz,size(NewBin)};
+		_ ->
+		    overflow_huge_bin(Bin, Sizes)
+	    end
+    end;
+overflow_huge_bin(_, []) -> ok.
+
+overflow_huge_bin_unit128(Bin, [Sz0|Sizes]) ->
+    Sz = id(1 bsl Sz0),
+    case Bin of
+	<<_:Sz/binary-unit:128,0,_/binary>> ->
+	    {error,Sz};
+	_ ->
+	    case Bin of
+		<<NewBin:Sz/binary-unit:128,0,_/binary>> ->
+		    {error,Sz,size(NewBin)};
+		_ ->
+		    overflow_huge_bin_unit128(Bin, Sizes)
+	    end
+    end;
+overflow_huge_bin_unit128(_, []) -> ok.
+
+skip_huge_bin_1(I, Bin) ->
+    <<_:I/binary-unit:1,13>> = Bin,
+    ok.
 
-mkbin(L) when list(L) -> list_to_binary(L).
+match_huge_bin_1(I, Bin) ->
+    case Bin of
+	<<Val:I/binary-unit:1,13>> -> size(Val);
+	_ -> nomatch
+    end.
+
+overflow_huge_bin_skip_32(<<_:4294967296/binary,0,_/binary>>) -> 1; % 1 bsl 32
+overflow_huge_bin_skip_32(<<_:33554432/binary-unit:128,0,_/binary>>) -> 2; % 1 bsl 25
+overflow_huge_bin_skip_32(<<_:67108864/binary-unit:64,0,_/binary>>) -> 3; % 1 bsl 26
+overflow_huge_bin_skip_32(<<_:134217728/binary-unit:32,0,_/binary>>) -> 4; % 1 bsl 27
+overflow_huge_bin_skip_32(<<_:268435456/binary-unit:16,0,_/binary>>) -> 5; % 1 bsl 28
+overflow_huge_bin_skip_32(<<_:536870912/binary-unit:8,0,_/binary>>) -> 6; % 1 bsl 29
+overflow_huge_bin_skip_32(<<_:1073741824/binary-unit:8,0,_/binary>>) -> 7; % 1 bsl 30
+overflow_huge_bin_skip_32(<<_:2147483648/binary-unit:8,0,_/binary>>) -> 8; % 1 bsl 31
+overflow_huge_bin_skip_32(_) -> nomatch.
+
+overflow_huge_bin_32(<<Bin:4294967296/binary,_/binary>>) -> {1,Bin}; % 1 bsl 32
+overflow_huge_bin_32(<<Bin:33554432/binary-unit:128,0,_/binary>>) -> {2,Bin}; % 1 bsl 25
+overflow_huge_bin_32(<<Bin:67108864/binary-unit:128,0,_/binary>>) -> {3,Bin}; % 1 bsl 26
+overflow_huge_bin_32(<<Bin:134217728/binary-unit:128,0,_/binary>>) -> {4,Bin}; % 1 bsl 27
+overflow_huge_bin_32(<<Bin:268435456/binary-unit:128,0,_/binary>>) -> {5,Bin}; % 1 bsl 28
+overflow_huge_bin_32(<<Bin:536870912/binary-unit:128,0,_/binary>>) -> {6,Bin}; % 1 bsl 29
+overflow_huge_bin_32(<<Bin:1073741824/binary-unit:128,0,_/binary>>) -> {7,Bin}; % 1 bsl 30
+overflow_huge_bin_32(<<Bin:2147483648/binary-unit:128,0,_/binary>>) -> {8,Bin}; % 1 bsl 31
+overflow_huge_bin_32(_) -> nomatch.
+
+overflow_huge_bin_skip_64(<<_:18446744073709551616/binary,0,_/binary>>) -> 1; % 1 bsl 64
+overflow_huge_bin_skip_64(<<_:144115188075855872/binary-unit:128,0,_/binary>>) -> 2; % 1 bsl 57
+overflow_huge_bin_skip_64(<<_:288230376151711744/binary-unit:64,0,_/binary>>) -> 3; % 1 bsl 58
+overflow_huge_bin_skip_64(<<_:576460752303423488/binary-unit:32,0,_/binary>>) -> 4; % 1 bsl 59
+overflow_huge_bin_skip_64(<<_:1152921504606846976/binary-unit:16,0,_/binary>>) -> 5; % 1 bsl 60
+overflow_huge_bin_skip_64(<<_:2305843009213693952/binary-unit:8,0,_/binary>>) -> 6; % 1 bsl 61
+overflow_huge_bin_skip_64(<<_:4611686018427387904/binary-unit:8,0,_/binary>>) -> 7; % 1 bsl 62
+overflow_huge_bin_skip_64(<<_:9223372036854775808/binary-unit:8,_/binary>>) -> 8; % 1 bsl 63
+overflow_huge_bin_skip_64(_) -> nomatch.
+
+overflow_huge_bin_64(<<Bin:18446744073709551616/binary,_/binary>>) -> {1,Bin}; % 1 bsl 64
+overflow_huge_bin_64(<<Bin:144115188075855872/binary-unit:128,0,_/binary>>) -> {2,Bin}; % 1 bsl 57
+overflow_huge_bin_64(<<Bin:288230376151711744/binary-unit:128,0,_/binary>>) -> {3,Bin}; % 1 bsl 58
+overflow_huge_bin_64(<<Bin:576460752303423488/binary-unit:128,0,_/binary>>) -> {4,Bin}; % 1 bsl 59
+overflow_huge_bin_64(<<Bin:1152921504606846976/binary-unit:128,0,_/binary>>) -> {5,Bin}; % 1 bsl 60
+overflow_huge_bin_64(<<Bin:2305843009213693952/binary-unit:128,0,_/binary>>) -> {6,Bin}; % 1 bsl 61
+overflow_huge_bin_64(<<Bin:4611686018427387904/binary-unit:128,0,_/binary>>) -> {7,Bin}; % 1 bsl 62
+overflow_huge_bin_64(<<Bin:9223372036854775808/binary-unit:128,0,_/binary>>) -> {8,Bin}; % 1 bsl 63
+overflow_huge_bin_64(_) -> nomatch.
diff --git a/lib/debugger/test/bs_match_int_SUITE.erl b/lib/debugger/test/bs_match_int_SUITE.erl
index 745368fdfc..bff5f8ff65 100644
--- a/lib/debugger/test/bs_match_int_SUITE.erl
+++ b/lib/debugger/test/bs_match_int_SUITE.erl
@@ -19,11 +19,11 @@
 
 -module(bs_match_int_SUITE).
 
--author('[email protected]').
 -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
 	 init_per_suite/1,end_per_suite/1,
-	 integer/1,signed_integer/1,dynamic/1,more_dynamic/1,mml/1]).
+	 integer/1,signed_integer/1,dynamic/1,more_dynamic/1,mml/1,
+	 match_huge_int/1,bignum/1,unaligned_32_bit/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -32,7 +32,8 @@
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [cases()].
+    [integer, signed_integer, dynamic, more_dynamic, mml,
+     match_huge_int, bignum, unaligned_32_bit].
 
 groups() -> 
     [].
@@ -43,10 +44,6 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
-
-cases() -> 
-    [integer, signed_integer, dynamic, more_dynamic, mml].
-
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
     Dog = test_server:timetrap(?t:minutes(4)),
@@ -65,8 +62,7 @@ init_per_suite(Config) when is_list(Config) ->
 end_per_suite(Config) when is_list(Config) ->
     ok.
 
-integer(suite) -> [];
-integer(Config) when list(Config) ->
+integer(Config) when is_list(Config) ->
     ?line 0 = get_int(mkbin([])),
     ?line 0 = get_int(mkbin([0])),
     ?line 42 = get_int(mkbin([42])),
@@ -78,22 +74,33 @@ integer(Config) when list(Config) ->
     ?line 65534 = get_int(mkbin([255,254])),
     ?line 16776455 = get_int(mkbin([255,253,7])),
     ?line 4245492555 = get_int(mkbin([253,13,19,75])),
+    ?line 4294967294 = get_int(mkbin([255,255,255,254])),
+    ?line 4294967295 = get_int(mkbin([255,255,255,255])),
     ?line Eight = [200,1,19,128,222,42,97,111],
     ?line cmp128(Eight, uint(Eight)),
     ?line fun_clause(catch get_int(mkbin(seq(1,5)))),
     ok.
 
-get_int(<<I:0>>) -> I;
-get_int(<<I:8>>) -> I;
-get_int(<<I:16>>) -> I;
-get_int(<<I:24>>) -> I;
-get_int(<<I:32>>) -> I.
+get_int(Bin) ->
+    I = get_int1(Bin),
+    get_int(Bin, I).
+
+get_int(Bin0, I) when size(Bin0) < 4 ->
+    Bin = <<0,Bin0/binary>>,
+    I = get_int1(Bin),
+    get_int(Bin, I);
+get_int(_, I) -> I.
+
+get_int1(<<I:0>>) -> I;
+get_int1(<<I:8>>) -> I;
+get_int1(<<I:16>>) -> I;
+get_int1(<<I:24>>) -> I;
+get_int1(<<I:32>>) -> I.
 
 cmp128(<<I:128>>, I) -> equal;
-cmp128(_B, _I) -> not_equal.
+cmp128(_, _) -> not_equal.
 
-signed_integer(suite) -> [];
-signed_integer(Config) when list(Config) ->
+signed_integer(Config) when is_list(Config) ->
     ?line {no_match,_} = sint(mkbin([])),
     ?line {no_match,_} = sint(mkbin([1,2,3])),
     ?line 127 = sint(mkbin([127])),
@@ -113,7 +120,7 @@ uint(L) -> uint(L, 0).
 uint([H|T], Acc) -> uint(T, Acc bsl 8 bor H);
 uint([], Acc) -> Acc.
 
-dynamic(Config) when list(Config) ->
+dynamic(Config) when is_list(Config) ->
     dynamic(mkbin([255]), 8),
     dynamic(mkbin([255,255]), 16),
     dynamic(mkbin([255,255,255]), 24),
@@ -124,7 +131,7 @@ dynamic(Bin, S1) when S1 >= 0 ->
     S2 = size(Bin) * 8 - S1,
     dynamic(Bin, S1, S2, (1 bsl S1) - 1, (1 bsl S2) - 1),
     dynamic(Bin, S1-1);
-dynamic(_Bin, _) -> ok.
+dynamic(_, _) -> ok.
 
 dynamic(Bin, S1, S2, A, B) ->
 %    io:format("~p ~p ~p ~p\n", [S1,S2,A,B]),
@@ -132,25 +139,24 @@ dynamic(Bin, S1, S2, A, B) ->
 	<<A:S1,B:S2>> ->
 	    io:format("~p ~p ~p ~p\n", [S1,S2,A,B]),
 	    ok;
-	_Other ->
-	    erlang:error(badmatch, [Bin,S1,S2,A,B])
+	_Other -> erlang:error(badmatch, [Bin,S1,S2,A,B])
     end.
 
 more_dynamic(doc) -> "Extract integers at different alignments and of different sizes.";
-more_dynamic(Config) when list(Config) ->
+more_dynamic(Config) when is_list(Config) ->
 
     % Unsigned big-endian numbers.
     Unsigned  = fun(Bin, List, SkipBef, N) ->
 			SkipAft = 8*size(Bin) - N - SkipBef,
-			<<_I1:SkipBef,Int:N,_I2:SkipAft>> = Bin,
+			<<_:SkipBef,Int:N,_:SkipAft>> = Bin,
 			Int = make_int(List, N, 0)
 		end,
     ?line more_dynamic1(Unsigned, funny_binary(42)),
 
-    % Signed big-endian numbers.
+    %% Signed big-endian numbers.
     Signed  = fun(Bin, List, SkipBef, N) ->
 		      SkipAft = 8*size(Bin) - N - SkipBef,
-		      <<_I1:SkipBef,Int:N/signed,_I2:SkipAft>> = Bin,
+		      <<_:SkipBef,Int:N/signed,_:SkipAft>> = Bin,
 		      case make_signed_int(List, N) of
 			  Int -> ok;
 			  Other ->
@@ -162,18 +168,18 @@ more_dynamic(Config) when list(Config) ->
 	      end,
     ?line more_dynamic1(Signed, funny_binary(43)),
 
-    % Unsigned little-endian numbers.
+    %% Unsigned little-endian numbers.
     UnsLittle  = fun(Bin, List, SkipBef, N) ->
 			 SkipAft = 8*size(Bin) - N - SkipBef,
-			 <<_I1:SkipBef,Int:N/little,_I2:SkipAft>> = Bin,
+			 <<_:SkipBef,Int:N/little,_:SkipAft>> = Bin,
 			 Int = make_int(big_to_little(List, N), N, 0)
 		 end,
     ?line more_dynamic1(UnsLittle, funny_binary(44)),
 
-    % Signed little-endian numbers.
+    %% Signed little-endian numbers.
     SignLittle  = fun(Bin, List, SkipBef, N) ->
 			  SkipAft = 8*size(Bin) - N - SkipBef,
-			  <<_I1:SkipBef,Int:N/signed-little,_I2:SkipAft>> = Bin,
+			  <<_:SkipBef,Int:N/signed-little,_:SkipAft>> = Bin,
 			  Little = big_to_little(List, N),
 			  Int = make_signed_int(Little, N)
 		  end,
@@ -181,11 +187,6 @@ more_dynamic(Config) when list(Config) ->
 
     ok.
 
-funny_binary(N) ->
-    B0 = erlang:md5([N]),
-    {B1,_B2} = split_binary(B0, size(B0) div 2),
-    B1.
-
 more_dynamic1(Action, Bin) ->
     BitList = bits_to_list(binary_to_list(Bin), 16#80),
     more_dynamic2(Action, Bin, BitList, 0).
@@ -193,7 +194,7 @@ more_dynamic1(Action, Bin) ->
 more_dynamic2(Action, Bin, [_|T]=List, Bef) ->
     more_dynamic3(Action, Bin, List, Bef, size(Bin)*8),
     more_dynamic2(Action, Bin, T, Bef+1);
-more_dynamic2(_Action, _Bin, [], _Bef) -> ok.
+more_dynamic2(_, _, [], _) -> ok.
 
 more_dynamic3(Action, Bin, List, Bef, Aft) when Bef =< Aft ->
 %%    io:format("~p, ~p", [Bef,Aft-Bef]),
@@ -208,8 +209,8 @@ big_to_little([B0,B1,B2,B3,B4,B5,B6,B7|T], N, Acc) when N >= 8 ->
 big_to_little(List, N, Acc) -> lists:sublist(List, 1, N) ++ Acc.
 
 make_signed_int(_List, 0) -> 0;
-make_signed_int([0|_T]=List, N) -> make_int(List, N, 0);
-make_signed_int([1|_T]=List0, N) ->
+make_signed_int([0|_]=List, N) -> make_int(List, N, 0);
+make_signed_int([1|_]=List0, N) ->
     List1 = reversed_sublist(List0, N, []),
     List2 = two_complement_and_reverse(List1, 1, []),
     -make_int(List2, length(List2), 0).
@@ -225,7 +226,7 @@ two_complement_and_reverse([], Carry, Acc) -> [Carry|Acc].
 make_int(_List, 0, Acc) -> Acc;
 make_int([H|T], N, Acc) -> make_int(T, N-1, Acc bsl 1 bor H).
 
-bits_to_list([_H|T], 0) -> bits_to_list(T, 16#80);
+bits_to_list([_|T], 0) -> bits_to_list(T, 16#80);
 bits_to_list([H|_]=List, Mask) ->
     [case H band Mask of
 	 0 -> 0;
@@ -234,11 +235,134 @@ bits_to_list([H|_]=List, Mask) ->
 bits_to_list([], _) -> [].
 
 fun_clause({'EXIT',{function_clause,_}}) -> ok.
-mkbin(L) when list(L) -> list_to_binary(L).
+mkbin(L) when is_list(L) -> list_to_binary(L).
+
+funny_binary(N) ->
+    B0 = erlang:md5([N]),
+    {B1,_B2} = split_binary(B0, byte_size(B0) div 3),
+    B1.
 
-mml(Config) when list(Config) ->
+mml(Config) when is_list(Config) ->
     ?line single_byte_binary = mml_choose(<<42>>),
     ?line multi_byte_binary = mml_choose(<<42,43>>).
 
 mml_choose(<<_A:8>>) -> single_byte_binary;
-mml_choose(<<_A:8, _T/binary>>) -> multi_byte_binary.
+mml_choose(<<_A:8,_T/binary>>) -> multi_byte_binary.
+
+match_huge_int(Config) when is_list(Config) ->
+    Sz = 1 bsl 27,
+    ?line Bin = <<0:Sz,13:8>>,
+    ?line skip_huge_int_1(Sz, Bin),
+    ?line 0 = match_huge_int_1(Sz, Bin),
+
+    %% Test overflowing the size of an integer field.
+    ?line nomatch = overflow_huge_int_skip_32(Bin),
+    case erlang:system_info(wordsize) of
+	4 ->
+	    ?line nomatch = overflow_huge_int_32(Bin);
+	8 ->
+	    %% An attempt will be made to allocate heap space for
+	    %% the bignum (which will probably fail); only if the
+	    %% allocation succeds will the matching fail because
+	    %% the binary is too small.
+	    ok
+    end,
+    ?line nomatch = overflow_huge_int_skip_64(Bin),
+    ?line nomatch = overflow_huge_int_64(Bin),
+
+    %% Test overflowing the size of an integer field using variables as sizes.
+    ?line Sizes = case erlang:system_info(wordsize) of
+		      4 -> lists:seq(25, 32);
+		      8 -> []
+		  end ++ lists:seq(50, 64),
+    ?line ok = overflow_huge_int_unit128(Bin, Sizes),
+
+    ok.
+
+overflow_huge_int_unit128(Bin, [Sz0|Sizes]) ->
+    Sz = id(1 bsl Sz0),
+    case Bin of
+	<<_:Sz/unit:128,0,_/binary>> ->
+	    {error,Sz};
+	_ ->
+	    case Bin of
+		<<Var:Sz/unit:128,0,_/binary>> ->
+		    {error,Sz,Var};
+		_ ->
+		    overflow_huge_int_unit128(Bin, Sizes)
+	    end
+    end;
+overflow_huge_int_unit128(_, []) -> ok.
+
+match_huge_int_1(I, Bin) ->
+    <<Int:I,13>> = Bin,
+    Int.
+
+skip_huge_int_1(I, Bin) ->
+    <<_:I,13>> = Bin.
+
+overflow_huge_int_skip_32(<<_:4294967296,0,_/binary>>) -> 1; % 1 bsl 32
+overflow_huge_int_skip_32(<<_:33554432/unit:128,0,_/binary>>) -> 2; % 1 bsl 25
+overflow_huge_int_skip_32(<<_:67108864/unit:64,0,_/binary>>) -> 3; % 1 bsl 26
+overflow_huge_int_skip_32(<<_:134217728/unit:32,0,_/binary>>) -> 4; % 1 bsl 27
+overflow_huge_int_skip_32(<<_:268435456/unit:16,0,_/binary>>) -> 5; % 1 bsl 28
+overflow_huge_int_skip_32(<<_:536870912/unit:8,0,_/binary>>) -> 6; % 1 bsl 29
+overflow_huge_int_skip_32(<<_:1073741824/unit:8,0,_/binary>>) -> 7; % 1 bsl 30
+overflow_huge_int_skip_32(<<_:2147483648/unit:8,0,_/binary>>) -> 8; % 1 bsl 31
+overflow_huge_int_skip_32(_) -> nomatch.
+
+overflow_huge_int_32(<<Int:4294967296,_/binary>>) -> {1,Int}; % 1 bsl 32
+overflow_huge_int_32(<<Int:33554432/unit:128,0,_/binary>>) -> {2,Int}; % 1 bsl 25
+overflow_huge_int_32(<<Int:67108864/unit:128,0,_/binary>>) -> {3,Int}; % 1 bsl 26
+overflow_huge_int_32(<<Int:134217728/unit:128,0,_/binary>>) -> {4,Int}; % 1 bsl 27
+overflow_huge_int_32(<<Int:268435456/unit:128,0,_/binary>>) -> {5,Int}; % 1 bsl 28
+overflow_huge_int_32(<<Int:536870912/unit:128,0,_/binary>>) -> {6,Int}; % 1 bsl 29
+overflow_huge_int_32(<<Int:1073741824/unit:128,0,_/binary>>) -> {7,Int}; % 1 bsl 30
+overflow_huge_int_32(<<Int:2147483648/unit:128,0,_/binary>>) -> {8,Int}; % 1 bsl 31
+overflow_huge_int_32(_) -> nomatch.
+
+overflow_huge_int_skip_64(<<_:18446744073709551616,_/binary>>) -> 1; % 1 bsl 64
+overflow_huge_int_skip_64(<<_:144115188075855872/unit:128,0,_/binary>>) -> 2; % 1 bsl 57
+overflow_huge_int_skip_64(<<_:288230376151711744/unit:64,0,_/binary>>) -> 3; % 1 bsl 58
+overflow_huge_int_skip_64(<<_:576460752303423488/unit:32,0,_/binary>>) -> 4; % 1 bsl 59
+overflow_huge_int_skip_64(<<_:1152921504606846976/unit:16,0,_/binary>>) -> 5; % 1 bsl 60
+overflow_huge_int_skip_64(<<_:2305843009213693952/unit:8,0,_/binary>>) -> 6; % 1 bsl 61
+overflow_huge_int_skip_64(<<_:4611686018427387904/unit:8,0,_/binary>>) -> 7; % 1 bsl 62
+overflow_huge_int_skip_64(<<_:9223372036854775808/unit:8,0,_/binary>>) -> 8; % 1 bsl 63
+overflow_huge_int_skip_64(_) -> nomatch.
+
+overflow_huge_int_64(<<Int:18446744073709551616,_/binary>>) -> {1,Int}; % 1 bsl 64
+overflow_huge_int_64(<<Int:144115188075855872/unit:128,0,_/binary>>) -> {2,Int}; % 1 bsl 57
+overflow_huge_int_64(<<Int:288230376151711744/unit:128,0,_/binary>>) -> {3,Int}; % 1 bsl 58
+overflow_huge_int_64(<<Int:576460752303423488/unit:128,0,_/binary>>) -> {4,Int}; % 1 bsl 59
+overflow_huge_int_64(<<Int:1152921504606846976/unit:128,0,_/binary>>) -> {5,Int}; % 1 bsl 60
+overflow_huge_int_64(<<Int:2305843009213693952/unit:128,0,_/binary>>) -> {6,Int}; % 1 bsl 61
+overflow_huge_int_64(<<Int:4611686018427387904/unit:128,0,_/binary>>) -> {7,Int}; % 1 bsl 62
+overflow_huge_int_64(<<Int:9223372036854775808/unit:128,0,_/binary>>) -> {8,Int}; % 1 bsl 63
+overflow_huge_int_64(_) -> nomatch.
+
+bignum(Config) when is_list(Config) ->
+    ?line Bin = id(<<42,0:1024/unit:8,43>>),
+    ?line <<42:1025/little-integer-unit:8,_:8>> = Bin,
+    ?line <<_:8,43:1025/integer-unit:8>> = Bin,
+
+    ?line BignumBin = id(<<0:512/unit:8,258254417031933722623:9/unit:8>>),
+    ?line <<258254417031933722623:(512+9)/unit:8>> = BignumBin,
+    erlang:garbage_collect(),			%Search for holes in debug-build.
+    ok.
+
+unaligned_32_bit(Config) when is_list(Config) ->
+    %% There used to be a risk for heap overflow (fixed in R11B-5).
+    ?line L = unaligned_32_bit_1(<<-1:(64*1024)>>),
+    ?line unaligned_32_bit_verify(L, 1638).
+
+unaligned_32_bit_1(<<1:1,U:32,_:7,T/binary>>) ->
+    [U|unaligned_32_bit_1(T)];
+unaligned_32_bit_1(_) ->
+    [].
+
+unaligned_32_bit_verify([], 0) -> ok;
+unaligned_32_bit_verify([4294967295|T], N) when N > 0 ->
+    unaligned_32_bit_verify(T, N-1).
+
+id(I) -> I.
diff --git a/lib/debugger/test/bs_match_misc_SUITE.erl b/lib/debugger/test/bs_match_misc_SUITE.erl
index 53d11ba179..89fce263f5 100644
--- a/lib/debugger/test/bs_match_misc_SUITE.erl
+++ b/lib/debugger/test/bs_match_misc_SUITE.erl
@@ -19,18 +19,24 @@
 
 -module(bs_match_misc_SUITE).
 
--author('[email protected]').
 -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
 	 init_per_suite/1,end_per_suite/1,
-	 bound_var/1,bound_tail/1,t_float/1,little_float/1,sean/1]).
+	 bound_var/1,bound_tail/1,t_float/1,little_float/1,sean/1,
+	 kenneth/1,encode_binary/1,native/1,happi/1,
+	 size_var/1,wiger/1,x0_context/1,huge_float_field/1,
+	 writable_binary_matched/1,otp_7198/1,
+	 unordered_bindings/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    cases().
+    [bound_var, bound_tail, t_float, little_float, sean,
+     kenneth, encode_binary, native, happi, size_var, wiger,
+     x0_context, huge_float_field, writable_binary_matched,
+     otp_7198, unordered_bindings].
 
 groups() -> 
     [].
@@ -41,9 +47,13 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
+init_per_suite(Config) when is_list(Config) ->
+    ?line test_lib:interpret(?MODULE),
+    ?line true = lists:member(?MODULE, int:interpreted()),
+    Config.
 
-cases() -> 
-    [bound_var, bound_tail, t_float, little_float, sean].
+end_per_suite(Config) when is_list(Config) ->
+    ok.
 
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
@@ -55,16 +65,8 @@ end_per_testcase(_Case, Config) ->
     ?t:timetrap_cancel(Dog),
     ok.
 
-init_per_suite(Config) when is_list(Config) ->
-    ?line test_lib:interpret(?MODULE),
-    ?line true = lists:member(?MODULE, int:interpreted()),
-    Config.
-
-end_per_suite(Config) when is_list(Config) ->
-    ok.
-
 bound_var(doc) -> "Test matching of bound variables.";
-bound_var(Config) when list(Config) ->
+bound_var(Config) when is_list(Config) ->
     ?line ok = bound_var(42, 13, <<42,13>>),
     ?line nope = bound_var(42, 13, <<42,255>>),
     ?line nope = bound_var(42, 13, <<154,255>>),
@@ -74,7 +76,7 @@ bound_var(A, B, <<A:8,B:8>>) -> ok;
 bound_var(_, _, _) -> nope.
 
 bound_tail(doc) -> "Test matching of a bound tail.";
-bound_tail(Config) when list(Config) ->
+bound_tail(Config) when is_list(Config) ->
     ?line ok = bound_tail(<<>>, <<13,14>>),
     ?line ok = bound_tail(<<2,3>>, <<1,1,2,3>>),
     ?line nope = bound_tail(<<2,3>>, <<1,1,2,7>>),
@@ -85,7 +87,7 @@ bound_tail(Config) when list(Config) ->
 bound_tail(T, <<_:16,T/binary>>) -> ok;
 bound_tail(_, _) -> nope.
 
-t_float(Config) when list(Config) ->
+t_float(Config) when is_list(Config) ->
     F = f1(),
     G = f_one(),
 
@@ -98,6 +100,10 @@ t_float(Config) when list(Config) ->
     ?line fcmp(F, match_float(<<1:1,F:64/float,127:7>>, 64, 1)),
     ?line fcmp(F, match_float(<<1:13,F:32/float,127:3>>, 32, 13)),
     ?line fcmp(F, match_float(<<1:13,F:64/float,127:3>>, 64, 13)),
+
+    ?line {'EXIT',{{badmatch,_},_}} = (catch match_float(<<0,0>>, 16, 0)),
+    ?line {'EXIT',{{badmatch,_},_}} = (catch match_float(<<0,0>>, 16#7fffffff, 0)),
+
     ok.
 
 
@@ -110,7 +116,7 @@ match_float(Bin0, Fsz, I) ->
     <<_:I,F:Fsz/float,_:Tsz>> = Bin,
     F.
 
-little_float(Config) when list(Config) ->
+little_float(Config) when is_list(Config) ->
     F = f2(),
     G = f_one(),
 
@@ -149,7 +155,7 @@ f2() ->
 f_one() ->
     1.0.
 
-sean(Config) when list(Config) ->
+sean(Config) when is_list(Config) ->
     ?line small = sean1(<<>>),
     ?line small = sean1(<<1>>),
     ?line small = sean1(<<1,2>>),
@@ -162,5 +168,414 @@ sean(Config) when list(Config) ->
     ?line {'EXIT',{function_clause,_}} = (catch sean1(<<4,5,6,7>>)),
     ok.
 
-sean1(<<B/binary>>) when size(B) < 4 ->	small;
+sean1(<<B/binary>>) when byte_size(B) < 4 -> small;
 sean1(<<1, _B/binary>>) -> large.
+
+kenneth(Config) when is_list(Config) ->
+    {ok,[145,148,113,129,0,0,0,0]} =
+	msisdn_internal_storage(<<145,148,113,129,0,0,0,0>>, []).
+
+msisdn_internal_storage(<<>>,MSISDN) ->
+    {ok,lists:reverse(MSISDN)};
+msisdn_internal_storage(<<2#11111111:8,_Rest/binary>>,MSISDN) ->
+    {ok,lists:reverse(MSISDN)};
+msisdn_internal_storage(<<2#1111:4,DigitN:4,_Rest/binary>>,MSISDN) when
+    DigitN < 10 ->
+    {ok,lists:reverse([(DigitN bor 2#11110000)|MSISDN])};
+msisdn_internal_storage(<<DigitNplus1:4,DigitN:4,Rest/binary>>,MSISDN) when
+    DigitNplus1 < 10,
+    DigitN < 10 ->
+    NewMSISDN=[((DigitNplus1 bsl 4) bor DigitN)|MSISDN],
+    msisdn_internal_storage(Rest,NewMSISDN);
+msisdn_internal_storage(_Rest,_MSISDN) ->
+    {fault}. %% Mandatory IE incorrect
+
+encode_binary(Config) when is_list(Config) ->
+    "C2J2QiSc" = encodeBinary(<<11,98,118,66,36,156>>, []),
+    ok.
+
+encodeBinary(<<>>, Output) ->
+    lists:reverse(Output);
+encodeBinary(<<Data:1/binary>>, Output) ->
+    <<DChar1:6, DChar2:2>> = Data,
+    Char1 = getBase64Char(DChar1),
+    Char2 = getBase64Char(DChar2),
+    Char3 = "=",
+    Char4 = "=",
+    NewOutput = Char4 ++ Char3 ++ Char2 ++ Char1 ++ Output,
+    encodeBinary(<<>>, NewOutput);
+encodeBinary(<<Data:2/binary>>, Output) ->
+    <<DChar1:6, DChar2:6, DChar3:4>> = Data,
+    Char1 = getBase64Char(DChar1),
+    Char2 = getBase64Char(DChar2),
+    Char3 = getBase64Char(DChar3),
+    Char4 = "=",
+    NewOutput = Char4 ++ Char3 ++ Char2 ++ Char1 ++ Output,
+    encodeBinary(<<>>, NewOutput);
+encodeBinary(<<Data:3/binary, Rest/binary>>, Output) ->
+    <<DChar1:6, DChar2:6, DChar3:6, DChar4:6>> = Data,
+    Char1 = getBase64Char(DChar1),
+    Char2 = getBase64Char(DChar2),
+    Char3 = getBase64Char(DChar3),
+    Char4 = getBase64Char(DChar4),
+    NewOutput = Char4 ++ Char3 ++ Char2 ++ Char1 ++ Output,
+    encodeBinary(Rest, NewOutput);
+encodeBinary(_Data, _) ->
+    error.
+
+getBase64Char(0)  -> "A";
+getBase64Char(1)  -> "B";
+getBase64Char(2)  -> "C";
+getBase64Char(3)  -> "D";
+getBase64Char(4)  -> "E";
+getBase64Char(5)  -> "F";
+getBase64Char(6)  -> "G";
+getBase64Char(7)  -> "H";
+getBase64Char(8)  -> "I";
+getBase64Char(9)  -> "J";
+getBase64Char(10) -> "K";
+getBase64Char(11) -> "L";
+getBase64Char(12) -> "M";
+getBase64Char(13) -> "N";
+getBase64Char(14) -> "O";
+getBase64Char(15) -> "P";
+getBase64Char(16) -> "Q";
+getBase64Char(17) -> "R";
+getBase64Char(18) -> "S";
+getBase64Char(19) -> "T";
+getBase64Char(20) -> "U";
+getBase64Char(21) -> "V";
+getBase64Char(22) -> "W";
+getBase64Char(23) -> "X";
+getBase64Char(24) -> "Y";
+getBase64Char(25) -> "Z";
+getBase64Char(26) -> "a";
+getBase64Char(27) -> "b";
+getBase64Char(28) -> "c";
+getBase64Char(29) -> "d";
+getBase64Char(30) -> "e";
+getBase64Char(31) -> "f";
+getBase64Char(32) -> "g";
+getBase64Char(33) -> "h";
+getBase64Char(34) -> "i";
+getBase64Char(35) -> "j";
+getBase64Char(36) -> "k";
+getBase64Char(37) -> "l";
+getBase64Char(38) -> "m";
+getBase64Char(39) -> "n";
+getBase64Char(40) -> "o";
+getBase64Char(41) -> "p";
+getBase64Char(42) -> "q";
+getBase64Char(43) -> "r";
+getBase64Char(44) -> "s";
+getBase64Char(45) -> "t";
+getBase64Char(46) -> "u";
+getBase64Char(47) -> "v";
+getBase64Char(48) -> "w";
+getBase64Char(49) -> "x";
+getBase64Char(50) -> "y";
+getBase64Char(51) -> "z";
+getBase64Char(52) -> "0";
+getBase64Char(53) -> "1";
+getBase64Char(54) -> "2";
+getBase64Char(55) -> "3";
+getBase64Char(56) -> "4";
+getBase64Char(57) -> "5";
+getBase64Char(58) -> "6";
+getBase64Char(59) -> "7";
+getBase64Char(60) -> "8";
+getBase64Char(61) -> "9";
+getBase64Char(62) -> "+";
+getBase64Char(63) -> "/";
+getBase64Char(_Else) ->
+    %% This is an illegal input.
+%    cgLogEM:log(error, ?MODULE, getBase64Char, [Else],
+%		"illegal input",
+%		?LINE, version()),
+    "**".
+
+-define(M(F), <<F>> = <<F>>).
+
+native(Config) when is_list(Config) ->
+    ?line ?M(3.14:64/native-float),
+    ?line ?M(333:16/native),
+    ?line ?M(38658345:32/native),
+    case <<1:16/native>> of
+	<<0,1>> -> native_big();
+	<<1,0>> -> native_little()
+    end.
+
+native_big() ->
+    ?line <<37.33:64/native-float>> = <<37.33:64/big-float>>,
+    ?line <<3974:16/native-integer>> = <<3974:16/big-integer>>,
+    {comment,"Big endian"}.
+
+native_little() ->
+    ?line <<37869.32343:64/native-float>> = <<37869.32343:64/little-float>>,
+    ?line <<7974:16/native-integer>> = <<7974:16/little-integer>>,
+    {comment,"Little endian"}.
+
+happi(Config) when is_list(Config) ->
+    Bin = <<".123">>,
+    ?line <<"123">> = lex_digits1(Bin, 1, []),
+    ?line <<"123">> = lex_digits2(Bin, 1, []),
+    ok.
+
+lex_digits1(<<$., Rest/binary>>,_Val,_Acc) ->
+    Rest;
+lex_digits1(<<N, Rest/binary>>,Val, Acc) when N >= $0 , N =< $9 ->
+    lex_digits1(Rest,Val*10+dec(N),Acc);
+lex_digits1(_Other,_Val,_Acc) ->
+    not_ok.
+
+lex_digits2(<<N, Rest/binary>>,Val, Acc) when N >= $0 , N =< $9 ->
+    lex_digits2(Rest,Val*10+dec(N),Acc);
+lex_digits2(<<$., Rest/binary>>,_Val,_Acc) ->
+    Rest;
+lex_digits2(_Other,_Val,_Acc) ->
+    not_ok.
+
+dec(A) ->
+    A-$0.
+
+size_var(Config) when is_list(Config) ->
+    ?line {<<45>>,<<>>} = split(<<1:16,45>>),
+    ?line {<<45>>,<<46,47>>} = split(<<1:16,45,46,47>>),
+    ?line {<<45,46>>,<<47>>} = split(<<2:16,45,46,47>>),
+
+    ?line {<<45,46,47>>,<<48>>} = split_2(<<16:8,3:16,45,46,47,48>>),
+
+    ?line {<<45,46>>,<<47>>} = split(2, <<2:16,45,46,47>>),
+    ?line {'EXIT',{function_clause,_}} = (catch split(42, <<2:16,45,46,47>>)),
+
+    ?line <<"cdef">> = skip(<<2:8,"abcdef">>),
+
+    ok.
+
+split(<<N:16,B:N/binary,T/binary>>) ->
+    {B,T}.
+
+split(N, <<N:16,B:N/binary,T/binary>>) ->
+    {B,T}.
+
+split_2(<<N0:8,N:N0,B:N/binary,T/binary>>) ->
+    {B,T}.
+
+skip(<<N:8,_:N/binary,T/binary>>) -> T.
+
+wiger(Config) when is_list(Config) ->
+    ?line ok1 = wcheck(<<3>>),
+    ?line ok2 = wcheck(<<1,2,3>>),
+    ?line ok3 = wcheck(<<4>>),
+    ?line {error,<<1,2,3,4>>} = wcheck(<<1,2,3,4>>),
+    ?line {error,<<>>} = wcheck(<<>>),
+    ok.
+
+wcheck(<<A>>) when A==3->
+    ok1;
+wcheck(<<_,_:2/binary>>) ->
+    ok2;
+wcheck(<<_>>) ->
+    ok3;
+wcheck(Other) ->
+    {error,Other}.
+
+%% Test that having the match context in x(0) works.
+
+x0_context(Config) when is_list(Config) ->
+    x0_0([], <<3.0:64/float,42:16,123456:32>>).
+
+x0_0(_, Bin) ->
+    <<3.0:64/float,42:16,_/binary>> = Bin,
+    x0_1([], Bin, 64, 16, 2).
+
+x0_1(_, Bin, FloatSz, IntSz, BinSz) ->
+    <<_:FloatSz/float,42:IntSz,B:BinSz/binary,C:1/binary,D/binary>> = Bin,
+    id({B,C,D}),
+    <<_:FloatSz/float,42:IntSz,B:BinSz/binary,_/binary>> = Bin,
+    x0_2([], Bin).
+
+x0_2(_, Bin) ->
+    <<_:64,0:7,42:9,_/binary>> = Bin,
+    x0_3([], Bin).
+
+x0_3(_, Bin) ->
+    case Bin of
+	<<_:72,7:8,_/binary>> ->
+	    ?line ?t:fail();
+	<<_:64,0:16,_/binary>> ->
+	    ?line ?t:fail();
+	<<_:64,42:16,123456:32,_/binary>> ->
+	    ok
+    end.
+
+
+huge_float_field(Config) when is_list(Config) ->
+    Sz = 1 bsl 27,
+    ?line Bin = <<0:Sz>>,
+
+    ?line nomatch = overflow_huge_float_skip_32(Bin),
+    ?line nomatch = overflow_huge_float_32(Bin),
+
+    ?line ok = overflow_huge_float(Bin, lists:seq(25, 32)++lists:seq(50, 64)),
+    ?line ok = overflow_huge_float_unit128(Bin, lists:seq(25, 32)++lists:seq(50, 64)),
+    ok.
+
+overflow_huge_float_skip_32(<<_:4294967296/float,0,_/binary>>) -> 1; % 1 bsl 32
+overflow_huge_float_skip_32(<<_:33554432/float-unit:128,0,_/binary>>) -> 2; % 1 bsl 25
+overflow_huge_float_skip_32(<<_:67108864/float-unit:64,0,_/binary>>) -> 3; % 1 bsl 26
+overflow_huge_float_skip_32(<<_:134217728/float-unit:32,0,_/binary>>) -> 4; % 1 bsl 27
+overflow_huge_float_skip_32(<<_:268435456/float-unit:16,0,_/binary>>) -> 5; % 1 bsl 28
+overflow_huge_float_skip_32(<<_:536870912/float-unit:8,0,_/binary>>) -> 6; % 1 bsl 29
+overflow_huge_float_skip_32(<<_:1073741824/float-unit:8,0,_/binary>>) -> 7; % 1 bsl 30
+overflow_huge_float_skip_32(<<_:2147483648/float-unit:8,0,_/binary>>) -> 8; % 1 bsl 31
+overflow_huge_float_skip_32(_) -> nomatch.
+
+overflow_huge_float_32(<<F:4294967296/float,_/binary>>) -> {1,F}; % 1 bsl 32
+overflow_huge_float_32(<<F:33554432/float-unit:128,0,_/binary>>) -> {2,F}; % 1 bsl 25
+overflow_huge_float_32(<<F:67108864/float-unit:128,0,_/binary>>) -> {3,F}; % 1 bsl 26
+overflow_huge_float_32(<<F:134217728/float-unit:128,0,_/binary>>) -> {4,F}; % 1 bsl 27
+overflow_huge_float_32(<<F:268435456/float-unit:128,0,_/binary>>) -> {5,F}; % 1 bsl 28
+overflow_huge_float_32(<<F:536870912/float-unit:128,0,_/binary>>) -> {6,F}; % 1 bsl 29
+overflow_huge_float_32(<<F:1073741824/float-unit:128,0,_/binary>>) -> {7,F}; % 1 bsl 30
+overflow_huge_float_32(<<F:2147483648/float-unit:128,0,_/binary>>) -> {8,F}; % 1 bsl 31
+overflow_huge_float_32(_) -> nomatch.
+
+
+overflow_huge_float(Bin, [Sz0|Sizes]) ->
+    Sz = id(1 bsl Sz0),
+    case Bin of
+	<<_:Sz/float-unit:8,0,_/binary>> ->
+	    {error,Sz};
+	_ ->
+	    case Bin of
+		<<Var:Sz/float-unit:8,0,_/binary>> ->
+		    {error,Sz,Var};
+		_ ->
+		    overflow_huge_float(Bin, Sizes)
+	    end
+    end;
+overflow_huge_float(_, []) -> ok.
+
+overflow_huge_float_unit128(Bin, [Sz0|Sizes]) ->
+    Sz = id(1 bsl Sz0),
+    case Bin of
+	<<_:Sz/float-unit:128,0,_/binary>> ->
+	    {error,Sz};
+	_ ->
+	    case Bin of
+		<<Var:Sz/float-unit:128,0,_/binary>> ->
+		    {error,Sz,Var};
+		_ ->
+		    overflow_huge_float_unit128(Bin, Sizes)
+	    end
+    end;
+overflow_huge_float_unit128(_, []) -> ok.
+
+
+%%
+%% Test that a writable binary can be safely matched.
+%%
+
+writable_binary_matched(Config) when is_list(Config) ->
+    ?line WritableBin = create_writeable_binary(),
+    ?line writable_binary_matched(WritableBin, WritableBin, 500).
+
+writable_binary_matched(<<0>>, _, N) ->
+    if
+	N =:= 0 -> ok;
+	true ->
+	    put(grow_heap, [N|get(grow_heap)]),
+	    ?line WritableBin = create_writeable_binary(),
+	    ?line writable_binary_matched(WritableBin, WritableBin, N-1)
+    end;
+writable_binary_matched(<<B:8,T/binary>>, WritableBin0, N) ->
+    ?line WritableBin = writable_binary(WritableBin0, B),
+    writable_binary_matched(T, WritableBin, N).
+
+writable_binary(WritableBin0, B) when is_binary(WritableBin0) ->
+    %% Heavy append to force the binary to move.
+    ?line WritableBin = <<WritableBin0/binary,0:(size(WritableBin0))/unit:8,B>>,
+    ?line id(<<(id(0)):128/unit:8>>),
+    WritableBin.
+
+create_writeable_binary() ->
+  <<(id(<<>>))/binary,1,2,3,4,5,6,0>>.
+
+otp_7198(Config) when is_list(Config) ->
+    %% When a match context was reused, and grown at the same time to
+    %% increase the number of saved positions, the thing word was not updated
+    %% to account for the new size. Therefore, if there was a garbage collection,
+    %% the new slots would be included in the garbage collection.
+    ?line [do_otp_7198(FillerSize) || FillerSize <- lists:seq(0, 256)],
+    ok.
+
+do_otp_7198(FillerSize) ->
+    Filler = erlang:make_tuple(FillerSize, 42),
+    {Pid,Ref} = spawn_monitor(fun() -> do_otp_7198_test(Filler) end),
+    receive
+	{'DOWN',Ref,process,Pid,normal} ->
+	    ok;
+	{'DOWN',Ref,process,Pid,Reason} ->
+	    io:format("unexpected: ~p", [Reason]),
+	    ?line ?t:fail()
+    end.
+
+do_otp_7198_test(_) ->
+    [{'KEYWORD',114},
+     {'KEYWORD',101},
+     {'KEYWORD',103},
+     {'KEYWORD',105},
+     {'KEYWORD',111},
+     {'FIELD',110},
+     {'KEYWORD',119},
+     {'KEYWORD',104},
+     {'KEYWORD',97},
+     {'KEYWORD',116},
+     {'KEYWORD',101},
+     {'KEYWORD',118},
+     {'KEYWORD',101},
+     {'KEYWORD',114},
+     '$thats_all_folks$'] = otp_7198_scan(<<"region:whatever">>, []).
+
+
+otp_7198_scan(<<>>, TokAcc) ->
+        lists:reverse(['$thats_all_folks$' | TokAcc]);
+
+otp_7198_scan(<<D, Z, Rest/binary>>, TokAcc) when
+                        (D =:= $D orelse D =:= $d) and
+                        ((Z =:= $\s) or (Z =:= $() or (Z =:= $))) ->
+        otp_7198_scan(<<Z, Rest/binary>>, ['AND' | TokAcc]);
+
+otp_7198_scan(<<D>>, TokAcc) when
+                        (D =:= $D) or (D =:= $d) ->
+        otp_7198_scan(<<>>, ['AND' | TokAcc]);
+
+otp_7198_scan(<<N, Z, Rest/binary>>, TokAcc) when
+                        (N =:= $N orelse N =:= $n) and
+                        ((Z =:= $\s) or (Z =:= $() or (Z =:= $))) ->
+        otp_7198_scan(<<Z, Rest/binary>>, ['NOT' | TokAcc]);
+
+otp_7198_scan(<<C, Rest/binary>>, TokAcc) when
+                                (C >= $A) and (C =< $Z);
+                                (C >= $a) and (C =< $z);
+                                (C >= $0) and (C =< $9) ->
+        case Rest of
+                <<$:, R/binary>> ->
+                        otp_7198_scan(R, [{'FIELD', C} | TokAcc]);
+                _ ->
+                        otp_7198_scan(Rest, [{'KEYWORD', C} | TokAcc])
+        end.
+
+unordered_bindings(Config) when is_list(Config) ->
+    {<<1,2,3,4>>,<<42,42>>,<<3,3,3>>} =
+	unordered_bindings(4, 2, 3, <<1,2,3,4, 42,42, 3,3,3, 3>>),
+    ok.
+
+unordered_bindings(CompressedLength, HashSize, PadLength, T) ->
+    <<Content:CompressedLength/binary,Mac:HashSize/binary,
+     Padding:PadLength/binary,PadLength>> = T,
+    {Content,Mac,Padding}.
+
+
+id(I) -> I.
diff --git a/lib/debugger/test/bs_match_tail_SUITE.erl b/lib/debugger/test/bs_match_tail_SUITE.erl
index 961ccbb599..9f7519cf3a 100644
--- a/lib/debugger/test/bs_match_tail_SUITE.erl
+++ b/lib/debugger/test/bs_match_tail_SUITE.erl
@@ -64,7 +64,7 @@ end_per_suite(Config) when is_list(Config) ->
     ok.
 
 aligned(doc) -> "Test aligned tails.";
-aligned(Config) when list(Config) ->
+aligned(Config) when is_list(Config) ->
     ?line Tail1 = mkbin([]),
     ?line {258,Tail1} = al_get_tail_used(mkbin([1,2])),
     ?line Tail2 = mkbin(lists:seq(1, 127)),
@@ -84,10 +84,10 @@ aligned(Config) when list(Config) ->
     ok.
 
 al_get_tail_used(<<A:16,T/binary>>) -> {A,T}.
-al_get_tail_unused(<<A:16,_T/binary>>) -> A.
+al_get_tail_unused(<<A:16,_/binary>>) -> A.
 
 unaligned(doc) -> "Test that an non-aligned tail cannot be matched out.";
-unaligned(Config) when list(Config) ->
+unaligned(Config) when is_list(Config) ->
     ?line {'EXIT',{function_clause,_}} = (catch get_tail_used(mkbin([42]))),
     ?line {'EXIT',{{badmatch,_},_}} = (catch get_dyn_tail_used(mkbin([137]), 3)),
     ?line {'EXIT',{function_clause,_}} = (catch get_tail_unused(mkbin([42,33]))),
@@ -103,11 +103,11 @@ get_dyn_tail_used(Bin, Sz) ->
     {A,T}.
 
 get_dyn_tail_unused(Bin, Sz) ->
-    <<A:Sz,_T/binary>> = Bin,
+    <<A:Sz,_/binary>> = Bin,
     A.
 
 zero_tail(doc) -> "Test that zero tails are tested correctly.";
-zero_tail(Config) when list(Config) ->
+zero_tail(Config) when is_list(Config) ->
     ?line 7 = (catch test_zero_tail(mkbin([7]))),
     ?line {'EXIT',{function_clause,_}} = (catch test_zero_tail(mkbin([1,2]))),
     ?line {'EXIT',{function_clause,_}} = (catch test_zero_tail2(mkbin([1,2,3]))),
@@ -117,4 +117,4 @@ test_zero_tail(<<A:8>>) -> A.
 
 test_zero_tail2(<<_A:4,_B:4>>) -> ok.
 
-mkbin(L) when list(L) -> list_to_binary(L).
+mkbin(L) when is_list(L) -> list_to_binary(L).
diff --git a/lib/debugger/test/bug_SUITE.erl b/lib/debugger/test/bug_SUITE.erl
index a831897dfb..1a7e876329 100644
--- a/lib/debugger/test/bug_SUITE.erl
+++ b/lib/debugger/test/bug_SUITE.erl
@@ -51,7 +51,7 @@ end_per_group(_GroupName, Config) ->
 
 otp2163(doc) -> ["BIF exit reason"];
 otp2163(suite) -> [];
-otp2163(Config) when list(Config) ->
+otp2163(Config) when is_list(Config) ->
     ?line DataDir = ?config(data_dir, Config),
 
     %% First compile and get the expected results:
@@ -74,7 +74,7 @@ otp2163(Config) when list(Config) ->
 
 otp4845(doc) -> ["BIF not loading and not bug compatible, OTP-4845 OTP-4859"];
 otp4845(suite) -> [];
-otp4845(Config) when list(Config) ->
+otp4845(Config) when is_list(Config) ->
     ?line DataDir = ?config(data_dir, Config),
 
     %% First compile and get the expected results:
diff --git a/lib/debugger/test/exception_SUITE.erl b/lib/debugger/test/exception_SUITE.erl
index 8c864e4b5f..86554ab2d4 100644
--- a/lib/debugger/test/exception_SUITE.erl
+++ b/lib/debugger/test/exception_SUITE.erl
@@ -23,7 +23,8 @@
 -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
 	 init_per_suite/1,end_per_suite/1,
-	 badmatch/1,pending_errors/1,nil_arith/1]).
+	 badmatch/1,pending_errors/1,nil_arith/1,
+         stacktrace/1,nested_stacktrace/1,raise/1,gunilla/1,per/1]).
 
 -export([bad_guy/2]).
 
@@ -31,6 +32,19 @@
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
+%% Filler.
+%%
+%%
+%%
+%%
+%% This is line 40.
+even(N) when is_integer(N), N > 1, (N rem 2) == 0 ->
+    odd(N-1)++[N].
+
+odd(N) when is_integer(N), N > 1, (N rem 2) == 1 ->
+    even(N-1)++[N].
+
+
 all() -> 
     cases().
 
@@ -45,7 +59,8 @@ end_per_group(_GroupName, Config) ->
 
 
 cases() -> 
-    [badmatch, pending_errors, nil_arith].
+    [badmatch, pending_errors, nil_arith, stacktrace,
+     nested_stacktrace, raise, gunilla, per].
 
 -define(try_match(E),
 	catch ?MODULE:bar(),
@@ -69,9 +84,9 @@ init_per_suite(Config) when is_list(Config) ->
 end_per_suite(Config) when is_list(Config) ->
     ok.
 
-badmatch(doc) -> "Test that deliberately bad matches are reported correctly.";
-badmatch(suite) -> [];
-badmatch(Config) when list(Config) ->
+%% Test that deliberately bad matches are reported correctly.
+
+badmatch(Config) when is_list(Config) ->
     ?line ?try_match(a),
     ?line ?try_match(42),
     ?line ?try_match({a, b, c}),
@@ -79,11 +94,9 @@ badmatch(Config) when list(Config) ->
     ?line ?try_match(1.0),
     ok.
 
-pending_errors(doc) ->
-    ["Test various exceptions, in the presence of a previous error suppressed ",
-     "in a guard."];
-pending_errors(suite) -> [];
-pending_errors(Config) when list(Config) ->
+%% Test various exceptions, in the presence of a previous error suppressed
+%% in a guard.
+pending_errors(Config) when is_list(Config) ->
     ?line pending(e_badmatch, {badmatch, b}),
     ?line pending(x, function_clause),
     ?line pending(e_case, {case_clause, xxx}),
@@ -100,7 +113,7 @@ bad_guy(pe_badarith, Other) when Other+1 == 0 -> % badarith (suppressed)
 bad_guy(pe_badarg, Other) when length(Other) > 0 -> % badarg (suppressed)
     ok;
 bad_guy(_, e_case) ->
-    case xxx of
+    case id(xxx) of
 	ok -> ok
     end;					% case_clause
 bad_guy(_, e_if) ->
@@ -121,7 +134,7 @@ bad_guy(_, e_badarg) ->
 bad_guy(_, e_badarg_spawn) ->
     spawn({}, {}, {});				% badarg
 bad_guy(_, e_badmatch) ->
-    a = b.					% badmatch
+    a = id(b).					% badmatch
 
 pending(Arg, Expected) ->
     pending(pe_badarith, Arg, Expected),
@@ -155,28 +168,23 @@ pending_exit_message(Args, Expected) ->
     end,
     process_flag(trap_exit, false).
 
-pending({badarg,[{erlang,Bif,BifArgs},{?MODULE,Func,Arity}|_]}, Func, Args, _Code)
-  when atom(Bif), list(BifArgs), length(Args) == Arity -> %Threaded code.
-    ok;
-pending({badarg,[{erlang,Bif,BifArgs},{?MODULE,Func,Args}|_]}, Func, Args, _Code)
-  when atom(Bif), list(BifArgs) -> %From interpreted code.
+pending({badarg, [{erlang,Bif,BifArgs,_},{?MODULE,Func,Arity,_}|_]},
+	Func, Args, _Code)
+  when is_atom(Bif), is_list(BifArgs), length(Args) == Arity ->
     ok;
-pending({undef,[{non_existing_module,foo,[]}|_]}, _, _, _) ->
+pending({undef,[{non_existing_module,foo,[],_}|_]}, _, _, _) ->
     ok;
-pending({function_clause,[{?MODULE,Func,Args}|_]}, Func, Args, _Code) ->
+pending({function_clause,[{?MODULE,Func,Args,_}|_]}, Func, Args, _Code) ->
     ok;
-pending({Code,[{?MODULE,Func,Arity}|_]}, Func, Args, Code) when length(Args) == Arity -> %Threaded code
+pending({Code,[{?MODULE,Func,Arity,_}|_]}, Func, Args, Code)
+  when length(Args) == Arity ->
     ok;
-pending({Code,[{?MODULE,Func,Args}|_]}, Func, Args, Code) -> %From interpreted code.
-    ok;
-pending(Reason, Func, Args, Code) ->
-    test_server:fail({bad_exit_reason,Reason,{Func,Args,Code}}).
-
-nil_arith(doc) ->
-    "Test that doing arithmetics on [] gives a badarith EXIT and not a crash.";
-nil_arith(suite) ->
-    [];
-nil_arith(Config) when list(Config) ->
+pending(Reason, _Function, _Args, _Code) ->
+    test_server:fail({bad_exit_reason,Reason}).
+
+%% Test that doing arithmetics on [] gives a badarith EXIT and not a crash.
+
+nil_arith(Config) when is_list(Config) ->
     ?line ba_plus_minus_times([], []),
 
     ?line ba_plus_minus_times([], 0),
@@ -268,3 +276,199 @@ ba_shift(A, B) ->
 ba_bnot(A) ->
     io:format("bnot ~p", [A]),
     {'EXIT', {badarith, _}} = (catch bnot A).
+
+stacktrace(Conf) when is_list(Conf) ->
+    Tag = make_ref(),
+    ?line {_,Mref} = spawn_monitor(fun() -> exit({Tag,erlang:get_stacktrace()}) end),
+    ?line {Tag,[]} = receive {'DOWN',Mref,_,_,Info} -> Info end,
+    V = [make_ref()|self()],
+    ?line {value2,{caught1,badarg,[{erlang,abs,[V],_}|_]=St1}} =
+	stacktrace_1({'abs',V}, error, {value,V}),
+    ?line St1 = erase(stacktrace1),
+    ?line St1 = erase(stacktrace2),
+    ?line St1 = erlang:get_stacktrace(),
+    ?line {caught2,{error,badarith},[{?MODULE,my_add,2,_}|_]=St2} =
+	stacktrace_1({'div',{1,0}}, error, {'add',{0,a}}),
+    ?line [{?MODULE,my_div,2,_}|_] = erase(stacktrace1),
+    ?line St2 = erase(stacktrace2),
+    ?line St2 = erlang:get_stacktrace(),
+    ?line {caught2,{error,{try_clause,V}},[{?MODULE,stacktrace_1,3,_}|_]=St3} =
+	stacktrace_1({value,V}, error, {value,V}),
+    ?line St3 = erase(stacktrace1),
+    ?line St3 = erase(stacktrace2),
+    ?line St3 = erlang:get_stacktrace(),
+    ?line {caught2,{throw,V},[{?MODULE,foo,1,_}|_]=St4} =
+	stacktrace_1({value,V}, error, {throw,V}),
+    ?line [{?MODULE,stacktrace_1,3,_}|_] = erase(stacktrace1),
+    ?line St4 = erase(stacktrace2),
+    ?line St4 = erlang:get_stacktrace(),
+    ok.
+
+stacktrace_1(X, C1, Y) ->
+    erase(stacktrace1),
+    erase(stacktrace2),
+    try try foo(X) of
+            C1 -> value1
+        catch
+            C1:D1 -> {caught1,D1,erlang:get_stacktrace()}
+        after
+            put(stacktrace1, erlang:get_stacktrace()),
+	    foo(Y)
+        end of
+        V2 -> {value2,V2}
+    catch
+        C2:D2 -> {caught2,{C2,D2},erlang:get_stacktrace()}
+    after
+        put(stacktrace2, erlang:get_stacktrace())
+    end.
+
+
+
+nested_stacktrace(Conf) when is_list(Conf) ->
+    V = [{make_ref()}|[self()]],
+    ?line value1 =
+	nested_stacktrace_1({{value,{V,x1}},void,{V,x1}},
+			    {void,void,void}),
+    ?line {caught1,
+	   [{?MODULE,my_add,2,_}|_],
+	   value2,
+	   [{?MODULE,my_add,2,_}|_]} =
+	nested_stacktrace_1({{'add',{V,x1}},error,badarith},
+			    {{value,{V,x2}},void,{V,x2}}),
+    ?line {caught1,
+	   [{?MODULE,my_add,2,_}|_],
+	   {caught2,[{erlang,abs,[V],_}|_]},
+	   [{erlang,abs,[V],_}|_]} =
+	nested_stacktrace_1({{'add',{V,x1}},error,badarith},
+			    {{'abs',V},error,badarg}),
+    ok.
+
+nested_stacktrace_1({X1,C1,V1}, {X2,C2,V2}) ->
+    try foo(X1) of
+        V1 -> value1
+    catch
+        C1:V1 ->
+	    S1 = erlang:get_stacktrace(),
+            T2 =
+                try foo(X2) of
+	            V2 -> value2
+                catch
+                    C2:V2 -> {caught2,erlang:get_stacktrace()}
+                end,
+            {caught1,S1,T2,erlang:get_stacktrace()}
+    end.
+
+
+
+raise(Conf) when is_list(Conf) ->
+    ?line erase(raise),
+    ?line A =
+	try
+	    ?line try foo({'div',{1,0}})
+		  catch
+		      error:badarith ->
+			  put(raise, A0 = erlang:get_stacktrace()),
+			  ?line erlang:raise(error, badarith, A0)
+		  end
+	catch
+	    error:badarith ->
+		?line A1 = erlang:get_stacktrace(),
+		?line A1 = get(raise)
+	end,
+    ?line A = erlang:get_stacktrace(),
+    ?line A = get(raise),
+    ?line [{?MODULE,my_div,2,_}|_] = A,
+    %%
+    N = 8, % Must be even
+    ?line N = erlang:system_flag(backtrace_depth, N),
+    ?line try even(N)
+	  catch error:function_clause -> ok
+	  end,
+    ?line B = odd_even(N, []),
+    ?line B = erlang:get_stacktrace(),
+    %%
+    ?line C0 = odd_even(N+1, []),
+    ?line C = lists:sublist(C0, N),
+    ?line try odd(N+1)
+	  catch error:function_clause -> ok
+	  end,
+    ?line C = erlang:get_stacktrace(),
+    ?line try erlang:raise(error, function_clause, C0)
+          catch error:function_clause -> ok
+          end,
+    ?line C = erlang:get_stacktrace(),
+    ok.
+
+odd_even(N, R) when is_integer(N), N > 1 ->
+    odd_even(N-1,
+	     [if (N rem 2) == 0 ->
+		      {?MODULE,even,1,[{file,?MODULE_STRING++".erl"},
+				       {line,42}]};
+		 true ->
+		      {?MODULE,odd,1,[{file,?MODULE_STRING++".erl"},
+				      {line,45}]}
+	      end|R]);
+odd_even(1, R) ->
+    [{?MODULE,odd,[1],[{file,?MODULE_STRING++".erl"},
+		       {line,44}]}|R].
+
+foo({value,Value}) -> Value;
+foo({'div',{A,B}}) ->
+    my_div(A, B);
+foo({'add',{A,B}}) ->
+    my_add(A, B);
+foo({'abs',X}) ->
+    my_abs(X);
+foo({error,Error}) ->
+    erlang:error(Error);
+foo({throw,Throw}) ->
+    erlang:throw(Throw);
+foo({exit,Exit}) ->
+    erlang:exit(Exit);
+foo({raise,{Class,Reason,Stacktrace}}) ->
+    erlang:raise(Class, Reason, Stacktrace).
+%%foo(function_clause) -> % must not be defined!
+
+my_div(A, B) ->
+    A div B.
+
+my_add(A, B) ->
+    A + B.
+
+my_abs(X) -> abs(X).
+
+gunilla(Config) when is_list(Config) ->
+    ?line {throw,kalle} = gunilla_1(),
+    ?line [] = erlang:get_stacktrace(),
+    ok.
+
+gunilla_1() ->
+    try try arne()
+	after
+	    pelle
+	end
+    catch
+	C:R ->
+	    {C,R}
+    end.
+
+arne() ->
+    %% Empty stack trace used to cause change the error class to 'error'.
+    erlang:raise(throw, kalle, []).
+
+per(Config) when is_list(Config) ->
+    try
+	t1(0,pad,0),
+	t2(0,pad,0)
+    catch
+	error:badarith ->
+	    ok
+    end.
+
+t1(_,X,_) ->
+   (1 bsl X) + 1.
+
+t2(_,X,_) ->
+   (X bsl 1) + 1.
+
+id(I) -> I.
diff --git a/lib/debugger/test/fun_SUITE.erl b/lib/debugger/test/fun_SUITE.erl
index 8103d9c692..a06cdc7165 100644
--- a/lib/debugger/test/fun_SUITE.erl
+++ b/lib/debugger/test/fun_SUITE.erl
@@ -24,8 +24,10 @@
 	 init_per_testcase/2,end_per_testcase/2,
 	 init_per_suite/1,end_per_suite/1,
 	 good_call/1,bad_apply/1,bad_fun_call/1,badarity/1,
-	 ext_badarity/1,otp_6061/1]).
--export([nothing/0]).
+	 ext_badarity/1,otp_6061/1,external/1]).
+
+%% Internal exports.
+-export([nothing/0,call_me/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -46,7 +48,7 @@ end_per_group(_GroupName, Config) ->
 
 cases() -> 
     [good_call, bad_apply, bad_fun_call, badarity,
-     ext_badarity, otp_6061].
+     ext_badarity, otp_6061, external].
 
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
@@ -244,3 +246,47 @@ test_otp_6061(Starter) ->
 	       fun() -> Starter ! working end,
 	       fun() -> Starter ! not_working end],
     lists:foreach(fun(P)->(lists:nth(P,PassesF))() end,Passes).
+
+-define(APPLY(M, F, A), (fun(Fun) -> {ok,{a,b}} = Fun({a,b}) end)(fun M:F/A)).
+-define(APPLY2(M, F, A),
+	(fun(Map) ->
+		 Id = fun(I) -> I end,
+		 List = [x,y],
+		 List = Map(Id, List),
+		 {type,external} = erlang:fun_info(Map, type)
+	 end)(fun M:F/A)).
+
+external(Config) when is_list(Config) ->
+    Mod = id(?MODULE),
+    Func = id(call_me),
+    Arity = id(1),
+
+    ?APPLY(?MODULE, call_me, 1),
+    ?APPLY(?MODULE, call_me, Arity),
+    ?APPLY(?MODULE, Func, 1),
+    ?APPLY(?MODULE, Func, Arity),
+    ?APPLY(Mod, call_me, 1),
+    ?APPLY(Mod, call_me, Arity),
+    ?APPLY(Mod, Func, 1),
+    ?APPLY(Mod, Func, Arity),
+
+    ListsMod = id(lists),
+    ListsMap = id(map),
+    ListsArity = id(2),
+
+    ?APPLY2(lists, map, 2),
+    ?APPLY2(lists, map, ListsArity),
+    ?APPLY2(lists, ListsMap, 2),
+    ?APPLY2(lists, ListsMap, ListsArity),
+    ?APPLY2(ListsMod, map, 2),
+    ?APPLY2(ListsMod, map, ListsArity),
+    ?APPLY2(ListsMod, ListsMap, 2),
+    ?APPLY2(ListsMod, ListsMap, ListsArity),
+
+    ok.
+
+call_me(I) ->
+    {ok,I}.
+
+id(I) ->
+    I.
diff --git a/lib/debugger/test/guard_SUITE.erl b/lib/debugger/test/guard_SUITE.erl
index 611dcb4dff..bf5fa82749 100644
--- a/lib/debugger/test/guard_SUITE.erl
+++ b/lib/debugger/test/guard_SUITE.erl
@@ -35,7 +35,8 @@
 	 t_is_boolean/1,is_function_2/1,
 	 tricky/1,rel_ops/1,
 	 basic_andalso_orelse/1,traverse_dcd/1,
-	 check_qlc_hrl/1]).
+	 check_qlc_hrl/1,andalso_semi/1,t_tuple_size/1,binary_part/1,
+	 bad_constants/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -65,7 +66,8 @@ cases() ->
      xor_guard, more_xor_guards, build_in_guard,
      old_guard_tests, gbif, t_is_boolean, is_function_2,
      tricky, rel_ops, basic_andalso_orelse, traverse_dcd,
-     check_qlc_hrl].
+     check_qlc_hrl, andalso_semi, t_tuple_size, binary_part,
+     bad_constants].
 
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
@@ -294,9 +296,7 @@ try_gbif(Id, X, Y) ->
 
 try_fail_gbif(Id, X, Y) ->
     case catch guard_bif(Id, X, Y) of
-	{'EXIT', {function_clause,{?MODULE,guard_bif,[Id,X,Y]}}} -> %Jam
-	    io:format("guard_bif(~p, ~p, ~p) -- ok", [Id,X,Y]);
-	{'EXIT', {function_clause,[{?MODULE,guard_bif,[Id,X,Y]}|_]}} ->	%Beam
+	{'EXIT', {function_clause,[{?MODULE,guard_bif,[Id,X,Y],_}|_]}} ->
 	    io:format("guard_bif(~p, ~p, ~p) -- ok", [Id,X,Y]);
 	Other ->
 	    ?line ok = io:format("guard_bif(~p, ~p, ~p) -- bad result: ~p\n",
@@ -367,9 +367,8 @@ type_tests(Test, [Type|T], Allowed) ->
 	    end;
 	false ->
 	    case catch type_test(Test, Value) of
-		{'EXIT', {function_clause, {?MODULE, type_test, [Test, Value]}}} ->
-		    ok;
-		{'EXIT', {function_clause,[{?MODULE,type_test,[Test,Value]}|_]}} ->
+		{'EXIT',{function_clause,
+			 [{?MODULE,type_test,[Test,Value],_}|_]}} ->
 		    ok;
 		{'EXIT',Other} ->
 		    ?line test_server:fail({unexpected_error_reason,Other});
@@ -1477,7 +1476,207 @@ cqlc(M, F, As, St) ->
             St
     end.
 
+%% OTP-7679: Thanks to Hunter Morris.
+andalso_semi(Config) when is_list(Config) ->
+    ?line ok = andalso_semi_foo(0),
+    ?line ok = andalso_semi_foo(1),
+    ?line fc(catch andalso_semi_foo(2)),
+
+    ?line ok = andalso_semi_bar([a,b,c]),
+    ?line ok = andalso_semi_bar(1),
+    ?line fc(catch andalso_semi_bar([a,b])),
+    ok.
+
+andalso_semi_foo(Bar) when is_integer(Bar) andalso Bar =:= 0; Bar =:= 1 ->
+   ok.
+
+andalso_semi_bar(Bar) when is_list(Bar) andalso length(Bar) =:= 3; Bar =:= 1 ->
+   ok.
+
+
+t_tuple_size(Config) when is_list(Config) ->
+    ?line 10 = do_tuple_size({1,2,3,4}),
+    ?line fc(catch do_tuple_size({1,2,3})),
+    ?line fc(catch do_tuple_size(42)),
 
+    ?line error = ludicrous_tuple_size({a,b,c}),
+    ?line error = ludicrous_tuple_size([a,b,c]),
+
+    ok.
+
+do_tuple_size(T) when tuple_size(T) =:= 4 ->
+    {A,B,C,D} = T,
+    A+B+C+D.
+
+ludicrous_tuple_size(T)
+  when tuple_size(T) =:= 16#7777777777777777777777777777777777 -> ok;
+ludicrous_tuple_size(T)
+  when tuple_size(T) =:= 16#10000000000000000 -> ok;
+ludicrous_tuple_size(T)
+  when tuple_size(T) =:= (1 bsl 64) - 1 -> ok;
+ludicrous_tuple_size(T)
+  when tuple_size(T) =:= 16#FFFFFFFFFFFFFFFF -> ok;
+ludicrous_tuple_size(_) -> error.
+
+%%
+%% The binary_part/2,3 guard BIFs
+%%
+-define(MASK_ERROR(EXPR),mask_error((catch (EXPR)))).
+mask_error({'EXIT',{Err,_}}) ->
+    Err;
+mask_error(Else) ->
+    Else.
+
+binary_part(doc) ->
+    ["Tests the binary_part/2,3 guard (GC) bif's"];
+binary_part(Config) when is_list(Config) ->
+    %% This is more or less a copy of what the guard_SUITE in emulator
+    %% does to cover the guard bif's
+    ?line 1 = bptest(<<1,2,3>>),
+    ?line 2 = bptest(<<2,1,3>>),
+    ?line error = bptest(<<1>>),
+    ?line error = bptest(<<>>),
+    ?line error = bptest(apa),
+    ?line 3 = bptest(<<2,3,3>>),
+    % With one variable (pos)
+    ?line 1 = bptest(<<1,2,3>>,1),
+    ?line 2 = bptest(<<2,1,3>>,1),
+    ?line error = bptest(<<1>>,1),
+    ?line error = bptest(<<>>,1),
+    ?line error = bptest(apa,1),
+    ?line 3 = bptest(<<2,3,3>>,1),
+    % With one variable (length)
+    ?line 1 = bptesty(<<1,2,3>>,1),
+    ?line 2 = bptesty(<<2,1,3>>,1),
+    ?line error = bptesty(<<1>>,1),
+    ?line error = bptesty(<<>>,1),
+    ?line error = bptesty(apa,1),
+    ?line 3 = bptesty(<<2,3,3>>,2),
+    % With one variable (whole tuple)
+    ?line 1 = bptestx(<<1,2,3>>,{1,1}),
+    ?line 2 = bptestx(<<2,1,3>>,{1,1}),
+    ?line error = bptestx(<<1>>,{1,1}),
+    ?line error = bptestx(<<>>,{1,1}),
+    ?line error = bptestx(apa,{1,1}),
+    ?line 3 = bptestx(<<2,3,3>>,{1,2}),
+    % With two variables
+    ?line 1 = bptest(<<1,2,3>>,1,1),
+    ?line 2 = bptest(<<2,1,3>>,1,1),
+    ?line error = bptest(<<1>>,1,1),
+    ?line error = bptest(<<>>,1,1),
+    ?line error = bptest(apa,1,1),
+    ?line 3 = bptest(<<2,3,3>>,1,2),
+    % Direct (autoimported) call, these will be evaluated by the compiler...
+    ?line <<2>> = binary_part(<<1,2,3>>,1,1),
+    ?line <<1>> = binary_part(<<2,1,3>>,1,1),
+    % Compiler warnings due to constant evaluation expected (3)
+    ?line badarg = ?MASK_ERROR(binary_part(<<1>>,1,1)),
+    ?line badarg = ?MASK_ERROR(binary_part(<<>>,1,1)),
+    ?line badarg = ?MASK_ERROR(binary_part(apa,1,1)),
+    ?line <<3,3>> = binary_part(<<2,3,3>>,1,2),
+    % Direct call through apply
+    ?line <<2>> = apply(erlang,binary_part,[<<1,2,3>>,1,1]),
+    ?line <<1>> = apply(erlang,binary_part,[<<2,1,3>>,1,1]),
+    % Compiler warnings due to constant evaluation expected (3)
+    ?line badarg = ?MASK_ERROR(apply(erlang,binary_part,[<<1>>,1,1])),
+    ?line badarg = ?MASK_ERROR(apply(erlang,binary_part,[<<>>,1,1])),
+    ?line badarg = ?MASK_ERROR(apply(erlang,binary_part,[apa,1,1])),
+    ?line <<3,3>> = apply(erlang,binary_part,[<<2,3,3>>,1,2]),
+    % Constant propagation
+    ?line  Bin = <<1,2,3>>,
+    ?line  ok = if
+		    binary_part(Bin,1,1) =:= <<2>> ->
+			ok;
+		    %% Compiler warning, clause cannot match (expected)
+		    true ->
+			error
+		end,
+    ?line  ok = if
+		    binary_part(Bin,{1,1}) =:= <<2>> ->
+			ok;
+		    %% Compiler warning, clause cannot match (expected)
+		    true ->
+			error
+		end,
+    ok.
+
+
+bptest(B) when length(B) =:= 1337 ->
+    1;
+bptest(B) when binary_part(B,{1,1}) =:= <<2>> ->
+    1;
+bptest(B) when erlang:binary_part(B,1,1) =:= <<1>> ->
+    2;
+bptest(B)  when erlang:binary_part(B,{1,2}) =:= <<3,3>> ->
+    3;
+bptest(_) ->
+    error.
+
+bptest(B,A) when length(B) =:= A ->
+    1;
+bptest(B,A) when binary_part(B,{A,1}) =:= <<2>> ->
+    1;
+bptest(B,A) when erlang:binary_part(B,A,1) =:= <<1>> ->
+    2;
+bptest(B,A)  when erlang:binary_part(B,{A,2}) =:= <<3,3>> ->
+    3;
+bptest(_,_) ->
+    error.
+
+bptestx(B,A) when length(B) =:= A ->
+    1;
+bptestx(B,A) when binary_part(B,A) =:= <<2>> ->
+    1;
+bptestx(B,A) when erlang:binary_part(B,A) =:= <<1>> ->
+    2;
+bptestx(B,A)  when erlang:binary_part(B,A) =:= <<3,3>> ->
+    3;
+bptestx(_,_) ->
+    error.
+
+bptesty(B,A) when length(B) =:= A ->
+    1;
+bptesty(B,A) when binary_part(B,{1,A}) =:= <<2>> ->
+    1;
+bptesty(B,A) when erlang:binary_part(B,1,A) =:= <<1>> ->
+    2;
+bptesty(B,A)  when erlang:binary_part(B,{1,A}) =:= <<3,3>> ->
+    3;
+bptesty(_,_) ->
+    error.
+
+bptest(B,A,_C) when length(B) =:= A ->
+    1;
+bptest(B,A,C) when binary_part(B,{A,C}) =:= <<2>> ->
+    1;
+bptest(B,A,C) when erlang:binary_part(B,A,C) =:= <<1>> ->
+    2;
+bptest(B,A,C)  when erlang:binary_part(B,{A,C}) =:= <<3,3>> ->
+    3;
+bptest(_,_,_) ->
+    error.
+
+-define(FAILING(C),
+	if
+	    C -> ?t:fail(should_fail);
+	    true -> ok
+	end,
+	if
+	    true, C -> ?t:fail(should_fail);
+	    true -> ok
+	end).
+
+bad_constants(Config) when is_list(Config) ->
+    ?line ?FAILING(false),
+    ?line ?FAILING([]),
+    ?line ?FAILING([a]),
+    ?line ?FAILING([Config]),
+    ?line ?FAILING({a,b}),
+    ?line ?FAILING({a,Config}),
+    ?line ?FAILING(<<1>>),
+    ?line ?FAILING(42),
+    ?line ?FAILING(3.14),
+    ok.
 
 %% Call this function to turn off constant propagation.
 id(I) -> I.
@@ -1490,3 +1689,5 @@ check(F, Result) ->
 	    io:format("     Got: ~p\n", [Other]),
 	    test_server:fail()
     end.
+
+fc({'EXIT',{function_clause,_}}) -> ok.
diff --git a/lib/debugger/test/int_eval_SUITE.erl b/lib/debugger/test/int_eval_SUITE.erl
index f36ed213d1..4ffcf7888e 100644
--- a/lib/debugger/test/int_eval_SUITE.erl
+++ b/lib/debugger/test/int_eval_SUITE.erl
@@ -28,7 +28,7 @@
 	 bifs_outside_erlang/1, spawning/1, applying/1,
 	 catch_and_throw/1, external_call/1, test_module_info/1,
 	 apply_interpreted_fun/1, apply_uninterpreted_fun/1,
-	 interpreted_exit/1, otp_8310/1]).
+	 interpreted_exit/1, otp_8310/1, stacktrace/1]).
 
 %% Helpers.
 -export([applier/3]).
@@ -44,7 +44,7 @@ all() ->
     [bifs_outside_erlang, spawning, applying,
      catch_and_throw, external_call, test_module_info,
      apply_interpreted_fun, apply_uninterpreted_fun,
-     interpreted_exit, otp_8310].
+     interpreted_exit, otp_8310, stacktrace].
 
 groups() -> 
     [].
@@ -191,23 +191,23 @@ apply_interpreted_fun(Config) when is_list(Config) ->
     ?line {ok,ATerm} = spawn_eval(fun() -> F2() end),
 
     %% Called from uninterpreted code, badarity
-    ?line {'EXIT',{{badarity,{F1,[snape]}},[{?MODULE,_,_}|_]}} =
+    ?line {'EXIT',{{badarity,{F1,[snape]}},[{?MODULE,_,_,_}|_]}} =
 	spawn_eval(fun() -> F1(snape) end),
 
     %% Called from uninterpreted code, error in fun
     ?line F3 = spawn_eval(fun() -> ?IM:give_me_a_bad_fun() end),
-    ?line {'EXIT',{snape,[{?IM,_FunName,_}|_]}} =
+    ?line {'EXIT',{snape,[{?IM,_FunName,_,_}|_]}} =
 	spawn_eval(fun() -> F3(snape) end),
 
     %% Called from within interpreted code
     ?line perfectly_alright = spawn_eval(fun() -> ?IM:do_apply(F1) end),
 
     %% Called from within interpreted code, badarity
-    ?line {'EXIT',{{badarity,{F1,[snape]}},[{?IM,do_apply,_}|_]}} =
+    ?line {'EXIT',{{badarity,{F1,[snape]}},[{?IM,do_apply,_,_}|_]}} =
 	spawn_eval(fun() -> ?IM:do_apply(F1, snape) end),
 
     %% Called from within interpreted code, error in fun
-    ?line {'EXIT',{snape,[{?IM,_FunName,_}|_]}} =
+    ?line {'EXIT',{snape,[{?IM,_FunName,_,_}|_]}} =
 	spawn_eval(fun() -> ?IM:do_apply(F3, snape) end),
 
     %% Try some more complex funs.
@@ -239,11 +239,11 @@ apply_uninterpreted_fun(Config) when is_list(Config) ->
 	spawn_eval(fun() -> ?IM:do_apply(F1, any_arg) end),
 
     %% Badarity (evaluated in dbg_debugged, which calls erlang:apply/2)
-    ?line {'EXIT',{{badarity,{F1,[]}},[{erlang,apply,_}|_]}} =
+    ?line {'EXIT',{{badarity,{F1,[]}},[{erlang,apply,_,_}|_]}} =
 	spawn_eval(fun() -> ?IM:do_apply(F1) end),
 
     %% Error in fun
-    ?line {'EXIT',{snape,[{?MODULE,_FunName,_}|_]}} =
+    ?line {'EXIT',{snape,[{?MODULE,_FunName,_,_}|_]}} =
 	spawn_eval(fun() -> ?IM:do_apply(F1, snape) end),
 
     ok.
@@ -277,6 +277,37 @@ applier(M, F, A) ->
     io:format("~p:~p(~p) => ~p\n", [M,F,A,Res]),
     Res.
 
+stacktrace(Config) when is_list(Config) ->
+    ?line {done,Stk} = do_eval(Config, stacktrace),
+    ?line 13 = length(Stk),
+    ?line OldStackTraceFlag = int:stack_trace(),
+    ?line int:stack_trace(no_tail),
+    try
+	?line Res = spawn_eval(fun() -> stacktrace:stacktrace() end),
+	?line io:format("\nInterpreted (no_tail):\n~p", [Res]),
+	?line {done,Stk} = Res
+	after
+	    ?line int:stack_trace(OldStackTraceFlag)
+	end,
+    ok.
+
+
+do_eval(Config, Mod) ->
+    ?line DataDir = ?config(data_dir, Config),
+    ?line ok = file:set_cwd(DataDir),
+
+    ?line {ok,Mod} = compile:file(Mod, [report,debug_info]),
+    ?line {module,Mod} = code:load_file(Mod),
+    ?line CompiledRes = Mod:Mod(),
+    ?line ok = io:format("Compiled:\n~p", [CompiledRes]),
+    io:nl(),
+
+    ?line {module,Mod} = int:i(Mod),
+    ?line IntRes = Mod:Mod(),
+    ?line ok = io:format("Interpreted:\n~p", [IntRes]),
+
+    ?line CompiledRes = IntRes.
+
 %%
 %% Evaluate in another process, to prevent the test_case process to become
 %% interpreted.
diff --git a/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl b/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
index 997ee6e17d..c9ac6931e2 100644
--- a/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
+++ b/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -117,7 +117,7 @@ more_nocatch(Fun) ->
 %% External calls.
 
 external_call_test(Data) ->
-    {'EXIT',{undef,[{?MODULE,not_exported,[42,Data]}|_]}} =
+    {'EXIT',{undef,[{?MODULE,not_exported,[42,Data],_}|_]}} =
 	(catch ?MODULE:not_exported(42, Data)),
     {yes,Data} = i_am_exported(Data),
     {yes,Data} = ?MODULE:i_am_exported(Data),
@@ -127,7 +127,7 @@ external_call_test(Data) ->
     {ok,Data,[a,b]} = not_exported(Data, [a,b]),
     {yes,Data} = i_am_exported(Data),
     {ok,Data,[a,b]} = not_exported(Data, [a,b]),
-    {'EXIT',{undef,[{?MODULE,not_exported,[7,Data]}|_]}} =
+    {'EXIT',{undef,[{?MODULE,not_exported,[7,Data],_}|_]}} =
 	(catch ?MODULE:not_exported(7, Data)),
     {yes,Data} = ?MODULE:i_am_exported(Data),
     ok.
diff --git a/lib/debugger/test/int_eval_SUITE_data/stacktrace.erl b/lib/debugger/test/int_eval_SUITE_data/stacktrace.erl
new file mode 100644
index 0000000000..3380178fdc
--- /dev/null
+++ b/lib/debugger/test/int_eval_SUITE_data/stacktrace.erl
@@ -0,0 +1,130 @@
+-module(stacktrace).
+-export([?MODULE/0]).
+
+?MODULE() ->
+    OldDepth = erlang:system_flag(backtrace_depth, 32),
+    done = (catch do_try()),
+    Stk = trim(erlang:get_stacktrace()),
+    erlang:system_flag(backtrace_depth, OldDepth),
+    {done,Stk}.
+
+trim([{int_eval_SUITE,_,_,_}|_]) ->
+    [];
+trim([H|T]) ->
+    [H|trim(T)];
+trim([]) -> [].
+
+do_try() ->
+    try
+	0 = id(42)
+    catch
+	error:{badmatch,42} ->
+	    do_try2()				%Tail-recursive
+    end.
+
+do_try2() ->
+    try
+	0 = id(42)
+    catch
+	error:{badmatch,42} ->
+	    do_try3()				%Not tail-recursive
+    end,
+    ?LINE.
+
+do_try3() ->
+    try id(42) of
+	42 -> do_try4()				%Tail-recursive
+    catch
+	error:ignore ->				%Should never catch
+	    ?LINE
+    end.
+
+do_try4() ->
+    try
+	do_recv()				%Not tail-recursive
+    catch
+	error:ignore ->				%Should never catch
+	    ?LINE
+    end.
+
+do_recv() ->
+    self() ! x,
+    receive
+	x -> do_recv2()				%Not tail-recursive
+    end,
+    ?LINE.
+
+do_recv2() ->
+    self() ! y,
+    receive
+	y -> do_recv3()				%Tail-recursive
+    end.
+
+do_recv3() ->
+    receive
+	after 0 -> do_recv4()			%Tail-recursive
+    end.
+
+do_recv4() ->
+    receive
+	after 0 -> do_if(true)			%Not tail-recursive
+    end,
+    ?LINE.
+
+do_if(Bool) ->
+    if
+	Bool -> do_if2(Bool)			%Tail-recursive
+    end.
+
+do_if2(Bool) ->
+    if
+	Bool -> do_case(Bool)			%Not tail-recursive
+    end,
+    ?LINE.
+
+
+do_case(Bool) ->
+    case Bool of
+	true -> do_case2(Bool)			%Tail-recursive
+    end.
+
+do_case2(Bool) ->
+    case Bool of
+	true -> do_fun(Bool)			%Not tail-recursive
+    end,
+    ?LINE.
+
+do_fun(Bool) ->
+    F = fun(true) ->
+		do_fun2(Bool)			%Tail-recursive
+	end,
+    F(Bool).					%Tail-recursive
+
+do_fun2(Bool) ->
+    F = fun(true) ->
+		cons(Bool)			%Tail-recursive
+	end,
+    F(Bool),					%Not tail-recursive
+    ?LINE.
+
+cons(Bool) ->
+    [Bool|tuple()].
+
+tuple() ->
+    {ok,op()}.
+
+op() ->
+    1 + lc().
+
+lc() ->
+    [done() || true].
+
+done() ->
+    tail(100),
+    throw(done).
+
+tail(0) -> ok;
+tail(N) -> tail(N-1).
+
+id(I) ->
+    I.
diff --git a/lib/debugger/test/lc_SUITE.erl b/lib/debugger/test/lc_SUITE.erl
index 92a03ef58e..2f05eb7fca 100644
--- a/lib/debugger/test/lc_SUITE.erl
+++ b/lib/debugger/test/lc_SUITE.erl
@@ -17,21 +17,22 @@
 %% %CopyrightEnd%
 %%
 
-%%
 -module(lc_SUITE).
 
--author('[email protected]').
+%% Copied from lc_SUITE in the compiler application.
+
 -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
 	 init_per_suite/1,end_per_suite/1,
-	 basic/1]).
+	 basic/1,deeply_nested/1,no_generator/1,
+	 empty_generator/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    cases().
+    [basic, deeply_nested, no_generator, empty_generator].
 
 groups() -> 
     [].
@@ -42,10 +43,6 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
-
-cases() -> 
-    [basic].
-
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
     Dog = test_server:timetrap(?t:minutes(1)),
@@ -64,7 +61,7 @@ init_per_suite(Config) when is_list(Config) ->
 end_per_suite(Config) when is_list(Config) ->
     ok.
 
-basic(Config) when list(Config) ->
+basic(Config) when is_list(Config) ->
     ?line L0 = lists:seq(1, 10),
     ?line L1 = my_map(fun(X) -> {x,X} end, L0),
     ?line L1 = [{x,X} || X <- L0],
@@ -73,16 +70,116 @@ basic(Config) when list(Config) ->
     ?line [4,5,6] = [X || X <- L0, X > 3, X < 7],
     ?line [] = [X || X <- L0, X > 32, X < 7],
     ?line [1,3,5,7,9] = [X || X <- L0, odd(X)],
+    ?line [2,4,6,8,10] = [X || X <- L0, not odd(X)],
+    ?line [1,3,5,9] = [X || X <- L0, odd(X), X =/= 7],
+    ?line [2,4,8,10] = [X || X <- L0, not odd(X), X =/= 6],
+
+    %% Append is specially handled.
+    ?line [1,3,5,9,2,4,8,10] = [X || X <- L0, odd(X), X =/= 7] ++
+	[X || X <- L0, not odd(X), X =/= 6],
+
+    %% Guards BIFs are evaluated in guard context. Weird, but true.
+    ?line [{a,b,true},{x,y,true,true}] = [X || X <- tuple_list(), element(3, X)],
+
+    %% Filter expressions with andalso/orelse.
+    ?line "abc123" = alphanum("?abc123.;"),
 
     %% Error cases.
-    ?line [] = [X || X <- L1, X+1 < 2],
     ?line [] = [{xx,X} || X <- L0, element(2, X) == no_no_no],
-    ?line {'EXIT',_}  = (catch [X || X <- L1, odd(X)]),
+    ?line {'EXIT',_} = (catch [X || X <- L1, list_to_atom(X) == dum]),
+    ?line [] = [X || X <- L1, X+1 < 2],
+    ?line {'EXIT',_} = (catch [X || X <- L1, odd(X)]),
 
+    %% A bad generator has a different exception compared to BEAM.
+    ?line {'EXIT',{{bad_generator,x},_}} = (catch [E || E <- id(x)]),
     ok.
 
+tuple_list() ->
+    [{a,b,true},[a,b,c],glurf,{a,b,false,xx},{a,b},{x,y,true,true},{a,b,d,ddd}].
+
 my_map(F, L) ->
     [F(X) || X <- L].
 
 odd(X) ->
     X rem 2 == 1.
+
+alphanum(Str) ->
+    [C || C <- Str, ((C >= $0) andalso (C =< $9))
+	      orelse ((C >= $a) andalso (C =< $z))
+	      orelse ((C >= $A) andalso (C =< $Z))].
+
+deeply_nested(Config) when is_list(Config) ->
+    [[99,98,97,96,42,17,1764,12,11,10,9,8,7,6,5,4,3,7,2,1]] =  deeply_nested_1(),
+    ok.
+
+deeply_nested_1() ->
+    %% This used to compile really, really SLOW before R11B-1...
+    [[X1,X2,X3,X4,X5,X6,X7(),X8,X9,X10,X11,X12,X13,X14,X15,X16,X17,X18(),X19,X20] ||
+        X1 <- [99],X2 <- [98],X3 <- [97],X4 <- [96],X5 <- [42],X6 <- [17],
+	X7 <- [fun() -> X5*X5 end],X8 <- [12],X9 <- [11],X10 <- [10],
+        X11 <- [9],X12 <- [8],X13 <- [7],X14 <- [6],X15 <- [5],
+	X16 <- [4],X17 <- [3],X18 <- [fun() -> X16+X17 end],X19 <- [2],X20 <- [1]].
+
+no_generator(Config) when is_list(Config) ->
+    ?line Seq = lists:seq(-10, 17),
+    ?line [no_gen_verify(no_gen(A, B), A, B) || A <- Seq, B <- Seq],
+
+    %% Literal expression, for coverage.
+    ?line [a] = [a || true],
+    ?line [a,b,c] = [a || true] ++ [b,c],
+    ok.
+
+no_gen(A, B) ->
+    [{A,B} || A+B =:= 0] ++
+	[{A,B} || A*B =:= 0] ++
+	[{A,B} || A rem B =:= 3] ++
+	[{A,B} || A =:= B] ++
+	[{one_more,A,B} || no_gen_one_more(A, B)] ++
+	[A || A =:= 1] ++
+	[A || A =:= 2] ++
+	[A || A =:= 3] ++
+	[A || A =:= 4] ++
+	[A || A =:= 5] ++
+	[A || A =:= 6] ++
+	[A || A =:= 7] ++
+	[A || A =:= 8] ++
+	[A || A =:= 9] ++
+	[B || B =:= 1] ++
+	[B || B =:= 2] ++
+	[B || B =:= 3] ++
+	[B || B =:= 4] ++
+	[B || B =:= 5] ++
+	[B || B =:= 6] ++
+	[B || B =:= 7] ++
+	[B || B =:= 8] ++
+	[B || B =:= 9].
+
+no_gen_verify(Res, A, B) ->
+    Pair = {A,B},
+    ShouldBe = no_gen_eval(fun() -> A+B =:= 0 end, Pair) ++
+	no_gen_eval(fun() -> A*B =:= 0 end, Pair) ++
+	no_gen_eval(fun() -> B =/= 0 andalso A rem B =:= 3 end, Pair) ++
+	no_gen_eval(fun() -> A =:= B end, Pair) ++
+	no_gen_eval(fun() -> A + 1 =:= B end, {one_more,A,B}) ++
+	no_gen_eval(fun() -> 1 =< A andalso A =< 9 end, A) ++
+	no_gen_eval(fun() -> 1 =< B andalso B =< 9 end, B),
+    case Res of
+	ShouldBe -> ok;
+	_ ->
+	    io:format("A = ~p; B = ~p; Expected = ~p, actual = ~p", [A,B,ShouldBe,Res]),
+	    ?t:fail()
+    end.
+
+no_gen_eval(Fun, Res) ->
+    case Fun() of
+	true -> [Res];
+	false -> []
+    end.
+
+no_gen_one_more(A, B) -> A + 1 =:= B.
+
+empty_generator(Config) when is_list(Config) ->
+    ?line [] = [X || {X} <- [], (false or (X/0 > 3))],
+    ok.
+
+id(I) -> I.
diff --git a/lib/debugger/test/line_number_SUITE.erl b/lib/debugger/test/line_number_SUITE.erl
new file mode 100644
index 0000000000..d1f56d3493
--- /dev/null
+++ b/lib/debugger/test/line_number_SUITE.erl
@@ -0,0 +1,220 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(line_number_SUITE).
+
+-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2,
+	 init_per_testcase/2,end_per_testcase/2,
+	 init_per_suite/1,end_per_suite/1,
+	 line_numbers/1]).
+-export([crash/1]).
+
+-include_lib("test_server/include/test_server.hrl").
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+    cases().
+
+groups() ->
+    [].
+
+init_per_group(_GroupName, Config) ->
+    Config.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+cases() ->
+    [line_numbers].
+
+init_per_testcase(_Case, Config) ->
+    test_lib:interpret(?MODULE),
+    Dog = test_server:timetrap(?t:minutes(1)),
+    [{watchdog,Dog}|Config].
+
+end_per_testcase(_Case, Config) ->
+    Dog = ?config(watchdog, Config),
+    ?t:timetrap_cancel(Dog),
+    ok.
+
+init_per_suite(Config) when is_list(Config) ->
+    ?line test_lib:interpret(?MODULE),
+    ?line true = lists:member(?MODULE, int:interpreted()),
+    Config.
+
+end_per_suite(Config) when is_list(Config) ->
+    ok.
+
+
+
+
+
+%%
+%% === Make sure that this is always line 70 ===
+%%
+line1(Tag, X) ->				%Line 72
+    case Tag of					%Line 73
+	a ->
+	    Y = X + 1,				%Line 75
+	    Res = id({ok,Y}),			%Line 76
+	    ?MODULE:crash({ok,42} = Res);	%Line 77
+	b ->
+	    x = id(x),				%Line 79
+	    ok					%Line 80
+    end.					%Line 81
+
+crash(_) ->					%Line 83
+    erlang:error(crash).			%Line 84
+
+close_calls(Where) ->				%Line 86
+    put(where_to_crash, Where),			%Line 87
+    try
+	call1(),				%Line 89
+	call2(),				%Line 90
+	call3(),				%Line 91
+	no_crash				%Line 92
+    catch error:crash ->
+	    erlang:get_stacktrace()		%Line 94
+    end.					%Line 95
+
+call1() ->					%Line 97
+    maybe_crash(call1),				%Line 98
+    ok.						%Line 99
+
+call2() ->					%Line 101
+    maybe_crash(call2),				%Line 102
+    ok.						%Line 103
+
+call3() ->					%Line 105
+    maybe_crash(call3),				%Line 106
+    ok.						%Line 107
+
+maybe_crash(Name) ->				%Line 109
+    case get(where_to_crash) of			%Line 110
+	Name ->
+	    erlang:error(crash);		%Line 112
+	_ ->
+	    ok					%Line 114
+    end.					%Line 115
+
+build_binary1(Size) ->				%Line 117
+    id(42),					%Line 118
+    <<0:Size>>.					%Line 119
+
+build_binary2(Size, Bin) ->			%Line 121
+    id(0),					%Line 122
+    <<7:Size,Bin/binary>>.			%Line 123
+
+do_call_abs(x, Arg) ->				%Line 125
+    abs(Arg).					%Line 126
+
+do_call_unsafe_bif(x, Arg) ->			%Line 128
+    link(Arg).					%Line 129
+
+
+line_numbers(Config) when is_list(Config) ->
+    File = ?MODULE_STRING ++ ".erl",
+    {'EXIT',{{case_clause,bad_tag},
+	     [{?MODULE,line1,2,
+	       [{file,File},{line,73}]},
+	      {?MODULE,line_numbers,1,_}|_]}} =
+	(catch line1(bad_tag, 0)),
+    {'EXIT',{badarith,
+	     [{?MODULE,line1,2,
+	       [{file,File},{line,75}]},
+	      {?MODULE,line_numbers,1,_}|_]}} =
+	(catch line1(a, not_an_integer)),
+    {'EXIT',{{badmatch,{ok,1}},
+	     [{?MODULE,line1,2,
+	       [{file,File},{line,77}]},
+	      {?MODULE,line_numbers,1,_}|_]}} =
+	(catch line1(a, 0)),
+    {'EXIT',{crash,
+	     [{?MODULE,crash,1,
+	       [{file,File},{line,84}]},
+	      {?MODULE,line_numbers,1,_}|_]}} =
+	(catch line1(a, 41)),
+
+    [{?MODULE,maybe_crash,1,[{file,File},{line,112}]},
+     {?MODULE,call1,0,[{file,File},{line,98}]},
+     {?MODULE,close_calls,1,[{file,File},{line,89}]},
+     {?MODULE,line_numbers,1,[{file,File},{line,_}]}|_] =
+	close_calls(call1),
+    [{?MODULE,maybe_crash,1,[{file,File},{line,112}]},
+     {?MODULE,call2,0,[{file,File},{line,102}]},
+     {?MODULE,close_calls,1,[{file,File},{line,90}]},
+     {?MODULE,line_numbers,1,[{file,File},{line,_}]}|_] =
+	close_calls(call2),
+    [{?MODULE,maybe_crash,1,[{file,File},{line,112}]},
+     {?MODULE,call3,0,[{file,File},{line,106}]},
+     {?MODULE,close_calls,1,[{file,File},{line,91}]},
+     {?MODULE,line_numbers,1,[{file,File},{line,_}]}|_] =
+	close_calls(call3),
+    no_crash = close_calls(other),
+
+    <<0,0>> = build_binary1(16),
+    {'EXIT',{badarg,
+	     [{?MODULE,build_binary1,1,
+	       [{file,File},{line,119}]},
+	      {?MODULE,line_numbers,1,
+	       [{file,ModFile},{line,_}]}|_]}} =
+	(catch build_binary1(bad_size)),
+
+    <<7,1,2,3>> = build_binary2(8, <<1,2,3>>),
+    {'EXIT',{badarg,
+	     [{?MODULE,build_binary2,2,
+	       [{file,File},{line,123}]},
+	      {?MODULE,line_numbers,1,
+	       [{file,ModFile},{line,_}]}|_]}} =
+	(catch build_binary2(bad_size, <<>>)),
+    {'EXIT',{badarg,
+	     [%% Beam has an extra here:
+	      %%   {erlang,bit_size,[bad_binary],[]}
+	      %% Since this is an artifact of the implementation,
+	      %% we don't attempt to mimic it in the debugger.
+	      {?MODULE,build_binary2,2,
+	       [{file,File},{line,123}]},
+	      {?MODULE,line_numbers,1,
+	       [{file,ModFile},{line,_}]}|_]}} =
+	(catch build_binary2(8, bad_binary)),
+
+    {'EXIT',{function_clause,
+	     [{?MODULE,do_call_abs,[y,y],
+	       [{file,File},{line,125}]},
+	      {?MODULE,line_numbers,1,_}|_]}} =
+	(catch do_call_abs(y, y)),
+    {'EXIT',{badarg,
+	     [{erlang,abs,[[]],[]},
+	      {?MODULE,do_call_abs,2,
+	       [{file,File},{line,126}]},
+	      {?MODULE,line_numbers,1,_}|_]}} =
+	(catch do_call_abs(x, [])),
+
+    {'EXIT',{badarg,
+	     [{erlang,link,[[]],[]},
+	      {?MODULE,do_call_unsafe_bif,2,
+	       [{file,File},{line,129}]},
+	      {?MODULE,line_numbers,1,_}|_]}} =
+	(catch do_call_unsafe_bif(x, [])),
+
+    ok.
+
+id(I) ->
+    I.
diff --git a/lib/debugger/test/test_lib.erl b/lib/debugger/test/test_lib.erl
index 541375e64a..29b26343e8 100644
--- a/lib/debugger/test/test_lib.erl
+++ b/lib/debugger/test/test_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,7 +22,7 @@
 
 -export([interpret/1]).
 
-interpret(Mod) when atom(Mod) ->
+interpret(Mod) when is_atom(Mod) ->
     case lists:member(Mod, int:interpreted()) of
 	true -> ok;
 	false -> {module,Mod} = i:ii(Mod)
diff --git a/lib/debugger/test/trycatch_SUITE.erl b/lib/debugger/test/trycatch_SUITE.erl
index a87c5db138..470d46d915 100644
--- a/lib/debugger/test/trycatch_SUITE.erl
+++ b/lib/debugger/test/trycatch_SUITE.erl
@@ -318,17 +318,18 @@ eclectic(Conf) when is_list(Conf) ->
     V = {make_ref(),3.1415926535,[[]|{}]},
     ?line {{value,{value,V},V},V} =
 	eclectic_1({foo,{value,{value,V}}}, undefined, {value,V}),
-    ?line {{'EXIT',{V,[{?MODULE,foo,_}|_]}},V} =
+    ?line {{'EXIT',{V,[{?MODULE,foo,_,_}|_]}},V} =
 	eclectic_1({catch_foo,{error,V}}, undefined, {value,V}),
     ?line {{error,{exit,V},{'EXIT',V}},V} =
 	eclectic_1({foo,{error,{exit,V}}}, error, {value,V}),
-    ?line {{value,{value,V},V},{'EXIT',{badarith,[{?MODULE,my_add,_}|_]}}} =
+    ?line {{value,{value,V},V},{'EXIT',{badarith,[{?MODULE,my_add,_,_}|_]}}} =
 	eclectic_1({foo,{value,{value,V}}}, undefined, {'add',{0,a}}),
     ?line {{'EXIT',V},V} =
 	eclectic_1({catch_foo,{exit,V}}, undefined, {throw,V}),
-    ?line {{error,{'div',{1,0}},{'EXIT',{badarith,[{?MODULE,my_div,_}|_]}}}, {'EXIT',V}} =
+    ?line {{error,{'div',{1,0}},{'EXIT',{badarith,[{?MODULE,my_div,_,_}|_]}}},
+	   {'EXIT',V}} =
 	eclectic_1({foo,{error,{'div',{1,0}}}}, error, {exit,V}),
-    ?line {{{error,V},{'EXIT',{V,[{?MODULE,foo,_}|_]}}},{'EXIT',V}} =
+    ?line {{{error,V},{'EXIT',{V,[{?MODULE,foo,_,_}|_]}}},{'EXIT',V}} =
 	eclectic_1({catch_foo,{throw,{error,V}}}, undefined, {exit,V}),
     %%
     ?line {{value,{value,{value,V},V}},V} =
@@ -337,15 +338,15 @@ eclectic(Conf) when is_list(Conf) ->
 	eclectic_2({throw,{value,V}}, throw, {value,V}),
     ?line {{caught,{'EXIT',V}},undefined} =
 	eclectic_2({value,{value,V}}, undefined, {exit,V}),
-    ?line {{caught,{'EXIT',{V,[{?MODULE,foo,_}|_]}}},undefined} =
+    ?line {{caught,{'EXIT',{V,[{?MODULE,foo,_,_}|_]}}},undefined} =
 	eclectic_2({error,{value,V}}, throw, {error,V}),
-    ?line {{caught,{'EXIT',{badarg,[{erlang,abs,[V]}|_]}}},V} =
+    ?line {{caught,{'EXIT',{badarg,[{erlang,abs,[V],_}|_]}}},V} =
 	eclectic_2({value,{'abs',V}}, undefined, {value,V}),
-    ?line {{caught,{'EXIT',{badarith,[{?MODULE,my_add,_}|_]}}},V} =
+    ?line {{caught,{'EXIT',{badarith,[{?MODULE,my_add,_,_}|_]}}},V} =
 	eclectic_2({exit,{'add',{0,a}}}, exit, {value,V}),
     ?line {{caught,{'EXIT',V}},undefined} =
 	eclectic_2({value,{error,V}}, undefined, {exit,V}),
-    ?line {{caught,{'EXIT',{V,[{?MODULE,foo,_}|_]}}},undefined} =
+    ?line {{caught,{'EXIT',{V,[{?MODULE,foo,_,_}|_]}}},undefined} =
 	eclectic_2({throw,{'div',{1,0}}}, throw, {error,V}),
     ok.
 
diff --git a/lib/debugger/vsn.mk b/lib/debugger/vsn.mk
index 0f70dafc19..01ff0eb9a8 100644
--- a/lib/debugger/vsn.mk
+++ b/lib/debugger/vsn.mk
@@ -1 +1 @@
-DEBUGGER_VSN = 3.2.6
+DEBUGGER_VSN = 3.2.7
diff --git a/lib/dialyzer/doc/src/Makefile b/lib/dialyzer/doc/src/Makefile
index 45b0ffa5ff..45b0ffa5ff 100755..100644
--- a/lib/dialyzer/doc/src/Makefile
+++ b/lib/dialyzer/doc/src/Makefile
diff --git a/lib/dialyzer/doc/src/book.xml b/lib/dialyzer/doc/src/book.xml
index 0b4e1cb617..ec06427671 100755..100644
--- a/lib/dialyzer/doc/src/book.xml
+++ b/lib/dialyzer/doc/src/book.xml
@@ -4,7 +4,7 @@
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <header titlestyle="normal">
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/fascicules.xml b/lib/dialyzer/doc/src/fascicules.xml
index 0678195e07..0678195e07 100755..100644
--- a/lib/dialyzer/doc/src/fascicules.xml
+++ b/lib/dialyzer/doc/src/fascicules.xml
diff --git a/lib/dialyzer/doc/src/make.dep b/lib/dialyzer/doc/src/make.dep
deleted file mode 100755
index f8177cd419..0000000000
--- a/lib/dialyzer/doc/src/make.dep
+++ /dev/null
@@ -1,20 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex dialyzer.tex dialyzer_chapter.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/dialyzer/doc/src/notes.xml b/lib/dialyzer/doc/src/notes.xml
index 17291b24f7..f100865b56 100755..100644
--- a/lib/dialyzer/doc/src/notes.xml
+++ b/lib/dialyzer/doc/src/notes.xml
@@ -31,6 +31,94 @@
   <p>This document describes the changes made to the Dialyzer
     application.</p>
 
+<section><title>Dialyzer 2.5</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix false warning about closure application</p>
+          <p>
+	    Whenever a variable that could hold one of two or more
+	    possible closures was used in a particular application,
+	    the application was assumed to fail if ONE of the
+	    closures would fail in this application. This has been
+	    corrected to infer failing application if ALL possible
+	    closures would fail in the particular application.</p>
+          <p>
+	    Change category of 'might also return' warnings</p>
+          <p>
+	    Dialyzer emits warnings like the following "The
+	    specification for _ states that the function might also
+	    return _ but the inferred return is _", which are
+	    actually underspecifications and not wrong type
+	    specifications. This patch makes sure that they are filed
+	    under the appropriate category.</p>
+          <p>
+	    Own Id: OTP-9707</p>
+        </item>
+        <item>
+	    <p>Wrap up behaviours patch for Dialyzer</p> <list>
+	    <item><p>Enable warnings by default, add two options for
+	    suppressing them</p></item> <item><p>Fix warning
+	    formatting and update testsuites.</p></item>
+	    <item><p>Detection of callback-spec
+	    discrepancies</p></item> <item><p>Allow none() as return
+	    value in callbacks</p></item> <item><p>Behaviour callback
+	    discrepancy detection for Dialyzer</p></item>
+	    <item><p>Add lookup function for callbacks</p></item>
+	    <item><p>Store callbacks in codeserver and PLT</p></item>
+	    <item><p>Collect callback definitions during
+	    compilation</p></item> <item><p>Update inets
+	    results</p></item> </list>
+          <p>
+	    Own Id: OTP-9731</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>No warnings for underspecs with remote
+	    types</p></item> <item><p> Fix crash in Typer</p></item>
+	    <item><p>Fix Dialyzer's warning for its own
+	    code</p></item> <item><p>Fix Dialyzer's warnings in
+	    HiPE</p></item> <item><p>Add file/line info in a
+	    particular Dialyzer crash</p></item> <item><p>Update
+	    inets test results</p></item> </list></p>
+          <p>
+	    Own Id: OTP-9758</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Optimize the joining of maps in
+	    <c>dialyzer_dataflow</c>. </p>
+          <p>
+	    Own Id: OTP-9761</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Dialyzer 2.4.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/dialyzer/doc/src/part.xml b/lib/dialyzer/doc/src/part.xml
index 4410840660..564ef3a52f 100755..100644
--- a/lib/dialyzer/doc/src/part.xml
+++ b/lib/dialyzer/doc/src/part.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/part_notes.xml b/lib/dialyzer/doc/src/part_notes.xml
index cb048d55dd..992ee73daa 100755..100644
--- a/lib/dialyzer/doc/src/part_notes.xml
+++ b/lib/dialyzer/doc/src/part_notes.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/ref_man.xml b/lib/dialyzer/doc/src/ref_man.xml
index ca5410f6b8..7e5367b7c5 100755..100644
--- a/lib/dialyzer/doc/src/ref_man.xml
+++ b/lib/dialyzer/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/info b/lib/dialyzer/info
index 9fba4b54ad..9fba4b54ad 100755..100644
--- a/lib/dialyzer/info
+++ b/lib/dialyzer/info
diff --git a/lib/dialyzer/src/dialyzer.erl b/lib/dialyzer/src/dialyzer.erl
index 5014a4244c..3e3c12405f 100644
--- a/lib/dialyzer/src/dialyzer.erl
+++ b/lib/dialyzer/src/dialyzer.erl
@@ -442,23 +442,29 @@ message_to_string({opaque_type_test, [Fun, Opaque]}) ->
 message_to_string({race_condition, [M, F, Args, Reason]}) ->
   io_lib:format("The call ~w:~w~s ~s\n", [M, F, Args, Reason]);
 %%----- Warnings for behaviour errors --------------------
-message_to_string({callback_type_mismatch, [B, F, A, O]}) ->
-  io_lib:format("The inferred return type of the ~w/~w callback includes the"
-		" type ~s which is not a valid return for the ~w behaviour\n",
-		[F, A, erl_types:t_to_string(O), B]);
-message_to_string({callback_arg_type_mismatch, [B, F, A, N, O]}) ->
-  io_lib:format("The inferred type of the ~s argument of ~w/~w callback"
-		" includes the type ~s which is not valid for the ~w behaviour"
-		"\n", [ordinal(N), F, A, erl_types:t_to_string(O), B]);
+message_to_string({callback_type_mismatch, [B, F, A, ST, CT]}) ->
+  io_lib:format("The inferred return type of ~w/~w (~s) has nothing in common"
+		" with ~s, which is the expected return type for the callback of"
+		" ~w behaviour\n", [F, A, ST, CT, B]);
+message_to_string({callback_arg_type_mismatch, [B, F, A, N, ST, CT]}) ->
+  io_lib:format("The inferred type for the ~s argument of ~w/~w (~s) is"
+		" not a supertype of ~s, which is expected type for this"
+		" argument in the callback of the ~w behaviour\n",
+		[ordinal(N), F, A, ST, CT, B]);
+message_to_string({callback_spec_type_mismatch, [B, F, A, ST, CT]}) ->
+  io_lib:format("The return type ~s in the specification of ~w/~w is not a"
+		" subtype of ~s, which is the expected return type for the"
+		" callback of ~w behaviour\n", [ST, F, A, CT, B]);
+message_to_string({callback_spec_arg_type_mismatch, [B, F, A, N, ST, CT]}) ->
+  io_lib:format("The specified type for the ~s argument of ~w/~w (~s) is"
+		" not a supertype of ~s, which is expected type for this"
+		" argument in the callback of the ~w behaviour\n",
+		[ordinal(N), F, A, ST, CT, B]);
 message_to_string({callback_missing, [B, F, A]}) ->
   io_lib:format("Undefined callback function ~w/~w (behaviour '~w')\n",
 		[F, A, B]);
-message_to_string({invalid_spec, [B, F, A, R]}) ->
-  io_lib:format("The spec for the ~w:~w/~w callback is not correct: ~s\n",
-		[B, F, A, R]);
-message_to_string({spec_missing, [B, F, A]}) ->
-  io_lib:format("Type info about ~w:~w/~w callback is not available\n",
-		[B, F, A]).
+message_to_string({callback_info_missing, [B]}) ->
+  io_lib:format("Callback info about the ~w behaviour is not available\n", [B]).
 
 %%-----------------------------------------------------------------------------
 %% Auxiliary functions below
diff --git a/lib/dialyzer/src/dialyzer.hrl b/lib/dialyzer/src/dialyzer.hrl
index 9d2e554981..5e089d1773 100644
--- a/lib/dialyzer/src/dialyzer.hrl
+++ b/lib/dialyzer/src/dialyzer.hrl
@@ -57,6 +57,7 @@
 -define(WARN_UNMATCHED_RETURN, warn_umatched_return).
 -define(WARN_RACE_CONDITION, warn_race_condition).
 -define(WARN_BEHAVIOUR, warn_behaviour).
+-define(WARN_UNDEFINED_CALLBACK, warn_undefined_callbacks).
 
 %%
 %% The following type has double role:
@@ -71,7 +72,8 @@
                        | ?WARN_CONTRACT_NOT_EQUAL | ?WARN_CONTRACT_SUBTYPE
                        | ?WARN_CONTRACT_SUPERTYPE | ?WARN_CALLGRAPH
                        | ?WARN_UNMATCHED_RETURN | ?WARN_RACE_CONDITION
-                       | ?WARN_BEHAVIOUR | ?WARN_CONTRACT_RANGE.
+                       | ?WARN_BEHAVIOUR | ?WARN_CONTRACT_RANGE
+		       | ?WARN_UNDEFINED_CALLBACK.
 
 %%
 %% This is the representation of each warning as they will be returned
diff --git a/lib/dialyzer/src/dialyzer_analysis_callgraph.erl b/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
index abad1f3a75..458f3a4c81 100644
--- a/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
+++ b/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
@@ -2,7 +2,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -43,8 +43,7 @@
 	  parent                        :: pid(),
 	  plt                           :: dialyzer_plt:plt(),
 	  start_from     = byte_code    :: start_from(),
-	  use_contracts  = true         :: boolean(),
-	  behaviours     = {false,[]}   :: {boolean(),[atom()]}
+	  use_contracts  = true         :: boolean()
 	 }).
 
 -record(server_state, {parent :: pid(), legal_warnings :: [dial_warn_tag()]}).
@@ -57,9 +56,7 @@
 
 start(Parent, LegalWarnings, Analysis) ->
   RacesOn = ordsets:is_element(?WARN_RACE_CONDITION, LegalWarnings),
-  BehavOn = ordsets:is_element(?WARN_BEHAVIOUR, LegalWarnings),
-  Analysis0 = Analysis#analysis{race_detection = RacesOn,
-				behaviours_chk = BehavOn},
+  Analysis0 = Analysis#analysis{race_detection = RacesOn},
   Analysis1 = expand_files(Analysis0),
   Analysis2 = run_analysis(Analysis1),
   State = #server_state{parent = Parent, legal_warnings = LegalWarnings},
@@ -125,8 +122,7 @@ analysis_start(Parent, Analysis) ->
 			  plt = Plt,
 			  parent = Parent,
 			  start_from = Analysis#analysis.start_from,
-			  use_contracts = Analysis#analysis.use_contracts,
-			  behaviours = {Analysis#analysis.behaviours_chk, []}
+			  use_contracts = Analysis#analysis.use_contracts
 			 },
   Files = ordsets:from_list(Analysis#analysis.files),
   {Callgraph, NoWarn, TmpCServer0} = compile_and_store(Files, State),
@@ -180,8 +176,8 @@ analysis_start(Parent, Analysis) ->
   send_analysis_done(Parent, Plt4, State3#analysis_state.doc_plt).
 
 analyze_callgraph(Callgraph, State) ->
-  Plt = State#analysis_state.plt,
   Codeserver = State#analysis_state.codeserver,
+  Plt = dialyzer_plt:insert_callbacks(State#analysis_state.plt, Codeserver),
   Parent = State#analysis_state.parent,
   case State#analysis_state.analysis_type of
     plt_build ->
@@ -192,13 +188,11 @@ analyze_callgraph(Callgraph, State) ->
       State#analysis_state{plt = NewPlt};
     succ_typings ->
       NoWarn = State#analysis_state.no_warn_unused,
-      {BehavioursChk, _Known} = State#analysis_state.behaviours,
       DocPlt = State#analysis_state.doc_plt,
       Callgraph1 = dialyzer_callgraph:finalize(Callgraph),
       {Warnings, NewPlt, NewDocPlt} = 
 	dialyzer_succ_typings:get_warnings(Callgraph1, Plt, DocPlt,
-					   Codeserver, NoWarn, Parent,
-					   BehavioursChk),
+					   Codeserver, NoWarn, Parent),
       dialyzer_callgraph:delete(Callgraph1),
       send_warnings(State#analysis_state.parent, Warnings),
       State#analysis_state{plt = NewPlt, doc_plt = NewDocPlt}
@@ -213,8 +207,7 @@ compile_and_store(Files, #analysis_state{codeserver = CServer,
 					 include_dirs = Dirs,
 					 parent = Parent,
 					 use_contracts = UseContracts,
-					 start_from = StartFrom,
-					 behaviours = {BehChk, _}
+					 start_from = StartFrom
 					} = State) ->
   send_log(Parent, "Reading files and computing callgraph... "),
   {T1, _} = statistics(runtime),
@@ -263,37 +256,26 @@ compile_and_store(Files, #analysis_state{codeserver = CServer,
   {T2, _} = statistics(runtime),
   Msg1 = io_lib:format("done in ~.2f secs\nRemoving edges... ", [(T2-T1)/1000]),
   send_log(Parent, Msg1),
-  {KnownBehaviours, UnknownBehaviours} =
-    dialyzer_behaviours:get_behaviours(Modules, NewCServer),
-  if UnknownBehaviours =:= [] -> ok;
-     true -> send_unknown_behaviours(Parent, UnknownBehaviours)
-  end,
-  State1 = State#analysis_state{behaviours = {BehChk, KnownBehaviours}},
-  NewCallgraph2 = cleanup_callgraph(State1, NewCServer, NewCallgraph1, Modules),
+  NewCallgraph2 = cleanup_callgraph(State, NewCServer, NewCallgraph1, Modules),
   {T3, _} = statistics(runtime),
   Msg2 = io_lib:format("done in ~.2f secs\n", [(T3-T2)/1000]),
   send_log(Parent, Msg2),
   {NewCallgraph2, sets:from_list(NoWarn), NewCServer}.
 
 cleanup_callgraph(#analysis_state{plt = InitPlt, parent = Parent,
-				  codeserver = CodeServer,
-				  behaviours = {BehChk, KnownBehaviours}
+				  codeserver = CodeServer
 				 },
 		  CServer, Callgraph, Modules) ->
   ModuleDeps = dialyzer_callgraph:module_deps(Callgraph),
   send_mod_deps(Parent, ModuleDeps),
   {Callgraph1, ExtCalls} = dialyzer_callgraph:remove_external(Callgraph),
-  if BehChk ->
-      RelevantAPICalls =
-	dialyzer_behaviours:get_behaviour_apis(KnownBehaviours),
-      BehaviourAPICalls = [Call || {_From, To} = Call <- ExtCalls,
-				   lists:member(To, RelevantAPICalls)],
-      Callgraph2 =
-	dialyzer_callgraph:put_behaviour_api_calls(BehaviourAPICalls,
-						   Callgraph1);
-     true ->
-      Callgraph2 = Callgraph1
-  end,
+  RelevantAPICalls =
+    dialyzer_behaviours:get_behaviour_apis([gen_server]),
+  BehaviourAPICalls = [Call || {_From, To} = Call <- ExtCalls,
+			       lists:member(To, RelevantAPICalls)],
+  Callgraph2 =
+    dialyzer_callgraph:put_behaviour_api_calls(BehaviourAPICalls,
+					       Callgraph1),
   ExtCalls1 = [Call || Call = {_From, To} <- ExtCalls,
 		       not dialyzer_plt:contains_mfa(InitPlt, To)],
   {BadCalls1, RealExtCalls} =
@@ -325,63 +307,42 @@ compile_src(File, Includes, Defines, Callgraph, CServer, UseContracts) ->
   case dialyzer_utils:get_abstract_code_from_src(File, CompOpts) of
     {error, _Msg} = Error -> Error;
     {ok, AbstrCode} ->
-      case dialyzer_utils:get_core_from_abstract_code(AbstrCode, CompOpts) of
-	error -> {error, "  Could not find abstract code for: " ++ File};
-	{ok, Core} ->
-          Mod = cerl:concrete(cerl:module_name(Core)),
-	  NoWarn = abs_get_nowarn(AbstrCode, Mod),
-	  case dialyzer_utils:get_record_and_type_info(AbstrCode) of
-	    {error, _} = Error -> Error;
-	    {ok, RecInfo} ->
-	      CServer2 =
-		dialyzer_codeserver:store_temp_records(Mod, RecInfo, CServer),
-	      case UseContracts of
-		true ->
-		  case dialyzer_utils:get_spec_info(Mod, AbstrCode, RecInfo) of
-		    {error, _} = Error -> Error;
-		    {ok, SpecInfo} ->
-		      CServer3 =
-			dialyzer_codeserver:store_temp_contracts(Mod,
-								 SpecInfo,
-								 CServer2),
-		      store_core(Mod, Core, NoWarn, Callgraph, CServer3)
-		  end;
-		false ->
-		  store_core(Mod, Core, NoWarn, Callgraph, CServer2)
-	      end
-	  end
-      end
+      compile_common(File, AbstrCode, CompOpts, Callgraph, CServer, UseContracts)
   end.
 
 compile_byte(File, Callgraph, CServer, UseContracts) ->
   case dialyzer_utils:get_abstract_code_from_beam(File) of
     error ->
       {error, "  Could not get abstract code for: " ++ File ++ "\n" ++
-       "  Recompile with +debug_info or analyze starting from source code"};
+	 "  Recompile with +debug_info or analyze starting from source code"};
     {ok, AbstrCode} ->
-      case dialyzer_utils:get_core_from_abstract_code(AbstrCode) of
-	error -> {error, "  Could not get core for: "++File};
-	{ok, Core} ->
-          Mod = cerl:concrete(cerl:module_name(Core)),
-          NoWarn = abs_get_nowarn(AbstrCode, Mod),
-	  case dialyzer_utils:get_record_and_type_info(AbstrCode) of
-	    {error, _} = Error -> Error;
-	    {ok, RecInfo} ->
-	      CServer1 =
-		dialyzer_codeserver:store_temp_records(Mod, RecInfo, CServer),
-	      case UseContracts of
-		true ->
-		  case dialyzer_utils:get_spec_info(Mod, AbstrCode, RecInfo) of
-		    {error, _} = Error -> Error;
-		    {ok, SpecInfo} ->
-		      CServer2 =
-			dialyzer_codeserver:store_temp_contracts(Mod, SpecInfo,
-								 CServer1),
-		      store_core(Mod, Core, NoWarn, Callgraph, CServer2)
-		  end;
-		false ->
-		  store_core(Mod, Core, NoWarn, Callgraph, CServer1)
-	      end
+      compile_common(File, AbstrCode, [], Callgraph, CServer, UseContracts)
+  end.
+
+compile_common(File, AbstrCode, CompOpts, Callgraph, CServer, UseContracts) ->
+  case dialyzer_utils:get_core_from_abstract_code(AbstrCode, CompOpts) of
+    error -> {error, "  Could not get core Erlang code for: " ++ File};
+    {ok, Core} ->
+      Mod = cerl:concrete(cerl:module_name(Core)),
+      NoWarn = abs_get_nowarn(AbstrCode, Mod),
+      case dialyzer_utils:get_record_and_type_info(AbstrCode) of
+	{error, _} = Error -> Error;
+	{ok, RecInfo} ->
+	  CServer1 =
+	    dialyzer_codeserver:store_temp_records(Mod, RecInfo, CServer),
+	  case UseContracts of
+	    true ->
+	      case dialyzer_utils:get_spec_info(Mod, AbstrCode, RecInfo) of
+		{error, _} = Error -> Error;
+		{ok, SpecInfo, CallbackInfo} ->
+		  CServer2 =
+		    dialyzer_codeserver:store_temp_contracts(Mod, SpecInfo,
+							     CallbackInfo,
+							     CServer1),
+		  store_core(Mod, Core, NoWarn, Callgraph, CServer2)
+	      end;
+	    false ->
+	      store_core(Mod, Core, NoWarn, Callgraph, CServer1)
 	  end
       end
   end.
@@ -398,8 +359,17 @@ store_core(Mod, Core, NoWarn, Callgraph, CServer) ->
   store_code_and_build_callgraph(Mod, LabeledCore, Callgraph, CServer3, NoWarn).
 
 abs_get_nowarn(Abs, M) ->
-  [{M, F, A}
-   || {attribute, _, compile, {nowarn_unused_function, {F, A}}} <- Abs].
+  Opts = lists:flatten([C || {attribute, _, compile, C} <- Abs]),
+  Warn = erl_lint:bool_option(warn_unused_function, nowarn_unused_function,
+                              true, Opts),
+  case Warn of
+    false ->
+      [{M, F, A} || {function, _, F, A, _} <- Abs]; % all functions
+    true ->
+      [{M, F, A} ||
+        {nowarn_unused_function, FAs} <- Opts,
+        {F, A} <- lists:flatten([FAs])]
+  end.
 
 get_exported_types_from_core(Core) ->
   Attrs = cerl:module_attrs(Core),
diff --git a/lib/dialyzer/src/dialyzer_behaviours.erl b/lib/dialyzer/src/dialyzer_behaviours.erl
index 47ce9ba6eb..e89c08df7d 100644
--- a/lib/dialyzer/src/dialyzer_behaviours.erl
+++ b/lib/dialyzer/src/dialyzer_behaviours.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -30,7 +30,7 @@
 
 -module(dialyzer_behaviours).
 
--export([check_callbacks/4, get_behaviours/2, get_behaviour_apis/1,
+-export([check_callbacks/4, get_behaviour_apis/1,
 	 translate_behaviour_api_call/5, translatable_behaviours/1,
 	 translate_callgraph/3]).
 
@@ -51,12 +51,6 @@
 
 %%--------------------------------------------------------------------
 
--spec get_behaviours([module()], dialyzer_codeserver:codeserver()) ->
-  {[behaviour()], [behaviour()]}.
-
-get_behaviours(Modules, Codeserver) ->
-  get_behaviours(Modules, Codeserver, [], []).
-
 -spec check_callbacks(module(), [{cerl:cerl(), cerl:cerl()}],
 		      dialyzer_plt:plt(),
 		      dialyzer_codeserver:codeserver()) -> [dial_warning()].
@@ -69,12 +63,170 @@ check_callbacks(Module, Attrs, Plt, Codeserver) ->
       MFA = {Module,module_info,0},
       {_Var,Code} = dialyzer_codeserver:lookup_mfa_code(MFA, Codeserver),
       File = get_file(cerl:get_ann(Code)),
-      State = #state{plt = Plt, codeserver = Codeserver, filename = File,
-		     behlines = BehLines},
+      State = #state{plt = Plt, filename = File, behlines = BehLines,
+		     codeserver = Codeserver},
       Warnings = get_warnings(Module, Behaviours, State),
       [add_tag_file_line(Module, W, State) || W <- Warnings]
   end.
 
+%%--------------------------------------------------------------------
+
+get_behaviours(Attrs) ->
+  BehaviourListsAndLine = [{cerl:concrete(L2), hd(cerl:get_ann(L2))} ||
+		  {L1, L2} <- Attrs, cerl:is_literal(L1),
+		  cerl:is_literal(L2), cerl:concrete(L1) =:= 'behaviour'],
+  Behaviours = lists:append([Behs || {Behs,_} <- BehaviourListsAndLine]),
+  BehLines = [{B,L} || {L1,L} <- BehaviourListsAndLine, B <- L1],
+  {Behaviours, BehLines}.
+
+get_warnings(Module, Behaviours, State) ->
+  get_warnings(Module, Behaviours, State, []).
+
+get_warnings(_, [], _, Acc) ->
+  Acc;
+get_warnings(Module, [Behaviour|Rest], State, Acc) ->
+  NewAcc = check_behaviour(Module, Behaviour, State, Acc),
+  get_warnings(Module, Rest, State, NewAcc).
+
+check_behaviour(Module, Behaviour, #state{plt = Plt} = State, Acc) ->
+  case dialyzer_plt:lookup_callbacks(Plt, Behaviour) of
+    [] -> [{callback_info_missing, [Behaviour]}|Acc];
+    Callbacks -> check_all_callbacks(Module, Behaviour, Callbacks, State, Acc)
+  end.
+
+check_all_callbacks(_Module, _Behaviour, [], _State, Acc) ->
+  Acc;
+check_all_callbacks(Module, Behaviour, [Cb|Rest],
+		    #state{plt = Plt, codeserver = Codeserver} = State, Acc) ->
+  {{Behaviour, Function, Arity},
+   {{_BehFile, _BehLine}, Callback}} = Cb,
+  CbMFA = {Module, Function, Arity},
+  CbReturnType = dialyzer_contracts:get_contract_return(Callback),
+  CbArgTypes = dialyzer_contracts:get_contract_args(Callback),
+  Records =
+    case dict:find(Module, dialyzer_codeserver:get_records(Codeserver)) of
+      {ok, V} -> V;
+      error -> dict:new()
+    end,
+  Acc0 = Acc,
+  Acc1 = 
+    case dialyzer_plt:lookup(Plt, CbMFA) of
+      'none' -> [{callback_missing, [Behaviour, Function, Arity]}|Acc0];
+      {'value', RetArgTypes} ->
+	Acc00 = Acc0,
+	{ReturnType, ArgTypes} = RetArgTypes,
+	Acc01 =
+	  case erl_types:t_is_subtype(ReturnType, CbReturnType) of
+	    true -> Acc00;
+	    false ->
+	      case erl_types:t_is_none(
+		     erl_types:t_inf(ReturnType, CbReturnType)) of
+		false -> Acc00;
+		true ->
+		  [{callback_type_mismatch,
+		    [Behaviour, Function, Arity,
+		     erl_types:t_to_string(ReturnType, Records),
+		     erl_types:t_to_string(CbReturnType, Records)]}|Acc00]
+	      end
+	  end,
+	Acc02 =
+	  case erl_types:any_none(
+		 erl_types:t_inf_lists(ArgTypes, CbArgTypes)) of
+	    false -> Acc01;
+	    true ->
+	      find_mismatching_args(type, ArgTypes, CbArgTypes, Behaviour,
+				    Function, Arity, Records, 1, Acc01)
+	  end,
+	Acc02
+    end,
+  Acc2 =
+    case dialyzer_codeserver:lookup_mfa_contract(CbMFA, Codeserver) of
+      'error' -> Acc1;
+      {ok, {{File, Line}, Contract}} ->
+	Acc10 = Acc1,
+	SpecReturnType0 = dialyzer_contracts:get_contract_return(Contract),
+	SpecArgTypes0 = dialyzer_contracts:get_contract_args(Contract),
+	SpecReturnType = erl_types:subst_all_vars_to_any(SpecReturnType0),
+	SpecArgTypes =
+	  [erl_types:subst_all_vars_to_any(ArgT0) || ArgT0 <- SpecArgTypes0],
+	Acc11 =
+	  case erl_types:t_is_subtype(SpecReturnType, CbReturnType) of
+	    true -> Acc10;
+	    false ->
+	      ExtraType = erl_types:t_subtract(SpecReturnType, CbReturnType),
+	      [{callback_spec_type_mismatch,
+		[File, Line, Behaviour, Function, Arity,
+		 erl_types:t_to_string(ExtraType, Records),
+		 erl_types:t_to_string(CbReturnType, Records)]}|Acc10]
+	  end,
+	Acc12 =
+	  case erl_types:any_none(
+		 erl_types:t_inf_lists(SpecArgTypes, CbArgTypes)) of
+	    false -> Acc11;
+	    true ->
+	      find_mismatching_args({spec, File, Line}, SpecArgTypes,
+				    CbArgTypes, Behaviour, Function,
+				    Arity, Records, 1, Acc11)
+	  end,
+	Acc12
+    end,
+  NewAcc = Acc2,
+  check_all_callbacks(Module, Behaviour, Rest, State, NewAcc).
+
+find_mismatching_args(_, [], [], _Beh, _Function, _Arity, _Records, _N, Acc) ->
+  Acc;
+find_mismatching_args(Kind, [Type|Rest], [CbType|CbRest], Behaviour,
+		      Function, Arity, Records, N, Acc) ->
+  case erl_types:t_is_none(erl_types:t_inf(Type, CbType)) of
+    false ->
+      find_mismatching_args(Kind, Rest, CbRest, Behaviour, Function,
+			    Arity, Records, N+1, Acc);
+    true ->
+      Info =
+	[Behaviour, Function, Arity, N,
+	 erl_types:t_to_string(Type, Records),
+	 erl_types:t_to_string(CbType, Records)],
+      NewAcc =
+	[case Kind of
+	   type -> {callback_arg_type_mismatch, Info};
+	   {spec, File, Line} ->
+	     {callback_spec_arg_type_mismatch, [File, Line | Info]}
+	 end | Acc],
+      find_mismatching_args(Kind, Rest, CbRest, Behaviour, Function,
+			    Arity, Records, N+1, NewAcc)
+  end.
+
+add_tag_file_line(_Module, {Tag, [B|_R]} = Warn, State)
+  when Tag =:= callback_missing;
+       Tag =:= callback_info_missing ->
+  {B, Line} = lists:keyfind(B, 1, State#state.behlines),
+  Category =
+    case Tag of
+      callback_missing -> ?WARN_BEHAVIOUR;
+      callback_info_missing -> ?WARN_UNDEFINED_CALLBACK
+    end,
+  {Category, {State#state.filename, Line}, Warn};
+add_tag_file_line(_Module, {Tag, [File, Line|R]}, _State)
+  when Tag =:= callback_spec_type_mismatch;
+       Tag =:= callback_spec_arg_type_mismatch ->
+  {?WARN_BEHAVIOUR, {File, Line}, {Tag, R}};
+add_tag_file_line(Module, {_Tag, [_B, Fun, Arity|_R]} = Warn, State) ->
+  {_A, FunCode} =
+    dialyzer_codeserver:lookup_mfa_code({Module, Fun, Arity},
+					State#state.codeserver),
+  Anns = cerl:get_ann(FunCode),
+  FileLine = {get_file(Anns), get_line(Anns)},
+  {?WARN_BEHAVIOUR, FileLine, Warn}.
+
+get_line([Line|_]) when is_integer(Line) -> Line;
+get_line([_|Tail]) -> get_line(Tail);
+get_line([]) -> -1.
+
+get_file([{file, File}|_]) -> File;
+get_file([_|Tail]) -> get_file(Tail).
+
+%%-----------------------------------------------------------------------------
+
 -spec translatable_behaviours(cerl:c_module()) -> behaviour_api_dict().
 
 translatable_behaviours(Tree) ->
@@ -133,182 +285,6 @@ translate_callgraph([{Behaviour,_}|Behaviours], Module, Callgraph) ->
 translate_callgraph([], _Module, Callgraph) ->
   Callgraph.
 
-%%--------------------------------------------------------------------
-
-get_behaviours(Attrs) ->
-  BehaviourListsAndLine = [{cerl:concrete(L2), hd(cerl:get_ann(L2))} ||
-		  {L1, L2} <- Attrs, cerl:is_literal(L1),
-		  cerl:is_literal(L2), cerl:concrete(L1) =:= 'behaviour'],
-  Behaviours = lists:append([Behs || {Behs,_} <- BehaviourListsAndLine]),
-  BehLines = [{B,L} || {L1,L} <- BehaviourListsAndLine, B <- L1],
-  {Behaviours, BehLines}.
-
-get_warnings(Module, Behaviours, State) ->
-  get_warnings(Module, Behaviours, State, []).
-
-get_warnings(_, [], _, Acc) ->
-  Acc;
-get_warnings(Module, [Behaviour|Rest], State, Acc) ->
-  Warnings = check_behaviour(Module, Behaviour, State),
-  get_warnings(Module, Rest, State, Warnings ++ Acc).
-
-check_behaviour(Module, Behaviour, State) ->
-  try
-    Callbacks = Behaviour:behaviour_info(callbacks),
-    Fun = fun({_,_,_}) -> true;
-	     (_)       -> false
-	  end,
-    case lists:any(Fun, Callbacks) of
-      true ->  check_all_callbacks(Module, Behaviour, Callbacks, State);
-      false -> []
-    end
-  catch
-    _:_ -> []
-  end.
-
-check_all_callbacks(Module, Behaviour, Callbacks, State) ->
-  check_all_callbacks(Module, Behaviour, Callbacks, State, []).
-
-check_all_callbacks(_Module, _Behaviour, [], _State, Acc) ->
-  Acc;
-check_all_callbacks(Module, Behaviour, [{Fun, Arity, Spec}|Rest],
-                    #state{codeserver = CServer} = State, Acc) ->
-  Records = dialyzer_codeserver:get_records(CServer),
-  ExpTypes = dialyzer_codeserver:get_exported_types(CServer),
-  case parse_spec(Spec, ExpTypes, Records) of
-    {ok, Fun, Type} ->
-      RetType = erl_types:t_fun_range(Type),
-      ArgTypes = erl_types:t_fun_args(Type),
-      Warns = check_callback(Module, Behaviour, Fun, Arity, RetType,
-			     ArgTypes, State#state.plt);
-    Else ->
-      Warns = [{invalid_spec, [Behaviour, Fun, Arity, reason_spec_error(Else)]}]
-  end,
-  check_all_callbacks(Module, Behaviour, Rest, State, Warns ++ Acc);
-check_all_callbacks(Module, Behaviour, [{Fun, Arity}|Rest], State, Acc) ->
-  Warns = {spec_missing, [Behaviour, Fun, Arity]},
-  check_all_callbacks(Module, Behaviour, Rest, State, [Warns|Acc]).
-
-parse_spec(String, ExpTypes, Records) ->
-  case erl_scan:string(String) of
-    {ok, Tokens, _} ->
-      case erl_parse:parse(Tokens) of
-	{ok, Form} ->
-	  case Form of
-	    {attribute, _, 'spec', {{Fun, _}, [TypeForm|_Constraint]}} ->
-	      MaybeRemoteType = erl_types:t_from_form(TypeForm),
-	      try
-		Type = erl_types:t_solve_remote(MaybeRemoteType, ExpTypes,
-                                                Records),
-		{ok, Fun, Type}
-	      catch
-		throw:{error,Msg} -> {spec_remote_error, Msg}
-	      end;
-	    _Other -> not_a_spec
-	  end;
-	{error, {Line, _, Msg}} -> {spec_parser_error, Line, Msg}
-      end;
-    _Other ->
-      lexer_error
-  end.
-
-reason_spec_error({spec_remote_error, Msg}) ->
-  io_lib:format("Remote type solver error: ~s. Make sure the behaviour source is included in the analysis or the plt",[Msg]);
-reason_spec_error(not_a_spec) ->
-  "This is not a spec";
-reason_spec_error({spec_parser_error, Line, Msg}) ->
-  io_lib:format("~s line of the spec: ~s", [ordinal(Line),Msg]);
-reason_spec_error(lexer_error) ->
-  "Lexical error".
-
-ordinal(1) -> "1st";
-ordinal(2) -> "2nd";
-ordinal(3) -> "3rd";
-ordinal(N) when is_integer(N) -> io_lib:format("~wth",[N]).
-
-check_callback(Module, Behaviour, Fun, Arity, XRetType, XArgTypes, Plt) ->
-  LookupType = dialyzer_plt:lookup(Plt, {Module, Fun, Arity}),
-  case LookupType of
-    {value, {Type,Args}} ->
-      Warn1 = case unifiable(Type, XRetType) of
-		[] -> [];
-		Offenders ->
-		  [{callback_type_mismatch,
-		   [Behaviour, Fun, Arity, erl_types:t_sup(Offenders)]}]
-	      end,
-      ZipArgs = lists:zip3(lists:seq(1, Arity), Args, XArgTypes),
-      Warn2 = [{callback_arg_type_mismatch,
-		[Behaviour, Fun, Arity, N,
-		 erl_types:t_sup(Offenders)]} ||
-		{Offenders, N} <- [check_callback_1(V) || V <- ZipArgs],
-		Offenders =/= []],
-      Warn1 ++ Warn2;
-    _ -> [{callback_missing, [Behaviour, Fun, Arity]}]
-  end.
-
-check_callback_1({N, T1, T2}) ->
-  {unifiable(T1, T2), N}.
-
-unifiable(Type1, Type2) ->
-  List1 = erl_types:t_elements(Type1),
-  List2 = erl_types:t_elements(Type2),
-  [T || T <- List1,
-	lists:all(fun(T1) ->
-		      erl_types:t_is_none(erl_types:t_inf(T, T1, opaque))
-		  end, List2)].
-
-add_tag_file_line(_Module, {Tag, [B|_R]} = Warn, State)
-  when Tag =:= spec_missing;
-       Tag =:= invalid_spec;
-       Tag =:= callback_missing ->
-  {B, Line} = lists:keyfind(B, 1, State#state.behlines),
-  {?WARN_BEHAVIOUR, {State#state.filename, Line}, Warn};
-add_tag_file_line(Module, {_Tag, [_B, Fun, Arity|_R]} = Warn, State) ->
-  {_A, FunCode} =
-    dialyzer_codeserver:lookup_mfa_code({Module, Fun, Arity},
-					State#state.codeserver),
-  Anns = cerl:get_ann(FunCode),
-  FileLine = {get_file(Anns), get_line(Anns)},
-  {?WARN_BEHAVIOUR, FileLine, Warn}.
-
-get_line([Line|_]) when is_integer(Line) -> Line;
-get_line([_|Tail]) -> get_line(Tail);
-get_line([]) -> -1.
-
-get_file([{file, File}|_]) -> File;
-get_file([_|Tail]) -> get_file(Tail).
-
-%%-----------------------------------------------------------------------------
-
-get_behaviours([], _Codeserver, KnownAcc, UnknownAcc) ->
-  {KnownAcc, UnknownAcc};
-get_behaviours([M|Rest], Codeserver, KnownAcc, UnknownAcc) ->
-  Tree = dialyzer_codeserver:lookup_mod_code(M, Codeserver),
-  Attrs = cerl:module_attrs(Tree),
-  {Behaviours, _BehLines} = get_behaviours(Attrs),
-  {Known, Unknown} = call_behaviours(Behaviours),
-  get_behaviours(Rest, Codeserver, Known ++ KnownAcc, Unknown ++ UnknownAcc).
-
-call_behaviours(Behaviours) ->
-  call_behaviours(Behaviours, [], []).
-call_behaviours([], KnownAcc, UnknownAcc) ->
-  {lists:reverse(KnownAcc), lists:reverse(UnknownAcc)};
-call_behaviours([Behaviour|Rest], KnownAcc, UnknownAcc) ->
-  try
-    Callbacks = Behaviour:behaviour_info(callbacks),
-    Fun = fun({_,_,_}) -> true;
-	     (_)       -> false
-	  end,
-    case lists:any(Fun, Callbacks) of
-      false -> call_behaviours(Rest, KnownAcc, [Behaviour | UnknownAcc]);
-      true  -> call_behaviours(Rest, [Behaviour | KnownAcc], UnknownAcc)
-    end
-  catch
-    _:_ -> call_behaviours(Rest, KnownAcc, [Behaviour | UnknownAcc])
-  end.
-
-%------------------------------------------------------------------------------
-
 get_behaviour_apis([], Acc) ->
   Acc;
 get_behaviour_apis([Behaviour | Rest], Acc) ->
diff --git a/lib/dialyzer/src/dialyzer_cl.erl b/lib/dialyzer/src/dialyzer_cl.erl
index 8d61216b7a..04a0db890f 100644
--- a/lib/dialyzer/src/dialyzer_cl.erl
+++ b/lib/dialyzer/src/dialyzer_cl.erl
@@ -29,10 +29,6 @@
 
 -module(dialyzer_cl).
 
-%% Avoid warning for local function error/1 clashing with autoimported BIF.
--compile({no_auto_import,[error/1]}).
-%% Avoid warning for local function error/2 clashing with autoimported BIF.
--compile({no_auto_import,[error/2]}).
 -export([start/1]).
 
 -include("dialyzer.hrl").
@@ -88,7 +84,7 @@ init_opts_for_build(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not build multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false -> Opts#options{init_plts = []}
   end.
@@ -110,7 +106,7 @@ init_opts_for_add(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not add to multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false ->
       case Opts#options.init_plts =:= [] of
@@ -134,11 +130,12 @@ check_plt_aux([_] = Plt, Opts) ->
   report_check(Opts2),
   plt_common(Opts2, [], []);
 check_plt_aux([Plt|Plts], Opts) ->
-  Opts1 = Opts#options{init_plts = [Plt]},
-  Opts2 = init_opts_for_check(Opts1),
-  report_check(Opts2),
-  plt_common(Opts2, [], []),
-  check_plt_aux(Plts, Opts).
+  case check_plt_aux([Plt], Opts) of
+    {?RET_NOTHING_SUSPICIOUS, []} -> check_plt_aux(Plts, Opts);
+    {?RET_DISCREPANCIES, Warns} ->
+      {_RET, MoreWarns} = check_plt_aux(Plts, Opts),
+      {?RET_DISCREPANCIES, Warns ++ MoreWarns}
+  end.
 
 init_opts_for_check(Opts) ->
   InitPlt =
@@ -175,7 +172,7 @@ init_opts_for_remove(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not remove from multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false ->
       case Opts#options.init_plts =:= [] of
@@ -193,7 +190,7 @@ plt_common(#options{init_plts = [InitPlt]} = Opts, RemoveFiles, AddFiles) ->
 	none -> ok;
 	OutPlt ->
 	  {ok, Binary} = file:read_file(InitPlt),
-	  file:write_file(OutPlt, Binary)
+	  ok = file:write_file(OutPlt, Binary)
       end,
       case Opts#options.report_mode of
 	quiet -> ok;
@@ -221,19 +218,19 @@ plt_common(#options{init_plts = [InitPlt]} = Opts, RemoveFiles, AddFiles) ->
     {error, no_such_file} ->
       Msg = io_lib:format("Could not find the PLT: ~s\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, not_valid} ->
       Msg = io_lib:format("The file: ~s is not a valid PLT file\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, read_error} ->
       Msg = io_lib:format("Could not read the PLT: ~s\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, {no_file_to_remove, F}} ->
       Msg = io_lib:format("Could not remove the file ~s from the PLT: ~s\n",
 			  [F, InitPlt]),
-      error(Msg)
+      cl_error(Msg)
   end.
 
 default_plt_error_msg() ->
@@ -426,7 +423,7 @@ assert_writable(PltFile) ->
     true -> ok;
     false ->
       Msg = io_lib:format("    The PLT file ~s is not writable", [PltFile]),
-      error(Msg)
+      cl_error(Msg)
   end.
 
 check_if_writable(PltFile) ->
@@ -525,10 +522,7 @@ native_compile(Mods) ->
   end.
 
 hc(Mod) ->
-  case code:ensure_loaded(Mod) of
-    {module, Mod} -> ok;
-    {error, sticky_directory} -> ok
-  end,
+  {module, Mod} = code:ensure_loaded(Mod),
   case code:is_module_native(Mod) of
     true -> ok;
     false ->
@@ -553,7 +547,7 @@ init_output(State0, #options{output_file = OutFile,
 	{error, Reason} ->
 	  Msg = io_lib:format("Could not open output file ~p, Reason: ~p\n",
 			      [OutFile, Reason]),
-	  error(State, lists:flatten(Msg))
+	  cl_error(State, lists:flatten(Msg))
       end
   end.
 
@@ -599,10 +593,10 @@ cl_loop(State, LogCache) ->
       cl_loop(NewState, LogCache);
     {'EXIT', BackendPid, {error, Reason}} ->
       Msg = failed_anal_msg(Reason, LogCache),
-      error(State, Msg);
+      cl_error(State, Msg);
     {'EXIT', BackendPid, Reason} when Reason =/= 'normal' ->
       Msg = failed_anal_msg(io_lib:format("~P", [Reason, 12]), LogCache),
-      error(State, Msg);
+      cl_error(State, Msg);
     _Other ->
       %% io:format("Received ~p\n", [_Other]),
       cl_loop(State, LogCache)
@@ -611,7 +605,7 @@ cl_loop(State, LogCache) ->
 -spec failed_anal_msg(string(), [_]) -> nonempty_string().
 
 failed_anal_msg(Reason, LogCache) ->
-  Msg = "Analysis failed with error: " ++ Reason ++ "\n",
+  Msg = "Analysis failed with error:\n" ++ Reason ++ "\n",
   case LogCache =:= [] of
     true -> Msg;
     false ->
@@ -635,14 +629,14 @@ store_warnings(#cl_state{stored_warnings = StoredWarnings} = St, Warnings) ->
 store_unknown_behaviours(#cl_state{unknown_behaviours = Behs} = St, Beh) ->
   St#cl_state{unknown_behaviours = Beh ++ Behs}.
 
--spec error(string()) -> no_return().
+-spec cl_error(string()) -> no_return().
 
-error(Msg) ->
+cl_error(Msg) ->
   throw({dialyzer_error, Msg}).
 
--spec error(#cl_state{}, string()) -> no_return().
+-spec cl_error(#cl_state{}, string()) -> no_return().
 
-error(State, Msg) ->
+cl_error(State, Msg) ->
   case State#cl_state.output of
     standard_io -> ok;
     Outfile -> io:format(Outfile, "\n~s\n", [Msg])
@@ -754,15 +748,13 @@ print_unknown_behaviours(#cl_state{output = Output,
 	true -> io:nl(Output); %% Need to do a newline first
 	false -> ok
       end,
-      case Format of
-	formatted ->
-	  io:put_chars(Output, "Unknown behaviours (behaviour_info(callbacks)"
-		       " does not return any specs):\n"),
-	  do_print_unknown_behaviours(Output, Behaviours, "  ");
-	raw ->
-	  io:put_chars(Output, "%% Unknown behaviours:\n"),
-	  do_print_unknown_behaviours(Output, Behaviours, "%%  ")
-      end
+      {Prompt, Prefix} =
+	case Format of
+	  formatted -> {"Unknown behaviours:\n","  "};
+	  raw -> {"%% Unknown behaviours:\n","%%  "}
+	end,
+      io:put_chars(Output, Prompt),
+      do_print_unknown_behaviours(Output, Behaviours, Prefix)
   end.
 
 do_print_unknown_behaviours(Output, [B|T], Before) ->
diff --git a/lib/dialyzer/src/dialyzer_cl_parse.erl b/lib/dialyzer/src/dialyzer_cl_parse.erl
index f80eb81ac6..ff8fc39a5e 100644
--- a/lib/dialyzer/src/dialyzer_cl_parse.erl
+++ b/lib/dialyzer/src/dialyzer_cl_parse.erl
@@ -491,6 +491,12 @@ warning_options_msg() ->
      Suppress warnings for patterns that are unused or cannot match.
   -Wno_opaque
      Suppress warnings for violations of opaqueness of data types.
+  -Wno_behaviours
+     Suppress warnings about behaviour callbacks which drift from the published
+     recommended interfaces.
+  -Wno_undefined_callbacks
+     Suppress warnings about behaviours that have no -callback attributes for
+     their callbacks.
   -Wunmatched_returns ***
      Include warnings for function calls which ignore a structured return
      value or do not match against one of many possible return value(s).
@@ -498,9 +504,6 @@ warning_options_msg() ->
      Include warnings for functions that only return by means of an exception.
   -Wrace_conditions ***
      Include warnings for possible race conditions.
-  -Wbehaviours ***
-     Include warnings about behaviour callbacks which drift from the published
-     recommended interfaces.
   -Wunderspecs ***
      Warn about underspecified functions
      (those whose -spec is strictly more allowing than the success typing).
diff --git a/lib/dialyzer/src/dialyzer_codeserver.erl b/lib/dialyzer/src/dialyzer_codeserver.erl
index b2097f7e53..13ca65e4dd 100644
--- a/lib/dialyzer/src/dialyzer_codeserver.erl
+++ b/lib/dialyzer/src/dialyzer_codeserver.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -28,10 +28,11 @@
 -module(dialyzer_codeserver).
 
 -export([delete/1,
-	 finalize_contracts/2,
+	 finalize_contracts/3,
          finalize_exported_types/2,
 	 finalize_records/2,
 	 get_contracts/1,
+	 get_callbacks/1,
          get_exported_types/1,
 	 get_exports/1,
 	 get_records/1,
@@ -54,7 +55,7 @@
 	 store_records/3,
 	 store_temp_records/3,
 	 store_contracts/3,
-	 store_temp_contracts/3]).
+	 store_temp_contracts/4]).
 
 -export_type([codeserver/0]).
 
@@ -70,7 +71,10 @@
 		     records             = dict:new() :: dict(),
 		     temp_records        = dict:new() :: dict(),
 		     contracts           = dict:new() :: dict(),
-		     temp_contracts      = dict:new() :: dict()}).
+		     callbacks           = dict:new() :: dict(),
+		     temp_contracts      = dict:new() :: dict(),
+		     temp_callbacks      = dict:new() :: dict()
+		    }).
 
 -opaque codeserver() :: #codeserver{}.
 
@@ -227,24 +231,42 @@ lookup_mfa_contract({M,_F,_A} = MFA, #codeserver{contracts = ContDict}) ->
 get_contracts(#codeserver{contracts = ContDict}) ->
   ContDict.
 
--spec store_temp_contracts(atom(), dict(), codeserver()) -> codeserver().
+-spec get_callbacks(codeserver()) -> dict().
 
-store_temp_contracts(Mod, Dict, #codeserver{temp_contracts = C} = CS)
+get_callbacks(#codeserver{callbacks = CallbDict}) ->
+  CallbDict.
+
+-spec store_temp_contracts(atom(), dict(), dict(), codeserver()) ->
+	 codeserver().
+
+store_temp_contracts(Mod, SpecDict, CallbackDict,
+		     #codeserver{temp_contracts = Cn,
+				 temp_callbacks = Cb} = CS)
   when is_atom(Mod) ->
-  case dict:size(Dict) =:= 0 of
-    true -> CS;
-    false -> CS#codeserver{temp_contracts = dict:store(Mod, Dict, C)}
+  CS1 =
+    case dict:size(SpecDict) =:= 0 of
+      true -> CS;
+      false -> CS#codeserver{temp_contracts = dict:store(Mod, SpecDict, Cn)}
+    end,
+  case dict:size(CallbackDict) =:= 0 of
+    true -> CS1;
+    false -> CS1#codeserver{temp_callbacks = dict:store(Mod, CallbackDict, Cb)}
   end.
 
--spec get_temp_contracts(codeserver()) -> dict().
+-spec get_temp_contracts(codeserver()) -> {dict(), dict()}.
 
-get_temp_contracts(#codeserver{temp_contracts = TempContDict}) ->
-  TempContDict.
+get_temp_contracts(#codeserver{temp_contracts = TempContDict,
+			       temp_callbacks = TempCallDict}) ->
+  {TempContDict, TempCallDict}.
 
--spec finalize_contracts(dict(), codeserver()) -> codeserver().
+-spec finalize_contracts(dict(), dict(), codeserver()) -> codeserver().
 
-finalize_contracts(Dict, CS)  ->
-  CS#codeserver{contracts = Dict, temp_contracts = dict:new()}.
+finalize_contracts(CnDict, CbDict, CS)  ->
+  CS#codeserver{contracts = CnDict,
+		callbacks = CbDict,
+		temp_contracts = dict:new(),
+		temp_callbacks = dict:new()
+	       }.
 
 table__new() ->
   spawn_link(fun() -> table__loop(none, dict:new()) end).
diff --git a/lib/dialyzer/src/dialyzer_contracts.erl b/lib/dialyzer/src/dialyzer_contracts.erl
index bcdcf2685d..2b78b736ab 100644
--- a/lib/dialyzer/src/dialyzer_contracts.erl
+++ b/lib/dialyzer/src/dialyzer_contracts.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -141,7 +141,8 @@ sequence([H|T], Delimiter) -> H ++ Delimiter ++ sequence(T, Delimiter).
 	  dialyzer_codeserver:codeserver().
 
 process_contract_remote_types(CodeServer) ->
-  TmpContractDict = dialyzer_codeserver:get_temp_contracts(CodeServer),
+  {TmpContractDict, TmpCallbackDict} =
+    dialyzer_codeserver:get_temp_contracts(CodeServer),
   ExpTypes = dialyzer_codeserver:get_exported_types(CodeServer),
   RecordDict = dialyzer_codeserver:get_records(CodeServer),
   ContractFun =
@@ -155,7 +156,9 @@ process_contract_remote_types(CodeServer) ->
 	dict:map(ContractFun, ContractDict)
     end,
   NewContractDict = dict:map(ModuleFun, TmpContractDict),
-  dialyzer_codeserver:finalize_contracts(NewContractDict, CodeServer).
+  NewCallbackDict = dict:map(ModuleFun, TmpCallbackDict),
+  dialyzer_codeserver:finalize_contracts(NewContractDict, NewCallbackDict,
+					 CodeServer).
 
 -spec check_contracts([{mfa(), file_contract()}],
 		      dialyzer_callgraph:callgraph(), dict()) -> plt_contracts().
@@ -253,7 +256,7 @@ check_extraneous([C|Cs], SuccType) ->
 check_extraneous_1(Contract, SuccType) ->
   CRngs = erl_types:t_elements(erl_types:t_fun_range(Contract)),
   STRng = erl_types:t_fun_range(SuccType),
-  %% io:format("CR = ~p\nSR = ~p\n", [CRngs, STRng]),
+  ?debug("CR = ~p\nSR = ~p\n", [CRngs, STRng]),
   case [CR || CR <- CRngs, erl_types:t_is_none(erl_types:t_inf(CR, STRng, opaque))] of
     [] -> ok;
     CRs -> {error, {extra_range, erl_types:t_sup(CRs), STRng}}
@@ -349,28 +352,37 @@ insert_constraints([], Dict) -> Dict.
 
 store_tmp_contract(MFA, FileLine, TypeSpec, SpecDict, RecordsDict) ->
   %% io:format("contract from form: ~p\n", [TypeSpec]),
-  TmpContract = contract_from_form(TypeSpec, RecordsDict),
+  TmpContract = contract_from_form(TypeSpec, RecordsDict, FileLine),
   %% io:format("contract: ~p\n", [Contract]),
   dict:store(MFA, {FileLine, TmpContract}, SpecDict).
 
-contract_from_form(Forms, RecDict) ->
-  {CFuns, Forms1} = contract_from_form(Forms, RecDict, [], []),
+contract_from_form(Forms, RecDict, FileLine) ->
+  {CFuns, Forms1} = contract_from_form(Forms, RecDict, FileLine, [], []),
   #tmp_contract{contract_funs = CFuns, forms = Forms1}.
 
 contract_from_form([{type, _, 'fun', [_, _]} = Form | Left], RecDict,
-		   TypeAcc, FormAcc) ->
+		   FileLine, TypeAcc, FormAcc) ->
   TypeFun =
     fun(ExpTypes, AllRecords) ->
-	Type = erl_types:t_from_form(Form, RecDict),
+	Type =
+	  try
+	    erl_types:t_from_form(Form, RecDict)
+	  catch
+	    throw:{error, Msg} ->
+	      {File, Line} = FileLine,
+	      NewMsg = io_lib:format("~s:~p: ~s", [filename:basename(File),
+						     Line, Msg]),
+	      throw({error, NewMsg})
+	  end,
 	NewType = erl_types:t_solve_remote(Type, ExpTypes, AllRecords),
 	{NewType, []}
     end,
   NewTypeAcc = [TypeFun | TypeAcc],
   NewFormAcc = [{Form, []} | FormAcc],
-  contract_from_form(Left, RecDict, NewTypeAcc, NewFormAcc);
+  contract_from_form(Left, RecDict, FileLine, NewTypeAcc, NewFormAcc);
 contract_from_form([{type, _L1, bounded_fun,
 		     [{type, _L2, 'fun', [_, _]} = Form, Constr]}| Left],
-		   RecDict, TypeAcc, FormAcc) ->
+		   RecDict, FileLine, TypeAcc, FormAcc) ->
   TypeFun =
     fun(ExpTypes, AllRecords) ->
 	Constr1 = [constraint_from_form(C, RecDict, ExpTypes, AllRecords)
@@ -382,8 +394,8 @@ contract_from_form([{type, _L1, bounded_fun,
     end,
   NewTypeAcc = [TypeFun | TypeAcc],
   NewFormAcc = [{Form, Constr} | FormAcc],
-  contract_from_form(Left, RecDict, NewTypeAcc, NewFormAcc);
-contract_from_form([], _RecDict, TypeAcc, FormAcc) ->
+  contract_from_form(Left, RecDict, FileLine, NewTypeAcc, NewFormAcc);
+contract_from_form([], _RecDict, _FileLine, TypeAcc, FormAcc) ->
   {lists:reverse(TypeAcc), lists:reverse(FormAcc)}.
 
 constraint_from_form({type, _, constraint, [{atom, _, is_subtype},
@@ -441,7 +453,21 @@ get_invalid_contract_warnings_funs([{MFA, {FileLine, Contract}}|Left],
 	  {error, invalid_contract} ->
 	    [invalid_contract_warning(MFA, FileLine, Sig, RecDict)|Acc];
 	  {error, {extra_range, ExtraRanges, STRange}} ->
-	    [extra_range_warning(MFA, FileLine, ExtraRanges, STRange)|Acc];
+	    Warn =
+	      case t_from_forms_without_remote(Contract#contract.forms,
+					       RecDict) of
+		{ok, NoRemoteType} ->
+		  CRet = erl_types:t_fun_range(NoRemoteType),
+		  erl_types:t_is_subtype(ExtraRanges, CRet);
+		unsupported ->
+		  true
+	      end,
+	    case Warn of
+	      true ->
+		[extra_range_warning(MFA, FileLine, ExtraRanges, STRange)|Acc];
+	      false ->
+		Acc
+	    end;
 	  {error, Msg} ->
 	    [{?WARN_CONTRACT_SYNTAX, FileLine, Msg}|Acc];
 	  ok ->
@@ -480,7 +506,7 @@ invalid_contract_warning({M, F, A}, FileLine, SuccType, RecDict) ->
 extra_range_warning({M, F, A}, FileLine, ExtraRanges, STRange) ->
   ERangesStr = erl_types:t_to_string(ExtraRanges),
   STRangeStr = erl_types:t_to_string(STRange),
-  {?WARN_CONTRACT_TYPES, FileLine,
+  {?WARN_CONTRACT_SUPERTYPE, FileLine,
    {extra_range, [M, F, A, ERangesStr, STRangeStr]}}.
 
 picky_contract_check(CSig0, Sig0, MFA, FileLine, Contract, RecDict, Acc) ->
@@ -504,26 +530,92 @@ picky_contract_check(CSig0, Sig0, MFA, FileLine, Contract, RecDict, Acc) ->
 extra_contract_warning({M, F, A}, FileLine, Contract, CSig, Sig, RecDict) ->
   SigString = lists:flatten(dialyzer_utils:format_sig(Sig, RecDict)),
   ContractString0 = lists:flatten(dialyzer_utils:format_sig(CSig, RecDict)),
-  case SigString =:= ContractString0 of
+  %% The only difference is in record fields containing 'undefined' or not.
+  IsUndefRecordFieldsRelated = SigString =:= ContractString0,
+  {IsRemoteTypesRelated, SubtypeRelation} =
+    is_remote_types_related(Contract, CSig, Sig, RecDict),
+  case IsUndefRecordFieldsRelated orelse IsRemoteTypesRelated of
     true ->
-      %% The only difference is in record fields containing 'undefined' or not.
       no_warning;
     false ->
       ContractString = contract_to_string(Contract),
       {Tag, Msg} =
-	case erl_types:t_is_subtype(CSig, Sig) of
-	  true ->
+	case SubtypeRelation of
+	  contract_is_subtype ->
 	    {?WARN_CONTRACT_SUBTYPE,
 	     {contract_subtype, [M, F, A, ContractString, SigString]}};
-	  false ->
-	    case erl_types:t_is_subtype(Sig, CSig) of
-	      true ->
-		{?WARN_CONTRACT_SUPERTYPE,
-		 {contract_supertype, [M, F, A, ContractString, SigString]}};
-	      false ->
-		{?WARN_CONTRACT_NOT_EQUAL,
-		 {contract_diff, [M, F, A, ContractString, SigString]}}
-	    end
+	  contract_is_supertype ->
+	    {?WARN_CONTRACT_SUPERTYPE,
+	     {contract_supertype, [M, F, A, ContractString, SigString]}};
+	  neither ->
+	    {?WARN_CONTRACT_NOT_EQUAL,
+	     {contract_diff, [M, F, A, ContractString, SigString]}}
 	end,
       {warning, {Tag, FileLine, Msg}}
   end.
+
+is_remote_types_related(Contract, CSig, Sig, RecDict) ->
+  case erl_types:t_is_subtype(CSig, Sig) of
+    true ->
+      {false, contract_is_subtype};
+    false ->
+      case erl_types:t_is_subtype(Sig, CSig) of
+	true ->
+	  case t_from_forms_without_remote(Contract#contract.forms, RecDict) of
+	    {ok, NoRemoteTypeSig} ->
+	      case blame_remote(CSig, NoRemoteTypeSig, Sig) of
+		true ->
+		  {true, neither};
+		false ->
+		  {false, contract_is_supertype}
+	      end;
+	    unsupported ->
+	      {false, contract_is_supertype}
+	  end;
+	false ->
+	  {false, neither}
+      end
+  end.
+
+t_from_forms_without_remote([{FType, []}], RecDict) ->
+  Type0 = erl_types:t_from_form(FType, RecDict),
+  Map =
+    fun(Type) ->
+	case erl_types:t_is_remote(Type) of
+	  true -> erl_types:t_none();
+	  false -> Type
+	end
+    end,
+  {ok, erl_types:t_map(Map, Type0)};
+t_from_forms_without_remote([{_FType, _Constrs}], _RecDict) ->
+  %% 'When' constraints
+  unsupported;
+t_from_forms_without_remote(_Forms, _RecDict) ->
+  %% Lots of forms
+  unsupported.
+
+blame_remote(ContractSig, NoRemoteContractSig, Sig) ->
+  CArgs  = erl_types:t_fun_args(ContractSig),
+  CRange = erl_types:t_fun_range(ContractSig),
+  NRArgs = erl_types:t_fun_args(NoRemoteContractSig),
+  NRRange = erl_types:t_fun_range(NoRemoteContractSig),
+  SArgs = erl_types:t_fun_args(Sig),
+  SRange = erl_types:t_fun_range(Sig),
+  blame_remote_list([CRange|CArgs], [NRRange|NRArgs], [SRange|SArgs]).
+
+blame_remote_list([], [], []) ->
+  true;
+blame_remote_list([CArg|CArgs], [NRArg|NRArgs], [SArg|SArgs]) ->
+  case erl_types:t_is_equal(CArg, NRArg) of
+    true ->
+      case not erl_types:t_is_equal(CArg, SArg) of
+	true  -> false;
+	false -> blame_remote_list(CArgs, NRArgs, SArgs)
+      end;
+    false ->
+      case erl_types:t_is_subtype(SArg, NRArg)
+	andalso not erl_types:t_is_subtype(NRArg, SArg) of
+	true  -> false;
+	false -> blame_remote_list(CArgs, NRArgs, SArgs)
+      end
+  end.
diff --git a/lib/dialyzer/src/dialyzer_dataflow.erl b/lib/dialyzer/src/dialyzer_dataflow.erl
index d74c04385b..6008dba080 100644
--- a/lib/dialyzer/src/dialyzer_dataflow.erl
+++ b/lib/dialyzer/src/dialyzer_dataflow.erl
@@ -101,6 +101,12 @@
 		behaviour_api_dict = [] ::
 		  dialyzer_behaviours:behaviour_api_dict()}).
 
+-record(map, {dict = dict:new()   :: dict(),
+              subst = dict:new()  :: dict(),
+              modified = []       :: [Key :: term()],
+              modified_stack = [] :: [{[Key :: term()],reference()}],
+              ref = undefined     :: reference() | undefined}).
+
 %% Exported Types
 
 -opaque state() :: #state{}.
@@ -1058,12 +1064,13 @@ handle_case(Tree, Map, #state{callgraph = Callgraph} = State) ->
                                    RaceListSize + 1, State1);
           false -> State1
         end,
+      Map2 = join_maps_begin(Map1),
       {MapList, State3, Type} =
 	handle_clauses(Clauses, Arg, ArgType, ArgType, State2,
-		       [], Map1, [], []),
-      Map2 = join_maps(MapList, Map1),
+		       [], Map2, [], []),
+      Map3 = join_maps_end(MapList, Map2),
       debug_pp_map(Map2),
-      {State3, Map2, Type}
+      {State3, Map3, Type}
   end.
 
 %%----------------------------------------
@@ -1640,14 +1647,15 @@ bind_pat_vars([Pat|PatLeft], [Type|TypeLeft], Acc, Map, State, Rev) ->
 	  false ->
 	    SubTuples = t_tuple_subtypes(Tuple),
 	    %% Need to call the top function to get the try-catch wrapper
+            MapJ = join_maps_begin(Map),
 	    Results =
 	      case Rev of
 		true ->
 		  [bind_pat_vars_reverse(Es, t_tuple_args(SubTuple), [],
-					 Map, State)
+					 MapJ, State)
 		   || SubTuple <- SubTuples];
 		false ->
-		  [bind_pat_vars(Es, t_tuple_args(SubTuple), [], Map, State)
+		  [bind_pat_vars(Es, t_tuple_args(SubTuple), [], MapJ, State)
 		   || SubTuple <- SubTuples]
 	      end,
 	    case lists:keyfind(opaque, 2, Results) of
@@ -1661,7 +1669,7 @@ bind_pat_vars([Pat|PatLeft], [Type|TypeLeft], Acc, Map, State, Rev) ->
 		      false -> bind_error([Pat], Tuple, t_none(), bind)
 		    end;
 		  Maps ->
-		    Map1 = join_maps(Maps, Map),
+		    Map1 = join_maps_end(Maps, MapJ),
 		    TupleType = t_sup([t_tuple(EsTypes)
 				       || {M, EsTypes} <- Results, M =/= error]),
 		    {Map1, TupleType}
@@ -2308,27 +2316,29 @@ handle_guard_and(Guard, Map, Env, Eval, State) ->
 	  end
       end;
     neg ->
+      MapJ = join_maps_begin(Map),
       {Map1, Type1} =
-	try bind_guard(Arg1, Map, Env, neg, State)
-	catch throw:{fail, _} -> bind_guard(Arg2, Map, Env, pos, State)
+	try bind_guard(Arg1, MapJ, Env, neg, State)
+	catch throw:{fail, _} -> bind_guard(Arg2, MapJ, Env, pos, State)
 	end,
       {Map2, Type2} =
-	try bind_guard(Arg2, Map, Env, neg, State)
-	catch throw:{fail, _} -> bind_guard(Arg1, Map, Env, pos, State)
+	try bind_guard(Arg2, MapJ, Env, neg, State)
+	catch throw:{fail, _} -> bind_guard(Arg1, MapJ, Env, pos, State)
 	end,
       case t_is_atom(false, Type1) orelse t_is_atom(false, Type2) of
-	true -> {join_maps([Map1, Map2], Map), t_atom(false)};
+	true -> {join_maps_end([Map1, Map2], MapJ), t_atom(false)};
 	false -> signal_guard_fail(Eval, Guard, [Type1, Type2], State)
       end;
     dont_know ->
-      {Map1, Type1} = bind_guard(Arg1, Map, Env, dont_know, State),
-      {Map2, Type2} = bind_guard(Arg2, Map, Env, dont_know, State),
+      MapJ = join_maps_begin(Map),
+      {Map1, Type1} = bind_guard(Arg1, MapJ, Env, dont_know, State),
+      {Map2, Type2} = bind_guard(Arg2, MapJ, Env, dont_know, State),
       Bool1 = t_inf(Type1, t_boolean()),
       Bool2 = t_inf(Type2, t_boolean()),
       case t_is_none(Bool1) orelse t_is_none(Bool2) of
 	true -> throw({fatal_fail, none});
 	false ->
-	  NewMap = join_maps([Map1, Map2], Map),
+	  NewMap = join_maps_end([Map1, Map2], MapJ),
 	  NewType =
 	    case {t_atom_vals(Bool1), t_atom_vals(Bool2)} of
 	      {['true'] , ['true'] } -> t_atom(true);
@@ -2344,20 +2354,21 @@ handle_guard_or(Guard, Map, Env, Eval, State) ->
   [Arg1, Arg2] = cerl:call_args(Guard),
   case Eval of
     pos ->
+      MapJ = join_maps_begin(Map),
       {Map1, Bool1} =
-	try bind_guard(Arg1, Map, Env, pos, State)
+	try bind_guard(Arg1, MapJ, Env, pos, State)
 	catch
-	  throw:{fail,_} -> bind_guard(Arg1, Map, Env, dont_know, State)
+	  throw:{fail,_} -> bind_guard(Arg1, MapJ, Env, dont_know, State)
 	end,
       {Map2, Bool2} =
-	try bind_guard(Arg2, Map, Env, pos, State)
+	try bind_guard(Arg2, MapJ, Env, pos, State)
 	catch
-	  throw:{fail,_} -> bind_guard(Arg2, Map, Env, dont_know, State)
+	  throw:{fail,_} -> bind_guard(Arg2, MapJ, Env, dont_know, State)
 	end,
       case ((t_is_atom(true, Bool1) andalso t_is_boolean(Bool2))
 	    orelse
 	    (t_is_atom(true, Bool2) andalso t_is_boolean(Bool1))) of
-	true -> {join_maps([Map1, Map2], Map), t_atom(true)};
+	true -> {join_maps_end([Map1, Map2], MapJ), t_atom(true)};
 	false -> signal_guard_fail(Eval, Guard, [Bool1, Bool2], State)
       end;
     neg ->
@@ -2372,14 +2383,15 @@ handle_guard_or(Guard, Map, Env, Eval, State) ->
 	  end
       end;
     dont_know ->
-      {Map1, Type1} = bind_guard(Arg1, Map, Env, dont_know, State),
-      {Map2, Type2} = bind_guard(Arg2, Map, Env, dont_know, State),
+      MapJ = join_maps_begin(Map),
+      {Map1, Type1} = bind_guard(Arg1, MapJ, Env, dont_know, State),
+      {Map2, Type2} = bind_guard(Arg2, MapJ, Env, dont_know, State),
       Bool1 = t_inf(Type1, t_boolean()),
       Bool2 = t_inf(Type2, t_boolean()),
       case t_is_none(Bool1) orelse t_is_none(Bool2) of
 	true -> throw({fatal_fail, none});
 	false ->
-	  NewMap = join_maps([Map1, Map2], Map),
+	  NewMap = join_maps_end([Map1, Map2], MapJ),
 	  NewType =
 	    case {t_atom_vals(Bool1), t_atom_vals(Bool2)} of
 	      {['false'], ['false']} -> t_atom(false);
@@ -2493,8 +2505,9 @@ mk_guard_msg(Eval, F, Args, ArgTypes, State) ->
       end
   end.
 
-bind_guard_case_clauses(Arg, Clauses, Map, Env, Eval, State) ->
+bind_guard_case_clauses(Arg, Clauses, Map0, Env, Eval, State) ->
   Clauses1 = filter_fail_clauses(Clauses),
+  Map = join_maps_begin(Map0),
   {GenMap, GenArgType} = bind_guard(Arg, Map, Env, dont_know, State),
   bind_guard_case_clauses(GenArgType, GenMap, Arg, Clauses1, Map, Env, Eval,
 			  t_none(), [], State).
@@ -2594,7 +2607,7 @@ bind_guard_case_clauses(_GenArgType, _GenMap, _ArgExpr, [], Map, _Env, _Eval,
 			AccType, AccMaps, _State) ->
   case t_is_none(AccType) of
     true -> throw({fail, none});
-    false -> {join_maps(AccMaps, Map), AccType}
+    false -> {join_maps_end(AccMaps, Map), AccType}
   end.
 
 %%% ===========================================================================
@@ -2604,11 +2617,34 @@ bind_guard_case_clauses(_GenArgType, _GenMap, _ArgExpr, [], Map, _Env, _Eval,
 %%% ===========================================================================
 
 map__new() ->
-  {dict:new(), dict:new()}.
+  #map{}.
+
+%% join_maps_begin pushes 'modified' to the stack; join_maps pops
+%% 'modified' from the stack.
+
+join_maps_begin(#map{modified = M, modified_stack = S, ref = Ref} = Map) ->
+  Map#map{ref = make_ref(), modified = [], modified_stack = [{M,Ref} | S]}.
+
+join_maps_end(Maps, MapOut) ->
+  #map{ref = Ref, modified_stack = [{M1,R1} | S]} = MapOut,
+  true = lists:all(fun(M) -> M#map.ref =:= Ref end, Maps), % sanity
+  Keys0 = lists:usort(lists:append([M#map.modified || M <- Maps])),
+  #map{dict = Dict, subst = Subst} = MapOut,
+  Keys = [Key ||
+           Key <- Keys0,
+           dict:is_key(Key, Dict) orelse dict:is_key(Key, Subst)],
+  Out = case Maps of
+          [] -> join_maps(Maps, MapOut);
+          _ -> join_maps(Keys, Maps, MapOut)
+        end,
+  debug_join_check(Maps, MapOut, Out),
+  Out#map{ref = R1,
+          modified = Out#map.modified ++ M1, % duplicates possible
+          modified_stack = S}.
 
 join_maps(Maps, MapOut) ->
-  {Map, Subst} = MapOut,
-  Keys = ordsets:from_list(dict:fetch_keys(Map) ++ dict:fetch_keys(Subst)),
+  #map{dict = Dict, subst = Subst} = MapOut,
+  Keys = ordsets:from_list(dict:fetch_keys(Dict) ++ dict:fetch_keys(Subst)),
   join_maps(Keys, Maps, MapOut).
 
 join_maps([Key|Left], Maps, MapOut) ->
@@ -2631,6 +2667,17 @@ join_maps_one_key([Map|Left], Key, AccType) ->
 join_maps_one_key([], _Key, AccType) ->
   AccType.
 
+-ifdef(DEBUG).
+debug_join_check(Maps, MapOut, Out) ->
+  #map{dict = Dict, subst = Subst} = Out,
+  #map{dict = Dict2, subst = Subst2} = join_maps(Maps, MapOut),
+  F = fun(D) -> lists:keysort(1, dict:to_list(D)) end,
+  [throw({bug, join_maps}) ||
+    F(Dict) =/= F(Dict2) orelse F(Subst) =/= F(Subst2)].
+-else.
+debug_join_check(_Maps, _MapOut, _Out) -> ok.
+-endif.
+
 enter_type_lists([Key|KeyTail], [Val|ValTail], Map) ->
   Map1 = enter_type(Key, Val, Map),
   enter_type_lists(KeyTail, ValTail, Map1);
@@ -2643,20 +2690,21 @@ enter_type_list([{Key, Val}|Left], Map) ->
 enter_type_list([], Map) ->
   Map.
 
-enter_type(Key, Val, {Map, Subst} = MS) ->
+enter_type(Key, Val, MS) ->
   case cerl:is_literal(Key) of
     true -> MS;
     false ->
       case cerl:is_c_values(Key) of
 	true ->
-	  Keys = cerl:values_es(Key),
+          Keys = cerl:values_es(Key),
 	  case t_is_any(Val) orelse t_is_none(Val) of
 	    true ->
 	      enter_type_lists(Keys, [Val || _ <- Keys], MS);
 	    false ->
-	      enter_type_lists(cerl:values_es(Key), t_to_tlist(Val), MS)
+	      enter_type_lists(Keys, t_to_tlist(Val), MS)
 	  end;
 	false ->
+          #map{dict = Dict, subst = Subst} = MS,
 	  KeyLabel = get_label(Key),
 	  case dict:find(KeyLabel, Subst) of
 	    {ok, NewKey} ->
@@ -2664,21 +2712,25 @@ enter_type(Key, Val, {Map, Subst} = MS) ->
 	      enter_type(NewKey, Val, MS);
 	    error ->
 	      ?debug("Entering ~p :: ~s\n", [KeyLabel, t_to_string(Val)]),
-	      case dict:find(KeyLabel, Map) of
+	      case dict:find(KeyLabel, Dict) of
 		{ok, Val} -> MS;
-		{ok, _OldVal} -> {dict:store(KeyLabel, Val, Map), Subst};
-		error -> {dict:store(KeyLabel, Val, Map), Subst}
+		{ok, _OldVal} -> store_map(KeyLabel, Val, MS);
+		error -> store_map(KeyLabel, Val, MS)
 	      end
 	  end
       end
   end.
 
-enter_subst(Key, Val, {Map, Subst} = MS) ->
+store_map(Key, Val, #map{dict = Dict, ref = undefined} = Map) ->
+  Map#map{dict = dict:store(Key, Val, Dict)};
+store_map(Key, Val, #map{dict = Dict, modified = Mod} = Map) ->
+  Map#map{dict = dict:store(Key, Val, Dict), modified = [Key | Mod]}.
+
+enter_subst(Key, Val, #map{subst = Subst} = MS) ->
   KeyLabel = get_label(Key),
   case cerl:is_literal(Val) of
     true ->
-      NewMap = dict:store(KeyLabel, literal_type(Val), Map),
-      {NewMap, Subst};
+      store_map(KeyLabel, literal_type(Val), MS);
     false ->
       case cerl:is_c_var(Val) of
 	false -> MS;
@@ -2691,25 +2743,29 @@ enter_subst(Key, Val, {Map, Subst} = MS) ->
 	      if KeyLabel =:= ValLabel -> MS;
 		 true ->
 		  ?debug("Subst: storing ~p = ~p\n", [KeyLabel, ValLabel]),
-		  NewSubst = dict:store(KeyLabel, ValLabel, Subst),
-		  {Map, NewSubst}
+                  store_subst(KeyLabel, ValLabel, MS)
 	      end
 	  end
       end
   end.
 
-lookup_type(Key, {Map, Subst}) ->
-  lookup(Key, Map, Subst, t_none()).
+store_subst(Key, Val, #map{subst = S, ref = undefined} = Map) ->
+  Map#map{subst = dict:store(Key, Val, S)};
+store_subst(Key, Val, #map{subst = S, modified = Mod} = Map) ->
+  Map#map{subst = dict:store(Key, Val, S), modified = [Key | Mod]}.
+
+lookup_type(Key, #map{dict = Dict, subst = Subst}) ->
+  lookup(Key, Dict, Subst, t_none()).
 
-lookup(Key, Map, Subst, AnyNone) ->
+lookup(Key, Dict, Subst, AnyNone) ->
   case cerl:is_literal(Key) of
     true -> literal_type(Key);
     false ->
       Label = get_label(Key),
       case dict:find(Label, Subst) of
-	{ok, NewKey} -> lookup(NewKey, Map, Subst, AnyNone);
+	{ok, NewKey} -> lookup(NewKey, Dict, Subst, AnyNone);
 	error ->
-	  case dict:find(Label, Map) of
+	  case dict:find(Label, Dict) of
 	    {ok, Val} -> Val;
 	    error -> AnyNone
 	  end
@@ -2744,8 +2800,8 @@ mark_as_fresh([], Map) ->
   Map.
 
 -ifdef(DEBUG).
-debug_pp_map(Map = {Map0, _Subst}) ->
-  Keys = dict:fetch_keys(Map0),
+debug_pp_map(#map{dict = Dict}=Map) ->
+  Keys = dict:fetch_keys(Dict),
   io:format("Map:\n", []),
   lists:foreach(fun (Key) ->
 		    io:format("\t~w :: ~s\n",
diff --git a/lib/dialyzer/src/dialyzer_options.erl b/lib/dialyzer/src/dialyzer_options.erl
index b2a67de8bd..866650a0b2 100644
--- a/lib/dialyzer/src/dialyzer_options.erl
+++ b/lib/dialyzer/src/dialyzer_options.erl
@@ -49,7 +49,9 @@ build(Opts) ->
 		  ?WARN_CALLGRAPH,
 		  ?WARN_CONTRACT_RANGE,
 		  ?WARN_CONTRACT_TYPES,
-		  ?WARN_CONTRACT_SYNTAX],
+		  ?WARN_CONTRACT_SYNTAX,
+		  ?WARN_BEHAVIOUR,
+		  ?WARN_UNDEFINED_CALLBACK],
   DefaultWarns1 = ordsets:from_list(DefaultWarns),
   InitPlt = dialyzer_plt:get_default_plt(),
   DefaultOpts = #options{},
@@ -275,14 +277,16 @@ build_warnings([Opt|Opts], Warnings) ->
       no_contracts ->
 	Warnings1 = ordsets:del_element(?WARN_CONTRACT_SYNTAX, Warnings),
 	ordsets:del_element(?WARN_CONTRACT_TYPES, Warnings1);
+      no_behaviours ->
+	ordsets:del_element(?WARN_BEHAVIOUR, Warnings);
+      no_undefined_callbacks ->
+	ordsets:del_element(?WARN_UNDEFINED_CALLBACK, Warnings);
       unmatched_returns ->
 	ordsets:add_element(?WARN_UNMATCHED_RETURN, Warnings);
       error_handling ->
 	ordsets:add_element(?WARN_RETURN_ONLY_EXIT, Warnings);
       race_conditions ->
 	ordsets:add_element(?WARN_RACE_CONDITION, Warnings);
-      behaviours ->
-	ordsets:add_element(?WARN_BEHAVIOUR, Warnings);
       specdiffs ->
 	S = ordsets:from_list([?WARN_CONTRACT_SUBTYPE, 
 			       ?WARN_CONTRACT_SUPERTYPE,
diff --git a/lib/dialyzer/src/dialyzer_plt.erl b/lib/dialyzer/src/dialyzer_plt.erl
index 6033d7f17c..206c43e4e2 100644
--- a/lib/dialyzer/src/dialyzer_plt.erl
+++ b/lib/dialyzer/src/dialyzer_plt.erl
@@ -43,10 +43,12 @@
 	 %% insert/3,
 	 insert_list/2,
 	 insert_contract_list/2,
+	 insert_callbacks/2,
 	 insert_types/2,
          insert_exported_types/2,
 	 lookup/2,
 	 lookup_contract/2,
+	 lookup_callbacks/2,
 	 lookup_module/2,
 	 merge_plts/1,
          merge_plts_or_report_conflicts/2,
@@ -79,6 +81,7 @@
 -record(plt, {info           = table_new() :: dict(),
 	      types          = table_new() :: dict(),
 	      contracts      = table_new() :: dict(),
+	      callbacks      = table_new() :: dict(),
               exported_types = sets:new()  :: set()}).
 -opaque plt() :: #plt{}.
 
@@ -91,6 +94,7 @@
 		   file_md5_list = []          :: [file_md5()],
 		   info = dict:new()           :: dict(),
 		   contracts = dict:new()      :: dict(),
+		   callbacks = dict:new()      :: dict(),
 		   types = dict:new()          :: dict(),
                    exported_types = sets:new() :: set(),
 		   mod_deps                    :: mod_deps(),
@@ -105,20 +109,26 @@ new() ->
 
 -spec delete_module(plt(), atom()) -> plt().
 
-delete_module(#plt{info = Info, types = Types, contracts = Contracts,
+delete_module(#plt{info = Info, types = Types,
+		   contracts = Contracts,
+		   callbacks = Callbacks,
                    exported_types = ExpTypes}, Mod) ->
   #plt{info = table_delete_module(Info, Mod),
        types = table_delete_module2(Types, Mod),
        contracts = table_delete_module(Contracts, Mod),
+       callbacks = table_delete_module(Callbacks, Mod),
        exported_types = table_delete_module1(ExpTypes, Mod)}.
 
 -spec delete_list(plt(), [mfa() | integer()]) -> plt().
 
-delete_list(#plt{info = Info, types = Types, contracts = Contracts,
+delete_list(#plt{info = Info, types = Types,
+		 contracts = Contracts,
+		 callbacks = Callbacks,
                  exported_types = ExpTypes}, List) ->
   #plt{info = table_delete_list(Info, List),
        types = Types,
        contracts = table_delete_list(Contracts, List),
+       callbacks = table_delete_list(Callbacks, List),
        exported_types = ExpTypes}.
 
 -spec insert_contract_list(plt(), dialyzer_contracts:plt_contracts()) -> plt().
@@ -126,16 +136,42 @@ delete_list(#plt{info = Info, types = Types, contracts = Contracts,
 insert_contract_list(#plt{contracts = Contracts} = PLT, List) ->
   PLT#plt{contracts = table_insert_list(Contracts, List)}.
 
+-spec insert_callbacks(plt(), dialyzer_codeserver:codeserver()) -> plt().
+
+insert_callbacks(#plt{callbacks = Callbacks} = Plt, Codeserver) ->
+  FunPreferNew = fun(_Key, _Val1, Val2) -> Val2 end,
+  FunDictMerger =
+    fun(_Key, Value, AccIn) -> dict:merge(FunPreferNew, Value, AccIn) end,
+  MergedCallbacks = dict:fold(FunDictMerger, dict:new(),
+			      dialyzer_codeserver:get_callbacks(Codeserver)),
+  List = dict:to_list(MergedCallbacks),
+  Plt#plt{callbacks = table_insert_list(Callbacks, List)}.
+
 -spec lookup_contract(plt(), mfa_patt()) -> 'none' | {'value', #contract{}}.
 
 lookup_contract(#plt{contracts = Contracts},
 		{M, F, _} = MFA) when is_atom(M), is_atom(F) ->
   table_lookup(Contracts, MFA).
 
+-spec lookup_callbacks(plt(), module()) -> [{mfa(),
+					     {{Filename::string(),
+					       Line::pos_integer()},
+					      #contract{}}}].
+
+lookup_callbacks(#plt{callbacks = Callbacks}, Mod) when is_atom(Mod) ->
+  FunModFilter =
+    fun({M, _F, _A}, _Val) -> M =:= Mod;
+       (       _Key, _Val) -> false
+    end,
+  ModCallbacks = dict:filter(FunModFilter, Callbacks),
+  dict:to_list(ModCallbacks).
+
 -spec delete_contract_list(plt(), [mfa()]) -> plt().
 
-delete_contract_list(#plt{contracts = Contracts} = PLT, List) ->
-  PLT#plt{contracts = table_delete_list(Contracts, List)}.
+delete_contract_list(#plt{contracts = Contracts,
+			  callbacks = Callbacks} = PLT, List) ->
+  PLT#plt{contracts = table_delete_list(Contracts, List),
+	  callbacks = table_delete_list(Callbacks, List)}.
 
 %% -spec insert(plt(), mfa() | integer(), {_, _}) -> plt().
 %%
@@ -230,6 +266,7 @@ from_file(FileName, ReturnInfo) ->
 	  Plt = #plt{info = Rec#file_plt.info,
 		     types = Rec#file_plt.types,
 		     contracts = Rec#file_plt.contracts,
+		     callbacks = Rec#file_plt.callbacks,
                      exported_types = Rec#file_plt.exported_types},
 	  case ReturnInfo of
 	    false -> Plt;
@@ -284,26 +321,34 @@ get_record_from_file(FileName) ->
 -spec merge_plts([plt()]) -> plt().
 
 merge_plts(List) ->
-  InfoList = [Info || #plt{info = Info} <- List],
-  TypesList = [Types || #plt{types = Types} <- List],
-  ExpTypesList = [ExpTypes || #plt{exported_types = ExpTypes} <- List],
-  ContractsList = [Contracts || #plt{contracts = Contracts} <- List],
+  {InfoList, TypesList, ExpTypesList, ContractsList, CallbacksList} =
+    group_fields(List),
   #plt{info = table_merge(InfoList),
        types = table_merge(TypesList),
        exported_types = sets_merge(ExpTypesList),
-       contracts = table_merge(ContractsList)}.
+       contracts = table_merge(ContractsList),
+       callbacks = table_merge(CallbacksList)
+      }.
 
 -spec merge_disj_plts([plt()]) -> plt().
 
 merge_disj_plts(List) ->
+  {InfoList, TypesList, ExpTypesList, ContractsList, CallbacksList} =
+    group_fields(List),
+  #plt{info = table_disj_merge(InfoList),
+       types = table_disj_merge(TypesList),
+       exported_types = sets_disj_merge(ExpTypesList),
+       contracts = table_disj_merge(ContractsList),
+       callbacks = table_disj_merge(CallbacksList)
+      }.
+
+group_fields(List) ->
   InfoList = [Info || #plt{info = Info} <- List],
   TypesList = [Types || #plt{types = Types} <- List],
   ExpTypesList = [ExpTypes || #plt{exported_types = ExpTypes} <- List],
   ContractsList = [Contracts || #plt{contracts = Contracts} <- List],
-  #plt{info = table_disj_merge(InfoList),
-       types = table_disj_merge(TypesList),
-       exported_types = sets_disj_merge(ExpTypesList),
-       contracts = table_disj_merge(ContractsList)}.
+  CallbacksList = [Callbacks || #plt{callbacks = Callbacks} <- List],
+  {InfoList, TypesList, ExpTypesList, ContractsList, CallbacksList}.
 
 -spec merge_plts_or_report_conflicts([file:filename()], [plt()]) -> plt().
 
@@ -329,7 +374,7 @@ find_duplicates(List) ->
 
 to_file(FileName,
 	#plt{info = Info, types = Types, contracts = Contracts,
-             exported_types = ExpTypes},
+	     callbacks = Callbacks, exported_types = ExpTypes},
 	ModDeps, {MD5, OldModDeps}) ->
   NewModDeps = dict:merge(fun(_Key, OldVal, NewVal) ->
 			      ordsets:union(OldVal, NewVal)
@@ -340,6 +385,7 @@ to_file(FileName,
 		     file_md5_list = MD5,
 		     info = Info,
 		     contracts = Contracts,
+		     callbacks = Callbacks,
 		     types = Types,
                      exported_types = ExpTypes,
 		     mod_deps = NewModDeps,
diff --git a/lib/dialyzer/src/dialyzer_succ_typings.erl b/lib/dialyzer/src/dialyzer_succ_typings.erl
index dc5a3fed37..4d86bb34a7 100644
--- a/lib/dialyzer/src/dialyzer_succ_typings.erl
+++ b/lib/dialyzer/src/dialyzer_succ_typings.erl
@@ -29,7 +29,7 @@
 
 -export([analyze_callgraph/3, 
 	 analyze_callgraph/4,
-	 get_warnings/7]).
+	 get_warnings/6]).
 
 %% These are only intended as debug functions.
 -export([doit/1,
@@ -106,21 +106,19 @@ get_refined_success_typings(State) ->
 -type doc_plt() :: 'undefined' | dialyzer_plt:plt().
 -spec get_warnings(dialyzer_callgraph:callgraph(), dialyzer_plt:plt(),
 		   doc_plt(), dialyzer_codeserver:codeserver(), set(),
-		   pid(), boolean()) ->
+		   pid()) ->
 	 {[dial_warning()], dialyzer_plt:plt(), doc_plt()}.
 
-get_warnings(Callgraph, Plt, DocPlt, Codeserver,
-	     NoWarnUnused, Parent, BehavioursChk) ->
+get_warnings(Callgraph, Plt, DocPlt, Codeserver, NoWarnUnused, Parent) ->
   InitState = #st{callgraph = Callgraph, codeserver = Codeserver,
 		  no_warn_unused = NoWarnUnused, parent = Parent, plt = Plt},
   NewState = get_refined_success_typings(InitState),
   Mods = dialyzer_callgraph:modules(NewState#st.callgraph),
   CWarns = dialyzer_contracts:get_invalid_contract_warnings(Mods, Codeserver,
 							    NewState#st.plt),
-  get_warnings_from_modules(Mods, NewState, DocPlt, BehavioursChk, CWarns).
+  get_warnings_from_modules(Mods, NewState, DocPlt, CWarns).
 
-get_warnings_from_modules([M|Ms], State, DocPlt,
-			  BehavioursChk, Acc) when is_atom(M) ->
+get_warnings_from_modules([M|Ms], State, DocPlt, Acc) when is_atom(M) ->
   send_log(State#st.parent, io_lib:format("Getting warnings for ~w\n", [M])),
   #st{callgraph = Callgraph, codeserver = Codeserver,
       no_warn_unused = NoWarnUnused, plt = Plt} = State,
@@ -135,19 +133,15 @@ get_warnings_from_modules([M|Ms], State, DocPlt,
     dialyzer_dataflow:get_warnings(ModCode, Plt, Callgraph, Records, NoWarnUnused),
   {NewAcc, Warnings2} = postprocess_dataflow_warns(RawWarnings2, State, Acc),
   Attrs = cerl:module_attrs(ModCode),
-  Warnings3 = if BehavioursChk ->
-		  dialyzer_behaviours:check_callbacks(M, Attrs,
-						      Plt, Codeserver);
-		 true -> []
-	      end,
+  Warnings3 = dialyzer_behaviours:check_callbacks(M, Attrs, Plt, Codeserver),
   NewDocPlt = insert_into_doc_plt(FunTypes, Callgraph, DocPlt),
   NewCallgraph =
     dialyzer_callgraph:renew_race_info(Callgraph, RaceCode, PublicTables,
                                        NamedTables),
   State1 = st__renew_state_calls(NewCallgraph, State),
-  get_warnings_from_modules(Ms, State1, NewDocPlt, BehavioursChk,
+  get_warnings_from_modules(Ms, State1, NewDocPlt,
 			    [Warnings1, Warnings2, Warnings3|NewAcc]);
-get_warnings_from_modules([], #st{plt = Plt}, DocPlt, _, Acc) ->
+get_warnings_from_modules([], #st{plt = Plt}, DocPlt, Acc) ->
   {lists:flatten(Acc), Plt, DocPlt}.
 
 postprocess_dataflow_warns(RawWarnings, State, WarnAcc) ->
@@ -476,7 +470,7 @@ doit(Module) ->
   {ok, Code} = dialyzer_utils:get_core_from_abstract_code(AbstrCode),
   {ok, Records} = dialyzer_utils:get_record_and_type_info(AbstrCode),
   %% contract typing info in dictionary format
-  {ok, Contracts} =
+  {ok, Contracts, _Callbacks} =
     dialyzer_utils:get_spec_info(cerl:concrete(cerl:module_name(Code)),
                                  AbstrCode, Records),
   Sigs0 = get_top_level_signatures(Code, Records, Contracts),
diff --git a/lib/dialyzer/src/dialyzer_typesig.erl b/lib/dialyzer/src/dialyzer_typesig.erl
index 30aec59d22..4268814859 100644
--- a/lib/dialyzer/src/dialyzer_typesig.erl
+++ b/lib/dialyzer/src/dialyzer_typesig.erl
@@ -2046,8 +2046,7 @@ lookup_type(Key, Map) ->
   %% case cerl:is_literal(Key) of
   %%   true -> t_from_term(cerl:concrete(Key));
   %%   false ->
-  Subst = t_subst(Key, Map),
-  t_sup(Subst, Subst).
+  t_subst(Key, Map).
   %% end.
 
 mk_var(Var) ->
@@ -2161,13 +2160,21 @@ get_apply_constr(FunLabels, Dst, ArgTypes, #state{callgraph = CG} = State) ->
   case lists:member(error, MFAs) of
     true -> error;
     false ->
-      Constrs = [begin
-		   State1 = state__new_constraint_context(State),
-		   State2 = get_plt_constr(MFA, Dst, ArgTypes, State1),
-		   state__cs(State2)
-		 end || {ok, MFA} <- MFAs],
-      ApplyConstr = mk_disj_constraint_list(Constrs),
-      {ok, state__store_conj(ApplyConstr, State)}
+      Constrs0 =
+	[begin
+	   State1 = state__new_constraint_context(State),
+	   try get_plt_constr(MFA, Dst, ArgTypes, State1) of
+	       State2 -> state__cs(State2)
+	   catch
+	     throw:error -> error
+	   end
+	 end || {ok, MFA} <- MFAs],
+      case [C || C <- Constrs0, C =/= error] of
+	[] -> throw(error);
+	Constrs ->
+	  ApplyConstr = mk_disj_constraint_list(Constrs),
+	  {ok, state__store_conj(ApplyConstr, State)}
+      end
   end.
 
 state__scc(#state{scc = SCC}) ->
diff --git a/lib/dialyzer/src/dialyzer_utils.erl b/lib/dialyzer/src/dialyzer_utils.erl
index 12f8dec67e..2a248fb028 100644
--- a/lib/dialyzer/src/dialyzer_utils.erl
+++ b/lib/dialyzer/src/dialyzer_utils.erl
@@ -311,11 +311,15 @@ merge_records(NewRecords, OldRecords) ->
 %%
 %% ============================================================================
 
+-type spec_dict()     :: dict().
+-type callback_dict() :: dict().
+
 -spec get_spec_info(atom(), abstract_code(), dict()) ->
-        {'ok', dict()} | {'error', string()}.
+        {'ok', spec_dict(), callback_dict()} | {'error', string()}.
 
 get_spec_info(ModName, AbstractCode, RecordsDict) ->
-  get_spec_info(AbstractCode, dict:new(), RecordsDict, ModName, "nofile").
+  get_spec_info(AbstractCode, dict:new(), dict:new(),
+		RecordsDict, ModName, "nofile").
 
 %% TypeSpec is a list of conditional contracts for a function.
 %% Each contract is of the form {[Argument], Range, [Constraint]} where
@@ -323,21 +327,34 @@ get_spec_info(ModName, AbstractCode, RecordsDict) ->
 %%  - Constraint is of the form {subtype, T1, T2} where T1 and T2
 %%    are erl_types:erl_type()
 
-get_spec_info([{attribute, Ln, spec, {Id, TypeSpec}}|Left],
-	      SpecDict, RecordsDict, ModName, File) when is_list(TypeSpec) ->
+get_spec_info([{attribute, Ln, Contract, {Id, TypeSpec}}|Left],
+	      SpecDict, CallbackDict, RecordsDict, ModName, File)
+  when ((Contract =:= 'spec') or (Contract =:= 'callback')),
+       is_list(TypeSpec) ->
   MFA = case Id of
 	  {_, _, _} = T -> T;
 	  {F, A} -> {ModName, F, A}
 	end,
-  try dict:find(MFA, SpecDict) of
+  ActiveDict =
+    case Contract of
+      spec     -> SpecDict;
+      callback -> CallbackDict
+    end,
+  try dict:find(MFA, ActiveDict) of
     error ->
-      NewSpecDict =
+      NewActiveDict =
 	dialyzer_contracts:store_tmp_contract(MFA, {File, Ln}, TypeSpec,
-					      SpecDict, RecordsDict),
-      get_spec_info(Left, NewSpecDict, RecordsDict, ModName, File);
+					      ActiveDict, RecordsDict),
+      {NewSpecDict, NewCallbackDict} =
+	case Contract of
+	  spec     -> {NewActiveDict, CallbackDict};
+	  callback -> {SpecDict, NewActiveDict}
+	end,
+      get_spec_info(Left, NewSpecDict, NewCallbackDict,
+		    RecordsDict, ModName,File);
     {ok, {{OtherFile, L},_C}} ->
       {Mod, Fun, Arity} = MFA,
-      Msg = flat_format("  Contract for function ~w:~w/~w "
+      Msg = flat_format("  Contract/callback for function ~w:~w/~w "
 			"already defined in ~s:~w\n",
 			[Mod, Fun, Arity, OtherFile, L]),
       throw({error, Msg})
@@ -347,12 +364,14 @@ get_spec_info([{attribute, Ln, spec, {Id, TypeSpec}}|Left],
 			  [Ln, Error])}
   end;
 get_spec_info([{attribute, _, file, {IncludeFile, _}}|Left],
-	      SpecDict, RecordsDict, ModName, _File) ->
-  get_spec_info(Left, SpecDict, RecordsDict, ModName, IncludeFile);
-get_spec_info([_Other|Left], SpecDict, RecordsDict, ModName, File) ->
-  get_spec_info(Left, SpecDict, RecordsDict, ModName, File);
-get_spec_info([], SpecDict, _RecordsDict, _ModName, _File) ->
-  {ok, SpecDict}.
+	      SpecDict, CallbackDict, RecordsDict, ModName, _File) ->
+  get_spec_info(Left, SpecDict, CallbackDict,
+		RecordsDict, ModName, IncludeFile);
+get_spec_info([_Other|Left], SpecDict, CallbackDict,
+	      RecordsDict, ModName, File) ->
+  get_spec_info(Left, SpecDict, CallbackDict, RecordsDict, ModName, File);
+get_spec_info([], SpecDict, CallbackDict, _RecordsDict, _ModName, _File) ->
+  {ok, SpecDict, CallbackDict}.
 
 %% ============================================================================
 %%
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/dialyzer_options b/lib/dialyzer/test/behaviour_SUITE_data/dialyzer_options
new file mode 100644
index 0000000000..50991c9bc5
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/dialyzer_options
@@ -0,0 +1 @@
+{dialyzer_options, []}.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs b/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs
new file mode 100644
index 0000000000..33d135048e
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs
@@ -0,0 +1,5 @@
+
+my_callbacks_wrong.erl:26: The return type #state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()} in the specification of callback_init/1 is not a subtype of {'ok',_}, which is the expected return type for the callback of my_behaviour behaviour
+my_callbacks_wrong.erl:28: The inferred return type of callback_init/1 (#state{parent::'undefined' | pid(),status::'init',subscribe::[],counter::1}) has nothing in common with {'ok',_}, which is the expected return type for the callback of my_behaviour behaviour
+my_callbacks_wrong.erl:30: The return type {'reply',#state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()}} in the specification of callback_cast/3 is not a subtype of {'noreply',_}, which is the expected return type for the callback of my_behaviour behaviour
+my_callbacks_wrong.erl:39: The specified type for the 2nd argument of callback_call/3 (atom()) is not a supertype of pid(), which is expected type for this argument in the callback of the my_behaviour behaviour
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return
new file mode 100644
index 0000000000..e646eea383
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return
@@ -0,0 +1,2 @@
+
+gen_event_incorrect_return.erl:16: The inferred return type of init/1 ('error') has nothing in common with {'error',_} | {'ok',_} | {'ok',_,'hibernate'}, which is the expected return type for the callback of gen_event behaviour
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/gen_server_incorrect_args b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_server_incorrect_args
new file mode 100644
index 0000000000..3e98da785f
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_server_incorrect_args
@@ -0,0 +1,8 @@
+
+gen_server_incorrect_args.erl:3: Undefined callback function code_change/3 (behaviour 'gen_server')
+gen_server_incorrect_args.erl:3: Undefined callback function handle_cast/2 (behaviour 'gen_server')
+gen_server_incorrect_args.erl:3: Undefined callback function handle_info/2 (behaviour 'gen_server')
+gen_server_incorrect_args.erl:3: Undefined callback function init/1 (behaviour 'gen_server')
+gen_server_incorrect_args.erl:3: Undefined callback function terminate/2 (behaviour 'gen_server')
+gen_server_incorrect_args.erl:7: The inferred return type of handle_call/3 ({'no'} | {'ok'}) has nothing in common with {'noreply',_} | {'noreply',_,'hibernate' | 'infinity' | non_neg_integer()} | {'reply',_,_} | {'stop',_,_} | {'reply',_,_,'hibernate' | 'infinity' | non_neg_integer()} | {'stop',_,_,_}, which is the expected return type for the callback of gen_server behaviour
+gen_server_incorrect_args.erl:7: The inferred type for the 2nd argument of handle_call/3 ('boo' | 'foo') is not a supertype of {pid(),_}, which is expected type for this argument in the callback of the gen_server behaviour
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/gen_server_missing_callbacks b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_server_missing_callbacks
new file mode 100644
index 0000000000..5e0ed5fd27
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_server_missing_callbacks
@@ -0,0 +1,3 @@
+
+gen_server_missing_callbacks.erl:3: Undefined callback function handle_cast/2 (behaviour 'gen_server')
+gen_server_missing_callbacks.erl:3: Undefined callback function handle_info/2 (behaviour 'gen_server')
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/sample_behaviour b/lib/dialyzer/test/behaviour_SUITE_data/results/sample_behaviour
new file mode 100644
index 0000000000..a38e662ccf
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/sample_behaviour
@@ -0,0 +1,9 @@
+
+sample_callback_wrong.erl:15: The inferred return type of sample_callback_2/0 (42) has nothing in common with atom(), which is the expected return type for the callback of sample_behaviour behaviour
+sample_callback_wrong.erl:16: The inferred return type of sample_callback_3/0 ('fair') has nothing in common with 'fail' | {'ok',1..255}, which is the expected return type for the callback of sample_behaviour behaviour
+sample_callback_wrong.erl:17: The inferred return type of sample_callback_4/1 ('fail') has nothing in common with 'ok', which is the expected return type for the callback of sample_behaviour behaviour
+sample_callback_wrong.erl:19: The inferred return type of sample_callback_5/1 (string()) has nothing in common with 'fail' | 'ok', which is the expected return type for the callback of sample_behaviour behaviour
+sample_callback_wrong.erl:19: The inferred type for the 1st argument of sample_callback_5/1 (atom()) is not a supertype of 1..255, which is expected type for this argument in the callback of the sample_behaviour behaviour
+sample_callback_wrong.erl:21: The inferred return type of sample_callback_6/3 ({'okk',number()}) has nothing in common with 'fail' | {'ok',1..255}, which is the expected return type for the callback of sample_behaviour behaviour
+sample_callback_wrong.erl:21: The inferred type for the 3rd argument of sample_callback_6/3 (atom()) is not a supertype of string(), which is expected type for this argument in the callback of the sample_behaviour behaviour
+sample_callback_wrong.erl:3: Undefined callback function sample_callback_1/0 (behaviour 'sample_behaviour')
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/sample_behaviour_old b/lib/dialyzer/test/behaviour_SUITE_data/results/sample_behaviour_old
new file mode 100644
index 0000000000..f0181bb59c
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/sample_behaviour_old
@@ -0,0 +1,4 @@
+
+incorrect_args_callback.erl:12: The inferred type for the 2nd argument of bar/2 ('yes') is not a supertype of [any()], which is expected type for this argument in the callback of the correct_behaviour behaviour
+incorrect_return_callback.erl:9: The inferred return type of foo/0 ('error') has nothing in common with 'no' | 'yes', which is the expected return type for the callback of correct_behaviour behaviour
+missing_callback.erl:5: Undefined callback function foo/0 (behaviour 'correct_behaviour')
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/supervisor_incorrect_return b/lib/dialyzer/test/behaviour_SUITE_data/results/supervisor_incorrect_return
new file mode 100644
index 0000000000..e89caf3cf7
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/supervisor_incorrect_return
@@ -0,0 +1,2 @@
+
+supervisor_incorrect_return.erl:14: The inferred return type of init/1 ({'ok',{{'one_against_one',0,1},[{_,_,_,_,_,_},...]}}) has nothing in common with 'ignore' | {'ok',{{'one_for_all',non_neg_integer(),non_neg_integer()} | {'one_for_one',non_neg_integer(),non_neg_integer()} | {'rest_for_one',non_neg_integer(),non_neg_integer()} | {'simple_one_for_one',non_neg_integer(),non_neg_integer()},[{_,{atom() | tuple(),atom(),'undefined' | [any()]},'permanent' | 'temporary' | 'transient','brutal_kill' | 'infinity' | non_neg_integer(),'supervisor' | 'worker','dynamic' | [atom() | tuple()]}]}}, which is the expected return type for the callback of supervisor behaviour
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/undefined_callbacks b/lib/dialyzer/test/behaviour_SUITE_data/results/undefined_callbacks
new file mode 100644
index 0000000000..7147ffc750
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/undefined_callbacks
@@ -0,0 +1,2 @@
+
+undefined_beh_callback.erl:5: Callback info about the undefined_behaviour behaviour is not available
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec b/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec
new file mode 100644
index 0000000000..5284e412f0
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec
@@ -0,0 +1,6 @@
+
+vars_in_beh_spec.erl:3: Undefined callback function handle_call/3 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function handle_cast/2 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function handle_info/2 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function init/1 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function terminate/2 (behaviour 'gen_server')
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_behaviour.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_behaviour.erl
new file mode 100644
index 0000000000..c4e5203448
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_behaviour.erl
@@ -0,0 +1,11 @@
+-module(my_behaviour).
+
+-callback callback_init(Parent :: pid()) -> {'ok', State::term()}.
+
+-callback callback_cast(State::term(), From::pid(), Msg::term()) ->
+    {'noreply', NewState::term()}.
+
+-callback callback_call(State::term(), From::pid(), Msg::term()) ->
+    {'reply', NewState::term(), Reply::term()}.
+
+-callback callback_exit(State::term()) -> 'ok'.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_callbacks_correct.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_callbacks_correct.erl
new file mode 100644
index 0000000000..041b4ac56c
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_callbacks_correct.erl
@@ -0,0 +1,59 @@
+-module(my_callbacks_correct).
+
+-export([
+	 callback_init/1
+	 , callback_call/3
+	 , callback_cast/3
+	 , callback_exit/1
+	]).
+
+-record(state, {
+	  parent           :: pid(),
+	  status    = init :: 'init' | 'open' | 'closed',
+	  subscribe = []   :: list({pid(), integer()}),
+	  counter   = 1    :: integer()
+	 }).
+
+-type state()        :: #state{}.
+
+-type cast_message() :: 'open' | 'closed'.
+
+-type call_message() :: 'subscribe' | 'unsubscribe'.
+-type call_reply()   :: 'accepted' | 'rejected'.
+
+-spec callback_init(Parent::pid()) -> {'ok', state()}.
+
+callback_init(Parent) ->
+    {ok, #state{parent = Parent}}.
+
+-spec callback_cast(state(), pid(), cast_message()) -> {'noreply', state()}.
+
+callback_cast(#state{parent = Pid} = State, Pid, Message)
+  when Message =:= 'open'; Message =:= 'close' ->
+    {noreply, State#state{status = Message}};
+callback_cast(State, _Pid, _Message) ->
+    {noreply, State}.
+
+-spec callback_call(state(), pid(), call_message()) ->
+			   {'reply', state(), call_reply()}.
+
+callback_call(#state{status = open, subscribe = Subscribers} = State,
+	      Pid, Message)
+  when Message =:= 'subscribe';
+       Message =:= 'unsubscribe' ->
+    NewState =
+	case Message of
+	    subscribe ->
+		N = State#state.counter,
+		State#state{subscribe = [{Pid, N}|Subscribers], counter = N+1};
+	    unsubscribe ->
+		State#state{subscribe = lists:keydelete(Pid, 1, Subscribers)}
+	end,
+    {reply, NewState, accepted};
+callback_call(State, _Pid, _Message) ->
+    {reply, State, rejected}.
+
+-spec callback_exit(state()) -> 'ok'.
+
+callback_exit(_State) ->
+    ok.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_callbacks_wrong.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_callbacks_wrong.erl
new file mode 100644
index 0000000000..0459622dc1
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/callbacks_and_specs/my_callbacks_wrong.erl
@@ -0,0 +1,61 @@
+-module(my_callbacks_wrong).
+
+-export([
+	 callback_init/1
+	 , callback_call/3
+	 , callback_cast/3
+	 , callback_exit/1
+	]).
+
+-behaviour(my_behaviour).
+
+-record(state, {
+	  parent           :: pid(),
+	  status    = init :: 'init' | 'open' | 'closed',
+	  subscribe = []   :: list({pid(), integer()}),
+	  counter   = 1    :: integer()
+	 }).
+
+-type state()        :: #state{}.
+
+-type cast_message() :: 'open' | 'closed'.
+
+-type call_message() :: 'subscribe' | 'unsubscribe'.
+-type call_reply()   :: 'accepted' | 'rejected'.
+
+-spec callback_init(Parent::pid()) -> state().    %% Wrong return spec
+
+callback_init(Parent) -> #state{parent = Parent}. %% Wrong return
+
+-spec callback_cast(state(), pid() | atom(), cast_message()) ->
+			   {'noreply' | 'reply', state()}. %% More generic spec
+
+callback_cast(#state{parent = Pid} = State, Pid, Message)
+  when Message =:= 'open'; Message =:= 'close' ->
+    {noreply, State#state{status = Message}};
+callback_cast(State, _Pid, _Message) ->
+    {noreply, State}.
+
+-spec callback_call(state(), atom(), call_message()) ->      %% Wrong arg spec
+			   {'reply', state(), call_reply()}.
+
+callback_call(#state{status = open, subscribe = Subscribers} = State,
+	      Pid, Message)
+  when Message =:= 'subscribe';
+       Message =:= 'unsubscribe' ->
+    NewState =
+	case Message of
+	    subscribe ->
+		N = State#state.counter,
+		State#state{subscribe = [{Pid, N}|Subscribers], counter = N+1};
+	    unsubscribe ->
+		State#state{subscribe = lists:keydelete(Pid, 1, Subscribers)}
+	end,
+    {reply, NewState, accepted};
+callback_call(State, _Pid, _Message) ->
+    {reply, State, rejected}.
+
+-spec callback_exit(state()) -> ok.
+
+callback_exit(_State) ->
+    ok.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/gen_event_incorrect_return.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/gen_event_incorrect_return.erl
new file mode 100644
index 0000000000..f5ccf7f8c4
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/gen_event_incorrect_return.erl
@@ -0,0 +1,33 @@
+-module(gen_event_incorrect_return).
+
+-behaviour(gen_event).
+
+-export([start_link/0, add_handler/0]).
+
+-export([init/1, handle_event/2, handle_call/2, 
+	 handle_info/2, terminate/2, code_change/3]).
+
+start_link() ->
+    gen_event:start_link({local, myserver}). 
+
+add_handler() ->
+    gen_event:add_handler(myserver, ?MODULE, []).
+
+init([]) ->
+    error.
+
+handle_event(_Event, State) ->
+    {ok, State}.
+
+handle_call(_Request, State) ->
+    Reply = ok,
+    {ok, Reply, State}.
+
+handle_info(_Info, State) ->
+    {ok, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/gen_server_incorrect_args.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/gen_server_incorrect_args.erl
new file mode 100644
index 0000000000..df04dff80d
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/gen_server_incorrect_args.erl
@@ -0,0 +1,11 @@
+-module(gen_server_incorrect_args).
+
+-behaviour(gen_server).
+
+-export([handle_call/3]).
+
+handle_call(_Request, From, _State) ->
+    case From of
+	'boo' -> {'ok'};
+	'foo' -> {'no'}
+    end.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/gen_server_missing_callbacks.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/gen_server_missing_callbacks.erl
new file mode 100644
index 0000000000..760466fdac
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/gen_server_missing_callbacks.erl
@@ -0,0 +1,23 @@
+-module(gen_server_missing_callbacks).
+
+-behaviour(gen_server).
+
+-export([start_link/0]).
+
+-export([init/1, handle_call/3, terminate/2, code_change/3]).
+
+start_link() ->
+    gen_server:start_link({local, myserver}, ?MODULE, [], []).
+
+init([]) ->
+    ignore.
+
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_behaviour.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_behaviour.erl
new file mode 100644
index 0000000000..116980986b
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_behaviour.erl
@@ -0,0 +1,13 @@
+-module(sample_behaviour).
+
+-type custom() :: 1..42.
+
+-callback sample_callback_1() -> term().
+-callback sample_callback_2() -> atom().
+-callback sample_callback_3() -> {'ok', custom()} | 'fail'.
+
+-callback sample_callback_4(term()) -> 'ok'.
+-callback sample_callback_5(custom()) -> 'ok' | 'fail'.
+
+-callback sample_callback_6(custom(), custom(), string()) ->
+    {'ok', custom()} | 'fail'.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_correct.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_correct.erl
new file mode 100644
index 0000000000..ab0378e6f0
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_correct.erl
@@ -0,0 +1,32 @@
+-module(sample_callback_correct).
+
+-behaviour(sample_behaviour).
+
+-export([
+	 sample_callback_1/0,
+	 sample_callback_2/0,
+	 sample_callback_3/0,
+	 sample_callback_4/1,
+	 sample_callback_5/1,
+	 sample_callback_6/3
+	]).
+
+sample_callback_1() -> 42.       % This is a valid return.
+sample_callback_2() -> foo.      % This is a valid return.
+sample_callback_3() -> {ok, 17}. % This is a valid return.
+sample_callback_4(Input) ->
+    put(mine, Input+1),          % This is valid handling of the input
+    ok.                          % This is a valid return.
+sample_callback_5(Input) ->
+    case Input - 1 < 22 of       % This is valid handling of the input
+	true  -> ok;             % This is a valid return.
+	false -> fail            % This is a valid return.
+    end.
+sample_callback_6(OldNr, NewNr, Reason) ->
+    Diff = NewNr - OldNr,                         % This is valid handling of the input
+    Msg = string:join(["Reason: ", Reason], ","), % This is valid handling of the input
+    case Diff > 0 of
+	true -> put(mine, {NewNr, Msg}),
+		{ok, NewNr};                      % This is a valid return.
+	false -> fail                             % This is a valid return.
+    end.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_correct_2.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_correct_2.erl
new file mode 100644
index 0000000000..c218174e58
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_correct_2.erl
@@ -0,0 +1,38 @@
+-module(sample_callback_correct_2).
+
+-behaviour(sample_behaviour).
+
+-export([
+	 sample_callback_1/0,
+	 sample_callback_2/0,
+	 sample_callback_3/0,
+	 sample_callback_4/1,
+	 sample_callback_5/1,
+	 sample_callback_6/3,
+	 common_infrastructure/1
+	]).
+
+sample_callback_1() -> 42.       % This is a valid return.
+sample_callback_2() -> halt().   % Crashes are also allowed.
+sample_callback_3() -> {ok, 17}. % This is a valid return.
+sample_callback_4(Input) ->
+    case Input of
+	1 -> common_infrastructure(Input); % This is 'correct' input for
+	_ -> ok                            % common_infrastructure.
+    end.
+sample_callback_5(Input) ->
+    case get(Input) of % This is valid handling of a more generic input
+	true  -> ok;   % This is a valid return.
+	false -> fail  % This is a valid return.
+    end.
+sample_callback_6(OldNr, NewNr, Reason) ->
+    Diff = NewNr - OldNr,                         % This is valid handling of the input
+    Msg = string:join(["Reason: ", Reason], ","), % This is valid handling of the input
+    case Diff > 0 of
+	true -> put(mine, {NewNr, Msg}),
+		{ok, NewNr};                 % This is a valid return.
+	false -> fail                        % This is a valid return.
+    end.
+
+common_infrastructure( 1) ->   'ok';
+common_infrastructure(42) -> 'fail'.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_wrong.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_wrong.erl
new file mode 100644
index 0000000000..02a063fab7
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour/sample_callback_wrong.erl
@@ -0,0 +1,25 @@
+-module(sample_callback_wrong).
+
+-behaviour(sample_behaviour).
+
+-export([
+%	 sample_callback_1/0,
+	 sample_callback_2/0,
+	 sample_callback_3/0,
+	 sample_callback_4/1,
+	 sample_callback_5/1,
+	 sample_callback_6/3
+	]).
+
+% sample_callback_1() -> 41.  % We can't really break this contract so: missing!
+sample_callback_2() -> 42.    % This is not an atom().
+sample_callback_3() -> fair.  % This is probably a typo.
+sample_callback_4(_) ->       % We cannot break the input.
+    fail.                     % We can definitely return a wrong value however. :)
+sample_callback_5(Input) ->   % Input is treated as an atom, result is a list.
+    atom_to_list(Input).      % Both violate the contract.
+sample_callback_6(OldNr, NewNr, Reason) ->
+    Diff = NewNr - OldNr, % This is valid handling of the input
+    %% Reason should have been treated as a string.
+    Msg = string:join(["Reason: ", atom_to_list(Reason)], ","),
+    {okk, NewNr}. %% This, too, is a typo.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/correct_behaviour.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/correct_behaviour.erl
new file mode 100644
index 0000000000..90ce590997
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/correct_behaviour.erl
@@ -0,0 +1,6 @@
+%%% This is a behaviour with info about its calllbacks.
+
+-module(correct_behaviour).
+
+-callback foo() -> yes | no.
+-callback bar({atom(),_},[_]) -> term().
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/correct_callback.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/correct_callback.erl
new file mode 100644
index 0000000000..8f254520ab
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/correct_callback.erl
@@ -0,0 +1,15 @@
+%%% This is a correct callback module for the correct_behaviour.
+
+-module(correct_callback).
+
+-behaviour(correct_behaviour).
+
+-export([foo/0, bar/2]).
+
+foo() ->
+    yes.
+
+bar({'query', 'boo'}, _Any) ->
+    no;
+bar({'reply', [_R]}, [1,2,3]) ->
+    yes.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/incorrect_args_callback.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/incorrect_args_callback.erl
new file mode 100644
index 0000000000..68fc60d418
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/incorrect_args_callback.erl
@@ -0,0 +1,13 @@
+%%% This is a correct callback module for the correct_behaviour.
+
+-module(incorrect_args_callback).
+
+-behaviour(correct_behaviour).
+
+-export([foo/0, bar/2]).
+
+foo() ->
+    yes.
+
+bar({'reply', _Any}, yes) -> %% Should be a tuple and a list.
+    yes.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/incorrect_return_callback.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/incorrect_return_callback.erl
new file mode 100644
index 0000000000..9ff920cdd0
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/incorrect_return_callback.erl
@@ -0,0 +1,15 @@
+%%% This is a correct callback module for the correct_behaviour.
+
+-module(incorrect_return_callback).
+
+-behaviour(correct_behaviour).
+
+-export([foo/0, bar/2]).
+
+foo() ->
+    error. %% Should be 'yes' or 'no'.
+
+bar({'query', 'boo'}, _Any) ->
+    no;
+bar({'reply', [_R]}, [1,2,3]) ->
+    yes.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/missing_callback.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/missing_callback.erl
new file mode 100644
index 0000000000..e6c5306839
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/sample_behaviour_old/missing_callback.erl
@@ -0,0 +1,10 @@
+%%% This is a correct callback module for the correct_behaviour.
+
+-module(missing_callback).
+
+-behaviour(correct_behaviour).
+
+-export([bar/2]).
+
+bar({'reply', _Any}, []) ->
+    yes.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/supervisor_incorrect_return.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/supervisor_incorrect_return.erl
new file mode 100644
index 0000000000..616a9073ae
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/supervisor_incorrect_return.erl
@@ -0,0 +1,17 @@
+-module(supervisor_incorrect_return).
+
+-behaviour(supervisor).
+
+-export([start_link/0]).
+
+-export([init/1]).
+
+-define(SERVER, ?MODULE).
+
+start_link() ->
+    supervisor:start_link({local, ?SERVER}, ?MODULE, []).
+
+init([]) ->
+    AChild = {'AName',{'AModule',start_link,[]},
+	      permanent,2000,worker,['AModule']},
+    {ok,{{one_against_one,0,1}, [AChild]}}.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/undefined_callbacks/undefined_beh_callback.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/undefined_callbacks/undefined_beh_callback.erl
new file mode 100644
index 0000000000..8223225b4b
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/undefined_callbacks/undefined_beh_callback.erl
@@ -0,0 +1,13 @@
+%%% This is a correct callback module for the correct_behaviour.
+
+-module(undefined_beh_callback).
+
+-behaviour(undefined_behaviour).
+
+-export([foo/0, bar/2]).
+
+foo() ->
+    yes.
+
+bar({'reply', _Any}, yes) ->
+    yes.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/undefined_callbacks/undefined_behaviour.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/undefined_callbacks/undefined_behaviour.erl
new file mode 100644
index 0000000000..fb3d4c5e03
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/undefined_callbacks/undefined_behaviour.erl
@@ -0,0 +1,10 @@
+%%% This is a behaviour with undefined info about its calllbacks.
+
+-module(undefined_behaviour).
+
+-export([behaviour_info/1]).
+
+behaviour_info(callbacks) ->
+    [{foo, 0}, {bar, 2}];
+behaviour_info(_Other) ->
+    undefined.
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl
new file mode 100644
index 0000000000..dc75b30d0e
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl
@@ -0,0 +1,10 @@
+-module(vars_in_beh_spec).
+
+-behaviour(gen_server).
+
+-export([code_change/3]).
+
+-spec code_change(_, State, _) -> {ok, State}.
+
+code_change(_, State, _) ->
+    {ok, State}.
diff --git a/lib/dialyzer/test/opaque_SUITE_data/results/crash b/lib/dialyzer/test/opaque_SUITE_data/results/crash
index 6bdd934169..1ddae5149f 100644
--- a/lib/dialyzer/test/opaque_SUITE_data/results/crash
+++ b/lib/dialyzer/test/opaque_SUITE_data/results/crash
@@ -1,5 +1,4 @@
 
-crash_1.erl:42: The specification for crash_1:empty/0 states that the function might also return crash_1:targetlist() but the inferred return is none()
 crash_1.erl:45: Record construction #targetlist{list::[]} violates the declared type of field list::'undefined' | crash_1:target()
 crash_1.erl:48: The call crash_1:get_using_branch2(Branch::maybe_improper_list(),L::'undefined' | crash_1:target()) contains an opaque term as 2nd argument when terms of different types are expected in these positions
 crash_1.erl:50: The pattern <_Branch, []> can never match the type <maybe_improper_list(),'undefined' | crash_1:target()>
diff --git a/lib/dialyzer/test/r9c_SUITE_data/results/inets b/lib/dialyzer/test/r9c_SUITE_data/results/inets
index 0177dcc88c..24cb39e52b 100644
--- a/lib/dialyzer/test/r9c_SUITE_data/results/inets
+++ b/lib/dialyzer/test/r9c_SUITE_data/results/inets
@@ -3,21 +3,15 @@ ftp.erl:1243: The pattern {'ok', {N, Bytes}} can never match the type 'eof' | {'
 ftp.erl:640: The pattern {'closed', _Why} can never match the type 'perm_fname_not_allowed' | 'perm_neg_compl' | 'perm_no_space' | 'pos_compl' | 'pos_interm' | 'pos_interm_acct' | 'trans_neg_compl' | 'trans_no_space' | {'error' | 'perm_fname_not_allowed' | 'perm_neg_compl' | 'perm_no_space' | 'pos_compl' | 'pos_interm' | 'pos_interm_acct' | 'pos_prel' | 'trans_neg_compl' | 'trans_no_space',atom() | [any()] | {'invalid_server_response',[any(),...]}}
 http.erl:117: The pattern {'error', Reason} can never match the type #req_headers{connection::[45 | 97 | 101 | 105 | 107 | 108 | 112 | 118,...],content_length::[48,...],other::[{_,_}]}
 http.erl:138: Function close_session/2 will never be called
-http_lib.erl:286: The call http_lib:close('ip_comm' | {'ssl',_},port() | {'sslsocket',_,_}) will never return since it differs in the 1st argument from the success typing arguments: ('http' | 'https',port() | {'sslsocket',_,pid() | {_,{'config',_,_,_,_,{_,_,_,_}}} | {'sslsocket',_,pid() | {'sslsocket',_,pid() | {_,_,_}}}})
-http_lib.erl:415: The pattern 61 can never match the type 'http_eoh' | binary() | maybe_improper_list(any(),binary() | []) | {'http_error',binary() | string()} | #http_request{method::'DELETE' | 'GET' | 'HEAD' | 'OPTIONS' | 'POST' | 'PUT' | 'TRACE' | binary() | string(),path::'*' | binary() | string() | {'abs_path',binary() | string()} | {'scheme',binary() | string(),binary() | string()} | {'absoluteURI','http' | 'https',binary() | string(),'undefined' | non_neg_integer(),binary() | string()},version::{non_neg_integer(),non_neg_integer()}} | #http_response{version::{non_neg_integer(),non_neg_integer()},status::integer(),phrase::binary() | string()} | {'http_header',integer(),atom() | binary() | string(),_,binary() | string()}
-http_lib.erl:417: The pattern 59 can never match the type 'http_eoh' | binary() | maybe_improper_list(any(),binary() | []) | {'http_error',binary() | string()} | #http_request{method::'DELETE' | 'GET' | 'HEAD' | 'OPTIONS' | 'POST' | 'PUT' | 'TRACE' | binary() | string(),path::'*' | binary() | string() | {'abs_path',binary() | string()} | {'scheme',binary() | string(),binary() | string()} | {'absoluteURI','http' | 'https',binary() | string(),'undefined' | non_neg_integer(),binary() | string()},version::{non_neg_integer(),non_neg_integer()}} | #http_response{version::{non_neg_integer(),non_neg_integer()},status::integer(),phrase::binary() | string()} | {'http_header',integer(),atom() | binary() | string(),_,binary() | string()}
-http_lib.erl:420: The pattern 13 can never match the type 'http_eoh' | binary() | maybe_improper_list(any(),binary() | []) | {'http_error',binary() | string()} | #http_request{method::'DELETE' | 'GET' | 'HEAD' | 'OPTIONS' | 'POST' | 'PUT' | 'TRACE' | binary() | string(),path::'*' | binary() | string() | {'abs_path',binary() | string()} | {'scheme',binary() | string(),binary() | string()} | {'absoluteURI','http' | 'https',binary() | string(),'undefined' | non_neg_integer(),binary() | string()},version::{non_neg_integer(),non_neg_integer()}} | #http_response{version::{non_neg_integer(),non_neg_integer()},status::integer(),phrase::binary() | string()} | {'http_header',integer(),atom() | binary() | string(),_,binary() | string()}
-http_lib.erl:424: The variable _ can never match since previous clauses completely covered the type 'http_eoh' | binary() | maybe_improper_list(any(),binary() | []) | {'http_error',binary() | string()} | #http_request{method::'DELETE' | 'GET' | 'HEAD' | 'OPTIONS' | 'POST' | 'PUT' | 'TRACE' | binary() | string(),path::'*' | binary() | string() | {'abs_path',binary() | string()} | {'scheme',binary() | string(),binary() | string()} | {'absoluteURI','http' | 'https',binary() | string(),'undefined' | non_neg_integer(),binary() | string()},version::{non_neg_integer(),non_neg_integer()}} | #http_response{version::{non_neg_integer(),non_neg_integer()},status::integer(),phrase::binary() | string()} | {'http_header',integer(),atom() | binary() | string(),_,binary() | string()}
-http_lib.erl:428: Function read_chunk_ext_val/6 will never be called
-http_lib.erl:444: The pattern 10 can never match the type 'http_eoh' | binary() | maybe_improper_list(any(),binary() | []) | {'http_error',binary() | string()} | #http_request{method::'DELETE' | 'GET' | 'HEAD' | 'OPTIONS' | 'POST' | 'PUT' | 'TRACE' | binary() | string(),path::'*' | binary() | string() | {'abs_path',binary() | string()} | {'scheme',binary() | string(),binary() | string()} | {'absoluteURI','http' | 'https',binary() | string(),'undefined' | non_neg_integer(),binary() | string()},version::{non_neg_integer(),non_neg_integer()}} | #http_response{version::{non_neg_integer(),non_neg_integer()},status::integer(),phrase::binary() | string()} | {'http_header',integer(),atom() | binary() | string(),_,binary() | string()}
-http_lib.erl:552: Call to missing or unexported function ssl:accept/2
+http_lib.erl:286: The call http_lib:close('ip_comm' | {'ssl',_},any()) will never return since it differs in the 1st argument from the success typing arguments: ('http' | 'https',any())
+http_lib.erl:424: The variable _ can never match since previous clauses completely covered the type any()
+http_lib.erl:438: The variable _ can never match since previous clauses completely covered the type any()
 http_lib.erl:99: Function getHeaderValue/2 will never be called
 httpc_handler.erl:660: Function exit_session_ok/2 has no local return
 httpc_manager.erl:145: The pattern {ErrorReply, State2} can never match the type {{'ok',number()},number(),#state{reqid::number()}}
 httpc_manager.erl:160: The pattern {ErrorReply, State2} can never match the type {{'ok',number()},number(),#state{reqid::number()}}
 httpc_manager.erl:478: The pattern {'error', Reason} can never match the type 'ok' | {number(),#session{clientclose::boolean(),pipeline::[],quelength::1}}
 httpc_manager.erl:490: The pattern {'error', Reason} can never match the type 'ok' | {number(),#session{clientclose::boolean(),pipeline::[],quelength::1}}
-httpd.erl:583: The pattern <{'error', Reason}, _Fd, SoFar> can never match the type <[any()],pid(),[[any(),...]]>
 httpd_acceptor.erl:105: The pattern {'error', Reason} can never match the type {'ok',pid()}
 httpd_acceptor.erl:110: Function handle_connection_err/4 will never be called
 httpd_acceptor.erl:168: Function report_error/2 will never be called
@@ -26,14 +20,10 @@ httpd_manager.erl:885: The pattern {'EXIT', Reason} can never match since previo
 httpd_manager.erl:919: Function auth_status/1 will never be called
 httpd_manager.erl:926: Function sec_status/1 will never be called
 httpd_manager.erl:933: Function acceptor_status/1 will never be called
-httpd_request_handler.erl:374: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 66 | 98 | 100 | 103 | 105 | 111 | 116 | 121,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_},socket::port() | {'sslsocket',_,_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
-httpd_request_handler.erl:378: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 77 | 97 | 100 | 101 | 104 | 108 | 110 | 111 | 116 | 119,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_},socket::port() | {'sslsocket',_,_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
-httpd_request_handler.erl:401: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 77 | 97 | 100 | 101 | 104 | 108 | 110 | 111 | 116 | 119,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_},socket::port() | {'sslsocket',_,_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
-httpd_request_handler.erl:489: The variable Other can never match since previous clauses completely covered the type {'error',_} | {'ok','http_eoh' | binary() | maybe_improper_list(any(),binary() | []) | {'http_error',binary() | string()} | {'http_request','DELETE' | 'GET' | 'HEAD' | 'OPTIONS' | 'POST' | 'PUT' | 'TRACE' | binary() | string(),'*' | binary() | string() | {'abs_path',binary() | [any()]} | {'scheme',binary() | [any()],binary() | [any()]} | {'absoluteURI','http' | 'https',binary() | [any()],'undefined' | non_neg_integer(),binary() | [any()]},{non_neg_integer(),non_neg_integer()}} | {'http_response',{non_neg_integer(),non_neg_integer()},integer(),binary() | string()} | {'http_header',integer(),atom() | binary() | string(),_,binary() | string()}}
-httpd_request_handler.erl:644: The call lists:reverse(Fields0::{'error',_} | {'ok',_}) will never return since it differs in the 1st argument from the success typing arguments: ([any()])
-httpd_request_handler.erl:645: Function will never be called
-httpd_socket.erl:129: Call to missing or unexported function ssl:accept/2
-httpd_socket.erl:49: The pattern {'ok', _} can never match the type {'error',_}
+httpd_request_handler.erl:374: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 66 | 98 | 100 | 103 | 105 | 111 | 116 | 121,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
+httpd_request_handler.erl:378: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 77 | 97 | 100 | 101 | 104 | 108 | 110 | 111 | 116 | 119,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
+httpd_request_handler.erl:401: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 77 | 97 | 100 | 101 | 104 | 108 | 110 | 111 | 116 | 119,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
+httpd_request_handler.erl:649: Guard test [{_,_}] =:= Trailers::nonempty_string() can never succeed
 httpd_sup.erl:63: The variable Else can never match since previous clauses completely covered the type {'error',_} | {'ok',[any()],_,_}
 httpd_sup.erl:88: The pattern {'error', Reason} can never match the type {'ok',_,_}
 httpd_sup.erl:92: The variable Else can never match since previous clauses completely covered the type {'ok',_,_}
@@ -48,10 +38,10 @@ mod_dir.erl:72: The pattern {'error', Reason} can never match the type {'ok',[[[
 mod_get.erl:135: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_head.erl:80: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_htaccess.erl:460: The pattern {'error', BadData} can never match the type {'ok',_}
-mod_include.erl:193: The pattern {_, Name, {[], []}} can never match the type {[any()],[any()],string()}
-mod_include.erl:195: The pattern {_, Name, {PathInfo, []}} can never match the type {[any()],[any()],string()}
-mod_include.erl:197: The pattern {_, Name, {PathInfo, QueryString}} can never match the type {[any()],[any()],string()}
-mod_include.erl:201: The variable Gurka can never match since previous clauses completely covered the type {[any()],[any()],string()}
+mod_include.erl:193: The pattern {_, Name, {[], []}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:195: The pattern {_, Name, {PathInfo, []}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:197: The pattern {_, Name, {PathInfo, QueryString}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:201: The variable Gurka can never match since previous clauses completely covered the type {[any()],[any()],maybe_improper_list()}
 mod_include.erl:692: The pattern <{'read', Reason}, Info, Path> can never match the type <{'open',atom()},#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_include.erl:706: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_include.erl:716: Function read_error/3 will never be called
diff --git a/lib/dialyzer/test/r9c_SUITE_data/results/mnesia b/lib/dialyzer/test/r9c_SUITE_data/results/mnesia
index 2be71ac7d7..b397d37523 100644
--- a/lib/dialyzer/test/r9c_SUITE_data/results/mnesia
+++ b/lib/dialyzer/test/r9c_SUITE_data/results/mnesia
@@ -2,6 +2,7 @@
 mnesia.erl:1319: Guard test size(Spec::[{_,_,_},...]) can never succeed
 mnesia.erl:1498: The call mnesia:bad_info_reply(Tab::atom(),Item::'type') will never return since it differs in the 2nd argument from the success typing arguments: (atom(),'memory' | 'size')
 mnesia.erl:331: Function mod2abs/1 has no local return
+mnesia_backup.erl:49: Callback info about the mnesia_backup behaviour is not available
 mnesia_bup.erl:111: The created fun has no local return
 mnesia_bup.erl:574: Function fallback_receiver/2 has no local return
 mnesia_bup.erl:967: Function uninstall_fallback_master/2 has no local return
@@ -12,9 +13,12 @@ mnesia_controller.erl:1679: The pattern {'stop', Reason, Reply, State2} can neve
 mnesia_controller.erl:1685: The pattern {'noreply', State2, _Timeout} can never match the type {'reply',_,_}
 mnesia_event.erl:77: The pattern 'remove_handler' can never match the type {'ok',_}
 mnesia_event.erl:79: The pattern {'swap_handler', Args1, State1, Mod2, Args2} can never match the type {'ok',_}
+mnesia_frag.erl:26: Callback info about the mnesia_access behaviour is not available
 mnesia_frag.erl:294: The call mnesia_frag:remote_collect(Ref::reference(),{'error',_},[],OldSelectFun::fun(() -> [any()])) will never return since it differs in the 2nd argument from the success typing arguments: (reference(),'ok',[any()],fun(() -> [any()]))
 mnesia_frag.erl:304: The call mnesia_frag:remote_collect(Ref::reference(),{'error',{'node_not_running',_}},[],OldSelectFun::fun(() -> [any()])) will never return since it differs in the 2nd argument from the success typing arguments: (reference(),'ok',[any()],fun(() -> [any()]))
 mnesia_frag.erl:312: The call mnesia_frag:remote_collect(Ref::reference(),LocalRes::{'error',_},[],OldSelectFun::fun(() -> [any()])) will never return since it differs in the 2nd argument from the success typing arguments: (reference(),'ok',[any()],fun(() -> [any()]))
+mnesia_frag_hash.erl:24: Callback info about the mnesia_frag_hash behaviour is not available
+mnesia_frag_old_hash.erl:23: Callback info about the mnesia_frag_hash behaviour is not available
 mnesia_index.erl:52: The call mnesia_lib:other_val(Var::{_,'commit_work' | 'index' | 'setorbag' | 'storage_type' | {'index',_}},_ReASoN_::any()) will never return since it differs in the 1st argument from the success typing arguments: ({_,'active_replicas' | 'where_to_read' | 'where_to_write'},any())
 mnesia_lib.erl:1028: The pattern {'EXIT', Reason} can never match the type [any()] | {'error',_}
 mnesia_lib.erl:957: The pattern {'ok', {0, _}} can never match the type 'eof' | {'error',atom()} | {'ok',binary() | string()}
diff --git a/lib/dialyzer/test/small_SUITE_data/results/higher_order_discrepancy b/lib/dialyzer/test/small_SUITE_data/results/higher_order_discrepancy
new file mode 100644
index 0000000000..7ce440a60d
--- /dev/null
+++ b/lib/dialyzer/test/small_SUITE_data/results/higher_order_discrepancy
@@ -0,0 +1,4 @@
+
+higher_order_discrepancy.erl:11: The call higher_order_discrepancy:g('foo') will never return since it differs in the 1st argument from the success typing arguments: ('bar')
+higher_order_discrepancy.erl:14: Function g/1 has no local return
+higher_order_discrepancy.erl:14: The pattern 'bar' can never match the type 'foo'
diff --git a/lib/dialyzer/test/small_SUITE_data/results/higher_order_discrepancy_2 b/lib/dialyzer/test/small_SUITE_data/results/higher_order_discrepancy_2
new file mode 100644
index 0000000000..c1c7dbbfcc
--- /dev/null
+++ b/lib/dialyzer/test/small_SUITE_data/results/higher_order_discrepancy_2
@@ -0,0 +1,8 @@
+
+higher_order_discrepancy_2.erl:11: The call higher_order_discrepancy_2:f('foo') will never return since it differs in the 1st argument from the success typing arguments: ('bar')
+higher_order_discrepancy_2.erl:11: The call higher_order_discrepancy_2:g('foo') will never return since it differs in the 1st argument from the success typing arguments: ('baz')
+higher_order_discrepancy_2.erl:13: Function f/1 has no local return
+higher_order_discrepancy_2.erl:13: The pattern 'bar' can never match the type 'foo'
+higher_order_discrepancy_2.erl:14: Function g/1 has no local return
+higher_order_discrepancy_2.erl:14: The pattern 'baz' can never match the type 'foo'
+higher_order_discrepancy_2.erl:5: Function test/1 has no local return
diff --git a/lib/dialyzer/test/small_SUITE_data/results/tuple_set_crash b/lib/dialyzer/test/small_SUITE_data/results/tuple_set_crash
index 191d3d4173..8c9df56a4b 100644
--- a/lib/dialyzer/test/small_SUITE_data/results/tuple_set_crash
+++ b/lib/dialyzer/test/small_SUITE_data/results/tuple_set_crash
@@ -12,4 +12,3 @@ tuple_set_crash.erl:179: The pattern <<AudioVolume:16/integer-little-unit:1,Rest
 tuple_set_crash.erl:182: The pattern <<Delay:16/integer-little-unit:1,_Padding/binary-unit:8>> can never match the type <<_:8>>
 tuple_set_crash.erl:62: The pattern {'play_list', _Playlist} can never match the type 'ok' | {'device_properties',[{atom(),_}]} | {'error',[{atom(),_}]}
 tuple_set_crash.erl:64: The pattern {'error', 17} can never match the type 'ok' | {'device_properties',[{atom(),_}]} | {'error',[{atom(),_}]}
-tuple_set_crash.erl:83: The specification for tuple_set_crash:parse_message/1 states that the function might also return {'media_item_url_reply',integer(),binary()} but the inferred return is 'ok' | {'audio_device_info' | 'audio_output_info' | 'audio_target_info' | 'device_properties' | 'error' | 'video_device_info' | 'video_output_info' | 'video_target_info',[{'address' | 'audio_volume' | 'controller_description' | 'controller_name' | 'controller_status' | 'device_id' | 'display_type' | 'fw_version' | 'master_volume' | 'model' | 'output_id' | 'status' | 'target_id',binary() | non_neg_integer()}] | 1..255}
diff --git a/lib/dialyzer/test/small_SUITE_data/src/higher_order_discrepancy.erl b/lib/dialyzer/test/small_SUITE_data/src/higher_order_discrepancy.erl
new file mode 100644
index 0000000000..ff5ee6bac4
--- /dev/null
+++ b/lib/dialyzer/test/small_SUITE_data/src/higher_order_discrepancy.erl
@@ -0,0 +1,14 @@
+-module(higher_order_discrepancy).
+
+-export([test/1]).
+
+test(X) ->
+    F =
+	case X of
+	    1 -> fun f/1;
+	    2 -> fun g/1
+	end,
+    F(foo).
+
+f(foo) -> ok.
+g(bar) -> ok.
diff --git a/lib/dialyzer/test/small_SUITE_data/src/higher_order_discrepancy_2.erl b/lib/dialyzer/test/small_SUITE_data/src/higher_order_discrepancy_2.erl
new file mode 100644
index 0000000000..4b0d4f6b45
--- /dev/null
+++ b/lib/dialyzer/test/small_SUITE_data/src/higher_order_discrepancy_2.erl
@@ -0,0 +1,14 @@
+-module(higher_order_discrepancy_2).
+
+-export([test/1]).
+
+test(X) ->
+    F =
+	case X of
+	    1 -> fun f/1;
+	    2 -> fun g/1
+	end,
+    F(foo).
+
+f(bar) -> ok.
+g(baz) -> ok.
diff --git a/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl b/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl
new file mode 100644
index 0000000000..1743d81493
--- /dev/null
+++ b/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl
@@ -0,0 +1,7 @@
+-module(maybe_improper).
+
+-export([s/1]).
+
+-spec s(maybe_improper_list(X,Y)) -> {[X], maybe_improper_list(X,Y)}.
+s(A) ->
+    lists:split(2,A).
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options b/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options
new file mode 100644
index 0000000000..f7197ac30f
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options
@@ -0,0 +1 @@
+{dialyzer_options, [{warnings, [underspecs]}]}.
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/results/remote b/lib/dialyzer/test/underspecs_SUITE_data/results/remote
new file mode 100644
index 0000000000..1e0cda3bde
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/results/remote
@@ -0,0 +1,9 @@
+
+remotes1.erl:17: The specification for remotes1:foo5/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:20: Type specification remotes1:foo6('ok' | 'ko') -> 'ok' is a supertype of the success typing: remotes1:foo6('ok') -> 'ok'
+remotes1.erl:25: The specification for remotes1:foo7/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:28: Type specification remotes1:foo8(local_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo8('ok') -> 'ok'
+remotes1.erl:33: The specification for remotes1:foo9/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:36: Type specification remotes1:foo10(local_and_known_remote_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo10('ok') -> 'ok'
+remotes1.erl:49: Type specification remotes1:foo13('ok') -> local_and_unknown_remote_type_42() is a supertype of the success typing: remotes1:foo13('ok') -> 'ok'
+remotes1.erl:52: Type specification remotes1:foo14(local_and_unknown_remote_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo14('ok') -> 'ok'
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl
new file mode 100644
index 0000000000..b722495095
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl
@@ -0,0 +1,61 @@
+-module(remotes1).
+
+-compile(export_all).
+
+-spec foo1(some_unknown_remote:type42()) -> ok.
+foo1(ok) -> ok.
+
+-spec foo2(ok) -> some_unknown_remote:type42().
+foo2(ok) -> ok.
+
+-spec foo3(some_known_remote:type42()) -> ok.
+foo3(ok) -> ok.
+
+-spec foo4(ok) -> some_known_remote:type42().
+foo4(ok) -> ok.
+
+-spec foo5(ok|ko) -> ok|ko.
+foo5(ok) -> ok.
+
+-spec foo6(ok|ko) -> ok.
+foo6(ok) -> ok.
+
+-type local_type_42() :: ok | ko.
+
+-spec foo7(ok) -> local_type_42().
+foo7(ok) -> ok.
+
+-spec foo8(local_type_42()) -> ok.
+foo8(ok) -> ok.
+
+-type local_and_known_remote_type_42() :: some_known_remote:type42() | ok | ko.
+
+-spec foo9(ok) -> local_and_known_remote_type_42().
+foo9(ok) -> ok.
+
+-spec foo10(local_and_known_remote_type_42()) -> ok.
+foo10(ok) -> ok.
+
+-type local_and_ok_known_remote_type_42() :: some_known_remote:type42() | ok.
+
+-spec foo11(ok) -> local_and_ok_known_remote_type_42().
+foo11(ok) -> ok.
+
+-spec foo12(local_and_ok_known_remote_type_42()) -> ok.
+foo12(ok) -> ok.
+
+-type local_and_unknown_remote_type_42() :: some_unknown_remote:type42() | ok | ko.
+
+-spec foo13(ok) -> local_and_unknown_remote_type_42().
+foo13(ok) -> ok.
+
+-spec foo14(local_and_unknown_remote_type_42()) -> ok.
+foo14(ok) -> ok.
+
+-type local_and_ok_unknown_remote_type_42() :: some_unknown_remote:type42() | ok.
+
+-spec foo15(ok) -> local_and_ok_unknown_remote_type_42().
+foo15(ok) -> ok.
+
+-spec foo16(local_and_ok_unknown_remote_type_42()) -> ok.
+foo16(ok) -> ok.
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl
new file mode 100644
index 0000000000..437f1e7826
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl
@@ -0,0 +1,5 @@
+-module(some_known_remote).
+
+-export_type([type42/0]).
+
+-type type42() :: ok | ko.
diff --git a/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1 b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1
new file mode 100644
index 0000000000..de416455e2
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1
@@ -0,0 +1,2 @@
+
+nowarn_unused_function_1.erl:17: Function f3/1 will never be called
diff --git a/lib/docbuilder/doc/html/.gitignore b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_2
index e69de29bb2..e69de29bb2 100644
--- a/lib/docbuilder/doc/html/.gitignore
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_2
diff --git a/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3 b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3
new file mode 100644
index 0000000000..8ae78673d5
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3
@@ -0,0 +1,3 @@
+
+nowarn_unused_function_3.erl:12: Function f2/1 will never be called
+nowarn_unused_function_3.erl:9: Function f1/1 will never be called
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl
new file mode 100644
index 0000000000..fcce532f73
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl
@@ -0,0 +1,18 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_1).
+
+-compile(warn_unused_function).
+
+-compile({nowarn_unused_function,f1/1}).
+f1(_) ->
+    a.
+
+-compile({nowarn_unused_function,[{f2,1}]}).
+f2(_) ->
+    a.
+
+-compile({warn_unused_function,[{f3,1}]}).
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl
new file mode 100644
index 0000000000..9bc3ab14ea
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl
@@ -0,0 +1,18 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_2).
+
+-compile(nowarn_unused_function).
+
+-compile({warn_unused_function,f1/1}).
+f1(_) ->
+    a.
+
+-compile({warn_unused_function,[{f2,1}]}).
+f2(_) ->
+    a.
+
+-compile({nowarn_unused_function,[{f3,1}]}).
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl
new file mode 100644
index 0000000000..604c5e436b
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl
@@ -0,0 +1,16 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_3).
+
+-compile({warn_unused_function,[{f1,1},{f2,1}]}).
+-compile({nowarn_unused_function,[{f3,1}]}).
+
+f1(_) ->
+    a.
+
+f2(_) ->
+    a.
+
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/vsn.mk b/lib/dialyzer/vsn.mk
index a7e82b54ce..622e51b859 100644
--- a/lib/dialyzer/vsn.mk
+++ b/lib/dialyzer/vsn.mk
@@ -1 +1 @@
-DIALYZER_VSN = 2.4.4
+DIALYZER_VSN = 2.5
diff --git a/lib/diameter/bin/diameterc b/lib/diameter/bin/diameterc
index f5cf3ebc10..a72ba2d75c 100755
--- a/lib/diameter/bin/diameterc
+++ b/lib/diameter/bin/diameterc
@@ -33,19 +33,24 @@
 
 usage() ->
     io:format(
-      "~w [options] file~n"
+      "~w [options] dict~n"
       "~n"
       "  Compile a diameter dictionary file (.dia) to Erlang source (.erl)~n"
       "  and/or header (.hrl) files.~n"
       "~n"
       "  options:~n"
-      "      -h      = print this message~n"
-      "      -v      = verbose output~n"
-      "      -o dir  = set the output directory (default .)~n"
-      "      -i dir  = set an include directory for inherited beams~n"
-      "      -E      = no .erl output~n"
-      "      -H      = no .hrl output~n"
-      "      -d      = write intermediate files (.spec and .forms)~n",
+      "~n"
+      "      --name name       = set @name~n"
+      "      --prefix prefix   = set @prefix~n"
+      "      --inherits dict|- = set/clear @inherits~n"
+      "~n"
+      "      -h        = print this message~n"
+      "      -v        = verbose output~n"
+      "      -o dir    = set the output directory (default .)~n"
+      "      -i dir    = set an include directory for inherited beams~n"
+      "      -E        = no .erl output~n"
+      "      -H        = no .hrl output~n"
+      "      -d        = write intermediate files (.spec and .forms)~n",
       [?MODULE]).
 
 main(Args) ->
@@ -68,24 +73,30 @@ gen(Args) ->
     end.
 
 compile(#argv{file = File, options = Opts} = A) ->
-    try
-        Spec = diameter_spec_util:parse(File, Opts),
-        maybe_output(A, Spec, Opts, spec), %% the spec file
-        maybe_output(A, Spec, Opts, erl),  %% the erl file
-        maybe_output(A, Spec, Opts, hrl),  %% The hrl file
-        0
+    try diameter_dict_util:parse({path, File}, Opts) of
+        {ok, Spec} ->
+            maybe_output(A, Spec, Opts, spec), %% the spec file
+            maybe_output(A, Spec, Opts, erl),  %% the erl file
+            maybe_output(A, Spec, Opts, hrl),  %% The hrl file
+            0;
+        {error, Reason} ->
+            error_msg(diameter_dict_util:format_error(Reason), []),
+            1
     catch
         error: Reason ->
-            error_msg({"ERROR: ~p~n  ~p", [Reason, erlang:get_stacktrace()]}),
+            error_msg("ERROR: ~p~n  ~p", [Reason, erlang:get_stacktrace()]),
             2
     end.
 
 maybe_output(#argv{file = File, output = Output}, Spec, Opts, Mode) ->
     lists:member(Mode, Output)
-        andalso diameter_codegen:from_spec(File, Spec, Opts, Mode).
+        andalso diameter_codegen:from_dict(File, Spec, Opts, Mode).
 
 error_msg({Fmt, Args}) ->
-    io:format(standard_error, Fmt ++ "~n", Args).
+    error_msg(Fmt, Args).
+
+error_msg(Fmt, Args) ->
+    io:format(standard_error, "** " ++ Fmt ++ "~n", Args).
 
 norm({_,_} = T) ->
     T;
@@ -109,9 +120,17 @@ arg(["-o", Dir | Args], #argv{options = Opts} = A) ->
     arg(Args, A#argv{options = [{outdir, Dir} | Opts]});
 
 arg(["-i", Dir | Args], #argv{options = Opts} = A) ->
-    true = dir_exists(Dir),
     arg(Args, A#argv{options = Opts ++ [{include, Dir}]});
 
+arg(["--name", Name | Args], #argv{options = Opts} = A) ->
+    arg(Args, A#argv{options = [{name, Name} | Opts]});
+    
+arg(["--prefix", Name | Args], #argv{options = Opts} = A) ->
+    arg(Args, A#argv{options = [{prefix, Name} | Opts]});
+    
+arg(["--inherits", Dict | Args], #argv{options = Opts} = A) ->
+    arg(Args, A#argv{options = Opts ++ [{inherits, Dict}]});
+
 arg(["-E" | Args], #argv{output = Output} = A) ->
     arg(Args, A#argv{output = lists:delete(erl, Output)});
 
@@ -120,10 +139,10 @@ arg(["-H" | Args], #argv{output = Output} = A) ->
 
 arg(["-d" | Args], #argv{options = Opts, output = Output} = A) ->
     arg(Args, A#argv{options = [debug | Opts],
-                            output = [spec | Output]});
+                     output = [spec | Output]});
 
 arg([[$- = M, C, H | T] | Args], A)  %% clustered options
-  when C /= $i, C /= $o ->
+  when C /= $i, C /= $o, C /= $- ->
     arg([[M,C], [M,H|T] | Args], A);
 
 arg([File], A) ->
diff --git a/lib/diameter/configure.in b/lib/diameter/configure.in
index 9aca3859c5..8acfb28fed 100644
--- a/lib/diameter/configure.in
+++ b/lib/diameter/configure.in
@@ -132,7 +132,6 @@ dnl </STANDALONE DIAMETER>
 
 AC_OUTPUT(
 	Makefile:Makefile.in
-	src/app/diameter.mk:src/app/diameter.mk.in
 	make/$host/rules.mk:make/rules.mk.in
 	)
 
diff --git a/lib/diameter/doc/src/Makefile b/lib/diameter/doc/src/Makefile
index 1453138cb6..bc3e649e6b 100644
--- a/lib/diameter/doc/src/Makefile
+++ b/lib/diameter/doc/src/Makefile
@@ -126,8 +126,6 @@ debug opt:
 info:
 	@echo "->Makefile<-"
 	@echo ""
-	@echo "DOCSUPPORT = $(DOCSUPPORT)"
-	@echo ""
 	@echo "INDEX_FILE   = $(INDEX_FILE)"
 	@echo "INDEX_SRC    = $(INDEX_SRC)"
 	@echo "INDEX_TARGET = $(INDEX_TARGET)"
@@ -141,10 +139,6 @@ info:
 	@echo ""
 	@echo "GIF_FILES             = $(GIF_FILES)"
 	@echo ""
-	@echo "TEX_FILES_USERS_GUIDE = $(TEX_FILES_USERS_GUIDE)"
-	@echo "TEX_FILES_REF_MAN     = $(TEX_FILES_REF_MAN)"
-	@echo "TEX_FILES_BOOK        = $(TEX_FILES_BOOK)"
-	@echo ""
 	@echo "MAN1_FILES            = $(MAN1_FILES)"
 	@echo "MAN3_FILES            = $(MAN3_FILES)"
 	@echo "MAN4_FILES            = $(MAN4_FILES)"
diff --git a/lib/diameter/doc/src/depend.sed b/lib/diameter/doc/src/depend.sed
index 5973c4586e..42de597f15 100644
--- a/lib/diameter/doc/src/depend.sed
+++ b/lib/diameter/doc/src/depend.sed
@@ -21,14 +21,18 @@
 # massaged in Makefile.
 #
 
-/^<com>\([^<]*\)<\/com>/b rf
-/^<module>\([^<]*\)<\/module>/b rf
+/^<com>/b c
+/^<module>/b c
 
 /^<chapter>/!d
 
+# Chapter: html basename is same as xml.
 s@@$(HTMLDIR)/%FILE%.html: %FILE%.xml@
 q
 
-:rf
-s@@$(HTMLDIR)/\1.html: %FILE%.xml@
+# Reference: html basename is from contents of com/module element.
+:c
+s@^[^>]*>@@
+s@<.*@@
+s@.*@$(HTMLDIR)/&.html: %FILE%.xml@
 q
diff --git a/lib/diameter/doc/src/diameter.xml b/lib/diameter/doc/src/diameter.xml
index 2cad70e3bc..93e2603c10 100644
--- a/lib/diameter/doc/src/diameter.xml
+++ b/lib/diameter/doc/src/diameter.xml
@@ -107,7 +107,9 @@ belonging to the application.</p>
 <marker id="application_module"/>
 </item>
 
-<tag><c>application_module() = Mod | [Mod | ExtraArgs]</c></tag>
+<tag><c>application_module() = Mod
+                             | [Mod | ExtraArgs]
+                             | #diameter_callback{}</c></tag>
 <item>
 <code>
 Mod = atom()
@@ -125,6 +127,14 @@ specified to <seealso marker="#call">call/4</seealso>, in which case
 the call-specific arguments are appended to any specified with the
 callback module.</p>
 
+<p>
+Specifying a <c>#diameter_callback{}</c> record allows individual
+functions to be configured in place of the usual <seealso
+marker="diameter_app">diameter_app(3)</seealso> callbacks, with
+default implementations provided by module <c>diameter_callback</c>
+unless otherwise specified.
+See that module for details.</p>
+
 <marker id="application_opt"/>
 </item>
 
@@ -367,6 +377,19 @@ capabilities exchange message.
 Optional, defaults to the empty list.</p>
 </item>
 
+<tag><c>{'Inband-Security-Id', [Unsigned32()]}</c></tag>
+<item>
+<p>
+Values of Inband-Security-Id AVPs sent in an outgoing
+capabilities exchange message.
+Optional, defaults to the empty list, which is equivalent to a
+list containing only 0 (= NO_INBAND_SECURITY).</p>
+
+<p>
+If 1 (= TLS) is specified then TLS is selected if the CER/CEA received
+from the peer offers it.</p>
+</item>
+
 <tag><c>{'Acct-Application-Id', [Unsigned32()]}</c></tag>
 <item>
 <p>
@@ -418,7 +441,7 @@ eval(F) ->
 </code>
 
 <p>
-Evaluating an evaluable() <c>E</c> on an argument list <c>A</c>
+Applying an evaluable() <c>E</c> to an argument list <c>A</c>
 is meant in the sense of <c>eval([E|A])</c>.</p>
 
 <p>
@@ -552,7 +575,7 @@ Pkt    = #diameter_packet{}
 </code>
 
 <p>
-Reports that the RFC 3539 watchdog state machine has
+The RFC 3539 watchdog state machine has
 transitioned into (<c>up</c>) or out of (<c>down</c>) the open
 state.
 If a <c>diameter_packet</c> record is present in an <c>up</c> tuple
@@ -563,9 +586,9 @@ connectivity.</p>
 
 <p>
 Note that a single up/down event for a given peer corresponds to
-as many peer_up/down callbacks as there are Diameter
-applications shared by the peer, as determined during capablilities
-exchange.
+as many <seealso marker="diameter_app#peer_up">peer_up/peer_down</seealso>
+callbacks as there are Diameter applications shared by the peer,
+as determined during capablilities exchange.
 That is, the event communicates connectivity with the
 peer as a whole while the callbacks communicate connectivity with
 respect to individual Diameter applications.</p>
@@ -584,12 +607,96 @@ transport connection with a peer following <c>reconnect_timer</c> or
 <c>watchdog_timer</c> expiry.</p>
 </item>
 
+<tag><c>{closed, Ref, Reason, Config}</c></tag>
+<item>
+<code>
+Ref = transport_ref()
+Config = {connect|listen, [transport_opt()]}
+</code>
+
+<p>
+Capabilities exchange has failed. <c>Reason</c> can be one of
+the following.</p>
+
+<taglist>
+
+<tag><c>{'CER', Result, Caps, Pkt}</c></tag>
+<item>
+<code>
+Result = ResultCode | {capabilities_cb, CB, ResultCode|discard}
+Caps = #diameter_caps{}
+Pkt  = #diameter_packet{}
+ResultCode = integer()
+CB = evaluable()
+</code>
+
+<p>
+An incoming CER has been answered with the indicated result code or
+discarded.
+The capabilities record contains pairs of values for the the local
+node and remote peer.
+The packet record contains the CER in question.
+In the case of rejection by a capabilities callback, the tuple
+indicates the rejecting callback.</p>
+</item>
+
+<tag><c>{'CER', Caps, {ResultCode, Pkt}}</c></tag>
+<item>
+<code>
+ResultCode = integer()
+Caps = #diameter_caps{}
+Pkt  = #diameter_packet{}
+</code>
+
+<p>
+An incoming CER contained errors and has been answered with the
+indicated result code.
+The capabilities record contains only values for the the local
+node.
+The packet record contains the CER in question.</p>
+</item>
+
+<tag><c>{'CEA', Result, Caps, Pkt}</c></tag>
+<item>
+<code>
+Result = integer() | atom() | {capabilities_cb, CB, ResultCode|discard}
+Caps = #diameter_caps{}
+Pkt  = #diameter_packet{}
+ResultCode = integer()
+</code>
+
+<p>
+An incoming CEA has been rejected for the indicated reason.
+An integer-valued <c>Result</c> indicates the result code sent
+by the peer.
+The capabilities record contains pairs of values for the the local
+node and remote peer.
+The packet record contains the CEA in question.
+In the case of rejection by a capabilities callback, the tuple
+indicates the rejecting callback.</p>
+</item>
+
+<tag><c>{'CEA', Caps, Pkt}</c></tag>
+<item>
+<code>
+Caps = #diameter_caps{}
+Pkt  = #diameter_packet{}
+</code>
+
+<p>
+An incoming CER contained errors and has been rejected.
+The capabilities record contains only values for the the local node.
+The packet record contains the CEA in question.</p>
+</item>
+
+</taglist>
+</item>
+
 </taglist>
 
 <p>
 For forward compatibility, a subscriber should be prepared to receive
-<c>diameter_event.info</c> of forms other than those documented
-above.</p>
+info fields of forms other than the above.</p>
 
 <marker id="service_name"/>
 </item>
@@ -683,6 +790,39 @@ in question.</p>
 AVP's used to construct outgoing CER/CEA messages.
 Any AVP specified takes precedence over a corresponding value specified
 for the service in question.</p>
+
+<p>
+Specifying a capability as a transport option
+may be particularly appropriate for Inband-Security-Id in case
+TLS is desired over TCP as implemented by
+<seealso marker="diameter_tcp">diameter_tcp(3)</seealso> but
+not over SCTP as implemented by
+<seealso marker="diameter_sctp">diameter_sctp(3)</seealso>.</p>
+</item>
+
+<tag><c>{capabilities_cb, evaluable()}</c></tag>
+<item>
+<p>
+A callback invoked upon reception of CER/CEA during capabilities
+exchange in order to ask whether or not the connection should
+be accepted.
+Applied to the transport reference (as returned by <seealso
+marker="#add_transport">add_transport/2</seealso>) and
+<c>diameter_caps</c> record of the connection.
+Returning <c>ok</c> accepts the connection.
+Returning <c>integer()</c> causes an incoming
+CER to be answered with the specified Result-Code.
+Returning <c>discard</c> causes an incoming CER to
+be discarded.
+Returning <c>unknown</c> is equivalent to returning <c>3010</c>,
+DIAMETER_UNKNOWN_PEER.
+Returning anything but <c>ok</c> or a 2xxx series result
+code causes the transport connection to be broken.</p>
+
+<p>
+Multiple <c>capabilities_cb</c> options can be specified, in which
+case the corresponding callbacks are applied until either all return
+<c>ok</c> or one does not.</p>
 </item>
 
 <tag><c>{watchdog_timer, TwInit}</c></tag>
diff --git a/lib/diameter/doc/src/diameter_compile.xml b/lib/diameter/doc/src/diameter_compile.xml
index 72bac30709..60e08d41da 100644
--- a/lib/diameter/doc/src/diameter_compile.xml
+++ b/lib/diameter/doc/src/diameter_compile.xml
@@ -64,9 +64,10 @@ Defaults to the current working directory.</p>
 <item>
 <p>
 Specifies a directory to add to the code path.
-Typically used to point at beam files corresponding to dictionaries
-included by the one being compiled (using the <c>@includes</c> directive):
-inclusion is a beam dependency, not an erl/hrl dependency.</p>
+Use to point at beam files corresponding to dictionaries
+inherited by the one being compiled using <c>@inherits</c> or
+<c>--inherits</c>.
+Inheritance is a beam dependency, not an erl/hrl dependency.</p>
 
 <p>
 Multiple <c>-i</c> options can be specified.</p>
@@ -84,6 +85,31 @@ Supresses erl generation.</p>
 Supresses hrl generation.</p>
 </item>
 
+<tag><![CDATA[--name <name>]]></tag>
+<item>
+<p>
+Set <c>@name</c> in the dictionary file.
+Overrides any setting in the file itself.</p>
+</item>
+
+<tag><![CDATA[--prefix <prefix>]]></tag>
+<item>
+<p>
+Set <c>@prefix</c> in the dictionary file.
+Overrides any setting in the file itself.</p>
+</item>
+
+<tag><![CDATA[--inherits <dict>]]></tag>
+<item>
+<p>
+Append an <c>@inherits</c> to the dictionary file.
+Specifying <c>'-'</c> as the dictionary has the effect of clearing
+any previous inherits, effectively ignoring previous inherits.</p>
+
+<p>
+Multiple <c>--inherits</c> options can be specified.</p>
+</item>
+
 </taglist>
 
 </item>
diff --git a/lib/diameter/doc/src/diameter_dict.xml b/lib/diameter/doc/src/diameter_dict.xml
index e7c530f1b8..cc638dbc18 100644
--- a/lib/diameter/doc/src/diameter_dict.xml
+++ b/lib/diameter/doc/src/diameter_dict.xml
@@ -36,7 +36,7 @@ under the License.
 <!-- ===================================================================== -->
 
 <file>diameter_dict</file>
-<filesummary>Dictionary inteface of the diameter application.</filesummary>
+<filesummary>Dictionary interface of the diameter application.</filesummary>
 
 <description>
 <p>
@@ -44,9 +44,9 @@ A diameter service as configured with <seealso
 marker="diameter#start_service">diameter:start_service/2</seealso>
 specifies one or more supported Diameter applications.
 Each Diameter application specifies a dictionary module that knows how
-to encode and decode its messages and AVP's.
+to encode and decode its messages and AVPs.
 The dictionary module is in turn generated from a file that defines
-these messages and AVP's.
+these messages and AVPs.
 The format of such a file is defined in
 <seealso marker="#FILE_FORMAT">FILE FORMAT</seealso> below.
 Users add support for their specific applications by creating
@@ -56,7 +56,7 @@ resulting dictionaries modules on a service.</p>
 
 <p>
 The codec generation also results in a hrl file that defines records
-for the messages and grouped AVP's defined for the application, these
+for the messages and grouped AVPs defined for the application, these
 records being what a user of the diameter application sends and receives.
 (Modulo other available formats as discussed in <seealso
 marker="diameter_app">diameter_app(3)</seealso>.)
@@ -74,14 +74,14 @@ corresponding to applications defined in section 2.4 of RFC 3588:
 application with application identifier 0,
 <c>diameter_gen_accounting</c> for the Diameter Base Accounting
 application with application identifier 3 and
-<c>diameter_gen_relay</c>the Relay application with application
+<c>diameter_gen_relay</c> the Relay application with application
 identifier 0xFFFFFFFF.
 The Common Message and Relay applications are the only applications
 that diameter itself has any specific knowledge of.
 The Common Message application is used for messages that diameter
 itself handles: CER/CEA, DWR/DWA and DPR/DPA.
 The Relay application is given special treatment with regard to
-encode/decode since the messages and AVP's it handles are not specifically
+encode/decode since the messages and AVPs it handles are not specifically
 defined.</p>
 
 <marker id="FILE_FORMAT"/>
@@ -94,18 +94,16 @@ defined.</p>
 
 <p>
 A dictionary file consists of distinct sections.
-Each section starts with a line consisting of a tag
-followed by zero or more arguments.
-Each section ends at the the start of the next section or end of file.
+Each section starts with a tag followed by zero or more arguments
+and ends at the the start of the next section or end of file.
 Tags consist of an ampersand character followed by a keyword and are
 separated from their arguments by whitespace.
-Whitespace within a section separates individual tokens but its
-quantity is insignificant.</p>
+Whitespace separates individual tokens but is otherwise insignificant.</p>
 
 <p>
 The tags, their arguments and the contents of each corresponding
 section are as follows.
-Each section can occur at most once unless otherwise specified.
+Each section can occur multiple times unless otherwise specified.
 The order in which sections are specified is unimportant.</p>
 
 <taglist>
@@ -115,7 +113,8 @@ The order in which sections are specified is unimportant.</p>
 <p>
 Defines the integer Number as the Diameter Application Id of the
 application in question.
-Required if the dictionary defines <c>@messages</c>.
+Can occur at most once and is required if the dictionary defines
+<c>@messages</c>.
 The section has empty content.</p>
 
 <p>
@@ -136,16 +135,13 @@ Example:</p>
 <item>
 <p>
 Defines the name of the generated dictionary module.
-The section has empty content.
-Mod must match the regular expression '^[a-zA-Z0-9][-_a-zA-Z0-9]*$';
-that is, contains only alphanumerics, hyphens and underscores begin with an
-alphanumeric.</p>
+Can occur at most once and defaults to the name of the dictionary file
+minus any extension if unspecified.
+The section has empty content.</p>
 
 <p>
-A name is optional and defaults to the name of the dictionary file
-minus any extension.
-Note that a generated module must have a unique name an not colide
-with another module in the system.</p>
+Note that a dictionary module should have a unique name so as not collide
+with existing modules in the system.</p>
 
 <p>
 Example:</p>
@@ -159,22 +155,22 @@ Example:</p>
 <tag><c>@prefix Name</c></tag>
 <item>
 <p>
-Defines Name as the prefix to be added to record and constant names in
-the generated dictionary module and hrl.
-The section has empty content.
-Name must be of the same form as a @name.</p>
+Defines Name as the prefix to be added to record and constant names
+(followed by a <c>'_'</c> character) in the generated dictionary
+module and hrl.
+Can occur at most once.
+The section has empty content.</p>
 
 <p>
-A prefix is optional but can
-be used to disambiguate record and constant names
-resulting from similarly named messages and AVP's in different
-Diameter applications.</p>
+A prefix is optional but can be be used to disambiguate between record
+and constant names resulting from similarly named messages and AVPs in
+different Diameter applications.</p>
 
 <p>
 Example:</p>
 
 <code>
-@prefix etsi_e2_
+@prefix etsi_e2
 </code>
 
 </item>
@@ -182,10 +178,12 @@ Example:</p>
 <tag><c>@vendor Number Name</c></tag>
 <item>
 <p>
-Defines the integer Number as the the default Vendor-ID of AVP's for
+Defines the integer Number as the the default Vendor-Id of AVPs for
 which the V flag is set.
 Name documents the owner of the application
 but is otherwise unused.
+Can occur at most once and is required if an AVP sets the V flag and
+is not otherwise assigned a Vendor-Id.
 The section has empty content.</p>
 
 <p>
@@ -200,10 +198,9 @@ Example:</p>
 <tag><c>@avp_vendor_id Number</c></tag>
 <item>
 <p>
-Defines the integer Number as the Vendor-ID of the AVP's listed in the
+Defines the integer Number as the Vendor-Id of the AVPs listed in the
 section content, overriding the <c>@vendor</c> default.
-The section content consists of AVP names.
-Can occur zero or more times (with different values of Number).</p>
+The section content consists of AVP names.</p>
 
 <p>
 Example:</p>
@@ -221,13 +218,27 @@ Region-Set
 <tag><c>@inherits Mod</c></tag>
 <item>
 <p>
-Defines the name of a generated dictionary module containing AVP
-definitions referenced by the dictionary but not defined by it.
-The section content is empty.</p>
+Defines the name of a dictionary module containing AVP
+definitions that should be imported into the current dictionary.
+The section content consists of the names of those AVPs whose
+definitions should be imported from the dictionary, an empty list
+causing all to be imported.
+Any listed AVPs must not be defined in the current dictionary and
+it is an error to inherit the same AVP from more than one
+dictionary.</p>
 
 <p>
-Can occur 0 or more times (with different values of Mod) but all
-dictionaries should typically inherit RFC3588 AVPs from
+Note that an inherited AVP that sets the V flag takes its Vendor-Id
+from either <c>@avp_vendor_id</c> in the inheriting dictionary or
+<c>@vendor</c> in the inherited dictionary.
+In particular, <c>@avp_vendor_id</c> in the inherited dictionary is
+ignored.
+Inheriting from a dictionary that specifies the required <c>@vendor</c>
+is equivalent to using <c>@avp_vendor_id</c> with a copy of the
+dictionary's definitions but the former makes for easier reuse.</p>
+
+<p>
+All dictionaries should typically inherit RFC3588 AVPs from
 <c>diameter_gen_base_rfc3588</c>.</p>
 
 <p>
@@ -248,13 +259,11 @@ The section consists of definitions of the form</p>
 <p><c>Name Code Type Flags</c></p>
 
 <p>
-where Code is the integer AVP code, Flags is a string of V,
-M and P characters indicating the flags to be
-set on an outgoing AVP or a single - (minus) character if none are to
-be set.
-Type identifies either an AVP Data Format as defined in <seealso
-marker="#DATA_TYPES">DATA TYPES</seealso> below or a
-type as defined by a <c>@custom_types</c> tag.</p>
+where Code is the integer AVP code, Type identifies an AVP Data Format
+as defined in <seealso marker="#DATA_TYPES">DATA TYPES</seealso> below,
+and Flags is a string of V, M and P characters indicating the flags to be
+set on an outgoing AVP or a single <c>'-'</c> (minus) character if
+none are to be set.</p>
 
 <p>
 Example:</p>
@@ -262,8 +271,8 @@ Example:</p>
 <code>
 @avp_types
 
-Location-Information   350  Grouped     VM
-Requested-Information  353  Enumerated  V
+Location-Information   350  Grouped     MV
+Requested-Information  353  Enumerated   V
 </code>
 
 <p>
@@ -276,21 +285,36 @@ to 0 as mandated by the current draft standard.</p>
 <tag><c>@custom_types Mod</c></tag>
 <item>
 <p>
-Defines AVPs for which module Mod provides encode/decode.
-The section contents consists of type names.
-For each AVP Name defined with custom type Type, Mod should export the
-function Name/3 with arguments encode|decode, Type and Data,
-the latter being the term to be encoded/decoded.
-The function returns the encoded/decoded value.</p>
+Specifies AVPs for which module Mod provides encode/decode functions.
+The section contents consists of AVP names.
+For each such name, <c>Mod:Name(encode|decode, Type, Data)</c> is
+expected to provide encode/decode for values of the AVP, where Name is
+the name of the AVP, Type is it's type as declared in the
+<c>@avp_types</c> section of the dictionary and Data is the value to
+encode/decode.</p>
+
+<p>
+Example:</p>
+
+<code>
+@custom_types rfc4005_avps
+
+Framed-IP-Address
+</code>
+</item>
 
+<tag><c>@codecs Mod</c></tag>
+<item>
 <p>
-Can occur 0 or more times (with different values of Mod).</p>
+Like <c>@custom_types</c> but requires the specified module to export
+<c>Mod:Type(encode|decode, Name, Data)</c> rather than
+<c>Mod:Name(encode|decode, Type, Data)</c>.</p>
 
 <p>
 Example:</p>
 
 <code>
-@custom_types rfc4005_types
+@codecs rfc4005_avps
 
 Framed-IP-Address
 </code>
@@ -360,6 +384,10 @@ SIP-Deregistration-Reason ::= &lt; AVP Header: 383 >
                               [ SIP-Reason-Info ]
                             * [ AVP ]
 </code>
+
+<p>
+Specifying a Vendor-Id in the definition of a grouped AVP is
+equivalent to specifying it with <c>@avp_vendor_id</c>.</p>
 </item>
 
 <tag><c>@enum Name</c></tag>
@@ -371,11 +399,9 @@ Integer values can be prefixed with 0x to be interpreted as
 hexidecimal.</p>
 
 <p>
-Can occur 0 or more times (with different values of Name).
-The AVP in question can be defined in an inherited dictionary in order
-to introduce additional values.
-An AVP so extended must be referenced by in a <c>@messages</c> or
-<c>@grouped</c> section.</p>
+Note that the AVP in question can be defined in an inherited
+dictionary in order to introduce additional values to an enumeration
+otherwise defined in another dictionary.</p>
 
 <p>
 Example:</p>
@@ -390,11 +416,18 @@ REMOVE_SIP_SERVER        3
 </code>
 </item>
 
+<tag><c>@end</c></tag>
+<item>
+<p>
+Causes parsing of the dictionary to terminate:
+any remaining content is ignored.</p>
+</item>
+
 </taglist>
 
 <p>
 Comments can be included in a dictionary file using semicolon:
-text from a semicolon to end of line is ignored.</p>
+characters from a semicolon to end of line are ignored.</p>
 
 <marker id="MESSAGE_RECORDS"/>
 </section>
diff --git a/lib/diameter/doc/src/diameter_soc.xml b/lib/diameter/doc/src/diameter_soc.xml
index 4f8581a904..6b9ef9f756 100644
--- a/lib/diameter/doc/src/diameter_soc.xml
+++ b/lib/diameter/doc/src/diameter_soc.xml
@@ -57,9 +57,13 @@ including the P Flag in the AVP header.</p>
 
 <item>
 <p>
-There is no TLS support.
-It's unclear (aka uninvestigated) how TLS would impact
-diameter but IPsec can be used without it needing to know.</p>
+There is no TLS support over SCTP.
+RFC 3588 requires that a Diameter server support TLS but in
+practise this seems to mean TLS over SCTP since there are limitations
+with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a
+response to RFC 3436 (TLS over SCTP).
+The current RFC 3588 draft acknowledges this by equating
+TLS with TLS/TCP and DTLS/SCTP but we do not yet support DTLS.</p>
 </item>
 
 <item>
diff --git a/lib/diameter/doc/src/diameter_tcp.xml b/lib/diameter/doc/src/diameter_tcp.xml
index a502e53972..e6b53383c0 100644
--- a/lib/diameter/doc/src/diameter_tcp.xml
+++ b/lib/diameter/doc/src/diameter_tcp.xml
@@ -43,7 +43,14 @@ It can be specified as the value of a transport_module option to
 <seealso
 marker="diameter#add_transport">diameter:add_transport/2</seealso>
 and implements the behaviour documented in
-<seealso marker="diameter_transport">diameter_transport(3)</seealso>.</p>
+<seealso marker="diameter_transport">diameter_transport(3)</seealso>.
+TLS security is supported, both as an upgrade following
+capabilities exchange as specified by RFC 3588 and
+at connection establishment as in the current draft standard.</p>
+
+<p>
+Note that the ssl application is required for TLS and must be started
+before configuring TLS capability on diameter transports.</p>
 
 <marker id="start"/>
 </description>
@@ -60,10 +67,15 @@ and implements the behaviour documented in
 <v>Type = connect | accept</v>
 <v>Ref = reference()</v>
 <v>Svc = #diameter_service{}</v>
-<v>Opt = {raddr, ip_address()} | {rport, integer()} | term()</v>
+<v>Opt = OwnOpt | SslOpt | OtherOpt</v>
 <v>Pid = pid()</v>
 <v>LAddr = ip_address()</v>
 <v>Reason = term()</v>
+<v>OwnOpt = {raddr, ip_address()}
+          | {rport, integer()}
+          | {port, integer()}</v>
+<v>SslOpt = {ssl_options, true | list()}</v>
+<v>OtherOpt = term()</v>
 </type>
 <desc>
 
@@ -74,17 +86,42 @@ marker="diameter_transport#start">diameter_transport(3)</seealso>.</p>
 <p>
 The only diameter_tcp-specific argument is the options list.
 Options <c>raddr</c> and <c>rport</c> specify the remote address
-and port for a connecting transport and not valid for a listening
+and port for a connecting transport and are not valid for a listening
 transport.
-Remaining options are any accepted by gen_tcp:connect/3 for
-a connecting transport, or gen_tcp:listen/2 for a listening transport,
-with the exception of <c>binary</c>, <c>packet</c> and <c>active</c>.
+Option <c>ssl_options</c> must be specified for a transport
+that must be able to support TLS: a value of <c>true</c> results in a
+TLS handshake immediately upon connection establishment while
+list() specifies options to be passed to ssl:connect/2 of ssl:ssl_accept/2
+after capabilities exchange if TLS is negotiated.
+Remaining options are any accepted by ssl:connect/3 or gen_tcp:connect/3 for
+a connecting transport, or ssl:listen/3 or gen_tcp:listen/2 for
+a listening transport, depending on whether or not <c>{ssl_options, true}</c>
+has been specified.
+Options <c>binary</c>, <c>packet</c> and <c>active</c> cannot be specified.
 Also, option <c>port</c> can be specified for a listening transport
 to specify the local listening port, the default being the standardized
 3868 if unspecified.
 Note that option <c>ip</c> specifies the local address.</p>
 
 <p>
+An <c>ssl_options</c> list must be specified if and only if
+the transport in question has specified an Inband-Security-Id
+AVP with value TLS on the relevant call to
+<seealso
+marker="diameter#start_service">start_service/2</seealso> or
+<seealso
+marker="diameter#add_transport">add_transport/2</seealso>,
+so that the transport process will receive notification of
+whether or not to commence with a TLS handshake following capabilities
+exchange.
+Failing to specify an options list on a TLS-capable transport
+for which TLS is negotiated will cause TLS handshake to fail.
+Failing to specify TLS capability when <c>ssl_options</c> has been
+specified will cause the transport process to wait for a notification
+that will not be forthcoming, which will eventually cause the RFC 3539
+watchdog to take down the connection.</p>
+
+<p>
 If the service specifies more than one Host-IP-Address and
 option <c>ip</c> is unspecified then then the
 first of the service's addresses is used as the local address.</p>
@@ -104,6 +141,7 @@ The returned local address list has length one.</p>
 <title>SEE ALSO</title>
 
 <p>
+<seealso marker="diameter">diameter(3)</seealso>,
 <seealso marker="diameter_transport">diameter_transport(3)</seealso></p>
 
 </section>
diff --git a/lib/diameter/doc/src/diameter_transport.xml b/lib/diameter/doc/src/diameter_transport.xml
index 37cc871e75..087a90b099 100644
--- a/lib/diameter/doc/src/diameter_transport.xml
+++ b/lib/diameter/doc/src/diameter_transport.xml
@@ -143,6 +143,34 @@ connection.
 Pid is the pid() of the parent process.</p>
 </item>
 
+<tag><c>{diameter, {tls, Ref, Type, Bool}}</c></tag>
+<item>
+<p>
+Indication of whether or not capabilities exchange has selected
+inband security using TLS.
+Ref is a reference() that must be included in the
+<c>{diameter, {tls, Ref}}</c> reply message to the transport's
+parent process (see below).
+Type is either <c>connect</c> or <c>accept</c> depending on
+whether the process has been started for a connecting or listening
+transport respectively.
+Bool is a boolean() indicating whether or not the transport connection
+should be upgraded to TLS.</p>
+
+<p>
+If TLS is requested (Bool = true) then a connecting process should
+initiate a TLS handshake with the peer and an accepting process should
+prepare to accept a handshake.
+A successful handshake should be followed by a <c>{diameter, {tls, Ref}}</c>
+message to the parent process.
+A failed handshake should cause the process to exit.</p>
+
+<p>
+This message is only sent to a transport process over whose
+<c>Inband-Security-Id</c> configuration has indicated support for
+TLS.</p>
+</item>
+
 </taglist>
 
 <p>
@@ -184,6 +212,16 @@ How the <c>transport_data</c> is used/interpreted is up to the
 transport module.</p>
 </item>
 
+<tag><c>{diameter, {tls, Ref}}</c></tag>
+<item>
+<p>
+Acknowledgment of a successful TLS handshake.
+Ref is the reference() received in the
+<c>{diameter, {tls, Ref, Type, Bool}}</c> message in response
+to which the reply is sent.
+A transport must exit if a handshake is not successful.</p>
+</item>
+
 </taglist>
 
 </section>
diff --git a/lib/diameter/doc/src/notes.xml b/lib/diameter/doc/src/notes.xml
index e2723f3e99..6e364a3200 100644
--- a/lib/diameter/doc/src/notes.xml
+++ b/lib/diameter/doc/src/notes.xml
@@ -36,6 +36,120 @@ first.</p>
 
 <!-- ===================================================================== -->
 
+<section><title>Diameter 1.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix faulty cleanup after diameter:remove_transport/2.</p>
+          <p>
+	    Removing a transport removed the configuration but did
+	    not prevent the transport process from being restarted.</p>
+          <p>
+	    Own Id: OTP-9756</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Add support for TLS over TCP.</p>
+          <p>
+	    RFC 3588 requires that a Diameter server support TLS. In
+	    practice this seems to mean TLS over SCTP since there are
+	    limitations with running over SCTP: see RFC 6083 (DTLS
+	    over SCTP), which is a response to RFC 3436 (TLS over
+	    SCTP). The current RFC 3588 draft acknowledges this by
+	    equating TLS with TLS/TCP and DTLS/SCTP.</p>
+          <p>
+	    TLS handshaking can take place either following a CER/CEA
+	    that negotiates TLS using the Inband-Security-Id AVP (the
+	    method documented in RFC 3588) or immediately following
+	    connection establishment (the method added to the current
+	    draft).</p>
+          <p>
+	    Own Id: OTP-9605</p>
+        </item>
+        <item>
+          <p>
+	    Improvements to the dictionary parser.</p>
+          <p>
+	    The dictionary parser now emits useful error messages in
+	    case of faults in the input file, also identifying the
+	    line number at which the fault was detected. There are
+	    semantic checks that were missing in the previous parser,
+	    a fault in the interpretation of vendor id's in
+	    combination with @inherits has been fixed and @end can be
+	    used to terminate parsing explicitly instead of always
+	    parsing to end of file.</p>
+          <p>
+	    Own Id: OTP-9639</p>
+        </item>
+        <item>
+          <p>
+	    Improve dictionary reusability.</p>
+          <p>
+	    Reusing a dictionary just to get a different generated
+	    module name or prefix previously required taking a copy
+	    of the source, which may consist of several files if
+	    inheritance is used, just to edit a couple of lines which
+	    don't affect the semantics of the Diameter application
+	    being defined. Options --name, --prefix and --inherits
+	    have been added to diameterc to allow corresponding
+	    values to be set at compile time.</p>
+          <p>
+	    Own Id: OTP-9641</p>
+        </item>
+        <item>
+          <p>
+	    Add capabilities_cb transport option.</p>
+          <p>
+	    Its value is a function that's applied to the transport
+	    reference and capabilities record after capabilities
+	    exchange. If a callback returns anything but 'ok' then
+	    the connection is closed. In the case of an incoming CER,
+	    the callback can return a result code with which to
+	    answer. Multiple callbacks can be specified and are
+	    applied until either all return 'ok' or one doesn't.</p>
+          <p>
+	    This provides a way to reject a peer connection.</p>
+          <p>
+	    Own Id: OTP-9654</p>
+        </item>
+        <item>
+          <p>
+	    Add @codecs to dictionary format.</p>
+          <p>
+	    The semantics are similar to @custom_types but results in
+	    codec functions of the form TypeName(encode|decode,
+	    AvpName, Data) rather than AvpName(encode|decode,
+	    TypeName, Data). That is, the role of the AVP name and
+	    Diameter type name are reversed. This eliminates the need
+	    for exporting one function for each AVP sharing a common
+	    specialized encode/decode.</p>
+          <p>
+	    Own Id: OTP-9708 Aux Id: OTP-9639 </p>
+        </item>
+        <item>
+          <p>
+	    Add #diameter_callback{} for more flexible callback
+	    configuration.</p>
+          <p>
+	    The record allows individual functions to be configured
+	    for each of the diameter_app(3) callbacks, as well as a
+	    default callback.</p>
+          <p>
+	    Own Id: OTP-9777</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Diameter 0.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/diameter/examples/GNUmakefile b/lib/diameter/examples/GNUmakefile
deleted file mode 100644
index 4c3f87939b..0000000000
--- a/lib/diameter/examples/GNUmakefile
+++ /dev/null
@@ -1,35 +0,0 @@
-# 
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-#
-
-EXAMPLES  = client server relay # redirect proxy
-
-CALLBACKS = $(EXAMPLES:%=%_cb)
-MODULES   = peer $(EXAMPLES) $(EXAMPLES:%=%_cb)
-
-BEAM = $(MODULES:%=%.beam)
-
-%.beam: %.erl
-	erlc -W $<
-
-all: $(BEAM)
-
-clean:
-	rm  -f $(BEAM)
-
-.PHONY: all clean
diff --git a/lib/diameter/examples/client.erl b/lib/diameter/examples/client.erl
deleted file mode 100644
index 36a77dd524..0000000000
--- a/lib/diameter/examples/client.erl
+++ /dev/null
@@ -1,125 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% An example Diameter client that can sends base protocol RAR
-%% requests to a connected peer.
-%%
-%% The simplest usage is as follows this to connect to a server
-%% listening on the default port on the local host, assuming diameter
-%% is already started (eg. diameter:start()).
-%%
-%%   client:start().
-%%   client:connect(tcp).
-%%   client:call().
-%%
-%% The first call starts the a service with the default name of
-%% ?MODULE, the second defines a connecting transport that results in
-%% a connection to the peer (if it's listening), the third sends it a
-%% RAR and returns the answer.
-%%
-
--module(client).
-
--include_lib("diameter/include/diameter.hrl").
--include_lib("diameter/src/app/diameter_gen_base_rfc3588.hrl").
-
--export([start/1,     %% start a service
-         connect/2,   %% add a connecting transport
-         call/1,      %% send using the record encoding
-         cast/1,      %% send using the list encoding and detached
-         stop/1]).    %% stop a service
-%% A real application would typically choose an encoding and whether
-%% they want the call to return the answer or not. Sending with
-%% both the record and list encoding here, one detached and one not,
-%% is just for demonstration purposes.
-
-%% Convenience functions using the default service name, ?SVC_NAME.
--export([start/0,
-         connect/1,
-         stop/0,
-         call/0,
-         cast/0]).
-
--define(SVC_NAME,     ?MODULE).
--define(APP_ALIAS,    ?MODULE).
--define(CALLBACK_MOD, client_cb).
-
--define(L, atom_to_list).
-
-%% The service configuration. As in the server example, a client
-%% supporting multiple Diameter applications may or may not want to
-%% configure a common callback module on all applications.
--define(SERVICE(Name), [{'Origin-Host', ?L(Name) ++ ".example.com"},
-                        {'Origin-Realm', "example.com"},
-                        {'Vendor-Id', 0},
-                        {'Product-Name', "Client"},
-                        {'Auth-Application-Id', [?DIAMETER_APP_ID_COMMON]},
-                        {application, [{alias, ?APP_ALIAS},
-                                       {dictionary, ?DIAMETER_DICT_COMMON},
-                                       {module, ?CALLBACK_MOD}]}]).
-
-%% start/1
-
-start(Name)
-  when is_atom(Name) ->
-    peer:start(Name, ?SERVICE(Name)).
-
-start() ->
-    start(?SVC_NAME).
-
-%% connect/2
-
-connect(Name, T) ->
-    peer:connect(Name, T).
-
-connect(T) ->
-    connect(?SVC_NAME, T).
-
-%% call/1
-
-call(Name) ->
-    SId = diameter:session_id(?L(Name)),
-    RAR = #diameter_base_RAR{'Session-Id' = SId,
-                             'Auth-Application-Id' = 0,
-                             'Re-Auth-Request-Type' = 0},
-    diameter:call(Name, ?APP_ALIAS, RAR, []).
-
-call() ->
-    call(?SVC_NAME).
-
-%% cast/1
-
-cast(Name) ->
-    SId = diameter:session_id(?L(Name)),
-    RAR = ['RAR', {'Session-Id', SId},
-                  {'Auth-Application-Id', 0},
-                  {'Re-Auth-Request-Type', 1}],
-    diameter:call(Name, ?APP_ALIAS, RAR, [detach]).
-    
-cast() ->
-    cast(?SVC_NAME).
-
-%% stop/1
-
-stop(Name) ->
-    peer:stop(Name).
-
-stop() ->
-    stop(?SVC_NAME).
diff --git a/lib/diameter/examples/code/GNUmakefile b/lib/diameter/examples/code/GNUmakefile
new file mode 100644
index 0000000000..a0669119d2
--- /dev/null
+++ b/lib/diameter/examples/code/GNUmakefile
@@ -0,0 +1,35 @@
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2010-2011. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+#
+
+EXAMPLES  = client server relay # redirect proxy
+
+CALLBACKS = $(EXAMPLES:%=%_cb)
+MODULES   = peer $(EXAMPLES) $(EXAMPLES:%=%_cb)
+
+BEAM = $(MODULES:%=%.beam)
+
+%.beam: %.erl
+	erlc -W $<
+
+all: $(BEAM)
+
+clean:
+	rm  -f $(BEAM)
+
+.PHONY: all clean
diff --git a/lib/diameter/examples/code/client.erl b/lib/diameter/examples/code/client.erl
new file mode 100644
index 0000000000..9e65f98de0
--- /dev/null
+++ b/lib/diameter/examples/code/client.erl
@@ -0,0 +1,125 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% An example Diameter client that can sends base protocol RAR
+%% requests to a connected peer.
+%%
+%% The simplest usage is as follows this to connect to a server
+%% listening on the default port on the local host, assuming diameter
+%% is already started (eg. diameter:start()).
+%%
+%%   client:start().
+%%   client:connect(tcp).
+%%   client:call().
+%%
+%% The first call starts the a service with the default name of
+%% ?MODULE, the second defines a connecting transport that results in
+%% a connection to the peer (if it's listening), the third sends it a
+%% RAR and returns the answer.
+%%
+
+-module(client).
+
+-include_lib("diameter/include/diameter.hrl").
+-include_lib("diameter/src/app/diameter_gen_base_rfc3588.hrl").
+
+-export([start/1,     %% start a service
+         connect/2,   %% add a connecting transport
+         call/1,      %% send using the record encoding
+         cast/1,      %% send using the list encoding and detached
+         stop/1]).    %% stop a service
+%% A real application would typically choose an encoding and whether
+%% they want the call to return the answer or not. Sending with
+%% both the record and list encoding here, one detached and one not,
+%% is just for demonstration purposes.
+
+%% Convenience functions using the default service name, ?SVC_NAME.
+-export([start/0,
+         connect/1,
+         stop/0,
+         call/0,
+         cast/0]).
+
+-define(SVC_NAME,     ?MODULE).
+-define(APP_ALIAS,    ?MODULE).
+-define(CALLBACK_MOD, client_cb).
+
+-define(L, atom_to_list).
+
+%% The service configuration. As in the server example, a client
+%% supporting multiple Diameter applications may or may not want to
+%% configure a common callback module on all applications.
+-define(SERVICE(Name), [{'Origin-Host', ?L(Name) ++ ".example.com"},
+                        {'Origin-Realm', "example.com"},
+                        {'Vendor-Id', 0},
+                        {'Product-Name', "Client"},
+                        {'Auth-Application-Id', [?DIAMETER_APP_ID_COMMON]},
+                        {application, [{alias, ?APP_ALIAS},
+                                       {dictionary, ?DIAMETER_DICT_COMMON},
+                                       {module, ?CALLBACK_MOD}]}]).
+
+%% start/1
+
+start(Name)
+  when is_atom(Name) ->
+    peer:start(Name, ?SERVICE(Name)).
+
+start() ->
+    start(?SVC_NAME).
+
+%% connect/2
+
+connect(Name, T) ->
+    peer:connect(Name, T).
+
+connect(T) ->
+    connect(?SVC_NAME, T).
+
+%% call/1
+
+call(Name) ->
+    SId = diameter:session_id(?L(Name)),
+    RAR = #diameter_base_RAR{'Session-Id' = SId,
+                             'Auth-Application-Id' = 0,
+                             'Re-Auth-Request-Type' = 0},
+    diameter:call(Name, ?APP_ALIAS, RAR, []).
+
+call() ->
+    call(?SVC_NAME).
+
+%% cast/1
+
+cast(Name) ->
+    SId = diameter:session_id(?L(Name)),
+    RAR = ['RAR', {'Session-Id', SId},
+                  {'Auth-Application-Id', 0},
+                  {'Re-Auth-Request-Type', 1}],
+    diameter:call(Name, ?APP_ALIAS, RAR, [detach]).
+
+cast() ->
+    cast(?SVC_NAME).
+
+%% stop/1
+
+stop(Name) ->
+    peer:stop(Name).
+
+stop() ->
+    stop(?SVC_NAME).
diff --git a/lib/diameter/examples/client_cb.erl b/lib/diameter/examples/code/client_cb.erl
index 524a8f94a1..524a8f94a1 100644
--- a/lib/diameter/examples/client_cb.erl
+++ b/lib/diameter/examples/code/client_cb.erl
diff --git a/lib/diameter/examples/peer.erl b/lib/diameter/examples/code/peer.erl
index 89203e15c3..89203e15c3 100644
--- a/lib/diameter/examples/peer.erl
+++ b/lib/diameter/examples/code/peer.erl
diff --git a/lib/diameter/examples/redirect.erl b/lib/diameter/examples/code/redirect.erl
index b54701243f..b54701243f 100644
--- a/lib/diameter/examples/redirect.erl
+++ b/lib/diameter/examples/code/redirect.erl
diff --git a/lib/diameter/examples/redirect_cb.erl b/lib/diameter/examples/code/redirect_cb.erl
index ea7ad38749..ea7ad38749 100644
--- a/lib/diameter/examples/redirect_cb.erl
+++ b/lib/diameter/examples/code/redirect_cb.erl
diff --git a/lib/diameter/examples/relay.erl b/lib/diameter/examples/code/relay.erl
index deecb1cfc0..deecb1cfc0 100644
--- a/lib/diameter/examples/relay.erl
+++ b/lib/diameter/examples/code/relay.erl
diff --git a/lib/diameter/examples/relay_cb.erl b/lib/diameter/examples/code/relay_cb.erl
index 9ed6517d5c..9ed6517d5c 100644
--- a/lib/diameter/examples/relay_cb.erl
+++ b/lib/diameter/examples/code/relay_cb.erl
diff --git a/lib/diameter/examples/code/sctp.erl b/lib/diameter/examples/code/sctp.erl
new file mode 100644
index 0000000000..08de023571
--- /dev/null
+++ b/lib/diameter/examples/code/sctp.erl
@@ -0,0 +1,131 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(sctp).
+
+%%
+%% A small example demonstrating the establishment of an SCTP
+%% association with gen_sctp.
+%%
+
+-export([assoc/0,
+         dbg/0]).
+
+-include_lib("kernel/include/inet_sctp.hrl").
+
+-define(ADDR, {127,0,0,1}).
+-define(SERVER_PORT, 3868).
+-define(CONNECT_TIMEOUT, 2000).
+-define(REQUEST, <<0:64>>).
+-define(REPLY,   <<1:64>>).
+
+-record(server, {client,
+                 socket,
+                 assoc}).
+
+-record(client, {socket,
+                 assoc}).
+
+%% assoc/0
+%%
+%% Return on a successfully established association, raise an
+%% exception otherwise.
+
+assoc() ->
+    {_, MRef} = spawn_monitor(fun server/0),
+    receive {'DOWN', MRef, process, _, Info} -> Info end.
+
+%% dbg/0
+
+dbg() ->
+    dbg:tracer(),
+    dbg:p(all,c),
+    dbg:tpl(?MODULE, [{'_',[],[{exception_trace}]}]),
+    dbg:tp(gen_sctp, [{'_',[],[{exception_trace}]}]),
+    ok.
+
+%% server/0
+
+server() ->
+    {ok, Sock} = gen_sctp:open([binary,
+                                {reuseaddr, true},
+                                {active, true},
+                                {ip, ?ADDR},
+                                {port, ?SERVER_PORT}]),
+    ok = gen_sctp:listen(Sock, true),
+    {_Pid, MRef} = spawn_monitor(fun client/0),
+    s(#server{client = MRef, socket = Sock}),
+    gen_sctp:close(Sock).
+
+%% s/1
+
+s(#server{} = S) ->
+    s(s(receive T -> T end, S));
+s(T) ->
+    T.
+
+%% s/2
+
+s({sctp, Sock, _RA, _RP, {[], #sctp_assoc_change{state = comm_up,
+                                                 assoc_id = Id}}},
+  #server{socket = Sock, assoc = undefined}
+  = S) ->
+    S#server{assoc = Id};
+
+s({sctp, Sock, _RA, _RP, {[#sctp_sndrcvinfo{assoc_id = AId,
+                                            stream = SId}],
+                          ?REQUEST}},
+  #server{socket = Sock, assoc = AId}
+  = S) ->
+    ok = gen_sctp:send(Sock, AId, SId, ?REPLY),
+    S;
+
+s({'DOWN', MRef, process, _, normal} = T, #server{client = MRef}) ->
+    T.
+
+%% client/0
+
+client() ->
+    {ok, Sock} = gen_sctp:open([binary,
+                                {reuseaddr, true},
+                                {active, true},
+                                {ip, ?ADDR},
+                                {port, 0}]),
+    ok = gen_sctp:connect_init(Sock, ?ADDR, ?SERVER_PORT, []),
+    c(#client{socket = Sock}),
+    gen_sctp:close(Sock).
+
+
+%% c/1
+
+c(#client{} = S) ->
+    c(c(receive T -> T end, S));
+c(T) ->
+    T.
+
+c({sctp, Sock, _RA, _RP, {[], #sctp_assoc_change{state = comm_up,
+                                                 assoc_id = Id}}},
+  #client{socket = Sock, assoc = undefined}
+  = S) ->
+    ok = gen_sctp:send(Sock, Id, 0, ?REQUEST),
+    S#client{assoc = Id};
+
+c({sctp, Sock, _RA, _RP, {[#sctp_sndrcvinfo{assoc_id = AId}], ?REPLY}},
+  #client{socket = Sock, assoc = AId}) ->
+    ok.
diff --git a/lib/diameter/examples/server.erl b/lib/diameter/examples/code/server.erl
index ebb408e501..ebb408e501 100644
--- a/lib/diameter/examples/server.erl
+++ b/lib/diameter/examples/code/server.erl
diff --git a/lib/diameter/examples/server_cb.erl b/lib/diameter/examples/code/server_cb.erl
index 43b8e24b5c..43b8e24b5c 100644
--- a/lib/diameter/examples/server_cb.erl
+++ b/lib/diameter/examples/code/server_cb.erl
diff --git a/lib/diameter/examples/dict/rfc4004_mip.dia b/lib/diameter/examples/dict/rfc4004_mip.dia
new file mode 100644
index 0000000000..575ad4394a
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4004_mip.dia
@@ -0,0 +1,280 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4004, Diameter Mobile IPv4 Application
+;;
+;; Edits:
+;;
+;; - MIP-nonce  -> MIP-Nonce
+;; - Session-ID -> Session-Id
+;; - Omit MIP-HA-to-MN-SPI, MIP-MN-FA-SPI and MIP-MN-HA-SPI, none of
+;;   which are defined.
+;;
+
+@id 2
+
+@inherits rfc3588_base
+
+;; ===========================================================================
+
+@avp_types
+
+   MIP-Reg-Request                320  OctetString   M
+   MIP-Reg-Reply                  321  OctetString   M
+   MIP-MN-AAA-Auth                322  Grouped       M
+   MIP-Mobile-Node-Address        333  Address       M
+   MIP-Home-Agent-Address         334  Address       M
+   MIP-Candidate-Home-Agent-Host  336  DiamIdent     M
+   MIP-Feature-Vector             337  Unsigned32    M
+   MIP-Auth-Input-Data-Length     338  Unsigned32    M
+   MIP-Authenticator-Length       339  Unsigned32    M
+   MIP-Authenticator-Offset       340  Unsigned32    M
+   MIP-MN-AAA-SPI                 341  Unsigned32    M
+   MIP-Filter-Rule                342  IPFilterRule  M
+   MIP-FA-Challenge               344  OctetString   M
+   MIP-Originating-Foreign-AAA    347  Grouped       M
+   MIP-Home-Agent-Host            348  Grouped       M
+
+   MIP-FA-to-HA-SPI               318  Unsigned32    M
+   MIP-FA-to-MN-SPI               319  Unsigned32    M
+   MIP-HA-to-FA-SPI               323  Unsigned32    M
+   MIP-MN-to-FA-MSA               325  Grouped       M
+   MIP-FA-to-MN-MSA               326  Grouped       M
+   MIP-FA-to-HA-MSA               328  Grouped       M
+   MIP-HA-to-FA-MSA               329  Grouped       M
+   MIP-MN-to-HA-MSA               331  Grouped       M
+   MIP-HA-to-MN-MSA               332  Grouped       M
+   MIP-Nonce                      335  OctetString   M
+   MIP-Session-Key                343  OctetString   M
+   MIP-Algorithm-Type             345  Enumerated    M
+   MIP-Replay-Mode                346  Enumerated    M
+   MIP-MSA-Lifetime               367  Unsigned32    M
+
+;; ===========================================================================
+
+@messages
+
+   ;; 5.1.  AA-Mobile-Node-Request
+
+   AMR ::= < Diameter Header: 260, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { User-Name }
+           { Destination-Realm }
+           { Origin-Host }
+           { Origin-Realm }
+           { MIP-Reg-Request }
+           { MIP-MN-AAA-Auth }
+           [ Acct-Multi-Session-Id ]
+           [ Destination-Host ]
+           [ Origin-State-Id ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Feature-Vector ]
+           [ MIP-Originating-Foreign-AAA ]
+           [ Authorization-Lifetime ]
+           [ Auth-Session-State ]
+           [ MIP-FA-Challenge ]
+           [ MIP-Candidate-Home-Agent-Host ]
+           [ MIP-Home-Agent-Host ]
+           [ MIP-HA-to-FA-SPI ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 5.2.  AA-Mobile-Node-Answer
+
+   AMA ::= < Diameter Header: 260, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Acct-Multi-Session-Id ]
+           [ User-Name ]
+           [ Authorization-Lifetime ]
+           [ Auth-Session-State ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+           [ Re-Auth-Request-Type ]
+           [ MIP-Feature-Vector ]
+           [ MIP-Reg-Reply ]
+           [ MIP-MN-to-FA-MSA ]
+           [ MIP-MN-to-HA-MSA ]
+           [ MIP-FA-to-MN-MSA ]
+           [ MIP-FA-to-HA-MSA ]
+           [ MIP-HA-to-MN-MSA ]
+           [ MIP-MSA-Lifetime ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Mobile-Node-Address ]
+         * [ MIP-Filter-Rule ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ;; 5.3.  Home-Agent-MIP-Request
+
+   HAR ::= < Diameter Header: 262, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Authorization-Lifetime }
+           { Auth-Session-State }
+           { MIP-Reg-Request }
+           { Origin-Host }
+           { Origin-Realm }
+           { User-Name }
+           { Destination-Realm }
+           { MIP-Feature-Vector }
+           [ Destination-Host ]
+           [ MIP-MN-to-HA-MSA ]
+           [ MIP-MN-to-FA-MSA ]
+           [ MIP-HA-to-MN-MSA ]
+           [ MIP-HA-to-FA-MSA ]
+           [ MIP-MSA-Lifetime ]
+           [ MIP-Originating-Foreign-AAA ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-Home-Agent-Address ]
+         * [ MIP-Filter-Rule ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 5.4.  Home-Agent-MIP-Answer
+
+   HAA ::= < Diameter Header: 262, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Acct-Multi-Session-Id ]
+           [ User-Name ]
+           [ Error-Reporting-Host ]
+           [ Error-Message ]
+           [ MIP-Reg-Reply ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-FA-to-HA-SPI ]
+           [ MIP-FA-to-MN-SPI ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   MIP-MN-AAA-Auth ::= < AVP Header: 322 >
+
+           { MIP-MN-AAA-SPI }
+           { MIP-Auth-Input-Data-Length }
+           { MIP-Authenticator-Length }
+           { MIP-Authenticator-Offset }
+         * [ AVP ]
+
+
+   MIP-Originating-Foreign-AAA ::= < AVP Header: 347 >
+
+           { Origin-Realm }
+           { Origin-Host }
+         * [ AVP ]
+
+   MIP-Home-Agent-Host ::= < AVP Header: 348 >
+
+           { Destination-Realm }
+           { Destination-Host }
+         * [ AVP ]
+
+   MIP-FA-to-MN-MSA ::= < AVP Header: 326 >
+
+           { MIP-FA-to-MN-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-FA-to-HA-MSA ::= < AVP Header: 328 >
+
+           { MIP-FA-to-HA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-HA-to-FA-MSA ::= < AVP Header: 329 >
+
+           { MIP-HA-to-FA-SPI   }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-HA-to-MN-MSA ::= < AVP Header: 332 >
+
+   ;       { MIP-HA-to-MN-SPI   }
+           { MIP-Algorithm-Type }
+           { MIP-Replay-Mode }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-MN-to-FA-MSA ::= < AVP Header: 325 >
+
+   ;       { MIP-MN-FA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Nonce }
+         * [ AVP ]
+
+   MIP-MN-to-HA-MSA ::= < AVP Header: 331 >
+
+   ;       { MIP-MN-HA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Replay-Mode }
+           { MIP-Nonce }
+         * [ AVP ]
+
+;; ===========================================================================
+
+@enum MIP-Algorithm-Type
+
+   HMAC-SHA-1      2
+
+@enum MIP-Replay-Mode
+
+   NONE            1
+   TIMESTAMPS      2
+   NONCES          3
+
+;; ===========================================================================
+
+@define Result-Code
+
+   ;; 6.1.  Transient Failures
+
+   MIP_REPLY_FAILURE              4005
+   HA_NOT_AVAILABLE               4006
+   BAD_KEY                        4007
+   MIP_FILTER_NOT_SUPPORTED       4008
+
+   ;; 6.2.  Permanent Failures
+
+   NO_FOREIGN_HA_SERVICE          5024
+   END_TO_END_MIP_KEY_ENCRYPTION  5025
diff --git a/lib/diameter/examples/dict/rfc4005_nas.dia b/lib/diameter/examples/dict/rfc4005_nas.dia
new file mode 100644
index 0000000000..a4b44e38bb
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4005_nas.dia
@@ -0,0 +1,740 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4005, Diameter Network Access Server Application
+;;
+;; Edits:
+;;
+;; - Acounting-Auth-Method      -> Accounting-Auth-Method
+;; - Connection-Info            -> ConnectInfo
+;; - Framed-Appletalk-Link      -> Framed-AppleTalk-Link
+;; - Framed-Appletalk-Network   -> Framed-AppleTalk-Network
+;; - Framed-Appletalk-Zone      -> Framed-AppleTalk-Zone
+;; - Qos-Filter-Rule            -> QoS-Filter-Rule
+;; - Redirect-Host-Usase        -> Redirect-Host-Usage
+;; - Redirected-Host            -> Redirect-Host
+;; - Redirected-Host-Usage      -> Redirect-Host-Usage
+;; - Redirected-Host-Cache-Time -> Redirect-Max-Cache-Time
+;; - Redirected-Max-Cache-Time  -> Redirect-Max-Cache-Time
+;;
+
+@id 1
+
+@inherits rfc3588_base
+
+;; ===========================================================================
+
+@avp_types
+
+   ;; 4.  NAS Session AVPs
+
+   NAS-Port                           5    Unsigned32    M
+   NAS-Port-Id                       87    UTF8String    M
+   NAS-Port-Type                     61    Enumerated    M
+   Called-Station-Id                 30    UTF8String    M
+   Calling-Station-Id                31    UTF8String    M
+   Connect-Info                      77    UTF8String    M
+   Originating-Line-Info             94   OctetString    -
+   Reply-Message                     18    UTF8String    M
+
+   ;; 5.  NAS Authentication AVPs
+
+   User-Password                      2   OctetString    M
+   Password-Retry                    75    Unsigned32    M
+   Prompt                            76    Enumerated    M
+   CHAP-Auth                        402       Grouped    M
+   CHAP-Algorithm                   403    Enumerated    M
+   CHAP-Ident                       404   OctetString    M
+   CHAP-Response                    405   OctetString    M
+   CHAP-Challenge                    60   OctetString    M
+   ARAP-Password                     70   OctetString    M
+   ARAP-Challenge-Response           84   OctetString    M
+   ARAP-Security                     73    Unsigned32    M
+   ARAP-Security-Data                74   OctetString    M
+
+   ;; 6.  NAS Authorization AVPs
+
+   Service-Type                       6    Enumerated    M
+   Callback-Number                   19    UTF8String    M
+   Callback-Id                       20    UTF8String    M
+   Idle-Timeout                      28    Unsigned32    M
+   Port-Limit                        62    Unsigned32    M
+   NAS-Filter-Rule                  400  IPFilterRule    M
+   Filter-Id                         11    UTF8String    M
+   Configuration-Token               78   OctetString    M
+   QoS-Filter-Rule                  407 QoSFilterRule    -
+   Framed-Protocol                    7    Enumerated    M
+   Framed-Routing                    10    Enumerated    M
+   Framed-MTU                        12    Unsigned32    M
+   Framed-Compression                13    Enumerated    M
+   Framed-IP-Address                  8   OctetString    M
+   Framed-IP-Netmask                  9   OctetString    M
+   Framed-Route                      22    UTF8String    M
+   Framed-Pool                       88   OctetString    M
+   Framed-Interface-Id               96    Unsigned64    M
+   Framed-IPv6-Prefix                97   OctetString    M
+   Framed-IPv6-Route                 99    UTF8String    M
+   Framed-IPv6-Pool                 100   OctetString    M
+   Framed-IPX-Network                23    UTF8String    M
+   Framed-AppleTalk-Link             37    Unsigned32    M
+   Framed-AppleTalk-Network          38    Unsigned32    M
+   Framed-AppleTalk-Zone             39   OctetString    M
+   ARAP-Features                     71   OctetString    M
+   ARAP-Zone-Access                  72    Enumerated    M
+   Login-IP-Host                     14   OctetString    M
+   Login-IPv6-Host                   98   OctetString    M
+   Login-Service                     15    Enumerated    M
+   Login-TCP-Port                    16    Unsigned32    M
+   Login-LAT-Service                 34   OctetString    M
+   Login-LAT-Node                    35   OctetString    M
+   Login-LAT-Group                   36   OctetString    M
+   Login-LAT-Port                    63   OctetString    M
+
+   ;; 7.  NAS Tunneling
+
+   Tunneling                        401       Grouped    M
+   Tunnel-Type                       64    Enumerated    M
+   Tunnel-Medium-Type                65    Enumerated    M
+   Tunnel-Client-Endpoint            66    UTF8String    M
+   Tunnel-Server-Endpoint            67    UTF8String    M
+   Tunnel-Password                   69   OctetString    M
+   Tunnel-Private-Group-Id           81   OctetString    M
+   Tunnel-Assignment-Id              82   OctetString    M
+   Tunnel-Preference                 83    Unsigned32    M
+   Tunnel-Client-Auth-Id             90    UTF8String    M
+   Tunnel-Server-Auth-Id             91    UTF8String    M
+
+   ;; 8.  NAS Accounting
+
+   Accounting-Input-Octets          363    Unsigned64    M
+   Accounting-Output-Octets         364    Unsigned64    M
+   Accounting-Input-Packets         365    Unsigned64    M
+   Accounting-Output-Packets        366    Unsigned64    M
+   Acct-Session-Time                 46    Unsigned32    M
+   Acct-Authentic                    45    Enumerated    M
+   Accounting-Auth-Method           406    Enumerated    M
+   Acct-Delay-Time                   41    Unsigned32    M
+   Acct-Link-Count                   51    Unsigned32    M
+   Acct-Tunnel-Connection            68   OctetString    M
+   Acct-Tunnel-Packets-Lost          86    Unsigned32    M
+
+   ;; 9.3.  AVPs Used Only for Compatibility
+
+   NAS-Identifier                    32    UTF8String    M
+   NAS-IP-Address                     4   OctetString    M
+   NAS-IPv6-Address                  95   OctetString    M
+   State                             24   OctetString    M
+ ;;Termination-Cause                295    Enumerated    M
+   Origin-AAA-Protocol              408    Enumerated    M
+
+;; ===========================================================================
+
+@messages
+
+   AAR ::= < Diameter Header: 265, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Request-Type }
+           [ Destination-Host ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Port-Limit ]
+           [ User-Name ]
+           [ User-Password ]
+           [ Service-Type ]
+           [ State ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Connect-Info ]
+           [ CHAP-Auth ]
+           [ CHAP-Challenge ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IP-Netmask ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+           [ ARAP-Password ]
+           [ ARAP-Security ]
+         * [ ARAP-Security-Data ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   AAA ::= < Diameter Header: 265, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Request-Type }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Service-Type ]
+         * [ Class ]
+         * [ Configuration-Token ]
+           [ Acct-Interim-Interval ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Idle-Timeout ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Re-Auth-Request-Type ]
+           [ Multi-Round-Time-Out ]
+           [ Session-Timeout ]
+           [ State ]
+         * [ Reply-Message ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Filter-Id ]
+           [ Password-Retry ]
+           [ Port-Limit ]
+           [ Prompt ]
+           [ ARAP-Challenge-Response ]
+           [ ARAP-Features ]
+           [ ARAP-Security ]
+         * [ ARAP-Security-Data ]
+           [ ARAP-Zone-Access ]
+           [ Callback-Id ]
+           [ Callback-Number ]
+           [ Framed-AppleTalk-Link ]
+         * [ Framed-AppleTalk-Network ]
+           [ Framed-AppleTalk-Zone ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IPv6-Pool ]
+         * [ Framed-IPv6-Route ]
+           [ Framed-IP-Netmask ]
+         * [ Framed-Route ]
+           [ Framed-Pool ]
+           [ Framed-IPX-Network ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+           [ Framed-Routing ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+           [ Login-Service ]
+           [ Login-TCP-Port ]
+         * [ NAS-Filter-Rule ]
+         * [ QoS-Filter-Rule ]
+         * [ Tunneling ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   RAR ::= < Diameter Header: 258, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Destination-Host }
+           { Auth-Application-Id }
+           { Re-Auth-Request-Type }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Framed-IP-Address ]
+           [ Framed-IPv6-Prefix ]
+           [ Framed-Interface-Id ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ State ]
+         * [ Class ]
+           [ Reply-Message ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   RAA ::= < Diameter Header: 258, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+           [ Service-Type ]
+         * [ Configuration-Token ]
+           [ Idle-Timeout ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Re-Auth-Request-Type ]
+           [ State ]
+         * [ Class ]
+         * [ Reply-Message ]
+           [ Prompt ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   STR ::= < Diameter Header: 275, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Application-Id }
+           { Termination-Cause }
+           [ User-Name ]
+           [ Destination-Host ]
+         * [ Class ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   STA ::= < Diameter Header: 275, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+         * [ Class ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ASR ::= < Diameter Header: 274, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Destination-Host }
+           { Auth-Application-Id }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Framed-IP-Address ]
+           [ Framed-IPv6-Prefix ]
+           [ Framed-Interface-Id ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ State ]
+         * [ Class ]
+         * [ Reply-Message ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ASA ::= < Diameter Header: 274, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ State]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ACR ::= < Diameter Header: 271, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Accounting-Record-Type }
+           { Accounting-Record-Number }
+           [ Acct-Application-Id ]
+           [ Vendor-Specific-Application-Id ]
+           [ User-Name ]
+           [ Accounting-Sub-Session-Id ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Destination-Host ]
+           [ Event-Timestamp ]
+           [ Acct-Delay-Time ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+         * [ Class ]
+           [ Service-Type ]
+           [ Termination-Cause ]
+           [ Accounting-Input-Octets ]
+           [ Accounting-Input-Packets ]
+           [ Accounting-Output-Octets ]
+           [ Accounting-Output-Packets ]
+           [ Acct-Authentic ]
+           [ Accounting-Auth-Method ]
+           [ Acct-Link-Count ]
+           [ Acct-Session-Time ]
+           [ Acct-Tunnel-Connection ]
+           [ Acct-Tunnel-Packets-Lost ]
+           [ Callback-Id ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+         * [ Connect-Info ]
+           [ Originating-Line-Info ]
+           [ Authorization-Lifetime ]
+           [ Session-Timeout ]
+           [ Idle-Timeout ]
+           [ Port-Limit ]
+           [ Accounting-Realtime-Required ]
+           [ Acct-Interim-Interval ]
+         * [ Filter-Id ]
+         * [ NAS-Filter-Rule ]
+         * [ QoS-Filter-Rule ]
+           [ Framed-AppleTalk-Link ]
+           [ Framed-AppleTalk-Network ]
+           [ Framed-AppleTalk-Zone ]
+           [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+           [ Framed-IP-Netmask ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IPv6-Pool ]
+         * [ Framed-IPv6-Route ]
+           [ Framed-IPX-Network ]
+           [ Framed-MTU ]
+           [ Framed-Pool ]
+           [ Framed-Protocol ]
+         * [ Framed-Route ]
+           [ Framed-Routing ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+           [ Login-Service ]
+           [ Login-TCP-Port ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ACA ::= < Diameter Header: 271, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           { Accounting-Record-Type }
+           { Accounting-Record-Number }
+           [ Acct-Application-Id ]
+           [ Vendor-Specific-Application-Id ]
+           [ User-Name ]
+           [ Accounting-Sub-Session-Id ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Event-Timestamp ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Termination-Cause ]
+           [ Accounting-Realtime-Required ]
+           [ Acct-Interim-Interval ]
+         * [ Class ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   CHAP-Auth ::= < AVP Header: 402 >
+
+           { CHAP-Algorithm }
+           { CHAP-Ident }
+           [ CHAP-Response ]
+         * [ AVP ]
+
+   Tunneling ::= < AVP Header: 401 >
+
+           { Tunnel-Type }
+           { Tunnel-Medium-Type }
+           { Tunnel-Client-Endpoint }
+           { Tunnel-Server-Endpoint }
+           [ Tunnel-Preference ]
+           [ Tunnel-Client-Auth-Id ]
+           [ Tunnel-Server-Auth-Id ]
+           [ Tunnel-Assignment-Id ]
+           [ Tunnel-Password ]
+           [ Tunnel-Private-Group-Id ]
+
+;; ===========================================================================
+
+@enum NAS-Port-Type
+
+   ASYNC                          0
+   SYNC                           1
+   ISDN_SYNC                      2
+   ISDN_ASYNC_V120                3
+   ISDN_ASYNC_V110                4
+   VIRTUAL                        5
+   PIAFS                          6
+   HDLC_CLEAR_CHANNEL             7
+   X25                            8
+   X75                            9
+   G3FAX                         10
+   SDSL                          11
+   ADSL-CAP                      12
+   ADSL-DMT                      13
+   IDSL                          14
+   ETHERNET                      15
+   XDSL                          16
+   CABLE                         17
+   WIRELESS_OTHER                18
+  'WIRELESS_802.11'              19
+   TOKEN-RING                    20
+   FDDI                          21
+   WIRELESS_CDMA2000             22
+   WIRELESS_UMTS                 23
+   WIRELESS_1X-EV                24
+   IAPP                          25
+
+@enum Prompt
+
+   NO_ECHO                        0
+   ECHO                           1
+
+@enum CHAP-Algorithm
+
+   WITH_MD5                       5
+
+@enum Service-Type
+
+   LOGIN                          1
+   FRAMED                         2
+   CALLBACK_LOGIN                 3
+   CALLBACK_FRAMED                4
+   OUTBOUND                       5
+   ADMINISTRATIVE                 6
+   NAS_PROMPT                     7
+   AUTHENTICATE_ONLY              8
+   CALLBACK_NAS_PROMPT            9
+   CALL_CHECK                    10
+   CALLBACK_ADMINISTRATIVE       11
+   VOICE                         12
+   FAX                           13
+   MODEM_RELAY                   14
+   IAPP-REGISTER                 15
+   IAPP-AP-CHECK                 16
+   AUTHORIZE_ONLY                17
+
+@enum Framed-Protocol
+
+   PPP                            1
+   SLIP                           2
+   ARAP                           3
+   GANDALF                        4
+   XYLOGICS                       5
+   X75                            6
+
+@enum Framed-Routing
+
+   NONE                           0
+   SEND                           1
+   LISTEN                         2
+   SEND_AND_LISTEN                3
+
+@enum Framed-Compression
+
+   NONE                           0
+   VJ                             1
+   IPX                            2
+   STAC-LZS                       3
+
+@enum ARAP-Zone-Access
+
+   DEFAULT                        1
+   FILTER_INCLUSIVELY             2
+   FILTER_EXCLUSIVELY             4
+
+@enum Login-Service
+
+   TELNET                         0
+   RLOGIN                         1
+   TCP_CLEAR                      2
+   PORTMASTER                     3
+   LAT                            4
+   X25-PAD                        5
+   X25-T3POS                      6
+   TCP_CLEAR_QUIET                8
+
+@enum Tunnel-Type
+
+   PPTP                           1
+   L2F                            2
+   L2TP                           3
+   ATMP                           4
+   VTP                            5
+   AH                             6
+   IP-IP                          7
+   MIN-IP-IP                      8
+   ESP                            9
+   GRE                           10
+   DVS                           11
+   IP-IN-IP                      12
+   VLAN                          13
+
+@enum Tunnel-Medium-Type
+
+   IPV4                           1
+   IPV6                           2
+   NSAP                           3
+   HDLC                           4
+   BBN_1822                       5
+  '802'                           6
+   E163                           7
+   E164                           8
+   F69                            9
+   X121                          10
+   IPX                           11
+   APPLETALK                     12
+   DECNET_IV                     13
+   BANYAN_VINES                  14
+   E164_NSAP                     15
+
+
+@enum Acct-Authentic
+
+   RADIUS                         1
+   LOCAL                          2
+   REMOTE                         3
+   DIAMETER                       4
+
+@enum Accounting-Auth-Method
+
+   PAP                            1
+   CHAP                           2
+   MS-CHAP-1                      3
+   MS-CHAP-2                      4
+   EAP                            5
+   NONE                           7
+
+@enum Termination-Cause
+
+   USER_REQUEST                  11
+   LOST_CARRIER                  12
+   LOST_SERVICE                  13
+   IDLE_TIMEOUT                  14
+   SESSION_TIMEOUT               15
+   ADMIN_RESET                   16
+   ADMIN_REBOOT                  17
+   PORT_ERROR                    18
+   NAS_ERROR                     19
+   NAS_REQUEST                   20
+   NAS_REBOOT                    21
+   PORT_UNNEEDED                 22
+   PORT_PREEMPTED                23
+   PORT_SUSPENDED                24
+   SERVICE_UNAVAILABLE           25
+   CALLBACK                      26
+   USER_ERROR                    27
+   HOST_REQUEST                  28
+   SUPPLICANT_RESTART            29
+   REAUTHORIZATION_FAILURE       30
+   PORT_REINIT                   31
+   PORT_DISABLED                 32
diff --git a/lib/diameter/examples/dict/rfc4006_cc.dia b/lib/diameter/examples/dict/rfc4006_cc.dia
new file mode 100644
index 0000000000..b723e4ddbb
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4006_cc.dia
@@ -0,0 +1,349 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4006, Diameter Credit-Control Application
+;;
+
+@id 4
+
+@inherits rfc3588_base
+@inherits rfc4005_nas  Filter-Id
+
+;; ===========================================================================
+
+@avp_types
+
+   CC-Correlation-Id                 411    OctetString   -
+   CC-Input-Octets                   412    Unsigned64    M
+   CC-Money                          413    Grouped       M
+   CC-Output-Octets                  414    Unsigned64    M
+   CC-Request-Number                 415    Unsigned32    M
+   CC-Request-Type                   416    Enumerated    M
+   CC-Service-Specific-Units         417    Unsigned64    M
+   CC-Session-Failover               418    Enumerated    M
+   CC-Sub-Session-Id                 419    Unsigned64    M
+   CC-Time                           420    Unsigned32    M
+   CC-Total-Octets                   421    Unsigned64    M
+   CC-Unit-Type                      454    Enumerated    M
+   Check-Balance-Result              422    Enumerated    M
+   Cost-Information                  423    Grouped       M
+   Cost-Unit                         424    UTF8String    M
+   Credit-Control                    426    Enumerated    M
+   Credit-Control-Failure-Handling   427    Enumerated    M
+   Currency-Code                     425    Unsigned32    M
+   Direct-Debiting-Failure-Handling  428    Enumerated    M
+   Exponent                          429    Integer32     M
+   Final-Unit-Action                 449    Enumerated    M
+   Final-Unit-Indication             430    Grouped       M
+   Granted-Service-Unit              431    Grouped       M
+   G-S-U-Pool-Identifier             453    Unsigned32    M
+   G-S-U-Pool-Reference              457    Grouped       M
+   Multiple-Services-Credit-Control  456    Grouped       M
+   Multiple-Services-Indicator       455    Enumerated    M
+   Rating-Group                      432    Unsigned32    M
+   Redirect-Address-Type             433    Enumerated    M
+   Redirect-Server                   434    Grouped       M
+   Redirect-Server-Address           435    UTF8String    M
+   Requested-Action                  436    Enumerated    M
+   Requested-Service-Unit            437    Grouped       M
+   Restriction-Filter-Rule           438    IPFilterRule  M
+   Service-Context-Id                461    UTF8String    M
+   Service-Identifier                439    Unsigned32    M
+   Service-Parameter-Info            440    Grouped       -
+   Service-Parameter-Type            441    Unsigned32    -
+   Service-Parameter-Value           442    OctetString   -
+   Subscription-Id                   443    Grouped       M
+   Subscription-Id-Data              444    UTF8String    M
+   Subscription-Id-Type              450    Enumerated    M
+   Tariff-Change-Usage               452    Enumerated    M
+   Tariff-Time-Change                451    Time          M
+   Unit-Value                        445    Grouped       M
+   Used-Service-Unit                 446    Grouped       M
+   User-Equipment-Info               458    Grouped       -
+   User-Equipment-Info-Type          459    Enumerated    -
+   User-Equipment-Info-Value         460    OctetString   -
+   Value-Digits                      447    Integer64     M
+   Validity-Time                     448    Unsigned32    M
+
+;; ===========================================================================
+
+@messages
+
+   CCR ::= < Diameter Header: 272, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Application-Id }
+           { Service-Context-Id }
+           { CC-Request-Type }
+           { CC-Request-Number }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ CC-Sub-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-State-Id ]
+           [ Event-Timestamp ]
+         * [ Subscription-Id ]
+           [ Service-Identifier ]
+           [ Termination-Cause ]
+           [ Requested-Service-Unit ]
+           [ Requested-Action ]
+         * [ Used-Service-Unit ]
+           [ Multiple-Services-Indicator ]
+         * [ Multiple-Services-Credit-Control ]
+         * [ Service-Parameter-Info ]
+           [ CC-Correlation-Id ]
+           [ User-Equipment-Info ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   CCA ::= < Diameter Header: 272, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           { Auth-Application-Id }
+           { CC-Request-Type }
+           { CC-Request-Number }
+           [ User-Name ]
+           [ CC-Session-Failover ]
+           [ CC-Sub-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-State-Id ]
+           [ Event-Timestamp ]
+           [ Granted-Service-Unit ]
+         * [ Multiple-Services-Credit-Control ]
+           [ Cost-Information]
+           [ Final-Unit-Indication ]
+           [ Check-Balance-Result ]
+           [ Credit-Control-Failure-Handling ]
+           [ Direct-Debiting-Failure-Handling ]
+           [ Validity-Time]
+         * [ Redirect-Host]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ Failed-AVP ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   Cost-Information ::= < AVP Header: 423 >
+
+           { Unit-Value }
+           { Currency-Code }
+           [ Cost-Unit ]
+
+   Unit-Value ::= < AVP Header: 445 >
+
+           { Value-Digits }
+           [ Exponent ]
+
+   Multiple-Services-Credit-Control ::= < AVP Header: 456 >
+
+           [ Granted-Service-Unit ]
+           [ Requested-Service-Unit ]
+         * [ Used-Service-Unit ]
+           [ Tariff-Change-Usage ]
+         * [ Service-Identifier ]
+           [ Rating-Group ]
+         * [ G-S-U-Pool-Reference ]
+           [ Validity-Time ]
+           [ Result-Code ]
+           [ Final-Unit-Indication ]
+         * [ AVP ]
+
+   Granted-Service-Unit ::= < AVP Header: 431 >
+
+           [ Tariff-Time-Change ]
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   Requested-Service-Unit ::= < AVP Header: 437 >
+
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   Used-Service-Unit ::= < AVP Header: 446 >
+
+           [ Tariff-Change-Usage ]
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   CC-Money ::= < AVP Header: 413 >
+
+           { Unit-Value }
+           [ Currency-Code ]
+
+   G-S-U-Pool-Reference ::= < AVP Header: 457 >
+
+           { G-S-U-Pool-Identifier }
+           { CC-Unit-Type }
+           { Unit-Value }
+
+   Final-Unit-Indication ::= < AVP Header: 430 >
+
+           { Final-Unit-Action }
+         * [ Restriction-Filter-Rule ]
+         * [ Filter-Id ]
+           [ Redirect-Server ]
+
+   Redirect-Server ::= < AVP Header: 434 >
+
+           { Redirect-Address-Type }
+           { Redirect-Server-Address }
+
+   Service-Parameter-Info ::= < AVP Header: 440 >
+
+           { Service-Parameter-Type }
+           { Service-Parameter-Value }
+
+   Subscription-Id ::= < AVP Header: 443 >
+
+           { Subscription-Id-Type }
+           { Subscription-Id-Data }
+
+   User-Equipment-Info ::= < AVP Header: 458 >
+
+           { User-Equipment-Info-Type }
+           { User-Equipment-Info-Value }
+
+;; ===========================================================================
+
+@enum CC-Request-Type
+
+   INITIAL_REQUEST                 1
+   UPDATE_REQUEST                  2
+   TERMINATION_REQUEST             3
+   EVENT_REQUEST                   4
+
+@enum CC-Session-Failover
+
+   NOT_SUPPORTED                   0
+   SUPPORTED                       1
+
+@enum Check-Balance-Result
+
+   ENOUGH_CREDIT                   0
+   NO_CREDIT                       1
+
+@enum Credit-Control
+
+   AUTHORIZATION                   0
+   RE_AUTHORIZATION                1
+
+@enum Credit-Control-Failure-Handling
+
+   TERMINATE                       0
+   CONTINUE                        1
+   RETRY_AND_TERMINATE             2
+
+@enum Direct-Debiting-Failure-Handling
+
+   TERMINATE_OR_BUFFER             0
+   CONTINUE                        1
+
+@enum Tariff-Change-Usage
+
+   UNIT_BEFORE_TARIFF_CHANGE       0
+   UNIT_AFTER_TARIFF_CHANGE        1
+   UNIT_INDETERMINATE              2
+
+@enum CC-Unit-Type
+
+   TIME                            0
+   MONEY                           1
+   TOTAL-OCTETS                    2
+   INPUT-OCTETS                    3
+   OUTPUT-OCTETS                   4
+   SERVICE-SPECIFIC-UNITS          5
+
+@enum Final-Unit-Action
+
+   TERMINATE                       0
+   REDIRECT                        1
+   RESTRICT_ACCESS                 2
+
+@enum Redirect-Address-Type
+
+   IPV4                            0
+   IPV6                            1
+   URL                             2
+   SIP_URI                         3
+
+@enum Multiple-Services-Indicator
+
+   NOT_SUPPORTED                   0
+   SUPPORTED                       1
+
+@enum Requested-Action
+
+   DIRECT_DEBITING                 0
+   REFUND_ACCOUNT                  1
+   CHECK_BALANCE                   2
+   PRICE_ENQUIRY                   3
+
+@enum Subscription-Id-Type
+
+   END_USER_E164                   0
+   END_USER_IMSI                   1
+   END_USER_SIP_URI                2
+   END_USER_NAI                    3
+   END_USER_PRIVATE                4
+
+@enum User-Equipment-Info-Type
+
+   IMEISV                          0
+   MAC                             1
+   EUI64                           2
+   MODIFIED_EUI64                  3
+
+;; ===========================================================================
+
+@define Result-Code
+
+   END_USER_SERVICE_DENIED         4010
+   CREDIT_CONTROL_NOT_APPLICABLE   4011
+   CREDIT_LIMIT_REACHED            4012
+
+   USER_UNKNOWN                    5030
+   RATING_FAILED                   5031
diff --git a/lib/diameter/examples/dict/rfc4072_eap.dia b/lib/diameter/examples/dict/rfc4072_eap.dia
new file mode 100644
index 0000000000..111516b347
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4072_eap.dia
@@ -0,0 +1,150 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4072, Diameter Extensible Authentication Protocol (EAP) Application
+;;
+;; Edits:
+;;
+;; - Move EAP-Payload to not break fixed/required/optional order
+;; - Framed-Appletalk-Link    -> Framed-AppleTalk-Link
+;; - Framed-Appletalk-Network -> Framed-AppleTalk-Network
+;; - Framed-Appletalk-Zone    -> Framed-AppleTalk-Zone
+;;
+
+@id 5
+
+@inherits rfc3588_base
+@inherits rfc4005_nas
+
+;; ===========================================================================
+
+@avp_types
+
+   EAP-Master-Session-Key           464   OctetString    -
+   EAP-Key-Name                     102   OctetString    -
+   EAP-Payload                      462   OctetString    -
+   EAP-Reissued-Payload             463   OctetString    -
+   Accounting-EAP-Auth-Method       465    Unsigned64    -
+
+;; ===========================================================================
+
+@messages
+
+   DER ::= < Diameter Header: 268, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Request-Type }
+           { EAP-Payload }
+           [ Destination-Host ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Origin-State-Id ]
+           [ Port-Limit ]
+           [ User-Name ]
+           [ EAP-Key-Name ]
+           [ Service-Type ]
+           [ State ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Connect-Info ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IP-Netmask ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   DEA ::= < Diameter Header: 268, PXY >
+
+          < Session-Id >
+          { Auth-Application-Id }
+          { Auth-Request-Type }
+          { Result-Code }
+          { Origin-Host }
+          { Origin-Realm }
+          [ User-Name ]
+          [ EAP-Payload ]
+          [ EAP-Reissued-Payload ]
+          [ EAP-Master-Session-Key ]
+          [ EAP-Key-Name ]
+          [ Multi-Round-Time-Out ]
+          [ Accounting-EAP-Auth-Method ]
+          [ Service-Type ]
+        * [ Class ]
+        * [ Configuration-Token ]
+          [ Acct-Interim-Interval ]
+          [ Error-Message ]
+          [ Error-Reporting-Host ]
+        * [ Failed-AVP ]
+          [ Idle-Timeout ]
+          [ Authorization-Lifetime ]
+          [ Auth-Grace-Period ]
+          [ Auth-Session-State ]
+          [ Re-Auth-Request-Type ]
+          [ Session-Timeout ]
+          [ State ]
+        * [ Reply-Message ]
+          [ Origin-State-Id ]
+        * [ Filter-Id ]
+          [ Port-Limit ]
+          [ Callback-Id ]
+          [ Callback-Number ]
+          [ Framed-AppleTalk-Link ]
+        * [ Framed-AppleTalk-Network ]
+          [ Framed-AppleTalk-Zone ]
+        * [ Framed-Compression ]
+          [ Framed-Interface-Id ]
+          [ Framed-IP-Address ]
+        * [ Framed-IPv6-Prefix ]
+          [ Framed-IPv6-Pool ]
+        * [ Framed-IPv6-Route ]
+          [ Framed-IP-Netmask ]
+        * [ Framed-Route ]
+          [ Framed-Pool ]
+          [ Framed-IPX-Network ]
+          [ Framed-MTU ]
+          [ Framed-Protocol ]
+          [ Framed-Routing ]
+        * [ NAS-Filter-Rule ]
+        * [ QoS-Filter-Rule ]
+        * [ Tunneling ]
+        * [ Redirect-Host ]
+          [ Redirect-Host-Usage ]
+          [ Redirect-Max-Cache-Time ]
+        * [ Proxy-Info ]
+        * [ AVP ]
diff --git a/lib/diameter/examples/dict/rfc4590_digest.dia b/lib/diameter/examples/dict/rfc4590_digest.dia
new file mode 100644
index 0000000000..a4ebe0c456
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4590_digest.dia
@@ -0,0 +1,45 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4590, RADIUS Extension for Digest Authentication
+;;
+
+@avp_types
+
+   Digest-Response          103  OctetString  -
+   Digest-Realm             104  OctetString  -
+   Digest-Nonce             105  OctetString  -
+   Digest-Response-Auth     106  OctetString  -
+   Digest-Nextnonce         107  OctetString  -
+   Digest-Method            108  OctetString  -
+   Digest-URI               109  OctetString  -
+   Digest-Qop               110  OctetString  -
+   Digest-Algorithm         111  OctetString  -
+   Digest-Entity-Body-Hash  112  OctetString  -
+   Digest-CNonce            113  OctetString  -
+   Digest-Nonce-Count       114  OctetString  -
+   Digest-Username          115  OctetString  -
+   Digest-Opaque            116  OctetString  -
+   Digest-Auth-Param        117  OctetString  -
+   Digest-AKA-Auts          118  OctetString  -
+   Digest-Domain            119  OctetString  -
+   Digest-Stale             120  OctetString  -
+   Digest-HA1               121  OctetString  -
+   SIP-AOR                  122  OctetString  -
diff --git a/lib/diameter/examples/dict/rfc4740_sip.dia b/lib/diameter/examples/dict/rfc4740_sip.dia
new file mode 100644
index 0000000000..8c21882649
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4740_sip.dia
@@ -0,0 +1,446 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4740, Diameter Session Initiation Protocol (SIP) Application
+;;
+
+@id 6
+
+@inherits rfc3588_base
+@inherits rfc4590_digest
+
+;; ===========================================================================
+
+@avp_types
+
+    SIP-Accounting-Information          368  Grouped      M
+    SIP-Accounting-Server-URI           369  DiameterURI  M
+    SIP-Credit-Control-Server-URI       370  DiameterURI  M
+    SIP-Server-URI                      371  UTF8String   M
+    SIP-Server-Capabilities             372  Grouped      M
+    SIP-Mandatory-Capability            373  Unsigned32   M
+    SIP-Optional-Capability             374  Unsigned32   M
+    SIP-Server-Assignment-Type          375  Enumerated   M
+    SIP-Auth-Data-Item                  376  Grouped      M
+    SIP-Authentication-Scheme           377  Enumerated   M
+    SIP-Item-Number                     378  Unsigned32   M
+    SIP-Authenticate                    379  Grouped      M
+    SIP-Authorization                   380  Grouped      M
+    SIP-Authentication-Info             381  Grouped      M
+    SIP-Number-Auth-Items               382  Unsigned32   M
+    SIP-Deregistration-Reason           383  Grouped      M
+    SIP-Reason-Code                     384  Enumerated   M
+    SIP-Reason-Info                     385  UTF8String   M
+    SIP-Visited-Network-Id              386  UTF8String   M
+    SIP-User-Authorization-Type         387  Enumerated   M
+    SIP-Supported-User-Data-Type        388  UTF8String   M
+    SIP-User-Data                       389  Grouped      M
+    SIP-User-Data-Type                  390  UTF8String   M
+    SIP-User-Data-Contents              391  OctetString  M
+    SIP-User-Data-Already-Available     392  Enumerated   M
+    SIP-Method                          393  UTF8String   M
+
+;; ===========================================================================
+
+@messages
+
+   ;; 8.1.  User-Authorization-Request
+
+   UAR ::= < Diameter Header: 283, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Visited-Network-Id ]
+           [ SIP-User-Authorization-Type ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.2.  User-Authorization-Answer
+
+   UAA ::= < Diameter Header: 283, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ SIP-Server-URI ]
+           [ SIP-Server-Capabilities ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.3.  Server-Assignment-Request
+
+   SAR ::= < Diameter Header: 284, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-Server-Assignment-Type }
+           { SIP-User-Data-Already-Available }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Server-URI ]
+         * [ SIP-Supported-User-Data-Type ]
+         * [ SIP-AOR ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.4.  Server-Assignment-Answer
+
+   SAA ::= < Diameter Header: 284, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+         * [ SIP-User-Data ]
+           [ SIP-Accounting-Information ]
+         * [ SIP-Supported-User-Data-Type ]
+           [ User-Name ]
+           [ Auth-Grace-Period ]
+           [ Authorization-Lifetime ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.5.  Location-Info-Request
+
+  LIR ::= < Diameter Header: 285, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           [ Destination-Host ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.6.  Location-Info-Answer
+
+   LIA ::= < Diameter Header: 285, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ SIP-Server-URI ]
+           [ SIP-Server-Capabilities ]
+           [ Auth-Grace-Period ]
+           [ Authorization-Lifetime ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.7.  Multimedia-Auth-Request
+
+   MAR ::= < Diameter Header: 286, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           { SIP-Method }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Server-URI ]
+           [ SIP-Number-Auth-Items ]
+           [ SIP-Auth-Data-Item ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.8.  Multimedia-Auth-Answer
+
+   MAA ::= < Diameter Header: 286, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ SIP-AOR ]
+           [ SIP-Number-Auth-Items ]
+         * [ SIP-Auth-Data-Item ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.9.  Registration-Termination-Request
+
+   RTR ::= < Diameter Header: 287, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Host }
+           { SIP-Deregistration-Reason }
+           [ Destination-Realm ]
+           [ User-Name ]
+         * [ SIP-AOR ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.10.  Registration-Termination-Answer
+
+   RTA ::= < Diameter Header: 287, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.11.  Push-Profile-Request
+
+   PPR ::= < Diameter Header: 288, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { User-Name }
+         * [ SIP-User-Data ]
+           [ SIP-Accounting-Information ]
+           [ Destination-Host ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.12.  Push-Profile-Answer
+
+   PPA ::= < Diameter Header: 288, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   SIP-Accounting-Information ::= < AVP Header: 368 >
+
+         * [ SIP-Accounting-Server-URI ]
+         * [ SIP-Credit-Control-Server-URI ]
+         * [ AVP]
+
+   SIP-Server-Capabilities ::= < AVP Header: 372 >
+
+         * [ SIP-Mandatory-Capability ]
+         * [ SIP-Optional-Capability ]
+         * [ SIP-Server-URI ]
+         * [ AVP ]
+
+   SIP-Auth-Data-Item ::= < AVP Header: 376 >
+
+           { SIP-Authentication-Scheme }
+           [ SIP-Item-Number ]
+           [ SIP-Authenticate ]
+           [ SIP-Authorization ]
+           [ SIP-Authentication-Info ]
+         * [ AVP ]
+
+   SIP-Authenticate ::= < AVP Header: 379 >
+
+           { Digest-Realm }
+           { Digest-Nonce }
+           [ Digest-Domain ]
+           [ Digest-Opaque ]
+           [ Digest-Stale ]
+           [ Digest-Algorithm ]
+           [ Digest-Qop ]
+           [ Digest-HA1]
+         * [ Digest-Auth-Param ]
+         * [ AVP ]
+
+   SIP-Authorization ::= < AVP Header: 380 >
+
+           { Digest-Username }
+           { Digest-Realm }
+           { Digest-Nonce }
+           { Digest-URI }
+           { Digest-Response }
+           [ Digest-Algorithm ]
+           [ Digest-CNonce ]
+           [ Digest-Opaque ]
+           [ Digest-Qop ]
+           [ Digest-Nonce-Count ]
+           [ Digest-Method]
+           [ Digest-Entity-Body-Hash ]
+         * [ Digest-Auth-Param ]
+         * [ AVP ]
+
+   SIP-Authentication-Info ::= < AVP Header: 381 >
+
+           [ Digest-Nextnonce ]
+           [ Digest-Qop ]
+           [ Digest-Response-Auth ]
+           [ Digest-CNonce ]
+           [ Digest-Nonce-Count ]
+         * [ AVP ]
+
+   SIP-Deregistration-Reason ::= < AVP Header: 383 >
+
+           { SIP-Reason-Code }
+           [ SIP-Reason-Info ]
+         * [ AVP ]
+
+   SIP-User-Data ::= < AVP Header: 389 >
+
+           { SIP-User-Data-Type }
+           { SIP-User-Data-Contents }
+         * [ AVP ]
+
+;; ===========================================================================
+
+@enum SIP-Server-Assignment-Type
+
+   NO_ASSIGNMENT                  0
+   REGISTRATION                   1
+   RE_REGISTRATION                2
+   UNREGISTERED_USER              3
+   TIMEOUT_DEREGISTRATION         4
+   USER_DEREGISTRATION            5
+   TIMEOUT_DEREGISTRATION_STORE   6
+   USER_DEREGISTRATION_STORE      7
+   ADMINISTRATIVE_DEREGISTRATION  8
+   AUTHENTICATION_FAILURE         9
+   AUTHENTICATION_TIMEOUT        10
+   DEREGISTRATION_TOO_MUCH_DATA  11
+
+@enum SIP-Authentication-Scheme
+
+   DIGEST                         0
+
+@enum SIP-Reason-Code
+
+   PERMANENT_TERMINATION          0
+   NEW_SIP_SERVER_ASSIGNED        1
+   SIP_SERVER_CHANGE              2
+   REMOVE_SIP_SERVER              3
+
+@enum SIP-User-Authorization-Type
+
+   REGISTRATION                   0
+   DEREGISTRATION                 1
+   REGISTRATION_AND_CAPABILITIES  2
+
+@enum SIP-User-Data-Already-Available
+
+   USER_DATA_NOT_AVAILABLE        0
+   USER_DATA_ALREADY_AVAILABLE    1
+
+;; ===========================================================================
+
+@define Result-Code
+
+   ;; Success
+
+   FIRST_REGISTRATION                   2003
+   SUBSEQUENT_REGISTRATION              2004
+   UNREGISTERED_SERVICE                 2005
+   SUCCESS_SERVER_NAME_NOT_STORED       2006
+   SERVER_SELECTION                     2007
+   SUCCESS_AUTH_SENT_SERVER_NOT_STORED  2008
+
+   ;; Transient Failures
+
+   USER_NAME_REQUIRED                   4013
+
+   ;; Permanent Failures
+
+   USER_UNKNOWN                         5032
+   IDENTITIES_DONT_MATCH                5033
+   IDENTITY_NOT_REGISTERED              5034
+   ROAMING_NOT_ALLOWED                  5035
+   IDENTITY_ALREADY_REGISTERED          5036
+   AUTH_SCHEME_NOT_SUPPORTED            5037
+   IN_ASSIGNMENT_TYPE                   5038
+   TOO_MUCH_DATA                        5039
+   NOT_SUPPORTED_USER_DATA              5040
diff --git a/lib/diameter/examples/sctp.erl b/lib/diameter/examples/sctp.erl
deleted file mode 100644
index 2e0e9d8b0b..0000000000
--- a/lib/diameter/examples/sctp.erl
+++ /dev/null
@@ -1,113 +0,0 @@
-
--module(sctp).
-
-%%
-%% A small example demonstrating the establishment of an SCTP
-%% association with gen_sctp.
-%%
-
--export([assoc/0,
-         dbg/0]).
-
--include_lib("kernel/include/inet_sctp.hrl").
-
--define(ADDR, {127,0,0,1}).
--define(SERVER_PORT, 3868).
--define(CONNECT_TIMEOUT, 2000).
--define(REQUEST, <<0:64>>).
--define(REPLY,   <<1:64>>).
-
--record(server, {client,
-                 socket,
-                 assoc}).
-
--record(client, {socket,
-                 assoc}).
-
-%% assoc/0
-%%
-%% Return on a successfully established association, raise an
-%% exception otherwise.
-
-assoc() ->
-    {_, MRef} = spawn_monitor(fun server/0),
-    receive {'DOWN', MRef, process, _, Info} -> Info end.
-
-%% dbg/0
-
-dbg() ->
-    dbg:tracer(),
-    dbg:p(all,c),
-    dbg:tpl(?MODULE, [{'_',[],[{exception_trace}]}]),
-    dbg:tp(gen_sctp, [{'_',[],[{exception_trace}]}]),
-    ok.
-
-%% server/0
-
-server() ->
-    {ok, Sock} = gen_sctp:open([binary,
-                                {reuseaddr, true},
-                                {active, true},
-                                {ip, ?ADDR},
-                                {port, ?SERVER_PORT}]),
-    ok = gen_sctp:listen(Sock, true),
-    {_Pid, MRef} = spawn_monitor(fun client/0),
-    s(#server{client = MRef, socket = Sock}),
-    gen_sctp:close(Sock).
-
-%% s/1
-
-s(#server{} = S) ->
-    s(s(receive T -> T end, S));
-s(T) ->
-    T.
-
-%% s/2
-
-s({sctp, Sock, _RA, _RP, {[], #sctp_assoc_change{state = comm_up,
-                                                 assoc_id = Id}}},
-  #server{socket = Sock, assoc = undefined}
-  = S) ->
-    S#server{assoc = Id};
-
-s({sctp, Sock, _RA, _RP, {[#sctp_sndrcvinfo{assoc_id = AId,
-                                            stream = SId}],
-                          ?REQUEST}},
-  #server{socket = Sock, assoc = AId}
-  = S) ->
-    ok = gen_sctp:send(Sock, AId, SId, ?REPLY),
-    S;
-
-s({'DOWN', MRef, process, _, normal} = T, #server{client = MRef}) ->
-    T.
-
-%% client/0
-
-client() ->
-    {ok, Sock} = gen_sctp:open([binary,
-                                {reuseaddr, true},
-                                {active, true},
-                                {ip, ?ADDR},
-                                {port, 0}]),
-    ok = gen_sctp:connect_init(Sock, ?ADDR, ?SERVER_PORT, []),
-    c(#client{socket = Sock}),
-    gen_sctp:close(Sock).
-
-
-%% c/1
-
-c(#client{} = S) ->
-    c(c(receive T -> T end, S));
-c(T) ->
-    T.
-
-c({sctp, Sock, _RA, _RP, {[], #sctp_assoc_change{state = comm_up,
-                                                 assoc_id = Id}}},
-  #client{socket = Sock, assoc = undefined}
-  = S) ->
-    ok = gen_sctp:send(Sock, Id, 0, ?REQUEST),
-    S#client{assoc = Id};
-
-c({sctp, Sock, _RA, _RP, {[#sctp_sndrcvinfo{assoc_id = AId}], ?REPLY}},
-  #client{socket = Sock, assoc = AId}) ->
-    ok.
diff --git a/lib/diameter/include/diameter.hrl b/lib/diameter/include/diameter.hrl
index 0fa7fd406f..4273262015 100644
--- a/lib/diameter/include/diameter.hrl
+++ b/lib/diameter/include/diameter.hrl
@@ -107,6 +107,21 @@
          transport = sctp,       %% | tcp,
          protocol  = diameter}). %% | radius | 'tacacs+'
 
+%% A diameter_callback record can be specified as an application
+%% module in order to selectively receive callbacks or alter their
+%% form.
+-record(diameter_callback,
+        {peer_up,
+         peer_down,
+         pick_peer,
+         prepare_request,
+         prepare_retransmit,
+         handle_request,
+         handle_answer,
+         handle_error,
+         default,
+         extra = []}).
+
 %% The diameter service and diameter_apps records are only passed
 %% through the transport interface when starting a transport process,
 %% although typically a transport implementation will (and probably
diff --git a/lib/diameter/include/diameter_gen.hrl b/lib/diameter/include/diameter_gen.hrl
index d037e1044a..13a6c462af 100644
--- a/lib/diameter/include/diameter_gen.hrl
+++ b/lib/diameter/include/diameter_gen.hrl
@@ -40,14 +40,14 @@ encode_avps(Name, Rec) ->
         list_to_binary(encode(Name, Rec))
     catch
         throw: {?MODULE, Reason} ->
-            diameter_dbg:log({encode, error},
+            diameter_lib:log({encode, error},
                              ?MODULE,
                              ?LINE,
                              {Reason, Name, Rec}),
             erlang:error(list_to_tuple(Reason ++ [Name]));
         error: Reason ->
             Stack = erlang:get_stacktrace(),
-            diameter_dbg:log({encode, failure},
+            diameter_lib:log({encode, failure},
                              ?MODULE,
                              ?LINE,
                              {Reason, Name, Rec, Stack}),
@@ -159,7 +159,7 @@ d_rc(Name, {Avps, {Rec, [] = Failed}}) ->
         {Rec, Avps, Failed}
     catch
         throw: {?MODULE, {AvpName, Reason}} ->
-            diameter_dbg:log({decode, error},
+            diameter_lib:log({decode, error},
                              ?MODULE,
                              ?LINE,
                              {AvpName, Reason, Rec}),
@@ -260,7 +260,7 @@ d(Name, Avp, {Avps, Acc}) ->
             %% respond sensibly to. Log the occurence for traceability,
             %% but the peer will also receive info in the resulting
             %% answer-message.
-            diameter_dbg:log({decode, failure},
+            diameter_lib:log({decode, failure},
                              ?MODULE,
                              ?LINE,
                              {Reason, Avp, erlang:get_stacktrace()}),
diff --git a/lib/diameter/make/rules.mk.in b/lib/diameter/make/rules.mk.in
index 6318f2bc9c..cd3c297d75 100644
--- a/lib/diameter/make/rules.mk.in
+++ b/lib/diameter/make/rules.mk.in
@@ -112,8 +112,6 @@ $(EBIN)/%.beam: $(ESRC)/%.erl
 # ----------------------------------------------------
 # export VSN
 
-# DOCSUPPORT = 1
-
 # TOPDOCDIR=../../../../doc
 
 DOCDIR = ..
diff --git a/lib/diameter/src/.gitignore b/lib/diameter/src/.gitignore
new file mode 100644
index 0000000000..feeb378fd8
--- /dev/null
+++ b/lib/diameter/src/.gitignore
@@ -0,0 +1,2 @@
+
+/depend.mk
diff --git a/lib/diameter/src/Makefile b/lib/diameter/src/Makefile
index 6935eb053e..dbfaa4e140 100644
--- a/lib/diameter/src/Makefile
+++ b/lib/diameter/src/Makefile
@@ -16,28 +16,251 @@
 # 
 # %CopyrightEnd%
 
-ifneq ($(ERL_TOP),)
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-else
+ifeq ($(ERL_TOP),)
 include $(DIAMETER_TOP)/make/target.mk
 include $(DIAMETER_TOP)/make/$(TARGET)/rules.mk
+else
+include $(ERL_TOP)/make/target.mk
+include $(ERL_TOP)/make/$(TARGET)/otp.mk
 endif
 
 # ----------------------------------------------------
-# Common Macros
+# Application version
+# ----------------------------------------------------
+
+include ../vsn.mk
+
+VSN = $(DIAMETER_VSN)
+
+# ----------------------------------------------------
+# Release directory specification
 # ----------------------------------------------------
 
-include subdirs.mk
+RELSYSDIR = $(RELEASE_PATH)/lib/diameter-$(VSN)
+
+# Where to put/find things.
+EBIN   = ../ebin
+INCDIR = ../include
 
-SPECIAL_TARGETS =
+# Dumbed down to make 3.80. In 3.81 and later it's just $(realpath $(EBIN)).
+ABS_EBIN := $(shell cd $(EBIN) && pwd)
+
+# Where make should look for dependencies.
+VPATH = .:base:compiler:transport:gen
 
 # ----------------------------------------------------
-# Default Subdir Targets
+# Target specs
 # ----------------------------------------------------
-ifneq ($(ERL_TOP),)
-include $(ERL_TOP)/make/otp_subdir.mk
+
+include modules.mk
+
+# Modules generated from dictionary specifications.
+DICT_MODULES = $(DICTS:%=gen/diameter_gen_%)
+DICT_ERLS    = $(DICT_MODULES:%=%.erl)
+DICT_HRLS    = $(DICT_MODULES:%=%.hrl)
+
+# Modules to build before compiling dictionaries.
+COMPILER_MODULES = $(notdir $(filter compiler/%, $(CT_MODULES))) \
+                   $(DICT_YRL)
+
+# All handwritten modules from which a depend.mk is generated.
+MODULES = \
+	$(RT_MODULES) \
+	$(CT_MODULES)
+
+# Modules whose names are inserted into the app file.
+APP_MODULES = \
+	$(RT_MODULES) \
+	$(DICT_MODULES)
+
+# Modules for which to build beams.
+TARGET_MODULES = \
+	$(APP_MODULES) \
+	$(CT_MODULES) \
+	$(DICT_YRL:%=gen/%)
+
+# What to build for the 'opt' target.
+TARGET_FILES = \
+	$(patsubst %, $(EBIN)/%.$(EMULATOR), $(notdir $(TARGET_MODULES))) \
+	$(APP_TARGET) \
+	$(APPUP_TARGET)
+
+# Subdirectories of src to release modules into.
+TARGET_DIRS = $(sort $(dir $(TARGET_MODULES)))
+
+# Ditto for examples.
+EXAMPLE_DIRS = $(sort $(dir $(EXAMPLES)))
+
+APP_FILE   = diameter.app
+APP_SRC    = $(APP_FILE).src
+APP_TARGET = $(EBIN)/$(APP_FILE)
+
+APPUP_FILE   = diameter.appup
+APPUP_SRC    = $(APPUP_FILE).src
+APPUP_TARGET = $(EBIN)/$(APPUP_FILE)
+
+# ----------------------------------------------------
+# Flags
+# ----------------------------------------------------
+
+ifeq ($(TYPE),debug)
+ERL_COMPILE_FLAGS += -Ddebug
+endif
+
+ERL_COMPILE_FLAGS += \
+	+'{parse_transform,sys_pre_attributes}' \
+	+'{attribute,insert,app_vsn,$(APP_VSN)}' \
+	+warn_export_vars \
+	+warn_unused_vars \
+	-pa $(ABS_EBIN) \
+	-I $(INCDIR) \
+	-I gen
+# -pa is to be able to include_lib from the include directory: the
+# path must contain the application name.
+
+# ----------------------------------------------------
+# Targets
+# ----------------------------------------------------
+
+# erl/hrl from dictionary file.
+gen/diameter_gen_%.erl gen/diameter_gen_%.hrl: dict/%.dia
+	../bin/diameterc -o gen -i $(EBIN) $<
+
+opt: $(TARGET_FILES)
+
+debug:
+	@$(MAKE) TYPE=debug opt
+
+# The dictionary parser.
+gen/$(DICT_YRL).erl: compiler/$(DICT_YRL).yrl
+	$(ERLC) -Werror -o $(@D) $<
+
+# Generate the app file.
+$(APP_TARGET): $(APP_SRC) ../vsn.mk modules.mk
+	M=`echo $(notdir $(APP_MODULES)) | tr ' ' ,`; \
+	sed -e 's;%VSN%;$(VSN);' \
+	    -e "s;%MODULES%;$$M;" \
+	  $< > $@
+
+$(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
+	sed -e 's;%VSN%;$(VSN);' $< > $@
+
+app:  $(APP_TARGET) $(APPUP_TARGET)
+dict: $(DICT_ERLS)
+
+docs:
+
+list = echo $(1):; echo $($(1)) | tr ' ' '\n' | sort | sed 's@^@  @'
+
+info:
+	@echo ========================================
+	@$(call list,DICTS)
+	@echo
+	@$(call list,DICT_YRL)
+	@echo
+	@$(call list,RT_MODULES)
+	@echo
+	@$(call list,CT_MODULES)
+	@echo
+	@$(call list,TARGET_MODULES)
+	@echo
+	@$(call list,TARGET_DIRS)
+	@echo
+	@$(call list,EXTERNAL_HRLS)
+	@echo
+	@$(call list,INTERNAL_HRLS)
+	@echo
+	@$(call list,EXAMPLES)
+	@echo
+	@$(call list,EXAMPLE_DIRS)
+	@echo
+	@$(call list,BINS)
+	@echo ========================================
+
+clean:
+	rm -f $(TARGET_FILES) gen/*
+	rm -f depend.mk
+
+# ----------------------------------------------------
+# Release targets
+# ----------------------------------------------------
+
+ifeq ($(ERL_TOP),)
+include $(DIAMETER_TOP)/make/release_targets.mk
 else
-include $(DIAMETER_TOP)/make/subdir.mk
+include $(ERL_TOP)/make/otp_release_targets.mk
 endif
-#include ../make/subdir.mk
+
+# Can't $(INSTALL_DIR) more than one directory at a time on Solaris.
+
+release_spec: opt
+	for d in bin ebin include src/dict; do \
+	    $(INSTALL_DIR) $(RELSYSDIR)/$$d; \
+	done
+	$(INSTALL_SCRIPT) $(BINS:%=../bin/%) $(RELSYSDIR)/bin
+	$(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin
+	$(INSTALL_DATA) $(EXTERNAL_HRLS:%=../include/%) $(DICT_HRLS) \
+	                $(RELSYSDIR)/include
+	$(INSTALL_DATA) $(DICTS:%=dict/%.dia) $(RELSYSDIR)/src/dict
+	$(MAKE) $(TARGET_DIRS:%/=release_src_%)
+	$(MAKE) $(EXAMPLE_DIRS:%/=release_examples_%)
+
+$(TARGET_DIRS:%/=release_src_%): release_src_%:
+	$(INSTALL_DIR) $(RELSYSDIR)/src/$*
+	$(INSTALL_DATA) $(filter $*/%, $(TARGET_MODULES:%=%.erl) \
+	                               $(INTERNAL_HRLS)) \
+	                $(filter $*/%, compiler/$(DICT_YRL).yrl) \
+	                $(RELSYSDIR)/src/$*
+
+$(EXAMPLE_DIRS:%/=release_examples_%): release_examples_%:
+	$(INSTALL_DIR) $(RELSYSDIR)/examples/$*
+	$(INSTALL_DATA) $(patsubst %, ../examples/%, $(filter $*/%, $(EXAMPLES))) \
+	                $(RELSYSDIR)/examples/$*
+
+release_docs_spec:
+
+# ----------------------------------------------------
+# Dependencies
+# ----------------------------------------------------
+
+gen/diameter_gen_base_accounting.erl gen/diameter_gen_relay.erl \
+gen/diameter_gen_base_accounting.hrl gen/diameter_gen_relay.hrl: \
+	$(EBIN)/diameter_gen_base_rfc3588.$(EMULATOR)
+
+gen/diameter_gen_base_rfc3588.erl gen/diameter_gen_base_rfc3588.hrl: \
+	$(COMPILER_MODULES:%=$(EBIN)/%.$(EMULATOR))
+
+$(DICT_MODULES:gen/%=$(EBIN)/%.$(EMULATOR)): \
+	$(INCDIR)/diameter.hrl \
+	$(INCDIR)/diameter_gen.hrl
+
+depend: depend.mk
+
+# Generate dependencies makefile.
+depend.mk: depend.sed $(MODULES:%=%.erl) Makefile
+	(for f in $(MODULES); do \
+	     (echo $$f; cat $$f.erl) | sed -f $<; \
+	 done) \
+	> $@
+
+-include depend.mk
+
+.PHONY: app clean depend dict info release_subdir
+.PHONY: debug opt release_docs_spec release_spec
+.PHONY: $(TARGET_DIRS:%/=%) $(TARGET_DIRS:%/=release_src_%)
+.PHONY: $(EXAMPLE_DIRS:%/=release_examples_%)
+
+# Keep intermediate files.
+.SECONDARY: $(DICT_ERLS) $(DICT_HRLS) gen/$(DICT_YRL:%=%.erl)
+
+# ----------------------------------------------------
+# Targets using secondary expansion (make >= 3.81)
+# ----------------------------------------------------
+
+.SECONDEXPANSION:
+
+# Make beams from a subdirectory.
+$(TARGET_DIRS:%/=%): \
+  $$(patsubst $$@/%, \
+              $(EBIN)/%.$(EMULATOR), \
+              $$(filter $$@/%, $(TARGET_MODULES) compiler/$(DICT_YRL)))
diff --git a/lib/diameter/src/app/.gitignore b/lib/diameter/src/app/.gitignore
deleted file mode 100644
index d388e61877..0000000000
--- a/lib/diameter/src/app/.gitignore
+++ /dev/null
@@ -1,6 +0,0 @@
-
-/diameter_gen_*.erl
-/diameter_gen_*.hrl
-/depend.mk
-/diameter.mk
-
diff --git a/lib/diameter/src/app/Makefile b/lib/diameter/src/app/Makefile
deleted file mode 100644
index a75c70d71c..0000000000
--- a/lib/diameter/src/app/Makefile
+++ /dev/null
@@ -1,212 +0,0 @@
-#
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-#
-#
-
-ifneq ($(ERL_TOP),)
-include $(ERL_TOP)/make/target.mk
-EBIN = ../../ebin
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-else
-include $(DIAMETER_TOP)/make/target.mk
-EBIN = ../../ebin
-include $(DIAMETER_TOP)/make/$(TARGET)/rules.mk
-endif
-
-
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-
-include ../../vsn.mk
-
-VSN=$(DIAMETER_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-
-RELSYSDIR = $(RELEASE_PATH)/lib/diameter-$(VSN)
-
-INCDIR = ../../include
-
-# ----------------------------------------------------
-# Target Specs
-# ----------------------------------------------------
-
-include modules.mk
-
-SPEC_MODULES = \
-	$(SPEC_FILES:%.dia=%)
-
-SPEC_ERL_FILES = \
-	$(SPEC_FILES:%.dia=%.erl)
-
-SPEC_HRL_FILES = \
-	$(SPEC_FILES:%.dia=%.hrl)
-
-MODULES = \
-	$(RUNTIME_MODULES) \
-	$(HELP_MODULES)
-
-APP_MODULES = \
-	$(RUNTIME_MODULES) \
-	$(SPEC_MODULES)
-
-TARGET_MODULES = \
-	$(APP_MODULES) \
-	$(HELP_MODULES)
-
-TARGET_FILES = \
-	$(TARGET_MODULES:%=$(EBIN)/%.$(EMULATOR)) \
-	$(APP_TARGET) \
-	$(APPUP_TARGET)
-
-ESCRIPT_FILES = \
-	../../bin/diameterc
-
-APP_FILE   = diameter.app
-APP_SRC    = $(APP_FILE).src
-APP_TARGET = $(EBIN)/$(APP_FILE)
-
-APPUP_FILE   = diameter.appup
-APPUP_SRC    = $(APPUP_FILE).src
-APPUP_TARGET = $(EBIN)/$(APPUP_FILE)
-
-# ----------------------------------------------------
-# FLAGS
-# ----------------------------------------------------
-
-ifeq ($(TYPE),debug)
-ERL_COMPILE_FLAGS += -Ddebug
-endif
-
-include diameter.mk
-
-ERL_COMPILE_FLAGS += \
-    $(DIAMETER_ERL_COMPILE_FLAGS) \
-    -I$(INCDIR)
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-
-debug:
-	@$(MAKE) TYPE=debug opt
-
-opt: $(TARGET_FILES)
-
-clean:
-	rm -f $(TARGET_FILES) $(SPEC_ERL_FILES) $(SPEC_HRL_FILES)
-	rm -f $(APP_TARGET) $(APPUP_TARGET)
-	rm -f errs core *~ diameter_gen_*.forms diameter_gen_*.spec
-	rm -f depend.mk
-
-docs:
-
-info:
-	@echo ""
-	@echo "SPEC_FILES = $(FILES)"
-	@echo "MODULES    = $(MODULES)"
-	@echo ""
-	@echo "EXTERNAL_HRL_FILES = $(EXTERNAL_HRL_FILES)"
-	@echo "INTERNAL_HRL_FILES = $(INTERNAL_HRL_FILES)"
-	@echo ""
-	@echo "EXAMPLE_FILES = $(EXAMPLE_FILES)"
-	@echo ""
-
-# ----------------------------------------------------
-# Special Build Targets
-# ----------------------------------------------------
-
-# Generate the app file and then modules into in. This shouldn't know
-# about ../transport but good enough for now.
-$(APP_TARGET): $(APP_SRC) \
-               ../../vsn.mk \
-               modules.mk \
-               ../transport/modules.mk
-	sed -e 's;%VSN%;$(VSN);' $< > $@
-	M=`echo $(APP_MODULES) | sed -e 's/^ *//' -e 's/ *$$//' -e 'y/ /,/'`; \
-	echo "/%APP_MODULES%/s//$$M/;w;q" | tr ';' '\n' \
-	| ed -s $@
-	$(MAKE) -C ../transport $(APP_TARGET) APP_TARGET=$(APP_TARGET)
-
-$(APPUP_TARGET): $(APPUP_SRC) ../../vsn.mk
-	sed -e 's;%VSN%;$(VSN);' $< > $@
-
-compiler:
-	$(MAKE) -C ../$@
-
-app: $(APP_TARGET) $(APPUP_TARGET)
-
-# erl/hrl from application spec
-diameter_gen_%.erl diameter_gen_%.hrl: diameter_gen_%.dia
-	../../bin/diameterc -i $(EBIN) -o $(@D) $<
-
-# ----------------------------------------------------
-# Release Target
-# ----------------------------------------------------
-
-ifneq ($(ERL_TOP),)
-include $(ERL_TOP)/make/otp_release_targets.mk
-else
-include $(DIAMETER_TOP)/make/release_targets.mk
-endif
-
-release_spec: opt
-	$(INSTALL_DIR)  $(RELSYSDIR)/bin
-	$(INSTALL_DIR)  $(RELSYSDIR)/ebin
-	$(INSTALL_DIR)  $(RELSYSDIR)/src/app
-	$(INSTALL_DIR)  $(RELSYSDIR)/include
-	$(INSTALL_DIR)  $(RELSYSDIR)/examples
-	$(INSTALL_SCRIPT) $(ESCRIPT_FILES) $(RELSYSDIR)/bin
-	$(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin
-	$(INSTALL_DATA) $(MODULES:%=%.erl) $(SPEC_ERL_FILES) $(RELSYSDIR)/src/app
-	$(INSTALL_DATA) $(SPEC_FILES) $(RELSYSDIR)/src/app
-	$(INSTALL_DATA) $(INTERNAL_HRL_FILES) $(RELSYSDIR)/src/app
-	$(INSTALL_DATA) $(EXTERNAL_HRL_FILES) $(SPEC_HRL_FILES) $(RELSYSDIR)/include
-	$(INSTALL_DATA) $(EXAMPLE_FILES) $(RELSYSDIR)/examples
-
-release_docs_spec:
-
-# ----------------------------------------------------
-# Dependencies
-# ----------------------------------------------------
-
-$(SPEC_MODULES:%=$(EBIN)/%.$(EMULATOR)): \
-	$(EBIN)/diameter_exprecs.$(EMULATOR) \
-	$(DIAMETER_TOP)/include/diameter.hrl \
-	$(DIAMETER_TOP)/include/diameter_gen.hrl
-
-depend: depend.mk
-
-# Generate dependencies makefile. It's assumed that the compile target
-# has already been made since it's currently not smart enough to not
-# force a rebuild of those beams dependent on generated hrls, and this
-# is a no-no at make release.
-depend.mk: depend.sed $(MODULES:%=%.erl) Makefile
-	(for f in $(MODULES); do \
-	     sed -f $< $$f.erl | sed "s@/@/$$f@"; \
-	 done) \
-	> $@
-
--include depend.mk
-
-.PRECIOUS: $(SPEC_ERL_FILES) $(SPEC_HRL_FILES)
-.PHONY: app clean debug depend info opt compiler release_spec release_docs_spec
diff --git a/lib/diameter/src/app/depend.sed b/lib/diameter/src/app/depend.sed
deleted file mode 100644
index 9df0133960..0000000000
--- a/lib/diameter/src/app/depend.sed
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-#
-
-#
-# Extract include dependencies from .erl files. The output is massaged
-# further in Makefile.
-#
-
-/^-include/!d
-/"diameter/!d
-
-s@^-include_lib("[^/]*@$(DIAMETER_TOP)@
-s@^-include("@@
-s@".*@@
-s@^@$(EBIN)/.$(EMULATOR): @
diff --git a/lib/diameter/src/app/diameter.app.src b/lib/diameter/src/app/diameter.app.src
deleted file mode 100644
index a806b5c78a..0000000000
--- a/lib/diameter/src/app/diameter.app.src
+++ /dev/null
@@ -1,28 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-{application, diameter,
- [{description, "Diameter protocol"},
-  {vsn, "%VSN%"},
-  {modules, [%APP_MODULES%,%TRANSPORT_MODULES%]},
-  {registered, []},
-  {applications, [stdlib, kernel]},
-  {env, []},
-  {mod, {diameter_app, []}}
- ]}.
diff --git a/lib/diameter/src/app/diameter.appup.src b/lib/diameter/src/app/diameter.appup.src
deleted file mode 100644
index 6d8ceadb92..0000000000
--- a/lib/diameter/src/app/diameter.appup.src
+++ /dev/null
@@ -1,47 +0,0 @@
-%% This is an -*- erlang -*- file.
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-{"%VSN%",
- [
-  {"0.9",
-   [
-    {load_module, diameter,           soft_purge, soft_purge, []},
-    {load_module, diameter_capx,      soft_purge, soft_purge, []},
-    {load_module, diameter_codec,     soft_purge, soft_purge, [diameter_lib]},
-    {load_module, diameter_lib,       soft_purge, soft_purge, []},
-    {load_module, diameter_types,     soft_purge, soft_purge, []},
-    {load_module, diameter_gen_base_accounting, soft_purge, soft_purge, []},
-    {load_module, diameter_gen_base_rfc3588,    soft_purge, soft_purge, []},
-    {load_module, diameter_gen_relay, soft_purge, soft_purge, []},
-    {update, diameter_service,  soft, soft_purge, soft_purge, [diameter_lib]},
-    {update, diameter_config,   soft, soft_purge, soft_purge, []},
-    {update, diameter_peer,     soft, soft_purge, soft_purge, []},
-    {update, diameter_peer_fsm, soft, soft_purge, soft_purge, [diameter_lib]},
-    {update, diameter_reg,      soft, soft_purge, soft_purge, []},
-    {update, diameter_sctp,     soft, soft_purge, soft_purge, []},
-    {update, diameter_stats,    soft, soft_purge, soft_purge, []},
-    {update, diameter_sync,     soft, soft_purge, soft_purge, []},
-    {update, diameter_watchdog, soft, soft_purge, soft_purge, [diameter_lib]}
-   ]
-  }
- ],
- [
- ]
-}.
diff --git a/lib/diameter/src/app/diameter.erl b/lib/diameter/src/app/diameter.erl
deleted file mode 100644
index 2f721421d8..0000000000
--- a/lib/diameter/src/app/diameter.erl
+++ /dev/null
@@ -1,190 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--module(diameter).
-
-%% Configuration.
--export([start_service/2,
-         stop_service/1,
-         add_transport/2,
-         remove_transport/2,
-         subscribe/1,
-         unsubscribe/1]).
-
-%% Traffic.
--export([session_id/1,
-         origin_state_id/0,
-         call/3,
-         call/4]).
-
-%% Information.
--export([services/0,
-         service_info/2]).
-
-%% Start/stop the application. In a "real" application this should
-%% typically be a consequence of specifying diameter in a release file
-%% rather than by calling start/stop explicitly.
--export([start/0,
-         stop/0]).
-
--include("diameter_internal.hrl").
--include("diameter_types.hrl").
-
-%%% --------------------------------------------------------------------------
-%%% start/0
-%%% --------------------------------------------------------------------------
-
--spec start()
-   -> ok
-    | {error, term()}.
-
-start() ->
-    application:start(?APPLICATION).
-
-%%% --------------------------------------------------------------------------
-%%% stop/0
-%%% --------------------------------------------------------------------------
-
--spec stop()
-   -> ok
-    | {error, term()}.
-
-stop() ->
-    application:stop(?APPLICATION).
-
-%%% --------------------------------------------------------------------------
-%%% start_service/2
-%%% --------------------------------------------------------------------------
-
--spec start_service(service_name(), [service_opt()])
-   -> ok
-    | {error, term()}.
-
-start_service(SvcName, Opts)
-  when is_list(Opts) ->
-    diameter_config:start_service(SvcName, Opts).
-
-%%% --------------------------------------------------------------------------
-%%% stop_service/1
-%%% --------------------------------------------------------------------------
-
--spec stop_service(service_name())
-   -> ok
-    | {error, term()}.
-
-stop_service(SvcName) ->
-    diameter_config:stop_service(SvcName).
-
-%%% --------------------------------------------------------------------------
-%%% services/0
-%%% --------------------------------------------------------------------------
-
--spec services()
-   -> [service_name()].
-
-services() ->
-    [Name || {Name, _} <- diameter_service:services()].
-
-%%% --------------------------------------------------------------------------
-%%% service_info/2
-%%% --------------------------------------------------------------------------
-
--spec service_info(service_name(), atom() | [atom()])
-   -> any().
-
-service_info(SvcName, Option) ->
-    diameter_service:info(SvcName, Option).
-
-%%% --------------------------------------------------------------------------
-%%% add_transport/3
-%%% --------------------------------------------------------------------------
-
--spec add_transport(service_name(), {listen|connect, [transport_opt()]})
-   -> {ok, transport_ref()}
-    | {error, term()}.
-
-add_transport(SvcName, {T, Opts} = Cfg)
-  when is_list(Opts), (T == connect orelse T == listen) ->
-    diameter_config:add_transport(SvcName, Cfg).
-
-%%% --------------------------------------------------------------------------
-%%% remove_transport/2
-%%% --------------------------------------------------------------------------
-
--spec remove_transport(service_name(), transport_pred())
-   -> ok | {error, term()}.
-
-remove_transport(SvcName, Pred) ->
-    diameter_config:remove_transport(SvcName, Pred).
-
-%%% --------------------------------------------------------------------------
-%%% # subscribe(SvcName)
-%%%
-%%% Description: Subscribe to #diameter_event{} messages for the specified
-%%%              service.
-%%% --------------------------------------------------------------------------
-
--spec subscribe(service_name())
-   -> true.
-
-subscribe(SvcName) ->
-    diameter_service:subscribe(SvcName).
-
-%%% --------------------------------------------------------------------------
-%%% # unsubscribe(SvcName)
-%%% --------------------------------------------------------------------------
-
--spec unsubscribe(service_name())
-   -> true.
-
-unsubscribe(SvcName) ->
-    diameter_service:unsubscribe(SvcName).
-
-%%% ----------------------------------------------------------
-%%% # session_id/1
-%%% ----------------------------------------------------------
-
--spec session_id('DiameterIdentity'())
-   -> 'OctetString'().
-
-session_id(Ident) ->
-    diameter_session:session_id(Ident).
-
-%%% ----------------------------------------------------------
-%%% # origin_state_id/0
-%%% ----------------------------------------------------------
-
--spec origin_state_id()
-   -> 'Unsigned32'().
-
-origin_state_id() ->
-    diameter_session:origin_state_id().
-
-%%% --------------------------------------------------------------------------
-%%% # call/[34]
-%%% --------------------------------------------------------------------------
-
--spec call(service_name(), app_alias(), any(), [call_opt()])
-   -> any().
-
-call(SvcName, App, Message, Options) ->
-    diameter_service:call(SvcName, {alias, App}, Message, Options).
-
-call(SvcName, App, Message) ->
-    call(SvcName, App, Message, []).
diff --git a/lib/diameter/src/app/diameter.mk.in b/lib/diameter/src/app/diameter.mk.in
deleted file mode 100644
index c161064303..0000000000
--- a/lib/diameter/src/app/diameter.mk.in
+++ /dev/null
@@ -1,47 +0,0 @@
-#-*-makefile-*-   ; force emacs to enter makefile-mode
-
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-
-DIAMETER_TOP = @DIAMETER_TOP@
-
-# ifneq ($(PREFIX),)
-# ifeq ($(TESTROOT),)
-# TESTROOT = $(PREFIX)
-# endif
-# endif
-
-ifeq ($(USE_DIAMETER_TEST_CODE), true)
-ERL_COMPILE_FLAGS += -DDIAMETER_TEST_CODE=mona_lisa_spelar_doom
-endif
-
-ifeq ($(USE_DIAMETER_HIPE), true)
-ERL_COMPILE_FLAGS += +native
-endif
-
-ifeq ($(WARN_UNUSED_WARS), true)
-ERL_COMPILE_FLAGS += +warn_unused_vars
-endif
-
-DIAMETER_APP_VSN_COMPILE_FLAGS = \
-	+'{parse_transform,sys_pre_attributes}' \
-	+'{attribute,insert,app_vsn,$(APP_VSN)}'
-
-DIAMETER_ERL_COMPILE_FLAGS += \
-	-pa $(DIAMETER_TOP)/ebin  \
-	$(DIAMETER_APP_VSN_COMPILE_FLAGS) 
-
diff --git a/lib/diameter/src/app/diameter_callback.erl b/lib/diameter/src/app/diameter_callback.erl
deleted file mode 100644
index 6d5c8cdca1..0000000000
--- a/lib/diameter/src/app/diameter_callback.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% A minimal application callback module.
-%%
-
--module(diameter_callback).
-
--export([peer_up/3,
-         peer_down/3,
-         pick_peer/4,
-         prepare_request/3,
-         prepare_retransmit/3,
-         handle_request/3,
-         handle_answer/4,
-         handle_error/4]).
-
--include_lib("diameter/include/diameter.hrl").
-
-%%% ----------------------------------------------------------
-%%% # peer_up/3
-%%% ----------------------------------------------------------
-
-peer_up(_Svc, _Peer, State) ->
-    State.
-
-%%% ----------------------------------------------------------
-%%% # peer_down/3
-%%% ----------------------------------------------------------
-
-peer_down(_SvcName, _Peer, State) ->
-    State.
-
-%%% ----------------------------------------------------------
-%%% # pick_peer/4
-%%% ----------------------------------------------------------
-
-pick_peer([Peer|_], _, _SvcName, _State) ->
-    {ok, Peer}.
-
-%%% ----------------------------------------------------------
-%%% # prepare_request/3
-%%% ----------------------------------------------------------
-
-prepare_request(Pkt, _SvcName, _Peer) ->
-    {send, Pkt}.
-
-%%% ----------------------------------------------------------
-%%% # prepare_retransmit/3
-%%% ----------------------------------------------------------
-
-prepare_retransmit(Pkt, _SvcName, _Peer) ->
-    {send, Pkt}.
-
-%%% ----------------------------------------------------------
-%%% # handle_request/3
-%%% ----------------------------------------------------------
-
-handle_request(_Pkt, _SvcName, _Peer) ->
-    {protocol_error, 3001}.  %% DIAMETER_COMMAND_UNSUPPORTED
-
-%%% ----------------------------------------------------------
-%%% # handle_answer/4
-%%% ----------------------------------------------------------
-
-handle_answer(#diameter_packet{msg = Ans}, _Req, _SvcName, _Peer) ->
-    Ans.
-
-%%% ---------------------------------------------------------------------------
-%%% # handle_error/4
-%%% ---------------------------------------------------------------------------
-
-handle_error(Reason, _Req, _SvcName, _Peer) ->
-    {error, Reason}.
diff --git a/lib/diameter/src/app/diameter_capx.erl b/lib/diameter/src/app/diameter_capx.erl
deleted file mode 100644
index aa5318e79d..0000000000
--- a/lib/diameter/src/app/diameter_capx.erl
+++ /dev/null
@@ -1,388 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% This module builds CER and CEA records for use during capabilities
-%% exchange. All of a CER/CEA is built from AVP values configured on
-%% the service in question but values for Supported-Vendor-Id,
-%% Vendor-Specific-Application-Id, Auth-Application-Id and
-%% Acct-Application-id are also obtained using an older method that
-%% remains only for backwards compatibility. With this method, each
-%% dictionary module was required to export a cer/0 that returned a
-%% diameter_base_CER record (or corresponding list, although the list
-%% is also a later addition). Each returned CER contributes its member
-%% values for the aforementioned four AVPs to the resulting CER, with
-%% remaining AVP's either unspecified or identical to those configured
-%% on the service. Auth-Application-Id and Acct-Application-id were
-%% originally treated a little differently, each callback being
-%% required to return either no value of the same value as the other
-%% callbacks, but this coupled the callback modules unnecessarily. (A
-%% union is backwards compatible to boot.)
-%%
-%% Values obtained from the service and callbacks are all included
-%% when building a CER. Older code with only callback can continue to
-%% use them, newer code should probably stick to service configuration
-%% (since this is more explicit) or mix at their own peril.
-%%
-%% The cer/0 callback is now undocumented (despite never being fully
-%% documented to begin with) and should be considered deprecated even
-%% by those poor souls still using it.
-%%
-
--module(diameter_capx).
-
--export([build_CER/1,
-         recv_CER/2,
-         recv_CEA/2,
-         make_caps/2]).
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
--include("diameter_types.hrl").
--include("diameter_gen_base_rfc3588.hrl").
-
--define(SUCCESS, ?'DIAMETER_BASE_RESULT-CODE_DIAMETER_SUCCESS').
--define(NOAPP, ?'DIAMETER_BASE_RESULT-CODE_DIAMETER_NO_COMMON_APPLICATION').
--define(NOSECURITY, ?'DIAMETER_BASE_RESULT-CODE_DIAMETER_NO_COMMON_SECURITY').
-
--define(NO_INBAND_SECURITY, 0).
-
-%% ===========================================================================
-
--type tried(T) :: {ok, T} | {error, {term(), list()}}.
-
--spec build_CER(#diameter_caps{})
-   -> tried(#diameter_base_CER{}).
-
-build_CER(Caps) ->
-    try_it([fun bCER/1, Caps]).
-
--spec recv_CER(#diameter_base_CER{}, #diameter_service{})
-   -> tried({['Unsigned32'()], #diameter_caps{}, #diameter_base_CEA{}}).
-
-recv_CER(CER, Svc) ->
-    try_it([fun rCER/2, CER, Svc]).
-
--spec recv_CEA(#diameter_base_CEA{}, #diameter_service{})
-   -> tried({['Unsigned32'()], #diameter_caps{}}).
-
-recv_CEA(CEA, Svc) ->
-    try_it([fun rCEA/2, CEA, Svc]).
-
-make_caps(Caps, Opts) ->
-    try_it([fun mk_caps/2, Caps, Opts]).
-
-%% ===========================================================================
-%% ===========================================================================
-
-try_it([Fun | Args]) ->
-    try apply(Fun, Args) of
-        T -> {ok, T}
-    catch
-        throw: ?FAILURE(Reason) -> {error, {Reason, Args}}
-    end.
-
-%% mk_caps/2
-
-mk_caps(Caps0, Opts) ->
-    {Caps, _} = lists:foldl(fun set_cap/2,
-                            {Caps0, #diameter_caps{_ = false}},
-                            Opts),
-    Caps.
-
--define(SC(K,F),
-        set_cap({K, Val}, {Caps, #diameter_caps{F = false} = C}) ->
-            {Caps#diameter_caps{F = cap(K, Val)}, C#diameter_caps{F = true}}).
-
-?SC('Origin-Host',         origin_host);
-?SC('Origin-Realm',        origin_realm);
-?SC('Host-IP-Address',     host_ip_address);
-?SC('Vendor-Id',           vendor_id);
-?SC('Product-Name',        product_name);
-?SC('Origin-State-Id',     origin_state_id);
-?SC('Supported-Vendor-Id', supported_vendor_id);
-?SC('Auth-Application-Id', auth_application_id);
-?SC('Inband-Security-Id',  inband_security_id);
-?SC('Acct-Application-Id', acct_application_id);
-?SC('Vendor-Specific-Application-Id', vendor_specific_application_id);
-?SC('Firmware-Revision',   firmware_revision);
-
-set_cap({Key, _}, _) ->
-    ?THROW({duplicate, Key}).
-
-cap(K, V) when K == 'Origin-Host';
-               K == 'Origin-Realm';
-               K == 'Vendor-Id';
-               K == 'Product-Name' ->
-    V;
-
-cap('Host-IP-Address', Vs)
-  when is_list(Vs) ->
-    lists:map(fun ipaddr/1, Vs);
-
-cap('Firmware-Revision', V) ->
-    [V];
-
-%% Not documented but accept it as long as it's what we support.
-cap('Inband-Security-Id', [0] = Vs) ->  %% NO_INBAND_SECURITY
-    Vs;
-
-cap(K, Vs) when K /= 'Inband-Security-Id', is_list(Vs) ->
-    Vs;
-
-cap(K, V) ->
-    ?THROW({invalid, K, V}).
-
-ipaddr(A) ->
-    try
-        diameter_lib:ipaddr(A)
-    catch
-        error: {invalid_address, _} = T ->
-            ?THROW(T)
-    end.
-
-%% bCER/1
-%%
-%% Build a CER record to send to a remote peer.
-
-bCER(#diameter_caps{origin_host = Host,
-                    origin_realm = Realm,
-                    host_ip_address = Addrs,
-                    vendor_id = Vid,
-                    product_name = Name,
-                    origin_state_id = OSI,
-                    supported_vendor_id = SVid,
-                    auth_application_id = AuId,
-                    acct_application_id = AcId,
-                    vendor_specific_application_id = VSA,
-                    firmware_revision = Rev}) ->
-    #diameter_base_CER{'Origin-Host' = Host,
-                       'Origin-Realm' = Realm,
-                       'Host-IP-Address' = Addrs,
-                       'Vendor-Id' = Vid,
-                       'Product-Name' = Name,
-                       'Origin-State-Id' = OSI,
-                       'Supported-Vendor-Id' = SVid,
-                       'Auth-Application-Id' = AuId,
-                       'Acct-Application-Id' = AcId,
-                       'Vendor-Specific-Application-Id' = VSA,
-                       'Firmware-Revision' = Rev}.
-
-%% rCER/2
-%%
-%% Build a CEA record to send to a remote peer in response to an
-%% incoming CER. RFC 3588 gives no guidance on what should be sent
-%% here: should we advertise applications that the peer hasn't sent in
-%% its CER (aside from the relay application) or not? If we send
-%% applications that the peer hasn't advertised then the peer may have
-%% to be aware of the possibility. If we don't then we just look like
-%% a server that supports a subset (possibly) of what the client
-%% advertised, so this feels like the path of least incompatibility.
-%% However, the current draft standard (draft-ietf-dime-rfc3588bis-26,
-%% expires 24 July 2011) says this in section 5.3, Capabilities
-%% Exchange:
-%%
-%%   The receiver of the Capabilities-Exchange-Request (CER) MUST
-%%   determine common applications by computing the intersection of its
-%%   own set of supported Application Id against all of the application
-%%   identifier AVPs (Auth-Application-Id, Acct-Application-Id and Vendor-
-%%   Specific-Application-Id) present in the CER.  The value of the
-%%   Vendor-Id AVP in the Vendor-Specific-Application-Id MUST NOT be used
-%%   during computation.  The sender of the Capabilities-Exchange-Answer
-%%   (CEA) SHOULD include all of its supported applications as a hint to
-%%   the receiver regarding all of its application capabilities.
-%%
-%% Both RFC and the draft also say this:
-%%
-%%   The receiver only issues commands to its peers that have advertised
-%%   support for the Diameter application that defines the command.  A
-%%   Diameter node MUST cache the supported applications in order to
-%%   ensure that unrecognized commands and/or AVPs are not unnecessarily
-%%   sent to a peer.
-%%
-%% That is, each side sends all of its capabilities and is responsible for
-%% not sending commands that the peer doesn't support.
-
-%% TODO: Make it an option to send only common applications in CEA to
-%%       allow backwards compatibility, and also because there are likely
-%%       servers that expect this. Or maybe a callback.
-
-%% 6.10.  Inband-Security-Id AVP
-%%
-%%   NO_INBAND_SECURITY                0
-%%      This peer does not support TLS.  This is the default value, if the
-%%      AVP is omitted.
-
-rCER(CER, #diameter_service{capabilities = LCaps} = Svc) ->
-    #diameter_base_CER{'Inband-Security-Id' = RIS}
-        = CER,
-    #diameter_base_CEA{}
-        = CEA
-        = cea_from_cer(bCER(LCaps)),
-
-    RCaps = capx_to_caps(CER),
-    SApps = common_applications(LCaps, RCaps, Svc),
-
-    {SApps,
-     RCaps,
-     build_CEA([] == SApps,
-               RIS,
-               lists:member(?NO_INBAND_SECURITY, RIS),
-               CEA#diameter_base_CEA{'Result-Code' = ?SUCCESS,
-                                     'Inband-Security-Id' = []})}.
-
-%% TODO: 5.3 of RFC3588 says we MUST return DIAMETER_NO_COMMON_APPLICATION
-%%       in the CEA and SHOULD disconnect the transport. However, we have
-%%       no way to guarantee the send before disconnecting.
-
-build_CEA(true, _, _, CEA) ->
-    CEA#diameter_base_CEA{'Result-Code' = ?NOAPP};
-build_CEA(false, [_|_], false, CEA) ->
-    CEA#diameter_base_CEA{'Result-Code' = ?NOSECURITY};
-build_CEA(false, [_|_], true, CEA) ->
-    CEA#diameter_base_CEA{'Inband-Security-Id' = [?NO_INBAND_SECURITY]};
-build_CEA(false, [], false, CEA) ->
-    CEA.
-
-%% cea_from_cer/1
-
-cea_from_cer(#diameter_base_CER{} = CER) ->
-    lists:foldl(fun(F,A) -> to_cea(CER, F, A) end,
-                #diameter_base_CEA{},
-                record_info(fields, diameter_base_CER)).
-
-to_cea(CER, Field, CEA) ->
-    try ?BASE:'#info-'(diameter_base_CEA, {index, Field}) of
-        N ->
-            setelement(N, CEA, ?BASE:'#get-'(Field, CER))
-    catch
-        error: _ ->
-            CEA
-    end.
-
-%% rCEA/2
-
-rCEA(CEA, #diameter_service{capabilities = LCaps} = Svc)
-  when is_record(CEA, diameter_base_CEA) ->
-    #diameter_base_CEA{'Result-Code' = RC}
-        = CEA,
-
-    RC == ?SUCCESS orelse ?THROW({'Result-Code', RC}),
-
-    RCaps = capx_to_caps(CEA),
-    SApps = common_applications(LCaps, RCaps, Svc),
-
-    [] == SApps andalso ?THROW({no_common_apps, LCaps, RCaps}),
-
-    {SApps, RCaps};
-
-rCEA(CEA, _Svc) ->
-    ?THROW({invalid, CEA}).
-
-%% capx_to_caps/1
-
-capx_to_caps(#diameter_base_CEA{'Origin-Host' = OH,
-                                'Origin-Realm' = OR,
-                                'Host-IP-Address' = IP,
-                                'Vendor-Id' = VId,
-                                'Product-Name' = PN,
-                                'Origin-State-Id' = OSI,
-                                'Supported-Vendor-Id' = SV,
-                                'Auth-Application-Id' = Auth,
-                                'Inband-Security-Id' = IS,
-                                'Acct-Application-Id' = Acct,
-                                'Vendor-Specific-Application-Id' = VSA,
-                                'Firmware-Revision' = FR,
-                                'AVP' = X}) ->
-    #diameter_caps{origin_host = OH,
-                   origin_realm = OR,
-                   vendor_id = VId,
-                   product_name = PN,
-                   origin_state_id = OSI,
-                   host_ip_address = IP,
-                   supported_vendor_id = SV,
-                   auth_application_id = Auth,
-                   inband_security_id = IS,
-                   acct_application_id = Acct,
-                   vendor_specific_application_id = VSA,
-                   firmware_revision = FR,
-                   avp = X};
-
-capx_to_caps(#diameter_base_CER{} = CER) ->
-    capx_to_caps(cea_from_cer(CER)).
-
-%% ---------------------------------------------------------------------------
-%% ---------------------------------------------------------------------------
-
-%% common_applications/3
-%%
-%% Identify the (local) applications to be supported on the connection
-%% in question.
-
-common_applications(LCaps, RCaps, #diameter_service{applications = Apps}) ->
-    LA = app_union(LCaps),
-    RA = app_union(RCaps),
-
-    lists:foldl(fun(I,A) -> ca(I, Apps, RA, A) end, [], LA).
-
-ca(Id, Apps, RA, Acc) ->
-    Relay = lists:member(?APP_ID_RELAY, RA),
-    #diameter_app{alias = Alias} = find_app(Id, Apps),
-    tcons(Relay                        %% peer is a relay
-          orelse ?APP_ID_RELAY == Id   %% we're a relay
-          orelse lists:member(Id, RA), %% app is supported by the peer
-          Id,
-          Alias,
-          Acc).
-%% 5.3 of the RFC states that a peer advertising itself as a relay must
-%% be interpreted as having common applications.
-
-%% Extract the list of all application identifiers from Auth-Application-Id,
-%% Acct-Application-Id and Vendor-Specific-Application-Id.
-app_union(#diameter_caps{auth_application_id = U,
-                         acct_application_id = C,
-                         vendor_specific_application_id = V}) ->
-    set_list(U ++ C ++ lists:flatmap(fun vsa_apps/1, V)).
-
-vsa_apps(#'diameter_base_Vendor-Specific-Application-Id'
-         {'Auth-Application-Id' = U,
-          'Acct-Application-Id' = C}) ->
-    U ++ C;
-vsa_apps(L) ->
-    Rec = ?BASE:'#new-'('diameter_base_Vendor-Specific-Application-Id', L),
-    vsa_apps(Rec).
-
-%% It's a configuration error for a locally advertised application not
-%% to be represented in Apps. Don't just match on lists:keyfind/3 in
-%% order to generate a more helpful error.
-find_app(Id, Apps) ->
-    case lists:keyfind(Id, #diameter_app.id, Apps) of
-        #diameter_app{} = A ->
-            A;
-        false ->
-            ?THROW({app_not_configured, Id})
-    end.
-
-set_list(L) ->
-    sets:to_list(sets:from_list(L)).
-
-tcons(true, K, V, Acc) ->
-    [{K,V} | Acc];
-tcons(false, _, _, Acc) ->
-    Acc.
diff --git a/lib/diameter/src/app/diameter_codec.erl b/lib/diameter/src/app/diameter_codec.erl
deleted file mode 100644
index d88f42fb7c..0000000000
--- a/lib/diameter/src/app/diameter_codec.erl
+++ /dev/null
@@ -1,561 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--module(diameter_codec).
-
--export([encode/2,
-         decode/2,
-         decode/3,
-         collect_avps/1,
-         decode_header/1,
-         sequence_numbers/1,
-         hop_by_hop_id/2,
-         msg_name/1,
-         msg_id/1]).
-
-%% Towards generated encoders (from diameter_gen.hrl).
--export([pack_avp/1,
-         pack_avp/2]).
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
-
--define(MASK(N,I), ((I) band (1 bsl (N)))).
-
-%%     0                   1                   2                   3
-%%     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |    Version    |                 Message Length                |
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    | command flags |                  Command-Code                 |
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |                         Application-ID                        |
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |                      Hop-by-Hop Identifier                    |
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |                      End-to-End Identifier                    |
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |  AVPs ...
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-
-
-%%% ---------------------------------------------------------------------------
-%%% # encode/[2-4]
-%%% ---------------------------------------------------------------------------
-
-encode(Mod, #diameter_packet{} = Pkt) ->
-    try
-        e(Mod, Pkt)
-    catch
-        error: Reason ->
-            %% Be verbose rather than letting the emulator truncate the
-            %% error report.
-            X = {Reason, ?STACK},
-            diameter_lib:error_report(X, {?MODULE, encode, [Mod, Pkt]}),
-            exit(X)
-    end;
-
-encode(Mod, Msg) ->
-    Seq = diameter_session:sequence(),
-    Hdr = #diameter_header{version = ?DIAMETER_VERSION,
-                           end_to_end_id = Seq,
-                           hop_by_hop_id = Seq},
-    encode(Mod,  #diameter_packet{header = Hdr,
-                                  msg = Msg}).
-
-e(_, #diameter_packet{msg = [#diameter_header{} = Hdr | As]} = Pkt) ->
-    Avps = encode_avps(As),
-    Length = size(Avps) + 20,
-
-    #diameter_header{version = Vsn,
-                     cmd_code = Code,
-                     application_id = Aid,
-                     hop_by_hop_id  = Hid,
-                     end_to_end_id  = Eid}
-        = Hdr,
-
-    Flags = make_flags(0, Hdr),
-
-    Pkt#diameter_packet{bin = <<Vsn:8, Length:24,
-                                Flags:8, Code:24,
-                                Aid:32,
-                                Hid:32,
-                                Eid:32,
-                                Avps/binary>>};
-
-e(Mod0, #diameter_packet{header = Hdr, msg = Msg} = Pkt) ->
-    #diameter_header{version = Vsn,
-                     hop_by_hop_id = Hid,
-                     end_to_end_id = Eid}
-        = Hdr,
-
-    {Mod, MsgName} = rec2msg(Mod0, Msg),
-    {Code, Flags0, Aid} = msg_header(Mod, MsgName, Hdr),
-    Flags = make_flags(Flags0, Hdr),
-
-    Avps = encode_avps(Mod, MsgName, values(Msg)),
-    Length = size(Avps) + 20,
-
-    Pkt#diameter_packet{header = Hdr#diameter_header
-                                    {length = Length,
-                                     cmd_code = Code,
-                                     application_id = Aid,
-                                     is_request       = 0 /= ?MASK(7, Flags),
-                                     is_proxiable     = 0 /= ?MASK(6, Flags),
-                                     is_error         = 0 /= ?MASK(5, Flags),
-                                     is_retransmitted = 0 /= ?MASK(4, Flags)},
-                        bin = <<Vsn:8, Length:24,
-                                Flags:8, Code:24,
-                                Aid:32,
-                                Hid:32,
-                                Eid:32,
-                                Avps/binary>>}.
-
-%% make_flags/2
-
-make_flags(Flags0, #diameter_header{is_request       = R,
-                                    is_proxiable     = P,
-                                    is_error         = E,
-                                    is_retransmitted = T}) ->
-    {Flags, 3} = lists:foldl(fun(B,{F,N}) -> {mf(B,F,N), N-1} end,
-                             {Flags0, 7},
-                             [R,P,E,T]),
-    Flags.
-
-mf(undefined, F, _) ->
-    F;
-mf(B, F, N) ->  %% reset the affected bit
-    (F bxor (F band (1 bsl N))) bor bit(B, N).
-
-bit(true, N)  -> 1 bsl N;
-bit(false, _) -> 0.
-
-%% values/1
-
-values([H|T])
-  when is_atom(H) ->
-    T;
-values(Avps) ->
-    Avps.
-
-%% encode_avps/3
-
-%% Specifying values as a #diameter_avp list bypasses arity and other
-%% checks: the values are expected to be already encoded and the AVP's
-%% presented are simply sent. This is needed for relay agents, since
-%% these have to be able to resend whatever comes.
-
-%% Message as a list of #diameter_avp{} ...
-encode_avps(_, _, [#diameter_avp{} | _] = Avps) ->
-    encode_avps(reorder(Avps, [], Avps));
-
-%% ... or as a tuple list or record.
-encode_avps(Mod, MsgName, Values) ->
-    Mod:encode_avps(MsgName, Values).
-
-%% reorder/1
-
-reorder([#diameter_avp{index = 0} | _] = Avps, Acc, _) ->
-    Avps ++ Acc;
-
-reorder([#diameter_avp{index = N} = A | Avps], Acc, _)
-  when is_integer(N) ->
-    lists:reverse(Avps, [A | Acc]);
-
-reorder([H | T], Acc, Avps) ->
-    reorder(T, [H | Acc], Avps);
-
-reorder([], Acc, _) ->
-    Acc.
-
-%% encode_avps/1
-
-encode_avps(Avps) ->
-    list_to_binary(lists:map(fun pack_avp/1, Avps)).
-
-%% msg_header/3
-
-msg_header(Mod, MsgName, Header) ->
-    {Code, Flags, ApplId} = h(Mod, MsgName, Header),
-    {Code, p(Flags, Header), ApplId}.
-
-%% 6.2 of 3588 requires the same 'P' bit on an answer as on the
-%% request.
-
-p(Flags, #diameter_header{is_request = true,
-                          is_proxiable = P}) ->
-    Flags band (2#10110000 bor choose(P, 2#01000000, 0));
-p(Flags, _) ->
-    Flags.
-
-h(Mod, 'answer-message' = MsgName, Header) ->
-    ?BASE = Mod,
-    #diameter_header{cmd_code = Code} = Header,
-    {_, Flags, ApplId} = ?BASE:msg_header(MsgName),
-    {Code, Flags, ApplId};
-
-h(Mod, MsgName, _) ->
-    Mod:msg_header(MsgName).
-
-%% rec2msg/2
-
-rec2msg(_, ['answer-message' = M | _]) ->
-    {?BASE, M};
-
-rec2msg(Mod, [MsgName|_])
-  when is_atom(MsgName) ->
-    {Mod, MsgName};
-
-rec2msg(Mod, Rec) ->
-    R = element(1, Rec),
-    A = 'answer-message',
-    case ?BASE:msg2rec(A) of
-        R ->
-            {?BASE, A};
-        _ ->
-            {Mod, Mod:rec2msg(R)}
-    end.
-
-%%% ---------------------------------------------------------------------------
-%%% # decode/2
-%%% ---------------------------------------------------------------------------
-
-%% Unsuccessfully decoded AVPs will be placed in #diameter_packet.errors.
-
-decode(Mod, Pkt) ->
-    decode(Mod:id(), Mod, Pkt).
-
-%% If we're a relay application then just extract the avp's without
-%% any decoding of their data since we don't know the application in
-%% question.
-decode(?APP_ID_RELAY, _, #diameter_packet{} = Pkt) ->
-    case collect_avps(Pkt) of
-        {Bs, As} ->
-            Pkt#diameter_packet{avps = As,
-                                errors = [Bs]};
-        As ->
-            Pkt#diameter_packet{avps = As}
-    end;
-
-%% Otherwise decode using the dictionary.
-decode(_, Mod, #diameter_packet{header = Hdr} = Pkt)
-  when is_atom(Mod) ->
-    #diameter_header{cmd_code = CmdCode,
-                     is_request = IsRequest,
-                     is_error = IsError}
-        = Hdr,
-
-    {M, MsgName} = if IsError andalso not IsRequest ->
-                           {?BASE, 'answer-message'};
-                      true ->
-                           {Mod, Mod:msg_name(CmdCode, IsRequest)}
-                   end,
-
-    decode_avps(MsgName, M, Pkt, collect_avps(Pkt));
-
-decode(Id, Mod, Bin)
-  when is_bitstring(Bin) ->
-    decode(Id, Mod, #diameter_packet{header = decode_header(Bin), bin = Bin}).
-
-decode_avps(MsgName, Mod, Pkt, {Bs, Avps}) ->  %% invalid avp bits ...
-    ?LOG(invalid, Pkt#diameter_packet.bin),
-    #diameter_packet{errors = Failed}
-        = P
-        = decode_avps(MsgName, Mod, Pkt, Avps),
-    P#diameter_packet{errors = [Bs | Failed]};
-
-decode_avps('', Mod, Pkt, Avps) ->  %% unknown message ...
-    ?LOG(unknown, {Mod, Pkt#diameter_packet.header}),
-    Pkt#diameter_packet{avps = lists:reverse(Avps),
-                        errors = [3001]};   %% DIAMETER_COMMAND_UNSUPPORTED
-%% msg = undefined identifies this case.
-
-decode_avps(MsgName, Mod, Pkt, Avps) ->  %% ... or not
-    {Rec, As, Failed} = Mod:decode_avps(MsgName, Avps),
-    ?LOGC([] /= Failed, failed, {Mod, Failed}),
-    Pkt#diameter_packet{msg = Rec,
-                        errors = Failed,
-                        avps = As}.
-
-%%% ---------------------------------------------------------------------------
-%%% # decode_header/1
-%%% ---------------------------------------------------------------------------
-
-decode_header(<<Version:8,
-                MsgLength:24,
-                CmdFlags:1/binary,
-                CmdCode:24,
-                ApplicationId:32,
-                HopByHopId:32,
-                EndToEndId:32,
-                _/bitstring>>) ->
-    <<R:1, P:1, E:1, T:1, _:4>>
-        = CmdFlags,
-    %% 3588 (ch 3) says that reserved bits MUST be set to 0 and ignored
-    %% by the receiver.
-
-    %% The RFC is quite unclear about the order of the bits in this
-    %% case. It writes
-    %%
-    %%    0 1 2 3 4 5 6 7
-    %%   +-+-+-+-+-+-+-+-+
-    %%   |R P E T r r r r|
-    %%   +-+-+-+-+-+-+-+-+
-    %%
-    %% in defining these but the scale refers to the (big endian)
-    %% transmission order, first to last, not the bit order. That is,
-    %% R is the high order bit. It's odd that a standard reserves
-    %% low-order bit rather than high-order ones.
-
-    #diameter_header{version = Version,
-                     length = MsgLength,
-                     cmd_code = CmdCode,
-                     application_id = ApplicationId,
-                     hop_by_hop_id = HopByHopId,
-                     end_to_end_id = EndToEndId,
-                     is_request       = 1 == R,
-                     is_proxiable     = 1 == P,
-                     is_error         = 1 == E,
-                     is_retransmitted = 1 == T};
-
-decode_header(_) ->
-    false.
-
-%%% ---------------------------------------------------------------------------
-%%% # sequence_numbers/1
-%%% ---------------------------------------------------------------------------
-
-%% The End-To-End identifier must be unique for at least 4 minutes. We
-%% maintain a 24-bit wraparound counter, and add an 8-bit persistent
-%% wraparound counter. The 8-bit counter is incremented each time the
-%% system is restarted.
-
-sequence_numbers(#diameter_packet{bin = Bin})
-  when is_binary(Bin) ->
-    sequence_numbers(Bin);
-
-sequence_numbers(#diameter_packet{header = #diameter_header{} = H}) ->
-    sequence_numbers(H);
-
-sequence_numbers(#diameter_header{hop_by_hop_id = H,
-                                  end_to_end_id = E}) ->
-    {H,E};
-
-sequence_numbers(<<_:12/binary, H:32, E:32, _/binary>>) ->
-    {H,E}.
-
-%%% ---------------------------------------------------------------------------
-%%% # hop_by_hop_id/2
-%%% ---------------------------------------------------------------------------
-
-hop_by_hop_id(Id, <<H:12/binary, _:32, T/binary>>) ->
-    <<H/binary, Id:32, T/binary>>.
-
-%%% ---------------------------------------------------------------------------
-%%% # msg_name/1
-%%% ---------------------------------------------------------------------------
-
-msg_name(#diameter_header{application_id = ?APP_ID_COMMON,
-                          cmd_code = C,
-                          is_request = R}) ->
-    ?BASE:msg_name(C,R);
-
-msg_name(Hdr) ->
-    msg_id(Hdr).
-
-%% Note that messages in different applications could have the same
-%% name.
-
-%%% ---------------------------------------------------------------------------
-%%% # msg_id/1
-%%% ---------------------------------------------------------------------------
-
-msg_id(#diameter_packet{msg = [#diameter_header{} = Hdr | _]}) ->
-    msg_id(Hdr);
-
-msg_id(#diameter_packet{header = #diameter_header{} = Hdr}) ->
-    msg_id(Hdr);
-
-msg_id(#diameter_header{application_id = A,
-                        cmd_code = C,
-                        is_request = R}) ->
-    {A, C, if R -> 1; true -> 0 end};
-
-msg_id(<<_:32, Rbit:1, _:7, CmdCode:24, ApplId:32, _/bitstring>>) ->
-    {ApplId, CmdCode, Rbit}.
-
-%%% ---------------------------------------------------------------------------
-%%% # collect_avps/1
-%%% ---------------------------------------------------------------------------
-
-%% Note that the returned list of AVP's is reversed relative to their
-%% order in the binary. Note also that grouped avp's aren't unraveled,
-%% only those at the top level.
-
-collect_avps(#diameter_packet{bin = Bin}) ->
-    <<_:20/binary, Avps/bitstring>> = Bin,
-    collect_avps(Avps);
-
-collect_avps(Bin) ->
-    collect_avps(Bin, 0, []).
-
-collect_avps(<<>>, _, Acc) ->
-    Acc;
-collect_avps(Bin, N, Acc) ->
-    try split_avp(Bin) of
-        {Rest, AVP} ->
-            collect_avps(Rest, N+1, [AVP#diameter_avp{index = N} | Acc])
-    catch
-        ?FAILURE(_) ->
-            {Bin, Acc}
-    end.
-
-%%     0                   1                   2                   3
-%%     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |                           AVP Code                            |
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |V M P r r r r r|                  AVP Length                   |
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |                        Vendor-ID (opt)                        |
-%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-%%    |    Data ...
-%%    +-+-+-+-+-+-+-+-+
-
-%% split_avp/1
-
-split_avp(Bin) ->
-    8 =< size(Bin) orelse ?THROW(truncated_header),
-
-    <<Code:32, Flags:1/binary, Length:24, Rest/bitstring>>
-        = Bin,
-
-    DataSize = Length - 8,        % size(Code+Flags+Length) = 8 octets
-    PadSize = (4 - (DataSize rem 4)) rem 4,
-
-    DataSize + PadSize =< size(Rest)
-        orelse ?THROW(truncated_data),
-
-    <<Data:DataSize/binary, _:PadSize/binary, R/bitstring>>
-        = Rest,
-    <<Vbit:1, Mbit:1, Pbit:1, _Reserved:5>>
-        = Flags,
-
-    0 == Vbit orelse 4 =< size(Data)
-        orelse ?THROW(truncated_vendor_id),
-
-    {Vid, D} = vid(Vbit, Data),
-    {R, #diameter_avp{code = Code,
-                      vendor_id = Vid,
-                      is_mandatory = 1 == Mbit,
-                      need_encryption = 1 == Pbit,
-                      data = D}}.
-
-%% The RFC is a little misleading when stating that OctetString is
-%% padded to a 32-bit boundary while other types align naturally. All
-%% other types are already multiples of 32 bits so there's no need to
-%% distinguish between types here. Any invalid lengths will result in
-%% decode error in diameter_types.
-
-vid(1, <<Vid:32, Data/bitstring>>) ->
-    {Vid, Data};
-vid(0, Data) ->
-    {undefined, Data}.
-
-%%% ---------------------------------------------------------------------------
-%%% # pack_avp/1
-%%% ---------------------------------------------------------------------------
-
-%% The normal case here is data as an #diameter_avp{} list or an
-%% iolist, which are the cases that generated codec modules use. The
-%% other case is as a convenience in the relay case in which the
-%% dictionary doesn't know about specific AVP's.
-
-%% Grouped AVP whose components need packing ...
-pack_avp(#diameter_avp{data = [#diameter_avp{} | _] = Avps} = A) ->
-    pack_avp(A#diameter_avp{data = encode_avps(Avps)});
-
-%% ... data as a type/value tuple, possibly with header data, ...
-pack_avp(#diameter_avp{data = {Type, Value}} = A)
-  when is_atom(Type) ->
-    pack_avp(A#diameter_avp{data = diameter_types:Type(encode, Value)});
-pack_avp(#diameter_avp{data = {{_,_,_} = T, {Type, Value}}}) ->
-    pack_avp(T, iolist_to_binary(diameter_types:Type(encode, Value)));
-pack_avp(#diameter_avp{data = {{_,_,_} = T, Bin}})
-  when is_binary(Bin) ->
-    pack_avp(T, Bin);
-pack_avp(#diameter_avp{data = {Dict, Name, Value}} = A) ->
-    {Code, _Flags, Vid} = Hdr = Dict:avp_header(Name),
-    {Name, Type} = Dict:avp_name(Code, Vid),
-    pack_avp(A#diameter_avp{data = {Hdr, {Type, Value}}});
-
-%% ... or as an iolist.
-pack_avp(#diameter_avp{code = Code,
-                       vendor_id = V,
-                       is_mandatory = M,
-                       need_encryption = P,
-                       data = Data}) ->
-    Flags = lists:foldl(fun flag_avp/2, 0, [{V /= undefined, 2#10000000},
-                                            {M, 2#01000000},
-                                            {P, 2#00100000}]),
-    pack_avp({Code, Flags, V}, iolist_to_binary(Data)).
-
-flag_avp({true, B}, F) ->
-    F bor B;
-flag_avp({false, _}, F) ->
-    F.
-
-%%% ---------------------------------------------------------------------------
-%%% # pack_avp/2
-%%% ---------------------------------------------------------------------------
-
-pack_avp({Code, Flags, VendorId}, Bin)
-  when is_binary(Bin) ->
-    Sz = size(Bin),
-    pack_avp(Code, Flags, VendorId, Sz, pad(Sz rem 4, Bin)).
-
-pad(0, Bin) ->
-    Bin;
-pad(N, Bin) ->
-    P = 8*(4-N),
-    <<Bin/binary, 0:P>>.
-%% Note that padding is not included in the length field as mandated by
-%% the RFC.
-
-%% pack_avp/5
-%%
-%% Prepend the vendor id as required.
-
-pack_avp(Code, Flags, Vid, Sz, Bin)
-  when 0 == Flags band 2#10000000 ->
-    undefined = Vid,  %% sanity check
-    pack_avp(Code, Flags, Sz, Bin);
-
-pack_avp(Code, Flags, Vid, Sz, Bin) ->
-    pack_avp(Code, Flags, Sz+4, <<Vid:32, Bin/binary>>).
-
-%% pack_avp/4
-
-pack_avp(Code, Flags, Sz, Bin) ->
-    Length = Sz + 8,
-    <<Code:32, Flags:8, Length:24, Bin/binary>>.
-
-%% ===========================================================================
-
-choose(true, X, _)  -> X;
-choose(false, _, X) -> X.
diff --git a/lib/diameter/src/app/diameter_config.erl b/lib/diameter/src/app/diameter_config.erl
deleted file mode 100644
index a6b48fe65b..0000000000
--- a/lib/diameter/src/app/diameter_config.erl
+++ /dev/null
@@ -1,676 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% This module writes service/transport configuration to the table
-%% diameter_config, so that the config will survive service process
-%% death, and then turns it into calls towards diameter_service. It
-%% also restarts services upon their death.
-%%
-%% The table diameter_config is only written here while
-%% diameter_service reads. This is all somewhat after the fact. Once
-%% upon a time the config was only stored in the service process,
-%% causing much grief if these processes died (which they did with
-%% some regularity) and one was forced to reconfigure. This module was
-%% then inserted into the service start in order to keep a more
-%% permanent record of the config. That said, service processes are
-%% now much more robust than they once were and crashing is a thing of
-%% the past.
-%%
-
--module(diameter_config).
--compile({no_auto_import, [monitor/2]}).
-
--behaviour(gen_server).
-
--export([start_service/2,
-         stop_service/1,
-         add_transport/2,
-         remove_transport/2,
-         have_transport/2,
-         lookup/1]).
-
-%% child server start
--export([start_link/0]).
-
-%% gen_server callbacks
--export([init/1,
-         terminate/2,
-         handle_call/3,
-         handle_cast/2,
-         handle_info/2,
-         code_change/3]).
-
-%% diameter_sync requests.
--export([sync/1]).
-
-%% debug
--export([state/0,
-         uptime/0]).
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
-
-%% Server state.
--record(state, {id = now()}).
-
-%% Registered name of the server.
--define(SERVER, ?MODULE).
-
-%% Table config is written to.
--define(TABLE, ?MODULE).
-
-%% Workaround for dialyzer's lack of understanding of match specs.
--type match(T)
-   :: T | '_' | '$1' | '$2' | '$3' | '$4'.
-
-%% Configuration records in ?TABLE.
-
--record(service,
-        {name,
-         rec     :: match(#diameter_service{}),
-         options :: match(list())}).
-
--record(transport,
-        {service, %% name
-         ref = make_ref() :: match(reference()),
-         type             :: match(connect | listen),
-         options          :: match(list())}).
-
-%% Monitor entry in ?TABLE.
--record(monitor, {mref = make_ref() :: reference(),
-                  service}). %% name
-
-%% Time to lay low before restarting a dead service.
--define(RESTART_SLEEP, 2000).
-
-%% A minimal diameter_caps for checking for valid capabilities values.
--define(EXAMPLE_CAPS,
-        #diameter_caps{origin_host = "TheHost",
-                       origin_realm = "TheRealm",
-                       host_ip_address = [{127,0,0,1}],
-                       vendor_id = 42,
-                       product_name = "TheProduct"}).
-
--define(VALUES(Rec), tl(tuple_to_list(Rec))).
-
-%%% The return values below assume the server diameter_config is started.
-%%% The functions will exit if it isn't.
-
-%% --------------------------------------------------------------------------
-%% # start_service(SvcName, Opts)
-%%
-%% Output: ok | {error, Reason}
-%% --------------------------------------------------------------------------
-
-start_service(SvcName, Opts)
-  when is_list(Opts)  ->
-    start_rc(sync(SvcName, {start_service, SvcName, Opts})).
-
-start_rc({ok = T, _Pid}) ->
-    T;
-start_rc({error, _} = No) ->
-    No;
-start_rc(timeout) ->
-    {error, application_not_started}.
-
-%% --------------------------------------------------------------------------
-%% # stop_service(SvcName)
-%%
-%% Output: ok
-%% --------------------------------------------------------------------------
-
-stop_service(SvcName) ->
-    sync(SvcName, {stop_service, SvcName}).
-
-%% --------------------------------------------------------------------------
-%% # add_transport(SvcName, {Type, Opts})
-%%
-%% Input:  Type = connect | listen
-%%
-%% Output: {ok, Ref} | {error, Reason}
-%% --------------------------------------------------------------------------
-
-add_transport(SvcName, {T, Opts})
-  when is_list(Opts), (T == connect orelse T == listen) ->
-    sync(SvcName, {add, SvcName, T, Opts}).
-
-%% --------------------------------------------------------------------------
-%% # remove_transport(SvcName, Pred)
-%%
-%% Input:  Pred = arity 3 fun on transport ref, connect|listen and Opts,
-%%                returning true if the transport is to be removed, false if
-%%                not
-%%              | arity 2 fun on Ref and Opts only
-%%              | arity 1 fun on Opts only
-%%              | Opts matching all transports that have all of the specified
-%%                options
-%%              | Ref matching only the transport with this reference.
-%%              | {M,F,A} applied to Ref, connect|listen and Opts
-%%              | boolean()
-%%
-%% Output: ok | {error, Reason}
-%% --------------------------------------------------------------------------
-
-remove_transport(SvcName, Pred) ->
-    try
-        sync(SvcName, {remove, SvcName, pred(Pred)})
-    catch
-        ?FAILURE(Reason) ->
-            {error, Reason}
-    end.
-
-pred(Pred)
-  when is_function(Pred, 3) ->
-    Pred;
-pred(Pred)
-  when is_function(Pred, 2) ->
-    fun(R,_,O) -> Pred(R,O) end;
-pred(Pred)
-  when is_function(Pred, 1) ->
-    fun(_,_,O) -> Pred(O) end;
-pred(Opts)
-  when is_list(Opts) ->
-    fun(_,_,O) -> [] == Opts -- O end;
-pred(Ref)
-  when is_reference(Ref) ->
-    fun(R,_,_) -> R == Ref end;
-pred({M,F,A})
-  when is_atom(M), is_atom(F), is_list(A) ->
-    fun(R,T,O) -> apply(M,F,[R,T,O|A]) end;
-pred({Type, Pred}) ->  %% backwards compatibility
-    P = pred(Pred),
-    fun(R,T,O) -> T == Type andalso P(R,T,O) end;
-pred(B)
-  when is_boolean(B) ->
-    fun(_,_,_) -> B end;
-pred(_) ->
-    ?THROW(pred).
-
-%% --------------------------------------------------------------------------
-%% # have_transport/2
-%%
-%% Output: true | false
-%% --------------------------------------------------------------------------
-
-have_transport(SvcName, Ref) ->
-    member([{#transport{service = '$1',
-                        ref = '$2',
-                        _ = '_'},
-             [{'andalso', {'=:=', '$1', {const, SvcName}},
-                          {'=:=', '$2', {const, Ref}}}],
-             [true]}]).
-
-%% --------------------------------------------------------------------------
-%% # lookup/1
-%% --------------------------------------------------------------------------
-
-lookup(SvcName) ->
-    select([{#service{name = '$1', rec = '$2', options = '$3'},
-             [{'=:=', '$1', {const, SvcName}}],
-             [{{'$1', '$2', '$3'}}]},
-            {#transport{service = '$1',
-                        ref = '$2',
-                        type = '$3',
-                        options = '$4'},
-             [{'=:=', '$1', {const, SvcName}}],
-             [{{'$2', '$3', '$4'}}]}]).
-
-%% ---------------------------------------------------------
-%% EXPORTED INTERNAL FUNCTIONS
-%% ---------------------------------------------------------
-
-start_link() ->
-    ServerName = {local, ?SERVER},
-    Module     = ?MODULE,
-    Args       = [],
-    Options    = [{spawn_opt, diameter_lib:spawn_opts(server, [])}],
-    gen_server:start_link(ServerName, Module, Args, Options).
-
-state() ->
-    call(state).
-
-uptime() ->
-    call(uptime).
-
-%%% ----------------------------------------------------------
-%%% # init/1
-%%% ----------------------------------------------------------
-
-init([]) ->
-    {ok, #state{}}.
-
-%%% ----------------------------------------------------------
-%%% # handle_call/2
-%%% ----------------------------------------------------------
-
-handle_call(state, _, State) ->
-    {reply, State, State};
-
-handle_call(uptime, _, #state{id = Time} = State) ->
-    {reply, diameter_lib:now_diff(Time), State};
-
-handle_call(Req, From, State) ->
-    ?UNEXPECTED([Req, From]),
-    Reply = {error, {bad_request, Req}},
-    {reply, Reply, State}.
-
-%%% ----------------------------------------------------------
-%%% # handle_cast/2
-%%% ----------------------------------------------------------
-
-handle_cast(Msg, State) ->
-    ?UNEXPECTED([Msg]),
-    {noreply, State}.
-
-%%% ----------------------------------------------------------
-%%% # handle_info/2
-%%% ----------------------------------------------------------
-
-%% A service process has died. This is most likely a consequence of
-%% stop_service, in which case the restart will find no config for the
-%% service and do nothing. The entry keyed on the monitor ref is only
-%% removed as a result of the 'DOWN' notification however.
-handle_info({'DOWN', MRef, process, _, Reason}, State) ->
-    [#monitor{service = SvcName} = T] = select([{#monitor{mref = MRef,
-                                                          _ = '_'},
-                                                 [],
-                                                 ['$_']}]),
-    queue_restart(Reason, SvcName),
-    delete_object(T),
-    {noreply, State};
-
-handle_info({monitor, SvcName, Pid}, State) ->
-    monitor(Pid, SvcName),
-    {noreply, State};
-
-handle_info({restart, SvcName}, State) ->
-    restart(SvcName),
-    {noreply, State};
-
-handle_info(restart, State) ->
-    restart(),
-    {noreply, State};
-
-handle_info(Info, State) ->
-    ?UNEXPECTED([Info]),
-    {noreply, State}.
-
-%%--------------------------------------------------------------------
-%% # terminate/2
-%%--------------------------------------------------------------------
-
-terminate(_Reason, _State) ->
-    ok.
-
-%%% ----------------------------------------------------------
-%%% # code_change/3
-%%% ----------------------------------------------------------
-
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-%% ---------------------------------------------------------
-%% INTERNAL FUNCTIONS
-%% ---------------------------------------------------------
-
-insert(T) ->
-    ets:insert(?TABLE, T).
-
-%% ?TABLE is a bag: check only for a service entry.
-have_service(SvcName) ->
-    member([{#service{name = '$1', _ = '_'},
-             [{'=:=', '$1', {const, SvcName}}],
-             [true]}]).
-
-member(MatchSpec) ->
-    '$end_of_table' =/= ets:select(?TABLE, MatchSpec, 1).
-
-delete_object(T) ->
-    ets:delete_object(?TABLE, T).
-
-delete(Key) ->
-    ets:delete(?TABLE, Key).
-
-select(MatchSpec) ->
-    ets:select(?TABLE, MatchSpec).
-
-select_delete(MatchSpec) ->
-    ets:select_delete(?TABLE, MatchSpec).
-
-%% sync/2
-%%
-%% Interface functions used to be implemented as calls to ?SERVER but
-%% now serialize things per service instead since stopping a service
-%% can take time if the server doesn't answer DPR. A caller who wants
-%% to stop multiple services can then improve performance by spawning
-%% processes to stop them concurrently.
-
-sync(SvcName, T) ->
-    diameter_sync:call({?MODULE, SvcName},
-		       {?MODULE, sync, [T]},
-		       infinity,
-		       infinity).
-
-%% sync/1
-
-sync({restart, SvcName}) ->
-    have_service(SvcName) andalso start(SvcName);
-
-sync({start_service, SvcName, Opts}) ->
-    try
-        start(have_service(SvcName), SvcName, Opts)
-    catch
-        ?FAILURE(Reason) -> {error, Reason}
-    end;
-
-sync({stop_service, SvcName}) ->
-    stop(SvcName);
-
-sync({add, SvcName, Type, Opts}) ->
-    try
-        add(SvcName, Type, Opts)
-    catch
-        ?FAILURE(Reason) -> {error, Reason}
-    end;
-
-sync({remove, SvcName, Pred}) ->
-    remove(select([{#transport{service = '$1', _ = '_'},
-                    [{'=:=', '$1', {const, SvcName}}],
-                    ['$_']}]),
-           SvcName,
-           Pred).
-
-%% start/3
-
-start(true, _, _) ->
-    {error, already_started};
-start(false, SvcName, Opts) ->
-    insert(make_config(SvcName, Opts)),
-    start(SvcName).
-
-%% start/1
-
-start(SvcName) ->
-    RC = diameter_service:start(SvcName),
-    startmon(SvcName, RC),
-    RC.
-
-startmon(SvcName, {ok, Pid}) ->
-    ?SERVER ! {monitor, SvcName, Pid};
-startmon(_, {error, _}) ->
-    ok.
-
-monitor(Pid, SvcName) ->
-    MRef = erlang:monitor(process, Pid),
-    insert(#monitor{mref = MRef, service = SvcName}).
-
-%% queue_restart/2
-
-%% Service has gone down on monitor death. Note that all service-related
-%% config is deleted.
-queue_restart({shutdown, {monitor, _}}, SvcName) ->
-    delete(SvcName);
-
-%% Application shutdown: ignore.
-queue_restart(shutdown, _) ->
-    ok;
-
-%% Or not.
-queue_restart(_, SvcName) ->
-    erlang:send_after(?RESTART_SLEEP, self(), {restart, SvcName}).
-
-%% restart/1
-
-restart(SvcName) ->
-    sync(SvcName, {restart, SvcName}).
-
-%% restart/0
-%%
-%% Start anything configured as required. Bang 'restart' to the server
-%% to kick things into gear manually. (Not that it should be required
-%% but it's been useful for test.)
-
-restart() ->
-    MatchSpec = [{#service{name = '$1', _ = '_'},
-                  [],
-                  ['$1']}],
-    lists:foreach(fun restart/1, select(MatchSpec)).
-
-%% stop/1
-
-stop(SvcName) ->
-    %% If the call to the service returns error for any reason other
-    %% than the process not being alive then deleting the config from
-    %% under it will surely bring it down.
-    diameter_service:stop(SvcName),
-    %% Delete only the service entry, not everything keyed on the name,
-    select_delete([{#service{name = '$1', _ = '_'},
-                    [{'=:=', '$1', {const, SvcName}}],
-                    [true]}]),
-    ok.
-%% Note that a transport has to be removed for its statistics to be
-%% deleted.
-
-%% add/3
-
-add(SvcName, Type, Opts) ->
-    %% Ensure usable capabilities. diameter_service:merge_service/2
-    %% depends on this.
-    lists:foreach(fun(Os) ->
-                          is_list(Os) orelse ?THROW({capabilities, Os}),
-                          ok = encode_CER(Os)
-                  end,
-                  [Os || {capabilities, Os} <- Opts, is_list(Os)]),
-
-    Ref = make_ref(),
-    T = {Ref, Type, Opts},
-    %% The call to the service returns error if the service isn't
-    %% started yet, which is harmless. The transport will be started
-    %% when the service is in that case.
-    case start_transport(SvcName, T) of
-        ok ->
-            insert(#transport{service = SvcName,
-                              ref = Ref,
-                              type = Type,
-                              options = Opts}),
-            {ok, Ref};
-        {error, _} = No ->
-            No
-    end.
-
-start_transport(SvcName, T) ->
-    case diameter_service:start_transport(SvcName, T) of
-        {ok, _Pid} ->
-            ok;
-        {error, no_service} ->
-            ok;
-        {error, _} = No ->
-            No
-    end.
-
-%% remove/3
-
-remove(L, SvcName, Pred) ->
-    rm(SvcName, lists:filter(fun(#transport{ref = R, type = T, options = O}) ->
-                                     Pred(R,T,O)
-                             end,
-                             L)).
-
-rm(_, []) ->
-    ok;
-rm(SvcName, L) ->
-    Refs = lists:map(fun(#transport{ref = R}) -> R end, L),
-    case stop_transport(SvcName, Refs) of
-        ok ->
-            lists:foreach(fun delete_object/1, L);
-        {error, _} = No ->
-            No
-    end.
-
-stop_transport(SvcName, Refs) ->
-    case diameter_service:stop_transport(SvcName, Refs) of
-        ok ->
-            ok;
-        {error, no_service} ->
-            ok;
-        {error, _} = No ->
-            No
-    end.
-
-%% make_config/2
-
-make_config(SvcName, Opts) ->
-    Apps = init_apps(Opts),
-    [] == Apps andalso ?THROW(no_apps),
-
-    %% Use the fact that diameter_caps has the same field names as CER.
-    Fields = diameter_gen_base_rfc3588:'#info-'(diameter_base_CER) -- ['AVP'],
-
-    COpts = [T || {K,_} = T <- Opts, lists:member(K, Fields)],
-    Caps = make_caps(#diameter_caps{}, COpts),
-
-    ok = encode_CER(COpts),
-
-    Os = split(Opts, [{[fun erlang:is_boolean/1], false, share_peers},
-                      {[fun erlang:is_boolean/1], false, use_shared_peers},
-                      {[fun erlang:is_pid/1, false], false, monitor}]),
-    %% share_peers and use_shared_peers are currently undocumented.
-
-    #service{name = SvcName,
-             rec = #diameter_service{applications = Apps,
-                                     capabilities = Caps},
-             options = Os}.
-
-make_caps(Caps, Opts) ->
-    case diameter_capx:make_caps(Caps, Opts) of
-        {ok, T} ->
-            T;
-        {error, {Reason, _}} ->
-            ?THROW(Reason)
-    end.
-
-%% Validate types by encoding a CER.
-encode_CER(Opts) ->
-    {ok, CER} = diameter_capx:build_CER(make_caps(?EXAMPLE_CAPS, Opts)),
-
-    Hdr = #diameter_header{version = ?DIAMETER_VERSION,
-                           end_to_end_id = 0,
-                           hop_by_hop_id = 0},
-
-    try
-        diameter_codec:encode(?BASE, #diameter_packet{header = Hdr,
-                                                      msg = CER}),
-        ok
-    catch
-        exit: Reason ->
-            ?THROW(Reason)
-    end.
-
-init_apps(Opts) ->
-    lists:foldl(fun app_acc/2, [], lists:reverse(Opts)).
-
-app_acc({application, Opts}, Acc) ->
-    is_list(Opts) orelse ?THROW({application, Opts}),
-
-    [Dict, Mod] = get_opt([dictionary, module], Opts),
-    Alias = get_opt(alias, Opts, Dict),
-    ModS  = get_opt(state, Opts, Alias),
-    M = get_opt(call_mutates_state, Opts, false),
-    A = get_opt(answer_errors, Opts, report),
-    [#diameter_app{alias = Alias,
-                   dictionary = Dict,
-                   id = cb(Dict, id),
-                   module = init_mod(Mod),
-                   init_state = ModS,
-                   mutable = init_mutable(M),
-                   answer_errors = init_answers(A)}
-     | Acc];
-app_acc(_, Acc) ->
-    Acc.
-
-init_mod(M)
-  when is_atom(M) ->
-    [M];
-init_mod([M|_] = L)
-  when is_atom(M) ->
-    L;
-init_mod(M) ->
-    ?THROW({module, M}).
-
-init_mutable(M)
-  when M == true;
-       M == false ->
-    M;
-init_mutable(M) ->
-    ?THROW({call_mutates_state, M}).
-
-init_answers(A)
-  when callback == A;
-       report == A;
-       discard == A ->
-    A;
-init_answers(A) ->
-    ?THROW({answer_errors, A}).
-
-%% Get a single value at the specified key.
-get_opt(Keys, List)
-  when is_list(Keys) ->
-    [get_opt(K, List) || K <- Keys];
-get_opt(Key, List) ->
-    case [V || {K,V} <- List, K == Key] of
-        [V] -> V;
-        _   -> ?THROW({arity, Key})
-    end.
-
-%% Get an optional value at the specified key.
-get_opt(Key, List, Def) ->
-    case [V || {K,V} <- List, K == Key] of
-        []  -> Def;
-        [V] -> V;
-        _   -> ?THROW({arity, Key})
-    end.
-
-split(Opts, Defs) ->
-    [{K, value(D, Opts)} || {_,_,K} = D <- Defs].
-
-value({Preds, Def, Key}, Opts) ->
-    V = get_opt(Key, Opts, Def),
-    lists:any(fun(P) -> pred(P,V) end, Preds)
-        orelse ?THROW({value, Key}),
-    V.
-
-pred(F, V)
-  when is_function(F) ->
-    F(V);
-pred(T, V) ->
-    T == V.
-
-cb(M,F) ->
-    try M:F() of
-        V -> V
-    catch
-        E: Reason ->
-            ?THROW({callback, E, Reason, ?STACK})
-    end.
-
-%% call/1
-
-call(Request) ->
-    gen_server:call(?SERVER, Request, infinity).
diff --git a/lib/diameter/src/app/diameter_exprecs.erl b/lib/diameter/src/app/diameter_exprecs.erl
deleted file mode 100644
index 5e120d6f44..0000000000
--- a/lib/diameter/src/app/diameter_exprecs.erl
+++ /dev/null
@@ -1,301 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% Parse transform for generating record access functions
-%%
-%% This parse transform can be used to reduce compile-time
-%% dependencies in large systems.
-%%
-%% In the old days, before records, Erlang programmers often wrote
-%% access functions for tuple data. This was tedious and error-prone.
-%% The record syntax made this easier, but since records were implemented
-%% fully in the pre-processor, a nasty compile-time dependency was
-%% introduced.
-%%
-%% This module automates the generation of access functions for
-%% records. While this method cannot fully replace the utility of
-%% pattern matching, it does allow a fair bit of functionality on
-%% records without the need for compile-time dependencies.
-%%
-%% Whenever record definitions need to be exported from a module,
-%% inserting a compiler attribute,
-%%
-%%   export_records([RecName, ...])
-%%
-%% causes this transform to lay out access functions for the exported
-%% records:
-%%
-%%   -module(foo)
-%%   -compile({parse_transform, diameter_exprecs}).
-%%
-%%   -record(r, {a, b, c}).
-%%   -export_records([a]).
-%%
-%%   -export(['#info-'/1, '#info-'/2,
-%%            '#new-'/1, '#new-'/2,
-%%            '#get-'/2, '#set-'/2,
-%%            '#new-a'/0, '#new-a'/1,
-%%            '#get-a'/2, '#set-a'/2,
-%%            '#info-a'/1]).
-%%
-%%   '#info-'(RecName) ->
-%%       '#info-'(RecName, fields).
-%%
-%%   '#info-'(r, Info) ->
-%%       '#info-r'(Info).
-%%
-%%   '#new-'(r) -> #r{}.
-%%   '#new-'(r, Vals) -> '#new-r'(Vals)
-%%
-%%   '#new-r'() -> #r{}.
-%%   '#new-r'(Vals) -> '#set-r'(Vals, #r{}).
-%%
-%%   '#get-'(Attrs, #r{} = Rec) ->
-%%       '#get-r'(Attrs, Rec).
-%%
-%%   '#get-r'(Attrs, Rec) when is_list(Attrs) ->
-%%       ['#get-r'(A, Rec) || A <- Attrs];
-%%   '#get-r'(a, Rec) -> Rec#r.a;
-%%   '#get-r'(b, Rec) -> Rec#r.b;
-%%   '#get-r'(c, Rec) -> Rec#r.c.
-%%
-%%   '#set-'(Vals, #r{} = Rec) ->
-%%       '#set-r'(Vals, Rec).
-%%
-%%   '#set-r'(Vals, Rec) when is_list(Vals) ->
-%%       lists:foldl(fun '#set-r'/2, Rec, Vals);
-%%   '#set-r'({a,V}, Rec) -> Rec#r{a = V};
-%%   '#set-r'({b,V}, Rec) -> Rec#r{b = V};
-%%   '#set-r'({c,V}, Rec) -> Rec#r{c = V}.
-%%
-%%   '#info-r'(fields) -> record_info(fields, r);
-%%   '#info-r'(size) -> record_info(size, r);
-%%   '#info-r'({index, a}) -> 1;
-%%   '#info-r'({index, b}) -> 2;
-%%   '#info-r'({index, c}) -> 3;
-%%
-
--module(diameter_exprecs).
-
--export([parse_transform/2]).
-
-%% Form tag with line number.
--define(F(T), T, ?LINE).
-%% Yes, that's right. The replacement is to the first unmatched ')'.
-
--define(attribute,    ?F(attribute)).
--define(clause,       ?F(clause)).
--define(function,     ?F(function)).
--define(call,         ?F(call)).
--define('fun',        ?F('fun')).
--define(generate,     ?F(generate)).
--define(lc,           ?F(lc)).
--define(match,        ?F(match)).
--define(remote,       ?F(remote)).
--define(record,       ?F(record)).
--define(record_field, ?F(record_field)).
--define(record_index, ?F(record_index)).
--define(tuple,        ?F(tuple)).
-
--define(ATOM(T),      {atom, ?LINE, T}).
--define(VAR(V),       {var, ?LINE, V}).
-
--define(CALL(F,A),    {?call, ?ATOM(F), A}).
--define(APPLY(M,F,A), {?call, {?remote, ?ATOM(M), ?ATOM(F)}, A}).
-
-%% parse_transform/2
-
-parse_transform(Forms, _Options) ->
-    Rs = [R || {attribute, _, record, R} <- Forms],
-    case lists:append([E || {attribute, _, export_records, E} <- Forms]) of
-        [] ->
-            Forms;
-        Es ->
-            {H,T} = lists:splitwith(fun is_head/1, Forms),
-            H ++ [a_export(Es) | f_accessors(Es, Rs)] ++ T
-    end.
-
-is_head(T) ->
-    not lists:member(element(1,T), [function, eof]).
-
-%% a_export/1
-
-a_export(Exports) ->
-    {?attribute, export, [{fname(info), 1},
-                          {fname(info), 2},
-                          {fname(new), 1},
-                          {fname(new), 2},
-                          {fname(get), 2},
-                          {fname(set), 2}
-                          | lists:flatmap(fun export/1, Exports)]}.
-
-export(Rname) ->
-    New = fname(new, Rname),
-    [{New, 0},
-     {New, 1},
-     {fname(get, Rname), 2},
-     {fname(set, Rname), 2},
-     {fname(info, Rname), 1}].
-
-%% f_accessors/2
-
-f_accessors(Es, Rs) ->
-    ['#info-/1'(),
-     '#info-/2'(Es),
-     '#new-/1'(Es),
-     '#new-/2'(Es),
-     '#get-/2'(Es),
-     '#set-/2'(Es)
-     | lists:flatmap(fun(N) -> accessors(N, fields(N, Rs)) end, Es)].
-
-accessors(Rname, Fields) ->
-    ['#new-X/0'(Rname),
-     '#new-X/1'(Rname),
-     '#get-X/2'(Rname, Fields),
-     '#set-X/2'(Rname, Fields),
-     '#info-X/1'(Rname, Fields)].
-
-fields(Rname, Recs) ->
-    {Rname, Fields} = lists:keyfind(Rname, 1, Recs),
-    lists:map(fun({record_field, _, {atom, _, N}})    -> N;
-                 ({record_field, _, {atom, _, N}, _}) -> N
-              end,
-              Fields).
-
-fname_prefix(Op) ->
-    "#" ++ atom_to_list(Op) ++ "-".
-
-fname(Op) ->
-    list_to_atom(fname_prefix(Op)).
-
-fname(Op, Rname) ->
-    Prefix = fname_prefix(Op),
-    list_to_atom(Prefix ++ atom_to_list(Rname)).
-
-%% Generated functions.
-
-'#info-/1'() ->
-    Fname = fname(info),
-    {?function, Fname, 1,
-     [{?clause, [?VAR('RecName')],
-       [],
-       [?CALL(Fname, [?VAR('RecName'), ?ATOM(fields)])]}]}.
-
-'#info-/2'(Exports) ->
-    {?function, fname(info), 2,
-     lists:map(fun 'info-'/1, Exports)}.
-
-'info-'(R) ->
-    {?clause, [?ATOM(R), ?VAR('Info')],
-     [],
-     [?CALL(fname(info, R), [?VAR('Info')])]}.
-
-'#new-/1'(Exports) ->
-    {?function, fname(new), 1,
-     lists:map(fun 'new-'/1, Exports)}.
-
-'new-'(R) ->
-    {?clause, [?ATOM(R)],
-     [],
-     [{?record, R, []}]}.
-
-'#new-/2'(Exports) ->
-    {?function, fname(new), 2,
-     lists:map(fun 'new--'/1, Exports)}.
-
-'new--'(R) ->
-    {?clause, [?ATOM(R), ?VAR('Vals')],
-     [],
-     [?CALL(fname(new, R), [?VAR('Vals')])]}.
-
-'#get-/2'(Exports) ->
-    {?function, fname(get), 2,
-     lists:map(fun 'get-'/1, Exports)}.
-
-'get-'(R) ->
-    {?clause, [?VAR('Attrs'),
-               {?match, {?record, R, []}, ?VAR('Rec')}],
-     [],
-     [?CALL(fname(get, R), [?VAR('Attrs'), ?VAR('Rec')])]}.
-
-'#set-/2'(Exports) ->
-    {?function, fname(set), 2,
-     lists:map(fun 'set-'/1, Exports)}.
-
-'set-'(R) ->
-    {?clause, [?VAR('Vals'), {?match, {?record, R, []}, ?VAR('Rec')}],
-     [],
-     [?CALL(fname(set, R), [?VAR('Vals'), ?VAR('Rec')])]}.
-
-'#new-X/0'(Rname) ->
-    {?function, fname(new, Rname), 0,
-     [{?clause, [],
-       [],
-       [{?record, Rname, []}]}]}.
-
-'#new-X/1'(Rname) ->
-    {?function, fname(new, Rname), 1,
-     [{?clause, [?VAR('Vals')],
-       [],
-       [?CALL(fname(set, Rname), [?VAR('Vals'), {?record, Rname, []}])]}]}.
-
-'#set-X/2'(Rname, Fields) ->
-    {?function, fname(set, Rname), 2,
-     [{?clause, [?VAR('Vals'), ?VAR('Rec')],
-       [[?CALL(is_list, [?VAR('Vals')])]],
-       [?APPLY(lists, foldl, [{?'fun', {function, fname(set, Rname), 2}},
-                              ?VAR('Rec'),
-                              ?VAR('Vals')])]}
-      | lists:map(fun(A) -> 'set-X'(Rname, A) end, Fields)]}.
-
-'set-X'(Rname, Attr) ->
-    {?clause, [{?tuple, [?ATOM(Attr), ?VAR('V')]}, ?VAR('Rec')],
-     [],
-     [{?record, ?VAR('Rec'), Rname,
-       [{?record_field, ?ATOM(Attr), ?VAR('V')}]}]}.
-
-'#get-X/2'(Rname, Fields) ->
-    FName = fname(get, Rname),
-    {?function, FName, 2,
-     [{?clause, [?VAR('Attrs'), ?VAR('Rec')],
-       [[?CALL(is_list, [?VAR('Attrs')])]],
-       [{?lc, ?CALL(FName, [?VAR('A'), ?VAR('Rec')]),
-	 [{?generate, ?VAR('A'), ?VAR('Attrs')}]}]}
-      | lists:map(fun(A) -> 'get-X'(Rname, A) end, Fields)]}.
-
-'get-X'(Rname, Attr) ->
-    {?clause, [?ATOM(Attr), ?VAR('Rec')],
-     [],
-     [{?record_field, ?VAR('Rec'), Rname, ?ATOM(Attr)}]}.
-
-'#info-X/1'(Rname, Fields) ->
-    {?function, fname(info, Rname), 1,
-     [{?clause, [?ATOM(fields)],
-       [],
-       [?CALL(record_info, [?ATOM(fields), ?ATOM(Rname)])]},
-      {?clause, [?ATOM(size)],
-       [],
-       [?CALL(record_info, [?ATOM(size), ?ATOM(Rname)])]}
-      | lists:map(fun(A) -> 'info-X'(Rname, A) end, Fields)]}.
-
-'info-X'(Rname, Attr) ->
-    {?clause, [{?tuple, [?ATOM(index), ?ATOM(Attr)]}],
-     [],
-     [{?record_index, Rname, ?ATOM(Attr)}]}.
diff --git a/lib/diameter/src/app/diameter_gen_base_accounting.dia b/lib/diameter/src/app/diameter_gen_base_accounting.dia
deleted file mode 100644
index 64e95dddb5..0000000000
--- a/lib/diameter/src/app/diameter_gen_base_accounting.dia
+++ /dev/null
@@ -1,68 +0,0 @@
-;;
-;; %CopyrightBegin%
-;;
-;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
-;;
-;; The contents of this file are subject to the Erlang Public License,
-;; Version 1.1, (the "License"); you may not use this file except in
-;; compliance with the License. You should have received a copy of the
-;; Erlang Public License along with this software. If not, it can be
-;; retrieved online at http://www.erlang.org/.
-;;
-;; Software distributed under the License is distributed on an "AS IS"
-;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-;; the License for the specific language governing rights and limitations
-;; under the License.
-;;
-;; %CopyrightEnd%
-;;
-
-@id 3
-@prefix diameter_base_accounting
-@vendor 0 IETF
-
-@inherits diameter_gen_base_rfc3588
-
-@messages
-
-      ACR  ::= < Diameter Header: 271, REQ, PXY >
-                < Session-Id >
-                { Origin-Host }
-                { Origin-Realm }
-                { Destination-Realm }
-                { Accounting-Record-Type }
-                { Accounting-Record-Number }
-                [ Acct-Application-Id ]
-                [ Vendor-Specific-Application-Id ]
-                [ User-Name ]
-                [ Accounting-Sub-Session-Id ]
-                [ Acct-Session-Id ]
-                [ Acct-Multi-Session-Id ]
-                [ Acct-Interim-Interval ]
-                [ Accounting-Realtime-Required ]
-                [ Origin-State-Id ]
-                [ Event-Timestamp ]
-              * [ Proxy-Info ]
-              * [ Route-Record ]
-              * [ AVP ]
-
-      ACA  ::= < Diameter Header: 271, PXY >
-                < Session-Id >
-                { Result-Code }
-                { Origin-Host }
-                { Origin-Realm }
-                { Accounting-Record-Type }
-                { Accounting-Record-Number }
-                [ Acct-Application-Id ]
-                [ Vendor-Specific-Application-Id ]
-                [ User-Name ]
-                [ Accounting-Sub-Session-Id ]
-                [ Acct-Session-Id ]
-                [ Acct-Multi-Session-Id ]
-                [ Error-Reporting-Host ]
-                [ Acct-Interim-Interval ]
-                [ Accounting-Realtime-Required ]
-                [ Origin-State-Id ]
-                [ Event-Timestamp ]
-              * [ Proxy-Info ]
-              * [ AVP ]
diff --git a/lib/diameter/src/app/diameter_gen_base_rfc3588.dia b/lib/diameter/src/app/diameter_gen_base_rfc3588.dia
deleted file mode 100644
index 4a12e21acd..0000000000
--- a/lib/diameter/src/app/diameter_gen_base_rfc3588.dia
+++ /dev/null
@@ -1,413 +0,0 @@
-;;
-;; %CopyrightBegin%
-;;
-;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
-;;
-;; The contents of this file are subject to the Erlang Public License,
-;; Version 1.1, (the "License"); you may not use this file except in
-;; compliance with the License. You should have received a copy of the
-;; Erlang Public License along with this software. If not, it can be
-;; retrieved online at http://www.erlang.org/.
-;;
-;; Software distributed under the License is distributed on an "AS IS"
-;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-;; the License for the specific language governing rights and limitations
-;; under the License.
-;;
-;; %CopyrightEnd%
-;;
-
-@id 0
-@prefix diameter_base
-@vendor 0 IETF
-
-@avp_types
-
-   Acct-Interim-Interval             85    Unsigned32    M
-   Accounting-Realtime-Required     483    Enumerated    M
-   Acct-Multi-Session-Id             50    UTF8String    M
-   Accounting-Record-Number         485    Unsigned32    M
-   Accounting-Record-Type           480    Enumerated    M
-   Acct-Session-Id                   44   OctetString    M
-   Accounting-Sub-Session-Id        287    Unsigned64    M
-   Acct-Application-Id              259    Unsigned32    M
-   Auth-Application-Id              258    Unsigned32    M
-   Auth-Request-Type                274    Enumerated    M
-   Authorization-Lifetime           291    Unsigned32    M
-   Auth-Grace-Period                276    Unsigned32    M
-   Auth-Session-State               277    Enumerated    M
-   Re-Auth-Request-Type             285    Enumerated    M
-   Class                             25   OctetString    M
-   Destination-Host                 293     DiamIdent    M
-   Destination-Realm                283     DiamIdent    M
-   Disconnect-Cause                 273    Enumerated    M
-   E2E-Sequence                     300       Grouped    M
-   Error-Message                    281    UTF8String    -
-   Error-Reporting-Host             294     DiamIdent    -
-   Event-Timestamp                   55          Time    M
-   Experimental-Result              297       Grouped    M
-   Experimental-Result-Code         298    Unsigned32    M
-   Failed-AVP                       279       Grouped    M
-   Firmware-Revision                267    Unsigned32    -
-   Host-IP-Address                  257       Address    M
-   Inband-Security-Id               299    Unsigned32    M
-   Multi-Round-Time-Out             272    Unsigned32    M
-   Origin-Host                      264     DiamIdent    M
-   Origin-Realm                     296     DiamIdent    M
-   Origin-State-Id                  278    Unsigned32    M
-   Product-Name                     269    UTF8String    -
-   Proxy-Host                       280     DiamIdent    M
-   Proxy-Info                       284       Grouped    M
-   Proxy-State                       33   OctetString    M
-   Redirect-Host                    292       DiamURI    M
-   Redirect-Host-Usage              261    Enumerated    M
-   Redirect-Max-Cache-Time          262    Unsigned32    M
-   Result-Code                      268    Unsigned32    M
-   Route-Record                     282     DiamIdent    M
-   Session-Id                       263    UTF8String    M
-   Session-Timeout                   27    Unsigned32    M
-   Session-Binding                  270    Unsigned32    M
-   Session-Server-Failover          271    Enumerated    M
-   Supported-Vendor-Id              265    Unsigned32    M
-   Termination-Cause                295    Enumerated    M
-   User-Name                          1    UTF8String    M
-   Vendor-Id                        266    Unsigned32    M
-   Vendor-Specific-Application-Id   260       Grouped    M
-
-@messages
-
-      CER  ::= < Diameter Header: 257, REQ >
-                { Origin-Host }
-                { Origin-Realm }
-             1* { Host-IP-Address }
-                { Vendor-Id }
-                { Product-Name }
-                [ Origin-State-Id ]
-              * [ Supported-Vendor-Id ]
-              * [ Auth-Application-Id ]
-              * [ Inband-Security-Id ]
-              * [ Acct-Application-Id ]
-              * [ Vendor-Specific-Application-Id ]
-                [ Firmware-Revision ]
-              * [ AVP ]
-
-      CEA  ::= < Diameter Header: 257 >
-                { Result-Code }
-                { Origin-Host }
-                { Origin-Realm }
-             1* { Host-IP-Address }
-                { Vendor-Id }
-                { Product-Name }
-                [ Origin-State-Id ]
-                [ Error-Message ]
-              * [ Failed-AVP ]
-              * [ Supported-Vendor-Id ]
-              * [ Auth-Application-Id ]
-              * [ Inband-Security-Id ]
-              * [ Acct-Application-Id ]
-              * [ Vendor-Specific-Application-Id ]
-                [ Firmware-Revision ]
-              * [ AVP ]
-
-      DPR   ::= < Diameter Header: 282, REQ >
-                 { Origin-Host }
-                 { Origin-Realm }
-                 { Disconnect-Cause }
-
-      DPA   ::= < Diameter Header: 282 >
-                 { Result-Code }
-                 { Origin-Host }
-                 { Origin-Realm }
-                 [ Error-Message ]
-               * [ Failed-AVP ]
-
-      DWR   ::= < Diameter Header: 280, REQ >
-                 { Origin-Host }
-                 { Origin-Realm }
-                 [ Origin-State-Id ]
-
-      DWA   ::= < Diameter Header: 280 >
-                 { Result-Code }
-                 { Origin-Host }
-                 { Origin-Realm }
-                 [ Error-Message ]
-               * [ Failed-AVP ]
-                 [ Origin-State-Id ]
-
-   answer-message  ::= < Diameter Header: code, ERR [PXY] >
-                     0*1< Session-Id >
-                        { Origin-Host }
-                        { Origin-Realm }
-                        { Result-Code }
-                        [ Origin-State-Id ]
-                        [ Error-Reporting-Host ]
-                        [ Proxy-Info ]
-                      * [ AVP ]
-
-      RAR   ::= < Diameter Header: 258, REQ, PXY >
-                 < Session-Id >
-                 { Origin-Host }
-                 { Origin-Realm }
-                 { Destination-Realm }
-                 { Destination-Host }
-                 { Auth-Application-Id }
-                 { Re-Auth-Request-Type }
-                 [ User-Name ]
-                 [ Origin-State-Id ]
-               * [ Proxy-Info ]
-               * [ Route-Record ]
-               * [ AVP ]
-
-      RAA   ::= < Diameter Header: 258, PXY >
-                 < Session-Id >
-                 { Result-Code }
-                 { Origin-Host }
-                 { Origin-Realm }
-                 [ User-Name ]
-                 [ Origin-State-Id ]
-                 [ Error-Message ]
-                 [ Error-Reporting-Host ]
-               * [ Failed-AVP ]
-               * [ Redirect-Host ]
-                 [ Redirect-Host-Usage ]
-                 [ Redirect-Max-Cache-Time ]
-               * [ Proxy-Info ]
-               * [ AVP ]
-
-      STR  ::= < Diameter Header: 275, REQ, PXY >
-                < Session-Id >
-                { Origin-Host }
-                { Origin-Realm }
-                { Destination-Realm }
-                { Auth-Application-Id }
-                { Termination-Cause }
-                [ User-Name ]
-                [ Destination-Host ]
-              * [ Class ]
-                [ Origin-State-Id ]
-              * [ Proxy-Info ]
-              * [ Route-Record ]
-              * [ AVP ]
-
-      STA   ::= < Diameter Header: 275, PXY >
-                 < Session-Id >
-                 { Result-Code }
-                 { Origin-Host }
-                 { Origin-Realm }
-                 [ User-Name ]
-               * [ Class ]
-                 [ Error-Message ]
-                 [ Error-Reporting-Host ]
-               * [ Failed-AVP ]
-                 [ Origin-State-Id ]
-               * [ Redirect-Host ]
-                 [ Redirect-Host-Usage ]
-                 [ Redirect-Max-Cache-Time ]
-               * [ Proxy-Info ]
-               * [ AVP ]
-
-      ASR   ::= < Diameter Header: 274, REQ, PXY >
-                 < Session-Id >
-                 { Origin-Host }
-                 { Origin-Realm }
-                 { Destination-Realm }
-                 { Destination-Host }
-                 { Auth-Application-Id }
-                 [ User-Name ]
-                 [ Origin-State-Id ]
-               * [ Proxy-Info ]
-               * [ Route-Record ]
-               * [ AVP ]
-
-      ASA   ::= < Diameter Header: 274, PXY >
-                 < Session-Id >
-                 { Result-Code }
-                 { Origin-Host }
-                 { Origin-Realm }
-                 [ User-Name ]
-                 [ Origin-State-Id ]
-                 [ Error-Message ]
-                 [ Error-Reporting-Host ]
-               * [ Failed-AVP ]
-               * [ Redirect-Host ]
-                 [ Redirect-Host-Usage ]
-                 [ Redirect-Max-Cache-Time ]
-               * [ Proxy-Info ]
-               * [ AVP ]
-
-      ACR  ::= < Diameter Header: 271, REQ, PXY >
-                < Session-Id >
-                { Origin-Host }
-                { Origin-Realm }
-                { Destination-Realm }
-                { Accounting-Record-Type }
-                { Accounting-Record-Number }
-                [ Acct-Application-Id ]
-                [ Vendor-Specific-Application-Id ]
-                [ User-Name ]
-                [ Accounting-Sub-Session-Id ]
-                [ Acct-Session-Id ]
-                [ Acct-Multi-Session-Id ]
-                [ Acct-Interim-Interval ]
-                [ Accounting-Realtime-Required ]
-                [ Origin-State-Id ]
-                [ Event-Timestamp ]
-              * [ Proxy-Info ]
-              * [ Route-Record ]
-              * [ AVP ]
-
-      ACA  ::= < Diameter Header: 271, PXY >
-                < Session-Id >
-                { Result-Code }
-                { Origin-Host }
-                { Origin-Realm }
-                { Accounting-Record-Type }
-                { Accounting-Record-Number }
-                [ Acct-Application-Id ]
-                [ Vendor-Specific-Application-Id ]
-                [ User-Name ]
-                [ Accounting-Sub-Session-Id ]
-                [ Acct-Session-Id ]
-                [ Acct-Multi-Session-Id ]
-                [ Error-Reporting-Host ]
-                [ Acct-Interim-Interval ]
-                [ Accounting-Realtime-Required ]
-                [ Origin-State-Id ]
-                [ Event-Timestamp ]
-              * [ Proxy-Info ]
-              * [ AVP ]
-
-@enum Disconnect-Cause
-
-   REBOOTING                         0
-   BUSY                              1
-   DO_NOT_WANT_TO_TALK_TO_YOU        2
-
-@enum Redirect-Host-Usage
-
-   DONT_CACHE                        0
-   ALL_SESSION                       1
-   ALL_REALM                         2
-   REALM_AND_APPLICATION             3
-   ALL_APPLICATION                   4
-   ALL_HOST                          5
-   ALL_USER                          6
-
-@enum Auth-Request-Type
-
-   AUTHENTICATE_ONLY          1
-   AUTHORIZE_ONLY             2
-   AUTHORIZE_AUTHENTICATE     3
-
-@enum Auth-Session-State
-
-   STATE_MAINTAINED              0
-   NO_STATE_MAINTAINED           1
-
-@enum Re-Auth-Request-Type
-
-   AUTHORIZE_ONLY             0
-   AUTHORIZE_AUTHENTICATE     1
-
-@enum Termination-Cause
-
-   DIAMETER_LOGOUT                   1
-   DIAMETER_SERVICE_NOT_PROVIDED     2
-   DIAMETER_BAD_ANSWER               3
-   DIAMETER_ADMINISTRATIVE           4
-   DIAMETER_LINK_BROKEN              5
-   DIAMETER_AUTH_EXPIRED             6
-   DIAMETER_USER_MOVED               7
-   DIAMETER_SESSION_TIMEOUT          8
-
-@enum Session-Server-Failover
-
-   REFUSE_SERVICE             0
-   TRY_AGAIN                  1
-   ALLOW_SERVICE              2
-   TRY_AGAIN_ALLOW_SERVICE    3
-
-@enum Accounting-Record-Type
-
-   EVENT_RECORD                    1
-   START_RECORD                    2
-   INTERIM_RECORD                  3
-   STOP_RECORD                     4
-
-@enum Accounting-Realtime-Required
-
-   DELIVER_AND_GRANT                           1
-   GRANT_AND_STORE                             2
-   GRANT_AND_LOSE                              3
-
-@result_code Result-Code
-
-;; 7.1.1.  Informational
-   DIAMETER_MULTI_ROUND_AUTH         1001
-
-;; 7.1.2.  Success
-   DIAMETER_SUCCESS                   2001
-   DIAMETER_LIMITED_SUCCESS           2002
-
-;; 7.1.3.  Protocol Errors
-   DIAMETER_COMMAND_UNSUPPORTED       3001
-   DIAMETER_UNABLE_TO_DELIVER         3002
-   DIAMETER_REALM_NOT_SERVED          3003
-   DIAMETER_TOO_BUSY                  3004
-   DIAMETER_LOOP_DETECTED             3005
-   DIAMETER_REDIRECT_INDICATION       3006
-   DIAMETER_APPLICATION_UNSUPPORTED   3007
-   DIAMETER_INVALID_HDR_BITS          3008
-   DIAMETER_INVALID_AVP_BITS          3009
-   DIAMETER_UNKNOWN_PEER              3010
-
-;; 7.1.4.  Transient Failures
-   DIAMETER_AUTHENTICATION_REJECTED   4001
-   DIAMETER_OUT_OF_SPACE              4002
-   ELECTION_LOST                      4003
-
-;; 7.1.5.  Permanent Failures
-   DIAMETER_AVP_UNSUPPORTED           5001
-   DIAMETER_UNKNOWN_SESSION_ID        5002
-   DIAMETER_AUTHORIZATION_REJECTED    5003
-   DIAMETER_INVALID_AVP_VALUE         5004
-   DIAMETER_MISSING_AVP               5005
-   DIAMETER_RESOURCES_EXCEEDED        5006
-   DIAMETER_CONTRADICTING_AVPS        5007
-   DIAMETER_AVP_NOT_ALLOWED           5008
-   DIAMETER_AVP_OCCURS_TOO_MANY_TIMES 5009
-   DIAMETER_NO_COMMON_APPLICATION     5010
-   DIAMETER_UNSUPPORTED_VERSION       5011
-   DIAMETER_UNABLE_TO_COMPLY          5012
-   DIAMETER_INVALID_BIT_IN_HEADER     5013
-   DIAMETER_INVALID_AVP_LENGTH        5014
-   DIAMETER_INVALID_MESSAGE_LENGTH    5015
-   DIAMETER_INVALID_AVP_BIT_COMBO     5016
-   DIAMETER_NO_COMMON_SECURITY        5017
-
-@grouped 
-
-      Proxy-Info ::= < AVP Header: 284 >
-                     { Proxy-Host }
-                     { Proxy-State }
-                   * [ AVP ]
-
-      Failed-AVP ::= < AVP Header: 279 >
-                    1* {AVP}
-
-      Experimental-Result ::= < AVP Header: 297 >
-                                 { Vendor-Id }
-                                 { Experimental-Result-Code }
-
-  Vendor-Specific-Application-Id ::= < AVP Header: 260 >
-                                     1* { Vendor-Id }
-                                        [ Auth-Application-Id ]
-                                        [ Acct-Application-Id ]
-
-;; The E2E-Sequence AVP is defined in RFC 3588 as Grouped, but 
-;; there is no definition of the group - only an informal text stating
-;; that there should be a nonce (an OctetString) and a counter
-;; (integer)
-;;
-      E2E-Sequence ::= <AVP Header: 300 >
-                   2* { AVP }
diff --git a/lib/diameter/src/app/diameter_gen_relay.dia b/lib/diameter/src/app/diameter_gen_relay.dia
deleted file mode 100644
index d86446e368..0000000000
--- a/lib/diameter/src/app/diameter_gen_relay.dia
+++ /dev/null
@@ -1,24 +0,0 @@
-;;
-;; %CopyrightBegin%
-;;
-;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
-;;
-;; The contents of this file are subject to the Erlang Public License,
-;; Version 1.1, (the "License"); you may not use this file except in
-;; compliance with the License. You should have received a copy of the
-;; Erlang Public License along with this software. If not, it can be
-;; retrieved online at http://www.erlang.org/.
-;;
-;; Software distributed under the License is distributed on an "AS IS"
-;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-;; the License for the specific language governing rights and limitations
-;; under the License.
-;;
-;; %CopyrightEnd%
-;;
-
-@id 0xFFFFFFFF
-@prefix diameter_relay
-@vendor 0 IETF
-
-@inherits diameter_gen_base_rfc3588
diff --git a/lib/diameter/src/app/diameter_peer_fsm.erl b/lib/diameter/src/app/diameter_peer_fsm.erl
deleted file mode 100644
index 0252fb3809..0000000000
--- a/lib/diameter/src/app/diameter_peer_fsm.erl
+++ /dev/null
@@ -1,746 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% This module implements (as a process) the RFC 3588 Peer State
-%% Machine modulo the necessity of adapting the peer election to the
-%% fact that we don't know the identity of a peer until we've
-%% received a CER/CEA from it.
-%%
-
--module(diameter_peer_fsm).
--behaviour(gen_server).
-
-%% Interface towards diameter_watchdog.
--export([start/3]).
-
-%% gen_server callbacks
--export([init/1,
-         handle_call/3,
-         handle_cast/2,
-         handle_info/2,
-         terminate/2,
-         code_change/3]).
-
-%% diameter_peer_fsm_sup callback
--export([start_link/1]).
-
-%% internal callbacks
--export([match/1]).
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
--include("diameter_types.hrl").
--include("diameter_gen_base_rfc3588.hrl").
-
--define(GOAWAY, ?'DIAMETER_BASE_DISCONNECT-CAUSE_DO_NOT_WANT_TO_TALK_TO_YOU').
--define(REBOOT, ?'DIAMETER_BASE_DISCONNECT-CAUSE_REBOOTING').
-
--define(LOOP_TIMEOUT, 2000).
-
-%% RFC 3588:
-%%
-%%   Timeout        An application-defined timer has expired while waiting
-%%                  for some event.
-%%
--define(EVENT_TIMEOUT, 10000).
-
-%% How long to wait for a DPA in response to DPR before simply
-%% aborting. Used to distinguish between shutdown and not but there's
-%% not really any need. Stopping a service will require a timeout if
-%% the peer doesn't answer DPR so the value should be short-ish.
--define(DPA_TIMEOUT, 1000).
-
--record(state,
-        {state = 'Wait-Conn-Ack'   %% state of RFC 3588 Peer State Machine
-              :: 'Wait-Conn-Ack' | recv_CER | 'Wait-CEA' | 'Open',
-         mode :: accept | connect | {connect, reference()},
-         parent       :: pid(),
-         transport    :: pid(),
-         service      :: #diameter_service{},
-         dpr = false  :: false | {'Unsigned32'(), 'Unsigned32'()}}).
-                            %% | hop by hop and end to end identifiers
-
-%% There are non-3588 states possible as a consequence of 5.6.1 of the
-%% standard and the corresponding problem for incoming CEA's: we don't
-%% know who we're talking to until either a CER or CEA has been
-%% received. The CEA problem in particular makes it impossible to
-%% follow the state machine exactly as documented in 3588: there can
-%% be no election until the CEA arrives and we have an Origin-Host to
-%% elect.
-
-%%
-%% Once upon a time start/2 started a process akin to that started by
-%% start/3 below, which in turn started a watchdog/transport process
-%% with the result that the watchdog could send DWR/DWA regardless of
-%% whether or not the corresponding Peer State Machine was in its open
-%% state; that is, before capabilities exchange had taken place. This
-%% is not what RFC's 3588 and 3539 say (albeit not very clearly).
-%% Watchdog messages are only exchanged on *open* connections, so the
-%% 3539 state machine is more naturally placed on top of the 3588 Peer
-%% State Machine rather than closer to the transport. This is what we
-%% now do below: connect/accept call diameter_watchdog and return the
-%% pid of the watchdog process, and the watchdog in turn calls start/3
-%% below to start the process implementing the Peer State Machine. The
-%% former is a "peer" in diameter_service while the latter is a
-%% "conn". In a sense, diameter_service sees the watchdog as
-%% implementing the Peer State Machine and the process implemented
-%% here as being the transport, not being aware of the watchdog at
-%% all.
-%%
-
-%%% ---------------------------------------------------------------------------
-%%% # start({connect|accept, Ref}, Opts, Service)
-%%%
-%%% Output: Pid
-%%% ---------------------------------------------------------------------------
-
-%% diameter_config requires a non-empty list of applications on the
-%% service but diameter_service then constrains the list to any
-%% specified on the transport in question. Check here that the list is
-%% still non-empty.
-
-start({_, Ref} = Type, Opts, #diameter_service{applications = Apps} = Svc) ->
-    [] /= Apps orelse ?ERROR({no_apps, Type, Opts}),
-    T = {self(), Type, Opts, Svc},
-    {ok, Pid} = diameter_peer_fsm_sup:start_child(T),
-    diameter_stats:reg(Pid, Ref),
-    Pid.
-
-start_link(T) ->
-    {ok, _} = proc_lib:start_link(?MODULE,
-                                  init,
-                                  [T],
-                                  infinity,
-                                  diameter_lib:spawn_opts(server, [])).
-
-%%% ---------------------------------------------------------------------------
-%%% ---------------------------------------------------------------------------
-
-%% init/1
-
-init(T) ->
-    proc_lib:init_ack({ok, self()}),
-    gen_server:enter_loop(?MODULE, [], i(T)).
-
-i({WPid, {M, _} = T, Opts, #diameter_service{capabilities = Caps} = Svc0}) ->
-    putr(dwa, dwa(Caps)),
-    {ok, TPid, Svc} = start_transport(T, Opts, Svc0),
-    erlang:monitor(process, TPid),
-    erlang:monitor(process, WPid),
-    #state{parent = WPid,
-           transport = TPid,
-           mode = M,
-           service = Svc}.
-%% The transport returns its local ip addresses so that different
-%% transports on the same service can use different local addresses.
-%% The local addresses are put into Host-IP-Address avps here when
-%% sending capabilities exchange messages.
-%%
-%% Invalid transport config may cause us to crash but note that the
-%% watchdog start (start/2) succeeds regardless so as not to crash the
-%% service.
-
-start_transport(T, Opts, Svc) ->
-    case diameter_peer:start(T, Opts, Svc) of
-        {ok, TPid} ->
-            {ok, TPid, Svc};
-        {ok, TPid, [_|_] = Addrs} ->
-            #diameter_service{capabilities = Caps0} = Svc,
-            Caps = Caps0#diameter_caps{host_ip_address = Addrs},
-            {ok, TPid, Svc#diameter_service{capabilities = Caps}};
-        No ->
-            exit({shutdown, No})
-    end.
-
-%% handle_call/3
-
-handle_call(_, _, State) ->
-    {reply, nok, State}.
-
-%% handle_cast/2
-
-handle_cast(_, State) ->
-    {noreply, State}.
-
-%% handle_info/1
-
-handle_info(T, #state{} = State) ->
-    try transition(T, State) of
-        ok ->
-            {noreply, State};
-        #state{state = X} = S ->
-            ?LOGC(X =/= State#state.state, transition, X),
-            {noreply, S};
-        {stop, Reason} ->
-            ?LOG(stop, Reason),
-            x(Reason, State);
-        stop ->
-            ?LOG(stop, T),
-            x(T, State)
-    catch
-        throw: {?MODULE, close = C, Reason} ->
-            ?LOG(C, {Reason, T}),
-            x(Reason, State);
-        throw: {?MODULE, abort, Reason}  ->
-            {stop, {shutdown, Reason}, State}
-    end.
-
-x(Reason, #state{} = S) ->
-    close_wd(Reason, S),
-    {stop, {shutdown, Reason}, S}.
-
-%% terminate/2
-
-terminate(_, _) ->
-    ok.
-
-%% code_change/3
-
-code_change(_, State, _) ->
-    {ok, State}.
-
-%%% ---------------------------------------------------------------------------
-%%% ---------------------------------------------------------------------------
-
-putr(Key, Val) ->
-    put({?MODULE, Key}, Val).
-
-getr(Key) ->
-    get({?MODULE, Key}).
-
-%% transition/2
-
-%% Connection to peer.
-transition({diameter, {TPid, connected, Remote}},
-           #state{state = PS,
-                  mode = M}
-           = S) ->
-    'Wait-Conn-Ack' = PS,  %% assert
-    connect = M,           %%
-    send_CER(S#state{mode = {M, Remote},
-                     transport = TPid});
-
-%% Connection from peer.
-transition({diameter, {TPid, connected}},
-           #state{state = PS,
-                  mode = M,
-                  parent = Pid}
-           = S) ->
-    'Wait-Conn-Ack' = PS,  %% assert
-    accept = M,            %%
-    Pid ! {accepted, self()},
-    start_timer(S#state{state = recv_CER,
-                        transport = TPid});
-
-%% Incoming message from the transport.
-transition({diameter, {recv, Pkt}}, S) ->
-    recv(Pkt, S);
-
-%% Timeout when still in the same state ...
-transition({timeout, PS}, #state{state = PS}) ->
-    stop;
-
-%% ... or not.
-transition({timeout, _}, _) ->
-    ok;
-
-%% Outgoing message.
-transition({send, Msg}, #state{transport = TPid}) ->
-    send(TPid, Msg),
-    ok;
-
-%% Request for graceful shutdown.
-transition({shutdown, Pid}, #state{parent = Pid, dpr = false} = S) ->
-    dpr(?GOAWAY, S);
-transition({shutdown, Pid}, #state{parent = Pid}) ->
-    ok;
-
-%% Application shutdown.
-transition(shutdown, #state{dpr = false} = S) ->
-    dpr(?REBOOT, S);
-transition(shutdown, _) ->  %% DPR already send: ensure expected timeout
-    dpa_timer(),
-    ok;
-
-%% Request to close the transport connection.
-transition({close = T, Pid}, #state{parent = Pid,
-                                    transport = TPid}
-                             = S) ->
-    diameter_peer:close(TPid),
-    close(T,S);
-
-%% DPA reception has timed out.
-transition(dpa_timeout, _) ->
-    stop;
-
-%% Someone wants to know a resolved port: forward to the transport process.
-transition({resolve_port, _Pid} = T, #state{transport = TPid}) ->
-    TPid ! T,
-    ok;
-
-%% Parent or transport has died.
-transition({'DOWN', _, process, P, _},
-           #state{parent = Pid,
-                  transport = TPid})
-  when P == Pid;
-       P == TPid ->
-    stop;
-
-%% State query.
-transition({state, Pid}, #state{state = S, transport = TPid}) ->
-    Pid ! {self(), [S, TPid]},
-    ok.
-
-%% Crash on anything unexpected.
-
-%% send_CER/1
-
-send_CER(#state{mode = {connect, Remote},
-                service = #diameter_service{capabilities = Caps},
-                transport = TPid}
-         = S) ->
-    req_send_CER(Caps#diameter_caps.origin_host, Remote)
-        orelse
-        close(connected, S),
-    CER = build_CER(S),
-    ?LOG(send, 'CER'),
-    send(TPid, encode(CER)),
-    start_timer(S#state{state = 'Wait-CEA'}).
-
-%% Register ourselves as connecting to the remote endpoint in
-%% question. This isn't strictly necessary since a peer implementing
-%% the 3588 Peer State Machine should reject duplicate connection's
-%% from the same peer but there's little point in us setting up a
-%% duplicate connection in the first place. This could also include
-%% the transport protocol being used but since we're blind to
-%% transport just avoid duplicate connections to the same host/port.
-req_send_CER(OriginHost, Remote) ->
-    register_everywhere({?MODULE, connection, OriginHost, {remote, Remote}}).
-
-%% start_timer/1
-
-start_timer(#state{state = PS} = S) ->
-    erlang:send_after(?EVENT_TIMEOUT, self(), {timeout, PS}),
-    S.
-
-%% build_CER/1
-
-build_CER(#state{service = #diameter_service{capabilities = Caps}}) ->
-    {ok, CER} = diameter_capx:build_CER(Caps),
-    CER.
-
-%% encode/1
-
-encode(Rec) ->
-    #diameter_packet{bin = Bin} = diameter_codec:encode(?BASE, Rec),
-    Bin.
-
-%% recv/2
-
-%% RFC 3588 has result code 5015 for an invalid length but if a
-%% transport is detecting message boundaries using the length header
-%% then a length error will likely lead to further errors.
-
-recv(#diameter_packet{header = #diameter_header{length = Len}
-                             = Hdr,
-                      bin = Bin},
-     S)
-  when Len < 20;
-       (0 /= Len rem 4 orelse bit_size(Bin) /= 8*Len) ->
-    discard(invalid_message_length, recv, [size(Bin),
-                                           bit_size(Bin) rem 8,
-                                           Hdr,
-                                           S]);
-
-recv(#diameter_packet{header = #diameter_header{} = Hdr}
-     = Pkt,
-     #state{parent = Pid}
-     = S) ->
-    Name = diameter_codec:msg_name(Hdr),
-    Pid ! {recv, self(), Name, Pkt},
-    diameter_stats:incr({msg_id(Name, Hdr), recv}), %% count received
-    rcv(Name, Pkt, S);
-
-recv(#diameter_packet{header = undefined,
-                      bin = Bin}
-     = Pkt,
-     S) ->
-    recv(Pkt#diameter_packet{header = diameter_codec:decode_header(Bin)}, S);
-
-recv(Bin, S)
-  when is_binary(Bin) ->
-    recv(#diameter_packet{bin = Bin}, S);
-
-recv(#diameter_packet{header = false} = Pkt, S) ->
-    discard(truncated_header, recv, [Pkt, S]).
-
-msg_id({_,_,_} = T, _) ->
-    T;
-msg_id(_, Hdr) ->
-    diameter_codec:msg_id(Hdr).
-
-%% Treat invalid length as a transport error and die. Especially in
-%% the TCP case, in which there's no telling where the next message
-%% begins in the incoming byte stream, keeping a crippled connection
-%% alive may just make things worse.
-
-discard(Reason, F, A) ->
-    diameter_stats:incr(Reason),
-    diameter_lib:warning_report(Reason, {?MODULE, F, A}),
-    throw({?MODULE, abort, Reason}).
-
-%% rcv/3
-
-%% Incoming CEA.
-rcv('CEA', Pkt, #state{state = 'Wait-CEA'} = S) ->
-    handle_CEA(Pkt, S);
-
-%% Incoming CER
-rcv('CER' = N, Pkt, #state{state = recv_CER} = S) ->
-    handle_request(N, Pkt, S);
-
-%% Anything but CER/CEA in a non-Open state is an error, as is
-%% CER/CEA in anything but recv_CER/Wait-CEA.
-rcv(Name, _, #state{state = PS} = S)
-  when PS /= 'Open';
-       Name == 'CER';
-       Name == 'CEA' ->
-    close({Name, PS}, S);
-
-rcv(N, Pkt, S)
-  when N == 'DWR';
-       N == 'DPR' ->
-    handle_request(N, Pkt, S);
-
-%% DPA even though we haven't sent DPR: ignore.
-rcv('DPA', _Pkt, #state{dpr = false}) ->
-    ok;
-
-%% DPA in response to DPR. We could check the sequence numbers but
-%% don't bother, just close.
-rcv('DPA' = N, _Pkt, #state{transport = TPid}) ->
-    diameter_peer:close(TPid),
-    {stop, N};
-
-rcv(_, _, _) ->
-    ok.
-
-%% send/2
-
-%% Msg here could be a #diameter_packet or a binary depending on who's
-%% sending. In particular, the watchdog will send DWR as a binary
-%% while messages coming from clients will be in a #diameter_packet.
-send(Pid, Msg) ->
-    diameter_stats:incr({diameter_codec:msg_id(Msg), send}),
-    diameter_peer:send(Pid, Msg).
-
-%% handle_request/3
-
-handle_request(Type, #diameter_packet{} = Pkt, S) ->
-    ?LOG(recv, Type),
-    send_answer(Type, diameter_codec:decode(?BASE, Pkt), S).
-
-%% send_answer/3
-
-send_answer(Type, ReqPkt, #state{transport = TPid} = S) ->
-    #diameter_packet{header = #diameter_header{version = V,
-                                               end_to_end_id = Eid,
-                                               hop_by_hop_id = Hid,
-                                               is_proxiable = P},
-                     transport_data = TD}
-        = ReqPkt,
-
-    {Answer, PostF} = build_answer(Type, V, ReqPkt, S),
-
-    Pkt = #diameter_packet{header = #diameter_header{version = V,
-                                                     end_to_end_id = Eid,
-                                                     hop_by_hop_id = Hid,
-                                                     is_proxiable = P},
-                           msg = Answer,
-                           transport_data = TD},
-
-    send(TPid, diameter_codec:encode(?BASE, Pkt)),
-    eval(PostF, S).
-
-eval([F|A], S) ->
-    apply(F, A ++ [S]);
-eval(ok, S) ->
-    S.
-
-%% build_answer/4
-
-build_answer('CER',
-             ?DIAMETER_VERSION,
-             #diameter_packet{msg = CER,
-                              header = #diameter_header{is_error = false},
-                              errors = []}
-             = Pkt,
-             #state{service = Svc}
-             = S) ->
-    #diameter_service{capabilities = #diameter_caps{origin_host = OH}}
-        = Svc,
-
-    {SupportedApps, #diameter_caps{origin_host = DH} = RCaps, CEA}
-        = recv_CER(CER, S),
-
-    try
-        [] == SupportedApps
-            andalso ?THROW({no_common_application, 5010}),
-        register_everywhere({?MODULE, connection, OH, DH})
-            orelse ?THROW({election_lost, 4003}),
-        {CEA, [fun open/4, Pkt, SupportedApps, RCaps]}
-    catch
-        ?FAILURE({Reason, RC}) ->
-            {answer('CER', S) ++ [{'Result-Code', RC}],
-             [fun close/2, {'CER', Reason, DH}]}
-    end;
-
-%% The error checks below are similar to those in diameter_service for
-%% other messages. Should factor out the commonality.
-
-build_answer(Type, V, #diameter_packet{header = H, errors = Es} = Pkt, S) ->
-    FailedAvp = failed_avp([A || {_,A} <- Es]),
-    Ans = answer(answer(Type, S), V, H, Es),
-    {set(Ans, FailedAvp), if 'CER' == Type ->
-                                  [fun close/2, {Type, V, Pkt}];
-                             true ->
-                                  ok
-                          end}.
-
-failed_avp([] = No) ->
-    No;
-failed_avp(Avps) ->
-    [{'Failed-AVP', [[{'AVP', Avps}]]}].
-
-set(Ans, []) ->
-    Ans;
-set(['answer-message' | _] = Ans, FailedAvp) ->
-    Ans ++ [{'AVP', [FailedAvp]}];
-set([_|_] = Ans, FailedAvp) ->
-    Ans ++ FailedAvp.
-
-answer([_, OH, OR | _], _, #diameter_header{is_error = true}, _) ->
-    ['answer-message', OH, OR, {'Result-Code', 3008}];
-
-answer([_, OH, OR | _], _, _, [Bs|_])
-  when is_bitstring(Bs) ->
-    ['answer-message', OH, OR, {'Result-Code', 3009}];
-
-answer(Ans, ?DIAMETER_VERSION, _, Es) ->
-    Ans ++ [{'Result-Code', rc(Es)}];
-
-answer(Ans, _, _, _) ->
-    Ans ++ [{'Result-Code', 5011}].  %% DIAMETER_UNSUPPORTED_VERSION
-
-rc([]) ->
-    2001;  %% DIAMETER_SUCCESS
-rc([{RC,_}|_]) ->
-    RC;
-rc([RC|_]) ->
-    RC.
-
-%%   DIAMETER_INVALID_HDR_BITS          3008
-%%      A request was received whose bits in the Diameter header were
-%%      either set to an invalid combination, or to a value that is
-%%      inconsistent with the command code's definition.
-
-%%   DIAMETER_INVALID_AVP_BITS          3009
-%%      A request was received that included an AVP whose flag bits are
-%%      set to an unrecognized value, or that is inconsistent with the
-%%      AVP's definition.
-
-%%   ELECTION_LOST                      4003
-%%      The peer has determined that it has lost the election process and
-%%      has therefore disconnected the transport connection.
-
-%%   DIAMETER_NO_COMMON_APPLICATION     5010
-%%      This error is returned when a CER message is received, and there
-%%      are no common applications supported between the peers.
-
-%%   DIAMETER_UNSUPPORTED_VERSION       5011
-%%      This error is returned when a request was received, whose version
-%%      number is unsupported.
-
-%% answer/2
-
-answer('DWR', _) ->
-    getr(dwa);
-
-answer(Name, #state{service = #diameter_service{capabilities = Caps}}) ->
-    a(Name, Caps).
-
-a('CER', #diameter_caps{vendor_id = Vid,
-                        origin_host = Host,
-                        origin_realm = Realm,
-                        host_ip_address = Addrs,
-                        product_name = Name}) ->
-    ['CEA', {'Origin-Host', Host},
-            {'Origin-Realm', Realm},
-            {'Host-IP-Address', Addrs},
-            {'Vendor-Id', Vid},
-            {'Product-Name', Name}];
-
-a('DPR', #diameter_caps{origin_host = Host,
-                        origin_realm = Realm}) ->
-    ['DPA', {'Origin-Host', Host},
-            {'Origin-Realm', Realm}].
-
-%% recv_CER/2
-
-recv_CER(CER, #state{service = Svc}) ->
-    {ok, T} = diameter_capx:recv_CER(CER, Svc),
-    T.
-
-%% handle_CEA/1
-
-handle_CEA(#diameter_packet{header = #diameter_header{version = V},
-                            bin = Bin}
-           = Pkt,
-           #state{service = Svc}
-           = S)
-  when is_binary(Bin) ->
-    ?LOG(recv, 'CEA'),
-
-    ?DIAMETER_VERSION == V orelse close({version, V}, S),
-
-    #diameter_packet{msg = CEA, errors = Errors}
-        = DPkt
-        = diameter_codec:decode(?BASE, Pkt),
-
-    [] == Errors orelse close({errors, Errors}, S),
-
-    {SApps, #diameter_caps{origin_host = DH} = RCaps} = recv_CEA(CEA, S),
-
-    %% Ensure that we don't already have a connection to the peer in
-    %% question. This isn't the peer election of 3588 except in the
-    %% sense that, since we don't know who we're talking to until we
-    %% receive a CER/CEA, the first that arrives wins the right to a
-    %% connection with the peer.
-
-    #diameter_service{capabilities = #diameter_caps{origin_host = OH}}
-        = Svc,
-
-    register_everywhere({?MODULE, connection, OH, DH})
-        orelse
-        close({'CEA', DH}, S),
-
-    open(DPkt, SApps, RCaps, S).
-
-%% recv_CEA/2
-
-recv_CEA(CEA, #state{service = Svc} = S) ->
-    case diameter_capx:recv_CEA(CEA, Svc) of
-        {ok, {[], _}} ->
-            close({'CEA', no_common_application}, S);
-        {ok, T} ->
-            T;
-        {error, Reason} ->
-            close({'CEA', Reason}, S)
-    end.
-
-%% open/4
-
-open(Pkt, SupportedApps, RCaps, #state{parent = Pid,
-                                       service = Svc}
-                                = S) ->
-    #diameter_service{capabilities = #diameter_caps{origin_host = OH}
-                                   = LCaps}
-        = Svc,
-    #diameter_caps{origin_host = DH}
-        = RCaps,
-    Pid ! {open, self(), {OH,DH}, {capz(LCaps, RCaps), SupportedApps, Pkt}},
-    S#state{state = 'Open'}.
-
-capz(#diameter_caps{} = L, #diameter_caps{} = R) ->
-    #diameter_caps{}
-        = list_to_tuple([diameter_caps | lists:zip(tl(tuple_to_list(L)),
-                                                   tl(tuple_to_list(R)))]).
-
-%% close/2
-
-%% Tell the watchdog that our death isn't due to transport failure.
-close(Reason, #state{parent = Pid}) ->
-    close_wd(Reason, Pid),
-    throw({?MODULE, close, Reason}).
-
-%% close_wd/2
-
-%% Ensure the watchdog dies if DPR has been sent ...
-close_wd(_, #state{dpr = false}) ->
-    ok;
-close_wd(Reason, #state{parent = Pid}) ->
-    close_wd(Reason, Pid);
-
-%% ... or otherwise
-close_wd(Reason, Pid) ->
-    Pid ! {close, self(), Reason}.
-
-%% dwa/1
-
-dwa(#diameter_caps{origin_host = OH,
-                   origin_realm = OR,
-                   origin_state_id = OSI}) ->
-    ['DWA', {'Origin-Host', OH},
-            {'Origin-Realm', OR},
-            {'Origin-State-Id', OSI}].
-
-%% dpr/2
-
-dpr(Cause, #state{transport = TPid,
-                  service = #diameter_service{capabilities = Caps}}
-           = S) ->
-    #diameter_caps{origin_host = OH,
-                   origin_realm = OR}
-        = Caps,
-
-    Bin = encode(['DPR', {'Origin-Host', OH},
-                         {'Origin-Realm', OR},
-                         {'Disconnect-Cause', Cause}]),
-    send(TPid, Bin),
-    dpa_timer(),
-    ?LOG(send, 'DPR'),
-    S#state{dpr = diameter_codec:sequence_numbers(Bin)}.
-
-dpa_timer() ->
-    erlang:send_after(?DPA_TIMEOUT, self(), dpa_timeout).
-
-%% register_everywhere/1
-%%
-%% Register a term and ensure it's not registered elsewhere. Note that
-%% two process that simultaneously register the same term may well
-%% both fail to do so this isn't foolproof.
-
-register_everywhere(T) ->
-    diameter_reg:add_new(T)
-        andalso unregistered(T).
-
-unregistered(T) ->
-    {ResL, _} = rpc:multicall(?MODULE, match, [{node(), T}]),
-    lists:all(fun(L) -> [] == L end, ResL).
-
-match({Node, _})
-  when Node == node() ->
-    [];
-match({_, T}) ->
-    try
-        diameter_reg:match(T)
-    catch
-        _:_ -> []
-    end.
diff --git a/lib/diameter/src/app/diameter_service.erl b/lib/diameter/src/app/diameter_service.erl
deleted file mode 100644
index 421e36ccf5..0000000000
--- a/lib/diameter/src/app/diameter_service.erl
+++ /dev/null
@@ -1,2903 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% Implements the process that represents a service.
-%%
-
--module(diameter_service).
--behaviour(gen_server).
-
--export([start/1,
-         stop/1,
-         start_transport/2,
-         stop_transport/2,
-         info/2,
-         call/4]).
-
-%% towards diameter_watchdog
--export([receive_message/3]).
-
-%% service supervisor
--export([start_link/1]).
-
--export([subscribe/1,
-         unsubscribe/1,
-         subscriptions/1,
-         subscriptions/0,
-         services/0,
-         services/1,
-         whois/1,
-         flush_stats/1]).
-
-%% test/debug
--export([call_module/3,
-         state/1,
-         uptime/1]).
-
-%%% gen_server callbacks
--export([init/1,
-         handle_call/3,
-         handle_cast/2,
-         handle_info/2,
-         terminate/2,
-         code_change/3]).
-
-%% Other callbacks.
--export([send/1]).
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
--include("diameter_types.hrl").
-
--define(STATE_UP,   up).
--define(STATE_DOWN, down).
-
--define(DEFAULT_TC,     30000).  %% RFC 3588 ch 2.1
--define(DEFAULT_TIMEOUT, 5000).  %% for outgoing requests
--define(RESTART_TC,      1000).  %% if restart was this recent
-
-%% Used to be able to swap this with anything else dict-like but now
-%% rely on the fact that a service's #state{} record does not change
-%% in storing in it ?STATE table and not always going through the
-%% service process. In particular, rely on the fact that operations on
-%% a ?Dict don't change the handle to it.
--define(Dict, diameter_dict).
-
-%% Table containing outgoing requests for which a reply has yet to be
-%% received.
--define(REQUEST_TABLE, diameter_request).
-
-%% Maintains state in a table. In contrast to previously, a service's
-%% stat is not constant and is accessed outside of the service
-%% process.
--define(STATE_TABLE, ?MODULE).
-
-%% Workaround for dialyzer's lack of understanding of match specs.
--type match(T)
-   :: T | '_' | '$1' | '$2' | '$3' | '$4'.
-
-%% State of service gen_server.
--record(state,
-        {id = now(),
-         service_name,      %% as passed to start_service/2, key in ?STATE_TABLE
-         service :: #diameter_service{},
-         peerT = ets_new(peers) :: ets:tid(), %% #peer{} at start_fsm
-         connT = ets_new(conns) :: ets:tid(), %% #conn{} at connection_up
-         share_peers = false :: boolean(), %% broadcast peers to remote nodes?
-         use_shared_peers = false :: boolean(),  %% use broadcasted peers?
-         shared_peers = ?Dict:new(),         %% Alias -> [{TPid, Caps}, ...]
-         local_peers = ?Dict:new(),          %% Alias -> [{TPid, Caps}, ...]
-         monitor = false :: false | pid()}). %% process to die with
-%% shared_peers reflects the peers broadcast from remote nodes. Note
-%% that the state term itself doesn't change, which is relevant for
-%% the stateless application callbacks since the state is retrieved
-%% from ?STATE_TABLE from outside the service process. The pid in the
-%% service record is used to determine whether or not we need to call
-%% the process for a pick_peer callback.
-
-%% Record representing a watchdog process.
--record(peer,
-        {pid  :: match(pid()),
-         type :: match(connect | accept),
-         ref  :: match(reference()),  %% key into diameter_config
-         options :: match([transport_opt()]), %% as passed to start_transport
-         op_state = ?STATE_DOWN :: match(?STATE_DOWN | ?STATE_UP),
-         started = now(),      %% at process start
-         conn = false :: match(boolean() | pid())}).
-                      %% true at accept, pid() at connection_up (connT key)
-
-%% Record representing a peer_fsm process.
--record(conn,
-        {pid   :: pid(),
-         apps  :: [{0..16#FFFFFFFF, app_alias()}], %% {Id, Alias}
-         caps  :: #diameter_caps{},
-         started = now(),  %% at process start
-         peer  :: pid()}). %% key into peerT
-
-%% Record stored in diameter_request for each outgoing request.
--record(request,
-        {from,               %% arg 2 of handle_call/3
-         handler    :: match(pid()), %% request process
-         transport  :: match(pid()), %% peer process
-         caps       :: match(#diameter_caps{}),
-         app        :: match(app_alias()),  %% #diameter_app.alias
-         dictionary :: match(module()),     %% #diameter_app.dictionary
-         module     :: match(nonempty_improper_list(module(), list())),
-                    %% #diameter_app.module
-         filter     :: match(peer_filter()),
-         packet     :: match(#diameter_packet{})}).
-
-%% Record call/4 options are parsed into.
--record(options,
-        {filter = none  :: peer_filter(),
-         extra = []     :: list(),
-         timeout = ?DEFAULT_TIMEOUT :: 0..16#FFFFFFFF,
-         detach = false :: boolean()}).
-
-%% Since RFC 3588 requires that a Diameter agent not modify End-to-End
-%% Identifiers, the possibility of explicitly setting an End-to-End
-%% Identifier would be needed to be able to implement an agent in
-%% which one side of the communication is not implemented on top of
-%% diameter. For example, Diameter being sent or received encapsulated
-%% in some other protocol, or even another Diameter stack in a
-%% non-Erlang environment. (Not that this is likely to be a normal
-%% case.)
-%%
-%% The implemented solution is not an option but to respect any header
-%% values set in a diameter_header record returned from a
-%% prepare_request callback. A call to diameter:call/4 can communicate
-%% values to the callback using the 'extra' option if so desired.
-
-%%% ---------------------------------------------------------------------------
-%%% # start(SvcName)
-%%% ---------------------------------------------------------------------------
-
-start(SvcName) ->
-    diameter_service_sup:start_child(SvcName).
-
-start_link(SvcName) ->
-    Options = [{spawn_opt, diameter_lib:spawn_opts(server, [])}],
-    gen_server:start_link(?MODULE, [SvcName], Options).
-%% Put the arbitrary term SvcName in a list in case we ever want to
-%% send more than this and need to distinguish old from new.
-
-%%% ---------------------------------------------------------------------------
-%%% # stop(SvcName)
-%%% ---------------------------------------------------------------------------
-
-stop(SvcName) ->
-    case whois(SvcName) of
-        undefined ->
-            {error, not_started};
-        Pid ->
-            stop(call_service(Pid, stop), Pid)
-    end.
-
-stop(ok, Pid) ->
-    MRef = erlang:monitor(process, Pid),
-    receive {'DOWN', MRef, process, _, _} -> ok end;
-stop(No, _) ->
-    No.
-
-%%% ---------------------------------------------------------------------------
-%%% # start_transport(SvcName, {Ref, Type, Opts})
-%%% ---------------------------------------------------------------------------
-
-start_transport(SvcName, {_,_,_} = T) ->
-    call_service_by_name(SvcName, {start, T}).
-
-%%% ---------------------------------------------------------------------------
-%%% # stop_transport(SvcName, Refs)
-%%% ---------------------------------------------------------------------------
-
-stop_transport(_, []) ->
-    ok;
-stop_transport(SvcName, [_|_] = Refs) ->
-    call_service_by_name(SvcName, {stop, Refs}).
-
-%%% ---------------------------------------------------------------------------
-%%% # info(SvcName, Item)
-%%% ---------------------------------------------------------------------------
-
-info(SvcName, Item) ->
-    info_rc(call_service_by_name(SvcName, {info, Item})).
-
-info_rc({error, _}) ->
-    undefined;
-info_rc(Info) ->
-    Info.
-
-%%% ---------------------------------------------------------------------------
-%%% # receive_message(TPid, Pkt, MessageData)
-%%% ---------------------------------------------------------------------------
-
-%% Handle an incoming message in the watchdog process. This used to
-%% come through the service process but this avoids that becoming a
-%% bottleneck.
-
-receive_message(TPid, Pkt, T)
-  when is_pid(TPid) ->
-    #diameter_packet{header = #diameter_header{is_request = R}} = Pkt,
-    recv(R, (not R) andalso lookup_request(Pkt, TPid), TPid, Pkt, T).
-
-%% Incoming request ...
-recv(true, false, TPid, Pkt, T) ->
-    try
-        spawn(fun() -> recv_request(TPid, Pkt, T) end)
-    catch
-        error: system_limit = E ->  %% discard
-            ?LOG({error, E}, now())
-    end;
-
-%% ... answer to known request ...
-recv(false, #request{from = {_, Ref}, handler = Pid} = Req, _, Pkt, _) ->
-    Pid ! {answer, Ref, Req, Pkt};
-%% Note that failover could have happened prior to this message being
-%% received and triggering failback. That is, both a failover message
-%% and answer may be on their way to the handler process. In the worst
-%% case the request process gets notification of the failover and
-%% sends to the alternate peer before an answer arrives, so it's
-%% always the case that we can receive more than one answer after
-%% failover. The first answer received by the request process wins,
-%% any others are discarded.
-
-%% ... or not.
-recv(false, false, _, _, _) ->
-    ok.
-
-%%% ---------------------------------------------------------------------------
-%%% # call(SvcName, App, Msg, Options)
-%%% ---------------------------------------------------------------------------
-
-call(SvcName, App, Msg, Options)
-  when is_list(Options) ->
-    Rec = make_options(Options),
-    Ref = make_ref(),
-    Caller = {self(), Ref},
-    Fun = fun() -> exit({Ref, call(SvcName, App, Msg, Rec, Caller)}) end,
-    try spawn_monitor(Fun) of
-        {_, MRef} ->
-            recv(MRef, Ref, Rec#options.detach, false)
-    catch
-        error: system_limit = E ->
-            {error, E}
-    end.
-
-%% Don't rely on gen_server:call/3 for the timeout handling since it
-%% makes no guarantees about not leaving a reply message in the
-%% mailbox if we catch its exit at timeout. It currently *can* do so,
-%% which is also undocumented.
-
-recv(MRef, _, true, true) ->
-    erlang:demonitor(MRef, [flush]),
-    ok;
-
-recv(MRef, Ref, Detach, Sent) ->
-    receive
-        Ref ->  %% send has been attempted
-            recv(MRef, Ref, Detach, true);
-        {'DOWN', MRef, process, _, Reason} ->
-            call_rc(Reason, Ref, Sent)
-    end.
-
-%% call/5 has returned ...
-call_rc({Ref, Ans}, Ref, _) ->
-    Ans;
-
-%% ... or not. In this case failure/encode are documented.
-call_rc(_, _, Sent) ->
-    {error, choose(Sent, failure, encode)}.
-
-%% call/5
-%%
-%% In the process spawned for the outgoing request.
-
-call(SvcName, App, Msg, Opts, Caller) ->
-    c(ets:lookup(?STATE_TABLE, SvcName), App, Msg, Opts, Caller).
-
-c([#state{service_name = SvcName} = S], App, Msg, Opts, Caller) ->
-    case find_transport(App, Msg, Opts, S) of
-        {_,_,_} = T ->
-            send_request(T, Msg, Opts, Caller, SvcName);
-        false ->
-            {error, no_connection};
-        {error, _} = No ->
-            No
-    end;
-
-c([], _, _, _, _) ->
-    {error, no_service}.
-
-%% make_options/1
-
-make_options(Options) ->
-    lists:foldl(fun mo/2, #options{}, Options).
-
-mo({timeout, T}, Rec)
-  when is_integer(T), 0 =< T ->
-    Rec#options{timeout = T};
-
-mo({filter, F}, #options{filter = none} = Rec) ->
-    Rec#options{filter = F};
-mo({filter, F}, #options{filter = {all, Fs}} = Rec) ->
-    Rec#options{filter = {all, [F | Fs]}};
-mo({filter, F}, #options{filter = F0} = Rec) ->
-    Rec#options{filter = {all, [F0, F]}};
-
-mo({extra, L}, #options{extra = X} = Rec)
-  when is_list(L) ->
-    Rec#options{extra = X ++ L};
-
-mo(detach, Rec) ->
-    Rec#options{detach = true};
-
-mo(T, _) ->
-    ?ERROR({invalid_option, T}).
-
-%%% ---------------------------------------------------------------------------
-%%% # subscribe(SvcName)
-%%% # unsubscribe(SvcName)
-%%% ---------------------------------------------------------------------------
-
-subscribe(SvcName) ->
-    diameter_reg:add({?MODULE, subscriber, SvcName}).
-
-unsubscribe(SvcName) ->
-    diameter_reg:del({?MODULE, subscriber, SvcName}).
-
-subscriptions(Pat) ->
-    pmap(diameter_reg:match({?MODULE, subscriber, Pat})).
-
-subscriptions() ->
-    subscriptions('_').
-
-pmap(Props) ->
-    lists:map(fun({{?MODULE, _, Name}, Pid}) -> {Name, Pid} end, Props).
-
-%%% ---------------------------------------------------------------------------
-%%% # services(Pattern)
-%%% ---------------------------------------------------------------------------
-
-services(Pat) ->
-    pmap(diameter_reg:match({?MODULE, service, Pat})).
-
-services() ->
-    services('_').
-
-whois(SvcName) ->
-    case diameter_reg:match({?MODULE, service, SvcName}) of
-        [{_, Pid}] ->
-            Pid;
-        [] ->
-            undefined
-    end.
-
-%%% ---------------------------------------------------------------------------
-%%% # flush_stats/1
-%%%
-%%% Output: list of {{SvcName, Alias, Counter}, Value}
-%%% ---------------------------------------------------------------------------
-
-flush_stats(TPid) ->
-    diameter_stats:flush(TPid).
-
-%% ===========================================================================
-%% ===========================================================================
-
-state(Svc) ->
-    call_service(Svc, state).
-
-uptime(Svc) ->
-    call_service(Svc, uptime).
-
-%% call_module/3
-
-call_module(Service, AppMod, Request) ->
-    call_service(Service, {call_module, AppMod, Request}).
-
-%%% ---------------------------------------------------------------------------
-%%% # init([SvcName])
-%%% ---------------------------------------------------------------------------
-
-init([SvcName]) ->
-    process_flag(trap_exit, true),  %% ensure terminate(shutdown, _)
-    i(SvcName, diameter_reg:add_new({?MODULE, service, SvcName})).
-
-i(SvcName, true) ->
-    {ok, i(SvcName)};
-i(_, false) ->
-    {stop, {shutdown, already_started}}.
-
-%%% ---------------------------------------------------------------------------
-%%% # handle_call(Req, From, State)
-%%% ---------------------------------------------------------------------------
-
-handle_call(state, _, S) ->
-    {reply, S, S};
-
-handle_call(uptime, _, #state{id = T} = S) ->
-    {reply, diameter_lib:now_diff(T), S};
-
-%% Start a transport.
-handle_call({start, {Ref, Type, Opts}}, _From, S) ->
-    {reply, start(Ref, {Type, Opts}, S), S};
-
-%% Stop transports.
-handle_call({stop, Refs}, _From, S) ->
-    shutdown(Refs, S),
-    {reply, ok, S};
-
-%% pick_peer with mutable state
-handle_call({pick_peer, Local, Remote, App}, _From, S) ->
-    #diameter_app{mutable = true} = App,  %% assert
-    {reply, pick_peer(Local, Remote, self(), S#state.service_name, App), S};
-
-handle_call({call_module, AppMod, Req}, From, S) ->
-    call_module(AppMod, Req, From, S);
-
-handle_call({info, Item}, _From, S) ->
-    {reply, service_info(Item, S), S};
-
-handle_call(stop, _From, S) ->
-    shutdown(S),
-    {stop, normal, ok, S};
-%% The server currently isn't guaranteed to be dead when the caller
-%% gets the reply. We deal with this in the call to the server,
-%% stating a monitor that waits for DOWN before returning.
-
-handle_call(Req, From, S) ->
-    unexpected(handle_call, [Req, From], S),
-    {reply, nok, S}.
-
-%%% ---------------------------------------------------------------------------
-%%% # handle_cast(Req, State)
-%%% ---------------------------------------------------------------------------
-
-handle_cast(Req, S) ->
-    unexpected(handle_cast, [Req], S),
-    {noreply, S}.
-
-%%% ---------------------------------------------------------------------------
-%%% # handle_info(Req, State)
-%%% ---------------------------------------------------------------------------
-
-handle_info(T,S) ->
-    case transition(T,S) of
-        ok ->
-            {noreply, S};
-        #state{} = NS ->
-            {noreply, NS};
-        {stop, Reason} ->
-            {stop, {shutdown, Reason}, S}
-    end.
-
-%% transition/2
-
-%% Peer process is telling us to start a new accept process.
-transition({accepted, Pid, TPid}, S) ->
-    accepted(Pid, TPid, S),
-    ok;
-
-%% Peer process has a new open connection.
-transition({connection_up, Pid, T}, S) ->
-    connection_up(Pid, T, S);
-
-%% Peer process has left state open.
-transition({connection_down, Pid}, S) ->
-    connection_down(Pid, S);
-
-%% Peer process has returned to state open.
-transition({connection_up, Pid}, S) ->
-    connection_up(Pid, S);
-
-%% Accepting transport has lost connectivity.
-transition({close, Pid}, S) ->
-    close(Pid, S),
-    ok;
-
-%% Connecting transport is being restarted by watchdog.
-transition({reconnect, Pid}, S) ->
-    reconnect(Pid, S),
-    ok;
-
-%% Monitor process has died. Just die with a reason that tells
-%% diameter_config about the happening. If a cleaner shutdown is
-%% required then someone should stop us.
-transition({'DOWN', MRef, process, _, Reason}, #state{monitor = MRef}) ->
-    {stop, {monitor, Reason}};
-
-%% Local peer process has died.
-transition({'DOWN', _, process, Pid, Reason}, S)
-  when node(Pid) == node() ->
-    peer_down(Pid, Reason, S);
-
-%% Remote service wants to know about shared transports.
-transition({service, Pid}, S) ->
-    share_peers(Pid, S),
-    ok;
-
-%% Remote service is communicating a shared peer.
-transition({peer, TPid, Aliases, Caps}, S) ->
-    remote_peer_up(TPid, Aliases, Caps, S);
-
-%% Remote peer process has died.
-transition({'DOWN', _, process, TPid, _}, S) ->
-    remote_peer_down(TPid, S);
-
-%% Restart after tc expiry.
-transition({tc_timeout, T}, S) ->
-    tc_timeout(T, S),
-    ok;
-
-%% Request process is telling us it may have missed a failover message
-%% after a transport went down and the service process looked up
-%% outstanding requests.
-transition({failover, TRef, Seqs}, S) ->
-    failover(TRef, Seqs, S),
-    ok;
-
-transition(Req, S) ->
-    unexpected(handle_info, [Req], S),
-    ok.
-
-%%% ---------------------------------------------------------------------------
-%%% # terminate(Reason, State)
-%%% ---------------------------------------------------------------------------
-
-terminate(Reason, #state{service_name = Name} = S) ->
-    ets:delete(?STATE_TABLE, Name),
-    shutdown == Reason  %% application shutdown
-        andalso shutdown(S).
-
-%%% ---------------------------------------------------------------------------
-%%% # code_change(FromVsn, State, Extra)
-%%% ---------------------------------------------------------------------------
-
-code_change(FromVsn,
-            #state{service_name = SvcName,
-                   service = #diameter_service{applications = Apps}}
-            = S,
-            Extra) ->
-    lists:foreach(fun(A) ->
-                          code_change(FromVsn, SvcName, Extra, A)
-                  end,
-                  Apps),
-    {ok, S}.
-
-code_change(FromVsn, SvcName, Extra, #diameter_app{alias = Alias} = A) ->
-    {ok, S} = cb(A, code_change, [FromVsn,
-                                  mod_state(Alias),
-                                  Extra,
-                                  SvcName]),
-    mod_state(Alias, S).
-
-%% ===========================================================================
-%% ===========================================================================
-
-unexpected(F, A, #state{service_name = Name}) ->
-    ?UNEXPECTED(F, A ++ [Name]).
-
-cb([_|_] = M, F, A) ->
-    eval(M, F, A);
-cb(Rec, F, A) ->
-    {_, M} = app(Rec),
-    eval(M, F, A).
-
-app(#request{app = A, module = M}) ->
-    {A,M};
-app(#diameter_app{alias = A, module = M}) ->
-    {A,M}.
-
-eval([M|X], F, A) ->
-    apply(M, F, A ++ X).
-
-%% Callback with state.
-
-state_cb(#diameter_app{mutable = false, init_state = S}, {ModX, F, A}) ->
-    eval(ModX, F, A ++ [S]);
-
-state_cb(#diameter_app{mutable = true, alias = Alias}, {_,_,_} = MFA) ->
-    state_cb(MFA, Alias);
-
-state_cb({ModX,F,A}, Alias)
-  when is_list(ModX) ->
-    eval(ModX, F, A ++ [mod_state(Alias)]).
-
-choose(true, X, _)  -> X;
-choose(false, _, X) -> X.
-
-ets_new(Tbl) ->
-    ets:new(Tbl, [{keypos, 2}]).
-
-insert(Tbl, Rec) ->
-    ets:insert(Tbl, Rec),
-    Rec.
-
-monitor(Pid) ->
-    erlang:monitor(process, Pid),
-    Pid.
-
-%% Using the process dictionary for the callback state was initially
-%% just a way to make what was horrendous trace (big state record and
-%% much else everywhere) somewhat more readable. There's not as much
-%% need for it now but it's no worse (except possibly that we don't
-%% see the table identifier being passed around) than an ets table so
-%% keep it.
-
-mod_state(Alias) ->
-    get({?MODULE, mod_state, Alias}).
-
-mod_state(Alias, ModS) ->
-    put({?MODULE, mod_state, Alias}, ModS).
-
-%% have_transport/2
-
-have_transport(SvcName, Ref) ->
-    [] /= diameter_config:have_transport(SvcName, Ref).
-
-%%% ---------------------------------------------------------------------------
-%%% # shutdown/2
-%%% ---------------------------------------------------------------------------
-
-shutdown(Refs, #state{peerT = PeerT}) ->
-    ets:foldl(fun(P,ok) -> s(P, Refs), ok end, ok, PeerT).
-
-s(#peer{ref = Ref, pid = Pid}, Refs) ->
-    s(lists:member(Ref, Refs), Pid);
-
-s(true, Pid) ->
-    Pid ! {shutdown, self()};  %% 'DOWN' will cleanup as usual
-s(false, _) ->
-    ok.
-
-%%% ---------------------------------------------------------------------------
-%%% # shutdown/1
-%%% ---------------------------------------------------------------------------
-
-shutdown(#state{peerT = PeerT}) ->
-    %% A transport might not be alive to receive the shutdown request
-    %% but give those that are a chance to shutdown gracefully.
-    wait(fun st/2, PeerT),
-    %% Kill the watchdogs explicitly in case there was no transport.
-    wait(fun sw/2, PeerT).
-
-wait(Fun, T) ->
-    diameter_lib:wait(ets:foldl(Fun, [], T)).
-
-st(#peer{conn = B}, Acc)
-  when is_boolean(B) ->
-    Acc;
-st(#peer{conn = Pid}, Acc) ->
-    Pid ! shutdown,
-    [Pid | Acc].
-
-sw(#peer{pid = Pid}, Acc) ->
-    exit(Pid, shutdown),
-    [Pid | Acc].
-
-%%% ---------------------------------------------------------------------------
-%%% # call_service/2
-%%% ---------------------------------------------------------------------------
-
-call_service(Pid, Req)
-  when is_pid(Pid) ->
-    cs(Pid, Req);
-call_service(SvcName, Req) ->
-    call_service_by_name(SvcName, Req).
-
-call_service_by_name(SvcName, Req) ->
-    cs(whois(SvcName), Req).
-
-cs(Pid, Req)
-  when is_pid(Pid) ->
-    try
-        gen_server:call(Pid, Req, infinity)
-    catch
-        E: Reason when E == exit ->
-            {error, {E, Reason}}
-    end;
-
-cs(undefined, _) ->
-    {error, no_service}.
-
-%%% ---------------------------------------------------------------------------
-%%% # i/1
-%%%
-%%% Output: #state{}
-%%% ---------------------------------------------------------------------------
-
-%% Intialize the state of a service gen_server.
-
-i(SvcName) ->
-    %% Split the config into a server state and a list of transports.
-    {#state{} = S, CL} = lists:foldl(fun cfg_acc/2,
-                                     {false, []},
-                                     diameter_config:lookup(SvcName)),
-
-    %% Publish the state in order to be able to access it outside of
-    %% the service process. Originally table identifiers were only
-    %% known to the service process but we now want to provide the
-    %% option of application callbacks being 'stateless' in order to
-    %% avoid having to go through a common process. (Eg. An agent that
-    %% sends a request for every incoming request.)
-    true = ets:insert_new(?STATE_TABLE, S),
-
-    %% Start fsms for each transport.
-    lists:foreach(fun(T) -> start_fsm(T,S) end, CL),
-
-    init_shared(S),
-    S.
-
-cfg_acc({SvcName, #diameter_service{applications = Apps} = Rec, Opts},
-        {false, Acc}) ->
-    lists:foreach(fun init_mod/1, Apps),
-    S = #state{service_name = SvcName,
-               service = Rec#diameter_service{pid = self()},
-               share_peers = get_value(share_peers, Opts),
-               use_shared_peers = get_value(use_shared_peers, Opts),
-               monitor = mref(get_value(monitor, Opts))},
-    {S, Acc};
-
-cfg_acc({_Ref, Type, _Opts} = T, {S, Acc})
-  when Type == connect;
-       Type == listen ->
-    {S, [T | Acc]}.
-
-mref(false = No) ->
-    No;
-mref(P) ->
-    erlang:monitor(process, P).
-
-init_shared(#state{use_shared_peers = true,
-                   service_name = Svc}) ->
-    diameter_peer:notify(Svc, {service, self()});
-init_shared(#state{use_shared_peers = false}) ->
-    ok.
-
-init_mod(#diameter_app{alias = Alias,
-                       init_state = S}) ->
-    mod_state(Alias, S).
-
-start_fsm({Ref, Type, Opts}, S) ->
-    start(Ref, {Type, Opts}, S).
-
-get_value(Key, Vs) ->
-    {_, V} = lists:keyfind(Key, 1, Vs),
-    V.
-
-%%% ---------------------------------------------------------------------------
-%%% # start/3
-%%% ---------------------------------------------------------------------------
-
-%% If the initial start/3 at service/transport start succeeds then
-%% subsequent calls to start/4 on the same service will also succeed
-%% since they involve the same call to merge_service/2. We merge here
-%% rather than earlier since the service may not yet be configured
-%% when the transport is configured.
-
-start(Ref, {T, Opts}, S)
-  when T == connect;
-       T == listen ->
-    try
-        {ok, start(Ref, type(T), Opts, S)}
-    catch
-        ?FAILURE(Reason) ->
-            {error, Reason}
-    end.
-%% TODO: don't actually raise any errors yet
-
-%% There used to be a difference here between the handling of
-%% configured listening and connecting transports but now we simply
-%% tell the transport_module to start an accepting or connecting
-%% process respectively, the transport implementation initiating
-%% listening on a port as required.
-type(listen)      -> accept;
-type(accept)      -> listen;
-type(connect = T) -> T.
-
-%% start/4
-
-start(Ref, Type, Opts, #state{peerT = PeerT,
-                              connT = ConnT,
-                              service_name = SvcName,
-                              service = Svc})
-  when Type == connect;
-       Type == accept ->
-    Pid = monitor(s(Type, Ref, {ConnT,
-                                Opts,
-                                SvcName,
-                                merge_service(Opts, Svc)})),
-    insert(PeerT, #peer{pid = Pid,
-                        type = Type,
-                        ref = Ref,
-                        options = Opts}),
-    Pid.
-
-%% Note that the service record passed into the watchdog is the merged
-%% record so that each watchdog (and peer_fsm) may get a different
-%% record. This record is what is passed back into application
-%% callbacks.
-
-s(Type, Ref, T) ->
-    diameter_watchdog:start({Type, Ref}, T).
-
-%% merge_service/2
-
-merge_service(Opts, Svc) ->
-    lists:foldl(fun ms/2, Svc, Opts).
-
-%% Limit the applications known to the fsm to those in the 'apps'
-%% option. That this might be empty is checked by the fsm. It's not
-%% checked at config-time since there's no requirement that the
-%% service be configured first. (Which could be considered a bit odd.)
-ms({applications, As}, #diameter_service{applications = Apps} = S)
-  when is_list(As) ->
-    S#diameter_service{applications
-                       = [A || A <- Apps,
-                               lists:member(A#diameter_app.alias, As)]};
-
-%% The fact that all capabilities can be configured on the transports
-%% means that the service doesn't necessarily represent a single
-%% locally implemented Diameter peer as identified by Origin-Host: a
-%% transport can configure its own Origin-Host. This means that the
-%% service little more than a placeholder for default capabilities
-%% plus a list of applications that individual transports can choose
-%% to support (or not).
-ms({capabilities, Opts}, #diameter_service{capabilities = Caps0} = Svc)
-  when is_list(Opts) ->
-    %% make_caps has already succeeded in diameter_config so it will succeed
-    %% again here.
-    {ok, Caps} = diameter_capx:make_caps(Caps0, Opts),
-    Svc#diameter_service{capabilities = Caps};
-
-ms(_, Svc) ->
-    Svc.
-
-%%% ---------------------------------------------------------------------------
-%%% # accepted/3
-%%% ---------------------------------------------------------------------------
-
-accepted(Pid, _TPid, #state{peerT = PeerT} = S) ->
-    #peer{ref = Ref, type = accept = T, conn = false, options = Opts}
-        = P
-        = fetch(PeerT, Pid),
-    insert(PeerT, P#peer{conn = true}),  %% mark replacement transport started
-    start(Ref, T, Opts, S).              %% start new peer
-
-fetch(Tid, Key) ->
-    [T] = ets:lookup(Tid, Key),
-    T.
-
-%%% ---------------------------------------------------------------------------
-%%% # connection_up/3
-%%%
-%%% Output: #state{}
-%%% ---------------------------------------------------------------------------
-
-%% Peer process has reached the open state.
-
-connection_up(Pid, {TPid, {Caps, SApps, Pkt}}, #state{peerT = PeerT,
-                                                      connT = ConnT}
-                                               = S) ->
-    P = fetch(PeerT, Pid),
-    C = #conn{pid = TPid,
-              apps = SApps,
-              caps = Caps,
-              peer = Pid},
-
-    insert(ConnT, C),
-    connection_up([Pkt], P#peer{conn = TPid}, C, S).
-
-%%% ---------------------------------------------------------------------------
-%%% # connection_up/2
-%%%
-%%% Output: #state{}
-%%% ---------------------------------------------------------------------------
-
-%% Peer process has transitioned back into the open state. Note that there
-%% has been no new capabilties exchange in this case.
-
-connection_up(Pid, #state{peerT = PeerT,
-                          connT = ConnT}
-                   = S) ->
-    #peer{conn = TPid} = P = fetch(PeerT, Pid),
-    C = fetch(ConnT, TPid),
-    connection_up([], P, C, S).
-
-%% connection_up/4
-
-connection_up(T, P, C, #state{peerT = PeerT,
-                              local_peers = LDict,
-                              service_name = SvcName,
-                              service
-                              = #diameter_service{applications = Apps}}
-                       = S) ->
-    #peer{conn = TPid, op_state = ?STATE_DOWN}
-        = P,
-    #conn{apps = SApps, caps = Caps}
-        = C,
-
-    insert(PeerT, P#peer{op_state = ?STATE_UP}),
-
-    request_peer_up(TPid),
-    report_status(up, P, C, S, T),
-    S#state{local_peers = insert_local_peer(SApps,
-                                            {{TPid, Caps}, {SvcName, Apps}},
-                                            LDict)}.
-
-insert_local_peer(SApps, T, LDict) ->
-    lists:foldl(fun(A,D) -> ilp(A, T, D) end, LDict, SApps).
-
-ilp({Id, Alias}, {TC, SA}, LDict) ->
-    init_conn(Id, Alias, TC, SA),
-    ?Dict:append(Alias, TC, LDict).
-
-init_conn(Id, Alias, TC, {SvcName, Apps}) ->
-    #diameter_app{module = ModX,
-                  id = Id}  %% assert
-        = find_app(Alias, Apps),
-
-    peer_cb({ModX, peer_up, [SvcName, TC]}, Alias).
-
-find_app(Alias, Apps) ->
-    lists:keyfind(Alias, #diameter_app.alias, Apps).
-
-%% A failing peer callback brings down the service. In the case of
-%% peer_up we could just kill the transport and emit an error but for
-%% peer_down we have no way to cleanup any state change that peer_up
-%% may have introduced.
-peer_cb(MFA, Alias) ->
-    try state_cb(MFA, Alias) of
-        ModS ->
-            mod_state(Alias, ModS)
-    catch
-        E: Reason ->
-            ?ERROR({E, Reason, MFA, ?STACK})
-    end.
-
-%%% ---------------------------------------------------------------------------
-%%% # connection_down/2
-%%%
-%%% Output: #state{}
-%%% ---------------------------------------------------------------------------
-
-%% Peer process has transitioned out of the open state.
-
-connection_down(Pid, #state{peerT = PeerT,
-                            connT = ConnT}
-                     = S) ->
-    #peer{conn = TPid}
-        = P
-        = fetch(PeerT, Pid),
-
-    C = fetch(ConnT, TPid),
-    insert(PeerT, P#peer{op_state = ?STATE_DOWN}),
-    connection_down(P,C,S).
-
-%% connection_down/3
-
-connection_down(#peer{conn = TPid,
-                      op_state = ?STATE_UP}
-                = P,
-                #conn{caps = Caps,
-                      apps = SApps}
-                = C,
-                #state{service_name = SvcName,
-                       service = #diameter_service{applications = Apps},
-                       local_peers = LDict}
-                = S) ->
-    report_status(down, P, C, S, []),
-    NewS = S#state{local_peers
-                   = remove_local_peer(SApps,
-                                       {{TPid, Caps}, {SvcName, Apps}},
-                                       LDict)},
-    request_peer_down(TPid, NewS),
-    NewS.
-
-remove_local_peer(SApps, T, LDict) ->
-    lists:foldl(fun(A,D) -> rlp(A, T, D) end, LDict, SApps).
-
-rlp({Id, Alias}, {TC, SA}, LDict) ->
-    L = ?Dict:fetch(Alias, LDict),
-    down_conn(Id, Alias, TC, SA),
-    ?Dict:store(Alias, lists:delete(TC, L), LDict).
-
-down_conn(Id, Alias, TC, {SvcName, Apps}) ->
-    #diameter_app{module = ModX,
-                  id = Id}  %% assert
-        = find_app(Alias, Apps),
-
-    peer_cb({ModX, peer_down, [SvcName, TC]}, Alias).
-
-%%% ---------------------------------------------------------------------------
-%%% # peer_down/3
-%%%
-%%% Output: #state{}
-%%% ---------------------------------------------------------------------------
-
-%% Peer process has died.
-
-peer_down(Pid, _Reason, #state{peerT = PeerT} = S) ->
-    P = fetch(PeerT, Pid),
-    ets:delete_object(PeerT, P),
-    restart(P,S),
-    peer_down(P,S).
-
-%% peer_down/2
-
-%% The peer has never come up ...
-peer_down(#peer{conn = B}, S)
-  when is_boolean(B) ->
-    S;
-
-%% ... or it has.
-peer_down(#peer{ref = Ref,
-                conn = TPid,
-                type = Type,
-                options = Opts}
-          = P,
-          #state{service_name = SvcName,
-                 connT = ConnT}
-          = S) ->
-    #conn{caps = Caps}
-        = C
-        = fetch(ConnT, TPid),
-    ets:delete_object(ConnT, C),
-    try
-        pd(P,C,S)
-    after
-        send_event(SvcName, {closed, Ref, {TPid, Caps}, {type(Type), Opts}})
-    end.
-
-pd(#peer{op_state = ?STATE_DOWN}, _, S) ->
-    S;
-pd(#peer{op_state = ?STATE_UP} = P, C, S) ->
-    connection_down(P,C,S).
-
-%% restart/2
-
-restart(P,S) ->
-    q_restart(restart(P), S).
-
-%% restart/1
-
-%% Always try to reconnect.
-restart(#peer{ref = Ref,
-              type = connect = T,
-              options = Opts,
-              started = Time}) ->
-    {Time, {Ref, T, Opts}};
-
-%% Transport connection hasn't yet been accepted ...
-restart(#peer{ref = Ref,
-              type = accept = T,
-              options = Opts,
-              conn = false,
-              started = Time}) ->
-    {Time, {Ref, T, Opts}};
-
-%% ... or it has: a replacement transport has already been spawned.
-restart(#peer{type = accept}) ->
-    false.
-
-%% q_restart/2
-
-%% Start the reconnect timer.
-q_restart({Time, {_Ref, Type, Opts} = T}, S) ->
-    start_tc(tc(Time, default_tc(Type, Opts)), T, S);
-q_restart(false, _) ->
-    ok.
-
-%% RFC 3588, 2.1:
-%%
-%%   When no transport connection exists with a peer, an attempt to
-%%   connect SHOULD be periodically made.  This behavior is handled via
-%%   the Tc timer, whose recommended value is 30 seconds.  There are
-%%   certain exceptions to this rule, such as when a peer has terminated
-%%   the transport connection stating that it does not wish to
-%%   communicate.
-
-default_tc(connect, Opts) ->
-    proplists:get_value(reconnect_timer, Opts, ?DEFAULT_TC);
-default_tc(accept, _) ->
-    0.
-
-%% Bound tc below if the peer was restarted recently to avoid
-%% continuous in case of faulty config or other problems.
-tc(Time, Tc) ->
-    choose(Tc > ?RESTART_TC
-             orelse timer:now_diff(now(), Time) > 1000*?RESTART_TC,
-           Tc,
-           ?RESTART_TC).
-
-start_tc(0, T, S) ->
-    tc_timeout(T, S);
-start_tc(Tc, T, _) ->
-    erlang:send_after(Tc, self(), {tc_timeout, T}).
-
-%% tc_timeout/2
-
-tc_timeout({Ref, _Type, _Opts} = T, #state{service_name = SvcName} = S) ->
-    tc(have_transport(SvcName, Ref), T, S).
-
-tc(true, {Ref, Type, Opts}, #state{service_name = SvcName}
-                            = S) ->
-    send_event(SvcName, {reconnect, Ref, Opts}),
-    start(Ref, Type, Opts, S);
-tc(false = No, _, _) ->  %% removed
-    No.
-
-%%% ---------------------------------------------------------------------------
-%%% # close/2
-%%% ---------------------------------------------------------------------------
-
-%% The watchdog doesn't start a new fsm in the accept case, it
-%% simply stays alive until someone tells it to die in order for
-%% another watchdog to be able to detect that it should transition
-%% from initial into reopen rather than okay. That someone is either
-%% the accepting watchdog upon reception of a CER from the previously
-%% connected peer, or us after reconnect_timer timeout.
-
-close(Pid, #state{service_name = SvcName,
-                  peerT = PeerT}) ->
-    #peer{pid = Pid,
-          type = accept,
-          ref = Ref,
-          options = Opts}
-        = fetch(PeerT, Pid),
-
-    c(Pid, have_transport(SvcName, Ref), Opts).
-
-%% Tell watchdog to (maybe) die later ...
-c(Pid, true, Opts) ->
-    Tc = proplists:get_value(reconnect_timer, Opts, 2*?DEFAULT_TC),
-    erlang:send_after(Tc, Pid, close);
-
-%% ... or now.
-c(Pid, false, _Opts) ->
-    Pid ! close.
-
-%% The RFC's only document the behaviour of Tc, our reconnect_timer,
-%% for the establishment of connections but we also give
-%% reconnect_timer semantics for a listener, being the time within
-%% which a new connection attempt is expected of a connecting peer.
-%% The value should be greater than the peer's Tc + jitter.
-
-%%% ---------------------------------------------------------------------------
-%%% # reconnect/2
-%%% ---------------------------------------------------------------------------
-
-reconnect(Pid, #state{service_name = SvcName,
-                      peerT = PeerT}) ->
-    #peer{ref = Ref,
-          type = connect,
-          options = Opts}
-        = fetch(PeerT, Pid),
-    send_event(SvcName, {reconnect, Ref, Opts}).
-
-%%% ---------------------------------------------------------------------------
-%%% # call_module/4
-%%% ---------------------------------------------------------------------------
-
-%% Backwards compatibility and never documented/advertised. May be
-%% removed.
-
-call_module(Mod, Req, From, #state{service
-                                   = #diameter_service{applications = Apps},
-                                   service_name = Svc}
-                            = S) ->
-    case cm([A || A <- Apps, Mod == hd(A#diameter_app.module)],
-            Req,
-            From,
-            Svc)
-    of
-        {reply = T, RC} ->
-            {T, RC, S};
-        noreply = T ->
-            {T, S};
-        Reason ->
-            {reply, {error, Reason}, S}
-    end.
-
-cm([#diameter_app{module = ModX, alias = Alias}], Req, From, Svc) ->
-    MFA = {ModX, handle_call, [Req, From, Svc]},
-
-    try state_cb(MFA, Alias) of
-        {noreply = T, ModS} ->
-            mod_state(Alias, ModS),
-            T;
-        {reply = T, RC, ModS} ->
-            mod_state(Alias, ModS),
-            {T, RC};
-        T ->
-            diameter_lib:error_report({invalid, T}, MFA),
-            invalid
-    catch
-        E: Reason ->
-            diameter_lib:error_report({failure, {E, Reason, ?STACK}}, MFA),
-            failure
-    end;
-
-cm([], _, _, _) ->
-    unknown;
-
-cm([_,_|_], _, _, _) ->
-    multiple.
-
-%%% ---------------------------------------------------------------------------
-%%% # send_request/5
-%%% ---------------------------------------------------------------------------
-
-%% Send an outgoing request in its dedicated process.
-%%
-%% Note that both encode of the outgoing request and of the received
-%% answer happens in this process. It's also this process that replies
-%% to the caller. The service process only handles the state-retaining
-%% callbacks.
-%%
-%% The mod field of the #diameter_app{} here includes any extra
-%% arguments passed to diameter:call/2.
-
-send_request({TPid, Caps, App}, Msg, Opts, Caller, SvcName) ->
-    #diameter_app{module = ModX}
-        = App,
-
-    Pkt = make_packet(Msg),
-
-    case cb(ModX, prepare_request, [Pkt, SvcName, {TPid, Caps}]) of
-        {send, P} ->
-            send_request(make_packet(P, Pkt),
-                         TPid,
-                         Caps,
-                         App,
-                         Opts,
-                         Caller,
-                         SvcName);
-        {discard, Reason} ->
-            {error, Reason};
-        discard ->
-            {error, discarded};
-        T ->
-            ?ERROR({invalid_return, prepare_request, App, T})
-    end.
-
-%% make_packet/1
-%%
-%% Turn an outgoing request as passed to call/4 into a diameter_packet
-%% record in preparation for a prepare_request callback.
-
-make_packet(Bin)
-  when is_binary(Bin) ->
-    #diameter_packet{header = diameter_codec:decode_header(Bin),
-                     bin = Bin};
-
-make_packet(#diameter_packet{msg = [#diameter_header{} = Hdr | Avps]} = Pkt) ->
-    Pkt#diameter_packet{msg = [make_header(Hdr) | Avps]};
-
-make_packet(#diameter_packet{header = Hdr} = Pkt) ->
-    Pkt#diameter_packet{header = make_header(Hdr)};
-
-make_packet(Msg) ->
-    make_packet(#diameter_packet{msg = Msg}).
-
-%% make_header/1
-
-make_header(undefined) ->
-    Seq = diameter_session:sequence(),
-    make_header(#diameter_header{end_to_end_id = Seq,
-                                 hop_by_hop_id = Seq});
-
-make_header(#diameter_header{version = undefined} = Hdr) ->
-    make_header(Hdr#diameter_header{version = ?DIAMETER_VERSION});
-
-make_header(#diameter_header{end_to_end_id = undefined} = H) ->
-    Seq = diameter_session:sequence(),
-    make_header(H#diameter_header{end_to_end_id = Seq});
-
-make_header(#diameter_header{hop_by_hop_id = undefined} = H) ->
-    Seq = diameter_session:sequence(),
-    make_header(H#diameter_header{hop_by_hop_id = Seq});
-
-make_header(#diameter_header{} = Hdr) ->
-    Hdr;
-
-make_header(T) ->
-    ?ERROR({invalid_header, T}).
-
-%% make_packet/2
-%%
-%% Reconstruct a diameter_packet from the return value of
-%% prepare_request or prepare_retransmit callback.
-
-make_packet(Bin, _)
-  when is_binary(Bin) ->
-    make_packet(Bin);
-
-make_packet(#diameter_packet{msg = [#diameter_header{} | _]} = Pkt, _) ->
-    Pkt;
-
-%% Returning a diameter_packet with no header from a prepare_request
-%% or prepare_retransmit callback retains the header passed into it.
-%% This is primarily so that the end to end and hop by hop identifiers
-%% are retained.
-make_packet(#diameter_packet{header = Hdr} = Pkt,
-            #diameter_packet{header = Hdr0}) ->
-    Pkt#diameter_packet{header = fold_record(Hdr0, Hdr)};
-
-make_packet(Msg, Pkt) ->
-    Pkt#diameter_packet{msg = Msg}.
-
-%% fold_record/2
-
-fold_record(undefined, R) ->
-    R;
-fold_record(Rec, R) ->
-    diameter_lib:fold_tuple(2, Rec, R).
-
-%% send_request/7
-
-send_request(Pkt, TPid, Caps, App, Opts, Caller, SvcName) ->
-    #diameter_app{alias = Alias,
-                  dictionary = Dict,
-                  module = ModX,
-                  answer_errors = AE}
-        = App,
-
-    EPkt = encode(Dict, Pkt),
-
-    #options{filter = Filter,
-             timeout = Timeout}
-        = Opts,
-
-    Req = #request{packet = Pkt,
-                   from = Caller,
-                   handler = self(),
-                   transport = TPid,
-                   caps = Caps,
-                   app = Alias,
-                   filter = Filter,
-                   dictionary = Dict,
-                   module = ModX},
-
-    try
-        TRef = send_request(TPid, EPkt, Req, Timeout),
-        ack(Caller),
-        handle_answer(SvcName, AE, recv_answer(Timeout, SvcName, {TRef, Req}))
-    after
-        erase_request(EPkt)
-    end.
-
-%% Tell caller a send has been attempted.
-ack({Pid, Ref}) ->
-    Pid ! Ref.
-
-%% recv_answer/3
-
-recv_answer(Timeout,
-            SvcName,
-            {TRef, #request{from = {_, Ref}, packet = RPkt} = Req}
-            = T) ->
-
-    %% Matching on TRef below ensures we ignore messages that pertain
-    %% to a previous transport prior to failover. The answer message
-    %% includes the #request{} since it's not necessarily Req; that
-    %% is, from the last peer to which we've transmitted.
-
-    receive
-        {answer = A, Ref, Rq, Pkt} ->     %% Answer from peer
-            {A, Rq, Pkt};
-        {timeout = Reason, TRef, _} ->    %% No timely reply
-            {error, Req, Reason};
-        {failover = Reason, TRef, false} ->  %% No alternate peer
-            {error, Req, Reason};
-        {failover, TRef, Transport} ->    %% Resend to alternate peer
-            try_retransmit(Timeout, SvcName, Req, Transport);
-        {failover, TRef} ->  %% May have missed failover notification
-            Seqs = diameter_codec:sequence_numbers(RPkt),
-            Pid  = whois(SvcName),
-            is_pid(Pid) andalso (Pid ! {failover, TRef, Seqs}),
-            recv_answer(Timeout, SvcName, T)
-    end.
-%% Note that failover starts a new timer and that expiry of an old
-%% timer value is ignored. This means that an answer could be accepted
-%% from a peer after timeout in the case of failover.
-
-try_retransmit(Timeout, SvcName, Req, Transport) ->
-    try retransmit(Transport, Req, SvcName, Timeout) of
-        T -> recv_answer(Timeout, SvcName, T)
-    catch
-        ?FAILURE(Reason) -> {error, Req, Reason}
-    end.
-
-%% handle_error/3
-
-handle_error(Req, Reason, SvcName) ->
-    #request{module = ModX,
-             packet = Pkt,
-             transport = TPid,
-             caps = Caps}
-        = Req,
-    cb(ModX, handle_error, [Reason, msg(Pkt), SvcName, {TPid, Caps}]).
-
-msg(#diameter_packet{msg = undefined, bin = Bin}) ->
-    Bin;
-msg(#diameter_packet{msg = Msg}) ->
-    Msg.
-
-%% encode/2
-
-%% Note that prepare_request can return a diameter_packet containing
-%% header or transport_data. Even allow the returned record to contain
-%% an encoded binary. This isn't the usual case but could some in
-%% handy, for test at least. (For example, to send garbage.)
-
-%% The normal case: encode the returned message.
-encode(Dict, #diameter_packet{msg = Msg, bin = undefined} = Pkt) ->
-    D = pick_dictionary([Dict, ?BASE], Msg),
-    diameter_codec:encode(D, Pkt);
-
-%% Callback has returned an encoded binary: just send.
-encode(_, #diameter_packet{} = Pkt) ->
-    Pkt.
-
-%% pick_dictionary/2
-
-%% Pick the first dictionary that declares the application id in the
-%% specified header.
-pick_dictionary(Ds, [#diameter_header{application_id = Id} | _]) ->
-    pd(Ds, fun(D) -> Id = D:id() end);
-
-%% Pick the first dictionary that knows the specified message name.
-pick_dictionary(Ds, [MsgName|_]) ->
-    pd(Ds, fun(D) -> D:msg2rec(MsgName) end);
-
-%% Pick the first dictionary that knows the name of the specified
-%% message record.
-pick_dictionary(Ds, Rec) ->
-    Name = element(1, Rec),
-    pd(Ds, fun(D) -> D:rec2msg(Name) end).
-
-pd([D|Ds], F) ->
-    try
-        F(D),
-        D
-    catch
-        error:_ ->
-            pd(Ds, F)
-    end;
-
-pd([], _) ->
-    ?ERROR(no_dictionary).
-
-%% send_request/4
-
-send_request(TPid, #diameter_packet{bin = Bin} = Pkt, Req, Timeout)
-  when node() == node(TPid) ->
-    %% Store the outgoing request before sending to avoid a race with
-   %% reply reception.
-    TRef = store_request(TPid, Bin, Req, Timeout),
-    send(TPid, Pkt),
-    TRef;
-
-%% Send using a remote transport: spawn a process on the remote node
-%% to relay the answer.
-send_request(TPid, #diameter_packet{} = Pkt, Req, Timeout) ->
-    TRef = erlang:start_timer(Timeout, self(), timeout),
-    T = {TPid, Pkt, Req, Timeout, TRef},
-    spawn(node(TPid), ?MODULE, send, [T]),
-    TRef.
-
-%% send/1
-
-send({TPid, Pkt, #request{handler = Pid} = Req, Timeout, TRef}) ->
-    Ref = send_request(TPid, Pkt, Req#request{handler = self()}, Timeout),
-    Pid ! reref(receive T -> T end, Ref, TRef).
-
-reref({T, Ref, R}, Ref, TRef) ->
-    {T, TRef, R};
-reref(T, _, _) ->
-    T.
-
-%% send/2
-
-send(Pid, Pkt) ->
-    Pid ! {send, Pkt}.
-
-%% retransmit/4
-
-retransmit({TPid, Caps, #diameter_app{alias = Alias} = App},
-           #request{app = Alias,
-                    packet = Pkt}
-           = Req,
-           SvcName,
-           Timeout) ->
-    have_request(Pkt, TPid)      %% Don't failover to a peer we've
-        andalso ?THROW(timeout), %% already sent to.
-
-    case cb(App, prepare_retransmit, [Pkt, SvcName, {TPid, Caps}]) of
-        {send, P} ->
-            retransmit(make_packet(P, Pkt), TPid, Caps, Req, Timeout);
-        {discard, Reason} ->
-            ?THROW(Reason);
-        discard ->
-            ?THROW(discarded);
-        T ->
-            ?ERROR({invalid_return, prepare_retransmit, App, T})
-    end.
-
-%% retransmit/5
-
-retransmit(Pkt, TPid, Caps, #request{dictionary = Dict} = Req, Timeout) ->
-    EPkt = encode(Dict, Pkt),
-
-    NewReq = Req#request{transport = TPid,
-                         packet = Pkt,
-                         caps = Caps},
-
-    ?LOG(retransmission, NewReq),
-    TRef = send_request(TPid, EPkt, NewReq, Timeout),
-    {TRef, NewReq}.
-
-%% store_request/4
-
-store_request(TPid, Bin, Req, Timeout) ->
-    Seqs = diameter_codec:sequence_numbers(Bin),
-    TRef = erlang:start_timer(Timeout, self(), timeout),
-    ets:insert(?REQUEST_TABLE, {Seqs, Req, TRef}),
-    ets:member(?REQUEST_TABLE, TPid)
-        orelse (self() ! {failover, TRef}),  %% possibly missed failover
-    TRef.
-
-%% lookup_request/2
-
-lookup_request(Msg, TPid)
-  when is_pid(TPid) ->
-    lookup(Msg, TPid, '_');
-
-lookup_request(Msg, TRef)
-  when is_reference(TRef) ->
-    lookup(Msg, '_', TRef).
-
-lookup(Msg, TPid, TRef) ->
-    Seqs = diameter_codec:sequence_numbers(Msg),
-    Spec = [{{Seqs, #request{transport = TPid, _ = '_'}, TRef},
-             [],
-             ['$_']}],
-    case ets:select(?REQUEST_TABLE, Spec) of
-        [{_, Req, _}] ->
-            Req;
-        [] ->
-            false
-    end.
-
-%% erase_request/1
-
-erase_request(Pkt) ->
-    ets:delete(?REQUEST_TABLE, diameter_codec:sequence_numbers(Pkt)).
-
-%% match_requests/1
-
-match_requests(TPid) ->
-    Pat = {'_', #request{transport = TPid, _ = '_'}, '_'},
-    ets:select(?REQUEST_TABLE, [{Pat, [], ['$_']}]).
-
-%% have_request/2
-
-have_request(Pkt, TPid) ->
-    Seqs = diameter_codec:sequence_numbers(Pkt),
-    Pat = {Seqs, #request{transport = TPid, _ = '_'}, '_'},
-    '$end_of_table' /= ets:select(?REQUEST_TABLE, [{Pat, [], ['$_']}], 1).
-
-%% request_peer_up/1
-
-request_peer_up(TPid) ->
-    ets:insert(?REQUEST_TABLE, {TPid}).
-
-%% request_peer_down/2
-
-request_peer_down(TPid, S) ->
-    ets:delete(?REQUEST_TABLE, TPid),
-    lists:foreach(fun(T) -> failover(T,S) end, match_requests(TPid)).
-%% Note that a request process can store its request after failover
-%% notifications are sent here: store_request/4 sends the notification
-%% in that case. Note also that we'll send as many notifications to a
-%% given handler as there are peers its sent to. All but one of these
-%% will be ignored.
-
-%%% ---------------------------------------------------------------------------
-%%% recv_request/3
-%%% ---------------------------------------------------------------------------
-
-recv_request(TPid, Pkt, {ConnT, SvcName, Apps}) ->
-    try ets:lookup(ConnT, TPid) of
-        [C] ->
-            recv_request(C, TPid, Pkt, SvcName, Apps);
-        [] ->             %% transport has gone down
-            ok
-    catch
-        error: badarg ->  %% service has gone down (and taken table with it)
-            ok
-    end.
-
-%% recv_request/5
-
-recv_request(#conn{apps = SApps, caps = Caps}, TPid, Pkt, SvcName, Apps) ->
-    #diameter_caps{origin_host = {OH,_},
-                   origin_realm = {OR,_}}
-        = Caps,
-
-    #diameter_packet{header = #diameter_header{application_id = Id}}
-        = Pkt,
-
-    recv_request(find_recv_app(Id, SApps),
-                 {SvcName, OH, OR},
-                 TPid,
-                 Apps,
-                 Caps,
-                 Pkt).
-
-%% find_recv_app/2
-
-%% No one should be sending the relay identifier.
-find_recv_app(?APP_ID_RELAY, _) ->
-    false;
-
-%% With any other id we either support it locally or as a relay.
-find_recv_app(Id, SApps) ->
-    keyfind([Id, ?APP_ID_RELAY], 1, SApps).
-
-%% keyfind/3
-
-keyfind([], _, _) ->
-    false;
-keyfind([Key | Rest], Pos, L) ->
-    case lists:keyfind(Key, Pos, L) of
-        false ->
-            keyfind(Rest, Pos, L);
-        T ->
-            T
-    end.
-
-%% recv_request/6
-
-recv_request({Id, Alias}, T, TPid, Apps, Caps, Pkt) ->
-    #diameter_app{dictionary = Dict}
-        = A
-        = find_app(Alias, Apps),
-    recv_request(T, {TPid, Caps}, A, diameter_codec:decode(Id, Dict, Pkt));
-%% Note that the decode is different depending on whether or not Id is
-%% ?APP_ID_RELAY.
-
-%%   DIAMETER_APPLICATION_UNSUPPORTED   3007
-%%      A request was sent for an application that is not supported.
-
-recv_request(false, T, TPid, _, _, Pkt) ->
-    As = collect_avps(Pkt),
-    protocol_error(3007, T, TPid, Pkt#diameter_packet{avps = As}).
-
-collect_avps(Pkt) ->
-    case diameter_codec:collect_avps(Pkt) of
-        {_Bs, As} ->
-            As;
-        As ->
-            As
-    end.
-
-%% recv_request/4
-
-%% Wrong number of bits somewhere in the message: reply.
-%%
-%%   DIAMETER_INVALID_AVP_BITS          3009
-%%      A request was received that included an AVP whose flag bits are
-%%      set to an unrecognized value, or that is inconsistent with the
-%%      AVP's definition.
-%%
-recv_request(T, {TPid, _}, _, #diameter_packet{errors = [Bs | _]} = Pkt)
-  when is_bitstring(Bs) ->
-    protocol_error(3009, T, TPid, Pkt);
-
-%% Either we support this application but don't recognize the command
-%% or we're a relay and the command isn't proxiable.
-%%
-%%   DIAMETER_COMMAND_UNSUPPORTED       3001
-%%      The Request contained a Command-Code that the receiver did not
-%%      recognize or support.  This MUST be used when a Diameter node
-%%      receives an experimental command that it does not understand.
-%%
-recv_request(T,
-             {TPid, _},
-             #diameter_app{id = Id},
-             #diameter_packet{header = #diameter_header{is_proxiable = P},
-                              msg = M}
-             = Pkt)
-  when ?APP_ID_RELAY /= Id, undefined == M;
-       ?APP_ID_RELAY == Id, not P ->
-    protocol_error(3001, T, TPid, Pkt);
-
-%% Error bit was set on a request.
-%%
-%%   DIAMETER_INVALID_HDR_BITS          3008
-%%      A request was received whose bits in the Diameter header were
-%%      either set to an invalid combination, or to a value that is
-%%      inconsistent with the command code's definition.
-%%
-recv_request(T,
-             {TPid, _},
-             _,
-             #diameter_packet{header = #diameter_header{is_error = true}}
-             = Pkt) ->
-    protocol_error(3008, T, TPid, Pkt);
-
-%% A message in a locally supported application or a proxiable message
-%% in the relay application. Don't distinguish between the two since
-%% each application has its own callback config. That is, the user can
-%% easily distinguish between the two cases.
-recv_request(T, TC, App, Pkt) ->
-    request_cb(T, TC, App, examine(Pkt)).
-
-%% Note that there may still be errors but these aren't protocol
-%% (3xxx) errors that lead to an answer-message.
-
-request_cb({SvcName, _OH, _OR} = T, TC, App, Pkt) ->
-    request_cb(cb(App, handle_request, [Pkt, SvcName, TC]), App, T, TC, Pkt).
-
-%% examine/1
-%%
-%% Look for errors in a decoded message. Length errors result in
-%% decode failure in diameter_codec.
-
-examine(#diameter_packet{header = #diameter_header{version
-                                                   = ?DIAMETER_VERSION}}
-        = Pkt) ->
-    Pkt;
-
-%%   DIAMETER_UNSUPPORTED_VERSION       5011
-%%      This error is returned when a request was received, whose version
-%%      number is unsupported.
-
-examine(#diameter_packet{errors = Es} = Pkt) ->
-    Pkt#diameter_packet{errors = [5011 | Es]}.
-%% It's odd/unfortunate that this isn't a protocol error.
-
-%% request_cb/5
-
-%% A reply may be an answer-message, constructed either here or by
-%% the handle_request callback. The header from the incoming request
-%% is passed into the encode so that it can retrieve the relevant
-%% command code in this case. It will also then ignore Dict and use
-%% the base encoder.
-request_cb({reply, Ans},
-           #diameter_app{dictionary = Dict},
-           _,
-           {TPid, _},
-           Pkt) ->
-    reply(Ans, Dict, TPid, Pkt);
-
-%% An 3xxx result code, for which the E-bit is set in the header.
-request_cb({protocol_error, RC}, _, T, {TPid, _}, Pkt)
-  when 3000 =< RC, RC < 4000 ->
-    protocol_error(RC, T, TPid, Pkt);
-
-%% RFC 3588 says we must reply 3001 to anything unrecognized or
-%% unsupported. 'noreply' is undocumented (and inappropriately named)
-%% backwards compatibility for this, protocol_error the documented
-%% alternative.
-request_cb(noreply, _, T, {TPid, _}, Pkt) ->
-    protocol_error(3001, T, TPid, Pkt);
-
-%% Relay a request to another peer. This is equivalent to doing an
-%% explicit call/4 with the message in question except that (1) a loop
-%% will be detected by examining Route-Record AVP's, (3) a
-%% Route-Record AVP will be added to the outgoing request and (3) the
-%% End-to-End Identifier will default to that in the
-%% #diameter_header{} without the need for an end_to_end_identifier
-%% option.
-%%
-%% relay and proxy are similar in that they require the same handling
-%% with respect to Route-Record and End-to-End identifier. The
-%% difference is that a proxy advertises specific applications, while
-%% a relay advertises the relay application. If a callback doesn't
-%% want to distinguish between the cases in the callback return value
-%% then 'resend' is a neutral alternative.
-%%
-request_cb({A, Opts},
-           #diameter_app{id = Id}
-           = App,
-           T,
-           TC,
-           Pkt)
-  when A == relay, Id == ?APP_ID_RELAY;
-       A == proxy, Id /= ?APP_ID_RELAY;
-       A == resend ->
-    resend(Opts, App, T, TC, Pkt);
-
-request_cb(discard, _, _, _, _) ->
-    ok;
-
-request_cb({eval, RC, F}, App, T, TC, Pkt) ->
-    request_cb(RC, App, T, TC, Pkt),
-    diameter_lib:eval(F).
-
-%% protocol_error/4
-
-protocol_error(RC, {_, OH, OR}, TPid, #diameter_packet{avps = Avps} = Pkt) ->
-    ?LOG({error, RC}, Pkt),
-    reply(answer_message({OH, OR, RC}, Avps), ?BASE, TPid, Pkt).
-
-%% resend/5
-%%
-%% Resend a message as a relay or proxy agent.
-
-resend(Opts,
-       #diameter_app{} = App,
-       {_SvcName, OH, _OR} = T,
-       {_TPid, _Caps} = TC,
-       #diameter_packet{avps = Avps} = Pkt) ->
-    {Code, _Flags, Vid} = ?BASE:avp_header('Route-Record'),
-    resend(is_loop(Code, Vid, OH, Avps), Opts, App, T, TC, Pkt).
-
-%%   DIAMETER_LOOP_DETECTED             3005
-%%      An agent detected a loop while trying to get the message to the
-%%      intended recipient.  The message MAY be sent to an alternate peer,
-%%      if one is available, but the peer reporting the error has
-%%      identified a configuration problem.
-
-resend(true, _, _, T, {TPid, _}, Pkt) ->  %% Route-Record loop
-    protocol_error(3005, T, TPid, Pkt);
-
-%% 6.1.8.  Relaying and Proxying Requests
-%%
-%%   A relay or proxy agent MUST append a Route-Record AVP to all requests
-%%   forwarded.  The AVP contains the identity of the peer the request was
-%%   received from.
-
-resend(false,
-       Opts,
-       App,
-       {SvcName, _, _} = T,
-       {TPid, #diameter_caps{origin_host = {_, OH}}},
-       #diameter_packet{header = Hdr0,
-                        avps = Avps}
-       = Pkt) ->
-    Route = #diameter_avp{data = {?BASE, 'Route-Record', OH}},
-    Seq = diameter_session:sequence(),
-    Hdr = Hdr0#diameter_header{hop_by_hop_id = Seq},
-    Msg = [Hdr, Route | Avps],
-    resend(call(SvcName, App, Msg, Opts), T, TPid, Pkt).
-%% The incoming request is relayed with the addition of a
-%% Route-Record. Note the requirement on the return from call/4 below,
-%% which places a requirement on the value returned by the
-%% handle_answer callback of the application module in question.
-%%
-%% Note that there's nothing stopping the request from being relayed
-%% back to the sender. A pick_peer callback may want to avoid this but
-%% a smart peer might recognize the potential loop and choose another
-%% route. A less smart one will probably just relay the request back
-%% again and force us to detect the loop. A pick_peer that wants to
-%% avoid this can specify filter to avoid the possibility.
-%% Eg. {neg, {host, OH} where #diameter_caps{origin_host = {OH, _}}.
-%%
-%% RFC 6.3 says that a relay agent does not modify Origin-Host but
-%% says nothing about a proxy. Assume it should behave the same way.
-
-%% resend/4
-%%
-%% Relay a reply to a relayed request.
-
-%% Answer from the peer: reset the hop by hop identifier and send.
-resend(#diameter_packet{bin = B}
-       = Pkt,
-       _,
-       TPid,
-       #diameter_packet{header = #diameter_header{hop_by_hop_id = Id},
-                        transport_data = TD}) ->
-    send(TPid, Pkt#diameter_packet{bin = diameter_codec:hop_by_hop_id(Id, B),
-                                   transport_data = TD});
-%% TODO: counters
-
-%% Or not: DIAMETER_UNABLE_TO_DELIVER.
-resend(_, T, TPid, Pkt) ->
-    protocol_error(3002, T, TPid, Pkt).
-
-%% is_loop/4
-%%
-%% Is there a Route-Record AVP with our Origin-Host?
-
-is_loop(Code,
-        Vid,
-        Bin,
-        [#diameter_avp{code = Code, vendor_id = Vid, data = Bin} | _]) ->
-    true;
-
-is_loop(_, _, _, []) ->
-    false;
-
-is_loop(Code, Vid, OH, [_ | Avps])
-  when is_binary(OH) ->
-    is_loop(Code, Vid, OH, Avps);
-
-is_loop(Code, Vid, OH, Avps) ->
-    is_loop(Code, Vid, ?BASE:avp(encode, OH, 'Route-Record'), Avps).
-
-%% reply/4
-%%
-%% Send a locally originating reply.
-
-%% No errors or a diameter_header/avp list.
-reply(Msg, Dict, TPid, #diameter_packet{errors = Es,
-                                        transport_data = TD}
-                       = ReqPkt)
-  when [] == Es;
-       is_record(hd(Msg), diameter_header) ->
-    Pkt = diameter_codec:encode(Dict, make_reply_packet(Msg, ReqPkt)),
-    incr(send, Pkt, Dict, TPid),  %% count result codes in sent answers
-    send(TPid, Pkt#diameter_packet{transport_data = TD});
-
-%% Or not: set Result-Code and Failed-AVP AVP's.
-reply(Msg, Dict, TPid, #diameter_packet{errors = [H|_] = Es} = Pkt) ->
-    reply(rc(Msg, rc(H), [A || {_,A} <- Es], Dict),
-          Dict,
-          TPid,
-          Pkt#diameter_packet{errors = []}).
-
-%% make_reply_packet/2
-
-%% Binaries and header/avp lists are sent as-is.
-make_reply_packet(Bin, _)
-  when is_binary(Bin) ->
-    #diameter_packet{bin = Bin};
-make_reply_packet([#diameter_header{} | _] = Msg, _) ->
-    #diameter_packet{msg = Msg};
-
-%% Otherwise a reply message clears the R and T flags and retains the
-%% P flag. The E flag will be set at encode.
-make_reply_packet(Msg, #diameter_packet{header = ReqHdr}) ->
-    Hdr = ReqHdr#diameter_header{version = ?DIAMETER_VERSION,
-                                 is_request = false,
-                                 is_error = undefined,
-                                 is_retransmitted = false},
-    #diameter_packet{header = Hdr,
-                     msg = Msg}.
-
-%% rc/1
-
-rc({RC, _}) ->
-    RC;
-rc(RC) ->
-    RC.
-
-%% rc/4
-
-rc(Rec, RC, Failed, Dict)
-  when is_integer(RC) ->
-    set(Rec, [{'Result-Code', RC} | failed_avp(Rec, Failed, Dict)], Dict).
-
-%% Reply as name and tuple list ...
-set([_|_] = Ans, Avps, _) ->
-    Ans ++ Avps;  %% Values nearer tail take precedence.
-
-%% ... or record.
-set(Rec, Avps, Dict) ->
-    Dict:'#set-'(Avps, Rec).
-
-%% failed_avp/3
-
-failed_avp(_, [] = No, _) ->
-    No;
-
-failed_avp(Rec, Failed, Dict) ->
-    [fa(Rec, [{'AVP', Failed}], Dict)].
-
-%% Reply as name and tuple list ...
-fa([MsgName | Values], FailedAvp, Dict) ->
-    R = Dict:msg2rec(MsgName),
-    try
-        Dict:'#info-'(R, {index, 'Failed-AVP'}),
-        {'Failed-AVP', [FailedAvp]}
-    catch
-        error: _ ->
-            Avps = proplists:get_value('AVP', Values, []),
-            A = #diameter_avp{name = 'Failed-AVP',
-                              value = FailedAvp},
-            {'AVP', [A|Avps]}
-    end;
-
-%% ... or record.
-fa(Rec, FailedAvp, Dict) ->
-    try
-        {'Failed-AVP', [FailedAvp]}
-    catch
-        error: _ ->
-            Avps = Dict:'get-'('AVP', Rec),
-            A = #diameter_avp{name = 'Failed-AVP',
-                              value = FailedAvp},
-            {'AVP', [A|Avps]}
-    end.
-
-%% 3.  Diameter Header
-%%
-%%       E(rror)     - If set, the message contains a protocol error,
-%%                     and the message will not conform to the ABNF
-%%                     described for this command.  Messages with the 'E'
-%%                     bit set are commonly referred to as error
-%%                     messages.  This bit MUST NOT be set in request
-%%                     messages.  See Section 7.2.
-
-%% 3.2.  Command Code ABNF specification
-%%
-%%    e-bit            = ", ERR"
-%%                       ; If present, the 'E' bit in the Command
-%%                       ; Flags is set, indicating that the answer
-%%                       ; message contains a Result-Code AVP in
-%%                       ; the "protocol error" class.
-
-%% 7.1.3.  Protocol Errors
-%%
-%%    Errors that fall within the Protocol Error category SHOULD be treated
-%%    on a per-hop basis, and Diameter proxies MAY attempt to correct the
-%%    error, if it is possible.  Note that these and only these errors MUST
-%%    only be used in answer messages whose 'E' bit is set.
-
-%% Thus, only construct answers to protocol errors. Other errors
-%% require an message-specific answer and must be handled by the
-%% application.
-
-%% 6.2.  Diameter Answer Processing
-%%
-%%    When a request is locally processed, the following procedures MUST be
-%%    applied to create the associated answer, in addition to any
-%%    additional procedures that MAY be discussed in the Diameter
-%%    application defining the command:
-%%
-%%    -  The same Hop-by-Hop identifier in the request is used in the
-%%       answer.
-%%
-%%    -  The local host's identity is encoded in the Origin-Host AVP.
-%%
-%%    -  The Destination-Host and Destination-Realm AVPs MUST NOT be
-%%       present in the answer message.
-%%
-%%    -  The Result-Code AVP is added with its value indicating success or
-%%       failure.
-%%
-%%    -  If the Session-Id is present in the request, it MUST be included
-%%       in the answer.
-%%
-%%    -  Any Proxy-Info AVPs in the request MUST be added to the answer
-%%       message, in the same order they were present in the request.
-%%
-%%    -  The 'P' bit is set to the same value as the one in the request.
-%%
-%%    -  The same End-to-End identifier in the request is used in the
-%%       answer.
-%%
-%%    Note that the error messages (see Section 7.3) are also subjected to
-%%    the above processing rules.
-
-%% 7.3.  Error-Message AVP
-%%
-%%    The Error-Message AVP (AVP Code 281) is of type UTF8String.  It MAY
-%%    accompany a Result-Code AVP as a human readable error message.  The
-%%    Error-Message AVP is not intended to be useful in real-time, and
-%%    SHOULD NOT be expected to be parsed by network entities.
-
-%% answer_message/2
-
-answer_message({OH, OR, RC}, Avps) ->
-    {Code, _, Vid} = ?BASE:avp_header('Session-Id'),
-    ['answer-message', {'Origin-Host', OH},
-                       {'Origin-Realm', OR},
-                       {'Result-Code', RC}
-                       | session_id(Code, Vid, Avps)].
-
-session_id(Code, Vid, Avps)
-  when is_list(Avps) ->
-    try
-        {value, #diameter_avp{data = D}} = find_avp(Code, Vid, Avps),
-        [{'Session-Id', [?BASE:avp(decode, D, 'Session-Id')]}]
-    catch
-        error: _ ->
-            []
-    end.
-
-%% find_avp/3
-
-find_avp(Code, Vid, Avps)
-  when is_integer(Code), (undefined == Vid orelse is_integer(Vid)) ->
-    find(fun(A) -> is_avp(Code, Vid, A) end, Avps).
-
-%% The final argument here could be a list of AVP's, depending on the case,
-%% but we're only searching at the top level.
-is_avp(Code, Vid, #diameter_avp{code = Code, vendor_id = Vid}) ->
-    true;
-is_avp(_, _, _) ->
-    false.
-
-find(_, []) ->
-    false;
-find(Pred, [H|T]) ->
-    case Pred(H) of
-        true ->
-            {value, H};
-        false ->
-            find(Pred, T)
-    end.
-
-%% 7.  Error Handling
-%%
-%%    There are certain Result-Code AVP application errors that require
-%%    additional AVPs to be present in the answer.  In these cases, the
-%%    Diameter node that sets the Result-Code AVP to indicate the error
-%%    MUST add the AVPs.  Examples are:
-%%
-%%    -  An unrecognized AVP is received with the 'M' bit (Mandatory bit)
-%%       set, causes an answer to be sent with the Result-Code AVP set to
-%%       DIAMETER_AVP_UNSUPPORTED, and the Failed-AVP AVP containing the
-%%       offending AVP.
-%%
-%%    -  An AVP that is received with an unrecognized value causes an
-%%       answer to be returned with the Result-Code AVP set to
-%%       DIAMETER_INVALID_AVP_VALUE, with the Failed-AVP AVP containing the
-%%       AVP causing the error.
-%%
-%%    -  A command is received with an AVP that is omitted, yet is
-%%       mandatory according to the command's ABNF.  The receiver issues an
-%%       answer with the Result-Code set to DIAMETER_MISSING_AVP, and
-%%       creates an AVP with the AVP Code and other fields set as expected
-%%       in the missing AVP.  The created AVP is then added to the Failed-
-%%       AVP AVP.
-%%
-%%    The Result-Code AVP describes the error that the Diameter node
-%%    encountered in its processing.  In case there are multiple errors,
-%%    the Diameter node MUST report only the first error it encountered
-%%    (detected possibly in some implementation dependent order).  The
-%%    specific errors that can be described by this AVP are described in
-%%    the following section.
-
-%% 7.5.  Failed-AVP AVP
-%%
-%%    The Failed-AVP AVP (AVP Code 279) is of type Grouped and provides
-%%    debugging information in cases where a request is rejected or not
-%%    fully processed due to erroneous information in a specific AVP.  The
-%%    value of the Result-Code AVP will provide information on the reason
-%%    for the Failed-AVP AVP.
-%%
-%%    The possible reasons for this AVP are the presence of an improperly
-%%    constructed AVP, an unsupported or unrecognized AVP, an invalid AVP
-%%    value, the omission of a required AVP, the presence of an explicitly
-%%    excluded AVP (see tables in Section 10), or the presence of two or
-%%    more occurrences of an AVP which is restricted to 0, 1, or 0-1
-%%    occurrences.
-%%
-%%    A Diameter message MAY contain one Failed-AVP AVP, containing the
-%%    entire AVP that could not be processed successfully.  If the failure
-%%    reason is omission of a required AVP, an AVP with the missing AVP
-%%    code, the missing vendor id, and a zero filled payload of the minimum
-%%    required length for the omitted AVP will be added.
-
-%%% ---------------------------------------------------------------------------
-%%% # handle_answer/3
-%%% ---------------------------------------------------------------------------
-
-%% Process an answer message in call-specific process.
-
-handle_answer(SvcName, _, {error, Req, Reason}) ->
-    handle_error(Req, Reason, SvcName);
-
-handle_answer(SvcName,
-              AnswerErrors,
-              {answer, #request{dictionary = Dict} = Req, Pkt}) ->
-    a(examine(diameter_codec:decode(Dict, Pkt)),
-      SvcName,
-      AnswerErrors,
-      Req).
-
-%% We don't really need to do a full decode if we're a relay and will
-%% just resend with a new hop by hop identifier, but might a proxy
-%% want to examine the answer?
-
-a(#diameter_packet{errors = []}
-  = Pkt,
-  SvcName,
-  AE,
-  #request{transport = TPid,
-           dictionary = Dict,
-           caps = Caps,
-           packet = P}
-  = Req) ->
-    try
-        incr(in, Pkt, Dict, TPid)
-    of
-        _ ->
-            cb(Req, handle_answer, [Pkt, msg(P), SvcName, {TPid, Caps}])
-    catch
-        exit: {invalid_error_bit, _} = E ->
-            e(Pkt#diameter_packet{errors = [E]}, SvcName, AE, Req)
-    end;
-
-a(#diameter_packet{} = Pkt, SvcName, AE, Req) ->
-    e(Pkt, SvcName, AE, Req).
-
-e(Pkt, SvcName, callback, #request{transport = TPid,
-                                   caps = Caps,
-                                   packet = Pkt}
-                          = Req) ->
-    cb(Req, handle_answer, [Pkt, msg(Pkt), SvcName, {TPid, Caps}]);
-e(Pkt, SvcName, report, Req) ->
-    x(errors, handle_answer, [SvcName, Req, Pkt]);
-e(Pkt, SvcName, discard, Req) ->
-    x({errors, handle_answer, [SvcName, Req, Pkt]}).
-
-%% Note that we don't check that the application id in the answer's
-%% header is what we expect. (TODO: Does the rfc says anything about
-%% this?)
-
-%% incr/4
-%%
-%% Increment a stats counter for an incoming or outgoing message.
-
-%% TODO: fix
-incr(_, #diameter_packet{msg = undefined}, _, _) ->
-    ok;
-
-incr(Dir, Pkt, Dict, TPid)
-  when is_pid(TPid) ->
-    #diameter_packet{header = #diameter_header{is_error = E}
-                            = Hdr,
-                     msg = Rec}
-        = Pkt,
-
-    D  = choose(E, ?BASE, Dict),
-    RC = int(get_avp_value(D, 'Result-Code', Rec)),
-    PE = is_protocol_error(RC),
-
-    %% Check that the E bit is set only for 3xxx result codes.
-    (not (E orelse PE))
-        orelse (E andalso PE)
-        orelse x({invalid_error_bit, RC}, answer, [Dir, Pkt]),
-
-    Ctr = rc_counter(D, Rec, RC),
-    is_tuple(Ctr)
-        andalso incr(TPid, {diameter_codec:msg_id(Hdr), Dir, Ctr}).
-
-%% incr/2
-
-incr(TPid, Counter) ->
-    diameter_stats:incr(Counter, TPid, 1).
-
-%% RFC 3588, 7.6:
-%%
-%%   All Diameter answer messages defined in vendor-specific
-%%   applications MUST include either one Result-Code AVP or one
-%%   Experimental-Result AVP.
-%%
-%% Maintain statistics assuming one or the other, not both, which is
-%% surely the intent of the RFC.
-
-rc_counter(_, _, RC)
-  when is_integer(RC) ->
-    {'Result-Code', RC};
-rc_counter(D, Rec, _) ->
-    rcc(get_avp_value(D, 'Experimental-Result', Rec)).
-
-%% Outgoing answers may be in any of the forms messages can be sent
-%% in. Incoming messages will be records. We're assuming here that the
-%% arity of the result code AVP's is 0 or 1.
-
-rcc([{_,_,RC} = T])
-  when is_integer(RC) ->
-    T;
-rcc({_,_,RC} = T)
-  when is_integer(RC) ->
-    T;
-rcc(_) ->
-    undefined.
-
-int([N])
-  when is_integer(N) ->
-    N;
-int(N)
-  when is_integer(N) ->
-    N;
-int(_) ->
-    undefined.
-
-is_protocol_error(RC) ->
-    3000 =< RC andalso RC < 4000.
-
--spec x(any(), atom(), list()) -> no_return().
-
-%% Warn and exit request process on errors in an incoming answer.
-x(Reason, F, A) ->
-    diameter_lib:warning_report(Reason, {?MODULE, F, A}),
-    x(Reason).
-
-x(T) ->
-    exit(T).
-
-%%% ---------------------------------------------------------------------------
-%%% # failover/[23]
-%%% ---------------------------------------------------------------------------
-
-%% Failover as a consequence of request_peer_down/2.
-failover({_, #request{handler = Pid} = Req, TRef}, S) ->
-    Pid ! {failover, TRef, rt(Req, S)}.
-
-%% Failover as a consequence of store_request/4.
-failover(TRef, Seqs, S)
-  when is_reference(TRef) ->
-    case lookup_request(Seqs, TRef) of
-        #request{} = Req ->
-            failover({Seqs, Req, TRef}, S);
-        false ->
-            ok
-    end.
-
-%% prepare_request returned a binary ...
-rt(#request{packet = #diameter_packet{msg = undefined}}, _) ->
-    false;  %% TODO: Not what we should do.
-
-%% ... or not.
-rt(#request{packet = #diameter_packet{msg = Msg}, dictionary = D} = Req, S) ->
-    find_transport(get_destination(Msg, D), Req, S).
-
-%%% ---------------------------------------------------------------------------
-%%% # report_status/5
-%%% ---------------------------------------------------------------------------
-
-report_status(Status,
-              #peer{ref = Ref,
-                    conn = TPid,
-                    type = Type,
-                    options = Opts},
-              #conn{apps = [_|_] = As,
-                    caps = Caps},
-              #state{service_name = SvcName}
-              = S,
-              Extra) ->
-    share_peer(Status, Caps, As, TPid, S),
-    Info = [Status, Ref, {TPid, Caps}, {type(Type), Opts} | Extra],
-    send_event(SvcName, list_to_tuple(Info)).
-
-%% send_event/2
-
-send_event(SvcName, Info) ->
-    send_event(#diameter_event{service = SvcName,
-                               info = Info}).
-
-send_event(#diameter_event{service = SvcName} = E) ->
-    lists:foreach(fun({_, Pid}) -> Pid ! E end, subscriptions(SvcName)).
-
-%%% ---------------------------------------------------------------------------
-%%% # share_peer/5
-%%% ---------------------------------------------------------------------------
-
-share_peer(up, Caps, Aliases, TPid, #state{share_peers = true,
-                                           service_name = Svc}) ->
-    diameter_peer:notify(Svc, {peer, TPid, Aliases, Caps});
-
-share_peer(_, _, _, _, _) ->
-    ok.
-
-%%% ---------------------------------------------------------------------------
-%%% # share_peers/2
-%%% ---------------------------------------------------------------------------
-
-share_peers(Pid, #state{share_peers = true,
-                        local_peers = PDict}) ->
-    ?Dict:fold(fun(A,Ps,ok) -> sp(Pid, A, Ps), ok end, ok, PDict);
-
-share_peers(_, #state{share_peers = false}) ->
-    ok.
-
-sp(Pid, Alias, Peers) ->
-    lists:foreach(fun({P,C}) -> Pid ! {peer, P, [Alias], C} end, Peers).
-
-%%% ---------------------------------------------------------------------------
-%%% # remote_peer_up/4
-%%% ---------------------------------------------------------------------------
-
-remote_peer_up(Pid, Aliases, Caps, #state{use_shared_peers = true,
-                                          service = Svc,
-                                          shared_peers = PDict}
-                                   = S) ->
-    #diameter_service{applications = Apps} = Svc,
-    Update = lists:filter(fun(A) ->
-                                  lists:keymember(A, #diameter_app.alias, Apps)
-                          end,
-                          Aliases),
-    S#state{shared_peers = rpu(Pid, Caps, PDict, Update)};
-
-remote_peer_up(_, _, _, #state{use_shared_peers = false} = S) ->
-    S.
-
-rpu(_, _, PDict, []) ->
-    PDict;
-rpu(Pid, Caps, PDict, Aliases) ->
-    erlang:monitor(process, Pid),
-    T = {Pid, Caps},
-    lists:foldl(fun(A,D) -> ?Dict:append(A, T, D) end,
-                PDict,
-                Aliases).
-
-%%% ---------------------------------------------------------------------------
-%%% # remote_peer_down/2
-%%% ---------------------------------------------------------------------------
-
-remote_peer_down(Pid, #state{use_shared_peers = true,
-                             shared_peers = PDict}
-                      = S) ->
-    S#state{shared_peers = lists:foldl(fun(A,D) -> rpd(Pid, A, D) end,
-                                       PDict,
-                                       ?Dict:fetch_keys(PDict))}.
-
-rpd(Pid, Alias, PDict) ->
-    ?Dict:update(Alias, fun(Ps) -> lists:keydelete(Pid, 1, Ps) end, PDict).
-
-%%% ---------------------------------------------------------------------------
-%%% find_transport/[34]
-%%%
-%%% Output: {TransportPid, #diameter_caps{}, #diameter_app{}}
-%%%         | false
-%%%         | {error, Reason}
-%%% ---------------------------------------------------------------------------
-
-%% Initial call, from an arbitrary process.
-find_transport({alias, Alias}, Msg, Opts, #state{service = Svc} = S) ->
-    #diameter_service{applications = Apps} = Svc,
-    ft(find_send_app(Alias, Apps), Msg, Opts, S);
-
-%% Relay or proxy send.
-find_transport(#diameter_app{} = App, Msg, Opts, S) ->
-    ft(App, Msg, Opts, S).
-
-ft(#diameter_app{module = Mod, dictionary = D} = App, Msg, Opts, S) ->
-    #options{filter = Filter,
-             extra = Xtra}
-        = Opts,
-    pick_peer(App#diameter_app{module = Mod ++ Xtra},
-              get_destination(Msg, D),
-              Filter,
-              S);
-ft(false = No, _, _, _) ->
-    No.
-
-%% This can't be used if we're a relay and sending a message
-%% in an application not known locally. (TODO)
-find_send_app(Alias, Apps) ->
-    case lists:keyfind(Alias, #diameter_app.alias, Apps) of
-        #diameter_app{id = ?APP_ID_RELAY} ->
-            false;
-        T ->
-            T
-    end.
-
-%% Retransmission, in the service process.
-find_transport([_,_] = RH,
-               Req,
-               #state{service = #diameter_service{pid = Pid,
-                                                  applications = Apps}}
-               = S)
-  when self() == Pid ->
-    #request{app = Alias,
-             filter = Filter,
-             module = ModX}
-        = Req,
-    #diameter_app{}
-        = App
-        = lists:keyfind(Alias, #diameter_app.alias, Apps),
-
-    pick_peer(App#diameter_app{module = ModX},
-              RH,
-              Filter,
-              S).
-
-%% get_destination/2
-
-get_destination(Msg, Dict) ->
-    [str(get_avp_value(Dict, 'Destination-Realm', Msg)),
-     str(get_avp_value(Dict, 'Destination-Host', Msg))].
-
-%% This is not entirely correct. The avp could have an arity 1, in
-%% which case an empty list is a DiameterIdentity of length 0 rather
-%% than the list of no values we treat it as by mapping to undefined.
-%% This behaviour is documented.
-str([]) ->
-    undefined;
-str(T) ->
-    T.
-
-%% get_avp_value/3
-%%
-%% Find an AVP in a message of one of three forms:
-%%
-%% - a message record (as generated from a .dia spec) or
-%% - a list of an atom message name followed by 2-tuple, avp name/value pairs.
-%% - a list of a #diameter_header{} followed by #diameter_avp{} records,
-%%
-%% In the first two forms a dictionary module is used at encode to
-%% identify the type of the AVP and its arity in the message in
-%% question. The third form allows messages to be sent as is, without
-%% a dictionary, which is needed in the case of relay agents, for one.
-
-get_avp_value(Dict, Name, [#diameter_header{} | Avps]) ->
-    try
-        {Code, _, VId} = Dict:avp_header(Name),
-        [A|_] = lists:dropwhile(fun(#diameter_avp{code = C, vendor_id = V}) ->
-                                        C /= Code orelse V /= VId
-                                end,
-                                Avps),
-        avp_decode(Dict, Name, A)
-    catch
-        error: _ ->
-            undefined
-    end;
-
-get_avp_value(_, Name, [_MsgName | Avps]) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {_, V} ->
-            V;
-        _ ->
-            undefined
-    end;
-
-%% Message is typically a record but not necessarily: diameter:call/4
-%% can be passed an arbitrary term.
-get_avp_value(Dict, Name, Rec) ->
-    try
-        Dict:'#get-'(Name, Rec)
-    catch
-        error:_ ->
-            undefined
-    end.
-
-avp_decode(Dict, Name, #diameter_avp{value = undefined,
-                                     data = Bin}) ->
-    Dict:avp(decode, Bin, Name);
-avp_decode(_, _, #diameter_avp{value = V}) ->
-    V.
-
-%%% ---------------------------------------------------------------------------
-%%% # pick_peer(App, [DestRealm, DestHost], Filter, #state{})
-%%%
-%%% Output: {TransportPid, #diameter_caps{}, App}
-%%%         | false
-%%%         | {error, Reason}
-%%% ---------------------------------------------------------------------------
-
-%% Find transports to a given realm/host.
-
-pick_peer(#diameter_app{alias = Alias}
-          = App,
-          [_,_] = RH,
-          Filter,
-          #state{local_peers = L,
-                 shared_peers = S,
-                 service_name = SvcName,
-                 service = #diameter_service{pid = Pid}}) ->
-    pick_peer(peers(Alias, RH, Filter, L),
-              peers(Alias, RH, Filter, S),
-              Pid,
-              SvcName,
-              App).
-
-%% pick_peer/5
-
-pick_peer([], [], _, _, _) ->
-    false;
-
-%% App state is mutable but we're not in the service process: go there.
-pick_peer(Local, Remote, Pid, _SvcName, #diameter_app{mutable = true} = App)
-  when self() /= Pid ->
-    call_service(Pid, {pick_peer, Local, Remote, App});
-
-%% App state isn't mutable or it is and we're in the service process:
-%% do the deed.
-pick_peer(Local,
-          Remote,
-          _Pid,
-          SvcName,
-          #diameter_app{module = ModX,
-                        alias = Alias,
-                        init_state = S,
-                        mutable = M}
-          = App) ->
-    MFA = {ModX, pick_peer, [Local, Remote, SvcName]},
-
-    try state_cb(App, MFA) of
-        {ok, {TPid, #diameter_caps{} = Caps}} when is_pid(TPid) ->
-            {TPid, Caps, App};
-        {{TPid, #diameter_caps{} = Caps}, ModS} when is_pid(TPid), M ->
-            mod_state(Alias, ModS),
-            {TPid, Caps, App};
-        {false = No, ModS} when M ->
-            mod_state(Alias, ModS),
-            No;
-        {ok, false = No} ->
-            No;
-        false = No ->
-            No;
-        {{TPid, #diameter_caps{} = Caps}, S} when is_pid(TPid) ->
-            {TPid, Caps, App};     %% Accept returned state in the immutable
-        {false = No, S} ->         %% case as long it isn't changed.
-            No;
-        T ->
-            diameter_lib:error_report({invalid, T, App}, MFA)
-    catch
-        E: Reason ->
-            diameter_lib:error_report({failure, {E, Reason, ?STACK}}, MFA)
-    end.
-
-%% peers/4
-
-peers(Alias, RH, Filter, Peers) ->
-    case ?Dict:find(Alias, Peers) of
-        {ok, L} ->
-            ps(L, RH, Filter, {[],[]});
-        error ->
-            []
-    end.
-
-%% Place a peer whose Destination-Host/Realm matches those of the
-%% request at the front of the result list. Could add some sort of
-%% 'sort' option to allow more control.
-
-ps([], _, _, {Ys, Ns}) ->
-    lists:reverse(Ys, Ns);
-ps([{_TPid, #diameter_caps{} = Caps} = TC | Rest], RH, Filter, Acc) ->
-    ps(Rest, RH, Filter, pacc(caps_filter(Caps, RH, Filter),
-                              caps_filter(Caps, RH, {all, [host, realm]}),
-                              TC,
-                              Acc)).
-
-pacc(true, true, Peer, {Ts, Fs}) ->
-    {[Peer|Ts], Fs};
-pacc(true, false, Peer, {Ts, Fs}) ->
-    {Ts, [Peer|Fs]};
-pacc(_, _, _, Acc) ->
-    Acc.
-
-%% caps_filter/3
-
-caps_filter(C, RH, {neg, F}) ->
-    not caps_filter(C, RH, F);
-
-caps_filter(C, RH, {all, L})
-  when is_list(L) ->
-    lists:all(fun(F) -> caps_filter(C, RH, F) end, L);
-
-caps_filter(C, RH, {any, L})
-  when is_list(L) ->
-    lists:any(fun(F) -> caps_filter(C, RH, F) end, L);
-
-caps_filter(#diameter_caps{origin_host = {_,OH}}, [_,DH], host) ->
-    eq(undefined, DH, OH);
-
-caps_filter(#diameter_caps{origin_realm = {_,OR}}, [DR,_], realm) ->
-    eq(undefined, DR, OR);
-
-caps_filter(C, _, Filter) ->
-    caps_filter(C, Filter).
-
-%% caps_filter/2
-
-caps_filter(_, none) ->
-    true;
-
-caps_filter(#diameter_caps{origin_host = {_,OH}}, {host, H}) ->
-    eq(any, H, OH);
-
-caps_filter(#diameter_caps{origin_realm = {_,OR}}, {realm, R}) ->
-    eq(any, R, OR);
-
-%% Anything else is expected to be an eval filter. Filter failure is
-%% documented as being equivalent to a non-matching filter.
-
-caps_filter(C, T) ->
-    try
-        {eval, F} = T,
-        diameter_lib:eval([F,C])
-    catch
-        _:_ -> false
-    end.
-
-eq(Any, Id, PeerId) ->
-    Any == Id orelse try
-                         iolist_to_binary(Id) == iolist_to_binary(PeerId)
-                     catch
-                         _:_ -> false
-                     end.
-%% OctetString() can be specified as an iolist() so test for string
-%% rather then term equality.
-
-%% transports/1
-
-transports(#state{peerT = PeerT}) ->
-    ets:select(PeerT, [{#peer{conn = '$1', _ = '_'},
-                        [{'is_pid', '$1'}],
-                        ['$1']}]).
-
-%%% ---------------------------------------------------------------------------
-%%% # service_info/2
-%%% ---------------------------------------------------------------------------
-
-%% The config passed to diameter:start_service/2.
--define(CAP_INFO, ['Origin-Host',
-                   'Origin-Realm',
-                   'Vendor-Id',
-                   'Product-Name',
-                   'Origin-State-Id',
-                   'Host-IP-Address',
-                   'Supported-Vendor-Id',
-                   'Auth-Application-Id',
-                   'Inband-Security-Id',
-                   'Acct-Application-Id',
-                   'Vendor-Specific-Application-Id',
-                   'Firmware-Revision']).
-
--define(ALL_INFO, [capabilities,
-                   applications,
-                   transport,
-                   pending,
-                   statistics]).
-
-service_info(Items, S)
-  when is_list(Items) ->
-    [{complete(I), service_info(I,S)} || I <- Items];
-service_info(Item, S)
-  when is_atom(Item) ->
-    service_info(Item, S, true).
-
-service_info(Item, #state{service = Svc} = S, Complete) ->
-    case Item of
-        name ->
-            S#state.service_name;
-        'Origin-Host' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.origin_host;
-        'Origin-Realm' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.origin_realm;
-        'Vendor-Id' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.vendor_id;
-        'Product-Name' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.product_name;
-        'Origin-State-Id' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.origin_state_id;
-        'Host-IP-Address' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.host_ip_address;
-        'Supported-Vendor-Id' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.supported_vendor_id;
-        'Auth-Application-Id' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.auth_application_id;
-        'Inband-Security-Id'  ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.inband_security_id;
-        'Acct-Application-Id' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.acct_application_id;
-        'Vendor-Specific-Application-Id' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.vendor_specific_application_id;
-        'Firmware-Revision' ->
-            (Svc#diameter_service.capabilities)
-                #diameter_caps.firmware_revision;
-        capabilities -> service_info(?CAP_INFO, S);
-        applications -> info_apps(S);
-        transport    -> info_transport(S);
-        pending      -> info_pending(S);
-        statistics   -> info_stats(S);
-        keys         -> ?ALL_INFO ++ ?CAP_INFO;  %% mostly for test
-        all          -> service_info(?ALL_INFO, S);
-        _ when Complete   -> service_info(complete(Item), S, false);
-        _            -> undefined
-    end.
-
-complete(Pre) ->
-    P = atom_to_list(Pre),
-    case [I || I <- [name | ?ALL_INFO] ++ ?CAP_INFO,
-               lists:prefix(P, atom_to_list(I))]
-    of
-        [I] -> I;
-        _   -> Pre
-    end.
-
-info_stats(#state{peerT = PeerT}) ->
-    Peers = ets:select(PeerT, [{#peer{ref = '$1', conn = '$2', _ = '_'},
-                                [{'is_pid', '$2'}],
-                                [['$1', '$2']]}]),
-    diameter_stats:read(lists:append(Peers)).
-%% TODO: include peer identities in return value
-
-info_transport(#state{peerT = PeerT, connT = ConnT}) ->
-    dict:fold(fun it/3,
-              [],
-              ets:foldl(fun(T,A) -> it_acc(ConnT, A, T) end,
-                        dict:new(),
-                        PeerT)).
-
-it(Ref, [[{type, connect} | _] = L], Acc) ->
-    [[{ref, Ref} | L] | Acc];
-it(Ref, [[{type, accept}, {options, Opts} | _] | _] = L, Acc) ->
-    [[{ref, Ref},
-      {type, listen},
-      {options, Opts},
-      {accept, [lists:nthtail(2,A) || A <- L]}]
-     | Acc].
-%% Each entry has the same Opts. (TODO)
-
-it_acc(ConnT, Acc, #peer{pid = Pid,
-                         type = Type,
-                         ref = Ref,
-                         options = Opts,
-                         op_state = OS,
-                         started = T,
-                         conn = TPid}) ->
-    dict:append(Ref,
-                [{type, Type},
-                 {options, Opts},
-                 {watchdog, {Pid, T, OS}}
-                 | info_conn(ConnT, TPid)],
-                Acc).
-
-info_conn(ConnT, TPid) ->
-    info_conn(ets:lookup(ConnT, TPid)).
-
-info_conn([#conn{pid = Pid, apps = SApps, caps = Caps, started = T}]) ->
-    [{peer, {Pid, T}},
-     {apps, SApps},
-     {caps, info_caps(Caps)}];
-info_conn([] = No) ->
-    No.
-
-info_caps(#diameter_caps{} = C) ->
-    lists:zip(record_info(fields, diameter_caps), tl(tuple_to_list(C))).
-
-info_apps(#state{service = #diameter_service{applications = Apps}}) ->
-    lists:map(fun mk_app/1, Apps).
-
-mk_app(#diameter_app{alias = Alias,
-                     dictionary = Dict,
-                     module = ModX,
-                     id = Id}) ->
-    [{alias, Alias},
-     {dictionary, Dict},
-     {module, ModX},
-     {id, Id}].
-
-info_pending(#state{} = S) ->
-    MatchSpec = [{{'$1',
-                   #request{transport = '$2',
-                            from = '$3',
-                            app = '$4',
-                            _ = '_'},
-                   '_'},
-                  [?ORCOND([{'==', T, '$2'} || T <- transports(S)])],
-                  [{{'$1', [{{app, '$4'}},
-                            {{transport, '$2'}},
-                            {{from, '$3'}}]}}]}],
-
-    ets:select(?REQUEST_TABLE, MatchSpec).
diff --git a/lib/diameter/src/app/diameter_session.erl b/lib/diameter/src/app/diameter_session.erl
deleted file mode 100644
index bb91e97f39..0000000000
--- a/lib/diameter/src/app/diameter_session.erl
+++ /dev/null
@@ -1,172 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--module(diameter_session).
-
--export([sequence/0,
-         session_id/1,
-         origin_state_id/0]).
-
-%% towards diameter_sup
--export([init/0]).
-
--include("diameter_types.hrl").
-
--define(INT64, 16#FFFFFFFFFFFFFFFF).
--define(INT32, 16#FFFFFFFF).
-
-%% ---------------------------------------------------------------------------
-%% # sequence/0
-%%
-%% Output: 32-bit
-%% ---------------------------------------------------------------------------
-
-%% 3588, 3:
-%%
-%%    Hop-by-Hop Identifier
-%%       The Hop-by-Hop Identifier is an unsigned 32-bit integer field (in
-%%       network byte order) and aids in matching requests and replies.
-%%       The sender MUST ensure that the Hop-by-Hop identifier in a request
-%%       is unique on a given connection at any given time, and MAY attempt
-%%       to ensure that the number is unique across reboots.  The sender of
-%%       an Answer message MUST ensure that the Hop-by-Hop Identifier field
-%%       contains the same value that was found in the corresponding
-%%       request.  The Hop-by-Hop identifier is normally a monotonically
-%%       increasing number, whose start value was randomly generated.  An
-%%       answer message that is received with an unknown Hop-by-Hop
-%%       Identifier MUST be discarded.
-%%
-%%    End-to-End Identifier
-%%       The End-to-End Identifier is an unsigned 32-bit integer field (in
-%%       network byte order) and is used to detect duplicate messages.
-%%       Upon reboot implementations MAY set the high order 12 bits to
-%%       contain the low order 12 bits of current time, and the low order
-%%       20 bits to a random value.  Senders of request messages MUST
-%%       insert a unique identifier on each message.  The identifier MUST
-%%       remain locally unique for a period of at least 4 minutes, even
-%%       across reboots.  The originator of an Answer message MUST ensure
-%%       that the End-to-End Identifier field contains the same value that
-%%       was found in the corresponding request.  The End-to-End Identifier
-%%       MUST NOT be modified by Diameter agents of any kind.  The
-%%       combination of the Origin-Host (see Section 6.3) and this field is
-%%       used to detect duplicates.  Duplicate requests SHOULD cause the
-%%       same answer to be transmitted (modulo the hop-by-hop Identifier
-%%       field and any routing AVPs that may be present), and MUST NOT
-%%       affect any state that was set when the original request was
-%%       processed.  Duplicate answer messages that are to be locally
-%%       consumed (see Section 6.2) SHOULD be silently discarded.
-
--spec sequence()
-   -> 'Unsigned32'().
-
-sequence() ->
-    Instr = {_Pos = 2, _Incr = 1, _Threshold = ?INT32, _SetVal = 0},
-    ets:update_counter(diameter_sequence, sequence, Instr).
-
-%% ---------------------------------------------------------------------------
-%% # origin_state_id/0
-%% ---------------------------------------------------------------------------
-
-%% 3588, 8.16:
-%%
-%%    The Origin-State-Id AVP (AVP Code 278), of type Unsigned32, is a
-%%    monotonically increasing value that is advanced whenever a Diameter
-%%    entity restarts with loss of previous state, for example upon reboot.
-%%    Origin-State-Id MAY be included in any Diameter message, including
-%%    CER.
-%%
-%%    A Diameter entity issuing this AVP MUST create a higher value for
-%%    this AVP each time its state is reset.  A Diameter entity MAY set
-%%    Origin-State-Id to the time of startup, or it MAY use an incrementing
-%%    counter retained in non-volatile memory across restarts.
-
--spec origin_state_id()
-   -> 'Unsigned32'().
-
-origin_state_id() ->
-    ets:lookup_element(diameter_sequence, origin_state_id, 2).
-
-%% ---------------------------------------------------------------------------
-%% # session_id/1
-%% ---------------------------------------------------------------------------
-
-%% 3588, 8.8:
-%%
-%%    The Session-Id MUST begin with the sender's identity encoded in the
-%%    DiameterIdentity type (see Section 4.4).  The remainder of the
-%%    Session-Id is delimited by a ";" character, and MAY be any sequence
-%%    that the client can guarantee to be eternally unique; however, the
-%%    following format is recommended, (square brackets [] indicate an
-%%    optional element):
-%%
-%%    <DiameterIdentity>;<high 32 bits>;<low 32 bits>[;<optional value>]
-%%
-%%    <high 32 bits> and <low 32 bits> are decimal representations of the
-%%    high and low 32 bits of a monotonically increasing 64-bit value.  The
-%%    64-bit value is rendered in two part to simplify formatting by 32-bit
-%%    processors.  At startup, the high 32 bits of the 64-bit value MAY be
-%%    initialized to the time, and the low 32 bits MAY be initialized to
-%%    zero.  This will for practical purposes eliminate the possibility of
-%%    overlapping Session-Ids after a reboot, assuming the reboot process
-%%    takes longer than a second.  Alternatively, an implementation MAY
-%%    keep track of the increasing value in non-volatile memory.
-%%
-%%    <optional value> is implementation specific but may include a modem's
-%%    device Id, a layer 2 address, timestamp, etc.
-
--spec session_id('DiameterIdentity'())
-   -> 'OctetString'().
-%% Note that Session-Id has type UTF8String and that any OctetString
-%% is a UTF8String.
-
-session_id(Host) ->
-    Instr = {_Pos = 2, _Incr = 1, _Threshold = ?INT64, _Set = 0},
-    N = ets:update_counter(diameter_sequence, session_base, Instr),
-    Hi = N bsr 32,
-    Lo = N band ?INT32,
-    [Host, ";", integer_to_list(Hi),
-           ";", integer_to_list(Lo),
-           ";", atom_to_list(node())].
-
-%% ---------------------------------------------------------------------------
-%% # init/0
-%% ---------------------------------------------------------------------------
-
-init() ->
-    Now = now(),
-    random:seed(Now),
-    Time = time32(Now),
-    Seq  = (?INT32 band (Time bsl 20)) bor (random:uniform(1 bsl 20) - 1),
-    ets:insert(diameter_sequence, [{origin_state_id, Time},
-				   {session_base, Time bsl 32},
-				   {sequence, Seq}]),
-    Time.
-
-%% ---------------------------------------------------------
-%% INTERNAL FUNCTIONS
-%% ---------------------------------------------------------
-
-%% The minimum value represented by a Time value. (See diameter_types.)
-%% 32 bits extends to 2104.
--define(TIME0, 62105714048).  %% {{1968,1,20},{3,14,8}}
-
-time32(Now) ->
-    Time = calendar:now_to_universal_time(Now),
-    Diff = calendar:datetime_to_gregorian_seconds(Time) - ?TIME0,
-    Diff band ?INT32.
diff --git a/lib/diameter/src/app/diameter_types.erl b/lib/diameter/src/app/diameter_types.erl
deleted file mode 100644
index 6b1b1b8d39..0000000000
--- a/lib/diameter/src/app/diameter_types.erl
+++ /dev/null
@@ -1,537 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--module(diameter_types).
-
-%%
-%% Encode/decode of RFC 3588 Data Formats, Basic (section 4.2) and
-%% Derived (section 4.3).
-%%
-
-%% Basic types.
--export(['OctetString'/2,
-         'Integer32'/2,
-         'Integer64'/2,
-         'Unsigned32'/2,
-         'Unsigned64'/2,
-         'Float32'/2,
-         'Float64'/2]).
-
-%% Derived types.
--export(['Address'/2,
-         'Time'/2,
-         'UTF8String'/2,
-         'DiameterIdentity'/2,
-         'DiameterURI'/2,
-         'IPFilterRule'/2,
-         'QoSFilterRule'/2]).
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
-
--define(UINT(N,X), ((0 =< X) andalso (X < 1 bsl N))).
--define(SINT(N,X), ((-1*(1 bsl (N-1)) < X) andalso (X < 1 bsl (N-1)))).
-
-%% The Grouped and Enumerated types are dealt with directly in
-%% generated decode modules by way of diameter_gen.hrl and
-%% diameter_codec.erl. Padding and the setting of Length and other
-%% fields are also dealt with there.
-
-%% 3588:
-%%
-%%   DIAMETER_INVALID_AVP_LENGTH        5014
-%%      The request contained an AVP with an invalid length.  A Diameter
-%%      message indicating this error MUST include the offending AVPs
-%%      within a Failed-AVP AVP.
-%%
--define(INVALID_LENGTH(Bin), erlang:error({'DIAMETER', 5014, Bin})).
-
-%% -------------------------------------------------------------------------
-%% 3588, 4.2.  Basic AVP Data Formats
-%%
-%%    The Data field is zero or more octets and contains information
-%%    specific to the Attribute.  The format and length of the Data field
-%%    is determined by the AVP Code and AVP Length fields.  The format of
-%%    the Data field MUST be one of the following base data types or a data
-%%    type derived from the base data types.  In the event that a new Basic
-%%    AVP Data Format is needed, a new version of this RFC must be created.
-%% --------------------
-
-'OctetString'(decode, Bin)
-  when is_binary(Bin) ->
-    binary_to_list(Bin);
-
-'OctetString'(encode = M, zero) ->
-    'OctetString'(M, []);
-
-'OctetString'(encode, Str) ->
-    iolist_to_binary(Str).
-
-%% --------------------
-
-'Integer32'(decode, <<X:32/signed>>) ->
-    X;
-
-'Integer32'(decode, B) ->
-    ?INVALID_LENGTH(B);
-
-'Integer32'(encode = M, zero) ->
-    'Integer32'(M, 0);
-
-'Integer32'(encode, I)
-  when ?SINT(32,I) ->
-    <<I:32/signed>>.
-
-%% --------------------
-
-'Integer64'(decode, <<X:64/signed>>) ->
-    X;
-
-'Integer64'(decode, B) ->
-    ?INVALID_LENGTH(B);
-
-'Integer64'(encode = M, zero) ->
-    'Integer64'(M, 0);
-
-'Integer64'(encode, I)
-  when ?SINT(64,I) ->
-    <<I:64/signed>>.
-
-%% --------------------
-
-'Unsigned32'(decode, <<X:32>>) ->
-    X;
-
-'Unsigned32'(decode, B) ->
-    ?INVALID_LENGTH(B);
-
-'Unsigned32'(encode = M, zero) ->
-    'Unsigned32'(M, 0);
-
-'Unsigned32'(encode, I)
-  when ?UINT(32,I) ->
-    <<I:32>>.
-
-%% --------------------
-
-'Unsigned64'(decode, <<X:64>>) ->
-    X;
-
-'Unsigned64'(decode, B) ->
-    ?INVALID_LENGTH(B);
-
-'Unsigned64'(encode = M, zero) ->
-    'Unsigned64'(M, 0);
-
-'Unsigned64'(encode, I)
-  when ?UINT(64,I) ->
-    <<I:64>>.
-
-%% --------------------
-
-%% Decent summaries of the IEEE floating point formats can be
-%% found at http://en.wikipedia.org/wiki/IEEE_754-1985 and
-%% http://www.psc.edu/general/software/packages/ieee/ieee.php.
-%%
-%% That the bit syntax uses these formats isn't well documented but
-%% this does indeed appear to be the case. However, the bit syntax
-%% only encodes numeric values, not the standard's (signed) infinity
-%% or NaN. It also encodes any large value as 'infinity', never 'NaN'.
-%% Treat these equivalently on decode for this reason.
-%%
-%% An alternative would be to decode infinity/NaN to the largest
-%% possible float but could likely lead to misleading results if
-%% arithmetic is performed on the decoded value. Better to be explicit
-%% that precision has been lost.
-
-'Float32'(decode, <<S:1, 255:8, _:23>>) ->
-    choose(S, infinity, '-infinity');
-
-'Float32'(decode, <<X:32/float>>) ->
-    X;
-
-'Float32'(decode, B) ->
-    ?INVALID_LENGTH(B);
-
-'Float32'(encode = M, zero) ->
-    'Float32'(M, 0.0);
-
-'Float32'(encode, infinity) ->
-    <<0:1, 255:8, 0:23>>;
-
-'Float32'(encode, '-infinity') ->
-    <<1:1, 255:8, 0:23>>;
-
-'Float32'(encode, X)
-  when is_float(X) ->
-    <<X:32/float>>.
-%% Note that this could also encode infinity/-infinity for large
-%% (signed) numeric values. Note also that precision is lost just in
-%% using the floating point syntax. For example:
-%%
-%% 1> B = <<3.14159:32/float>>.
-%% <<64,73,15,208>>
-%% 2> <<F:32/float>> = B.
-%% <<64,73,15,208>>
-%% 3> F.
-%% 3.141590118408203
-%%
-%% (The 64 bit type does better.)
-
-%% --------------------
-
-%% The 64 bit format is entirely analogous to the 32 bit format.
-
-'Float64'(decode, <<S:1, 2047:11, _:52>>) ->
-    choose(S, infinity, '-infinity');
-
-'Float64'(decode, <<X:64/float>>) ->
-    X;
-
-'Float64'(decode, B) ->
-    ?INVALID_LENGTH(B);
-
-'Float64'(encode, infinity) ->
-    <<0:1, 2047:11, 0:52>>;
-
-'Float64'(encode, '-infinity') ->
-    <<1:1, 2047:11, 0:52>>;
-
-'Float64'(encode = M, zero) ->
-    'Float64'(M, 0.0);
-
-'Float64'(encode, X)
-  when is_float(X) ->
-    <<X:64/float>>.
-
-%% -------------------------------------------------------------------------
-%% 3588, 4.3.  Derived AVP Data Formats
-%%
-%%    In addition to using the Basic AVP Data Formats, applications may
-%%    define data formats derived from the Basic AVP Data Formats.  An
-%%    application that defines new AVP Derived Data Formats MUST include
-%%    them in a section entitled "AVP Derived Data Formats", using the same
-%%    format as the definitions below.  Each new definition must be either
-%%    defined or listed with a reference to the RFC that defines the
-%%    format.
-%% --------------------
-
-'Address'(encode, zero) ->
-    <<0:48>>;
-
-'Address'(decode, <<1:16, B/binary>>)
-  when size(B) == 4 ->
-    list_to_tuple(binary_to_list(B));
-
-'Address'(decode, <<2:16, B/binary>>)
-  when size(B) == 16 ->
-    list_to_tuple(v6dec(B, []));
-
-'Address'(decode, <<A:16, _/binary>> = B)
-  when 1 == A;
-       2 == A ->
-    ?INVALID_LENGTH(B);
-
-'Address'(encode, T) ->
-    ipenc(diameter_lib:ipaddr(T)).
-
-ipenc(T)
-  when is_tuple(T), size(T) == 4 ->
-    B = list_to_binary(tuple_to_list(T)),
-    <<1:16, B/binary>>;
-
-ipenc(T)
-  when is_tuple(T), size(T) == 8 ->
-    B = v6enc(lists:reverse(tuple_to_list(T)), <<>>),
-    <<2:16, B/binary>>.
-
-v6dec(<<N:16, B/binary>>, Acc) ->
-    v6dec(B, [N | Acc]);
-
-v6dec(<<>>, Acc) ->
-    lists:reverse(Acc).
-
-v6enc([N | Rest], B)
-  when ?UINT(16,N) ->
-    v6enc(Rest, <<N:16, B/binary>>);
-
-v6enc([], B) ->
-    B.
-
-%% --------------------
-
-%% A DiameterIdentity is a FQDN as definined in RFC 1035, which is at
-%% least one character.
-
-'DiameterIdentity'(encode = M, zero) ->
-    'OctetString'(M, [0]);
-
-'DiameterIdentity'(encode = M, X) ->
-    <<_,_/binary>> = 'OctetString'(M, X);
-
-'DiameterIdentity'(decode = M, <<_,_/binary>> = X) ->
-    'OctetString'(M, X).
-
-%% --------------------
-
-'DiameterURI'(decode, Bin)
-  when is_binary(Bin) ->
-    scan_uri(Bin);
-
-%% The minimal DiameterURI is "aaa://x", 7 characters.
-'DiameterURI'(encode = M, zero) ->
-    'OctetString'(M, lists:duplicate(0,7));
-
-'DiameterURI'(encode, #diameter_uri{type = Type,
-                                    fqdn = D,
-                                    port = P,
-                                    transport = T,
-                                    protocol = Prot}
-                      = U) ->
-    S = lists:append([atom_to_list(Type), "://", D,
-                      ":", integer_to_list(P),
-                      ";transport=", atom_to_list(T),
-                      ";protocol=", atom_to_list(Prot)]),
-    U = scan_uri(S), %% assert
-    list_to_binary(S);
-
-'DiameterURI'(encode, Str) ->
-    Bin = iolist_to_binary(Str),
-    #diameter_uri{} = scan_uri(Bin),  %% type check
-    Bin.
-
-%% --------------------
-
-%% This minimal rule is "deny in 0 from 0.0.0.0 to 0.0.0.0", 33 characters.
-'IPFilterRule'(encode = M, zero) ->
-    'OctetString'(M, lists:duplicate(0,33));
-
-%% TODO: parse grammar.
-'IPFilterRule'(M, X) ->
-    'OctetString'(M, X).
-
-%% --------------------
-
-%% This minimal rule is the same as for an IPFilterRule.
-'QoSFilterRule'(encode = M, zero = X) ->
-    'IPFilterRule'(M, X);
-
-%% TODO: parse grammar.
-'QoSFilterRule'(M, X) ->
-    'OctetString'(M, X).
-
-%% --------------------
-
-'UTF8String'(decode, Bin) ->
-    udec(Bin, []);
-
-'UTF8String'(encode = M, zero) ->
-    'UTF8String'(M, []);
-
-'UTF8String'(encode, S) ->
-    uenc(S, []).
-
-udec(<<>>, Acc) ->
-    lists:reverse(Acc);
-
-udec(<<C/utf8, Rest/binary>>, Acc) ->
-    udec(Rest, [C | Acc]).
-
-uenc(E, Acc)
-  when E == [];
-       E == <<>> ->
-    list_to_binary(lists:reverse(Acc));
-
-uenc(<<C/utf8, Rest/binary>>, Acc) ->
-    uenc(Rest, [<<C/utf8>> | Acc]);
-
-uenc([[] | Rest], Acc) ->
-    uenc(Rest, Acc);
-
-uenc([[H|T] | Rest], Acc) ->
-    uenc([H, T | Rest], Acc);
-
-uenc([C | Rest], Acc) ->
-    uenc(Rest, [<<C/utf8>> | Acc]).
-
-%% --------------------
-
-%% RFC 3588, 4.3:
-%%
-%%    Time
-%%       The Time format is derived from the OctetString AVP Base Format.
-%%       The string MUST contain four octets, in the same format as the
-%%       first four bytes are in the NTP timestamp format.  The NTP
-%%       Timestamp format is defined in chapter 3 of [SNTP].
-%%
-%%       This represents the number of seconds since 0h on 1 January 1900
-%%       with respect to the Coordinated Universal Time (UTC).
-%%
-%%       On 6h 28m 16s UTC, 7 February 2036 the time value will overflow.
-%%       SNTP [SNTP] describes a procedure to extend the time to 2104.
-%%       This procedure MUST be supported by all DIAMETER nodes.
-
-%% RFC 2030, 3:
-%%
-%%       As the NTP timestamp format has been in use for the last 17 years,
-%%       it remains a possibility that it will be in use 40 years from now
-%%       when the seconds field overflows. As it is probably inappropriate
-%%       to archive NTP timestamps before bit 0 was set in 1968, a
-%%       convenient way to extend the useful life of NTP timestamps is the
-%%       following convention: If bit 0 is set, the UTC time is in the
-%%       range 1968-2036 and UTC time is reckoned from 0h 0m 0s UTC on 1
-%%       January 1900. If bit 0 is not set, the time is in the range 2036-
-%%       2104 and UTC time is reckoned from 6h 28m 16s UTC on 7 February
-%%       2036. Note that when calculating the correspondence, 2000 is not a
-%%       leap year. Note also that leap seconds are not counted in the
-%%       reckoning.
-%%
-%% The statement regarding year 2000 is wrong: errata id 518 at
-%% http://www.rfc-editor.org/errata_search.php?rfc=2030 notes this.
-
--define(TIME_1900, 59958230400).  %% {{1900,1,1},{0,0,0}}
--define(TIME_2036, 64253197696).  %% {{2036,2,7},{6,28,16}}
-%% TIME_2036 = TIME_1900 + (1 bsl 32)
-
-%% Time maps [0, 1 bsl 31) onto [TIME_1900 + 1 bsl 31, TIME_2036 + 1 bsl 31)
-%% by taking integers with the high-order bit set relative to TIME_1900
-%% and those without relative to TIME_2036. This corresponds to the
-%% following dates.
--define(TIME_MIN, {{1968,1,20},{3,14,8}}).  %% TIME_1900 + 1 bsl 31
--define(TIME_MAX, {{2104,2,26},{9,42,24}}). %% TIME_2036 + 1 bsl 31
-
-'Time'(decode, <<Time:32>>) ->
-    Offset = msb(1 == Time bsr 31),
-    calendar:gregorian_seconds_to_datetime(Time + Offset);
-
-'Time'(decode, B) ->
-    ?INVALID_LENGTH(B);
-
-'Time'(encode, {{_Y,_M,_D},{_HH,_MM,_SS}} = Datetime)
-  when ?TIME_MIN =< Datetime, Datetime < ?TIME_MAX ->
-    S = calendar:datetime_to_gregorian_seconds(Datetime),
-    T = S - msb(S < ?TIME_2036),
-    0 = T bsr 32,  %% sanity check
-    <<T:32>>;
-
-'Time'(encode, zero) ->
-    <<0:32>>.
-
-%% ===========================================================================
-%% ===========================================================================
-
-choose(0, X, _) -> X;
-choose(1, _, X) -> X.
-
-msb(true)  -> ?TIME_1900;
-msb(false) -> ?TIME_2036.
-
-%% RFC 3588, 4.3:
-%%
-%%       The DiameterURI MUST follow the Uniform Resource Identifiers (URI)
-%%       syntax [URI] rules specified below:
-%%
-%%       "aaa://" FQDN [ port ] [ transport ] [ protocol ]
-%%
-%%                       ; No transport security
-%%
-%%       "aaas://" FQDN [ port ] [ transport ] [ protocol ]
-%%
-%%                       ; Transport security used
-%%
-%%       FQDN               = Fully Qualified Host Name
-%%
-%%       port               = ":" 1*DIGIT
-%%
-%%                       ; One of the ports used to listen for
-%%                       ; incoming connections.
-%%                       ; If absent,
-%%                       ; the default Diameter port (3868) is
-%%                       ; assumed.
-%%
-%%       transport          = ";transport=" transport-protocol
-%%
-%%                       ; One of the transports used to listen
-%%                       ; for incoming connections.  If absent,
-%%                       ; the default SCTP [SCTP] protocol is
-%%                       ; assumed.  UDP MUST NOT be used when
-%%                       ; the aaa-protocol field is set to
-%%                       ; diameter.
-%%
-%%       transport-protocol = ( "tcp" / "sctp" / "udp" )
-%%
-%%       protocol           = ";protocol=" aaa-protocol
-%%
-%%                       ; If absent, the default AAA protocol
-%%                       ; is diameter.
-%%
-%%       aaa-protocol       = ( "diameter" / "radius" / "tacacs+" )
-
-scan_uri(Bin)
-  when is_binary(Bin) ->
-    scan_uri(binary_to_list(Bin));
-scan_uri("aaa://" ++ Rest) ->
-    scan_fqdn(Rest, #diameter_uri{type = aaa});
-scan_uri("aaas://" ++ Rest) ->
-    scan_fqdn(Rest, #diameter_uri{type = aaas}).
-
-scan_fqdn(S, U) ->
-    {[_|_] = F, Rest} = lists:splitwith(fun is_fqdn/1, S),
-    scan_opt_port(Rest, U#diameter_uri{fqdn = F}).
-
-scan_opt_port(":" ++ S, U) ->
-    {[_|_] = P, Rest} = lists:splitwith(fun is_digit/1, S),
-    scan_opt_transport(Rest, U#diameter_uri{port = list_to_integer(P)});
-scan_opt_port(S, U) ->
-    scan_opt_transport(S, U).
-
-scan_opt_transport(";transport=" ++ S, U) ->
-    {P, Rest} = transport(S),
-    scan_opt_protocol(Rest, U#diameter_uri{transport = P});
-scan_opt_transport(S, U) ->
-    scan_opt_protocol(S, U).
-
-scan_opt_protocol(";protocol=" ++ S, U) ->
-    {P, ""} = protocol(S),
-    U#diameter_uri{protocol = P};
-scan_opt_protocol("", U) ->
-    U.
-
-transport("tcp" ++ S) ->
-    {tcp, S};
-transport("sctp" ++ S) ->
-    {sctp, S};
-transport("udp" ++ S) ->
-    {udp, S}.
-
-protocol("diameter" ++ S) ->
-    {diameter, S};
-protocol("radius" ++ S) ->
-    {radius, S};
-protocol("tacacs+" ++ S) ->
-    {'tacacs+', S}.
-
-is_fqdn(C) ->
-    is_digit(C) orelse is_alpha(C) orelse C == $. orelse C == $-.
-
-is_alpha(C) ->
-    ($a =< C andalso C =< $z) orelse ($A =< C andalso C =< $Z).
-
-is_digit(C) ->
-    $0 =< C andalso C =< $9.
diff --git a/lib/diameter/src/app/diameter_types.hrl b/lib/diameter/src/app/diameter_types.hrl
deleted file mode 100644
index 02bf8a74dd..0000000000
--- a/lib/diameter/src/app/diameter_types.hrl
+++ /dev/null
@@ -1,139 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% Types for function specifications, primarily in diameter.erl. This
-%% has nothing specifically to do with diameter_types.erl.
-%%
-
--type evaluable()
-   :: {module(), atom(), list()}
-    | fun()
-    | nonempty_improper_list(evaluable(), list()).   %% [evaluable() | Args]
-
--type app_alias()
-   :: any().
-
--type service_name()
-   :: any().
-
-%% Diameter basic types
-
--type 'OctetString'() :: iolist().
--type 'Integer32'()   :: -2147483647..2147483647.
--type 'Integer64'()   :: -9223372036854775807..9223372036854775807.
--type 'Unsigned32'()  :: 0..4294967295.
--type 'Unsigned64'()  :: 0..18446744073709551615.
--type 'Float32'()     :: '-infinity' | float() | infinity.
--type 'Float64'()     :: '-infinity' | float() | infinity.
--type 'Grouped'()     :: list() | tuple().
-
-%% Diameter derived types
-
--type 'Address'()
-   :: inet:ip_address()
-    | string().
-
--type 'Time'()             :: {{integer(), 1..12, 1..31},
-                               {0..23, 0..59, 0..59}}.
--type 'UTF8String'()       :: iolist().
--type 'DiameterIdentity'() :: 'OctetString'().
--type 'DiameterURI'()      :: 'OctetString'().
--type 'Enumerated'()       :: 'Integer32'().
--type 'IPFilterRule'()     :: 'OctetString'().
--type 'QoSFilterRule'()    :: 'OctetString'().
-
-%% Capabilities options/avps on start_service/2 and/or add_transport/2
-
--type capability()
-   :: {'Origin-Host',                    'DiameterIdentity'()}
-    | {'Origin-Realm',                   'DiameterIdentity'()}
-    | {'Host-IP-Address',                ['Address'()]}
-    | {'Vendor-Id',                      'Unsigned32'()}
-    | {'Product-Name',                   'UTF8String'()}
-    | {'Supported-Vendor-Id',            ['Unsigned32'()]}
-    | {'Auth-Application-Id',            ['Unsigned32'()]}
-    | {'Vendor-Specific-Application-Id', ['Grouped'()]}
-    | {'Firmware-Revision',              'Unsigned32'()}.
-
-%% Filters for call/4
-
--type peer_filter()
-   :: none
-    | host
-    | realm
-    | {host,  any|'DiameterIdentity'()}
-    | {realm, any|'DiameterIdentity'()}
-    | {eval, evaluable()}
-    | {neg, peer_filter()}
-    | {all, [peer_filter()]}
-    | {any, [peer_filter()]}.
-
-%% Options passed to start_service/2
-
--type service_opt()
-   :: capability()
-    | {application, [application_opt()]}.
-
--type application_opt()
-   :: {alias, app_alias()}
-    | {dictionary, module()}
-    | {module, app_module()}
-    | {state, any()}
-    | {call_mutates_state, boolean()}
-    | {answer_errors, callback|report|discard}.
-
--type app_module()
-   :: module()
-    | nonempty_improper_list(module(), list()).  %% list with module() head
-
-%% Identifier returned by add_transport/2
-
--type transport_ref()
-   :: reference().
-
-%% Options passed to add_transport/2
-
--type transport_opt()
-   :: {transport_module, atom()}
-    | {transport_config, any()}
-    | {applications, [app_alias()]}
-    | {capabilities, [capability()]}
-    | {watchdog_timer, 'Unsigned32'() | {module(), atom(), list()}}
-    | {reconnect_timer, 'Unsigned32'()}
-    | {private, any()}.
-
-%% Predicate passed to remove_transport/2
-
--type transport_pred()
-   :: fun((reference(), connect|listen, list()) -> boolean())
-    | fun((reference(), list()) -> boolean())
-    | fun((list()) -> boolean())
-    | reference()
-    | list()
-    | {connect|listen, transport_pred()}
-    | {atom(), atom(), list()}.
-
-%% Options passed to call/4
-
--type call_opt()
-   :: {extra, list()}
-    | {filter, peer_filter()}
-    | {timeout, 'Unsigned32'()}
-    | detach.
diff --git a/lib/diameter/src/app/diameter_watchdog.erl b/lib/diameter/src/app/diameter_watchdog.erl
deleted file mode 100644
index b7c1491f4b..0000000000
--- a/lib/diameter/src/app/diameter_watchdog.erl
+++ /dev/null
@@ -1,571 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% This module implements (as a process) the state machine documented
-%% in Appendix A of RFC 3539.
-%%
-
--module(diameter_watchdog).
--behaviour(gen_server).
-
-%% towards diameter_service
--export([start/2]).
-
-%% gen_server callbacks
--export([init/1,
-         handle_call/3,
-         handle_cast/2,
-         handle_info/2,
-         terminate/2,
-         code_change/3]).
-
-%% diameter_watchdog_sup callback
--export([start_link/1]).
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
-
--define(DEFAULT_TW_INIT, 30000). %% RFC 3539 ch 3.4.1
-
--record(watchdog,
-        {%% PCB - Peer Control Block; see RFC 3539, Appendix A
-         status = initial :: initial | okay | suspect | down | reopen,
-         pending = false  :: boolean(),
-         tw :: 6000..16#FFFFFFFF | {module(), atom(), list()},
-                                %% {M,F,A} -> integer() >= 0
-         num_dwa = 0 :: -1 | non_neg_integer(),
-                     %% number of DWAs received during reopen
-         %% end PCB
-         parent = self() :: pid(),
-         transport       :: pid(),
-         tref :: reference(), %% reference for current watchdog timer
-         message_data}).   %% term passed into diameter_service with message
-
-%% start/2
-
-start({_,_} = Type, T) ->
-    {ok, Pid} = diameter_watchdog_sup:start_child({Type, self(), T}),
-    Pid.
-
-start_link(T) ->
-    {ok, _} = proc_lib:start_link(?MODULE,
-                                  init,
-                                  [T],
-                                  infinity,
-                                  diameter_lib:spawn_opts(server, [])).
-
-%% ===========================================================================
-%% ===========================================================================
-
-%% init/1
-
-init(T) ->
-    proc_lib:init_ack({ok, self()}),
-    gen_server:enter_loop(?MODULE, [], i(T)).
-
-i({T, Pid, {ConnT, Opts, SvcName, #diameter_service{applications = Apps,
-                                                    capabilities = Caps}
-                                  = Svc}}) ->
-    {M,S,U} = now(),
-    random:seed(M,S,U),
-    putr(restart, {T, Opts, Svc}),  %% save seeing it in trace
-    putr(dwr, dwr(Caps)),           %%
-    #watchdog{parent = monitor(Pid),
-              transport = monitor(diameter_peer_fsm:start(T, Opts, Svc)),
-              tw = proplists:get_value(watchdog_timer,
-                                       Opts,
-                                       ?DEFAULT_TW_INIT),
-              message_data = {ConnT, SvcName, Apps}}.
-
-%% handle_call/3
-
-handle_call(_, _, State) ->
-    {reply, nok, State}.
-
-%% handle_cast/2
-
-handle_cast(_, State) ->
-    {noreply, State}.
-
-%% handle_info/2
-
-handle_info(T, State) ->
-    case transition(T, State) of
-        ok ->
-            {noreply, State};
-        #watchdog{status = X} = S ->
-            ?LOGC(X =/= State#watchdog.status, transition, X),
-            {noreply, S};
-        stop ->
-            ?LOG(stop, T),
-            {stop, {shutdown, T}, State}
-    end.
-
-%% terminate/2
-
-terminate(_, _) ->
-    ok.
-
-%% code_change/3
-
-code_change(_, State, _) ->
-    {ok, State}.
-
-%% ===========================================================================
-%% ===========================================================================
-
-%% transition/2
-%%
-%% The state transitions documented here are extracted from RFC 3539,
-%% the commentary is ours.
-
-%% Service or watchdog is telling the watchdog of an accepting
-%% transport to die after reconnect_timer expiry or reestablished
-%% connection (in another transport process) respectively.
-transition(close, #watchdog{status = down}) ->
-    {{accept, _}, _, _} = getr(restart), %% assert
-    stop;
-transition(close, #watchdog{}) ->
-    ok;
-
-%% Service is asking for the peer to be taken down gracefully.
-transition({shutdown, Pid}, #watchdog{parent = Pid,
-                                      transport = undefined,
-                                      status = S}) ->
-    down = S,  %% sanity check
-    stop;
-transition({shutdown = T, Pid}, #watchdog{parent = Pid,
-                                          transport = TPid}) ->
-    TPid ! {T, self()},
-    ok;
-
-%% Parent process has died,
-transition({'DOWN', _, process, Pid, _Reason},
-           #watchdog{parent = Pid}) ->
-    stop;
-
-%% Transport has accepted a connection.
-transition({accepted = T, TPid}, #watchdog{transport = TPid,
-                                           parent = Pid}) ->
-    Pid ! {T, self(), TPid},
-    ok;
-
-%% Transport is telling us that its impending death isn't failure.
-transition({close, TPid, _Reason}, #watchdog{transport = TPid}) ->
-    stop;
-
-%%   STATE         Event                Actions              New State
-%%   =====         ------               -------              ----------
-%%   INITIAL       Connection up        SetWatchdog()        OKAY
-
-%% By construction, the watchdog timer isn't set until we move into
-%% state okay as the result of the Peer State Machine reaching the
-%% Open state.
-%%
-%% If we're an acceptor then we may be resuming a connection that went
-%% down in another acceptor process, in which case this is the
-%% transition below, from down into reopen. That is, it's not until
-%% we know the identity of the peer (ie. now) that we know that we're
-%% in state down rather than initial.
-
-transition({open, TPid, Hosts, T} = Open,
-           #watchdog{transport = TPid,
-                     status = initial,
-                     parent = Pid}
-           = S) ->
-    case okay(getr(restart), Hosts) of
-        okay ->
-            open(Pid, {TPid, T}),
-            set_watchdog(S#watchdog{status = okay});
-        reopen ->
-            transition(Open, S#watchdog{status = down})
-    end;
-
-%%   DOWN          Connection up        NumDWA = 0
-%%                                      SendWatchdog()
-%%                                      SetWatchdog()
-%%                                      Pending = TRUE       REOPEN
-
-transition({open = P, TPid, _Hosts, T},
-           #watchdog{transport = TPid,
-                     status = down}
-           = S) ->
-    %% Store the info we need to notify the parent to reopen the
-    %% connection after the requisite DWA's are received, at which
-    %% time we eraser(open).
-    putr(P, {TPid, T}),
-    set_watchdog(send_watchdog(S#watchdog{status = reopen,
-                                          num_dwa = 0}));
-
-%%   OKAY          Connection down      CloseConnection()
-%%                                      Failover()
-%%                                      SetWatchdog()        DOWN
-%%   SUSPECT       Connection down      CloseConnection()
-%%                                      SetWatchdog()        DOWN
-%%   REOPEN        Connection down      CloseConnection()
-%%                                      SetWatchdog()        DOWN
-
-transition({'DOWN', _, process, TPid, _},
-           #watchdog{transport = TPid,
-                     status = initial}) ->
-    stop;
-
-transition({'DOWN', _, process, Pid, _},
-           #watchdog{transport = Pid}
-           = S) ->
-    failover(S),
-    close(S),
-    set_watchdog(S#watchdog{status = down,
-                            pending = false,
-                            transport = undefined});
-%% Any outstanding pending (or other messages from the transport) will
-%% have arrived before 'DOWN' since the message comes from the same
-%% process. Note that we could also get this message in the initial
-%% state.
-
-%% Incoming message.
-transition({recv, TPid, Name, Pkt}, #watchdog{transport = TPid} = S) ->
-    recv(Name, Pkt, S);
-
-%% Current watchdog has timed out.
-transition({timeout, TRef, tw}, #watchdog{tref = TRef} = S) ->
-    set_watchdog(timeout(S));
-
-%% Timer was canceled after message was already sent.
-transition({timeout, _, tw}, #watchdog{}) ->
-    ok;
-
-%% State query.
-transition({state, Pid}, #watchdog{status = S}) ->
-    Pid ! {self(), S},
-    ok.
-
-%% ===========================================================================
-
-monitor(Pid) ->
-    erlang:monitor(process, Pid),
-    Pid.
-
-putr(Key, Val) ->
-    put({?MODULE, Key}, Val).
-
-getr(Key) ->
-    get({?MODULE, Key}).
-
-eraser(Key) ->
-    erase({?MODULE, Key}).
-
-%% encode/1
-
-encode(Msg) ->
-    #diameter_packet{bin = Bin} = diameter_codec:encode(?BASE, Msg),
-    Bin.
-
-%% okay/2
-
-okay({{accept, Ref}, _, _}, Hosts) ->
-    T = {?MODULE, connection, Ref, Hosts},
-    diameter_reg:add(T),
-    okay(diameter_reg:match(T));
-%% Register before matching so that at least one of two registering
-%% processes will match the other. (Which can't happen as long as
-%% diameter_peer_fsm guarantees at most one open connection to the same
-%% peer.)
-
-okay({{connect, _}, _, _}, _) ->
-    okay.
-
-%% The peer hasn't been connected recently ...
-okay([{_,P}]) ->
-    P = self(),  %% assert
-    okay;
-
-%% ... or it has.
-okay(C) ->
-    [_|_] = [P ! close || {_,P} <- C, self() /= P],
-    reopen.
-
-%% set_watchdog/1
-
-set_watchdog(#watchdog{tw = TwInit,
-                       tref = TRef}
-             = S) ->
-    cancel(TRef),
-    S#watchdog{tref = erlang:start_timer(tw(TwInit), self(), tw)}.
-
-cancel(undefined) ->
-    ok;
-cancel(TRef) ->
-    erlang:cancel_timer(TRef).
-
-tw(T)
-  when is_integer(T), T >= 6000 ->
-    T - 2000 + (random:uniform(4001) - 1); %% RFC3539 jitter of +/- 2 sec.
-tw({M,F,A}) ->
-    apply(M,F,A).
-
-%% open/2
-
-open(Pid, {_,_} = T) ->
-    Pid ! {connection_up, self(), T}.
-
-%% failover/1
-
-failover(#watchdog{status = okay,
-                   parent = Pid}) ->
-    Pid ! {connection_down, self()};
-
-failover(_) ->
-    ok.
-
-%% close/1
-
-close(#watchdog{status = down}) ->
-    ok;
-
-close(#watchdog{parent = Pid}) ->
-    {{T, _}, _, _} = getr(restart),
-    T == accept andalso (Pid ! {close, self()}).
-
-%% send_watchdog/1
-
-send_watchdog(#watchdog{pending = false,
-                        transport = TPid}
-              = S) ->
-    TPid ! {send, encode(getr(dwr))},
-    ?LOG(send, 'DWR'),
-    S#watchdog{pending = true}.
-
-%% recv/3
-
-recv(Name, Pkt, S) ->
-    try rcv(Name, S) of
-        #watchdog{} = NS ->
-            rcv(Name, Pkt, S),
-            NS
-    catch
-        throw: {?MODULE, throwaway, #watchdog{} = NS} ->
-            NS
-    end.
-
-%% rcv/3
-
-rcv(N, _, _)
-  when N == 'CER';
-       N == 'CEA';
-       N == 'DWR';
-       N == 'DWA';
-       N == 'DPR';
-       N == 'DPA' ->
-    false;
-
-rcv(_, Pkt, #watchdog{transport = TPid,
-                      message_data = T}) ->
-    diameter_service:receive_message(TPid, Pkt, T).
-
-throwaway(S) ->
-    throw({?MODULE, throwaway, S}).
-
-%% rcv/2
-
-%%   INITIAL       Receive DWA          Pending = FALSE
-%%                                      Throwaway()          INITIAL
-%%   INITIAL       Receive non-DWA      Throwaway()          INITIAL
-
-rcv('DWA', #watchdog{status = initial} = S) ->
-    throwaway(S#watchdog{pending = false});
-
-rcv(_, #watchdog{status = initial} = S) ->
-    throwaway(S);
-
-%%   DOWN          Receive DWA          Pending = FALSE
-%%                                      Throwaway()          DOWN
-%%   DOWN          Receive non-DWA      Throwaway()          DOWN
-
-rcv('DWA', #watchdog{status = down} = S) ->
-    throwaway(S#watchdog{pending = false});
-
-rcv(_, #watchdog{status = down} = S) ->
-    throwaway(S);
-
-%%   OKAY          Receive DWA          Pending = FALSE
-%%                                      SetWatchdog()        OKAY
-%%   OKAY          Receive non-DWA      SetWatchdog()        OKAY
-
-rcv('DWA', #watchdog{status = okay} = S) ->
-    set_watchdog(S#watchdog{pending = false});
-
-rcv(_, #watchdog{status = okay} = S) ->
-    set_watchdog(S);
-
-%%   SUSPECT       Receive DWA          Pending = FALSE
-%%                                      Failback()
-%%                                      SetWatchdog()        OKAY
-%%   SUSPECT       Receive non-DWA      Failback()
-%%                                      SetWatchdog()        OKAY
-
-rcv('DWA', #watchdog{status = suspect} = S) ->
-    failback(S),
-    set_watchdog(S#watchdog{status = okay,
-                            pending = false});
-
-rcv(_, #watchdog{status = suspect} = S) ->
-    failback(S),
-    set_watchdog(S#watchdog{status = okay});
-
-%%   REOPEN        Receive DWA &        Pending = FALSE
-%%                 NumDWA == 2          NumDWA++
-%%                                      Failback()           OKAY
-
-rcv('DWA', #watchdog{status = reopen,
-                     num_dwa = 2 = N,
-                     parent = Pid}
-           = S) ->
-    open(Pid, eraser(open)),
-    S#watchdog{status = okay,
-               num_dwa = N+1,
-               pending = false};
-
-%%   REOPEN        Receive DWA &        Pending = FALSE
-%%                 NumDWA < 2           NumDWA++             REOPEN
-
-rcv('DWA', #watchdog{status = reopen,
-                     num_dwa = N}
-           = S) ->
-    S#watchdog{num_dwa = N+1,
-               pending = false};
-
-%%   REOPEN        Receive non-DWA      Throwaway()          REOPEN
-
-rcv(_, #watchdog{status = reopen} = S) ->
-    throwaway(S).
-
-%% failback/1
-
-failback(#watchdog{parent = Pid}) ->
-    Pid ! {connection_up, self()}.
-
-%% timeout/1
-%%
-%% The caller sets the watchdog on the return value.
-
-%%   OKAY          Timer expires &      SendWatchdog()
-%%                 !Pending             SetWatchdog()
-%%                                      Pending = TRUE       OKAY
-%%   REOPEN        Timer expires &      SendWatchdog()
-%%                 !Pending             SetWatchdog()
-%%                                      Pending = TRUE       REOPEN
-
-timeout(#watchdog{status = T,
-                  pending = false}
-        = S)
-  when T == okay;
-       T == reopen ->
-    send_watchdog(S);
-
-%%   OKAY          Timer expires &      Failover()
-%%                 Pending              SetWatchdog()        SUSPECT
-
-timeout(#watchdog{status = okay,
-                  pending = true}
-  = S) ->
-    failover(S),
-    S#watchdog{status = suspect};
-
-%%   SUSPECT       Timer expires        CloseConnection()
-%%                                      SetWatchdog()        DOWN
-%%   REOPEN        Timer expires &      CloseConnection()
-%%                 Pending &            SetWatchdog()
-%%                 NumDWA < 0                                DOWN
-
-timeout(#watchdog{status = T,
-                  pending = P,
-                  num_dwa = N,
-                  transport = TPid}
-        = S)
-  when T == suspect;
-       T == reopen, P, N < 0 ->
-    exit(TPid, shutdown),
-    close(S),
-    S#watchdog{status = down};
-
-%%   REOPEN        Timer expires &      NumDWA = -1
-%%                 Pending &            SetWatchdog()
-%%                 NumDWA >= 0                               REOPEN
-
-timeout(#watchdog{status = reopen,
-                  pending = true,
-                  num_dwa = N}
-        = S)
-  when 0 =< N ->
-    S#watchdog{num_dwa = -1};
-
-%%   DOWN          Timer expires        AttemptOpen()
-%%                                      SetWatchdog()        DOWN
-%%   INITIAL       Timer expires        AttemptOpen()
-%%                                      SetWatchdog()        INITIAL
-
-%% RFC 3539, 3.4.1:
-%%
-%%   [5] While the connection is in the closed state, the AAA client MUST
-%%       NOT attempt to send further watchdog messages on the connection.
-%%       However, after the connection is closed, the AAA client continues
-%%       to periodically attempt to reopen the connection.
-%%
-%%       The AAA client SHOULD wait for the transport layer to report
-%%       connection failure before attempting again, but MAY choose to
-%%       bound this wait time by the watchdog interval, Tw.
-
-%% Don't bound, restarting the peer process only when the previous
-%% process has died. We only need to handle state down since we start
-%% the first watchdog when transitioning out of initial.
-
-timeout(#watchdog{status = down} = S) ->
-    restart(S).
-
-%% restart/1
-
-restart(#watchdog{transport = undefined} = S) ->
-    restart(getr(restart), S);
-restart(S) ->
-    S.
-
-%% Only restart the transport in the connecting case. For an accepting
-%% transport, we've registered the peer connection when leaving state
-%% initial and this is used by a new accepting process to realize that
-%% it's actually in state down rather then initial when receiving
-%% notification of an open connection.
-
-restart({{connect, _} = T, Opts, Svc}, #watchdog{parent = Pid} = S) ->
-    Pid ! {reconnect, self()},
-    S#watchdog{transport = monitor(diameter_peer_fsm:start(T, Opts, Svc))};
-restart({{accept, _}, _, _}, S) ->
-    S.
-%% Don't currently use Opts/Svc in the accept case but having them in
-%% the process dictionary is helpful if the process dies unexpectedly.
-
-%% dwr/1
-
-dwr(#diameter_caps{origin_host = OH,
-                   origin_realm = OR,
-                   origin_state_id = OSI}) ->
-    ['DWR', {'Origin-Host', OH},
-            {'Origin-Realm', OR},
-            {'Origin-State-Id', OSI}].
diff --git a/lib/diameter/src/app/modules.mk b/lib/diameter/src/app/modules.mk
deleted file mode 100644
index c133e6f64e..0000000000
--- a/lib/diameter/src/app/modules.mk
+++ /dev/null
@@ -1,70 +0,0 @@
-#-*-makefile-*-   ; force emacs to enter makefile-mode
-
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-
-SPEC_FILES = \
-	diameter_gen_base_rfc3588.dia \
-	diameter_gen_base_accounting.dia \
-	diameter_gen_relay.dia
-
-RUNTIME_MODULES = \
-	diameter \
-	diameter_app \
-	diameter_capx \
-	diameter_config \
-	diameter_codec \
-	diameter_dict \
-	diameter_lib \
-	diameter_misc_sup \
-	diameter_peer \
-	diameter_peer_fsm \
-	diameter_peer_fsm_sup \
-	diameter_reg \
-	diameter_service \
-	diameter_service_sup \
-	diameter_session \
-	diameter_stats \
-	diameter_sup \
-	diameter_sync \
-	diameter_types \
-	diameter_watchdog \
-	diameter_watchdog_sup
-
-HELP_MODULES = \
-	diameter_callback \
-	diameter_exprecs \
-	diameter_dbg \
-	diameter_info
-
-INTERNAL_HRL_FILES = \
-	diameter_internal.hrl \
-	diameter_types.hrl
-
-EXTERNAL_HRL_FILES = \
-	../../include/diameter.hrl \
-	../../include/diameter_gen.hrl
-
-EXAMPLE_FILES = \
-	../../examples/GNUmakefile \
-	../../examples/peer.erl \
-	../../examples/client.erl \
-	../../examples/client_cb.erl \
-	../../examples/server.erl \
-	../../examples/server_cb.erl \
-	../../examples/relay.erl \
-	../../examples/relay_cb.erl
diff --git a/lib/diameter/src/base/diameter.app.src b/lib/diameter/src/base/diameter.app.src
new file mode 100644
index 0000000000..c092fdb022
--- /dev/null
+++ b/lib/diameter/src/base/diameter.app.src
@@ -0,0 +1,28 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+{application, diameter,
+ [{description, "Diameter protocol"},
+  {vsn, "%VSN%"},
+  {modules, [%MODULES%]},
+  {registered, []},
+  {applications, [stdlib, kernel]},
+  {env, []},
+  {mod, {diameter_app, []}}
+ ]}.
diff --git a/lib/diameter/src/base/diameter.appup.src b/lib/diameter/src/base/diameter.appup.src
new file mode 100644
index 0000000000..b1c94d4cc8
--- /dev/null
+++ b/lib/diameter/src/base/diameter.appup.src
@@ -0,0 +1,30 @@
+%% This is an -*- erlang -*- file.
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+{"%VSN%",
+ [
+  {"0.9",  [{restart_application, diameter}]},
+  {"0.10", [{restart_application, diameter}]}
+ ],
+ [
+  {"0.9",  [{restart_application, diameter}]},
+  {"0.10", [{restart_application, diameter}]}
+ ]
+}.
diff --git a/lib/diameter/src/base/diameter.erl b/lib/diameter/src/base/diameter.erl
new file mode 100644
index 0000000000..336f0c1f2d
--- /dev/null
+++ b/lib/diameter/src/base/diameter.erl
@@ -0,0 +1,339 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter).
+
+%% Configuration.
+-export([start_service/2,
+         stop_service/1,
+         add_transport/2,
+         remove_transport/2,
+         subscribe/1,
+         unsubscribe/1]).
+
+%% Traffic.
+-export([session_id/1,
+         origin_state_id/0,
+         call/3,
+         call/4]).
+
+%% Information.
+-export([services/0,
+         service_info/2]).
+
+%% Start/stop the application. In a "real" application this should
+%% typically be a consequence of a release file rather than by calling
+%% start/stop explicitly.
+-export([start/0,
+         stop/0]).
+
+-export_type([evaluable/0,
+              app_alias/0,
+              service_name/0,
+              capability/0,
+              peer_filter/0,
+              service_opt/0,
+              application_opt/0,
+              app_module/0,
+              transport_ref/0,
+              transport_opt/0,
+              transport_pred/0,
+              call_opt/0]).
+
+-export_type(['OctetString'/0,
+              'Integer32'/0,
+              'Integer64'/0,
+              'Unsigned32'/0,
+              'Unsigned64'/0,
+              'Float32'/0,
+              'Float64'/0,
+              'Grouped'/0,
+              'Address'/0,
+              'Time'/0,
+              'UTF8String'/0,
+              'DiameterIdentity'/0,
+              'DiameterURI'/0,
+              'Enumerated'/0,
+              'IPFilterRule'/0,
+              'QoSFilterRule'/0]).
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_internal.hrl").
+
+%% ---------------------------------------------------------------------------
+%% start/0
+%% ---------------------------------------------------------------------------
+
+-spec start()
+   -> ok
+    | {error, term()}.
+
+start() ->
+    application:start(?APPLICATION).
+
+%% ---------------------------------------------------------------------------
+%% stop/0
+%% ---------------------------------------------------------------------------
+
+-spec stop()
+   -> ok
+    | {error, term()}.
+
+stop() ->
+    application:stop(?APPLICATION).
+
+%% ---------------------------------------------------------------------------
+%% start_service/2
+%% ---------------------------------------------------------------------------
+
+-spec start_service(service_name(), [service_opt()])
+   -> ok
+    | {error, term()}.
+
+start_service(SvcName, Opts)
+  when is_list(Opts) ->
+    diameter_config:start_service(SvcName, Opts).
+
+%% ---------------------------------------------------------------------------
+%% stop_service/1
+%% ---------------------------------------------------------------------------
+
+-spec stop_service(service_name())
+   -> ok
+    | {error, term()}.
+
+stop_service(SvcName) ->
+    diameter_config:stop_service(SvcName).
+
+%% ---------------------------------------------------------------------------
+%% services/0
+%% ---------------------------------------------------------------------------
+
+-spec services()
+   -> [service_name()].
+
+services() ->
+    [Name || {Name, _} <- diameter_service:services()].
+
+%% ---------------------------------------------------------------------------
+%% service_info/2
+%% ---------------------------------------------------------------------------
+
+-spec service_info(service_name(), atom() | [atom()])
+   -> any().
+
+service_info(SvcName, Option) ->
+    diameter_service:info(SvcName, Option).
+
+%% ---------------------------------------------------------------------------
+%% add_transport/3
+%% ---------------------------------------------------------------------------
+
+-spec add_transport(service_name(), {listen|connect, [transport_opt()]})
+   -> {ok, transport_ref()}
+    | {error, term()}.
+
+add_transport(SvcName, {T, Opts} = Cfg)
+  when is_list(Opts), (T == connect orelse T == listen) ->
+    diameter_config:add_transport(SvcName, Cfg).
+
+%% ---------------------------------------------------------------------------
+%% remove_transport/2
+%% ---------------------------------------------------------------------------
+
+-spec remove_transport(service_name(), transport_pred())
+   -> ok | {error, term()}.
+
+remove_transport(SvcName, Pred) ->
+    diameter_config:remove_transport(SvcName, Pred).
+
+%% ---------------------------------------------------------------------------
+%% subscribe/1
+%% ---------------------------------------------------------------------------
+
+-spec subscribe(service_name())
+   -> true.
+
+subscribe(SvcName) ->
+    diameter_service:subscribe(SvcName).
+
+%% ---------------------------------------------------------------------------
+%% unsubscribe/1
+%% ---------------------------------------------------------------------------
+
+-spec unsubscribe(service_name())
+   -> true.
+
+unsubscribe(SvcName) ->
+    diameter_service:unsubscribe(SvcName).
+
+%% ---------------------------------------------------------------------------
+%% session_id/1
+%% ---------------------------------------------------------------------------
+
+-spec session_id('DiameterIdentity'())
+   -> 'OctetString'().
+
+session_id(Ident) ->
+    diameter_session:session_id(Ident).
+
+%% ---------------------------------------------------------------------------
+%% origin_state_id/0
+%% ---------------------------------------------------------------------------
+
+-spec origin_state_id()
+   -> 'Unsigned32'().
+
+origin_state_id() ->
+    diameter_session:origin_state_id().
+
+%% ---------------------------------------------------------------------------
+%% call/3,4
+%% ---------------------------------------------------------------------------
+
+-spec call(service_name(), app_alias(), any(), [call_opt()])
+   -> any().
+
+call(SvcName, App, Message, Options) ->
+    diameter_service:call(SvcName, {alias, App}, Message, Options).
+
+call(SvcName, App, Message) ->
+    call(SvcName, App, Message, []).
+
+%% ===========================================================================
+
+%% Diameter basic types
+
+-type 'OctetString'() :: iolist().
+-type 'Integer32'()   :: -2147483647..2147483647.
+-type 'Integer64'()   :: -9223372036854775807..9223372036854775807.
+-type 'Unsigned32'()  :: 0..4294967295.
+-type 'Unsigned64'()  :: 0..18446744073709551615.
+-type 'Float32'()     :: '-infinity' | float() | infinity.
+-type 'Float64'()     :: '-infinity' | float() | infinity.
+-type 'Grouped'()     :: list() | tuple().
+
+%% Diameter derived types
+
+-type 'Address'()
+   :: inet:ip_address()
+    | string().
+
+-type 'Time'()             :: {{integer(), 1..12, 1..31},
+                               {0..23, 0..59, 0..59}}.
+-type 'UTF8String'()       :: iolist().
+-type 'DiameterIdentity'() :: 'OctetString'().
+-type 'DiameterURI'()      :: 'OctetString'().
+-type 'Enumerated'()       :: 'Integer32'().
+-type 'IPFilterRule'()     :: 'OctetString'().
+-type 'QoSFilterRule'()    :: 'OctetString'().
+
+%% The handle to a service.
+
+-type service_name()
+   :: any().
+
+%% Capabilities options/avps on start_service/2 and/or add_transport/2
+
+-type capability()
+   :: {'Origin-Host',                    'DiameterIdentity'()}
+    | {'Origin-Realm',                   'DiameterIdentity'()}
+    | {'Host-IP-Address',                ['Address'()]}
+    | {'Vendor-Id',                      'Unsigned32'()}
+    | {'Product-Name',                   'UTF8String'()}
+    | {'Supported-Vendor-Id',            ['Unsigned32'()]}
+    | {'Auth-Application-Id',            ['Unsigned32'()]}
+    | {'Vendor-Specific-Application-Id', ['Grouped'()]}
+    | {'Firmware-Revision',              'Unsigned32'()}.
+
+%% Filters for call/4
+
+-type peer_filter()
+   :: none
+    | host
+    | realm
+    | {host,  any|'DiameterIdentity'()}
+    | {realm, any|'DiameterIdentity'()}
+    | {eval, evaluable()}
+    | {neg, peer_filter()}
+    | {all, [peer_filter()]}
+    | {any, [peer_filter()]}.
+
+-type evaluable()
+   :: {module(), atom(), list()}
+    | fun()
+    | maybe_improper_list(evaluable(), list()).
+
+%% Options passed to start_service/2
+
+-type service_opt()
+   :: capability()
+    | {application, [application_opt()]}.
+
+-type application_opt()
+   :: {alias, app_alias()}
+    | {dictionary, module()}
+    | {module, app_module()}
+    | {state, any()}
+    | {call_mutates_state, boolean()}
+    | {answer_errors, callback|report|discard}.
+
+-type app_alias()
+   :: any().
+
+-type app_module()
+   :: module()
+    | maybe_improper_list(module(), list())
+    | #diameter_callback{}.
+
+%% Identifier returned by add_transport/2
+
+-type transport_ref()
+   :: reference().
+
+%% Options passed to add_transport/2
+
+-type transport_opt()
+   :: {transport_module, atom()}
+    | {transport_config, any()}
+    | {applications, [app_alias()]}
+    | {capabilities, [capability()]}
+    | {capabilities_cb, evaluable()}
+    | {watchdog_timer, 'Unsigned32'() | {module(), atom(), list()}}
+    | {reconnect_timer, 'Unsigned32'()}
+    | {private, any()}.
+
+%% Predicate passed to remove_transport/2
+
+-type transport_pred()
+   :: fun((reference(), connect|listen, list()) -> boolean())
+    | fun((reference(), list()) -> boolean())
+    | fun((list()) -> boolean())
+    | reference()
+    | list()
+    | {connect|listen, transport_pred()}
+    | {atom(), atom(), list()}.
+
+%% Options passed to call/4
+
+-type call_opt()
+   :: {extra, list()}
+    | {filter, peer_filter()}
+    | {timeout, 'Unsigned32'()}
+    | detach.
diff --git a/lib/diameter/src/app/diameter_app.erl b/lib/diameter/src/base/diameter_app.erl
index 600f7ff04d..600f7ff04d 100644
--- a/lib/diameter/src/app/diameter_app.erl
+++ b/lib/diameter/src/base/diameter_app.erl
diff --git a/lib/diameter/src/base/diameter_callback.erl b/lib/diameter/src/base/diameter_callback.erl
new file mode 100644
index 0000000000..90431099b0
--- /dev/null
+++ b/lib/diameter/src/base/diameter_callback.erl
@@ -0,0 +1,234 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% A diameter callback module that can redirect selected callbacks,
+%% providing reasonable default implementations otherwise.
+%%
+%% To order alternate callbacks, configure a #diameter_callback record
+%% as the Diameter application callback in question. The record has
+%% one field for each callback function as well as 'default' and
+%% 'extra' fields. A function-specific field can be set to a
+%% diameter:evaluable() in order to redirect the callback
+%% corresponding to that field, or to 'false' to request the default
+%% callback implemented in this module. If neither of these fields are
+%% set then the 'default' field determines the form of the callback: a
+%% module name results in the usual callback as if the module had been
+%% configured directly as the callback module, a diameter_evaluable()
+%% in a callback applied to the atom-valued callback name and argument
+%% list. For all callbacks not to this module, the 'extra' field is a
+%% list of additional arguments, following arguments supplied by
+%% diameter but preceeding those of the diameter:evaluable() being
+%% applied.
+%%
+%% For example, the following config to diameter:start_service/2, in
+%% an 'application' tuple, would result in only a mymod:peer_down/3
+%% callback, this module implementing the remaining callbacks.
+%%
+%%   {module, #diameter_callback{peer_down = {mymod, down, []}}}
+%%
+%% Equivalently, this can also be specified with a [Mod | Args]
+%% field/value list as follows.
+%%
+%%   {module, [diameter_callback, {peer_down, {mymod, down, []}}]}
+%%
+%% The following would result in this module suppying peer_up and
+%% peer_down callback, others taking place in module mymod.
+%%
+%%   {module, #diameter_callback{peer_up = false,
+%%                               peer_down = false,
+%%                               default = mymod}}
+%%
+%% The following would result in all callbacks taking place as
+%% calls to mymod:diameter/2.
+%%
+%%   {module, #diameter_callback{default = {mymod, diameter, []}}}
+%%
+%% The following are equivalent and result in all callbacks being
+%% provided by this module.
+%%
+%%   {module, #diameter_callback{}}
+%%   {module, diameter_callback}
+%%
+
+-module(diameter_callback).
+
+%% Default callbacks when no aleternate is specified.
+-export([peer_up/3,
+         peer_down/3,
+         pick_peer/4,
+         prepare_request/3,
+         prepare_retransmit/3,
+         handle_request/3,
+         handle_answer/4,
+         handle_error/4]).
+
+%% Callbacks taking a #diameter_callback record.
+-export([peer_up/4,
+         peer_down/4,
+         pick_peer/5,
+         prepare_request/4,
+         prepare_retransmit/4,
+         handle_request/4,
+         handle_answer/5,
+         handle_error/5]).
+
+-include_lib("diameter/include/diameter.hrl").
+
+%%% ----------------------------------------------------------
+%%% # peer_up/3
+%%% ----------------------------------------------------------
+
+peer_up(_Svc, _Peer, State) ->
+    State.
+
+peer_up(Svc, Peer, State, D) ->
+    cb(peer_up,
+       [Svc, Peer, State],
+       D#diameter_callback.peer_up,
+       D).
+
+%%% ----------------------------------------------------------
+%%% # peer_down/3
+%%% ----------------------------------------------------------
+
+peer_down(_Svc, _Peer, State) ->
+    State.
+
+peer_down(Svc, Peer, State, D) ->
+    cb(peer_down,
+       [Svc, Peer, State],
+       D#diameter_callback.peer_down,
+       D).
+
+%%% ----------------------------------------------------------
+%%% # pick_peer/4
+%%% ----------------------------------------------------------
+
+pick_peer([Peer|_], _, _Svc, _State) ->
+    {ok, Peer};
+pick_peer([], _, _Svc, _State) ->
+    false.
+
+pick_peer(PeersL, PeersR, Svc, State, D) ->
+    cb(pick_peer,
+       [PeersL, PeersR, Svc, State],
+       D#diameter_callback.pick_peer,
+       D).
+
+%%% ----------------------------------------------------------
+%%% # prepare_request/3
+%%% ----------------------------------------------------------
+
+prepare_request(Pkt, _Svc, _Peer) ->
+    {send, Pkt}.
+
+prepare_request(Pkt, Svc, Peer, D) ->
+    cb(prepare_request,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.prepare_request,
+       D).
+
+%%% ----------------------------------------------------------
+%%% # prepare_retransmit/3
+%%% ----------------------------------------------------------
+
+prepare_retransmit(Pkt, _Svc, _Peer) ->
+    {send, Pkt}.
+
+prepare_retransmit(Pkt, Svc, Peer, D) ->
+    cb(prepare_retransmit,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.prepare_retransmit,
+       D).
+
+%%% ----------------------------------------------------------
+%%% # handle_request/3
+%%% ----------------------------------------------------------
+
+handle_request(_Pkt, _Svc, _Peer) ->
+    {protocol_error, 3001}.  %% DIAMETER_COMMAND_UNSUPPORTED
+
+handle_request(Pkt, Svc, Peer, D) ->
+    cb(handle_request,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.handle_request,
+       D).
+
+%%% ----------------------------------------------------------
+%%% # handle_answer/4
+%%% ----------------------------------------------------------
+
+handle_answer(#diameter_packet{msg = Ans, errors = []}, _Req, _Svc, _Peer) ->
+    Ans;
+handle_answer(#diameter_packet{msg = Ans, errors = Es}, _Req, _Svc, _Peer) ->
+    [Ans | Es].
+
+handle_answer(Pkt, Req, Svc, Peer, D) ->
+    cb(handle_answer,
+       [Pkt, Req, Svc, Peer],
+       D#diameter_callback.handle_answer,
+       D).
+
+%%% ---------------------------------------------------------------------------
+%%% # handle_error/4
+%%% ---------------------------------------------------------------------------
+
+handle_error(Reason, _Req, _Svc, _Peer) ->
+    {error, Reason}.
+
+handle_error(Reason, Req, Svc, Peer, D) ->
+    cb(handle_error,
+       [Reason, Req, Svc, Peer],
+       D#diameter_callback.handle_error,
+       D).
+
+%% ===========================================================================
+
+%% cb/4
+
+%% Unspecified callback: use default field to determine something
+%% appropriate.
+cb(CB, Args, undefined, D) ->
+    cb(CB, Args, D);
+
+%% Explicitly requested default.
+cb(CB, Args, false, _) ->
+    apply(?MODULE, CB, Args);
+
+%% A specified callback.
+cb(_, Args, F, #diameter_callback{extra = X}) ->
+    diameter_lib:eval([[F|X] | Args]).
+
+%% cb/3
+
+%% No user-supplied default: call ours.
+cb(CB, Args, #diameter_callback{default = undefined}) ->
+    apply(?MODULE, CB, Args);
+
+%% Default is a module name: make the usual callback.
+cb(CB, Args, #diameter_callback{default = M,
+                                extra = X})
+  when is_atom(M) ->
+    apply(M, CB, Args ++ X);
+
+%% Default is something else: apply if to callback name and arguments.
+cb(CB, Args, #diameter_callback{default = F,
+                                extra = X}) ->
+    diameter_lib:eval([F, CB, Args | X]).
diff --git a/lib/diameter/src/base/diameter_capx.erl b/lib/diameter/src/base/diameter_capx.erl
new file mode 100644
index 0000000000..6c4d60ee9b
--- /dev/null
+++ b/lib/diameter/src/base/diameter_capx.erl
@@ -0,0 +1,391 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% This module builds CER and CEA records for use during capabilities
+%% exchange. All of a CER/CEA is built from AVP values configured on
+%% the service in question but values for Supported-Vendor-Id,
+%% Vendor-Specific-Application-Id, Auth-Application-Id and
+%% Acct-Application-id are also obtained using an older method that
+%% remains only for backwards compatibility. With this method, each
+%% dictionary module was required to export a cer/0 that returned a
+%% diameter_base_CER record (or corresponding list, although the list
+%% is also a later addition). Each returned CER contributes its member
+%% values for the aforementioned four AVPs to the resulting CER, with
+%% remaining AVP's either unspecified or identical to those configured
+%% on the service. Auth-Application-Id and Acct-Application-id were
+%% originally treated a little differently, each callback being
+%% required to return either no value of the same value as the other
+%% callbacks, but this coupled the callback modules unnecessarily. (A
+%% union is backwards compatible to boot.)
+%%
+%% Values obtained from the service and callbacks are all included
+%% when building a CER. Older code with only callback can continue to
+%% use them, newer code should probably stick to service configuration
+%% (since this is more explicit) or mix at their own peril.
+%%
+%% The cer/0 callback is now undocumented (despite never being fully
+%% documented to begin with) and should be considered deprecated even
+%% by those poor souls still using it.
+%%
+
+-module(diameter_capx).
+
+-export([build_CER/1,
+         recv_CER/2,
+         recv_CEA/2,
+         make_caps/2]).
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_internal.hrl").
+-include("diameter_gen_base_rfc3588.hrl").
+
+-define(SUCCESS,    2001).  %% DIAMETER_SUCCESS
+-define(NOAPP,      5010).  %% DIAMETER_NO_COMMON_APPLICATION
+-define(NOSECURITY, 5017).  %% DIAMETER_NO_COMMON_SECURITY
+
+-define(NO_INBAND_SECURITY, 0).
+-define(TLS, 1).
+
+%% ===========================================================================
+
+-type tried(T) :: {ok, T} | {error, {term(), list()}}.
+
+-spec build_CER(#diameter_caps{})
+   -> tried(#diameter_base_CER{}).
+
+build_CER(Caps) ->
+    try_it([fun bCER/1, Caps]).
+
+-spec recv_CER(#diameter_base_CER{}, #diameter_service{})
+   -> tried({[diameter:'Unsigned32'()],
+             #diameter_caps{},
+             #diameter_base_CEA{}}).
+
+recv_CER(CER, Svc) ->
+    try_it([fun rCER/2, CER, Svc]).
+
+-spec recv_CEA(#diameter_base_CEA{}, #diameter_service{})
+   -> tried({[diameter:'Unsigned32'()],
+             [diameter:'Unsigned32'()],
+             #diameter_caps{}}).
+
+recv_CEA(CEA, Svc) ->
+    try_it([fun rCEA/2, CEA, Svc]).
+
+make_caps(Caps, Opts) ->
+    try_it([fun mk_caps/2, Caps, Opts]).
+
+%% ===========================================================================
+%% ===========================================================================
+
+try_it([Fun | Args]) ->
+    try apply(Fun, Args) of
+        T -> {ok, T}
+    catch
+        throw: ?FAILURE(Reason) -> {error, Reason}
+    end.
+
+%% mk_caps/2
+
+mk_caps(Caps0, Opts) ->
+    {Caps, _} = lists:foldl(fun set_cap/2,
+                            {Caps0, #diameter_caps{_ = false}},
+                            Opts),
+    Caps.
+
+-define(SC(K,F),
+        set_cap({K, Val}, {Caps, #diameter_caps{F = false} = C}) ->
+            {Caps#diameter_caps{F = cap(K, Val)}, C#diameter_caps{F = true}}).
+
+?SC('Origin-Host',         origin_host);
+?SC('Origin-Realm',        origin_realm);
+?SC('Host-IP-Address',     host_ip_address);
+?SC('Vendor-Id',           vendor_id);
+?SC('Product-Name',        product_name);
+?SC('Origin-State-Id',     origin_state_id);
+?SC('Supported-Vendor-Id', supported_vendor_id);
+?SC('Auth-Application-Id', auth_application_id);
+?SC('Inband-Security-Id',  inband_security_id);
+?SC('Acct-Application-Id', acct_application_id);
+?SC('Vendor-Specific-Application-Id', vendor_specific_application_id);
+?SC('Firmware-Revision',   firmware_revision);
+
+set_cap({Key, _}, _) ->
+    ?THROW({duplicate, Key}).
+
+cap(K, V)
+  when K == 'Origin-Host';
+       K == 'Origin-Realm';
+       K == 'Vendor-Id';
+       K == 'Product-Name' ->
+    V;
+
+cap('Host-IP-Address', Vs)
+  when is_list(Vs) ->
+    lists:map(fun ipaddr/1, Vs);
+
+cap('Firmware-Revision', V) ->
+    [V];
+
+cap(_, Vs)
+  when is_list(Vs) ->
+    Vs;
+
+cap(K, V) ->
+    ?THROW({invalid, K, V}).
+
+ipaddr(A) ->
+    try
+        diameter_lib:ipaddr(A)
+    catch
+        error: {invalid_address, _} = T ->
+            ?THROW(T)
+    end.
+
+%% bCER/1
+%%
+%% Build a CER record to send to a remote peer.
+
+%% Use the fact that diameter_caps has the same field names as CER.
+bCER(#diameter_caps{} = Rec) ->
+    #diameter_base_CER{}
+        = list_to_tuple([diameter_base_CER | tl(tuple_to_list(Rec))]).
+
+%% rCER/2
+%%
+%% Build a CEA record to send to a remote peer in response to an
+%% incoming CER. RFC 3588 gives no guidance on what should be sent
+%% here: should we advertise applications that the peer hasn't sent in
+%% its CER (aside from the relay application) or not? If we send
+%% applications that the peer hasn't advertised then the peer may have
+%% to be aware of the possibility. If we don't then we just look like
+%% a server that supports a subset (possibly) of what the client
+%% advertised, so this feels like the path of least incompatibility.
+%% However, the current draft standard (draft-ietf-dime-rfc3588bis-26,
+%% expires 24 July 2011) says this in section 5.3, Capabilities
+%% Exchange:
+%%
+%%   The receiver of the Capabilities-Exchange-Request (CER) MUST
+%%   determine common applications by computing the intersection of its
+%%   own set of supported Application Id against all of the application
+%%   identifier AVPs (Auth-Application-Id, Acct-Application-Id and Vendor-
+%%   Specific-Application-Id) present in the CER.  The value of the
+%%   Vendor-Id AVP in the Vendor-Specific-Application-Id MUST NOT be used
+%%   during computation.  The sender of the Capabilities-Exchange-Answer
+%%   (CEA) SHOULD include all of its supported applications as a hint to
+%%   the receiver regarding all of its application capabilities.
+%%
+%% Both RFC and the draft also say this:
+%%
+%%   The receiver only issues commands to its peers that have advertised
+%%   support for the Diameter application that defines the command.  A
+%%   Diameter node MUST cache the supported applications in order to
+%%   ensure that unrecognized commands and/or AVPs are not unnecessarily
+%%   sent to a peer.
+%%
+%% That is, each side sends all of its capabilities and is responsible for
+%% not sending commands that the peer doesn't support.
+
+%% 6.10.  Inband-Security-Id AVP
+%%
+%%   NO_INBAND_SECURITY                0
+%%      This peer does not support TLS.  This is the default value, if the
+%%      AVP is omitted.
+%%
+%%   TLS                               1
+%%      This node supports TLS security, as defined by [TLS].
+
+rCER(CER, #diameter_service{capabilities = LCaps} = Svc) ->
+    #diameter_base_CEA{}
+        = CEA
+        = cea_from_cer(bCER(LCaps)),
+
+    RCaps = capx_to_caps(CER),
+    SApps = common_applications(LCaps, RCaps, Svc),
+
+    {SApps,
+     RCaps,
+     build_CEA(SApps,
+               LCaps,
+               RCaps,
+               CEA#diameter_base_CEA{'Result-Code' = ?SUCCESS})}.
+
+build_CEA([], _, _, CEA) ->
+    CEA#diameter_base_CEA{'Result-Code' = ?NOAPP};
+
+build_CEA(_, LCaps, RCaps, CEA) ->
+    case common_security(LCaps, RCaps) of
+        [] ->
+            CEA#diameter_base_CEA{'Result-Code' = ?NOSECURITY};
+        [_] = IS ->
+            CEA#diameter_base_CEA{'Inband-Security-Id' = IS}
+    end.
+
+%% common_security/2
+
+common_security(#diameter_caps{inband_security_id = LS},
+                #diameter_caps{inband_security_id = RS}) ->
+    cs(LS, RS).
+
+%% Unspecified is equivalent to NO_INBAND_SECURITY.
+cs([], RS) ->
+    cs([?NO_INBAND_SECURITY], RS);
+cs(LS, []) ->
+    cs(LS, [?NO_INBAND_SECURITY]);
+
+%% Agree on TLS if both parties support it. When sending CEA, this is
+%% to ensure the peer is clear that we will be expecting a TLS
+%% handshake since there is no ssl:maybe_accept that would allow the
+%% peer to choose between TLS or not upon reception of our CEA. When
+%% receiving CEA it deals with a server that isn't explicit about its choice.
+%% TODO: Make the choice configurable.
+cs(LS, RS) ->
+    Is = ordsets:to_list(ordsets:intersection(ordsets:from_list(LS),
+                                              ordsets:from_list(RS))),
+    case lists:member(?TLS, Is) of
+        true ->
+            [?TLS];
+        false when [] == Is ->
+            Is;
+        false ->
+            [hd(Is)]  %% probably NO_INBAND_SECURITY
+    end.
+%% The only two values defined by RFC 3588 are NO_INBAND_SECURITY and
+%% TLS but don't enforce this. In theory this allows some other
+%% security mechanism we don't have to know about, although in
+%% practice something there may be a need for more synchronization
+%% than notification by way of an event subscription offers.
+
+%% cea_from_cer/1
+
+%% CER is a subset of CEA, the latter adding Result-Code and a few
+%% more AVP's.
+cea_from_cer(#diameter_base_CER{} = CER) ->
+    lists:foldl(fun(F,A) -> to_cea(CER, F, A) end,
+                #diameter_base_CEA{},
+                record_info(fields, diameter_base_CER)).
+
+to_cea(CER, Field, CEA) ->
+    try ?BASE:'#get-'(Field, CER) of
+        V -> ?BASE:'#set-'({Field, V}, CEA)
+    catch
+        error: _ -> CEA
+    end.
+        
+%% rCEA/2
+
+rCEA(CEA, #diameter_service{capabilities = LCaps} = Svc) ->
+    RCaps = capx_to_caps(CEA),
+    SApps = common_applications(LCaps, RCaps, Svc),
+    IS = common_security(LCaps, RCaps),
+
+    {SApps, IS, RCaps}.
+
+%% capx_to_caps/1
+
+capx_to_caps(#diameter_base_CEA{'Origin-Host' = OH,
+                                'Origin-Realm' = OR,
+                                'Host-IP-Address' = IP,
+                                'Vendor-Id' = VId,
+                                'Product-Name' = PN,
+                                'Origin-State-Id' = OSI,
+                                'Supported-Vendor-Id' = SV,
+                                'Auth-Application-Id' = Auth,
+                                'Inband-Security-Id' = IS,
+                                'Acct-Application-Id' = Acct,
+                                'Vendor-Specific-Application-Id' = VSA,
+                                'Firmware-Revision' = FR,
+                                'AVP' = X}) ->
+    #diameter_caps{origin_host = OH,
+                   origin_realm = OR,
+                   vendor_id = VId,
+                   product_name = PN,
+                   origin_state_id = OSI,
+                   host_ip_address = IP,
+                   supported_vendor_id = SV,
+                   auth_application_id = Auth,
+                   inband_security_id = IS,
+                   acct_application_id = Acct,
+                   vendor_specific_application_id = VSA,
+                   firmware_revision = FR,
+                   avp = X};
+
+capx_to_caps(#diameter_base_CER{} = CER) ->
+    capx_to_caps(cea_from_cer(CER)).
+
+%% ---------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+
+%% common_applications/3
+%%
+%% Identify the (local) applications to be supported on the connection
+%% in question.
+
+common_applications(LCaps, RCaps, #diameter_service{applications = Apps}) ->
+    LA = app_union(LCaps),
+    RA = app_union(RCaps),
+
+    lists:foldl(fun(I,A) -> ca(I, Apps, RA, A) end, [], LA).
+
+ca(Id, Apps, RA, Acc) ->
+    Relay = lists:member(?APP_ID_RELAY, RA),
+    #diameter_app{alias = Alias} = find_app(Id, Apps),
+    tcons(Relay                        %% peer is a relay
+          orelse ?APP_ID_RELAY == Id   %% we're a relay
+          orelse lists:member(Id, RA), %% app is supported by the peer
+          Id,
+          Alias,
+          Acc).
+%% 5.3 of the RFC states that a peer advertising itself as a relay must
+%% be interpreted as having common applications.
+
+%% Extract the list of all application identifiers from Auth-Application-Id,
+%% Acct-Application-Id and Vendor-Specific-Application-Id.
+app_union(#diameter_caps{auth_application_id = U,
+                         acct_application_id = C,
+                         vendor_specific_application_id = V}) ->
+    set_list(U ++ C ++ lists:flatmap(fun vsa_apps/1, V)).
+
+vsa_apps(#'diameter_base_Vendor-Specific-Application-Id'
+         {'Auth-Application-Id' = U,
+          'Acct-Application-Id' = C}) ->
+    U ++ C;
+vsa_apps(L) ->
+    Rec = ?BASE:'#new-'('diameter_base_Vendor-Specific-Application-Id', L),
+    vsa_apps(Rec).
+
+%% It's a configuration error for a locally advertised application not
+%% to be represented in Apps. Don't just match on lists:keyfind/3 in
+%% order to generate a more helpful error.
+find_app(Id, Apps) ->
+    case lists:keyfind(Id, #diameter_app.id, Apps) of
+        #diameter_app{} = A ->
+            A;
+        false ->
+            ?THROW({app_not_configured, Id})
+    end.
+
+set_list(L) ->
+    sets:to_list(sets:from_list(L)).
+
+tcons(true, K, V, Acc) ->
+    [{K,V} | Acc];
+tcons(false, _, _, Acc) ->
+    Acc.
diff --git a/lib/diameter/src/base/diameter_codec.erl b/lib/diameter/src/base/diameter_codec.erl
new file mode 100644
index 0000000000..fe1212b7e0
--- /dev/null
+++ b/lib/diameter/src/base/diameter_codec.erl
@@ -0,0 +1,543 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_codec).
+
+-export([encode/2,
+         decode/2,
+         decode/3,
+         collect_avps/1,
+         decode_header/1,
+         sequence_numbers/1,
+         hop_by_hop_id/2,
+         msg_name/1,
+         msg_id/1]).
+
+%% Towards generated encoders (from diameter_gen.hrl).
+-export([pack_avp/1,
+         pack_avp/2]).
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_internal.hrl").
+
+-define(MASK(N,I), ((I) band (1 bsl (N)))).
+
+%%     0                   1                   2                   3
+%%     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |    Version    |                 Message Length                |
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    | command flags |                  Command-Code                 |
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |                         Application-ID                        |
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |                      Hop-by-Hop Identifier                    |
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |                      End-to-End Identifier                    |
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |  AVPs ...
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-
+
+%%% ---------------------------------------------------------------------------
+%%% # encode/[2-4]
+%%% ---------------------------------------------------------------------------
+
+encode(Mod, #diameter_packet{} = Pkt) ->
+    try
+        e(Mod, Pkt)
+    catch
+        error: Reason ->
+            %% Be verbose rather than letting the emulator truncate the
+            %% error report.
+            X = {Reason, ?STACK},
+            diameter_lib:error_report(X, {?MODULE, encode, [Mod, Pkt]}),
+            exit(X)
+    end;
+
+encode(Mod, Msg) ->
+    Seq = diameter_session:sequence(),
+    Hdr = #diameter_header{version = ?DIAMETER_VERSION,
+                           end_to_end_id = Seq,
+                           hop_by_hop_id = Seq},
+    encode(Mod,  #diameter_packet{header = Hdr,
+                                  msg = Msg}).
+
+e(_, #diameter_packet{msg = [#diameter_header{} = Hdr | As]} = Pkt) ->
+    Avps = encode_avps(As),
+    Length = size(Avps) + 20,
+
+    #diameter_header{version = Vsn,
+                     cmd_code = Code,
+                     application_id = Aid,
+                     hop_by_hop_id  = Hid,
+                     end_to_end_id  = Eid}
+        = Hdr,
+
+    Flags = make_flags(0, Hdr),
+
+    Pkt#diameter_packet{bin = <<Vsn:8, Length:24,
+                                Flags:8, Code:24,
+                                Aid:32,
+                                Hid:32,
+                                Eid:32,
+                                Avps/binary>>};
+
+e(Mod0, #diameter_packet{header = Hdr, msg = Msg} = Pkt) ->
+    #diameter_header{version = Vsn,
+                     hop_by_hop_id = Hid,
+                     end_to_end_id = Eid}
+        = Hdr,
+
+    {Mod, MsgName} = rec2msg(Mod0, Msg),
+    {Code, Flags0, Aid} = msg_header(Mod, MsgName, Hdr),
+    Flags = make_flags(Flags0, Hdr),
+
+    Avps = encode_avps(Mod, MsgName, values(Msg)),
+    Length = size(Avps) + 20,
+
+    Pkt#diameter_packet{header = Hdr#diameter_header
+                                    {length = Length,
+                                     cmd_code = Code,
+                                     application_id = Aid,
+                                     is_request       = 0 /= ?MASK(7, Flags),
+                                     is_proxiable     = 0 /= ?MASK(6, Flags),
+                                     is_error         = 0 /= ?MASK(5, Flags),
+                                     is_retransmitted = 0 /= ?MASK(4, Flags)},
+                        bin = <<Vsn:8, Length:24,
+                                Flags:8, Code:24,
+                                Aid:32,
+                                Hid:32,
+                                Eid:32,
+                                Avps/binary>>}.
+
+%% make_flags/2
+
+make_flags(Flags0, #diameter_header{is_request       = R,
+                                    is_proxiable     = P,
+                                    is_error         = E,
+                                    is_retransmitted = T}) ->
+    {Flags, 3} = lists:foldl(fun(B,{F,N}) -> {mf(B,F,N), N-1} end,
+                             {Flags0, 7},
+                             [R,P,E,T]),
+    Flags.
+
+mf(undefined, F, _) ->
+    F;
+mf(B, F, N) ->  %% reset the affected bit
+    (F bxor (F band (1 bsl N))) bor bit(B, N).
+
+bit(true, N)  -> 1 bsl N;
+bit(false, _) -> 0.
+
+%% values/1
+
+values([H|T])
+  when is_atom(H) ->
+    T;
+values(Avps) ->
+    Avps.
+
+%% encode_avps/3
+
+%% Specifying values as a #diameter_avp list bypasses arity and other
+%% checks: the values are expected to be already encoded and the AVP's
+%% presented are simply sent. This is needed for relay agents, since
+%% these have to be able to resend whatever comes.
+
+%% Message as a list of #diameter_avp{} ...
+encode_avps(_, _, [#diameter_avp{} | _] = Avps) ->
+    encode_avps(reorder(Avps, [], Avps));
+
+%% ... or as a tuple list or record.
+encode_avps(Mod, MsgName, Values) ->
+    Mod:encode_avps(MsgName, Values).
+
+%% reorder/1
+
+reorder([#diameter_avp{index = 0} | _] = Avps, Acc, _) ->
+    Avps ++ Acc;
+
+reorder([#diameter_avp{index = N} = A | Avps], Acc, _)
+  when is_integer(N) ->
+    lists:reverse(Avps, [A | Acc]);
+
+reorder([H | T], Acc, Avps) ->
+    reorder(T, [H | Acc], Avps);
+
+reorder([], Acc, _) ->
+    Acc.
+
+%% encode_avps/1
+
+encode_avps(Avps) ->
+    list_to_binary(lists:map(fun pack_avp/1, Avps)).
+
+%% msg_header/3
+
+msg_header(Mod, 'answer-message' = MsgName, Header) ->
+    ?BASE = Mod,
+    #diameter_header{cmd_code = Code} = Header,
+    {_, Flags, ApplId} = ?BASE:msg_header(MsgName),
+    {Code, Flags, ApplId};
+
+msg_header(Mod, MsgName, _) ->
+    Mod:msg_header(MsgName).
+
+%% rec2msg/2
+
+rec2msg(_, ['answer-message' = M | _]) ->
+    {?BASE, M};
+
+rec2msg(Mod, [MsgName|_])
+  when is_atom(MsgName) ->
+    {Mod, MsgName};
+
+rec2msg(Mod, Rec) ->
+    R = element(1, Rec),
+    A = 'answer-message',
+    case ?BASE:msg2rec(A) of
+        R ->
+            {?BASE, A};
+        _ ->
+            {Mod, Mod:rec2msg(R)}
+    end.
+
+%%% ---------------------------------------------------------------------------
+%%% # decode/2
+%%% ---------------------------------------------------------------------------
+
+%% Unsuccessfully decoded AVPs will be placed in #diameter_packet.errors.
+
+decode(Mod, Pkt) ->
+    decode(Mod:id(), Mod, Pkt).
+
+%% If we're a relay application then just extract the avp's without
+%% any decoding of their data since we don't know the application in
+%% question.
+decode(?APP_ID_RELAY, _, #diameter_packet{} = Pkt) ->
+    case collect_avps(Pkt) of
+        {Bs, As} ->
+            Pkt#diameter_packet{avps = As,
+                                errors = [Bs]};
+        As ->
+            Pkt#diameter_packet{avps = As}
+    end;
+
+%% Otherwise decode using the dictionary.
+decode(_, Mod, #diameter_packet{header = Hdr} = Pkt)
+  when is_atom(Mod) ->
+    #diameter_header{cmd_code = CmdCode,
+                     is_request = IsRequest,
+                     is_error = IsError}
+        = Hdr,
+
+    {M, MsgName} = if IsError andalso not IsRequest ->
+                           {?BASE, 'answer-message'};
+                      true ->
+                           {Mod, Mod:msg_name(CmdCode, IsRequest)}
+                   end,
+
+    decode_avps(MsgName, M, Pkt, collect_avps(Pkt));
+
+decode(Id, Mod, Bin)
+  when is_bitstring(Bin) ->
+    decode(Id, Mod, #diameter_packet{header = decode_header(Bin), bin = Bin}).
+
+decode_avps(MsgName, Mod, Pkt, {Bs, Avps}) ->  %% invalid avp bits ...
+    ?LOG(invalid, Pkt#diameter_packet.bin),
+    #diameter_packet{errors = Failed}
+        = P
+        = decode_avps(MsgName, Mod, Pkt, Avps),
+    P#diameter_packet{errors = [Bs | Failed]};
+
+decode_avps('', Mod, Pkt, Avps) ->  %% unknown message ...
+    ?LOG(unknown, {Mod, Pkt#diameter_packet.header}),
+    Pkt#diameter_packet{avps = lists:reverse(Avps),
+                        errors = [3001]};   %% DIAMETER_COMMAND_UNSUPPORTED
+%% msg = undefined identifies this case.
+
+decode_avps(MsgName, Mod, Pkt, Avps) ->  %% ... or not
+    {Rec, As, Failed} = Mod:decode_avps(MsgName, Avps),
+    ?LOGC([] /= Failed, failed, {Mod, Failed}),
+    Pkt#diameter_packet{msg = Rec,
+                        errors = Failed,
+                        avps = As}.
+
+%%% ---------------------------------------------------------------------------
+%%% # decode_header/1
+%%% ---------------------------------------------------------------------------
+
+decode_header(<<Version:8,
+                MsgLength:24,
+                CmdFlags:1/binary,
+                CmdCode:24,
+                ApplicationId:32,
+                HopByHopId:32,
+                EndToEndId:32,
+                _/bitstring>>) ->
+    <<R:1, P:1, E:1, T:1, _:4>>
+        = CmdFlags,
+    %% 3588 (ch 3) says that reserved bits MUST be set to 0 and ignored
+    %% by the receiver.
+
+    %% The RFC is quite unclear about the order of the bits in this
+    %% case. It writes
+    %%
+    %%    0 1 2 3 4 5 6 7
+    %%   +-+-+-+-+-+-+-+-+
+    %%   |R P E T r r r r|
+    %%   +-+-+-+-+-+-+-+-+
+    %%
+    %% in defining these but the scale refers to the (big endian)
+    %% transmission order, first to last, not the bit order. That is,
+    %% R is the high order bit. It's odd that a standard reserves
+    %% low-order bit rather than high-order ones.
+
+    #diameter_header{version = Version,
+                     length = MsgLength,
+                     cmd_code = CmdCode,
+                     application_id = ApplicationId,
+                     hop_by_hop_id = HopByHopId,
+                     end_to_end_id = EndToEndId,
+                     is_request       = 1 == R,
+                     is_proxiable     = 1 == P,
+                     is_error         = 1 == E,
+                     is_retransmitted = 1 == T};
+
+decode_header(_) ->
+    false.
+
+%%% ---------------------------------------------------------------------------
+%%% # sequence_numbers/1
+%%% ---------------------------------------------------------------------------
+
+%% The End-To-End identifier must be unique for at least 4 minutes. We
+%% maintain a 24-bit wraparound counter, and add an 8-bit persistent
+%% wraparound counter. The 8-bit counter is incremented each time the
+%% system is restarted.
+
+sequence_numbers(#diameter_packet{bin = Bin})
+  when is_binary(Bin) ->
+    sequence_numbers(Bin);
+
+sequence_numbers(#diameter_packet{header = #diameter_header{} = H}) ->
+    sequence_numbers(H);
+
+sequence_numbers(#diameter_header{hop_by_hop_id = H,
+                                  end_to_end_id = E}) ->
+    {H,E};
+
+sequence_numbers(<<_:12/binary, H:32, E:32, _/binary>>) ->
+    {H,E}.
+
+%%% ---------------------------------------------------------------------------
+%%% # hop_by_hop_id/2
+%%% ---------------------------------------------------------------------------
+
+hop_by_hop_id(Id, <<H:12/binary, _:32, T/binary>>) ->
+    <<H/binary, Id:32, T/binary>>.
+
+%%% ---------------------------------------------------------------------------
+%%% # msg_name/1
+%%% ---------------------------------------------------------------------------
+
+msg_name(#diameter_header{application_id = ?APP_ID_COMMON,
+                          cmd_code = C,
+                          is_request = R}) ->
+    ?BASE:msg_name(C,R);
+
+msg_name(Hdr) ->
+    msg_id(Hdr).
+
+%% Note that messages in different applications could have the same
+%% name.
+
+%%% ---------------------------------------------------------------------------
+%%% # msg_id/1
+%%% ---------------------------------------------------------------------------
+
+msg_id(#diameter_packet{msg = [#diameter_header{} = Hdr | _]}) ->
+    msg_id(Hdr);
+
+msg_id(#diameter_packet{header = #diameter_header{} = Hdr}) ->
+    msg_id(Hdr);
+
+msg_id(#diameter_header{application_id = A,
+                        cmd_code = C,
+                        is_request = R}) ->
+    {A, C, if R -> 1; true -> 0 end};
+
+msg_id(<<_:32, Rbit:1, _:7, CmdCode:24, ApplId:32, _/bitstring>>) ->
+    {ApplId, CmdCode, Rbit}.
+
+%%% ---------------------------------------------------------------------------
+%%% # collect_avps/1
+%%% ---------------------------------------------------------------------------
+
+%% Note that the returned list of AVP's is reversed relative to their
+%% order in the binary. Note also that grouped avp's aren't unraveled,
+%% only those at the top level.
+
+collect_avps(#diameter_packet{bin = Bin}) ->
+    <<_:20/binary, Avps/bitstring>> = Bin,
+    collect_avps(Avps);
+
+collect_avps(Bin) ->
+    collect_avps(Bin, 0, []).
+
+collect_avps(<<>>, _, Acc) ->
+    Acc;
+collect_avps(Bin, N, Acc) ->
+    try split_avp(Bin) of
+        {Rest, AVP} ->
+            collect_avps(Rest, N+1, [AVP#diameter_avp{index = N} | Acc])
+    catch
+        ?FAILURE(_) ->
+            {Bin, Acc}
+    end.
+
+%%     0                   1                   2                   3
+%%     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |                           AVP Code                            |
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |V M P r r r r r|                  AVP Length                   |
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |                        Vendor-ID (opt)                        |
+%%    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+%%    |    Data ...
+%%    +-+-+-+-+-+-+-+-+
+
+%% split_avp/1
+
+split_avp(Bin) ->
+    8 =< size(Bin) orelse ?THROW(truncated_header),
+
+    <<Code:32, Flags:1/binary, Length:24, Rest/bitstring>>
+        = Bin,
+
+    DataSize = Length - 8,        % size(Code+Flags+Length) = 8 octets
+    PadSize = (4 - (DataSize rem 4)) rem 4,
+
+    DataSize + PadSize =< size(Rest)
+        orelse ?THROW(truncated_data),
+
+    <<Data:DataSize/binary, _:PadSize/binary, R/bitstring>>
+        = Rest,
+    <<Vbit:1, Mbit:1, Pbit:1, _Reserved:5>>
+        = Flags,
+
+    0 == Vbit orelse 4 =< size(Data)
+        orelse ?THROW(truncated_vendor_id),
+
+    {Vid, D} = vid(Vbit, Data),
+    {R, #diameter_avp{code = Code,
+                      vendor_id = Vid,
+                      is_mandatory = 1 == Mbit,
+                      need_encryption = 1 == Pbit,
+                      data = D}}.
+
+%% The RFC is a little misleading when stating that OctetString is
+%% padded to a 32-bit boundary while other types align naturally. All
+%% other types are already multiples of 32 bits so there's no need to
+%% distinguish between types here. Any invalid lengths will result in
+%% decode error in diameter_types.
+
+vid(1, <<Vid:32, Data/bitstring>>) ->
+    {Vid, Data};
+vid(0, Data) ->
+    {undefined, Data}.
+
+%%% ---------------------------------------------------------------------------
+%%% # pack_avp/1
+%%% ---------------------------------------------------------------------------
+
+%% The normal case here is data as an #diameter_avp{} list or an
+%% iolist, which are the cases that generated codec modules use. The
+%% other case is as a convenience in the relay case in which the
+%% dictionary doesn't know about specific AVP's.
+
+%% Grouped AVP whose components need packing ...
+pack_avp(#diameter_avp{data = [#diameter_avp{} | _] = Avps} = A) ->
+    pack_avp(A#diameter_avp{data = encode_avps(Avps)});
+
+%% ... data as a type/value tuple, possibly with header data, ...
+pack_avp(#diameter_avp{data = {Type, Value}} = A)
+  when is_atom(Type) ->
+    pack_avp(A#diameter_avp{data = diameter_types:Type(encode, Value)});
+pack_avp(#diameter_avp{data = {{_,_,_} = T, {Type, Value}}}) ->
+    pack_avp(T, iolist_to_binary(diameter_types:Type(encode, Value)));
+pack_avp(#diameter_avp{data = {{_,_,_} = T, Bin}})
+  when is_binary(Bin) ->
+    pack_avp(T, Bin);
+pack_avp(#diameter_avp{data = {Dict, Name, Value}} = A) ->
+    {Code, _Flags, Vid} = Hdr = Dict:avp_header(Name),
+    {Name, Type} = Dict:avp_name(Code, Vid),
+    pack_avp(A#diameter_avp{data = {Hdr, {Type, Value}}});
+
+%% ... or as an iolist.
+pack_avp(#diameter_avp{code = Code,
+                       vendor_id = V,
+                       is_mandatory = M,
+                       need_encryption = P,
+                       data = Data}) ->
+    Flags = lists:foldl(fun flag_avp/2, 0, [{V /= undefined, 2#10000000},
+                                            {M, 2#01000000},
+                                            {P, 2#00100000}]),
+    pack_avp({Code, Flags, V}, iolist_to_binary(Data)).
+
+flag_avp({true, B}, F) ->
+    F bor B;
+flag_avp({false, _}, F) ->
+    F.
+
+%%% ---------------------------------------------------------------------------
+%%% # pack_avp/2
+%%% ---------------------------------------------------------------------------
+
+pack_avp({Code, Flags, VendorId}, Bin)
+  when is_binary(Bin) ->
+    Sz = size(Bin),
+    pack_avp(Code, Flags, VendorId, Sz, pad(Sz rem 4, Bin)).
+
+pad(0, Bin) ->
+    Bin;
+pad(N, Bin) ->
+    P = 8*(4-N),
+    <<Bin/binary, 0:P>>.
+%% Note that padding is not included in the length field as mandated by
+%% the RFC.
+
+%% pack_avp/5
+%%
+%% Prepend the vendor id as required.
+
+pack_avp(Code, Flags, Vid, Sz, Bin)
+  when 0 == Flags band 2#10000000 ->
+    undefined = Vid,  %% sanity check
+    pack_avp(Code, Flags, Sz, Bin);
+
+pack_avp(Code, Flags, Vid, Sz, Bin) ->
+    pack_avp(Code, Flags, Sz+4, <<Vid:32, Bin/binary>>).
+
+%% pack_avp/4
+
+pack_avp(Code, Flags, Sz, Bin) ->
+    Length = Sz + 8,
+    <<Code:32, Flags:8, Length:24, Bin/binary>>.
diff --git a/lib/diameter/src/base/diameter_config.erl b/lib/diameter/src/base/diameter_config.erl
new file mode 100644
index 0000000000..9253af0de2
--- /dev/null
+++ b/lib/diameter/src/base/diameter_config.erl
@@ -0,0 +1,691 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% This module writes service/transport configuration to the table
+%% diameter_config, so that the config will survive service process
+%% death, and then turns it into calls towards diameter_service. It
+%% also restarts services upon their death.
+%%
+%% The table diameter_config is only written here while
+%% diameter_service reads. This is all somewhat after the fact. Once
+%% upon a time the config was only stored in the service process,
+%% causing much grief if these processes died (which they did with
+%% some regularity) and one was forced to reconfigure. This module was
+%% then inserted into the service start in order to keep a more
+%% permanent record of the config. That said, service processes are
+%% now much more robust than they once were and crashing is a thing of
+%% the past.
+%%
+
+-module(diameter_config).
+-compile({no_auto_import, [monitor/2]}).
+
+-behaviour(gen_server).
+
+-export([start_service/2,
+         stop_service/1,
+         add_transport/2,
+         remove_transport/2,
+         have_transport/2,
+         lookup/1]).
+
+%% child server start
+-export([start_link/0]).
+
+%% gen_server callbacks
+-export([init/1,
+         terminate/2,
+         handle_call/3,
+         handle_cast/2,
+         handle_info/2,
+         code_change/3]).
+
+%% diameter_sync requests.
+-export([sync/1]).
+
+%% debug
+-export([state/0,
+         uptime/0]).
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_internal.hrl").
+
+%% Server state.
+-record(state, {id = now()}).
+
+%% Registered name of the server.
+-define(SERVER, ?MODULE).
+
+%% Table config is written to.
+-define(TABLE, ?MODULE).
+
+%% Workaround for dialyzer's lack of understanding of match specs.
+-type match(T)
+   :: T | '_' | '$1' | '$2' | '$3' | '$4'.
+
+%% Configuration records in ?TABLE.
+
+-record(service,
+        {name,
+         rec     :: match(#diameter_service{}),
+         options :: match(list())}).
+
+-record(transport,
+        {service, %% name
+         ref = make_ref() :: match(reference()),
+         type             :: match(connect | listen),
+         options          :: match(list())}).
+
+%% Monitor entry in ?TABLE.
+-record(monitor, {mref = make_ref() :: reference(),
+                  service}). %% name
+
+%% Time to lay low before restarting a dead service.
+-define(RESTART_SLEEP, 2000).
+
+%% A minimal diameter_caps for checking for valid capabilities values.
+-define(EXAMPLE_CAPS,
+        #diameter_caps{origin_host = "TheHost",
+                       origin_realm = "TheRealm",
+                       host_ip_address = [{127,0,0,1}],
+                       vendor_id = 42,
+                       product_name = "TheProduct"}).
+
+-define(VALUES(Rec), tl(tuple_to_list(Rec))).
+
+%%% The return values below assume the server diameter_config is started.
+%%% The functions will exit if it isn't.
+
+%% --------------------------------------------------------------------------
+%% # start_service(SvcName, Opts)
+%%
+%% Output: ok | {error, Reason}
+%% --------------------------------------------------------------------------
+
+start_service(SvcName, Opts)
+  when is_list(Opts)  ->
+    start_rc(sync(SvcName, {start_service, SvcName, Opts})).
+
+start_rc({ok = T, _Pid}) ->
+    T;
+start_rc({error, _} = No) ->
+    No;
+start_rc(timeout) ->
+    {error, application_not_started}.
+
+%% --------------------------------------------------------------------------
+%% # stop_service(SvcName)
+%%
+%% Output: ok
+%% --------------------------------------------------------------------------
+
+stop_service(SvcName) ->
+    sync(SvcName, {stop_service, SvcName}).
+
+%% --------------------------------------------------------------------------
+%% # add_transport(SvcName, {Type, Opts})
+%%
+%% Input:  Type = connect | listen
+%%
+%% Output: {ok, Ref} | {error, Reason}
+%% --------------------------------------------------------------------------
+
+add_transport(SvcName, {T, Opts})
+  when is_list(Opts), (T == connect orelse T == listen) ->
+    sync(SvcName, {add, SvcName, T, Opts}).
+
+%% --------------------------------------------------------------------------
+%% # remove_transport(SvcName, Pred)
+%%
+%% Input:  Pred = arity 3 fun on transport ref, connect|listen and Opts,
+%%                returning true if the transport is to be removed, false if
+%%                not
+%%              | arity 2 fun on Ref and Opts only
+%%              | arity 1 fun on Opts only
+%%              | Opts matching all transports that have all of the specified
+%%                options
+%%              | Ref matching only the transport with this reference.
+%%              | {M,F,A} applied to Ref, connect|listen and Opts
+%%              | boolean()
+%%
+%% Output: ok | {error, Reason}
+%% --------------------------------------------------------------------------
+
+remove_transport(SvcName, Pred) ->
+    try
+        sync(SvcName, {remove, SvcName, pred(Pred)})
+    catch
+        ?FAILURE(Reason) ->
+            {error, Reason}
+    end.
+
+pred(Pred)
+  when is_function(Pred, 3) ->
+    Pred;
+pred(Pred)
+  when is_function(Pred, 2) ->
+    fun(R,_,O) -> Pred(R,O) end;
+pred(Pred)
+  when is_function(Pred, 1) ->
+    fun(_,_,O) -> Pred(O) end;
+pred(Opts)
+  when is_list(Opts) ->
+    fun(_,_,O) -> [] == Opts -- O end;
+pred(Ref)
+  when is_reference(Ref) ->
+    fun(R,_,_) -> R == Ref end;
+pred({M,F,A})
+  when is_atom(M), is_atom(F), is_list(A) ->
+    fun(R,T,O) -> apply(M,F,[R,T,O|A]) end;
+pred({Type, Pred}) ->  %% backwards compatibility
+    P = pred(Pred),
+    fun(R,T,O) -> T == Type andalso P(R,T,O) end;
+pred(B)
+  when is_boolean(B) ->
+    fun(_,_,_) -> B end;
+pred(_) ->
+    ?THROW(pred).
+
+%% --------------------------------------------------------------------------
+%% # have_transport/2
+%%
+%% Output: true | false
+%% --------------------------------------------------------------------------
+
+have_transport(SvcName, Ref) ->
+    member([{#transport{service = '$1',
+                        ref = '$2',
+                        _ = '_'},
+             [{'andalso', {'=:=', '$1', {const, SvcName}},
+                          {'=:=', '$2', {const, Ref}}}],
+             [true]}]).
+
+%% --------------------------------------------------------------------------
+%% # lookup/1
+%% --------------------------------------------------------------------------
+
+lookup(SvcName) ->
+    select([{#service{name = '$1', rec = '$2', options = '$3'},
+             [{'=:=', '$1', {const, SvcName}}],
+             [{{'$1', '$2', '$3'}}]},
+            {#transport{service = '$1',
+                        ref = '$2',
+                        type = '$3',
+                        options = '$4'},
+             [{'=:=', '$1', {const, SvcName}}],
+             [{{'$2', '$3', '$4'}}]}]).
+
+%% ---------------------------------------------------------
+%% EXPORTED INTERNAL FUNCTIONS
+%% ---------------------------------------------------------
+
+start_link() ->
+    ServerName = {local, ?SERVER},
+    Module     = ?MODULE,
+    Args       = [],
+    Options    = [{spawn_opt, diameter_lib:spawn_opts(server, [])}],
+    gen_server:start_link(ServerName, Module, Args, Options).
+
+state() ->
+    call(state).
+
+uptime() ->
+    call(uptime).
+
+%%% ----------------------------------------------------------
+%%% # init/1
+%%% ----------------------------------------------------------
+
+init([]) ->
+    {ok, #state{}}.
+
+%%% ----------------------------------------------------------
+%%% # handle_call/2
+%%% ----------------------------------------------------------
+
+handle_call(state, _, State) ->
+    {reply, State, State};
+
+handle_call(uptime, _, #state{id = Time} = State) ->
+    {reply, diameter_lib:now_diff(Time), State};
+
+handle_call(Req, From, State) ->
+    ?UNEXPECTED([Req, From]),
+    Reply = {error, {bad_request, Req}},
+    {reply, Reply, State}.
+
+%%% ----------------------------------------------------------
+%%% # handle_cast/2
+%%% ----------------------------------------------------------
+
+handle_cast(Msg, State) ->
+    ?UNEXPECTED([Msg]),
+    {noreply, State}.
+
+%%% ----------------------------------------------------------
+%%% # handle_info/2
+%%% ----------------------------------------------------------
+
+%% A service process has died. This is most likely a consequence of
+%% stop_service, in which case the restart will find no config for the
+%% service and do nothing. The entry keyed on the monitor ref is only
+%% removed as a result of the 'DOWN' notification however.
+handle_info({'DOWN', MRef, process, _, Reason}, State) ->
+    [#monitor{service = SvcName} = T] = select([{#monitor{mref = MRef,
+                                                          _ = '_'},
+                                                 [],
+                                                 ['$_']}]),
+    queue_restart(Reason, SvcName),
+    delete_object(T),
+    {noreply, State};
+
+handle_info({monitor, SvcName, Pid}, State) ->
+    monitor(Pid, SvcName),
+    {noreply, State};
+
+handle_info({restart, SvcName}, State) ->
+    restart(SvcName),
+    {noreply, State};
+
+handle_info(restart, State) ->
+    restart(),
+    {noreply, State};
+
+handle_info(Info, State) ->
+    ?UNEXPECTED([Info]),
+    {noreply, State}.
+
+%%--------------------------------------------------------------------
+%% # terminate/2
+%%--------------------------------------------------------------------
+
+terminate(_Reason, _State) ->
+    ok.
+
+%%% ----------------------------------------------------------
+%%% # code_change/3
+%%% ----------------------------------------------------------
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%% ---------------------------------------------------------
+%% INTERNAL FUNCTIONS
+%% ---------------------------------------------------------
+
+insert(T) ->
+    ets:insert(?TABLE, T).
+
+%% ?TABLE is a bag: check only for a service entry.
+have_service(SvcName) ->
+    member([{#service{name = '$1', _ = '_'},
+             [{'=:=', '$1', {const, SvcName}}],
+             [true]}]).
+
+member(MatchSpec) ->
+    '$end_of_table' =/= ets:select(?TABLE, MatchSpec, 1).
+
+delete_object(T) ->
+    ets:delete_object(?TABLE, T).
+
+delete(Key) ->
+    ets:delete(?TABLE, Key).
+
+select(MatchSpec) ->
+    ets:select(?TABLE, MatchSpec).
+
+select_delete(MatchSpec) ->
+    ets:select_delete(?TABLE, MatchSpec).
+
+%% sync/2
+%%
+%% Interface functions used to be implemented as calls to ?SERVER but
+%% now serialize things per service instead since stopping a service
+%% can take time if the server doesn't answer DPR. A caller who wants
+%% to stop multiple services can then improve performance by spawning
+%% processes to stop them concurrently.
+
+sync(SvcName, T) ->
+    diameter_sync:call({?MODULE, SvcName},
+		       {?MODULE, sync, [T]},
+		       infinity,
+		       infinity).
+
+%% sync/1
+
+sync({restart, SvcName}) ->
+    have_service(SvcName) andalso start(SvcName);
+
+sync({start_service, SvcName, Opts}) ->
+    try
+        start(have_service(SvcName), SvcName, Opts)
+    catch
+        ?FAILURE(Reason) -> {error, Reason}
+    end;
+
+sync({stop_service, SvcName}) ->
+    stop(SvcName);
+
+sync({add, SvcName, Type, Opts}) ->
+    try
+        add(SvcName, Type, Opts)
+    catch
+        ?FAILURE(Reason) -> {error, Reason}
+    end;
+
+sync({remove, SvcName, Pred}) ->
+    remove(select([{#transport{service = '$1', _ = '_'},
+                    [{'=:=', '$1', {const, SvcName}}],
+                    ['$_']}]),
+           SvcName,
+           Pred).
+
+%% start/3
+
+start(true, _, _) ->
+    {error, already_started};
+start(false, SvcName, Opts) ->
+    insert(make_config(SvcName, Opts)),
+    start(SvcName).
+
+%% start/1
+
+start(SvcName) ->
+    RC = diameter_service:start(SvcName),
+    startmon(SvcName, RC),
+    RC.
+
+startmon(SvcName, {ok, Pid}) ->
+    ?SERVER ! {monitor, SvcName, Pid};
+startmon(_, {error, _}) ->
+    ok.
+
+monitor(Pid, SvcName) ->
+    MRef = erlang:monitor(process, Pid),
+    insert(#monitor{mref = MRef, service = SvcName}).
+
+%% queue_restart/2
+
+%% Service has gone down on monitor death. Note that all service-related
+%% config is deleted.
+queue_restart({shutdown, {monitor, _}}, SvcName) ->
+    delete(SvcName);
+
+%% Application shutdown: ignore.
+queue_restart(shutdown, _) ->
+    ok;
+
+%% Or not.
+queue_restart(_, SvcName) ->
+    erlang:send_after(?RESTART_SLEEP, self(), {restart, SvcName}).
+
+%% restart/1
+
+restart(SvcName) ->
+    sync(SvcName, {restart, SvcName}).
+
+%% restart/0
+%%
+%% Start anything configured as required. Bang 'restart' to the server
+%% to kick things into gear manually. (Not that it should be required
+%% but it's been useful for test.)
+
+restart() ->
+    MatchSpec = [{#service{name = '$1', _ = '_'},
+                  [],
+                  ['$1']}],
+    lists:foreach(fun restart/1, select(MatchSpec)).
+
+%% stop/1
+
+stop(SvcName) ->
+    %% If the call to the service returns error for any reason other
+    %% than the process not being alive then deleting the config from
+    %% under it will surely bring it down.
+    diameter_service:stop(SvcName),
+    %% Delete only the service entry, not everything keyed on the name,
+    select_delete([{#service{name = '$1', _ = '_'},
+                    [{'=:=', '$1', {const, SvcName}}],
+                    [true]}]),
+    ok.
+%% Note that a transport has to be removed for its statistics to be
+%% deleted.
+
+%% add/3
+
+add(SvcName, Type, Opts) ->
+    %% Ensure usable capabilities. diameter_service:merge_service/2
+    %% depends on this.
+    lists:foreach(fun(Os) ->
+                          is_list(Os) orelse ?THROW({capabilities, Os}),
+                          ok = encode_CER(Os)
+                  end,
+                  [Os || {capabilities, Os} <- Opts, is_list(Os)]),
+
+    Ref = make_ref(),
+    T = {Ref, Type, Opts},
+    %% The call to the service returns error if the service isn't
+    %% started yet, which is harmless. The transport will be started
+    %% when the service is in that case.
+    case start_transport(SvcName, T) of
+        ok ->
+            insert(#transport{service = SvcName,
+                              ref = Ref,
+                              type = Type,
+                              options = Opts}),
+            {ok, Ref};
+        {error, _} = No ->
+            No
+    end.
+
+start_transport(SvcName, T) ->
+    case diameter_service:start_transport(SvcName, T) of
+        {ok, _Pid} ->
+            ok;
+        {error, no_service} ->
+            ok;
+        {error, _} = No ->
+            No
+    end.
+
+%% remove/3
+
+remove(L, SvcName, Pred) ->
+    rm(SvcName, lists:filter(fun(#transport{ref = R, type = T, options = O}) ->
+                                     Pred(R,T,O)
+                             end,
+                             L)).
+
+rm(_, []) ->
+    ok;
+rm(SvcName, L) ->
+    Refs = lists:map(fun(#transport{ref = R}) -> R end, L),
+    case stop_transport(SvcName, Refs) of
+        ok ->
+            lists:foreach(fun delete_object/1, L);
+        {error, _} = No ->
+            No
+    end.
+
+stop_transport(SvcName, Refs) ->
+    case diameter_service:stop_transport(SvcName, Refs) of
+        ok ->
+            ok;
+        {error, no_service} ->
+            ok;
+        {error, _} = No ->
+            No
+    end.
+
+%% make_config/2
+
+make_config(SvcName, Opts) ->
+    Apps = init_apps(Opts),
+    [] == Apps andalso ?THROW(no_apps),
+
+    %% Use the fact that diameter_caps has the same field names as CER.
+    Fields = diameter_gen_base_rfc3588:'#info-'(diameter_base_CER) -- ['AVP'],
+
+    COpts = [T || {K,_} = T <- Opts, lists:member(K, Fields)],
+    Caps = make_caps(#diameter_caps{}, COpts),
+
+    ok = encode_CER(COpts),
+
+    Os = split(Opts, [{[fun erlang:is_boolean/1], false, share_peers},
+                      {[fun erlang:is_boolean/1], false, use_shared_peers},
+                      {[fun erlang:is_pid/1, false], false, monitor}]),
+    %% share_peers and use_shared_peers are currently undocumented.
+
+    #service{name = SvcName,
+             rec = #diameter_service{applications = Apps,
+                                     capabilities = Caps},
+             options = Os}.
+
+make_caps(Caps, Opts) ->
+    case diameter_capx:make_caps(Caps, Opts) of
+        {ok, T} ->
+            T;
+        {error, {Reason, _}} ->
+            ?THROW(Reason)
+    end.
+
+%% Validate types by encoding a CER.
+encode_CER(Opts) ->
+    {ok, CER} = diameter_capx:build_CER(make_caps(?EXAMPLE_CAPS, Opts)),
+
+    Hdr = #diameter_header{version = ?DIAMETER_VERSION,
+                           end_to_end_id = 0,
+                           hop_by_hop_id = 0},
+
+    try
+        diameter_codec:encode(?BASE, #diameter_packet{header = Hdr,
+                                                      msg = CER}),
+        ok
+    catch
+        exit: Reason ->
+            ?THROW(Reason)
+    end.
+
+init_apps(Opts) ->
+    lists:foldl(fun app_acc/2, [], lists:reverse(Opts)).
+
+app_acc({application, Opts}, Acc) ->
+    is_list(Opts) orelse ?THROW({application, Opts}),
+
+    [Dict, Mod] = get_opt([dictionary, module], Opts),
+    Alias = get_opt(alias, Opts, Dict),
+    ModS  = get_opt(state, Opts, Alias),
+    M = get_opt(call_mutates_state, Opts, false),
+    A = get_opt(answer_errors, Opts, report),
+    [#diameter_app{alias = Alias,
+                   dictionary = Dict,
+                   id = cb(Dict, id),
+                   module = init_mod(Mod),
+                   init_state = ModS,
+                   mutable = init_mutable(M),
+                   answer_errors = init_answers(A)}
+     | Acc];
+app_acc(_, Acc) ->
+    Acc.
+
+init_mod(#diameter_callback{} = R) ->
+    init_mod([diameter_callback, R]);
+init_mod([diameter_callback, #diameter_callback{}] = L) ->
+    L;
+init_mod([diameter_callback = M | L])
+  when is_list(L) ->
+    [M, init_cb(L)];
+init_mod(M)
+  when is_atom(M) ->
+    [M];
+init_mod([M|_] = L)
+  when is_atom(M) ->
+    L;
+init_mod(M) ->
+    ?THROW({module, M}).
+
+init_cb(List) ->
+    Fields = record_info(fields, diameter_callback),
+    Defaults = lists:zip(Fields, tl(tuple_to_list(#diameter_callback{}))),
+    Values = [V || F <- Fields,
+                   D <- [proplists:get_value(F, Defaults)],
+                   V <- [proplists:get_value(F, List, D)]],
+    #diameter_callback{} = list_to_tuple([diameter_callback | Values]).
+
+init_mutable(M)
+  when M == true;
+       M == false ->
+    M;
+init_mutable(M) ->
+    ?THROW({call_mutates_state, M}).
+
+init_answers(A)
+  when callback == A;
+       report == A;
+       discard == A ->
+    A;
+init_answers(A) ->
+    ?THROW({answer_errors, A}).
+
+%% Get a single value at the specified key.
+get_opt(Keys, List)
+  when is_list(Keys) ->
+    [get_opt(K, List) || K <- Keys];
+get_opt(Key, List) ->
+    case [V || {K,V} <- List, K == Key] of
+        [V] -> V;
+        _   -> ?THROW({arity, Key})
+    end.
+
+%% Get an optional value at the specified key.
+get_opt(Key, List, Def) ->
+    case [V || {K,V} <- List, K == Key] of
+        []  -> Def;
+        [V] -> V;
+        _   -> ?THROW({arity, Key})
+    end.
+
+split(Opts, Defs) ->
+    [{K, value(D, Opts)} || {_,_,K} = D <- Defs].
+
+value({Preds, Def, Key}, Opts) ->
+    V = get_opt(Key, Opts, Def),
+    lists:any(fun(P) -> pred(P,V) end, Preds)
+        orelse ?THROW({value, Key}),
+    V.
+
+pred(F, V)
+  when is_function(F) ->
+    F(V);
+pred(T, V) ->
+    T == V.
+
+cb(M,F) ->
+    try M:F() of
+        V -> V
+    catch
+        E: Reason ->
+            ?THROW({callback, E, Reason, ?STACK})
+    end.
+
+%% call/1
+
+call(Request) ->
+    gen_server:call(?SERVER, Request, infinity).
diff --git a/lib/diameter/src/app/diameter_dbg.erl b/lib/diameter/src/base/diameter_dbg.erl
index 5b0ac3a3b6..5b0ac3a3b6 100644
--- a/lib/diameter/src/app/diameter_dbg.erl
+++ b/lib/diameter/src/base/diameter_dbg.erl
diff --git a/lib/diameter/src/app/diameter_dict.erl b/lib/diameter/src/base/diameter_dict.erl
index 3b9ba00a3f..3b9ba00a3f 100644
--- a/lib/diameter/src/app/diameter_dict.erl
+++ b/lib/diameter/src/base/diameter_dict.erl
diff --git a/lib/diameter/src/app/diameter_info.erl b/lib/diameter/src/base/diameter_info.erl
index 39d32d07cd..39d32d07cd 100644
--- a/lib/diameter/src/app/diameter_info.erl
+++ b/lib/diameter/src/base/diameter_info.erl
diff --git a/lib/diameter/src/app/diameter_internal.hrl b/lib/diameter/src/base/diameter_internal.hrl
index 63b35550a8..63b35550a8 100644
--- a/lib/diameter/src/app/diameter_internal.hrl
+++ b/lib/diameter/src/base/diameter_internal.hrl
diff --git a/lib/diameter/src/app/diameter_lib.erl b/lib/diameter/src/base/diameter_lib.erl
index 362d593b24..362d593b24 100644
--- a/lib/diameter/src/app/diameter_lib.erl
+++ b/lib/diameter/src/base/diameter_lib.erl
diff --git a/lib/diameter/src/app/diameter_misc_sup.erl b/lib/diameter/src/base/diameter_misc_sup.erl
index 4e40476f14..4e40476f14 100644
--- a/lib/diameter/src/app/diameter_misc_sup.erl
+++ b/lib/diameter/src/base/diameter_misc_sup.erl
diff --git a/lib/diameter/src/app/diameter_peer.erl b/lib/diameter/src/base/diameter_peer.erl
index 3e78c4caef..3e78c4caef 100644
--- a/lib/diameter/src/app/diameter_peer.erl
+++ b/lib/diameter/src/base/diameter_peer.erl
diff --git a/lib/diameter/src/base/diameter_peer_fsm.erl b/lib/diameter/src/base/diameter_peer_fsm.erl
new file mode 100644
index 0000000000..99644814d2
--- /dev/null
+++ b/lib/diameter/src/base/diameter_peer_fsm.erl
@@ -0,0 +1,881 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% This module implements (as a process) the RFC 3588 Peer State
+%% Machine modulo the necessity of adapting the peer election to the
+%% fact that we don't know the identity of a peer until we've
+%% received a CER/CEA from it.
+%%
+
+-module(diameter_peer_fsm).
+-behaviour(gen_server).
+
+%% Interface towards diameter_watchdog.
+-export([start/3]).
+
+%% gen_server callbacks
+-export([init/1,
+         handle_call/3,
+         handle_cast/2,
+         handle_info/2,
+         terminate/2,
+         code_change/3]).
+
+%% diameter_peer_fsm_sup callback
+-export([start_link/1]).
+
+%% internal callbacks
+-export([match/1]).
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_internal.hrl").
+-include("diameter_gen_base_rfc3588.hrl").
+
+-define(GOAWAY, ?'DIAMETER_BASE_DISCONNECT-CAUSE_DO_NOT_WANT_TO_TALK_TO_YOU').
+-define(REBOOT, ?'DIAMETER_BASE_DISCONNECT-CAUSE_REBOOTING').
+
+-define(NO_INBAND_SECURITY, 0).
+-define(TLS, 1).
+
+%% A 2xxx series Result-Code. Not necessarily 2001.
+-define(IS_SUCCESS(N), 2 == (N) div 1000).
+
+%% RFC 3588:
+%%
+%%   Timeout        An application-defined timer has expired while waiting
+%%                  for some event.
+%%
+-define(EVENT_TIMEOUT, 10000).
+
+%% How long to wait for a DPA in response to DPR before simply
+%% aborting. Used to distinguish between shutdown and not but there's
+%% not really any need. Stopping a service will require a timeout if
+%% the peer doesn't answer DPR so the value should be short-ish.
+-define(DPA_TIMEOUT, 1000).
+
+-record(state,
+        {state = 'Wait-Conn-Ack'   %% state of RFC 3588 Peer State Machine
+              :: 'Wait-Conn-Ack' | recv_CER | 'Wait-CEA' | 'Open',
+         mode :: accept | connect | {connect, reference()},
+         parent       :: pid(),
+         transport    :: pid(),
+         service      :: #diameter_service{},
+         dpr = false  :: false | {diameter:'Unsigned32'(),
+                                  diameter:'Unsigned32'()}}).
+                            %% | hop by hop and end to end identifiers
+
+%% There are non-3588 states possible as a consequence of 5.6.1 of the
+%% standard and the corresponding problem for incoming CEA's: we don't
+%% know who we're talking to until either a CER or CEA has been
+%% received. The CEA problem in particular makes it impossible to
+%% follow the state machine exactly as documented in 3588: there can
+%% be no election until the CEA arrives and we have an Origin-Host to
+%% elect.
+
+%%
+%% Once upon a time start/2 started a process akin to that started by
+%% start/3 below, which in turn started a watchdog/transport process
+%% with the result that the watchdog could send DWR/DWA regardless of
+%% whether or not the corresponding Peer State Machine was in its open
+%% state; that is, before capabilities exchange had taken place. This
+%% is not what RFC's 3588 and 3539 say (albeit not very clearly).
+%% Watchdog messages are only exchanged on *open* connections, so the
+%% 3539 state machine is more naturally placed on top of the 3588 Peer
+%% State Machine rather than closer to the transport. This is what we
+%% now do below: connect/accept call diameter_watchdog and return the
+%% pid of the watchdog process, and the watchdog in turn calls start/3
+%% below to start the process implementing the Peer State Machine. The
+%% former is a "peer" in diameter_service while the latter is a
+%% "conn". In a sense, diameter_service sees the watchdog as
+%% implementing the Peer State Machine and the process implemented
+%% here as being the transport, not being aware of the watchdog at
+%% all.
+%%
+
+%%% ---------------------------------------------------------------------------
+%%% # start({connect|accept, Ref}, Opts, Service)
+%%%
+%%% Output: Pid
+%%% ---------------------------------------------------------------------------
+
+%% diameter_config requires a non-empty list of applications on the
+%% service but diameter_service then constrains the list to any
+%% specified on the transport in question. Check here that the list is
+%% still non-empty.
+
+start({_, Ref} = Type, Opts, #diameter_service{applications = Apps} = Svc) ->
+    [] /= Apps orelse ?ERROR({no_apps, Type, Opts}),
+    T = {self(), Type, Opts, Svc},
+    {ok, Pid} = diameter_peer_fsm_sup:start_child(T),
+    diameter_stats:reg(Pid, Ref),
+    Pid.
+
+start_link(T) ->
+    {ok, _} = proc_lib:start_link(?MODULE,
+                                  init,
+                                  [T],
+                                  infinity,
+                                  diameter_lib:spawn_opts(server, [])).
+
+%%% ---------------------------------------------------------------------------
+%%% ---------------------------------------------------------------------------
+
+%% init/1
+
+init(T) ->
+    proc_lib:init_ack({ok, self()}),
+    gen_server:enter_loop(?MODULE, [], i(T)).
+
+i({WPid, T, Opts, #diameter_service{capabilities = Caps} = Svc0}) ->
+    putr(dwa, dwa(Caps)),
+    {M, Ref} = T,
+    {[Ts], Rest} = proplists:split(Opts, [capabilities_cb]),
+    putr(capabilities_cb, {Ref, [F || {_,F} <- Ts]}),
+    {ok, TPid, Svc} = start_transport(T, Rest, Svc0),
+    erlang:monitor(process, TPid),
+    erlang:monitor(process, WPid),
+    #state{parent = WPid,
+           transport = TPid,
+           mode = M,
+           service = Svc}.
+%% The transport returns its local ip addresses so that different
+%% transports on the same service can use different local addresses.
+%% The local addresses are put into Host-IP-Address avps here when
+%% sending capabilities exchange messages.
+%%
+%% Invalid transport config may cause us to crash but note that the
+%% watchdog start (start/2) succeeds regardless so as not to crash the
+%% service.
+
+start_transport(T, Opts, Svc) ->
+    case diameter_peer:start(T, Opts, Svc) of
+        {ok, TPid} ->
+            {ok, TPid, Svc};
+        {ok, TPid, [_|_] = Addrs} ->
+            #diameter_service{capabilities = Caps0} = Svc,
+            Caps = Caps0#diameter_caps{host_ip_address = Addrs},
+            {ok, TPid, Svc#diameter_service{capabilities = Caps}};
+        No ->
+            exit({shutdown, No})
+    end.
+
+%% handle_call/3
+
+handle_call(_, _, State) ->
+    {reply, nok, State}.
+
+%% handle_cast/2
+
+handle_cast(_, State) ->
+    {noreply, State}.
+
+%% handle_info/1
+
+handle_info(T, #state{} = State) ->
+    try transition(T, State) of
+        ok ->
+            {noreply, State};
+        #state{state = X} = S ->
+            ?LOGC(X =/= State#state.state, transition, X),
+            {noreply, S};
+        {stop, Reason} ->
+            ?LOG(stop, Reason),
+            x(Reason, State);
+        stop ->
+            ?LOG(stop, T),
+            x(T, State)
+    catch
+        {?MODULE, Tag, Reason}  ->
+            ?LOG(Tag, {Reason, T}),
+            {stop, {shutdown, Reason}, State}
+    end.
+%% The form of the exception caught here is historical. It's
+%% significant that it's not a 2-tuple, as in ?FAILURE(Reason),
+%% since these are caught elsewhere.
+
+x(Reason, #state{} = S) ->
+    close_wd(Reason, S),
+    {stop, {shutdown, Reason}, S}.
+
+%% terminate/2
+
+terminate(_, _) ->
+    ok.
+
+%% code_change/3
+
+code_change(_, State, _) ->
+    {ok, State}.
+
+%%% ---------------------------------------------------------------------------
+%%% ---------------------------------------------------------------------------
+
+putr(Key, Val) ->
+    put({?MODULE, Key}, Val).
+
+getr(Key) ->
+    get({?MODULE, Key}).
+
+eraser(Key) ->
+    erase({?MODULE, Key}).
+
+%% transition/2
+
+%% Connection to peer.
+transition({diameter, {TPid, connected, Remote}},
+           #state{state = PS,
+                  mode = M}
+           = S) ->
+    'Wait-Conn-Ack' = PS,  %% assert
+    connect = M,           %%
+    send_CER(S#state{mode = {M, Remote},
+                     transport = TPid});
+
+%% Connection from peer.
+transition({diameter, {TPid, connected}},
+           #state{state = PS,
+                  mode = M,
+                  parent = Pid}
+           = S) ->
+    'Wait-Conn-Ack' = PS,  %% assert
+    accept = M,            %%
+    Pid ! {accepted, self()},
+    start_timer(S#state{state = recv_CER,
+                        transport = TPid});
+
+%% Incoming message from the transport.
+transition({diameter, {recv, Pkt}}, S) ->
+    recv(Pkt, S);
+
+%% Timeout when still in the same state ...
+transition({timeout, PS}, #state{state = PS}) ->
+    stop;
+
+%% ... or not.
+transition({timeout, _}, _) ->
+    ok;
+
+%% Outgoing message.
+transition({send, Msg}, #state{transport = TPid}) ->
+    send(TPid, Msg),
+    ok;
+
+%% Request for graceful shutdown.
+transition({shutdown, Pid}, #state{parent = Pid, dpr = false} = S) ->
+    dpr(?GOAWAY, S);
+transition({shutdown, Pid}, #state{parent = Pid}) ->
+    ok;
+
+%% Application shutdown.
+transition(shutdown, #state{dpr = false} = S) ->
+    dpr(?REBOOT, S);
+transition(shutdown, _) ->  %% DPR already send: ensure expected timeout
+    dpa_timer(),
+    ok;
+
+%% Request to close the transport connection.
+transition({close = T, Pid}, #state{parent = Pid,
+                                    transport = TPid}) ->
+    diameter_peer:close(TPid),
+    {stop, T};
+
+%% DPA reception has timed out.
+transition(dpa_timeout, _) ->
+    stop;
+
+%% Someone wants to know a resolved port: forward to the transport process.
+transition({resolve_port, _Pid} = T, #state{transport = TPid}) ->
+    TPid ! T,
+    ok;
+
+%% Parent or transport has died.
+transition({'DOWN', _, process, P, _},
+           #state{parent = Pid,
+                  transport = TPid})
+  when P == Pid;
+       P == TPid ->
+    stop;
+
+%% State query.
+transition({state, Pid}, #state{state = S, transport = TPid}) ->
+    Pid ! {self(), [S, TPid]},
+    ok.
+
+%% Crash on anything unexpected.
+
+%% send_CER/1
+
+send_CER(#state{mode = {connect, Remote},
+                service = #diameter_service{capabilities = Caps},
+                transport = TPid}
+         = S) ->
+    OH = Caps#diameter_caps.origin_host,
+    req_send_CER(OH, Remote)
+        orelse
+        close({already_connected, Remote, Caps}, S),
+    CER = build_CER(S),
+    ?LOG(send, 'CER'),
+    send(TPid, encode(CER)),
+    start_timer(S#state{state = 'Wait-CEA'}).
+
+%% Register ourselves as connecting to the remote endpoint in
+%% question. This isn't strictly necessary since a peer implementing
+%% the 3588 Peer State Machine should reject duplicate connection's
+%% from the same peer but there's little point in us setting up a
+%% duplicate connection in the first place. This could also include
+%% the transport protocol being used but since we're blind to
+%% transport just avoid duplicate connections to the same host/port.
+req_send_CER(OriginHost, Remote) ->
+    register_everywhere({?MODULE, connection, OriginHost, {remote, Remote}}).
+
+%% start_timer/1
+
+start_timer(#state{state = PS} = S) ->
+    erlang:send_after(?EVENT_TIMEOUT, self(), {timeout, PS}),
+    S.
+
+%% build_CER/1
+
+build_CER(#state{service = #diameter_service{capabilities = Caps}}) ->
+    {ok, CER} = diameter_capx:build_CER(Caps),
+    CER.
+
+%% encode/1
+
+encode(Rec) ->
+    #diameter_packet{bin = Bin} = diameter_codec:encode(?BASE, Rec),
+    Bin.
+
+%% recv/2
+
+%% RFC 3588 has result code 5015 for an invalid length but if a
+%% transport is detecting message boundaries using the length header
+%% then a length error will likely lead to further errors.
+
+recv(#diameter_packet{header = #diameter_header{length = Len}
+                             = Hdr,
+                      bin = Bin},
+     S)
+  when Len < 20;
+       (0 /= Len rem 4 orelse bit_size(Bin) /= 8*Len) ->
+    discard(invalid_message_length, recv, [size(Bin),
+                                           bit_size(Bin) rem 8,
+                                           Hdr,
+                                           S]);
+
+recv(#diameter_packet{header = #diameter_header{} = Hdr}
+     = Pkt,
+     #state{parent = Pid}
+     = S) ->
+    Name = diameter_codec:msg_name(Hdr),
+    Pid ! {recv, self(), Name, Pkt},
+    diameter_stats:incr({msg_id(Name, Hdr), recv}), %% count received
+    rcv(Name, Pkt, S);
+
+recv(#diameter_packet{header = undefined,
+                      bin = Bin}
+     = Pkt,
+     S) ->
+    recv(Pkt#diameter_packet{header = diameter_codec:decode_header(Bin)}, S);
+
+recv(Bin, S)
+  when is_binary(Bin) ->
+    recv(#diameter_packet{bin = Bin}, S);
+
+recv(#diameter_packet{header = false} = Pkt, S) ->
+    discard(truncated_header, recv, [Pkt, S]).
+
+msg_id({_,_,_} = T, _) ->
+    T;
+msg_id(_, Hdr) ->
+    diameter_codec:msg_id(Hdr).
+
+%% Treat invalid length as a transport error and die. Especially in
+%% the TCP case, in which there's no telling where the next message
+%% begins in the incoming byte stream, keeping a crippled connection
+%% alive may just make things worse.
+
+discard(Reason, F, A) ->
+    diameter_stats:incr(Reason),
+    diameter_lib:warning_report(Reason, {?MODULE, F, A}),
+    throw({?MODULE, abort, Reason}).
+
+%% rcv/3
+
+%% Incoming CEA.
+rcv('CEA', Pkt, #state{state = 'Wait-CEA'} = S) ->
+    handle_CEA(Pkt, S);
+
+%% Incoming CER
+rcv('CER' = N, Pkt, #state{state = recv_CER} = S) ->
+    handle_request(N, Pkt, S);
+
+%% Anything but CER/CEA in a non-Open state is an error, as is
+%% CER/CEA in anything but recv_CER/Wait-CEA.
+rcv(Name, _, #state{state = PS})
+  when PS /= 'Open';
+       Name == 'CER';
+       Name == 'CEA' ->
+    {stop, {Name, PS}};
+
+rcv(N, Pkt, S)
+  when N == 'DWR';
+       N == 'DPR' ->
+    handle_request(N, Pkt, S);
+
+%% DPA even though we haven't sent DPR: ignore.
+rcv('DPA', _Pkt, #state{dpr = false}) ->
+    ok;
+
+%% DPA in response to DPR. We could check the sequence numbers but
+%% don't bother, just close.
+rcv('DPA' = N, _Pkt, #state{transport = TPid}) ->
+    diameter_peer:close(TPid),
+    {stop, N};
+
+rcv(_, _, _) ->
+    ok.
+
+%% send/2
+
+%% Msg here could be a #diameter_packet or a binary depending on who's
+%% sending. In particular, the watchdog will send DWR as a binary
+%% while messages coming from clients will be in a #diameter_packet.
+send(Pid, Msg) ->
+    diameter_stats:incr({diameter_codec:msg_id(Msg), send}),
+    diameter_peer:send(Pid, Msg).
+
+%% handle_request/3
+
+handle_request(Type, #diameter_packet{} = Pkt, S) ->
+    ?LOG(recv, Type),
+    send_answer(Type, diameter_codec:decode(?BASE, Pkt), S).
+
+%% send_answer/3
+
+send_answer(Type, ReqPkt, #state{transport = TPid} = S) ->
+    #diameter_packet{header = H,
+                     transport_data = TD}
+        = ReqPkt,
+
+    {Msg, PostF} = build_answer(Type, ReqPkt, S),
+
+    %% An answer message clears the R and T flags and retains the P
+    %% flag. The E flag is set at encode.
+    Pkt = #diameter_packet{header
+                           = H#diameter_header{version = ?DIAMETER_VERSION,
+                                               is_request = false,
+                                               is_error = undefined,
+                                               is_retransmitted = false},
+                           msg = Msg,
+                           transport_data = TD},
+
+    send(TPid, diameter_codec:encode(?BASE, Pkt)),
+    eval(PostF, S).
+
+eval([F|A], S) ->
+    apply(F, A ++ [S]);
+eval(ok, S) ->
+    S.
+
+%% build_answer/3
+
+build_answer('CER',
+             #diameter_packet{msg = CER,
+                              header = #diameter_header{version
+                                                        = ?DIAMETER_VERSION,
+                                                        is_error = false},
+                              errors = []}
+             = Pkt,
+             S) ->
+    {SupportedApps, RCaps, #diameter_base_CEA{'Result-Code' = RC,
+                                              'Inband-Security-Id' = IS}
+                           = CEA}
+        = recv_CER(CER, S),
+
+    #diameter_caps{origin_host = {OH, DH}}
+        = Caps
+        = capz(caps(S), RCaps),
+
+    try
+        2001 == RC  %% DIAMETER_SUCCESS
+            orelse ?THROW(RC),
+        register_everywhere({?MODULE, connection, OH, DH})
+            orelse ?THROW(4003),  %% DIAMETER_ELECTION_LOST
+        caps_cb(Caps)
+    of
+        N -> {cea(CEA, N), [fun open/5, Pkt,
+                                        SupportedApps,
+                                        Caps,
+                                        {accept, hd([_] = IS)}]}
+    catch
+        ?FAILURE(Reason) ->
+            rejected(Reason, {'CER', Reason, Caps, Pkt}, S)
+    end;
+
+%% The error checks below are similar to those in diameter_service for
+%% other messages. Should factor out the commonality.
+
+build_answer(Type,
+             #diameter_packet{header = H,
+                              errors = Es}
+             = Pkt,
+             S) ->
+    RC = rc(H, Es),
+    {answer(Type, RC, Es, S), post(Type, RC, Pkt, S)}.
+
+cea(CEA, ok) ->
+    CEA;
+cea(CEA, 2001) ->
+    CEA;
+cea(CEA, RC) ->
+    CEA#diameter_base_CEA{'Result-Code' = RC}.
+
+post('CER' = T, RC, Pkt, S) ->
+    [fun close/2, {T, caps(S), {RC, Pkt}}];
+post(_, _, _, _) ->
+    ok.
+
+rejected({capabilities_cb, _F, Reason}, T, S) ->
+    rejected(Reason, T, S);
+
+rejected(discard, T, S) ->
+    close(T, S);
+rejected({N, Es}, T, S) ->
+    {answer('CER', N, Es, S), [fun close/2, T]};
+rejected(N, T, S) ->
+    rejected({N, []}, T, S).
+
+answer(Type, RC, Es, S) ->
+    set(answer(Type, RC, S), failed_avp([A || {_,A} <- Es])).
+
+answer(Type, RC, S) ->
+    answer_message(answer(Type, S), RC).
+
+%% answer_message/2
+
+answer_message([_ | Avps], RC)
+  when 3000 =< RC, RC < 4000 ->
+    ['answer-message', {'Result-Code', RC}
+                     | lists:filter(fun is_origin/1, Avps)];
+
+answer_message(Msg, RC) ->
+    Msg ++ [{'Result-Code', RC}].
+
+is_origin({N, _}) ->
+    N == 'Origin-Host'
+        orelse N == 'Origin-Realm'
+        orelse N == 'Origin-State-Id'.
+
+%% failed_avp/1
+    
+failed_avp([] = No) ->
+    No;
+failed_avp(Avps) ->
+    [{'Failed-AVP', [[{'AVP', Avps}]]}].
+
+%% set/2
+
+set(Ans, []) ->
+    Ans;
+set(['answer-message' | _] = Ans, FailedAvp) ->
+    Ans ++ [{'AVP', [FailedAvp]}];
+set([_|_] = Ans, FailedAvp) ->
+    Ans ++ FailedAvp.
+
+%% rc/2
+
+rc(#diameter_header{is_error = true}, _) ->
+    3008;  %% DIAMETER_INVALID_HDR_BITS
+
+rc(_, [Bs|_])
+  when is_bitstring(Bs) ->
+    3009;  %% DIAMETER_INVALID_HDR_BITS
+
+rc(#diameter_header{version = ?DIAMETER_VERSION}, Es) ->
+    rc(Es);
+
+rc(_, _) ->
+    5011.  %% DIAMETER_UNSUPPORTED_VERSION
+
+%% rc/1
+
+rc([]) ->
+    2001;  %% DIAMETER_SUCCESS
+rc([{RC,_}|_]) ->
+    RC;
+rc([RC|_]) ->
+    RC.
+
+%%   DIAMETER_INVALID_HDR_BITS          3008
+%%      A request was received whose bits in the Diameter header were
+%%      either set to an invalid combination, or to a value that is
+%%      inconsistent with the command code's definition.
+
+%%   DIAMETER_INVALID_AVP_BITS          3009
+%%      A request was received that included an AVP whose flag bits are
+%%      set to an unrecognized value, or that is inconsistent with the
+%%      AVP's definition.
+
+%%   ELECTION_LOST                      4003
+%%      The peer has determined that it has lost the election process and
+%%      has therefore disconnected the transport connection.
+
+%%   DIAMETER_NO_COMMON_APPLICATION     5010
+%%      This error is returned when a CER message is received, and there
+%%      are no common applications supported between the peers.
+
+%%   DIAMETER_UNSUPPORTED_VERSION       5011
+%%      This error is returned when a request was received, whose version
+%%      number is unsupported.
+
+%% answer/2
+
+answer('DWR', _) ->
+    getr(dwa);
+
+answer(Name, #state{service = #diameter_service{capabilities = Caps}}) ->
+    a(Name, Caps).
+
+a('CER', #diameter_caps{vendor_id = Vid,
+                        origin_host = Host,
+                        origin_realm = Realm,
+                        host_ip_address = Addrs,
+                        product_name = Name,
+                        origin_state_id = OSI}) ->
+    ['CEA', {'Origin-Host', Host},
+            {'Origin-Realm', Realm},
+            {'Host-IP-Address', Addrs},
+            {'Vendor-Id', Vid},
+            {'Product-Name', Name},
+            {'Origin-State-Id', OSI}];
+
+a('DPR', #diameter_caps{origin_host = Host,
+                        origin_realm = Realm}) ->
+    ['DPA', {'Origin-Host', Host},
+            {'Origin-Realm', Realm}].
+
+%% recv_CER/2
+
+recv_CER(CER, #state{service = Svc}) ->
+    {ok, T} = diameter_capx:recv_CER(CER, Svc),
+    T.
+
+%% handle_CEA/1
+
+handle_CEA(#diameter_packet{bin = Bin}
+           = Pkt,
+           #state{service = #diameter_service{capabilities = LCaps}}
+           = S)
+  when is_binary(Bin) ->
+    ?LOG(recv, 'CEA'),
+
+    #diameter_packet{msg = CEA}
+        = DPkt
+        = diameter_codec:decode(?BASE, Pkt),
+
+    {SApps, IS, RCaps} = recv_CEA(DPkt, S),
+
+    #diameter_caps{origin_host = {OH, DH}}
+        = Caps
+        = capz(LCaps, RCaps),
+
+    #diameter_base_CEA{'Result-Code' = RC}
+        = CEA,
+
+    %% Ensure that we don't already have a connection to the peer in
+    %% question. This isn't the peer election of 3588 except in the
+    %% sense that, since we don't know who we're talking to until we
+    %% receive a CER/CEA, the first that arrives wins the right to a
+    %% connection with the peer.
+
+    try
+        ?IS_SUCCESS(RC)
+            orelse ?THROW(RC),
+        [] == SApps
+            andalso ?THROW(no_common_application),
+        [] == IS
+            andalso ?THROW(no_common_security),
+        register_everywhere({?MODULE, connection, OH, DH})
+            orelse ?THROW(election_lost),
+        caps_cb(Caps)
+    of
+        _ -> open(DPkt, SApps, Caps, {connect, hd([_] = IS)}, S)
+    catch
+        ?FAILURE(Reason) -> close({'CEA', Reason, Caps, DPkt}, S)
+    end.
+%% Check more than the result code since the peer could send success
+%% regardless. If not 2001 then a peer_up callback could do anything
+%% required. It's not unimaginable that a peer agreeing to TLS after
+%% capabilities exchange could send DIAMETER_LIMITED_SUCCESS = 2002,
+%% even if this isn't required by RFC 3588.
+
+%% recv_CEA/2
+
+recv_CEA(#diameter_packet{header = #diameter_header{version
+                                                    = ?DIAMETER_VERSION,
+                                                    is_error = false},
+                          msg = CEA,
+                          errors = []},
+         #state{service = Svc}) ->
+    {ok, T} = diameter_capx:recv_CEA(CEA, Svc),
+    T;
+
+recv_CEA(Pkt, S) ->
+    close({'CEA', caps(S), Pkt}, S).
+
+caps(#diameter_service{capabilities = Caps}) ->
+    Caps;
+caps(#state{service = Svc}) ->
+    caps(Svc).
+
+%% caps_cb/1
+
+caps_cb(Caps) ->
+    {Ref, Ts} = eraser(capabilities_cb),
+    ccb(Ts, [Ref, Caps]).
+
+ccb([], _) ->
+    ok;
+ccb([F | Rest], T) ->
+    case diameter_lib:eval([F|T]) of
+        ok ->
+            ccb(Rest, T);
+        N when ?IS_SUCCESS(N) ->  %% 2xxx result code: accept immediately
+            N;
+        Res ->
+            ?THROW({capabilities_cb, F, rejected(Res)})
+    end.
+%% Note that returning 2xxx causes the capabilities exchange to be
+%% accepted directly, without further callbacks.
+
+rejected(discard = T) ->
+    T;
+rejected(unknown) ->
+    3010;  %% DIAMETER_UNKNOWN_PEER
+rejected(N)
+  when is_integer(N) ->
+    N.
+
+%% open/5
+
+open(Pkt, SupportedApps, Caps, {Type, IS}, #state{parent = Pid} = S) ->
+    #diameter_caps{origin_host = {_,_} = H,
+                   inband_security_id = {LS,_}}
+        = Caps,
+
+    tls_ack(lists:member(?TLS, LS), Caps, Type, IS, S),
+    Pid ! {open, self(), H, {Caps, SupportedApps, Pkt}},
+
+    S#state{state = 'Open'}.
+
+%% We've advertised TLS support: tell the transport the result
+%% and expect a reply when the handshake is complete.
+tls_ack(true, Caps, Type, IS, #state{transport = TPid} = S) ->
+    Ref = make_ref(),
+    TPid ! {diameter, {tls, Ref, Type, IS == ?TLS}},
+    receive
+        {diameter, {tls, Ref}} ->
+            ok;
+        {'DOWN', _, process, TPid, Reason} ->
+            close({tls_ack, Reason, Caps}, S)
+    end;
+
+%% Or not. Don't send anything to the transport so that transports
+%% not supporting TLS work as before without modification.
+tls_ack(false, _, _, _, _) ->
+    ok.
+
+capz(#diameter_caps{} = L, #diameter_caps{} = R) ->
+    #diameter_caps{}
+        = list_to_tuple([diameter_caps | lists:zip(tl(tuple_to_list(L)),
+                                                   tl(tuple_to_list(R)))]).
+
+%% close/2
+
+%% Tell the watchdog that our death isn't due to transport failure.
+close(Reason, #state{parent = Pid}) ->
+    close_wd(Reason, Pid),
+    throw({?MODULE, close, Reason}).
+
+%% close_wd/2
+
+%% Ensure the watchdog dies if DPR has been sent ...
+close_wd(_, #state{dpr = false}) ->
+    ok;
+close_wd(Reason, #state{parent = Pid}) ->
+    close_wd(Reason, Pid);
+
+%% ... or otherwise
+close_wd(Reason, Pid) ->
+    Pid ! {close, self(), Reason}.
+
+%% dwa/1
+
+dwa(#diameter_caps{origin_host = OH,
+                   origin_realm = OR,
+                   origin_state_id = OSI}) ->
+    ['DWA', {'Origin-Host', OH},
+            {'Origin-Realm', OR},
+            {'Origin-State-Id', OSI}].
+
+%% dpr/2
+
+dpr(Cause, #state{transport = TPid,
+                  service = #diameter_service{capabilities = Caps}}
+           = S) ->
+    #diameter_caps{origin_host = OH,
+                   origin_realm = OR}
+        = Caps,
+
+    Bin = encode(['DPR', {'Origin-Host', OH},
+                         {'Origin-Realm', OR},
+                         {'Disconnect-Cause', Cause}]),
+    send(TPid, Bin),
+    dpa_timer(),
+    ?LOG(send, 'DPR'),
+    S#state{dpr = diameter_codec:sequence_numbers(Bin)}.
+
+dpa_timer() ->
+    erlang:send_after(?DPA_TIMEOUT, self(), dpa_timeout).
+
+%% register_everywhere/1
+%%
+%% Register a term and ensure it's not registered elsewhere. Note that
+%% two process that simultaneously register the same term may well
+%% both fail to do so this isn't foolproof.
+
+register_everywhere(T) ->
+    diameter_reg:add_new(T)
+        andalso unregistered(T).
+
+unregistered(T) ->
+    {ResL, _} = rpc:multicall(?MODULE, match, [{node(), T}]),
+    lists:all(fun(L) -> [] == L end, ResL).
+
+match({Node, _})
+  when Node == node() ->
+    [];
+match({_, T}) ->
+    try
+        diameter_reg:match(T)
+    catch
+        _:_ -> []
+    end.
diff --git a/lib/diameter/src/app/diameter_peer_fsm_sup.erl b/lib/diameter/src/base/diameter_peer_fsm_sup.erl
index 995eaf74d0..995eaf74d0 100644
--- a/lib/diameter/src/app/diameter_peer_fsm_sup.erl
+++ b/lib/diameter/src/base/diameter_peer_fsm_sup.erl
diff --git a/lib/diameter/src/app/diameter_reg.erl b/lib/diameter/src/base/diameter_reg.erl
index 882b9da238..882b9da238 100644
--- a/lib/diameter/src/app/diameter_reg.erl
+++ b/lib/diameter/src/base/diameter_reg.erl
diff --git a/lib/diameter/src/base/diameter_service.erl b/lib/diameter/src/base/diameter_service.erl
new file mode 100644
index 0000000000..3dfdcee2b2
--- /dev/null
+++ b/lib/diameter/src/base/diameter_service.erl
@@ -0,0 +1,2897 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Implements the process that represents a service.
+%%
+
+-module(diameter_service).
+-behaviour(gen_server).
+
+-export([start/1,
+         stop/1,
+         start_transport/2,
+         stop_transport/2,
+         info/2,
+         call/4]).
+
+%% towards diameter_watchdog
+-export([receive_message/3]).
+
+%% service supervisor
+-export([start_link/1]).
+
+-export([subscribe/1,
+         unsubscribe/1,
+         subscriptions/1,
+         subscriptions/0,
+         services/0,
+         services/1,
+         whois/1,
+         flush_stats/1]).
+
+%% test/debug
+-export([call_module/3,
+         state/1,
+         uptime/1]).
+
+%%% gen_server callbacks
+-export([init/1,
+         handle_call/3,
+         handle_cast/2,
+         handle_info/2,
+         terminate/2,
+         code_change/3]).
+
+%% Other callbacks.
+-export([send/1]).
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_internal.hrl").
+
+-define(STATE_UP,   up).
+-define(STATE_DOWN, down).
+
+-define(DEFAULT_TC,     30000).  %% RFC 3588 ch 2.1
+-define(DEFAULT_TIMEOUT, 5000).  %% for outgoing requests
+-define(RESTART_TC,      1000).  %% if restart was this recent
+
+%% Used to be able to swap this with anything else dict-like but now
+%% rely on the fact that a service's #state{} record does not change
+%% in storing in it ?STATE table and not always going through the
+%% service process. In particular, rely on the fact that operations on
+%% a ?Dict don't change the handle to it.
+-define(Dict, diameter_dict).
+
+%% Table containing outgoing requests for which a reply has yet to be
+%% received.
+-define(REQUEST_TABLE, diameter_request).
+
+%% Maintains state in a table. In contrast to previously, a service's
+%% stat is not constant and is accessed outside of the service
+%% process.
+-define(STATE_TABLE, ?MODULE).
+
+%% Workaround for dialyzer's lack of understanding of match specs.
+-type match(T)
+   :: T | '_' | '$1' | '$2' | '$3' | '$4'.
+
+%% State of service gen_server.
+-record(state,
+        {id = now(),
+         service_name,      %% as passed to start_service/2, key in ?STATE_TABLE
+         service :: #diameter_service{},
+         peerT = ets_new(peers) :: ets:tid(), %% #peer{} at start_fsm
+         connT = ets_new(conns) :: ets:tid(), %% #conn{} at connection_up
+         share_peers = false :: boolean(), %% broadcast peers to remote nodes?
+         use_shared_peers = false :: boolean(),  %% use broadcasted peers?
+         shared_peers = ?Dict:new(),         %% Alias -> [{TPid, Caps}, ...]
+         local_peers = ?Dict:new(),          %% Alias -> [{TPid, Caps}, ...]
+         monitor = false :: false | pid()}). %% process to die with
+%% shared_peers reflects the peers broadcast from remote nodes. Note
+%% that the state term itself doesn't change, which is relevant for
+%% the stateless application callbacks since the state is retrieved
+%% from ?STATE_TABLE from outside the service process. The pid in the
+%% service record is used to determine whether or not we need to call
+%% the process for a pick_peer callback.
+
+%% Record representing a watchdog process.
+-record(peer,
+        {pid  :: match(pid()),
+         type :: match(connect | accept),
+         ref  :: match(reference()),  %% key into diameter_config
+         options :: match([diameter:transport_opt()]),%% from start_transport
+         op_state = ?STATE_DOWN :: match(?STATE_DOWN | ?STATE_UP),
+         started = now(),      %% at process start
+         conn = false :: match(boolean() | pid())}).
+                      %% true at accept, pid() at connection_up (connT key)
+
+%% Record representing a peer_fsm process.
+-record(conn,
+        {pid   :: pid(),
+         apps  :: [{0..16#FFFFFFFF, diameter:app_alias()}], %% {Id, Alias}
+         caps  :: #diameter_caps{},
+         started = now(),  %% at process start
+         peer  :: pid()}). %% key into peerT
+
+%% Record stored in diameter_request for each outgoing request.
+-record(request,
+        {from,               %% arg 2 of handle_call/3
+         handler    :: match(pid()), %% request process
+         transport  :: match(pid()), %% peer process
+         caps       :: match(#diameter_caps{}),
+         app        :: match(diameter:app_alias()),  %% #diameter_app.alias
+         dictionary :: match(module()),     %% #diameter_app.dictionary
+         module     :: match([module() | list()]),
+                    %% #diameter_app.module
+         filter     :: match(diameter:peer_filter()),
+         packet     :: match(#diameter_packet{})}).
+
+%% Record call/4 options are parsed into.
+-record(options,
+        {filter = none  :: diameter:peer_filter(),
+         extra = []     :: list(),
+         timeout = ?DEFAULT_TIMEOUT :: 0..16#FFFFFFFF,
+         detach = false :: boolean()}).
+
+%% Since RFC 3588 requires that a Diameter agent not modify End-to-End
+%% Identifiers, the possibility of explicitly setting an End-to-End
+%% Identifier would be needed to be able to implement an agent in
+%% which one side of the communication is not implemented on top of
+%% diameter. For example, Diameter being sent or received encapsulated
+%% in some other protocol, or even another Diameter stack in a
+%% non-Erlang environment. (Not that this is likely to be a normal
+%% case.)
+%%
+%% The implemented solution is not an option but to respect any header
+%% values set in a diameter_header record returned from a
+%% prepare_request callback. A call to diameter:call/4 can communicate
+%% values to the callback using the 'extra' option if so desired.
+
+%%% ---------------------------------------------------------------------------
+%%% # start(SvcName)
+%%% ---------------------------------------------------------------------------
+
+start(SvcName) ->
+    diameter_service_sup:start_child(SvcName).
+
+start_link(SvcName) ->
+    Options = [{spawn_opt, diameter_lib:spawn_opts(server, [])}],
+    gen_server:start_link(?MODULE, [SvcName], Options).
+%% Put the arbitrary term SvcName in a list in case we ever want to
+%% send more than this and need to distinguish old from new.
+
+%%% ---------------------------------------------------------------------------
+%%% # stop(SvcName)
+%%% ---------------------------------------------------------------------------
+
+stop(SvcName) ->
+    case whois(SvcName) of
+        undefined ->
+            {error, not_started};
+        Pid ->
+            stop(call_service(Pid, stop), Pid)
+    end.
+
+stop(ok, Pid) ->
+    MRef = erlang:monitor(process, Pid),
+    receive {'DOWN', MRef, process, _, _} -> ok end;
+stop(No, _) ->
+    No.
+
+%%% ---------------------------------------------------------------------------
+%%% # start_transport(SvcName, {Ref, Type, Opts})
+%%% ---------------------------------------------------------------------------
+
+start_transport(SvcName, {_,_,_} = T) ->
+    call_service_by_name(SvcName, {start, T}).
+
+%%% ---------------------------------------------------------------------------
+%%% # stop_transport(SvcName, Refs)
+%%% ---------------------------------------------------------------------------
+
+stop_transport(_, []) ->
+    ok;
+stop_transport(SvcName, [_|_] = Refs) ->
+    call_service_by_name(SvcName, {stop, Refs}).
+
+%%% ---------------------------------------------------------------------------
+%%% # info(SvcName, Item)
+%%% ---------------------------------------------------------------------------
+
+info(SvcName, Item) ->
+    info_rc(call_service_by_name(SvcName, {info, Item})).
+
+info_rc({error, _}) ->
+    undefined;
+info_rc(Info) ->
+    Info.
+
+%%% ---------------------------------------------------------------------------
+%%% # receive_message(TPid, Pkt, MessageData)
+%%% ---------------------------------------------------------------------------
+
+%% Handle an incoming message in the watchdog process. This used to
+%% come through the service process but this avoids that becoming a
+%% bottleneck.
+
+receive_message(TPid, Pkt, T)
+  when is_pid(TPid) ->
+    #diameter_packet{header = #diameter_header{is_request = R}} = Pkt,
+    recv(R, (not R) andalso lookup_request(Pkt, TPid), TPid, Pkt, T).
+
+%% Incoming request ...
+recv(true, false, TPid, Pkt, T) ->
+    try
+        spawn(fun() -> recv_request(TPid, Pkt, T) end)
+    catch
+        error: system_limit = E ->  %% discard
+            ?LOG({error, E}, now())
+    end;
+
+%% ... answer to known request ...
+recv(false, #request{from = {_, Ref}, handler = Pid} = Req, _, Pkt, _) ->
+    Pid ! {answer, Ref, Req, Pkt};
+%% Note that failover could have happened prior to this message being
+%% received and triggering failback. That is, both a failover message
+%% and answer may be on their way to the handler process. In the worst
+%% case the request process gets notification of the failover and
+%% sends to the alternate peer before an answer arrives, so it's
+%% always the case that we can receive more than one answer after
+%% failover. The first answer received by the request process wins,
+%% any others are discarded.
+
+%% ... or not.
+recv(false, false, _, _, _) ->
+    ok.
+
+%%% ---------------------------------------------------------------------------
+%%% # call(SvcName, App, Msg, Options)
+%%% ---------------------------------------------------------------------------
+
+call(SvcName, App, Msg, Options)
+  when is_list(Options) ->
+    Rec = make_options(Options),
+    Ref = make_ref(),
+    Caller = {self(), Ref},
+    Fun = fun() -> exit({Ref, call(SvcName, App, Msg, Rec, Caller)}) end,
+    try spawn_monitor(Fun) of
+        {_, MRef} ->
+            recv(MRef, Ref, Rec#options.detach, false)
+    catch
+        error: system_limit = E ->
+            {error, E}
+    end.
+
+%% Don't rely on gen_server:call/3 for the timeout handling since it
+%% makes no guarantees about not leaving a reply message in the
+%% mailbox if we catch its exit at timeout. It currently *can* do so,
+%% which is also undocumented.
+
+recv(MRef, _, true, true) ->
+    erlang:demonitor(MRef, [flush]),
+    ok;
+
+recv(MRef, Ref, Detach, Sent) ->
+    receive
+        Ref ->  %% send has been attempted
+            recv(MRef, Ref, Detach, true);
+        {'DOWN', MRef, process, _, Reason} ->
+            call_rc(Reason, Ref, Sent)
+    end.
+
+%% call/5 has returned ...
+call_rc({Ref, Ans}, Ref, _) ->
+    Ans;
+
+%% ... or not. In this case failure/encode are documented.
+call_rc(_, _, Sent) ->
+    {error, choose(Sent, failure, encode)}.
+
+%% call/5
+%%
+%% In the process spawned for the outgoing request.
+
+call(SvcName, App, Msg, Opts, Caller) ->
+    c(ets:lookup(?STATE_TABLE, SvcName), App, Msg, Opts, Caller).
+
+c([#state{service_name = SvcName} = S], App, Msg, Opts, Caller) ->
+    case find_transport(App, Msg, Opts, S) of
+        {_,_,_} = T ->
+            send_request(T, Msg, Opts, Caller, SvcName);
+        false ->
+            {error, no_connection};
+        {error, _} = No ->
+            No
+    end;
+
+c([], _, _, _, _) ->
+    {error, no_service}.
+
+%% make_options/1
+
+make_options(Options) ->
+    lists:foldl(fun mo/2, #options{}, Options).
+
+mo({timeout, T}, Rec)
+  when is_integer(T), 0 =< T ->
+    Rec#options{timeout = T};
+
+mo({filter, F}, #options{filter = none} = Rec) ->
+    Rec#options{filter = F};
+mo({filter, F}, #options{filter = {all, Fs}} = Rec) ->
+    Rec#options{filter = {all, [F | Fs]}};
+mo({filter, F}, #options{filter = F0} = Rec) ->
+    Rec#options{filter = {all, [F0, F]}};
+
+mo({extra, L}, #options{extra = X} = Rec)
+  when is_list(L) ->
+    Rec#options{extra = X ++ L};
+
+mo(detach, Rec) ->
+    Rec#options{detach = true};
+
+mo(T, _) ->
+    ?ERROR({invalid_option, T}).
+
+%%% ---------------------------------------------------------------------------
+%%% # subscribe(SvcName)
+%%% # unsubscribe(SvcName)
+%%% ---------------------------------------------------------------------------
+
+subscribe(SvcName) ->
+    diameter_reg:add({?MODULE, subscriber, SvcName}).
+
+unsubscribe(SvcName) ->
+    diameter_reg:del({?MODULE, subscriber, SvcName}).
+
+subscriptions(Pat) ->
+    pmap(diameter_reg:match({?MODULE, subscriber, Pat})).
+
+subscriptions() ->
+    subscriptions('_').
+
+pmap(Props) ->
+    lists:map(fun({{?MODULE, _, Name}, Pid}) -> {Name, Pid} end, Props).
+
+%%% ---------------------------------------------------------------------------
+%%% # services(Pattern)
+%%% ---------------------------------------------------------------------------
+
+services(Pat) ->
+    pmap(diameter_reg:match({?MODULE, service, Pat})).
+
+services() ->
+    services('_').
+
+whois(SvcName) ->
+    case diameter_reg:match({?MODULE, service, SvcName}) of
+        [{_, Pid}] ->
+            Pid;
+        [] ->
+            undefined
+    end.
+
+%%% ---------------------------------------------------------------------------
+%%% # flush_stats/1
+%%%
+%%% Output: list of {{SvcName, Alias, Counter}, Value}
+%%% ---------------------------------------------------------------------------
+
+flush_stats(TPid) ->
+    diameter_stats:flush(TPid).
+
+%% ===========================================================================
+%% ===========================================================================
+
+state(Svc) ->
+    call_service(Svc, state).
+
+uptime(Svc) ->
+    call_service(Svc, uptime).
+
+%% call_module/3
+
+call_module(Service, AppMod, Request) ->
+    call_service(Service, {call_module, AppMod, Request}).
+
+%%% ---------------------------------------------------------------------------
+%%% # init([SvcName])
+%%% ---------------------------------------------------------------------------
+
+init([SvcName]) ->
+    process_flag(trap_exit, true),  %% ensure terminate(shutdown, _)
+    i(SvcName, diameter_reg:add_new({?MODULE, service, SvcName})).
+
+i(SvcName, true) ->
+    {ok, i(SvcName)};
+i(_, false) ->
+    {stop, {shutdown, already_started}}.
+
+%%% ---------------------------------------------------------------------------
+%%% # handle_call(Req, From, State)
+%%% ---------------------------------------------------------------------------
+
+handle_call(state, _, S) ->
+    {reply, S, S};
+
+handle_call(uptime, _, #state{id = T} = S) ->
+    {reply, diameter_lib:now_diff(T), S};
+
+%% Start a transport.
+handle_call({start, {Ref, Type, Opts}}, _From, S) ->
+    {reply, start(Ref, {Type, Opts}, S), S};
+
+%% Stop transports.
+handle_call({stop, Refs}, _From, S) ->
+    shutdown(Refs, S),
+    {reply, ok, S};
+
+%% pick_peer with mutable state
+handle_call({pick_peer, Local, Remote, App}, _From, S) ->
+    #diameter_app{mutable = true} = App,  %% assert
+    {reply, pick_peer(Local, Remote, self(), S#state.service_name, App), S};
+
+handle_call({call_module, AppMod, Req}, From, S) ->
+    call_module(AppMod, Req, From, S);
+
+handle_call({info, Item}, _From, S) ->
+    {reply, service_info(Item, S), S};
+
+handle_call(stop, _From, S) ->
+    shutdown(S),
+    {stop, normal, ok, S};
+%% The server currently isn't guaranteed to be dead when the caller
+%% gets the reply. We deal with this in the call to the server,
+%% stating a monitor that waits for DOWN before returning.
+
+handle_call(Req, From, S) ->
+    unexpected(handle_call, [Req, From], S),
+    {reply, nok, S}.
+
+%%% ---------------------------------------------------------------------------
+%%% # handle_cast(Req, State)
+%%% ---------------------------------------------------------------------------
+
+handle_cast(Req, S) ->
+    unexpected(handle_cast, [Req], S),
+    {noreply, S}.
+
+%%% ---------------------------------------------------------------------------
+%%% # handle_info(Req, State)
+%%% ---------------------------------------------------------------------------
+
+handle_info(T,S) ->
+    case transition(T,S) of
+        ok ->
+            {noreply, S};
+        #state{} = NS ->
+            {noreply, NS};
+        {stop, Reason} ->
+            {stop, {shutdown, Reason}, S}
+    end.
+
+%% transition/2
+
+%% Peer process is telling us to start a new accept process.
+transition({accepted, Pid, TPid}, S) ->
+    accepted(Pid, TPid, S),
+    ok;
+
+%% Peer process has a new open connection.
+transition({connection_up, Pid, T}, S) ->
+    connection_up(Pid, T, S);
+
+%% Peer process has left state open.
+transition({connection_down, Pid}, S) ->
+    connection_down(Pid, S);
+
+%% Peer process has returned to state open.
+transition({connection_up, Pid}, S) ->
+    connection_up(Pid, S);
+
+%% Accepting transport has lost connectivity.
+transition({close, Pid}, S) ->
+    close(Pid, S),
+    ok;
+
+%% Connecting transport is being restarted by watchdog.
+transition({reconnect, Pid}, S) ->
+    reconnect(Pid, S),
+    ok;
+
+%% Monitor process has died. Just die with a reason that tells
+%% diameter_config about the happening. If a cleaner shutdown is
+%% required then someone should stop us.
+transition({'DOWN', MRef, process, _, Reason}, #state{monitor = MRef}) ->
+    {stop, {monitor, Reason}};
+
+%% Local peer process has died.
+transition({'DOWN', _, process, Pid, Reason}, S)
+  when node(Pid) == node() ->
+    peer_down(Pid, Reason, S);
+
+%% Remote service wants to know about shared transports.
+transition({service, Pid}, S) ->
+    share_peers(Pid, S),
+    ok;
+
+%% Remote service is communicating a shared peer.
+transition({peer, TPid, Aliases, Caps}, S) ->
+    remote_peer_up(TPid, Aliases, Caps, S);
+
+%% Remote peer process has died.
+transition({'DOWN', _, process, TPid, _}, S) ->
+    remote_peer_down(TPid, S);
+
+%% Restart after tc expiry.
+transition({tc_timeout, T}, S) ->
+    tc_timeout(T, S),
+    ok;
+
+%% Request process is telling us it may have missed a failover message
+%% after a transport went down and the service process looked up
+%% outstanding requests.
+transition({failover, TRef, Seqs}, S) ->
+    failover(TRef, Seqs, S),
+    ok;
+
+transition(Req, S) ->
+    unexpected(handle_info, [Req], S),
+    ok.
+
+%%% ---------------------------------------------------------------------------
+%%% # terminate(Reason, State)
+%%% ---------------------------------------------------------------------------
+
+terminate(Reason, #state{service_name = Name} = S) ->
+    ets:delete(?STATE_TABLE, Name),
+    shutdown == Reason  %% application shutdown
+        andalso shutdown(S).
+
+%%% ---------------------------------------------------------------------------
+%%% # code_change(FromVsn, State, Extra)
+%%% ---------------------------------------------------------------------------
+
+code_change(FromVsn,
+            #state{service_name = SvcName,
+                   service = #diameter_service{applications = Apps}}
+            = S,
+            Extra) ->
+    lists:foreach(fun(A) ->
+                          code_change(FromVsn, SvcName, Extra, A)
+                  end,
+                  Apps),
+    {ok, S}.
+
+code_change(FromVsn, SvcName, Extra, #diameter_app{alias = Alias} = A) ->
+    {ok, S} = cb(A, code_change, [FromVsn,
+                                  mod_state(Alias),
+                                  Extra,
+                                  SvcName]),
+    mod_state(Alias, S).
+
+%% ===========================================================================
+%% ===========================================================================
+
+unexpected(F, A, #state{service_name = Name}) ->
+    ?UNEXPECTED(F, A ++ [Name]).
+
+cb([_|_] = M, F, A) ->
+    eval(M, F, A);
+cb(Rec, F, A) ->
+    {_, M} = app(Rec),
+    eval(M, F, A).
+
+app(#request{app = A, module = M}) ->
+    {A,M};
+app(#diameter_app{alias = A, module = M}) ->
+    {A,M}.
+
+eval([M|X], F, A) ->
+    apply(M, F, A ++ X).
+
+%% Callback with state.
+
+state_cb(#diameter_app{mutable = false, init_state = S}, {ModX, F, A}) ->
+    eval(ModX, F, A ++ [S]);
+
+state_cb(#diameter_app{mutable = true, alias = Alias}, {_,_,_} = MFA) ->
+    state_cb(MFA, Alias);
+
+state_cb({ModX,F,A}, Alias)
+  when is_list(ModX) ->
+    eval(ModX, F, A ++ [mod_state(Alias)]).
+
+choose(true, X, _)  -> X;
+choose(false, _, X) -> X.
+
+ets_new(Tbl) ->
+    ets:new(Tbl, [{keypos, 2}]).
+
+insert(Tbl, Rec) ->
+    ets:insert(Tbl, Rec),
+    Rec.
+
+%% Using the process dictionary for the callback state was initially
+%% just a way to make what was horrendous trace (big state record and
+%% much else everywhere) somewhat more readable. There's not as much
+%% need for it now but it's no worse (except possibly that we don't
+%% see the table identifier being passed around) than an ets table so
+%% keep it.
+
+mod_state(Alias) ->
+    get({?MODULE, mod_state, Alias}).
+
+mod_state(Alias, ModS) ->
+    put({?MODULE, mod_state, Alias}, ModS).
+
+%%% ---------------------------------------------------------------------------
+%%% # shutdown/2
+%%% ---------------------------------------------------------------------------
+
+shutdown(Refs, #state{peerT = PeerT}) ->
+    ets:foldl(fun(P,ok) -> s(P, Refs), ok end, ok, PeerT).
+
+s(#peer{ref = Ref, pid = Pid}, Refs) ->
+    s(lists:member(Ref, Refs), Pid);
+
+s(true, Pid) ->
+    Pid ! {shutdown, self()};  %% 'DOWN' will cleanup as usual
+s(false, _) ->
+    ok.
+
+%%% ---------------------------------------------------------------------------
+%%% # shutdown/1
+%%% ---------------------------------------------------------------------------
+
+shutdown(#state{peerT = PeerT}) ->
+    %% A transport might not be alive to receive the shutdown request
+    %% but give those that are a chance to shutdown gracefully.
+    wait(fun st/2, PeerT),
+    %% Kill the watchdogs explicitly in case there was no transport.
+    wait(fun sw/2, PeerT).
+
+wait(Fun, T) ->
+    diameter_lib:wait(ets:foldl(Fun, [], T)).
+
+st(#peer{conn = B}, Acc)
+  when is_boolean(B) ->
+    Acc;
+st(#peer{conn = Pid}, Acc) ->
+    Pid ! shutdown,
+    [Pid | Acc].
+
+sw(#peer{pid = Pid}, Acc) ->
+    exit(Pid, shutdown),
+    [Pid | Acc].
+
+%%% ---------------------------------------------------------------------------
+%%% # call_service/2
+%%% ---------------------------------------------------------------------------
+
+call_service(Pid, Req)
+  when is_pid(Pid) ->
+    cs(Pid, Req);
+call_service(SvcName, Req) ->
+    call_service_by_name(SvcName, Req).
+
+call_service_by_name(SvcName, Req) ->
+    cs(whois(SvcName), Req).
+
+cs(Pid, Req)
+  when is_pid(Pid) ->
+    try
+        gen_server:call(Pid, Req, infinity)
+    catch
+        E: Reason when E == exit ->
+            {error, {E, Reason}}
+    end;
+
+cs(undefined, _) ->
+    {error, no_service}.
+
+%%% ---------------------------------------------------------------------------
+%%% # i/1
+%%%
+%%% Output: #state{}
+%%% ---------------------------------------------------------------------------
+
+%% Intialize the state of a service gen_server.
+
+i(SvcName) ->
+    %% Split the config into a server state and a list of transports.
+    {#state{} = S, CL} = lists:foldl(fun cfg_acc/2,
+                                     {false, []},
+                                     diameter_config:lookup(SvcName)),
+
+    %% Publish the state in order to be able to access it outside of
+    %% the service process. Originally table identifiers were only
+    %% known to the service process but we now want to provide the
+    %% option of application callbacks being 'stateless' in order to
+    %% avoid having to go through a common process. (Eg. An agent that
+    %% sends a request for every incoming request.)
+    true = ets:insert_new(?STATE_TABLE, S),
+
+    %% Start fsms for each transport.
+    lists:foreach(fun(T) -> start_fsm(T,S) end, CL),
+
+    init_shared(S),
+    S.
+
+cfg_acc({SvcName, #diameter_service{applications = Apps} = Rec, Opts},
+        {false, Acc}) ->
+    lists:foreach(fun init_mod/1, Apps),
+    S = #state{service_name = SvcName,
+               service = Rec#diameter_service{pid = self()},
+               share_peers = get_value(share_peers, Opts),
+               use_shared_peers = get_value(use_shared_peers, Opts),
+               monitor = mref(get_value(monitor, Opts))},
+    {S, Acc};
+
+cfg_acc({_Ref, Type, _Opts} = T, {S, Acc})
+  when Type == connect;
+       Type == listen ->
+    {S, [T | Acc]}.
+
+mref(false = No) ->
+    No;
+mref(P) ->
+    erlang:monitor(process, P).
+
+init_shared(#state{use_shared_peers = true,
+                   service_name = Svc}) ->
+    diameter_peer:notify(Svc, {service, self()});
+init_shared(#state{use_shared_peers = false}) ->
+    ok.
+
+init_mod(#diameter_app{alias = Alias,
+                       init_state = S}) ->
+    mod_state(Alias, S).
+
+start_fsm({Ref, Type, Opts}, S) ->
+    start(Ref, {Type, Opts}, S).
+
+get_value(Key, Vs) ->
+    {_, V} = lists:keyfind(Key, 1, Vs),
+    V.
+
+%%% ---------------------------------------------------------------------------
+%%% # start/3
+%%% ---------------------------------------------------------------------------
+
+%% If the initial start/3 at service/transport start succeeds then
+%% subsequent calls to start/4 on the same service will also succeed
+%% since they involve the same call to merge_service/2. We merge here
+%% rather than earlier since the service may not yet be configured
+%% when the transport is configured.
+
+start(Ref, {T, Opts}, S)
+  when T == connect;
+       T == listen ->
+    try
+        {ok, start(Ref, type(T), Opts, S)}
+    catch
+        ?FAILURE(Reason) ->
+            {error, Reason}
+    end.
+%% TODO: don't actually raise any errors yet
+
+%% There used to be a difference here between the handling of
+%% configured listening and connecting transports but now we simply
+%% tell the transport_module to start an accepting or connecting
+%% process respectively, the transport implementation initiating
+%% listening on a port as required.
+type(listen)      -> accept;
+type(accept)      -> listen;
+type(connect = T) -> T.
+
+%% start/4
+
+start(Ref, Type, Opts, #state{peerT = PeerT,
+                              connT = ConnT,
+                              service_name = SvcName,
+                              service = Svc})
+  when Type == connect;
+       Type == accept ->
+    Pid = s(Type, Ref, {ConnT,
+                        Opts,
+                        SvcName,
+                        merge_service(Opts, Svc)}),
+    insert(PeerT, #peer{pid = Pid,
+                        type = Type,
+                        ref = Ref,
+                        options = Opts}),
+    Pid.
+
+%% Note that the service record passed into the watchdog is the merged
+%% record so that each watchdog (and peer_fsm) may get a different
+%% record. This record is what is passed back into application
+%% callbacks.
+
+s(Type, Ref, T) ->
+    case diameter_watchdog:start({Type, Ref}, T) of
+        {_MRef, Pid} ->
+            Pid;
+        Pid when is_pid(Pid) ->  %% from old code
+            erlang:monitor(process, Pid),
+            Pid
+    end.
+
+%% merge_service/2
+
+merge_service(Opts, Svc) ->
+    lists:foldl(fun ms/2, Svc, Opts).
+
+%% Limit the applications known to the fsm to those in the 'apps'
+%% option. That this might be empty is checked by the fsm. It's not
+%% checked at config-time since there's no requirement that the
+%% service be configured first. (Which could be considered a bit odd.)
+ms({applications, As}, #diameter_service{applications = Apps} = S)
+  when is_list(As) ->
+    S#diameter_service{applications
+                       = [A || A <- Apps,
+                               lists:member(A#diameter_app.alias, As)]};
+
+%% The fact that all capabilities can be configured on the transports
+%% means that the service doesn't necessarily represent a single
+%% locally implemented Diameter peer as identified by Origin-Host: a
+%% transport can configure its own Origin-Host. This means that the
+%% service little more than a placeholder for default capabilities
+%% plus a list of applications that individual transports can choose
+%% to support (or not).
+ms({capabilities, Opts}, #diameter_service{capabilities = Caps0} = Svc)
+  when is_list(Opts) ->
+    %% make_caps has already succeeded in diameter_config so it will succeed
+    %% again here.
+    {ok, Caps} = diameter_capx:make_caps(Caps0, Opts),
+    Svc#diameter_service{capabilities = Caps};
+
+ms(_, Svc) ->
+    Svc.
+
+%%% ---------------------------------------------------------------------------
+%%% # accepted/3
+%%% ---------------------------------------------------------------------------
+
+accepted(Pid, _TPid, #state{peerT = PeerT} = S) ->
+    #peer{ref = Ref, type = accept = T, conn = false, options = Opts}
+        = P
+        = fetch(PeerT, Pid),
+    insert(PeerT, P#peer{conn = true}),  %% mark replacement transport started
+    start(Ref, T, Opts, S).              %% start new peer
+
+fetch(Tid, Key) ->
+    [T] = ets:lookup(Tid, Key),
+    T.
+
+%%% ---------------------------------------------------------------------------
+%%% # connection_up/3
+%%%
+%%% Output: #state{}
+%%% ---------------------------------------------------------------------------
+
+%% Peer process has reached the open state.
+
+connection_up(Pid, {TPid, {Caps, SApps, Pkt}}, #state{peerT = PeerT,
+                                                      connT = ConnT}
+                                               = S) ->
+    P = fetch(PeerT, Pid),
+    C = #conn{pid = TPid,
+              apps = SApps,
+              caps = Caps,
+              peer = Pid},
+
+    insert(ConnT, C),
+    connection_up([Pkt], P#peer{conn = TPid}, C, S).
+
+%%% ---------------------------------------------------------------------------
+%%% # connection_up/2
+%%%
+%%% Output: #state{}
+%%% ---------------------------------------------------------------------------
+
+%% Peer process has transitioned back into the open state. Note that there
+%% has been no new capabilties exchange in this case.
+
+connection_up(Pid, #state{peerT = PeerT,
+                          connT = ConnT}
+                   = S) ->
+    #peer{conn = TPid} = P = fetch(PeerT, Pid),
+    C = fetch(ConnT, TPid),
+    connection_up([], P, C, S).
+
+%% connection_up/4
+
+connection_up(T, P, C, #state{peerT = PeerT,
+                              local_peers = LDict,
+                              service_name = SvcName,
+                              service
+                              = #diameter_service{applications = Apps}}
+                       = S) ->
+    #peer{conn = TPid, op_state = ?STATE_DOWN}
+        = P,
+    #conn{apps = SApps, caps = Caps}
+        = C,
+
+    insert(PeerT, P#peer{op_state = ?STATE_UP}),
+
+    request_peer_up(TPid),
+    report_status(up, P, C, S, T),
+    S#state{local_peers = insert_local_peer(SApps,
+                                            {{TPid, Caps}, {SvcName, Apps}},
+                                            LDict)}.
+
+insert_local_peer(SApps, T, LDict) ->
+    lists:foldl(fun(A,D) -> ilp(A, T, D) end, LDict, SApps).
+
+ilp({Id, Alias}, {TC, SA}, LDict) ->
+    init_conn(Id, Alias, TC, SA),
+    ?Dict:append(Alias, TC, LDict).
+
+init_conn(Id, Alias, TC, {SvcName, Apps}) ->
+    #diameter_app{module = ModX,
+                  id = Id}  %% assert
+        = find_app(Alias, Apps),
+
+    peer_cb({ModX, peer_up, [SvcName, TC]}, Alias).
+
+find_app(Alias, Apps) ->
+    lists:keyfind(Alias, #diameter_app.alias, Apps).
+
+%% A failing peer callback brings down the service. In the case of
+%% peer_up we could just kill the transport and emit an error but for
+%% peer_down we have no way to cleanup any state change that peer_up
+%% may have introduced.
+peer_cb(MFA, Alias) ->
+    try state_cb(MFA, Alias) of
+        ModS ->
+            mod_state(Alias, ModS)
+    catch
+        E: Reason ->
+            ?ERROR({E, Reason, MFA, ?STACK})
+    end.
+
+%%% ---------------------------------------------------------------------------
+%%% # connection_down/2
+%%%
+%%% Output: #state{}
+%%% ---------------------------------------------------------------------------
+
+%% Peer process has transitioned out of the open state.
+
+connection_down(Pid, #state{peerT = PeerT,
+                            connT = ConnT}
+                     = S) ->
+    #peer{op_state = ?STATE_UP,  %% assert
+          conn = TPid}
+        = P
+        = fetch(PeerT, Pid),
+
+    C = fetch(ConnT, TPid),
+    insert(PeerT, P#peer{op_state = ?STATE_DOWN}),
+    connection_down(P,C,S).
+
+%% connection_down/3
+
+connection_down(#peer{op_state = ?STATE_DOWN}, _, S) ->
+    S;
+
+connection_down(#peer{conn = TPid,
+                      op_state = ?STATE_UP}
+                = P,
+                #conn{caps = Caps,
+                      apps = SApps}
+                = C,
+                #state{service_name = SvcName,
+                       service = #diameter_service{applications = Apps},
+                       local_peers = LDict}
+                = S) ->
+    report_status(down, P, C, S, []),
+    NewS = S#state{local_peers
+                   = remove_local_peer(SApps,
+                                       {{TPid, Caps}, {SvcName, Apps}},
+                                       LDict)},
+    request_peer_down(TPid, NewS),
+    NewS.
+
+remove_local_peer(SApps, T, LDict) ->
+    lists:foldl(fun(A,D) -> rlp(A, T, D) end, LDict, SApps).
+
+rlp({Id, Alias}, {TC, SA}, LDict) ->
+    L = ?Dict:fetch(Alias, LDict),
+    down_conn(Id, Alias, TC, SA),
+    ?Dict:store(Alias, lists:delete(TC, L), LDict).
+
+down_conn(Id, Alias, TC, {SvcName, Apps}) ->
+    #diameter_app{module = ModX,
+                  id = Id}  %% assert
+        = find_app(Alias, Apps),
+
+    peer_cb({ModX, peer_down, [SvcName, TC]}, Alias).
+
+%%% ---------------------------------------------------------------------------
+%%% # peer_down/3
+%%%
+%%% Output: #state{}
+%%% ---------------------------------------------------------------------------
+
+%% Peer process has died.
+
+peer_down(Pid, Reason, #state{peerT = PeerT} = S) ->
+    P = fetch(PeerT, Pid),
+    ets:delete_object(PeerT, P),
+    closed(Reason, P, S),
+    restart(P,S),
+    peer_down(P,S).
+
+%% Send an event at connection establishment failure.
+closed({shutdown, {close, _TPid, Reason}},
+       #peer{op_state = ?STATE_DOWN,
+             ref = Ref,
+             type = Type,
+             options = Opts},
+       #state{service_name = SvcName}) ->
+    send_event(SvcName, {closed, Ref, Reason, {type(Type), Opts}});
+closed(_, _, _) ->
+    ok.
+
+%% The peer has never come up ...
+peer_down(#peer{conn = B}, S)
+  when is_boolean(B) ->
+    S;
+
+%% ... or it has.
+peer_down(#peer{conn = TPid} = P, #state{connT = ConnT} = S) ->
+    #conn{} = C = fetch(ConnT, TPid),
+    ets:delete_object(ConnT, C),
+    connection_down(P,C,S).
+
+%% restart/2
+
+restart(P,S) ->
+    q_restart(restart(P), S).
+
+%% restart/1
+
+%% Always try to reconnect.
+restart(#peer{ref = Ref,
+              type = connect = T,
+              options = Opts,
+              started = Time}) ->
+    {Time, {Ref, T, Opts}};
+
+%% Transport connection hasn't yet been accepted ...
+restart(#peer{ref = Ref,
+              type = accept = T,
+              options = Opts,
+              conn = false,
+              started = Time}) ->
+    {Time, {Ref, T, Opts}};
+
+%% ... or it has: a replacement transport has already been spawned.
+restart(#peer{type = accept}) ->
+    false.
+
+%% q_restart/2
+
+%% Start the reconnect timer.
+q_restart({Time, {_Ref, Type, Opts} = T}, S) ->
+    start_tc(tc(Time, default_tc(Type, Opts)), T, S);
+q_restart(false, _) ->
+    ok.
+
+%% RFC 3588, 2.1:
+%%
+%%   When no transport connection exists with a peer, an attempt to
+%%   connect SHOULD be periodically made.  This behavior is handled via
+%%   the Tc timer, whose recommended value is 30 seconds.  There are
+%%   certain exceptions to this rule, such as when a peer has terminated
+%%   the transport connection stating that it does not wish to
+%%   communicate.
+
+default_tc(connect, Opts) ->
+    proplists:get_value(reconnect_timer, Opts, ?DEFAULT_TC);
+default_tc(accept, _) ->
+    0.
+
+%% Bound tc below if the peer was restarted recently to avoid
+%% continuous in case of faulty config or other problems.
+tc(Time, Tc) ->
+    choose(Tc > ?RESTART_TC
+             orelse timer:now_diff(now(), Time) > 1000*?RESTART_TC,
+           Tc,
+           ?RESTART_TC).
+
+start_tc(0, T, S) ->
+    tc_timeout(T, S);
+start_tc(Tc, T, _) ->
+    erlang:send_after(Tc, self(), {tc_timeout, T}).
+
+%% tc_timeout/2
+
+tc_timeout({Ref, _Type, _Opts} = T, #state{service_name = SvcName} = S) ->
+    tc(diameter_config:have_transport(SvcName, Ref), T, S).
+
+tc(true, {Ref, Type, Opts}, #state{service_name = SvcName}
+                            = S) ->
+    send_event(SvcName, {reconnect, Ref, Opts}),
+    start(Ref, Type, Opts, S);
+tc(false = No, _, _) ->  %% removed
+    No.
+
+%%% ---------------------------------------------------------------------------
+%%% # close/2
+%%% ---------------------------------------------------------------------------
+
+%% The watchdog doesn't start a new fsm in the accept case, it
+%% simply stays alive until someone tells it to die in order for
+%% another watchdog to be able to detect that it should transition
+%% from initial into reopen rather than okay. That someone is either
+%% the accepting watchdog upon reception of a CER from the previously
+%% connected peer, or us after reconnect_timer timeout.
+
+close(Pid, #state{service_name = SvcName,
+                  peerT = PeerT}) ->
+    #peer{pid = Pid,
+          type = accept,
+          ref = Ref,
+          options = Opts}
+        = fetch(PeerT, Pid),
+
+    c(Pid, diameter_config:have_transport(SvcName, Ref), Opts).
+
+%% Tell watchdog to (maybe) die later ...
+c(Pid, true, Opts) ->
+    Tc = proplists:get_value(reconnect_timer, Opts, 2*?DEFAULT_TC),
+    erlang:send_after(Tc, Pid, close);
+
+%% ... or now.
+c(Pid, false, _Opts) ->
+    Pid ! close.
+
+%% The RFC's only document the behaviour of Tc, our reconnect_timer,
+%% for the establishment of connections but we also give
+%% reconnect_timer semantics for a listener, being the time within
+%% which a new connection attempt is expected of a connecting peer.
+%% The value should be greater than the peer's Tc + jitter.
+
+%%% ---------------------------------------------------------------------------
+%%% # reconnect/2
+%%% ---------------------------------------------------------------------------
+
+reconnect(Pid, #state{service_name = SvcName,
+                      peerT = PeerT}) ->
+    #peer{ref = Ref,
+          type = connect,
+          options = Opts}
+        = fetch(PeerT, Pid),
+    send_event(SvcName, {reconnect, Ref, Opts}).
+
+%%% ---------------------------------------------------------------------------
+%%% # call_module/4
+%%% ---------------------------------------------------------------------------
+
+%% Backwards compatibility and never documented/advertised. May be
+%% removed.
+
+call_module(Mod, Req, From, #state{service
+                                   = #diameter_service{applications = Apps},
+                                   service_name = Svc}
+                            = S) ->
+    case cm([A || A <- Apps, Mod == hd(A#diameter_app.module)],
+            Req,
+            From,
+            Svc)
+    of
+        {reply = T, RC} ->
+            {T, RC, S};
+        noreply = T ->
+            {T, S};
+        Reason ->
+            {reply, {error, Reason}, S}
+    end.
+
+cm([#diameter_app{module = ModX, alias = Alias}], Req, From, Svc) ->
+    MFA = {ModX, handle_call, [Req, From, Svc]},
+
+    try state_cb(MFA, Alias) of
+        {noreply = T, ModS} ->
+            mod_state(Alias, ModS),
+            T;
+        {reply = T, RC, ModS} ->
+            mod_state(Alias, ModS),
+            {T, RC};
+        T ->
+            diameter_lib:error_report({invalid, T}, MFA),
+            invalid
+    catch
+        E: Reason ->
+            diameter_lib:error_report({failure, {E, Reason, ?STACK}}, MFA),
+            failure
+    end;
+
+cm([], _, _, _) ->
+    unknown;
+
+cm([_,_|_], _, _, _) ->
+    multiple.
+
+%%% ---------------------------------------------------------------------------
+%%% # send_request/5
+%%% ---------------------------------------------------------------------------
+
+%% Send an outgoing request in its dedicated process.
+%%
+%% Note that both encode of the outgoing request and of the received
+%% answer happens in this process. It's also this process that replies
+%% to the caller. The service process only handles the state-retaining
+%% callbacks.
+%%
+%% The mod field of the #diameter_app{} here includes any extra
+%% arguments passed to diameter:call/2.
+
+send_request({TPid, Caps, App}, Msg, Opts, Caller, SvcName) ->
+    #diameter_app{module = ModX}
+        = App,
+
+    Pkt = make_request_packet(Msg),
+
+    case cb(ModX, prepare_request, [Pkt, SvcName, {TPid, Caps}]) of
+        {send, P} ->
+            send_request(make_request_packet(P, Pkt),
+                         TPid,
+                         Caps,
+                         App,
+                         Opts,
+                         Caller,
+                         SvcName);
+        {discard, Reason} ->
+            {error, Reason};
+        discard ->
+            {error, discarded};
+        T ->
+            ?ERROR({invalid_return, prepare_request, App, T})
+    end.
+
+%% make_request_packet/1
+%%
+%% Turn an outgoing request as passed to call/4 into a diameter_packet
+%% record in preparation for a prepare_request callback.
+
+make_request_packet(Bin)
+  when is_binary(Bin) ->
+    #diameter_packet{header = diameter_codec:decode_header(Bin),
+                     bin = Bin};
+
+make_request_packet(#diameter_packet{msg = [#diameter_header{} = Hdr | Avps]}
+                    = Pkt) ->
+    Pkt#diameter_packet{msg = [make_request_header(Hdr) | Avps]};
+
+make_request_packet(#diameter_packet{header = Hdr} = Pkt) ->
+    Pkt#diameter_packet{header = make_request_header(Hdr)};
+
+make_request_packet(Msg) ->
+    make_request_packet(#diameter_packet{msg = Msg}).
+
+%% make_request_header/1
+
+make_request_header(undefined) ->
+    Seq = diameter_session:sequence(),
+    make_request_header(#diameter_header{end_to_end_id = Seq,
+                                         hop_by_hop_id = Seq});
+
+make_request_header(#diameter_header{version = undefined} = Hdr) ->
+    make_request_header(Hdr#diameter_header{version = ?DIAMETER_VERSION});
+
+make_request_header(#diameter_header{end_to_end_id = undefined} = H) ->
+    Seq = diameter_session:sequence(),
+    make_request_header(H#diameter_header{end_to_end_id = Seq});
+
+make_request_header(#diameter_header{hop_by_hop_id = undefined} = H) ->
+    Seq = diameter_session:sequence(),
+    make_request_header(H#diameter_header{hop_by_hop_id = Seq});
+
+make_request_header(#diameter_header{} = Hdr) ->
+    Hdr;
+
+make_request_header(T) ->
+    ?ERROR({invalid_header, T}).
+
+%% make_request_packet/2
+%%
+%% Reconstruct a diameter_packet from the return value of
+%% prepare_request or prepare_retransmit callback.
+
+make_request_packet(Bin, _)
+  when is_binary(Bin) ->
+    make_request_packet(Bin);
+
+make_request_packet(#diameter_packet{msg = [#diameter_header{} | _]}
+                    = Pkt,
+                    _) ->
+    Pkt;
+
+%% Returning a diameter_packet with no header from a prepare_request
+%% or prepare_retransmit callback retains the header passed into it.
+%% This is primarily so that the end to end and hop by hop identifiers
+%% are retained.
+make_request_packet(#diameter_packet{header = Hdr} = Pkt,
+            #diameter_packet{header = Hdr0}) ->
+    Pkt#diameter_packet{header = fold_record(Hdr0, Hdr)};
+
+make_request_packet(Msg, Pkt) ->
+    Pkt#diameter_packet{msg = Msg}.
+
+%% fold_record/2
+
+fold_record(undefined, R) ->
+    R;
+fold_record(Rec, R) ->
+    diameter_lib:fold_tuple(2, Rec, R).
+
+%% send_request/7
+
+send_request(Pkt, TPid, Caps, App, Opts, Caller, SvcName) ->
+    #diameter_app{alias = Alias,
+                  dictionary = Dict,
+                  module = ModX,
+                  answer_errors = AE}
+        = App,
+
+    EPkt = encode(Dict, Pkt),
+
+    #options{filter = Filter,
+             timeout = Timeout}
+        = Opts,
+
+    Req = #request{packet = Pkt,
+                   from = Caller,
+                   handler = self(),
+                   transport = TPid,
+                   caps = Caps,
+                   app = Alias,
+                   filter = Filter,
+                   dictionary = Dict,
+                   module = ModX},
+
+    try
+        TRef = send_request(TPid, EPkt, Req, Timeout),
+        ack(Caller),
+        handle_answer(SvcName, AE, recv_answer(Timeout, SvcName, {TRef, Req}))
+    after
+        erase_request(EPkt)
+    end.
+
+%% Tell caller a send has been attempted.
+ack({Pid, Ref}) ->
+    Pid ! Ref.
+
+%% recv_answer/3
+
+recv_answer(Timeout,
+            SvcName,
+            {TRef, #request{from = {_, Ref}, packet = RPkt} = Req}
+            = T) ->
+
+    %% Matching on TRef below ensures we ignore messages that pertain
+    %% to a previous transport prior to failover. The answer message
+    %% includes the #request{} since it's not necessarily Req; that
+    %% is, from the last peer to which we've transmitted.
+
+    receive
+        {answer = A, Ref, Rq, Pkt} ->     %% Answer from peer
+            {A, Rq, Pkt};
+        {timeout = Reason, TRef, _} ->    %% No timely reply
+            {error, Req, Reason};
+        {failover = Reason, TRef, false} ->  %% No alternate peer
+            {error, Req, Reason};
+        {failover, TRef, Transport} ->    %% Resend to alternate peer
+            try_retransmit(Timeout, SvcName, Req, Transport);
+        {failover, TRef} ->  %% May have missed failover notification
+            Seqs = diameter_codec:sequence_numbers(RPkt),
+            Pid  = whois(SvcName),
+            is_pid(Pid) andalso (Pid ! {failover, TRef, Seqs}),
+            recv_answer(Timeout, SvcName, T)
+    end.
+%% Note that failover starts a new timer and that expiry of an old
+%% timer value is ignored. This means that an answer could be accepted
+%% from a peer after timeout in the case of failover.
+
+try_retransmit(Timeout, SvcName, Req, Transport) ->
+    try retransmit(Transport, Req, SvcName, Timeout) of
+        T -> recv_answer(Timeout, SvcName, T)
+    catch
+        ?FAILURE(Reason) -> {error, Req, Reason}
+    end.
+
+%% handle_error/3
+
+handle_error(Req, Reason, SvcName) ->
+    #request{module = ModX,
+             packet = Pkt,
+             transport = TPid,
+             caps = Caps}
+        = Req,
+    cb(ModX, handle_error, [Reason, msg(Pkt), SvcName, {TPid, Caps}]).
+
+msg(#diameter_packet{msg = undefined, bin = Bin}) ->
+    Bin;
+msg(#diameter_packet{msg = Msg}) ->
+    Msg.
+
+%% encode/2
+
+%% Note that prepare_request can return a diameter_packet containing
+%% header or transport_data. Even allow the returned record to contain
+%% an encoded binary. This isn't the usual case but could some in
+%% handy, for test at least. (For example, to send garbage.)
+
+%% The normal case: encode the returned message.
+encode(Dict, #diameter_packet{msg = Msg, bin = undefined} = Pkt) ->
+    D = pick_dictionary([Dict, ?BASE], Msg),
+    diameter_codec:encode(D, Pkt);
+
+%% Callback has returned an encoded binary: just send.
+encode(_, #diameter_packet{} = Pkt) ->
+    Pkt.
+
+%% pick_dictionary/2
+
+%% Pick the first dictionary that declares the application id in the
+%% specified header.
+pick_dictionary(Ds, [#diameter_header{application_id = Id} | _]) ->
+    pd(Ds, fun(D) -> Id = D:id() end);
+
+%% Pick the first dictionary that knows the specified message name.
+pick_dictionary(Ds, [MsgName|_]) ->
+    pd(Ds, fun(D) -> D:msg2rec(MsgName) end);
+
+%% Pick the first dictionary that knows the name of the specified
+%% message record.
+pick_dictionary(Ds, Rec) ->
+    Name = element(1, Rec),
+    pd(Ds, fun(D) -> D:rec2msg(Name) end).
+
+pd([D|Ds], F) ->
+    try
+        F(D),
+        D
+    catch
+        error:_ ->
+            pd(Ds, F)
+    end;
+
+pd([], _) ->
+    ?ERROR(no_dictionary).
+
+%% send_request/4
+
+send_request(TPid, #diameter_packet{bin = Bin} = Pkt, Req, Timeout)
+  when node() == node(TPid) ->
+    %% Store the outgoing request before sending to avoid a race with
+    %% reply reception.
+    TRef = store_request(TPid, Bin, Req, Timeout),
+    send(TPid, Pkt),
+    TRef;
+
+%% Send using a remote transport: spawn a process on the remote node
+%% to relay the answer.
+send_request(TPid, #diameter_packet{} = Pkt, Req, Timeout) ->
+    TRef = erlang:start_timer(Timeout, self(), timeout),
+    T = {TPid, Pkt, Req, Timeout, TRef},
+    spawn(node(TPid), ?MODULE, send, [T]),
+    TRef.
+
+%% send/1
+
+send({TPid, Pkt, #request{handler = Pid} = Req, Timeout, TRef}) ->
+    Ref = send_request(TPid, Pkt, Req#request{handler = self()}, Timeout),
+    Pid ! reref(receive T -> T end, Ref, TRef).
+
+reref({T, Ref, R}, Ref, TRef) ->
+    {T, TRef, R};
+reref(T, _, _) ->
+    T.
+
+%% send/2
+
+send(Pid, Pkt) ->
+    Pid ! {send, Pkt}.
+
+%% retransmit/4
+
+retransmit({TPid, Caps, #diameter_app{alias = Alias} = App},
+           #request{app = Alias,
+                    packet = Pkt}
+           = Req,
+           SvcName,
+           Timeout) ->
+    have_request(Pkt, TPid)      %% Don't failover to a peer we've
+        andalso ?THROW(timeout), %% already sent to.
+
+    case cb(App, prepare_retransmit, [Pkt, SvcName, {TPid, Caps}]) of
+        {send, P} ->
+            retransmit(make_request_packet(P, Pkt), TPid, Caps, Req, Timeout);
+        {discard, Reason} ->
+            ?THROW(Reason);
+        discard ->
+            ?THROW(discarded);
+        T ->
+            ?ERROR({invalid_return, prepare_retransmit, App, T})
+    end.
+
+%% retransmit/5
+
+retransmit(Pkt, TPid, Caps, #request{dictionary = Dict} = Req, Timeout) ->
+    EPkt = encode(Dict, Pkt),
+
+    NewReq = Req#request{transport = TPid,
+                         packet = Pkt,
+                         caps = Caps},
+
+    ?LOG(retransmission, NewReq),
+    TRef = send_request(TPid, EPkt, NewReq, Timeout),
+    {TRef, NewReq}.
+
+%% store_request/4
+
+store_request(TPid, Bin, Req, Timeout) ->
+    Seqs = diameter_codec:sequence_numbers(Bin),
+    TRef = erlang:start_timer(Timeout, self(), timeout),
+    ets:insert(?REQUEST_TABLE, {Seqs, Req, TRef}),
+    ets:member(?REQUEST_TABLE, TPid)
+        orelse (self() ! {failover, TRef}),  %% possibly missed failover
+    TRef.
+
+%% lookup_request/2
+
+lookup_request(Msg, TPid)
+  when is_pid(TPid) ->
+    lookup(Msg, TPid, '_');
+
+lookup_request(Msg, TRef)
+  when is_reference(TRef) ->
+    lookup(Msg, '_', TRef).
+
+lookup(Msg, TPid, TRef) ->
+    Seqs = diameter_codec:sequence_numbers(Msg),
+    Spec = [{{Seqs, #request{transport = TPid, _ = '_'}, TRef},
+             [],
+             ['$_']}],
+    case ets:select(?REQUEST_TABLE, Spec) of
+        [{_, Req, _}] ->
+            Req;
+        [] ->
+            false
+    end.
+
+%% erase_request/1
+
+erase_request(Pkt) ->
+    ets:delete(?REQUEST_TABLE, diameter_codec:sequence_numbers(Pkt)).
+
+%% match_requests/1
+
+match_requests(TPid) ->
+    Pat = {'_', #request{transport = TPid, _ = '_'}, '_'},
+    ets:select(?REQUEST_TABLE, [{Pat, [], ['$_']}]).
+
+%% have_request/2
+
+have_request(Pkt, TPid) ->
+    Seqs = diameter_codec:sequence_numbers(Pkt),
+    Pat = {Seqs, #request{transport = TPid, _ = '_'}, '_'},
+    '$end_of_table' /= ets:select(?REQUEST_TABLE, [{Pat, [], ['$_']}], 1).
+
+%% request_peer_up/1
+
+request_peer_up(TPid) ->
+    ets:insert(?REQUEST_TABLE, {TPid}).
+
+%% request_peer_down/2
+
+request_peer_down(TPid, S) ->
+    ets:delete(?REQUEST_TABLE, TPid),
+    lists:foreach(fun(T) -> failover(T,S) end, match_requests(TPid)).
+%% Note that a request process can store its request after failover
+%% notifications are sent here: store_request/4 sends the notification
+%% in that case. Note also that we'll send as many notifications to a
+%% given handler as there are peers its sent to. All but one of these
+%% will be ignored.
+
+%%% ---------------------------------------------------------------------------
+%%% recv_request/3
+%%% ---------------------------------------------------------------------------
+
+recv_request(TPid, Pkt, {ConnT, SvcName, Apps}) ->
+    try ets:lookup(ConnT, TPid) of
+        [C] ->
+            recv_request(C, TPid, Pkt, SvcName, Apps);
+        [] ->             %% transport has gone down
+            ok
+    catch
+        error: badarg ->  %% service has gone down (and taken table with it)
+            ok
+    end.
+
+%% recv_request/5
+
+recv_request(#conn{apps = SApps, caps = Caps}, TPid, Pkt, SvcName, Apps) ->
+    #diameter_caps{origin_host = {OH,_},
+                   origin_realm = {OR,_}}
+        = Caps,
+
+    #diameter_packet{header = #diameter_header{application_id = Id}}
+        = Pkt,
+
+    recv_request(find_recv_app(Id, SApps),
+                 {SvcName, OH, OR},
+                 TPid,
+                 Apps,
+                 Caps,
+                 Pkt).
+
+%% find_recv_app/2
+
+%% No one should be sending the relay identifier.
+find_recv_app(?APP_ID_RELAY, _) ->
+    false;
+
+%% With any other id we either support it locally or as a relay.
+find_recv_app(Id, SApps) ->
+    keyfind([Id, ?APP_ID_RELAY], 1, SApps).
+
+%% keyfind/3
+
+keyfind([], _, _) ->
+    false;
+keyfind([Key | Rest], Pos, L) ->
+    case lists:keyfind(Key, Pos, L) of
+        false ->
+            keyfind(Rest, Pos, L);
+        T ->
+            T
+    end.
+
+%% recv_request/6
+
+recv_request({Id, Alias}, T, TPid, Apps, Caps, Pkt) ->
+    #diameter_app{dictionary = Dict}
+        = A
+        = find_app(Alias, Apps),
+    recv_request(T, {TPid, Caps}, A, diameter_codec:decode(Id, Dict, Pkt));
+%% Note that the decode is different depending on whether or not Id is
+%% ?APP_ID_RELAY.
+
+%%   DIAMETER_APPLICATION_UNSUPPORTED   3007
+%%      A request was sent for an application that is not supported.
+
+recv_request(false, T, TPid, _, _, Pkt) ->
+    As = collect_avps(Pkt),
+    protocol_error(3007, T, TPid, Pkt#diameter_packet{avps = As}).
+
+collect_avps(Pkt) ->
+    case diameter_codec:collect_avps(Pkt) of
+        {_Bs, As} ->
+            As;
+        As ->
+            As
+    end.
+
+%% recv_request/4
+
+%% Wrong number of bits somewhere in the message: reply.
+%%
+%%   DIAMETER_INVALID_AVP_BITS          3009
+%%      A request was received that included an AVP whose flag bits are
+%%      set to an unrecognized value, or that is inconsistent with the
+%%      AVP's definition.
+%%
+recv_request(T, {TPid, _}, _, #diameter_packet{errors = [Bs | _]} = Pkt)
+  when is_bitstring(Bs) ->
+    protocol_error(3009, T, TPid, Pkt);
+
+%% Either we support this application but don't recognize the command
+%% or we're a relay and the command isn't proxiable.
+%%
+%%   DIAMETER_COMMAND_UNSUPPORTED       3001
+%%      The Request contained a Command-Code that the receiver did not
+%%      recognize or support.  This MUST be used when a Diameter node
+%%      receives an experimental command that it does not understand.
+%%
+recv_request(T,
+             {TPid, _},
+             #diameter_app{id = Id},
+             #diameter_packet{header = #diameter_header{is_proxiable = P},
+                              msg = M}
+             = Pkt)
+  when ?APP_ID_RELAY /= Id, undefined == M;
+       ?APP_ID_RELAY == Id, not P ->
+    protocol_error(3001, T, TPid, Pkt);
+
+%% Error bit was set on a request.
+%%
+%%   DIAMETER_INVALID_HDR_BITS          3008
+%%      A request was received whose bits in the Diameter header were
+%%      either set to an invalid combination, or to a value that is
+%%      inconsistent with the command code's definition.
+%%
+recv_request(T,
+             {TPid, _},
+             _,
+             #diameter_packet{header = #diameter_header{is_error = true}}
+             = Pkt) ->
+    protocol_error(3008, T, TPid, Pkt);
+
+%% A message in a locally supported application or a proxiable message
+%% in the relay application. Don't distinguish between the two since
+%% each application has its own callback config. That is, the user can
+%% easily distinguish between the two cases.
+recv_request(T, TC, App, Pkt) ->
+    request_cb(T, TC, App, examine(Pkt)).
+
+%% Note that there may still be errors but these aren't protocol
+%% (3xxx) errors that lead to an answer-message.
+
+request_cb({SvcName, _OH, _OR} = T, TC, App, Pkt) ->
+    request_cb(cb(App, handle_request, [Pkt, SvcName, TC]), App, T, TC, Pkt).
+
+%% examine/1
+%%
+%% Look for errors in a decoded message. Length errors result in
+%% decode failure in diameter_codec.
+
+examine(#diameter_packet{header = #diameter_header{version
+                                                   = ?DIAMETER_VERSION}}
+        = Pkt) ->
+    Pkt;
+
+%%   DIAMETER_UNSUPPORTED_VERSION       5011
+%%      This error is returned when a request was received, whose version
+%%      number is unsupported.
+
+examine(#diameter_packet{errors = Es} = Pkt) ->
+    Pkt#diameter_packet{errors = [5011 | Es]}.
+%% It's odd/unfortunate that this isn't a protocol error.
+
+%% request_cb/5
+
+%% A reply may be an answer-message, constructed either here or by
+%% the handle_request callback. The header from the incoming request
+%% is passed into the encode so that it can retrieve the relevant
+%% command code in this case. It will also then ignore Dict and use
+%% the base encoder.
+request_cb({reply, Ans},
+           #diameter_app{dictionary = Dict},
+           _,
+           {TPid, _},
+           Pkt) ->
+    reply(Ans, Dict, TPid, Pkt);
+
+%% An 3xxx result code, for which the E-bit is set in the header.
+request_cb({protocol_error, RC}, _, T, {TPid, _}, Pkt)
+  when 3000 =< RC, RC < 4000 ->
+    protocol_error(RC, T, TPid, Pkt);
+
+%% RFC 3588 says we must reply 3001 to anything unrecognized or
+%% unsupported. 'noreply' is undocumented (and inappropriately named)
+%% backwards compatibility for this, protocol_error the documented
+%% alternative.
+request_cb(noreply, _, T, {TPid, _}, Pkt) ->
+    protocol_error(3001, T, TPid, Pkt);
+
+%% Relay a request to another peer. This is equivalent to doing an
+%% explicit call/4 with the message in question except that (1) a loop
+%% will be detected by examining Route-Record AVP's, (3) a
+%% Route-Record AVP will be added to the outgoing request and (3) the
+%% End-to-End Identifier will default to that in the
+%% #diameter_header{} without the need for an end_to_end_identifier
+%% option.
+%%
+%% relay and proxy are similar in that they require the same handling
+%% with respect to Route-Record and End-to-End identifier. The
+%% difference is that a proxy advertises specific applications, while
+%% a relay advertises the relay application. If a callback doesn't
+%% want to distinguish between the cases in the callback return value
+%% then 'resend' is a neutral alternative.
+%%
+request_cb({A, Opts},
+           #diameter_app{id = Id}
+           = App,
+           T,
+           TC,
+           Pkt)
+  when A == relay, Id == ?APP_ID_RELAY;
+       A == proxy, Id /= ?APP_ID_RELAY;
+       A == resend ->
+    resend(Opts, App, T, TC, Pkt);
+
+request_cb(discard, _, _, _, _) ->
+    ok;
+
+request_cb({eval, RC, F}, App, T, TC, Pkt) ->
+    request_cb(RC, App, T, TC, Pkt),
+    diameter_lib:eval(F).
+
+%% protocol_error/4
+
+protocol_error(RC, {_, OH, OR}, TPid, #diameter_packet{avps = Avps} = Pkt) ->
+    ?LOG({error, RC}, Pkt),
+    reply(answer_message({OH, OR, RC}, Avps), ?BASE, TPid, Pkt).
+
+%% resend/5
+%%
+%% Resend a message as a relay or proxy agent.
+
+resend(Opts,
+       #diameter_app{} = App,
+       {_SvcName, OH, _OR} = T,
+       {_TPid, _Caps} = TC,
+       #diameter_packet{avps = Avps} = Pkt) ->
+    {Code, _Flags, Vid} = ?BASE:avp_header('Route-Record'),
+    resend(is_loop(Code, Vid, OH, Avps), Opts, App, T, TC, Pkt).
+
+%%   DIAMETER_LOOP_DETECTED             3005
+%%      An agent detected a loop while trying to get the message to the
+%%      intended recipient.  The message MAY be sent to an alternate peer,
+%%      if one is available, but the peer reporting the error has
+%%      identified a configuration problem.
+
+resend(true, _, _, T, {TPid, _}, Pkt) ->  %% Route-Record loop
+    protocol_error(3005, T, TPid, Pkt);
+
+%% 6.1.8.  Relaying and Proxying Requests
+%%
+%%   A relay or proxy agent MUST append a Route-Record AVP to all requests
+%%   forwarded.  The AVP contains the identity of the peer the request was
+%%   received from.
+
+resend(false,
+       Opts,
+       App,
+       {SvcName, _, _} = T,
+       {TPid, #diameter_caps{origin_host = {_, OH}}},
+       #diameter_packet{header = Hdr0,
+                        avps = Avps}
+       = Pkt) ->
+    Route = #diameter_avp{data = {?BASE, 'Route-Record', OH}},
+    Seq = diameter_session:sequence(),
+    Hdr = Hdr0#diameter_header{hop_by_hop_id = Seq},
+    Msg = [Hdr, Route | Avps],
+    resend(call(SvcName, App, Msg, Opts), T, TPid, Pkt).
+%% The incoming request is relayed with the addition of a
+%% Route-Record. Note the requirement on the return from call/4 below,
+%% which places a requirement on the value returned by the
+%% handle_answer callback of the application module in question.
+%%
+%% Note that there's nothing stopping the request from being relayed
+%% back to the sender. A pick_peer callback may want to avoid this but
+%% a smart peer might recognize the potential loop and choose another
+%% route. A less smart one will probably just relay the request back
+%% again and force us to detect the loop. A pick_peer that wants to
+%% avoid this can specify filter to avoid the possibility.
+%% Eg. {neg, {host, OH} where #diameter_caps{origin_host = {OH, _}}.
+%%
+%% RFC 6.3 says that a relay agent does not modify Origin-Host but
+%% says nothing about a proxy. Assume it should behave the same way.
+
+%% resend/4
+%%
+%% Relay a reply to a relayed request.
+
+%% Answer from the peer: reset the hop by hop identifier and send.
+resend(#diameter_packet{bin = B}
+       = Pkt,
+       _,
+       TPid,
+       #diameter_packet{header = #diameter_header{hop_by_hop_id = Id},
+                        transport_data = TD}) ->
+    send(TPid, Pkt#diameter_packet{bin = diameter_codec:hop_by_hop_id(Id, B),
+                                   transport_data = TD});
+%% TODO: counters
+
+%% Or not: DIAMETER_UNABLE_TO_DELIVER.
+resend(_, T, TPid, Pkt) ->
+    protocol_error(3002, T, TPid, Pkt).
+
+%% is_loop/4
+%%
+%% Is there a Route-Record AVP with our Origin-Host?
+
+is_loop(Code,
+        Vid,
+        Bin,
+        [#diameter_avp{code = Code, vendor_id = Vid, data = Bin} | _]) ->
+    true;
+
+is_loop(_, _, _, []) ->
+    false;
+
+is_loop(Code, Vid, OH, [_ | Avps])
+  when is_binary(OH) ->
+    is_loop(Code, Vid, OH, Avps);
+
+is_loop(Code, Vid, OH, Avps) ->
+    is_loop(Code, Vid, ?BASE:avp(encode, OH, 'Route-Record'), Avps).
+
+%% reply/4
+%%
+%% Send a locally originating reply.
+
+%% No errors or a diameter_header/avp list.
+reply(Msg, Dict, TPid, #diameter_packet{errors = Es,
+                                        transport_data = TD}
+                       = ReqPkt)
+  when [] == Es;
+       is_record(hd(Msg), diameter_header) ->
+    Pkt = diameter_codec:encode(Dict, make_answer_packet(Msg, ReqPkt)),
+    incr(send, Pkt, TPid),  %% count result codes in sent answers
+    send(TPid, Pkt#diameter_packet{transport_data = TD});
+
+%% Or not: set Result-Code and Failed-AVP AVP's.
+reply(Msg, Dict, TPid, #diameter_packet{errors = [H|_] = Es} = Pkt) ->
+    reply(rc(Msg, rc(H), [A || {_,A} <- Es], Dict),
+          Dict,
+          TPid,
+          Pkt#diameter_packet{errors = []}).
+
+%% make_answer_packet/2
+
+%% Binaries and header/avp lists are sent as-is.
+make_answer_packet(Bin, _)
+  when is_binary(Bin) ->
+    #diameter_packet{bin = Bin};
+make_answer_packet([#diameter_header{} | _] = Msg, _) ->
+    #diameter_packet{msg = Msg};
+
+%% Otherwise a reply message clears the R and T flags and retains the
+%% P flag. The E flag will be set at encode. 6.2 of 3588 requires the
+%% same P flag on an answer as on the request.
+make_answer_packet(Msg, #diameter_packet{header = ReqHdr}) ->
+    Hdr = ReqHdr#diameter_header{version = ?DIAMETER_VERSION,
+                                 is_request = false,
+                                 is_error = undefined,
+                                 is_retransmitted = false},
+    #diameter_packet{header = Hdr,
+                     msg = Msg}.
+
+%% rc/1
+
+rc({RC, _}) ->
+    RC;
+rc(RC) ->
+    RC.
+
+%% rc/4
+
+rc(Rec, RC, Failed, Dict)
+  when is_integer(RC) ->
+    set(Rec, [{'Result-Code', RC} | failed_avp(Rec, Failed, Dict)], Dict).
+
+%% Reply as name and tuple list ...
+set([_|_] = Ans, Avps, _) ->
+    Ans ++ Avps;  %% Values nearer tail take precedence.
+
+%% ... or record.
+set(Rec, Avps, Dict) ->
+    Dict:'#set-'(Avps, Rec).
+
+%% failed_avp/3
+
+failed_avp(_, [] = No, _) ->
+    No;
+
+failed_avp(Rec, Failed, Dict) ->
+    [fa(Rec, [{'AVP', Failed}], Dict)].
+
+%% Reply as name and tuple list ...
+fa([MsgName | Values], FailedAvp, Dict) ->
+    R = Dict:msg2rec(MsgName),
+    try
+        Dict:'#info-'(R, {index, 'Failed-AVP'}),
+        {'Failed-AVP', [FailedAvp]}
+    catch
+        error: _ ->
+            Avps = proplists:get_value('AVP', Values, []),
+            A = #diameter_avp{name = 'Failed-AVP',
+                              value = FailedAvp},
+            {'AVP', [A|Avps]}
+    end;
+
+%% ... or record.
+fa(Rec, FailedAvp, Dict) ->
+    try
+        {'Failed-AVP', [FailedAvp]}
+    catch
+        error: _ ->
+            Avps = Dict:'get-'('AVP', Rec),
+            A = #diameter_avp{name = 'Failed-AVP',
+                              value = FailedAvp},
+            {'AVP', [A|Avps]}
+    end.
+
+%% 3.  Diameter Header
+%%
+%%       E(rror)     - If set, the message contains a protocol error,
+%%                     and the message will not conform to the ABNF
+%%                     described for this command.  Messages with the 'E'
+%%                     bit set are commonly referred to as error
+%%                     messages.  This bit MUST NOT be set in request
+%%                     messages.  See Section 7.2.
+
+%% 3.2.  Command Code ABNF specification
+%%
+%%    e-bit            = ", ERR"
+%%                       ; If present, the 'E' bit in the Command
+%%                       ; Flags is set, indicating that the answer
+%%                       ; message contains a Result-Code AVP in
+%%                       ; the "protocol error" class.
+
+%% 7.1.3.  Protocol Errors
+%%
+%%    Errors that fall within the Protocol Error category SHOULD be treated
+%%    on a per-hop basis, and Diameter proxies MAY attempt to correct the
+%%    error, if it is possible.  Note that these and only these errors MUST
+%%    only be used in answer messages whose 'E' bit is set.
+
+%% Thus, only construct answers to protocol errors. Other errors
+%% require an message-specific answer and must be handled by the
+%% application.
+
+%% 6.2.  Diameter Answer Processing
+%%
+%%    When a request is locally processed, the following procedures MUST be
+%%    applied to create the associated answer, in addition to any
+%%    additional procedures that MAY be discussed in the Diameter
+%%    application defining the command:
+%%
+%%    -  The same Hop-by-Hop identifier in the request is used in the
+%%       answer.
+%%
+%%    -  The local host's identity is encoded in the Origin-Host AVP.
+%%
+%%    -  The Destination-Host and Destination-Realm AVPs MUST NOT be
+%%       present in the answer message.
+%%
+%%    -  The Result-Code AVP is added with its value indicating success or
+%%       failure.
+%%
+%%    -  If the Session-Id is present in the request, it MUST be included
+%%       in the answer.
+%%
+%%    -  Any Proxy-Info AVPs in the request MUST be added to the answer
+%%       message, in the same order they were present in the request.
+%%
+%%    -  The 'P' bit is set to the same value as the one in the request.
+%%
+%%    -  The same End-to-End identifier in the request is used in the
+%%       answer.
+%%
+%%    Note that the error messages (see Section 7.3) are also subjected to
+%%    the above processing rules.
+
+%% 7.3.  Error-Message AVP
+%%
+%%    The Error-Message AVP (AVP Code 281) is of type UTF8String.  It MAY
+%%    accompany a Result-Code AVP as a human readable error message.  The
+%%    Error-Message AVP is not intended to be useful in real-time, and
+%%    SHOULD NOT be expected to be parsed by network entities.
+
+%% answer_message/2
+
+answer_message({OH, OR, RC}, Avps) ->
+    {Code, _, Vid} = ?BASE:avp_header('Session-Id'),
+    ['answer-message', {'Origin-Host', OH},
+                       {'Origin-Realm', OR},
+                       {'Result-Code', RC}
+                       | session_id(Code, Vid, Avps)].
+
+session_id(Code, Vid, Avps)
+  when is_list(Avps) ->
+    try
+        {value, #diameter_avp{data = D}} = find_avp(Code, Vid, Avps),
+        [{'Session-Id', [?BASE:avp(decode, D, 'Session-Id')]}]
+    catch
+        error: _ ->
+            []
+    end.
+
+%% find_avp/3
+
+find_avp(Code, Vid, Avps)
+  when is_integer(Code), (undefined == Vid orelse is_integer(Vid)) ->
+    find(fun(A) -> is_avp(Code, Vid, A) end, Avps).
+
+%% The final argument here could be a list of AVP's, depending on the case,
+%% but we're only searching at the top level.
+is_avp(Code, Vid, #diameter_avp{code = Code, vendor_id = Vid}) ->
+    true;
+is_avp(_, _, _) ->
+    false.
+
+find(_, []) ->
+    false;
+find(Pred, [H|T]) ->
+    case Pred(H) of
+        true ->
+            {value, H};
+        false ->
+            find(Pred, T)
+    end.
+
+%% 7.  Error Handling
+%%
+%%    There are certain Result-Code AVP application errors that require
+%%    additional AVPs to be present in the answer.  In these cases, the
+%%    Diameter node that sets the Result-Code AVP to indicate the error
+%%    MUST add the AVPs.  Examples are:
+%%
+%%    -  An unrecognized AVP is received with the 'M' bit (Mandatory bit)
+%%       set, causes an answer to be sent with the Result-Code AVP set to
+%%       DIAMETER_AVP_UNSUPPORTED, and the Failed-AVP AVP containing the
+%%       offending AVP.
+%%
+%%    -  An AVP that is received with an unrecognized value causes an
+%%       answer to be returned with the Result-Code AVP set to
+%%       DIAMETER_INVALID_AVP_VALUE, with the Failed-AVP AVP containing the
+%%       AVP causing the error.
+%%
+%%    -  A command is received with an AVP that is omitted, yet is
+%%       mandatory according to the command's ABNF.  The receiver issues an
+%%       answer with the Result-Code set to DIAMETER_MISSING_AVP, and
+%%       creates an AVP with the AVP Code and other fields set as expected
+%%       in the missing AVP.  The created AVP is then added to the Failed-
+%%       AVP AVP.
+%%
+%%    The Result-Code AVP describes the error that the Diameter node
+%%    encountered in its processing.  In case there are multiple errors,
+%%    the Diameter node MUST report only the first error it encountered
+%%    (detected possibly in some implementation dependent order).  The
+%%    specific errors that can be described by this AVP are described in
+%%    the following section.
+
+%% 7.5.  Failed-AVP AVP
+%%
+%%    The Failed-AVP AVP (AVP Code 279) is of type Grouped and provides
+%%    debugging information in cases where a request is rejected or not
+%%    fully processed due to erroneous information in a specific AVP.  The
+%%    value of the Result-Code AVP will provide information on the reason
+%%    for the Failed-AVP AVP.
+%%
+%%    The possible reasons for this AVP are the presence of an improperly
+%%    constructed AVP, an unsupported or unrecognized AVP, an invalid AVP
+%%    value, the omission of a required AVP, the presence of an explicitly
+%%    excluded AVP (see tables in Section 10), or the presence of two or
+%%    more occurrences of an AVP which is restricted to 0, 1, or 0-1
+%%    occurrences.
+%%
+%%    A Diameter message MAY contain one Failed-AVP AVP, containing the
+%%    entire AVP that could not be processed successfully.  If the failure
+%%    reason is omission of a required AVP, an AVP with the missing AVP
+%%    code, the missing vendor id, and a zero filled payload of the minimum
+%%    required length for the omitted AVP will be added.
+
+%%% ---------------------------------------------------------------------------
+%%% # handle_answer/3
+%%% ---------------------------------------------------------------------------
+
+%% Process an answer message in call-specific process.
+
+handle_answer(SvcName, _, {error, Req, Reason}) ->
+    handle_error(Req, Reason, SvcName);
+
+handle_answer(SvcName,
+              AnswerErrors,
+              {answer, #request{dictionary = Dict} = Req, Pkt}) ->
+    a(examine(diameter_codec:decode(Dict, Pkt)),
+      SvcName,
+      AnswerErrors,
+      Req).
+
+%% We don't really need to do a full decode if we're a relay and will
+%% just resend with a new hop by hop identifier, but might a proxy
+%% want to examine the answer?
+
+a(#diameter_packet{errors = []}
+  = Pkt,
+  SvcName,
+  AE,
+  #request{transport = TPid,
+           caps = Caps,
+           packet = P}
+  = Req) ->
+    try
+        incr(in, Pkt, TPid)
+    of
+        _ ->
+            cb(Req, handle_answer, [Pkt, msg(P), SvcName, {TPid, Caps}])
+    catch
+        exit: {invalid_error_bit, _} = E ->
+            e(Pkt#diameter_packet{errors = [E]}, SvcName, AE, Req)
+    end;
+
+a(#diameter_packet{} = Pkt, SvcName, AE, Req) ->
+    e(Pkt, SvcName, AE, Req).
+
+e(Pkt, SvcName, callback, #request{transport = TPid,
+                                   caps = Caps,
+                                   packet = Pkt}
+                          = Req) ->
+    cb(Req, handle_answer, [Pkt, msg(Pkt), SvcName, {TPid, Caps}]);
+e(Pkt, SvcName, report, Req) ->
+    x(errors, handle_answer, [SvcName, Req, Pkt]);
+e(Pkt, SvcName, discard, Req) ->
+    x({errors, handle_answer, [SvcName, Req, Pkt]}).
+
+%% Note that we don't check that the application id in the answer's
+%% header is what we expect. (TODO: Does the rfc says anything about
+%% this?)
+
+%% incr/4
+%%
+%% Increment a stats counter for an incoming or outgoing message.
+
+%% TODO: fix
+incr(_, #diameter_packet{msg = undefined}, _) ->
+    ok;
+
+incr(Dir, Pkt, TPid)
+  when is_pid(TPid) ->
+    #diameter_packet{header = #diameter_header{is_error = E}
+                            = Hdr,
+                     msg = Rec}
+        = Pkt,
+
+    RC = int(get_avp_value(?BASE, 'Result-Code', Rec)),
+    PE = is_protocol_error(RC),
+
+    %% Check that the E bit is set only for 3xxx result codes.
+    (not (E orelse PE))
+        orelse (E andalso PE)
+        orelse x({invalid_error_bit, RC}, answer, [Dir, Pkt]),
+
+    Ctr = rc_counter(Rec, RC),
+    is_tuple(Ctr)
+        andalso incr(TPid, {diameter_codec:msg_id(Hdr), Dir, Ctr}).
+
+%% incr/2
+
+incr(TPid, Counter) ->
+    diameter_stats:incr(Counter, TPid, 1).
+
+%% RFC 3588, 7.6:
+%%
+%%   All Diameter answer messages defined in vendor-specific
+%%   applications MUST include either one Result-Code AVP or one
+%%   Experimental-Result AVP.
+%%
+%% Maintain statistics assuming one or the other, not both, which is
+%% surely the intent of the RFC.
+
+rc_counter(_, RC)
+  when is_integer(RC) ->
+    {'Result-Code', RC};
+rc_counter(Rec, _) ->
+    rcc(get_avp_value(?BASE, 'Experimental-Result', Rec)).
+
+%% Outgoing answers may be in any of the forms messages can be sent
+%% in. Incoming messages will be records. We're assuming here that the
+%% arity of the result code AVP's is 0 or 1.
+
+rcc([{_,_,RC} = T])
+  when is_integer(RC) ->
+    T;
+rcc({_,_,RC} = T)
+  when is_integer(RC) ->
+    T;
+rcc(_) ->
+    undefined.
+
+int([N])
+  when is_integer(N) ->
+    N;
+int(N)
+  when is_integer(N) ->
+    N;
+int(_) ->
+    undefined.
+
+is_protocol_error(RC) ->
+    3000 =< RC andalso RC < 4000.
+
+-spec x(any(), atom(), list()) -> no_return().
+
+%% Warn and exit request process on errors in an incoming answer.
+x(Reason, F, A) ->
+    diameter_lib:warning_report(Reason, {?MODULE, F, A}),
+    x(Reason).
+
+x(T) ->
+    exit(T).
+
+%%% ---------------------------------------------------------------------------
+%%% # failover/[23]
+%%% ---------------------------------------------------------------------------
+
+%% Failover as a consequence of request_peer_down/2.
+failover({_, #request{handler = Pid} = Req, TRef}, S) ->
+    Pid ! {failover, TRef, rt(Req, S)}.
+
+%% Failover as a consequence of store_request/4.
+failover(TRef, Seqs, S)
+  when is_reference(TRef) ->
+    case lookup_request(Seqs, TRef) of
+        #request{} = Req ->
+            failover({Seqs, Req, TRef}, S);
+        false ->
+            ok
+    end.
+
+%% prepare_request returned a binary ...
+rt(#request{packet = #diameter_packet{msg = undefined}}, _) ->
+    false;  %% TODO: Not what we should do.
+
+%% ... or not.
+rt(#request{packet = #diameter_packet{msg = Msg}} = Req, S) ->
+    find_transport(get_destination(Msg), Req, S).
+
+%%% ---------------------------------------------------------------------------
+%%% # report_status/5
+%%% ---------------------------------------------------------------------------
+
+report_status(Status,
+              #peer{ref = Ref,
+                    conn = TPid,
+                    type = Type,
+                    options = Opts},
+              #conn{apps = [_|_] = As,
+                    caps = Caps},
+              #state{service_name = SvcName}
+              = S,
+              Extra) ->
+    share_peer(Status, Caps, As, TPid, S),
+    Info = [Status, Ref, {TPid, Caps}, {type(Type), Opts} | Extra],
+    send_event(SvcName, list_to_tuple(Info)).
+
+%% send_event/2
+
+send_event(SvcName, Info) ->
+    send_event(#diameter_event{service = SvcName,
+                               info = Info}).
+
+send_event(#diameter_event{service = SvcName} = E) ->
+    lists:foreach(fun({_, Pid}) -> Pid ! E end, subscriptions(SvcName)).
+
+%%% ---------------------------------------------------------------------------
+%%% # share_peer/5
+%%% ---------------------------------------------------------------------------
+
+share_peer(up, Caps, Aliases, TPid, #state{share_peers = true,
+                                           service_name = Svc}) ->
+    diameter_peer:notify(Svc, {peer, TPid, Aliases, Caps});
+
+share_peer(_, _, _, _, _) ->
+    ok.
+
+%%% ---------------------------------------------------------------------------
+%%% # share_peers/2
+%%% ---------------------------------------------------------------------------
+
+share_peers(Pid, #state{share_peers = true,
+                        local_peers = PDict}) ->
+    ?Dict:fold(fun(A,Ps,ok) -> sp(Pid, A, Ps), ok end, ok, PDict);
+
+share_peers(_, #state{share_peers = false}) ->
+    ok.
+
+sp(Pid, Alias, Peers) ->
+    lists:foreach(fun({P,C}) -> Pid ! {peer, P, [Alias], C} end, Peers).
+
+%%% ---------------------------------------------------------------------------
+%%% # remote_peer_up/4
+%%% ---------------------------------------------------------------------------
+
+remote_peer_up(Pid, Aliases, Caps, #state{use_shared_peers = true,
+                                          service = Svc,
+                                          shared_peers = PDict}
+                                   = S) ->
+    #diameter_service{applications = Apps} = Svc,
+    Update = lists:filter(fun(A) ->
+                                  lists:keymember(A, #diameter_app.alias, Apps)
+                          end,
+                          Aliases),
+    S#state{shared_peers = rpu(Pid, Caps, PDict, Update)};
+
+remote_peer_up(_, _, _, #state{use_shared_peers = false} = S) ->
+    S.
+
+rpu(_, _, PDict, []) ->
+    PDict;
+rpu(Pid, Caps, PDict, Aliases) ->
+    erlang:monitor(process, Pid),
+    T = {Pid, Caps},
+    lists:foldl(fun(A,D) -> ?Dict:append(A, T, D) end,
+                PDict,
+                Aliases).
+
+%%% ---------------------------------------------------------------------------
+%%% # remote_peer_down/2
+%%% ---------------------------------------------------------------------------
+
+remote_peer_down(Pid, #state{use_shared_peers = true,
+                             shared_peers = PDict}
+                      = S) ->
+    S#state{shared_peers = lists:foldl(fun(A,D) -> rpd(Pid, A, D) end,
+                                       PDict,
+                                       ?Dict:fetch_keys(PDict))}.
+
+rpd(Pid, Alias, PDict) ->
+    ?Dict:update(Alias, fun(Ps) -> lists:keydelete(Pid, 1, Ps) end, PDict).
+
+%%% ---------------------------------------------------------------------------
+%%% find_transport/[34]
+%%%
+%%% Output: {TransportPid, #diameter_caps{}, #diameter_app{}}
+%%%         | false
+%%%         | {error, Reason}
+%%% ---------------------------------------------------------------------------
+
+%% Initial call, from an arbitrary process.
+find_transport({alias, Alias}, Msg, Opts, #state{service = Svc} = S) ->
+    #diameter_service{applications = Apps} = Svc,
+    ft(find_send_app(Alias, Apps), Msg, Opts, S);
+
+%% Relay or proxy send.
+find_transport(#diameter_app{} = App, Msg, Opts, S) ->
+    ft(App, Msg, Opts, S).
+
+ft(#diameter_app{module = Mod} = App, Msg, Opts, S) ->
+    #options{filter = Filter,
+             extra = Xtra}
+        = Opts,
+    pick_peer(App#diameter_app{module = Mod ++ Xtra},
+              get_destination(Msg),
+              Filter,
+              S);
+ft(false = No, _, _, _) ->
+    No.
+
+%% This can't be used if we're a relay and sending a message
+%% in an application not known locally. (TODO)
+find_send_app(Alias, Apps) ->
+    case lists:keyfind(Alias, #diameter_app.alias, Apps) of
+        #diameter_app{id = ?APP_ID_RELAY} ->
+            false;
+        T ->
+            T
+    end.
+
+%% Retransmission, in the service process.
+find_transport([_,_] = RH,
+               Req,
+               #state{service = #diameter_service{pid = Pid,
+                                                  applications = Apps}}
+               = S)
+  when self() == Pid ->
+    #request{app = Alias,
+             filter = Filter,
+             module = ModX}
+        = Req,
+    #diameter_app{}
+        = App
+        = lists:keyfind(Alias, #diameter_app.alias, Apps),
+
+    pick_peer(App#diameter_app{module = ModX},
+              RH,
+              Filter,
+              S).
+
+%% get_destination/1
+
+get_destination(Msg) ->
+    [str(get_avp_value(?BASE, 'Destination-Realm', Msg)),
+     str(get_avp_value(?BASE, 'Destination-Host', Msg))].
+
+%% This is not entirely correct. The avp could have an arity 1, in
+%% which case an empty list is a DiameterIdentity of length 0 rather
+%% than the list of no values we treat it as by mapping to undefined.
+%% This behaviour is documented.
+str([]) ->
+    undefined;
+str(T) ->
+    T.
+
+%% get_avp_value/3
+%%
+%% Find an AVP in a message of one of three forms:
+%%
+%% - a message record (as generated from a .dia spec) or
+%% - a list of an atom message name followed by 2-tuple, avp name/value pairs.
+%% - a list of a #diameter_header{} followed by #diameter_avp{} records,
+%%
+%% In the first two forms a dictionary module is used at encode to
+%% identify the type of the AVP and its arity in the message in
+%% question. The third form allows messages to be sent as is, without
+%% a dictionary, which is needed in the case of relay agents, for one.
+
+get_avp_value(Dict, Name, [#diameter_header{} | Avps]) ->
+    try
+        {Code, _, VId} = Dict:avp_header(Name),
+        [A|_] = lists:dropwhile(fun(#diameter_avp{code = C, vendor_id = V}) ->
+                                        C /= Code orelse V /= VId
+                                end,
+                                Avps),
+        avp_decode(Dict, Name, A)
+    catch
+        error: _ ->
+            undefined
+    end;
+
+get_avp_value(_, Name, [_MsgName | Avps]) ->
+    case lists:keyfind(Name, 1, Avps) of
+        {_, V} ->
+            V;
+        _ ->
+            undefined
+    end;
+
+%% Message is typically a record but not necessarily: diameter:call/4
+%% can be passed an arbitrary term.
+get_avp_value(Dict, Name, Rec) ->
+    try
+        Dict:'#get-'(Name, Rec)
+    catch
+        error:_ ->
+            undefined
+    end.
+
+avp_decode(Dict, Name, #diameter_avp{value = undefined,
+                                     data = Bin}) ->
+    Dict:avp(decode, Bin, Name);
+avp_decode(_, _, #diameter_avp{value = V}) ->
+    V.
+
+%%% ---------------------------------------------------------------------------
+%%% # pick_peer(App, [DestRealm, DestHost], Filter, #state{})
+%%%
+%%% Output: {TransportPid, #diameter_caps{}, App}
+%%%         | false
+%%%         | {error, Reason}
+%%% ---------------------------------------------------------------------------
+
+%% Find transports to a given realm/host.
+
+pick_peer(#diameter_app{alias = Alias}
+          = App,
+          [_,_] = RH,
+          Filter,
+          #state{local_peers = L,
+                 shared_peers = S,
+                 service_name = SvcName,
+                 service = #diameter_service{pid = Pid}}) ->
+    pick_peer(peers(Alias, RH, Filter, L),
+              peers(Alias, RH, Filter, S),
+              Pid,
+              SvcName,
+              App).
+
+%% pick_peer/5
+
+pick_peer([], [], _, _, _) ->
+    false;
+
+%% App state is mutable but we're not in the service process: go there.
+pick_peer(Local, Remote, Pid, _SvcName, #diameter_app{mutable = true} = App)
+  when self() /= Pid ->
+    call_service(Pid, {pick_peer, Local, Remote, App});
+
+%% App state isn't mutable or it is and we're in the service process:
+%% do the deed.
+pick_peer(Local,
+          Remote,
+          _Pid,
+          SvcName,
+          #diameter_app{module = ModX,
+                        alias = Alias,
+                        init_state = S,
+                        mutable = M}
+          = App) ->
+    MFA = {ModX, pick_peer, [Local, Remote, SvcName]},
+
+    try state_cb(App, MFA) of
+        {ok, {TPid, #diameter_caps{} = Caps}} when is_pid(TPid) ->
+            {TPid, Caps, App};
+        {{TPid, #diameter_caps{} = Caps}, ModS} when is_pid(TPid), M ->
+            mod_state(Alias, ModS),
+            {TPid, Caps, App};
+        {false = No, ModS} when M ->
+            mod_state(Alias, ModS),
+            No;
+        {ok, false = No} ->
+            No;
+        false = No ->
+            No;
+        {{TPid, #diameter_caps{} = Caps}, S} when is_pid(TPid) ->
+            {TPid, Caps, App};     %% Accept returned state in the immutable
+        {false = No, S} ->         %% case as long it isn't changed.
+            No;
+        T ->
+            diameter_lib:error_report({invalid, T, App}, MFA)
+    catch
+        E: Reason ->
+            diameter_lib:error_report({failure, {E, Reason, ?STACK}}, MFA)
+    end.
+
+%% peers/4
+
+peers(Alias, RH, Filter, Peers) ->
+    case ?Dict:find(Alias, Peers) of
+        {ok, L} ->
+            ps(L, RH, Filter, {[],[]});
+        error ->
+            []
+    end.
+
+%% Place a peer whose Destination-Host/Realm matches those of the
+%% request at the front of the result list. Could add some sort of
+%% 'sort' option to allow more control.
+
+ps([], _, _, {Ys, Ns}) ->
+    lists:reverse(Ys, Ns);
+ps([{_TPid, #diameter_caps{} = Caps} = TC | Rest], RH, Filter, Acc) ->
+    ps(Rest, RH, Filter, pacc(caps_filter(Caps, RH, Filter),
+                              caps_filter(Caps, RH, {all, [host, realm]}),
+                              TC,
+                              Acc)).
+
+pacc(true, true, Peer, {Ts, Fs}) ->
+    {[Peer|Ts], Fs};
+pacc(true, false, Peer, {Ts, Fs}) ->
+    {Ts, [Peer|Fs]};
+pacc(_, _, _, Acc) ->
+    Acc.
+
+%% caps_filter/3
+
+caps_filter(C, RH, {neg, F}) ->
+    not caps_filter(C, RH, F);
+
+caps_filter(C, RH, {all, L})
+  when is_list(L) ->
+    lists:all(fun(F) -> caps_filter(C, RH, F) end, L);
+
+caps_filter(C, RH, {any, L})
+  when is_list(L) ->
+    lists:any(fun(F) -> caps_filter(C, RH, F) end, L);
+
+caps_filter(#diameter_caps{origin_host = {_,OH}}, [_,DH], host) ->
+    eq(undefined, DH, OH);
+
+caps_filter(#diameter_caps{origin_realm = {_,OR}}, [DR,_], realm) ->
+    eq(undefined, DR, OR);
+
+caps_filter(C, _, Filter) ->
+    caps_filter(C, Filter).
+
+%% caps_filter/2
+
+caps_filter(_, none) ->
+    true;
+
+caps_filter(#diameter_caps{origin_host = {_,OH}}, {host, H}) ->
+    eq(any, H, OH);
+
+caps_filter(#diameter_caps{origin_realm = {_,OR}}, {realm, R}) ->
+    eq(any, R, OR);
+
+%% Anything else is expected to be an eval filter. Filter failure is
+%% documented as being equivalent to a non-matching filter.
+
+caps_filter(C, T) ->
+    try
+        {eval, F} = T,
+        diameter_lib:eval([F,C])
+    catch
+        _:_ -> false
+    end.
+
+eq(Any, Id, PeerId) ->
+    Any == Id orelse try
+                         iolist_to_binary(Id) == iolist_to_binary(PeerId)
+                     catch
+                         _:_ -> false
+                     end.
+%% OctetString() can be specified as an iolist() so test for string
+%% rather then term equality.
+
+%% transports/1
+
+transports(#state{peerT = PeerT}) ->
+    ets:select(PeerT, [{#peer{conn = '$1', _ = '_'},
+                        [{'is_pid', '$1'}],
+                        ['$1']}]).
+
+%%% ---------------------------------------------------------------------------
+%%% # service_info/2
+%%% ---------------------------------------------------------------------------
+
+%% The config passed to diameter:start_service/2.
+-define(CAP_INFO, ['Origin-Host',
+                   'Origin-Realm',
+                   'Vendor-Id',
+                   'Product-Name',
+                   'Origin-State-Id',
+                   'Host-IP-Address',
+                   'Supported-Vendor-Id',
+                   'Auth-Application-Id',
+                   'Inband-Security-Id',
+                   'Acct-Application-Id',
+                   'Vendor-Specific-Application-Id',
+                   'Firmware-Revision']).
+
+-define(ALL_INFO, [capabilities,
+                   applications,
+                   transport,
+                   pending,
+                   statistics]).
+
+service_info(Items, S)
+  when is_list(Items) ->
+    [{complete(I), service_info(I,S)} || I <- Items];
+service_info(Item, S)
+  when is_atom(Item) ->
+    service_info(Item, S, true).
+
+service_info(Item, #state{service = Svc} = S, Complete) ->
+    case Item of
+        name ->
+            S#state.service_name;
+        'Origin-Host' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.origin_host;
+        'Origin-Realm' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.origin_realm;
+        'Vendor-Id' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.vendor_id;
+        'Product-Name' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.product_name;
+        'Origin-State-Id' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.origin_state_id;
+        'Host-IP-Address' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.host_ip_address;
+        'Supported-Vendor-Id' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.supported_vendor_id;
+        'Auth-Application-Id' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.auth_application_id;
+        'Inband-Security-Id'  ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.inband_security_id;
+        'Acct-Application-Id' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.acct_application_id;
+        'Vendor-Specific-Application-Id' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.vendor_specific_application_id;
+        'Firmware-Revision' ->
+            (Svc#diameter_service.capabilities)
+                #diameter_caps.firmware_revision;
+        capabilities -> service_info(?CAP_INFO, S);
+        applications -> info_apps(S);
+        transport    -> info_transport(S);
+        pending      -> info_pending(S);
+        statistics   -> info_stats(S);
+        keys         -> ?ALL_INFO ++ ?CAP_INFO;  %% mostly for test
+        all          -> service_info(?ALL_INFO, S);
+        _ when Complete   -> service_info(complete(Item), S, false);
+        _            -> undefined
+    end.
+
+complete(Pre) ->
+    P = atom_to_list(Pre),
+    case [I || I <- [name | ?ALL_INFO] ++ ?CAP_INFO,
+               lists:prefix(P, atom_to_list(I))]
+    of
+        [I] -> I;
+        _   -> Pre
+    end.
+
+info_stats(#state{peerT = PeerT}) ->
+    Peers = ets:select(PeerT, [{#peer{ref = '$1', conn = '$2', _ = '_'},
+                                [{'is_pid', '$2'}],
+                                [['$1', '$2']]}]),
+    diameter_stats:read(lists:append(Peers)).
+%% TODO: include peer identities in return value
+
+info_transport(#state{peerT = PeerT, connT = ConnT}) ->
+    dict:fold(fun it/3,
+              [],
+              ets:foldl(fun(T,A) -> it_acc(ConnT, A, T) end,
+                        dict:new(),
+                        PeerT)).
+
+it(Ref, [[{type, connect} | _] = L], Acc) ->
+    [[{ref, Ref} | L] | Acc];
+it(Ref, [[{type, accept}, {options, Opts} | _] | _] = L, Acc) ->
+    [[{ref, Ref},
+      {type, listen},
+      {options, Opts},
+      {accept, [lists:nthtail(2,A) || A <- L]}]
+     | Acc].
+%% Each entry has the same Opts. (TODO)
+
+it_acc(ConnT, Acc, #peer{pid = Pid,
+                         type = Type,
+                         ref = Ref,
+                         options = Opts,
+                         op_state = OS,
+                         started = T,
+                         conn = TPid}) ->
+    dict:append(Ref,
+                [{type, Type},
+                 {options, Opts},
+                 {watchdog, {Pid, T, OS}}
+                 | info_conn(ConnT, TPid)],
+                Acc).
+
+info_conn(ConnT, TPid) ->
+    info_conn(ets:lookup(ConnT, TPid)).
+
+info_conn([#conn{pid = Pid, apps = SApps, caps = Caps, started = T}]) ->
+    [{peer, {Pid, T}},
+     {apps, SApps},
+     {caps, info_caps(Caps)}];
+info_conn([] = No) ->
+    No.
+
+info_caps(#diameter_caps{} = C) ->
+    lists:zip(record_info(fields, diameter_caps), tl(tuple_to_list(C))).
+
+info_apps(#state{service = #diameter_service{applications = Apps}}) ->
+    lists:map(fun mk_app/1, Apps).
+
+mk_app(#diameter_app{alias = Alias,
+                     dictionary = Dict,
+                     module = ModX,
+                     id = Id}) ->
+    [{alias, Alias},
+     {dictionary, Dict},
+     {module, ModX},
+     {id, Id}].
+
+info_pending(#state{} = S) ->
+    MatchSpec = [{{'$1',
+                   #request{transport = '$2',
+                            from = '$3',
+                            app = '$4',
+                            _ = '_'},
+                   '_'},
+                  [?ORCOND([{'==', T, '$2'} || T <- transports(S)])],
+                  [{{'$1', [{{app, '$4'}},
+                            {{transport, '$2'}},
+                            {{from, '$3'}}]}}]}],
+
+    ets:select(?REQUEST_TABLE, MatchSpec).
diff --git a/lib/diameter/src/app/diameter_service_sup.erl b/lib/diameter/src/base/diameter_service_sup.erl
index 153fff902f..153fff902f 100644
--- a/lib/diameter/src/app/diameter_service_sup.erl
+++ b/lib/diameter/src/base/diameter_service_sup.erl
diff --git a/lib/diameter/src/base/diameter_session.erl b/lib/diameter/src/base/diameter_session.erl
new file mode 100644
index 0000000000..4c468f207c
--- /dev/null
+++ b/lib/diameter/src/base/diameter_session.erl
@@ -0,0 +1,170 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_session).
+
+-export([sequence/0,
+         session_id/1,
+         origin_state_id/0]).
+
+%% towards diameter_sup
+-export([init/0]).
+
+-define(INT64, 16#FFFFFFFFFFFFFFFF).
+-define(INT32, 16#FFFFFFFF).
+
+%% ---------------------------------------------------------------------------
+%% # sequence/0
+%%
+%% Output: 32-bit
+%% ---------------------------------------------------------------------------
+
+%% 3588, 3:
+%%
+%%    Hop-by-Hop Identifier
+%%       The Hop-by-Hop Identifier is an unsigned 32-bit integer field (in
+%%       network byte order) and aids in matching requests and replies.
+%%       The sender MUST ensure that the Hop-by-Hop identifier in a request
+%%       is unique on a given connection at any given time, and MAY attempt
+%%       to ensure that the number is unique across reboots.  The sender of
+%%       an Answer message MUST ensure that the Hop-by-Hop Identifier field
+%%       contains the same value that was found in the corresponding
+%%       request.  The Hop-by-Hop identifier is normally a monotonically
+%%       increasing number, whose start value was randomly generated.  An
+%%       answer message that is received with an unknown Hop-by-Hop
+%%       Identifier MUST be discarded.
+%%
+%%    End-to-End Identifier
+%%       The End-to-End Identifier is an unsigned 32-bit integer field (in
+%%       network byte order) and is used to detect duplicate messages.
+%%       Upon reboot implementations MAY set the high order 12 bits to
+%%       contain the low order 12 bits of current time, and the low order
+%%       20 bits to a random value.  Senders of request messages MUST
+%%       insert a unique identifier on each message.  The identifier MUST
+%%       remain locally unique for a period of at least 4 minutes, even
+%%       across reboots.  The originator of an Answer message MUST ensure
+%%       that the End-to-End Identifier field contains the same value that
+%%       was found in the corresponding request.  The End-to-End Identifier
+%%       MUST NOT be modified by Diameter agents of any kind.  The
+%%       combination of the Origin-Host (see Section 6.3) and this field is
+%%       used to detect duplicates.  Duplicate requests SHOULD cause the
+%%       same answer to be transmitted (modulo the hop-by-hop Identifier
+%%       field and any routing AVPs that may be present), and MUST NOT
+%%       affect any state that was set when the original request was
+%%       processed.  Duplicate answer messages that are to be locally
+%%       consumed (see Section 6.2) SHOULD be silently discarded.
+
+-spec sequence()
+   -> diameter:'Unsigned32'().
+
+sequence() ->
+    Instr = {_Pos = 2, _Incr = 1, _Threshold = ?INT32, _SetVal = 0},
+    ets:update_counter(diameter_sequence, sequence, Instr).
+
+%% ---------------------------------------------------------------------------
+%% # origin_state_id/0
+%% ---------------------------------------------------------------------------
+
+%% 3588, 8.16:
+%%
+%%    The Origin-State-Id AVP (AVP Code 278), of type Unsigned32, is a
+%%    monotonically increasing value that is advanced whenever a Diameter
+%%    entity restarts with loss of previous state, for example upon reboot.
+%%    Origin-State-Id MAY be included in any Diameter message, including
+%%    CER.
+%%
+%%    A Diameter entity issuing this AVP MUST create a higher value for
+%%    this AVP each time its state is reset.  A Diameter entity MAY set
+%%    Origin-State-Id to the time of startup, or it MAY use an incrementing
+%%    counter retained in non-volatile memory across restarts.
+
+-spec origin_state_id()
+   -> diameter:'Unsigned32'().
+
+origin_state_id() ->
+    ets:lookup_element(diameter_sequence, origin_state_id, 2).
+
+%% ---------------------------------------------------------------------------
+%% # session_id/1
+%% ---------------------------------------------------------------------------
+
+%% 3588, 8.8:
+%%
+%%    The Session-Id MUST begin with the sender's identity encoded in the
+%%    DiameterIdentity type (see Section 4.4).  The remainder of the
+%%    Session-Id is delimited by a ";" character, and MAY be any sequence
+%%    that the client can guarantee to be eternally unique; however, the
+%%    following format is recommended, (square brackets [] indicate an
+%%    optional element):
+%%
+%%    <DiameterIdentity>;<high 32 bits>;<low 32 bits>[;<optional value>]
+%%
+%%    <high 32 bits> and <low 32 bits> are decimal representations of the
+%%    high and low 32 bits of a monotonically increasing 64-bit value.  The
+%%    64-bit value is rendered in two part to simplify formatting by 32-bit
+%%    processors.  At startup, the high 32 bits of the 64-bit value MAY be
+%%    initialized to the time, and the low 32 bits MAY be initialized to
+%%    zero.  This will for practical purposes eliminate the possibility of
+%%    overlapping Session-Ids after a reboot, assuming the reboot process
+%%    takes longer than a second.  Alternatively, an implementation MAY
+%%    keep track of the increasing value in non-volatile memory.
+%%
+%%    <optional value> is implementation specific but may include a modem's
+%%    device Id, a layer 2 address, timestamp, etc.
+
+-spec session_id(diameter:'DiameterIdentity'())
+   -> diameter:'OctetString'().
+%% Note that Session-Id has type UTF8String and that any OctetString
+%% is a UTF8String.
+
+session_id(Host) ->
+    Instr = {_Pos = 2, _Incr = 1, _Threshold = ?INT64, _Set = 0},
+    N = ets:update_counter(diameter_sequence, session_base, Instr),
+    Hi = N bsr 32,
+    Lo = N band ?INT32,
+    [Host, ";", integer_to_list(Hi),
+           ";", integer_to_list(Lo),
+           ";", atom_to_list(node())].
+
+%% ---------------------------------------------------------------------------
+%% # init/0
+%% ---------------------------------------------------------------------------
+
+init() ->
+    Now = now(),
+    random:seed(Now),
+    Time = time32(Now),
+    Seq  = (?INT32 band (Time bsl 20)) bor (random:uniform(1 bsl 20) - 1),
+    ets:insert(diameter_sequence, [{origin_state_id, Time},
+				   {session_base, Time bsl 32},
+				   {sequence, Seq}]),
+    Time.
+
+%% ---------------------------------------------------------
+%% INTERNAL FUNCTIONS
+%% ---------------------------------------------------------
+
+%% The minimum value represented by a Time value. (See diameter_types.)
+%% 32 bits extends to 2104.
+-define(TIME0, 62105714048).  %% {{1968,1,20},{3,14,8}}
+
+time32(Now) ->
+    Time = calendar:now_to_universal_time(Now),
+    Diff = calendar:datetime_to_gregorian_seconds(Time) - ?TIME0,
+    Diff band ?INT32.
diff --git a/lib/diameter/src/app/diameter_stats.erl b/lib/diameter/src/base/diameter_stats.erl
index 71479afa95..71479afa95 100644
--- a/lib/diameter/src/app/diameter_stats.erl
+++ b/lib/diameter/src/base/diameter_stats.erl
diff --git a/lib/diameter/src/app/diameter_sup.erl b/lib/diameter/src/base/diameter_sup.erl
index e5afd23dcd..e5afd23dcd 100644
--- a/lib/diameter/src/app/diameter_sup.erl
+++ b/lib/diameter/src/base/diameter_sup.erl
diff --git a/lib/diameter/src/app/diameter_sync.erl b/lib/diameter/src/base/diameter_sync.erl
index ce2db4b3a2..ce2db4b3a2 100644
--- a/lib/diameter/src/app/diameter_sync.erl
+++ b/lib/diameter/src/base/diameter_sync.erl
diff --git a/lib/diameter/src/base/diameter_types.erl b/lib/diameter/src/base/diameter_types.erl
new file mode 100644
index 0000000000..9ae289034c
--- /dev/null
+++ b/lib/diameter/src/base/diameter_types.erl
@@ -0,0 +1,596 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_types).
+
+%%
+%% Encode/decode of RFC 3588 Data Formats, Basic (section 4.2) and
+%% Derived (section 4.3).
+%%
+
+%% Basic types.
+-export(['OctetString'/2,
+         'Integer32'/2,
+         'Integer64'/2,
+         'Unsigned32'/2,
+         'Unsigned64'/2,
+         'Float32'/2,
+         'Float64'/2]).
+
+%% Derived types.
+-export(['Address'/2,
+         'Time'/2,
+         'UTF8String'/2,
+         'DiameterIdentity'/2,
+         'DiameterURI'/2,
+         'IPFilterRule'/2,
+         'QoSFilterRule'/2]).
+
+%% Functions taking the AVP name in question as second parameter.
+-export(['OctetString'/3,
+         'Integer32'/3,
+         'Integer64'/3,
+         'Unsigned32'/3,
+         'Unsigned64'/3,
+         'Float32'/3,
+         'Float64'/3,
+         'Address'/3,
+         'Time'/3,
+         'UTF8String'/3,
+         'DiameterIdentity'/3,
+         'DiameterURI'/3,
+         'IPFilterRule'/3,
+         'QoSFilterRule'/3]).
+
+-include_lib("diameter/include/diameter.hrl").
+
+-define(UINT(N,X), ((0 =< X) andalso (X < 1 bsl N))).
+-define(SINT(N,X), ((-1*(1 bsl (N-1)) < X) andalso (X < 1 bsl (N-1)))).
+
+%% The Grouped and Enumerated types are dealt with directly in
+%% generated decode modules by way of diameter_gen.hrl and
+%% diameter_codec.erl. Padding and the setting of Length and other
+%% fields are also dealt with there.
+
+%% 3588:
+%%
+%%   DIAMETER_INVALID_AVP_LENGTH        5014
+%%      The request contained an AVP with an invalid length.  A Diameter
+%%      message indicating this error MUST include the offending AVPs
+%%      within a Failed-AVP AVP.
+%%
+-define(INVALID_LENGTH(Bin), erlang:error({'DIAMETER', 5014, Bin})).
+
+%% -------------------------------------------------------------------------
+%% 3588, 4.2.  Basic AVP Data Formats
+%%
+%%    The Data field is zero or more octets and contains information
+%%    specific to the Attribute.  The format and length of the Data field
+%%    is determined by the AVP Code and AVP Length fields.  The format of
+%%    the Data field MUST be one of the following base data types or a data
+%%    type derived from the base data types.  In the event that a new Basic
+%%    AVP Data Format is needed, a new version of this RFC must be created.
+%% --------------------
+
+'OctetString'(decode, Bin)
+  when is_binary(Bin) ->
+    binary_to_list(Bin);
+
+'OctetString'(encode = M, zero) ->
+    'OctetString'(M, []);
+
+'OctetString'(encode, Str) ->
+    iolist_to_binary(Str).
+
+%% --------------------
+
+'Integer32'(decode, <<X:32/signed>>) ->
+    X;
+
+'Integer32'(decode, B) ->
+    ?INVALID_LENGTH(B);
+
+'Integer32'(encode = M, zero) ->
+    'Integer32'(M, 0);
+
+'Integer32'(encode, I)
+  when ?SINT(32,I) ->
+    <<I:32/signed>>.
+
+%% --------------------
+
+'Integer64'(decode, <<X:64/signed>>) ->
+    X;
+
+'Integer64'(decode, B) ->
+    ?INVALID_LENGTH(B);
+
+'Integer64'(encode = M, zero) ->
+    'Integer64'(M, 0);
+
+'Integer64'(encode, I)
+  when ?SINT(64,I) ->
+    <<I:64/signed>>.
+
+%% --------------------
+
+'Unsigned32'(decode, <<X:32>>) ->
+    X;
+
+'Unsigned32'(decode, B) ->
+    ?INVALID_LENGTH(B);
+
+'Unsigned32'(encode = M, zero) ->
+    'Unsigned32'(M, 0);
+
+'Unsigned32'(encode, I)
+  when ?UINT(32,I) ->
+    <<I:32>>.
+
+%% --------------------
+
+'Unsigned64'(decode, <<X:64>>) ->
+    X;
+
+'Unsigned64'(decode, B) ->
+    ?INVALID_LENGTH(B);
+
+'Unsigned64'(encode = M, zero) ->
+    'Unsigned64'(M, 0);
+
+'Unsigned64'(encode, I)
+  when ?UINT(64,I) ->
+    <<I:64>>.
+
+%% --------------------
+
+%% Decent summaries of the IEEE floating point formats can be
+%% found at http://en.wikipedia.org/wiki/IEEE_754-1985 and
+%% http://www.psc.edu/general/software/packages/ieee/ieee.php.
+%%
+%% That the bit syntax uses these formats isn't well documented but
+%% this does indeed appear to be the case. However, the bit syntax
+%% only encodes numeric values, not the standard's (signed) infinity
+%% or NaN. It also encodes any large value as 'infinity', never 'NaN'.
+%% Treat these equivalently on decode for this reason.
+%%
+%% An alternative would be to decode infinity/NaN to the largest
+%% possible float but could likely lead to misleading results if
+%% arithmetic is performed on the decoded value. Better to be explicit
+%% that precision has been lost.
+
+'Float32'(decode, <<S:1, 255:8, _:23>>) ->
+    choose(S, infinity, '-infinity');
+
+'Float32'(decode, <<X:32/float>>) ->
+    X;
+
+'Float32'(decode, B) ->
+    ?INVALID_LENGTH(B);
+
+'Float32'(encode = M, zero) ->
+    'Float32'(M, 0.0);
+
+'Float32'(encode, infinity) ->
+    <<0:1, 255:8, 0:23>>;
+
+'Float32'(encode, '-infinity') ->
+    <<1:1, 255:8, 0:23>>;
+
+'Float32'(encode, X)
+  when is_float(X) ->
+    <<X:32/float>>.
+%% Note that this could also encode infinity/-infinity for large
+%% (signed) numeric values. Note also that precision is lost just in
+%% using the floating point syntax. For example:
+%%
+%% 1> B = <<3.14159:32/float>>.
+%% <<64,73,15,208>>
+%% 2> <<F:32/float>> = B.
+%% <<64,73,15,208>>
+%% 3> F.
+%% 3.141590118408203
+%%
+%% (The 64 bit type does better.)
+
+%% --------------------
+
+%% The 64 bit format is entirely analogous to the 32 bit format.
+
+'Float64'(decode, <<S:1, 2047:11, _:52>>) ->
+    choose(S, infinity, '-infinity');
+
+'Float64'(decode, <<X:64/float>>) ->
+    X;
+
+'Float64'(decode, B) ->
+    ?INVALID_LENGTH(B);
+
+'Float64'(encode, infinity) ->
+    <<0:1, 2047:11, 0:52>>;
+
+'Float64'(encode, '-infinity') ->
+    <<1:1, 2047:11, 0:52>>;
+
+'Float64'(encode = M, zero) ->
+    'Float64'(M, 0.0);
+
+'Float64'(encode, X)
+  when is_float(X) ->
+    <<X:64/float>>.
+
+%% -------------------------------------------------------------------------
+%% 3588, 4.3.  Derived AVP Data Formats
+%%
+%%    In addition to using the Basic AVP Data Formats, applications may
+%%    define data formats derived from the Basic AVP Data Formats.  An
+%%    application that defines new AVP Derived Data Formats MUST include
+%%    them in a section entitled "AVP Derived Data Formats", using the same
+%%    format as the definitions below.  Each new definition must be either
+%%    defined or listed with a reference to the RFC that defines the
+%%    format.
+%% --------------------
+
+'Address'(encode, zero) ->
+    <<0:48>>;
+
+'Address'(decode, <<1:16, B/binary>>)
+  when size(B) == 4 ->
+    list_to_tuple(binary_to_list(B));
+
+'Address'(decode, <<2:16, B/binary>>)
+  when size(B) == 16 ->
+    list_to_tuple(v6dec(B, []));
+
+'Address'(decode, <<A:16, _/binary>> = B)
+  when 1 == A;
+       2 == A ->
+    ?INVALID_LENGTH(B);
+
+'Address'(encode, T) ->
+    ipenc(diameter_lib:ipaddr(T)).
+
+ipenc(T)
+  when is_tuple(T), size(T) == 4 ->
+    B = list_to_binary(tuple_to_list(T)),
+    <<1:16, B/binary>>;
+
+ipenc(T)
+  when is_tuple(T), size(T) == 8 ->
+    B = v6enc(lists:reverse(tuple_to_list(T)), <<>>),
+    <<2:16, B/binary>>.
+
+v6dec(<<N:16, B/binary>>, Acc) ->
+    v6dec(B, [N | Acc]);
+
+v6dec(<<>>, Acc) ->
+    lists:reverse(Acc).
+
+v6enc([N | Rest], B)
+  when ?UINT(16,N) ->
+    v6enc(Rest, <<N:16, B/binary>>);
+
+v6enc([], B) ->
+    B.
+
+%% --------------------
+
+%% A DiameterIdentity is a FQDN as definined in RFC 1035, which is at
+%% least one character.
+
+'DiameterIdentity'(encode = M, zero) ->
+    'OctetString'(M, [0]);
+
+'DiameterIdentity'(encode = M, X) ->
+    <<_,_/binary>> = 'OctetString'(M, X);
+
+'DiameterIdentity'(decode = M, <<_,_/binary>> = X) ->
+    'OctetString'(M, X).
+
+%% --------------------
+
+'DiameterURI'(decode, Bin)
+  when is_binary(Bin) ->
+    scan_uri(Bin);
+
+%% The minimal DiameterURI is "aaa://x", 7 characters.
+'DiameterURI'(encode = M, zero) ->
+    'OctetString'(M, lists:duplicate(0,7));
+
+'DiameterURI'(encode, #diameter_uri{type = Type,
+                                    fqdn = D,
+                                    port = P,
+                                    transport = T,
+                                    protocol = Prot}
+                      = U) ->
+    S = lists:append([atom_to_list(Type), "://", D,
+                      ":", integer_to_list(P),
+                      ";transport=", atom_to_list(T),
+                      ";protocol=", atom_to_list(Prot)]),
+    U = scan_uri(S), %% assert
+    list_to_binary(S);
+
+'DiameterURI'(encode, Str) ->
+    Bin = iolist_to_binary(Str),
+    #diameter_uri{} = scan_uri(Bin),  %% type check
+    Bin.
+
+%% --------------------
+
+%% This minimal rule is "deny in 0 from 0.0.0.0 to 0.0.0.0", 33 characters.
+'IPFilterRule'(encode = M, zero) ->
+    'OctetString'(M, lists:duplicate(0,33));
+
+%% TODO: parse grammar.
+'IPFilterRule'(M, X) ->
+    'OctetString'(M, X).
+
+%% --------------------
+
+%% This minimal rule is the same as for an IPFilterRule.
+'QoSFilterRule'(encode = M, zero = X) ->
+    'IPFilterRule'(M, X);
+
+%% TODO: parse grammar.
+'QoSFilterRule'(M, X) ->
+    'OctetString'(M, X).
+
+%% --------------------
+
+'UTF8String'(decode, Bin) ->
+    udec(Bin, []);
+
+'UTF8String'(encode = M, zero) ->
+    'UTF8String'(M, []);
+
+'UTF8String'(encode, S) ->
+    uenc(S, []).
+
+udec(<<>>, Acc) ->
+    lists:reverse(Acc);
+
+udec(<<C/utf8, Rest/binary>>, Acc) ->
+    udec(Rest, [C | Acc]).
+
+uenc(E, Acc)
+  when E == [];
+       E == <<>> ->
+    list_to_binary(lists:reverse(Acc));
+
+uenc(<<C/utf8, Rest/binary>>, Acc) ->
+    uenc(Rest, [<<C/utf8>> | Acc]);
+
+uenc([[] | Rest], Acc) ->
+    uenc(Rest, Acc);
+
+uenc([[H|T] | Rest], Acc) ->
+    uenc([H, T | Rest], Acc);
+
+uenc([C | Rest], Acc) ->
+    uenc(Rest, [<<C/utf8>> | Acc]).
+
+%% --------------------
+
+%% RFC 3588, 4.3:
+%%
+%%    Time
+%%       The Time format is derived from the OctetString AVP Base Format.
+%%       The string MUST contain four octets, in the same format as the
+%%       first four bytes are in the NTP timestamp format.  The NTP
+%%       Timestamp format is defined in chapter 3 of [SNTP].
+%%
+%%       This represents the number of seconds since 0h on 1 January 1900
+%%       with respect to the Coordinated Universal Time (UTC).
+%%
+%%       On 6h 28m 16s UTC, 7 February 2036 the time value will overflow.
+%%       SNTP [SNTP] describes a procedure to extend the time to 2104.
+%%       This procedure MUST be supported by all DIAMETER nodes.
+
+%% RFC 2030, 3:
+%%
+%%       As the NTP timestamp format has been in use for the last 17 years,
+%%       it remains a possibility that it will be in use 40 years from now
+%%       when the seconds field overflows. As it is probably inappropriate
+%%       to archive NTP timestamps before bit 0 was set in 1968, a
+%%       convenient way to extend the useful life of NTP timestamps is the
+%%       following convention: If bit 0 is set, the UTC time is in the
+%%       range 1968-2036 and UTC time is reckoned from 0h 0m 0s UTC on 1
+%%       January 1900. If bit 0 is not set, the time is in the range 2036-
+%%       2104 and UTC time is reckoned from 6h 28m 16s UTC on 7 February
+%%       2036. Note that when calculating the correspondence, 2000 is not a
+%%       leap year. Note also that leap seconds are not counted in the
+%%       reckoning.
+%%
+%% The statement regarding year 2000 is wrong: errata id 518 at
+%% http://www.rfc-editor.org/errata_search.php?rfc=2030 notes this.
+
+-define(TIME_1900, 59958230400).  %% {{1900,1,1},{0,0,0}}
+-define(TIME_2036, 64253197696).  %% {{2036,2,7},{6,28,16}}
+%% TIME_2036 = TIME_1900 + (1 bsl 32)
+
+%% Time maps [0, 1 bsl 31) onto [TIME_1900 + 1 bsl 31, TIME_2036 + 1 bsl 31)
+%% by taking integers with the high-order bit set relative to TIME_1900
+%% and those without relative to TIME_2036. This corresponds to the
+%% following dates.
+-define(TIME_MIN, {{1968,1,20},{3,14,8}}).  %% TIME_1900 + 1 bsl 31
+-define(TIME_MAX, {{2104,2,26},{9,42,24}}). %% TIME_2036 + 1 bsl 31
+
+'Time'(decode, <<Time:32>>) ->
+    Offset = msb(1 == Time bsr 31),
+    calendar:gregorian_seconds_to_datetime(Time + Offset);
+
+'Time'(decode, B) ->
+    ?INVALID_LENGTH(B);
+
+'Time'(encode, {{_Y,_M,_D},{_HH,_MM,_SS}} = Datetime)
+  when ?TIME_MIN =< Datetime, Datetime < ?TIME_MAX ->
+    S = calendar:datetime_to_gregorian_seconds(Datetime),
+    T = S - msb(S < ?TIME_2036),
+    0 = T bsr 32,  %% sanity check
+    <<T:32>>;
+
+'Time'(encode, zero) ->
+    <<0:32>>.
+
+%% -------------------------------------------------------------------------
+
+'OctetString'(M, _, Data) ->
+    'OctetString'(M, Data).
+
+'Integer32'(M, _, Data) ->
+    'Integer32'(M, Data).
+
+'Integer64'(M, _, Data) ->
+    'Integer64'(M, Data).
+
+'Unsigned32'(M, _, Data) ->
+    'Unsigned32'(M, Data).
+
+'Unsigned64'(M, _, Data) ->
+    'Unsigned64'(M, Data).
+
+'Float32'(M, _, Data) ->
+    'Float32'(M, Data).
+
+'Float64'(M, _, Data) ->
+    'Float64'(M, Data).
+
+'Address'(M, _, Data) ->
+    'Address'(M, Data).
+
+'Time'(M, _, Data) ->
+    'Time'(M, Data).
+
+'UTF8String'(M, _, Data) ->
+    'UTF8String'(M, Data).
+
+'DiameterIdentity'(M, _, Data) ->
+    'DiameterIdentity'(M, Data).
+
+'DiameterURI'(M, _, Data) ->
+    'DiameterURI'(M, Data).
+
+'IPFilterRule'(M, _, Data) ->
+    'IPFilterRule'(M, Data).
+
+'QoSFilterRule'(M, _, Data) ->
+    'QoSFilterRule'(M, Data).
+
+%% ===========================================================================
+%% ===========================================================================
+
+choose(0, X, _) -> X;
+choose(1, _, X) -> X.
+
+msb(true)  -> ?TIME_1900;
+msb(false) -> ?TIME_2036.
+
+%% RFC 3588, 4.3:
+%%
+%%       The DiameterURI MUST follow the Uniform Resource Identifiers (URI)
+%%       syntax [URI] rules specified below:
+%%
+%%       "aaa://" FQDN [ port ] [ transport ] [ protocol ]
+%%
+%%                       ; No transport security
+%%
+%%       "aaas://" FQDN [ port ] [ transport ] [ protocol ]
+%%
+%%                       ; Transport security used
+%%
+%%       FQDN               = Fully Qualified Host Name
+%%
+%%       port               = ":" 1*DIGIT
+%%
+%%                       ; One of the ports used to listen for
+%%                       ; incoming connections.
+%%                       ; If absent,
+%%                       ; the default Diameter port (3868) is
+%%                       ; assumed.
+%%
+%%       transport          = ";transport=" transport-protocol
+%%
+%%                       ; One of the transports used to listen
+%%                       ; for incoming connections.  If absent,
+%%                       ; the default SCTP [SCTP] protocol is
+%%                       ; assumed.  UDP MUST NOT be used when
+%%                       ; the aaa-protocol field is set to
+%%                       ; diameter.
+%%
+%%       transport-protocol = ( "tcp" / "sctp" / "udp" )
+%%
+%%       protocol           = ";protocol=" aaa-protocol
+%%
+%%                       ; If absent, the default AAA protocol
+%%                       ; is diameter.
+%%
+%%       aaa-protocol       = ( "diameter" / "radius" / "tacacs+" )
+
+scan_uri(Bin)
+  when is_binary(Bin) ->
+    scan_uri(binary_to_list(Bin));
+scan_uri("aaa://" ++ Rest) ->
+    scan_fqdn(Rest, #diameter_uri{type = aaa});
+scan_uri("aaas://" ++ Rest) ->
+    scan_fqdn(Rest, #diameter_uri{type = aaas}).
+
+scan_fqdn(S, U) ->
+    {[_|_] = F, Rest} = lists:splitwith(fun is_fqdn/1, S),
+    scan_opt_port(Rest, U#diameter_uri{fqdn = F}).
+
+scan_opt_port(":" ++ S, U) ->
+    {[_|_] = P, Rest} = lists:splitwith(fun is_digit/1, S),
+    scan_opt_transport(Rest, U#diameter_uri{port = list_to_integer(P)});
+scan_opt_port(S, U) ->
+    scan_opt_transport(S, U).
+
+scan_opt_transport(";transport=" ++ S, U) ->
+    {P, Rest} = transport(S),
+    scan_opt_protocol(Rest, U#diameter_uri{transport = P});
+scan_opt_transport(S, U) ->
+    scan_opt_protocol(S, U).
+
+scan_opt_protocol(";protocol=" ++ S, U) ->
+    {P, ""} = protocol(S),
+    U#diameter_uri{protocol = P};
+scan_opt_protocol("", U) ->
+    U.
+
+transport("tcp" ++ S) ->
+    {tcp, S};
+transport("sctp" ++ S) ->
+    {sctp, S};
+transport("udp" ++ S) ->
+    {udp, S}.
+
+protocol("diameter" ++ S) ->
+    {diameter, S};
+protocol("radius" ++ S) ->
+    {radius, S};
+protocol("tacacs+" ++ S) ->
+    {'tacacs+', S}.
+
+is_fqdn(C) ->
+    is_digit(C) orelse is_alpha(C) orelse C == $. orelse C == $-.
+
+is_alpha(C) ->
+    ($a =< C andalso C =< $z) orelse ($A =< C andalso C =< $Z).
+
+is_digit(C) ->
+    $0 =< C andalso C =< $9.
diff --git a/lib/diameter/src/base/diameter_watchdog.erl b/lib/diameter/src/base/diameter_watchdog.erl
new file mode 100644
index 0000000000..fb22fd8275
--- /dev/null
+++ b/lib/diameter/src/base/diameter_watchdog.erl
@@ -0,0 +1,595 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% This module implements (as a process) the state machine documented
+%% in Appendix A of RFC 3539.
+%%
+
+-module(diameter_watchdog).
+-behaviour(gen_server).
+
+%% towards diameter_service
+-export([start/2]).
+
+%% gen_server callbacks
+-export([init/1,
+         handle_call/3,
+         handle_cast/2,
+         handle_info/2,
+         terminate/2,
+         code_change/3]).
+
+%% diameter_watchdog_sup callback
+-export([start_link/1]).
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_internal.hrl").
+
+-define(DEFAULT_TW_INIT, 30000). %% RFC 3539 ch 3.4.1
+
+-record(watchdog,
+        {%% PCB - Peer Control Block; see RFC 3539, Appendix A
+         status = initial :: initial | okay | suspect | down | reopen,
+         pending = false  :: boolean(),
+         tw :: 6000..16#FFFFFFFF | {module(), atom(), list()},
+                                %% {M,F,A} -> integer() >= 0
+         num_dwa = 0 :: -1 | non_neg_integer(),
+                     %% number of DWAs received during reopen
+         %% end PCB
+         parent = self() :: pid(),
+         transport       :: pid(),
+         tref :: reference(), %% reference for current watchdog timer
+         message_data}).   %% term passed into diameter_service with message
+
+%% start/2
+%%
+%% Start a monitor before the watchdog is allowed to proceed to ensure
+%% that a failed capabilities exchange produces the desired exit
+%% reason.
+
+start({_,_} = Type, T) ->
+    Ref = make_ref(),
+    {ok, Pid} = diameter_watchdog_sup:start_child({Ref, {Type, self(), T}}),
+    try
+        {erlang:monitor(process, Pid), Pid}
+    after
+        Pid ! Ref
+    end.
+
+start_link(T) ->
+    {ok, _} = proc_lib:start_link(?MODULE,
+                                  init,
+                                  [T],
+                                  infinity,
+                                  diameter_lib:spawn_opts(server, [])).
+
+%% ===========================================================================
+%% ===========================================================================
+
+%% init/1
+
+init(T) ->
+    proc_lib:init_ack({ok, self()}),
+    gen_server:enter_loop(?MODULE, [], i(T)).
+
+i({Ref, {_, Pid, _} = T}) ->
+    MRef = erlang:monitor(process, Pid),
+    receive
+        Ref ->
+            make_state(T);
+        {'DOWN', MRef, process, _, _} = D ->
+            exit({shutdown, D})
+    end;
+
+i({_, Pid, _} = T) ->  %% from old code
+    erlang:monitor(process, Pid),
+    make_state(T).
+
+make_state({T, Pid, {ConnT,
+                     Opts,
+                     SvcName,
+                     #diameter_service{applications = Apps,
+                                       capabilities = Caps}
+                     = Svc}}) ->
+    random:seed(now()),
+    putr(restart, {T, Opts, Svc}),  %% save seeing it in trace
+    putr(dwr, dwr(Caps)),           %%
+    #watchdog{parent = Pid,
+              transport = monitor(diameter_peer_fsm:start(T, Opts, Svc)),
+              tw = proplists:get_value(watchdog_timer,
+                                       Opts,
+                                       ?DEFAULT_TW_INIT),
+              message_data = {ConnT, SvcName, Apps}}.
+
+%% handle_call/3
+
+handle_call(_, _, State) ->
+    {reply, nok, State}.
+
+%% handle_cast/2
+
+handle_cast(_, State) ->
+    {noreply, State}.
+
+%% handle_info/2
+
+handle_info(T, State) ->
+    case transition(T, State) of
+        ok ->
+            {noreply, State};
+        #watchdog{status = X} = S ->
+            ?LOGC(X =/= State#watchdog.status, transition, X),
+            {noreply, S};
+        stop ->
+            ?LOG(stop, T),
+            {stop, {shutdown, T}, State}
+    end.
+
+%% terminate/2
+
+terminate(_, _) ->
+    ok.
+
+%% code_change/3
+
+code_change(_, State, _) ->
+    {ok, State}.
+
+%% ===========================================================================
+%% ===========================================================================
+
+%% transition/2
+%%
+%% The state transitions documented here are extracted from RFC 3539,
+%% the commentary is ours.
+
+%% Service or watchdog is telling the watchdog of an accepting
+%% transport to die after reconnect_timer expiry or reestablished
+%% connection (in another transport process) respectively.
+transition(close, #watchdog{status = down}) ->
+    {{accept, _}, _, _} = getr(restart), %% assert
+    stop;
+transition(close, #watchdog{}) ->
+    ok;
+
+%% Service is asking for the peer to be taken down gracefully.
+transition({shutdown, Pid}, #watchdog{parent = Pid,
+                                      transport = undefined,
+                                      status = S}) ->
+    down = S,  %% sanity check
+    stop;
+transition({shutdown = T, Pid}, #watchdog{parent = Pid,
+                                          transport = TPid}) ->
+    TPid ! {T, self()},
+    ok;
+
+%% Parent process has died,
+transition({'DOWN', _, process, Pid, _Reason},
+           #watchdog{parent = Pid}) ->
+    stop;
+
+%% Transport has accepted a connection.
+transition({accepted = T, TPid}, #watchdog{transport = TPid,
+                                           parent = Pid}) ->
+    Pid ! {T, self(), TPid},
+    ok;
+
+%% Transport is telling us that its impending death isn't failure.
+transition({close, TPid, _Reason}, #watchdog{transport = TPid}) ->
+    stop;
+
+%%   STATE         Event                Actions              New State
+%%   =====         ------               -------              ----------
+%%   INITIAL       Connection up        SetWatchdog()        OKAY
+
+%% By construction, the watchdog timer isn't set until we move into
+%% state okay as the result of the Peer State Machine reaching the
+%% Open state.
+%%
+%% If we're accepting then we may be resuming a connection that went
+%% down in another watchdog process, in which case this is the
+%% transition below, from down to reopen. That is, it's not until we
+%% know the identity of the peer (ie. now) that we know that we're in
+%% state down rather than initial.
+
+transition({open, TPid, Hosts, T} = Open,
+           #watchdog{transport = TPid,
+                     status = initial,
+                     parent = Pid}
+           = S) ->
+    case okay(getr(restart), Hosts) of
+        okay ->
+            open(Pid, {TPid, T}),
+            set_watchdog(S#watchdog{status = okay});
+        reopen ->
+            transition(Open, S#watchdog{status = down})
+    end;
+
+%%   DOWN          Connection up        NumDWA = 0
+%%                                      SendWatchdog()
+%%                                      SetWatchdog()
+%%                                      Pending = TRUE       REOPEN
+
+transition({open = P, TPid, _Hosts, T},
+           #watchdog{transport = TPid,
+                     status = down}
+           = S) ->
+    %% Store the info we need to notify the parent to reopen the
+    %% connection after the requisite DWA's are received, at which
+    %% time we eraser(open).
+    putr(P, {TPid, T}),
+    set_watchdog(send_watchdog(S#watchdog{status = reopen,
+                                          num_dwa = 0}));
+
+%%   OKAY          Connection down      CloseConnection()
+%%                                      Failover()
+%%                                      SetWatchdog()        DOWN
+%%   SUSPECT       Connection down      CloseConnection()
+%%                                      SetWatchdog()        DOWN
+%%   REOPEN        Connection down      CloseConnection()
+%%                                      SetWatchdog()        DOWN
+
+transition({'DOWN', _, process, TPid, _},
+           #watchdog{transport = TPid,
+                     status = initial}) ->
+    stop;
+
+transition({'DOWN', _, process, Pid, _},
+           #watchdog{transport = Pid}
+           = S) ->
+    failover(S),
+    close(S),
+    set_watchdog(S#watchdog{status = down,
+                            pending = false,
+                            transport = undefined});
+%% Any outstanding pending (or other messages from the transport) will
+%% have arrived before 'DOWN' since the message comes from the same
+%% process. Note that we could also get this message in the initial
+%% state.
+
+%% Incoming message.
+transition({recv, TPid, Name, Pkt}, #watchdog{transport = TPid} = S) ->
+    recv(Name, Pkt, S);
+
+%% Current watchdog has timed out.
+transition({timeout, TRef, tw}, #watchdog{tref = TRef} = S) ->
+    set_watchdog(timeout(S));
+
+%% Timer was canceled after message was already sent.
+transition({timeout, _, tw}, #watchdog{}) ->
+    ok;
+
+%% State query.
+transition({state, Pid}, #watchdog{status = S}) ->
+    Pid ! {self(), S},
+    ok.
+
+%% ===========================================================================
+
+monitor(Pid) ->
+    erlang:monitor(process, Pid),
+    Pid.
+
+putr(Key, Val) ->
+    put({?MODULE, Key}, Val).
+
+getr(Key) ->
+    get({?MODULE, Key}).
+
+eraser(Key) ->
+    erase({?MODULE, Key}).
+
+%% encode/1
+
+encode(Msg) ->
+    #diameter_packet{bin = Bin} = diameter_codec:encode(?BASE, Msg),
+    Bin.
+
+%% okay/2
+
+okay({{accept, Ref}, _, _}, Hosts) ->
+    T = {?MODULE, connection, Ref, Hosts},
+    diameter_reg:add(T),
+    okay(diameter_reg:match(T));
+%% Register before matching so that at least one of two registering
+%% processes will match the other. (Which can't happen as long as
+%% diameter_peer_fsm guarantees at most one open connection to the same
+%% peer.)
+
+okay({{connect, _}, _, _}, _) ->
+    okay.
+
+%% The peer hasn't been connected recently ...
+okay([{_,P}]) ->
+    P = self(),  %% assert
+    okay;
+
+%% ... or it has.
+okay(C) ->
+    [_|_] = [P ! close || {_,P} <- C, self() /= P],
+    reopen.
+
+%% set_watchdog/1
+
+set_watchdog(#watchdog{tw = TwInit,
+                       tref = TRef}
+             = S) ->
+    cancel(TRef),
+    S#watchdog{tref = erlang:start_timer(tw(TwInit), self(), tw)}.
+
+cancel(undefined) ->
+    ok;
+cancel(TRef) ->
+    erlang:cancel_timer(TRef).
+
+tw(T)
+  when is_integer(T), T >= 6000 ->
+    T - 2000 + (random:uniform(4001) - 1); %% RFC3539 jitter of +/- 2 sec.
+tw({M,F,A}) ->
+    apply(M,F,A).
+
+%% open/2
+
+open(Pid, {_,_} = T) ->
+    Pid ! {connection_up, self(), T}.
+
+%% failover/1
+
+failover(#watchdog{status = okay,
+                   parent = Pid}) ->
+    Pid ! {connection_down, self()};
+
+failover(_) ->
+    ok.
+
+%% close/1
+
+close(#watchdog{status = down}) ->
+    ok;
+
+close(#watchdog{parent = Pid}) ->
+    {{T, _}, _, _} = getr(restart),
+    T == accept andalso (Pid ! {close, self()}).
+
+%% send_watchdog/1
+
+send_watchdog(#watchdog{pending = false,
+                        transport = TPid}
+              = S) ->
+    TPid ! {send, encode(getr(dwr))},
+    ?LOG(send, 'DWR'),
+    S#watchdog{pending = true}.
+
+%% recv/3
+
+recv(Name, Pkt, S) ->
+    try rcv(Name, S) of
+        #watchdog{} = NS ->
+            rcv(Name, Pkt, S),
+            NS
+    catch
+        throw: {?MODULE, throwaway, #watchdog{} = NS} ->
+            NS
+    end.
+
+%% rcv/3
+
+rcv(N, _, _)
+  when N == 'CER';
+       N == 'CEA';
+       N == 'DWR';
+       N == 'DWA';
+       N == 'DPR';
+       N == 'DPA' ->
+    false;
+
+rcv(_, Pkt, #watchdog{transport = TPid,
+                      message_data = T}) ->
+    diameter_service:receive_message(TPid, Pkt, T).
+
+throwaway(S) ->
+    throw({?MODULE, throwaway, S}).
+
+%% rcv/2
+
+%%   INITIAL       Receive DWA          Pending = FALSE
+%%                                      Throwaway()          INITIAL
+%%   INITIAL       Receive non-DWA      Throwaway()          INITIAL
+
+rcv('DWA', #watchdog{status = initial} = S) ->
+    throwaway(S#watchdog{pending = false});
+
+rcv(_, #watchdog{status = initial} = S) ->
+    throwaway(S);
+
+%%   DOWN          Receive DWA          Pending = FALSE
+%%                                      Throwaway()          DOWN
+%%   DOWN          Receive non-DWA      Throwaway()          DOWN
+
+rcv('DWA', #watchdog{status = down} = S) ->
+    throwaway(S#watchdog{pending = false});
+
+rcv(_, #watchdog{status = down} = S) ->
+    throwaway(S);
+
+%%   OKAY          Receive DWA          Pending = FALSE
+%%                                      SetWatchdog()        OKAY
+%%   OKAY          Receive non-DWA      SetWatchdog()        OKAY
+
+rcv('DWA', #watchdog{status = okay} = S) ->
+    set_watchdog(S#watchdog{pending = false});
+
+rcv(_, #watchdog{status = okay} = S) ->
+    set_watchdog(S);
+
+%%   SUSPECT       Receive DWA          Pending = FALSE
+%%                                      Failback()
+%%                                      SetWatchdog()        OKAY
+%%   SUSPECT       Receive non-DWA      Failback()
+%%                                      SetWatchdog()        OKAY
+
+rcv('DWA', #watchdog{status = suspect} = S) ->
+    failback(S),
+    set_watchdog(S#watchdog{status = okay,
+                            pending = false});
+
+rcv(_, #watchdog{status = suspect} = S) ->
+    failback(S),
+    set_watchdog(S#watchdog{status = okay});
+
+%%   REOPEN        Receive DWA &        Pending = FALSE
+%%                 NumDWA == 2          NumDWA++
+%%                                      Failback()           OKAY
+
+rcv('DWA', #watchdog{status = reopen,
+                     num_dwa = 2 = N,
+                     parent = Pid}
+           = S) ->
+    open(Pid, eraser(open)),
+    S#watchdog{status = okay,
+               num_dwa = N+1,
+               pending = false};
+
+%%   REOPEN        Receive DWA &        Pending = FALSE
+%%                 NumDWA < 2           NumDWA++             REOPEN
+
+rcv('DWA', #watchdog{status = reopen,
+                     num_dwa = N}
+           = S) ->
+    S#watchdog{num_dwa = N+1,
+               pending = false};
+
+%%   REOPEN        Receive non-DWA      Throwaway()          REOPEN
+
+rcv(_, #watchdog{status = reopen} = S) ->
+    throwaway(S).
+
+%% failback/1
+
+failback(#watchdog{parent = Pid}) ->
+    Pid ! {connection_up, self()}.
+
+%% timeout/1
+%%
+%% The caller sets the watchdog on the return value.
+
+%%   OKAY          Timer expires &      SendWatchdog()
+%%                 !Pending             SetWatchdog()
+%%                                      Pending = TRUE       OKAY
+%%   REOPEN        Timer expires &      SendWatchdog()
+%%                 !Pending             SetWatchdog()
+%%                                      Pending = TRUE       REOPEN
+
+timeout(#watchdog{status = T,
+                  pending = false}
+        = S)
+  when T == okay;
+       T == reopen ->
+    send_watchdog(S);
+
+%%   OKAY          Timer expires &      Failover()
+%%                 Pending              SetWatchdog()        SUSPECT
+
+timeout(#watchdog{status = okay,
+                  pending = true}
+  = S) ->
+    failover(S),
+    S#watchdog{status = suspect};
+
+%%   SUSPECT       Timer expires        CloseConnection()
+%%                                      SetWatchdog()        DOWN
+%%   REOPEN        Timer expires &      CloseConnection()
+%%                 Pending &            SetWatchdog()
+%%                 NumDWA < 0                                DOWN
+
+timeout(#watchdog{status = T,
+                  pending = P,
+                  num_dwa = N,
+                  transport = TPid}
+        = S)
+  when T == suspect;
+       T == reopen, P, N < 0 ->
+    exit(TPid, shutdown),
+    close(S),
+    S#watchdog{status = down};
+
+%%   REOPEN        Timer expires &      NumDWA = -1
+%%                 Pending &            SetWatchdog()
+%%                 NumDWA >= 0                               REOPEN
+
+timeout(#watchdog{status = reopen,
+                  pending = true,
+                  num_dwa = N}
+        = S)
+  when 0 =< N ->
+    S#watchdog{num_dwa = -1};
+
+%%   DOWN          Timer expires        AttemptOpen()
+%%                                      SetWatchdog()        DOWN
+%%   INITIAL       Timer expires        AttemptOpen()
+%%                                      SetWatchdog()        INITIAL
+
+%% RFC 3539, 3.4.1:
+%%
+%%   [5] While the connection is in the closed state, the AAA client MUST
+%%       NOT attempt to send further watchdog messages on the connection.
+%%       However, after the connection is closed, the AAA client continues
+%%       to periodically attempt to reopen the connection.
+%%
+%%       The AAA client SHOULD wait for the transport layer to report
+%%       connection failure before attempting again, but MAY choose to
+%%       bound this wait time by the watchdog interval, Tw.
+
+%% Don't bound, restarting the peer process only when the previous
+%% process has died. We only need to handle state down since we start
+%% the first watchdog when transitioning out of initial.
+
+timeout(#watchdog{status = down} = S) ->
+    restart(S).
+
+%% restart/1
+
+restart(#watchdog{transport = undefined} = S) ->
+    restart(getr(restart), S);
+restart(S) ->
+    S.
+
+%% Only restart the transport in the connecting case. For an accepting
+%% transport, we've registered the peer connection when leaving state
+%% initial and this is used by a new accepting process to realize that
+%% it's actually in state down rather then initial when receiving
+%% notification of an open connection.
+
+restart({{connect, _} = T, Opts, Svc}, #watchdog{parent = Pid} = S) ->
+    Pid ! {reconnect, self()},
+    S#watchdog{transport = monitor(diameter_peer_fsm:start(T, Opts, Svc))};
+restart({{accept, _}, _, _}, S) ->
+    S.
+%% Don't currently use Opts/Svc in the accept case but having them in
+%% the process dictionary is helpful if the process dies unexpectedly.
+
+%% dwr/1
+
+dwr(#diameter_caps{origin_host = OH,
+                   origin_realm = OR,
+                   origin_state_id = OSI}) ->
+    ['DWR', {'Origin-Host', OH},
+            {'Origin-Realm', OR},
+            {'Origin-State-Id', OSI}].
diff --git a/lib/diameter/src/app/diameter_watchdog_sup.erl b/lib/diameter/src/base/diameter_watchdog_sup.erl
index fc837fe4ef..fc837fe4ef 100644
--- a/lib/diameter/src/app/diameter_watchdog_sup.erl
+++ b/lib/diameter/src/base/diameter_watchdog_sup.erl
diff --git a/lib/diameter/src/compiler/.gitignore b/lib/diameter/src/compiler/.gitignore
deleted file mode 100644
index d9f072e262..0000000000
--- a/lib/diameter/src/compiler/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-
-/depend.mk
-
diff --git a/lib/diameter/src/compiler/Makefile b/lib/diameter/src/compiler/Makefile
deleted file mode 100644
index 779013bfbc..0000000000
--- a/lib/diameter/src/compiler/Makefile
+++ /dev/null
@@ -1,131 +0,0 @@
-#
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-#
-#
-
-ifneq ($(ERL_TOP),)
-include $(ERL_TOP)/make/target.mk
-EBIN = ../../ebin
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-else
-include $(DIAMETER_TOP)/make/target.mk
-EBIN = ../../ebin
-include $(DIAMETER_TOP)/make/$(TARGET)/rules.mk
-endif
-
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../../vsn.mk
-VSN=$(DIAMETER_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-
-RELSYSDIR = $(RELEASE_PATH)/lib/diameter-$(VSN)
-
-INCDIR = ../../include
-
-# ----------------------------------------------------
-# Target Specs
-# ----------------------------------------------------
-
-include modules.mk
-
-ERL_FILES = \
-	$(MODULES:%=%.erl)
-
-TARGET_FILES = \
-	$(MODULES:%=$(EBIN)/%.$(EMULATOR))
-
-# ----------------------------------------------------
-# FLAGS
-# ----------------------------------------------------
-
-ifeq ($(TYPE),debug)
-ERL_COMPILE_FLAGS += -Ddebug
-endif
-
-include ../app/diameter.mk
-
-ERL_COMPILE_FLAGS += \
-	$(DIAMETER_ERL_COMPILE_FLAGS) \
-	-I$(INCDIR)
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-
-debug:
-	@${MAKE} TYPE=debug opt
-
-opt: $(TARGET_FILES)
-
-clean:
-	rm -f $(TARGET_FILES) 
-	rm -f errs core *~
-	rm -f depend.mk
-
-docs:
-
-info:
-	@echo ""
-	@echo "ERL_FILES = $(ERL_FILES)"
-	@echo "HRL_FILES = $(HRL_FILES)"
-	@echo ""
-	@echo "TARGET_FILES = $(TARGET_FILES)"
-	@echo ""
-
-# ----------------------------------------------------
-# Release Target
-# ----------------------------------------------------
-ifneq ($(ERL_TOP),)
-include $(ERL_TOP)/make/otp_release_targets.mk
-else
-include $(DIAMETER_TOP)/make/release_targets.mk
-endif
-
-release_spec: opt
-	$(INSTALL_DIR)  $(RELSYSDIR)/ebin
-	$(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin
-	$(INSTALL_DIR)  $(RELSYSDIR)/src
-	$(INSTALL_DIR)  $(RELSYSDIR)/src/compiler
-	$(INSTALL_DATA) $(ERL_FILES) $(HRL_FILES) $(RELSYSDIR)/src/compiler
-
-release_docs_spec:
-
-force:
-
-# ----------------------------------------------------
-# Dependencies
-# ----------------------------------------------------
-
-depend: depend.mk
-
-# Generate dependencies makefile.
-depend.mk: ../app/depend.sed $(ERL_FILES) Makefile
-	for f in $(MODULES); do \
-	    sed -f $< $$f.erl | sed "s@/@/$$f@"; \
-	done \
-	> $@
-
--include depend.mk
-
-.PHONY: clean debug depend docs force info opt release_docs_spec release_spec
diff --git a/lib/diameter/src/compiler/diameter_codegen.erl b/lib/diameter/src/compiler/diameter_codegen.erl
index a33b07a3d3..1e31c40afe 100644
--- a/lib/diameter/src/compiler/diameter_codegen.erl
+++ b/lib/diameter/src/compiler/diameter_codegen.erl
@@ -20,17 +20,18 @@
 -module(diameter_codegen).
 
 %%
-%% This module generates .erl and .hrl files for encode/decode
-%% modules from the orddict parsed from a .dia (aka spec) file by
-%% dis_spec_util. The generated code is very simple (one-liners), the
-%% generated functions being called by code included from dis_gen.hrl
-%% in order to encode/decode messages and AVPs. The orddict itself is
-%% returned by dict/0 in the generated module and dis_spec_util calls
-%% this function when importing spec files. (That is, beam has to be
-%% compiled from an imported spec file before it can be imported.)
+%% This module generates erl/hrl files for encode/decode modules
+%% from the orddict parsed from a dictionary file (.dia) by
+%% diameter_dict_util. The generated code is simple (one-liners),
+%% the generated functions being called by code included iin the
+%% generated modules from diameter_gen.hrl. The orddict itself is
+%% returned by dict/0 in the generated module and diameter_dict_util
+%% calls this function when importing dictionaries as a consequence
+%% of @inherits sections. That is, @inherits introduces a dependency
+%% on the beam file of another dictionary.
 %%
 
--export([from_spec/4]).
+-export([from_dict/4]).
 
 %% Internal exports (for test).
 -export([file/1,
@@ -38,17 +39,23 @@
          file/3]).
 
 -include("diameter_forms.hrl").
+-include("diameter_vsn.hrl").
 
-%% Generated functions that could have no generated clauses will have
-%% a trailing ?UNEXPECTED clause that should never execute.
--define(UNEXPECTED(N), {?clause, [?VAR('_') || _ <- lists:seq(1,N)],
-                        [],
-                        [?APPLY(erlang,
-                                error,
-                                [?TERM({unexpected, getr(module)})])]}).
+-define(S, atom_to_list).
+-define(A, list_to_atom).
 
+-define(Atom(T), ?ATOM(?A(T))).
 
-from_spec(File, Spec, Opts, Mode) ->
+%% ===========================================================================
+
+-spec from_dict(File, Spec, Opts, Mode)
+   -> ok
+ when File :: string(),
+      Spec :: orddict:orddict(),
+      Opts :: list(),
+      Mode :: spec | erl | hrl.
+
+from_dict(File, Spec, Opts, Mode) ->
     Outdir = proplists:get_value(outdir, Opts, "."),
     putr(verbose, lists:member(verbose, Opts)),
     putr(debug,   lists:member(debug, Opts)),
@@ -73,7 +80,7 @@ getr(Key) ->
 %% ===========================================================================
 %% ===========================================================================
 
-%% Generate from parsed spec in a file.
+%% Generate from parsed dictionary in a file.
 
 file(F) ->
     file(F, spec).
@@ -83,55 +90,46 @@ file(F, Mode) ->
 
 file(F, Outdir, Mode) ->
     {ok, [Spec]} = file:consult(F),
-    from_spec(F, Spec, Outdir, Mode).
+    from_dict(F, Spec, Outdir, Mode).
 
 %% ===========================================================================
 %% ===========================================================================
 
-choose(true, X, _)  -> X;
-choose(false, _, X) -> X.
-
 get_value(Key, Plist) ->
     proplists:get_value(Key, Plist, []).
 
-write(Path, [C|_] = Spec)
-  when is_integer(C) ->
-    w(Path, Spec, "~s");
-write(Path, Spec) ->
-    w(Path, Spec, "~p.").
+write(Path, Str) ->
+    w(Path, Str, "~s").
 
-w(Path, Spec, Fmt) ->
+write_term(Path, T) ->
+    w(Path, T, "~p.").
+
+w(Path, T, Fmt) ->
     {ok, Fd} = file:open(Path, [write]),
-    io:fwrite(Fd, Fmt ++ "~n", [Spec]),
+    io:fwrite(Fd, Fmt ++ "~n", [T]),
     file:close(Fd).
 
 codegen(File, Spec, Outdir, Mode) ->
     Mod = mod(File, orddict:find(name, Spec)),
     Path = filename:join(Outdir, Mod),  %% minus extension
-    gen(Mode, Spec, Mod, Path),
+    gen(Mode, Spec, ?A(Mod), Path),
     ok.
 
 mod(File, error) ->
     filename:rootname(filename:basename(File));
 mod(_, {ok, Mod}) ->
-    atom_to_list(Mod).
+    Mod.
 
 gen(spec, Spec, _Mod, Path) ->
-    write(Path ++ ".spec", Spec);
+    write_term(Path ++ ".spec", [?VERSION | Spec]);
 
 gen(hrl, Spec, Mod, Path) ->
     gen_hrl(Path ++ ".hrl", Mod, Spec);
 
-gen(erl = Mode, Spec, Mod, Path)
-  when is_list(Mod) ->
-    gen(Mode, Spec, list_to_atom(Mod), Path);
-
 gen(erl, Spec, Mod, Path) ->
-    putr(module, Mod),  %% used by ?UNEXPECTED.
-
     Forms = [{?attribute, module, Mod},
              {?attribute, compile, [{parse_transform, diameter_exprecs}]},
-             {?attribute, compile, [nowarn_unused_function]},
+             {?attribute, compile, [{parse_transform, diameter_nowarn}]},
              {?attribute, export, [{name, 0},
                                    {id, 0},
                                    {vendor_id, 0},
@@ -175,7 +173,7 @@ gen(erl, Spec, Mod, Path) ->
     gen_erl(Path, insert_hrl_forms(Spec, Forms)).
 
 gen_erl(Path, Forms) ->
-    getr(debug) andalso write(Path ++ ".forms", Forms),
+    getr(debug) andalso write_term(Path ++ ".forms", Forms),
     write(Path ++ ".erl",
           header() ++ erl_prettypr:format(erl_syntax:form_list(Forms))).
 
@@ -224,16 +222,16 @@ a_record(Prefix, ProjF, L) ->
     lists:map(fun(T) -> a_record(ProjF(T), Prefix) end, L).
 
 a_record({Nm, Avps}, Prefix) ->
-    Name = list_to_atom(Prefix ++ atom_to_list(Nm)),
+    Name = list_to_atom(Prefix ++ Nm),
     Fields = lists:map(fun field/1, Avps),
     {?attribute, record, {Name, Fields}}.
 
 field(Avp) ->
     {Name, Arity} = avp_info(Avp),
     if 1 == Arity ->
-            {?record_field, ?ATOM(Name)};
+            {?record_field, ?Atom(Name)};
        true ->
-            {?record_field, ?ATOM(Name), ?NIL}
+            {?record_field, ?Atom(Name), ?NIL}
     end.
 
 %%% ------------------------------------------------------------------------
@@ -256,25 +254,33 @@ c_id({ok, Id}) ->
     {?clause, [], [], [?INTEGER(Id)]};
 
 c_id(error) ->
-    ?UNEXPECTED(0).
+    ?BADARG(0).
 
 %%% ------------------------------------------------------------------------
 %%% # vendor_id/0
 %%% ------------------------------------------------------------------------
 
 f_vendor_id(Spec) ->
-    {Id, _} = orddict:fetch(vendor, Spec),
     {?function, vendor_id, 0,
-     [{?clause, [], [], [?INTEGER(Id)]}]}.
+     [{?clause, [], [], [b_vendor_id(orddict:find(vendor, Spec))]}]}.
+
+b_vendor_id({ok, {Id, _}}) ->
+    ?INTEGER(Id);
+b_vendor_id(error) ->
+    ?APPLY(erlang, error, [?TERM(undefined)]).
 
 %%% ------------------------------------------------------------------------
 %%% # vendor_name/0
 %%% ------------------------------------------------------------------------
 
 f_vendor_name(Spec) ->
-    {_, Name} = orddict:fetch(vendor, Spec),
     {?function, vendor_name, 0,
-     [{?clause, [], [], [?ATOM(Name)]}]}.
+     [{?clause, [], [], [b_vendor_name(orddict:find(vendor, Spec))]}]}.
+
+b_vendor_name({ok, {_, Name}}) ->
+    ?Atom(Name);
+b_vendor_name(error) ->
+    ?APPLY(erlang, error, [?TERM(undefined)]).
 
 %%% ------------------------------------------------------------------------
 %%% # msg_name/1
@@ -287,22 +293,18 @@ f_msg_name(Spec) ->
 %% DIAMETER_COMMAND_UNSUPPORTED should be replied.
 
 msg_name(Spec) ->
-    lists:flatmap(fun c_msg_name/1,
-                  proplists:get_value(command_codes, Spec, []))
+    lists:flatmap(fun c_msg_name/1, proplists:get_value(command_codes,
+                                                        Spec,
+                                                        []))
         ++ [{?clause, [?VAR('_'), ?VAR('_')], [], [?ATOM('')]}].
 
 c_msg_name({Code, Req, Ans}) ->
     [{?clause, [?INTEGER(Code), ?ATOM(true)],
       [],
-      [?ATOM(mname(Req))]},
+      [?Atom(Req)]},
      {?clause, [?INTEGER(Code), ?ATOM(false)],
       [],
-      [?ATOM(mname(Ans))]}].
-
-mname({N, _Abbr}) ->
-    N;
-mname(N) ->
-    N.
+      [?Atom(Ans)]}].
 
 %%% ------------------------------------------------------------------------
 %%% # msg2rec/1
@@ -313,30 +315,11 @@ f_msg2rec(Spec) ->
 
 msg2rec(Spec) ->
     Pre = prefix(Spec),
-    Dict = dict:from_list(lists:flatmap(fun msgs/1,
-                                        get_value(command_codes, Spec))),
-    lists:flatmap(fun(T) -> msg2rec(T, Dict, Pre) end,
-                  get_value(messages, Spec))
-        ++ [?UNEXPECTED(1)].
-
-msgs({_Code, Req, Ans}) ->
-    [{mname(Req), Req}, {mname(Ans), Ans}].
-
-msg2rec({N,_,_,_,_}, Dict, Pre) ->
-    c_msg2rec(fetch_names(N, Dict), Pre).
-
-fetch_names(Name, Dict) ->
-    case dict:find(Name, Dict) of
-        {ok, N} ->
-            N;
-        error ->
-            Name
-    end.
+    lists:map(fun(T) -> c_msg2rec(T, Pre) end, get_value(messages, Spec))
+        ++ [?BADARG(1)].
 
-c_msg2rec({N,A}, Pre) ->
-    [c_name2rec(N, N, Pre), c_name2rec(A, N, Pre)];
-c_msg2rec(N, Pre) ->
-    [c_name2rec(N, N, Pre)].
+c_msg2rec({N,_,_,_,_}, Pre) ->
+    c_name2rec(N, Pre).
 
 %%% ------------------------------------------------------------------------
 %%% # rec2msg/1
@@ -348,10 +331,10 @@ f_rec2msg(Spec) ->
 rec2msg(Spec) ->
     Pre = prefix(Spec),
     lists:map(fun(T) -> c_rec2msg(T, Pre) end, get_value(messages, Spec))
-        ++ [?UNEXPECTED(1)].
+        ++ [?BADARG(1)].
 
 c_rec2msg({N,_,_,_,_}, Pre) ->
-    {?clause, [?ATOM(rec_name(N, Pre))], [], [?ATOM(N)]}.
+    {?clause, [?Atom(rec_name(N, Pre))], [], [?Atom(N)]}.
 
 %%% ------------------------------------------------------------------------
 %%% # name2rec/1
@@ -364,11 +347,11 @@ name2rec(Spec) ->
     Pre = prefix(Spec),
     Groups = get_value(grouped, Spec)
           ++ lists:flatmap(fun avps/1, get_value(import_groups, Spec)),
-    lists:map(fun({N,_,_,_}) -> c_name2rec(N, N, Pre) end, Groups)
+    lists:map(fun({N,_,_,_}) -> c_name2rec(N, Pre) end, Groups)
         ++ [{?clause, [?VAR('T')], [], [?CALL(msg2rec, [?VAR('T')])]}].
 
-c_name2rec(Name, Rname, Pre) ->
-    {?clause, [?ATOM(Name)], [], [?ATOM(rec_name(Rname, Pre))]}.
+c_name2rec(Name, Pre) ->
+    {?clause, [?Atom(Name)], [], [?Atom(rec_name(Name, Pre))]}.
 
 avps({_Mod, Avps}) ->
     Avps.
@@ -390,32 +373,47 @@ f_avp_name(Spec) ->
 %%       allocated by IANA (see Section 11.1).
 
 avp_name(Spec) ->
-    Avps = get_value(avp_types, Spec)
-        ++ lists:flatmap(fun avps/1, get_value(import_avps, Spec)),
-    {Vid, _} = orddict:fetch(vendor, Spec),
-    Vs = lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
-                       get_value(avp_vendor_id, Spec)),
+    Avps = get_value(avp_types, Spec),
+    Imported = get_value(import_avps, Spec),
+    Vid = orddict:find(vendor, Spec),
+    Vs = vendor_id_map(Spec),
 
-    lists:map(fun(T) -> c_avp_name(T, Vid, Vs) end, Avps)
+    lists:map(fun(T) -> c_avp_name(T, Vs, Vid) end, Avps)
+        ++ lists:flatmap(fun(T) -> c_imported_avp_name(T, Vs) end, Imported)
         ++ [{?clause, [?VAR('_'), ?VAR('_')], [], [?ATOM('AVP')]}].
 
-c_avp_name({Name, Code, Type, Flags, _Encr}, Vid, Vs) ->
-    c_avp_name({Name, Type},
-               Code,
-               lists:member('V', Flags),
-               Vid,
-               proplists:get_value(Name, Vs)).
+c_avp_name({Name, Code, Type, Flags}, Vs, Vid) ->
+    c_avp_name_(?TERM({?A(Name), ?A(Type)}),
+                ?INTEGER(Code),
+                vid(Name, Flags, Vs, Vid)).
 
-c_avp_name(T, Code, false, _, undefined = U) ->
-    {?clause, [?INTEGER(Code), ?ATOM(U)],
+%% Note that an imported AVP's vendor id is determined by
+%% avp_vendor_id in the inheriting module and vendor in the inherited
+%% module. In particular, avp_vendor_id in the inherited module is
+%% ignored so can't just call Mod:avp_header/1 to retrieve the vendor
+%% id. A vendor id specified in @grouped is equivalent to one
+%% specified as avp_vendor_id.
+
+c_imported_avp_name({Mod, Avps}, Vs) ->
+    lists:map(fun(A) -> c_avp_name(A, Vs, {module, Mod}) end, Avps).
+
+c_avp_name_(T, Code, undefined = U) ->
+    {?clause, [Code, ?ATOM(U)],
      [],
-     [?TERM(T)]};
+     [T]};
 
-c_avp_name(T, Code, true, Vid, V)
-  when is_integer(Vid) ->
-    {?clause, [?INTEGER(Code), ?INTEGER(choose(V == undefined, Vid, V))],
+c_avp_name_(T, Code, Vid) ->
+    {?clause, [Code, ?INTEGER(Vid)],
      [],
-     [?TERM(T)]}.
+     [T]}.
+
+vendor_id_map(Spec) ->
+    lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
+                  get_value(avp_vendor_id, Spec))
+        ++ lists:flatmap(fun({_,_,[],_}) -> [];
+                            ({N,_,[V],_}) -> [{N,V}]
+                         end,
+                         get_value(grouped, Spec)).
 
 %%% ------------------------------------------------------------------------
 %%% # avp_arity/2
@@ -445,60 +443,75 @@ c_avp_arity(Name, Avps) ->
 
 c_arity(Name, Avp) ->
     {AvpName, Arity} = avp_info(Avp),
-    {?clause, [?ATOM(Name), ?ATOM(AvpName)], [], [?TERM(Arity)]}.
+    {?clause, [?Atom(Name), ?Atom(AvpName)], [], [?TERM(Arity)]}.
 
 %%% ------------------------------------------------------------------------
 %%% # avp/3
 %%% ------------------------------------------------------------------------
 
 f_avp(Spec) ->
-    {?function, avp, 3, avp(Spec) ++ [?UNEXPECTED(3)]}.
+    {?function, avp, 3, avp(Spec) ++ [?BADARG(3)]}.
 
 avp(Spec) ->
-    Native   = get_value(avp_types, Spec),
-    Custom   = get_value(custom_types, Spec),
-    Imported = get_value(import_avps, Spec),
-    Enums    = get_value(enums, Spec),
-    avp([{N,T} || {N,_,T,_,_} <- Native], Imported, Custom, Enums).
+    Native     = get_value(avp_types, Spec),
+    CustomMods = get_value(custom_types, Spec),
+    TypeMods   = get_value(codecs, Spec),
+    Imported   = get_value(import_avps, Spec),
+    Enums      = get_value(enum, Spec),
 
-avp(Native, Imported, Custom, Enums) ->
-    Dict = orddict:from_list(Native),
+    Custom = lists:map(fun({M,As}) -> {M, custom_types, As} end,
+                       CustomMods)
+        ++ lists:map(fun({M,As}) -> {M, codecs, As} end,
+                     TypeMods),
+    avp(types(Native), Imported, Custom, Enums).
+
+types(Avps) ->
+    lists:map(fun({N,_,T,_}) -> {N,T} end, Avps).
 
-    report(native, Dict),
+avp(Native, Imported, Custom, Enums) ->
+    report(native, Native),
     report(imported, Imported),
     report(custom, Custom),
 
-    CustomNames = lists:flatmap(fun({_,Ns}) -> Ns end, Custom),
+    TypeDict = lists:foldl(fun({N,_,T,_}, D) -> orddict:store(N,T,D) end,
+                           orddict:from_list(Native),
+                           lists:flatmap(fun avps/1, Imported)),
+
+    CustomNames = lists:flatmap(fun({_,_,Ns}) -> Ns end, Custom),
 
     lists:map(fun c_base_avp/1,
-              lists:filter(fun({N,_}) ->
-                                   false == lists:member(N, CustomNames)
-                           end,
+              lists:filter(fun({N,_}) -> not_in(CustomNames, N) end,
                            Native))
-        ++ lists:flatmap(fun(I) -> cs_imported_avp(I, Enums) end, Imported)
-        ++ lists:flatmap(fun(C) -> cs_custom_avp(C, Dict) end, Custom).
+        ++ lists:flatmap(fun(I) -> cs_imported_avp(I, Enums, CustomNames) end,
+                         Imported)
+        ++ lists:flatmap(fun(C) -> cs_custom_avp(C, TypeDict) end, Custom).
+
+not_in(List, X) ->
+    not lists:member(X, List).
 
 c_base_avp({AvpName, T}) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
-     [base_avp(AvpName, T)]}.
+     [b_base_avp(AvpName, T)]}.
 
-base_avp(AvpName, 'Enumerated') ->
-    ?CALL(enumerated_avp, [?VAR('T'), ?ATOM(AvpName), ?VAR('Data')]);
+b_base_avp(AvpName, "Enumerated") ->
+    ?CALL(enumerated_avp, [?VAR('T'), ?Atom(AvpName), ?VAR('Data')]);
 
-base_avp(AvpName, 'Grouped') ->
-    ?CALL(grouped_avp, [?VAR('T'), ?ATOM(AvpName), ?VAR('Data')]);
+b_base_avp(AvpName, "Grouped") ->
+    ?CALL(grouped_avp, [?VAR('T'), ?Atom(AvpName), ?VAR('Data')]);
 
-base_avp(_, Type) ->
-    ?APPLY(diameter_types, Type, [?VAR('T'), ?VAR('Data')]).
+b_base_avp(_, Type) ->
+    ?APPLY(diameter_types, ?A(Type), [?VAR('T'), ?VAR('Data')]).
 
-cs_imported_avp({Mod, Avps}, Enums) ->
-    lists:map(fun(A) -> imported_avp(Mod, A, Enums) end, Avps).
+cs_imported_avp({Mod, Avps}, Enums, CustomNames) ->
+    lists:map(fun(A) -> imported_avp(Mod, A, Enums) end,
+              lists:filter(fun({N,_,_,_}) -> not_in(CustomNames, N) end,
+                           Avps)).
 
-imported_avp(_Mod, {AvpName, _, 'Grouped' = T, _, _}, _) ->
+imported_avp(_Mod, {AvpName, _, "Grouped" = T, _}, _) ->
     c_base_avp({AvpName, T});
 
-imported_avp(Mod, {AvpName, _, 'Enumerated' = T, _, _}, Enums) ->
+imported_avp(Mod, {AvpName, _, "Enumerated" = T, _}, Enums) ->
     case lists:keymember(AvpName, 1, Enums) of
         true ->
             c_base_avp({AvpName, T});
@@ -506,34 +519,40 @@ imported_avp(Mod, {AvpName, _, 'Enumerated' = T, _, _}, Enums) ->
             c_imported_avp(Mod, AvpName)
     end;
 
-imported_avp(Mod, {AvpName, _, _, _, _}, _) ->
+imported_avp(Mod, {AvpName, _, _, _}, _) ->
     c_imported_avp(Mod, AvpName).
 
 c_imported_avp(Mod, AvpName) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
      [?APPLY(Mod, avp, [?VAR('T'),
                         ?VAR('Data'),
-                        ?ATOM(AvpName)])]}.
+                        ?Atom(AvpName)])]}.
 
-cs_custom_avp({Mod, Avps}, Dict) ->
-    lists:map(fun(N) -> c_custom_avp(Mod, N, orddict:fetch(N, Dict)) end,
+cs_custom_avp({Mod, Key, Avps}, Dict) ->
+    lists:map(fun(N) -> c_custom_avp(Mod, Key, N, orddict:fetch(N, Dict)) end,
               Avps).
 
-c_custom_avp(Mod, AvpName, Type) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+c_custom_avp(Mod, Key, AvpName, Type) ->
+    {F,A} = custom(Key, AvpName, Type),
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
-     [?APPLY(Mod, AvpName, [?VAR('T'), ?ATOM(Type), ?VAR('Data')])]}.
+     [?APPLY(?A(Mod), ?A(F), [?VAR('T'), ?Atom(A), ?VAR('Data')])]}.
+
+custom(custom_types, AvpName, Type) ->
+    {AvpName, Type};
+custom(codecs, AvpName, Type) ->
+    {Type, AvpName}.
 
 %%% ------------------------------------------------------------------------
 %%% # enumerated_avp/3
 %%% ------------------------------------------------------------------------
 
 f_enumerated_avp(Spec) ->
-    {?function, enumerated_avp, 3, enumerated_avp(Spec) ++ [?UNEXPECTED(3)]}.
+    {?function, enumerated_avp, 3, enumerated_avp(Spec) ++ [?BADARG(3)]}.
 
 enumerated_avp(Spec) ->
-    Enums = get_value(enums, Spec),
+    Enums = get_value(enum, Spec),
     lists:flatmap(fun cs_enumerated_avp/1, Enums)
         ++ lists:flatmap(fun({M,Es}) -> enumerated_avp(M, Es, Enums) end,
                          get_value(import_enums, Spec)).
@@ -554,11 +573,11 @@ cs_enumerated_avp(false, _, _) ->
 cs_enumerated_avp({AvpName, Values}) ->
     lists:flatmap(fun(V) -> c_enumerated_avp(AvpName, V) end, Values).
 
-c_enumerated_avp(AvpName, {I,_}) ->
-    [{?clause, [?ATOM(decode), ?ATOM(AvpName), ?TERM(<<I:32/integer>>)],
+c_enumerated_avp(AvpName, {_,I}) ->
+    [{?clause, [?ATOM(decode), ?Atom(AvpName), ?TERM(<<I:32/integer>>)],
       [],
       [?TERM(I)]},
-     {?clause, [?ATOM(encode), ?ATOM(AvpName), ?INTEGER(I)],
+     {?clause, [?ATOM(encode), ?Atom(AvpName), ?INTEGER(I)],
       [],
       [?TERM(<<I:32/integer>>)]}].
 
@@ -567,7 +586,7 @@ c_enumerated_avp(AvpName, {I,_}) ->
 %%% ------------------------------------------------------------------------
 
 f_msg_header(Spec) ->
-    {?function, msg_header, 1, msg_header(Spec) ++ [?UNEXPECTED(1)]}.
+    {?function, msg_header, 1, msg_header(Spec) ++ [?BADARG(1)]}.
 
 msg_header(Spec) ->
     msg_header(get_value(messages, Spec), Spec).
@@ -582,7 +601,7 @@ msg_header(Msgs, Spec) ->
 %% Note that any application id in the message header spec is ignored.
 
 c_msg_header(Name, Code, Flags, ApplId) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
      [?TERM({Code, encode_msg_flags(Flags), ApplId})]}.
 
@@ -598,50 +617,61 @@ emf('ERR', N) -> N bor 2#00100000.
 %%% ------------------------------------------------------------------------
 
 f_avp_header(Spec) ->
-    {?function, avp_header, 1, avp_header(Spec) ++ [?UNEXPECTED(1)]}.
+    {?function, avp_header, 1, avp_header(Spec) ++ [?BADARG(1)]}.
 
 avp_header(Spec) ->
     Native = get_value(avp_types, Spec),
     Imported = get_value(import_avps, Spec),
-    {Vid, _} = orddict:fetch(vendor, Spec),
-    Vs = lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
-                       get_value(avp_vendor_id, Spec)),
+    Vid = orddict:find(vendor, Spec),
+    Vs = vendor_id_map(Spec),
 
-    lists:flatmap(fun(A) -> c_avp_header({Vid, Vs}, A) end,
+    lists:flatmap(fun(A) -> c_avp_header(A, Vs, Vid) end,
                   Native ++ Imported).
 
-c_avp_header({Vid, Vs}, {Name, Code, _Type, Flags, _Encr}) ->
-    [{?clause, [?ATOM(Name)],
+c_avp_header({Name, Code, _Type, Flags}, Vs, Vid) ->
+    [{?clause, [?Atom(Name)],
       [],
       [?TERM({Code, encode_avp_flags(Flags), vid(Name, Flags, Vs, Vid)})]}];
 
-c_avp_header({_, Vs}, {Mod, Avps}) ->
-    lists:map(fun(A) -> c_avp_header(Vs, Mod, A) end, Avps).
+c_avp_header({Mod, Avps}, Vs, _Vid) ->
+    lists:map(fun(A) -> c_imported_avp_header(A, Mod, Vs) end, Avps).
 
-c_avp_header(Vs, Mod, {Name, _, _, Flags, _}) ->
-    Apply = ?APPLY(Mod, avp_header, [?ATOM(Name)]),
-    {?clause, [?ATOM(Name)],
+%% Note that avp_vendor_id in the inherited dictionary is ignored. The
+%% value must be changed in the inheriting dictionary. This is
+%% consistent with the semantics of avp_name/2.
+
+c_imported_avp_header({Name, _Code, _Type, _Flags}, Mod, Vs) ->
+    Apply = ?APPLY(Mod, avp_header, [?Atom(Name)]),
+    {?clause, [?Atom(Name)],
      [],
      [case proplists:get_value(Name, Vs) of
           undefined ->
               Apply;
           Vid ->
-              true = lists:member('V', Flags),  %% sanity check
               ?CALL(setelement, [?INTEGER(3), Apply, ?INTEGER(Vid)])
       end]}.
 
 encode_avp_flags(Fs) ->
     lists:foldl(fun eaf/2, 0, Fs).
 
-eaf('V', F) -> 2#10000000 bor F;
-eaf('M', F) -> 2#01000000 bor F;
-eaf('P', F) -> 2#00100000 bor F.
+eaf($V, F) -> 2#10000000 bor F;
+eaf($M, F) -> 2#01000000 bor F;
+eaf($P, F) -> 2#00100000 bor F.
 
 vid(Name, Flags, Vs, Vid) ->
-    v(lists:member('V', Flags), Name, Vs, Vid).
+    v(lists:member($V, Flags), Name, Vs, Vid).
+
+v(true = T, Name, Vs, {module, Mod}) ->
+    v(T, Name, Vs, {ok, {Mod:vendor_id(), Mod:vendor_name()}});
 
 v(true, Name, Vs, Vid) ->
-    proplists:get_value(Name, Vs, Vid);
+    case proplists:get_value(Name, Vs) of
+        undefined ->
+            {ok, {Id, _}} = Vid,
+            Id;
+        Id ->
+            Id
+    end;
 v(false, _, _, _) ->
     undefined.
 
@@ -656,19 +686,19 @@ empty_value(Spec) ->
     Imported = lists:flatmap(fun avps/1, get_value(import_enums, Spec)),
     Groups = get_value(grouped, Spec)
         ++ lists:flatmap(fun avps/1, get_value(import_groups, Spec)),
-    Enums = [T || {N,_} = T <- get_value(enums, Spec),
+    Enums = [T || {N,_} = T <- get_value(enum, Spec),
                   not lists:keymember(N, 1, Imported)]
         ++ Imported,
     lists:map(fun c_empty_value/1, Groups ++ Enums)
         ++ [{?clause, [?VAR('Name')], [], [?CALL(empty, [?VAR('Name')])]}].
 
 c_empty_value({Name, _, _, _}) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
-     [?CALL(empty_group, [?ATOM(Name)])]};
+     [?CALL(empty_group, [?Atom(Name)])]};
 
 c_empty_value({Name, _}) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
      [?TERM(<<0:32/integer>>)]}.
 
@@ -678,7 +708,7 @@ c_empty_value({Name, _}) ->
 
 f_dict(Spec) ->
     {?function, dict, 0,
-     [{?clause, [], [], [?TERM(Spec)]}]}.
+     [{?clause, [], [], [?TERM([?VERSION | Spec])]}]}.
 
 %%% ------------------------------------------------------------------------
 %%% # gen_hrl/3
@@ -706,10 +736,10 @@ gen_hrl(Path, Mod, Spec) ->
 
     write("ENUM Macros",
           Fd,
-          m_enums(PREFIX, false, get_value(enums, Spec))),
-    write("RESULT CODE Macros",
+          m_enums(PREFIX, false, get_value(enum, Spec))),
+    write("DEFINE Macros",
           Fd,
-          m_enums(PREFIX, false, get_value(result_codes, Spec))),
+          m_enums(PREFIX, false, get_value(define, Spec))),
 
     lists:foreach(fun({M,Es}) ->
                           write("ENUM Macros from " ++ atom_to_list(M),
@@ -751,8 +781,8 @@ m_enums(Prefix, Wrap, Enums) ->
 
 m_enum(Prefix, B, {Name, Values}) ->
     P = Prefix ++ to_upper(Name) ++ "_",
-    lists:map(fun({I,A}) ->
-                      N = ["'", P, to_upper(z(atom_to_list(A))), "'"],
+    lists:map(fun({A,I}) ->
+                      N = ["'", P, to_upper(z(A)), "'"],
                       wrap(B,
                            N,
                            ["-define(", N, ", ", integer_to_list(I), ").\n"])
@@ -794,34 +824,34 @@ header() ->
      "%%\n\n").
 
 hrl_header(Name) ->
-    header() ++ "-hrl_name('" ++ Name ++ ".hrl').\n".
+    header() ++ "-hrl_name('" ++ ?S(Name) ++ ".hrl').\n".
 
 %% avp_info/1
 
 avp_info(Entry) ->  %% {Name, Arity}
     case Entry of
-        {'<',A,'>'} -> {A, 1};
-        {A}         -> {A, 1};
-        [A]         -> {A, {0,1}};
+        {{A}} -> {A, 1};
+        {A}   -> {A, 1};
+        [A]   -> {A, {0,1}};
         {Q,T} ->
             {A,_} = avp_info(T),
-            {A, arity(Q)}
+            {A, arity(T,Q)}
     end.
 
 %% Normalize arity to 1 or {N,X} where N is an integer. A record field
 %% for an AVP is list-valued iff the normalized arity is not 1.
-arity('*' = Inf) -> {0, Inf};
-arity({'*', N})  -> {0, N};
-arity({1,1})     -> 1;
-arity(T)         -> T.
+arity({{_}}, '*' = Inf) -> {0, Inf};
+arity([_],   '*' = Inf) -> {0, Inf};
+arity({_},   '*' = Inf) -> {1, Inf};
+arity(_,   {_,_} = Q)   -> Q.
 
 prefix(Spec) ->
     case orddict:find(prefix, Spec) of
         {ok, P} ->
-            atom_to_list(P) ++ "_";
+            P ++ "_";
         error ->
             ""
     end.
 
 rec_name(Name, Prefix) ->
-    list_to_atom(Prefix ++ atom_to_list(Name)).
+    Prefix ++ Name.
diff --git a/lib/diameter/src/compiler/diameter_dict_parser.yrl b/lib/diameter/src/compiler/diameter_dict_parser.yrl
new file mode 100644
index 0000000000..6fd4cedd23
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_parser.yrl
@@ -0,0 +1,324 @@
+%% -*- erlang -*-
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% A grammar for dictionary specification.
+%%
+
+Nonterminals
+  application_id avp avp_code avp_def avp_defs avp_flags avp_header
+  avp_header_tok avp_name avp_names avp_ref avp_spec avp_type
+  avp_vendor avps bit bits command_def command_id diameter_name
+  dictionary enum_def enum_defs group_def group_defs header header_tok
+  ident idents message_defs module qual section sections.
+
+Terminals
+  avp_types avp_vendor_id codecs custom_types define enum grouped
+  id inherits messages name prefix vendor
+  number word
+  '{' '}' '<' '>' '[' ']' '*' '::=' ':' ',' '-'
+   code
+  'answer-message'
+  'AVP' 'AVP-Header'
+  'Diameter' 'Diameter-Header' 'Header'
+  'REQ' 'PXY' 'ERR'.
+
+Rootsymbol dictionary.
+
+Endsymbol '$end'.
+
+%% ===========================================================================
+
+dictionary -> sections : '$1'.
+
+sections -> '$empty'         : [].
+sections -> section sections : ['$1' | '$2'].
+
+section -> name ident   : ['$1', '$2'].
+section -> prefix ident : ['$1', '$2'].
+section -> id number    : ['$1', '$2'].
+section -> vendor number ident       : ['$1', '$2', '$3'].
+section -> inherits module avp_names : ['$1', '$2' | '$3'].
+section -> avp_types avp_defs        : ['$1' | '$2'].
+section -> avp_vendor_id number avp_names : ['$1', '$2' | '$3'].
+section -> custom_types module avp_names  : ['$1', '$2' | '$3'].
+section -> codecs module avp_names      : ['$1', '$2' | '$3'].
+section -> messages message_defs  : ['$1' | '$2'].
+section -> grouped group_defs     : ['$1' | '$2'].
+section -> enum ident enum_defs   : ['$1', '$2' | '$3'].
+section -> define ident enum_defs : ['$1', '$2' | '$3'].
+
+%% =====================================
+
+module -> ident : '$1'.
+
+avp_names -> idents : '$1'.  %% Note: not 'AVP'
+
+avp_defs -> '$empty'         : [].
+avp_defs -> avp_def avp_defs : ['$1' | '$2'].
+
+avp_def -> ident number avp_type avp_flags : ['$1', '$2', '$3', '$4'].
+
+avp_type -> ident : '$1'.
+
+idents -> '$empty'     : [].
+idents -> ident idents : ['$1' | '$2'].
+
+avp_flags -> '-'   :
+    {_, Lineno} = '$1',
+    {word, Lineno, ""}.
+avp_flags -> ident :
+    '$1'.
+%% Could support lowercase here if there's a use for distinguishing
+%% between Must and Should in the future in deciding whether or not
+%% to set a flag.
+
+ident -> word : '$1'.
+
+%% Don't bother mapping reserved words to make these usable in this
+%% context. That an AVP can't be named Diameter-Header is probably no
+%% great loss, and that it can't be named AVP may even save someone
+%% from themselves. (Temporarily at least.)
+
+group_defs -> '$empty'             : [].
+group_defs -> group_def group_defs : ['$1' | '$2'].
+
+message_defs -> '$empty'                 : [].
+message_defs -> command_def message_defs : ['$1' | '$2'].
+
+enum_defs -> '$empty'           : [].
+enum_defs -> enum_def enum_defs : ['$1' | '$2'].
+
+enum_def -> ident number : ['$1', '$2'].
+
+%% =====================================
+%% 3.2.  Command Code ABNF specification
+%%
+%%    Every Command Code defined MUST include a corresponding ABNF
+%%    specification, which is used to define the AVPs that MUST or MAY be
+%%    present when sending the message.  The following format is used in
+%%    the definition:
+
+%%   command-def      = <command-name> "::=" diameter-message
+%%
+%%   command-name     = diameter-name
+%%
+%%   diameter-name    = ALPHA *(ALPHA / DIGIT / "-")
+%%
+%%   diameter-message = header  [ *fixed] [ *required] [ *optional]
+
+%% answer-message is a special case.
+command_def -> 'answer-message' '::=' '<' header_tok ':' code
+                                          ',' 'ERR' '[' 'PXY' ']' '>'
+               avps
+  : ['$1', false | '$13'].
+
+command_def -> diameter_name '::=' header avps
+  : ['$1', '$3' | '$4'].
+%% Ensure the order fixed/required/optional by semantic checks rather
+%% than grammatically since the latter requires more lookahead: don't
+%% know until after a leading qual which of the three it is that's
+%% being parsed.
+
+diameter_name -> ident : '$1'.
+
+%%   header           = "<" "Diameter Header:" command-id
+%%                      [r-bit] [p-bit] [e-bit] [application-id] ">"
+%%
+%%   command-id       = 1*DIGIT
+%%                      ; The Command Code assigned to the command
+%%
+%%   r-bit            = ", REQ"
+%%                      ; If present, the 'R' bit in the Command
+%%                      ; Flags is set, indicating that the message
+%%                      ; is a request, as opposed to an answer.
+%%
+%%   p-bit            = ", PXY"
+%%                      ; If present, the 'P' bit in the Command
+%%                      ; Flags is set, indicating that the message
+%%                      ; is proxiable.
+%%
+%%   e-bit            = ", ERR"
+%%                      ; If present, the 'E' bit in the Command
+%%                      ; Flags is set, indicating that the answer
+%%                      ; message contains a Result-Code AVP in
+%%                      ; the "protocol error" class.
+%%
+%%   application-id   = 1*DIGIT
+
+header -> '<' header_tok ':' command_id bits application_id '>'
+  : ['$4', '$5', '$6'].
+
+command_id -> number : '$1'.
+
+%% Accept both the form of the base definition and the typo (fixed in
+%% 3588bis) of the grammar.
+header_tok -> 'Diameter' 'Header'.
+header_tok -> 'Diameter-Header'.
+
+bits -> '$empty'     : [].
+bits -> ',' bit bits : ['$2' | '$3'].
+
+%% ERR only makes sense for answer-message so don't allow it here
+%% (despite 3588).
+bit -> 'REQ' : '$1'.
+bit -> 'PXY' : '$1'.
+
+application_id -> '$empty' : false.
+application_id -> number   : '$1'.
+
+%%   fixed            = [qual] "<" avp-spec ">"
+%%                      ; Defines the fixed position of an AVP
+%%
+%%   required         = [qual] "{" avp-spec "}"
+%%                      ; The AVP MUST be present and can appear
+%%                      ; anywhere in the message.
+%%
+%%   optional         = [qual] "[" avp-name "]"
+%%                      ; The avp-name in the 'optional' rule cannot
+%%                      ; evaluate to any AVP Name which is included
+%%                      ; in a fixed or required rule.  The AVP can
+%%                      ; appear anywhere in the message.
+%%                      ;
+%%                      ; NOTE:  "[" and "]" have a slightly different
+%%                      ; meaning than in ABNF (RFC 5234]). These braces
+%%                      ; cannot be used to express optional fixed rules
+%%                      ; (such as an optional ICV at the end). To do this,
+%%                      ; the convention is '0*1fixed'.
+
+avps -> '$empty' : [].
+avps -> avp avps : ['$1' | '$2'].
+
+avp -> avp_ref      : [false | '$1'].
+avp -> qual avp_ref : ['$1' | '$2'].
+
+avp_ref -> '<' avp_spec '>' : [$<, '$2'].
+avp_ref -> '{' avp_name '}' : [${, '$2'].
+avp_ref -> '[' avp_name ']' : [$[, '$2'].
+%% Note that required can be an avp_name, not just avp_spec. 'AVP'
+%% is specified as required by Failed-AVP for example.
+
+%%   qual             = [min] "*" [max]
+%%                      ; See ABNF conventions, RFC 5234 Section 4.
+%%                      ; The absence of any qualifiers depends on
+%%                      ; whether it precedes a fixed, required, or
+%%                      ; optional rule. If a fixed or required rule has
+%%                      ; no qualifier, then exactly one such AVP MUST
+%%                      ; be present.  If an optional rule has no
+%%                      ; qualifier, then 0 or 1 such AVP may be
+%%                      ; present. If an optional rule has a qualifier,
+%%                      ; then the value of min MUST be 0 if present.
+%%
+%%   min              = 1*DIGIT
+%%                      ; The minimum number of times the element may
+%%                      ; be present. If absent, the default value is zero
+%%                      ; for fixed and optional rules and one for required
+%%                      ; rules. The value MUST be at least one for for
+%%                      ; required rules.
+%%
+%%   max              = 1*DIGIT
+%%                      ; The maximum number of times the element may
+%%                      ; be present. If absent, the default value is
+%%                      ; infinity. A value of zero implies the AVP MUST
+%%                      ; NOT be present.
+
+qual -> number '*' number : {'$1', '$3'}.
+qual -> number '*'        : {'$1', true}.
+qual -> '*' number        : {true, '$2'}.
+qual -> '*'               : true.
+
+%%   avp-spec         = diameter-name
+%%                      ; The avp-spec has to be an AVP Name, defined
+%%                      ; in the base or extended Diameter
+%%                      ; specifications.
+
+avp_spec -> diameter_name : '$1'.
+
+%%   avp-name         = avp-spec / "AVP"
+%%                      ; The string "AVP" stands for *any* arbitrary AVP
+%%                      ; Name, not otherwise listed in that command code
+%%                      ; definition. Addition this AVP is recommended for
+%%                      ; all command ABNFs to allow for extensibility.
+
+avp_name -> 'AVP'    : '$1'.
+avp_name -> avp_spec : '$1'.
+
+%%   The following is a definition of a fictitious command code:
+%%
+%%   Example-Request ::= < Diameter Header: 9999999, REQ, PXY >
+%%                       { User-Name }
+%%                     * { Origin-Host }
+%%                     * [ AVP ]
+
+%% =====================================
+%% 4.4.   Grouped AVP Values
+%%
+%%    The Diameter protocol allows AVP values of type 'Grouped'.  This
+%%    implies that the Data field is actually a sequence of AVPs.  It is
+%%    possible to include an AVP with a Grouped type within a Grouped type,
+%%    that is, to nest them.  AVPs within an AVP of type Grouped have the
+%%    same padding requirements as non-Grouped AVPs, as defined in Section
+%%    4.
+%%
+%%    The AVP Code numbering space of all AVPs included in a Grouped AVP is
+%%    the same as for non-grouped AVPs.  Receivers of a Grouped AVP that
+%%    does not have the 'M' (mandatory) bit set and one or more of the
+%%    encapsulated AVPs within the group has the 'M' (mandatory) bit set
+%%    MAY simply be ignored if the Grouped AVP itself is unrecognized.  The
+%%    rule applies even if the encapsulated AVP with its 'M' (mandatory)
+%%    bit set is further encapsulated within other sub-groups; i.e. other
+%%    Grouped AVPs embedded within the Grouped AVP.
+%%
+%%    Every Grouped AVP defined MUST include a corresponding grammar, using
+%%    ABNF [RFC5234] (with modifications), as defined below.
+
+%%          grouped-avp-def  = <name> "::=" avp
+%%
+%%          name-fmt         = ALPHA *(ALPHA / DIGIT / "-")
+%%
+%%          name             = name-fmt
+%%                             ; The name has to be the name of an AVP,
+%%                             ; defined in the base or extended Diameter
+%%                             ; specifications.
+%%
+%%          avp              = header  [ *fixed] [ *required] [ *optional]
+
+group_def -> ident '::=' avp_header avps : ['$1', '$3' | '$4'].
+
+%%          header           = "<" "AVP-Header:" avpcode [vendor] ">"
+%%
+%%          avpcode          = 1*DIGIT
+%%                             ; The AVP Code assigned to the Grouped AVP
+%%
+%%          vendor           = 1*DIGIT
+%%                             ; The Vendor-ID assigned to the Grouped AVP.
+%%                             ; If absent, the default value of zero is
+%%                             ; used.
+
+avp_header -> '<' avp_header_tok ':' avp_code avp_vendor '>'
+  : ['$4', '$5'].
+
+avp_header_tok -> 'AVP-Header'.
+avp_header_tok -> 'AVP' 'Header'.
+
+avp_code -> number : '$1'.
+
+avp_vendor -> '$empty' : false.
+avp_vendor -> number   : '$1'.
diff --git a/lib/diameter/src/compiler/diameter_dict_scanner.erl b/lib/diameter/src/compiler/diameter_dict_scanner.erl
new file mode 100644
index 0000000000..45189376fb
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_scanner.erl
@@ -0,0 +1,276 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_dict_scanner).
+
+%%
+%% A scanner for dictionary files of the form expected by yecc.
+%%
+
+-export([scan/1,
+         format_error/1]).
+
+-export([is_name/1]).
+
+%% -----------------------------------------------------------
+%% # scan/1
+%% -----------------------------------------------------------
+
+-spec scan(string() | binary())
+   -> {ok, [Token]}
+    | {error, {string(), string(), Lineno}}
+ when Token  :: {word, Lineno, string()}
+              | {number, Lineno, non_neg_integer()}
+              | {Symbol, Lineno},
+      Lineno   :: pos_integer(),
+      Symbol   :: '{' | '}'   | '<' | '>' | '[' | ']'
+                | '*' | '::=' | ':' | ',' | '-'
+                | avp_types
+                | avp_vendor_id
+                | codecs
+                | custom_types
+                | define
+                | grouped
+                | id
+                | inherits
+                | messages
+                | name
+                | prefix
+                | vendor
+                | '$end'
+                | code
+                | 'answer-message'
+                | 'AVP'
+                | 'AVP-Header'
+                | 'Diameter'
+                | 'Diameter-Header'
+                | 'Header'
+                | 'REQ'
+                | 'PXY'
+                | 'ERR'.
+
+scan(B)
+  when is_binary(B) ->
+    scan(binary_to_list(B));
+scan(S) ->
+    scan(S, {1, []}).
+
+scan(S, {Lineno, Acc}) ->
+    case split(S) of
+        '$end' = E ->
+            {ok, lists:reverse([{E, Lineno} | Acc])};
+        {Tok, Rest} ->
+            scan(Rest, acc(Tok, Lineno, Acc));
+        Reason when is_list(Reason) ->
+            {error, {Reason, S, Lineno}}
+    end.
+
+%% format_error/1
+
+format_error({Reason, Input, Lineno}) ->
+    io_lib:format("~s at line ~p: ~s",
+                  [Reason, Lineno, head(Input, [], 20, true)]).
+
+%% is_name/1
+
+is_name([H|T]) ->
+    is_alphanum(H) andalso lists:all(fun is_name_ch/1, T).
+
+%% ===========================================================================
+
+head(Str, Acc, N, _)
+  when [] == Str;
+       0 == N;
+       $\r == hd(Str);
+       $\n == hd(Str) ->
+    lists:reverse(Acc);
+head([C|Rest], Acc, N, true = T)  %% skip leading whitespace
+  when C == $\s;
+       C == $\t;
+       C == $\f;
+       C == $\v ->
+    head(Rest, Acc, N, T);
+head([C|Rest], Acc, N, _) ->
+    head(Rest, [C|Acc], N-1, false).
+
+acc(endline, Lineno, Acc) ->
+    {Lineno + 1, Acc};
+acc(T, Lineno, Acc) ->
+    {Lineno, [tok(T, Lineno) | Acc]}.
+
+tok({Cat, Sym}, Lineno) ->
+    {Cat, Lineno, Sym};
+tok(Sym, Lineno) ->
+    {Sym, Lineno}.
+
+%% # split/1
+%%
+%% Output: {Token, Rest} | atom()
+
+%% Finito.
+split("") ->
+    '$end';
+
+%% Skip comments. This precludes using semicolon for any other purpose.
+split([$;|T]) ->
+    split(lists:dropwhile(fun(C) -> not is_eol_ch(C) end, T));
+
+%% Beginning of a section.
+split([$@|T]) ->
+    {Name, Rest} = lists:splitwith(fun is_name_ch/1, T),
+    case section(Name) of
+        false ->
+            "Unknown section";
+        'end' ->
+            '$end';
+        A ->
+            {A, Rest}
+    end;
+
+split("::=" ++ T) ->
+    {'::=', T};
+
+split([H|T])
+  when H == ${; H == $};
+       H == $<; H == $>;
+       H == $[; H == $];
+       H == $*; H == $:; H == $,; H == $- ->
+    {list_to_atom([H]), T};
+
+%% RFC 3588 requires various names to begin with a letter but 3GPP (for
+%% one) abuses this. (eg 3GPP-Charging-Id in TS32.299.)
+split([H|_] = L) when $0 =< H, H =< $9 ->
+    {P, Rest} = splitwith(fun is_name_ch/1, L),
+    Tok = try
+              {number, read_int(P)}
+          catch
+              error:_ ->
+                  word(P)
+          end,
+    {Tok, Rest};
+
+split([H|_] = L) when $a =< H, H =< $z;
+                      $A =< H, H =< $Z ->
+    {P, Rest} = splitwith(fun is_name_ch/1, L),
+    {word(P), Rest};
+
+split([$'|T]) ->
+    case lists:splitwith(fun(C) -> not lists:member(C, "'\r\n") end, T) of
+        {[_|_] = A, [$'|Rest]} ->
+            {{word, A}, Rest};
+        {[], [$'|_]} ->
+            "Empty string";
+        _ -> %% not terminated on same line
+            "Unterminated string"
+    end;
+
+%% Line ending of various forms.
+split([$\r,$\n|T]) ->
+    {endline, T};
+split([C|T])
+  when C == $\r;
+       C == $\n ->
+    {endline, T};
+
+%% Ignore whitespace.
+split([C|T])
+  when C == $\s;
+       C == $\t;
+       C == $\f;
+       C == $\v ->
+    split(T);
+
+split(_) ->
+    "Unexpected character".
+
+%% word/1
+
+%% Reserved words significant in parsing ...
+word(S)
+  when S == "answer-message";
+       S == "code";
+       S == "AVP";
+       S == "AVP-Header";
+       S == "Diameter";
+       S == "Diameter-Header";
+       S == "Header";
+       S == "REQ";
+       S == "PXY";
+       S == "ERR" ->
+    list_to_atom(S);
+
+%% ... or not.
+word(S) ->
+    {word, S}.
+
+%% section/1
+
+section(N)
+  when N == "avp_types";
+       N == "avp_vendor_id";
+       N == "codecs";
+       N == "custom_types";
+       N == "define";
+       N == "end";
+       N == "enum";
+       N == "grouped";
+       N == "id";
+       N == "inherits";
+       N == "messages";
+       N == "name";
+       N == "prefix";
+       N == "vendor" ->
+    list_to_atom(N);
+section(_) ->
+    false.
+
+%% read_int/1
+
+read_int([$0,X|S])
+  when X == $X;
+       X == $x ->
+    {ok, [N], []} = io_lib:fread("~16u", S),
+    N;
+
+read_int(S) ->
+    list_to_integer(S).
+
+%% splitwith/3
+
+splitwith(Fun, [H|T]) ->
+    {SH, ST} = lists:splitwith(Fun, T),
+    {[H|SH], ST}.
+
+is_eol_ch(C) ->
+    C == $\n orelse C == $\r.
+
+is_name_ch(C) ->
+    is_alphanum(C) orelse C == $- orelse C == $_.
+
+is_alphanum(C) ->
+    is_lower(C) orelse is_upper(C) orelse is_digit(C).
+
+is_lower(C) ->
+    $a =< C andalso C =< $z.
+
+is_upper(C) ->
+    $A =< C andalso C =< $Z.
+
+is_digit(C) ->
+    $0 =< C andalso C =< $9.
diff --git a/lib/diameter/src/compiler/diameter_dict_util.erl b/lib/diameter/src/compiler/diameter_dict_util.erl
new file mode 100644
index 0000000000..36a6efa294
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_util.erl
@@ -0,0 +1,1358 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% This module turns a dictionary file into the orddict that
+%% diameter_codegen.erl in turn morphs into .erl and .hrl files for
+%% encode and decode of Diameter messages and AVPs.
+%%
+
+-module(diameter_dict_util).
+
+-export([parse/2,
+         format_error/1,
+         format/1]).
+
+-include("diameter_vsn.hrl").
+
+-define(RETURN(T), throw({T, ?MODULE, ?LINE})).
+-define(RETURN(T, Args), ?RETURN({T, Args})).
+
+-define(A, list_to_atom).
+-define(L, atom_to_list).
+-define(I, integer_to_list).
+-define(F, io_lib:format).
+
+%% ===========================================================================
+%% parse/2
+%% ===========================================================================
+
+-spec parse(File, Opts)
+   -> {ok, orddict:orddict()}
+    | {error, term()}
+ when File :: {path, string()}
+            | iolist()
+            | binary(),
+      Opts :: list().
+
+parse(File, Opts) ->
+    putr(verbose, lists:member(verbose, Opts)),
+    try
+        {ok, do_parse(File, Opts)}
+    catch
+        {Reason, ?MODULE, _Line} ->
+            {error, Reason}
+    after
+        eraser(verbose)
+    end.
+
+%% ===========================================================================
+%% format_error/1
+%% ===========================================================================
+
+format_error({read, Reason}) ->
+    file:format_error(Reason);
+format_error({scan, Reason}) ->
+    diameter_dict_scanner:format_error(Reason);
+format_error({parse, {Line, _Mod, Reason}}) ->
+    lists:flatten(["Line ", ?I(Line), ", ", Reason]);
+
+format_error(T) ->
+    {Fmt, As} = fmt(T),
+    lists:flatten(io_lib:format(Fmt, As)).
+
+fmt({avp_code_already_defined = E, [Code, false, Name, Line, L]}) ->
+    {fmt(E), [Code, "", Name, Line, L]};
+fmt({avp_code_already_defined = E, [Code, Vid, Name, Line, L]}) ->
+    {fmt(E), [Code, ?F("/~p", [Vid]), Name, Line, L]};
+
+fmt({uint32_out_of_range = E, [id | T]}) ->
+    {fmt(E), ["@id", "application identifier" | T]};
+fmt({uint32_out_of_range = E, [K | T]})
+  when K == vendor;
+       K == avp_vendor_id ->
+    {fmt(E), [?F("@~p", [K]), "vendor id" | T]};
+fmt({uint32_out_of_range = E, [K, Name | T]})
+  when K == enum;
+       K == define ->
+    {fmt(E), [?F("@~p ~s", [K, Name]), "value" | T]};
+fmt({uint32_out_of_range = E, [avp_types, Name | T]}) ->
+    {fmt(E), ["AVP " ++ Name, "AVP code" | T]};
+fmt({uint32_out_of_range = E, [grouped, Name | T]}) ->
+    {fmt(E), ["Grouped AVP " ++ Name | T]};
+fmt({uint32_out_of_range = E, [messages, Name | T]}) ->
+    {fmt(E), ["Message " ++ Name, "command code" | T]};
+
+fmt({Reason, As}) ->
+    {fmt(Reason), As};
+
+fmt(avp_code_already_defined) ->
+    "AVP ~p~s (~s) at line ~p already defined at line ~p";
+
+fmt(uint32_out_of_range) ->
+    "~s specifies ~s ~p at line ~p that is out of range for a value of "
+    "Diameter type Unsigned32";
+
+fmt(imported_avp_already_defined) ->
+    "AVP ~s imported by @inherits ~p at line ~p defined at line ~p";
+fmt(duplicate_import) ->
+    "AVP ~s is imported by more than one @inherits, both at line ~p "
+    "and at line ~p";
+
+fmt(duplicate_section) ->
+    "Section @~s at line ~p already declared at line ~p";
+
+fmt(already_declared) ->
+    "Section @~p ~s at line ~p already declared at line ~p";
+
+fmt(inherited_avp_already_defined) ->
+    "AVP ~s inherited at line ~p defined in @avp_types at line ~p";
+fmt(avp_already_defined) ->
+    "AVP ~s at line ~p already in @~p at line ~p";
+fmt(key_already_defined) ->
+    "Value for ~s:~s in @~p at line ~p already provided at line ~p";
+
+fmt(messages_without_id) ->
+    "@messages at line ~p but @id not declared";
+
+fmt(avp_name_already_defined) ->
+    "AVP ~s at line ~p already defined at line ~p";
+fmt(avp_has_unknown_type) ->
+    "AVP ~s at line ~p defined with unknown type ~s";
+fmt(avp_has_invalid_flag) ->
+    "AVP ~s at line ~p specifies invalid flag ~c";
+fmt(avp_has_duplicate_flag) ->
+    "AVP ~s at line ~p specifies duplicate flag ~c";
+fmt(avp_has_vendor_id) ->
+    "AVP ~s at line ~p does not specify V flag "
+    "but is assigned vendor id ~p at line ~p";
+fmt(avp_has_no_vendor) ->
+    "AVP ~s at line ~p specifies V flag "
+    "but neither @vendor_avp_id nor @vendor supplies a value";
+
+fmt(group_already_defined) ->
+    "Group ~s at line ~p already defined at line ~p";
+fmt(grouped_avp_code_mismatch) ->
+    "AVP ~s at line ~p has with code ~p "
+    "but @avp_types specifies ~p at line ~p";
+fmt(grouped_avp_has_wrong_type) ->
+    "Grouped AVP ~s at line ~p defined with type ~s at line ~p";
+fmt(grouped_avp_not_defined) ->
+    "Grouped AVP ~s on line ~p not defined in @avp_types";
+fmt(grouped_vendor_id_without_flag) ->
+    "Grouped AVP ~s at line ~p has vendor id "
+    "but definition at line ~p does not specify V flag";
+fmt(grouped_vendor_id_mismatch) ->
+    "Grouped AVP ~s at line ~p has vendor id ~p "
+    "but ~p specified at line ~p";
+
+fmt(message_name_already_defined) ->
+    "Message ~s at line ~p already defined at line ~p";
+fmt(message_code_already_defined) ->
+    "~s message with code ~p at line ~p already defined at line ~p";
+fmt(message_has_duplicate_flag) ->
+    "Message ~s has duplicate flag ~s at line ~p";
+fmt(message_application_id_mismatch) ->
+    "Message ~s has application id ~p at line ~p "
+    "but @id specifies ~p at line ~p";
+
+fmt(invalid_avp_order) ->
+    "AVP reference ~c~s~c at line ~p breaks fixed/required/optional order";
+fmt(required_avp_has_zero_max_arity) ->
+    "Required AVP has maximum arity 0 at line ~p";
+fmt(required_avp_has_zero_min_arity) ->
+    "Required AVP has minimum arity 0 at line ~p";
+fmt(optional_avp_has_nonzero_min_arity) ->
+    "Optional AVP has non-zero minimum arity at line ~p";
+fmt(qualifier_has_min_greater_than_max) ->
+    "Qualifier ~p*~p at line ~p has Min > Max";
+fmt(avp_already_referenced) ->
+    "AVP ~s at line ~p already referenced at line ~p";
+
+fmt(message_missing) ->
+    "~s message at line ~p but no ~s message is defined";
+
+fmt(requested_avp_not_found) ->
+    "@inherit ~s at line ~p requests AVP ~s at line ~p "
+    "but module does not define that AVP";
+
+fmt(enumerated_avp_has_wrong_local_type) ->
+    "Enumerated AVP ~s in @enum at line ~p defined with type ~s at line ~p";
+fmt(enumerated_avp_has_wrong_inherited_type) ->
+    "Enumerated AVP ~s in @enum at line ~p "
+    "inherited with type ~s from module ~s at line ~p";
+fmt(enumerated_avp_not_defined) ->
+    "Enumerated AVP ~s in @enum at line ~p neither defined nor inherited";
+
+fmt(avp_not_defined) ->
+    "AVP ~s referenced at line ~p neither defined nor inherited";
+
+fmt(recompile) ->
+    "Module ~p appears to have been compiler with an incompatible "
+    "version of the dictionary compiler and must be recompiled";
+fmt(not_loaded) ->
+    "Module ~p is not on the code path or could not be loaded";
+fmt(no_dict) ->
+    "Module ~p does not appear to be a diameter dictionary".
+
+%% ===========================================================================
+%% format/1
+%%
+%% Turn dict/0 output back into a dictionary file (with line ending = $\n).
+
+-spec format(Dict)
+   -> iolist()
+ when Dict :: orddict:orddict().
+
+-define(KEYS, [id, name, prefix, vendor,
+               inherits, codecs, custom_types,
+               avp_types,
+               messages,
+               grouped,
+               enum, define]).
+
+format(Dict) ->
+    Io = orddict:fold(fun io/3, [], Dict),
+    [S || {_,S} <- lists:sort(fun keysort/2, Io)].
+
+keysort({A,_}, {B,_}) ->
+    [HA, HB] = [H || K <- [A,B],
+                     H <- [lists:takewhile(fun(X) -> X /= K end, ?KEYS)]],
+    HA < HB.
+
+%% ===========================================================================
+
+-define(INDENT, "    ").
+-define(SP, " ").
+-define(NL, $\n).
+
+%% io/3
+
+io(K, _, Acc)
+  when K == command_codes;
+       K == import_avps;
+       K == import_groups;
+       K == import_enums ->
+    Acc;
+
+io(Key, Body, Acc) ->
+    [{Key, io(Key, Body)} | Acc].
+
+%% io/2
+
+io(K, Id)
+  when K == id;
+       K == name;
+       K == prefix ->
+    [?NL, section(K), ?SP, tok(Id)];
+
+io(vendor = K, {Id, Name}) ->
+    [?NL, section(K) | [[?SP, tok(X)] || X <- [Id, Name]]];
+
+io(avp_types = K, Body) ->
+    [?NL, ?NL, section(K), ?NL, [body(K,A) || A <- Body]];
+
+io(K, Body)
+  when K == messages;
+       K == grouped ->
+    [?NL, ?NL, section(K), [body(K,A) || A <- Body]];
+
+io(K, Body)
+  when K == avp_vendor_id;
+       K == inherits;
+       K == custom_types;
+       K == codecs;
+       K == enum;
+       K == define ->
+    [[?NL, pairs(K, T)] || T <- Body].
+
+pairs(K, {Id, Avps}) ->
+    [?NL, section(K), ?SP, tok(Id), ?NL, [[?NL, body(K, A)] || A <- Avps]].
+
+body(K, AvpName)
+  when K == avp_vendor_id;
+       K == inherits;
+       K == custom_types;
+       K == codecs ->
+    [?INDENT, word(AvpName)];
+
+body(K, {Name, N})
+  when K == enum;
+       K == define ->
+    [?INDENT, word(Name), ?SP, ?I(N)];
+
+body(avp_types = K, {Name, Code, Type, ""}) ->
+    body(K, {Name, Code, Type, "-"});
+body(avp_types, {Name, Code, Type, Flags}) ->
+    [?NL, ?INDENT, word(Name),
+     [[?SP, ?SP, S] || S <- [?I(Code), Type, Flags]]];
+
+body(messages, {"answer-message", _, _, [], Avps}) ->
+    [?NL, ?NL, ?INDENT,
+     "answer-message ::= < Diameter Header: code, ERR [PXY] >",
+     f_avps(Avps)];
+body(messages, {Name, Code, Flags, ApplId, Avps}) ->
+    [?NL, ?NL, ?INDENT, word(Name), " ::= ", header(Code, Flags, ApplId),
+     f_avps(Avps)];
+
+body(grouped, {Name, Code, Vid, Avps}) ->
+    [?NL, ?NL, ?INDENT, word(Name), " ::= ", avp_header(Code, Vid),
+     f_avps(Avps)].
+
+header(Code, Flags, ApplId) ->
+    ["< Diameter Header: ",
+     ?I(Code),
+     [[", ", ?L(F)] || F <- Flags],
+     [[" ", ?I(N)] || N <- ApplId],
+     " >"].
+
+avp_header(Code, Vid) ->
+    ["< AVP Header: ",
+     ?I(Code),
+     [[" ", ?I(V)] || V <- Vid],
+     " >"].
+
+f_avps(L) ->
+    [[?NL, ?INDENT, ?INDENT, f_avp(A)] || A <- L].
+
+f_avp({Q, A}) ->
+    [D | _] = Avp = f_delim(A),
+    f_avp(f_qual(D, Q), Avp);
+f_avp(A) ->
+    f_avp("", f_delim(A)).
+
+f_delim({{A}}) ->
+    [$<, word(A), $>];
+f_delim({A}) ->
+    [${, word(A), $}];
+f_delim([A]) ->
+    [$[, word(A), $]].
+
+f_avp(Q, [L, Avp, R]) ->
+    Len = length(lists:flatten([Q])),
+    [io_lib:format("~*s", [-1*max(Len+1, 6) , Q]), L, " ", Avp, " ", R].
+
+f_qual(${, '*') ->
+    "1*";  %% Equivalent to "*" but the more common/obvious rendition
+f_qual(_, '*') ->
+    "*";
+f_qual(_, {'*', N}) ->
+    [$*, ?I(N)];
+f_qual(_, {N, '*'}) ->
+    [?I(N), $*];
+f_qual(_, {M,N}) ->
+    [?I(M), $*, ?I(N)].
+
+section(Key) ->
+    ["@", ?L(Key)].
+
+tok(N)
+  when is_integer(N) ->
+    ?I(N);
+tok(N) ->
+    word(N).
+
+word(Str) ->
+    word(diameter_dict_scanner:is_name(Str), Str).
+
+word(true, Str) ->
+    Str;
+word(false, Str) ->
+    [$', Str, $'].
+
+%% ===========================================================================
+
+do_parse(File, Opts) ->
+    Bin  = do([fun read/1, File], read),
+    Toks = do([fun diameter_dict_scanner:scan/1, Bin], scan),
+    Tree = do([fun diameter_dict_parser:parse/1, Toks], parse),
+    make_dict(Tree, Opts).
+
+do([F|A], E) ->
+    case apply(F,A) of
+        {ok, T} ->
+            T;
+        {error, Reason} ->
+            ?RETURN({E, Reason})
+    end.
+
+read({path, Path}) ->
+    file:read_file(Path);
+read(File) ->
+    {ok, iolist_to_binary([File])}.
+
+make_dict(Parse, Opts) ->
+    make_orddict(pass4(pass3(pass2(pass1(reset(make_dict(Parse),
+                                               Opts))),
+                             Opts))).
+
+%% make_orddict/1
+
+make_orddict(Dict) ->
+    dict:fold(fun mo/3,
+              orddict:from_list([{K,[]} || K <- [avp_types,
+                                                 messages,
+                                                 grouped,
+                                                 inherits,
+                                                 custom_types,
+                                                 codecs,
+                                                 avp_vendor_id,
+                                                 enum,
+                                                 define]]),
+              Dict).
+
+mo(K, Sects, Dict)
+  when is_atom(K) ->
+    orddict:store(K, make(K, Sects), Dict);
+
+mo(_, _, Dict) ->
+    Dict.
+
+make(K, [[_Line, {_, _, X}]])
+  when K == id;
+       K == name;
+       K == prefix ->
+    X;
+
+make(vendor, [[_Line, {_, _, Id}, {_, _, Name}]]) ->
+    {Id, Name};
+
+make(K, T)
+  when K == command_codes;
+       K == import_avps;
+       K == import_groups;
+       K == import_enums ->
+    T;
+
+make(K, Sects) ->
+    post(K, foldl(fun([_L|B], A) -> make(K,B,A) end,
+                  [],
+                  Sects)).
+
+post(avp_types, L) ->
+    lists:sort(L);
+
+post(K, L)
+  when K == grouped;
+       K == messages;
+       K == enum;
+       K == define ->
+    lists:reverse(L);
+
+post(_, L) ->
+    L.
+
+make(K, [{_,_,Name} | Body], Acc)
+  when K == enum;
+       K == define;
+       K == avp_vendor_id;
+       K == custom_types;
+       K == inherits;
+       K == codecs ->
+    [{Name, mk(K, Body)} | Acc];
+
+make(K, Body, Acc) ->
+    foldl(fun(T,A) -> [mk(K, T) | A] end, Acc, Body).
+
+mk(avp_types, [{_,_,Name}, {_,_,Code}, {_,_,Type}, {_,_,Flags}]) ->
+    {Name, Code, type(Type), Flags};
+
+mk(messages, [{'answer-message' = A, _}, false | Avps]) ->
+    {?L(A), -1, ['ERR', 'PXY'], [], make_body(Avps)};
+
+mk(messages, [{_,_,Name}, [{_,_,Code}, Flags, ApplId] | Avps]) ->
+    {Name,
+     Code,
+     lists:map(fun({F,_}) -> F end, Flags),
+     opt(ApplId),
+     make_body(Avps)};
+
+mk(grouped, [{_,_,Name}, [{_,_,Code}, Vid] | Avps]) ->
+    {Name, Code, opt(Vid), make_body(Avps)};
+
+mk(K, Body)
+  when K == enum;
+       K == define ->
+    lists:map(fun([{_,_,Name}, {_,_,Value}]) -> {Name, Value} end, Body);
+
+mk(K, Avps)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == inherits;
+       K == codecs ->
+    lists:map(fun({_,_,N}) -> N end, Avps).
+
+opt(false) ->
+    [];
+opt({_,_,X}) ->
+    [X].
+
+make_body(Avps) ->
+    lists:map(fun avp/1, Avps).
+
+avp([false, D, Avp]) ->
+    avp(D, Avp);
+avp([Q, D, Avp]) ->
+    case {qual(D, Q), avp(D, Avp)} of
+        {{0,1}, A} when D == $[ ->
+            A;
+        {{1,1}, A} ->
+            A;
+        T ->
+            T
+    end.
+%% Could just store the qualifier as a pair in all cases but the more
+%% compact form is easier to parse visually so live with a bit of
+%% mapping. Ditto the use of '*'.
+
+avp(D, {'AVP', _}) ->
+    delim(D, "AVP");
+avp(D, {_, _, Name}) ->
+    delim(D, Name).
+
+delim($<, N) ->
+    {{N}};
+delim(${, N) ->
+    {N};
+delim($[, N) ->
+    [N].
+
+%% There's a difference between max = 0 and not specifying an AVP:
+%% reception of an AVP with max = 0 will always be an error, otherwise
+%% it depends on the existence of 'AVP' and the M flag.
+
+qual(${, {{_,L,0}, _}) ->
+    ?RETURN(required_avp_has_zero_min_arity, [L]);
+qual(${, {_, {_,L,0}}) ->
+    ?RETURN(required_avp_has_zero_max_arity, [L]);
+
+qual($[, {{_,L,N}, _})
+  when 0 < N ->
+    ?RETURN(optional_avp_has_nonzero_min_arity, [L]);
+
+qual(_, {{_,L,Min}, {_,_,Max}})
+  when Min > Max ->
+    ?RETURN(qualifier_has_min_greater_than_max, [Min, Max, L]);
+
+qual(_, true) ->
+    '*';
+
+qual(${, {true, {_,_,N}}) ->
+    {1, N};
+qual(_, {true, {_,_,N}}) ->
+    {0, N};
+
+qual(D, {{_,_,N}, true})
+  when D == ${, N == 1;
+       D /= ${, N == 0 ->
+    '*';
+qual(_, {{_,_,N}, true}) ->
+    {N, '*'};
+
+qual(_, {{_,_,Min}, {_,_,Max}}) ->
+    {Min, Max}.
+
+%% Optional reports when running verbosely.
+report(What, [F | A])
+  when is_function(F) ->
+    report(What, apply(F, A));
+report(What, Data) ->
+    report(getr(verbose), What, Data).
+
+report(true, Tag, Data) ->
+    io:format("##~n## ~p ~p~n", [Tag, Data]);
+report(false, _, _) ->
+    ok.
+
+%% ------------------------------------------------------------------------
+%% make_dict/1
+%%
+%% Turn a parsed dictionary into an dict.
+
+make_dict(Parse) ->
+    foldl(fun(T,A) ->
+                  report(section, T),
+                  section(T,A)
+          end,
+          dict:new(),
+          Parse).
+
+section([{T, L} | Rest], Dict)
+  when T == name;
+       T == prefix;
+       T == id;
+       T == vendor ->
+    case find(T, Dict) of
+        [] ->
+            dict:store(T, [[L | Rest]], Dict);
+        [[Line | _]] ->
+            ?RETURN(duplicate_section, [T, L, Line])
+    end;
+
+section([{T, L} | Rest], Dict)
+  when T == avp_types;
+       T == messages;
+       T == grouped;
+       T == inherits;
+       T == custom_types;
+       T == codecs;
+       T == avp_vendor_id;
+       T == enum;
+       T == define ->
+    dict:append(T, [L | Rest], Dict).
+
+%% ===========================================================================
+%% reset/2
+%%
+%% Reset sections from options.
+
+reset(Dict, Opts) ->
+    foldl([fun reset/3, Opts], Dict, [name, prefix, inherits]).
+
+reset(K, Dict, Opts) ->
+    foldl(fun opt/2, Dict, [T || {A,_} = T <- Opts, A == K]).
+
+opt({inherits = Key, "-"}, Dict) ->
+    dict:erase(Key, Dict);
+
+opt({inherits = Key, Mod}, Dict) ->
+    case lists:splitwith(fun(C) -> C /= $/ end, Mod) of
+        {Mod, ""} ->
+            dict:append(Key, [0, {word, 0, Mod}], Dict);
+        {From, [$/|To]} ->
+            dict:store(Key,
+                       [reinherit(From, To, M) || M <- find(Key, Dict)],
+                       Dict)
+    end;
+
+opt({Key, Val}, Dict) ->
+    dict:store(Key, [[0, {word, 0, Val}]], Dict);
+
+opt(_, Dict) ->
+    Dict.
+
+reinherit(From, To, [L, {word, _, From} = T | Avps]) ->
+    [L, setelement(3, T, To) | Avps];
+reinherit(_, _, T) ->
+    T.
+
+%% ===========================================================================
+%% pass1/1
+%%
+%% Explode sections into additional dictionary entries plus semantic
+%% checks.
+
+pass1(Dict) ->
+    true = no_messages_without_id(Dict),
+
+    foldl(fun(K,D) -> foldl([fun p1/3, K], D, find(K,D)) end,
+          Dict,
+          [id,
+           vendor,
+           avp_types,  %% must precede inherits, grouped, enum
+           avp_vendor_id,
+           custom_types,
+           codecs,
+           inherits,
+           grouped,
+           messages,
+           enum,
+           define]).
+
+%% Multiple sections are allowed as long as their bodies don't
+%% overlap. (Except enum/define.)
+
+p1([_Line, N], Dict, id = K) ->
+    true = is_uint32(N, [K]),
+    Dict;
+
+p1([_Line, Id, _Name], Dict, vendor = K) ->
+    true = is_uint32(Id, [K]),
+    Dict;
+
+p1([_Line, X | Body], Dict, K)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == codecs;
+       K == inherits ->
+    foldl([fun explode/4, X, K], Dict, Body);
+
+p1([_Line, X | Body], Dict, K)
+  when K == define;
+       K == enum ->
+    {_, L, Name} = X,
+    foldl([fun explode2/4, X, K],
+          store_new({K, Name},
+                    [L, Body],
+                    Dict,
+                    [K, Name, L],
+                    already_declared),
+          Body);
+
+p1([_Line | Body], Dict, K)
+  when K == avp_types;
+       K == grouped;
+       K == messages ->
+    foldl([fun explode/3, K], Dict, Body).
+
+no_messages_without_id(Dict) ->
+    case find(messages, Dict) of
+        [] ->
+            true;
+        [[Line | _] | _] ->
+            [] /= find(id, Dict) orelse ?RETURN(messages_without_id, [Line])
+    end.
+
+%% Note that the AVP's in avp_vendor_id, custom_types, codecs and
+%% enum can all be inherited, as can the AVP content of messages and
+%% grouped AVP's. Check that the referenced AVP's exist after
+%% importing definitions.
+
+%% explode/4
+%%
+%% {avp_vendor_id, AvpName}                 -> [Lineno, Id::integer()]
+%% {custom_types|codecs|inherits,  AvpName} -> [Lineno, Mod::string()]
+
+explode({_, Line, AvpName}, Dict, {_, _, X} = T, K) ->
+    true = K /= avp_vendor_id orelse is_uint32(T, [K]),
+    true = K /= inherits orelse avp_not_local(AvpName, Line, Dict),
+
+    store_new({key(K), AvpName},
+              [Line, X],
+              Dict,
+              [AvpName, Line, K],
+              avp_already_defined).
+
+%% explode2/4
+
+%% {define, {Name, Key}} -> [Lineno, Value::integer(), enum|define]
+
+explode2([{_, Line, Key}, {_, _, Value} = T], Dict, {_, _, Name}, K) ->
+    true = is_uint32(T, [K, Name]),
+
+    store_new({key(K), {Name, Key}},
+              [Line, Value, K],
+              Dict,
+              [Name, Key, K, Line],
+              key_already_defined).
+
+%% key/1
+%%
+%% Conflate keys that are equivalent as far as uniqueness of
+%% definition goes.
+
+key(K)
+  when K == enum;
+       K == define ->
+    define;
+key(K)
+  when K == custom_types;
+       K == codecs ->
+    custom;
+key(K) ->
+    K.
+
+%% explode/3
+
+%% {avp_types, AvpName}       -> [Line | Toks]
+%% {avp_types, {Code, IsReq}} -> [Line, AvpName]
+%%
+%% where AvpName = string()
+%%       Code    = integer()
+%%       IsReq   = boolean()
+
+explode([{_, Line, Name} | Toks], Dict0, avp_types = K) ->
+    %% Each AVP can be defined only once.
+    Dict = store_new({K, Name},
+                     [Line | Toks],
+                     Dict0,
+                     [Name, Line],
+                     avp_name_already_defined),
+
+    [{number, _, _Code} = C, {word, _, Type}, {word, _, _Flags}] = Toks,
+
+    true = avp_type_known(Type, Name, Line),
+    true = is_uint32(C, [K, Name]),
+
+    Dict;
+
+%% {grouped, Name}            -> [Line, HeaderTok | AvpToks]
+%% {grouped, {Name, AvpName}} -> [Line, Qual, Delim]
+%%
+%% where Name  = string()
+%%       AvpName = string()
+%%       Qual  = {Q, Q} | boolean()
+%%       Q     = true | NumberTok
+%%       Delim = $< | ${ | $[
+
+explode([{_, Line, Name}, Header | Avps], Dict0, grouped = K) ->
+    Dict = store_new({K, Name},
+                     [Line, Header | Avps],
+                     Dict0,
+                     [Name, Line],
+                     group_already_defined),
+
+    [{_,_, Code} = C, Vid] = Header,
+    {DefLine, {_, _, Flags}} = grouped_flags(Name, Code, Dict0, Line),
+    V = lists:member($V, Flags),
+
+    true = is_uint32(C, [K, Name, "AVP code"]),
+    true = is_uint32(Vid, [K, Name, "vendor id"]),
+    false = vendor_id_mismatch(Vid, V, Name, Dict0, Line, DefLine),
+
+    explode_avps(Avps, Dict, K, Name);
+
+%% {messages, Name}            -> [Line, HeaderTok | AvpToks]
+%% {messages, {Code, IsReq}}   -> [Line, NameTok]
+%% {messages, Code}            -> [[Line, NameTok, IsReq]]
+%% {messages, {Name, Flag}}    -> [Line]
+%% {messages, {Name, AvpName}} -> [Line, Qual, Delim]
+%%
+%% where Name  = string()
+%%       Code  = integer()
+%%       IsReq = boolean()
+%%       Flag  = 'REQ' | 'PXY'
+%%       AvpName = string()
+%%       Qual  = true | {Q,Q}
+%%       Q     = true | NumberTok
+%%       Delim = $< | ${ | ${
+
+explode([{'answer-message' = A, Line}, false = H | Avps],
+        Dict0,
+        messages = K) ->
+    Name = ?L(A),
+    Dict1 = store_new({K, Name},
+                      [Line, H, Avps],
+                      Dict0,
+                      [Name, Line],
+                      message_name_already_defined),
+
+    explode_avps(Avps, Dict1, K, Name);
+
+explode([{_, Line, MsgName} = M, Header | Avps],
+        Dict0,
+        messages = K) ->
+    %% There can be at most one message with a given name.
+    Dict1 = store_new({K, MsgName},
+                      [Line, Header | Avps],
+                      Dict0,
+                      [MsgName, Line],
+                      message_name_already_defined),
+
+    [{_, _, Code} = C, Bits, ApplId] = Header,
+
+    %% Don't check any application id since it's required to be
+    %% the same as @id.
+    true = is_uint32(C, [K, MsgName]),
+
+    %% An application id specified as part of the message definition
+    %% has to agree with @id. The former is parsed just because RFC
+    %% 3588 specifies it.
+    false = application_id_mismatch(ApplId, Dict1, MsgName),
+
+    IsReq = lists:keymember('REQ', 1, Bits),
+
+    %% For each command code, there can be at most one request and
+    %% one answer.
+    Dict2 = store_new({K, {Code, IsReq}},
+                      [Line, M],
+                      Dict1,
+                      [choose(IsReq, "Request", "Answer"), Code, Line],
+                      message_code_already_defined),
+
+    %% For each message, each flag can occur at most once.
+    Dict3 = foldl(fun({F,L},D) ->
+                          store_new({K, {MsgName, F}},
+                                    [L],
+                                    D,
+                                    [MsgName, ?L(F)],
+                                    message_has_duplicate_flag)
+                  end,
+                  Dict2,
+                  Bits),
+
+    dict:append({K, Code},
+                [Line, M, IsReq],
+                explode_avps(Avps, Dict3, K, MsgName)).
+
+%% explode_avps/4
+%%
+%% Ensure required AVP order and sane qualifiers. Can't check for AVP
+%% names until after they've been imported.
+%%
+%% RFC 3588 allows a trailing fixed while 3588bis doesn't. Parse the
+%% former.
+
+explode_avps(Avps, Dict, Key, Name) ->
+    xa("<{[<", Avps, Dict, Key, Name).
+
+xa(_, [], Dict, _, _) ->
+    Dict;
+
+xa(Ds, [[Qual, D, {'AVP', Line}] | Avps], Dict, Key, Name) ->
+    xa(Ds, [[Qual, D, {word, Line, "AVP"}] | Avps], Dict, Key, Name);
+
+xa([], [[_Qual, D, {_, Line, Name}] | _], _, _, _) ->
+    ?RETURN(invalid_avp_order, [D, Name, close(D), Line]);
+
+xa([D|_] = Ds, [[Qual, D, {_, Line, AvpName}] | Avps], Dict, Key, Name) ->
+    xa(Ds,
+       Avps,
+       store_new({Key, {Name, AvpName}},
+                 [Line, Qual, D],
+                 Dict,
+                 [Name, Line],
+                 avp_already_referenced),
+       Key,
+       Name);
+
+xa([_|Ds], Avps, Dict, Key, Name) ->
+    xa(Ds, Avps, Dict, Key, Name).
+
+close($<) -> $>;
+close(${) -> $};
+close($[) -> $].
+
+%% is_uint32/2
+
+is_uint32(false, _) ->
+    true;
+is_uint32({Line, _, N}, Args) ->
+    N < 1 bsl 32 orelse ?RETURN(uint32_out_of_range, Args ++ [N, Line]).
+%% Can't call diameter_types here since it may not exist yet.
+
+%% application_id_mismatch/3
+
+application_id_mismatch({number, Line, Id}, Dict, MsgName) ->
+    [[_, {_, L, I}]] = dict:fetch(id, Dict),
+
+    I /= Id andalso ?RETURN(message_application_id_mismatch,
+                            [MsgName, Id, Line, I, L]);
+
+application_id_mismatch(false = No, _, _) ->
+    No.
+
+%% avp_not_local/3
+
+avp_not_local(Name, Line, Dict) ->
+    A = find({avp_types, Name}, Dict),
+
+    [] == A orelse ?RETURN(inherited_avp_already_defined,
+                           [Name, Line, hd(A)]).
+
+%% avp_type_known/3
+
+avp_type_known(Type, Name, Line) ->
+    false /= type(Type)
+        orelse ?RETURN(avp_has_unknown_type, [Name, Line, Type]).
+
+%% vendor_id_mismatch/6
+%%
+%% Require a vendor id specified on a group to match any specified
+%% in @avp_vendor_id. Note that both locations for the value are
+%% equivalent, both in the value being attributed to a locally
+%% defined AVP and ignored when imported from another dictionary.
+
+vendor_id_mismatch({_,_,_}, false, Name, _, Line, DefLine) ->
+    ?RETURN(grouped_vendor_id_without_flag, [Name, Line, DefLine]);
+
+vendor_id_mismatch({_, _, I}, true, Name, Dict, Line, _) ->
+    case vendor_id(Name, Dict) of
+        {avp_vendor_id, L, N} ->
+            I /= N andalso
+                ?RETURN(grouped_vendor_id_mismatch, [Name, Line, I, N, L]);
+        _ ->
+            false
+    end;
+
+vendor_id_mismatch(_, _, _, _, _, _) ->
+    false.
+
+%% grouped_flags/4
+
+grouped_flags(Name, Code, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [L, {_, _, Code}, {_, _, "Grouped"}, Flags] ->
+            {L, Flags};
+        [_, {_, L, C}, {_, _, "Grouped"}, _Flags] ->
+            ?RETURN(grouped_avp_code_mismatch, [Name, Line, Code, C, L]);
+        [_, _Code, {_, L, T}, _] ->
+            ?RETURN(grouped_avp_has_wrong_type, [Name, Line, T, L]);
+        [] ->
+            ?RETURN(grouped_avp_not_defined, [Name, Line])
+    end.
+
+%% vendor_id/2
+
+%% Look for a vendor id in @avp_vendor_id, then @vendor.
+vendor_id(Name, Dict) ->
+    case find({avp_vendor_id, Name}, Dict) of
+        [Line, Id] when is_integer(Id) ->
+            {avp_vendor_id, Line, Id};
+        [] ->
+            vendor(Dict)
+    end.
+
+vendor(Dict) ->
+    case find(vendor, Dict) of
+        [[_Line, {_, _, Id}, {_, _, _}]] ->
+            {vendor, Id};
+        [] ->
+            false
+    end.
+
+%% find/2
+
+find(Key, Dict) ->
+    case dict:find(Key, Dict) of
+        {ok, L} when is_list(L) ->
+            L;
+        error ->
+            []
+    end.
+
+%% store_new/5
+
+store_new(Key, Value, Dict, Args, Err) ->
+    case dict:find(Key, Dict) of
+        {ok, [L | _]} ->
+            ?RETURN(Err, Args ++ [L]);
+        error ->
+            dict:store(Key, Value, Dict)
+    end.
+
+%% type/1
+
+type("DiamIdent") ->
+    "DiameterIdentity";
+type("DiamURI") ->
+    "DiameterURI";
+type(T)
+  when T == "OctetString";
+       T == "Integer32";
+       T == "Integer64";
+       T == "Unsigned32";
+       T == "Unsigned64";
+       T == "Float32";
+       T == "Float64";
+       T == "Grouped";
+       T == "Enumerated";
+       T == "Address";
+       T == "Time";
+       T == "UTF8String";
+       T == "DiameterIdentity";
+       T == "DiameterURI";
+       T == "IPFilterRule";
+       T == "QoSFilterRule" ->
+    T;
+type(_) ->
+    false.
+
+%% ===========================================================================
+%% pass2/1
+%%
+%% More explosion, but that requires the previous pass to write its
+%% entries.
+
+pass2(Dict) ->
+    foldl(fun(K,D) -> foldl([fun p2/3, K], D, find(K,D)) end,
+          Dict,
+          [avp_types]).
+
+p2([_Line | Body], Dict, avp_types) ->
+    foldl(fun explode_avps/2, Dict, Body);
+
+p2([], Dict, _) ->
+    Dict.
+
+explode_avps([{_, Line, Name} | Toks], Dict) ->
+    [{number, _, Code}, {word, _, _Type}, {word, _, Flags}] = Toks,
+
+    true = avp_flags_valid(Flags, Name, Line),
+
+    Vid = avp_vendor_id(Flags, Name, Line, Dict),
+
+    %% An AVP is uniquely defined by its AVP code and vendor id (if any).
+    %% Ensure there are no duplicate.
+    store_new({avp_types, {Code, Vid}},
+              [Line, Name],
+              Dict,
+              [Code, Vid, Name, Line],
+              avp_code_already_defined).
+
+%% avp_flags_valid/3
+
+avp_flags_valid(Flags, Name, Line) ->
+    Bad = lists:filter(fun(C) -> not lists:member(C, "MVP") end, Flags),
+    [] == Bad
+        orelse ?RETURN(avp_has_invalid_flag, [Name, Line, hd(Bad)]),
+
+    Dup = Flags -- "MVP",
+    [] == Dup
+        orelse ?RETURN(avp_has_duplicate_flag, [Name, Line, hd(Dup)]).
+
+%% avp_vendor_id/4
+
+avp_vendor_id(Flags, Name, Line, Dict) ->
+    V = lists:member($V, Flags),
+
+    case vendor_id(Name, Dict) of
+        {avp_vendor_id, _, I} when V ->
+            I;
+        {avp_vendor_id, L, I} ->
+            ?RETURN(avp_has_vendor_id, [Name, Line, I, L]);
+        {vendor, I} when V ->
+            I;
+        false when V ->
+            ?RETURN(avp_has_no_vendor, [Name, Line]);
+        _ ->
+            false
+    end.
+
+%% ===========================================================================
+%% pass3/2
+%%
+%% Import AVPs.
+
+pass3(Dict, Opts) ->
+    import_enums(import_groups(import_avps(insert_codes(Dict), Opts))).
+
+%% insert_codes/1
+%%
+%% command_codes -> [{Code, ReqNameTok, AnsNameTok}]
+
+insert_codes(Dict) ->
+    dict:store(command_codes,
+               dict:fold(fun make_code/3, [], Dict),
+               Dict).
+
+make_code({messages, Code}, Names, Acc)
+  when is_integer(Code) ->
+    [mk_code(Code, Names) | Acc];
+make_code(_, _, Acc) ->
+    Acc.
+
+mk_code(Code, [[_, _, false] = Ans, [_, _, true] = Req]) ->
+    mk_code(Code, [Req, Ans]);
+
+mk_code(Code, [[_, {_,_,Req}, true], [_, {_,_,Ans}, false]]) ->
+    {Code, Req, Ans};
+
+mk_code(_Code, [[Line, _Name, IsReq]]) ->
+    ?RETURN(message_missing, [choose(IsReq, "Request", "Answer"),
+                              Line,
+                              choose(IsReq, "answer", "request")]).
+
+%% import_avps/2
+
+import_avps(Dict, Opts) ->
+    Import = inherit(Dict, Opts),
+    report(imported, Import),
+
+    %% pass4/1 tests that all referenced AVP's are either defined
+    %% or imported.
+
+    dict:store(import_avps,
+               lists:map(fun({M, _, As}) -> {M, [A || {_,A} <- As]} end,
+                         lists:reverse(Import)),
+               foldl(fun explode_imports/2, Dict, Import)).
+
+explode_imports({Mod, Line, Avps}, Dict) ->
+    foldl([fun xi/4, Mod, Line], Dict, Avps).
+
+xi({L, {Name, _Code, _Type, _Flags} = A}, Dict, Mod, Line) ->
+    store_new({avp_types, Name},
+              [0, Mod, Line, L, A],
+              store_new({import, Name},
+                        [Line],
+                        Dict,
+                        [Name, Line],
+                        duplicate_import),
+              [Name, Mod, Line],
+              imported_avp_already_defined).
+
+%% import_groups/1
+%% import_enums/1
+%%
+%% For each inherited module, store the content of imported AVP's of
+%% type grouped/enumerated in a new key.
+
+import_groups(Dict) ->
+    dict:store(import_groups, import(grouped, Dict), Dict).
+
+import_enums(Dict) ->
+    dict:store(import_enums, import(enum, Dict), Dict).
+
+import(Key, Dict) ->
+    flatmap([fun import_key/2, Key], dict:fetch(import_avps, Dict)).
+
+import_key({Mod, Avps}, Key) ->
+    As = lists:flatmap(fun(T) ->
+                               N = element(1,T),
+                               choose(lists:keymember(N, 1, Avps), [T], [])
+                       end,
+                       orddict:fetch(Key, dict(Mod))),
+    if As == [] ->
+            [];
+       true ->
+            [{Mod, As}]
+    end.
+
+%% ------------------------------------------------------------------------
+%% inherit/2
+%%
+%% Return a {Mod, Line, [{Lineno, Avp}]} list, where Mod is a module
+%% name, Line points to the corresponding @inherit and each Avp is
+%% from Mod:dict(). Lineno is 0 if the import is implicit.
+
+inherit(Dict, Opts) ->
+    code:add_pathsa([D || {include, D} <- Opts]),
+    foldl(fun inherit_avps/2, [], find(inherits, Dict)).
+%% Note that the module order of the returned lists is reversed
+%% relative to @inherits.
+
+inherit_avps([Line, {_,_,M} | Names], Acc) ->
+    Mod = ?A(M),
+    report(inherit_from, Mod),
+    case find_avps(Names, avps_from_module(Mod)) of
+        {_, [{_, L, N} | _]} ->
+            ?RETURN(requested_avp_not_found, [Mod, Line, N, L]);
+        {Found, []} ->
+            [{Mod, Line, lists:sort(Found)} | Acc]
+    end.
+
+%% Import everything not defined locally ...
+find_avps([], Avps) ->
+    {[{0, A} || A <- Avps], []};
+
+%% ... or specified AVPs.
+find_avps(Names, Avps) ->
+    foldl(fun acc_avp/2, {[], Names}, Avps).
+
+acc_avp({Name, _Code, _Type, _Flags} = A, {Found, Not} = Acc) ->
+    case lists:keyfind(Name, 3, Not) of
+        {_, Line, Name} ->
+            {[{Line, A} | Found], lists:keydelete(Name, 3, Not)};
+        false ->
+            Acc
+    end.
+
+%% avps_from_module/2
+
+avps_from_module(Mod) ->
+    orddict:fetch(avp_types, dict(Mod)).
+
+dict(Mod) ->
+    try Mod:dict() of
+        [?VERSION | Dict] ->
+            Dict;
+        _ ->
+            ?RETURN(recompile, [Mod])
+    catch
+        error: _ ->
+            ?RETURN(choose(false == code:is_loaded(Mod),
+                           not_loaded,
+                           no_dict),
+                    [Mod])
+    end.
+
+%% ===========================================================================
+%% pass4/1
+%%
+%% Sanity checks.
+
+pass4(Dict) ->
+    dict:fold(fun(K, V, _) -> p4(K, V, Dict) end, ok, Dict),
+    Dict.
+
+%% Ensure enum AVP's have type Enumerated.
+p4({enum, Name}, [Line | _], Dict)
+  when is_list(Name) ->
+    true = is_enumerated_avp(Name, Dict, Line);
+
+%% Ensure all referenced AVP's are either defined locally or imported.
+p4({K, {Name, AvpName}}, [Line | _], Dict)
+  when (K == grouped orelse K == messages),
+       is_list(Name),
+       is_list(AvpName),
+       AvpName /= "AVP" ->
+    true = avp_is_defined(AvpName, Dict, Line);
+
+%% Ditto.
+p4({K, AvpName}, [Line | _], Dict)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == codecs ->
+    true = avp_is_defined(AvpName, Dict, Line);
+
+p4(_, _, _) ->
+    ok.
+
+%% has_enumerated_type/3
+
+is_enumerated_avp(Name, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [_Line, _Code, {_, _, "Enumerated"}, _Flags] ->   %% local
+            true;
+        [_Line, _Code, {_, L, T}, _] ->
+            ?RETURN(enumerated_avp_has_wrong_local_type,
+                    [Name, Line, T, L]);
+        [0, _, _, _, {_Name, _Code, "Enumerated", _Flags}] ->   %% inherited
+            true;
+        [0, Mod, LM, LA, {_Name, _Code, Type, _Flags}] ->
+            ?RETURN(enumerated_avp_has_wrong_inherited_type,
+                    [Name, Line, Type, Mod, choose(0 == LA, LM, LA)]);
+        [] ->
+            ?RETURN(enumerated_avp_not_defined, [Name, Line])
+    end.
+
+avp_is_defined(Name, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [_Line, _Code, _Type, _Flags] ->   %% local
+            true;
+        [0, _, _, _, {Name, _Code, _Type, _Flags}] ->  %% inherited
+            true;
+        [] ->
+            ?RETURN(avp_not_defined, [Name, Line])
+    end.
+
+%% ===========================================================================
+
+putr(Key, Value) ->
+    put({?MODULE, Key}, Value).
+
+getr(Key) ->
+    get({?MODULE, Key}).
+
+eraser(Key) ->
+    erase({?MODULE, Key}).
+
+choose(true, X, _)  -> X;
+choose(false, _, X) -> X.
+
+foldl(F, Acc, List) ->
+    lists:foldl(fun(T,A) -> eval([F,T,A]) end, Acc, List).
+
+flatmap(F, List) ->
+    lists:flatmap(fun(T) -> eval([F,T]) end, List).
+
+eval([[F|X] | A]) ->
+    eval([F | A ++ X]);
+eval([F|A]) ->
+    apply(F,A).
diff --git a/lib/diameter/src/compiler/diameter_exprecs.erl b/lib/diameter/src/compiler/diameter_exprecs.erl
new file mode 100644
index 0000000000..191f53f29d
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_exprecs.erl
@@ -0,0 +1,275 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Parse transform for generating record access functions
+%%
+%% This parse transform can be used to reduce compile-time
+%% dependencies in large systems.
+%%
+%% In the old days, before records, Erlang programmers often wrote
+%% access functions for tuple data. This was tedious and error-prone.
+%% The record syntax made this easier, but since records were implemented
+%% fully in the pre-processor, a nasty compile-time dependency was
+%% introduced.
+%%
+%% This module automates the generation of access functions for
+%% records. While this method cannot fully replace the utility of
+%% pattern matching, it does allow a fair bit of functionality on
+%% records without the need for compile-time dependencies.
+%%
+%% Whenever record definitions need to be exported from a module,
+%% inserting a compiler attribute,
+%%
+%%   export_records([RecName, ...])
+%%
+%% causes this transform to lay out access functions for the exported
+%% records:
+%%
+%%   -module(foo)
+%%   -compile({parse_transform, diameter_exprecs}).
+%%
+%%   -record(r, {a, b, c}).
+%%   -export_records([a]).
+%%
+%%   -export(['#info-'/1, '#info-'/2,
+%%            '#new-'/1, '#new-'/2,
+%%            '#get-'/2, '#set-'/2,
+%%            '#new-a'/0, '#new-a'/1,
+%%            '#get-a'/2, '#set-a'/2,
+%%            '#info-a'/1]).
+%%
+%%   '#info-'(RecName) ->
+%%       '#info-'(RecName, fields).
+%%
+%%   '#info-'(r, Info) ->
+%%       '#info-r'(Info).
+%%
+%%   '#new-'(r) -> #r{}.
+%%   '#new-'(r, Vals) -> '#new-r'(Vals)
+%%
+%%   '#new-r'() -> #r{}.
+%%   '#new-r'(Vals) -> '#set-r'(Vals, #r{}).
+%%
+%%   '#get-'(Attrs, #r{} = Rec) ->
+%%       '#get-r'(Attrs, Rec).
+%%
+%%   '#get-r'(Attrs, Rec) when is_list(Attrs) ->
+%%       ['#get-r'(A, Rec) || A <- Attrs];
+%%   '#get-r'(a, Rec) -> Rec#r.a;
+%%   '#get-r'(b, Rec) -> Rec#r.b;
+%%   '#get-r'(c, Rec) -> Rec#r.c.
+%%
+%%   '#set-'(Vals, #r{} = Rec) ->
+%%       '#set-r'(Vals, Rec).
+%%
+%%   '#set-r'(Vals, Rec) when is_list(Vals) ->
+%%       lists:foldl(fun '#set-r'/2, Rec, Vals);
+%%   '#set-r'({a,V}, Rec) -> Rec#r{a = V};
+%%   '#set-r'({b,V}, Rec) -> Rec#r{b = V};
+%%   '#set-r'({c,V}, Rec) -> Rec#r{c = V}.
+%%
+%%   '#info-r'(fields) -> record_info(fields, r);
+%%   '#info-r'(size) -> record_info(size, r);
+%%   '#info-r'({index, a}) -> 1;
+%%   '#info-r'({index, b}) -> 2;
+%%   '#info-r'({index, c}) -> 3;
+%%
+
+-module(diameter_exprecs).
+
+-export([parse_transform/2]).
+
+-include("diameter_forms.hrl").
+
+%% parse_transform/2
+
+parse_transform(Forms, _Options) ->
+    Rs = [R || {attribute, _, record, R} <- Forms],
+    Es = lists:append([E || {attribute, _, export_records, E} <- Forms]),
+    {H,T} = lists:splitwith(fun is_head/1, Forms),
+    H ++ [a_export(Es) | f_accessors(Es, Rs)] ++ T.
+
+is_head(T) ->
+    not lists:member(element(1,T), [function, eof]).
+
+%% a_export/1
+
+a_export(Exports) ->
+    {?attribute, export, [{fname(info), 1},
+                          {fname(info), 2},
+                          {fname(new), 1},
+                          {fname(new), 2},
+                          {fname(get), 2},
+                          {fname(set), 2}
+                          | lists:flatmap(fun export/1, Exports)]}.
+
+export(Rname) ->
+    New = fname(new, Rname),
+    [{New, 0},
+     {New, 1},
+     {fname(get, Rname), 2},
+     {fname(set, Rname), 2},
+     {fname(info, Rname), 1}].
+
+%% f_accessors/2
+
+f_accessors(Es, Rs) ->
+    ['#info-/1'(),
+     '#info-/2'(Es),
+     '#new-/1'(Es),
+     '#new-/2'(Es),
+     '#get-/2'(Es),
+     '#set-/2'(Es)
+     | lists:flatmap(fun(N) -> accessors(N, fields(N, Rs)) end, Es)].
+
+accessors(Rname, Fields) ->
+    ['#new-X/0'(Rname),
+     '#new-X/1'(Rname),
+     '#get-X/2'(Rname, Fields),
+     '#set-X/2'(Rname, Fields),
+     '#info-X/1'(Rname, Fields)].
+
+fields(Rname, Recs) ->
+    {Rname, Fields} = lists:keyfind(Rname, 1, Recs),
+    lists:map(fun({record_field, _, {atom, _, N}})    -> N;
+                 ({record_field, _, {atom, _, N}, _}) -> N
+              end,
+              Fields).
+
+fname_prefix(Op) ->
+    "#" ++ atom_to_list(Op) ++ "-".
+
+fname(Op) ->
+    list_to_atom(fname_prefix(Op)).
+
+fname(Op, Rname) ->
+    Prefix = fname_prefix(Op),
+    list_to_atom(Prefix ++ atom_to_list(Rname)).
+
+%% Generated functions.
+
+'#info-/1'() ->
+    Fname = fname(info),
+    {?function, Fname, 1,
+     [{?clause, [?VAR('RecName')],
+       [],
+       [?CALL(Fname, [?VAR('RecName'), ?ATOM(fields)])]}]}.
+
+'#info-/2'(Exports) ->
+    {?function, fname(info), 2,
+     lists:map(fun 'info-'/1, Exports) ++ [?BADARG(2)]}.
+
+'info-'(R) ->
+    {?clause, [?ATOM(R), ?VAR('Info')],
+     [],
+     [?CALL(fname(info, R), [?VAR('Info')])]}.
+
+'#new-/1'(Exports) ->
+    {?function, fname(new), 1,
+     lists:map(fun 'new-'/1, Exports) ++ [?BADARG(1)]}.
+
+'new-'(R) ->
+    {?clause, [?ATOM(R)],
+     [],
+     [{?record, R, []}]}.
+
+'#new-/2'(Exports) ->
+    {?function, fname(new), 2,
+     lists:map(fun 'new--'/1, Exports) ++ [?BADARG(2)]}.
+
+'new--'(R) ->
+    {?clause, [?ATOM(R), ?VAR('Vals')],
+     [],
+     [?CALL(fname(new, R), [?VAR('Vals')])]}.
+
+'#get-/2'(Exports) ->
+    {?function, fname(get), 2,
+     lists:map(fun 'get-'/1, Exports) ++ [?BADARG(2)]}.
+
+'get-'(R) ->
+    {?clause, [?VAR('Attrs'),
+               {?match, {?record, R, []}, ?VAR('Rec')}],
+     [],
+     [?CALL(fname(get, R), [?VAR('Attrs'), ?VAR('Rec')])]}.
+
+'#set-/2'(Exports) ->
+    {?function, fname(set), 2,
+     lists:map(fun 'set-'/1, Exports) ++ [?BADARG(2)]}.
+
+'set-'(R) ->
+    {?clause, [?VAR('Vals'), {?match, {?record, R, []}, ?VAR('Rec')}],
+     [],
+     [?CALL(fname(set, R), [?VAR('Vals'), ?VAR('Rec')])]}.
+
+'#new-X/0'(Rname) ->
+    {?function, fname(new, Rname), 0,
+     [{?clause, [],
+       [],
+       [{?record, Rname, []}]}]}.
+
+'#new-X/1'(Rname) ->
+    {?function, fname(new, Rname), 1,
+     [{?clause, [?VAR('Vals')],
+       [],
+       [?CALL(fname(set, Rname), [?VAR('Vals'), {?record, Rname, []}])]}]}.
+
+'#set-X/2'(Rname, Fields) ->
+    {?function, fname(set, Rname), 2,
+     [{?clause, [?VAR('Vals'), ?VAR('Rec')],
+       [[?CALL(is_list, [?VAR('Vals')])]],
+       [?APPLY(lists, foldl, [{?'fun', {function, fname(set, Rname), 2}},
+                              ?VAR('Rec'),
+                              ?VAR('Vals')])]}
+      | lists:map(fun(A) -> 'set-X'(Rname, A) end, Fields)]}.
+
+'set-X'(Rname, Attr) ->
+    {?clause, [{?tuple, [?ATOM(Attr), ?VAR('V')]}, ?VAR('Rec')],
+     [],
+     [{?record, ?VAR('Rec'), Rname,
+       [{?record_field, ?ATOM(Attr), ?VAR('V')}]}]}.
+
+'#get-X/2'(Rname, Fields) ->
+    FName = fname(get, Rname),
+    {?function, FName, 2,
+     [{?clause, [?VAR('Attrs'), ?VAR('Rec')],
+       [[?CALL(is_list, [?VAR('Attrs')])]],
+       [{?lc, ?CALL(FName, [?VAR('A'), ?VAR('Rec')]),
+	 [{?generate, ?VAR('A'), ?VAR('Attrs')}]}]}
+      | lists:map(fun(A) -> 'get-X'(Rname, A) end, Fields)]}.
+
+'get-X'(Rname, Attr) ->
+    {?clause, [?ATOM(Attr), ?VAR('Rec')],
+     [],
+     [{?record_field, ?VAR('Rec'), Rname, ?ATOM(Attr)}]}.
+
+'#info-X/1'(Rname, Fields) ->
+    {?function, fname(info, Rname), 1,
+     [{?clause, [?ATOM(fields)],
+       [],
+       [?CALL(record_info, [?ATOM(fields), ?ATOM(Rname)])]},
+      {?clause, [?ATOM(size)],
+       [],
+       [?CALL(record_info, [?ATOM(size), ?ATOM(Rname)])]}
+      | lists:map(fun(A) -> 'info-X'(Rname, A) end, Fields)]}.
+
+'info-X'(Rname, Attr) ->
+    {?clause, [{?tuple, [?ATOM(index), ?ATOM(Attr)]}],
+     [],
+     [{?record_index, Rname, ?ATOM(Attr)}]}.
diff --git a/lib/diameter/src/compiler/diameter_forms.hrl b/lib/diameter/src/compiler/diameter_forms.hrl
index d93131df34..4cd86c32aa 100644
--- a/lib/diameter/src/compiler/diameter_forms.hrl
+++ b/lib/diameter/src/compiler/diameter_forms.hrl
@@ -21,6 +21,13 @@
 %% Macros used when building abstract code.
 %%
 
+%% Generated functions that could have no generated clauses will have
+%% a trailing ?BADARG clause that should never execute as called
+%% by diameter.
+-define(BADARG(N), {?clause, [?VAR('_') || _ <- lists:seq(1,N)],
+                    [],
+                    [?APPLY(erlang, error, [?ATOM(badarg)])]}).
+
 %% Form tag with line number.
 -define(F(T), T, ?LINE).
 %% Yes, that's right. The replacement is to the first unmatched ')'.
diff --git a/lib/diameter/src/compiler/diameter_make.erl b/lib/diameter/src/compiler/diameter_make.erl
index 4431b88c4d..16e30c1ffb 100644
--- a/lib/diameter/src/compiler/diameter_make.erl
+++ b/lib/diameter/src/compiler/diameter_make.erl
@@ -18,103 +18,115 @@
 %%
 
 %%
-%% Driver for the encoder generator utility.
+%% Module alternative to diameterc for dictionary compilation.
+%%
+%% Eg. 1> diameter_make:codec("mydict.dia").
+%%
+%%     $ erl -noinput \
+%%           -boot start_clean \
+%%           -eval 'ok = diameter_make:codec("mydict.dia")' \
+%%           -s init stop
 %%
 
 -module(diameter_make).
 
--export([spec/0,
-         hrl/0,
-         erl/0]).
+-export([codec/1,
+         codec/2,
+         dict/1,
+         dict/2,
+         format/1,
+         reformat/1]).
 
--spec spec() -> no_return().
--spec hrl()  -> no_return().
--spec erl()  -> no_return().
+-export_type([opt/0]).
 
-spec() ->
-    make(spec).
+-type opt() :: {include|outdir|name|prefix|inherits, string()}
+             | verbose
+             | debug.
 
-hrl() ->
-    make(hrl).
+%% ===========================================================================
 
-erl() ->
-    make(erl).
+%% codec/1-2
+%%
+%% Parse a dictionary file and generate a codec module.
+
+-spec codec(Path, [opt()])
+   -> ok
+    | {error, Reason}
+ when Path :: string(),
+      Reason :: string().
+
+codec(File, Opts) ->
+    case dict(File, Opts) of
+        {ok, Dict} ->
+            make(File,
+                 Opts,
+                 Dict,
+                 [spec || _ <- [1], lists:member(debug, Opts)] ++ [erl, hrl]);
+        {error, _} = E ->
+            E
+    end.
 
-%% make/1
+codec(File) ->
+    codec(File, []).
 
-make(Mode) ->
-    Args = init:get_plain_arguments(),
-    Opts = try options(Args) catch throw: help -> help(Mode) end,
-    Files = proplists:get_value(files, Opts, []),
-    lists:foreach(fun(F) -> from_file(F, Mode, Opts) end, Files),
-    halt(0).
+%% dict/2
+%%
+%% Parse a dictionary file and return the orddict that a codec module
+%% returns from dict/0.
+
+-spec dict(string(), [opt()])
+   -> {ok, orddict:orddict()}
+    | {error, string()}.
+
+dict(Path, Opts) ->
+    case diameter_dict_util:parse({path, Path}, Opts) of
+        {ok, _} = Ok ->
+            Ok;
+        {error = E, Reason} ->
+            {E, diameter_dict_util:format_error(Reason)}
+    end.
 
-%% from_file/3
+dict(File) ->
+    dict(File, []).
 
-from_file(F, Mode, Opts) ->
-    try to_spec(F, Mode, Opts) of
-        Spec ->
-            from_spec(F, Spec, Mode, Opts)
-    catch
-        error: Reason ->
-            io:format("==> ~p parse failure:~n~p~n",
-                      [F, {Reason, erlang:get_stacktrace()}]),
-            halt(1)
-    end.
+%% format/1
+%%
+%% Turn an orddict returned by dict/1-2 back into a dictionary file
+%% in the form of an iolist().
 
-%% to_spec/2
+-spec format(orddict:orddict())
+   -> iolist().
 
-%% Try to read the input as an already parsed file or else parse it.
-to_spec(F, spec, Opts) ->
-    diameter_spec_util:parse(F, Opts);
-to_spec(F, _, _) ->
-    {ok, [Spec]} = file:consult(F),
-    Spec.
+format(Dict) ->
+    diameter_dict_util:format(Dict).
 
-%% from_spec/4
+%% reformat/1
+%%
+%% Parse a dictionary file and return its formatted equivalent.
+
+-spec reformat(File)
+   -> {ok, iolist()}
+    | {error, Reason}
+ when File :: string(),
+      Reason :: string().
+
+reformat(File) ->
+    case dict(File) of
+        {ok, Dict} ->
+            {ok, format(Dict)};
+        {error, _} = No ->
+            No
+    end.
 
-from_spec(File, Spec, Mode, Opts) ->
+%% ===========================================================================
+
+make(_, _, _, []) ->
+    ok;
+make(File, Opts, Dict, [Mode | Rest]) ->
     try
-        diameter_codegen:from_spec(File, Spec, Opts, Mode)
+        ok = diameter_codegen:from_dict(File, Dict, Opts, Mode),
+        make(File, Opts, Dict, Rest)
     catch
         error: Reason ->
-            io:format("==> ~p codegen failure:~n~p~n~p~n",
-                      [Mode, File, {Reason, erlang:get_stacktrace()}]),
-            halt(1)
+            erlang:error({Reason, Mode, erlang:get_stacktrace()})
     end.
-
-%% options/1
-
-options(["-v" | Rest]) ->
-    [verbose | options(Rest)];
-
-options(["-o", Outdir | Rest]) ->
-    [{outdir, Outdir} | options(Rest)];
-
-options(["-i", Incdir | Rest]) ->
-    [{include, Incdir} | options(Rest)];
-
-options(["-h" | _]) ->
-    throw(help);
-
-options(["--" | Fs]) ->
-    [{files, Fs}];
-
-options(["-" ++ _ = Opt | _]) ->
-    io:fwrite("==> unknown option: ~s~n", [Opt]),
-    throw(help);
-
-options(Fs) ->  %% trailing arguments
-    options(["--" | Fs]).
-
-%% help/1
-
-help(M) ->
-    io:fwrite("Usage: ~p ~p [Options] [--] File ...~n"
-              "Options:~n"
-              " -v              verbose output~n"
-              " -h              shows this help message~n"
-              " -o OutDir       where to put the output files~n"
-              " -i IncludeDir   where to search for beams to import~n",
-              [?MODULE, M]),
-    halt(1).
diff --git a/lib/diameter/src/compiler/diameter_nowarn.erl b/lib/diameter/src/compiler/diameter_nowarn.erl
new file mode 100644
index 0000000000..6c17af6563
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_nowarn.erl
@@ -0,0 +1,41 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% A parse transform to work around dialyzer currently not
+%% understanding nowarn_unused_function except on individual
+%% functions. The include of diameter_gen.hrl by generated dictionary
+%% modules contains code that may not be called depending on the
+%% dictionary. (The relay dictionary for example.)
+%%
+%% Even called functions may contain cases that aren't used for a
+%% particular dictionary. This also causes dialyzer to complain but
+%% there's no way to silence it in this case.
+%%
+
+-module(diameter_nowarn).
+
+-export([parse_transform/2]).
+
+parse_transform(Forms, _Options) ->
+    [{attribute, ?LINE, compile, {nowarn_unused_function, {F,A}}}
+     || {function, _, F, A, _} <- Forms]
+    ++ Forms.
+%% Note that dialyzer also doesn't understand {nowarn_unused_function, FAs}
+%% with FAs a list of tuples.
diff --git a/lib/diameter/src/compiler/diameter_spec_scan.erl b/lib/diameter/src/compiler/diameter_spec_scan.erl
deleted file mode 100644
index bc0448882a..0000000000
--- a/lib/diameter/src/compiler/diameter_spec_scan.erl
+++ /dev/null
@@ -1,157 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--module(diameter_spec_scan).
-
-%%
-%% Functions used by the spec file parser in diameter_spec_util.
-%%
-
--export([split/1,
-         split/2,
-         parse/1]).
-
-%%% -----------------------------------------------------------
-%%% # parse/1
-%%%
-%%% Output: list of Token
-%%%
-%%%         Token = '{' | '}' | '<' | '>' | '[' | ']'
-%%%               | '*' | '::=' | ':' | ',' | '-'
-%%%               | {name, string()}
-%%%               | {tag, atom()}
-%%%               | {number, integer() >= 0}
-%%%
-%%% Tokenize a string. Fails if the string does not parse.
-%%% -----------------------------------------------------------
-
-parse(S) ->
-    parse(S, []).
-
-%% parse/2
-
-parse(S, Acc) ->
-    acc(split(S), Acc).
-
-acc({T, Rest}, Acc) ->
-    parse(Rest, [T | Acc]);
-acc("", Acc) ->
-    lists:reverse(Acc).
-
-%%% -----------------------------------------------------------
-%%% # split/2
-%%%
-%%% Output: {list() of Token, Rest}
-%%%
-%%% Extract a specified number of tokens from a string. Returns a list
-%%% of length less than the specified number if there are less than
-%%% this number of tokens to be parsed.
-%%% -----------------------------------------------------------
-
-split(Str, N)
-  when N >= 0 ->
-    split(N, Str, []).
-
-split(0, Str, Acc) ->
-    {lists:reverse(Acc), Str};
-
-split(N, Str, Acc) ->
-    case split(Str) of
-        {T, Rest} ->
-            split(N-1, Rest, [T|Acc]);
-        "" = Rest ->
-            {lists:reverse(Acc), Rest}
-    end.
-
-%%% -----------------------------------------------------------
-%%% # split/1
-%%%
-%%% Output: {Token, Rest} | ""
-%%%
-%%% Extract the next token from a string.
-%%% -----------------------------------------------------------
-
-split("" = Rest) ->
-    Rest;
-
-split("::=" ++ T) ->
-    {'::=', T};
-
-split([H|T])
-  when H == ${; H == $};
-       H == $<; H == $>;
-       H == $[; H == $];
-       H == $*; H == $:; H == $,; H == $- ->
-    {list_to_atom([H]), T};
-
-split([H|T]) when $A =< H, H =< $Z;
-                  $0 =< H, H =< $9 ->
-    {P, Rest} = splitwith(fun is_name_ch/1, [H], T),
-    Tok = try
-              {number, read_int(P)}
-          catch
-              error:_ ->
-                  {name, P}
-          end,
-    {Tok, Rest};
-
-split([H|T]) when $a =< H, H =< $z ->
-    {P, Rest} = splitwith(fun is_name_ch/1, [H], T),
-    {{tag, list_to_atom(P)}, Rest};
-
-split([H|T]) when H == $\t;
-                  H == $\s;
-                  H == $\n ->
-    split(T).
-
-%% read_int/1
-
-read_int([$0,X|S])
-  when X == $X;
-       X == $x ->
-    {ok, [N], []} = io_lib:fread("~16u", S),
-    N;
-
-read_int(S) ->
-    list_to_integer(S).
-
-%% splitwith/3
-
-splitwith(Fun, Acc, S) ->
-    split([] /= S andalso Fun(hd(S)), Fun, Acc, S).
-
-split(true, Fun, Acc, [H|T]) ->
-    splitwith(Fun, [H|Acc], T);
-split(false, _, Acc, S) ->
-    {lists:reverse(Acc), S}.
-
-is_name_ch(C) ->
-    is_alphanum(C) orelse C == $- orelse C == $_.
-
-is_alphanum(C) ->
-    is_lower(C) orelse is_upper(C) orelse is_digit(C).
-
-is_lower(C) ->
-    $a =< C andalso C =< $z.
-
-is_upper(C) ->
-    $A =< C andalso C =< $Z.
-
-is_digit(C) ->
-    $0 =< C andalso C =< $9.
diff --git a/lib/diameter/src/compiler/diameter_spec_util.erl b/lib/diameter/src/compiler/diameter_spec_util.erl
deleted file mode 100644
index b60886b678..0000000000
--- a/lib/diameter/src/compiler/diameter_spec_util.erl
+++ /dev/null
@@ -1,1068 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% This module turns a .dia (aka spec) file into the orddict that
-%% diameter_codegen.erl in turn morphs into .erl and .hrl files for
-%% encode and decode of Diameter messages and AVPs.
-%%
-
--module(diameter_spec_util).
-
--export([parse/2]).
-
--define(ERROR(T), erlang:error({T, ?MODULE, ?LINE})).
--define(ATOM, list_to_atom).
-
-%% parse/1
-%%
-%% Output: orddict()
-
-parse(Path, Options) ->
-    put({?MODULE, verbose}, lists:member(verbose, Options)),
-    {ok, B} = file:read_file(Path),
-    Chunks = chunk(B),
-    Spec = make_spec(Chunks),
-    true = groups_defined(Spec),  %% sanity checks
-    true = customs_defined(Spec), %%
-    Full = import_enums(import_groups(import_avps(insert_codes(Spec),
-                                                  Options))),
-    true = enums_defined(Full),   %% sanity checks
-    true = v_flags_set(Spec),
-    Full.
-
-%% Optional reports when running verbosely.
-report(What, Data) ->
-    report(get({?MODULE, verbose}), What, Data).
-
-report(true, Tag, Data) ->
-    io:format("##~n## ~p ~p~n", [Tag, Data]);
-report(false, _, _) ->
-    ok.
-
-%% chunk/1
-
-chunk(B) ->
-    chunkify(normalize(binary_to_list(B))).
-
-%% normalize/1
-%%
-%% Replace CR NL by NL, multiple NL by one, tab by space, and strip
-%% comments and leading/trailing space from each line. Precludes
-%% semicolons being used for any other purpose than comments.
-
-normalize(Str) ->
-    nh(Str, []).
-
-nh([], Acc) ->
-    lists:reverse(Acc);
-
-%% Trim leading whitespace.
-nh(Str, Acc) ->
-    nb(trim(Str), Acc).
-
-%% tab -> space
-nb([$\t|Rest], Acc) ->
-    nb(Rest, [$\s|Acc]);
-
-%% CR NL -> NL
-nb([$\r,$\n|Rest], Acc) ->
-    nt(Rest, Acc);
-
-%% Gobble multiple newlines before starting over again.
-nb([$\n|Rest], Acc) ->
-    nt(Rest, Acc);
-
-%% Comment.
-nb([$;|Rest], Acc) ->
-    nb(lists:dropwhile(fun(C) -> C /= $\n end, Rest), Acc);
-
-%% Just an ordinary character. Boring ...
-nb([C|Rest], Acc) ->
-    nb(Rest, [C|Acc]);
-
-nb([] = Str, Acc) ->
-    nt(Str, Acc).
-
-%% Discard a subsequent newline.
-nt(T, [$\n|_] = Acc) ->
-    nh(T, trim(Acc));
-
-%% Trim whitespace from the end of the line before continuing.
-nt(T, Acc) ->
-    nh(T, [$\n|trim(Acc)]).
-
-trim(S) ->
-    lists:dropwhile(fun(C) -> lists:member(C, "\s\t") end, S).
-
-%% chunkify/1
-%%
-%% Split the spec file into pieces delimited by lines starting with
-%% @Tag. Returns a list of {Tag, Args, Chunk} where Chunk is the
-%% string extending to the next delimiter. Note that leading
-%% whitespace has already been stripped.
-
-chunkify(Str) ->
-    %% Drop characters to the start of the first chunk.
-    {_, Rest} = split_chunk([$\n|Str]),
-    chunkify(Rest, []).
-
-chunkify([], Acc) ->
-    lists:reverse(Acc);
-
-chunkify(Rest, Acc) ->
-    {H,T} = split_chunk(Rest),
-    chunkify(T, [split_tag(H) | Acc]).
-
-split_chunk(Str) ->
-    split_chunk(Str, []).
-
-split_chunk([] = Rest, Acc) ->
-    {lists:reverse(Acc), Rest};
-split_chunk([$@|Rest], [$\n|_] = Acc) ->
-    {lists:reverse(Acc), Rest};
-split_chunk([C|Rest], Acc) ->
-    split_chunk(Rest, [C|Acc]).
-
-%% Expect a tag and its arguments on a single line.
-split_tag(Str) ->
-    {L, Rest} = get_until($\n, Str),
-    [{tag, Tag} | Toks] = diameter_spec_scan:parse(L),
-    {Tag, Toks, trim(Rest)}.
-
-get_until(EndT, L) ->
-    {H, [EndT | T]} = lists:splitwith(fun(C) -> C =/= EndT end, L),
-    {H,T}.
-
-%% ------------------------------------------------------------------------
-%% make_spec/1
-%%
-%% Turn chunks into spec.
-
-make_spec(Chunks) ->
-    lists:foldl(fun(T,A) -> report(chunk, T), chunk(T,A) end,
-                orddict:new(),
-                Chunks).
-
-chunk({T, [X], []}, Dict)
-  when T == name;
-       T == prefix ->
-    store(T, atomize(X), Dict);
-
-chunk({id = T, [{number, I}], []}, Dict) ->
-    store(T, I, Dict);
-
-chunk({vendor = T, [{number, I}, N], []}, Dict) ->
-    store(T, {I, atomize(N)}, Dict);
-
-%% inherits -> [{Mod, [AvpName, ...]}, ...]
-chunk({inherits = T, [_,_|_] = Args, []}, Acc) ->
-    Mods = [atomize(A) || A <- Args],
-    append_list(T, [{M,[]} || M <- Mods], Acc);
-chunk({inherits = T, [Mod], Body}, Acc) ->
-    append(T, {atomize(Mod), parse_avp_names(Body)}, Acc);
-
-%% avp_types -> [{AvpName, Code, Type, Flags, Encr}, ...]
-chunk({avp_types = T, [], Body}, Acc) ->
-    store(T, parse_avp_types(Body), Acc);
-
-%% custom_types -> [{Mod, [AvpName, ...]}, ...]
-chunk({custom_types = T, [Mod], Body}, Dict) ->
-    [_|_] = Avps = parse_avp_names(Body),
-    append(T, {atomize(Mod), Avps}, Dict);
-
-%% messages -> [{MsgName, Code, Type, Appl, Avps}, ...]
-chunk({messages = T, [], Body}, Acc) ->
-    store(T, parse_messages(Body), Acc);
-
-%% grouped -> [{AvpName, Code, Vendor, Avps}, ...]
-chunk({grouped = T, [], Body}, Acc) ->
-    store(T, parse_groups(Body), Acc);
-
-%% avp_vendor_id -> [{Id, [AvpName, ...]}, ...]
-chunk({avp_vendor_id = T, [{number, I}], Body}, Dict) ->
-    [_|_] = Names = parse_avp_names(Body),
-    append(T, {I, Names}, Dict);
-
-%% enums -> [{AvpName, [{Value, Name}, ...]}, ...]
-chunk({enum, [N], Str}, Dict) ->
-    append(enums, {atomize(N), parse_enums(Str)}, Dict);
-
-%% result_codes -> [{ResultName, [{Value, Name}, ...]}, ...]
-chunk({result_code, [N], Str}, Dict) ->
-    append(result_codes, {atomize(N), parse_enums(Str)}, Dict);
-
-%% commands -> [{Name, Abbrev}, ...]
-chunk({commands = T, [], Body}, Dict) ->
-    store(T, parse_commands(Body), Dict);
-
-chunk(T, _) ->
-    ?ERROR({unknown_tag, T}).
-
-store(Key, Value, Dict) ->
-    error == orddict:find(Key, Dict) orelse ?ERROR({duplicate, Key}),
-    orddict:store(Key, Value, Dict).
-append(Key, Value, Dict) ->
-    orddict:append(Key, Value, Dict).
-append_list(Key, Values, Dict) ->
-    orddict:append_list(Key, Values, Dict).
-
-atomize({tag, T}) ->
-    T;
-atomize({name, T}) ->
-    ?ATOM(T).
-
-get_value(Keys, Spec)
-  when is_list(Keys) ->
-    [get_value(K, Spec) || K <- Keys];
-get_value(Key, Spec) ->
-    proplists:get_value(Key, Spec, []).
-
-%% ------------------------------------------------------------------------
-%% enums_defined/1
-%% groups_defined/1
-%% customs_defined/1
-%%
-%% Ensure that every local enum/grouped/custom is defined as an avp
-%% with an appropriate type.
-
-enums_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    Import = get_value(import_enums, Spec),
-    lists:all(fun({N,_}) ->
-                      true = enum_defined(N, Avps, Import)
-              end,
-              get_value(enums, Spec)).
-
-enum_defined(Name, Avps, Import) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, 'Enumerated', _, _} ->
-            true;
-        {Name, _, T, _, _} ->
-            ?ERROR({avp_has_wrong_type, Name, 'Enumerated', T});
-        false ->
-            lists:any(fun({_,Is}) -> lists:keymember(Name, 1, Is) end, Import)
-                orelse ?ERROR({avp_not_defined, Name, 'Enumerated'})
-    end.
-%% Note that an AVP is imported only if referenced by a message or
-%% grouped AVP, so the final branch will fail if an enum definition is
-%% extended without this being the case.
-
-groups_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    lists:all(fun({N,_,_,_}) -> true = group_defined(N, Avps) end,
-              get_value(grouped, Spec)).
-
-group_defined(Name, Avps) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, 'Grouped', _, _} ->
-            true;
-        {Name, _, T, _, _} ->
-            ?ERROR({avp_has_wrong_type, Name, 'Grouped', T});
-        false ->
-            ?ERROR({avp_not_defined, Name, 'Grouped'})
-    end.
-
-customs_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    lists:all(fun(A) -> true = custom_defined(A, Avps) end,
-              lists:flatmap(fun last/1, get_value(custom_types, Spec))).
-
-custom_defined(Name, Avps) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, T, _, _} when T == 'Grouped';
-                                T == 'Enumerated' ->
-            ?ERROR({avp_has_invalid_custom_type, Name, T});
-        {Name, _, _, _, _} ->
-            true;
-        false ->
-            ?ERROR({avp_not_defined, Name})
-    end.
-
-last({_,Xs}) -> Xs.
-
-%% ------------------------------------------------------------------------
-%% v_flags_set/1
-
-v_flags_set(Spec) ->
-    Avps = get_value(avp_types, Spec)
-        ++ lists:flatmap(fun last/1, get_value(import_avps, Spec)),
-    Vs = lists:flatmap(fun last/1, get_value(avp_vendor_id, Spec)),
-
-    lists:all(fun(N) -> vset(N, Avps) end, Vs).
-
-vset(Name, Avps) ->
-    A = lists:keyfind(Name, 1, Avps),
-    false == A andalso ?ERROR({avp_not_defined, Name}),
-    {Name, _Code, _Type, Flags, _Encr} = A,
-    lists:member('V', Flags) orelse ?ERROR({v_flag_not_set, A}).
-
-%% ------------------------------------------------------------------------
-%% insert_codes/1
-
-insert_codes(Spec) ->
-    [Msgs, Cmds] = get_value([messages, commands], Spec),
-
-    %% Code -> [{Name, Flags}, ...]
-    Dict = lists:foldl(fun({N,C,Fs,_,_}, D) -> dict:append(C,{N,Fs},D) end,
-                       dict:new(),
-                       Msgs),
-
-    %% list() of {Code, {ReqName, ReqAbbr}, {AnsName, AnsAbbr}}
-    %% If the name and abbreviation are the same then the 2-tuples
-    %% are replaced by the common atom()-valued name.
-    Codes = dict:fold(fun(C,Ns,A) -> [make_code(C, Ns, Cmds) | A] end,
-                      [],
-                      dict:erase(-1, Dict)),  %% answer-message
-
-    orddict:store(command_codes, Codes, Spec).
-
-make_code(Code, [_,_] = Ns, Cmds) ->
-    {Req, Ans} = make_names(Ns, lists:map(fun({_,Fs}) ->
-                                                  lists:member('REQ', Fs)
-                                          end,
-                                          Ns)),
-    {Code, abbrev(Req, Cmds), abbrev(Ans, Cmds)};
-
-make_code(Code, Cs, _) ->
-    ?ERROR({missing_request_or_answer, Code, Cs}).
-
-%% 3.3.  Diameter Command Naming Conventions
-%%
-%%    Diameter command names typically includes one or more English words
-%%    followed by the verb Request or Answer.  Each English word is
-%%    delimited by a hyphen.  A three-letter acronym for both the request
-%%    and answer is also normally provided.
-
-make_names([{Rname,_},{Aname,_}], [true, false]) ->
-    {Rname, Aname};
-make_names([{Aname,_},{Rname,_}], [false, true]) ->
-    {Rname, Aname};
-make_names([_,_] = Names, _) ->
-    ?ERROR({inconsistent_command_flags, Names}).
-
-abbrev(Name, Cmds) ->
-    case abbr(Name, get_value(Name, Cmds)) of
-        Name ->
-            Name;
-        Abbr ->
-            {Name, Abbr}
-    end.
-
-%% No explicit abbreviation: construct.
-abbr(Name, []) ->
-    ?ATOM(abbr(string:tokens(atom_to_list(Name), "-")));
-
-%% Abbreviation was specified.
-abbr(_Name, Abbr) ->
-    Abbr.
-
-%% No hyphens: already abbreviated.
-abbr([Abbr]) ->
-    Abbr;
-
-%% XX-Request/Answer ==> XXR/XXA
-abbr([[_,_] = P, T])
-  when T == "Request";
-       T == "Answer" ->
-    P ++ [hd(T)];
-
-%% XXX-...-YYY-Request/Answer ==> X...YR/X...YA
-abbr([_,_|_] = L) ->
-    lists:map(fun erlang:hd/1, L).
-
-%% ------------------------------------------------------------------------
-%% import_avps/2
-
-import_avps(Spec, Options) ->
-    Msgs = get_value(messages, Spec),
-    Groups = get_value(grouped, Spec),
-
-    %% Messages and groups require AVP's referenced by them.
-    NeededAvps
-        = ordsets:from_list(lists:flatmap(fun({_,_,_,_,As}) ->
-                                                  [avp_name(A) || A <- As]
-                                          end,
-                                          Msgs)
-                            ++ lists:flatmap(fun({_,_,_,As}) ->
-                                                     [avp_name(A) || A <- As]
-                                             end,
-                                             Groups)),
-    MissingAvps = missing_avps(NeededAvps, Spec),
-
-    report(needed, NeededAvps),
-    report(missing, MissingAvps),
-
-    Import = inherit(get_value(inherits, Spec), Options),
-
-    report(imported, Import),
-
-    ImportedAvps = lists:map(fun({N,_,_,_,_}) -> N end,
-                             lists:flatmap(fun last/1, Import)),
-
-    Unknown = MissingAvps -- ImportedAvps,
-
-    [] == Unknown orelse ?ERROR({undefined_avps, Unknown}),
-
-    orddict:store(import_avps, Import, orddict:erase(inherits, Spec)).
-
-%% missing_avps/2
-%%
-%% Given a list of AVP names and parsed spec, return the list of
-%% AVP's that aren't defined in this spec.
-
-missing_avps(NeededNames, Spec) ->
-    Avps = get_value(avp_types, Spec),
-    Groups = lists:map(fun({N,_,_,As}) ->
-                               {N, [avp_name(A) || A <- As]}
-                       end,
-                       get_value(grouped, Spec)),
-    Names = ordsets:from_list(['AVP' | lists:map(fun({N,_,_,_,_}) -> N end,
-                                                 Avps)]),
-    missing_avps(NeededNames, [], {Names, Groups}).
-
-avp_name({'<',A,'>'}) -> A;
-avp_name({A}) -> A;
-avp_name([A]) -> A;
-avp_name({_, A}) -> avp_name(A).
-
-missing_avps(NeededNames, MissingNames, {Names, _} = T) ->
-    missing(ordsets:filter(fun(N) -> lists:member(N, NeededNames) end, Names),
-            ordsets:union(NeededNames, MissingNames),
-            T).
-
-%% Nothing found locally.
-missing([], MissingNames, _) ->
-    MissingNames;
-
-%% Or not. Keep looking for for the AVP's needed by the found AVP's of
-%% type Grouped.
-missing(FoundNames, MissingNames, {_, Groups} = T) ->
-    NeededNames = lists:flatmap(fun({N,As}) ->
-                                  choose(lists:member(N, FoundNames), As, [])
-                          end,
-                          Groups),
-    missing_avps(ordsets:from_list(NeededNames),
-                 ordsets:subtract(MissingNames, FoundNames),
-                 T).
-
-%% inherit/2
-
-inherit(Inherits, Options) ->
-    Dirs = [D || {include, D} <- Options] ++ ["."],
-    lists:foldl(fun(T,A) -> find_avps(T, A, Dirs) end, [], Inherits).
-
-find_avps({Mod, AvpNames}, Acc, Path) ->
-    report(inherit_from, Mod),
-    Avps = avps_from_beam(find_beam(Mod, Path), Mod),  %% could be empty
-    [{Mod, lists:sort(find_avps(AvpNames, Avps))} | Acc].
-
-find_avps([], Avps) ->
-    Avps;
-find_avps(Names, Avps) ->
-    lists:filter(fun({N,_,_,_,_}) -> lists:member(N, Names) end, Avps).
-
-%% find_beam/2
-
-find_beam(Mod, Dirs)
-  when is_atom(Mod) ->
-    find_beam(atom_to_list(Mod), Dirs);
-find_beam(Mod, Dirs) ->
-    Beam = Mod ++ code:objfile_extension(),
-    case try_path(Dirs, Beam) of
-        {value, Path} ->
-            Path;
-        false ->
-            ?ERROR({beam_not_on_path, Beam, Dirs})
-    end.
-
-try_path([D|Ds], Fname) ->
-    Path = filename:join(D, Fname),
-    case file:read_file_info(Path) of
-        {ok, _} ->
-            {value, Path};
-        _ ->
-            try_path(Ds, Fname)
-    end;
-try_path([], _) ->
-    false.
-
-%% avps_from_beam/2
-
-avps_from_beam(Path, Mod) ->
-    report(beam, Path),
-    ok = load_module(code:is_loaded(Mod), Mod, Path),
-    orddict:fetch(avp_types, Mod:dict()).
-
-load_module(false, Mod, Path) ->
-    R = filename:rootname(Path, code:objfile_extension()),
-    {module, Mod} = code:load_abs(R),
-    ok;
-load_module({file, _}, _, _) ->
-    ok.
-
-choose(true, X, _)  -> X;
-choose(false, _, X) -> X.
-
-%% ------------------------------------------------------------------------
-%% import_groups/1
-%% import_enums/1
-%%
-%% For each inherited module, store the content of imported AVP's of
-%% type grouped/enumerated in a new key.
-
-import_groups(Spec) ->
-    orddict:store(import_groups, import(grouped, Spec), Spec).
-
-import_enums(Spec) ->
-    orddict:store(import_enums, import(enums, Spec), Spec).
-
-import(Key, Spec) ->
-    lists:flatmap(fun(T) -> import_key(Key, T) end,
-                  get_value(import_avps, Spec)).
-
-import_key(Key, {Mod, Avps}) ->
-    Imports = lists:flatmap(fun(T) ->
-                                    choose(lists:keymember(element(1,T),
-                                                           1,
-                                                           Avps),
-                                           [T],
-                                           [])
-                            end,
-                            get_value(Key, Mod:dict())),
-    if Imports == [] ->
-            [];
-       true ->
-            [{Mod, Imports}]
-    end.
-
-%% ------------------------------------------------------------------------
-%% parse_enums/1
-%%
-%% Enums are specified either as the integer value followed by the
-%% name or vice-versa. In the former case the name of the enum is
-%% taken to be the string up to the end of line, which may contain
-%% whitespace. In the latter case the integer may be parenthesized,
-%% specified in hex and followed by an inline comment. This is
-%% historical and will likely be changed to require a precise input
-%% format.
-%%
-%% Output: list() of {integer(), atom()}
-
-parse_enums(Str) ->
-    lists:flatmap(fun(L) -> parse_enum(trim(L)) end, string:tokens(Str, "\n")).
-
-parse_enum([]) ->
-    [];
-
-parse_enum(Str) ->
-    REs = [{"^(0[xX][0-9A-Fa-f]+|[0-9]+)\s+(.*?)\s*$", 1, 2},
-           {"^(.+?)\s+(0[xX][0-9A-Fa-f]+|[0-9]+)(\s+.*)?$", 2, 1},
-           {"^(.+?)\s+\\((0[xX][0-9A-Fa-f]+|[0-9]+)\\)(\s+.*)?$", 2, 1}],
-    parse_enum(Str, REs).
-
-parse_enum(Str, REs) ->
-    try lists:foreach(fun(R) -> enum(Str, R) end, REs) of
-        ok ->
-            ?ERROR({bad_enum, Str})
-    catch
-        throw: {enum, T} ->
-            [T]
-    end.
-
-enum(Str, {Re, I, N}) ->
-    case re:run(Str, Re, [{capture, all_but_first, list}]) of
-        {match, Vs} ->
-            T = list_to_tuple(Vs),
-            throw({enum, {to_int(element(I,T)), ?ATOM(element(N,T))}});
-        nomatch ->
-            ok
-    end.
-
-to_int([$0,X|Hex])
-  when X == $x;
-       X == $X ->
-    {ok, [I], _} = io_lib:fread("~#", "16#" ++ Hex),
-    I;
-to_int(I) ->
-    list_to_integer(I).
-
-%% ------------------------------------------------------------------------
-%% parse_messages/1
-%%
-%% Parse according to the ABNF for message specifications in 3.2 of
-%% RFC 3588 (shown below). We require all message and AVP names to
-%% start with a digit or uppercase character, except for the base
-%% answer-message, which is treated as a special case. Allowing names
-%% that start with a digit is more than the RFC specifies but the name
-%% doesn't affect what's sent over the wire. (Certains 3GPP standards
-%% use names starting with a digit. eg 3GPP-Charging-Id in TS32.299.)
-
-%%
-%% Sadly, not even the RFC follows this grammar. In particular, except
-%% in the example in 3.2, it wraps each command-name in angle brackets
-%% ('<' '>') which makes parsing a sequence of specifications require
-%% lookahead: after 'optional' avps have been parsed, it's not clear
-%% whether a '<' is a 'fixed' or whether it's the start of a
-%% subsequent message until we see whether or not '::=' follows the
-%% closing '>'. Require the grammar as specified.
-%%
-%% Output: list of {Name, Code, Flags, ApplId, Avps}
-%%
-%%         Name   = atom()
-%%         Code   = integer()
-%%         Flags  = integer()
-%%         ApplId = [] | [integer()]
-%%         Avps   = see parse_avps/1
-
-parse_messages(Str) ->
-    p_cmd(trim(Str), []).
-
-%%   command-def      = command-name "::=" diameter-message
-%%
-%%   command-name     = diameter-name
-%%
-%%   diameter-name    = ALPHA *(ALPHA / DIGIT / "-")
-%%
-%%   diameter-message = header  [ *fixed] [ *required] [ *optional]
-%%                      [ *fixed]
-%%
-%%   header           = "<" Diameter-Header:" command-id
-%%                      [r-bit] [p-bit] [e-bit] [application-id]">"
-%%
-%% The header spec (and example that follows it) is slightly mangled
-%% and, given the examples in the RFC should as follows:
-%%
-%%   header           = "<" "Diameter Header:" command-id
-%%                      [r-bit] [p-bit] [e-bit] [application-id]">"
-%%
-%% This is what's required/parsed below, modulo whitespace. This is
-%% also what's specified in the current draft standard at
-%% http://ftp.ietf.org/drafts/wg/dime.
-%%
-%% Note that the grammar specifies the order fixed, required,
-%% optional. In practise there seems to be little difference between
-%% the latter two since qualifiers can be used to change the
-%% semantics. For example 1*[XXX] and *1{YYY} specify 1 or more of the
-%% optional avp XXX and 0 or 1 of the required avp YYY, making the
-%% iotional avp required and the required avp optional. The current
-%% draft addresses this somewhat by requiring that min for a qualifier
-%% on an optional avp must be 0 if present. It doesn't say anything
-%% about required avps however, so specifying a min of 0 would still
-%% be possible. The draft also does away with the trailing *fixed.
-%%
-%% What will be parsed here will treat required and optional
-%% interchangeably. That is. only require that required/optional
-%% follow and preceed fixed, not that optional avps must follow
-%% required ones. We already have several specs for which this parsing
-%% is necessary and there seems to be no harm in accepting it.
-
-p_cmd("", Acc) ->
-    lists:reverse(Acc);
-
-p_cmd(Str, Acc) ->
-    {Next, Rest} = split_def(Str),
-    report(command, Next),
-    p_cmd(Rest, [p_cmd(Next) | Acc]).
-
-p_cmd("answer-message" ++ Str) ->
-    p_header([{name, 'answer-message'} | diameter_spec_scan:parse(Str)]);
-
-p_cmd(Str) ->
-    p_header(diameter_spec_scan:parse(Str)).
-
-%% p_header/1
-
-p_header(['<', {name, _} = N, '>' | Toks]) ->
-    p_header([N | Toks]);
-
-p_header([{name, 'answer-message' = N}, '::=',
-          '<', {name, "Diameter"}, {name, "Header"}, ':', {tag, code},
-          ',', {name, "ERR"}, '[', {name, "PXY"}, ']', '>'
-          | Toks]) ->
-    {N, -1, ['ERR', 'PXY'], [], parse_avps(Toks)};
-
-p_header([{name, Name}, '::=',
-          '<', {name, "Diameter"}, {name, "Header"}, ':', {number, Code}
-          | Toks]) ->
-    {Flags, Rest} = p_flags(Toks),
-    {ApplId, [C|_] = R} = p_appl(Rest),
-    '>' == C orelse ?ERROR({invalid_flag, {Name, Code, Flags, ApplId}, R}),
-    {?ATOM(Name), Code, Flags, ApplId, parse_avps(tl(R))};
-
-p_header(Toks) ->
-    ?ERROR({invalid_header, Toks}).
-
-%%   application-id   = 1*DIGIT
-%%
-%%   command-id       = 1*DIGIT
-%%                      ; The Command Code assigned to the command
-%%
-%%   r-bit            = ", REQ"
-%%                      ; If present, the 'R' bit in the Command
-%%                      ; Flags is set, indicating that the message
-%%                      ; is a request, as opposed to an answer.
-%%
-%%   p-bit            = ", PXY"
-%%                      ; If present, the 'P' bit in the Command
-%%                      ; Flags is set, indicating that the message
-%%                      ; is proxiable.
-%%
-%%   e-bit            = ", ERR"
-%%                      ; If present, the 'E' bit in the Command
-%%                      ; Flags is set, indicating that the answer
-%%                      ; message contains a Result-Code AVP in
-%%                      ; the "protocol error" class.
-
-p_flags(Toks) ->
-    lists:foldl(fun p_flags/2, {[], Toks}, ["REQ", "PXY", "ERR"]).
-
-p_flags(N, {Acc, [',', {name, N} | Toks]}) ->
-    {[?ATOM(N) | Acc], Toks};
-
-p_flags(_, T) ->
-    T.
-
-%% The RFC doesn't specify ',' before application-id but this seems a
-%% bit inconsistent. Accept a comma if it exists.
-p_appl([',', {number, I} | Toks]) ->
-    {[I], Toks};
-p_appl([{number, I} | Toks]) ->
-    {[I], Toks};
-p_appl(Toks) ->
-    {[], Toks}.
-
-%% parse_avps/1
-%%
-%% Output: list() of Avp | {Qual, Avp}
-%%
-%%         Qual = '*' | {Min, '*'} | {'*', Max} | {Min, Max}
-%%         Avp  = {'<', Name, '>'} | {Name} | [Name]
-%%
-%%         Min, Max = integer() >= 0
-
-parse_avps(Toks) ->
-    p_avps(Toks, ['<', '|', '<'], []).
-%% The list corresponds to the delimiters expected at the front, middle
-%% and back of the avp specification, '|' representing '{' and '['.
-
-%%   fixed            = [qual] "<" avp-spec ">"
-%%                      ; Defines the fixed position of an AVP
-%%
-%%   required         = [qual] "{" avp-spec "}"
-%%                      ; The AVP MUST be present and can appear
-%%                      ; anywhere in the message.
-%%
-%%   optional         = [qual] "[" avp-name "]"
-%%                      ; The avp-name in the 'optional' rule cannot
-%%                      ; evaluate to any AVP Name which is included
-%%                      ; in a fixed or required rule.  The AVP can
-%%                      ; appear anywhere in the message.
-%%
-%%   qual             = [min] "*" [max]
-%%                      ; See ABNF conventions, RFC 2234 Section 6.6.
-%%                      ; The absence of any qualifiers depends on whether
-%%                      ; it precedes a fixed, required, or optional
-%%                      ; rule.  If a fixed or required rule has no
-%%                      ; qualifier, then exactly one such AVP MUST
-%%                      ; be present.  If an optional rule has no
-%%                      ; qualifier, then 0 or 1 such AVP may be
-%%                      ; present.
-%%                      ;
-%%                      ; NOTE:  "[" and "]" have a different meaning
-%%                      ; than in ABNF (see the optional rule, above).
-%%                      ; These braces cannot be used to express
-%%                      ; optional fixed rules (such as an optional
-%%                      ; ICV at the end).  To do this, the convention
-%%                      ; is '0*1fixed'.
-%%
-%%   min              = 1*DIGIT
-%%                      ; The minimum number of times the element may
-%%                      ; be present.  The default value is zero.
-%%
-%%   max              = 1*DIGIT
-%%                      ; The maximum number of times the element may
-%%                      ; be present.  The default value is infinity.  A
-%%                      ; value of zero implies the AVP MUST NOT be
-%%                      ; present.
-%%
-%%   avp-spec         = diameter-name
-%%                      ; The avp-spec has to be an AVP Name, defined
-%%                      ; in the base or extended Diameter
-%%                      ; specifications.
-%%
-%%   avp-name         = avp-spec / "AVP"
-%%                      ; The string "AVP" stands for *any* arbitrary
-%%                      ; AVP Name, which does not conflict with the
-%%                      ; required or fixed position AVPs defined in
-%%                      ; the command code definition.
-%%
-
-p_avps([], _, Acc) ->
-    lists:reverse(Acc);
-
-p_avps(Toks, Delim, Acc) ->
-    {Qual, Rest} = p_qual(Toks),
-    {Avp, R, D} = p_avp(Rest, Delim),
-    T = if Qual == false ->
-                Avp;
-           true ->
-                {Qual, Avp}
-        end,
-    p_avps(R, D, [T | Acc]).
-
-p_qual([{number, Min}, '*', {number, Max} | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual([{number, Min}, '*' = Max | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual(['*' = Min, {number, Max} | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual(['*' = Q | Toks]) ->
-    {Q, Toks};
-p_qual(Toks) ->
-    {false, Toks}.
-
-p_avp([B, {name, Name}, E | Toks], [_|_] = Delim) ->
-    {avp(B, ?ATOM(Name), E),
-     Toks,
-     delim(choose(B == '<', B, '|'), Delim)};
-p_avp(Toks, Delim) ->
-    ?ERROR({invalid_avp, Toks, Delim}).
-
-avp('<' = B, Name, '>' = E) ->
-    {B, Name, E};
-avp('{', Name, '}') ->
-    {Name};
-avp('[', Name, ']') ->
-    [Name];
-avp(B, Name, E) ->
-    ?ERROR({invalid_avp, B, Name, E}).
-
-delim(B, D) ->
-    if B == hd(D) -> D; true -> tl(D) end.
-
-%% split_def/1
-%%
-%% Strip one command definition off head of a string.
-
-split_def(Str) ->
-    sdh(Str, []).
-
-%% Look for the "::=" starting off the definition.
-sdh("", _) ->
-    ?ERROR({missing, '::='});
-sdh("::=" ++ Rest, Acc) ->
-    sdb(Rest, [$=,$:,$:|Acc]);
-sdh([C|Rest], Acc) ->
-    sdh(Rest, [C|Acc]).
-
-%% Look for the "::=" starting off the following definition.
-sdb("::=" ++ _ = Rest, Acc) ->
-    sdt(trim(Acc), Rest);
-sdb("" = Rest, Acc) ->
-    sd(Acc, Rest);
-sdb([C|Rest], Acc) ->
-    sdb(Rest, [C|Acc]).
-
-%% Put name characters of the subsequent specification back into Rest.
-sdt([C|Acc], Rest)
-  when C /= $\n, C /= $\s ->
-    sdt(Acc, [C|Rest]);
-
-sdt(Acc, Rest) ->
-    sd(Acc, Rest).
-
-sd(Acc, Rest) ->
-    {trim(lists:reverse(Acc)), Rest}.
-%% Note that Rest is already trimmed of leading space.
-
-%% ------------------------------------------------------------------------
-%% parse_groups/1
-%%
-%% Parse according to the ABNF for message specifications in 4.4 of
-%% RFC 3588 (shown below). Again, allow names starting with a digit
-%% and also require "AVP Header" without "-" since this is what
-%% the RFC uses in all examples.
-%%
-%% Output: list of {Name, Code, Vendor, Avps}
-%%
-%%         Name   = atom()
-%%         Code   = integer()
-%%         Vendor = [] | [integer()]
-%%         Avps   = see parse_avps/1
-
-parse_groups(Str) ->
-    p_group(trim(Str), []).
-
-%%      grouped-avp-def  = name "::=" avp
-%%
-%%      name-fmt         = ALPHA *(ALPHA / DIGIT / "-")
-%%
-%%      name             = name-fmt
-%%                         ; The name has to be the name of an AVP,
-%%                         ; defined in the base or extended Diameter
-%%                         ; specifications.
-%%
-%%      avp              = header  [ *fixed] [ *required] [ *optional]
-%%                         [ *fixed]
-%%
-%%      header           = "<" "AVP-Header:" avpcode [vendor] ">"
-%%
-%%      avpcode          = 1*DIGIT
-%%                         ; The AVP Code assigned to the Grouped AVP
-%%
-%%      vendor           = 1*DIGIT
-%%                         ; The Vendor-ID assigned to the Grouped AVP.
-%%                         ; If absent, the default value of zero is
-%%                         ; used.
-
-p_group("", Acc) ->
-    lists:reverse(Acc);
-
-p_group(Str, Acc) ->
-    {Next, Rest} = split_def(Str),
-    report(group, Next),
-    p_group(Rest, [p_group(diameter_spec_scan:parse(Next)) | Acc]).
-
-p_group([{name, Name}, '::=', '<', {name, "AVP"}, {name, "Header"},
-         ':', {number, Code}
-         | Toks]) ->
-    {Id, [C|_] = R} = p_vendor(Toks),
-    C == '>' orelse ?ERROR({invalid_group_header, R}),
-    {?ATOM(Name), Code, Id, parse_avps(tl(R))};
-
-p_group(Toks) ->
-    ?ERROR({invalid_group, Toks}).
-
-p_vendor([{number, I} | Toks]) ->
-    {[I], Toks};
-p_vendor(Toks) ->
-    {[], Toks}.
-
-%% ------------------------------------------------------------------------
-%% parse_avp_names/1
-
-parse_avp_names(Str) ->
-    [p_name(N) || N <- diameter_spec_scan:parse(Str)].
-
-p_name({name, N}) ->
-    ?ATOM(N);
-p_name(T) ->
-    ?ERROR({invalid_avp_name, T}).
-
-%% ------------------------------------------------------------------------
-%% parse_avp_types/1
-%%
-%% Output: list() of {Name, Code, Type, Flags, Encr}
-
-parse_avp_types(Str) ->
-    p_avp_types(Str, []).
-
-p_avp_types(Str, Acc) ->
-    p_type(diameter_spec_scan:split(Str, 3), Acc).
-
-p_type({[],[]}, Acc) ->
-    lists:reverse(Acc);
-
-p_type({[{name, Name}, {number, Code}, {name, Type}], Str}, Acc) ->
-    {Flags, Encr, Rest} = try
-                              p_avp_flags(trim(Str), [])
-                          catch
-                              throw: {?MODULE, Reason} ->
-                                  ?ERROR({invalid_avp_type, Reason})
-                          end,
-    p_avp_types(Rest, [{?ATOM(Name), Code, ?ATOM(type(Type)), Flags, Encr}
-                       | Acc]);
-
-p_type(T, _) ->
-    ?ERROR({invalid_avp_type, T}).
-
-p_avp_flags([C|Str], Acc)
-  when C == $M;
-       C == $P;
-       C == $V ->
-    p_avp_flags(Str, [?ATOM([C]) | Acc]);
-%% Could support lowercase here if there's a use for distinguishing
-%% between Must and Should in the future in deciding whether or not
-%% to set a flag.
-
-p_avp_flags([$-|Str], Acc) ->
-    %% Require encr on same line as flags if specified.
-    {H,T} = lists:splitwith(fun(C) -> C /= $\n end, Str),
-
-    {[{name, [$X|X]} | Toks], Rest} = diameter_spec_scan:split([$X|H], 2),
-
-    "" == X orelse throw({?MODULE, {invalid_avp_flag, Str}}),
-
-    Encr = case Toks of
-               [] ->
-                   "-";
-               [{_, E}] ->
-                   (E == "Y" orelse E == "N")
-                       orelse throw({?MODULE, {invalid_encr, E}}),
-                   E
-           end,
-
-    Flags = ordsets:from_list(lists:reverse(Acc)),
-
-    {Flags, ?ATOM(Encr), Rest ++ T};
-
-p_avp_flags(Str, Acc) ->
-    p_avp_flags([$-|Str], Acc).
-
-type("DiamIdent")   -> "DiameterIdentity";  %% RFC 3588
-type("DiamURI")     -> "DiameterURI";       %% RFC 3588
-type("IPFltrRule")  -> "IPFilterRule";      %% RFC 4005
-type("QoSFltrRule") -> "QoSFilterRule";     %% RFC 4005
-type(N)
-  when N == "OctetString";
-       N == "Integer32";
-       N == "Integer64";
-       N == "Unsigned32";
-       N == "Unsigned64";
-       N == "Float32";
-       N == "Float64";
-       N == "Grouped";
-       N == "Enumerated";
-       N == "Address";
-       N == "Time";
-       N == "UTF8String";
-       N == "DiameterIdentity";
-       N == "DiameterURI";
-       N == "IPFilterRule";
-       N == "QoSFilterRule" ->
-    N;
-type(N) ->
-    ?ERROR({invalid_avp_type, N}).
-
-%% ------------------------------------------------------------------------
-%% parse_commands/1
-
-parse_commands(Str) ->
-    p_abbr(diameter_spec_scan:parse(Str), []).
-
- p_abbr([{name, Name}, {name, Abbrev} | Toks], Acc)
-  when length(Abbrev) < length(Name) ->
-    p_abbr(Toks, [{?ATOM(Name), ?ATOM(Abbrev)} | Acc]);
-
-p_abbr([], Acc) ->
-    lists:reverse(Acc);
-
-p_abbr(T, _) ->
-    ?ERROR({invalid_command, T}).
diff --git a/lib/diameter/src/compiler/diameter_vsn.hrl b/lib/diameter/src/compiler/diameter_vsn.hrl
new file mode 100644
index 0000000000..024d047adc
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_vsn.hrl
@@ -0,0 +1,22 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%% The version of the format of the return value of dict/0 in
+%% generated dictionary modules.
+-define(VERSION, 1).
diff --git a/lib/diameter/src/compiler/modules.mk b/lib/diameter/src/compiler/modules.mk
deleted file mode 100644
index 17a311dacf..0000000000
--- a/lib/diameter/src/compiler/modules.mk
+++ /dev/null
@@ -1,27 +0,0 @@
-#-*-makefile-*-   ; force emacs to enter makefile-mode
-
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-
-MODULES = \
-	diameter_codegen \
-	diameter_spec_scan \
-	diameter_spec_util
-
-HRL_FILES = \
-	diameter_forms.hrl
-
diff --git a/lib/diameter/src/depend.sed b/lib/diameter/src/depend.sed
new file mode 100644
index 0000000000..8f999f646f
--- /dev/null
+++ b/lib/diameter/src/depend.sed
@@ -0,0 +1,51 @@
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2010-2011. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+#
+
+#
+# Extract include dependencies from .erl files. First line of input
+# is the path to the module in question (minus the .erl extension),
+# the rest is the contents of the module.
+#
+
+1{
+  s@^[^/]*/@@
+  h
+  d
+}
+
+# Only interested in includes of diameter hrls.
+/^-include/!d
+/"diameter/!d
+
+# Extract the name of the included files in one of two forms:
+#
+#   $(INCDIR)/diameter.hrl
+#   diameter_internal.hrl
+
+s@^-include_lib(".*/@$(INCDIR)/@
+s@^-include("@@
+s@".*@@
+
+# Retrieve the path to our module from the hold space, morph it
+# into a beam path and turn it into a dependency like this:
+#
+#   $(EBIN)/diameter_service.$(EMULATOR): $(INCDIR)/diameter.hrl
+
+G
+s@^\(.*\)\n\(.*\)@$(EBIN)/\2.$(EMULATOR): \1@
diff --git a/lib/diameter/src/dict/base_accounting.dia b/lib/diameter/src/dict/base_accounting.dia
new file mode 100644
index 0000000000..ced324078c
--- /dev/null
+++ b/lib/diameter/src/dict/base_accounting.dia
@@ -0,0 +1,69 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 3
+@name   diameter_gen_base_accounting
+@prefix diameter_base_accounting
+@vendor 0 IETF
+
+@inherits diameter_gen_base_rfc3588
+
+@messages
+
+      ACR ::= < Diameter Header: 271, REQ, PXY >
+              < Session-Id >
+              { Origin-Host }
+              { Origin-Realm }
+              { Destination-Realm }
+              { Accounting-Record-Type }
+              { Accounting-Record-Number }
+              [ Acct-Application-Id ]
+              [ Vendor-Specific-Application-Id ]
+              [ User-Name ]
+              [ Accounting-Sub-Session-Id ]
+              [ Acct-Session-Id ]
+              [ Acct-Multi-Session-Id ]
+              [ Acct-Interim-Interval ]
+              [ Accounting-Realtime-Required ]
+              [ Origin-State-Id ]
+              [ Event-Timestamp ]
+            * [ Proxy-Info ]
+            * [ Route-Record ]
+            * [ AVP ]
+
+      ACA ::= < Diameter Header: 271, PXY >
+              < Session-Id >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+              { Accounting-Record-Type }
+              { Accounting-Record-Number }
+              [ Acct-Application-Id ]
+              [ Vendor-Specific-Application-Id ]
+              [ User-Name ]
+              [ Accounting-Sub-Session-Id ]
+              [ Acct-Session-Id ]
+              [ Acct-Multi-Session-Id ]
+              [ Error-Reporting-Host ]
+              [ Acct-Interim-Interval ]
+              [ Accounting-Realtime-Required ]
+              [ Origin-State-Id ]
+              [ Event-Timestamp ]
+            * [ Proxy-Info ]
+            * [ AVP ]
diff --git a/lib/diameter/src/dict/base_rfc3588.dia b/lib/diameter/src/dict/base_rfc3588.dia
new file mode 100644
index 0000000000..acd7fffd00
--- /dev/null
+++ b/lib/diameter/src/dict/base_rfc3588.dia
@@ -0,0 +1,461 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 0
+@name   diameter_gen_base_rfc3588
+@prefix diameter_base
+@vendor 0 IETF
+
+@avp_types
+
+   Acct-Interim-Interval             85    Unsigned32    M
+   Accounting-Realtime-Required     483    Enumerated    M
+   Acct-Multi-Session-Id             50    UTF8String    M
+   Accounting-Record-Number         485    Unsigned32    M
+   Accounting-Record-Type           480    Enumerated    M
+   Acct-Session-Id                   44   OctetString    M
+   Accounting-Sub-Session-Id        287    Unsigned64    M
+   Acct-Application-Id              259    Unsigned32    M
+   Auth-Application-Id              258    Unsigned32    M
+   Auth-Request-Type                274    Enumerated    M
+   Authorization-Lifetime           291    Unsigned32    M
+   Auth-Grace-Period                276    Unsigned32    M
+   Auth-Session-State               277    Enumerated    M
+   Re-Auth-Request-Type             285    Enumerated    M
+   Class                             25   OctetString    M
+   Destination-Host                 293     DiamIdent    M
+   Destination-Realm                283     DiamIdent    M
+   Disconnect-Cause                 273    Enumerated    M
+   E2E-Sequence                     300       Grouped    M
+   Error-Message                    281    UTF8String    -
+   Error-Reporting-Host             294     DiamIdent    -
+   Event-Timestamp                   55          Time    M
+   Experimental-Result              297       Grouped    M
+   Experimental-Result-Code         298    Unsigned32    M
+   Failed-AVP                       279       Grouped    M
+   Firmware-Revision                267    Unsigned32    -
+   Host-IP-Address                  257       Address    M
+   Inband-Security-Id               299    Unsigned32    M
+   Multi-Round-Time-Out             272    Unsigned32    M
+   Origin-Host                      264     DiamIdent    M
+   Origin-Realm                     296     DiamIdent    M
+   Origin-State-Id                  278    Unsigned32    M
+   Product-Name                     269    UTF8String    -
+   Proxy-Host                       280     DiamIdent    M
+   Proxy-Info                       284       Grouped    M
+   Proxy-State                       33   OctetString    M
+   Redirect-Host                    292       DiamURI    M
+   Redirect-Host-Usage              261    Enumerated    M
+   Redirect-Max-Cache-Time          262    Unsigned32    M
+   Result-Code                      268    Unsigned32    M
+   Route-Record                     282     DiamIdent    M
+   Session-Id                       263    UTF8String    M
+   Session-Timeout                   27    Unsigned32    M
+   Session-Binding                  270    Unsigned32    M
+   Session-Server-Failover          271    Enumerated    M
+   Supported-Vendor-Id              265    Unsigned32    M
+   Termination-Cause                295    Enumerated    M
+   User-Name                          1    UTF8String    M
+   Vendor-Id                        266    Unsigned32    M
+   Vendor-Specific-Application-Id   260       Grouped    M
+
+@messages
+
+      CER ::= < Diameter Header: 257, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+           1* { Host-IP-Address }
+              { Vendor-Id }
+              { Product-Name }
+              [ Origin-State-Id ]
+            * [ Supported-Vendor-Id ]
+            * [ Auth-Application-Id ]
+            * [ Inband-Security-Id ]
+            * [ Acct-Application-Id ]
+            * [ Vendor-Specific-Application-Id ]
+              [ Firmware-Revision ]
+            * [ AVP ]
+
+      CEA ::= < Diameter Header: 257 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+           1* { Host-IP-Address }
+              { Vendor-Id }
+              { Product-Name }
+              [ Origin-State-Id ]
+              [ Error-Message ]
+            * [ Failed-AVP ]
+            * [ Supported-Vendor-Id ]
+            * [ Auth-Application-Id ]
+            * [ Inband-Security-Id ]
+            * [ Acct-Application-Id ]
+            * [ Vendor-Specific-Application-Id ]
+              [ Firmware-Revision ]
+            * [ AVP ]
+
+      DPR ::= < Diameter Header: 282, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+              { Disconnect-Cause }
+
+      DPA ::= < Diameter Header: 282 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+              [ Error-Message ]
+            * [ Failed-AVP ]
+
+      DWR ::= < Diameter Header: 280, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+              [ Origin-State-Id ]
+
+      DWA ::= < Diameter Header: 280 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+              [ Error-Message ]
+            * [ Failed-AVP ]
+              [ Origin-State-Id ]
+
+   answer-message ::= < Diameter Header: code, ERR [PXY] >
+          0*1 < Session-Id >
+              { Origin-Host }
+              { Origin-Realm }
+              { Result-Code }
+              [ Origin-State-Id ]
+              [ Error-Reporting-Host ]
+              [ Proxy-Info ]
+            * [ AVP ]
+
+      RAR ::= < Diameter Header: 258, REQ, PXY >
+              < Session-Id >
+              { Origin-Host }
+              { Origin-Realm }
+              { Destination-Realm }
+              { Destination-Host }
+              { Auth-Application-Id }
+              { Re-Auth-Request-Type }
+              [ User-Name ]
+              [ Origin-State-Id ]
+            * [ Proxy-Info ]
+            * [ Route-Record ]
+            * [ AVP ]
+
+      RAA ::= < Diameter Header: 258, PXY >
+              < Session-Id >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+              [ User-Name ]
+              [ Origin-State-Id ]
+              [ Error-Message ]
+              [ Error-Reporting-Host ]
+            * [ Failed-AVP ]
+            * [ Redirect-Host ]
+              [ Redirect-Host-Usage ]
+              [ Redirect-Max-Cache-Time ]
+            * [ Proxy-Info ]
+            * [ AVP ]
+
+      STR ::= < Diameter Header: 275, REQ, PXY >
+              < Session-Id >
+              { Origin-Host }
+              { Origin-Realm }
+              { Destination-Realm }
+              { Auth-Application-Id }
+              { Termination-Cause }
+              [ User-Name ]
+              [ Destination-Host ]
+            * [ Class ]
+              [ Origin-State-Id ]
+            * [ Proxy-Info ]
+            * [ Route-Record ]
+            * [ AVP ]
+
+      STA ::= < Diameter Header: 275, PXY >
+              < Session-Id >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+              [ User-Name ]
+            * [ Class ]
+              [ Error-Message ]
+              [ Error-Reporting-Host ]
+            * [ Failed-AVP ]
+              [ Origin-State-Id ]
+            * [ Redirect-Host ]
+              [ Redirect-Host-Usage ]
+              [ Redirect-Max-Cache-Time ]
+            * [ Proxy-Info ]
+            * [ AVP ]
+
+      ASR ::= < Diameter Header: 274, REQ, PXY >
+              < Session-Id >
+              { Origin-Host }
+              { Origin-Realm }
+              { Destination-Realm }
+              { Destination-Host }
+              { Auth-Application-Id }
+              [ User-Name ]
+              [ Origin-State-Id ]
+            * [ Proxy-Info ]
+            * [ Route-Record ]
+            * [ AVP ]
+
+      ASA ::= < Diameter Header: 274, PXY >
+              < Session-Id >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+              [ User-Name ]
+              [ Origin-State-Id ]
+              [ Error-Message ]
+              [ Error-Reporting-Host ]
+            * [ Failed-AVP ]
+            * [ Redirect-Host ]
+              [ Redirect-Host-Usage ]
+              [ Redirect-Max-Cache-Time ]
+            * [ Proxy-Info ]
+            * [ AVP ]
+
+      ACR ::= < Diameter Header: 271, REQ, PXY >
+              < Session-Id >
+              { Origin-Host }
+              { Origin-Realm }
+              { Destination-Realm }
+              { Accounting-Record-Type }
+              { Accounting-Record-Number }
+              [ Acct-Application-Id ]
+              [ Vendor-Specific-Application-Id ]
+              [ User-Name ]
+              [ Accounting-Sub-Session-Id ]
+              [ Acct-Session-Id ]
+              [ Acct-Multi-Session-Id ]
+              [ Acct-Interim-Interval ]
+              [ Accounting-Realtime-Required ]
+              [ Origin-State-Id ]
+              [ Event-Timestamp ]
+            * [ Proxy-Info ]
+            * [ Route-Record ]
+            * [ AVP ]
+
+      ACA ::= < Diameter Header: 271, PXY >
+              < Session-Id >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+              { Accounting-Record-Type }
+              { Accounting-Record-Number }
+              [ Acct-Application-Id ]
+              [ Vendor-Specific-Application-Id ]
+              [ User-Name ]
+              [ Accounting-Sub-Session-Id ]
+              [ Acct-Session-Id ]
+              [ Acct-Multi-Session-Id ]
+              [ Error-Reporting-Host ]
+              [ Acct-Interim-Interval ]
+              [ Accounting-Realtime-Required ]
+              [ Origin-State-Id ]
+              [ Event-Timestamp ]
+            * [ Proxy-Info ]
+            * [ AVP ]
+
+@enum Disconnect-Cause
+
+   REBOOTING                      0
+   BUSY                           1
+   DO_NOT_WANT_TO_TALK_TO_YOU     2
+
+@enum Redirect-Host-Usage
+
+   DONT_CACHE                     0
+   ALL_SESSION                    1
+   ALL_REALM                      2
+   REALM_AND_APPLICATION          3
+   ALL_APPLICATION                4
+   ALL_HOST                       5
+   ALL_USER                       6
+
+@enum Auth-Request-Type
+
+   AUTHENTICATE_ONLY              1
+   AUTHORIZE_ONLY                 2
+   AUTHORIZE_AUTHENTICATE         3
+
+@enum Auth-Session-State
+
+   STATE_MAINTAINED               0
+   NO_STATE_MAINTAINED            1
+
+@enum Re-Auth-Request-Type
+
+   AUTHORIZE_ONLY                 0
+   AUTHORIZE_AUTHENTICATE         1
+
+@enum Termination-Cause
+
+   LOGOUT                         1
+   SERVICE_NOT_PROVIDED           2
+   BAD_ANSWER                     3
+   ADMINISTRATIVE                 4
+   LINK_BROKEN                    5
+   AUTH_EXPIRED                   6
+   USER_MOVED                     7
+   SESSION_TIMEOUT                8
+
+@enum Session-Server-Failover
+
+   REFUSE_SERVICE                 0
+   TRY_AGAIN                      1
+   ALLOW_SERVICE                  2
+   TRY_AGAIN_ALLOW_SERVICE        3
+
+@enum Accounting-Record-Type
+
+   EVENT_RECORD                   1
+   START_RECORD                   2
+   INTERIM_RECORD                 3
+   STOP_RECORD                    4
+
+@enum Accounting-Realtime-Required
+
+   DELIVER_AND_GRANT              1
+   GRANT_AND_STORE                2
+   GRANT_AND_LOSE                 3
+
+@define Result-Code
+
+   ;; 7.1.1.  Informational
+   MULTI_ROUND_AUTH            1001
+
+   ;; 7.1.2.  Success
+   SUCCESS                     2001
+   LIMITED_SUCCESS             2002
+
+   ;; 7.1.3.  Protocol Errors
+   COMMAND_UNSUPPORTED         3001
+   UNABLE_TO_DELIVER           3002
+   REALM_NOT_SERVED            3003
+   TOO_BUSY                    3004
+   LOOP_DETECTED               3005
+   REDIRECT_INDICATION         3006
+   APPLICATION_UNSUPPORTED     3007
+   INVALID_HDR_BITS            3008
+   INVALID_AVP_BITS            3009
+   UNKNOWN_PEER                3010
+
+   ;; 7.1.4.  Transient Failures
+   AUTHENTICATION_REJECTED     4001
+   OUT_OF_SPACE                4002
+   ELECTION_LOST               4003
+
+   ;; 7.1.5.  Permanent Failures
+   AVP_UNSUPPORTED             5001
+   UNKNOWN_SESSION_ID          5002
+   AUTHORIZATION_REJECTED      5003
+   INVALID_AVP_VALUE           5004
+   MISSING_AVP                 5005
+   RESOURCES_EXCEEDED          5006
+   CONTRADICTING_AVPS          5007
+   AVP_NOT_ALLOWED             5008
+   AVP_OCCURS_TOO_MANY_TIMES   5009
+   NO_COMMON_APPLICATION       5010
+   UNSUPPORTED_VERSION         5011
+   UNABLE_TO_COMPLY            5012
+   INVALID_BIT_IN_HEADER       5013
+   INVALID_AVP_LENGTH          5014
+   INVALID_MESSAGE_LENGTH      5015
+   INVALID_AVP_BIT_COMBO       5016
+   NO_COMMON_SECURITY          5017
+
+   ;; With a prefix for backwards compatibility.
+   DIAMETER_MULTI_ROUND_AUTH          1001
+   DIAMETER_SUCCESS                   2001
+   DIAMETER_LIMITED_SUCCESS           2002
+   DIAMETER_COMMAND_UNSUPPORTED       3001
+   DIAMETER_UNABLE_TO_DELIVER         3002
+   DIAMETER_REALM_NOT_SERVED          3003
+   DIAMETER_TOO_BUSY                  3004
+   DIAMETER_LOOP_DETECTED             3005
+   DIAMETER_REDIRECT_INDICATION       3006
+   DIAMETER_APPLICATION_UNSUPPORTED   3007
+   DIAMETER_INVALID_HDR_BITS          3008
+   DIAMETER_INVALID_AVP_BITS          3009
+   DIAMETER_UNKNOWN_PEER              3010
+   DIAMETER_AUTHENTICATION_REJECTED   4001
+   DIAMETER_OUT_OF_SPACE              4002
+   DIAMETER_ELECTION_LOST             4003
+   DIAMETER_AVP_UNSUPPORTED           5001
+   DIAMETER_UNKNOWN_SESSION_ID        5002
+   DIAMETER_AUTHORIZATION_REJECTED    5003
+   DIAMETER_INVALID_AVP_VALUE         5004
+   DIAMETER_MISSING_AVP               5005
+   DIAMETER_RESOURCES_EXCEEDED        5006
+   DIAMETER_CONTRADICTING_AVPS        5007
+   DIAMETER_AVP_NOT_ALLOWED           5008
+   DIAMETER_AVP_OCCURS_TOO_MANY_TIMES 5009
+   DIAMETER_NO_COMMON_APPLICATION     5010
+   DIAMETER_UNSUPPORTED_VERSION       5011
+   DIAMETER_UNABLE_TO_COMPLY          5012
+   DIAMETER_INVALID_BIT_IN_HEADER     5013
+   DIAMETER_INVALID_AVP_LENGTH        5014
+   DIAMETER_INVALID_MESSAGE_LENGTH    5015
+   DIAMETER_INVALID_AVP_BIT_COMBO     5016
+   DIAMETER_NO_COMMON_SECURITY        5017
+
+@grouped 
+
+      Proxy-Info ::= < AVP Header: 284 >
+                     { Proxy-Host }
+                     { Proxy-State }
+                   * [ AVP ]
+
+      Failed-AVP ::= < AVP Header: 279 >
+                  1* {AVP}
+
+      Experimental-Result ::= < AVP Header: 297 >
+                              { Vendor-Id }
+                              { Experimental-Result-Code }
+
+  Vendor-Specific-Application-Id ::= < AVP Header: 260 >
+                                  1* { Vendor-Id }
+                                     [ Auth-Application-Id ]
+                                     [ Acct-Application-Id ]
+
+;; The E2E-Sequence AVP is defined in RFC 3588 as Grouped, but 
+;; there is no definition of the group - only an informal text stating
+;; that there should be a nonce (an OctetString) and a counter
+;; (integer)
+;;
+      E2E-Sequence ::= <AVP Header: 300 >
+                   2* { AVP }
+
+;; Backwards compatibility.
+@define Termination-Cause
+
+   DIAMETER_LOGOUT                1
+   DIAMETER_SERVICE_NOT_PROVIDED  2
+   DIAMETER_BAD_ANSWER            3
+   DIAMETER_ADMINISTRATIVE        4
+   DIAMETER_LINK_BROKEN           5
+   DIAMETER_AUTH_EXPIRED          6
+   DIAMETER_USER_MOVED            7
+   DIAMETER_SESSION_TIMEOUT       8
diff --git a/lib/diameter/src/dict/relay.dia b/lib/diameter/src/dict/relay.dia
new file mode 100644
index 0000000000..294014b093
--- /dev/null
+++ b/lib/diameter/src/dict/relay.dia
@@ -0,0 +1,23 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 0xFFFFFFFF
+@name   diameter_gen_relay
+@prefix diameter_relay
+@vendor 0 IETF
diff --git a/lib/diameter/src/gen/.gitignore b/lib/diameter/src/gen/.gitignore
new file mode 100644
index 0000000000..3f32313f56
--- /dev/null
+++ b/lib/diameter/src/gen/.gitignore
@@ -0,0 +1,2 @@
+/diameter_dict_parser.erl
+/diameter_gen*rl
diff --git a/lib/diameter/src/modules.mk b/lib/diameter/src/modules.mk
new file mode 100644
index 0000000000..7a700a6d53
--- /dev/null
+++ b/lib/diameter/src/modules.mk
@@ -0,0 +1,104 @@
+#-*-makefile-*-   ; force emacs to enter makefile-mode
+
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2010-2011. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+
+# Runtime dictionary files in ./dict. Modules will be generated from
+# these are included in the app file.
+DICTS = \
+	base_rfc3588 \
+	base_accounting \
+	relay
+
+# The yecc grammar for the dictionary parser.
+DICT_YRL = \
+	diameter_dict_parser
+
+# Handwritten (runtime) modules included in the app file.
+RT_MODULES = \
+	base/diameter \
+	base/diameter_app \
+	base/diameter_callback \
+	base/diameter_capx \
+	base/diameter_config \
+	base/diameter_codec \
+	base/diameter_dict \
+	base/diameter_lib \
+	base/diameter_misc_sup \
+	base/diameter_peer \
+	base/diameter_peer_fsm \
+	base/diameter_peer_fsm_sup \
+	base/diameter_reg \
+	base/diameter_service \
+	base/diameter_service_sup \
+	base/diameter_session \
+	base/diameter_stats \
+	base/diameter_sup \
+	base/diameter_sync \
+	base/diameter_types \
+	base/diameter_watchdog \
+	base/diameter_watchdog_sup \
+	transport/diameter_etcp \
+	transport/diameter_etcp_sup \
+	transport/diameter_tcp \
+	transport/diameter_tcp_sup \
+	transport/diameter_sctp \
+	transport/diameter_sctp_sup \
+	transport/diameter_transport_sup
+
+# Handwritten (compile time) modules not included in the app file.
+CT_MODULES = \
+	base/diameter_dbg \
+	base/diameter_info \
+	compiler/diameter_codegen \
+	compiler/diameter_exprecs \
+	compiler/diameter_nowarn \
+	compiler/diameter_dict_scanner \
+	compiler/diameter_dict_util \
+	compiler/diameter_make
+
+# Released hrl files in ../include intended for public consumption.
+EXTERNAL_HRLS = \
+	diameter.hrl \
+	diameter_gen.hrl
+
+# Released hrl files intended for private use.
+INTERNAL_HRLS = \
+	base/diameter_internal.hrl \
+	compiler/diameter_forms.hrl \
+	compiler/diameter_vsn.hrl
+
+# Released files relative to ../bin.
+BINS = \
+	diameterc
+
+# Released files relative to ../examples.
+EXAMPLES = \
+	code/GNUmakefile \
+	code/peer.erl \
+	code/client.erl \
+	code/client_cb.erl \
+	code/server.erl \
+	code/server_cb.erl \
+	code/relay.erl \
+	code/relay_cb.erl \
+	dict/rfc4004_mip.dia \
+	dict/rfc4005_nas.dia \
+	dict/rfc4006_cc.dia \
+	dict/rfc4072_eap.dia \
+	dict/rfc4590_digest.dia \
+	dict/rfc4740_sip.dia
diff --git a/lib/diameter/src/subdirs.mk b/lib/diameter/src/subdirs.mk
deleted file mode 100644
index 3e12d935bc..0000000000
--- a/lib/diameter/src/subdirs.mk
+++ /dev/null
@@ -1,21 +0,0 @@
-#-*-makefile-*-   ; force emacs to enter makefile-mode
-
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-
-SUB_DIRS = compiler app transport
-SUB_DIRECTORIES = $(SUB_DIRS)
\ No newline at end of file
diff --git a/lib/diameter/src/transport/.gitignore b/lib/diameter/src/transport/.gitignore
deleted file mode 100644
index d9f072e262..0000000000
--- a/lib/diameter/src/transport/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-
-/depend.mk
-
diff --git a/lib/diameter/src/transport/Makefile b/lib/diameter/src/transport/Makefile
deleted file mode 100644
index 4b53100fd2..0000000000
--- a/lib/diameter/src/transport/Makefile
+++ /dev/null
@@ -1,141 +0,0 @@
-#
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-#
-#
-
-ifneq ($(ERL_TOP),)
-include $(ERL_TOP)/make/target.mk
-EBIN = ../../ebin
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-else
-include $(DIAMETER_TOP)/make/target.mk
-EBIN = ../../ebin
-include $(DIAMETER_TOP)/make/$(TARGET)/rules.mk
-endif
-
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-
-include ../../vsn.mk
-VSN=$(DIAMETER_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-
-RELSYSDIR = $(RELEASE_PATH)/lib/diameter-$(VSN)
-
-INCDIR = ../../include
-
-# ----------------------------------------------------
-# Target Specs
-# ----------------------------------------------------
-
-include modules.mk
-
-ERL_FILES = \
-	$(MODULES:%=%.erl) 
-
-TARGET_FILES = \
-	$(MODULES:%=$(EBIN)/%.$(EMULATOR))
-
-# ----------------------------------------------------
-# FLAGS
-# ----------------------------------------------------
-
-ifeq ($(TYPE),debug)
-ERL_COMPILE_FLAGS += -Ddebug
-endif
-
-include ../app/diameter.mk
-
-ERL_COMPILE_FLAGS += \
-	$(DIAMETER_ERL_COMPILE_FLAGS) \
-	-I$(INCDIR)
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-
-debug:
-	@${MAKE} TYPE=debug opt
-
-opt: $(TARGET_FILES) 
-
-clean:
-	rm -f $(TARGET_FILES) 
-	rm -f errs core *~
-	rm -f depend.mk
-
-docs:
-
-info:
-	@echo ""
-	@echo "ERL_FILES = $(ERL_FILES)"
-	@echo "HRL_FILES = $(HRL_FILES)"
-	@echo ""
-	@echo "TARGET_FILES = $(TARGET_FILES)"
-	@echo ""
-
-# ----------------------------------------------------
-# Special Build Targets
-# ----------------------------------------------------
-
-# Invoked from ../app to add modules to the app file.
-$(APP_TARGET): force
-	M=`echo $(MODULES) | sed -e 's/^ *//' -e 's/ *$$//' -e 'y/ /,/'`; \
-	echo "/%TRANSPORT_MODULES%/s//$$M/;w;q" | tr ';' '\n' \
-	| ed -s $@
-
-# ----------------------------------------------------
-# Release Target
-# ----------------------------------------------------
-ifneq ($(ERL_TOP),)
-include $(ERL_TOP)/make/otp_release_targets.mk
-else
-include $(DIAMETER_TOP)/make/release_targets.mk
-endif
-
-release_spec: opt
-	$(INSTALL_DIR)  $(RELSYSDIR)/ebin
-	$(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin
-	$(INSTALL_DIR)  $(RELSYSDIR)/src/transport
-	$(INSTALL_DATA) $(ERL_FILES) $(HRL_FILES) $(RELSYSDIR)/src/transport
-
-release_docs_spec:
-
-force:
-
-# ----------------------------------------------------
-# Dependencies
-# ----------------------------------------------------
-
-depend: depend.mk
-
-# Generate dependencies makefile.
-depend.mk: ../app/depend.sed $(ERL_FILES) Makefile
-	for f in $(MODULES); do \
-	    sed -f $< $$f.erl | sed "s@/@/$$f@"; \
-	done \
-	> $@
-
--include depend.mk
-
-.PHONY: clean debug depend docs force info opt release_docs_spec release_spec
diff --git a/lib/diameter/src/transport/diameter_sctp.erl b/lib/diameter/src/transport/diameter_sctp.erl
index 46473e7bf1..68b0342cd5 100644
--- a/lib/diameter/src/transport/diameter_sctp.erl
+++ b/lib/diameter/src/transport/diameter_sctp.erl
@@ -37,6 +37,9 @@
          code_change/3,
          terminate/2]).
 
+-export([ports/0,
+         ports/1]).
+
 -include_lib("kernel/include/inet_sctp.hrl").
 -include_lib("diameter/include/diameter.hrl").
 
@@ -118,8 +121,8 @@ s({accept, Ref} = A, Addrs, Opts) ->
 %% gen_sctp in order to be able to accept a new association only
 %% *after* an accepting transport has been spawned.
 
-s({connect = C, _}, Addrs, Opts) ->
-    diameter_sctp_sup:start_child({C, self(), Opts, Addrs}).
+s({connect = C, Ref}, Addrs, Opts) ->
+    diameter_sctp_sup:start_child({C, self(), Opts, Addrs, Ref}).
 
 %% start_link/1
 
@@ -149,28 +152,36 @@ i({listen, Ref, {Opts, Addrs}}) ->
                           socket = Sock});
 
 %% A connecting transport.
-i({connect, Pid, Opts, Addrs}) ->
+i({connect, Pid, Opts, Addrs, Ref}) ->
     {[As, Ps], Rest} = proplists:split(Opts, [raddr, rport]),
     RAs  = [diameter_lib:ipaddr(A) || {raddr, A} <- As],
     [RP] = [P || {rport, P} <- Ps] ++ [P || P <- [?DEFAULT_PORT], [] == Ps],
     {LAs, Sock} = open(Addrs, Rest, 0),
+    putr(ref, Ref),
     proc_lib:init_ack({ok, self(), LAs}),
     erlang:monitor(process, Pid),
     #transport{parent = Pid,
                mode = {connect, connect(Sock, RAs, RP, [])},
                socket = Sock};
+i({connect, _, _, _} = T) ->  %% from old code
+    x(T);
 
 %% An accepting transport spawned by diameter.
-i({accept, Pid, LPid, Sock}) ->
+i({accept, Pid, LPid, Sock, Ref})
+  when is_pid(Pid) ->
+    putr(ref, Ref),
     proc_lib:init_ack({ok, self()}),
     erlang:monitor(process, Pid),
     erlang:monitor(process, LPid),
     #transport{parent = Pid,
                mode = {accept, LPid},
                socket = Sock};
+i({accept, _, _, _} = T) ->  %% from old code
+    x(T);
 
 %% An accepting transport spawned at association establishment.
 i({accept, Ref, LPid, Sock, Id}) ->
+    putr(ref, Ref),
     proc_lib:init_ack({ok, self()}),
     MRef = erlang:monitor(process, LPid),
     %% Wait for a signal that the transport has been started before
@@ -250,13 +261,33 @@ gen_opts(Opts) ->
     [binary, {active, once} | Opts].
 
 %% ---------------------------------------------------------------------------
+%% # ports/0-1
+%% ---------------------------------------------------------------------------
+
+ports() ->
+    Ts = diameter_reg:match({?MODULE, '_', '_'}),
+    [{type(T), N, Pid} || {{?MODULE, T, {_, {_, S}}}, Pid} <- Ts,
+                          {ok, N} <- [inet:port(S)]].
+    
+ports(Ref) ->
+    Ts = diameter_reg:match({?MODULE, '_', {Ref, '_'}}),
+    [{type(T), N, Pid} || {{?MODULE, T, {R, {_, S}}}, Pid} <- Ts,
+                          R == Ref,
+                          {ok, N} <- [inet:port(S)]].
+
+type(listener) ->
+    listen;
+type(T) ->
+    T.
+
+%% ---------------------------------------------------------------------------
 %% # handle_call/3
 %% ---------------------------------------------------------------------------
 
 handle_call({{accept, Ref}, Pid}, _, #listener{ref = Ref,
                                                count = N}
                                      = S) ->
-    {TPid, NewS} = accept(Pid, S),
+    {TPid, NewS} = accept(Ref, Pid, S),
     {reply, {ok, TPid}, NewS#listener{count = N+1}};
 
 handle_call(_, _, State) ->
@@ -306,6 +337,12 @@ terminate(_, #listener{socket = Sock}) ->
 
 %% ---------------------------------------------------------------------------
 
+putr(Key, Val) ->
+    put({?MODULE, Key}, Val).
+
+getr(Key) ->
+    get({?MODULE, Key}).
+
 %% start_timer/1
 
 start_timer(#listener{count = 0} = S) ->
@@ -411,27 +448,41 @@ transition({diameter, {send, Msg}}, S) ->
 transition({diameter, {close, Pid}}, #transport{parent = Pid}) ->
     stop;
 
+%% TLS over SCTP is described in RFC 3436 but has limitations as
+%% described in RFC 6083. The latter describes DTLS over SCTP, which
+%% addresses these limitations, DTLS itself being described in RFC
+%% 4347. TLS is primarily used over TCP, which the current RFC 3588
+%% draft acknowledges by equating TLS with TLS/TCP and DTLS/SCTP.
+transition({diameter, {tls, _Ref, _Type, _Bool}}, _) ->
+    stop;
+
 %% Listener process has died.
 transition({'DOWN', _, process, Pid, _}, #transport{mode = {accept, Pid}}) ->
     stop;
 
 %% Parent process has died.
 transition({'DOWN', _, process, Pid, _}, #transport{parent = Pid}) ->
-    stop.
+    stop;
+
+%% Request for the local port number.
+transition({resolve_port, Pid}, #transport{socket = Sock})
+  when is_pid(Pid) ->
+    Pid ! inet:port(Sock),
+    ok.
 
 %% Crash on anything unexpected.
 
-%% accept/2
+%% accept/3
 %%
 %% Start a new transport process or use one that's already been
 %% started as a consequence of association establishment.
 
 %% No pending associations: spawn a new transport.
-accept(Pid, #listener{socket = Sock,
-                      tmap = T,
-                      pending = {0,_} = Q}
-            = S) ->
-    Arg = {accept, Pid, self(), Sock},
+accept(Ref, Pid, #listener{socket = Sock,
+                           tmap = T,
+                           pending = {0,_} = Q}
+                 = S) ->
+    Arg = {accept, Pid, self(), Sock, Ref},
     {ok, TPid} = diameter_sctp_sup:start_child(Arg),
     MRef = erlang:monitor(process, TPid),
     ets:insert(T, [{MRef, TPid}, {TPid, MRef}]),
@@ -442,12 +493,12 @@ accept(Pid, #listener{socket = Sock,
 
 %% Accepting transport has died. This can happen if a new transport is
 %% started before the DOWN has arrived.
-accept(Pid, #listener{pending = [TPid | {0,_} = Q]} = S) ->
+accept(Ref, Pid, #listener{pending = [TPid | {0,_} = Q]} = S) ->
     false = is_process_alive(TPid),  %% assert
-    accept(Pid, S#listener{pending = Q});
+    accept(Ref, Pid, S#listener{pending = Q});
 
 %% Pending associations: attach to the first in the queue.
-accept(Pid, #listener{ref = Ref, pending = {N,Q}} = S) ->
+accept(_, Pid, #listener{ref = Ref, pending = {N,Q}} = S) ->
     TPid = ets:first(Q),
     TPid ! {Ref, Pid},
     ets:delete(Q, TPid),
@@ -495,17 +546,23 @@ send(Sock, AssocId, Stream, Bin) ->
 %% recv/2
 
 %% Association established ...
-recv({[], #sctp_assoc_change{state = comm_up,
-                             outbound_streams = OS,
-                             inbound_streams = IS,
-                             assoc_id = Id}},
-     #transport{assoc_id = undefined}
+recv({_, #sctp_assoc_change{state = comm_up,
+                            outbound_streams = OS,
+                            inbound_streams = IS,
+                            assoc_id = Id}},
+     #transport{assoc_id = undefined,
+                mode = {T, _},
+                socket = Sock}
      = S) ->
+    Ref = getr(ref),
+    is_reference(Ref)  %% started in new code
+        andalso
+        (true = diameter_reg:add_new({?MODULE, T, {Ref, {Id, Sock}}})),
     up(S#transport{assoc_id = Id,
                    streams = {IS, OS}});
 
 %% ... or not: try the next address.
-recv({[], #sctp_assoc_change{} = E},
+recv({_, #sctp_assoc_change{} = E},
      #transport{assoc_id = undefined,
                 socket = Sock,
                 mode = {connect = C, {[RA|RAs], RP, Es}}}
@@ -513,7 +570,7 @@ recv({[], #sctp_assoc_change{} = E},
     S#transport{mode = {C, connect(Sock, RAs, RP, [{RA,E} | Es])}};
 
 %% Lost association after establishment.
-recv({[], #sctp_assoc_change{}}, _) ->
+recv({_, #sctp_assoc_change{}}, _) ->
     stop;
 
 %% Inbound Diameter message.
@@ -523,7 +580,7 @@ recv({[#sctp_sndrcvinfo{stream = Id}], Bin}, #transport{parent = Pid})
                                              bin = Bin}),
     ok;
 
-recv({[], #sctp_shutdown_event{assoc_id = Id}},
+recv({_, #sctp_shutdown_event{assoc_id = Id}},
      #transport{assoc_id = Id}) ->
     stop;
 
@@ -536,10 +593,10 @@ recv({[], #sctp_shutdown_event{assoc_id = Id}},
 %% disabled by default so don't handle it. We could simply disable
 %% events we don't react to but don't.
 
-recv({[], #sctp_paddr_change{}}, _) ->
+recv({_, #sctp_paddr_change{}}, _) ->
     ok;
 
-recv({[], #sctp_pdapi_event{}}, _) ->
+recv({_, #sctp_pdapi_event{}}, _) ->
     ok.
 
 %% up/1
diff --git a/lib/diameter/src/transport/diameter_tcp.erl b/lib/diameter/src/transport/diameter_tcp.erl
index 653c114471..78dbda6888 100644
--- a/lib/diameter/src/transport/diameter_tcp.erl
+++ b/lib/diameter/src/transport/diameter_tcp.erl
@@ -37,6 +37,9 @@
          code_change/3,
          terminate/2]).
 
+-export([ports/0,
+         ports/1]).
+
 -include_lib("diameter/include/diameter.hrl").
 
 -define(ERROR(T), erlang:error({T, ?MODULE, ?LINE})).
@@ -45,6 +48,9 @@
 -define(LISTENER_TIMEOUT, 30000).
 -define(FRAGMENT_TIMEOUT, 1000).
 
+%% cb_info passed to ssl.
+-define(TCP_CB(Mod), {Mod, tcp, tcp_closed, tcp_error}).
+
 %% The same gen_server implementation supports three different kinds
 %% of processes: an actual transport process, one that will club it to
 %% death should the parent die before a connection is established, and
@@ -71,8 +77,8 @@
         {socket  :: inet:socket(),  %% accept or connect socket
          parent  :: pid(),          %% of process that started us
          module  :: module(),       %% gen_tcp-like module
-         frag = <<>> :: binary() | {tref(), frag()}}). %% message fragment
-
+         frag = <<>> :: binary() | {tref(), frag()},  %% message fragment
+         ssl     :: boolean() | [term()]}). %% ssl options
 %% The usual transport using gen_tcp can be replaced by anything
 %% sufficiently gen_tcp-like by passing a 'module' option as the first
 %% (for simplicity) transport option. The transport_module diameter_etcp
@@ -122,12 +128,18 @@ i({T, Ref, Mod, Pid, Opts, Addrs})
     %% that does nothing but kill us with the parent until call
     %% returns.
     {ok, MPid} = diameter_tcp_sup:start_child(#monitor{parent = Pid}),
-    Sock = i(T, Ref, Mod, Pid, Opts, Addrs),
+    {SslOpts, Rest} = ssl(Opts),
+    Sock = i(T, Ref, Mod, Pid, SslOpts, Rest, Addrs),
     MPid ! {stop, self()},  %% tell the monitor to die
-    setopts(Mod, Sock),
+    M = if SslOpts -> ssl; true -> Mod end,
+    setopts(M, Sock),
+    putr(ref, Ref),
     #transport{parent = Pid,
-               module = Mod,
-               socket = Sock};
+               module = M,
+               socket = Sock,
+               ssl = SslOpts};
+%% Put the reference in the process dictionary since we now use it
+%% advertise the ssl socket after TLS upgrade.
 
 %% A monitor process to kill the transport if the parent dies.
 i(#monitor{parent = Pid, transport = TPid} = S) ->
@@ -146,27 +158,51 @@ i({listen, LRef, APid, {Mod, Opts, Addrs}}) ->
     LAddr = get_addr(LA, Addrs),
     LPort = get_port(LP),
     {ok, LSock} = Mod:listen(LPort, gen_opts(LAddr, Rest)),
+    true = diameter_reg:add_new({?MODULE, listener, {LRef, {LAddr, LSock}}}),
     proc_lib:init_ack({ok, self(), {LAddr, LSock}}),
     erlang:monitor(process, APid),
-    true = diameter_reg:add_new({?MODULE, listener, {LRef, {LAddr, LSock}}}),
     start_timer(#listener{socket = LSock}).
 
-%% i/6
+ssl(Opts) ->
+    {[SslOpts], Rest} = proplists:split(Opts, [ssl_options]),
+    {ssl_opts(SslOpts), Rest}.
+
+ssl_opts([]) ->
+    false;
+ssl_opts([{ssl_options, true}]) ->
+    true;
+ssl_opts([{ssl_options, Opts}])
+  when is_list(Opts) ->
+    Opts;
+ssl_opts(L) ->
+    ?ERROR({ssl_options, L}).
+
+%% i/7
+
+%% Establish a TLS connection before capabilities exchange ...
+i(Type, Ref, Mod, Pid, true, Opts, Addrs) ->
+    i(Type, Ref, ssl, Pid, [{cb_info, ?TCP_CB(Mod)} | Opts], Addrs);
+
+%% ... or not.
+i(Type, Ref, Mod, Pid, _, Opts, Addrs) ->
+    i(Type, Ref, Mod, Pid, Opts, Addrs).
 
-i(accept, Ref, Mod, Pid, Opts, Addrs) ->
+i(accept = T, Ref, Mod, Pid, Opts, Addrs) ->
     {LAddr, LSock} = listener(Ref, {Mod, Opts, Addrs}),
     proc_lib:init_ack({ok, self(), [LAddr]}),
     Sock = ok(accept(Mod, LSock)),
+    true = diameter_reg:add_new({?MODULE, T, {Ref, Sock}}),
     diameter_peer:up(Pid),
     Sock;
 
-i(connect, _, Mod, Pid, Opts, Addrs) ->
+i(connect = T, Ref, Mod, Pid, Opts, Addrs) ->
     {[LA, RA, RP], Rest} = proplists:split(Opts, [ip, raddr, rport]),
     LAddr = get_addr(LA, Addrs),
     RAddr = get_addr(RA, []),
     RPort = get_port(RP),
     proc_lib:init_ack({ok, self(), [LAddr]}),
     Sock = ok(connect(Mod, RAddr, RPort, gen_opts(LAddr, Rest))),
+    true = diameter_reg:add_new({?MODULE, T, {Ref, Sock}}),
     diameter_peer:up(Pid, {RAddr, RPort}),
     Sock.
 
@@ -227,6 +263,43 @@ gen_opts(LAddr, Opts) ->
      | Opts].
 
 %% ---------------------------------------------------------------------------
+%% # ports/1
+%% ---------------------------------------------------------------------------
+
+ports() ->
+    Ts = diameter_reg:match({?MODULE, '_', '_'}),
+    [{type(T), resolve(T,S), Pid} || {{?MODULE, T, {_,S}}, Pid} <- Ts].
+
+ports(Ref) ->
+    Ts = diameter_reg:match({?MODULE, '_', {Ref, '_'}}),
+    [{type(T), resolve(T,S), Pid} || {{?MODULE, T, {R,S}}, Pid} <- Ts,
+                                     R == Ref].
+
+type(listener) ->
+    listen;
+type(T) ->
+    T.
+
+sock(listener, {_LAddr, Sock}) ->
+    Sock;
+sock(_, Sock) ->
+    Sock.
+
+resolve(Type, S) ->
+    Sock = sock(Type, S),
+    try
+        ok(portnr(Sock))
+    catch
+        _:_ -> Sock
+    end.
+
+portnr(Sock)
+  when is_port(Sock) ->
+    portnr(gen_tcp, Sock);
+portnr(Sock) ->
+    portnr(ssl, Sock).
+
+%% ---------------------------------------------------------------------------
 %% # handle_call/3
 %% ---------------------------------------------------------------------------
 
@@ -258,6 +331,8 @@ handle_info(T, #monitor{} = S) ->
 %% # code_change/3
 %% ---------------------------------------------------------------------------
 
+code_change(_, {transport, _, _, _, _} = S, _) ->
+    {ok, #transport{} = list_to_tuple(tuple_to_list(S) ++ [false])};
 code_change(_, State, _) ->
     {ok, State}.
 
@@ -270,6 +345,12 @@ terminate(_, _) ->
 
 %% ---------------------------------------------------------------------------
 
+putr(Key, Val) ->
+    put({?MODULE, Key}, Val).
+
+getr(Key) ->
+    get({?MODULE, Key}).
+
 %% start_timer/1
 
 start_timer(#listener{count = 0} = S) ->
@@ -332,17 +413,56 @@ t(T,S) ->
 
 %% transition/2
 
+%% Initial incoming message when we might need to upgrade to TLS:
+%% don't request another message until we know.
+transition({tcp, Sock, Bin}, #transport{socket = Sock,
+                                        parent = Pid,
+                                        frag = Head,
+                                        module = M,
+                                        ssl = Opts}
+                             = S)
+  when is_list(Opts) ->
+    case recv1(Head, Bin) of
+        {Msg, B} when is_binary(Msg) ->
+            diameter_peer:recv(Pid, Msg),
+            S#transport{frag = B};
+        Frag ->
+            setopts(M, Sock),
+            S#transport{frag = Frag}
+    end;
+
 %% Incoming message.
-transition({tcp, Sock, Data}, #transport{socket = Sock,
-                                         module = M}
-                              = S) ->
+transition({P, Sock, Bin}, #transport{socket = Sock,
+                                      module = M,
+                                      ssl = B}
+                           = S)
+  when P == tcp, not B;
+       P == ssl, B ->
+    setopts(M, Sock),
+    recv(Bin, S);
+
+%% Capabilties exchange has decided on whether or not to run over TLS.
+transition({diameter, {tls, Ref, Type, B}}, #transport{parent = Pid}
+                                            = S) ->
+    #transport{socket = Sock,
+               module = M}
+        = NS
+        = tls_handshake(Type, B, S),
+    Pid ! {diameter, {tls, Ref}},
     setopts(M, Sock),
-    recv(Data, S);
+    NS#transport{ssl = B};
 
-transition({tcp_closed, Sock}, #transport{socket = Sock}) ->
+transition({C, Sock}, #transport{socket = Sock,
+                                 ssl = B})
+  when C == tcp_closed, not B;
+       C == ssl_closed, B ->
     stop;
 
-transition({tcp_error, Sock, _Reason} = T, #transport{socket = Sock} = S) ->
+transition({E, Sock, _Reason} = T, #transport{socket = Sock,
+                                              ssl = B}
+                                   = S)
+  when E == tcp_error, not B;
+       E == ssl_error, B ->
     ?ERROR({T,S});
 
 %% Outgoing message.
@@ -367,10 +487,10 @@ transition({timeout, TRef, flush}, S) ->
     flush(TRef, S);
 
 %% Request for the local port number.
-transition({resolve_port, RPid}, #transport{socket = Sock,
-                                            module = M})
-  when is_pid(RPid) ->
-    RPid ! lport(M, Sock),
+transition({resolve_port, Pid}, #transport{socket = Sock,
+                                           module = M})
+  when is_pid(Pid) ->
+    Pid ! portnr(M, Sock),
     ok;
 
 %% Parent process has died.
@@ -379,80 +499,122 @@ transition({'DOWN', _, process, Pid, _}, #transport{parent = Pid}) ->
 
 %% Crash on anything unexpected.
 
+%% tls_handshake/3
+%%
+%% In the case that no tls message is received (eg. the service hasn't
+%% been configured to advertise TLS support) we will simply never ask
+%% for another TCP message, which will force the watchdog to
+%% eventually take us down.
+
+%% TLS has already been established with the connection.
+tls_handshake(_, _, #transport{ssl = true} = S) ->
+    S;
+
+%% Capabilities exchange negotiated TLS but transport was not
+%% configured with an options list.
+tls_handshake(_, true, #transport{ssl = false}) ->
+    ?ERROR(no_ssl_options);
+
+%% Capabilities exchange negotiated TLS: upgrade the connection.
+tls_handshake(Type, true, #transport{socket = Sock,
+                                     module = M,
+                                     ssl = Opts}
+                          = S) ->
+    {ok, SSock} = tls(Type, Sock, [{cb_info, ?TCP_CB(M)} | Opts]),
+    Ref = getr(ref),
+    is_reference(Ref)  %% started in new code
+        andalso
+        (true = diameter_reg:add_new({?MODULE, Type, {Ref, SSock}})),
+    S#transport{socket = SSock,
+                module = ssl};
+
+%% Capabilities exchange has not negotiated TLS.
+tls_handshake(_, false, S) ->
+    S.
+
+tls(connect, Sock, Opts) ->
+    ssl:connect(Sock, Opts);
+tls(accept, Sock, Opts) ->
+    ssl:ssl_accept(Sock, Opts).
+
 %% recv/2
 %%
 %% Reassemble fragmented messages and extract multple message sent
 %% using Nagle.
 
 recv(Bin, #transport{parent = Pid, frag = Head} = S) ->
-    S#transport{frag = recv(Pid, Head, Bin)}.
+    case recv1(Head, Bin) of
+        {Msg, B} when is_binary(Msg) ->
+            diameter_peer:recv(Pid, Msg),
+            recv(B, S#transport{frag = <<>>});
+        Frag ->
+            S#transport{frag = Frag}
+    end.
 
-%% recv/3
+%% recv1/2
 
 %% No previous fragment.
-recv(Pid, <<>>, Bin) ->
-    rcv(Pid, Bin);
+recv1(<<>>, Bin) ->
+    rcv(Bin);
 
-recv(Pid, {TRef, Head}, Bin) ->
+recv1({TRef, Head}, Bin) ->
     erlang:cancel_timer(TRef),
-    rcv(Pid, Head, Bin).
+    rcv(Head, Bin).
 
-%% rcv/3
+%% rcv/2
 
 %% Not even the first four bytes of the header.
-rcv(Pid, Head, Bin)
+rcv(Head, Bin)
   when is_binary(Head) ->
-    rcv(Pid, <<Head/binary, Bin/binary>>);
+    rcv(<<Head/binary, Bin/binary>>);
 
 %% Or enough to know how many bytes to extract.
-rcv(Pid, {Len, N, Head, Acc}, Bin) ->
-    rcv(Pid, Len, N + size(Bin), Head, [Bin | Acc]).
+rcv({Len, N, Head, Acc}, Bin) ->
+    rcv(Len, N + size(Bin), Head, [Bin | Acc]).
 
-%% rcv/5
+%% rcv/4
 
 %% Extract a message for which we have all bytes.
-rcv(Pid, Len, N, Head, Acc)
+rcv(Len, N, Head, Acc)
   when Len =< N ->
-    rcv(Pid, rcv1(Pid, Len, bin(Head, Acc)));
+    rcv1(Len, bin(Head, Acc));
 
 %% Wait for more packets.
-rcv(_, Len, N, Head, Acc) ->
+rcv(Len, N, Head, Acc) ->
     {start_timer(), {Len, N, Head, Acc}}.
 
 %% rcv/2
 
 %% Nothing left.
-rcv(_, <<>> = Bin) ->
+rcv(<<>> = Bin) ->
     Bin;
 
 %% Well, this isn't good. Chances are things will go south from here
 %% but if we're lucky then the bytes we have extend to an intended
 %% message boundary and we can recover by simply discarding them,
 %% which is the result of receiving them.
-rcv(Pid, <<_:1/binary, Len:24, _/binary>> = Bin)
+rcv(<<_:1/binary, Len:24, _/binary>> = Bin)
   when Len < 20 ->
-    diameter_peer:recv(Pid, Bin),
-    <<>>;
+    {Bin, <<>>};
 
 %% Enough bytes to extract a message.
-rcv(Pid, <<_:1/binary, Len:24, _/binary>> = Bin)
+rcv(<<_:1/binary, Len:24, _/binary>> = Bin)
   when Len =< size(Bin) ->
-    rcv(Pid, rcv1(Pid, Len, Bin));
+    rcv1(Len, Bin);
 
 %% Or not: wait for more packets.
-rcv(_, <<_:1/binary, Len:24, _/binary>> = Head) ->
+rcv(<<_:1/binary, Len:24, _/binary>> = Head) ->
     {start_timer(), {Len, size(Head), Head, []}};
 
 %% Not even 4 bytes yet.
-rcv(_, Head) ->
+rcv(Head) ->
     {start_timer(), Head}.
 
-%% rcv1/3
+%% rcv1/2
 
-rcv1(Pid, Len, Bin) ->
+rcv1(Len, Bin) ->
     <<Msg:Len/binary, Rest/binary>> = Bin,
-    diameter_peer:recv(Pid, Msg),
-    Rest.
+    {Msg, Rest}.
 
 %% bin/[12]
 
@@ -489,15 +651,18 @@ flush(_, S) ->
 
 %% accept/2
 
-accept(gen_tcp, LSock) ->
-    gen_tcp:accept(LSock);
+accept(ssl, LSock) ->
+    case ssl:transport_accept(LSock) of
+        {ok, Sock} ->
+            {ssl:ssl_accept(Sock), Sock};
+        {error, _} = No ->
+            No
+    end;
 accept(Mod, LSock) ->
     Mod:accept(LSock).
 
 %% connect/4
 
-connect(gen_tcp, Host, Port, Opts) ->
-    gen_tcp:connect(Host, Port, Opts);
 connect(Mod, Host, Port, Opts) ->
     Mod:connect(Host, Port, Opts).
 
@@ -505,6 +670,8 @@ connect(Mod, Host, Port, Opts) ->
 
 send(gen_tcp, Sock, Bin) ->
     gen_tcp:send(Sock, Bin);
+send(ssl, Sock, Bin) ->
+    ssl:send(Sock, Bin);
 send(M, Sock, Bin) ->
     M:send(Sock, Bin).
 
@@ -512,6 +679,8 @@ send(M, Sock, Bin) ->
 
 setopts(gen_tcp, Sock, Opts) ->
     inet:setopts(Sock, Opts);
+setopts(ssl, Sock, Opts) ->
+    ssl:setopts(Sock, Opts);
 setopts(M, Sock, Opts) ->
     M:setopts(Sock, Opts).
 
@@ -523,9 +692,16 @@ setopts(M, Sock) ->
         X  -> x({setopts, M, Sock, X})  %% possibly on peer disconnect
     end.
 
-%% lport/2
+%% portnr/2
 
-lport(gen_tcp, Sock) ->
+portnr(gen_tcp, Sock) ->
     inet:port(Sock);
-lport(M, Sock) ->
+portnr(ssl, Sock) ->
+    case ssl:sockname(Sock) of
+        {ok, {_Addr, PortNr}} ->
+            {ok, PortNr};
+        {error, _} = No ->
+            No
+    end;
+portnr(M, Sock) ->
     M:port(Sock).
diff --git a/lib/diameter/src/transport/modules.mk b/lib/diameter/src/transport/modules.mk
deleted file mode 100644
index a0dc3cf2c0..0000000000
--- a/lib/diameter/src/transport/modules.mk
+++ /dev/null
@@ -1,29 +0,0 @@
-#-*-makefile-*-   ; force emacs to enter makefile-mode
-
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2010-2011. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-
-MODULES = \
-	diameter_etcp \
-	diameter_etcp_sup \
-	diameter_tcp \
-	diameter_tcp_sup \
-	diameter_sctp \
-	diameter_sctp_sup \
-	diameter_transport_sup
-
-HRL_FILES =
diff --git a/lib/diameter/test/Makefile b/lib/diameter/test/Makefile
index dba1f126dc..ab5b45ff3d 100644
--- a/lib/diameter/test/Makefile
+++ b/lib/diameter/test/Makefile
@@ -17,15 +17,13 @@
 # %CopyrightEnd%
 
 ifeq ($(ERL_TOP),)
-TOP = $(DIAMETER_TOP)
+include $(DIAMETER_TOP)/make/target.mk
+include $(DIAMETER_TOP)/make/$(TARGET)/rules.mk
 else
-TOP = $(ERL_TOP)
-DIAMETER_TOP = $(TOP)/lib/diameter
+include $(ERL_TOP)/make/target.mk
+include $(ERL_TOP)/make/$(TARGET)/otp.mk
 endif
 
-include $(TOP)/make/target.mk
-include $(TOP)/make/$(TARGET)/otp.mk
-
 # ----------------------------------------------------
 # Application version
 # ----------------------------------------------------
@@ -46,38 +44,34 @@ RELSYSDIR = $(RELEASE_PATH)/diameter_test
 
 include modules.mk
 
-EBIN = .
-
-HRL_FILES = $(INTERNAL_HRL_FILES)
-ERL_FILES = $(MODULES:%=%.erl)
-
-SOURCE = $(HRL_FILES) $(ERL_FILES) 
+ERL_FILES    = $(MODULES:%=%.erl)
 TARGET_FILES = $(MODULES:%=%.$(EMULATOR))
 
 SUITE_MODULES = $(filter diameter_%_SUITE, $(MODULES))
-SUITES = $(SUITE_MODULES:diameter_%_SUITE=%)
+SUITES        = $(SUITE_MODULES:diameter_%_SUITE=%)
 
-RELTEST_FILES = $(TEST_SPEC_FILE) $(COVER_SPEC_FILE) $(SOURCE)
+DATA_DIRS = $(sort $(dir $(DATA)))
 
 # ----------------------------------------------------
 # FLAGS
 # ----------------------------------------------------
 
-include ../src/app/diameter.mk 
-
 # This is only used to compile suite locally when running with a
 # target like 'all' below. Target release_tests only installs source.
-ERL_COMPILE_FLAGS += $(DIAMETER_ERL_COMPILE_FLAGS) \
-                     -DDIAMETER_CT=true \
-                     -I $(DIAMETER_TOP)/src/app
+ERL_COMPILE_FLAGS += +warn_export_vars \
+                     +warn_unused_vars \
+                     -I ../include \
+                     -I ../src/gen
 
 # ----------------------------------------------------
 # Targets
 # ----------------------------------------------------
 
-all: $(SUITES)
+all: opt
+
+run: $(SUITES)
 
-tests debug opt: $(TARGET_FILES)
+debug opt: $(TARGET_FILES)
 
 clean:
 	rm -f $(TARGET_FILES) 
@@ -85,66 +79,56 @@ clean:
 
 realclean: clean
 	rm -rf log
-	rm -f errs core *~
-
-.PHONY: all tests debug opt clean realclean
 
 docs:
 
+list = echo $(1):; echo $($(1)) | tr ' ' '\n' | sort | sed 's@^@  @'
+
 info:
-	@echo "TARGET_FILES = $(TARGET_FILES)"
-	@echo
-	@echo "ERL_COMPILE_FLAGS = $(ERL_COMPILE_FLAGS)"
-	@echo "ERL  = $(ERL)"
-	@echo "ERLC = $(ERLC)"
-	@echo
-	@echo "HRL_FILES    = $(HRL_FILES)"
-	@echo "ERL_FILES    = $(ERL_FILES)"
-	@echo "TARGET_FILES = $(TARGET_FILES)"
+	@echo ========================================
+	@$(call list,MODULES)
 	@echo
-	@echo "SUITE_MODULES = $(SUITE_MODULES)"
-	@echo "SUITES        = $(SUITES)"
+	@$(call list,HRL_FILES)
 	@echo
+	@$(call list,SUITES)
+	@echo ========================================
 
 help:
+	@echo ========================================
+	@echo "Useful targets:"
 	@echo
-	@echo "Targets:"
+	@echo "    all:"
+	@echo "        Compile all test suites."
 	@echo
-	@echo "    all"
-	@echo "        Run all test suites."
+	@echo "    run:"
+	@echo "        Compile and run all test suites."
 	@echo
-	@echo "    $(SUITES)"
-	@echo "        Run a specific test suite."
+	@echo "    $(SUITES):"
+	@echo "        Compile and run a specific test suite."
 	@echo
-	@echo "    tests"
-	@echo "        Compile all test-code."
-	@echo
-	@echo "    clean | realclean"
+	@echo "    clean | realclean:"
 	@echo "        Remove generated files."
 	@echo
-	@echo "    info"
-	@echo "        Prints various environment variables."
-	@echo "        May be useful when debugging this Makefile."
-	@echo
-	@echo "    help"
-	@echo "        Print this info."
-	@echo
+	@echo "    info:"
+	@echo "        Echo some relevant variables."
+	@echo ========================================
 
-.PHONY: docs info help
+.PHONY: all run clean debug docs help info opt realclean
 
 # ----------------------------------------------------
 # Special Targets
 # ----------------------------------------------------
 
 # Exit with a non-zero status if the output looks to indicate failure.
-# diameter_ct:run/1 itself can't tell (it seems).
-$(SUITES): log tests
-	$(ERL) -noshell \
-	        -pa $(DIAMETER_TOP)/ebin \
-	        -sname diameter_test_$@ \
-	        -s diameter_ct run diameter_$@_SUITE \
-	        -s init stop \
-	| awk '1{rc=0} {print} / FAILED /{rc=1} END{exit rc}'
+# diameter_ct:run/1 itself can't tell (it seems). The absolute -pa is
+# because ct will change directories.
+$(SUITES): log opt
+	$(ERL) -noinput \
+	       -pa $(realpath ../ebin) \
+	       -sname diameter_test_$@ \
+	       -s diameter_ct run diameter_$@_SUITE \
+	       -s init stop \
+	| awk '{print} / FAILED /{rc=1} END{exit rc}' rc=0
 # Shorter in sed but requires a GNU extension (ie. Q).
 
 log:
@@ -156,17 +140,38 @@ log:
 # Release Targets
 # ---------------------------------------------------- 
 
-include $(TOP)/make/otp_release_targets.mk
+/%: % force
+	sed -f release.sed $< > $(RELSYSDIR)$@
 
-release_spec: 
+ifeq ($(ERL_TOP),)
+include $(DIAMETER_TOP)/make/release_targets.mk
+else
+include $(ERL_TOP)/make/otp_release_targets.mk
+endif
 
-release_docs_spec:
+release_spec release_docs_spec:
 
 release_tests_spec:
 	$(INSTALL_DIR)  $(RELSYSDIR)
-	$(INSTALL_DATA) $(RELTEST_FILES) $(RELSYSDIR)
+	$(INSTALL_DATA) $(TEST_SPEC_FILE) \
+	                $(COVER_SPEC_FILE) \
+	                $(HRL_FILES) \
+	                $(RELSYSDIR)
+	$(MAKE) $(DATA_DIRS:%/=release_data_%)
+	$(MAKE) $(ERL_FILES:%=/%)
+
+$(DATA_DIRS:%/=release_data_%): release_data_%:
+	$(INSTALL_DIR) $(RELSYSDIR)/$*
+	$(INSTALL_DATA) $(filter $*/%, $(DATA)) $(RELSYSDIR)/$*
+
+force:
 
 .PHONY: release_spec release_docs_spec release_test_specs
+.PHONY: force
+.PHONY: $(DATA_DIRS:%/=release_data_%)
+
+# Can't just make $(ERL_FILES:%=/%) phony since then implicit rule
+# searching is skipped.
 
 # ----------------------------------------------------
 
@@ -175,7 +180,7 @@ depend: depend.mk
 # Generate dependencies makefile.
 depend.mk: depend.sed $(MODULES:%=%.erl) Makefile
 	(for f in $(MODULES); do \
-	     sed -f $< $$f.erl | sed "s@/@/$$f@"; \
+	     (echo $$f; cat $$f.erl) | sed -f $<; \
 	 done) \
 	> $@
 
diff --git a/lib/diameter/test/depend.sed b/lib/diameter/test/depend.sed
index a399eb45f0..95dca44984 100644
--- a/lib/diameter/test/depend.sed
+++ b/lib/diameter/test/depend.sed
@@ -18,14 +18,24 @@
 #
 
 #
-# Extract local include dependencies from .erl files. The output is massaged
-# further in Makefile.
+# Extract local include dependencies from an .erl file. The first
+# input line is the module name.
 #
 
-/^-include/!d
+# Store the module name in the hold space.
+1{
+  h
+  d
+}
+
+# Throw away everything but local includes.
 /^-include_lib/d
+/^-include/!d
 /diameter_gen/d
+/diameter\./d
 
+# Output a dependency of the beam on the included file.
 s@^-include("@@
 s@".*@@
-s@^@$(EBIN)/.$(EMULATOR): @
+G
+s@^\(.*\)\n\(.*\)@$(EBIN)/\2.$(EMULATOR): \1@
diff --git a/lib/diameter/test/diameter_app_SUITE.erl b/lib/diameter/test/diameter_app_SUITE.erl
index 104785b4e6..53332af626 100644
--- a/lib/diameter/test/diameter_app_SUITE.erl
+++ b/lib/diameter/test/diameter_app_SUITE.erl
@@ -41,6 +41,19 @@
 
 -define(A, list_to_atom).
 
+%% Modules not in the app and that should not have dependencies on it
+%% for build reasons.
+-define(COMPILER_MODULES, [diameter_codegen,
+                           diameter_dict_scanner,
+                           diameter_dict_parser,
+                           diameter_dict_util,
+                           diameter_exprecs,
+                           diameter_nowarn,
+                           diameter_make]).
+
+-define(HELP_MODULES, [diameter_dbg,
+                       diameter_info]).
+
 %% ===========================================================================
 
 suite() ->
@@ -93,13 +106,8 @@ vsn(Config) ->
 modules(Config) ->
     Mods = fetch(modules, fetch(app, Config)),
     Installed = code_mods(),
-    Help = [diameter_callback,
-            diameter_codegen,
-            diameter_dbg,
-            diameter_exprecs,
-            diameter_info,
-            diameter_spec_scan,
-            diameter_spec_util],
+    Help = lists:sort(?HELP_MODULES ++ ?COMPILER_MODULES),
+
     {[], Help} = {Mods -- Installed, lists:sort(Installed -- Mods)}.
 
 code_mods() ->
@@ -133,13 +141,16 @@ release(Config) ->
     Rel = {release,
            {"diameter test release", fetch(vsn, App)},
            {erts, erlang:system_info(version)},
-           [{A, appvsn(A)} || A <- fetch(applications, App)]},
+           [{A, appvsn(A)} || A <- [sasl | fetch(applications, App)]]},
     Dir = fetch(priv_dir, Config),
     ok = write_file(filename:join([Dir, "diameter_test.rel"]), Rel),
     {ok, _, []} = systools:make_script("diameter_test", [{path, [Dir]},
                                                          {outdir, Dir},
                                                          silent]).
 
+%% sasl need to be included to avoid a missing_sasl warning, error
+%% in the case of relup/1.
+
 appvsn(Name) ->
     [{application, Name, App}] = diameter_util:consult(Name, app),
     fetch(vsn, App).
@@ -147,14 +158,13 @@ appvsn(Name) ->
 %% ===========================================================================
 %% # xref/1
 %%
-%% Ensure that no function in our application calls an undefined function.
+%% Ensure that no function in our application calls an undefined function
+%% or one in an application we haven't specified as a dependency. (Almost.)
 %% ===========================================================================
 
 xref(Config) ->
     App = fetch(app, Config),
-    Mods = fetch(modules, App) -- [diameter_codegen, diameter_dbg],
-    %% Skip modules that aren't required at runtime and that have
-    %% dependencies beyond those applications listed in the app file.
+    Mods = fetch(modules, App),
 
     {ok, XRef} = xref:start(make_name(xref_test_name)),
     ok = xref:set_default(XRef, [{verbose, false}, {warnings, false}]),
@@ -164,16 +174,35 @@ xref(Config) ->
     %% stop xref from complaining about calls to module erlang, which
     %% was previously in kernel. Erts isn't an application however, in
     %% the sense that there's no .app file, and isn't listed in
-    %% applications. Seems less than ideal.
+    %% applications.
     ok = lists:foreach(fun(A) -> add_application(XRef, A) end,
                        [?APP, erts | fetch(applications, App)]),
 
     {ok, Undefs} = xref:analyze(XRef, undefined_function_calls),
+    {ok, Called} = xref:analyze(XRef, {module_call, ?COMPILER_MODULES}),
 
     xref:stop(XRef),
 
     %% Only care about calls from our own application.
-    [] = lists:filter(fun({{M,_,_},_}) -> lists:member(M, Mods) end, Undefs).
+    [] = lists:filter(fun({{F,_,_},{T,_,_}}) ->
+                              lists:member(F, Mods)
+                                  andalso {F,T} /= {diameter_tcp, ssl}
+                      end,
+                      Undefs),
+    %% diameter_tcp does call ssl despite the latter not being listed
+    %% as a dependency in the app file since ssl is only required for
+    %% TLS security: it's up to a client who wants TLS it to start
+    %% ssl.
+
+    [] = lists:filter(fun is_bad_dependency/1, Called).
+
+%% It's not strictly necessary that diameter compiler modules not
+%% depend on other diameter modules but it's a simple source of build
+%% errors if not encoded in the makefile (hence the test) so guard
+%% against it.
+is_bad_dependency(Mod) ->
+    lists:prefix("diameter", atom_to_list(Mod))
+        andalso not lists:member(Mod, ?COMPILER_MODULES).
 
 add_application(XRef, App) ->
     add_application(XRef, App, code:lib_dir(App)).
@@ -201,7 +230,7 @@ relup(Config) ->
 
     App = fetch(app, Config),
     Rel = [{erts, erlang:system_info(version)}
-           | [{A, appvsn(A)} || A <- fetch(applications, App)]],
+           | [{A, appvsn(A)} || A <- [sasl | fetch(applications, App)]]],
 
     Dir = fetch(priv_dir, Config),
 
@@ -209,12 +238,15 @@ relup(Config) ->
     UpFrom = acc_rel(Dir, Rel, Up),
     DownTo = acc_rel(Dir, Rel, Down),
 
-    {[Name], [Name], UpFrom, DownTo}  %% no intersections
+    {[Name], [Name], [], []}  %% no current in up/down and go both ways
         = {[Name] -- UpFrom,
            [Name] -- DownTo,
            UpFrom -- DownTo,
            DownTo -- UpFrom},
 
+    [[], []] = [S -- sets:to_list(sets:from_list(S))
+                || S <- [UpFrom, DownTo]],
+
     {ok, _, _, []} = systools:make_relup(Name, UpFrom, DownTo, [{path, [Dir]},
                                                                 {outdir, Dir},
                                                                 silent]).
diff --git a/lib/diameter/test/diameter_capx_SUITE.erl b/lib/diameter/test/diameter_capx_SUITE.erl
new file mode 100644
index 0000000000..54a161d606
--- /dev/null
+++ b/lib/diameter/test/diameter_capx_SUITE.erl
@@ -0,0 +1,420 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Tests of capabilities exchange between Diameter nodes. In
+%% particular, of error and event handling.
+%%
+
+-module(diameter_capx_SUITE).
+
+-export([suite/0,
+         all/0,
+         groups/0,
+         init_per_testcase/2,
+         end_per_testcase/2]).
+
+%% testcases
+-export([start/1,
+         start_services/1,
+         add_listeners/1,
+         s_no_common_application/1,
+         c_no_common_application/1,
+         s_no_common_security/1,
+         c_no_common_security/1,
+         s_unknown_peer/1,
+         c_unknown_peer/1,
+         s_unable/1,
+         c_unable/1,
+         s_client_reject/1,
+         c_client_reject/1,
+         remove_listeners/1,
+         stop_services/1,
+         stop/1]).
+
+%% diameter callbacks
+-export([peer_up/4,
+         peer_down/4]).
+
+-include("diameter.hrl").
+-include("diameter_gen_base_rfc3588.hrl").
+
+%% ===========================================================================
+
+-define(util, diameter_util).
+
+-define(CLIENT, client).
+-define(SERVER, server).
+
+-define(ADDR, {127,0,0,1}).
+
+-define(REALM, "erlang.org").
+-define(HOST(Name), Name ++ "." ++ ?REALM).
+
+%% Config for diameter:start_service/2.
+-define(SERVICE(Name),
+        [{'Origin-Realm', ?REALM},
+         {'Host-IP-Address', [?ADDR]},
+         {'Vendor-Id', 12345},
+         {'Product-Name', "OTP/diameter"},
+         {'Auth-Application-Id', [?DIAMETER_APP_ID_COMMON]},
+         {'Acct-Application-Id', [?DIAMETER_APP_ID_ACCOUNTING]}
+         | [{application, [{alias, A},
+                           {dictionary, D},
+                           {module, [?MODULE, A]}]}
+            || {A,D} <- [{common, ?DIAMETER_DICT_COMMON},
+                         {accounting, ?DIAMETER_DICT_ACCOUNTING}]]]).
+
+-define(A, list_to_atom).
+-define(L, atom_to_list).
+
+-define(event,  #diameter_event).
+-define(caps,   #diameter_caps).
+-define(packet, #diameter_packet).
+
+-define(cea,            #diameter_base_CEA).
+-define(answer_message, #'diameter_base_answer-message').
+
+-define(fail(T), erlang:error({T, process_info(self(), messages)})).
+
+-define(TIMEOUT, 2000).
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {seconds, 10}}].
+
+all() -> [start,
+          start_services,
+          add_listeners,
+          {group, all},
+          {group, all, [parallel]},
+          remove_listeners,
+          stop_services,
+          stop].
+
+groups() ->
+    [{all, [], lists:flatmap(fun tc/1, tc())}].
+
+%% Generate a unique hostname for each testcase so that watchdogs
+%% don't prevent a connection from being brought up immediately.
+init_per_testcase(Name, Config) ->
+    Uniq = ["." ++ integer_to_list(N) || N <- tuple_to_list(now())],
+    [{host, lists:flatten([?L(Name) | Uniq])} | Config].
+
+end_per_testcase(N, _)
+  when N == start;
+       N == start_services;
+       N == add_listeners;
+       N == remove_listeners;
+       N == stop_services;
+       N == stop ->
+    ok;
+end_per_testcase(Name, Config) ->
+    CRef = ?util:read_priv(Config, Name),
+    ok = diameter:remove_transport(?CLIENT, CRef).
+
+%% Testcases all come in two flavours, client and server.
+tc(Name) ->
+    [?A([C,$_|?L(Name)]) || C <- "cs"].
+
+tc() ->
+    [no_common_application,
+     no_common_security,
+     unknown_peer,
+     unable,
+     client_reject].
+
+%% ===========================================================================
+%% start/stop testcases
+
+start(_Config) ->
+    ok = diameter:start().
+
+start_services(_Config) ->
+    ok = diameter:start_service(?SERVER, ?SERVICE(?SERVER)),
+    ok = diameter:start_service(?CLIENT, ?SERVICE(?CLIENT)).
+
+%% One server that responds only to base accounting, one that responds
+%% to both this and the common application. Share a common service just
+%% to simplify config, and because we can.
+add_listeners(Config) ->
+    Acct = listen(?SERVER,
+                  [{capabilities, [{'Origin-Host', ?HOST("acct-srv")},
+                                   {'Auth-Application-Id', []}]},
+                   {applications, [accounting]},
+                   {capabilities_cb, [fun server_capx/3, acct]}]),
+    Base = listen(?SERVER,
+                  [{capabilities, [{'Origin-Host', ?HOST("base-srv")}]},
+                   {capabilities_cb, [fun server_capx/3, base]}]),
+    ?util:write_priv(Config, ?MODULE, {Base, Acct}). %% lref/2 reads
+
+remove_listeners(_Config) ->
+    ok = diameter:remove_transport(?SERVER, true).
+
+stop_services(_Config) ->
+    ok = diameter:stop_service(?CLIENT),
+    ok = diameter:stop_service(?SERVER).
+
+stop(_Config) ->
+    ok = diameter:stop().
+
+%% ===========================================================================
+%% All the testcases come in pairs, one for receiving an event on the
+%% client side, one on the server side. Note that testcases will
+%% receive events resulting from other testcases when running in
+%% parallel since the events are per service. The unique client
+%% Origin-Host for each testcase plus transport references are used to
+%% ensure that only the relevant event is extracted from the mailbox.
+%% Don't bother extracting events that aren't relevant.
+
+%% ====================
+%% Ask the accounting server to speak the common application and expect
+%% DIAMETER_NO_COMMON_APPLICATION = 5010.
+
+s_no_common_application(Config) ->
+    server_closed(Config, fun no_common_application/1, 5010).
+
+c_no_common_application(Config) ->
+    client_closed(Config, "acct-srv", fun no_common_application/1, 5010).
+
+no_common_application(Config) ->
+    connect(Config, acct, [{capabilities, [{'Acct-Application-Id', []}]},
+                           {applications, [common]}]).
+
+%% ====================
+%% Ask the base server to speak accounting with an unknown security
+%% method and expect DIAMETER_NO_COMMON_SECURITY = 5017.
+
+s_no_common_security(Config) ->
+    server_closed(Config, fun no_common_security/1, 5017).
+
+c_no_common_security(Config) ->
+    client_closed(Config, "base-srv", fun no_common_security/1, 5017).
+
+no_common_security(Config) ->
+    connect(Config, base, [{capabilities, [{'Acct-Application-Id', []},
+                                           {'Inband-Security-Id', [17, 18]}]},
+                           {applications, [common]}]).
+
+%% ====================
+%% Have the base server reject a decent CER with the protocol error
+%% DIAMETER_UNKNOWN_PEER = 3010.
+
+s_unknown_peer(Config) ->
+    server_reject(Config, fun base/1, 3010).
+
+c_unknown_peer(Config) ->
+    true = diameter:subscribe(?CLIENT),
+    OH = ?HOST("base-srv"),
+
+    {CRef, _} = base(Config),
+
+    {'CEA', ?caps{},
+            ?packet{msg = ?answer_message{'Origin-Host' = OH,
+                                          'Result-Code' = 3010}}}
+        = client_recv(CRef).
+
+base(Config) ->
+    connect(Config, base, []).
+
+%% ====================
+%% Have the base server reject a decent CER with the non-protocol
+%% error DIAMETER_UNABLE_TO_COMPLY = 5012.
+
+s_unable(Config) ->
+    server_reject(Config, fun base/1, 5012).
+
+c_unable(Config) ->
+    client_closed(Config, "base-srv", fun base/1, 5012).
+
+%% ====================
+%% Have the client reject a decent CEA.
+
+s_client_reject(Config) ->
+    true = diameter:subscribe(?SERVER),
+    OH = host(Config),
+
+    {_, LRef} = client_reject(Config),
+
+    receive
+        ?event{service = ?SERVER,
+               info = {up, LRef,
+                           {_, ?caps{origin_host = {_, OH}}},
+                           {listen, _},
+                           ?packet{}}}
+                    = Info ->
+            Info
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
+    end.
+
+c_client_reject(Config) ->
+    true = diameter:subscribe(?CLIENT),
+    OH = ?HOST("acct-srv"),
+
+    {CRef, _} = client_reject(Config),
+
+    {'CEA', {capabilities_cb, _, discard},
+            ?caps{origin_host = {_, OH}},
+            ?packet{msg = ?cea{'Result-Code' = 2001}}}
+        = client_recv(CRef).
+
+client_reject(Config) ->
+    connect(Config, acct, [{capabilities_cb, fun client_capx/2}]).
+
+%% ===========================================================================
+
+%% server_closed/3
+
+server_closed(Config, F, RC) ->
+    true = diameter:subscribe(?SERVER),
+    OH = host(Config),
+
+    {_, LRef} = F(Config),
+
+    receive
+        ?event{service = ?SERVER,
+               info = {closed, LRef,
+                               {'CER', RC,
+                                       ?caps{origin_host = {_, OH}},
+                                       ?packet{}}
+                               = Reason,
+                               {listen, _}}} ->
+            Reason
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
+    end.
+
+%% server_reject/3
+
+server_reject(Config, F, RC) ->
+    true = diameter:subscribe(?SERVER),
+    OH = host(Config),
+
+    {_, LRef} = F(Config),
+
+    receive
+        ?event{service = ?SERVER,
+               info = {closed, LRef,
+                               {'CER', {capabilities_cb, _, RC},
+                                       ?caps{origin_host = {_, OH}},
+                                       ?packet{}}
+                               = Reason,
+                               {listen, _}}} ->
+            Reason
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
+    end.
+
+%% cliient_closed/4
+
+client_closed(Config, Host, F, RC) ->
+    true = diameter:subscribe(?CLIENT),
+    OH = ?HOST(Host),
+
+    {CRef, _} = F(Config),
+
+    {'CEA', RC, ?caps{origin_host = {_, OH}}, ?packet{}}
+        = client_recv(CRef).
+
+%% client_recv/1
+
+client_recv(CRef) ->
+    receive
+        ?event{service = ?CLIENT,
+               info = {closed, CRef, Reason, {connect, _}}} ->
+            Reason
+    after ?TIMEOUT ->
+            ?fail(CRef)
+    end.
+
+%% server_capx/3
+
+server_capx(_, ?caps{origin_host = {_, [_,$_|"unknown_peer." ++ _]}}, _) ->
+    unknown;
+
+server_capx(_, ?caps{origin_host = {_, [_,$_|"unable." ++ _]}}, _) ->
+    5012;  %% DIAMETER_UNABLE_TO_COMPLY
+
+server_capx(_, ?caps{origin_host = {OH,DH}}, _) ->
+    io:format("connection: ~p -> ~p~n", [DH,OH]),
+    ok.
+
+%% client_capx/2
+
+client_capx(_, ?caps{origin_host = {[_,$_|"client_reject." ++ _], _}}) ->
+    discard.
+
+%% ===========================================================================
+
+host(Config) ->
+    {_, H} = lists:keyfind(host, 1, Config),
+    ?HOST(H).
+
+listen(Name, Opts) ->
+    ?util:listen(Name, tcp, Opts).
+
+connect(Config, T, Opts) ->
+    {_, H} = lists:keyfind(host, 1, Config),
+    LRef = lref(Config, T),
+    CRef = connect(LRef, [{capabilities, [{'Origin-Host', ?HOST(H)}]}
+                          | Opts]),
+    Name = lists:takewhile(fun(C) -> C /= $. end, H),
+    ?util:write_priv(Config, Name, CRef),  %% end_per_testcase reads
+    {CRef, LRef}.
+
+connect(LRef, Opts) ->
+    [PortNr] = ?util:lport(tcp, LRef, 20),
+    {ok, CRef} = diameter:add_transport(?CLIENT,
+                                        {connect, opts(PortNr, Opts)}),
+    CRef.
+
+opts(PortNr, Opts) ->
+    [{transport_module, diameter_tcp},
+     {transport_config, [{raddr, ?ADDR},
+                         {rport, PortNr},
+                         {ip, ?ADDR},
+                         {port, 0}]}
+     | Opts].
+
+lref(Config, T) ->
+    case ?util:read_priv(Config, ?MODULE) of
+        {LRef, _} when T == base ->
+            LRef;
+        {_, LRef} when T == acct ->
+            LRef
+    end.
+
+%% ===========================================================================
+%% diameter callbacks
+
+peer_up(?SERVER,
+        {_, ?caps{origin_host = {"acct-srv." ++ _,
+                                 [_,$_|"client_reject." ++ _]}}},
+        State,
+        _) ->
+    State.
+
+peer_down(?SERVER,
+          {_, ?caps{origin_host = {"acct-srv." ++ _,
+                                   [_,$_|"client_reject." ++ _]}}},
+          State,
+          _) ->
+    State.
diff --git a/lib/diameter/test/diameter_codec_SUITE.erl b/lib/diameter/test/diameter_codec_SUITE.erl
index 30c60be8e9..2e219bbb10 100644
--- a/lib/diameter/test/diameter_codec_SUITE.erl
+++ b/lib/diameter/test/diameter_codec_SUITE.erl
@@ -35,7 +35,8 @@
 %% testcases
 -export([base/1,
          gen/1,
-         lib/1]).
+         lib/1,
+         unknown/1]).
 
 -include("diameter_ct.hrl").
 
@@ -47,7 +48,7 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [base, gen, lib].
+    [base, gen, lib, unknown].
 
 init_per_testcase(gen, Config) ->
     [{application, ?APP, App}] = diameter_util:consult(?APP, app),
@@ -74,3 +75,26 @@ gen([{dicts, Ms} | _]) ->
 
 lib(_Config) ->
     diameter_codec_test:lib().
+
+%% Have a separate AVP dictionary just to exercise more code.
+unknown(Config) ->
+    Priv = proplists:get_value(priv_dir, Config),
+    Data = proplists:get_value(data_dir, Config),
+    ok = make(Data, "recv.dia"),
+    ok = make(Data, "avps.dia"),
+    {ok, _, _} = compile("diameter_test_avps.erl"),
+    ok = make(Data, "send.dia"),
+    {ok, _, _} = compile("diameter_test_send.erl"),
+    {ok, _, _} = compile("diameter_test_recv.erl"),
+    {ok, _, _} = compile(filename:join([Data, "diameter_test_unknown.erl"]),
+                         [{i, Priv}]),
+    diameter_test_unknown:run().
+
+make(Dir, File) ->
+    diameter_make:codec(filename:join([Dir, File])).
+
+compile(File) ->
+    compile(File, []).
+
+compile(File, Opts) ->
+    compile:file(File, [return | Opts]).
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/avps.dia b/lib/diameter/test/diameter_codec_SUITE_data/avps.dia
new file mode 100644
index 0000000000..c9d80a37a9
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/avps.dia
@@ -0,0 +1,25 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@name diameter_test_avps
+
+@avp_types
+
+   XXX    111    Unsigned32    M
+   YYY    222    Unsigned32    -
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl b/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl
new file mode 100644
index 0000000000..bce3d78a37
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl
@@ -0,0 +1,76 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_test_unknown).
+
+-compile(export_all).
+
+%%
+%% Test reception of unknown AVP's.
+%%
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_test_send.hrl").
+-include("diameter_test_recv.hrl").
+
+-define(HOST,  "test.erlang.org").
+-define(REALM, "erlang.org").
+
+%% Patterns to match decoded AVP's.
+-define(MANDATORY_XXX,     #diameter_avp{code = 111}).
+-define(NOT_MANDATORY_YYY, #diameter_avp{code = 222}).
+
+%% Ensure that an unknown AVP with an M flag is regarded as an error
+%% while one without an M flag is returned as 'AVP'.
+
+run() ->
+    H = #diameter_header{version = 1,
+                         end_to_end_id = 1,
+                         hop_by_hop_id = 1},
+    Vs = [{'Origin-Host', ?HOST},
+          {'Origin-Realm', ?REALM},
+          {'XXX', [0]},
+          {'YYY', [1]}],
+    Pkt = #diameter_packet{header = H,
+                           msg = Vs},
+
+    [] = diameter_util:run([{?MODULE, [run, M, enc(M, Pkt)]}
+                            || M <- ['AR','BR']]).
+
+enc(M, #diameter_packet{msg = Vs} = P) ->
+    diameter_codec:encode(diameter_test_send,
+                          P#diameter_packet{msg = [M|Vs]}).
+
+run(M, Pkt) ->
+    dec(M, diameter_codec:decode(diameter_test_recv, Pkt)).
+%% Note that the recv dictionary defines neither XXX nor YYY.
+
+dec('AR', #diameter_packet
+           {msg = #recv_AR{'Origin-Host'  = ?HOST,
+                           'Origin-Realm' = ?REALM,
+                           'AVP' = [?NOT_MANDATORY_YYY]},
+            errors = [{5001, ?MANDATORY_XXX}]}) ->
+    ok;
+
+dec('BR', #diameter_packet
+           {msg = #recv_BR{'Origin-Host'  = ?HOST,
+                           'Origin-Realm' = ?REALM},
+            errors = [{5008, ?NOT_MANDATORY_YYY},
+                      {5001, ?MANDATORY_XXX}]}) ->
+    ok.
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/recv.dia b/lib/diameter/test/diameter_codec_SUITE_data/recv.dia
new file mode 100644
index 0000000000..15fec5a5dd
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/recv.dia
@@ -0,0 +1,51 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 17
+@name   diameter_test_recv
+@prefix recv
+
+@inherits diameter_gen_base_rfc3588
+
+    Origin-Host
+    Origin-Realm
+    Result-Code
+
+@messages
+
+      AR ::= < Diameter Header: 123, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      AA ::= < Diameter Header: 123 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      BR ::= < Diameter Header: 124, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+
+      BA ::= < Diameter Header: 124 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/send.dia b/lib/diameter/test/diameter_codec_SUITE_data/send.dia
new file mode 100644
index 0000000000..1472f146ae
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/send.dia
@@ -0,0 +1,56 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 17
+@name   diameter_test_send
+@prefix send
+
+@inherits diameter_gen_base_rfc3588
+
+    Origin-Host
+    Origin-Realm
+    Result-Code
+
+@inherits diameter_test_avps
+
+@messages
+
+      AR ::= < Diameter Header: 123, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+              [ XXX ]
+              [ YYY ]
+
+      AA ::= < Diameter Header: 123 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      BR ::= < Diameter Header: 124, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+              [ XXX ]
+              [ YYY ]
+
+      BA ::= < Diameter Header: 124 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
diff --git a/lib/diameter/test/diameter_codec_test.erl b/lib/diameter/test/diameter_codec_test.erl
index aab7ab35cc..fbd38067a8 100644
--- a/lib/diameter/test/diameter_codec_test.erl
+++ b/lib/diameter/test/diameter_codec_test.erl
@@ -25,11 +25,14 @@
 %% Test encode/decode of dictionary-related modules.
 %%
 
--include_lib("diameter/include/diameter.hrl").
+-include("diameter.hrl").
 
 -define(BASE, diameter_gen_base_rfc3588).
 -define(BOOL, [true, false]).
 
+-define(A, list_to_atom).
+-define(S, atom_to_list).
+
 %% ===========================================================================
 %% Interface.
 
@@ -42,7 +45,7 @@ gen(Mod) ->
                                                       command_codes,
                                                       avp_types,
                                                       grouped,
-                                                      enums,
+                                                      enum,
                                                       import_avps,
                                                       import_groups,
                                                       import_enums]]).
@@ -133,7 +136,7 @@ types() ->
 
 gen(M, T) ->
     [] = run(lists:map(fun(X) -> {?MODULE, [gen, M, T, X]} end,
-                       fetch(T, M:dict()))).
+                       fetch(T, dict(M)))).
 
 fetch(T, Spec) ->
     case orddict:find(T, Spec) of
@@ -143,6 +146,10 @@ fetch(T, Spec) ->
             []
     end.
 
+gen(M, messages = T, {Name, Code, Flags, ApplId, Avps})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, Flags, ApplId, Avps});
+
 gen(M, messages, {Name, Code, Flags, _, _}) ->
     Rname = M:msg2rec(Name),
     Name = M:rec2msg(Rname),
@@ -156,22 +163,16 @@ gen(M, messages, {Name, Code, Flags, _, _}) ->
            end,
     [] = arity(M, Name, Rname);
 
-gen(M, command_codes = T, {Code, {Req, Abbr}, Ans}) ->
-    Rname = M:msg2rec(Req),
-    Rname = M:msg2rec(Abbr),
-    gen(M, T, {Code, Req, Ans});
-
-gen(M, command_codes = T, {Code, Req, {Ans, Abbr}}) ->
-    Rname = M:msg2rec(Ans),
-    Rname = M:msg2rec(Abbr),
-    gen(M, T, {Code, Req, Ans});
-
 gen(M, command_codes, {Code, Req, Ans}) ->
-    Msgs = orddict:fetch(messages, M:dict()),
+    Msgs = orddict:fetch(messages, dict(M)),
     {_, Code, _, _, _} = lists:keyfind(Req, 1, Msgs),
     {_, Code, _, _, _} = lists:keyfind(Ans, 1, Msgs);
 
-gen(M, avp_types, {Name, Code, Type, _Flags, _Encr}) ->
+gen(M, avp_types = T, {Name, Code, Type, Flags})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, ?A(Type), Flags});
+
+gen(M, avp_types, {Name, Code, Type, _Flags}) ->
     {Code, Flags, VendorId} = M:avp_header(Name),
     0 = Flags band 2#00011111,
     V = undefined /= VendorId,
@@ -181,11 +182,19 @@ gen(M, avp_types, {Name, Code, Type, _Flags, _Encr}) ->
     B = z(B),
     [] = avp_decode(M, Type, Name);
 
+gen(M, grouped = T, {Name, Code, Vid, Avps})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, Vid, Avps});
+
 gen(M, grouped, {Name, _, _, _}) ->
     Rname = M:name2rec(Name),
     [] = arity(M, Name, Rname);
 
-gen(M, enums, {Name, ED}) ->
+gen(M, enum = T, {Name, ED})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), lists:map(fun({E,D}) -> {?A(E), D} end, ED)});
+
+gen(M, enum, {Name, ED}) ->
     [] = run([{?MODULE, [enum, M, Name, T]} || T <- ED]);
 
 gen(M, Tag, {_Mod, L}) ->
@@ -253,17 +262,17 @@ arity(M, Name, AvpName, Rec) ->
 
 %% enum/3
 
-enum(M, Name, {E,_}) ->
+enum(M, Name, {_,E}) ->
     B = <<E:32/integer>>,
     B = M:avp(encode, E, Name),
     E = M:avp(decode, B, Name).
 
 retag(import_avps)   -> avp_types;
 retag(import_groups) -> grouped;
-retag(import_enums)  -> enums;
+retag(import_enums)  -> enum;
 
 retag(avp_types) -> import_avps;
-retag(enums)     -> import_enums.
+retag(enum)     -> import_enums.
 
 %% ===========================================================================
 
@@ -370,8 +379,8 @@ values('Time') ->
 %% wrapped as for values/1.
 
 values('Enumerated', Name, Mod) ->
-    {_Name, Vals} = lists:keyfind(Name, 1, types(enums, Mod)),
-    lists:map(fun({N,_}) -> N end, Vals);
+    {_Name, Vals} = lists:keyfind(?S(Name), 1, types(enum, Mod)),
+    lists:map(fun({_,N}) -> N end, Vals);
 
 values('Grouped', Name, Mod) ->
     Rname = Mod:name2rec(Name),
@@ -400,8 +409,8 @@ values('AVP', _) ->
 
 values(Name, Mod) ->
     Avps = types(avp_types, Mod),
-    {Name, _Code, Type, _Flags, _Encr} = lists:keyfind(Name, 1, Avps),
-    b(values(Type, Name, Mod)).
+    {_Name, _Code, Type, _Flags} = lists:keyfind(?S(Name), 1, Avps),
+    b(values(?A(Type), Name, Mod)).
 
 %% group/5
 %%
@@ -467,7 +476,7 @@ types(T, Mod) ->
     types(T, retag(T), Mod).
 
 types(T, IT, Mod) ->
-    Dict = Mod:dict(),
+    Dict = dict(Mod),
     fetch(T, Dict) ++ lists:flatmap(fun({_,As}) -> As end, fetch(IT, Dict)).
 
 %% random/[12]
@@ -498,3 +507,8 @@ flatten({_, {{badmatch, [{_, {{badmatch, _}, _}} | _] = L}, _}}) ->
     L;
 flatten(T) ->
     [T].
+
+%% dict/1
+
+dict(Mod) ->
+    tl(Mod:dict()).
diff --git a/lib/diameter/test/diameter_compiler_SUITE.erl b/lib/diameter/test/diameter_compiler_SUITE.erl
new file mode 100644
index 0000000000..3b4c9706e0
--- /dev/null
+++ b/lib/diameter/test/diameter_compiler_SUITE.erl
@@ -0,0 +1,489 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Tests of the dictionary file compiler.
+%%
+
+-module(diameter_compiler_SUITE).
+
+-export([suite/0,
+         all/0,
+         init_per_suite/1,
+         end_per_suite/1]).
+
+%% testcases
+-export([format/1,    format/2,
+         replace/1,   replace/2,
+         generate/1,  generate/4,  generate/0,
+         examples/1, examples/0]).
+
+-export([dict/0]).  %% fake dictionary module
+
+-define(base, "base_rfc3588.dia").
+-define(util, diameter_util).
+-define(S, atom_to_list).
+-define(L, integer_to_list).
+
+%% ===========================================================================
+
+%% RE/Replacement (in the sense of re:replace/4) pairs for morphing
+%% base_rfc3588.dia. The key is 'ok' or the the expected error as
+%% returned in the first element of the error tuple returned by
+%% diameter_dict_util:parse/2.
+-define(REPLACE,
+        [{ok,
+          "",
+          ""},
+         {scan,
+          "@id 0",
+          "@id \\&"},
+         {scan,
+          "@name ",
+          "&'"},
+         {parse,
+          "@id 0",
+          "@id @id"},
+         {avp_code_already_defined,
+          "480",
+          "485"},
+         {uint32_out_of_range,
+          "@id 0",
+          "@id 4294967296"},
+         {uint32_out_of_range,
+          "@vendor 0",
+          "@vendor 4294967296"},
+         {uint32_out_of_range,
+          [{"^ *Failed-AVP .*$", "&V"},
+           {"@avp_types", "@avp_vendor_id 4294967296 Failed-AVP\n&"}]},
+         {imported_avp_already_defined,
+          "@avp_types",
+          "@inherits diameter_gen_base_rfc3588 &"},
+         {duplicate_import,
+          [{"@avp_types", "@inherits diameter_gen_base_rfc3588 Class\n&"},
+           {"@avp_types", "@inherits diameter_gen_base_rfc3588\n&"},
+           {"^@avp_types[^@]*", ""},
+           {"^@enum[^&]*", ""}]},
+         {duplicate_section,
+          "@prefix",
+          "@name"},
+         {already_declared,
+          "@enum Termination-Cause",
+          "& XXX 0\n &"},
+         {already_declared,
+          "@define Result-Code",
+          "& XXX 1000 &"},
+         {inherited_avp_already_defined,
+          "@id",
+          "@inherits nomod Origin-Host &"},
+         {avp_already_defined,
+          "@avp_types",
+          "@inherits m XXX\nXXX\n&"},
+         {avp_already_defined,
+          "@avp_types",
+          "@inherits mod1 XXX\n@inherits mod2 XXX\n&"},
+         {key_already_defined,
+          "DIAMETER_SUCCESS",
+          "& 2001\n&"},
+         {messages_without_id,
+          "@id 0",
+          ""},
+         {avp_name_already_defined,
+          "Class",
+          "& 666 Time M\n&"},
+         {avp_has_unknown_type,
+          "Enumerated",
+          "Enum"},
+         {avp_has_invalid_flag,
+          " -",
+          " X"},
+         {avp_has_duplicate_flag,
+          " -",
+          " MM"},
+         {avp_has_vendor_id,
+          "@avp_types",
+          "@avp_vendor_id 667 Class\n&"},
+         {avp_has_no_vendor,
+          [{"^ *Class .*$", "&V"},
+           {"@vendor .*", ""}]},
+         {group_already_defined,
+          "@grouped",
+          "& Failed-AVP ::= < AVP Header: 279 > " "{AVP}\n&"},
+         {grouped_avp_code_mismatch,
+          "(Failed-AVP ::= [^0-9]*27)9",
+          "&8"},
+         {grouped_avp_has_wrong_type,
+          "(Failed-AVP *279 *)Grouped",
+          "\\1Time"},
+         {grouped_avp_not_defined,
+          "Failed-AVP *.*",
+          ""},
+         {grouped_vendor_id_without_flag,
+          "(Failed-AVP .*)>",
+          "\\1 668>"},
+         {grouped_vendor_id_mismatch,
+          [{"(Failed-AVP .*)>", "\\1 17>"},
+           {"^ *Failed-AVP .*$", "&V"},
+           {"@avp_types", "@avp_vendor_id 18 Failed-AVP\n&"}]},
+         {ok,
+          [{"(Failed-AVP .*)>", "\\1 17>"},
+           {"^ *Failed-AVP .*$", "&V"}]},
+         {message_name_already_defined,
+          "CEA ::= .*:",
+          "& 257 > {Result-Code}\n&"},
+         {message_code_already_defined,
+          "CEA( ::= .*)",
+          "XXX\\1 {Result-Code}\n&"},
+         {message_has_duplicate_flag,
+          "(CER ::=.*)>",
+          "\\1, REQ>"},
+         {message_application_id_mismatch,
+         "(CER ::=.*)>",
+          "\\1 1>"},
+         {invalid_avp_order,
+          "CEA ::=",
+          "{Result-Code} &"},
+         {ok,
+          "{ Product-Name",
+          "* &"},
+         {required_avp_has_zero_max_arity,
+          "{ Product-Name",
+          "*0 &"},
+         {required_avp_has_zero_min_arity,
+          "{ Product-Name",
+          "0* &"},
+         {required_avp_has_zero_min_arity,
+          "{ Product-Name",
+          "0*0 &"},
+         {ok,
+          "{ Product-Name",
+          "*1 &"},
+         {ok,
+          "{ Product-Name",
+          "1* &"},
+         {ok,
+          "{ Product-Name",
+          "1*1 &"},
+         {ok,
+          "{ Product-Name",
+          "2* &"},
+         {ok,
+          "{ Product-Name",
+          "*2 &"},
+         {ok,
+          "{ Product-Name",
+          "2*2 &"},
+         {ok,
+          "{ Product-Name",
+          "2*3 &"},
+         {qualifier_has_min_greater_than_max,
+          "{ Product-Name",
+          "3*2 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "* &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0* &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*0 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*0 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*1 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*2 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*1 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "1* &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "1*1 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*2 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2* &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2*2 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2*3 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "3*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "* &"},
+         {ok,
+          "^ *< Session-Id",
+          "*0 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0* &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*0 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "1* &"},
+         {ok,
+          "^ *< Session-Id",
+          "1*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "2* &"},
+         {ok,
+          "^ *< Session-Id",
+          "2*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "2*3 &"},
+         {qualifier_has_min_greater_than_max,
+          "^ *< Session-Id",
+          "3*2 &"},
+         {avp_already_referenced,
+          "CER ::=.*",
+          "& {Origin-Host}"},
+         {message_missing,
+          "CER ::=",
+          "XXR ::= < Diameter-Header: 666, REQ > {Origin-Host} &"},
+         {requested_avp_not_found,
+          [{"@id", "@inherits diameter_gen_base_rfc3588 XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {requested_avp_not_found,
+          [{"@id", "@inherits diameter_gen_base_rfc3588 'X X X' &"},
+           {"CEA ::=", "<'X X X'> &"}]},
+         {enumerated_avp_has_wrong_local_type,
+          "Enumerated",
+          "Time"},
+         {enumerated_avp_not_defined,
+         [{"{ Disconnect-Cause }", ""},
+          {"^ *Disconnect-Cause .*", ""}]},
+         {avp_not_defined,
+          "CEA ::=",
+          "<XXX> &"},
+         {not_loaded,
+          [{"@avp_types", "@inherits nomod XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {recompile,
+          [{"@avp_types", "@inherits " ++ ?S(?MODULE) ++ " XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {no_dict,
+          [{"@avp_types", "@inherits diameter XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {ok,
+          "@avp_types",
+          "@end & bad syntax"},
+         {parse,
+          "@avp_types",
+          "& bad syntax"},
+         {ok,
+          [{"@avp_types", "& 3XXX 666 Time M 'X X X' 667 Time -"},
+           {"^ *Class .*", "@avp_types"},
+           {"^ *Failed-AVP ", "@avp_types &"},
+           {"@grouped", "&&"},
+           {"^ *Failed-AVP ::=", "@grouped &"},
+           {"CEA ::=", "<'Class'> &"},
+           {"@avp_types", "@inherits diameter_gen_base_rfc3588 Class\n&"},
+           {"@avp_types", "@custom_types mymod "
+                              "Product-Name Firmware-Revision\n"
+                          "@codecs mymod "
+                              "Origin-Host Origin-Realm\n&"}]}]).
+
+%% Standard dictionaries in examples/dict.
+-define(EXAMPLES, [rfc4004_mip,
+                   rfc4005_nas,
+                   rfc4006_cc,
+                   rfc4072_eap,
+                   rfc4590_digest,
+                   rfc4740_sip]).
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {seconds, 5}}].
+
+all() ->
+    [format,
+     replace,
+     generate,
+     examples].
+
+%% Error handling testcases will make an erroneous dictionary out of
+%% the base dictionary and check that the expected error results.
+%% ?REPLACE encodes the modifications and expected error.
+init_per_suite(Config) ->
+    Path = filename:join([code:lib_dir(diameter, src), "dict", ?base]),
+    {ok, Bin} = file:read_file(Path),
+    [{base, Bin} | Config].
+
+end_per_suite(_Config) ->
+    ok.
+
+%% ===========================================================================
+%% format/1
+%%
+%% Ensure that parse o format is the identity map.
+
+format(Config) ->
+    Bin = proplists:get_value(base, Config),
+    [] = ?util:run([{?MODULE, [format, M, Bin]}
+                    || E <- ?REPLACE,
+                       {ok, M} <- [norm(E)]]).
+
+format(Mods, Bin) ->
+    B = modify(Bin, Mods),
+    {ok, Dict} = diameter_dict_util:parse(B, []),
+    {ok, D} = diameter_dict_util:parse(diameter_dict_util:format(Dict), []),
+    {Dict, Dict} = {Dict, D}.
+
+%% ===========================================================================
+%% replace/1
+%%
+%% Ensure the expected success/error when parsing a morphed common
+%% dictionary.
+
+replace(Config) ->
+    Bin = proplists:get_value(base, Config),
+    [] = ?util:run([{?MODULE, [replace, N, Bin]}
+                    || E <- ?REPLACE,
+                       N <- [norm(E)]]).
+
+replace({E, Mods}, Bin) ->
+    B = modify(Bin, Mods),
+    case {E, diameter_dict_util:parse(B, [{include, here()}]), Mods} of
+        {ok, {ok, Dict}, _} ->
+            Dict;
+        {_, {error, {E,_} = T}, _} ->
+            S = diameter_dict_util:format_error(T),
+            true = nochar($", S, E),
+            true = nochar($', S, E),
+            S
+    end.
+
+re({RE, Repl}, Bin) ->
+    re:replace(Bin, RE, Repl, [multiline]).
+
+%% ===========================================================================
+%% generate/1
+%%
+%% Ensure success when generating code and compiling.
+
+generate() ->
+    [{timetrap, {seconds, 2*length(?REPLACE)}}].
+
+generate(Config) ->
+    Bin = proplists:get_value(base, Config),
+    Rs  = lists:zip(?REPLACE, lists:seq(1, length(?REPLACE))),
+    [] = ?util:run([{?MODULE, [generate, M, Bin, N, T]}
+                    || {E,N} <- Rs,
+                       {ok, M} <- [norm(E)],
+                       T <- [erl, hrl, spec]]).
+
+generate(Mods, Bin, N, Mode) ->
+    B = modify(Bin, Mods ++ [{"@name .*", "@name dict" ++ ?L(N)}]),
+    {ok, Dict} = diameter_dict_util:parse(B, []),
+    File = "dict" ++ integer_to_list(N),
+    {_, ok} = {Dict, diameter_codegen:from_dict("dict",
+                                                Dict,
+                                                [{name, File},
+                                                 {prefix, "base"},
+                                                 debug],
+                                                Mode)},
+    Mode == erl
+        andalso ({ok, _} = compile:file(File ++ ".erl", [return_errors])).
+
+%% ===========================================================================
+%% examples/1
+%%
+%% Compile dictionaries extracted from various standards.
+
+examples() ->
+    [{timetrap, {seconds, 3*length(?EXAMPLES)}}].
+
+examples(_Config) ->
+    Dir = filename:join([code:lib_dir(diameter, examples), "dict"]),
+    [D || D <- ?EXAMPLES, _ <- [examples(?S(D), Dir)]].
+
+examples(Dict, Dir) ->
+    {Name, Pre} = make_name(Dict),
+    ok = diameter_make:codec(filename:join([Dir, Dict ++ ".dia"]),
+                             [{name, Name},
+                              {prefix, Pre},
+                              inherits("rfc3588_base")
+                              | opts(Dict)]),
+    {ok, _, _} = compile:file(Name ++ ".erl", [return]).
+
+opts(M)
+  when M == "rfc4006_cc";
+       M == "rfc4072_eap" ->
+    [inherits("rfc4005_nas")];
+opts("rfc4740_sip") ->
+    [inherits("rfc4590_digest")];
+opts(_) ->
+    [].
+
+inherits(File) ->
+    {Name, _} = make_name(File),
+    {inherits, File ++ "/" ++ Name}.
+
+make_name(File) ->
+    {R, [$_|N]} = lists:splitwith(fun(C) -> C /= $_ end, File),
+    {string:join(["diameter_gen", N, R], "_"), "diameter_" ++ N}.
+
+%% ===========================================================================
+
+modify(Bin, Mods) ->
+    lists:foldl(fun re/2, Bin, Mods).
+
+norm({E, RE, Repl}) ->
+    {E, [{RE, Repl}]};
+norm({_,_} = T) ->
+    T.
+
+nochar(Char, Str, Err) ->
+    Err == parse orelse not lists:member(Char, Str) orelse Str.
+
+here() ->
+    filename:dirname(code:which(?MODULE)).
+
+dict() ->
+    [0 | orddict:new()].
diff --git a/lib/diameter/test/diameter_dict_SUITE.erl b/lib/diameter/test/diameter_dict_SUITE.erl
index 87bb9727fe..5cf8506d3f 100644
--- a/lib/diameter/test/diameter_dict_SUITE.erl
+++ b/lib/diameter/test/diameter_dict_SUITE.erl
@@ -25,9 +25,7 @@
 
 -export([suite/0,
          all/0,
-         groups/0,
-         init_per_group/2,
-         end_per_group/2]).
+         groups/0]).
 
 %% testcases
 -export([append/1,
@@ -53,10 +51,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [append,
@@ -71,12 +70,6 @@ tc() ->
      update,
      update_counter].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 %% ===========================================================================
 
 -define(KV100, [{N,[N]} || N <- lists:seq(1,100)]).
diff --git a/lib/diameter/test/diameter_failover_SUITE.erl b/lib/diameter/test/diameter_failover_SUITE.erl
new file mode 100644
index 0000000000..53398dd93e
--- /dev/null
+++ b/lib/diameter/test/diameter_failover_SUITE.erl
@@ -0,0 +1,237 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Tests of traffic between six Diameter nodes in three realms,
+%% connected as follows.
+%%
+%%                  ----- SERVER1.REALM2
+%%                /
+%%               /  ----- SERVER2.REALM2
+%%              | /
+%%   CLIENT.REALM1 ------ SERVER3.REALM2
+%%              | \
+%%              |  \
+%%               \   ---- SERVER1.REALM3
+%%                \
+%%                  ----- SERVER2.REALM3
+%%
+
+-module(diameter_failover_SUITE).
+
+-export([suite/0,
+         all/0]).
+
+%% testcases
+-export([start/1,
+         start_services/1,
+         connect/1,
+         send_ok/1,
+         send_nok/1,
+         stop_services/1,
+         stop/1]).
+
+%% diameter callbacks
+-export([pick_peer/4,
+         prepare_request/3,
+         handle_answer/4,
+         handle_request/3]).
+
+-include("diameter.hrl").
+-include("diameter_gen_base_rfc3588.hrl").
+
+%% ===========================================================================
+
+-define(util, diameter_util).
+
+-define(ADDR, {127,0,0,1}).
+
+-define(CLIENT,  "CLIENT.REALM1").
+-define(SERVER1, "SERVER1.REALM2").
+-define(SERVER2, "SERVER2.REALM2").
+-define(SERVER3, "SERVER3.REALM2").
+-define(SERVER4, "SERVER1.REALM3").
+-define(SERVER5, "SERVER2.REALM3").
+
+-define(SERVICES, [?CLIENT, ?SERVER1, ?SERVER2, ?SERVER3, ?SERVER4, ?SERVER5]).
+
+-define(DICT_COMMON,  ?DIAMETER_DICT_COMMON).
+
+-define(APP_ALIAS, the_app).
+-define(APP_ID, ?DICT_COMMON:id()).
+
+%% Config for diameter:start_service/2.
+-define(SERVICE(Host, Dict),
+        [{'Origin-Host', Host},
+         {'Origin-Realm', realm(Host)},
+         {'Host-IP-Address', [?ADDR]},
+         {'Vendor-Id', 12345},
+         {'Product-Name', "OTP/diameter"},
+         {'Acct-Application-Id', [Dict:id()]},
+         {application, [{alias, ?APP_ALIAS},
+                        {dictionary, Dict},
+                        {module, #diameter_callback
+                                  {peer_up = false,
+                                   peer_down = false,
+                                   handle_error = false,
+                                   prepare_retransmit = false,
+                                   default = ?MODULE}},
+                        {answer_errors, callback}]}]).
+
+-define(SUCCESS, 2001).
+
+-define(LOGOUT, ?'DIAMETER_BASE_TERMINATION-CAUSE_DIAMETER_LOGOUT').
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {seconds, 10}}].
+
+all() ->
+    [start,
+     start_services,
+     connect,
+     send_ok,
+     send_nok,
+     stop_services,
+     stop].
+
+%% ===========================================================================
+%% start/stop testcases
+
+start(_Config) ->
+    ok = diameter:start().
+
+start_services(_Config) ->
+    S = [server(N, ?DICT_COMMON) || N <- tl(?SERVICES)],
+
+    ok = diameter:start_service(?CLIENT, ?SERVICE(?CLIENT, ?DICT_COMMON)),
+
+    {save_config, [{?CLIENT, S}]}.
+
+connect(Config) ->
+    {_, Conns} = proplists:get_value(saved_config, Config),
+
+    lists:foreach(fun({CN,Ss}) -> connect(CN, Ss) end, Conns).
+
+stop_services(_Config) ->
+    [] = [{H,T} || H <- ?SERVICES,
+                   T <- [diameter:stop_service(H)],
+                   T /= ok].
+
+stop(_Config) ->
+    ok = diameter:stop().
+
+%% ----------------------------------------
+
+server(Name, Dict) ->
+    ok = diameter:start_service(Name, ?SERVICE(Name, Dict)),
+    {Name, ?util:listen(Name, tcp)}.
+
+connect(Name, Refs) ->
+    [{{Name, ?util:connect(Name, tcp, LRef)}, T} || {_, LRef} = T <- Refs].
+
+%% ===========================================================================
+%% traffic testcases
+
+%% Send an STR and expect success after SERVER3 answers after a couple
+%% of failovers.
+send_ok(_Config) ->
+    Req = ['STR', {'Destination-Realm', realm(?SERVER1)},
+                  {'Termination-Cause', ?LOGOUT},
+                  {'Auth-Application-Id', ?APP_ID}],
+    #diameter_base_STA{'Result-Code' = ?SUCCESS,
+                       'Origin-Host' = ?SERVER3}
+        = call(Req, [{filter, realm}]).
+
+%% Send an STR and expect failure when both servers fail.
+send_nok(_Config) ->
+    Req = ['STR', {'Destination-Realm', realm(?SERVER4)},
+                  {'Termination-Cause', ?LOGOUT},
+                  {'Auth-Application-Id', ?APP_ID}],
+    {error, failover} = call(Req, [{filter, realm}]).
+
+%% ===========================================================================
+
+realm(Host) ->
+    tl(lists:dropwhile(fun(C) -> C /= $. end, Host)).
+
+call(Req, Opts) ->
+    diameter:call(?CLIENT, ?APP_ALIAS, Req, Opts).
+
+set([H|T], Vs) ->
+    [H | Vs ++ T].
+
+%% ===========================================================================
+%% diameter callbacks
+
+%% pick_peer/4
+
+%% Choose a server other than SERVER3 or SERVER5 if possible.
+pick_peer(Peers, _, ?CLIENT, _State) ->
+    case lists:partition(fun({_, #diameter_caps{origin_host = {_, OH}}}) ->
+                                 OH /= ?SERVER3 andalso OH /= ?SERVER5
+                         end,
+                         Peers)
+    of
+        {[], [Peer]} ->
+            {ok, Peer};
+        {[Peer | _], _} ->
+            {ok, Peer}
+    end.
+
+%% prepare_request/3
+
+prepare_request(Pkt, ?CLIENT, {_Ref, Caps}) ->
+    {send, prepare(Pkt, Caps)}.
+
+prepare(#diameter_packet{msg = Req}, Caps) ->
+    #diameter_caps{origin_host  = {OH, _},
+                   origin_realm = {OR, _}}
+        = Caps,
+    set(Req, [{'Session-Id', diameter:session_id(OH)},
+              {'Origin-Host',  OH},
+              {'Origin-Realm', OR}]).
+
+%% handle_answer/4
+
+handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
+    #diameter_packet{msg = Rec, errors = []} = Pkt,
+    Rec.
+
+%% handle_request/3
+
+%% Only SERVER3 actually answers.
+handle_request(Pkt, ?SERVER3, {_, Caps}) ->
+    #diameter_packet{msg = #diameter_base_STR{'Session-Id' = SId,
+                                              'Origin-Host' = ?CLIENT}}
+        = Pkt,
+    #diameter_caps{origin_host  = {OH, _},
+                   origin_realm = {OR, _}}
+        = Caps,
+
+    {reply, #diameter_base_STA{'Result-Code' = ?SUCCESS,
+                               'Session-Id' = SId,
+                               'Origin-Host' = OH,
+                               'Origin-Realm' = OR}};
+
+%% Others kill the transport to force failover.
+handle_request(_, _, {TPid, _}) ->
+    exit(TPid, kill),
+    discard.
diff --git a/lib/diameter/test/diameter_gen_sctp_SUITE.erl b/lib/diameter/test/diameter_gen_sctp_SUITE.erl
new file mode 100644
index 0000000000..7f435a6b7a
--- /dev/null
+++ b/lib/diameter/test/diameter_gen_sctp_SUITE.erl
@@ -0,0 +1,354 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Some gen_sctp-specific tests demonstrating problems that were
+%% encountered during diameter development but have nothing
+%% specifically to do with diameter. At least one of them can cause
+%% diameter_transport_SUITE testcases to fail.
+%%
+
+-module(diameter_gen_sctp_SUITE).
+
+-export([suite/0,
+         all/0,
+         init_per_suite/1,
+         end_per_suite/1]).
+
+%% testcases
+-export([send_not_from_controlling_process/1,
+         send_from_multiple_clients/1,
+         receive_what_was_sent/1]).
+
+-include_lib("kernel/include/inet_sctp.hrl").
+
+%% Message from gen_sctp are of this form.
+-define(SCTP(Sock, Data), {sctp, Sock, _, _, Data}).
+
+%% Open sockets on the loopback address.
+-define(ADDR, {127,0,0,1}).
+
+%% Snooze, nap, siesta.
+-define(SLEEP(T), receive after T -> ok end).
+
+%% An indescribably long number of milliseconds after which everthing
+%% that should have happened has.
+-define(FOREVER, 2000).
+
+%% The first byte in each message we send as a simple guard against
+%% not receiving what was sent.
+-define(MAGIC, 42).
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {minutes, 2}}].
+
+all() ->
+    [send_not_from_controlling_process,
+     send_from_multiple_clients,
+     receive_what_was_sent].
+
+init_per_suite(Config) ->
+    case gen_sctp:open() of
+        {ok, Sock} ->
+            gen_sctp:close(Sock),
+            Config;
+        {error, E} when E == eprotonosupport;
+                        E == esocktnosupport ->
+            {skip, no_sctp}
+    end.
+
+end_per_suite(_Config) ->
+    ok.
+
+%% ===========================================================================
+
+%% send_not_from_controlling_process/1
+%%
+%% This testcase failing shows gen_sctp:send/4 hanging when called
+%% outside the controlling process of the socket in question.
+
+send_not_from_controlling_process(_) ->
+    Pids = send_not_from_controlling_process(),
+    ?SLEEP(?FOREVER),
+    try
+        [] = [{P,I} || P <- Pids, I <- [process_info(P)], I /= undefined]
+    after
+        lists:foreach(fun(P) -> exit(P, kill) end, Pids)
+    end.
+
+%% send_not_from_controlling_process/0
+%%
+%% Returns the pids of three spawned processes: a listening process, a
+%% connecting process and a sending process.
+%%
+%% The expected behaviour is that all three processes exit:
+%%
+%% - The listening process exits upon receiving an SCTP message
+%%   sent by the sending process.
+%% - The connecting process exits upon listening process exit.
+%% - The sending process exits upon gen_sctp:send/4 return.
+%%
+%% The observed behaviour is that all three processes remain alive
+%% indefinitely:
+%%
+%% - The listening process never receives the SCTP message sent
+%%   by the sending process.
+%% - The connecting process has an inet_reply message in its mailbox
+%%   as a consequence of the call to gen_sctp:send/4 call from the
+%%   sending process.
+%% - The call to gen_sctp:send/4 in the sending process doesn't return,
+%%   hanging in prim_inet:getopts/2.
+
+send_not_from_controlling_process() ->
+    FPid = self(),
+    {L, MRef} = spawn_monitor(fun() -> listen(FPid) end),%% listening process
+    receive
+        {?MODULE, C, S} ->
+            erlang:demonitor(MRef, [flush]),
+            [L,C,S];
+        {'DOWN', MRef, process, _, _} = T ->
+            error(T)
+    end.
+
+%% listen/1
+
+listen(FPid) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:listen(Sock, true),
+    {ok, PortNr} = inet:port(Sock),
+    LPid = self(),
+    spawn(fun() -> connect1(PortNr, FPid, LPid) end), %% connecting process
+    Id = assoc(Sock),
+    ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], _Bin})
+        = recv(). %% Waits with this as current_function.
+
+%% recv/0
+
+recv() ->
+    receive T -> T end.
+
+%% connect1/3
+
+connect1(PortNr, FPid, LPid) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:connect_init(Sock, ?ADDR, PortNr, []),
+    Id = assoc(Sock),
+    FPid ! {?MODULE,
+            self(),
+            spawn(fun() -> send(Sock, Id) end)}, %% sending process
+    MRef = erlang:monitor(process, LPid),
+    down(MRef).  %% Waits with this as current_function.
+
+%% down/1
+
+down(MRef) ->
+    receive {'DOWN', MRef, process, _, Reason} -> Reason end.
+
+%% send/2
+
+send(Sock, Id) ->
+    ok = gen_sctp:send(Sock, Id, 0, <<0:32>>).
+
+%% ===========================================================================
+
+%% send_from_multiple_clients/0
+%%
+%% Demonstrates sluggish delivery of messages.
+
+send_from_multiple_clients(_) ->
+    {S, Rs} = T = send_from_multiple_clients(8, 1024),
+    {false, [], _} = {?FOREVER < S,
+                      Rs -- [OI || {O,_} = OI <- Rs, is_integer(O)],
+                      T}.
+
+%% send_from_multiple_clients/2
+%%
+%% Opens a listening socket and then spawns a specified number of
+%% processes, each of which connects to the listening socket. Each
+%% connecting process then sends a message, whose size in bytes is
+%% passed as an argument, the listening process sends a reply
+%% containing the time at which the message was received, and the
+%% connecting process then exits upon reception of this reply.
+%%
+%% Returns the elapsed time for all connecting process to exit
+%% together with a list of exit reasons for the connecting processes.
+%% In the successful case a connecting process exits with the
+%% outbound/inbound transit times for the sent/received message as
+%% reason.
+%%
+%% The observed behaviour is that some outbound messages (that is,
+%% from a connecting process to the listening process) can take an
+%% unexpectedly long time to complete their journey. The more
+%% connecting processes, the longer the possible delay it seems.
+%%
+%% eg. (With F = fun send_from_multiple_clients/2.)
+%%
+%%     5> F(2, 1024).
+%%     {875,[{128,116},{113,139}]}
+%%     6> F(4, 1024).
+%%     {2995290,[{2994022,250},{2994071,80},{200,130},{211,113}]}
+%%     7> F(8, 1024).
+%%     {8997461,[{8996161,116},
+%%               {2996471,86},
+%%               {2996278,116},
+%%               {2996360,95},
+%%               {246,112},
+%%               {213,159},
+%%               {373,173},
+%%               {376,118}]}
+%%     8> F(8, 1024).
+%%     {21001891,[{20999968,128},
+%%                {8997891,172},
+%%                {8997927,91},
+%%                {2995716,164},
+%%                {2995860,87},
+%%                {134,100},
+%%                {117,98},
+%%                {149,125}]}
+
+send_from_multiple_clients(N, Sz)
+  when is_integer(N), 0 < N, is_integer(Sz), 0 < Sz ->
+    timer:tc(fun listen/2, [N, <<?MAGIC, 0:Sz/unit:8>>]).
+
+%% listen/2
+
+listen(N, Bin) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:listen(Sock, true),
+    {ok, PortNr} = inet:port(Sock),
+
+    %% Spawn a middleman that in turn spawns N connecting processes,
+    %% collects a list of exit reasons and then exits with the list as
+    %% reason. loop/3 returns when we receive this list from the
+    %% middleman's 'DOWN'.
+
+    Self = self(),
+    Fun = fun() -> exit(connect2(Self, PortNr, Bin)) end,
+    {_, MRef} = spawn_monitor(fun() -> exit(fold(N, Fun)) end),
+    loop(Sock, MRef, Bin).
+
+%% fold/2
+%%
+%% Spawn N processes and collect their exit reasons in a list.
+
+fold(N, Fun) ->
+    start(N, Fun),
+    acc(N, []).
+
+start(0, _) ->
+    ok;
+start(N, Fun) ->
+    spawn_monitor(Fun),
+    start(N-1, Fun).
+
+acc(0, Acc) ->
+    Acc;
+acc(N, Acc) ->
+    receive
+        {'DOWN', _MRef, process, _, RC} ->
+            acc(N-1, [RC | Acc])
+    end.
+
+%% loop/3
+
+loop(Sock, MRef, Bin) ->
+    receive
+        ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], B}) ->
+            Sz = size(Bin),
+            {Sz, Bin} = {size(B), B},  %% assert
+            ok = send(Sock, Id, mark(Bin)),
+            loop(Sock, MRef, Bin);
+        ?SCTP(Sock, _) ->
+            loop(Sock, MRef, Bin);
+        {'DOWN', MRef, process, _, Reason} ->
+            Reason
+    end.
+
+%% connect2/3
+
+connect2(Pid, PortNr, Bin) ->
+    erlang:monitor(process, Pid),
+
+    {ok, Sock} = open(),
+    ok = gen_sctp:connect_init(Sock, ?ADDR, PortNr, []),
+    Id = assoc(Sock),
+
+    %% T1 = time before send
+    %% T2 = time after listening process received our message
+    %% T3 = time after reply is received
+
+    T1 = now(),
+    ok = send(Sock, Id, Bin),
+    T2 = unmark(recv(Sock, Id)),
+    T3 = now(),
+    {timer:now_diff(T2, T1), timer:now_diff(T3, T2)}. %% {Outbound, Inbound}
+
+%% recv/2
+
+recv(Sock, Id) ->
+    receive
+        ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], Bin}) ->
+            Bin;
+        T ->  %% eg. 'DOWN'
+            exit(T)
+    end.
+
+%% send/3
+
+send(Sock, Id, Bin) ->
+    gen_sctp:send(Sock, Id, 0, Bin).
+
+%% mark/1
+
+mark(Bin) ->
+    Info = term_to_binary(now()),
+    <<Info/binary, Bin/binary>>.
+
+%% unmark/1
+
+unmark(Bin) ->
+    {_,_,_} = binary_to_term(Bin).
+
+%% ===========================================================================
+
+%% receive_what_was_sent/1
+%%
+%% Demonstrates reception of a message that differs from that sent.
+
+receive_what_was_sent(_Config) ->
+    send_from_multiple_clients(1, 1024*32).  %% fails
+
+%% ===========================================================================
+
+%% open/0
+
+open() ->
+    gen_sctp:open([{ip, ?ADDR}, {port, 0}, {active, true}, binary]).
+
+%% assoc/1
+
+assoc(Sock) ->
+    receive
+        ?SCTP(Sock, {[], #sctp_assoc_change{state = S,
+                                            assoc_id = Id}}) ->
+            comm_up = S,  %% assert
+            Id
+    end.
diff --git a/lib/diameter/test/diameter_reg_SUITE.erl b/lib/diameter/test/diameter_reg_SUITE.erl
index ade824c9dd..ec6a0ca731 100644
--- a/lib/diameter/test/diameter_reg_SUITE.erl
+++ b/lib/diameter/test/diameter_reg_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -48,10 +46,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [add,
@@ -61,12 +60,6 @@ tc() ->
      terms,
      pids].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_relay_SUITE.erl b/lib/diameter/test/diameter_relay_SUITE.erl
index d3d1fe690a..70e1866791 100644
--- a/lib/diameter/test/diameter_relay_SUITE.erl
+++ b/lib/diameter/test/diameter_relay_SUITE.erl
@@ -35,44 +35,37 @@
 
 -export([suite/0,
          all/0,
-         groups/0,
-         init_per_group/2,
-         end_per_group/2,
-         init_per_suite/1,
-         end_per_suite/1]).
+         groups/0]).
 
 %% testcases
--export([send1/1,
+-export([start/1,
+         start_services/1,
+         connect/1,
+         send1/1,
          send2/1,
          send3/1,
          send4/1,
          send_loop/1,
          send_timeout_1/1,
          send_timeout_2/1,
-         remove_transports/1,
-         stop_services/1]).
+         disconnect/1,
+         stop_services/1,
+         stop/1]).
 
 %% diameter callbacks
--export([peer_up/3,
-         peer_down/3,
-         pick_peer/4,
+-export([pick_peer/4,
          prepare_request/3,
          prepare_retransmit/3,
          handle_answer/4,
-         handle_error/4,
          handle_request/3]).
 
--ifdef(DIAMETER_CT).
+-include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--else.
--include_lib("diameter/include/diameter_gen_base_rfc3588.hrl").
--endif.
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
+-define(util, diameter_util).
+
 -define(ADDR, {127,0,0,1}).
 
 -define(CLIENT,  "CLIENT.REALM1").
@@ -83,6 +76,10 @@
 -define(SERVER3, "SERVER1.REALM3").
 -define(SERVER4, "SERVER2.REALM3").
 
+-define(SERVICES, [?CLIENT,
+                   ?RELAY1, ?RELAY2,
+                   ?SERVER1, ?SERVER2, ?SERVER3, ?SERVER4]).
+
 -define(DICT_COMMON,  ?DIAMETER_DICT_COMMON).
 -define(DICT_RELAY,   ?DIAMETER_DICT_RELAY).
 
@@ -99,22 +96,12 @@
          {'Acct-Application-Id', [Dict:id()]},
          {application, [{alias, ?APP_ALIAS},
                         {dictionary, Dict},
-                        {module, ?MODULE},
+                        {module, #diameter_callback{peer_up = false,
+                                                    peer_down = false,
+                                                    handle_error = false,
+                                                    default = ?MODULE}},
                         {answer_errors, callback}]}]).
 
-%% Config for diameter:add_transport/2. In the listening case, listen
-%% on a free port that we then lookup using the implementation detail
-%% that diameter_tcp registers the port with diameter_reg.
--define(CONNECT(PortNr),
-        {connect, [{transport_module, diameter_tcp},
-                   {transport_config, [{raddr, ?ADDR},
-                                       {rport, PortNr},
-                                       {ip, ?ADDR},
-                                       {port, 0}]}]}).
--define(LISTEN,
-        {listen, [{transport_module, diameter_tcp},
-                  {transport_config, [{ip, ?ADDR}, {port, 0}]}]}).
-
 -define(SUCCESS, 2001).
 -define(LOOP_DETECTED, 3005).
 -define(UNABLE_TO_DELIVER, 3002).
@@ -122,55 +109,25 @@
 -define(LOGOUT, ?'DIAMETER_BASE_TERMINATION-CAUSE_DIAMETER_LOGOUT').
 -define(AUTHORIZE_ONLY, ?'DIAMETER_BASE_RE-AUTH-REQUEST-TYPE_AUTHORIZE_ONLY').
 
--define(A, list_to_atom).
--define(L, atom_to_list).
-
 %% ===========================================================================
 
 suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, N} || {N, _, _} <- groups()]
-        ++ [remove_transports, stop_services].
+    [start,
+     start_services,
+     connect,
+     {group, all},
+     {group, all, [parallel]},
+     disconnect,
+     stop_services,
+     stop].
 
 groups() ->
-    Ts = tc(),
-    [{all, [], Ts},
-     {p, [parallel], Ts}].
-
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
-init_per_suite(Config) ->
-    ok = diameter:start(),
-    [S1,S2,S3,S4] = S = [server(N, ?DICT_COMMON) || N <- [?SERVER1,
-                                                          ?SERVER2,
-                                                          ?SERVER3,
-                                                          ?SERVER4]],
-    [R1,R2] = R = [server(N, ?DICT_RELAY) || N <- [?RELAY1, ?RELAY2]],
-    
-    ok = diameter:start_service(?CLIENT, ?SERVICE(?CLIENT, ?DICT_COMMON)),
+    [{all, [], tc()}].
 
-    true = diameter:subscribe(?RELAY1),
-    true = diameter:subscribe(?RELAY2),
-    true = diameter:subscribe(?CLIENT),
-
-    [C1,C2] = connect(?RELAY1, [S1,S2]),
-    [C3,C4] = connect(?RELAY2, [S3,S4]),
-    [C5,C6] = connect(?CLIENT, [R1,R2]),
-
-    C7 = connect(?RELAY1, R2),
-
-    [{transports, {S, R, [C1,C2,C3,C4,C5,C6,C7]}} | Config].
-
-end_per_suite(_Config) ->
-    ok = diameter:stop().
-
-%% Testcases to run when services are started and connections
+%% Traffic cases run when services are started and connections
 %% established.
 tc() ->
     [send1,
@@ -181,43 +138,56 @@ tc() ->
      send_timeout_1,
      send_timeout_2].
 
-server(Host, Dict) ->
-    ok = diameter:start_service(Host, ?SERVICE(Host, Dict)),
-    {ok, LRef} = diameter:add_transport(Host, ?LISTEN),
-    {LRef, portnr(LRef)}.
-
-connect(Host, {_LRef, PortNr}) ->
-    {ok, Ref} = diameter:add_transport(Host, ?CONNECT(PortNr)),
-    ok = receive
-             #diameter_event{service = Host,
-                             info = {up, Ref, _, _, #diameter_packet{}}} ->
-                 ok
-         after 2000 ->
-                 false
-         end,
-    Ref;
-connect(Host, Ports) ->
-    [connect(Host, P) || P <- Ports].
-
-portnr(LRef) ->
-    portnr(LRef, 20).
-
-portnr(LRef, N)
-  when 0 < N ->
-    case diameter_reg:match({diameter_tcp, listener, {LRef, '_'}}) of
-        [{T, _Pid}] ->
-            {_, _, {LRef, {_Addr, LSock}}} = T,
-            {ok, PortNr} = inet:port(LSock),
-            PortNr;
-        [] ->
-            receive after 50 -> ok end,
-            portnr(LRef, N-1)
-    end.
+%% ===========================================================================
+%% start/stop testcases
 
-realm(Host) ->
-    tl(lists:dropwhile(fun(C) -> C /= $. end, Host)).
+start(_Config) ->
+    ok = diameter:start().
+
+start_services(_Config) ->
+    [S1,S2,S3,S4] = [server(N, ?DICT_COMMON) || N <- [?SERVER1,
+                                                      ?SERVER2,
+                                                      ?SERVER3,
+                                                      ?SERVER4]],
+    [R1,R2] = [server(N, ?DICT_RELAY) || N <- [?RELAY1, ?RELAY2]],
+
+    ok = diameter:start_service(?CLIENT, ?SERVICE(?CLIENT, ?DICT_COMMON)),
+
+    {save_config, [{?RELAY1, [S1,S2,R2]},
+                   {?RELAY2, [S3,S4]},
+                   {?CLIENT, [R1,R2]}]}.
+
+connect(Config) ->
+    {_, Conns} = proplists:get_value(saved_config, Config),
+
+    ?util:write_priv(Config,
+                     "cfg",
+                     lists:flatmap(fun({CN,Ss}) -> connect(CN, Ss) end,
+                                   Conns)).
+
+disconnect(Config) ->
+    lists:foreach(fun({{CN,CR},{SN,SR}}) -> ?util:disconnect(CN,CR,SN,SR) end,
+                  ?util:read_priv(Config, "cfg")).
+
+stop_services(_Config) ->
+    [] = [{H,T} || H <- ?SERVICES,
+                   T <- [diameter:stop_service(H)],
+                   T /= ok].
+
+stop(_Config) ->
+    ok = diameter:stop().
+
+%% ----------------------------------------
+
+server(Name, Dict) ->
+    ok = diameter:start_service(Name, ?SERVICE(Name, Dict)),
+    {Name, ?util:listen(Name, tcp)}.
+
+connect(Name, Refs) ->
+    [{{Name, ?util:connect(Name, tcp, LRef)}, T} || {_, LRef} = T <- Refs].
 
 %% ===========================================================================
+%% traffic testcases
 
 %% Send an STR intended for a specific server and expect success.
 send1(_Config) ->
@@ -254,40 +224,11 @@ send_timeout(Tmo) ->
                   {'Re-Auth-Request-Type', ?AUTHORIZE_ONLY}],
     call(Req, [{filter, realm}, {timeout, Tmo}]).
 
-%% Remove the client transports and expect the corresponding server
-%% transport to go down.
-remove_transports(Config) ->
-    {[S1,S2,S3,S4], [R1,R2], [C1,C2,C3,C4,C5,C6,C7]}
-        = proplists:get_value(transports, Config),
-
-    true = diameter:subscribe(?SERVER1),
-    true = diameter:subscribe(?SERVER2),
-    true = diameter:subscribe(?SERVER3),
-    true = diameter:subscribe(?SERVER4),
-    true = diameter:subscribe(?RELAY1),
-    true = diameter:subscribe(?RELAY2),
-
-    disconnect(S1, ?RELAY1, C1),
-    disconnect(S2, ?RELAY1, C2),
-    disconnect(S3, ?RELAY2, C3),
-    disconnect(S4, ?RELAY2, C4),
-    disconnect(R1, ?CLIENT, C5),
-    disconnect(R2, ?CLIENT, C6),
-    disconnect(R2, ?RELAY1, C7).
-
-disconnect({LRef, _PortNr}, Client, CRef) ->
-    ok = diameter:remove_transport(Client, CRef),
-    ok = receive #diameter_event{info = {down, LRef, _, _}} -> ok
-         after 2000 -> false
-         end.
-
-stop_services(_Config) ->
-    S = [?CLIENT, ?RELAY1, ?RELAY2, ?SERVER1, ?SERVER2, ?SERVER3, ?SERVER4],
-    Ok = [ok || _ <- S],
-    Ok = [diameter:stop_service(H) || H <- S].
-
 %% ===========================================================================
 
+realm(Host) ->
+    tl(lists:dropwhile(fun(C) -> C /= $. end, Host)).
+
 call(Server) ->
     Realm = realm(Server),
     Req = ['STR', {'Destination-Realm', Realm},
@@ -301,29 +242,19 @@ call(Server) ->
 
 call(Req, Opts) ->
     diameter:call(?CLIENT, ?APP_ALIAS, Req, Opts).
-    
+
 set([H|T], Vs) ->
     [H | Vs ++ T].
 
 %% ===========================================================================
 %% diameter callbacks
 
-%% peer_up/3
-
-peer_up(_SvcName, _Peer, State) ->
-    State.
-
-%% peer_down/3
-
-peer_down(_SvcName, _Peer, State) ->
-    State.
-
 %% pick_peer/4
 
 pick_peer([Peer | _], _, Svc, _State)
   when Svc == ?RELAY1;
        Svc == ?RELAY2;
-       Svc == ?CLIENT->
+       Svc == ?CLIENT ->
     {ok, Peer}.
 
 %% prepare_request/3
@@ -361,11 +292,6 @@ handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
     #diameter_packet{msg = Rec, errors = []} = Pkt,
     Rec.
 
-%% handle_error/4
-
-handle_error(Reason, _Req, _Svc, _Peer) ->
-    {error, Reason}.
-
 %% handle_request/3
 
 handle_request(Pkt, OH, {_Ref, #diameter_caps{origin_host = {OH,_}} = Caps})
diff --git a/lib/diameter/test/diameter_stats_SUITE.erl b/lib/diameter/test/diameter_stats_SUITE.erl
index e50a0050a6..e7807fd360 100644
--- a/lib/diameter/test/diameter_stats_SUITE.erl
+++ b/lib/diameter/test/diameter_stats_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -44,21 +42,16 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [an,
      twa].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_sync_SUITE.erl b/lib/diameter/test/diameter_sync_SUITE.erl
index 84f77b6066..ab629fb1c1 100644
--- a/lib/diameter/test/diameter_sync_SUITE.erl
+++ b/lib/diameter/test/diameter_sync_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -48,10 +46,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [call,
@@ -59,12 +58,6 @@ tc() ->
      timeout,
      flush].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_tls_SUITE.erl b/lib/diameter/test/diameter_tls_SUITE.erl
new file mode 100644
index 0000000000..85b953dc1a
--- /dev/null
+++ b/lib/diameter/test/diameter_tls_SUITE.erl
@@ -0,0 +1,385 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Tests of traffic between six Diameter nodes connected as follows.
+%%
+%%                  ---- SERVER.REALM1  (TLS after capabilities exchange)
+%%                /
+%%               /  ---- SERVER.REALM2  (ditto)
+%%              | /
+%%   CLIENT.REALM0 ----- SERVER.REALM3  (no security)
+%%              | \
+%%               \  ---- SERVER.REALM4  (TLS at connection establishment)
+%%                \
+%%                  ---- SERVER.REALM5  (ditto)
+%%
+
+-module(diameter_tls_SUITE).
+
+-export([suite/0,
+         all/0,
+         groups/0,
+         init_per_suite/1,
+         end_per_suite/1]).
+
+%% testcases
+-export([start_ssl/1,
+         start_diameter/1,
+         make_certs/1, make_certs/0,
+         start_services/1,
+         add_transports/1,
+         send1/1,
+         send2/1,
+         send3/1,
+         send4/1,
+         send5/1,
+         remove_transports/1,
+         stop_services/1,
+         stop_diameter/1,
+         stop_ssl/1]).
+
+%% diameter callbacks
+-export([prepare_request/3,
+         prepare_retransmit/3,
+         handle_answer/4,
+         handle_request/3]).
+
+-include("diameter.hrl").
+-include("diameter_gen_base_rfc3588.hrl").
+
+%% ===========================================================================
+
+-define(util, diameter_util).
+
+-define(ADDR, {127,0,0,1}).
+
+-define(CLIENT,  "CLIENT.REALM0").
+-define(SERVER1, "SERVER.REALM1").
+-define(SERVER2, "SERVER.REALM2").
+-define(SERVER3, "SERVER.REALM3").
+-define(SERVER4, "SERVER.REALM4").
+-define(SERVER5, "SERVER.REALM5").
+
+-define(SERVERS, [?SERVER1, ?SERVER2, ?SERVER3, ?SERVER4, ?SERVER5]).
+
+-define(DICT_COMMON,  ?DIAMETER_DICT_COMMON).
+
+-define(APP_ALIAS, the_app).
+-define(APP_ID, ?DICT_COMMON:id()).
+
+-define(NO_INBAND_SECURITY, 0).
+-define(TLS, 1).
+
+%% Config for diameter:start_service/2.
+-define(SERVICE(Host, Dict),
+        [{'Origin-Host', Host},
+         {'Origin-Realm', realm(Host)},
+         {'Host-IP-Address', [?ADDR]},
+         {'Vendor-Id', 12345},
+         {'Product-Name', "OTP/diameter"},
+         {'Inband-Security-Id', [?NO_INBAND_SECURITY]},
+         {'Auth-Application-Id', [Dict:id()]},
+         {application, [{alias, ?APP_ALIAS},
+                        {dictionary, Dict},
+                        {module, #diameter_callback{peer_up = false,
+                                                    peer_down = false,
+                                                    pick_peer = false,
+                                                    handle_error = false,
+                                                    default = ?MODULE}},
+                        {answer_errors, callback}]}]).
+
+%% Config for diameter:add_transport/2. In the listening case, listen
+%% on a free port that we then lookup using the implementation detail
+%% that diameter_tcp registers the port with diameter_reg.
+-define(CONNECT(PortNr, Caps, Opts),
+        {connect, [{transport_module, diameter_tcp},
+                   {transport_config, [{raddr, ?ADDR},
+                                       {rport, PortNr},
+                                       {ip, ?ADDR},
+                                       {port, 0}
+                                       | Opts]},
+                   {capabilities, Caps}]}).
+-define(LISTEN(Caps, Opts),
+        {listen, [{transport_module, diameter_tcp},
+                  {transport_config, [{ip, ?ADDR}, {port, 0} | Opts]},
+                  {capabilities, Caps}]}).
+
+-define(SUCCESS, 2001).
+-define(LOGOUT, ?'DIAMETER_BASE_TERMINATION-CAUSE_DIAMETER_LOGOUT').
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {seconds, 10}}].
+
+all() ->
+    [start_ssl,
+     start_diameter,
+     make_certs,
+     start_services,
+     add_transports,
+     {group, all},
+     {group, all, [parallel]},
+     remove_transports,
+     stop_services,
+     stop_diameter,
+     stop_ssl].
+
+groups() ->
+    [{all, [], tc()}].
+
+%% Shouldn't really have to know about crypto here but 'ok' from
+%% ssl:start() isn't enough to guarantee that TLS is available.
+init_per_suite(Config) ->
+    try
+        false /= os:find_executable("openssl")
+            orelse throw({?MODULE, no_openssl}),
+        ok == (catch crypto:start())
+            orelse throw({?MODULE, no_crypto}),
+        Config
+    catch
+        {?MODULE, E} ->
+            {skip, E}
+    end.
+
+end_per_suite(_Config) ->
+    crypto:stop().
+
+%% Testcases to run when services are started and connections
+%% established.
+tc() ->
+    [send1,
+     send2,
+     send3,
+     send4,
+     send5].
+
+%% ===========================================================================
+%% testcases
+
+start_ssl(_Config) ->
+    ok = ssl:start().
+
+start_diameter(_Config) ->
+    ok = diameter:start().
+
+make_certs() ->
+    [{timetrap, {seconds, 30}}].
+
+make_certs(Config) ->
+    Dir = proplists:get_value(priv_dir, Config),
+
+    [] = ?util:run([[fun make_cert/2, Dir, B] || B <- ["server1",
+                                                       "server2",
+                                                       "server4",
+                                                       "server5",
+                                                       "client"]]).
+
+start_services(Config) ->
+    Dir = proplists:get_value(priv_dir, Config),
+    Servers = [server(S, sopts(S, Dir)) || S <- ?SERVERS],
+
+    ok = diameter:start_service(?CLIENT, ?SERVICE(?CLIENT, ?DICT_COMMON)),
+
+    {save_config, [Dir | Servers]}.
+
+add_transports(Config) ->
+    {_, [Dir | Servers]} = proplists:get_value(saved_config, Config),
+
+    true = diameter:subscribe(?CLIENT),
+
+    Opts = ssl_options(Dir, "client"),
+    Connections = [connect(?CLIENT, S, copts(N, Opts))
+                   || {S,N} <- lists:zip(Servers, ?SERVERS)],
+
+    ?util:write_priv(Config, "cfg", lists:zip(Servers, Connections)).
+
+
+%% Remove the client transports and expect the corresponding server
+%% transport to go down.
+remove_transports(Config) ->
+    Ts = ?util:read_priv(Config, "cfg"),
+    [] = [T || S <- ?SERVERS, T <- [diameter:subscribe(S)], T /= true],
+    lists:map(fun disconnect/1, Ts).
+
+stop_services(_Config) ->
+    [] = [{H,T} || H <- [?CLIENT | ?SERVERS],
+                   T <- [diameter:stop_service(H)],
+                   T /= ok].
+
+stop_diameter(_Config) ->
+    ok = diameter:stop().
+
+stop_ssl(_Config) ->
+    ok = ssl:stop().
+
+%% Send an STR intended for a specific server and expect success.
+send1(_Config) ->
+    call(?SERVER1).
+send2(_Config) ->
+    call(?SERVER2).
+send3(_Config) ->
+    call(?SERVER3).
+send4(_Config) ->
+    call(?SERVER4).
+send5(_Config) ->
+    call(?SERVER5).
+
+%% ===========================================================================
+%% diameter callbacks
+
+%% prepare_request/3
+
+prepare_request(#diameter_packet{msg = Req},
+                ?CLIENT,
+                {_Ref, Caps}) ->
+    #diameter_caps{origin_host  = {OH, _},
+                   origin_realm = {OR, _}}
+        = Caps,
+
+    {send, set(Req, [{'Session-Id', diameter:session_id(OH)},
+                     {'Origin-Host',  OH},
+                     {'Origin-Realm', OR}])}.
+
+%% prepare_retransmit/3
+
+prepare_retransmit(_Pkt, false, _Peer) ->
+    discard.
+
+%% handle_answer/4
+
+handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
+    #diameter_packet{msg = Rec, errors = []} = Pkt,
+    Rec.
+
+%% handle_request/3
+
+handle_request(#diameter_packet{msg = #diameter_base_STR{'Session-Id' = SId}},
+               OH,
+               {_Ref, #diameter_caps{origin_host = {OH,_},
+                                     origin_realm = {OR, _}}})
+  when OH /= ?CLIENT ->
+    {reply, #diameter_base_STA{'Result-Code' = ?SUCCESS,
+                               'Session-Id' = SId,
+                               'Origin-Host' = OH,
+                               'Origin-Realm' = OR}}.
+
+%% ===========================================================================
+%% support functions
+
+call(Server) ->
+    Realm = realm(Server),
+    Req = ['STR', {'Destination-Realm', Realm},
+                  {'Termination-Cause', ?LOGOUT},
+                  {'Auth-Application-Id', ?APP_ID}],
+    #diameter_base_STA{'Result-Code' = ?SUCCESS,
+                       'Origin-Host' = Server,
+                       'Origin-Realm' = Realm}
+        = call(Req, [{filter, realm}]).
+
+call(Req, Opts) ->
+    diameter:call(?CLIENT, ?APP_ALIAS, Req, Opts).
+
+set([H|T], Vs) ->
+    [H | Vs ++ T].
+
+disconnect({{LRef, _PortNr}, CRef}) ->
+    ok = diameter:remove_transport(?CLIENT, CRef),
+    ok = receive #diameter_event{info = {down, LRef, _, _}} -> ok
+         after 2000 -> false
+         end.
+
+realm(Host) ->
+    tl(lists:dropwhile(fun(C) -> C /= $. end, Host)).
+
+inband_security(Ids) ->
+    [{'Inband-Security-Id', Ids}].
+
+ssl_options(Dir, Base) ->
+    Root = filename:join([Dir, Base]),
+    [{ssl_options, [{certfile, Root ++ "_ca.pem"},
+                    {keyfile,  Root ++ "_key.pem"}]}].
+
+make_cert(Dir, Base) ->
+    make_cert(Dir, Base ++ "_key.pem", Base ++ "_ca.pem").
+
+make_cert(Dir, Keyfile, Certfile) ->
+    [K,C] = Paths = [filename:join([Dir, F]) || F <- [Keyfile, Certfile]],
+
+    KCmd = join(["openssl genrsa -out", K, "2048"]),
+    CCmd = join(["openssl req -new -x509 -key", K, "-out", C, "-days 7",
+                 "-subj /C=SE/ST=./L=Stockholm/CN=www.erlang.org"]),
+
+    %% Hope for the best and only check that files are written.
+    os:cmd(KCmd),
+    os:cmd(CCmd),
+
+    [_,_] = [T || P <- Paths, {ok, T} <- [file:read_file_info(P)]],
+
+    {K,C}.
+
+join(Strs) ->
+    string:join(Strs, " ").
+
+%% server/2
+
+server(Host, {Caps, Opts}) ->
+    ok = diameter:start_service(Host, ?SERVICE(Host, ?DICT_COMMON)),
+    {ok, LRef} = diameter:add_transport(Host, ?LISTEN(Caps, Opts)),
+    {LRef, hd([_] = ?util:lport(tcp, LRef, 20))}.
+
+sopts(?SERVER1, Dir) ->
+    {inband_security([?TLS]),
+     ssl_options(Dir, "server1")};
+sopts(?SERVER2, Dir) ->
+    {inband_security([?NO_INBAND_SECURITY, ?TLS]),
+     ssl_options(Dir, "server2")};
+sopts(?SERVER3, _) ->
+    {[], []};
+sopts(?SERVER4, Dir) ->
+    {[], ssl(ssl_options(Dir, "server4"))};
+sopts(?SERVER5, Dir) ->
+    {[], ssl(ssl_options(Dir, "server5"))}.
+
+ssl([{ssl_options = T, Opts}]) ->
+    [{T, true} | Opts].
+
+%% connect/3
+
+connect(Host, {_LRef, PortNr}, {Caps, Opts}) ->
+    {ok, Ref} = diameter:add_transport(Host, ?CONNECT(PortNr, Caps, Opts)),
+    ok = receive
+             #diameter_event{service = Host,
+                             info = {up, Ref, _, _, #diameter_packet{}}} ->
+                 ok
+         after 2000 ->
+                 false
+         end,
+    Ref.
+
+copts(S, Opts)
+  when S == ?SERVER1;
+       S == ?SERVER2;
+       S == ?SERVER3 ->
+    {inband_security([?NO_INBAND_SECURITY, ?TLS]), Opts};
+copts(S, Opts)
+  when S == ?SERVER4;
+       S == ?SERVER5 ->
+    {[], ssl(Opts)}.
diff --git a/lib/diameter/test/diameter_tls_SUITE_data/Makefile.ca b/lib/diameter/test/diameter_tls_SUITE_data/Makefile.ca
new file mode 100644
index 0000000000..3f2645add0
--- /dev/null
+++ b/lib/diameter/test/diameter_tls_SUITE_data/Makefile.ca
@@ -0,0 +1,43 @@
+# -*- makefile -*-
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2011. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+
+#
+# Certificates are now generated from the suite itself but the
+# makefile itself is still useful.
+#
+
+KEYS  = $(HOSTS:%=%_key.pem)
+CERTS = $(HOSTS:%=%_ca.pem)
+
+all: $(CERTS)
+
+%_ca.pem: %_key.pem
+	openssl req -new -x509 -key $< -out $@ -days 1095 \
+	            -subj '/C=SE/ST=./L=Stockholm/CN=www.erlang.org'
+
+%_key.pem:
+	openssl genrsa -out $@ 2048
+
+clean:
+	rm -f $(CERTS)
+
+realclean: clean
+	rm -f $(KEYS)
+
+.PRECIOUS: $(KEYS)
+.PHONY: all clean realclean
diff --git a/lib/diameter/test/diameter_traffic_SUITE.erl b/lib/diameter/test/diameter_traffic_SUITE.erl
index 8c85323222..6eed8d3b5d 100644
--- a/lib/diameter/test/diameter_traffic_SUITE.erl
+++ b/lib/diameter/test/diameter_traffic_SUITE.erl
@@ -26,15 +26,16 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_suite/1,
-         end_per_suite/1,
          init_per_group/2,
          end_per_group/2,
          init_per_testcase/2,
          end_per_testcase/2]).
 
 %% testcases
--export([result_codes/1,
+-export([start/1,
+         start_services/1,
+         add_transports/1,
+         result_codes/1,
          send_ok/1,
          send_arbitrary/1,
          send_unknown/1,
@@ -73,7 +74,8 @@
          send_multiple_filters_3/1,
          send_anything/1,
          remove_transports/1,
-         stop_services/1]).
+         stop_services/1,
+         stop/1]).
 
 %% diameter callbacks
 -export([peer_up/3,
@@ -85,17 +87,13 @@
          handle_error/5,
          handle_request/3]).
 
--ifdef(DIAMETER_CT).
+-include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--else.
--include_lib("diameter/include/diameter_gen_base_rfc3588.hrl").
--endif.
-
--include_lib("diameter/include/diameter.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
+-define(util, diameter_util).
+
 -define(ADDR, {127,0,0,1}).
 
 -define(CLIENT, "CLIENT").
@@ -123,19 +121,6 @@
                         {module, ?MODULE},
                         {answer_errors, callback}]}]).
 
-%% Config for diameter:add_transport/2. In the listening case, listen
-%% on a free port that we then lookup using the implementation detail
-%% that diameter_tcp registers the port with diameter_reg.
--define(CONNECT(PortNr),
-        {connect, [{transport_module, diameter_tcp},
-                   {transport_config, [{raddr, ?ADDR},
-                                       {rport, PortNr},
-                                       {ip, ?ADDR},
-                                       {port, 0}]}]}).
--define(LISTEN,
-        {listen, [{transport_module, diameter_tcp},
-                  {transport_config, [{ip, ?ADDR}, {port, 0}]}]}).
-
 -define(SUCCESS,
         ?'DIAMETER_BASE_RESULT-CODE_DIAMETER_SUCCESS').
 -define(COMMAND_UNSUPPORTED,
@@ -177,39 +162,16 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [result_codes | [{group, N} || {N, _, _} <- groups()]]
-        ++ [remove_transports, stop_services].
+    [start, start_services, add_transports, result_codes]
+        ++ [{group, E, P} || E <- ?ENCODINGS, P <- [[], [parallel]]]
+        ++ [remove_transports, stop_services, stop].
 
 groups() ->
     Ts = tc(),
-    [{E, [], Ts} || E <- ?ENCODINGS]
-        ++ [{?P(E), [parallel], Ts} || E <- ?ENCODINGS].
-
-init_per_suite(Config) ->
-    ok = diameter:start(),
-    ok = diameter:start_service(?SERVER, ?SERVICE(?SERVER)),
-    ok = diameter:start_service(?CLIENT, ?SERVICE(?CLIENT)),
-    {ok, LRef} = diameter:add_transport(?SERVER, ?LISTEN),
-    true = diameter:subscribe(?CLIENT),
-    {ok, CRef} = diameter:add_transport(?CLIENT, ?CONNECT(portnr())),
-    {up, CRef, _Peer, _Config, #diameter_packet{}}
-        = receive #diameter_event{service = ?CLIENT, info = I} -> I
-          after 2000 -> false
-          end,
-    true = diameter:unsubscribe(?CLIENT),
-    [{transports, {LRef, CRef}} | Config].
-
-end_per_suite(_Config) ->
-    ok = diameter:stop().
+    [{E, [], Ts} || E <- ?ENCODINGS].
 
 init_per_group(Name, Config) ->
-    E = case ?L(Name) of
-            "p_" ++ Rest ->
-                ?A(Rest);
-            _ ->
-                Name
-        end,
-    [{encode, E} | Config].
+    [{encode, Name} | Config].
 
 end_per_group(_, _) ->
     ok.
@@ -261,20 +223,35 @@ tc() ->
      send_multiple_filters_3,
      send_anything].
 
-portnr() ->
-    portnr(20).
-
-portnr(N)
-  when 0 < N ->
-    case diameter_reg:match({diameter_tcp, listener, '_'}) of
-        [{T, _Pid}] ->
-            {_, _, {_LRef, {_Addr, LSock}}} = T,
-            {ok, PortNr} = inet:port(LSock),
-            PortNr;
-        [] ->
-            receive after 50 -> ok end,
-            portnr(N-1)
-    end.
+%% ===========================================================================
+%% start/stop testcases
+
+start(_Config) ->
+    ok = diameter:start().
+
+start_services(_Config) ->
+    ok = diameter:start_service(?SERVER, ?SERVICE(?SERVER)),
+    ok = diameter:start_service(?CLIENT, ?SERVICE(?CLIENT)).
+
+add_transports(Config) ->
+    LRef = ?util:listen(?SERVER, tcp, [{capabilities_cb, fun capx/2}]),
+    CRef = ?util:connect(?CLIENT, tcp, LRef),
+    ?util:write_priv(Config, "transport", {LRef, CRef}).
+
+remove_transports(Config) ->
+    {LRef, CRef} = ?util:read_priv(Config, "transport"),
+    ?util:disconnect(?CLIENT, CRef, ?SERVER, LRef).
+
+stop_services(_Config) ->
+    ok = diameter:stop_service(?CLIENT),
+    ok = diameter:stop_service(?SERVER).
+
+stop(_Config) ->
+    ok = diameter:stop().
+
+capx(_, #diameter_caps{origin_host = {OH,DH}}) ->
+    io:format("connection: ~p -> ~p~n", [DH,OH]),
+    ok.
 
 %% ===========================================================================
 
@@ -528,24 +505,9 @@ send_multiple_filters(Config, Fs) ->
 %% Ensure that we can pass a request in any form to diameter:call/4,
 %% only the return value from the prepare_request callback being
 %% significant.
-send_anything(Config) ->    
+send_anything(Config) ->
     #diameter_base_STA{'Result-Code' = ?SUCCESS}
         = call(Config, anything).
-    
-%% Remove the client transport and expect the server transport to
-%% go down.
-remove_transports(Config) ->
-    {LRef, CRef} = proplists:get_value(transports, Config),
-    true = diameter:subscribe(?SERVER),
-    ok = diameter:remove_transport(?CLIENT, CRef),
-    {down, LRef, _, _}
-        = receive #diameter_event{service = ?SERVER, info = I} -> I
-          after 2000 -> false
-          end.
-
-stop_services(_Config) ->
-    {ok, ok} = {diameter:stop_service(?CLIENT),
-                diameter:stop_service(?SERVER)}.
 
 %% ===========================================================================
 
diff --git a/lib/diameter/test/diameter_transport_SUITE.erl b/lib/diameter/test/diameter_transport_SUITE.erl
index d545859fe8..893b7ba2f9 100644
--- a/lib/diameter/test/diameter_transport_SUITE.erl
+++ b/lib/diameter/test/diameter_transport_SUITE.erl
@@ -27,24 +27,23 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
 %% testcases
--export([tcp_accept/1,
+-export([start/1,
+         tcp_accept/1,
          tcp_connect/1,
          sctp_accept/1,
-         sctp_connect/1]).
+         sctp_connect/1,
+         stop/1]).
 
 -export([accept/1,
          connect/1,
          init/2]).
 
 -include_lib("kernel/include/inet_sctp.hrl").
--include_lib("diameter/include/diameter.hrl").
--include("diameter_ct.hrl").
+-include("diameter.hrl").
 
 -define(util, diameter_util).
 
@@ -67,16 +66,6 @@
                                       = #diameter_caps{host_ip_address
                                                        = Addrs}}).
 
-%% The term diameter_tcp/sctp registers after opening a listening
-%% socket. This is an implementation detail that should probably be
-%% replaced by some documented way of getting at the port number of
-%% the listening socket, which is what we're after since we specify
-%% port 0 to get something unused.
--define(TCP_LISTENER(Ref, Addr, LSock),
-        {diameter_tcp, listener, {Ref, {Addr, LSock}}}).
--define(SCTP_LISTENER(Ref, Addr, LSock),
-        {diameter_sctp, listener, {Ref, {[Addr], LSock}}}).
-
 %% The term we register after open a listening port with gen_tcp.
 -define(TEST_LISTENER(Ref, PortNr),
         {?MODULE, listen, Ref, PortNr}).
@@ -101,10 +90,13 @@ suite() ->
     [{timetrap, {minutes, 2}}].
 
 all() ->
-    [{group, all} | tc()].
+    [start,
+     {group, all},
+     {group, all, [parallel]},
+     stop].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [tcp_accept,
@@ -112,17 +104,18 @@ tc() ->
      sctp_accept,
      sctp_connect].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
-    ok = diameter:start(),
     [{sctp, have_sctp()} | Config].
 
 end_per_suite(_Config) ->
+    ok.
+
+%% ===========================================================================
+
+start(_Config) ->
+    ok = diameter:start().
+
+stop(_Config) ->
     ok = diameter:stop().
 
 %% ===========================================================================
@@ -177,12 +170,12 @@ connect(Prot) ->
 %% have_sctp/0
 
 have_sctp() ->
-    try gen_sctp:open() of
+    case gen_sctp:open() of
         {ok, Sock} ->
             gen_sctp:close(Sock),
-            true
-    catch
-        error: badarg ->
+            true;
+        {error, E} when E == eprotonosupport;
+                        E == esocktnosupport -> %% fail on any other reason
             false
     end.
 
@@ -216,10 +209,10 @@ init(accept, {Prot, Ref}) ->
 
 init(gen_connect, {Prot, Ref}) ->
     %% Lookup the peer's listening socket.
-    {ok, PortNr} = inet:port(lsock(Prot, Ref)),
+    [PortNr] = ?util:lport(Prot, Ref, 20),
 
     %% Connect, send a message and receive it back.
-    {ok, Sock} = gen_connect(Prot, PortNr, Ref),
+    {ok, Sock} = gen_connect(Prot, PortNr),
     Bin = make_msg(),
     ok = gen_send(Prot, Sock, Bin),
     Bin = gen_recv(Prot, Sock);
@@ -253,22 +246,16 @@ init(connect, {Prot, Ref}) ->
     MRef = erlang:monitor(process, TPid),
     ?RECV({'DOWN', MRef, process, _, _}).
 
-lsock(sctp, Ref) ->
-    [{?SCTP_LISTENER(_ , _, LSock), _}]
-        = match(?SCTP_LISTENER(Ref, ?ADDR, '_')),
-    LSock;
-lsock(tcp, Ref) ->
-    [{?TCP_LISTENER(_ , _, LSock), _}]
-        = match(?TCP_LISTENER(Ref, ?ADDR, '_')),
-    LSock.
-
 match(Pat) ->
-    case diameter_reg:match(Pat) of
-        [] ->
+    match(Pat, 20).
+
+match(Pat, T) ->
+    L = diameter_reg:match(Pat),
+    if [] /= L orelse 1 == T ->
+            L;
+       true ->
             ?WAIT(50),
-            match(Pat);
-        L ->
-            L
+            match(Pat, T-1)
     end.
 
 bin(sctp, #diameter_packet{bin = Bin}) ->
@@ -332,7 +319,7 @@ start_accept(Prot, Ref) ->
 
     %% Configure the same port number for transports on the same
     %% reference.
-    PortNr = portnr(Prot, Ref),
+    [PortNr | _] = ?util:lport(Prot, Ref) ++ [0],
     {Mod, Opts} = tmod(Prot),
 
     try
@@ -362,39 +349,9 @@ tmod(sctp) ->
 tmod(tcp) ->
     {diameter_tcp, []}.
 
-portnr(sctp, Ref) ->
-    case diameter_reg:match(?SCTP_LISTENER(Ref, ?ADDR, '_')) of
-        [{?SCTP_LISTENER(_, _, LSock), _}] ->
-            {ok, N} = inet:port(LSock),
-            N;
-        [] ->
-            0
-    end;
-portnr(tcp, Ref) ->
-    case diameter_reg:match(?TCP_LISTENER(Ref, ?ADDR, '_')) of
-        [{?TCP_LISTENER(_, _, LSock), _}] ->
-            {ok, N} = inet:port(LSock),
-            N;
-        [] ->
-            0
-    end.
-
 %% ===========================================================================
 
-%% gen_connect/3
-
-gen_connect(Prot, PortNr, Ref) ->
-    Pid = sync(connect, Ref),
-
-    %% Stagger connect attempts to avoid the situation that no
-    %% transport process is accepting yet.
-    receive after 250 -> ok end,
-
-    try
-        gen_connect(Prot, PortNr)
-    after
-        Pid ! Ref
-    end.
+%% gen_connect/2
 
 gen_connect(sctp = P, PortNr) ->
     {ok, Sock} = Ok = gen_sctp:open([{ip, ?ADDR}, {port, 0} | ?SCTP_OPTS]),
diff --git a/lib/diameter/test/diameter_util.erl b/lib/diameter/test/diameter_util.erl
index 99f4fa1977..0c42f955ad 100644
--- a/lib/diameter/test/diameter_util.erl
+++ b/lib/diameter/test/diameter_util.erl
@@ -23,15 +23,28 @@
 %% Utility functions.
 %%
 
+%% generic
 -export([consult/2,
          run/1,
          fold/3,
          foldl/3,
-         scramble/1,
-         ps/0]).
+         scramble/1]).
+
+%% diameter-specific
+-export([lport/2,
+         lport/3,
+         listen/2, listen/3,
+         connect/3, connect/4,
+         disconnect/4]).
+
+%% common_test-specific
+-export([write_priv/3,
+         read_priv/2,
+         map_priv/3]).
 
 -define(L, atom_to_list).
 
+%% ---------------------------------------------------------------------------
 %% consult/2
 %%
 %% Extract info from the app/appup file (presumably) of the named
@@ -56,6 +69,7 @@ consult(Path) ->
 %% Name/Path in the return value distinguish the errors and allow for
 %% a useful badmatch.
 
+%% ---------------------------------------------------------------------------
 %% run/1
 %%
 %% Evaluate functions in parallel and return a list of those that
@@ -71,6 +85,7 @@ cons(true, _, _, Acc) ->
 cons(false, F, RC, Acc) ->
     [{F, RC} | Acc].
 
+%% ---------------------------------------------------------------------------
 %% fold/3
 %%
 %% Parallel fold. Results are folded in the order received.
@@ -116,6 +131,7 @@ down(MRef) ->
 down() ->
     receive {'DOWN', MRef, process, _, Reason} -> {MRef, Reason} end.
 
+%% ---------------------------------------------------------------------------
 %% foldl/3
 %%
 %% Parallel fold. Results are folded in order of the function list.
@@ -131,6 +147,7 @@ recvl([{MRef, F} | L], Ref, Fun, Acc) ->
     R = down(MRef),
     recvl(L, Ref, Fun, acc(R, Ref, F, Fun, Acc)).
 
+%% ---------------------------------------------------------------------------
 %% scramble/1
 %%
 %% Sort a list into random order.
@@ -150,12 +167,10 @@ s(Acc, L) ->
     {H, [T|Rest]} = lists:split(random:uniform(length(L)) - 1, L),
     s([T|Acc], H ++ Rest).
 
-%% ps/0
-
-ps() ->
-    [{P, process_info(P)} || P <- erlang:processes()].
-
+%% ---------------------------------------------------------------------------
 %% eval/1
+%%
+%% Evaluate a function in one of a number of forms.
 
 eval({M,[F|A]})
   when is_atom(F) ->
@@ -175,3 +190,133 @@ eval(L)
 eval(F)
   when is_function(F,0) ->
     F().
+
+%% ---------------------------------------------------------------------------
+%% write_priv/3
+%%
+%% Write an arbitrary term to a named file.
+
+write_priv(Config, Name, Term) ->
+    write(path(Config, Name), Term).
+
+write(Path, Term) ->
+    ok = file:write_file(Path, term_to_binary(Term)).
+
+%% read_priv/2
+%%
+%% Read a term from a file.
+
+read_priv(Config, Name) ->
+    read(path(Config, Name)).
+
+read(Path) ->
+    {ok, Bin} = file:read_file(Path),
+    binary_to_term(Bin).
+
+%% map_priv/3
+%%
+%% Modify a term in a file and return both old and new values.
+
+map_priv(Config, Name, Fun1) ->
+    map(path(Config, Name), Fun1).
+
+map(Path, Fun1) ->
+    T0 = read(Path),
+    T1 = Fun1(T0),
+    write(Path, T1),
+    {T0, T1}.
+
+path(Config, Name)
+  when is_atom(Name) ->
+    path(Config, ?L(Name));
+path(Config, Name) ->
+    Dir = proplists:get_value(priv_dir, Config),
+    filename:join([Dir, Name]).
+
+%% ---------------------------------------------------------------------------
+%% lport/2-3
+%%
+%% Lookup the port number of a tcp/sctp listening transport.
+
+lport(M, Ref) ->
+    lport(M, Ref, 1).
+
+lport(M, Ref, Tries) ->
+    lp(tmod(M), Ref, Tries).
+
+lp(M, Ref, T) ->
+    L = [N || {listen, N, _} <- M:ports(Ref)],
+    if [] /= L orelse T =< 1 ->
+            L;
+       true ->
+            receive after 50 -> ok end,
+            lp(M, Ref, T-1)
+    end.
+
+%% ---------------------------------------------------------------------------
+%% listen/2-3
+%%
+%% Add a listening transport on the loopback address and a free port.
+
+listen(SvcName, Prot) ->
+    listen(SvcName, Prot, []).
+
+listen(SvcName, Prot, Opts) ->
+    add_transport(SvcName, {listen, opts(Prot, listen) ++ Opts}).
+
+%% ---------------------------------------------------------------------------
+%% connect/2-3
+%%
+%% Add a connecting transport on and connect to a listening transport
+%% with the specified reference.
+
+connect(Client, Prot, LRef) ->
+    connect(Client, Prot, LRef, []).
+
+connect(Client, Prot, LRef, Opts) ->
+    [PortNr] = lport(Prot, LRef, 20),
+    Ref = add_transport(Client, {connect, opts(Prot, PortNr) ++ Opts}),
+    true = diameter:subscribe(Client),
+    ok = receive
+             {diameter_event, Client, {up, Ref, _, _, _}} -> ok
+         after 2000 ->
+                 {Client, Prot, PortNr, process_info(self(), messages)}
+         end,
+    Ref.
+
+%% ---------------------------------------------------------------------------
+%% disconnect/4
+%%
+%% Remove the client transport and expect the server transport to go
+%% down.
+
+disconnect(Client, Ref, Server, LRef) ->
+    true = diameter:subscribe(Server),
+    ok = diameter:remove_transport(Client, Ref),
+    ok = receive
+             {diameter_event, Server, {down, LRef, _, _}} -> ok
+         after 2000 ->
+                 {Client, Ref, Server, LRef, process_info(self(), messages)}
+         end.
+
+%% ---------------------------------------------------------------------------
+
+-define(ADDR, {127,0,0,1}).
+
+add_transport(SvcName, T) ->
+    {ok, Ref} = diameter:add_transport(SvcName, T),
+    Ref.
+
+tmod(tcp) ->
+    diameter_tcp;
+tmod(sctp) ->
+    diameter_sctp.
+
+opts(Prot, T) ->
+    [{transport_module, tmod(Prot)},
+     {transport_config, [{ip, ?ADDR}, {port, 0} | opts(T)]}].
+
+opts(listen) ->
+    [];
+opts(PortNr) ->
+    [{raddr, ?ADDR}, {rport, PortNr}].
diff --git a/lib/diameter/test/diameter_watchdog_SUITE.erl b/lib/diameter/test/diameter_watchdog_SUITE.erl
index dec307529a..ff40326947 100644
--- a/lib/diameter/test/diameter_watchdog_SUITE.erl
+++ b/lib/diameter/test/diameter_watchdog_SUITE.erl
@@ -36,7 +36,7 @@
          id/1,    %% jitter callback
          run/1]).
 
--include_lib("diameter/include/diameter.hrl").
+-include("diameter.hrl").
 -include("diameter_ct.hrl").
 
 %% ===========================================================================
@@ -306,11 +306,8 @@ watchdog(Type, Ref, TPid, Wd) ->
     Opts = [{transport_module, ?MODULE},
             {transport_config, TPid},
             {watchdog_timer, Wd}],
-    monitor(diameter_watchdog:start({Type, Ref},
-                                    {false, Opts, false, ?SERVICE})).
-
-monitor(Pid) ->
-    erlang:monitor(process, Pid),
+    {_MRef, Pid} = diameter_watchdog:start({Type, Ref},
+                                           {false, Opts, false, ?SERVICE}),
     Pid.
 
 %% ===========================================================================
@@ -350,6 +347,10 @@ init(_, _, TPid, _) ->
     monitor(TPid),
     3.
 
+monitor(Pid) ->
+    erlang:monitor(process, Pid),
+    Pid.
+
 %% Generate a unique hostname for the faked peer.
 hostname() ->
     lists:flatten(io_lib:format("~p-~p-~p", tuple_to_list(now()))).
diff --git a/lib/diameter/test/modules.mk b/lib/diameter/test/modules.mk
index c6f709dc36..7f163536fb 100644
--- a/lib/diameter/test/modules.mk
+++ b/lib/diameter/test/modules.mk
@@ -24,6 +24,7 @@ MODULES = \
 	diameter_ct \
 	diameter_util \
 	diameter_enum \
+	diameter_compiler_SUITE \
 	diameter_codec_SUITE \
 	diameter_codec_test \
 	diameter_app_SUITE \
@@ -32,9 +33,19 @@ MODULES = \
 	diameter_sync_SUITE \
 	diameter_stats_SUITE \
 	diameter_watchdog_SUITE \
+	diameter_gen_sctp_SUITE \
 	diameter_transport_SUITE \
+	diameter_capx_SUITE \
 	diameter_traffic_SUITE \
-	diameter_relay_SUITE
+	diameter_relay_SUITE \
+	diameter_tls_SUITE \
+	diameter_failover_SUITE
 
-INTERNAL_HRL_FILES = \
+HRL_FILES = \
 	diameter_ct.hrl
+
+DATA = \
+	diameter_codec_SUITE_data/avps.dia \
+	diameter_codec_SUITE_data/send.dia \
+	diameter_codec_SUITE_data/recv.dia \
+	diameter_codec_SUITE_data/diameter_test_unknown.erl
diff --git a/lib/diameter/test/release.sed b/lib/diameter/test/release.sed
new file mode 100644
index 0000000000..2720b778f2
--- /dev/null
+++ b/lib/diameter/test/release.sed
@@ -0,0 +1,35 @@
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2010-2011. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+#
+
+#
+# This bit of gymnastics is to replace the include of diameter's
+# public hrls by include_lib when releasing testsuites, so that they
+# compile both in the development filesystem (where generated hrls
+# aren't in diameter/include) and with common_test's autocompilation
+# on an installed release. Solving the problem by installing generated
+# hrls to ../include is anathema: that directory is for handwritten
+# source.)
+#
+
+/^-include("/!b
+/"diameter_gen_/b s
+/"diameter\./!b
+
+:s
+s@("@_lib&diameter/include/@
diff --git a/lib/diameter/vsn.mk b/lib/diameter/vsn.mk
index c783450c9f..0c240798cc 100644
--- a/lib/diameter/vsn.mk
+++ b/lib/diameter/vsn.mk
@@ -18,7 +18,7 @@
 # %CopyrightEnd%
 
 APPLICATION  = diameter
-DIAMETER_VSN = 0.10
+DIAMETER_VSN = 1.0
 PRE_VSN      =
 APP_VSN      = "$(APPLICATION)-$(DIAMETER_VSN)$(PRE_VSN)"
 
diff --git a/lib/docbuilder/AUTHORS b/lib/docbuilder/AUTHORS
deleted file mode 100644
index 4f2a8e9361..0000000000
--- a/lib/docbuilder/AUTHORS
+++ /dev/null
@@ -1,10 +0,0 @@
-Docbuilder is a rewrite of the Old docbuilder
-and takes XML as input instead of SGML.
-Docbuilder makes use of xmerl for parsing XML
-and produces HTML. Everything is written in Erlang
-and there are no dependencies to external tools.
-
-Original Authors:
-Gunilla Arendt
-
-Contributors:
diff --git a/lib/docbuilder/Makefile b/lib/docbuilder/Makefile
deleted file mode 100644
index 21f42421d6..0000000000
--- a/lib/docbuilder/Makefile
+++ /dev/null
@@ -1,37 +0,0 @@
-# ``The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved via the world wide web at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-# Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
-# AB. All Rights Reserved.''
-# 
-#     $Id$
-#
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-#
-# Macros
-#
-
-SUB_DIRECTORIES = src dtd etc doc/src
-
-include vsn.mk
-VSN = $(DOCB_VSN)
-
-SPECIAL_TARGETS = 
-
-#
-# Default Subdir Targets
-#
-include $(ERL_TOP)/make/otp_subdir.mk
-
-
diff --git a/lib/docbuilder/doc/src/Makefile b/lib/docbuilder/doc/src/Makefile
deleted file mode 100644
index ae34266844..0000000000
--- a/lib/docbuilder/doc/src/Makefile
+++ /dev/null
@@ -1,132 +0,0 @@
-#
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-#
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../../vsn.mk
-VSN=$(DOCB_VSN)
-APPLICATION=docbuilder
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
-
-# ----------------------------------------------------
-# Target Specs
-# ----------------------------------------------------
-XML_APPLICATION_FILES = ref_man.xml
-XML_REF3_FILES = \
-	docb_gen.xml \
-	docb_transform.xml \
-	docb_xml_check.xml
-XML_REF6_FILES = \
-	docbuilder_app.xml
-
-XML_PART_FILES = part.xml part_notes.xml
-XML_CHAPTER_FILES = \
-	overview.xml \
-	user_guide_dtds.xml \
-	refman_dtds.xml \
-	fasc_dtds.xml \
-	header_tags.xml \
-	block_tags.xml \
-	inline_tags.xml \
-	character_entities.xml \
-	notes.xml
-
-BOOK_FILES = book.xml
-
-GIF_FILES = \
-	man.gif
-
-
-XML_FILES = \
-	$(BOOK_FILES) $(XML_CHAPTER_FILES) \
-	$(XML_PART_FILES) $(XML_REF3_FILES) $(XML_REF6_FILES) \
-	$(XML_APPLICATION_FILES)
-
-# ----------------------------------------------------
-
-HTML_FILES = \
-	$(XML_APPLICATION_FILES:%.xml=$(HTMLDIR)/%.html) \
-	$(XML_PART_FILES:%.xml=$(HTMLDIR)/%.html)
-
-INFO_FILE = ../../info
-
-MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
-MAN6_FILES = $(XML_REF6_FILES:%_app.xml=$(MAN6DIR)/%.6)
-
-HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
-
-TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
-
-# ----------------------------------------------------
-# FLAGS 
-# ----------------------------------------------------
-DVIPS_FLAGS += 
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-$(HTMLDIR)/%.gif: %.gif
-	$(INSTALL_DATA) $< $@
-
-docs: pdf html man
-
-$(TOP_PDF_FILE): $(XML_FILES)
-
-pdf: $(TOP_PDF_FILE)
-
-html: gifs $(HTML_REF_MAN_FILE)
-
-man: $(MAN3_FILES) $(MAN6_FILES)
-
-gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
-
-debug opt: 
-
-clean clean_docs:
-	rm -rf $(HTMLDIR)/*
-	rm -f $(MAN3DIR)/*
-	rm -f $(MAN6DIR)/*
-	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
-	rm -f errs core *~ 
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(HTMLDIR)/* \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man6
-	$(INSTALL_DATA) $(MAN6_FILES) $(RELEASE_PATH)/man/man6
-
-release_spec:
diff --git a/lib/docbuilder/doc/src/block_tags.xml b/lib/docbuilder/doc/src/block_tags.xml
deleted file mode 100644
index f5ba083f38..0000000000
--- a/lib/docbuilder/doc/src/block_tags.xml
+++ /dev/null
@@ -1,431 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>1997</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>Block Tags</title>
-    <prepared/>
-    <docno/>
-    <date/>
-    <rev/>
-    <file>block_tags.xml</file>
-  </header>
-
-  <p>Block tags typically define a separate block of information, such
-    as a paragraph or a list.</p>
-
-  <p>The following subset of block tags are common for all DTDs in
-    the DocBuilder DTD suite:
-    <marker id="block_subset"></marker>
-    <seealso marker="#pTAG">&lt;p&gt;</seealso>,
-    <seealso marker="#preTAG">&lt;pre&gt;</seealso>,
-    <seealso marker="#codeTAG">&lt;code&gt;</seealso>,
-    <seealso marker="#listTAG">&lt;list&gt;</seealso>,
-    <seealso marker="#taglistTAG">&lt;taglist&gt;</seealso>,
-    <seealso marker="#codeincludeTAG">&lt;codeinclude&gt;</seealso> and
-    <seealso marker="#erlevalTAG">&lt;erleval&gt;</seealso>.
-  </p>
-
-  <section>
-    <marker id="brTAG"></marker>
-    <title>&lt;br&gt; - Line Break</title>
-
-    <p>Forces a newline. Example:</p>
-    <pre>
-Eat yourself&lt;br/&gt;senseless!
-    </pre>
-    <p>results in:</p>
-    <p>Eat yourself<br/>senseless!</p>
-
-    <p>The <c><![CDATA[<br>]]></c> tag is both a block- and an inline
-      tag.</p>
-  </section>
-
-  <section>
-    <marker id="codeTAG"></marker>
-    <title>&lt;code&gt; - Code Example</title>
-
-    <p>Highlight code examples. Example:</p>
-    <pre>
-&lt;code>
-sum([H|T]) ->
-    H + sum(T);
-sum([]) ->
-    0.
-&lt;/code>
-    </pre>
-    <p>results in:</p>
-    <code>
-sum([H|T]) ->
-    H + sum(T);
-sum([]) ->
-    0.
-    </code>
-
-    <p>There is an attribute <c>type = "erl" | "c" | "none"</c>, but
-      currently this attribute is ignored by DocBuilder. Default value
-      is <c>"none"</c></p>
-
-    <note>
-      <p>No tags are allowed within the tag and no
-	<seealso marker="character_entities">character
-	  entities</seealso> are expanded.</p>
-    </note>
-  </section>
-
-  <section>
-    <marker id="codeincludeTAG"></marker>
-    <title>&lt;codeinclude&gt; - Code Inclusion</title>
-
-    <p>Include external code snippets. The attribute <c>file</c>
-      gives the file name and <c>tag</c> defines a string which
-      delimits the code snippet. Example:</p>
-    <pre>
-&lt;codeinclude file="gazonk" tag="%% Erlang example"/&gt;
-    </pre>
-    <p>results in:</p>
-    <codeinclude file="gazonk" tag="%% Erlang example"/>
-
-    <p>provided there is a file named <c>gazonk</c> looking like this:
-    </p>
-    <code>
-...
-
-%% Erlang example
--module(gazonk).
-
-start() ->
-    {error,"Pid required!"}.
-start(Pid) ->
-    spawn(fun() -> init(Pid) end).
-%% Erlang example
-
-...
-    </code>
-
-    <p>If the <c>tag</c> attribute is omitted, the whole file is
-    included.</p>
-
-    <p>There is also an attribute <c>type = "erl" | "c" | "none"</c>, but
-      currently this attribute is ignored by DocBuilder. Default value
-      is <c>"none"</c></p>
-  </section>
-
-  <section>
-    <marker id="erlevalTAG"></marker>
-    <title>&lt;erleval&gt; - Erlang Evaluation</title>
-
-    <p>Include the result from evaluating an Erlang expression. Example:
-    </p>
-    <code><![CDATA[
-<erleval expr="{A,b,C}={a,b,c}. "/>
-      ]]></code>
-    <p>results in:</p>
-    <erleval expr="{A,b,C}={a,b,c}. "></erleval>
-
-    <p>Note the '.' and space after the expression.</p>
-  </section>
-
-  <section>
-    <marker id="listTAG"></marker>
-    <title>&lt;list&gt; - List</title>
-
-    <p>The attribute <c>type = "ordered"|"bulleted"</c> decides if
-      the list is numbered or bulleted. Default is <c>"bulleted"</c>.
-    </p>
-
-    <p>Lists contains list items, tag <c><![CDATA[<item>]]></c>, which
-      can contain plain text,
-      the <seealso marker="#block_subset">common subset of block
-	tags</seealso> and <seealso marker="inline_tags">inline
-	tags</seealso>. Example:</p>
-    <pre>
-&lt;list type="ordered"&gt;
-  &lt;item&gt;Askosal:
-    &lt;list&gt;
-      &lt;item&gt;Nullalisis&lt;/item>
-      &lt;item&gt;Facilisis&lt;/item>
-    &lt;/list&gt;
-  &lt;/item>
-  &lt;item&gt;Ankara&lt;/item>
-&lt;/list&gt;
-    </pre>
-    <p>results in:</p>
-    <list type="ordered">
-      <item>
-	<p>Askosal:</p>
-	<list type="bulleted">
-	  <item>Nullalisis</item>
-	  <item>Facilisis</item>
-	</list>
-      </item>
-      <item>Ankara</item>
-    </list>
-  </section>
-
-  <section>
-    <marker id="markerTAG"></marker>
-    <title>&lt;marker&gt; - Marker</title>
-
-    <p>Used as an anchor for hypertext references. The
-      <c><![CDATA[<marker>]]></c> tag is both a block- and an inline
-      tag and is described in
-      the <seealso marker="inline_tags#markerTAG">Inline Tags</seealso>
-      section.</p>
-  </section>
-
-  <section>
-    <marker id="pTAG"></marker>
-    <title>&lt;p&gt; - Paragraph</title>
-
-    <p>Paragraphs contain plain text and
-      <seealso marker="inline_tags">inline tags</seealso>. Example:</p>
-    <pre>
-&lt;p&gt;I call specific attention to
-  the authority given by the &lt;em&gt;21st Amendment&lt;/em&gt;
-  to the Constitution to prohibit transportation
-  or importation of intoxicating liquors into
-  any State in violation of the laws of such
-  State.&lt;/p&gt;
-    </pre>
-    <p>results in:</p>
-    <p>I call specific attention to
-      the authority given by the <em>21st Amendment</em>
-      to the Constitution to prohibit transportation
-      or importation of intoxicating liquors into
-      any State in violation of the laws of such
-      State.</p>
-  </section>
-
-  <section>
-    <marker id="noteTAG"></marker>
-    <title>&lt;note&gt; - Note</title>
-
-    <p>Highlights a note. Can contain block tags except
-      <c><![CDATA[<note>]]></c>, <c><![CDATA[<warning>]]></c>,
-      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.
-      Example:</p>
-<pre>
-&lt;note>
-  &lt;p>This function is mainly intended for debugging.&lt;/p>
-&lt;/note>
-  </pre>
-    <p>results in:</p>
-    <note>
-      <p>This function is mainly intended for debugging.</p>
-    </note>
-  </section>
-
-  <section>
-    <marker id="preTAG"></marker>
-    <title>&lt;pre&gt; - Pre-formatted Text</title>
-
-    <p>Used for documentation of system interaction. Can contain text,
-      <seealso marker="inline_tags#seealsoTAG">seealso</seealso>,  
-      <seealso marker="inline_tags#urlTAG">url</seealso> and
-      <c><![CDATA[<input>]]></c> tags.</p>
-
-    <p>The <c><![CDATA[<input>]]></c> tag is used to highlight user
-      input. Example:</p>
-    <pre>
-&lt;pre&gt;
-$ &lt;input&gt;erl&lt;/input&gt;
-Erlang (BEAM) emulator version 5.5.3 [async-threads:0] [hipe] [kernel-poll:false]
-
-Eshell V5.5.3  (abort with ^G)
-1&gt; &lt;input&gt;pwd().&lt;/input&gt;
-/home/user
-2&gt; &lt;input&gt;halt().&lt;/input&gt;
-&lt;/pre&gt;
-    </pre>
-    <p> results in:</p>
-    <pre>
-$ <input>erl</input>
-Erlang (BEAM) emulator version 5.5.3 [async-threads:0] [hipe] [kernel-poll:false]
-
-Eshell V5.5.3  (abort with ^G)
-1> <input>pwd().</input>
-/home/user
-2> <input>halt().</input>
-    </pre>
-
-    <p>All <seealso marker="character_entities">character
-	entities</seealso> are expanded.</p>
-  </section>
-
-  <section>
-    <marker id="quoteTAG"></marker>
-    <title>&lt;quote&gt; - Quotation</title>
-
-    <p>Highlight quotations from other works, or dialog spoken by
-      characters in a narrative. Contains one or more
-      <seealso marker="#pTAG">&lt;p&gt;</seealso> tags. Example:</p>
-    <pre>
-&lt;p&gt;Whereas Section 217(a) of the Act of Congress entitled
-"An Act ..." approved June 16, 1933, provides as follows:&lt;/p&gt;
-&lt;quote&gt;
-  &lt;p&gt;Section 217(a) The President shall proclaim the law.&lt;/p>
-&lt;/quote&gt;
-    </pre>
-    <p>results in:</p>
-    <p>Whereas Section 217(a) of the Act of Congress entitled
-      "An Act ..." approved June 16, 1933, provides as follows:</p>
-    <quote>
-      <p>Section 217(a) The President shall proclaim the law.</p>
-    </quote>
-  </section>
-
-  <section>
-    <marker id="taglistTAG"></marker>
-    <marker id="tagTAG"></marker>
-    <title>&lt;taglist&gt; - Definition List</title>
-
-    <p>Definition lists contains pairs of tags,
-      <c><![CDATA[<tag>]]></c>, and list items,
-      <c><![CDATA[<item>]]></c>.</p>
-
-    <p><c><![CDATA[<tag>]]></c> can contain plain text,
-      <seealso marker="inline_tags#cTAG">&lt;c&gt;</seealso>,
-      <seealso marker="inline_tags#emTAG">&lt;em&gt;</seealso>,
-      <seealso marker="inline_tags#seealsoTAG">&lt;seealso&gt;</seealso>
-      and <seealso marker="inline_tags#urlTAG">&lt;url&gt;</seealso>
-      tags.</p>
-
-    <p><c><![CDATA[<item>]]></c> can contain plain text,
-      the <seealso marker="#block_subset">common subset of block
-	tags</seealso> and <seealso marker="inline_tags">inline
-	tags</seealso>. Example:</p>
-    <pre>
-&lt;taglist>
-  &lt;tag>&lt;c>eacces&lt;/c>&lt;/tag>
-  &lt;item>Permission denied.&lt;/item>
-  &lt;tag>&lt;c>enoent&lt;/c>&lt;/tag>
-  &lt;item>No such file or directory.&lt;/item>
-&lt;/taglist>
-    </pre>
-    <p>results in:</p>
-    <taglist>
-      <tag><c>eacces</c></tag>
-      <item>Permission denied.</item>
-      <tag><c>enoent</c></tag>
-      <item>No such file or directory.</item>
-    </taglist>
-  </section>
-
-  <section>
-    <marker id="warningTAG"></marker>
-    <title>&lt;warning&gt; - Warning</title>
-
-    <p>Highlights a warning. Can contain block tags except
-      <c><![CDATA[<note>]]></c>, <c><![CDATA[<warning>]]></c>,
-      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.
-      Example:</p>
-<pre>
-&lt;warning>
-  &lt;p>This function might be removed in a future version without
-    prior warning.&lt;/p>
-&lt;/warning>
-  </pre>
-    <p>results in:</p>
-    <warning>
-      <p>This function might be removed in a future version without
-	prior warning.</p>
-    </warning>
-  </section>
-
-  <section>
-    <marker id="imageTAG"></marker>
-    <marker id="icaptionTAG"></marker>
-    <title>&lt;image&gt; - Image</title>
-
-    <p>Graphics is imported using the <c><![CDATA[<image>]]></c> tag.
-      An image caption <c><![CDATA[<icaption>]]></c>, containing plain
-      text, must be supplied. Example:</p>
-    <pre>
-&lt;image file="man"&gt;
-  &lt;icaption&gt;A Silly Man&lt;/icaption&gt;
-&lt;/image&gt;
-    </pre>
-    <p>results in:</p>
-    <image file="man.gif">
-      <icaption>A Silly Man</icaption>
-    </image>
-
-    <p>This assumes that <c>man.gif</c> exists in the current directory.
-    </p>
-  </section>
-
-  <section>
-    <marker id="tableTAG"></marker>
-    <marker id="rowTAG"></marker>
-    <marker id="cellTAG"></marker>
-    <marker id="tcaptionTAG"></marker>
-    <title>&lt;table&gt; - Table</title>
-
-    <p>The table format is similar to how tables are described in HTML
-      3.2. A table contains one or more rows, <c><![CDATA[<row>]]></c>,
-      and a table caption <c><![CDATA[<tcaption>]]></c>, containing
-      plain text.</p>
-
-    <p>Each row contains one or more cells, <c><![CDATA[<cell>]]></c>.
-      The attributes <c>align = "left"|"center"|"right"</c> and
-      <c>valign = "top"|"middle"|"bottom"</c> decides how text is
-      aligned in the cell horizontally and vertically. Default is
-      "<c>left</c>" and "<c>middle</c>".</p>
-
-    <p>Each cell contains plain text and
-      <seealso marker="inline_tags">inline tags</seealso>. Example:</p>
-    <pre><![CDATA[
-    <table>
-      <row>
-        <cell align="left" valign="top"><em>Boys</em></cell>
-        <cell align="center" valign="middle"><em>Girls</em></cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">Juda</cell>
-        <cell align="right" valign="bottom">Susy</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">Anders</cell>
-        <cell align="left" valign="middle">Victoria</cell>
-      </row>
-      <tcaption>A table caption</tcaption>
-    </table>
-    ]]></pre>
-    <p>results in:</p>
-    <table>
-      <row>
-        <cell align="left" valign="top"><em>Boys</em></cell>
-        <cell align="center" valign="middle"><em>Girls</em></cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">Juda</cell>
-        <cell align="right" valign="bottom">Susy</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">Anders</cell>
-        <cell align="left" valign="middle">Victoria</cell>
-      </row>
-      <tcaption>A table caption</tcaption>
-    </table>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/doc/src/book.xml b/lib/docbuilder/doc/src/book.xml
deleted file mode 100644
index a13d56dd8a..0000000000
--- a/lib/docbuilder/doc/src/book.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE book SYSTEM "book.dtd">
-
-<book xmlns:xi="http://www.w3.org/2001/XInclude">
-  <header titlestyle="normal">
-    <copyright>
-      <year>1997</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-    
-    <title>DocBuilder</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-  </header>
-  <insidecover>
-  </insidecover>
-  <pagetext>Docbuilder</pagetext>
-  <preamble>
-    <contents level="2"></contents>
-  </preamble>
-  <parts lift="no">
-    <xi:include href="part.xml"/>
-  </parts>
-  <applications>
-    <xi:include href="ref_man.xml"/>
-  </applications>
-  <releasenotes>
-    <xi:include href="notes.xml"/>
-  </releasenotes>
-  <listoffigures></listoffigures>
-  <listoftables></listoftables>
-  <listofterms></listofterms>
-  <index></index>
-</book>
-
diff --git a/lib/docbuilder/doc/src/character_entities.xml b/lib/docbuilder/doc/src/character_entities.xml
deleted file mode 100644
index 0a4ae17fb5..0000000000
--- a/lib/docbuilder/doc/src/character_entities.xml
+++ /dev/null
@@ -1,546 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>1997</year><year>2011</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>Character Entities</title>
-    <prepared/>
-    <docno/>
-    <date/>
-    <rev/>
-    <file>character_entities.xml</file>
-  </header>
-
-  <section>
-    <title>Added Latin 1</title>
-
-    <p>The DocBuilder DTD suite uses the same character entities as
-      defined in HTML 3.2
-      (<c>ISO 8879-1986//ENTITIES Added Latin 1//EN//HTML</c>). That is:
-      for an &amp; (ampersand), use the entity: <c>&amp;amp;</c>, for
-      &ouml; use the entity <c>&amp;ouml;</c> and so on.</p>
-
-    <table>
-      <row>
-        <cell align="left" valign="middle"><em>Character</em></cell>
-        <cell align="left" valign="middle"><em>Entity</em></cell>
-        <cell align="left" valign="middle"><em>Description</em></cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&amp;</cell>
-        <cell align="left" valign="middle">&amp;amp;</cell>
-        <cell align="left" valign="middle">ampersand</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&gt;</cell>
-        <cell align="left" valign="middle">&amp;gt;</cell>
-        <cell align="left" valign="middle">greater than</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&lt;</cell>
-        <cell align="left" valign="middle">&amp;lt;</cell>
-        <cell align="left" valign="middle">less than</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&nbsp;</cell>
-        <cell align="left" valign="middle">&amp;nbsp;</cell>
-        <cell align="left" valign="middle">no-break space</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&iexcl;</cell>
-        <cell align="left" valign="middle">&amp;iexcl;</cell>
-        <cell align="left" valign="middle">inverted exclamation mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&cent;</cell>
-        <cell align="left" valign="middle">&amp;cent;</cell>
-        <cell align="left" valign="middle">cent sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&pound;</cell>
-        <cell align="left" valign="middle">&amp;pound;</cell>
-        <cell align="left" valign="middle">pound sterling sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&curren;</cell>
-        <cell align="left" valign="middle">&amp;curren;</cell>
-        <cell align="left" valign="middle">general currency sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&yen;</cell>
-        <cell align="left" valign="middle">&amp;yen;</cell>
-        <cell align="left" valign="middle">yen sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&brvbar;</cell>
-        <cell align="left" valign="middle">&amp;brvbar;</cell>
-        <cell align="left" valign="middle">broken (vertical) bar</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&sect;</cell>
-        <cell align="left" valign="middle">&amp;sect;</cell>
-        <cell align="left" valign="middle">section sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&uml;</cell>
-        <cell align="left" valign="middle">&amp;uml;</cell>
-        <cell align="left" valign="middle">umlaut (dieresis)</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&copy;</cell>
-        <cell align="left" valign="middle">&amp;copy;</cell>
-        <cell align="left" valign="middle">copyright sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ordf;</cell>
-        <cell align="left" valign="middle">&amp;ordf;</cell>
-        <cell align="left" valign="middle">ordinal indicator, feminine</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&laquo;</cell>
-        <cell align="left" valign="middle">&amp;laquo;</cell>
-        <cell align="left" valign="middle">angle quotation mark, left</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&not;</cell>
-        <cell align="left" valign="middle">&amp;not;</cell>
-        <cell align="left" valign="middle">not sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle"></cell> <!-- a space is used instead of &shy; due to bug in fop 1.0 -->
-        <cell align="left" valign="middle">&amp;shy;</cell>
-        <cell align="left" valign="middle">soft hyphen</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&reg;</cell>
-        <cell align="left" valign="middle">&amp;reg;</cell>
-        <cell align="left" valign="middle">registered sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&macr;</cell>
-        <cell align="left" valign="middle">&amp;macr;</cell>
-        <cell align="left" valign="middle">macron</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&deg;</cell>
-        <cell align="left" valign="middle">&amp;deg;</cell>
-        <cell align="left" valign="middle">degree sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&plusmn;</cell>
-        <cell align="left" valign="middle">&amp;plusmn;</cell>
-        <cell align="left" valign="middle">plus-or-minus</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&sup2;</cell>
-        <cell align="left" valign="middle">&amp;sup2;</cell>
-        <cell align="left" valign="middle">superscript two</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&sup3;</cell>
-        <cell align="left" valign="middle">&amp;sup3;</cell>
-        <cell align="left" valign="middle">superscript three</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&acute;</cell>
-        <cell align="left" valign="middle">&amp;acute;</cell>
-        <cell align="left" valign="middle">acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&micro;</cell>
-        <cell align="left" valign="middle">&amp;micro;</cell>
-        <cell align="left" valign="middle">micro sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&para;</cell>
-        <cell align="left" valign="middle">&amp;para;</cell>
-        <cell align="left" valign="middle">pilcrow (paragraph sign)</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&middot;</cell>
-        <cell align="left" valign="middle">&amp;middot;</cell>
-        <cell align="left" valign="middle">middle dot</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&cedil;</cell>
-        <cell align="left" valign="middle">&amp;cedil;</cell>
-        <cell align="left" valign="middle">cedilla</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&sup1;</cell>
-        <cell align="left" valign="middle">&amp;sup1;</cell>
-        <cell align="left" valign="middle">superscript one</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ordm;</cell>
-        <cell align="left" valign="middle">&amp;ordm;</cell>
-        <cell align="left" valign="middle">ordinal indicator, masculine</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&raquo;</cell>
-        <cell align="left" valign="middle">&amp;raquo;</cell>
-        <cell align="left" valign="middle">angle quotation mark, right</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&frac14;</cell>
-        <cell align="left" valign="middle">&amp;frac14;</cell>
-        <cell align="left" valign="middle">fraction one-quarter</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&frac12;</cell>
-        <cell align="left" valign="middle">&amp;frac12;</cell>
-        <cell align="left" valign="middle">fraction one-half</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&frac34;</cell>
-        <cell align="left" valign="middle">&amp;frac34;</cell>
-        <cell align="left" valign="middle">fraction three-quarters</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&iquest;</cell>
-        <cell align="left" valign="middle">&amp;iquest;</cell>
-        <cell align="left" valign="middle">inverted question mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Agrave;</cell>
-        <cell align="left" valign="middle">&amp;Agrave;</cell>
-        <cell align="left" valign="middle">capital A, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Aacute;</cell>
-        <cell align="left" valign="middle">&amp;Aacute;</cell>
-        <cell align="left" valign="middle">capital A, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Acirc;</cell>
-        <cell align="left" valign="middle">&amp;Acirc;</cell>
-        <cell align="left" valign="middle">capital A, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Atilde;</cell>
-        <cell align="left" valign="middle">&amp;Atilde;</cell>
-        <cell align="left" valign="middle">capital A, tilde</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Auml;</cell>
-        <cell align="left" valign="middle">&amp;Auml;</cell>
-        <cell align="left" valign="middle">capital A, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Aring;</cell>
-        <cell align="left" valign="middle">&amp;Aring;</cell>
-        <cell align="left" valign="middle">capital A, ring</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&AElig;</cell>
-        <cell align="left" valign="middle">&amp;AElig;</cell>
-        <cell align="left" valign="middle">capital AE diphthong (ligature)</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Ccedil;</cell>
-        <cell align="left" valign="middle">&amp;Ccedil;</cell>
-        <cell align="left" valign="middle">capital C, cedilla</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Egrave;</cell>
-        <cell align="left" valign="middle">&amp;Egrave;</cell>
-        <cell align="left" valign="middle">capital E, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Eacute;</cell>
-        <cell align="left" valign="middle">&amp;Eacute;</cell>
-        <cell align="left" valign="middle">capital E, acute accen</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Ecirc;</cell>
-        <cell align="left" valign="middle">&amp;Ecirc;</cell>
-        <cell align="left" valign="middle">capital E, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Euml;</cell>
-        <cell align="left" valign="middle">&amp;Euml;</cell>
-        <cell align="left" valign="middle">capital E, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Igrave;</cell>
-        <cell align="left" valign="middle">&amp;Igrave;</cell>
-        <cell align="left" valign="middle">capital I, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Iacute;</cell>
-        <cell align="left" valign="middle">&amp;Iacute;</cell>
-        <cell align="left" valign="middle">capital I, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Icirc;</cell>
-        <cell align="left" valign="middle">&amp;Icirc;</cell>
-        <cell align="left" valign="middle">capital I, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Iuml;</cell>
-        <cell align="left" valign="middle">&amp;Iuml;</cell>
-        <cell align="left" valign="middle">capital I, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ETH;</cell>
-        <cell align="left" valign="middle">&amp;ETH;</cell>
-        <cell align="left" valign="middle">capital Eth, Icelandic</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Ntilde;</cell>
-        <cell align="left" valign="middle">&amp;Ntilde;</cell>
-        <cell align="left" valign="middle">capital N, tilde</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Ograve;</cell>
-        <cell align="left" valign="middle">&amp;Ograve;</cell>
-        <cell align="left" valign="middle">capital O, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Oacute;</cell>
-        <cell align="left" valign="middle">&amp;Oacute;</cell>
-        <cell align="left" valign="middle">capital O, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Ocirc;</cell>
-        <cell align="left" valign="middle">&amp;Ocirc;</cell>
-        <cell align="left" valign="middle">capital O, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Otilde;</cell>
-        <cell align="left" valign="middle">&amp;Otilde;</cell>
-        <cell align="left" valign="middle">capital O, tilde</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Ouml;</cell>
-        <cell align="left" valign="middle">&amp;Ouml;</cell>
-        <cell align="left" valign="middle">capital O, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&times;</cell>
-        <cell align="left" valign="middle">&amp;times;</cell>
-        <cell align="left" valign="middle">multiply sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Oslash;</cell>
-        <cell align="left" valign="middle">&amp;Oslash;</cell>
-        <cell align="left" valign="middle">capital O, slash</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Ugrave;</cell>
-        <cell align="left" valign="middle">&amp;Ugrave;</cell>
-        <cell align="left" valign="middle">capital U, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Uacute;</cell>
-        <cell align="left" valign="middle">&amp;Uacute;</cell>
-        <cell align="left" valign="middle">capital U, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Ucirc;</cell>
-        <cell align="left" valign="middle">&amp;Ucirc;</cell>
-        <cell align="left" valign="middle">capital U, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Uuml;</cell>
-        <cell align="left" valign="middle">&amp;Uuml;</cell>
-        <cell align="left" valign="middle">capital U, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&Yacute;</cell>
-        <cell align="left" valign="middle">&amp;Yacute;</cell>
-        <cell align="left" valign="middle">capital Y, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&THORN;</cell>
-        <cell align="left" valign="middle">&amp;THORN;</cell>
-        <cell align="left" valign="middle">capital THORN, Icelandic</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&szlig;</cell>
-        <cell align="left" valign="middle">&amp;szlig;</cell>
-        <cell align="left" valign="middle">small sharp s, German (sz ligature)</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&agrave;</cell>
-        <cell align="left" valign="middle">&amp;agrave;</cell>
-        <cell align="left" valign="middle">small a, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&aacute;</cell>
-        <cell align="left" valign="middle">&amp;aacute;</cell>
-        <cell align="left" valign="middle">small a, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&acirc;</cell>
-        <cell align="left" valign="middle">&amp;acirc;</cell>
-        <cell align="left" valign="middle">small a, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&atilde;</cell>
-        <cell align="left" valign="middle">&amp;atilde;</cell>
-        <cell align="left" valign="middle">small a, tilde</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&auml;</cell>
-        <cell align="left" valign="middle">&amp;auml;</cell>
-        <cell align="left" valign="middle">small a, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&aring;</cell>
-        <cell align="left" valign="middle">&amp;aring;</cell>
-        <cell align="left" valign="middle">small a, ring</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&aelig;</cell>
-        <cell align="left" valign="middle">&amp;aelig;</cell>
-        <cell align="left" valign="middle">small ae diphthong (ligature)</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ccedil;</cell>
-        <cell align="left" valign="middle">&amp;ccedil;</cell>
-        <cell align="left" valign="middle">small c, cedilla</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&egrave;</cell>
-        <cell align="left" valign="middle">&amp;egrave;</cell>
-        <cell align="left" valign="middle">small e, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&eacute;</cell>
-        <cell align="left" valign="middle">&amp;eacute;</cell>
-        <cell align="left" valign="middle">small e, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ecirc;</cell>
-        <cell align="left" valign="middle">&amp;ecirc;</cell>
-        <cell align="left" valign="middle">small e, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&euml;</cell>
-        <cell align="left" valign="middle">&amp;euml;</cell>
-        <cell align="left" valign="middle">small e, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&igrave;</cell>
-        <cell align="left" valign="middle">&amp;igrave;</cell>
-        <cell align="left" valign="middle">small i, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&iacute;</cell>
-        <cell align="left" valign="middle">&amp;iacute;</cell>
-        <cell align="left" valign="middle">small i, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&icirc;</cell>
-        <cell align="left" valign="middle">&amp;icirc;</cell>
-        <cell align="left" valign="middle">small i, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&iuml;</cell>
-        <cell align="left" valign="middle">&amp;iuml;</cell>
-        <cell align="left" valign="middle">small i, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&eth;</cell>
-        <cell align="left" valign="middle">&amp;eth;</cell>
-        <cell align="left" valign="middle">small eth, Icelandic</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ntilde;</cell>
-        <cell align="left" valign="middle">&amp;ntilde;</cell>
-        <cell align="left" valign="middle">small n, tilde</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ograve;</cell>
-        <cell align="left" valign="middle">&amp;ograve;</cell>
-        <cell align="left" valign="middle">small o, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&oacute;</cell>
-        <cell align="left" valign="middle">&amp;oacute;</cell>
-        <cell align="left" valign="middle">small o, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ocirc;</cell>
-        <cell align="left" valign="middle">&amp;ocirc;</cell>
-        <cell align="left" valign="middle">small o, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&otilde;</cell>
-        <cell align="left" valign="middle">&amp;otilde;</cell>
-        <cell align="left" valign="middle">small o, tilde</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ouml;</cell>
-        <cell align="left" valign="middle">&amp;ouml;</cell>
-        <cell align="left" valign="middle">small o, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&divide;</cell>
-        <cell align="left" valign="middle">&amp;divide;</cell>
-        <cell align="left" valign="middle">divide sign</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&oslash;</cell>
-        <cell align="left" valign="middle">&amp;oslash;</cell>
-        <cell align="left" valign="middle">small o, slash</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ugrave;</cell>
-        <cell align="left" valign="middle">&amp;ugrave;</cell>
-        <cell align="left" valign="middle">small u, grave accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&uacute;</cell>
-        <cell align="left" valign="middle">&amp;uacute;</cell>
-        <cell align="left" valign="middle">small u, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&ucirc;</cell>
-        <cell align="left" valign="middle">&amp;ucirc;</cell>
-        <cell align="left" valign="middle">small u, circumflex accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&uuml;</cell>
-        <cell align="left" valign="middle">&amp;uuml;</cell>
-        <cell align="left" valign="middle">small u, dieresis or umlaut mark</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&yacute;</cell>
-        <cell align="left" valign="middle">&amp;yacute;</cell>
-        <cell align="left" valign="middle">small y, acute accent</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&thorn;</cell>
-        <cell align="left" valign="middle">&amp;thorn;</cell>
-        <cell align="left" valign="middle">small thorn, Icelandic</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">&yuml;</cell>
-        <cell align="left" valign="middle">&amp;yuml;</cell>
-        <cell align="left" valign="middle">small y, dieresis or umlaut mark</cell>
-      </row>
-      <tcaption>Accented Latin-1 alphabetic characters.</tcaption>
-    </table>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/doc/src/docb_gen.xml b/lib/docbuilder/doc/src/docb_gen.xml
deleted file mode 100644
index d4ebfd0f84..0000000000
--- a/lib/docbuilder/doc/src/docb_gen.xml
+++ /dev/null
@@ -1,213 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1" ?>
-<!DOCTYPE erlref SYSTEM "erlref.dtd">
-
-<erlref>
-  <header>
-    <copyright>
-      <year>1999</year>
-      <year>2011</year>
-      <holder>Ericsson AB, All Rights Reserved</holder>
-    </copyright>
-    <legalnotice>
- The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved online at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
-    </legalnotice>
-    <title>docb_gen</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-  </header>
-  <module>docb_gen</module>
-  <modulesummary>Generate XML from EDoc comments in Erlang source code.
-  </modulesummary>
-
-  <description>
-    <p><c>docb_gen</c> contains functions for generating XML
-      documentation source code according to the <c>erlref</c> or
-      <c>chapter</c> DTD from
-      <seealso marker="edoc:chapter">EDoc</seealso> comments in Erlang
-      source code or an <c>overview.edoc</c> file, using EDoc.</p>
-  </description>
-
-  <funcs>
-    <func>
-      <name>module(File) -> ok | {error, Reason}</name>
-      <name>module(File, Options) -> ok | {error, Reason}</name>
-      <fsummary>Generate XML from EDoc comments in Erlang source code.
-      </fsummary>
-      <type>
-	<v>File = string()</v>
-	<v>Options = [Opt]</v>
-	<v>Opt = {def,Defs} | {includes,Dirs} | {preprocess,Bool}
-	  | {sort_functions,Bool}</v>
-	<v>Defs = [{atom(),string()}]</v>
-	<v>Dirs = [string()]</v>
-	<v>Bool = bool()</v>
-	<v>Reason = badfile | {badopt,term()} | term()</v>
-      </type>
-      <desc>
-        <p>Generates XML documentation source code according to
-	  the <c>erlref</c> DTD from EDoc comments <c>File</c>, using
-	  the EDoc application.</p>
-
-        <p><c>File</c> is an Erlang source file, given with or without
-	  the <c>.erl</c> extension as <c>Name.erl</c> or <c>Name</c>.
-	  The resulting XML file is created in the current working
-	  directory and named <c>Name.xml</c>.</p>
-
-	<p><c>Options</c> is a list of options, see below.</p>
-
-	<p>Returns <c>ok</c> if successful, and an error tuple
-	  otherwise.</p>
-      </desc>
-    </func>
-
-    <func>
-      <name>users_guide(File) -> ok | {error, Reason}</name>
-      <name>users_guide(File, Options) -> ok | {error, Reason}</name>
-      <fsummary>Generate XML from EDoc comments in Erlang source code
-      </fsummary>
-      <type>
-	<v>File -- see module/1,2</v>
-	<v>Options -- see module/1,2</v>
-	<v>Reason -- see module/1,2</v>
-      </type>
-      <desc>
-        <p>Like <c>module/1,2</c> but generates XML source code
-	  according to the <c>chapter</c> DTD from an
-	  <c>overview.edoc</c> or similar file.</p>
-
-	<p>The resulting file is named <c>chapter.xml</c>.</p>
-      </desc>
-    </func>
-  </funcs>
-
-  <section>
-    <title>Options</title>
-    <taglist>
-      <tag><c>{def, [{Name,Text}]}</c></tag>
-      <item>Specifies EDoc macro definitions. See
-	<seealso marker="edoc:edoc">edoc:get_doc/2</seealso>.</item>
-
-      <tag><c>{includes, [Dir]}</c></tag>
-      <item>Specifies directories where EDoc should search for include
-	files. See
-	<seealso marker="edoc:edoc">edoc:read_source/2</seealso>.</item>
-
-      <tag><c>{preprocess, true|false}</c></tag>
-      <item>Specifies if EDoc should read the source file via the Erlang
-	preprocessor. Default is <c>false</c>. See
-	<seealso marker="edoc:edoc">edoc:read_source/2</seealso>.</item>
-
-      <tag><c>{sort_functions, true|false}</c></tag>
-      <item>Specifies if the functions in the resulting XML file should
-	be sorted alphabetically. Default is <c>true</c>.</item>
-    </taglist>
-  </section>
-
-  <section>
-    <title>Limitations</title>
-    <p>The mapping from the EDoc XHTML output to valid Erlang/OTP XML
-       is not complete. An attempt has been made to cover the most
-       commonly used XHTML constructs, but there will still be cases
-       where XML generation fails or where the resulting XML is
-       inadequate. This is especially true for <c>users_guide/1,2</c>.
-    </p>
-
-    <p>Known limitations for some XHTML tags:</p>
-    <taglist>
-      <tag><c><![CDATA[<a>]]></c></tag>
-      <item>
-        <p>All attributes except the first <c>href</c> or <c>name</c>
-	  attribute are ignored.</p>
-        <p>A <c>href</c> attribute means the <c><![CDATA[<a>]]></c> tag
-	  will be transformed to a <c><![CDATA[<seealso>]]></c> or
-	  <c><![CDATA[<url>]]></c> tag and an attempt is made to
-	  resolve the reference if necessary.</p>
-
-	<p>A <c>name</c> attribute means the <c><![CDATA[<a>]]></c> tag
-	  will be transformed to a <c><![CDATA[<marker>]]></c> tag.</p>
-      </item>
-
-      <tag><c><![CDATA[<b>, <em>, <pre>]]></c></tag>
-      <item>Cannot contain other tags in Erlang/OTP XML, content is
-	converted to plain text.
-      </item>
-
-      <tag><c><![CDATA[<center>]]></c></tag>
-      <item>No corresponding Erlang/OTP XML tag, converted to plain
-	text.
-      </item>
-
-      <tag><c><![CDATA[<font>]]></c></tag>
-      <item>No corresponding Erlang/OTP XML tag, converted to plain
-	text.
-      </item>
-
-      <tag><c><![CDATA[<h1>, <h2>, ...]]></c></tag>
-      <item>There is no tag corresponding to a header in Erlang/OTP XML,
-	so these are converted to plain text instead, with
-	the exception of <c><![CDATA[<h3>]]></c> and
-	<c><![CDATA[<h4>]]></c> tags within <c>overview.edoc</c>, see
-	part about "<c>chapter</c> DTD" below.
-      </item>
-
-      <tag><c><![CDATA[<sup>]]></c></tag>
-      <item>There is no tag corresponding to superscript in Erlang/OTP
-	XML, so this is converted to plain text within brackets "(..)".
-      </item>
-
-      <tag>References</tag>
-      <item>The markers automatically inserted by EDoc at each heading
-	and function will override the markers automatically inserted
-	by DocBuilder, with the unfortunate result that the links in
-	the left-hand frame of the User's Guide will not work, and
-	also that cross referencing a function in a module the usual
-	Erlang/OTP way
-	"<c><![CDATA[<seealso marker="edoc:edoc#run/3...>]]></c>" does
-	not work. (But
-	"<c><![CDATA[<seealso marker="edoc:edoc#run-3...>]]></c>" does.)
-      </item>
-    </taglist>
-
-    <p><em>erlref DTD</em></p>
-    <taglist>
-      <tag>Tables</tag>
-      <item>Tables are not allowed. The contents of a table is
-	converted to text instead, each row corresponding to one line
-	of text.
-      </item>
-    </taglist>
-
-    <p><em>chapter DTD</em></p>
-    <taglist>
-      <tag>Sections</tag>
-      <item>Only two levels of sections. <c><![CDATA[<h3>]]></c>
-	(equivalent to EDoc headings "<c>== Heading ==</c>") is
-	interpreted as start of top-level section, or if there is no
-	<c><![CDATA[<h3>]]></c> tag, the entire document is made into
-	one top-level section. <c><![CDATA[<h4>]]></c> (equivalent to
-	EDoc sub-headings ("<c><![CDATA[=== Sub-heading ===]]></c>") is
-	interpreted as start of second-level section.
-      </item>
-
-      <tag>Tables</tag>
-      <item>Tables without borders are converted to text in the same
-	manner as for the <c>erlref</c> DTD.
-      </item>
-    </taglist>
-  </section>
-
-</erlref>
-
diff --git a/lib/docbuilder/doc/src/docb_transform.xml b/lib/docbuilder/doc/src/docb_transform.xml
deleted file mode 100644
index 06a04c8c02..0000000000
--- a/lib/docbuilder/doc/src/docb_transform.xml
+++ /dev/null
@@ -1,224 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE erlref SYSTEM "erlref.dtd">
-
-<erlref>
-  <header>
-    <copyright>
-      <year>2001</year>
-      <year>2011</year>
-      <holder>Ericsson AB, All Rights Reserved</holder>
-    </copyright>
-    <legalnotice>
-  The contents of this file are subject to the Erlang Public License,
-  Version 1.1, (the "License"); you may not use this file except in
-  compliance with the License. You should have received a copy of the
-  Erlang Public License along with this software. If not, it can be
-  retrieved online at http://www.erlang.org/.
-
-  Software distributed under the License is distributed on an "AS IS"
-  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-  the License for the specific language governing rights and limitations
-  under the License.
-
-  The Initial Developer of the Original Code is Ericsson AB.
-    </legalnotice>
-
-    <title>docb_transform</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-  </header>
-  <module>docb_transform</module>
-  <modulesummary>Transform XML to HTML</modulesummary>
-  <description>
-    <p><c>docb_transform</c> contains functions for transforming XML
-      documentation source code to HTML.</p>
-  </description>
-
-  <funcs>
-    <func>
-      <name>file(File) -> ok | {error, Reason}</name>
-      <name>file(File, Options) -> ok | {error, Reason}</name>
-      <fsummary>Transform XML to HTML</fsummary>
-      <type>
-	<v>File = string()</v>
-	<v>Options = [Opt]</v>
-	<v>Opt -- see below</v>
-      </type>
-      <desc>
-        <p>Transforms XML documentation source code to HTML.</p>
-
-        <p><c>File</c> is a documentation source file, given with or
-	  without the <c>.xml</c> extension as <c>Name.xml</c> or
-	  <c>Name</c>.</p>
-
-	<p>If <c>File</c> contains XML code according to a basic DTD
-	  (<c>chapter</c>, <c>erlref</c>, ...), the resulting HTML
-	  file is named <c>Name.html</c>.</p>
-
-        <p>If <c>File</c> contains XML code according to a compound DTD
-	  (<c>application</c> or <c>part</c>), several files are
-	  created:</p>
-	<list>
-	  <item>A cover page for the application with two frames,
-	    <c>Name_frame.html</c>.</item>
-	  <item>The contents of the left frame and a front page,
-	    <c>Name.html</c> and <c>Name_first.html</c>.</item>
-	  <item>A bibliography and a glossary, <c>Name_cite.html</c>
-	    and <c>Name_term.html</c>.</item>
-	  <item>In the case of an <c>application</c> DTD an index
-	    is created, <c>Name.kwc</c> and <c>Name_index.html</c>.
-	  </item>
-	  <item>One HTML file for each file included from <c>File</c>.
-	  </item>
-	  <item>Also, if there exists a <c>fascicules.xml</c> file where
-	    the value of the <c>entry</c> attribute for <c>File</c> is
-	    <c>"yes"</c>, the cover page is copied to <c>index.html</c>.
-	  </item>
-	</list>
-      </desc>
-    </func>
-  </funcs>
-
-  <section>
-    <title>Options</title>
-    <taglist>
-      <tag><c>{html_mod, Module}, Module=atom()</c></tag>
-      <item>
-	<p>A callback module can be used for specifying HTML snippets
-	  that should be included in the generated HTML files, see
-	  below.</p>
-      </item>
-
-      <tag><c>{outdir, Dir}, Dir=string()</c></tag>
-      <item>
-        <p>Destination for generated files. Default is current working
-	  directory.</p>
-      </item>
-
-      <tag><c>{number, Number}, Number=int()</c></tag>
-      <item>
-        <p>First chapter number when transforming a <c>chapter</c>
-	  file. Default is 1.</p>
-      </item>
-
-      <tag><c>{ptype, unix|windows}</c></tag>
-      <item>
-        <p>For <c>path</c> elements, the specified file path should be
-	  presented.</p>
-      </item>
-
-      <tag><c>silent</c></tag>
-      <item>
-        <p>Silent - no warnings, only error information is printed.</p>
-      </item>
-
-      <tag><c>{top, Index}, Index=string()</c></tag>
-      <item>
-	<p>Specifies the value of "Top" in the left frame of a front
-	  page, which normally should be some kind of top index file
-	  for the documentation.</p>
-      </item>
-
-      <tag><c>{vsn, Vsn}, Vsn=string()</c></tag>
-      <item>
-	<p>Application version number. Overrides a version number
-	  defined in the XML document. Visible in the left frame and
-	  on the front page.</p>
-      </item>
-
-      <tag><c>{term_defs, File}, File=string()</c></tag>
-      <item>
-        <p>Use the global glossary definitions in <c>File</c>, which
-	  should contain a list of tuples <c>{Id, Name, Definition,
-	    Owner}</c>. See the section
-	  <seealso marker="inline_tags#termTAG">&lt;term&gt;,
-	    &lt;termdef&gt; - Glossary</seealso> in the User's Guide.
-	</p>
-      </item>
-
-      <tag><c>{cite_defs, File}, File=string()</c></tag>
-      <item>
-        <p>Use the global bibliography definitions in <c>File</c>, which
-	  should contain a list of tuples <c>{Id, Title, Info,
-	    Owner}</c>. See the section
-	  <seealso marker="inline_tags#citeTAG">&lt;cite&gt;,
-	    &lt;citedef&gt; - Bibliography</seealso> in the User's
-	  Guide.</p>
-      </item>
-    </taglist>
-  </section>
-
-  <section>
-    <title>Callback Module</title>
-
-    <p>A <c>html_mod</c> callback module can include the functions
-      specified below. Note that there is no check that the resulting
-      HTML code is valid. All functions are optional.</p>
-  </section>
-
-  <funcs>
-    <func>
-      <name>Module:head() -> string()</name>
-      <fsummary>Snippet to be included in head of a document.</fsummary>
-      <desc>
-	<p>Defines a HTML snippet to be included in the head of
-	  a document, after the <c>&lt;HEAD></c> start tag and
-	  <c>&lt;TITLE></c> tag:</p>
-	<pre>
-&lt;HTML>
-&lt;HEAD>
-  &lt;TITLE>...&lt;/TITLE>
-  - snippet is included here -
-  ...
-&lt;/HEAD>
-...
-&lt;/HTML>
-	</pre>
-      </desc>
-    </func>
-
-    <func>
-      <name>Module:top() -> string()</name>
-      <fsummary>Snippet to be included at the top of a document.
-      </fsummary>
-      <desc>
-	<p>Defines a HTML snippet to be included at the top of a
-	  document, after the <c>&lt;BODY></c> start tag.</p>
-      </desc>
-    </func>
-
-    <func>
-      <name>Module:bottom() -> string()</name>
-      <fsummary>Snippet to be included at the bottom of a document.
-      </fsummary>
-      <desc>
-	<p>Defines a HTML snippet to be included at the bottom of a
-	  document, before the <c>&lt;/BODY></c> end tag.</p>
-      </desc>
-    </func>
-
-    <func>
-      <name>Module:seealso(SeeAlso) -> Href</name>
-      <fsummary></fsummary>
-      <type>
-	<v>SeeAlso = Href = string()</v>
-      </type>
-      <desc>
-	<p>When referring to another part of the document, or another
-	  document, the XML tag <c>&lt;seealso&gt;</c> is used:
-	  <c><![CDATA[<seealso marker="File#Marker">...text...</seealso>]]></c>.
-	  By default, this is translated to
-	  <c><![CDATA[<A HREF="File.html#Marker>...text...</A>]]></c>.</p>
-
-	<p>This function makes it possible to specify an alternative
-	  translation <c>Href</c> of the <c>marker</c> attribute value
-	  <c>SeeAlso</c>. For example, in OTP this is used to resolve
-	  cross references between applications.</p>
-      </desc>
-    </func>
-  </funcs>
-
-</erlref>
-
diff --git a/lib/docbuilder/doc/src/docb_xml_check.xml b/lib/docbuilder/doc/src/docb_xml_check.xml
deleted file mode 100644
index eff4fc4342..0000000000
--- a/lib/docbuilder/doc/src/docb_xml_check.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE erlref SYSTEM "erlref.dtd">
-
-<erlref>
-  <header>
-    <copyright>
-      <year>2007</year>
-      <year>2011</year>
-      <holder>Ericsson AB, All Rights Reserved</holder>
-    </copyright>
-    <legalnotice>
-  The contents of this file are subject to the Erlang Public License,
-  Version 1.1, (the "License"); you may not use this file except in
-  compliance with the License. You should have received a copy of the
-  Erlang Public License along with this software. If not, it can be
-  retrieved online at http://www.erlang.org/.
-
-  Software distributed under the License is distributed on an "AS IS"
-  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-  the License for the specific language governing rights and limitations
-  under the License.
-
-  The Initial Developer of the Original Code is Ericsson AB.
-    </legalnotice>
-
-    <title>docb_xml_check</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-  </header>
-  <module>docb_xml_check</module>
-  <modulesummary>Validate XML documentation source code</modulesummary>
-  <description>
-    <p><c>docb_xml_check</c> contains functions for validating XML
-      documentation source code.</p>
-  </description>
-
-  <funcs>
-    <func>
-      <name>validate(File) -> ok | error | {error, badfile}</name>
-      <fsummary>Validate XML source code.</fsummary>
-      <type>
-	<v>File = string()</v>
-      </type>
-      <desc>
-        <p>Validates the XML documentation source code in <c>File</c>.
-	  The <c>.xml</c> extension can be omitted.</p>
-
-	<p>Returns <c>ok</c> if successful, otherwise error information
-	  is printed and the function returns <c>error</c>.
-	  If <c>File</c> does not exist, <c>{error, badfile}</c> is
-	  returned.</p>
-      </desc>
-    </func>
-  </funcs>
-
-</erlref>
-
diff --git a/lib/docbuilder/doc/src/docbuilder_app.xml b/lib/docbuilder/doc/src/docbuilder_app.xml
deleted file mode 100644
index 58b8daf598..0000000000
--- a/lib/docbuilder/doc/src/docbuilder_app.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE appref SYSTEM "appref.dtd">
-
-<appref>
-  <header>
-    <copyright>
-      <year>2007</year>
-      <year>2011</year>
-      <holder>Ericsson AB, All Rights Reserved</holder>
-    </copyright>
-    <legalnotice>
-  The contents of this file are subject to the Erlang Public License,
-  Version 1.1, (the "License"); you may not use this file except in
-  compliance with the License. You should have received a copy of the
-  Erlang Public License along with this software. If not, it can be
-  retrieved online at http://www.erlang.org/.
-
-  Software distributed under the License is distributed on an "AS IS"
-  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-  the License for the specific language governing rights and limitations
-  under the License.
-
-  The Initial Developer of the Original Code is Ericsson AB.
-    </legalnotice>
-
-    <title>docbuilder</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-  </header>
-  <app>docbuilder</app>
-  <appsummary>The DocBuilder Application</appsummary>
-  <description>
-    <p>DocBuilder provides functionality for generating HTML
-       documentation for Erlang modules and Erlang/OTP applications
-       from XML source code and/or EDoc comments in Erlang source code.
-    </p>
-  </description>
-
-  <section>
-    <title>Limitations</title>
-    <p>DocBuilder is primarily intended for generating documentation
-      for Erlang/OTP itself. That is, no attempt has been made to create
-      a tool suitable for generating documentation in general.</p>
-  </section>
-
-  <section>
-    <title>See Also</title>
-    <p>DocBuilder User's Guide,
-      <seealso marker="docb_gen">docb_gen(3)</seealso>,
-      <seealso marker="docb_transform">docb_transform(3)</seealso>
-      <seealso marker="docb_xml_check"></seealso></p>
-  </section>
-
-</appref>
-
diff --git a/lib/docbuilder/doc/src/fasc_dtds.xml b/lib/docbuilder/doc/src/fasc_dtds.xml
deleted file mode 100644
index dec8189b55..0000000000
--- a/lib/docbuilder/doc/src/fasc_dtds.xml
+++ /dev/null
@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>2007</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>Fascicules DTDs</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-    <file>fasc_dtds.xml</file>
-  </header>
-
-  <section>
-    <title>The fascicules DTD</title>
-
-    <p>The <c>fascicules</c> DTD is a special kind of DTD which can be
-      used to specify the different parts of the documentation, and
-      which one of those should be shown as default.</p>
-
-    <p>Example:</p>
-
-    <pre><![CDATA[
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE fascicules SYSTEM "fascicules.dtd">
-<fascicules>
-  <fascicule file="part" href="part_frame.html" entry="no">
-    User's Guide
-  </fascicule>
-  <fascicule file="ref_man" href="ref_man_frame.html" entry="yes">
-    Reference Manual
-  </fascicule>
-  <fascicule file="part_notes" href="part_notes_frame.html" entry="no">
-    Release Notes
-  </fascicule>
-</fascicules>
-    ]]></pre>
-
-    <p>In the example, it is specified that the documentation for this
-      application consists of three parts: User's Guide, where
-      the "cover page" (with the two frames) is located in
-      <c>part_frame.html</c>, Reference Manual with the cover page
-      <c>ref_man_frame.html</c> and Release Notes with the cover page
-      <c>part_notes_frame.html</c>.</p>
-
-    <p>As a result, at the top of the left frame in the generated HTML
-      documentation, there will be corresponding links to User's Guide,
-      Reference Manual and Release Notes.</p>
-
-    <p>The attribute <c>entry="yes"</c> specifies that it is
-      the Reference Manual which should be shown as default. This means
-      that when generating the HTML files, <c>application_frame.html</c>
-      will be copied to <c>index.html</c>.</p>
-
-    <note>
-      <p>DocBuilder assumes that the XML file written according to
-	the <c>fascicules</c> DTD is called <c>fascicules.xml</c>.</p>
-    </note>
-
-    <p>This file is optional. If it does not exist, there are no links
-      to other parts of the documentation (as they are not known) in
-      the left frame, and no <c>index.html</c> is created.</p>
-  </section>
-
-  <section>
-    <marker id="fasciculesTAG"></marker>
-    <title>&lt;fascicules&gt;</title>
-
-    <p>Top level tag for the <c>fascicules</c> DTD.</p>
-
-    <p>Contains one or more
-      <seealso marker="#fasciculeTAG">&lt;fascicule&gt;</seealso>.</p>
-  </section>
-
-  <section>
-    <marker id="fasciculeTAG"></marker>
-    <title>&lt;fascicule&gt;</title>
-
-    <p>Specifies properties for one "part" of the documentation for an
-      application.</p>
-
-    <p>Contains plain text, the name of this part.</p>
-
-    <p>The <c>file</c> attribute should specify the file name for
-      the corresponding <c>part</c> or <c>application</c>, without
-      the <c>.xml</c> extension.</p>
-
-    <p>The <c>href</c> attribute should specify the file name for
-      the corresponding HTML cover page file, without the <c>.html</c>
-      extension.</p>
-
-    <p>The optional <c>entry="yes"|"no"</c> attribute specifies if
-      the HTML cover page should be copied to <c>index.html</c> or
-      not. Default is <c>"no"</c>.</p>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/doc/src/gazonk b/lib/docbuilder/doc/src/gazonk
deleted file mode 100644
index 1cf0b8f7bc..0000000000
--- a/lib/docbuilder/doc/src/gazonk
+++ /dev/null
@@ -1,17 +0,0 @@
-This example code is used in block_tags.xml.
-
-%% Erlang example
--module(gazonk).
-
-start() ->
-    {error,"Pid required!"}.
-
-start(Pid) ->
-    spawn(smalltalk,main,[]).
-%% Erlang example
-
-// A little C example
-int main() {
-  for(;;);
-}
-// A little C example
diff --git a/lib/docbuilder/doc/src/header_tags.xml b/lib/docbuilder/doc/src/header_tags.xml
deleted file mode 100644
index b1456d679a..0000000000
--- a/lib/docbuilder/doc/src/header_tags.xml
+++ /dev/null
@@ -1,183 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>1997</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>Header Tags</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-    <file>header_tags.xml</file>
-  </header>
-
-  <p>Each document begins with a header part, which looks the same for
-    all DTDs. Here the title of the document is specified, as well as
-    administrative data like who is responsible for the document, which
-    version is it, when was it last changed and such.</p>
-
-  <p>An full header looks like:</p>
-  <pre>
-&lt;header>
-  &lt;copyright>...&lt;/copyright>
-  &lt;legalnotice>...&lt;/legalnotice>
-  &lt;title>...&lt;/title>
-  &lt;prepared>...&lt;/prepared>
-  &lt;responsible>...&lt;/responsible>
-  &lt;docno>...&lt;/docno>
-  &lt;approved>...&lt;/approved>
-  &lt;checked>...&lt;/checked>
-  &lt;date>...&lt;/date>
-  &lt;rev>...&lt;/rev>
-  &lt;file>...&lt;/file>
-&lt;/header>
-  </pre>
-
-  <section>
-    <marker id="headerTAG"></marker>
-    <title>&lt;header&gt;</title>
-
-    <p>Top level tag for the header part.</p>
-  </section>
-
-  <section>
-    <marker id="copyrightTAG"></marker>
-    <title>&lt;copyright&gt;</title>
-
-    <p>The <c>copyright</c> element holds information about date(s) and holder(s) of
-    a document copyright. The <c>copyright</c> element is optional.
-    The <c>copyright</c> element has an inner structure containing one or 
-    more 
-    <c>year</c> elements followed by zero of more <c>holder</c> elements.<br/> 
-    See example below:
-    </p>
-    <code><![CDATA[
-    <copyright>
-      <year>1997</year>
-      <year>2007</year>
-      <holder>Ericsson AB</holder>
-    </copyright>
-    ]]></code>
-  </section>
-
-  <section>
-    <marker id="legalnoticeTAG"></marker>
-    <title>&lt;legalnotice&gt;</title>
-
-    <p>The <c>legalnotice</c> element is used to express copyright, trademark,
-    license, and other legal formalities of a document. The element contains
-    only PCDATA in the same manner as <c>code</c> and <c>pre</c>.
-    </p>
-  </section>
-
-  <section>
-    <marker id="titleTAG"></marker>
-    <title>&lt;title&gt;</title>
-
-    <p>For <c>part</c> and <c>application</c> documents, this will be
-      the title of the document, visible in the left frame and on
-      the front page.</p>
-
-    <p>For <c>chapter</c> documents, this will be the chapter name.</p>
-
-    <p>For reference manual documents, this tag is ignored.</p>
-  </section>
-
-  <section>
-    <title>&lt;shorttitle&gt;</title>
-
-    <p>This optional tag is ignored by DocBuilder. It will likely be
-      removed in the future.</p>
-  </section>
-
-  <section>
-    <marker id="preparedTAG"></marker>
-    <title>&lt;prepared&gt;</title>
-
-    <p>This tag is intended for administrative use and is ignored by
-      DocBuilder.</p>
-  </section>
-
-  <section>
-    <marker id="responsibleTAG"></marker>
-    <title>&lt;responsible&gt;</title>
-
-    <p>This optional tag is intended for administrative use and is
-      ignored by DocBuilder.</p>
-  </section>
-
-  <section>
-    <marker id="docnoTAG"></marker>
-    <title>&lt;docno&gt;</title>
-
-    <p>Document number.</p>
-
-    <p>For <c>part</c> and <c>application</c> documents, the document
-      number is visible in the left frame and on the front page.</p>
-
-    <p>For other types of documents, this tag is ignored.</p>
-  </section>
-
-  <section>
-    <marker id="approvedTAG"></marker>
-    <title>&lt;approved&gt;</title>
-
-    <p>This optional tag is intended for administrative use and is
-      ignored by DocBuilder.</p>
-  </section>
-
-  <section>
-    <marker id="checkedTAG"></marker>
-    <title>&lt;checked&gt;</title>
-
-    <p>This optional tag is intended for administrative use and is
-      ignored by DocBuilder.</p>
-  </section>
-
-  <section>
-    <marker id="dateTAG"></marker>
-    <title>&lt;date&gt;</title>
-
-    <p>This tag is intended for administrative use and is ignored by
-      DocBuilder.</p>
-  </section>
-
-  <section>
-    <marker id="revTAG"></marker>
-    <title>&lt;rev&gt;</title>
-
-    <p>Document version.</p>
-
-    <p>For <c>part</c> and <c>application</c> documents, the document
-      version is visible in the left frame and on the front page.</p>
-
-    <p>For other types of documents, this tag is ignored.</p>
-  </section>
-
-  <section>
-    <marker id="fileTAG"></marker>
-    <title>&lt;file&gt;</title>
-
-    <p>This optional tag is intended for administrative use and is
-      ignored by DocBuilder.</p>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/doc/src/inline_tags.xml b/lib/docbuilder/doc/src/inline_tags.xml
deleted file mode 100644
index 5bcca54c05..0000000000
--- a/lib/docbuilder/doc/src/inline_tags.xml
+++ /dev/null
@@ -1,257 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>1997</year><year>2011</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-
-    </legalnotice>
-
-    <title>Inline Tags</title>
-    <prepared/>
-    <docno/>
-    <date/>
-    <rev/>
-    <file>inline_tags.xml</file>
-  </header>
-
-  <p>Inline tags are typically used within block tags, for example to
-    highlight a word within a paragraph.</p>
-
-  <section>
-    <marker id="brTAG"></marker>
-    <title>&lt;br&gt; - Line Break</title>
-
-    <p>Forces a newline. The <c><![CDATA[<br>]]></c> tag is both a
-      block- and an inline tag and is described in
-      the <seealso marker="block_tags#brTAG">Block Tags</seealso>
-      section.</p>
-  </section>
-
-  <section>
-    <marker id="cTAG"></marker>
-    <title>&lt;c&gt; - Code</title>
-
-    <p>Highlights things like variables and file names in a text flow.
-      Can contain plain text only. Newlines and tabs are ignored as
-      opposed to the <seealso marker="block_tags#codeTAG">code</seealso>
-      tag. All <seealso marker="character_entities">character
-	entities</seealso> are expanded. Example:</p>
-    <pre>
-&lt;p>Returns &lt;c>true&lt;/c> if &lt;c>Term&lt;/c> is an integer.&lt;/p>
-    </pre>
-    <p>results in:</p>
-    <p>Returns <c>true</c> if <c>Term</c> is an integer.</p>
-  </section>
-
-  <section>
-    <marker id="emTAG"></marker>
-    <title>&lt;em&gt; - Emphasis</title>
-
-    <p>Highlights words which are important within a text flow. Example:
-    </p>
-    <pre>
-&lt;p>The application &lt;em>must&lt;/em> be up and running.&lt;/p>
-    </pre>
-    <p>results in:</p>
-    <p>The application <em>must</em> be up and running.</p>
-
-    <p>Contains plain text or a
-      <seealso marker="#cTAG">&lt;c&gt;</seealso> tag.</p>
-  </section>
-
-  <section>
-    <marker id="markerTAG"/>
-    <title>&lt;marker&gt; - Marker</title>
-
-    <p>Used as an anchor for hypertext references. The <c>id</c>
-      attribute defines the name of the marker. Example:</p>
-    <marker id="marker_example"/>
-    <pre>
-&lt;marker id="marker_example"/&gt;
-    </pre>
-  
-    <p>The <seealso marker="#seealsoTAG">&lt;seealso&gt;</seealso> tag
-      is used to refer to the marker.</p>
-
-    <p>The <c><![CDATA[<marker>]]></c> tag is both a block- and an
-      inline tag.</p>
-  </section>
-
-  <section>
-    <marker id="pathTAG"></marker>
-    <title>&lt;path&gt; - Path</title>
-
-    <p>Highlights file paths. The attributes <c>unix</c> and
-      <c>windows</c> makes it possible to specify different paths for
-      different file path notations. Default for both are "".
-      Example:</p>
-    <pre>
-&lt;p>Look at the &lt;path unix=".profile" windows="win.ini"&gt;start-up file&lt;/path&gt;
-  if you intend to alter the initial behavior.&lt;/p>
-    </pre>
-    <p>If no <c>ptype</c> option is specified when calling
-      <seealso marker="docb_transform#file/1">docb_transform:file/1,2</seealso>,
-      this simply results in:</p>
-    <p>"Look at the <path>start-up file</path>
-      if you intend to alter the initial behavior."</p>
-
-    <p>If both the options <c>{ptype,unix}</c> and
-      <c>{ptype,windows}</c> are specified, the example instead results
-      in:</p>
-    <p>"Look at the <path unix=".profile" windows="win.ini">start-up file</path>
-      if you intend to alter the initial behavior."</p>
-  </section>
-
-  <section>
-    <marker id="seealsoTAG"></marker>
-    <title>&lt;seealso&gt; - Local Cross Reference</title>
-
-    <p>A cross reference (hypertext link) to a marker in the same file,
-      a marker in another file, or (the top of) another file, given by
-      the <c>marker</c> attribute. Must contain plain text. Examples:
-      </p>
-
-    <pre><![CDATA[
-      <seealso marker="#marker_example">marker example</seealso>
-    ]]></pre>
-    <p>results in:
-      <seealso marker="#marker_example">marker example</seealso>
-      (a hypertext link to the marker example above).</p>
-
-    <pre><![CDATA[
-      <seealso marker="block_tags#markerTAG">marker tag</seealso>
-    ]]></pre>
-    <p>results in:
-      <seealso marker="block_tags#markerTAG">marker tag</seealso>
-      (a hypertext link to the marker section in the Block Tags
-      chapter).</p>
-    
-    <pre><![CDATA[
-      <seealso marker="overview">Overview</seealso>
-    ]]></pre>
-    <p>results in:
-      <seealso marker="overview">Overview</seealso>
-      (a hypertext link to the Overview chapter).</p>
-
-    <p>Note the use of "#" before the name of the marker. Note also
-      that the filename extension <c>.html</c> is omitted. This is
-      because the default behavior of DocBuilder is to translate
-      <c><![CDATA[<seealso marker="File#Marker">text</seealso>]]></c>
-      to <c><![CDATA[<A HREF="File.html#Marker">text</A>]]></c>.</p>
-
-    <p>The default behaviour can be modified by using the callback
-      module option to <c>docb_transform:file/1,2</c> and defining a
-      callback function
-      <seealso marker="docb_transform#Module:seealso-1">Module:seealso/1</seealso>.
-      This possibility is for example used in OTP to resolve cross
-      references between applications.</p>
-  </section>
-    
-  <section>
-    <marker id="urlTAG"></marker>
-    <title>&lt;url&gt; - Non-Local Cross Reference</title>
-
-    <p>A reference to a file outside the documentation, a web address or
-      similar, given by the <c>href</c> attribute. Must contain plain
-      text. Example:</p>
-    <pre><![CDATA[
-<url href="http://www.erlang.org">erlang.org</url>
-    ]]></pre>
-    <p>results in: <url href="http://www.erlang.org">erlang.org</url>
-    </p>
-  </section>
-
-  <section>
-    <marker id="termTAG"></marker>
-    <marker id="termdefTAG"></marker>
-    <title>&lt;term&gt;, &lt;termdef&gt; - Glossary</title>
-
-    <p>Used to highlight a term with a local (for this document only) or
-      global definition. The identity of the term is given by
-      the <c>id</c> attribute.</p>
-
-    <p>For a locally defined term, the tag contains a
-      <c>&lt;termdef&gt;</c>, which in turn contains an explanation of
-      the term as plain text. Example:</p>
-    <pre><![CDATA[
-<term id="HTML"><termdef>Hyper-Text Markup Language</termdef></term>
-      ]]></pre>
-
-    <p>For a globally defined term, the tag is empty. Example:</p>
-    <pre><![CDATA[
-<term id="HTML"/>
-      ]]></pre>
-
-    <p>Global definitions are given to DocBuilder in a file, using the
-      <seealso marker="docb_transform#file/1">docb_transform:file/1,2</seealso>
-      option <c>term_defs</c>. The file should contain a list of tuples,
-      one for each term definition, on the format
-      <c>{Id,Name,Definition,Owner}</c>. The <c>Owner</c> part is just
-      for administration, if there are several people contributing to a
-      term definition file. Example:</p>
-    <pre>
-[...,
- {"HTML", "HTML", "Hyper-Text Markup Language", "Gunilla"},
- ...].
-    </pre>
-
-    <p>DocBuilder will collect both local and global definitions in a
-      glossary, which can be reached from a link in the left frame of
-      the HTML documentation.</p>
-
-    <p>In the generated HTML, it is the term name which will be visible.
-      For locally defined terms, the id and the name are the same.
-      The name has a hypertext link to the definition in the glossary.
-      Example:</p>
-    <pre><![CDATA[
-<term id="HTML"><termdef>Hyper-Text Markup Language</termdef></term>
-      ]]></pre>
-    <p>results in: <term id="HTML"><termdef>Hyper-Text Markup Language</termdef></term>
-    </p>
-
-    <p>If a term is defined both locally and globally, the global
-      definition takes precedence.</p>
-  </section>
-
-  <section>
-    <marker id="citeTAG"></marker>
-    <marker id="citedefTAG"></marker>
-    <title>&lt;cite&gt;, &lt;citedef&gt; - Bibliography</title>
-
-    <p>Works the same way as <c>&lt;term&gt;</c> and
-      <c>&lt;termdef&gt;</c>, but for a bibliography list rather than
-      a glossary.</p>
-
-    <p>A global bibliography list is given to DocBuilder in a file,
-      using the <seealso marker="docb_transform#file/1">docb_transform:file/1,2</seealso>
-      option <c>cite_defs</c>. The file should contain a list of tuples,
-      one for each cite, on the format
-      <c>{Id,Title,Info,Owner}</c>. The <c>Owner</c> part is just
-      for administration, if there are several people contributing to a
-      bibliography file. Example:</p>
-    <pre>
-[...,
- {"erlbook",
-  "Concurrent Programming in ERLANG","J. Armstrong, R. Virding, C. Wikstr&ouml;m, "
-  "M. Williams, Concurrent Programming in ERLANG, Prentice Hall, 1996, ISBN 0-13-508301-X",
-  "jocke"},
- ...].
-    </pre>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/doc/src/make.dep b/lib/docbuilder/doc/src/make.dep
deleted file mode 100644
index d9b075e114..0000000000
--- a/lib/docbuilder/doc/src/make.dep
+++ /dev/null
@@ -1,33 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: block_tags.tex book.tex character_entities.tex \
-		docb_gen.tex docb_transform.tex docb_xml_check.tex \
-		docbuilder_app.tex fasc_dtds.tex header_tags.tex \
-		inline_tags.tex overview.tex part.tex ref_man.tex \
-		refman_dtds.tex user_guide_dtds.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-block_tags.tex: gazonk
-
-book.tex: ref_man.xml
-
-inline_tags.tex: ../../../../system/doc/definitions/term.defs
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: man.ps
-
diff --git a/lib/docbuilder/doc/src/man.ps b/lib/docbuilder/doc/src/man.ps
deleted file mode 100644
index b4d7ef7636..0000000000
--- a/lib/docbuilder/doc/src/man.ps
+++ /dev/null
@@ -1,750 +0,0 @@
-%!PS-Adobe-2.0 EPSF-2.0
-%%Title: /clearcase/otp/internal_tools/sgml/test/man.ps
-%%Creator: XV Version 3.10a  Rev: 12/29/94  -  by John Bradley
-%%BoundingBox: 243 308 369 484
-%%Pages: 1
-%%DocumentFonts:
-%%EndComments
-%%EndProlog
-
-%%Page: 1 1
-
-% remember original state
-/origstate save def
-
-% build a temporary dictionary
-20 dict begin
-
-% define string to hold a scanline's worth of data
-/pix 126 string def
-
-% define space for color conversions
-/grays 126 string def  % space for gray scale line
-/npixls 0 def
-/rgbindx 0 def
-
-% lower left corner
-243 308 translate
-
-% size of image (on paper, in 1/72inch coords)
-126.00000 175.96800 scale
-
-126 176 8			% dimensions of data
-[126 0 0 -176 0 176]		% mapping matrix
-{currentfile pix readhexstring pop}
-image
-
-110000110011111111111100111111110011110011111111111100111111112222222222
-33445544446655665555665566666655666666888888778899888899aabbaabbbbbbaabb
-bbaaaaaaaabbbbbbaabbccddbbaaaaccccccddddccddddccbbccccccbbccccaabbaaaaaa
-9999aaaa8899887777554455666655555544
-000000110011110000001100112222111111001111111100001111111111112222112233
-55334444446666775544555555775577777766888888889988889999aaccbbaabb99aaaa
-bbbbaaaaaaaabbbbccccccccccccbbccccccccddccddddccbbaaccddccbbaaccbbbbaaaa
-999999889977667755554455666655444444
-110011000011000000111111111100111100112211111111110011111111112222222233
-3344444455446677665555667777667788888888667788aa88999999aabbaabbaa889999
-aabbbbbbaaaaaabbddccccccbbccccccbbaaccccccccccccbbccccccccbbbbbbbbaaaa99
-9999aa888877666655555555555544333344
-110000110011110000001111111111000011001122110011111111002211222211224433
-3333444444556677666655667777667777888877666688998899aa99aabbaaaaaaaabbaa
-99aabbaabbbbbbbbbbccbbddaabbccbbaa99ccddccccccbbccccccddccbbbbaaccaa9988
-889988887766665566665544443344554444
-000000000000110011000000110000110000001111000000111100221111111133222222
-33444433444455667777555555776666778888667777778888aa998888bbaa99aaaaaabb
-bbbbbbaabbccbbbbbbccbbbbbbccccaabbbbbbccccccbbbbbbbbccbbbbbbbbbbbbaa7788
-aa9988889966666655666655553355556644
-110011111111111100111100110011000000001100002211111122221122111122222222
-33443333334455776666776666667766778855668866777788448899889988889999bbaa
-aaaabbaaaabbbbaabbbbbbbbbbbbaa99bbaabbccddccccccbbccbbbbaabbbbaaaa777788
-aa9999aa9988776677777755555544556655
-110000001111111122111111000000001111110011111111110022111111111133222233
-223322445555445544667777667777667777887788887799883377999999998899aaaaaa
-99aabbbbccbbbbbbbbbbaaaaaabb99aaaabbbbbbccccccbbccccbbbbaabbaaccaa886688
-9999aaaa9988888866667744555544445544
-110000111122111111221100111111110011111111111100111111222222221122333333
-22222244556655445555667788778888aaaa88aa889999aabbaaaa998888998899aa99aa
-bbaabbccbbbbaaaabbbbbbbbbbbbaabbaaaaccccccbbccddccbbaabbaabbaabb99888888
-99aa99aa9988888866446655554444444444
-110000001111111111110011110000111100221111001111000011222222222222333344
-223322444466664455667766777788777755556666333344557788aa9999888888aa88aa
-aabbbbaabbaaccbbaaaaaaccbbccaa99bbccccccccbbccccccbbbbbbbbaabbaaaa99aa88
-999988999988887766664455445555555544
-110011111100001111111111110000000011111111110011111122111111112233222222
-443333555544444455777788775522000000000000000000000000447799aaaa99888899
-aaaabbaaaaccbbaaaabbbbbbbbaa7788bbddccccbbbbbbbbccbbbbaabbaaaaaaaaaa9999
-aa999988aa99887766666655444455445544
-000000110011110000110000110011001100001111110000111122112211112211222222
-5544444455443333446677772200000000000000000000000000000000337799999999aa
-9999aabbbbbbaaaa88aaaabbbb889988ccccccbbccbbbbaaaa9999bb8855889999999988
-998888998888886655667755554455554433
-110011001111001100001100111111000000001100111100111111222211113333222211
-44555544444433445555550000000000000000000000000011000000000000003377aa99
-888899aa99aa9999aaaabbaabb99aabbaabbbbccaabbaaaabb88aaaa995588aaaaaa8888
-8888aa998888887755777766554444332222
-111111110011111111001111001111110000000011000011001111111122332222223322
-334466554444444455441100000000000000000000000000000000001155220000113366
-998888aa99998899bbbbaabbbbaaaaaabbbbbbbbbbaabbaaaa99aaaa8888aa9999889988
-7799aa888888665566666655554433334422
-221111110011000011111111110000000000110011110000111111001111333311223333
-443344443344554488440011553300000000000000000000000000227788883300000011
-4444559999887799aaaaaaccbbaaaa9988ccccbbaabbbbaaaa99aa9988aa999988888888
-776688888877667766554455444444444433
-221111110011111100110011000011000000000000110000110011001111112222221122
-2222333333111111448899ccffddbb77442222221111000000000044bbddccaa33000000
-00000000558888998899bbaabbaabbaa99bbaabbaaaabbaa99aa99999988778888777777
-663355778877776666665544444433333322
-221100222211001111112200111111000011000000000011001100111111112211112211
-332244220011000055ddffeeeeeeeeeeddddddeeddcc88330000000044ddddcc55000000
-000000000077aaaa999999aaaabbbbbbaa99aabbbbaaaabbaaaaaa999999888888557755
-664466666677666655667755443333223322
-221111222211221111111100000011110000110000001100111111110011111122112222
-3322000000000044ddffffeeffeeeeeeeeeeeeeeffeeffdd885511000033aaddaa330011
-2211000000339988889999aaaaaabbaabbbbbbbbbbaaaaaabb99aa8899aa999988665577
-665577777766555544443366443344333322
-221111111122221111001111111100000000000000001111111111111111111111223344
-22000000000077ddeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeffeebb440000005588661100
-11000000001188888888aa9999aabbbbbbaaaabbaabbbbbbaa8899888899888888776666
-556666776666443366555555445533333333
-112211111122221111221100111100110000000000001111001100000000111122112211
-000000000088eeeeeeeeeeeeffeeeeffffeeeeeeffeeeeeeeeeeffee8811000000118866
-0000000000118899888899aaaabbbbbbbbbbbb99aabbaaaaaa9988888877888877555566
-555555666655446655556655444444443344
-221111111100111111110011111111110011001100110000111100110011111111000000
-0000000088ffeeddeeeeeeeeeeeeeeeeeeeeffeeeeffffeeeeeeeeffffbb775566aaeeee
-aa332233000088aa88888899bbaaaa99aabbaaaabbaabbbbaaaa88888877888877555555
-445577666655554455555566665544665533
-110000111111110011111111111111110000000000001100111111000011111111110000
-00000088ddddddddddffeeffeeeeeeeeeeeeffeeeeeeeeffeeeeeeeeeeffffffffffeedd
-eecc441111002288997788aa99aaaa99aa99aabbbbaabbaaaa9977778888777777776655
-555577776666666666666677775555555555
-001111110011001100111111112211111100110000000011110011111111001111000000
-000022aaddccddddeeeeeeeeeeeeeeeeeeeeeeeeeeffeeffeeeeeeffeeffeeeeeeeeeeee
-eeffdd3311110044998899999999aaaaaaaaaabbaabbbbaaaa8888778877888866776677
-665566667755556644665555554444666666
-110011110011111111001100002211111100110011111100111100111111111100000000
-000022bbcccccccceeeeeeeeeeeeeeeeeeeeffeeffeeffffffeeeeffeeffeeffeeeeeeee
-eeddeebb6644000088998899bbbbbbaabbbbbbaabbbbbbcc999988888877888877667777
-557777777766665544555555555555665566
-110011221111111111111111111111221100001100110011111111221100221100000000
-00001199aabbccccddeeeeeeeeeeeeeeeeeeeeeeffffeeffeeffeeeeffeeffeeeeeeeeee
-eeddeeeebb88110066aa99aabbccbbaabbbbbbaabbbbbbbbbb99aaaa9988777766667777
-666677777777665544665566555566664455
-221111222222111111111111221111111111111111001111111100221122221100000000
-000022aabbbbaaccddeeeeeeeeddeeeeeeffeeeeeeeeffeeffeeffeeffffeeeeeeeeeeee
-eeeeeeeeeecc220066aaaaaaaabbbbbbccaabbaaaabbccbbaaaaaa998888886677887777
-777777888866776655667755665566666655
-222211222222111122111122111111000000001111111111111122111122220000000000
-00002299bbaaaabbddeeeeeeddeeffeeeeeeeeeeffeeeeeeeeffeeeeffffffeeeeeeeeee
-eeeeeeeeeecc330044aaaabbaabbbbbbaaaabb99aabbbbbbbbaaaa889988888877888888
-887777778888776644777777666677667766
-222222332233222211221111221111110000111111222222222211222222221100000000
-00001188cc99aabbddddddeeeeeeeeeeeeeeffeeeeeeeeeeffeeeeffeeffeeeeeeeeeeee
-eeeeeeeeeeee440044bbaabbbbaabbbb9999aaaabbaabbbbbb9999998888887788888899
-887777778888887755776677667755667755
-221122442222222222332211222222111111001111222222221133112222220000000000
-00001177bbaaaaaaeeddeeddeeeeddeeeeeeeeeeeeeeeeeeffeeffffeeeeeeffeeeeeedd
-eeeeffeeddffaa0022aabbbbbbbbbbaaaa99bbbbaabbaabbaa9988888888998888887777
-888866777788888888888877666655445566
-331133442233333333332222332211111111111111112222222233221122220000000000
-0000115599aabbccddddeeddeeeeeeeeeeeeeeeeffeeeeffeeffeeffffffeeffeeffddee
-eeeeeeeeeeffdd110088bbbbbbccbbaa99bbaabbaaaabbbbbbbb99888888888888666677
-777777778888666677888877775544444455
-332222332222334422222233222233110011222222112233223322222211221100000000
-000000228899aabbddddeeddeeeeeeeeeeeeeeeeffeeeeeeffeeffeeeeffeeffeeeeeedd
-eeffeeeeeeeecc220066bbaabbbbbbaaaa999999aaaaaaaa9999aaaa9988888877776688
-888877778888776677887777666666665544
-333311332233333333222222222233331111113322222222223322332222220000000000
-000000225577aabbccddddddeeeeeeeeeeeeeeeeeeeeeeffffffffeeffffeeeeeeeeeeee
-eeeeeeeeeeeedd110044bbaaaabbaabb99999999aabbaa999999aa999999998888777788
-888855888888886677777788777777555555
-222211222222224444111122222211222233221133443344332233333322551100000000
-00000022557788aaccddeeddddeeddeeeeeeeeeeffffeeffeeeeffeeeeeeeeffeeffeedd
-eeeeeeeeeeeedd33003399aaaabbbbaaaa88999999aaaaaa99aaaabbaaaaaa9999778888
-887766888888885577776666777766556644
-222211222222222233334422222222112233222233554444332222222222440000000000
-0000001144779988bbccddddddffddeeeeeeffeeeeeeeeffffffeeeeeeffeeffffeeeedd
-eeeeeeeeeeeedd2200228899aaaaaa88888899999999bbaa99aabbbbbbaa999988888888
-887777778877665566886666666677775566
-443322111133331111222233332222332222332233223333333333332233331100000000
-000000115555668899ddddddddeeeeeeeeffeeffffffeeffeeeeffeeeeeeeeeeeeeeeedd
-eeeeeeeeeeeedd2200339999aabbaa889999aaaa99aabbaaaa99bbbbaaaa998899998888
-888888997777775577777777777777666666
-332211223322222222221122223333221122112233333333332244333333330000000000
-0000000033444466aaccccddddeeeeeeeeeeeeffeeeeeeffeeeeeeeeeeffeeeeffffeedd
-eeeeeeeeeeeecc2200228899aaaa9988aaaaaaaa99aa99bbaabbaaaa99999988aa999988
-888888887777776677666666776666556644
-332222222233222233332222333333331133332233224433333344554444331100000000
-000000110044777788aaeeeeddeeeeddddddeeeeeeeeeeffeeffeeeeeeeeeeeeeeeedddd
-ddeeddeeeeeedd220011aa9999aa999999bbbbbb99bbbbbbbbbbbbaaaaaa999999888899
-998888888888666677556677666655555555
-332222222222333333443333333322443333443344334433444455553333330000000000
-000000002233557788ccccccccaa775555446688ccddcceeeeeeeeeeddeeeeeeeeeedddd
-eeddeeeeeeeedd44003399aa88aaaa99aaaaaaaa99bbbbbbbbbbbbbbbbbbaa999999aa88
-888866887788775577667755556655555544
-331122332222444433333333223333333344444444554433445555664444441100000000
-00000000332244889999777788330000000000116688aaddccddddccddddaa88aa99aadd
-ddddeeeeeeddee660022aa99999999bb99bbbbaaaabbbbbbbbccbbbbbbbbaa99aaaa8888
-888877776677667755777755445555556655
-331122333333335544554433333322443344555555554433334433556655441100000000
-000000000000225544221100110000000000001111557799ccbb88778877110011003388
-bbddeeeeeeddee55002299aa999999aaaabbaabbaabbbbbbaaaaaabbaaaabbaa99998888
-887777667788666666666666555555554444
-333333333322444444555555444444444455556666555544334455336666551100000000
-000000001111001100000000000000000000000011224455889966111111000000000011
-66aaddeeeeeeee550033aa99aa999999bb99bbccaabbbbaaaaaaaabbaaaabbaabb888888
-667777777777775577554455553344444444
-223344332233555544556666665533335544556655555533446655555555661100000000
-00001100111100000000000011000000000000000011449999bb77000000000000004433
-225588cceeeeff660044aaaa888899aa9999aaaa99aabbaaaaaa99bbbb9999aaaa998888
-886677777777667766555555443355554455
-443344332233556655666655666633555544555555555555555566555555662200000000
-0000001111110000000000001100000000000000000066ddeeee990000000000000066bb
-bb88bbcceeeeee880066aaaa9999bb9999aa99998899aa999999aaaabbaaaaaa99889988
-778888776677666655444455665555554433
-443333442233445577665566666655444444666655667766666666666644443300000000
-0000001133220000000000000000000000000000000055eeeeeebb110000000000000022
-bbffddddeeeeff88007799999999aabbaa9999999988aa99999999bbaaaa888877888888
-887777777766666655664455554455443344
-444422335566557766776666555544444455556666555555556666668899aa5500000000
-0000002233220000000000000044110011110000000055ffeeffcc110000000000000000
-0077ddddddddeebb118899999999aaaaaa8888aa88aaaaaa9999aabbaaaa997755889988
-887766777766775555665555444444443344
-555544333344556666556666445566556666555555665566665555335566999922000000
-0000002244332200000000001177663366330000000088eeeeffdd110000001100112200
-000066cceeeeeebb66ccbbaa9999aaaa998899aaaabbbbaa9988aaaabb99998888888877
-777755776666666655555555554444444444
-445555554444555555557766445544666677665566666666776611000000002233000000
-00000022445544112233442255442211110000000033bbeeeeeeee880000002255999966
-330033ddeeeeeeddddeeeeffccaa99998899aaaabbbbaaaa999999999999999988888877
-777766665566666655665544444444553333
-444444556666445555776666555566667777775566666655665500000000000000000000
-00000000334433337799999988775533112244225599ccddeeeeffee885533111166bbcc
-bb6666ddffeeeeeeeeeeaa66aa99aa889999bbbbbbbb99aa999999999999998888888877
-667766555555555555444433444444333322
-334444445577665555556666665566665577666644444466664400000000000000000000
-000000002255667788bbbbbbaabb998866556688aabbddeeeeeeeeeedd8888bbaaccddee
-eeeeddeeeeeeddeebb22000066aa88aabbaaccbbaa99aa99889988999999889999888877
-777766666666665544334455443333333333
-333355444466557766776655555555556666664455446666665500000000000000000000
-0000000011335577aaccddddddccbb998899ccddddccddeeffeeeeeeeedd8899ddeeeeee
-eeddffeeeeeedddd3322220066aaaaaabb99bbbb99aaaa88888899888888888877887777
-556688553355665533444433334433333344
-444444225555445566888866666666777777776666556666664400000000000000000000
-0000000011224477aaddddeeddddddddddddddddddddeeeeeeffeeeeeeeecc88aaddeeee
-eeeeeeeeeeeeeecc66dd8800779988bbbbaabbbbaaaa9988888888999977776677776666
-557766553355556644443333333344221133
-77bbccbb9988774455667777667788888877886666667777666611000000000000000000
-0000001111335577bbccddddeeeeeeddeeeeddddccddeeeeffeeeeeeeeeeffddddddeeee
-eeeeffeeeeeeddccddeedd22999988aa99aaaa8899aa9988888888888888776677777766
-776666665555555544444444332222112211
-bbeeffffffeeeedd88444455668899998866776666666677775533000000000000000000
-0011114433446688bbccccccddddeeeeddddbbddeeddeeeeffffeeffeeffeeffffffeeee
-ffeeeeffeeeeeebb77eeee88cc889999aaaa99aa99998888778888888888668888997777
-777777667766665533334433332222222222
-77ddeeffeeffeeeeee995555557788888888776677775577776655221100000000001100
-1122225555665588aabbbbccddddddeeccaabbeeddccddeeeeeeffeeffeeeeeeffeeeeee
-eeffeeffeeeeffcc33bbeeeebbaaaaaa99aaaa9999888877889999999988777788887777
-888866556677665533334433112211222222
-4499bbbbeeeeeeeeeeee6633667799889988778877667788777777332200110000001100
-444477888866667799aabbccccddddddbb8888aa7755779999bbddeeffffeeeeeeffeeee
-eeddeeeeffeeeedd44bbeeeebbaaaa99aaaaaa99889999888888aa99aa88776677888877
-887777666666554433554422222222222211
-003322446677cceeeeeeaa66777788888888888877667788887788662211113300002222
-66887777665566667799aabbccccccaa88443322000011223344446677ccffeeeeeeeeff
-eebbeeeeeecceeeeaacceeeebbbbaaaaaabbaabbaa999988778899998888888888778888
-777766776677665555442222222233222222
-00220000000066ccffeeffaa776677887777887777777788888877773311005566115533
-7788996666445566667799bbccbbaaaa9933000000000000000000000066ffeeeeffeeee
-eeddeeffeeffeeffeeddeeddbbaaaa99aaaaaabbccaaaa88889988999988888877888877
-888877667766666644332244442222223322
-1111000000000044aaeeffdd777755777788778877777788888888776611221122888844
-88aa77776655445555778899aa7788aaaa44000000000000000000000077ffeeeeddeeee
-eeeeeeeeeeeeeeeeeeeeffccaaaaaa9999aaaaaabbaaaa9999888899bb99888866778888
-777777665555554444333322222222221122
-22000000001111001177dddd999999886666888877887788778888888844115544aa8888
-9988888866555555446666666666bbcc99330000000000000000000055eeffeeeeccddee
-eeeeeeeeffeeffeeeeeeeeccaaaabbbbaaaabbbbaaaaaa88889999aa8899886688777766
-778888775566554433332233333322331111
-4400000000443300000033bbffeeffeebb666677888888888888777766663333bbbb88bb
-aa998888885555554444221144aaccbb330000000000000000000033ccffeeeeffddcccc
-cceeeeeeeeffeeeeeeffeebbbbbbbbbbbbaaaaaaaabbaa8899aa99889999888877888877
-667777668888998844332244442244332222
-770000000077ccbb996677eeeeeeeeeeeebb5566777788889988777777777755ccbbaacc
-bbaa9988775577664400000055bb6633110000000000000000000077bbddeeeeeeffddaa
-bbddddddddddffeeffeeeebbbbccccbbbbbbaaaaaaaa8888888888998899888888888888
-776677aaddeeeedd77223344443344333311
-dd77000011aa99aaddeecccceeeeeeeeeeeebbaa6677888899887788778888cceeccbbbb
-ccaa998888888855110000337733000000000000000000000000005599ddccddeeeeeedd
-aa99ccddaacceeffeeeeeeeebbaaccbbbbaa99aa99998888887799998899998877888888
-8888cceeeeeeeeddbb553344333333333322
-eeee88000077220033998866aaeeeeeeeeeeeeeeaa777788aa8899997788aaddccbbcccc
-ccbbaaaabb9977440000335522000000000000000000000000000000227788aaeeeeeeee
-bb8899ccddaaaaeeeeeeeeffcc99aaaa99999999aaaa8888888888777777888877777788
-88cceeeeeeeeddeeeeaa3344444433443333
-eeeedd55004488000011110077ffeeeeeeeeeeeeffbb8877889988999999ddddddddddcc
-ddccccbb8866332200113300000000000000000000000000000000000000334488cceeee
-ddccaa88bbbb6655bbffeeeeeeccaa9999aaaa99998899997777889999aa998888888866
-3388ddddddddcc88ccdd9944334433443322
-eeeeee88110066110000000088eeeeeeeeeeffeeeeeecc9977889999aacceeddeeeedddd
-ddddaa88663300000000000000000000000000000000000000000011000000000022aadd
-eeddccbb99aa88111188eeffeeffddaa99aaaaaa88998888888888aaeeeeeebbbbddddaa
-1155ccaa55443311aaeedd88222222332211
-ddccdd88440000000000000077ddeeeeeeeeeeffeeeeffeebb99aaaaccddeeeeeeeeeeee
-ddbb777777442200000000000000000000000000001188ccbb9999bb8833000000002222
-77ddddddccbb8844000044ddffffffeeaa88aa9999998888888888cceeddeeddeeeeeedd
-2288bb991100000066bbddcc551122222222
-cc666622221100000000000055ddeeeeeeeeeeeeeeeeeeeeee9999ccddeeeeffeeeeeeee
-eeddccaa884422331100000000000000000000001177eeeeeeeedddddd99550000001133
-1155ddeeddddcc8855000033aaeeeeffdd9999aa9999aa88995555cceeeeddeeeeeeeebb
-00559999440000000055bbddbb3322223322
-ffdd4400001100000000000044ddeeeeeeeeeeeeeeeeeeeeeeccbbeeffeeeeeeeeffeeee
-eeddeeccbb8866772200000000000000000000001144668899aabbddddccbb66110044bb
-bbbbcccceeeeddddcc8877332277cceeeeeebb88999999aadd7799eeeeeeeeeeeeddddaa
-4444775577220000000044bbee7711222211
-eeeecc33000000000000000033cceeeeeeeeeeeeeeeeeeffeeffeeffeeeeffeeffeeffff
-eeffeeddeeccbb884411000000000000000011000000000000000088ccddddaa6644bbee
-ddffeeddeeeeeeeeeeffffeeddbbddeeffeeeeddaa88aaccddbbeeddeeddddeeeeee8844
-7711221100000000001177ccddbb44112211
-eeeeffaa000000000000000066eeeeeeddddeeeeffeeeeeeffeeeeeeffeeeeffeeeeffff
-eeeeeeeeeeeeeecc66110000000000000022666655334433446688bbeeddeeddbbccddee
-eeeeeeeeeeddeeeeffffeeeeffffffeeeeeeeeffdd99cceeddbbddeeddddeeddeecc2200
-22000000000000003399ccccdddd88111122
-eeeeeeee550000000000000088eeddddddccddddeeeeddeeeeeeeeeeffeeffeeeeffffee
-ffffeeeeffeeeeee99220000000011336688bbddddddddeeeeffeeeeeeeeeeeeeeeeeeee
-ffeeffeeeeeeeeffeeeeeeffeeffeeeeffeeeeeeffddddeedd99ccddddddeeeedd660000
-00000000000000001166ccddddeeaa222222
-eeeeeeee880000000000000099eecc888888ddccccaa88ccddeeeeeeeeeeffeeffeeffee
-ffeeeeffeeeeeeddbb3300001122336688aaddeeeeddeeeeeeeeeeffffeeeeffeeeeeeee
-eeffeeffeeeeeeeeeeffeeeeffeeeeeeeeeeeeeeeeccccddcc5588aacceeddeecc220000
-0000000000000000004499bbccddcc331111
-eeeeeeee990000000000000088ddccdd6622bbddbb4455ddbbaaeeeeffeeffeeeeeeffff
-eeffeeeeeeeeddcc996633335522335588aaccddeeeeeeeeeeeeeeeeeeffeeffffeeeeff
-ffeeeeffffeeeeeeeeffeeeeeeffeeeeeeeeeeeeff99779988003377ccddeeee99000000
-000000000000000000000055bbddcc441122
-ffeeeeeedd3300000000000077cceeee880044aabb55ccffddccddffeeeeffeeeeeeeeff
-eeffeeeeeeddccbb776644442211223377aaccddeeeeeeeeeeeeffffffeeffeeeeeeffee
-ffeeeeeeeeeeeeffffeeeeffeeeeffffeeffeeffff8811333300001199ddeeee66000000
-0000000000000000001155ccddccdd551111
-eeeeeeeedd991100000000000077ccdd555577111133ddffeeddddffffffeeffffffeeee
-ffffeeeeffddccbb7733110000000011336688bbcccceeeeeeeeeeffeeeeffffffeeeeee
-ffeeffeeffeeffeeeeffeeffeeffffeeffeeffeeff99000000000066ddddeecc22000000
-00000000000000004499ccdddddddd771122
-eeeeeeeeeedd6600000000000000226677ddee66000088bbcc8866777799ccbbaabbbbcc
-ddeeffffffeeeeeebb6644110000000000113355668899bbbbddddddeeeeeeddeeeeeeff
-eeeeeeeeeeeeeeffffeeffffeeeeddddccddddddee990000000000aaffeeeeaa00000000
-00000000000000005588bbccccdddd880011
-eeeeffeeeeeebb99220000000000000055bbaa3300000011220000003399aa9988886666
-66888888bbddeeeeeeddcc9933000000000000000011224466778888aabbddddeeeeeeee
-ffffeeffffeeeeeeccbbbbaaaa777777774411222211000000000055aaaaaa6622000000
-00000000000000004499bbccddddee991111
-eeeeeeffeeddddcc4422220000000000001133000000000000000000669999aaaa99aa99
-999911000011445588aacccc88110000000000000000222222223322336699bbddeeffee
-ffeeeeddccccccaaaaaaaabbbbaabbbbbb66000000220000000000001111110000000000
-000000000000001155aabbddccddddbb2211
-ffeeffeeeeeecccc99aa55000000000000000000000000000000001188888899aaaaaaaa
-99770000000000000000113333000000000000000000000011000000002277cceeeeddaa
-8888ccccccccccccbbbbccddbbbbbbbbcc88000000000000000000000000000000000000
-00000000000000116699ccddddddeecc2211
-eeeeeeeeeeeeddccddccbb661100000000000000000000000000227788778877889999aa
-660000000000000000000000000000000000000000111100000000000011445544331100
-0088ccccccccccccccbbbbccccbbbbbbaa99110000000000000000000000000000000000
-000000000000002266aaccddddddddcc3300
-eeeeeeeeeeeeddddbbccccccaa88887788aa440000000000004488778888887788779977
-110000000000000000000000000000000000001111111111001111000000000000000000
-55ccccbbccccbbccccbbbbbbbbbbbb999999772200000000000000000000000000000000
-000000000000002277aaddddccccdddd5511
-eeeeeeffffddddddddddeeddddeeddeeddcc773311000000337766777777667766776611
-000000000000000000000000000000000000000000000000000000000000000000000055
-ccbbbbccbbccccbbbbbbbbbbbbaaaaaaaa99997711000000000000000000000000000000
-000000000000001166aabbccccdddddd7711
-eeeeffeeeeeeeeeeeeddeeddeeddddddccbb996611001144777777776677776666771100
-0000110000000000000000000000000000000000000000000000000000000000000022dd
-8844ccbbbbaabbaabbbbaabbaaaaaa99aa99aa7766110000000000000000000011557777
-66330000000000003388aaccdddddddd9911
-ddeeddeeeeeeeeeeddeeddddeeddddccbbaa883300004466667777666655666688440000
-0000001111000000000000000000000000000000000000000000000000000000000099ff
-aa0077bb99aabbbbbbbb99aaaa99999999aa887766440000000000000000003388bbccbb
-cc773300110000002277bbbbccccddddaa22
-ddeeddeeeeeeddeeeeddddddddddddbb9988330000336655886688776655556688220000
-00000011222211000000000000000000000000000000000000000000000000000077eeff
-bb001199ccbbaaaaaaaaaa889988999999997777777733000000000000001166aaccccdd
-ccbb770066550000336699ccddccdddddd55
-99aabbddddeeddeeddddddcceeddcc887755110011556666667777776677775522000000
-000011224455441100000000000000000000000000000000000000000000000066eeeeee
-cc0000338899bb999999999988888888aa998888777755000000000000002277bbccccdd
-ddcc991177882200336699bbddccddddddaa
-22333366ccddddddddccddbbaa9977333311001144666655666688889966330000000000
-0000115555777777551100000000000000000000000000000000000000000044ddeeeeee
-ee220000002277aabbaaaaaa99888899aa99aa88777766220000000000000055aaccddcc
-ddcc991133885522113388ccccddddccccdd
-0000000088aa888888887733221100000000115566776677777799994411000000000000
-00001155777788998877773300000000000000110000000000000000000077cceeeeeeee
-ee2200000000003377aabbbbaaaa9988aaaaaa999977665500000000000000117799aabb
-ccbb883311443311112266bbccccdddddddd
-000000002233001122111100000000002244667766668866888899220000000000000000
-000000777799aaaa99aaaa99550000000000000000000000000000003388ddeeeeeeffee
-ee33000000001100003388ccbbaa99999999999988775566330000000000000011558899
-aa9977220011000011335588ccddddeeddee
-00000000000000000000000000001144667766667788aa99aa8811000000000000000000
-0000003377aabb99bbbbccaa77663300000000000000000000000055cceeeeeeeeeeeeff
-ee3300000000001100000055aaccaaaa9988778888887755553300000000000000115566
-776622000000000000113377bbddccdddddd
-00000000000000000000000000336677777788777788aa99661100000000000000000000
-000000117799aaccccccccbbbbaa99440000000000000000002288ddeeeeeeeeffeeeeee
-dd22000000000000110000002288aaaaaa99778888778877776644000000000000002222
-22110000000000000000003388aaccddddee
-000000000000000000000022667777887788777799884411000000000000000000000000
-0000000077aabbccddddccccddccddbb88442200000000000088ffeeeeeeeeffeeeeeeff
-dd1100000000000000110000000044aabbaa999999888888665566440000000000000000
-0000000000000000000000001155bbccdddd
-000000000000000022556688776688888877887733000000000000000000000000000000
-0000000055bbccddccddddddddeeeedddddd8800000011110000bbffeeeeeeeeffeeeeff
-dd1100000000000000001100000000224444667777778888887766555500000000000000
-00000000000000000000000000003388ccdd
-000000001133558899998888887788998899660000000000000000000000000000000000
-0000000022aaccddddddeeeeeeeeeeeeeedd330000117766447733ddeeeeffeeeeeeeeff
-aa0000000000000000000000000000000000000000113344667788887766110000000000
-000000000000000000000000000000117799
-0000446688aabb88aa999988998888999977000000000000000000000000000000000000
-0000000000aaccddeeeeeeeeeeeeeeeeffaa00000044dd7788ee77aaeeffeeeeffeeffff
-880000000000000000000000000000000000000000000000001122222233441100000000
-000000000000000000000000000000000033
-777788aa9988888888888899aa8899886600000000000000000000000000000000000000
-000000000088ddeeeeeeeeeeeeeeeeffeeaa550066bbdd99cceeccaaffeeeeeeeeffeeff
-550000000000000000000000000000000000000000000000000000000000113322000000
-000000000000000000000000000000000000
-884422331100000000000022331100000000000000000000000000000000000000000000
-000000000077ddeeeeeeffeeffffffffbbaa6611aaddeecceeeeeebbeeffeeffffeeffee
-440000000000000000000000000000000000000000000000000000000000000022110000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000077ddeeeeeeeeffeeeeffcc1111113399bbee88cceeee99aaffffeeffeeeeee
-330000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000044ddeeeeeeeeffeeeeff66002266001166ee66aaeeee6666ffeeeeeeeeffdd
-110000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000022ddeeeeeeeeeeffffcc11001155003388eeddddeebb2211ddffeeffeeffcc
-110000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000aaffeeeeffeeeeff8800000088221155cceebbbb55000088ffeeeeeeffcc
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000077eeeeeeeeeeeeee3300000088660055ccdd554411000044ffffffeeffbb
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000022ddffeeffffff990055330055990077dddd221111330011ccffeeffff88
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000bbffeeeeeeee442299770022aa0077dddd442266bb9944aaffeeffff88
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-0000000000000066ffeeeeff882288ddaa000077331188993399eeeeffcc99eeeeeeff77
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-0000000000000011ddffeeffaa99ddeecc11001111001199bbeeeeeeeeeebbddffeecc11
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000066ffeeeeffeeeeeeee2200000066bbddeeeeeeeeeeffddcceebb5500
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000055ddeeeeeeeeffee550055aaaacceeccddffffeeeeeeeeeeffcc00
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000000aaffeeffeeeeee66337788bbeeeeeeeeffeeffeeeeeeeeffcc00
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000033cceeeeeeeeeeee440066ddeeeeeeeeeeeeeeeeffeeffeeffbb00
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000055eeeeffeeffeeee88aacceeddeeeeeeeeeeeeffeeeeffeeff8800
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000011ddeeeeeeeeeeeeddddddeeeeeeeeffeeeeffeeffffeeffff6600
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-0000000000000000000088ffeeffeeeeeeeeeeddeeeeeeffeeeeeeeeffeeeeffeeff4400
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-0000000000000000000033eeeeeeffeeeeeeeeeeffeeeeeeeeeeddeeeeeeeeffeeee3300
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-0000000000000000000011bbffeeeeffeeddeeddddbbaaaaddddcceeffeeffeeffee2200
-000000000000000000000000000000000000000000000000000000002200220000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000088ffeeeeeeddddcc9999aaaaddeeeeeeffeeffeeeeffcc0000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000044eeffeeffccddddccddeeeeeeeeeeeeeeeeeeffffffaa0000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000000000099ffcc5544cceeddddeeddccddeeddddeeeeeeeeff990000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000000000044ff9911004499aabbccccccccddbbaabbccddffff660000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000000000011ccbb996655bbbbaaccbbbbddddaaaaccddcceeee550000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000006688000066ddcccceeeeeeeeffeeddccaabbeeff330000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000001144000066eeeeeeddccbbbbbb7722220022bbee110000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000022665599aaccbbaabb775588778899cc000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000002211001177bbddbbaabbaa99ddeedd8844000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000110077bbddddeeffeeeeffeeffaa00000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000000000000000000000088aaeeffeeddccbbcc776655996600000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000778877555533445588113355882200000000
-441100000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000007799ccccddbbddeeee3300000000
-331100000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000001155bbeeeeeeeeffeeeeeeff5500000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000004488ddeeeeeeeeeeeeeeeedd2200000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000033bbddeeeeeeffeeeeffaa0000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000000000000000000000000000088ccddeeeeeeeeeeff880000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000000000000000000000000000044aaeeeeffeeeeeeff550000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-0000000000000000000000000000000000000000001188ddccccddbb9988000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000022222233774422000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-00000000000000000000000000000000000000000000116699aaccddbb44000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000002288888888992200000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000002255661100000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000011000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000113355882200000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000011778899771100000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000002244110000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000110000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000001100
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000001100
-000000000000000000000000000000000000000000000000000000000033110000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000022440000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000011220000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000001100000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000001100000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000001100000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000110000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000001100000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000000000000000000000000000000000000000
-000000000000000000000000000000000000
-001100110011001100110011001100110000000000000000000000000000000000000000
-000000000000000000000000000000000000000000221100000000000000000000001111
-110000001100001100110000110000000000000000000000000000000000000000001100
-001100000000000000000000110000001100
-
-showpage
-
-% stop using temporary dictionary
-end
-
-% restore original state
-origstate restore
-
-%%Trailer
diff --git a/lib/docbuilder/doc/src/notes.xml b/lib/docbuilder/doc/src/notes.xml
deleted file mode 100644
index 95f24ea9ca..0000000000
--- a/lib/docbuilder/doc/src/notes.xml
+++ /dev/null
@@ -1,256 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>2007</year><year>2011</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-
-    </legalnotice>
-
-    <title>DocBuilder Release Notes</title>
-    <prepared>otp_appnotes</prepared>
-    <docno>nil</docno>
-    <date>nil</date>
-    <rev>nil</rev>
-    <file>notes.xml</file>
-  </header>
-  <p>This document describes the changes made to the DocBuilder
-     application.</p>
-
-<section><title>Docbuilder 0.9.8.11</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-	    The docbuilder application has been deprecated and will
-	    be removed in the R15 release.</p>
-          <p>
-	    Own Id: OTP-9509</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Docbuilder 0.9.8.10</title>
-
-    <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-        <item>
-	    <p> fop 1.0 crashed when building the docbuilder pdf with
-	    the following message
-	    "java.lang.IllegalArgumentException: factor &lt; 0; was:
-	    -1". <br/> This is a known bug in fop 1.0 (fop bug id:
-	    Bug 50524) when there is a word that consist of a single
-	    soft hyphen (&amp;shy;). this has been fixed in fop
-	    source archive but not it's not in a release yet. It's
-	    fixed in our documentation by removing the soft hyphens
-	    where this is a problem. </p>
-          <p>
-	    Own Id: OTP-9143</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Docbuilder 0.9.8.9</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-	    <p> Fix compatibility issues with docbuilder for R11
-	    documentation patches. </p>
-          <p>
-	    Own Id: OTP-8946</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Docbuilder 0.9.8.8</title>
-
-    <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-        <item>
-	    <p> Fixed problem with a centered table that was
-	    transformed into an xml document which then produced
-	    mis-formatted html. </p>
-          <p>
-	    Own Id: OTP-8784</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Docbuilder 0.9.8.7</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-	    <p>The documentation is now possible to build in an open
-	    source environment after a number of bugs are fixed and
-	    some features are added in the documentation build
-	    process. </p>
-	    <p>- The arity calculation is updated.</p>
-	    <p>- The module prefix used in the function names for
-	    bif's are removed in the generated links so the links
-	    will look like
-	    "http://www.erlang.org/doc/man/erlang.html#append_element-2"
-	    instead of
-	    "http://www.erlang.org/doc/man/erlang.html#erlang:append_element-2".</p>
-	    <p>- Enhanced the menu positioning in the html
-	    documentation when a new page is loaded.</p>
-	    <p>- A number of corrections in the generation of man
-	    pages (thanks to Sergei Golovan)</p>
-	    <p>- The legal notice is taken from the xml book file so
-	    OTP's build process can be used for non OTP
-	    applications.</p>
-          <p>
-	    Own Id: OTP-8343</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Docbuilder 0.9.8.6</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-	    The documentation is now built with open source tools
-	    (xsltproc and fop) that exists on most platforms. One
-	    visible change is that the frames are removed.</p>
-          <p>
-	    Own Id: OTP-8201</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Docbuilder 0.9.8.5</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-	    <p>The copyright notices have been updated.</p>
-          <p>
-	    Own Id: OTP-7851</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Docbuilder 0.9.8.4</title>
-
-    <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-        <item>
-          <p>
-	    The element "code" with multiple CDATA or CDATA plus
-	    other data now works as expected, previously it caused a
-	    crash.</p>
-          <p>
-	    Own Id: OTP-7236</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Docbuilder 0.9.8</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-	    The generated html should now be valid xhtml (with a few
-	    exceptions to be fixed in next version).</p>
-          <p>
-	    Own Id: OTP-7027</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-  <section><title>Docbuilder 0.9.7</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-            New fonts and new CSS style included in generated html documents.
-	  </p>
-	</item>
-	<item>
-          <p>
-            Updated DTD's with new header elements copyright and legalnotice. 
-	    Element authors changed to optional instead of mandatory.
-	    
-	  </p>
-        </item>
-      </list>
-    </section>
-  </section>
-
-  <section><title>Docbuilder 0.9.1</title>
-
-    <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-        <item>
-          <p>
-            Line breaks within <c>pre</c> are now always preserved.</p>
-          <p>
-            The definition of <c>name</c> in the cref DTD is now
-            correctly handled.</p>
-          <p>
-            <c>docb_transform</c>: The HTML snippet returned by the
-            <c>Module:head()</c> callback function is now placed
-            below the title in the HTML file (as specified in the
-            documentation), not on the same line.</p>
-          <p>
-            <c>docb_gen</c>: Added option <c>sort_functions</c>.</p>
-          <p>
-            Fixed bugs in cites and terms DTD, and also in book,
-            bookinsidecover and report DTDs which are not officially
-            supported (yet).</p>
-          <p>
-            License info added to all DTD files.</p>
-          <p>
-            Corrections and clarifications made to the User's Guide.</p>
-          <p>
-            Own Id: OTP-6775</p>
-        </item>
-      </list>
-    </section>
-  </section>
-
-  <section>
-    <title>DocBuilder 0.9</title>
-    <p>First version of DocBuilder released as part of Erlang/OTP.
-       Previously it has been used as an internal tool only.</p>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/doc/src/overview.xml b/lib/docbuilder/doc/src/overview.xml
deleted file mode 100644
index ca13c5d436..0000000000
--- a/lib/docbuilder/doc/src/overview.xml
+++ /dev/null
@@ -1,185 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>1997</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-     </legalnotice>
-    <title>Overview</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-    <file>overview.xml</file>
-  </header>
-
-  <section>
-    <title>Background</title>
-
-    <p>DocBuilder has been used within the OTP project to generate
-      documentation for Erlang/OTP itself for more than ten years.
-      It has now been released as a regular Erlang/OTP application.</p>
-
-    <p>The intention with DocBuilder is that it should be as easy to
-      use and maintain as possible and generate adequate documentation
-      for OTP's needs. It uses frames, which can probably be regarded as
-      old-fashioned today. Hopefully, this should be improved in
-      the future.</p>
-
-    <p>Originally, DocBuilder input was SGML files and external tools
-      was used for parsing. The internal version used in the OTP
-      project can generate not only HTML code but also LaTeX (for PDF
-      and PostScript) and nroff (for UNIX man pages). (Again, using
-      external tools). Because of this, the parsed source code is
-      transformed into a tree structure before being transformed again
-      into the desired format.</p>
-  </section>
-
-  <section>
-    <title>DTD Suite</title>
-
-    <p>Input is written as XML according to one of the DTDs and output
-      is corresponding HTML. Documentation for an Erlang/OTP application
-      is usually organized as follows:</p>
-    <taglist>
-      <tag><em>User's Guide</em></tag>
-      <item>
-	<p>(DTD:
-	  <seealso marker="user_guide_dtds#partDTD">part</seealso>)
-	  A collection of chapters
-	  (<seealso marker="user_guide_dtds#chapterDTD">chapter</seealso>).
-	</p>
-      </item>
-
-      <tag><em>Reference Manual</em></tag>
-      <item>
-	<p>(DTD:
-	  <seealso marker="refman_dtds#applicationDTD">application</seealso>
-	  A collection of manual pages for modules
-	  (<seealso marker="refman_dtds#erlrefDTD">erlref</seealso>),
-	  applications
-	  (<seealso marker="refman_dtds#apprefDTD">appref</seealso>),
-	  commands
-	  (<seealso marker="refman_dtds#comrefDTD">comref</seealso>),
-	  C libraries
-	  (<seealso marker="refman_dtds#crefDTD">cref</seealso>) and
-	  files
-	  (<seealso marker="refman_dtds#filerefDTD">fileref</seealso>).
-	</p>
-      </item>
-
-      <tag><em>Release Notes</em></tag>
-      <item>
-	<p>Same structure as the User's Guide.</p>
-      </item>
-    </taglist>
-
-    <p>In some cases, one or more of the User's Guide, Reference Manual
-      and Release Notes are omitted. Also, it is possible to use either
-      the <c>application</c> or <c>part</c> DTD to write other types
-      of documentation for the application.</p>
-
-    <p>A special kind of DTD,
-      <seealso marker="fasc_dtds">fascicules</seealso>, can be used to
-      specify the different parts of the documentation, and which one
-      of those should be shown as default.</p>
-  </section>
-
-  <section>
-    <title>Structure of Generated HTML</title>
-
-    <p>The generated HTML corresponding to a <c>part</c> or
-      <c>application</c> document is split into a left frame and a right
-      frame. The left frame contains information about the document
-      and links to the included files, that is chapters or manual pages.
-      The right frame is used to display either the front page for
-      the document, or the selected chapter/manual page.</p>
-
-    <p>The left frame also contains links to a bibliography and a
-      glossary, which are automatically generated.</p>
-
-    <p>In the case of an <c>application</c> document, the left frame
-      also contains a link to an automatically generated index.</p>
-  </section>
-
-  <section>
-    <title>Basic Tags</title>
-
-    <p>All DTDs in the DocBuilder DTD suite share a basic set of tags.
-      An author can easily switch from one DTD to another and still use
-      the same basic tags. It is furthermore easy to copy pieces of
-      information from one document to another, even though they do not
-      use the same DTD.</p>
-
-    <p>The basic set of tags are divided into two categories:
-      <seealso marker="block_tags">block tags</seealso> and
-      <seealso marker="inline_tags">inline tags</seealso>. Block tags
-      typically define a separate block of information, like a
-      paragraph or a list. Inline tags are typically used within block
-      tags, for example a highlighted word within a paragraph.</p>
-  </section>
-
-  <section>
-    <title>About This Document</title>
-
-    <p>In this User's Guide, the structure of the different documents
-      and the meaning of the tags are explained. There are numerous
-      examples of documentation source code.</p>
-
-    <p>For readability and simplicity, the examples have been kept as
-      short as possible. For an example of what the generated HTML
-      will look like, it is recommended to look at the DocBuilder
-      documentation itself:</p>
-    <list>
-      <item>This User's Guide is written using the <c>part</c> and
-	<c>chapter</c> DTDs.</item>
-
-      <item>The Reference Manual is written using
-	the <c>application</c>, <c>appref</c> and <c>erlref</c> DTDs.
-      </item>
-    </list>
-  </section>
-
-  <section>
-    <title>Usage</title>
-
-    <list type="ordered">
-      <item>
-	<p>Create the relevant XML files.</p>
-
-	<p>If there are EDoc comments in a module, the function
-	  <seealso marker="docb_gen#module/1">docb_gen:module/1,2</seealso>
-	  can be used to generate an XML file according to
-	  the <c>erlref</c> DTD for this module.</p>
-      </item>
-
-      <item>
-	<p>The XML files can be validated using
-	  <seealso marker="docb_xml_check#validate/1">docb_xml_check:validate/1</seealso>.
-	</p>
-      </item>
-
-      <item>
-	<p>Generate HTML files by using
-	  <seealso marker="docb_transform#file/1">docb_transform:file/1,2</seealso>.
-	</p>
-      </item>
-    </list>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/doc/src/part.xml b/lib/docbuilder/doc/src/part.xml
deleted file mode 100644
index 546c6c612e..0000000000
--- a/lib/docbuilder/doc/src/part.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE part SYSTEM "part.dtd">
-
-<part xmlns:xi="http://www.w3.org/2001/XInclude">
-  <header>
-    <copyright>
-      <year>2007</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-     </legalnotice>
-    <title>DocBuilder User's Guide</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-  </header>
-  <description>
-    <p><em>Docbuilder</em> provides functionality for generating HTML
-       documentation for Erlang modules and Erlang/OTP applications
-       from XML source code and/or EDoc comments in Erlang source code.</p>
-  </description>
-  <xi:include href="overview.xml"/>
-  <xi:include href="user_guide_dtds.xml"/>
-  <xi:include href="refman_dtds.xml"/>
-  <xi:include href="fasc_dtds.xml"/>
-  <xi:include href="header_tags.xml"/>
-  <xi:include href="block_tags.xml"/>
-  <xi:include href="inline_tags.xml"/>
-  <xi:include href="character_entities.xml"/>
-</part>
-
diff --git a/lib/docbuilder/doc/src/part_notes.xml b/lib/docbuilder/doc/src/part_notes.xml
deleted file mode 100644
index 2f824630fb..0000000000
--- a/lib/docbuilder/doc/src/part_notes.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE part SYSTEM "part.dtd">
-
-<part xmlns:xi="http://www.w3.org/2001/XInclude">
-  <header>
-    <copyright>
-      <year>2007</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>DocBuilder Release Notes</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-  </header>
-  <description>
-    <p><em>Docbuilder</em> provides functionality for generating HTML
-       documentation for Erlang modules and Erlang/OTP applications
-       from XML source code and/or EDoc comments in Erlang source code.</p>
-  </description>
-  <xi:include href="notes.xml"/>
-</part>
-
diff --git a/lib/docbuilder/doc/src/ref_man.xml b/lib/docbuilder/doc/src/ref_man.xml
deleted file mode 100644
index 7be8ace32f..0000000000
--- a/lib/docbuilder/doc/src/ref_man.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE application SYSTEM "application.dtd">
-
-<application xmlns:xi="http://www.w3.org/2001/XInclude">
-  <header>
-    <copyright>
-      <year>2007</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>DocBuilder Reference Manual</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-  </header>
-  <description>
-    <p><em>DocBuilder</em> provides functionality for generating HTML
-       documentation for Erlang modules and Erlang/OTP applications
-       from XML source code and/or EDoc comments in Erlang source code.</p>
-  </description>
-  <xi:include href="docbuilder_app.xml"/>
-  <xi:include href="docb_gen.xml"/>
-  <xi:include href="docb_transform.xml"/>
-  <xi:include href="docb_xml_check.xml"/>
-</application>
-
diff --git a/lib/docbuilder/doc/src/refman_dtds.xml b/lib/docbuilder/doc/src/refman_dtds.xml
deleted file mode 100644
index a7beaed708..0000000000
--- a/lib/docbuilder/doc/src/refman_dtds.xml
+++ /dev/null
@@ -1,667 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>1997</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>Reference Manual DTDs</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-    <file>refman_dtds.xml</file>
-  </header>
-
-  <p>There are five DTDs for writing manual pages about applications,
-    shell commands, C libraries, Erlang modules and files, all with a
-    similar structure:</p>
-
-  <list type="bulleted">
-    <item>A header.</item>
-    <item>Name of the application/command/library/module/file.</item>
-    <item>Short summary (one line).</item>
-    <item>A longer description.</item>
-    <item>"Formal" definitions of functions or commands.</item>
-    <item>Optional sections of free text.</item>
-    <item>Optional section with the name(s) and email(s) of the author(s).</item>
-  </list>
-
-  <p>The differences between the DTDs are the tags for the name,
-    the short summary and some tags inside the "formal" definitions.</p>
-
-  <section>
-    <marker id="applicationDTD"></marker>
-    <title>The application DTD</title>
-
-    <p>The <c>application</c> DTD is intended for a Reference Manual and
-      groups a set of manual pages into one unit. The structure is
-      similar to the part DTD: first an introduction and then the manual
-      pages, written in separate files with the
-      <seealso marker="#apprefDTD">appref</seealso>,
-      <seealso marker="#comrefDTD">comref</seealso>,
-      <seealso marker="#crefDTD">cref</seealso>,
-      <seealso marker="#erlrefDTD">erlref</seealso>, or
-      <seealso marker="#filerefDTD">fileref</seealso> DTD.</p>
-
-    <p>Example:</p>
-    <pre>
-&lt;?xml version="1.0" encoding="latin1" ?>
-&lt;!DOCTYPE application SYSTEM "application.dtd">
-&lt;application>
-  &lt;header>
-    &lt;title>Application name&lt;/title>
-    &lt;prepared/>
-    &lt;docno/>
-    &lt;date/>
-    &lt;rev/>
-  &lt;/header>
-
-  &lt;description>
-    &lt;p>Application description...&lt;/p>
-  &lt;/description>
-  
-  &lt;include file="module1">
-  &lt;include file="module2">
-&lt;/application>
-    </pre>
-  </section>
-
-  <section>
-    <marker id="applicationTAG"></marker>
-    <title>&lt;application&gt;</title>
-
-    <p>The top level tag of an <c>application</c> DTD.</p>
-
-    <p>Contains a
-      <seealso marker="header_tags">&lt;header&gt;</seealso>,
-      an optional
-      <seealso marker="user_guide_dtds#descriptionTAG">&lt;description&gt;</seealso>,
-      followed by one or more
-      <seealso marker="user_guide_dtds#includeTAG">&lt;include&gt;</seealso>.
-    </p>
-  </section>
-
-  <section>
-    <marker id="apprefDTD"></marker>
-    <title>The appref DTD</title>
-
-    <p>This is the DTD for writing an application manual page.</p>
-
-    <p>Example:</p>
-    <pre>
-&lt;?xml version="1.0" encoding="latin1" ?>
-&lt;!DOCTYPE appref SYSTEM "appref.dtd">
-&lt;appref>
-  &lt;header>
-    &lt;title>Application name&lt;/title>
-    &lt;prepared/>
-    &lt;docno/>
-    &lt;date/>
-    &lt;rev/>
-  &lt;/header>
-
-  &lt;app>Application name&lt;/app>
-
-  &lt;appsummary>A short application summary.&lt;/appsummary>
-
-  &lt;description>
-    &lt;p>A longer description of the application.&lt;/p>
-  &lt;/description>
-  
-  &lt;section>
-    &lt;title>Configuration&lt;/title>
-
-      &lt;p>...&lt;/p>
-  &lt;/section>
-
-  ...
-  
-  &lt;authors>
-    &lt;aname>Name of author&lt;/aname>
-    &lt;email>Email of author&lt;/email>
-  &lt;/authors>
-&lt;/appref>
-    </pre>
-
-    <section>
-      <marker id="apprefTAG"></marker>
-      <title>&lt;appref&gt;</title>
-
-      <p>The top level tag of an <c>appref</c> DTD.</p>
-
-      <p>Contains
-	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
-	<seealso marker="#appTAG">&lt;app&gt;</seealso>,
-	<seealso marker="#appsummaryTAG">&lt;appsummary&gt;</seealso>,
-	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
-	zero or more
-	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
-	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, 
-	followed by zero or more 
-	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
-    </section>
-
-    <section>
-      <marker id="appTAG"></marker>
-      <title>&lt;app&gt;</title>
-
-      <p>The application name. Contains plain text.</p>
-    </section>
-
-    <section>
-      <marker id="appsummaryTAG"></marker>
-      <title>&lt;appsummary&gt;</title>
-
-      <p>Short summary. Contains plain text.</p>
-    </section>
-  </section>
-
-  <section>
-    <marker id="comrefDTD"></marker>
-    <title>The comref DTD</title>
-
-    <p>This is the DTD for writing a command manual page.</p>
-
-    <p>Example:</p>
-    <pre>
-&lt;?xml version="1.0" encoding="latin1" ?>
-&lt;!DOCTYPE comref SYSTEM "comref.dtd">
-&lt;comref>
-  &lt;header>
-    &lt;title>Command name&lt;/title>
-    &lt;prepared/>
-    &lt;docno/>
-    &lt;date/>
-    &lt;rev/>
-  &lt;/header>
-
-  &lt;com>Command name&lt;/com>
-
-  &lt;comsummary>A short command summary.&lt;/comsummary>
-
-  &lt;description>
-    &lt;p>A long description of the command.&lt;/p>
-  &lt;/description>
-  
-  &lt;funcs>
-    &lt;func>
-      &lt;name>command&lt;/name>
-      &lt;name>command -flag &lt;arg>&lt;/name>
-      &lt;fsummary>A short command summary (max 40 characters).&lt;/fsummary>
-      &lt;desc>
-        &lt;p>An extended command description.
-      &lt;/desc>
-    &lt;/func>
-  &lt;/funcs>
-
-  &lt;section>
-    &lt;title>Options&lt;/title>
-
-    &lt;p>...&lt;/p>
-  &lt;/section>
-  
-  &lt;authors>
-    &lt;aname>Name of author&lt;/aname>
-    &lt;email>Email of author&lt;/email>
-  &lt;/authors>
-&lt;/comref>
-    </pre>
-
-    <section>
-      <marker id="comrefTAG"></marker>
-      <title>&lt;comref&gt;</title>
-
-      <p>The top level tag for a <c>comref</c> DTD.</p>
-
-      <p>Contains
-	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
-	<seealso marker="#comTAG">&lt;com&gt;</seealso>,
-	<seealso marker="#comsummaryTAG">&lt;comsummary&gt;</seealso>,
-	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
-	zero or more
-	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
-	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, 
-	followed by zero or more
-	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
-    </section>
-
-    <section>
-      <marker id="comTAG"></marker>
-      <title>&lt;com&gt;</title>
-
-      <p>The command name. Contains plain text.</p>
-    </section>
-
-    <section>
-      <marker id="comsummaryTAG"></marker>
-
-      <title>&lt;comsummary&gt;</title>
-
-      <p>Short summary. Contains plain text.</p>
-    </section>
-  </section>
-
-  <section>
-    <marker id="crefDTD"></marker>
-    <title>The cref DTD</title>
-
-    <p>This is the DTD for writing a C library manual page.</p>
-
-    <p>Example:</p>
-    <pre><![CDATA[
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE cref SYSTEM "cref.dtd">
-<cref>
-  <header>
-    <title>C library name</title>
-    <prepared/>
-    <docno/>
-    <date/>
-    <rev/>
-  </header>
-
-  <lib>C library name</lib>
-
-  <libsummary>A short C library summary.</libsummary>
-
-  <description>
-    <p>A longer description of the C library.</p>
-  </description>
-  
-  <funcs>
-    <func>
-      <name><ret>void</ret><nametext>start(bar)</nametext></name>
-      <name><ret>void</ret><nametext>start(foo)</nametext></name>
-      <fsummary>A short function summary (max 40 characters).</fsummary>
-      <type>
-        <v>char bar</v>
-        <v>int foo</v>
-      </type>
-      <desc>
-        <p>An extended function description.</p>
-      </desc>
-    </func>
-
-    ...
-  </funcs>
-
-  <section>
-    <title>A title</title>
-
-    <p>Some text...</p>
-  </section>
-  
-  
-</cref>
-    ]]></pre>
-
-    <section>
-      <marker id="crefTAG"></marker>
-      <title>&lt;cref&gt;</title>
-
-      <p>The top level tag for a <c>cref</c> DTD.</p>
-
-      <p>Contains
-	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
-	<seealso marker="#libTAG">&lt;lib&gt;</seealso>,
-	<seealso marker="#libsummaryTAG">&lt;libsummary&gt;</seealso>,
-	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
-	zero or more
-	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
-	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, followed by
-	zero or more
-	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
-    </section>
-
-    <section>
-      <marker id="libTAG"></marker>
-      <title>&lt;lib&gt;</title>
-
-      <p>The C library name or acronym. Contains plain text.</p>
-    </section>
-
-    <section>
-      <marker id="libsummaryTAG"></marker>
-      <title>&lt;libsummary&gt;</title>
-
-      <p>Short summary. Contains plain text.</p>
-    </section>
-  </section>
-
-  <section>
-    <marker id="erlrefDTD"></marker>
-    <title>The erlref DTD</title>
-
-    <p>This is the DTD for writing Erlang module manual pages.</p>
-
-    <p>Example:</p>
-    <pre>
-&lt;?xml version="1.0" encoding="latin1" ?>
-&lt;!DOCTYPE erlref SYSTEM "erlref.dtd">
-&lt;erlref>
-  &lt;header>
-    &lt;title>Module name&lt;/title>
-    &lt;prepared/>
-    &lt;docno/>
-    &lt;date/>
-    &lt;rev/>
-  &lt;/header>
-
-  &lt;module>Module name&lt;/module>
-
-  &lt;modulesummary>A short module summary.&lt;/modulesummary>
-
-  &lt;description>
-    &lt;p>A longer description of the module.&lt;/p>
-  &lt;/description>
-  
-  &lt;funcs>
-    &lt;func>
-      &lt;name>start() -> Result&lt;/name>
-      &lt;name>start(N) -> Result&lt;/name>
-      &lt;fsummary>A short function summary (max 40 characters).&lt;/fsummary>
-      &lt;type>
-        &lt;v>Pid = pid()&lt;/v>
-        &lt;v>N = int()&lt;/v>
-        &lt;v>Result = {ok, Pid} | {error, Reason}&lt;/v>
-        &lt;v>Reason = term()&lt;/v>
-        &lt;d>A parameter description.&lt;/d>
-      &lt;/type>
-      &lt;desc>
-        &lt;p>An extended function description.&lt;/p>
-      &lt;/desc>
-    &lt;/func>
-
-    ...
-  &lt;/funcs>
-
-  &lt;section>
-    &lt;title>Some Title&lt;/title>
-    &lt;p>Some text...&lt;/p>
-  &lt;/section>
-  
-  &lt;authors>
-    &lt;aname>Name of author&lt;/aname>
-    &lt;email>Email of author&lt;/email>
-  &lt;/authors>
-&lt;/erlref>
-    </pre>
-
-    <section>
-      <marker id="erlrefTAG"></marker>
-      <title>&lt;erlref&gt;</title>
-
-      <p>The top level tag for an <c>erlref</c> DTD.</p>
-
-      <p>Contains
-	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
-	<seealso marker="#moduleTAG">&lt;module&gt;</seealso>,
-	<seealso marker="#modulesummaryTAG">&lt;modulesummary&gt;</seealso>,
-	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
-	zero or more
-	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
-	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, 
-	followed by zero or more
-	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
-    </section>
-
-    <section>
-      <marker id="moduleTAG"></marker>
-      <title>&lt;module&gt;</title>
-
-      <p>The module name. Contains plain text.</p>
-    </section>
-
-    <section>
-      <marker id="modulesummaryTAG"></marker>
-      <title>&lt;modulesummary&gt;</title>
-
-      <p>Short summary. Contains plain text.</p>
-    </section>
-  </section>
-
-  <section>
-    <marker id="filerefDTD"></marker>
-    <title>The fileref DTD</title>
-
-    <p>This is the DTD for writing file manual pages. In OTP, this DTD
-      is used for defining the format of for example <c>.rel</c> and
-      <c>.app</c> files.</p>
-
-    <p>Example:</p>
-    <pre>
-&lt;?xml version="1.0" encoding="latin1" ?>
-&lt;!DOCTYPE fileref SYSTEM "fileref.dtd">
-&lt;fileref>
-  &lt;header>
-    &lt;title>File name&lt;/title>
-    &lt;prepared/>
-    &lt;docno/>
-    &lt;date/>
-    &lt;rev/>
-  &lt;/header>
-
-  &lt;file>fileref&lt;/file>
-
-  &lt;filesummary>A short file summary.&lt;/filesummary>
-
-  &lt;description>
-    &lt;p>A longer description of the file.&lt;/p>
-  &lt;/description>
-  
-  &lt;section>
-    &lt;title>File format&lt;/title>
-
-    &lt;p>...&lt;/p>
-  &lt;/section>
-  
-  &lt;authors>
-    &lt;aname>Name of author&lt;/aname>
-    &lt;email>Email of author&lt;/email>
-  &lt;/authors>
-&lt;/fileref>
-    </pre>
-
-    <p>The file reference manual can also contain function definitions,
-      similar to the <c>erlref</c> DTD.</p>
-
-    <section>
-      <marker id="filerefTAG"></marker>
-      <title>&lt;fileref&gt;</title>
-
-      <p>The top level tag for a <c>fileref</c> DTD.</p>
-
-      <p>Contains
-	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
-	<seealso marker="#fileTAG">&lt;file&gt;</seealso>,
-	<seealso marker="#filesummaryTAG">&lt;filesummary&gt;</seealso>,
-	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
-	zero or more
-	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
-	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, 
-	followed by zero or more
-	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
-    </section>
-
-    <section>
-      <marker id="fileTAG"></marker>
-      <title>&lt;file&gt;</title>
-
-      <p>The name of the file or file type. Contains plain text.</p>
-    </section>
-
-    <section>
-      <marker id="filesummaryTAG"></marker>
-      <title>&lt;filesummary&gt;</title>
-
-      <p>Short summary. Contains plain text.</p>
-    </section>
-  </section>
-
-    <section>
-    <marker id="descriptionTAG"></marker>
-    <title>&lt;description&gt;</title>
-
-    <p>The introduction after the title and before sections and
-      "formal" definitions.</p>
-
-    <p>Contains any combination and any number of
-      <seealso marker="block_tags">block tags</seealso> except
-      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.</p>
-  </section>
-
-  <section>
-    <marker id="sectionTAG"></marker>
-    <title>&lt;section&gt;</title>
-
-    <p>Subdivisions of the document. Contains an optional
-      <seealso marker="inline_tags#markerTAG">&lt;marker&gt;</seealso>,
-      a <seealso marker="user_guide_dtds#titleTAG">&lt;title&gt;</seealso>,
-      
-      followed by any combination and any number of
-      <seealso marker="block_tags">block tags</seealso> except
-      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.</p>
-  </section>
-
-  <section>
-    <marker id="funcsTAG"></marker>
-    <title>&lt;funcs&gt;</title>
-
-    <p>A group of "formal" function definitions.</p>
-    
-    <p>Contains one or more
-      <seealso marker="#funcTAG">&lt;func&gt;</seealso>.</p>
-  </section>
-
-  <section>
-    <marker id="funcTAG"></marker>
-    <title>&lt;func&gt;</title>
-
-    <p>A "formal" function definition.</p>
-
-    <p>Contains one or more
-      <seealso marker="#nameTAG">&lt;name&gt;</seealso>, followed by
-      <seealso marker="#fsummaryTAG">&lt;fsummary&gt;</seealso>,
-      <seealso marker="#typeTAG">&lt;type&gt;</seealso> (optional) and
-      <seealso marker="#descTAG">&lt;desc&gt;</seealso> (optional).</p>
-  </section>
-
-  <section>
-    <marker id="nameTAG"></marker>
-    <title>&lt;name&gt;</title>
-
-    <p>Function/command signature with name, arguments and return value.
-      Contains plain text, except for the <c>cref</c> DTD where it
-      contains a <c><![CDATA[<ret>]]></c> (return type, plain text) and
-      a <c><![CDATA[<nametext>]]></c> (function name and arguments,
-      plain text).</p>
-
-    <p>In the case of an <c>erlref</c> DTD, DocBuilder will
-      automatically try to add a
-      <seealso marker="inline_tags#markerTAG">marker</seealso>,
-      <c><![CDATA[<marker id="Name/Arity">]]></c> or
-      <c><![CDATA[<marker id="Name">]]></c>, based on the contents of
-      this tag before the function definition.</p>
-
-    <p>Example: Consider the following name definition</p>
-    <pre><![CDATA[
-<name>foo(Arg1, Arg2) -> ok | {error, Reason}</name>
-    ]]></pre>
-
-    <p>DocBuilder will create a marker
-      <c><![CDATA[<marker id="foo/2">]]></c> before the function
-      definition in the generated HTML. That is, referring to
-      the function using
-      <c><![CDATA[<seealso marker="#foo/2">foo/2</seealso>]]></c> will
-      automatically work.</p>
-  </section>
-
-  <section>
-    <marker id="fsummaryTAG"></marker>
-    <title>&lt;fsummary&gt;</title>
-
-    <p>Function/command summary. Contains plain text,
-      <seealso marker="inline_tags#cTAG">&lt;c&gt;</seealso> and
-      <seealso marker="inline_tags#emTAG">&lt;em&gt;</seealso>.</p>
-  </section>
-
-  <section>
-    <marker id="typeTAG"></marker>
-    <title>&lt;type&gt;</title>
-
-    <p>Type declarations for the function/command.</p>
-
-    <p>Contains one or more pairs of
-      <seealso marker="#vTAG">&lt;v&gt;</seealso> and
-      <seealso marker="#dTAG">&lt;d&gt;</seealso> (optional).</p>
-  </section>
-
-  <section>
-    <marker id="vTAG"></marker>
-    <title>&lt;v&gt;</title>
-
-    <p>Type declaration for an argument or return value. Contains plain
-      text.</p>
-  </section>
-
-  <section>
-    <marker id="dTAG"></marker>
-    <title>&lt;d&gt;</title>
-
-    <p>Description for an argument or return value. Contains plain text,
-      <seealso marker="inline_tags#cTAG">&lt;c&gt;</seealso> and
-      <seealso marker="inline_tags#emTAG">&lt;em&gt;</seealso>.</p>
-  </section>
-
-  <section>
-    <marker id="descTAG"></marker>
-    <title>&lt;desc&gt;</title>
-
-    <p>Function/command description. Contains
-      <seealso marker="block_tags">block tags</seealso> except
-      <c>&lt;image&gt;</c> and <c>&lt;table&gt;</c>.</p>
-  </section>
-
-  <section>
-    <marker id="authorsTAG"></marker>
-    <title>&lt;authors&gt;</title>
-
-    <p>Authors of the manual page. The <c>authors</c> element is  optional.</p>
-
-    <p>Contains one or more pairs of
-      <seealso marker="#anameTAG">&lt;aname&gt;</seealso> and
-      <seealso marker="#emailTAG">&lt;email&gt;</seealso>.</p>
-  </section>
-
-  <section>
-    <marker id="anameTAG"></marker>
-    <title>&lt;aname&gt;</title>
-
-    <p>Author name. Contains plain text.</p>
-  </section>
-
-  <section>
-    <marker id="emailTAG"></marker>
-    <title>&lt;email&gt;</title>
-
-    <p>Author email address. Contains plain text.</p>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/doc/src/user_guide_dtds.xml b/lib/docbuilder/doc/src/user_guide_dtds.xml
deleted file mode 100644
index a2db44f830..0000000000
--- a/lib/docbuilder/doc/src/user_guide_dtds.xml
+++ /dev/null
@@ -1,181 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>1997</year><year>2009</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>User's Guide DTDs</title>
-    <prepared></prepared>
-    <docno></docno>
-    <date></date>
-    <rev></rev>
-    <file>user_guide_dtds.xml</file>
-  </header>
-
-  <section>
-    <marker id="partDTD"></marker>
-    <title>The part DTD</title>
-
-    <p>The <c>part</c> DTD is intended for a "normal" document, like
-      the User's Guide or Release Notes. First are some paragraphs
-      introducing the main contents. After that follows chapters,
-      written in separate files with
-      the <seealso marker="#chapterDTD">chapter</seealso> DTD.</p>
-
-    <p>Example:</p>
-    <pre>
-&lt;?xml version="1.0" encoding="latin1" ?>
-&lt;!DOCTYPE part SYSTEM "part.dtd"&gt;
-&lt;part&gt;
-  &lt;header&gt;
-    &lt;title&gt;The chapter title&lt;/title&gt;
-    &lt;prepared&gt;The author&lt;/prepared&gt;
-    &lt;docno/&gt;
-    &lt;date/&gt;
-    &lt;rev/&gt;
-  &lt;/header&gt;
-
-  &lt;description&gt;
-    &lt;p&gt;Some text..&lt;/p&gt;
-  &lt;/description&gt;
-
-  &lt;include file="file1"&gt;&lt;/include&gt;
-  &lt;include file="file2"&gt;&lt;/include&gt;
-&lt;/part&gt;
-    </pre>
-  </section>
-
-  <section>
-    <marker id="partTAG"></marker>
-    <title>&lt;part></title>
-
-    <p>The top level tag of a <c>part</c> DTD.</p>
-
-    <p>Contains a
-      <seealso marker="header_tags">&lt;header&gt;</seealso>,
-      an optional
-      <seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
-      followed by one or more
-      <seealso marker="#includeTAG">&lt;include&gt;</seealso>.</p>
-  </section>
-
-  <section>
-    <marker id="descriptionTAG"/>
-    <title>&lt;description&gt;</title>
-
-    <p>The introduction after the title and before the bulk of
-      included chapters/manual pages.</p>
-
-    <p>Contains any combination and any number
-      of <seealso marker="block_tags">block tags</seealso> except
-      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.</p>
-  </section>
-
-  <section>
-    <marker id="includeTAG"></marker>
-    <title>&lt;include&gt;</title>
-
-    <p>An empty tag. The attribute <c>file</c> specifies a file to
-      include. The <c>.xml</c> file extension should be omitted.</p>
-
-    <p>Example:</p>
-    <pre>
-&lt;include file="notes">&lt;/include>
-    </pre>
-  </section>
-
-  <section>
-    <marker id="chapterDTD"></marker>
-    <title>The chapter DTD</title>
-
-    <p>The <c>chapter</c> DTD is intended for a chapter in a User's
-      Guide or similar with text divided into sections, which can be
-      nested.</p>
-
-    <p>Example:</p>
-    <pre>
-&lt;?xml version="1.0" encoding="latin1" ?>
-&lt;!DOCTYPE chapter SYSTEM "chapter.dtd">
-&lt;chapter>
-  &lt;header>
-    &lt;title>Title on first level&lt;/title>
-    &lt;prepared/>
-    &lt;docno/>
-    &lt;date/>
-    &lt;rev/>
-  &lt;/header>
-  
-  &lt;p>Introduction...&lt;/p>
-
-  &lt;section>
-    &lt;title>Title on second level&lt;/title>
-
-    &lt;p>First paragraph.&lt;/p>
-
-    &lt;p>Second paragraph etc.&lt;/p>
-
-    &lt;section>
-      &lt;title>Title on third level&lt;/title>
-
-      &lt;p>...&lt;/p>
-    &lt;/section>
-  &lt;/section>
-
-  ...
-&lt;/chapter>
-    </pre>
-  </section>
-
-  <section>
-    <marker id="chapterTAG"></marker>
-    <title>&lt;chapter&gt;</title>
-
-    <p>The top level tag of a <c>chapter</c> DTD.</p>
-
-    <p>Contains a
-      <seealso marker="header_tags">&lt;header&gt;</seealso>,
-      an optional introduction consisting of any combination of
-      <seealso marker="block_tags">block tags</seealso>,
-      followed by one or more
-      <seealso marker="#sectionTAG">&lt;section&gt;</seealso>.</p>
-  </section>
-
-  <section>
-    <marker id="sectionTAG"></marker>
-    <title>&lt;section&gt;</title>
-
-    <p>Subdivision of a chapter.</p>
-
-    <p>Contains an optional
-      <seealso marker="inline_tags#markerTAG">&lt;marker&gt;</seealso>,
-      a <seealso marker="#titleTAG">&lt;title&gt;</seealso>,
-      followed by any combination and any number of
-      <seealso marker="block_tags">block tags</seealso> and
-      <c><![CDATA[<section>]]></c>.</p>
-  </section>
-
-  <section>
-    <marker id="titleTAG"></marker>
-    <title>&lt;title&gt;</title>
-
-    <p>Section title, contains plain text.</p>
-  </section>
-</chapter>
-
diff --git a/lib/docbuilder/dtd/Makefile b/lib/docbuilder/dtd/Makefile
deleted file mode 100644
index 05c656f3fc..0000000000
--- a/lib/docbuilder/dtd/Makefile
+++ /dev/null
@@ -1,91 +0,0 @@
-# ``The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved via the world wide web at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-# Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-# Utvecklings AB. All Rights Reserved.''
-# 
-#     $Id$
-#
-
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../vsn.mk
-VSN=$(DOCB_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/lib/docbuilder-$(VSN)
-
-# ----------------------------------------------------
-# Common Macros
-# ----------------------------------------------------
-
-DTD_FILES = \
-	application.dtd \
-	appref.dtd \
-	book.dtd \
-	bookinsidecover.dtd \
-	chapter.dtd \
-	cites.dtd \
-	common.dtd \
-	common.entities.dtd \
-	common.header.dtd \
-	common.image.dtd \
-	common.refs.dtd \
-	common.table.dtd \
-	comref.dtd \
-	cref.dtd \
-	erlref.dtd \
-	fascicules.dtd \
-	fileref.dtd \
-	part.dtd \
-	report.dtd \
-	terms.dtd \
-	xhtml-lat1.ent \
-	xhtml-special.ent \
-	xhtml-symbol.ent \
-	xhtml1-frameset.dtd \
-	xhtml1-strict.dtd \
-	xhtml1-transitional.dtd
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-
-debug opt: 
-
-clean:
-
-docs:
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-release_spec:
-	$(INSTALL_DIR) $(RELSYSDIR)/dtd
-	$(INSTALL_DATA) $(DTD_FILES) $(RELSYSDIR)/dtd
-
-release_docs_spec:
-
-
-
-
-
-
-
diff --git a/lib/docbuilder/dtd/common.dtd b/lib/docbuilder/dtd/common.dtd
deleted file mode 100644
index 2c4ad51ab1..0000000000
--- a/lib/docbuilder/dtd/common.dtd
+++ /dev/null
@@ -1,87 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!-- This file contains common stuff for all dtds. -->
-
-<!ENTITY % common.entities SYSTEM "common.entities.dtd" >
-%common.entities;
-
-<!ENTITY % block              "p|pre|code|list|taglist|codeinclude|
-                               erleval" >
-<!ENTITY % inline             "#PCDATA|c|em|term|cite|br|path|seealso|
-                               url|marker" >
-<!-- XXX --> 
-<!ELEMENT p                   (%inline;)* >
-<!ELEMENT pre                 (#PCDATA|seealso|url|input)* >
-<!ELEMENT input               (#PCDATA|seealso|url)* >
-<!ELEMENT code                (#PCDATA) >
-<!ATTLIST code                type (erl|c|none) "none" >
-<!ELEMENT quote               (p)* >
-<!ELEMENT warning             (%block;|quote|br|marker)* >
-<!ELEMENT note                (%block;|quote|br|marker)* >
-<!ELEMENT c                   (#PCDATA) >
-<!ELEMENT em                  (#PCDATA|c)* >
-
-<!-- XXX -->
-<!ELEMENT term                (termdef?) >
-<!ATTLIST term                id CDATA #REQUIRED >
-<!ELEMENT termdef             (#PCDATA) >
-<!ELEMENT cite                (citedef?) >
-<!ATTLIST cite                id CDATA #REQUIRED >
-<!ELEMENT citedef             (ctitle,cauthor,chowpublished) >
-<!ELEMENT ctitle              (#PCDATA) >
-<!ELEMENT cauthor             (#PCDATA) >
-<!ELEMENT chowpublished       (#PCDATA) >
-
-<!-- XXX --> 
-<!ELEMENT br                  EMPTY >
-
-<!-- Path -->
-
-<!ELEMENT path                (#PCDATA) >
-<!ATTLIST path                unix CDATA ""
-                              windows CDATA "" >
-
-<!-- List -->
-
-<!ELEMENT list                (item+) >
-<!ATTLIST list                 type (ordered|bulleted) "bulleted" >
-<!ELEMENT taglist             (tag,item)+ >
-<!ELEMENT tag                 (#PCDATA|c|em|seealso|url)* >
-<!ELEMENT item                (%inline;|%block;)* >
-
-<!-- References -->
-
-<!ELEMENT seealso             (#PCDATA) >
-<!ATTLIST seealso             marker CDATA #REQUIRED >
-<!ELEMENT url                 (#PCDATA) >
-<!ATTLIST url                 href CDATA #REQUIRED >
-<!ELEMENT marker              EMPTY >
-<!ATTLIST marker              id CDATA #REQUIRED >
-
-<!-- CodeInclude -->
-
-<!ELEMENT codeinclude          EMPTY >
-<!ATTLIST codeinclude          file CDATA #REQUIRED
-                               tag  CDATA ""
-                               type (erl|c|none) "none" >
-
-<!-- ErlEval -->
-
-<!ELEMENT erleval              EMPTY >
-<!ATTLIST erleval              expr CDATA #REQUIRED >
diff --git a/lib/docbuilder/dtd/common.refs.dtd b/lib/docbuilder/dtd/common.refs.dtd
deleted file mode 100644
index 7b9974fbda..0000000000
--- a/lib/docbuilder/dtd/common.refs.dtd
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!-- This file contains common stuff for the *ref.dtd files.
-     Note that `name' is defined in each *ref.dtd. --> 
-
-<!ENTITY % common SYSTEM "common.dtd" >
-%common;
-<!ENTITY % common.header SYSTEM "common.header.dtd" >
-%common.header;
-
-<!ELEMENT description         (%block;|quote|br|marker|warning|note)* >
-<!ELEMENT funcs               (func)+ >
-<!ELEMENT func                (name+,fsummary,type?,desc?) >
-<!-- ELEMENT name is defined in each ref dtd -->
-<!ELEMENT fsummary            (#PCDATA|c|em)* >
-<!ELEMENT type                (v,d?)+ >
-<!ELEMENT v                   (#PCDATA) >
-<!ELEMENT d                   (#PCDATA|c|em)* >
-<!ELEMENT desc                (%block;|quote|br|marker|warning|note)* >
-<!ELEMENT authors             (aname,email)+ >
-<!ELEMENT aname               (#PCDATA) >
-<!ELEMENT email               (#PCDATA) >
-<!ELEMENT section             (marker*,title,(%block;|quote|br|marker|
-                               warning|note)*) >
diff --git a/lib/docbuilder/dtd/erlref.dtd b/lib/docbuilder/dtd/erlref.dtd
deleted file mode 100644
index 21656a1446..0000000000
--- a/lib/docbuilder/dtd/erlref.dtd
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common.refs SYSTEM "common.refs.dtd" >
-%common.refs;
-
-<!ELEMENT erlref              (header,module,modulesummary,description, 
-			       (section|funcs)*,authors?) >
-<!ELEMENT module              (#PCDATA) >
-<!ELEMENT modulesummary       (#PCDATA) >
-
-<!-- `name' is used in common.refs.dtd and must therefore 
-      be defined in each *ref. dtd -->
-<!ELEMENT name                (#PCDATA) >
diff --git a/lib/docbuilder/dtd/xhtml-lat1.ent b/lib/docbuilder/dtd/xhtml-lat1.ent
deleted file mode 100644
index aaae738cfc..0000000000
--- a/lib/docbuilder/dtd/xhtml-lat1.ent
+++ /dev/null
@@ -1,196 +0,0 @@
-<!-- Portions (C) International Organization for Standardization 1986
-     Permission to copy in any form is granted for use with
-     conforming SGML systems and applications as defined in
-     ISO 8879, provided this notice is included in all copies.
--->
-<!-- Character entity set. Typical invocation:
-    <!ENTITY % HTMLlat1 PUBLIC
-       "-//W3C//ENTITIES Latin 1 for XHTML//EN"
-       "http://www.w3.org/TR/xhtml1/DTD/xhtml-lat1.ent">
-    %HTMLlat1;
--->
-
-<!ENTITY nbsp   "&#160;"> <!-- no-break space = non-breaking space,
-                                  U+00A0 ISOnum -->
-<!ENTITY iexcl  "&#161;"> <!-- inverted exclamation mark, U+00A1 ISOnum -->
-<!ENTITY cent   "&#162;"> <!-- cent sign, U+00A2 ISOnum -->
-<!ENTITY pound  "&#163;"> <!-- pound sign, U+00A3 ISOnum -->
-<!ENTITY curren "&#164;"> <!-- currency sign, U+00A4 ISOnum -->
-<!ENTITY yen    "&#165;"> <!-- yen sign = yuan sign, U+00A5 ISOnum -->
-<!ENTITY brvbar "&#166;"> <!-- broken bar = broken vertical bar,
-                                  U+00A6 ISOnum -->
-<!ENTITY sect   "&#167;"> <!-- section sign, U+00A7 ISOnum -->
-<!ENTITY uml    "&#168;"> <!-- diaeresis = spacing diaeresis,
-                                  U+00A8 ISOdia -->
-<!ENTITY copy   "&#169;"> <!-- copyright sign, U+00A9 ISOnum -->
-<!ENTITY ordf   "&#170;"> <!-- feminine ordinal indicator, U+00AA ISOnum -->
-<!ENTITY laquo  "&#171;"> <!-- left-pointing double angle quotation mark
-                                  = left pointing guillemet, U+00AB ISOnum -->
-<!ENTITY not    "&#172;"> <!-- not sign = discretionary hyphen,
-                                  U+00AC ISOnum -->
-<!ENTITY shy    "&#173;"> <!-- soft hyphen = discretionary hyphen,
-                                  U+00AD ISOnum -->
-<!ENTITY reg    "&#174;"> <!-- registered sign = registered trade mark sign,
-                                  U+00AE ISOnum -->
-<!ENTITY macr   "&#175;"> <!-- macron = spacing macron = overline
-                                  = APL overbar, U+00AF ISOdia -->
-<!ENTITY deg    "&#176;"> <!-- degree sign, U+00B0 ISOnum -->
-<!ENTITY plusmn "&#177;"> <!-- plus-minus sign = plus-or-minus sign,
-                                  U+00B1 ISOnum -->
-<!ENTITY sup2   "&#178;"> <!-- superscript two = superscript digit two
-                                  = squared, U+00B2 ISOnum -->
-<!ENTITY sup3   "&#179;"> <!-- superscript three = superscript digit three
-                                  = cubed, U+00B3 ISOnum -->
-<!ENTITY acute  "&#180;"> <!-- acute accent = spacing acute,
-                                  U+00B4 ISOdia -->
-<!ENTITY micro  "&#181;"> <!-- micro sign, U+00B5 ISOnum -->
-<!ENTITY para   "&#182;"> <!-- pilcrow sign = paragraph sign,
-                                  U+00B6 ISOnum -->
-<!ENTITY middot "&#183;"> <!-- middle dot = Georgian comma
-                                  = Greek middle dot, U+00B7 ISOnum -->
-<!ENTITY cedil  "&#184;"> <!-- cedilla = spacing cedilla, U+00B8 ISOdia -->
-<!ENTITY sup1   "&#185;"> <!-- superscript one = superscript digit one,
-                                  U+00B9 ISOnum -->
-<!ENTITY ordm   "&#186;"> <!-- masculine ordinal indicator,
-                                  U+00BA ISOnum -->
-<!ENTITY raquo  "&#187;"> <!-- right-pointing double angle quotation mark
-                                  = right pointing guillemet, U+00BB ISOnum -->
-<!ENTITY frac14 "&#188;"> <!-- vulgar fraction one quarter
-                                  = fraction one quarter, U+00BC ISOnum -->
-<!ENTITY frac12 "&#189;"> <!-- vulgar fraction one half
-                                  = fraction one half, U+00BD ISOnum -->
-<!ENTITY frac34 "&#190;"> <!-- vulgar fraction three quarters
-                                  = fraction three quarters, U+00BE ISOnum -->
-<!ENTITY iquest "&#191;"> <!-- inverted question mark
-                                  = turned question mark, U+00BF ISOnum -->
-<!ENTITY Agrave "&#192;"> <!-- latin capital letter A with grave
-                                  = latin capital letter A grave,
-                                  U+00C0 ISOlat1 -->
-<!ENTITY Aacute "&#193;"> <!-- latin capital letter A with acute,
-                                  U+00C1 ISOlat1 -->
-<!ENTITY Acirc  "&#194;"> <!-- latin capital letter A with circumflex,
-                                  U+00C2 ISOlat1 -->
-<!ENTITY Atilde "&#195;"> <!-- latin capital letter A with tilde,
-                                  U+00C3 ISOlat1 -->
-<!ENTITY Auml   "&#196;"> <!-- latin capital letter A with diaeresis,
-                                  U+00C4 ISOlat1 -->
-<!ENTITY Aring  "&#197;"> <!-- latin capital letter A with ring above
-                                  = latin capital letter A ring,
-                                  U+00C5 ISOlat1 -->
-<!ENTITY AElig  "&#198;"> <!-- latin capital letter AE
-                                  = latin capital ligature AE,
-                                  U+00C6 ISOlat1 -->
-<!ENTITY Ccedil "&#199;"> <!-- latin capital letter C with cedilla,
-                                  U+00C7 ISOlat1 -->
-<!ENTITY Egrave "&#200;"> <!-- latin capital letter E with grave,
-                                  U+00C8 ISOlat1 -->
-<!ENTITY Eacute "&#201;"> <!-- latin capital letter E with acute,
-                                  U+00C9 ISOlat1 -->
-<!ENTITY Ecirc  "&#202;"> <!-- latin capital letter E with circumflex,
-                                  U+00CA ISOlat1 -->
-<!ENTITY Euml   "&#203;"> <!-- latin capital letter E with diaeresis,
-                                  U+00CB ISOlat1 -->
-<!ENTITY Igrave "&#204;"> <!-- latin capital letter I with grave,
-                                  U+00CC ISOlat1 -->
-<!ENTITY Iacute "&#205;"> <!-- latin capital letter I with acute,
-                                  U+00CD ISOlat1 -->
-<!ENTITY Icirc  "&#206;"> <!-- latin capital letter I with circumflex,
-                                  U+00CE ISOlat1 -->
-<!ENTITY Iuml   "&#207;"> <!-- latin capital letter I with diaeresis,
-                                  U+00CF ISOlat1 -->
-<!ENTITY ETH    "&#208;"> <!-- latin capital letter ETH, U+00D0 ISOlat1 -->
-<!ENTITY Ntilde "&#209;"> <!-- latin capital letter N with tilde,
-                                  U+00D1 ISOlat1 -->
-<!ENTITY Ograve "&#210;"> <!-- latin capital letter O with grave,
-                                  U+00D2 ISOlat1 -->
-<!ENTITY Oacute "&#211;"> <!-- latin capital letter O with acute,
-                                  U+00D3 ISOlat1 -->
-<!ENTITY Ocirc  "&#212;"> <!-- latin capital letter O with circumflex,
-                                  U+00D4 ISOlat1 -->
-<!ENTITY Otilde "&#213;"> <!-- latin capital letter O with tilde,
-                                  U+00D5 ISOlat1 -->
-<!ENTITY Ouml   "&#214;"> <!-- latin capital letter O with diaeresis,
-                                  U+00D6 ISOlat1 -->
-<!ENTITY times  "&#215;"> <!-- multiplication sign, U+00D7 ISOnum -->
-<!ENTITY Oslash "&#216;"> <!-- latin capital letter O with stroke
-                                  = latin capital letter O slash,
-                                  U+00D8 ISOlat1 -->
-<!ENTITY Ugrave "&#217;"> <!-- latin capital letter U with grave,
-                                  U+00D9 ISOlat1 -->
-<!ENTITY Uacute "&#218;"> <!-- latin capital letter U with acute,
-                                  U+00DA ISOlat1 -->
-<!ENTITY Ucirc  "&#219;"> <!-- latin capital letter U with circumflex,
-                                  U+00DB ISOlat1 -->
-<!ENTITY Uuml   "&#220;"> <!-- latin capital letter U with diaeresis,
-                                  U+00DC ISOlat1 -->
-<!ENTITY Yacute "&#221;"> <!-- latin capital letter Y with acute,
-                                  U+00DD ISOlat1 -->
-<!ENTITY THORN  "&#222;"> <!-- latin capital letter THORN,
-                                  U+00DE ISOlat1 -->
-<!ENTITY szlig  "&#223;"> <!-- latin small letter sharp s = ess-zed,
-                                  U+00DF ISOlat1 -->
-<!ENTITY agrave "&#224;"> <!-- latin small letter a with grave
-                                  = latin small letter a grave,
-                                  U+00E0 ISOlat1 -->
-<!ENTITY aacute "&#225;"> <!-- latin small letter a with acute,
-                                  U+00E1 ISOlat1 -->
-<!ENTITY acirc  "&#226;"> <!-- latin small letter a with circumflex,
-                                  U+00E2 ISOlat1 -->
-<!ENTITY atilde "&#227;"> <!-- latin small letter a with tilde,
-                                  U+00E3 ISOlat1 -->
-<!ENTITY auml   "&#228;"> <!-- latin small letter a with diaeresis,
-                                  U+00E4 ISOlat1 -->
-<!ENTITY aring  "&#229;"> <!-- latin small letter a with ring above
-                                  = latin small letter a ring,
-                                  U+00E5 ISOlat1 -->
-<!ENTITY aelig  "&#230;"> <!-- latin small letter ae
-                                  = latin small ligature ae, U+00E6 ISOlat1 -->
-<!ENTITY ccedil "&#231;"> <!-- latin small letter c with cedilla,
-                                  U+00E7 ISOlat1 -->
-<!ENTITY egrave "&#232;"> <!-- latin small letter e with grave,
-                                  U+00E8 ISOlat1 -->
-<!ENTITY eacute "&#233;"> <!-- latin small letter e with acute,
-                                  U+00E9 ISOlat1 -->
-<!ENTITY ecirc  "&#234;"> <!-- latin small letter e with circumflex,
-                                  U+00EA ISOlat1 -->
-<!ENTITY euml   "&#235;"> <!-- latin small letter e with diaeresis,
-                                  U+00EB ISOlat1 -->
-<!ENTITY igrave "&#236;"> <!-- latin small letter i with grave,
-                                  U+00EC ISOlat1 -->
-<!ENTITY iacute "&#237;"> <!-- latin small letter i with acute,
-                                  U+00ED ISOlat1 -->
-<!ENTITY icirc  "&#238;"> <!-- latin small letter i with circumflex,
-                                  U+00EE ISOlat1 -->
-<!ENTITY iuml   "&#239;"> <!-- latin small letter i with diaeresis,
-                                  U+00EF ISOlat1 -->
-<!ENTITY eth    "&#240;"> <!-- latin small letter eth, U+00F0 ISOlat1 -->
-<!ENTITY ntilde "&#241;"> <!-- latin small letter n with tilde,
-                                  U+00F1 ISOlat1 -->
-<!ENTITY ograve "&#242;"> <!-- latin small letter o with grave,
-                                  U+00F2 ISOlat1 -->
-<!ENTITY oacute "&#243;"> <!-- latin small letter o with acute,
-                                  U+00F3 ISOlat1 -->
-<!ENTITY ocirc  "&#244;"> <!-- latin small letter o with circumflex,
-                                  U+00F4 ISOlat1 -->
-<!ENTITY otilde "&#245;"> <!-- latin small letter o with tilde,
-                                  U+00F5 ISOlat1 -->
-<!ENTITY ouml   "&#246;"> <!-- latin small letter o with diaeresis,
-                                  U+00F6 ISOlat1 -->
-<!ENTITY divide "&#247;"> <!-- division sign, U+00F7 ISOnum -->
-<!ENTITY oslash "&#248;"> <!-- latin small letter o with stroke,
-                                  = latin small letter o slash,
-                                  U+00F8 ISOlat1 -->
-<!ENTITY ugrave "&#249;"> <!-- latin small letter u with grave,
-                                  U+00F9 ISOlat1 -->
-<!ENTITY uacute "&#250;"> <!-- latin small letter u with acute,
-                                  U+00FA ISOlat1 -->
-<!ENTITY ucirc  "&#251;"> <!-- latin small letter u with circumflex,
-                                  U+00FB ISOlat1 -->
-<!ENTITY uuml   "&#252;"> <!-- latin small letter u with diaeresis,
-                                  U+00FC ISOlat1 -->
-<!ENTITY yacute "&#253;"> <!-- latin small letter y with acute,
-                                  U+00FD ISOlat1 -->
-<!ENTITY thorn  "&#254;"> <!-- latin small letter thorn with,
-                                  U+00FE ISOlat1 -->
-<!ENTITY yuml   "&#255;"> <!-- latin small letter y with diaeresis,
-                                  U+00FF ISOlat1 -->
diff --git a/lib/docbuilder/ebin/.gitignore b/lib/docbuilder/ebin/.gitignore
deleted file mode 100644
index e69de29bb2..0000000000
--- a/lib/docbuilder/ebin/.gitignore
+++ /dev/null
diff --git a/lib/docbuilder/etc/Makefile b/lib/docbuilder/etc/Makefile
deleted file mode 100644
index a2f669d749..0000000000
--- a/lib/docbuilder/etc/Makefile
+++ /dev/null
@@ -1,67 +0,0 @@
-# ``The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved via the world wide web at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-# Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-# Utvecklings AB. All Rights Reserved.''
-# 
-#     $Id$
-#
-
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../vsn.mk
-VSN=$(DOCB_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/lib/docbuilder-$(VSN)
-
-# ----------------------------------------------------
-# Common Macros
-# ----------------------------------------------------
-
-VAR_FILES = \
-	note.gif \
-	warning.gif
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-
-debug opt: 
-
-clean:
-
-docs:
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-release_spec:
-	$(INSTALL_DIR) $(RELSYSDIR)/etc
-	$(INSTALL_DATA) $(VAR_FILES) $(RELSYSDIR)/etc
-
-release_docs_spec:
-
-
-
-
-
-
-
diff --git a/lib/docbuilder/etc/note.gif b/lib/docbuilder/etc/note.gif
deleted file mode 100644
index 6fffe30419..0000000000
--- a/lib/docbuilder/etc/note.gif
+++ /dev/null
diff --git a/lib/docbuilder/etc/warning.gif b/lib/docbuilder/etc/warning.gif
deleted file mode 100644
index 96af52360e..0000000000
--- a/lib/docbuilder/etc/warning.gif
+++ /dev/null
diff --git a/lib/docbuilder/info b/lib/docbuilder/info
deleted file mode 100644
index 60daa212c8..0000000000
--- a/lib/docbuilder/info
+++ /dev/null
@@ -1,2 +0,0 @@
-group: doc
-short: Tool for generating HTML documentation for applications.
diff --git a/lib/docbuilder/src/Makefile b/lib/docbuilder/src/Makefile
deleted file mode 100644
index e8a07a54e8..0000000000
--- a/lib/docbuilder/src/Makefile
+++ /dev/null
@@ -1,121 +0,0 @@
-# ``The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved via the world wide web at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-# Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-# Utvecklings AB. All Rights Reserved.''
-# 
-#     $Id$
-#
-
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../vsn.mk
-VSN=$(DOCB_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/lib/docbuilder-$(VSN)
-
-# ----------------------------------------------------
-# Common Macros
-# ----------------------------------------------------
-
-MODULES= \
-	docb_edoc_xml_cb \
-	docb_gen \
-	docb_html \
-	docb_html_layout \
-	docb_html_ref \
-	docb_html_util \
-	docb_html_util_iso \
-	docb_main \
-	docb_pretty_format \
-	docb_tr_application2html \
-	docb_tr_appref2html \
-	docb_tr_chapter2html \
-	docb_tr_cite2html \
-	docb_tr_comref2html \
-	docb_tr_cref2html \
-	docb_tr_erlref2html \
-	docb_tr_fileref2html \
-	docb_tr_first2html \
-	docb_tr_index2html \
-	docb_tr_part2html \
-	docb_tr_refs2kwic \
-	docb_tr_report2html \
-	docb_tr_term2html \
-	docb_transform \
-	docb_util \
-	docb_xmerl_tree_cb \
-	docb_xmerl_xml_cb \
-	docb_xml_check
-
-HRL_FILES= \
-	docb_util.hrl
-
-ERL_FILES= $(MODULES:%=%.erl)
-
-TARGET_FILES= $(MODULES:%=$(EBIN)/%.$(EMULATOR))
-
-APP_FILE= docbuilder.app
-APPUP_FILE= docbuilder.appup
-APP_SRC= $(APP_FILE).src
-APPUP_SRC= $(APPUP_FILE).src
-APP_TARGET= $(EBIN)/$(APP_FILE)
-APPUP_TARGET= $(EBIN)/$(APPUP_FILE)
-
-# ----------------------------------------------------
-# FLAGS
-# ----------------------------------------------------
-ERL_FLAGS +=
-XMERL = ../../xmerl
-ERL_COMPILE_FLAGS += -I$(XMERL)/include
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-
-debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) 
-
-clean:
-	rm -f $(TARGET_FILES) $(APP_TARGET) 
-	rm -f errs core *~
-
-$(APP_TARGET):	$(APP_SRC) ../vsn.mk
-	sed -e 's;%VSN%;$(VSN);' $< > $@
-$(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
-	sed -e 's;%VSN%;$(VSN);' $< > $@
-
-docs:
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-release_spec: opt
-	$(INSTALL_DIR) $(RELSYSDIR)/src
-	$(INSTALL_DATA) $(ERL_FILES) $(HRL_FILES) $(RELSYSDIR)/src
-	$(INSTALL_DIR) $(RELSYSDIR)/ebin
-	$(INSTALL_DATA) $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) $(RELSYSDIR)/ebin
-
-release_docs_spec:
-
-
-
-
-
diff --git a/lib/docbuilder/src/docb_edoc_xml_cb.erl b/lib/docbuilder/src/docb_edoc_xml_cb.erl
deleted file mode 100644
index 90491bc007..0000000000
--- a/lib/docbuilder/src/docb_edoc_xml_cb.erl
+++ /dev/null
@@ -1,1154 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the Licence for the specific language governing rights and limitations
-%% under the License.
-%%
-%% The Initial Developer of the Original Code is Ericsson AB.
-%% Portions created by Ericsson are Copyright 1999-2006, Ericsson AB.
-%% All Rights Reserved.��
-%%
-%%     $Id$
-%%
--module(docb_edoc_xml_cb).
-
-%% This is the EDoc callback module for creating DocBuilder erlref
-%% documents (man pages) in XML format, and also a DocBuilder chapter
-%% document based on "overview.edoc".
-%%
-%% Usage examples:
-%%   docb_gen File
-%%   docb_gen -chapter overview.edoc
-%% or (from an Erlang shell)
-%% edoc:file(File, [{layout,docb_edoc_xml_cb},{file_suffix,".xml"},
-%%                  {preprocess,true}]).
-%%
-%% The origin of this file is the edoc module otpsgml_layout.erl
-%% written by Richard Carlsson.
-
--export([module/2, overview/2]).
-
--include("xmerl.hrl").
-
--define(NL, "\n").
-
-%%-User interface-------------------------------------------------------
-
-%% ERLREF
-module(Element, Opts) ->
-    SortP = proplists:get_value(sort_functions, Opts, true),
-    XML = layout_module(Element, SortP),
-    xmerl:export_simple([XML], docb_xmerl_xml_cb, []).
-
-%% CHAPTER
-overview(Element, _Opts) ->
-    XML = layout_chapter(Element),
-    xmerl:export_simple([XML], docb_xmerl_xml_cb, []).
-
-%%--Internal functions--------------------------------------------------
-
-layout_module(#xmlElement{name = module, content = Es}=E, SortP) ->
-    Name = get_attrval(name, E),
-    Desc = get_content(description, Es),
-    ShortDesc = text_only(get_content(briefDescription, Desc)),
-    FullDesc =  otp_xmlify(get_content(fullDescription, Desc)),
-    Types0 = get_content(typedecls, Es),
-    Types1 = lists:sort([{type_name(Et), Et} || Et <- Types0]),
-    Functions =
-	case SortP of
-	    true ->
-		lists:sort([{function_name(Ef), Ef} ||
-			       Ef <- get_content(functions, Es)]);
-	    false ->
-		[{function_name(Ef), Ef} ||
-		    Ef <- get_content(functions, Es)]
-	end,
-    Header = {header, [
-		       ?NL,{title, [Name]},
-		       ?NL,{prepared, [""]},
-		       ?NL,{responsible, [""]},
-		       ?NL,{docno, ["1"]},
-		       ?NL,{approved, [""]},
-		       ?NL,{checked, [""]},
-		       ?NL,{date, [""]},
-		       ?NL,{rev, ["A"]},
-		       ?NL,{file, [Name++".xml"]}
-		      ]},
-    Module = {module, [Name]},
-    ModuleSummary = {modulesummary, ShortDesc},
-    Description = {description, [?NL|FullDesc]},
-    Types = case Types1 of
-		[] -> [];
-		_ ->
-		    [?NL, {section,[{title,["DATA TYPES"]},
-				    {marker,[{id,"types"}],[]},
-				    ?NL|types(Types1)]}]
-	    end,
-    Funcs = functions(Functions),
-    See = seealso_module(Es),
-    Authors = {authors, authors(Es)},
-    {erlref,
-     [?NL,Header,
-      ?NL,Module,
-      ?NL,ModuleSummary,
-      ?NL,Description]
-     ++ Types ++
-     [?NL,Funcs,
-      ?NL,See,
-      ?NL,Authors]
-    }.
-
-layout_chapter(#xmlElement{name=overview, content=Es}) ->
-    Title = get_text(title, Es),
-    Header = {header, [
-		       ?NL,{title,[Title]},
-		       ?NL,{prepared,[""]},
-		       ?NL,{docno,[""]},
-		       ?NL,{date,[""]},
-		       ?NL,{rev,[""]},
-		       ?NL,{file, ["chapter.xml"]}
-		      ]},
-    DescEs = get_content(description, Es),
-    FullDescEs = get_content(fullDescription, DescEs),
-    Sections = chapter_ify(FullDescEs, first),
-    {chapter, [?NL, Header, ?NL | Sections]}.
-
-chapter_ify([], _) ->
-    [];
-chapter_ify(Es, first) ->
-    %% Everything up to the first section should be made into
-    %% plain paragraphs -- or if no first section is found, everything
-    %% should be made into one
-    case find_next(h3, Es) of
-	{Es, []} ->
-	    SubSections = subchapter_ify(Es, first),
-	    [{section, [?NL,{title,["Overview"]},
-			?NL | SubSections]}];
-	{FirstEs, RestEs} ->
-	    otp_xmlify(FirstEs) ++ chapter_ify(RestEs, next)
-    end;
-chapter_ify([#xmlElement{name=h3} = E | Es], next) ->
-    {SectionEs, RestEs} = find_next(h3, Es),
-    SubSections = subchapter_ify(SectionEs, first),
-    {Marker, Title} = chapter_title(E),
-    [{section, [?NL,{marker,[{id,Marker}],[]},
-		?NL,{title,[Title]},
-		?NL | SubSections]} | chapter_ify(RestEs, next)].
-
-subchapter_ify([], _) ->
-    [];
-subchapter_ify(Es, first) ->
-    %% Everything up to the (possible) first subsection should be
-    %% made into plain paragraphs
-    {FirstEs, RestEs} = find_next(h4, Es),
-    otp_xmlify(FirstEs) ++ subchapter_ify(RestEs, next);
-subchapter_ify([#xmlElement{name=h4} = E | Es], next) ->
-    {SectionEs, RestEs} = find_next(h4, Es),
-    Elements = otp_xmlify(SectionEs),
-    {Marker, Title} = chapter_title(E),
-    [{section, [?NL,{marker,[{id,Marker}],[]},
-		?NL,{title,[Title]},
-		?NL | Elements]} | subchapter_ify(RestEs, next)].
-
-chapter_title(#xmlElement{content=Es}) -> % name = h3 | h4
-    case Es of
-	[#xmlElement{name=a} = E] ->
-	    {get_attrval(name, E), get_text(E)}
-    end.
-
-%%--XHTML->XML transformation-------------------------------------------
-
-%% otp_xmlify(Es1) -> Es2
-%%   Es1 = Es2 = [#xmlElement{} | #xmlText{}]
-%% Fix things that are allowed in XHTML but not in chapter/erlref DTDs.
-%% 1)  lists (<ul>, <ol>, <dl>) and code snippets (<pre>) can not occur
-%%     within a <p>, such a <p> must be splitted into a sequence of <p>,
-%%     <ul>, <ol>, <dl> and <pre>.
-%% 2)  <a> must only have either a href attribute (corresponds to a
-%%     <seealso> or <url> in the XML code) in which case its content
-%%     must be plain text; or a name attribute (<marker>).
-%% 3a) <b> content must be plain text.
-%%  b) <em> content must be plain text (or actually a <code> element
-%%     as well, but a simplification is used here).
-%%  c) <pre> content must be plain text (or could actually contain
-%%     <input> as well, but a simplification is used here).
-%% 4)  <code> content must be plain text, or the element must be split
-%%     into a list of elements.
-%% 5a) <h1>, <h2> etc is not allowed - replaced by its content within
-%%     a <b> tag.
-%%  b) <center> is not allowed - replaced by its content.
-%%  c) <font>   -"-
-%% 6)  <table> is not allowed in erlref, translated to text instead.
-%%     Also a <table> in chapter without a border is translated to text.
-%%     A <table> in chapter with a border must contain a <tcaption>.
-%% 7)  <sup> is not allowed - is replaced with its text content
-%%     within parenthesis.
-%% 8)  <blockquote> contents may need to be made into paragraphs
-%% 9)  <th> (table header) is not allowed - is replaced by
-%%     <td><em>...</em></td>.
-otp_xmlify([]) ->
-    [];
-otp_xmlify(Es0) ->
-    Es = case is_paragraph(hd(Es0)) of
-
-	     %% If the first element is a <p> xmlElement, then
-	     %% the entire element list is ready to be otp_xmlified.
-	     true ->
-		 Es0;
-
-	     %% If the first element is not a <p> xmlElement, then all
-	     %% elements up to the first <p> (or end of list) must be
-	     %% made into a paragraph (using the {p, Es} construction)
-	     %% before the list is otp_xmlified.
-	     false ->
-		 case find_next(p, Es0, []) of
-		     {[#xmlText{value=Str}] = First, Rest} ->
-			 %% Special case: Making a paragraph out of a
-			 %% blank line isn't a great idea.
-			 case is_empty(Str) of
-			     true ->
-				 Rest;
-			     false ->
-				 [{p,First}|Rest]
-			 end;
-		     {First, Rest} ->
-			 [{p,First}|Rest]
-		 end
-	 end,
-
-    %% Fix paragraph breaks not needed in XHTML but in XML
-    EsFixed = otp_xmlify_fix(Es),
-
-    otp_xmlify_es(EsFixed).
-
-%% EDoc does not always translate empty lines (with leading "%%")
-%% as paragraph break, this is the fix
-otp_xmlify_fix(Es) ->
-    otp_xmlify_fix(Es, []).
-otp_xmlify_fix([#xmlText{value="\n \n"++_} = E1, E2 | Es], Res) ->
-    %% This is how it looks when generating an erlref from a .erl file
-    case is_paragraph(E2) of
-	false ->
-	    {P, After} = find_p_ending(Es, []),
-	    otp_xmlify_fix(After, [{p, [E2|P]}, E1 | Res]);
-	true ->
-	    otp_xmlify_fix([E2|Es], [E1|Res])
-    end;
-otp_xmlify_fix([#xmlText{value="\n\n"} = E1, E2 | Es], Res) ->
-    %% This is how it looks when generating a chapter from overview.edoc
-    case is_paragraph(E2) of
-	false ->
-	    {P, After} = find_p_ending(Es, []),
-	    otp_xmlify_fix(After, [{p, [E2|P]}, E1 | Res]);
-	true ->
-	    otp_xmlify_fix([E2|Es], [E1|Res])
-    end;
-otp_xmlify_fix([E|Es], Res) ->
-    otp_xmlify_fix(Es, [E|Res]);
-otp_xmlify_fix([], Res) ->
-    lists:reverse(Res).
-
-otp_xmlify_es([E | Es]) ->
-    case is_paragraph(E) of
-	true ->
-	    case otp_xmlify_psplit(E) of
-
-		%% paragraph contained inline tags and text only
-		nosplit ->
-		    otp_xmlify_e(E) ++ otp_xmlify_es(Es);
-
-		%% paragraph contained dl, ul and/or pre and has been
-		%% splitted
-		SubEs ->
-		    lists:flatmap(fun otp_xmlify_e/1, SubEs) ++
-			otp_xmlify_es(Es)
-	    end;
-	false ->
-	    otp_xmlify_e(E) ++ otp_xmlify_es(Es)
-    end;
-otp_xmlify_es([]) ->
-    [].
-
-%% otp_xmlify_psplit(P) -> nosplit | [E]
-%% Handles case 1) above.
-%% Uses the {p, Es} construct, thus replaces an p xmlElement with one
-%% or more {p, Es} tuples if splitting the paraghrap is necessary.
-otp_xmlify_psplit(P) ->
-    otp_xmlify_psplit(p_content(P), [], []).
-otp_xmlify_psplit([#xmlElement{name=Name}=E | Es], Content, Res) ->
-    if
-	Name==blockquote; Name==ul; Name==ol; Name==dl; Name==pre;
-	Name==table ->
-	    case Content of
-		[] ->
-		    otp_xmlify_psplit(Es, [], [E|Res]);
-		[#xmlText{value=Str}] ->
-		    %% Special case: Making a paragraph out of a blank
-		    %% line isn't a great idea. Instead, this can be
-		    %% viewed as the case above, where there is no
-		    %% content to make a paragraph out of
-		    case is_empty(Str) of
-			true ->
-			    otp_xmlify_psplit(Es, [], [E|Res]);
-			false ->
-			    Pnew = {p, lists:reverse(Content)},
-			    otp_xmlify_psplit(Es, [], [E,Pnew|Res])
-		    end;
-		_ ->
-		    Pnew = {p, lists:reverse(Content)},
-		    otp_xmlify_psplit(Es, [], [E,Pnew|Res])
-	    end;
-
-	true ->
-	    otp_xmlify_psplit(Es, [E|Content], Res)
-    end;
-otp_xmlify_psplit([E | Es], Content, Res) ->
-    otp_xmlify_psplit(Es, [E|Content], Res);
-otp_xmlify_psplit([], _Content, []) ->
-    nosplit;
-otp_xmlify_psplit([], [], Res) ->
-    lists:reverse(Res);
-otp_xmlify_psplit([], [#xmlText{value="\n\n"}], Res) ->
-    lists:reverse(Res);
-otp_xmlify_psplit([], Content, Res) ->
-    Pnew = {p, lists:reverse(Content)},
-    lists:reverse([Pnew|Res]).
-
-%% otp_xmlify_e(E) -> [E]
-%% This is the function which does the actual transformation of
-%% single elements, normally by making sure the content corresponds
-%% to what is allowed by the OTP DTDs.
-%% Returns a list of elements as the xmlification in some cases
-%% returns no element or more than one element (although in most cases
-%% exactly one element).
-otp_xmlify_e(#xmlElement{name=a} = E) ->       % 2) above
-    otp_xmlify_a(E);
-otp_xmlify_e(#xmlElement{name=Tag} = E)        % 3a-c)
-  when Tag==b; Tag==em; Tag==pre ->
-    Content = text_only(E#xmlElement.content),
-    [E#xmlElement{content=Content}];
-otp_xmlify_e(#xmlElement{name=code} = E) ->    % 4)
-    case catch text_only(E#xmlElement.content) of
-	{'EXIT', _Error} ->
-	    otp_xmlify_code(E);
-	Content ->
-	    [E#xmlElement{content=Content}]
-    end;
-otp_xmlify_e(#xmlElement{name=Tag} = E)        % 5a
-  when Tag==h1; Tag==h2; Tag==h3; Tag==h4; Tag==h5 ->
-    Content = text_only(E#xmlElement.content),
-    [E#xmlElement{name=b, content=Content}];
-otp_xmlify_e(#xmlElement{name=Tag} = E)        % 5b-c)
-  when Tag==center;
-       Tag==font ->
-    otp_xmlify_e(E#xmlElement.content);
-otp_xmlify_e(#xmlElement{name=table} = E) ->   % 6)
-    case parent(E) of
-	module ->
-	    otp_xmlify_table(E#xmlElement.content);
-	overview ->
-	    Content0 = otp_xmlify_e(E#xmlElement.content),
-	    Summary = #xmlText{value=get_attrval(summary, E)},
-	    TCaption = E#xmlElement{name=tcaption,
-				    attributes=[],
-				    content=[Summary]},
-	    Content = Content0 ++ [TCaption],
-	    [E#xmlElement{attributes=[], content=Content}]
-    end;
-otp_xmlify_e(#xmlElement{name=tbody} = E) ->
-    otp_xmlify_e(E#xmlElement.content);
-otp_xmlify_e(#xmlElement{name=sup} = E) ->     % 7)
-    Text = get_text(E),
-    [#xmlText{parents = E#xmlElement.parents,
-	      pos = E#xmlElement.pos,
-	      language = E#xmlElement.language,
-	      value = "(" ++ Text ++ ")"}];
-otp_xmlify_e(#xmlElement{name=blockquote} = E) -> % 8)
-    Content = otp_xmlify_blockquote(E#xmlElement.content),
-    [E#xmlElement{content=Content}];
-otp_xmlify_e(#xmlElement{name=th} = E) ->      % 9)
-    Content = otp_xmlify_e(E#xmlElement.content),
-    EmE = E#xmlElement{name=em, content=Content},
-    [E#xmlElement{name=td, content=[EmE]}];
-otp_xmlify_e(#xmlElement{name=p} = E) ->       % recurse
-    Content = otp_xmlify_e(E#xmlElement.content),
-    [E#xmlElement{content=Content}];
-otp_xmlify_e({p, Content1}) ->
-    Content2 = otp_xmlify_e(Content1),
-    [{p, Content2}];
-otp_xmlify_e(#xmlElement{name=ul} = E) ->
-    Content = otp_xmlify_e(E#xmlElement.content),
-    [E#xmlElement{content=Content}];
-otp_xmlify_e(#xmlElement{name=li} = E) ->
-    %% Content may need to be made into <p>s etc.
-    Content = otp_xmlify(E#xmlElement.content),
-    [E#xmlElement{content=Content}];
-otp_xmlify_e(#xmlElement{name=dl} = E) ->
-    Content0 = otp_xmlify_e(E#xmlElement.content),
-    Content = otp_xmlify_dl(Content0),
-    [E#xmlElement{content=Content}];
-otp_xmlify_e(#xmlElement{name=dt} = E) ->
-    %% Special fix: Markers in <taglist> <tag>s are not allowed,
-    %% save it using 'put' and place the marker first in the <item>
-    %% instead
-    Content = case E#xmlElement.content of
-		  [#xmlElement{name=a} = A] ->
-		      put(dt_marker, otp_xmlify_e(A)),
-		      otp_xmlify_e(A#xmlElement.content);
-		  _ ->
-		      otp_xmlify_e(E#xmlElement.content)
-	      end,
-    [E#xmlElement{content=Content}];
-otp_xmlify_e(#xmlElement{name=dd} = E) ->
-    %% Content may need to be made into <p>s etc.
-    Content0 = otp_xmlify(E#xmlElement.content),
-    Content = case get(dt_marker) of
-		  undefined -> Content0;
-		  [Marker] ->
-		      put(dt_marker, undefined),
-		      [Marker#xmlElement{content=[]}|Content0]
-	      end,
-    [E#xmlElement{content=Content}];
-otp_xmlify_e(#xmlElement{name=tr} = E) ->
-    Content = otp_xmlify_e(E#xmlElement.content),
-    [E#xmlElement{content=Content}];
-otp_xmlify_e(#xmlElement{name=td} = E) ->
-    Content = otp_xmlify_e(E#xmlElement.content),
-    [E#xmlElement{content=Content}];
-otp_xmlify_e([E | Es]) ->
-    otp_xmlify_e(E) ++ otp_xmlify_e(Es);
-otp_xmlify_e([]) ->
-    [];
-otp_xmlify_e(E) ->
-    [E].
-
-%%--Tags with special handling------------------------------------------
-
-%% otp_xmlify_a(A1) -> [A2]
-%% Takes an <a> element and filters the attributes to decide wheather
-%% its a seealso/url or a marker.
-%% In the case of a seealso/url, the href part is checked, making
-%% sure a .xml/.html file extension is removed (as DocBuilder inserts
-%% .html extension when resolving cross references).
-%% Also, references to other applications //App has a href attribute
-%% value "OTPROOT/..." (due to app_default being set to "OTPROOT" in
-%% docb_gen.erl), in this case both href attribute and content must be
-%% formatted correctly according to DocBuilder requirements.
-otp_xmlify_a(A) ->
-    [Attr0] = filter_a_attrs(A#xmlElement.attributes),
-    case Attr0 of
-	#xmlAttribute{name=href, value=Href0} -> % seealso | url
-	    Content0 = text_only(A#xmlElement.content),
-	    {Href, Content} = otp_xmlify_a_href(Href0, Content0),
-	    [A#xmlElement{attributes=[Attr0#xmlAttribute{value=Href}],
-			  content=Content}];
-	#xmlAttribute{name=name} -> % marker
-	    Content = otp_xmlify_e(A#xmlElement.content),
-	    [A#xmlElement{attributes=[Attr0], content=Content}]
-    end.
-
-%% filter_a_attrs(Attrs) -> [Attr]
-%% Removes all attributes from a <a> element except the href or
-%% name attribute.
-filter_a_attrs([#xmlAttribute{name=href} = Attr | _Attrs]) ->
-    [Attr];
-filter_a_attrs([#xmlAttribute{name=name} = Attr | _Attrs]) ->
-    [Attr];
-filter_a_attrs([_Attr|Attrs]) ->
-    filter_a_attrs(Attrs);
-filter_a_attrs([]) ->
-    [].
-
-%% otp_xmlify_a_href(Href0, Es0) -> {Href1, Es1}
-%%   Href = string()
-otp_xmlify_a_href("#"++_ = Marker, Es0) -> % <seealso marker="#what">
-    {Marker, Es0};
-otp_xmlify_a_href("http:"++_ = URL, Es0) -> % external URL
-    {URL, Es0};
-otp_xmlify_a_href("OTPROOT"++AppRef, Es0) -> % <.. marker="App:FileRef
-    [AppS, "doc", FileRef1] = split(AppRef, "/"),
-    FileRef = AppS++":"++otp_xmlify_a_fileref(FileRef1, AppS),
-    [#xmlText{value=Str0} = T] = Es0,
-    Str = case split(Str0, "/") of
-	      %% //Application
-	      [AppS2] ->
-		  %% AppS2 can differ from AppS
-		  %% Example: xmerl/XMerL
-		  AppS2;
-	      [_AppS,ModRef] ->
-		  case split(ModRef, ":") of
-		      %% //Application/Module
-		      [Module] ->
-			  Module++"(3)";
-		      %% //Application/Module:Type()
-		      [_Module,_Type] ->
-			  ModRef
-		  end;
-	      %% //Application/Module:Function/Arity
-	      [_AppS,ModFunc,Arity] ->
-		  ModFunc++"/"++Arity
-	  end,
-    {FileRef, [T#xmlText{value=Str}]};
-otp_xmlify_a_href("../"++File, Es0) ->
-    %% Special case: This kind of relative path is used on some
-    %% places within i.e. EDoc and refers to a file within the same
-    %% application tree.
-    %% Correct the path according to the OTP directory structure
-    {"../../"++File, Es0};
-otp_xmlify_a_href(FileRef1, Es0) -> % File within the same application
-    FileRef2 = otp_xmlify_a_fileref(FileRef1, this),
-    {FileRef2, Es0}.
-
-%% otp_xmlify_a_fileref(FileRef1, AppS|this) -> FileRef2
-%%   AppS = FileRef = string()
-otp_xmlify_a_fileref(FileRef1, AppS) ->
-    case split(FileRef1, ".#") of
-
-	%% EDoc default name is "overview-summary.html,
-	%% name of OTP User's Guide chapter is "chapter.xml"
-	["overview-summary", _Ext] ->
-	    "chapter";
-	["overview-summary", _Ext, Marker] ->
-	    "chapter#"++Marker;
-
-	[File, Ext] when Ext=="xml";
-			 Ext=="html", AppS/=this ->
-	    File;
-	[File, Ext, Marker0] ->
-	    %% Here is an awkward solution to an awkward problem
-	    %% The marker automatically inserted by DocBuilder at
-	    %% each function does not seem to work for EDoc generated
-	    %% ERLREFs.
-	    %% So if the referenced marker is in an ERLREF generated
-	    %% by EDoc, keep it "as is", ie "function-arity".
-	    %% If the referenced marker is NOT in an ERLREF generated
-	    %% by EDoc, the marker should be on the format
-	    %% "function/arity".
-	    %% The awkward part of the solution is to decide wheather
-	    %% the ERLREF is generated by EDoc or not: Here we make
-	    %% the decision based on which application the module
-	    %% belongs to -- which is ok when the module was written
-	    %% but probably not in the future...
-	    EDocApps = ["edoc","hipe","syntax_tools","xmerl"],
-	    IsEDocGenerated = lists:member(AppS, EDocApps),
-	    Marker = if
-			 %% The marker is in a file in *this*
-			 %% application (which documentation obviously
-			 %% is generated by EDoc), or it is in a file
-			 %% in an application which documentation
-			 %% is assumed to be generated by EDoc
-			 AppS==this; IsEDocGenerated ->
-			     Marker0;
-
-			 %% The marker is in a file in an application
-			 %% which documentation is assumed NOT to be
-			 %% generated by EDoc
-			 true ->
-			     case split(Marker0, "-") of
-				 [Func,Arity] ->
-				     Func++"/"++Arity;
-				 _ ->
-				     Marker0
-			     end
-		     end,
-	    if
-		%% Ignore file extension in file reference if it either
-		%% is ".xml" or if it is ".html" but AppS/=this, that
-		%% is, we're resolving an OTPROOT file reference
-		Ext=="xml";
-		Ext=="html", AppS/=this ->
-		    File++"#"++Marker;
-		true ->
-		    File++"."++Ext++"#"++Marker
-	    end;
-
-	%% References to other files than XML files are kept as-is
-	_ ->
-	    FileRef1
-    end.
-
-%% otp_xmlify_blockquote(Es1) -> Es2
-%% Ensures that the content of a <blockquote> is divided into
-%% <p>s using the {p, Es} construct.
-otp_xmlify_blockquote([#xmlElement{name=p} = E|Es]) ->
-    [E | otp_xmlify_blockquote(Es)];
-otp_xmlify_blockquote([#xmlText{} = E|Es]) ->
-    {P, After} = find_p_ending(Es, []),
-    [{p, [E|P]} | otp_xmlify_blockquote(After)];
-otp_xmlify_blockquote([]) ->
-    [].
-
-%% otp_xmlify_code(E) -> Es
-%% Takes a <code> xmlElement and split it into a list of <code> and
-%% other xmlElements. Necessary when it contains more than a single
-%% xmlText element.
-%% Example:
-%% #xmlElement{name=code,
-%%             content=[#xmlText{}, #xmlElement{name=br}, #xmlText{}]}
-%% =>
-%% [#xmlElement{name=code, content=[#xmlText{}]},
-%%  #xmlElement{name=br},
-%%  #xmlElement{name=code, content=[#xmlText{}]}]
-otp_xmlify_code(E) ->
-    otp_xmlify_code(E, E#xmlElement.content, []).
-otp_xmlify_code(Code, [#xmlText{} = E|Es], Acc) ->
-    otp_xmlify_code(Code, Es, [Code#xmlElement{content=[E]}|Acc]);
-otp_xmlify_code(Code, [#xmlElement{} = E|Es], Acc) ->
-    otp_xmlify_code(Code, Es, [E|Acc]);
-otp_xmlify_code(_Code, [], Acc) ->
-    lists:reverse(Acc).
-
-%% otp_xmlify_dl(Es1) -> Es2
-%% Insert empty <dd> elements if necessary.
-%% OTP DTDs does not allow <taglist>s with <tag>s but no <item>s.
-otp_xmlify_dl([#xmlElement{name=dt} = E|Es]) ->
-    [E|otp_xmlify_dl(Es, E)];
-otp_xmlify_dl([E|Es]) ->
-    [E|otp_xmlify_dl(Es)];
-otp_xmlify_dl([]) ->
-    [].
-
-otp_xmlify_dl([#xmlElement{name=dd} = E|Es], _DT) ->
-    [E|otp_xmlify_dl(Es)];
-otp_xmlify_dl([#xmlElement{name=dt} = E|Es], DT) ->
-    DD = DT#xmlElement{name=dd, attributes=[], content=[]},
-    [DD,E|otp_xmlify_dl(Es, E)];
-otp_xmlify_dl([E|Es], DT) ->
-    [E|otp_xmlify_dl(Es, DT)];
-otp_xmlify_dl([], DT) ->
-    DD = DT#xmlElement{name=dd, attributes=[], content=[]},
-    [DD].
-
-%% otp_xmlify_table(Es1) -> Es2
-%% Transform <table> contents into "text", that is, inline elements.
-otp_xmlify_table([#xmlText{} = E|Es]) ->
-    [E | otp_xmlify_table(Es)];
-otp_xmlify_table([#xmlElement{name=tbody} = E|Es]) ->
-    otp_xmlify_table(E#xmlElement.content)++otp_xmlify_table(Es);
-otp_xmlify_table([#xmlElement{name=tr, content=Content}|Es]) ->
-    %% Insert newlines between table rows
-    otp_xmlify_table(Content)++[{br,[]}]++otp_xmlify_table(Es);
-otp_xmlify_table([#xmlElement{name=th, content=Content}|Es]) ->
-    [{em, Content} | otp_xmlify_table(Es)];
-otp_xmlify_table([#xmlElement{name=td, content=Content}|Es]) ->
-    otp_xmlify_e(Content) ++ otp_xmlify_table(Es);
-otp_xmlify_table([]) ->
-    [].
-
-%%--Misc help functions used by otp_xmlify/1 et al---------------------
-
-%% find_next(Tag, Es) -> {Es1, Es2}
-%% Returns {Es1, Es2} where Es1 is the list of all elements up to (but
-%% not including) the first element with tag Tag in Es, and Es2
-%% is the remaining elements of Es.
-find_next(Tag, Es) ->
-    find_next(Tag, Es, []).
-find_next(Tag, [#xmlElement{name=Tag} = E | Es], AccEs) ->
-    {lists:reverse(AccEs), [E|Es]};
-find_next(Tag, [E|Es], AccEs) ->
-    find_next(Tag, Es, [E|AccEs]);
-find_next(_Tag, [], AccEs) ->
-    {lists:reverse(AccEs), []}.
-
-%% find_p_ending(Es, []) -> {Es1, Es2}
-%% Returns {Es1, Es2} where Es1 is the list of all elements up to (but
-%% not including) the first paragraph break in Es, and Es2 is
-%% the remaining elements of Es2.
-%% Paragraph break = <p> tag or empty line
-%% the next blank line, <p> or end-of-list as P, and the remaining
-%% elements of Es as After.
-find_p_ending([#xmlText{value="\n \n"++_} = E|Es], P) ->
-    {lists:reverse(P), [E|Es]};
-find_p_ending([#xmlElement{name=p} = E|Es], P) ->
-    {lists:reverse(P), [E|Es]};
-find_p_ending([E|Es], P) ->
-    find_p_ending(Es, [E|P]);
-find_p_ending([], P) ->
-    {lists:reverse(P), []}.
-
-%% is_paragraph(E | P) -> bool()
-%%   P = {p, Es}
-is_paragraph(#xmlElement{name=p}) -> true;
-is_paragraph({p, _Es}) -> true;
-is_paragraph(_E) -> false.
-
-%% p_content(E | P) -> Es
-p_content(#xmlElement{content=Content}) -> Content;
-p_content({p, Content}) -> Content.
-
-%% is_empty(Str) -> bool()
-%%   Str = string()
-%% Returns true if Str is empty in the sense that it contains nothing
-%% but spaces, tabs or newlines.
-is_empty("\n"++Str) ->
-    is_empty(Str);
-is_empty(" "++Str) ->
-    is_empty(Str);
-is_empty("\t"++Str) ->
-    is_empty(Str);
-is_empty("") ->
-    true;
-is_empty(_) ->
-    false.
-
-%% split(Str, Seps) -> [Str]
-split(Str, Seps) ->
-    split(Str, Seps, []).
-
-split([Ch|Str], Seps, Acc) ->
-    case lists:member(Ch, Seps) of
-	true ->  split(Str, Seps, Acc);
-	false -> split(Str, Seps, Acc, [Ch])
-    end;
-split([], _Seps, Acc) ->
-    lists:reverse(Acc).
-
-split([Ch|Str], Seps, Acc, Chs) ->
-    case lists:member(Ch, Seps) of
-	true ->  split(Str, Seps, [lists:reverse(Chs)|Acc]);
-	false -> split(Str, Seps, Acc, [Ch|Chs])
-    end;
-split([], _Seps, Acc, Chs) ->
-    lists:reverse([lists:reverse(Chs)|Acc]).
-
-%%--Functions for creating an erlref document---------------------------
-
-%% function_name(F) -> string()
-%%   F = #xmlElement{name=function}
-%% Returns the name of a function as "name/arity".
-function_name(E) ->
-    get_attrval(name, E) ++ "/" ++ get_attrval(arity, E).
-
-%% functions(Fs) -> Es
-%%   Fs = [{Name, F}]
-%%     Name = string()  "name/arity"
-%%     F = #xmlElement{name=function}
-functions(Fs) ->
-    Es = lists:flatmap(fun ({Name, E}) -> function(Name, E) end, Fs),
-    if
-	Es==[] ->
-	    [];
-	true ->
-	    {funcs, Es}
-    end.
-
-function(_Name, E=#xmlElement{content = Es}) ->
-    TypeSpec = get_content(typespec, Es),
-    [?NL,{func, [ ?NL,
-		  {name, 
-			  case funcheader(TypeSpec) of
-			      [] ->
-				  signature(get_content(args, Es),
-					    get_attrval(name, E));
-			      Spec -> Spec
-			  end
-			 },
-		  ?NL,{fsummary, fsummary(Es)},
-		  ?NL,local_types(TypeSpec),
-		  ?NL,{desc,
-		       label_anchor(E)++
-		       deprecated(Es)++
-		       fulldesc(Es)++
-		       seealso_function(Es)}
-	   ]}].
-
-fsummary([]) -> ["\s"];
-fsummary(Es) ->
-    Desc = get_content(description, Es),
-    case get_content(briefDescription, Desc) of
-	[] ->
-	    fsummary_equiv(Es);    % no description at all if no equiv
-	ShortDesc ->
-	    text_only(ShortDesc)
-    end.
-
-fsummary_equiv(Es) ->
-    case get_content(equiv, Es) of
-	[] -> ["\s"];
-	Es1 ->
-	    case get_content(expr, Es1) of
-		[] -> ["\s"];
-		[Expr] ->
-		    ["Equivalent to ", Expr, ".",?NL]
-	    end
-    end.
-
-label_anchor(E) ->
-    case get_attrval(label, E) of
-	"" -> [];
-	Ref -> [{marker, [{id, Ref}],[]},?NL]
-    end.
-
-label_anchor(Content, E) ->
-    case get_attrval(label, E) of
-	"" -> Content;
-	Ref -> {p,[{marker, [{id, Ref}],[]},
-		   {em, Content}]}
-    end.
-
-signature(Es, Name) -> 
-    [Name, "("] ++ seq(fun arg/1, Es) ++ [") -> term()", ?NL].
-
-arg(#xmlElement{content = Es}) ->
-    [get_text(argName, Es)].
-
-funcheader([]) -> [];
-funcheader(Es) ->
-    [t_name(get_elem(erlangName, Es))] ++ t_utype(get_elem(type, Es)).
-
-local_types([]) -> [];
-local_types(Es) ->
-    local_defs2(get_elem(localdef, Es)).
-
-local_defs2([]) -> [];
-local_defs2(Es) ->
-    {type,[?NL | [{v, localdef2(E)} || E <- Es]]}.
-
-%% Like localdef/1, but does not use label_anchor/2 -- we don't want any
-%% markers or em tags in <v> tag, plain text only!
-localdef2(#xmlElement{content = Es}) ->
-    case get_elem(typevar, Es) of
-	[] -> 
-	    t_utype(get_elem(type, Es));
-	[V] ->
-	    t_var(V) ++ [" = "] ++ t_utype(get_elem(type, Es))
-    end.
-
-type_name(#xmlElement{content = Es}) ->
-    t_name(get_elem(erlangName, get_content(typedef, Es))).
-
-types(Ts) ->
-    Es = lists:flatmap(fun ({Name, E}) -> typedecl(Name, E) end, Ts),
-    [?NL, {taglist,[?NL|Es]}].
-
-typedecl(Name, #xmlElement{content = Es}) ->
-    TypedefEs = get_content(typedef, Es),
-    Id = "type-"++Name,
-    [{tag, typedef(TypedefEs)},
-     ?NL,
-     {item, [{marker,[{id,Id}],[]} |
-	     local_defs(get_elem(localdef, TypedefEs)) ++ fulldesc(Es)]},
-     ?NL].
-
-typedef(Es) ->
-    Name = ([t_name(get_elem(erlangName, Es)), "("]
-  	    ++ seq(fun t_utype_elem/1, get_content(argtypes, Es), [")"])),
-    case get_elem(type, Es) of
- 	 [] ->
-	    [{tt, Name}];
- 	 Type ->
-	    [{tt, Name ++ [" = "] ++ t_utype(Type)}]
-    end.
-
-local_defs([]) -> [];
-local_defs(Es) ->
-    [?NL, {ul, [{li, [{tt, localdef(E)}]} || E <- Es]}].
-
-localdef(E = #xmlElement{content = Es}) ->
-    Var = case get_elem(typevar, Es) of
-	      [] -> 
-		  [label_anchor(t_abstype(get_content(abstype, Es)), E)];
-	      [V] ->
-		  t_var(V)
-	  end,
-    Var ++ [" = "] ++ t_utype(get_elem(type, Es)).
-
-deprecated(Es) ->
-    case get_content(deprecated, Es) of
-	[] -> [];
-	DeprEs ->
-	    Es2 = get_content(fullDescription,
-			      get_content(description, DeprEs)),
-	    Es3 = otp_xmlify_e(Es2),
-	    [{p, [{em, ["This function is deprecated: "]} |Es3]}, ?NL]
-    end.
-
-fulldesc(Es) ->
-    case get_content(fullDescription, get_content(description, Es)) of
-	[] ->
-	    index_desc(Es);
-	Desc ->
-	    [?NL|otp_xmlify(Desc)] ++ [?NL]
-    end.
-
-index_desc(Es) ->
-    Desc = get_content(description, Es),
-    case get_content(briefDescription, Desc) of
-	[] ->
-	    equiv(Es);    % no description at all if no equiv
-	ShortDesc ->
-	    ShortDesc
-    end.
-
-seealso_module(Es) ->
-    case get_elem(see, Es) of
-	[] -> [];
-	Es1 ->
-	    {section,[{title,["See also"]},{p,seq(fun see/1, Es1, [])}]}
-    end.
-seealso_function(Es) ->
-    case get_elem(see, Es) of
-	[] -> [];
-	Es1 ->
-	    [{p, [{em, ["See also:"]}, " "] ++ seq(fun see/1, Es1, ["."])},
-	     ?NL]
-    end.
-
-%% ELEMENT see PCDATA
-%% ATTLIST name PCDATA
-%%         href PCDATA
-see(#xmlElement{content=Es0} = E) ->
-    Href0 = get_attrval(href, E),
-    {Href, Es} = otp_xmlify_a_href(Href0, Es0),
-    [{seealso, [{marker, Href}], Es}].
-    
-equiv(Es) ->
-    case get_content(equiv, Es) of
-	[] -> ["\s"];
-	Es1 ->
-	    case get_content(expr, Es1) of
-		[] -> [];
-		[Expr] ->
-		    Expr1 = [Expr],
-		    Expr2 = case get_elem(see, Es1) of
-				[] ->
-				    {c,Expr1};
-				[E=#xmlElement{}] ->
- 				    case get_attrval(href, E) of
- 					"" ->
- 					    {c,Expr1};
- 					Ref ->
- 					    {seealso, [{marker, Ref}], Expr1}
- 				    end
-			    end,
-		    [{p, ["Equivalent to ", Expr2, "."]}, ?NL]
-	    end
-    end.
-
-authors(Es) ->
-    case get_elem(author, Es) of
-	[] ->
-	    [?NL,{aname,["\s"]},?NL,{email,["\s"]}];
-	Es1 ->
-	    [?NL|seq(fun author/1, Es1, "", [])]
-    end.
-
-author(E=#xmlElement{}) ->
-    Name = case get_attrval(name, E) of
-	       [] -> "\s";
-	       N -> N
-	   end,
-    Mail = case get_attrval(email, E) of
-	       [] -> "\s";
-	       M -> M
-	   end,
-    [?NL,{aname,[Name]},?NL,{email,[Mail]}].
-
-t_name([E]) ->
-    N = get_attrval(name, E),
-    case get_attrval(module, E) of
-	"" -> N;
-	M ->
-	    S = M ++ ":" ++ N,
-	    case get_attrval(app, E) of
-		"" -> S;
-		A -> "//" ++ A ++ "/" ++ S
-	    end
-    end.
-
-t_utype([E]) ->
-    t_utype_elem(E).
-
-t_utype_elem(E=#xmlElement{content = Es}) ->
-    case get_attrval(name, E) of
-	"" -> t_type(Es);
-	Name ->
-	    T = t_type(Es),
-	    case T of
-		[Name] -> T;    % avoid generating "Foo::Foo"
-		T -> [Name] ++ ["::"] ++ T
-	    end
-    end.
-
-t_type([E=#xmlElement{name = typevar}]) ->
-    t_var(E);
-t_type([E=#xmlElement{name = atom}]) ->
-    t_atom(E);
-t_type([E=#xmlElement{name = integer}]) ->
-    t_integer(E);
-t_type([E=#xmlElement{name = float}]) ->
-    t_float(E);
-t_type([#xmlElement{name = nil}]) ->
-    t_nil();
-t_type([#xmlElement{name = list, content = Es}]) ->
-    t_list(Es);
-t_type([#xmlElement{name = tuple, content = Es}]) ->
-    t_tuple(Es);
-t_type([#xmlElement{name = 'fun', content = Es}]) ->
-    t_fun(Es);
-t_type([#xmlElement{name = abstype, content = Es}]) ->
-    t_abstype(Es);
-t_type([#xmlElement{name = union, content = Es}]) ->
-    t_union(Es);
-t_type([#xmlElement{name = record, content = Es}]) ->
-    t_record(Es).
-
-t_var(E) ->
-    [get_attrval(name, E)].
-
-t_atom(E) ->
-    [get_attrval(value, E)].
-
-t_integer(E) ->
-    [get_attrval(value, E)].
-
-t_float(E) ->
-    [get_attrval(value, E)].
-
-t_nil() ->
-    ["[]"].
-
-t_list(Es) ->
-    ["["] ++ t_utype(get_elem(type, Es)) ++ ["]"].
-
-t_tuple(Es) ->
-    ["{"] ++ seq(fun t_utype_elem/1, Es, ["}"]).
-
-t_fun(Es) ->
-    ["("] ++ seq(fun t_utype_elem/1, get_content(argtypes, Es),
-		 [") -> "] ++ t_utype(get_elem(type, Es))).
-
-t_record([E|Es]) ->
-    ["#", get_attrval(value, E), "{"++ seq(fun t_field/1, Es) ++"}"].
-t_field(#xmlElement{name=field, content=[Atom,Type]}) ->
-    [get_attrval(value, Atom), "="] ++ t_utype_elem(Type).
-
-t_abstype(Es) ->
-    case split_at_colon(t_name(get_elem(erlangName, Es)),[]) of
-	{Mod,Type} -> 
-	    [Type, "("] ++ 
-		seq(fun t_utype_elem/1, get_elem(type, Es), [")"]) ++ 
-		[" (see module ", Mod, ")"];
-	Type ->
-	    [Type, "("] ++ 
-		seq(fun t_utype_elem/1, get_elem(type, Es), [")"])
-    end.
-
-%% Split at one colon, but not at two (or more)
-split_at_colon([$:,$:|_]=Rest,Acc) ->
-    lists:reverse(Acc)++Rest;
-split_at_colon([$:|Type],Acc) ->
-    {lists:reverse(Acc),Type};
-split_at_colon([Char|Rest],Acc) ->
-    split_at_colon(Rest,[Char|Acc]);
-split_at_colon([],Acc) ->
-    lists:reverse(Acc).
-
-t_union(Es) ->
-    seq(fun t_utype_elem/1, Es, " | ", []).
-
-%% seq(Fun, Es)
-%% seq(Fun, Es, Tail)
-%% seq(Fun, Es, Sep, Tail) -> [string()]
-%%   Fun = function(E) -> [string()]
-%%   Sep = string()
-%%   Tail = [string()]
-%% Applies Fun to each element E in Es and return the appended list of
-%% strings, separated by Sep which defaults to ", " and ended by Tail
-%% which defaults to [].
-seq(Fun, Es) ->
-    seq(Fun, Es, []).
-seq(Fun, Es, Tail) ->
-    seq(Fun, Es, ", ", Tail).
-seq(Fun, [E], _Sep, Tail) ->
-    Fun(E) ++ Tail;
-seq(Fun, [E | Es], Sep, Tail) ->
-    Fun(E) ++ [Sep] ++ seq(Fun, Es, Sep, Tail);
-seq(_Fun, [], _Sep, Tail) ->
-    Tail.
-
-%%--Misc functions for accessing fields etc-----------------------------
-
-%% Type definitions used below:
-%%   E = #xmlElement{} | #xmlText{}
-%%   Es = [E]
-%%   Tag = atom(), XHTML tag
-%%   Name = atom(), XHTML attribute name
-%%   Attrs = [#xmlAttribute{}]
-%%   Ts = [#xmlText{}]
-
-%% parent(E) -> module | overview
-parent(E) ->
-    Parents = E#xmlElement.parents,
-    {Parent,_} = lists:last(Parents),
-    Parent.
-
-%% get_elem(Tag, Es1) -> Es2
-%% Returns a list of all elements in Es which have the name Tag.
-get_elem(Name, [#xmlElement{name = Name} = E | Es]) ->
-    [E | get_elem(Name, Es)];
-get_elem(Name, [_ | Es]) ->
-    get_elem(Name, Es);
-get_elem(_, []) ->
-    [].
-
-%% get_attr(Name, Attrs1) -> Attrs2
-%% Returns a list of all attributes in Attrs1 which have the name Name.
-get_attr(Name, [#xmlAttribute{name = Name} = A | As]) ->
-    [A | get_attr(Name, As)];
-get_attr(Name, [_ | As]) ->
-    get_attr(Name, As);
-get_attr(_, []) ->
-    [].
-
-%% get_attrval(Name, E) -> string()
-%% If E has one attribute with name Name, return its value, otherwise ""
-get_attrval(Name, #xmlElement{attributes = As}) ->
-    case get_attr(Name, As) of
-	[#xmlAttribute{value = V}] ->
-	    V;
-	[] -> ""
-    end.
-
-%% get_content(Tag, Es1) -> Es2
-%% If there is one element in Es1 with name Tag, returns its contents,
-%% otherwise []
-get_content(Name, Es) ->
-    case get_elem(Name, Es) of
-	[#xmlElement{content = Es1}] ->
-	    Es1;
-	[] -> []
-    end.
-
-%% get_text(Tag, Es) -> string()
-%% If there is one element in Es with name Tag, and its content is 
-%% a single xmlText, return the value of this xmlText.
-%% Otherwise return "".
-get_text(Name, Es) ->
-    case get_content(Name, Es) of
-	[#xmlText{value = Text}] ->
-	    Text;
-	[] -> ""
-    end.
-
-%% get_text(E) -> string()
-%% Return the value of an single xmlText which is the content of E,
-%% possibly recursively.
-get_text(#xmlElement{content=[#xmlText{value=Text}]}) ->
-    Text;
-get_text(#xmlElement{content=[E]}) ->
-    get_text(E).
-
-%% text_only(Es) -> Ts
-%% Takes a list of xmlElement and xmlText and return a lists of xmlText.
-text_only([#xmlElement{content = Content}|Es]) ->
-    text_only(Content) ++ text_only(Es);
-text_only([#xmlText{} = E |Es]) ->
-    [E | text_only(Es)];
-text_only([]) ->
-    [].
diff --git a/lib/docbuilder/src/docb_gen.erl b/lib/docbuilder/src/docb_gen.erl
deleted file mode 100644
index 75494314f1..0000000000
--- a/lib/docbuilder/src/docb_gen.erl
+++ /dev/null
@@ -1,142 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_gen).
-
--export([module/1, module/2, users_guide/1, users_guide/2]).
--deprecated([{module,1,next_major_release},
-	     {module,2,next_major_release},
-	     {users_guide,1,next_major_release},
-	     {users_guide,2,next_major_release}]).
-
--record(args, {suffix=".xml",
-	       layout=docb_edoc_xml_cb,
-	       def=[],
-	       includes=[],
-	       preprocess=false,
-	       sort_functions=true}).
-
-%% module(File) -> ok | {error, Reason}
-%% module(File, Opts) -> ok | {error, Reason}
-%%   File = string(), file name with or without ".erl" extension
-%%   Opts -- see code
-%%   Reason = badfile | {badopt, Term}
-module(File0) ->
-    module(File0, []).
-module(File0, RawOpts) ->
-    File = case filename:extension(File0) of
-	       ".erl" -> File0;
-	       _ -> File0++".erl"
-	   end,
-    case filelib:is_regular(File) of
-	true ->
-	    case parse(RawOpts, #args{}) of
-		{ok, Args} ->
-		    Opts = [{def,         Args#args.def},
-			    {includes,    Args#args.includes},
-			    {preprocess,  Args#args.preprocess},
-			    {sort_functions, Args#args.sort_functions},
-
-			    {app_default, "OTPROOT"},
-			    {file_suffix, Args#args.suffix},
-			    {dir,         "."},
-			    {layout,      Args#args.layout}],
-		    edoc:file(File, Opts);
-		Error ->
-		    Error
-	    end;
-	false ->
-	    {error, badfile}
-    end.
-
-%% users_guide(File) -> ok | {error, Reason}
-%% users_guide(File, Opts) -> ok | {error, Reason}
-%%   File = string()
-%%   Opts -- see code
-%%   Reason = badfile | {badopt, Opt}
-users_guide(File) ->
-    users_guide(File, []).
-users_guide(File, RawOpts) ->
-    case filelib:is_regular(File) of
-	true ->
-	    case parse(RawOpts, #args{}) of
-		{ok, Args} ->
-		    Opts = [{def,         Args#args.def},
-			    {app_default, "OTPROOT"},
-			    {file_suffix, Args#args.suffix},
-			    {layout,      Args#args.layout}],
-
-		    Env = edoc_lib:get_doc_env(Opts),
-
-		    {ok, Tags} =
-			edoc_extract:file(File, overview, Env, Opts),
-		    Data =
-			edoc_data:overview("Overview", Tags, Env, Opts),
-		    F = fun(M) -> M:overview(Data, Opts) end,
-		    Text = edoc_lib:run_layout(F, Opts),
-
-		    OutFile = "chapter" ++ Args#args.suffix,
-		    edoc_lib:write_file(Text, ".", OutFile);
-		Error ->
-		    Error
-	    end;
-	false ->
-	    {error, badfile}
-    end.
-
-parse([{output,xml} | RawOpts], Args) ->
-    parse(RawOpts, Args); % default, no update of record necessary
-parse([{output,sgml} | RawOpts], Args) ->
-    parse(RawOpts, Args#args{suffix=".sgml", layout=docb_edoc_sgml_cb});
-parse([{def,Defs} | RawOpts], Args) ->
-    case parse_defs(Defs) of
-	true ->
-	    Args2 = Args#args{def=Args#args.def++Defs},
-	    parse(RawOpts, Args2);
-	false ->
-	    {error, {badopt, {def,Defs}}}
-    end;
-parse([{includes,Dirs} | RawOpts], Args) ->
-    case parse_includes(Dirs) of
-	true ->
-	    Args2 = Args#args{includes=Args#args.includes++Dirs},
-	    parse(RawOpts, Args2);
-	false ->
-	    {error, {badopt, {includes,Dirs}}}
-    end;
-parse([{preprocess,Bool} | RawOpts], Args) when Bool==true;
-						Bool==false ->
-    parse(RawOpts, Args#args{preprocess=Bool});
-parse([{sort_functions,Bool} | RawOpts], Args) when Bool==true;
-						    Bool==false ->
-    parse(RawOpts, Args#args{sort_functions=Bool});
-parse([], Args) ->
-    {ok, Args};
-parse([Opt | _RawOpts], _Args) ->
-    {error, {badopt, Opt}}.
-
-parse_defs(Defs) ->
-    lists:all(fun({Key,Val}) when is_atom(Key), is_list(Val) -> true;
-		 (_) -> false
-	      end,
-	      Defs).
-
-parse_includes(Dirs) ->
-    lists:all(fun(Dir) when is_list(Dir) -> true;
-		 (_) -> false
-	      end,
-	      Dirs).
diff --git a/lib/docbuilder/src/docb_html.erl b/lib/docbuilder/src/docb_html.erl
deleted file mode 100644
index bdfc5ea876..0000000000
--- a/lib/docbuilder/src/docb_html.erl
+++ /dev/null
@@ -1,393 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_html).
-
--export([rule/2, rule/3]).
-
-rule([p, item, list|_], {_, _, _}) ->
-    {"", "<br />\n"};
-rule([p, item, taglist|_], {_, _, _}) ->
-    {"", "<br />\n"};
-rule([p|_], _) ->
-    {"\n<p>", "\n</p>"};
-
-rule([pre|_], _) ->
-    {"\n<div class=\"example\"><pre>\n", "\n</pre></div>\n"};
-
-rule([input|_], _) ->
-    {"<strong>", "</strong>"};
-
-rule([quote|_], _) ->
-    {"\n<blockquote>\n", "\n</blockquote>\n"};
-
-rule([i|_], _) ->
-    {"<em>", "</em>"};
-
-rule([b|_], _) ->
-    {"<strong>", "</strong>"};
-
-rule([c|_], _) ->
-    {"<span class=\"code\">", "</span>"};
-
-rule([em|_], _) ->
-    {"<strong>", "</strong>"};
-
-rule([sub|_], _) ->
-    {"<sub>", "</sub>"};
-
-rule([sup|_], _) ->
-    {"<sup>", "</sup>"};
-
-rule([termdef|_], _) ->
-    {drop, ""};
-
-rule([citedef|_], _) ->
-    {drop, ""};
-
-rule([br|_], _) ->
-    {"<br />\n", ""};
-
-rule([digression|_], _) ->
-    {"<table>\n"
-     "  <tr>\n"
-     "    <td width=\"23\"></td>\n"
-     "    <td>\n"
-     "      <font size=\"-1\">\n",
-     "      </font>\n"
-     "    </td>\n"
-     "  </tr>\n"
-     "</table>\n"};
-
-rule([list, item, list|_], {_, ["ORDERED"], _}) ->
-    {"\n<ol>\n", "\n</ol>\n"};
-rule([list, item, taglist|_], {_, ["ORDERED"], _}) ->
-    {"\n<ol>\n", "\n</ol>\n"};
-rule([list|_], {_, ["ORDERED"], _}) ->
-    {"\n<ol>\n", "\n</ol>\n"};
-rule([list, item, list|_], {_, ["BULLETED"], _}) ->
-    {"\n<ul>\n", "\n</ul>\n"};
-rule([list, item, taglist|_], {_, ["BULLETED"], _}) ->
-    {"\n<ul>\n", "\n</ul>\n"};
-rule([list|_], {_, ["BULLETED"], _}) ->
-    {"\n<ul>\n", "\n</ul>\n"};
-
-rule([taglist, item, taglist|_], _) ->
-    {"\n<dl>\n", "\n</dl>\n"};
-rule([taglist, item, list|_], _) ->
-    {"\n<dl>\n", "\n</dl>\n"};
-rule([taglist|_], _) ->
-    {"\n<dl>\n", "\n</dl>\n"};
-
-rule([tag|_], _) ->
-    {"\n<dt>\n", "\n</dt>\n"};
-
-rule([item, list|_], _) ->
-    {"\n<li>\n", "\n</li>\n\n"};
-rule([item, taglist|_], _) ->
-    {"\n<dd>\n", "\n</dd>\n"};
-
-rule([image|_], {_, [File], _}) ->
-    File2 = 
-	case filename:extension(File) of
-	    [] -> File ++ ".gif";
-	    _ -> File
-	end,
-    {["\n<center>\n", "<img alt=\"", File2, "\" src=\"", File2,
-      "\"/><br/>\n"],
-     "\n</center>\n"};
-
-rule([icaption|_], _) ->
-    {"<em>", "</em>\n"};
-
-rule([url|_], {_, [HREF], _}) ->
-    URI = docb_html_util:make_uri(HREF),
-    {io_lib:format("<a target=\"_top\" href=\"~s\">", [URI]), "</a>"};
-
-rule([marker|_], {_, [ID], _})   ->
-    %% remove all chars before first # including the #
-    {ok, NewID, _} = regexp:sub(ID, "^[^#]*#", ""), 
-    %% replace "/" with "-" because "/" xhtml does not
-    %% allow "/" in the name attribute of element <a>
-    %% so we have to do the same as for marker i.e
-    %% Function/Arity is translated to an anchor in xhtml
-    %% like this : <a name="Function-Arity"/>
-    NewID2 = [case X of $/ -> $-;_->X end||X <- NewID], 
-    {drop, ["<a name=\"", NewID2, "\"><!-- Empty --></a>"]};
-
-rule([table|_], {_, ["", ""], Ts}) ->
-    {newargs,
-     "\n<center>\n"
-     "<table cellspacing=\"0\" cellpadding=\"2\" border=\"1\">\n",
-     reorder_table(Ts),
-     "\n</table>\n"
-     "</center>\n"};
-rule([table|_], {_, [Width, ""], Ts}) ->
-    {newargs,
-     ["\n<center>\n"
-      "<table cellspacing=\"0\" cellpadding=\"2\" border=\"1\" ",
-      "width=\"", Width, "%\">\n"],
-     reorder_table(Ts),
-     "\n</table>\n"
-     "</center>\n"};
-
-%% The clauses above are for the report DTD. This one is for the other
-%% DTDs.
-rule([table|_], {_, ["LEFT"], Ts}) ->
-    {newargs,
-     "\n"
-     "<table cellspacing=\"0\" cellpadding=\"2\" border=\"1\">\n",
-     reorder_table(Ts),
-     "\n</table>\n"};
-
-rule([table|_], {_, _, Ts}) ->
-    {newargs,
-     "\n<center>\n"
-     "<table cellspacing=\"0\" cellpadding=\"2\" border=\"1\">\n",
-     reorder_table(Ts),
-     "\n</table>\n"
-     "</center>\n"};
-
-rule([row|_], _)   ->
-    {"  <tr>\n", "\n  </tr>\n"};
-
-rule([cell|_], {_, ["", ""], _})   ->
-    {"    <td>\n", "\n    </td>\n"};
-rule([cell|_], {_, [Align, ""], _})   ->
-    {["    <td align=\"", string:to_lower(Align), "\">\n"], "\n    </td>\n"};
-rule([cell|_], {_, ["", VAlign], _})   ->
-    {["    <td valign=\"", string:to_lower(VAlign), "\">\n"], "\n    </td>\n"};
-rule([cell|_], {_, [Align, VAlign], _})   ->
-    {["    <td align=\"", string:to_lower(Align), "\" valign=\"", string:to_lower(VAlign), "\">\n"],
-     "\n    </td>\n"};
-
-rule([tcaption|_], _)   ->
-    {"  <caption align=\"bottom\"><em>", "</em></caption>\n"};
-
-rule([codeinclude|_], {_, [File, Tag, _Type], _}) ->
-%% Type can be "ERL", "C" or "NONE"
-    {ok,Data} = docb_html_util:code_include(File, Tag),
-    {drop, ["\n<div class=\"example\"><pre>\n", Data,
-	     "\n</pre></div>\n"]};
-
-rule([erleval|_], {_, [Expr], _}) ->
-    docb_html_util:erl_eval(Expr);
-
-rule([pcdata, pre|_], {_, _, Data}) ->
-    %% Do not remove leading spaces.
-    {drop, docb_html_util:pcdata_to_html(Data, false)};
-
-rule([pcdata|_], {_, _, Data}) ->
-    {drop, docb_html_util:pcdata_to_html(Data)}.
-
-rule([seealso|_], {_, [Marker], _}, Opts) ->
-    Href =
-	case docb_util:html_snippet(seealso, Marker, Opts) of
-	    "" ->
-		%% DocBuilder default behavior:
-		%% Marker is of format "Path#Fragment", both optional.
-		%% Translated to <A HREF="Path.html#Fragment">
-		case string:chr(Marker, $#) of
-		    0 -> % No Fragment
-			Marker++".html";
-		    1 -> % No Path
-			%% replace "/" with "-" because "/" xhtml does not
-			%% allow "/" in the name attribute of element <a>
-			%% so we have to do the same as for marker i.e
-			%% Function/Arity is translated to an anchor in xhtml
-			%% like this : <a name="Function-Arity"/>
-			[case X of $/ -> $-;_->X end||X <- Marker]; 
-		    _ ->
-			Marker1 = [case X of $/ -> $-;_->X end||X <- Marker], 
-			case string:tokens(Marker1, "#") of
-			    [Path] -> % # at end, remove it
-				Path++".html";
-			    [Path | Frag0] ->
-				Path++".html#"++
-				    docb_util:join(Frag0, "#")
-			end
-		end;
-	    Href0 ->
-		%% User defined behavior, use result as-is
-		Href0
-	end,
-    {{["<a href=\"", Href, "\">"], "</a>"}, Opts};
-
-rule([warning|_], _, Opts) ->
-    docb_html_util:copy_pics("warning.gif", "warning.gif", Opts),
-    {{"\n<div class=\"warning\">\n"
-      "<div class=\"label\">Warning</div>\n"
-      "<div class=\"content\">\n",
-      "\n</div>"
-      "\n</div>\n"}, Opts};
-
-rule([note|_], _, Opts) ->
-    docb_html_util:copy_pics("note.gif", "note.gif", Opts),
-    {{"\n<div class=\"note\">\n"
-      "<div class=\"label\">Note</div>\n"
-      "<div class=\"content\">",
-      "\n</div>"
-      "\n</div>\n"}, Opts};
-
-rule([path|_], {_, [UNIX, Windows], [{pcdata, _, Text}]}, Opts) ->
-    UnixPart =
-	docb_util:an_option({ptype,"unix"}, Opts) and (UNIX/=""),
-    WinPart =
-	docb_util:an_option({ptype,"windows"}, Opts) and (Windows/=""),
-    if
-	UnixPart, WinPart ->
-	    {{drop, [docb_html_util:pcdata_to_html(Text),
-		     " <font size=\"-2\">(<code>UNIX: ", 
-		     docb_html_util:attribute_cdata_to_html(UNIX),
-		     ", ",
-		     "Windows: ",
-		     docb_html_util:attribute_cdata_to_html(Windows),
-		     "</code>)</font>"]},
-	     Opts};
-	UnixPart ->
-	    {{drop, [docb_html_util:pcdata_to_html(Text),
-		     " <font size=\"-1\">(<code>UNIX: ",
-		     docb_html_util:attribute_cdata_to_html(UNIX),
-		     "</code>)</font>"]},
-	     Opts};
-	WinPart ->
-	    {{drop, [docb_html_util:pcdata_to_html(Text),
-		     " <font size=\"-1\">(<code>Windows: ",
-		     docb_html_util:attribute_cdata_to_html(Windows),
-		     "</code>)</font>"]},
-	     Opts};
-	true ->
-	    {{drop, docb_html_util:pcdata_to_html(Text)}, Opts}
-    end;
-
-rule([term|_], {_, [ID], _}, Opts) ->
-    case docb_util:an_option(dict, Opts) of
-	false ->
-	    case docb_util:lookup_option({defs, term}, Opts) of
-		false ->
-		    {{drop, ["<em><strong>",
-			    ID,
-			    "</strong></em> "]}, Opts};
-		TermList ->
-		    case lists:keyfind(ID, 1, TermList) of
-			false ->
-			    {{drop, ["<em><strong>", ID,
-				    "</strong></em> "]},
-			     Opts};
-			{ID, Name, _Description, _Resp} ->
-			    {{drop, ["<em><strong>", Name,
-				     "</strong></em> "]},
-			     Opts};
-			{ID, Name, _Description} ->
-			    {{drop, [ "<em><strong>", Name,
-				      "</strong></em> "]},
-			     Opts}
-		    end
-	    end;
-	true ->
-	    case docb_util:lookup_option({defs, term}, Opts) of
-		false ->
-		    {{drop, ["<em><strong>",  ID,
-			     "</strong></em> "]}, Opts};
-		TermList ->
-		    PartApplication =
-			docb_util:lookup_option(part_application, Opts),
-		    case lists:keyfind(ID, 1, TermList) of
-			false ->
-			    {{drop, ["<a href=\"", PartApplication,
-				    "_term.html#", ID, "\">", ID,
-				    "</a> "]}, Opts};
-			{ID, Name, _Description, _Resp} ->
-			    {{drop, ["<a href=\"", PartApplication,
-				    "_term.html#", ID, "\">", Name,
-				    "</a> "]}, Opts};
-			{ID, Name, _Description} ->
-			    {{drop, ["<a href=\"", PartApplication,
-				    "_term.html#", ID, "\">", Name,
-				    "</a> "]}, Opts}
-		    end
-	    end
-    end;
-
-rule([cite|_], {_, [ID], _}, Opts) ->
-    case docb_util:an_option(dict, Opts) of
-	false ->
-	    case docb_util:lookup_option({defs, cite}, Opts) of
-		false ->
-		    {{drop, ["<em><strong>", ID, "</strong></em> "]},
-		     Opts};
-		CiteList ->
-		    case lists:keyfind(ID, 1, CiteList) of
-			false ->
-			    {{drop,
-			      ["<em><strong>", ID, "</strong></em> "]},
-			     Opts};
-			{ID, Name, _Description, _Resp} ->
-			    {{drop, ["<em><strong>", Name,
-				     "</strong></em> "]},
-			     Opts};
-			{ID, Name, _Description} ->
-			    {{drop, ["<em><strong>", Name,
-				     "</strong></em> "]},
-			     Opts}
-		    end
-	    end;
-	true ->
-	    case docb_util:lookup_option({defs, cite}, Opts) of
-		false ->
-		    {{drop, ["<em><strong>", ID, "</strong></em> "]},
-		     Opts};
-		CiteList ->
-		    PartApp =
-			docb_util:lookup_option(part_application, Opts),
-		    case lists:keyfind(ID, 1, CiteList) of
-			false ->
-			    {{drop, ["<a href=\"", PartApp,
-				     "_cite.html#", ID, "\">", ID,
-				     "</a> "]},
-			     Opts};
-			{ID, Name, _Description, _Resp} ->
-			    {{drop, ["<a href=\"", PartApp,
-				    "_cite.html#", ID, "\">", Name,
-				     "</a> "]},
-			     Opts};
-			{ID, Name, _Description} ->
-			    {{drop, ["<a href=\"", PartApp,
-				    "_cite.html#", ID, "\">", Name,
-				     "</a> "]},
-			     Opts}
-		    end
-	    end
-    end;
-
-rule([code|_], {_, [Type], [{pcdata, _, Code}]}, Opts) ->
-    case lists:member(Type, ["ERL","C","NONE"]) of
-	true ->
-	    {{drop, ["\n<div class=\"example\"><pre>\n", docb_html_util:element_cdata_to_html(Code),
-		     "\n</pre></div>\n"]}, Opts};
-	false ->
-	    exit({error,"unknown type of <code>"})
-    end.
-
-reorder_table(TableContent) ->
-    reorder_table(TableContent, [], []).
-reorder_table([], Caption, NewTableContent) ->
-    Caption ++ lists:reverse(NewTableContent);
-reorder_table([{tcaption,_,_} = Caption | TableContent], _, NewTableContent) ->
-    reorder_table(TableContent, [Caption], NewTableContent);
-reorder_table([Row | TableContent], Caption, NewTableContent) ->
-    reorder_table(TableContent, Caption, [Row | NewTableContent]).
diff --git a/lib/docbuilder/src/docb_html_layout.erl b/lib/docbuilder/src/docb_html_layout.erl
deleted file mode 100644
index dca80ac58e..0000000000
--- a/lib/docbuilder/src/docb_html_layout.erl
+++ /dev/null
@@ -1,380 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_html_layout). 
-
--export([report_top/2, report_bot/1,
-	 first_top/2, first_bot/1,
-	 ref_top/2, ref_bot/1,
-	 chapter_top/2, chapter_bot/1,
-	 application_toc_top/3, application_toc_top/4,
-	 part_toc_top/3, part_toc_top/4, part_toc_bot/0,
-	 index_top/1, index_bot/0]).
-
-%% Report
-
-report_top(Data, Opts) ->
-    [Title, Prepared, _Responsible, DocNo, _Approved, _Checked, _Date,
-     Vsn0, _File] = Data,
-    html_header(Title, Opts) ++
-    docb_util:html_snippet(top, Opts) ++
-"<center>
-<h1>" ++ Title ++ "</h1>
-<big>
-  " ++ DocNo ++ version(Opts, Vsn0) ++ "<br />
-  " ++ Prepared ++ "<br />
-</big>
-</center>
-".
-
-report_bot(Opts) ->
-    docb_util:html_snippet(bottom, Opts) ++
-"</body>
-</html>
-".
-
-%% First
-
-first_top(Data, Opts) ->
-    [Title, _Prepared, _Responsible, DocNo, _Approved, _Checked, _Date,
-     Vsn0, _File] = Data,
-    html_header(Title, Opts) ++
-    docb_util:html_snippet(top, Opts) ++
-"<center>
-<h1>" ++ Title ++ "</h1>
-<big>" ++ DocNo ++ version(Opts, Vsn0) ++ "<br />
-</big>
-</center>
-".
-
-first_bot(Opts) ->
-    report_bot(Opts).
-
-%% Reference
-
-ref_top(Data, Opts) ->
-    [Title, _Prepared, _Responsible, _DocNo, _Approved, _Checked,
-     _Date, _Rev, _File] = Data,
-    ref_html_header(Title, Opts) ++
-"<!-- refpage -->\n" ++
-    docb_util:html_snippet(top, Opts) ++
-"<center>
-<h1>" ++ Title ++ "</h1>
-</center>".
-
-ref_bot(Opts) ->
-    docb_util:html_snippet(bottom, Opts) ++
-"</body>
-</html>
-".
-
-%% Chapter
-
-chapter_top(Data, Opts) ->
-    [Title, _Prepared, _Responsible, _DocNo, _Approved, _Checked,
-     _Date, _Rev, _File] = Data,
-    html_header(Title, Opts) ++
-    docb_util:html_snippet(top, Opts).
-
-chapter_bot(Opts) ->
-    report_bot(Opts).
-
-%% Application ToC
-
-application_toc_top(Data, DocName, Opts) ->
-    [Title, _Prepared, _Responsible, DocNo, _Approved, _Checked,
-     _Date, Vsn0, _File] = Data,
-    html_header(Title, []) ++
-"<center>
-<strong>" ++ Title ++ "</strong>
-<p>
-<small>
-  " ++ DocNo ++ version(Opts, Vsn0) ++ "
-</small>
-</p>
-<p>
-<small>
-  <a target=\"document\" href=\"" ++ DocName ++	"_cite.html\">Bibliography</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_term.html\">Glossary</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_index.html\">Index</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_first.html\">Cover</a>" ++ top_index(Opts) ++
-"</small>
-</p>
-</center>
-<p>
-<small>
-<strong>Table of Contents</strong>
-</small>
-</p>
-".
-
-application_toc_top(Data, DocName, Opts, HRefTexts) ->
-    [Title, _Prepared, _Responsible, DocNo, _Approved, _Checked,
-     _Date, Vsn0, _File] = Data,
-    html_header(Title, []) ++
-"<center>
-<small>
-" ++
-	docb_util:join(
-	  lists:map(
-	    fun({HRef, Text}) ->
-		    "<a target=\"_top\" href=\"" ++ HRef ++ "\">" ++
-			Text ++ "</a>"
-	    end,
-	    HRefTexts), " | ") ++ top_index(Opts) ++
-"</small>
-<p>
-<strong>" ++ Title ++ "</strong>
-</p>
-<p>
-<small>" ++ DocNo ++ version(Opts, Vsn0) ++ "<br />
-</small>
-</p>
-<p>
-<small>
-  <a target=\"document\" href=\"" ++ DocName ++ "_cite.html\">Bibliography</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_term.html\">Glossary</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_index.html\">Index</a> |
-  <a target=\"document\" href=\"" ++ DocName ++	"_first.html\">Cover</a>
-</small>
-</p>
-</center>
-<p>
-<small>
-<strong>Table of Contents</strong>
-</small>
-</p>
-".
-
-%% Part ToC
-
-part_toc_top(Data, DocName, Opts) ->
-    [Title, _Prepared, _Responsible, DocNo, _Approved, _Checked,
-     _Date, Vsn0, _File] = Data,
-    html_header(Title, []) ++
-"<center>
-<p>
-<strong>" ++ Title ++ "</strong>
-</p>
-<p>
-<small>" ++ DocNo ++ version(Opts, Vsn0) ++ "<br />
-</small>
-</p>
-<p>
-<small>
-  <a target=\"document\" href=\"" ++ DocName ++	"_cite.html\">Bibliography</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_term.html\">Glossary</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_first.html\">Cover</a>" ++
-	top_index(Opts) ++
-"</small>
-</p>
-</center>
-<p>
-<small>
-<strong>Table of Contents</strong>
-</small>
-</p>
-".
-
-part_toc_top(Data, DocName, Opts, HRefTexts) ->
-    [Title, _Prepared, _Responsible, DocNo, _Approved, _Checked,
-     _Date, Vsn0, _File] = Data,
-    html_header(Title, []) ++
-"<center>
-<p>
-<small>
-" ++
-	docb_util:join(
-	  lists:map(
-	    fun({HRef, Text}) ->
-		    "<a target=\"_top\" href=\"" ++ HRef ++ "\">" ++
-			Text ++ "</a>"
-	    end,
-	    HRefTexts), " | ") ++ top_index(Opts) ++
-"</small>
-</p>
-<p>
-<strong>" ++ Title ++ "</strong>
-</p>
-<p>
-<small>
-  " ++ DocNo ++ version(Opts, Vsn0) ++ "<br />
-</small>
-</p>
-<p>
-<small>
-  <a target=\"document\" href=\"" ++ DocName ++ "_cite.html\">Bibliography</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_term.html\">Glossary</a> |
-  <a target=\"document\" href=\"" ++ DocName ++ "_first.html\">Cover</a>
-</small>
-</p>
-</center>
-<p>
-<small>
-<strong>Table of Contents</strong>
-</small>
-</p>
-".
-
-part_toc_bot() ->
-"</body >
-</html>
-".
-
-%% Index
-
-index_top(_Data) ->
-    ref_html_header("INDEX", []) ++
-"<h1>INDEX</h1>
-<p><em>Emphasized</em> index entries refer to <em>modules</em>
-and <code>Courier</code> ditos to <code>functions</code>.\n</p>\n".
-
-index_bot() ->
-    part_toc_bot().
-
-%% Internal functions
-
-html_header(Title, Opts) ->
-    Vsn = docb_util:version(),
-%%"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
-"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
-   \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
-<!-- This document was generated using DocBuilder-" ++ Vsn ++ " -->
-<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
-<head>
-  <title>" ++ Title ++ "</title>
-  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"/>
-  " ++ docb_util:html_snippet(head, Opts) ++ "
-  <style type=\"text/css\">
-<!--
-    body          { font-family: Verdana, Arial, Helvetica, sans-serif }
-    span.bold_code        { font-family: courier;font-weight: bold}
-    span.code        { font-family: courier;font-weight: normal}
-
-.note, .warning {
-  border: solid black 1px;
-  margin: 1em 3em;
-}
-
-.note .label {
-  background: #30d42a;
-  color: white;
-  font-weight: bold;
-  padding: 5px 10px;
-}
-.note .content {
-  background: #eafeea;
-  color: black;
-  line-height: 120%;
-  font-size: 90%;
-  padding: 5px 10px;
-}
-.warning .label {
-  background: #C00;
-  color: white;
-  font-weight: bold;
-  padding: 5px 10px;
-}
-.warning .content {
-  background: #FFF0F0;
-  color: black;
-  line-height: 120%;
-  font-size: 90%;
-  padding: 5px 10px;
-}
-
-    .example     { background-color:#eeeeff } 
-    pre          { font-family: courier; font-weight: normal }
-    .REFBODY     { margin-left: 13mm }
-    .REFTYPES    { margin-left: 8mm }
--->
-  </style>
-</head>
-<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\" vlink=\"#FF00FF\" alink=\"#FF0000\">
-".
-
-ref_html_header(Title, Opts) ->
-    Vsn = docb_util:version(),
-%%"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
-"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
-   \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
-<!-- This document was generated using DocBuilder-" ++ Vsn ++ " -->
-<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
-<head>
-  <title>" ++ Title ++ "</title>
-  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"/>
-  " ++ docb_util:html_snippet(head, Opts) ++ "
-  <style type=\"text/css\">
-<!--
-    body          { font-family: Verdana, Arial, Helvetica, sans-serif }
-    span.bold_code        { font-family: courier;font-weight: bold}
-    span.code        { font-family: courier;font-weight: normal}
-
-.note, .warning {
-  border: solid black 1px;
-  margin: 1em 3em;
-}
-
-.note .label {
-  background: #30d42a;
-  color: white;
-  font-weight: bold;
-  padding: 5px 10px;
-}
-.note .content {
-  background: #eafeea;
-  color: black;
-  line-height: 120%;
-  font-size: 90%;
-  padding: 5px 10px;
-}
-.warning .label {
-  background: #C00;
-  color: white;
-  font-weight: bold;
-  padding: 5px 10px;
-}
-.warning .content {
-  background: #FFF0F0;
-  color: black;
-  line-height: 120%;
-  font-size: 90%;
-  padding: 5px 10px;
-}
-
-    .example     { background-color:#eeeeff } 
-    pre          { font-family: courier; font-weight: normal }
-    .REFBODY     { margin-left: 13mm }
-    .REFTYPES    { margin-left: 8mm }
--->
-  </style>
-</head>
-<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\" vlink=\"#FF00FF\" alink=\"#FF0000\">
-".
-
-version(Opts, Vsn0) ->
-    case docb_util:lookup_option(vsn, Opts, Vsn0) of
-	"" -> "";
-	Vsn -> " Version " ++ Vsn
-    end.
-
-top_index(Opts) ->
-    case docb_util:lookup_option(top, Opts) of
-	false -> "";
-	TIFile ->
-	    " | <a target=\"_top\" href=\"" ++ TIFile ++ "\">Top</a>"
-    end.
diff --git a/lib/docbuilder/src/docb_html_ref.erl b/lib/docbuilder/src/docb_html_ref.erl
deleted file mode 100644
index c5c166f1ae..0000000000
--- a/lib/docbuilder/src/docb_html_ref.erl
+++ /dev/null
@@ -1,79 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_html_ref).
-
--export([rule/2, rule/3]).
-
-rule([description|_],_) ->
-    {"\n<h3>DESCRIPTION</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule([funcs|_],_) ->
-    {"\n<h3>EXPORTS</h3>\n",""};
-
-rule([func|_],_) ->
-    {"\n<p>",""};
-
-rule([name, func, funcs, RefType|_], {_,_,[{pcdata,[],Name0}]}) ->
-    Name1 = docb_html_util:make_anchor_name_short(Name0, RefType),
-    {"<a name=\"" ++ Name1 ++ "\"><span class=\"bold_code\">",
-     "</span></a><br/>\n"};
-
-rule([fsummary|_],_) ->
-    {drop, "\n</p>\n"};
-
-rule([type|_], _) ->
-    {"\n<div class=\"REFBODY\"><p>Types:</p>\n  <div class=\"REFTYPES\">\n<p>\n",
-     "\n </p> </div>\n</div>\n"};
-
-rule([v|_], _) ->
-    {"<span class=\"bold_code\">","</span><br/>\n"};
-
-rule([d|_], _) ->
-    {"\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule([desc|_], _) ->
-    {"\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule([authors|_], _) -> 
-    {"\n<h3>AUTHORS</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule([aname|_], _) ->
-    {"", " - "};
-
-rule([section|_], {1,_,_}) ->
-    {"", ""};
-rule([section|_], {_N,_,_}) ->
-    {"", "\n</div>\n"};
-
-rule([title|_], _) ->
-    {"\n<h3>", "</h3>\n<div class=\"REFBODY\">\n"};
-
-rule(TagHistory, TagBody) ->
-    docb_html:rule(TagHistory, TagBody).
-
-rule([email|_], _, Opts) ->
-    case docb_util:html_snippet(email, Opts) of
-	"" ->
-	    {{"","<br/>\n"}, Opts};
-	Email ->
-	    {{drop, Email++"<br/>\n"}, Opts}
-    end;
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html:rule(TagHistory, TagBody, Opts).
-
diff --git a/lib/docbuilder/src/docb_html_util.erl b/lib/docbuilder/src/docb_html_util.erl
deleted file mode 100644
index 02ce8b52a7..0000000000
--- a/lib/docbuilder/src/docb_html_util.erl
+++ /dev/null
@@ -1,542 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_html_util).
-
--export([attribute_cdata_to_html/1,
-	 element_cdata_to_html/1,
-	 pcdata_to_html/1, pcdata_to_html/2]).
--export([copy_pics/3]).
--export([extract_header_data/2, all_header_data/1]).
--export([make_uri/1,
-	 make_anchor_href/1, make_anchor_href_short/3,
-	 make_anchor_name_short/2,
-	 make_funcdef_short/2]).
--export([erl_include/2, code_include/2, erl_eval/1]).
--export([number/3, count_sections/1]).
--export([format_toc/1]).
--export([html_latin1_sort_order/1]).
-
-%%--Handle CDATA and PCDATA---------------------------------------------
-
-%% NB: Functions for transforming sgmls/XMerL data output to html.
-%%     Do not use these for included text files (cf code_include and
-%%     erl_include).
-
-attribute_cdata_to_html(Data) ->
-    data2html(Data, false).
-
-element_cdata_to_html(Data) ->
-    data2html(Data, false).
-
-pcdata_to_html(Data) ->
-    data2html(Data, true).
-
-pcdata_to_html(Data, RmSp) ->
-    data2html(Data, RmSp).
-
-%% PCDATA, CDATA: Replace entities, and optionally delete
-%% leading and multiple spaces. CDATA never contains entities to
-%% replace.
-
-%% data2html(Cs, RmSpace)
-data2html([246| Cs], RmSp) ->
-    [$&, $#, $2, $4, $6, $;| data2html(Cs, RmSp)];
-data2html([$>| Cs], RmSp) ->
-    [$&, $#, $6, $2, $;| data2html(Cs, RmSp)];
-data2html([$<| Cs], RmSp) ->
-    [$&, $#, $6, $0, $;| data2html(Cs, RmSp)];
-data2html([$&| Cs], RmSp) ->
-    [$&, $#, $3, $8, $;| data2html(Cs, RmSp)];
-data2html([$\"| Cs], RmSp) ->
-    [$&, $#, $3, $4, $;| data2html(Cs, RmSp)];
-data2html([$\n| Cs], RmSp) ->
-    data2html(Cs, RmSp);
-data2html([$\\, $n| Cs], false) ->
-    [$\n| data2html(Cs, false)];
-data2html([$\\, $n| Cs], true) ->
-    [$\n| data2html(delete_leading_space(Cs), true)];
-data2html([$ , $ | Cs], true) ->		% delete multiple space
-    [$ | data2html(delete_leading_space(Cs), true)];
-data2html([$\\, $|| Cs0], RmSp) ->
-    {Ent, Cs1} = collect_entity(Cs0),
-    [entity_to_html(Ent)|  data2html(Cs1, RmSp)];
-data2html([$\\, $0, $1, $2| Cs], RmSp) ->
-    data2html(Cs, RmSp);
-data2html([$\\, $\\, $n| Cs], RmSp) ->
-    [$\\, $n| data2html(Cs, RmSp)];
-data2html([$\\, O1, O2, O3| Cs], RmSp)
-  when O1 >= $0, O1 =< $7, O2 >= $0, O2 =< $7, O3 >= $0, O3 =< $7 ->
-    case octal2dec(O1, O2, O3) of
-	173 ->					% soft hyphen
-	    data2html(Cs, RmSp);
-	C when C > 31, C < 256 ->
-	    Ent = io_lib:format("&#~w;", [C]),
-	    [Ent|  data2html(Cs, RmSp)];
-	C ->
-	    [C| data2html(Cs, RmSp)]
-    end;
-data2html([$\\, $\\| Cs], RmSp) ->
-    [$\\| data2html(Cs, RmSp)];
-data2html([C| Cs], RmSp) ->
-    [C| data2html(Cs, RmSp)];
-data2html([], _) ->
-    [].
-
-delete_leading_space([$ | Cs]) ->
-    delete_leading_space(Cs);
-delete_leading_space(Cs) ->
-    Cs.
-
-collect_entity(Data) ->
-    collect_entity(Data, []).
-
-collect_entity([$\\, $|| Cs], Rs) ->
-    {lists:reverse(Rs), Cs};
-collect_entity([C| Cs], Rs) ->
-    collect_entity(Cs, [C| Rs]);
-collect_entity([], Rs) ->
-    {[], lists:reverse(Rs)}.
-
-entity_to_html("&") -> "&#38;";
-entity_to_html("\"") -> "&#34;";
-entity_to_html("<") -> "&#60;";
-entity_to_html(">") -> "&#62;";
-entity_to_html([$\\, O1, O2, O3])
-  when O1 >= $0, O1 =< $7, O2 >= $0, O2 =< $7, O3 >= $0, O3 =< $7 ->
-    case octal2dec(O1, O2, O3) of
-	173 ->					% soft hyphen
-	    "";
-	Value ->
-	    io_lib:format("&#~w;", [Value])
-    end;
-entity_to_html(Other) ->
-    docb_html_util_iso:entity_to_html(Other).
-
-octal2dec(O1, O2, O3) ->
-    (O1*8+O2)*8+O3-73*$0.
-
-%%--Copy images---------------------------------------------------------
-
-copy_pics(Src, Dest, Opts) ->
-    Dir = code:lib_dir(docbuilder),
-    InFile = filename:join([Dir, "etc", Src]),
-    OutFile = docb_util:outfile(Dest, "", Opts),
-    case filelib:last_modified(OutFile) of
-	0 -> % File doesn't exist
-	    file:copy(InFile, OutFile);
-
-	OutMod2 ->
-	    InMod1s = calendar:datetime_to_gregorian_seconds(
-			filelib:last_modified(InFile)),
-	    OutMod2s = calendar:datetime_to_gregorian_seconds(OutMod2),
-	    if
-		InMod1s > OutMod2s -> % InFile is newer than OutFile
-		    file:copy(InFile, OutFile);
-		true ->
-		    ok
-	    end
-    end.
-
-%%--Resolve header data-------------------------------------------------
-
-extract_header_data(Key, {header, [], List}) ->
-    case lists:keyfind(Key, 1, List) of
-	{Key, [], []} ->
-	    "";
-	{Key, [], [{pcdata, [], Value}]} ->
-	    pcdata_to_html(Value);
-	false ->
-	    ""
-    end.
-
-all_header_data(Header) ->
-    all_header_data(Header,
-		    [title, prepared, responsible, docno, approved,
-		     checked, date, rev, file]).
-
-all_header_data(_Header, []) ->
-    [];
-all_header_data(Header, [Key| Rest]) ->
-    [extract_header_data(Key, Header) | all_header_data(Header, Rest)].
-
-%%--Resolve hypertext references----------------------------------------
-
-%% URI regular expression (RFC 2396):
-%%    "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"
-%% We split it in five parts:
-%% scheme:	"^(([^:/?#]+):)?"	(includes trailing `:')
-%% authority:	"^(//([^/?#]*))?"	(includes leading `//')
-%% path:	"^([^?#]*)"
-%% query:	"^(\\?([^#]*))?"	(includes leading `?')
-%% fragment:	"^(#(.*))?"		(includes leading `#')
-
-make_uri(Cs) ->
-    lists:flatmap(
-      fun({path, S}) ->
-	      case regexp:match(S, "\.xml?\$") of
-		  {match, _, _} ->
-		      {ok, NS, _} = regexp:sub(S, "\.xml?\$", ".html"),
-		      NS;
-		  _  ->
-		      S
-	      end;
-	 ({_, S}) ->
-	      S
-      end,
-      split_uri(Cs)).
-
-split_uri(URI) ->
-    split_uri(URI, [{scheme, "^(([^:/?#]+):)?"},
-		    {authority, "^(//([^/?#]*))?"},
-		    {path, "^([^?#]*)"},
-		    {'query', "^(\\?([^#]*))?"},
-		    {fragment, "^(#(.*))?"}]).
-
-split_uri("", [{Tag, _R}| T]) ->
-    [{Tag, ""}| split_uri("", T)];
-split_uri(Cs0, [{Tag, R}| T]) ->
-    {match, 1, N} = regexp:match(Cs0, R),
-    Cs1 = string:substr(Cs0, 1, N),
-    Cs2 = strip_and_escape_uri_component(Tag, Cs1),
-    [{Tag, Cs2}| split_uri(string:substr(Cs0, N+1), T)];
-split_uri(_, []) ->
-    [].
-
-strip_and_escape_uri_component(authority, "//" ++ Cs) ->
-    "//" ++ escape_uri(string:strip(Cs));
-strip_and_escape_uri_component(path, Cs) ->
-    escape_uri(string:strip(Cs));
-strip_and_escape_uri_component('query', "?" ++ Cs) ->
-    "?" ++ escape_uri(string:strip(Cs));
-strip_and_escape_uri_component(fragment, "#" ++ Cs) ->
-    "#" ++ escape_uri(string:strip(Cs));
-strip_and_escape_uri_component(_, "") ->
-    "";
-strip_and_escape_uri_component(_, Cs) ->
-    escape_uri(string:strip(Cs)).
-
-escape_uri([C|Cs]) when C =< 32;
-                        C == $<; C == $<; C == $#; C == $%; C == $";
-                        C == $?;
-			C == ${; C == $}; C ==$|; C == $\\; C == $^;
-			C == $[; C == $]; C ==$';
-			C >= 127 ->
-    [$%, mk_hex(C div 16), mk_hex(C rem 16)| escape_uri(Cs)];
-escape_uri([C|Cs]) ->
-    [C|escape_uri(Cs)];
-escape_uri([]) ->
-    [].
-
-mk_hex(C) when C<10 ->
-    C + $0;
-mk_hex(C) ->
-    C - 10 + $a.
-
-make_anchor_href(HRef) ->
-    case regexp:split(HRef, "#") of
-	{ok, [HRef]} ->
-	    %% No `#' in HRef, i.e. only path
-	    make_anchor_href(HRef, "");
-	 {ok, [Path, Fragment]} ->
-	    make_anchor_href(Path, Fragment)
-    end.
-
-make_anchor_href(Path0, Frag0) ->
-    Frag1 = string:strip(Frag0),
-    Path1 = case Path0 of
-		"" ->
-		    "";
-		_  ->
-		    case regexp:match(Path0, "\.xml?\$") of
-			nomatch ->
-			    Path0 ++ ".html";
-			_ ->
-			    {ok, NewPath, _} = regexp:sub(Path0,
-							  "\.xml?\$",
-							  ".html"),
-			    NewPath
-		    end
-	    end,
-    case Frag1 of
-	"" ->
-	    attribute_cdata_to_html(Path1);
-	_ ->
-	    attribute_cdata_to_html(Path1) ++ 
-		"#" ++
-		attribute_cdata_to_html([case Ch of $/ -> $-; _ -> Ch end||
-					    Ch <-Frag1])
-    end.
-
-make_anchor_href_short(Path, Frag, RefType) ->
-    ShortFrag = make_funcdef_short(Frag, RefType,"-"),
-    make_anchor_href(Path, ShortFrag).
-
-make_anchor_name_short(FuncName0, RefType) ->
-    FuncName1 = make_funcdef_short(FuncName0, RefType,"-"),
-    attribute_cdata_to_html(FuncName1).
-
-make_funcdef_short(FuncDef0, RefType) ->
-    make_funcdef_short(FuncDef0, RefType, "/").
-
-make_funcdef_short(FuncDef0, RefType,Delimiter) ->
-    FuncDef1 = docb_util:trim(FuncDef0),
-    Any0 = case lists:member(RefType, [cref, erlref]) of
-	       true ->
-		   case catch docb_util:fknidx(FuncDef1, Delimiter) of
-		       {'EXIT', _} ->
-			   false;
-		       Any1  ->
-			   Any1
-		   end;
-	       false ->
-		   false
-	   end,
-    case Any0 of
-	false ->
-	    case string:tokens(FuncDef1, " ") of
-		[Any2| _] ->
-		    Any2;
-		_ ->
-		    FuncDef1
-	    end;
-	_ ->
-	    Any0
-    end.
-
-%%--Include tags--------------------------------------------------------
-
-%% Only used in report DTD
-erl_include(File, Tag) ->
-    case docb_main:include_file(File, Tag) of
-	{ok, Cs} ->
-	    {drop, "\n<pre>\n" ++ text_to_html(Cs) ++ "\n</pre>\n"};
-	error ->
-	    {drop, ""}
-    end.
-
-code_include(File, Tag) ->
-    case docb_main:include(File, Tag, Tag) of
-	{ok, Cs} ->
-	    {ok,text_to_html(Cs)};
-	error ->
-	    {error, {codeinclude,File}}
-    end.
-
-erl_eval(Expr) ->
-    Cs = docb_main:eval_str(Expr),
-    {drop, "\n<pre>\n" ++ text_to_html(Cs) ++ "\n</pre>\n"}.
-
-%% Only replaces certain characters. Spaces and new lines etc are kept.
-%% Used for plain text (e.g. inclusions of code).
-text_to_html([$>| Cs]) ->
-    [$&, $#, $6, $2, $;| text_to_html(Cs)];
-text_to_html([$<| Cs]) ->
-    [$&, $#, $6, $0, $;| text_to_html(Cs)];
-text_to_html([$&| Cs]) ->
-    [$&, $#, $3, $8, $;| text_to_html(Cs)];
-text_to_html([$\"| Cs]) ->
-    [$&, $#, $3, $4, $;| text_to_html(Cs)];
-text_to_html([C| Cs]) ->
-    [C| text_to_html(Cs)];
-text_to_html([]) ->
-    [].
-
-%%--Number sections-----------------------------------------------------
-
-number({Tag, Attrs, More}, none, File) ->
-    {Tag, Attrs, do_number(More, [1], File)};
-number({Tag, Attrs, More}, Prefix, File) ->
-    {Tag, Attrs, do_number(More, [list_to_integer(Prefix)], File)}.
-
-do_number([], _, _) ->
-    [];
-do_number([{header, Attrs, More}| Rest], NN, File) ->
-    [{header, Attrs, More}| do_number(Rest, NN, File)];
-do_number([{section, Attrs, More}| Rest], [N| NN], File) ->
-    [{section, Attrs, do_number(More, [1, N| NN], File)}|
-     do_number(Rest, [N+1| NN], File)];
-do_number([{title, _, [{pcdata, _, Title}]}| More], [N| NN], File) ->
-    Format = make_format(length(NN)),
-    Number = lists:flatten(io_lib:format(Format, lists:reverse(NN))),
-    [{marker, [{"ID", "CDATA", Number}], []},
-     {title, [{"NUMBER", "CDATA", Number},
-	      {"FILE", "CDATA", File}],
-      [{pcdata, [], Title}]}| do_number(More, [N| NN], File)];
-do_number([{pcdata, Attrs, More}| Rest], NN, File) ->
-    [{pcdata, Attrs, More}| do_number(Rest, NN, File)];
-do_number([{Tag, Attrs, More}| Rest], NN, File) ->
-    [{Tag, Attrs, do_number(More, NN, File)}|do_number(Rest, NN, File)].
-
-make_format(1) ->
-    "~w";
-make_format(N) ->
-    "~w." ++ make_format(N-1).
-
-count_sections([section| Rest]) ->
-    1 + count_sections(Rest);
-count_sections([_| Rest]) ->
-    count_sections(Rest);
-count_sections([]) ->
-    0.
-
-%%--Make a ToC----------------------------------------------------------
-
-format_toc(Toc) ->
-    [format_toc1(T) || T <- Toc].
-
-format_toc1({Number, Title}) ->
-    [Number, " <a href = \"#", Number, "\">", Title, "</a><br/>\n"].
-
-%%--Convert HTML ISO Latin 1 characters to ordinary characters----------
-
-%% To be used for sorting.  Cs must be flat.
-html_latin1_sort_order(Cs) ->
-    hlso(Cs).
-
-hlso([]) ->
-    [];
-hlso([$&, $#, C2, C1, C0, $;| Cs])
-  when $0 =< C2, C2 =< $9, $0 =< C1, C1 =< $9, $0 =< C0, C0 =< $9 ->
-    C = ((C2-$0)*10 + (C1-$0))*10 + C0-$0,
-    hlso0(C, Cs);
-hlso([$&, $#, C1, C0, $;| Cs])
-  when $0 =< C1, C1 =< $9, $0 =< C0, C0 =< $9 ->
-    C = (C1-$0)*10 + C0-$0,
-    hlso0(C, Cs);
-hlso([C| Cs]) ->
-    [C| hlso(Cs)].
-
-hlso0(C, Cs) when 0 =< C, C =< 159  ->
-    [C| hlso(Cs)];
-hlso0(160, Cs) ->  %% no-break space
-    hlso(Cs);					% Remove it.
-hlso0(161, Cs) ->  %% inverted exclamation mark
-    [$? |hlso(Cs)];
-hlso0(162, Cs) ->  %% cent sign
-    [$$|hlso(Cs)];
-hlso0(163, Cs) ->  %% pound sterling sign
-    [$$|hlso(Cs)];
-hlso0(164, Cs) ->  %% general currency sign
-    [$$|hlso(Cs)];
-hlso0(165, Cs) ->  %% yen sign
-    [$$|hlso(Cs)];
-hlso0(166, Cs) ->  %% broken (vertical) bar
-    [$| |hlso(Cs)];
-hlso0(167, Cs) ->  %% section sign
-    [$$|hlso(Cs)];
-hlso0(168, Cs) ->  %% umlaut (dieresis)
-    [$: |hlso(Cs)];
-hlso0(169, Cs) ->  %% copyright sign
-    [$c |hlso(Cs)];
-hlso0(170, Cs) ->  %% ordinal indicator, feminine
-    [$f |hlso(Cs)];
-hlso0(171, Cs) ->  %% angle quotation mark, left
-    [$" |hlso(Cs)];
-hlso0(172, Cs) ->  %% not sign
-    [$- |hlso(Cs)];
-hlso0(173, Cs) ->  %% soft hyphen
-    [$- |hlso(Cs)];
-hlso0(174, Cs) ->  %% registered sign
-    [$r |hlso(Cs)];
-hlso0(175, Cs) ->  %% macron
-    [$- |hlso(Cs)];
-hlso0(176, Cs) ->  %% degree sign
-    [$d |hlso(Cs)];
-hlso0(177, Cs) ->  %% plus-or-minus sign
-    [$+ |hlso(Cs)];
-hlso0(178, Cs) ->  %% superscript two
-    [$2 |hlso(Cs)];
-hlso0(179, Cs) ->  %% superscript three
-    [$3 |hlso(Cs)];
-hlso0(180, Cs) ->  %% acute accent
-    [$' |hlso(Cs)];
-hlso0(181, Cs) ->  %% micro sign
-    [$' |hlso(Cs)];
-hlso0(182, Cs) ->  %% pilcrow (paragraph sign)
-    [$$|hlso(Cs)];
-hlso0(183, Cs) ->  %% middle dot
-    [$. |hlso(Cs)];
-hlso0(184, Cs) ->  %% cedilla
-    [$c |hlso(Cs)];
-hlso0(185, Cs) ->  %% superscript one
-    [$1 |hlso(Cs)];
-hlso0(186, Cs) ->  %% ordinal indicator, masculine
-    [$m |hlso(Cs)];
-hlso0(187, Cs) ->  %% angle quotation mark, right
-    [$" |hlso(Cs)];
-hlso0(188, Cs) ->  %% fraction one-quarter
-    [$4 |hlso(Cs)];
-hlso0(189, Cs) ->  %% fraction one-half
-    [$2 |hlso(Cs)];
-hlso0(190, Cs) ->  %% fraction three-quarters
-    [$3 |hlso(Cs)];
-hlso0(191, Cs) ->  %% inverted question mark
-    [$? |hlso(Cs)];
-
-hlso0(C, Cs) when 192 =< C, C =< 198 -> %% capital A
-    [$A |hlso(Cs)];
-hlso0(199, Cs) ->  %% capital C, cedilla 
-    [$C |hlso(Cs)];
-hlso0(C, Cs) when 200 =< C, C =< 203 ->  %% capital E
-    [$E |hlso(Cs)];
-hlso0(C, Cs) when 204 =< C, C =< 207 -> %% capital I
-    [$I |hlso(Cs)];
-hlso0(208, Cs) ->  %% capital Eth, Icelandic
-    [$D |hlso(Cs)];
-hlso0(209, Cs) ->  %% capital N, tilde
-    [$N |hlso(Cs)];
-hlso0(C, Cs) when 210 =< C, C =< 214 -> %% capital O
-    [$O |hlso(Cs)];
-hlso0(215, Cs) ->  %% multiply sign
-    [$x |hlso(Cs)];
-hlso0(216, Cs) ->  %% capital O, slash
-    [$O |hlso(Cs)];
-hlso0(C, Cs) when 217 =< C, C =< 220 ->  %% capital U
-    [$U |hlso(Cs)];
-hlso0(221, Cs) ->  %% capital Y, acute accent
-    [$Y |hlso(Cs)];
-hlso0(222, Cs) ->  %% capital THORN, Icelandic
-    [$T |hlso(Cs)];
-hlso0(223, Cs) ->  %% small sharp s, German (sz
-    [$s |hlso(Cs)];
-hlso0(C, Cs) when 224 =< C, C =< 230->  %% small a
-    [$a |hlso(Cs)];
-hlso0(231, Cs) ->  %% small c, cedilla
-    [$c |hlso(Cs)];
-hlso0(C, Cs) when 232 =< C, C =< 235 ->  %% small e
-    [$e |hlso(Cs)];
-hlso0(C, Cs) when 236 =< C, C =< 239 ->  %% small i
-    [$i |hlso(Cs)];
-hlso0(240, Cs) ->  %% small eth, Icelandic
-    [$d |hlso(Cs)];
-hlso0(241, Cs) ->  %% small n, tilde
-    [$n |hlso(Cs)];
-hlso0(C, Cs) when 242 =< C, C =< 246 ->  %% small o
-    [$o |hlso(Cs)];
-hlso0(247, Cs) ->  %% divide sign
-    [$/ |hlso(Cs)];
-hlso0(248, Cs) ->  %% small o, slash
-    [$o |hlso(Cs)];
-hlso0(C, Cs) when 249 =< C, C =< 252 ->  %% small u
-    [$u |hlso(Cs)];
-hlso0(253, Cs) ->  %% small y, acute accent
-    [$y |hlso(Cs)];
-hlso0(254, Cs) ->  %% small thorn, Icelandic
-    [$t |hlso(Cs)];
-hlso0(255, Cs) ->  %% small y, dieresis or umlaut
-    [$y |hlso(Cs)].
diff --git a/lib/docbuilder/src/docb_html_util_iso.erl b/lib/docbuilder/src/docb_html_util_iso.erl
deleted file mode 100644
index c836805cd2..0000000000
--- a/lib/docbuilder/src/docb_html_util_iso.erl
+++ /dev/null
@@ -1,204 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_html_util_iso).
--export([entity_to_html/1]).
-
-%% Encodes ISOtech, ISOnum and ISOgrk3.
-%%
-%% All entities are of the form "[abcdef]". 
-%%
-entity_to_html(Entity) when is_list(Entity), hd(Entity) =/= $[ ->
-    Entity;
-entity_to_html(Entity) ->
-    case (catch enc(Entity)) of
-	{'EXIT', _} ->
-	    Entity;
-	Enc  ->
-	    "<font face=symbol>" ++ Enc ++ "</font>"
-    end.
-
-enc("[Delta ]") -> "&#68;";
-%% enc("[Dot   ]") -> "&#0;";
-%% enc("[DotDot]") -> "&#0;";
-enc("[Gamma ]") -> "&#71;";
-enc("[Lambda]") -> "&#76;";
-enc("[Omega ]") -> "&#87;";
-enc("[Phi   ]") -> "&#70;";
-enc("[Pi    ]") -> "&#80;";
-enc("[Prime ]") -> "&#178;";
-enc("[Psi   ]") -> "&#89;";
-enc("[Sigma ]") -> "&#83;";
-enc("[Theta ]") -> "&#81;";
-enc("[Upsi  ]") -> "&#161;";
-%% enc("[Verbar]") -> "&#0;";
-enc("[Xi    ]") -> "&#88;";
-
-enc("[aleph ]") -> "&#192;";
-enc("[alpha ]") -> "&#97;";
-enc("[amp   ]") -> "&#38;";
-enc("[and   ]") -> "&#217;";
-enc("[ang   ]") -> "&#208;";
-%% enc("[ang90 ]") -> "&#0;";
-%% enc("[angsph]") -> "&#0;";
-%% enc("[angst ]") -> "&#0;";
-enc("[ap    ]") -> "&#187;";
-
-%% enc("[becaus]") -> "&#0;";
-%% enc("[bernou]") -> "&#0;";
-enc("[bepsi ]") -> "&#39;";
-enc("[beta  ]") -> "&#98;";
-enc("[bottom]") -> "&#94;";
-enc("[bull  ]") -> "&#183;";
-
-enc("[cap   ]") -> "&#199;";
-enc("[chi   ]") -> "&#99;";
-enc("[clubs ]") -> "&#167;";
-%% enc("[compfn]") -> "&#0;";
-enc("[cong  ]") -> "&#64;";
-enc("[copy  ]") -> "&#211;";
-%% enc("[conint]") -> "&#0;";
-enc("[cup   ]") -> "&#200;";
-
-enc("[dArr  ]") -> "&#223;";
-enc("[darr  ]") -> "&#175;";
-enc("[deg   ]") -> "&#176;";
-enc("[delta ]") -> "&#100;";
-enc("[diam  ]") -> "&#224;";
-enc("[diams ]") -> "&#168;";
-enc("[divide]") -> "&#184;";
-
-enc("[empty ]") -> "&#198;";
-%% enc("[epsi  ]") -> "&#0;";
-%% enc("[epsis ]") -> "&#0;";
-enc("[epsiv ]") -> "&#101;";
-enc("[equiv ]") -> "&#186;";
-enc("[eta   ]") -> "&#104;";
-enc("[exist ]") -> "&#36;";
-
-enc("[fnof  ]") -> "&#166;";
-enc("[forall]") -> "&#34;";
-
-enc("[gamma ]") -> "&#103;";
-%% enc("[gammad]") -> "&#0;";
-enc("[ge    ]") -> "&#179;";
-enc("[gt    ]") -> "&#62;";
-
-%% enc("[hamilt]") -> "&#0;";
-enc("[hArr  ]") -> "&#219;";
-enc("[harr  ]") -> "&#171;";
-enc("[hearts]") -> "&#169;";
-enc("[horbar]") -> "&#190;";
-
-enc("[iff   ]") -> "&#219;";
-enc("[image ]") -> "&#193;";
-enc("[infin ]") -> "&#165;";
-enc("[int   ]") -> "&#242;";
-enc("[iota  ]") -> "&#105;";
-enc("[isin  ]") -> "&#206;";
-
-enc("[kappa ]") -> "&#107;";
-%%enc("[kappav]") -> "&#0;";
-
-enc("[lArr  ]") -> "&#220;";
-%% enc("[lagran]") -> "&#0;";
-enc("[lambda]") -> "&#108;";
-enc("[lang  ]") -> "&#225;";
-enc("[larr  ]") -> "&#172;";
-enc("[le    ]") -> "&#163;";
-%% enc("[lowast]") -> "&#0;";
-enc("[lowbar]") -> "&#95;";
-enc("[lt    ]") -> "&#60;";
-
-enc("[middot]") -> "&#215;";
-enc("[minus ]") -> "&#45;";
-%% enc("[mnplus]") -> "&#0;";
-enc("[mu    ]") -> "&#109;";
-
-enc("[nabla ]") -> "&#209;";
-enc("[ne    ]") -> "&#185;";
-enc("[ni    ]") -> "&#39;";
-enc("[nsub  ]") -> "&#203;";
-enc("[not   ]") -> "&#216;";
-enc("[notin ]") -> "&#207;";
-enc("[nu    ]") -> "&#110;";
-
-enc("[omega ]") -> "&#119;";
-enc("[or    ]") -> "&#218;";
-%% enc("[order ]") -> "&#0;";
-enc("[oplus ]") -> "&#197;";
-enc("[otimes]") -> "&#196;";
-
-%% enc("[par   ]") -> "&#0;";
-enc("[part  ]") -> "&#182;";
-%% enc("[permil]") -> "&#0;";
-enc("[perp  ]") -> "&#94;";			% bottom
-enc("[phis  ]") -> "&#102;";
-enc("[phiv  ]") -> "&#106;";
-%% enc("[phmmat]") -> "&#0;";
-enc("[pi    ]") -> "&#112;";
-enc("[piv   ]") -> "&#118;";
-enc("[plus  ]") -> "&#43;";
-enc("[plusmn]") -> "&#177;";
-enc("[prime ]") -> "&#162;";
-enc("[prod  ]") -> "&#213;";
-enc("[prop  ]") -> "&#181;";
-enc("[psi   ]") -> "&#121;";
-
-enc("[radic ]") -> "&#214;";
-enc("[rang  ]") -> "&#241;";
-enc("[rArr  ]") -> "&#222;";
-enc("[rarr  ]") -> "&#174;";
-enc("[real  ]") -> "&#194;";
-enc("[reg   ]") -> "&#210;";
-enc("[rho   ]") -> "&#114;";
-%% enc("[rhov  ]") -> "&#0;";
-
-enc("[sigma ]") -> "&#115;";
-enc("[sigmav]") -> "&#86;";
-enc("[sim   ]") -> "&#126;";
-%% enc("[sime  ]") -> "&#0;";
-%% enc("[square]") -> "&#0;";
-enc("[sol   ]") -> "&#164;";
-enc("[spades]") -> "&#170;";
-enc("[sub   ]") -> "&#204;";
-enc("[sube  ]") -> "&#205;";
-enc("[sup   ]") -> "&#201;";
-enc("[supe  ]") -> "&#202;";
-enc("[sum   ]") -> "&#229;";
-
-enc("[tau   ]") -> "&#116;";
-enc("[tdot  ]") -> "&#188;";
-enc("[there4]") -> "&#92;";
-enc("[thetas]") -> "&#113;";
-enc("[thetav]") -> "&#74;";
-enc("[times ]") -> "&#180;";
-%% enc("[tprime]") -> "&#0;";
-enc("[trade ]") -> "&#212;";
-
-enc("[uArr  ]") -> "&#221;";
-enc("[uarr  ]") -> "&#173;";
-enc("[upsi  ]") -> "&#117;";
-
-enc("[verbar]") -> "&#189;";
-
-%% enc("[wedgeq]") -> "&#0;";
-enc("[weierp]") -> "&#195;";
-
-enc("[xi    ]") -> "&#120;";
-
-enc("[zeta  ]") -> "&#122;".
diff --git a/lib/docbuilder/src/docb_main.erl b/lib/docbuilder/src/docb_main.erl
deleted file mode 100644
index 4f5f035a65..0000000000
--- a/lib/docbuilder/src/docb_main.erl
+++ /dev/null
@@ -1,657 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_main).
-
--export([process/2,
-	 parse/2, parse1/2,
-	 pp/2,
-	 insert_after/3,
-	 transform/5, pp/5,
-	 include_file/2, include/3,
-	 eval_str/1,
-	 validate_html/1
-	]).
--export([do_parse_sgmls/1]).
-
-%%----------------------------------------------------------------------
-
-%% process(File, Opts) -> errors | ok
-%% Parses the source file File and transforms the result to html,
-%% latex and/or man page format.
-process(File, Opts) ->
-    
-    SrcType = docb_util:lookup_option(src_type, Opts),
-
-    File1 = 
-	case SrcType of
-	    ".xml" ->
-		FileTmp = File ++ ".tmpconv",
-		os:cmd("sed -e 's/xi:include[ \t]*href/include file/g' -e 's/xmlns:xi=\"http:\\/\\/www.w3.org\\/2001\\/XInclude\"//g' < " ++ 
-		       File ++ ".xml > " ++ FileTmp ++ ".xml"),
-		FileTmp;
-	    ".sgml"  ->
-		File
-	end,		
-    
-    case parse1(File1, Opts) of
-	errors ->
-	    delete_tmp_file(SrcType, File1),
-	    errors;
-	{ok, Tree} ->
-	    From = element(1, Tree),
-	    Tos0 =
-		lists:foldl(
-		  fun(latex, Acc) -> [latex|Acc];
-		     (html, Acc)  -> [html|Acc];
-		     ({man, _Section}, Acc) -> [man|Acc];
-		     (_, Acc) -> Acc
-		  end, [], Opts),
-
-	    %% If no target format is specified, assume HTML:
-	    Tos = if
-		      Tos0 =:= [] -> [html];
-		      true -> Tos0
-		  end,
-
-	    Result = [transform(From, To, Opts, File, Tree)||To <- Tos], 
-	    case lists:member(transformation_error,Result) of 
-		true -> 	
-		    delete_tmp_file(SrcType, File1),
-		    errors;
-		_ -> 
-		    delete_tmp_file(SrcType, File1),
-		    ok
-	    end
-    
-    end.
-
-
-delete_tmp_file(".xml", File) ->
-    file:delete(File ++ ".xml");
-delete_tmp_file(_, _) ->
-    ok.
-
-%%----------------------------------------------------------------------
-
-%% parse(File, Opts) -> {ok, Tree} | errors
-%% Parses the source file File, resulting in a tree structure.
-parse(File, Opts) ->
-    case docb_util:lookup_option(src_type, Opts) of
-	".xml" ->
-	    parse_xml(File++".xml", Opts);
-	".sgml" ->
-	    parse_sgml(File, Opts)
-    end.
-
-%% parse1(File, Opts) -> {ok, Tree} | errors
-%% Like parse/2, but in the SGML case also prints the parse errors
-%% (in File.html.sgmls_errs) information to stdout.
-parse1(File, Opts) ->
-    parse(File, [{print_parse_errs, true}|Opts]).
-
-
-validate_html(InFile) ->
-    ScanOpts = [{validation,true}, {fetch_fun, fun fetch_dtd/2}],
-    case xmerl_scan:file(InFile, ScanOpts) of
-	{_XMLTuple,[]} -> % ok
-	    {InFile,ok};
-	{'EXIT',Reason} ->
-	    {InFile,Reason}
-    end.
-
-fetch_dtd({public,_,"http://www.w3.org/TR/xhtml1/DTD/"++ Rest},GlobalState) ->
-    Filename = filename:join(docb_util:dtd_dir(),Rest),
-    {ok,{file,Filename},GlobalState};
-fetch_dtd({public,_,Str},GlobalState) ->
-    {ok,{file,filename:join(docb_util:dtd_dir(),Str)},GlobalState}.
-    
-    
-
-parse_xml(InFile, Opts) ->
-    DtdDir = docb_util:dtd_dir(),
-    ScanOpts = [{validation,true}, {fetch_path, [DtdDir]}],
-    PrintP = docb_util:lookup_option(print_parse_errs, Opts),
-    case catch xmerl_scan:file(InFile, ScanOpts) of
-	{'EXIT', Error} when PrintP ->
-	    docb_util:message(error,
-			      "XML validation error:~n~p", [Error]),
-	    errors;
-	{'EXIT', _Error} ->
-	    errors;
-	{error, Reason} -> % probably file error
-	    docb_util:message(error, "XML scan error: ~p", [Reason]),
-	    errors;
-	{Doc, []} ->
-	    case catch xmerl:export([Doc], docb_xmerl_tree_cb) of
-		[Tree] ->
-		    verify(Tree),
-		    {ok, Tree};
-		{'EXIT', Error} ->
-		    docb_util:message(error,
-				      "XML export error:~n~p", [Error]),
-		    errors
-	    end
-    end.
-
-parse_sgml(InFile, Opts) ->
-
-    Pfx = tmp_file_prefix(InFile, Opts),
-    OutFile = Pfx ++ "sgmls_output",
-    ErrFile = Pfx ++ "sgmls_errs",
-
-    EntVals = lists:usort(docb_util:lookup_options(ent, Opts)),
-    Ents = lists:flatten([" -ent " ++ Val || Val <- EntVals]),
-    Cmd = docb_util:old_docb_dir() ++ "/bin/docb_sgmls_run " ++
-	Ents ++ " " ++ InFile ++ ".sgml " ++ OutFile ++ " " ++ ErrFile,
-
-    case os:cmd(Cmd) of
-	[] ->
-	    PrintP = docb_util:lookup_option(print_parse_errs, Opts),
-	    case filelib:file_size(ErrFile) of
-		0 -> % implies no errors
-		    parse_sgmls(InFile, OutFile);
-		_ when PrintP ->
-		    cat(ErrFile),
-		    errors;
-		_ ->
-		    errors
-	    end;
-	Msg ->
-	    docb_util:message(error, "~p", [Msg]),
-	    errors
-    end.
-
-tmp_file_prefix(File, Opts) ->
-    lists:concat(
-      [File, "." | lists:foldl(
-		     fun(latex, Acc) -> ["latex."|Acc];
-			(html, Acc)  -> ["html."|Acc];
-			({man, Section}, Acc) -> ["man", Section, "."|Acc];
-			(_, Acc) -> Acc
-		     end, [], Opts)]).
-
-parse_sgmls(InFile, SgmlsFile) ->
-    case file:open(SgmlsFile, [read]) of
-	{ok, Fd} ->
-	    Res = case (catch do_parse_sgmls(Fd)) of
-		      {ok, Tree} ->
-			  {ok, Tree};
-		      {'EXIT', Reason} ->
-			  docb_util:message(
-			    error,
-			    "Cannot parse sgmls output file "
-			    "~s, obtained from parsing ~s, "
-			    "reason: ~w",
-			    [SgmlsFile, InFile, Reason]),
-			  errors;
-		      {error, Reason} ->
-			  docb_util:message(
-			    error,
-			    "Cannot parse sgmls output file "
-			    "~s, obtained from parsing ~s, "
-			    "reason: ~w",
-			    [SgmlsFile, InFile, Reason]),
-			  errors
-		  end,
-	    file:close(Fd),
-	    case Res of
-		{ok, Tree0} ->
-		    verify(Tree0),
-		    {ok, Tree0};
-		_Other ->
-		    errors
-	    end;
-	{error, Reason} ->
-	    docb_util:message(error,
-			      "Cannot open sgmls output file ~s, "
-			      "obtained from parsing ~s, reason: ~w",
-			      [SgmlsFile, InFile, Reason]),
-	    errors
-    end.
-
-do_parse_sgmls(Fd) ->
-    do_parse_sgmls(Fd, []).
-
-do_parse_sgmls(Fd, Attrs) ->
-    case get_line(Fd) of
-	{attrs, A} ->
-	    do_parse_sgmls(Fd, [A|Attrs]);
-	{startTag, Tag} ->
-	    {ok, {Tag, Attrs, get_args(Fd)}};
-	Other ->
-	    {error, Other}
-    end.
-
-get_args(Fd) ->
-    case get_line(Fd) of
-	{startTag, Tag} ->
-	    H = {Tag, [], get_args(Fd)},
-	    [H|get_args(Fd)];
-	{dataTag, Str} ->
-	    [{pcdata, [], Str}|get_args(Fd)];
-	{attrs, A} ->
-	    get_args_attr(Fd, [A]);
-	close ->
-	    [];
-	ok ->
-	    []
-    end.
-
-get_args_attr(Fd, Attrs) ->
-    case get_line(Fd) of
-	{startTag, Tag} ->
-	    H = {Tag, lists:reverse(Attrs), get_args(Fd)},
-	    [H|get_args(Fd)];
-	{dataTag, Str} ->
-	    [{pcdata, lists:reverse(Attrs), Str}|get_args(Fd)];
-	{attrs, A} ->
-	    get_args_attr(Fd, [A|Attrs]);
-	close ->
-	    [];
-	ok ->
-	    []
-    end.
-
-get_line(Fd) ->
-    Str = io:get_line(Fd, ''),
-    case Str of
-	[$(|T] ->
-	    {startTag, tag_name(T)};
-	[$-|T] ->
-	    {dataTag, T};
-	[$)|_T] ->
-	    close;
-	[$A|T] ->
-	    {attrs, attrs(remove_nl(T))};
-	[$?|_T] ->
-	    get_line(Fd);
-	[$C|_] ->
-	    ok
-    end.
-
-remove_nl([$\n|_]) -> [];
-remove_nl([H|T])    -> [H|remove_nl(T)];
-remove_nl([])       -> [].
-
-%% attrs
-%% splits a string like
-%% AAAAA BBBBB ......
-%% into {"AAA", "BBB", Rest}
-
-attrs(T) ->
-    {X, T1} = get_item(T),
-    {Y, T2} = get_item(T1),
-    T3 = skip_blanks(T2),
-    {X, Y, T3}.
-
-get_item(T) -> get_item(skip_blanks(T), []).
-
-get_item([$ |T], L) -> {lists:reverse(L), [$ |T]};
-get_item([H|T], L)  -> get_item(T, [H|L]);
-get_item([], L)     -> {lists:reverse(L), []}.
-
-skip_blanks([$ |T]) -> skip_blanks(T);
-skip_blanks(T)      -> T.
-
-tag_name(Str) -> tag_name(Str, []).
-
-tag_name([H|T], L) when $A =< H, H =< $Z ->
-    tag_name(T, [H-$A+$a|L]);
-tag_name([$\n], L) ->
-    list_to_atom(lists:reverse(L));
-tag_name([H|T], L) ->
-    tag_name(T, [H|L]).
-
-cat(File) ->
-    case file:open(File, [read]) of
-	{ok, Fd} ->
-	    cat1(Fd),
-	    file:close(Fd);
-	Other ->
-	    Other
-    end.
-
-cat1(Fd) ->
-    case io:get_line(Fd, '') of
-	eof ->
-	    eof;
-	Str ->
-	    io:format("~s", [Str]),
-	    cat1(Fd)
-    end.
-
-%%----------------------------------------------------------------------
-
-verify(Tree) -> verify(Tree, [], 1).
-
-verify({pcdata, Optional, _}, Path, Level) ->
-    verify_optional(Optional, Path, Level);
-verify({Tag, Optional, Args}, Path, Level) when is_list(Args) ->
-    verify_optional(Optional, Path, Level)
-	andalso verify_list(Args, [Tag|Path], Level);
-verify(Other, Path, Level) ->
-    verify_error(Other, Path, Level).
-
-verify_error(X, Path, Level) ->
-    docb_util:message(error, "Invalid object found at: ~p level:~w~n~s",
-		      [Path, Level, docb_pretty_format:term(X)]),
-    false.
-
-verify_list([H|T], Path, Level) ->
-    verify(H, Path, Level) andalso verify_list(T, Path, Level + 1);
-verify_list([], _, _) ->
-    true.
-
-verify_optional([{_, _, _}|T], Path, Level) ->
-    verify_optional(T, Path, Level);
-verify_optional([], _Path, _Level) ->
-    true;
-verify_optional(X, Path, Level) ->
-    verify_error(X, Path, Level).
-
-%%----------------------------------------------------------------------
-
-%% pp(File, Opts) -> {ok, OutFile} | errors
-%% Parses the source file and, if successful, prints the resulting tree
-%% structure to a file with the extension ".pp".
-pp(File, Opts) ->
-    case parse(File, Opts) of
-	{ok, Tree} ->
-	    OutFile = File ++ ".pp",
-	    dump(OutFile, Tree),
-	    {ok, OutFile};
-	errors ->
-	    errors
-    end.
-
-dump(File, Struct) ->
-    {ok, Stream} = file:open(File, [write]),
-    io:format("Info: Dump on ~p ...", [File]),
-    io:format(Stream, "~n~s~n", [docb_pretty_format:term(Struct)]),
-    io:format(" done.\n"),
-    file:close(Stream).
-
-%%----------------------------------------------------------------------
-
-%% insert_after(Tag, Tree, Obj) -> Tree | {'EXIT', Reason}
-%% Insert an element in a tree structure
-insert_after(Tag, Tree, Obj) ->
-    edit(Tag, Tree, {insert_after, Obj}).
-
-%% edit Op = delete, insert_before, insert_after
-edit(Tag, Tree, Op) ->
-    case catch edit1(Tag, Tree, Op) of
-	error ->
-	    docb_util:message(error, "Cannot do ~p to ~w", [Op, Tag]),
-	    Tree;
-	Other ->
-	    Other
-    end.
-
-edit1(Tag, {Tag, _O, _A}, _Op) ->
-    throw(error);
-edit1(Tag, {Tag1, O, A}, Op) ->
-    {Tag1, O, edit1_list(Tag, A, Op)};
-edit1(_, _, _) ->
-    throw(error).
-
-edit1_list(Tag, [{pcdata, Str}|T], Op) ->
-    [{pcdata, Str}|edit1_list(Tag, T, Op)];
-edit1_list(Tag, [{Tag, O, A}|T], {insert_after, Obj}) ->
-    [{Tag, O, A}, Obj|T];
-edit1_list(Tag, [H|T], Op) ->
-    [H|edit1_list(Tag, T, Op)];
-edit1_list(_Tag, [], _Op) ->
-    [].
-
-%%______________________________________________________________________
-
-%% transform(From, To, Opts, File, Tree) -> void()
-%% Actual transformation of tree structure to desired format.
-transform(From, To, Opts, File, Tree) ->
-    Filter = if
-		 To =:= html; To =:= kwic ->
-		     list_to_atom("docb_tr_" ++ atom_to_list(From) ++
-				  [$2|atom_to_list(To)]);
-		 true ->
-		     list_to_atom("sgml_tr_" ++ atom_to_list(From) ++
-				  [$2|atom_to_list(To)])
-	     end,
-
-    case catch Filter:transform(File, Tree, Opts) of
-
-	%% R5C
-	{'EXIT', {undef, [{Filter, transform, [File, Tree, Opts]}|_]}}->
-	    %% No transformation defined
-	    finish_transform(Tree, File, Opts, Filter);
-	
-	{'EXIT', {undef, {Filter, transform, [File, Tree, Opts]}}} ->
-	    %% No transformation defined
-	    finish_transform(Tree, File, Opts, Filter);
-
-	{'EXIT', What} ->
-	    docb_util:message(error,
-			      "Transformation trouble in ~P", [What, 9]),
-	    transformation_error;
-
-	{error, Reason} ->
-	    docb_util:message(error, Reason),
-	    transformation_error;
-	
-	{Tree1, Opts1} ->
-	    %% transformation returning both new parse and new options
-	    finish_transform(Tree1, File, Opts1, Filter);
-	
-	Tree1 ->
-	    %% transformation returning only new parse
-	    finish_transform(Tree1, File, Opts, Filter)
-    end.
-
-finish_transform(Tree, File, Opts, Filter) ->
-    {Str, NewOpts} = pp(Tree, [], 1, Filter, Opts),
-    Extension =
-	case catch Filter:extension(NewOpts) of
-	    {'EXIT', _} ->
-		Filter:extension();
-	    Others ->
-		Others
-	end,
-    {ok, Out} =
-	file:open(docb_util:outfile(File, Extension, NewOpts), [write]),
-    put_chars(Out, Str),
-    file:close(Out).
-
-put_chars(Out, Str) -> put_chars(Out, Str, 0).
-
-put_chars(Out, [$\n|Cs], _Pos) ->
-    io:put_chars(Out, [$\n]),
-    put_chars(Out, Cs, 0);
-
-put_chars(Out, [$\011|Cs], Pos) -> % tab
-    TabbedPos = 8*((Pos div 8)+1),
-    Nblanks = TabbedPos - Pos,
-    io:put_chars(Out, lists:duplicate(Nblanks, $ )),
-    put_chars(Out, Cs, Pos+Nblanks);
-
-put_chars(Out, [C|Cs], Pos) when is_integer(C) ->
-    io:put_chars(Out, [C]),
-    put_chars(Out, Cs, Pos+1);
-
-put_chars(Out, [L|Cs], Pos) when is_list(L) ->
-    put_chars(Out, Cs, put_chars(Out, L, Pos));
-
-put_chars(_Out, [], Pos) ->
-    Pos.
-
-pp({Tag, Optional, Args}, TagPath, Level, Filter, Opts) ->
-    TagPath1  = [Tag|TagPath],
-    Optional1 = reduce_optional(Optional),
-
-    %% First try Filter:rule/3. It returns {Return, NewOpts}
-    %%                          where Return is as from rule/2:
-    Rule_3_result =
-	case catch Filter:rule(TagPath1, {Level,Optional1,Args},Opts) of
-	    %% R5C
-	    {'EXIT', {undef, [{_, rule, _}|_]}} -> % No rule/3 defined
-		failed;
-
-	    {'EXIT', {undef, {_, rule, _}}} -> % No rule/3 defined
-		failed;
-	    %% R5C
-	    {'EXIT', {function_clause, [{_, rule, _}|_]}} -> % No MATCHING rule/3
-		failed;
-
-	    {'EXIT', {function_clause, {_, rule, _}}} -> % No MATCHING rule/3
-		failed;
-
-	    {'EXIT', What} ->
-		docb_util:message(error,
-				  "Serious Error: ~P", [What, 9]);
-	    Others ->
-		Others
-	end,
-    handle_rule_call_result({r3, Rule_3_result}, Filter, TagPath1, Tag,
-			    Level, Optional1, Args, Opts).
-
-handle_rule_call_result({r3, failed}, Filter, TagPath1, Tag, Level, Optional1,
-			Args, Opts) ->
-    %% Hmmm, try Filter:rule/2
-    Rule_2_result = (catch Filter:rule(TagPath1, {Level, Optional1, Args})),
-    handle_rule_call_result({r2, Rule_2_result}, Filter, TagPath1, Tag,
-			    Level, Optional1, Args, Opts);
-handle_rule_call_result({r3, {Result, NewOpts}}, Filter, TagPath1, Tag, Level,
-			Optional1, Args, _Opts) ->
-    handle_rule_call_result({r2, Result}, Filter, TagPath1, Tag, Level,
-			    Optional1, Args, NewOpts);
-handle_rule_call_result({_, {func, F}}, _Filter, _TagPath1, _Tag, _Level,
-			_Optional1, Args, Opts) ->
-    {F(Args), Opts};
-handle_rule_call_result({_, {'EXIT', Why}}, _Filter, TagPath1, _Tag, Level,
-			Optional1, Args, Opts) ->
-    report_error(TagPath1, Why, {Level, Optional1, Args}),
-    {[], Opts};
-handle_rule_call_result({_, {drop, Str}}, _Filter, _TagPath1, _Tag, _Level,
-			_Optional1, _Args, Opts) ->
-    {[Str], Opts};
-handle_rule_call_result({_, {newargs, NewArgs}}, Filter, TagPath1, _Tag, _Level,
-			_Optional1, _Args, Opts) ->
-    {List, NewOpts} = pp_list(NewArgs, TagPath1, 1, Filter, Opts),
-    {[List], NewOpts};
-handle_rule_call_result({_, {newargs, Before, NewArgs, After}}, Filter, TagPath1, _Tag, _Level,
-			_Optional1, _Args, Opts) ->
-    {List, NewOpts} = pp_list(NewArgs, TagPath1, 1, Filter, Opts),
-    {[Before, List, After], NewOpts};
-handle_rule_call_result({_, {Before, After}}, Filter, TagPath1, _Tag, _Level,
-			_Optional1, Args, Opts) when is_list(Before) ->
-    {List, NewOpts} = pp_list(Args, TagPath1, 1, Filter, Opts),
-    {[Before, List, After], NewOpts}.
-
-pp_list([H|T], TagPath, Level, Rules, Opts) ->
-    {Hpp, Hopts} = pp(H, TagPath, Level, Rules, Opts),
-    {Tpp, Tops} = pp_list(T, TagPath, Level + 1, Rules, Hopts),
-    {[Hpp|Tpp], Tops};
-pp_list([], _, _, _, Opts) ->
-    {[], Opts}.
-
-reduce_optional([{_, _, H}|T]) -> [H|reduce_optional(T)];
-reduce_optional([])          -> [].
-
-report_error(Arg1, Cause, Arg2) ->
-    [Tag|_] = Arg1,
-    docb_util:message(error,
-		      "Formatting trouble in ~p: ~p", [Tag, Cause]),
-    docb_util:message(error, "Failure in rule(~p, ~p)", [Arg1, Arg2]).
-
-%%----------------------------------------------------------------------
-
-%% include_file(File, Tag) -> {ok, String} | error
-include_file(File, Tag) ->
-    include(File, "%S" ++ Tag, "%E" ++ Tag).
-
-%% include(File, StartTag, StopTag) -> {ok, String} | error
-include(File, "", "") ->
-    case file:open(File, [read]) of
-	{ok, Fd} ->
-	    String = include_all(Fd),
-	    file:close(Fd),
-	    {ok, String};
-	_ ->
-	    docb_util:message(error,
-			      "Include file ~s not found", [File]),
-	    error
-    end;
-include(File, StartTag, StopTag) ->
-    case file:open(File, [read]) of
-	{ok, Fd} ->
-	    String = extract(File, Fd, StartTag, StopTag, searching),
-	    file:close(Fd),
-	    {ok, lists:flatten(String)};
-	_ ->
-	    docb_util:message(error,
-			      "Include file ~s not found", [File]),
-	    error
-    end.
-
-include_all(Fd) ->
-    case io:get_line(Fd, '') of
-	eof ->
-	    [];
-	ListOfChars ->
-	    ListOfChars ++ include_all(Fd)
-    end.
-
-extract(File, Fd, StartTag, StopTag, State) ->
-    Line=io:get_line(Fd, ''),
-    extract(File, Fd, StartTag, StopTag, State, Line).
-
-extract(File, _, _, _, _, eof) ->
-    docb_util:message(error,
-		      "Premature end of file in include file ~p",
-		      [File]),
-    [];
-extract(File, Fd, StartTag, StopTag, searching, Line) ->
-    case regexp:match(Line, "^" ++ StartTag) of
-	{match, _Start, _Length} ->
-	    extract(File, Fd, StartTag, StopTag, copying);
-	nomatch ->
-	    extract(File, Fd, StartTag, StopTag, searching);
-	{error, _Error} ->
-	    docb_util:message(error, "Bad syntax in ~s", [File]),
-	    []
-    end;
-extract(File, Fd, StartTag, StopTag, copying, Line) ->
-    case regexp:match(Line, "^" ++ StopTag) of
-	{match, _Start, _Length} ->
-	    [];
-	nomatch ->
-	    [Line|extract(File, Fd, StartTag, StopTag, copying)];
-	{error, _Error} ->
-	    docb_util:message(error, "Bad syntax in ~s", [File]),
-	    []
-    end.
-
-%%----------------------------------------------------------------------
-
-eval_str(Str) ->
-    case lib:eval_str(Str) of
-	{error, Report} ->
-	    docb_util:message(error,
-			      "ErlEval failed: ~s (~s)", [Str, Report]);
-	{ok, S} ->
-	    io_lib:format("~p~n", [S])
-    end.
diff --git a/lib/docbuilder/src/docb_pretty_format.erl b/lib/docbuilder/src/docb_pretty_format.erl
deleted file mode 100644
index 25dcd8987b..0000000000
--- a/lib/docbuilder/src/docb_pretty_format.erl
+++ /dev/null
@@ -1,177 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_pretty_format).
-
--export([term/1]).
-
-%% pretty_format:term(Term) -> PNF list of characters
-%%   
-%% Note: this is usually used in expressions like:
-%%	 io:format('~s\n', [pretty_format:term(Term)]).
-%%
-%% Uses the following simple heuristics:
-%%
-%% 1) Simple tuples are printed across the page.
-%%    (Simple means *all* the elements are "flat")
-%% 2) The complex tuple {Arg1, Arg2, Arg3,....} is printed thus:
-%%       {Arg1,
-%%        Arg2,
-%%        Arg3,
-%%        ...}
-%% 3) Lists are treated as for tuples.
-%% 4) Lists of printable characters are treated as strings.
-%%
-%% This method seems to work reasonable well for {Tag, ...} type
-%% data structures.
-term(Term) ->
-    element(2, term(Term, 0)).
-
-%% pretty_format:term(Term, Indent} -> {Indent', Chars}
-%% Format <Term> -- use <Indent> to indent the *next* line.
-%% Note: Indent' is a new indentaion level (sometimes printing <Term>
-%% the next line to need an "extra" indent!).
-term([], Indent) ->
-    {Indent, [$[,$]]};
-term(L, Indent) when is_list(L) ->
-    case is_string(L) of
-	true ->
-	    {Indent, io_lib:write_string(L)};
-	false ->
-	    case complex_list(L) of
-		true ->
-		    write_complex_list(L, Indent);
-		false ->
-		    write_simple_list(L, Indent)
-	    end
-    end;
-term(T, Indent) when is_tuple(T) ->
-    case complex_tuple(T) of
-	true ->
-	    write_complex_tuple(T, Indent);
-	false ->
-	    write_simple_tuple(T, Indent)
-    end;
-term(A, Indent) ->
-    {Indent, io_lib:write(A)}.
-
-%% write_simple_list([H|T], Indent) -> {Indent', Chars}
-write_simple_list([H|T], Indent) ->
-    {_, S1} = term(H, Indent),
-    {_, S2} = write_simple_list_tail(T, Indent),
-    {Indent, [$[,S1|S2]}.
-
-write_simple_list_tail([H|T], Indent) ->
-    {_, S1} = term(H, Indent),
-    {_, S2} = write_simple_list_tail(T, Indent),
-    {Indent, [$,,S1| S2]};
-write_simple_list_tail([], Indent) ->
-    {Indent, "]"};
-write_simple_list_tail(Other, Indent) ->
-    {_, S} = term(Other, Indent),
-    {Indent, [$|,S,$]]}.
-
-%% write_complex_list([H|T], Indent) -> {Indent', Chars}
-write_complex_list([H|T], Indent) ->
-    {I1, S1} = term(H, Indent+1),
-    {_, S2} = write_complex_list_tail(T, I1),
-    {Indent, [$[,S1|S2]}.
-
-write_complex_list_tail([H|T], Indent) ->
-    {I1, S1} = term(H, Indent),
-    {_, S2} = write_complex_list_tail(T, I1),
-    {Indent, [$,,nl_indent(Indent),S1,S2]};
-write_complex_list_tail([], Indent) ->
-    {Indent, "]"};
-write_complex_list_tail(Other, Indent) ->
-    {_, S} = term(Other, Indent),
-    {Indent, [$|,S,$]]}.
-
-%% complex_list(List) -> true | false
-%% Returns true if the list is complex otherwise false.
-complex_list([]) -> 
-    false;
-complex_list([H|T]) when is_list(H) ->
-    case is_string(H) of
-	true ->
-	    complex_list(T);
-	false ->
-	    true
-    end;
-complex_list([H|_]) when is_tuple(H) -> true;
-complex_list(_) -> false.
-
-%% complex_tuple(Tuple) -> true | false
-%% Returns true if the tuple is complex otherwise false.
-complex_tuple(T) -> 
-    complex_list(tuple_to_list(T)).
-
-%% write_simple_tuple(Tuple, Indent} -> {Indent', Chars}
-write_simple_tuple({}, Indent) ->
-    {Indent, "{}"};
-write_simple_tuple(Tuple, Indent) ->
-    {_, S} = write_simple_tuple_args(tuple_to_list(Tuple), Indent),
-    {Indent, [${, S, $}]}.
-
-write_simple_tuple_args([X], Indent) ->
-    term(X, Indent);
-write_simple_tuple_args([H|T], Indent) ->
-    {_, SH} = term(H, Indent),
-    {_, ST} = write_simple_tuple_args(T, Indent),
-    {Indent, [SH, $,, ST]}.
-
-%%  write_complex_tuple(Tuple, Indent} -> {Indent', Chars}
-write_complex_tuple(Tuple, Indent) ->
-    [H|T] = tuple_to_list(Tuple),
-    {I1, SH} = term(H, Indent+2),
-    {_, ST} = write_complex_tuple_args(T, I1),
-    {Indent, [${, SH, ST, $}]}.
-
-write_complex_tuple_args([X], Indent) ->
-    {_, S} = term(X, Indent),
-    {Indent, [$,, nl_indent(Indent), S]};
-write_complex_tuple_args([H|T], Indent) ->
-    {I1, SH} = term(H, Indent),
-    {_, ST} = write_complex_tuple_args(T, I1),
-    {Indent, [$,, nl_indent(Indent) , SH, ST]};
-write_complex_tuple_args([], Indent) ->
-    {Indent, []}.
-	
-%% utilities
-				   
-nl_indent(I) when I >= 0 ->
-    ["\n"|indent(I)];
-nl_indent(_I) ->
-    [$ ].
-
-indent(I) when I >= 8 ->
-    [$\t|indent(I-8)];
-indent(I) when I > 0 ->
-    [$ |indent(I-1)];
-indent(_) ->
-    [].
-
-is_string([9|T]) ->
-    is_string(T);
-is_string([10|T]) ->
-    is_string(T);
-is_string([H|T]) when H >31, H < 127 -> 
-    is_string(T);
-is_string([]) -> 
-    true;
-is_string(_) -> 
-    false.
diff --git a/lib/docbuilder/src/docb_tr_application2html.erl b/lib/docbuilder/src/docb_tr_application2html.erl
deleted file mode 100644
index d8cb214d0a..0000000000
--- a/lib/docbuilder/src/docb_tr_application2html.erl
+++ /dev/null
@@ -1,286 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_application2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-transform(File, {application, _Attrs, [Header|Rest]}, Opts0) ->
-
-    %% Extract header data
-    Title = docb_html_util:extract_header_data(title, Header),
-
-    case docb_util:an_option(kwicindex_only, Opts0) of
-	false ->
-
-	    %% Create the framing HTML document
-	    OutFile = docb_util:outfile(File++"_frame", ".html", Opts0),
-	    case file:open(OutFile, [write]) of
-		{ok, Fd} ->
-		    io:format(Fd,
-"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD XHTML 1.0 Frameset//EN\"
-\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd\">
-<!-- This document was generated using DocBuilder-" ++ docb_util:version() ++ " -->
-<html>
-<head>
-  <title>~s</title>
-  " ++ docb_util:html_snippet(head, Opts0) ++ "
-</head>
-<frameset cols=\"150, *\">
-  <frame src=\"~s\" name=\"toc\">
-  <frame src=\"~s\" name=\"document\">
-  <noframes>
-    <body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\"
-          vlink=\"#FF00FF\" alink=\"#FF0000\">
-    <p>This documentation requires a browser that can handle frames</p>
-    </body>
-  </noframes>
-</frameset>
-</html>
-",
-			      [Title,
-			       File++".html", File++"_first.html"]),
-		    file:close(Fd)
-	    end,
-
-	    %% Create the front HTML document
-	    docb_main:transform(first, html, Opts0, File ++ "_first",
-				{first, [], [Header|Rest]});
-
-	true ->
-	    ok
-    end,
-
-    %% Extract files to include
-    Files = case Rest of
-		[{description, _, _}|NewRest] ->
-		    lists:map(fun({include, [{_, _, F}], _}) ->filename:rootname(F) end,
-			      NewRest);
-		[{include, _, _}|_NewRest] ->
-		    lists:map(fun({include, [{_, _, F}], _}) -> filename:rootname(F) end,
-			      Rest)
-	    end,
-
-    %% Concat all reference manuals into a *big* parse tree
-    ConcatTree = concat_files(Files, Opts0),
-
-    %% Create the kwic index src file to be put in outdir
-    docb_main:transform(refs, kwic, Opts0, File, {refs,[],ConcatTree}),
-
-    case docb_util:an_option(kwicindex_only, Opts0) of
-	false ->
-
-	    %% Create an index
-	    docb_main:transform(index, html, Opts0, File ++ "_index",
-				{index, [], [Header|ConcatTree]}),
-	    %% Create a cite dictionary
-	    docb_main:transform(cite, html, Opts0, File ++ "_cite",
-				{cite, [], [Header|ConcatTree]}),
-
-	    %% Create a term dictionary
-	    docb_main:transform(term, html, Opts0, File ++ "_term",
-				{term, [], [Header|ConcatTree]}),
-
-	    %% Transform each reference page
-	    case docb_util:an_option(framework_only, Opts0) of
-		true ->
-		    ok;
-		false ->
-		    transform_refs(Files,
-				   [dict,{part_application,File}|Opts0])
-	    end;
-	true ->
-	    ok
-    end,
-
-    %% Find all fascicules to be put in the top menu of the table of
-    %% contents
-    Ext = docb_util:lookup_option(src_type, Opts0),
-    Opts2 =
-	case filelib:is_regular("fascicules"++Ext) of
-	    true ->
-		case docb_main:parse1("fascicules", Opts0) of
-		    {ok, Parse} ->
-			FascData = get_fasc_data(Parse),
-                        case lists:keyfind(File, 1, FascData) of
-			    {_, _, "YES", _} ->
-				OrigFile =
-				    docb_util:outfile(File++"_frame",
-						      ".html", Opts0),
-				EntryFile =
-				    docb_util:outfile("index",
-						      ".html",Opts0),
-				docb_util:message(info,
-						  "Copying ~s to ~s",
-						  [OrigFile,EntryFile]),
-				file:copy(OrigFile, EntryFile);
-			    _ ->
-				ok
-			end,
-			[{fascdata, FascData}| Opts0];
-		    errors ->
-			%% Do not bother
-			docb_util:message(
-			  warning,
-			  "fascicules~s could not be parsed,"
-			  " no index.html created",
-			  [Ext]),
-			Opts0
-		end;
-	    false ->
-		%% do not bother
-		docb_util:message(warning,
-				  "fascicules~s not found, "
-				  "no index.html created",
-				  [Ext]),
-		Opts0
-	end,
-
-    %% Create ToC parse tree
-    {{toc, [{"FILE", "CDATA", File}], [Header|make_toc(ConcatTree)]},
-     Opts2}.
-
-concat_files(Files, Opts) ->
-    concat_files(Files, [], Opts).
-
-concat_files([File|Rest], Body, Opts) ->
-    case docb_main:parse1(File, Opts) of
-	{ok, Parse} ->
-	    NewParse=expand([Parse], File),
-	    %% Remove the reference manual header
-	    [{Ref, [], [_Hdr| NewBody]}] = NewParse,
-	    RefParse = [{Ref, [], NewBody}],
-	    Body ++ concat_files(Rest, RefParse, Opts);
-	errors ->
-	    errors
-    end;
-concat_files([], Body, _Opts) ->
-    Body.
-
-expand([], _) ->
-    [];
-expand([{pcdata, Attrs, More}|Rest], File) ->
-    [{pcdata, Attrs, More}|expand(Rest, File)];
-expand([{name, Attrs, More}|Rest], File) ->
-    [{name, [{"FILE", "CDATA", File}|Attrs], More}|expand(Rest, File)];
-expand([{module, Attrs, More}|Rest], File) ->
-    [{module, [{"FILE", "CDATA", File}|Attrs], More}|expand(Rest,File)];
-expand([{file, Attrs, More}|Rest], File) ->
-    [{file, [{"FILE", "CDATA", File}|Attrs], More}|expand(Rest, File)];
-expand([{app, Attrs, More}|Rest], File) ->
-    [{app, [{"FILE", "CDATA", File}|Attrs], More}|expand(Rest, File)];
-expand([{lib, Attrs, More}|Rest], File) ->
-    [{lib, [{"FILE", "CDATA", File}|Attrs], More}|expand(Rest, File)];
-expand([{com, Attrs, More}|Rest], File) ->
-    [{com, [{"FILE", "CDATA", File}|Attrs], More}|expand(Rest, File)];
-expand([{Tag, Attrs, More}|Rest], File) ->
-    [{Tag, Attrs, expand(More, File)}|expand(Rest, File)].
-
-transform_refs([], _) ->
-    ok;
-transform_refs([File|Rest], Opts) ->
-    Ext = docb_util:lookup_option(src_type, Opts),
-    docb_util:message(info, "Processing \"~s~s\"", [File, Ext]),
-    docb_main:process(File, Opts),
-    transform_refs(Rest, Opts).
-
-make_toc([]) ->
-    [];
-make_toc([{pcdata, _Attrs, _More}|Rest]) ->
-    make_toc(Rest);
-make_toc([{module, Attrs, More}|Rest]) ->
-    [{module, Attrs, More}|make_toc(Rest)];
-make_toc([{file, Attrs, More}|Rest]) ->
-    [{file, Attrs, More}|make_toc(Rest)];
-make_toc([{app, Attrs, More}|Rest]) ->
-    [{app, Attrs, More}|make_toc(Rest)];
-make_toc([{lib, Attrs, More}|Rest]) ->
-    [{lib, Attrs, More}|make_toc(Rest)];
-make_toc([{com, Attrs, More}|Rest]) ->
-    [{com, Attrs, More}|make_toc(Rest)];
-make_toc([{_Tag, _Attrs, More}|Rest]) ->
-    make_toc(More) ++ make_toc(Rest).
-
-rule([module|_], {_, [File], _}) ->
-    {"<small><a target=\"document\" href=\"" ++
-     docb_html_util:make_anchor_href(File) ++ "\">",
-     "</a></small><br/>\n"};
-
-rule([file|_], {_, [File], _}) ->
-    {"<small><a target=\"document\" href=\"" ++
-     docb_html_util:make_anchor_href(File) ++ "\">",
-     "</a></small><br/>\n"};
-
-rule([app|_], {_, [File], _}) ->
-    {"<small><a target=\"document\" href=\"" ++
-     docb_html_util:make_anchor_href(File) ++ "\">",
-     "</a></small><br/>\n"};
-
-rule([lib|_], {_, [File], _}) ->
-    {"<small><a target=\"document\" href=\"" ++
-     docb_html_util:make_anchor_href(File) ++ "\">",
-     "</a></small><br/>\n"};
-
-rule([com|_], {_, [File], _}) ->
-    {"<small><a target=\"document\" href=\"" ++
-     docb_html_util:make_anchor_href(File) ++ "\">",
-     "</a></small><br/>\n"};
-
-rule([pcdata|_], {_, _, Data}) ->
-    {drop, docb_html_util:pcdata_to_html(Data)};
-
-rule(_, _) ->
-    {drop, ""}.
-
-rule([toc|_], {_Depth, [File], [Header|_]}, Opts) ->
-    case docb_util:lookup_option(fascdata, Opts) of
-	false ->
-	    {{docb_html_layout:application_toc_top(
-		docb_html_util:all_header_data(Header),
-		File, Opts),
-	      docb_html_layout:part_toc_bot()}, Opts};
-	FascData ->
-	    HRefTexts =
-		lists:map(
-		  fun({_File, HRef, _Entry, PCText}) ->
-			  {HRef, docb_html_util:pcdata_to_html(PCText)}
-		  end,
-		  FascData),
-	    {{docb_html_layout:application_toc_top(
-		docb_html_util:all_header_data(Header),
-		File, Opts, HRefTexts) ++ "\n",
-	      docb_html_layout:part_toc_bot()}, Opts}
-    end.
-
-%% Returns: [{File, HRef, Entry, Text}].
-get_fasc_data({fascicules, _, Fascs}) ->
-    lists:map(
-      fun({fascicule, Atts, Trees}) ->
-	      AVals = get_avals(Atts),
-	      PCText = get_pc_text(Trees),
-	      list_to_tuple(lists:append([AVals, [PCText]]))
-      end,
-      Fascs).
-
-get_avals(Atts) ->
-    [element(3, Tuple) || Tuple <- Atts].
-
-get_pc_text([{pcdata, _, Text}]) ->
-    Text.
diff --git a/lib/docbuilder/src/docb_tr_appref2html.erl b/lib/docbuilder/src/docb_tr_appref2html.erl
deleted file mode 100644
index 6b4cc0f815..0000000000
--- a/lib/docbuilder/src/docb_tr_appref2html.erl
+++ /dev/null
@@ -1,48 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_appref2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-%% Transform the parse tree. Header data is stored in an extra
-%% argument to make life easier later on.
-transform(_File, {appref,_,[Header|Rest]}, _Opts) ->
-    Data = [{[], [], docb_html_util:all_header_data(Header)}],
-    {appref, Data, [{header,[],[]}|Rest]}.
-
-rule([header|_],_) ->
-    {drop, ""};
-
-rule([app|_],_) ->
-    {"\n<h3>APPLICATION</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule([appsummary|_],_) ->
-    {"\n<h3>APPLICATION SUMMARY</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule(TagHistory, TagBody) ->
-    docb_html_ref:rule(TagHistory,TagBody).
-
-rule([appref|_], {_,[Data],_}, Opts) ->
-  {{docb_html_layout:ref_top(Data, Opts),
-    docb_html_layout:ref_bot(Opts)}, Opts};
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html_ref:rule(TagHistory, TagBody, Opts).
diff --git a/lib/docbuilder/src/docb_tr_chapter2html.erl b/lib/docbuilder/src/docb_tr_chapter2html.erl
deleted file mode 100644
index 185cdc7cc3..0000000000
--- a/lib/docbuilder/src/docb_tr_chapter2html.erl
+++ /dev/null
@@ -1,59 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_chapter2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-transform(File, {chapter,_,[Header|Rest]}, Opts) ->
-    Data = [{[], [], docb_html_util:all_header_data(Header)}],
-    Tree = {chapter, Data, [{header,[],[]}|Rest]},
-    ChapterLevel =
-	case docb_util:lookup_option(number, Opts) of
-	    false -> none;
-	    Value -> Value
-	end,
-    docb_html_util:number(Tree, ChapterLevel,  File).
-
-rule([header|_], _) ->
-    {drop, ""};
-
-rule([toc|_], {_,_,ToC}) ->
-    {drop,
-     "\n<h3>Table of Contents</h3>\n" ++
-     docb_html_util:format_toc(ToC) ++ "\n"};
-
-rule([section|_], _) ->
-    {"", ""};
-
-rule([title|Rest], {_,[Number,_File], [{pcdata,_,Title}]}) ->
-    N = integer_to_list(docb_html_util:count_sections(Rest)+1),
-    {drop,"\n<h" ++ N ++ ">" ++ Number ++ " " ++
-     docb_html_util:pcdata_to_html(Title) ++ "</h" ++ N ++ ">\n"};
-
-rule(TagHistory, TagBody) ->
-  docb_html:rule(TagHistory, TagBody).
-
-rule([chapter|_], {_,[Data],_}, Opts) ->
-    {{docb_html_layout:chapter_top(Data, Opts),
-      docb_html_layout:chapter_bot(Opts)}, Opts};
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html:rule(TagHistory, TagBody, Opts).
diff --git a/lib/docbuilder/src/docb_tr_cite2html.erl b/lib/docbuilder/src/docb_tr_cite2html.erl
deleted file mode 100644
index 77f1c4e636..0000000000
--- a/lib/docbuilder/src/docb_tr_cite2html.erl
+++ /dev/null
@@ -1,134 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_cite2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-transform(_File, Tree, Opts) ->
-    purge(Tree, Opts).
-  
-purge({Tag, Attrs, [Header|Body]}, Opts) ->
-    CiteList = case docb_util:lookup_option({defs,cite}, Opts) of
-		   false -> [];
-		   Value  -> Value
-	       end,
-    B1 = purge_body(Body, CiteList),
-    B2 = lists:ukeysort(2, B1),
-    {Tag, Attrs, [Header|B2]}.
-
-purge_body([], _) ->
-    [];
-purge_body([{pcdata,_Attrs,_More}|Rest], CiteList) ->
-    purge_body(Rest, CiteList);
-purge_body([{cite,[{"ID","CDATA",ID}],More}|Rest], CiteList) ->
-    case lists:keyfind(ID, 1, CiteList) of
-	false ->
-	    [{cite, [{"NAME","CDATA",ID}, {"ID","CDATA",ID}], More}|
-	     purge_body(Rest, CiteList)];
-	{ID, Name, _Description, _Responsible} ->
-	    [{cite, [{"NAME","CDATA",Name}, {"ID","CDATA",ID}], More}|
-	     purge_body(Rest, CiteList)];
-	{ID, Name, _Description} ->
-	    [{cite, [{"NAME","CDATA",Name}, {"ID","CDATA",ID}], More}|
-	     purge_body(Rest, CiteList)]
-    end;
-purge_body([{_Tag,_Attrs,More}|Rest], CiteList) ->
-    purge_body(More, CiteList) ++ purge_body(Rest, CiteList).
-
-rule([header|_], _) ->
-    {drop, ""};
-rule(_, _) ->
-    {drop, ""}.
-
-rule([cite|_], {_,[],[Header]}, Opts) ->
-    HeaderData = docb_html_util:all_header_data(Header),
-    {{docb_html_layout:chapter_top(HeaderData, Opts) ++
-      "\n<center><h1>Bibliography</h1></center>\n",
-      docb_html_layout:chapter_bot(Opts)}, Opts};
-
-rule([cite|_], {_,[],[Header|_]}, Opts) ->
-    HeaderData = docb_html_util:all_header_data(Header),
-    {{docb_html_layout:chapter_top(HeaderData, Opts) ++
-      "\n<center><h1>Bibliography</h1></center>\n<dl>\n",
-      "\n</dl>\n" ++ docb_html_layout:chapter_bot(Opts)}, Opts};
-
-rule([cite|_], {_,[Data],_}, Opts) ->
-    {{docb_html_layout:chapter_top(Data, Opts) ++
-      "\n<center><h1>Bibliography</h1></center>\n<dl>\n",
-      "\n</dl>\n" ++ docb_html_layout:chapter_bot(Opts)}, Opts};
-
-rule([cite|T], {A, B, [{citedef,C,
-			[{ctitle, [], [{pcdata,[],CTitle}]},
-			 {cauthor, [], [{pcdata,[],CAuthor}]},
-			 {chowpublished, [],
-			  [{pcdata,[],Chowpublished}]}]}]}, Opts) ->
-    CiteDef = CTitle ++ " " ++ CAuthor ++ " " ++ Chowpublished,
-    rule([cite|T], {A,B,[{citedef,C,[{pcdata,[],CiteDef}]}]}, Opts);
-
-rule([cite|_], {_,[Name,ID], [{citedef,[],[{pcdata,[],Def}]}]}, Opts) ->
-    CiteList =
-	case docb_util:lookup_option({defs,cite}, Opts) of
-	    false -> [];
-	    Value  -> Value
-	end,
-    case lists:keyfind(ID, 1, CiteList) of
-	false ->
-	    {{drop,"\n<dt><a name=\"" ++ ID ++ "\">" ++ 
-	      "<strong>" ++ ID ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Def) ++ "\n</dd>\n"}, Opts};
-	{ID, Name, Description, _Responsible} ->
-	    docb_util:message(warning,
-			      "Global cite ~s overriding local", [ID]),
-	    {{drop,"\n<dt><a name=\"" ++ ID ++ "\">" ++
-	      "<strong>" ++ Name ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Description) ++ "\n</dd>\n"},
-	     Opts};
-	{ID, Name, Description} ->
-	    docb_util:message(warning,
-			      "Global cite ~s overriding local", [ID]),
-	    {{drop,"\n<dt><a name=\"" ++ ID ++ "\">" ++ 
-	      "<strong>" ++ Name ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Description) ++ "\n</dd>\n"}, Opts}
-    end;
-
-rule([cite|_], {_,[Name,ID],_}, Opts) ->
-  CiteList =
-	case docb_util:lookup_option({defs,cite}, Opts) of
-	    false -> [];
-	    Value  ->	Value
-	end,
-    case lists:keyfind(ID, 1, CiteList) of
-	false ->
-	    docb_util:message(error,
-			      "The cite ~s has no definition", [ID]),
-	    {{drop,"\n<dt><a name=\"" ++ ID ++ "\">" ++ 
-	      "<strong>" ++ ID ++ "</strong></a></dt>\n<dd>" ++
-	      "??" ++ "\n</dd>\n"}, Opts};
-	{ID, Name, Description, _Responsible} ->
-	    {{drop,"\n<dt><a name=\"" ++ ID ++ "\">" ++
-	      "<strong>" ++ Name ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Description) ++ "\n</dd>\n"},
-	     Opts};
-	{ID, Name, Description} ->
-	    {{drop,"\n<dt><a name=\"" ++ ID ++ "\">" ++ 
-	      "<strong>" ++ Name ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Description) ++ "\n</dd>\n"}, Opts}
-    end.
diff --git a/lib/docbuilder/src/docb_tr_comref2html.erl b/lib/docbuilder/src/docb_tr_comref2html.erl
deleted file mode 100644
index 25207dccb4..0000000000
--- a/lib/docbuilder/src/docb_tr_comref2html.erl
+++ /dev/null
@@ -1,46 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_comref2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-transform(_File, {comref,_,[Header|Rest]}, _Opts) ->
-    Data = [{[], [], docb_html_util:all_header_data(Header)}],
-    {comref, Data, [{header,[],[]}|Rest]}.
-
-rule([header|_],_) ->
-    {drop,""};
-
-rule([com|_],_) ->
-    {"\n<h3>COMMAND</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule([comsummary|_],_) ->
-    {"\n<h3>COMMAND SUMMARY</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule(TagHistory, TagBody) ->
-    docb_html_ref:rule(TagHistory, TagBody).
-
-rule([comref|_], {_,[Data],_}, Opts) ->
-    {{docb_html_layout:ref_top(Data, Opts),
-      docb_html_layout:ref_bot(Opts)}, Opts};
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html_ref:rule(TagHistory, TagBody, Opts).
diff --git a/lib/docbuilder/src/docb_tr_cref2html.erl b/lib/docbuilder/src/docb_tr_cref2html.erl
deleted file mode 100644
index 06748b8c57..0000000000
--- a/lib/docbuilder/src/docb_tr_cref2html.erl
+++ /dev/null
@@ -1,61 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_cref2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-  ".html".
-
-transform(_File, {cref,_,[Header|Rest]}, _Opts) ->
-    Data = [{[], [], docb_html_util:all_header_data(Header)}],
-    {cref, Data, [{header,[],[]}|Rest]}.
-
-rule([header|_],_) ->
-    {drop, ""};
-
-rule([ret|_],_) ->
-    {"",""};
-
-rule([nametext|_],_) ->
-    {" ",""};
-
-rule([name|_], {_,_,[_Ret,{nametext,[],[{pcdata,[],Name}]}]}) ->
-    FName = lists:flatten(docb_html_util:pcdata_to_html(Name)),
-    TName = docb_util:trim(FName), 
-    CAnchor = docb_util:fknidx(TName, "/"),
-    {"<A NAME=\"" ++ CAnchor ++ "\"><STRONG><CODE>",
-     "</CODE></STRONG></A><BR>\n"};
-rule([name|T], {I,As,[Ret,{pcdata,[],Name}]}) -> % For SGML DTD
-    rule([name|T], {I,As,[Ret,{nametext,[],[{pcdata,[],Name}]}]});
-
-rule([lib|_],_) ->
-    {"\n<H3>C LIBRARY</H3>\n<DIV CLASS=REFBODY>\n","\n</DIV>\n"};
-
-rule([libsummary|_],_) ->
-    {"\n<H3>C LIBRARY SUMMARY</H3>\n<DIV CLASS=REFBODY>\n","\n</DIV>\n"};
-
-rule(TagHistory, TagBody) ->
-    docb_html_ref:rule(TagHistory, TagBody).
-
-rule([cref|_], {_,[Data],_}, Opts) ->
-    {{docb_html_layout:ref_top(Data, Opts),
-      docb_html_layout:ref_bot(Opts)}, Opts};
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html_ref:rule(TagHistory, TagBody, Opts).
diff --git a/lib/docbuilder/src/docb_tr_erlref2html.erl b/lib/docbuilder/src/docb_tr_erlref2html.erl
deleted file mode 100644
index b264c46bce..0000000000
--- a/lib/docbuilder/src/docb_tr_erlref2html.erl
+++ /dev/null
@@ -1,46 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_erlref2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-  ".html".
-
-transform(_File, {erlref,_,[Header|Rest]}, _Opts) ->
-    Data = [{[], [], docb_html_util:all_header_data(Header)}],
-    {erlref, Data, [{header,[],[]}|Rest]}.
-
-rule([header|_],_) ->
-    {drop, ""};
-
-rule([module|_],_) ->
-    {"\n<h3>MODULE</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule([modulesummary|_],_) ->
-    {"\n<h3>MODULE SUMMARY</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule(TagHistory, TagBody) ->
-    docb_html_ref:rule(TagHistory, TagBody).
-
-rule([erlref|_], {_,[Data],_}, Opts) ->
-    {{docb_html_layout:ref_top(Data, Opts),
-      docb_html_layout:ref_bot(Opts)}, Opts};
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html_ref:rule(TagHistory, TagBody, Opts).
diff --git a/lib/docbuilder/src/docb_tr_fileref2html.erl b/lib/docbuilder/src/docb_tr_fileref2html.erl
deleted file mode 100644
index 60280543a8..0000000000
--- a/lib/docbuilder/src/docb_tr_fileref2html.erl
+++ /dev/null
@@ -1,46 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_fileref2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-transform(_File, {fileref,_,[Header|Rest]}, _Opts) ->
-    Data = [{[], [], docb_html_util:all_header_data(Header)}],
-    {fileref, Data, [{header,[],[]}|Rest]}.
-
-rule([header|_],_) ->
-    {drop, ""};
-
-rule([file|_],_) ->
-    {"\n<h3>FILE</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule([filesummary|_],_) ->
-    {"\n<h3>FILE SUMMARY</h3>\n<div class=\"REFBODY\">\n","\n</div>\n"};
-
-rule(TagHistory, TagBody) ->
-    docb_html_ref:rule(TagHistory, TagBody).
-
-rule([fileref|_], {_,[Data],_}, Opts) ->
-    {{docb_html_layout:ref_top(Data, Opts),
-      docb_html_layout:ref_bot(Opts)}, Opts};
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html_ref:rule(TagHistory, TagBody, Opts).
diff --git a/lib/docbuilder/src/docb_tr_first2html.erl b/lib/docbuilder/src/docb_tr_first2html.erl
deleted file mode 100644
index e9ecbe73cb..0000000000
--- a/lib/docbuilder/src/docb_tr_first2html.erl
+++ /dev/null
@@ -1,46 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_first2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-transform(_File, Tree, _Opts) ->
-    Tree.
-
-rule([header|_], _) ->
-    {drop, ""};
-
-rule([description|_], _) ->
-    {"", ""};
-
-rule([include|_], _) ->
-    {drop, ""};
-
-rule(TagHistory, TagBody) ->
-    docb_html:rule(TagHistory, TagBody).
-
-rule([first|_], {_,[],[Header|_]}, Opts) ->
-    HeaderData = docb_html_util:all_header_data(Header),
-    {{docb_html_layout:first_top(HeaderData, Opts),
-      docb_html_layout:first_bot(Opts)}, Opts};
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html:rule(TagHistory, TagBody, Opts).
diff --git a/lib/docbuilder/src/docb_tr_index2html.erl b/lib/docbuilder/src/docb_tr_index2html.erl
deleted file mode 100644
index 312342add2..0000000000
--- a/lib/docbuilder/src/docb_tr_index2html.erl
+++ /dev/null
@@ -1,195 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License, 
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_index2html).
-
--export([extension/0, transform/3, rule/2]).
-
-extension() ->
-    ".html".
-
-transform(_File0, {index, Attrs, [Header| Trees0]}, _Opts) ->
-    Trees1 = prune_flat(Trees0, false),
-    %%
-    %% Now each element of Trees1 is a tree with tag `name' and
-    %% attribute `File', and with one `pcdata' subtree containing the
-    %% name `Func' of the function. We extract `File' and `Func', and
-    %% create new trees.
-    %%
-    %% `File' is attribute CDATA (from an <include file=...>), and
-    %% `Func' is PCDATA.
-    %%
-    FileFuncs =
-	[{File, RefType, Func} ||
-	    {name, [{_, _, File}, {_, _, RefType}|_],
-	     [{pcdata, [], Func}]}
-		<- Trees1],
-    Trees2 = new_trees(FileFuncs),
-    {index, Attrs, [Header| Trees2]}.
-
-%% Remove all elements except those with tag equal to `name'.
-%% Within `name' remove all elements except those equal to `pcdata'.
-%% Add attribute `filetype' to `name'.
-%%
-%% Refs: appref, comref, cref, erlref, fileref
-prune_flat([{appref, _Attrs, More}| Rest], _) ->
-    RefType = appref,
-    lists:append(prune_flat(More, RefType), prune_flat(Rest, RefType));
-prune_flat([{comref, _Attrs, More}| Rest], _) ->
-    RefType = comref,
-    lists:append(prune_flat(More, RefType), prune_flat(Rest, RefType));
-prune_flat([{cref, _Attrs, More}| Rest], _) ->
-    RefType = cref,
-    lists:append(prune_flat(More, RefType), prune_flat(Rest, RefType));
-prune_flat([{erlref, _Attrs, More}| Rest], _) ->
-    RefType = erlref,
-    lists:append(prune_flat(More, RefType), prune_flat(Rest, RefType));
-prune_flat([{fileref, _Attrs, More}| Rest], _) ->
-    RefType = fileref,
-    lists:append(prune_flat(More, RefType), prune_flat(Rest, RefType));
-prune_flat([{name, [Attr0|Attrs0], More}| Rest], RefType) ->
-    Attrs = [Attr0, {"FILETYPE", "CDATA", RefType} |
-	     Attrs0],
-    [{name, Attrs, keep_pcdata(More)}| prune_flat(Rest, RefType)];
-prune_flat([{pcdata, _, _}| Rest], RefType) ->		% special case
-    prune_flat(Rest, RefType);
-prune_flat([{_Tag, _Attrs, More}| Rest], RefType) ->
-    lists:append(prune_flat(More, RefType), prune_flat(Rest, RefType));
-prune_flat([], _) ->
-    [].
-
-keep_pcdata(Trees) ->
-    [T || T = {pcdata, _, _} <- Trees].
-
-new_trees(FileFuncs) ->
-    Files0 = [{File, RefType} || {File, RefType, _} <- FileFuncs],
-    Files1 = lists:usort(Files0),
-    FileEntries = [{reffile, File, RefType,
-		    [Fu || {Fi, _, Fu} <- FileFuncs, Fi == File]}
-		   || {File, RefType} <- Files1],
-    FuncEntries = [{func, Func, RefType, [File]}
-		   || {File, RefType, Func} <- FileFuncs],
-    Entries = FileEntries ++ FuncEntries,
-    SortedEntries = sort_entries(Entries),
-    %%
-    %% We create a tree according to the following "dtd":
-    %%
-    %%  element   index    (reffile | funcdef)*
-    %%  element   reffile     (funcdef2)*
-    %%  attribute reffile     filename CDATA
-    %%  attribute reffile     filetype CDATA
-    %%  element   funcdef2 PCDATA
-    %%  attribute funcdef2 filename CDATA
-    %%  attribute funcdef2 filetype CDATA
-    %%  element   funcdef  PCDATA
-    %%  attribute funcdef  filename CDATA
-    %%  attribute funcdef  filetype CDATA
-    %%
-    %%  For example:
-    %%  <index>
-    %%     <reffile filename="mymod" filetype="erlref">
-    %%        <funcdef2 filename="mymod" filetype="erlref">myfunca(A)</>
-    %%        <funcdef2 filename="mymod" filetype="erlref">myfuncb(A, B)</>
-    %%     </>
-    %%     <funcdef filename="mymod" filetype="erlref">myfunca(A)</>
-    %%     <funcdef filename="mymod" filetype="erlref">myfuncb(A, B)</>
-    %%  </>
-    lists:flatmap(
-      fun({reffile, File, RefType, Funcs}) ->
-	      %% A reffile tree
-	      [{reffile, [{"FILENAME", "CDATA", File},
-			  {"FILETYPE", "CDATA", RefType}],
-		[{funcdef2, [{"FILENAME", "CDATA", File},
-			     {"FILETYPE", "CDATA", RefType}],
-		  [{pcdata, [], Func}]} || Func <- Funcs]}];
-	 ({func, Func, RefType, [File]}) ->
-	      %% A func tree
-	      [{funcdef, [{"FILENAME", "CDATA", File},
-			  {"FILETYPE", "CDATA", RefType}],
-		[{pcdata, [], Func}]}]
-      end, SortedEntries).
-
-%% Sorting of entries
-%%
-%% The sorting is based on how names of files and functions are
-%% presented (in a browser).
-%% Requires conversion to "function/2" etc.
-%%
-sort_entries(Entries) ->
-    ExpEntries =
-	lists:map(
-	  fun({reffile, File, RefType, Funcs}) ->
-		  HFile = filename_sort_order(File),
-		  HFuncs = [{funcdef_sort_order(Fu, RefType), Fu} || Fu <- Funcs],
-		  {reffile, HFile, File, RefType, lists:sort(HFuncs)};
-	     ({func, Func, RefType, [File]}) ->
-		  HFunc = funcdef_sort_order(Func, RefType),
-		  HFile = filename_sort_order(File),
-		  {func, HFunc, Func, RefType, [{HFile, File}]}
-	  end, Entries),
-    SortedExpEntries = lists:keysort(2, ExpEntries),
-    lists:map(
-      fun({Tag, _HName, Name, RefType, Vals}) ->
-	      NVals = lists:map(fun({_HVal, Val}) -> Val end, Vals),
-	      {Tag, Name, RefType, NVals}
-      end, SortedExpEntries).
-
-rule([index| _], _) ->
-    {docb_html_layout:index_top("") ++
-     "<dl>\n",
-     "</dl>\n" ++ docb_html_layout:index_bot()};
-
-rule([header| _], _) ->
-    {drop, ""};
-
-rule([reffile| _], {_, [File, _RefType|_], _}) ->
-    CFile = docb_html_util:attribute_cdata_to_html(File),
-    {"<dt><em>" ++ CFile ++ "</em></dt>\n", ""};
-
-rule([funcdef2| _], {_, [File, RefType|_], [{pcdata, [], FuncDef}]}) ->
-    FFuncDef = lists:flatten(docb_html_util:pcdata_to_html(FuncDef)),
-    TFuncDef = docb_util:trim(FFuncDef),
-    ShortFuncDef = docb_html_util:make_funcdef_short(TFuncDef, RefType),
-    HRef =
-	docb_html_util:make_anchor_href_short(File, TFuncDef, RefType),
-    {drop,
-     "<dd><a href=\"" ++ HRef ++ "\"><code>" ++
-     ShortFuncDef ++ "</code></a></dd>\n"};
-
-rule([funcdef| _], {_, [File, RefType|_], [{pcdata, [], FuncDef}]}) ->
-    FFuncDef = lists:flatten(docb_html_util:pcdata_to_html(FuncDef)),
-    TFuncDef = docb_util:trim(FFuncDef),
-    ShortFuncDef = docb_html_util:make_funcdef_short(TFuncDef, RefType),
-    HRef =
-	docb_html_util:make_anchor_href_short(File, TFuncDef, RefType),
-    CFile = docb_html_util:attribute_cdata_to_html(File),
-    {drop,
-     "<dt><code>" ++ ShortFuncDef ++ "</code></dt>\n"
-     "<dd><a href=\"" ++ HRef ++ "\"><em>" ++
-     CFile ++ "</em></a></dd>\n"};
-
-rule(_, _) ->
-    {drop, ""}.
-
-filename_sort_order(File) ->
-    docb_html_util:html_latin1_sort_order(
-      lists:flatten(
-	docb_html_util:attribute_cdata_to_html(string:strip(File)))).
-
-funcdef_sort_order(FuncDef, RefType) ->
-    docb_html_util:html_latin1_sort_order(
-      docb_html_util:make_anchor_name_short(FuncDef, RefType)).
diff --git a/lib/docbuilder/src/docb_tr_part2html.erl b/lib/docbuilder/src/docb_tr_part2html.erl
deleted file mode 100644
index 30befe8432..0000000000
--- a/lib/docbuilder/src/docb_tr_part2html.erl
+++ /dev/null
@@ -1,237 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License, 
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_part2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-transform(File, {part, _Attrs, [Header| Rest]}, Opts0) ->
-
-    %% Extract header data
-    Title = docb_html_util:extract_header_data(title, Header),
-
-    %% Create the framing HTML document
-    OutFile = docb_util:outfile(File ++ "_frame", ".html", Opts0),
-    case file:open(OutFile, [write]) of
-	{ok, Frame} ->
-	    io:format(Frame,
-"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Frameset//EN\"
-   \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd\">
-<!-- This document was generated using DocBuilder-" ++ docb_util:version() ++ " -->
-<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
-<head>
-  <title>~s</title>
-  " ++ docb_util:html_snippet(head,  Opts0) ++ "
-</head>
-<frameset cols=\"200, *\">
-  <frame src=\"~s\" name=\"toc\"/>
-  <frame src=\"~s\" name=\"document\"/>
-  <noframes>
-    <body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#0000FF\"
-          vlink=\"#FF00FF\" alink=\"#FF0000\">
-    <p>This documentation requires a browser that can handle frames</p>
-    </body>
-  </noframes>
-</frameset>
-</html>
-",
-		      [Title, File ++ ".html", File ++ "_first.html"]),
-	    file:close(Frame)
-    end,
-
-    %% Create the front HTML document
-    docb_main:transform(first, html, Opts0, File ++ "_first",
-			{first, [], [Header| Rest]}),
-
-    %% Extract files to include
-    Files =
-	case Rest of
-	    [{description, _, _}| NewRest] ->
-		lists:map(fun({include, [{_, _, F}], _}) -> filename:rootname(F) end,
-			  NewRest);
-	    [{include, _, _}| _NewRest] ->
-		lists:map(fun({include, [{_, _, F}], _}) -> filename:rootname(F) end, Rest)
-	end,
-
-    %% Concat all chapters into a *big* parse tree
-    %% Also transform them to HTML
-    TransformP = not docb_util:an_option(framework_only, Opts0),
-    TOpts = [dict, {part_application,File}],
-    ConcatTree = concat_files(Files, Opts0, TransformP, TOpts),
-
-    %% Create a cites dictionary
-    docb_main:transform(cite, html, Opts0, File ++ "_cite",
-			{cite, [], [Header| ConcatTree]}),
-
-    %% Create a terms dictionary
-    docb_main:transform(term, html, Opts0, File ++ "_term",
-			{term, [], [Header| ConcatTree]}),
-
-    %% Find all fascicules to be put in the top menu of the table of
-    %% contents
-    Ext = docb_util:lookup_option(src_type, Opts0),
-    Opts2 =
-	case filelib:is_regular("fascicules"++Ext) of
-	    true ->
-		case docb_main:parse1("fascicules", Opts0) of
-		    {ok, Parse} ->
-			FascData = get_fasc_data(Parse),
-			case lists:keyfind(File, 1, FascData) of
-			    {_, _, "YES", _} ->
-				OrigFile =
-				    docb_util:outfile(File++"_frame",
-						      ".html", Opts0),
-				EntryFile =
-				    docb_util:outfile("index",
-						      ".html", Opts0),
-				docb_util:message(info,
-						  "Copying ~s to ~s",
-						  [OrigFile,EntryFile]),
-				file:copy(OrigFile, EntryFile);
-			    _ ->
-				ok
-			end,
-			[{fascdata, FascData}| Opts0];
-		    errors ->
-			%% do not bother
-			docb_util:message(
-			  warning,
-			  "fascicules~s could not be parsed,"
-			  " no index.html created~n", [Ext]),
-			Opts0
-		end;
-	    _ ->
-		%% do not bother
-		docb_util:message(warning,
-				  "fascicules~s not found, "
-				  "no index.html created~n",
-				  [Ext]),
-		Opts0
-	end,
-
-    %% Create ToC parse tree
-    {{toc, [{"FILE", "CDATA", File}], [Header| ConcatTree]}, Opts2}.
-
-concat_files(Files, Opts, TransformP, TOpts) ->
-    Ext = docb_util:lookup_option(src_type, Opts),
-    concat_files(Files, [], 1, Opts, TransformP, TOpts, Ext).
-
-concat_files([File | Rest], Body, ChLevel, Opts, TP, TOpts, Ext) ->
-    case docb_main:parse1(File, Opts) of
-	{ok, Parse} ->
-	    {TopTag, Attrs, [Header = {header, _, HeaderContents} | More]} = Parse,
-	    {title,_,Title} = lists:keyfind(title,1,HeaderContents),
-	    NewMore = [{section, [], [{title, [], Title}| More]}],
-	    NewParse = {TopTag, Attrs, [Header| NewMore]},
-	    if
-		TP ->
-		    docb_util:message(info,
-				      "Processing \"~s~s\"",
-				      [File, Ext]),
-		    Opts2 =
-			[html, {number,integer_to_list(ChLevel)}] ++
-			TOpts ++ Opts,
-		    docb_main:transform(TopTag, html, Opts2, File,
-					NewParse);
-		true -> ignore
-	    end,
-	    NumberTree =
-		docb_html_util:number(NewParse,
-				      integer_to_list(ChLevel), File),
-	    {_, [], [_| NewBody]} = NumberTree,
-	    Body ++ concat_files(Rest, NewBody, ChLevel+1, Opts,
-				 TP, TOpts, Ext);
-	errors ->
-	    throw({error,"Parse error when building chapter "++File})
-    end;
-concat_files([], Body, _ChLevel, _Opts, _TP, _TOpts, _Ext) ->
-    Body.
-
-rule([section| _], _) ->
-    {"", ""};
-
-rule(_, _) ->
-    {drop, ""}.
-
-rule([toc| _], {_Depth, [File], [Header| _]}, Opts) ->
-    case docb_util:lookup_option(fascdata, Opts) of
-	false ->
-	    {{docb_html_layout:part_toc_top(
-		docb_html_util:all_header_data(Header), File, Opts),
-	      docb_html_layout:part_toc_bot()}, Opts};
-	FascData ->
-	    HRefTexts =
-		lists:map(
-		  fun({_File, HRef, _Entry, PCText}) ->
-			  {HRef, docb_html_util:pcdata_to_html(PCText)}
-		  end,
-		  FascData),
-	    {{docb_html_layout:part_toc_top(
-		docb_html_util:all_header_data(Header),
-		File, Opts, HRefTexts),
-	     docb_html_layout:part_toc_bot()}, Opts}
-    end;
-
-rule([title| Rest], {_, [Number, File], [{pcdata, _, Title}]}, Opts) ->
-    N = docb_html_util:count_sections(Rest),
-    OutFile = docb_html_util:make_anchor_href(File),
-    if
-	N == 1 ->
-	    {{drop,
-	      "<hr/>\n<small>" ++
-	      Number ++
-	      " <a target=\"document\" href=\"" ++ OutFile ++ "#" ++
-	      Number ++ "\">" ++
-	      docb_html_util:pcdata_to_html(Title) ++
-	      "</a></small><br/>\n"},
-	     Opts};
-	N < 3 ->
-	    {{drop,
-	      "<small>" ++
-	      Number ++
-	      " <a target=\"document\" href=\"" ++ OutFile ++ "#" ++
-	      Number ++ "\">" ++
-	      docb_html_util:pcdata_to_html(Title) ++
-	      "</a></small><br/>\n"},
-	     Opts};
-	true ->
-	    {{drop, ""}, Opts}
-    end.
-
-%% Parsed fascicules:
-%%   {fascicules,[],
-%%    [{fascicule, [{"FILE","CDATA","refman"},
-%%                  {"HREF","CDATA","refman_frame.html"},
-%%                  {"ENTRY","TOKEN","YES"}],
-%%                 [{pcdata, [], ""    Reference  Manual\\n  \n"}]},
-%% Returns: [{File, HRef, Entry, Text}].
-get_fasc_data({fascicules, _, Fascs}) ->
-    lists:map(
-      fun({fascicule, Atts, Trees}) -> 
-	      AVals = get_avals(Atts),
-	      PCText = get_pc_text(Trees),
-	      list_to_tuple(lists:append([AVals, [PCText]])) end,
-      Fascs).
-
-get_avals(Atts) ->
-    [element(3, Tuple) || Tuple <- Atts].
-
-get_pc_text([{pcdata, _, Text}]) ->
-    Text.
diff --git a/lib/docbuilder/src/docb_tr_refs2kwic.erl b/lib/docbuilder/src/docb_tr_refs2kwic.erl
deleted file mode 100644
index dc60c329fc..0000000000
--- a/lib/docbuilder/src/docb_tr_refs2kwic.erl
+++ /dev/null
@@ -1,156 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_refs2kwic).
-
--export([extension/0, transform/3, rule/2]).
-
-%% Output parts of a parsetree that contains a series of reference
-%% manual pages. The tags considered are: module, file, app, com and lib
-%% (and their corresponding *summary tags), and name, fsummary, c, em,
-%% ret and pcdata.
-
-extension() ->
-    ".kwc".
-
-transform(File, Tree, Opts) -> 
-    {refs, [], Trees} = Tree,
-    FileTree = {srcfile, [], [{pcdata, [], File}]},
-    AppName = docb_util:lookup_option(name, Opts, "unknown"),
-    AppTree = {appname, [], [{pcdata, [], AppName}]},
-    Vsn = docb_util:lookup_option(vsn, Opts, "unknown"),
-    VsnTree = {appvsn, [], [{pcdata, [], Vsn}]},
-    NewTree = {refs, [], [FileTree, AppTree, VsnTree| Trees]},
-    {NewTree, Opts}.
-
-rule([refs|_],_) ->
-    {"%% Automatically generated. Do not edit.\n", ""};
-
-rule([srcfile| _], _) ->
-    {"{srcfile, \"", "\"}.\n"};
-
-rule([appname| _], _) ->
-    {"{appname, \"", "\"}.\n"};
-
-rule([appvsn| _], _) ->
-    {"{appvsn, \"", "\"}.\n"};
-
-rule([erlref|_ ], _) ->
-    {"", ""};
-
-rule([fileref|_ ], _) ->
-    {"", ""};
-
-rule([appref|_ ], _) ->
-    {"", ""};
-
-rule([comref|_ ], _) ->
-    {"", ""};
-
-rule([cref|_ ], _) ->
-    {"", ""};
-
-rule([module| _], {_, [File], _}) ->
-    {drop, "{module, \"" ++ File ++ "\"}.\n"};
-
-rule([file|_], {_, [File], _}) ->
-    {drop, "{file, \"" ++ File ++ "\"}.\n"};
-
-rule([app|_], {_, [File], _}) ->
-    {drop, "{app, \"" ++ File ++ "\"}.\n"};
-
-rule([com|_], {_, [File], _}) ->
-    {drop, "{com, \"" ++ File ++ "\"}.\n"};
-
-rule([lib|_], {_, [File], _}) ->
-    {drop, "{lib, \"" ++ File ++ "\"}.\n"};
-
-rule([modulesummary|_], _) ->
-    {"{modulesummary, \"", "\"}.\n"};
-
-rule([filesummary|_], _) ->
-    {"{filesummary, \"", "\"}.\n"};
-
-rule([appsummary|_], _) ->
-    {"{appsummary, \"", "\"}.\n"};
-
-rule([comsummary|_], _) ->
-    {"{comsummary, \"", "\"}.\n"};
-
-rule([libsummary|_], _) ->
-    {"{libsummary, \"", "\"}.\n"};
-
-rule([funcs|_ ], _) ->
-    {"", ""};
-
-rule([func|_ ], _) ->
-    {"", ""};
-
-rule([name,func,funcs,cref|_], {_,[_File], [_Ret,{pcdata,[],Name}]}) ->
-    FName = lists:flatten(docb_html_util:pcdata_to_html(Name)),
-    TName = docb_util:trim(FName), 
-    case catch docb_util:fknidx(TName, "/") of
-	{'EXIT',_} ->
-	    {drop, ["{name, \"", escq(TName), "\"}.\n"]};
-	FuncName ->
-	    {drop, ["{name, \"", escq(FuncName), "\"}.\n"]}
-    end;
-
-rule([name,func,funcs,erlref|_], {_,[_File], [{pcdata,[],Name}]}) ->
-    FName = lists:flatten(docb_html_util:pcdata_to_html(Name)),
-    TName = docb_util:trim(FName), 
-    case catch docb_util:fknidx(TName, "/") of
-	{'EXIT',_} ->
-	    {drop, ["{name, \"", escq(TName), "\"}.\n"]};
-	FuncName ->
-	    {drop, ["{name, \"", escq(FuncName), "\"}.\n"]}
-    end;
-
-rule([name, func| _], {_, [_File], [{pcdata, [], Name}]}) ->
-    FName = lists:flatten(docb_html_util:pcdata_to_html(Name)),
-    TName = docb_util:trim(FName), 
-    Cmd = case string:tokens(TName, " ") of
-	      [Cmd0| _] ->
-		  Cmd0;
-	      _ ->
-		  TName
-	  end,
-    {drop, ["{name, \"", escq(Cmd), "\"}.\n"]};
-
-rule([fsummary| _], _) ->
-    {"{fsummary, \"", "\"}.\n"}; 
-
-rule([c, fsummary|_], _) ->
-    {"", ""};
-
-rule([em, fsummary|_], _) ->
-    {"", ""};
-
-rule([pcdata| _], {_, _, Data}) ->
-    FData = lists:flatten(docb_html_util:pcdata_to_html(Data)),
-    Out = lists:map(fun($\n) -> $ ; (C) -> C end, FData),
-    {drop, escq(Out)};
-
-rule(_, _) ->
-  {drop, ""}.
-
-escq(Cs) ->
-    lists:flatmap(fun($") -> 
-			  "\\\"";
-		      (C) -> [C]
-		  end,
-		  Cs).
diff --git a/lib/docbuilder/src/docb_tr_report2html.erl b/lib/docbuilder/src/docb_tr_report2html.erl
deleted file mode 100644
index 3386ed972a..0000000000
--- a/lib/docbuilder/src/docb_tr_report2html.erl
+++ /dev/null
@@ -1,70 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_report2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-%%
-%% File extension
-%%
-
-extension() ->
-  ".html".
-
-transform(File, {report,_,[Header|Rest]}, Opts) ->
-    Data = [{[], [], docb_html_util:all_header_data(Header)}],
-    Tree = {report, Data, [{header,[],[]}|Rest]},
-    ChapterLevel = case docb_util:lookup_option(number, Opts) of
-		       false -> none;
-		       Value -> Value
-		   end,
-    NumberTree = docb_html_util:number(Tree, ChapterLevel, File),
-    options(NumberTree, Opts).
-
-options(Tree, []) ->
-    Tree;
-options(Tree, [_|Rest]) ->
-    options(Tree, Rest).
-
-rule([header|_], _) ->
-    {drop, ""};
-
-rule([toc|_], {_,_,ToC}) ->
-    {drop, "\n<h3>Table of Contents</h3>\n" ++
-     docb_html_util:format_toc(ToC) ++ "\n"};
-
-rule([section|_], _) ->
-    {"", ""};
-
-rule([title|Rest], {_,[Number,_File], [{pcdata,_,Title}]}) ->
-    N = integer_to_list(docb_html_util:count_sections(Rest)+1),
-    {drop, "\n<h" ++ N ++ ">" ++ Number ++ " " ++
-     docb_html_util:pcdata_to_html(Title) ++ "</h" ++ N ++ ">\n"};
-
-rule([erlinclude|_], {_,[File,Tag],_}) ->
-    docb_html_util:erl_include(File, Tag);
-
-rule(TagHistory, TagBody) ->
-    docb_html:rule(TagHistory, TagBody).
-
-rule([report|_], {_,[Data],_}, Opts) ->
-    {{docb_html_layout:report_top(Data, Opts),
-      docb_html_layout:report_bot(Opts)}, Opts};
-
-rule(TagHistory, TagBody, Opts) ->
-    docb_html:rule(TagHistory, TagBody, Opts).
diff --git a/lib/docbuilder/src/docb_tr_term2html.erl b/lib/docbuilder/src/docb_tr_term2html.erl
deleted file mode 100644
index a3c4a5312a..0000000000
--- a/lib/docbuilder/src/docb_tr_term2html.erl
+++ /dev/null
@@ -1,124 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_tr_term2html).
-
--export([extension/0, transform/3, rule/2, rule/3]).
-
-extension() ->
-    ".html".
-
-transform(_File, Tree, Opts) ->
-    purge(Tree, Opts).
-  
-purge({Tag, Attrs, [Header|Body]}, Opts) ->
-    TermList = case docb_util:lookup_option({defs,term}, Opts) of
-		   false -> [];
-		   Value  -> Value
-	       end,
-    B1 = purge_body(Body, TermList),
-    B2 = lists:ukeysort(2, B1),
-    {Tag, Attrs, [Header|B2]}.
-
-purge_body([], _) ->
-    [];
-purge_body([{pcdata,_Attrs,_More}|Rest], TermList) ->
-    purge_body(Rest, TermList);
-purge_body([{term,[{"ID","CDATA",ID}],More}|Rest], TermList) ->
-    case lists:keyfind(ID, 1, TermList) of
-	false ->
-	    [{term,[{"NAME","CDATA",ID},{"ID","CDATA",ID}],More}|
-	     purge_body(Rest, TermList)];
-	{ID, Name, _Description, _Responsible} ->
-	    [{term,[{"NAME","CDATA",Name},{"ID","CDATA",ID}],More}|
-	     purge_body(Rest, TermList)];
-	{ID, Name, _Description} ->
-	    [{term,[{"NAME","CDATA",Name},{"ID","CDATA",ID}],More}|
-	     purge_body(Rest, TermList)]
-    end;
-purge_body([{_Tag,_Attrs,More}|Rest], TermList) ->
-    purge_body(More, TermList) ++ purge_body(Rest, TermList).
-
-rule([header|_], _) ->
-    {drop, ""};
-rule(_, _) ->
-    {drop, ""}.
-
-rule([term|_], {_,[],[Header]}, Opts) ->
-    {{docb_html_layout:chapter_top(
-	docb_html_util:all_header_data(Header), Opts) ++
-      "\n<center><h1>Glossary</h1></center>\n",
-      docb_html_layout:chapter_bot(Opts)}, Opts};
-
-rule([term|_], {_,[],[Header|_]},Opts) ->
-    {{docb_html_layout:chapter_top(
-	docb_html_util:all_header_data(Header), Opts) ++
-      "\n<center><h1>Glossary</h1></center>\n<dl>\n",
-      "\n</dl>\n" ++ docb_html_layout:chapter_bot(Opts)}, Opts};
-
-rule([term|_], {_,[Data],_}, Opts) ->
-    {{docb_html_layout:chapter_top(Data, Opts) ++
-      "\n<center><h1>Bibliography</h1></center>\n<dl>\n",
-      "\n</dl>\n" ++ docb_html_layout:chapter_bot(Opts)}, Opts};
-
-rule([term|_], {_,[Name,ID],[{termdef,[],[{pcdata,[],Def}]}]}, Opts) ->
-    TermList = case docb_util:lookup_option({defs,term}, Opts) of
-		   false -> [];
-		   Value  -> Value
-	       end,
-    case lists:keyfind(ID, 1, TermList) of
-	false ->
-	    {{drop,"\n<dt><a name=\"" ++ ID ++ "\">" ++ 
-	      "<strong>" ++ ID ++ "</strong></a>\n</dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Def) ++ "\n</dd>\n"}, Opts};
-	{ID, Name, Description, _Responsible} ->
-	    docb_util:message(warning,
-			      "Global term ~s overriding local", [ID]),
-	    {{drop,"\n<dt><a name=\"" ++ ID ++ "\">" ++
-	      "<strong>" ++ Name ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Description) ++ "\n</dd>\n"},
-	     Opts};
-	{ID, Name, Description} ->
-	    docb_util:message(warning,
-			      "Global term ~s overriding local", [ID]),
-	    {{drop, "\n<dt><a name=\"" ++ ID ++ "\">" ++ 
-	      "<strong>" ++ Name ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Description) ++ "\n</dd>\n"}, Opts}
-    end;
-
-rule([term|_], {_,[Name,ID],_}, Opts) ->
-    TermList = case docb_util:lookup_option({defs,term}, Opts) of
-		   false -> [];
-		   Value  -> Value
-	       end,
-    case lists:keyfind(ID, 1, TermList) of
-	false ->
-	    docb_util:message(error,
-			      "The term ~s has no definition", [ID]),
-	    {{drop, "\n<dt><a name=\"" ++ ID ++ "\">" ++ 
-	      "<strong>" ++ ID ++ "</strong></a></dt>\n<dd>" ++
-	      "??" ++ "\n</dd>\n"}, Opts};
-	{ID, Name, Description, _Responsible} ->
-	    {{drop, "\n<dt><a name=\"" ++ ID ++ "\">" ++
-	      "<strong>" ++ Name ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Description) ++ "\n</dd>\n"},
-	     Opts};
-	{ID, Name, Description} ->
-	    {{drop, "\n<dt><a name=\"" ++ ID ++ "\">" ++ 
-	      "<strong>" ++ Name ++ "</strong></a></dt>\n<dd>" ++
-	      docb_html_util:pcdata_to_html(Description) ++ "\n</dd>\n"}, Opts}
-    end.
diff --git a/lib/docbuilder/src/docb_transform.erl b/lib/docbuilder/src/docb_transform.erl
deleted file mode 100644
index 736ac92274..0000000000
--- a/lib/docbuilder/src/docb_transform.erl
+++ /dev/null
@@ -1,163 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_transform).
-
--export([file/1, file/2]).
--deprecated([{file,1,next_major_release},
-	     {file,2,next_major_release}]).
-
-%% file(File) -> ok | {error, Reason}
-%% file(File, Opts) -> ok | {error, Reason}
-%%   File = string(), file name with or without ".xml" extension
-%%   Opts = [Opt]
-%%   Reason = badfile | {badopt, Term}
-file(File0) ->
-    file(File0, []).
-file(File0, RawOpts) ->
-    File = filename:rootname(File0), % without extension
-    Ext = case filename:extension(File0) of
-	      ".xml" -> ".xml";
-	      ".sgml" -> ".sgml";
-	      "" ->
-		  %% If the file is given without extension, we try to
-		  %% infer if the source file is XML or SGML.
-		  %% SGML is supported *internally within OTP* for
-		  %% backwards compatibility reasons.
-		  case filelib:is_regular(File++".xml") of
-		      true -> ".xml";
-		      false -> ".sgml"
-		  end;
-	      _Ext0 -> % this is probably an error...
-		  ".xml"
-	  end,
-    case filelib:is_regular(File++Ext) of
-	true ->
-	    case parse(RawOpts) of
-		{ok, Opts0} ->
-		    {ok, Cwd} = file:get_cwd(),
-		    Opts = [{src_type,Ext},
-			    {src_dir,Cwd},
-			    {src_file,File},
-			    {{local_defs,term},[]},
-			    {{local_defs,cite},[]} | Opts0],
-		    case docb_main:process(File, Opts) of
-			errors -> error;
-			ok -> ok
-		    end;
-		Error -> % {error, {badopt,Term}}
-		    Error
-	    end;
-	false ->
-	    {error, badfile}
-    end.
-
-parse(RawOpts) ->
-    parse(RawOpts, []).
-
-%% Officially supported options
-
-parse([{html_mod,Module} | RawOpts], Opts) when is_atom(Module) ->
-    parse(RawOpts, [{html_mod,Module} | Opts]);
-parse([{outdir,Dir} | RawOpts], Opts) when is_list(Dir) ->
-    parse(RawOpts, [{outdir,Dir} | Opts]);
-parse([{number,N} | RawOpts], Opts) when is_integer(N) ->
-    parse(RawOpts, [{number,integer_to_list(N)} | Opts]);
-parse([{number,Nstr} | RawOpts], Opts) -> % list when called from script
-    parse(RawOpts, [{number,Nstr} | Opts]);
-parse([{ptype,Type} | RawOpts], Opts) when Type==unix;
-					   Type==windows ->
-    parse(RawOpts, [{ptype,atom_to_list(Type)} | Opts]);
-parse([{ptype,Type} | RawOpts], Opts) -> % list when called from script
-    parse(RawOpts, [{ptype,Type} | Opts]);
-parse([silent | RawOpts], Opts) ->
-    put(option_silent, true),
-    parse(RawOpts, [silent | Opts]);
-parse([{top,Index} | RawOpts], Opts) when is_list(Index) ->
-    parse(RawOpts, [{top,Index} | Opts]);
-parse([{vsn,Vsn} | RawOpts], Opts) when is_list(Vsn) ->
-    parse(RawOpts, [{vsn,Vsn} | Opts]);
-
-parse([{term_defs,File} | RawOpts], Opts) when is_list(File) ->
-    Opts2 = get_defs(term, File, Opts),
-    parse(RawOpts, Opts2);
-parse([{cite_defs,File} | RawOpts], Opts) when is_list(File) ->
-    Opts2 = get_defs(cite, File, Opts),
-    parse(RawOpts, Opts2);
-
-%% OTP internal options (SGML and PDF support etc.)
-
-parse([html | RawOpts], Opts) ->
-    parse(RawOpts, [html | Opts]);
-parse([latex | RawOpts], Opts) ->
-    parse(RawOpts, [latex | Opts]);
-parse([{man,Level} | RawOpts], Opts) -> % Level = 1..9
-    parse(RawOpts, [{man,Level} | Opts]);
-
-parse([{booksty,StyFile} | RawOpts], Opts) -> % "otpA4" | "otpBOOK"
-    parse(RawOpts, [{booksty,StyFile} | Opts]);
-parse([{includepath,Dir} | RawOpts], Opts) ->
-    parse(RawOpts, [{includepath,Dir} | Opts]);
-parse([showpaths | RawOpts], Opts) ->
-    parse(RawOpts, [showpaths | Opts]);
-parse([straight | RawOpts], Opts) ->
-    parse(RawOpts, [straight | Opts]);
-parse([{ent,Ent} | RawOpts], Opts) ->
-    parse(RawOpts, [{ent,Ent} | Opts]);
-
-%% Undocumented options
-
-parse([{name, Name} | RawOpts], Opts) ->
-    parse(RawOpts, [{name, Name} | Opts]);
-parse([framework_only | RawOpts], Opts) ->
-    parse(RawOpts, [framework_only | Opts]);
-parse([kwicindex_only | RawOpts], Opts) ->
-    parse(RawOpts, [kwicindex_only | Opts]);
-
-parse([], Opts) ->
-    {ok, Opts};
-parse([Opt | _RawOpts], _Opts) ->
-    {error, {badopt, Opt}}.
-
-%% Type = term | cite
-get_defs(Type, File, Opts) ->
-    Key = {defs,Type},
-    {PrevDefs, Opts2} =
-	case lists:keyfind(Key, 1, Opts) of
-	    {_, Defs0} ->
-		{Defs0, lists:keydelete(Key, 1, Opts)};
-	    false ->
-		{[], Opts}
-	end,
-    NewDefs = case file:consult(File) of
-		  {ok, [DefL]} when is_list(DefL) ->
-		      DefL;
-		  {ok, _Terms} ->
-		      docb_util:message(error,
-					"Skipping defs file ~s, does "
-					"not contain one list", [File]),
-		      [];
-		  {error, Error} ->
-		      Expl = lists:flatten(file:format_error(Error)),
-		      docb_util:message(error,
-					"Skipping defs file ~s, ~s",
-					[File, Expl]),
-		      []
-	      end,
-    [{Key,PrevDefs++NewDefs} | Opts2].
-	    
-    
diff --git a/lib/docbuilder/src/docb_util.erl b/lib/docbuilder/src/docb_util.erl
deleted file mode 100644
index 9b2eec7733..0000000000
--- a/lib/docbuilder/src/docb_util.erl
+++ /dev/null
@@ -1,237 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_util).  
-
--export([version/0, old_docb_dir/0, dtd_dir/0]).
--export([html_snippet/2, html_snippet/3]).
--export([lookup_option/2, lookup_option/3, lookup_options/2,
-	 an_option/2]).
--export([outfile/3, full_file_name/4]).
--export([message/2, message/3]).
--export([ltrim/1, rtrim/1, trim/1]).
--export([join/2]).
--export([fknidx/2]).
-
--include("docb_util.hrl").
-
-%%--DocBuilder info-----------------------------------------------------
-
-%% version() -> string()
-%% Returns the DocBuilder application version.
-version() ->
-    DocbDir = code:lib_dir(docbuilder),
-    case string:tokens(filename:basename(DocbDir), "-") of
-	[_, Vsn] -> Vsn;
-	_ -> "unknown"
-    end.
-
-%% old_docb_dir() -> string()
-%% Returns the root directory of Old_DocBuilder (OTP internal).
-old_docb_dir() ->
-    "/home/otp/sgml/docb".
-
-%% dtd_dir() -> string()
-%% Returns the directory where the XML DTDs are located.
-dtd_dir() ->
-    DocbDir = code:lib_dir(docbuilder),
-    filename:join(DocbDir, "dtd").
-
-%%--User defined HTML snippets------------------------------------------
-
-%% html_snippet(What, Opts) -> HTML
-%% html_snippet(What, Arg, Opts) -> HTML
-%%   What = head | seealso
-%%   HTML = string()
-html_snippet(What, Opts) ->
-    case lookup_option(html_mod, Opts) of
-	false -> "";
-	Module ->
-	    case catch Module:What() of
-		HTML when is_list(HTML) ->
-		    HTML;
-		{'EXIT', {undef, _}} ->
-		    "";
-		{'EXIT', Reason} ->
-		    message(warning,
-			    "Callback function ~p:~p() => ~p",
-			    [Module, What, Reason]),
-		    "";
-		Other ->
-		    message(warning,
-			    "Callback function ~p:~p() => ~p",
-			    [Module, What, Other]),
-		    ""
-	    end
-    end.
-html_snippet(What, Arg, Opts) ->
-    case lookup_option(html_mod, Opts) of
-	false -> "";
-	Module ->
-	    case catch Module:What(Arg) of
-		HTML when is_list(HTML) ->
-		    HTML;
-		{'EXIT', {undef, _}} ->
-		    "";
-		{'EXIT', Reason} ->
-		    message(warning,
-			    "Callback function ~p:~p(~p) => ~p",
-			    [Module, What, Arg, Reason]),
-		    "";
-		Other ->
-		    message(warning,
-			    "Callback function ~p:~p(~p) => ~p",
-			    [Module, What, Arg, Other]),
-		    ""
-	    end
-    end.
-
-%%--Option utilities----------------------------------------------------
-
-%% Opts = [{Opt,Value} | Opt]
-
-%% lookup_option(Opt, Opts) -> Value | false
-lookup_option(Opt, Opts) ->
-  case lists:keyfind(Opt, 1, Opts) of
-      {Opt,Value} -> Value;
-      false -> false
-  end.
-
-%% lookup_option(Opt, Opts, DefaultValue) -> Value | DefaultValue
-lookup_option(Opt, Opts, DefaultValue) ->
-    case lookup_option(Opt,Opts) of
-	false -> DefaultValue;
-	Value -> Value
-    end.
-
-%% lookup_options(Opt, Opts) -> [Value]
-%% Used when the same option can be defined several times and returns
-%% the (possibly empty) list of values.
-lookup_options(Opt, Opts) ->
-    [V || {O, V} <- Opts, O == Opt].
-
-%% an_option(Opt, Opts) -> bool()
-an_option(Opt, Opts) ->
-    lists:member(Opt, Opts).
-
-%%--File handling-------------------------------------------------------
-
-%% outfile(File0, Extension, Opts) -> File
-%% Build the full filename for where to place a resulting file.
-outfile(File0, Extension, Opts) ->
-    File =
-	case regexp:match(File0, "[^/]*\$") of
-	    {match,Start,Length} ->
-		string:substr(File0, Start, Length);
-	    _ ->
-		File0
-	end,
-    full_file_name(File, Extension, outdir, Opts).
-
-%% full_file_name(File, Extension, What, Opts) -> File'
-%%   File = string()
-%%   What = outdir | includepath
-%% Prepend the full path name.
-full_file_name(File, Extension, What, Opts) ->
-    Path = lookup_option(What, Opts, ""),
-    full_file_name(File, Extension, Path).
-
-full_file_name(File0, Extension, Path) ->
-    File = case filename:extension(File0) of
-	       Extension -> File0;
-	       _ -> File0++Extension
-	   end,
-
-    case File of
-	[$/|_] -> File;
-	[$~|_] -> File;
-	_ when Path=/="" -> filename:join(Path, File);
-	_ -> File
-    end.
-
-%%--Messages to the user------------------------------------------------
-
-%% message(Class, Format)
-%% message(Class, Format, Values) -> ok
-%%   Class = info | warning | error
-%%   Format, Values -- as in io:format/2
-%% Prints a warning or error message.
-%% Call as util:message(warning, "~w is undefined", [foo]).
-message(Class, Format) ->
-    message(Class, Format, []).
-message(Class, Format, Values) ->
-    Prefix = case Class of
-		 info -> "";
-		 warning -> "*** Warning: ";
-		 error -> "*** Error: "
-	    end,
-    case get(option_silent) of
-	true when Class==warning ->
-	    ok;
-	_ ->
-	    io:format(Prefix, []),
-	    io:format(Format, Values),
-	    io:nl()
-    end.
-
-%%--String handling-----------------------------------------------------
-
-%% ltrim(Str) -> Str'
-%% rtrim(Str) -> Str'
-%% trim(Str) -> Str'
-%% Strips whitespace from left, right or both.
-ltrim(Str) ->
-    lists:dropwhile(fun white_space/1, Str).
-rtrim(Str) ->
-    lists:reverse(ltrim(lists:reverse(Str))).
-trim(Str) ->
-    rtrim(ltrim(Str)).
-
-white_space($ ) -> true;
-white_space(C) when C<$  -> true;
-white_space($\n) -> true;
-white_space($\t) -> true;
-white_space(_) -> false.
-
-%% join(Strings, With) -> string()
-join([H1, H2| T], S) ->
-        H1 ++ S ++ join([H2| T], S);
-join([H], _) ->
-    H;
-join([], _) ->
-    [].
-
-%%--Other---------------------------------------------------------------
-
-%% fknidx(FNdef0, Fn_arity_sep) -> string()
-%% Get me the function name and arity.
-fknidx(FNdef0, Fn_arity_sep) ->
-    FNdef = string:strip(FNdef0),
-    case string:tokens(FNdef,"(") of
-	[FNdef] ->
-	    %% No parentheses, assume variable: remove nl:s at end,
-	    %% and strip blanks.
-	    string:strip(string:strip(FNdef, right, $\n));
-	[Name0|Args0] ->
-	    [Args1|_] = string:tokens(string:strip(hd(Args0)), "-"),
-	    Arity = case Args1 of
-			[$)|_] -> 0;
-			_ ->
-			    length(string:tokens(Args1, ","))
-		    end,
-	    string:strip(Name0)++Fn_arity_sep++integer_to_list(Arity)
-    end.
diff --git a/lib/docbuilder/src/docb_util.hrl b/lib/docbuilder/src/docb_util.hrl
deleted file mode 100644
index 01ef3f7fca..0000000000
--- a/lib/docbuilder/src/docb_util.hrl
+++ /dev/null
@@ -1,34 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
-
-%%% For character conversion
-
--record(in_opts, {expand_entities=false,
-		  encode_filter = fun(X) -> X end}).
--record(out_opts, {escape_chars=false,
-		   remove_nl=false,
-		   delete_trailing_whitespace=false,
-		   delete_trailing_nl=false,
-		   compress_white_space=false,
-		   escape_filter = fun(X) -> X end}).
-
-
--define(pcdata_IN, #in_opts{expand_entities=true}).
--define(rcdata_IN, #in_opts{expand_entities=true}).
--define(cdata_IN,  #in_opts{}).
-
diff --git a/lib/docbuilder/src/docb_xmerl_tree_cb.erl b/lib/docbuilder/src/docb_xmerl_tree_cb.erl
deleted file mode 100644
index bc62069230..0000000000
--- a/lib/docbuilder/src/docb_xmerl_tree_cb.erl
+++ /dev/null
@@ -1,343 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the Licence for the specific language governing rights and limitations
-%% under the License.
-%%
-%% The Initial Developer of the Original Code is Ericsson AB.
-%% Portions created by Ericsson are Copyright 1999-2006, Ericsson AB.
-%% All Rights Reserved.��
-%%
-%%     $Id$
-%%
--module(docb_xmerl_tree_cb).
-
-%% This is the XMerL callback module for exporting XML to the internal
-%% tree format used by DocBuilder.
-%%   {Doc, _Misc} = xmerl_scan:file("file.xml", [{validation,true}])
-%%   Tree = xmerl:export([Doc], docb_xmerl_tree_cb)
-
--export(['#xml-inheritance#'/0]).
-
--export(['#root#'/4,
-	 '#text#'/1,
-	 '#element#'/5]).
--include("xmerl.hrl").
-
-%%--Functions used by xmerl---------------------------------------------
-
-'#xml-inheritance#'() ->
-    [].
-
-'#root#'(Data, _Attrs, [], _E) ->
-    Data.
-
-'#text#'(Text) ->
-    Text2 = strip_leading_blanks(Text),
-%% before
-%%    case Text2 of
-%%	[$\n|T] ->
-%%	    case is_empty(T) of 
-%%		true -> [];
-%%		false -> {pcdata, [], nl(Text2)}
-%%	    end;
-%%
-%%	_ ->
-%%	    {pcdata, [], nl(Text2)}
-%%    end.
-%% after
-    {pcdata, [], nl(Text2)}.
-
-'#element#'(Tag, Data, Attrs, Parents, _E) when Tag==pre; Tag==code ->
-    [H|T] = reinsert_nl(Data),
-    NewData = [strip_nl(H)|T],
-    NewData2 = case Tag of
-		   code ->
-		       fix_single_pcdata(NewData);
-		   pre ->
-		       NewData
-	       end,
-    {Tag, attrs(get_dtd(Parents), Tag, Attrs), NewData2};
-'#element#'(Tag, Data, Attrs, Parents, _E) ->
-    NewData = case tag_content(Tag) of
-		  no_pcdata -> % remove all pcdata
-		      [Dat|| 
-			  Dat <- Data, 
-			  begin 
-			      Fun = fun({pcdata,_,_}) -> false;
-				       (_) -> true end,
-			      Fun(Dat)
-			  end];
-		  single_pcdata when length(Data)>1 -> 
-		      %% merge several pcdata's into one single pcdata
-		      fix_single_pcdata(Data);
-		  _ ->
-		      lists:flatten(Data)
-	      end,
-    {Tag, attrs(get_dtd(Parents), Tag, Attrs), NewData}. 
-
-%%--Internal functions--------------------------------------------------
-
-%% is_empty(Str) -> bool()
-%% Returns true if the string Str only contains blanks, tabs and
-%% newlines, false otherwise.
-%% is_empty("\n" ++ Text) ->
-%%     is_empty(Text);
-%% is_empty("\t" ++ Text) ->
-%%     is_empty(Text);
-%% is_empty(" " ++ Text) ->
-%%     is_empty(Text);
-%% is_empty("") ->
-%%     true;
-%% is_empty(_) ->
-%%     false.
-
-%% reinsert_nl(L1) -> L2
-%% Workaround for <pre>: Normally empty lines are ignored. However,
-%% Xmerl splits lines whenever it encounters an entity. In the case of
-%% <pre>, this may lead to that we ignores what we think is an empty
-%% line but is actually a line break that should be kept, for example
-%% in this case:
-%% <pre>
-%%   <input>some command</input> <-- this line break is lost!
-%%   &lt;some result&gt;
-%% </pre>
-%% This function reinserts line breaks where necessary.
-reinsert_nl([[]|T]) ->
-    [{pcdata,[],"\\n"} | reinsert_nl(T)];
-reinsert_nl([H|T]) ->
-    [H | reinsert_nl(T)];
-reinsert_nl([]) ->
-    [].
-
-%% sgmls treats line breaks in a way that DocBuilder relies on and
-%% which must be imitated here. Replace all "\n" with "\\n" and add
-%% "\n" to the end of each text element.
-nl("") ->
-    "\n";
-nl("\n"++Text) ->
-    "\\n"++nl(Text);
-nl([Ch|Text]) ->
-    [Ch|nl(Text)].
-
-
-%% strip_leading_blanks(Str) -> Str
-%% Leading spaces and tabs before a newline are always redundant
-%% and are therefore stripped of here
-%% If no newline is found the original string is returned unchanged
-
-strip_leading_blanks(Str) ->
-    strip_leading_blanks(Str,Str).
-
-strip_leading_blanks([],Str) ->
-    Str;
-strip_leading_blanks([$\s|T],Str) ->
-    strip_leading_blanks(T,Str);
-strip_leading_blanks([$\t|T],Str) ->
-    strip_leading_blanks(T,Str);
-strip_leading_blanks(Rest=[$\n|_],_) ->
-    Rest;
-strip_leading_blanks(_,Str) ->
-    Str.
-
-%% strip_nl(Str) -> Str
-%% The XMerL scan will often result in the contents of <pre> or <code>
-%% starting with a newline, as the format is normally:
-%%   <pre>
-%%     ..contents..
-%%   </pre>
-%% However, this newline must be removed, or the resulting HTML will be
-%%   <pre>
-%%
-%%     ..content..
-%%   </pre>
-strip_nl({pcdata,[],"\\n"++Str}) -> {pcdata,[],Str};
-strip_nl(E) -> E.
-
-get_dtd([]) ->
-    none;
-get_dtd(Parents) ->
-    {DTD, _} = lists:last(Parents),
-    DTD.
-
-%% attrs(DTD, Tag, GivenAttrs) -> AllAttrs
-%%   DTD = Tag = atom()  DTD and tag name
-%%   GivenAttrs = [#xmlAttribute{}]
-%%   AllAttrs = [{Name, Type, Val}]
-%%     Name = string()  (uppercase) Example: "VALIGN"
-%%     Type = "CDATA" | "TOKEN"
-%%     Val  = string()  (uppercase if type is "TOKEN", as-is otherwise)
-%% The XMerL scanning of <file>.xml renders only the given attributes.
-%% However, DocBuilder needs also the optional attributes (which not
-%% necessarily have been given), so we add them here, using the default
-%% values according to the DTDs.
-%% NOTE: Uses the information from the DTDs. That is, if some change is
-%% done to the DTDs, also this file must be updated. Ideally, the DTDs
-%% should be parsed automatically in some way.
-%% It can also be noted that this check is superfluous in the case where
-%% all attributes are required (except that the attributes are sorted
-%% in the same order as in the DTD) and where an optional attribute has
-%% type "CDATA" as no sensible default value can be specified in this
-%% case.
-attrs(DTD, Tag, GivenAttrs) ->
-    merge_attrs(Tag, default_attrs(DTD, Tag), GivenAttrs).
-
-merge_attrs(Tag, [{NameA, Type, DefVal}|Default], GivenAttrs) ->
-    Val = case lists:keyfind(NameA, #xmlAttribute.name, GivenAttrs) of
-	      #xmlAttribute{value=Val0} -> Val0;
-	      false -> DefVal
-	  end,
-    Attr = {attr_name(NameA), Type, attr_val(Type, Val)},
-    [Attr | merge_attrs(Tag, Default, GivenAttrs)];
-merge_attrs(_Tag, [], _GivenAttrs) ->
-    [].
-
-attr_name(Atom) ->
-    string:to_upper(atom_to_list(Atom)).
-
-attr_val("CDATA", Val) -> Val;
-attr_val("TOKEN", Val) -> string:to_upper(Val).
-
-%% Given the DTD and element tag, return a list [{Name, Value}] where
-%% Name (atom) is the name of each possible attribute and
-%% Value (lowercase string) its default value.
-default_attrs(_, cell) ->
-    [{align, "TOKEN", "left"},
-     {valign, "TOKEN", "middle"}];
-default_attrs(_, cite) ->
-    [{id, "CDATA", ""}]; % required
-default_attrs(_, code) ->
-    [{type, "TOKEN", "none"}];
-default_attrs(_, codeinclude) ->
-    [{file, "CDATA", ""}, % required
-     {tag, "CDATA", ""},
-     {type, "TOKEN", "none"}];
-default_attrs(book, contents) ->
-    [{level, "TOKEN", "2"}];
-default_attrs(_, erleval) ->
-    [{expr, "CDATA", ""}]; % required
-default_attrs(report, erlinclude) ->
-    [{file, "CDATA", ""}, % required
-     {tag, "CDATA", ""}]; % required
-default_attrs(_, fascicule) ->
-    [{file, "CDATA", ""}, % required
-     {href, "CDATA", ""}, % required
-     {entry, "TOKEN", "no"}];
-default_attrs(book, header) ->
-    [{titlestyle, "TOKEN", "normal"}];
-default_attrs(_, image) ->
-    [{file, "CDATA", ""}]; % required
-default_attrs(_, include) ->
-    [{file, "CDATA", ""}]; % required
-default_attrs(report, index) ->
-    [{txt, "CDATA", ""}]; % required
-default_attrs(_, list) ->
-    [{type, "TOKEN", "bulleted"}];
-default_attrs(_, marker) ->
-    [{id, "CDATA", ""}]; % required
-default_attrs(book, onepart) ->
-    [{lift, "TOKEN", "no"}];
-default_attrs(book, parts) ->
-    [{lift, "TOKEN", "no"}];
-default_attrs(_, path) ->
-    [{unix, "CDATA", ""},
-     {windows, "CDATA", ""}];
-default_attrs(_, seealso) ->
-    [{marker, "CDATA", ""}]; % required
-default_attrs(report, table) ->
-    [{width, "CDATA", "0"},
-     {colspec, "CDATA", ""}];
-default_attrs(_, table) ->
-    [{align, "TOKEN", "center"}];
-default_attrs(_, term) ->
-    [{id, "CDATA", ""}]; % required
-default_attrs(book, theheader) ->
-    [{tag, "TOKEN", "none"}];
-default_attrs(bookinsidecover, theheader) ->
-    [{tag, "TOKEN", "none"}];
-default_attrs(_, url) ->
-    [{href, "CDATA", ""}]; % required
-default_attrs(_, _) -> [].
-
-%%--Single PCDATA broken into several fix-------------------------------
-
-%% When text contains an entity, then XMERL splits it into two
-%% PCDATA elements, the second starting with the entity.
-%%
-%% Example:
-%%  Magnus Fr�berg => [{pcdata,[],"Magnus Fr\n"},{pcdata,[],"�berg\n"}]
-%%
-%% This is not handled by DocBuilder which expects many tags, for
-%% example title and aname, to contain a single PCDATA element. (That
-%% is also what nsgmls returned.)
-
-fix_single_pcdata([{pcdata,[],Str1}, {pcdata,[],Str2}|T]) ->
-    fix_single_pcdata([{pcdata,[],Str1++Str2}|T]);
-fix_single_pcdata(FixedData) ->
-    FixedData.
-
-tag_content(aname) -> single_pcdata;
-tag_content(app) -> single_pcdata;
-tag_content(approved) -> single_pcdata;
-tag_content(appsummary) -> single_pcdata;
-tag_content(b) -> single_pcdata;
-tag_content(c) -> single_pcdata;
-tag_content(cauthor) -> single_pcdata;
-tag_content(cell) -> mixed_content;
-tag_content(checked) -> single_pcdata;
-tag_content(chowpublished) -> single_pcdata;
-tag_content(code) -> single_pcdata; % mixed?
-tag_content(com) -> single_pcdata;
-tag_content(comsummary) -> single_pcdata;
-tag_content(copyright) -> mixed_content;
-tag_content(ctitle) -> single_pcdata;
-tag_content(d) -> mixed_content;
-tag_content(date) -> single_pcdata;
-tag_content(docno) -> single_pcdata;
-tag_content(em) -> mixed_content;
-tag_content(email) -> single_pcdata;
-tag_content(fascicule) -> single_pcdata;
-tag_content(file) -> single_pcdata;
-tag_content(filesummary) -> single_pcdata;
-tag_content(fsummary) -> mixed_content;
-tag_content(headline) -> single_pcdata;
-tag_content(holder) -> single_pcdata;
-tag_content(i) -> single_pcdata;
-tag_content(icaption) -> single_pcdata;
-tag_content(id) -> single_pcdata;
-tag_content(input) -> mixed_content;
-tag_content(item) -> mixed_content;
-tag_content(legalnotice) -> single_pcdata;
-tag_content(lib) -> single_pcdata;
-tag_content(libsummary) -> single_pcdata;
-tag_content(module) -> single_pcdata;
-tag_content(modulesummary) -> single_pcdata;
-tag_content(name) -> single_pcdata;
-tag_content(nametext) -> single_pcdata;
-tag_content(p) -> mixed_content;
-tag_content(pagetext) -> single_pcdata;
-tag_content(path) -> single_pcdata; % mixed?
-tag_content(pre) -> mixed_content;
-tag_content(prepared) -> single_pcdata;
-tag_content(resp) -> single_pcdata;
-tag_content(responsible) -> single_pcdata;
-tag_content(ret) -> single_pcdata;
-tag_content(rev) -> single_pcdata;
-tag_content(seealso) -> single_pcdata; % mixed?
-tag_content(shortdef) -> single_pcdata;
-tag_content(shorttitle) -> single_pcdata;
-tag_content(tag) -> mixed_content;
-tag_content(tcaption) -> single_pcdata;
-tag_content(termdef) -> single_pcdata;
-tag_content(title) -> single_pcdata;
-tag_content(url) -> single_pcdata; % mixed
-tag_content(v) -> single_pcdata;
-tag_content(year) -> single_pcdata;
-tag_content(_) -> no_pcdata.
-
-
diff --git a/lib/docbuilder/src/docb_xmerl_xml_cb.erl b/lib/docbuilder/src/docb_xmerl_xml_cb.erl
deleted file mode 100644
index 089b8f0c7d..0000000000
--- a/lib/docbuilder/src/docb_xmerl_xml_cb.erl
+++ /dev/null
@@ -1,88 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the Licence for the specific language governing rights and limitations
-%% under the License.
-%%
-%% The Initial Developer of the Original Code is Ericsson AB.
-%% Portions created by Ericsson are Copyright 1999-2006, Ericsson AB.
-%% All Rights Reserved.��
-%%
-%%     $Id$
-%%
--module(docb_xmerl_xml_cb).
-
-%% This is the callback module for exporting XHTML to a DocBuilder
-%% erlref or chapter document in XML format.
-%% See docb_edoc_xml_cb.erl for further information.
-%%
-%% The origin of this file is the xmerl module xmerl_otpsgml.erl
-%% written by Ulf Wiger and Richard Carlsson.
-
--export(['#xml-inheritance#'/0]).
-
--export(['#root#'/4,
-	 '#element#'/5,
-	 '#text#'/1]).
-
--include("xmerl.hrl").
-
-'#xml-inheritance#'() ->
-    [xmerl_xml].
-
-'#root#'(Data, _Attrs, [], _E) -> 
-    ["<",DTD,">"] = hd(hd(Data)),
-    ["<?xml version=\"1.0\" encoding=\"latin1\" ?>\n",
-     "<!DOCTYPE "++DTD++" SYSTEM \""++DTD++".dtd\">\n",
-     Data].
-
-'#element#'(Tag, Data, Attrs, _Parents, _E) ->
-    {NewTag, NewAttrs} = convert_tag(Tag, Attrs),
-    xmerl_lib:markup(NewTag, NewAttrs, Data).
-
-'#text#'(Text) ->
-    xmerl_lib:export_text(Text).
-
-%% Utility functions
-
-convert_tag(a, [Attr]) ->
-    case Attr#xmlAttribute.name of
-	href ->
-	    Val = Attr#xmlAttribute.value,
-	    case is_url(Val) of
-		true ->
-		    {url, [Attr]};
-		false ->
-		    {seealso, [Attr#xmlAttribute{name=marker}]}
-	    end;
-	name ->
-	    {marker, [Attr#xmlAttribute{name=id}]}
-    end;
-convert_tag(b, Attrs)          -> {em, Attrs};
-convert_tag(blockquote, Attrs) -> {quote, Attrs};
-convert_tag(code, Attrs)       -> {c, Attrs};
-convert_tag(dd, Attrs)         -> {item, Attrs};
-convert_tag(dl, Attrs)         -> {taglist, Attrs};
-convert_tag(dt, Attrs)         -> {tag, Attrs};
-convert_tag(li, Attrs)         -> {item, Attrs};
-convert_tag(ol, Attrs)         -> {list, Attrs};
-convert_tag(strong, Attrs)     -> {em, Attrs};
-convert_tag(td, Attrs)         -> {cell, Attrs};
-convert_tag(tr, Attrs)         -> {row, Attrs};
-convert_tag(tt, Attrs)         -> {c, Attrs};
-convert_tag(ul, Attrs)         -> {list, Attrs};
-convert_tag(underline, Attrs)  -> {em, Attrs};
-convert_tag(Tag, Attrs)        -> {Tag, Attrs}.
-
-is_url("http:"++_) -> true;
-is_url("../"++_) -> true;
-is_url(FileRef) ->
-    case filename:extension(FileRef) of
-	"" -> false; % no extension = xml file, DocBuilder resolves
-	_Ext -> true % extension, DocBuilder must not resolve
-    end.
diff --git a/lib/docbuilder/src/docb_xml_check.erl b/lib/docbuilder/src/docb_xml_check.erl
deleted file mode 100644
index 5912e22e7b..0000000000
--- a/lib/docbuilder/src/docb_xml_check.erl
+++ /dev/null
@@ -1,45 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
-%% Utvecklings AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_xml_check).
-
--export([validate/1]).
--deprecated([{validate,1,next_major_release}]).
-
-%% validate(File) -> ok | error | {error, badfile}
-%%   File = string(), file name with or without ".xml" extension
-%% If XML validation fails for a file, the error information from
-%% Xmerl is printed to terminal and the function returns error.
-validate(File0) ->
-    File = case filename:extension(File0) of
-	       ".xml" -> File0;
-	       _ -> File0++".xml"
-	   end,
-    case filelib:is_regular(File) of
-	true ->
-	    DtdDir = docb_util:dtd_dir(),
-	    case catch xmerl_scan:file(File, [{validation,true},
-					      {fetch_path,[DtdDir]}]) of
-		{'EXIT', Error} ->
-		    io:format("~p~n", [Error]),
-		    error;
-		{_Doc, _Misc} ->
-		    ok
-	    end;
-	false ->
-	    {error, badfile}
-    end.
diff --git a/lib/docbuilder/src/docbuilder.app.src b/lib/docbuilder/src/docbuilder.app.src
deleted file mode 100644
index 64c4770964..0000000000
--- a/lib/docbuilder/src/docbuilder.app.src
+++ /dev/null
@@ -1,37 +0,0 @@
-{application, docbuilder,
- [{description, "Tool for building HTML documentation"},
-  {vsn, "%VSN%"},
-  {modules, [docb_edoc_xml_cb,
-	     docb_gen,
-	     docb_html,
-	     docb_html_layout,
-	     docb_html_ref,
-	     docb_html_util,
-	     docb_html_util_iso,
-	     docb_main,
-	     docb_pretty_format,
-	     docb_tr_application2html,
-	     docb_tr_appref2html,
-	     docb_tr_chapter2html,
-	     docb_tr_cite2html,
-	     docb_tr_comref2html,
-	     docb_tr_cref2html,
-	     docb_tr_erlref2html,
-	     docb_tr_fileref2html,
-	     docb_tr_first2html,
-	     docb_tr_index2html,
-	     docb_tr_part2html,
-	     docb_tr_refs2kwic,
-	     docb_tr_report2html,
-	     docb_tr_term2html,
-	     docb_transform,
-	     docb_util,
-	     docb_xmerl_tree_cb,
-	     docb_xmerl_xml_cb,
-	     docb_xml_check
-	    ]},
-  {registered, []},
-  {applications, [kernel, stdlib]},
-  {env, []}]}.
-
-
diff --git a/lib/docbuilder/src/docbuilder.appup.src b/lib/docbuilder/src/docbuilder.appup.src
deleted file mode 100644
index 54a63833e6..0000000000
--- a/lib/docbuilder/src/docbuilder.appup.src
+++ /dev/null
@@ -1 +0,0 @@
-{"%VSN%",[],[]}.
diff --git a/lib/docbuilder/test/Makefile b/lib/docbuilder/test/Makefile
deleted file mode 100644
index 53dff193dc..0000000000
--- a/lib/docbuilder/test/Makefile
+++ /dev/null
@@ -1,80 +0,0 @@
-# ``The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved via the world wide web at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-# Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
-# AB. All Rights Reserved.''
-# 
-#     $Id$
-#
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-MODULES =  \
-	docb_SUITE
-
-ERL_FILES= $(MODULES:%=%.erl)
-
-TARGET_FILES= $(MODULES:%=$(EBIN)/%.$(EMULATOR))
-INSTALL_PROGS= $(TARGET_FILES)
-
-EMAKEFILE=Emakefile
-
-SPEC_FILES=
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/docb_test
-
-# ----------------------------------------------------
-# FLAGS
-# ----------------------------------------------------
-ERL_MAKE_FLAGS += 
-ERL_COMPILE_FLAGS += -I$(ERL_TOP)/lib/test_server/include
-
-EBIN = .
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-.PHONY: make_emakefile
-
-make_emakefile:
-	$(ERL_TOP)/make/make_emakefile $(ERL_COMPILE_FLAGS) -o$(EBIN) $(MODULES)\
-	> $(EMAKEFILE)
-
-tests debug opt: make_emakefile
-	erl $(ERL_MAKE_FLAGS) -make
-
-clean:
-	rm -f $(EMAKEFILE)
-	rm -f $(TARGET_FILES)
-	rm -f core
-
-docs:
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-release_spec: opt
-
-release_tests_spec: make_emakefile
-	$(INSTALL_DIR) $(RELSYSDIR)
-	$(INSTALL_DATA) $(SPEC_FILES) docb.cover $(EMAKEFILE) $(ERL_FILES) $(RELSYSDIR)
-	chmod -R u+w $(RELSYSDIR)
-	@tar cf - *_SUITE_data | (cd $(RELSYSDIR); tar xf -)
-
-release_docs_spec:
-
-
diff --git a/lib/docbuilder/test/docb.cover b/lib/docbuilder/test/docb.cover
deleted file mode 100644
index 80bab6eba7..0000000000
--- a/lib/docbuilder/test/docb.cover
+++ /dev/null
@@ -1,2 +0,0 @@
-{incl_app,docbuilder,details}
-
diff --git a/lib/docbuilder/test/docb_SUITE.erl b/lib/docbuilder/test/docb_SUITE.erl
deleted file mode 100644
index d286824539..0000000000
--- a/lib/docbuilder/test/docb_SUITE.erl
+++ /dev/null
@@ -1,50 +0,0 @@
-%% ``The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved via the world wide web at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
-%% AB. All Rights Reserved.''
-%% 
-%%     $Id$
-%%
--module(docb_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, init_per_group/2,end_per_group/2,html/1]).
-
--include_lib("common_test/include/ct.hrl").
-
--include_lib("kernel/include/file.hrl").
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-[html].
-
-groups() -> 
-    [].
-
-init_per_suite(Config) ->
-    Config.
-
-end_per_suite(_Config) ->
-    ok.
-
-init_per_group(_GroupName, Config) ->
-	Config.
-
-end_per_group(_GroupName, Config) ->
-	Config.
-
-
-html(suite) -> [];
-html(Config) when is_list(Config) ->
-    ok.
-
diff --git a/lib/docbuilder/test/docb_SUITE_data/cdata_problem.xml b/lib/docbuilder/test/docb_SUITE_data/cdata_problem.xml
deleted file mode 100755
index b7f6f5376e..0000000000
--- a/lib/docbuilder/test/docb_SUITE_data/cdata_problem.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-<chapter>
-  <header>
-    <title>�Docbook&ouml; bug</title>
-    <prepared>Matthias Lang</prepared>
-<docno></docno>
-<date>2008-03-31</date>
-    <rev>1.0</rev>
-  </header>
-
-<section><title>This is a title</title>
-	<code><![CDATA[
-	This works
-	]]></code>
-
-	<code><![CDATA[
-	This does not
-	]]> </code>
-</section>
-</chapter>
-
diff --git a/lib/docbuilder/vsn.mk b/lib/docbuilder/vsn.mk
deleted file mode 100644
index 6df438a537..0000000000
--- a/lib/docbuilder/vsn.mk
+++ /dev/null
@@ -1 +0,0 @@
-DOCB_VSN = 0.9.8.11
diff --git a/lib/docbuilder/xsd/application.xsd b/lib/docbuilder/xsd/application.xsd
deleted file mode 100755
index eb666cb6c7..0000000000
--- a/lib/docbuilder/xsd/application.xsd
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.xsd"/>

-  <xs:include schemaLocation="common.header.xsd"/>

-  <xs:element name="application">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:element minOccurs="0" ref="description"/>

-        <xs:element maxOccurs="unbounded" ref="include"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="description">

-    <xs:complexType>

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="block"/>

-        <xs:element ref="quote"/>

-        <xs:element ref="br"/>

-        <xs:element ref="marker"/>

-        <xs:element ref="warning"/>

-        <xs:element ref="note"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="include">

-    <xs:complexType>

-      <xs:attribute name="file" use="required"/>

-    </xs:complexType>

-  </xs:element>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/appref.xsd b/lib/docbuilder/xsd/appref.xsd
deleted file mode 100755
index b63839e494..0000000000
--- a/lib/docbuilder/xsd/appref.xsd
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.refs.xsd"/>

-  <!-- Structure -->

-  <xs:element name="appref">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:element ref="app"/>

-        <xs:element ref="appsummary"/>

-        <xs:element ref="description"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="section"/>

-          <xs:element ref="funcs"/>

-        </xs:choice>

-        <xs:element ref="authors"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="app" type="xs:string"/>

-  <xs:element name="appsummary" type="xs:string"/>

-  <!--

-    `name' is used in common.refs.dtd and must therefore 

-    be defined in each *ref. dtd

-  -->

-  <xs:element name="name" type="xs:string"/>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/book.xsd b/lib/docbuilder/xsd/book.xsd
deleted file mode 100755
index b47962263a..0000000000
--- a/lib/docbuilder/xsd/book.xsd
+++ /dev/null
@@ -1,292 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.xsd"/>

-  <xs:include schemaLocation="common.table.xsd"/>

-  <xs:element name="book">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:element minOccurs="0" ref="insidecover"/>

-        <xs:element ref="pagetext"/>

-        <xs:element ref="preamble"/>

-        <xs:choice maxOccurs="unbounded">

-          <xs:element ref="applications"/>

-          <xs:element ref="parts"/>

-          <xs:element ref="headline"/>

-          <xs:element ref="pagetext"/>

-        </xs:choice>

-        <xs:sequence>

-          <xs:element minOccurs="0" ref="listoffigures"/>

-          <xs:element minOccurs="0" ref="listoftables"/>

-          <xs:element minOccurs="0" ref="listofterms"/>

-          <xs:element minOccurs="0" ref="bibliography"/>

-          <xs:element minOccurs="0" ref="index"/>

-        </xs:sequence>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="header">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="title"/>

-        <xs:element ref="prepared"/>

-        <xs:element minOccurs="0" ref="responsible"/>

-        <xs:element ref="docno"/>

-        <xs:element minOccurs="0" ref="approved"/>

-        <xs:element minOccurs="0" ref="checked"/>

-        <xs:element ref="date"/>

-        <xs:element ref="rev"/>

-        <xs:element minOccurs="0" ref="file"/>

-        <xs:element minOccurs="0" ref="abbreviation"/>

-      </xs:sequence>

-      <xs:attribute name="titlestyle" default="normal">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="special"/>

-            <xs:enumeration value="normal"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="title">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="prepared">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="responsible">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="docno">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="approved">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="checked">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="date">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="rev">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="file">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="abbreviation">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="pagetext" type="xs:string"/>

-  <xs:element name="preamble">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" ref="preface"/>

-        <xs:element minOccurs="0" ref="contents"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="preface">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" ref="title"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="block"/>

-          <xs:element ref="quote"/>

-          <xs:element ref="br"/>

-          <xs:element ref="marker"/>

-          <xs:element ref="warning"/>

-          <xs:element ref="note"/>

-          <xs:element ref="table"/>

-        </xs:choice>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="insidecover">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="br"/>

-        <xs:element ref="theheader"/>

-        <xs:element ref="vfill"/>

-        <xs:element ref="tt"/>

-        <xs:element ref="bold"/>

-        <xs:element ref="include"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="tt">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="br"/>

-        <xs:element ref="theheader"/>

-        <xs:element ref="vfill"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="bold">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="br"/>

-        <xs:element ref="theheader"/>

-        <xs:element ref="vfill"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="vfill">

-    <xs:complexType/>

-  </xs:element>

-  <xs:element name="theheader">

-    <xs:complexType>

-      <xs:attribute name="tag" default="none">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="title"/>

-            <xs:enumeration value="prepared"/>

-            <xs:enumeration value="responsible"/>

-            <xs:enumeration value="docno"/>

-            <xs:enumeration value="approved"/>

-            <xs:enumeration value="checked"/>

-            <xs:enumeration value="date"/>

-            <xs:enumeration value="rev"/>

-            <xs:enumeration value="file"/>

-            <xs:enumeration value="abbreviation"/>

-            <xs:enumeration value="none"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="applications">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="include"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="parts">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" ref="title"/>

-        <xs:element minOccurs="0" ref="description"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="include"/>

-          <xs:element ref="onepart"/>

-        </xs:choice>

-      </xs:sequence>

-      <xs:attribute name="lift" default="no">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="yes"/>

-            <xs:enumeration value="no"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="headline" type="xs:string"/>

-  <xs:element name="index">

-    <xs:complexType/>

-  </xs:element>

-  <xs:element name="listoffigures">

-    <xs:complexType/>

-  </xs:element>

-  <xs:element name="listoftables">

-    <xs:complexType/>

-  </xs:element>

-  <xs:element name="listofterms">

-    <xs:complexType/>

-  </xs:element>

-  <xs:element name="bibliography">

-    <xs:complexType/>

-  </xs:element>

-  <xs:element name="contents">

-    <xs:complexType>

-      <xs:attribute name="level" default="2">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="0"/>

-            <xs:enumeration value="1"/>

-            <xs:enumeration value="2"/>

-            <xs:enumeration value="3"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="onepart">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" ref="title"/>

-        <xs:element minOccurs="0" ref="description"/>

-        <xs:element maxOccurs="unbounded" ref="include"/>

-      </xs:sequence>

-      <xs:attribute name="lift" default="no">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="yes"/>

-            <xs:enumeration value="no"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="description">

-    <xs:complexType>

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="block"/>

-        <xs:element ref="quote"/>

-        <xs:element ref="br"/>

-        <xs:element ref="marker"/>

-        <xs:element ref="warning"/>

-        <xs:element ref="note"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="include">

-    <xs:complexType>

-      <xs:attribute name="file" use="required"/>

-    </xs:complexType>

-  </xs:element>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/chapter.xsd b/lib/docbuilder/xsd/chapter.xsd
deleted file mode 100755
index 4d89baa988..0000000000
--- a/lib/docbuilder/xsd/chapter.xsd
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.xsd"/>

-  <xs:include schemaLocation="common.header.xsd"/>

-  <xs:include schemaLocation="common.table.xsd"/>

-  <xs:include schemaLocation="common.image.xsd"/>

-  <!-- Structure -->

-  <xs:element name="chapter">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="block"/>

-          <xs:element ref="quote"/>

-          <xs:element ref="warning"/>

-          <xs:element ref="note"/>

-          <xs:element ref="br"/>

-          <xs:element ref="image"/>

-          <xs:element ref="marker"/>

-          <xs:element ref="table"/>

-        </xs:choice>

-        <xs:element maxOccurs="unbounded" ref="section"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="section">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="marker"/>

-        <xs:element ref="title"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="block"/>

-          <xs:element ref="quote"/>

-          <xs:element ref="warning"/>

-          <xs:element ref="note"/>

-          <xs:element ref="br"/>

-          <xs:element ref="image"/>

-          <xs:element ref="marker"/>

-          <xs:element ref="table"/>

-          <xs:element ref="section"/>

-        </xs:choice>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/common.entities.xsd b/lib/docbuilder/xsd/common.entities.xsd
deleted file mode 100755
index 52a5d35179..0000000000
--- a/lib/docbuilder/xsd/common.entities.xsd
+++ /dev/null
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"/>

diff --git a/lib/docbuilder/xsd/common.header.xsd b/lib/docbuilder/xsd/common.header.xsd
deleted file mode 100755
index bfee4b8bb4..0000000000
--- a/lib/docbuilder/xsd/common.header.xsd
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:element name="header">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="title"/>

-        <xs:element minOccurs="0" ref="shorttitle"/>

-        <xs:element ref="prepared"/>

-        <xs:element minOccurs="0" ref="responsible"/>

-        <xs:element ref="docno"/>

-        <xs:element minOccurs="0" ref="approved"/>

-        <xs:element minOccurs="0" ref="checked"/>

-        <xs:element ref="date"/>

-        <xs:element ref="rev"/>

-        <xs:element minOccurs="0" ref="file"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="title" type="xs:string"/>

-  <xs:element name="shorttitle" type="xs:string"/>

-  <xs:element name="prepared" type="xs:string"/>

-  <xs:element name="responsible" type="xs:string"/>

-  <xs:element name="docno" type="xs:string"/>

-  <xs:element name="approved" type="xs:string"/>

-  <xs:element name="checked" type="xs:string"/>

-  <xs:element name="date" type="xs:string"/>

-  <xs:element name="rev" type="xs:string"/>

-  <xs:element name="file" type="xs:string"/>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/common.image.xsd b/lib/docbuilder/xsd/common.image.xsd
deleted file mode 100755
index 17054eb23c..0000000000
--- a/lib/docbuilder/xsd/common.image.xsd
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:element name="image">

-    <xs:complexType>

-      <xs:complexContent>

-        <xs:extension base="icaption">

-          <xs:attribute name="file" use="required"/>

-        </xs:extension>

-      </xs:complexContent>

-    </xs:complexType>

-  </xs:element>

-  <xs:complexType name="icaption">

-    <xs:sequence>

-      <xs:element ref="icaption"/>

-    </xs:sequence>

-  </xs:complexType>

-  <xs:element name="icaption" type="xs:string"/>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/common.refs.xsd b/lib/docbuilder/xsd/common.refs.xsd
deleted file mode 100755
index 58b450669d..0000000000
--- a/lib/docbuilder/xsd/common.refs.xsd
+++ /dev/null
@@ -1,102 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>

-<!--

-  This file contains common stuff for the *ref.dtd files.

-  Note that `name' is defined in each *ref.dtd.

--->

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.xsd"/>

-  <xs:include schemaLocation="common.header.xsd"/>

-  <xs:element name="description">

-    <xs:complexType>

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="block"/>

-        <xs:element ref="quote"/>

-        <xs:element ref="br"/>

-        <xs:element ref="marker"/>

-        <xs:element ref="warning"/>

-        <xs:element ref="note"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="funcs">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element maxOccurs="unbounded" ref="func"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="func">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element maxOccurs="unbounded" ref="name"/>

-        <xs:element ref="fsummary"/>

-        <xs:element minOccurs="0" ref="type"/>

-        <xs:element minOccurs="0" ref="desc"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <!-- ELEMENT name is defined in each ref dtd -->

-  <xs:element name="fsummary">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="c"/>

-        <xs:element ref="em"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="type">

-    <xs:complexType>

-      <xs:sequence maxOccurs="unbounded">

-        <xs:element ref="v"/>

-        <xs:element minOccurs="0" ref="d"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="v" type="xs:string"/>

-  <xs:element name="d">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="c"/>

-        <xs:element ref="em"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="desc">

-    <xs:complexType>

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="block"/>

-        <xs:element ref="quote"/>

-        <xs:element ref="br"/>

-        <xs:element ref="marker"/>

-        <xs:element ref="warning"/>

-        <xs:element ref="note"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="authors">

-    <xs:complexType>

-      <xs:sequence maxOccurs="unbounded">

-        <xs:element ref="aname"/>

-        <xs:element ref="email"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="aname" type="xs:string"/>

-  <xs:element name="email" type="xs:string"/>

-  <xs:element name="section">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="marker"/>

-        <xs:element ref="title"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="block"/>

-          <xs:element ref="quote"/>

-          <xs:element ref="br"/>

-          <xs:element ref="marker"/>

-          <xs:element ref="warning"/>

-          <xs:element ref="note"/>

-        </xs:choice>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/common.table.xsd b/lib/docbuilder/xsd/common.table.xsd
deleted file mode 100755
index cf63df4317..0000000000
--- a/lib/docbuilder/xsd/common.table.xsd
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:element name="table">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element maxOccurs="unbounded" ref="row"/>

-        <xs:element ref="tcaption"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="row">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element maxOccurs="unbounded" ref="cell"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="cell">

-    <xs:complexType mixed="true">

-      <xs:group minOccurs="0" maxOccurs="unbounded" ref="inline"/>

-      <xs:attribute name="align" default="left">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="left"/>

-            <xs:enumeration value="center"/>

-            <xs:enumeration value="right"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-      <xs:attribute name="valign" default="middle">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="top"/>

-            <xs:enumeration value="middle"/>

-            <xs:enumeration value="bottom"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="tcaption" type="xs:string"/>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/common.xsd b/lib/docbuilder/xsd/common.xsd
deleted file mode 100755
index 3d43390bd8..0000000000
--- a/lib/docbuilder/xsd/common.xsd
+++ /dev/null
@@ -1,212 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>

-<!-- This file contains common stuff for all dtds. -->

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:element name="block" abstract="true"/>

-  <xs:group name="inline">

-    <xs:sequence>

-      <xs:choice minOccurs="0">

-        <xs:element ref="c"/>

-        <xs:element ref="em"/>

-        <xs:element ref="term"/>

-        <xs:element ref="cite"/>

-        <xs:element ref="br"/>

-        <xs:element ref="path"/>

-        <xs:element ref="seealso"/>

-        <xs:element ref="url"/>

-        <xs:element ref="marker"/>

-      </xs:choice>

-    </xs:sequence>

-  </xs:group>

-  <!-- XXX -->

-  <xs:element name="p" substitutionGroup="block">

-    <xs:complexType mixed="true">

-      <xs:group minOccurs="0" maxOccurs="unbounded" ref="inline"/>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="pre" substitutionGroup="block">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="seealso"/>

-        <xs:element ref="url"/>

-        <xs:element ref="input"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="input">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="seealso"/>

-        <xs:element ref="url"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="code" substitutionGroup="block">

-    <xs:complexType mixed="true">

-      <xs:attribute name="type" default="none">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="erl"/>

-            <xs:enumeration value="c"/>

-            <xs:enumeration value="none"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="quote">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="p"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="warning">

-    <xs:complexType>

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="block"/>

-        <xs:element ref="quote"/>

-        <xs:element ref="br"/>

-        <xs:element ref="marker"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="note">

-    <xs:complexType>

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="block"/>

-        <xs:element ref="quote"/>

-        <xs:element ref="br"/>

-        <xs:element ref="marker"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="c" type="xs:string"/>

-  <xs:element name="em">

-    <xs:complexType mixed="true">

-      <xs:sequence>

-        <xs:element minOccurs="0" maxOccurs="unbounded" ref="c"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <!-- XXX -->

-  <xs:element name="term">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" ref="termdef"/>

-      </xs:sequence>

-      <xs:attribute name="id" use="required"/>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="termdef" type="xs:string"/>

-  <xs:element name="cite">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element minOccurs="0" ref="citedef"/>

-      </xs:sequence>

-      <xs:attribute name="id" use="required"/>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="citedef">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="ctitle"/>

-        <xs:element ref="cauthor"/>

-        <xs:element ref="chowpublished"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="ctitle" type="xs:string"/>

-  <xs:element name="cauthor" type="xs:string"/>

-  <xs:element name="chowpublished" type="xs:string"/>

-  <!-- XXX -->

-  <xs:element name="br">

-    <xs:complexType/>

-  </xs:element>

-  <!-- Path -->

-  <xs:element name="path">

-    <xs:complexType mixed="true">

-      <xs:attribute name="unix" default=""/>

-      <xs:attribute name="windows" default=""/>

-    </xs:complexType>

-  </xs:element>

-  <!-- List -->

-  <xs:element name="list" substitutionGroup="block">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element maxOccurs="unbounded" ref="item"/>

-      </xs:sequence>

-      <xs:attribute name="type" default="bulleted">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="ordered"/>

-            <xs:enumeration value="bulleted"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="taglist" substitutionGroup="block">

-    <xs:complexType>

-      <xs:sequence maxOccurs="unbounded">

-        <xs:element ref="tag"/>

-        <xs:element ref="item"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="tag">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="c"/>

-        <xs:element ref="em"/>

-        <xs:element ref="seealso"/>

-        <xs:element ref="url"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="item">

-    <xs:complexType mixed="true">

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:group ref="inline"/>

-        <xs:element ref="block"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <!-- References -->

-  <xs:element name="seealso">

-    <xs:complexType mixed="true">

-      <xs:attribute name="marker" use="required"/>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="url">

-    <xs:complexType mixed="true">

-      <xs:attribute name="href" use="required"/>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="marker">

-    <xs:complexType>

-      <xs:attribute name="id" use="required"/>

-    </xs:complexType>

-  </xs:element>

-  <!-- CodeInclude -->

-  <xs:element name="codeinclude" substitutionGroup="block">

-    <xs:complexType>

-      <xs:attribute name="file" use="required"/>

-      <xs:attribute name="tag" default=""/>

-      <xs:attribute name="type" default="none">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="erl"/>

-            <xs:enumeration value="c"/>

-            <xs:enumeration value="none"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-  <!-- ErlEval -->

-  <xs:element name="erleval" substitutionGroup="block">

-    <xs:complexType>

-      <xs:attribute name="expr" use="required"/>

-    </xs:complexType>

-  </xs:element>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/comref.xsd b/lib/docbuilder/xsd/comref.xsd
deleted file mode 100755
index 61df4dd848..0000000000
--- a/lib/docbuilder/xsd/comref.xsd
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.refs.xsd"/>

-  <xs:element name="comref">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:element ref="com"/>

-        <xs:element ref="comsummary"/>

-        <xs:element ref="description"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="section"/>

-          <xs:element ref="funcs"/>

-        </xs:choice>

-        <xs:element ref="authors"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="com" type="xs:string"/>

-  <xs:element name="comsummary" type="xs:string"/>

-  <!--

-    `name' is used in common.refs.dtd and must therefore 

-    be defined in each *ref. dtd

-  -->

-  <xs:element name="name" type="xs:string"/>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/cref.xsd b/lib/docbuilder/xsd/cref.xsd
deleted file mode 100755
index f1cbeddfff..0000000000
--- a/lib/docbuilder/xsd/cref.xsd
+++ /dev/null
@@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.refs.xsd"/>

-  <xs:element name="cref">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:element ref="lib"/>

-        <xs:element ref="libsummary"/>

-        <xs:element ref="description"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="section"/>

-          <xs:element ref="funcs"/>

-        </xs:choice>

-        <xs:element ref="authors"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="lib" type="xs:string"/>

-  <xs:element name="libsummary" type="xs:string"/>

-  <!--

-    `name' is used in common.refs.dtd and must therefore 

-    be defined in each *ref. dtd

-  -->

-  <xs:element name="name">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="ret"/>

-        <xs:element ref="nametext"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="ret" type="xs:string"/>

-  <xs:element name="nametext" type="xs:string"/>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/erlref.xsd b/lib/docbuilder/xsd/erlref.xsd
deleted file mode 100755
index f6011b7bea..0000000000
--- a/lib/docbuilder/xsd/erlref.xsd
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.refs.xsd"/>

-  <xs:element name="erlref">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:element ref="module"/>

-        <xs:element ref="modulesummary"/>

-        <xs:element ref="description"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="section"/>

-          <xs:element ref="funcs"/>

-        </xs:choice>

-        <xs:element ref="authors"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="module" type="xs:string"/>

-  <xs:element name="modulesummary" type="xs:string"/>

-  <!--

-    `name' is used in common.refs.dtd and must therefore 

-    be defined in each *ref. dtd

-  -->

-  <xs:element name="name" type="xs:string"/>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/fascicules.xsd b/lib/docbuilder/xsd/fascicules.xsd
deleted file mode 100755
index bfdb5bd604..0000000000
--- a/lib/docbuilder/xsd/fascicules.xsd
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<!-- Structure -->

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:element name="fascicules">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element maxOccurs="unbounded" ref="fascicule"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="fascicule">

-    <xs:complexType mixed="true">

-      <xs:attribute name="file" use="required"/>

-      <xs:attribute name="href" use="required"/>

-      <xs:attribute name="entry" default="no">

-        <xs:simpleType>

-          <xs:restriction base="xs:token">

-            <xs:enumeration value="yes"/>

-            <xs:enumeration value="no"/>

-          </xs:restriction>

-        </xs:simpleType>

-      </xs:attribute>

-    </xs:complexType>

-  </xs:element>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/fileref.xsd b/lib/docbuilder/xsd/fileref.xsd
deleted file mode 100755
index 8038f2115f..0000000000
--- a/lib/docbuilder/xsd/fileref.xsd
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.refs.xsd"/>

-  <xs:element name="fileref">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:element ref="file"/>

-        <xs:element ref="filesummary"/>

-        <xs:element ref="description"/>

-        <xs:choice minOccurs="0" maxOccurs="unbounded">

-          <xs:element ref="section"/>

-          <xs:element ref="funcs"/>

-        </xs:choice>

-        <xs:element ref="authors"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <!-- Note: ELEMENT file is already defined -->

-  <xs:element name="filesummary" type="xs:string"/>

-  <!--

-    `name' is used in common.refs.dtd and must therefore 

-    be defined in each *ref. dtd

-  -->

-  <xs:element name="name" type="xs:string"/>

-</xs:schema>

diff --git a/lib/docbuilder/xsd/part.xsd b/lib/docbuilder/xsd/part.xsd
deleted file mode 100755
index 30d6ec0120..0000000000
--- a/lib/docbuilder/xsd/part.xsd
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>

-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">

-  <xs:include schemaLocation="common.xsd"/>

-  <xs:include schemaLocation="common.header.xsd"/>

-  <xs:element name="part">

-    <xs:complexType>

-      <xs:sequence>

-        <xs:element ref="header"/>

-        <xs:element minOccurs="0" ref="description"/>

-        <xs:element maxOccurs="unbounded" ref="include"/>

-      </xs:sequence>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="description">

-    <xs:complexType>

-      <xs:choice minOccurs="0" maxOccurs="unbounded">

-        <xs:element ref="block"/>

-        <xs:element ref="quote"/>

-        <xs:element ref="br"/>

-        <xs:element ref="marker"/>

-        <xs:element ref="warning"/>

-        <xs:element ref="note"/>

-      </xs:choice>

-    </xs:complexType>

-  </xs:element>

-  <xs:element name="include">

-    <xs:complexType>

-      <xs:attribute name="file" use="required"/>

-    </xs:complexType>

-  </xs:element>

-</xs:schema>

diff --git a/lib/edoc/doc/Makefile b/lib/edoc/doc/Makefile
index c5f68b25d0..7a59809d9b 100644
--- a/lib/edoc/doc/Makefile
+++ b/lib/edoc/doc/Makefile
@@ -78,12 +78,3 @@ release_docs_spec: docs
 
 
 release_spec:
-
-
-
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-#-include make.dep
-
-
diff --git a/lib/edoc/doc/src/make.dep b/lib/edoc/doc/src/make.dep
deleted file mode 100644
index b46e36314f..0000000000
--- a/lib/edoc/doc/src/make.dep
+++ /dev/null
@@ -1,21 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex chapter.tex edoc.tex edoc_doclet.tex \
-		edoc_extract.tex edoc_layout.tex edoc_lib.tex \
-		edoc_run.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/edoc/doc/src/notes.xml b/lib/edoc/doc/src/notes.xml
index b220067bbe..a74a19bc05 100644
--- a/lib/edoc/doc/src/notes.xml
+++ b/lib/edoc/doc/src/notes.xml
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the EDoc
     application.</p>
 
+<section><title>Edoc 0.7.9.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Edoc 0.7.9</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/edoc/vsn.mk b/lib/edoc/vsn.mk
index 22f225dd9b..b8f33894f1 100644
--- a/lib/edoc/vsn.mk
+++ b/lib/edoc/vsn.mk
@@ -1 +1 @@
-EDOC_VSN = 0.7.9
+EDOC_VSN = 0.7.9.1
diff --git a/lib/erl_docgen/Makefile b/lib/erl_docgen/Makefile
index 93a6353cac..19b129fd5d 100644
--- a/lib/erl_docgen/Makefile
+++ b/lib/erl_docgen/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -23,8 +23,7 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk
 # Macros
 #
 
-SUB_DIRECTORIES = src priv 
-#doc/src
+SUB_DIRECTORIES = src priv doc/src
 
 include vsn.mk
 VSN = $(ERL_DOCGEN_VSN)
diff --git a/lib/docbuilder/doc/man3/.gitignore b/lib/erl_docgen/doc/html/.gitignore
index e69de29bb2..e69de29bb2 100644
--- a/lib/docbuilder/doc/man3/.gitignore
+++ b/lib/erl_docgen/doc/html/.gitignore
diff --git a/lib/docbuilder/doc/man6/.gitignore b/lib/erl_docgen/doc/man6/.gitignore
index e69de29bb2..e69de29bb2 100644
--- a/lib/docbuilder/doc/man6/.gitignore
+++ b/lib/erl_docgen/doc/man6/.gitignore
diff --git a/lib/docbuilder/doc/pdf/.gitignore b/lib/erl_docgen/doc/pdf/.gitignore
index e69de29bb2..e69de29bb2 100644
--- a/lib/docbuilder/doc/pdf/.gitignore
+++ b/lib/erl_docgen/doc/pdf/.gitignore
diff --git a/lib/erl_docgen/doc/src/Makefile b/lib/erl_docgen/doc/src/Makefile
new file mode 100644
index 0000000000..ff50c12895
--- /dev/null
+++ b/lib/erl_docgen/doc/src/Makefile
@@ -0,0 +1,136 @@
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2011-2011. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+#
+#
+include $(ERL_TOP)/make/target.mk
+include $(ERL_TOP)/make/$(TARGET)/otp.mk
+
+# ----------------------------------------------------
+# Application version
+# ----------------------------------------------------
+include ../../vsn.mk
+VSN=$(ERL_DOCGEN_VSN)
+APPLICATION=erl_docgen
+
+# ----------------------------------------------------
+# Release directory specification
+# ----------------------------------------------------
+RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
+
+# ----------------------------------------------------
+# Target Specs
+# ----------------------------------------------------
+XML_APPLICATION_FILES = ref_man.xml
+XML_REF6_FILES = \
+	erl_docgen_app.xml
+
+XML_PART_FILES = \
+	part.xml
+
+XML_CHAPTER_FILES = \
+	overview.xml \
+        doc-build.xml \
+	user_guide_dtds.xml \
+	refman_dtds.xml \
+	notes.xml \
+	inline_tags.xml \
+	header_tags.xml \
+	character_entities.xml \
+	block_tags.xml 
+
+BOOK_FILES = book.xml
+
+XML_FILES = $(BOOK_FILES) $(XML_APPLICATION_FILES) $(XML_REF6_FILES) \
+            $(XML_PART_FILES) $(XML_CHAPTER_FILES) 
+
+TECHNICAL_DESCR_FILES = 
+
+EXAMPLE_FILES = \
+	example.txt
+
+GIF_FILES = \
+	man.gif 
+
+# ----------------------------------------------------
+
+HTML_FILES = $(XML_APPLICATION_FILES:%.xml=$(HTMLDIR)/%.html) \
+	$(XML_CHAPTER_FILES:%.xml=$(HTMLDIR)/%.html) \
+	$(XML_PART_FILES:%.xml=$(HTMLDIR)/%.html)
+
+INFO_FILE = ../../info
+
+MAN6_FILES = $(XML_REF6_FILES:%_app.xml=$(MAN6DIR)/%.6)
+
+HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
+
+TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
+
+# ----------------------------------------------------
+# FLAGS 
+# ----------------------------------------------------
+XML_FLAGS += 
+DVIPS_FLAGS += 
+
+# ----------------------------------------------------
+# Targets
+# ----------------------------------------------------
+docs: pdf html man
+
+$(HTMLDIR)/%.gif: %.gif
+	$(INSTALL_DATA) $< $@
+
+$(HTMLDIR)/example.txt: example.txt
+	$(INSTALL_DATA) $< $@
+
+$(TOP_PDF_FILE): $(XML_FILES)
+
+pdf: $(TOP_PDF_FILE)
+
+html: gifs examples $(HTML_REF_MAN_FILE)
+
+clean clean_docs:
+	rm -rf $(HTMLDIR)/*
+	rm -f $(MAN6DIR)/*
+	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
+	rm -f errs core *~
+	rm -f $(JD_HTML) $(JD_PACK)
+
+man: $(MAN6_FILES)
+
+gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
+
+examples: $(GIF_FILES:%=$(HTMLDIR)/%)
+
+debug opt: 
+
+# ----------------------------------------------------
+# Release Target
+# ---------------------------------------------------- 
+include $(ERL_TOP)/make/otp_release_targets.mk
+
+release_docs_spec: docs
+	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
+	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
+	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
+	$(INSTALL_DATA) $(HTMLDIR)/* \
+		$(RELSYSDIR)/doc/html
+	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
+	$(INSTALL_DIR) $(RELEASE_PATH)/man/man6
+	$(INSTALL_DATA) $(MAN6DIR)/* $(RELEASE_PATH)/man/man6
+
+release_spec:
diff --git a/lib/erl_docgen/doc/src/block_tags.xml b/lib/erl_docgen/doc/src/block_tags.xml
new file mode 100644
index 0000000000..0900d7f008
--- /dev/null
+++ b/lib/erl_docgen/doc/src/block_tags.xml
@@ -0,0 +1,431 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+    </legalnotice>
+
+    <title>Block Tags</title>
+    <prepared/>
+    <docno/>
+    <date/>
+    <rev/>
+    <file>block_tags.xml</file>
+  </header>
+
+  <p>Block tags typically define a separate block of information, such
+    as a paragraph or a list.</p>
+
+  <p>The following subset of block tags are common for all DTDs in
+    the OTP DTD suite:
+    <marker id="block_subset"></marker>
+    <seealso marker="#pTAG">&lt;p&gt;</seealso>,
+    <seealso marker="#preTAG">&lt;pre&gt;</seealso>,
+    <seealso marker="#codeTAG">&lt;code&gt;</seealso>,
+    <seealso marker="#listTAG">&lt;list&gt;</seealso>,
+    <seealso marker="#taglistTAG">&lt;taglist&gt;</seealso>,
+    <seealso marker="#codeincludeTAG">&lt;codeinclude&gt;</seealso> and
+    <seealso marker="#erlevalTAG">&lt;erleval&gt;</seealso>.
+  </p>
+
+  <section>
+    <marker id="brTAG"></marker>
+    <title>&lt;br&gt; - Line Break</title>
+
+    <p>Forces a newline. Example:</p>
+    <pre>
+Eat yourself&lt;br/&gt;senseless!
+    </pre>
+    <p>results in:</p>
+    <p>Eat yourself<br/>senseless!</p>
+
+    <p>The <c><![CDATA[<br>]]></c> tag is both a block- and an inline
+      tag.</p>
+  </section>
+
+  <section>
+    <marker id="codeTAG"></marker>
+    <title>&lt;code&gt; - Code Example</title>
+
+    <p>Highlight code examples. Example:</p>
+    <pre>
+&lt;code>
+sum([H|T]) ->
+    H + sum(T);
+sum([]) ->
+    0.
+&lt;/code>
+    </pre>
+    <p>results in:</p>
+    <code>
+sum([H|T]) ->
+    H + sum(T);
+sum([]) ->
+    0.
+    </code>
+
+    <p>There is an attribute <c>type = "erl" | "c" | "none"</c>, but
+      currently this attribute is ignored. Default value
+      is <c>"none"</c></p>
+
+    <note>
+      <p>No tags are allowed within the tag and no
+	<seealso marker="character_entities">character
+	  entities</seealso> are expanded.</p>
+    </note>
+  </section>
+
+  <section>
+    <marker id="codeincludeTAG"></marker>
+    <title>&lt;codeinclude&gt; - Code Inclusion</title>
+
+    <p>Include external code snippets. The attribute <c>file</c>
+      gives the file name and <c>tag</c> defines a string which
+      delimits the code snippet. Example:</p>
+    <pre>
+&lt;codeinclude file="example.txt" tag="%% Erlang example"/&gt;
+    </pre>
+    <p>results in:</p>
+    <codeinclude file="example.txt" tag="%% Erlang example"/>
+
+    <p>provided there is a file named <c>examples.txt</c> looking like this:
+    </p>
+    <code>
+...
+
+%% Erlang example
+-module(example).
+
+start() ->
+    {error,"Pid required!"}.
+start(Pid) ->
+    spawn(fun() -> init(Pid) end).
+%% Erlang example
+
+...
+    </code>
+
+    <p>If the <c>tag</c> attribute is omitted, the whole file is
+    included.</p>
+
+    <p>There is also an attribute <c>type = "erl" | "c" | "none"</c>, but
+      currently this attribute is ignored. Default value
+      is <c>"none"</c></p>
+  </section>
+
+  <section>
+    <marker id="erlevalTAG"></marker>
+    <title>&lt;erleval&gt; - Erlang Evaluation</title>
+
+    <p>Include the result from evaluating an Erlang expression. Example:
+    </p>
+    <code><![CDATA[
+<erleval expr="{A,b,C}={a,b,c}. "/>
+      ]]></code>
+    <p>results in:</p>
+    <erleval expr="{A,b,C}={a,b,c}. "></erleval>
+
+    <p>Note the '.' and space after the expression.</p>
+  </section>
+
+  <section>
+    <marker id="listTAG"></marker>
+    <title>&lt;list&gt; - List</title>
+
+    <p>The attribute <c>type = "ordered"|"bulleted"</c> decides if
+      the list is numbered or bulleted. Default is <c>"bulleted"</c>.
+    </p>
+
+    <p>Lists contains list items, tag <c><![CDATA[<item>]]></c>, which
+      can contain plain text,
+      the <seealso marker="#block_subset">common subset of block
+	tags</seealso> and <seealso marker="inline_tags">inline
+	tags</seealso>. Example:</p>
+    <pre>
+&lt;list type="ordered"&gt;
+  &lt;item&gt;Askosal:
+    &lt;list&gt;
+      &lt;item&gt;Nullalisis&lt;/item>
+      &lt;item&gt;Facilisis&lt;/item>
+    &lt;/list&gt;
+  &lt;/item>
+  &lt;item&gt;Ankara&lt;/item>
+&lt;/list&gt;
+    </pre>
+    <p>results in:</p>
+    <list type="ordered">
+      <item>
+	<p>Askosal:</p>
+	<list type="bulleted">
+	  <item>Nullalisis</item>
+	  <item>Facilisis</item>
+	</list>
+      </item>
+      <item>Ankara</item>
+    </list>
+  </section>
+
+  <section>
+    <marker id="markerTAG"></marker>
+    <title>&lt;marker&gt; - Marker</title>
+
+    <p>Used as an anchor for hypertext references. The
+      <c><![CDATA[<marker>]]></c> tag is both a block- and an inline
+      tag and is described in
+      the <seealso marker="inline_tags#markerTAG">Inline Tags</seealso>
+      section.</p>
+  </section>
+
+  <section>
+    <marker id="pTAG"></marker>
+    <title>&lt;p&gt; - Paragraph</title>
+
+    <p>Paragraphs contain plain text and
+      <seealso marker="inline_tags">inline tags</seealso>. Example:</p>
+    <pre>
+&lt;p&gt;I call specific attention to
+  the authority given by the &lt;em&gt;21st Amendment&lt;/em&gt;
+  to the Constitution to prohibit transportation
+  or importation of intoxicating liquors into
+  any State in violation of the laws of such
+  State.&lt;/p&gt;
+    </pre>
+    <p>results in:</p>
+    <p>I call specific attention to
+      the authority given by the <em>21st Amendment</em>
+      to the Constitution to prohibit transportation
+      or importation of intoxicating liquors into
+      any State in violation of the laws of such
+      State.</p>
+  </section>
+
+  <section>
+    <marker id="noteTAG"></marker>
+    <title>&lt;note&gt; - Note</title>
+
+    <p>Highlights a note. Can contain block tags except
+      <c><![CDATA[<note>]]></c>, <c><![CDATA[<warning>]]></c>,
+      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.
+      Example:</p>
+<pre>
+&lt;note>
+  &lt;p>This function is mainly intended for debugging.&lt;/p>
+&lt;/note>
+  </pre>
+    <p>results in:</p>
+    <note>
+      <p>This function is mainly intended for debugging.</p>
+    </note>
+  </section>
+
+  <section>
+    <marker id="preTAG"></marker>
+    <title>&lt;pre&gt; - Pre-formatted Text</title>
+
+    <p>Used for documentation of system interaction. Can contain text,
+      <seealso marker="inline_tags#seealsoTAG">seealso</seealso>,  
+      <seealso marker="inline_tags#urlTAG">url</seealso> and
+      <c><![CDATA[<input>]]></c> tags.</p>
+
+    <p>The <c><![CDATA[<input>]]></c> tag is used to highlight user
+      input. Example:</p>
+    <pre>
+&lt;pre&gt;
+$ &lt;input&gt;erl&lt;/input&gt;
+Erlang (BEAM) emulator version 5.5.3 [async-threads:0] [hipe] [kernel-poll:false]
+
+Eshell V5.5.3  (abort with ^G)
+1&gt; &lt;input&gt;pwd().&lt;/input&gt;
+/home/user
+2&gt; &lt;input&gt;halt().&lt;/input&gt;
+&lt;/pre&gt;
+    </pre>
+    <p> results in:</p>
+    <pre>
+$ <input>erl</input>
+Erlang (BEAM) emulator version 5.5.3 [async-threads:0] [hipe] [kernel-poll:false]
+
+Eshell V5.5.3  (abort with ^G)
+1> <input>pwd().</input>
+/home/user
+2> <input>halt().</input>
+    </pre>
+
+    <p>All <seealso marker="character_entities">character
+	entities</seealso> are expanded.</p>
+  </section>
+
+  <section>
+    <marker id="quoteTAG"></marker>
+    <title>&lt;quote&gt; - Quotation</title>
+
+    <p>Highlight quotations from other works, or dialog spoken by
+      characters in a narrative. Contains one or more
+      <seealso marker="#pTAG">&lt;p&gt;</seealso> tags. Example:</p>
+    <pre>
+&lt;p&gt;Whereas Section 217(a) of the Act of Congress entitled
+"An Act ..." approved June 16, 1933, provides as follows:&lt;/p&gt;
+&lt;quote&gt;
+  &lt;p&gt;Section 217(a) The President shall proclaim the law.&lt;/p>
+&lt;/quote&gt;
+    </pre>
+    <p>results in:</p>
+    <p>Whereas Section 217(a) of the Act of Congress entitled
+      "An Act ..." approved June 16, 1933, provides as follows:</p>
+    <quote>
+      <p>Section 217(a) The President shall proclaim the law.</p>
+    </quote>
+  </section>
+
+  <section>
+    <marker id="taglistTAG"></marker>
+    <marker id="tagTAG"></marker>
+    <title>&lt;taglist&gt; - Definition List</title>
+
+    <p>Definition lists contains pairs of tags,
+      <c><![CDATA[<tag>]]></c>, and list items,
+      <c><![CDATA[<item>]]></c>.</p>
+
+    <p><c><![CDATA[<tag>]]></c> can contain plain text,
+      <seealso marker="inline_tags#cTAG">&lt;c&gt;</seealso>,
+      <seealso marker="inline_tags#emTAG">&lt;em&gt;</seealso>,
+      <seealso marker="inline_tags#seealsoTAG">&lt;seealso&gt;</seealso>
+      and <seealso marker="inline_tags#urlTAG">&lt;url&gt;</seealso>
+      tags.</p>
+
+    <p><c><![CDATA[<item>]]></c> can contain plain text,
+      the <seealso marker="#block_subset">common subset of block
+	tags</seealso> and <seealso marker="inline_tags">inline
+	tags</seealso>. Example:</p>
+    <pre>
+&lt;taglist>
+  &lt;tag>&lt;c>eacces&lt;/c>&lt;/tag>
+  &lt;item>Permission denied.&lt;/item>
+  &lt;tag>&lt;c>enoent&lt;/c>&lt;/tag>
+  &lt;item>No such file or directory.&lt;/item>
+&lt;/taglist>
+    </pre>
+    <p>results in:</p>
+    <taglist>
+      <tag><c>eacces</c></tag>
+      <item>Permission denied.</item>
+      <tag><c>enoent</c></tag>
+      <item>No such file or directory.</item>
+    </taglist>
+  </section>
+
+  <section>
+    <marker id="warningTAG"></marker>
+    <title>&lt;warning&gt; - Warning</title>
+
+    <p>Highlights a warning. Can contain block tags except
+      <c><![CDATA[<note>]]></c>, <c><![CDATA[<warning>]]></c>,
+      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.
+      Example:</p>
+<pre>
+&lt;warning>
+  &lt;p>This function might be removed in a future version without
+    prior warning.&lt;/p>
+&lt;/warning>
+  </pre>
+    <p>results in:</p>
+    <warning>
+      <p>This function might be removed in a future version without
+	prior warning.</p>
+    </warning>
+  </section>
+
+  <section>
+    <marker id="imageTAG"></marker>
+    <marker id="icaptionTAG"></marker>
+    <title>&lt;image&gt; - Image</title>
+
+    <p>Graphics is imported using the <c><![CDATA[<image>]]></c> tag.
+      An image caption <c><![CDATA[<icaption>]]></c>, containing plain
+      text, must be supplied. Example:</p>
+    <pre>
+&lt;image file="man"&gt;
+  &lt;icaption&gt;A Silly Man&lt;/icaption&gt;
+&lt;/image&gt;
+    </pre>
+    <p>results in:</p>
+    <image file="man.gif">
+      <icaption>A Silly Man</icaption>
+    </image>
+
+    <p>This assumes that <c>man.gif</c> exists in the current directory.
+    </p>
+  </section>
+
+  <section>
+    <marker id="tableTAG"></marker>
+    <marker id="rowTAG"></marker>
+    <marker id="cellTAG"></marker>
+    <marker id="tcaptionTAG"></marker>
+    <title>&lt;table&gt; - Table</title>
+
+    <p>The table format is similar to how tables are described in HTML
+      3.2. A table contains one or more rows, <c><![CDATA[<row>]]></c>,
+      and a table caption <c><![CDATA[<tcaption>]]></c>, containing
+      plain text.</p>
+
+    <p>Each row contains one or more cells, <c><![CDATA[<cell>]]></c>.
+      The attributes <c>align = "left"|"center"|"right"</c> and
+      <c>valign = "top"|"middle"|"bottom"</c> decides how text is
+      aligned in the cell horizontally and vertically. Default is
+      "<c>left</c>" and "<c>middle</c>".</p>
+
+    <p>Each cell contains plain text and
+      <seealso marker="inline_tags">inline tags</seealso>. Example:</p>
+    <pre><![CDATA[
+    <table>
+      <row>
+        <cell align="left" valign="top"><em>Boys</em></cell>
+        <cell align="center" valign="middle"><em>Girls</em></cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">Juda</cell>
+        <cell align="right" valign="bottom">Susy</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">Anders</cell>
+        <cell align="left" valign="middle">Victoria</cell>
+      </row>
+      <tcaption>A table caption</tcaption>
+    </table>
+    ]]></pre>
+    <p>results in:</p>
+    <table>
+      <row>
+        <cell align="left" valign="top"><em>Boys</em></cell>
+        <cell align="center" valign="middle"><em>Girls</em></cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">Juda</cell>
+        <cell align="right" valign="bottom">Susy</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">Anders</cell>
+        <cell align="left" valign="middle">Victoria</cell>
+      </row>
+      <tcaption>A table caption</tcaption>
+    </table>
+  </section>
+</chapter>
+
diff --git a/lib/erl_docgen/doc/src/book.xml b/lib/erl_docgen/doc/src/book.xml
index 9df5c39271..73bfb7916d 100644
--- a/lib/erl_docgen/doc/src/book.xml
+++ b/lib/erl_docgen/doc/src/book.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE book SYSTEM "book.dtd">
 
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <header titlestyle="normal">
     <copyright>
-      <year>2004</year><year>2009</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -21,27 +21,26 @@
     
     </legalnotice>
 
-    <title>erl_docgen</title>
+    <title>Erl_Docgen</title>
     <prepared>Lars Thorsen</prepared>
     <docno></docno>
-    <date>2009-11-10</date>
-    <rev>0.1</rev>
+    <date>2011-11-10</date>
+    <rev>0.3</rev>
     <file>book.xml</file>
   </header>
-  <insidecover>
-  </insidecover>
   <pagetext>erl_docgen</pagetext>
   <preamble>
     <contents level="2"></contents>
   </preamble>
   <parts lift="no">
+    <xi:include href="part.xml"/>
   </parts>
   <applications>
+    <xi:include href="ref_man.xml"/>
   </applications>
   <releasenotes>
     <xi:include href="notes.xml"/>
   </releasenotes>
-  <listofterms></listofterms>
   <index></index>
 </book>
 
diff --git a/lib/erl_docgen/doc/src/character_entities.xml b/lib/erl_docgen/doc/src/character_entities.xml
new file mode 100644
index 0000000000..9f55b68d18
--- /dev/null
+++ b/lib/erl_docgen/doc/src/character_entities.xml
@@ -0,0 +1,546 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+    </legalnotice>
+
+    <title>Character Entities</title>
+    <prepared/>
+    <docno/>
+    <date/>
+    <rev/>
+    <file>character_entities.xml</file>
+  </header>
+
+  <section>
+    <title>Added Latin 1</title>
+
+    <p>The OTP DTD suite uses the same character entities as
+      defined in HTML 3.2
+      (<c>ISO 8879-1986//ENTITIES Added Latin 1//EN//HTML</c>). That is:
+      for an &amp; (ampersand), use the entity: <c>&amp;amp;</c>, for
+      &ouml; use the entity <c>&amp;ouml;</c> and so on.</p>
+
+    <table>
+      <row>
+        <cell align="left" valign="middle"><em>Character</em></cell>
+        <cell align="left" valign="middle"><em>Entity</em></cell>
+        <cell align="left" valign="middle"><em>Description</em></cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&amp;</cell>
+        <cell align="left" valign="middle">&amp;amp;</cell>
+        <cell align="left" valign="middle">ampersand</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&gt;</cell>
+        <cell align="left" valign="middle">&amp;gt;</cell>
+        <cell align="left" valign="middle">greater than</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&lt;</cell>
+        <cell align="left" valign="middle">&amp;lt;</cell>
+        <cell align="left" valign="middle">less than</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&nbsp;</cell>
+        <cell align="left" valign="middle">&amp;nbsp;</cell>
+        <cell align="left" valign="middle">no-break space</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&iexcl;</cell>
+        <cell align="left" valign="middle">&amp;iexcl;</cell>
+        <cell align="left" valign="middle">inverted exclamation mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&cent;</cell>
+        <cell align="left" valign="middle">&amp;cent;</cell>
+        <cell align="left" valign="middle">cent sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&pound;</cell>
+        <cell align="left" valign="middle">&amp;pound;</cell>
+        <cell align="left" valign="middle">pound sterling sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&curren;</cell>
+        <cell align="left" valign="middle">&amp;curren;</cell>
+        <cell align="left" valign="middle">general currency sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&yen;</cell>
+        <cell align="left" valign="middle">&amp;yen;</cell>
+        <cell align="left" valign="middle">yen sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&brvbar;</cell>
+        <cell align="left" valign="middle">&amp;brvbar;</cell>
+        <cell align="left" valign="middle">broken (vertical) bar</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&sect;</cell>
+        <cell align="left" valign="middle">&amp;sect;</cell>
+        <cell align="left" valign="middle">section sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&uml;</cell>
+        <cell align="left" valign="middle">&amp;uml;</cell>
+        <cell align="left" valign="middle">umlaut (dieresis)</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&copy;</cell>
+        <cell align="left" valign="middle">&amp;copy;</cell>
+        <cell align="left" valign="middle">copyright sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ordf;</cell>
+        <cell align="left" valign="middle">&amp;ordf;</cell>
+        <cell align="left" valign="middle">ordinal indicator, feminine</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&laquo;</cell>
+        <cell align="left" valign="middle">&amp;laquo;</cell>
+        <cell align="left" valign="middle">angle quotation mark, left</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&not;</cell>
+        <cell align="left" valign="middle">&amp;not;</cell>
+        <cell align="left" valign="middle">not sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle"></cell> <!-- a space is used instead of &shy; due to bug in fop 1.0 -->
+        <cell align="left" valign="middle">&amp;shy;</cell>
+        <cell align="left" valign="middle">soft hyphen</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&reg;</cell>
+        <cell align="left" valign="middle">&amp;reg;</cell>
+        <cell align="left" valign="middle">registered sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&macr;</cell>
+        <cell align="left" valign="middle">&amp;macr;</cell>
+        <cell align="left" valign="middle">macron</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&deg;</cell>
+        <cell align="left" valign="middle">&amp;deg;</cell>
+        <cell align="left" valign="middle">degree sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&plusmn;</cell>
+        <cell align="left" valign="middle">&amp;plusmn;</cell>
+        <cell align="left" valign="middle">plus-or-minus</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&sup2;</cell>
+        <cell align="left" valign="middle">&amp;sup2;</cell>
+        <cell align="left" valign="middle">superscript two</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&sup3;</cell>
+        <cell align="left" valign="middle">&amp;sup3;</cell>
+        <cell align="left" valign="middle">superscript three</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&acute;</cell>
+        <cell align="left" valign="middle">&amp;acute;</cell>
+        <cell align="left" valign="middle">acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&micro;</cell>
+        <cell align="left" valign="middle">&amp;micro;</cell>
+        <cell align="left" valign="middle">micro sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&para;</cell>
+        <cell align="left" valign="middle">&amp;para;</cell>
+        <cell align="left" valign="middle">pilcrow (paragraph sign)</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&middot;</cell>
+        <cell align="left" valign="middle">&amp;middot;</cell>
+        <cell align="left" valign="middle">middle dot</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&cedil;</cell>
+        <cell align="left" valign="middle">&amp;cedil;</cell>
+        <cell align="left" valign="middle">cedilla</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&sup1;</cell>
+        <cell align="left" valign="middle">&amp;sup1;</cell>
+        <cell align="left" valign="middle">superscript one</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ordm;</cell>
+        <cell align="left" valign="middle">&amp;ordm;</cell>
+        <cell align="left" valign="middle">ordinal indicator, masculine</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&raquo;</cell>
+        <cell align="left" valign="middle">&amp;raquo;</cell>
+        <cell align="left" valign="middle">angle quotation mark, right</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&frac14;</cell>
+        <cell align="left" valign="middle">&amp;frac14;</cell>
+        <cell align="left" valign="middle">fraction one-quarter</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&frac12;</cell>
+        <cell align="left" valign="middle">&amp;frac12;</cell>
+        <cell align="left" valign="middle">fraction one-half</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&frac34;</cell>
+        <cell align="left" valign="middle">&amp;frac34;</cell>
+        <cell align="left" valign="middle">fraction three-quarters</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&iquest;</cell>
+        <cell align="left" valign="middle">&amp;iquest;</cell>
+        <cell align="left" valign="middle">inverted question mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Agrave;</cell>
+        <cell align="left" valign="middle">&amp;Agrave;</cell>
+        <cell align="left" valign="middle">capital A, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Aacute;</cell>
+        <cell align="left" valign="middle">&amp;Aacute;</cell>
+        <cell align="left" valign="middle">capital A, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Acirc;</cell>
+        <cell align="left" valign="middle">&amp;Acirc;</cell>
+        <cell align="left" valign="middle">capital A, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Atilde;</cell>
+        <cell align="left" valign="middle">&amp;Atilde;</cell>
+        <cell align="left" valign="middle">capital A, tilde</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Auml;</cell>
+        <cell align="left" valign="middle">&amp;Auml;</cell>
+        <cell align="left" valign="middle">capital A, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Aring;</cell>
+        <cell align="left" valign="middle">&amp;Aring;</cell>
+        <cell align="left" valign="middle">capital A, ring</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&AElig;</cell>
+        <cell align="left" valign="middle">&amp;AElig;</cell>
+        <cell align="left" valign="middle">capital AE diphthong (ligature)</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Ccedil;</cell>
+        <cell align="left" valign="middle">&amp;Ccedil;</cell>
+        <cell align="left" valign="middle">capital C, cedilla</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Egrave;</cell>
+        <cell align="left" valign="middle">&amp;Egrave;</cell>
+        <cell align="left" valign="middle">capital E, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Eacute;</cell>
+        <cell align="left" valign="middle">&amp;Eacute;</cell>
+        <cell align="left" valign="middle">capital E, acute accen</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Ecirc;</cell>
+        <cell align="left" valign="middle">&amp;Ecirc;</cell>
+        <cell align="left" valign="middle">capital E, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Euml;</cell>
+        <cell align="left" valign="middle">&amp;Euml;</cell>
+        <cell align="left" valign="middle">capital E, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Igrave;</cell>
+        <cell align="left" valign="middle">&amp;Igrave;</cell>
+        <cell align="left" valign="middle">capital I, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Iacute;</cell>
+        <cell align="left" valign="middle">&amp;Iacute;</cell>
+        <cell align="left" valign="middle">capital I, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Icirc;</cell>
+        <cell align="left" valign="middle">&amp;Icirc;</cell>
+        <cell align="left" valign="middle">capital I, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Iuml;</cell>
+        <cell align="left" valign="middle">&amp;Iuml;</cell>
+        <cell align="left" valign="middle">capital I, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ETH;</cell>
+        <cell align="left" valign="middle">&amp;ETH;</cell>
+        <cell align="left" valign="middle">capital Eth, Icelandic</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Ntilde;</cell>
+        <cell align="left" valign="middle">&amp;Ntilde;</cell>
+        <cell align="left" valign="middle">capital N, tilde</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Ograve;</cell>
+        <cell align="left" valign="middle">&amp;Ograve;</cell>
+        <cell align="left" valign="middle">capital O, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Oacute;</cell>
+        <cell align="left" valign="middle">&amp;Oacute;</cell>
+        <cell align="left" valign="middle">capital O, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Ocirc;</cell>
+        <cell align="left" valign="middle">&amp;Ocirc;</cell>
+        <cell align="left" valign="middle">capital O, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Otilde;</cell>
+        <cell align="left" valign="middle">&amp;Otilde;</cell>
+        <cell align="left" valign="middle">capital O, tilde</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Ouml;</cell>
+        <cell align="left" valign="middle">&amp;Ouml;</cell>
+        <cell align="left" valign="middle">capital O, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&times;</cell>
+        <cell align="left" valign="middle">&amp;times;</cell>
+        <cell align="left" valign="middle">multiply sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Oslash;</cell>
+        <cell align="left" valign="middle">&amp;Oslash;</cell>
+        <cell align="left" valign="middle">capital O, slash</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Ugrave;</cell>
+        <cell align="left" valign="middle">&amp;Ugrave;</cell>
+        <cell align="left" valign="middle">capital U, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Uacute;</cell>
+        <cell align="left" valign="middle">&amp;Uacute;</cell>
+        <cell align="left" valign="middle">capital U, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Ucirc;</cell>
+        <cell align="left" valign="middle">&amp;Ucirc;</cell>
+        <cell align="left" valign="middle">capital U, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Uuml;</cell>
+        <cell align="left" valign="middle">&amp;Uuml;</cell>
+        <cell align="left" valign="middle">capital U, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&Yacute;</cell>
+        <cell align="left" valign="middle">&amp;Yacute;</cell>
+        <cell align="left" valign="middle">capital Y, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&THORN;</cell>
+        <cell align="left" valign="middle">&amp;THORN;</cell>
+        <cell align="left" valign="middle">capital THORN, Icelandic</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&szlig;</cell>
+        <cell align="left" valign="middle">&amp;szlig;</cell>
+        <cell align="left" valign="middle">small sharp s, German (sz ligature)</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&agrave;</cell>
+        <cell align="left" valign="middle">&amp;agrave;</cell>
+        <cell align="left" valign="middle">small a, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&aacute;</cell>
+        <cell align="left" valign="middle">&amp;aacute;</cell>
+        <cell align="left" valign="middle">small a, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&acirc;</cell>
+        <cell align="left" valign="middle">&amp;acirc;</cell>
+        <cell align="left" valign="middle">small a, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&atilde;</cell>
+        <cell align="left" valign="middle">&amp;atilde;</cell>
+        <cell align="left" valign="middle">small a, tilde</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&auml;</cell>
+        <cell align="left" valign="middle">&amp;auml;</cell>
+        <cell align="left" valign="middle">small a, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&aring;</cell>
+        <cell align="left" valign="middle">&amp;aring;</cell>
+        <cell align="left" valign="middle">small a, ring</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&aelig;</cell>
+        <cell align="left" valign="middle">&amp;aelig;</cell>
+        <cell align="left" valign="middle">small ae diphthong (ligature)</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ccedil;</cell>
+        <cell align="left" valign="middle">&amp;ccedil;</cell>
+        <cell align="left" valign="middle">small c, cedilla</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&egrave;</cell>
+        <cell align="left" valign="middle">&amp;egrave;</cell>
+        <cell align="left" valign="middle">small e, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&eacute;</cell>
+        <cell align="left" valign="middle">&amp;eacute;</cell>
+        <cell align="left" valign="middle">small e, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ecirc;</cell>
+        <cell align="left" valign="middle">&amp;ecirc;</cell>
+        <cell align="left" valign="middle">small e, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&euml;</cell>
+        <cell align="left" valign="middle">&amp;euml;</cell>
+        <cell align="left" valign="middle">small e, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&igrave;</cell>
+        <cell align="left" valign="middle">&amp;igrave;</cell>
+        <cell align="left" valign="middle">small i, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&iacute;</cell>
+        <cell align="left" valign="middle">&amp;iacute;</cell>
+        <cell align="left" valign="middle">small i, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&icirc;</cell>
+        <cell align="left" valign="middle">&amp;icirc;</cell>
+        <cell align="left" valign="middle">small i, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&iuml;</cell>
+        <cell align="left" valign="middle">&amp;iuml;</cell>
+        <cell align="left" valign="middle">small i, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&eth;</cell>
+        <cell align="left" valign="middle">&amp;eth;</cell>
+        <cell align="left" valign="middle">small eth, Icelandic</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ntilde;</cell>
+        <cell align="left" valign="middle">&amp;ntilde;</cell>
+        <cell align="left" valign="middle">small n, tilde</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ograve;</cell>
+        <cell align="left" valign="middle">&amp;ograve;</cell>
+        <cell align="left" valign="middle">small o, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&oacute;</cell>
+        <cell align="left" valign="middle">&amp;oacute;</cell>
+        <cell align="left" valign="middle">small o, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ocirc;</cell>
+        <cell align="left" valign="middle">&amp;ocirc;</cell>
+        <cell align="left" valign="middle">small o, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&otilde;</cell>
+        <cell align="left" valign="middle">&amp;otilde;</cell>
+        <cell align="left" valign="middle">small o, tilde</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ouml;</cell>
+        <cell align="left" valign="middle">&amp;ouml;</cell>
+        <cell align="left" valign="middle">small o, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&divide;</cell>
+        <cell align="left" valign="middle">&amp;divide;</cell>
+        <cell align="left" valign="middle">divide sign</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&oslash;</cell>
+        <cell align="left" valign="middle">&amp;oslash;</cell>
+        <cell align="left" valign="middle">small o, slash</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ugrave;</cell>
+        <cell align="left" valign="middle">&amp;ugrave;</cell>
+        <cell align="left" valign="middle">small u, grave accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&uacute;</cell>
+        <cell align="left" valign="middle">&amp;uacute;</cell>
+        <cell align="left" valign="middle">small u, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&ucirc;</cell>
+        <cell align="left" valign="middle">&amp;ucirc;</cell>
+        <cell align="left" valign="middle">small u, circumflex accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&uuml;</cell>
+        <cell align="left" valign="middle">&amp;uuml;</cell>
+        <cell align="left" valign="middle">small u, dieresis or umlaut mark</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&yacute;</cell>
+        <cell align="left" valign="middle">&amp;yacute;</cell>
+        <cell align="left" valign="middle">small y, acute accent</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&thorn;</cell>
+        <cell align="left" valign="middle">&amp;thorn;</cell>
+        <cell align="left" valign="middle">small thorn, Icelandic</cell>
+      </row>
+      <row>
+        <cell align="left" valign="middle">&yuml;</cell>
+        <cell align="left" valign="middle">&amp;yuml;</cell>
+        <cell align="left" valign="middle">small y, dieresis or umlaut mark</cell>
+      </row>
+      <tcaption>Accented Latin-1 alphabetic characters.</tcaption>
+    </table>
+  </section>
+</chapter>
+
diff --git a/lib/erl_docgen/doc/src/convert.howto b/lib/erl_docgen/doc/src/convert.howto
deleted file mode 100644
index 2c72de8c4c..0000000000
--- a/lib/erl_docgen/doc/src/convert.howto
+++ /dev/null
@@ -1,13 +0,0 @@
-
-- add  xmlns:xi="http://www.w3.org/2001/XInclude" on top tag 
-  in files whith include directives
-
-- change <include file="notes"></include> <xi:include href="notes.xml"/>
-
-- change <image file="a"/> to <image file="a.gif"/>
-
-- remove chapers directly in the book and put them in the part instead
-
--change title to just the application name
-
-- fix codeinclude : xml --> xmlsrc
\ No newline at end of file
diff --git a/lib/erl_docgen/doc/src/doc-build.xml b/lib/erl_docgen/doc/src/doc-build.xml
new file mode 100644
index 0000000000..08410a1539
--- /dev/null
+++ b/lib/erl_docgen/doc/src/doc-build.xml
@@ -0,0 +1,188 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+     </legalnotice>
+    <title>How to Build OTP like documentation</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>doc-build.xml</file>
+  </header>
+
+  <section>
+    <title>Utilities to prepare XML files</title>
+    <section>
+      <title>Create XML files from code</title>
+      <p>
+	If there are EDoc comments in a module, the escript <c>xml_from_edoc.escript</c>
+	can be used to generate an XML file according to the <c>erlref</c> DTD 
+	for this module.
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> escript $(ERL_TOP)/lib/erl_docgen/priv/bin/xml_from_edoc.escript ex1.erl
+      </code>
+    </section>
+    <section>
+      <title>Include code in XML</title>
+      <p>If there are OTP DTD <i>codeinclude</i> tags in the source XML file, the escript
+          <c>codeline_preprocessing.escript</c> can be used to include the code and produce
+	  an XML file according to the OTP DTDs. 
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> escript $(ERL_TOP)/lib/erl_docgen/priv/bin/codeline_preprocessing.escript ex1.xmlsrc ex1.xml
+      </code>
+    </section>
+  </section>
+
+  <section>
+    <title>Use xsltproc to generate different output formats</title>
+
+    <section>
+      <title>Parameters used in all the the XSL transformations</title>
+      <p>
+	These parameters to <c>xsltproc</c> are used for all the supported output formats.
+      </p>
+      <taglist>
+	<tag><c>docgen</c></tag>
+	<item>
+	  Path to erl_docgen's top directory.
+	</item>
+	<tag><c>gendate</c></tag>
+	<item>
+	  The date string that will be used in the documentation.
+	</item>
+	<tag><c>appname</c></tag>
+	<item>
+	  The name of the application.>
+	</item> 
+	<tag><c>appver</c></tag>
+	<item>
+	  The version of the application.
+	</item>
+     </taglist>
+    </section>
+
+    <section>
+      <title>Generate HTML output</title>
+      <p>
+	When generating HTML one also needs these three pramaters to <c>xsltproc</c>.
+      </p> 
+      <taglist>
+	<tag><c>outdir</c></tag>
+	<item>
+	  Output directory for the produced html files.
+	</item>
+ 	<tag><c>topdocdir</c></tag>
+	<item>
+	  If one builds a standalone documentation for an application this should be set to ".".
+	</item>
+	<tag><c>pdfdir</c></tag>
+	<item>
+	  Relative path from the html directory to where the pdf file are placed.
+	</item>
+      </taglist>
+      <p>
+	Example:
+      </p>
+      <code>
+	
+	1> xsltproc --noout --stringparam outdir /tmp/myhtmldoc \
+	      --stringparam docgen $(ERL_TOP)/lib/erl_docgen \
+              --stringparam topdocdir . \
+              --stringparam pdfdir "$(PDFDIR)" \
+              --xinclude \
+	      --stringparam gendate "December 5 2011" \
+              --stringparam appname MyApp \
+              --stringparam appver 0.1 \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd_html_entities \
+	      $ERL_TOP/lib/erl_docgen/priv/xsl/db_html.xsl mybook.xml
+      </code>
+    </section>
+
+    <section>
+      <title>Generate PDF</title>
+      <p>
+	The generation of the PDF file is done in two steps. First is <c>xsltproc</c> used to generate a <c>.fo</c> file 
+	which is used as input to the <c>fop</c> command to produce th PDF file.
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> xsltproc --output MyApp.fo \
+             --stringparam docgen $ERL_TOP/lib/erl_docgen \
+	     --stringparam gendate  "December 5 2011" \
+             --stringparam appname MyApp \
+             --stringparam appver 0.1 \
+             --xinclude \
+             -path $ERL_TOP/lib/erl_docgen/priv/dtd \
+             -path $ERL_TOP/lib/erl_docgen/priv/dtd_html_entities \
+	     $ERL_TOP/lib/erl_docgen/priv/xsl/db_pdf.xsl mybook.xml
+
+
+        2> fop -fo MyApp.fo -pdf MyApp.pdf
+      </code>
+    </section>
+
+    <section>
+      <title>Generate man pages</title>
+      <p>
+	Unix man pages can be generated with <c>xsltproc</c> from XML files written according to 
+	the different OTP ref type DTDs. 
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> xsltproc --output  my_module.3\
+	      --stringparam docgen $ERL_TOP/lib/erl_docgen \
+	      --stringparam gendate  "December 5 2011" \
+	      --stringparam appname MyApp \
+	      --stringparam appver 0.1 \
+	      --xinclude -path $ERL_TOP/lib/erl_docgen/priv/dtd  \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd_man_entities \
+              $ERL_TOP/lib/erl_docgen/priv/xsl/db_man.xsl my_refpage.xml
+      </code>
+    </section>
+
+    <section>
+      <title>Upcomming changes</title>
+      <p>
+	The output from the <c>erl_docgen</c> documentation build process is now just the OTP style. 
+	But in a near future we will for example add the possibility to change logo, color in the PDF and 
+	style sheet for the HTML.
+      </p>
+    </section>
+
+  </section>
+</chapter>
diff --git a/lib/erl_docgen/doc/src/docgen_xml_check.xml b/lib/erl_docgen/doc/src/docgen_xml_check.xml
new file mode 100644
index 0000000000..58cf069d81
--- /dev/null
+++ b/lib/erl_docgen/doc/src/docgen_xml_check.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE erlref SYSTEM "erlref.dtd">
+
+<erlref>
+  <header>
+    <copyright>
+      <year>2007</year>
+      <year>2011</year>
+      <holder>Ericsson AB, All Rights Reserved</holder>
+    </copyright>
+    <legalnotice>
+  The contents of this file are subject to the Erlang Public License,
+  Version 1.1, (the "License"); you may not use this file except in
+  compliance with the License. You should have received a copy of the
+  Erlang Public License along with this software. If not, it can be
+  retrieved online at http://www.erlang.org/.
+
+  Software distributed under the License is distributed on an "AS IS"
+  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+  the License for the specific language governing rights and limitations
+  under the License.
+
+  The Initial Developer of the Original Code is Ericsson AB.
+    </legalnotice>
+
+    <title>docgen_xml_check</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+  </header>
+  <module>docgen_xml_check</module>
+  <modulesummary>Validate XML documentation source code</modulesummary>
+  <description>
+    <p><c>docgen_xml_check</c> contains functions for validating XML
+      documentation source code.</p>
+  </description>
+
+  <funcs>
+    <func>
+      <name>validate(File) -> ok | error | {error, badfile}</name>
+      <fsummary>Validate XML source code.</fsummary>
+      <type>
+	<v>File = string()</v>
+      </type>
+      <desc>
+        <p>Validates the XML documentation source code in <c>File</c>.
+	  The <c>.xml</c> extension can be omitted.</p>
+
+	<p>Returns <c>ok</c> if successful, otherwise error information
+	  is printed and the function returns <c>error</c>.
+	  If <c>File</c> does not exist, <c>{error, badfile}</c> is
+	  returned.</p>
+      </desc>
+    </func>
+  </funcs>
+
+</erlref>
+
diff --git a/lib/erl_docgen/doc/src/erl_docgen.txt b/lib/erl_docgen/doc/src/erl_docgen.txt
deleted file mode 100644
index 14a4dc8e10..0000000000
--- a/lib/erl_docgen/doc/src/erl_docgen.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
-
-/home/otptest/bin/otp_wrap_ssh boddington /home/otptest/bin/otp_build_doc -rel r13b02 -view otptest_r13_daily_doc2 -csfile /usr/local/otp/config-specs/r13_dev.cs -insdir /ldisk/daily_build
-_
-                                                                              
\ No newline at end of file
diff --git a/lib/erl_docgen/doc/src/erl_docgen_app.xml b/lib/erl_docgen/doc/src/erl_docgen_app.xml
new file mode 100644
index 0000000000..25c473bb7e
--- /dev/null
+++ b/lib/erl_docgen/doc/src/erl_docgen_app.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE appref SYSTEM "appref.dtd">
+
+<appref>
+  <header>
+    <copyright>
+      <year>2011</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+
+    </legalnotice>
+
+    <title>erl_docgen</title>
+    <file>erl_docgen_app.xml</file>
+  </header>
+  <app>erl_docgen</app>
+  <appsummary>
+    The erl_docgen application is used to produce the OTP documentation.
+  </appsummary>
+  
+    <description>
+      <p>
+	The application consists of the following parts
+	<taglist>
+	  <tag>XSL</tag>
+	  <item>
+	    <p>
+	      A number of XSL files that is used to transform the xml files to html, pdf or man pages.
+	    </p>
+	  </item>
+	  <tag>DTDs</tag>
+	  <item>
+	    <p>
+	      The DTDs used for the OTP documentation.
+	    </p>
+	  </item>
+	  <tag>escripts</tag>
+	  <item>
+	    <p>
+	      Some scripts that is used to produce xml files according to OTP DTDs from some different input.
+	    </p>
+	  </item>
+	  <tag>misc</tag>
+	  <item>
+	    <p>
+	      Erlang logo, javascripts and css stylesheets used in the documentation.
+	    </p>
+	  </item>
+	</taglist>
+      </p>
+    </description>
+
+</appref>
diff --git a/lib/erl_docgen/doc/src/example.txt b/lib/erl_docgen/doc/src/example.txt
new file mode 100644
index 0000000000..ad86165391
--- /dev/null
+++ b/lib/erl_docgen/doc/src/example.txt
@@ -0,0 +1,17 @@
+This example code is used in block_tags.xml.
+
+%% Erlang example
+-module(example).
+
+start() ->
+    {error,"Pid required!"}.
+
+start(Pid) ->
+    spawn(smalltalk,main,[]).
+%% Erlang example
+
+// A little C example
+int main() {
+  for(;;);
+}
+// A little C example
diff --git a/lib/erl_docgen/doc/src/fasc_dtds.xml b/lib/erl_docgen/doc/src/fasc_dtds.xml
new file mode 100644
index 0000000000..86eeb958f6
--- /dev/null
+++ b/lib/erl_docgen/doc/src/fasc_dtds.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>2007</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+    </legalnotice>
+
+    <title>Fascicules DTDs</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>fasc_dtds.xml</file>
+  </header>
+
+  <section>
+    <title>The fascicules DTD</title>
+
+    <p>The <c>fascicules</c> DTD is a special kind of DTD which can be
+      used to specify the different parts of the documentation, and
+      which one of those should be shown as default.</p>
+
+    <p>Example:</p>
+
+    <pre><![CDATA[
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE fascicules SYSTEM "fascicules.dtd">
+<fascicules>
+  <fascicule file="part" href="part_frame.html" entry="no">
+    User's Guide
+  </fascicule>
+  <fascicule file="ref_man" href="ref_man_frame.html" entry="yes">
+    Reference Manual
+  </fascicule>
+  <fascicule file="part_notes" href="part_notes_frame.html" entry="no">
+    Release Notes
+  </fascicule>
+</fascicules>
+    ]]></pre>
+
+    <p>In the example, it is specified that the documentation for this
+      application consists of three parts: User's Guide, where
+      the "cover page" (with the two frames) is located in
+      <c>part_frame.html</c>, Reference Manual with the cover page
+      <c>ref_man_frame.html</c> and Release Notes with the cover page
+      <c>part_notes_frame.html</c>.</p>
+
+    <p>As a result, at the top of the left frame in the generated HTML
+      documentation, there will be corresponding links to User's Guide,
+      Reference Manual and Release Notes.</p>
+
+    <p>The attribute <c>entry="yes"</c> specifies that it is
+      the Reference Manual which should be shown as default. This means
+      that when generating the HTML files, <c>application_frame.html</c>
+      will be copied to <c>index.html</c>.</p>
+
+    <note>
+      <p>DocBuilder assumes that the XML file written according to
+	the <c>fascicules</c> DTD is called <c>fascicules.xml</c>.</p>
+    </note>
+
+    <p>This file is optional. If it does not exist, there are no links
+      to other parts of the documentation (as they are not known) in
+      the left frame, and no <c>index.html</c> is created.</p>
+  </section>
+
+  <section>
+    <marker id="fasciculesTAG"></marker>
+    <title>&lt;fascicules&gt;</title>
+
+    <p>Top level tag for the <c>fascicules</c> DTD.</p>
+
+    <p>Contains one or more
+      <seealso marker="#fasciculeTAG">&lt;fascicule&gt;</seealso>.</p>
+  </section>
+
+  <section>
+    <marker id="fasciculeTAG"></marker>
+    <title>&lt;fascicule&gt;</title>
+
+    <p>Specifies properties for one "part" of the documentation for an
+      application.</p>
+
+    <p>Contains plain text, the name of this part.</p>
+
+    <p>The <c>file</c> attribute should specify the file name for
+      the corresponding <c>part</c> or <c>application</c>, without
+      the <c>.xml</c> extension.</p>
+
+    <p>The <c>href</c> attribute should specify the file name for
+      the corresponding HTML cover page file, without the <c>.html</c>
+      extension.</p>
+
+    <p>The optional <c>entry="yes"|"no"</c> attribute specifies if
+      the HTML cover page should be copied to <c>index.html</c> or
+      not. Default is <c>"no"</c>.</p>
+  </section>
+</chapter>
+
diff --git a/lib/docbuilder/doc/src/fascicules.xml b/lib/erl_docgen/doc/src/fascicules.xml
index 1b9d6bc94d..1b9d6bc94d 100644
--- a/lib/docbuilder/doc/src/fascicules.xml
+++ b/lib/erl_docgen/doc/src/fascicules.xml
diff --git a/lib/erl_docgen/doc/src/header_tags.xml b/lib/erl_docgen/doc/src/header_tags.xml
new file mode 100644
index 0000000000..dfae15107f
--- /dev/null
+++ b/lib/erl_docgen/doc/src/header_tags.xml
@@ -0,0 +1,181 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+    </legalnotice>
+
+    <title>Header Tags</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>header_tags.xml</file>
+  </header>
+
+  <p>Each document begins with a header part, which looks the same for
+    all DTDs. Here the title of the document is specified, as well as
+    administrative data like who is responsible for the document, which
+    version is it, when was it last changed and such.</p>
+
+  <p>An full header looks like:</p>
+  <pre>
+&lt;header>
+  &lt;copyright>...&lt;/copyright>
+  &lt;legalnotice>...&lt;/legalnotice>
+  &lt;title>...&lt;/title>
+  &lt;prepared>...&lt;/prepared>
+  &lt;responsible>...&lt;/responsible>
+  &lt;docno>...&lt;/docno>
+  &lt;approved>...&lt;/approved>
+  &lt;checked>...&lt;/checked>
+  &lt;date>...&lt;/date>
+  &lt;rev>...&lt;/rev>
+  &lt;file>...&lt;/file>
+&lt;/header>
+  </pre>
+
+  <section>
+    <marker id="headerTAG"></marker>
+    <title>&lt;header&gt;</title>
+
+    <p>Top level tag for the header part.</p>
+  </section>
+
+  <section>
+    <marker id="copyrightTAG"></marker>
+    <title>&lt;copyright&gt;</title>
+
+    <p>The <c>copyright</c> element holds information about date(s) and holder(s) of
+    a document copyright. The <c>copyright</c> element is optional.
+    The <c>copyright</c> element has an inner structure containing one or 
+    more 
+    <c>year</c> elements followed by zero of more <c>holder</c> elements.<br/> 
+    See example below:
+    </p>
+    <code><![CDATA[
+    <copyright>
+      <year>1997</year>
+      <year>2007</year>
+      <holder>Ericsson AB</holder>
+    </copyright>
+    ]]></code>
+  </section>
+
+  <section>
+    <marker id="legalnoticeTAG"></marker>
+    <title>&lt;legalnotice&gt;</title>
+
+    <p>The <c>legalnotice</c> element is used to express copyright, trademark,
+    license, and other legal formalities of a document. The element contains
+    only PCDATA in the same manner as <c>code</c> and <c>pre</c>.
+    </p>
+  </section>
+
+  <section>
+    <marker id="titleTAG"></marker>
+    <title>&lt;title&gt;</title>
+
+    <p>For <c>part</c> and <c>application</c> documents, this will be
+      the title of the document, visible in the left frame and on
+      the front page.</p>
+
+    <p>For <c>chapter</c> documents, this will be the chapter name.</p>
+
+    <p>For reference manual documents, this tag is ignored.</p>
+  </section>
+
+  <section>
+    <title>&lt;shorttitle&gt;</title>
+
+    <p>This optional tag is ignored. It will likely be
+      removed in the future.</p>
+  </section>
+
+  <section>
+    <marker id="preparedTAG"></marker>
+    <title>&lt;prepared&gt;</title>
+
+    <p>This tag is intended for administrative use and is ignored.</p>
+  </section>
+
+  <section>
+    <marker id="responsibleTAG"></marker>
+    <title>&lt;responsible&gt;</title>
+
+    <p>This optional tag is intended for administrative use and is
+      ignored.</p>
+  </section>
+
+  <section>
+    <marker id="docnoTAG"></marker>
+    <title>&lt;docno&gt;</title>
+
+    <p>Document number.</p>
+
+    <p>For <c>part</c> and <c>application</c> documents, the document
+      number is visible in the left frame and on the front page.</p>
+
+    <p>For other types of documents, this tag is ignored.</p>
+  </section>
+
+  <section>
+    <marker id="approvedTAG"></marker>
+    <title>&lt;approved&gt;</title>
+
+    <p>This optional tag is intended for administrative use and is
+      ignored.</p>
+  </section>
+
+  <section>
+    <marker id="checkedTAG"></marker>
+    <title>&lt;checked&gt;</title>
+
+    <p>This optional tag is intended for administrative use and is
+      ignored.</p>
+  </section>
+
+  <section>
+    <marker id="dateTAG"></marker>
+    <title>&lt;date&gt;</title>
+
+    <p>This tag is intended for administrative use and is ignored.</p>
+  </section>
+
+  <section>
+    <marker id="revTAG"></marker>
+    <title>&lt;rev&gt;</title>
+
+    <p>Document version.</p>
+
+    <p>For <c>part</c> and <c>application</c> documents, the document
+      version is visible in the left frame and on the front page.</p>
+
+    <p>For other types of documents, this tag is ignored.</p>
+  </section>
+
+  <section>
+    <marker id="fileTAG"></marker>
+    <title>&lt;file&gt;</title>
+
+    <p>This optional tag is intended for administrative use and is
+      ignored.</p>
+  </section>
+</chapter>
+
diff --git a/lib/erl_docgen/doc/src/inline_tags.xml b/lib/erl_docgen/doc/src/inline_tags.xml
new file mode 100644
index 0000000000..9b27da659b
--- /dev/null
+++ b/lib/erl_docgen/doc/src/inline_tags.xml
@@ -0,0 +1,214 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+
+    </legalnotice>
+
+    <title>Inline Tags</title>
+    <prepared/>
+    <docno/>
+    <date/>
+    <rev/>
+    <file>inline_tags.xml</file>
+  </header>
+
+  <p>Inline tags are typically used within block tags, for example to
+    highlight a word within a paragraph.</p>
+
+  <section>
+    <marker id="brTAG"></marker>
+    <title>&lt;br&gt; - Line Break</title>
+
+    <p>Forces a newline. The <c><![CDATA[<br>]]></c> tag is both a
+      block- and an inline tag and is described in
+      the <seealso marker="block_tags#brTAG">Block Tags</seealso>
+      section.</p>
+  </section>
+
+  <section>
+    <marker id="cTAG"></marker>
+    <title>&lt;c&gt; - Code</title>
+
+    <p>Highlights things like variables and file names in a text flow.
+      Can contain plain text only. Newlines and tabs are ignored as
+      opposed to the <seealso marker="block_tags#codeTAG">code</seealso>
+      tag. All <seealso marker="character_entities">character
+	entities</seealso> are expanded. Example:</p>
+    <pre>
+&lt;p>Returns &lt;c>true&lt;/c> if &lt;c>Term&lt;/c> is an integer.&lt;/p>
+    </pre>
+    <p>results in:</p>
+    <p>Returns <c>true</c> if <c>Term</c> is an integer.</p>
+  </section>
+
+  <section>
+    <marker id="emTAG"></marker>
+    <title>&lt;em&gt; - Emphasis</title>
+
+    <p>Highlights words which are important within a text flow. Example:
+    </p>
+    <pre>
+&lt;p>The application &lt;em>must&lt;/em> be up and running.&lt;/p>
+    </pre>
+    <p>results in:</p>
+    <p>The application <em>must</em> be up and running.</p>
+
+    <p>Contains plain text or a
+      <seealso marker="#cTAG">&lt;c&gt;</seealso> tag.</p>
+  </section>
+
+  <section>
+    <marker id="markerTAG"/>
+    <title>&lt;marker&gt; - Marker</title>
+
+    <p>Used as an anchor for hypertext references. The <c>id</c>
+      attribute defines the name of the marker. Example:</p>
+    <marker id="marker_example"/>
+    <pre>
+&lt;marker id="marker_example"/&gt;
+    </pre>
+  
+    <p>The <seealso marker="#seealsoTAG">&lt;seealso&gt;</seealso> tag
+      is used to refer to the marker.</p>
+
+    <p>The <c><![CDATA[<marker>]]></c> tag is both a block- and an
+      inline tag.</p>
+  </section>
+
+  <!-- section>
+    <marker id="pathTAG"></marker>
+    <title>&lt;path&gt; - Path</title>
+
+    <p>Highlights file paths. The attributes <c>unix</c> and
+      <c>windows</c> makes it possible to specify different paths for
+      different file path notations. Default for both are "".
+      Example:</p>
+    <pre>
+&lt;p>Look at the &lt;path unix=".profile" windows="win.ini"&gt;start-up file&lt;/path&gt;
+  if you intend to alter the initial behavior.&lt;/p>
+    </pre>
+    <p>If no <c>ptype</c> option is specified when calling
+      <seealso marker="docb_transform#file/1">docb_transform:file/1,2</seealso>,
+      this simply results in:</p>
+    <p>"Look at the <path>start-up file</path>
+      if you intend to alter the initial behavior."</p>
+
+    <p>If both the options <c>{ptype,unix}</c> and
+      <c>{ptype,windows}</c> are specified, the example instead results
+      in:</p>
+    <p>"Look at the <path unix=".profile" windows="win.ini">start-up file</path>
+      if you intend to alter the initial behavior."</p>
+  </section -->
+
+  <section>
+    <marker id="seealsoTAG"></marker>
+    <title>&lt;seealso&gt; - Local Cross Reference</title>
+
+    <p>A cross reference (hypertext link) to a marker in the same file,
+      a marker in another file, or (the top of) another file, given by
+      the <c>marker</c> attribute. Must contain plain text. Examples:
+      </p>
+
+    <pre><![CDATA[
+      <seealso marker="#marker_example">marker example</seealso>
+    ]]></pre>
+    <p>results in:
+      <seealso marker="#marker_example">marker example</seealso>
+      (a hypertext link to the marker example above).</p>
+
+    <pre><![CDATA[
+      <seealso marker="block_tags#markerTAG">marker tag</seealso>
+    ]]></pre>
+    <p>results in:
+      <seealso marker="block_tags#markerTAG">marker tag</seealso>
+      (a hypertext link to the marker section in the Block Tags
+      chapter).</p>
+    
+    <pre><![CDATA[
+      <seealso marker="overview">Overview</seealso>
+    ]]></pre>
+    <p>results in:
+      <seealso marker="overview">Overview</seealso>
+      (a hypertext link to the Overview chapter).</p>
+
+    <p>Note the use of "#" before the name of the marker. Note also
+      that the filename extension <c>.html</c> is omitted. This is
+      because the default behavior is to translate
+      <c><![CDATA[<seealso marker="File#Marker">text</seealso>]]></c>
+      to <c><![CDATA[<A HREF="File.html#Marker">text</A>]]></c>.</p>
+
+  </section>
+    
+  <section>
+    <marker id="urlTAG"></marker>
+    <title>&lt;url&gt; - Non-Local Cross Reference</title>
+
+    <p>A reference to a file outside the documentation, a web address or
+      similar, given by the <c>href</c> attribute. Must contain plain
+      text. Example:</p>
+    <pre><![CDATA[
+<url href="http://www.erlang.org">erlang.org</url>
+    ]]></pre>
+    <p>results in: <url href="http://www.erlang.org">erlang.org</url>
+    </p>
+  </section>
+
+  <section>
+    <marker id="termTAG"></marker>
+    <marker id="termdefTAG"></marker>
+    <title>&lt;term&gt;, &lt;termdef&gt; - Glossary</title>
+
+    <p>Used to highlight a term with a local (for this document only) or
+      global definition. The identity of the term is given by
+      the <c>id</c> attribute.</p>
+
+    <p>For a locally defined term, the tag contains a
+      <c>&lt;termdef&gt;</c>, which in turn contains an explanation of
+      the term as plain text. Example:</p>
+    <pre><![CDATA[
+<term id="HTML"><termdef>Hyper-Text Markup Language</termdef></term>
+      ]]></pre>
+
+    <p>In the generated HTML, it is the term name which will be visible.
+      For locally defined terms, the id and the name are the same.
+      The name has a hypertext link to the definition in the glossary.
+      Example:</p>
+    <pre><![CDATA[
+<term id="HTML"><termdef>Hyper-Text Markup Language</termdef></term>
+      ]]></pre>
+    <p>results in: <term id="HTML"><termdef>Hyper-Text Markup Language</termdef></term>
+    </p>
+
+    <p>If a term is defined both locally and globally, the global
+      definition takes precedence.</p>
+  </section>
+
+  <section>
+    <marker id="citeTAG"></marker>
+    <marker id="citedefTAG"></marker>
+    <title>&lt;cite&gt;, &lt;citedef&gt; - Bibliography</title>
+
+    <p>Works the same way as <c>&lt;term&gt;</c> and
+      <c>&lt;termdef&gt;</c>, but for a bibliography list rather than
+      a glossary.</p>
+
+  </section>
+</chapter>
+
diff --git a/lib/docbuilder/doc/src/man.gif b/lib/erl_docgen/doc/src/man.gif
index 8656c7443d..8656c7443d 100644
--- a/lib/docbuilder/doc/src/man.gif
+++ b/lib/erl_docgen/doc/src/man.gif
diff --git a/lib/erl_docgen/doc/src/notes.xml b/lib/erl_docgen/doc/src/notes.xml
index 6a0eece56d..23f64b876a 100644
--- a/lib/erl_docgen/doc/src/notes.xml
+++ b/lib/erl_docgen/doc/src/notes.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
@@ -21,16 +21,59 @@
     
     </legalnotice>
 
-    <title>erl_docgen Release Notes</title>
+    <title>Erl_Docgen Release Notes</title>
     <prepared>otp_appnotes</prepared>
     <docno>nil</docno>
     <date>nil</date>
     <rev>nil</rev>
     <file>notes.xml</file>
   </header>
-  <p>This document describes the changes made to the erl_docgen application.</p>
+  <p>This document describes the changes made to the <em>erl_docgen</em> application.</p>
 
-  <section><title>Erl_Docgen 0.2.6</title>
+  <section><title>Erl_Docgen 0.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Bug fixes concerning the generation of manpages. </p>
+          <p>
+	    Own Id: OTP-9614</p>
+        </item>
+        <item>
+	    <p> Fix syntax bug in eix files. </p>
+          <p>
+	    Own Id: OTP-9617</p>
+        </item>
+        <item>
+	    <p> Bug fix concerning the generation of manpages. </p>
+          <p>
+	    Own Id: OTP-9759</p>
+        </item>
+        <item>
+	    <p> Fixed an arity calculation bug for erlang functions
+	    in the documentation index for html and pdf. </p>
+          <p>
+	    Own Id: OTP-9772</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> The docbuilder application is removed in R15 and
+	    parts still used in the OTP documentation build process
+	    and the DTD documentation is moved to erl_docgen. </p>
+          <p>
+	    Own Id: OTP-9721</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Erl_Docgen 0.2.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/erl_docgen/doc/src/overview.xml b/lib/erl_docgen/doc/src/overview.xml
new file mode 100644
index 0000000000..2a420c53d9
--- /dev/null
+++ b/lib/erl_docgen/doc/src/overview.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+     </legalnotice>
+    <title>Overview OTP DTDs</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>overview.xml</file>
+  </header>
+
+  <section>
+    <title>DTD Suite</title>
+
+    <p>Input is written as XML according to one of the DTDs and output
+      is corresponding HTML. Documentation for an Erlang/OTP application
+      is usually organized as follows:</p>
+    <taglist>
+      <tag><em>User's Guide</em></tag>
+      <item>
+	<p>(DTD:
+	  <seealso marker="user_guide_dtds#partDTD">part</seealso>)
+	  A collection of chapters
+	  (<seealso marker="user_guide_dtds#chapterDTD">chapter</seealso>).
+	</p>
+      </item> 
+
+      <tag><em>Reference Manual</em></tag>
+      <item>
+	<p>(DTD:
+	  <seealso marker="refman_dtds#applicationDTD">application</seealso>
+	  A collection of manual pages for modules
+	  (<seealso marker="refman_dtds#erlrefDTD">erlref</seealso>),
+	  applications
+	  (<seealso marker="refman_dtds#apprefDTD">appref</seealso>),
+	  commands
+	  (<seealso marker="refman_dtds#comrefDTD">comref</seealso>),
+	  C libraries
+	  (<seealso marker="refman_dtds#crefDTD">cref</seealso>) and
+	  files
+	  (<seealso marker="refman_dtds#filerefDTD">fileref</seealso>).
+	</p>
+      </item>
+
+      <tag><em>Release Notes</em></tag>
+      <item>
+	<p>Same structure as the User's Guide.</p>
+      </item>
+    </taglist>
+
+    <p>In some cases, one or more of the User's Guide, Reference Manual
+      and Release Notes are omitted. Also, it is possible to use either
+      the <c>application</c> or <c>part</c> DTD to write other types
+      of documentation for the application.</p>
+
+
+    <p>The structure of the different documents and the meaning of the 
+    tags are explained. There are numerous examples of documentation 
+    source code.</p>
+
+    <p>For readability and simplicity, the examples have been kept as
+      short as possible. For an example of what the generated HTML
+      will look like, it is recommended to look at the documentation of 
+      an OTP application.</p>
+
+  </section>
+
+  <section>
+    <title>Basic Tags</title>
+
+    <p>All DTDs in the OTP DTD suite share a basic set of tags.
+      An author can easily switch from one DTD to another and still use
+      the same basic tags. It is furthermore easy to copy pieces of
+      information from one document to another, even though they do not
+      use the same DTD.</p>
+
+    <p>The basic set of tags are divided into two categories:
+      <seealso marker="block_tags">block tags</seealso> and
+      <seealso marker="inline_tags">inline tags</seealso>. Block tags
+      typically define a separate block of information, like a
+      paragraph or a list. Inline tags are typically used within block
+      tags, for example a highlighted word within a paragraph.</p>
+  </section>
+
+</chapter>
+
diff --git a/lib/erl_docgen/doc/src/part.xml b/lib/erl_docgen/doc/src/part.xml
new file mode 100644
index 0000000000..26d660df08
--- /dev/null
+++ b/lib/erl_docgen/doc/src/part.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+<!DOCTYPE part SYSTEM "part.dtd">
+
+<part xmlns:xi="http://www.w3.org/2001/XInclude">
+  <header>
+    <copyright>
+      <year>2011</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+     </legalnotice>
+    <title>Erl_Docgen User's Guide</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+  </header>
+  <description>
+    <p><em>Erl_Docgen</em> provides functionality for generating HTML/PDF/man
+       documentation for Erlang modules and Erlang/OTP applications
+       from XML source code and/or EDoc comments in Erlang source code.</p>
+  </description>
+  <xi:include href="doc-build.xml"/>
+  <xi:include href="overview.xml"/>
+  <xi:include href="user_guide_dtds.xml"/>
+  <xi:include href="refman_dtds.xml"/>
+  <xi:include href="header_tags.xml"/>
+  <xi:include href="block_tags.xml"/>
+  <xi:include href="inline_tags.xml"/>
+  <xi:include href="character_entities.xml"/>
+</part>
+
diff --git a/lib/erl_docgen/doc/src/ref_man.xml b/lib/erl_docgen/doc/src/ref_man.xml
new file mode 100644
index 0000000000..a2bc1a10a0
--- /dev/null
+++ b/lib/erl_docgen/doc/src/ref_man.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE application SYSTEM "application.dtd">
+
+<application xmlns:xi="http://www.w3.org/2001/XInclude">
+  <header>
+    <copyright>
+      <year>2011</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+    </legalnotice>
+
+    <title>Erl_Docgen Reference Manual</title>
+    <prepared>OTP Team</prepared>
+    <docno></docno>
+    <date>2011-11-10</date>
+    <rev>0.3</rev>
+    <file>ref_man.xml</file>
+  </header>
+  <description>
+    <p>The <em>erl_docgen</em> supports the OTP documentation build.</p>
+  </description>
+  <xi:include href="erl_docgen_app.xml"/>
+</application>
+
diff --git a/lib/erl_docgen/doc/src/refman_dtds.xml b/lib/erl_docgen/doc/src/refman_dtds.xml
new file mode 100644
index 0000000000..4f0e388a8a
--- /dev/null
+++ b/lib/erl_docgen/doc/src/refman_dtds.xml
@@ -0,0 +1,667 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+    </legalnotice>
+
+    <title>Reference Manual DTDs</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>refman_dtds.xml</file>
+  </header>
+
+  <p>There are five DTDs for writing manual pages about applications,
+    shell commands, C libraries, Erlang modules and files, all with a
+    similar structure:</p>
+
+  <list type="bulleted">
+    <item>A header.</item>
+    <item>Name of the application/command/library/module/file.</item>
+    <item>Short summary (one line).</item>
+    <item>A longer description.</item>
+    <item>"Formal" definitions of functions or commands.</item>
+    <item>Optional sections of free text.</item>
+    <item>Optional section with the name(s) and email(s) of the author(s).</item>
+  </list>
+
+  <p>The differences between the DTDs are the tags for the name,
+    the short summary and some tags inside the "formal" definitions.</p>
+
+  <section>
+    <marker id="applicationDTD"></marker>
+    <title>The application DTD</title>
+
+    <p>The <c>application</c> DTD is intended for a Reference Manual and
+      groups a set of manual pages into one unit. The structure is
+      similar to the part DTD: first an introduction and then the manual
+      pages, written in separate files with the
+      <seealso marker="#apprefDTD">appref</seealso>,
+      <seealso marker="#comrefDTD">comref</seealso>,
+      <seealso marker="#crefDTD">cref</seealso>,
+      <seealso marker="#erlrefDTD">erlref</seealso>, or
+      <seealso marker="#filerefDTD">fileref</seealso> DTD.</p>
+
+    <p>Example:</p>
+    <pre>
+&lt;?xml version="1.0" encoding="latin1" ?>
+&lt;!DOCTYPE application SYSTEM "application.dtd">
+&lt;application>
+  &lt;header>
+    &lt;title>Application name&lt;/title>
+    &lt;prepared/>
+    &lt;docno/>
+    &lt;date/>
+    &lt;rev/>
+  &lt;/header>
+
+  &lt;description>
+    &lt;p>Application description...&lt;/p>
+  &lt;/description>
+  
+  &lt;include file="module1">
+  &lt;include file="module2">
+&lt;/application>
+    </pre>
+  </section>
+
+  <section>
+    <marker id="applicationTAG"></marker>
+    <title>&lt;application&gt;</title>
+
+    <p>The top level tag of an <c>application</c> DTD.</p>
+
+    <p>Contains a
+      <seealso marker="header_tags">&lt;header&gt;</seealso>,
+      an optional
+      <seealso marker="user_guide_dtds#descriptionTAG">&lt;description&gt;</seealso>,
+      followed by one or more
+      <seealso marker="user_guide_dtds#includeTAG">&lt;include&gt;</seealso>.
+    </p>
+  </section>
+
+  <section>
+    <marker id="apprefDTD"></marker>
+    <title>The appref DTD</title>
+
+    <p>This is the DTD for writing an application manual page.</p>
+
+    <p>Example:</p>
+    <pre>
+&lt;?xml version="1.0" encoding="latin1" ?>
+&lt;!DOCTYPE appref SYSTEM "appref.dtd">
+&lt;appref>
+  &lt;header>
+    &lt;title>Application name&lt;/title>
+    &lt;prepared/>
+    &lt;docno/>
+    &lt;date/>
+    &lt;rev/>
+  &lt;/header>
+
+  &lt;app>Application name&lt;/app>
+
+  &lt;appsummary>A short application summary.&lt;/appsummary>
+
+  &lt;description>
+    &lt;p>A longer description of the application.&lt;/p>
+  &lt;/description>
+  
+  &lt;section>
+    &lt;title>Configuration&lt;/title>
+
+      &lt;p>...&lt;/p>
+  &lt;/section>
+
+  ...
+  
+  &lt;authors>
+    &lt;aname>Name of author&lt;/aname>
+    &lt;email>Email of author&lt;/email>
+  &lt;/authors>
+&lt;/appref>
+    </pre>
+
+    <section>
+      <marker id="apprefTAG"></marker>
+      <title>&lt;appref&gt;</title>
+
+      <p>The top level tag of an <c>appref</c> DTD.</p>
+
+      <p>Contains
+	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
+	<seealso marker="#appTAG">&lt;app&gt;</seealso>,
+	<seealso marker="#appsummaryTAG">&lt;appsummary&gt;</seealso>,
+	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
+	zero or more
+	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
+	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, 
+	followed by zero or more 
+	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
+    </section>
+
+    <section>
+      <marker id="appTAG"></marker>
+      <title>&lt;app&gt;</title>
+
+      <p>The application name. Contains plain text.</p>
+    </section>
+
+    <section>
+      <marker id="appsummaryTAG"></marker>
+      <title>&lt;appsummary&gt;</title>
+
+      <p>Short summary. Contains plain text.</p>
+    </section>
+  </section>
+
+  <section>
+    <marker id="comrefDTD"></marker>
+    <title>The comref DTD</title>
+
+    <p>This is the DTD for writing a command manual page.</p>
+
+    <p>Example:</p>
+    <pre>
+&lt;?xml version="1.0" encoding="latin1" ?>
+&lt;!DOCTYPE comref SYSTEM "comref.dtd">
+&lt;comref>
+  &lt;header>
+    &lt;title>Command name&lt;/title>
+    &lt;prepared/>
+    &lt;docno/>
+    &lt;date/>
+    &lt;rev/>
+  &lt;/header>
+
+  &lt;com>Command name&lt;/com>
+
+  &lt;comsummary>A short command summary.&lt;/comsummary>
+
+  &lt;description>
+    &lt;p>A long description of the command.&lt;/p>
+  &lt;/description>
+  
+  &lt;funcs>
+    &lt;func>
+      &lt;name>command&lt;/name>
+      &lt;name>command -flag &lt;arg>&lt;/name>
+      &lt;fsummary>A short command summary (max 40 characters).&lt;/fsummary>
+      &lt;desc>
+        &lt;p>An extended command description.
+      &lt;/desc>
+    &lt;/func>
+  &lt;/funcs>
+
+  &lt;section>
+    &lt;title>Options&lt;/title>
+
+    &lt;p>...&lt;/p>
+  &lt;/section>
+  
+  &lt;authors>
+    &lt;aname>Name of author&lt;/aname>
+    &lt;email>Email of author&lt;/email>
+  &lt;/authors>
+&lt;/comref>
+    </pre>
+
+    <section>
+      <marker id="comrefTAG"></marker>
+      <title>&lt;comref&gt;</title>
+
+      <p>The top level tag for a <c>comref</c> DTD.</p>
+
+      <p>Contains
+	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
+	<seealso marker="#comTAG">&lt;com&gt;</seealso>,
+	<seealso marker="#comsummaryTAG">&lt;comsummary&gt;</seealso>,
+	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
+	zero or more
+	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
+	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, 
+	followed by zero or more
+	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
+    </section>
+
+    <section>
+      <marker id="comTAG"></marker>
+      <title>&lt;com&gt;</title>
+
+      <p>The command name. Contains plain text.</p>
+    </section>
+
+    <section>
+      <marker id="comsummaryTAG"></marker>
+
+      <title>&lt;comsummary&gt;</title>
+
+      <p>Short summary. Contains plain text.</p>
+    </section>
+  </section>
+
+  <section>
+    <marker id="crefDTD"></marker>
+    <title>The cref DTD</title>
+
+    <p>This is the DTD for writing a C library manual page.</p>
+
+    <p>Example:</p>
+    <pre><![CDATA[
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE cref SYSTEM "cref.dtd">
+<cref>
+  <header>
+    <title>C library name</title>
+    <prepared/>
+    <docno/>
+    <date/>
+    <rev/>
+  </header>
+
+  <lib>C library name</lib>
+
+  <libsummary>A short C library summary.</libsummary>
+
+  <description>
+    <p>A longer description of the C library.</p>
+  </description>
+  
+  <funcs>
+    <func>
+      <name><ret>void</ret><nametext>start(bar)</nametext></name>
+      <name><ret>void</ret><nametext>start(foo)</nametext></name>
+      <fsummary>A short function summary (max 40 characters).</fsummary>
+      <type>
+        <v>char bar</v>
+        <v>int foo</v>
+      </type>
+      <desc>
+        <p>An extended function description.</p>
+      </desc>
+    </func>
+
+    ...
+  </funcs>
+
+  <section>
+    <title>A title</title>
+
+    <p>Some text...</p>
+  </section>
+  
+  
+</cref>
+    ]]></pre>
+
+    <section>
+      <marker id="crefTAG"></marker>
+      <title>&lt;cref&gt;</title>
+
+      <p>The top level tag for a <c>cref</c> DTD.</p>
+
+      <p>Contains
+	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
+	<seealso marker="#libTAG">&lt;lib&gt;</seealso>,
+	<seealso marker="#libsummaryTAG">&lt;libsummary&gt;</seealso>,
+	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
+	zero or more
+	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
+	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, followed by
+	zero or more
+	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
+    </section>
+
+    <section>
+      <marker id="libTAG"></marker>
+      <title>&lt;lib&gt;</title>
+
+      <p>The C library name or acronym. Contains plain text.</p>
+    </section>
+
+    <section>
+      <marker id="libsummaryTAG"></marker>
+      <title>&lt;libsummary&gt;</title>
+
+      <p>Short summary. Contains plain text.</p>
+    </section>
+  </section>
+
+  <section>
+    <marker id="erlrefDTD"></marker>
+    <title>The erlref DTD</title>
+
+    <p>This is the DTD for writing Erlang module manual pages.</p>
+
+    <p>Example:</p>
+    <pre>
+&lt;?xml version="1.0" encoding="latin1" ?>
+&lt;!DOCTYPE erlref SYSTEM "erlref.dtd">
+&lt;erlref>
+  &lt;header>
+    &lt;title>Module name&lt;/title>
+    &lt;prepared/>
+    &lt;docno/>
+    &lt;date/>
+    &lt;rev/>
+  &lt;/header>
+
+  &lt;module>Module name&lt;/module>
+
+  &lt;modulesummary>A short module summary.&lt;/modulesummary>
+
+  &lt;description>
+    &lt;p>A longer description of the module.&lt;/p>
+  &lt;/description>
+  
+  &lt;funcs>
+    &lt;func>
+      &lt;name>start() -> Result&lt;/name>
+      &lt;name>start(N) -> Result&lt;/name>
+      &lt;fsummary>A short function summary (max 40 characters).&lt;/fsummary>
+      &lt;type>
+        &lt;v>Pid = pid()&lt;/v>
+        &lt;v>N = int()&lt;/v>
+        &lt;v>Result = {ok, Pid} | {error, Reason}&lt;/v>
+        &lt;v>Reason = term()&lt;/v>
+        &lt;d>A parameter description.&lt;/d>
+      &lt;/type>
+      &lt;desc>
+        &lt;p>An extended function description.&lt;/p>
+      &lt;/desc>
+    &lt;/func>
+
+    ...
+  &lt;/funcs>
+
+  &lt;section>
+    &lt;title>Some Title&lt;/title>
+    &lt;p>Some text...&lt;/p>
+  &lt;/section>
+  
+  &lt;authors>
+    &lt;aname>Name of author&lt;/aname>
+    &lt;email>Email of author&lt;/email>
+  &lt;/authors>
+&lt;/erlref>
+    </pre>
+
+    <section>
+      <marker id="erlrefTAG"></marker>
+      <title>&lt;erlref&gt;</title>
+
+      <p>The top level tag for an <c>erlref</c> DTD.</p>
+
+      <p>Contains
+	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
+	<seealso marker="#moduleTAG">&lt;module&gt;</seealso>,
+	<seealso marker="#modulesummaryTAG">&lt;modulesummary&gt;</seealso>,
+	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
+	zero or more
+	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
+	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, 
+	followed by zero or more
+	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
+    </section>
+
+    <section>
+      <marker id="moduleTAG"></marker>
+      <title>&lt;module&gt;</title>
+
+      <p>The module name. Contains plain text.</p>
+    </section>
+
+    <section>
+      <marker id="modulesummaryTAG"></marker>
+      <title>&lt;modulesummary&gt;</title>
+
+      <p>Short summary. Contains plain text.</p>
+    </section>
+  </section>
+
+  <section>
+    <marker id="filerefDTD"></marker>
+    <title>The fileref DTD</title>
+
+    <p>This is the DTD for writing file manual pages. In OTP, this DTD
+      is used for defining the format of for example <c>.rel</c> and
+      <c>.app</c> files.</p>
+
+    <p>Example:</p>
+    <pre>
+&lt;?xml version="1.0" encoding="latin1" ?>
+&lt;!DOCTYPE fileref SYSTEM "fileref.dtd">
+&lt;fileref>
+  &lt;header>
+    &lt;title>File name&lt;/title>
+    &lt;prepared/>
+    &lt;docno/>
+    &lt;date/>
+    &lt;rev/>
+  &lt;/header>
+
+  &lt;file>fileref&lt;/file>
+
+  &lt;filesummary>A short file summary.&lt;/filesummary>
+
+  &lt;description>
+    &lt;p>A longer description of the file.&lt;/p>
+  &lt;/description>
+  
+  &lt;section>
+    &lt;title>File format&lt;/title>
+
+    &lt;p>...&lt;/p>
+  &lt;/section>
+  
+  &lt;authors>
+    &lt;aname>Name of author&lt;/aname>
+    &lt;email>Email of author&lt;/email>
+  &lt;/authors>
+&lt;/fileref>
+    </pre>
+
+    <p>The file reference manual can also contain function definitions,
+      similar to the <c>erlref</c> DTD.</p>
+
+    <section>
+      <marker id="filerefTAG"></marker>
+      <title>&lt;fileref&gt;</title>
+
+      <p>The top level tag for a <c>fileref</c> DTD.</p>
+
+      <p>Contains
+	<seealso marker="header_tags#headerTAG">&lt;header&gt;</seealso>,
+	<seealso marker="#fileTAG">&lt;file&gt;</seealso>,
+	<seealso marker="#filesummaryTAG">&lt;filesummary&gt;</seealso>,
+	<seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
+	zero or more
+	<seealso marker="#sectionTAG">&lt;section&gt;</seealso> and
+	<seealso marker="#funcsTAG">&lt;funcs&gt;</seealso>, 
+	followed by zero or more
+	<seealso marker="#authorsTAG">&lt;authors&gt;</seealso>.</p>
+    </section>
+
+    <section>
+      <marker id="fileTAG"></marker>
+      <title>&lt;file&gt;</title>
+
+      <p>The name of the file or file type. Contains plain text.</p>
+    </section>
+
+    <section>
+      <marker id="filesummaryTAG"></marker>
+      <title>&lt;filesummary&gt;</title>
+
+      <p>Short summary. Contains plain text.</p>
+    </section>
+  </section>
+
+    <section>
+    <marker id="descriptionTAG"></marker>
+    <title>&lt;description&gt;</title>
+
+    <p>The introduction after the title and before sections and
+      "formal" definitions.</p>
+
+    <p>Contains any combination and any number of
+      <seealso marker="block_tags">block tags</seealso> except
+      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.</p>
+  </section>
+
+  <section>
+    <marker id="sectionTAG"></marker>
+    <title>&lt;section&gt;</title>
+
+    <p>Subdivisions of the document. Contains an optional
+      <seealso marker="inline_tags#markerTAG">&lt;marker&gt;</seealso>,
+      a <seealso marker="user_guide_dtds#titleTAG">&lt;title&gt;</seealso>,
+      
+      followed by any combination and any number of
+      <seealso marker="block_tags">block tags</seealso> except
+      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.</p>
+  </section>
+
+  <section>
+    <marker id="funcsTAG"></marker>
+    <title>&lt;funcs&gt;</title>
+
+    <p>A group of "formal" function definitions.</p>
+    
+    <p>Contains one or more
+      <seealso marker="#funcTAG">&lt;func&gt;</seealso>.</p>
+  </section>
+
+  <section>
+    <marker id="funcTAG"></marker>
+    <title>&lt;func&gt;</title>
+
+    <p>A "formal" function definition.</p>
+
+    <p>Contains one or more
+      <seealso marker="#nameTAG">&lt;name&gt;</seealso>, followed by
+      <seealso marker="#fsummaryTAG">&lt;fsummary&gt;</seealso>,
+      <seealso marker="#typeTAG">&lt;type&gt;</seealso> (optional) and
+      <seealso marker="#descTAG">&lt;desc&gt;</seealso> (optional).</p>
+  </section>
+
+  <section>
+    <marker id="nameTAG"></marker>
+    <title>&lt;name&gt;</title>
+
+    <p>Function/command signature with name, arguments and return value.
+      Contains plain text, except for the <c>cref</c> DTD where it
+      contains a <c><![CDATA[<ret>]]></c> (return type, plain text) and
+      a <c><![CDATA[<nametext>]]></c> (function name and arguments,
+      plain text).</p>
+
+    <p>In the case of an <c>erlref</c> DTD, it will
+      automatically be added a
+      <seealso marker="inline_tags#markerTAG">marker</seealso>,
+      <c><![CDATA[<marker id="Name/Arity">]]></c> or
+      <c><![CDATA[<marker id="Name">]]></c>, based on the contents of
+      this tag before the function definition.</p>
+
+    <p>Example: Consider the following name definition</p>
+    <pre><![CDATA[
+<name>foo(Arg1, Arg2) -> ok | {error, Reason}</name>
+    ]]></pre>
+
+    <p>Then a marker like this will be added
+      <c><![CDATA[<marker id="foo/2">]]></c> before the function
+      definition in the generated HTML. That is, referring to
+      the function using
+      <c><![CDATA[<seealso marker="#foo/2">foo/2</seealso>]]></c> will
+      automatically work.</p>
+  </section>
+
+  <section>
+    <marker id="fsummaryTAG"></marker>
+    <title>&lt;fsummary&gt;</title>
+
+    <p>Function/command summary. Contains plain text,
+      <seealso marker="inline_tags#cTAG">&lt;c&gt;</seealso> and
+      <seealso marker="inline_tags#emTAG">&lt;em&gt;</seealso>.</p>
+  </section>
+
+  <section>
+    <marker id="typeTAG"></marker>
+    <title>&lt;type&gt;</title>
+
+    <p>Type declarations for the function/command.</p>
+
+    <p>Contains one or more pairs of
+      <seealso marker="#vTAG">&lt;v&gt;</seealso> and
+      <seealso marker="#dTAG">&lt;d&gt;</seealso> (optional).</p>
+  </section>
+
+  <section>
+    <marker id="vTAG"></marker>
+    <title>&lt;v&gt;</title>
+
+    <p>Type declaration for an argument or return value. Contains plain
+      text.</p>
+  </section>
+
+  <section>
+    <marker id="dTAG"></marker>
+    <title>&lt;d&gt;</title>
+
+    <p>Description for an argument or return value. Contains plain text,
+      <seealso marker="inline_tags#cTAG">&lt;c&gt;</seealso> and
+      <seealso marker="inline_tags#emTAG">&lt;em&gt;</seealso>.</p>
+  </section>
+
+  <section>
+    <marker id="descTAG"></marker>
+    <title>&lt;desc&gt;</title>
+
+    <p>Function/command description. Contains
+      <seealso marker="block_tags">block tags</seealso> except
+      <c>&lt;image&gt;</c> and <c>&lt;table&gt;</c>.</p>
+  </section>
+
+  <section>
+    <marker id="authorsTAG"></marker>
+    <title>&lt;authors&gt;</title>
+
+    <p>Authors of the manual page. The <c>authors</c> element is  optional.</p>
+
+    <p>Contains one or more pairs of
+      <seealso marker="#anameTAG">&lt;aname&gt;</seealso> and
+      <seealso marker="#emailTAG">&lt;email&gt;</seealso>.</p>
+  </section>
+
+  <section>
+    <marker id="anameTAG"></marker>
+    <title>&lt;aname&gt;</title>
+
+    <p>Author name. Contains plain text.</p>
+  </section>
+
+  <section>
+    <marker id="emailTAG"></marker>
+    <title>&lt;email&gt;</title>
+
+    <p>Author email address. Contains plain text.</p>
+  </section>
+</chapter>
+
diff --git a/lib/erl_docgen/doc/src/user_guide_dtds.xml b/lib/erl_docgen/doc/src/user_guide_dtds.xml
new file mode 100644
index 0000000000..79a7701ce8
--- /dev/null
+++ b/lib/erl_docgen/doc/src/user_guide_dtds.xml
@@ -0,0 +1,181 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+    </legalnotice>
+
+    <title>User's Guide DTDs</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>user_guide_dtds.xml</file>
+  </header>
+
+  <section>
+    <marker id="partDTD"></marker>
+    <title>The part DTD</title>
+
+    <p>The <c>part</c> DTD is intended for a "normal" document, like
+      the User's Guide or Release Notes. First are some paragraphs
+      introducing the main contents. After that follows chapters,
+      written in separate files with
+      the <seealso marker="#chapterDTD">chapter</seealso> DTD.</p>
+
+    <p>Example:</p>
+    <pre>
+&lt;?xml version="1.0" encoding="latin1" ?>
+&lt;!DOCTYPE part SYSTEM "part.dtd"&gt;
+&lt;part&gt;
+  &lt;header&gt;
+    &lt;title&gt;The chapter title&lt;/title&gt;
+    &lt;prepared&gt;The author&lt;/prepared&gt;
+    &lt;docno/&gt;
+    &lt;date/&gt;
+    &lt;rev/&gt;
+  &lt;/header&gt;
+
+  &lt;description&gt;
+    &lt;p&gt;Some text..&lt;/p&gt;
+  &lt;/description&gt;
+
+  &lt;include file="file1"&gt;&lt;/include&gt;
+  &lt;include file="file2"&gt;&lt;/include&gt;
+&lt;/part&gt;
+    </pre>
+  </section>
+
+  <section>
+    <marker id="partTAG"></marker>
+    <title>&lt;part></title>
+
+    <p>The top level tag of a <c>part</c> DTD.</p>
+
+    <p>Contains a
+      <seealso marker="header_tags">&lt;header&gt;</seealso>,
+      an optional
+      <seealso marker="#descriptionTAG">&lt;description&gt;</seealso>,
+      followed by one or more
+      <seealso marker="#includeTAG">&lt;include&gt;</seealso>.</p>
+  </section>
+
+  <section>
+    <marker id="descriptionTAG"/>
+    <title>&lt;description&gt;</title>
+
+    <p>The introduction after the title and before the bulk of
+      included chapters/manual pages.</p>
+
+    <p>Contains any combination and any number
+      of <seealso marker="block_tags">block tags</seealso> except
+      <c><![CDATA[<image>]]></c> and <c><![CDATA[<table>]]></c>.</p>
+  </section>
+
+  <section>
+    <marker id="includeTAG"></marker>
+    <title>&lt;include&gt;</title>
+
+    <p>An empty tag. The attribute <c>file</c> specifies a file to
+      include. The <c>.xml</c> file extension should be omitted.</p>
+
+    <p>Example:</p>
+    <pre>
+&lt;include file="notes">&lt;/include>
+    </pre>
+  </section>
+
+  <section>
+    <marker id="chapterDTD"></marker>
+    <title>The chapter DTD</title>
+
+    <p>The <c>chapter</c> DTD is intended for a chapter in a User's
+      Guide or similar with text divided into sections, which can be
+      nested.</p>
+
+    <p>Example:</p>
+    <pre>
+&lt;?xml version="1.0" encoding="latin1" ?>
+&lt;!DOCTYPE chapter SYSTEM "chapter.dtd">
+&lt;chapter>
+  &lt;header>
+    &lt;title>Title on first level&lt;/title>
+    &lt;prepared/>
+    &lt;docno/>
+    &lt;date/>
+    &lt;rev/>
+  &lt;/header>
+  
+  &lt;p>Introduction...&lt;/p>
+
+  &lt;section>
+    &lt;title>Title on second level&lt;/title>
+
+    &lt;p>First paragraph.&lt;/p>
+
+    &lt;p>Second paragraph etc.&lt;/p>
+
+    &lt;section>
+      &lt;title>Title on third level&lt;/title>
+
+      &lt;p>...&lt;/p>
+    &lt;/section>
+  &lt;/section>
+
+  ...
+&lt;/chapter>
+    </pre>
+  </section>
+
+  <section>
+    <marker id="chapterTAG"></marker>
+    <title>&lt;chapter&gt;</title>
+
+    <p>The top level tag of a <c>chapter</c> DTD.</p>
+
+    <p>Contains a
+      <seealso marker="header_tags">&lt;header&gt;</seealso>,
+      an optional introduction consisting of any combination of
+      <seealso marker="block_tags">block tags</seealso>,
+      followed by one or more
+      <seealso marker="#sectionTAG">&lt;section&gt;</seealso>.</p>
+  </section>
+
+  <section>
+    <marker id="sectionTAG"></marker>
+    <title>&lt;section&gt;</title>
+
+    <p>Subdivision of a chapter.</p>
+
+    <p>Contains an optional
+      <seealso marker="inline_tags#markerTAG">&lt;marker&gt;</seealso>,
+      a <seealso marker="#titleTAG">&lt;title&gt;</seealso>,
+      followed by any combination and any number of
+      <seealso marker="block_tags">block tags</seealso> and
+      <c><![CDATA[<section>]]></c>.</p>
+  </section>
+
+  <section>
+    <marker id="titleTAG"></marker>
+    <title>&lt;title&gt;</title>
+
+    <p>Section title, contains plain text.</p>
+  </section>
+</chapter>
+
diff --git a/lib/erl_docgen/info b/lib/erl_docgen/info
new file mode 100644
index 0000000000..31c7eb911a
--- /dev/null
+++ b/lib/erl_docgen/info
@@ -0,0 +1,2 @@
+group: doc Documentation Applications
+short: A utility used to produce the OTP documentation.
diff --git a/lib/erl_docgen/priv/Makefile b/lib/erl_docgen/priv/Makefile
index f50350bef2..18cf7b90dd 100644
--- a/lib/erl_docgen/priv/Makefile
+++ b/lib/erl_docgen/priv/Makefile
@@ -22,7 +22,7 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk
 # Macros
 #
 
-SUB_DIRECTORIES = bin css docbuilder_dtd dtd_html_entities dtd_man_entities images js/flipmenu xsl
+SUB_DIRECTORIES = bin css dtd dtd_html_entities dtd_man_entities images js/flipmenu xsl
 
 SPECIAL_TARGETS = 
 
diff --git a/lib/erl_docgen/priv/bin/specs_gen.escript b/lib/erl_docgen/priv/bin/specs_gen.escript
index 982afece7f..156311565c 100644
--- a/lib/erl_docgen/priv/bin/specs_gen.escript
+++ b/lib/erl_docgen/priv/bin/specs_gen.escript
@@ -19,7 +19,7 @@
 
 %%% <script> [-I<dir>]... [-o<dir>] [-module Module] [File]
 %%%
-%%% Use EDoc and the layout module 'otp_specs' to create an XML file
+%%% Use EDoc and the layout module 'docgen_otp_specs' to create an XML file
 %%% containing Dialyzer types and specifications (-type, -spec).
 %%%
 %%% Options:
@@ -69,7 +69,7 @@ usage() ->
 call_edoc(FileSpec, InclFs, Dir) ->
     ReadOpts = [{includes, InclFs}, {preprocess, true}],
     ExtractOpts = [{report_missing_type, false}],
-    LayoutOpts = [{pretty_printer, erl_pp}, {layout, otp_specs}],
+    LayoutOpts = [{pretty_printer, erl_pp}, {layout, docgen_otp_specs}],
     File = case FileSpec of
                {file, File0} -> File0;
                {module, Module0} -> Module0
diff --git a/lib/erl_docgen/priv/bin/xml_from_edoc.escript b/lib/erl_docgen/priv/bin/xml_from_edoc.escript
index ee79e82c3a..2cb81be1be 100755
--- a/lib/erl_docgen/priv/bin/xml_from_edoc.escript
+++ b/lib/erl_docgen/priv/bin/xml_from_edoc.escript
@@ -2,7 +2,7 @@
 %% -*- erlang -*-
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -27,7 +27,7 @@
 %% Records 
 %%======================================================================
 -record(args, {suffix=".xml",
-	       layout=docb_edoc_xml_cb,
+	       layout=docgen_edoc_xml_cb,
 	       def=[],
 	       includes=[],
 	       preprocess=false,
@@ -126,7 +126,7 @@ users_guide(File, Args) ->
 parse(["-xml" |RawOpts], Type, Args) ->
     parse(RawOpts, Type, Args); % default, no update of record necessary
 parse(["-sgml" |RawOpts], Type, Args) ->
-    parse(RawOpts, Type, Args#args{suffix=".sgml", layout=docb_edoc_sgml_cb});
+    parse(RawOpts, Type, Args#args{suffix=".sgml", layout=docgen_edoc_sgml_cb});
 parse(["-chapter" |RawOpts], _Type, Args) ->
     parse(RawOpts, chapter, Args);
 parse(["-def", Key, Val |RawOpts], Type, Args) ->
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/Makefile b/lib/erl_docgen/priv/docbuilder_dtd/Makefile
deleted file mode 100644
index e2214107cb..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/Makefile
+++ /dev/null
@@ -1,99 +0,0 @@
-#
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-#
-#
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../../vsn.mk
-VSN=$(ERL_DOCGEN_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/lib/erl_docgen-$(VSN)
-
-
-# ----------------------------------------------------
-# Target Specs
-# ----------------------------------------------------
-
-
-DTD_FILES = \
-	application.dtd \
-	chapter.dtd \
-	common.header.dtd \
-	comref.dtd \
-	fileref.dtd	 \
-	xhtml1-frameset.dtd \
-	appref.dtd \
-	cites.dtd \
-	common.image.dtd \
-	cref.dtd \
-	part.dtd \
-	xhtml1-strict.dtd \
-	book.dtd \
-	common.dtd \
-	common.refs.dtd \
-	erlref.dtd \
-	report.dtd \
-	xhtml1-transitional.dtd \
-	bookinsidecover.dtd \
-	common.entities.dtd \
-	common.table.dtd \
-	fascicules.dtd \
-	terms.dtd
-
-
-
-# ----------------------------------------------------
-# FLAGS
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-debug opt: 
-
-docs:
-
-clean:
-	$(RM) $(TARGET_FILES)
-
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-
-release_spec: opt
-	$(INSTALL_DIR) $(RELSYSDIR)/priv/docbuilder_dtd
-	$(INSTALL_DATA) $(DTD_FILES) $(RELSYSDIR)/priv/docbuilder_dtd
-
-
-release_docs_spec:
-
-
-release_tests_spec:
-
-
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/application.dtd b/lib/erl_docgen/priv/docbuilder_dtd/application.dtd
deleted file mode 100644
index 8a1e8832ec..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/application.dtd
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common SYSTEM "common.dtd" >
-%common;
-<!ENTITY % common.header SYSTEM "common.header.dtd" >
-%common.header;
-
-<!ELEMENT application         (header,description?,include+) >
-<!ELEMENT description	      (%block;|quote|br|marker|warning|note)* >
-<!ELEMENT include             EMPTY >
-<!ATTLIST include             file CDATA #REQUIRED>
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/appref.dtd b/lib/erl_docgen/priv/docbuilder_dtd/appref.dtd
deleted file mode 100644
index 70a5ff37af..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/appref.dtd
+++ /dev/null
@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common.refs SYSTEM "common.refs.dtd" >
-%common.refs;
-
-<!-- Structure -->
-
-<!ELEMENT appref              (header,app,appsummary,description, 
-			       (section|funcs)*,authors?) >
-<!ELEMENT app                 (#PCDATA) >
-<!ELEMENT appsummary          (#PCDATA) >
-
-<!-- `name' is used in common.refs.dtd and must therefore 
-      be defined in each *ref. dtd -->
-<!ELEMENT name                (#PCDATA) >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/book.dtd b/lib/erl_docgen/priv/docbuilder_dtd/book.dtd
deleted file mode 100644
index bb89a6d255..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/book.dtd
+++ /dev/null
@@ -1,73 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common SYSTEM "common.dtd" >
-%common;
-<!ENTITY % common.header SYSTEM "common.header.dtd" >
-%common.header;
-<!ENTITY % common.table SYSTEM "common.table.dtd" >
-%common.table;
-
-<!ELEMENT book                (header,
-			       insidecover?,
-			       pagetext,
-			       preamble,
-			       (applications|parts|headline|pagetext)+,
-				(listoffigures?,
-				 listoftables?,
-				 listofterms?,
-				 bibliography?,
-				 index?)) >
-
-<!ELEMENT pagetext	      (#PCDATA) >
-<!ELEMENT preamble	      (contents?,preface?) >
-<!ELEMENT preface	      (title?,(%block;|quote|br|marker|warning|note|table)*) >
-
-<!ELEMENT insidecover         (#PCDATA|br|theheader|vfill|vspace|tt|bold|
-			       include)* >
-<!ELEMENT tt                  (#PCDATA|br|theheader|vfill)* >
-<!ELEMENT bold                (#PCDATA|br|theheader|vfill)* >
-<!ELEMENT vfill               EMPTY >
-<!ELEMENT theheader           EMPTY >
-<!ATTLIST theheader           tag  (title|prepared|responsible|docno|
-				    approved|checked|date|rev|file|
-				    abbreviation|
-				    none) "none" >
-
-
-<!ELEMENT applications        (include)* >
-<!ELEMENT parts               (title?,description?,(include|onepart)*) >
-<!ATTLIST parts               lift (yes|no) "no" >
-<!ELEMENT headline            (#PCDATA) >
-<!ELEMENT index               EMPTY >
-<!ELEMENT listoffigures       EMPTY >
-<!ELEMENT listoftables        EMPTY >
-<!ELEMENT listofterms         EMPTY >
-<!ELEMENT bibliography        EMPTY >
-<!ELEMENT contents            EMPTY >
-<!ATTLIST contents            level (0|1|2|3) "2">
-
-<!ELEMENT onepart             (title?,description?,include+) >
-<!ATTLIST onepart             lift (yes|no) "no" >
-
-<!ELEMENT description	      (%block;|quote|br|marker|warning|note)* >
-
-<!ELEMENT include             EMPTY >
-<!ATTLIST include             file CDATA #REQUIRED>
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/bookinsidecover.dtd b/lib/erl_docgen/priv/docbuilder_dtd/bookinsidecover.dtd
deleted file mode 100644
index d6efbef6a4..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/bookinsidecover.dtd
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!ENTITY % ISOlat1 SYSTEM "xhtml-lat1.ent" >
-%ISOlat1;
-
-<!ENTITY amp    "&#x0026;" >
-<!ENTITY gt     "&#x003E;" >
-<!ENTITY lt     "&#x003C;" >
-
-<!ELEMENT bookinsidecover     (#PCDATA|br|theheader|vfill|tt|bold)* >
-
-<!ELEMENT tt                  (#PCDATA|br|theheader|vfill)* >
-<!ELEMENT bold                (#PCDATA|br|theheader|vfill)* >
-<!ELEMENT vfill               EMPTY >
-<!ELEMENT theheader           EMPTY >
-<!ATTLIST theheader           tag  (title|prepared|responsible|docno|
-				    approved|checked|date|rev|file|
-				    none) "none" >
-
-<!ELEMENT br                  EMPTY >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/chapter.dtd b/lib/erl_docgen/priv/docbuilder_dtd/chapter.dtd
deleted file mode 100644
index eb2c96b04f..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/chapter.dtd
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common SYSTEM "common.dtd" >
-%common;
-<!ENTITY % common.header SYSTEM "common.header.dtd" >
-%common.header;
-<!ENTITY % common.table SYSTEM "common.table.dtd" >
-%common.table;
-<!ENTITY % common.image SYSTEM "common.image.dtd" >
-%common.image;
-
-<!-- Structure -->
-
-<!ELEMENT chapter             (header,(%block;|quote|warning|note|br|
-                               image|marker|table)*,section+) >
-<!ELEMENT section             (marker*,title,
-                               (%block;|quote|warning|note|br|image|marker|
-                                table|section)*) >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/cites.dtd b/lib/erl_docgen/priv/docbuilder_dtd/cites.dtd
deleted file mode 100644
index 334574bff9..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/cites.dtd
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!ENTITY % ISOlat1 SYSTEM "xhtml-lat1.ent" >
-%ISOlat1;
-
-<!ENTITY amp    "&#x0026;" >
-<!ENTITY gt     "&#x003E;" >
-<!ENTITY lt     "&#x003C;" >
-
-<!-- Structure -->
-
-<!ELEMENT cites               (cite)* >
-<!ELEMENT cite                (id, shortdef, def, resp?) >
-<!ELEMENT id                  (#PCDATA) >
-<!ELEMENT shortdef            (#PCDATA) >
-<!ELEMENT def                 (#PCDATA|c|em)* >
-<!ELEMENT resp                (#PCDATA) >
-<!ELEMENT c                   (#PCDATA) >
-<!ELEMENT em                  (#PCDATA|c)* >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/common.entities.dtd b/lib/erl_docgen/priv/docbuilder_dtd/common.entities.dtd
deleted file mode 100644
index f893ecd070..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/common.entities.dtd
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!ENTITY % ISOlat1 SYSTEM "xhtml-lat1.ent" >
-%ISOlat1;
-
-<!ENTITY amp    "&#x0026;" >
-<!ENTITY gt     "&#x003E;" >
-<!ENTITY lt     "&#x003C;" >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/common.header.dtd b/lib/erl_docgen/priv/docbuilder_dtd/common.header.dtd
deleted file mode 100644
index d422a89693..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/common.header.dtd
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!ELEMENT header              (copyright?,legalnotice?,title,shorttitle?,
-                               prepared,responsible?,docno,approved?,
-                               checked?,date,rev,file?) >
-
-<!--
-The titlestyle attribute is only defined to make all the book.xml files
-go through the validation. The attribute is not used for anything
--->
-<!ATTLIST header	      titlestyle (special|normal) "normal">
-
-<!ELEMENT title               (#PCDATA) >
-<!ELEMENT shorttitle          (#PCDATA) >
-<!ELEMENT prepared            (#PCDATA) >
-<!ELEMENT responsible         (#PCDATA) >
-<!ELEMENT docno               (#PCDATA) >
-<!ELEMENT approved            (#PCDATA) >
-<!ELEMENT checked             (#PCDATA) >
-<!ELEMENT copyright           (year+,holder*) >
-<!ELEMENT legalnotice         (#PCDATA) >
-<!ELEMENT date                (#PCDATA) >
-<!ELEMENT rev                 (#PCDATA) >
-<!ELEMENT file                (#PCDATA) >
-<!ELEMENT year                (#PCDATA) >
-<!ELEMENT holder              (#PCDATA) >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/common.image.dtd b/lib/erl_docgen/priv/docbuilder_dtd/common.image.dtd
deleted file mode 100644
index fc95a669dd..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/common.image.dtd
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!ELEMENT image	              (icaption) >
-<!ATTLIST image		      file CDATA #REQUIRED >
-<!ELEMENT icaption            (#PCDATA) >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/common.table.dtd b/lib/erl_docgen/priv/docbuilder_dtd/common.table.dtd
deleted file mode 100644
index 7741da1018..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/common.table.dtd
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!ELEMENT table               (row+,tcaption) >
-<!ATTLIST table               align  (left|center|right) "center" >
-<!ELEMENT row                 (cell+) >
-<!ELEMENT cell                (%inline;)* >
-<!ATTLIST cell                align  (left|center|right) "left"
-                              valign (top|middle|bottom) "middle" >
-<!ELEMENT tcaption            (#PCDATA) >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/comref.dtd b/lib/erl_docgen/priv/docbuilder_dtd/comref.dtd
deleted file mode 100644
index fcdea625d5..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/comref.dtd
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common.refs SYSTEM "common.refs.dtd" >
-%common.refs;
-
-<!ELEMENT comref              (header,com,comsummary,description, 
-			       (section|funcs)*,authors?) >
-<!ELEMENT com                 (#PCDATA) >
-<!ELEMENT comsummary          (#PCDATA) >
-
-<!-- `name' is used in common.refs.dtd and must therefore 
-      be defined in each *ref. dtd -->
-<!ELEMENT name                (#PCDATA) >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/cref.dtd b/lib/erl_docgen/priv/docbuilder_dtd/cref.dtd
deleted file mode 100644
index e43bb2bf51..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/cref.dtd
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common.refs SYSTEM "common.refs.dtd" >
-%common.refs;
-
-<!ELEMENT cref                (header,lib,libsummary,description, 
-			       (section|funcs)*,authors?) >
-<!ELEMENT lib                 (#PCDATA) >
-<!ELEMENT libsummary          (#PCDATA) >
-
-<!-- `name' is used in common.refs.dtd and must therefore 
-      be defined in each *ref. dtd -->
-<!ELEMENT name                (ret,nametext) >
-<!ELEMENT ret                 (#PCDATA) >
-<!ELEMENT nametext            (#PCDATA) >
-
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/fascicules.dtd b/lib/erl_docgen/priv/docbuilder_dtd/fascicules.dtd
deleted file mode 100644
index b14276a2c0..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/fascicules.dtd
+++ /dev/null
@@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % ISOlat1 SYSTEM "xhtml-lat1.ent" >
-%ISOlat1;
-
-<!ENTITY amp    "&#x0026;" >
-<!ENTITY gt     "&#x003E;" >
-<!ENTITY lt     "&#x003C;" >
-
-<!-- Structure -->
-
-<!ELEMENT fascicules          (fascicule)+ >
-<!ELEMENT fascicule           (#PCDATA) >
-<!ATTLIST fascicule           file CDATA #REQUIRED
-                              href CDATA #REQUIRED
-                              entry (yes|no) "no" >
-
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/fileref.dtd b/lib/erl_docgen/priv/docbuilder_dtd/fileref.dtd
deleted file mode 100644
index 5a1cc54afe..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/fileref.dtd
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common.refs SYSTEM "common.refs.dtd" >
-%common.refs;
-
-<!ELEMENT fileref             (header,file,filesummary,description, 
-			       (section|funcs)*,authors?) >
-<!-- Note: ELEMENT file is already defined -->
-<!ELEMENT filesummary         (#PCDATA) >
-
-<!-- `name' is used in common.refs.dtd and must therefore 
-      be defined in each *ref. dtd -->
-<!ELEMENT name                (#PCDATA) >
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/part.dtd b/lib/erl_docgen/priv/docbuilder_dtd/part.dtd
deleted file mode 100644
index 3f97199042..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/part.dtd
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % common SYSTEM "common.dtd" >
-%common;
-<!ENTITY % common.header SYSTEM "common.header.dtd" >
-%common.header;
-
-<!ELEMENT part                (header,description?,include+) >
-<!ELEMENT description         (%block;|quote|br|marker|warning|note)* >
-<!ELEMENT include             EMPTY >
-<!ATTLIST include             file CDATA #REQUIRED>
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/report.dtd b/lib/erl_docgen/priv/docbuilder_dtd/report.dtd
deleted file mode 100644
index 3d07e6e5a7..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/report.dtd
+++ /dev/null
@@ -1,138 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-
-<!ENTITY % ISOlat1 SYSTEM "xhtml-lat1.ent" >
-%ISOlat1;
-
-<!ENTITY amp    "&#x0026;" >
-<!ENTITY gt     "&#x003E;" >
-<!ENTITY lt     "&#x003C;" >
-
-<!ENTITY % header             "title,prepared,responsible,docno,approved,
-                               checked,date,rev,file" >
-<!ENTITY % block              "p|pre|code|list|taglist|erlinclude|
-                               codeinclude|erleval" >
-<!ENTITY % inline             "#PCDATA|i|b|c|em|term|cite|br|path|seealso|
-                               url|marker" >
-
-<!-- Structure -->
-
-<!ELEMENT report              (header,section+) >
-<!ELEMENT header              (title,prepared,responsible?,docno,approved?,
-                               checked?,date,rev,file?) >
-<!ELEMENT title               (#PCDATA) >
-<!ELEMENT prepared            (#PCDATA) >
-<!ELEMENT responsible         (#PCDATA) >
-<!ELEMENT docno               (#PCDATA) >
-<!ELEMENT approved            (#PCDATA) >
-<!ELEMENT checked             (#PCDATA) >
-<!ELEMENT date                (#PCDATA) >
-<!ELEMENT rev                 (#PCDATA) >
-<!ELEMENT file                (#PCDATA) >
-
-<!ELEMENT section             (marker*,title,
-                               (%block;|quote|warning|note|br|image|marker|
-                                table|section)*) >
-<!ELEMENT p                   (%inline;|index)* >
-<!ELEMENT pre                 (#PCDATA|seealso|url|input)* >
-<!ELEMENT input               (#PCDATA|seealso|url)* >
-<!ELEMENT code                (#PCDATA) >
-<!ATTLIST code                type (erl|c|none) "none" >
-<!ELEMENT quote               (p)* >
-<!ELEMENT warning             (%block;|quote|br|image|marker|table)* >
-<!ELEMENT note                (%block;|quote|br|image|marker|table)* >
-<!ELEMENT i                   (#PCDATA|b|c|em)* >
-<!ELEMENT b                   (#PCDATA|i|c|em)* >
-<!ELEMENT c                   (#PCDATA) >
-<!ELEMENT em                  (#PCDATA|i|b|c)* >
-<!ELEMENT term                (termdef?) >
-<!ATTLIST term                id CDATA #REQUIRED >
-<!ELEMENT termdef             (#PCDATA) >
-<!ELEMENT cite                (citedef?) >
-<!ATTLIST cite                id CDATA #REQUIRED >
-<!ELEMENT citedef             (ctitle,cauthor,chowpublished) >
-<!ELEMENT ctitle              (#PCDATA) >
-<!ELEMENT cauthor             (#PCDATA) >
-<!ELEMENT chowpublished       (#PCDATA) >
-<!ELEMENT br                  EMPTY >
-
-<!-- Path -->
-
-<!ELEMENT path                (#PCDATA) >
-<!ATTLIST path                unix CDATA ""
-                              windows CDATA "" >
-
-<!-- List -->
-
-<!ELEMENT list                (item+) >
-<!ATTLIST list                type (ordered|bulleted) "bulleted" >
-<!ELEMENT taglist             (tag,item)+ >
-<!ELEMENT tag                 (#PCDATA|i|b|c|em|seealso|url)* >
-<!ELEMENT item                (%inline;|%block;)* >
-
-<!-- Image -->
-
-<!ELEMENT image	              (icaption?) >
-<!ATTLIST image		      file CDATA #REQUIRED >
-<!ELEMENT icaption            (#PCDATA) >
-
-<!-- References -->
-
-<!ELEMENT seealso             (#PCDATA) >
-<!ATTLIST seealso             marker CDATA #REQUIRED >
-<!ELEMENT url                 (#PCDATA) >
-<!ATTLIST url                 href CDATA #REQUIRED >
-<!ELEMENT marker              EMPTY >
-<!ATTLIST marker              id CDATA #REQUIRED >
-
-<!-- Table -->
-
-<!ELEMENT table               (row+,tcaption?) >
-<!ATTLIST table               width CDATA "0"
-                              colspec CDATA "" >
-<!ELEMENT row                 (cell+) >
-<!ELEMENT cell                (%inline;)* >
-<!ATTLIST cell                align  (left|center|right) "left"
-                              valign (top|middle|bottom) "middle" >
-<!ELEMENT tcaption            (#PCDATA) >
-
-<!-- ErlInclude -->
-
-<!ELEMENT erlinclude          EMPTY >
-<!ATTLIST erlinclude          file CDATA #REQUIRED
-                              tag  CDATA #REQUIRED >
-
-<!-- CodeInclude -->
-
-<!ELEMENT codeinclude         EMPTY >
-<!ATTLIST codeinclude         file CDATA #REQUIRED
-                              tag  CDATA ""
-                              type (erl|c|none) "none" >
-
-<!-- ErlEval -->
-
-<!ELEMENT erleval             EMPTY >
-<!ATTLIST erleval             expr CDATA #REQUIRED >
-
-<!-- Index FOR COMPATIBILITY -->
-
-<!ELEMENT index               EMPTY >
-<!ATTLIST index               txt CDATA #REQUIRED >
-
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/terms.dtd b/lib/erl_docgen/priv/docbuilder_dtd/terms.dtd
deleted file mode 100644
index 6105ec593e..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/terms.dtd
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
- ``The contents of this file are subject to the Erlang Public License,
- Version 1.1, (the "License"); you may not use this file except in
- compliance with the License. You should have received a copy of the
- Erlang Public License along with this software. If not, it can be
- retrieved via the world wide web at http://www.erlang.org/.
- 
- Software distributed under the License is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
- the License for the specific language governing rights and limitations
- under the License.
- 
- The Initial Developer of the Original Code is Ericsson AB.
- Portions created by Ericsson are Copyright 1999-2007, Ericsson AB.
- All Rights Reserved.''
- 
-     $Id$
--->
-<!ENTITY % ISOlat1 SYSTEM "xhtml-lat1.ent" >
-%ISOlat1;
-
-<!ENTITY amp    "&#x0026;" >
-<!ENTITY gt     "&#x003E;" >
-<!ENTITY lt     "&#x003C;" >
-
-<!-- Structure -->
-
-<!ELEMENT terms               (term)* >
-<!ELEMENT term                (id, shortdef, def, resp?) >
-<!ELEMENT id                  (#PCDATA) >
-<!ELEMENT shortdef            (#PCDATA) >
-<!ELEMENT def                 (#PCDATA|c|em)* >
-<!ELEMENT resp                (#PCDATA) >
-<!ELEMENT c                   (#PCDATA) >
-<!ELEMENT em                  (#PCDATA|c)* >
-
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-frameset.dtd b/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-frameset.dtd
deleted file mode 100644
index d128f2eb7c..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-frameset.dtd
+++ /dev/null
@@ -1,1235 +0,0 @@
-<!--
-   Extensible HTML version 1.0 Frameset DTD
-
-   This is the same as HTML 4 Frameset except for
-   changes due to the differences between XML and SGML.
-
-   Namespace = http://www.w3.org/1999/xhtml
-
-   For further information, see: http://www.w3.org/TR/xhtml1
-
-   Copyright (c) 1998-2002 W3C (MIT, INRIA, Keio),
-   All Rights Reserved. 
-
-   This DTD module is identified by the PUBLIC and SYSTEM identifiers:
-
-   PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
-   SYSTEM "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"
-
-   $Revision: 1.2 $
-   $Date: 2002/08/01 18:37:55 $
-
--->
-
-<!--================ Character mnemonic entities =========================-->
-
-<!ENTITY % HTMLlat1 PUBLIC
-   "-//W3C//ENTITIES Latin 1 for XHTML//EN"
-   "xhtml-lat1.ent">
-%HTMLlat1;
-
-<!ENTITY % HTMLsymbol PUBLIC
-   "-//W3C//ENTITIES Symbols for XHTML//EN"
-   "xhtml-symbol.ent">
-%HTMLsymbol;
-
-<!ENTITY % HTMLspecial PUBLIC
-   "-//W3C//ENTITIES Special for XHTML//EN"
-   "xhtml-special.ent">
-%HTMLspecial;
-
-<!--================== Imported Names ====================================-->
-
-<!ENTITY % ContentType "CDATA">
-    <!-- media type, as per [RFC2045] -->
-
-<!ENTITY % ContentTypes "CDATA">
-    <!-- comma-separated list of media types, as per [RFC2045] -->
-
-<!ENTITY % Charset "CDATA">
-    <!-- a character encoding, as per [RFC2045] -->
-
-<!ENTITY % Charsets "CDATA">
-    <!-- a space separated list of character encodings, as per [RFC2045] -->
-
-<!ENTITY % LanguageCode "NMTOKEN">
-    <!-- a language code, as per [RFC3066] -->
-
-<!ENTITY % Character "CDATA">
-    <!-- a single character, as per section 2.2 of [XML] -->
-
-<!ENTITY % Number "CDATA">
-    <!-- one or more digits -->
-
-<!ENTITY % LinkTypes "CDATA">
-    <!-- space-separated list of link types -->
-
-<!ENTITY % MediaDesc "CDATA">
-    <!-- single or comma-separated list of media descriptors -->
-
-<!ENTITY % URI "CDATA">
-    <!-- a Uniform Resource Identifier, see [RFC2396] -->
-
-<!ENTITY % UriList "CDATA">
-    <!-- a space separated list of Uniform Resource Identifiers -->
-
-<!ENTITY % Datetime "CDATA">
-    <!-- date and time information. ISO date format -->
-
-<!ENTITY % Script "CDATA">
-    <!-- script expression -->
-
-<!ENTITY % StyleSheet "CDATA">
-    <!-- style sheet data -->
-
-<!ENTITY % Text "CDATA">
-    <!-- used for titles etc. -->
-
-<!ENTITY % FrameTarget "NMTOKEN">
-    <!-- render in this frame -->
-
-<!ENTITY % Length "CDATA">
-    <!-- nn for pixels or nn% for percentage length -->
-
-<!ENTITY % MultiLength "CDATA">
-    <!-- pixel, percentage, or relative -->
-
-<!ENTITY % MultiLengths "CDATA">
-    <!-- comma-separated list of MultiLength -->
-
-<!ENTITY % Pixels "CDATA">
-    <!-- integer representing length in pixels -->
-
-<!-- these are used for image maps -->
-
-<!ENTITY % Shape "(rect|circle|poly|default)">
-
-<!ENTITY % Coords "CDATA">
-    <!-- comma separated list of lengths -->
-
-<!-- used for object, applet, img, input and iframe -->
-<!ENTITY % ImgAlign "(top|middle|bottom|left|right)">
-
-<!-- a color using sRGB: #RRGGBB as Hex values -->
-<!ENTITY % Color "CDATA">
-
-<!-- There are also 16 widely known color names with their sRGB values:
-
-    Black  = #000000    Green  = #008000
-    Silver = #C0C0C0    Lime   = #00FF00
-    Gray   = #808080    Olive  = #808000
-    White  = #FFFFFF    Yellow = #FFFF00
-    Maroon = #800000    Navy   = #000080
-    Red    = #FF0000    Blue   = #0000FF
-    Purple = #800080    Teal   = #008080
-    Fuchsia= #FF00FF    Aqua   = #00FFFF
--->
-
-<!--=================== Generic Attributes ===============================-->
-
-<!-- core attributes common to most elements
-  id       document-wide unique id
-  class    space separated list of classes
-  style    associated style info
-  title    advisory title/amplification
--->
-<!ENTITY % coreattrs
- "id          ID             #IMPLIED
-  class       CDATA          #IMPLIED
-  style       %StyleSheet;   #IMPLIED
-  title       %Text;         #IMPLIED"
-  >
-
-<!-- internationalization attributes
-  lang        language code (backwards compatible)
-  xml:lang    language code (as per XML 1.0 spec)
-  dir         direction for weak/neutral text
--->
-<!ENTITY % i18n
- "lang        %LanguageCode; #IMPLIED
-  xml:lang    %LanguageCode; #IMPLIED
-  dir         (ltr|rtl)      #IMPLIED"
-  >
-
-<!-- attributes for common UI events
-  onclick     a pointer button was clicked
-  ondblclick  a pointer button was double clicked
-  onmousedown a pointer button was pressed down
-  onmouseup   a pointer button was released
-  onmousemove a pointer was moved onto the element
-  onmouseout  a pointer was moved away from the element
-  onkeypress  a key was pressed and released
-  onkeydown   a key was pressed down
-  onkeyup     a key was released
--->
-<!ENTITY % events
- "onclick     %Script;       #IMPLIED
-  ondblclick  %Script;       #IMPLIED
-  onmousedown %Script;       #IMPLIED
-  onmouseup   %Script;       #IMPLIED
-  onmouseover %Script;       #IMPLIED
-  onmousemove %Script;       #IMPLIED
-  onmouseout  %Script;       #IMPLIED
-  onkeypress  %Script;       #IMPLIED
-  onkeydown   %Script;       #IMPLIED
-  onkeyup     %Script;       #IMPLIED"
-  >
-
-<!-- attributes for elements that can get the focus
-  accesskey   accessibility key character
-  tabindex    position in tabbing order
-  onfocus     the element got the focus
-  onblur      the element lost the focus
--->
-<!ENTITY % focus
- "accesskey   %Character;    #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED"
-  >
-
-<!ENTITY % attrs "%coreattrs; %i18n; %events;">
-
-<!-- text alignment for p, div, h1-h6. The default is
-     align="left" for ltr headings, "right" for rtl -->
-
-<!ENTITY % TextAlign "align (left|center|right|justify) #IMPLIED">
-
-<!--=================== Text Elements ====================================-->
-
-<!ENTITY % special.extra
-   "object | applet | img | map | iframe">
-	
-<!ENTITY % special.basic
-	"br | span | bdo">
-
-<!ENTITY % special
-   "%special.basic; | %special.extra;">
-
-<!ENTITY % fontstyle.extra "big | small | font | basefont">
-
-<!ENTITY % fontstyle.basic "tt | i | b | u
-                      | s | strike ">
-
-<!ENTITY % fontstyle "%fontstyle.basic; | %fontstyle.extra;">
-
-<!ENTITY % phrase.extra "sub | sup">
-<!ENTITY % phrase.basic "em | strong | dfn | code | q |
-                   samp | kbd | var | cite | abbr | acronym">
-
-<!ENTITY % phrase "%phrase.basic; | %phrase.extra;">
-
-<!ENTITY % inline.forms "input | select | textarea | label | button">
-
-<!-- these can occur at block or inline level -->
-<!ENTITY % misc.inline "ins | del | script">
-
-<!-- these can only occur at block level -->
-<!ENTITY % misc "noscript | %misc.inline;">
-
-
-<!ENTITY % inline "a | %special; | %fontstyle; | %phrase; | %inline.forms;">
-
-<!-- %Inline; covers inline or "text-level" elements -->
-<!ENTITY % Inline "(#PCDATA | %inline; | %misc.inline;)*">
-
-<!--================== Block level elements ==============================-->
-
-<!ENTITY % heading "h1|h2|h3|h4|h5|h6">
-<!ENTITY % lists "ul | ol | dl | menu | dir">
-<!ENTITY % blocktext "pre | hr | blockquote | address | center">
-
-<!ENTITY % block
-    "p | %heading; | div | %lists; | %blocktext; | isindex | fieldset | table">
-
-<!-- %Flow; mixes block and inline and is used for list items etc. -->
-<!ENTITY % Flow "(#PCDATA | %block; | form | %inline; | %misc;)*">
-
-<!--================== Content models for exclusions =====================-->
-
-<!-- a elements use %Inline; excluding a -->
-
-<!ENTITY % a.content
-   "(#PCDATA | %special; | %fontstyle; | %phrase; | %inline.forms; | %misc.inline;)*">
-
-<!-- pre uses %Inline excluding img, object, applet, big, small,
-     sub, sup, font, or basefont -->
-
-<!ENTITY % pre.content
-   "(#PCDATA | a | %special.basic; | %fontstyle.basic; | %phrase.basic; |
-	   %inline.forms; | %misc.inline;)*">
-
-
-<!-- form uses %Flow; excluding form -->
-
-<!ENTITY % form.content "(#PCDATA | %block; | %inline; | %misc;)*">
-
-<!-- button uses %Flow; but excludes a, form, form controls, iframe -->
-
-<!ENTITY % button.content
-   "(#PCDATA | p | %heading; | div | %lists; | %blocktext; |
-      table | br | span | bdo | object | applet | img | map |
-      %fontstyle; | %phrase; | %misc;)*">
-
-<!--================ Document Structure ==================================-->
-
-<!-- the namespace URI designates the document profile -->
-
-<!ELEMENT html (head, frameset)>
-<!ATTLIST html
-  %i18n;
-  id          ID             #IMPLIED
-  xmlns       %URI;          #FIXED 'http://www.w3.org/1999/xhtml'
-  >
-
-<!--================ Document Head =======================================-->
-
-<!ENTITY % head.misc "(script|style|meta|link|object|isindex)*">
-
-<!-- content model is %head.misc; combined with a single
-     title and an optional base element in any order -->
-
-<!ELEMENT head (%head.misc;,
-     ((title, %head.misc;, (base, %head.misc;)?) |
-      (base, %head.misc;, (title, %head.misc;))))>
-
-<!ATTLIST head
-  %i18n;
-  id          ID             #IMPLIED
-  profile     %URI;          #IMPLIED
-  >
-
-<!-- The title element is not considered part of the flow of text.
-       It should be displayed, for example as the page header or
-       window title. Exactly one title is required per document.
-    -->
-<!ELEMENT title (#PCDATA)>
-<!ATTLIST title 
-  %i18n;
-  id          ID             #IMPLIED
-  >
-
-<!-- document base URI -->
-
-<!ELEMENT base EMPTY>
-<!ATTLIST base
-  id          ID             #IMPLIED
-  href        %URI;          #IMPLIED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!-- generic metainformation -->
-<!ELEMENT meta EMPTY>
-<!ATTLIST meta
-  %i18n;
-  id          ID             #IMPLIED
-  http-equiv  CDATA          #IMPLIED
-  name        CDATA          #IMPLIED
-  content     CDATA          #REQUIRED
-  scheme      CDATA          #IMPLIED
-  >
-
-<!--
-  Relationship values can be used in principle:
-
-   a) for document specific toolbars/menus when used
-      with the link element in document head e.g.
-        start, contents, previous, next, index, end, help
-   b) to link to a separate style sheet (rel="stylesheet")
-   c) to make a link to a script (rel="script")
-   d) by stylesheets to control how collections of
-      html nodes are rendered into printed documents
-   e) to make a link to a printable version of this document
-      e.g. a PostScript or PDF version (rel="alternate" media="print")
--->
-
-<!ELEMENT link EMPTY>
-<!ATTLIST link
-  %attrs;
-  charset     %Charset;      #IMPLIED
-  href        %URI;          #IMPLIED
-  hreflang    %LanguageCode; #IMPLIED
-  type        %ContentType;  #IMPLIED
-  rel         %LinkTypes;    #IMPLIED
-  rev         %LinkTypes;    #IMPLIED
-  media       %MediaDesc;    #IMPLIED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!-- style info, which may include CDATA sections -->
-<!ELEMENT style (#PCDATA)>
-<!ATTLIST style
-  %i18n;
-  id          ID             #IMPLIED
-  type        %ContentType;  #REQUIRED
-  media       %MediaDesc;    #IMPLIED
-  title       %Text;         #IMPLIED
-  xml:space   (preserve)     #FIXED 'preserve'
-  >
-
-<!-- script statements, which may include CDATA sections -->
-<!ELEMENT script (#PCDATA)>
-<!ATTLIST script
-  id          ID             #IMPLIED
-  charset     %Charset;      #IMPLIED
-  type        %ContentType;  #REQUIRED
-  language    CDATA          #IMPLIED
-  src         %URI;          #IMPLIED
-  defer       (defer)        #IMPLIED
-  xml:space   (preserve)     #FIXED 'preserve'
-  >
-
-<!-- alternate content container for non script-based rendering -->
-
-<!ELEMENT noscript %Flow;>
-<!ATTLIST noscript
-  %attrs;
-  >
-
-<!--======================= Frames =======================================-->
-
-<!-- only one noframes element permitted per document -->
-
-<!ELEMENT frameset (frameset|frame|noframes)*>
-<!ATTLIST frameset
-  %coreattrs;
-  rows        %MultiLengths; #IMPLIED
-  cols        %MultiLengths; #IMPLIED
-  onload      %Script;       #IMPLIED
-  onunload    %Script;       #IMPLIED
-  >
-
-<!-- reserved frame names start with "_" otherwise starts with letter -->
-
-<!-- tiled window within frameset -->
-
-<!ELEMENT frame EMPTY>
-<!ATTLIST frame
-  %coreattrs;
-  longdesc    %URI;          #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  src         %URI;          #IMPLIED
-  frameborder (1|0)          "1"
-  marginwidth %Pixels;       #IMPLIED
-  marginheight %Pixels;      #IMPLIED
-  noresize    (noresize)     #IMPLIED
-  scrolling   (yes|no|auto)  "auto"
-  >
-
-<!-- inline subwindow -->
-
-<!ELEMENT iframe %Flow;>
-<!ATTLIST iframe
-  %coreattrs;
-  longdesc    %URI;          #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  src         %URI;          #IMPLIED
-  frameborder (1|0)          "1"
-  marginwidth %Pixels;       #IMPLIED
-  marginheight %Pixels;      #IMPLIED
-  scrolling   (yes|no|auto)  "auto"
-  align       %ImgAlign;     #IMPLIED
-  height      %Length;       #IMPLIED
-  width       %Length;       #IMPLIED
-  >
-
-<!-- alternate content container for non frame-based rendering -->
-
-<!ELEMENT noframes (body)>
-<!ATTLIST noframes
-  %attrs;
-  >
-
-<!--=================== Document Body ====================================-->
-
-<!ELEMENT body %Flow;>
-<!ATTLIST body
-  %attrs;
-  onload      %Script;       #IMPLIED
-  onunload    %Script;       #IMPLIED
-  background  %URI;          #IMPLIED
-  bgcolor     %Color;        #IMPLIED
-  text        %Color;        #IMPLIED
-  link        %Color;        #IMPLIED
-  vlink       %Color;        #IMPLIED
-  alink       %Color;        #IMPLIED
-  >
-
-<!ELEMENT div %Flow;>  <!-- generic language/style container -->
-<!ATTLIST div
-  %attrs;
-  %TextAlign;
-  >
-
-<!--=================== Paragraphs =======================================-->
-
-<!ELEMENT p %Inline;>
-<!ATTLIST p
-  %attrs;
-  %TextAlign;
-  >
-
-<!--=================== Headings =========================================-->
-
-<!--
-  There are six levels of headings from h1 (the most important)
-  to h6 (the least important).
--->
-
-<!ELEMENT h1  %Inline;>
-<!ATTLIST h1
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h2 %Inline;>
-<!ATTLIST h2
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h3 %Inline;>
-<!ATTLIST h3
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h4 %Inline;>
-<!ATTLIST h4
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h5 %Inline;>
-<!ATTLIST h5
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h6 %Inline;>
-<!ATTLIST h6
-  %attrs;
-  %TextAlign;
-  >
-
-<!--=================== Lists ============================================-->
-
-<!-- Unordered list bullet styles -->
-
-<!ENTITY % ULStyle "(disc|square|circle)">
-
-<!-- Unordered list -->
-
-<!ELEMENT ul (li)+>
-<!ATTLIST ul
-  %attrs;
-  type        %ULStyle;     #IMPLIED
-  compact     (compact)     #IMPLIED
-  >
-
-<!-- Ordered list numbering style
-
-    1   arabic numbers      1, 2, 3, ...
-    a   lower alpha         a, b, c, ...
-    A   upper alpha         A, B, C, ...
-    i   lower roman         i, ii, iii, ...
-    I   upper roman         I, II, III, ...
-
-    The style is applied to the sequence number which by default
-    is reset to 1 for the first list item in an ordered list.
--->
-<!ENTITY % OLStyle "CDATA">
-
-<!-- Ordered (numbered) list -->
-
-<!ELEMENT ol (li)+>
-<!ATTLIST ol
-  %attrs;
-  type        %OLStyle;      #IMPLIED
-  compact     (compact)      #IMPLIED
-  start       %Number;       #IMPLIED
-  >
-
-<!-- single column list (DEPRECATED) --> 
-<!ELEMENT menu (li)+>
-<!ATTLIST menu
-  %attrs;
-  compact     (compact)     #IMPLIED
-  >
-
-<!-- multiple column list (DEPRECATED) --> 
-<!ELEMENT dir (li)+>
-<!ATTLIST dir
-  %attrs;
-  compact     (compact)     #IMPLIED
-  >
-
-<!-- LIStyle is constrained to: "(%ULStyle;|%OLStyle;)" -->
-<!ENTITY % LIStyle "CDATA">
-
-<!-- list item -->
-
-<!ELEMENT li %Flow;>
-<!ATTLIST li
-  %attrs;
-  type        %LIStyle;      #IMPLIED
-  value       %Number;       #IMPLIED
-  >
-
-<!-- definition lists - dt for term, dd for its definition -->
-
-<!ELEMENT dl (dt|dd)+>
-<!ATTLIST dl
-  %attrs;
-  compact     (compact)      #IMPLIED
-  >
-
-<!ELEMENT dt %Inline;>
-<!ATTLIST dt
-  %attrs;
-  >
-
-<!ELEMENT dd %Flow;>
-<!ATTLIST dd
-  %attrs;
-  >
-
-<!--=================== Address ==========================================-->
-
-<!-- information on author -->
-
-<!ELEMENT address (#PCDATA | %inline; | %misc.inline; | p)*>
-<!ATTLIST address
-  %attrs;
-  >
-
-<!--=================== Horizontal Rule ==================================-->
-
-<!ELEMENT hr EMPTY>
-<!ATTLIST hr
-  %attrs;
-  align       (left|center|right) #IMPLIED
-  noshade     (noshade)      #IMPLIED
-  size        %Pixels;       #IMPLIED
-  width       %Length;       #IMPLIED
-  >
-
-<!--=================== Preformatted Text ================================-->
-
-<!-- content is %Inline; excluding 
-        "img|object|applet|big|small|sub|sup|font|basefont" -->
-
-<!ELEMENT pre %pre.content;>
-<!ATTLIST pre
-  %attrs;
-  width       %Number;      #IMPLIED
-  xml:space   (preserve)    #FIXED 'preserve'
-  >
-
-<!--=================== Block-like Quotes ================================-->
-
-<!ELEMENT blockquote %Flow;>
-<!ATTLIST blockquote
-  %attrs;
-  cite        %URI;          #IMPLIED
-  >
-
-<!--=================== Text alignment ===================================-->
-
-<!-- center content -->
-<!ELEMENT center %Flow;>
-<!ATTLIST center
-  %attrs;
-  >
-
-<!--=================== Inserted/Deleted Text ============================-->
-
-
-<!--
-  ins/del are allowed in block and inline content, but its
-  inappropriate to include block content within an ins element
-  occurring in inline content.
--->
-<!ELEMENT ins %Flow;>
-<!ATTLIST ins
-  %attrs;
-  cite        %URI;          #IMPLIED
-  datetime    %Datetime;     #IMPLIED
-  >
-
-<!ELEMENT del %Flow;>
-<!ATTLIST del
-  %attrs;
-  cite        %URI;          #IMPLIED
-  datetime    %Datetime;     #IMPLIED
-  >
-
-<!--================== The Anchor Element ================================-->
-
-<!-- content is %Inline; except that anchors shouldn't be nested -->
-
-<!ELEMENT a %a.content;>
-<!ATTLIST a
-  %attrs;
-  %focus;
-  charset     %Charset;      #IMPLIED
-  type        %ContentType;  #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  href        %URI;          #IMPLIED
-  hreflang    %LanguageCode; #IMPLIED
-  rel         %LinkTypes;    #IMPLIED
-  rev         %LinkTypes;    #IMPLIED
-  shape       %Shape;        "rect"
-  coords      %Coords;       #IMPLIED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!--===================== Inline Elements ================================-->
-
-<!ELEMENT span %Inline;> <!-- generic language/style container -->
-<!ATTLIST span
-  %attrs;
-  >
-
-<!ELEMENT bdo %Inline;>  <!-- I18N BiDi over-ride -->
-<!ATTLIST bdo
-  %coreattrs;
-  %events;
-  lang        %LanguageCode; #IMPLIED
-  xml:lang    %LanguageCode; #IMPLIED
-  dir         (ltr|rtl)      #REQUIRED
-  >
-
-<!ELEMENT br EMPTY>   <!-- forced line break -->
-<!ATTLIST br
-  %coreattrs;
-  clear       (left|all|right|none) "none"
-  >
-
-<!ELEMENT em %Inline;>   <!-- emphasis -->
-<!ATTLIST em %attrs;>
-
-<!ELEMENT strong %Inline;>   <!-- strong emphasis -->
-<!ATTLIST strong %attrs;>
-
-<!ELEMENT dfn %Inline;>   <!-- definitional -->
-<!ATTLIST dfn %attrs;>
-
-<!ELEMENT code %Inline;>   <!-- program code -->
-<!ATTLIST code %attrs;>
-
-<!ELEMENT samp %Inline;>   <!-- sample -->
-<!ATTLIST samp %attrs;>
-
-<!ELEMENT kbd %Inline;>  <!-- something user would type -->
-<!ATTLIST kbd %attrs;>
-
-<!ELEMENT var %Inline;>   <!-- variable -->
-<!ATTLIST var %attrs;>
-
-<!ELEMENT cite %Inline;>   <!-- citation -->
-<!ATTLIST cite %attrs;>
-
-<!ELEMENT abbr %Inline;>   <!-- abbreviation -->
-<!ATTLIST abbr %attrs;>
-
-<!ELEMENT acronym %Inline;>   <!-- acronym -->
-<!ATTLIST acronym %attrs;>
-
-<!ELEMENT q %Inline;>   <!-- inlined quote -->
-<!ATTLIST q
-  %attrs;
-  cite        %URI;          #IMPLIED
-  >
-
-<!ELEMENT sub %Inline;> <!-- subscript -->
-<!ATTLIST sub %attrs;>
-
-<!ELEMENT sup %Inline;> <!-- superscript -->
-<!ATTLIST sup %attrs;>
-
-<!ELEMENT tt %Inline;>   <!-- fixed pitch font -->
-<!ATTLIST tt %attrs;>
-
-<!ELEMENT i %Inline;>   <!-- italic font -->
-<!ATTLIST i %attrs;>
-
-<!ELEMENT b %Inline;>   <!-- bold font -->
-<!ATTLIST b %attrs;>
-
-<!ELEMENT big %Inline;>   <!-- bigger font -->
-<!ATTLIST big %attrs;>
-
-<!ELEMENT small %Inline;>   <!-- smaller font -->
-<!ATTLIST small %attrs;>
-
-<!ELEMENT u %Inline;>   <!-- underline -->
-<!ATTLIST u %attrs;>
-
-<!ELEMENT s %Inline;>   <!-- strike-through -->
-<!ATTLIST s %attrs;>
-
-<!ELEMENT strike %Inline;>   <!-- strike-through -->
-<!ATTLIST strike %attrs;>
-
-<!ELEMENT basefont EMPTY>  <!-- base font size -->
-<!ATTLIST basefont
-  id          ID             #IMPLIED
-  size        CDATA          #REQUIRED
-  color       %Color;        #IMPLIED
-  face        CDATA          #IMPLIED
-  >
-
-<!ELEMENT font %Inline;> <!-- local change to font -->
-<!ATTLIST font
-  %coreattrs;
-  %i18n;
-  size        CDATA          #IMPLIED
-  color       %Color;        #IMPLIED
-  face        CDATA          #IMPLIED
-  >
-
-<!--==================== Object ======================================-->
-<!--
-  object is used to embed objects as part of HTML pages.
-  param elements should precede other content. Parameters
-  can also be expressed as attribute/value pairs on the
-  object element itself when brevity is desired.
--->
-
-<!ELEMENT object (#PCDATA | param | %block; | form |%inline; | %misc;)*>
-<!ATTLIST object
-  %attrs;
-  declare     (declare)      #IMPLIED
-  classid     %URI;          #IMPLIED
-  codebase    %URI;          #IMPLIED
-  data        %URI;          #IMPLIED
-  type        %ContentType;  #IMPLIED
-  codetype    %ContentType;  #IMPLIED
-  archive     %UriList;      #IMPLIED
-  standby     %Text;         #IMPLIED
-  height      %Length;       #IMPLIED
-  width       %Length;       #IMPLIED
-  usemap      %URI;          #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  align       %ImgAlign;     #IMPLIED
-  border      %Pixels;       #IMPLIED
-  hspace      %Pixels;       #IMPLIED
-  vspace      %Pixels;       #IMPLIED
-  >
-
-<!--
-  param is used to supply a named property value.
-  In XML it would seem natural to follow RDF and support an
-  abbreviated syntax where the param elements are replaced
-  by attribute value pairs on the object start tag.
--->
-<!ELEMENT param EMPTY>
-<!ATTLIST param
-  id          ID             #IMPLIED
-  name        CDATA          #REQUIRED
-  value       CDATA          #IMPLIED
-  valuetype   (data|ref|object) "data"
-  type        %ContentType;  #IMPLIED
-  >
-
-<!--=================== Java applet ==================================-->
-<!--
-  One of code or object attributes must be present.
-  Place param elements before other content.
--->
-<!ELEMENT applet (#PCDATA | param | %block; | form | %inline; | %misc;)*>
-<!ATTLIST applet
-  %coreattrs;
-  codebase    %URI;          #IMPLIED
-  archive     CDATA          #IMPLIED
-  code        CDATA          #IMPLIED
-  object      CDATA          #IMPLIED
-  alt         %Text;         #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  width       %Length;       #REQUIRED
-  height      %Length;       #REQUIRED
-  align       %ImgAlign;     #IMPLIED
-  hspace      %Pixels;       #IMPLIED
-  vspace      %Pixels;       #IMPLIED
-  >
-
-<!--=================== Images ===========================================-->
-
-<!--
-   To avoid accessibility problems for people who aren't
-   able to see the image, you should provide a text
-   description using the alt and longdesc attributes.
-   In addition, avoid the use of server-side image maps.
--->
-
-<!ELEMENT img EMPTY>
-<!ATTLIST img
-  %attrs;
-  src         %URI;          #REQUIRED
-  alt         %Text;         #REQUIRED
-  name        NMTOKEN        #IMPLIED
-  longdesc    %URI;          #IMPLIED
-  height      %Length;       #IMPLIED
-  width       %Length;       #IMPLIED
-  usemap      %URI;          #IMPLIED
-  ismap       (ismap)        #IMPLIED
-  align       %ImgAlign;     #IMPLIED
-  border      %Pixels;       #IMPLIED
-  hspace      %Pixels;       #IMPLIED
-  vspace      %Pixels;       #IMPLIED
-  >
-
-<!-- usemap points to a map element which may be in this document
-  or an external document, although the latter is not widely supported -->
-
-<!--================== Client-side image maps ============================-->
-
-<!-- These can be placed in the same document or grouped in a
-     separate document although this isn't yet widely supported -->
-
-<!ELEMENT map ((%block; | form | %misc;)+ | area+)>
-<!ATTLIST map
-  %i18n;
-  %events;
-  id          ID             #REQUIRED
-  class       CDATA          #IMPLIED
-  style       %StyleSheet;   #IMPLIED
-  title       %Text;         #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  >
-
-<!ELEMENT area EMPTY>
-<!ATTLIST area
-  %attrs;
-  %focus;
-  shape       %Shape;        "rect"
-  coords      %Coords;       #IMPLIED
-  href        %URI;          #IMPLIED
-  nohref      (nohref)       #IMPLIED
-  alt         %Text;         #REQUIRED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!--================ Forms ===============================================-->
-
-<!ELEMENT form %form.content;>   <!-- forms shouldn't be nested -->
-
-<!ATTLIST form
-  %attrs;
-  action      %URI;          #REQUIRED
-  method      (get|post)     "get"
-  name        NMTOKEN        #IMPLIED
-  enctype     %ContentType;  "application/x-www-form-urlencoded"
-  onsubmit    %Script;       #IMPLIED
-  onreset     %Script;       #IMPLIED
-  accept      %ContentTypes; #IMPLIED
-  accept-charset %Charsets;  #IMPLIED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!--
-  Each label must not contain more than ONE field
-  Label elements shouldn't be nested.
--->
-<!ELEMENT label %Inline;>
-<!ATTLIST label
-  %attrs;
-  for         IDREF          #IMPLIED
-  accesskey   %Character;    #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED
-  >
-
-<!ENTITY % InputType
-  "(text | password | checkbox |
-    radio | submit | reset |
-    file | hidden | image | button)"
-   >
-
-<!-- the name attribute is required for all but submit & reset -->
-
-<!ELEMENT input EMPTY>     <!-- form control -->
-<!ATTLIST input
-  %attrs;
-  %focus;
-  type        %InputType;    "text"
-  name        CDATA          #IMPLIED
-  value       CDATA          #IMPLIED
-  checked     (checked)      #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  readonly    (readonly)     #IMPLIED
-  size        CDATA          #IMPLIED
-  maxlength   %Number;       #IMPLIED
-  src         %URI;          #IMPLIED
-  alt         CDATA          #IMPLIED
-  usemap      %URI;          #IMPLIED
-  onselect    %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  accept      %ContentTypes; #IMPLIED
-  align       %ImgAlign;     #IMPLIED
-  >
-
-<!ELEMENT select (optgroup|option)+>  <!-- option selector -->
-<!ATTLIST select
-  %attrs;
-  name        CDATA          #IMPLIED
-  size        %Number;       #IMPLIED
-  multiple    (multiple)     #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  >
-
-<!ELEMENT optgroup (option)+>   <!-- option group -->
-<!ATTLIST optgroup
-  %attrs;
-  disabled    (disabled)     #IMPLIED
-  label       %Text;         #REQUIRED
-  >
-
-<!ELEMENT option (#PCDATA)>     <!-- selectable choice -->
-<!ATTLIST option
-  %attrs;
-  selected    (selected)     #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  label       %Text;         #IMPLIED
-  value       CDATA          #IMPLIED
-  >
-
-<!ELEMENT textarea (#PCDATA)>     <!-- multi-line text field -->
-<!ATTLIST textarea
-  %attrs;
-  %focus;
-  name        CDATA          #IMPLIED
-  rows        %Number;       #REQUIRED
-  cols        %Number;       #REQUIRED
-  disabled    (disabled)     #IMPLIED
-  readonly    (readonly)     #IMPLIED
-  onselect    %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  >
-
-<!--
-  The fieldset element is used to group form fields.
-  Only one legend element should occur in the content
-  and if present should only be preceded by whitespace.
--->
-<!ELEMENT fieldset (#PCDATA | legend | %block; | form | %inline; | %misc;)*>
-<!ATTLIST fieldset
-  %attrs;
-  >
-
-<!ENTITY % LAlign "(top|bottom|left|right)">
-
-<!ELEMENT legend %Inline;>     <!-- fieldset label -->
-<!ATTLIST legend
-  %attrs;
-  accesskey   %Character;    #IMPLIED
-  align       %LAlign;       #IMPLIED
-  >
-
-<!--
- Content is %Flow; excluding a, form, form controls, iframe
---> 
-<!ELEMENT button %button.content;>  <!-- push button -->
-<!ATTLIST button
-  %attrs;
-  %focus;
-  name        CDATA          #IMPLIED
-  value       CDATA          #IMPLIED
-  type        (button|submit|reset) "submit"
-  disabled    (disabled)     #IMPLIED
-  >
-
-<!-- single-line text input control (DEPRECATED) -->
-<!ELEMENT isindex EMPTY>
-<!ATTLIST isindex
-  %coreattrs;
-  %i18n;
-  prompt      %Text;         #IMPLIED
-  >
-
-<!--======================= Tables =======================================-->
-
-<!-- Derived from IETF HTML table standard, see [RFC1942] -->
-
-<!--
- The border attribute sets the thickness of the frame around the
- table. The default units are screen pixels.
-
- The frame attribute specifies which parts of the frame around
- the table should be rendered. The values are not the same as
- CALS to avoid a name clash with the valign attribute.
--->
-<!ENTITY % TFrame "(void|above|below|hsides|lhs|rhs|vsides|box|border)">
-
-<!--
- The rules attribute defines which rules to draw between cells:
-
- If rules is absent then assume:
-     "none" if border is absent or border="0" otherwise "all"
--->
-
-<!ENTITY % TRules "(none | groups | rows | cols | all)">
-  
-<!-- horizontal placement of table relative to document -->
-<!ENTITY % TAlign "(left|center|right)">
-
-<!-- horizontal alignment attributes for cell contents
-
-  char        alignment char, e.g. char=":"
-  charoff     offset for alignment char
--->
-<!ENTITY % cellhalign
-  "align      (left|center|right|justify|char) #IMPLIED
-   char       %Character;    #IMPLIED
-   charoff    %Length;       #IMPLIED"
-  >
-
-<!-- vertical alignment attributes for cell contents -->
-<!ENTITY % cellvalign
-  "valign     (top|middle|bottom|baseline) #IMPLIED"
-  >
-
-<!ELEMENT table
-     (caption?, (col*|colgroup*), thead?, tfoot?, (tbody+|tr+))>
-<!ELEMENT caption  %Inline;>
-<!ELEMENT thead    (tr)+>
-<!ELEMENT tfoot    (tr)+>
-<!ELEMENT tbody    (tr)+>
-<!ELEMENT colgroup (col)*>
-<!ELEMENT col      EMPTY>
-<!ELEMENT tr       (th|td)+>
-<!ELEMENT th       %Flow;>
-<!ELEMENT td       %Flow;>
-
-<!ATTLIST table
-  %attrs;
-  summary     %Text;         #IMPLIED
-  width       %Length;       #IMPLIED
-  border      %Pixels;       #IMPLIED
-  frame       %TFrame;       #IMPLIED
-  rules       %TRules;       #IMPLIED
-  cellspacing %Length;       #IMPLIED
-  cellpadding %Length;       #IMPLIED
-  align       %TAlign;       #IMPLIED
-  bgcolor     %Color;        #IMPLIED
-  >
-
-<!ENTITY % CAlign "(top|bottom|left|right)">
-
-<!ATTLIST caption
-  %attrs;
-  align       %CAlign;       #IMPLIED
-  >
-
-<!--
-colgroup groups a set of col elements. It allows you to group
-several semantically related columns together.
--->
-<!ATTLIST colgroup
-  %attrs;
-  span        %Number;       "1"
-  width       %MultiLength;  #IMPLIED
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!--
- col elements define the alignment properties for cells in
- one or more columns.
-
- The width attribute specifies the width of the columns, e.g.
-
-     width=64        width in screen pixels
-     width=0.5*      relative width of 0.5
-
- The span attribute causes the attributes of one
- col element to apply to more than one column.
--->
-<!ATTLIST col
-  %attrs;
-  span        %Number;       "1"
-  width       %MultiLength;  #IMPLIED
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!--
-    Use thead to duplicate headers when breaking table
-    across page boundaries, or for static headers when
-    tbody sections are rendered in scrolling panel.
-
-    Use tfoot to duplicate footers when breaking table
-    across page boundaries, or for static footers when
-    tbody sections are rendered in scrolling panel.
-
-    Use multiple tbody sections when rules are needed
-    between groups of table rows.
--->
-<!ATTLIST thead
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tfoot
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tbody
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tr
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  bgcolor     %Color;        #IMPLIED
-  >
-
-<!-- Scope is simpler than headers attribute for common tables -->
-<!ENTITY % Scope "(row|col|rowgroup|colgroup)">
-
-<!-- th is for headers, td for data and for cells acting as both -->
-
-<!ATTLIST th
-  %attrs;
-  abbr        %Text;         #IMPLIED
-  axis        CDATA          #IMPLIED
-  headers     IDREFS         #IMPLIED
-  scope       %Scope;        #IMPLIED
-  rowspan     %Number;       "1"
-  colspan     %Number;       "1"
-  %cellhalign;
-  %cellvalign;
-  nowrap      (nowrap)       #IMPLIED
-  bgcolor     %Color;        #IMPLIED
-  width       %Pixels;       #IMPLIED
-  height      %Pixels;       #IMPLIED
-  >
-
-<!ATTLIST td
-  %attrs;
-  abbr        %Text;         #IMPLIED
-  axis        CDATA          #IMPLIED
-  headers     IDREFS         #IMPLIED
-  scope       %Scope;        #IMPLIED
-  rowspan     %Number;       "1"
-  colspan     %Number;       "1"
-  %cellhalign;
-  %cellvalign;
-  nowrap      (nowrap)       #IMPLIED
-  bgcolor     %Color;        #IMPLIED
-  width       %Pixels;       #IMPLIED
-  height      %Pixels;       #IMPLIED
-  >
-
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-strict.dtd b/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-strict.dtd
deleted file mode 100644
index 2927b9ece7..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-strict.dtd
+++ /dev/null
@@ -1,978 +0,0 @@
-<!--
-   Extensible HTML version 1.0 Strict DTD
-
-   This is the same as HTML 4 Strict except for
-   changes due to the differences between XML and SGML.
-
-   Namespace = http://www.w3.org/1999/xhtml
-
-   For further information, see: http://www.w3.org/TR/xhtml1
-
-   Copyright (c) 1998-2002 W3C (MIT, INRIA, Keio),
-   All Rights Reserved. 
-
-   This DTD module is identified by the PUBLIC and SYSTEM identifiers:
-
-   PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-   SYSTEM "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
-
-   $Revision: 1.1 $
-   $Date: 2002/08/01 13:56:03 $
-
--->
-
-<!--================ Character mnemonic entities =========================-->
-
-<!ENTITY % HTMLlat1 PUBLIC
-   "-//W3C//ENTITIES Latin 1 for XHTML//EN"
-   "xhtml-lat1.ent">
-%HTMLlat1;
-
-<!ENTITY % HTMLsymbol PUBLIC
-   "-//W3C//ENTITIES Symbols for XHTML//EN"
-   "xhtml-symbol.ent">
-%HTMLsymbol;
-
-<!ENTITY % HTMLspecial PUBLIC
-   "-//W3C//ENTITIES Special for XHTML//EN"
-   "xhtml-special.ent">
-%HTMLspecial;
-
-<!--================== Imported Names ====================================-->
-
-<!ENTITY % ContentType "CDATA">
-    <!-- media type, as per [RFC2045] -->
-
-<!ENTITY % ContentTypes "CDATA">
-    <!-- comma-separated list of media types, as per [RFC2045] -->
-
-<!ENTITY % Charset "CDATA">
-    <!-- a character encoding, as per [RFC2045] -->
-
-<!ENTITY % Charsets "CDATA">
-    <!-- a space separated list of character encodings, as per [RFC2045] -->
-
-<!ENTITY % LanguageCode "NMTOKEN">
-    <!-- a language code, as per [RFC3066] -->
-
-<!ENTITY % Character "CDATA">
-    <!-- a single character, as per section 2.2 of [XML] -->
-
-<!ENTITY % Number "CDATA">
-    <!-- one or more digits -->
-
-<!ENTITY % LinkTypes "CDATA">
-    <!-- space-separated list of link types -->
-
-<!ENTITY % MediaDesc "CDATA">
-    <!-- single or comma-separated list of media descriptors -->
-
-<!ENTITY % URI "CDATA">
-    <!-- a Uniform Resource Identifier, see [RFC2396] -->
-
-<!ENTITY % UriList "CDATA">
-    <!-- a space separated list of Uniform Resource Identifiers -->
-
-<!ENTITY % Datetime "CDATA">
-    <!-- date and time information. ISO date format -->
-
-<!ENTITY % Script "CDATA">
-    <!-- script expression -->
-
-<!ENTITY % StyleSheet "CDATA">
-    <!-- style sheet data -->
-
-<!ENTITY % Text "CDATA">
-    <!-- used for titles etc. -->
-
-<!ENTITY % Length "CDATA">
-    <!-- nn for pixels or nn% for percentage length -->
-
-<!ENTITY % MultiLength "CDATA">
-    <!-- pixel, percentage, or relative -->
-
-<!ENTITY % Pixels "CDATA">
-    <!-- integer representing length in pixels -->
-
-<!-- these are used for image maps -->
-
-<!ENTITY % Shape "(rect|circle|poly|default)">
-
-<!ENTITY % Coords "CDATA">
-    <!-- comma separated list of lengths -->
-
-<!--=================== Generic Attributes ===============================-->
-
-<!-- core attributes common to most elements
-  id       document-wide unique id
-  class    space separated list of classes
-  style    associated style info
-  title    advisory title/amplification
--->
-<!ENTITY % coreattrs
- "id          ID             #IMPLIED
-  class       CDATA          #IMPLIED
-  style       %StyleSheet;   #IMPLIED
-  title       %Text;         #IMPLIED"
-  >
-
-<!-- internationalization attributes
-  lang        language code (backwards compatible)
-  xml:lang    language code (as per XML 1.0 spec)
-  dir         direction for weak/neutral text
--->
-<!ENTITY % i18n
- "lang        %LanguageCode; #IMPLIED
-  xml:lang    %LanguageCode; #IMPLIED
-  dir         (ltr|rtl)      #IMPLIED"
-  >
-
-<!-- attributes for common UI events
-  onclick     a pointer button was clicked
-  ondblclick  a pointer button was double clicked
-  onmousedown a pointer button was pressed down
-  onmouseup   a pointer button was released
-  onmousemove a pointer was moved onto the element
-  onmouseout  a pointer was moved away from the element
-  onkeypress  a key was pressed and released
-  onkeydown   a key was pressed down
-  onkeyup     a key was released
--->
-<!ENTITY % events
- "onclick     %Script;       #IMPLIED
-  ondblclick  %Script;       #IMPLIED
-  onmousedown %Script;       #IMPLIED
-  onmouseup   %Script;       #IMPLIED
-  onmouseover %Script;       #IMPLIED
-  onmousemove %Script;       #IMPLIED
-  onmouseout  %Script;       #IMPLIED
-  onkeypress  %Script;       #IMPLIED
-  onkeydown   %Script;       #IMPLIED
-  onkeyup     %Script;       #IMPLIED"
-  >
-
-<!-- attributes for elements that can get the focus
-  accesskey   accessibility key character
-  tabindex    position in tabbing order
-  onfocus     the element got the focus
-  onblur      the element lost the focus
--->
-<!ENTITY % focus
- "accesskey   %Character;    #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED"
-  >
-
-<!ENTITY % attrs "%coreattrs; %i18n; %events;">
-
-<!--=================== Text Elements ====================================-->
-
-<!ENTITY % special.pre
-   "br | span | bdo | map">
-
-
-<!ENTITY % special
-   "%special.pre; | object | img ">
-
-<!ENTITY % fontstyle "tt | i | b | big | small ">
-
-<!ENTITY % phrase "em | strong | dfn | code | q |
-                   samp | kbd | var | cite | abbr | acronym | sub | sup ">
-
-<!ENTITY % inline.forms "input | select | textarea | label | button">
-
-<!-- these can occur at block or inline level -->
-<!ENTITY % misc.inline "ins | del | script">
-
-<!-- these can only occur at block level -->
-<!ENTITY % misc "noscript | %misc.inline;">
-
-<!ENTITY % inline "a | %special; | %fontstyle; | %phrase; | %inline.forms;">
-
-<!-- %Inline; covers inline or "text-level" elements -->
-<!ENTITY % Inline "(#PCDATA | %inline; | %misc.inline;)*">
-
-<!--================== Block level elements ==============================-->
-
-<!ENTITY % heading "h1|h2|h3|h4|h5|h6">
-<!ENTITY % lists "ul | ol | dl">
-<!ENTITY % blocktext "pre | hr | blockquote | address">
-
-<!ENTITY % block
-     "p | %heading; | div | %lists; | %blocktext; | fieldset | table">
-
-<!ENTITY % Block "(%block; | form | %misc;)*">
-
-<!-- %Flow; mixes block and inline and is used for list items etc. -->
-<!ENTITY % Flow "(#PCDATA | %block; | form | %inline; | %misc;)*">
-
-<!--================== Content models for exclusions =====================-->
-
-<!-- a elements use %Inline; excluding a -->
-
-<!ENTITY % a.content
-   "(#PCDATA | %special; | %fontstyle; | %phrase; | %inline.forms; | %misc.inline;)*">
-
-<!-- pre uses %Inline excluding big, small, sup or sup -->
-
-<!ENTITY % pre.content
-   "(#PCDATA | a | %fontstyle; | %phrase; | %special.pre; | %misc.inline;
-      | %inline.forms;)*">
-
-<!-- form uses %Block; excluding form -->
-
-<!ENTITY % form.content "(%block; | %misc;)*">
-
-<!-- button uses %Flow; but excludes a, form and form controls -->
-
-<!ENTITY % button.content
-   "(#PCDATA | p | %heading; | div | %lists; | %blocktext; |
-    table | %special; | %fontstyle; | %phrase; | %misc;)*">
-
-<!--================ Document Structure ==================================-->
-
-<!-- the namespace URI designates the document profile -->
-
-<!ELEMENT html (head, body)>
-<!ATTLIST html
-  %i18n;
-  id          ID             #IMPLIED
-  xmlns       %URI;          #FIXED 'http://www.w3.org/1999/xhtml'
-  >
-
-<!--================ Document Head =======================================-->
-
-<!ENTITY % head.misc "(script|style|meta|link|object)*">
-
-<!-- content model is %head.misc; combined with a single
-     title and an optional base element in any order -->
-
-<!ELEMENT head (%head.misc;,
-     ((title, %head.misc;, (base, %head.misc;)?) |
-      (base, %head.misc;, (title, %head.misc;))))>
-
-<!ATTLIST head
-  %i18n;
-  id          ID             #IMPLIED
-  profile     %URI;          #IMPLIED
-  >
-
-<!-- The title element is not considered part of the flow of text.
-       It should be displayed, for example as the page header or
-       window title. Exactly one title is required per document.
-    -->
-<!ELEMENT title (#PCDATA)>
-<!ATTLIST title 
-  %i18n;
-  id          ID             #IMPLIED
-  >
-
-<!-- document base URI -->
-
-<!ELEMENT base EMPTY>
-<!ATTLIST base
-  href        %URI;          #REQUIRED
-  id          ID             #IMPLIED
-  >
-
-<!-- generic metainformation -->
-<!ELEMENT meta EMPTY>
-<!ATTLIST meta
-  %i18n;
-  id          ID             #IMPLIED
-  http-equiv  CDATA          #IMPLIED
-  name        CDATA          #IMPLIED
-  content     CDATA          #REQUIRED
-  scheme      CDATA          #IMPLIED
-  >
-
-<!--
-  Relationship values can be used in principle:
-
-   a) for document specific toolbars/menus when used
-      with the link element in document head e.g.
-        start, contents, previous, next, index, end, help
-   b) to link to a separate style sheet (rel="stylesheet")
-   c) to make a link to a script (rel="script")
-   d) by stylesheets to control how collections of
-      html nodes are rendered into printed documents
-   e) to make a link to a printable version of this document
-      e.g. a PostScript or PDF version (rel="alternate" media="print")
--->
-
-<!ELEMENT link EMPTY>
-<!ATTLIST link
-  %attrs;
-  charset     %Charset;      #IMPLIED
-  href        %URI;          #IMPLIED
-  hreflang    %LanguageCode; #IMPLIED
-  type        %ContentType;  #IMPLIED
-  rel         %LinkTypes;    #IMPLIED
-  rev         %LinkTypes;    #IMPLIED
-  media       %MediaDesc;    #IMPLIED
-  >
-
-<!-- style info, which may include CDATA sections -->
-<!ELEMENT style (#PCDATA)>
-<!ATTLIST style
-  %i18n;
-  id          ID             #IMPLIED
-  type        %ContentType;  #REQUIRED
-  media       %MediaDesc;    #IMPLIED
-  title       %Text;         #IMPLIED
-  xml:space   (preserve)     #FIXED 'preserve'
-  >
-
-<!-- script statements, which may include CDATA sections -->
-<!ELEMENT script (#PCDATA)>
-<!ATTLIST script
-  id          ID             #IMPLIED
-  charset     %Charset;      #IMPLIED
-  type        %ContentType;  #REQUIRED
-  src         %URI;          #IMPLIED
-  defer       (defer)        #IMPLIED
-  xml:space   (preserve)     #FIXED 'preserve'
-  >
-
-<!-- alternate content container for non script-based rendering -->
-
-<!ELEMENT noscript %Block;>
-<!ATTLIST noscript
-  %attrs;
-  >
-
-<!--=================== Document Body ====================================-->
-
-<!ELEMENT body %Block;>
-<!ATTLIST body
-  %attrs;
-  onload          %Script;   #IMPLIED
-  onunload        %Script;   #IMPLIED
-  >
-
-<!ELEMENT div %Flow;>  <!-- generic language/style container -->
-<!ATTLIST div
-  %attrs;
-  >
-
-<!--=================== Paragraphs =======================================-->
-
-<!ELEMENT p %Inline;>
-<!ATTLIST p
-  %attrs;
-  >
-
-<!--=================== Headings =========================================-->
-
-<!--
-  There are six levels of headings from h1 (the most important)
-  to h6 (the least important).
--->
-
-<!ELEMENT h1  %Inline;>
-<!ATTLIST h1
-   %attrs;
-   >
-
-<!ELEMENT h2 %Inline;>
-<!ATTLIST h2
-   %attrs;
-   >
-
-<!ELEMENT h3 %Inline;>
-<!ATTLIST h3
-   %attrs;
-   >
-
-<!ELEMENT h4 %Inline;>
-<!ATTLIST h4
-   %attrs;
-   >
-
-<!ELEMENT h5 %Inline;>
-<!ATTLIST h5
-   %attrs;
-   >
-
-<!ELEMENT h6 %Inline;>
-<!ATTLIST h6
-   %attrs;
-   >
-
-<!--=================== Lists ============================================-->
-
-<!-- Unordered list -->
-
-<!ELEMENT ul (li)+>
-<!ATTLIST ul
-  %attrs;
-  >
-
-<!-- Ordered (numbered) list -->
-
-<!ELEMENT ol (li)+>
-<!ATTLIST ol
-  %attrs;
-  >
-
-<!-- list item -->
-
-<!ELEMENT li %Flow;>
-<!ATTLIST li
-  %attrs;
-  >
-
-<!-- definition lists - dt for term, dd for its definition -->
-
-<!ELEMENT dl (dt|dd)+>
-<!ATTLIST dl
-  %attrs;
-  >
-
-<!ELEMENT dt %Inline;>
-<!ATTLIST dt
-  %attrs;
-  >
-
-<!ELEMENT dd %Flow;>
-<!ATTLIST dd
-  %attrs;
-  >
-
-<!--=================== Address ==========================================-->
-
-<!-- information on author -->
-
-<!ELEMENT address %Inline;>
-<!ATTLIST address
-  %attrs;
-  >
-
-<!--=================== Horizontal Rule ==================================-->
-
-<!ELEMENT hr EMPTY>
-<!ATTLIST hr
-  %attrs;
-  >
-
-<!--=================== Preformatted Text ================================-->
-
-<!-- content is %Inline; excluding "img|object|big|small|sub|sup" -->
-
-<!ELEMENT pre %pre.content;>
-<!ATTLIST pre
-  %attrs;
-  xml:space (preserve) #FIXED 'preserve'
-  >
-
-<!--=================== Block-like Quotes ================================-->
-
-<!ELEMENT blockquote %Block;>
-<!ATTLIST blockquote
-  %attrs;
-  cite        %URI;          #IMPLIED
-  >
-
-<!--=================== Inserted/Deleted Text ============================-->
-
-<!--
-  ins/del are allowed in block and inline content, but its
-  inappropriate to include block content within an ins element
-  occurring in inline content.
--->
-<!ELEMENT ins %Flow;>
-<!ATTLIST ins
-  %attrs;
-  cite        %URI;          #IMPLIED
-  datetime    %Datetime;     #IMPLIED
-  >
-
-<!ELEMENT del %Flow;>
-<!ATTLIST del
-  %attrs;
-  cite        %URI;          #IMPLIED
-  datetime    %Datetime;     #IMPLIED
-  >
-
-<!--================== The Anchor Element ================================-->
-
-<!-- content is %Inline; except that anchors shouldn't be nested -->
-
-<!ELEMENT a %a.content;>
-<!ATTLIST a
-  %attrs;
-  %focus;
-  charset     %Charset;      #IMPLIED
-  type        %ContentType;  #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  href        %URI;          #IMPLIED
-  hreflang    %LanguageCode; #IMPLIED
-  rel         %LinkTypes;    #IMPLIED
-  rev         %LinkTypes;    #IMPLIED
-  shape       %Shape;        "rect"
-  coords      %Coords;       #IMPLIED
-  >
-
-<!--===================== Inline Elements ================================-->
-
-<!ELEMENT span %Inline;> <!-- generic language/style container -->
-<!ATTLIST span
-  %attrs;
-  >
-
-<!ELEMENT bdo %Inline;>  <!-- I18N BiDi over-ride -->
-<!ATTLIST bdo
-  %coreattrs;
-  %events;
-  lang        %LanguageCode; #IMPLIED
-  xml:lang    %LanguageCode; #IMPLIED
-  dir         (ltr|rtl)      #REQUIRED
-  >
-
-<!ELEMENT br EMPTY>   <!-- forced line break -->
-<!ATTLIST br
-  %coreattrs;
-  >
-
-<!ELEMENT em %Inline;>   <!-- emphasis -->
-<!ATTLIST em %attrs;>
-
-<!ELEMENT strong %Inline;>   <!-- strong emphasis -->
-<!ATTLIST strong %attrs;>
-
-<!ELEMENT dfn %Inline;>   <!-- definitional -->
-<!ATTLIST dfn %attrs;>
-
-<!ELEMENT code %Inline;>   <!-- program code -->
-<!ATTLIST code %attrs;>
-
-<!ELEMENT samp %Inline;>   <!-- sample -->
-<!ATTLIST samp %attrs;>
-
-<!ELEMENT kbd %Inline;>  <!-- something user would type -->
-<!ATTLIST kbd %attrs;>
-
-<!ELEMENT var %Inline;>   <!-- variable -->
-<!ATTLIST var %attrs;>
-
-<!ELEMENT cite %Inline;>   <!-- citation -->
-<!ATTLIST cite %attrs;>
-
-<!ELEMENT abbr %Inline;>   <!-- abbreviation -->
-<!ATTLIST abbr %attrs;>
-
-<!ELEMENT acronym %Inline;>   <!-- acronym -->
-<!ATTLIST acronym %attrs;>
-
-<!ELEMENT q %Inline;>   <!-- inlined quote -->
-<!ATTLIST q
-  %attrs;
-  cite        %URI;          #IMPLIED
-  >
-
-<!ELEMENT sub %Inline;> <!-- subscript -->
-<!ATTLIST sub %attrs;>
-
-<!ELEMENT sup %Inline;> <!-- superscript -->
-<!ATTLIST sup %attrs;>
-
-<!ELEMENT tt %Inline;>   <!-- fixed pitch font -->
-<!ATTLIST tt %attrs;>
-
-<!ELEMENT i %Inline;>   <!-- italic font -->
-<!ATTLIST i %attrs;>
-
-<!ELEMENT b %Inline;>   <!-- bold font -->
-<!ATTLIST b %attrs;>
-
-<!ELEMENT big %Inline;>   <!-- bigger font -->
-<!ATTLIST big %attrs;>
-
-<!ELEMENT small %Inline;>   <!-- smaller font -->
-<!ATTLIST small %attrs;>
-
-<!--==================== Object ======================================-->
-<!--
-  object is used to embed objects as part of HTML pages.
-  param elements should precede other content. Parameters
-  can also be expressed as attribute/value pairs on the
-  object element itself when brevity is desired.
--->
-
-<!ELEMENT object (#PCDATA | param | %block; | form | %inline; | %misc;)*>
-<!ATTLIST object
-  %attrs;
-  declare     (declare)      #IMPLIED
-  classid     %URI;          #IMPLIED
-  codebase    %URI;          #IMPLIED
-  data        %URI;          #IMPLIED
-  type        %ContentType;  #IMPLIED
-  codetype    %ContentType;  #IMPLIED
-  archive     %UriList;      #IMPLIED
-  standby     %Text;         #IMPLIED
-  height      %Length;       #IMPLIED
-  width       %Length;       #IMPLIED
-  usemap      %URI;          #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  >
-
-<!--
-  param is used to supply a named property value.
-  In XML it would seem natural to follow RDF and support an
-  abbreviated syntax where the param elements are replaced
-  by attribute value pairs on the object start tag.
--->
-<!ELEMENT param EMPTY>
-<!ATTLIST param
-  id          ID             #IMPLIED
-  name        CDATA          #IMPLIED
-  value       CDATA          #IMPLIED
-  valuetype   (data|ref|object) "data"
-  type        %ContentType;  #IMPLIED
-  >
-
-<!--=================== Images ===========================================-->
-
-<!--
-   To avoid accessibility problems for people who aren't
-   able to see the image, you should provide a text
-   description using the alt and longdesc attributes.
-   In addition, avoid the use of server-side image maps.
-   Note that in this DTD there is no name attribute. That
-   is only available in the transitional and frameset DTD.
--->
-
-<!ELEMENT img EMPTY>
-<!ATTLIST img
-  %attrs;
-  src         %URI;          #REQUIRED
-  alt         %Text;         #REQUIRED
-  longdesc    %URI;          #IMPLIED
-  height      %Length;       #IMPLIED
-  width       %Length;       #IMPLIED
-  usemap      %URI;          #IMPLIED
-  ismap       (ismap)        #IMPLIED
-  >
-
-<!-- usemap points to a map element which may be in this document
-  or an external document, although the latter is not widely supported -->
-
-<!--================== Client-side image maps ============================-->
-
-<!-- These can be placed in the same document or grouped in a
-     separate document although this isn't yet widely supported -->
-
-<!ELEMENT map ((%block; | form | %misc;)+ | area+)>
-<!ATTLIST map
-  %i18n;
-  %events;
-  id          ID             #REQUIRED
-  class       CDATA          #IMPLIED
-  style       %StyleSheet;   #IMPLIED
-  title       %Text;         #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  >
-
-<!ELEMENT area EMPTY>
-<!ATTLIST area
-  %attrs;
-  %focus;
-  shape       %Shape;        "rect"
-  coords      %Coords;       #IMPLIED
-  href        %URI;          #IMPLIED
-  nohref      (nohref)       #IMPLIED
-  alt         %Text;         #REQUIRED
-  >
-
-<!--================ Forms ===============================================-->
-<!ELEMENT form %form.content;>   <!-- forms shouldn't be nested -->
-
-<!ATTLIST form
-  %attrs;
-  action      %URI;          #REQUIRED
-  method      (get|post)     "get"
-  enctype     %ContentType;  "application/x-www-form-urlencoded"
-  onsubmit    %Script;       #IMPLIED
-  onreset     %Script;       #IMPLIED
-  accept      %ContentTypes; #IMPLIED
-  accept-charset %Charsets;  #IMPLIED
-  >
-
-<!--
-  Each label must not contain more than ONE field
-  Label elements shouldn't be nested.
--->
-<!ELEMENT label %Inline;>
-<!ATTLIST label
-  %attrs;
-  for         IDREF          #IMPLIED
-  accesskey   %Character;    #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED
-  >
-
-<!ENTITY % InputType
-  "(text | password | checkbox |
-    radio | submit | reset |
-    file | hidden | image | button)"
-   >
-
-<!-- the name attribute is required for all but submit & reset -->
-
-<!ELEMENT input EMPTY>     <!-- form control -->
-<!ATTLIST input
-  %attrs;
-  %focus;
-  type        %InputType;    "text"
-  name        CDATA          #IMPLIED
-  value       CDATA          #IMPLIED
-  checked     (checked)      #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  readonly    (readonly)     #IMPLIED
-  size        CDATA          #IMPLIED
-  maxlength   %Number;       #IMPLIED
-  src         %URI;          #IMPLIED
-  alt         CDATA          #IMPLIED
-  usemap      %URI;          #IMPLIED
-  onselect    %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  accept      %ContentTypes; #IMPLIED
-  >
-
-<!ELEMENT select (optgroup|option)+>  <!-- option selector -->
-<!ATTLIST select
-  %attrs;
-  name        CDATA          #IMPLIED
-  size        %Number;       #IMPLIED
-  multiple    (multiple)     #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  >
-
-<!ELEMENT optgroup (option)+>   <!-- option group -->
-<!ATTLIST optgroup
-  %attrs;
-  disabled    (disabled)     #IMPLIED
-  label       %Text;         #REQUIRED
-  >
-
-<!ELEMENT option (#PCDATA)>     <!-- selectable choice -->
-<!ATTLIST option
-  %attrs;
-  selected    (selected)     #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  label       %Text;         #IMPLIED
-  value       CDATA          #IMPLIED
-  >
-
-<!ELEMENT textarea (#PCDATA)>     <!-- multi-line text field -->
-<!ATTLIST textarea
-  %attrs;
-  %focus;
-  name        CDATA          #IMPLIED
-  rows        %Number;       #REQUIRED
-  cols        %Number;       #REQUIRED
-  disabled    (disabled)     #IMPLIED
-  readonly    (readonly)     #IMPLIED
-  onselect    %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  >
-
-<!--
-  The fieldset element is used to group form fields.
-  Only one legend element should occur in the content
-  and if present should only be preceded by whitespace.
--->
-<!ELEMENT fieldset (#PCDATA | legend | %block; | form | %inline; | %misc;)*>
-<!ATTLIST fieldset
-  %attrs;
-  >
-
-<!ELEMENT legend %Inline;>     <!-- fieldset label -->
-<!ATTLIST legend
-  %attrs;
-  accesskey   %Character;    #IMPLIED
-  >
-
-<!--
- Content is %Flow; excluding a, form and form controls
---> 
-<!ELEMENT button %button.content;>  <!-- push button -->
-<!ATTLIST button
-  %attrs;
-  %focus;
-  name        CDATA          #IMPLIED
-  value       CDATA          #IMPLIED
-  type        (button|submit|reset) "submit"
-  disabled    (disabled)     #IMPLIED
-  >
-
-<!--======================= Tables =======================================-->
-
-<!-- Derived from IETF HTML table standard, see [RFC1942] -->
-
-<!--
- The border attribute sets the thickness of the frame around the
- table. The default units are screen pixels.
-
- The frame attribute specifies which parts of the frame around
- the table should be rendered. The values are not the same as
- CALS to avoid a name clash with the valign attribute.
--->
-<!ENTITY % TFrame "(void|above|below|hsides|lhs|rhs|vsides|box|border)">
-
-<!--
- The rules attribute defines which rules to draw between cells:
-
- If rules is absent then assume:
-     "none" if border is absent or border="0" otherwise "all"
--->
-
-<!ENTITY % TRules "(none | groups | rows | cols | all)">
-  
-<!-- horizontal alignment attributes for cell contents
-
-  char        alignment char, e.g. char=':'
-  charoff     offset for alignment char
--->
-<!ENTITY % cellhalign
-  "align      (left|center|right|justify|char) #IMPLIED
-   char       %Character;    #IMPLIED
-   charoff    %Length;       #IMPLIED"
-  >
-
-<!-- vertical alignment attributes for cell contents -->
-<!ENTITY % cellvalign
-  "valign     (top|middle|bottom|baseline) #IMPLIED"
-  >
-
-<!ELEMENT table
-     (caption?, (col*|colgroup*), thead?, tfoot?, (tbody+|tr+))>
-<!ELEMENT caption  %Inline;>
-<!ELEMENT thead    (tr)+>
-<!ELEMENT tfoot    (tr)+>
-<!ELEMENT tbody    (tr)+>
-<!ELEMENT colgroup (col)*>
-<!ELEMENT col      EMPTY>
-<!ELEMENT tr       (th|td)+>
-<!ELEMENT th       %Flow;>
-<!ELEMENT td       %Flow;>
-
-<!ATTLIST table
-  %attrs;
-  summary     %Text;         #IMPLIED
-  width       %Length;       #IMPLIED
-  border      %Pixels;       #IMPLIED
-  frame       %TFrame;       #IMPLIED
-  rules       %TRules;       #IMPLIED
-  cellspacing %Length;       #IMPLIED
-  cellpadding %Length;       #IMPLIED
-  >
-
-<!ATTLIST caption
-  %attrs;
-  >
-
-<!--
-colgroup groups a set of col elements. It allows you to group
-several semantically related columns together.
--->
-<!ATTLIST colgroup
-  %attrs;
-  span        %Number;       "1"
-  width       %MultiLength;  #IMPLIED
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!--
- col elements define the alignment properties for cells in
- one or more columns.
-
- The width attribute specifies the width of the columns, e.g.
-
-     width=64        width in screen pixels
-     width=0.5*      relative width of 0.5
-
- The span attribute causes the attributes of one
- col element to apply to more than one column.
--->
-<!ATTLIST col
-  %attrs;
-  span        %Number;       "1"
-  width       %MultiLength;  #IMPLIED
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!--
-    Use thead to duplicate headers when breaking table
-    across page boundaries, or for static headers when
-    tbody sections are rendered in scrolling panel.
-
-    Use tfoot to duplicate footers when breaking table
-    across page boundaries, or for static footers when
-    tbody sections are rendered in scrolling panel.
-
-    Use multiple tbody sections when rules are needed
-    between groups of table rows.
--->
-<!ATTLIST thead
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tfoot
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tbody
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tr
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-
-<!-- Scope is simpler than headers attribute for common tables -->
-<!ENTITY % Scope "(row|col|rowgroup|colgroup)">
-
-<!-- th is for headers, td for data and for cells acting as both -->
-
-<!ATTLIST th
-  %attrs;
-  abbr        %Text;         #IMPLIED
-  axis        CDATA          #IMPLIED
-  headers     IDREFS         #IMPLIED
-  scope       %Scope;        #IMPLIED
-  rowspan     %Number;       "1"
-  colspan     %Number;       "1"
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST td
-  %attrs;
-  abbr        %Text;         #IMPLIED
-  axis        CDATA          #IMPLIED
-  headers     IDREFS         #IMPLIED
-  scope       %Scope;        #IMPLIED
-  rowspan     %Number;       "1"
-  colspan     %Number;       "1"
-  %cellhalign;
-  %cellvalign;
-  >
-
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-transitional.dtd b/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-transitional.dtd
deleted file mode 100644
index 628f27ac50..0000000000
--- a/lib/erl_docgen/priv/docbuilder_dtd/xhtml1-transitional.dtd
+++ /dev/null
@@ -1,1201 +0,0 @@
-<!--
-   Extensible HTML version 1.0 Transitional DTD
-
-   This is the same as HTML 4 Transitional except for
-   changes due to the differences between XML and SGML.
-
-   Namespace = http://www.w3.org/1999/xhtml
-
-   For further information, see: http://www.w3.org/TR/xhtml1
-
-   Copyright (c) 1998-2002 W3C (MIT, INRIA, Keio),
-   All Rights Reserved. 
-
-   This DTD module is identified by the PUBLIC and SYSTEM identifiers:
-
-   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-   SYSTEM "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
-
-   $Revision: 1.2 $
-   $Date: 2002/08/01 18:37:55 $
-
--->
-
-<!--================ Character mnemonic entities =========================-->
-
-<!ENTITY % HTMLlat1 PUBLIC
-   "-//W3C//ENTITIES Latin 1 for XHTML//EN"
-   "xhtml-lat1.ent">
-%HTMLlat1;
-
-<!ENTITY % HTMLsymbol PUBLIC
-   "-//W3C//ENTITIES Symbols for XHTML//EN"
-   "xhtml-symbol.ent">
-%HTMLsymbol;
-
-<!ENTITY % HTMLspecial PUBLIC
-   "-//W3C//ENTITIES Special for XHTML//EN"
-   "xhtml-special.ent">
-%HTMLspecial;
-
-<!--================== Imported Names ====================================-->
-
-<!ENTITY % ContentType "CDATA">
-    <!-- media type, as per [RFC2045] -->
-
-<!ENTITY % ContentTypes "CDATA">
-    <!-- comma-separated list of media types, as per [RFC2045] -->
-
-<!ENTITY % Charset "CDATA">
-    <!-- a character encoding, as per [RFC2045] -->
-
-<!ENTITY % Charsets "CDATA">
-    <!-- a space separated list of character encodings, as per [RFC2045] -->
-
-<!ENTITY % LanguageCode "NMTOKEN">
-    <!-- a language code, as per [RFC3066] -->
-
-<!ENTITY % Character "CDATA">
-    <!-- a single character, as per section 2.2 of [XML] -->
-
-<!ENTITY % Number "CDATA">
-    <!-- one or more digits -->
-
-<!ENTITY % LinkTypes "CDATA">
-    <!-- space-separated list of link types -->
-
-<!ENTITY % MediaDesc "CDATA">
-    <!-- single or comma-separated list of media descriptors -->
-
-<!ENTITY % URI "CDATA">
-    <!-- a Uniform Resource Identifier, see [RFC2396] -->
-
-<!ENTITY % UriList "CDATA">
-    <!-- a space separated list of Uniform Resource Identifiers -->
-
-<!ENTITY % Datetime "CDATA">
-    <!-- date and time information. ISO date format -->
-
-<!ENTITY % Script "CDATA">
-    <!-- script expression -->
-
-<!ENTITY % StyleSheet "CDATA">
-    <!-- style sheet data -->
-
-<!ENTITY % Text "CDATA">
-    <!-- used for titles etc. -->
-
-<!ENTITY % FrameTarget "NMTOKEN">
-    <!-- render in this frame -->
-
-<!ENTITY % Length "CDATA">
-    <!-- nn for pixels or nn% for percentage length -->
-
-<!ENTITY % MultiLength "CDATA">
-    <!-- pixel, percentage, or relative -->
-
-<!ENTITY % Pixels "CDATA">
-    <!-- integer representing length in pixels -->
-
-<!-- these are used for image maps -->
-
-<!ENTITY % Shape "(rect|circle|poly|default)">
-
-<!ENTITY % Coords "CDATA">
-    <!-- comma separated list of lengths -->
-
-<!-- used for object, applet, img, input and iframe -->
-<!ENTITY % ImgAlign "(top|middle|bottom|left|right)">
-
-<!-- a color using sRGB: #RRGGBB as Hex values -->
-<!ENTITY % Color "CDATA">
-
-<!-- There are also 16 widely known color names with their sRGB values:
-
-    Black  = #000000    Green  = #008000
-    Silver = #C0C0C0    Lime   = #00FF00
-    Gray   = #808080    Olive  = #808000
-    White  = #FFFFFF    Yellow = #FFFF00
-    Maroon = #800000    Navy   = #000080
-    Red    = #FF0000    Blue   = #0000FF
-    Purple = #800080    Teal   = #008080
-    Fuchsia= #FF00FF    Aqua   = #00FFFF
--->
-
-<!--=================== Generic Attributes ===============================-->
-
-<!-- core attributes common to most elements
-  id       document-wide unique id
-  class    space separated list of classes
-  style    associated style info
-  title    advisory title/amplification
--->
-<!ENTITY % coreattrs
- "id          ID             #IMPLIED
-  class       CDATA          #IMPLIED
-  style       %StyleSheet;   #IMPLIED
-  title       %Text;         #IMPLIED"
-  >
-
-<!-- internationalization attributes
-  lang        language code (backwards compatible)
-  xml:lang    language code (as per XML 1.0 spec)
-  dir         direction for weak/neutral text
--->
-<!ENTITY % i18n
- "lang        %LanguageCode; #IMPLIED
-  xml:lang    %LanguageCode; #IMPLIED
-  dir         (ltr|rtl)      #IMPLIED"
-  >
-
-<!-- attributes for common UI events
-  onclick     a pointer button was clicked
-  ondblclick  a pointer button was double clicked
-  onmousedown a pointer button was pressed down
-  onmouseup   a pointer button was released
-  onmousemove a pointer was moved onto the element
-  onmouseout  a pointer was moved away from the element
-  onkeypress  a key was pressed and released
-  onkeydown   a key was pressed down
-  onkeyup     a key was released
--->
-<!ENTITY % events
- "onclick     %Script;       #IMPLIED
-  ondblclick  %Script;       #IMPLIED
-  onmousedown %Script;       #IMPLIED
-  onmouseup   %Script;       #IMPLIED
-  onmouseover %Script;       #IMPLIED
-  onmousemove %Script;       #IMPLIED
-  onmouseout  %Script;       #IMPLIED
-  onkeypress  %Script;       #IMPLIED
-  onkeydown   %Script;       #IMPLIED
-  onkeyup     %Script;       #IMPLIED"
-  >
-
-<!-- attributes for elements that can get the focus
-  accesskey   accessibility key character
-  tabindex    position in tabbing order
-  onfocus     the element got the focus
-  onblur      the element lost the focus
--->
-<!ENTITY % focus
- "accesskey   %Character;    #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED"
-  >
-
-<!ENTITY % attrs "%coreattrs; %i18n; %events;">
-
-<!-- text alignment for p, div, h1-h6. The default is
-     align="left" for ltr headings, "right" for rtl -->
-
-<!ENTITY % TextAlign "align (left|center|right|justify) #IMPLIED">
-
-<!--=================== Text Elements ====================================-->
-
-<!ENTITY % special.extra
-   "object | applet | img | map | iframe">
-	
-<!ENTITY % special.basic
-	"br | span | bdo">
-
-<!ENTITY % special
-   "%special.basic; | %special.extra;">
-
-<!ENTITY % fontstyle.extra "big | small | font | basefont">
-
-<!ENTITY % fontstyle.basic "tt | i | b | u
-                      | s | strike ">
-
-<!ENTITY % fontstyle "%fontstyle.basic; | %fontstyle.extra;">
-
-<!ENTITY % phrase.extra "sub | sup">
-<!ENTITY % phrase.basic "em | strong | dfn | code | q |
-                   samp | kbd | var | cite | abbr | acronym">
-
-<!ENTITY % phrase "%phrase.basic; | %phrase.extra;">
-
-<!ENTITY % inline.forms "input | select | textarea | label | button">
-
-<!-- these can occur at block or inline level -->
-<!ENTITY % misc.inline "ins | del | script">
-
-<!-- these can only occur at block level -->
-<!ENTITY % misc "noscript | %misc.inline;">
-
-<!ENTITY % inline "a | %special; | %fontstyle; | %phrase; | %inline.forms;">
-
-<!-- %Inline; covers inline or "text-level" elements -->
-<!ENTITY % Inline "(#PCDATA | %inline; | %misc.inline;)*">
-
-<!--================== Block level elements ==============================-->
-
-<!ENTITY % heading "h1|h2|h3|h4|h5|h6">
-<!ENTITY % lists "ul | ol | dl | menu | dir">
-<!ENTITY % blocktext "pre | hr | blockquote | address | center | noframes">
-
-<!ENTITY % block
-    "p | %heading; | div | %lists; | %blocktext; | isindex |fieldset | table">
-
-<!-- %Flow; mixes block and inline and is used for list items etc. -->
-<!ENTITY % Flow "(#PCDATA | %block; | form | %inline; | %misc;)*">
-
-<!--================== Content models for exclusions =====================-->
-
-<!-- a elements use %Inline; excluding a -->
-
-<!ENTITY % a.content
-   "(#PCDATA | %special; | %fontstyle; | %phrase; | %inline.forms; | %misc.inline;)*">
-
-<!-- pre uses %Inline excluding img, object, applet, big, small,
-     font, or basefont -->
-
-<!ENTITY % pre.content
-   "(#PCDATA | a | %special.basic; | %fontstyle.basic; | %phrase.basic; |
-	   %inline.forms; | %misc.inline;)*">
-
-<!-- form uses %Flow; excluding form -->
-
-<!ENTITY % form.content "(#PCDATA | %block; | %inline; | %misc;)*">
-
-<!-- button uses %Flow; but excludes a, form, form controls, iframe -->
-
-<!ENTITY % button.content
-   "(#PCDATA | p | %heading; | div | %lists; | %blocktext; |
-      table | br | span | bdo | object | applet | img | map |
-      %fontstyle; | %phrase; | %misc;)*">
-
-<!--================ Document Structure ==================================-->
-
-<!-- the namespace URI designates the document profile -->
-
-<!ELEMENT html (head, body)>
-<!ATTLIST html
-  %i18n;
-  id          ID             #IMPLIED
-  xmlns       %URI;          #FIXED 'http://www.w3.org/1999/xhtml'
-  >
-
-<!--================ Document Head =======================================-->
-
-<!ENTITY % head.misc "(script|style|meta|link|object|isindex)*">
-
-<!-- content model is %head.misc; combined with a single
-     title and an optional base element in any order -->
-
-<!ELEMENT head (%head.misc;,
-     ((title, %head.misc;, (base, %head.misc;)?) |
-      (base, %head.misc;, (title, %head.misc;))))>
-
-<!ATTLIST head
-  %i18n;
-  id          ID             #IMPLIED
-  profile     %URI;          #IMPLIED
-  >
-
-<!-- The title element is not considered part of the flow of text.
-       It should be displayed, for example as the page header or
-       window title. Exactly one title is required per document.
-    -->
-<!ELEMENT title (#PCDATA)>
-<!ATTLIST title 
-  %i18n;
-  id          ID             #IMPLIED
-  >
-
-<!-- document base URI -->
-
-<!ELEMENT base EMPTY>
-<!ATTLIST base
-  id          ID             #IMPLIED
-  href        %URI;          #IMPLIED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!-- generic metainformation -->
-<!ELEMENT meta EMPTY>
-<!ATTLIST meta
-  %i18n;
-  id          ID             #IMPLIED
-  http-equiv  CDATA          #IMPLIED
-  name        CDATA          #IMPLIED
-  content     CDATA          #REQUIRED
-  scheme      CDATA          #IMPLIED
-  >
-
-<!--
-  Relationship values can be used in principle:
-
-   a) for document specific toolbars/menus when used
-      with the link element in document head e.g.
-        start, contents, previous, next, index, end, help
-   b) to link to a separate style sheet (rel="stylesheet")
-   c) to make a link to a script (rel="script")
-   d) by stylesheets to control how collections of
-      html nodes are rendered into printed documents
-   e) to make a link to a printable version of this document
-      e.g. a PostScript or PDF version (rel="alternate" media="print")
--->
-
-<!ELEMENT link EMPTY>
-<!ATTLIST link
-  %attrs;
-  charset     %Charset;      #IMPLIED
-  href        %URI;          #IMPLIED
-  hreflang    %LanguageCode; #IMPLIED
-  type        %ContentType;  #IMPLIED
-  rel         %LinkTypes;    #IMPLIED
-  rev         %LinkTypes;    #IMPLIED
-  media       %MediaDesc;    #IMPLIED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!-- style info, which may include CDATA sections -->
-<!ELEMENT style (#PCDATA)>
-<!ATTLIST style
-  %i18n;
-  id          ID             #IMPLIED
-  type        %ContentType;  #REQUIRED
-  media       %MediaDesc;    #IMPLIED
-  title       %Text;         #IMPLIED
-  xml:space   (preserve)     #FIXED 'preserve'
-  >
-
-<!-- script statements, which may include CDATA sections -->
-<!ELEMENT script (#PCDATA)>
-<!ATTLIST script
-  id          ID             #IMPLIED
-  charset     %Charset;      #IMPLIED
-  type        %ContentType;  #REQUIRED
-  language    CDATA          #IMPLIED
-  src         %URI;          #IMPLIED
-  defer       (defer)        #IMPLIED
-  xml:space   (preserve)     #FIXED 'preserve'
-  >
-
-<!-- alternate content container for non script-based rendering -->
-
-<!ELEMENT noscript %Flow;>
-<!ATTLIST noscript
-  %attrs;
-  >
-
-<!--======================= Frames =======================================-->
-
-<!-- inline subwindow -->
-
-<!ELEMENT iframe %Flow;>
-<!ATTLIST iframe
-  %coreattrs;
-  longdesc    %URI;          #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  src         %URI;          #IMPLIED
-  frameborder (1|0)          "1"
-  marginwidth %Pixels;       #IMPLIED
-  marginheight %Pixels;      #IMPLIED
-  scrolling   (yes|no|auto)  "auto"
-  align       %ImgAlign;     #IMPLIED
-  height      %Length;       #IMPLIED
-  width       %Length;       #IMPLIED
-  >
-
-<!-- alternate content container for non frame-based rendering -->
-
-<!ELEMENT noframes %Flow;>
-<!ATTLIST noframes
-  %attrs;
-  >
-
-<!--=================== Document Body ====================================-->
-
-<!ELEMENT body %Flow;>
-<!ATTLIST body
-  %attrs;
-  onload      %Script;       #IMPLIED
-  onunload    %Script;       #IMPLIED
-  background  %URI;          #IMPLIED
-  bgcolor     %Color;        #IMPLIED
-  text        %Color;        #IMPLIED
-  link        %Color;        #IMPLIED
-  vlink       %Color;        #IMPLIED
-  alink       %Color;        #IMPLIED
-  >
-
-<!ELEMENT div %Flow;>  <!-- generic language/style container -->
-<!ATTLIST div
-  %attrs;
-  %TextAlign;
-  >
-
-<!--=================== Paragraphs =======================================-->
-
-<!ELEMENT p %Inline;>
-<!ATTLIST p
-  %attrs;
-  %TextAlign;
-  >
-
-<!--=================== Headings =========================================-->
-
-<!--
-  There are six levels of headings from h1 (the most important)
-  to h6 (the least important).
--->
-
-<!ELEMENT h1  %Inline;>
-<!ATTLIST h1
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h2 %Inline;>
-<!ATTLIST h2
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h3 %Inline;>
-<!ATTLIST h3
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h4 %Inline;>
-<!ATTLIST h4
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h5 %Inline;>
-<!ATTLIST h5
-  %attrs;
-  %TextAlign;
-  >
-
-<!ELEMENT h6 %Inline;>
-<!ATTLIST h6
-  %attrs;
-  %TextAlign;
-  >
-
-<!--=================== Lists ============================================-->
-
-<!-- Unordered list bullet styles -->
-
-<!ENTITY % ULStyle "(disc|square|circle)">
-
-<!-- Unordered list -->
-
-<!ELEMENT ul (li)+>
-<!ATTLIST ul
-  %attrs;
-  type        %ULStyle;     #IMPLIED
-  compact     (compact)     #IMPLIED
-  >
-
-<!-- Ordered list numbering style
-
-    1   arabic numbers      1, 2, 3, ...
-    a   lower alpha         a, b, c, ...
-    A   upper alpha         A, B, C, ...
-    i   lower roman         i, ii, iii, ...
-    I   upper roman         I, II, III, ...
-
-    The style is applied to the sequence number which by default
-    is reset to 1 for the first list item in an ordered list.
--->
-<!ENTITY % OLStyle "CDATA">
-
-<!-- Ordered (numbered) list -->
-
-<!ELEMENT ol (li)+>
-<!ATTLIST ol
-  %attrs;
-  type        %OLStyle;      #IMPLIED
-  compact     (compact)      #IMPLIED
-  start       %Number;       #IMPLIED
-  >
-
-<!-- single column list (DEPRECATED) --> 
-<!ELEMENT menu (li)+>
-<!ATTLIST menu
-  %attrs;
-  compact     (compact)     #IMPLIED
-  >
-
-<!-- multiple column list (DEPRECATED) --> 
-<!ELEMENT dir (li)+>
-<!ATTLIST dir
-  %attrs;
-  compact     (compact)     #IMPLIED
-  >
-
-<!-- LIStyle is constrained to: "(%ULStyle;|%OLStyle;)" -->
-<!ENTITY % LIStyle "CDATA">
-
-<!-- list item -->
-
-<!ELEMENT li %Flow;>
-<!ATTLIST li
-  %attrs;
-  type        %LIStyle;      #IMPLIED
-  value       %Number;       #IMPLIED
-  >
-
-<!-- definition lists - dt for term, dd for its definition -->
-
-<!ELEMENT dl (dt|dd)+>
-<!ATTLIST dl
-  %attrs;
-  compact     (compact)      #IMPLIED
-  >
-
-<!ELEMENT dt %Inline;>
-<!ATTLIST dt
-  %attrs;
-  >
-
-<!ELEMENT dd %Flow;>
-<!ATTLIST dd
-  %attrs;
-  >
-
-<!--=================== Address ==========================================-->
-
-<!-- information on author -->
-
-<!ELEMENT address (#PCDATA | %inline; | %misc.inline; | p)*>
-<!ATTLIST address
-  %attrs;
-  >
-
-<!--=================== Horizontal Rule ==================================-->
-
-<!ELEMENT hr EMPTY>
-<!ATTLIST hr
-  %attrs;
-  align       (left|center|right) #IMPLIED
-  noshade     (noshade)      #IMPLIED
-  size        %Pixels;       #IMPLIED
-  width       %Length;       #IMPLIED
-  >
-
-<!--=================== Preformatted Text ================================-->
-
-<!-- content is %Inline; excluding 
-        "img|object|applet|big|small|sub|sup|font|basefont" -->
-
-<!ELEMENT pre %pre.content;>
-<!ATTLIST pre
-  %attrs;
-  width       %Number;      #IMPLIED
-  xml:space   (preserve)    #FIXED 'preserve'
-  >
-
-<!--=================== Block-like Quotes ================================-->
-
-<!ELEMENT blockquote %Flow;>
-<!ATTLIST blockquote
-  %attrs;
-  cite        %URI;          #IMPLIED
-  >
-
-<!--=================== Text alignment ===================================-->
-
-<!-- center content -->
-<!ELEMENT center %Flow;>
-<!ATTLIST center
-  %attrs;
-  >
-
-<!--=================== Inserted/Deleted Text ============================-->
-
-<!--
-  ins/del are allowed in block and inline content, but its
-  inappropriate to include block content within an ins element
-  occurring in inline content.
--->
-<!ELEMENT ins %Flow;>
-<!ATTLIST ins
-  %attrs;
-  cite        %URI;          #IMPLIED
-  datetime    %Datetime;     #IMPLIED
-  >
-
-<!ELEMENT del %Flow;>
-<!ATTLIST del
-  %attrs;
-  cite        %URI;          #IMPLIED
-  datetime    %Datetime;     #IMPLIED
-  >
-
-<!--================== The Anchor Element ================================-->
-
-<!-- content is %Inline; except that anchors shouldn't be nested -->
-
-<!ELEMENT a %a.content;>
-<!ATTLIST a
-  %attrs;
-  %focus;
-  charset     %Charset;      #IMPLIED
-  type        %ContentType;  #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  href        %URI;          #IMPLIED
-  hreflang    %LanguageCode; #IMPLIED
-  rel         %LinkTypes;    #IMPLIED
-  rev         %LinkTypes;    #IMPLIED
-  shape       %Shape;        "rect"
-  coords      %Coords;       #IMPLIED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!--===================== Inline Elements ================================-->
-
-<!ELEMENT span %Inline;> <!-- generic language/style container -->
-<!ATTLIST span
-  %attrs;
-  >
-
-<!ELEMENT bdo %Inline;>  <!-- I18N BiDi over-ride -->
-<!ATTLIST bdo
-  %coreattrs;
-  %events;
-  lang        %LanguageCode; #IMPLIED
-  xml:lang    %LanguageCode; #IMPLIED
-  dir         (ltr|rtl)      #REQUIRED
-  >
-
-<!ELEMENT br EMPTY>   <!-- forced line break -->
-<!ATTLIST br
-  %coreattrs;
-  clear       (left|all|right|none) "none"
-  >
-
-<!ELEMENT em %Inline;>   <!-- emphasis -->
-<!ATTLIST em %attrs;>
-
-<!ELEMENT strong %Inline;>   <!-- strong emphasis -->
-<!ATTLIST strong %attrs;>
-
-<!ELEMENT dfn %Inline;>   <!-- definitional -->
-<!ATTLIST dfn %attrs;>
-
-<!ELEMENT code %Inline;>   <!-- program code -->
-<!ATTLIST code %attrs;>
-
-<!ELEMENT samp %Inline;>   <!-- sample -->
-<!ATTLIST samp %attrs;>
-
-<!ELEMENT kbd %Inline;>  <!-- something user would type -->
-<!ATTLIST kbd %attrs;>
-
-<!ELEMENT var %Inline;>   <!-- variable -->
-<!ATTLIST var %attrs;>
-
-<!ELEMENT cite %Inline;>   <!-- citation -->
-<!ATTLIST cite %attrs;>
-
-<!ELEMENT abbr %Inline;>   <!-- abbreviation -->
-<!ATTLIST abbr %attrs;>
-
-<!ELEMENT acronym %Inline;>   <!-- acronym -->
-<!ATTLIST acronym %attrs;>
-
-<!ELEMENT q %Inline;>   <!-- inlined quote -->
-<!ATTLIST q
-  %attrs;
-  cite        %URI;          #IMPLIED
-  >
-
-<!ELEMENT sub %Inline;> <!-- subscript -->
-<!ATTLIST sub %attrs;>
-
-<!ELEMENT sup %Inline;> <!-- superscript -->
-<!ATTLIST sup %attrs;>
-
-<!ELEMENT tt %Inline;>   <!-- fixed pitch font -->
-<!ATTLIST tt %attrs;>
-
-<!ELEMENT i %Inline;>   <!-- italic font -->
-<!ATTLIST i %attrs;>
-
-<!ELEMENT b %Inline;>   <!-- bold font -->
-<!ATTLIST b %attrs;>
-
-<!ELEMENT big %Inline;>   <!-- bigger font -->
-<!ATTLIST big %attrs;>
-
-<!ELEMENT small %Inline;>   <!-- smaller font -->
-<!ATTLIST small %attrs;>
-
-<!ELEMENT u %Inline;>   <!-- underline -->
-<!ATTLIST u %attrs;>
-
-<!ELEMENT s %Inline;>   <!-- strike-through -->
-<!ATTLIST s %attrs;>
-
-<!ELEMENT strike %Inline;>   <!-- strike-through -->
-<!ATTLIST strike %attrs;>
-
-<!ELEMENT basefont EMPTY>  <!-- base font size -->
-<!ATTLIST basefont
-  id          ID             #IMPLIED
-  size        CDATA          #REQUIRED
-  color       %Color;        #IMPLIED
-  face        CDATA          #IMPLIED
-  >
-
-<!ELEMENT font %Inline;> <!-- local change to font -->
-<!ATTLIST font
-  %coreattrs;
-  %i18n;
-  size        CDATA          #IMPLIED
-  color       %Color;        #IMPLIED
-  face        CDATA          #IMPLIED
-  >
-
-<!--==================== Object ======================================-->
-<!--
-  object is used to embed objects as part of HTML pages.
-  param elements should precede other content. Parameters
-  can also be expressed as attribute/value pairs on the
-  object element itself when brevity is desired.
--->
-
-<!ELEMENT object (#PCDATA | param | %block; | form | %inline; | %misc;)*>
-<!ATTLIST object
-  %attrs;
-  declare     (declare)      #IMPLIED
-  classid     %URI;          #IMPLIED
-  codebase    %URI;          #IMPLIED
-  data        %URI;          #IMPLIED
-  type        %ContentType;  #IMPLIED
-  codetype    %ContentType;  #IMPLIED
-  archive     %UriList;      #IMPLIED
-  standby     %Text;         #IMPLIED
-  height      %Length;       #IMPLIED
-  width       %Length;       #IMPLIED
-  usemap      %URI;          #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  align       %ImgAlign;     #IMPLIED
-  border      %Pixels;       #IMPLIED
-  hspace      %Pixels;       #IMPLIED
-  vspace      %Pixels;       #IMPLIED
-  >
-
-<!--
-  param is used to supply a named property value.
-  In XML it would seem natural to follow RDF and support an
-  abbreviated syntax where the param elements are replaced
-  by attribute value pairs on the object start tag.
--->
-<!ELEMENT param EMPTY>
-<!ATTLIST param
-  id          ID             #IMPLIED
-  name        CDATA          #REQUIRED
-  value       CDATA          #IMPLIED
-  valuetype   (data|ref|object) "data"
-  type        %ContentType;  #IMPLIED
-  >
-
-<!--=================== Java applet ==================================-->
-<!--
-  One of code or object attributes must be present.
-  Place param elements before other content.
--->
-<!ELEMENT applet (#PCDATA | param | %block; | form | %inline; | %misc;)*>
-<!ATTLIST applet
-  %coreattrs;
-  codebase    %URI;          #IMPLIED
-  archive     CDATA          #IMPLIED
-  code        CDATA          #IMPLIED
-  object      CDATA          #IMPLIED
-  alt         %Text;         #IMPLIED
-  name        NMTOKEN        #IMPLIED
-  width       %Length;       #REQUIRED
-  height      %Length;       #REQUIRED
-  align       %ImgAlign;     #IMPLIED
-  hspace      %Pixels;       #IMPLIED
-  vspace      %Pixels;       #IMPLIED
-  >
-
-<!--=================== Images ===========================================-->
-
-<!--
-   To avoid accessibility problems for people who aren't
-   able to see the image, you should provide a text
-   description using the alt and longdesc attributes.
-   In addition, avoid the use of server-side image maps.
--->
-
-<!ELEMENT img EMPTY>
-<!ATTLIST img
-  %attrs;
-  src         %URI;          #REQUIRED
-  alt         %Text;         #REQUIRED
-  name        NMTOKEN        #IMPLIED
-  longdesc    %URI;          #IMPLIED
-  height      %Length;       #IMPLIED
-  width       %Length;       #IMPLIED
-  usemap      %URI;          #IMPLIED
-  ismap       (ismap)        #IMPLIED
-  align       %ImgAlign;     #IMPLIED
-  border      %Length;       #IMPLIED
-  hspace      %Pixels;       #IMPLIED
-  vspace      %Pixels;       #IMPLIED
-  >
-
-<!-- usemap points to a map element which may be in this document
-  or an external document, although the latter is not widely supported -->
-
-<!--================== Client-side image maps ============================-->
-
-<!-- These can be placed in the same document or grouped in a
-     separate document although this isn't yet widely supported -->
-
-<!ELEMENT map ((%block; | form | %misc;)+ | area+)>
-<!ATTLIST map
-  %i18n;
-  %events;
-  id          ID             #REQUIRED
-  class       CDATA          #IMPLIED
-  style       %StyleSheet;   #IMPLIED
-  title       %Text;         #IMPLIED
-  name        CDATA          #IMPLIED
-  >
-
-<!ELEMENT area EMPTY>
-<!ATTLIST area
-  %attrs;
-  %focus;
-  shape       %Shape;        "rect"
-  coords      %Coords;       #IMPLIED
-  href        %URI;          #IMPLIED
-  nohref      (nohref)       #IMPLIED
-  alt         %Text;         #REQUIRED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!--================ Forms ===============================================-->
-
-<!ELEMENT form %form.content;>   <!-- forms shouldn't be nested -->
-
-<!ATTLIST form
-  %attrs;
-  action      %URI;          #REQUIRED
-  method      (get|post)     "get"
-  name        NMTOKEN        #IMPLIED
-  enctype     %ContentType;  "application/x-www-form-urlencoded"
-  onsubmit    %Script;       #IMPLIED
-  onreset     %Script;       #IMPLIED
-  accept      %ContentTypes; #IMPLIED
-  accept-charset %Charsets;  #IMPLIED
-  target      %FrameTarget;  #IMPLIED
-  >
-
-<!--
-  Each label must not contain more than ONE field
-  Label elements shouldn't be nested.
--->
-<!ELEMENT label %Inline;>
-<!ATTLIST label
-  %attrs;
-  for         IDREF          #IMPLIED
-  accesskey   %Character;    #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED
-  >
-
-<!ENTITY % InputType
-  "(text | password | checkbox |
-    radio | submit | reset |
-    file | hidden | image | button)"
-   >
-
-<!-- the name attribute is required for all but submit & reset -->
-
-<!ELEMENT input EMPTY>     <!-- form control -->
-<!ATTLIST input
-  %attrs;
-  %focus;
-  type        %InputType;    "text"
-  name        CDATA          #IMPLIED
-  value       CDATA          #IMPLIED
-  checked     (checked)      #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  readonly    (readonly)     #IMPLIED
-  size        CDATA          #IMPLIED
-  maxlength   %Number;       #IMPLIED
-  src         %URI;          #IMPLIED
-  alt         CDATA          #IMPLIED
-  usemap      %URI;          #IMPLIED
-  onselect    %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  accept      %ContentTypes; #IMPLIED
-  align       %ImgAlign;     #IMPLIED
-  >
-
-<!ELEMENT select (optgroup|option)+>  <!-- option selector -->
-<!ATTLIST select
-  %attrs;
-  name        CDATA          #IMPLIED
-  size        %Number;       #IMPLIED
-  multiple    (multiple)     #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  tabindex    %Number;       #IMPLIED
-  onfocus     %Script;       #IMPLIED
-  onblur      %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  >
-
-<!ELEMENT optgroup (option)+>   <!-- option group -->
-<!ATTLIST optgroup
-  %attrs;
-  disabled    (disabled)     #IMPLIED
-  label       %Text;         #REQUIRED
-  >
-
-<!ELEMENT option (#PCDATA)>     <!-- selectable choice -->
-<!ATTLIST option
-  %attrs;
-  selected    (selected)     #IMPLIED
-  disabled    (disabled)     #IMPLIED
-  label       %Text;         #IMPLIED
-  value       CDATA          #IMPLIED
-  >
-
-<!ELEMENT textarea (#PCDATA)>     <!-- multi-line text field -->
-<!ATTLIST textarea
-  %attrs;
-  %focus;
-  name        CDATA          #IMPLIED
-  rows        %Number;       #REQUIRED
-  cols        %Number;       #REQUIRED
-  disabled    (disabled)     #IMPLIED
-  readonly    (readonly)     #IMPLIED
-  onselect    %Script;       #IMPLIED
-  onchange    %Script;       #IMPLIED
-  >
-
-<!--
-  The fieldset element is used to group form fields.
-  Only one legend element should occur in the content
-  and if present should only be preceded by whitespace.
--->
-<!ELEMENT fieldset (#PCDATA | legend | %block; | form | %inline; | %misc;)*>
-<!ATTLIST fieldset
-  %attrs;
-  >
-
-<!ENTITY % LAlign "(top|bottom|left|right)">
-
-<!ELEMENT legend %Inline;>     <!-- fieldset label -->
-<!ATTLIST legend
-  %attrs;
-  accesskey   %Character;    #IMPLIED
-  align       %LAlign;       #IMPLIED
-  >
-
-<!--
- Content is %Flow; excluding a, form, form controls, iframe
---> 
-<!ELEMENT button %button.content;>  <!-- push button -->
-<!ATTLIST button
-  %attrs;
-  %focus;
-  name        CDATA          #IMPLIED
-  value       CDATA          #IMPLIED
-  type        (button|submit|reset) "submit"
-  disabled    (disabled)     #IMPLIED
-  >
-
-<!-- single-line text input control (DEPRECATED) -->
-<!ELEMENT isindex EMPTY>
-<!ATTLIST isindex
-  %coreattrs;
-  %i18n;
-  prompt      %Text;         #IMPLIED
-  >
-
-<!--======================= Tables =======================================-->
-
-<!-- Derived from IETF HTML table standard, see [RFC1942] -->
-
-<!--
- The border attribute sets the thickness of the frame around the
- table. The default units are screen pixels.
-
- The frame attribute specifies which parts of the frame around
- the table should be rendered. The values are not the same as
- CALS to avoid a name clash with the valign attribute.
--->
-<!ENTITY % TFrame "(void|above|below|hsides|lhs|rhs|vsides|box|border)">
-
-<!--
- The rules attribute defines which rules to draw between cells:
-
- If rules is absent then assume:
-     "none" if border is absent or border="0" otherwise "all"
--->
-
-<!ENTITY % TRules "(none | groups | rows | cols | all)">
-  
-<!-- horizontal placement of table relative to document -->
-<!ENTITY % TAlign "(left|center|right)">
-
-<!-- horizontal alignment attributes for cell contents
-
-  char        alignment char, e.g. char=':'
-  charoff     offset for alignment char
--->
-<!ENTITY % cellhalign
-  "align      (left|center|right|justify|char) #IMPLIED
-   char       %Character;    #IMPLIED
-   charoff    %Length;       #IMPLIED"
-  >
-
-<!-- vertical alignment attributes for cell contents -->
-<!ENTITY % cellvalign
-  "valign     (top|middle|bottom|baseline) #IMPLIED"
-  >
-
-<!ELEMENT table
-     (caption?, (col*|colgroup*), thead?, tfoot?, (tbody+|tr+))>
-<!ELEMENT caption  %Inline;>
-<!ELEMENT thead    (tr)+>
-<!ELEMENT tfoot    (tr)+>
-<!ELEMENT tbody    (tr)+>
-<!ELEMENT colgroup (col)*>
-<!ELEMENT col      EMPTY>
-<!ELEMENT tr       (th|td)+>
-<!ELEMENT th       %Flow;>
-<!ELEMENT td       %Flow;>
-
-<!ATTLIST table
-  %attrs;
-  summary     %Text;         #IMPLIED
-  width       %Length;       #IMPLIED
-  border      %Pixels;       #IMPLIED
-  frame       %TFrame;       #IMPLIED
-  rules       %TRules;       #IMPLIED
-  cellspacing %Length;       #IMPLIED
-  cellpadding %Length;       #IMPLIED
-  align       %TAlign;       #IMPLIED
-  bgcolor     %Color;        #IMPLIED
-  >
-
-<!ENTITY % CAlign "(top|bottom|left|right)">
-
-<!ATTLIST caption
-  %attrs;
-  align       %CAlign;       #IMPLIED
-  >
-
-<!--
-colgroup groups a set of col elements. It allows you to group
-several semantically related columns together.
--->
-<!ATTLIST colgroup
-  %attrs;
-  span        %Number;       "1"
-  width       %MultiLength;  #IMPLIED
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!--
- col elements define the alignment properties for cells in
- one or more columns.
-
- The width attribute specifies the width of the columns, e.g.
-
-     width=64        width in screen pixels
-     width=0.5*      relative width of 0.5
-
- The span attribute causes the attributes of one
- col element to apply to more than one column.
--->
-<!ATTLIST col
-  %attrs;
-  span        %Number;       "1"
-  width       %MultiLength;  #IMPLIED
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!--
-    Use thead to duplicate headers when breaking table
-    across page boundaries, or for static headers when
-    tbody sections are rendered in scrolling panel.
-
-    Use tfoot to duplicate footers when breaking table
-    across page boundaries, or for static footers when
-    tbody sections are rendered in scrolling panel.
-
-    Use multiple tbody sections when rules are needed
-    between groups of table rows.
--->
-<!ATTLIST thead
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tfoot
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tbody
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  >
-
-<!ATTLIST tr
-  %attrs;
-  %cellhalign;
-  %cellvalign;
-  bgcolor     %Color;        #IMPLIED
-  >
-
-<!-- Scope is simpler than headers attribute for common tables -->
-<!ENTITY % Scope "(row|col|rowgroup|colgroup)">
-
-<!-- th is for headers, td for data and for cells acting as both -->
-
-<!ATTLIST th
-  %attrs;
-  abbr        %Text;         #IMPLIED
-  axis        CDATA          #IMPLIED
-  headers     IDREFS         #IMPLIED
-  scope       %Scope;        #IMPLIED
-  rowspan     %Number;       "1"
-  colspan     %Number;       "1"
-  %cellhalign;
-  %cellvalign;
-  nowrap      (nowrap)       #IMPLIED
-  bgcolor     %Color;        #IMPLIED
-  width       %Length;       #IMPLIED
-  height      %Length;       #IMPLIED
-  >
-
-<!ATTLIST td
-  %attrs;
-  abbr        %Text;         #IMPLIED
-  axis        CDATA          #IMPLIED
-  headers     IDREFS         #IMPLIED
-  scope       %Scope;        #IMPLIED
-  rowspan     %Number;       "1"
-  colspan     %Number;       "1"
-  %cellhalign;
-  %cellvalign;
-  nowrap      (nowrap)       #IMPLIED
-  bgcolor     %Color;        #IMPLIED
-  width       %Length;       #IMPLIED
-  height      %Length;       #IMPLIED
-  >
-
diff --git a/lib/erl_docgen/priv/dtd/Makefile b/lib/erl_docgen/priv/dtd/Makefile
new file mode 100644
index 0000000000..65c68fcca7
--- /dev/null
+++ b/lib/erl_docgen/priv/dtd/Makefile
@@ -0,0 +1,101 @@
+#
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+#
+#
+include $(ERL_TOP)/make/target.mk
+include $(ERL_TOP)/make/$(TARGET)/otp.mk
+
+# ----------------------------------------------------
+# Application version
+# ----------------------------------------------------
+include ../../vsn.mk
+VSN=$(ERL_DOCGEN_VSN)
+
+# ----------------------------------------------------
+# Release directory specification
+# ----------------------------------------------------
+RELSYSDIR = $(RELEASE_PATH)/lib/erl_docgen-$(VSN)
+
+
+# ----------------------------------------------------
+# Target Specs
+# ----------------------------------------------------
+
+
+DTD_FILES = \
+	application.dtd \
+	chapter.dtd \
+	common.header.dtd \
+	comref.dtd \
+	fileref.dtd	 \
+	xhtml1-frameset.dtd \
+	appref.dtd \
+	cites.dtd \
+	common.image.dtd \
+	cref.dtd \
+	part.dtd \
+	xhtml1-strict.dtd \
+	book.dtd \
+	common.dtd \
+	common.refs.dtd \
+	erlref.dtd \
+	report.dtd \
+	xhtml1-transitional.dtd \
+	bookinsidecover.dtd \
+	common.entities.dtd \
+	common.table.dtd \
+	fascicules.dtd \
+	terms.dtd
+
+ENT_FILES = \
+	xhtml-special.ent \
+	xhtml-symbol.ent
+
+# ----------------------------------------------------
+# FLAGS
+# ----------------------------------------------------
+
+
+# ----------------------------------------------------
+# Targets
+# ----------------------------------------------------
+debug opt: 
+
+docs:
+
+clean:
+	$(RM) $(TARGET_FILES)
+
+
+# ----------------------------------------------------
+# Release Target
+# ---------------------------------------------------- 
+include $(ERL_TOP)/make/otp_release_targets.mk
+
+
+release_spec: opt
+	$(INSTALL_DIR) $(RELSYSDIR)/priv/dtd
+	$(INSTALL_DATA) $(DTD_FILES)  $(ENT_FILES) $(RELSYSDIR)/priv/dtd
+
+
+release_docs_spec:
+
+
+release_tests_spec:
+
+
diff --git a/lib/docbuilder/dtd/application.dtd b/lib/erl_docgen/priv/dtd/application.dtd
index 8a1e8832ec..8a1e8832ec 100644
--- a/lib/docbuilder/dtd/application.dtd
+++ b/lib/erl_docgen/priv/dtd/application.dtd
diff --git a/lib/docbuilder/dtd/appref.dtd b/lib/erl_docgen/priv/dtd/appref.dtd
index 70a5ff37af..70a5ff37af 100644
--- a/lib/docbuilder/dtd/appref.dtd
+++ b/lib/erl_docgen/priv/dtd/appref.dtd
diff --git a/lib/docbuilder/dtd/book.dtd b/lib/erl_docgen/priv/dtd/book.dtd
index bb89a6d255..bb89a6d255 100644
--- a/lib/docbuilder/dtd/book.dtd
+++ b/lib/erl_docgen/priv/dtd/book.dtd
diff --git a/lib/docbuilder/dtd/bookinsidecover.dtd b/lib/erl_docgen/priv/dtd/bookinsidecover.dtd
index d6efbef6a4..d6efbef6a4 100644
--- a/lib/docbuilder/dtd/bookinsidecover.dtd
+++ b/lib/erl_docgen/priv/dtd/bookinsidecover.dtd
diff --git a/lib/docbuilder/dtd/chapter.dtd b/lib/erl_docgen/priv/dtd/chapter.dtd
index eb2c96b04f..eb2c96b04f 100644
--- a/lib/docbuilder/dtd/chapter.dtd
+++ b/lib/erl_docgen/priv/dtd/chapter.dtd
diff --git a/lib/docbuilder/dtd/cites.dtd b/lib/erl_docgen/priv/dtd/cites.dtd
index 334574bff9..334574bff9 100644
--- a/lib/docbuilder/dtd/cites.dtd
+++ b/lib/erl_docgen/priv/dtd/cites.dtd
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/common.dtd b/lib/erl_docgen/priv/dtd/common.dtd
index fdc02c55a1..fdc02c55a1 100644
--- a/lib/erl_docgen/priv/docbuilder_dtd/common.dtd
+++ b/lib/erl_docgen/priv/dtd/common.dtd
diff --git a/lib/docbuilder/dtd/common.entities.dtd b/lib/erl_docgen/priv/dtd/common.entities.dtd
index f893ecd070..f893ecd070 100644
--- a/lib/docbuilder/dtd/common.entities.dtd
+++ b/lib/erl_docgen/priv/dtd/common.entities.dtd
diff --git a/lib/docbuilder/dtd/common.header.dtd b/lib/erl_docgen/priv/dtd/common.header.dtd
index d422a89693..d422a89693 100644
--- a/lib/docbuilder/dtd/common.header.dtd
+++ b/lib/erl_docgen/priv/dtd/common.header.dtd
diff --git a/lib/docbuilder/dtd/common.image.dtd b/lib/erl_docgen/priv/dtd/common.image.dtd
index fc95a669dd..fc95a669dd 100644
--- a/lib/docbuilder/dtd/common.image.dtd
+++ b/lib/erl_docgen/priv/dtd/common.image.dtd
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/common.refs.dtd b/lib/erl_docgen/priv/dtd/common.refs.dtd
index c1237766e1..c1237766e1 100644
--- a/lib/erl_docgen/priv/docbuilder_dtd/common.refs.dtd
+++ b/lib/erl_docgen/priv/dtd/common.refs.dtd
diff --git a/lib/docbuilder/dtd/common.table.dtd b/lib/erl_docgen/priv/dtd/common.table.dtd
index 7741da1018..7741da1018 100644
--- a/lib/docbuilder/dtd/common.table.dtd
+++ b/lib/erl_docgen/priv/dtd/common.table.dtd
diff --git a/lib/docbuilder/dtd/comref.dtd b/lib/erl_docgen/priv/dtd/comref.dtd
index fcdea625d5..fcdea625d5 100644
--- a/lib/docbuilder/dtd/comref.dtd
+++ b/lib/erl_docgen/priv/dtd/comref.dtd
diff --git a/lib/docbuilder/dtd/cref.dtd b/lib/erl_docgen/priv/dtd/cref.dtd
index e43bb2bf51..e43bb2bf51 100644
--- a/lib/docbuilder/dtd/cref.dtd
+++ b/lib/erl_docgen/priv/dtd/cref.dtd
diff --git a/lib/erl_docgen/priv/docbuilder_dtd/erlref.dtd b/lib/erl_docgen/priv/dtd/erlref.dtd
index 9905086ff4..9905086ff4 100644
--- a/lib/erl_docgen/priv/docbuilder_dtd/erlref.dtd
+++ b/lib/erl_docgen/priv/dtd/erlref.dtd
diff --git a/lib/docbuilder/dtd/fascicules.dtd b/lib/erl_docgen/priv/dtd/fascicules.dtd
index b14276a2c0..b14276a2c0 100644
--- a/lib/docbuilder/dtd/fascicules.dtd
+++ b/lib/erl_docgen/priv/dtd/fascicules.dtd
diff --git a/lib/docbuilder/dtd/fileref.dtd b/lib/erl_docgen/priv/dtd/fileref.dtd
index 5a1cc54afe..5a1cc54afe 100644
--- a/lib/docbuilder/dtd/fileref.dtd
+++ b/lib/erl_docgen/priv/dtd/fileref.dtd
diff --git a/lib/docbuilder/dtd/part.dtd b/lib/erl_docgen/priv/dtd/part.dtd
index 3f97199042..3f97199042 100644
--- a/lib/docbuilder/dtd/part.dtd
+++ b/lib/erl_docgen/priv/dtd/part.dtd
diff --git a/lib/docbuilder/dtd/report.dtd b/lib/erl_docgen/priv/dtd/report.dtd
index 3d07e6e5a7..3d07e6e5a7 100644
--- a/lib/docbuilder/dtd/report.dtd
+++ b/lib/erl_docgen/priv/dtd/report.dtd
diff --git a/lib/docbuilder/dtd/terms.dtd b/lib/erl_docgen/priv/dtd/terms.dtd
index 6105ec593e..6105ec593e 100644
--- a/lib/docbuilder/dtd/terms.dtd
+++ b/lib/erl_docgen/priv/dtd/terms.dtd
diff --git a/lib/docbuilder/dtd/xhtml-special.ent b/lib/erl_docgen/priv/dtd/xhtml-special.ent
index ca358b2fec..ca358b2fec 100644
--- a/lib/docbuilder/dtd/xhtml-special.ent
+++ b/lib/erl_docgen/priv/dtd/xhtml-special.ent
diff --git a/lib/docbuilder/dtd/xhtml-symbol.ent b/lib/erl_docgen/priv/dtd/xhtml-symbol.ent
index 63c2abfa6f..63c2abfa6f 100644
--- a/lib/docbuilder/dtd/xhtml-symbol.ent
+++ b/lib/erl_docgen/priv/dtd/xhtml-symbol.ent
diff --git a/lib/docbuilder/dtd/xhtml1-frameset.dtd b/lib/erl_docgen/priv/dtd/xhtml1-frameset.dtd
index d128f2eb7c..d128f2eb7c 100644
--- a/lib/docbuilder/dtd/xhtml1-frameset.dtd
+++ b/lib/erl_docgen/priv/dtd/xhtml1-frameset.dtd
diff --git a/lib/docbuilder/dtd/xhtml1-strict.dtd b/lib/erl_docgen/priv/dtd/xhtml1-strict.dtd
index 2927b9ece7..2927b9ece7 100644
--- a/lib/docbuilder/dtd/xhtml1-strict.dtd
+++ b/lib/erl_docgen/priv/dtd/xhtml1-strict.dtd
diff --git a/lib/docbuilder/dtd/xhtml1-transitional.dtd b/lib/erl_docgen/priv/dtd/xhtml1-transitional.dtd
index 628f27ac50..628f27ac50 100644
--- a/lib/docbuilder/dtd/xhtml1-transitional.dtd
+++ b/lib/erl_docgen/priv/dtd/xhtml1-transitional.dtd
diff --git a/lib/erl_docgen/priv/xsl/db_eix.xsl b/lib/erl_docgen/priv/xsl/db_eix.xsl
index 7a648ddfd7..249e6950f7 100644
--- a/lib/erl_docgen/priv/xsl/db_eix.xsl
+++ b/lib/erl_docgen/priv/xsl/db_eix.xsl
@@ -106,10 +106,14 @@
     <xsl:choose>
       <!-- @arity is mandatory when referring to a specification -->
       <xsl:when test="string-length(@arity) > 0">
-        <xsl:call-template name="spec_name"/>
+        <xsl:call-template name="spec_name">
+	  <xsl:with-param name="lastfuncsblock" select="$lastfuncsblock"/>
+	</xsl:call-template>
       </xsl:when>
       <xsl:otherwise>
-        <xsl:call-template name="name"/>
+        <xsl:call-template name="name">
+	  <xsl:with-param name="lastfuncsblock" select="$lastfuncsblock"/>
+	</xsl:call-template>
       </xsl:otherwise>
     </xsl:choose>
   </xsl:template>
@@ -324,7 +328,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
diff --git a/lib/erl_docgen/priv/xsl/db_html.xsl b/lib/erl_docgen/priv/xsl/db_html.xsl
index a9052f29e5..4f6c758e7b 100644
--- a/lib/erl_docgen/priv/xsl/db_html.xsl
+++ b/lib/erl_docgen/priv/xsl/db_html.xsl
@@ -3,7 +3,7 @@
      #
      # %CopyrightBegin%
      #
-     # Copyright Ericsson AB 2009-2011. All Rights Reserved.
+     # Copyright Ericsson AB 2009-2012. All Rights Reserved.
      #
      # The contents of this file are subject to the Erlang Public License,
      # Version 1.1, (the "License"); you may not use this file except in
@@ -40,6 +40,11 @@
   <xsl:variable name="m2a" select="document($mod2app_file)"></xsl:variable>
   <xsl:key name="mod2app" match="module" use="@name"/>
 
+  <xsl:key
+        name="mfa"
+	match="func/name[string-length(@arity) > 0 and ancestor::erlref]"
+	use="concat(ancestor::erlref/module,':',@name, '/', @arity)"/>
+
   <xsl:template name="err">
     <xsl:param name="f"/>
     <xsl:param name="m"/>
@@ -101,10 +106,14 @@
 	</xsl:message>
       </xsl:when>
       <xsl:when test="ancestor::erlref">
+        <!-- Do not to use preceding since it is very slow! -->
+        <xsl:variable name="curModule" select="ancestor::erlref/module"/>
+        <xsl:variable name="mfas"
+                      select="key('mfa',
+                                  concat($curModule,':',$name,'/',$arity))"/>
 	<xsl:choose>
-	  <xsl:when test="preceding-sibling::name[position() = 1
-			  and @name = $name and @arity = $arity]">
-	    <!-- Avoid duplicated anchors.-->
+          <xsl:when test="generate-id($mfas[1]) != generate-id(.)">
+	    <!-- Avoid duplicated anchors. See also menu.funcs. -->
 	  </xsl:when>
 	  <xsl:otherwise>
 	    <a name="{$name}-{$arity}"></a>
@@ -1319,6 +1328,7 @@
                 <xsl:with-param name="entries"
                   select="funcs/func/name"/>
                 <xsl:with-param name="basename"><xsl:value-of select="$link_cval"/></xsl:with-param>
+                <xsl:with-param name="cval" select="$cval"/>
               </xsl:call-template>
             </ul>
           </li>
@@ -1349,6 +1359,7 @@
   <xsl:template name="menu.funcs">
     <xsl:param name="entries"/>
     <xsl:param name="basename"/>
+    <xsl:param name="cval"/>
 
     <xsl:for-each select="$entries">
 
@@ -1434,9 +1445,14 @@
             </xsl:choose>
           </xsl:variable>
 
+	  <!-- Avoid duplicated entries. See also template "spec_name" -->
+          <!-- Do not to use preceding since it is very slow! -->
+          <xsl:variable name="mfas"
+			select="key('mfa',
+				    concat($cval,':',$fname,'/',$arity))"/>
 	  <xsl:choose>
-	    <xsl:when test="preceding-sibling::name[position() = 1
-                            and @name = $fname and @arity = $arity]">
+            <xsl:when test="string-length(@name) > 0 and
+                            generate-id($mfas[1]) != generate-id(.)">
               <!-- Skip. Only works for Dialyzer specs. -->
 	    </xsl:when>
 	    <xsl:otherwise>
@@ -1854,18 +1870,24 @@
 
     <xsl:choose>
       <xsl:when test="string-length($filepart) > 0">
-        <xsl:variable name="modulepart"><xsl:value-of select="substring-before($filepart, ':')"/></xsl:variable>
+        <!-- "Filepart#Linkpart" (or "Filepart#") -->
+        <xsl:variable name="app_part"><xsl:value-of select="substring-before($filepart, ':')"/></xsl:variable>
         <xsl:choose>
-          <xsl:when test="string-length($modulepart) > 0">
-            <xsl:variable name="filepart1"><xsl:value-of select="substring-after($filepart, ':')"/></xsl:variable>
-            <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$modulepart}','{$filepart1}.html#{$linkpart}');"><xsl:apply-templates/></a></span>
+          <xsl:when test="string-length($app_part) > 0">
+            <!-- "AppPart:ModPart#Linkpart" -->
+            <xsl:variable name="mod_part"><xsl:value-of select="substring-after($filepart, ':')"/></xsl:variable>
+            <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app_part}','{$mod_part}.html#{$linkpart}');"><xsl:apply-templates/></a></span>
           </xsl:when>
           <xsl:otherwise>
+            <!-- "Filepart#Linkpart (there is no ':' in Filepart) -->
+            <xsl:variable name="minus_prefix"
+                          select="substring-before($linkpart, '-')"/>
             <xsl:choose>
-              <!-- Dialyzer seealso (the application is unknown) -->
-              <xsl:when test="string-length($specs_file) > 0
+              <xsl:when test="$minus_prefix = 'type'
+                              and string-length($specs_file) > 0
                               and count($i/specs/module[@name=$filepart]) = 0">
-                <!-- Deemed to slow; use key() instead
+                <!-- Dialyzer seealso (the application is unknown) -->
+                <!-- Following code deemed too slow; use key() instead
 		<xsl:variable name="app"
                               select="$m2a/mod2app/module[@name=$filepart]"/>
                 -->
@@ -1877,41 +1899,45 @@
 		      <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app}','{$filepart}.html#{$linkpart}');"><xsl:value-of select="$this"/></a></span>
 		    </xsl:when>
 		    <xsl:otherwise>
-		      <!-- Unknown application; no link -->
-		      <xsl:value-of select="$this"/>
+		      <!-- Unknown application -->
+		      <xsl:message terminate="yes">
+			Error <xsl:value-of select="$filepart"/>: cannot find module exporting type
+		      </xsl:message>
 		    </xsl:otherwise>
 		  </xsl:choose>
                 </xsl:for-each>
               </xsl:when>
               <xsl:when test="string-length($linkpart) > 0">
+                <!-- Still Filepart#Linkpart (there is no ':' in Filepart -->
                 <span class="bold_code"><a href="{$filepart}.html#{$linkpart}"><xsl:apply-templates/></a></span>
               </xsl:when>
               <xsl:otherwise>
+                <!-- "Filepart#" (there is no ':' in Filepart -->
                 <span class="bold_code"><a href="{$filepart}.html"><xsl:apply-templates/></a></span>
               </xsl:otherwise>
             </xsl:choose>
           </xsl:otherwise>
         </xsl:choose>
+      </xsl:when> <!-- string-length($filepart) > 0 -->
+      <xsl:when test="string-length($linkpart) > 0">
+	<!-- "#Linkpart" -->
+	<span class="bold_code"><a href="#{$linkpart}"><xsl:apply-templates/></a></span>
       </xsl:when>
       <xsl:otherwise>
-        <xsl:choose>
-          <xsl:when test="string-length($linkpart) > 0">
-            <span class="bold_code"><a href="#{$linkpart}"><xsl:apply-templates/></a></span>
-          </xsl:when>
-          <xsl:otherwise>
-            <xsl:variable name="modulepart"><xsl:value-of select="substring-before(@marker, ':')"/></xsl:variable>
+	<!-- "AppPart:Mod" or "Mod" (there is no '#') -->
+	<xsl:variable name="app_part"><xsl:value-of select="substring-before(@marker, ':')"/></xsl:variable>
 
-            <xsl:choose>
-              <xsl:when test="string-length($modulepart) > 0">
-                <xsl:variable name="filepart1"><xsl:value-of select="substring-after(@marker, ':')"/></xsl:variable>
-                <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$modulepart}','{$filepart1}.html');"><xsl:apply-templates/></a></span>
-              </xsl:when>
-              <xsl:otherwise>
-                <span class="bold_code"><a href="{@marker}.html"><xsl:apply-templates/></a></span>
-              </xsl:otherwise>
-            </xsl:choose>
-          </xsl:otherwise>
-        </xsl:choose>
+	<xsl:choose>
+	  <xsl:when test="string-length($app_part) > 0">
+	    <!-- "App:Mod" -->
+	    <xsl:variable name="mod_part"><xsl:value-of select="substring-after(@marker, ':')"/></xsl:variable>
+	    <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app_part}','{$mod_part}.html');"><xsl:apply-templates/></a></span>
+	  </xsl:when>
+	  <xsl:otherwise>
+	    <!-- "Mod" -->
+	    <span class="bold_code"><a href="{@marker}.html"><xsl:apply-templates/></a></span>
+	  </xsl:otherwise>
+	</xsl:choose>
       </xsl:otherwise>
     </xsl:choose>
 
@@ -2184,7 +2210,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
diff --git a/lib/erl_docgen/priv/xsl/db_man.xsl b/lib/erl_docgen/priv/xsl/db_man.xsl
index 1df96caa36..5234ba6bd0 100644
--- a/lib/erl_docgen/priv/xsl/db_man.xsl
+++ b/lib/erl_docgen/priv/xsl/db_man.xsl
@@ -137,8 +137,9 @@
          (there is no spec with more than one clause) -->
     <xsl:if test="count($clause/guard) > 0 or count($type) > 0">
       <xsl:text>&#10;.RS</xsl:text>
-      <xsl:text>&#10;.TP 3</xsl:text>
+      <xsl:text>&#10;.LP</xsl:text>
       <xsl:text>&#10;Types:&#10;</xsl:text>
+      <xsl:text>&#10;.RS 3</xsl:text>
 
         <xsl:choose>
           <xsl:when test="$output_subtypes">
@@ -164,6 +165,8 @@
           <xsl:with-param name="type_desc" select="$type_desc"/>
           <xsl:with-param name="local_types" select="$local_types"/>
         </xsl:call-template>
+        <xsl:text>&#10;.RE</xsl:text>
+
       <xsl:text>&#10;.RE</xsl:text>
 
     </xsl:if>
@@ -257,8 +260,8 @@
 
   <!-- Similar to <d> -->
   <xsl:template match="type_desc">
-    <xsl:text>&#10;</xsl:text><xsl:apply-templates/>
-    <xsl:text>&#10;.br</xsl:text>
+    <xsl:text>&#10;.RS 2&#10;</xsl:text><xsl:apply-templates/>
+    <xsl:text>&#10;.RE</xsl:text>
   </xsl:template>
 
   <!-- Datatypes -->
@@ -583,7 +586,15 @@
   </xsl:template>
 
   <xsl:template match="seealso">
-    <xsl:text>\fB</xsl:text><xsl:apply-templates/><xsl:text>\fR\&amp;</xsl:text>
+    <xsl:choose>
+      <xsl:when test="ancestor::head">
+	<!-- The header of Dialyzer specs -->
+	<xsl:apply-templates/>
+      </xsl:when>
+      <xsl:otherwise>
+	<xsl:text>\fB</xsl:text><xsl:apply-templates/><xsl:text>\fR\&amp;</xsl:text>
+      </xsl:otherwise>
+    </xsl:choose>
   </xsl:template>
 
   <!-- Code -->
@@ -757,24 +768,26 @@
     <!-- The case where @name != 0 is taken care of in "type_name" -->
     <xsl:if test="string-length(@name) = 0 and string-length(@variable) = 0">
       <xsl:text>&#10;.RS</xsl:text>
-      <xsl:text>&#10;.TP 3</xsl:text>
+      <xsl:text>&#10;.LP</xsl:text>
       <xsl:text>&#10;Types:&#10;</xsl:text>
+      <xsl:text>&#10;.RS 3</xsl:text>
       <xsl:apply-templates/>
       <xsl:text>&#10;.RE</xsl:text>
+      <xsl:text>&#10;.RE</xsl:text>
     </xsl:if>
   </xsl:template>
 
 
   <!-- V -->
   <xsl:template match="v">
-    <xsl:text>&#10;</xsl:text><xsl:value-of select="normalize-space(text())"/>
+    <xsl:text>&#10;</xsl:text><xsl:apply-templates/>
     <xsl:text>&#10;.br</xsl:text>
   </xsl:template>
 
   <!-- D -->
   <xsl:template match="d">
-    <xsl:text>&#10;</xsl:text><xsl:apply-templates/>
-    <xsl:text>&#10;.br</xsl:text>
+    <xsl:text>&#10;.RS 2&#10;</xsl:text><xsl:apply-templates/>
+    <xsl:text>&#10;.RE</xsl:text>
   </xsl:template>
 
   <!-- Desc -->
diff --git a/lib/erl_docgen/priv/xsl/db_pdf.xsl b/lib/erl_docgen/priv/xsl/db_pdf.xsl
index 48a7a026c1..4ed4fa14c4 100644
--- a/lib/erl_docgen/priv/xsl/db_pdf.xsl
+++ b/lib/erl_docgen/priv/xsl/db_pdf.xsl
@@ -1680,7 +1680,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
diff --git a/lib/erl_docgen/src/Makefile b/lib/erl_docgen/src/Makefile
index 8e81bccd59..cbaf6e4627 100644
--- a/lib/erl_docgen/src/Makefile
+++ b/lib/erl_docgen/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -35,7 +35,9 @@ RELSYSDIR = $(RELEASE_PATH)/lib/erl_docgen-$(VSN)
 # Target Specs
 # ----------------------------------------------------
 MODULES = \
-	otp_specs
+	docgen_otp_specs \
+	docgen_edoc_xml_cb \
+	docgen_xmerl_xml_cb 
 
 HRL_FILES = 
 
diff --git a/lib/erl_docgen/src/docgen_edoc_xml_cb.erl b/lib/erl_docgen/src/docgen_edoc_xml_cb.erl
new file mode 100644
index 0000000000..dc9bc565ee
--- /dev/null
+++ b/lib/erl_docgen/src/docgen_edoc_xml_cb.erl
@@ -0,0 +1,1148 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
+%% the Licence for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson AB.
+%% Portions created by Ericsson are Copyright 1999-2006, Ericsson AB.
+%% All Rights Reserved.��
+%%
+%%     $Id$
+%%
+-module(docgen_edoc_xml_cb).
+
+%% This is the EDoc callback module for creating erlref
+%% documents (man pages) in XML format, and also a chapter
+%% document based on "overview.edoc".
+%%
+%% edoc:file(File, [{layout,docgen_edoc_xml_cb},{file_suffix,".xml"},
+%%                  {preprocess,true}]).
+%%
+%% The origin of this file is the edoc module otpsgml_layout.erl
+%% written by Richard Carlsson.
+
+-export([module/2, overview/2]).
+
+-include("xmerl.hrl").
+
+-define(NL, "\n").
+
+%%-User interface-------------------------------------------------------
+
+%% ERLREF
+module(Element, Opts) ->
+    SortP = proplists:get_value(sort_functions, Opts, true),
+    XML = layout_module(Element, SortP),
+    xmerl:export_simple([XML], docgen_xmerl_xml_cb, []).
+
+%% CHAPTER
+overview(Element, _Opts) ->
+    XML = layout_chapter(Element),
+    xmerl:export_simple([XML], docgen_xmerl_xml_cb, []).
+
+%%--Internal functions--------------------------------------------------
+
+layout_module(#xmlElement{name = module, content = Es}=E, SortP) ->
+    Name = get_attrval(name, E),
+    Desc = get_content(description, Es),
+    ShortDesc = text_only(get_content(briefDescription, Desc)),
+    FullDesc =  otp_xmlify(get_content(fullDescription, Desc)),
+    Types0 = get_content(typedecls, Es),
+    Types1 = lists:sort([{type_name(Et), Et} || Et <- Types0]),
+    Functions =
+	case SortP of
+	    true ->
+		lists:sort([{function_name(Ef), Ef} ||
+			       Ef <- get_content(functions, Es)]);
+	    false ->
+		[{function_name(Ef), Ef} ||
+		    Ef <- get_content(functions, Es)]
+	end,
+    Header = {header, [
+		       ?NL,{title, [Name]},
+		       ?NL,{prepared, [""]},
+		       ?NL,{responsible, [""]},
+		       ?NL,{docno, ["1"]},
+		       ?NL,{approved, [""]},
+		       ?NL,{checked, [""]},
+		       ?NL,{date, [""]},
+		       ?NL,{rev, ["A"]},
+		       ?NL,{file, [Name++".xml"]}
+		      ]},
+    Module = {module, [Name]},
+    ModuleSummary = {modulesummary, ShortDesc},
+    Description = {description, [?NL|FullDesc]},
+    Types = case Types1 of
+		[] -> [];
+		_ ->
+		    [?NL, {section,[{title,["DATA TYPES"]},
+				    {marker,[{id,"types"}],[]},
+				    ?NL|types(Types1)]}]
+	    end,
+    Funcs = functions(Functions),
+    See = seealso_module(Es),
+    Authors = {authors, authors(Es)},
+    {erlref,
+     [?NL,Header,
+      ?NL,Module,
+      ?NL,ModuleSummary,
+      ?NL,Description]
+     ++ Types ++
+     [?NL,Funcs,
+      ?NL,See,
+      ?NL,Authors]
+    }.
+
+layout_chapter(#xmlElement{name=overview, content=Es}) ->
+    Title = get_text(title, Es),
+    Header = {header, [
+		       ?NL,{title,[Title]},
+		       ?NL,{prepared,[""]},
+		       ?NL,{docno,[""]},
+		       ?NL,{date,[""]},
+		       ?NL,{rev,[""]},
+		       ?NL,{file, ["chapter.xml"]}
+		      ]},
+    DescEs = get_content(description, Es),
+    FullDescEs = get_content(fullDescription, DescEs),
+    Sections = chapter_ify(FullDescEs, first),
+    {chapter, [?NL, Header, ?NL | Sections]}.
+
+chapter_ify([], _) ->
+    [];
+chapter_ify(Es, first) ->
+    %% Everything up to the first section should be made into
+    %% plain paragraphs -- or if no first section is found, everything
+    %% should be made into one
+    case find_next(h3, Es) of
+	{Es, []} ->
+	    SubSections = subchapter_ify(Es, first),
+	    [{section, [?NL,{title,["Overview"]},
+			?NL | SubSections]}];
+	{FirstEs, RestEs} ->
+	    otp_xmlify(FirstEs) ++ chapter_ify(RestEs, next)
+    end;
+chapter_ify([#xmlElement{name=h3} = E | Es], next) ->
+    {SectionEs, RestEs} = find_next(h3, Es),
+    SubSections = subchapter_ify(SectionEs, first),
+    {Marker, Title} = chapter_title(E),
+    [{section, [?NL,{marker,[{id,Marker}],[]},
+		?NL,{title,[Title]},
+		?NL | SubSections]} | chapter_ify(RestEs, next)].
+
+subchapter_ify([], _) ->
+    [];
+subchapter_ify(Es, first) ->
+    %% Everything up to the (possible) first subsection should be
+    %% made into plain paragraphs
+    {FirstEs, RestEs} = find_next(h4, Es),
+    otp_xmlify(FirstEs) ++ subchapter_ify(RestEs, next);
+subchapter_ify([#xmlElement{name=h4} = E | Es], next) ->
+    {SectionEs, RestEs} = find_next(h4, Es),
+    Elements = otp_xmlify(SectionEs),
+    {Marker, Title} = chapter_title(E),
+    [{section, [?NL,{marker,[{id,Marker}],[]},
+		?NL,{title,[Title]},
+		?NL | Elements]} | subchapter_ify(RestEs, next)].
+
+chapter_title(#xmlElement{content=Es}) -> % name = h3 | h4
+    case Es of
+	[#xmlElement{name=a} = E] ->
+	    {get_attrval(name, E), get_text(E)}
+    end.
+
+%%--XHTML->XML transformation-------------------------------------------
+
+%% otp_xmlify(Es1) -> Es2
+%%   Es1 = Es2 = [#xmlElement{} | #xmlText{}]
+%% Fix things that are allowed in XHTML but not in chapter/erlref DTDs.
+%% 1)  lists (<ul>, <ol>, <dl>) and code snippets (<pre>) can not occur
+%%     within a <p>, such a <p> must be splitted into a sequence of <p>,
+%%     <ul>, <ol>, <dl> and <pre>.
+%% 2)  <a> must only have either a href attribute (corresponds to a
+%%     <seealso> or <url> in the XML code) in which case its content
+%%     must be plain text; or a name attribute (<marker>).
+%% 3a) <b> content must be plain text.
+%%  b) <em> content must be plain text (or actually a <code> element
+%%     as well, but a simplification is used here).
+%%  c) <pre> content must be plain text (or could actually contain
+%%     <input> as well, but a simplification is used here).
+%% 4)  <code> content must be plain text, or the element must be split
+%%     into a list of elements.
+%% 5a) <h1>, <h2> etc is not allowed - replaced by its content within
+%%     a <b> tag.
+%%  b) <center> is not allowed - replaced by its content.
+%%  c) <font>   -"-
+%% 6)  <table> is not allowed in erlref, translated to text instead.
+%%     Also a <table> in chapter without a border is translated to text.
+%%     A <table> in chapter with a border must contain a <tcaption>.
+%% 7)  <sup> is not allowed - is replaced with its text content
+%%     within parenthesis.
+%% 8)  <blockquote> contents may need to be made into paragraphs
+%% 9)  <th> (table header) is not allowed - is replaced by
+%%     <td><em>...</em></td>.
+otp_xmlify([]) ->
+    [];
+otp_xmlify(Es0) ->
+    Es = case is_paragraph(hd(Es0)) of
+
+	     %% If the first element is a <p> xmlElement, then
+	     %% the entire element list is ready to be otp_xmlified.
+	     true ->
+		 Es0;
+
+	     %% If the first element is not a <p> xmlElement, then all
+	     %% elements up to the first <p> (or end of list) must be
+	     %% made into a paragraph (using the {p, Es} construction)
+	     %% before the list is otp_xmlified.
+	     false ->
+		 case find_next(p, Es0, []) of
+		     {[#xmlText{value=Str}] = First, Rest} ->
+			 %% Special case: Making a paragraph out of a
+			 %% blank line isn't a great idea.
+			 case is_empty(Str) of
+			     true ->
+				 Rest;
+			     false ->
+				 [{p,First}|Rest]
+			 end;
+		     {First, Rest} ->
+			 [{p,First}|Rest]
+		 end
+	 end,
+
+    %% Fix paragraph breaks not needed in XHTML but in XML
+    EsFixed = otp_xmlify_fix(Es),
+
+    otp_xmlify_es(EsFixed).
+
+%% EDoc does not always translate empty lines (with leading "%%")
+%% as paragraph break, this is the fix
+otp_xmlify_fix(Es) ->
+    otp_xmlify_fix(Es, []).
+otp_xmlify_fix([#xmlText{value="\n \n"++_} = E1, E2 | Es], Res) ->
+    %% This is how it looks when generating an erlref from a .erl file
+    case is_paragraph(E2) of
+	false ->
+	    {P, After} = find_p_ending(Es, []),
+	    otp_xmlify_fix(After, [{p, [E2|P]}, E1 | Res]);
+	true ->
+	    otp_xmlify_fix([E2|Es], [E1|Res])
+    end;
+otp_xmlify_fix([#xmlText{value="\n\n"} = E1, E2 | Es], Res) ->
+    %% This is how it looks when generating a chapter from overview.edoc
+    case is_paragraph(E2) of
+	false ->
+	    {P, After} = find_p_ending(Es, []),
+	    otp_xmlify_fix(After, [{p, [E2|P]}, E1 | Res]);
+	true ->
+	    otp_xmlify_fix([E2|Es], [E1|Res])
+    end;
+otp_xmlify_fix([E|Es], Res) ->
+    otp_xmlify_fix(Es, [E|Res]);
+otp_xmlify_fix([], Res) ->
+    lists:reverse(Res).
+
+otp_xmlify_es([E | Es]) ->
+    case is_paragraph(E) of
+	true ->
+	    case otp_xmlify_psplit(E) of
+
+		%% paragraph contained inline tags and text only
+		nosplit ->
+		    otp_xmlify_e(E) ++ otp_xmlify_es(Es);
+
+		%% paragraph contained dl, ul and/or pre and has been
+		%% splitted
+		SubEs ->
+		    lists:flatmap(fun otp_xmlify_e/1, SubEs) ++
+			otp_xmlify_es(Es)
+	    end;
+	false ->
+	    otp_xmlify_e(E) ++ otp_xmlify_es(Es)
+    end;
+otp_xmlify_es([]) ->
+    [].
+
+%% otp_xmlify_psplit(P) -> nosplit | [E]
+%% Handles case 1) above.
+%% Uses the {p, Es} construct, thus replaces an p xmlElement with one
+%% or more {p, Es} tuples if splitting the paraghrap is necessary.
+otp_xmlify_psplit(P) ->
+    otp_xmlify_psplit(p_content(P), [], []).
+otp_xmlify_psplit([#xmlElement{name=Name}=E | Es], Content, Res) ->
+    if
+	Name==blockquote; Name==ul; Name==ol; Name==dl; Name==pre;
+	Name==table ->
+	    case Content of
+		[] ->
+		    otp_xmlify_psplit(Es, [], [E|Res]);
+		[#xmlText{value=Str}] ->
+		    %% Special case: Making a paragraph out of a blank
+		    %% line isn't a great idea. Instead, this can be
+		    %% viewed as the case above, where there is no
+		    %% content to make a paragraph out of
+		    case is_empty(Str) of
+			true ->
+			    otp_xmlify_psplit(Es, [], [E|Res]);
+			false ->
+			    Pnew = {p, lists:reverse(Content)},
+			    otp_xmlify_psplit(Es, [], [E,Pnew|Res])
+		    end;
+		_ ->
+		    Pnew = {p, lists:reverse(Content)},
+		    otp_xmlify_psplit(Es, [], [E,Pnew|Res])
+	    end;
+
+	true ->
+	    otp_xmlify_psplit(Es, [E|Content], Res)
+    end;
+otp_xmlify_psplit([E | Es], Content, Res) ->
+    otp_xmlify_psplit(Es, [E|Content], Res);
+otp_xmlify_psplit([], _Content, []) ->
+    nosplit;
+otp_xmlify_psplit([], [], Res) ->
+    lists:reverse(Res);
+otp_xmlify_psplit([], [#xmlText{value="\n\n"}], Res) ->
+    lists:reverse(Res);
+otp_xmlify_psplit([], Content, Res) ->
+    Pnew = {p, lists:reverse(Content)},
+    lists:reverse([Pnew|Res]).
+
+%% otp_xmlify_e(E) -> [E]
+%% This is the function which does the actual transformation of
+%% single elements, normally by making sure the content corresponds
+%% to what is allowed by the OTP DTDs.
+%% Returns a list of elements as the xmlification in some cases
+%% returns no element or more than one element (although in most cases
+%% exactly one element).
+otp_xmlify_e(#xmlElement{name=a} = E) ->       % 2) above
+    otp_xmlify_a(E);
+otp_xmlify_e(#xmlElement{name=Tag} = E)        % 3a-c)
+  when Tag==b; Tag==em; Tag==pre ->
+    Content = text_only(E#xmlElement.content),
+    [E#xmlElement{content=Content}];
+otp_xmlify_e(#xmlElement{name=code} = E) ->    % 4)
+    case catch text_only(E#xmlElement.content) of
+	{'EXIT', _Error} ->
+	    otp_xmlify_code(E);
+	Content ->
+	    [E#xmlElement{content=Content}]
+    end;
+otp_xmlify_e(#xmlElement{name=Tag} = E)        % 5a
+  when Tag==h1; Tag==h2; Tag==h3; Tag==h4; Tag==h5 ->
+    Content = text_only(E#xmlElement.content),
+    [E#xmlElement{name=b, content=Content}];
+otp_xmlify_e(#xmlElement{name=Tag} = E)        % 5b-c)
+  when Tag==center;
+       Tag==font ->
+    otp_xmlify_e(E#xmlElement.content);
+otp_xmlify_e(#xmlElement{name=table} = E) ->   % 6)
+    case parent(E) of
+	module ->
+	    otp_xmlify_table(E#xmlElement.content);
+	overview ->
+	    Content0 = otp_xmlify_e(E#xmlElement.content),
+	    Summary = #xmlText{value=get_attrval(summary, E)},
+	    TCaption = E#xmlElement{name=tcaption,
+				    attributes=[],
+				    content=[Summary]},
+	    Content = Content0 ++ [TCaption],
+	    [E#xmlElement{attributes=[], content=Content}]
+    end;
+otp_xmlify_e(#xmlElement{name=tbody} = E) ->
+    otp_xmlify_e(E#xmlElement.content);
+otp_xmlify_e(#xmlElement{name=sup} = E) ->     % 7)
+    Text = get_text(E),
+    [#xmlText{parents = E#xmlElement.parents,
+	      pos = E#xmlElement.pos,
+	      language = E#xmlElement.language,
+	      value = "(" ++ Text ++ ")"}];
+otp_xmlify_e(#xmlElement{name=blockquote} = E) -> % 8)
+    Content = otp_xmlify_blockquote(E#xmlElement.content),
+    [E#xmlElement{content=Content}];
+otp_xmlify_e(#xmlElement{name=th} = E) ->      % 9)
+    Content = otp_xmlify_e(E#xmlElement.content),
+    EmE = E#xmlElement{name=em, content=Content},
+    [E#xmlElement{name=td, content=[EmE]}];
+otp_xmlify_e(#xmlElement{name=p} = E) ->       % recurse
+    Content = otp_xmlify_e(E#xmlElement.content),
+    [E#xmlElement{content=Content}];
+otp_xmlify_e({p, Content1}) ->
+    Content2 = otp_xmlify_e(Content1),
+    [{p, Content2}];
+otp_xmlify_e(#xmlElement{name=ul} = E) ->
+    Content = otp_xmlify_e(E#xmlElement.content),
+    [E#xmlElement{content=Content}];
+otp_xmlify_e(#xmlElement{name=li} = E) ->
+    %% Content may need to be made into <p>s etc.
+    Content = otp_xmlify(E#xmlElement.content),
+    [E#xmlElement{content=Content}];
+otp_xmlify_e(#xmlElement{name=dl} = E) ->
+    Content0 = otp_xmlify_e(E#xmlElement.content),
+    Content = otp_xmlify_dl(Content0),
+    [E#xmlElement{content=Content}];
+otp_xmlify_e(#xmlElement{name=dt} = E) ->
+    %% Special fix: Markers in <taglist> <tag>s are not allowed,
+    %% save it using 'put' and place the marker first in the <item>
+    %% instead
+    Content = case E#xmlElement.content of
+		  [#xmlElement{name=a} = A] ->
+		      put(dt_marker, otp_xmlify_e(A)),
+		      otp_xmlify_e(A#xmlElement.content);
+		  _ ->
+		      otp_xmlify_e(E#xmlElement.content)
+	      end,
+    [E#xmlElement{content=Content}];
+otp_xmlify_e(#xmlElement{name=dd} = E) ->
+    %% Content may need to be made into <p>s etc.
+    Content0 = otp_xmlify(E#xmlElement.content),
+    Content = case get(dt_marker) of
+		  undefined -> Content0;
+		  [Marker] ->
+		      put(dt_marker, undefined),
+		      [Marker#xmlElement{content=[]}|Content0]
+	      end,
+    [E#xmlElement{content=Content}];
+otp_xmlify_e(#xmlElement{name=tr} = E) ->
+    Content = otp_xmlify_e(E#xmlElement.content),
+    [E#xmlElement{content=Content}];
+otp_xmlify_e(#xmlElement{name=td} = E) ->
+    Content = otp_xmlify_e(E#xmlElement.content),
+    [E#xmlElement{content=Content}];
+otp_xmlify_e([E | Es]) ->
+    otp_xmlify_e(E) ++ otp_xmlify_e(Es);
+otp_xmlify_e([]) ->
+    [];
+otp_xmlify_e(E) ->
+    [E].
+
+%%--Tags with special handling------------------------------------------
+
+%% otp_xmlify_a(A1) -> [A2]
+%% Takes an <a> element and filters the attributes to decide wheather
+%% its a seealso/url or a marker.
+%% In the case of a seealso/url, the href part is checked, making
+%% sure a .xml/.html file extension is removed.
+%% Also, references to other applications //App has a href attribute
+%% value "OTPROOT/..." (due to app_default being set to "OTPROOT")
+%% , in this case both href attribute and content must be
+%% formatted correctly according to requirements.
+otp_xmlify_a(A) ->
+    [Attr0] = filter_a_attrs(A#xmlElement.attributes),
+    case Attr0 of
+	#xmlAttribute{name=href, value=Href0} -> % seealso | url
+	    Content0 = text_only(A#xmlElement.content),
+	    {Href, Content} = otp_xmlify_a_href(Href0, Content0),
+	    [A#xmlElement{attributes=[Attr0#xmlAttribute{value=Href}],
+			  content=Content}];
+	#xmlAttribute{name=name} -> % marker
+	    Content = otp_xmlify_e(A#xmlElement.content),
+	    [A#xmlElement{attributes=[Attr0], content=Content}]
+    end.
+
+%% filter_a_attrs(Attrs) -> [Attr]
+%% Removes all attributes from a <a> element except the href or
+%% name attribute.
+filter_a_attrs([#xmlAttribute{name=href} = Attr | _Attrs]) ->
+    [Attr];
+filter_a_attrs([#xmlAttribute{name=name} = Attr | _Attrs]) ->
+    [Attr];
+filter_a_attrs([_Attr|Attrs]) ->
+    filter_a_attrs(Attrs);
+filter_a_attrs([]) ->
+    [].
+
+%% otp_xmlify_a_href(Href0, Es0) -> {Href1, Es1}
+%%   Href = string()
+otp_xmlify_a_href("#"++_ = Marker, Es0) -> % <seealso marker="#what">
+    {Marker, Es0};
+otp_xmlify_a_href("http:"++_ = URL, Es0) -> % external URL
+    {URL, Es0};
+otp_xmlify_a_href("OTPROOT"++AppRef, Es0) -> % <.. marker="App:FileRef
+    [AppS, "doc", FileRef1] = split(AppRef, "/"),
+    FileRef = AppS++":"++otp_xmlify_a_fileref(FileRef1, AppS),
+    [#xmlText{value=Str0} = T] = Es0,
+    Str = case split(Str0, "/") of
+	      %% //Application
+	      [AppS2] ->
+		  %% AppS2 can differ from AppS
+		  %% Example: xmerl/XMerL
+		  AppS2;
+	      [_AppS,ModRef] ->
+		  case split(ModRef, ":") of
+		      %% //Application/Module
+		      [Module] ->
+			  Module++"(3)";
+		      %% //Application/Module:Type()
+		      [_Module,_Type] ->
+			  ModRef
+		  end;
+	      %% //Application/Module:Function/Arity
+	      [_AppS,ModFunc,Arity] ->
+		  ModFunc++"/"++Arity
+	  end,
+    {FileRef, [T#xmlText{value=Str}]};
+otp_xmlify_a_href("../"++File, Es0) ->
+    %% Special case: This kind of relative path is used on some
+    %% places within i.e. EDoc and refers to a file within the same
+    %% application tree.
+    %% Correct the path according to the OTP directory structure
+    {"../../"++File, Es0};
+otp_xmlify_a_href(FileRef1, Es0) -> % File within the same application
+    FileRef2 = otp_xmlify_a_fileref(FileRef1, this),
+    {FileRef2, Es0}.
+
+%% otp_xmlify_a_fileref(FileRef1, AppS|this) -> FileRef2
+%%   AppS = FileRef = string()
+otp_xmlify_a_fileref(FileRef1, AppS) ->
+    case split(FileRef1, ".#") of
+
+	%% EDoc default name is "overview-summary.html,
+	%% name of OTP User's Guide chapter is "chapter.xml"
+	["overview-summary", _Ext] ->
+	    "chapter";
+	["overview-summary", _Ext, Marker] ->
+	    "chapter#"++Marker;
+
+	[File, Ext] when Ext=="xml";
+			 Ext=="html", AppS/=this ->
+	    File;
+	[File, Ext, Marker0] ->
+	    %% Here is an awkward solution to an awkward problem
+	    %% The marker automatically inserted at each function 
+	    %% does not seem to work for EDoc generated ERLREFs.
+	    %% So if the referenced marker is in an ERLREF generated
+	    %% by EDoc, keep it "as is", ie "function-arity".
+	    %% If the referenced marker is NOT in an ERLREF generated
+	    %% by EDoc, the marker should be on the format
+	    %% "function/arity".
+	    %% The awkward part of the solution is to decide wheather
+	    %% the ERLREF is generated by EDoc or not: Here we make
+	    %% the decision based on which application the module
+	    %% belongs to -- which is ok when the module was written
+	    %% but probably not in the future...
+	    EDocApps = ["edoc","hipe","syntax_tools","xmerl"],
+	    IsEDocGenerated = lists:member(AppS, EDocApps),
+	    Marker = if
+			 %% The marker is in a file in *this*
+			 %% application (which documentation obviously
+			 %% is generated by EDoc), or it is in a file
+			 %% in an application which documentation
+			 %% is assumed to be generated by EDoc
+			 AppS==this; IsEDocGenerated ->
+			     Marker0;
+
+			 %% The marker is in a file in an application
+			 %% which documentation is assumed NOT to be
+			 %% generated by EDoc
+			 true ->
+			     case split(Marker0, "-") of
+				 [Func,Arity] ->
+				     Func++"/"++Arity;
+				 _ ->
+				     Marker0
+			     end
+		     end,
+	    if
+		%% Ignore file extension in file reference if it either
+		%% is ".xml" or if it is ".html" but AppS/=this, that
+		%% is, we're resolving an OTPROOT file reference
+		Ext=="xml";
+		Ext=="html", AppS/=this ->
+		    File++"#"++Marker;
+		true ->
+		    File++"."++Ext++"#"++Marker
+	    end;
+
+	%% References to other files than XML files are kept as-is
+	_ ->
+	    FileRef1
+    end.
+
+%% otp_xmlify_blockquote(Es1) -> Es2
+%% Ensures that the content of a <blockquote> is divided into
+%% <p>s using the {p, Es} construct.
+otp_xmlify_blockquote([#xmlElement{name=p} = E|Es]) ->
+    [E | otp_xmlify_blockquote(Es)];
+otp_xmlify_blockquote([#xmlText{} = E|Es]) ->
+    {P, After} = find_p_ending(Es, []),
+    [{p, [E|P]} | otp_xmlify_blockquote(After)];
+otp_xmlify_blockquote([]) ->
+    [].
+
+%% otp_xmlify_code(E) -> Es
+%% Takes a <code> xmlElement and split it into a list of <code> and
+%% other xmlElements. Necessary when it contains more than a single
+%% xmlText element.
+%% Example:
+%% #xmlElement{name=code,
+%%             content=[#xmlText{}, #xmlElement{name=br}, #xmlText{}]}
+%% =>
+%% [#xmlElement{name=code, content=[#xmlText{}]},
+%%  #xmlElement{name=br},
+%%  #xmlElement{name=code, content=[#xmlText{}]}]
+otp_xmlify_code(E) ->
+    otp_xmlify_code(E, E#xmlElement.content, []).
+otp_xmlify_code(Code, [#xmlText{} = E|Es], Acc) ->
+    otp_xmlify_code(Code, Es, [Code#xmlElement{content=[E]}|Acc]);
+otp_xmlify_code(Code, [#xmlElement{} = E|Es], Acc) ->
+    otp_xmlify_code(Code, Es, [E|Acc]);
+otp_xmlify_code(_Code, [], Acc) ->
+    lists:reverse(Acc).
+
+%% otp_xmlify_dl(Es1) -> Es2
+%% Insert empty <dd> elements if necessary.
+%% OTP DTDs does not allow <taglist>s with <tag>s but no <item>s.
+otp_xmlify_dl([#xmlElement{name=dt} = E|Es]) ->
+    [E|otp_xmlify_dl(Es, E)];
+otp_xmlify_dl([E|Es]) ->
+    [E|otp_xmlify_dl(Es)];
+otp_xmlify_dl([]) ->
+    [].
+
+otp_xmlify_dl([#xmlElement{name=dd} = E|Es], _DT) ->
+    [E|otp_xmlify_dl(Es)];
+otp_xmlify_dl([#xmlElement{name=dt} = E|Es], DT) ->
+    DD = DT#xmlElement{name=dd, attributes=[], content=[]},
+    [DD,E|otp_xmlify_dl(Es, E)];
+otp_xmlify_dl([E|Es], DT) ->
+    [E|otp_xmlify_dl(Es, DT)];
+otp_xmlify_dl([], DT) ->
+    DD = DT#xmlElement{name=dd, attributes=[], content=[]},
+    [DD].
+
+%% otp_xmlify_table(Es1) -> Es2
+%% Transform <table> contents into "text", that is, inline elements.
+otp_xmlify_table([#xmlText{} = E|Es]) ->
+    [E | otp_xmlify_table(Es)];
+otp_xmlify_table([#xmlElement{name=tbody} = E|Es]) ->
+    otp_xmlify_table(E#xmlElement.content)++otp_xmlify_table(Es);
+otp_xmlify_table([#xmlElement{name=tr, content=Content}|Es]) ->
+    %% Insert newlines between table rows
+    otp_xmlify_table(Content)++[{br,[]}]++otp_xmlify_table(Es);
+otp_xmlify_table([#xmlElement{name=th, content=Content}|Es]) ->
+    [{em, Content} | otp_xmlify_table(Es)];
+otp_xmlify_table([#xmlElement{name=td, content=Content}|Es]) ->
+    otp_xmlify_e(Content) ++ otp_xmlify_table(Es);
+otp_xmlify_table([]) ->
+    [].
+
+%%--Misc help functions used by otp_xmlify/1 et al---------------------
+
+%% find_next(Tag, Es) -> {Es1, Es2}
+%% Returns {Es1, Es2} where Es1 is the list of all elements up to (but
+%% not including) the first element with tag Tag in Es, and Es2
+%% is the remaining elements of Es.
+find_next(Tag, Es) ->
+    find_next(Tag, Es, []).
+find_next(Tag, [#xmlElement{name=Tag} = E | Es], AccEs) ->
+    {lists:reverse(AccEs), [E|Es]};
+find_next(Tag, [E|Es], AccEs) ->
+    find_next(Tag, Es, [E|AccEs]);
+find_next(_Tag, [], AccEs) ->
+    {lists:reverse(AccEs), []}.
+
+%% find_p_ending(Es, []) -> {Es1, Es2}
+%% Returns {Es1, Es2} where Es1 is the list of all elements up to (but
+%% not including) the first paragraph break in Es, and Es2 is
+%% the remaining elements of Es2.
+%% Paragraph break = <p> tag or empty line
+%% the next blank line, <p> or end-of-list as P, and the remaining
+%% elements of Es as After.
+find_p_ending([#xmlText{value="\n \n"++_} = E|Es], P) ->
+    {lists:reverse(P), [E|Es]};
+find_p_ending([#xmlElement{name=p} = E|Es], P) ->
+    {lists:reverse(P), [E|Es]};
+find_p_ending([E|Es], P) ->
+    find_p_ending(Es, [E|P]);
+find_p_ending([], P) ->
+    {lists:reverse(P), []}.
+
+%% is_paragraph(E | P) -> bool()
+%%   P = {p, Es}
+is_paragraph(#xmlElement{name=p}) -> true;
+is_paragraph({p, _Es}) -> true;
+is_paragraph(_E) -> false.
+
+%% p_content(E | P) -> Es
+p_content(#xmlElement{content=Content}) -> Content;
+p_content({p, Content}) -> Content.
+
+%% is_empty(Str) -> bool()
+%%   Str = string()
+%% Returns true if Str is empty in the sense that it contains nothing
+%% but spaces, tabs or newlines.
+is_empty("\n"++Str) ->
+    is_empty(Str);
+is_empty(" "++Str) ->
+    is_empty(Str);
+is_empty("\t"++Str) ->
+    is_empty(Str);
+is_empty("") ->
+    true;
+is_empty(_) ->
+    false.
+
+%% split(Str, Seps) -> [Str]
+split(Str, Seps) ->
+    split(Str, Seps, []).
+
+split([Ch|Str], Seps, Acc) ->
+    case lists:member(Ch, Seps) of
+	true ->  split(Str, Seps, Acc);
+	false -> split(Str, Seps, Acc, [Ch])
+    end;
+split([], _Seps, Acc) ->
+    lists:reverse(Acc).
+
+split([Ch|Str], Seps, Acc, Chs) ->
+    case lists:member(Ch, Seps) of
+	true ->  split(Str, Seps, [lists:reverse(Chs)|Acc]);
+	false -> split(Str, Seps, Acc, [Ch|Chs])
+    end;
+split([], _Seps, Acc, Chs) ->
+    lists:reverse([lists:reverse(Chs)|Acc]).
+
+%%--Functions for creating an erlref document---------------------------
+
+%% function_name(F) -> string()
+%%   F = #xmlElement{name=function}
+%% Returns the name of a function as "name/arity".
+function_name(E) ->
+    get_attrval(name, E) ++ "/" ++ get_attrval(arity, E).
+
+%% functions(Fs) -> Es
+%%   Fs = [{Name, F}]
+%%     Name = string()  "name/arity"
+%%     F = #xmlElement{name=function}
+functions(Fs) ->
+    Es = lists:flatmap(fun ({Name, E}) -> function(Name, E) end, Fs),
+    if
+	Es==[] ->
+	    [];
+	true ->
+	    {funcs, Es}
+    end.
+
+function(_Name, E=#xmlElement{content = Es}) ->
+    TypeSpec = get_content(typespec, Es),
+    [?NL,{func, [ ?NL,
+		  {name, 
+			  case funcheader(TypeSpec) of
+			      [] ->
+				  signature(get_content(args, Es),
+					    get_attrval(name, E));
+			      Spec -> Spec
+			  end
+			 },
+		  ?NL,{fsummary, fsummary(Es)},
+		  ?NL,local_types(TypeSpec),
+		  ?NL,{desc,
+		       label_anchor(E)++
+		       deprecated(Es)++
+		       fulldesc(Es)++
+		       seealso_function(Es)}
+	   ]}].
+
+fsummary([]) -> ["\s"];
+fsummary(Es) ->
+    Desc = get_content(description, Es),
+    case get_content(briefDescription, Desc) of
+	[] ->
+	    fsummary_equiv(Es);    % no description at all if no equiv
+	ShortDesc ->
+	    text_only(ShortDesc)
+    end.
+
+fsummary_equiv(Es) ->
+    case get_content(equiv, Es) of
+	[] -> ["\s"];
+	Es1 ->
+	    case get_content(expr, Es1) of
+		[] -> ["\s"];
+		[Expr] ->
+		    ["Equivalent to ", Expr, ".",?NL]
+	    end
+    end.
+
+label_anchor(E) ->
+    case get_attrval(label, E) of
+	"" -> [];
+	Ref -> [{marker, [{id, Ref}],[]},?NL]
+    end.
+
+label_anchor(Content, E) ->
+    case get_attrval(label, E) of
+	"" -> Content;
+	Ref -> {p,[{marker, [{id, Ref}],[]},
+		   {em, Content}]}
+    end.
+
+signature(Es, Name) -> 
+    [Name, "("] ++ seq(fun arg/1, Es) ++ [") -> term()", ?NL].
+
+arg(#xmlElement{content = Es}) ->
+    [get_text(argName, Es)].
+
+funcheader([]) -> [];
+funcheader(Es) ->
+    [t_name(get_elem(erlangName, Es))] ++ t_utype(get_elem(type, Es)).
+
+local_types([]) -> [];
+local_types(Es) ->
+    local_defs2(get_elem(localdef, Es)).
+
+local_defs2([]) -> [];
+local_defs2(Es) ->
+    {type,[?NL | [{v, localdef2(E)} || E <- Es]]}.
+
+%% Like localdef/1, but does not use label_anchor/2 -- we don't want any
+%% markers or em tags in <v> tag, plain text only!
+localdef2(#xmlElement{content = Es}) ->
+    case get_elem(typevar, Es) of
+	[] -> 
+	    t_utype(get_elem(type, Es));
+	[V] ->
+	    t_var(V) ++ [" = "] ++ t_utype(get_elem(type, Es))
+    end.
+
+type_name(#xmlElement{content = Es}) ->
+    t_name(get_elem(erlangName, get_content(typedef, Es))).
+
+types(Ts) ->
+    Es = lists:flatmap(fun ({Name, E}) -> typedecl(Name, E) end, Ts),
+    [?NL, {taglist,[?NL|Es]}].
+
+typedecl(Name, #xmlElement{content = Es}) ->
+    TypedefEs = get_content(typedef, Es),
+    Id = "type-"++Name,
+    [{tag, typedef(TypedefEs)},
+     ?NL,
+     {item, [{marker,[{id,Id}],[]} |
+	     local_defs(get_elem(localdef, TypedefEs)) ++ fulldesc(Es)]},
+     ?NL].
+
+typedef(Es) ->
+    Name = ([t_name(get_elem(erlangName, Es)), "("]
+  	    ++ seq(fun t_utype_elem/1, get_content(argtypes, Es), [")"])),
+    case get_elem(type, Es) of
+ 	 [] ->
+	    [{tt, Name}];
+ 	 Type ->
+	    [{tt, Name ++ [" = "] ++ t_utype(Type)}]
+    end.
+
+local_defs([]) -> [];
+local_defs(Es) ->
+    [?NL, {ul, [{li, [{tt, localdef(E)}]} || E <- Es]}].
+
+localdef(E = #xmlElement{content = Es}) ->
+    Var = case get_elem(typevar, Es) of
+	      [] -> 
+		  [label_anchor(t_abstype(get_content(abstype, Es)), E)];
+	      [V] ->
+		  t_var(V)
+	  end,
+    Var ++ [" = "] ++ t_utype(get_elem(type, Es)).
+
+deprecated(Es) ->
+    case get_content(deprecated, Es) of
+	[] -> [];
+	DeprEs ->
+	    Es2 = get_content(fullDescription,
+			      get_content(description, DeprEs)),
+	    Es3 = otp_xmlify_e(Es2),
+	    [{p, [{em, ["This function is deprecated: "]} |Es3]}, ?NL]
+    end.
+
+fulldesc(Es) ->
+    case get_content(fullDescription, get_content(description, Es)) of
+	[] ->
+	    index_desc(Es);
+	Desc ->
+	    [?NL|otp_xmlify(Desc)] ++ [?NL]
+    end.
+
+index_desc(Es) ->
+    Desc = get_content(description, Es),
+    case get_content(briefDescription, Desc) of
+	[] ->
+	    equiv(Es);    % no description at all if no equiv
+	ShortDesc ->
+	    ShortDesc
+    end.
+
+seealso_module(Es) ->
+    case get_elem(see, Es) of
+	[] -> [];
+	Es1 ->
+	    {section,[{title,["See also"]},{p,seq(fun see/1, Es1, [])}]}
+    end.
+seealso_function(Es) ->
+    case get_elem(see, Es) of
+	[] -> [];
+	Es1 ->
+	    [{p, [{em, ["See also:"]}, " "] ++ seq(fun see/1, Es1, ["."])},
+	     ?NL]
+    end.
+
+%% ELEMENT see PCDATA
+%% ATTLIST name PCDATA
+%%         href PCDATA
+see(#xmlElement{content=Es0} = E) ->
+    Href0 = get_attrval(href, E),
+    {Href, Es} = otp_xmlify_a_href(Href0, Es0),
+    [{seealso, [{marker, Href}], Es}].
+    
+equiv(Es) ->
+    case get_content(equiv, Es) of
+	[] -> ["\s"];
+	Es1 ->
+	    case get_content(expr, Es1) of
+		[] -> [];
+		[Expr] ->
+		    Expr1 = [Expr],
+		    Expr2 = case get_elem(see, Es1) of
+				[] ->
+				    {c,Expr1};
+				[E=#xmlElement{}] ->
+ 				    case get_attrval(href, E) of
+ 					"" ->
+ 					    {c,Expr1};
+ 					Ref ->
+ 					    {seealso, [{marker, Ref}], Expr1}
+ 				    end
+			    end,
+		    [{p, ["Equivalent to ", Expr2, "."]}, ?NL]
+	    end
+    end.
+
+authors(Es) ->
+    case get_elem(author, Es) of
+	[] ->
+	    [?NL,{aname,["\s"]},?NL,{email,["\s"]}];
+	Es1 ->
+	    [?NL|seq(fun author/1, Es1, "", [])]
+    end.
+
+author(E=#xmlElement{}) ->
+    Name = case get_attrval(name, E) of
+	       [] -> "\s";
+	       N -> N
+	   end,
+    Mail = case get_attrval(email, E) of
+	       [] -> "\s";
+	       M -> M
+	   end,
+    [?NL,{aname,[Name]},?NL,{email,[Mail]}].
+
+t_name([E]) ->
+    N = get_attrval(name, E),
+    case get_attrval(module, E) of
+	"" -> N;
+	M ->
+	    S = M ++ ":" ++ N,
+	    case get_attrval(app, E) of
+		"" -> S;
+		A -> "//" ++ A ++ "/" ++ S
+	    end
+    end.
+
+t_utype([E]) ->
+    t_utype_elem(E).
+
+t_utype_elem(E=#xmlElement{content = Es}) ->
+    case get_attrval(name, E) of
+	"" -> t_type(Es);
+	Name ->
+	    T = t_type(Es),
+	    case T of
+		[Name] -> T;    % avoid generating "Foo::Foo"
+		T -> [Name] ++ ["::"] ++ T
+	    end
+    end.
+
+t_type([E=#xmlElement{name = typevar}]) ->
+    t_var(E);
+t_type([E=#xmlElement{name = atom}]) ->
+    t_atom(E);
+t_type([E=#xmlElement{name = integer}]) ->
+    t_integer(E);
+t_type([E=#xmlElement{name = float}]) ->
+    t_float(E);
+t_type([#xmlElement{name = nil}]) ->
+    t_nil();
+t_type([#xmlElement{name = list, content = Es}]) ->
+    t_list(Es);
+t_type([#xmlElement{name = tuple, content = Es}]) ->
+    t_tuple(Es);
+t_type([#xmlElement{name = 'fun', content = Es}]) ->
+    t_fun(Es);
+t_type([#xmlElement{name = abstype, content = Es}]) ->
+    t_abstype(Es);
+t_type([#xmlElement{name = union, content = Es}]) ->
+    t_union(Es);
+t_type([#xmlElement{name = record, content = Es}]) ->
+    t_record(Es).
+
+t_var(E) ->
+    [get_attrval(name, E)].
+
+t_atom(E) ->
+    [get_attrval(value, E)].
+
+t_integer(E) ->
+    [get_attrval(value, E)].
+
+t_float(E) ->
+    [get_attrval(value, E)].
+
+t_nil() ->
+    ["[]"].
+
+t_list(Es) ->
+    ["["] ++ t_utype(get_elem(type, Es)) ++ ["]"].
+
+t_tuple(Es) ->
+    ["{"] ++ seq(fun t_utype_elem/1, Es, ["}"]).
+
+t_fun(Es) ->
+    ["("] ++ seq(fun t_utype_elem/1, get_content(argtypes, Es),
+		 [") -> "] ++ t_utype(get_elem(type, Es))).
+
+t_record([E|Es]) ->
+    ["#", get_attrval(value, E), "{"++ seq(fun t_field/1, Es) ++"}"].
+t_field(#xmlElement{name=field, content=[Atom,Type]}) ->
+    [get_attrval(value, Atom), "="] ++ t_utype_elem(Type).
+
+t_abstype(Es) ->
+    case split_at_colon(t_name(get_elem(erlangName, Es)),[]) of
+	{Mod,Type} -> 
+	    [Type, "("] ++ 
+		seq(fun t_utype_elem/1, get_elem(type, Es), [")"]) ++ 
+		[" (see module ", Mod, ")"];
+	Type ->
+	    [Type, "("] ++ 
+		seq(fun t_utype_elem/1, get_elem(type, Es), [")"])
+    end.
+
+%% Split at one colon, but not at two (or more)
+split_at_colon([$:,$:|_]=Rest,Acc) ->
+    lists:reverse(Acc)++Rest;
+split_at_colon([$:|Type],Acc) ->
+    {lists:reverse(Acc),Type};
+split_at_colon([Char|Rest],Acc) ->
+    split_at_colon(Rest,[Char|Acc]);
+split_at_colon([],Acc) ->
+    lists:reverse(Acc).
+
+t_union(Es) ->
+    seq(fun t_utype_elem/1, Es, " | ", []).
+
+%% seq(Fun, Es)
+%% seq(Fun, Es, Tail)
+%% seq(Fun, Es, Sep, Tail) -> [string()]
+%%   Fun = function(E) -> [string()]
+%%   Sep = string()
+%%   Tail = [string()]
+%% Applies Fun to each element E in Es and return the appended list of
+%% strings, separated by Sep which defaults to ", " and ended by Tail
+%% which defaults to [].
+seq(Fun, Es) ->
+    seq(Fun, Es, []).
+seq(Fun, Es, Tail) ->
+    seq(Fun, Es, ", ", Tail).
+seq(Fun, [E], _Sep, Tail) ->
+    Fun(E) ++ Tail;
+seq(Fun, [E | Es], Sep, Tail) ->
+    Fun(E) ++ [Sep] ++ seq(Fun, Es, Sep, Tail);
+seq(_Fun, [], _Sep, Tail) ->
+    Tail.
+
+%%--Misc functions for accessing fields etc-----------------------------
+
+%% Type definitions used below:
+%%   E = #xmlElement{} | #xmlText{}
+%%   Es = [E]
+%%   Tag = atom(), XHTML tag
+%%   Name = atom(), XHTML attribute name
+%%   Attrs = [#xmlAttribute{}]
+%%   Ts = [#xmlText{}]
+
+%% parent(E) -> module | overview
+parent(E) ->
+    Parents = E#xmlElement.parents,
+    {Parent,_} = lists:last(Parents),
+    Parent.
+
+%% get_elem(Tag, Es1) -> Es2
+%% Returns a list of all elements in Es which have the name Tag.
+get_elem(Name, [#xmlElement{name = Name} = E | Es]) ->
+    [E | get_elem(Name, Es)];
+get_elem(Name, [_ | Es]) ->
+    get_elem(Name, Es);
+get_elem(_, []) ->
+    [].
+
+%% get_attr(Name, Attrs1) -> Attrs2
+%% Returns a list of all attributes in Attrs1 which have the name Name.
+get_attr(Name, [#xmlAttribute{name = Name} = A | As]) ->
+    [A | get_attr(Name, As)];
+get_attr(Name, [_ | As]) ->
+    get_attr(Name, As);
+get_attr(_, []) ->
+    [].
+
+%% get_attrval(Name, E) -> string()
+%% If E has one attribute with name Name, return its value, otherwise ""
+get_attrval(Name, #xmlElement{attributes = As}) ->
+    case get_attr(Name, As) of
+	[#xmlAttribute{value = V}] ->
+	    V;
+	[] -> ""
+    end.
+
+%% get_content(Tag, Es1) -> Es2
+%% If there is one element in Es1 with name Tag, returns its contents,
+%% otherwise []
+get_content(Name, Es) ->
+    case get_elem(Name, Es) of
+	[#xmlElement{content = Es1}] ->
+	    Es1;
+	[] -> []
+    end.
+
+%% get_text(Tag, Es) -> string()
+%% If there is one element in Es with name Tag, and its content is 
+%% a single xmlText, return the value of this xmlText.
+%% Otherwise return "".
+get_text(Name, Es) ->
+    case get_content(Name, Es) of
+	[#xmlText{value = Text}] ->
+	    Text;
+	[] -> ""
+    end.
+
+%% get_text(E) -> string()
+%% Return the value of an single xmlText which is the content of E,
+%% possibly recursively.
+get_text(#xmlElement{content=[#xmlText{value=Text}]}) ->
+    Text;
+get_text(#xmlElement{content=[E]}) ->
+    get_text(E).
+
+%% text_only(Es) -> Ts
+%% Takes a list of xmlElement and xmlText and return a lists of xmlText.
+text_only([#xmlElement{content = Content}|Es]) ->
+    text_only(Content) ++ text_only(Es);
+text_only([#xmlText{} = E |Es]) ->
+    [E | text_only(Es)];
+text_only([]) ->
+    [].
diff --git a/lib/erl_docgen/src/docgen_otp_specs.erl b/lib/erl_docgen/src/docgen_otp_specs.erl
new file mode 100644
index 0000000000..3929e66515
--- /dev/null
+++ b/lib/erl_docgen/src/docgen_otp_specs.erl
@@ -0,0 +1,713 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(docgen_otp_specs).
+
+-export([module/2, package/2, overview/2, type/1]).
+
+-include("xmerl.hrl").
+
+-define(XML_EXPORT, xmerl_xml).
+-define(DEFAULT_XML_EXPORT, ?XML_EXPORT).
+-define(DEFAULT_PP, erl_pp).
+-define(IND(N), #xmlText{value="\n" ++ lists:duplicate(N, $\s)}).
+-define(NL, "\n").
+
+module(Element, Options) ->
+    XML = layout_module(Element, init_opts(Options)),
+    Export = proplists:get_value(xml_export, Options,
+				 ?DEFAULT_XML_EXPORT),
+    xmerl:export_simple(XML, Export, [#xmlAttribute{name=prolog,
+                                                    value=""}]).
+
+-record(opts, {pretty_print, file_suffix}).
+
+init_opts(Options) ->
+    #opts{pretty_print = proplists:get_value(pretty_print,
+                                             Options, ?DEFAULT_PP),
+          %% It *is* depending on edoc.hrl!
+          file_suffix = proplists:get_value(file_suffix, Options, ".html")}.
+
+layout_module(#xmlElement{name = module, content = Es}=E, Opts) ->
+    Name = get_attrval(name, E),
+    Functions = [{function_name(Elem), Elem} ||
+                    Elem <- get_content(functions, Es)],
+    Types = [{type_name(Elem), Elem} || Elem <- get_content(typedecls, Es)],
+    Body = [{module,
+             [{name,[Name]}],
+             ([?NL] ++ types(lists:sort(Types), Opts)
+              ++ functions(lists:sort(Functions), Opts)
+              ++ timestamp())}],
+    Body.
+
+timestamp() ->
+    [{timestamp, [io_lib:fwrite("Generated by EDoc, ~s, ~s.",
+                                [edoc_lib:datestr(date()),
+                                 edoc_lib:timestr(time())])]},?NL].
+
+functions(Fs, Opts) ->
+    lists:flatmap(fun ({Name, E}) -> function(Name, E, Opts) end, Fs).
+
+function(Name, #xmlElement{content = Es}, Opts) ->
+    TS = get_content(typespec, Es),
+    Spec = typespec(TS, Opts),
+    [{spec,(Name
+            ++ [?IND(2),{contract,Spec}]
+            ++ typespec_annos(TS))},
+     ?NL].
+
+function_name(E) ->
+    [] = get_attrval(module, E),
+    [?IND(2),{name,[atom(get_attrval(name, E))]},
+     ?IND(2),{arity,[get_attrval(arity, E)]}].
+
+label_anchor(Content, E) ->
+    case get_attrval(label, E) of
+	"" -> Content;
+	Ref -> [{marker, [{id, Ref}], Content}]
+    end.
+
+typespec([], _Opts) -> [];
+typespec(Es, Opts) ->
+    {Head, LDefs} = collect_clause(Es, Opts),
+    clause(Head, LDefs) ++ [?IND(2)].
+
+collect_clause(Es, Opts) ->
+    Name = t_name(get_elem(erlangName, Es)),
+    Defs = get_elem(localdef, Es),
+    [Type] = get_elem(type, Es),
+    {format_spec(Name, Type, Opts), collect_local_defs(Defs, Opts)}.
+
+clause(Head, LDefs) ->
+    FC = [?IND(6),{head,Head}] ++ local_clause_defs(LDefs),
+    [?IND(4),{clause,FC}].
+
+local_clause_defs([]) -> [];
+local_clause_defs(LDefs) ->
+    LocalDefs = [{subtype,T} || T <- coalesce_local_defs(LDefs, [])],
+    [?IND(6),{guard,margin(8, LocalDefs)}].
+
+types(Ts, Opts) ->
+    lists:flatmap(fun ({Name, E}) -> typedecl(Name, E, Opts) end, Ts).
+
+typedecl(Name, E=#xmlElement{content = Es}, Opts) ->
+    TD = get_content(typedef, Es),
+    TypeDef = typedef(E, TD, Opts),
+    [{type,(Name
+            ++ [?IND(2),{typedecl, TypeDef}]
+            ++ typedef_annos(TD))},
+      ?NL].
+
+type_name(#xmlElement{content = Es}) ->
+    Typedef = get_content(typedef, Es),
+    [E] = get_elem(erlangName, Typedef),
+    Args = get_content(argtypes, Typedef),
+    [] = get_attrval(module, E),
+    [?IND(2),{name,[atom(get_attrval(name, E))]},
+     ?IND(2),{n_vars,[integer_to_list(length(Args))]}].
+
+typedef(E, Es, Opts) ->
+    Ns = get_elem(erlangName, Es),
+    Name =
+        ([t_name(Ns), "("]
+         ++ seq(fun t_utype_elem/1, get_content(argtypes, Es), [")"])),
+    LDefs = collect_local_defs(get_elem(localdef, Es), Opts),
+    TypeHead = case get_elem(type, Es) of
+                   [] -> label_anchor(Name, E);
+                   Type -> (label_anchor(Name, E)
+                            ++ format_type(Name, Type, Opts))
+               end,
+    ([?IND(6),{typehead,TypeHead}]
+     ++ local_type_defs(LDefs, [])).
+
+local_type_defs([], _) -> [];
+local_type_defs(LDefs, Last) ->
+    LocalDefs = [{local_def,T} || T <- coalesce_local_defs(LDefs, Last)],
+    [?IND(6),{local_defs,margin(8, LocalDefs)}].
+
+collect_local_defs(Es, Opts) ->
+    [collect_localdef(E, Opts) || E <- Es].
+
+collect_localdef(E = #xmlElement{content = Es}, Opts) ->
+    Name = case get_elem(typevar, Es) of
+               [] ->
+                   label_anchor(N0 = t_abstype(get_content(abstype, Es)), E);
+               [V] ->
+                   N0 = t_var(V)
+           end,
+    {Name,N0,format_type(N0, get_elem(type, Es), Opts)}.
+
+%% "A = t(), B = t()" is coalesced into "A = B = t()".
+%% Names as B above are kept, but the formated string is empty.
+coalesce_local_defs([], _Last) ->
+    [];
+coalesce_local_defs([{Name,N0,TypeS} | L], Last) when Name =:= N0 ->
+    cld(L, [{Name,N0}], TypeS, Last);
+coalesce_local_defs([{Name,N0,TypeS} | L], Last) ->
+    [local_def(N0, Name, TypeS, Last, L) | coalesce_local_defs(L, Last)].
+
+cld([{Name,N0,TypeS} | L], Names, TypeS, Last) when Name =:= N0 ->
+    cld(L, [{Name,N0} | Names], TypeS, Last);
+cld(L, Names0, TypeS, Last) ->
+    Names = [{_,Name0} | Names1] = lists:reverse(Names0),
+    NS = join([N || {N,_} <- Names], [" = "]),
+    ([local_def(Name0, NS, TypeS, Last, L) |
+      [local_def(N0, "", "", [], L) || {_,N0} <- Names1]]
+     ++ coalesce_local_defs(L, Last)).
+
+local_def(Name, NS, TypeS, Last, L) ->
+    [{typename,Name},{string,NS ++ TypeS ++ [Last || L =:= []]}].
+
+%% join([], Sep) when is_list(Sep) ->
+%%     [];
+join([H|T], Sep) ->
+    H ++ lists:append([Sep ++ X || X <- T]).
+
+%% Use the default formatting of EDoc, which creates references, and
+%% then insert newlines and indentation according to erl_pp (the
+%% (fast) Erlang pretty printer).
+format_spec(Name, Type, #opts{pretty_print = erl_pp}=Opts) ->
+    try
+        L = t_clause(Name, Type),
+        O = pp_clause(Name, Type),
+        {R, ".\n"} = diaf(L, O, Opts),
+        R
+    catch _:_ ->
+        %% Example: "@spec ... -> record(a)"
+        format_spec(Name, Type, Opts#opts{pretty_print=default})
+    end;
+format_spec(Sep, Type, _Opts) ->
+    t_clause(Sep, Type).
+
+t_clause(Name, Type) ->
+    #xmlElement{content = [#xmlElement{name = 'fun', content = C}]} = Type,
+    [Name] ++ t_fun(C).
+
+pp_clause(Pre, Type) ->
+    Types = ot_utype([Type]),
+    Atom = lists:duplicate(iolist_size(Pre), $a),
+    L1 = erl_pp:attribute({attribute,0,spec,{{list_to_atom(Atom),0},[Types]}}),
+    "-spec " ++ L2 = lists:flatten(L1),
+    L3 = Pre ++ lists:nthtail(length(Atom), L2),
+    re:replace(L3, "\n      ", "\n", [{return,list},global]).
+
+format_type(Name, Type, #opts{pretty_print = erl_pp}=Opts) ->
+    try
+        L = t_utype(Type),
+        O = pp_type(Name, Type),
+        {R, ".\n"} = diaf(L, O, Opts),
+        [" = "] ++ R
+    catch _:_ ->
+        %% Example: "t() = record(a)."
+        format_type(Name, Type, Opts#opts{pretty_print=default})
+    end;
+format_type(_Name, Type, _Opts) ->
+    [" = "] ++ t_utype(Type).
+
+pp_type(Prefix, Type) ->
+    Atom = list_to_atom(lists:duplicate(iolist_size(Prefix), $a)),
+    L1 = erl_pp:attribute({attribute,0,type,{Atom,ot_utype(Type),[]}}),
+    {L2,N} = case lists:dropwhile(fun(C) -> C =/= $: end, lists:flatten(L1)) of
+                 ":: " ++ L3 -> {L3,9}; % compensation for extra "()" and ":"
+                 "::\n" ++ L3 -> {"\n"++L3,6}
+             end,
+    Ss = lists:duplicate(N, $\s),
+    re:replace(L2, "\n"++Ss, "\n", [{return,list},global]).
+
+diaf(L, O0, Opts) ->
+    {R0, O} = diaf(L, [], O0, [], Opts),
+    R1 = rewrite_some_predefs(lists:reverse(R0)),
+    R = indentation(lists:flatten(R1)),
+    {R, O}.
+
+diaf([C | L], St, [C | O], R, Opts) ->
+    diaf(L, St, O, [[C] | R], Opts);
+diaf(" "++L, St, O, R, Opts) ->
+    diaf(L, St, O, R, Opts);
+diaf("", [Cs | St], O, R, Opts) ->
+    diaf(Cs, St, O, R, Opts);
+diaf("", [], O, R, _Opts) ->
+    {R, O};
+diaf(L, St, " "++O, R, Opts) ->
+    diaf(L, St, O, [" " | R], Opts);
+diaf(L, St, "\n"++O, R, Opts) ->
+    Ss = lists:takewhile(fun(C) -> C =:= $\s end, O),
+    diaf(L, St, lists:nthtail(length(Ss), O), ["\n"++Ss | R], Opts);
+diaf([{seealso, HRef0, S0} | L], St, O0, R, Opts) ->
+    {S, O} = diaf(S0, app_fix(O0), Opts),
+    HRef = fix_mod_ref(HRef0, Opts),
+    diaf(L, St, O, [{seealso, HRef, S} | R], Opts);
+diaf("="++L, St, "::"++O, R, Opts) ->
+    %% EDoc uses "=" for record field types; Dialyzer uses "::". Maybe
+    %% there should be an option for this, possibly affecting other
+    %% similar discrepancies.
+    diaf(L, St, O, ["=" | R], Opts);
+diaf([Cs | L], St, O, R, Opts) ->
+    diaf(Cs, [L | St], O, R, Opts).
+
+rewrite_some_predefs(S) ->
+    xpredef(lists:flatten(S)).
+
+xpredef([]) ->
+    [];
+xpredef("neg_integer()"++L) ->
+    ["integer() =< -1"] ++ xpredef(L);
+xpredef("non_neg_integer()"++L) ->
+    ["integer() >= 0"] ++ xpredef(L);
+xpredef("pos_integer()"++L) ->
+    ["integer() >= 1"] ++ xpredef(L);
+xpredef([T | Es]) when is_tuple(T) ->
+    [T | xpredef(Es)];
+xpredef([E | Es]) ->
+    [[E] | xpredef(Es)].
+
+indentation([]) ->
+    [];
+indentation([$\n|L]) ->
+    [{br,[]}|indent(L)];
+indentation([T | Es]) when is_tuple(T) ->
+    [T | indentation(Es)];
+indentation([E|L]) ->
+    [[E]|indentation(L)].
+
+indent([$\s|L]) ->
+    [{nbsp,[]}|indent(L)];
+indent(L) ->
+    indentation(L).
+
+app_fix(L) ->
+    try
+        {"//" ++ R1,L2} = app_fix(L, 1),
+        [App, Mod] = string:tokens(R1, "/"),
+        "//" ++ atom(App) ++ "/" ++ atom(Mod) ++ L2
+    catch _:_ -> L
+    end.
+
+app_fix(L, I) -> % a bit slow
+    {L1, L2} = lists:split(I, L),
+    case erl_scan:tokens([], L1 ++ ". ", 1) of
+        {done, {ok,[{atom,_,Atom}|_],_}, _} -> {atom_to_list(Atom), L2};
+        _ -> app_fix(L, I+1)
+    end.
+
+%% Remove the file suffix from module references.
+fix_mod_ref(HRef, #opts{file_suffix = ""}) ->
+    HRef;
+fix_mod_ref([{marker, S}]=HRef0, #opts{file_suffix = FS}) ->
+    {A, B} = lists:splitwith(fun(C) -> C =/= $# end, S),
+    case lists:member($:, A) of
+        true ->
+            HRef0; % should "save" most application references "http:"
+        false ->
+            case {lists:suffix(FS, A), B} of
+                {true, "#"++_} ->
+                    [{marker, lists:sublist(A, length(A)-length(FS)) ++ B}];
+                _ ->
+                    HRef0
+            end
+    end.
+
+see(E, Es) ->
+    case href(E) of
+	[] -> Es;
+	Ref ->
+	    [{seealso, Ref, Es}]
+    end.
+
+href(E) ->
+    case get_attrval(href, E) of
+	"" -> [];
+	URI ->
+	    [{marker, URI}]
+    end.
+
+atom(String) ->
+    io_lib:write_atom(list_to_atom(String)).
+
+t_name([E]) ->
+    N = get_attrval(name, E),
+    case get_attrval(module, E) of
+	"" -> atom(N);
+	M ->
+	    S = atom(M) ++ ":" ++ atom(N),
+	    case get_attrval(app, E) of
+		"" -> S;
+		A -> "//" ++ atom(A) ++ "/" ++ S
+	    end
+    end.
+
+t_utype([E]) ->
+    t_utype_elem(E).
+
+t_utype_elem(E=#xmlElement{content = Es}) ->
+    case get_attrval(name, E) of
+	"" -> t_type(Es);
+	Name ->
+	    T = t_type(Es),
+	    case T of
+		[Name] -> T;    % avoid generating "Foo::Foo"
+		T -> [Name] ++ ["::"] ++ T
+	    end
+    end.
+
+t_type([E=#xmlElement{name = typevar}]) ->
+    t_var(E);
+t_type([E=#xmlElement{name = atom}]) ->
+    t_atom(E);
+t_type([E=#xmlElement{name = integer}]) ->
+    t_integer(E);
+t_type([E=#xmlElement{name = range}]) ->
+    t_range(E);
+t_type([E=#xmlElement{name = binary}]) ->
+    t_binary(E);
+t_type([E=#xmlElement{name = float}]) ->
+    t_float(E);
+t_type([#xmlElement{name = nil}]) ->
+    t_nil();
+t_type([#xmlElement{name = paren, content = Es}]) ->
+    t_paren(Es);
+t_type([#xmlElement{name = list, content = Es}]) ->
+    t_list(Es);
+t_type([#xmlElement{name = nonempty_list, content = Es}]) ->
+    t_nonempty_list(Es);
+t_type([#xmlElement{name = tuple, content = Es}]) ->
+    t_tuple(Es);
+t_type([#xmlElement{name = 'fun', content = Es}]) ->
+    ["fun("] ++ t_fun(Es) ++ [")"];
+t_type([E = #xmlElement{name = record, content = Es}]) ->
+    t_record(E, Es);
+t_type([E = #xmlElement{name = abstype, content = Es}]) ->
+    t_abstype(E, Es);
+t_type([#xmlElement{name = union, content = Es}]) ->
+    t_union(Es).
+
+t_var(E) ->
+    [get_attrval(name, E)].
+
+t_atom(E) ->
+    [get_attrval(value, E)].
+
+t_integer(E) ->
+    [get_attrval(value, E)].
+
+t_range(E) ->
+    [get_attrval(value, E)].
+
+t_binary(E) ->
+    [get_attrval(value, E)].
+
+t_float(E) ->
+    [get_attrval(value, E)].
+
+t_nil() ->
+    ["[]"].
+
+t_paren(Es) ->
+    ["("] ++ t_utype(get_elem(type, Es)) ++ [")"].
+
+t_list(Es) ->
+    ["["] ++ t_utype(get_elem(type, Es)) ++ ["]"].
+
+t_nonempty_list(Es) ->
+    ["["] ++ t_utype(get_elem(type, Es)) ++ [", ...]"].
+
+t_tuple(Es) ->
+    ["{"] ++ seq(fun t_utype_elem/1, Es, ["}"]).
+
+t_fun(Es) ->
+    ["("] ++ seq(fun t_utype_elem/1, get_content(argtypes, Es),
+		 [") -> "] ++ t_utype(get_elem(type, Es))).
+
+t_record(E, Es) ->
+    Name = ["#"] ++ t_type(get_elem(atom, Es)),
+    case get_elem(field, Es) of
+        [] ->
+            see(E, [Name, "{}"]);
+        Fs ->
+            see(E, Name) ++ ["{"] ++ seq(fun t_field/1, Fs, ["}"])
+    end.
+
+t_field(#xmlElement{content = Es}) ->
+    t_type(get_elem(atom, Es)) ++ [" = "] ++ t_utype(get_elem(type, Es)).
+
+t_abstype(E, Es) ->
+    Name = t_name(get_elem(erlangName, Es)),
+    case get_elem(type, Es) of
+        [] ->
+            see(E, [Name, "()"]);
+        Ts ->
+            see(E, [Name]) ++ ["("] ++ seq(fun t_utype_elem/1, Ts, [")"])
+    end.
+
+t_abstype(Es) ->
+    ([t_name(get_elem(erlangName, Es)), "("]
+     ++ seq(fun t_utype_elem/1, get_elem(type, Es), [")"])).
+
+t_union(Es) ->
+    seq(fun t_utype_elem/1, Es, " | ", []).
+
+seq(F, Es, Tail) ->
+    seq(F, Es, ", ", Tail).
+
+seq(F, [E], _Sep, Tail) ->
+    F(E) ++ Tail;
+seq(F, [E | Es], Sep, Tail) ->
+    F(E) ++ [Sep] ++ seq(F, Es, Sep, Tail);
+seq(_F, [], _Sep, Tail) ->
+    Tail.
+
+get_elem(Name, [#xmlElement{name = Name} = E | Es]) ->
+    [E | get_elem(Name, Es)];
+get_elem(Name, [_ | Es]) ->
+    get_elem(Name, Es);
+get_elem(_, []) ->
+    [].
+
+get_attr(Name, [#xmlAttribute{name = Name} = A | As]) ->
+    [A | get_attr(Name, As)];
+get_attr(Name, [_ | As]) ->
+    get_attr(Name, As);
+get_attr(_, []) ->
+    [].
+
+get_attrval(Name, #xmlElement{attributes = As}) ->
+    case get_attr(Name, As) of
+	[#xmlAttribute{value = V}] ->
+	    V;
+	[] -> ""
+    end.
+
+get_content(Name, Es) ->
+    case get_elem(Name, Es) of
+	[#xmlElement{content = Es1}] ->
+	    Es1;
+	[] -> []
+    end.
+
+overview(_, _Options) -> [].
+
+package(_, _Options) -> [].
+
+type(_) -> [].
+
+%% ---------------------------------------------------------------------
+
+ot_utype([E]) ->
+    ot_utype_elem(E).
+
+ot_utype_elem(E=#xmlElement{content = Es}) ->
+    case get_attrval(name, E) of
+	"" -> ot_type(Es);
+	N ->
+            Name = {var,0,list_to_atom(N)},
+	    T = ot_type(Es),
+	    case T of
+		Name -> T;
+                T -> {ann_type,0,[Name, T]}
+	    end
+    end.
+
+ot_type([E=#xmlElement{name = typevar}]) ->
+    ot_var(E);
+ot_type([E=#xmlElement{name = atom}]) ->
+    ot_atom(E);
+ot_type([E=#xmlElement{name = integer}]) ->
+    ot_integer(E);
+ot_type([E=#xmlElement{name = range}]) ->
+    ot_range(E);
+ot_type([E=#xmlElement{name = binary}]) ->
+    ot_binary(E);
+ot_type([E=#xmlElement{name = float}]) ->
+    ot_float(E);
+ot_type([#xmlElement{name = nil}]) ->
+    ot_nil();
+ot_type([#xmlElement{name = paren, content = Es}]) ->
+    ot_paren(Es);
+ot_type([#xmlElement{name = list, content = Es}]) ->
+    ot_list(Es);
+ot_type([#xmlElement{name = nonempty_list, content = Es}]) ->
+    ot_nonempty_list(Es);
+ot_type([#xmlElement{name = tuple, content = Es}]) ->
+    ot_tuple(Es);
+ot_type([#xmlElement{name = 'fun', content = Es}]) ->
+    ot_fun(Es);
+ot_type([#xmlElement{name = record, content = Es}]) ->
+    ot_record(Es);
+ot_type([#xmlElement{name = abstype, content = Es}]) ->
+     ot_abstype(Es);
+ot_type([#xmlElement{name = union, content = Es}]) ->
+    ot_union(Es).
+
+ot_var(E) ->
+    {var,0,list_to_atom(get_attrval(name, E))}.
+
+ot_atom(E) ->
+    {ok, [Atom], _} = erl_scan:string(get_attrval(value, E), 0),
+    Atom.
+
+ot_integer(E) ->
+    {integer,0,list_to_integer(get_attrval(value, E))}.
+
+ot_range(E) ->
+    [I1, I2] = string:tokens(get_attrval(value, E), "."),
+    {type,0,range,[{integer,0,list_to_integer(I1)},
+                   {integer,0,list_to_integer(I2)}]}.
+
+ot_binary(E) ->
+    {Base, Unit} =
+        case string:tokens(get_attrval(value, E), ",:*><") of
+            [] ->
+                {0, 0};
+            ["_",B] ->
+                {list_to_integer(B), 0};
+            ["_","_",U] ->
+                {0, list_to_integer(U)};
+            ["_",B,_,"_",U] ->
+                {list_to_integer(B), list_to_integer(U)}
+        end,
+    {type,0,binary,[{integer,0,Base},{integer,0,Unit}]}.
+
+ot_float(E) ->
+    {float,0,list_to_float(get_attrval(value, E))}.
+
+ot_nil() ->
+    {nil,0}.
+
+ot_paren(Es) ->
+    {paren_type,0,[ot_utype(get_elem(type, Es))]}.
+
+ot_list(Es) ->
+    {type,0,list,[ot_utype(get_elem(type, Es))]}.
+
+ot_nonempty_list(Es) ->
+    {type,0,nonempty_list,[ot_utype(get_elem(type, Es))]}.
+
+ot_tuple(Es) ->
+    {type,0,tuple,[ot_utype_elem(E) || E <- Es]}.
+
+ot_fun(Es) ->
+    Range = ot_utype(get_elem(type, Es)),
+    Args = [ot_utype_elem(A) || A <- get_content(argtypes, Es)],
+    {type,0,'fun',[{type,0,product,Args},Range]}.
+
+ot_record(Es) ->
+    {type,0,record,[ot_type(get_elem(atom, Es)) |
+                    [ot_field(F) || F <- get_elem(field, Es)]]}.
+
+ot_field(#xmlElement{content = Es}) ->
+    {type,0,field_type,
+     [ot_type(get_elem(atom, Es)), ot_utype(get_elem(type, Es))]}.
+
+ot_abstype(Es) ->
+    ot_name(get_elem(erlangName, Es),
+            [ot_utype_elem(Elem) || Elem <- get_elem(type, Es)]).
+
+ot_union(Es) ->
+    {type,0,union,[ot_utype_elem(E) || E <- Es]}.
+
+ot_name(Es, T) ->
+    case ot_name(Es) of
+        [Mod, ":", Atom] ->
+            {remote_type,0,[{atom,0,list_to_atom(Mod)},
+                            {atom,0,list_to_atom(Atom)},T]};
+        "tuple" when T =:= [] ->
+            {type,0,tuple,any};
+        Atom ->
+            {type,0,list_to_atom(Atom),T}
+    end.
+
+ot_name([E]) ->
+    Atom = get_attrval(name, E),
+    case get_attrval(module, E) of
+	"" -> Atom;
+	M ->
+	    case get_attrval(app, E) of
+		"" ->
+                    [M, ":", Atom];
+                A ->
+                    ["//"++A++"/" ++ M, ":", Atom] % EDoc only!
+	    end
+    end.
+
+%% Returns exactly those annotations that can be referred to. Note
+%% that a Dialyzer type/spec (currently) can have more annotations
+%% than can be represented by EDoc types. Note also that edoc_dia
+%% has annotated all type variables with themselves.
+typespec_annos([]) -> [?NL];
+typespec_annos([_|Es]) ->
+    annotations(clause_annos(Es)).
+
+clause_annos(Es) ->
+    [annos(get_elem(type, Es)), local_defs_annos(get_elem(localdef, Es))].
+
+typedef_annos(Es) ->
+    annotations([(case get_elem(type, Es) of
+                      [] -> [];
+                      T -> annos(T)
+                  end
+                  ++ lists:flatmap(fun annos_elem/1,
+                                   get_content(argtypes, Es))),
+                 local_defs_annos(get_elem(localdef, Es))]).
+
+local_defs_annos(Es) ->
+    lists:flatmap(fun localdef_annos/1, Es).
+
+localdef_annos(#xmlElement{content = Es}) ->
+    annos(get_elem(type, Es)).
+
+annotations(AnnoL) ->
+    Annos = lists:usort(lists:flatten(AnnoL)),
+    margin(2, Annos).
+
+margin(N, L) ->
+    lists:append([[?IND(N),E] || E <- L]) ++ [?IND(N-2)].
+
+annos([E]) ->
+    annos_elem(E).
+
+annos_elem(E=#xmlElement{content = Es}) ->
+    case get_attrval(name, E) of
+	"" -> annos_type(Es);
+        "..." -> annos_type(Es); % compensate for a kludge in edoc_dia.erl
+	N ->
+            [{anno,[N]} | annos_type(Es)]
+    end.
+
+annos_type([#xmlElement{name = list, content = Es}]) ->
+    annos(get_elem(type, Es));
+annos_type([#xmlElement{name = nonempty_list, content = Es}]) ->
+    annos(get_elem(type, Es));
+annos_type([#xmlElement{name = tuple, content = Es}]) ->
+    lists:flatmap(fun annos_elem/1, Es);
+annos_type([#xmlElement{name = 'fun', content = Es}]) ->
+    (annos(get_elem(type, Es))
+     ++ lists:flatmap(fun annos_elem/1, get_content(argtypes, Es)));
+annos_type([#xmlElement{name = record, content = Es}]) ->
+    lists:append([annos(get_elem(type, Es1)) ||
+                     #xmlElement{content = Es1} <- get_elem(field, Es)]);
+annos_type([#xmlElement{name = abstype, content = Es}]) ->
+    lists:flatmap(fun annos_elem/1, get_elem(type, Es));
+annos_type([#xmlElement{name = union, content = Es}]) ->
+    lists:flatmap(fun annos_elem/1, Es);
+annos_type([E=#xmlElement{name = typevar}]) ->
+    annos_elem(E);
+annos_type([#xmlElement{name = paren, content = Es}]) ->
+    annos(get_elem(type, Es));
+annos_type(_) ->
+    [].
diff --git a/lib/erl_docgen/src/docgen_xmerl_xml_cb.erl b/lib/erl_docgen/src/docgen_xmerl_xml_cb.erl
new file mode 100644
index 0000000000..884932ed12
--- /dev/null
+++ b/lib/erl_docgen/src/docgen_xmerl_xml_cb.erl
@@ -0,0 +1,88 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
+%% the Licence for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson AB.
+%% Portions created by Ericsson are Copyright 1999-2006, Ericsson AB.
+%% All Rights Reserved.��
+%%
+%%     $Id$
+%%
+-module(docgen_xmerl_xml_cb).
+
+%% This is the callback module for exporting XHTML to an
+%% erlref or chapter document in XML format.
+%% See docgen_edoc_xml_cb.erl for further information.
+%%
+%% The origin of this file is the xmerl module xmerl_otpsgml.erl
+%% written by Ulf Wiger and Richard Carlsson.
+
+-export(['#xml-inheritance#'/0]).
+
+-export(['#root#'/4,
+	 '#element#'/5,
+	 '#text#'/1]).
+
+-include("xmerl.hrl").
+
+'#xml-inheritance#'() ->
+    [xmerl_xml].
+
+'#root#'(Data, _Attrs, [], _E) -> 
+    ["<",DTD,">"] = hd(hd(Data)),
+    ["<?xml version=\"1.0\" encoding=\"latin1\" ?>\n",
+     "<!DOCTYPE "++DTD++" SYSTEM \""++DTD++".dtd\">\n",
+     Data].
+
+'#element#'(Tag, Data, Attrs, _Parents, _E) ->
+    {NewTag, NewAttrs} = convert_tag(Tag, Attrs),
+    xmerl_lib:markup(NewTag, NewAttrs, Data).
+
+'#text#'(Text) ->
+    xmerl_lib:export_text(Text).
+
+%% Utility functions
+
+convert_tag(a, [Attr]) ->
+    case Attr#xmlAttribute.name of
+	href ->
+	    Val = Attr#xmlAttribute.value,
+	    case is_url(Val) of
+		true ->
+		    {url, [Attr]};
+		false ->
+		    {seealso, [Attr#xmlAttribute{name=marker}]}
+	    end;
+	name ->
+	    {marker, [Attr#xmlAttribute{name=id}]}
+    end;
+convert_tag(b, Attrs)          -> {em, Attrs};
+convert_tag(blockquote, Attrs) -> {quote, Attrs};
+convert_tag(code, Attrs)       -> {c, Attrs};
+convert_tag(dd, Attrs)         -> {item, Attrs};
+convert_tag(dl, Attrs)         -> {taglist, Attrs};
+convert_tag(dt, Attrs)         -> {tag, Attrs};
+convert_tag(li, Attrs)         -> {item, Attrs};
+convert_tag(ol, Attrs)         -> {list, Attrs};
+convert_tag(strong, Attrs)     -> {em, Attrs};
+convert_tag(td, Attrs)         -> {cell, Attrs};
+convert_tag(tr, Attrs)         -> {row, Attrs};
+convert_tag(tt, Attrs)         -> {c, Attrs};
+convert_tag(ul, Attrs)         -> {list, Attrs};
+convert_tag(underline, Attrs)  -> {em, Attrs};
+convert_tag(Tag, Attrs)        -> {Tag, Attrs}.
+
+is_url("http:"++_) -> true;
+is_url("../"++_) -> true;
+is_url(FileRef) ->
+    case filename:extension(FileRef) of
+	"" -> false; % no extension = xml file
+	_Ext -> true % extension
+    end.
diff --git a/lib/erl_docgen/src/docgen_xml_check.erl b/lib/erl_docgen/src/docgen_xml_check.erl
new file mode 100644
index 0000000000..892a880269
--- /dev/null
+++ b/lib/erl_docgen/src/docgen_xml_check.erl
@@ -0,0 +1,45 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%% 
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%% 
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999-2000, Ericsson 
+%% Utvecklings AB. All Rights Reserved.''
+%% 
+%%     $Id$
+%%
+-module(docgen_xml_check).
+
+-export([validate/1]).
+-deprecated([{validate,1,next_major_release}]).
+
+%% validate(File) -> ok | error | {error, badfile}
+%%   File = string(), file name with or without ".xml" extension
+%% If XML validation fails for a file, the error information from
+%% Xmerl is printed to terminal and the function returns error.
+validate(File0) ->
+    File = case filename:extension(File0) of
+	       ".xml" -> File0;
+	       _ -> File0++".xml"
+	   end,
+    case filelib:is_regular(File) of
+	true ->
+	    DtdDir = filename:join(code:priv_dir(erl_docgen), "dtd"),
+	    case catch xmerl_scan:file(File, [{validation,true},
+					      {fetch_path,[DtdDir]}]) of
+		{'EXIT', Error} ->
+		    io:format("~p~n", [Error]),
+		    error;
+		{_Doc, _Misc} ->
+		    ok
+	    end;
+	false ->
+	    {error, badfile}
+    end.
diff --git a/lib/erl_docgen/src/erl_docgen.app.src b/lib/erl_docgen/src/erl_docgen.app.src
index 1720464b6d..daad172106 100644
--- a/lib/erl_docgen/src/erl_docgen.app.src
+++ b/lib/erl_docgen/src/erl_docgen.app.src
@@ -1,7 +1,9 @@
 {application, erl_docgen,
  [{description, "Misc tools for building documentation"},
   {vsn, "%VSN%"},
-  {modules, [otp_specs
+  {modules, [docgen_otp_specs,
+  	     docgen_edoc_xml_cb,
+	     docgen_xmerl_xml_cb
 	    ]
   },
   {registered,[]},
diff --git a/lib/erl_docgen/src/otp_specs.erl b/lib/erl_docgen/src/otp_specs.erl
deleted file mode 100644
index edb437a942..0000000000
--- a/lib/erl_docgen/src/otp_specs.erl
+++ /dev/null
@@ -1,713 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--module(otp_specs).
-
--export([module/2, package/2, overview/2, type/1]).
-
--include("xmerl.hrl").
-
--define(XML_EXPORT, xmerl_xml).
--define(DEFAULT_XML_EXPORT, ?XML_EXPORT).
--define(DEFAULT_PP, erl_pp).
--define(IND(N), #xmlText{value="\n" ++ lists:duplicate(N, $\s)}).
--define(NL, "\n").
-
-module(Element, Options) ->
-    XML = layout_module(Element, init_opts(Options)),
-    Export = proplists:get_value(xml_export, Options,
-				 ?DEFAULT_XML_EXPORT),
-    xmerl:export_simple(XML, Export, [#xmlAttribute{name=prolog,
-                                                    value=""}]).
-
--record(opts, {pretty_print, file_suffix}).
-
-init_opts(Options) ->
-    #opts{pretty_print = proplists:get_value(pretty_print,
-                                             Options, ?DEFAULT_PP),
-          %% It *is* depending on edoc.hrl!
-          file_suffix = proplists:get_value(file_suffix, Options, ".html")}.
-
-layout_module(#xmlElement{name = module, content = Es}=E, Opts) ->
-    Name = get_attrval(name, E),
-    Functions = [{function_name(Elem), Elem} ||
-                    Elem <- get_content(functions, Es)],
-    Types = [{type_name(Elem), Elem} || Elem <- get_content(typedecls, Es)],
-    Body = [{module,
-             [{name,[Name]}],
-             ([?NL] ++ types(lists:sort(Types), Opts)
-              ++ functions(lists:sort(Functions), Opts)
-              ++ timestamp())}],
-    Body.
-
-timestamp() ->
-    [{timestamp, [io_lib:fwrite("Generated by EDoc, ~s, ~s.",
-                                [edoc_lib:datestr(date()),
-                                 edoc_lib:timestr(time())])]},?NL].
-
-functions(Fs, Opts) ->
-    lists:flatmap(fun ({Name, E}) -> function(Name, E, Opts) end, Fs).
-
-function(Name, #xmlElement{content = Es}, Opts) ->
-    TS = get_content(typespec, Es),
-    Spec = typespec(TS, Opts),
-    [{spec,(Name
-            ++ [?IND(2),{contract,Spec}]
-            ++ typespec_annos(TS))},
-     ?NL].
-
-function_name(E) ->
-    [] = get_attrval(module, E),
-    [?IND(2),{name,[atom(get_attrval(name, E))]},
-     ?IND(2),{arity,[get_attrval(arity, E)]}].
-
-label_anchor(Content, E) ->
-    case get_attrval(label, E) of
-	"" -> Content;
-	Ref -> [{marker, [{id, Ref}], Content}]
-    end.
-
-typespec([], _Opts) -> [];
-typespec(Es, Opts) ->
-    {Head, LDefs} = collect_clause(Es, Opts),
-    clause(Head, LDefs) ++ [?IND(2)].
-
-collect_clause(Es, Opts) ->
-    Name = t_name(get_elem(erlangName, Es)),
-    Defs = get_elem(localdef, Es),
-    [Type] = get_elem(type, Es),
-    {format_spec(Name, Type, Opts), collect_local_defs(Defs, Opts)}.
-
-clause(Head, LDefs) ->
-    FC = [?IND(6),{head,Head}] ++ local_clause_defs(LDefs),
-    [?IND(4),{clause,FC}].
-
-local_clause_defs([]) -> [];
-local_clause_defs(LDefs) ->
-    LocalDefs = [{subtype,T} || T <- coalesce_local_defs(LDefs, [])],
-    [?IND(6),{guard,margin(8, LocalDefs)}].
-
-types(Ts, Opts) ->
-    lists:flatmap(fun ({Name, E}) -> typedecl(Name, E, Opts) end, Ts).
-
-typedecl(Name, E=#xmlElement{content = Es}, Opts) ->
-    TD = get_content(typedef, Es),
-    TypeDef = typedef(E, TD, Opts),
-    [{type,(Name
-            ++ [?IND(2),{typedecl, TypeDef}]
-            ++ typedef_annos(TD))},
-      ?NL].
-
-type_name(#xmlElement{content = Es}) ->
-    Typedef = get_content(typedef, Es),
-    [E] = get_elem(erlangName, Typedef),
-    Args = get_content(argtypes, Typedef),
-    [] = get_attrval(module, E),
-    [?IND(2),{name,[atom(get_attrval(name, E))]},
-     ?IND(2),{n_vars,[integer_to_list(length(Args))]}].
-
-typedef(E, Es, Opts) ->
-    Ns = get_elem(erlangName, Es),
-    Name =
-        ([t_name(Ns), "("]
-         ++ seq(fun t_utype_elem/1, get_content(argtypes, Es), [")"])),
-    LDefs = collect_local_defs(get_elem(localdef, Es), Opts),
-    TypeHead = case get_elem(type, Es) of
-                   [] -> label_anchor(Name, E);
-                   Type -> (label_anchor(Name, E)
-                            ++ format_type(Name, Type, Opts))
-               end,
-    ([?IND(6),{typehead,TypeHead}]
-     ++ local_type_defs(LDefs, [])).
-
-local_type_defs([], _) -> [];
-local_type_defs(LDefs, Last) ->
-    LocalDefs = [{local_def,T} || T <- coalesce_local_defs(LDefs, Last)],
-    [?IND(6),{local_defs,margin(8, LocalDefs)}].
-
-collect_local_defs(Es, Opts) ->
-    [collect_localdef(E, Opts) || E <- Es].
-
-collect_localdef(E = #xmlElement{content = Es}, Opts) ->
-    Name = case get_elem(typevar, Es) of
-               [] ->
-                   label_anchor(N0 = t_abstype(get_content(abstype, Es)), E);
-               [V] ->
-                   N0 = t_var(V)
-           end,
-    {Name,N0,format_type(N0, get_elem(type, Es), Opts)}.
-
-%% "A = t(), B = t()" is coalesced into "A = B = t()".
-%% Names as B above are kept, but the formated string is empty.
-coalesce_local_defs([], _Last) ->
-    [];
-coalesce_local_defs([{Name,N0,TypeS} | L], Last) when Name =:= N0 ->
-    cld(L, [{Name,N0}], TypeS, Last);
-coalesce_local_defs([{Name,N0,TypeS} | L], Last) ->
-    [local_def(N0, Name, TypeS, Last, L) | coalesce_local_defs(L, Last)].
-
-cld([{Name,N0,TypeS} | L], Names, TypeS, Last) when Name =:= N0 ->
-    cld(L, [{Name,N0} | Names], TypeS, Last);
-cld(L, Names0, TypeS, Last) ->
-    Names = [{_,Name0} | Names1] = lists:reverse(Names0),
-    NS = join([N || {N,_} <- Names], [" = "]),
-    ([local_def(Name0, NS, TypeS, Last, L) |
-      [local_def(N0, "", "", [], L) || {_,N0} <- Names1]]
-     ++ coalesce_local_defs(L, Last)).
-
-local_def(Name, NS, TypeS, Last, L) ->
-    [{typename,Name},{string,NS ++ TypeS ++ [Last || L =:= []]}].
-
-%% join([], Sep) when is_list(Sep) ->
-%%     [];
-join([H|T], Sep) ->
-    H ++ lists:append([Sep ++ X || X <- T]).
-
-%% Use the default formatting of EDoc, which creates references, and
-%% then insert newlines and indentation according to erl_pp (the
-%% (fast) Erlang pretty printer).
-format_spec(Name, Type, #opts{pretty_print = erl_pp}=Opts) ->
-    try
-        L = t_clause(Name, Type),
-        O = pp_clause(Name, Type),
-        {R, ".\n"} = diaf(L, O, Opts),
-        R
-    catch _:_ ->
-        %% Example: "@spec ... -> record(a)"
-        format_spec(Name, Type, Opts#opts{pretty_print=default})
-    end;
-format_spec(Sep, Type, _Opts) ->
-    t_clause(Sep, Type).
-
-t_clause(Name, Type) ->
-    #xmlElement{content = [#xmlElement{name = 'fun', content = C}]} = Type,
-    [Name] ++ t_fun(C).
-
-pp_clause(Pre, Type) ->
-    Types = ot_utype([Type]),
-    Atom = lists:duplicate(iolist_size(Pre), $a),
-    L1 = erl_pp:attribute({attribute,0,spec,{{list_to_atom(Atom),0},[Types]}}),
-    "-spec " ++ L2 = lists:flatten(L1),
-    L3 = Pre ++ lists:nthtail(length(Atom), L2),
-    re:replace(L3, "\n      ", "\n", [{return,list},global]).
-
-format_type(Name, Type, #opts{pretty_print = erl_pp}=Opts) ->
-    try
-        L = t_utype(Type),
-        O = pp_type(Name, Type),
-        {R, ".\n"} = diaf(L, O, Opts),
-        [" = "] ++ R
-    catch _:_ ->
-        %% Example: "t() = record(a)."
-        format_type(Name, Type, Opts#opts{pretty_print=default})
-    end;
-format_type(_Name, Type, _Opts) ->
-    [" = "] ++ t_utype(Type).
-
-pp_type(Prefix, Type) ->
-    Atom = list_to_atom(lists:duplicate(iolist_size(Prefix), $a)),
-    L1 = erl_pp:attribute({attribute,0,type,{Atom,ot_utype(Type),[]}}),
-    {L2,N} = case lists:dropwhile(fun(C) -> C =/= $: end, lists:flatten(L1)) of
-                 ":: " ++ L3 -> {L3,9}; % compensation for extra "()" and ":"
-                 "::\n" ++ L3 -> {"\n"++L3,6}
-             end,
-    Ss = lists:duplicate(N, $\s),
-    re:replace(L2, "\n"++Ss, "\n", [{return,list},global]).
-
-diaf(L, O0, Opts) ->
-    {R0, O} = diaf(L, [], O0, [], Opts),
-    R1 = rewrite_some_predefs(lists:reverse(R0)),
-    R = indentation(lists:flatten(R1)),
-    {R, O}.
-
-diaf([C | L], St, [C | O], R, Opts) ->
-    diaf(L, St, O, [[C] | R], Opts);
-diaf(" "++L, St, O, R, Opts) ->
-    diaf(L, St, O, R, Opts);
-diaf("", [Cs | St], O, R, Opts) ->
-    diaf(Cs, St, O, R, Opts);
-diaf("", [], O, R, _Opts) ->
-    {R, O};
-diaf(L, St, " "++O, R, Opts) ->
-    diaf(L, St, O, [" " | R], Opts);
-diaf(L, St, "\n"++O, R, Opts) ->
-    Ss = lists:takewhile(fun(C) -> C =:= $\s end, O),
-    diaf(L, St, lists:nthtail(length(Ss), O), ["\n"++Ss | R], Opts);
-diaf([{seealso, HRef0, S0} | L], St, O0, R, Opts) ->
-    {S, O} = diaf(S0, app_fix(O0), Opts),
-    HRef = fix_mod_ref(HRef0, Opts),
-    diaf(L, St, O, [{seealso, HRef, S} | R], Opts);
-diaf("="++L, St, "::"++O, R, Opts) ->
-    %% EDoc uses "=" for record field types; Dialyzer uses "::". Maybe
-    %% there should be an option for this, possibly affecting other
-    %% similar discrepancies.
-    diaf(L, St, O, ["=" | R], Opts);
-diaf([Cs | L], St, O, R, Opts) ->
-    diaf(Cs, [L | St], O, R, Opts).
-
-rewrite_some_predefs(S) ->
-    xpredef(lists:flatten(S)).
-
-xpredef([]) ->
-    [];
-xpredef("neg_integer()"++L) ->
-    ["integer() =< -1"] ++ xpredef(L);
-xpredef("non_neg_integer()"++L) ->
-    ["integer() >= 0"] ++ xpredef(L);
-xpredef("pos_integer()"++L) ->
-    ["integer() >= 1"] ++ xpredef(L);
-xpredef([T | Es]) when is_tuple(T) ->
-    [T | xpredef(Es)];
-xpredef([E | Es]) ->
-    [[E] | xpredef(Es)].
-
-indentation([]) ->
-    [];
-indentation([$\n|L]) ->
-    [{br,[]}|indent(L)];
-indentation([T | Es]) when is_tuple(T) ->
-    [T | indentation(Es)];
-indentation([E|L]) ->
-    [[E]|indentation(L)].
-
-indent([$\s|L]) ->
-    [{nbsp,[]}|indent(L)];
-indent(L) ->
-    indentation(L).
-
-app_fix(L) ->
-    try
-        {"//" ++ R1,L2} = app_fix(L, 1),
-        [App, Mod] = string:tokens(R1, "/"),
-        "//" ++ atom(App) ++ "/" ++ atom(Mod) ++ L2
-    catch _:_ -> L
-    end.
-
-app_fix(L, I) -> % a bit slow
-    {L1, L2} = lists:split(I, L),
-    case erl_scan:tokens([], L1 ++ ". ", 1) of
-        {done, {ok,[{atom,_,Atom}|_],_}, _} -> {atom_to_list(Atom), L2};
-        _ -> app_fix(L, I+1)
-    end.
-
-%% Remove the file suffix from module references.
-fix_mod_ref(HRef, #opts{file_suffix = ""}) ->
-    HRef;
-fix_mod_ref([{marker, S}]=HRef0, #opts{file_suffix = FS}) ->
-    {A, B} = lists:splitwith(fun(C) -> C =/= $# end, S),
-    case lists:member($:, A) of
-        true ->
-            HRef0; % should "save" most application references "http:"
-        false ->
-            case {lists:suffix(FS, A), B} of
-                {true, "#"++_} ->
-                    [{marker, lists:sublist(A, length(A)-length(FS)) ++ B}];
-                _ ->
-                    HRef0
-            end
-    end.
-
-see(E, Es) ->
-    case href(E) of
-	[] -> Es;
-	Ref ->
-	    [{seealso, Ref, Es}]
-    end.
-
-href(E) ->
-    case get_attrval(href, E) of
-	"" -> [];
-	URI ->
-	    [{marker, URI}]
-    end.
-
-atom(String) ->
-    io_lib:write_atom(list_to_atom(String)).
-
-t_name([E]) ->
-    N = get_attrval(name, E),
-    case get_attrval(module, E) of
-	"" -> atom(N);
-	M ->
-	    S = atom(M) ++ ":" ++ atom(N),
-	    case get_attrval(app, E) of
-		"" -> S;
-		A -> "//" ++ atom(A) ++ "/" ++ S
-	    end
-    end.
-
-t_utype([E]) ->
-    t_utype_elem(E).
-
-t_utype_elem(E=#xmlElement{content = Es}) ->
-    case get_attrval(name, E) of
-	"" -> t_type(Es);
-	Name ->
-	    T = t_type(Es),
-	    case T of
-		[Name] -> T;    % avoid generating "Foo::Foo"
-		T -> [Name] ++ ["::"] ++ T
-	    end
-    end.
-
-t_type([E=#xmlElement{name = typevar}]) ->
-    t_var(E);
-t_type([E=#xmlElement{name = atom}]) ->
-    t_atom(E);
-t_type([E=#xmlElement{name = integer}]) ->
-    t_integer(E);
-t_type([E=#xmlElement{name = range}]) ->
-    t_range(E);
-t_type([E=#xmlElement{name = binary}]) ->
-    t_binary(E);
-t_type([E=#xmlElement{name = float}]) ->
-    t_float(E);
-t_type([#xmlElement{name = nil}]) ->
-    t_nil();
-t_type([#xmlElement{name = paren, content = Es}]) ->
-    t_paren(Es);
-t_type([#xmlElement{name = list, content = Es}]) ->
-    t_list(Es);
-t_type([#xmlElement{name = nonempty_list, content = Es}]) ->
-    t_nonempty_list(Es);
-t_type([#xmlElement{name = tuple, content = Es}]) ->
-    t_tuple(Es);
-t_type([#xmlElement{name = 'fun', content = Es}]) ->
-    ["fun("] ++ t_fun(Es) ++ [")"];
-t_type([E = #xmlElement{name = record, content = Es}]) ->
-    t_record(E, Es);
-t_type([E = #xmlElement{name = abstype, content = Es}]) ->
-    t_abstype(E, Es);
-t_type([#xmlElement{name = union, content = Es}]) ->
-    t_union(Es).
-
-t_var(E) ->
-    [get_attrval(name, E)].
-
-t_atom(E) ->
-    [get_attrval(value, E)].
-
-t_integer(E) ->
-    [get_attrval(value, E)].
-
-t_range(E) ->
-    [get_attrval(value, E)].
-
-t_binary(E) ->
-    [get_attrval(value, E)].
-
-t_float(E) ->
-    [get_attrval(value, E)].
-
-t_nil() ->
-    ["[]"].
-
-t_paren(Es) ->
-    ["("] ++ t_utype(get_elem(type, Es)) ++ [")"].
-
-t_list(Es) ->
-    ["["] ++ t_utype(get_elem(type, Es)) ++ ["]"].
-
-t_nonempty_list(Es) ->
-    ["["] ++ t_utype(get_elem(type, Es)) ++ [", ...]"].
-
-t_tuple(Es) ->
-    ["{"] ++ seq(fun t_utype_elem/1, Es, ["}"]).
-
-t_fun(Es) ->
-    ["("] ++ seq(fun t_utype_elem/1, get_content(argtypes, Es),
-		 [") -> "] ++ t_utype(get_elem(type, Es))).
-
-t_record(E, Es) ->
-    Name = ["#"] ++ t_type(get_elem(atom, Es)),
-    case get_elem(field, Es) of
-        [] ->
-            see(E, [Name, "{}"]);
-        Fs ->
-            see(E, Name) ++ ["{"] ++ seq(fun t_field/1, Fs, ["}"])
-    end.
-
-t_field(#xmlElement{content = Es}) ->
-    t_type(get_elem(atom, Es)) ++ [" = "] ++ t_utype(get_elem(type, Es)).
-
-t_abstype(E, Es) ->
-    Name = t_name(get_elem(erlangName, Es)),
-    case get_elem(type, Es) of
-        [] ->
-            see(E, [Name, "()"]);
-        Ts ->
-            see(E, [Name]) ++ ["("] ++ seq(fun t_utype_elem/1, Ts, [")"])
-    end.
-
-t_abstype(Es) ->
-    ([t_name(get_elem(erlangName, Es)), "("]
-     ++ seq(fun t_utype_elem/1, get_elem(type, Es), [")"])).
-
-t_union(Es) ->
-    seq(fun t_utype_elem/1, Es, " | ", []).
-
-seq(F, Es, Tail) ->
-    seq(F, Es, ", ", Tail).
-
-seq(F, [E], _Sep, Tail) ->
-    F(E) ++ Tail;
-seq(F, [E | Es], Sep, Tail) ->
-    F(E) ++ [Sep] ++ seq(F, Es, Sep, Tail);
-seq(_F, [], _Sep, Tail) ->
-    Tail.
-
-get_elem(Name, [#xmlElement{name = Name} = E | Es]) ->
-    [E | get_elem(Name, Es)];
-get_elem(Name, [_ | Es]) ->
-    get_elem(Name, Es);
-get_elem(_, []) ->
-    [].
-
-get_attr(Name, [#xmlAttribute{name = Name} = A | As]) ->
-    [A | get_attr(Name, As)];
-get_attr(Name, [_ | As]) ->
-    get_attr(Name, As);
-get_attr(_, []) ->
-    [].
-
-get_attrval(Name, #xmlElement{attributes = As}) ->
-    case get_attr(Name, As) of
-	[#xmlAttribute{value = V}] ->
-	    V;
-	[] -> ""
-    end.
-
-get_content(Name, Es) ->
-    case get_elem(Name, Es) of
-	[#xmlElement{content = Es1}] ->
-	    Es1;
-	[] -> []
-    end.
-
-overview(_, _Options) -> [].
-
-package(_, _Options) -> [].
-
-type(_) -> [].
-
-%% ---------------------------------------------------------------------
-
-ot_utype([E]) ->
-    ot_utype_elem(E).
-
-ot_utype_elem(E=#xmlElement{content = Es}) ->
-    case get_attrval(name, E) of
-	"" -> ot_type(Es);
-	N ->
-            Name = {var,0,list_to_atom(N)},
-	    T = ot_type(Es),
-	    case T of
-		Name -> T;
-                T -> {ann_type,0,[Name, T]}
-	    end
-    end.
-
-ot_type([E=#xmlElement{name = typevar}]) ->
-    ot_var(E);
-ot_type([E=#xmlElement{name = atom}]) ->
-    ot_atom(E);
-ot_type([E=#xmlElement{name = integer}]) ->
-    ot_integer(E);
-ot_type([E=#xmlElement{name = range}]) ->
-    ot_range(E);
-ot_type([E=#xmlElement{name = binary}]) ->
-    ot_binary(E);
-ot_type([E=#xmlElement{name = float}]) ->
-    ot_float(E);
-ot_type([#xmlElement{name = nil}]) ->
-    ot_nil();
-ot_type([#xmlElement{name = paren, content = Es}]) ->
-    ot_paren(Es);
-ot_type([#xmlElement{name = list, content = Es}]) ->
-    ot_list(Es);
-ot_type([#xmlElement{name = nonempty_list, content = Es}]) ->
-    ot_nonempty_list(Es);
-ot_type([#xmlElement{name = tuple, content = Es}]) ->
-    ot_tuple(Es);
-ot_type([#xmlElement{name = 'fun', content = Es}]) ->
-    ot_fun(Es);
-ot_type([#xmlElement{name = record, content = Es}]) ->
-    ot_record(Es);
-ot_type([#xmlElement{name = abstype, content = Es}]) ->
-     ot_abstype(Es);
-ot_type([#xmlElement{name = union, content = Es}]) ->
-    ot_union(Es).
-
-ot_var(E) ->
-    {var,0,list_to_atom(get_attrval(name, E))}.
-
-ot_atom(E) ->
-    {ok, [Atom], _} = erl_scan:string(get_attrval(value, E), 0),
-    Atom.
-
-ot_integer(E) ->
-    {integer,0,list_to_integer(get_attrval(value, E))}.
-
-ot_range(E) ->
-    [I1, I2] = string:tokens(get_attrval(value, E), "."),
-    {type,0,range,[{integer,0,list_to_integer(I1)},
-                   {integer,0,list_to_integer(I2)}]}.
-
-ot_binary(E) ->
-    {Base, Unit} =
-        case string:tokens(get_attrval(value, E), ",:*><") of
-            [] ->
-                {0, 0};
-            ["_",B] ->
-                {list_to_integer(B), 0};
-            ["_","_",U] ->
-                {0, list_to_integer(U)};
-            ["_",B,_,"_",U] ->
-                {list_to_integer(B), list_to_integer(U)}
-        end,
-    {type,0,binary,[{integer,0,Base},{integer,0,Unit}]}.
-
-ot_float(E) ->
-    {float,0,list_to_float(get_attrval(value, E))}.
-
-ot_nil() ->
-    {nil,0}.
-
-ot_paren(Es) ->
-    {paren_type,0,[ot_utype(get_elem(type, Es))]}.
-
-ot_list(Es) ->
-    {type,0,list,[ot_utype(get_elem(type, Es))]}.
-
-ot_nonempty_list(Es) ->
-    {type,0,nonempty_list,[ot_utype(get_elem(type, Es))]}.
-
-ot_tuple(Es) ->
-    {type,0,tuple,[ot_utype_elem(E) || E <- Es]}.
-
-ot_fun(Es) ->
-    Range = ot_utype(get_elem(type, Es)),
-    Args = [ot_utype_elem(A) || A <- get_content(argtypes, Es)],
-    {type,0,'fun',[{type,0,product,Args},Range]}.
-
-ot_record(Es) ->
-    {type,0,record,[ot_type(get_elem(atom, Es)) |
-                    [ot_field(F) || F <- get_elem(field, Es)]]}.
-
-ot_field(#xmlElement{content = Es}) ->
-    {type,0,field_type,
-     [ot_type(get_elem(atom, Es)), ot_utype(get_elem(type, Es))]}.
-
-ot_abstype(Es) ->
-    ot_name(get_elem(erlangName, Es),
-            [ot_utype_elem(Elem) || Elem <- get_elem(type, Es)]).
-
-ot_union(Es) ->
-    {type,0,union,[ot_utype_elem(E) || E <- Es]}.
-
-ot_name(Es, T) ->
-    case ot_name(Es) of
-        [Mod, ":", Atom] ->
-            {remote_type,0,[{atom,0,list_to_atom(Mod)},
-                            {atom,0,list_to_atom(Atom)},T]};
-        "tuple" when T =:= [] ->
-            {type,0,tuple,any};
-        Atom ->
-            {type,0,list_to_atom(Atom),T}
-    end.
-
-ot_name([E]) ->
-    Atom = get_attrval(name, E),
-    case get_attrval(module, E) of
-	"" -> Atom;
-	M ->
-	    case get_attrval(app, E) of
-		"" ->
-                    [M, ":", Atom];
-                A ->
-                    ["//"++A++"/" ++ M, ":", Atom] % EDoc only!
-	    end
-    end.
-
-%% Returns exactly those annotations that can be referred to. Note
-%% that a Dialyzer type/spec (currently) can have more annotations
-%% than can be represented by EDoc types. Note also that edoc_dia
-%% has annotated all type variables with themselves.
-typespec_annos([]) -> [?NL];
-typespec_annos([_|Es]) ->
-    annotations(clause_annos(Es)).
-
-clause_annos(Es) ->
-    [annos(get_elem(type, Es)), local_defs_annos(get_elem(localdef, Es))].
-
-typedef_annos(Es) ->
-    annotations([(case get_elem(type, Es) of
-                      [] -> [];
-                      T -> annos(T)
-                  end
-                  ++ lists:flatmap(fun annos_elem/1,
-                                   get_content(argtypes, Es))),
-                 local_defs_annos(get_elem(localdef, Es))]).
-
-local_defs_annos(Es) ->
-    lists:flatmap(fun localdef_annos/1, Es).
-
-localdef_annos(#xmlElement{content = Es}) ->
-    annos(get_elem(type, Es)).
-
-annotations(AnnoL) ->
-    Annos = lists:usort(lists:flatten(AnnoL)),
-    margin(2, Annos).
-
-margin(N, L) ->
-    lists:append([[?IND(N),E] || E <- L]) ++ [?IND(N-2)].
-
-annos([E]) ->
-    annos_elem(E).
-
-annos_elem(E=#xmlElement{content = Es}) ->
-    case get_attrval(name, E) of
-	"" -> annos_type(Es);
-        "..." -> annos_type(Es); % compensate for a kludge in edoc_dia.erl
-	N ->
-            [{anno,[N]} | annos_type(Es)]
-    end.
-
-annos_type([#xmlElement{name = list, content = Es}]) ->
-    annos(get_elem(type, Es));
-annos_type([#xmlElement{name = nonempty_list, content = Es}]) ->
-    annos(get_elem(type, Es));
-annos_type([#xmlElement{name = tuple, content = Es}]) ->
-    lists:flatmap(fun annos_elem/1, Es);
-annos_type([#xmlElement{name = 'fun', content = Es}]) ->
-    (annos(get_elem(type, Es))
-     ++ lists:flatmap(fun annos_elem/1, get_content(argtypes, Es)));
-annos_type([#xmlElement{name = record, content = Es}]) ->
-    lists:append([annos(get_elem(type, Es1)) ||
-                     #xmlElement{content = Es1} <- get_elem(field, Es)]);
-annos_type([#xmlElement{name = abstype, content = Es}]) ->
-    lists:flatmap(fun annos_elem/1, get_elem(type, Es));
-annos_type([#xmlElement{name = union, content = Es}]) ->
-    lists:flatmap(fun annos_elem/1, Es);
-annos_type([E=#xmlElement{name = typevar}]) ->
-    annos_elem(E);
-annos_type([#xmlElement{name = paren, content = Es}]) ->
-    annos(get_elem(type, Es));
-annos_type(_) ->
-    [].
diff --git a/lib/erl_docgen/vsn.mk b/lib/erl_docgen/vsn.mk
index 79c8c570bf..dbd7e017b0 100644
--- a/lib/erl_docgen/vsn.mk
+++ b/lib/erl_docgen/vsn.mk
@@ -1,2 +1,2 @@
-ERL_DOCGEN_VSN = 0.2.6
+ERL_DOCGEN_VSN = 0.3
 
diff --git a/lib/erl_interface/aclocal.m4 b/lib/erl_interface/aclocal.m4
index 151fd5ea5a..339a15a2bb 120000..100644
--- a/lib/erl_interface/aclocal.m4
+++ b/lib/erl_interface/aclocal.m4
@@ -1 +1,1766 @@
-../../erts/aclocal.m4
\ No newline at end of file
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/erl_interface/configure.in b/lib/erl_interface/configure.in
index 72ac8c7bbf..c958f80065 100644
--- a/lib/erl_interface/configure.in
+++ b/lib/erl_interface/configure.in
@@ -1,7 +1,7 @@
 #                                               -*- Autoconf -*-
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2000-2010. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ AC_PROG_CC
 AC_PROG_CPP
 dnl AC_PROG_LIBTOOL
 AC_PROG_RANLIB
-AC_CHECK_PROG(LD, ld.sh)
+AC_CHECK_PROGS(LD, ld.sh)
 AC_CHECK_TOOL(LD, ld, '$(CC)')
 AC_SUBST(LD)
 
@@ -224,50 +224,8 @@ elif test "x$with_gmp" != "xno" -a -n "$with_gmp" ;then
     # FIXME return ERROR if no lib
 fi
 
-MIXED_CYGWIN=no
-
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" != x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
-AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_MINGW=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_MINGW=no
-fi
-AC_SUBST(MIXED_CYGWIN_MINGW)
-
-AC_MSG_CHECKING(if we mix cygwin with any native compiler)
-if test "X$MIXED_CYGWIN" = "Xyes" ; then
-	AC_MSG_RESULT([yes])	
-else
-	AC_MSG_RESULT([no])
-fi
-
-AC_SUBST(MIXED_CYGWIN)
+LM_WINDOWS_ENVIRONMENT
+	
 	
 dnl
 dnl Threads
@@ -338,12 +296,6 @@ AC_SUBST(LIB_CFLAGS)
 if test "X$host" = "Xwin32"; then
   LIB_CFLAGS="$CFLAGS"
 else
-  case $host_os in
-    darwin*)
-	CFLAGS="$CFLAGS -no-cpp-precomp"
-	;;
-  esac
-
   if test "x$GCC" = xyes; then
 	LIB_CFLAGS="$CFLAGS -fPIC"
   else
diff --git a/lib/erl_interface/doc/src/make.dep b/lib/erl_interface/doc/src/make.dep
deleted file mode 100644
index 3f43cf64fe..0000000000
--- a/lib/erl_interface/doc/src/make.dep
+++ /dev/null
@@ -1,24 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin//docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex ei.tex ei_connect.tex ei_users_guide.tex \
-		erl_call.tex erl_connect.tex erl_error.tex \
-		erl_eterm.tex erl_format.tex erl_global.tex \
-		erl_malloc.tex erl_marshal.tex part_ei.tex \
-		ref_man.tex ref_man_ei.tex ref_man_erl_interface.tex \
-		registry.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml ref_man_ei.xml ref_man_erl_interface.xml
-
diff --git a/lib/erl_interface/doc/src/notes.xml b/lib/erl_interface/doc/src/notes.xml
index 9a42ebfddf..4cb9532880 100644
--- a/lib/erl_interface/doc/src/notes.xml
+++ b/lib/erl_interface/doc/src/notes.xml
@@ -30,6 +30,44 @@
   </header>
   <p>This document describes the changes made to the Erl_interface application.</p>
 
+<section><title>Erl_Interface 3.7.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    An error when getting global names on OS X Lion has been
+	    fixed. The error caused truncated strings to be returned
+	    from the function.</p>
+          <p>
+	    Own Id: OTP-9799</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Erl_Interface 3.7.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/erl_interface/src/Makefile.in b/lib/erl_interface/src/Makefile.in
index 8ff142a366..d6b0ca1f16 100644
--- a/lib/erl_interface/src/Makefile.in
+++ b/lib/erl_interface/src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -39,7 +39,9 @@ include ../vsn.mk
 include $(TARGET)/eidefs.mk
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
-USING_VC=@MIXED_CYGWIN_VC@
+USING_MSYS_VC==@MIXED_MSYS_VC@
+USING_CYGWIN_VC==@MIXED_MSYS_VC@
+USING_VC=@MIXED_VC@
 
 ifdef TESTROOT
 RELEASE_PATH=$(TESTROOT)
@@ -143,7 +145,6 @@ BINDIR     = $(ERL_TOP)/lib/erl_interface/bin/$(TARGET)
 
 vpath %.c connect:encode:decode:misc:epmd:legacy:registry
 
-
 ###########################################################################
 #  List targets
 ###########################################################################
@@ -202,11 +203,6 @@ ifeq ($(USING_VC),yes)
 # Windows targets
 
 TARGETS = \
-	$(BINDIR) \
-	$(OBJDIR) \
-	$(MT_OBJDIR) \
-	$(MD_OBJDIR) \
-	$(MDD_OBJDIR) \
 	$(OBJ_TARGETS) \
 	$(EXE_TARGETS)
 
@@ -236,9 +232,6 @@ else
 
 ifeq ($USING_MINGW,yes)
 TARGETS = \
-	$(BINDIR) \
-	$(OBJDIR) \
-	$(MD_OBJDIR) \
 	$(OBJ_TARGETS) \
 	$(EXE_TARGETS)
 
@@ -257,10 +250,6 @@ else
 ifdef THR_DEFS
 
 TARGETS = \
-	$(BINDIR) \
-	$(OBJDIR) \
-	$(ST_OBJDIR) \
-	$(MT_OBJDIR) \
 	$(OBJ_TARGETS) \
 	$(EXE_TARGETS)
 
@@ -283,9 +272,6 @@ FAKE_TARGETS = \
 else
 
 TARGETS = \
-	$(BINDIR) \
-	$(OBJDIR) \
-	$(ST_OBJDIR) \
 	$(OBJ_TARGETS) \
 	$(EXE_TARGETS)
 
@@ -601,23 +587,7 @@ $(MDD_OBJDIR)/%.o: %.c
 #  Create directories
 ###########################################################################
 
-$(BINDIR):
-	mkdir -p $(BINDIR)
-
-$(OBJDIR):
-	mkdir -p $(OBJDIR)
-
-$(ST_OBJDIR):
-	mkdir -p $(ST_OBJDIR)
-
-$(MT_OBJDIR):
-	mkdir -p $(MT_OBJDIR)
-
-$(MD_OBJDIR):
-	mkdir -p $(MD_OBJDIR)
-
-$(MDD_OBJDIR):
-	mkdir -p $(MDD_OBJDIR)
+_create_dirs := $(shell mkdir -p $(BINDIR) $(OBJDIR) $(ST_OBJDIR) $(MT_OBJDIR) $(MD_OBJDIR) $(MDD_OBJDIR))
 
 ###########################################################################
 #  Special rules
diff --git a/lib/erl_interface/src/auxdir/config.guess b/lib/erl_interface/src/auxdir/config.guess
index fefabd7dd0..38a833903b 120000..100755
--- a/lib/erl_interface/src/auxdir/config.guess
+++ b/lib/erl_interface/src/auxdir/config.guess
@@ -1 +1,1519 @@
-../../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/erl_interface/src/auxdir/config.sub b/lib/erl_interface/src/auxdir/config.sub
index 90979e8924..f43233b104 120000..100755
--- a/lib/erl_interface/src/auxdir/config.sub
+++ b/lib/erl_interface/src/auxdir/config.sub
@@ -1 +1,1630 @@
-../../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/erl_interface/src/auxdir/install-sh b/lib/erl_interface/src/auxdir/install-sh
index 9422c370df..a5897de6ea 120000..100755
--- a/lib/erl_interface/src/auxdir/install-sh
+++ b/lib/erl_interface/src/auxdir/install-sh
@@ -1 +1,519 @@
-../../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/erl_interface/src/legacy/global_names.c b/lib/erl_interface/src/legacy/global_names.c
index 7333d94931..3a437df3a3 100644
--- a/lib/erl_interface/src/legacy/global_names.c
+++ b/lib/erl_interface/src/legacy/global_names.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1998-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1998-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ char **erl_global_names(int fd, int *count)
   if (!(names = malloc((arity * sizeof(char**)) + (size-index)))) return NULL;
 
   /* arity pointers first, followed by s */
-  s = (char *)(names+arity+1);
+  s = (char *)(names+arity);
 
   if (count) *count = 0;
   for (i=0; i<arity; i++) {
diff --git a/lib/erl_interface/src/misc/ei_format.c b/lib/erl_interface/src/misc/ei_format.c
index cf50f12451..c1e5d998e4 100644
--- a/lib/erl_interface/src/misc/ei_format.c
+++ b/lib/erl_interface/src/misc/ei_format.c
@@ -149,7 +149,7 @@ static int pdigit(const char** fmt, ei_x_buff* x)
 {
     const char* start = *fmt;
     char c;
-    int len, dotp=0;
+    int dotp=0;
     double d;
     long l;
 
@@ -166,7 +166,6 @@ static int pdigit(const char** fmt, ei_x_buff* x)
 	    break;
     } 
     --(*fmt);
-    len = *fmt - start;
     if (dotp) {
 	sscanf(start, "%lf", &d);
 	return ei_x_encode_double(x, d);
diff --git a/lib/erl_interface/test/all_SUITE_data/Makefile.src b/lib/erl_interface/test/all_SUITE_data/Makefile.src
index 9be2360656..70652e47c5 100644
--- a/lib/erl_interface/test/all_SUITE_data/Makefile.src
+++ b/lib/erl_interface/test/all_SUITE_data/Makefile.src
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2003-2009. All Rights Reserved.
+# Copyright Ericsson AB 2003-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -30,6 +30,8 @@ CHMOD=chmod
 
 all: $(ALL_OBJS)
 
+$(EI_COMMON_OBJS): gccifier@exe@
+
 @IFEQ@ (@erl_interface_cross_compile@, true)
 gccifier@exe@:
 	$(CP) gccifier.sh gccifier@exe@
diff --git a/lib/erl_interface/test/all_SUITE_data/init_tc.erl b/lib/erl_interface/test/all_SUITE_data/init_tc.erl
index 8157d590fc..7a599994fc 100644
--- a/lib/erl_interface/test/all_SUITE_data/init_tc.erl
+++ b/lib/erl_interface/test/all_SUITE_data/init_tc.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -40,23 +40,11 @@ run([]) ->
 run1(Name) ->
     CFile = Name ++ ".c",
     {ok, Bin} = file:read_file(CFile),
-    String = binary_to_list(Bin),
-
-    %% This ConstPart stuff is because you can't retrieve part of a match.
-    %% Long live Perl!  
-    
-    ConstPart = "\nTESTCASE\\(",
-    ConstPartLen = 10,
-    {match, Matches} = regexp:matches(String, ConstPart++"[_a-zA-Z]*"),
-    Cases = get_names(Matches, ConstPartLen, Bin, []),
+    RE = "\nTESTCASE\\(([_a-zA-Z]*)\\)",
+    {match, Cases0} = re:run(Bin, RE, [{capture,all_but_first,list},global]),
+    Cases = lists:concat(Cases0),
     generate(Name, Cases).
 
-get_names([{Start, Length}|Rest], Skip, Bin, Result) ->
-    Name = binary_to_list(Bin, Start+Skip, Start+Length-1),
-    get_names(Rest, Skip, Bin, [Name|Result]);
-get_names([], _Skip, _Bin, Result) ->
-    lists:reverse(Result).
-
 generate(TcName, Cases) ->
     Hrl = TcName ++ "_cases.hrl",
     {ok, HrlFile} = file:open(Hrl, write),
diff --git a/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c b/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
index 80811fb973..abc76085de 100644
--- a/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
+++ b/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2001-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2001-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -18,14 +18,17 @@
  */
 
 #include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
 #include "erl_interface.h"
 #include "erl_driver.h"
 
 static ErlDrvPort my_erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void from_erlang(ErlDrvData, char*, int);
-static int do_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-		     int len, char **rbuf, int rlen, unsigned *ret_flags);
+static void from_erlang(ErlDrvData, char*, ErlDrvSizeT);
+static ErlDrvSSizeT do_call(ErlDrvData drv_data, unsigned int command,
+			    char *buf, ErlDrvSizeT len, char **rbuf,
+			    ErlDrvSizeT rlen, unsigned *ret_flags);
 static ErlDrvEntry echo_driver_entry = { 
     NULL,			/* Init */
     echo_start,
@@ -41,7 +44,15 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     NULL,
-    do_call
+    do_call,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 DRIVER_INIT(echo_drv)
@@ -56,14 +67,14 @@ echo_start(ErlDrvPort port, char *buf)
 }
 
 static void
-from_erlang(ErlDrvData data, char *buf, int count)
+from_erlang(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output((ErlDrvPort) data, buf, count);
 }
 
-static int 
+static ErlDrvSSizeT
 do_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-	  int len, char **rbuf, int rlen, unsigned *ret_flags) 
+	  ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen, unsigned *ret_flags) 
 {
     int nlen;
     ei_x_buff x;
diff --git a/lib/erl_interface/vsn.mk b/lib/erl_interface/vsn.mk
index 601958579c..2c402bba6c 100644
--- a/lib/erl_interface/vsn.mk
+++ b/lib/erl_interface/vsn.mk
@@ -1 +1 @@
-EI_VSN = 3.7.5
+EI_VSN = 3.7.6
diff --git a/lib/eunit/doc/src/make.dep b/lib/eunit/doc/src/make.dep
deleted file mode 100644
index d68f888403..0000000000
--- a/lib/eunit/doc/src/make.dep
+++ /dev/null
@@ -1,19 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex chapter.tex eunit.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/eunit/doc/src/notes.xml b/lib/eunit/doc/src/notes.xml
index e68330482c..34e8a47e3d 100644
--- a/lib/eunit/doc/src/notes.xml
+++ b/lib/eunit/doc/src/notes.xml
@@ -32,6 +32,24 @@
   </header>
   <p>This document describes the changes made to the EUnit application.</p>
 
+<section><title>Eunit 2.2.2</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Eunit 2.2.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/eunit/src/Makefile b/lib/eunit/src/Makefile
index 4897c20ec1..bec2fdbe0b 100644
--- a/lib/eunit/src/Makefile
+++ b/lib/eunit/src/Makefile
@@ -26,8 +26,9 @@ INCLUDE=../include
 
 ERL_COMPILE_FLAGS += -pa $(EBIN) -I$(INCLUDE) +warn_unused_vars +nowarn_shadow_vars +warn_unused_import +warn_obsolete_guard
 
+PARSE_TRANSFORM = eunit_autoexport.erl
+
 SOURCES= \
-	eunit_autoexport.erl \
 	eunit_striptests.erl \
 	eunit.erl \
 	eunit_tests.erl \
@@ -43,6 +44,8 @@ SOURCES= \
 
 INCLUDE_FILES = eunit.hrl
 
+PARSE_TRANSFORM_BIN = $(PARSE_TRANSFORM:%.erl=$(EBIN)/%.$(EMULATOR))
+
 OBJECTS=$(SOURCES:%.erl=$(EBIN)/%.$(EMULATOR)) $(APP_TARGET) $(APPUP_TARGET)
 
 INCLUDE_DELIVERABLES = $(INCLUDE_FILES:%=$(INCLUDE)/%)
@@ -59,7 +62,7 @@ APPUP_TARGET= $(EBIN)/$(APPUP_FILE)
 # Targets
 # ----------------------------------------------------
 
-debug opt: $(OBJECTS)
+debug opt: $(PARSE_TRANSFORM_BIN) $(OBJECTS)
 
 docs:
 
@@ -86,6 +89,8 @@ realclean: clean
 $(EBIN)/%.$(EMULATOR):%.erl
 	erlc -W $(ERL_COMPILE_FLAGS) -o$(EBIN) $<
 
+$(OBJECTS): $(PARSE_TRANSFORM_BIN)
+
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
@@ -103,9 +108,9 @@ include $(ERL_TOP)/make/otp_release_targets.mk
 
 release_spec: opt
 	$(INSTALL_DIR) $(RELSYSDIR)/ebin
-	$(INSTALL_DATA) $(OBJECTS) $(RELSYSDIR)/ebin
+	$(INSTALL_DATA) $(PARSE_TRANSFORM_BIN) $(OBJECTS) $(RELSYSDIR)/ebin
 	$(INSTALL_DIR) $(RELSYSDIR)/src
-	$(INSTALL_DATA) $(SOURCES) $(RELSYSDIR)/src
+	$(INSTALL_DATA) $(PARSE_TRANSFORM) $(SOURCES) $(RELSYSDIR)/src
 	$(INSTALL_DIR) $(RELSYSDIR)/include
 	$(INSTALL_DATA) $(INCLUDE_DELIVERABLES) $(RELSYSDIR)/include
 
diff --git a/lib/eunit/vsn.mk b/lib/eunit/vsn.mk
index b0a77a225b..445c070e96 100644
--- a/lib/eunit/vsn.mk
+++ b/lib/eunit/vsn.mk
@@ -1 +1 @@
-EUNIT_VSN = 2.2.1
+EUNIT_VSN = 2.2.2
diff --git a/lib/gs/doc/src/make.dep b/lib/gs/doc/src/make.dep
deleted file mode 100644
index b33ed3b2de..0000000000
--- a/lib/gs/doc/src/make.dep
+++ /dev/null
@@ -1,58 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex gs.tex gs_chapter1.tex gs_chapter2.tex \
-		gs_chapter3.tex gs_chapter4.tex gs_chapter5.tex \
-		gs_chapter6.tex gs_chapter7.tex gs_chapter8.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-gs_chapter2.tex: examples/ex1.erl examples/ex2.erl
-
-gs_chapter4.tex: examples/ex3.erl examples/ex4.erl examples/ex5.erl \
-		examples/ex6.erl
-
-gs_chapter5.tex: examples/ex15.erl
-
-gs_chapter6.tex: examples/ex16.erl
-
-gs_chapter7.tex: examples/ex17.erl
-
-gs_chapter8.tex: examples/ex10.erl examples/ex11.erl examples/ex12.erl \
-		examples/ex13.erl examples/ex14.erl examples/ex7.erl \
-		examples/ex8.erl examples/ex9.erl
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: pics/gs1-1-image-1.ps pics/gs1-1-image-2.ps \
-		pics/gs1-1-image-3.ps
-
-book.dvi: pics/ex1.ps pics/gs1-1-image-4.ps
-
-book.dvi: pics/ex15.ps
-
-book.dvi: pics/ex16.ps
-
-book.dvi: pics/packer1.ps pics/packer2.ps
-
-book.dvi: pics/arc.ps pics/buttons.ps pics/ex10.ps pics/ex11.ps \
-		pics/ex12.ps pics/ex13.ps pics/ex14.ps pics/ex8.ps \
-		pics/ex9.ps pics/image.ps pics/line.ps pics/oval.ps \
-		pics/polygon.ps pics/rectangle.ps pics/text.ps \
-		pics/window.ps
-
diff --git a/lib/gs/doc/src/notes.xml b/lib/gs/doc/src/notes.xml
index c32db495a1..cd63104346 100644
--- a/lib/gs/doc/src/notes.xml
+++ b/lib/gs/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,7 +30,31 @@
   </header>
   <p>This document describes the changes made to the GS application.</p>
 
-  <section><title>GS 1.5.14</title>
+  <section><title>GS 1.5.15</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>GS 1.5.14</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/gs/src/Makefile b/lib/gs/src/Makefile
index a648d3cf13..43b530295b 100644
--- a/lib/gs/src/Makefile
+++ b/lib/gs/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1996-2009. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -90,7 +90,7 @@ clean:
 # Special Build Targets
 # ----------------------------------------------------
 
-gstk_generic.hrl: gs_make.erl
+gstk_generic.hrl: gs_make.erl ../ebin/gs_make.$(EMULATOR) ../ebin/gs.$(EMULATOR)
 	$(ERL) -pa $(EBIN) -s gs_make -s erlang halt -noshell
 
 $(APP_TARGET): $(APP_SRC) ../vsn.mk
@@ -99,6 +99,8 @@ $(APP_TARGET): $(APP_SRC) ../vsn.mk
 $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
 	sed -e 's;%VSN%;$(VSN);' $< > $@
 
+$(GSTK_GENERIC_TARGET): gstk_generic.hrl
+
 # ----------------------------------------------------
 # Release Target
 # ---------------------------------------------------- 
diff --git a/lib/gs/src/gstk_editor.erl b/lib/gs/src/gstk_editor.erl
index 3e0c8240e4..6b90cee1d2 100644
--- a/lib/gs/src/gstk_editor.erl
+++ b/lib/gs/src/gstk_editor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -243,14 +243,14 @@ option(Option, Gstkid, _MainW, DB, Editor) ->
 		 Editor, " ins ",AI," ", gstk:to_ascii(Text)]};
 	clear       -> {c, [Editor, " delete 1.0 end"]};
 	{load,        File} ->
-	    {ok, F2,_} = regexp:gsub(File, [92,92], "/"),
+	    F2 = re:replace(File, [92,92], "/", [global,{return,list}]),
 	    case gstk:call(["ed_load ", Editor, " ", gstk:to_ascii(F2)]) of
 		{result,    _} -> none;
 		{bad_result,Re} -> 
 		    {error,{no_such_file,editor,load,F2,Re}}
 	    end;
 	{save, File} ->
-	    {ok, F2,_} = regexp:gsub(File, [92,92], "/"),
+	    F2 = re:replace(File, [92,92], "/", [global,{return,list}]),
 	    case gstk:call(["ed_save ",Editor," ",gstk:to_ascii(F2)]) of
 		{result,    _} -> none;
 		{bad_result,Re} -> 
diff --git a/lib/gs/src/gstk_generic.erl b/lib/gs/src/gstk_generic.erl
index 3ddb69efc5..8fe19b428c 100644
--- a/lib/gs/src/gstk_generic.erl
+++ b/lib/gs/src/gstk_generic.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -414,7 +414,7 @@ gen_font(_Opt,Gstkid,_TkW,DB,_ExtraArg) ->
 gen_label({text,Text},Opts,Gstkid,TkW,DB,ExtraArg,S,P,C) ->
     out_opts(Opts,Gstkid,TkW,DB,ExtraArg,[" -text ", gstk:to_ascii(Text), " -bi {}"|S],P,C);
 gen_label({image,Img},Opts,Gstkid,TkW,DB,ExtraArg,S,P,C) ->
-    {ok, I2,_} = regexp:gsub(Img, [92,92], "/"),
+    I2 = re:replace(Img, [92,92], "/", [global,{return,list}]),
     out_opts(Opts,Gstkid,TkW,DB,ExtraArg,[" -bi \"@", I2, "\" -text {}"|S],P,C).
 gen_label(_Opt,_Gstkid,TkW,_DB,_ExtraArg) ->
     case gstk:call([TkW, " cg -bit"]) of
diff --git a/lib/gs/src/gstk_image.erl b/lib/gs/src/gstk_image.erl
index 5ad37cf6de..53789b312d 100644
--- a/lib/gs/src/gstk_image.erl
+++ b/lib/gs/src/gstk_image.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -227,10 +227,10 @@ event(DB, Gstkid, Etype, Edata, Args) ->
 option(Option, Gstkid, _Canvas, _DB, _AItem) ->
     case Option of
 	{bitmap,     Bitmap} ->
-	    {ok, BF,_} = regexp:gsub(Bitmap, [92,92], "/"),
+	    BF = re:replace(Bitmap, [92,92], "/", [global,{return,list}]),
 	    {s, [" -bi @", BF]};
 	{load_gif,       File} -> 
-	    {ok, F2,_} = regexp:gsub(File, [92,92], "/"),
+	    F2 = re:replace(File, [92,92], "/", [global,{return,list}]),
 	    {Photo_item, _item} = Gstkid#gstkid.widget_data,
 	    {c,[Photo_item, " configure -file ", gstk:to_ascii(F2)]};
 	{pix_val,  {Coords,Color}} ->
diff --git a/lib/gs/src/tool_utils.erl b/lib/gs/src/tool_utils.erl
index b07e92c4f0..f1b93c1af8 100644
--- a/lib/gs/src/tool_utils.erl
+++ b/lib/gs/src/tool_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -98,7 +98,8 @@ open_help_default(Parent, File) ->
                                _Else -> "netscape -remote \"openURL(file:" ++ File ++ ")\""
 			  end;
 		      {win32,_AnyType} ->
-			  "netscape.exe -h " ++ regexp:gsub(File,"\\\\","/");
+			  "netscape.exe -h " ++
+			      re:replace(File,"\\\\","/",[global,{return,list}]);
 		      _Other ->
 			  unknown
 		  end;
diff --git a/lib/gs/vsn.mk b/lib/gs/vsn.mk
index 4894c6c13a..41a2561809 100644
--- a/lib/gs/vsn.mk
+++ b/lib/gs/vsn.mk
@@ -1,2 +1,2 @@
-GS_VSN = 1.5.14
+GS_VSN = 1.5.15
 
diff --git a/lib/hipe/cerl/erl_bif_types.erl b/lib/hipe/cerl/erl_bif_types.erl
index 4163f2dae2..cee399e861 100644
--- a/lib/hipe/cerl/erl_bif_types.erl
+++ b/lib/hipe/cerl/erl_bif_types.erl
@@ -678,8 +678,6 @@ type(erlang, check_old_code, 1, Xs) ->
 type(erlang, check_process_code, 2, Xs) ->
   strict(arg_types(erlang, check_process_code, 2), Xs,
 	 fun (_) -> t_boolean() end);
-type(erlang, concat_binary, 1, Xs) ->
-  strict(arg_types(erlang, concat_binary, 1), Xs, fun (_) -> t_binary() end);
 type(erlang, crc32, 1, Xs) ->
   strict(arg_types(erlang, crc32, 1), Xs, fun (_) -> t_crc32() end);
 type(erlang, crc32, 2, Xs) ->
@@ -801,7 +799,8 @@ type(erlang, get_module_info, 2, Xs) ->
 	     end
 	 end);
 type(erlang, get_stacktrace, 0, _) ->
-  t_list(t_tuple([t_atom(), t_atom(), t_sup([t_arity(), t_list()])]));
+  t_list(t_tuple([t_atom(), t_atom(), t_sup([t_arity(), t_list()]),
+		  t_list()]));
 type(erlang, group_leader, 0, _) -> t_pid();
 type(erlang, group_leader, 2, Xs) ->
   strict(arg_types(erlang, group_leader, 2), Xs,
@@ -1322,6 +1321,9 @@ type(erlang, resume_process, 1, Xs) ->
 	 fun (_) -> t_any() end); %% TODO: overapproximation -- fix this
 type(erlang, round, 1, Xs) ->
   strict(arg_types(erlang, round, 1), Xs, fun (_) -> t_integer() end);
+type(erlang, posixtime_to_universaltime, 1, Xs) ->
+  strict(arg_types(erlang, posixtime_to_universaltime, 1), Xs, 
+	 fun(_) ->  t_tuple([t_date(), t_time()]) end);
 type(erlang, self, 0, _) -> t_pid();
 type(erlang, send, 2, Xs) -> type(erlang, '!', 2, Xs);  % alias
 type(erlang, send, 3, Xs) ->
@@ -1718,6 +1720,9 @@ type(erlang, universaltime, 0, _) ->
 type(erlang, universaltime_to_localtime, 1, Xs) ->
   strict(arg_types(erlang, universaltime_to_localtime, 1), Xs,
 	 fun ([T]) -> T end);
+type(erlang, universaltime_to_posixtime, 1, Xs) ->
+  strict(arg_types(erlang, universaltime_to_posixtime,1), Xs,
+	 fun(_) -> t_integer() end);
 type(erlang, unlink, 1, Xs) ->
   strict(arg_types(erlang, unlink, 1), Xs, fun (_) -> t_atom('true') end);
 type(erlang, unregister, 1, Xs) ->
@@ -3446,8 +3451,6 @@ arg_types(erlang, check_old_code, 1) ->
   [t_atom()];
 arg_types(erlang, check_process_code, 2) ->
   [t_pid(), t_atom()];
-arg_types(erlang, concat_binary, 1) ->
-  [t_list(t_binary())];
 arg_types(erlang, crc32, 1) ->
   [t_iodata()];
 arg_types(erlang, crc32, 2) ->
@@ -3763,7 +3766,10 @@ arg_types(erlang, purge_module, 1) ->
 arg_types(erlang, put, 2) ->
   [t_any(), t_any()];
 arg_types(erlang, raise, 3) ->
-  [t_raise_errorclass(), t_any(), type(erlang, get_stacktrace, 0, [])];
+  OldStyleType = t_list(t_tuple([t_atom(), t_atom(),
+				 t_sup([t_arity(), t_list()])])),
+  NewStyleType = type(erlang, get_stacktrace, 0, []),
+  [t_raise_errorclass(), t_any(), t_sup(OldStyleType, NewStyleType)];
 arg_types(erlang, read_timer, 1) ->
   [t_reference()];
 arg_types(erlang, ref_to_list, 1) ->
@@ -3776,6 +3782,8 @@ arg_types(erlang, resume_process, 1) ->
   [t_pid()]; % intended for debugging only
 arg_types(erlang, round, 1) ->
   [t_number()];
+arg_types(erlang, posixtime_to_universaltime, 1) ->
+  [t_integer()];
 arg_types(erlang, self, 0) ->
   [];
 arg_types(erlang, send, 2) ->
@@ -3881,7 +3889,8 @@ arg_types(erlang, system_flag, 2) ->
 arg_types(erlang, system_info, 1) ->
   [t_sup([t_atom(),                     % documented
 	  t_tuple([t_atom(), t_any()]), % documented
-	  t_tuple([t_atom(), t_atom(), t_any()])])];
+	  t_tuple([t_atom(), t_atom(), t_any()]),
+	  t_tuple([t_atom(allocator_sizes), t_reference(), t_any()])])];
 arg_types(erlang, system_monitor, 0) ->
   [];
 arg_types(erlang, system_monitor, 1) ->
@@ -3941,6 +3950,8 @@ arg_types(erlang, universaltime, 0) ->
   [];
 arg_types(erlang, universaltime_to_localtime, 1) ->
   [t_tuple([t_date(), t_time()])];
+arg_types(erlang, universaltime_to_posixtime, 1) ->
+  [t_tuple([t_date(), t_time()])];
 arg_types(erlang, unlink, 1) ->
   [t_sup(t_pid(), t_port())];
 arg_types(erlang, unregister, 1) ->
diff --git a/lib/hipe/cerl/erl_types.erl b/lib/hipe/cerl/erl_types.erl
index 0ff827ac37..620fed365e 100644
--- a/lib/hipe/cerl/erl_types.erl
+++ b/lib/hipe/cerl/erl_types.erl
@@ -2528,34 +2528,77 @@ findfirst(N1, N2, U1, B1, U2, B2) ->
 %%-----------------------------------------------------------------------------
 %% Substitution of variables
 %%
+%% Dialyzer versions prior to R15B used a dict data structure to map variables
+%% to types. Hans Bolinder suggested the use of lists of Key-Value pairs for
+%% this data structure and measurements showed a non-trivial speedup when using
+%% them for operations within this module (e.g. in t_unify/2). However, there
+%% is code outside erl_types that still passes a dict() in the 2nd argument.
+%% So, for the time being, this module provides a t_subst/2 function for these
+%% external calls and a clone of it (t_subst_kv/2) which is used from all calls
+%% from within this module. This code duplication needs to be eliminated at
+%% some point.
 
 -spec t_subst(erl_type(), dict()) -> erl_type().
 
 t_subst(T, Dict) ->
   case t_has_var(T) of
-    true -> t_subst(T, Dict, fun(X) -> X end);
+    true -> t_subst_dict(T, Dict);
     false -> T
   end.
 
+t_subst_dict(?var(Id), Dict) ->
+  case dict:find(Id, Dict) of
+    error -> ?any;
+    {ok, Type} -> Type
+  end;
+t_subst_dict(?list(Contents, Termination, Size), Dict) ->
+  case t_subst_dict(Contents, Dict) of
+    ?none -> ?none;
+    NewContents ->
+      %% Be careful here to make the termination collapse if necessary.
+      case t_subst_dict(Termination, Dict) of
+	?nil -> ?list(NewContents, ?nil, Size);
+	?any -> ?list(NewContents, ?any, Size);
+	Other ->
+	  ?list(NewContents, NewTermination, _) = t_cons(NewContents, Other),
+	  ?list(NewContents, NewTermination, Size)
+      end
+  end;
+t_subst_dict(?function(Domain, Range), Dict) ->
+  ?function(t_subst_dict(Domain, Dict), t_subst_dict(Range, Dict));
+t_subst_dict(?product(Types), Dict) ->
+  ?product([t_subst_dict(T, Dict) || T <- Types]);
+t_subst_dict(?tuple(?any, ?any, ?any) = T, _Dict) ->
+  T;
+t_subst_dict(?tuple(Elements, _Arity, _Tag), Dict) ->
+  t_tuple([t_subst_dict(E, Dict) || E <- Elements]);
+t_subst_dict(?tuple_set(_) = TS, Dict) ->
+  t_sup([t_subst_dict(T, Dict) || T <- t_tuple_subtypes(TS)]);
+t_subst_dict(T, _Dict) ->
+  T.
+
 -spec subst_all_vars_to_any(erl_type()) -> erl_type().
 
 subst_all_vars_to_any(T) ->
+  t_subst_kv(T, []).
+
+t_subst_kv(T, KVMap) ->
   case t_has_var(T) of
-    true -> t_subst(T, dict:new(), fun(_) -> ?any end);
+    true -> t_subst_aux(T, KVMap);
     false -> T
   end.
 
-t_subst(?var(Id) = V, Dict, Fun) ->
-  case dict:find(Id, Dict) of
-    error -> Fun(V);
-    {ok, Type} -> Type
+t_subst_aux(?var(Id), VarMap) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> ?any;
+    {Id, Type} -> Type
   end;
-t_subst(?list(Contents, Termination, Size), Dict, Fun) ->
-  case t_subst(Contents, Dict, Fun) of
+t_subst_aux(?list(Contents, Termination, Size), VarMap) ->
+  case t_subst_aux(Contents, VarMap) of
     ?none -> ?none;
     NewContents ->
       %% Be careful here to make the termination collapse if necessary.
-      case t_subst(Termination, Dict, Fun) of
+      case t_subst_aux(Termination, VarMap) of
 	?nil -> ?list(NewContents, ?nil, Size);
 	?any -> ?list(NewContents, ?any, Size);
 	Other ->
@@ -2563,17 +2606,17 @@ t_subst(?list(Contents, Termination, Size), Dict, Fun) ->
 	  ?list(NewContents, NewTermination, Size)
       end
   end;
-t_subst(?function(Domain, Range), Dict, Fun) ->
-  ?function(t_subst(Domain, Dict, Fun), t_subst(Range, Dict, Fun));
-t_subst(?product(Types), Dict, Fun) -> 
-  ?product([t_subst(T, Dict, Fun) || T <- Types]);
-t_subst(?tuple(?any, ?any, ?any) = T, _Dict, _Fun) ->
+t_subst_aux(?function(Domain, Range), VarMap) ->
+  ?function(t_subst_aux(Domain, VarMap), t_subst_aux(Range, VarMap));
+t_subst_aux(?product(Types), VarMap) ->
+  ?product([t_subst_aux(T, VarMap) || T <- Types]);
+t_subst_aux(?tuple(?any, ?any, ?any) = T, _VarMap) ->
   T;
-t_subst(?tuple(Elements, _Arity, _Tag), Dict, Fun) ->
-  t_tuple([t_subst(E, Dict, Fun) || E <- Elements]);
-t_subst(?tuple_set(_) = TS, Dict, Fun) ->
-  t_sup([t_subst(T, Dict, Fun) || T <- t_tuple_subtypes(TS)]);
-t_subst(T, _Dict, _Fun) -> 
+t_subst_aux(?tuple(Elements, _Arity, _Tag), VarMap) ->
+  t_tuple([t_subst_aux(E, VarMap) || E <- Elements]);
+t_subst_aux(?tuple_set(_) = TS, VarMap) ->
+  t_sup([t_subst_aux(T, VarMap) || T <- t_tuple_subtypes(TS)]);
+t_subst_aux(T, _VarMap) ->
   T.
 	      
 %%-----------------------------------------------------------------------------
@@ -2590,87 +2633,87 @@ t_unify(T1, T2) ->
 -spec t_unify(erl_type(), erl_type(), [erl_type()]) -> t_unify_ret().
 
 t_unify(T1, T2, Opaques) ->
-  {T, Dict} = t_unify(T1, T2, dict:new(), Opaques),
-  {t_subst(T, Dict), lists:keysort(1, dict:to_list(Dict))}.
-
-t_unify(?var(Id) = T, ?var(Id), Dict, _Opaques) ->
-  {T, Dict};
-t_unify(?var(Id1) = T, ?var(Id2), Dict, Opaques) ->
-  case dict:find(Id1, Dict) of
-    error -> 
-      case dict:find(Id2, Dict) of
-	error -> {T, dict:store(Id2, T, Dict)};
-	{ok, Type} -> t_unify(T, Type, Dict, Opaques)
+  {T, VarMap} = t_unify(T1, T2, [], Opaques),
+  {t_subst_kv(T, VarMap), lists:keysort(1, VarMap)}.
+
+t_unify(?var(Id) = T, ?var(Id), VarMap, _Opaques) ->
+  {T, VarMap};
+t_unify(?var(Id1) = T, ?var(Id2), VarMap, Opaques) ->
+  case lists:keyfind(Id1, 1, VarMap) of
+    false ->
+      case lists:keyfind(Id2, 1, VarMap) of
+	false -> {T, [{Id2, T} | VarMap]};
+	{Id2, Type} -> t_unify(T, Type, VarMap, Opaques)
       end;
-    {ok, Type1} ->
-      case dict:find(Id2, Dict) of
-	error -> {Type1, dict:store(Id2, T, Dict)};
-	{ok, Type2} -> t_unify(Type1, Type2, Dict, Opaques)
+    {Id1, Type1} ->
+      case lists:keyfind(Id2, 1, VarMap) of
+	false -> {Type1, [{Id2, T} | VarMap]};
+	{Id2, Type2} -> t_unify(Type1, Type2, VarMap, Opaques)
       end
   end;
-t_unify(?var(Id), Type, Dict, Opaques) ->
-  case dict:find(Id, Dict) of
-    error -> {Type, dict:store(Id, Type, Dict)};
-    {ok, VarType} -> t_unify(VarType, Type, Dict, Opaques)
+t_unify(?var(Id), Type, VarMap, Opaques) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> {Type, [{Id, Type} | VarMap]};
+    {Id, VarType} -> t_unify(VarType, Type, VarMap, Opaques)
   end;
-t_unify(Type, ?var(Id), Dict, Opaques) ->
-  case dict:find(Id, Dict) of
-    error -> {Type, dict:store(Id, Type, Dict)};
-    {ok, VarType} -> t_unify(VarType, Type, Dict, Opaques)
+t_unify(Type, ?var(Id), VarMap, Opaques) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> {Type, [{Id, Type} | VarMap]};
+    {Id, VarType} -> t_unify(VarType, Type, VarMap, Opaques)
   end;
-t_unify(?function(Domain1, Range1), ?function(Domain2, Range2), Dict, Opaques) ->
-  {Domain, Dict1} = t_unify(Domain1, Domain2, Dict, Opaques),
-  {Range, Dict2} = t_unify(Range1, Range2, Dict1, Opaques),
-  {?function(Domain, Range), Dict2};
+t_unify(?function(Domain1, Range1), ?function(Domain2, Range2), VarMap, Opaques) ->
+  {Domain, VarMap1} = t_unify(Domain1, Domain2, VarMap, Opaques),
+  {Range, VarMap2} = t_unify(Range1, Range2, VarMap1, Opaques),
+  {?function(Domain, Range), VarMap2};
 t_unify(?list(Contents1, Termination1, Size), 
-	?list(Contents2, Termination2, Size), Dict, Opaques) ->
-  {Contents, Dict1} = t_unify(Contents1, Contents2, Dict, Opaques),
-  {Termination, Dict2} = t_unify(Termination1, Termination2, Dict1, Opaques),
-  {?list(Contents, Termination, Size), Dict2};
-t_unify(?product(Types1), ?product(Types2), Dict, Opaques) ->
-  {Types, Dict1} = unify_lists(Types1, Types2, Dict, Opaques),
-  {?product(Types), Dict1};
-t_unify(?tuple(?any, ?any, ?any) = T, ?tuple(?any, ?any, ?any), Dict, _Opaques) ->
-  {T, Dict};
+	?list(Contents2, Termination2, Size), VarMap, Opaques) ->
+  {Contents, VarMap1} = t_unify(Contents1, Contents2, VarMap, Opaques),
+  {Termination, VarMap2} = t_unify(Termination1, Termination2, VarMap1, Opaques),
+  {?list(Contents, Termination, Size), VarMap2};
+t_unify(?product(Types1), ?product(Types2), VarMap, Opaques) ->
+  {Types, VarMap1} = unify_lists(Types1, Types2, VarMap, Opaques),
+  {?product(Types), VarMap1};
+t_unify(?tuple(?any, ?any, ?any) = T, ?tuple(?any, ?any, ?any), VarMap, _Opaques) ->
+  {T, VarMap};
 t_unify(?tuple(Elements1, Arity, _), 
-	?tuple(Elements2, Arity, _), Dict, Opaques) when Arity =/= ?any ->
-  {NewElements, Dict1} = unify_lists(Elements1, Elements2, Dict, Opaques),
-  {t_tuple(NewElements), Dict1};
+	?tuple(Elements2, Arity, _), VarMap, Opaques) when Arity =/= ?any ->
+  {NewElements, VarMap1} = unify_lists(Elements1, Elements2, VarMap, Opaques),
+  {t_tuple(NewElements), VarMap1};
 t_unify(?tuple_set([{Arity, _}]) = T1, 
-	?tuple(_, Arity, _) = T2, Dict, Opaques) when Arity =/= ?any ->
-  unify_tuple_set_and_tuple(T1, T2, Dict, Opaques);
+	?tuple(_, Arity, _) = T2, VarMap, Opaques) when Arity =/= ?any ->
+  unify_tuple_set_and_tuple(T1, T2, VarMap, Opaques);
 t_unify(?tuple(_, Arity, _) = T1,
-	?tuple_set([{Arity, _}]) = T2, Dict, Opaques) when Arity =/= ?any ->
-  unify_tuple_set_and_tuple(T2, T1, Dict, Opaques);
-t_unify(?tuple_set(List1), ?tuple_set(List2), Dict, Opaques) ->
-  {Tuples, NewDict} = 
+	?tuple_set([{Arity, _}]) = T2, VarMap, Opaques) when Arity =/= ?any ->
+  unify_tuple_set_and_tuple(T2, T1, VarMap, Opaques);
+t_unify(?tuple_set(List1), ?tuple_set(List2), VarMap, Opaques) ->
+  {Tuples, NewVarMap} =
     unify_lists(lists:append([T || {_Arity, T} <- List1]), 
-		lists:append([T || {_Arity, T} <- List2]), Dict, Opaques),
-  {t_sup(Tuples), NewDict};
-t_unify(?opaque(Elements) = T, ?opaque(Elements), Dict, _Opaques) ->
-  {T, Dict};
-t_unify(?opaque(_) = T1, ?opaque(_) = T2, _Dict, _Opaques) ->
+		lists:append([T || {_Arity, T} <- List2]), VarMap, Opaques),
+  {t_sup(Tuples), NewVarMap};
+t_unify(?opaque(Elements) = T, ?opaque(Elements), VarMap, _Opaques) ->
+  {T, VarMap};
+t_unify(?opaque(_) = T1, ?opaque(_) = T2, _VarMap, _Opaques) ->
   throw({mismatch, T1, T2});
-t_unify(Type, ?opaque(_) = OpType, Dict, Opaques) ->
-  t_unify_with_opaque(Type, OpType, Dict, Opaques);
-t_unify(?opaque(_) = OpType, Type, Dict, Opaques) ->
-  t_unify_with_opaque(Type, OpType, Dict, Opaques);
-t_unify(T, T, Dict, _Opaques) ->
-  {T, Dict};
+t_unify(Type, ?opaque(_) = OpType, VarMap, Opaques) ->
+  t_unify_with_opaque(Type, OpType, VarMap, Opaques);
+t_unify(?opaque(_) = OpType, Type, VarMap, Opaques) ->
+  t_unify_with_opaque(Type, OpType, VarMap, Opaques);
+t_unify(T, T, VarMap, _Opaques) ->
+  {T, VarMap};
 t_unify(T1, T2, _, _) ->
   throw({mismatch, T1, T2}).
 
-t_unify_with_opaque(Type, OpType, Dict, Opaques) ->
+t_unify_with_opaque(Type, OpType, VarMap, Opaques) ->
   case lists:member(OpType, Opaques) of
     true ->
       Struct = t_opaque_structure(OpType),
-      try t_unify(Type, Struct, Dict, Opaques) of
-	{_T, Dict1} -> {OpType, Dict1}
+      try t_unify(Type, Struct, VarMap, Opaques) of
+	{_T, VarMap1} -> {OpType, VarMap1}
       catch
 	throw:{mismatch, _T1, _T2} ->
 	  case t_inf(OpType, Type, opaque) of
 	    ?none -> throw({mismatch, Type, OpType});
-	    _ -> {OpType, Dict}
+	    _ -> {OpType, VarMap}
 	  end
       end;
     false ->
@@ -2678,20 +2721,20 @@ t_unify_with_opaque(Type, OpType, Dict, Opaques) ->
   end.
 
 unify_tuple_set_and_tuple(?tuple_set([{Arity, List}]), 
-			  ?tuple(Elements2, Arity, _), Dict, Opaques) ->
+			  ?tuple(Elements2, Arity, _), VarMap, Opaques) ->
   %% Can only work if the single tuple has variables at correct places.
   %% Collapse the tuple set.
-  {NewElements, Dict1} = unify_lists(sup_tuple_elements(List), Elements2, Dict, Opaques),
-  {t_tuple(NewElements), Dict1}.
+  {NewElements, VarMap1} = unify_lists(sup_tuple_elements(List), Elements2, VarMap, Opaques),
+  {t_tuple(NewElements), VarMap1}.
 
-unify_lists(L1, L2, Dict, Opaques) ->
-  unify_lists(L1, L2, Dict, [], Opaques).
+unify_lists(L1, L2, VarMap, Opaques) ->
+  unify_lists(L1, L2, VarMap, [], Opaques).
 
-unify_lists([T1|Left1], [T2|Left2], Dict, Acc, Opaques) ->
-  {NewT, NewDict} = t_unify(T1, T2, Dict, Opaques),
-  unify_lists(Left1, Left2, NewDict, [NewT|Acc], Opaques);
-unify_lists([], [], Dict, Acc, _Opaques) ->
-  {lists:reverse(Acc), Dict}.
+unify_lists([T1|Left1], [T2|Left2], VarMap, Acc, Opaques) ->
+  {NewT, NewVarMap} = t_unify(T1, T2, VarMap, Opaques),
+  unify_lists(Left1, Left2, NewVarMap, [NewT|Acc], Opaques);
+unify_lists([], [], VarMap, Acc, _Opaques) ->
+  {lists:reverse(Acc), VarMap}.
 
 %%t_assign_variables_to_subtype(T1, T2) ->
 %%  try 
diff --git a/lib/hipe/doc/src/make.dep b/lib/hipe/doc/src/make.dep
deleted file mode 100644
index d5f5844c21..0000000000
--- a/lib/hipe/doc/src/make.dep
+++ /dev/null
@@ -1,13 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex
-
diff --git a/lib/hipe/doc/src/notes.xml b/lib/hipe/doc/src/notes.xml
index 6b601e3039..3f28cf9959 100644
--- a/lib/hipe/doc/src/notes.xml
+++ b/lib/hipe/doc/src/notes.xml
@@ -30,6 +30,83 @@
   </header>
   <p>This document describes the changes made to HiPE.</p>
 
+<section><title>Hipe 3.9</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    <list> <item><p>No warnings for underspecs with remote
+	    types</p></item> <item><p> Fix crash in Typer</p></item>
+	    <item><p>Fix Dialyzer's warning for its own
+	    code</p></item> <item><p>Fix Dialyzer's warnings in
+	    HiPE</p></item> <item><p>Add file/line info in a
+	    particular Dialyzer crash</p></item> <item><p>Update
+	    inets test results</p></item> </list></p>
+          <p>
+	    Own Id: OTP-9758</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Possible to run HiPE without floating point exceptions
+	    (FPE). Useful on platforms that lack reliable FPE. Slower
+	    float operations compared to HiPE with FPE.</p>
+          <p>
+	    Own Id: OTP-9724</p>
+        </item>
+        <item>
+          <p>
+	    HiPE compiler: The possibility to compile and load
+	    selected functions from a module has been removed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9751</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+        <item>
+	    <p> Optimize <c>erl_types:t_unify()</c>. </p>
+          <p>
+	    Own Id: OTP-9768</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Hipe 3.8.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/hipe/flow/Makefile b/lib/hipe/flow/Makefile
index 02f610587b..bbe8ef8666 100644
--- a/lib/hipe/flow/Makefile
+++ b/lib/hipe/flow/Makefile
@@ -65,7 +65,7 @@ DOC_FILES= $(MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/icode/Makefile b/lib/hipe/icode/Makefile
index eced90b0ec..bd6436c8b3 100644
--- a/lib/hipe/icode/Makefile
+++ b/lib/hipe/icode/Makefile
@@ -83,7 +83,7 @@ DOC_FILES= $(DOC_MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_unused_import +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_unused_import +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/icode/hipe_beam_to_icode.erl b/lib/hipe/icode/hipe_beam_to_icode.erl
index cfed410240..992f387bd5 100644
--- a/lib/hipe/icode/hipe_beam_to_icode.erl
+++ b/lib/hipe/icode/hipe_beam_to_icode.erl
@@ -31,7 +31,7 @@
 
 -module(hipe_beam_to_icode).
 
--export([module/2, mfa/3]).
+-export([module/2]).
 
 %%-----------------------------------------------------------------------
 
@@ -111,55 +111,6 @@ trans_beam_function_chunk(FunBeamCode, ClosureInfo) ->
   {MFA,Icode}.
 
 %%-----------------------------------------------------------------------
-%% @doc
-%% Translates the BEAM code of a single function into Icode.
-%%   Returns a tuple whose first argument is list of {{M,F,A}, ICode}
-%%   pairs, where the first entry is that of the given MFA, and the
-%%   following (in undefined order) are those of the funs that are
-%%   defined in the function, and recursively, in the funs.  The
-%%   second argument of the tuple is the HiPE compiler options
-%%   contained in the file.
-%% @end
-%%-----------------------------------------------------------------------
-
--spec mfa(list(), mfa(), comp_options()) -> hipe_beam_to_icode_ret().
-
-mfa(BeamFuns, {M,F,A} = MFA, Options)
-  when is_atom(M), is_atom(F), is_integer(A) ->
-  BeamCode0 = [beam_disasm:function__code(Fn) || Fn <- BeamFuns],
-  {ModCode, ClosureInfo} = preprocess_code(BeamCode0),
-  mfa_loop([MFA], [], sets:new(), ModCode, ClosureInfo, Options).
-
-mfa_loop([{M,F,A} = MFA | MFAs], Acc, Seen, ModCode, ClosureInfo,
-	 Options) when is_atom(M), is_atom(F), is_integer(A) ->
-  case sets:is_element(MFA, Seen) of
-    true ->
-      mfa_loop(MFAs, Acc, Seen, ModCode, ClosureInfo, Options);
-    false ->
-      {Icode, FunMFAs} = mfa_get(M, F, A, ModCode, ClosureInfo, Options),
-      mfa_loop(FunMFAs ++ MFAs, [{MFA, Icode} | Acc],
-	       sets:add_element(MFA, Seen),
-	       ModCode, ClosureInfo, Options)
-  end;
-mfa_loop([], Acc, _, _, _, _) ->
-  lists:reverse(Acc).
-
-mfa_get(M, F, A, ModCode, ClosureInfo, Options) ->
-  BeamCode = get_fun(ModCode, M,F,A),
-  pp_beam([BeamCode], Options),  % cheat by using a list
-  Icode = trans_mfa_code(M,F,A, BeamCode, ClosureInfo),
-  FunMFAs = get_fun_mfas(BeamCode),
-  {Icode, FunMFAs}.
-
-get_fun_mfas([{patched_make_fun,{M,F,A} = MFA,_,_,_}|BeamCode])
-  when is_atom(M), is_atom(F), is_integer(A) ->
-  [MFA|get_fun_mfas(BeamCode)];
-get_fun_mfas([_|BeamCode]) ->
-  get_fun_mfas(BeamCode);
-get_fun_mfas([]) ->
-  [].
-
-%%-----------------------------------------------------------------------
 %% The main translation function.
 %%-----------------------------------------------------------------------
 
@@ -281,10 +232,14 @@ needs_redtest(Leafness) ->
 %%-----------------------------------------------------------------------
 
 %%--- label & func_info combo ---
+trans_fun([{label,_}=F,{func_info,_,_,_}=FI|Instructions], Env) ->
+  %% Handle old code without a line instruction.
+  trans_fun([F,{line,[]},FI|Instructions], Env);
 trans_fun([{label,B},{label,_},
 	   {func_info,M,F,A},{label,L}|Instructions], Env) ->
   trans_fun([{label,B},{func_info,M,F,A},{label,L}|Instructions], Env);
 trans_fun([{label,B},
+	   {line,_},
 	   {func_info,{atom,_M},{atom,_F},_A},
 	   {label,L}|Instructions], Env) ->
   %% Emit code to handle function_clause errors.  The BEAM test instructions
@@ -1142,6 +1097,11 @@ trans_fun([{trim,N,NY}|Instructions], Env) ->
   Moves = trans_trim(N, NY),
   Moves ++ trans_fun(Instructions, Env);
 %%--------------------------------------------------------------------
+%% New line/1 instruction in R15.
+%%--------------------------------------------------------------------
+trans_fun([{line,_}|Instructions], Env) ->
+  trans_fun(Instructions,Env);
+%%--------------------------------------------------------------------
 %%--- ERROR HANDLING ---
 %%--------------------------------------------------------------------
 trans_fun([X|_], _) ->
@@ -1869,20 +1829,12 @@ patch_make_funs([], FunIndex, Acc) ->
 
 find_mfa([{label,_}|Code]) ->
   find_mfa(Code);
+find_mfa([{line,_}|Code]) ->
+  find_mfa(Code);
 find_mfa([{func_info,{atom,M},{atom,F},A}|_]) 
   when is_atom(M), is_atom(F), is_integer(A), 0 =< A, A =< 255 ->
   {M, F, A}.
 
-%%-----------------------------------------------------------------------
-
-%% Localize a particular function in a module
-get_fun([[L, {func_info,{atom,M},{atom,F},A} | Is] | _], M,F,A) ->
-  [L, {func_info,{atom,M},{atom,F},A} | Is];
-get_fun([[_L1,_L2, {func_info,{atom,M},{atom,F},A} = MFA| _Is] | _], M,F,A) ->
-  ?WARNING_MSG("Consecutive labels found; please re-create the .beam file~n", []),
-  [_L1,_L2, MFA | _Is];
-get_fun([_|Rest], M,F,A) ->
-  get_fun(Rest, M,F,A).    
 
 %%-----------------------------------------------------------------------
 %% Takes a list of arguments and returns the constants of them into
diff --git a/lib/hipe/icode/hipe_icode_coordinator.erl b/lib/hipe/icode/hipe_icode_coordinator.erl
index a71e143192..d8c82cf01c 100644
--- a/lib/hipe/icode/hipe_icode_coordinator.erl
+++ b/lib/hipe/icode/hipe_icode_coordinator.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -49,6 +49,12 @@ coordinate(CG, Escaping, NonEscaping, Mod) ->
     fun (PM) -> last_action(PM, ServerPid, Mod, All) end, 
   coordinate({Clean,All}, CG, gb_trees:empty(), Restart, LastAction, ServerPid).
 
+-type mfalists() :: {[mfa()], [mfa()]}.
+
+-spec coordinate(mfalists(), hipe_digraph:hdg(), gb_tree(),
+                 fun((mfalists(), gb_tree()) -> mfalists()),
+                 fun((gb_tree()) -> 'ok'), pid()) -> no_return().
+
 coordinate(MFALists, CG, PM, Restart, LastAction, ServerPid) ->
   case MFALists of
     {[], []} ->
@@ -106,8 +112,7 @@ last_action(PM, ServerPid, Mod, All) ->
 		    receive 
 		      {done_rewrite, MFA} -> ok
 		    end
-		end, All),
-  ok.
+		end, All).
 
 restart_funs({Queue, Busy} = QB, PM, All, ServerPid) ->
   case ?MAX_CONCURRENT - length(Busy) of
diff --git a/lib/hipe/icode/hipe_icode_mulret.erl b/lib/hipe/icode/hipe_icode_mulret.erl
index a6529c8519..a3cae621ab 100644
--- a/lib/hipe/icode/hipe_icode_mulret.erl
+++ b/lib/hipe/icode/hipe_icode_mulret.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -595,9 +595,9 @@ optimizeDefine([I|Code], Dsts, DstLst, Res) ->
   [Ds] = Dsts,
   case isCallPrimop(I, mktuple) andalso DstLst =:= [] of
     true ->
-      case (hipe_icode:call_dstlist(I) =:= Dsts) of
+      case hipe_icode:call_dstlist(I) =:= Dsts of
 	true ->
-	  case (hipe_icode:call_args(I) > 1) of 
+	  case length(hipe_icode:call_args(I)) > 1 of
 	    true ->
 	      optimizeDefine(Code, Dsts, hipe_icode:call_args(I), Res);
 	    false ->
diff --git a/lib/hipe/icode/hipe_icode_pp.erl b/lib/hipe/icode/hipe_icode_pp.erl
index 575bbfe43d..de29b6f779 100755..100644
--- a/lib/hipe/icode/hipe_icode_pp.erl
+++ b/lib/hipe/icode/hipe_icode_pp.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/icode/hipe_icode_ssa.erl b/lib/hipe/icode/hipe_icode_ssa.erl
index 719d5d8f45..4607a96dda 100755..100644
--- a/lib/hipe/icode/hipe_icode_ssa.erl
+++ b/lib/hipe/icode/hipe_icode_ssa.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/main/hipe.erl b/lib/hipe/main/hipe.erl
index 570e4d9d17..309d847374 100644
--- a/lib/hipe/main/hipe.erl
+++ b/lib/hipe/main/hipe.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -47,9 +47,8 @@
 %%
 %% <h3>Using the direct interface - for advanced users only</h3>
 %%
-%% To compile a module or a specific function to native code and
-%% automatically load the code into memory, call <a
-%% href="#c-1"><code>hipe:c(Module)</code></a> or <a
+%% To compile a module to native code and automatically load the code
+%% into memory, call <a href="#c-1"><code>hipe:c(Module)</code></a> or <a
 %% href="#c-2"><code>hipe:c(Module, Options)</code></a>. Note that all
 %% options are specific to the HiPE compiler. See the <a
 %% href="#index">function index</a> for other compiler functions.
@@ -221,11 +220,10 @@
 %%-------------------------------------------------------------------
 
 -type mod() :: atom().
--type c_unit() :: mod() | mfa().
 -type f_unit() :: mod() | binary().
 -type ret_rtl() :: [_].
--type c_ret() :: {'ok', c_unit()} | {'error', term()} |
-                 {'ok', c_unit(), ret_rtl()}. %% The last for debugging only
+-type c_ret() :: {'ok', mod()} | {'error', term()} |
+                 {'ok', mod(), ret_rtl()}. %% The last for debugging only
 -type compile_file() :: atom() | string() | binary().
 -type compile_ret() :: {hipe_architecture(), binary()} | list().
 
@@ -278,47 +276,44 @@ load(Mod, BeamFileName) when is_list(BeamFileName) ->
   end.
 
 %% @spec c(Name) -> {ok, Name} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Reason = term()
 %%
 %% @equiv c(Name, [])
 
--spec c(c_unit()) -> c_ret().
+-spec c(mod()) -> c_ret().
 
 c(Name) ->
   c(Name, []).
 
 %% @spec c(Name, options()) -> {ok, Name} | {error, Reason}
-%%     Name = mod() | mfa()
+%%     Name = mod()
 %%     options() = [option()]
 %%     option() = term()
 %%     Reason = term()
 %%
-%% @type mfa() = {M::mod(),F::fun(),A::arity()}.
-%%       A fully qualified function name.
-%%
 %% @type fun() = atom(). A function identifier.
 %%
 %% @type arity() = integer(). A function arity; always nonnegative.
 %% 
 %% @doc User-friendly native code compiler interface. Reads BEAM code
-%% from the corresponding "Module<code>.beam</code>" file in the system
-%% path, and compiles either a single function or the whole module to
-%% native code. By default, the compiled code is loaded directly. See
-%% above for documentation of options.
+%% from the corresponding "Module<code>.beam</code>" file in the
+%% system path, and compiles the whole module to native code. By
+%% default, the compiled code is loaded directly. See above for
+%% documentation of options.
 %%
 %% @see c/1
 %% @see c/3
 %% @see f/2
 %% @see compile/2
 
--spec c(c_unit(), comp_options()) -> c_ret().
+-spec c(mod(), comp_options()) -> c_ret().
 
 c(Name, Options) ->
   c(Name, beam_file(Name), Options).
 
 %% @spec c(Name, File, options()) -> {ok, Name} | {error, Reason}
-%%     Name = mod() | mfa()
+%%     Name = mod()
 %%     File = filename() | binary()
 %%     Reason = term()
 %%
@@ -329,7 +324,6 @@ c(Name, Options) ->
 %% @see f/2
 
 c(Name, File, Opts) ->
-  %% No server if only one function is compiled
   Opts1 = user_compile_opts(Opts),
   case compile(Name, File, Opts1) of
     {ok, Res} ->
@@ -359,8 +353,7 @@ f(File) ->
 %%     Reason = term()
 %%
 %% @doc Like <code>c/3</code>, but takes the module name from the
-%% specified <code>File</code>. This always compiles the whole module;
-%% there is no possibility to compile just a single function.
+%% specified <code>File</code>.
 %%
 %% @see c/3
 
@@ -381,26 +374,26 @@ user_compile_opts(Opts) ->
 
 
 %% @spec compile(Name) -> {ok, {Target,Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Binary = binary()
 %%       Reason = term()
 %% 
 %% @equiv compile(Name, [])
 
--spec compile(c_unit()) -> {'ok', compile_ret()} | {'error', term()}.
+-spec compile(mod()) -> {'ok', compile_ret()} | {'error', term()}.
 
 compile(Name) ->
   compile(Name, []).
 
 %% @spec compile(Name, options()) -> {ok, {Target,Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Binary = binary()
 %%       Reason = term()
 %%
-%% @doc Direct compiler interface, for advanced use. This just compiles
-%% the named function or module, reading BEAM code from the
-%% corresponding "Module<code>.beam</code>" file in the system path.
-%% Returns <code>{ok, Binary}</code> if successful, or <code>{error,
+%% @doc Direct compiler interface, for advanced use. This just
+%% compiles the module, reading BEAM code from the corresponding
+%% "Module<code>.beam</code>" file in the system path.  Returns
+%% <code>{ok, Binary}</code> if successful, or <code>{error,
 %% Reason}</code> otherwise. By default, it does <em>not</em> load the
 %% binary to memory (the <code>load</code> option can be used to
 %% activate automatic loading). <code>File</code> can be either a file
@@ -412,15 +405,13 @@ compile(Name) ->
 %% @see file/2
 %% @see load/2
 
--spec compile(c_unit(), comp_options()) -> {'ok', compile_ret()} | {'error', _}.
+-spec compile(mod(), comp_options()) -> {'ok', compile_ret()} | {'error', _}.
 
 compile(Name, Options) ->
   compile(Name, beam_file(Name), Options).
 
--spec beam_file(mod() | mfa()) -> string().
+-spec beam_file(mod()) -> string().
 
-beam_file({M,F,A}) when is_atom(M), is_atom(F), is_integer(A), A >= 0 ->
-  beam_file(M);
 beam_file(Module) when is_atom(Module) ->
   case code:which(Module) of
     non_existing ->
@@ -432,7 +423,7 @@ beam_file(Module) when is_atom(Module) ->
 
 %% @spec compile(Name, File, options()) ->
 %%           {ok, {Target, Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       File = filename() | binary()
 %%       Binary = binary()
 %%       Reason = term()
@@ -442,18 +433,11 @@ beam_file(Module) when is_atom(Module) ->
 %%
 %% @see compile/2
 
--spec compile(c_unit(), compile_file(), comp_options()) ->
+-spec compile(mod(), compile_file(), comp_options()) ->
 	 {'ok', compile_ret()} | {'error', term()}.
 
-compile(Name, File, Opts0) ->
-  Opts1 = expand_kt2(Opts0),
-  Opts = 
-    case Name of
-      {_Mod, _Fun, _Arity} ->
-	[no_concurrent_comp|Opts1];
-      _ ->
-	Opts1
-    end,
+compile(Name, File, Opts0) when is_atom(Name) ->
+  Opts = expand_kt2(Opts0),
   case proplists:get_value(core, Opts) of
     true when is_binary(File) ->
       ?error_msg("Cannot get Core Erlang code from BEAM binary.",[]),
@@ -486,23 +470,11 @@ compile(Name, File, Opts0) ->
 	  ?EXIT({cant_compile_source_code, Error})
       end;
     Other when Other =:= false; Other =:= undefined ->
-      NewOpts =
-	case proplists:get_value(use_callgraph, Opts) of
-	  No when No =:= false; No =:= undefined -> Opts;
-	  _ ->
-	    case Name of
-	      {_M,_F,_A} ->
-		%% There is no point in using the callgraph or concurrent_comp
-		%% when analyzing just one function.
-		[no_use_callgraph, no_concurrent_comp|Opts];
-	      _ -> Opts
-	    end
-	end,
       DisasmFun = fun (_) -> disasm(File) end,
       IcodeFun = fun (Code, Opts_) ->
 		     get_beam_icode(Name, Code, File, Opts_)
 		 end,
-      run_compiler(Name, DisasmFun, IcodeFun, NewOpts)
+      run_compiler(Name, DisasmFun, IcodeFun, Opts)
   end.
 
 -spec compile_core(mod(), cerl:c_module(), compile_file(), comp_options()) ->
@@ -602,9 +574,13 @@ file(File, Options) when is_atom(File) ->
 disasm(File) ->
   case beam_disasm:file(File) of
     #beam_file{labeled_exports = LabeledExports,
-	       compile_info = CompInfo,
+	       compile_info = CompInfo0,
 	       code = BeamCode} ->
-      {options, CompOpts} = lists:keyfind(options, 1, CompInfo),
+      CompInfo = case CompInfo0 of
+		   none -> [];
+		   _ -> CompInfo0
+		 end,
+      CompOpts = proplists:get_value(options, CompInfo, []),
       HCompOpts = case lists:keyfind(hipe, 1, CompOpts) of
 		    {hipe, L} when is_list(L) -> L;
 		    {hipe, X} -> [X];
@@ -625,11 +601,6 @@ fix_beam_exports([{F,A,_}|BeamExports], Exports) ->
 fix_beam_exports([], Exports) ->
   Exports.
 
-get_beam_icode({M,_F,_A} = MFA, {BeamCode, Exports}, _File, Options) ->
-  ?option_time({ok, Icode} = 
-	       (catch {ok, hipe_beam_to_icode:mfa(BeamCode, MFA, Options)}),
-	       "BEAM-to-Icode", Options),
-  {{M, Exports, Icode}, false};
 get_beam_icode(Mod, {BeamCode, Exports}, File, Options) ->
   ?option_time({ok, Icode} =
 	       (catch {ok, hipe_beam_to_icode:module(BeamCode, Options)}),
@@ -899,7 +870,8 @@ maybe_load(Mod, Bin, WholeModule, Opts) ->
       do_load(Mod, Bin, WholeModule)
   end.
 
-do_load(Mod, Bin, WholeModule) ->
+do_load(Mod, Bin, BeamBinOrPath) when is_binary(BeamBinOrPath);
+				      is_list(BeamBinOrPath) ->
   HostArch = get(hipe_host_arch),
   TargetArch = get(hipe_target_arch),
   %% Make sure we can do the load.
@@ -907,29 +879,22 @@ do_load(Mod, Bin, WholeModule) ->
     ?EXIT({host_and_target_arch_differ, HostArch, TargetArch});
     true -> ok
   end,
-  case WholeModule of 
+  case code:is_sticky(Mod) of
+    true ->
+      %% We unpack and repack the Beam binary as a workaround to
+      %% ensure that it is not compressed.
+      {ok, _, Chunks} = beam_lib:all_chunks(BeamBinOrPath),
+      {ok, Beam} = beam_lib:build_module(Chunks),
+      %% Don't purge or register sticky mods; just load native.
+      code:load_native_sticky(Mod, Bin, Beam);
     false ->
-      %% In this case, the emulated code for the module must be loaded.
-      {module, Mod} = code:ensure_loaded(Mod),
-      code:load_native_partial(Mod, Bin);
-    BeamBinOrPath when is_binary(BeamBinOrPath) orelse is_list(BeamBinOrPath) ->
-      case code:is_sticky(Mod) of
-	true ->
-	  %% We unpack and repack the Beam binary as a workaround to
-	  %% ensure that it is not compressed.
-	  {ok, _, Chunks} = beam_lib:all_chunks(WholeModule),
-	  {ok, Beam} = beam_lib:build_module(Chunks),
-	  %% Don't purge or register sticky mods; just load native.
-	  code:load_native_sticky(Mod, Bin, Beam);
-	false ->
-	  %% Normal loading of a whole module
-	  Architecture = erlang:system_info(hipe_architecture),
-	  ChunkName = hipe_unified_loader:chunk_name(Architecture),
-	  {ok, _, Chunks0} = beam_lib:all_chunks(WholeModule),
-	  Chunks = [{ChunkName, Bin}|lists:keydelete(ChunkName, 1, Chunks0)],
-	  {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
-	  code:load_binary(Mod, code:which(Mod), BeamPlusNative)
-      end
+      %% Normal loading of a whole module
+      Architecture = erlang:system_info(hipe_architecture),
+      ChunkName = hipe_unified_loader:chunk_name(Architecture),
+      {ok, _, Chunks0} = beam_lib:all_chunks(BeamBinOrPath),
+      Chunks = [{ChunkName, Bin}|lists:keydelete(ChunkName, 1, Chunks0)],
+      {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
+      code:load_binary(Mod, code:which(Mod), BeamPlusNative)
   end.
 
 assemble(CompiledCode, Closures, Exports, Options) ->
diff --git a/lib/hipe/opt/Makefile b/lib/hipe/opt/Makefile
index 74fde26c0b..4596201801 100644
--- a/lib/hipe/opt/Makefile
+++ b/lib/hipe/opt/Makefile
@@ -63,7 +63,7 @@ DOC_FILES= $(MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/opt/hipe_schedule.erl b/lib/hipe/opt/hipe_schedule.erl
index 4925b2927b..4f153e17ad 100644
--- a/lib/hipe/opt/hipe_schedule.erl
+++ b/lib/hipe/opt/hipe_schedule.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -797,7 +797,7 @@ dep_arc(N, Lat, M, {Dag,Preds}) ->
 %% Returns     : A dependence graph sorted by To. 
 %% Description : A new arc that is added is sorted in the right place, and if
 %%               there is already an arc between nodes A and B, the one with 
-%%               the greatest latency is choosen.
+%%               the greatest latency is chosen.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 add_arc(Lat,To, []) -> {[{Lat, To}], added};
 add_arc(Lat1, To, [{Lat2, To} | Arcs]) ->
diff --git a/lib/hipe/rtl/Makefile b/lib/hipe/rtl/Makefile
index 55d20af8af..48086ec79f 100644
--- a/lib/hipe/rtl/Makefile
+++ b/lib/hipe/rtl/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2001-2010. All Rights Reserved.
+# Copyright Ericsson AB 2001-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -108,10 +108,30 @@ release_spec: opt
 release_docs_spec:
 
 
-HIPE_MKLITERALS=$(ERL_TOP)/bin/$(TARGET)/hipe_mkliterals
+ifeq ($(TYPE),debug)
+TYPE_STR=.debug
+else
+TYPE_STR=
+endif
+
+ifeq ($(FLAVOR),smp)
+FLAVOR_STR=.smp
+else
+FLAVOR_STR=
+endif
+
+ifeq ($(XCOMP),yes)
+MKLIT_FLAGS= -x
+else
+MKLIT_FLAGS=
+endif
+
+
+HIPE_MKLITERALS=$(ERL_TOP)/bin/$(TARGET)/hipe_mkliterals$(TYPE_STR)$(FLAVOR_STR)
+
 
 hipe_literals.hrl: $(HIPE_MKLITERALS)
-	$(HIPE_MKLITERALS) -e > hipe_literals.hrl
+	$(HIPE_MKLITERALS) $(MKLIT_FLAGS) -e > hipe_literals.hrl
 
 # Need to generate hipe.hrl from one and only one target in one and only
 # one makefile; otherwise, clearmake will force rebuilds of hipe over and
@@ -119,27 +139,35 @@ hipe_literals.hrl: $(HIPE_MKLITERALS)
 ../main/hipe.hrl: ../vsn.mk ../main/hipe.hrl.src
 	(cd ../main && $(MAKE) hipe.hrl)
 
-$(EBIN)/hipe_rtl.beam: hipe_rtl.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_arch.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_binary.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_bin_util.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_cfg.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/cfg.inc ../main/hipe.hrl
-$(EBIN)/hipe_rtl_cleanup_const.beam: hipe_rtl.hrl
-$(EBIN)/hipe_rtl_liveness.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/liveness.inc
-$(EBIN)/hipe_icode2rtl.beam: hipe_literals.hrl ../main/hipe.hrl ../icode/hipe_icode.hrl
-$(EBIN)/hipe_tagscheme.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_primops.beam: hipe_rtl.hrl ../icode/hipe_icode_primops.hrl hipe_literals.hrl ../main/hipe.hrl
+# 2012-02-24. Please keep these dependencies up to date. They tend to rot.
+# grep ^-include *.erl says a lot, but you need to dig further, e.g:
+# grep ^-include ../flow/*.{hrl,inc}
+$(EBIN)/hipe_icode2rtl.beam: \
+	../main/hipe.hrl ../icode/hipe_icode.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_arch.beam: hipe_literals.hrl
 $(EBIN)/hipe_rtl_arith_32.beam: ../main/hipe.hrl hipe_rtl_arith.inc
 $(EBIN)/hipe_rtl_arith_64.beam: ../main/hipe.hrl hipe_rtl_arith.inc
-$(EBIN)/hipe_rtl_bs_ops.beam: hipe_literals.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_cerl_bs_ops.beam: ../main/hipe.hrl hipe_literals.hrl hipe_rtl.hrl
-$(EBIN)/hipe_rtl_exceptions.beam: hipe_literals.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_inline_bs_ops.beam: hipe_rtl.hrl hipe_literals.hrl ../main/hipe.hrl
+$(EBIN)/hipe_rtl_binary_construct.beam: \
+	../main/hipe.hrl hipe_rtl.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_binary_match.beam: hipe_literals.hrl
+$(EBIN)/hipe_rtl_cfg.beam: \
+	../main/hipe.hrl hipe_rtl.hrl ../flow/cfg.hrl ../flow/cfg.inc
+$(EBIN)/hipe_rtl_cleanup_const.beam: hipe_rtl.hrl
+$(EBIN)/hipe_rtl.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_exceptions.beam: ../main/hipe.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_lcm.beam: ../main/hipe.hrl hipe_rtl.hrl ../flow/cfg.hrl
+$(EBIN)/hipe_rtl_liveness.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/liveness.inc
 $(EBIN)/hipe_rtl_mk_switch.beam: ../main/hipe.hrl
-$(EBIN)/hipe_rtl_lcm.beam: ../flow/cfg.hrl hipe_rtl.hrl
-$(EBIN)/hipe_rtl_symbolic.beam: hipe_rtl.hrl hipe_literals.hrl ../flow/cfg.hrl ../icode/hipe_icode_primops.hrl
-$(EBIN)/hipe_rtl_varmap.beam: ../main/hipe.hrl ../icode/hipe_icode.hrl
-
-$(EBIN)/hipe_rtl_ssa.beam: ../ssa/hipe_ssa.inc ../main/hipe.hrl ../ssa/hipe_ssa_liveness.inc hipe_rtl.hrl
-$(EBIN)/hipe_rtl_ssa_const_prop.beam: hipe_rtl.hrl ../main/hipe.hrl ../flow/cfg.hrl ../ssa/hipe_ssa_const_prop.inc
-$(EBIN)/hipe_rtl_ssapre.beam: ../main/hipe.hrl ../flow/cfg.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_primops.beam: ../main/hipe.hrl \
+	../icode/hipe_icode_primops.hrl hipe_rtl.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_ssa_avail_expr.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_ssa_const_prop.beam: ../main/hipe.hrl hipe_rtl.hrl \
+	../flow/cfg.hrl ../ssa/hipe_ssa_const_prop.inc
+$(EBIN)/hipe_rtl_ssa.beam: hipe_rtl.hrl \
+	../main/hipe.hrl ../ssa/hipe_ssa_liveness.inc ../ssa/hipe_ssa.inc
+$(EBIN)/hipe_rtl_ssapre.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_symbolic.beam: hipe_rtl.hrl hipe_literals.hrl \
+	../icode/hipe_icode_primops.hrl
+$(EBIN)/hipe_rtl_varmap.beam: ../main/hipe.hrl \
+	../misc/hipe_consttab.hrl ../icode/hipe_icode.hrl
+$(EBIN)/hipe_tagscheme.beam: hipe_rtl.hrl hipe_literals.hrl
diff --git a/lib/hipe/rtl/hipe_rtl.erl b/lib/hipe/rtl/hipe_rtl.erl
index 29e9c8c8fe..4bf4eb6bd7 100644
--- a/lib/hipe/rtl/hipe_rtl.erl
+++ b/lib/hipe/rtl/hipe_rtl.erl
@@ -781,8 +781,11 @@ fstore_src_update(F, NewSrc) -> F#fstore{src=NewSrc}.
 %% fp
 %%
 
+    
 mk_fp(Dst, Src1, Op, Src2) -> 
-  #fp{dst=Dst, src1=Src1, op=Op, src2=Src2}.
+    [#fp{dst=Dst, src1=Src1, op=Op, src2=Src2}
+     | hipe_rtl_arch:mk_fp_check_result(Dst)].
+
 fp_dst(#fp{dst=Dst}) -> Dst.
 fp_dst_update(Fp, NewDst) -> Fp#fp{dst=NewDst}.
 fp_src1(#fp{src1=Src1}) -> Src1.
diff --git a/lib/hipe/rtl/hipe_rtl_arch.erl b/lib/hipe/rtl/hipe_rtl_arch.erl
index 22cda57a3a..99eb80f3d1 100644
--- a/lib/hipe/rtl/hipe_rtl_arch.erl
+++ b/lib/hipe/rtl/hipe_rtl_arch.erl
@@ -65,7 +65,8 @@
 	 %% alignment/0,
 	 nr_of_return_regs/0,
          log2_word_size/0,
-         word_size/0
+         word_size/0,
+	 mk_fp_check_result/1
 	]).
 
 -include("hipe_literals.hrl").
@@ -558,6 +559,12 @@ eval_cond_bits(Cond, N, Z, V, C) ->
 %%----------------------------------------------------------------------
 
 fwait() ->
+    case ?ERTS_NO_FPE_SIGNALS of
+	1 -> [];
+	0 -> fwait_real()
+    end.
+
+fwait_real() ->
   case get(hipe_target_arch) of
     x86 -> [hipe_rtl:mk_call([], 'fwait', [], [], [], not_remote)];
     amd64 -> [hipe_rtl:mk_call([], 'fwait', [], [], [], not_remote)];
@@ -573,6 +580,12 @@ fwait() ->
 %%   Returns RTL code to restore the FPU after a floating-point exception.
 %% @end
 handle_fp_exception() ->
+    case ?ERTS_NO_FPE_SIGNALS of
+	1 -> [];
+	0 -> handle_real_fp_exception()
+    end.
+
+handle_real_fp_exception() ->
   case get(hipe_target_arch) of
     x86 ->
       ContLbl = hipe_rtl:mk_new_label(),
@@ -655,3 +668,15 @@ nr_of_return_regs() ->
       1
     %% hipe_amd64_registers:nr_rets();
   end.
+
+
+mk_fp_check_result(Result) ->
+    case ?ERTS_NO_FPE_SIGNALS of
+	0 ->
+	    [];
+	1 ->
+	    [hipe_rtl:mk_fstore(proc_pointer(),
+				hipe_rtl:mk_imm(?P_FLOAT_RESULT),
+				Result),
+	     hipe_rtl:mk_call([], emulate_fpe, [], [], [], not_remote)]
+    end.
diff --git a/lib/hipe/rtl/hipe_rtl_lcm.erl b/lib/hipe/rtl/hipe_rtl_lcm.erl
index 9224623c8b..262aedb409 100644
--- a/lib/hipe/rtl/hipe_rtl_lcm.erl
+++ b/lib/hipe/rtl/hipe_rtl_lcm.erl
@@ -486,7 +486,7 @@ lcm_precalc(CFG, Options) ->
   ?option_time(NodeInfo2 = calc_down_exp(CFG, ExprMap, NodeInfo1, Labels), 
 	       "RTL LCM calc_down_exp", Options),
   ?option_time(NodeInfo3 = calc_killed_expr(CFG, NodeInfo2, UseMap, AllExpr, 
-					   Labels), 
+					    IdMap, Labels), 
 	       "RTL LCM calc_killed_exp", Options),
   ?option_time(NodeInfo4 = calc_avail(CFG, NodeInfo3), 
 	       "RTL LCM calc_avail", Options),
@@ -815,19 +815,19 @@ exp_kill_expr(Instr, [CheckedExpr|Exprs]) ->
 
 %%=============================================================================
 %% Calculates the killed expression sets for all given labels.
-calc_killed_expr(_, NodeInfo, _, _, []) ->
+calc_killed_expr(_, NodeInfo, _, _, _, []) ->
   NodeInfo;
-calc_killed_expr(CFG, NodeInfo, UseMap, AllExpr, [Label|Labels]) ->
+calc_killed_expr(CFG, NodeInfo, UseMap, AllExpr, IdMap, [Label|Labels]) ->
   Code = hipe_bb:code(hipe_rtl_cfg:bb(CFG, Label)),
-  KilledExprs = calc_killed_expr_bb(Code, UseMap, AllExpr, ?SETS:new()),
+  KilledExprs = calc_killed_expr_bb(Code, UseMap, AllExpr, IdMap, ?SETS:new()),
   NewNodeInfo = set_killed_expr(NodeInfo, Label, KilledExprs),
-  calc_killed_expr(CFG, NewNodeInfo, UseMap, AllExpr, Labels).
+  calc_killed_expr(CFG, NewNodeInfo, UseMap, AllExpr, IdMap, Labels).
 
 %%=============================================================================
 %% Calculates the killed expressions set for one basic block.
-calc_killed_expr_bb([], _UseMap, _AllExpr, KilledExprs) ->
+calc_killed_expr_bb([], _UseMap, _AllExpr, _IdMap, KilledExprs) ->
   KilledExprs;
-calc_killed_expr_bb([Instr|Instrs], UseMap, AllExpr, KilledExprs) ->
+calc_killed_expr_bb([Instr|Instrs], UseMap, AllExpr, IdMap, KilledExprs) ->
   %% Calls, gctests and stores potentially clobber everything
   case Instr of
     #call{} -> AllExpr;
@@ -837,7 +837,8 @@ calc_killed_expr_bb([Instr|Instrs], UseMap, AllExpr, KilledExprs) ->
       %% Kill all float expressions
       %% FIXME: Make separate function is_fp_expr
       ?SETS:from_list
-	(lists:foldl(fun(Expr, Fexprs) ->
+	(lists:foldl(fun(ExprId, Fexprs) ->
+			     Expr = expr_id_map_get_expr(IdMap, ExprId),
 			 [Define|_] = hipe_rtl:defines(Expr),
 			 case hipe_rtl:is_fpreg(Define) of
 			   true ->
@@ -849,10 +850,10 @@ calc_killed_expr_bb([Instr|Instrs], UseMap, AllExpr, KilledExprs) ->
     _ ->
       case hipe_rtl:defines(Instr) of
 	[] ->
-	  calc_killed_expr_bb(Instrs, UseMap, AllExpr, KilledExprs);
+	  calc_killed_expr_bb(Instrs, UseMap, AllExpr, IdMap, KilledExprs);
 	[Define|_] ->
 	  NewKilledExprs = use_map_get_expr_uses(UseMap, Define),
-	  calc_killed_expr_bb(Instrs, UseMap, AllExpr,
+	  calc_killed_expr_bb(Instrs, UseMap, AllExpr, IdMap,
 			      ?SETS:union(NewKilledExprs, KilledExprs))
       end
   end.
diff --git a/lib/hipe/tools/Makefile b/lib/hipe/tools/Makefile
index 0eaa3a7b05..f90d3c9f70 100644
--- a/lib/hipe/tools/Makefile
+++ b/lib/hipe/tools/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2002-2010. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -42,7 +42,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/hipe-$(VSN)
 # ----------------------------------------------------
 # Target Specs
 # ----------------------------------------------------
-MODULES = hipe_tool hipe_profile hipe_ceach hipe_jit
+MODULES = hipe_tool hipe_profile hipe_jit
 #	  hipe_timer
 
 HRL_FILES=
diff --git a/lib/hipe/tools/hipe_ceach.erl b/lib/hipe/tools/hipe_ceach.erl
deleted file mode 100644
index b29615e169..0000000000
--- a/lib/hipe/tools/hipe_ceach.erl
+++ /dev/null
@@ -1,74 +0,0 @@
-%% -*- erlang-indent-level: 2 -*-
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Copyright (c) 2001 by Erik Johansson.  All Rights Reserved 
-%% ====================================================================
-%%  Module   :	hipe_ceach
-%%  Purpose  :  Compile each function in a module, possibly applying a
-%%              fun between each compilation. Useful for bug hunting by
-%%		pinpointing a function that when compiled causes a bug.
-%%  Notes    : 
-%%  History  :	* 2001-12-11 Erik Johansson ([email protected]): Created.
-%% ====================================================================
-%%  Exports  :
-%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
--module(hipe_ceach).
-
--export([c/1, c/2, c/3]).
-
--include("../main/hipe.hrl").
-
-%%---------------------------------------------------------------------
-
--spec c(atom()) -> 'ok'.
-
-c(M) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A) end,
-		M:module_info(functions)).
-
--spec c(atom(), comp_options()) -> 'ok'.
-
-c(M, Opts) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A, Opts) end,
-		M:module_info(functions)).
-
--spec c(atom(), comp_options(), fun(() -> any())) -> 'ok'.
-
-c(M, Opts, Fn) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A, Opts), Fn() end,
-		M:module_info(functions)).
-
--spec comp(atom(), atom(), arity()) -> 'ok'.
-
-comp(M, F, A) ->
-  io:format("~w:~w/~w... ", [M, F, A]),
-  MFA = {M, F, A},
-  {ok, MFA} = hipe:c(MFA),
-  io:format("OK\n").
-
--spec comp(atom(), atom(), arity(), comp_options()) -> 'ok'.
-
-comp(M, F, A, Opts) ->
-  io:format("~w:~w/~w... ", [M, F, A]),
-  MFA = {M, F, A},
-  {ok, MFA} = hipe:c(MFA, Opts),
-  io:format("OK\n").
diff --git a/lib/hipe/tools/hipe_profile.erl b/lib/hipe/tools/hipe_profile.erl
index 7566acb8f4..ea6b1fb42c 100644
--- a/lib/hipe/tools/hipe_profile.erl
+++ b/lib/hipe/tools/hipe_profile.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ calls() ->
 %%   F(), 
 %%   %% Get result.
 %%   R = res(),
-%%   %% Turn of profiling.
+%%   %% Turn off profiling.
 %%   prof_off(),
 %%   R.
 
diff --git a/lib/hipe/util/hipe_dot.erl b/lib/hipe/util/hipe_dot.erl
index d6ef801c88..e4a47ae0c4 100755..100644
--- a/lib/hipe/util/hipe_dot.erl
+++ b/lib/hipe/util/hipe_dot.erl
@@ -2,7 +2,7 @@
 %%%
 %%% %CopyrightBegin%
 %%% 
-%%% Copyright Ericsson AB 2004-2009. All Rights Reserved.
+%%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%% 
 %%% The contents of this file are subject to the Erlang Public License,
 %%% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/vsn.mk b/lib/hipe/vsn.mk
index 65e04ff7fa..347a0336cd 100644
--- a/lib/hipe/vsn.mk
+++ b/lib/hipe/vsn.mk
@@ -1 +1 @@
-HIPE_VSN = 3.8.1
+HIPE_VSN = 3.9
diff --git a/lib/ic/c_src/Makefile.in b/lib/ic/c_src/Makefile.in
index 6eef7827b9..5e034c47c6 100644
--- a/lib/ic/c_src/Makefile.in
+++ b/lib/ic/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1998-2009. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -125,13 +125,9 @@ docs:
 # Special Build Targets
 # ----------------------------------------------------
 
-$(OBJDIR):
-	-mkdir -p $(OBJDIR)
+_create_dirs := $(shell mkdir -p $(OBJDIR) $(LIBDIR))
 
-$(LIBDIR):
-	-mkdir -p $(LIBDIR)
-
-$(LIBRARY): $(OBJDIR) $(LIBDIR) $(OBJ_FILES) 
+$(LIBRARY): $(OBJ_FILES) 
 	-$(AR) $(AR_OUT) $@ $(OBJ_FILES) 
 	-$(RANLIB) $@
 
diff --git a/lib/ic/doc/src/Makefile b/lib/ic/doc/src/Makefile
index 8eda436a24..208f16e441 100644
--- a/lib/ic/doc/src/Makefile
+++ b/lib/ic/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1998-2010. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -26,13 +26,6 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk
 include ../../vsn.mk
 VSN=$(IC_VSN)
 APPLICATION=ic
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
 
 # ----------------------------------------------------
 # Java specific
@@ -96,32 +89,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-TOP_PS_FILE  = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif 
-
 JAVA_SOURCE_FILES = \
 	Holder.java \
 	BooleanHolder.java \
@@ -209,8 +180,6 @@ JAVADOCFLAGS = \
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 ifneq (,$(JAVA))
 docs: pdf html man $(JAVADOC_GENERATED_FILES)
 else
@@ -229,38 +198,11 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~ 
 
-else 
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html $(JAVADOC_GENERATED_FILES) gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
+$(JAVADOC_GENERATED_FILES): JAVADOC-GENERATED
 
-html: $(HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-	rm -rf $(JAVA_OUT_DIR)
-
-endif
-
-$(JAVA_OUT_DIR):
-	mkdir $(JAVA_OUT_DIR)
-
-$(JAVADOC_GENERATED_FILES): $(JAVA_OUT_DIR)
+JAVADOC-GENERATED: $(JAVA_SOURCE_FILES:%=$(JAVA_SOURCE_DIR)/%)
 	@(cd ../../java_src; $(JAVADOC) $(JAVADOCFLAGS) com.ericsson.otp.ic)
+	>JAVADOC-GENERATED
 
 man: $(MAN3_FILES)
 
@@ -277,8 +219,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -288,46 +228,4 @@ release_docs_spec: docs
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-ifneq (,$(JAVA))
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html/java
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html/java/resources
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html/java/com
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html/java/com/ericsson
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html/java/com/ericsson/otp
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html/java/com/ericsson/otp/ic
-	$(INSTALL_DATA) $(JAVADOC_INDEX_HTML_FILES) \
-		$(RELSYSDIR)/doc/html/java
-	$(INSTALL_DATA) $(JD_GIF_FILES) \
-		$(RELSYSDIR)/doc/html/java/resources
-	$(INSTALL_DATA) $(JAVADOC_PACK_HTML_FILES) \
-		$(RELSYSDIR)/doc/html/java/com/ericsson/otp/ic
-endif
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
-
-
 release_spec:
-
-
diff --git a/lib/ic/doc/src/make.dep b/lib/ic/doc/src/make.dep
deleted file mode 100644
index 64694ee85a..0000000000
--- a/lib/ic/doc/src/make.dep
+++ /dev/null
@@ -1,24 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex c-part.tex ch_basic_idl.tex ch_c_client.tex \
-		ch_c_corba_env.tex ch_c_mapping.tex ch_c_server.tex \
-		ch_erl_genserv.tex ch_erl_plain.tex ch_ic_protocol.tex \
-		ch_introduction.tex ch_java.tex erl-part.tex \
-		ic.tex ic_c_protocol.tex ic_clib.tex java-part.tex \
-		ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/ic/doc/src/notes.xml b/lib/ic/doc/src/notes.xml
index ff289bd76c..6329bf1fb5 100644
--- a/lib/ic/doc/src/notes.xml
+++ b/lib/ic/doc/src/notes.xml
@@ -30,7 +30,25 @@
     <file>notes.xml</file>
   </header>
 
-   <section>
+   <section><title>IC 4.2.29</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>IC 4.2.28</title>
 
     <section>
diff --git a/lib/ic/examples/pre_post_condition/Makefile b/lib/ic/examples/pre_post_condition/Makefile
index 68e2168e1e..8f85babb1a 100644
--- a/lib/ic/examples/pre_post_condition/Makefile
+++ b/lib/ic/examples/pre_post_condition/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -100,7 +100,7 @@ YRL_FLAGS =
 debug opt: $(TARGET_FILES) 
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_ERL_MODULES:%=%.erl) $(GEN_HRL_FILES) $(CLASS_FILES)
+	rm -f $(TARGET_FILES) $(GEN_ERL_MODULES:%=%.erl) $(GEN_HRL_FILES) $(CLASS_FILES) IDL-GENERATED
 	rm -f errs core *~
 
 docs:
@@ -108,9 +108,14 @@ docs:
 test: $(TEST_TARGET_FILES)
 
 
-$(GEN_ERL_MODULES:%=%.erl) $(GEN_HRL_FILES): ex.idl
+IDL-GENERATED: ex.idl
 	erlc $(ERL_LOCAL_FLAGS) +'{precond,{tracer,pre}}' \
 		+'{{postcond,"m::i::f"},{tracer,post}}' ex.idl
+	>IDL-GENERATED
+
+$(GEN_ERL_MODULES:%=%.erl) $(GEN_HRL_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/ic/java_src/com/ericsson/otp/ic/ignore_config_record.inf b/lib/ic/java_src/com/ericsson/otp/ic/ignore_config_record.inf
deleted file mode 100644
index 34e5586175..0000000000
--- a/lib/ic/java_src/com/ericsson/otp/ic/ignore_config_record.inf
+++ /dev/null
@@ -1 +0,0 @@
-Dummy to speed up compilatio
diff --git a/lib/ic/vsn.mk b/lib/ic/vsn.mk
index 703c8d29eb..e21fc8fbb2 100644
--- a/lib/ic/vsn.mk
+++ b/lib/ic/vsn.mk
@@ -1 +1 @@
-IC_VSN = 4.2.28
+IC_VSN = 4.2.29
diff --git a/lib/inets/Makefile b/lib/inets/Makefile
index 4765a2ca3c..d837a3396a 100644
--- a/lib/inets/Makefile
+++ b/lib/inets/Makefile
@@ -31,12 +31,16 @@ VSN = $(INETS_VSN)
 
 SPECIAL_TARGETS = 
 
+DIA_PLT      = ./priv/plt/$(APPLICATION).plt
+DIA_ANALYSIS = $(basename $(DIA_PLT)).dialyzer_analysis
+
+
 # ----------------------------------------------------
 # Default Subdir Targets
 # ----------------------------------------------------
 include $(ERL_TOP)/make/otp_subdir.mk
 
-.PHONY: info gclean
+.PHONY: info gclean dialyzer dialyzer_plt dclean
 
 info:
 	@echo "OS:        $(OS)"
@@ -45,6 +49,29 @@ info:
 	@echo "INETS_VSN: $(INETS_VSN)"
 	@echo "APP_VSN:   $(APP_VSN)"
 	@echo ""
+	@echo "DIA_PLT:      $(DIA_PLT)"
+	@echo "DIA_ANALYSIS: $(DIA_ANALYSIS)"
+	@echo ""
 
 gclean: 
 	git clean -fXd
+
+dclean:
+	rm -f $(DIA_PLT)
+	rm -f $(DIA_ANALYSIS)
+
+dialyzer_plt: $(DIA_PLT)
+
+$(DIA_PLT): 
+	@echo "Building $(APPLICATION) plt file"
+	@dialyzer --build_plt \
+                  --output_plt $@ \
+                  -r ../$(APPLICATION)/ebin \
+                  --output $(DIA_ANALYSIS) \
+                  --verbose
+
+dialyzer: $(DIA_PLT)
+	@echo "Running dialyzer on $(APPLICATION)"
+	@dialyzer --plt $< \
+                  ../$(APPLICATION)/ebin \
+                  --verbose
diff --git a/lib/inets/doc/archive/rfc3986.txt b/lib/inets/doc/archive/rfc3986.txt
new file mode 100644
index 0000000000..c56ed4eb70
--- /dev/null
+++ b/lib/inets/doc/archive/rfc3986.txt
@@ -0,0 +1,3419 @@
+
+
+
+
+
+
+Network Working Group                                     T. Berners-Lee
+Request for Comments: 3986                                       W3C/MIT
+STD: 66                                                      R. Fielding
+Updates: 1738                                               Day Software
+Obsoletes: 2732, 2396, 1808                                  L. Masinter
+Category: Standards Track                                  Adobe Systems
+                                                            January 2005
+
+
+           Uniform Resource Identifier (URI): Generic Syntax
+
+Status of This Memo
+
+   This document specifies an Internet standards track protocol for the
+   Internet community, and requests discussion and suggestions for
+   improvements.  Please refer to the current edition of the "Internet
+   Official Protocol Standards" (STD 1) for the standardization state
+   and status of this protocol.  Distribution of this memo is unlimited.
+
+Copyright Notice
+
+   Copyright (C) The Internet Society (2005).
+
+Abstract
+
+   A Uniform Resource Identifier (URI) is a compact sequence of
+   characters that identifies an abstract or physical resource.  This
+   specification defines the generic URI syntax and a process for
+   resolving URI references that might be in relative form, along with
+   guidelines and security considerations for the use of URIs on the
+   Internet.  The URI syntax defines a grammar that is a superset of all
+   valid URIs, allowing an implementation to parse the common components
+   of a URI reference without knowing the scheme-specific requirements
+   of every possible identifier.  This specification does not define a
+   generative grammar for URIs; that task is performed by the individual
+   specifications of each URI scheme.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 1]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+Table of Contents
+
+   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
+       1.1.  Overview of URIs . . . . . . . . . . . . . . . . . . . .  4
+             1.1.1.  Generic Syntax . . . . . . . . . . . . . . . . .  6
+             1.1.2.  Examples . . . . . . . . . . . . . . . . . . . .  7
+             1.1.3.  URI, URL, and URN  . . . . . . . . . . . . . . .  7
+       1.2.  Design Considerations  . . . . . . . . . . . . . . . . .  8
+             1.2.1.  Transcription  . . . . . . . . . . . . . . . . .  8
+             1.2.2.  Separating Identification from Interaction . . .  9
+             1.2.3.  Hierarchical Identifiers . . . . . . . . . . . . 10
+       1.3.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . 11
+   2.  Characters . . . . . . . . . . . . . . . . . . . . . . . . . . 11
+       2.1.  Percent-Encoding . . . . . . . . . . . . . . . . . . . . 12
+       2.2.  Reserved Characters  . . . . . . . . . . . . . . . . . . 12
+       2.3.  Unreserved Characters  . . . . . . . . . . . . . . . . . 13
+       2.4.  When to Encode or Decode . . . . . . . . . . . . . . . . 14
+       2.5.  Identifying Data . . . . . . . . . . . . . . . . . . . . 14
+   3.  Syntax Components  . . . . . . . . . . . . . . . . . . . . . . 16
+       3.1.  Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 17
+       3.2.  Authority  . . . . . . . . . . . . . . . . . . . . . . . 17
+             3.2.1.  User Information . . . . . . . . . . . . . . . . 18
+             3.2.2.  Host . . . . . . . . . . . . . . . . . . . . . . 18
+             3.2.3.  Port . . . . . . . . . . . . . . . . . . . . . . 22
+       3.3.  Path . . . . . . . . . . . . . . . . . . . . . . . . . . 22
+       3.4.  Query  . . . . . . . . . . . . . . . . . . . . . . . . . 23
+       3.5.  Fragment . . . . . . . . . . . . . . . . . . . . . . . . 24
+   4.  Usage  . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
+       4.1.  URI Reference  . . . . . . . . . . . . . . . . . . . . . 25
+       4.2.  Relative Reference . . . . . . . . . . . . . . . . . . . 26
+       4.3.  Absolute URI . . . . . . . . . . . . . . . . . . . . . . 27
+       4.4.  Same-Document Reference  . . . . . . . . . . . . . . . . 27
+       4.5.  Suffix Reference . . . . . . . . . . . . . . . . . . . . 27
+   5.  Reference Resolution . . . . . . . . . . . . . . . . . . . . . 28
+       5.1.  Establishing a Base URI  . . . . . . . . . . . . . . . . 28
+             5.1.1.  Base URI Embedded in Content . . . . . . . . . . 29
+             5.1.2.  Base URI from the Encapsulating Entity . . . . . 29
+             5.1.3.  Base URI from the Retrieval URI  . . . . . . . . 30
+             5.1.4.  Default Base URI . . . . . . . . . . . . . . . . 30
+       5.2.  Relative Resolution  . . . . . . . . . . . . . . . . . . 30
+             5.2.1.  Pre-parse the Base URI . . . . . . . . . . . . . 31
+             5.2.2.  Transform References . . . . . . . . . . . . . . 31
+             5.2.3.  Merge Paths  . . . . . . . . . . . . . . . . . . 32
+             5.2.4.  Remove Dot Segments  . . . . . . . . . . . . . . 33
+       5.3.  Component Recomposition  . . . . . . . . . . . . . . . . 35
+       5.4.  Reference Resolution Examples  . . . . . . . . . . . . . 35
+             5.4.1.  Normal Examples  . . . . . . . . . . . . . . . . 36
+             5.4.2.  Abnormal Examples  . . . . . . . . . . . . . . . 36
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 2]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   6.  Normalization and Comparison . . . . . . . . . . . . . . . . . 38
+       6.1.  Equivalence  . . . . . . . . . . . . . . . . . . . . . . 38
+       6.2.  Comparison Ladder  . . . . . . . . . . . . . . . . . . . 39
+             6.2.1.  Simple String Comparison . . . . . . . . . . . . 39
+             6.2.2.  Syntax-Based Normalization . . . . . . . . . . . 40
+             6.2.3.  Scheme-Based Normalization . . . . . . . . . . . 41
+             6.2.4.  Protocol-Based Normalization . . . . . . . . . . 42
+   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 43
+       7.1.  Reliability and Consistency  . . . . . . . . . . . . . . 43
+       7.2.  Malicious Construction . . . . . . . . . . . . . . . . . 43
+       7.3.  Back-End Transcoding . . . . . . . . . . . . . . . . . . 44
+       7.4.  Rare IP Address Formats  . . . . . . . . . . . . . . . . 45
+       7.5.  Sensitive Information  . . . . . . . . . . . . . . . . . 45
+       7.6.  Semantic Attacks . . . . . . . . . . . . . . . . . . . . 45
+   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 46
+   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 46
+   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 46
+       10.1. Normative References . . . . . . . . . . . . . . . . . . 46
+       10.2. Informative References . . . . . . . . . . . . . . . . . 47
+   A.  Collected ABNF for URI . . . . . . . . . . . . . . . . . . . . 49
+   B.  Parsing a URI Reference with a Regular Expression  . . . . . . 50
+   C.  Delimiting a URI in Context  . . . . . . . . . . . . . . . . . 51
+   D.  Changes from RFC 2396  . . . . . . . . . . . . . . . . . . . . 53
+       D.1.  Additions  . . . . . . . . . . . . . . . . . . . . . . . 53
+       D.2.  Modifications  . . . . . . . . . . . . . . . . . . . . . 53
+   Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
+   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 60
+   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 61
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 3]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+1.  Introduction
+
+   A Uniform Resource Identifier (URI) provides a simple and extensible
+   means for identifying a resource.  This specification of URI syntax
+   and semantics is derived from concepts introduced by the World Wide
+   Web global information initiative, whose use of these identifiers
+   dates from 1990 and is described in "Universal Resource Identifiers
+   in WWW" [RFC1630].  The syntax is designed to meet the
+   recommendations laid out in "Functional Recommendations for Internet
+   Resource Locators" [RFC1736] and "Functional Requirements for Uniform
+   Resource Names" [RFC1737].
+
+   This document obsoletes [RFC2396], which merged "Uniform Resource
+   Locators" [RFC1738] and "Relative Uniform Resource Locators"
+   [RFC1808] in order to define a single, generic syntax for all URIs.
+   It obsoletes [RFC2732], which introduced syntax for an IPv6 address.
+   It excludes portions of RFC 1738 that defined the specific syntax of
+   individual URI schemes; those portions will be updated as separate
+   documents.  The process for registration of new URI schemes is
+   defined separately by [BCP35].  Advice for designers of new URI
+   schemes can be found in [RFC2718].  All significant changes from RFC
+   2396 are noted in Appendix D.
+
+   This specification uses the terms "character" and "coded character
+   set" in accordance with the definitions provided in [BCP19], and
+   "character encoding" in place of what [BCP19] refers to as a
+   "charset".
+
+1.1.  Overview of URIs
+
+   URIs are characterized as follows:
+
+   Uniform
+
+      Uniformity provides several benefits.  It allows different types
+      of resource identifiers to be used in the same context, even when
+      the mechanisms used to access those resources may differ.  It
+      allows uniform semantic interpretation of common syntactic
+      conventions across different types of resource identifiers.  It
+      allows introduction of new types of resource identifiers without
+      interfering with the way that existing identifiers are used.  It
+      allows the identifiers to be reused in many different contexts,
+      thus permitting new applications or protocols to leverage a pre-
+      existing, large, and widely used set of resource identifiers.
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 4]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   Resource
+
+      This specification does not limit the scope of what might be a
+      resource; rather, the term "resource" is used in a general sense
+      for whatever might be identified by a URI.  Familiar examples
+      include an electronic document, an image, a source of information
+      with a consistent purpose (e.g., "today's weather report for Los
+      Angeles"), a service (e.g., an HTTP-to-SMS gateway), and a
+      collection of other resources.  A resource is not necessarily
+      accessible via the Internet; e.g., human beings, corporations, and
+      bound books in a library can also be resources.  Likewise,
+      abstract concepts can be resources, such as the operators and
+      operands of a mathematical equation, the types of a relationship
+      (e.g., "parent" or "employee"), or numeric values (e.g., zero,
+      one, and infinity).
+
+   Identifier
+
+      An identifier embodies the information required to distinguish
+      what is being identified from all other things within its scope of
+      identification.  Our use of the terms "identify" and "identifying"
+      refer to this purpose of distinguishing one resource from all
+      other resources, regardless of how that purpose is accomplished
+      (e.g., by name, address, or context).  These terms should not be
+      mistaken as an assumption that an identifier defines or embodies
+      the identity of what is referenced, though that may be the case
+      for some identifiers.  Nor should it be assumed that a system
+      using URIs will access the resource identified: in many cases,
+      URIs are used to denote resources without any intention that they
+      be accessed.  Likewise, the "one" resource identified might not be
+      singular in nature (e.g., a resource might be a named set or a
+      mapping that varies over time).
+
+   A URI is an identifier consisting of a sequence of characters
+   matching the syntax rule named <URI> in Section 3.  It enables
+   uniform identification of resources via a separately defined
+   extensible set of naming schemes (Section 3.1).  How that
+   identification is accomplished, assigned, or enabled is delegated to
+   each scheme specification.
+
+   This specification does not place any limits on the nature of a
+   resource, the reasons why an application might seek to refer to a
+   resource, or the kinds of systems that might use URIs for the sake of
+   identifying resources.  This specification does not require that a
+   URI persists in identifying the same resource over time, though that
+   is a common goal of all URI schemes.  Nevertheless, nothing in this
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 5]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   specification prevents an application from limiting itself to
+   particular types of resources, or to a subset of URIs that maintains
+   characteristics desired by that application.
+
+   URIs have a global scope and are interpreted consistently regardless
+   of context, though the result of that interpretation may be in
+   relation to the end-user's context.  For example, "http://localhost/"
+   has the same interpretation for every user of that reference, even
+   though the network interface corresponding to "localhost" may be
+   different for each end-user: interpretation is independent of access.
+   However, an action made on the basis of that reference will take
+   place in relation to the end-user's context, which implies that an
+   action intended to refer to a globally unique thing must use a URI
+   that distinguishes that resource from all other things.  URIs that
+   identify in relation to the end-user's local context should only be
+   used when the context itself is a defining aspect of the resource,
+   such as when an on-line help manual refers to a file on the end-
+   user's file system (e.g., "file:///etc/hosts").
+
+1.1.1.  Generic Syntax
+
+   Each URI begins with a scheme name, as defined in Section 3.1, that
+   refers to a specification for assigning identifiers within that
+   scheme.  As such, the URI syntax is a federated and extensible naming
+   system wherein each scheme's specification may further restrict the
+   syntax and semantics of identifiers using that scheme.
+
+   This specification defines those elements of the URI syntax that are
+   required of all URI schemes or are common to many URI schemes.  It
+   thus defines the syntax and semantics needed to implement a scheme-
+   independent parsing mechanism for URI references, by which the
+   scheme-dependent handling of a URI can be postponed until the
+   scheme-dependent semantics are needed.  Likewise, protocols and data
+   formats that make use of URI references can refer to this
+   specification as a definition for the range of syntax allowed for all
+   URIs, including those schemes that have yet to be defined.  This
+   decouples the evolution of identification schemes from the evolution
+   of protocols, data formats, and implementations that make use of
+   URIs.
+
+   A parser of the generic URI syntax can parse any URI reference into
+   its major components.  Once the scheme is determined, further
+   scheme-specific parsing can be performed on the components.  In other
+   words, the URI generic syntax is a superset of the syntax of all URI
+   schemes.
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 6]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+1.1.2.  Examples
+
+   The following example URIs illustrate several URI schemes and
+   variations in their common syntax components:
+
+      ftp://ftp.is.co.za/rfc/rfc1808.txt
+
+      http://www.ietf.org/rfc/rfc2396.txt
+
+      ldap://[2001:db8::7]/c=GB?objectClass?one
+
+      mailto:[email protected]
+
+      news:comp.infosystems.www.servers.unix
+
+      tel:+1-816-555-1212
+
+      telnet://192.0.2.16:80/
+
+      urn:oasis:names:specification:docbook:dtd:xml:4.1.2
+
+
+1.1.3.  URI, URL, and URN
+
+   A URI can be further classified as a locator, a name, or both.  The
+   term "Uniform Resource Locator" (URL) refers to the subset of URIs
+   that, in addition to identifying a resource, provide a means of
+   locating the resource by describing its primary access mechanism
+   (e.g., its network "location").  The term "Uniform Resource Name"
+   (URN) has been used historically to refer to both URIs under the
+   "urn" scheme [RFC2141], which are required to remain globally unique
+   and persistent even when the resource ceases to exist or becomes
+   unavailable, and to any other URI with the properties of a name.
+
+   An individual scheme does not have to be classified as being just one
+   of "name" or "locator".  Instances of URIs from any given scheme may
+   have the characteristics of names or locators or both, often
+   depending on the persistence and care in the assignment of
+   identifiers by the naming authority, rather than on any quality of
+   the scheme.  Future specifications and related documentation should
+   use the general term "URI" rather than the more restrictive terms
+   "URL" and "URN" [RFC3305].
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 7]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+1.2.  Design Considerations
+
+1.2.1.  Transcription
+
+   The URI syntax has been designed with global transcription as one of
+   its main considerations.  A URI is a sequence of characters from a
+   very limited set: the letters of the basic Latin alphabet, digits,
+   and a few special characters.  A URI may be represented in a variety
+   of ways; e.g., ink on paper, pixels on a screen, or a sequence of
+   character encoding octets.  The interpretation of a URI depends only
+   on the characters used and not on how those characters are
+   represented in a network protocol.
+
+   The goal of transcription can be described by a simple scenario.
+   Imagine two colleagues, Sam and Kim, sitting in a pub at an
+   international conference and exchanging research ideas.  Sam asks Kim
+   for a location to get more information, so Kim writes the URI for the
+   research site on a napkin.  Upon returning home, Sam takes out the
+   napkin and types the URI into a computer, which then retrieves the
+   information to which Kim referred.
+
+   There are several design considerations revealed by the scenario:
+
+   o  A URI is a sequence of characters that is not always represented
+      as a sequence of octets.
+
+   o  A URI might be transcribed from a non-network source and thus
+      should consist of characters that are most likely able to be
+      entered into a computer, within the constraints imposed by
+      keyboards (and related input devices) across languages and
+      locales.
+
+   o  A URI often has to be remembered by people, and it is easier for
+      people to remember a URI when it consists of meaningful or
+      familiar components.
+
+   These design considerations are not always in alignment.  For
+   example, it is often the case that the most meaningful name for a URI
+   component would require characters that cannot be typed into some
+   systems.  The ability to transcribe a resource identifier from one
+   medium to another has been considered more important than having a
+   URI consist of the most meaningful of components.
+
+   In local or regional contexts and with improving technology, users
+   might benefit from being able to use a wider range of characters;
+   such use is not defined by this specification.  Percent-encoded
+   octets (Section 2.1) may be used within a URI to represent characters
+   outside the range of the US-ASCII coded character set if this
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 8]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   representation is allowed by the scheme or by the protocol element in
+   which the URI is referenced.  Such a definition should specify the
+   character encoding used to map those characters to octets prior to
+   being percent-encoded for the URI.
+
+1.2.2.  Separating Identification from Interaction
+
+   A common misunderstanding of URIs is that they are only used to refer
+   to accessible resources.  The URI itself only provides
+   identification; access to the resource is neither guaranteed nor
+   implied by the presence of a URI.  Instead, any operation associated
+   with a URI reference is defined by the protocol element, data format
+   attribute, or natural language text in which it appears.
+
+   Given a URI, a system may attempt to perform a variety of operations
+   on the resource, as might be characterized by words such as "access",
+   "update", "replace", or "find attributes".  Such operations are
+   defined by the protocols that make use of URIs, not by this
+   specification.  However, we do use a few general terms for describing
+   common operations on URIs.  URI "resolution" is the process of
+   determining an access mechanism and the appropriate parameters
+   necessary to dereference a URI; this resolution may require several
+   iterations.  To use that access mechanism to perform an action on the
+   URI's resource is to "dereference" the URI.
+
+   When URIs are used within information retrieval systems to identify
+   sources of information, the most common form of URI dereference is
+   "retrieval": making use of a URI in order to retrieve a
+   representation of its associated resource.  A "representation" is a
+   sequence of octets, along with representation metadata describing
+   those octets, that constitutes a record of the state of the resource
+   at the time when the representation is generated.  Retrieval is
+   achieved by a process that might include using the URI as a cache key
+   to check for a locally cached representation, resolution of the URI
+   to determine an appropriate access mechanism (if any), and
+   dereference of the URI for the sake of applying a retrieval
+   operation.  Depending on the protocols used to perform the retrieval,
+   additional information might be supplied about the resource (resource
+   metadata) and its relation to other resources.
+
+   URI references in information retrieval systems are designed to be
+   late-binding: the result of an access is generally determined when it
+   is accessed and may vary over time or due to other aspects of the
+   interaction.  These references are created in order to be used in the
+   future: what is being identified is not some specific result that was
+   obtained in the past, but rather some characteristic that is expected
+   to be true for future results.  In such cases, the resource referred
+   to by the URI is actually a sameness of characteristics as observed
+
+
+
+Berners-Lee, et al.         Standards Track                     [Page 9]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   over time, perhaps elucidated by additional comments or assertions
+   made by the resource provider.
+
+   Although many URI schemes are named after protocols, this does not
+   imply that use of these URIs will result in access to the resource
+   via the named protocol.  URIs are often used simply for the sake of
+   identification.  Even when a URI is used to retrieve a representation
+   of a resource, that access might be through gateways, proxies,
+   caches, and name resolution services that are independent of the
+   protocol associated with the scheme name.  The resolution of some
+   URIs may require the use of more than one protocol (e.g., both DNS
+   and HTTP are typically used to access an "http" URI's origin server
+   when a representation isn't found in a local cache).
+
+1.2.3.  Hierarchical Identifiers
+
+   The URI syntax is organized hierarchically, with components listed in
+   order of decreasing significance from left to right.  For some URI
+   schemes, the visible hierarchy is limited to the scheme itself:
+   everything after the scheme component delimiter (":") is considered
+   opaque to URI processing.  Other URI schemes make the hierarchy
+   explicit and visible to generic parsing algorithms.
+
+   The generic syntax uses the slash ("/"), question mark ("?"), and
+   number sign ("#") characters to delimit components that are
+   significant to the generic parser's hierarchical interpretation of an
+   identifier.  In addition to aiding the readability of such
+   identifiers through the consistent use of familiar syntax, this
+   uniform representation of hierarchy across naming schemes allows
+   scheme-independent references to be made relative to that hierarchy.
+
+   It is often the case that a group or "tree" of documents has been
+   constructed to serve a common purpose, wherein the vast majority of
+   URI references in these documents point to resources within the tree
+   rather than outside it.  Similarly, documents located at a particular
+   site are much more likely to refer to other resources at that site
+   than to resources at remote sites.  Relative referencing of URIs
+   allows document trees to be partially independent of their location
+   and access scheme.  For instance, it is possible for a single set of
+   hypertext documents to be simultaneously accessible and traversable
+   via each of the "file", "http", and "ftp" schemes if the documents
+   refer to each other with relative references.  Furthermore, such
+   document trees can be moved, as a whole, without changing any of the
+   relative references.
+
+   A relative reference (Section 4.2) refers to a resource by describing
+   the difference within a hierarchical name space between the reference
+   context and the target URI.  The reference resolution algorithm,
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 10]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   presented in Section 5, defines how such a reference is transformed
+   to the target URI.  As relative references can only be used within
+   the context of a hierarchical URI, designers of new URI schemes
+   should use a syntax consistent with the generic syntax's hierarchical
+   components unless there are compelling reasons to forbid relative
+   referencing within that scheme.
+
+      NOTE: Previous specifications used the terms "partial URI" and
+      "relative URI" to denote a relative reference to a URI.  As some
+      readers misunderstood those terms to mean that relative URIs are a
+      subset of URIs rather than a method of referencing URIs, this
+      specification simply refers to them as relative references.
+
+   All URI references are parsed by generic syntax parsers when used.
+   However, because hierarchical processing has no effect on an absolute
+   URI used in a reference unless it contains one or more dot-segments
+   (complete path segments of "." or "..", as described in Section 3.3),
+   URI scheme specifications can define opaque identifiers by
+   disallowing use of slash characters, question mark characters, and
+   the URIs "scheme:." and "scheme:..".
+
+1.3.  Syntax Notation
+
+   This specification uses the Augmented Backus-Naur Form (ABNF)
+   notation of [RFC2234], including the following core ABNF syntax rules
+   defined by that specification: ALPHA (letters), CR (carriage return),
+   DIGIT (decimal digits), DQUOTE (double quote), HEXDIG (hexadecimal
+   digits), LF (line feed), and SP (space).  The complete URI syntax is
+   collected in Appendix A.
+
+2.  Characters
+
+   The URI syntax provides a method of encoding data, presumably for the
+   sake of identifying a resource, as a sequence of characters.  The URI
+   characters are, in turn, frequently encoded as octets for transport
+   or presentation.  This specification does not mandate any particular
+   character encoding for mapping between URI characters and the octets
+   used to store or transmit those characters.  When a URI appears in a
+   protocol element, the character encoding is defined by that protocol;
+   without such a definition, a URI is assumed to be in the same
+   character encoding as the surrounding text.
+
+   The ABNF notation defines its terminal values to be non-negative
+   integers (codepoints) based on the US-ASCII coded character set
+   [ASCII].  Because a URI is a sequence of characters, we must invert
+   that relation in order to understand the URI syntax.  Therefore, the
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 11]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   integer values used by the ABNF must be mapped back to their
+   corresponding characters via US-ASCII in order to complete the syntax
+   rules.
+
+   A URI is composed from a limited set of characters consisting of
+   digits, letters, and a few graphic symbols.  A reserved subset of
+   those characters may be used to delimit syntax components within a
+   URI while the remaining characters, including both the unreserved set
+   and those reserved characters not acting as delimiters, define each
+   component's identifying data.
+
+2.1.  Percent-Encoding
+
+   A percent-encoding mechanism is used to represent a data octet in a
+   component when that octet's corresponding character is outside the
+   allowed set or is being used as a delimiter of, or within, the
+   component.  A percent-encoded octet is encoded as a character
+   triplet, consisting of the percent character "%" followed by the two
+   hexadecimal digits representing that octet's numeric value.  For
+   example, "%20" is the percent-encoding for the binary octet
+   "00100000" (ABNF: %x20), which in US-ASCII corresponds to the space
+   character (SP).  Section 2.4 describes when percent-encoding and
+   decoding is applied.
+
+      pct-encoded = "%" HEXDIG HEXDIG
+
+   The uppercase hexadecimal digits 'A' through 'F' are equivalent to
+   the lowercase digits 'a' through 'f', respectively.  If two URIs
+   differ only in the case of hexadecimal digits used in percent-encoded
+   octets, they are equivalent.  For consistency, URI producers and
+   normalizers should use uppercase hexadecimal digits for all percent-
+   encodings.
+
+2.2.  Reserved Characters
+
+   URIs include components and subcomponents that are delimited by
+   characters in the "reserved" set.  These characters are called
+   "reserved" because they may (or may not) be defined as delimiters by
+   the generic syntax, by each scheme-specific syntax, or by the
+   implementation-specific syntax of a URI's dereferencing algorithm.
+   If data for a URI component would conflict with a reserved
+   character's purpose as a delimiter, then the conflicting data must be
+   percent-encoded before the URI is formed.
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 12]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      reserved    = gen-delims / sub-delims
+
+      gen-delims  = ":" / "/" / "?" / "#" / "[" / "]" / "@"
+
+      sub-delims  = "!" / "$" / "&" / "'" / "(" / ")"
+                  / "*" / "+" / "," / ";" / "="
+
+   The purpose of reserved characters is to provide a set of delimiting
+   characters that are distinguishable from other data within a URI.
+   URIs that differ in the replacement of a reserved character with its
+   corresponding percent-encoded octet are not equivalent.  Percent-
+   encoding a reserved character, or decoding a percent-encoded octet
+   that corresponds to a reserved character, will change how the URI is
+   interpreted by most applications.  Thus, characters in the reserved
+   set are protected from normalization and are therefore safe to be
+   used by scheme-specific and producer-specific algorithms for
+   delimiting data subcomponents within a URI.
+
+   A subset of the reserved characters (gen-delims) is used as
+   delimiters of the generic URI components described in Section 3.  A
+   component's ABNF syntax rule will not use the reserved or gen-delims
+   rule names directly; instead, each syntax rule lists the characters
+   allowed within that component (i.e., not delimiting it), and any of
+   those characters that are also in the reserved set are "reserved" for
+   use as subcomponent delimiters within the component.  Only the most
+   common subcomponents are defined by this specification; other
+   subcomponents may be defined by a URI scheme's specification, or by
+   the implementation-specific syntax of a URI's dereferencing
+   algorithm, provided that such subcomponents are delimited by
+   characters in the reserved set allowed within that component.
+
+   URI producing applications should percent-encode data octets that
+   correspond to characters in the reserved set unless these characters
+   are specifically allowed by the URI scheme to represent data in that
+   component.  If a reserved character is found in a URI component and
+   no delimiting role is known for that character, then it must be
+   interpreted as representing the data octet corresponding to that
+   character's encoding in US-ASCII.
+
+2.3.  Unreserved Characters
+
+   Characters that are allowed in a URI but do not have a reserved
+   purpose are called unreserved.  These include uppercase and lowercase
+   letters, decimal digits, hyphen, period, underscore, and tilde.
+
+      unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 13]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   URIs that differ in the replacement of an unreserved character with
+   its corresponding percent-encoded US-ASCII octet are equivalent: they
+   identify the same resource.  However, URI comparison implementations
+   do not always perform normalization prior to comparison (see Section
+   6).  For consistency, percent-encoded octets in the ranges of ALPHA
+   (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period (%2E),
+   underscore (%5F), or tilde (%7E) should not be created by URI
+   producers and, when found in a URI, should be decoded to their
+   corresponding unreserved characters by URI normalizers.
+
+2.4.  When to Encode or Decode
+
+   Under normal circumstances, the only time when octets within a URI
+   are percent-encoded is during the process of producing the URI from
+   its component parts.  This is when an implementation determines which
+   of the reserved characters are to be used as subcomponent delimiters
+   and which can be safely used as data.  Once produced, a URI is always
+   in its percent-encoded form.
+
+   When a URI is dereferenced, the components and subcomponents
+   significant to the scheme-specific dereferencing process (if any)
+   must be parsed and separated before the percent-encoded octets within
+   those components can be safely decoded, as otherwise the data may be
+   mistaken for component delimiters.  The only exception is for
+   percent-encoded octets corresponding to characters in the unreserved
+   set, which can be decoded at any time.  For example, the octet
+   corresponding to the tilde ("~") character is often encoded as "%7E"
+   by older URI processing implementations; the "%7E" can be replaced by
+   "~" without changing its interpretation.
+
+   Because the percent ("%") character serves as the indicator for
+   percent-encoded octets, it must be percent-encoded as "%25" for that
+   octet to be used as data within a URI.  Implementations must not
+   percent-encode or decode the same string more than once, as decoding
+   an already decoded string might lead to misinterpreting a percent
+   data octet as the beginning of a percent-encoding, or vice versa in
+   the case of percent-encoding an already percent-encoded string.
+
+2.5.  Identifying Data
+
+   URI characters provide identifying data for each of the URI
+   components, serving as an external interface for identification
+   between systems.  Although the presence and nature of the URI
+   production interface is hidden from clients that use its URIs (and is
+   thus beyond the scope of the interoperability requirements defined by
+   this specification), it is a frequent source of confusion and errors
+   in the interpretation of URI character issues.  Implementers have to
+   be aware that there are multiple character encodings involved in the
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 14]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   production and transmission of URIs: local name and data encoding,
+   public interface encoding, URI character encoding, data format
+   encoding, and protocol encoding.
+
+   Local names, such as file system names, are stored with a local
+   character encoding.  URI producing applications (e.g., origin
+   servers) will typically use the local encoding as the basis for
+   producing meaningful names.  The URI producer will transform the
+   local encoding to one that is suitable for a public interface and
+   then transform the public interface encoding into the restricted set
+   of URI characters (reserved, unreserved, and percent-encodings).
+   Those characters are, in turn, encoded as octets to be used as a
+   reference within a data format (e.g., a document charset), and such
+   data formats are often subsequently encoded for transmission over
+   Internet protocols.
+
+   For most systems, an unreserved character appearing within a URI
+   component is interpreted as representing the data octet corresponding
+   to that character's encoding in US-ASCII.  Consumers of URIs assume
+   that the letter "X" corresponds to the octet "01011000", and even
+   when that assumption is incorrect, there is no harm in making it.  A
+   system that internally provides identifiers in the form of a
+   different character encoding, such as EBCDIC, will generally perform
+   character translation of textual identifiers to UTF-8 [STD63] (or
+   some other superset of the US-ASCII character encoding) at an
+   internal interface, thereby providing more meaningful identifiers
+   than those resulting from simply percent-encoding the original
+   octets.
+
+   For example, consider an information service that provides data,
+   stored locally using an EBCDIC-based file system, to clients on the
+   Internet through an HTTP server.  When an author creates a file with
+   the name "Laguna Beach" on that file system, the "http" URI
+   corresponding to that resource is expected to contain the meaningful
+   string "Laguna%20Beach".  If, however, that server produces URIs by
+   using an overly simplistic raw octet mapping, then the result would
+   be a URI containing "%D3%81%87%A4%95%81@%C2%85%81%83%88".  An
+   internal transcoding interface fixes this problem by transcoding the
+   local name to a superset of US-ASCII prior to producing the URI.
+   Naturally, proper interpretation of an incoming URI on such an
+   interface requires that percent-encoded octets be decoded (e.g.,
+   "%20" to SP) before the reverse transcoding is applied to obtain the
+   local name.
+
+   In some cases, the internal interface between a URI component and the
+   identifying data that it has been crafted to represent is much less
+   direct than a character encoding translation.  For example, portions
+   of a URI might reflect a query on non-ASCII data, or numeric
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 15]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   coordinates on a map.  Likewise, a URI scheme may define components
+   with additional encoding requirements that are applied prior to
+   forming the component and producing the URI.
+
+   When a new URI scheme defines a component that represents textual
+   data consisting of characters from the Universal Character Set [UCS],
+   the data should first be encoded as octets according to the UTF-8
+   character encoding [STD63]; then only those octets that do not
+   correspond to characters in the unreserved set should be percent-
+   encoded.  For example, the character A would be represented as "A",
+   the character LATIN CAPITAL LETTER A WITH GRAVE would be represented
+   as "%C3%80", and the character KATAKANA LETTER A would be represented
+   as "%E3%82%A2".
+
+3.  Syntax Components
+
+   The generic URI syntax consists of a hierarchical sequence of
+   components referred to as the scheme, authority, path, query, and
+   fragment.
+
+      URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
+
+      hier-part   = "//" authority path-abempty
+                  / path-absolute
+                  / path-rootless
+                  / path-empty
+
+   The scheme and path components are required, though the path may be
+   empty (no characters).  When authority is present, the path must
+   either be empty or begin with a slash ("/") character.  When
+   authority is not present, the path cannot begin with two slash
+   characters ("//").  These restrictions result in five different ABNF
+   rules for a path (Section 3.3), only one of which will match any
+   given URI reference.
+
+   The following are two example URIs and their component parts:
+
+         foo://example.com:8042/over/there?name=ferret#nose
+         \_/   \______________/\_________/ \_________/ \__/
+          |           |            |            |        |
+       scheme     authority       path        query   fragment
+          |   _____________________|__
+         / \ /                        \
+         urn:example:animal:ferret:nose
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 16]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+3.1.  Scheme
+
+   Each URI begins with a scheme name that refers to a specification for
+   assigning identifiers within that scheme.  As such, the URI syntax is
+   a federated and extensible naming system wherein each scheme's
+   specification may further restrict the syntax and semantics of
+   identifiers using that scheme.
+
+   Scheme names consist of a sequence of characters beginning with a
+   letter and followed by any combination of letters, digits, plus
+   ("+"), period ("."), or hyphen ("-").  Although schemes are case-
+   insensitive, the canonical form is lowercase and documents that
+   specify schemes must do so with lowercase letters.  An implementation
+   should accept uppercase letters as equivalent to lowercase in scheme
+   names (e.g., allow "HTTP" as well as "http") for the sake of
+   robustness but should only produce lowercase scheme names for
+   consistency.
+
+      scheme      = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+
+   Individual schemes are not specified by this document.  The process
+   for registration of new URI schemes is defined separately by [BCP35].
+   The scheme registry maintains the mapping between scheme names and
+   their specifications.  Advice for designers of new URI schemes can be
+   found in [RFC2718].  URI scheme specifications must define their own
+   syntax so that all strings matching their scheme-specific syntax will
+   also match the <absolute-URI> grammar, as described in Section 4.3.
+
+   When presented with a URI that violates one or more scheme-specific
+   restrictions, the scheme-specific resolution process should flag the
+   reference as an error rather than ignore the unused parts; doing so
+   reduces the number of equivalent URIs and helps detect abuses of the
+   generic syntax, which might indicate that the URI has been
+   constructed to mislead the user (Section 7.6).
+
+3.2.  Authority
+
+   Many URI schemes include a hierarchical element for a naming
+   authority so that governance of the name space defined by the
+   remainder of the URI is delegated to that authority (which may, in
+   turn, delegate it further).  The generic syntax provides a common
+   means for distinguishing an authority based on a registered name or
+   server address, along with optional port and user information.
+
+   The authority component is preceded by a double slash ("//") and is
+   terminated by the next slash ("/"), question mark ("?"), or number
+   sign ("#") character, or by the end of the URI.
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 17]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      authority   = [ userinfo "@" ] host [ ":" port ]
+
+   URI producers and normalizers should omit the ":" delimiter that
+   separates host from port if the port component is empty.  Some
+   schemes do not allow the userinfo and/or port subcomponents.
+
+   If a URI contains an authority component, then the path component
+   must either be empty or begin with a slash ("/") character.  Non-
+   validating parsers (those that merely separate a URI reference into
+   its major components) will often ignore the subcomponent structure of
+   authority, treating it as an opaque string from the double-slash to
+   the first terminating delimiter, until such time as the URI is
+   dereferenced.
+
+3.2.1.  User Information
+
+   The userinfo subcomponent may consist of a user name and, optionally,
+   scheme-specific information about how to gain authorization to access
+   the resource.  The user information, if present, is followed by a
+   commercial at-sign ("@") that delimits it from the host.
+
+      userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
+
+   Use of the format "user:password" in the userinfo field is
+   deprecated.  Applications should not render as clear text any data
+   after the first colon (":") character found within a userinfo
+   subcomponent unless the data after the colon is the empty string
+   (indicating no password).  Applications may choose to ignore or
+   reject such data when it is received as part of a reference and
+   should reject the storage of such data in unencrypted form.  The
+   passing of authentication information in clear text has proven to be
+   a security risk in almost every case where it has been used.
+
+   Applications that render a URI for the sake of user feedback, such as
+   in graphical hypertext browsing, should render userinfo in a way that
+   is distinguished from the rest of a URI, when feasible.  Such
+   rendering will assist the user in cases where the userinfo has been
+   misleadingly crafted to look like a trusted domain name
+   (Section 7.6).
+
+3.2.2.  Host
+
+   The host subcomponent of authority is identified by an IP literal
+   encapsulated within square brackets, an IPv4 address in dotted-
+   decimal form, or a registered name.  The host subcomponent is case-
+   insensitive.  The presence of a host subcomponent within a URI does
+   not imply that the scheme requires access to the given host on the
+   Internet.  In many cases, the host syntax is used only for the sake
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 18]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   of reusing the existing registration process created and deployed for
+   DNS, thus obtaining a globally unique name without the cost of
+   deploying another registry.  However, such use comes with its own
+   costs: domain name ownership may change over time for reasons not
+   anticipated by the URI producer.  In other cases, the data within the
+   host component identifies a registered name that has nothing to do
+   with an Internet host.  We use the name "host" for the ABNF rule
+   because that is its most common purpose, not its only purpose.
+
+      host        = IP-literal / IPv4address / reg-name
+
+   The syntax rule for host is ambiguous because it does not completely
+   distinguish between an IPv4address and a reg-name.  In order to
+   disambiguate the syntax, we apply the "first-match-wins" algorithm:
+   If host matches the rule for IPv4address, then it should be
+   considered an IPv4 address literal and not a reg-name.  Although host
+   is case-insensitive, producers and normalizers should use lowercase
+   for registered names and hexadecimal addresses for the sake of
+   uniformity, while only using uppercase letters for percent-encodings.
+
+   A host identified by an Internet Protocol literal address, version 6
+   [RFC3513] or later, is distinguished by enclosing the IP literal
+   within square brackets ("[" and "]").  This is the only place where
+   square bracket characters are allowed in the URI syntax.  In
+   anticipation of future, as-yet-undefined IP literal address formats,
+   an implementation may use an optional version flag to indicate such a
+   format explicitly rather than rely on heuristic determination.
+
+      IP-literal = "[" ( IPv6address / IPvFuture  ) "]"
+
+      IPvFuture  = "v" 1*HEXDIG "." 1*( unreserved / sub-delims / ":" )
+
+   The version flag does not indicate the IP version; rather, it
+   indicates future versions of the literal format.  As such,
+   implementations must not provide the version flag for the existing
+   IPv4 and IPv6 literal address forms described below.  If a URI
+   containing an IP-literal that starts with "v" (case-insensitive),
+   indicating that the version flag is present, is dereferenced by an
+   application that does not know the meaning of that version flag, then
+   the application should return an appropriate error for "address
+   mechanism not supported".
+
+   A host identified by an IPv6 literal address is represented inside
+   the square brackets without a preceding version flag.  The ABNF
+   provided here is a translation of the text definition of an IPv6
+   literal address provided in [RFC3513].  This syntax does not support
+   IPv6 scoped addressing zone identifiers.
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 19]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   A 128-bit IPv6 address is divided into eight 16-bit pieces.  Each
+   piece is represented numerically in case-insensitive hexadecimal,
+   using one to four hexadecimal digits (leading zeroes are permitted).
+   The eight encoded pieces are given most-significant first, separated
+   by colon characters.  Optionally, the least-significant two pieces
+   may instead be represented in IPv4 address textual format.  A
+   sequence of one or more consecutive zero-valued 16-bit pieces within
+   the address may be elided, omitting all their digits and leaving
+   exactly two consecutive colons in their place to mark the elision.
+
+      IPv6address =                            6( h16 ":" ) ls32
+                  /                       "::" 5( h16 ":" ) ls32
+                  / [               h16 ] "::" 4( h16 ":" ) ls32
+                  / [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32
+                  / [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32
+                  / [ *3( h16 ":" ) h16 ] "::"    h16 ":"   ls32
+                  / [ *4( h16 ":" ) h16 ] "::"              ls32
+                  / [ *5( h16 ":" ) h16 ] "::"              h16
+                  / [ *6( h16 ":" ) h16 ] "::"
+
+      ls32        = ( h16 ":" h16 ) / IPv4address
+                  ; least-significant 32 bits of address
+
+      h16         = 1*4HEXDIG
+                  ; 16 bits of address represented in hexadecimal
+
+   A host identified by an IPv4 literal address is represented in
+   dotted-decimal notation (a sequence of four decimal numbers in the
+   range 0 to 255, separated by "."), as described in [RFC1123] by
+   reference to [RFC0952].  Note that other forms of dotted notation may
+   be interpreted on some platforms, as described in Section 7.4, but
+   only the dotted-decimal form of four octets is allowed by this
+   grammar.
+
+      IPv4address = dec-octet "." dec-octet "." dec-octet "." dec-octet
+
+      dec-octet   = DIGIT                 ; 0-9
+                  / %x31-39 DIGIT         ; 10-99
+                  / "1" 2DIGIT            ; 100-199
+                  / "2" %x30-34 DIGIT     ; 200-249
+                  / "25" %x30-35          ; 250-255
+
+   A host identified by a registered name is a sequence of characters
+   usually intended for lookup within a locally defined host or service
+   name registry, though the URI's scheme-specific semantics may require
+   that a specific registry (or fixed name table) be used instead.  The
+   most common name registry mechanism is the Domain Name System (DNS).
+   A registered name intended for lookup in the DNS uses the syntax
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 20]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   defined in Section 3.5 of [RFC1034] and Section 2.1 of [RFC1123].
+   Such a name consists of a sequence of domain labels separated by ".",
+   each domain label starting and ending with an alphanumeric character
+   and possibly also containing "-" characters.  The rightmost domain
+   label of a fully qualified domain name in DNS may be followed by a
+   single "." and should be if it is necessary to distinguish between
+   the complete domain name and some local domain.
+
+      reg-name    = *( unreserved / pct-encoded / sub-delims )
+
+   If the URI scheme defines a default for host, then that default
+   applies when the host subcomponent is undefined or when the
+   registered name is empty (zero length).  For example, the "file" URI
+   scheme is defined so that no authority, an empty host, and
+   "localhost" all mean the end-user's machine, whereas the "http"
+   scheme considers a missing authority or empty host invalid.
+
+   This specification does not mandate a particular registered name
+   lookup technology and therefore does not restrict the syntax of reg-
+   name beyond what is necessary for interoperability.  Instead, it
+   delegates the issue of registered name syntax conformance to the
+   operating system of each application performing URI resolution, and
+   that operating system decides what it will allow for the purpose of
+   host identification.  A URI resolution implementation might use DNS,
+   host tables, yellow pages, NetInfo, WINS, or any other system for
+   lookup of registered names.  However, a globally scoped naming
+   system, such as DNS fully qualified domain names, is necessary for
+   URIs intended to have global scope.  URI producers should use names
+   that conform to the DNS syntax, even when use of DNS is not
+   immediately apparent, and should limit these names to no more than
+   255 characters in length.
+
+   The reg-name syntax allows percent-encoded octets in order to
+   represent non-ASCII registered names in a uniform way that is
+   independent of the underlying name resolution technology.  Non-ASCII
+   characters must first be encoded according to UTF-8 [STD63], and then
+   each octet of the corresponding UTF-8 sequence must be percent-
+   encoded to be represented as URI characters.  URI producing
+   applications must not use percent-encoding in host unless it is used
+   to represent a UTF-8 character sequence.  When a non-ASCII registered
+   name represents an internationalized domain name intended for
+   resolution via the DNS, the name must be transformed to the IDNA
+   encoding [RFC3490] prior to name lookup.  URI producers should
+   provide these registered names in the IDNA encoding, rather than a
+   percent-encoding, if they wish to maximize interoperability with
+   legacy URI resolvers.
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 21]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+3.2.3.  Port
+
+   The port subcomponent of authority is designated by an optional port
+   number in decimal following the host and delimited from it by a
+   single colon (":") character.
+
+      port        = *DIGIT
+
+   A scheme may define a default port.  For example, the "http" scheme
+   defines a default port of "80", corresponding to its reserved TCP
+   port number.  The type of port designated by the port number (e.g.,
+   TCP, UDP, SCTP) is defined by the URI scheme.  URI producers and
+   normalizers should omit the port component and its ":" delimiter if
+   port is empty or if its value would be the same as that of the
+   scheme's default.
+
+3.3.  Path
+
+   The path component contains data, usually organized in hierarchical
+   form, that, along with data in the non-hierarchical query component
+   (Section 3.4), serves to identify a resource within the scope of the
+   URI's scheme and naming authority (if any).  The path is terminated
+   by the first question mark ("?") or number sign ("#") character, or
+   by the end of the URI.
+
+   If a URI contains an authority component, then the path component
+   must either be empty or begin with a slash ("/") character.  If a URI
+   does not contain an authority component, then the path cannot begin
+   with two slash characters ("//").  In addition, a URI reference
+   (Section 4.1) may be a relative-path reference, in which case the
+   first path segment cannot contain a colon (":") character.  The ABNF
+   requires five separate rules to disambiguate these cases, only one of
+   which will match the path substring within a given URI reference.  We
+   use the generic term "path component" to describe the URI substring
+   matched by the parser to one of these rules.
+
+      path          = path-abempty    ; begins with "/" or is empty
+                    / path-absolute   ; begins with "/" but not "//"
+                    / path-noscheme   ; begins with a non-colon segment
+                    / path-rootless   ; begins with a segment
+                    / path-empty      ; zero characters
+
+      path-abempty  = *( "/" segment )
+      path-absolute = "/" [ segment-nz *( "/" segment ) ]
+      path-noscheme = segment-nz-nc *( "/" segment )
+      path-rootless = segment-nz *( "/" segment )
+      path-empty    = 0<pchar>
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 22]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      segment       = *pchar
+      segment-nz    = 1*pchar
+      segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )
+                    ; non-zero-length segment without any colon ":"
+
+      pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
+
+   A path consists of a sequence of path segments separated by a slash
+   ("/") character.  A path is always defined for a URI, though the
+   defined path may be empty (zero length).  Use of the slash character
+   to indicate hierarchy is only required when a URI will be used as the
+   context for relative references.  For example, the URI
+   <mailto:[email protected]> has a path of "[email protected]", whereas
+   the URI <foo://info.example.com?fred> has an empty path.
+
+   The path segments "." and "..", also known as dot-segments, are
+   defined for relative reference within the path name hierarchy.  They
+   are intended for use at the beginning of a relative-path reference
+   (Section 4.2) to indicate relative position within the hierarchical
+   tree of names.  This is similar to their role within some operating
+   systems' file directory structures to indicate the current directory
+   and parent directory, respectively.  However, unlike in a file
+   system, these dot-segments are only interpreted within the URI path
+   hierarchy and are removed as part of the resolution process (Section
+   5.2).
+
+   Aside from dot-segments in hierarchical paths, a path segment is
+   considered opaque by the generic syntax.  URI producing applications
+   often use the reserved characters allowed in a segment to delimit
+   scheme-specific or dereference-handler-specific subcomponents.  For
+   example, the semicolon (";") and equals ("=") reserved characters are
+   often used to delimit parameters and parameter values applicable to
+   that segment.  The comma (",") reserved character is often used for
+   similar purposes.  For example, one URI producer might use a segment
+   such as "name;v=1.1" to indicate a reference to version 1.1 of
+   "name", whereas another might use a segment such as "name,1.1" to
+   indicate the same.  Parameter types may be defined by scheme-specific
+   semantics, but in most cases the syntax of a parameter is specific to
+   the implementation of the URI's dereferencing algorithm.
+
+3.4.  Query
+
+   The query component contains non-hierarchical data that, along with
+   data in the path component (Section 3.3), serves to identify a
+   resource within the scope of the URI's scheme and naming authority
+   (if any).  The query component is indicated by the first question
+   mark ("?") character and terminated by a number sign ("#") character
+   or by the end of the URI.
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 23]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      query       = *( pchar / "/" / "?" )
+
+   The characters slash ("/") and question mark ("?") may represent data
+   within the query component.  Beware that some older, erroneous
+   implementations may not handle such data correctly when it is used as
+   the base URI for relative references (Section 5.1), apparently
+   because they fail to distinguish query data from path data when
+   looking for hierarchical separators.  However, as query components
+   are often used to carry identifying information in the form of
+   "key=value" pairs and one frequently used value is a reference to
+   another URI, it is sometimes better for usability to avoid percent-
+   encoding those characters.
+
+3.5.  Fragment
+
+   The fragment identifier component of a URI allows indirect
+   identification of a secondary resource by reference to a primary
+   resource and additional identifying information.  The identified
+   secondary resource may be some portion or subset of the primary
+   resource, some view on representations of the primary resource, or
+   some other resource defined or described by those representations.  A
+   fragment identifier component is indicated by the presence of a
+   number sign ("#") character and terminated by the end of the URI.
+
+      fragment    = *( pchar / "/" / "?" )
+
+   The semantics of a fragment identifier are defined by the set of
+   representations that might result from a retrieval action on the
+   primary resource.  The fragment's format and resolution is therefore
+   dependent on the media type [RFC2046] of a potentially retrieved
+   representation, even though such a retrieval is only performed if the
+   URI is dereferenced.  If no such representation exists, then the
+   semantics of the fragment are considered unknown and are effectively
+   unconstrained.  Fragment identifier semantics are independent of the
+   URI scheme and thus cannot be redefined by scheme specifications.
+
+   Individual media types may define their own restrictions on or
+   structures within the fragment identifier syntax for specifying
+   different types of subsets, views, or external references that are
+   identifiable as secondary resources by that media type.  If the
+   primary resource has multiple representations, as is often the case
+   for resources whose representation is selected based on attributes of
+   the retrieval request (a.k.a., content negotiation), then whatever is
+   identified by the fragment should be consistent across all of those
+   representations.  Each representation should either define the
+   fragment so that it corresponds to the same secondary resource,
+   regardless of how it is represented, or should leave the fragment
+   undefined (i.e., not found).
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 24]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   As with any URI, use of a fragment identifier component does not
+   imply that a retrieval action will take place.  A URI with a fragment
+   identifier may be used to refer to the secondary resource without any
+   implication that the primary resource is accessible or will ever be
+   accessed.
+
+   Fragment identifiers have a special role in information retrieval
+   systems as the primary form of client-side indirect referencing,
+   allowing an author to specifically identify aspects of an existing
+   resource that are only indirectly provided by the resource owner.  As
+   such, the fragment identifier is not used in the scheme-specific
+   processing of a URI; instead, the fragment identifier is separated
+   from the rest of the URI prior to a dereference, and thus the
+   identifying information within the fragment itself is dereferenced
+   solely by the user agent, regardless of the URI scheme.  Although
+   this separate handling is often perceived to be a loss of
+   information, particularly for accurate redirection of references as
+   resources move over time, it also serves to prevent information
+   providers from denying reference authors the right to refer to
+   information within a resource selectively.  Indirect referencing also
+   provides additional flexibility and extensibility to systems that use
+   URIs, as new media types are easier to define and deploy than new
+   schemes of identification.
+
+   The characters slash ("/") and question mark ("?") are allowed to
+   represent data within the fragment identifier.  Beware that some
+   older, erroneous implementations may not handle this data correctly
+   when it is used as the base URI for relative references (Section
+   5.1).
+
+4.  Usage
+
+   When applications make reference to a URI, they do not always use the
+   full form of reference defined by the "URI" syntax rule.  To save
+   space and take advantage of hierarchical locality, many Internet
+   protocol elements and media type formats allow an abbreviation of a
+   URI, whereas others restrict the syntax to a particular form of URI.
+   We define the most common forms of reference syntax in this
+   specification because they impact and depend upon the design of the
+   generic syntax, requiring a uniform parsing algorithm in order to be
+   interpreted consistently.
+
+4.1.  URI Reference
+
+   URI-reference is used to denote the most common usage of a resource
+   identifier.
+
+      URI-reference = URI / relative-ref
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 25]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   A URI-reference is either a URI or a relative reference.  If the
+   URI-reference's prefix does not match the syntax of a scheme followed
+   by its colon separator, then the URI-reference is a relative
+   reference.
+
+   A URI-reference is typically parsed first into the five URI
+   components, in order to determine what components are present and
+   whether the reference is relative.  Then, each component is parsed
+   for its subparts and their validation.  The ABNF of URI-reference,
+   along with the "first-match-wins" disambiguation rule, is sufficient
+   to define a validating parser for the generic syntax.  Readers
+   familiar with regular expressions should see Appendix B for an
+   example of a non-validating URI-reference parser that will take any
+   given string and extract the URI components.
+
+4.2.  Relative Reference
+
+   A relative reference takes advantage of the hierarchical syntax
+   (Section 1.2.3) to express a URI reference relative to the name space
+   of another hierarchical URI.
+
+      relative-ref  = relative-part [ "?" query ] [ "#" fragment ]
+
+      relative-part = "//" authority path-abempty
+                    / path-absolute
+                    / path-noscheme
+                    / path-empty
+
+   The URI referred to by a relative reference, also known as the target
+   URI, is obtained by applying the reference resolution algorithm of
+   Section 5.
+
+   A relative reference that begins with two slash characters is termed
+   a network-path reference; such references are rarely used.  A
+   relative reference that begins with a single slash character is
+   termed an absolute-path reference.  A relative reference that does
+   not begin with a slash character is termed a relative-path reference.
+
+   A path segment that contains a colon character (e.g., "this:that")
+   cannot be used as the first segment of a relative-path reference, as
+   it would be mistaken for a scheme name.  Such a segment must be
+   preceded by a dot-segment (e.g., "./this:that") to make a relative-
+   path reference.
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 26]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+4.3.  Absolute URI
+
+   Some protocol elements allow only the absolute form of a URI without
+   a fragment identifier.  For example, defining a base URI for later
+   use by relative references calls for an absolute-URI syntax rule that
+   does not allow a fragment.
+
+      absolute-URI  = scheme ":" hier-part [ "?" query ]
+
+   URI scheme specifications must define their own syntax so that all
+   strings matching their scheme-specific syntax will also match the
+   <absolute-URI> grammar.  Scheme specifications will not define
+   fragment identifier syntax or usage, regardless of its applicability
+   to resources identifiable via that scheme, as fragment identification
+   is orthogonal to scheme definition.  However, scheme specifications
+   are encouraged to include a wide range of examples, including
+   examples that show use of the scheme's URIs with fragment identifiers
+   when such usage is appropriate.
+
+4.4.  Same-Document Reference
+
+   When a URI reference refers to a URI that is, aside from its fragment
+   component (if any), identical to the base URI (Section 5.1), that
+   reference is called a "same-document" reference.  The most frequent
+   examples of same-document references are relative references that are
+   empty or include only the number sign ("#") separator followed by a
+   fragment identifier.
+
+   When a same-document reference is dereferenced for a retrieval
+   action, the target of that reference is defined to be within the same
+   entity (representation, document, or message) as the reference;
+   therefore, a dereference should not result in a new retrieval action.
+
+   Normalization of the base and target URIs prior to their comparison,
+   as described in Sections 6.2.2 and 6.2.3, is allowed but rarely
+   performed in practice.  Normalization may increase the set of same-
+   document references, which may be of benefit to some caching
+   applications.  As such, reference authors should not assume that a
+   slightly different, though equivalent, reference URI will (or will
+   not) be interpreted as a same-document reference by any given
+   application.
+
+4.5.  Suffix Reference
+
+   The URI syntax is designed for unambiguous reference to resources and
+   extensibility via the URI scheme.  However, as URI identification and
+   usage have become commonplace, traditional media (television, radio,
+   newspapers, billboards, etc.) have increasingly used a suffix of the
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 27]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   URI as a reference, consisting of only the authority and path
+   portions of the URI, such as
+
+      www.w3.org/Addressing/
+
+   or simply a DNS registered name on its own.  Such references are
+   primarily intended for human interpretation rather than for machines,
+   with the assumption that context-based heuristics are sufficient to
+   complete the URI (e.g., most registered names beginning with "www"
+   are likely to have a URI prefix of "http://").  Although there is no
+   standard set of heuristics for disambiguating a URI suffix, many
+   client implementations allow them to be entered by the user and
+   heuristically resolved.
+
+   Although this practice of using suffix references is common, it
+   should be avoided whenever possible and should never be used in
+   situations where long-term references are expected.  The heuristics
+   noted above will change over time, particularly when a new URI scheme
+   becomes popular, and are often incorrect when used out of context.
+   Furthermore, they can lead to security issues along the lines of
+   those described in [RFC1535].
+
+   As a URI suffix has the same syntax as a relative-path reference, a
+   suffix reference cannot be used in contexts where a relative
+   reference is expected.  As a result, suffix references are limited to
+   places where there is no defined base URI, such as dialog boxes and
+   off-line advertisements.
+
+5.  Reference Resolution
+
+   This section defines the process of resolving a URI reference within
+   a context that allows relative references so that the result is a
+   string matching the <URI> syntax rule of Section 3.
+
+5.1.  Establishing a Base URI
+
+   The term "relative" implies that a "base URI" exists against which
+   the relative reference is applied.  Aside from fragment-only
+   references (Section 4.4), relative references are only usable when a
+   base URI is known.  A base URI must be established by the parser
+   prior to parsing URI references that might be relative.  A base URI
+   must conform to the <absolute-URI> syntax rule (Section 4.3).  If the
+   base URI is obtained from a URI reference, then that reference must
+   be converted to absolute form and stripped of any fragment component
+   prior to its use as a base URI.
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 28]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   The base URI of a reference can be established in one of four ways,
+   discussed below in order of precedence.  The order of precedence can
+   be thought of in terms of layers, where the innermost defined base
+   URI has the highest precedence.  This can be visualized graphically
+   as follows:
+
+         .----------------------------------------------------------.
+         |  .----------------------------------------------------.  |
+         |  |  .----------------------------------------------.  |  |
+         |  |  |  .----------------------------------------.  |  |  |
+         |  |  |  |  .----------------------------------.  |  |  |  |
+         |  |  |  |  |       <relative-reference>       |  |  |  |  |
+         |  |  |  |  `----------------------------------'  |  |  |  |
+         |  |  |  | (5.1.1) Base URI embedded in content   |  |  |  |
+         |  |  |  `----------------------------------------'  |  |  |
+         |  |  | (5.1.2) Base URI of the encapsulating entity |  |  |
+         |  |  |         (message, representation, or none)   |  |  |
+         |  |  `----------------------------------------------'  |  |
+         |  | (5.1.3) URI used to retrieve the entity            |  |
+         |  `----------------------------------------------------'  |
+         | (5.1.4) Default Base URI (application-dependent)         |
+         `----------------------------------------------------------'
+
+5.1.1.  Base URI Embedded in Content
+
+   Within certain media types, a base URI for relative references can be
+   embedded within the content itself so that it can be readily obtained
+   by a parser.  This can be useful for descriptive documents, such as
+   tables of contents, which may be transmitted to others through
+   protocols other than their usual retrieval context (e.g., email or
+   USENET news).
+
+   It is beyond the scope of this specification to specify how, for each
+   media type, a base URI can be embedded.  The appropriate syntax, when
+   available, is described by the data format specification associated
+   with each media type.
+
+5.1.2.  Base URI from the Encapsulating Entity
+
+   If no base URI is embedded, the base URI is defined by the
+   representation's retrieval context.  For a document that is enclosed
+   within another entity, such as a message or archive, the retrieval
+   context is that entity.  Thus, the default base URI of a
+   representation is the base URI of the entity in which the
+   representation is encapsulated.
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 29]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   A mechanism for embedding a base URI within MIME container types
+   (e.g., the message and multipart types) is defined by MHTML
+   [RFC2557].  Protocols that do not use the MIME message header syntax,
+   but that do allow some form of tagged metadata to be included within
+   messages, may define their own syntax for defining a base URI as part
+   of a message.
+
+5.1.3.  Base URI from the Retrieval URI
+
+   If no base URI is embedded and the representation is not encapsulated
+   within some other entity, then, if a URI was used to retrieve the
+   representation, that URI shall be considered the base URI.  Note that
+   if the retrieval was the result of a redirected request, the last URI
+   used (i.e., the URI that resulted in the actual retrieval of the
+   representation) is the base URI.
+
+5.1.4.  Default Base URI
+
+   If none of the conditions described above apply, then the base URI is
+   defined by the context of the application.  As this definition is
+   necessarily application-dependent, failing to define a base URI by
+   using one of the other methods may result in the same content being
+   interpreted differently by different types of applications.
+
+   A sender of a representation containing relative references is
+   responsible for ensuring that a base URI for those references can be
+   established.  Aside from fragment-only references, relative
+   references can only be used reliably in situations where the base URI
+   is well defined.
+
+5.2.  Relative Resolution
+
+   This section describes an algorithm for converting a URI reference
+   that might be relative to a given base URI into the parsed components
+   of the reference's target.  The components can then be recomposed, as
+   described in Section 5.3, to form the target URI.  This algorithm
+   provides definitive results that can be used to test the output of
+   other implementations.  Applications may implement relative reference
+   resolution by using some other algorithm, provided that the results
+   match what would be given by this one.
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 30]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+5.2.1.  Pre-parse the Base URI
+
+   The base URI (Base) is established according to the procedure of
+   Section 5.1 and parsed into the five main components described in
+   Section 3.  Note that only the scheme component is required to be
+   present in a base URI; the other components may be empty or
+   undefined.  A component is undefined if its associated delimiter does
+   not appear in the URI reference; the path component is never
+   undefined, though it may be empty.
+
+   Normalization of the base URI, as described in Sections 6.2.2 and
+   6.2.3, is optional.  A URI reference must be transformed to its
+   target URI before it can be normalized.
+
+5.2.2.  Transform References
+
+   For each URI reference (R), the following pseudocode describes an
+   algorithm for transforming R into its target URI (T):
+
+      -- The URI reference is parsed into the five URI components
+      --
+      (R.scheme, R.authority, R.path, R.query, R.fragment) = parse(R);
+
+      -- A non-strict parser may ignore a scheme in the reference
+      -- if it is identical to the base URI's scheme.
+      --
+      if ((not strict) and (R.scheme == Base.scheme)) then
+         undefine(R.scheme);
+      endif;
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 31]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      if defined(R.scheme) then
+         T.scheme    = R.scheme;
+         T.authority = R.authority;
+         T.path      = remove_dot_segments(R.path);
+         T.query     = R.query;
+      else
+         if defined(R.authority) then
+            T.authority = R.authority;
+            T.path      = remove_dot_segments(R.path);
+            T.query     = R.query;
+         else
+            if (R.path == "") then
+               T.path = Base.path;
+               if defined(R.query) then
+                  T.query = R.query;
+               else
+                  T.query = Base.query;
+               endif;
+            else
+               if (R.path starts-with "/") then
+                  T.path = remove_dot_segments(R.path);
+               else
+                  T.path = merge(Base.path, R.path);
+                  T.path = remove_dot_segments(T.path);
+               endif;
+               T.query = R.query;
+            endif;
+            T.authority = Base.authority;
+         endif;
+         T.scheme = Base.scheme;
+      endif;
+
+      T.fragment = R.fragment;
+
+5.2.3.  Merge Paths
+
+   The pseudocode above refers to a "merge" routine for merging a
+   relative-path reference with the path of the base URI.  This is
+   accomplished as follows:
+
+   o  If the base URI has a defined authority component and an empty
+      path, then return a string consisting of "/" concatenated with the
+      reference's path; otherwise,
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 32]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   o  return a string consisting of the reference's path component
+      appended to all but the last segment of the base URI's path (i.e.,
+      excluding any characters after the right-most "/" in the base URI
+      path, or excluding the entire base URI path if it does not contain
+      any "/" characters).
+
+5.2.4.  Remove Dot Segments
+
+   The pseudocode also refers to a "remove_dot_segments" routine for
+   interpreting and removing the special "." and ".." complete path
+   segments from a referenced path.  This is done after the path is
+   extracted from a reference, whether or not the path was relative, in
+   order to remove any invalid or extraneous dot-segments prior to
+   forming the target URI.  Although there are many ways to accomplish
+   this removal process, we describe a simple method using two string
+   buffers.
+
+   1.  The input buffer is initialized with the now-appended path
+       components and the output buffer is initialized to the empty
+       string.
+
+   2.  While the input buffer is not empty, loop as follows:
+
+       A.  If the input buffer begins with a prefix of "../" or "./",
+           then remove that prefix from the input buffer; otherwise,
+
+       B.  if the input buffer begins with a prefix of "/./" or "/.",
+           where "." is a complete path segment, then replace that
+           prefix with "/" in the input buffer; otherwise,
+
+       C.  if the input buffer begins with a prefix of "/../" or "/..",
+           where ".." is a complete path segment, then replace that
+           prefix with "/" in the input buffer and remove the last
+           segment and its preceding "/" (if any) from the output
+           buffer; otherwise,
+
+       D.  if the input buffer consists only of "." or "..", then remove
+           that from the input buffer; otherwise,
+
+       E.  move the first path segment in the input buffer to the end of
+           the output buffer, including the initial "/" character (if
+           any) and any subsequent characters up to, but not including,
+           the next "/" character or the end of the input buffer.
+
+   3.  Finally, the output buffer is returned as the result of
+       remove_dot_segments.
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 33]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   Note that dot-segments are intended for use in URI references to
+   express an identifier relative to the hierarchy of names in the base
+   URI.  The remove_dot_segments algorithm respects that hierarchy by
+   removing extra dot-segments rather than treat them as an error or
+   leaving them to be misinterpreted by dereference implementations.
+
+   The following illustrates how the above steps are applied for two
+   examples of merged paths, showing the state of the two buffers after
+   each step.
+
+      STEP   OUTPUT BUFFER         INPUT BUFFER
+
+       1 :                         /a/b/c/./../../g
+       2E:   /a                    /b/c/./../../g
+       2E:   /a/b                  /c/./../../g
+       2E:   /a/b/c                /./../../g
+       2B:   /a/b/c                /../../g
+       2C:   /a/b                  /../g
+       2C:   /a                    /g
+       2E:   /a/g
+
+      STEP   OUTPUT BUFFER         INPUT BUFFER
+
+       1 :                         mid/content=5/../6
+       2E:   mid                   /content=5/../6
+       2E:   mid/content=5         /../6
+       2C:   mid                   /6
+       2E:   mid/6
+
+   Some applications may find it more efficient to implement the
+   remove_dot_segments algorithm by using two segment stacks rather than
+   strings.
+
+      Note: Beware that some older, erroneous implementations will fail
+      to separate a reference's query component from its path component
+      prior to merging the base and reference paths, resulting in an
+      interoperability failure if the query component contains the
+      strings "/../" or "/./".
+
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 34]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+5.3.  Component Recomposition
+
+   Parsed URI components can be recomposed to obtain the corresponding
+   URI reference string.  Using pseudocode, this would be:
+
+      result = ""
+
+      if defined(scheme) then
+         append scheme to result;
+         append ":" to result;
+      endif;
+
+      if defined(authority) then
+         append "//" to result;
+         append authority to result;
+      endif;
+
+      append path to result;
+
+      if defined(query) then
+         append "?" to result;
+         append query to result;
+      endif;
+
+      if defined(fragment) then
+         append "#" to result;
+         append fragment to result;
+      endif;
+
+      return result;
+
+   Note that we are careful to preserve the distinction between a
+   component that is undefined, meaning that its separator was not
+   present in the reference, and a component that is empty, meaning that
+   the separator was present and was immediately followed by the next
+   component separator or the end of the reference.
+
+5.4.  Reference Resolution Examples
+
+   Within a representation with a well defined base URI of
+
+      http://a/b/c/d;p?q
+
+   a relative reference is transformed to its target URI as follows.
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 35]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+5.4.1.  Normal Examples
+
+      "g:h"           =  "g:h"
+      "g"             =  "http://a/b/c/g"
+      "./g"           =  "http://a/b/c/g"
+      "g/"            =  "http://a/b/c/g/"
+      "/g"            =  "http://a/g"
+      "//g"           =  "http://g"
+      "?y"            =  "http://a/b/c/d;p?y"
+      "g?y"           =  "http://a/b/c/g?y"
+      "#s"            =  "http://a/b/c/d;p?q#s"
+      "g#s"           =  "http://a/b/c/g#s"
+      "g?y#s"         =  "http://a/b/c/g?y#s"
+      ";x"            =  "http://a/b/c/;x"
+      "g;x"           =  "http://a/b/c/g;x"
+      "g;x?y#s"       =  "http://a/b/c/g;x?y#s"
+      ""              =  "http://a/b/c/d;p?q"
+      "."             =  "http://a/b/c/"
+      "./"            =  "http://a/b/c/"
+      ".."            =  "http://a/b/"
+      "../"           =  "http://a/b/"
+      "../g"          =  "http://a/b/g"
+      "../.."         =  "http://a/"
+      "../../"        =  "http://a/"
+      "../../g"       =  "http://a/g"
+
+5.4.2.  Abnormal Examples
+
+   Although the following abnormal examples are unlikely to occur in
+   normal practice, all URI parsers should be capable of resolving them
+   consistently.  Each example uses the same base as that above.
+
+   Parsers must be careful in handling cases where there are more ".."
+   segments in a relative-path reference than there are hierarchical
+   levels in the base URI's path.  Note that the ".." syntax cannot be
+   used to change the authority component of a URI.
+
+      "../../../g"    =  "http://a/g"
+      "../../../../g" =  "http://a/g"
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 36]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   Similarly, parsers must remove the dot-segments "." and ".." when
+   they are complete components of a path, but not when they are only
+   part of a segment.
+
+      "/./g"          =  "http://a/g"
+      "/../g"         =  "http://a/g"
+      "g."            =  "http://a/b/c/g."
+      ".g"            =  "http://a/b/c/.g"
+      "g.."           =  "http://a/b/c/g.."
+      "..g"           =  "http://a/b/c/..g"
+
+   Less likely are cases where the relative reference uses unnecessary
+   or nonsensical forms of the "." and ".." complete path segments.
+
+      "./../g"        =  "http://a/b/g"
+      "./g/."         =  "http://a/b/c/g/"
+      "g/./h"         =  "http://a/b/c/g/h"
+      "g/../h"        =  "http://a/b/c/h"
+      "g;x=1/./y"     =  "http://a/b/c/g;x=1/y"
+      "g;x=1/../y"    =  "http://a/b/c/y"
+
+   Some applications fail to separate the reference's query and/or
+   fragment components from the path component before merging it with
+   the base path and removing dot-segments.  This error is rarely
+   noticed, as typical usage of a fragment never includes the hierarchy
+   ("/") character and the query component is not normally used within
+   relative references.
+
+      "g?y/./x"       =  "http://a/b/c/g?y/./x"
+      "g?y/../x"      =  "http://a/b/c/g?y/../x"
+      "g#s/./x"       =  "http://a/b/c/g#s/./x"
+      "g#s/../x"      =  "http://a/b/c/g#s/../x"
+
+   Some parsers allow the scheme name to be present in a relative
+   reference if it is the same as the base URI scheme.  This is
+   considered to be a loophole in prior specifications of partial URI
+   [RFC1630].  Its use should be avoided but is allowed for backward
+   compatibility.
+
+      "http:g"        =  "http:g"         ; for strict parsers
+                      /  "http://a/b/c/g" ; for backward compatibility
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 37]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+6.  Normalization and Comparison
+
+   One of the most common operations on URIs is simple comparison:
+   determining whether two URIs are equivalent without using the URIs to
+   access their respective resource(s).  A comparison is performed every
+   time a response cache is accessed, a browser checks its history to
+   color a link, or an XML parser processes tags within a namespace.
+   Extensive normalization prior to comparison of URIs is often used by
+   spiders and indexing engines to prune a search space or to reduce
+   duplication of request actions and response storage.
+
+   URI comparison is performed for some particular purpose.  Protocols
+   or implementations that compare URIs for different purposes will
+   often be subject to differing design trade-offs in regards to how
+   much effort should be spent in reducing aliased identifiers.  This
+   section describes various methods that may be used to compare URIs,
+   the trade-offs between them, and the types of applications that might
+   use them.
+
+6.1.  Equivalence
+
+   Because URIs exist to identify resources, presumably they should be
+   considered equivalent when they identify the same resource.  However,
+   this definition of equivalence is not of much practical use, as there
+   is no way for an implementation to compare two resources unless it
+   has full knowledge or control of them.  For this reason,
+   determination of equivalence or difference of URIs is based on string
+   comparison, perhaps augmented by reference to additional rules
+   provided by URI scheme definitions.  We use the terms "different" and
+   "equivalent" to describe the possible outcomes of such comparisons,
+   but there are many application-dependent versions of equivalence.
+
+   Even though it is possible to determine that two URIs are equivalent,
+   URI comparison is not sufficient to determine whether two URIs
+   identify different resources.  For example, an owner of two different
+   domain names could decide to serve the same resource from both,
+   resulting in two different URIs.  Therefore, comparison methods are
+   designed to minimize false negatives while strictly avoiding false
+   positives.
+
+   In testing for equivalence, applications should not directly compare
+   relative references; the references should be converted to their
+   respective target URIs before comparison.  When URIs are compared to
+   select (or avoid) a network action, such as retrieval of a
+   representation, fragment components (if any) should be excluded from
+   the comparison.
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 38]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+6.2.  Comparison Ladder
+
+   A variety of methods are used in practice to test URI equivalence.
+   These methods fall into a range, distinguished by the amount of
+   processing required and the degree to which the probability of false
+   negatives is reduced.  As noted above, false negatives cannot be
+   eliminated.  In practice, their probability can be reduced, but this
+   reduction requires more processing and is not cost-effective for all
+   applications.
+
+   If this range of comparison practices is considered as a ladder, the
+   following discussion will climb the ladder, starting with practices
+   that are cheap but have a relatively higher chance of producing false
+   negatives, and proceeding to those that have higher computational
+   cost and lower risk of false negatives.
+
+6.2.1.  Simple String Comparison
+
+   If two URIs, when considered as character strings, are identical,
+   then it is safe to conclude that they are equivalent.  This type of
+   equivalence test has very low computational cost and is in wide use
+   in a variety of applications, particularly in the domain of parsing.
+
+   Testing strings for equivalence requires some basic precautions.
+   This procedure is often referred to as "bit-for-bit" or
+   "byte-for-byte" comparison, which is potentially misleading.  Testing
+   strings for equality is normally based on pair comparison of the
+   characters that make up the strings, starting from the first and
+   proceeding until both strings are exhausted and all characters are
+   found to be equal, until a pair of characters compares unequal, or
+   until one of the strings is exhausted before the other.
+
+   This character comparison requires that each pair of characters be
+   put in comparable form.  For example, should one URI be stored in a
+   byte array in EBCDIC encoding and the second in a Java String object
+   (UTF-16), bit-for-bit comparisons applied naively will produce
+   errors.  It is better to speak of equality on a character-for-
+   character basis rather than on a byte-for-byte or bit-for-bit basis.
+   In practical terms, character-by-character comparisons should be done
+   codepoint-by-codepoint after conversion to a common character
+   encoding.
+
+   False negatives are caused by the production and use of URI aliases.
+   Unnecessary aliases can be reduced, regardless of the comparison
+   method, by consistently providing URI references in an already-
+   normalized form (i.e., a form identical to what would be produced
+   after normalization is applied, as described below).
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 39]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   Protocols and data formats often limit some URI comparisons to simple
+   string comparison, based on the theory that people and
+   implementations will, in their own best interest, be consistent in
+   providing URI references, or at least consistent enough to negate any
+   efficiency that might be obtained from further normalization.
+
+6.2.2.  Syntax-Based Normalization
+
+   Implementations may use logic based on the definitions provided by
+   this specification to reduce the probability of false negatives.
+   This processing is moderately higher in cost than character-for-
+   character string comparison.  For example, an application using this
+   approach could reasonably consider the following two URIs equivalent:
+
+      example://a/b/c/%7Bfoo%7D
+      eXAMPLE://a/./b/../b/%63/%7bfoo%7d
+
+   Web user agents, such as browsers, typically apply this type of URI
+   normalization when determining whether a cached response is
+   available.  Syntax-based normalization includes such techniques as
+   case normalization, percent-encoding normalization, and removal of
+   dot-segments.
+
+6.2.2.1.  Case Normalization
+
+   For all URIs, the hexadecimal digits within a percent-encoding
+   triplet (e.g., "%3a" versus "%3A") are case-insensitive and therefore
+   should be normalized to use uppercase letters for the digits A-F.
+
+   When a URI uses components of the generic syntax, the component
+   syntax equivalence rules always apply; namely, that the scheme and
+   host are case-insensitive and therefore should be normalized to
+   lowercase.  For example, the URI <HTTP://www.EXAMPLE.com/> is
+   equivalent to <http://www.example.com/>.  The other generic syntax
+   components are assumed to be case-sensitive unless specifically
+   defined otherwise by the scheme (see Section 6.2.3).
+
+6.2.2.2.  Percent-Encoding Normalization
+
+   The percent-encoding mechanism (Section 2.1) is a frequent source of
+   variance among otherwise identical URIs.  In addition to the case
+   normalization issue noted above, some URI producers percent-encode
+   octets that do not require percent-encoding, resulting in URIs that
+   are equivalent to their non-encoded counterparts.  These URIs should
+   be normalized by decoding any percent-encoded octet that corresponds
+   to an unreserved character, as described in Section 2.3.
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 40]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+6.2.2.3.  Path Segment Normalization
+
+   The complete path segments "." and ".." are intended only for use
+   within relative references (Section 4.1) and are removed as part of
+   the reference resolution process (Section 5.2).  However, some
+   deployed implementations incorrectly assume that reference resolution
+   is not necessary when the reference is already a URI and thus fail to
+   remove dot-segments when they occur in non-relative paths.  URI
+   normalizers should remove dot-segments by applying the
+   remove_dot_segments algorithm to the path, as described in
+   Section 5.2.4.
+
+6.2.3.  Scheme-Based Normalization
+
+   The syntax and semantics of URIs vary from scheme to scheme, as
+   described by the defining specification for each scheme.
+   Implementations may use scheme-specific rules, at further processing
+   cost, to reduce the probability of false negatives.  For example,
+   because the "http" scheme makes use of an authority component, has a
+   default port of "80", and defines an empty path to be equivalent to
+   "/", the following four URIs are equivalent:
+
+      http://example.com
+      http://example.com/
+      http://example.com:/
+      http://example.com:80/
+
+   In general, a URI that uses the generic syntax for authority with an
+   empty path should be normalized to a path of "/".  Likewise, an
+   explicit ":port", for which the port is empty or the default for the
+   scheme, is equivalent to one where the port and its ":" delimiter are
+   elided and thus should be removed by scheme-based normalization.  For
+   example, the second URI above is the normal form for the "http"
+   scheme.
+
+   Another case where normalization varies by scheme is in the handling
+   of an empty authority component or empty host subcomponent.  For many
+   scheme specifications, an empty authority or host is considered an
+   error; for others, it is considered equivalent to "localhost" or the
+   end-user's host.  When a scheme defines a default for authority and a
+   URI reference to that default is desired, the reference should be
+   normalized to an empty authority for the sake of uniformity, brevity,
+   and internationalization.  If, however, either the userinfo or port
+   subcomponents are non-empty, then the host should be given explicitly
+   even if it matches the default.
+
+   Normalization should not remove delimiters when their associated
+   component is empty unless licensed to do so by the scheme
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 41]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   specification.  For example, the URI "http://example.com/?" cannot be
+   assumed to be equivalent to any of the examples above.  Likewise, the
+   presence or absence of delimiters within a userinfo subcomponent is
+   usually significant to its interpretation.  The fragment component is
+   not subject to any scheme-based normalization; thus, two URIs that
+   differ only by the suffix "#" are considered different regardless of
+   the scheme.
+
+   Some schemes define additional subcomponents that consist of case-
+   insensitive data, giving an implicit license to normalizers to
+   convert this data to a common case (e.g., all lowercase).  For
+   example, URI schemes that define a subcomponent of path to contain an
+   Internet hostname, such as the "mailto" URI scheme, cause that
+   subcomponent to be case-insensitive and thus subject to case
+   normalization (e.g., "mailto:[email protected]" is equivalent to
+   "mailto:[email protected]", even though the generic syntax considers
+   the path component to be case-sensitive).
+
+   Other scheme-specific normalizations are possible.
+
+6.2.4.  Protocol-Based Normalization
+
+   Substantial effort to reduce the incidence of false negatives is
+   often cost-effective for web spiders.  Therefore, they implement even
+   more aggressive techniques in URI comparison.  For example, if they
+   observe that a URI such as
+
+      http://example.com/data
+
+   redirects to a URI differing only in the trailing slash
+
+      http://example.com/data/
+
+   they will likely regard the two as equivalent in the future.  This
+   kind of technique is only appropriate when equivalence is clearly
+   indicated by both the result of accessing the resources and the
+   common conventions of their scheme's dereference algorithm (in this
+   case, use of redirection by HTTP origin servers to avoid problems
+   with relative references).
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 42]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+7.  Security Considerations
+
+   A URI does not in itself pose a security threat.  However, as URIs
+   are often used to provide a compact set of instructions for access to
+   network resources, care must be taken to properly interpret the data
+   within a URI, to prevent that data from causing unintended access,
+   and to avoid including data that should not be revealed in plain
+   text.
+
+7.1.  Reliability and Consistency
+
+   There is no guarantee that once a URI has been used to retrieve
+   information, the same information will be retrievable by that URI in
+   the future.  Nor is there any guarantee that the information
+   retrievable via that URI in the future will be observably similar to
+   that retrieved in the past.  The URI syntax does not constrain how a
+   given scheme or authority apportions its namespace or maintains it
+   over time.  Such guarantees can only be obtained from the person(s)
+   controlling that namespace and the resource in question.  A specific
+   URI scheme may define additional semantics, such as name persistence,
+   if those semantics are required of all naming authorities for that
+   scheme.
+
+7.2.  Malicious Construction
+
+   It is sometimes possible to construct a URI so that an attempt to
+   perform a seemingly harmless, idempotent operation, such as the
+   retrieval of a representation, will in fact cause a possibly damaging
+   remote operation.  The unsafe URI is typically constructed by
+   specifying a port number other than that reserved for the network
+   protocol in question.  The client unwittingly contacts a site running
+   a different protocol service, and data within the URI contains
+   instructions that, when interpreted according to this other protocol,
+   cause an unexpected operation.  A frequent example of such abuse has
+   been the use of a protocol-based scheme with a port component of
+   "25", thereby fooling user agent software into sending an unintended
+   or impersonating message via an SMTP server.
+
+   Applications should prevent dereference of a URI that specifies a TCP
+   port number within the "well-known port" range (0 - 1023) unless the
+   protocol being used to dereference that URI is compatible with the
+   protocol expected on that well-known port.  Although IANA maintains a
+   registry of well-known ports, applications should make such
+   restrictions user-configurable to avoid preventing the deployment of
+   new services.
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 43]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   When a URI contains percent-encoded octets that match the delimiters
+   for a given resolution or dereference protocol (for example, CR and
+   LF characters for the TELNET protocol), these percent-encodings must
+   not be decoded before transmission across that protocol.  Transfer of
+   the percent-encoding, which might violate the protocol, is less
+   harmful than allowing decoded octets to be interpreted as additional
+   operations or parameters, perhaps triggering an unexpected and
+   possibly harmful remote operation.
+
+7.3.  Back-End Transcoding
+
+   When a URI is dereferenced, the data within it is often parsed by
+   both the user agent and one or more servers.  In HTTP, for example, a
+   typical user agent will parse a URI into its five major components,
+   access the authority's server, and send it the data within the
+   authority, path, and query components.  A typical server will take
+   that information, parse the path into segments and the query into
+   key/value pairs, and then invoke implementation-specific handlers to
+   respond to the request.  As a result, a common security concern for
+   server implementations that handle a URI, either as a whole or split
+   into separate components, is proper interpretation of the octet data
+   represented by the characters and percent-encodings within that URI.
+
+   Percent-encoded octets must be decoded at some point during the
+   dereference process.  Applications must split the URI into its
+   components and subcomponents prior to decoding the octets, as
+   otherwise the decoded octets might be mistaken for delimiters.
+   Security checks of the data within a URI should be applied after
+   decoding the octets.  Note, however, that the "%00" percent-encoding
+   (NUL) may require special handling and should be rejected if the
+   application is not expecting to receive raw data within a component.
+
+   Special care should be taken when the URI path interpretation process
+   involves the use of a back-end file system or related system
+   functions.  File systems typically assign an operational meaning to
+   special characters, such as the "/", "\", ":", "[", and "]"
+   characters, and to special device names like ".", "..", "...", "aux",
+   "lpt", etc.  In some cases, merely testing for the existence of such
+   a name will cause the operating system to pause or invoke unrelated
+   system calls, leading to significant security concerns regarding
+   denial of service and unintended data transfer.  It would be
+   impossible for this specification to list all such significant
+   characters and device names.  Implementers should research the
+   reserved names and characters for the types of storage device that
+   may be attached to their applications and restrict the use of data
+   obtained from URI components accordingly.
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 44]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+7.4.  Rare IP Address Formats
+
+   Although the URI syntax for IPv4address only allows the common
+   dotted-decimal form of IPv4 address literal, many implementations
+   that process URIs make use of platform-dependent system routines,
+   such as gethostbyname() and inet_aton(), to translate the string
+   literal to an actual IP address.  Unfortunately, such system routines
+   often allow and process a much larger set of formats than those
+   described in Section 3.2.2.
+
+   For example, many implementations allow dotted forms of three
+   numbers, wherein the last part is interpreted as a 16-bit quantity
+   and placed in the right-most two bytes of the network address (e.g.,
+   a Class B network).  Likewise, a dotted form of two numbers means
+   that the last part is interpreted as a 24-bit quantity and placed in
+   the right-most three bytes of the network address (Class A), and a
+   single number (without dots) is interpreted as a 32-bit quantity and
+   stored directly in the network address.  Adding further to the
+   confusion, some implementations allow each dotted part to be
+   interpreted as decimal, octal, or hexadecimal, as specified in the C
+   language (i.e., a leading 0x or 0X implies hexadecimal; a leading 0
+   implies octal; otherwise, the number is interpreted as decimal).
+
+   These additional IP address formats are not allowed in the URI syntax
+   due to differences between platform implementations.  However, they
+   can become a security concern if an application attempts to filter
+   access to resources based on the IP address in string literal format.
+   If this filtering is performed, literals should be converted to
+   numeric form and filtered based on the numeric value, and not on a
+   prefix or suffix of the string form.
+
+7.5.  Sensitive Information
+
+   URI producers should not provide a URI that contains a username or
+   password that is intended to be secret.  URIs are frequently
+   displayed by browsers, stored in clear text bookmarks, and logged by
+   user agent history and intermediary applications (proxies).  A
+   password appearing within the userinfo component is deprecated and
+   should be considered an error (or simply ignored) except in those
+   rare cases where the 'password' parameter is intended to be public.
+
+7.6.  Semantic Attacks
+
+   Because the userinfo subcomponent is rarely used and appears before
+   the host in the authority component, it can be used to construct a
+   URI intended to mislead a human user by appearing to identify one
+   (trusted) naming authority while actually identifying a different
+   authority hidden behind the noise.  For example
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 45]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      ftp://cnn.example.com&[email protected]/top_story.htm
+
+   might lead a human user to assume that the host is 'cnn.example.com',
+   whereas it is actually '10.0.0.1'.  Note that a misleading userinfo
+   subcomponent could be much longer than the example above.
+
+   A misleading URI, such as that above, is an attack on the user's
+   preconceived notions about the meaning of a URI rather than an attack
+   on the software itself.  User agents may be able to reduce the impact
+   of such attacks by distinguishing the various components of the URI
+   when they are rendered, such as by using a different color or tone to
+   render userinfo if any is present, though there is no panacea.  More
+   information on URI-based semantic attacks can be found in [Siedzik].
+
+8.  IANA Considerations
+
+   URI scheme names, as defined by <scheme> in Section 3.1, form a
+   registered namespace that is managed by IANA according to the
+   procedures defined in [BCP35].  No IANA actions are required by this
+   document.
+
+9.  Acknowledgements
+
+   This specification is derived from RFC 2396 [RFC2396], RFC 1808
+   [RFC1808], and RFC 1738 [RFC1738]; the acknowledgements in those
+   documents still apply.  It also incorporates the update (with
+   corrections) for IPv6 literals in the host syntax, as defined by
+   Robert M. Hinden, Brian E. Carpenter, and Larry Masinter in
+   [RFC2732].  In addition, contributions by Gisle Aas, Reese Anschultz,
+   Daniel Barclay, Tim Bray, Mike Brown, Rob Cameron, Jeremy Carroll,
+   Dan Connolly, Adam M. Costello, John Cowan, Jason Diamond, Martin
+   Duerst, Stefan Eissing, Clive D.W. Feather, Al Gilman, Tony Hammond,
+   Elliotte Harold, Pat Hayes, Henry Holtzman, Ian B. Jacobs, Michael
+   Kay, John C. Klensin, Graham Klyne, Dan Kohn, Bruce Lilly, Andrew
+   Main, Dave McAlpin, Ira McDonald, Michael Mealling, Ray Merkert,
+   Stephen Pollei, Julian Reschke, Tomas Rokicki, Miles Sabin, Kai
+   Schaetzl, Mark Thomson, Ronald Tschalaer, Norm Walsh, Marc Warne,
+   Stuart Williams, and Henry Zongaro are gratefully acknowledged.
+
+10.  References
+
+10.1.  Normative References
+
+   [ASCII]    American National Standards Institute, "Coded Character
+              Set -- 7-bit American Standard Code for Information
+              Interchange", ANSI X3.4, 1986.
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 46]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   [RFC2234]  Crocker, D. and P. Overell, "Augmented BNF for Syntax
+              Specifications: ABNF", RFC 2234, November 1997.
+
+   [STD63]    Yergeau, F., "UTF-8, a transformation format of
+              ISO 10646", STD 63, RFC 3629, November 2003.
+
+   [UCS]      International Organization for Standardization,
+              "Information Technology - Universal Multiple-Octet Coded
+              Character Set (UCS)", ISO/IEC 10646:2003, December 2003.
+
+10.2.  Informative References
+
+   [BCP19]    Freed, N. and J. Postel, "IANA Charset Registration
+              Procedures", BCP 19, RFC 2978, October 2000.
+
+   [BCP35]    Petke, R. and I. King, "Registration Procedures for URL
+              Scheme Names", BCP 35, RFC 2717, November 1999.
+
+   [RFC0952]  Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
+              host table specification", RFC 952, October 1985.
+
+   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
+              STD 13, RFC 1034, November 1987.
+
+   [RFC1123]  Braden, R., "Requirements for Internet Hosts - Application
+              and Support", STD 3, RFC 1123, October 1989.
+
+   [RFC1535]  Gavron, E., "A Security Problem and Proposed Correction
+              With Widely Deployed DNS Software", RFC 1535,
+              October 1993.
+
+   [RFC1630]  Berners-Lee, T., "Universal Resource Identifiers in WWW: A
+              Unifying Syntax for the Expression of Names and Addresses
+              of Objects on the Network as used in the World-Wide Web",
+              RFC 1630, June 1994.
+
+   [RFC1736]  Kunze, J., "Functional Recommendations for Internet
+              Resource Locators", RFC 1736, February 1995.
+
+   [RFC1737]  Sollins, K. and L. Masinter, "Functional Requirements for
+              Uniform Resource Names", RFC 1737, December 1994.
+
+   [RFC1738]  Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform
+              Resource Locators (URL)", RFC 1738, December 1994.
+
+   [RFC1808]  Fielding, R., "Relative Uniform Resource Locators",
+              RFC 1808, June 1995.
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 47]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   [RFC2046]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
+              Extensions (MIME) Part Two: Media Types", RFC 2046,
+              November 1996.
+
+   [RFC2141]  Moats, R., "URN Syntax", RFC 2141, May 1997.
+
+   [RFC2396]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
+              Resource Identifiers (URI): Generic Syntax", RFC 2396,
+              August 1998.
+
+   [RFC2518]  Goland, Y., Whitehead, E., Faizi, A., Carter, S., and D.
+              Jensen, "HTTP Extensions for Distributed Authoring --
+              WEBDAV", RFC 2518, February 1999.
+
+   [RFC2557]  Palme, J., Hopmann, A., and N. Shelness, "MIME
+              Encapsulation of Aggregate Documents, such as HTML
+              (MHTML)", RFC 2557, March 1999.
+
+   [RFC2718]  Masinter, L., Alvestrand, H., Zigmond, D., and R. Petke,
+              "Guidelines for new URL Schemes", RFC 2718, November 1999.
+
+   [RFC2732]  Hinden, R., Carpenter, B., and L. Masinter, "Format for
+              Literal IPv6 Addresses in URL's", RFC 2732, December 1999.
+
+   [RFC3305]  Mealling, M. and R. Denenberg, "Report from the Joint
+              W3C/IETF URI Planning Interest Group: Uniform Resource
+              Identifiers (URIs), URLs, and Uniform Resource Names
+              (URNs): Clarifications and Recommendations", RFC 3305,
+              August 2002.
+
+   [RFC3490]  Faltstrom, P., Hoffman, P., and A. Costello,
+              "Internationalizing Domain Names in Applications (IDNA)",
+              RFC 3490, March 2003.
+
+   [RFC3513]  Hinden, R. and S. Deering, "Internet Protocol Version 6
+              (IPv6) Addressing Architecture", RFC 3513, April 2003.
+
+   [Siedzik]  Siedzik, R., "Semantic Attacks: What's in a URL?",
+              April 2001, <http://www.giac.org/practical/gsec/
+              Richard_Siedzik_GSEC.pdf>.
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 48]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+Appendix A.  Collected ABNF for URI
+
+   URI           = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
+
+   hier-part     = "//" authority path-abempty
+                 / path-absolute
+                 / path-rootless
+                 / path-empty
+
+   URI-reference = URI / relative-ref
+
+   absolute-URI  = scheme ":" hier-part [ "?" query ]
+
+   relative-ref  = relative-part [ "?" query ] [ "#" fragment ]
+
+   relative-part = "//" authority path-abempty
+                 / path-absolute
+                 / path-noscheme
+                 / path-empty
+
+   scheme        = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+
+   authority     = [ userinfo "@" ] host [ ":" port ]
+   userinfo      = *( unreserved / pct-encoded / sub-delims / ":" )
+   host          = IP-literal / IPv4address / reg-name
+   port          = *DIGIT
+
+   IP-literal    = "[" ( IPv6address / IPvFuture  ) "]"
+
+   IPvFuture     = "v" 1*HEXDIG "." 1*( unreserved / sub-delims / ":" )
+
+   IPv6address   =                            6( h16 ":" ) ls32
+                 /                       "::" 5( h16 ":" ) ls32
+                 / [               h16 ] "::" 4( h16 ":" ) ls32
+                 / [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32
+                 / [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32
+                 / [ *3( h16 ":" ) h16 ] "::"    h16 ":"   ls32
+                 / [ *4( h16 ":" ) h16 ] "::"              ls32
+                 / [ *5( h16 ":" ) h16 ] "::"              h16
+                 / [ *6( h16 ":" ) h16 ] "::"
+
+   h16           = 1*4HEXDIG
+   ls32          = ( h16 ":" h16 ) / IPv4address
+   IPv4address   = dec-octet "." dec-octet "." dec-octet "." dec-octet
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 49]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   dec-octet     = DIGIT                 ; 0-9
+                 / %x31-39 DIGIT         ; 10-99
+                 / "1" 2DIGIT            ; 100-199
+                 / "2" %x30-34 DIGIT     ; 200-249
+                 / "25" %x30-35          ; 250-255
+
+   reg-name      = *( unreserved / pct-encoded / sub-delims )
+
+   path          = path-abempty    ; begins with "/" or is empty
+                 / path-absolute   ; begins with "/" but not "//"
+                 / path-noscheme   ; begins with a non-colon segment
+                 / path-rootless   ; begins with a segment
+                 / path-empty      ; zero characters
+
+   path-abempty  = *( "/" segment )
+   path-absolute = "/" [ segment-nz *( "/" segment ) ]
+   path-noscheme = segment-nz-nc *( "/" segment )
+   path-rootless = segment-nz *( "/" segment )
+   path-empty    = 0<pchar>
+
+   segment       = *pchar
+   segment-nz    = 1*pchar
+   segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )
+                 ; non-zero-length segment without any colon ":"
+
+   pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
+
+   query         = *( pchar / "/" / "?" )
+
+   fragment      = *( pchar / "/" / "?" )
+
+   pct-encoded   = "%" HEXDIG HEXDIG
+
+   unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
+   reserved      = gen-delims / sub-delims
+   gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"
+   sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
+                 / "*" / "+" / "," / ";" / "="
+
+Appendix B.  Parsing a URI Reference with a Regular Expression
+
+   As the "first-match-wins" algorithm is identical to the "greedy"
+   disambiguation method used by POSIX regular expressions, it is
+   natural and commonplace to use a regular expression for parsing the
+   potential five components of a URI reference.
+
+   The following line is the regular expression for breaking-down a
+   well-formed URI reference into its components.
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 50]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?
+       12            3  4          5       6  7        8 9
+
+   The numbers in the second line above are only to assist readability;
+   they indicate the reference points for each subexpression (i.e., each
+   paired parenthesis).  We refer to the value matched for subexpression
+   <n> as $<n>.  For example, matching the above expression to
+
+      http://www.ics.uci.edu/pub/ietf/uri/#Related
+
+   results in the following subexpression matches:
+
+      $1 = http:
+      $2 = http
+      $3 = //www.ics.uci.edu
+      $4 = www.ics.uci.edu
+      $5 = /pub/ietf/uri/
+      $6 = <undefined>
+      $7 = <undefined>
+      $8 = #Related
+      $9 = Related
+
+   where <undefined> indicates that the component is not present, as is
+   the case for the query component in the above example.  Therefore, we
+   can determine the value of the five components as
+
+      scheme    = $2
+      authority = $4
+      path      = $5
+      query     = $7
+      fragment  = $9
+
+   Going in the opposite direction, we can recreate a URI reference from
+   its components by using the algorithm of Section 5.3.
+
+Appendix C.  Delimiting a URI in Context
+
+   URIs are often transmitted through formats that do not provide a
+   clear context for their interpretation.  For example, there are many
+   occasions when a URI is included in plain text; examples include text
+   sent in email, USENET news, and on printed paper.  In such cases, it
+   is important to be able to delimit the URI from the rest of the text,
+   and in particular from punctuation marks that might be mistaken for
+   part of the URI.
+
+   In practice, URIs are delimited in a variety of ways, but usually
+   within double-quotes "http://example.com/", angle brackets
+   <http://example.com/>, or just by using whitespace:
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 51]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      http://example.com/
+
+   These wrappers do not form part of the URI.
+
+   In some cases, extra whitespace (spaces, line-breaks, tabs, etc.) may
+   have to be added to break a long URI across lines.  The whitespace
+   should be ignored when the URI is extracted.
+
+   No whitespace should be introduced after a hyphen ("-") character.
+   Because some typesetters and printers may (erroneously) introduce a
+   hyphen at the end of line when breaking it, the interpreter of a URI
+   containing a line break immediately after a hyphen should ignore all
+   whitespace around the line break and should be aware that the hyphen
+   may or may not actually be part of the URI.
+
+   Using <> angle brackets around each URI is especially recommended as
+   a delimiting style for a reference that contains embedded whitespace.
+
+   The prefix "URL:" (with or without a trailing space) was formerly
+   recommended as a way to help distinguish a URI from other bracketed
+   designators, though it is not commonly used in practice and is no
+   longer recommended.
+
+   For robustness, software that accepts user-typed URI should attempt
+   to recognize and strip both delimiters and embedded whitespace.
+
+   For example, the text
+
+      Yes, Jim, I found it under "http://www.w3.org/Addressing/",
+      but you can probably pick it up from <ftp://foo.example.
+      com/rfc/>.  Note the warning in <http://www.ics.uci.edu/pub/
+      ietf/uri/historical.html#WARNING>.
+
+   contains the URI references
+
+      http://www.w3.org/Addressing/
+      ftp://foo.example.com/rfc/
+      http://www.ics.uci.edu/pub/ietf/uri/historical.html#WARNING
+
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 52]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+Appendix D.  Changes from RFC 2396
+
+D.1.  Additions
+
+   An ABNF rule for URI has been introduced to correspond to one common
+   usage of the term: an absolute URI with optional fragment.
+
+   IPv6 (and later) literals have been added to the list of possible
+   identifiers for the host portion of an authority component, as
+   described by [RFC2732], with the addition of "[" and "]" to the
+   reserved set and a version flag to anticipate future versions of IP
+   literals.  Square brackets are now specified as reserved within the
+   authority component and are not allowed outside their use as
+   delimiters for an IP literal within host.  In order to make this
+   change without changing the technical definition of the path, query,
+   and fragment components, those rules were redefined to directly
+   specify the characters allowed.
+
+   As [RFC2732] defers to [RFC3513] for definition of an IPv6 literal
+   address, which, unfortunately, lacks an ABNF description of
+   IPv6address, we created a new ABNF rule for IPv6address that matches
+   the text representations defined by Section 2.2 of [RFC3513].
+   Likewise, the definition of IPv4address has been improved in order to
+   limit each decimal octet to the range 0-255.
+
+   Section 6, on URI normalization and comparison, has been completely
+   rewritten and extended by using input from Tim Bray and discussion
+   within the W3C Technical Architecture Group.
+
+D.2.  Modifications
+
+   The ad-hoc BNF syntax of RFC 2396 has been replaced with the ABNF of
+   [RFC2234].  This change required all rule names that formerly
+   included underscore characters to be renamed with a dash instead.  In
+   addition, a number of syntax rules have been eliminated or simplified
+   to make the overall grammar more comprehensible.  Specifications that
+   refer to the obsolete grammar rules may be understood by replacing
+   those rules according to the following table:
+
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 53]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   +----------------+--------------------------------------------------+
+   | obsolete rule  | translation                                      |
+   +----------------+--------------------------------------------------+
+   | absoluteURI    | absolute-URI                                     |
+   | relativeURI    | relative-part [ "?" query ]                      |
+   | hier_part      | ( "//" authority path-abempty /                  |
+   |                | path-absolute ) [ "?" query ]                    |
+   |                |                                                  |
+   | opaque_part    | path-rootless [ "?" query ]                      |
+   | net_path       | "//" authority path-abempty                      |
+   | abs_path       | path-absolute                                    |
+   | rel_path       | path-rootless                                    |
+   | rel_segment    | segment-nz-nc                                    |
+   | reg_name       | reg-name                                         |
+   | server         | authority                                        |
+   | hostport       | host [ ":" port ]                                |
+   | hostname       | reg-name                                         |
+   | path_segments  | path-abempty                                     |
+   | param          | *<pchar excluding ";">                           |
+   |                |                                                  |
+   | uric           | unreserved / pct-encoded / ";" / "?" / ":"       |
+   |                |  / "@" / "&" / "=" / "+" / "$" / "," / "/"       |
+   |                |                                                  |
+   | uric_no_slash  | unreserved / pct-encoded / ";" / "?" / ":"       |
+   |                |  / "@" / "&" / "=" / "+" / "$" / ","             |
+   |                |                                                  |
+   | mark           | "-" / "_" / "." / "!" / "~" / "*" / "'"          |
+   |                |  / "(" / ")"                                     |
+   |                |                                                  |
+   | escaped        | pct-encoded                                      |
+   | hex            | HEXDIG                                           |
+   | alphanum       | ALPHA / DIGIT                                    |
+   +----------------+--------------------------------------------------+
+
+   Use of the above obsolete rules for the definition of scheme-specific
+   syntax is deprecated.
+
+   Section 2, on characters, has been rewritten to explain what
+   characters are reserved, when they are reserved, and why they are
+   reserved, even when they are not used as delimiters by the generic
+   syntax.  The mark characters that are typically unsafe to decode,
+   including the exclamation mark ("!"), asterisk ("*"), single-quote
+   ("'"), and open and close parentheses ("(" and ")"), have been moved
+   to the reserved set in order to clarify the distinction between
+   reserved and unreserved and, hopefully, to answer the most common
+   question of scheme designers.  Likewise, the section on
+   percent-encoded characters has been rewritten, and URI normalizers
+   are now given license to decode any percent-encoded octets
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 54]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   corresponding to unreserved characters.  In general, the terms
+   "escaped" and "unescaped" have been replaced with "percent-encoded"
+   and "decoded", respectively, to reduce confusion with other forms of
+   escape mechanisms.
+
+   The ABNF for URI and URI-reference has been redesigned to make them
+   more friendly to LALR parsers and to reduce complexity.  As a result,
+   the layout form of syntax description has been removed, along with
+   the uric, uric_no_slash, opaque_part, net_path, abs_path, rel_path,
+   path_segments, rel_segment, and mark rules.  All references to
+   "opaque" URIs have been replaced with a better description of how the
+   path component may be opaque to hierarchy.  The relativeURI rule has
+   been replaced with relative-ref to avoid unnecessary confusion over
+   whether they are a subset of URI.  The ambiguity regarding the
+   parsing of URI-reference as a URI or a relative-ref with a colon in
+   the first segment has been eliminated through the use of five
+   separate path matching rules.
+
+   The fragment identifier has been moved back into the section on
+   generic syntax components and within the URI and relative-ref rules,
+   though it remains excluded from absolute-URI.  The number sign ("#")
+   character has been moved back to the reserved set as a result of
+   reintegrating the fragment syntax.
+
+   The ABNF has been corrected to allow the path component to be empty.
+   This also allows an absolute-URI to consist of nothing after the
+   "scheme:", as is present in practice with the "dav:" namespace
+   [RFC2518] and with the "about:" scheme used internally by many WWW
+   browser implementations.  The ambiguity regarding the boundary
+   between authority and path has been eliminated through the use of
+   five separate path matching rules.
+
+   Registry-based naming authorities that use the generic syntax are now
+   defined within the host rule.  This change allows current
+   implementations, where whatever name provided is simply fed to the
+   local name resolution mechanism, to be consistent with the
+   specification.  It also removes the need to re-specify DNS name
+   formats here.  Furthermore, it allows the host component to contain
+   percent-encoded octets, which is necessary to enable
+   internationalized domain names to be provided in URIs, processed in
+   their native character encodings at the application layers above URI
+   processing, and passed to an IDNA library as a registered name in the
+   UTF-8 character encoding.  The server, hostport, hostname,
+   domainlabel, toplabel, and alphanum rules have been removed.
+
+   The resolving relative references algorithm of [RFC2396] has been
+   rewritten with pseudocode for this revision to improve clarity and
+   fix the following issues:
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 55]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   o  [RFC2396] section 5.2, step 6a, failed to account for a base URI
+      with no path.
+
+   o  Restored the behavior of [RFC1808] where, if the reference
+      contains an empty path and a defined query component, the target
+      URI inherits the base URI's path component.
+
+   o  The determination of whether a URI reference is a same-document
+      reference has been decoupled from the URI parser, simplifying the
+      URI processing interface within applications in a way consistent
+      with the internal architecture of deployed URI processing
+      implementations.  The determination is now based on comparison to
+      the base URI after transforming a reference to absolute form,
+      rather than on the format of the reference itself.  This change
+      may result in more references being considered "same-document"
+      under this specification than there would be under the rules given
+      in RFC 2396, especially when normalization is used to reduce
+      aliases.  However, it does not change the status of existing
+      same-document references.
+
+   o  Separated the path merge routine into two routines: merge, for
+      describing combination of the base URI path with a relative-path
+      reference, and remove_dot_segments, for describing how to remove
+      the special "." and ".." segments from a composed path.  The
+      remove_dot_segments algorithm is now applied to all URI reference
+      paths in order to match common implementations and to improve the
+      normalization of URIs in practice.  This change only impacts the
+      parsing of abnormal references and same-scheme references wherein
+      the base URI has a non-hierarchical path.
+
+Index
+
+   A
+      ABNF  11
+      absolute  27
+      absolute-path  26
+      absolute-URI  27
+      access  9
+      authority  17, 18
+
+   B
+      base URI  28
+
+   C
+      character encoding  4
+      character  4
+      characters  8, 11
+      coded character set  4
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 56]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+   D
+      dec-octet  20
+      dereference  9
+      dot-segments  23
+
+   F
+      fragment  16, 24
+
+   G
+      gen-delims  13
+      generic syntax  6
+
+   H
+      h16  20
+      hier-part  16
+      hierarchical  10
+      host  18
+
+   I
+      identifier  5
+      IP-literal  19
+      IPv4  20
+      IPv4address  19, 20
+      IPv6  19
+      IPv6address  19, 20
+      IPvFuture  19
+
+   L
+      locator  7
+      ls32  20
+
+   M
+      merge  32
+
+   N
+      name  7
+      network-path  26
+
+   P
+      path  16, 22, 26
+         path-abempty  22
+         path-absolute  22
+         path-empty  22
+         path-noscheme  22
+         path-rootless  22
+      path-abempty  16, 22, 26
+      path-absolute  16, 22, 26
+      path-empty  16, 22, 26
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 57]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+      path-rootless  16, 22
+      pchar  23
+      pct-encoded  12
+      percent-encoding  12
+      port  22
+
+   Q
+      query  16, 23
+
+   R
+      reg-name  21
+      registered name  20
+      relative  10, 28
+      relative-path  26
+      relative-ref  26
+      remove_dot_segments  33
+      representation  9
+      reserved  12
+      resolution  9, 28
+      resource  5
+      retrieval  9
+
+   S
+      same-document  27
+      sameness  9
+      scheme  16, 17
+      segment  22, 23
+         segment-nz  23
+         segment-nz-nc  23
+      sub-delims  13
+      suffix  27
+
+   T
+      transcription  8
+
+   U
+      uniform  4
+      unreserved  13
+      URI grammar
+         absolute-URI  27
+         ALPHA  11
+         authority  18
+         CR  11
+         dec-octet  20
+         DIGIT  11
+         DQUOTE  11
+         fragment  24
+         gen-delims  13
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 58]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+         h16  20
+         HEXDIG  11
+         hier-part  16
+         host  19
+         IP-literal  19
+         IPv4address  20
+         IPv6address  20
+         IPvFuture  19
+         LF  11
+         ls32  20
+         OCTET  11
+         path  22
+         path-abempty  22
+         path-absolute  22
+         path-empty  22
+         path-noscheme  22
+         path-rootless  22
+         pchar  23
+         pct-encoded  12
+         port  22
+         query  24
+         reg-name  21
+         relative-ref  26
+         reserved  13
+         scheme  17
+         segment  23
+         segment-nz  23
+         segment-nz-nc  23
+         SP  11
+         sub-delims  13
+         unreserved  13
+         URI  16
+         URI-reference  25
+         userinfo  18
+      URI  16
+      URI-reference  25
+      URL  7
+      URN  7
+      userinfo  18
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 59]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+Authors' Addresses
+
+   Tim Berners-Lee
+   World Wide Web Consortium
+   Massachusetts Institute of Technology
+   77 Massachusetts Avenue
+   Cambridge, MA  02139
+   USA
+
+   Phone: +1-617-253-5702
+   Fax:   +1-617-258-5999
+   EMail: [email protected]
+   URI:   http://www.w3.org/People/Berners-Lee/
+
+
+   Roy T. Fielding
+   Day Software
+   5251 California Ave., Suite 110
+   Irvine, CA  92617
+   USA
+
+   Phone: +1-949-679-2960
+   Fax:   +1-949-679-2972
+   EMail: [email protected]
+   URI:   http://roy.gbiv.com/
+
+
+   Larry Masinter
+   Adobe Systems Incorporated
+   345 Park Ave
+   San Jose, CA  95110
+   USA
+
+   Phone: +1-408-536-3024
+   EMail: [email protected]
+   URI:   http://larry.masinter.net/
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 60]
+
+RFC 3986                   URI Generic Syntax               January 2005
+
+
+Full Copyright Statement
+
+   Copyright (C) The Internet Society (2005).
+
+   This document is subject to the rights, licenses and restrictions
+   contained in BCP 78, and except as set forth therein, the authors
+   retain all their rights.
+
+   This document and the information contained herein are provided on an
+   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+   The IETF takes no position regarding the validity or scope of any
+   Intellectual Property Rights or other rights that might be claimed to
+   pertain to the implementation or use of the technology described in
+   this document or the extent to which any license under such rights
+   might or might not be available; nor does it represent that it has
+   made any independent effort to identify any such rights.  Information
+   on the IETF's procedures with respect to rights in IETF Documents can
+   be found in BCP 78 and BCP 79.
+
+   Copies of IPR disclosures made to the IETF Secretariat and any
+   assurances of licenses to be made available, or the result of an
+   attempt made to obtain a general license or permission for the use of
+   such proprietary rights by implementers or users of this
+   specification can be obtained from the IETF on-line IPR repository at
+   http://www.ietf.org/ipr.
+
+   The IETF invites any interested party to bring to its attention any
+   copyrights, patents or patent applications, or other proprietary
+   rights that may cover technology that may be required to implement
+   this standard.  Please address the information to the IETF at ietf-
+   [email protected].
+
+
+Acknowledgement
+
+   Funding for the RFC Editor function is currently provided by the
+   Internet Society.
+
+
+
+
+
+
+Berners-Lee, et al.         Standards Track                    [Page 61]
+
diff --git a/lib/inets/doc/src/Makefile b/lib/inets/doc/src/Makefile
index e4cb0c4e48..53d505b102 100644
--- a/lib/inets/doc/src/Makefile
+++ b/lib/inets/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -26,16 +26,6 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk
 include ../../vsn.mk
 VSN=$(INETS_VSN)
 
-
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-
 # ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
@@ -98,37 +88,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = \
-	$(XML_PART_FILES:%.xml=%.tex) \
-	$(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_REF6_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-TOP_PS_FILE  = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-TOP_HTML_FILES = 
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -141,8 +104,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 ldocs: local_docs
@@ -156,33 +117,6 @@ html: gifs $(HTML_REF_MAN_FILE)
 clean clean_docs: clean_html clean_man clean_pdf
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(TOP_HTML_FILES) gifs
-
-clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-
-clean: clean_tex clean_html clean_man
-	rm -f *.xmls_output *.xmls_errs
-	rm -f $(TOP_PDF_FILE)
-	rm -f errs core *~ 
-endif
-
 man: $(MAN3_FILES) 
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -204,10 +138,7 @@ clean_man:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
-	@echo "release_docs_spec(docs) when DOCSUPPORT=$DOCSUPPORT"
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
@@ -215,33 +146,6 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	@echo "release_docs_spec(pdf)"
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	@echo "release_docs_spec(ps)"
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	@echo "release_docs_spec(docs)"
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-	$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
 
 release_spec:
 
diff --git a/lib/inets/doc/src/ftp.xml b/lib/inets/doc/src/ftp.xml
index ca902d8d9d..f8f11ec705 100644
--- a/lib/inets/doc/src/ftp.xml
+++ b/lib/inets/doc/src/ftp.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -141,11 +141,21 @@
       <tag>{timeout, Timeout}</tag>
       <item>
         <marker id="timeout"></marker>
-	<p>Timeout = <c>integer() >= 0</c> </p>
+	<p>Timeout = <c>non_neg_integer()</c> </p>
 	<p>Connection timeout. </p>
 	<p>Default is 60000 (milliseconds). </p>
       </item>
 
+      <tag>{dtimeout, DTimeout}</tag>
+      <item>
+        <marker id="dtimeout"></marker>
+	<p>DTimeout = <c>non_neg_integer() | infinity</c> </p>
+	<p>Data Connect timeout. 
+	The time the client will wait for the server to connect to the 
+	data socket. </p>
+	<p>Default is infinity. </p>
+      </item>
+
       <tag>{progress, Progress}</tag>
       <item>
         <marker id="progress"></marker>
@@ -542,11 +552,12 @@
 	<v>verbose() = boolean() (defaults to false)</v>
 	<v>debug() = disable | debug | trace (defaults to disable)</v>
 	<!-- <v>open_options() = [open_option()]</v> -->
-	<v>open_option() = {ipfamily, ipfamily()} | {port, port()} | {mode, mode()} | {timeout, timeout()} | {progress, progress()}</v>
+	<v>open_option() = {ipfamily, ipfamily()} | {port, port()} | {mode, mode()} | {timeout, timeout()} | {dtimeout, dtimeout()} | {progress, progress()}</v>
 	<v>ipfamily() = inet | inet6 | inet6fb4 (defaults to inet)</v>
 	<v>port() = integer() > 0 (defaults to 21)</v>
 	<v>mode() = active | passive (defaults to passive)</v>
-	<v>timeout() = integer() >= 0 (defaults to 60000 milliseconds)</v>
+	<v>timeout() = integer() > 0 (defaults to 60000 milliseconds)</v>
+	<v>dtimeout() = integer() > 0 | infinity (defaults to infinity)</v>
 	<v>pogress() = ignore | {module(), function(), initial_data()} (defaults to ignore)</v>
 	<v>module() = atom()</v>
 	<v>function() = atom()</v>
diff --git a/lib/inets/doc/src/httpc.xml b/lib/inets/doc/src/httpc.xml
index d1671ac9bd..48a2089605 100644
--- a/lib/inets/doc/src/httpc.xml
+++ b/lib/inets/doc/src/httpc.xml
@@ -28,8 +28,10 @@
     <date></date>
     <rev></rev>
   </header>
+
   <module>httpc</module>
   <modulesummary>An HTTP/1.1 client </modulesummary>
+
   <description>
     <p>This module provides the API to a HTTP/1.1 compatible client according 
       to RFC 2616, caching is currently not supported.</p>
@@ -167,7 +169,6 @@ filename()       = string()
         <v>http_option() = {timeout,         timeout()} | 
                            {connect_timeout, timeout()} | 
                            {ssl,             ssloptions()} | 
-                           {ossl,            ssloptions()} | 
                            {essl,            ssloptions()} | 
                            {autoredirect,    boolean()} | 
                            {proxy_auth, {userstring(), passwordstring()}} | 
@@ -177,13 +178,14 @@ filename()       = string()
         <v>timeout() = integer() >= 0 | infinity</v>
         <v>Options = options()</v>
         <v>options() = [option()]</v>
-        <v>option() = {sync,          boolean()} | 
-                      {stream,        stream_to()} | 
-                      {body_format,   body_format()} | 
-                      {full_result,   boolean()} | 
-                      {headers_as_is, boolean() |
-                      {socket_opts,   socket_opts()} | 
-                      {receiver,      receiver()}}</v>
+        <v>option() = {sync,                    boolean()} | 
+                      {stream,                  stream_to()} | 
+                      {body_format,             body_format()} | 
+                      {full_result,             boolean()} | 
+                      {headers_as_is,           boolean() |
+                      {socket_opts,             socket_opts()} | 
+                      {receiver,                receiver()},
+	              {ipv6_host_with_brackets, boolean()}}</v>
         <v>stream_to() = none | self | {self, once} | filename() </v>
         <v>socket_opts() = [socket_opt()]</v>
         <v>receiver() = pid() | function()/1 | {Module, Function, Args} </v>
@@ -206,6 +208,7 @@ filename()       = string()
 	to the <c>receiver</c> depending on that value. </p>
 
         <p>Http option (<c>http_option()</c>) details: </p>
+        <marker id="request2_http_options"></marker>
         <taglist>
           <tag><c><![CDATA[timeout]]></c></tag>
           <item>
@@ -231,16 +234,9 @@ filename()       = string()
             <p>Defaults to <c>[]</c>. </p>
 	  </item>
 
-          <tag><c><![CDATA[ossl]]></c></tag>
-          <item>
-            <p>If using the OpenSSL based (old) implementation of SSL, 
-	    these SSL-specific options are used. </p>
-            <p>Defaults to <c>[]</c>. </p>
-	  </item>
-
           <tag><c><![CDATA[essl]]></c></tag>
           <item>
-            <p>If using the Erlang based (new) implementation of SSL, 
+            <p>If using the Erlang based implementation of SSL, 
 	    these SSL-specific options are used. </p>
             <p>Defaults to <c>[]</c>. </p>
 	  </item>
@@ -412,7 +408,18 @@ apply(Module, Function, [ReplyInfo | Args])
 
             <p>Defaults to the <c>pid()</c> of the process calling the request 
 	    function (<c>self()</c>). </p>
+
+	    <marker id="ipv6_host_with_brackets"></marker>
+	  </item>
+
+          <tag><c><![CDATA[ipv6_host_with_brackets]]></c></tag>
+          <item>
+            <p>When parsing the Host-Port part of an URI with a IPv6 address 
+	    with brackets, shall we retain those brackets (<c>true</c>) or 
+	    strip them (<c>false</c>). </p>
+            <p>Defaults to <c>false</c>. </p>
 	  </item>
+
         </taglist>
 
         <marker id="cancel_request"></marker>
@@ -577,17 +584,24 @@ apply(Module, Function, [ReplyInfo | Args])
 
     <func>
       <name>cookie_header(Url) -> </name>
-      <name>cookie_header(Url, Profile) -> header() | {error, Reason}</name>
+      <name>cookie_header(Url, Profile | Opts) -> header() | {error, Reason}</name>
+      <name>cookie_header(Url, Opts, Profile) -> header() | {error, Reason}</name>
       <fsummary>Returns the cookie header that would be sent when
       making a request to Url using the profile <c>Profile</c>.</fsummary>
       <type>
         <v>Url = url()</v>
+        <v>Opts = [cookie_header_opt()]</v>
 	<v>Profile = profile() | pid() (when started <c>stand_alone</c>)</v>
+        <v>cookie_header_opt() = {ipv6_host_with_brackets, boolean()}</v>
       </type>
       <desc>
         <p>Returns the cookie header that would be sent
 	when making a request to <c>Url</c> using the profile <c>Profile</c>.
 	If no profile is specified the default profile will be used. </p>
+	<p>The option <c>ipv6_host_with_bracket</c> deals with how to 
+	parse IPv6 addresses. 
+	See the <c>Options</c> argument of the 
+	<seealso marker="#request2">request/4,5</seealso> for more info. </p>
 
         <marker id="reset_cookies"></marker>
       </desc>
diff --git a/lib/inets/doc/src/httpd.xml b/lib/inets/doc/src/httpd.xml
index edacb73b65..f88099a82e 100644
--- a/lib/inets/doc/src/httpd.xml
+++ b/lib/inets/doc/src/httpd.xml
@@ -148,13 +148,11 @@
 	in the apache like configuration file.
       </item>
 
-      <tag>{socket_type, ip_comm | ssl | ossl | essl}</tag>
+      <tag>{socket_type, ip_comm | ssl | essl}</tag>
       <item>
-	<p>When using ssl, there are several alternatives. 
-          <c>ossl</c> specifically uses the OpenSSL based (old) SSL. 
-          <c>essl</c> specifically uses the Erlang based (new) SSL. 
-          When using <c>ssl</c> it <em>currently</em> defaults to 
-          <c>essl</c>. </p>
+	<p>When using ssl, there are currently only one alternative. 
+	<c>essl</c> specifically uses the Erlang based SSL. 
+	<c>ssl</c> defaults to <c>essl</c>. </p>
 	<p>Defaults to <c>ip_comm</c>. </p> 
       </item>
 
@@ -162,7 +160,7 @@
       <item>
 	<p>Defaults to <c>inet6fb4. </c> </p>
         <p>Note that this option is only used when the option 
-          <c>socket_type</c> has the value <c>ip_comm</c>. </p>
+	<c>socket_type</c> has the value <c>ip_comm</c>. </p>
       </item>
 
     </taglist>
diff --git a/lib/inets/doc/src/make.dep b/lib/inets/doc/src/make.dep
deleted file mode 100644
index 8deb7e7a5a..0000000000
--- a/lib/inets/doc/src/make.dep
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-#
-#
-
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex ftp.tex ftp_client.tex httpc.tex http_client.tex \
-		http_server.tex httpd.tex httpd_conf.tex httpd_socket.tex \
-		httpd_util.tex inets.tex inets_services.tex \
-		mod_alias.tex mod_auth.tex mod_esi.tex mod_security.tex \
-		part.tex ref_man.tex tftp.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-ftp.tex: ../../../../system/doc/definitions/term.defs
-
-inets_services.tex: ../../../../system/doc/definitions/term.defs
-
diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml
index 487b9c6c00..cfc58b8ddb 100644
--- a/lib/inets/doc/src/notes.xml
+++ b/lib/inets/doc/src/notes.xml
@@ -32,7 +32,8 @@
     <file>notes.xml</file>
   </header>
   
-  <section><title>Inets 5.7.3</title>
+
+  <section><title>Inets 5.8.1</title>
     <section><title>Improvements and New Features</title>
     <p>-</p>
 
@@ -40,7 +41,7 @@
       <list>
         <item>
           <p>[httpc|httpd] Added support for IPv6 with ssl. </p>
-	  <p>Own Id: OTP-5566</p>
+          <p>Own Id: OTP-5566</p>
         </item>
 
       </list>
@@ -57,32 +58,127 @@
         <item>
           <p>[ftp] Fails to open IPv6 connection due to badly formatted
           IPv6 address in EPRT command. The address part of the command
-	  incorrectly contained decimal elements instead of hexadecimal. </p>
+          incorrectly contained decimal elements instead of hexadecimal. </p>
           <p>Own Id: OTP-9827</p>
           <p>Aux Id: Seq 11970 </p>
         </item>
 
         <item>
           <p>[httpc] Bad Keep Alive Mode. When selecting a session, 
-	  the "state" of the session (specifically if the server has 
-	  responded) was not taken into account. </p>
+          the "state" of the session (specifically if the server has 
+          responded) was not taken into account. </p>
           <p>Own Id: OTP-9847</p>
         </item>
 
         <item>
           <p>[httpc] The client incorrectly streams 404 responses. 
-	  The documentation specifies that only 200 and 206 responses 
-	  shall be streamed. </p>
-	  <p>Shane Evens</p>
+          The documentation specifies that only 200 and 206 responses 
+          shall be streamed. </p>
+          <p>Shane Evens</p>
           <p>Own Id: OTP-9860</p>
         </item>
 
       </list>
     </section>
   
-  </section> <!-- 5.7.3 -->
+  </section> <!-- 5.8.1 -->
+
 
+  <section><title>Inets 5.8</title>
+
+    <section><title>Improvements and New Features</title>
+<!--
+    <p>-</p>
+-->
+
+      <list>
+        <item>
+          <p>[ftpc] Add a config option to specify a 
+	  <seealso marker="ftp#dtimeout">data connect timeout</seealso>.
+	  That is how long the ftp client will wait for the server to connect
+	  to the data socket. If this timeout occurs, an error will be 
+	  returned to the caller and the ftp client process will be 
+	  terminated. </p>
+	  <p>Own Id: OTP-9545</p>
+        </item>
+
+        <item>
+          <p>[httpc] Wrong Host header in IPv6 HTTP requests.
+	  When a URI with a IPv6 host is parsed, the brackets that encapsulates
+	  the address part is removed. This value is then supplied as the host 
+	  header. This can cause problems with some servers.
+	  A workaround for this is to use headers_as_is and provide the host
+	  header with the requst call. 
+	  To solve this a new option has been added, 
+	  <seealso marker="httpc#ipv6_host_with_brackets">ipv6_host_with_brackets</seealso>. 
+	  This option specifies if the host value of the host header shall 
+	  include the brackets or not. By default, it does not (as before). 
+	  </p>
+	  <p>Own Id: OTP-9628</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+<!--
+    <p>-</p>
+-->
+
+      <list>
+        <item>
+          <p>[httpd] Fix logging of content length in mod_log. </p>
+	  <p>Garrett Smith</p>
+	  <p>Own Id: OTP-9715</p>
+        </item>
+
+        <item>
+          <p>[httpd] Sometimes entries in the transfer log was written 
+	  with the message size as list of numbers. This list was actually 
+	  the size as a string, e.g. "123", written with the control 
+	  sequence ~w. This has now been corrected so that any string is 
+	  converted to an integer (if possible). </p>
+	  <p>Own Id: OTP-9733</p>
+        </item>
+
+        <item>
+          <p>Fixed various problems detected by Dialyzer. </p>
+	  <p>Own Id: OTP-9736</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+<!--
+      <p>-</p>
+-->
 
+      <list>
+        <item>
+          <p>[httpc] Deprecated interface module <c>http</c> has been removed. 
+	  It has (long) been replaced by http client interface module 
+	  <seealso marker="httpc#">httpc</seealso>. </p>
+	  <p>Own Id: OTP-9359</p>
+        </item>
+
+        <item>
+          <p>[httpc|httpd] The old ssl implementation (based on OpenSSL), 
+	  has been deprecated. The config option that specified usage of 
+	  this version of the ssl app, <c>ossl</c>, has been removed. </p>
+	  <p>Own Id: OTP-9522</p>
+        </item>
+
+      </list>
+
+    </section>
+
+  </section> <!-- 5.8 -->
+
+  
   <section><title>Inets 5.7.2</title>
     <section><title>Improvements and New Features</title>
     <p>-</p>
@@ -99,6 +195,31 @@
 
     </section>
 
+    <section>
+      <title>Incompatibilities</title>
+<!--
+      <p>-</p>
+-->
+
+      <list>
+        <item>
+          <p>[httpc] Deprecated interface module <c>http</c> has been removed. 
+	  It has (long) been replaced by http client interface module 
+	  <seealso marker="httpc#">httpc</seealso>. </p>
+	  <p>Own Id: OTP-9359</p>
+        </item>
+
+        <item>
+          <p>[httpc|httpd] The old ssl implementation (based on OpenSSL), 
+	  has been deprecated. The config option that specified usage of 
+	  this version of the ssl app, <c>ossl</c>, has been removed. </p>
+	  <p>Own Id: OTP-9522</p>
+        </item>
+
+      </list>
+
+    </section>
+
     <section><title>Fixed Bugs and Malfunctions</title>
 <!--
     <p>-</p>
@@ -133,7 +254,7 @@
       <list>
         <item>
           <p>[httpc|httpd] Added support for IPv6 with ssl. </p>
-	  <p>Own Id: OTP-5566</p>
+          <p>Own Id: OTP-5566</p>
         </item>
 
       </list>
@@ -149,24 +270,24 @@
       <list>
         <item>
           <p>[httpc] Parsing of a cookie expire date should be more forgiving. 
-	  That is, if the parsing fails, the date should be ignored.
-	  Also added support for (yet another) date format: 
-	  "Tue Jan 01 08:00:01 2036 GMT". </p>
-	  <p>Own Id: OTP-9433</p>
+          That is, if the parsing fails, the date should be ignored.
+          Also added support for (yet another) date format: 
+          "Tue Jan 01 08:00:01 2036 GMT". </p>
+          <p>Own Id: OTP-9433</p>
         </item>
 
         <item>
           <p>[httpc] Rewrote cookie parsing. Among other things solving 
-	  cookie processing from www.expedia.com. </p>
-	  <p>Own Id: OTP-9434</p>
+          cookie processing from www.expedia.com. </p>
+          <p>Own Id: OTP-9434</p>
         </item>
 
         <item>
           <p>[httpd] Fix httpd directory traversal on Windows. 
-	  Directory traversal was possible on Windows where
-	  backward slash is used as directory separator. </p>
-	  <p>Andr�s Veres-Szentkir�lyi.</p>
-	  <p>Own Id: OTP-9561</p>
+          Directory traversal was possible on Windows where
+          backward slash is used as directory separator. </p>
+          <p>Andr�s Veres-Szentkir�lyi.</p>
+          <p>Own Id: OTP-9561</p>
         </item>
 
       </list>
@@ -1187,570 +1308,11 @@
 
   </section> <!-- 5.1 -->
 
+  <!-- 
+       <p>For information about older versions see
+       <url href="part_notes_history_frame.html">release notes history</url>.</p>
+  -->
 
-  <section><title>Inets 5.0.14</title>
-
-      <section><title>Improvements and New Features</title>
-        <list>
-          <item>
-            <p>
-              [tftp] The callback watchdog has been removed, as it
-              turned out to be counter productive when the disk was
-              overloaded. Earlier a connection was aborted when a
-              callback (which performs the file access in the TFTP
-              server) took too long time.</p>
-            <p>
-              [tftp] The error message "Too many connections" has been
-              reclassified to be a warning.</p>
-            <p>
-              Own Id: OTP-7888</p>
-          </item>
-        </list>
-      </section>
-
-
-      <section><title>Fixed Bugs and Malfunctions</title>
-        <list>
-	  <item>
-	    <p>[httpc] - Incorrect http version option check. </p>
-            <p>Mats Cronqvist</p>
-	    <p>Own Id: OTP-7882</p>
-          </item>
-
-	  <item>
-	    <p>[httpc] - Unnecessary error report when client 
-              terminating as a result of the server closed the 
-              socket unexpectedly. </p>
-	    <p>Own Id: OTP-7883</p>
-          </item>
-
-	  <item>
-	    <p>[httpc] - Failed transforming a relative URI to 
-              an absolute URI. </p>
-            <p>[email protected]</p>
-	    <p>Own Id: OTP-7950</p>
-          </item>
-
-	  <item>
-	    <p>[httpd] - The HTTP server did not handle the config
-              option ssl_ca_certificate_file. </p>
-            <p>[email protected]</p>
-	    <p>Own Id: OTP-7976</p>
-          </item>
-
-        </list>
-      </section>
-
-  </section> <!-- 5.0.14 -->
-
-
-  <section><title>Inets 5.0.13</title>
-  
-  <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-	<item>
-	  <p>
-	    Ssl did not work correctly with the use of new style
-	    configuration due to sn old internal format that was not
-	  changed correctly in all places.</p>
-	  <p>
-            Own Id: OTP-7723 Aux Id: seq11143 </p>
-        </item>
-        <item>
-          <p>
-            [httpc] - Now streams 200 and 206 results and not only
-            200 results.</p>
-          <p>
-            Own Id: OTP-7857</p>
-        </item>
-      </list>
-    </section>
-
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-            [httpc] - The inets http client will now use persistent
-            connections without pipelining as default and if a
-            pipeline timeout is set it will pipeline the requests on
-            the persistent connections.</p>
-          <p>
-            *** POTENTIAL INCOMPATIBILITY ***</p>
-          <p>
-            Own Id: OTP-7463</p>
-        </item>
-        <item>
-          <p>
-            [httpd] - added option ssl_password_callback_arguments.</p>
-          <p>
-            Own Id: OTP-7724 Aux Id: seq11151 </p>
-        </item>
-        <item>
-          <p>
-            Changed the socket use so that it will become more robust
-            to non-functional ipv6 and fallback on ipv4. This changes
-            may for very special os-configurations cause a problem
-            when used with erts-versions pre R13.</p>
-          <p>
-            Own Id: OTP-7726</p>
-        </item>
-        <item>
-          <p>
-            Removed deprecated function httpd_util:key1search/[2,3]</p>
-          <p>
-            Own Id: OTP-7815</p>
-        </item>
-      </list>
-    </section>
-
-  </section>
-
-  <section><title>Inets 5.0.12</title>
-  
-  <section><title>Improvements and New Features</title>
-  <list>
-    <item>
-      <p>
-	[httpd] - Updated inets so that it not uses the deprecated
-	function ssl:accept/[2,3].</p>
-      <p>
-      Own Id: OTP-7636 Aux Id: seq11086 </p>
-    </item>
-      </list>
-  </section>
-  
-  </section>
-
-  
-  <section><title>Inets 5.0.11</title>
-
-  <section><title>Fixed Bugs and Malfunctions</title>
-  <list>
-    <item>
-      <p>
-	Transient bug related to hot code swap of the TFTP server is
-	now fixed. It could happen that the first TFTP server that was
-	started after a code upgrade to Inets-5.0.6 crashed with a
-	function clause error in tftp_engine:service_init/2.</p>
-	<p> Own Id: OTP-7574 Aux Id: seq11069 </p>
-        </item>
-	<item>
-	  <p>
-	    [httpd] - Validation of ssl_password_callback_module was
-	  incorrect.</p>
-	  <p>
-	  Own Id: OTP-7597 Aux Id: seq11074 </p>
-	</item>
-	<item>
-	  <p>
-	    [httpd] - Misspelling in old apachelike configuration
-	  directive TransferDiskLogSize has been corrected.</p>
-	  <p> Own Id: OTP-7598 Aux Id: seq11059 </p>
-	</item>
-	<item>
-	  <p>
-	  Minor problems found by dialyzer has been fixed.</p>
-	  <p>
-            Own Id: OTP-7605</p>
-        </item>
-  </list>
-  </section>
-
-  </section>
-
-<section><title>Inets 5.0.10</title>
-
-    <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-        <item>
-          <p>
-            Enhanched an info report.</p>
-          <p>
-            Own Id: OTP-7450</p>
-        </item>
-      </list>
-    </section>
-
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-            Changed errro message from
-            {wrong_type,{document_root,"/tmp/htdocs"}} to
-            {invalid_option,{non_existing,
-            document_root,"/tmp/htdocs"}}.</p>
-          <p>
-            Own Id: OTP-7454</p>
-        </item>
-        <item>
-          <p>
-            Relative paths in directory authentication did not work
-            as intended, this has now been fixed.</p>
-          <p>
-            Own Id: OTP-7490</p>
-        </item>
-        <item>
-          <p>
-            The query-string passed to the callback function was not
-            compliant with the documentation, it is now.</p>
-          <p>
-            Own Id: OTP-7512</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-  <section><title>Inets 5.0.9</title>
-
-    <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-        <item>
-          <p>
-            Parameters to error_logger:error_report/1 has been
-            corrected.</p>
-          <p>
-            Own Id: OTP-7257 Aux Id: OTP-7294, OTP-7258 </p>
-        </item>
-        <item>
-          <p>
-            [httpd] - If a Module/Function request matching an
-	    erl_script_alias registration does not exist as a function in
-	    the module registered a 404 error will now be issued instead of a
-            500 error.</p>
-          <p>
-            Own Id: OTP-7323</p>
-        </item>
-        <item>
-          <p>
-            [httpd] -The option auth_type for mod_auth is no longer
-	    mandatory, for backward-compatibility reasons.</p>
-          <p>
-            Own Id: OTP-7341</p>
-        </item>
-      </list>
-    </section>
-
-  </section>
-
-  <section><title>Inets 5.0.8</title>
-  
-  <section><title>Fixed Bugs and Malfunctions</title>
-  <list>
-    <item>
-      <p>
-	[httpd] - Spelling error caused client connection header
-      to be ignored.</p>
-      <p>
-      Own Id: OTP-7315 Aux Id: seq10951 </p>
-    </item>
-    <item>
-      <p>
-	[httpd] - Call to the function
-	mod_get:get_modification_date/1 was made too early
-	resulting in that httpd did not send the 404 file missing
-      response.</p>
-      <p>
-      Own Id: OTP-7321</p>
-    </item>
-  </list>
-  </section>
-  
-  </section>
-
-  <section><title>Inets 5.0.7</title>
-  
-  <section><title>Improvements and New Features</title>
-  <list>
-    <item>
-	  <p>
-	    [httpc, httpd] - Now follows the recommendation regarding
-	    line terminators in section 19.3 in RFC 2616 e.i: "The
-	    line terminator for message-header fields is the sequence
-	    CRLF. However, we recommend that applications, when
-	    parsing such headers, recognize a single LF as a line
-	  terminator and ignore the leading CR".</p>
-	  <p>
-	  Own Id: OTP-7304 Aux Id: seq10944 </p>
-    </item>
-  </list>
-  </section>
-  
-  </section>
-  
-  <section><title>Inets 5.0.6</title>
-
-  <section><title>Improvements and New Features</title>
-  <list>
-        <item>
-          <p>
-            [tftp] If a callback (which performs the file access in
-            the TFTP server) takes too long time (more than the
-	    double TFTP timeout), the server will abort the
-            connection and send an error reply to the client. This
-	    implies that the server will release resources attached
-            to the connection faster than before. The server simply
-            assumes that the client has given up.</p>
-          <p>
-            [tftp] If the TFTP server receives yet another request
-            from the same client (same host and port) while it
-            already has an active connection to the client, it will
-            simply ignore the new request if the request is equal
-            with the first one (same filename and options). This
-            implies that the (new) client will be served by the
-            already ongoing connection on the server side. By not
-            setting up yet another connection, in parallel with the
-            ongoing one, the server will consumer lesser resources.</p>
-          <p>
-            [tftp] netascii mode is now supported when the
-            client/server has native ascii support (Windows). The new
-            optional parameter native_ascii in the tftp_binary and
-            tftp_file callback modules can be used to override the
-            default behavior.</p>
-          <p>
-            [tftp] Yet another callback module has been added in
-            order to allow customized handling of error, warning and
-            info messages. See the new configuration parameter,
-            logger.</p>
-          <p>
-            [tftp] Yet another configuration parameter, max_retries,
-            has been added in order to control the number of times a
-            packet can be resent. The default is 5.</p>
-          <p>
-            [tftp] tftp:info/1 and tftp:change_config/2 can now be
-            applied to all daemons or all servers in one command
-            without bothering about their process identifiers.</p>
-          <p>
-            External TR HI89527.</p>
-          <p>
-            Own Id: OTP-7266</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-<section><title>Inets 5.0.5</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-            [tftp] Blocks with too low block numbers are silently
-            discarded. For example if a server receives block #5 when
-            it expects block #7 it will discard the block without
-            interrupting the file transfer. Too high block numbers
-            does still imply an error. External TR HI96072.</p>
-          <p>
-            Own Id: OTP-7220</p>
-        </item>
-        <item>
-          <p>
-            [tftp] The problem with occasional case_clause errors in
-            tftp_engine:common_read/7 has been fixed. External TR
-            HI97362.</p>
-          <p>
-            Own Id: OTP-7221</p>
-        </item>
-      </list>
-    </section>
-
-</section>
-
-  <section><title>Inets 5.0.4</title>
-  
-      <section><title>Improvements and New Features</title>
-	<list>
-	  <item>
-	    <p>
-	      Changed calls to file open to concur with the API and not
-	      use deprecated syntax.</p>
-	    <p>
-	      Own Id: OTP-7172</p>
-	  </item>
-	  <item>
-	    <p>
-	      [tftp] Server lost the first packet when the client timed
-	      out</p>
-	    <p>
-	      Own Id: OTP-7173</p>
-	  </item>
-	</list>
-      </section>
-  
-  </section>
-
-  <section><title>Inets 5.0.3</title>
-  
-    <section><title>Improvements and New Features</title>
-    <list>
-        <item>
-          <p>
-	    Updated copyright headers and fixed backwards
-	    compatibility for an undocumented feature, for now. This
-	    feature will later be removed and a new and documented
-	    option will take its place.</p>
-	  <p>
-	  Own Id: OTP-7144</p>
-        </item>
-    </list>
-    </section>
-
-  </section>
-
-  <section><title>Inets 5.0.2</title>
-
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-            [httpd] - Error logs now has a pretty and a compact
-            format and access logs can be written on the common log
-            format or the extended common log format.</p>
-          <p>
-            Own Id: OTP-6661 Aux Id: Seq 7764 </p>
-        </item>
-        <item>
-          <p>
-            [httpc] - Added acceptance of missing reason phrase to
-            the relaxed mode.</p>
-          <p>
-            Own Id: OTP-7024</p>
-        </item>
-        <item>
-          <p>
-            [httpc] - A new option has been added to enable the
-            client to act as lower version clients, by default the
-            client is an HTTP/1.1 client.</p>
-          <p>
-            Own Id: OTP-7043</p>
-        </item>
-      </list>
-    </section>
-
-  </section>
-  
-  <section><title>Inets 5.0.1</title>
-    
-    <section><title>Fixed Bugs and Malfunctions</title>
-      <list>
-        <item>
-          <p>
-            [httpd] - Deprecated function httpd:start/1 did not
-            accept all inputs that it had done previously. This
-            should now work again.</p>
-          <p>
-            Own Id: OTP-7040</p>
-        </item>
-      </list>
-    </section>
-    
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-            [httpd] - Changed validity check on bind_address so that
-            it uses inet:getaddr instead of inet:gethostbyaddr as the
-            former puts a too hard restriction on the bind_address.</p>
-          <p>
-            Own Id: OTP-7041 Aux Id: seq10829 </p>
-        </item>
-        <item>
-          <p>
-            [httpc] - Internal process now does try-catch and
-            terminates normally in case of HTTP parse errors.
-            Semantical the client works just as before returning an
-            error message to the client, even if the error massage
-            has been enhanced, but there is no supervisor report in
-            the shell of a internal process crashing. (Which was the
-            expected behavior and not a fault.)</p>
-          <p>
-            Own Id: OTP-7042</p>
-        </item>
-      </list>
-    </section>
-
-  </section>
-
-  <section><title>Inets 5.0</title>
-    
-    <section><title>Improvements and New Features</title>
-      <list>
-        <item>
-          <p>
-            [httpd, httpc] - Deprecated base64 decode/encode
-            functions have been removed. Inets uses base64 in STDLIB
-            instead.</p>
-          <p>
-            *** POTENTIAL INCOMPATIBILITY ***</p>
-          <p>
-            Own Id: OTP-6485</p>
-        </item>
-        <item>
-          <p>
-            [httpd] - It is now possible to restrict the length of
-            acceptable URI:s in the HTTP server.</p>
-          <p>
-            Own Id: OTP-6572</p>
-        </item>
-        <item>
-          <p>
-            [httpc] - Profiles are now supported i.e. the options
-            available in set_options/1 can be set locally for a
-            certain profile and do not have to affect all
-            HTTP-requests issued in the Erlang node. Calls to the
-            HTTP client API functions not using the profile argument
-            will use the default profile.</p>
-          <p>
-            Own Id: OTP-6690</p>
-        </item>
-        <item>
-          <p>
-            A new uniform Inets interface provides a flexible way to
-            start/stop Inets services and get information about
-            running services. See inets(3). This also means that
-            inflexibilities in the HTTP server has been removed and
-            more default values has been added.</p>
-          <p>
-            Own Id: OTP-6705</p>
-        </item>
-        <item>
-          <p>
-            [tftp] Logged errors have been changed to be logged
-            warnings.</p>
-          <p>
-            Own Id: OTP-6916 Aux Id: seq10737 </p>
-        </item>
-        <item>
-          <p>
-            [httpc] - The client will now return the proper value
-            when receiving a HTTP 204 code instead of hanging.</p>
-          <p>
-            Own Id: OTP-6982</p>
-        </item>
-        <item>
-          <p>
-            The Inets application now has to be explicitly started
-            and stopped i.e. it will not automatically be started as
-            a temporary application as it did before. Although a
-            practical feature when testing things in the shell it is
-            not desirable that people take advantage of this and not
-            start the Inets application in a correct way in their
-            products. Added functions to the Inets API that call
-            application:start/stop.</p>
-          <p>
-            *** POTENTIAL INCOMPATIBILITY ***</p>
-          <p>
-            Own Id: OTP-6993</p>
-        </item>
-      </list>
-    </section> 
-  
-    <!-- p>For information about older versions see
-      <url href="part_notes_history_frame.html">release notes history</url>.</p -->
-  </section>
 </chapter>
 
 
diff --git a/lib/inets/priv/plt/.gitignore b/lib/inets/priv/plt/.gitignore
new file mode 100644
index 0000000000..2051b52d48
--- /dev/null
+++ b/lib/inets/priv/plt/.gitignore
@@ -0,0 +1,2 @@
+/*.plt
+/*.dialyzer_analysis
diff --git a/lib/inets/src/ftp/ftp.erl b/lib/inets/src/ftp/ftp.erl
index 3028cd800f..560ee55271 100644
--- a/lib/inets/src/ftp/ftp.erl
+++ b/lib/inets/src/ftp/ftp.erl
@@ -55,9 +55,10 @@
 -include("ftp_internal.hrl").
 
 %% Constante used in internal state definition
--define(CONNECTION_TIMEOUT, 60*1000).
--define(DEFAULT_MODE,       passive).
--define(PROGRESS_DEFAULT,   ignore).
+-define(CONNECTION_TIMEOUT,  60*1000).
+-define(DATA_ACCEPT_TIMEOUT, infinity).
+-define(DEFAULT_MODE,        passive).
+-define(PROGRESS_DEFAULT,    ignore).
 
 %% Internal Constants
 -define(FTP_PORT, 21).
@@ -88,7 +89,8 @@
 	  %% data needed further on.
 	  caller = undefined, % term()     
 	  ipfamily,     % inet | inet6 | inet6fb4
-	  progress = ignore   % ignore | pid()	    
+	  progress = ignore,   % ignore | pid()	    
+	  dtimeout = ?DATA_ACCEPT_TIMEOUT  % non_neg_integer() | infinity
 	 }).
 
 
@@ -847,6 +849,7 @@ start_options(Options) ->
 %%    host
 %%    port
 %%    timeout
+%%    dtimeout
 %%    progress
 open_options(Options) ->
     ?fcrt("open_options", [{options, Options}]), 
@@ -875,7 +878,12 @@ open_options(Options) ->
 	   (_) -> false
 	end,
     ValidateTimeout = 
-	fun(Timeout) when is_integer(Timeout) andalso (Timeout > 0) -> true;
+	fun(Timeout) when is_integer(Timeout) andalso (Timeout >= 0) -> true;
+	   (_) -> false
+	end,
+    ValidateDTimeout = 
+	fun(DTimeout) when is_integer(DTimeout) andalso (DTimeout >= 0) -> true;
+	   (infinity) -> true;
 	   (_) -> false
 	end,
     ValidateProgress = 
@@ -893,6 +901,7 @@ open_options(Options) ->
 	 {port,     ValidatePort,     false, ?FTP_PORT},
 	 {ipfamily, ValidateIpFamily, false, inet},
 	 {timeout,  ValidateTimeout,  false, ?CONNECTION_TIMEOUT}, 
+	 {dtimeout, ValidateDTimeout, false, ?DATA_ACCEPT_TIMEOUT}, 
 	 {progress, ValidateProgress, false, ?PROGRESS_DEFAULT}], 
     validate_options(Options, ValidOptions, []).
 
@@ -1037,13 +1046,15 @@ handle_call({_, {open, ip_comm, Opts}}, From, State) ->
 	    Mode     = key_search(mode,     Opts, ?DEFAULT_MODE),
 	    Port     = key_search(port,     Opts, ?FTP_PORT), 
 	    Timeout  = key_search(timeout,  Opts, ?CONNECTION_TIMEOUT),
+	    DTimeout = key_search(dtimeout, Opts, ?DATA_ACCEPT_TIMEOUT),
 	    Progress = key_search(progress, Opts, ignore),
 	    IpFamily = key_search(ipfamily, Opts, inet),
-	    
+
 	    State2 = State#state{client   = From, 
 				 mode     = Mode,
 				 progress = progress(Progress),
-				 ipfamily = IpFamily}, 
+				 ipfamily = IpFamily, 
+				 dtimeout = DTimeout}, 
 
 	    ?fcrd("handle_call(open) -> setup ctrl connection with", 
 		  [{host, Host}, {port, Port}, {timeout, Timeout}]), 
@@ -1064,11 +1075,13 @@ handle_call({_, {open, ip_comm, Host, Opts}}, From, State) ->
     Mode     = key_search(mode,     Opts, ?DEFAULT_MODE),
     Port     = key_search(port,     Opts, ?FTP_PORT), 
     Timeout  = key_search(timeout,  Opts, ?CONNECTION_TIMEOUT),
+    DTimeout = key_search(dtimeout, Opts, ?DATA_ACCEPT_TIMEOUT),
     Progress = key_search(progress, Opts, ignore),
     
     State2 = State#state{client   = From, 
 			 mode     = Mode,
-			 progress = progress(Progress)}, 
+			 progress = progress(Progress), 
+			 dtimeout = DTimeout}, 
 
     case setup_ctrl_connection(Host, Port, Timeout, State2) of
 	{ok, State3, WaitTimeout} ->
@@ -1657,9 +1670,19 @@ handle_ctrl_result({pos_compl, Lines},
 %%--------------------------------------------------------------------------
 %% Directory listing 
 handle_ctrl_result({pos_prel, _}, #state{caller = {dir, Dir}} = State) ->
-    NewState = accept_data_connection(State),
-    activate_data_connection(NewState),
-    {noreply, NewState#state{caller = {handle_dir_result, Dir}}};
+    case accept_data_connection(State) of
+	{ok, NewState} ->
+	    activate_data_connection(NewState),
+	    {noreply, NewState#state{caller = {handle_dir_result, Dir}}};
+	{error, _Reason} = ERROR ->
+	    case State#state.client of
+		undefined ->
+		    {stop, ERROR, State};
+		From ->
+		    gen_server:reply(From, ERROR),
+		    {stop, normal, State#state{client = undefined}}
+	    end
+    end;
 
 handle_ctrl_result({pos_compl, _}, #state{caller = {handle_dir_result, Dir,
 						    Data}, client = From} 
@@ -1756,9 +1779,19 @@ handle_ctrl_result({Status, _},
 %%--------------------------------------------------------------------------
 %% File handling - recv_bin
 handle_ctrl_result({pos_prel, _}, #state{caller = recv_bin} = State) ->
-    NewState = accept_data_connection(State),
-    activate_data_connection(NewState),
-    {noreply, NewState};
+    case accept_data_connection(State) of
+	{ok, NewState} ->
+	    activate_data_connection(NewState),
+	    {noreply, NewState};
+	{error, _Reason} = ERROR ->
+	    case State#state.client of
+		undefined ->
+		    {stop, ERROR, State};
+		From ->
+		    gen_server:reply(From, ERROR),
+		    {stop, normal, State#state{client = undefined}}
+	    end
+    end;
 
 handle_ctrl_result({pos_compl, _}, #state{caller = {recv_bin, Data},
 					  client = From} = State) ->
@@ -1780,16 +1813,37 @@ handle_ctrl_result({Status, _}, #state{caller = {recv_bin, _}} = State) ->
 handle_ctrl_result({pos_prel, _}, #state{client = From,
 					 caller = start_chunk_transfer}
 		   = State) ->
-    NewState = accept_data_connection(State),
-    gen_server:reply(From, ok),
-    {noreply, NewState#state{chunk = true, client = undefined,
-			     caller = undefined}};
+    case accept_data_connection(State) of
+	{ok, NewState} ->
+	    gen_server:reply(From, ok),
+	    {noreply, NewState#state{chunk = true, client = undefined,
+				     caller = undefined}};
+	{error, _Reason} = ERROR ->
+	    case State#state.client of
+		undefined ->
+		    {stop, ERROR, State};
+		From ->
+		    gen_server:reply(From, ERROR),
+		    {stop, normal, State#state{client = undefined}}
+	    end
+    end;
+
 %%--------------------------------------------------------------------------
 %% File handling - recv_file
 handle_ctrl_result({pos_prel, _}, #state{caller = {recv_file, _}} = State) ->
-    NewState = accept_data_connection(State),
-    activate_data_connection(NewState),
-    {noreply, NewState};
+    case accept_data_connection(State) of
+	{ok, NewState} ->
+	    activate_data_connection(NewState),
+	    {noreply, NewState};
+	{error, _Reason} = ERROR ->
+	    case State#state.client of
+		undefined ->
+		    {stop, ERROR, State};
+		From ->
+		    gen_server:reply(From, ERROR),
+		    {stop, normal, State#state{client = undefined}}
+	    end
+    end;
 
 handle_ctrl_result({Status, _}, #state{caller = {recv_file, Fd}} = State) ->
     file_close(Fd),
@@ -1800,17 +1854,38 @@ handle_ctrl_result({Status, _}, #state{caller = {recv_file, Fd}} = State) ->
 %% File handling - transfer_*
 handle_ctrl_result({pos_prel, _}, #state{caller = {transfer_file, Fd}} 
 		   = State) ->
-    NewState = accept_data_connection(State),
-    send_file(Fd, NewState); 
+    case accept_data_connection(State) of
+	{ok, NewState} ->
+	    send_file(Fd, NewState); 
+	{error, _Reason} = ERROR ->
+	    case State#state.client of
+		undefined ->
+		    {stop, ERROR, State};
+		From ->
+		    gen_server:reply(From, ERROR),
+		    {stop, normal, State#state{client = undefined}}
+	    end
+    end;
 
 handle_ctrl_result({pos_prel, _}, #state{caller = {transfer_data, Bin}} 
 		   = State) ->
-    NewState = accept_data_connection(State),
-    send_data_message(NewState, Bin),
-    close_data_connection(NewState),
-    activate_ctrl_connection(NewState),
-    {noreply, NewState#state{caller = transfer_data_second_phase,
-			     dsock = undefined}};
+    case accept_data_connection(State) of
+	{ok, NewState} ->
+	    send_data_message(NewState, Bin),
+	    close_data_connection(NewState),
+	    activate_ctrl_connection(NewState),
+	    {noreply, NewState#state{caller = transfer_data_second_phase,
+				     dsock = undefined}};
+	{error, _Reason} = ERROR ->
+	    case State#state.client of
+		undefined ->
+		    {stop, ERROR, State};
+		From ->
+		    gen_server:reply(From, ERROR),
+		    {stop, normal, State#state{client = undefined}}
+	    end
+    end;
+
 %%--------------------------------------------------------------------------
 %% Default
 handle_ctrl_result({Status, Lines}, #state{client = From} = State) 
@@ -2006,16 +2081,20 @@ connect2(Host, Port, IpFam, Timeout) ->
 	    Error
     end.
 	    
-		
 
-accept_data_connection(#state{mode = active,
-			      dsock = {lsock, LSock}} = State) ->
-    {ok, Socket} = gen_tcp:accept(LSock),
-    gen_tcp:close(LSock),
-    State#state{dsock = Socket};
+accept_data_connection(#state{mode     = active,
+			      dtimeout = DTimeout, 
+			      dsock    = {lsock, LSock}} = State) ->
+    case gen_tcp:accept(LSock, DTimeout) of
+	{ok, Socket} ->
+	    gen_tcp:close(LSock),
+	    {ok, State#state{dsock = Socket}};
+	{error, Reason} ->
+	    {error, {data_connect_failed, Reason}}
+    end;
 
 accept_data_connection(#state{mode = passive} = State) ->
-    State.
+    {ok, State}.
 
 send_ctrl_message(#state{csock = Socket, verbose = Verbose}, Message) ->
     %% io:format("send control message: ~n~p~n", [lists:flatten(Message)]),
diff --git a/lib/inets/src/http_client/Makefile b/lib/inets/src/http_client/Makefile
index 0397b48ab2..d490e59929 100644
--- a/lib/inets/src/http_client/Makefile
+++ b/lib/inets/src/http_client/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2005-2010. All Rights Reserved.
+# Copyright Ericsson AB 2005-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -41,7 +41,6 @@ RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
 # Target Specs
 # ----------------------------------------------------
 MODULES = \
-	http \
 	httpc \
 	httpc_cookie \
 	httpc_handler \
diff --git a/lib/inets/src/http_client/http.erl b/lib/inets/src/http_client/http.erl
deleted file mode 100644
index bbe2fec267..0000000000
--- a/lib/inets/src/http_client/http.erl
+++ /dev/null
@@ -1,132 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-%%
-
-%%% Description: OLD API MODULE - USE httpc INSTEAD
-
--module(http).
-
--deprecated({request,         1, next_major_release}).
--deprecated({request,         2, next_major_release}).
--deprecated({request,         4, next_major_release}).
--deprecated({request,         5, next_major_release}).
--deprecated({cancel_request,  1, next_major_release}).
--deprecated({cancel_request,  2, next_major_release}).
--deprecated({set_option,      2, next_major_release}).
--deprecated({set_option,      3, next_major_release}).
--deprecated({set_options,     1, next_major_release}).
--deprecated({set_options,     2, next_major_release}).
--deprecated({verify_cookies,  2, next_major_release}).
--deprecated({verify_cookies,  3, next_major_release}).
--deprecated({cookie_header,   1, next_major_release}).
--deprecated({cookie_header,   2, next_major_release}).
--deprecated({stream_next,     1, next_major_release}).
--deprecated({default_profile, 0, next_major_release}).
-
-%% Deprecated
--export([
-	 request/1, request/2, request/4, request/5,
-	 cancel_request/1, cancel_request/2,
-	 set_option/2, set_option/3,
-	 set_options/1, set_options/2,
-	 verify_cookies/2, verify_cookies/3, 
-	 cookie_header/1, cookie_header/2, 
-	 stream_next/1,
-	 default_profile/0
-	]).
-
-
-%%%=========================================================================
-%%%  API
-%%%=========================================================================
-
-%%--------------------------------------------------------------------------
-%% request(Url [, Profile]) ->
-%% request(Method, Request, HTTPOptions, Options [, Profile])
-%%--------------------------------------------------------------------------
-
-request(Url)          -> httpc:request(Url).
-request(Url, Profile) -> httpc:request(Url, Profile).
-
-request(Method, Request, HttpOptions, Options) ->
-    httpc:request(Method, Request, HttpOptions, Options). 
-request(Method, Request, HttpOptions, Options, Profile) ->
-    httpc:request(Method, Request, HttpOptions, Options, Profile). 
-
-
-%%--------------------------------------------------------------------------
-%% cancel_request(RequestId [, Profile])
-%%-------------------------------------------------------------------------
-
-cancel_request(RequestId) ->
-    httpc:cancel_request(RequestId).
-cancel_request(RequestId, Profile) ->
-    httpc:cancel_request(RequestId, Profile).
-
-
-%%--------------------------------------------------------------------------
-%% set_options(Options [, Profile])
-%% set_option(Key, Value [, Profile])
-%%-------------------------------------------------------------------------
-
-set_options(Options) ->
-    httpc:set_options(Options).
-set_options(Options, Profile) ->
-    httpc:set_options(Options, Profile).
-
-set_option(Key, Value) ->
-    httpc:set_option(Key, Value).
-set_option(Key, Value, Profile) ->
-    httpc:set_option(Key, Value, Profile).
-
-
-%%--------------------------------------------------------------------------
-%% verify_cookies(SetCookieHeaders, Url [, Profile])
-%%-------------------------------------------------------------------------
-
-verify_cookies(SetCookieHeaders, Url) ->
-    httpc:store_cookies(SetCookieHeaders, Url).
-verify_cookies(SetCookieHeaders, Url, Profile) ->
-    httpc:store_cookies(SetCookieHeaders, Url, Profile).
-
-
-%%--------------------------------------------------------------------------
-%% cookie_header(Url [, Profile])
-%%-------------------------------------------------------------------------
-
-cookie_header(Url) ->
-    httpc:cookie_header(Url).
-cookie_header(Url, Profile) ->
-    httpc:cookie_header(Url, Profile).
-
-
-%%--------------------------------------------------------------------------
-%% stream_next(Pid)
-%%-------------------------------------------------------------------------
-
-stream_next(Pid) ->
-    httpc:stream_next(Pid).
-
-
-%%--------------------------------------------------------------------------
-%% default_profile()
-%%-------------------------------------------------------------------------
-
-default_profile() ->
-    httpc:default_profile().
diff --git a/lib/inets/src/http_client/httpc.erl b/lib/inets/src/http_client/httpc.erl
index fe8e93af1f..ae87ceed93 100644
--- a/lib/inets/src/http_client/httpc.erl
+++ b/lib/inets/src/http_client/httpc.erl
@@ -34,7 +34,7 @@
 	 set_option/2, set_option/3,
 	 set_options/1, set_options/2,
 	 store_cookies/2, store_cookies/3, 
-	 cookie_header/1, cookie_header/2, 
+	 cookie_header/1, cookie_header/2, cookie_header/3, 
 	 which_cookies/0, which_cookies/1, 
 	 reset_cookies/0, reset_cookies/1, 
 	 stream_next/1,
@@ -105,7 +105,6 @@ request(Url, Profile) ->
 %%                   {ssl, SSLOptions} | {proxy_auth, {User, Password}}
 %%	Ssloptions = ssl_options() | 
 %%                   {ssl,  ssl_options()} | 
-%%                   {ossl, ssl_options()} | 
 %%                   {essl, ssl_options()}
 %%      ssl_options() = [ssl_option()]
 %%	ssl_option() =  {verify, code()} | 
@@ -142,7 +141,9 @@ request(Url, Profile) ->
 request(Method, Request, HttpOptions, Options) ->
     request(Method, Request, HttpOptions, Options, default_profile()). 
 
-request(Method, {Url, Headers}, HTTPOptions, Options, Profile) 
+request(Method, 
+	{Url, Headers}, 
+	HTTPOptions, Options, Profile) 
   when (Method =:= options) orelse 
        (Method =:= get) orelse 
        (Method =:= head) orelse 
@@ -155,15 +156,17 @@ request(Method, {Url, Headers}, HTTPOptions, Options, Profile)
 		      {http_options, HTTPOptions}, 
 		      {options,      Options}, 
 		      {profile,      Profile}]),
-    case http_uri:parse(Url) of
+    case http_uri:parse(Url, Options) of
 	{error, Reason} ->
 	    {error, Reason};
-	ParsedUrl ->
+	{ok, ParsedUrl} ->
 	    handle_request(Method, Url, ParsedUrl, Headers, [], [], 
 			   HTTPOptions, Options, Profile)
     end;
      
-request(Method, {Url,Headers,ContentType,Body}, HTTPOptions, Options, Profile) 
+request(Method, 
+	{Url, Headers, ContentType, Body}, 
+	HTTPOptions, Options, Profile) 
   when ((Method =:= post) orelse (Method =:= put)) andalso 
        (is_atom(Profile) orelse is_pid(Profile)) ->
     ?hcrt("request", [{method,       Method}, 
@@ -174,10 +177,10 @@ request(Method, {Url,Headers,ContentType,Body}, HTTPOptions, Options, Profile)
 		      {http_options, HTTPOptions}, 
 		      {options,      Options}, 
 		      {profile,      Profile}]),
-    case http_uri:parse(Url) of
+    case http_uri:parse(Url, Options) of
 	{error, Reason} ->
 	    {error, Reason};
-	ParsedUrl ->
+	{ok, ParsedUrl} ->
 	    handle_request(Method, Url, 
 			   ParsedUrl, Headers, ContentType, Body, 
 			   HTTPOptions, Options, Profile)
@@ -268,7 +271,10 @@ store_cookies(SetCookieHeaders, Url, Profile)
 			    {profile,            Profile}]),
     try 
 	begin
-	    {_, _, Host, Port, Path, _} = http_uri:parse(Url),
+	    %% Since the Address part is not actually used
+	    %% by the manager when storing cookies, we dont
+	    %% care about ipv6-host-with-brackets.
+	    {ok, {_, _, Host, Port, Path, _}} = http_uri:parse(Url),
 	    Address     = {Host, Port}, 
 	    ProfileName = profile_name(Profile),
 	    Cookies     = httpc_cookie:cookies(SetCookieHeaders, Path, Host),
@@ -284,25 +290,36 @@ store_cookies(SetCookieHeaders, Url, Profile)
 
 
 %%--------------------------------------------------------------------------
-%% cookie_header(Url [, Profile]) -> Header | {error, Reason}
-%%               
+%% cookie_header(Url) -> Header | {error, Reason}
+%% cookie_header(Url, Profile) -> Header | {error, Reason}
+%% cookie_header(Url, Opts,  Profile) -> Header | {error, Reason}
+%% 
 %% Description: Returns the cookie header that would be sent when making
 %% a request to <Url>.
 %%-------------------------------------------------------------------------
 cookie_header(Url) ->
     cookie_header(Url, default_profile()).
 
-cookie_header(Url, Profile) ->
+cookie_header(Url, Profile) when is_atom(Profile) orelse is_pid(Profile) ->
+    cookie_header(Url, [], Profile);
+cookie_header(Url, Opts) when is_list(Opts) ->
+    cookie_header(Url, Opts, default_profile()).
+
+cookie_header(Url, Opts, Profile) 
+  when (is_list(Opts) andalso (is_atom(Profile) orelse is_pid(Profile))) ->
     ?hcrt("cookie header", [{url,     Url},
+			    {opts,    Opts}, 
 			    {profile, Profile}]),
     try 
 	begin
-	    httpc_manager:which_cookies(Url, profile_name(Profile))
+	    httpc_manager:which_cookies(Url, Opts, profile_name(Profile))
 	end
     catch 
 	exit:{noproc, _} ->
 	    {error, {not_started, Profile}}
     end.
+    
+    
 
 
 %%--------------------------------------------------------------------------
@@ -465,6 +482,8 @@ handle_request(Method, Url,
 	    HeadersRecord = header_record(NewHeaders, Host2, HTTPOptions),
 	    Receiver      = proplists:get_value(receiver, Options),
 	    SocketOpts    = proplists:get_value(socket_opts, Options),
+	    BracketedHost = proplists:get_value(ipv6_host_with_brackets, 
+						Options),
 	    MaybeEscPath  = maybe_encode_uri(HTTPOptions, Path),
 	    MaybeEscQuery = maybe_encode_uri(HTTPOptions, Query),
 	    AbsUri        = maybe_encode_uri(HTTPOptions, Url),
@@ -483,7 +502,8 @@ handle_request(Method, Url,
 			       stream        = Stream, 
 			       headers_as_is = headers_as_is(Headers0, Options),
 			       socket_opts   = SocketOpts, 
-			       started       = Started},
+			       started       = Started,
+			       ipv6_host_with_brackets = BracketedHost},
 
 	    case httpc_manager:request(Request, profile_name(Profile)) of
 		{ok, RequestId} ->
@@ -644,8 +664,6 @@ http_options_default() ->
 		      {ok, {?HTTP_DEFAULT_SSL_KIND, Value}};
 		 ({ssl, SslOptions}) when is_list(SslOptions) ->
 		      {ok, {?HTTP_DEFAULT_SSL_KIND, SslOptions}};
-		 ({ossl, SslOptions}) when is_list(SslOptions) ->
-		      {ok, {ossl, SslOptions}};
 		 ({essl, SslOptions}) when is_list(SslOptions) ->
 		      {ok, {essl, SslOptions}};
 		 (_) ->
@@ -742,14 +760,17 @@ request_options_defaults() ->
 		error
 	end,
 
+    VerifyBrackets = VerifyBoolean, 
+
     [
-     {sync,          true,      VerifySync}, 
-     {stream,        none,      VerifyStream},
-     {body_format,   string,    VerifyBodyFormat},
-     {full_result,   true,      VerifyFullResult},
-     {headers_as_is, false,     VerifyHeaderAsIs},
-     {receiver,      self(),    VerifyReceiver},
-     {socket_opts,   undefined, VerifySocketOpts}
+     {sync,                    true,      VerifySync}, 
+     {stream,                  none,      VerifyStream},
+     {body_format,             string,    VerifyBodyFormat},
+     {full_result,             true,      VerifyFullResult},
+     {headers_as_is,           false,     VerifyHeaderAsIs},
+     {receiver,                self(),    VerifyReceiver},
+     {socket_opts,             undefined, VerifySocketOpts},
+     {ipv6_host_with_brackets, false,     VerifyBrackets}
     ]. 
 
 request_options(Options) ->
diff --git a/lib/inets/src/http_client/httpc_handler.erl b/lib/inets/src/http_client/httpc_handler.erl
index 7784060a2b..bfe9b14ef6 100644
--- a/lib/inets/src/http_client/httpc_handler.erl
+++ b/lib/inets/src/http_client/httpc_handler.erl
@@ -763,7 +763,7 @@ deliver_answer(Request) ->
 code_change(_, 
 	    #state{session      = OldSession, 
 		   profile_name = ProfileName} = State, 
-	    upgrade_from_pre_5_7_3) ->
+	    upgrade_from_pre_5_8_1) ->
     case OldSession of
 	{session, 
 	 Id, ClientClose, Scheme, Socket, SocketType, QueueLen, Type} ->
@@ -783,7 +783,7 @@ code_change(_,
 code_change(_, 
 	    #state{session      = OldSession, 
 		   profile_name = ProfileName} = State, 
-	    downgrade_to_pre_5_7_3) ->
+	    downgrade_to_pre_5_8_1) ->
     case OldSession of
 	#session{id           = Id, 
 		 client_close = ClientClose, 
diff --git a/lib/inets/src/http_client/httpc_internal.hrl b/lib/inets/src/http_client/httpc_internal.hrl
index 3261061d61..8af752546c 100644
--- a/lib/inets/src/http_client/httpc_internal.hrl
+++ b/lib/inets/src/http_client/httpc_internal.hrl
@@ -90,25 +90,28 @@
 %%% All data associated to a specific HTTP request
 -record(request,
 	{
-	 id,            % ref() - Request Id
-	 from,          % pid() - Caller
-	 redircount = 0,% Number of redirects made for this request
-	 scheme,        % http | https 
-	 address,       % ({Host,Port}) Destination Host and Port
-	 path,          % string() - Path of parsed URL
-	 pquery,        % string() - Rest of parsed URL
-	 method,        % atom() - HTTP request Method
-	 headers,       % #http_request_h{}
-	 content,       % {ContentType, Body} - Current HTTP request
-	 settings,      % #http_options{} - User defined settings
-	 abs_uri,       % string() ex: "http://www.erlang.org"
-	 userinfo,      % string() - optinal "<userinfo>@<host>:<port>"
-	 stream,	% Boolean() - stream async reply?
-	 headers_as_is, % Boolean() - workaround for servers that does
-			% not honor the http standard, can also be used for testing purposes.
-	 started,       % integer() > 0 - When we started processing the request
-	 timer,         % undefined | ref()
-	 socket_opts    % undefined | [socket_option()]
+	  id,            % ref() - Request Id
+	  from,          % pid() - Caller
+	  redircount = 0,% Number of redirects made for this request
+	  scheme,        % http | https 
+	  address,       % ({Host,Port}) Destination Host and Port
+	  path,          % string() - Path of parsed URL
+	  pquery,        % string() - Rest of parsed URL
+	  method,        % atom() - HTTP request Method
+	  headers,       % #http_request_h{}
+	  content,       % {ContentType, Body} - Current HTTP request
+	  settings,      % #http_options{} - User defined settings
+	  abs_uri,       % string() ex: "http://www.erlang.org"
+	  userinfo,      % string() - optinal "<userinfo>@<host>:<port>"
+	  stream,	 % boolean() - stream async reply?
+	  headers_as_is, % boolean() - workaround for servers that does
+			 % not honor the http standard, can also be used 
+			 % for testing purposes.
+	  started,       % integer() > 0 - When we started processing the 
+			 % request
+	  timer,         % undefined | ref()
+	  socket_opts,   % undefined | [socket_option()]
+	  ipv6_host_with_brackets % boolean()
 	}
        ).               
 
diff --git a/lib/inets/src/http_client/httpc_manager.erl b/lib/inets/src/http_client/httpc_manager.erl
index 3d846c2bff..453081da21 100644
--- a/lib/inets/src/http_client/httpc_manager.erl
+++ b/lib/inets/src/http_client/httpc_manager.erl
@@ -38,7 +38,7 @@
 	 delete_session/2, 
 	 set_options/2, 
 	 store_cookies/3,
-	 which_cookies/1, which_cookies/2, 
+	 which_cookies/1, which_cookies/2, which_cookies/3, 
 	 reset_cookies/1, 
 	 session_type/1,
 	 info/1
@@ -278,19 +278,29 @@ reset_cookies(ProfileName) ->
 
 
 %%--------------------------------------------------------------------
-%% Function: which_cookies(Url, ProfileName) -> [cookie()]
+%% Function: which_cookies(ProfileName)               -> [cookie()]
+%%           which_cookies(Url, ProfileName)          -> [cookie()]
+%%           which_cookies(Url, Options, ProfileName) -> [cookie()]
 %%
 %%	Url = string()
+%%	Options = [option()]
 %%      ProfileName = atom()
+%%      option() = {ipv6_host_with_brackets, boolean()}
 %%
 %% Description: Retrieves the cookies that would be sent when 
 %% requesting <Url>.
 %%--------------------------------------------------------------------
 
-which_cookies(ProfileName) ->
+which_cookies(ProfileName) when is_atom(ProfileName) ->
     call(ProfileName, which_cookies).
-which_cookies(Url, ProfileName) ->
-    call(ProfileName, {which_cookies, Url}).
+
+which_cookies(Url, ProfileName) 
+  when is_list(Url) andalso is_atom(ProfileName) ->
+    which_cookies(Url, [], ProfileName).
+
+which_cookies(Url, Options, ProfileName) 
+  when is_list(Url) andalso is_list(Options) andalso is_atom(ProfileName) ->
+    call(ProfileName, {which_cookies, Url, Options}).
 
 
 %%--------------------------------------------------------------------
@@ -417,15 +427,16 @@ handle_call(which_cookies, _, #state{cookie_db = CookieDb} = State) ->
     CookieHeaders = httpc_cookie:which_cookies(CookieDb),
     {reply, CookieHeaders, State};
 
-handle_call({which_cookies, Url}, _, #state{cookie_db = CookieDb} = State) ->
-    ?hcrv("which cookies", [{url, Url}]),
-    case http_uri:parse(Url) of
-	{Scheme, _, Host, Port, Path, _} ->
+handle_call({which_cookies, Url, Options}, _, 
+	    #state{cookie_db = CookieDb} = State) ->
+    ?hcrv("which cookies", [{url, Url}, {options, Options}]),
+    case http_uri:parse(Url, Options) of
+	{ok, {Scheme, _, Host, Port, Path, _}} ->
 	    CookieHeaders = 
 		httpc_cookie:header(CookieDb, Scheme, {Host, Port}, Path),
 	    {reply, CookieHeaders, State};
-	Msg ->
-	    {reply, Msg, State}
+	{error, _} = ERROR ->
+	    {reply, ERROR, State}
     end;
 
 handle_call(info, _, State) ->
@@ -572,7 +583,7 @@ terminate(_, State) ->
 %%--------------------------------------------------------------------
 code_change(_, 
 	    #state{session_db = SessionDB} = State, 
-	    upgrade_from_pre_5_7_3) ->
+	    upgrade_from_pre_5_8_1) ->
     Upgrade = 
 	fun({session, 
 	     Id, ClientClose, Scheme, Socket, SocketType, QueueLen, Type}) ->
@@ -591,7 +602,7 @@ code_change(_,
 
 code_change(_, 
 	    #state{session_db = SessionDB} = State, 
-	    downgrade_to_pre_5_7_3) ->
+	    downgrade_to_pre_5_8_1) ->
     Downgrade = 
 	fun(#session{id           = Id, 
 		     client_close = ClientClose, 
diff --git a/lib/inets/src/http_client/httpc_response.erl b/lib/inets/src/http_client/httpc_response.erl
index 207b96271c..919115a23a 100644
--- a/lib/inets/src/http_client/httpc_response.erl
+++ b/lib/inets/src/http_client/httpc_response.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -340,7 +340,9 @@ redirect(Response = {StatusLine, Headers, Body}, Request) ->
 	undefined ->
 	    transparent(Response, Request);
 	RedirUrl ->
-	    case http_uri:parse(RedirUrl) of
+	    UrlParseOpts = [{ipv6_host_with_brackets, 
+			     Request#request.ipv6_host_with_brackets}], 
+	    case http_uri:parse(RedirUrl, UrlParseOpts) of
 		{error, no_scheme} when
 		(Request#request.settings)#http_options.relaxed ->
 		    NewLocation = fix_relative_uri(Request, RedirUrl),
@@ -350,10 +352,9 @@ redirect(Response = {StatusLine, Headers, Body}, Request) ->
 		{error, Reason} ->
 		    {ok, error(Request, Reason), Data};
 		%% Automatic redirection
-		{Scheme, _, Host, Port, Path,  Query} -> 
+		{ok, {Scheme, _, Host, Port, Path,  Query}} -> 
 		    NewHeaders = 
-			(Request#request.headers)#http_request_h{host = 
-								 Host},
+			(Request#request.headers)#http_request_h{host = Host},
 		    NewRequest = 
 			Request#request{redircount = 
 					Request#request.redircount+1,
diff --git a/lib/inets/src/http_lib/http_internal.hrl b/lib/inets/src/http_lib/http_internal.hrl
index 2e924667c6..97cf474ab9 100644
--- a/lib/inets/src/http_lib/http_internal.hrl
+++ b/lib/inets/src/http_lib/http_internal.hrl
@@ -28,7 +28,6 @@
 -define(HTTP_MAX_URI_SIZE,    nolimit).
 
 -ifndef(HTTP_DEFAULT_SSL_KIND).
-%% -define(HTTP_DEFAULT_SSL_KIND, ossl).
 -define(HTTP_DEFAULT_SSL_KIND, essl).
 -endif. % -ifdef(HTTP_DEFAULT_SSL_KIND).
 
diff --git a/lib/inets/src/http_lib/http_transport.erl b/lib/inets/src/http_lib/http_transport.erl
index 9b8190ebed..5eb827032f 100644
--- a/lib/inets/src/http_lib/http_transport.erl
+++ b/lib/inets/src/http_lib/http_transport.erl
@@ -62,8 +62,6 @@ start(ip_comm) ->
 %% This is just for backward compatibillity
 start({ssl, _}) ->
     do_start_ssl();
-start({ossl, _}) ->
-    do_start_ssl();
 start({essl, _}) ->
     do_start_ssl().
 
@@ -126,22 +124,6 @@ connect(ip_comm = _SocketType, {Host, Port}, Opts0, Timeout)
 connect({ssl, SslConfig}, Address, Opts, Timeout) ->
     connect({?HTTP_DEFAULT_SSL_KIND, SslConfig}, Address, Opts, Timeout);
 
-connect({ossl, SslConfig}, {Host, Port}, _, Timeout) ->
-    Opts = [binary, {active, false}, {ssl_imp, old}] ++ SslConfig,
-    ?hlrt("connect using ossl", 
-	  [{host,       Host}, 
-	   {port,       Port}, 
-	   {ssl_config, SslConfig}, 
-	   {timeout,    Timeout}]),
-    case (catch ssl:connect(Host, Port, Opts, Timeout)) of
-	{'EXIT', Reason} ->
-	    {error, {eoptions, Reason}};
-	{ok, _} = OK ->
-	    OK;
-	{error, _} = ERROR ->
-	    ERROR
-    end;
-
 connect({essl, SslConfig}, {Host, Port}, Opts0, Timeout) -> 
     Opts = [binary, {active, false}, {ssl_imp, new} | Opts0] ++ SslConfig,
     ?hlrt("connect using essl", 
@@ -187,13 +169,6 @@ listen({ssl, SSLConfig}, Addr, Port) ->
 	   {ssl_config, SSLConfig}]),
     listen({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Addr, Port);
 
-listen({ossl, SSLConfig}, Addr, Port) ->
-    ?hlrt("listen (ossl)", 
-	  [{addr,       Addr}, 
-	   {port,       Port}, 
-	   {ssl_config, SSLConfig}]),
-    listen_ssl(Addr, Port, [{ssl_imp, old} | SSLConfig]);
-
 listen({essl, SSLConfig}, Addr, Port) ->
     ?hlrt("listen (essl)", 
 	  [{addr,       Addr}, 
@@ -353,8 +328,6 @@ accept(ip_comm, ListenSocket, Timeout) ->
 accept({ssl, SSLConfig}, ListenSocket, Timeout) ->
     accept({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, ListenSocket, Timeout);
 
-accept({ossl, _SSLConfig}, ListenSocket, Timeout) ->
-    ssl:transport_accept(ListenSocket, Timeout);
 accept({essl, _SSLConfig}, ListenSocket, Timeout) ->
     ssl:transport_accept(ListenSocket, Timeout).
 
@@ -374,9 +347,6 @@ controlling_process(ip_comm, Socket, NewOwner) ->
 controlling_process({ssl, SSLConfig}, Socket, NewOwner) ->
     controlling_process({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket, NewOwner);
 
-controlling_process({ossl, _}, Socket, NewOwner) ->
-    ssl:controlling_process(Socket, NewOwner);
-
 controlling_process({essl, _}, Socket, NewOwner) ->
     ssl:controlling_process(Socket, NewOwner).
 
@@ -397,13 +367,6 @@ setopts(ip_comm, Socket, Options) ->
 setopts({ssl, SSLConfig}, Socket, Options) ->
     setopts({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket, Options);
 
-setopts({ossl, _}, Socket, Options) ->
-    ?hlrt("[o]ssl setopts", [{socket, Socket}, {options, Options}]),
-    Reason = (catch ssl:setopts(Socket, Options)),
-    ?hlrt("[o]ssl setopts result", [{reason, Reason}]),
-    Reason;
-	
-
 setopts({essl, _}, Socket, Options) ->
     ?hlrt("[e]ssl setopts", [{socket, Socket}, {options, Options}]),
     Reason = (catch ssl:setopts(Socket, Options)),
@@ -435,10 +398,6 @@ getopts(ip_comm, Socket, Options) ->
 getopts({ssl, SSLConfig}, Socket, Options) ->
     getopts({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket, Options);
 
-getopts({ossl, _}, Socket, Options) ->
-    ?hlrt("ssl getopts", [{socket, Socket}, {options, Options}]),
-    getopts_ssl(Socket, Options);
-
 getopts({essl, _}, Socket, Options) ->
     ?hlrt("essl getopts", [{socket, Socket}, {options, Options}]),
     getopts_ssl(Socket, Options).
@@ -472,9 +431,6 @@ getstat(ip_comm = _SocketType, Socket) ->
 getstat({ssl, SSLConfig}, Socket) ->
     getstat({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket);
 
-getstat({ossl, _} = _SocketType, _Socket) ->
-    [];
-
 getstat({essl, _} = _SocketType, _Socket) ->
     [].
 
@@ -493,9 +449,6 @@ send(ip_comm, Socket, Message) ->
 send({ssl, SSLConfig}, Socket, Message) ->
     send({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket, Message);
 
-send({ossl, _}, Socket, Message) ->
-    ssl:send(Socket, Message);
-
 send({essl, _}, Socket, Message) ->
     ssl:send(Socket, Message).
 
@@ -514,9 +467,6 @@ close(ip_comm, Socket) ->
 close({ssl, SSLConfig}, Socket) ->
     close({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket);
 
-close({ossl, _}, Socket) ->
-    ssl:close(Socket);
-
 close({essl, _}, Socket) ->
     ssl:close(Socket).
 
@@ -538,9 +488,6 @@ peername(ip_comm, Socket) ->
 peername({ssl, SSLConfig}, Socket) ->
     peername({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket);
 
-peername({ossl, _}, Socket) ->
-    do_peername(ssl:peername(Socket));
-
 peername({essl, _}, Socket) ->
     do_peername(ssl:peername(Socket)).
 
@@ -573,9 +520,6 @@ sockname(ip_comm, Socket) ->
 sockname({ssl, SSLConfig}, Socket) ->
     sockname({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket);
 
-sockname({ossl, _}, Socket) ->
-    do_sockname(ssl:sockname(Socket));
-
 sockname({essl, _}, Socket) ->
     do_sockname(ssl:sockname(Socket)).
 
@@ -651,9 +595,6 @@ negotiate(ip_comm,_,_) ->
 negotiate({ssl, SSLConfig}, Socket, Timeout) ->
     ?hlrt("negotiate(ssl)", []),
     negotiate({?HTTP_DEFAULT_SSL_KIND, SSLConfig}, Socket, Timeout);
-negotiate({ossl, _}, Socket, Timeout) ->
-    ?hlrt("negotiate(ossl)", []),
-    negotiate_ssl(Socket, Timeout);
 negotiate({essl, _}, Socket, Timeout) ->
     ?hlrt("negotiate(essl)", []),
     negotiate_ssl(Socket, Timeout).
diff --git a/lib/inets/src/http_lib/http_uri.erl b/lib/inets/src/http_lib/http_uri.erl
index 607475c359..32c6305a79 100644
--- a/lib/inets/src/http_lib/http_uri.erl
+++ b/lib/inets/src/http_lib/http_uri.erl
@@ -16,25 +16,30 @@
 %%
 %% %CopyrightEnd%
 %%
-%%
+%% 
+%% RFC 3986
+%% 
 
 -module(http_uri).
 
--export([parse/1]).
--export([encode/1, decode/1]).
+-export([parse/1, parse/2, 
+	 encode/1, decode/1]).
 
 
 %%%=========================================================================
 %%%  API
 %%%=========================================================================
 parse(AbsURI) ->
+    parse(AbsURI, []).
+
+parse(AbsURI, Opts) ->
     case parse_scheme(AbsURI) of
 	{error, Reason} ->
 	    {error, Reason};
 	{Scheme, Rest} ->
-	    case (catch parse_uri_rest(Scheme, Rest)) of
+	    case (catch parse_uri_rest(Scheme, Rest, Opts)) of
 		{UserInfo, Host, Port, Path, Query} ->
-		    {Scheme, UserInfo, Host, Port, Path, Query};
+		    {ok, {Scheme, UserInfo, Host, Port, Path, Query}};
 		_  ->
 		    {error, {malformed_url, AbsURI}}
 	    end
@@ -68,15 +73,14 @@ parse_scheme(AbsURI) ->
 	    {error, no_scheme};
 	{StrScheme, Rest} ->
 	    case list_to_atom(http_util:to_lower(StrScheme)) of
-		Scheme when Scheme == http; Scheme == https ->
+		Scheme when (Scheme =:= http) orelse (Scheme =:= https) ->
 		    {Scheme, Rest};
 		Scheme ->
 		    {error, {not_supported_scheme, Scheme}}
 	    end
     end.
 
-parse_uri_rest(Scheme, "//" ++ URIPart) ->
-
+parse_uri_rest(Scheme, "//" ++ URIPart, Opts) ->
     {Authority, PathQuery} =
 	case split_uri(URIPart, "/", URIPart, 1, 0) of
 	    Split = {_, _} ->
@@ -91,8 +95,8 @@ parse_uri_rest(Scheme, "//" ++ URIPart) ->
 	end,
 
     {UserInfo, HostPort} = split_uri(Authority, "@", {"", Authority}, 1, 1),
-    {Host, Port} = parse_host_port(Scheme, HostPort),
-    {Path, Query} = parse_path_query(PathQuery),
+    {Host, Port}         = parse_host_port(Scheme, HostPort, Opts),
+    {Path, Query}        = parse_path_query(PathQuery),
     {UserInfo, Host, Port, Path, Query}.
 
 
@@ -100,13 +104,14 @@ parse_path_query(PathQuery) ->
     {Path, Query} =  split_uri(PathQuery, "\\?", {PathQuery, ""}, 1, 0),
     {path(Path), Query}.
 
-parse_host_port(Scheme,"[" ++ HostPort) -> %ipv6
+parse_host_port(Scheme,"[" ++ HostPort, Opts) -> %ipv6
     DefaultPort = default_port(Scheme),
     {Host, ColonPort} = split_uri(HostPort, "\\]", {HostPort, ""}, 1, 1),
+    Host2 = maybe_ipv6_host_with_brackets(Host, Opts),
     {_, Port} = split_uri(ColonPort, ":", {"", DefaultPort}, 0, 1),
-    {Host, int_port(Port)};
+    {Host2, int_port(Port)};
 
-parse_host_port(Scheme, HostPort) ->
+parse_host_port(Scheme, HostPort, _Opts) ->
     DefaultPort = default_port(Scheme),
     {Host, Port} = split_uri(HostPort, ":", {HostPort, DefaultPort}, 1, 1),
     {Host, int_port(Port)}.
@@ -120,6 +125,14 @@ split_uri(UriPart, SplitChar, NoMatchResult, SkipLeft, SkipRight) ->
 	    NoMatchResult
     end.
 
+maybe_ipv6_host_with_brackets(Host, Opts) ->
+    case lists:keysearch(ipv6_host_with_brackets, 1, Opts) of
+	{value, {ipv6_host_with_brackets, true}} ->
+	    "[" ++ Host ++ "]";
+	_ ->
+	    Host
+    end.
+
 default_port(http) ->
     80;
 default_port(https) ->
diff --git a/lib/inets/src/http_server/httpd_acceptor.erl b/lib/inets/src/http_server/httpd_acceptor.erl
index bcebb6a9e3..08ee9ee0d0 100644
--- a/lib/inets/src/http_server/httpd_acceptor.erl
+++ b/lib/inets/src/http_server/httpd_acceptor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -139,11 +139,11 @@ acceptor_loop(Manager, SocketType, ListenSocket, ConfigDb, AcceptTimeout) ->
 	    handle_error(Reason, ConfigDb),
 	    ?MODULE:acceptor_loop(Manager, SocketType, ListenSocket, 
 				  ConfigDb, AcceptTimeout);
-	{'EXIT', _Reason} = EXIT ->
-	    ?hdri("accept exited", [{reason, _Reason}]),
-	    handle_error(EXIT, ConfigDb),
-	    ?MODULE:acceptor_loop(Manager, SocketType, ListenSocket, 
-				  ConfigDb, AcceptTimeout)
+	{'EXIT', Reason} ->
+	    ?hdri("accept exited", [{reason, Reason}]),
+	    ReasonString = 
+		lists:flatten(io_lib:format("Accept exit: ~p", [Reason])),
+	    accept_failed(ConfigDb, ReasonString)
     end.
 
 
@@ -189,15 +189,13 @@ handle_error(esslaccept, _) ->
     %% not write an error message.
     ok;
 
-handle_error({'EXIT', Reason}, ConfigDb) ->
-    String = lists:flatten(io_lib:format("Accept exit: ~p", [Reason])),
-    accept_failed(ConfigDb, String);
-
 handle_error(Reason, ConfigDb) ->
     String = lists:flatten(io_lib:format("Accept error: ~p", [Reason])),
     accept_failed(ConfigDb, String).
 
--spec accept_failed(_, string()) -> no_return(). 
+
+-spec accept_failed(ConfigDB     :: term(), 
+		    ReasonString :: string()) -> no_return(). 
 
 accept_failed(ConfigDb, String) ->
     error_logger:error_report(String),
diff --git a/lib/inets/src/http_server/httpd_conf.erl b/lib/inets/src/http_server/httpd_conf.erl
index 5352eb8bb9..7646300409 100644
--- a/lib/inets/src/http_server/httpd_conf.erl
+++ b/lib/inets/src/http_server/httpd_conf.erl
@@ -219,9 +219,8 @@ load("ServerName " ++ ServerName, []) ->
 
 load("SocketType " ++ SocketType, []) ->
     %% ssl is the same as HTTP_DEFAULT_SSL_KIND
-    %% ossl is ssl based on OpenSSL (the "old" ssl)
     %% essl is the pure Erlang-based ssl (the "new" ssl)
-    case check_enum(clean(SocketType), ["ssl", "ossl", "essl", "ip_comm"]) of
+    case check_enum(clean(SocketType), ["ssl", "essl", "ip_comm"]) of
 	{ok, ValidSocketType} ->
 	    {ok, [], {socket_type, ValidSocketType}};
 	{error,_} ->
@@ -541,7 +540,6 @@ validate_config_params([{server_name, Value} | _]) ->
 validate_config_params([{socket_type, Value} | Rest]) 
   when (Value =:= ip_comm) orelse 
        (Value =:= ssl) orelse 
-       (Value =:= ossl) orelse 
        (Value =:= essl) ->
     validate_config_params(Rest);
 validate_config_params([{socket_type, Value} | _]) ->
@@ -811,7 +809,7 @@ lookup_socket_type(ConfigDB) ->
     case httpd_util:lookup(ConfigDB, socket_type, ip_comm) of
 	ip_comm ->
 	    ip_comm;
-	SSL when (SSL =:= ssl) orelse (SSL =:= ossl) orelse (SSL =:= essl) ->
+	SSL when (SSL =:= ssl) orelse (SSL =:= essl) ->
 	    SSLTag = 
 		if
 		    (SSL =:= ssl) ->
diff --git a/lib/inets/src/http_server/httpd_log.erl b/lib/inets/src/http_server/httpd_log.erl
index db1e2c627a..60ab326a20 100644
--- a/lib/inets/src/http_server/httpd_log.erl
+++ b/lib/inets/src/http_server/httpd_log.erl
@@ -24,68 +24,110 @@
 -export([access_entry/8, error_entry/5, error_report_entry/5, 
 	 security_entry/5]).
 
+
 %%%=========================================================================
 %%%  Internal Application API 
 %%%=========================================================================
-access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, Bytes) ->
-    ConfigDB = Info#mod.config_db,
-    case httpd_util:lookup(ConfigDB, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	    {_, RemoteHost}
-		= (Info#mod.init_data)#init_data.peername,
-	    RequestLine = Info#mod.request_line,
-	    Headers =  Info#mod.parsed_header,
-	    Entry = do_access_entry(ConfigDB, Headers, RequestLine, 
-				    RemoteHost, RFC931, AuthUser,
-				    Date, StatusCode, Bytes),
-	    {LogRef, Entry}
-    end.
 
-error_entry(Log, NoLog, Info, Date, Reason) ->
-    ConfigDB = Info#mod.config_db,
-    case httpd_util:lookup(ConfigDB, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	    {_, RemoteHost} =
-		(Info#mod.init_data)#init_data.peername,
-	    URI = Info#mod.request_uri,
-	    Entry = do_error_entry(ConfigDB, RemoteHost, URI, Date, Reason), 
-	    {LogRef, Entry}
-    end.
+-spec access_entry(Log        :: term(), % Id of the log
+		   NoLog      :: term(), % What to return when no log is found
+		   Info       :: #mod{},
+		   RFC931     :: string(),
+		   AuthUser   :: string(), 
+		   Date       :: string(), 
+		   StatusCode :: pos_integer(),
+		   Size       :: pos_integer() | string()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, SizeStr) 
+  when is_list(SizeStr) ->
+    Size = 
+	case (catch list_to_integer(SizeStr)) of
+	    I when is_integer(I) ->
+		I;
+	    _ ->
+		SizeStr % This is better then nothing
+	end,
+    access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, Size);
+access_entry(Log, NoLog, 
+	     #mod{config_db     = ConfigDB, 
+		  init_data     = #init_data{peername = {_, RemoteHost}}, 
+		  request_line  = RequestLine,
+		  parsed_header = Headers}, 
+	     RFC931, AuthUser, Date, StatusCode, Size) ->
+    MakeEntry = 
+	fun() ->
+		do_access_entry(ConfigDB, Headers, RequestLine, 
+				RemoteHost, RFC931, AuthUser,
+				Date, StatusCode, Size)
+	end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+-spec error_entry(Log    :: term(), % Id of the log
+		  NoLog  :: term(), % What to return when no log is found
+		  Info   :: #mod{},
+		  Date   :: string(), 
+		  Reason :: term()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+error_entry(Log, NoLog, 
+	    #mod{config_db   = ConfigDB,
+		 init_data   = #init_data{peername = {_, RemoteHost}}, 
+		 request_uri = URI}, Date, Reason) ->
+    MakeEntry = 
+	fun() ->
+		do_error_entry(ConfigDB, RemoteHost, URI, Date, Reason)	
+	end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+-spec error_report_entry(Log      :: term(), 
+			 NoLog    :: term(), 
+			 ConfigDB :: term(),
+			 Date     :: string(), 
+			 ErrroStr :: string()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
 
 error_report_entry(Log, NoLog, ConfigDb, Date, ErrorStr) ->
-    case httpd_util:lookup(ConfigDb, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	     Entry = io_lib:format("[~s], ~s~n", [Date, ErrorStr]),
-	     {LogRef, Entry}
-     end.
+    MakeEntry = fun() -> io_lib:format("[~s], ~s~n", [Date, ErrorStr]) end,
+    log_entry(Log, NoLog, ConfigDb, MakeEntry).
+
 
-security_entry(Log, NoLog, #mod{config_db = ConfigDb}, Date, Reason) ->
+-spec security_entry(Log      :: term(), 
+		     NoLog    :: term(), 
+		     ConfigDB :: term(),
+		     Date     :: string(), 
+		     Reason   :: term()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+security_entry(Log, NoLog, #mod{config_db = ConfigDB}, Date, Reason) ->
+    MakeEntry = fun() -> io_lib:format("[~s] ~s~n", [Date, Reason]) end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+log_entry(Log, NoLog, ConfigDb, MakeEntry) when is_function(MakeEntry) ->
     case httpd_util:lookup(ConfigDb, Log) of
 	undefined ->
 	    NoLog;
 	LogRef ->
-	    Entry = io_lib:format("[~s] ~s~n", [Date, Reason]),
-	    {LogRef, Entry}
+	    {LogRef, MakeEntry()}
     end.
-
+   
+    
 %%%========================================================================
 %%% Internal functions
 %%%========================================================================
+
 do_access_entry(ConfigDB, Headers, RequestLine,
-	     RemoteHost, RFC931, AuthUser, Date, StatusCode,
-	     Bytes) ->
+		RemoteHost, RFC931, AuthUser, Date, StatusCode,
+		Size) ->
     case httpd_util:lookup(ConfigDB, log_format, common) of
 	common ->
 	    lists:flatten(io_lib:format("~s ~s ~s [~s] \"~s\" ~w ~w~n",
 			  [RemoteHost, RFC931, AuthUser, Date,
 			   RequestLine, 
-			   StatusCode, Bytes]));
+			   StatusCode, Size]));
 	combined ->
 	    Referer = 
 		proplists:get_value("referer", Headers, "-"),
@@ -94,7 +136,7 @@ do_access_entry(ConfigDB, Headers, RequestLine,
 				    Headers, "-"),
 	    io_lib:format("~s ~s ~s [~s] \"~s\" ~w ~w ~s ~s~n",
 			  [RemoteHost, RFC931, AuthUser, Date,
-			   RequestLine, StatusCode, Bytes, 
+			   RequestLine, StatusCode, Size, 
 			   Referer, UserAgent])
     end.
 
diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl
index d2f22fce93..b62c10bbc7 100644
--- a/lib/inets/src/http_server/httpd_request_handler.erl
+++ b/lib/inets/src/http_server/httpd_request_handler.erl
@@ -162,7 +162,14 @@ continue_init(Manager, ConfigDB, SocketType, Socket, TimeOut) ->
 %%                                      {stop, Reason, State}
 %% Description: Handling call messages
 %%--------------------------------------------------------------------
-handle_call(Request, From, State) ->
+handle_call(Request, From, #state{mod = ModData} = State) ->
+    Error = 
+	lists:flatten(
+	  io_lib:format("Unexpected request: "
+			"~n~p"
+			"~nto request handler (~p) from ~p"
+			"~n", [Request, self(), From])),
+    error_log(Error, ModData),
     {stop, {call_api_violation, Request, From}, State}.
 
 %%--------------------------------------------------------------------
@@ -171,8 +178,15 @@ handle_call(Request, From, State) ->
 %%                                      {stop, Reason, State}
 %% Description: Handling cast messages
 %%--------------------------------------------------------------------
-handle_cast(Msg, State) ->
-    {reply, {cast_api_violation, Msg}, State}.
+handle_cast(Msg, #state{mod = ModData} = State) ->
+    Error = 
+	lists:flatten(
+	  io_lib:format("Unexpected message: "
+			"~n~p"
+			"~nto request handler (~p)"
+			"~n", [Msg, self()])),
+    error_log(Error, ModData),
+    {noreply, State}.
 
 %%--------------------------------------------------------------------
 %% handle_info(Info, State) -> {noreply, State} |
@@ -253,7 +267,10 @@ handle_info(timeout, #state{mod = ModData} = State) ->
 %% Default case
 handle_info(Info, #state{mod = ModData} = State) ->
     Error = lists:flatten(
-	      io_lib:format("Unexpected message received: ~n~p~n", [Info])),
+	      io_lib:format("Unexpected info: "
+			    "~n~p"
+			    "~nto request handler (~p)"
+			    "~n", [Info, self()])),
     error_log(Error, ModData),
     {noreply, State}.
 
diff --git a/lib/inets/src/http_server/mod_log.erl b/lib/inets/src/http_server/mod_log.erl
index c8a2ec0dc4..a912f5616c 100644
--- a/lib/inets/src/http_server/mod_log.erl
+++ b/lib/inets/src/http_server/mod_log.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -100,7 +100,7 @@ do(Info) ->
 		    transfer_log(Info,"-",AuthUser,Date,StatusCode,Size),
 		    {proceed,Info#mod.data};
 		{response, Head, _Body} ->
-		    Size = proplists:get_value(content_length,Head,unknown),
+                    Size = content_length(Head),
 		    Code = proplists:get_value(code,Head,unknown),
 		    transfer_log(Info, "-", AuthUser, Date, Code, Size),
 		    {proceed, Info#mod.data};
@@ -254,4 +254,10 @@ auth_user(Data) ->
 	    RemoteUser
     end.
 
-
+content_length(Head) ->
+    case proplists:get_value(content_length, Head) of
+        undefined ->
+            unknown;
+        Size ->
+            list_to_integer(Size)
+    end.
diff --git a/lib/inets/src/http_server/mod_responsecontrol.erl b/lib/inets/src/http_server/mod_responsecontrol.erl
index 989f45db20..6af5f6211e 100644
--- a/lib/inets/src/http_server/mod_responsecontrol.erl
+++ b/lib/inets/src/http_server/mod_responsecontrol.erl
@@ -211,7 +211,7 @@ compare_etags(Tag,Etags) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%                                                                  %%
-%% Control if the file is modificated                               %%
+%% Control if the file is modified                                  %%
 %%                                                                  %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%	    
 
diff --git a/lib/inets/src/inets_app/Makefile b/lib/inets/src/inets_app/Makefile
index 20e22917e2..d99e33b4ea 100644
--- a/lib/inets/src/inets_app/Makefile
+++ b/lib/inets/src/inets_app/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2005-2010. All Rights Reserved.
+# Copyright Ericsson AB 2005-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -30,6 +30,7 @@ include ../../vsn.mk
 
 VSN = $(INETS_VSN)
 
+
 # ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
@@ -41,8 +42,8 @@ RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
 # ----------------------------------------------------
 
 MODULES = \
-	inets_service \
 	inets \
+	inets_service \
 	inets_app \
 	inets_sup \
 	inets_regexp
diff --git a/lib/inets/src/inets_app/inets.app.src b/lib/inets/src/inets_app/inets.app.src
index cb036157a5..1db7ed2c30 100644
--- a/lib/inets/src/inets_app/inets.app.src
+++ b/lib/inets/src/inets_app/inets.app.src
@@ -1,7 +1,7 @@
 %% This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -34,8 +34,7 @@
             ftp_sup,
             
             %% HTTP client:
-            http,    %% Old client API module
-            httpc,   %% New client API module
+            httpc, 
             httpc_handler,
 	    httpc_handler_sup,	
             httpc_manager,
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index 84217eac78..e80cb2a23b 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -18,91 +18,65 @@
 
 {"%VSN%",
  [
-  {"5.7.2",
+  {"5.8",
    [
     {load_module, ftp, soft_purge, soft_purge, []}, 
-    {update, httpc_handler, {advanced, upgrade_from_pre_5_7_3}, 
+    {update, httpc_handler, {advanced, upgrade_from_pre_5_8_1}, 
      soft_purge, soft_purge, []}, 
-    {update, httpc_manager, {advanced, upgrade_from_pre_5_7_3}, 
+    {update, httpc_manager, {advanced, upgrade_from_pre_5_8_1}, 
      soft_purge, soft_purge, [httpc_handler]}
    ]
   }, 
-  {"5.7.1",
+  {"5.7.2", 
    [
-    {load_module, ftp,            soft_purge, soft_purge, []},
-    {load_module, http_uri,       soft_purge, soft_purge, []},
-    {load_module, http_util,      soft_purge, soft_purge, []},
-    {load_module, httpd_util,     soft_purge, soft_purge, [http_util]},
-    {load_module, httpd_file,     soft_purge, soft_purge, []}, 
-    {load_module, httpd_request,  soft_purge, soft_purge, []}, 
-    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
-    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]},
-    {update, httpc_handler, {advanced, upgrade_from_pre_5_7_3}, 
-     soft_purge, soft_purge, []}, 
-    {update, httpc_manager, {advanced, upgrade_from_pre_5_7_3}, 
-     soft_purge, soft_purge, [httpc_handler]}
+    {restart_application, inets}
+   ]
+  }, 
+  {"5.7.1", 
+   [
+    {restart_application, inets}
    ]
   }, 
   {"5.7", 
    [
-    {load_module, ftp,            soft_purge, soft_purge, []},
-    {load_module, http_uri,       soft_purge, soft_purge, []},
-    {load_module, httpd_util,     soft_purge, soft_purge, [http_util]},
-    {load_module, httpd_file,     soft_purge, soft_purge, []}, 
-    {load_module, httpd_request,  soft_purge, soft_purge, []}, 
-    {load_module, httpc_cookie,   soft_purge, soft_purge, [http_util]}, 
-    {load_module, http_util,      soft_purge, soft_purge, []}, 
-    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
-    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]},
-    {update, httpc_handler, {advanced, upgrade_from_pre_5_7_3}, 
-     soft_purge, soft_purge, []}, 
-    {update, httpc_manager, {advanced, upgrade_from_pre_5_7_3}, 
-     soft_purge, soft_purge, [httpc_handler]}
+    {restart_application, inets}
    ]
-  }
+  }, 
+  {"5.6", 
+   [
+    {restart_application, inets}
+   ]
+  } 
  ],
  [
-  {"5.7.2",
+  {"5.8",
    [
     {load_module, ftp, soft_purge, soft_purge, []}, 
-    {update, httpc_handler, {advanced, downgrade_to_pre_5_7_3}, 
+    {update, httpc_handler, {advanced, upgrade_from_pre_5_8_1}, 
      soft_purge, soft_purge, []}, 
-    {update, httpc_manager, {advanced, downgrade_to_pre_5_7_3}, 
+    {update, httpc_manager, {advanced, upgrade_from_pre_5_8_1}, 
      soft_purge, soft_purge, [httpc_handler]}
    ]
   }, 
-  {"5.7.1",
+  {"5.7.2", 
    [
-    {load_module, ftp,            soft_purge, soft_purge, []},
-    {load_module, http_uri,       soft_purge, soft_purge, []},
-    {load_module, http_util,      soft_purge, soft_purge, []},
-    {load_module, httpd_util,     soft_purge, soft_purge, [http_util]},
-    {load_module, httpd_file,     soft_purge, soft_purge, []}, 
-    {load_module, httpd_request,  soft_purge, soft_purge, []}, 
-    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
-    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]},
-    {update, httpc_handler, {advanced, downgrade_to_pre_5_7_3}, 
-     soft_purge, soft_purge, []}, 
-    {update, httpc_manager, {advanced, downgrade_to_pre_5_7_3}, 
-     soft_purge, soft_purge, [httpc_handler]}
+    {restart_application, inets}
+   ]
+  }, 
+  {"5.7.1", 
+   [
+    {restart_application, inets}
    ]
   }, 
   {"5.7", 
-   [ 
-    {load_module, ftp,            soft_purge, soft_purge, []},
-    {load_module, http_uri,       soft_purge, soft_purge, []},
-    {load_module, httpd_util,     soft_purge, soft_purge, [http_util]},
-    {load_module, httpd_file,     soft_purge, soft_purge, []}, 
-    {load_module, httpd_request,  soft_purge, soft_purge, []}, 
-    {load_module, httpc_cookie,   soft_purge, soft_purge, [http_util]}, 
-    {load_module, http_util,      soft_purge, soft_purge, []}, 
-    {load_module, mod_responsecontrol, soft_purge, soft_purge, []},
-    {load_module, httpd_response, soft_purge, soft_purge, [mod_responsecontrol]},
-    {update, httpc_handler, {advanced, downgrade_to_pre_5_7_3}, 
-     soft_purge, soft_purge, []}, 
-    {update, httpc_manager, {advanced, downgrade_to_pre_5_7_3}, 
-     soft_purge, soft_purge, [httpc_handler]}
+   [
+    {restart_application, inets}
+   ]
+  }, 
+  {"5.6", 
+   [
+    {restart_application, inets}
    ]
-  }
+  } 
  ]
 }.
diff --git a/lib/inets/src/inets_app/inets.mk b/lib/inets/src/inets_app/inets.mk
index b6e9fe1d96..194b4ca2b1 100644
--- a/lib/inets/src/inets_app/inets.mk
+++ b/lib/inets/src/inets_app/inets.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2010. All Rights Reserved.
+# Copyright Ericsson AB 2010-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -33,6 +33,10 @@ ifeq ($(WARN_UNUSED_WARS), true)
 ERL_COMPILE_FLAGS += +warn_unused_vars
 endif
 
+ifeq ($(shell erl -noshell -eval 'io:format("~4s", [erlang:system_info(otp_release)])' -s init stop), R14B)
+INETS_ERL_COMPILE_FLAGS += -D'OTP-R14B-COMPILER'
+endif
+
 INETS_APP_VSN_COMPILE_FLAGS = \
 	+'{parse_transform,sys_pre_attributes}' \
 	+'{attribute,insert,app_vsn,$(APP_VSN)}'
diff --git a/lib/inets/src/inets_app/inets_service.erl b/lib/inets/src/inets_app/inets_service.erl
index e9eb9892f2..a057a51e2c 100644
--- a/lib/inets/src/inets_app/inets_service.erl
+++ b/lib/inets/src/inets_app/inets_service.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,24 +20,35 @@
 
 -module(inets_service).
 
+-ifdef('OTP-R14B-COMPILER').
+
 -export([behaviour_info/1]).
 
 behaviour_info(callbacks) ->
-    [{start_standalone,         1}, 
-     {start_service,            1},
-     {stop_service,             1},
-     {services,                 0},
-     {service_info,             1}];
+        [{start_standalone,         1}, 
+	 {start_service,            1},
+	 {stop_service,             1},
+	 {services,                 0},
+	 {service_info,             1}];
 behaviour_info(_) ->
-    undefined.
+        undefined.
+
+-else.
 
 %% Starts service stand-alone
 %% start_standalone(Config) ->  % {ok, Pid} | {error, Reason}
 %%    <service>:start_link(Config).
 
+-callback start_standalone(Config :: term()) ->
+    {ok, pid()} | {error, Reason :: term()}.
+
 %% Starts service as part of inets
 %% start_service(Config) -> % {ok, Pid} | {error, Reason}
 %%    <service_sup>:start_child(Config).
+
+-callback start_service(Config :: term()) ->
+    {ok, pid()} | {error, Reason :: term()}.
+
 %% Stop service
 %% stop_service(Pid) ->  % ok | {error, Reason}   
 %%   <service_sup>:stop_child(maybe_map_pid_to_other_ref(Pid)).
@@ -51,6 +62,9 @@ behaviour_info(_) ->
 %%            Error
 %%    end.
 
+-callback stop_service(Service :: term()) ->
+    ok | {error, Reason :: term()}.
+
 %% Returns list of running services. Services started as stand alone
 %% are not listed 
 %% services() -> % [{Service, Pid}] 
@@ -59,7 +73,14 @@ behaviour_info(_) ->
 %%   [{httpc, Pid} || {_, Pid, _, _} <- 
 %%			supervisor:which_children(httpc_profile_sup)].
 
+-callback services() ->
+    [{Service :: term(), pid()}].
 
-%% service_info() -> [{Property, Value}] | {error, Reason}
+%% service_info() -> {ok, [{Property, Value}]} | {error, Reason}
 %% ex: httpc:service_info() -> [{profile, ProfileName}] 
 %%     httpd:service_info() -> [{host, Host}, {port, Port}]
+
+-callback service_info(Service :: term()) ->
+    {ok, [{Property :: term(), Value :: term()}]} | {error, Reason :: term()}.
+
+-endif.
diff --git a/lib/inets/src/tftp/tftp.erl b/lib/inets/src/tftp/tftp.erl
index bfdb4c0030..0d7ae1a89e 100644
--- a/lib/inets/src/tftp/tftp.erl
+++ b/lib/inets/src/tftp/tftp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -215,8 +215,6 @@
 	 start/0
 	]).
 
--export([behaviour_info/1]).
-
 %% Application local functions
 -export([
 	 start_standalone/1,
@@ -226,14 +224,67 @@
 	 service_info/1
 	]).
 
+-ifdef('OTP-R14B-COMPILER').
+
+-export([behaviour_info/1]).
 
 behaviour_info(callbacks) ->
-    [{prepare, 6}, {open, 6}, {read, 1}, {write, 2}, {abort, 3}];
+    [{prepare, 6}, 
+     {open,    6}, 
+     {read,    1}, 
+     {write,   2}, 
+     {abort,   3}];
 behaviour_info(_) ->
     undefined.
 
+-else.
+
+-type peer() :: {PeerType :: inet | inet6,
+		 PeerHost :: inet:ip_address(),
+		 PeerPort :: port()}.
+
+-type access() :: read | write.
+
+-type options() :: [{Key :: string(), Value :: string()}].
+
+-type error_code() :: undef | enoent | eacces | enospc |
+		      badop | eexist | baduser | badopt |
+		      integer().
+
+-callback prepare(Peer :: peer(),
+		  Access :: access(),
+		  Filename :: file:name(),
+		  Mode :: string(),
+		  SuggestedOptions :: options(),
+		  InitialState :: [] | [{root_dir, string()}]) ->
+    {ok, AcceptedOptions :: options(), NewState :: term()} |
+    {error, {Code :: error_code(), string()}}.
+
+-callback open(Peer :: peer(),
+	       Access :: access(),
+	       Filename :: file:name(),
+	       Mode :: string(),
+	       SuggestedOptions :: options(),
+	       State :: [] | [{root_dir, string()}] | term()) ->
+    {ok, AcceptedOptions :: options(), NewState :: term()} |
+    {error, {Code :: error_code(), string()}}.
+
+-callback read(State :: term()) -> {more, binary(), NewState :: term()} |
+				   {last, binary(), integer()} |
+				   {error, {Code :: error_code(), string()}}.
+
+-callback write(binary(), State :: term()) ->
+    {more, NewState :: term()} |
+    {last, FileSize :: integer()} |
+    {error, {Code :: error_code(), string()}}.
+
+-callback abort(Code :: error_code(), string(), State :: term()) -> 'ok'.
+
+-endif.
+
 -include("tftp.hrl").
 
+
 %%-------------------------------------------------------------------
 %% read_file(RemoteFilename, LocalFilename, Options) ->
 %%   {ok, LastCallbackState} | {error, Reason}
diff --git a/lib/inets/test/ftp_suite_lib.erl b/lib/inets/test/ftp_suite_lib.erl
index 3ebd02229e..ffb58c91b6 100644
--- a/lib/inets/test/ftp_suite_lib.erl
+++ b/lib/inets/test/ftp_suite_lib.erl
@@ -196,7 +196,9 @@ test_filenames() ->
 %% variable, but should NOT alter/remove any existing entries.
 %%--------------------------------------------------------------------
 init_per_testcase(Case, Config) 
-  when (Case =:= open) orelse (Case =:= open_port) ->
+  when (Case =:= open) orelse 
+       (Case =:= open_port) ->
+    put(ftp_testcase, Case), 
     io:format(user, "~n~n*** INIT ~w:~w ***~n~n", [?MODULE, Case]),
     inets:start(),
     NewConfig = data_dir(Config),
@@ -266,7 +268,7 @@ do_init_per_testcase(Case, Config) ->
  	end,
     Opts2 = 
 	case string:tokens(atom_to_list(Case), [$_]) of
-	    [_, "active" | _] ->
+	    ["active" | _] ->
 		[{mode, active}  | Opts1];
 	    _ ->
 		[{mode, passive} | Opts1]
@@ -367,8 +369,11 @@ open(Config) when is_list(Config) ->
 
 
 tc_open(Host) ->
+    p("tc_open -> entry with"
+      "~n   Host: ~p", [Host]),
     {ok, Pid} = ?ftp_open(Host, []),
     ok = ftp:close(Pid),
+    p("tc_open -> try (ok) open 1"),
     {ok, Pid1} = 
 	ftp:open({option_list, [{host,Host}, 
 				{port, ?FTP_PORT}, 
@@ -376,11 +381,13 @@ tc_open(Host) ->
 				{timeout, 30000}]}),
     ok = ftp:close(Pid1),
     
+    p("tc_open -> try (fail) open 2"),
     {error, ehost} = 
 	ftp:open({option_list, [{port, ?FTP_PORT}, {flags, [verbose]}]}),
     {ok, Pid2} = ftp:open(Host),
     ok = ftp:close(Pid2),
     
+    p("tc_open -> try (ok) open 3"),
     {ok, NewHost} = inet:getaddr(Host, inet),
     {ok, Pid3} = ftp:open(NewHost),
     ftp:user(Pid3, ?FTP_USER, ?FTP_PASS),
@@ -392,33 +399,68 @@ tc_open(Host) ->
 
     %% Bad input that has default values are ignored and the defult 
     %% is used.
+    p("tc_open -> try (ok) open 4"),
     {ok, Pid4} = 
-	ftp:open({option_list, [{host, Host}, {port, badarg}, 
-				{flags, [verbose]}, 
+	ftp:open({option_list, [{host,    Host}, 
+				{port,    badarg}, 
+				{flags,   [verbose]}, 
 				{timeout, 30000}]}),
     test_server:sleep(100),
     ok = ftp:close(Pid4),
+
+    p("tc_open -> try (ok) open 5"),
     {ok, Pid5} = 
-	ftp:open({option_list, [{host, Host}, {port, ?FTP_PORT}, 
-				{flags, [verbose]}, 
+	ftp:open({option_list, [{host,    Host}, 
+				{port,    ?FTP_PORT}, 
+				{flags,   [verbose]}, 
 				{timeout, -42}]}),
     test_server:sleep(100),
     ok = ftp:close(Pid5),
+
+    p("tc_open -> try (ok) open 6"),
     {ok, Pid6} = 
-	ftp:open({option_list, [{host, Host}, {port, ?FTP_PORT}, 
+	ftp:open({option_list, [{host,  Host}, 
+				{port,  ?FTP_PORT}, 
 				{flags, [verbose]}, 
-				{mode, cool}]}),
+				{mode,  cool}]}),
     test_server:sleep(100),
     ok = ftp:close(Pid6),
 
+    p("tc_open -> try (ok) open 7"),
     {ok, Pid7} = 
 	ftp:open(Host, [{port, ?FTP_PORT}, {verbose, true}, {timeout, 30000}]),
     ok = ftp:close(Pid7),
 
+    p("tc_open -> try (ok) open 8"),
     {ok, Pid8} = 
 	ftp:open(Host, ?FTP_PORT),
     ok = ftp:close(Pid8),
 
+    p("tc_open -> try (ok) open 9"),
+    {ok, Pid9} = 
+	ftp:open(Host, [{port,     ?FTP_PORT}, 
+			{verbose,  true}, 
+			{timeout,  30000}, 
+			{dtimeout, -99}]),
+    ok = ftp:close(Pid9),
+
+    p("tc_open -> try (ok) open 10"),
+    {ok, Pid10} = 
+	ftp:open(Host, [{port,     ?FTP_PORT}, 
+			{verbose,  true}, 
+			{timeout,  30000}, 
+			{dtimeout, "foobar"}]),
+    ok = ftp:close(Pid10),
+
+    p("tc_open -> try (ok) open 11"),
+    {ok, Pid11} = 
+	ftp:open(Host, [{port,     ?FTP_PORT}, 
+			{verbose,  true}, 
+			{timeout,  30000}, 
+			{dtimeout, 1}]),
+    ok = ftp:close(Pid11),
+
+    p("tc_open -> done"),
     ok.
 
     
@@ -445,7 +487,7 @@ passive_user(suite) ->
     [];
 passive_user(Config) when is_list(Config) ->
     Pid = ?config(ftp, Config),
-    io:format("Pid: ~p~n",[Pid]),
+    p("Pid: ~p",[Pid]),
     do_user(Pid).
 
 
@@ -967,13 +1009,13 @@ api_missuse(doc)->
     ["Test that behaviour of the ftp process if the api is abused"];
 api_missuse(suite) -> [];
 api_missuse(Config) when is_list(Config) ->
-    io:format("api_missuse -> entry~n", []),
+    p("api_missuse -> entry"),
     Flag =  process_flag(trap_exit, true),
     Pid = ?config(ftp, Config),
     Host = ftp_host(Config), 
     
     %% Serious programming fault, connetion will be shut down 
-    io:format("api_missuse -> verify bad call termination (~p)~n", [Pid]),
+    p("api_missuse -> verify bad call termination (~p)", [Pid]),
     case (catch gen_server:call(Pid, {self(), foobar, 10}, infinity)) of
 	{error, {connection_terminated, 'API_violation'}} ->
 	    ok;
@@ -983,23 +1025,23 @@ api_missuse(Config) when is_list(Config) ->
     test_server:sleep(500),
     undefined = process_info(Pid, status),
 
-    io:format("api_missuse -> start new client~n", []),
+    p("api_missuse -> start new client"),
     {ok, Pid2} =  ?ftp_open(Host, []),
     %% Serious programming fault, connetion will be shut down 
-    io:format("api_missuse -> verify bad cast termination~n", []),
+    p("api_missuse -> verify bad cast termination"),
     gen_server:cast(Pid2, {self(), foobar, 10}),
     test_server:sleep(500),
     undefined = process_info(Pid2, status),
 
-    io:format("api_missuse -> start new client~n", []),
+    p("api_missuse -> start new client"),
     {ok, Pid3} =  ?ftp_open(Host, []),
     %% Could be an innocent misstake the connection lives. 
-    io:format("api_missuse -> verify bad bang~n", []),
+    p("api_missuse -> verify bad bang"),
     Pid3 ! foobar, 
     test_server:sleep(500),
     {status, _} = process_info(Pid3, status),
     process_flag(trap_exit, Flag),
-    io:format("api_missuse -> done~n", []),
+    p("api_missuse -> done"),
     ok.
 
 
@@ -1567,9 +1609,9 @@ split([], I, Is) ->
     lists:reverse([lists:reverse(I)| Is]).
 
 do_ftp_open(Host, Opts) ->
-    io:format("do_ftp_open -> entry with"
-	      "~n   Host: ~p"
-	      "~n   Opts: ~p", [Host, Opts]), 
+    p("do_ftp_open -> entry with"
+      "~n   Host: ~p"
+      "~n   Opts: ~p", [Host, Opts]), 
     case ftp:open(Host, Opts) of
 	{ok, _} = OK ->
 	    OK;
@@ -1595,7 +1637,7 @@ passwd() ->
 ftpd_hosts(Config) ->
     DataDir = ?config(data_dir, Config),
     FileName = filename:join([DataDir, "../ftp_SUITE_data/", ftpd_hosts]),
-    io:format("FileName: ~p~n", [FileName]),
+    p("FileName: ~p", [FileName]),
     case file:consult(FileName) of
 	{ok, [Hosts]} when is_list(Hosts) ->
 	    Hosts;
diff --git a/lib/inets/test/ftp_windows_2003_server_test.erl b/lib/inets/test/ftp_windows_2003_server_test.erl
index 57f1ae8358..32f25713f8 100644
--- a/lib/inets/test/ftp_windows_2003_server_test.erl
+++ b/lib/inets/test/ftp_windows_2003_server_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -87,14 +87,22 @@ end_per_testcase(Case, Config) ->
 %% Description: Returns a list of all test cases in this test suite
 %%--------------------------------------------------------------------
 all() -> 
-    [open, open_port, {group, passive}, {group, active},
-     api_missuse, not_owner, {group, progress_report}].
+    [
+     open, 
+     open_port, 
+     {group, passive}, 
+     {group, active},
+     api_missuse, 
+     not_owner, 
+     {group, progress_report}
+    ].
 
 groups() -> 
-    [{passive, [], ftp_suite_lib:passive(suite)},
-     {active, [], ftp_suite_lib:active(suite)},
-     {progress_report, [],
-      ftp_suite_lib:progress_report(suite)}].
+    [
+     {passive,         [], ftp_suite_lib:passive(suite)},
+     {active,          [], ftp_suite_lib:active(suite)},
+     {progress_report, [], ftp_suite_lib:progress_report(suite)}
+    ].
 
 init_per_group(_GroupName, Config) ->
     Config.
diff --git a/lib/inets/test/httpc_SUITE.erl b/lib/inets/test/httpc_SUITE.erl
index 63935a2352..881266b70a 100644
--- a/lib/inets/test/httpc_SUITE.erl
+++ b/lib/inets/test/httpc_SUITE.erl
@@ -114,13 +114,10 @@ groups() ->
 		    proxy_page_does_not_exist,
 		    proxy_https_not_supported]}, 
      {ssl,     [], [ssl_head, 
-		    ossl_head, 
 		    essl_head, 
 		    ssl_get, 
-		    ossl_get,
 		    essl_get, 
 		    ssl_trace, 
-		    ossl_trace, 
 		    essl_trace]}, 
      {stream,  [], [http_stream,
 		    http_stream_once, 
@@ -149,14 +146,6 @@ groups() ->
     ].
 
 
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
 %%--------------------------------------------------------------------
 %% Function: init_per_suite(Config) -> Config
 %% Config - [tuple()]
@@ -230,9 +219,7 @@ init_per_testcase(initial_server_connect = Case, Config) ->
     %% this test case does not work unless it does
     try 
 	begin
-	    ensure_started(crypto),
-	    ensure_started(public_key),
-	    ensure_started(ssl),
+	    ?ENSURE_STARTED([crypto, public_key, ssl]),
 	    inets:start(),
 	    Config
 	end
@@ -271,14 +258,12 @@ init_per_testcase(Case, Timeout, Config) ->
     NewConfig = 
 	case atom_to_list(Case) of
 	    [$s, $s, $l | _] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]), 
 		init_per_testcase_ssl(ssl, PrivDir, SslConfFile, 
 				      [{watchdog, Dog} | TmpConfig]);
 
-	    [$o, $s, $s, $l | _] ->
-		init_per_testcase_ssl(ossl, PrivDir, SslConfFile, 
-				      [{watchdog, Dog} | TmpConfig]);
-
 	    [$e, $s, $s, $l | _] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]), 
 		init_per_testcase_ssl(essl, PrivDir, SslConfFile, 
 				      [{watchdog, Dog} | TmpConfig]);
 
@@ -290,7 +275,7 @@ init_per_testcase(Case, Timeout, Config) ->
 			inets:start(),
 			tsp("init_per_testcase -> "
 			    "[proxy case] start crypto, public_key and ssl"),
-			try ensure_started([crypto, public_key, ssl]) of
+			try ?ENSURE_STARTED([crypto, public_key, ssl]) of
 			    ok ->
 				[{watchdog, Dog} | TmpConfig]
 			catch 
@@ -343,8 +328,8 @@ init_per_testcase(Case, Timeout, Config) ->
 		end;
 
 	    "ipv6_" ++ _Rest ->
-		%% Ensure needed apps (crypto, public_key and ssl) started
-		try ensure_started([crypto, public_key, ssl]) of
+		%% Ensure needed apps (crypto, public_key and ssl) are started
+		try ?ENSURE_STARTED([crypto, public_key, ssl]) of
 		    ok ->
 			Profile = ipv6, 
 			%% A stand-alone profile is represented by a pid()
@@ -378,7 +363,7 @@ init_per_testcase(Case, Timeout, Config) ->
     
     %% This will fail for the ipv6_ - cases (but that is ok)
     ProxyExceptions = ["localhost", ?IPV6_LOCAL_HOST], 
-    http:set_options([{proxy, {{?PROXY, ?PROXY_PORT}, ProxyExceptions}}]),
+    httpc:set_options([{proxy, {{?PROXY, ?PROXY_PORT}, ProxyExceptions}}]),
     inets:enable_trace(max, io, httpc),
     %% inets:enable_trace(max, io, all),
     %% snmp:set_trace([gen_tcp]),
@@ -1079,13 +1064,6 @@ ssl_head(suite) ->
 ssl_head(Config) when is_list(Config) ->   
     ssl_head(ssl, Config).
 
-ossl_head(doc) ->
-    ["Same as http_head/1 but over ssl sockets."];
-ossl_head(suite) ->
-    [];
-ossl_head(Config) when is_list(Config) ->   
-    ssl_head(ossl, Config).
-
 essl_head(doc) ->
     ["Same as http_head/1 but over ssl sockets."];
 essl_head(suite) ->
@@ -1108,8 +1086,6 @@ ssl_head(SslTag, Config) ->
 		case SslTag of
 		    ssl ->
 			SSLOptions;
-		    ossl ->
-			{ossl, SSLOptions};
 		    essl ->
 			{essl, SSLOptions}
 		end,
@@ -1134,13 +1110,6 @@ ssl_get(suite) ->
 ssl_get(Config) when is_list(Config) ->
     ssl_get(ssl, Config).
 
-ossl_get(doc) ->
-    ["Same as http_get/1 but over ssl sockets."];
-ossl_get(suite) ->
-    [];
-ossl_get(Config) when is_list(Config) ->
-    ssl_get(ossl, Config).
-
 essl_get(doc) ->
     ["Same as http_get/1 but over ssl sockets."];
 essl_get(suite) ->
@@ -1160,8 +1129,6 @@ ssl_get(SslTag, Config) when is_list(Config) ->
 		case SslTag of
 		    ssl ->
 			SSLOptions;
-		    ossl ->
-			{ossl, SSLOptions};
 		    essl ->
 			{essl, SSLOptions}
 		end,
@@ -1187,13 +1154,6 @@ ssl_trace(suite) ->
 ssl_trace(Config) when is_list(Config) ->
     ssl_trace(ssl, Config).
 
-ossl_trace(doc) ->
-    ["Same as http_trace/1 but over ssl sockets."];
-ossl_trace(suite) ->
-    [];
-ossl_trace(Config) when is_list(Config) ->
-    ssl_trace(ossl, Config).
-
 essl_trace(doc) ->
     ["Same as http_trace/1 but over ssl sockets."];
 essl_trace(suite) ->
@@ -1213,8 +1173,6 @@ ssl_trace(SslTag, Config) when is_list(Config) ->
 		case SslTag of
 		    ssl ->
 			SSLOptions;
-		    ossl ->
-			{ossl, SSLOptions};
 		    essl ->
 			{essl, SSLOptions}
 		end,
@@ -1916,22 +1874,31 @@ parse_url(suite) ->
     [];
 parse_url(Config) when is_list(Config) ->
     %% ipv6
-    {http,[],"2010:836B:4179::836B:4179",80,"/foobar.html",[]}
-	= http_uri:parse("http://[2010:836B:4179::836B:4179]/foobar.html"),
+    {ok, {http,[],"2010:836B:4179::836B:4179",80,"/foobar.html",[]}} = 
+	http_uri:parse("http://[2010:836B:4179::836B:4179]/foobar.html"),
+    {ok, {http,[],"[2010:836B:4179::836B:4179]",80,"/foobar.html",[]}} = 
+	http_uri:parse("http://[2010:836B:4179::836B:4179]/foobar.html", 
+		       [{ipv6_host_with_brackets, true}]),
+    {ok, {http,[],"2010:836B:4179::836B:4179",80,"/foobar.html",[]}} = 
+	http_uri:parse("http://[2010:836B:4179::836B:4179]/foobar.html", 
+		       [{ipv6_host_with_brackets, false}]),
+    {ok, {http,[],"2010:836B:4179::836B:4179",80,"/foobar.html",[]}} = 
+	http_uri:parse("http://[2010:836B:4179::836B:4179]/foobar.html", 
+		       [{foo, false}]),
     {error,
      {malformed_url,"http://2010:836B:4179::836B:4179/foobar.html"}} =
 	http_uri:parse("http://2010:836B:4179::836B:4179/foobar.html"), 
 
     %% ipv4
-    {http,[],"127.0.0.1",80,"/foobar.html",[]} =
+    {ok, {http,[],"127.0.0.1",80,"/foobar.html",[]}} =
 	http_uri:parse("http://127.0.0.1/foobar.html"),
     
     %% host
-    {http,[],"localhost",8888,"/foobar.html",[]} = 
+    {ok, {http,[],"localhost",8888,"/foobar.html",[]}} = 
 	http_uri:parse("http://localhost:8888/foobar.html"),
     
     %% Userinfo
-    {http,"nisse:foobar","localhost",8888,"/foobar.html",[]} =
+    {ok, {http,"nisse:foobar","localhost",8888,"/foobar.html",[]}} =
 	http_uri:parse("http://nisse:foobar@localhost:8888/foobar.html"),
     
     %% Scheme error
@@ -1940,18 +1907,20 @@ parse_url(Config) when is_list(Config) ->
 	http_uri:parse("localhost:8888/foobar.html"),
     
     %% Query
-    {http,[],"localhost",8888,"/foobar.html","?foo=bar&foobar=42"} =
+    {ok, {http,[],"localhost",8888,"/foobar.html","?foo=bar&foobar=42"}} =
 	http_uri:parse("http://localhost:8888/foobar.html?foo=bar&foobar=42"),
     
     %%  Esc chars
-    {http,[],"www.somedomain.com",80,"/%2Eabc",[]} =
+    {ok, {http,[],"www.somedomain.com",80,"/%2Eabc",[]}} =
 	http_uri:parse("http://www.somedomain.com/%2Eabc"),
-    {http,[],"www.somedomain.com",80,"/%252Eabc",[]} = 
+    {ok, {http,[],"www.somedomain.com",80,"/%252Eabc",[]}} = 
 	http_uri:parse("http://www.somedomain.com/%252Eabc"),
-    {http,[],"www.somedomain.com",80,"/%25abc",[]} =
+    {ok, {http,[],"www.somedomain.com",80,"/%25abc",[]}} =
 	http_uri:parse("http://www.somedomain.com/%25abc"),
-    {http,[],"www.somedomain.com",80,"/%25abc", "?foo=bar"} =
+    {ok, {http,[],"www.somedomain.com",80,"/%25abc", "?foo=bar"}} =
 	http_uri:parse("http://www.somedomain.com/%25abc?foo=bar"),
+
+    
     ok.    
 
 
@@ -2413,12 +2382,14 @@ http_invalid_http(Config) when is_list(Config) ->
 
 %%-------------------------------------------------------------------------
 
+-define(GOOGLE, "www.google.com").
+
 hexed_query_otp_6191(doc) ->
     [];
 hexed_query_otp_6191(suite) ->
     [];
 hexed_query_otp_6191(Config) when is_list(Config) ->
-    Google = "www.google.com",
+    Google = ?GOOGLE, 
     GoogleSearch = "http://" ++ Google ++ "/search",
     Search1 = "?hl=en&q=a%D1%85%D1%83%D0%B9&btnG=Google+Search", 
     URI1    = GoogleSearch ++ Search1,
@@ -2427,11 +2398,32 @@ hexed_query_otp_6191(Config) when is_list(Config) ->
     Search3 = "?hl=en&q=%foo",
     URI3    = GoogleSearch ++ Search3, 
 
-    {http, [], Google, 80, "/search", _} = http_uri:parse(URI1),
-    {http, [], Google, 80, "/search", _} = http_uri:parse(URI2),
-    {http, [], Google, 80, "/search", _} = http_uri:parse(URI3),
+    Verify1 = 
+	fun({http, [], ?GOOGLE, 80, "/search", _}) -> ok;
+	   (_) -> error
+	end,
+    Verify2 = Verify1, 
+    Verify3 = Verify1, 
+    verify_uri(URI1, Verify1), 
+    verify_uri(URI2, Verify2), 
+    verify_uri(URI3, Verify3), 
     ok.
 
+verify_uri(URI, Verify) ->
+    case http_uri:parse(URI) of
+	{ok, ParsedURI} ->
+	    case Verify(ParsedURI) of
+		ok ->
+		    ok;
+		error ->
+		    Reason = {unexpected_parse_result, URI, ParsedURI}, 
+		    ERROR  = {error, Reason}, 
+		    throw(ERROR)
+	    end;
+	{error, _} = ERROR ->
+	    throw(ERROR)
+    end.
+
 
 %%-------------------------------------------------------------------------
 
@@ -3360,10 +3352,6 @@ dummy_server_init(Caller, essl, IpV, SSLOptions) ->
     BaseOpts = [{ssl_imp, new}, 
 		{backlog, 128}, binary, {reuseaddr,true}, {active, false} |
 	        SSLOptions], 
-    dummy_ssl_server_init(Caller, BaseOpts, IpV);
-dummy_server_init(Caller, ossl, IpV, SSLOptions) ->
-    BaseOpts = [{ssl_imp, old}, 
-		{backlog, 128}, binary, {active, false} | SSLOptions], 
     dummy_ssl_server_init(Caller, BaseOpts, IpV).
 
 dummy_ssl_server_init(Caller, BaseOpts, IpV) ->
@@ -3877,21 +3865,5 @@ dummy_ssl_server_hang_loop(_) ->
     end.
 
 
-ensure_started([]) ->
-    ok;
-ensure_started([App|Apps]) ->
-    ensure_started(App),
-    ensure_started(Apps);
-ensure_started(App) when is_atom(App) ->
-    case (catch application:start(App)) of
-	ok ->
-	    ok;
-	{error, {already_started, _}} ->
-	    ok;
-	Error ->
-	    throw({error, {failed_starting, App, Error}})
-    end.
-
-
 skip(Reason) ->
     {skip, Reason}.
diff --git a/lib/inets/test/httpc_cookie_SUITE.erl b/lib/inets/test/httpc_cookie_SUITE.erl
index 866fa9d525..93dbc270c5 100644
--- a/lib/inets/test/httpc_cookie_SUITE.erl
+++ b/lib/inets/test/httpc_cookie_SUITE.erl
@@ -55,7 +55,7 @@ init_per_testcase(session_cookies_only = Case, Config0) ->
 	"~n   Config0: ~p", [Case, Config0]),
     Config = init_workdir(Case, Config0), 
     application:start(inets), 
-    http:set_options([{cookies, verify}]),
+    httpc:set_options([{cookies, verify}]),
     watch_dog(Config);
 
 init_per_testcase(Case, Config0) ->
@@ -66,7 +66,7 @@ init_per_testcase(Case, Config0) ->
     application:load(inets),
     application:set_env(inets, services, [{httpc, {default, CaseDir}}]),
     application:start(inets), 
-    http:set_options([{cookies, verify}]),
+    httpc:set_options([{cookies, verify}]),
     watch_dog(Config).
 
 watch_dog(Config) ->
@@ -160,12 +160,12 @@ session_cookies_only(Config) when is_list(Config) ->
 
     SetCookieHeaders = [{"set-cookie", "test_cookie=true; path=/;" 
 			 ";max-age=60000"}],
-    http:verify_cookies(SetCookieHeaders, ?URL),
-     {"cookie","$Version=0; test_cookie=true; $Path=/"}
-	= http:cookie_header(?URL),
+    httpc:store_cookies(SetCookieHeaders, ?URL),
+    {"cookie", "$Version=0; test_cookie=true; $Path=/"} = 
+	httpc:cookie_header(?URL),
     application:stop(inets),
     application:start(inets),
-    {"cookie",""} = http:cookie_header(?URL),
+    {"cookie", ""} = httpc:cookie_header(?URL),
 
     tsp("session_cookies_only -> Cookies 2: ~p", [httpc:which_cookies()]),
     ok.
@@ -180,9 +180,9 @@ netscape_cookies(Config) when is_list(Config) ->
     Expires = future_netscape_date(),
     SetCookieHeaders = [{"set-cookie", "test_cookie=true; path=/; " 
 			 "expires=" ++ Expires}],
-    http:verify_cookies(SetCookieHeaders, ?URL),
-    {"cookie","$Version=0; test_cookie=true; $Path=/"} = 
-	http:cookie_header(?URL),
+    httpc:store_cookies(SetCookieHeaders, ?URL),
+    {"cookie", "$Version=0; test_cookie=true; $Path=/"} = 
+	httpc:cookie_header(?URL),
 
     tsp("netscape_cookies -> Cookies 2: ~p", [httpc:which_cookies()]),
     ok.
@@ -197,13 +197,13 @@ cookie_cancel(Config) when is_list(Config) ->
 
     SetCookieHeaders = [{"set-cookie", "test_cookie=true; path=/;" 
 			 "max-age=60000"}],
-    http:verify_cookies(SetCookieHeaders, ?URL),
-    {"cookie","$Version=0; test_cookie=true; $Path=/"}
-	= http:cookie_header(?URL),
-    NewSetCookieHeaders = [{"set-cookie", "test_cookie=true; path=/;" 
-			    "max-age=0"}],
-    http:verify_cookies(NewSetCookieHeaders, ?URL),
-    {"cookie", ""} = http:cookie_header(?URL),
+    httpc:store_cookies(SetCookieHeaders, ?URL),
+    {"cookie", "$Version=0; test_cookie=true; $Path=/"} = 
+	httpc:cookie_header(?URL),
+    NewSetCookieHeaders = 
+	[{"set-cookie", "test_cookie=true; path=/;max-age=0"}],
+    httpc:store_cookies(NewSetCookieHeaders, ?URL),
+    {"cookie", ""} = httpc:cookie_header(?URL),
 
     tsp("cookie_cancel -> Cookies 2: ~p", [httpc:which_cookies()]),
     ok.
@@ -217,11 +217,11 @@ cookie_expires(Config) when is_list(Config) ->
 
     SetCookieHeaders = [{"set-cookie", "test_cookie=true; path=/;" 
 			 "max-age=5"}],
-    http:verify_cookies(SetCookieHeaders, ?URL),
-    {"cookie","$Version=0; test_cookie=true; $Path=/"}
-	= http:cookie_header(?URL),
+    httpc:store_cookies(SetCookieHeaders, ?URL),
+    {"cookie", "$Version=0; test_cookie=true; $Path=/"} = 
+	httpc:cookie_header(?URL),
     test_server:sleep(10000),
-    {"cookie", ""} = http:cookie_header(?URL),
+    {"cookie", ""} = httpc:cookie_header(?URL),
 
     tsp("cookie_expires -> Cookies 2: ~p", [httpc:which_cookies()]),
     ok.
@@ -235,16 +235,16 @@ persistent_cookie(Config) when is_list(Config)->
 
     SetCookieHeaders = [{"set-cookie", "test_cookie=true; path=/;" 
 			 "max-age=60000"}],
-    http:verify_cookies(SetCookieHeaders, ?URL),
-    {"cookie","$Version=0; test_cookie=true; $Path=/"} = 
-	http:cookie_header(?URL),
+    httpc:store_cookies(SetCookieHeaders, ?URL),
+    {"cookie", "$Version=0; test_cookie=true; $Path=/"} = 
+	httpc:cookie_header(?URL),
     CaseDir = ?config(case_top_dir, Config),
     application:stop(inets),
     application:load(inets),
     application:set_env(inets, services, [{httpc, {default, CaseDir}}]),
     application:start(inets), 
-    http:set_options([{cookies, enabled}]),
-    {"cookie","$Version=0; test_cookie=true; $Path=/"} = http:cookie_header(?URL),
+    httpc:set_options([{cookies, enabled}]),
+    {"cookie","$Version=0; test_cookie=true; $Path=/"} = httpc:cookie_header(?URL),
 
     tsp("persistent_cookie -> Cookies 2: ~p", [httpc:which_cookies()]),
     ok.
@@ -259,10 +259,10 @@ domain_cookie(Config) when is_list(Config) ->
 
     SetCookieHeaders = [{"set-cookie", "test_cookie=true; path=/;" 
 			 "domain=.cookie.test.org"}],
-    http:verify_cookies(SetCookieHeaders, ?URL),
+    httpc:store_cookies(SetCookieHeaders, ?URL),
     {"cookie","$Version=0; test_cookie=true; $Path=/; "
      "$Domain=.cookie.test.org"} = 
-	http:cookie_header(?URL_DOMAIN),
+	httpc:cookie_header(?URL_DOMAIN),
 
     tsp("domain_cookie -> Cookies 2: ~p", [httpc:which_cookies()]),
     ok.
@@ -283,8 +283,8 @@ secure_cookie(Config) when is_list(Config) ->
     tsp("secure_cookie -> Cookies 1: ~p", [httpc:which_cookies()]),
     
     SetCookieHeaders = [{"set-cookie", "test_cookie=true; path=/; secure"}],
-    tsp("secure_cookie -> verify cookies (1)"),
-    ok = http:verify_cookies(SetCookieHeaders, ?URL),
+    tsp("secure_cookie -> store cookies (1)"),
+    ok = httpc:store_cookies(SetCookieHeaders, ?URL),
 
     tsp("secure_cookie -> Cookies 2: ~p", [httpc:which_cookies()]),
 
@@ -294,9 +294,9 @@ secure_cookie(Config) when is_list(Config) ->
     tsp("secure_cookie -> check cookie (plain)"),
     check_cookie("", ?URL),
 
-    tsp("secure_cookie -> verify cookies (2)"),
+    tsp("secure_cookie -> store cookies (2)"),
     SetCookieHeaders1 = [{"set-cookie", "test1_cookie=true; path=/; secure"}],
-    ok = http:verify_cookies(SetCookieHeaders1, ?URL),
+    ok = httpc:store_cookies(SetCookieHeaders1, ?URL),
 
     tsp("secure_cookie -> Cookies 3: ~p", [httpc:which_cookies()]),
 
@@ -305,7 +305,7 @@ secure_cookie(Config) when is_list(Config) ->
 		 "test1_cookie=true; $Path=/",
 		 ?URL_SECURE), 
 %%     {"cookie","$Version=0; test_cookie=true; $Path=/; "
-%%      "test1_cookie=true; $Path=/"} = http:cookie_header(?URL_SECURE),
+%%      "test1_cookie=true; $Path=/"} = httpc:cookie_header(?URL_SECURE),
 
     tsp("secure_cookie -> Cookies 4: ~p", [httpc:which_cookies()]),
 
@@ -411,8 +411,8 @@ cookie_attributes(Config) when is_list(Config) ->
 			 "comment=foobar; "%% Comment
 			 "foo=bar;" %% Nonsense should be ignored
 			 "max-age=60000"}],
-    http:verify_cookies(SetCookieHeaders, ?URL),
-    {"cookie","$Version=1; test_cookie=true"} = http:cookie_header(?URL),
+    httpc:store_cookies(SetCookieHeaders, ?URL),
+    {"cookie","$Version=1; test_cookie=true"} = httpc:cookie_header(?URL),
     ok.
 
 
@@ -421,7 +421,7 @@ cookie_attributes(Config) when is_list(Config) ->
 %%--------------------------------------------------------------------
 
 check_cookie(Expect, URL) ->
-    case http:cookie_header(URL) of
+    case httpc:cookie_header(URL) of
 	{"cookie", Expect} ->
 	    ok;
 	{"cookie", Unexpected} ->
diff --git a/lib/inets/test/httpd_SUITE.erl b/lib/inets/test/httpd_SUITE.erl
index ccc7aea2aa..a4bb8f7159 100644
--- a/lib/inets/test/httpd_SUITE.erl
+++ b/lib/inets/test/httpd_SUITE.erl
@@ -68,127 +68,96 @@
 
 -export([
 	 pssl_mod_alias/1, 
-	 ossl_mod_alias/1, 
 	 essl_mod_alias/1, 
 	 
 	 pssl_mod_actions/1, 
-	 ossl_mod_actions/1, 
 	 essl_mod_actions/1, 
 	 
 	 pssl_mod_security/1, 
-	 ossl_mod_security/1, 
 	 essl_mod_security/1, 
 	 
 	 pssl_mod_auth/1, 
-	 ossl_mod_auth/1, 
 	 essl_mod_auth/1, 
 
 	 pssl_mod_auth_api/1,  
-	 ossl_mod_auth_api/1,  
 	 essl_mod_auth_api/1,  
 	 
 	 pssl_mod_auth_mnesia_api/1, 
-	 ossl_mod_auth_mnesia_api/1, 
 	 essl_mod_auth_mnesia_api/1, 
 	 
 	 pssl_mod_htaccess/1, 
-	 ossl_mod_htaccess/1, 
 	 essl_mod_htaccess/1, 
 	 
 	 pssl_mod_cgi/1, 
-	 ossl_mod_cgi/1, 
 	 essl_mod_cgi/1,
  
 	 pssl_mod_esi/1, 
-	 ossl_mod_esi/1, 
 	 essl_mod_esi/1, 
 
 	 pssl_mod_get/1, 
-	 ossl_mod_get/1, 
 	 essl_mod_get/1, 
 
 	 pssl_mod_head/1, 
-	 ossl_mod_head/1, 
 	 essl_mod_head/1, 
 	 
 	 pssl_mod_all/1, 
-	 ossl_mod_all/1, 
 	 essl_mod_all/1, 
 	 
 	 pssl_load_light/1, 
-	 ossl_load_light/1, 
 	 essl_load_light/1, 
 	 
 	 pssl_load_medium/1, 
-	 ossl_load_medium/1, 
 	 essl_load_medium/1, 
 
 	 pssl_load_heavy/1, 
-	 ossl_load_heavy/1, 
 	 essl_load_heavy/1, 
 
 	 pssl_dos_hostname/1, 
-	 ossl_dos_hostname/1, 
 	 essl_dos_hostname/1, 
 
 	 pssl_time_test/1, 
-	 ossl_time_test/1, 
 	 essl_time_test/1,
 	 
 	 pssl_restart_no_block/1, 
-	 ossl_restart_no_block/1, 
 	 essl_restart_no_block/1, 
 	 
 	 pssl_restart_disturbing_block/1, 
-	 ossl_restart_disturbing_block/1, 
 	 essl_restart_disturbing_block/1,
 	 
 	 pssl_restart_non_disturbing_block/1, 
-	 ossl_restart_non_disturbing_block/1, 
 	 essl_restart_non_disturbing_block/1, 
 	 
 	 pssl_block_disturbing_idle/1, 
-	 ossl_block_disturbing_idle/1, 
 	 essl_block_disturbing_idle/1, 
 
 	 pssl_block_non_disturbing_idle/1, 
-	 ossl_block_non_disturbing_idle/1, 
 	 essl_block_non_disturbing_idle/1, 
 	 
 	 pssl_block_503/1, 
-	 ossl_block_503/1, 
 	 essl_block_503/1, 
 
 	 pssl_block_disturbing_active/1, 
-	 ossl_block_disturbing_active/1, 
 	 essl_block_disturbing_active/1, 
 
 	 pssl_block_non_disturbing_active/1, 
-	 ossl_block_non_disturbing_active/1, 
 	 essl_block_non_disturbing_active/1, 
 
 	 pssl_block_disturbing_active_timeout_not_released/1, 
-	 ossl_block_disturbing_active_timeout_not_released/1, 
 	 essl_block_disturbing_active_timeout_not_released/1, 
 
 	 pssl_block_disturbing_active_timeout_released/1, 
-	 ossl_block_disturbing_active_timeout_released/1, 
 	 essl_block_disturbing_active_timeout_released/1, 
 
 	 pssl_block_non_disturbing_active_timeout_not_released/1, 
-	 ossl_block_non_disturbing_active_timeout_not_released/1, 
 	 essl_block_non_disturbing_active_timeout_not_released/1, 
 	 
 	 pssl_block_non_disturbing_active_timeout_released/1, 
-	 ossl_block_non_disturbing_active_timeout_released/1, 
 	 essl_block_non_disturbing_active_timeout_released/1, 
 
 	 pssl_block_disturbing_blocker_dies/1, 
-	 ossl_block_disturbing_blocker_dies/1, 
 	 essl_block_disturbing_blocker_dies/1, 
 
 	 pssl_block_non_disturbing_blocker_dies/1, 
-	 ossl_block_non_disturbing_blocker_dies/1, 
 	 essl_block_non_disturbing_blocker_dies/1
 	]).
 
@@ -272,8 +241,7 @@ groups() ->
        ip_block_non_disturbing_active_timeout_released,
        ip_block_disturbing_blocker_dies,
        ip_block_non_disturbing_blocker_dies]},
-     {ssl, [],
-      [{group, pssl}, {group, ossl}, {group, essl}]},
+     {ssl, [], [{group, pssl}, {group, essl}]},
      {pssl, [],
       [pssl_mod_alias, pssl_mod_actions, pssl_mod_security,
        pssl_mod_auth, pssl_mod_auth_api,
@@ -293,25 +261,6 @@ groups() ->
        pssl_block_non_disturbing_active_timeout_released,
        pssl_block_disturbing_blocker_dies,
        pssl_block_non_disturbing_blocker_dies]},
-     {ossl, [],
-      [ossl_mod_alias, ossl_mod_actions, ossl_mod_security,
-       ossl_mod_auth, ossl_mod_auth_api,
-       ossl_mod_auth_mnesia_api, ossl_mod_htaccess,
-       ossl_mod_cgi, ossl_mod_esi, ossl_mod_get, ossl_mod_head,
-       ossl_mod_all, ossl_load_light, ossl_load_medium,
-       ossl_load_heavy, ossl_dos_hostname, ossl_time_test,
-       ossl_restart_no_block, ossl_restart_disturbing_block,
-       ossl_restart_non_disturbing_block,
-       ossl_block_disturbing_idle,
-       ossl_block_non_disturbing_idle, ossl_block_503,
-       ossl_block_disturbing_active,
-       ossl_block_non_disturbing_active,
-       ossl_block_disturbing_active_timeout_not_released,
-       ossl_block_disturbing_active_timeout_released,
-       ossl_block_non_disturbing_active_timeout_not_released,
-       ossl_block_non_disturbing_active_timeout_released,
-       ossl_block_disturbing_blocker_dies,
-       ossl_block_non_disturbing_blocker_dies]},
      {essl, [],
       [essl_mod_alias, essl_mod_actions, essl_mod_security,
        essl_mod_auth, essl_mod_auth_api,
@@ -493,7 +442,6 @@ init_per_testcase2(Case, Config) ->
 	    [X, $s, $s, $l | _] ->
 		case X of
 		    $p -> ssl;
-		    $o -> ossl;
 		    $e -> essl
 		end;
 	    _ ->
@@ -549,6 +497,7 @@ init_per_testcase2(Case, Config) ->
 		    _ ->
 			NewConfig
 		end;
+
 	    _ ->
 		NewConfig
 	end,
@@ -580,7 +529,7 @@ init_per_testcase3(Case, Config) ->
     application:stop(ssl),
     cleanup_mnesia(),
 
-    %% Set trace
+    %% Set trace level
     case lists:reverse(atom_to_list(Case)) of
 	"tset_emit" ++ _Rest -> % test-cases ending with time_test
 	    io:format(user, "~w:init_per_testcase3(~w) -> disabling trace", 
@@ -633,10 +582,10 @@ init_per_testcase3(Case, Config) ->
 		Rest;
 
 	    [X, $s, $s, $l, $_, $m, $o, $d, $_, $h, $t, $a, $c, $c, $e, $s, $s] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]),		
 		SslTag = 
 		    case X of
-			$p -> ssl;  % plain
-			$o -> ossl; % OpenSSL based ssl
+			$p -> ssl;  % Plain
 			$e -> essl  % Erlang based ssl
 		    end,
 		case inets_test_lib:start_http_server_ssl(
@@ -650,10 +599,10 @@ init_per_testcase3(Case, Config) ->
 			{skip, "SSL does not seem to be supported"}
 		end;
 	    [X, $s, $s, $l, $_ | Rest] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]),		
 		SslTag = 
 		    case X of
 			$p -> ssl;
-			$o -> ossl;
 			$e -> essl
 		    end,
 		case inets_test_lib:start_http_server_ssl(
@@ -733,36 +682,6 @@ end_per_testcase2(Case, Config) ->
 %%-------------------------------------------------------------------------
 
 %%-------------------------------------------------------------------------
-
-
-
-
-
-
-%%-------------------------------------------------------------------------
-http_1_1_ip(doc) ->
-    ["HTTP/1.1"];
-http_1_1_ip(suite) ->
-    [
-     ip_host, 
-     ip_chunked, 
-     ip_expect, 
-     ip_range, 
-     ip_if_test, 
-     ip_http_trace,
-     ip_http1_1_head, 
-     ip_mod_cgi_chunked_encoding_test
-    ].
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
 ip_mod_alias(doc) -> 
     ["Module test: mod_alias"];
 ip_mod_alias(suite) -> 
@@ -771,6 +690,7 @@ ip_mod_alias(Config) when is_list(Config) ->
     httpd_mod:alias(ip_comm, ?IP_PORT, 
 		    ?config(host, Config), ?config(node, Config)),
     ok.
+
 %%-------------------------------------------------------------------------
 ip_mod_actions(doc) -> 
     ["Module test: mod_actions"];
@@ -780,6 +700,7 @@ ip_mod_actions(Config) when is_list(Config) ->
     httpd_mod:actions(ip_comm, ?IP_PORT, 
 		      ?config(host, Config), ?config(node, Config)),
     ok.
+
 %%-------------------------------------------------------------------------
 ip_mod_security(doc) -> 
     ["Module test: mod_security"];
@@ -1171,13 +1092,6 @@ pssl_mod_alias(suite) ->
 pssl_mod_alias(Config) when is_list(Config) ->
     ssl_mod_alias(ssl, Config).
 
-ossl_mod_alias(doc) -> 
-    ["Module test: mod_alias - using new of configure old SSL"];
-ossl_mod_alias(suite) -> 
-    [];
-ossl_mod_alias(Config) when is_list(Config) ->
-    ssl_mod_alias(ossl, Config).
-
 essl_mod_alias(doc) -> 
     ["Module test: mod_alias - using new of configure new SSL"];
 essl_mod_alias(suite) -> 
@@ -1201,13 +1115,6 @@ pssl_mod_actions(suite) ->
 pssl_mod_actions(Config) when is_list(Config) ->
     ssl_mod_actions(ssl, Config).
 
-ossl_mod_actions(doc) -> 
-    ["Module test: mod_actions - using new of configure old SSL"];
-ossl_mod_actions(suite) -> 
-    [];
-ossl_mod_actions(Config) when is_list(Config) ->
-    ssl_mod_actions(ossl, Config).
-
 essl_mod_actions(doc) -> 
     ["Module test: mod_actions - using new of configure new SSL"];
 essl_mod_actions(suite) -> 
@@ -1233,13 +1140,6 @@ pssl_mod_security(suite) ->
 pssl_mod_security(Config) when is_list(Config) ->
     ssl_mod_security(ssl, Config).
 
-ossl_mod_security(doc) -> 
-    ["Module test: mod_security - using new of configure old SSL"];
-ossl_mod_security(suite) -> 
-    [];
-ossl_mod_security(Config) when is_list(Config) ->
-    ssl_mod_security(ossl, Config).
-
 essl_mod_security(doc) -> 
     ["Module test: mod_security - using new of configure new SSL"];
 essl_mod_security(suite) -> 
@@ -1266,13 +1166,6 @@ pssl_mod_auth(suite) ->
 pssl_mod_auth(Config) when is_list(Config) ->
     ssl_mod_auth(ssl, Config).
 
-ossl_mod_auth(doc) -> 
-    ["Module test: mod_auth - using new of configure old SSL"];
-ossl_mod_auth(suite) -> 
-    [];
-ossl_mod_auth(Config) when is_list(Config) ->
-    ssl_mod_auth(ossl, Config).
-
 essl_mod_auth(doc) -> 
     ["Module test: mod_auth - using new of configure new SSL"];
 essl_mod_auth(suite) -> 
@@ -1297,13 +1190,6 @@ pssl_mod_auth_api(suite) ->
 pssl_mod_auth_api(Config) when is_list(Config) ->
     ssl_mod_auth_api(ssl, Config).
 
-ossl_mod_auth_api(doc) -> 
-    ["Module test: mod_auth - using new of configure old SSL"];
-ossl_mod_auth_api(suite) -> 
-    [];
-ossl_mod_auth_api(Config) when is_list(Config) ->
-    ssl_mod_auth_api(ossl, Config).
-
 essl_mod_auth_api(doc) -> 
     ["Module test: mod_auth - using new of configure new SSL"];
 essl_mod_auth_api(suite) -> 
@@ -1330,13 +1216,6 @@ pssl_mod_auth_mnesia_api(suite) ->
 pssl_mod_auth_mnesia_api(Config) when is_list(Config) ->
     ssl_mod_auth_mnesia_api(ssl, Config).
 
-ossl_mod_auth_mnesia_api(doc) -> 
-    ["Module test: mod_auth_mnesia_api - using new of configure old SSL"];
-ossl_mod_auth_mnesia_api(suite) -> 
-    [];
-ossl_mod_auth_mnesia_api(Config) when is_list(Config) ->
-    ssl_mod_auth_mnesia_api(ossl, Config).
-
 essl_mod_auth_mnesia_api(doc) -> 
     ["Module test: mod_auth_mnesia_api - using new of configure new SSL"];
 essl_mod_auth_mnesia_api(suite) -> 
@@ -1361,13 +1240,6 @@ pssl_mod_htaccess(suite) ->
 pssl_mod_htaccess(Config) when is_list(Config) ->
     ssl_mod_htaccess(ssl, Config).
 
-ossl_mod_htaccess(doc) -> 
-    ["Module test: mod_htaccess - using new of configure old SSL"];
-ossl_mod_htaccess(suite) -> 
-    [];
-ossl_mod_htaccess(Config) when is_list(Config) ->
-    ssl_mod_htaccess(ossl, Config).
-
 essl_mod_htaccess(doc) -> 
     ["Module test: mod_htaccess - using new of configure new SSL"];
 essl_mod_htaccess(suite) -> 
@@ -1392,13 +1264,6 @@ pssl_mod_cgi(suite) ->
 pssl_mod_cgi(Config) when is_list(Config) ->
     ssl_mod_cgi(ssl, Config).
 
-ossl_mod_cgi(doc) ->
-    ["Module test: mod_cgi - using new of configure old SSL"];
-ossl_mod_cgi(suite) ->
-    [];
-ossl_mod_cgi(Config) when is_list(Config) ->
-    ssl_mod_cgi(ossl, Config).
-
 essl_mod_cgi(doc) ->
     ["Module test: mod_cgi - using new of configure new SSL"];
 essl_mod_cgi(suite) ->
@@ -1428,13 +1293,6 @@ pssl_mod_esi(suite) ->
 pssl_mod_esi(Config) when is_list(Config) ->
     ssl_mod_esi(ssl, Config).
 
-ossl_mod_esi(doc) ->
-    ["Module test: mod_esi - using new of configure old SSL"];
-ossl_mod_esi(suite) ->
-    [];
-ossl_mod_esi(Config) when is_list(Config) ->
-    ssl_mod_esi(ossl, Config).
-
 essl_mod_esi(doc) ->
     ["Module test: mod_esi - using new of configure new SSL"];
 essl_mod_esi(suite) ->
@@ -1459,13 +1317,6 @@ pssl_mod_get(suite) ->
 pssl_mod_get(Config) when is_list(Config) ->
     ssl_mod_get(ssl, Config).
 
-ossl_mod_get(doc) ->
-    ["Module test: mod_get - using new of configure old SSL"];
-ossl_mod_get(suite) ->
-    [];
-ossl_mod_get(Config) when is_list(Config) ->
-    ssl_mod_get(ossl, Config).
-
 essl_mod_get(doc) ->
     ["Module test: mod_get - using new of configure new SSL"];
 essl_mod_get(suite) ->
@@ -1490,13 +1341,6 @@ pssl_mod_head(suite) ->
 pssl_mod_head(Config) when is_list(Config) ->
     ssl_mod_head(ssl, Config).
 
-ossl_mod_head(doc) ->
-    ["Module test: mod_head - using new of configure old SSL"];
-ossl_mod_head(suite) ->
-    [];
-ossl_mod_head(Config) when is_list(Config) ->
-    ssl_mod_head(ossl, Config).
-
 essl_mod_head(doc) ->
     ["Module test: mod_head - using new of configure new SSL"];
 essl_mod_head(suite) ->
@@ -1521,13 +1365,6 @@ pssl_mod_all(suite) ->
 pssl_mod_all(Config) when is_list(Config) ->
     ssl_mod_all(ssl, Config).
 
-ossl_mod_all(doc) ->
-    ["All modules test - using new of configure old SSL"];
-ossl_mod_all(suite) ->
-    [];
-ossl_mod_all(Config) when is_list(Config) ->
-    ssl_mod_all(ossl, Config).
-
 essl_mod_all(doc) ->
     ["All modules test - using new of configure new SSL"];
 essl_mod_all(suite) ->
@@ -1552,13 +1389,6 @@ pssl_load_light(suite) ->
 pssl_load_light(Config) when is_list(Config) ->
     ssl_load_light(ssl, Config).
 
-ossl_load_light(doc) ->
-    ["Test light load - using new of configure old SSL"];
-ossl_load_light(suite) ->
-    [];
-ossl_load_light(Config) when is_list(Config) ->
-    ssl_load_light(ossl, Config).
-
 essl_load_light(doc) ->
     ["Test light load - using new of configure new SSL"];
 essl_load_light(suite) ->
@@ -1584,13 +1414,6 @@ pssl_load_medium(suite) ->
 pssl_load_medium(Config) when is_list(Config) ->
     ssl_load_medium(ssl, Config).
 
-ossl_load_medium(doc) ->
-    ["Test medium load - using new of configure old SSL"];
-ossl_load_medium(suite) ->
-    [];
-ossl_load_medium(Config) when is_list(Config) ->
-    ssl_load_medium(ossl, Config).
-
 essl_load_medium(doc) ->
     ["Test medium load - using new of configure new SSL"];
 essl_load_medium(suite) ->
@@ -1622,13 +1445,6 @@ pssl_load_heavy(suite) ->
 pssl_load_heavy(Config) when is_list(Config) ->
     ssl_load_heavy(ssl, Config).
 
-ossl_load_heavy(doc) ->
-    ["Test heavy load - using new of configure old SSL"];
-ossl_load_heavy(suite) ->
-    [];
-ossl_load_heavy(Config) when is_list(Config) ->
-    ssl_load_heavy(ossl, Config).
-
 essl_load_heavy(doc) ->
     ["Test heavy load - using new of configure new SSL"];
 essl_load_heavy(suite) ->
@@ -1660,13 +1476,6 @@ pssl_dos_hostname(suite) ->
 pssl_dos_hostname(Config) when is_list(Config) ->
     ssl_dos_hostname(ssl, Config).
 
-ossl_dos_hostname(doc) ->
-    ["Denial Of Service (DOS) attack test case - using new of configure old SSL"];
-ossl_dos_hostname(suite) ->
-    [];
-ossl_dos_hostname(Config) when is_list(Config) ->
-    ssl_dos_hostname(ossl, Config).
-
 essl_dos_hostname(doc) ->
     ["Denial Of Service (DOS) attack test case - using new of configure new SSL"];
 essl_dos_hostname(suite) ->
@@ -1692,13 +1501,6 @@ pssl_time_test(suite) ->
 pssl_time_test(Config) when is_list(Config) ->
     ssl_time_test(ssl, Config).
 
-ossl_time_test(doc) ->
-    ["using new of configure old SSL"];
-ossl_time_test(suite) ->
-    [];
-ossl_time_test(Config) when is_list(Config) ->
-    ssl_time_test(ossl, Config).
-
 essl_time_test(doc) ->
     ["using new of configure new SSL"];
 essl_time_test(suite) ->
@@ -1738,14 +1540,6 @@ pssl_block_503(suite) ->
 pssl_block_503(Config) when is_list(Config) ->
     ssl_block_503(ssl, Config).
 
-ossl_block_503(doc) ->
-    ["Check that you will receive status code 503 when the server"
-     " is blocked and 200 when its not blocked - using new of configure old SSL."];
-ossl_block_503(suite) ->
-    [];
-ossl_block_503(Config) when is_list(Config) ->
-    ssl_block_503(ossl, Config).
-
 essl_block_503(doc) ->
     ["Check that you will receive status code 503 when the server"
      " is blocked and 200 when its not blocked - using new of configure new SSL."];
@@ -1773,15 +1567,6 @@ pssl_block_disturbing_idle(suite) ->
 pssl_block_disturbing_idle(Config) when is_list(Config) ->
     ssl_block_disturbing_idle(ssl, Config).
 
-ossl_block_disturbing_idle(doc) ->
-    ["Check that you can block/unblock an idle server. The strategy " 
-     "distribing does not really make a difference in this case." 
-     "Using new of configure old SSL"];
-ossl_block_disturbing_idle(suite) ->
-    [];
-ossl_block_disturbing_idle(Config) when is_list(Config) ->
-    ssl_block_disturbing_idle(ossl, Config).
-
 essl_block_disturbing_idle(doc) ->
     ["Check that you can block/unblock an idle server. The strategy " 
      "distribing does not really make a difference in this case." 
@@ -1810,15 +1595,6 @@ pssl_block_non_disturbing_idle(suite) ->
 pssl_block_non_disturbing_idle(Config) when is_list(Config) ->
     ssl_block_non_disturbing_idle(ssl, Config).
 
-ossl_block_non_disturbing_idle(doc) ->
-    ["Check that you can block/unblock an idle server. The strategy " 
-     "non distribing does not really make a difference in this case." 
-     "Using new of configure old SSL"];
-ossl_block_non_disturbing_idle(suite) ->
-    [];
-ossl_block_non_disturbing_idle(Config) when is_list(Config) ->
-    ssl_block_non_disturbing_idle(ossl, Config).
-
 essl_block_non_disturbing_idle(doc) ->
     ["Check that you can block/unblock an idle server. The strategy " 
      "non distribing does not really make a difference in this case." 
@@ -1847,15 +1623,6 @@ pssl_block_disturbing_active(suite) ->
 pssl_block_disturbing_active(Config) when is_list(Config) ->
     ssl_block_disturbing_active(ssl, Config).
 
-ossl_block_disturbing_active(doc) ->
-    ["Check that you can block/unblock an active server. The strategy " 
-     "distribing means ongoing requests should be terminated." 
-     "Using new of configure old SSL"];
-ossl_block_disturbing_active(suite) ->
-    [];
-ossl_block_disturbing_active(Config) when is_list(Config) ->
-    ssl_block_disturbing_active(ossl, Config).
-
 essl_block_disturbing_active(doc) ->
     ["Check that you can block/unblock an active server. The strategy " 
      "distribing means ongoing requests should be terminated." 
@@ -1884,15 +1651,6 @@ pssl_block_non_disturbing_active(suite) ->
 pssl_block_non_disturbing_active(Config) when is_list(Config) ->
     ssl_block_non_disturbing_active(ssl, Config).
 
-ossl_block_non_disturbing_active(doc) ->
-    ["Check that you can block/unblock an idle server. The strategy " 
-     "non distribing means the ongoing requests should be compleated." 
-     "Using new of configure old SSL"];
-ossl_block_non_disturbing_active(suite) ->
-    [];
-ossl_block_non_disturbing_active(Config) when is_list(Config) ->
-    ssl_block_non_disturbing_active(ossl, Config).
-
 essl_block_non_disturbing_active(doc) ->
     ["Check that you can block/unblock an idle server. The strategy " 
      "non distribing means the ongoing requests should be compleated." 
@@ -1923,17 +1681,6 @@ pssl_block_disturbing_active_timeout_not_released(Config)
   when is_list(Config) ->
     ssl_block_disturbing_active_timeout_not_released(ssl, Config).
 
-ossl_block_disturbing_active_timeout_not_released(doc) ->
-    ["Check that you can block an active server. The strategy " 
-     "distribing means ongoing requests should be compleated"
-     "if the timeout does not occur." 
-    "Using new of configure old SSL"];
-ossl_block_disturbing_active_timeout_not_released(suite) ->
-    [];
-ossl_block_disturbing_active_timeout_not_released(Config) 
-  when is_list(Config) ->
-    ssl_block_disturbing_active_timeout_not_released(ossl, Config).
-
 essl_block_disturbing_active_timeout_not_released(doc) ->
     ["Check that you can block an active server. The strategy " 
      "distribing means ongoing requests should be compleated"
@@ -1967,17 +1714,6 @@ pssl_block_disturbing_active_timeout_released(Config)
   when is_list(Config) ->
     ssl_block_disturbing_active_timeout_released(ssl, Config).
 
-ossl_block_disturbing_active_timeout_released(doc) ->
-    ["Check that you can block an active server. The strategy " 
-     "distribing means ongoing requests should be terminated when"
-     "the timeout occurs." 
-    "Using new of configure old SSL"];
-ossl_block_disturbing_active_timeout_released(suite) ->
-    [];
-ossl_block_disturbing_active_timeout_released(Config) 
-  when is_list(Config) ->
-    ssl_block_disturbing_active_timeout_released(ossl, Config).
-
 essl_block_disturbing_active_timeout_released(doc) ->
     ["Check that you can block an active server. The strategy " 
      "distribing means ongoing requests should be terminated when"
@@ -2012,16 +1748,6 @@ pssl_block_non_disturbing_active_timeout_not_released(Config)
   when is_list(Config) ->
     ssl_block_non_disturbing_active_timeout_not_released(ssl, Config).
 
-ossl_block_non_disturbing_active_timeout_not_released(doc) ->
-    ["Check that you can block an active server. The strategy " 
-     "non non distribing means ongoing requests should be completed." 
-    "Using new of configure old SSL"];
-ossl_block_non_disturbing_active_timeout_not_released(suite) ->
-    [];
-ossl_block_non_disturbing_active_timeout_not_released(Config)
-  when is_list(Config) ->
-    ssl_block_non_disturbing_active_timeout_not_released(ossl, Config).
-
 essl_block_non_disturbing_active_timeout_not_released(doc) ->
     ["Check that you can block an active server. The strategy " 
      "non non distribing means ongoing requests should be completed." 
@@ -2056,17 +1782,6 @@ pssl_block_non_disturbing_active_timeout_released(Config)
   when is_list(Config) ->
     ssl_block_non_disturbing_active_timeout_released(ssl, Config).
 
-ossl_block_non_disturbing_active_timeout_released(doc) ->
-    ["Check that you can block an active server. The strategy " 
-     "non distribing means ongoing requests should be completed. "
-     "When the timeout occurs the block operation sohould be canceled." 
-     "Using new of configure old SSL"];
-ossl_block_non_disturbing_active_timeout_released(suite) ->
-    [];
-ossl_block_non_disturbing_active_timeout_released(Config)
-  when is_list(Config) ->
-    ssl_block_non_disturbing_active_timeout_released(ossl, Config).
-
 essl_block_non_disturbing_active_timeout_released(doc) ->
     ["Check that you can block an active server. The strategy " 
      "non distribing means ongoing requests should be completed. "
@@ -2100,13 +1815,6 @@ pssl_block_disturbing_blocker_dies(suite) ->
 pssl_block_disturbing_blocker_dies(Config) when is_list(Config) ->
     ssl_block_disturbing_blocker_dies(ssl, Config).
 
-ossl_block_disturbing_blocker_dies(doc) ->
-    ["using new of configure old SSL"];
-ossl_block_disturbing_blocker_dies(suite) ->
-    [];
-ossl_block_disturbing_blocker_dies(Config) when is_list(Config) ->
-    ssl_block_disturbing_blocker_dies(ossl, Config).
-
 essl_block_disturbing_blocker_dies(doc) ->
     ["using new of configure new SSL"];
 essl_block_disturbing_blocker_dies(suite) ->
@@ -2131,13 +1839,6 @@ pssl_block_non_disturbing_blocker_dies(suite) ->
 pssl_block_non_disturbing_blocker_dies(Config) when is_list(Config) ->
     ssl_block_non_disturbing_blocker_dies(ssl, Config).
 
-ossl_block_non_disturbing_blocker_dies(doc) ->
-    ["using new of configure old SSL"];
-ossl_block_non_disturbing_blocker_dies(suite) ->
-    [];
-ossl_block_non_disturbing_blocker_dies(Config) when is_list(Config) ->
-    ssl_block_non_disturbing_blocker_dies(ossl, Config).
-
 essl_block_non_disturbing_blocker_dies(doc) ->
     ["using new of configure new SSL"];
 essl_block_non_disturbing_blocker_dies(suite) ->
@@ -2162,13 +1863,6 @@ pssl_restart_no_block(suite) ->
 pssl_restart_no_block(Config) when is_list(Config) ->
     ssl_restart_no_block(ssl, Config).
 
-ossl_restart_no_block(doc) ->
-    ["using new of configure old SSL"];
-ossl_restart_no_block(suite) ->
-    [];
-ossl_restart_no_block(Config) when is_list(Config) ->
-    ssl_restart_no_block(ossl, Config).
-
 essl_restart_no_block(doc) ->
     ["using new of configure new SSL"];
 essl_restart_no_block(suite) ->
@@ -2193,13 +1887,6 @@ pssl_restart_disturbing_block(suite) ->
 pssl_restart_disturbing_block(Config) when is_list(Config) ->
     ssl_restart_disturbing_block(ssl, Config).
 
-ossl_restart_disturbing_block(doc) ->
-    ["using new of configure old SSL"];
-ossl_restart_disturbing_block(suite) ->
-    [];
-ossl_restart_disturbing_block(Config) when is_list(Config) ->
-    ssl_restart_disturbing_block(ossl, Config).
-
 essl_restart_disturbing_block(doc) ->
     ["using new of configure new SSL"];
 essl_restart_disturbing_block(suite) ->
@@ -2257,13 +1944,6 @@ pssl_restart_non_disturbing_block(suite) ->
 pssl_restart_non_disturbing_block(Config) when is_list(Config) ->
     ssl_restart_non_disturbing_block(ssl, Config).
 
-ossl_restart_non_disturbing_block(doc) ->
-    ["using new of configure old SSL"];
-ossl_restart_non_disturbing_block(suite) ->
-    [];
-ossl_restart_non_disturbing_block(Config) when is_list(Config) ->
-    ssl_restart_non_disturbing_block(ossl, Config).
-
 essl_restart_non_disturbing_block(doc) ->
     ["using new of configure new SSL"];
 essl_restart_non_disturbing_block(suite) ->
@@ -2547,6 +2227,7 @@ ticket_5865(doc) ->
 ticket_5865(suite) ->
     [];
 ticket_5865(Config) ->
+    ?SKIP(as_of_r15_behaviour_of_calendar_has_changed),
     Host = ?config(host,Config),
     ServerRoot = ?config(server_root, Config), 
     DocRoot = filename:join([ServerRoot, "htdocs"]),
@@ -2659,7 +2340,6 @@ create_config(Config, Access, FileName) ->
     SSL =
 	if
 	    (Type =:= ssl)  orelse 
-	    (Type =:= ossl) orelse 
 	    (Type =:= essl) ->
 		[cline(["SSLCertificateFile ", 
 			filename:join(ServerRoot, "ssl/ssl_server.pem")]),
@@ -3054,7 +2734,6 @@ create_ipv6_config(Config, FileName, Ipv6Address) ->
     SSL =
 	if
 	    (SockType =:= ssl)  orelse 
-	    (SockType =:= ossl) orelse 
 	    (SockType =:= essl) ->
 		[cline(["SSLCertificateFile ", 
 			filename:join(ServerRoot, "ssl/ssl_server.pem")]),
diff --git a/lib/inets/test/httpd_test_lib.erl b/lib/inets/test/httpd_test_lib.erl
index 1c7bb512cc..2f5867559a 100644
--- a/lib/inets/test/httpd_test_lib.erl
+++ b/lib/inets/test/httpd_test_lib.erl
@@ -80,14 +80,18 @@
 %% API
 %%------------------------------------------------------------------
 verify_request(SocketType, Host, Port, Node, RequestStr, Options) ->
-    verify_request(SocketType, Host, Port, Node, RequestStr, Options, 30000).
+    verify_request(SocketType, Host, Port, Node, RequestStr, 
+		   Options, 30000).
 verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options) 
   when is_list(TranspOpts) ->
-    verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options, 30000);
+    verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, 
+		   Options, 30000);
 verify_request(SocketType, Host, Port, Node, RequestStr, Options, TimeOut) 
   when (is_integer(TimeOut) orelse (TimeOut =:= infinity)) ->
-    verify_request(SocketType, Host, Port, [], Node, RequestStr, Options, TimeOut).
-verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options, TimeOut) ->
+    verify_request(SocketType, Host, Port, [], Node, RequestStr, 
+		   Options, TimeOut).
+verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, 
+	       Options, TimeOut) ->
     tsp("verify_request -> entry with"
 	"~n   SocketType: ~p"
 	"~n   Host:       ~p"
@@ -259,10 +263,10 @@ validate(RequestStr, #state{status_line = {Version, StatusCode, _},
 			    headers     = Headers, 
 			    body        = Body}, Options, N, P) ->
     
-    %% tsp("validate -> entry with"
-    %% 	"~n   StatusCode: ~p"
-    %% 	"~n   Headers:    ~p"
-    %% 	"~n   Body:       ~p", [StatusCode, Headers, Body]),
+    tsp("validate -> entry with"
+     	"~n   StatusCode: ~p"
+	"~n   Headers:    ~p"
+	"~n   Body:       ~p", [StatusCode, Headers, Body]),
 
     check_version(Version, Options),
     case lists:keysearch(statuscode, 1, Options) of
@@ -320,9 +324,9 @@ do_validate(Header, [{header, HeaderField}|Rest], N, P) ->
 	{value, {LowerHeaderField, _Value}} ->
 	    ok;
 	false ->
-	    test_server:fail({missing_header_field, LowerHeaderField, Header});
+	    tsf({missing_header_field, LowerHeaderField, Header});
 	_ ->
-	    test_server:fail({missing_header_field, LowerHeaderField, Header})
+	    tsf({missing_header_field, LowerHeaderField, Header})
     end,
     do_validate(Header, Rest, N, P);
 do_validate(Header, [{header, HeaderField, Value}|Rest],N,P) ->
@@ -331,18 +335,15 @@ do_validate(Header, [{header, HeaderField, Value}|Rest],N,P) ->
 	{value, {LowerHeaderField, Value}} ->
 	    ok;
 	false ->
-	    test_server:fail({wrong_header_field_value, LowerHeaderField, 
-			      Header});
+	    tsf({wrong_header_field_value, LowerHeaderField, Header});
 	_ ->
-	    test_server:fail({wrong_header_field_value, LowerHeaderField, 
-			      Header})
+	    tsf({wrong_header_field_value, LowerHeaderField, Header})
     end,
     do_validate(Header, Rest, N, P);
 do_validate(Header,[{no_last_modified, HeaderField}|Rest],N,P) ->
     case lists:keysearch(HeaderField,1,Header) of
 	{value,_} ->
-	    test_server:fail({wrong_header_field_value, HeaderField, 
-			      Header});
+	    tsf({wrong_header_field_value, HeaderField, Header});
 	_ ->
 	    ok
     end,
diff --git a/lib/inets/test/httpd_time_test.erl b/lib/inets/test/httpd_time_test.erl
index f39f9faff0..0bb457f9b9 100644
--- a/lib/inets/test/httpd_time_test.erl
+++ b/lib/inets/test/httpd_time_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -19,7 +19,7 @@
 %%
 -module(httpd_time_test).
 
--export([t/3, t1/2, t2/2, t3/2, t4/2]).
+-export([t/3, t1/2, t2/2, t4/2]).
 
 -export([do/1, do/2, do/3, do/4, do/5]).
 
@@ -45,10 +45,6 @@ t2(Host, Port) ->
     t(ssl, Host, Port).
 
 
-t3(Host, Port) ->
-    t(ossl, Host, Port).
-
-
 t4(Host, Port) ->
     t(essl, Host, Port).
 
@@ -337,51 +333,82 @@ poll(Error, _SocketType, _URI, _ExpRes) ->
     exit({failed_creating_socket, Error}).
 
 await_poll_response(ok, SocketType, Socket, ExpStatusCode) ->
+    await_poll_response2(SocketType, Socket, ExpStatusCode, []);
+await_poll_response(Error, _SocketType, _Socket, _ExpStatusCode) ->
+    exit(Error).
+
+%% The reply *can* be split into two messages (this is a 
+%% result of OTP-9757 for ssl), so we read them all until 
+%% the sockets closes, then we analyze the response.
+await_poll_response2(SocketType, Socket, ExpStatusCode, Data) ->
     receive 
 	%% SSL receives
-	{ssl, Socket, Data} ->
-            validate(ExpStatusCode, SocketType, Socket, Data);
-	{ssl_closed, Socket} ->
-	    exit(connection_closed);
+	{ssl, Socket, NewData} ->
+	    d("await_poll_response2 -> "
+	      "received part (~w bytes) of the response", [sz(NewData)]),
+            await_poll_response2(SocketType, Socket, ExpStatusCode, 
+				 [NewData | Data]);
+	{ssl_closed, Socket} -> 
+	    %% We are done or we failed
+	    d("await_poll_response2 -> "
+	      "we are done after receiving ~w bytes data", [sz(Data)]),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)));
 	{ssl_error, Socket, Error} ->
 	    exit({connection_error, Error});
 
 	%% TCP receives
-        {tcp, Socket, Response} ->
-            validate(ExpStatusCode, SocketType, Socket, Response);
+        {tcp, Socket, NewData} ->
+	    d("await_poll_response2 -> "
+	      "received part (~w bytes) of the response", [sz(NewData)]),
+            await_poll_response2(SocketType, Socket, ExpStatusCode, 
+				 [NewData | Data]);
         {tcp_closed, Socket} ->
-            exit(connection_closed);
+	    %% We are done or we failed
+	    d("await_poll_response2 -> "
+	      "we are done after receiving ~w bytes data", [sz(Data)]),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)));
 	{tcp_error, Socket, Error} ->
 	    exit({connection_error, Error})
 
     after 10000 ->
-            exit(response_timed_out)
-    end;
-await_poll_response(Error, _SocketType, _Socket, _ExpStatusCode) ->
-    exit(Error).
-
+	    d("we timed out while waiting for response, "
+	      "validate whatever we got so far"),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)))
+	    %% exit(response_timed_out)
+    end.
 
-validate(ExpStatusCode, SocketType, Socket, Response) ->
-    Sz = sz(Response),
-    trash_the_rest(Socket, Sz),
-    inets_test_lib:close(SocketType, Socket),
+validate(ExpStatusCode, _SocketType, _Socket, Response) ->
+    %% Sz = sz(Response),
+    %% trash_the_rest(Socket, Sz),
+    %% inets_test_lib:close(SocketType, Socket),
     case inets_regexp:split(Response," ") of
-        {ok,["HTTP/1.0", ExpStatusCode|_]} ->
+        {ok, ["HTTP/1.0", ExpStatusCode|_]} ->
             ok;
-        {ok,["HTTP/1.0", StatusCode|_]} -> 
+        {ok, ["HTTP/1.0", StatusCode|_]} -> 
 	    error_msg("Unexpected status code: ~p (~s). "
 		      "Expected status code: ~p (~s)", 
 		      [StatusCode,    status_to_message(StatusCode),
 		       ExpStatusCode, status_to_message(ExpStatusCode)]),
             exit({unexpected_response_code, StatusCode, ExpStatusCode});
-	{ok,["HTTP/1.1", ExpStatusCode|_]} ->
+	{ok, ["HTTP/1.1", ExpStatusCode|_]} ->
             ok;
-        {ok,["HTTP/1.1", StatusCode|_]} -> 
+        {ok, ["HTTP/1.1", StatusCode|_]} -> 
 	    error_msg("Unexpected status code: ~p (~s). "
 		      "Expected status code: ~p (~s)", 
 		      [StatusCode,    status_to_message(StatusCode),
 		       ExpStatusCode, status_to_message(ExpStatusCode)]),
-            exit({unexpected_response_code, StatusCode, ExpStatusCode})
+            exit({unexpected_response_code, StatusCode, ExpStatusCode});
+        {ok, Unexpected} -> 
+	    error_msg("Unexpected response split: ~p (~s)", 
+		      [Unexpected, Response]),
+            exit({unexpected_response, Unexpected, Response});
+        {error, Reason} -> 
+	    error_msg("Failed processing response: ~p (~s)", 
+		      [Reason, Response]),
+            exit({failed_response_processing, Reason, Response})
     end.
 
 
diff --git a/lib/inets/test/inets_app_test.erl b/lib/inets/test/inets_app_test.erl
index 9d7202e087..db2218f3b6 100644
--- a/lib/inets/test/inets_app_test.erl
+++ b/lib/inets/test/inets_app_test.erl
@@ -45,8 +45,7 @@ end_per_testcase(_Case, Config) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 all() -> 
-    [fields, modules, exportall, app_depend,
-     undef_funcs].
+    [fields, modules, exportall, app_depend, undef_funcs].
 
 groups() -> 
     [].
@@ -243,18 +242,11 @@ undef_funcs(doc) ->
 undef_funcs(Config) when is_list(Config) ->
     %% We need to check if there is a point to run this test.
     %% On some platforms, crypto will not build, which in turn
-    %% causes ssl to not to not build (at this time, this will
+    %% causes ssl to not build (at this time, this will
     %% change in the future).
     %% So, we first check if we can start crypto, and if not, 
     %% we skip this test case!
-    case (catch crypto:start()) of
-	ok ->
-	    ok;
-	{error, {already_started, crypto}} ->
-	    ok;
-	_ ->
-	    ?SKIP(crypto_start_check_failed)
-    end, 
+    ?ENSURE_STARTED(crypto), 
     App            = inets,
     AppFile        = key1search(app_file, Config),
     Mods           = key1search(modules, AppFile),
@@ -266,7 +258,7 @@ undef_funcs(Config) when is_list(Config) ->
     ok             = xref:set_default(XRef, 
 				      [{verbose,false},{warnings,false}]),
     XRefName       = undef_funcs_make_name(App, xref_name),
-    {ok, XRefName} = xref:add_release(XRef, Root, {name,XRefName}),
+    {ok, XRefName} = xref:add_release(XRef, Root, {name, XRefName}),
     {ok, App}      = xref:replace_application(XRef, App, EbinDir),
     {ok, Undefs}   = xref:analyze(XRef, undefined_function_calls),
     xref:stop(XRef),
diff --git a/lib/inets/test/inets_test_lib.erl b/lib/inets/test/inets_test_lib.erl
index 2e19c41f16..bbed35e1f8 100644
--- a/lib/inets/test/inets_test_lib.erl
+++ b/lib/inets/test/inets_test_lib.erl
@@ -35,6 +35,7 @@
 -export([check_body/1]).
 -export([millis/0, millis_diff/2, hours/1, minutes/1, seconds/1, sleep/1]).
 -export([oscmd/1, has_ipv6_support/1]).
+-export([ensure_started/1]).
 -export([non_pc_tc_maybe_skip/4, os_based_skip/1, skip/3, fail/3]).
 -export([flush/0]).
 -export([start_node/1, stop_node/1]).
@@ -126,6 +127,37 @@ await_stopped(Node, N) ->
 
 
 %% ----------------------------------------------------------------
+%% Ensure apps are started
+%% This to ensure we dont attempt to run teatcases on platforms 
+%% where there is no working ssl app.
+
+ensure_started([]) ->
+    ok;
+ensure_started([App|Apps]) ->
+    ensure_started(App),
+    ensure_started(Apps);
+ensure_started(crypto = App) ->
+    %% We have to treat crypto in this special way because 
+    %% only this function ensures that the NIF lib is actually
+    %% loaded. And only by loading that lib can we know if it 
+    %% is even possible to run crypto.
+    do_ensure_started(App, fun() -> crypto:start() end);
+ensure_started(App) when is_atom(App) ->
+    do_ensure_started(App, fun() -> application:start(App) end).
+
+do_ensure_started(App, Start) when is_function(Start) ->
+    case (catch Start()) of
+	ok ->
+	    ok;
+	{error, {already_started, _}} ->
+	    ok;
+	Error ->
+	    throw({error, {failed_starting, App, Error}})
+    end.
+
+
+
+%% ----------------------------------------------------------------
 %% HTTPD starter functions
 %%
 
@@ -340,9 +372,6 @@ connect_bin(SockType, Host, Port) ->
 connect_bin(ssl, Host, Port, Opts0) ->
     Opts = [binary, {packet,0} | Opts0], 
     connect(ssl, Host, Port, Opts);
-connect_bin(ossl, Host, Port, Opts0) ->
-    Opts = [{ssl_imp, old}, binary, {packet,0} | Opts0], 
-    connect(ssl, Host, Port, Opts);
 connect_bin(essl, Host, Port, Opts0) ->
     Opts = [{ssl_imp, new}, binary, {packet,0}, {reuseaddr, true} | Opts0], 
     connect(ssl, Host, Port, Opts);
@@ -357,9 +386,6 @@ connect_byte(SockType, Host, Port) ->
 connect_byte(ssl, Host, Port, Opts0) ->
     Opts = [{packet,0} | Opts0], 
     connect(ssl, Host, Port, Opts);
-connect_byte(ossl, Host, Port, Opts0) ->
-    Opts = [{ssl_imp, old}, {packet,0} | Opts0], 
-    connect(ssl, Host, Port, Opts);
 connect_byte(essl, Host, Port, Opts0) ->
     Opts = [{ssl_imp, new}, {packet,0} | Opts0], 
     connect(ssl, Host, Port, Opts);
@@ -421,8 +447,6 @@ connect(ip_comm, Host, Port, Opts) ->
 
 send(ssl, Socket, Data) ->
     ssl:send(Socket, Data);
-send(ossl, Socket, Data) ->
-    ssl:send(Socket, Data);
 send(essl, Socket, Data) ->
     ssl:send(Socket, Data);
 send(ip_comm,Socket,Data) ->
@@ -431,8 +455,6 @@ send(ip_comm,Socket,Data) ->
 
 close(ssl,Socket) ->
     catch ssl:close(Socket);
-close(ossl,Socket) ->
-    catch ssl:close(Socket);
 close(essl,Socket) ->
     catch ssl:close(Socket);
 close(ip_comm,Socket) ->
diff --git a/lib/inets/test/inets_test_lib.hrl b/lib/inets/test/inets_test_lib.hrl
index 4dd81093a2..c578398c55 100644
--- a/lib/inets/test/inets_test_lib.hrl
+++ b/lib/inets/test/inets_test_lib.hrl
@@ -64,10 +64,11 @@
 
 %% - Misc macros -
 
--define(UPDATE(K,V,C),  inets_test_lib:update_config(K,V,C)).
--define(CONFIG(K,C),    inets_test_lib:get_config(K,C)).
--define(HOSTNAME(),     inets_test_lib:hostname()).
--define(SZ(X),          inets_test_lib:sz(X)).
+-define(ENSURE_STARTED(A), inets_test_lib:ensure_started(A)).
+-define(UPDATE(K,V,C),     inets_test_lib:update_config(K,V,C)).
+-define(CONFIG(K,C),       inets_test_lib:get_config(K,C)).
+-define(HOSTNAME(),        inets_test_lib:hostname()).
+-define(SZ(X),             inets_test_lib:sz(X)).
 
 
 %% - Test case macros - 
diff --git a/lib/inets/vsn.mk b/lib/inets/vsn.mk
index 50c7915cb2..77eb43a7ed 100644
--- a/lib/inets/vsn.mk
+++ b/lib/inets/vsn.mk
@@ -18,7 +18,7 @@
 # %CopyrightEnd%
 
 APPLICATION = inets
-INETS_VSN   = 5.7.3
+INETS_VSN   = 5.8.1
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(INETS_VSN)$(PRE_VSN)"
 
diff --git a/lib/inviso/doc/src/inviso.xml b/lib/inviso/doc/src/inviso.xml
index 44fe7a3a78..c0e2e8f0de 100644
--- a/lib/inviso/doc/src/inviso.xml
+++ b/lib/inviso/doc/src/inviso.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,6 +30,10 @@
   <module>inviso</module>
   <modulesummary>Main API Module to the Inviso Tracer</modulesummary>
   <description>
+    <warning>
+      <p>The <c>inviso</c> application is deprecated and will be
+      removed in the R16 release.</p>
+    </warning>
     <p>With the <c>inviso</c> API runtime components can be started and tracing managed across a network of distributed Erlang nodes, using a control component also started with <c>inviso</c> API functions.</p>
     <p>Inviso can be used both in a distributed environment and in a non-distributed. API functions not taking a list of nodes as argument works on all started runtime components. If it is the non-distributed case, that is the local runtime component. The API functions taking a list of nodes as argument, or as part of one of the arguments, can not be used in a non-distributed environment. Return values named <c>NodeResult</c> refers to return values from a single Erlang node, and will therefore be the return in the non-distributed environment.</p>
   </description>
diff --git a/lib/inviso/doc/src/inviso_chapter.xml b/lib/inviso/doc/src/inviso_chapter.xml
index 4480099c67..b69fb97586 100644
--- a/lib/inviso/doc/src/inviso_chapter.xml
+++ b/lib/inviso/doc/src/inviso_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,8 +30,12 @@
   </header>
 
   <section>
-    <title>Introduction</title>
     <p><em>inviso</em>: (Latin) to go to see, visit, inspect, look at.</p>
+    <warning>
+      <p>The <c>inviso</c> application is deprecated and will be
+      removed in the R16 release.</p>
+    </warning>
+    <title>Introduction</title>
     <p>The Inviso trace system consists of one or several runtime components supposed to run on each Erlang node doing tracing and one control component which can run on any node with available processor power. Inviso may also be part of a higher layer trace tool. See the inviso-tool as an example. The implementation is spread out over the Runtime_tools and the Inviso Erlang/OTP applications. Erlang modules necessary to run the runtime component are located in Runtime_tools and therefore assumed to be available on any node. Even though Inviso is introduced with Erlang/OTP R11B the runtime component implementation is done with backward compatibility in mind. Meaning that it is possible to compile and run it on older Erlang/OTP releases.</p>
     <image file="inviso_users_guide_pic1.gif">
       <icaption>Inviso Trace System Architecture Overview.</icaption>
diff --git a/lib/inviso/doc/src/make.dep b/lib/inviso/doc/src/make.dep
deleted file mode 100644
index 9459f74e6d..0000000000
--- a/lib/inviso/doc/src/make.dep
+++ /dev/null
@@ -1,27 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex inviso.tex inviso_as_lib.tex inviso_chapter.tex \
-		inviso_lfm.tex inviso_lfm_tpfreader.tex inviso_rt.tex \
-		inviso_rt_meta.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: inviso_users_guide_pic1.ps
-
diff --git a/lib/inviso/doc/src/notes.xml b/lib/inviso/doc/src/notes.xml
index 7c2c3c3bde..661284e786 100644
--- a/lib/inviso/doc/src/notes.xml
+++ b/lib/inviso/doc/src/notes.xml
@@ -31,7 +31,28 @@
   <p>This document describes the changes made to the Inviso application.</p>
 
 

-  <section><title>Inviso 0.6.2</title>
+  <section><title>Inviso 0.6.3</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>The <c>inviso</c> application has been deprecated and
+	    will be removed in the R16 release.</p>
+          <p>
+	    Own Id: OTP-9798</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Inviso 0.6.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/inviso/src/inviso.erl b/lib/inviso/src/inviso.erl
index 0eda06a5c2..07bdf3e649 100644
--- a/lib/inviso/src/inviso.erl
+++ b/lib/inviso/src/inviso.erl
@@ -25,6 +25,7 @@
 %% ------------------------------------------------------------------------------

 

 -module(inviso).

+-deprecated(module).
 

 %% ------------------------------------------------------------------------------

 %% Exported API functions.

diff --git a/lib/inviso/src/inviso_tool_lib.erl b/lib/inviso/src/inviso_tool_lib.erl
index 7953acedd6..f221c4b6de 100644
--- a/lib/inviso/src/inviso_tool_lib.erl
+++ b/lib/inviso/src/inviso_tool_lib.erl
@@ -19,7 +19,7 @@
 %% Support module to the inviso tool.

 %%

 %% Authors:

-%% Lennart �hman, [email protected]

+%% Lennart Öhman, [email protected]

 %% -----------------------------------------------------------------------------

 

 -module(inviso_tool_lib).

@@ -145,10 +145,10 @@ expand_module_names_2(Nodes,DirStr,ModStr,Opts) ->
 %% Always returns a regexp or {error,Reason}. 

 expand_module_names_special_regexp(Str) ->

     StrLen=length(Str),

-    case regexp:first_match(Str,"[0-9a-zA-Z_/]*") of

-	{match,1,StrLen} ->                  % Ok, it is the special case.

+    case re:run(Str,"[0-9a-zA-Z_/]*") of

+	{match,[{0,StrLen}]} ->	             % Ok, it is the special case.

 	    {ok,".*"++Str++".*"};            % Convert it to a proper regexp.

-	{match,_,_} ->

+	{match,_} ->

 	    {ok,Str};                        % Keep it and hope it is a regexp.

 	nomatch ->

 	    {ok,Str};                        % Keep it and hope it is a regexp.

diff --git a/lib/inviso/vsn.mk b/lib/inviso/vsn.mk
index 79093597fe..c6b0398bde 100644
--- a/lib/inviso/vsn.mk
+++ b/lib/inviso/vsn.mk
@@ -1 +1 @@
-INVISO_VSN = 0.6.2
+INVISO_VSN = 0.6.3
diff --git a/lib/jinterface/doc/src/make.dep b/lib/jinterface/doc/src/make.dep
deleted file mode 100644
index a1b3c322c6..0000000000
--- a/lib/jinterface/doc/src/make.dep
+++ /dev/null
@@ -1,20 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex jinterface.tex jinterface_users_guide.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/jinterface/doc/src/notes.xml b/lib/jinterface/doc/src/notes.xml
index 11fcc5f387..bf94077114 100644
--- a/lib/jinterface/doc/src/notes.xml
+++ b/lib/jinterface/doc/src/notes.xml
@@ -30,6 +30,27 @@
   </header>
   <p>This document describes the changes made to the Jinterface application.</p>
 
+<section><title>Jinterface 1.5.5</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    JInterface: improve OtpOutputStream buffer allocation</p>
+          <p>
+	    Previously, the buffer was increased linearly by 2048
+	    bytes. I now propose to use an exponential increase
+	    function (similar to Javas ArrayList, e.g. always at
+	    least +50%). This significantly increases performance of
+	    e.g. doRPC for large parameters. (Thanks to Nico Kruber)</p>
+          <p>
+	    Own Id: OTP-9806</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Jinterface 1.5.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/jinterface/java_src/Makefile b/lib/jinterface/java_src/Makefile
index 755ef46a8b..19f99831eb 100644
--- a/lib/jinterface/java_src/Makefile
+++ b/lib/jinterface/java_src/Makefile
@@ -29,9 +29,7 @@ VSN=$(JINTERFACE_VSN)
 # Common Macros
 # ----------------------------------------------------
 
-# call recursive make explicitly below
-# due to separate makefiles for Ronja & OTP
-# SUB_DIRECTORIES = com/ericsson/otp/erlang 
+SUB_DIRECTORIES = com/ericsson/otp/erlang
 
 SPECIAL_TARGETS = 
 
@@ -51,15 +49,5 @@ POM_SRC= $(POM_FILE).src
 $(POM_TARGET): $(POM_SRC) ../vsn.mk
 	sed -e 's;%VSN%;$(VSN);' $< > $@
 
-# ----------------------------------------------------
-# Default Subdir Targets
-# ----------------------------------------------------
-
-.PHONY: debug opt instr release docs release_docs tests release_tests clean depend
-
-debug opt instr release docs release_docs tests release_tests clean depend: $(TARGET_FILES)
-	set -e; set -x; \
-	case "$(MAKE)" in *clearmake*) tflag="-T";; *) tflag="";; esac; \
-	if test -f com/ericsson/otp/erlang/ignore_config_record.inf; then xflag=$$tflag; fi; \
-	(cd com/ericsson/otp/erlang && $(MAKE) -f Makefile.otp $$xflag $@)
 
+include $(ERL_TOP)/make/otp_subdir.mk
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
new file mode 100644
index 0000000000..365798e68a
--- /dev/null
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
@@ -0,0 +1,113 @@
+# -*-Makefile-*-
+
+#
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+#
+include $(ERL_TOP)/make/target.mk
+
+JAVA_DEST_ROOT = $(ERL_TOP)/lib/jinterface/priv/
+JAVA_SRC_ROOT = $(ERL_TOP)/lib/jinterface/java_src/
+JAVA_CLASS_SUBDIR = com/ericsson/otp/erlang/
+
+include $(ERL_TOP)/make/$(TARGET)/otp.mk
+
+# ----------------------------------------------------
+# Application version
+# ----------------------------------------------------
+include $(ERL_TOP)/lib/jinterface/vsn.mk
+VSN=$(JINTERFACE_VSN)
+
+# ----------------------------------------------------
+# Release directory specification
+# ----------------------------------------------------
+RELSYSDIR = $(RELEASE_PATH)/lib/jinterface-$(VSN)
+
+#
+# JAVA macros
+#
+
+# don't add filenames to the Makefile!
+# all java sourcefiles listed in common include file
+include $(ERL_TOP)/lib/jinterface/java_src/$(JAVA_CLASS_SUBDIR)/java_files
+
+TARGET_FILES= $(JAVA_FILES:%=$(JAVA_DEST_ROOT)$(JAVA_CLASS_SUBDIR)%.class)
+JAVA_SRC= $(JAVA_FILES:%=%.java)
+
+JARFILE= OtpErlang.jar
+
+
+# ----------------------------------------------------
+# Programs and Flags
+# ----------------------------------------------------
+
+JAR= jar
+
+CLASSPATH = $(JAVA_SRC_ROOT)
+
+JAVADOCFLAGS=-d $(DOCDIR)
+JAVAFLAGS=-d $(JAVA_DEST_ROOT) 
+JARFLAGS=-cvf
+
+JAVA_OPTIONS = 
+
+ifeq ($(TESTROOT),)
+RELEASE_PATH=$(ERL_TOP)/release/$(TARGET)
+else
+RELEASE_PATH=$(TESTROOT)
+endif
+
+
+# ----------------------------------------------------
+# Make Rules
+# ----------------------------------------------------
+
+debug opt: make_dirs $(JAVA_DEST_ROOT)$(JARFILE)
+
+make_dirs:
+	if [ ! -d "$(JAVA_DEST_ROOT)" ];then mkdir "$(JAVA_DEST_ROOT)"; fi
+
+$(JAVA_DEST_ROOT)$(JARFILE): $(TARGET_FILES)
+	@(cd $(JAVA_DEST_ROOT) ; $(JAR) $(JARFLAGS) $(JARFILE) $(JAVA_CLASS_SUBDIR))
+
+clean:
+	rm -f $(TARGET_FILES) *~
+
+docs:
+
+# ----------------------------------------------------
+# Release Targets
+# ----------------------------------------------------
+
+# include $(ERL_TOP)/make/otp_release_targets.mk
+
+release release_docs release_tests release_html:
+	$(MAKE) $(MFLAGS) RELEASE_PATH=$(RELEASE_PATH) $(TARGET_MAKEFILE)  $@_spec
+
+release_spec: opt
+	$(INSTALL_DIR) $(RELSYSDIR)/java_src/com/ericsson/otp/erlang
+	$(INSTALL_DATA) $(JAVA_SRC) $(RELSYSDIR)/java_src/com/ericsson/otp/erlang
+	$(INSTALL_DIR) $(RELSYSDIR)/priv
+	$(INSTALL_DATA) $(JAVA_DEST_ROOT)$(JARFILE) $(RELSYSDIR)/priv
+
+release_docs_spec:
+
+
+
+
+# ----------------------------------------------------
+
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile.otp b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile.otp
deleted file mode 100644
index d0ff9cda34..0000000000
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile.otp
+++ /dev/null
@@ -1,113 +0,0 @@
-# -*-Makefile-*-
-
-#
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-#
-include $(ERL_TOP)/make/target.mk
-
-JAVA_DEST_ROOT = $(ERL_TOP)/lib/jinterface/priv/
-JAVA_SRC_ROOT = $(ERL_TOP)/lib/jinterface/java_src/
-JAVA_CLASS_SUBDIR = com/ericsson/otp/erlang/
-
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include $(ERL_TOP)/lib/jinterface/vsn.mk
-VSN=$(JINTERFACE_VSN)
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/lib/jinterface-$(VSN)
-
-#
-# JAVA macros
-#
-
-# don't add filenames to the Makefile!
-# all java sourcefiles listed in common include file
-include $(ERL_TOP)/lib/jinterface/java_src/$(JAVA_CLASS_SUBDIR)/java_files
-
-TARGET_FILES= $(JAVA_FILES:%=$(JAVA_DEST_ROOT)$(JAVA_CLASS_SUBDIR)%.class)
-JAVA_SRC= $(JAVA_FILES:%=%.java)
-
-JARFILE= OtpErlang.jar
-
-
-# ----------------------------------------------------
-# Programs and Flags
-# ----------------------------------------------------
-
-JAR= jar
-
-CLASSPATH = $(JAVA_SRC_ROOT)
-
-JAVADOCFLAGS=-d $(DOCDIR)
-JAVAFLAGS=-d $(JAVA_DEST_ROOT) 
-JARFLAGS=-cvf
-
-JAVA_OPTIONS = 
-
-ifeq ($(TESTROOT),)
-RELEASE_PATH=$(ERL_TOP)/release/$(TARGET)
-else
-RELEASE_PATH=$(TESTROOT)
-endif
-
-
-# ----------------------------------------------------
-# Make Rules
-# ----------------------------------------------------
-
-debug opt: make_dirs $(JAVA_DEST_ROOT)$(JARFILE)
-
-make_dirs:
-	if [ ! -d "$(JAVA_DEST_ROOT)" ];then mkdir "$(JAVA_DEST_ROOT)"; fi
-
-$(JAVA_DEST_ROOT)$(JARFILE): $(TARGET_FILES)
-	@(cd $(JAVA_DEST_ROOT) ; $(JAR) $(JARFLAGS) $(JARFILE) $(JAVA_CLASS_SUBDIR))
-
-clean:
-	rm -f $(TARGET_FILES) *~
-
-docs:
-
-# ----------------------------------------------------
-# Release Targets
-# ----------------------------------------------------
-
-# include $(ERL_TOP)/make/otp_release_targets.mk
-
-release release_docs release_tests release_html:
-	$(MAKE) -f Makefile.otp $(MFLAGS) RELEASE_PATH=$(RELEASE_PATH) $(TARGET_MAKEFILE)  $@_spec
-
-release_spec: opt
-	$(INSTALL_DIR) $(RELSYSDIR)/java_src/com/ericsson/otp/erlang
-	$(INSTALL_DATA) $(JAVA_SRC) $(RELSYSDIR)/java_src/com/ericsson/otp/erlang
-	$(INSTALL_DIR) $(RELSYSDIR)/priv
-	$(INSTALL_DATA) $(JAVA_DEST_ROOT)$(JARFILE) $(RELSYSDIR)/priv
-
-release_docs_spec:
-
-
-
-
-# ----------------------------------------------------
-
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
index 19ee92e0d0..8cd900aada 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2000-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2000-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -166,7 +166,7 @@ public class OtpErlangString extends OtpErlangObject implements Serializable,
     /**
      * Validate a code point according to Erlang definition; Unicode 3.0.
      * That is; valid in the range U+0..U+10FFFF, but not in the range
-     * U+D800..U+DFFF (surrogat pairs), nor U+FFFE..U+FFFF (non-characters).
+     * U+D800..U+DFFF (surrogat pairs).
      *
      * @param  cp
      *             the code point value to validate
@@ -179,8 +179,7 @@ public class OtpErlangString extends OtpErlangObject implements Serializable,
 	// Erlang definition of valid Unicode code points; 
 	// Unicode 3.0, XML, et.al.
 	return (cp>>>16) <= 0x10 // in 0..10FFFF; Unicode range
-	    && (cp & ~0x7FF) != 0xD800 // not in D800..DFFF; surrogate range
-	    && (cp & ~1) != 0xFFFE; // not in FFFE..FFFF; non-characters
+	    && (cp & ~0x7FF) != 0xD800; // not in D800..DFFF; surrogate range
     }
 
     /**
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
index 71a419497a..d6f319d378 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
@@ -31,7 +31,7 @@ package com.ericsson.otp.erlang;
  * the recipient of the message. When sending messages to other mailboxes, the
  * recipient can only respond if the sender includes the pid as part of the
  * message contents. The sender can determine his own pid by calling
- * {@link #self self()}.
+ * {@link #self() self()}.
  * </p>
  * 
  * <p>
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
index d499fae3fb..be7c8e5b1a 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
@@ -182,7 +182,7 @@ public class OtpNode extends OtpLocalNode {
      * Create an unnamed {@link OtpMbox mailbox} that can be used to send and
      * receive messages with other, similar mailboxes and with Erlang processes.
      * Messages can be sent to this mailbox by using its associated
-     * {@link OtpMbox#self pid}.
+     * {@link OtpMbox#self() pid}.
      * 
      * @return a mailbox.
      */
@@ -248,7 +248,7 @@ public class OtpNode extends OtpLocalNode {
      * Create an named mailbox that can be used to send and receive messages
      * with other, similar mailboxes and with Erlang processes. Messages can be
      * sent to this mailbox by using its registered name or the associated
-     * {@link OtpMbox#self pid}.
+     * {@link OtpMbox#self() pid}.
      * 
      * @param name
      *            a name to register for this mailbox. The name must be unique
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
index 181350100f..22ebb4688a 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2000-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2000-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -25,6 +25,7 @@ import java.io.UnsupportedEncodingException;
 import java.math.BigDecimal;
 import java.math.BigInteger;
 import java.text.DecimalFormat;
+import java.util.Arrays;
 
 /**
  * Provides a stream for encoding Erlang terms to external format, for
@@ -39,7 +40,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
     /** The default initial size of the stream. * */
     public static final int defaultInitialSize = 2048;
 
-    /** The default increment used when growing the stream. * */
+    /** The default increment used when growing the stream (increment at least this much). * */
     public static final int defaultIncrement = 2048;
 
     // static formats, used to encode floats and doubles
@@ -95,6 +96,41 @@ public class OtpOutputStream extends ByteArrayOutputStream {
     }
 
     /**
+     * Trims the capacity of this <tt>OtpOutputStream</tt> instance to be the
+     * buffer's current size.  An application can use this operation to minimize
+     * the storage of an <tt>OtpOutputStream</tt> instance.
+     */
+    public void trimToSize() {
+	if (super.count < super.buf.length) {
+	    final byte[] tmp = new byte[super.count];
+	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
+	    super.buf = tmp;
+	}
+    }
+
+    /**
+     * Increases the capacity of this <tt>OtpOutputStream</tt> instance, if
+     * necessary, to ensure that it can hold at least the number of elements
+     * specified by the minimum capacity argument.
+     *
+     * @param   minCapacity   the desired minimum capacity
+     */
+    public void ensureCapacity(int minCapacity) {
+	int oldCapacity = super.buf.length;
+	if (minCapacity > oldCapacity) {
+	    int newCapacity = (oldCapacity * 3)/2 + 1;
+	    if (newCapacity < oldCapacity + defaultIncrement)
+		newCapacity = oldCapacity + defaultIncrement;
+	    if (newCapacity < minCapacity)
+		newCapacity = minCapacity;
+	    // minCapacity is usually close to size, so this is a win:
+	    final byte[] tmp = new byte[newCapacity];
+	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
+	    super.buf = tmp;
+	}
+    }
+
+    /**
      * Write one byte to the stream.
      * 
      * @param b
@@ -102,13 +138,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
      * 
      */
     public void write(final byte b) {
-	if (super.count >= super.buf.length) {
-	    // System.err.println("Expanding buffer from " + this.buf.length
-	    // + " to " + (this.buf.length+defaultIncrement));
-	    final byte[] tmp = new byte[super.buf.length + defaultIncrement];
-	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
-	    super.buf = tmp;
-	}
+	ensureCapacity(super.count + 1);
 	super.buf[super.count++] = b;
     }
 
@@ -122,14 +152,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
 
     @Override
     public void write(final byte[] buf) {
-	if (super.count + buf.length > super.buf.length) {
-	    // System.err.println("Expanding buffer from " + super.buf.length
-	    // + " to " + (buf.length + super.buf.lengt + defaultIncrement));
-	    final byte[] tmp = new byte[super.buf.length + buf.length
-		    + defaultIncrement];
-	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
-	    super.buf = tmp;
-	}
+	ensureCapacity(super.count + buf.length);
 	System.arraycopy(buf, 0, super.buf, super.count, buf.length);
 	super.count += buf.length;
     }
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/ignore_config_record.inf b/lib/jinterface/java_src/com/ericsson/otp/erlang/ignore_config_record.inf
deleted file mode 100644
index 0a5053eba3..0000000000
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/ignore_config_record.inf
+++ /dev/null
@@ -1 +0,0 @@
-This file makes clearmake use the -T switch for this subdirectory
diff --git a/lib/jinterface/vsn.mk b/lib/jinterface/vsn.mk
index 9d75a653e3..9d8229e9fa 100644
--- a/lib/jinterface/vsn.mk
+++ b/lib/jinterface/vsn.mk
@@ -1 +1 @@
-JINTERFACE_VSN = 1.5.4
+JINTERFACE_VSN = 1.5.5
diff --git a/lib/kernel/doc/src/code.xml b/lib/kernel/doc/src/code.xml
index 6b89711924..ee687511a3 100644
--- a/lib/kernel/doc/src/code.xml
+++ b/lib/kernel/doc/src/code.xml
@@ -229,10 +229,10 @@
      <c>-code_path_choice Choice</c>. If the flag is set to <c>relaxed</c>,
      the code server will instead choose a suitable directory
      depending on the actual file structure. If there exists a regular
-     application ebin directory,situation it will be choosen. But if it does
-     not exist, the ebin directory in the archive is choosen if it
+     application ebin directory,situation it will be chosen. But if it does
+     not exist, the ebin directory in the archive is chosen if it
      exists. If neither of them exists the original directory will be
-     choosen.</p>
+     chosen.</p>
 
     <p>The command line flag <c>-code_path_choice Choice</c> does also
      affect how <c>init</c> interprets the <c>boot script</c>. The
diff --git a/lib/kernel/doc/src/file.xml b/lib/kernel/doc/src/file.xml
index 7db20e6343..772eff13cc 100644
--- a/lib/kernel/doc/src/file.xml
+++ b/lib/kernel/doc/src/file.xml
@@ -149,6 +149,12 @@
     <datatype>
       <name name="mode"/>
     </datatype>
+    <datatype>
+      <name name="file_info_option"/>
+    </datatype>
+    <datatype>
+      <name name="sendfile_option"/>
+    </datatype>
    </datatypes>
 
   <funcs>
@@ -409,7 +415,7 @@
       <name>file_info(Filename) -> {ok, FileInfo} | {error, Reason}</name>
       <fsummary>Get information about a file (deprecated)</fsummary>
       <desc>
-        <p>This function is obsolete. Use <c>read_file_info/1</c>
+        <p>This function is obsolete. Use <c>read_file_info/1,2</c>
           instead.</p>
       </desc>
     </func>
@@ -536,7 +542,7 @@
       <desc>
         <p>Makes a hard link from <c><anno>Existing</anno></c> to
           <c><anno>New</anno></c>, on
-          platforms that support links (Unix). This function returns
+          platforms that support links (Unix and Windows). This function returns
           <c>ok</c> if the link was successfully created, or
           <c>{error, <anno>Reason</anno>}</c>. On platforms that do not support
           links, <c>{error,enotsup}</c> is returned.</p>
@@ -563,11 +569,12 @@
       <name name="make_symlink" arity="2"/>
       <fsummary>Make a symbolic link to a file or directory</fsummary>
       <desc>
-        <p>This function creates a symbolic link <c><anno>Name2</anno></c> to
-          the file or directory <c><anno>Name1</anno></c>, on platforms that
-          support
-          symbolic links (most Unix systems). <c><anno>Name1</anno></c> need not
-          exist. This function returns <c>ok</c> if the link was
+        <p>This function creates a symbolic link <c><anno>New</anno></c> to
+          the file or directory <c><anno>Existing</anno></c>, on platforms that
+          support symbolic links (most Unix systems and Windows beginning with
+	  Vista).
+	  <c><anno>Existing</anno></c> need not exist.
+          This function returns <c>ok</c> if the link was
           successfully created, or <c>{error, <anno>Reason</anno>}</c>.
           On platforms
           that do not support symbolic links, <c>{error, enotsup}</c>
@@ -577,11 +584,11 @@
           <tag><c>eacces</c></tag>
           <item>
             <p>Missing read or write permissions for the parent directories
-            of <c><anno>Name1</anno></c> or <c><anno>Name2</anno></c>.</p>
+            of <c><anno>Existing</anno></c> or <c><anno>New</anno></c>.</p>
           </item>
           <tag><c>eexist</c></tag>
           <item>
-            <p><c><anno>Name2</anno></c> already exists.</p>
+            <p><c><anno>New</anno></c> already exists.</p>
           </item>
           <tag><c>enotsup</c></tag>
           <item>
@@ -1185,6 +1192,7 @@
     </func>
     <func>
       <name name="read_file_info" arity="1"/>
+      <name name="read_file_info" arity="2"/>
       <fsummary>Get information about a file</fsummary>
       <desc>
         <p>Retrieves information about a file. Returns
@@ -1196,6 +1204,20 @@
           from which the function is called:</p>
         <code type="none">
 -include_lib("kernel/include/file.hrl").</code>
+		<p>The time type returned in <c>atime</c>, <c>mtime</c> and <c>ctime</c>
+			is dependent on the time type set in <c>Opts :: {time, Type}</c>.
+			Type <c>local</c> will return local time, <c>universal</c> will
+			return universal time and <c>posix</c> will return seconds since
+			or before unix time epoch which is 1970-01-01 00:00 UTC. 
+			Default is <c>{time, local}</c>.
+		</p> 
+		<note>
+          <p>
+			  Since file times is stored in posix time on most OS it is
+			  faster to query file information with the <c>posix</c> option.
+		  </p> 
+        </note>
+        
         <p>The record <c>file_info</c> contains the following fields.</p>
         <taglist>
           <tag><c>size = integer()</c></tag>
@@ -1210,15 +1232,15 @@
           <item>
             <p>The current system access to the file.</p>
           </item>
-          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
-            <p>The last (local) time the file was read.</p>
+            <p>The last time the file was read.</p>
           </item>
-          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
-            <p>The last (local) time the file was written.</p>
+            <p>The last time the file was written.</p>
           </item>
-          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
             <p>The interpretation of this time field depends on
               the operating system. On Unix, it is the last time
@@ -1374,9 +1396,11 @@
     </func>
     <func>
       <name name="read_link_info" arity="1"/>
+      <name name="read_link_info" arity="2"/>
       <fsummary>Get information about a link or file</fsummary>
       <desc>
-        <p>This function works like <c>read_file_info/1</c>, except that
+		  <p>This function works like 
+			 <seealso marker="#read_file_info/2">read_file_info/1,2</seealso> except that
           if <c><anno>Name</anno></c> is a symbolic link, information about
           the link will be returned in the <c>file_info</c> record and
           the <c>type</c> field of the record will be set to
@@ -1574,6 +1598,48 @@
       </desc>
     </func>
     <func>
+      <name name="sendfile" arity="2"/>
+      <fsummary>send a file to a socket</fsummary>
+      <desc>
+        <p>Sends the file <c>Filename</c> to <c>Socket</c>.
+        Returns <c>{ok, BytesSent}</c> if successful,
+        otherwise <c>{error, Reason}</c>.</p>
+      </desc>
+    </func>
+    <func>
+      <name name="sendfile" arity="5"/>
+      <fsummary>send a file to a socket</fsummary>
+      <desc>
+        <p>Sends <c>Bytes</c> from the file
+        referenced by <c>RawFile</c> beginning at <c>Offset</c> to
+        <c>Socket</c>.
+        Returns <c>{ok, BytesSent}</c> if successful,
+        otherwise <c>{error, Reason}</c>. If <c>Bytes</c> is set to
+	0 all data after the given <c>Offset</c> is sent.</p>
+	<p>The file used must be opened using the raw flag, and the process
+	calling sendfile must be the controlling process of the socket.
+	See <seealso marker="gen_tcp#controlling_process-2">gen_tcp:controlling_process/2</seealso></p>
+	<p>If the OS used does not support sendfile, an Erlang fallback
+	using file:read and gen_tcp:send is used.</p>
+	<p>The option list can contain the following options:
+	<taglist>
+          <tag><c>chunk_size</c></tag>
+          <item>The chunk size used by the erlang fallback to send
+	  data. If using the fallback, this should be set to a value
+	  which comfortably fits in the systems memory. Default is 20 MB.</item>
+	</taglist>
+	</p>
+	<p>On operating systems with thread support, it is recommended to use
+	async threads. See the command line flag
+	<c>+A</c> in <seealso marker="erts:erl">erl(1)</seealso>. If it is not
+	possible to use async threads for sendfile, it is recommended to use
+	a relatively small value for the send buffer on the socket. Otherwise
+	the Erlang VM might loose some of its soft realtime guarantees.
+	Which size to use depends on the OS/hardware and the requirements
+	of the application.</p>
+      </desc>
+    </func>
+    <func>
       <name name="write" arity="2"/>
       <fsummary>Write to a file</fsummary>
       <desc>
@@ -1645,6 +1711,7 @@
     </func>
     <func>
       <name name="write_file_info" arity="2"/>
+      <name name="write_file_info" arity="3"/>
       <fsummary>Change information about a file</fsummary>
       <desc>
         <p>Change file information. Returns <c>ok</c> if successful,
@@ -1655,18 +1722,25 @@
           from which the function is called:</p>
         <code type="none">
 -include_lib("kernel/include/file.hrl").</code>
+		<p>The time type set in <c>atime</c>, <c>mtime</c> and <c>ctime</c>
+			is dependent on the time type set in <c>Opts :: {time, Type}</c>.
+			Type <c>local</c> will interpret the time set as local, <c>universal</c> will
+			interpret it as universal time and <c>posix</c> must be seconds since
+			or before unix time epoch which is 1970-01-01 00:00 UTC.
+			Default is <c>{time, local}</c>.
+		</p>
         <p>The following fields are used from the record, if they are
           given.</p>
         <taglist>
-          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
-            <p>The last (local) time the file was read.</p>
+            <p>The last time the file was read.</p>
           </item>
-          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
-            <p>The last (local) time the file was written.</p>
+            <p>The last time the file was written.</p>
           </item>
-          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
             <p>On Unix, any value give for this field will be ignored
               (the "ctime" for the file will be set to the current
diff --git a/lib/kernel/doc/src/gen_sctp.xml b/lib/kernel/doc/src/gen_sctp.xml
index 688cd0f78f..579b7f1f74 100644
--- a/lib/kernel/doc/src/gen_sctp.xml
+++ b/lib/kernel/doc/src/gen_sctp.xml
@@ -45,7 +45,15 @@
       SUSE Linux Enterprise Server 10 (x86_64) kernel 2.6.16.27-0.6-smp,
       with lksctp-tools-1.0.6, briefly on Solaris 10, and later on
       SUSE Linux Enterprise Server 10 Service Pack 1 (x86_64)
-      kernel 2.6.16.54-0.2.3-smp with lksctp-tools-1.0.7.</p>
+      kernel 2.6.16.54-0.2.3-smp with lksctp-tools-1.0.7,
+      and later also on FreeBSD 8.2.
+    </p>
+    <p>
+      This module was written for one-to-many style sockets
+      (type <c>seqpacket</c>). With the addition of
+      <seealso marker="#peeloff/2">peeloff/2</seealso>, one-to-one style
+      sockets (type <c>stream</c>) were introduced.
+    </p>
     <p>Record definitions for the <c>gen_sctp</c> module can be found using:</p>
 <pre>  -include_lib("kernel/include/inet_sctp.hrl").    </pre>
     <p>These record definitions use the "new" spelling 'adaptation',
@@ -254,15 +262,19 @@
       </desc>
     </func>
     <func>
-      <name name="listen" arity="2"/>
+      <name name="listen" arity="2" clause_i="1"/>
+      <name name="listen" arity="2" clause_i="2"/>
       <fsummary>Set up a socket to listen.</fsummary>
       <desc>
         <p>Sets up a socket to listen on the IP address and port number
-          it is bound to. <c><anno>IsServer</anno></c> must be <c>true</c>
-          or <c>false</c>.
-          In the contrast to TCP, in SCTP there is no listening queue length.
-          If <c><anno>IsServer</anno></c> is <c>true</c> the socket accepts new associations, i.e.
-          it will become an SCTP server socket.</p>
+	it is bound to.</p>
+	<p>For type <c>seqpacket</c> sockets (the default)
+	<c><anno>IsServer</anno></c> must be <c>true</c> or <c>false</c>.
+	In contrast to TCP, in SCTP there is no listening queue length.
+	If <c><anno>IsServer</anno></c> is <c>true</c> the socket accepts new associations, i.e.
+	it will become an SCTP server socket.</p>
+	<p>For type <c>stream</c> sockets <anno>Backlog</anno> defines
+	the backlog queue length just like in TCP.</p>
       </desc>
     </func>
     <func>
@@ -295,12 +307,40 @@
           is used. In particular, the socket is opened in 
           <seealso marker="#option-binary">binary</seealso> and
           <seealso marker="#option-active">passive</seealso> mode,
+	  with <anno>SockType</anno> <c>seqpacket</c>,
           and with reasonably large
           <seealso marker="#option-sndbuf">kernel</seealso> and driver
           <seealso marker="#option-buffer">buffers.</seealso></p>
       </desc>
     </func>
     <func>
+      <name name="peeloff" arity="2"/>
+      <fsummary>
+	Peel off a type <c>stream</c> socket from a type <c>seqpacket</c> one
+      </fsummary>
+      <desc>
+	<p>
+	  Branch off an existing association <anno>Assoc</anno>
+	  in a socket <anno>Socket</anno> of type <c>seqpacket</c>
+	  (one-to-may style) into
+	  a new socket <anno>NewSocket</anno> of type <c>stream</c>
+	  (one-to-one style).
+	</p>
+	<p>
+	  The existing association argument <anno>Assoc</anno>
+	  can be either a
+	  <seealso marker="#record-sctp_assoc_change">
+	    #sctp_assoc_change{}
+	  </seealso>
+	  record as returned from e.g
+	  <seealso marker="#recv-2">recv/*</seealso>,
+	  <seealso marker="#connect-5">connect/*</seealso> or
+	  from a listening socket in active mode. Or it can be just
+	  the field <c>assoc_id</c> integer from such a record.
+	</p>
+      </desc>
+    </func>
+    <func>
       <name name="recv" arity="1"/>
       <name name="recv" arity="2"/>
       <fsummary>Receive a message from a socket</fsummary>
diff --git a/lib/kernel/doc/src/heart.xml b/lib/kernel/doc/src/heart.xml
index e2dbcbe63d..26d1e27822 100644
--- a/lib/kernel/doc/src/heart.xml
+++ b/lib/kernel/doc/src/heart.xml
@@ -42,7 +42,7 @@
       system.</p>
     <p>An Erlang runtime system to be monitored by a heart program,
       should be started with the command line flag <c>-heart</c> (see
-      also <seealso marker="erts:erl">erl(1)</seealso>. The <c>heart</c>
+      also <seealso marker="erts:erl">erl(1)</seealso>). The <c>heart</c>
       process is then started automatically:</p>
     <pre>
 % <input>erl -heart ...</input></pre>
diff --git a/lib/kernel/doc/src/inet.xml b/lib/kernel/doc/src/inet.xml
index fad5af85bb..1a05b4ba99 100644
--- a/lib/kernel/doc/src/inet.xml
+++ b/lib/kernel/doc/src/inet.xml
@@ -573,6 +573,10 @@ fe80::204:acff:fe17:bf38
               is longer than the max allowed length, the packet is
               considered invalid. The same happens if the packet header
               is too big for the socket receive buffer.</p>
+	    <p>For line oriented protocols (<c>line</c>,<c>http*</c>),
+	    option <c>packet_size</c> also guarantees that lines up to the
+	    indicated length are accepted and not considered invalid due
+	    to internal buffer limitations.</p>
           </item>
           <tag><c>{read_packets, Integer}</c>(UDP sockets)</tag>
           <item>
diff --git a/lib/kernel/doc/src/kernel_app.xml b/lib/kernel/doc/src/kernel_app.xml
index bf513b7815..0f71a4f0f2 100644
--- a/lib/kernel/doc/src/kernel_app.xml
+++ b/lib/kernel/doc/src/kernel_app.xml
@@ -4,7 +4,7 @@
 <appref>
   <header>
     <copyright>
-      <year>1996</year><year>2009</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -231,6 +231,15 @@ MaxT = TickTime + TickTime / 4</code>
         <p><em>Note:</em> Normally, a terminating node is detected
           immediately.</p>
       </item>
+      <tag><c>shutdown_timeout = integer() | infinity</c></tag>
+      <item>
+        <p>Specifies the time <c>application_controller</c> will wait
+          for an application to terminate during node shutdown. If the
+          timer expires, <c>application_controller</c> will brutally
+          kill <c>application_master</c> of the hanging
+          application. If this parameter is undefined, it defaults
+          to <c>infinity</c>.</p>
+      </item>
       <tag><c>sync_nodes_mandatory = [NodeName]</c></tag>
       <item>
         <p>Specifies which other nodes <em>must</em> be alive in order
diff --git a/lib/kernel/doc/src/make.dep b/lib/kernel/doc/src/make.dep
deleted file mode 100644
index f79d1c6367..0000000000
--- a/lib/kernel/doc/src/make.dep
+++ /dev/null
@@ -1,28 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: app.tex application.tex auth.tex book.tex \
-		code.tex config.tex disk_log.tex erl_boot_server.tex \
-		erl_ddll.tex erl_prim_loader_stub.tex erlang_stub.tex \
-		error_handler.tex error_logger.tex file.tex \
-		gen_sctp.tex gen_tcp.tex gen_udp.tex global.tex \
-		global_group.tex heart.tex inet.tex inet_res.tex \
-		init_stub.tex kernel_app.tex net_adm.tex net_kernel.tex \
-		os.tex packages.tex pg2.tex ref_man.tex rpc.tex \
-		seq_trace.tex user.tex wrap_log_reader.tex \
-		zlib_stub.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/kernel/doc/src/net_kernel.xml b/lib/kernel/doc/src/net_kernel.xml
index 3b7a710664..e54a427ff0 100644
--- a/lib/kernel/doc/src/net_kernel.xml
+++ b/lib/kernel/doc/src/net_kernel.xml
@@ -210,6 +210,10 @@
             <p><c>net_kernel</c> is currently changing
               <c>net_ticktime</c> to <c><anno>NetTicktime</anno></c> seconds.</p>
           </item>
+          <tag><c>ignored</c></tag>
+          <item>
+            <p>The local node is not alive.</p>
+          </item>
         </taglist>
       </desc>
     </func>
diff --git a/lib/kernel/doc/src/notes.xml b/lib/kernel/doc/src/notes.xml
index ec57b03bd9..9121186631 100644
--- a/lib/kernel/doc/src/notes.xml
+++ b/lib/kernel/doc/src/notes.xml
@@ -30,6 +30,241 @@
   </header>
   <p>This document describes the changes made to the Kernel application.</p>
 
+<section><title>Kernel 2.15</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Calls to <c>global:whereis_name/1</c> have been
+	    substituted for calls to
+	    <c>global:safe_whereis_name/1</c> since the latter is not
+	    safe at all.</p>
+	    <p>The reason for not doing this earlier is that setting
+	    a global lock masked out a bug concerning the restart of
+	    supervised children. The bug has now been fixed by a
+	    modification of <c>global:whereis_name/1</c>. (Thanks to
+	    Ulf Wiger for code contribution.)</p>
+	    <p>A minor race conditions in <c>gen_fsm:start*</c> has
+	    been fixed: if one of these functions returned <c>{error,
+	    Reason}</c> or ignore, the name could still be registered
+	    (either locally or in <c>global</c>. (This is the same
+	    modification as was done for gen_server in OTP-7669.)</p>
+	    <p>The undocumented function
+	    <c>global:safe_whereis_name/1</c> has been removed. </p>
+          <p>
+	    Own Id: OTP-9212 Aux Id: seq7117, OTP-4174 </p>
+        </item>
+        <item>
+          <p>
+	    Honor option <c>packet_size</c> for http packet parsing
+	    by both TCP socket and <c>erlang:decode_packet</c>. This
+	    gives the ability to accept HTTP headers larger than the
+	    default setting, but also avoid DoS attacks by accepting
+	    lines only up to whatever length you wish to allow. For
+	    consistency, packet type <c>line</c> also honor option
+	    <c>packet_size</c>. (Thanks to Steve Vinoski)</p>
+          <p>
+	    Own Id: OTP-9389</p>
+        </item>
+        <item>
+	    <p> <c>disk_log:reopen/2,3</c> and
+	    <c>disk_log:breopen/3</c> could return the error reason
+	    from <c>file:rename/2</c> rather than the reason
+	    <c>{file_error, Filename, Reason}</c>. This bug has been
+	    fixed. </p> <p> The message <c>{disk_log, Node, {error,
+	    disk_log_stopped}}</c> which according the documentation
+	    is sent upon failure to truncate or reopen a disk log was
+	    sometimes turned into a reply. This bug has been fixed.
+	    </p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9508</p>
+        </item>
+        <item>
+          <p>
+	    Environment variable 'shutdown_timeout' is added to
+	    kernel application. Earlier, application_controller would
+	    hang forever if an application top supervisor did not
+	    terminate upon a shutdown request. If this new
+	    environment variable is set to a positive integer T, then
+	    application controller will now give up after T
+	    milliseconds and instead brutally kill the application.
+	    For backwards compatibility, the default value for
+	    shutdown_timeout is 'infinity'.</p>
+          <p>
+	    Own Id: OTP-9540</p>
+        </item>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+          <p>
+	    make tab completion work in remote shells (Thanks to Mats
+	    Cronqvist)</p>
+          <p>
+	    Own Id: OTP-9673</p>
+        </item>
+        <item>
+          <p>
+	    Add missing parenthesis in heart doc.</p>
+          <p>
+	    Add missing spaces in the Reference Manual distributed
+	    section.</p>
+          <p>
+	    In the HTML version of the doc those spaces are necessary
+	    to separate those words.</p>
+          <p>
+	    Own Id: OTP-9693</p>
+        </item>
+        <item>
+          <p>
+	    Fixes net_kernel:get_net_ticktime() doc</p>
+          <p>
+	    Adds missing description when `ignored' is returned.
+	    (Thanks to Ricardo Catalinas Jim�nez )</p>
+          <p>
+	    Own Id: OTP-9713</p>
+        </item>
+        <item>
+	    <p> While <c>disk_log</c> eagerly collects logged terms
+	    for better performance, collecting too much data may
+	    choke the system and cause huge binaries to be written.
+	    In order to remedy the situation a (small) limit on the
+	    amount of data that is collected before writing to disk
+	    has been introduced. </p>
+          <p>
+	    Own Id: OTP-9764</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+        <item>
+          <p>
+	    Fix a crash when file:change_time/2,3 are called with
+	    invalid dates</p>
+          <p>
+	    Calling file:change_time/2,3 with an invalid date tuple
+	    (e.g file:change_time("file.txt", {undefined,
+	    undefined})) will cause file_server_2 to crash.
+	    error_logger will shutdown and the whole VM will stop.
+	    Change behavior to validate given dates on system
+	    boundaries. (i.e before issuing a server call).(Thanks to
+	    Ahmed Omar)</p>
+          <p>
+	    Own Id: OTP-9785</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> An option list argument can now be passed to
+	    <c>file:read_file_info/2, file:read_link_info/2</c> and
+	    <c>file:write_file_info/3</c> and set time type
+	    information in the call. Valid options are <c>{time,
+	    local}, {time, universal}</c> and <c>{time, posix}</c>.
+	    In the case of <c>posix</c> time no conversions are made
+	    which makes the operation a bit faster. </p>
+          <p>
+	    Own Id: OTP-7687</p>
+        </item>
+        <item>
+	    <p><c>file:list_dir/1,2</c> will now fill an buffer
+	    entire with filenames from the efile driver before
+	    sending it to an erlang process. This will speed up this
+	    file operation in most cases.</p>
+          <p>
+	    Own Id: OTP-9023</p>
+        </item>
+        <item>
+	    <p>gen_sctp:open/0-2 may now return
+	    {error,eprotonosupport} if SCTP is not supported</p>
+	    <p>gen_sctp:peeloff/1 has been implemented and creates a
+	    one-to-one socket which also are supported now</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9239</p>
+        </item>
+        <item>
+          <p>
+	    Sendfile has been added to the file module's API.
+	    sendfile/2 is used to read data from a file and send it
+	    to a tcp socket using a zero copying mechanism if
+	    available on that OS.</p>
+          <p>
+	    Thanks to Tuncer Ayaz and Steve Vinovski for original
+	    implementation</p>
+          <p>
+	    Own Id: OTP-9240</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Kernel 2.14.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/kernel/include/dist.hrl b/lib/kernel/include/dist.hrl
new file mode 100644
index 0000000000..5b52f6f294
--- /dev/null
+++ b/lib/kernel/include/dist.hrl
@@ -0,0 +1,38 @@
+%%
+%% %CopyrightBegin%
+%% 
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% 
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%% 
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%% 
+%% %CopyrightEnd%
+%%
+
+%%
+%% Distribution capabilities flags (corresponds with dist.h).
+%%
+
+-define(DFLAG_PUBLISHED,1).
+-define(DFLAG_ATOM_CACHE,2).
+-define(DFLAG_EXTENDED_REFERENCES,4).
+-define(DFLAG_DIST_MONITOR,8).
+-define(DFLAG_FUN_TAGS,16#10).
+-define(DFLAG_DIST_MONITOR_NAME,16#20).
+-define(DFLAG_HIDDEN_ATOM_CACHE,16#40).
+-define(DFLAG_NEW_FUN_TAGS,16#80).
+-define(DFLAG_EXTENDED_PIDS_PORTS,16#100).
+-define(DFLAG_EXPORT_PTR_TAG,16#200).
+-define(DFLAG_BIT_BINARIES,16#400).
+-define(DFLAG_NEW_FLOATS,16#800).
+-define(DFLAG_UNICODE_IO,16#1000).
+-define(DFLAG_DIST_HDR_ATOM_CACHE,16#2000).
+-define(DFLAG_SMALL_ATOM_TAGS, 16#4000).
diff --git a/lib/kernel/include/dist_util.hrl b/lib/kernel/include/dist_util.hrl
new file mode 100644
index 0000000000..c3a7f97418
--- /dev/null
+++ b/lib/kernel/include/dist_util.hrl
@@ -0,0 +1,87 @@
+%%
+%% %CopyrightBegin%
+%% 
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% 
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%% 
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%% 
+%% %CopyrightEnd%
+%%
+%% uncomment this if tracing of handshake etc is wanted
+%%-define(dist_trace, true). 
+%%-define(dist_debug, true).
+
+
+-ifdef(dist_debug).
+-define(debug(Term), erlang:display(Term)).
+-else.
+-define(debug(Term), ok).
+-endif.
+
+-ifdef(dist_trace).
+-define(trace(Fmt,Args), io:format("~p ~p:~s",[erlang:now(),node(),lists:flatten(io_lib:format(Fmt, Args))])).
+% Use the one below for config-file (early boot) connection tracing
+%-define(trace(Fmt,Args), erlang:display([erlang:now(),node(),lists:flatten(io_lib:format(Fmt, Args))])).
+-define(trace_factor,8).
+-else.
+-define(trace(Fmt,Args), ok).
+-define(trace_factor,1).
+-endif.
+
+-define(shutdown(Data), dist_util:shutdown(?MODULE, ?LINE, Data)).
+-define(shutdown2(Data, Reason), dist_util:shutdown(?MODULE, ?LINE, Data, Reason)).
+
+%% Handshake state structure
+-record(hs_data, {
+	  kernel_pid,        %% Pid of net_kernel
+	  other_node,        %% Name of peer
+	  this_node,         %% my nodename
+	  socket,            %% The connection "socket"
+	  timer,             %% The setup timer 
+	                     %% (stream_dist_handshake:start_timer)
+	  this_flags,        %% Flags my node should use
+	  allowed,           %% Allowed nodes list
+	  other_version,     %% The other nodes distribution version
+	  other_flags,       %% The other nodes flags.
+	  other_started,     %% True if the other node initiated.
+	  f_send,            %% Fun that behaves like gen_tcp:send
+	  f_recv,            %% Fun that behaves like gen_tcp:recv
+	  f_setopts_pre_nodeup,  %% Sets "socket" options before
+	                         %% nodeup is delivered to net_kernel
+	  f_setopts_post_nodeup, %% Sets "socket" options after
+	                         %% nodeup is delivered
+	  f_getll,               %% Get low level port or pid.
+	  f_address,         %% The address of the "socket", 
+	                     %% generated from Socket,Node
+	  %% These two are used in the tick loop,
+	  %% so they are not fun's to avoid holding old code.
+	  mf_tick,           %% Takes the socket as parameters and
+	                     %% sends a tick, this is no fun, it
+	                     %% is a tuple {M,F}.
+	                     %% Is should place {tcp_closed, Socket}
+	                     %% in the message queue on failure.
+	  mf_getstat,        %% Returns 
+			     %% {ok, RecvCnt, SendCnt, SendPend} for
+	                     %% a given socket. This is a {M,F}, 
+	                     %% returning {error, Reason on failure}
+	  request_type = normal
+}).
+	  
+
+%% The following should be filled in upon enter of... 
+%% - handshake_we_started:
+%% kernel_pid, other_node, this_node, socket, timer, 
+%% this_flags, other_version, All fun's/mf's.
+%% - handshake_other_started:
+%% kernel_pid, this_node, socket, timer, 
+%% this_flags, allowed, All fun's/mf's.
+
diff --git a/lib/kernel/include/file.hrl b/lib/kernel/include/file.hrl
index 3889bce393..bf97173122 100644
--- a/lib/kernel/include/file.hrl
+++ b/lib/kernel/include/file.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,10 +25,11 @@
 	{size   :: non_neg_integer(),	% Size of file in bytes.
 	 type   :: 'device' | 'directory' | 'other' | 'regular' | 'symlink',
 	 access :: 'read' | 'write' | 'read_write' | 'none',
-	 atime  :: file:date_time(),	% The local time the file was last read:
-					% {{Year, Mon, Day}, {Hour, Min, Sec}}.
-	 mtime  :: file:date_time(),	% The local time the file was last written.
-	 ctime  :: file:date_time(),	% The interpretation of this time field
+	 atime  :: file:date_time() | integer(), % The local time the file was last read:
+					         % {{Year, Mon, Day}, {Hour, Min, Sec}}.
+						 % atime, ctime, mtime may also be unix epochs()
+	 mtime  :: file:date_time() | integer(), % The local time the file was last written.
+	 ctime  :: file:date_time() | integer(), % The interpretation of this time field
 					% is dependent on operating system.
 					% On Unix it is the last time the file
 					% or the inode was changed.  On Windows,
diff --git a/lib/kernel/include/net_address.hrl b/lib/kernel/include/net_address.hrl
new file mode 100644
index 0000000000..9b9ea42931
--- /dev/null
+++ b/lib/kernel/include/net_address.hrl
@@ -0,0 +1,28 @@
+%%
+%% %CopyrightBegin%
+%% 
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
+%% 
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%% 
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%% 
+%% %CopyrightEnd%
+%%
+
+%% Generic address format
+
+-record(net_address,
+	{
+	 address,  %% opaque address
+	 host,     %% host name
+	 protocol, %% protocol
+	 family    %% address family
+	}).
diff --git a/lib/kernel/src/Makefile b/lib/kernel/src/Makefile
index 9db6014a7d..54f21eb2b8 100644
--- a/lib/kernel/src/Makefile
+++ b/lib/kernel/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -118,11 +118,14 @@ MODULES = \
 	user_sup \
 	wrap_log_reader
 
-HRL_FILES= ../include/file.hrl ../include/inet.hrl ../include/inet_sctp.hrl
+HRL_FILES= ../include/file.hrl ../include/inet.hrl ../include/inet_sctp.hrl \
+	../include/dist.hrl ../include/dist_util.hrl \
+	../include/net_address.hrl 
+
 INTERNAL_HRL_FILES= application_master.hrl disk_log.hrl \
-        net_address.hrl inet_dns.hrl inet_res.hrl \
+        inet_dns.hrl inet_res.hrl \
         inet_boot.hrl inet_config.hrl inet_int.hrl \
-	dist.hrl dist_util.hrl inet_dns_record_adts.hrl
+	inet_dns_record_adts.hrl
 
 ERL_FILES= $(MODULES:%=%.erl)
 
@@ -215,7 +218,7 @@ $(EBIN)/code_server.beam: ../include/file.hrl
 $(EBIN)/disk_log.beam: disk_log.hrl
 $(EBIN)/disk_log_1.beam: disk_log.hrl ../include/file.hrl
 $(EBIN)/disk_log_server.beam: disk_log.hrl
-$(EBIN)/dist_util.beam: dist_util.hrl dist.hrl
+$(EBIN)/dist_util.beam: ../include/dist_util.hrl ../include/dist.hrl
 $(EBIN)/erl_boot_server.beam: inet_boot.hrl
 $(EBIN)/erl_epmd.beam: inet_int.hrl erl_epmd.hrl
 $(EBIN)/file.beam: ../include/file.hrl
@@ -226,7 +229,7 @@ $(EBIN)/global.beam: ../../stdlib/include/ms_transform.hrl
 $(EBIN)/hipe_unified_loader.beam: ../../hipe/main/hipe.hrl hipe_ext_format.hrl
 $(EBIN)/inet.beam: ../include/inet.hrl inet_int.hrl ../include/inet_sctp.hrl
 $(EBIN)/inet6_tcp.beam: inet_int.hrl
-$(EBIN)/inet6_tcp_dist.beam: net_address.hrl dist.hrl dist_util.hrl
+$(EBIN)/inet6_tcp_dist.beam: ../include/net_address.hrl ../include/dist.hrl ../include/dist_util.hrl
 $(EBIN)/inet6_udp.beam: inet_int.hrl
 $(EBIN)/inet6_sctp.beam: inet_int.hrl
 $(EBIN)/inet_config.beam: inet_config.hrl ../include/inet.hrl
@@ -237,10 +240,10 @@ $(EBIN)/inet_hosts.beam: ../include/inet.hrl
 $(EBIN)/inet_parse.beam: ../include/file.hrl
 $(EBIN)/inet_res.beam: ../include/inet.hrl inet_res.hrl inet_dns.hrl inet_int.hrl
 $(EBIN)/inet_tcp.beam: inet_int.hrl
-$(EBIN)/inet_udp_dist.beam: net_address.hrl dist.hrl dist_util.hrl
+$(EBIN)/inet_udp_dist.beam: ../include/net_address.hrl ../include/dist.hrl ../include/dist_util.hrl
 $(EBIN)/inet_udp.beam: inet_int.hrl
 $(EBIN)/inet_sctp.beam: inet_int.hrl ../include/inet_sctp.hrl
-$(EBIN)/net_kernel.beam: net_address.hrl
+$(EBIN)/net_kernel.beam: ../include/net_address.hrl
 $(EBIN)/os.beam: ../include/file.hrl
 $(EBIN)/ram_file.beam: ../include/file.hrl
 $(EBIN)/wrap_log_reader.beam: disk_log.hrl ../include/file.hrl
diff --git a/lib/kernel/src/application.erl b/lib/kernel/src/application.erl
index fa3a4c3d36..c299fb085c 100644
--- a/lib/kernel/src/application.erl
+++ b/lib/kernel/src/application.erl
@@ -28,8 +28,6 @@
 -export([get_application/0, get_application/1, info/0]).
 -export([start_type/0]).
 
--export([behaviour_info/1]).
-
 %%%-----------------------------------------------------------------
 
 -type start_type() :: 'normal'
@@ -59,12 +57,12 @@
 
 %%------------------------------------------------------------------
 
--spec behaviour_info(atom()) -> 'undefined' | [{atom(), byte()}].
+-callback start(StartType :: normal | {takeover, node()} | {failover, node()},
+		StartArgs :: term()) ->
+    {'ok', pid()} | {'ok', pid(), State :: term()} | {'error', Reason :: term()}.
 
-behaviour_info(callbacks) ->
-    [{start,2},{stop,1}];
-behaviour_info(_Other) ->
-    undefined.
+-callback stop(State :: term()) ->
+    term().
 
 %%%-----------------------------------------------------------------
 %%% This module is API towards application_controller and
diff --git a/lib/kernel/src/application_controller.erl b/lib/kernel/src/application_controller.erl
index 42f527f400..ebfe84463a 100644
--- a/lib/kernel/src/application_controller.erl
+++ b/lib/kernel/src/application_controller.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -1180,10 +1180,27 @@ terminate(Reason, S) ->
 	_ ->
 	    ok
     end,
+    ShutdownTimeout =
+	case application:get_env(kernel, shutdown_timeout) of
+	    undefined -> infinity;
+	    {ok,T} -> T
+	end,
     foreach(fun({_AppName, Id}) when is_pid(Id) -> 
+		    Ref = erlang:monitor(process, Id),
+		    unlink(Id),
 		    exit(Id, shutdown),
 		    receive
+			%% Proc died before link
 			{'EXIT', Id, _} -> ok
+		    after 0 ->
+			    receive
+				{'DOWN', Ref, process, Id, _} -> ok
+			    after ShutdownTimeout ->
+				    exit(Id, kill),
+				    receive
+					{'DOWN', Ref, process, Id, _} -> ok
+				    end
+			    end
 		    end;
 	       (_) -> ok
 	    end,
diff --git a/lib/kernel/src/code.erl b/lib/kernel/src/code.erl
index 882e9625fe..b7fda69ce0 100644
--- a/lib/kernel/src/code.erl
+++ b/lib/kernel/src/code.erl
@@ -324,15 +324,7 @@ start_link(Flags) ->
 %%-----------------------------------------------------------------
 
 do_start(Flags) ->
-    %% The following module_info/1 calls are here to ensure
-    %% that these modules are loaded prior to their use elsewhere in
-    %% the code_server.
-    %% Otherwise a deadlock may occur when the code_server is starting.
-    code_server = code_server:module_info(module),
-    packages = packages:module_info(module),
-    catch hipe_unified_loader:load_hipe_modules(),
-    Modules2 = [gb_sets, gb_trees, ets, os, binary, unicode, filename, lists],
-    lists:foreach(fun (M) -> M = M:module_info(module) end, Modules2),
+    load_code_server_prerequisites(),
 
     Mode = get_mode(Flags),
     case init:get_argument(root) of 
@@ -360,6 +352,25 @@ do_start(Flags) ->
 	    {error, crash}
     end.
 
+%% Make sure that all modules that the code_server process calls
+%% (directly or indirectly) are loaded. Otherwise the code_server
+%% process will deadlock.
+
+load_code_server_prerequisites() ->
+    %% Please keep the alphabetical order.
+    Needed = [binary,
+	      ets,
+	      filename,
+	      gb_sets,
+	      gb_trees,
+	      hipe_unified_loader,
+	      lists,
+	      os,
+	      packages,
+	      unicode],
+    [M = M:module_info(module) || M <- Needed],
+    ok.
+
 do_stick_dirs() ->
     do_s(compiler),
     do_s(stdlib),
diff --git a/lib/kernel/src/code_server.erl b/lib/kernel/src/code_server.erl
index e3d22e7999..5d4f2eb70c 100644
--- a/lib/kernel/src/code_server.erl
+++ b/lib/kernel/src/code_server.erl
@@ -32,6 +32,8 @@
 
 -import(lists, [foreach/2]).
 
+-define(ANY_NATIVE_CODE_LOADED, any_native_code_loaded).
+
 -record(state, {supervisor,
 		root,
 		path,
@@ -97,6 +99,8 @@ init(Ref, Parent, [Root,Mode0]) ->
 		State0
 	end,
 
+    put(?ANY_NATIVE_CODE_LOADED, false),
+
     Parent ! {Ref,{ok,self()}},
     loop(State#state{supervisor = Parent}).
 
@@ -1278,35 +1282,56 @@ load_native_code(Mod, Bin) ->
     %% Therefore we must test for that the loader modules are available
     %% before trying to to load native code.
     case erlang:module_loaded(hipe_unified_loader) of
-	false -> no_native;
-	true -> hipe_unified_loader:load_native_code(Mod, Bin)
+	false ->
+	    no_native;
+	true ->
+	    Result = hipe_unified_loader:load_native_code(Mod, Bin),
+	    case Result of
+		{module,_} ->
+		    put(?ANY_NATIVE_CODE_LOADED, true);
+		_ ->
+		    ok
+	    end,
+	    Result
     end.
 
 hipe_result_to_status(Result) ->
     case Result of
-	{module,_} -> Result;
-	_ -> {error,Result}
+	{module,_} ->
+	    put(?ANY_NATIVE_CODE_LOADED, true),
+	    Result;
+	_ ->
+	    {error,Result}
     end.
 
 post_beam_load(Mod) ->
-    case erlang:module_loaded(hipe_unified_loader) of
-	false -> ok;
-	true -> hipe_unified_loader:post_beam_load(Mod)
+    %% post_beam_load/1 can potentially be very expensive because it
+    %% blocks multi-scheduling; thus we want to avoid the call if we
+    %% know that it is not needed.
+    case get(?ANY_NATIVE_CODE_LOADED) of
+	true -> hipe_unified_loader:post_beam_load(Mod);
+	false -> ok
     end.
 
 int_list([H|T]) when is_integer(H) -> int_list(T);
 int_list([_|_])                    -> false;
 int_list([])                       -> true.
 
+load_file(Mod0, {From,_}=Caller, St0) ->
+    Mod = to_atom(Mod0),
+    case pending_on_load(Mod, From, St0) of
+	no -> load_file_1(Mod, Caller, St0);
+	{yes,St} -> {noreply,St}
+    end.
 
-load_file(Mod, Caller, #state{path=Path,cache=no_cache}=St) ->
+load_file_1(Mod, Caller, #state{path=Path,cache=no_cache}=St) ->
     case mod_to_bin(Path, Mod) of
 	error ->
 	    {reply,{error,nofile},St};
 	{Mod,Binary,File} ->
 	    try_load_module(File, Mod, Binary, Caller, St)
     end;
-load_file(Mod, Caller, #state{cache=Cache}=St0) ->
+load_file_1(Mod, Caller, #state{cache=Cache}=St0) ->
     Key = {obj,Mod},
     case ets:lookup(Cache, Key) of
 	[] -> 
diff --git a/lib/kernel/src/disk_log.erl b/lib/kernel/src/disk_log.erl
index 9b8d2db437..fb9415d440 100644
--- a/lib/kernel/src/disk_log.erl
+++ b/lib/kernel/src/disk_log.erl
@@ -64,7 +64,7 @@
 %%-define(PROFILE(C), C).
 -define(PROFILE(C), void).
 
--compile({inline,[{log_loop,4},{log_end_sync,2},{replies,2},{rflat,1}]}).
+-compile({inline,[{log_loop,5},{log_end_sync,2},{replies,2},{rflat,1}]}).
 
 %%%----------------------------------------------------------------------
 %%% Contract type specifications
@@ -685,7 +685,7 @@ handle({From, {log, B}}, S) ->
 	L when L#log.mode =:= read_only ->
 	    reply(From, {error, {read_only_mode, L#log.name}}, S);
 	L when L#log.status =:= ok, L#log.format =:= internal ->
-	    log_loop(S, From, [B], []);
+	    log_loop(S, From, [B], [], iolist_size(B));
 	L when L#log.status =:= ok, L#log.format =:= external ->
 	    reply(From, {error, {format_external, L#log.name}}, S);
 	L when L#log.status =:= {blocked, false} ->
@@ -700,7 +700,7 @@ handle({From, {blog, B}}, S) ->
 	L when L#log.mode =:= read_only ->
 	    reply(From, {error, {read_only_mode, L#log.name}}, S);
 	L when L#log.status =:= ok ->
-	    log_loop(S, From, [B], []);
+	    log_loop(S, From, [B], [], iolist_size(B));
 	L when L#log.status =:= {blocked, false} ->
 	    reply(From, {error, {blocked_log, L#log.name}}, S);
 	L when L#log.blocked_by =:= From ->
@@ -714,7 +714,7 @@ handle({alog, B}, S) ->
 	    notify_owners({read_only,B}),
 	    loop(S);
 	L when L#log.status =:= ok, L#log.format =:= internal ->
-	    log_loop(S, [], [B], []);
+	    log_loop(S, [], [B], [], iolist_size(B));
 	L when L#log.status =:= ok ->
 	    notify_owners({format_external, B}),
 	    loop(S);
@@ -730,7 +730,7 @@ handle({balog, B}, S) ->
 	    notify_owners({read_only,B}),
 	    loop(S);
 	L when L#log.status =:= ok ->
-	    log_loop(S, [], [B], []);
+	    log_loop(S, [], [B], [], iolist_size(B));
 	L when L#log.status =:= {blocked, false} ->
 	    notify_owners({blocked_log, B}),
 	    loop(S);
@@ -1029,38 +1029,42 @@ handle(_, S) ->
     loop(S).
 
 sync_loop(From, S) ->
-    log_loop(S, [], [], From).
+    log_loop(S, [], [], From, 0).
+
+-define(MAX_LOOK_AHEAD, 64*1024).
 
 %% Inlined.
-log_loop(S, Pids, _Bins, _Sync) when S#state.cache_error =/= ok ->
+log_loop(S, Pids, _Bins, _Sync, _Sz) when S#state.cache_error =/= ok ->
     loop(cache_error(S, Pids));
-log_loop(S, Pids, Bins, Sync) when S#state.messages =:= [] ->
+log_loop(#state{messages = []}=S, Pids, Bins, Sync, Sz)
+            when Sz > ?MAX_LOOK_AHEAD ->
+    loop(log_end(S, Pids, Bins, Sync));
+log_loop(#state{messages = []}=S, Pids, Bins, Sync, Sz) ->
     receive 
 	Message ->
-	    log_loop(Message, Pids, Bins, Sync, S, get(log))
+            log_loop(Message, Pids, Bins, Sync, Sz, S, get(log))
     after 0 ->
 	    loop(log_end(S, Pids, Bins, Sync))
     end;
-log_loop(S, Pids, Bins, Sync) ->
+log_loop(S, Pids, Bins, Sync, Sz) ->
     [M | Ms] = S#state.messages,
     S1 = S#state{messages = Ms},
-    log_loop(M, Pids, Bins, Sync, S1, get(log)).
+    log_loop(M, Pids, Bins, Sync, Sz, S1, get(log)).
 
 %% Items logged after the last sync request found are sync:ed as well.
-log_loop({alog,B}, Pids, Bins, Sync, S, L) when L#log.format =:= internal ->
+log_loop({alog,B}, Pids, Bins, Sync, Sz, S, #log{format = internal}) ->
     %% {alog, _} allowed for the internal format only.
-    log_loop(S, Pids, [B | Bins], Sync);
-log_loop({balog, B}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, Pids, [B | Bins], Sync);
-log_loop({From, {log, B}}, Pids, Bins, Sync, S, L) 
-                                           when L#log.format =:= internal ->
+    log_loop(S, Pids, [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({balog, B}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, Pids, [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, {log, B}}, Pids, Bins, Sync, Sz, S, #log{format = internal}) ->
     %% {log, _} allowed for the internal format only.
-    log_loop(S, [From | Pids], [B | Bins], Sync);
-log_loop({From, {blog, B}}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, [From | Pids], [B | Bins], Sync);
-log_loop({From, sync}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, Pids, Bins, [From | Sync]);
-log_loop(Message, Pids, Bins, Sync, S, _L) ->
+    log_loop(S, [From | Pids], [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, {blog, B}}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, [From | Pids], [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, sync}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, Pids, Bins, [From | Sync], Sz);
+log_loop(Message, Pids, Bins, Sync, _Sz, S, _L) ->
     NS = log_end(S, Pids, Bins, Sync),
     handle(Message, NS).
 
@@ -1240,20 +1244,29 @@ is_owner(Pid, L) ->
 
 %% ok | throw(Error)
 rename_file(File, NewFile, halt) ->
-    file:rename(File, NewFile);
+    case file:rename(File, NewFile) of
+        ok ->
+            ok;
+        Else ->
+            file_error(NewFile, Else)
+    end;
 rename_file(File, NewFile, wrap) ->
     rename_file(wrap_file_extensions(File), File, NewFile, ok).
 
-rename_file([Ext|Exts], File, NewFile, Res) ->
-    NRes = case file:rename(add_ext(File, Ext), add_ext(NewFile, Ext)) of
+rename_file([Ext|Exts], File, NewFile0, Res) ->
+    NewFile = add_ext(NewFile0, Ext),
+    NRes = case file:rename(add_ext(File, Ext), NewFile) of
 	       ok ->
 		   Res;
 	       Else ->
-		   Else
+		   file_error(NewFile, Else)
 	   end,
-    rename_file(Exts, File, NewFile, NRes);
+    rename_file(Exts, File, NewFile0, NRes);
 rename_file([], _File, _NewFiles, Res) -> Res.
 
+file_error(FileName, {error, Error}) ->
+    {error, {file_error, FileName, Error}}.
+
 %% "Old" error messages have been kept, arg_mismatch has been added.
 %%-spec compare_arg(dlog_options(), #arg{}, 
 compare_arg([], _A, none, _OrigHead) ->
@@ -1947,7 +1960,8 @@ monitor_request(Pid, Req) ->
     receive 
 	{'DOWN', Ref, process, Pid, _Info} ->
 	    {error, no_such_log};
-	{disk_log, Pid, Reply} ->
+	{disk_log, Pid, Reply} when not is_tuple(Reply) orelse
+                                    element(2, Reply) =/= disk_log_stopped ->
 	    erlang:demonitor(Ref),
 	    receive 
 		{'DOWN', Ref, process, Pid, _Reason} ->
diff --git a/lib/kernel/src/dist.hrl b/lib/kernel/src/dist.hrl
deleted file mode 100644
index aea1ab81ba..0000000000
--- a/lib/kernel/src/dist.hrl
+++ /dev/null
@@ -1,38 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-
-%%
-%% Distribution capabilities flags (corresponds with dist.h).
-%%
-
--define(DFLAG_PUBLISHED,1).
--define(DFLAG_ATOM_CACHE,2).
--define(DFLAG_EXTENDED_REFERENCES,4).
--define(DFLAG_DIST_MONITOR,8).
--define(DFLAG_FUN_TAGS,16#10).
--define(DFLAG_DIST_MONITOR_NAME,16#20).
--define(DFLAG_HIDDEN_ATOM_CACHE,16#40).
--define(DFLAG_NEW_FUN_TAGS,16#80).
--define(DFLAG_EXTENDED_PIDS_PORTS,16#100).
--define(DFLAG_EXPORT_PTR_TAG,16#200).
--define(DFLAG_BIT_BINARIES,16#400).
--define(DFLAG_NEW_FLOATS,16#800).
--define(DFLAG_UNICODE_IO,16#1000).
--define(DFLAG_DIST_HDR_ATOM_CACHE,16#2000).
--define(DFLAG_SMALL_ATOM_TAGS, 16#4000).
diff --git a/lib/kernel/src/dist_util.hrl b/lib/kernel/src/dist_util.hrl
deleted file mode 100644
index f2b0598532..0000000000
--- a/lib/kernel/src/dist_util.hrl
+++ /dev/null
@@ -1,87 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-%% uncomment this if tracing of handshake etc is wanted
-%%-define(dist_trace, true). 
-%%-define(dist_debug, true).
-
-
--ifdef(dist_debug).
--define(debug(Term), erlang:display(Term)).
--else.
--define(debug(Term), ok).
--endif.
-
--ifdef(dist_trace).
--define(trace(Fmt,Args), io:format("~p ~p:~s",[erlang:now(),node(),lists:flatten(io_lib:format(Fmt, Args))])).
-% Use the one below for config-file (early boot) connection tracing
-%-define(trace(Fmt,Args), erlang:display([erlang:now(),node(),lists:flatten(io_lib:format(Fmt, Args))])).
--define(trace_factor,8).
--else.
--define(trace(Fmt,Args), ok).
--define(trace_factor,1).
--endif.
-
--define(shutdown(Data), dist_util:shutdown(?MODULE, ?LINE, Data)).
--define(shutdown2(Data, Reason), dist_util:shutdown(?MODULE, ?LINE, Data, Reason)).
-
-%% Handshake state structure
--record(hs_data, {
-	  kernel_pid,        %% Pid of net_kernel
-	  other_node,        %% Name of peer
-	  this_node,         %% my nodename
-	  socket,            %% The connection "socket"
-	  timer,             %% The setup timer 
-	                     %% (stream_dist_handshake:start_timer)
-	  this_flags,        %% Flags my node should use
-	  allowed,           %% Allowed nodes list
-	  other_version,     %% The other nodes distribution version
-	  other_flags,       %% The other nodes flags.
-	  other_started,     %% True if the other node initiated.
-	  f_send,            %% Fun that behaves like gen_tcp:send
-	  f_recv,            %% Fun that behaves like gen_tcp:recv
-	  f_setopts_pre_nodeup,  %% Sets "socket" options before
-	                         %% nodeup is delivered to net_kernel
-	  f_setopts_post_nodeup, %% Sets "socket" options after
-	                         %% nodeup is delivered
-	  f_getll,               %% Get low level port or pid.
-	  f_address,         %% The address of the "socket", 
-	                     %% generated from Socket,Node
-	  %% These two are used in the tick loop,
-	  %% so they are not fun's to avoid holding old code.
-	  mf_tick,           %% Takes the socket as parameters and
-	                     %% sends a tick, this is no fun, it
-	                     %% is a tuple {M,F}.
-	                     %% Is should place {tcp_closed, Socket}
-	                     %% in the message queue on failure.
-	  mf_getstat,        %% Returns 
-			     %% {ok, RecvCnt, SendCnt, SendPend} for
-	                     %% a given socket. This is a {M,F}, 
-	                     %% returning {error, Reason on failure}
-	  request_type = normal
-}).
-	  
-
-%% The following should be filled in upon enter of... 
-%% - handshake_we_started:
-%% kernel_pid, other_node, this_node, socket, timer, 
-%% this_flags, other_version, All fun's/mf's.
-%% - handshake_other_started:
-%% kernel_pid, this_node, socket, timer, 
-%% this_flags, allowed, All fun's/mf's.
-
diff --git a/lib/kernel/src/error_handler.erl b/lib/kernel/src/error_handler.erl
index e1f99bf417..a67b11a888 100644
--- a/lib/kernel/src/error_handler.erl
+++ b/lib/kernel/src/error_handler.erl
@@ -88,12 +88,12 @@ int() -> int.
 -spec crash(atom(), [term()]) -> no_return().
 
 crash(Fun, Args) ->
-    crash({Fun,Args}).
+    crash({Fun,Args,[]}).
 
 -spec crash(atom(), atom(), arity()) -> no_return().
 
 crash(M, F, A) ->
-    crash({M,F,A}).
+    crash({M,F,A,[]}).
 
 -spec crash(tuple()) -> no_return().
 
@@ -101,7 +101,8 @@ crash(Tuple) ->
     try erlang:error(undef)
     catch
 	error:undef ->
-	    erlang:raise(error, undef, [Tuple|tl(erlang:get_stacktrace())])
+	    Stk = [Tuple|tl(erlang:get_stacktrace())],
+	    erlang:raise(error, undef, Stk)
     end.
 
 %% If the code_server has not been started yet dynamic code loading
@@ -127,7 +128,7 @@ ensure_loaded(Module) ->
 -spec stub_function(atom(), atom(), [_]) -> no_return().
 
 stub_function(Mod, Func, Args) ->
-    exit({undef,[{Mod,Func,Args}]}).
+    exit({undef,[{Mod,Func,Args,[]}]}).
 
 check_inheritance(Module, Args) ->
     Attrs = erlang:get_module_info(Module, attributes),
diff --git a/lib/kernel/src/file.erl b/lib/kernel/src/file.erl
index 5e4e1b0ba8..4028dd4f0b 100644
--- a/lib/kernel/src/file.erl
+++ b/lib/kernel/src/file.erl
@@ -28,9 +28,11 @@
 %% File system and metadata.
 -export([get_cwd/0, get_cwd/1, set_cwd/1, delete/1, rename/2,
 	 make_dir/1, del_dir/1, list_dir/1,
-	 read_file_info/1, write_file_info/2,
+	 read_file_info/1, read_file_info/2,
+	 write_file_info/2, write_file_info/3,
 	 altname/1,
-	 read_link_info/1, read_link/1,
+	 read_link_info/1, read_link_info/2,
+	 read_link/1,
 	 make_link/2, make_symlink/2,
 	 read_file/1, write_file/2, write_file/3]).
 %% Specialized
@@ -51,6 +53,9 @@
 
 -export([pid2name/1]).
 
+%% Sendfile functions
+-export([sendfile/2,sendfile/5]).
+
 %%% Obsolete exported functions
 
 -export([raw_read_file_info/1, raw_write_file_info/2]).
@@ -103,6 +108,10 @@
 -type date_time() :: calendar:datetime().
 -type posix_file_advise() :: 'normal' | 'sequential' | 'random'
                            | 'no_reuse' | 'will_need' | 'dont_need'.
+-type sendfile_option() :: {chunk_size, non_neg_integer()}.
+-type file_info_option() :: {'time', 'local'} | {'time', 'universal'} 
+			  | {'time', 'posix'}.
+
 
 %%%-----------------------------------------------------------------
 %%% General functions
@@ -211,6 +220,15 @@ del_dir(Name) ->
 read_file_info(Name) ->
     check_and_call(read_file_info, [file_name(Name)]).
 
+-spec read_file_info(Filename, Opts) -> {ok, FileInfo} | {error, Reason} when
+      Filename :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+read_file_info(Name, Opts) when is_list(Opts) ->
+    check_and_call(read_file_info, [file_name(Name), Opts]).
+
 -spec altname(Name :: name()) -> any().
 
 altname(Name) ->
@@ -224,6 +242,16 @@ altname(Name) ->
 read_link_info(Name) ->
     check_and_call(read_link_info, [file_name(Name)]).
 
+-spec read_link_info(Name, Opts) -> {ok, FileInfo} | {error, Reason} when
+      Name :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+read_link_info(Name, Opts) when is_list(Opts) ->
+    check_and_call(read_link_info, [file_name(Name),Opts]).
+
+
 -spec read_link(Name) -> {ok, Filename} | {error, Reason} when
       Name :: name(),
       Filename :: filename(),
@@ -240,6 +268,15 @@ read_link(Name) ->
 write_file_info(Name, Info = #file_info{}) ->
     check_and_call(write_file_info, [file_name(Name), Info]).
 
+-spec write_file_info(Filename, FileInfo, Opts) -> ok | {error, Reason} when
+      Filename :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+write_file_info(Name, Info = #file_info{}, Opts) when is_list(Opts) ->
+    check_and_call(write_file_info, [file_name(Name), Info, Opts]).
+
 -spec list_dir(Dir) -> {ok, Filenames} | {error, Reason} when
       Dir :: name(),
       Filenames :: [filename()],
@@ -264,9 +301,9 @@ read_file(Name) ->
 make_link(Old, New) ->
     check_and_call(make_link, [file_name(Old), file_name(New)]).
 
--spec make_symlink(Name1, Name2) -> ok | {error, Reason} when
-      Name1 :: name(),
-      Name2 :: name(),
+-spec make_symlink(Existing, New) -> ok | {error, Reason} when
+      Existing :: name(),
+      New :: name(),
       Reason :: posix() | badarg.
 
 make_symlink(Old, New) ->
@@ -1100,8 +1137,9 @@ change_group(Name, GroupId)
       Mtime :: date_time(),
       Reason :: posix() | badarg.
 
-change_time(Name, Time) 
-  when is_tuple(Time) ->
+change_time(Name, {{Y, M, D}, {H, Min, Sec}}=Time)
+  when is_integer(Y), is_integer(M), is_integer(D),
+       is_integer(H), is_integer(Min), is_integer(Sec)->
     write_file_info(Name, #file_info{mtime=Time}).
 
 -spec change_time(Filename, Atime, Mtime) -> ok | {error, Reason} when
@@ -1110,10 +1148,150 @@ change_time(Name, Time)
       Mtime :: date_time(),
       Reason :: posix() | badarg.
 
-change_time(Name, Atime, Mtime) 
-  when is_tuple(Atime), is_tuple(Mtime) ->
+change_time(Name, {{AY, AM, AD}, {AH, AMin, ASec}}=Atime,
+         {{MY, MM, MD}, {MH, MMin, MSec}}=Mtime)
+  when is_integer(AY), is_integer(AM), is_integer(AD),
+       is_integer(AH), is_integer(AMin), is_integer(ASec),
+       is_integer(MY), is_integer(MM), is_integer(MD),
+       is_integer(MH), is_integer(MMin), is_integer(MSec)->
     write_file_info(Name, #file_info{atime=Atime, mtime=Mtime}).
 
+%%
+%% Send data using sendfile
+%%
+
+-define(MAX_CHUNK_SIZE, (1 bsl 20)*20). %% 20 MB, has to fit in primary memory
+
+-spec sendfile(RawFile, Socket, Offset, Bytes, Opts) ->
+   {'ok', non_neg_integer()} | {'error', inet:posix() | 
+				closed | badarg | not_owner} when
+      RawFile :: file:fd(),
+      Socket :: inet:socket(),
+      Offset :: non_neg_integer(),
+      Bytes :: non_neg_integer(),
+      Opts :: [sendfile_option()].
+sendfile(File, _Sock, _Offet, _Bytes, _Opts) when is_pid(File) ->
+    {error, badarg};
+sendfile(File, Sock, Offset, Bytes, []) ->
+    sendfile(File, Sock, Offset, Bytes, ?MAX_CHUNK_SIZE, [], [],
+	     false, false, false);
+sendfile(File, Sock, Offset, Bytes, Opts) ->
+    ChunkSize0 = proplists:get_value(chunk_size, Opts, ?MAX_CHUNK_SIZE),
+    ChunkSize = if ChunkSize0 > ?MAX_CHUNK_SIZE ->
+			?MAX_CHUNK_SIZE;
+		   true -> ChunkSize0
+		end,
+    %% Support for headers, trailers and options has been removed because the
+    %% Darwin and BSD API for using it does not play nice with
+    %% non-blocking sockets. See unix_efile.c for more info.
+    sendfile(File, Sock, Offset, Bytes, ChunkSize, [], [],
+	     false,false,false).
+
+%% sendfile/2
+-spec sendfile(Filename, Socket) ->
+   {'ok', non_neg_integer()} | {'error', inet:posix() | 
+				closed | badarg | not_owner}
+      when Filename :: file:name(),
+	   Socket :: inet:socket().
+sendfile(Filename, Sock)  ->
+    case file:open(Filename, [read, raw, binary]) of
+	{error, Reason} ->
+	    {error, Reason};
+	{ok, Fd} ->
+	    Res = sendfile(Fd, Sock, 0, 0, []),
+	    file:close(Fd),
+	    Res
+    end.
+
+%% Internal sendfile functions
+sendfile(#file_descriptor{ module = Mod } = Fd, Sock, Offset, Bytes,
+	 ChunkSize, Headers, Trailers, Nodiskio, MNowait, Sync)
+  when is_port(Sock) ->
+    case Mod:sendfile(Fd, Sock, Offset, Bytes, ChunkSize, Headers, Trailers,
+		      Nodiskio, MNowait, Sync) of
+	{error, enotsup} ->
+	    sendfile_fallback(Fd, Sock, Offset, Bytes, ChunkSize,
+			      Headers, Trailers);
+	Else ->
+	    Else
+    end;
+sendfile(_,_,_,_,_,_,_,_,_,_) ->
+    {error, badarg}.
+
+%%%
+%% Sendfile Fallback
+%%%
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize,
+		  Headers, Trailers)
+  when Headers == []; is_integer(Headers) ->
+    case sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize) of
+	{ok, BytesSent} when is_list(Trailers),
+			     Trailers =/= [],
+			     is_integer(Headers) ->
+	    sendfile_send(Sock, Trailers, BytesSent+Headers);
+	{ok, BytesSent} when is_list(Trailers), Trailers =/= [] ->
+	    sendfile_send(Sock, Trailers, BytesSent);
+	{ok, BytesSent} when is_integer(Headers) ->
+	    {ok, BytesSent + Headers};
+	Else ->
+	    Else
+    end;
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize, Headers, Trailers) ->
+    case sendfile_send(Sock, Headers, 0) of
+	{ok, BytesSent} ->
+	    sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize, BytesSent,
+			      Trailers);
+	Else ->
+	    Else
+    end.
+
+
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize) ->
+    {ok, CurrPos} = file:position(File, {cur, 0}),
+    {ok, _NewPos} = file:position(File, {bof, Offset}),
+    Res = sendfile_fallback_int(File, Sock, Bytes, ChunkSize, 0),
+    file:position(File, {bof, CurrPos}),
+    Res.
+
+
+sendfile_fallback_int(File, Sock, Bytes, ChunkSize, BytesSent)
+  when Bytes > BytesSent; Bytes == 0 ->
+    Size = if Bytes == 0 ->
+		   ChunkSize;
+	       (Bytes - BytesSent + ChunkSize) > 0 ->
+		   Bytes - BytesSent;
+	      true ->
+		   ChunkSize
+	   end,
+    case file:read(File, Size) of
+	{ok, Data} ->
+	    case sendfile_send(Sock, Data, BytesSent) of
+		{ok,NewBytesSent} ->
+		    sendfile_fallback_int(
+		      File, Sock, Bytes, ChunkSize,
+		      NewBytesSent);
+		Error ->
+		    Error
+	    end;
+	eof ->
+	    {ok, BytesSent};
+	Error ->
+	    Error
+    end;
+sendfile_fallback_int(_File, _Sock, BytesSent, _ChunkSize, BytesSent) ->
+    {ok, BytesSent}.
+
+sendfile_send(Sock, Data, Old) ->
+    Len = iolist_size(Data),
+    case gen_tcp:send(Sock, Data) of
+	ok ->
+	    {ok, Len+Old};
+	Else ->
+	    Else
+    end.
+
+
+
 %%%-----------------------------------------------------------------
 %%% Helpers
 
@@ -1163,7 +1341,7 @@ path_open_first([Path|Rest], Name, Mode, LastError) ->
 	{error, _} = Error ->
 	    Error;
 	FilePath ->
-	    FileName = filename:join(FilePath, Name),
+	    FileName = fname_join(FilePath, Name),
 	    case open(FileName, Mode) of
 		{ok, Fd} ->
 		    {ok, Fd, FileName};
@@ -1176,6 +1354,11 @@ path_open_first([Path|Rest], Name, Mode, LastError) ->
 path_open_first([], _Name, _Mode, LastError) ->
     {error, LastError}.
 
+fname_join(".", Name) ->
+    Name;
+fname_join(Dir, Name) ->
+    filename:join(Dir, Name).
+
 %%%-----------------------------------------------------------------
 %%% Utility functions.
 
diff --git a/lib/kernel/src/file_server.erl b/lib/kernel/src/file_server.erl
index 64c61ba3ac..fc6cd823c9 100644
--- a/lib/kernel/src/file_server.erl
+++ b/lib/kernel/src/file_server.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -147,15 +147,24 @@ handle_call({get_cwd, Name}, _From, Handle) ->
 handle_call({read_file_info, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_file_info(Handle, Name), Handle};
 
+handle_call({read_file_info, Name, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:read_file_info(Handle, Name, Opts), Handle};
+
 handle_call({altname, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:altname(Handle, Name), Handle};
 
 handle_call({write_file_info, Name, Info}, _From, Handle) ->
     {reply, ?PRIM_FILE:write_file_info(Handle, Name, Info), Handle};
 
+handle_call({write_file_info, Name, Info, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:write_file_info(Handle, Name, Info, Opts), Handle};
+
 handle_call({read_link_info, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_link_info(Handle, Name), Handle};
 
+handle_call({read_link_info, Name, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:read_link_info(Handle, Name, Opts), Handle};
+
 handle_call({read_link, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_link(Handle, Name), Handle};
 
diff --git a/lib/kernel/src/gen_sctp.erl b/lib/kernel/src/gen_sctp.erl
index 6cebb7ab97..d8954f0cf7 100644
--- a/lib/kernel/src/gen_sctp.erl
+++ b/lib/kernel/src/gen_sctp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -27,7 +27,8 @@
 -include("inet_sctp.hrl").
 
 -export([open/0,open/1,open/2,close/1]).
--export([listen/2,connect/4,connect/5,connect_init/4,connect_init/5]).
+-export([listen/2,peeloff/2]).
+-export([connect/4,connect/5,connect_init/4,connect_init/5]).
 -export([eof/2,abort/2]).
 -export([send/3,send/4,recv/1,recv/2]).
 -export([error_string/1]).
@@ -109,9 +110,11 @@ open() ->
                    | {ifaddr,IP}
                    | inet:address_family()
                    | {port,Port}
+		   | {type,SockType}
                    | option(),
               IP :: inet:ip_address() | any | loopback,
               Port :: inet:port_number(),
+	      SockType :: seqpacket | stream,
               Socket :: sctp_socket().
 
 open(Opts) when is_list(Opts) ->
@@ -134,9 +137,11 @@ open(X) ->
                    | {ifaddr,IP}
                    | inet:address_family()
                    | {port,Port}
+		   | {type,SockType}
                    | option(),
       IP :: inet:ip_address() | any | loopback,
       Port :: inet:port_number(),
+      SockType :: seqpacket | stream,
       Socket :: sctp_socket().
 
 open(Port, Opts) when is_integer(Port), is_list(Opts) ->
@@ -161,17 +166,38 @@ close(S) ->
 -spec listen(Socket, IsServer) -> ok | {error, Reason} when
       Socket :: sctp_socket(),
       IsServer :: boolean(),
+      Reason :: term();
+	    (Socket, Backlog) -> ok | {error, Reason} when
+      Socket :: sctp_socket(),
+      Backlog :: integer(),
       Reason :: term().
 
-listen(S, Flag) when is_port(S), is_boolean(Flag) ->
+listen(S, Backlog)
+  when is_port(S), is_boolean(Backlog);
+       is_port(S), is_integer(Backlog) ->
     case inet_db:lookup_socket(S) of
 	{ok,Mod} ->
-	    Mod:listen(S, Flag);
+	    Mod:listen(S, Backlog);
 	Error -> Error
     end;
 listen(S, Flag) ->
     erlang:error(badarg, [S,Flag]).
 
+-spec peeloff(Socket, Assoc) -> {ok, NewSocket} | {error, Reason} when
+      Socket :: sctp_socket(),
+      Assoc :: #sctp_assoc_change{} | assoc_id(),
+      NewSocket :: sctp_socket(),
+      Reason :: term().
+
+peeloff(S, #sctp_assoc_change{assoc_id=AssocId}) when is_port(S) ->
+    peeloff(S, AssocId);
+peeloff(S, AssocId) when is_port(S), is_integer(AssocId) ->
+    case inet_db:lookup_socket(S) of
+	{ok,Mod} ->
+	    Mod:peeloff(S, AssocId);
+	Error -> Error
+    end.
+
 -spec connect(Socket, Addr, Port, Opts) -> {ok, Assoc} | {error, inet:posix()} when
       Socket :: sctp_socket(),
       Addr :: inet:ip_address() | inet:hostname(),
@@ -288,7 +314,7 @@ eof_or_abort(S, AssocId, Action) ->
 -spec send(Socket, SndRcvInfo, Data) -> ok | {error, Reason} when
       Socket :: sctp_socket(),
       SndRcvInfo :: #sctp_sndrcvinfo{},
-      Data :: binary | iolist(),
+      Data :: binary() | iolist(),
       Reason :: term().
 
 %% Full-featured send. Rarely needed.
@@ -305,7 +331,7 @@ send(S, SRI, Data) ->
       Socket :: sctp_socket(),
       Assoc :: #sctp_assoc_change{} | assoc_id(),
       Stream :: integer(),
-      Data :: binary | iolist(),
+      Data :: binary() | iolist(),
       Reason :: term().
 
 send(S, #sctp_assoc_change{assoc_id=AssocId}, Stream, Data)
diff --git a/lib/kernel/src/gen_tcp.erl b/lib/kernel/src/gen_tcp.erl
index 8ab18c01b4..4d6c7f5f1d 100644
--- a/lib/kernel/src/gen_tcp.erl
+++ b/lib/kernel/src/gen_tcp.erl
@@ -27,6 +27,7 @@
 -export([fdopen/2]).
 
 -include("inet_int.hrl").
+-include("file.hrl").
 
 -type option() ::
         {active,          true | false | once} |
@@ -302,7 +303,7 @@ unrecv(S, Data) when is_port(S) ->
 	    Mod:unrecv(S, Data);
 	Error ->
 	    Error
-    end.    
+    end.
 
 %%
 %% Set controlling process
@@ -354,3 +355,4 @@ mod([_|Opts], Address) ->
     mod(Opts, Address);
 mod([], Address) ->
     mod(Address).
+
diff --git a/lib/kernel/src/global.erl b/lib/kernel/src/global.erl
index 7d15f8bf83..fa97614eca 100644
--- a/lib/kernel/src/global.erl
+++ b/lib/kernel/src/global.erl
@@ -28,7 +28,7 @@
 
 %% External exports
 -export([start/0, start_link/0, stop/0, sync/0, sync/1,
-	 safe_whereis_name/1, whereis_name/1,  register_name/2, 
+	 whereis_name/1,  register_name/2,
          register_name/3, register_name_external/2, register_name_external/3,
          unregister_name_external/1,re_register_name/2, re_register_name/3,
 	 unregister_name/1, registered_names/0, send/2, node_disconnected/1,
@@ -203,10 +203,6 @@ send(Name, Msg) ->
 whereis_name(Name) ->
     where(Name).
 
--spec safe_whereis_name(term()) -> pid() | 'undefined'.
-safe_whereis_name(Name) ->
-    gen_server:call(global_name_server, {whereis, Name}, infinity).
-
 node_disconnected(Node) ->
     global_name_server ! {nodedown, Node}.
 
@@ -510,8 +506,7 @@ init([]) ->
 %%   delay can sometimes be quite substantial. Global guarantees that
 %%   the name will eventually be removed, but there is no
 %%   synchronization between nodes; the name can be removed from some
-%%   node(s) long before it is removed from other nodes. Using
-%%   safe_whereis_name is no cure.
+%%   node(s) long before it is removed from other nodes.
 %%
 %% - Global cannot handle problems with the distribution very well.
 %%   Depending on the value of the kernel variable 'net_ticktime' long
@@ -589,10 +584,6 @@ init([]) ->
 	{'reply', term(), state()} |
 	{'stop', 'normal', 'stopped', state()}.
 
-handle_call({whereis, Name}, From, S) ->
-    do_whereis(Name, From),
-    {noreply, S};
-
 handle_call({registrar, Fun}, From, S) ->
     S#state.the_registrar ! {trans_all_known, Fun, From},
     {noreply, S};
@@ -1235,7 +1226,15 @@ ins_name_ext(Name, Pid, Method, RegNode, FromPidOrNode, ExtraInfo, S0) ->
 
 where(Name) ->
     case ets:lookup(global_names, Name) of
-	[{_Name, Pid, _Method, _RPid, _Ref}] -> Pid;
+	[{_Name, Pid, _Method, _RPid, _Ref}] ->
+	    if node(Pid) == node() ->
+		    case is_process_alive(Pid) of
+			true  -> Pid;
+			false -> undefined
+		    end;
+	       true ->
+		    Pid
+	    end;
 	[] -> undefined
     end.
 
diff --git a/lib/kernel/src/hipe_unified_loader.erl b/lib/kernel/src/hipe_unified_loader.erl
index 1d3eb926ca..8b3aa0286d 100644
--- a/lib/kernel/src/hipe_unified_loader.erl
+++ b/lib/kernel/src/hipe_unified_loader.erl
@@ -36,7 +36,6 @@
 
 -export([chunk_name/1,
 	 %% Only the code and code_server modules may call the entries below!
-	 load_hipe_modules/0,
 	 load_native_code/2,
 	 post_beam_load/1,
 	 load_module/3,
@@ -78,16 +77,6 @@ chunk_name(Architecture) ->
 
 %%========================================================================
 
--spec load_hipe_modules() -> 'ok'.
-%% @doc
-%%    Ensures HiPE's loader modules are loaded.
-%%    Called from code.erl at start-up.
-
-load_hipe_modules() ->
-  ok.
-
-%%========================================================================
-
 -spec load_native_code(Mod, binary()) -> 'no_native' | {'module', Mod}
 					  when is_subtype(Mod, atom()).
 %% @doc
diff --git a/lib/kernel/src/inet.erl b/lib/kernel/src/inet.erl
index 48a6f3db65..49f64a9236 100644
--- a/lib/kernel/src/inet.erl
+++ b/lib/kernel/src/inet.erl
@@ -36,10 +36,14 @@
 
 -export([i/0, i/1, i/2]).
 
--export([getll/1, getfd/1, open/7, fdopen/5]).
+-export([getll/1, getfd/1, open/8, fdopen/6]).
 
 -export([tcp_controlling_process/2, udp_controlling_process/2,
 	 tcp_close/1, udp_close/1]).
+
+%% used by sendfile
+-export([lock_socket/2]).
+
 %% used by socks5
 -export([setsockname/2, setpeername/2]).
 
@@ -115,7 +119,8 @@
       'mtu' | 'netmask' | 'flags' |'hwaddr'.
 
 -type address_family() :: 'inet' | 'inet6'.
--type protocol_option() :: 'tcp' | 'udp' | 'sctp'.
+-type socket_protocol() :: 'tcp' | 'udp' | 'sctp'.
+-type socket_type() :: 'stream' | 'dgram' | 'seqpacket'.
 -type stat_option() :: 
 	'recv_cnt' | 'recv_max' | 'recv_avg' | 'recv_oct' | 'recv_dvi' |
 	'send_cnt' | 'send_max' | 'send_avg' | 'send_oct' | 'send_pend'.
@@ -748,6 +753,8 @@ sctp_opt([Opt|Opts], Mod, R, As) ->
 		    sctp_opt(Opts, Mod, R#sctp_opts{port=P}, As);
 		Error -> Error
 	    end;
+	{type,Type} when Type =:= seqpacket; Type =:= stream ->
+	    sctp_opt(Opts, Mod, R#sctp_opts{type=Type}, As);
 	binary		-> sctp_opt (Opts, Mod, R, As, mode, binary);
 	list		-> sctp_opt (Opts, Mod, R, As, mode, list);
 	{sctp_module,_}	-> sctp_opt (Opts, Mod, R, As); % Done with
@@ -996,13 +1003,14 @@ gethostbyaddr_tm_native(Addr, Timer, Opts) ->
 	   Addr :: ip_address(),
 	   Port :: port_number(),
 	   Opts :: [socket_setopt()],
-	   Protocol :: protocol_option(),
-	   Family :: 'inet' | 'inet6',
+	   Protocol :: socket_protocol(),
+	   Family :: address_family(),
+	   Type :: socket_type(),
 	   Module :: atom()) ->
 	{'ok', socket()} | {'error', posix()}.
 
-open(Fd, Addr, Port, Opts, Protocol, Family, Module) when Fd < 0 ->
-    case prim_inet:open(Protocol, Family) of
+open(Fd, Addr, Port, Opts, Protocol, Family, Type, Module) when Fd < 0 ->
+    case prim_inet:open(Protocol, Family, Type) of
 	{ok,S} ->
 	    case prim_inet:setopts(S, Opts) of
 		ok ->
@@ -1029,18 +1037,19 @@ open(Fd, Addr, Port, Opts, Protocol, Family, Module) when Fd < 0 ->
 	Error ->
 	    Error
     end;
-open(Fd, _Addr, _Port, Opts, Protocol, Family, Module) ->
-    fdopen(Fd, Opts, Protocol, Family, Module).
+open(Fd, _Addr, _Port, Opts, Protocol, Family, Type, Module) ->
+    fdopen(Fd, Opts, Protocol, Family, Type, Module).
 
 -spec fdopen(Fd :: non_neg_integer(),
 	     Opts :: [socket_setopt()],
-	     Protocol :: protocol_option(),
+	     Protocol :: socket_protocol(),
 	     Family :: address_family(),
+	     Type :: socket_type(),
 	     Module :: atom()) ->
 	{'ok', socket()} | {'error', posix()}.
 
-fdopen(Fd, Opts, Protocol, Family, Module) ->
-    case prim_inet:fdopen(Protocol, Fd, Family) of
+fdopen(Fd, Opts, Protocol, Family, Type, Module) ->
+    case prim_inet:fdopen(Protocol, Family, Type, Fd) of
 	{ok, S} ->
 	    case prim_inet:setopts(S, Opts) of
 		ok ->
@@ -1056,18 +1065,24 @@ fdopen(Fd, Opts, Protocol, Family, Module) ->
 %%  socket stat
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
-i() -> i(tcp), i(udp).
+i() -> i(tcp), i(udp), i(sctp).
 
 i(Proto) -> i(Proto, [port, module, recv, sent, owner,
-		      local_address, foreign_address, state]).
+		      local_address, foreign_address, state, type]).
 
 i(tcp, Fs) ->
     ii(tcp_sockets(), Fs, tcp);
 i(udp, Fs) ->
-    ii(udp_sockets(), Fs, udp).
+    ii(udp_sockets(), Fs, udp);
+i(sctp, Fs) ->
+    ii(sctp_sockets(), Fs, sctp).
 
 ii(Ss, Fs, Proto) ->
-    LLs = [h_line(Fs) | info_lines(Ss, Fs, Proto)],
+    LLs =
+	case info_lines(Ss, Fs, Proto) of
+	    [] -> [];
+	    InfoLines -> [h_line(Fs) | InfoLines]
+	end,
     Maxs = foldl(
 	     fun(Line,Max0) -> smax(Max0,Line) end, 
 	     duplicate(length(Fs),0),LLs),
@@ -1135,6 +1150,7 @@ info(S, F, Proto) ->
 	    case prim_inet:gettype(S) of
 		{ok,{_,stream}} -> "STREAM";
 		{ok,{_,dgram}}  -> "DGRAM";
+		{ok,{_,seqpacket}} -> "SEQPACKET";
 		_ -> " "
 	    end;
 	fd ->
@@ -1186,6 +1202,7 @@ fmt_port(N, Proto) ->
 %% Return a list of all tcp sockets
 tcp_sockets() -> port_list("tcp_inet").
 udp_sockets() -> port_list("udp_inet").
+sctp_sockets() -> port_list("sctp_inet").
 
 %% Return all ports having the name 'Name'
 port_list(Name) ->
@@ -1340,3 +1357,14 @@ stop_timer(Timer) ->
 	    end;
 	T -> T
     end.
+
+
+lock_socket(S,Val) ->
+    case erlang:port_info(S, connected) of
+	{connected, Pid} when Pid =/= self() ->
+	    {error, not_owner};
+	undefined ->
+	    {error, einval};
+	_ ->
+	    prim_inet:ignorefd(S,Val)
+    end.
diff --git a/lib/kernel/src/inet6_sctp.erl b/lib/kernel/src/inet6_sctp.erl
index 5bf3fca647..c47483bbdd 100644
--- a/lib/kernel/src/inet6_sctp.erl
+++ b/lib/kernel/src/inet6_sctp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -32,7 +32,8 @@
 
 -define(FAMILY, inet6).
 -export([getserv/1,getaddr/1,getaddr/2,translate_ip/1]).
--export([open/1,close/1,listen/2,connect/5,sendmsg/3,send/4,recv/2]).
+-export([open/1,close/1,listen/2,peeloff/2,connect/5]).
+-export([sendmsg/3,send/4,recv/2]).
 
 
 
@@ -54,8 +55,8 @@ translate_ip(IP) ->
     
 open(Opts) ->
     case inet:sctp_options(Opts, ?MODULE) of
-	{ok,#sctp_opts{fd=Fd,ifaddr=Addr,port=Port,opts=SOs}} ->
-	    inet:open(Fd, Addr, Port, SOs, sctp, ?FAMILY, ?MODULE);
+	{ok,#sctp_opts{fd=Fd,ifaddr=Addr,port=Port,type=Type,opts=SOs}} ->
+	    inet:open(Fd, Addr, Port, SOs, sctp, ?FAMILY, Type, ?MODULE);
 	Error -> Error
     end.
 
@@ -65,6 +66,14 @@ close(S) ->
 listen(S, Flag) ->
     prim_inet:listen(S, Flag).
 
+peeloff(S, AssocId) ->
+    case prim_inet:peeloff(S, AssocId) of
+	{ok, NewS}=Result ->
+	    inet_db:register_socket(NewS, ?MODULE),
+	    Result;
+	Error -> Error
+    end.
+
 connect(S, Addr, Port, Opts, Timer) ->
     inet_sctp:connect(S, Addr, Port, Opts, Timer).
 
diff --git a/lib/kernel/src/inet6_tcp.erl b/lib/kernel/src/inet6_tcp.erl
index cc45f6c7f6..c714b2bee0 100644
--- a/lib/kernel/src/inet6_tcp.erl
+++ b/lib/kernel/src/inet6_tcp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,7 +93,7 @@ do_connect(Addr = {A,B,C,D,E,F,G,H}, Port, Opts, Time) when
 			   port=BPort,
 			   opts=SockOpts}}
 	when ?ip6(Ab,Bb,Cb,Db,Eb,Fb,Gb,Hb), ?port(BPort) ->
-	    case inet:open(Fd,BAddr,BPort,SockOpts,tcp,inet6,?MODULE) of
+	    case inet:open(Fd,BAddr,BPort,SockOpts,tcp,inet6,stream,?MODULE) of
 		{ok, S} ->
 		    case prim_inet:connect(S, Addr, Port, Time) of
 			ok    -> {ok,S};
@@ -115,7 +115,7 @@ listen(Port, Opts) ->
 			  port=BPort,
 			  opts=SockOpts}=R}
 	when ?ip6(A,B,C,D,E,F,G,H), ?port(BPort) ->
-	    case inet:open(Fd,BAddr,BPort,SockOpts,tcp,inet6,?MODULE) of
+	    case inet:open(Fd,BAddr,BPort,SockOpts,tcp,inet6,stream,?MODULE) of
 		{ok, S} ->
 		    case prim_inet:listen(S, R#listen_opts.backlog) of
 			ok -> {ok, S};
@@ -149,5 +149,5 @@ accept(L,Timeout) ->
 %% Create a port/socket from a file descriptor 
 %%
 fdopen(Fd, Opts) ->
-    inet:fdopen(Fd, Opts, tcp, inet6, ?MODULE).
+    inet:fdopen(Fd, Opts, tcp, inet6, stream, ?MODULE).
 
diff --git a/lib/kernel/src/inet6_udp.erl b/lib/kernel/src/inet6_udp.erl
index e81d417151..ca43c94211 100644
--- a/lib/kernel/src/inet6_udp.erl
+++ b/lib/kernel/src/inet6_udp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -45,7 +45,7 @@ open(Port, Opts) ->
 		       port=BPort,
 		       opts=SockOpts}}
 	when ?ip6(A,B,C,D,E,F,G,H), ?port(BPort) ->
-	    inet:open(Fd,BAddr,BPort,SockOpts,udp,inet6,?MODULE);
+	    inet:open(Fd,BAddr,BPort,SockOpts,udp,inet6,dgram,?MODULE);
 	{ok, _} -> exit(badarg)
     end.
 
@@ -84,4 +84,4 @@ controlling_process(Socket, NewOwner) ->
 %% Create a port/socket from a file descriptor 
 %%
 fdopen(Fd, Opts) ->
-    inet:fdopen(Fd, Opts, udp, inet6, ?MODULE).
+    inet:fdopen(Fd, Opts, udp, inet6, dgram, ?MODULE).
diff --git a/lib/kernel/src/inet_int.hrl b/lib/kernel/src/inet_int.hrl
index 6f1688c6a2..cf893c73eb 100644
--- a/lib/kernel/src/inet_int.hrl
+++ b/lib/kernel/src/inet_int.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -29,7 +29,7 @@
 -define(INET_AF_ANY,          3). % Fake for ANY in any address family
 -define(INET_AF_LOOPBACK,     4). % Fake for LOOPBACK in any address family
 
-%% type codes (gettype, INET_REQ_GETTYPE)
+%% type codes to open and gettype - INET_REQ_GETTYPE
 -define(INET_TYPE_STREAM,     1).
 -define(INET_TYPE_DGRAM,      2).
 -define(INET_TYPE_SEQPACKET,  3).
@@ -83,16 +83,21 @@
 -define(INET_REQ_IFSET,         23).
 -define(INET_REQ_SUBSCRIBE,     24).
 -define(INET_REQ_GETIFADDRS,    25).
+-define(INET_REQ_ACCEPT,        26).
+-define(INET_REQ_LISTEN,        27).
+-define(INET_REQ_IGNOREFD,      28).
+
 %% TCP requests
--define(TCP_REQ_ACCEPT,         40).
--define(TCP_REQ_LISTEN,         41).
+%%-define(TCP_REQ_ACCEPT,         40). MOVED
+%%-define(TCP_REQ_LISTEN,         41). MERGED
 -define(TCP_REQ_RECV,           42).
 -define(TCP_REQ_UNRECV,         43).
 -define(TCP_REQ_SHUTDOWN,       44).
 %% UDP and SCTP requests
 -define(PACKET_REQ_RECV,        60).
--define(SCTP_REQ_LISTEN,        61).
+%%-define(SCTP_REQ_LISTEN,        61). MERGED
 -define(SCTP_REQ_BINDX,	        62). %% Multi-home SCTP bind
+-define(SCTP_REQ_PEELOFF,       63).
 
 %% subscribe codes, INET_REQ_SUBSCRIBE
 -define(INET_SUBS_EMPTY_OUT_Q,  1).
@@ -100,7 +105,7 @@
 %% reply codes for *_REQ_*
 -define(INET_REP_ERROR,    0).
 -define(INET_REP_OK,       1).
--define(INET_REP_SCTP,     2).
+-define(INET_REP,          2).
 
 %% INET, TCP and UDP options:
 -define(INET_OPT_REUSEADDR,      0).
@@ -399,6 +404,7 @@
 	  ifaddr,
 	  port   = 0,
 	  fd	 = -1,
+	  type   = seqpacket,
 	  opts   = [{mode,	  binary},
 		    {buffer,	  ?SCTP_DEF_BUFSZ},
 		    {sndbuf,	  ?SCTP_DEF_BUFSZ},
diff --git a/lib/kernel/src/inet_sctp.erl b/lib/kernel/src/inet_sctp.erl
index de74b573bd..2d799d79fa 100644
--- a/lib/kernel/src/inet_sctp.erl
+++ b/lib/kernel/src/inet_sctp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -31,7 +31,8 @@
 
 -define(FAMILY, inet).
 -export([getserv/1,getaddr/1,getaddr/2,translate_ip/1]).
--export([open/1,close/1,listen/2,connect/5,sendmsg/3,send/4,recv/2]).
+-export([open/1,close/1,listen/2,peeloff/2,connect/5]).
+-export([sendmsg/3,send/4,recv/2]).
 
 
 
@@ -53,8 +54,8 @@ translate_ip(IP) ->
     
 open(Opts) ->
     case inet:sctp_options(Opts, ?MODULE) of
-	{ok,#sctp_opts{fd=Fd,ifaddr=Addr,port=Port,opts=SOs}} ->
-	    inet:open(Fd, Addr, Port, SOs, sctp, ?FAMILY, ?MODULE);
+	{ok,#sctp_opts{fd=Fd,ifaddr=Addr,port=Port,type=Type,opts=SOs}} ->
+	    inet:open(Fd, Addr, Port, SOs, sctp, ?FAMILY, Type, ?MODULE);
 	Error -> Error
     end.
 
@@ -64,6 +65,14 @@ close(S) ->
 listen(S, Flag) ->
     prim_inet:listen(S, Flag).
 
+peeloff(S, AssocId) ->
+    case prim_inet:peeloff(S, AssocId) of
+	{ok, NewS}=Result ->
+	    inet_db:register_socket(NewS, ?MODULE),
+	    Result;
+	Error -> Error
+    end.
+
 %% A non-blocking connect is implemented when the initial call is to
 %% gen_sctp:connect_init which passes the value nowait as the Timer
 connect(S, Addr, Port, Opts, Timer) ->
@@ -102,7 +111,7 @@ connect(S, Addr, Port, Opts, Timer) ->
 
 connect_get_assoc(S, Addr, Port, false, Timer) ->
     case recv(S, inet:timeout(Timer)) of
-	{ok, {Addr, Port, [], #sctp_assoc_change{state=St}=Ev}} ->
+	{ok, {Addr, Port, _, #sctp_assoc_change{state=St}=Ev}} ->
 	    if St =:= comm_up ->
 		    %% Yes, successfully connected, return the whole
 		    %% sctp_assoc_change event (containing, in particular,
@@ -123,7 +132,7 @@ connect_get_assoc(S, Addr, Port, false, Timer) ->
 connect_get_assoc(S, Addr, Port, Active, Timer) ->
     Timeout = inet:timeout(Timer),
     receive
-	{sctp,S,Addr,Port,{[],#sctp_assoc_change{state=St}=Ev}} ->
+	{sctp,S,Addr,Port,{_,#sctp_assoc_change{state=St}=Ev}} ->
 	    case Active of
 		once ->
 		    prim_inet:setopt(S, active, once);
diff --git a/lib/kernel/src/inet_tcp.erl b/lib/kernel/src/inet_tcp.erl
index 6dadccd6a9..4c2db16ce3 100644
--- a/lib/kernel/src/inet_tcp.erl
+++ b/lib/kernel/src/inet_tcp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -95,7 +95,7 @@ do_connect({A,B,C,D}, Port, Opts, Time) when ?ip(A,B,C,D), ?port(Port) ->
 			   port=BPort,
 			   opts=SockOpts}}
 	when ?ip(Ab,Bb,Cb,Db), ?port(BPort) ->
-	    case inet:open(Fd,BAddr,BPort,SockOpts,tcp,inet,?MODULE) of
+	    case inet:open(Fd,BAddr,BPort,SockOpts,tcp,inet,stream,?MODULE) of
 		{ok, S} ->
 		    case prim_inet:connect(S, {A,B,C,D}, Port, Time) of
 			ok    -> {ok,S};
@@ -117,7 +117,7 @@ listen(Port, Opts) ->
 			  port=BPort,
 			  opts=SockOpts}=R}
 	when ?ip(A,B,C,D), ?port(BPort) ->
-	    case inet:open(Fd,BAddr,BPort,SockOpts,tcp,inet,?MODULE) of
+	    case inet:open(Fd,BAddr,BPort,SockOpts,tcp,inet,stream,?MODULE) of
 		{ok, S} ->
 		    case prim_inet:listen(S, R#listen_opts.backlog) of
 			ok -> {ok, S};
@@ -150,4 +150,4 @@ accept(L,Timeout) ->
 %% Create a port/socket from a file descriptor 
 %%
 fdopen(Fd, Opts) ->
-    inet:fdopen(Fd, Opts, tcp, inet, ?MODULE).
+    inet:fdopen(Fd, Opts, tcp, inet, stream, ?MODULE).
diff --git a/lib/kernel/src/inet_udp.erl b/lib/kernel/src/inet_udp.erl
index 60bd96f332..80d930fe10 100644
--- a/lib/kernel/src/inet_udp.erl
+++ b/lib/kernel/src/inet_udp.erl
@@ -52,7 +52,7 @@ open(Port, Opts) ->
 		       ifaddr=BAddr={A,B,C,D},
 		       port=BPort,
 		       opts=SockOpts}} when ?ip(A,B,C,D), ?port(BPort) ->
-	    inet:open(Fd,BAddr,BPort,SockOpts,udp,inet,?MODULE);
+	    inet:open(Fd,BAddr,BPort,SockOpts,udp,inet,dgram,?MODULE);
 	{ok, _} -> exit(badarg)
     end.
 
@@ -93,7 +93,7 @@ controlling_process(Socket, NewOwner) ->
 fdopen(Fd, Opts) ->
     inet:fdopen(Fd, 
 		optuniquify([{recbuf, ?RECBUF} | Opts]), 
-		udp, inet, ?MODULE).
+		udp, inet, dgram, ?MODULE).
 
 
 %% Remove all duplicate options from an option list.
diff --git a/lib/kernel/src/kernel.appup.src b/lib/kernel/src/kernel.appup.src
index 54a63833e6..bded2408a7 100644
--- a/lib/kernel/src/kernel.appup.src
+++ b/lib/kernel/src/kernel.appup.src
@@ -1 +1,27 @@
-{"%VSN%",[],[]}.
+%% -*- erlang -*-
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+{"%VSN%",
+ %% Up from - max two major revisions back
+ [{<<"2\\.15(\\.[0-9]+)*">>,[restart_new_emulator]}, %% R15
+  {<<"2\\.14(\\.[0-9]+)*">>,[restart_new_emulator]}, %% R14
+  {<<"2\\.13(\\.[0-9]+)*">>,[restart_new_emulator]}],%% R13
+ %% Down to - max two major revisions back
+ [{<<"2\\.15(\\.[0-9]+)*">>,[restart_new_emulator]}, %% R15
+  {<<"2\\.14(\\.[0-9]+)*">>,[restart_new_emulator]}, %% R14
+  {<<"2\\.13(\\.[0-9]+)*">>,[restart_new_emulator]}] %% R13
+}.
diff --git a/lib/kernel/src/net_address.hrl b/lib/kernel/src/net_address.hrl
deleted file mode 100644
index 5342076507..0000000000
--- a/lib/kernel/src/net_address.hrl
+++ /dev/null
@@ -1,28 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-
-%% Generic address format
-
--record(net_address,
-	{
-	 address,  %% opaque address
-	 host,     %% host name
-	 protocol, %% protocol
-	 family    %% address family
-	}).
diff --git a/lib/kernel/src/user_drv.erl b/lib/kernel/src/user_drv.erl
index c34f2ddeb0..8f2ca28f56 100644
--- a/lib/kernel/src/user_drv.erl
+++ b/lib/kernel/src/user_drv.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -117,8 +117,9 @@ server1(Iport, Oport, Shell) ->
     {Curr,Shell1} =
 	case init:get_argument(remsh) of
 	    {ok,[[Node]]} ->
-		RShell = {list_to_atom(Node),shell,start,[]},
-		RGr = group:start(self(), RShell),
+		ANode = list_to_atom(Node),
+		RShell = {ANode,shell,start,[]},
+		RGr = group:start(self(), RShell, rem_sh_opts(ANode)),
 		{RGr,RShell};
 	    E when E =:= error ; E =:= {ok,[[]]} ->
 		{group:start(self(), Shell),Shell}
@@ -134,6 +135,9 @@ server1(Iport, Oport, Shell) ->
     %% Enter the server loop.
     server_loop(Iport, Oport, Curr, User, Gr).
 
+rem_sh_opts(Node) ->
+    [{expand_fun,fun(B)-> rpc:call(Node,edlin_expand,expand,[B]) end}].
+
 %% start_user()
 %%  Start a group leader process and register it as 'user', unless,
 %%  of course, a 'user' already exists.
diff --git a/lib/kernel/src/user_sup.erl b/lib/kernel/src/user_sup.erl
index 35b7ff0cfe..cb50d9491d 100644
--- a/lib/kernel/src/user_sup.erl
+++ b/lib/kernel/src/user_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -45,7 +45,7 @@ init([]) ->
 	    Pid = start_slave(Master),
 	    {ok, Pid, Pid};
 	{M, F, A} ->
-	    case start_user({M, F}, A) of
+	    case start_user(M, F, A) of
 		{ok, Pid} ->
 		    {ok, Pid, Pid};
 		Error ->
@@ -95,8 +95,8 @@ terminate(_Reason, UserPid) ->
 %% is guaranteed that the user is started.
 %%-----------------------------------------------------------------
 
-start_user(Func,A) ->
-    apply(Func, A),
+start_user(Mod, Func, A) ->
+    apply(Mod, Func, A),
     wait_for_user_p(100).
 
 wait_for_user_p(0) ->
diff --git a/lib/kernel/test/Makefile b/lib/kernel/test/Makefile
index 82bc3fc6d1..5dcaad3f5e 100644
--- a/lib/kernel/test/Makefile
+++ b/lib/kernel/test/Makefile
@@ -74,7 +74,8 @@ MODULES= \
 	wrap_log_reader_SUITE \
 	cleanup \
 	zlib_SUITE \
-	loose_node
+	loose_node \
+	sendfile_SUITE
 
 APP_FILES = \
 	appinc.app \
diff --git a/lib/kernel/test/application_SUITE.erl b/lib/kernel/test/application_SUITE.erl
index 2c5b8ccb66..f469a0af98 100644
--- a/lib/kernel/test/application_SUITE.erl
+++ b/lib/kernel/test/application_SUITE.erl
@@ -33,7 +33,7 @@
 
 -export([config_change/1,
 	 distr_changed_tc1/1, distr_changed_tc2/1,
-	 shutdown_func/1, do_shutdown/1]).
+	 shutdown_func/1, do_shutdown/1, shutdown_timeout/1]).
 
 -define(TESTCASE, testcase_name).
 -define(testcase, ?config(?TESTCASE, Config)).
@@ -50,7 +50,7 @@ all() ->
      load_use_cache, {group, reported_bugs}, start_phases,
      script_start, nodedown_start, permit_false_start_local,
      permit_false_start_dist, get_key,
-     {group, distr_changed}, config_change, shutdown_func].
+     {group, distr_changed}, config_change, shutdown_func, shutdown_timeout].
 
 groups() -> 
     [{reported_bugs, [],
@@ -1915,6 +1915,32 @@ do_shutdown(Reason) ->
 
 
 
+%%%-----------------------------------------------------------------
+%%% Tests the 'shutdown_timeout' kernel config parameter
+%%%-----------------------------------------------------------------
+shutdown_timeout(Config) when is_list(Config) ->
+    DataDir = ?config(data_dir,Config),
+    {ok,Cp1} = start_node(?MODULE_STRING++"_shutdown_timeout"),
+    wait_for_ready_net(),
+    ok = rpc:call(Cp1, application, set_env, [kernel, shutdown_timeout, 1000]),
+    rpc:call(Cp1, code, add_path, [filename:join([DataDir,deadlock])]),
+    ok = rpc:call(Cp1, application, start, [sasl]),
+    ok = rpc:call(Cp1, application, start, [deadlock]),
+    rpc:call(Cp1, deadlock, restart_and_fail, []),
+
+    ok = net_kernel:monitor_nodes(true),
+    _ = rpc:call(Cp1, init, stop, []),
+    receive
+	{nodedown,Cp1} ->
+	    ok
+    after 10000 ->
+	    ct:fail("timeout 10 sec: node termination hangs")
+    end,
+    ok.
+
+
+
+
 %%-----------------------------------------------------------------
 %% Utility functions
 %%-----------------------------------------------------------------
diff --git a/lib/kernel/test/application_SUITE_data/Makefile.src b/lib/kernel/test/application_SUITE_data/Makefile.src
index a237f6badb..abc3c82907 100644
--- a/lib/kernel/test/application_SUITE_data/Makefile.src
+++ b/lib/kernel/test/application_SUITE_data/Makefile.src
@@ -2,7 +2,8 @@ EFLAGS=+debug_info
            
 all: app_start_error.@EMULATOR@ trans_abnormal_sup.@EMULATOR@ \
      trans_normal_sup.@EMULATOR@ transient.@EMULATOR@ \
-     group_leader_sup.@EMULATOR@ group_leader.@EMULATOR@
+     group_leader_sup.@EMULATOR@ group_leader.@EMULATOR@ \
+     deadlock/deadlock.@EMULATOR@
 
 app_start_error.@EMULATOR@: app_start_error.erl
 	erlc $(EFLAGS) app_start_error.erl
@@ -22,3 +23,5 @@ group_leader.@EMULATOR@: group_leader.erl
 group_leader_sup.@EMULATOR@: group_leader_sup.erl
 	erlc $(EFLAGS) group_leader_sup.erl
 
+deadlock/deadlock.@EMULATOR@: deadlock/deadlock.erl
+	erlc $(EFLAGS) -o deadlock deadlock/deadlock.erl
\ No newline at end of file
diff --git a/lib/kernel/test/application_SUITE_data/deadlock/deadlock.app b/lib/kernel/test/application_SUITE_data/deadlock/deadlock.app
new file mode 100644
index 0000000000..0c1001bed6
--- /dev/null
+++ b/lib/kernel/test/application_SUITE_data/deadlock/deadlock.app
@@ -0,0 +1,8 @@
+{application, deadlock, [
+  {vsn, "1"},
+  {registered, []},
+  {applications, [kernel, stdlib, sasl]},
+  {modules, [deadlock]},
+  {mod, {deadlock, []}},
+  {env, [{fail_start, false}]}
+]}.
diff --git a/lib/kernel/test/application_SUITE_data/deadlock/deadlock.erl b/lib/kernel/test/application_SUITE_data/deadlock/deadlock.erl
new file mode 100644
index 0000000000..5f68bf9078
--- /dev/null
+++ b/lib/kernel/test/application_SUITE_data/deadlock/deadlock.erl
@@ -0,0 +1,69 @@
+-module(deadlock).
+-behaviour(application).
+-compile(export_all).
+-define(SUP,deadlock_sup).
+-define(CHILD,deadlock_child).
+
+
+%%%-----------------------------------------------------------------
+%%% application callbacks
+start(_StartType, _StartArgs) ->
+    supervisor:start_link({local, ?SUP}, ?MODULE, [sup]).
+
+stop(_State) ->
+    ok.
+
+
+
+%%%-----------------------------------------------------------------
+%%% supervisor callbacks
+init([sup]) ->
+    {ok, {{one_for_one, 5, 10}, [
+        {
+            sasl_syslog_dm, {?MODULE, start_link, []},
+            permanent, brutal_kill, worker,
+            [deadlock]
+        }
+    ]}};
+
+
+%%%-----------------------------------------------------------------
+%%% gen_server callbacks
+init([child]) ->
+    case application:get_env(deadlock, fail_start) of
+        {ok, false} ->
+            %% we must not fail on the first init, otherwise supervisor
+            %% terminates immediately
+            {ok, []};
+        {ok, true}  ->
+	    timer:sleep(infinity), % init hangs!!!!
+	    {ok, []}
+    end.
+
+handle_call(_Req, _From, State) ->
+    {reply, ok, State}.
+
+handle_cast(restart, State) ->
+    {stop, error, State}.
+
+handle_info(_Msg, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+
+%%%-----------------------------------------------------------------
+%%% Start child
+start_link() ->
+    gen_server:start_link({local, ?CHILD}, ?MODULE, [child], []).
+
+
+%%%-----------------------------------------------------------------
+%%% Provoke hanging
+restart_and_fail() ->
+    application:set_env(deadlock, fail_start, true), % next init will hang
+    gen_server:cast(?CHILD, restart).
diff --git a/lib/kernel/test/code_SUITE.erl b/lib/kernel/test/code_SUITE.erl
index b677f34ed0..99b0cd2ffb 100644
--- a/lib/kernel/test/code_SUITE.erl
+++ b/lib/kernel/test/code_SUITE.erl
@@ -30,9 +30,9 @@
 	 load_cached/1, start_node_with_cache/1, add_and_rehash/1,
 	 where_is_file_cached/1, where_is_file_no_cache/1,
 	 purge_stacktrace/1, mult_lib_roots/1, bad_erl_libs/1,
-	 code_archive/1, code_archive2/1, on_load/1,
-	 big_boot_embedded/1,
-	 on_load_embedded/1, on_load_errors/1, native_early_modules/1]).
+	 code_archive/1, code_archive2/1, on_load/1, on_load_binary/1,
+	 on_load_embedded/1, on_load_errors/1, big_boot_embedded/1,
+	 native_early_modules/1]).
 
 -export([init_per_testcase/2, end_per_testcase/2, 
 	 init_per_suite/1, end_per_suite/1,
@@ -55,8 +55,8 @@ all() ->
      add_and_rehash, where_is_file_no_cache,
      where_is_file_cached, purge_stacktrace, mult_lib_roots,
      bad_erl_libs, code_archive, code_archive2, on_load,
-     on_load_embedded, big_boot_embedded, on_load_errors, 
-     native_early_modules].
+     on_load_binary, on_load_embedded, on_load_errors,
+     big_boot_embedded, native_early_modules].
 
 groups() -> 
     [].
@@ -995,9 +995,9 @@ purge_stacktrace(Config) when is_list(Config) ->
 	error:function_clause ->
 	    ?line code:load_file(code_b_test),
 	    ?line case erlang:get_stacktrace() of
-		      [{?MODULE,_,[a]},
-		       {code_b_test,call,2},
-		       {?MODULE,purge_stacktrace,1}|_] ->
+		      [{?MODULE,_,[a],_},
+		       {code_b_test,call,2,_},
+		       {?MODULE,purge_stacktrace,1,_}|_] ->
 			  ?line false = code:purge(code_b_test),
 			  ?line [] = erlang:get_stacktrace()
 		  end
@@ -1007,8 +1007,8 @@ purge_stacktrace(Config) when is_list(Config) ->
 	error:function_clause ->
 	    ?line code:load_file(code_b_test),
 	    ?line case erlang:get_stacktrace() of
-		      [{code_b_test,call,[nofun,2]},
-		       {?MODULE,purge_stacktrace,1}|_] ->
+		      [{code_b_test,call,[nofun,2],_},
+		       {?MODULE,purge_stacktrace,1,_}|_] ->
 			  ?line false = code:purge(code_b_test),
 			  ?line [] = erlang:get_stacktrace()
 		  end
@@ -1019,8 +1019,8 @@ purge_stacktrace(Config) when is_list(Config) ->
 	error:badarg ->
 	    ?line code:load_file(code_b_test),
 	    ?line case erlang:get_stacktrace() of
-		      [{code_b_test,call,Args},
-		       {?MODULE,purge_stacktrace,1}|_] ->
+		      [{code_b_test,call,Args,_},
+		       {?MODULE,purge_stacktrace,1,_}|_] ->
 			  ?line false = code:purge(code_b_test),
 			  ?line [] = erlang:get_stacktrace()
 		  end
@@ -1286,6 +1286,45 @@ on_load_wait_for_all([Ref|T]) ->
     end;
 on_load_wait_for_all([]) -> ok.
 
+on_load_binary(_) ->
+    Master = on_load_binary_test_case_process,
+    register(Master, self()),
+
+    %% Construct, compile and pretty-print.
+    Mod = on_load_binary,
+    File = atom_to_list(Mod) ++ ".erl",
+    Forms = [{attribute,1,file,{File,1}},
+	     {attribute,1,module,Mod},
+	     {attribute,2,export,[{ok,0}]},
+	     {attribute,3,on_load,{init,0}},
+	     {function,5,init,0,
+	      [{clause,5,[],[],
+		[{op,6,'!',
+		  {atom,6,Master},
+		  {tuple,6,[{atom,6,Mod},{call,6,{atom,6,self},[]}]}},
+		 {'receive',7,[{clause,8,[{atom,8,go}],[],[{atom,8,ok}]}]}]}]},
+	     {function,11,ok,0,[{clause,11,[],[],[{atom,11,true}]}]}],
+    {ok,Mod,Bin} = compile:forms(Forms, [report]),
+    [io:put_chars(erl_pp:form(F)) || F <- Forms],
+
+    {Pid1,Ref1} = spawn_monitor(fun() ->
+					code:load_binary(Mod, File, Bin),
+					true = on_load_binary:ok()
+				end),
+    receive {Mod,OnLoadPid} -> ok end,
+    {Pid2,Ref2} = spawn_monitor(fun() ->
+					true = on_load_binary:ok()
+				end),
+    erlang:yield(),
+    OnLoadPid ! go,
+    receive {'DOWN',Ref1,process,Pid1,Exit1} -> ok end,
+    receive {'DOWN',Ref2,process,Pid2,Exit2} -> ok end,
+    normal = Exit1,
+    normal = Exit2,
+    true = code:delete(on_load_binary),
+    false = code:purge(on_load_binary),
+    ok.
+
 on_load_embedded(Config) when is_list(Config) ->
     try
 	on_load_embedded_1(Config)
@@ -1481,7 +1520,7 @@ do_on_load_error(ReturnValue) ->
     ?line ErrorPid ! ReturnValue,
     receive
 	{'DOWN',Ref,process,_,Exit} ->
-	    ?line {undef,[{on_load_error,main,[]}|_]} = Exit
+	    ?line {undef,[{on_load_error,main,[],_}|_]} = Exit
     end.
 
 native_early_modules(suite) -> [];
diff --git a/lib/kernel/test/disk_log_SUITE.erl b/lib/kernel/test/disk_log_SUITE.erl
index ee1e2319b5..ad987fe7a7 100644
--- a/lib/kernel/test/disk_log_SUITE.erl
+++ b/lib/kernel/test/disk_log_SUITE.erl
@@ -1831,11 +1831,16 @@ block_queue2(Conf) when is_list(Conf) ->
     %% Asynchronous stuff is ignored.
     ?line ok = disk_log:balog_terms(n, [<<"foo">>,<<"bar">>]),
     ?line ok = disk_log:balog_terms(n, [<<"more">>,<<"terms">>]),
+    Parent = self(),
     ?line Fun = 
-        fun() -> {error,disk_log_stopped} = disk_log:sync(n)
+        fun() ->
+                {error,no_such_log} = disk_log:sync(n),
+                receive {disk_log, _, {error, disk_log_stopped}} -> ok end,
+                Parent ! disk_log_stopped_ok
         end,
     ?line spawn(Fun),
     ?line ok = sync_do(Pid, close),
+    ?line receive disk_log_stopped_ok -> ok end,
     ?line sync_do(Pid, terminate),
     ?line {ok,<<>>} = file:read_file(File ++ ".1"),
     ?line del(File, No),    
@@ -2708,7 +2713,7 @@ error_log(Conf) when is_list(Conf) ->
     % reopen (rename) fails, the log is terminated, ./File.2/ exists
     ?line {ok, n} = disk_log:open([{name, n}, {file, File}, {type, halt},
 				   {format, external},{size, 100000}]),
-    ?line {error, eisdir} = disk_log:reopen(n, LDir),
+    ?line {error, {file_error, _, eisdir}} = disk_log:reopen(n, LDir),
     ?line true = (P0 == pps()),
     ?line file:delete(File),
 
@@ -2719,7 +2724,7 @@ error_log(Conf) when is_list(Conf) ->
     ?line {ok, n} = disk_log:open([{name, n}, {file, File2}, {type, wrap},
 				   {format, external},{size, {100, No}}]),
     ?line ok = disk_log:blog_terms(n, [B,B,B]),
-    ?line {error, eisdir} = disk_log:reopen(n, File),
+    ?line {error, {file_error, _, eisdir}} = disk_log:reopen(n, File),
     ?line {error, no_such_log} = disk_log:close(n),
     ?line del(File2, No),
     ?line del(File, No),
diff --git a/lib/kernel/test/erl_boot_server_SUITE.erl b/lib/kernel/test/erl_boot_server_SUITE.erl
index cea3715ce4..bb64c01058 100644
--- a/lib/kernel/test/erl_boot_server_SUITE.erl
+++ b/lib/kernel/test/erl_boot_server_SUITE.erl
@@ -346,7 +346,7 @@ good_hosts(_Config) ->
     [GoodHost1, GoodHost2, GoodHost3].
 
 open_udp() ->
-    ?line {ok, S} = prim_inet:open(udp, inet),
+    ?line {ok, S} = prim_inet:open(udp, inet, dgram),
     ?line ok = prim_inet:setopts(S, [{mode,list},{active,true}, 
 				     {deliver,term},{broadcast,true}]),
     ?line {ok,_} = prim_inet:bind(S, {0,0,0,0}, 0),
diff --git a/lib/kernel/test/file_SUITE.erl b/lib/kernel/test/file_SUITE.erl
index 77fc7e73f9..2b6af7e1fb 100644
--- a/lib/kernel/test/file_SUITE.erl
+++ b/lib/kernel/test/file_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -78,7 +78,7 @@
 
 -export([altname/1]).
 
--export([large_file/1]).
+-export([large_file/1, large_write/1]).
 
 -export([read_line_1/1, read_line_2/1, read_line_3/1,read_line_4/1]).
 
@@ -92,6 +92,8 @@
 -export([bytes/2, iterate/3]).
 
 
+%% System probe functions that might be handy to check from the shell
+-export([disc_free/1, memsize/0]).
 
 -include_lib("test_server/include/test_server.hrl").
 -include_lib("kernel/include/file.hrl").
@@ -106,7 +108,7 @@ all() ->
      {group, compression}, {group, links}, copy,
      delayed_write, read_ahead, segment_read, segment_write,
      ipread, pid2name, interleaved_read_write, otp_5814,
-     large_file, read_line_1, read_line_2, read_line_3,
+     large_file, large_write, read_line_1, read_line_2, read_line_3,
      read_line_4, standard_io].
 
 groups() -> 
@@ -143,6 +145,13 @@ end_per_group(_GroupName, Config) ->
 
 
 init_per_suite(Config) when is_list(Config) ->
+    SaslConfig = case application:start(sasl) of
+		     {error, {already_started, sasl}} ->
+			 [];
+		     ok ->
+			 [{sasl,started}]
+		 end,
+    ok = application:start(os_mon),
     case os:type() of
 	{win32, _} ->
 	    Priv = ?config(priv_dir, Config),
@@ -154,9 +163,9 @@ init_per_suite(Config) when is_list(Config) ->
 		    {ok, _} ->
 			[]
 		end,
-	    ?FILE_INIT(HasAccessTime++Config);
+	    ?FILE_INIT(HasAccessTime++Config++SaslConfig);
 	_ ->
-	    ?FILE_INIT(Config)
+	    ?FILE_INIT(Config++SaslConfig)
     end.
 
 end_per_suite(Config) when is_list(Config) ->
@@ -166,6 +175,13 @@ end_per_suite(Config) when is_list(Config) ->
 	_ ->
 	    ok
     end,
+    application:stop(os_mon),
+    case proplists:get_value(sasl, Config) of
+	started ->
+	    application:stop(sasl);
+	_Else ->
+	    ok
+    end,
     ?FILE_FINI(Config).
 
 init_per_testcase(_Func, Config) ->
@@ -394,6 +410,7 @@ make_del_dir(Config) when is_list(Config) ->
 	%% Don't worry ;-) the parent directory should never be empty, right?
 	?line case ?FILE_MODULE:del_dir('..') of
 		  {error, eexist} -> ok;
+		  {error, eacces} -> ok;		%OpenBSD
 		  {error, einval} -> ok			%FreeBSD
 	      end,
 	?line {error, enoent} = ?FILE_MODULE:del_dir(""),
@@ -3144,12 +3161,12 @@ ipread_int(Dir, ModeList) ->
 		{fun (Bin) when is_binary(Bin) -> Bin;
 		     (List) when is_list(List) -> list_to_binary(List)
 		 end, 
-		 {erlang, size}};
+		 fun erlang:byte_size/1};
 	    false ->
 		{fun (Bin) when is_binary(Bin) -> binary_to_list(Bin);
 		     (List) when is_list(List) -> List
 		 end, 
-		 {erlang, length}}
+		 fun erlang:length/1}
 	end,
     ?line Pos = 4711,
     ?line Data = Conv("THE QUICK BROWN FOX JUMPS OVER A LAZY DOG"),
@@ -3287,50 +3304,13 @@ large_file(suite) ->
 large_file(doc) ->
     ["Tests positioning in large files (> 4G)"];
 large_file(Config) when is_list(Config) ->
-    case {os:type(),os:version()} of
-	{{win32,nt},_} ->
-	    do_large_file(Config);
-	{{unix,sunos},{A,B,C}}
-	when A == 5, B == 5, C >= 1;   A == 5, B >= 6;   A >= 6 ->
-	    do_large_file(Config);
-	{{unix,Unix},_} when Unix =/= sunos ->
-	    N = unix_free(Config),
-	    io:format("Free: ~w KByte~n", [N]),
-	    if N < 5 * (1 bsl 20) ->
-		    %% Less than 5 GByte free
-		    {skipped,"Less than 5 GByte free"};
-	       true ->
-		    do_large_file(Config)
-	    end;
-	_ -> 
-	    {skipped,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
-    end.
+    run_large_file_test(Config,
+			fun(Name) -> do_large_file(Name) end,
+			"_large_file").
 
-unix_free(Config) ->
-    Cmd = ["df -k '",?config(priv_dir, Config),"'"],
-    DF0 = os:cmd(Cmd),
-    io:format("$ ~s~n~s", [Cmd,DF0]),
-    [$\n|DF1] = lists:dropwhile(fun ($\n) -> false; (_) -> true end, DF0),
-    {ok,[N],_} = io_lib:fread(" ~*s ~d", DF1),
-    N.
+do_large_file(Name) ->
+    ?line Watchdog = ?t:timetrap(?t:minutes(20)),
 
-do_large_file(Config) ->
-    ?line Watchdog = ?t:timetrap(?t:minutes(5)),
-    %%
-    ?line Name = filename:join(?config(priv_dir, Config),
-			       ?MODULE_STRING ++ "_large_file"),
-    ?line Tester = self(),
-    Deleter = 
-	spawn(
-	  fun() ->
-		  Mref = erlang:monitor(process, Tester),
-		  receive
-		      {'DOWN',Mref,_,_,_} -> ok;
-		      {Tester,done} -> ok
-		  end,
-		  ?FILE_MODULE:delete(Name)
-	  end),
-    %%
     ?line S = "1234567890",
     L = length(S),
     R = lists:reverse(S),
@@ -3366,15 +3346,36 @@ do_large_file(Config) ->
     ?line {ok,R}   = ?FILE_MODULE:read(F1, L+1),
     ?line ok       = ?FILE_MODULE:close(F1),
     %%
-    ?line Mref = erlang:monitor(process, Deleter),
-    ?line Deleter ! {Tester,done},
-    ?line receive {'DOWN',Mref,_,_,_} -> ok end,
-    %%
     ?line ?t:timetrap_cancel(Watchdog),
     ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
+large_write(Config) when is_list(Config) ->
+    run_large_file_test(Config,
+			fun(Name) -> do_large_write(Name) end,
+			"_large_write").
+
+do_large_write(Name) ->
+    Memsize = memsize(),
+    io:format("Memsize = ~w Bytes~n", [Memsize]),
+    case {erlang:system_info(wordsize),Memsize} of
+	{4,_} ->
+	    {skip,"Needs a 64-bit emulator"};
+	{8,N} when N < 6 bsl 30 ->
+	    {skip,
+	     "This machine has < 6 GB  memory: "
+	     ++integer_to_list(N)};
+	{8,_} ->
+	    Size = 4*1024*1024*1024+1,
+	    Bin = <<0:Size/unit:8>>,
+	    ok = file:write_file(Name, Bin),
+	    {ok,#file_info{size=Size}} = file:read_file_info(Name),
+	    ok
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
 
 
 response_analysis(Module, Function, Arguments) ->
@@ -3950,3 +3951,67 @@ flush(Msgs) ->
     after 0 ->
 	    lists:reverse(Msgs)
     end.
+
+%%%
+%%% Support for testing large files.
+%%%
+
+run_large_file_test(Config, Run, Name) ->
+    case {os:type(),os:version()} of
+	{{win32,nt},_} ->
+	    do_run_large_file_test(Config, Run, Name);
+	{{unix,sunos},OsVersion} when OsVersion < {5,5,1} ->
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"};
+	{{unix,_},_} ->
+	    N = disc_free(?config(priv_dir, Config)),
+	    io:format("Free disk: ~w KByte~n", [N]),
+	    if N < 5 * (1 bsl 20) ->
+		    %% Less than 5 GByte free
+		    {skip,"Less than 5 GByte free"};
+	       true ->
+		    do_run_large_file_test(Config, Run, Name)
+	    end;
+	_ -> 
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
+    end.
+
+
+do_run_large_file_test(Config, Run, Name0) ->
+    Name = filename:join(?config(priv_dir, Config),
+			 ?MODULE_STRING ++ Name0),
+    
+    %% Set up a process that will delete this file.
+    Tester = self(),
+    Deleter = 
+	spawn(
+	  fun() ->
+		  Mref = erlang:monitor(process, Tester),
+		  receive
+		      {'DOWN',Mref,_,_,_} -> ok;
+		      {Tester,done} -> ok
+		  end,
+		  ?FILE_MODULE:delete(Name)
+	  end),
+    
+    %% Run the test case.
+    Res = Run(Name),
+
+    %% Delete file and finish deleter process.
+    Mref = erlang:monitor(process, Deleter),
+    Deleter ! {Tester,done},
+    receive {'DOWN',Mref,_,_,_} -> ok end,
+
+    Res.
+
+disc_free(Path) ->
+    Data = disksup:get_disk_data(),
+    {_,Tot,Perc} = hd(lists:filter(
+			fun({P,_Size,_Full}) ->
+				lists:prefix(filename:nativename(P),
+					     filename:nativename(Path))
+			end, lists:reverse(lists:sort(Data)))),
+    round(Tot * (1-(Perc/100))).
+
+memsize() ->
+    {Tot,_Used,_}  = memsup:get_memory_data(),
+    Tot.
diff --git a/lib/kernel/test/gen_sctp_SUITE.erl b/lib/kernel/test/gen_sctp_SUITE.erl
index 1b534a5fc4..8f490b6643 100644
--- a/lib/kernel/test/gen_sctp_SUITE.erl
+++ b/lib/kernel/test/gen_sctp_SUITE.erl
@@ -30,33 +30,31 @@
 -export(
    [basic/1,
     api_open_close/1,api_listen/1,api_connect_init/1,api_opts/1,
-    xfer_min/1,xfer_active/1,def_sndrcvinfo/1,implicit_inet6/1]).
+    xfer_min/1,xfer_active/1,def_sndrcvinfo/1,implicit_inet6/1,
+    basic_stream/1, xfer_stream_min/1, peeloff/1, buffers/1]).
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [basic, api_open_close, api_listen, api_connect_init,
-     api_opts, xfer_min, xfer_active, def_sndrcvinfo,
-     implicit_inet6].
+     api_opts, xfer_min, xfer_active, def_sndrcvinfo, implicit_inet6,
+     basic_stream, xfer_stream_min, peeloff, buffers].
 
 groups() -> 
     [].
 
-init_per_suite(Config) ->
-    try gen_sctp:open() of
+init_per_suite(_Config) ->
+    case gen_sctp:open() of
 	{ok,Socket} ->
 	    gen_sctp:close(Socket),
 	    [];
-	_ ->
-	    []
-    catch
-	error:badarg ->
-	    {skip,"SCTP not supported on this machine"};
-	_:_ ->
-	    Config
+	{error,Error}
+	  when Error =:= eprotonosupport;
+	       Error =:= esocktnosupport ->
+	    {skip,"SCTP not supported on this machine"}
     end.
 
-end_per_suite(_Conifig) ->
+end_per_suite(_Config) ->
     ok.
 
 init_per_group(_GroupName, Config) ->
@@ -96,7 +94,7 @@ xfer_min(Config) when is_list(Config) ->
     ?line Stream = 0,
     ?line Data = <<"The quick brown fox jumps over a lazy dog 0123456789">>,
     ?line Loopback = {127,0,0,1},
-    ?line {ok,Sb} = gen_sctp:open(),
+    ?line {ok,Sb} = gen_sctp:open([{type,seqpacket}]),
     ?line {ok,Pb} = inet:port(Sb),
     ?line ok = gen_sctp:listen(Sb, true),
     
@@ -108,29 +106,44 @@ xfer_min(Config) when is_list(Config) ->
 				 inbound_streams=SaInboundStreams,
 				 assoc_id=SaAssocId}=SaAssocChange} =
 	gen_sctp:connect(Sa, Loopback, Pb, []),
-    ?line {ok,{Loopback,
-	       Pa,[],
+    ?line {SbAssocId,SaOutboundStreams,SaInboundStreams} =
+	case recv_event(log_ok(gen_sctp:recv(Sb, infinity))) of
+	      {Loopback,Pa,
 	       #sctp_assoc_change{state=comm_up,
 				  error=0,
 				  outbound_streams=SbOutboundStreams,
 				  inbound_streams=SbInboundStreams,
-				  assoc_id=SbAssocId}}} =
-	gen_sctp:recv(Sb, infinity),
-    ?line SaOutboundStreams = SbInboundStreams,
-    ?line SbOutboundStreams = SaInboundStreams,
+				  assoc_id=AssocId}} ->
+		  {AssocId,SbInboundStreams,SbOutboundStreams};
+	      {Loopback,Pa,
+	       #sctp_paddr_change{state=addr_confirmed,
+				  addr={Loopback,Pa},
+				  error=0,
+				  assoc_id=AssocId}} ->
+		{Loopback,Pa,
+		 #sctp_assoc_change{state=comm_up,
+				    error=0,
+				    outbound_streams=SbOutboundStreams,
+				    inbound_streams=SbInboundStreams,
+				    assoc_id=AssocId}} =
+		    ?line recv_event(log_ok(gen_sctp:recv(Sb, infinity))),
+		{AssocId,SbInboundStreams,SbOutboundStreams}
+	end,
+
     ?line ok = gen_sctp:send(Sa, SaAssocId, 0, Data),
-    ?line case gen_sctp:recv(Sb, infinity) of
-	      {ok,{Loopback,
-		   Pa,
-		   [#sctp_sndrcvinfo{stream=Stream,
-				     assoc_id=SbAssocId}],
-		   Data}} -> ok;
-	      {ok,{Loopback,
-		   Pa,[],
+    ?line case log_ok(gen_sctp:recv(Sb, infinity)) of
+	      {Loopback,
+	       Pa,
+	       [#sctp_sndrcvinfo{stream=Stream,
+				 assoc_id=SbAssocId}],
+	       Data} -> ok;
+	      Event1 ->
+		  {Loopback,Pa,
 		   #sctp_paddr_change{addr = {Loopback,_},
 				      state = addr_available,
 				      error = 0,
-				      assoc_id = SbAssocId}}} ->
+				      assoc_id = SbAssocId}} =
+		      recv_event(Event1),
 		  {ok,{Loopback,
 		       Pa,
 		       [#sctp_sndrcvinfo{stream=Stream,
@@ -138,30 +151,40 @@ xfer_min(Config) when is_list(Config) ->
 		       Data}} =	gen_sctp:recv(Sb, infinity)
 	  end,
     ?line ok = gen_sctp:send(Sb, SbAssocId, 0, Data),
-    ?line {ok,{Loopback,
-	       Pb,
+    ?line case log_ok(gen_sctp:recv(Sa, infinity)) of
+	      {Loopback,Pb,
 	       [#sctp_sndrcvinfo{stream=Stream,
 				 assoc_id=SaAssocId}],
-	       Data}} =
-	gen_sctp:recv(Sa, infinity),
+	       Data} ->
+		  ok;
+	      Event2 ->
+		  {Loopback,Pb,
+		   #sctp_paddr_change{addr={_,Pb},
+				      state=addr_confirmed,
+				      error=0,
+				      assoc_id=SaAssocId}} =
+		      ?line recv_event(Event2),
+		  ?line {Loopback,
+			 Pb,
+			 [#sctp_sndrcvinfo{stream=Stream,
+					   assoc_id=SaAssocId}],
+			 Data} =
+		      log_ok(gen_sctp:recv(Sa, infinity))
+	  end,
     %%
     ?line ok = gen_sctp:eof(Sa, SaAssocChange),
-    ?line {ok,{Loopback,
- 	       Pa,[],
- 	       #sctp_shutdown_event{assoc_id=SbAssocId}}} =
- 	gen_sctp:recv(Sb, infinity),
-    ?line {ok,{Loopback,
- 	       Pb,[],
- 	       #sctp_assoc_change{state=shutdown_comp,
- 				  error=0,
- 				  assoc_id=SaAssocId}}} =
- 	gen_sctp:recv(Sa, infinity),
-    ?line {ok,{Loopback,
- 	       Pa,[],
- 	       #sctp_assoc_change{state=shutdown_comp,
- 				  error=0,
- 				  assoc_id=SbAssocId}}} =
- 	gen_sctp:recv(Sb, infinity),
+    ?line {Loopback,Pa,#sctp_shutdown_event{assoc_id=SbAssocId}} =
+	recv_event(log_ok(gen_sctp:recv(Sb, infinity))),
+    ?line {Loopback,Pb,
+	   #sctp_assoc_change{state=shutdown_comp,
+			      error=0,
+			      assoc_id=SaAssocId}} =
+	recv_event(log_ok(gen_sctp:recv(Sa, infinity))),
+    ?line {Loopback,Pa,
+	   #sctp_assoc_change{state=shutdown_comp,
+			      error=0,
+			      assoc_id=SbAssocId}} =
+	recv_event(log_ok(gen_sctp:recv(Sb, infinity))),
     ?line ok = gen_sctp:close(Sa),
     ?line ok = gen_sctp:close(Sb),
     
@@ -186,32 +209,52 @@ xfer_active(Config) when is_list(Config) ->
     
     ?line {ok,Sa} = gen_sctp:open([{active,true}]),
     ?line {ok,Pa} = inet:port(Sa),
-    ?line {ok,#sctp_assoc_change{state=comm_up,
-				 error=0,
-				 outbound_streams=SaOutboundStreams,
-				 inbound_streams=SaInboundStreams,
-				 assoc_id=SaAssocId}=SaAssocChange} =
-	gen_sctp:connect(Sa, Loopback, Pb, []),
+    ?line ok = gen_sctp:connect_init(Sa, Loopback, Pb, []),
+    ?line #sctp_assoc_change{state=comm_up,
+			     error=0,
+			     outbound_streams=SaOutboundStreams,
+			     inbound_streams=SaInboundStreams,
+			     assoc_id=SaAssocId} = SaAssocChange =
+	recv_assoc_change(Sa, Loopback, Pb, Timeout),
     ?line io:format("Sa=~p, Pa=~p, Sb=~p, Pb=~p, SaAssocId=~p, "
 		    "SaOutboundStreams=~p, SaInboundStreams=~p~n",
 		    [Sa,Pa,Sb,Pb,SaAssocId,
 		     SaOutboundStreams,SaInboundStreams]),
-    ?line SbAssocId = 
-	receive
-	    {sctp,Sb,Loopback,Pa,
-	     {[],
-	      #sctp_assoc_change{state=comm_up,
-				 error=0,
-				   outbound_streams=SbOutboundStreams,
-				 inbound_streams=SbInboundStreams,
-				 assoc_id=SBAI}}} ->
-		?line SaOutboundStreams = SbInboundStreams,
-		?line  SaInboundStreams = SbOutboundStreams,
-		SBAI
-	after Timeout ->
-		?line test_server:fail({unexpected,flush()})
-	end,
+    ?line #sctp_assoc_change{state=comm_up,
+			     error=0,
+			     outbound_streams=SbOutboundStreams,
+			     inbound_streams=SbInboundStreams,
+			     assoc_id=SbAssocId} =
+	recv_assoc_change(Sb, Loopback, Pa, Timeout),
+    ?line SbOutboundStreams = SaInboundStreams,
+    ?line SbInboundStreams = SaOutboundStreams,
     ?line io:format("SbAssocId=~p~n", [SbAssocId]),
+
+    ?line case recv_paddr_change(Sa, Loopback, Pb, 314) of
+	      #sctp_paddr_change{state=addr_confirmed,
+				 addr={_,Pb},
+				 error=0,
+				 assoc_id=SaAssocId} -> ok;
+	      #sctp_paddr_change{state=addr_available,
+				 addr={_,Pb},
+				 error=0,
+				 assoc_id=SaAssocId} -> ok;
+	      timeout -> ok
+	  end,
+    ?line case recv_paddr_change(Sb, Loopback, Pa, 314) of
+	      #sctp_paddr_change{state=addr_confirmed,
+				 addr={Loopback,Pa},
+				 error=0,
+				 assoc_id=SbAssocId} -> ok;
+	      #sctp_paddr_change{state=addr_available,
+				 addr={Loopback,P},
+				 error=0,
+				 assoc_id=SbAssocId} ->
+		  ?line match_unless_solaris(Pa, P);
+	      timeout -> ok
+	  end,
+    ?line [] = flush(),
+
     ?line ok =
 	do_from_other_process(
 	  fun () -> gen_sctp:send(Sa, SaAssocId, 0, Data) end),
@@ -219,21 +262,9 @@ xfer_active(Config) when is_list(Config) ->
 	      {sctp,Sb,Loopback,Pa,
 	       {[#sctp_sndrcvinfo{stream=Stream,
 				  assoc_id=SbAssocId}],
-		Data}} -> ok;
-	      {sctp,Sb,Loopback,Pa,
-	       {[],
-		#sctp_paddr_change{addr = {Loopback,_},
-				   state = addr_available,
-				   error = 0,
-				   assoc_id = SbAssocId}}} ->
-		  ?line receive
-			    {sctp,Sb,Loopback,Pa,
-			     {[#sctp_sndrcvinfo{stream=Stream,
-						assoc_id=SbAssocId}],
-			      Data}} -> ok
-			end
+		Data}} -> ok
 	  after Timeout ->
-		  ?line test_server:fail({unexpected,flush()})
+		  ?line test_server:fail({timeout,flush()})
 	  end,
     ?line ok = gen_sctp:send(Sb, SbAssocId, 0, Data),
     ?line receive
@@ -242,31 +273,28 @@ xfer_active(Config) when is_list(Config) ->
 				  assoc_id=SaAssocId}],
 		Data}} -> ok
 	  after Timeout ->
-		  ?line test_server:fail({unexpected,flush()})
+		  ?line test_server:fail({timeout,flush()})
 	  end,
     %%
     ?line ok = gen_sctp:abort(Sa, SaAssocChange),
-    ?line receive
-	      {sctp,Sb,Loopback,Pa,
-	       {[],
-		#sctp_assoc_change{state=comm_lost,
-				   assoc_id=SbAssocId}}} -> ok
-	  after Timeout ->
-		  ?line test_server:fail({unexpected,flush()})
+    ?line case recv_assoc_change(Sb, Loopback, Pa, Timeout) of
+	      #sctp_assoc_change{state=comm_lost,
+				 assoc_id=SbAssocId} -> ok;
+	      timeout ->
+		  ?line test_server:fail({timeout,flush()})
 	  end,
     ?line ok = gen_sctp:close(Sb),
+    ?line case recv_assoc_change(Sa, Loopback, Pb, Timeout) of
+	      #sctp_assoc_change{state=comm_lost,
+				 assoc_id=SaAssocId} -> ok;
+	      timeout ->
+		  ?line io:format("timeout waiting for comm_lost on Sa~n"),
+		  ?line match_unless_solaris(ok, {timeout,flush()})
+	  end,
     ?line receive
-              {sctp,Sa,Loopback,Pb,
-               {[],
-                #sctp_assoc_change{state=comm_lost,
-                                   assoc_id=SaAssocId}}} -> ok
-          after Timeout ->
-                  ?line test_server:fail({unexpected,flush()})
-          end,
-    ?line receive
-              {sctp_error,Sa,enotconn} -> ok % Solaris
-          after 17 -> ok %% Only happens on Solaris
-          end,
+	      {sctp_error,Sa,enotconn} -> ok % Solaris
+	  after 17 -> ok
+	  end,
     ?line ok = gen_sctp:close(Sa),
     %%
     ?line receive
@@ -275,6 +303,30 @@ xfer_active(Config) when is_list(Config) ->
 	  end,
     ok.
 
+recv_assoc_change(S, Addr, Port, Timeout) ->
+    receive
+	{sctp,S,Addr,Port,{[], #sctp_assoc_change{}=AssocChange}} ->
+	    AssocChange;
+	{sctp,S,Addr,Port,
+	 {[#sctp_sndrcvinfo{assoc_id=AssocId}],
+	  #sctp_assoc_change{assoc_id=AssocId}=AssocChange}} ->
+	    AssocChange
+    after Timeout ->
+	    timeout
+    end.
+
+recv_paddr_change(S, Addr, Port, Timeout) ->
+    receive
+	{sctp,S,Addr,Port,{[], #sctp_paddr_change{}=PaddrChange}} ->
+	    PaddrChange;
+	{sctp,S,Addr,Port,
+	 {[#sctp_sndrcvinfo{assoc_id=AssocId}],
+	  #sctp_paddr_change{assoc_id=AssocId}=PaddrChange}} ->
+	    PaddrChange
+    after Timeout ->
+	    timeout
+    end.
+
 def_sndrcvinfo(doc) ->
     "Test that #sctp_sndrcvinfo{} parameters set on a socket "
 	"are used by gen_sctp:send/4";
@@ -285,11 +337,11 @@ def_sndrcvinfo(Config) when is_list(Config) ->
     ?line Data = <<"What goes up, must come down.">>,
     %%
     ?line S1 =
-	ok(gen_sctp:open(
+	log_ok(gen_sctp:open(
 	     0, [{sctp_default_send_param,#sctp_sndrcvinfo{ppid=17}}])),
     ?LOGVAR(S1),
     ?line P1 =
-	ok(inet:port(S1)),
+	log_ok(inet:port(S1)),
     ?LOGVAR(P1),
     ?line #sctp_sndrcvinfo{ppid=17, context=0, timetolive=0, assoc_id=0} =
 	getopt(S1, sctp_default_send_param),
@@ -297,10 +349,10 @@ def_sndrcvinfo(Config) when is_list(Config) ->
 	gen_sctp:listen(S1, true),
     %%
     ?line S2 =
-	ok(gen_sctp:open()),
+	log_ok(gen_sctp:open()),
     ?LOGVAR(S2),
     ?line P2 =
-	ok(inet:port(S2)),
+	log_ok(inet:port(S2)),
     ?LOGVAR(P2),
     ?line #sctp_sndrcvinfo{ppid=0, context=0, timetolive=0, assoc_id=0} =
 	getopt(S2, sctp_default_send_param),
@@ -309,32 +361,57 @@ def_sndrcvinfo(Config) when is_list(Config) ->
        state=comm_up,
        error=0,
        assoc_id=S2AssocId} = S2AssocChange =
-	ok(gen_sctp:connect(S2, Loopback, P1, [])),
+	log_ok(gen_sctp:connect(S2, Loopback, P1, [])),
     ?LOGVAR(S2AssocChange),
-    ?line case ok(gen_sctp:recv(S1)) of
-	      {Loopback, P2,[],
+    ?line case recv_event(log_ok(gen_sctp:recv(S1))) of
+	      {Loopback,P2,
 	       #sctp_assoc_change{
+			  state=comm_up,
+			  error=0,
+			  assoc_id=S1AssocId}} ->
+		  ?LOGVAR(S1AssocId);
+	      {Loopback,P2,
+	       #sctp_paddr_change{
+			  state=addr_confirmed,
+			  error=0,
+			  assoc_id=S1AssocId}} ->
+		  ?LOGVAR(S1AssocId),
+		  {Loopback,P2,
+		   #sctp_assoc_change{
 			      state=comm_up,
 			      error=0,
-			      assoc_id=S1AssocId}} ->
-		  ?LOGVAR(S1AssocId)
+			      assoc_id=S1AssocId}} =
+		      recv_event(log_ok(gen_sctp:recv(S1)))
 	  end,
+
     ?line #sctp_sndrcvinfo{
-       ppid=17, context=0, timetolive=0, assoc_id=S1AssocId} =
+       ppid=17, context=0, timetolive=0} = %, assoc_id=S1AssocId} =
 	getopt(
 	  S1, sctp_default_send_param, #sctp_sndrcvinfo{assoc_id=S1AssocId}),
     ?line #sctp_sndrcvinfo{
-       ppid=0, context=0, timetolive=0, assoc_id=S2AssocId} =
+       ppid=0, context=0, timetolive=0} = %, assoc_id=S2AssocId} =
 	getopt(
 	  S2, sctp_default_send_param, #sctp_sndrcvinfo{assoc_id=S2AssocId}),
     %%
     ?line ok =
 	gen_sctp:send(S1, S1AssocId, 1, <<"1: ",Data/binary>>),
-    ?line case ok(gen_sctp:recv(S2)) of
+    ?line case log_ok(gen_sctp:recv(S2)) of
 	      {Loopback,P1,
 	       [#sctp_sndrcvinfo{
 		   stream=1, ppid=17, context=0, assoc_id=S2AssocId}],
-	       <<"1: ",Data/binary>>} -> ok
+	       <<"1: ",Data/binary>>} -> ok;
+	      Event1 ->
+		  ?line {Loopback,P1,
+			 #sctp_paddr_change{state=addr_confirmed,
+					    addr={_,P1},
+					    error=0,
+					    assoc_id=S2AssocId}} =
+		      recv_event(Event1),
+		  ?line {Loopback,P1,
+			 [#sctp_sndrcvinfo{
+			     stream=1, ppid=17, context=0, assoc_id=S2AssocId}],
+			 <<"1: ",Data/binary>>} =
+		      log_ok(gen_sctp:recv(S2))
 	  end,
     %%
     ?line ok =
@@ -354,7 +431,7 @@ def_sndrcvinfo(Config) when is_list(Config) ->
     %%
     ?line ok =
 	gen_sctp:send(S1, S1AssocId, 0, <<"2: ",Data/binary>>),
-    ?line case ok(gen_sctp:recv(S2)) of
+    ?line case log_ok(gen_sctp:recv(S2)) of
 	      {Loopback,P1,
 	       [#sctp_sndrcvinfo{
 		   stream=0, ppid=19, context=0, assoc_id=S2AssocId}],
@@ -362,16 +439,18 @@ def_sndrcvinfo(Config) when is_list(Config) ->
 	  end,
     ?line ok =
 	gen_sctp:send(S2, S2AssocChange, 1, <<"3: ",Data/binary>>),
-    ?line case ok(gen_sctp:recv(S1)) of
+    ?line case log_ok(gen_sctp:recv(S1)) of
 	      {Loopback,P2,
 	       [#sctp_sndrcvinfo{
 		   stream=1, ppid=0, context=0, assoc_id=S1AssocId}],
 	       <<"3: ",Data/binary>>} -> ok;
-	      {Loopback,P2,[],
-	       #sctp_paddr_change{
-			  addr={Loopback,_}, state=addr_available,
-			  error=0, assoc_id=S1AssocId}} ->
-		  ?line case ok(gen_sctp:recv(S1)) of
+	      Event2 ->
+		  {Loopback,P2,
+		   #sctp_paddr_change{
+			      addr={Loopback,_}, state=addr_available,
+			      error=0, assoc_id=S1AssocId}} =
+		      recv_event(Event2),
+		  ?line case log_ok(gen_sctp:recv(S1)) of
 			    {Loopback,P2,
 			     [#sctp_sndrcvinfo{
 				 stream=1, ppid=0, context=0,
@@ -387,7 +466,7 @@ def_sndrcvinfo(Config) when is_list(Config) ->
 		    #sctp_sndrcvinfo{stream=0, ppid=20, assoc_id=S2AssocId},
 		    <<"4: ",Data/binary>>)
 	  end),
-    ?line case ok(do_from_other_process(fun() -> gen_sctp:recv(S1) end)) of
+    ?line case log_ok(do_from_other_process(fun() -> gen_sctp:recv(S1) end)) of
 	      {Loopback,P2,
 	       [#sctp_sndrcvinfo{
 		   stream=0, ppid=20, context=0, assoc_id=S1AssocId}],
@@ -416,8 +495,12 @@ getopt(S, Opt, Param) ->
 setopt(S, Opt, Val) ->
     inet:setopts(S, [{Opt,Val}]).
 
-ok({ok,X}) ->
-    io:format("OK: ~p~n", [X]),
+log_ok(X) -> log(ok(X)).
+
+ok({ok,X}) -> X.
+
+log(X) ->
+    io:format("LOG[~w]: ~p~n", [self(),X]),
     X.
 
 flush() ->
@@ -520,7 +603,10 @@ api_listen(Config) when is_list(Config) ->
 			     #sctp_assoc_change{
 				  state=comm_lost}}} =
 		      gen_sctp:recv(Sa, infinity);
-	      {error,#sctp_assoc_change{state=cant_assoc}} -> ok
+	      {error,#sctp_assoc_change{state=cant_assoc}} ->
+		  ok%;
+	      %% {error,{Localhost,Pb,_,#sctp_assoc_change{state=cant_assoc}}} ->
+	      %% 	  ok
 	  end,
     ?line ok = gen_sctp:listen(Sb, true),
     ?line {ok,#sctp_assoc_change{state=comm_up,
@@ -552,29 +638,41 @@ api_connect_init(Config) when is_list(Config) ->
     ?line {ok,Sa} = gen_sctp:open(),
     ?line case gen_sctp:connect_init(Sa, localhost, Pb, []) of
 	      {error,econnrefused} ->
-		  ?line {ok,{Localhost,
-			     Pb,[],
-			     #sctp_assoc_change{state=comm_lost}}} =
-		      gen_sctp:recv(Sa, infinity);
+		  ?line {Localhost,Pb,#sctp_assoc_change{state=comm_lost}} =
+		      recv_event(log_ok(gen_sctp:recv(Sa, infinity)));
 	      ok ->
-		  ?line {ok,{Localhost,
-			     Pb,[],
-			     #sctp_assoc_change{state=cant_assoc}}} =
-		      gen_sctp:recv(Sa, infinity)
+		  ?line {Localhost,Pb,#sctp_assoc_change{state=cant_assoc}} =
+		      recv_event(log_ok(gen_sctp:recv(Sa, infinity)))
 	  end,
     ?line ok = gen_sctp:listen(Sb, true),
     ?line case gen_sctp:connect_init(Sa, localhost, Pb, []) of
 	      ok ->
-		  ?line {ok,{Localhost,
-			     Pb,[],
-			     #sctp_assoc_change{
-				  state = comm_up}}} =
-		      gen_sctp:recv(Sa, infinity)
+		  ?line {Localhost,Pb,#sctp_assoc_change{state=comm_up}} =
+		      recv_event(log_ok(gen_sctp:recv(Sa, infinity)))
 	  end,
     ?line ok = gen_sctp:close(Sa),
     ?line ok = gen_sctp:close(Sb),
     ok.
 
+recv_event({Addr,Port,[],#sctp_assoc_change{}=AssocChange}) ->
+    {Addr,Port,AssocChange};
+recv_event({Addr,Port,
+	    [#sctp_sndrcvinfo{assoc_id=Assoc}],
+	    #sctp_assoc_change{assoc_id=Assoc}=AssocChange}) ->
+    {Addr,Port,AssocChange};
+recv_event({Addr,Port,[],#sctp_paddr_change{}=PaddrChange}) ->
+    {Addr,Port,PaddrChange};
+recv_event({Addr,Port,
+	    [#sctp_sndrcvinfo{assoc_id=Assoc}],
+	    #sctp_paddr_change{assoc_id=Assoc}=PaddrChange}) ->
+    {Addr,Port,PaddrChange};
+recv_event({Addr,Port,[],#sctp_shutdown_event{}=ShutdownEvent}) ->
+    {Addr,Port,ShutdownEvent};
+recv_event({Addr,Port,
+	    [#sctp_sndrcvinfo{assoc_id=Assoc}],
+	    #sctp_shutdown_event{assoc_id=Assoc}=ShutdownEvent}) ->
+    {Addr,Port,ShutdownEvent}.
+
 api_opts(doc) ->
     "Test socket options";
 api_opts(suite) ->
@@ -600,7 +698,7 @@ api_opts(Config) when is_list(Config) ->
 	  end.
 
 implicit_inet6(Config) when is_list(Config) ->
-    ?line Hostname = ok(inet:gethostname()),
+    ?line Hostname = log_ok(inet:gethostname()),
     ?line
 	case gen_sctp:open(0, [inet6]) of
 	    {ok,S1} ->
@@ -613,16 +711,16 @@ implicit_inet6(Config) when is_list(Config) ->
 			    ?line ok = gen_sctp:close(S1),
 			    %%
 			    ?line Localhost =
-				ok(inet:getaddr("localhost", inet6)),
+				log_ok(inet:getaddr("localhost", inet6)),
 			    ?line io:format("~s ~p~n", ["localhost",Localhost]),
 			    ?line S2 =
-				ok(gen_sctp:open(0, [{ip,Localhost}])),
+				log_ok(gen_sctp:open(0, [{ip,Localhost}])),
 			    ?line implicit_inet6(S2, Localhost),
 			    ?line ok = gen_sctp:close(S2),
 			    %%
 			    ?line io:format("~s ~p~n", [Hostname,Host]),
 			    ?line S3 =
-				ok(gen_sctp:open(0, [{ifaddr,Host}])),
+				log_ok(gen_sctp:open(0, [{ifaddr,Host}])),
 			    ?line implicit_inet6(S3, Host),
 			    ?line ok = gen_sctp:close(S1);
 			{error,eafnosupport} ->
@@ -635,25 +733,159 @@ implicit_inet6(Config) when is_list(Config) ->
 
 implicit_inet6(S1, Addr) ->
     ?line ok = gen_sctp:listen(S1, true),
-    ?line P1 = ok(inet:port(S1)),
-    ?line S2 = ok(gen_sctp:open(0, [inet6])),
-    ?line P2 = ok(inet:port(S2)),
+    ?line P1 = log_ok(inet:port(S1)),
+    ?line S2 = log_ok(gen_sctp:open(0, [inet6])),
+    ?line P2 = log_ok(inet:port(S2)),
     ?line #sctp_assoc_change{state=comm_up} =
-	ok(gen_sctp:connect(S2, Addr, P1, [])),
-    ?line case ok(gen_sctp:recv(S1)) of
-	      {Addr,P2,[],#sctp_assoc_change{state=comm_up}} ->
-		  ok
+	log_ok(gen_sctp:connect(S2, Addr, P1, [])),
+    ?line case recv_event(log_ok(gen_sctp:recv(S1))) of
+	      {Addr,P2,#sctp_assoc_change{state=comm_up}} ->
+		  ok;
+	      {Addr,P2,#sctp_paddr_change{state=addr_confirmed,
+					  addr={Addr,P2},
+					  error=0}} ->
+		  {Addr,P2,#sctp_assoc_change{state=comm_up}} =
+		      recv_event(log_ok(gen_sctp:recv(S1)))
 	  end,
-    ?line case ok(inet:sockname(S1)) of
+    ?line case log_ok(inet:sockname(S1)) of
 	      {Addr,P1} -> ok;
 	      {{0,0,0,0,0,0,0,0},P1} -> ok
 	  end,
-    ?line case ok(inet:sockname(S2)) of
+    ?line case log_ok(inet:sockname(S2)) of
 	      {Addr,P2} -> ok;
 	      {{0,0,0,0,0,0,0,0},P2} -> ok
 	  end,
     ?line ok = gen_sctp:close(S2).
 
+basic_stream(doc) ->
+    "Hello world stream socket";
+basic_stream(suite) ->
+    [];
+basic_stream(Config) when is_list(Config) ->
+    ?line {ok,S} = gen_sctp:open([{type,stream}]),
+    ?line ok = gen_sctp:listen(S, true),
+    ?line ok =
+	do_from_other_process(
+	  fun () -> gen_sctp:listen(S, 10) end),
+    ?line ok = gen_sctp:close(S),
+    ok.
+
+xfer_stream_min(doc) ->
+    "Minimal data transfer";
+xfer_stream_min(suite) ->
+    [];
+xfer_stream_min(Config) when is_list(Config) ->
+    ?line Stream = 0,
+    ?line Data = <<"The quick brown fox jumps over a lazy dog 0123456789">>,
+    ?line Loopback = {127,0,0,1},
+    ?line {ok,Sb} = gen_sctp:open([{type,seqpacket}]),
+    ?line ?LOGVAR(Sb),
+    ?line {ok,Pb} = inet:port(Sb),
+    ?line ?LOGVAR(Pb),
+    ?line ok = gen_sctp:listen(Sb, true),
+
+    ?line {ok,Sa} = gen_sctp:open([{type,stream}]),
+    ?line ?LOGVAR(Sa),
+    ?line {ok,Pa} = inet:port(Sa),
+    ?line ?LOGVAR(Pa),
+    ?line #sctp_assoc_change{state=comm_up,
+			     error=0,
+			     outbound_streams=SaOutboundStreams,
+			     inbound_streams=SaInboundStreams,
+			     assoc_id=SaAssocId_X} =
+	log_ok(gen_sctp:connect(Sa, Loopback, Pb, [])),
+    ?line ?LOGVAR(SaAssocId_X),
+    ?line [{_,#sctp_paddrinfo{assoc_id=SaAssocId,state=active}}] =
+	log_ok(inet:getopts(Sa, [{sctp_get_peer_addr_info,
+				  #sctp_paddrinfo{address={Loopback,Pb}}}])),
+    ?line ?LOGVAR(SaAssocId),
+    ?line match_unless_solaris(SaAssocId_X, SaAssocId),
+
+    ?line {SbOutboundStreams,SbInboundStreams,SbAssocId} =
+	case recv_event(log_ok(gen_sctp:recv(Sb, infinity))) of
+	    {Loopback,Pa,
+	     #sctp_assoc_change{state=comm_up,
+				error=0,
+				outbound_streams=OS,
+				inbound_streams=IS,
+				assoc_id=AI}} ->
+		{OS,IS,AI};
+	    {Loopback,Pa,
+	     #sctp_paddr_change{state=addr_confirmed,
+				addr={Loopback,Pa},
+				error=0,
+				assoc_id=AI}} ->
+		{Loopback,Pa,
+		 ?line #sctp_assoc_change{state=comm_up,
+					  error=0,
+					  outbound_streams=OS,
+					  inbound_streams=IS,
+					  assoc_id=AI}} =
+		    recv_event(log_ok(gen_sctp:recv(Sb, infinity))),
+		{OS,IS,AI}
+	end,
+    ?line ?LOGVAR(SbAssocId),
+    ?line SaOutboundStreams = SbInboundStreams,
+    ?line ?LOGVAR(SaOutboundStreams),
+    ?line SbOutboundStreams = SaInboundStreams,
+    ?line ?LOGVAR(SbOutboundStreams),
+    ?line ok = gen_sctp:send(Sa, SaAssocId, 0, Data),
+    ?line case gen_sctp:recv(Sb, infinity) of
+	      {ok,{Loopback,
+		   Pa,
+		   [#sctp_sndrcvinfo{stream=Stream,
+				     assoc_id=SbAssocId}],
+		   Data}} -> ok;
+	      {ok,{Loopback,
+		   Pa,[],
+		   #sctp_paddr_change{addr = {Loopback,_},
+				      state = addr_available,
+				      error = 0,
+				      assoc_id = SbAssocId}}} ->
+		  {ok,{Loopback,
+		       Pa,
+		       [#sctp_sndrcvinfo{stream=Stream,
+					 assoc_id=SbAssocId}],
+		       Data}} =	gen_sctp:recv(Sb, infinity)
+	  end,
+    ?line ok =
+	do_from_other_process(
+	  fun () -> gen_sctp:send(Sb, SbAssocId, 0, Data) end),
+    ?line case log_ok(gen_sctp:recv(Sa, infinity)) of
+	      {Loopback,Pb,
+	       [#sctp_sndrcvinfo{stream=Stream,
+				 assoc_id=SaAssocId}],
+	       Data} -> ok;
+	      Event1 ->
+		  ?line {Loopback,Pb,
+			 #sctp_paddr_change{state=addr_confirmed,
+					    addr={_,Pb},
+					    error=0,
+					    assoc_id=SaAssocId}} =
+		      recv_event(Event1),
+		  ?line {Loopback,Pb,
+			 [#sctp_sndrcvinfo{stream=Stream,
+					   assoc_id=SaAssocId}],
+			 Data} =
+		      log_ok(gen_sctp:recv(Sa, infinity))
+	  end,
+    ?line ok = gen_sctp:close(Sa),
+    ?line {Loopback,Pa,
+	   #sctp_shutdown_event{assoc_id=SbAssocId}} =
+	recv_event(log_ok(gen_sctp:recv(Sb, infinity))),
+    ?line {Loopback,Pa,
+	   #sctp_assoc_change{state=shutdown_comp,
+			      error=0,
+			      assoc_id=SbAssocId}} =
+	recv_event(log_ok(gen_sctp:recv(Sb, infinity))),
+    ?line ok = gen_sctp:close(Sb),
+
+    ?line receive
+	      Msg -> test_server:fail({received,Msg})
+	  after 17 -> ok
+	  end,
+    ok.
+
 
 
 do_from_other_process(Fun) ->
@@ -681,3 +913,419 @@ do_from_other_process(Fun) ->
 	{'DOWN',Mref,_,_,Reason} ->
 	    erlang:exit(Reason)
     end.
+
+
+
+peeloff(doc) ->
+    "Peel off an SCTP stream socket";
+peeloff(suite) ->
+    [];
+peeloff(Config) when is_list(Config) ->
+    ?line Addr = {127,0,0,1},
+    ?line Stream = 0,
+    ?line Timeout = 333,
+    ?line S1 = socket_open([{ifaddr,Addr}], Timeout),
+    ?line ?LOGVAR(S1),
+    ?line P1 = socket_call(S1, get_port),
+    ?line ?LOGVAR(P1),
+    ?line Socket1 = socket_call(S1, get_socket),
+    ?line ?LOGVAR(Socket1),
+    ?line socket_call(S1, {listen,true}),
+    ?line S2 = socket_open([{ifaddr,Addr}], Timeout),
+    ?line ?LOGVAR(S2),
+    ?line P2 = socket_call(S2, get_port),
+    ?line ?LOGVAR(P2),
+    ?line Socket2 = socket_call(S2, get_socket),
+    ?line ?LOGVAR(Socket2),
+    %%
+    ?line socket_call(S2, {connect_init,Addr,P1,[]}),
+    ?line S2Ai =
+	receive
+	    {S2,{Addr,P1,
+		 #sctp_assoc_change{
+			state=comm_up,
+			assoc_id=AssocId2}}} -> AssocId2
+	after Timeout ->
+		socket_bailout([S1,S2])
+	end,
+    ?line ?LOGVAR(S2Ai),
+    ?line S1Ai =
+	receive
+	      {S1,{Addr,P2,
+		   #sctp_assoc_change{
+			  state=comm_up,
+			  assoc_id=AssocId1}}} -> AssocId1
+	after Timeout ->
+		socket_bailout([S1,S2])
+	end,
+    ?line ?LOGVAR(S1Ai),
+    %%
+    ?line socket_call(S2, {send,S2Ai,Stream,<<"Number one">>}),
+    ?line
+	receive
+	    {S1,{Addr,P2,S1Ai,Stream,<<"Number one">>}} -> ok
+	after Timeout ->
+		socket_bailout([S1,S2])
+	end,
+    ?line socket_call(S2, {send,Socket1,S1Ai,Stream,<<"Number two">>}),
+    ?line
+	receive
+	    {S2,{Addr,P1,S2Ai,Stream,<<"Number two">>}} -> ok
+	after Timeout ->
+		socket_bailout([S1,S2])
+	end,
+    %%
+    ?line S3 = socket_peeloff(Socket1, S1Ai, Timeout),
+    ?line ?LOGVAR(S3),
+    ?line P3_X = socket_call(S3, get_port),
+    ?line ?LOGVAR(P3_X),
+    ?line P3 = case P3_X of 0 -> P1; _ -> P3_X end,
+    ?line [{_,#sctp_paddrinfo{assoc_id=S3Ai,state=active}}] =
+	socket_call(S3,
+	    {getopts,[{sctp_get_peer_addr_info,
+		       #sctp_paddrinfo{address={Addr,P2}}}]}),
+    %%?line S3Ai = S1Ai,
+    ?line ?LOGVAR(S3Ai),
+    %%
+    ?line socket_call(S3, {send,S3Ai,Stream,<<"Number three">>}),
+    ?line
+	receive
+	    {S2,{Addr,P3,S2Ai,Stream,<<"Number three">>}} -> ok
+	after Timeout ->
+		socket_bailout([S1,S2,S3])
+	end,
+    ?line socket_call(S3, {send,Socket2,S2Ai,Stream,<<"Number four">>}),
+    ?line
+	receive
+	    {S3,{Addr,P2,S3Ai,Stream,<<"Number four">>}} -> ok
+	after Timeout ->
+		socket_bailout([S1,S2,S3])
+	end,
+    %%
+    ?line inet:i(sctp),
+    ?line socket_close_verbose(S1),
+    ?line socket_close_verbose(S2),
+    ?line
+	receive
+	    {S3,{Addr,P2,#sctp_shutdown_event{assoc_id=S3Ai_X}}} ->
+		?line match_unless_solaris(S3Ai, S3Ai_X)
+	after Timeout ->
+		socket_bailout([S3])
+	end,
+    ?line
+	receive
+	    {S3,{Addr,P2,#sctp_assoc_change{state=shutdown_comp,
+					    assoc_id=S3Ai}}} -> ok
+	after Timeout ->
+		socket_bailout([S3])
+	end,
+    ?line socket_close_verbose(S3),
+    ?line [] = flush(),
+    ok.
+
+
+
+buffers(doc) ->
+    ["Check sndbuf and recbuf behaviour"];
+buffers(suite) ->
+    [];
+buffers(Config) when is_list(Config) ->
+    ?line Limit = 4096,
+    ?line Addr = {127,0,0,1},
+    ?line Stream = 1,
+    ?line Timeout = 3333,
+    ?line S1 = socket_open([{ip,Addr}], Timeout),
+    ?line ?LOGVAR(S1),
+    ?line P1 = socket_call(S1, get_port),
+    ?line ?LOGVAR(P1),
+    ?line ok = socket_call(S1, {listen,true}),
+    ?line S2 = socket_open([{ip,Addr}], Timeout),
+    ?line ?LOGVAR(S2),
+    ?line P2 = socket_call(S2, get_port),
+    ?line ?LOGVAR(P2),
+    %%
+    ?line socket_call(S2, {connect_init,Addr,P1,[]}),
+    ?line S2Ai =
+	receive
+	    {S2,{Addr,P1,
+		 #sctp_assoc_change{
+			state=comm_up,
+			assoc_id=AssocId2}}} -> AssocId2
+	after Timeout ->
+		socket_bailout([S1,S2])
+	end,
+    ?line S1Ai =
+	receive
+	    {S1,{Addr,P2,
+		 #sctp_assoc_change{
+			state=comm_up,
+			assoc_id=AssocId1}}} -> AssocId1
+	after Timeout ->
+		socket_bailout([S1,S2])
+	end,
+    %%
+    ?line socket_call(S1, {setopts,[{recbuf,Limit}]}),
+    ?line Recbuf =
+	    case socket_call(S1, {getopts,[recbuf]}) of
+		[{recbuf,RB1}] when RB1 >= Limit -> RB1
+	    end,
+    ?line Data = mk_data(Recbuf+Limit),
+    ?line socket_call(S2, {setopts,[{sndbuf,Recbuf+Limit}]}),
+    ?line socket_call(S2, {send,S2Ai,Stream,Data}),
+    ?line
+	receive
+	    {S1,{Addr,P2,S1Ai,Stream,Data}} -> ok
+	after Timeout ->
+		socket_bailout([S1,S2])
+	end,
+    %%
+    ?line socket_close_verbose(S1),
+    ?line
+	receive
+	    {S2,{Addr,P1,#sctp_shutdown_event{assoc_id=S2Ai}}} -> ok
+	after Timeout ->
+		socket_bailout([S2])
+	end,
+    ?line
+	receive
+	    {S2,{Addr,P1,#sctp_assoc_change{state=shutdown_comp,
+					    assoc_id=S2Ai}}} -> ok
+	after Timeout ->
+		socket_bailout([S2])
+	end,
+    ?line socket_close_verbose(S2),
+    ?line [] = flush(),
+    ok.
+
+mk_data(Bytes) ->
+    mk_data(0, Bytes, <<>>).
+%%
+mk_data(N, Bytes, Bin) when N < Bytes ->
+    mk_data(N+4, Bytes, <<Bin/binary,N:32>>);
+mk_data(_, _, Bin) ->
+    Bin.
+
+%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%% socket gen_server ultra light
+
+socket_open(SocketOpts, Timeout) ->
+    Opts = [{type,seqpacket},{active,once},binary|SocketOpts],
+    Starter =
+	fun () ->
+		{ok,Socket} =
+		    gen_sctp:open(Opts),
+		Socket
+	end,
+    s_start(Starter, Timeout).
+
+socket_peeloff(Socket, AssocId, Timeout) ->
+    Opts = [{active,once},binary],
+    Starter =
+	fun () ->
+		{ok,NewSocket} =
+		    gen_sctp:peeloff(Socket, AssocId),
+		ok = inet:setopts(NewSocket, Opts),
+		NewSocket
+	end,
+    s_start(Starter, Timeout).
+
+socket_close_verbose(S) ->
+    History = socket_history(socket_close(S)),
+    io:format("socket_close ~p:~n    ~p.~n", [S,History]),
+    History.
+
+socket_close(S) ->
+    s_req(S, close).
+
+socket_call(S, Request) ->
+    s_req(S, {Request}).
+
+%% socket_get(S, Key) ->
+%%     s_req(S, {get,Key}).
+
+socket_bailout([S|Ss]) ->
+    History = socket_history(socket_close(S)),
+    io:format("bailout ~p:~n    ~p.~n", [S,History]),
+    socket_bailout(Ss);
+socket_bailout([]) ->
+    io:format("flush: ~p.~n", [flush()]),
+    test_server:fail(socket_bailout).
+
+socket_history({State,Flush}) ->
+    {lists:keysort(
+      2,
+      lists:flatten(
+	[[{Key,Val} || Val <- Vals]
+	 || {Key,Vals} <- gb_trees:to_list(State)])),
+     Flush}.
+
+s_handler(Socket) ->
+    fun ({listen,Listen}) ->
+	    ok = gen_sctp:listen(Socket, Listen);
+	(get_port) ->
+	    ok(inet:port(Socket));
+	(get_socket) ->
+	    Socket;
+	({connect_init,ConAddr,ConPort,ConOpts}) ->
+	    ok = gen_sctp:connect_init(Socket, ConAddr, ConPort, ConOpts);
+	({send,AssocId,Stream,Data}) ->
+	    ok = gen_sctp:send(Socket, AssocId, Stream, Data);
+	({send,OtherSocket,AssocId,Stream,Data}) ->
+	    ok = gen_sctp:send(OtherSocket, AssocId, Stream, Data);
+	({setopts,Opts}) ->
+	    ok = inet:setopts(Socket, Opts);
+	({getopts,Optnames}) ->
+	    ok(inet:getopts(Socket, Optnames))
+    end.
+
+s_req(S, Req) ->
+    Mref = erlang:monitor(process, S),
+    S ! {self(),Mref,Req},
+    receive
+	{'DOWN',Mref,_,_,Error} ->
+	    exit(Error);
+	{S,Mref,Reply} ->
+	    erlang:demonitor(Mref),
+	    receive {'DOWN',Mref,_,_,_} -> ok after 0 -> ok end,
+	    Reply
+    end.
+
+s_start(Starter, Timeout) ->
+    Parent = self(),
+    Owner =
+	spawn_link(
+	  fun () ->
+		  s_start(Starter(), Timeout, Parent)
+	  end),
+    Owner.
+
+s_start(Socket, Timeout, Parent) ->
+    Handler = s_handler(Socket),
+    try
+	s_loop(Socket, Timeout, Parent, Handler, gb_trees:empty())
+    catch
+	Class:Reason ->
+	    Stacktrace = erlang:get_stacktrace(),
+	    io:format(?MODULE_STRING":socket exception ~w:~w at~n"
+		      "~p.~n", [Class,Reason,Stacktrace]),
+	    erlang:raise(Class, Reason, Stacktrace)
+    end.
+
+s_loop(Socket, Timeout, Parent, Handler, State) ->
+    receive
+	{Parent,Ref,close} -> % socket_close()
+	    erlang:send_after(Timeout, self(), {Parent,Ref,exit}),
+	    s_loop(Socket, Timeout, Parent, Handler, State);
+	{Parent,Ref,exit} ->
+	    ok = gen_sctp:close(Socket),
+	    Key = exit,
+	    Val = {now(),Socket},
+	    NewState = gb_push(Key, Val, State),
+	    Parent ! {self(),Ref,{NewState,flush()}};
+	{Parent,Ref,{Msg}} ->
+	    Result = Handler(Msg),
+	    Key = req,
+	    Val = {now(),{Msg,Result}},
+	    NewState = gb_push(Key, Val, State),
+	    Parent ! {self(),Ref,Result},
+	    s_loop(Socket, Timeout, Parent, Handler, NewState);
+	%% {Parent,Ref,{get,Key}} ->
+	%%     Parent ! {self(),Ref,gb_get(Key, State)},
+	%%     s_loop(Socket, Timeout, Parent, Handler, State);
+	{sctp,Socket,Addr,Port,
+	 {[#sctp_sndrcvinfo{stream=Stream,assoc_id=AssocId}=SRI],Data}}
+	  when not is_tuple(Data) ->
+	    case gb_get({assoc_change,AssocId}, State) of
+		[{_,{Addr,Port,
+		     #sctp_assoc_change{
+			    state=comm_up,
+			    inbound_streams=Is}}}|_]
+		 when 0 =< Stream, Stream < Is-> ok;
+		[] -> ok
+	    end,
+	    Key = {msg,AssocId,Stream},
+	    Val = {now(),{Addr,Port,SRI,Data}},
+	    NewState = gb_push(Key, Val, State),
+	    Parent ! {self(),{Addr,Port,AssocId,Stream,Data}},
+	    again(Socket),
+	    s_loop(Socket, Timeout, Parent, Handler, NewState);
+	{sctp,Socket,Addr,Port,
+	 {SRI,#sctp_assoc_change{assoc_id=AssocId,state=St}=SAC}} ->
+	    case SRI of
+		[#sctp_sndrcvinfo{assoc_id=AssocId,stream=0}] -> ok;
+		[] -> ok
+	    end,
+	    Key = {assoc_change,AssocId},
+	    Val = {now(),{Addr,Port,SAC}},
+	    case {gb_get(Key, State),St} of
+		{[],_} -> ok;
+		{[{_,{Addr,Port,#sctp_assoc_change{state=comm_up}}}|_],_}
+		when St =:= comm_lost; St =:= shutdown_comp -> ok
+	    end,
+	    NewState = gb_push(Key, Val, State),
+	    Parent ! {self(),{Addr,Port,SAC}},
+	    again(Socket),
+	    s_loop(Socket, Timeout, Parent, Handler, NewState);
+	{sctp,Socket,Addr,Port,
+	 {SRI,#sctp_paddr_change{assoc_id=AssocId,
+				 addr={_,P},
+				 state=St}=SPC}} ->
+	    match_unless_solaris(Port, P),
+	    case SRI of
+		[#sctp_sndrcvinfo{assoc_id=AssocId,stream=0}] -> ok;
+		[] -> ok
+	    end,
+	    case {gb_get({assoc_change,AssocId}, State),St} of
+		{[{_,{Addr,Port,#sctp_assoc_change{state=comm_up}}}|_],
+		 addr_available} -> ok;
+		{[],addr_confirmed} -> ok
+	    end,
+	    Key = {paddr_change,AssocId},
+	    Val = {now(),{Addr,Port,SPC}},
+	    NewState = gb_push(Key, Val, State),
+	    again(Socket),
+	    s_loop(Socket, Timeout, Parent, Handler, NewState);
+	{sctp,Socket,Addr,Port,
+	 {SRI,#sctp_shutdown_event{assoc_id=AssocId}=SSE}} ->
+	    case SRI of
+		[#sctp_sndrcvinfo{assoc_id=AssocId,stream=0}] -> ok;
+		[] -> ok
+	    end,
+	    case gb_get({assoc_change,AssocId}, State) of
+		[{_,{Addr,Port,#sctp_assoc_change{state=comm_up}}}|_] -> ok;
+		[] -> ok
+	    end,
+	    Key = {shutdown_event,AssocId},
+	    Val = {now(),{Addr,Port}},
+	    NewState = gb_push(Key, Val, State),
+	    Parent ! {self(), {Addr,Port,SSE}},
+	    again(Socket),
+	    s_loop(Socket, Timeout, Parent, Handler, NewState);
+	Unexpected ->
+	    erlang:error({unexpected,Unexpected})
+    end.
+
+again(Socket) ->
+    inet:setopts(Socket, [{active,once}]).
+
+gb_push(Key, Val, GBT) ->
+    case gb_trees:lookup(Key, GBT) of
+	none ->
+	    gb_trees:insert(Key, [Val], GBT);
+	{value,V} ->
+	    gb_trees:update(Key, [Val|V], GBT)
+    end.
+
+gb_get(Key, GBT) ->
+    case gb_trees:lookup(Key, GBT) of
+	none ->
+	    [];
+	{value,V} ->
+	    V
+    end.
+
+match_unless_solaris(A, B) ->
+    case os:type() of
+	{unix,sunos} -> B;
+	_ -> A = B
+    end.
diff --git a/lib/kernel/test/gen_tcp_api_SUITE.erl b/lib/kernel/test/gen_tcp_api_SUITE.erl
index cbaec2d6dd..a7af00c12a 100644
--- a/lib/kernel/test/gen_tcp_api_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_api_SUITE.erl
@@ -22,7 +22,7 @@
 %% are not tested here, because they are tested indirectly in this and
 %% and other test suites.
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -include_lib("kernel/include/inet.hrl").
 
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
@@ -46,6 +46,8 @@ groups() ->
      {t_connect, [], [t_connect_timeout, t_connect_bad]},
      {t_recv, [], [t_recv_timeout, t_recv_eof]}].
 
+
+
 init_per_suite(Config) ->
     Config.
 
@@ -55,9 +57,8 @@ end_per_suite(_Config) ->
 init_per_group(_GroupName, Config) ->
     Config.
 
-end_per_group(_GroupName, Config) ->
-    Config.
-
+end_per_group(_,_Config) ->
+    ok.
 
 init_per_testcase(_Func, Config) ->
     Dog = test_server:timetrap(test_server:seconds(60)),
@@ -237,7 +238,6 @@ implicit_inet6(S, Addr) ->
     ?line ok = gen_tcp:close(S1).
 
 
-
 %%% Utilities
 
 %% Calls M:F/length(A), which should return a timeout error, and complete
diff --git a/lib/kernel/test/gen_tcp_echo_SUITE.erl b/lib/kernel/test/gen_tcp_echo_SUITE.erl
index fffaaf4c45..5bbaeb02ad 100644
--- a/lib/kernel/test/gen_tcp_echo_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_echo_SUITE.erl
@@ -167,8 +167,12 @@ echo_test_1(SockOpts, EchoFun, Config0) ->
 		      [{type, {cdr, little}}|Config]),
     ?line case lists:keymember(packet_size, 1, SockOpts) of
 	      false ->
-		  ?line echo_packet([{packet, line}|SockOpts],
-				    EchoFun, Config);
+		  % This is cheating, we should test that packet_size
+		  % also works for line and http.
+		  echo_packet([{packet, line}|SockOpts], EchoFun, Config),
+		  echo_packet([{packet, http}|SockOpts], EchoFun, Config),
+		  echo_packet([{packet, http_bin}|SockOpts], EchoFun, Config);
+
 	      true -> ok
 	  end,
     ?line echo_packet([{packet, tpkt}|SockOpts], EchoFun, Config),
@@ -183,9 +187,6 @@ echo_test_1(SockOpts, EchoFun, Config0) ->
 		      [{type, {asn1, short, LongTag}}|Config]),
     ?line echo_packet([{packet, asn1}|SockOpts], EchoFun,
 		      [{type, {asn1, long, LongTag}}|Config]),
-
-    ?line echo_packet([{packet, http}|SockOpts], EchoFun, Config),
-    ?line echo_packet([{packet, http_bin}|SockOpts], EchoFun, Config),
     ok.
 
 echo_packet(SockOpts, EchoFun, Opts) ->
diff --git a/lib/kernel/test/gen_tcp_misc_SUITE.erl b/lib/kernel/test/gen_tcp_misc_SUITE.erl
index b1ef8826d5..3da4b07c05 100644
--- a/lib/kernel/test/gen_tcp_misc_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_misc_SUITE.erl
@@ -40,7 +40,8 @@
 	 accept_timeouts_in_order3/1,accept_timeouts_mixed/1, 
 	 killing_acceptor/1,killing_multi_acceptors/1,killing_multi_acceptors2/1,
 	 several_accepts_in_one_go/1,active_once_closed/1, send_timeout/1, send_timeout_active/1, 
-	 otp_7731/1, zombie_sockets/1, otp_7816/1, otp_8102/1]).
+	 otp_7731/1, zombie_sockets/1, otp_7816/1, otp_8102/1,
+         otp_9389/1]).
 
 %% Internal exports.
 -export([sender/3, not_owner/1, passive_sockets_server/2, priority_server/1, 
@@ -72,7 +73,7 @@ all() ->
      killing_acceptor, killing_multi_acceptors,
      killing_multi_acceptors2, several_accepts_in_one_go,
      active_once_closed, send_timeout, send_timeout_active, otp_7731,
-     zombie_sockets, otp_7816, otp_8102].
+     zombie_sockets, otp_7816, otp_8102, otp_9389].
 
 groups() -> 
     [].
@@ -1030,6 +1031,7 @@ busy_send_loop(Server, Client, N) ->
 			    {Server,send} ->
 				?line busy_send_2(Server, Client, N+1)
 			after 10000 ->
+				%% If this happens, see busy_send_srv
 				?t:fail({timeout,{server,not_send,flush([])}})
 			end
 	  end.
@@ -1049,7 +1051,9 @@ busy_send_2(Server, Client, _N) ->
 
 busy_send_srv(L, Master, Msg) ->
     %% Server
-    %%
+    %% Sometimes this accept does not return, do not really know why
+    %% but is causes the timeout error in busy_send_loop to be
+    %% triggered. Only happens on OS X Leopard?!?
     {ok,Socket} = gen_tcp:accept(L),
     busy_send_srv_loop(Socket, Master, Msg).
 
@@ -2479,4 +2483,63 @@ otp_8102_do(LSocket, PortNum, {Bin,PType}) ->
     io:format("Got error msg, ok.\n",[]),
     gen_tcp:close(SSocket),    
     gen_tcp:close(RSocket).
-    
+
+otp_9389(doc) -> ["Verify packet_size handles long HTTP header lines"];
+otp_9389(suite) -> [];
+otp_9389(Config) when is_list(Config) ->
+    ?line {ok, LS} = gen_tcp:listen(0, []),
+    ?line {ok, {_, PortNum}} = inet:sockname(LS),
+    io:format("Listening on ~w with port number ~p\n", [LS, PortNum]),
+    OrigLinkHdr = "/" ++ string:chars($S, 8192),
+    _Server = spawn_link(
+                fun() ->
+                        ?line {ok, S} = gen_tcp:accept(LS),
+                        ?line ok = inet:setopts(S, [{packet_size, 16384}]),
+                        ?line ok = otp_9389_loop(S, OrigLinkHdr),
+                        ?line ok = gen_tcp:close(S)
+                end),
+    ?line {ok, S} = gen_tcp:connect("localhost", PortNum,
+                                    [binary, {active, false}]),
+    Req = "GET / HTTP/1.1\r\n"
+        ++ "Host: localhost\r\n"
+        ++ "Link: " ++ OrigLinkHdr ++ "\r\n\r\n",
+    ?line ok = gen_tcp:send(S, Req),
+    ?line ok = inet:setopts(S, [{packet, http}]),
+    ?line {ok, {http_response, {1,1}, 200, "OK"}} = gen_tcp:recv(S, 0),
+    ?line ok = inet:setopts(S, [{packet, httph}, {packet_size, 16384}]),
+    ?line {ok, {http_header, _, 'Content-Length', _, "0"}} = gen_tcp:recv(S, 0),
+    ?line {ok, {http_header, _, "Link", _, LinkHdr}} = gen_tcp:recv(S, 0),
+    ?line true = (LinkHdr == OrigLinkHdr),
+    ok = gen_tcp:close(S),
+    ok = gen_tcp:close(LS),
+    ok.
+
+otp_9389_loop(S, OrigLinkHdr) ->
+    ?line ok = inet:setopts(S, [{active,once},{packet,http}]),
+    receive
+        {http, S, {http_request, 'GET', _, _}} ->
+            ?line ok = otp_9389_loop(S, OrigLinkHdr, undefined)
+    after
+        3000 ->
+            ?line error({timeout,request_line})
+    end.
+otp_9389_loop(S, OrigLinkHdr, ok) ->
+    ?line Resp = "HTTP/1.1 200 OK\r\nContent-length: 0\r\n" ++
+        "Link: " ++ OrigLinkHdr ++ "\r\n\r\n",
+    ?line ok = gen_tcp:send(S, Resp);
+otp_9389_loop(S, OrigLinkHdr, State) ->
+    ?line ok = inet:setopts(S, [{active,once}, {packet,httph}]),
+    receive
+        {http, S, http_eoh} ->
+            ?line otp_9389_loop(S, OrigLinkHdr, ok);
+        {http, S, {http_header, _, "Link", _, LinkHdr}} ->
+            ?line LinkHdr = OrigLinkHdr,
+            ?line otp_9389_loop(S, OrigLinkHdr, State);
+        {http, S, {http_header, _, _Hdr, _, _Val}} ->
+            ?line otp_9389_loop(S, OrigLinkHdr, State);
+        {http, S, {http_error, Err}} ->
+            ?line error({error, Err})
+    after
+        3000 ->
+            ?line error({timeout,header})
+    end.
diff --git a/lib/kernel/test/gen_udp_SUITE.erl b/lib/kernel/test/gen_udp_SUITE.erl
index 514deaf065..2354f8accd 100644
--- a/lib/kernel/test/gen_udp_SUITE.erl
+++ b/lib/kernel/test/gen_udp_SUITE.erl
@@ -99,9 +99,9 @@ buffer_size(Config) when is_list(Config) ->
     ?line Bin = list_to_binary(lists:seq(0, Len-1)),
     ?line M = 8192 div Len,
     ?line Spec0 =
-	[{opt,M},{safe,M-1},{long,M+1},
-	 {opt,2*M},{safe,2*M-1},{long,2*M+1},
-	 {opt,4*M},{safe,4*M-1},{long,4*M+1}],
+	[{opt,M},{safe,M-3},{long,M+1},
+	 {opt,2*M},{safe,2*M-3},{long,2*M+1},
+	 {opt,4*M},{safe,4*M-3},{long,4*M+1}],
     ?line Spec =
 	[case Tag of
 	     opt ->
@@ -145,16 +145,27 @@ buffer_size_client(_, _, _, _, _, []) ->
     ?line ok;
 buffer_size_client(Server, IP, Port, 
 		   Socket, Cnt, [Opts|T]) when is_list(Opts) ->
+    ?line io:format("buffer_size_client Cnt=~w setopts ~p.~n", [Cnt,Opts]),
     ?line ok = inet:setopts(Socket, Opts),
     ?line Server ! {self(),setopts,Cnt},
     ?line receive {Server,setopts,Cnt} -> ok end,
     ?line buffer_size_client(Server, IP, Port, Socket, Cnt+1, T);
 buffer_size_client(Server, IP, Port, 
-		   Socket, Cnt, [{B,Replies}|T]) when is_binary(B) ->
-    ?line ok = gen_udp:send(Socket, IP, Port, B),
+		   Socket, Cnt, [{B,Replies}|T]=Opts) when is_binary(B) ->
+    ?line io:format(
+	    "buffer_size_client Cnt=~w send size ~w expecting ~p.~n",
+	    [Cnt,size(B),Replies]),
+    ?line ok = gen_udp:send(Socket, IP, Port, <<Cnt,B/binary>>),
     ?line receive
 	      {Server,Cnt,Reply} ->
-		  ?line case lists:member(Reply, Replies) of
+		  ?line Tag =
+		      if
+			  is_tuple(Reply) ->
+			      element(1, Reply);
+			  is_atom(Reply) ->
+			      Reply
+		      end,
+		  ?line case lists:member(Tag, Replies) of
 			    true -> ok;
 			    false ->
 				?line 
@@ -162,34 +173,62 @@ buffer_size_client(Server, IP, Port,
 					     byte_size(B),
 					     inet:getopts(Socket,
 							  [sndbuf,recbuf])})
-			end
-	  end,
-    ?line buffer_size_client(Server, IP, Port, Socket, Cnt+1, T).
+			end,
+		  ?line buffer_size_client(Server, IP, Port, Socket, Cnt+1, T)
+	  after 1313 ->
+		  ?line buffer_size_client(Server, IP, Port, Socket, Cnt, Opts)
+	  end.
 
 buffer_size_server(_, _, _, _, _, []) -> 
     ok;
 buffer_size_server(Client, IP, Port, 
 		   Socket, Cnt, [Opts|T]) when is_list(Opts) ->
     receive {Client,setopts,Cnt} -> ok end,
+    ?line io:format("buffer_size_server Cnt=~w setopts ~p.~n", [Cnt,Opts]),
     ok = inet:setopts(Socket, Opts),
     Client ! {self(),setopts,Cnt},
     buffer_size_server(Client, IP, Port, Socket, Cnt+1, T);
 buffer_size_server(Client, IP, Port, 
 		   Socket, Cnt, [{B,_}|T]) when is_binary(B) ->
+    ?line io:format(
+	    "buffer_size_server Cnt=~w expecting size ~w.~n",
+	    [Cnt,size(B)]),
     Client ! 
 	{self(),Cnt,
-	 receive
-	     {udp,Socket,IP,Port,D} when is_binary(D) ->
+	 case buffer_size_server_recv(Socket, IP, Port, Cnt) of
+	     D when is_binary(D) ->
 		 SizeD = byte_size(D),
+		 ?line io:format(
+			 "buffer_size_server Cnt=~w received size ~w.~n",
+			 [Cnt,SizeD]),
 		 case B of
-		     D ->                             correct;
-		     <<D:SizeD/binary,_/binary>> ->   truncated
+		     D ->
+			 correct;
+		     <<D:SizeD/binary,_/binary>> ->
+			 truncated;
+		     _ ->
+			 {unexpected,D}
 		 end;
-	     {udp_error,Socket,Error} ->              Error
-	 after 5000 ->                                timeout
+	     Error ->
+		 ?line io:format(
+			 "buffer_size_server Cnt=~w received error ~w.~n",
+			 [Cnt,Error]),
+		 Error
 	 end},
     buffer_size_server(Client, IP, Port, Socket, Cnt+1, T).
 
+buffer_size_server_recv(Socket, IP, Port, Cnt) ->
+    receive
+	{udp,Socket,IP,Port,<<Cnt,B/binary>>} ->
+	    B;
+	{udp,Socket,IP,Port,<<_/binary>>} ->
+	    buffer_size_server_recv(Socket, IP, Port, Cnt);
+	{udp_error,Socket,Error} ->
+	    Error
+    after 5000 ->
+	    {timeout,flush()}
+    end.
+
 
 
 %%-------------------------------------------------------------
diff --git a/lib/kernel/test/global_SUITE.erl b/lib/kernel/test/global_SUITE.erl
index 1e7bcf1766..60035b50a0 100644
--- a/lib/kernel/test/global_SUITE.erl
+++ b/lib/kernel/test/global_SUITE.erl
@@ -436,7 +436,7 @@ lock_global2(Id, Parent) ->
 
 %cp1 - cp3 are started, and the name 'test' registered for a process on
 %test_server. Then it is checked that the name is registered on all
-%nodes, using whereis_name and safe_whereis_name. Check that the same
+%nodes, using whereis_name. Check that the same
 %name can't be registered with another value. Exit the registered
 %process and check that the name disappears. Register a new process
 %(Pid2) under the name 'test'. Let another new process (Pid3)
@@ -465,10 +465,6 @@ names(Config) when is_list(Config) ->
     % test that it is registered at all nodes
     ?line 
     ?UNTIL(begin 
-            (Pid =:= global:safe_whereis_name(test)) and
-            (Pid =:= rpc:call(Cp1, global, safe_whereis_name, [test])) and
-            (Pid =:= rpc:call(Cp2, global, safe_whereis_name, [test])) and
-            (Pid =:= rpc:call(Cp3, global, safe_whereis_name, [test])) and
             (Pid =:= global:whereis_name(test)) and
             (Pid =:= rpc:call(Cp1, global, whereis_name, [test])) and
             (Pid =:= rpc:call(Cp2, global, whereis_name, [test])) and
@@ -566,10 +562,7 @@ names_hidden(Config) when is_list(Config) ->
 
     % Check that it didn't get registered on visible nodes
     ?line
-    ?UNTIL((undefined =:= global:safe_whereis_name(test)) and
-           (undefined =:= rpc:call(Cp1, global, safe_whereis_name, [test])) and
-           (undefined =:= rpc:call(Cp2, global, safe_whereis_name, [test])) and
-           (undefined =:= global:whereis_name(test)) and
+    ?UNTIL((undefined =:= global:whereis_name(test)) and
            (undefined =:= rpc:call(Cp1, global, whereis_name, [test])) and
            (undefined =:= rpc:call(Cp2, global, whereis_name, [test]))),
 
@@ -579,11 +572,7 @@ names_hidden(Config) when is_list(Config) ->
 
     % test that it is registered at all nodes
     ?line
-    ?UNTIL((Pid =:= global:safe_whereis_name(test)) and
-           (Pid =:= rpc:call(Cp1, global, safe_whereis_name, [test])) and
-           (Pid =:= rpc:call(Cp2, global, safe_whereis_name, [test])) and
-           (HPid =:= rpc:call(Cp3, global, safe_whereis_name, [test])) and
-           (Pid =:= global:whereis_name(test)) and
+    ?UNTIL((Pid =:= global:whereis_name(test)) and
            (Pid =:= rpc:call(Cp1, global, whereis_name, [test])) and
            (Pid =:= rpc:call(Cp2, global, whereis_name, [test])) and
            (HPid =:= rpc:call(Cp3, global, whereis_name, [test])) and
diff --git a/lib/kernel/test/inet_SUITE.erl b/lib/kernel/test/inet_SUITE.erl
index aaa20b7398..7241b093d0 100644
--- a/lib/kernel/test/inet_SUITE.erl
+++ b/lib/kernel/test/inet_SUITE.erl
@@ -97,8 +97,12 @@ t_gethostbyaddr() ->
     required(v4).
 t_gethostbyaddr(doc) -> "Test the inet:gethostbyaddr/1 function.";
 t_gethostbyaddr(Config) when is_list(Config) ->
-    ?line {Name,FullName,IPStr,IP,Aliases,_,_} =
+    ?line {Name,FullName,IPStr,{A,B,C,D}=IP,Aliases,_,_} =
 	ct:get_config(test_host_ipv4_only),
+    ?line Rname = integer_to_list(D) ++ "." ++
+	integer_to_list(C) ++ "." ++
+	integer_to_list(B) ++ "." ++
+	integer_to_list(A) ++ ".in-addr.arpa",
     ?line {ok,HEnt} = inet:gethostbyaddr(IPStr),
     ?line {ok,HEnt} = inet:gethostbyaddr(IP),
     ?line {error,Error} = inet:gethostbyaddr(Name),
@@ -116,7 +120,7 @@ t_gethostbyaddr(Config) when is_list(Config) ->
 	    ok;
 	_ ->
 	    ?line check_elems([{HEnt#hostent.h_name,[Name,FullName]},
-			       {HEnt#hostent.h_aliases,[[],Aliases]}])
+			       {HEnt#hostent.h_aliases,[[],Aliases,[Rname]]}])
     end,
 
     ?line {_DName, _DFullName, DIPStr, DIP, _, _, _} =
diff --git a/lib/kernel/test/inet_res_SUITE.erl b/lib/kernel/test/inet_res_SUITE.erl
index 8a3d220e46..f3ba28e4f9 100644
--- a/lib/kernel/test/inet_res_SUITE.erl
+++ b/lib/kernel/test/inet_res_SUITE.erl
@@ -88,7 +88,7 @@ init_per_testcase(Func, Config) ->
 		    inet_db:ins_alt_ns(IP, Port);
 		_ -> ok
 	    end,
-	    Dog = test_server:timetrap(test_server:seconds(10)),
+	    Dog = test_server:timetrap(test_server:seconds(20)),
 	    [{nameserver,NsSpec},{res_lookup,Lookup},{watchdog,Dog}|Config]
     catch
 	SkipReason ->
@@ -136,21 +136,22 @@ ns_init(ZoneDir, PrivDir, DataDir) ->
 					 atom_to_list(ZoneDir)]},
 				  stderr_to_stdout,
 				  eof]),
-	    ns_start(ZoneDir, NS, P);
+	    ns_start(ZoneDir, PrivDir, NS, P);
 	_ ->
 	    throw("Only run on Unix")
     end.
 
-ns_start(ZoneDir, NS, P) ->
+ns_start(ZoneDir, PrivDir, NS, P) ->
     case ns_collect(P) of
 	eof ->
 	    erlang:error(eof);
 	"Running: "++_ ->
 	    {ZoneDir,NS,P};
 	"Error: "++Error ->
+	    ns_printlog(filename:join([PrivDir,ZoneDir,"named.log"])),
 	    throw(Error);
 	_ ->
-	    ns_start(ZoneDir, NS, P)
+	    ns_start(ZoneDir, PrivDir, NS, P)
     end.
 
 ns_end(undefined, _PrivDir) -> undefined;
@@ -302,7 +303,7 @@ basic(Config) when is_list(Config) ->
     {ok,Msg2} = inet_dns:decode(Bin2),
     %%
     %% lookup
-    [IP] = inet_res:lookup(Name, in, a, [{nameservers,[NS]}]),
+    [IP] = inet_res:lookup(Name, in, a, [{nameservers,[NS]},verbose]),
     %%
     %% gethostbyname
     {ok,#hostent{h_addr_list=[IP]}} = inet_res:gethostbyname(Name),
@@ -409,7 +410,7 @@ edns0(Config) when is_list(Config) ->
     false = inet_db:res_option(edns), % ASSERT
     true = inet_db:res_option(udp_payload_size) >= 1280, % ASSERT
     %% These will fall back to TCP
-    MXs = lists:sort(inet_res:lookup(Domain, in, mx, [{nameservers,[NS]}])),
+    MXs = lists:sort(inet_res:lookup(Domain, in, mx, [{nameservers,[NS]},verbose])),
     %%
     {ok,#hostent{h_addr_list=As}} = inet_res:getbyname(Domain++".", mx),
     MXs = lists:sort(As),
diff --git a/lib/kernel/test/inet_res_SUITE_data/run-named b/lib/kernel/test/inet_res_SUITE_data/run-named
index 7caa3756ef..211d2c7af7 100755
--- a/lib/kernel/test/inet_res_SUITE_data/run-named
+++ b/lib/kernel/test/inet_res_SUITE_data/run-named
@@ -2,7 +2,7 @@
 ##
 ## %CopyrightBegin%
 ## 
-## Copyright Ericsson AB 2009-2011. All Rights Reserved.
+## Copyright Ericsson AB 2009-2012. All Rights Reserved.
 ## 
 ## The contents of this file are subject to the Erlang Public License,
 ## Version 1.1, (the "License"); you may not use this file except in
@@ -71,10 +71,14 @@ test -d "$SRCDIR" || \
 test -f "$SRCDIR/$INC_FILE" || \
     error "Missing file: $SRCDIR/$INC_FILE !"
 
-# Locate named and check version
+# Locate named and check version.
+# The bind-named name is used for tricking Apparmor and such
+# by copying/hardlinking the real named to that name.
 NAMED=named
-for n in /usr/sbin/named /usr/sbin/in.named; do
-    test -x "$n" && NAMED="$n"
+for n in /usr/local/bin/bind-named /usr/local/bin/named \
+    /usr/sbin/bind-named /usr/sbin/named /usr/sbin/in.named
+do
+    test -x "$n" && NAMED="$n" && break
 done
 NAMED_VER="`"$NAMED" -v 2>&1`" || \
     error "Name server not found!"
@@ -151,13 +155,21 @@ echo "Cwd: `pwd`"
 echo "Nameserver: $NAMED_VER"
 echo "Port: $2"
 echo "ZoneDir: $3"
+echo "Command: $NAMED $NAMED_FG -c $CONF_FILE"
 $NAMED $NAMED_FG -c "$CONF_FILE" >"$LOG_FILE" 2>&1 </dev/null &
-NAMED=$!
-trap "kill -TERM $NAMED >/dev/null 2>&1; wait $NAMED >/dev/null 2>&1" \
+NAMED_PID=$!
+echo "Pid: $NAMED_PID"
+trap "kill $NAMED_PID >/dev/null 2>&1; wait $NAMED_PID >/dev/null 2>&1" \
     0 1 2 3 15
-sleep 2 # Give name server time to load its zone files
-echo "Running: Enter \`\`quit'' to terminate nameserver[$NAMED]..."
-while read LINE; do 
-    test :"$LINE" = :'quit' && break
-done
-echo "Closing: Terminating nameserver..."
+
+sleep 5 # Give name server time to load its zone files
+
+if ps -p $NAMED_PID >/dev/null 2>&1 || ps p $NAMED_PID >/dev/null 2>&1; then
+    echo "Running: Enter \`\`quit'' to terminate nameserver[$NAMED_PID]..."
+    while read LINE; do
+	test :"$LINE" = :'quit' && break
+    done
+    echo "Closing: Terminating nameserver..."
+else
+    error "$NAMED failed to start"
+fi
diff --git a/lib/kernel/test/kernel_SUITE.erl b/lib/kernel/test/kernel_SUITE.erl
index 16b6c54939..0f29d895e5 100644
--- a/lib/kernel/test/kernel_SUITE.erl
+++ b/lib/kernel/test/kernel_SUITE.erl
@@ -32,7 +32,7 @@
 -export([init_per_testcase/2, end_per_testcase/2]).
 
 % Test cases must be exported.
--export([app_test/1]).
+-export([app_test/1, appup_test/1]).
 
 %%
 %% all/1
@@ -40,7 +40,7 @@
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [app_test].
+    [app_test, appup_test].
 
 groups() -> 
     [].
@@ -76,3 +76,63 @@ app_test(suite) ->
 app_test(Config) when is_list(Config) ->
     ?line ok=?t:app_test(kernel),
     ok.
+
+
+%% Test that appup allows upgrade from/downgrade to a maximum of two
+%% major releases back.
+appup_test(_Config) ->
+    application:load(kernel),
+    {_,_,Vsn} = lists:keyfind(kernel,1,application:loaded_applications()),
+    AppupFile = filename:join([code:lib_dir(kernel),ebin,"kernel.appup"]),
+    {ok,[{Vsn,UpFrom,DownTo}=AppupScript]} = file:consult(AppupFile),
+    ct:log("~p~n",[AppupScript]),
+    {OkVsns,NokVsns} = create_test_vsns(Vsn),
+    check_appup(OkVsns,UpFrom,{ok,[restart_new_emulator]}),
+    check_appup(OkVsns,DownTo,{ok,[restart_new_emulator]}),
+    check_appup(NokVsns,UpFrom,error),
+    check_appup(NokVsns,DownTo,error),
+    ok.
+
+create_test_vsns(Current) ->
+    [XStr,YStr|Rest] = string:tokens(Current,"."),
+    X = list_to_integer(XStr),
+    Y = list_to_integer(YStr),
+    SecondMajor = vsn(X,Y-2),
+    SecondMinor = SecondMajor ++ ".1.3",
+    FirstMajor = vsn(X,Y-1),
+    FirstMinor = FirstMajor ++ ".57",
+    ThisMajor = vsn(X,Y),
+    This =
+	case Rest of
+	    [] ->
+		[];
+	    ["1"] ->
+		[ThisMajor];
+	    _ ->
+		ThisMinor = ThisMajor ++ ".1",
+		[ThisMajor,ThisMinor]
+	end,
+    OkVsns = This ++ [FirstMajor, FirstMinor, SecondMajor, SecondMinor],
+
+    ThirdMajor = vsn(X,Y-3),
+    ThirdMinor = ThirdMajor ++ ".10.12",
+    Illegal = ThisMajor ++ ",1",
+    Newer1Major = vsn(X,Y+1),
+    Newer1Minor = Newer1Major ++ ".1",
+    Newer2Major = ThisMajor ++ "1",
+    NokVsns = [ThirdMajor,ThirdMinor,
+	       Illegal,
+	       Newer1Major,Newer1Minor,
+	       Newer2Major],
+    {OkVsns,NokVsns}.
+
+vsn(X,Y) ->
+    integer_to_list(X) ++ "." ++ integer_to_list(Y).
+
+check_appup([Vsn|Vsns],Instrs,Expected) ->
+    case systools_relup:appup_search_for_version(Vsn, Instrs) of
+	Expected -> check_appup(Vsns,Instrs,Expected);
+	Other -> ct:fail({unexpected_result_for_vsn,Vsn,Other})
+    end;
+check_appup([],_,_) ->
+    ok.
diff --git a/lib/kernel/test/os_SUITE.erl b/lib/kernel/test/os_SUITE.erl
index b08b12c978..ae3410d13f 100644
--- a/lib/kernel/test/os_SUITE.erl
+++ b/lib/kernel/test/os_SUITE.erl
@@ -117,9 +117,21 @@ space_in_name(Config) when is_list(Config) ->
     ?line ok = file:change_mode(Echo, 8#777),	% Make it executable on Unix.
 
     %% Run the echo program.
-
-    ?line comp("", os:cmd("\"" ++ Echo ++ "\"")),
-    ?line comp("a::b::c", os:cmd("\"" ++ Echo ++ "\" a b c")),
+    %% Quoting on windows depends on if the full path of the executable 
+    %% contains special characters. Paths when running common_tests always
+    %% include @, why Windows would always fail if we do not double the 
+    %% quotes (this is the behaviour of cmd.exe, not Erlang's idea).
+    Quote = case os:type() of
+                {win32,_} ->
+		    case (Echo -- "&<>()@^|") =:= Echo of
+		        true -> "\"";
+			false -> "\"\""
+	 	    end;
+		_ ->
+		    "\""
+	    end,
+    ?line comp("", os:cmd(Quote ++ Echo ++ Quote)),
+    ?line comp("a::b::c", os:cmd(Quote ++ Echo ++ Quote ++ " a b c")),
     ?t:sleep(5),
     ?line [] = receive_all(),
     ok.
diff --git a/lib/kernel/test/pg2_SUITE.erl b/lib/kernel/test/pg2_SUITE.erl
index 0ac34e735c..520b53b4e4 100644
--- a/lib/kernel/test/pg2_SUITE.erl
+++ b/lib/kernel/test/pg2_SUITE.erl
@@ -47,6 +47,7 @@ init_per_testcase(Case, Config) ->
     [{?TESTCASE, Case}, {watchdog, Dog} | Config].
 
 end_per_testcase(_Case, _Config) ->
+    test_server_ctrl:kill_slavenodes(),
     Dog = ?config(watchdog, _Config),
     test_server:timetrap_cancel(Dog),
     ok.
diff --git a/lib/kernel/test/prim_file_SUITE.erl b/lib/kernel/test/prim_file_SUITE.erl
index 00eda6292f..3e2202922c 100644
--- a/lib/kernel/test/prim_file_SUITE.erl
+++ b/lib/kernel/test/prim_file_SUITE.erl
@@ -32,7 +32,10 @@
 	  file_info_basic_directory_a/1, file_info_basic_directory_b/1,
 	  file_info_bad_a/1, file_info_bad_b/1, 
 	  file_info_times_a/1, file_info_times_b/1, 
-	  file_write_file_info_a/1, file_write_file_info_b/1]).
+	  file_write_file_info_a/1, file_write_file_info_b/1,
+	  file_read_file_info_opts/1, file_write_file_info_opts/1,
+	  file_write_read_file_info_opts/1
+      ]).
 -export([rename_a/1, rename_b/1, 
 	 access/1, truncate/1, datasync/1, sync/1,
 	 read_write/1, pread_write/1, append/1, exclusive/1]).
@@ -49,6 +52,10 @@
 	  list_dir_limit/1]).
 
 -export([advise/1]).
+-export([large_write/1]).
+
+%% System probe functions that might be handy to check from the shell
+-export([unix_free/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 -include_lib("kernel/include/file.hrl").
@@ -80,7 +87,7 @@ groups() ->
        cur_dir_1a, cur_dir_1b]},
      {files, [],
       [{group, open}, {group, pos}, {group, file_info},
-       truncate, sync, datasync, advise]},
+       truncate, sync, datasync, advise, large_write]},
      {open, [],
       [open1, modes, close, access, read_write, pread_write,
        append, exclusive]},
@@ -90,7 +97,10 @@ groups() ->
        file_info_basic_directory_a,
        file_info_basic_directory_b, file_info_bad_a,
        file_info_bad_b, file_info_times_a, file_info_times_b,
-       file_write_file_info_a, file_write_file_info_b]},
+       file_write_file_info_a, file_write_file_info_b,
+       file_read_file_info_opts, file_write_file_info_opts,
+       file_write_read_file_info_opts
+   ]},
      {errors, [],
       [e_delete, e_rename, e_make_dir, e_del_dir]},
      {compression, [],
@@ -284,6 +294,7 @@ make_del_dir(Config, Handle, Suffix) ->
 	%% Don't worry ;-) the parent directory should never be empty, right?
 	?line case ?PRIM_FILE_call(del_dir, Handle, [".."]) of
 		  {error, eexist} -> ok;
+		  {error, eacces} -> ok;	%OpenBSD
 		  {error, einval} -> ok		%FreeBSD
 	      end,
 	?line {error, enoent} = ?PRIM_FILE_call(del_dir, Handle, [""]),
@@ -1074,6 +1085,104 @@ file_write_file_info(Config, Handle, Suffix) ->
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
+%% Test the write_file_info/3 function.
+
+file_write_file_info_opts(suite) -> [];
+file_write_file_info_opts(doc) -> [];
+file_write_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_write_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts"),
+
+    lists:foreach(fun
+	    ({FI, Opts}) ->
+		ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI, Opts])
+	end, [ 
+	    {#file_info{ mode=8#600, atime = Time, mtime = Time, ctime = Time}, Opts} || 
+	    Opts <- [[{time, posix}]],
+	    Time <- [ 0,1,-1,100,-100,1000,-1000,10000,-10000 ]
+	]),
+
+    % REM: determine date range dependent on time_t = Uint32 | Sint32 | Sint64
+    % Determine time_t on os:type()?
+    lists:foreach(fun
+	    ({FI, Opts}) ->
+		ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI, Opts])
+	end, [ 
+	    {#file_info{ mode=8#400, atime = Time, mtime = Time, ctime = Time}, Opts} || 
+	    Opts <- [[{time, universal}],[{time, local}]],
+	    Time <- [
+		{{1970,1,1},{0,0,0}},
+		{{1970,1,1},{0,0,1}},
+		{{1969,12,31},{23,59,59}},
+		{{1908,2,3},{23,59,59}},
+		{{2012,2,3},{23,59,59}},
+		{{2037,2,3},{23,59,59}},
+		erlang:localtime()
+	    ]]),
+    ok   = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+file_read_file_info_opts(suite) -> [];
+file_read_file_info_opts(doc) -> [];
+file_read_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_read_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts"),
+
+    lists:foreach(fun
+	    (Opts) ->
+		{ok,_} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts])
+    end, [[{time, Type}] || Type <- [local, universal, posix]]),
+    ok   = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+%% Test the write and read back *_file_info/3 functions.
+
+file_write_read_file_info_opts(suite) -> [];
+file_write_read_file_info_opts(doc) -> [];
+file_write_read_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_read_write_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts2"),
+
+    ok = file_write_read_file_info_opts(Handle, Name, {{1989, 04, 28}, {19,30,22}}, [{time, local}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1989, 04, 28}, {19,30,22}}, [{time, universal}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1930, 04, 28}, {19,30,22}}, [{time, local}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1930, 04, 28}, {19,30,22}}, [{time, universal}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 1, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, -1, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 300000, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, -300000, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 0, [{time, posix}]),
+
+    ok = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+file_write_read_file_info_opts(Handle, Name, Mtime, Opts) ->
+    {ok, FI} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts]),
+    FI2 = FI#file_info{ mtime = Mtime },
+    ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI2, Opts]),
+    {ok, FI2} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts]),
+    ok.
+
+
+
 %% Returns a directory on a file system that has correct file times.
 
 get_good_directory(Config) ->
@@ -1218,6 +1327,41 @@ advise(Config) when is_list(Config) ->
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+large_write(Config) when is_list(Config) ->
+    run_large_file_test(Config,
+			fun(Name) -> do_large_write(Name) end,
+			"_large_write").
+
+do_large_write(Name) ->
+    Dog = test_server:timetrap(test_server:minutes(60)),
+    ChunkSize = (256 bsl 20) + 1,	% 256 M + 1
+    Chunks = 16,			% times 16 -> 4 G + 16
+    Base = 100,
+    Interleave = lists:seq(Base+1, Base+Chunks),
+    Chunk = <<0:ChunkSize/unit:8>>,
+    Data = zip_data(lists:duplicate(Chunks, Chunk), Interleave),
+    Size = Chunks * ChunkSize + Chunks,	% 4 G + 32
+    Wordsize = erlang:system_info(wordsize),
+    case prim_file:write_file(Name, Data) of
+	ok when Wordsize =:= 8 ->
+	    {ok,#file_info{size=Size}} = file:read_file_info(Name),
+	    {ok,Fd} = prim_file:open(Name, [read]),
+	    check_large_write(Dog, Fd, ChunkSize, 0, Interleave);
+	{error,einval} when Wordsize =:= 4 ->
+	    ok
+    end.
+
+check_large_write(Dog, Fd, ChunkSize, Pos, [X|Interleave]) ->
+    Pos1 = Pos + ChunkSize,
+    {ok,Pos1} = prim_file:position(Fd, {cur,ChunkSize}),
+    {ok,[X]} = prim_file:read(Fd, 1),
+    check_large_write(Dog, Fd, ChunkSize, Pos1+1, Interleave);
+check_large_write(Dog, Fd, _, _, []) ->
+    eof = prim_file:read(Fd, 1),
+    test_server:timetrap_cancel(Dog),
+    ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -1940,3 +2084,70 @@ list_dir_limit_cleanup(Dir, Handle, N, Cnt) ->
     ?PRIM_FILE:delete(Handle, filename:join(Dir, Name)),
     list_dir_limit_cleanup(Dir, Handle, N, Cnt+1).
 
+%%%
+%%% Support for testing large files.
+%%%
+
+run_large_file_test(Config, Run, Name) ->
+    case {os:type(),os:version()} of
+	{{win32,nt},_} ->
+	    do_run_large_file_test(Config, Run, Name);
+	{{unix,sunos},OsVersion} when OsVersion < {5,5,1} ->
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"};
+	{{unix,_},_} ->
+	    N = unix_free(?config(priv_dir, Config)),
+	    io:format("Free disk: ~w KByte~n", [N]),
+	    if N < 5 bsl 20 ->
+		    %% Less than 5 GByte free
+		    {skip,"Less than 5 GByte free disk"};
+	       true ->
+		    do_run_large_file_test(Config, Run, Name)
+	    end;
+	_ -> 
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
+    end.
+
+
+do_run_large_file_test(Config, Run, Name0) ->
+    Name = filename:join(?config(priv_dir, Config),
+			 ?MODULE_STRING ++ Name0),
+    
+    %% Set up a process that will delete this file.
+    Tester = self(),
+    Deleter = 
+	spawn(
+	  fun() ->
+		  Mref = erlang:monitor(process, Tester),
+		  receive
+		      {'DOWN',Mref,_,_,_} -> ok;
+		      {Tester,done} -> ok
+		  end,
+		  prim_file:delete(Name)
+	  end),
+    
+    %% Run the test case.
+    Res = Run(Name),
+
+    %% Delete file and finish deleter process.
+    Mref = erlang:monitor(process, Deleter),
+    Deleter ! {Tester,done},
+    receive {'DOWN',Mref,_,_,_} -> ok end,
+
+    Res.
+
+unix_free(Path) ->
+    Cmd = ["df -k '",Path,"'"],
+    DF0 = os:cmd(Cmd),
+    io:format("$ ~s~n~s", [Cmd,DF0]),
+    Lines = re:split(DF0, "\n", [trim,{return,list}]),
+    Last = lists:last(Lines),
+    RE = "^[^\\s]*\\s+\\d+\\s+\\d+\\s+(\\d+)",
+    {match,[Avail]} = re:run(Last, RE, [{capture,all_but_first,list}]),
+    list_to_integer(Avail).
+
+zip_data([A|As], [B|Bs]) ->
+    [[A,B]|zip_data(As, Bs)];
+zip_data([], Bs) ->
+    Bs;
+zip_data(As, []) ->
+    As.
diff --git a/lib/kernel/test/sendfile_SUITE.erl b/lib/kernel/test/sendfile_SUITE.erl
new file mode 100644
index 0000000000..6d0848ee05
--- /dev/null
+++ b/lib/kernel/test/sendfile_SUITE.erl
@@ -0,0 +1,355 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(sendfile_SUITE).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("kernel/include/file.hrl").
+
+-compile(export_all).
+
+all() ->
+    [t_sendfile_small
+     ,t_sendfile_big
+     ,t_sendfile_partial
+     ,t_sendfile_offset
+     ,t_sendfile_sendafter
+     ,t_sendfile_recvafter
+     ,t_sendfile_sendduring
+     ,t_sendfile_recvduring
+     ,t_sendfile_closeduring
+     ,t_sendfile_crashduring
+    ].
+
+init_per_suite(Config) ->
+    Priv = ?config(priv_dir, Config),
+    SFilename = filename:join(Priv, "sendfile_small.html"),
+    {ok, DS} = file:open(SFilename,[write,raw]),
+    file:write(DS,"yo baby yo"),
+    file:sync(DS),
+    file:close(DS),
+    BFilename = filename:join(Priv, "sendfile_big.html"),
+    {ok, DB} = file:open(BFilename,[write,raw]),
+    [file:write(DB,[<<0:(10*8*1024*1024)>>]) || _I <- lists:seq(1,51)],
+    file:sync(DB),
+    file:close(DB),
+    [{small_file, SFilename},
+     {file_opts,[raw,binary]},
+     {big_file, BFilename}|Config].
+
+end_per_suite(Config) ->
+    file:delete(proplists:get_value(big_file, Config)).
+
+init_per_testcase(TC,Config) when TC == t_sendfile_recvduring;
+				  TC == t_sendfile_sendduring ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {_Size, Data} = sendfile_file_info(Filename),
+		   {ok,D} = file:open(Filename, [raw,binary,read]),
+		   prim_file:sendfile(D, Sock, 0, 0, 0,
+				      [],[],false,false,false),
+		   Data
+	   end,
+
+    %% Check if sendfile is supported on this platform
+    case catch sendfile_send(Send) of
+	ok ->
+	    Config;
+	Error ->
+	    ct:log("Error: ~p",[Error]),
+	    {skip,"Not supported"}
+    end;
+init_per_testcase(_Tc,Config) ->
+    Config.
+
+
+t_sendfile_small(Config) when is_list(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Data
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_big(Config) when is_list(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Size
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_partial(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+    FileOpts = proplists:get_value(file_opts, Config, []),
+
+    SendSingle = fun(Sock) ->
+			 {_Size, <<Data:5/binary,_/binary>>} =
+			     sendfile_file_info(Filename),
+			 {ok,D} = file:open(Filename,[read|FileOpts]),
+			 {ok,5} = file:sendfile(D,Sock,0,5,[]),
+			 file:close(D),
+			 Data
+		 end,
+    ok = sendfile_send(SendSingle),
+
+    {_Size, <<FData:5/binary,SData:3/binary,_/binary>>} =
+	sendfile_file_info(Filename),
+    {ok,D} = file:open(Filename,[read|FileOpts]),
+    {ok, <<FData/binary>>} = file:read(D,5),
+    FSend = fun(Sock) ->
+		    {ok,5} = file:sendfile(D,Sock,0,5,[]),
+		    FData
+	    end,
+
+    ok = sendfile_send(FSend),
+
+    SSend = fun(Sock) ->
+		    {ok,3} = file:sendfile(D,Sock,5,3,[]),
+		    SData
+	    end,
+
+    ok = sendfile_send(SSend),
+
+    {ok, <<SData/binary>>} = file:read(D,3),
+
+    file:close(D).
+
+t_sendfile_offset(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+    FileOpts = proplists:get_value(file_opts, Config, []),
+
+    Send = fun(Sock) ->
+		   {_Size, <<_:5/binary,Data:3/binary,_/binary>> = AllData} =
+		       sendfile_file_info(Filename),
+		   {ok,D} = file:open(Filename,[read|FileOpts]),
+		   {ok,3} = file:sendfile(D,Sock,5,3,[]),
+		   {ok, AllData} = file:read(D,100),
+		   file:close(D),
+		   Data
+	   end,
+    ok = sendfile_send(Send).
+
+
+t_sendfile_sendafter(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   ok = gen_tcp:send(Sock, <<2>>),
+		   <<Data/binary,2>>
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_recvafter(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   ok = gen_tcp:send(Sock, <<1>>),
+		   {ok,<<1>>} = gen_tcp:recv(Sock, 1),
+		   <<Data/binary,1>>
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_sendduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      ok = gen_tcp:send(Sock, <<2>>)
+			      end),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Size+1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_recvduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      ok = gen_tcp:send(Sock, <<1>>),
+				      {ok,<<1>>} = gen_tcp:recv(Sock, 1)
+			      end),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   timer:sleep(1000),
+		   Size+1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_closeduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock,SFServPid) ->
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      SFServPid ! stop
+			      end),
+		   case erlang:system_info(thread_pool_size) of
+		       0 ->
+			   {error, closed} = file:sendfile(Filename, Sock);
+		       _Else ->
+			   %% This can return how much has been sent or
+			   %% {error,closed} depending on OS.
+			   %% How much is sent impossible to know as
+			   %%  the socket was closed mid sendfile
+			   case file:sendfile(Filename, Sock) of
+			       {error, closed} ->
+				   ok;
+			       {ok, Size}  when is_integer(Size) ->
+				   ok
+			   end
+		   end,
+		   -1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_crashduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    error_logger:add_report_handler(?MODULE,[self()]),
+
+    Send = fun(Sock) ->
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      exit(die)
+			      end),
+		   {error, closed} = file:sendfile(Filename, Sock),
+		   -1
+	   end,
+    process_flag(trap_exit,true),
+    spawn_link(fun() ->
+		       ok = sendfile_send({127,0,0,1}, Send, 0)
+	       end),
+    receive
+	{stolen,Reason} ->
+	    process_flag(trap_exit,false),
+	    ct:fail(Reason)
+	after 200 ->
+		receive
+		    {'EXIT',_,Reason} ->
+			process_flag(trap_exit,false),
+			die = Reason
+		end
+	end.
+
+%% Generic sendfile server code
+sendfile_send(Send) ->
+    sendfile_send({127,0,0,1},Send).
+sendfile_send(Host, Send) ->
+    sendfile_send(Host, Send, []).
+sendfile_send(Host, Send, Orig) ->
+    SFServer = spawn_link(?MODULE, sendfile_server, [self(), Orig]),
+    receive
+	{server, Port} ->
+	    {ok, Sock} = gen_tcp:connect(Host, Port,
+					       [binary,{packet,0},
+						{active,false}]),
+	    Data = case proplists:get_value(arity,erlang:fun_info(Send)) of
+		       1 ->
+			   Send(Sock);
+		       2 ->
+			   Send(Sock, SFServer)
+		   end,
+	    ok = gen_tcp:close(Sock),
+	    receive
+		{ok, Bin} ->
+		    Data = Bin,
+		    ok
+	    end
+    end.
+
+sendfile_server(ClientPid, Orig) ->
+    {ok, LSock} = gen_tcp:listen(0, [binary, {packet, 0},
+				     {active, true},
+				     {reuseaddr, true}]),
+    {ok, Port} = inet:port(LSock),
+    ClientPid ! {server, Port},
+    {ok, Sock} = gen_tcp:accept(LSock),
+    {ok, Bin} = sendfile_do_recv(Sock, Orig),
+    ClientPid ! {ok, Bin},
+    gen_tcp:send(Sock, <<1>>).
+
+-define(SENDFILE_TIMEOUT, 10000).
+sendfile_do_recv(Sock, Bs) ->
+    receive
+	stop when Bs /= 0,is_integer(Bs) ->
+	    gen_tcp:close(Sock),
+	    {ok, -1};
+	{tcp, Sock, B} ->
+	    case binary:match(B,<<1>>) of
+		nomatch when is_list(Bs) ->
+		    sendfile_do_recv(Sock, [B|Bs]);
+		nomatch when is_integer(Bs) ->
+		    sendfile_do_recv(Sock, byte_size(B) + Bs);
+		_ when is_list(Bs) ->
+		    ct:log("Stopped due to a 1"),
+		    {ok, iolist_to_binary(lists:reverse([B|Bs]))};
+		_ when is_integer(Bs) ->
+		    ct:log("Stopped due to a 1"),
+		    {ok, byte_size(B) + Bs}
+	    end;
+	{tcp_closed, Sock} when is_list(Bs) ->
+	    ct:log("Stopped due to close"),
+	    {ok, iolist_to_binary(lists:reverse(Bs))};
+	{tcp_closed, Sock} when is_integer(Bs) ->
+	    ct:log("Stopped due to close"),
+	    {ok, Bs}
+    after ?SENDFILE_TIMEOUT ->
+	    ct:log("Sendfile timeout"),
+	    timeout
+    end.
+
+sendfile_file_info(File) ->
+    {ok, #file_info{size = Size}} = file:read_file_info(File),
+    {ok, Data} = file:read_file(File),
+    {Size, Data}.
+
+
+%% Error handler 
+
+init([Proc]) -> {ok,Proc}.
+
+handle_event({error,noproc,{emulator,Format,Args}}, Proc) -> 
+    Proc ! {stolen,lists:flatten(io_lib:format(Format,Args))},
+    {ok,Proc};
+handle_event(_, Proc) -> 
+    {ok,Proc}.
diff --git a/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c b/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
index dcbb3348d8..aa182b0877 100644
--- a/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
+++ b/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
@@ -3,7 +3,7 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void echo_stop(ErlDrvData), echo_read(ErlDrvData, char*, int);
+static void echo_stop(ErlDrvData), echo_read(ErlDrvData, char*, ErlDrvSizeT);
 
 static ErlDrvEntry echo_driver_entry = { 
     NULL,
@@ -13,7 +13,22 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     "echo_drv",
-    NULL
+    NULL,
+    NULL, /* handle */
+    NULL, /* control */
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 DRIVER_INIT(echo_drv)
@@ -31,7 +46,7 @@ static ErlDrvData echo_start(ErlDrvPort port,char *buf)
     return (ErlDrvData)port;
 }
 
-static void echo_read(ErlDrvData data, char *buf, int count)
+static void echo_read(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output(erlang_port, buf, count);
 }
diff --git a/lib/kernel/test/wrap_log_reader_SUITE.erl b/lib/kernel/test/wrap_log_reader_SUITE.erl
index ffc8def626..96dc3e6d33 100644
--- a/lib/kernel/test/wrap_log_reader_SUITE.erl
+++ b/lib/kernel/test/wrap_log_reader_SUITE.erl
@@ -561,4 +561,4 @@ rec(M, Where) ->
     end.
 	    
 pps() ->
-    {erlang:ports(), lists:filter({erlang, is_process_alive}, processes())}.
+    {erlang:ports(), lists:filter(fun erlang:is_process_alive/1, processes())}.
diff --git a/lib/kernel/test/zlib_SUITE.erl b/lib/kernel/test/zlib_SUITE.erl
index 4ad9c6923d..74bafe8935 100644
--- a/lib/kernel/test/zlib_SUITE.erl
+++ b/lib/kernel/test/zlib_SUITE.erl
@@ -42,8 +42,8 @@
 		end
 	end()).
 
--define(BARG, {'EXIT',{badarg,[{zlib,_,_}|_]}}).
--define(DATA_ERROR, {'EXIT',{data_error,[{zlib,_,_}|_]}}).
+-define(BARG, {'EXIT',{badarg,[{zlib,_,_,_}|_]}}).
+-define(DATA_ERROR, {'EXIT',{data_error,[{zlib,_,_,_}|_]}}).
 
 init_per_testcase(_Func, Config) ->
     Dog = test_server:timetrap(test_server:seconds(60)),
diff --git a/lib/kernel/vsn.mk b/lib/kernel/vsn.mk
index 8be265e79d..76d3003ff4 100644
--- a/lib/kernel/vsn.mk
+++ b/lib/kernel/vsn.mk
@@ -1 +1 @@
-KERNEL_VSN = 2.14.5
+KERNEL_VSN = 2.15.1
diff --git a/lib/megaco/.gitignore b/lib/megaco/.gitignore
new file mode 100644
index 0000000000..1c5979cd62
--- /dev/null
+++ b/lib/megaco/.gitignore
@@ -0,0 +1,3 @@
+examples/meas/Makefile
+examples/meas/meas.sh.skel
+examples/meas/mstone1.sh.skel
diff --git a/lib/megaco/Makefile b/lib/megaco/Makefile
index 10efaf667f..9dc84c122c 100644
--- a/lib/megaco/Makefile
+++ b/lib/megaco/Makefile
@@ -97,9 +97,8 @@ endif
 CONFIGURE_OPTS = $(FLEX_SCANNER_LINENO_ENABLER) $(FLEX_SCANNER_REENTRANT_ENABLER)
 
 
-MEGACO_DIA_PLT     = ./priv/megaco.plt
-MEGACO_DIA_PLT_LOG = $(basename $(MEGACO_DIA_PLT)).dialyzer_plt_log
-MEGACO_DIA_LOG     = $(basename $(MEGACO_DIA_PLT)).dialyzer_log
+DIA_PLT      = ./priv/plt/$(APPLICATION).plt
+DIA_ANALYSIS = $(basename $(DIA_PLT)).dialyzer_analysis
 
 
 # ----------------------------------------------------
@@ -140,8 +139,8 @@ info:
 	@echo "OTP_INSTALL_DIR: $(OTP_INSTALL_DIR)"
 	@echo "APP_INSTALL_DIR: $(APP_INSTALL_DIR)"
 	@echo ""
-	@echo "MEGACO_PLT     = $(MEGACO_PLT)"
-	@echo "MEGACO_DIA_LOG = $(MEGACO_DIA_LOG)"
+	@echo "DIA_PLT:      $(DIA_PLT)"
+	@echo "DIA_ANALYSIS: $(DIA_ANALYSIS)"
 	@echo ""
 
 version:
@@ -201,18 +200,18 @@ tar: $(APP_TAR_FILE)
 $(APP_TAR_FILE): $(APP_DIR)
 	(cd $(APP_RELEASE_DIR); gtar zcf $(APP_TAR_FILE) $(DIR_NAME))
 
-dialyzer_plt: $(MEGACO_DIA_PLT)
+dialyzer_plt: $(DIA_PLT)
 
-$(MEGACO_DIA_PLT): 
-	@echo "Building megaco plt file"
+$(DIA_PLT): 
+	@echo "Building $(APPLICATION) plt file"
 	@dialyzer --build_plt \
                   --output_plt $@ \
-                  -r ../megaco/ebin \
-                  -o $(MEGACO_DIA_PLT_LOG) \
+                  -r ../$(APPLICATION)/ebin \
+                  --output $(DIA_ANALYSIS) \
                   --verbose
 
-dialyzer: $(MEGACO_DIA_PLT)
-	(dialyzer --plt $< \
-                  -o $(MEGACO_DIA_LOG) \
-                  ../megaco/ebin \
-                  && (shell cat $(MEGACO_DIA_LOG)))
+dialyzer: $(DIA_PLT)
+	@echo "Running dialyzer on $(APPLICATION)"
+	@dialyzer --plt $< \
+                  ../$(APPLICATION)/ebin \
+                  --verbose
diff --git a/lib/megaco/configure.in b/lib/megaco/configure.in
index 8f94a4efcf..42c50b8961 100644
--- a/lib/megaco/configure.in
+++ b/lib/megaco/configure.in
@@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script. -*-m4-*-
 dnl
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 2001-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 2001-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -208,7 +208,7 @@ if test "X$host" = "Xwin32"; then
 else
   case $host_os in
     darwin*)
-	CFLAGS="$CFLAGS -no-cpp-precomp -fno-common"
+	CFLAGS="$CFLAGS -fno-common"
 	;;
   esac
 
@@ -273,5 +273,6 @@ if test "$PERL" = no_perl; then
   AC_MSG_ERROR([Perl is required to build the flex scanner!])
 fi
 
+AC_OUTPUT(examples/meas/Makefile:examples/meas/Makefile.in)
 AC_OUTPUT(src/flex/$host/Makefile:src/flex/Makefile.in)
 
diff --git a/lib/megaco/doc/src/Makefile b/lib/megaco/doc/src/Makefile
index 4b3c117b20..137f0315d8 100644
--- a/lib/megaco/doc/src/Makefile
+++ b/lib/megaco/doc/src/Makefile
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2000-2010. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -27,14 +27,6 @@ VSN=$(MEGACO_VSN)
 APPLICATION=megaco
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -73,35 +65,10 @@ EXTRA_FILES = \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-TOP_PS_FILE  = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi $(APP_FILE)
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-
-TOP_HTML_FILES = $(INDEX_TARGET) 
-
-endif
-
 INDEX_FILE   = index.html
 INDEX_SRC    = $(INDEX_FILE).src
 INDEX_TARGET = $(DOCDIR)/$(INDEX_FILE)
@@ -131,8 +98,6 @@ $(HTMLDIR)/%.jpg: %.jpg
 $(HTMLDIR)/%.png: %.png
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 ldocs: local_docs $(INDEX_TARGET)
@@ -147,41 +112,6 @@ clean clean_docs: clean_html clean_man
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html imgs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: imgs $(HTML_FILES) $(TOP_HTML_FILES)
-
-mhtml: html $(HTML_REF3_FILES) $(HTML_CHAPTER_FILES)
-
-clean: clean_html clean_man clean_pdf
-	rm -f core *~ 
-	rm -f *.aux *.cites *.citeshd *.dvi *.idx *.ilg *.ind
-	rm -f *.indhd *.lof *.lofhd *.lot *.lothd *.otpdef
-	rm -f *.otpuse *.terms *.termshd *.toc *.makeindexlog *.dvipslog
-	rm -f *.bib *.bbl *.blg *.bibhd
-
-clean_pdf:
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f $(TEX_FILES_USERS_GUIDE) 
-	rm -f $(TEX_FILES_REF_MAN) 
-	rm -f $(TEX_FILES_BOOK)
-
-endif 
-
 clean_man:
 	rm -f $(MAN3DIR)/*
 
@@ -193,18 +123,19 @@ imgs: $(IMG_FILES:%=$(HTMLDIR)/%)
 man: $(MAN3_FILES) 
 
 $(INDEX_TARGET): $(INDEX_SRC) $(APP_FILE)
-	sed -e 's/%VSN%/$(VSN)/; \
-                s/%ERLANG_SITE%/www\.erlang\.se\//; \
-                s/%UP_ONE_LEVEL%/..\/..\/..\/doc\/index.html/; \
-                s/%OFF_PRINT%/pdf\/megaco-$(VSN).pdf/' $< > $@
+	sed -e 's/%VSN%/$(VSN)/' $< > $@
+
+$(INDEX_TARGET): $(INDEX_SRC) $(APP_FILE)
+	sed -e 's/%VSN%/$(VSN)/' \
+            -e 's/%ERLANG_SITE%/www\.erlang\.se\//' \
+            -e 's/%UP_ONE_LEVEL%/..\/..\/..\/doc\/index.html/' \
+            -e 's/%OFF_PRINT%/pdf\/megaco-$(VSN).pdf/' $< > $@
 
 debug opt: 
 
 info:
 	@echo "->Makefile<-"
 	@echo ""
-	@echo "DOCSUPPORT = $(DOCSUPPORT)"
-	@echo ""
 	@echo "INDEX_FILE   = $(INDEX_FILE)"
 	@echo "INDEX_SRC    = $(INDEX_SRC)"
 	@echo "INDEX_TARGET = $(INDEX_TARGET)"
@@ -216,10 +147,6 @@ info:
 	@echo ""
 	@echo "IMG_FILES             = $(IMG_FILES)"
 	@echo ""
-	@echo "TEX_FILES_USERS_GUIDE = $(TEX_FILES_USERS_GUIDE)"
-	@echo "TEX_FILES_REF_MAN     = $(TEX_FILES_REF_MAN)"
-	@echo "TEX_FILES_BOOK        = $(TEX_FILES_BOOK)"
-	@echo ""
 	@echo "MAN3_FILES            = $(MAN3_FILES)"
 	@echo ""
 	@echo "HTML_FILES            = $(HTML_FILES)"
@@ -236,8 +163,6 @@ info:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -250,33 +175,6 @@ release_docs_spec: docs
 	$(INSTALL_DIR)  $(RELSYSDIR)/doc/standard
 	$(INSTALL_DATA) $(STANDARDS) $(RELSYSDIR)/doc/standard
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR)  $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR)  $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR)  $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(IMG_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR)  $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(TOP_HTML_FILES) $(RELSYSDIR)/doc
-	$(INSTALL_DIR)  $(RELSYSDIR)/doc/standard
-	$(INSTALL_DATA) $(STANDARDS) $(RELSYSDIR)/doc/standard
-endif
-endif
-
-endif
-
 release_spec:
 
 $(HTMLDIR)/megaco_architecture.html: megaco_architecture.xml
diff --git a/lib/megaco/doc/src/make.dep b/lib/megaco/doc/src/make.dep
deleted file mode 100644
index 0e2040ab50..0000000000
--- a/lib/megaco/doc/src/make.dep
+++ /dev/null
@@ -1,59 +0,0 @@
-#-*-makefile-*-   ; force emacs to enter makefile-mode
-
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex megaco.tex megaco_architecture.tex \
-		megaco_codec_meas.tex \
-		megaco_codec_mstone1.tex megaco_codec_mstone2.tex \
-		megaco_codec_transform.tex \
-		megaco_debug.tex megaco_edist_compress.tex \
-		megaco_encode.tex megaco_encoder.tex megaco_examples.tex \
-		megaco_flex_scanner.tex megaco_intro.tex megaco_mib.tex \
-		megaco_performance.tex megaco_run.tex megaco_tcp.tex \
-		megaco_transport.tex megaco_transport_mechanisms.tex \
-		megaco_udp.tex megaco_user.tex part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: call_flow.ps call_flow_cont.ps distr_node_config.ps \
-		megaco_sys_arch.ps single_node_config.ps
-
-book.dvi: mstone1.ps
-
-book.dvi: MG-startup_flow_noMID.ps MGC_startup_call_flow.ps \
-		MG_startup_call_flow.ps
-
diff --git a/lib/megaco/doc/src/megaco_run.xml b/lib/megaco/doc/src/megaco_run.xml
index 9ed589b079..b723778890 100644
--- a/lib/megaco/doc/src/megaco_run.xml
+++ b/lib/megaco/doc/src/megaco_run.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2000</year><year>2010</year>
+      <year>2000</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -317,7 +317,7 @@
       "in storage" (indicated by the transaction id) it is assumed to 
       be a resend and everything stored is sent. This could happen if 
       the values of the <c><![CDATA[trans_timer]]></c> and the
-      <c><![CDATA[request_timer]]></c> is not properly choosen.</p>
+      <c><![CDATA[request_timer]]></c> is not properly chosen.</p>
   </section>
 
   <section>
diff --git a/lib/megaco/doc/src/notes.xml b/lib/megaco/doc/src/notes.xml
index 2aba8db71b..d9c575885f 100644
--- a/lib/megaco/doc/src/notes.xml
+++ b/lib/megaco/doc/src/notes.xml
@@ -36,6 +36,85 @@
     section is the version number of Megaco.</p>
 
 
+  <section><title>Megaco 3.16</title>
+
+    <p>Version 3.16 supports code replacement in runtime from/to
+      version 3.15.1.1, 3.15.1 and 3.15.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+
+<!--
+      <p>-</p>
+-->
+
+      <list type="bulleted">
+        <item>
+          <p>Minor improvemnts to the emasurement tool mstone1. </p>
+          <p>Own Id: OTP-9604</p>
+        </item>
+
+        <item>
+	  <p>ASN.1 no longer makes use of a driver to accelerate encode/decode, 
+	  instead it uses NIFs. The encoding config option is <em>still</em> 
+	  the same, i.e. <c>driver</c>. </p>
+          <p>Own Id: OTP-9672</p>
+        </item>
+
+        <item>
+	  <p>The profiling test tool has been rewritten. </p>
+	  <p>H&aring;kan Mattsson</p>
+          <p>Own Id: OTP-9679</p>
+        </item>
+
+        <item>
+	  <p>The flex driver has been updated to support the new driver format
+	  (changed to enable 64-bit aware drivers). </p>
+          <p>Own Id: OTP-9795</p>
+        </item>
+
+     </list>
+
+    </section>
+
+    <section>
+      <title>Fixed bugs and malfunctions</title>
+      
+      <p>-</p>
+      
+ <!--
+      <list type="bulleted">
+	<item>
+	  <p>Fixing miscellaneous things detected by dialyzer. </p>
+	  <p>Own Id: OTP-9075</p>
+	</item>
+	
+      </list>
+ -->
+      
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+	  <p>Due to the change in the flex driver API, 
+	  we may no longer be able to build and/or use 
+	  the flex driver without reentrant support. </p>
+          <p>Own Id: OTP-9795</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+  </section> <!-- 3.16 -->
+
+
   <section><title>Megaco 3.15.1.1</title>
 
     <p>Version 3.15.1.1 supports code replacement in runtime from/to
diff --git a/lib/megaco/examples/meas/Makefile b/lib/megaco/examples/meas/Makefile
deleted file mode 100644
index 0a6cbb44a6..0000000000
--- a/lib/megaco/examples/meas/Makefile
+++ /dev/null
@@ -1,132 +0,0 @@
-# 
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2002-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-
-include $(ERL_TOP)/make/target.mk
-
-ifeq ($(TYPE),debug)
-ERL_COMPILE_FLAGS += -Ddebug -W
-endif
-
-EBIN = .
-MEGACO_INCLUDEDIR = ../../include
-
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../../vsn.mk
-VSN=$(MEGACO_VSN)
-
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR         = $(RELEASE_PATH)/lib/megaco-$(VSN)
-EXAMPLE_RELSYSDIR = $(RELSYSDIR)/examples
-MEAS_RELSYSDIR    = $(EXAMPLE_RELSYSDIR)/meas
-
-# ----------------------------------------------------
-# Target Specs
-# ----------------------------------------------------
-
-include modules.mk
-
-ERL_FILES = $(MODULES:%=%.erl)
-
-TARGET_FILES =  \
-	$(ERL_FILES:%.erl=$(EBIN)/%.$(EMULATOR))
-
-
-# ----------------------------------------------------
-# FLAGS
-# ----------------------------------------------------
-
-ifeq ($(WARN_UNUSED_WARS),true)
-ERL_COMPILE_FLAGS += +warn_unused_vars
-endif
-
-ifeq ($(USE_MEGACO_HIPE),true)
-ERL_COMPILE_FLAGS += +native
-endif
-
-ifeq ($(USE_VERBOSE_STATS),true)
-ERL_COMPILE_FLAGS += -DVERBOSE_STATS=true
-endif
-
-ifneq ($(MSTONE_TIME),)
-ERL_COMPILE_FLAGS += -DMSTONE_TIME=$(MSTONE_TIME)
-endif
-
-ERL_COMPILE_FLAGS += \
-	-pa $(ERL_TOP)/lib/megaco/ebin \
-	-I../include
-
-
-# ----------------------------------------------------
-# Special Build Targets
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-debug:
-	@${MAKE} TYPE=debug opt
-
-opt: $(TARGET_FILES) 
-
-clean:
-	rm -f $(TARGET_FILES) 
-	rm -f errs core *~
-
-docs:
-
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-
-release_spec: opt
-	$(INSTALL_DIR)  $(EXAMPLE_RELSYSDIR)
-	$(INSTALL_DIR)  $(MEAS_RELSYSDIR)
-	$(INSTALL_DATA) $(MESSAGE_PACKAGES) $(MEAS_RELSYSDIR)
-	$(INSTALL_DATA) $(SCRIPT_SKELETONS) $(MEAS_RELSYSDIR)
-	$(INSTALL_DATA) $(TARGET_FILES) $(MEAS_RELSYSDIR)
-	$(INSTALL_DATA) $(ERL_FILES) $(MEAS_RELSYSDIR)
-
-
-release_docs_spec:
-
-
-# ----------------------------------------------------
-# Include dependencies
-# ----------------------------------------------------
-
-megaco_codec_transform.$(EMULATOR): megaco_codec_transform.erl
-
-megaco_codec_meas.$(EMULATOR): megaco_codec_meas.erl
-
-megaco_codec_mstone1.$(EMULATOR): megaco_codec_mstone1.erl
-
-megaco_codec_mstone2.$(EMULATOR): megaco_codec_mstone2.erl
-
-megaco_codec_mstone_lib.$(EMULATOR): megaco_codec_mstone_lib.erl
-
diff --git a/lib/megaco/examples/meas/Makefile.in b/lib/megaco/examples/meas/Makefile.in
new file mode 100644
index 0000000000..6af7ef6c65
--- /dev/null
+++ b/lib/megaco/examples/meas/Makefile.in
@@ -0,0 +1,166 @@
+# 
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+
+include $(ERL_TOP)/make/target.mk
+
+ifeq ($(TYPE),debug)
+ERL_COMPILE_FLAGS += -Ddebug -W
+endif
+
+EBIN = .
+MEGACO_INCLUDEDIR = ../../include
+
+include $(ERL_TOP)/make/$(TARGET)/otp.mk
+
+# ----------------------------------------------------
+# Application version
+# ----------------------------------------------------
+include ../../vsn.mk
+VSN=$(MEGACO_VSN)
+
+
+# ----------------------------------------------------
+# Configured variables
+# ----------------------------------------------------
+PERL = @PERL@
+
+
+# ----------------------------------------------------
+# Release directory specification
+# ----------------------------------------------------
+RELSYSDIR         = $(RELEASE_PATH)/lib/megaco-$(VSN)
+EXAMPLE_RELSYSDIR = $(RELSYSDIR)/examples
+MEAS_RELSYSDIR    = $(EXAMPLE_RELSYSDIR)/meas
+
+
+# ----------------------------------------------------
+# Target Specs
+# ----------------------------------------------------
+
+include modules.mk
+
+ERL_FILES = $(MODULES:%=%.erl)
+
+SCRIPT_SKELETONS = $(SCRIPT_SKELETON_SRC:%.src=%)
+
+ERL_TARGETS = \
+	$(ERL_FILES:%.erl=$(EBIN)/%.$(EMULATOR))
+
+TARGET_FILES = $(SCRIPT_SKELETONS) $(ERL_TARGETS)
+
+
+# ----------------------------------------------------
+# FLAGS
+# ----------------------------------------------------
+
+ifeq ($(WARN_UNUSED_WARS),true)
+ERL_COMPILE_FLAGS += +warn_unused_vars
+endif
+
+ifeq ($(USE_MEGACO_HIPE),true)
+ERL_COMPILE_FLAGS += +native
+endif
+
+ifeq ($(USE_VERBOSE_STATS),true)
+ERL_COMPILE_FLAGS += -DVERBOSE_STATS=true
+endif
+
+ifneq ($(MSTONE_TIME),)
+ERL_COMPILE_FLAGS += -DMSTONE_TIME=$(MSTONE_TIME)
+endif
+
+ERL_COMPILE_FLAGS += \
+	-pa $(ERL_TOP)/lib/megaco/ebin \
+	-I../include
+
+
+# ----------------------------------------------------
+# Special Build Targets
+# ----------------------------------------------------
+
+
+# ----------------------------------------------------
+# Targets
+# ----------------------------------------------------
+debug:
+	@${MAKE} TYPE=debug opt
+
+opt: $(TARGET_FILES) 
+
+script_skeletons: $(SCRIPT_SKELETONS)
+
+info:
+	@echo "MODULES   = $(MODULES)"
+	@echo "ERL_FILED = $(ERL_FILES)"
+	@echo ""
+	@echo "SCRIPT_SKELETON_SRC = $(SCRIPT_SKELETON_SRC)"
+	@echo "SCRIPT_SKELETONS    = $(SCRIPT_SKELETONS)"
+	@echo ""
+	@echo "TARGET_FILES = $(TARGET_FILES)"
+	@echo ""
+
+clean:
+	rm -f $(TARGET_FILES) 
+	rm -f errs core *~
+
+docs:
+
+conf: 
+	cd ../..; $(MAKE) conf
+
+
+# ----------------------------------------------------
+# Release Target
+# ---------------------------------------------------- 
+include $(ERL_TOP)/make/otp_release_targets.mk
+
+
+release_spec: opt
+	$(INSTALL_DIR)  $(EXAMPLE_RELSYSDIR)
+	$(INSTALL_DIR)  $(MEAS_RELSYSDIR)
+	$(INSTALL_DATA) $(MESSAGE_PACKAGES) $(MEAS_RELSYSDIR)
+	$(INSTALL_DATA) $(SCRIPT_SKELETONS) $(MEAS_RELSYSDIR)
+	$(INSTALL_DATA) $(TARGET_FILES) $(MEAS_RELSYSDIR)
+	$(INSTALL_DATA) $(ERL_FILES) $(MEAS_RELSYSDIR)
+
+
+release_docs_spec:
+
+
+# ----------------------------------------------------
+# Include dependencies
+# ----------------------------------------------------
+
+meas.sh.skel: meas.sh.skel.src
+	@echo "transforming $< to $@"
+	$(PERL) -p -e 's?%VSN%?$(VSN)? ' < $< > $@
+
+mstone1.sh.skel: mstone1.sh.skel.src
+	@echo "transforming $< to $@"
+	$(PERL) -p -e 's?%VSN%?$(VSN)? ' < $< > $@
+
+megaco_codec_transform.$(EMULATOR): megaco_codec_transform.erl
+
+megaco_codec_meas.$(EMULATOR): megaco_codec_meas.erl
+
+megaco_codec_mstone1.$(EMULATOR): megaco_codec_mstone1.erl
+
+megaco_codec_mstone2.$(EMULATOR): megaco_codec_mstone2.erl
+
+megaco_codec_mstone_lib.$(EMULATOR): megaco_codec_mstone_lib.erl
+
diff --git a/lib/megaco/examples/meas/meas.sh.skel b/lib/megaco/examples/meas/meas.sh.skel
deleted file mode 100644
index 76745ed8f4..0000000000
--- a/lib/megaco/examples/meas/meas.sh.skel
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 2007-2010. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-
-#
-# Skeleton for a script intended to run the meas test.
-#
-
-ERL_HOME=<path to otp top dir>
-MEGACO_HOME=$ERL_HOME/lib/erlang/lib/<megaco dir>
-MEAS_HOME=$MEGACO_HOME/examples/meas
-PATH=$ERL_HOME/bin:$PATH
-
-# MEAS_TIME_TEST="-s megaco_codec_meas start time_test"
-MEAS_DEFAULT="-s megaco_codec_meas start"
-STOP="-s init stop"
-
-ERL="erl \
-     -noshell \
-     -pa $MEAS_HOME \
-     $MEAS_DEFAULT \
-     $STOP"
-
-echo $ERL
-$ERL | tee meas.log
-
diff --git a/lib/megaco/examples/meas/meas.sh.skel.src b/lib/megaco/examples/meas/meas.sh.skel.src
new file mode 100644
index 0000000000..c7bd6cdd2a
--- /dev/null
+++ b/lib/megaco/examples/meas/meas.sh.skel.src
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2007-2011. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+
+#
+# Skeleton for a script intended to run the meas test.
+#
+
+ERL_HOME=<path to otp top dir>
+MEGACO_HOME=$ERL_HOME/lib/erlang/lib/megaco-%VSN%
+MEAS_HOME=$MEGACO_HOME/examples/meas
+PATH=$ERL_HOME/bin:$PATH
+
+# MEAS_TIME_TEST="-s megaco_codec_meas start time_test"
+MEAS_DEFAULT="-s megaco_codec_meas start"
+STOP="-s init stop"
+
+ERL="erl \
+     -noshell \
+     -pa $MEAS_HOME \
+     $MEAS_DEFAULT \
+     $STOP"
+
+echo $ERL
+$ERL | tee meas.log
+
diff --git a/lib/megaco/examples/meas/modules.mk b/lib/megaco/examples/meas/modules.mk
index 8f1b45c8a6..26979933d7 100644
--- a/lib/megaco/examples/meas/modules.mk
+++ b/lib/megaco/examples/meas/modules.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2002-2009. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -17,9 +17,9 @@
 # 
 # %CopyrightEnd%
 
-SCRIPT_SKELETONS = \
-	meas.sh.skel \
-	mstone1.sh.skel
+SCRIPT_SKELETON_SRC = \
+	meas.sh.skel.src \
+	mstone1.sh.skel.src
 
 MESSAGE_PACKAGES = \
 	time_test.msgs
diff --git a/lib/megaco/examples/meas/mstone1.sh.skel b/lib/megaco/examples/meas/mstone1.sh.skel
deleted file mode 100644
index b7c7e41007..0000000000
--- a/lib/megaco/examples/meas/mstone1.sh.skel
+++ /dev/null
@@ -1,239 +0,0 @@
-#!/bin/sh
-
-#
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2007-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-
-# Skeleton for a script intended to run the mstone1(N) 
-# performance test.
-#
-
-# Get the name of the program
-program=`echo $0 | sed 's#.*/##g'`
-
-usage="\
-Usage: $program [options]
-
-This shell script is used to run the mstone 1 (factor) performance 
-test. It is not intended to test the megaco stack but instead to 
-give a \"performance value\" of the host on which it is run.
-
-Options:
- -help                  display this help and exit.
- -mp <message package>  message package to use for test
-                        default is time_test
- -h <num>               default process heap size
- -a <num>               async thread pool size (default is 0)
- -f <factor>            normally the test is run with 16 processes 
-                        (factor 1), one for each codec config. The test 
-                        can however be run with other factors, e.g. 
-                        factor 10 means that 10 processes will be started 
-                        for each megaco codec config.
-                        The options -s and -f cannot both be present.
- -s <num sched>         normally the test is run with a fixed factor,
-                        but if this option is given, the number of
-                        schedulers is fixed (to the value set by this option)
-                        and the factor is the variable.
-                        The options -s and -f cannot both be present.
- -d <drv-mode>          driver mode for the test:
-                        std  - all codec config(s) will be used
-                        flex - only the text codec config(s) utilizing the 
-                               flex scanner will be used
-                        nd   - only codec config(s) without drivers will be used
-                        od   - only codec config(s) with drivers will be used
- --                     everything after this is just passed on to erl.
-"
-
-ERL_HOME=<path to otp top dir>
-MEGACO_HOME=$ERL_HOME/lib/erlang/lib/<megaco dir>
-MEAS_HOME=$MEGACO_HOME/examples/meas
-PATH=$ERL_HOME/bin:$PATH
-
-MODULE=megaco_codec_mstone1
-STARTF="start"
-FACTOR=""
-MSG_PACK=time_test
-
-while test $# != 0; do
-    # echo "DBG: Value = $1"
-    case  $1 in
-        -help)
-            echo "$usage" ;
-            exit 0;;
-
-        -mp)
-            MSG_PACK="$2";
-            shift ; shift ;;
-
-        -h)
-            PHS="+h $2";
-            shift ; shift ;;
-
-        -a)
-            ATP="+A $2";
-            shift ; shift ;;
-
-        -d)
-	    case $2 in
-		std)
-		    STARTF="start";
-		    shift ; shift ;;
-		flex)
-		    STARTF="start_flex";
-		    shift ; shift ;;
-		nd)
-		    STARTF="start_no_drv";
-		    shift ; shift ;;
-		od)
-		    STARTF="start_only_drv";
-		    shift ; shift ;;
-		*)
-		    echo "unknown driver mode: $2";
-		    echo "$usage" ;
-		    exit 0
-	    esac;;
-	    
-        -f)
-            if [ "x$SCHED" != "x" ]; then
-                echo "option(s) -s and -f cannot both be given" ;
-                echo "$usage" ;
-                exit 0
-            fi
-            FACTOR="$2";
-            TYPE=factor;
-            shift ; shift ;;
-
-        -s)
-            if [ "x$FACTOR" != "x" ]; then
-                echo "option(s) -f and -s cannot both be given" ;
-                echo "$usage" ;
-                exit 0
-            fi
-            SCHED="$2";
-            TYPE=sched;
-            shift ; shift ;;
-
-        --)
-            shift ;
-            break;;
-
-        *)
-            echo "unknown option: $1";
-            echo "$usage" ;
-            exit 0
-    esac
-done
-
-if [ $TYPE = factor ]; then
-
-    MSTONE="-s $MODULE $STARTF $MSG_PACK $FACTOR"
-
-    # SCHEDS="no_smp 01 02 04"
-    # SCHEDS="no_smp 01 02 04 08"
-    # SCHEDS="no_smp 01 02 04 08 16"
-    # SCHEDS="no_smp 01 02 04 08 16 32"
-    # SCHEDS="no_smp 01 02 04 08 16 32 64"
-    SCHEDS="no_smp 01 02 03 04 05 06 07 08"
-
-    for i in `echo $SCHEDS`; do
-        case $i in
-            no_smp)
-                SMP_INFO="No SMP"
-                SMP_OPTS="-smp disable" # THIS IS THE R12B WAY TO DISABLE SMP
-                LOG="mstone1-f$FACTOR-s00.log"
-                ;;
-
-            01)
-                SMP_INFO="SMP: 1 scheduler"
-                SMP_OPTS="-smp +S $i"
-                LOG="mstone1-f$FACTOR-s$i.log"
-                ;;
-
-            *)
-                SMP_INFO="SMP: $i schedulers"
-                SMP_OPTS="-smp +S $i"
-                LOG="mstone1-f$FACTOR-s$i.log"
-                ;;
-        esac
-
-        echo ""
-        echo "---------------------------------------------"
-        echo "$SMP_INFO"
-        echo ""
-
-        ERL="erl \
-          -noshell \
-          $PHS \
-          $ATP \
-          $SMP_OPTS \
-          -pa $MEAS_HOME \
-          $MSTONE \
-          $* \
-          -s init stop"
-
-        echo $ERL
-        $ERL | tee $LOG
-    done
-
-elif [ $TYPE = sched ]; then
-
-    MSTONE="-s $MODULE $STARTF $MSG_PACK"
-
-    # FACTORS="01 02 03 04"
-    # FACTORS="01 02 03 04 05 06 07 08 09 10"
-    FACTORS="01 02 04 08 16 32"
-    # FACTORS="001 010 100"
-
-    case $SCHED in
-        no_smp)
-            SMP_OPTS="-smp disable" # THIS IS THE R12B WAY TO DISABLE SMP
-            ;;
-
-        *)
-            SMP_OPTS="-smp +S $SCHED"
-            ;;
-    esac
-
-    for i in `echo $FACTORS`; do
-        LOG="mstone1-s$SCHED-f$i.log"
-
-        echo ""
-        echo "---------------------------------------------"
-        echo "Factor $i"
-        echo ""
-
-        ERL="erl \
-          -noshell \
-          $PHS \
-          $ATP \
-          $SMP_OPTS \
-          -pa $MEAS_HOME \
-          $MSTONE $i \
-          $* \
-          -s init stop"
-
-        echo $ERL
-        $ERL | tee $LOG
-    done
-
-
-else
-    echo "Either option -f or -s must be specified"
-    echo "$usage" ;
-    exit 0
-    
-fi
diff --git a/lib/megaco/examples/meas/mstone1.sh.skel.src b/lib/megaco/examples/meas/mstone1.sh.skel.src
new file mode 100644
index 0000000000..54a6c61a58
--- /dev/null
+++ b/lib/megaco/examples/meas/mstone1.sh.skel.src
@@ -0,0 +1,239 @@
+#!/bin/sh
+
+#
+# %CopyrightBegin%
+# 
+# Copyright Ericsson AB 2007-2011. All Rights Reserved.
+# 
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+# 
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+# 
+# %CopyrightEnd%
+
+# Skeleton for a script intended to run the mstone1(N) 
+# performance test.
+#
+
+# Get the name of the program
+program=`echo $0 | sed 's#.*/##g'`
+
+usage="\
+Usage: $program [options]
+
+This shell script is used to run the mstone 1 (factor) performance 
+test. It is not intended to test the megaco stack but instead to 
+give a \"performance value\" of the host on which it is run.
+
+Options:
+ -help                  display this help and exit.
+ -mp <message package>  message package to use for test
+                        default is time_test
+ -h <num>               default process heap size
+ -a <num>               async thread pool size (default is 0)
+ -f <factor>            normally the test is run with 16 processes 
+                        (factor 1), one for each codec config. The test 
+                        can however be run with other factors, e.g. 
+                        factor 10 means that 10 processes will be started 
+                        for each megaco codec config.
+                        The options -s and -f cannot both be present.
+ -s <num sched>         normally the test is run with a fixed factor,
+                        but if this option is given, the number of
+                        schedulers is fixed (to the value set by this option)
+                        and the factor is the variable.
+                        The options -s and -f cannot both be present.
+ -d <drv-mode>          driver mode for the test:
+                        std  - all codec config(s) will be used
+                        flex - only the text codec config(s) utilizing the 
+                               flex scanner will be used
+                        nd   - only codec config(s) without drivers will be used
+                        od   - only codec config(s) with drivers will be used
+ --                     everything after this is just passed on to erl.
+"
+
+ERL_HOME=<path to otp top dir>
+MEGACO_HOME=$ERL_HOME/lib/erlang/lib/megaco-%VSN%
+MEAS_HOME=$MEGACO_HOME/examples/meas
+PATH=$ERL_HOME/bin:$PATH
+
+MODULE=megaco_codec_mstone1
+STARTF="start"
+FACTOR=""
+MSG_PACK=time_test
+
+while test $# != 0; do
+    # echo "DBG: Value = $1"
+    case  $1 in
+        -help)
+            echo "$usage" ;
+            exit 0;;
+
+        -mp)
+            MSG_PACK="$2";
+            shift ; shift ;;
+
+        -h)
+            PHS="+h $2";
+            shift ; shift ;;
+
+        -a)
+            ATP="+A $2";
+            shift ; shift ;;
+
+        -d)
+	    case $2 in
+		std)
+		    STARTF="start";
+		    shift ; shift ;;
+		flex)
+		    STARTF="start_flex";
+		    shift ; shift ;;
+		nd)
+		    STARTF="start_no_drv";
+		    shift ; shift ;;
+		od)
+		    STARTF="start_only_drv";
+		    shift ; shift ;;
+		*)
+		    echo "unknown driver mode: $2";
+		    echo "$usage" ;
+		    exit 0
+	    esac;;
+	    
+        -f)
+            if [ "x$SCHED" != "x" ]; then
+                echo "option(s) -s and -f cannot both be given" ;
+                echo "$usage" ;
+                exit 0
+            fi
+            FACTOR="$2";
+            TYPE=factor;
+            shift ; shift ;;
+
+        -s)
+            if [ "x$FACTOR" != "x" ]; then
+                echo "option(s) -f and -s cannot both be given" ;
+                echo "$usage" ;
+                exit 0
+            fi
+            SCHED="$2";
+            TYPE=sched;
+            shift ; shift ;;
+
+        --)
+            shift ;
+            break;;
+
+        *)
+            echo "unknown option: $1";
+            echo "$usage" ;
+            exit 0
+    esac
+done
+
+if [ $TYPE = factor ]; then
+
+    MSTONE="-s $MODULE $STARTF $MSG_PACK $FACTOR"
+
+    # SCHEDS="no_smp 01 02 04"
+    # SCHEDS="no_smp 01 02 04 08"
+    # SCHEDS="no_smp 01 02 04 08 16"
+    # SCHEDS="no_smp 01 02 04 08 16 32"
+    # SCHEDS="no_smp 01 02 04 08 16 32 64"
+    SCHEDS="no_smp 01 02 03 04 05 06 07 08"
+
+    for i in `echo $SCHEDS`; do
+        case $i in
+            no_smp)
+                SMP_INFO="No SMP"
+                SMP_OPTS="-smp disable" # THIS IS THE R12B WAY TO DISABLE SMP
+                LOG="mstone1-f$FACTOR-s00.log"
+                ;;
+
+            01)
+                SMP_INFO="SMP: 1 scheduler"
+                SMP_OPTS="-smp +S $i"
+                LOG="mstone1-f$FACTOR-s$i.log"
+                ;;
+
+            *)
+                SMP_INFO="SMP: $i schedulers"
+                SMP_OPTS="-smp +S $i"
+                LOG="mstone1-f$FACTOR-s$i.log"
+                ;;
+        esac
+
+        echo ""
+        echo "---------------------------------------------"
+        echo "$SMP_INFO"
+        echo ""
+
+        ERL="erl \
+          -noshell \
+          $PHS \
+          $ATP \
+          $SMP_OPTS \
+          -pa $MEAS_HOME \
+          $MSTONE \
+          $* \
+          -s init stop"
+
+        echo $ERL
+        $ERL | tee $LOG
+    done
+
+elif [ $TYPE = sched ]; then
+
+    MSTONE="-s $MODULE $STARTF $MSG_PACK"
+
+    # FACTORS="01 02 03 04"
+    # FACTORS="01 02 03 04 05 06 07 08 09 10"
+    FACTORS="01 02 04 08 16 32"
+    # FACTORS="001 010 100"
+
+    case $SCHED in
+        no_smp)
+            SMP_OPTS="-smp disable" # THIS IS THE R12B WAY TO DISABLE SMP
+            ;;
+
+        *)
+            SMP_OPTS="-smp +S $SCHED"
+            ;;
+    esac
+
+    for i in `echo $FACTORS`; do
+        LOG="mstone1-s$SCHED-f$i.log"
+
+        echo ""
+        echo "---------------------------------------------"
+        echo "Factor $i"
+        echo ""
+
+        ERL="erl \
+          -noshell \
+          $PHS \
+          $ATP \
+          $SMP_OPTS \
+          -pa $MEAS_HOME \
+          $MSTONE $i \
+          $* \
+          -s init stop"
+
+        echo $ERL
+        $ERL | tee $LOG
+    done
+
+
+else
+    echo "Either option -f or -s must be specified"
+    echo "$usage" ;
+    exit 0
+    
+fi
diff --git a/lib/megaco/include/megaco_message_prev3a.hrl b/lib/megaco/include/megaco_message_prev3a.hrl
index 7b7a60fdae..3e73f94761 100644
--- a/lib/megaco/include/megaco_message_prev3a.hrl
+++ b/lib/megaco/include/megaco_message_prev3a.hrl
@@ -563,7 +563,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_prev3b.hrl b/lib/megaco/include/megaco_message_prev3b.hrl
index cfabb29941..b4bde2bb7e 100644
--- a/lib/megaco/include/megaco_message_prev3b.hrl
+++ b/lib/megaco/include/megaco_message_prev3b.hrl
@@ -563,7 +563,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_prev3c.hrl b/lib/megaco/include/megaco_message_prev3c.hrl
index 32024c9a02..90612f66c8 100644
--- a/lib/megaco/include/megaco_message_prev3c.hrl
+++ b/lib/megaco/include/megaco_message_prev3c.hrl
@@ -748,7 +748,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v1.hrl b/lib/megaco/include/megaco_message_v1.hrl
index ba50b50c80..f196c26713 100644
--- a/lib/megaco/include/megaco_message_v1.hrl
+++ b/lib/megaco/include/megaco_message_v1.hrl
@@ -404,7 +404,7 @@
 	 }). % with extension mark
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 % %% String of at least 1 character and at most 67 characters (ASN.1). 
 % %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 % -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v2.hrl b/lib/megaco/include/megaco_message_v2.hrl
index 6190ea7ac4..af79c4dc92 100644
--- a/lib/megaco/include/megaco_message_v2.hrl
+++ b/lib/megaco/include/megaco_message_v2.hrl
@@ -525,7 +525,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v3.hrl b/lib/megaco/include/megaco_message_v3.hrl
index 7a1bc80571..466cfa6856 100644
--- a/lib/megaco/include/megaco_message_v3.hrl
+++ b/lib/megaco/include/megaco_message_v3.hrl
@@ -743,7 +743,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/priv/plt/.gitignore b/lib/megaco/priv/plt/.gitignore
new file mode 100644
index 0000000000..2051b52d48
--- /dev/null
+++ b/lib/megaco/priv/plt/.gitignore
@@ -0,0 +1,2 @@
+/*.plt
+/*.dialyzer_analysis
diff --git a/lib/megaco/src/app/megaco.appup.src b/lib/megaco/src/app/megaco.appup.src
index 7107178d1a..3c9740818a 100644
--- a/lib/megaco/src/app/megaco.appup.src
+++ b/lib/megaco/src/app/megaco.appup.src
@@ -139,39 +139,43 @@
 %%      |
 %%      v
 %%   3.15.1.1
+%%      |
+%%      v
+%%    3.16
 %%
 %%
 {"%VSN%",
  [
+  {"3.15.1.1", 
+   [
+    {restart_application, megaco}
+   ]
+  },
   {"3.15.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15", 
    [
-    {load_module, megaco_flex_scanner, soft_purge, soft_purge, []},
-    {load_module, megaco_sdp, soft_purge, soft_purge, []},
-    {load_module, megaco_filter, soft_purge, soft_purge, []},
-    {load_module, megaco_timer, soft_purge, soft_purge, [megaco_config_misc]},
-    {update, megaco_config, soft, soft_purge, soft_purge, 
-     [megaco_timer, megaco_config_misc]},
-    {add_module,  megaco_config_misc}
+    {restart_application, megaco}
    ]
   }
  ],
  [
+  {"3.15.1.1", 
+   [
+    {restart_application, megaco}
+   ]
+  },
   {"3.15.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15", 
    [
-    {load_module, megaco_flex_scanner, soft_purge, soft_purge, []},
-    {load_module, megaco_sdp, soft_purge, soft_purge, []},
-    {load_module, megaco_filter, soft_purge, soft_purge, []},
-    {load_module, megaco_timer, soft_purge, soft_purge, [megaco_config]},
-    {update, megaco_config, soft, soft_purge, soft_purge, []},
-    {remove, {megaco_config_misc, soft_purge, brutal_purge}}
+    {restart_application, megaco}
    ]
   }
  ]
diff --git a/lib/megaco/src/binary/depend.mk b/lib/megaco/src/binary/depend.mk
index 5ec4977175..c9ca34bcf6 100644
--- a/lib/megaco/src/binary/depend.mk
+++ b/lib/megaco/src/binary/depend.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -24,9 +24,9 @@
 # but for per_bin it means that a stage in the encode
 # is done in the asn1 driver.
 #
-# +driver
+# +nif
 # For ber_bin this means that part of the decode is done
-# in the asn1 driver.
+# in the asn1 nif.
 #
 # +asn1config
 # This is only used by the ber_bin, and means that 
@@ -45,22 +45,22 @@ endif
 
 BER_V1_FLAGS             = $(ASN1_CT_OPTS)
 BER_BIN_V1_FLAGS         = $(ASN1_CT_OPTS) +asn1config +optimize
-BER_BIN_DRV_V1_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize +driver
+BER_BIN_DRV_V1_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize +nif
 BER_V2_FLAGS             = $(ASN1_CT_OPTS)
 BER_BIN_V2_FLAGS         = $(ASN1_CT_OPTS) +asn1config +optimize
-BER_BIN_DRV_V2_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize +driver
+BER_BIN_DRV_V2_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize +nif
 BER_PREV3A_FLAGS         = $(ASN1_CT_OPTS)
 BER_BIN_PREV3A_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize
-BER_BIN_DRV_PREV3A_FLAGS = $(ASN1_CT_OPTS) +asn1config +optimize +driver
+BER_BIN_DRV_PREV3A_FLAGS = $(ASN1_CT_OPTS) +asn1config +optimize +nif
 BER_PREV3B_FLAGS         = $(ASN1_CT_OPTS)
 BER_BIN_PREV3B_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize
-BER_BIN_DRV_PREV3B_FLAGS = $(ASN1_CT_OPTS) +asn1config +optimize +driver
+BER_BIN_DRV_PREV3B_FLAGS = $(ASN1_CT_OPTS) +asn1config +optimize +nif
 BER_PREV3C_FLAGS         = $(ASN1_CT_OPTS)
 BER_BIN_PREV3C_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize
-BER_BIN_DRV_PREV3C_FLAGS = $(ASN1_CT_OPTS) +asn1config +optimize +driver
+BER_BIN_DRV_PREV3C_FLAGS = $(ASN1_CT_OPTS) +asn1config +optimize +nif
 BER_V3_FLAGS             = $(ASN1_CT_OPTS)
 BER_BIN_V3_FLAGS         = $(ASN1_CT_OPTS) +asn1config +optimize
-BER_BIN_DRV_V3_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize +driver
+BER_BIN_DRV_V3_FLAGS     = $(ASN1_CT_OPTS) +asn1config +optimize +nif
 PER_V1_FLAGS             = $(ASN1_CT_OPTS)
 PER_BIN_V1_FLAGS         = $(ASN1_CT_OPTS)
 PER_BIN_DRV_V1_FLAGS     = $(ASN1_CT_OPTS) +optimize
@@ -83,17 +83,16 @@ PER_BIN_DRV_V3_FLAGS     = $(ASN1_CT_OPTS) +optimize
 
 # --- Version 1 ---
 
-$(BER_ASN1_V1_SPEC).erl $(BER_ASN1_V1_SPEC).hrl: \
+$(BER_ASN1_V1_SPEC).erl: \
 	$(BER_ASN1_V1_SPEC).set.asn \
 	$(ASN1_V1_SPEC).asn
 	@echo "$(BER_ASN1_V1_SPEC):"
 	$(ERLC) -bber $(BER_V1_FLAGS) $(BER_ASN1_V1_SPEC).set.asn
 
 $(EBIN)/$(BER_ASN1_V1_SPEC).$(EMULATOR): \
-	$(BER_ASN1_V1_SPEC).erl \
-	$(BER_ASN1_V1_SPEC).hrl
+	$(BER_ASN1_V1_SPEC).erl
 
-$(BER_BIN_ASN1_V1_SPEC).erl $(BER_BIN_ASN1_V1_SPEC).hrl: \
+$(BER_BIN_ASN1_V1_SPEC).erl: \
 	$(BER_BIN_ASN1_V1_SPEC).set.asn \
 	$(BER_BIN_ASN1_V1_SPEC).asn1config \
 	$(ASN1_V1_SPEC).asn
@@ -101,10 +100,9 @@ $(BER_BIN_ASN1_V1_SPEC).erl $(BER_BIN_ASN1_V1_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_V1_FLAGS) $(BER_BIN_ASN1_V1_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_ASN1_V1_SPEC).$(EMULATOR): \
-	$(BER_BIN_ASN1_V1_SPEC).erl \
-	$(BER_BIN_ASN1_V1_SPEC).hrl
+	$(BER_BIN_ASN1_V1_SPEC).erl
 
-$(BER_BIN_DRV_ASN1_V1_SPEC).erl $(BER_BIN_DRV_ASN1_V1_SPEC).hrl: \
+$(BER_BIN_DRV_ASN1_V1_SPEC).erl: \
 	$(BER_BIN_DRV_ASN1_V1_SPEC).set.asn \
 	$(BER_BIN_DRV_ASN1_V1_SPEC).asn1config \
 	$(ASN1_V1_SPEC).asn
@@ -112,53 +110,48 @@ $(BER_BIN_DRV_ASN1_V1_SPEC).erl $(BER_BIN_DRV_ASN1_V1_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_DRV_V1_FLAGS) $(BER_BIN_DRV_ASN1_V1_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_DRV_ASN1_V1_SPEC).$(EMULATOR): \
-	$(BER_BIN_DRV_ASN1_V1_SPEC).erl \
-	$(BER_BIN_DRV_ASN1_V1_SPEC).hrl
+	$(BER_BIN_DRV_ASN1_V1_SPEC).erl
 
-$(PER_ASN1_V1_SPEC).erl $(PER_ASN1_V1_SPEC).hrl: \
+$(PER_ASN1_V1_SPEC).erl: \
 	$(PER_ASN1_V1_SPEC).set.asn \
 	$(ASN1_V1_SPEC).asn
 	@echo "$(PER_ASN1_V1_SPEC):"
 	$(ERLC) -bper $(PER_V1_FLAGS) $(PER_ASN1_V1_SPEC).set.asn
 
 $(EBIN)/$(PER_ASN1_V1_SPEC).$(EMULATOR): \
-	$(PER_ASN1_V1_SPEC).erl \
-	$(PER_ASN1_V1_SPEC).hrl
+	$(PER_ASN1_V1_SPEC).erl
 
-$(PER_BIN_ASN1_V1_SPEC).erl $(PER_BIN_ASN1_V1_SPEC).hrl: \
+$(PER_BIN_ASN1_V1_SPEC).erl: \
 	$(PER_BIN_ASN1_V1_SPEC).set.asn \
 	$(ASN1_V1_SPEC).asn
 	@echo "$(PER_BIN_ASN1_V1_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_V1_FLAGS) $(PER_BIN_ASN1_V1_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_ASN1_V1_SPEC).$(EMULATOR): \
-	$(PER_BIN_ASN1_V1_SPEC).erl \
-	$(PER_BIN_ASN1_V1_SPEC).hrl
+	$(PER_BIN_ASN1_V1_SPEC).erl
 
-$(PER_BIN_DRV_ASN1_V1_SPEC).erl $(PER_BIN_DRV_ASN1_V1_SPEC).hrl: \
+$(PER_BIN_DRV_ASN1_V1_SPEC).erl: \
 	$(PER_BIN_DRV_ASN1_V1_SPEC).set.asn \
 	$(ASN1_V1_SPEC).asn
 	@echo "$(PER_BIN_DRV_ASN1_V1_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_DRV_V1_FLAGS) $(PER_BIN_DRV_ASN1_V1_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_DRV_ASN1_V1_SPEC).$(EMULATOR): \
-	$(PER_BIN_DRV_ASN1_V1_SPEC).erl \
-	$(PER_BIN_DRV_ASN1_V1_SPEC).hrl
+	$(PER_BIN_DRV_ASN1_V1_SPEC).erl
 
 
 # --- Version 2 ---
 
-$(BER_ASN1_V2_SPEC).erl $(BER_ASN1_V2_SPEC).hrl: \
+$(BER_ASN1_V2_SPEC).erl: \
 	$(BER_ASN1_V2_SPEC).set.asn \
 	$(ASN1_V2_SPEC).asn
 	@echo "$(BER_ASN1_V2_SPEC):"
 	$(ERLC) -bber $(BER_V2_FLAGS) $(BER_ASN1_V2_SPEC).set.asn
 
 $(EBIN)/$(BER_ASN1_V2_SPEC).$(EMULATOR): \
-	$(BER_ASN1_V2_SPEC).erl \
-	$(BER_ASN1_V2_SPEC).hrl
+	$(BER_ASN1_V2_SPEC).erl
 
-$(BER_BIN_ASN1_V2_SPEC).erl $(BER_BIN_ASN1_V2_SPEC).hrl: \
+$(BER_BIN_ASN1_V2_SPEC).erl: \
 	$(BER_BIN_ASN1_V2_SPEC).set.asn \
 	$(BER_BIN_ASN1_V2_SPEC).asn1config \
 	$(ASN1_V2_SPEC).asn
@@ -166,10 +159,9 @@ $(BER_BIN_ASN1_V2_SPEC).erl $(BER_BIN_ASN1_V2_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_V2_FLAGS) $(BER_BIN_ASN1_V2_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_ASN1_V2_SPEC).$(EMULATOR): \
-	$(BER_BIN_ASN1_V2_SPEC).erl \
-	$(BER_BIN_ASN1_V2_SPEC).hrl
+	$(BER_BIN_ASN1_V2_SPEC).erl
 
-$(BER_BIN_DRV_ASN1_V2_SPEC).erl $(BER_BIN_DRV_ASN1_V2_SPEC).hrl: \
+$(BER_BIN_DRV_ASN1_V2_SPEC).erl: \
 	$(BER_BIN_DRV_ASN1_V2_SPEC).set.asn \
 	$(BER_BIN_DRV_ASN1_V2_SPEC).asn1config \
 	$(ASN1_V2_SPEC).asn
@@ -177,55 +169,50 @@ $(BER_BIN_DRV_ASN1_V2_SPEC).erl $(BER_BIN_DRV_ASN1_V2_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_DRV_V2_FLAGS) $(BER_BIN_DRV_ASN1_V2_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_DRV_ASN1_V2_SPEC).$(EMULATOR): \
-	$(BER_BIN_DRV_ASN1_V2_SPEC).erl \
-	$(BER_BIN_DRV_ASN1_V2_SPEC).hrl
+	$(BER_BIN_DRV_ASN1_V2_SPEC).erl
 
-$(PER_ASN1_V2_SPEC).erl $(PER_ASN1_V2_SPEC).hrl: \
+$(PER_ASN1_V2_SPEC).erl: \
 	$(PER_ASN1_V2_SPEC).set.asn \
 	$(ASN1_V2_SPEC).asn
 	@echo "$(PER_ASN1_V2_SPEC):"
 	$(ERLC) -bper $(PER_V2_FLAGS) $(PER_ASN1_V2_SPEC).set.asn
 
 $(EBIN)/$(PER_ASN1_V2_SPEC).$(EMULATOR): \
-	$(PER_ASN1_V2_SPEC).erl \
-	$(PER_ASN1_V2_SPEC).hrl
+	$(PER_ASN1_V2_SPEC).erl
 
-$(PER_BIN_ASN1_V2_SPEC).erl $(PER_BIN_ASN1_V2_SPEC).hrl: \
+$(PER_BIN_ASN1_V2_SPEC).erl: \
 	$(PER_BIN_ASN1_V2_SPEC).set.asn \
 	$(ASN1_V2_SPEC).asn
 	@echo "$(PER_BIN_ASN1_V2_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_V2_FLAGS) $(PER_BIN_ASN1_V2_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_ASN1_V2_SPEC).$(EMULATOR): \
-	$(PER_BIN_ASN1_V2_SPEC).erl \
-	$(PER_BIN_ASN1_V2_SPEC).hrl
+	$(PER_BIN_ASN1_V2_SPEC).erl
 
-$(PER_BIN_DRV_ASN1_V2_SPEC).erl $(PER_BIN_DRV_ASN1_V2_SPEC).hrl: \
+$(PER_BIN_DRV_ASN1_V2_SPEC).erl: \
 	$(PER_BIN_DRV_ASN1_V2_SPEC).set.asn \
 	$(ASN1_V2_SPEC).asn
 	@echo "$(PER_BIN_DRV_ASN1_V2_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_DRV_V2_FLAGS) $(PER_BIN_DRV_ASN1_V2_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_DRV_ASN1_V2_SPEC).$(EMULATOR): \
-	$(PER_BIN_DRV_ASN1_V2_SPEC).erl \
-	$(PER_BIN_DRV_ASN1_V2_SPEC).hrl
+	$(PER_BIN_DRV_ASN1_V2_SPEC).erl
 
 
 # --- Version 3 ---
 
 # -- (prev3a) --
 
-$(BER_ASN1_PREV3A_SPEC).erl $(BER_ASN1_PREV3A_SPEC).hrl: \
+$(BER_ASN1_PREV3A_SPEC).erl: \
 	$(BER_ASN1_PREV3A_SPEC).set.asn \
 	$(ASN1_PREV3A_SPEC).asn
 	@echo "$(BER_ASN1_PREV3A_SPEC):"
 	$(ERLC) -bber $(BER_PREV3A_FLAGS) $(BER_ASN1_PREV3A_SPEC).set.asn
 
 $(EBIN)/$(BER_ASN1_PREV3A_SPEC).$(EMULATOR): \
-	$(BER_ASN1_PREV3A_SPEC).erl \
-	$(BER_ASN1_PREV3A_SPEC).hrl
+	$(BER_ASN1_PREV3A_SPEC).erl
 
-$(BER_BIN_ASN1_PREV3A_SPEC).erl $(BER_BIN_ASN1_PREV3A_SPEC).hrl: \
+$(BER_BIN_ASN1_PREV3A_SPEC).erl: \
 	$(BER_BIN_ASN1_PREV3A_SPEC).set.asn \
 	$(BER_BIN_ASN1_PREV3A_SPEC).asn1config \
 	$(ASN1_PREV3A_SPEC).asn
@@ -233,10 +220,9 @@ $(BER_BIN_ASN1_PREV3A_SPEC).erl $(BER_BIN_ASN1_PREV3A_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_PREV3A_FLAGS) $(BER_BIN_ASN1_PREV3A_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_ASN1_PREV3A_SPEC).$(EMULATOR): \
-	$(BER_BIN_ASN1_PREV3A_SPEC).erl \
-	$(BER_BIN_ASN1_PREV3A_SPEC).hrl
+	$(BER_BIN_ASN1_PREV3A_SPEC).erl
 
-$(BER_BIN_DRV_ASN1_PREV3A_SPEC).erl $(BER_BIN_DRV_ASN1_PREV3A_SPEC).hrl: \
+$(BER_BIN_DRV_ASN1_PREV3A_SPEC).erl: \
 	$(BER_BIN_DRV_ASN1_PREV3A_SPEC).set.asn \
 	$(BER_BIN_DRV_ASN1_PREV3A_SPEC).asn1config \
 	$(ASN1_PREV3A_SPEC).asn
@@ -244,52 +230,47 @@ $(BER_BIN_DRV_ASN1_PREV3A_SPEC).erl $(BER_BIN_DRV_ASN1_PREV3A_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_DRV_PREV3A_FLAGS) $(BER_BIN_DRV_ASN1_PREV3A_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_DRV_ASN1_PREV3A_SPEC).$(EMULATOR): \
-	$(BER_BIN_DRV_ASN1_PREV3A_SPEC).erl \
-	$(BER_BIN_DRV_ASN1_PREV3A_SPEC).hrl
+	$(BER_BIN_DRV_ASN1_PREV3A_SPEC).erl
 
-$(PER_ASN1_PREV3A_SPEC).erl $(PER_ASN1_PREV3A_SPEC).hrl: \
+$(PER_ASN1_PREV3A_SPEC).erl: \
 	$(PER_ASN1_PREV3A_SPEC).set.asn \
 	$(ASN1_PREV3A_SPEC).asn
 	@echo "$(PER_ASN1_PREV3A_SPEC):"
 	$(ERLC) -bper $(PER_PREV3A_FLAGS) $(PER_ASN1_PREV3A_SPEC).set.asn
 
 $(EBIN)/$(PER_ASN1_PREV3A_SPEC).$(EMULATOR): \
-	$(PER_ASN1_PREV3A_SPEC).erl \
-	$(PER_ASN1_PREV3A_SPEC).hrl
+	$(PER_ASN1_PREV3A_SPEC).erl
 
-$(PER_BIN_ASN1_PREV3A_SPEC).erl $(PER_BIN_ASN1_PREV3A_SPEC).hrl: \
+$(PER_BIN_ASN1_PREV3A_SPEC).erl: \
 	$(PER_BIN_ASN1_PREV3A_SPEC).set.asn \
 	$(ASN1_PREV3A_SPEC).asn
 	@echo "$(PER_BIN_ASN1_PREV3A_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_PREV3A_FLAGS) $(PER_BIN_ASN1_PREV3A_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_ASN1_PREV3A_SPEC).$(EMULATOR): \
-	$(PER_BIN_ASN1_PREV3A_SPEC).erl \
-	$(PER_BIN_ASN1_PREV3A_SPEC).hrl
+	$(PER_BIN_ASN1_PREV3A_SPEC).erl
 
-$(PER_BIN_DRV_ASN1_PREV3A_SPEC).erl $(PER_BIN_DRV_ASN1_PREV3A_SPEC).hrl: \
+$(PER_BIN_DRV_ASN1_PREV3A_SPEC).erl: \
 	$(PER_BIN_DRV_ASN1_PREV3A_SPEC).set.asn \
 	$(ASN1_PREV3A_SPEC).asn
 	@echo "$(PER_BIN_DRV_ASN1_PREV3A_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_DRV_PREV3A_FLAGS) $(PER_BIN_DRV_ASN1_PREV3A_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_DRV_ASN1_PREV3A_SPEC).$(EMULATOR): \
-	$(PER_BIN_DRV_ASN1_PREV3A_SPEC).erl \
-	$(PER_BIN_DRV_ASN1_PREV3A_SPEC).hrl
+	$(PER_BIN_DRV_ASN1_PREV3A_SPEC).erl
 
 # -- (prev3b) --
 
-$(BER_ASN1_PREV3B_SPEC).erl $(BER_ASN1_PREV3B_SPEC).hrl: \
+$(BER_ASN1_PREV3B_SPEC).erl: \
 	$(BER_ASN1_PREV3B_SPEC).set.asn \
 	$(ASN1_PREV3B_SPEC).asn
 	@echo "$(BER_ASN1_PREV3B_SPEC):"
 	$(ERLC) -bber $(BER_PREV3B_FLAGS) $(BER_ASN1_PREV3B_SPEC).set.asn
 
 $(EBIN)/$(BER_ASN1_PREV3B_SPEC).$(EMULATOR): \
-	$(BER_ASN1_PREV3B_SPEC).erl \
-	$(BER_ASN1_PREV3B_SPEC).hrl
+	$(BER_ASN1_PREV3B_SPEC).erl
 
-$(BER_BIN_ASN1_PREV3B_SPEC).erl $(BER_BIN_ASN1_PREV3B_SPEC).hrl: \
+$(BER_BIN_ASN1_PREV3B_SPEC).erl: \
 	$(BER_BIN_ASN1_PREV3B_SPEC).set.asn \
 	$(BER_BIN_ASN1_PREV3B_SPEC).asn1config \
 	$(ASN1_PREV3B_SPEC).asn
@@ -297,10 +278,9 @@ $(BER_BIN_ASN1_PREV3B_SPEC).erl $(BER_BIN_ASN1_PREV3B_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_PREV3B_FLAGS) $(BER_BIN_ASN1_PREV3B_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_ASN1_PREV3B_SPEC).$(EMULATOR): \
-	$(BER_BIN_ASN1_PREV3B_SPEC).erl \
-	$(BER_BIN_ASN1_PREV3B_SPEC).hrl
+	$(BER_BIN_ASN1_PREV3B_SPEC).erl
 
-$(BER_BIN_DRV_ASN1_PREV3B_SPEC).erl $(BER_BIN_DRV_ASN1_PREV3B_SPEC).hrl: \
+$(BER_BIN_DRV_ASN1_PREV3B_SPEC).erl: \
 	$(BER_BIN_DRV_ASN1_PREV3B_SPEC).set.asn \
 	$(BER_BIN_DRV_ASN1_PREV3B_SPEC).asn1config \
 	$(ASN1_PREV3B_SPEC).asn
@@ -308,53 +288,48 @@ $(BER_BIN_DRV_ASN1_PREV3B_SPEC).erl $(BER_BIN_DRV_ASN1_PREV3B_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_DRV_PREV3B_FLAGS) $(BER_BIN_DRV_ASN1_PREV3B_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_DRV_ASN1_PREV3B_SPEC).$(EMULATOR): \
-	$(BER_BIN_DRV_ASN1_PREV3B_SPEC).erl \
-	$(BER_BIN_DRV_ASN1_PREV3B_SPEC).hrl
+	$(BER_BIN_DRV_ASN1_PREV3B_SPEC).erl
 
-$(PER_ASN1_PREV3B_SPEC).erl $(PER_ASN1_PREV3B_SPEC).hrl: \
+$(PER_ASN1_PREV3B_SPEC).erl: \
 	$(PER_ASN1_PREV3B_SPEC).set.asn \
 	$(ASN1_PREV3B_SPEC).asn
 	@echo "$(PER_ASN1_PREV3B_SPEC):"
 	$(ERLC) -bper $(PER_PREV3B_FLAGS) $(PER_ASN1_PREV3B_SPEC).set.asn
 
 $(EBIN)/$(PER_ASN1_PREV3B_SPEC).$(EMULATOR): \
-	$(PER_ASN1_PREV3B_SPEC).erl \
-	$(PER_ASN1_PREV3B_SPEC).hrl
+	$(PER_ASN1_PREV3B_SPEC).erl
 
-$(PER_BIN_ASN1_PREV3B_SPEC).erl $(PER_BIN_ASN1_PREV3B_SPEC).hrl: \
+$(PER_BIN_ASN1_PREV3B_SPEC).erl: \
 	$(PER_BIN_ASN1_PREV3B_SPEC).set.asn \
 	$(ASN1_PREV3B_SPEC).asn
 	@echo "$(PER_BIN_ASN1_PREV3B_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_PREV3B_FLAGS) $(PER_BIN_ASN1_PREV3B_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_ASN1_PREV3B_SPEC).$(EMULATOR): \
-	$(PER_BIN_ASN1_PREV3B_SPEC).erl \
-	$(PER_BIN_ASN1_PREV3B_SPEC).hrl
+	$(PER_BIN_ASN1_PREV3B_SPEC).erl
 
-$(PER_BIN_DRV_ASN1_PREV3B_SPEC).erl $(PER_BIN_DRV_ASN1_PREV3B_SPEC).hrl: \
+$(PER_BIN_DRV_ASN1_PREV3B_SPEC).erl: \
 	$(PER_BIN_DRV_ASN1_PREV3B_SPEC).set.asn \
 	$(ASN1_PREV3B_SPEC).asn
 	@echo "$(PER_BIN_DRV_ASN1_PREV3B_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_DRV_PREV3B_FLAGS) $(PER_BIN_DRV_ASN1_PREV3B_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_DRV_ASN1_PREV3B_SPEC).$(EMULATOR): \
-	$(PER_BIN_DRV_ASN1_PREV3B_SPEC).erl \
-	$(PER_BIN_DRV_ASN1_PREV3B_SPEC).hrl
+	$(PER_BIN_DRV_ASN1_PREV3B_SPEC).erl
 
 
 # -- (prev3c) --
 
-$(BER_ASN1_PREV3C_SPEC).erl $(BER_ASN1_PREV3C_SPEC).hrl: \
+$(BER_ASN1_PREV3C_SPEC).erl: \
 	$(BER_ASN1_PREV3C_SPEC).set.asn \
 	$(ASN1_PREV3C_SPEC).asn
 	@echo "$(BER_ASN1_PREV3C_SPEC):"
 	$(ERLC) -bber $(BER_PREV3C_FLAGS) $(BER_ASN1_PREV3C_SPEC).set.asn
 
 $(EBIN)/$(BER_ASN1_PREV3C_SPEC).$(EMULATOR): \
-	$(BER_ASN1_PREV3C_SPEC).erl \
-	$(BER_ASN1_PREV3C_SPEC).hrl
+	$(BER_ASN1_PREV3C_SPEC).erl
 
-$(BER_BIN_ASN1_PREV3C_SPEC).erl $(BER_BIN_ASN1_PREV3C_SPEC).hrl: \
+$(BER_BIN_ASN1_PREV3C_SPEC).erl: \
 	$(BER_BIN_ASN1_PREV3C_SPEC).set.asn \
 	$(BER_BIN_ASN1_PREV3C_SPEC).asn1config \
 	$(ASN1_PREV3C_SPEC).asn
@@ -362,10 +337,9 @@ $(BER_BIN_ASN1_PREV3C_SPEC).erl $(BER_BIN_ASN1_PREV3C_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_PREV3C_FLAGS) $(BER_BIN_ASN1_PREV3C_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_ASN1_PREV3C_SPEC).$(EMULATOR): \
-	$(BER_BIN_ASN1_PREV3C_SPEC).erl \
-	$(BER_BIN_ASN1_PREV3C_SPEC).hrl
+	$(BER_BIN_ASN1_PREV3C_SPEC).erl
 
-$(BER_BIN_DRV_ASN1_PREV3C_SPEC).erl $(BER_BIN_DRV_ASN1_PREV3C_SPEC).hrl: \
+$(BER_BIN_DRV_ASN1_PREV3C_SPEC).erl: \
 	$(BER_BIN_DRV_ASN1_PREV3C_SPEC).set.asn \
 	$(BER_BIN_DRV_ASN1_PREV3C_SPEC).asn1config \
 	$(ASN1_PREV3C_SPEC).asn
@@ -373,53 +347,48 @@ $(BER_BIN_DRV_ASN1_PREV3C_SPEC).erl $(BER_BIN_DRV_ASN1_PREV3C_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_DRV_PREV3C_FLAGS) $(BER_BIN_DRV_ASN1_PREV3C_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_DRV_ASN1_PREV3C_SPEC).$(EMULATOR): \
-	$(BER_BIN_DRV_ASN1_PREV3C_SPEC).erl \
-	$(BER_BIN_DRV_ASN1_PREV3C_SPEC).hrl
+	$(BER_BIN_DRV_ASN1_PREV3C_SPEC).erl
 
-$(PER_ASN1_PREV3C_SPEC).erl $(PER_ASN1_PREV3C_SPEC).hrl: \
+$(PER_ASN1_PREV3C_SPEC).erl: \
 	$(PER_ASN1_PREV3C_SPEC).set.asn \
 	$(ASN1_PREV3C_SPEC).asn
 	@echo "$(PER_ASN1_PREV3C_SPEC):"
 	$(ERLC) -bper $(PER_PREV3C_FLAGS) $(PER_ASN1_PREV3C_SPEC).set.asn
 
 $(EBIN)/$(PER_ASN1_PREV3C_SPEC).$(EMULATOR): \
-	$(PER_ASN1_PREV3C_SPEC).erl \
-	$(PER_ASN1_PREV3C_SPEC).hrl
+	$(PER_ASN1_PREV3C_SPEC).erl
 
-$(PER_BIN_ASN1_PREV3C_SPEC).erl $(PER_BIN_ASN1_PREV3C_SPEC).hrl: \
+$(PER_BIN_ASN1_PREV3C_SPEC).erl: \
 	$(PER_BIN_ASN1_PREV3C_SPEC).set.asn \
 	$(ASN1_PREV3C_SPEC).asn
 	@echo "$(PER_BIN_ASN1_PREV3C_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_PREV3C_FLAGS) $(PER_BIN_ASN1_PREV3C_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_ASN1_PREV3C_SPEC).$(EMULATOR): \
-	$(PER_BIN_ASN1_PREV3C_SPEC).erl \
-	$(PER_BIN_ASN1_PREV3C_SPEC).hrl
+	$(PER_BIN_ASN1_PREV3C_SPEC).erl
 
-$(PER_BIN_DRV_ASN1_PREV3C_SPEC).erl $(PER_BIN_DRV_ASN1_PREV3C_SPEC).hrl: \
+$(PER_BIN_DRV_ASN1_PREV3C_SPEC).erl: \
 	$(PER_BIN_DRV_ASN1_PREV3C_SPEC).set.asn \
 	$(ASN1_PREV3C_SPEC).asn
 	@echo "$(PER_BIN_DRV_ASN1_PREV3C_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_DRV_PREV3C_FLAGS) $(PER_BIN_DRV_ASN1_PREV3C_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_DRV_ASN1_PREV3C_SPEC).$(EMULATOR): \
-	$(PER_BIN_DRV_ASN1_PREV3C_SPEC).erl \
-	$(PER_BIN_DRV_ASN1_PREV3C_SPEC).hrl
+	$(PER_BIN_DRV_ASN1_PREV3C_SPEC).erl
 
 
 # -- (v3) --
 
-$(BER_ASN1_V3_SPEC).erl $(BER_ASN1_V3_SPEC).hrl: \
+$(BER_ASN1_V3_SPEC).erl: \
 	$(BER_ASN1_V3_SPEC).set.asn \
 	$(ASN1_V3_SPEC).asn
 	@echo "$(BER_ASN1_V3_SPEC):"
 	$(ERLC) -bber $(BER_V3_FLAGS) $(BER_ASN1_V3_SPEC).set.asn
 
 $(EBIN)/$(BER_ASN1_V3_SPEC).$(EMULATOR): \
-	$(BER_ASN1_V3_SPEC).erl \
-	$(BER_ASN1_V3_SPEC).hrl
+	$(BER_ASN1_V3_SPEC).erl
 
-$(BER_BIN_ASN1_V3_SPEC).erl $(BER_BIN_ASN1_V3_SPEC).hrl: \
+$(BER_BIN_ASN1_V3_SPEC).erl: \
 	$(BER_BIN_ASN1_V3_SPEC).set.asn \
 	$(BER_BIN_ASN1_V3_SPEC).asn1config \
 	$(ASN1_V3_SPEC).asn
@@ -427,10 +396,9 @@ $(BER_BIN_ASN1_V3_SPEC).erl $(BER_BIN_ASN1_V3_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_V3_FLAGS) $(BER_BIN_ASN1_V3_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_ASN1_V3_SPEC).$(EMULATOR): \
-	$(BER_BIN_ASN1_V3_SPEC).erl \
-	$(BER_BIN_ASN1_V3_SPEC).hrl
+	$(BER_BIN_ASN1_V3_SPEC).erl
 
-$(BER_BIN_DRV_ASN1_V3_SPEC).erl $(BER_BIN_DRV_ASN1_V3_SPEC).hrl: \
+$(BER_BIN_DRV_ASN1_V3_SPEC).erl: \
 	$(BER_BIN_DRV_ASN1_V3_SPEC).set.asn \
 	$(BER_BIN_DRV_ASN1_V3_SPEC).asn1config \
 	$(ASN1_V3_SPEC).asn
@@ -438,38 +406,34 @@ $(BER_BIN_DRV_ASN1_V3_SPEC).erl $(BER_BIN_DRV_ASN1_V3_SPEC).hrl: \
 	$(ERLC) -bber_bin $(BER_BIN_DRV_V3_FLAGS) $(BER_BIN_DRV_ASN1_V3_SPEC).set.asn
 
 $(EBIN)/$(BER_BIN_DRV_ASN1_V3_SPEC).$(EMULATOR): \
-	$(BER_BIN_DRV_ASN1_V3_SPEC).erl \
-	$(BER_BIN_DRV_ASN1_V3_SPEC).hrl
+	$(BER_BIN_DRV_ASN1_V3_SPEC).erl
 
-$(PER_ASN1_V3_SPEC).erl $(PER_ASN1_V3_SPEC).hrl: \
+$(PER_ASN1_V3_SPEC).erl: \
 	$(PER_ASN1_V3_SPEC).set.asn \
 	$(ASN1_V3_SPEC).asn
 	@echo "$(PER_ASN1_V3_SPEC):"
 	$(ERLC) -bper $(PER_V3_FLAGS) $(PER_ASN1_V3_SPEC).set.asn
 
 $(EBIN)/$(PER_ASN1_V3_SPEC).$(EMULATOR): \
-	$(PER_ASN1_V3_SPEC).erl \
-	$(PER_ASN1_V3_SPEC).hrl
+	$(PER_ASN1_V3_SPEC).erl
 
-$(PER_BIN_ASN1_V3_SPEC).erl $(PER_BIN_ASN1_V3_SPEC).hrl: \
+$(PER_BIN_ASN1_V3_SPEC).erl: \
 	$(PER_BIN_ASN1_V3_SPEC).set.asn \
 	$(ASN1_V3_SPEC).asn
 	@echo "$(PER_BIN_ASN1_V3_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_V3_FLAGS) $(PER_BIN_ASN1_V3_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_ASN1_V3_SPEC).$(EMULATOR): \
-	$(PER_BIN_ASN1_V3_SPEC).erl \
-	$(PER_BIN_ASN1_V3_SPEC).hrl
+	$(PER_BIN_ASN1_V3_SPEC).erl
 
-$(PER_BIN_DRV_ASN1_V3_SPEC).erl $(PER_BIN_DRV_ASN1_V3_SPEC).hrl: \
+$(PER_BIN_DRV_ASN1_V3_SPEC).erl: \
 	$(PER_BIN_DRV_ASN1_V3_SPEC).set.asn \
 	$(ASN1_V3_SPEC).asn
 	@echo "$(PER_BIN_DRV_ASN1_V3_SPEC):"
 	$(ERLC) -bper_bin $(PER_BIN_DRV_V3_FLAGS) $(PER_BIN_DRV_ASN1_V3_SPEC).set.asn
 
 $(EBIN)/$(PER_BIN_DRV_ASN1_V3_SPEC).$(EMULATOR): \
-	$(PER_BIN_DRV_ASN1_V3_SPEC).erl \
-	$(PER_BIN_DRV_ASN1_V3_SPEC).hrl
+	$(PER_BIN_DRV_ASN1_V3_SPEC).erl
 
 
 # -------------
diff --git a/lib/megaco/src/engine/megaco_digit_map.erl b/lib/megaco/src/engine/megaco_digit_map.erl
index de28686d6d..bf798d7938 100644
--- a/lib/megaco/src/engine/megaco_digit_map.erl
+++ b/lib/megaco/src/engine/megaco_digit_map.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2000-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -362,7 +362,7 @@ collect(Event, State, Timers, STL, Letters) ->
 	       "~n   Timers2:  ~p"
 	       "~n   Letters2: ~p", [State2, Timers2, Letters2]),
 	    MaxWait = choose_timer(State2, Event, Timers2),
-	    ?d("collect -> Timer choosen: "
+	    ?d("collect -> Timer chosen: "
 	       "~n   MaxWait: ~p", [MaxWait]),
 	    receive
 		{?MODULE, _FromPid, Event2} ->
@@ -737,7 +737,7 @@ compute_cont([Next | Cont] = All, Mode, GlobalMode, State, STL) ->
        "~n   Mode:       ~p"
        "~n   GlobalMode: ~p", [Next, Mode, GlobalMode]),
     case Next of
-	%% Retain long timer if that has already been choosen
+	%% Retain long timer if that has already been chosen
 	use_short_timer when GlobalMode =:= use_long_timer ->
 	    compute_cont(Cont, Mode, GlobalMode, State, STL);
 	use_short_timer ->
diff --git a/lib/megaco/src/flex/Makefile.in b/lib/megaco/src/flex/Makefile.in
index 5af651d89b..7d82644246 100644
--- a/lib/megaco/src/flex/Makefile.in
+++ b/lib/megaco/src/flex/Makefile.in
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2001-2010. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -391,7 +391,9 @@ $(STD_DRV).c: $(STD_DRV).flex
 $(MT_DRV).c: $(MT_DRV).flex
 	$(LEX) $(MT_LEX_FLAGS) -P$* -o$@ $< 
 
-solibs: $(LIBDIR) $(OBJDIR) $(SOLIBS) 
+_create_dirs := $(shell mkdir -p $(OBJDIR) $(LIBDIR))
+
+solibs: $(SOLIBS) 
 
 $(OBJDIR)/$(STD_DRV).o: $(STD_DRV).c 
 	@echo "compiling std driver:"
@@ -411,10 +413,3 @@ $(LIBDIR)/$(STD_DRV).$(DED_EXT): $(OBJDIR)/$(STD_DRV).o
 $(LIBDIR)/$(MT_DRV).$(DED_EXT): $(OBJDIR)/$(MT_DRV).o
 	@echo "linking multi-threaded driver:"
 	$(LD) $(LDFLAGS) -o $@ $< 
-
-$(LIBDIR):
-	-mkdir -p $(LIBDIR)
-
-$(OBJDIR):
-	-mkdir -p $(OBJDIR)
-
diff --git a/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src b/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
index 9b4f717201..b8146c345d 100644
--- a/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
+++ b/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
@@ -1,7 +1,7 @@
   /*
    * %CopyrightBegin%
    *
-   * Copyright Ericsson AB 2001-2010. All Rights Reserved.
+   * Copyright Ericsson AB 2001-2011. All Rights Reserved.
    *
    * The contents of this file are subject to the Erlang Public License,
    * Version 1.1, (the "License"); you may not use this file except in
@@ -60,18 +60,11 @@
 #define NUL        0x0
 
 #if defined(MEGACO_REENTRANT_FLEX_SCANNER)
-  #define MEGACO_EXTENDED_MARKER        ERL_DRV_EXTENDED_MARKER
-  #define MEGACO_DRIVER_FLAGS           ERL_DRV_FLAG_USE_PORT_LOCKING
-  #define MEGACO_EXTENDED_MAJOR_VERSION ERL_DRV_EXTENDED_MAJOR_VERSION
-  #define MEGACO_EXTENDED_MINOR_VERSION ERL_DRV_EXTENDED_MINOR_VERSION
-#else
-  #define MEGACO_EXTENDED_MARKER        0
-  #define MEGACO_DRIVER_FLAGS           0
-  #define MEGACO_EXTENDED_MAJOR_VERSION 0
-  #define MEGACO_EXTENDED_MINOR_VERSION 0
+#  define MEGACO_DRIVER_FLAGS           ERL_DRV_FLAG_USE_PORT_LOCKING
+#else 
+#  define MEGACO_DRIVER_FLAGS           0
 #endif
 
-
 #define FREE(bufP)        driver_free(bufP)
 #define ALLOC(sz)         driver_alloc(sz)
 #define REALLOC(bufP, sz) driver_realloc(bufP, sz)
@@ -320,11 +313,11 @@ static void mfs_load_map_token();
 static ErlDrvData mfs_start(ErlDrvPort port, char *buf);
 static void 	  mfs_stop(ErlDrvData handle);
 static void 	  mfs_command(ErlDrvData handle, 
-                              char *buf, int buf_len);
-static int 	  mfs_control(ErlDrvData handle, 
+                              char *buf, ErlDrvSizeT buf_len);
+static ErlDrvSSizeT mfs_control(ErlDrvData handle,
                               unsigned int command,
-                              char *buf, int buf_len, 
-      			      char **res_buf, int res_buf_len);
+                              char *buf, ErlDrvSizeT buf_len, 
+      			      char **res_buf, ErlDrvSizeT res_buf_len);
 static void 	  mfs_finish(void);
 
 /* 
@@ -348,10 +341,10 @@ static ErlDrvEntry mfs_entry = {
     NULL,              /* flush, port is about to be closed */
     NULL,              /* call, a syncronous call into the driver */
     NULL,              /* event, event selected by driver_event() has occurred */
-    MEGACO_EXTENDED_MARKER,         /* extended_marker, which we use if reentrant */
-    MEGACO_EXTENDED_MAJOR_VERSION,  /* major_version, ... */
-    MEGACO_EXTENDED_MINOR_VERSION,  /* minor_version, ... */
-    MEGACO_DRIVER_FLAGS,            /* driver_flags, used for port lock indication */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    MEGACO_DRIVER_FLAGS, /* driver_flags, used for port lock indication */
     NULL,              /* handle2, emulator internal use */
     NULL               /* process_exit, Called when a process monitor fires */
 };    
@@ -1685,17 +1678,17 @@ static void mfs_stop(ErlDrvData handle)
 }
 
 static void mfs_command(ErlDrvData handle, 
-			char *buf, int buf_len)
+			char *buf, ErlDrvSizeT buf_len)
 {
   driver_failure_atom(((MfsErlDrvData*) handle)->port, "bad_usage");
 
   return;
 }
 
-static int mfs_control(ErlDrvData          handle, 
+static ErlDrvSSizeT mfs_control(ErlDrvData          handle,
 		       unsigned int        command,
-		       char  *buf,     int buf_len, 
-		       char **res_buf, int res_buf_len)
+		       char  *buf,     ErlDrvSizeT buf_len, 
+		       char **res_buf, ErlDrvSizeT res_buf_len)
 {
   MfsErlDrvData*  dataP = (MfsErlDrvData*) handle;
   char*           tmp;
diff --git a/lib/megaco/test/megaco_codec_v1_test.erl b/lib/megaco/test/megaco_codec_v1_test.erl
index 3a548c4d9e..e9c19605dd 100644
--- a/lib/megaco/test/megaco_codec_v1_test.erl
+++ b/lib/megaco/test/megaco_codec_v1_test.erl
@@ -371,9 +371,9 @@ profile_decode_text_messages(Slogan, Codec, Config, Msgs0) ->
 		decode_text_messages(Codec, Config, Bins, [])
 	  end,
     %% Make a dry run, just to make sure all modules are loaded:
-    io:format("make a dry run..~n", []),
+    io:format("make a dry run...~n", []),
     (catch Fun()),
-    io:format("make the run..~n", []),
+    io:format("make the run...~n", []),
     megaco_profile:profile(Slogan, Fun).
 
 %% (catch megaco_codec_v1_test:profile_encode_compact_text_messages()).
diff --git a/lib/megaco/test/megaco_codec_v2_test.erl b/lib/megaco/test/megaco_codec_v2_test.erl
index c3a80febba..a44f74166c 100644
--- a/lib/megaco/test/megaco_codec_v2_test.erl
+++ b/lib/megaco/test/megaco_codec_v2_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -346,9 +346,9 @@ profile_decode_text_messages(Slogan, Codec, Config, Msgs0) ->
 		decode_text_messages(Codec, Config, Bins, [])
 	  end,
     %% Make a dry run, just to make sure all modules are loaded:
-    io:format("make a dry run..~n", []),
+    io:format("make a dry run...~n", []),
     (catch Fun()),
-    io:format("make the run..~n", []),
+    io:format("make the run...~n", []),
     megaco_profile:profile(Slogan, Fun).
 
 %% (catch megaco_codec_v2_test:profile_encode_compact_text_messages()).
diff --git a/lib/megaco/test/megaco_mess_test.erl b/lib/megaco/test/megaco_mess_test.erl
index ded1506271..8bafab1aba 100644
--- a/lib/megaco/test/megaco_mess_test.erl
+++ b/lib/megaco/test/megaco_mess_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -34,12 +34,12 @@
 
 %% -compile(export_all).
 -export([
-	 all/0,groups/0,init_per_group/2,end_per_group/2, 
-	 init_per_testcase/2, 
-	 end_per_testcase/2,
+	 all/0, groups/0, 
+	 init_per_suite/1,    end_per_suite/1, 
+	 init_per_group/2,    end_per_group/2, 
+	 init_per_testcase/2, end_per_testcase/2,
 
 	 connect/1,
-
 	
 	 request_and_reply_plain/1,
 	 request_and_no_reply/1,
@@ -347,39 +347,83 @@ end_per_testcase(Case, Config) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 all() -> 
-    [connect, {group, request_and_reply},
-     {group, pending_ack}, dist, {group, tickets}].
+    [
+     connect, 
+     {group, request_and_reply},
+     {group, pending_ack}, 
+     dist, 
+     {group, tickets}
+    ].
 
 groups() -> 
-    [{request_and_reply, [],
-      [request_and_reply_plain, request_and_no_reply,
+    [
+     {request_and_reply, [],
+      [request_and_reply_plain, 
+       request_and_no_reply,
        request_and_reply_pending_ack_no_pending,
        request_and_reply_pending_ack_one_pending,
        single_trans_req_and_reply,
        single_trans_req_and_reply_sendopts,
-       request_and_reply_and_ack, request_and_reply_and_no_ack,
+       request_and_reply_and_ack, 
+       request_and_reply_and_no_ack,
        request_and_reply_and_late_ack,
        trans_req_and_reply_and_req]},
      {pending_ack, [],
       [pending_ack_plain,
        request_and_pending_and_late_reply]},
      {tickets, [],
-      [otp_4359, otp_4836, otp_5805, otp_5881, otp_5887,
-       otp_6253, otp_6275, otp_6276, {group, otp_6442},
-       {group, otp_6865}, otp_7189, otp_7259, otp_7713,
-       {group, otp_8183}, otp_8212]},
+      [otp_4359, 
+       otp_4836, 
+       otp_5805, 
+       otp_5881, 
+       otp_5887,
+       otp_6253, 
+       otp_6275, 
+       otp_6276, 
+       {group, otp_6442},
+       {group, otp_6865}, 
+       otp_7189, 
+       otp_7259, 
+       otp_7713,
+       {group, otp_8183}, 
+       otp_8212]},
      {otp_6442, [],
-      [otp_6442_resend_request1, otp_6442_resend_request2,
-       otp_6442_resend_reply1, otp_6442_resend_reply2]},
+      [otp_6442_resend_request1, 
+       otp_6442_resend_request2,
+       otp_6442_resend_reply1, 
+       otp_6442_resend_reply2]},
      {otp_6865, [],
       [otp_6865_request_and_reply_plain_extra1,
        otp_6865_request_and_reply_plain_extra2]},
-     {otp_8183, [], [otp_8183_request1]}].
+     {otp_8183, [], [otp_8183_request1]}
+    ].
+
+
+init_per_suite(Config) ->
+    io:format("~w:init_per_suite -> entry with"
+	      "~n   Config: ~p"
+	      "~n", [?MODULE, Config]),
+    Config.
+
+end_per_suite(_Config) ->
+    io:format("~w:end_per_suite -> entry with"
+	      "~n   _Config: ~p"
+	      "~n", [?MODULE, _Config]),
+    ok.
+
 
 init_per_group(_GroupName, Config) ->
+    io:format("~w:init_per_group -> entry with"
+	      "~n   _GroupName: ~p"
+	      "~n   Config: ~p"
+	      "~n", [?MODULE, _GroupName, Config]),
     Config.
 
 end_per_group(_GroupName, Config) ->
+    io:format("~w:end_per_group -> entry with"
+	      "~n   _GroupName: ~p"
+	      "~n   Config: ~p"
+	      "~n", [?MODULE, _GroupName, Config]),
     Config.
 
 
@@ -394,12 +438,16 @@ connect(Config) when is_list(Config) ->
     PrelMid = preliminary_mid,
     MgMid   = ipv4_mid(4711),
 
+    d("connect -> start megaco app",[]),
     ?VERIFY(ok, application:start(megaco)),
+    d("connect -> start (MG) user ~p",[MgMid]),
     ?VERIFY(ok,	megaco:start_user(MgMid, [{send_mod, bad_send_mod},
 	                                  {request_timer, infinity},
 	                                  {reply_timer, infinity}])),
 
+    d("connect -> get receive info for ~p",[MgMid]),
     MgRH = user_info(MgMid, receive_handle),
+    d("connect -> (MG) try connect to MGC",[]),
     {ok, PrelCH} = ?VERIFY({ok, _}, megaco:connect(MgRH, PrelMid, sh, self())),
 
     connections([PrelCH]),
@@ -408,9 +456,20 @@ connect(Config) when is_list(Config) ->
     ?VERIFY(bad_send_mod, megaco:user_info(MgMid, send_mod)),
     ?VERIFY(bad_send_mod, megaco:conn_info(PrelCH, send_mod)),
     SC = service_change_request(),
-    ?VERIFY({1, {error, {send_message_failed, {'EXIT',
-                  {undef, [{bad_send_mod, send_message, [sh, _]} | _]}}}}},
-	     megaco:call(PrelCH, [SC], [])),
+    case megaco:call(PrelCH, [SC], []) of
+	{error, 
+	 {send_message_failed, 
+	  {'EXIT', {undef, [{bad_send_mod, send_message, [sh, _]} | _]}}}} ->
+	    ok;
+	
+	%% As of R15, we also get some extra info (e.g. line numbers)
+	{error, 
+	 {send_message_failed, 
+	  {'EXIT', {undef, [{bad_send_mod, send_message, [sh, _], _} | _]}}}} ->
+	    ok;
+	Unexpected ->
+	    ?ERROR(Unexpected)
+    end,
 
     ?VERIFY(ok, megaco:disconnect(PrelCH, shutdown)),
 
@@ -6776,16 +6835,12 @@ rapalr_mg_notify_request_ar(Rid, Tid, Cid) ->
 
 
 
-
-
-
-
-
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 dist(suite) ->
     [];
 dist(Config) when is_list(Config) ->
+    ?SKIP("Needs a re-write..."),
     [_Local, Dist] = ?ACQUIRE_NODES(2, Config),
     d("dist -> start proxy",[]),
     megaco_mess_user_test:start_proxy(),
@@ -6897,7 +6952,11 @@ dist(Config) when is_list(Config) ->
 
     ?VERIFY(ok, application:stop(megaco)),
     ?RECEIVE([]),
-    d("dist -> done",[]),
+
+    d("dist -> stop proxy",[]),
+    megaco_mess_user_test:stop_proxy(),
+
+    d("dist -> done", []),
     ok.
 
 
diff --git a/lib/megaco/test/megaco_profile.erl b/lib/megaco/test/megaco_profile.erl
index d0b62610e1..fd72604e92 100644
--- a/lib/megaco/test/megaco_profile.erl
+++ b/lib/megaco/test/megaco_profile.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,50 +24,102 @@
 
 -module(megaco_profile).
 
--export([profile/2]).
-
+-export([profile/2, prepare/2, analyse/1,
+         fprof_to_calltree/1, fprof_to_calltree/2, fprof_to_calltree/3]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 %% Execute Fun and profile it with fprof.
-profile(Slogan, Fun) when is_function(Fun) ->
+profile(Slogan, Fun) when is_function(Fun, 0) ->
     Pids = [self()],
-    profile(Slogan, Fun, Pids).
+    {ok, TraceFile} = prepare(Slogan, Pids),
+    Res = (catch Fun()),
+    {ok, _DestFile} = analyse(Slogan),
+    ok = file:delete(TraceFile),
+    {ok, _TreeFile} = fprof_to_calltree(Slogan),
+    Res.
 
-profile(Slogan, Fun, Pids) ->
+%% Prepare for tracing
+prepare(Slogan, Pids) ->
     TraceFile = lists:concat(["profile_", Slogan, "-fprof.trace"]),
-    DestFile  = lists:concat(["profile_", Slogan, ".fprof"]),
-    TreeFile  = lists:concat(["profile_", Slogan, ".calltree"]),
-    erlang:garbage_collect(),
     {ok, _Pid} = fprof:start(),
+    erlang:garbage_collect(),
     TraceOpts = [start, 
-		 {cpu_time, false}, 
-		 {procs,    Pids}, 
-		 {file,     TraceFile}
+		 {cpu_time, false},
+		 {procs, Pids},
+		 {file, TraceFile}
 		],
-    ok  = fprof:trace(TraceOpts), 
-    Res = (catch Fun()),
-    ok  = fprof:trace(stop),
-    ok  = fprof:profile([{file, TraceFile}]),
-    ok  = fprof:analyse([{dest, DestFile}]),
-    ok  = fprof:stop(),
-    ok  = file:delete(TraceFile),
-    reformat_total(DestFile, TreeFile),
-    Res.
+    ok = fprof:trace(TraceOpts),
+    {ok, TraceFile}.
 
-reformat_total(FromFile, ToFile) ->
-    {ok, ConsultedFromFile} = file:consult(FromFile),
-    [_AnalysisOpts, [Totals] | Terms] = ConsultedFromFile,
-    {totals, _, TotalAcc, _} = Totals,
+%% Stop tracing and analyse it
+analyse(Slogan) ->
+    fprof:trace(stop),
+    TraceFile = lists:concat(["profile_", Slogan, "-fprof.trace"]),
+    DestFile = lists:concat(["profile_", Slogan, ".fprof"]),
+    try
+        case fprof:profile([{file, TraceFile}]) of
+            ok ->
+                ok = fprof:analyse([{dest, DestFile}, {totals, false}]),
+                {ok, DestFile};
+            {error, Reason} ->
+                {error, Reason}
+        end
+    after
+         fprof:stop()
+    end.
+
+fprof_to_calltree(Slogan) ->
+    fprof_to_calltree(Slogan, 0).
+
+fprof_to_calltree(Slogan, MinPercent) ->
+    DestFile = lists:concat(["profile_", Slogan, ".fprof"]),
+    TreeFile = lists:concat(["profile_", Slogan, ".calltree"]),
+    fprof_to_calltree(DestFile, TreeFile, MinPercent).
+
+%% Create a calltree from an fprof file
+fprof_to_calltree(FromFile, ToFile, MinPercent) ->
+    ReplyTo = self(),
+    Ref = make_ref(),
+    spawn_link(fun() ->
+                       ReplyTo ! {Ref, do_fprof_to_calltree(FromFile, ToFile, MinPercent)}
+               end),
+    wait_for_reply(Ref).
+
+wait_for_reply(Ref) ->
+    receive
+        {Ref, Res} ->
+            Res;
+        {'EXIT', normal} ->
+            wait_for_reply(Ref);
+        {'EXIT', Reason} ->
+            exit(Reason)
+    end.
+
+do_fprof_to_calltree(FromFile, ToFile, MinPercent) ->
     {ok, Fd} = file:open(ToFile, [write, raw]),
-    Indent = "",
-    log(Fd, Indent, TotalAcc, Totals),
-    Processes = split_processes(Terms, [], []),
-    Reformat = fun(P) -> reformat_process(Fd, "  " ++ Indent, TotalAcc, P) end,
-    lists:foreach(Reformat, Processes),
-    file:close(Fd).
 
+    {ok, ConsultedFromFile} = file:consult(FromFile),
+    [_AnalysisOpts, [_Totals] | Terms] = ConsultedFromFile,
+    Processes = split_processes(Terms, [], []),
+    Indent = "",
+    Summary = collapse_processes(Processes),
+    {_Label, _Cnt, Acc, _Own, _Roots, Details} = Summary,
+    %% log(Fd, Label, Indent, Acc, {Label, Cnt, Acc, Own}, [], 0),
+    gen_calltree(Fd, Indent, Acc, Summary, MinPercent),
+    Delim = io_lib:format("\n~80..=c\n\n", [$=]),
+    Write = 
+        fun(P) ->
+                file:write(Fd, Delim),
+                gen_calltree(Fd, Indent, Acc, P, MinPercent)
+        end,
+    lists:foreach(Write, Processes),
+    file:write(Fd, Delim),
+    gen_details(Fd, Acc, Details),
+    file:close(Fd),
+    {ok, ToFile}.
 
+%% Split all fprof terms into a list of processes
 split_processes([H | T], ProcAcc, TotalAcc) ->
     if
 	is_tuple(H) ->
@@ -75,64 +127,185 @@ split_processes([H | T], ProcAcc, TotalAcc) ->
 	is_list(H), ProcAcc =:= [] ->
 	    split_processes(T, [H], TotalAcc);
 	is_list(H) ->
-	    split_processes(T, [H], [lists:reverse(ProcAcc) | TotalAcc])
+            ProcAcc2 = rearrange_process(lists:reverse(ProcAcc)),
+	    split_processes(T, [H], [ProcAcc2 | TotalAcc])
     end;
 split_processes([], [], TotalAcc) ->
-    lists:reverse(TotalAcc);
+    lists:reverse(lists:keysort(3, TotalAcc));
 split_processes([], ProcAcc, TotalAcc) ->
-    lists:reverse([lists:reverse(ProcAcc) | TotalAcc]).
-
-reformat_process(Fd, Indent, TotalAcc, Terms) ->
-    case Terms of
-	[[{ProcLabel, _, _, _}] | All]  -> ok;
-	[[{ProcLabel,_,_,_} | _] | All] -> ok
-    end,
-    [{_, {TopKey, TopCnt, TopAcc, TopOwn}, _} | _] = All,
-    Process = {ProcLabel, TopCnt, TopAcc, TopOwn},
-    log(Fd, Indent, TotalAcc, Process),
-    reformat_calls(Fd, "  " ++ Indent, TotalAcc, TopKey, All, []).
-
-reformat_calls(Fd, Indent, TotalAcc, Key, Terms, Stack) ->
-    {_CalledBy, Current, Calls} = find(Key, Terms),
-    log(Fd, Indent, TotalAcc, Current),
-    case lists:member(Key, Stack) of
-	true ->
-	    ok;
-	false ->
-	    case Key of
-		{io_lib, _, _} ->
-		    ok;
-		{disk_log, _, _} ->
-		    ok;
-		{lists, flatten, _} ->
-		    ok;
-		{lists, keysort, _} ->
-		    ok;
-		_ ->
-		    Fun = fun({NextKey, _, _, _}) ->
-				  reformat_calls(Fd,
-						 "  " ++ Indent,
-						 TotalAcc, 
-						 NextKey, 
-						 Terms, 
-						 [Key | Stack])
-			  end,
-		    lists:foreach(Fun, Calls)
-	    end
+    ProcAcc2 = rearrange_process(lists:reverse(ProcAcc)),
+    lists:reverse(lists:keysort(3, [ProcAcc2 | TotalAcc])).
+
+%% Rearrange the raw process list into a more useful format
+rearrange_process([[{Label, _Cnt, _Acc, _Own} | _ ] | Details]) ->
+    do_rearrange_process(Details, Details, Label, [], []).
+
+do_rearrange_process([{CalledBy, Current, _Calls} | T], Orig, Label, Roots, Undefs) ->
+    case  [{undefined, Cnt, safe_max(Acc, Own), Own} ||
+              {undefined, Cnt, Acc, Own} <- CalledBy] of
+        [] ->
+            do_rearrange_process(T, Orig, Label, Roots, Undefs);
+        NewUndefs ->
+            do_rearrange_process(T, Orig, Label, [Current | Roots], NewUndefs ++ Undefs)
+    end;
+do_rearrange_process([], Details, Label, Roots, Undefs) ->
+    [{undefined, Cnt, Acc, Own}] = collapse_calls(Undefs, []),
+    Details2 = sort_details(3, Details),
+    {Label, Cnt, Acc, Own, lists:reverse(lists:keysort(3, Roots)), Details2}.
+
+%% Compute a summary of the rearranged process info
+collapse_processes(Processes) ->
+    Headers = lists:map(fun({_L, C, A, O, _R, _D}) -> {"SUMMARY", C, A, O} end,
+                        Processes),
+    [{Label, Cnt, Acc, Own}] = collapse_calls(Headers, []),
+    Details = lists:flatmap(fun({_L, _C, _A, _O, _R, D}) -> D end, Processes),
+    Details2 = do_collapse_processes(sort_details(1, Details), []),
+    Roots = lists:flatmap(fun({_L, _C, _A, _O, R, _D}) -> R end, Processes),
+    RootMFAs = lists:usort([MFA || {MFA, _, _, _} <- Roots]),
+    Roots2 = [R || RootMFA <- RootMFAs,
+                   {_, {MFA, _, _, _} = R, _} <- Details2,
+                   MFA =:= RootMFA],
+    Roots3 = collapse_calls(Roots2, []),
+    {Label, Cnt, Acc, Own, Roots3, Details2}.
+
+do_collapse_processes([{CalledBy1, {MFA, Cnt1, Acc1, Own1}, Calls1} | T1],
+                      [{CalledBy2, {MFA, Cnt2, Acc2, Own2}, Calls2} | T2]) ->
+    Cnt       = Cnt1 + Cnt2,
+    Acc       = Acc1 + Acc2,
+    Own       = Own1 + Own2,
+    Current   = {MFA, Cnt, Acc, Own},
+    CalledBy0 = CalledBy1 ++ CalledBy2,
+    Calls0    = Calls1 ++ Calls2,
+    CalledBy  = collapse_calls(lists:keysort(3, CalledBy0), []),
+    Calls     = collapse_calls(lists:keysort(3, Calls0), []),
+    do_collapse_processes(T1, [{CalledBy, Current, Calls} | T2]);
+do_collapse_processes([{CalledBy, Current, Calls} | T1],
+                      T2) ->
+    do_collapse_processes(T1, [{CalledBy, Current, Calls} | T2]);
+do_collapse_processes([],
+                      T2) ->
+    sort_details(3, T2).
+
+%% Reverse sort on acc field
+sort_details(Pos, Details) ->
+    Pivot = fun({_CalledBy1, Current1, _Calls1},
+                {_CalledBy2, Current2, _Calls2}) ->
+                    element(Pos, Current1) =< element(Pos, Current2)
+            end,
+    lists:reverse(lists:sort(Pivot, Details)).
+
+%% Compute a summary from a list of call tuples
+collapse_calls([{MFA, Cnt1, Acc1, Own1} | T1],
+               [{MFA, Cnt2, Acc2, Own2} | T2]) ->
+    Cnt = Cnt1 + Cnt2,
+    Acc = safe_sum(Acc1, Acc2),
+    Own = Own1 + Own2,
+    collapse_calls(T1, [{MFA, Cnt, Acc, Own} | T2]);
+collapse_calls([{MFA, Cnt, Acc, Own} | T1],
+               T2) ->
+    collapse_calls(T1, [{MFA, Cnt, Acc, Own} | T2]);
+collapse_calls([],
+              T2) ->
+    lists:reverse(lists:keysort(3, T2)).
+
+safe_sum(Int1, Int2) ->    
+    if
+        Int1 =:= undefined -> Int2;
+        Int2 =:= undefined -> Int1;
+        true               -> Int1 + Int2
+    end.
+
+safe_max(Int1, Int2) ->    
+    if
+        Int1 =:= undefined ->
+            io:format("111\n", []),
+            Int2;
+        Int2 =:= undefined ->
+            io:format("222\n", []),
+            Int1;
+        Int2 > Int1        -> Int2;
+        true               -> Int1
+    end.
+
+%% Compute a calltree and write it to file
+gen_calltree(Fd, Indent, TotalAcc, {Label, Cnt, Acc, Own, Roots, Details}, MinPercent) ->
+    Header =  {Label, Cnt, Acc, Own},
+    MetaLabel = "Process",
+    Diff = length(Label) - length(MetaLabel),
+    IoList = io_lib:format("~s~s Lvl  Pct        Cnt        Acc        Own Calls   => MFA\n",
+                           [MetaLabel, lists:duplicate(Diff, $\ )]),
+    file:write(Fd, IoList),
+    log(Fd, Label, Indent, TotalAcc, Header, Roots, MinPercent),
+    NewIndent = "  " ++ Indent,
+    Fun = fun({MFA, _C, _A, _O}) ->
+                  [put_detail(Label, D) || D <- Details],
+                  gen_calls(Fd, Label, NewIndent, TotalAcc, MFA, MinPercent)
+          end,
+    lists:foreach(Fun, Roots).
+
+gen_calls(Fd, Label, Indent, TotalAcc, MFA, MinPercent) ->
+    case get_detail(Label, MFA) of
+        {read, {_CalledBy,  Current, _Calls}} ->
+            log(Fd, Label, Indent, TotalAcc, Current, -1, MinPercent);
+        {unread, {_CalledBy, Current, Calls}} ->
+            log(Fd, Label, Indent, TotalAcc, Current, Calls, MinPercent),
+            NewIndent = "  " ++ Indent,
+            Fun = fun({NextMFA, _, _, _}) ->
+                          gen_calls(Fd, Label, NewIndent, TotalAcc,
+                                    NextMFA, MinPercent)
+                  end,
+            lists:foreach(Fun, Calls)
+    end.
+
+put_detail(Label, {_, {MFA, _, _, _}, _} = Detail) ->
+    put({Label, MFA}, {unread, Detail}).
+
+get_detail(Label, MFA) ->
+    Val = get({Label, MFA}),
+    case Val of
+        {unread, Detail} ->
+            put({Label, MFA}, {read, Detail}),
+            Val;
+        {read, _Detail} ->
+            Val
+    end.
+
+gen_details(Fd, Total, Details) ->
+    IoList = io_lib:format("Pct         Cnt        Acc        Own    MFA\n", []),
+    file:write(Fd, IoList),
+    do_gen_details(Fd, Total, Details).
+
+do_gen_details(Fd, Total, [{_CalledBy, {MFA, Cnt, Acc, Own}, _Calls} | Details]) ->
+    MFAStr = io_lib:format("~p", [MFA]),
+    {_, Percent} = calc_percent(Acc, Own, Total),
+    IoList = io_lib:format("~3.. B% ~10.3B ~10.3f ~10.3f => ~s\n",
+                           [Percent, Cnt, Acc, Own, MFAStr]),
+    file:write(Fd, IoList),
+    do_gen_details(Fd, Total, Details);
+do_gen_details(_Fd, _Total, []) ->
+    ok.
+
+log(Fd, Label, Indent, Acc, Current, Calls, MinPercent) when is_list(Calls) ->
+    log(Fd, Label, Indent, Acc, Current, length(Calls), MinPercent);
+log(Fd, Label, Indent, Total, {MFA, Cnt, Acc, Own}, N, MinPercent) ->
+    {Max, Percent} = calc_percent(Acc, Own, Total),
+    if
+        Percent >= MinPercent ->
+            do_log(Fd, Label, Indent, Percent, MFA, Cnt, Max, Own, N);
+        true ->
+            ok
     end.
 
-find(Key, [{_, {Key, _, _, _}, _} = H | _]) ->
-    H;
-find(Key, [{_, {_, _, _, _}, _} | T]) ->
-    find(Key, T).
-
-log(Fd, Indent, Total, {Label, Cnt, Acc, Own}) ->
-    Percent = case Acc of
-		  undefined -> 100;
-		  _         -> trunc((lists:max([Acc, Own]) * 100) / Total)
-	      end,
-    Label2 = io_lib:format("~p", [Label]),
-    IoList = io_lib:format("~s~p%    ~s \t~p \t~p \t~p\n",
-			   [Indent, Percent, Label2, Cnt, trunc(Acc), trunc(Own)]),
+do_log(Fd, Label, Indent, Percent, MFA, Cnt, Acc, Own, N) ->
+    MFAStr = io_lib:format("~p", [MFA]),
+    CallsStr = io_lib:format(" ~5.. s ", [lists:concat([N])]),
+    IoList = io_lib:format("~s ~3.. B "
+                           "~s~3.. B% ~10.. B ~10.. B ~10.. B ~s => ~s\n",
+                           [Label, length(Indent) div 2,
+                            Indent, Percent, Cnt,
+                            round(Acc), round(Own), CallsStr, MFAStr]),
     file:write(Fd, IoList).
 
+calc_percent(Acc, Own, Total) ->
+    Max = safe_max(Acc, Own),
+    {Max, round((Max * 100) / Total)}.
diff --git a/lib/megaco/test/megaco_test_lib.erl b/lib/megaco/test/megaco_test_lib.erl
index 41f6c2c4cb..282fd91b44 100644
--- a/lib/megaco/test/megaco_test_lib.erl
+++ b/lib/megaco/test/megaco_test_lib.erl
@@ -21,6 +21,7 @@
 %%----------------------------------------------------------------------
 %% Purpose: Lightweight test server
 %%----------------------------------------------------------------------
+%%
 
 -module(megaco_test_lib).
 
@@ -684,7 +685,7 @@ skip(Actual, File, Line) ->
 
 fatal_skip(Actual, File, Line) ->
     error(Actual, File, Line),
-    exit(shutdown).
+    exit({skipped, {fatal, Actual, File, Line}}).
 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -749,6 +750,7 @@ proxy_loop(OwnId, Controller) ->
 	    proxy_loop(OwnId, Controller)
     end.
 
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Test server callbacks
 init_per_testcase(_Case, Config) ->
@@ -852,10 +854,10 @@ watchdog(Pid, Time) ->
 prepare_test_case(Actions, N, Config, File, Line) ->
     OrigNodes = lookup_config(nodes, Config),
     TestNodes = lookup_config(nodenames, Config), %% For testserver
-    This = node(),
+    This      = node(),
     SomeNodes = OrigNodes ++ (TestNodes -- OrigNodes),
-    AllNodes = [This | (SomeNodes -- [This])],
-    Nodes = pick_n_nodes(N, AllNodes, File, Line),
+    AllNodes  = [This | (SomeNodes -- [This])],
+    Nodes     = pick_n_nodes(N, AllNodes, File, Line),
     start_nodes(Nodes, File, Line),
     do_prepare_test_case(Actions, Nodes, Config, File, Line).
 
diff --git a/lib/megaco/vsn.mk b/lib/megaco/vsn.mk
index c1476488ca..bb6f5f554a 100644
--- a/lib/megaco/vsn.mk
+++ b/lib/megaco/vsn.mk
@@ -18,6 +18,6 @@
 # %CopyrightEnd%
 
 APPLICATION = megaco
-MEGACO_VSN  = 3.15.1.1
+MEGACO_VSN  = 3.16
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(MEGACO_VSN)$(PRE_VSN)"
diff --git a/lib/mnesia/doc/src/Makefile b/lib/mnesia/doc/src/Makefile
index f45b5137a3..1ac5760510 100644
--- a/lib/mnesia/doc/src/Makefile
+++ b/lib/mnesia/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -29,14 +29,6 @@ VSN=$(MNESIA_VSN)
 APPLICATION=mnesia
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -105,31 +97,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else 
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-TOP_PS_FILE  = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif 
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -142,8 +113,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT 
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -158,33 +127,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES)
-
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -199,8 +141,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -211,30 +151,4 @@ release_docs_spec: docs
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-endif
-endif
-
-endif
-
-
 release_spec:
-
diff --git a/lib/mnesia/doc/src/make.dep b/lib/mnesia/doc/src/make.dep
deleted file mode 100644
index 6e79484cb3..0000000000
--- a/lib/mnesia/doc/src/make.dep
+++ /dev/null
@@ -1,46 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: Mnesia_App_A.tex Mnesia_App_B.tex Mnesia_App_C.tex \
-		Mnesia_App_D.tex Mnesia_chap1.tex Mnesia_chap2.tex \
-		Mnesia_chap3.tex Mnesia_chap4.tex Mnesia_chap5.tex \
-		Mnesia_chap7.tex Mnesia_chap8.tex book.tex \
-		mnesia.tex mnesia_frag_hash.tex mnesia_registry.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-Mnesia_App_B.tex: ../../src/mnesia_backup.erl
-
-Mnesia_App_C.tex: ../../src/mnesia_frag.erl
-
-Mnesia_App_D.tex: ../../src/mnesia_frag_hash.erl
-
-Mnesia_chap2.tex: company.erl company.hrl
-
-Mnesia_chap3.tex: company.erl
-
-Mnesia_chap4.tex: company.erl
-
-Mnesia_chap5.tex: FRUITS company.erl company_o.erl company_o.hrl
-
-Mnesia_chap7.tex: bup.erl
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: company.ps
-
diff --git a/lib/mnesia/doc/src/mnesia.xml b/lib/mnesia/doc/src/mnesia.xml
index 19ec70118f..20133cb6cb 100644
--- a/lib/mnesia/doc/src/mnesia.xml
+++ b/lib/mnesia/doc/src/mnesia.xml
@@ -813,6 +813,21 @@ mnesia:change_table_copy_type(person, node(), disc_copies)
               </p>
           </item>
           <item>
+            <p><c>{storage_properties, [{Backend, Properties}]</c>.
+	    Forwards additional properties to the backend storage.
+	    <c>Backend</c> can currently be <c>ets</c> or <c>dets</c> and
+	    <c>Properties</c> is a list of options sent to the backend storage
+	    during table creation. <c>Properties</c> may not contain properties
+	    already used by mnesia such as <c>type</c> or <c>named_table</c>.
+	    </p>
+	    <p>For example:</p>
+	    <code type="none">
+mnesia:create_table(table, [{ram_copies, [node()]}, {disc_only_copies, nodes()},
+			    {storage_properties,
+			     [{ets, [compressed]}, {dets, [{auto_save, 5000}]} ]}])
+	    </code>
+          </item>
+          <item>
             <p><c>{type, Type}</c>, where <c>Type</c> must be
               either of the atoms <c>set</c>, <c>ordered_set</c> or
               <c>bag</c>. The default value is <c>set</c>. In a
diff --git a/lib/mnesia/doc/src/notes.xml b/lib/mnesia/doc/src/notes.xml
index 1bb80f8fe3..a300fcc12d 100644
--- a/lib/mnesia/doc/src/notes.xml
+++ b/lib/mnesia/doc/src/notes.xml
@@ -38,7 +38,61 @@
     thus constitutes one section in this document. The title of each
     section is the version number of Mnesia.</p>
 
-  <section><title>Mnesia 4.5.1</title>
+  <section><title>Mnesia 4.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Reduce calls to phash in key_to_frag_number</p>
+          <p>
+	    Original code calls phash 1..2 times, based on which
+	    fragment the hashed key targets and how many fragments
+	    exist. New code always calls phash only once.</p>
+          <p>
+	    Add mnesia_frag_hash test (Thanks to Philip Robinson)</p>
+          <p>
+	    Own Id: OTP-9722</p>
+        </item>
+        <item>
+          <p>
+	    Fixed a sticky lock bug which caused mnesia:read(Tab,
+	    Key, write) return undefined.</p>
+          <p>
+	    Own Id: OTP-9786</p>
+        </item>
+        <item>
+          <p>
+	    Use the synchronous log_terms instead of alog_terms in
+	    mnesia_log:ets2dcd()</p>
+          <p>
+	    This avoids the situation where mnesia could dump a very
+	    large ets table in its entirety into the message queue of
+	    the disk_log process, causing memory blowup and choking
+	    the disk logger. (Thanks to Richard Carlsson)</p>
+          <p>
+	    Own Id: OTP-9804</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Implemented a new option to mnesia:create_table/2 which
+	    allows the user to assign 'ets' and 'dets' options not
+	    available in mnesia.</p>
+          <p>
+	    Own Id: OTP-8970</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Mnesia 4.5.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/mnesia/src/mnesia.appup.src b/lib/mnesia/src/mnesia.appup.src
index e0954ad206..304a15242f 100644
--- a/lib/mnesia/src/mnesia.appup.src
+++ b/lib/mnesia/src/mnesia.appup.src
@@ -1,14 +1,16 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
-  {"4.5", [{restart_application, mnesia}]},
+  {"4.5.1",  [{restart_application, mnesia}]},
+  {"4.5",    [{restart_application, mnesia}]},
   {"4.4.19", [{restart_application, mnesia}]},
   {"4.4.18", [{restart_application, mnesia}]},
   {"4.4.17", [{restart_application, mnesia}]},
   {"4.4.16", [{restart_application, mnesia}]}
  ],
  [
-  {"4.5", [{restart_application, mnesia}]},
+  {"4.5.1",  [{restart_application, mnesia}]},
+  {"4.5",    [{restart_application, mnesia}]},
   {"4.4.19", [{restart_application, mnesia}]},
   {"4.4.18", [{restart_application, mnesia}]},
   {"4.4.17", [{restart_application, mnesia}]},
diff --git a/lib/mnesia/src/mnesia.erl b/lib/mnesia/src/mnesia.erl
index 980a9c6213..3d30debc53 100644
--- a/lib/mnesia/src/mnesia.erl
+++ b/lib/mnesia/src/mnesia.erl
@@ -27,7 +27,7 @@
 	 %% Start, stop and debugging
 	 start/0, start/1, stop/0,           % Not for public use
 	 set_debug_level/1, lkill/0, kill/0, % Not for public use
-	 ms/0, 
+	 ms/0,
 	 change_config/2,
 
 	 %% Activity mgt
@@ -40,14 +40,14 @@
 	 %% Access within an activity - Lock acquisition
 	 lock/2, lock/4,
 	 lock_table/2,
-	 read_lock_table/1, 
+	 read_lock_table/1,
 	 write_lock_table/1,
 
 	 %% Access within an activity - Updates
-	 write/1, s_write/1, write/3, write/5, 
-	 delete/1, s_delete/1, delete/3, delete/5, 
-	 delete_object/1, s_delete_object/1, delete_object/3, delete_object/5, 
-	 
+	 write/1, s_write/1, write/3, write/5,
+	 delete/1, s_delete/1, delete/3, delete/5,
+	 delete_object/1, s_delete_object/1, delete_object/3, delete_object/5,
+
 	 %% Access within an activity - Reads
 	 read/1, read/2, wread/1, read/3, read/5,
 	 match_object/1, match_object/3, match_object/5,
@@ -58,9 +58,9 @@
 	 first/1, next/2, last/1, prev/2,
 	 first/3, next/4, last/3, prev/4,
 
-	 %% Iterators within an activity 
+	 %% Iterators within an activity
 	 foldl/3, foldl/4, foldr/3, foldr/4,
-	 
+
 	 %% Dirty access regardless of activities - Updates
 	 dirty_write/1, dirty_write/2,
 	 dirty_delete/1, dirty_delete/2,
@@ -72,8 +72,8 @@
 	 dirty_select/2,
 	 dirty_match_object/1, dirty_match_object/2, dirty_all_keys/1,
 	 dirty_index_match_object/2, dirty_index_match_object/3,
-	 dirty_index_read/3, dirty_slot/2, 
-	 dirty_first/1, dirty_next/2, dirty_last/1, dirty_prev/2, 
+	 dirty_index_read/3, dirty_slot/2,
+	 dirty_first/1, dirty_next/2, dirty_last/1, dirty_prev/2,
 
 	 %% Info
 	 table_info/2, table_info/4, schema/0, schema/1,
@@ -102,7 +102,7 @@
 	 dump_tables/1, wait_for_tables/2, force_load_table/1,
 	 change_table_access_mode/2, change_table_load_order/2,
 	 set_master_nodes/1, set_master_nodes/2,
-	 
+
 	 %% Misc admin
 	 dump_log/0, subscribe/1, unsubscribe/1, report_event/1,
 
@@ -112,7 +112,7 @@
 
 	 %% Textfile access
 	 load_textfile/1, dump_to_textfile/1,
-	 
+
 	 %% QLC functions
 	 table/1, table/2,
 
@@ -137,20 +137,20 @@
 
 -define(DEFAULT_ACCESS, ?MODULE).
 
-%% Select 
+%% Select
 -define(PATTERN_TO_OBJECT_MATCH_SPEC(Pat), [{Pat,[],['$_']}]).
 -define(PATTERN_TO_BINDINGS_MATCH_SPEC(Pat), [{Pat,[],['$$']}]).
-   
+
 %% Local function in order to avoid external function call
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
 	Value -> Value
     end.
 
 is_dollar_digits(Var) ->
     case atom_to_list(Var) of
-	[$$ | Digs] -> 
+	[$$ | Digs] ->
 	    is_digits(Digs);
 	_ ->
 	    false
@@ -166,13 +166,13 @@ is_digits([Dig | Tail]) ->
 is_digits([]) ->
     true.
 
-has_var(X) when is_atom(X) -> 
-    if 
-	X == '_' -> 
+has_var(X) when is_atom(X) ->
+    if
+	X == '_' ->
 	    true;
-	is_atom(X) -> 
+	is_atom(X) ->
 	    is_dollar_digits(X);
-	true  -> 
+	true  ->
 	    false
     end;
 has_var(X) when is_tuple(X) ->
@@ -196,9 +196,9 @@ e_has_var(X, Pos) ->
 
 start() ->
     {Time , Res} =  timer:tc(application, start, [?APPLICATION, temporary]),
-    
+
     Secs = Time div 1000000,
-    case Res of 
+    case Res of
 	ok ->
 	    verbose("Mnesia started, ~p seconds~n",[ Secs]),
 	    ok;
@@ -243,10 +243,10 @@ change_config(extra_db_nodes, Ns) when is_list(Ns) ->
     mnesia_controller:connect_nodes(Ns);
 change_config(dc_dump_limit, N) when is_number(N), N > 0 ->
     case mnesia_lib:is_running() of
-	yes ->  
+	yes ->
 	    mnesia_lib:set(dc_dump_limit, N),
 	    {ok, N};
-	_ -> 
+	_ ->
 	    {error, {not_started, ?APPLICATION}}
     end;
 change_config(BadKey, _BadVal) ->
@@ -255,7 +255,7 @@ change_config(BadKey, _BadVal) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Debugging
 
-set_debug_level(Level) -> 
+set_debug_level(Level) ->
     mnesia_subscr:set_debug_level(Level).
 
 lkill() ->
@@ -274,9 +274,9 @@ ms() ->
      mnesia_controller,
      mnesia_dumper,
      mnesia_loader,
-     mnesia_frag, 
-     mnesia_frag_hash, 
-     mnesia_frag_old_hash, 
+     mnesia_frag,
+     mnesia_frag_hash,
+     mnesia_frag_old_hash,
      mnesia_index,
      mnesia_kernel_sup,
      mnesia_late_loader,
@@ -295,9 +295,9 @@ ms() ->
 
      %% Keep these last in the list, so
      %% mnesia_sup kills these last
-     mnesia_monitor, 
+     mnesia_monitor,
      mnesia_event
-    ]. 
+    ].
 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -305,7 +305,7 @@ ms() ->
 
 -spec abort(_) -> no_return().
 
-abort(Reason) -> 
+abort(Reason) ->
     exit({aborted, Reason}).
 
 is_transaction() ->
@@ -339,7 +339,7 @@ sync_transaction(Fun, Args, Retries) ->
     transaction(get(mnesia_activity_state), Fun, Args, Retries, ?DEFAULT_ACCESS, sync).
 
 
-transaction(State, Fun, Args, Retries, Mod, Kind) 
+transaction(State, Fun, Args, Retries, Mod, Kind)
   when is_function(Fun), is_list(Args), Retries == infinity, is_atom(Mod) ->
     mnesia_tm:transaction(State, Fun, Args, Retries, Mod, Kind);
 transaction(State, Fun, Args, Retries, Mod, Kind)
@@ -348,7 +348,7 @@ transaction(State, Fun, Args, Retries, Mod, Kind)
 transaction(_State, Fun, Args, Retries, Mod, _Kind) ->
     {aborted, {badarg, Fun, Args, Retries, Mod}}.
 
-non_transaction(State, Fun, Args, ActivityKind, Mod) 
+non_transaction(State, Fun, Args, ActivityKind, Mod)
   when is_function(Fun), is_list(Args), is_atom(Mod) ->
     mnesia_tm:non_transaction(State, Fun, Args, ActivityKind, Mod);
 non_transaction(_State, Fun, Args, _ActivityKind, _Mod) ->
@@ -394,7 +394,7 @@ wrap_trans(State, Fun, Args, Retries, Mod, Kind) ->
 	{atomic, GoodRes} -> GoodRes;
 	BadRes -> exit(BadRes)
     end.
-	     
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Access within an activity - lock acquisition
 
@@ -507,13 +507,13 @@ good_global_nodes(Nodes) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Access within an activity - updates
 
-write(Val) when is_tuple(Val), tuple_size(Val) > 2 -> 
+write(Val) when is_tuple(Val), tuple_size(Val) > 2 ->
     Tab = element(1, Val),
     write(Tab, Val, write);
 write(Val) ->
     abort({bad_type, Val}).
 
-s_write(Val) when is_tuple(Val), tuple_size(Val) > 2 -> 
+s_write(Val) when is_tuple(Val), tuple_size(Val) > 2 ->
     Tab = element(1, Val),
     write(Tab, Val, sticky_write).
 
@@ -561,7 +561,7 @@ write_to_store(Tab, Store, Oid, Val) ->
 		_  ->
 		    ?ets_delete(Store, Oid),
 		    ?ets_insert(Store, {Oid, Val, write})
-	    end, 
+	    end,
 	    ok;
 	{'EXIT', _} ->
 	    abort({no_exists, Tab});
@@ -611,7 +611,7 @@ delete(Tid, Ts, Tab, Key, LockKind)
 	      ok;
 	Protocol ->
 	      do_dirty_delete(Protocol, Tab, Key)
-    end; 
+    end;
 delete(_Tid, _Ts, Tab, _Key, _LockKind) ->
     abort({bad_type, Tab}).
 
@@ -640,7 +640,7 @@ delete_object(Tab, Val, LockKind) ->
 delete_object(Tid, Ts, Tab, Val, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Val), tuple_size(Val) > 2 ->
     case has_var(Val) of
-	false -> 
+	false ->
 	    do_delete_object(Tid, Ts, Tab, Val, LockKind);
 	true ->
 	    abort({bad_type, Tab, Val})
@@ -665,7 +665,7 @@ do_delete_object(Tid, Ts, Tab, Val, LockKind) ->
 		      abort({bad_type, Tab, LockKind})
 	      end,
 	      case val({Tab, setorbag}) of
-		  bag -> 
+		  bag ->
 		      ?ets_match_delete(Store, {Oid, Val, '_'}),
 		      ?ets_insert(Store, {Oid, Val, delete_object});
 		  _ ->
@@ -731,7 +731,7 @@ read(Tid, Ts, Tab, Key, LockKind)
 	    add_written(?ets_lookup(Store, Oid), Tab, Objs);
 	_Protocol ->
 	    dirty_read(Tab, Key)
-    end; 
+    end;
 read(_Tid, _Ts, Tab, _Key, _LockKind) ->
     abort({bad_type, Tab}).
 
@@ -744,7 +744,7 @@ first(Tab) ->
 	_ ->
 	    abort(no_transaction)
     end.
-    
+
 first(Tid, Ts, Tab)
   when is_atom(Tab), Tab /= schema ->
     case element(1, Tid) of
@@ -845,9 +845,9 @@ prev(_Tid, _Ts,Tab,_) ->
 stored_keys(Tab,'$end_of_table',Prev,Ts,Op,Type) ->
     case ts_keys(Ts#tidstore.store,Tab,Op,Type,[]) of
 	[] -> '$end_of_table';
-	Keys when Type == ordered_set-> 
+	Keys when Type == ordered_set->
 	    get_ordered_tskey(Prev,Keys,Op);
-	Keys -> 
+	Keys ->
 	    get_next_tskey(Prev,Keys,Tab)
     end;
 stored_keys(Tab,{'EXIT',{aborted,R={badarg,[Tab,Key]}}},
@@ -858,7 +858,7 @@ stored_keys(Tab,{'EXIT',{aborted,R={badarg,[Tab,Key]}}},
 	Ops ->
 	    case lists:last(Ops) of
 		[delete] -> abort(R);
-		_ -> 
+		_ ->
 		    case ts_keys(Store,Tab,Op,Type,[]) of
 			[] -> '$end_of_table';
 			Keys -> get_next_tskey(Key,Keys,Tab)
@@ -869,14 +869,14 @@ stored_keys(_,{'EXIT',{aborted,R}},_,_,_,_) ->
     abort(R);
 stored_keys(Tab,Key,Prev,#tidstore{store=Store},Op,ordered_set) ->
     case ?ets_match(Store, {{Tab, Key}, '_', '$1'}) of
-	[] -> 
+	[] ->
 	    Keys = ts_keys(Store,Tab,Op,ordered_set,[Key]),
 	    get_ordered_tskey(Prev,Keys,Op);
  	Ops ->
 	    case lists:last(Ops) of
 		[delete] ->
 	 	    mnesia:Op(Tab,Key);
-		_ -> 
+		_ ->
 		    Keys = ts_keys(Store,Tab,Op,ordered_set,[Key]),
 		    get_ordered_tskey(Prev,Keys,Op)
 	    end
@@ -898,7 +898,7 @@ get_ordered_tskey(Prev, [_|R],Op) ->  get_ordered_tskey(Prev,R,Op);
 get_ordered_tskey(_, [],_) ->    '$end_of_table'.
 
 get_next_tskey(Key,Keys,Tab) ->
-    Next = 
+    Next =
 	if Key == '$end_of_table' -> hd(Keys);
 	   true ->
 		case lists:dropwhile(fun(A) -> A /= Key end, Keys) of
@@ -912,7 +912,7 @@ get_next_tskey(Key,Keys,Tab) ->
 	_ -> %% Really slow anybody got another solution??
 	    case dirty_read(Tab, Next) of
 		[] -> Next;
-		_ ->  
+		_ ->
 		    %% Updated value we already returned this key
 		    get_next_tskey(Next,Keys,Tab)
 	    end
@@ -921,7 +921,7 @@ get_next_tskey(Key,Keys,Tab) ->
 ts_keys(Store, Tab, Op, Type, Def) ->
     All = ?ets_match(Store, {{Tab,'$1'},'_','$2'}),
     Keys = ts_keys_1(All, Def),
-    if 
+    if
 	Type == ordered_set, Op == prev ->
 	    lists:reverse(lists:sort(Keys));
 	Type == ordered_set ->
@@ -947,7 +947,7 @@ ts_keys_1([], Acc) ->
 
 
 %%%%%%%%%%%%%%%%%%%%%
-%% Iterators 
+%% Iterators
 
 foldl(Fun, Acc, Tab) ->
     foldl(Fun, Acc, Tab, read).
@@ -968,7 +968,7 @@ foldl(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     close_iteration(Res, Tab).
 
 do_foldl(A, O, Tab, '$end_of_table', Fun, RAcc, _Type, Stored) ->
-    lists:foldl(fun(Key, Acc) -> 
+    lists:foldl(fun(Key, Acc) ->
 			lists:foldl(Fun, Acc, read(A, O, Tab, Key, read))
 		end, RAcc, Stored);
 do_foldl(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H == Key ->
@@ -983,7 +983,7 @@ do_foldl(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H > Key ->
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     {_, Tid, Ts} = get(mnesia_activity_state),
     do_foldl(Tid, Ts, Tab, dirty_next(Tab, Key), Fun, NewAcc, ordered_set, [H |Stored]);
-do_foldl(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag 
+do_foldl(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     NewStored = ordsets:del_element(Key, Stored),
     {_, Tid, Ts} = get(mnesia_activity_state),
@@ -1003,8 +1003,8 @@ foldr(Fun, Acc, Tab, LockKind) when is_function(Fun) ->
 
 foldr(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     {Type, TempPrev} = init_iteration(ActivityId, Opaque, Tab, LockKind),
-    Prev = 
-	if 
+    Prev =
+	if
 	    Type == ordered_set ->
 		lists:reverse(TempPrev);
 	    true ->      %% Order doesn't matter for set and bag
@@ -1014,7 +1014,7 @@ foldr(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     close_iteration(Res, Tab).
 
 do_foldr(A, O, Tab, '$end_of_table', Fun, RAcc, _Type, Stored) ->
-    lists:foldl(fun(Key, Acc) -> 
+    lists:foldl(fun(Key, Acc) ->
 			lists:foldl(Fun, Acc, read(A, O, Tab, Key, read))
 		end, RAcc, Stored);
 do_foldr(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H == Key ->
@@ -1029,7 +1029,7 @@ do_foldr(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H < Key ->
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     {_, Tid, Ts} = get(mnesia_activity_state),
     do_foldr(Tid, Ts, Tab, dirty_prev(Tab, Key), Fun, NewAcc, ordered_set, [H |Stored]);
-do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag 
+do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     NewStored = ordsets:del_element(Key, Stored),
     {_, Tid, Ts} = get(mnesia_activity_state),
@@ -1037,25 +1037,25 @@ do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
 
 init_iteration(ActivityId, Opaque, Tab, LockKind) ->
     lock(ActivityId, Opaque, {table, Tab}, LockKind),
-    Type = val({Tab, setorbag}),    
+    Type = val({Tab, setorbag}),
     Previous = add_previous(ActivityId, Opaque, Type, Tab),
     St = val({Tab, storage_type}),
-    if 
-	St == unknown -> 
+    if
+	St == unknown ->
 	    ignore;
 	true ->
 	    mnesia_lib:db_fixtable(St, Tab, true)
-    end, 
+    end,
     {Type, Previous}.
 
 close_iteration(Res, Tab) ->
     case val({Tab, storage_type}) of
-	unknown -> 
+	unknown ->
 	    ignore;
-	St -> 
+	St ->
 	    mnesia_lib:db_fixtable(St, Tab, false)
     end,
-    case Res of 
+    case Res of
 	{'EXIT', {aborted, What}} ->
 	   abort(What);
 	{'EXIT', What} ->
@@ -1074,7 +1074,7 @@ add_previous(_Tid, Ts, _Type, Tab) ->
 %% it is correct with respect to what this particular transaction
 %% has already written, deleted .... etc
 
-add_written([], _Tab, Objs) -> 
+add_written([], _Tab, Objs) ->
     Objs;  % standard normal fast case
 add_written(Written, Tab, Objs) ->
     case val({Tab, setorbag}) of
@@ -1093,7 +1093,7 @@ add_written_to_set(Ws) ->
 
 add_written_to_bag([{_, Val, write} | Tail], Objs, Ack) ->
     add_written_to_bag(Tail, lists:delete(Val, Objs), [Val | Ack]);
-add_written_to_bag([], Objs, Ack) -> 
+add_written_to_bag([], Objs, Ack) ->
     Objs ++ lists:reverse(Ack); %% Oldest write first as in ets
 add_written_to_bag([{_, _ , delete} | Tail], _Objs, _Ack) ->
     %% This transaction just deleted all objects
@@ -1118,7 +1118,7 @@ match_object(Tab, Pat, LockKind) ->
 	    abort(no_transaction)
     end.
 
-match_object(Tid, Ts, Tab, Pat, LockKind) 
+match_object(Tid, Ts, Tab, Pat, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case element(1, Tid) of
 	ets ->
@@ -1142,11 +1142,11 @@ add_written_match(S, Pat, Tab, Objs) ->
     add_match(Ops, Objs, val({Tab, setorbag})).
 
 find_ops(S, Tab, Pat) ->
-    GetWritten = [{{{Tab, '_'}, Pat, write}, [], ['$_']}, 
+    GetWritten = [{{{Tab, '_'}, Pat, write}, [], ['$_']},
 		  {{{Tab, '_'}, '_', delete}, [], ['$_']},
 		  {{{Tab, '_'}, Pat, delete_object}, [], ['$_']}],
     ets:select(S, GetWritten).
-    
+
 add_match([], Objs, _Type) ->
     Objs;
 add_match(Written, Objs, ordered_set) ->
@@ -1162,13 +1162,13 @@ add_match([{Oid, Val, write}|R], Objs, set) ->
     add_match(R, [Val | deloid(Oid,Objs)],set).
 
 %% For ordered_set only !!
-add_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs], Acc) 
+add_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs], Acc)
   when Key > element(2, Obj) ->
     add_ordered_match(Written, Objs, [Obj|Acc]);
-add_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_], Acc) 
+add_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_ordered_match(Rest, [Val|Objs],Acc);
-add_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc) 
+add_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_ordered_match(Rest,Objs,Acc);
 %% Greater than last object
@@ -1176,7 +1176,7 @@ add_ordered_match([{_, Val, write}|Rest], [], Acc) ->
     add_ordered_match(Rest, [Val], Acc);
 add_ordered_match([_|Rest], [], Acc) ->
     add_ordered_match(Rest, [], Acc);
-%% Keys are equal from here 
+%% Keys are equal from here
 add_ordered_match([{_, Val, write}|Rest], [_Obj|Objs], Acc) ->
     add_ordered_match(Rest, [Val|Objs], Acc);
 add_ordered_match([{_, _Val, delete}|Rest], [_Obj|Objs], Acc) ->
@@ -1207,7 +1207,7 @@ add_sel_match([Op={Oid, _, delete}|R], Objs, Type, Acc) ->
     end;
 add_sel_match([Op = {_Oid, Val, delete_object}|R], Objs, Type, Acc) ->
     case lists:delete(Val, Objs) of
-	Objs -> 
+	Objs ->
 	    add_sel_match(R, Objs, Type, [Op|Acc]);
 	NewObjs when Type == set ->
 	    add_sel_match(R, NewObjs, Type, Acc);
@@ -1224,26 +1224,26 @@ add_sel_match([Op={Oid={_,Key}, Val, write}|R], Objs, bag, Acc) ->
     end;
 add_sel_match([Op={Oid, Val, write}|R], Objs, set, Acc) ->
     case deloid(Oid,Objs) of
-	Objs -> 
+	Objs ->
 	    add_sel_match(R, Objs,set, [Op|Acc]);
 	NewObjs ->
 	    add_sel_match(R, [Val | NewObjs],set, Acc)
     end.
 
 %% For ordered_set only !!
-add_sel_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs],Acc) 
+add_sel_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs],Acc)
   when Key > element(2, Obj) ->
     add_sel_ordered_match(Written, Objs, [Obj|Acc]);
-add_sel_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_],Acc) 
+add_sel_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_],Acc)
   when Key < element(2, Obj) ->
     add_sel_ordered_match(Rest,[Val|Objs],Acc);
-add_sel_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc) 
+add_sel_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_sel_ordered_match(Rest,Objs,Acc);
 %% Greater than last object
 add_sel_ordered_match(Ops1, [], Acc) ->
     {lists:reverse(Acc), Ops1};
-%% Keys are equal from here 
+%% Keys are equal from here
 add_sel_ordered_match([{_, Val, write}|Rest], [_Obj|Objs], Acc) ->
     add_sel_ordered_match(Rest, [Val|Objs], Acc);
 add_sel_ordered_match([{_, _Val, delete}|Rest], [_Obj|Objs], Acc) ->
@@ -1264,11 +1264,11 @@ deloid(Oid, [H | T]) ->
     [H | deloid(Oid, T)].
 
 %%%%%%%%%%%%%%%%%%
-% select 
+% select
 
 select(Tab, Pat) ->
     select(Tab, Pat, read).
-select(Tab, Pat, LockKind) 
+select(Tab, Pat, LockKind)
   when is_atom(Tab), Tab /= schema, is_list(Pat) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts} ->
@@ -1293,13 +1293,13 @@ fun_select(Tid, Ts, Tab, Spec, LockKind, TabPat, SelectFun) ->
 	    select_lock(Tid,Ts,LockKind,Spec,Tab),
 	    Store = Ts#tidstore.store,
 	    Written = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),
-	    case Written of 
-		[] ->  
+	    case Written of
+		[] ->
 		    %% Nothing changed in the table during this transaction,
 		    %% Simple case get results from [d]ets
 		    SelectFun(Spec);
-		_ ->   
-		    %% Hard (slow case) records added or deleted earlier 
+		_ ->
+		    %% Hard (slow case) records added or deleted earlier
 		    %% in the transaction, have to cope with that.
 		    Type = val({Tab, setorbag}),
 		    FixedSpec = get_record_pattern(Spec),
@@ -1326,7 +1326,7 @@ select_lock(Tid,Ts,LockKind,Spec,Tab) ->
     end.
 
 %% Breakable Select
-select(Tab, Pat, NObjects, LockKind) 
+select(Tab, Pat, NObjects, LockKind)
   when is_atom(Tab), Tab /= schema, is_list(Pat), is_integer(NObjects) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts} ->
@@ -1356,26 +1356,26 @@ fun_select(Tid, Ts, Tab, Spec, LockKind, TabPat, Init, NObjects, Node, Storage)
 	    select_lock(Tid,Ts,LockKind,Spec,Tab),
 	    Store = Ts#tidstore.store,
 	    do_fixtable(Tab, Store),
-	    
-	    Written0 = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),	    
-	    case Written0 of 
-		[] ->  
+
+	    Written0 = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),
+	    case Written0 of
+		[] ->
 		    %% Nothing changed in the table during this transaction,
 		    %% Simple case get results from [d]ets
 		    select_state(Init(Spec),Def);
-		_ ->   
-		    %% Hard (slow case) records added or deleted earlier 
+		_ ->
+		    %% Hard (slow case) records added or deleted earlier
 		    %% in the transaction, have to cope with that.
 		    Type = val({Tab, setorbag}),
-		    Written = 
+		    Written =
 			if Type == ordered_set -> %% Sort stable
 				lists:keysort(1,Written0);
-			   true -> 
+			   true ->
 				Written0
 			end,
 		    FixedSpec = get_record_pattern(Spec),
 		    CMS = ets:match_spec_compile(Spec),
-		    trans_select(Init(FixedSpec), 
+		    trans_select(Init(FixedSpec),
 				 Def#mnesia_select{written=Written,spec=CMS,type=Type, orig=FixedSpec})
 	    end;
 	_Protocol ->
@@ -1394,7 +1394,7 @@ select(Cont) ->
 
 select_cont(_Tid,_Ts,'$end_of_table') ->
     '$end_of_table';
-select_cont(Tid,_Ts,State=#mnesia_select{tid=Tid,cont=Cont, orig=Ms}) 
+select_cont(Tid,_Ts,State=#mnesia_select{tid=Tid,cont=Cont, orig=Ms})
   when element(1,Tid) == ets ->
     case Cont of
 	'$end_of_table' -> '$end_of_table';
@@ -1415,7 +1415,7 @@ trans_select('$end_of_table', #mnesia_select{written=Written0,spec=CMS,type=Type
 trans_select({TabRecs,Cont}, State = #mnesia_select{written=Written0,spec=CMS,type=Type}) ->
     {FixedRes,Written} = add_sel_match(Written0, TabRecs, Type),
     select_state({ets:match_spec_run(FixedRes, CMS),Cont},
-		 State#mnesia_select{written=Written}). 
+		 State#mnesia_select{written=Written}).
 
 select_state({Matches, Cont}, MS) ->
     {Matches, MS#mnesia_select{cont=Cont}};
@@ -1433,9 +1433,9 @@ all_keys(Tab) ->
 	    Mod:all_keys(Tid, Ts, Tab, read);
 	_ ->
 	    abort(no_transaction)
-    end. 
+    end.
 
-all_keys(Tid, Ts, Tab, LockKind) 
+all_keys(Tid, Ts, Tab, LockKind)
   when is_atom(Tab), Tab /= schema ->
     Pat0 = val({Tab, wild_pattern}),
     Pat = setelement(2, Pat0, '$1'),
@@ -1446,7 +1446,7 @@ all_keys(Tid, Ts, Tab, LockKind)
 	_ ->
 	    Keys
     end;
-all_keys(_Tid, _Ts, Tab, _LockKind) ->    
+all_keys(_Tid, _Ts, Tab, _LockKind) ->
     abort({bad_type, Tab}).
 
 index_match_object(Pat, Attr) when is_tuple(Pat), tuple_size(Pat) > 2 ->
@@ -1465,7 +1465,7 @@ index_match_object(Tab, Pat, Attr, LockKind) ->
 	    abort(no_transaction)
     end.
 
-index_match_object(Tid, Ts, Tab, Pat, Attr, LockKind) 
+index_match_object(Tid, Ts, Tab, Pat, Attr, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case element(1, Tid) of
 	ets ->
@@ -1501,7 +1501,7 @@ index_read(Tab, Key, Attr) ->
 	    abort(no_transaction)
     end.
 
-index_read(Tid, Ts, Tab, Key, Attr, LockKind) 
+index_read(Tid, Ts, Tab, Key, Attr, LockKind)
   when is_atom(Tab), Tab /= schema ->
     case element(1, Tid) of
 	ets ->
@@ -1536,7 +1536,7 @@ dirty_write(Val) when is_tuple(Val), tuple_size(Val) > 2  ->
     dirty_write(Tab, Val);
 dirty_write(Val) ->
     abort({bad_type, Val}).
-    
+
 dirty_write(Tab, Val) ->
     do_dirty_write(async_dirty, Tab, Val).
 
@@ -1562,7 +1562,7 @@ dirty_delete(Oid) ->
 
 dirty_delete(Tab, Key) ->
     do_dirty_delete(async_dirty, Tab, Key).
-    
+
 do_dirty_delete(SyncMode, Tab, Key) when is_atom(Tab), Tab /= schema  ->
     Oid = {Tab, Key},
     mnesia_tm:dirty(SyncMode, {Oid, Oid, delete});
@@ -1582,7 +1582,7 @@ do_dirty_delete_object(SyncMode, Tab, Val)
     when is_atom(Tab), Tab /= schema, is_tuple(Val), tuple_size(Val) > 2 ->
     Oid = {Tab, element(2, Val)},
     case has_var(Val) of
-	false -> 
+	false ->
 	    mnesia_tm:dirty(SyncMode, {Oid, Val, delete_object});
 	true ->
 	    abort({bad_type, Tab, Val})
@@ -1600,7 +1600,7 @@ dirty_update_counter(Counter, _Incr) ->
 
 dirty_update_counter(Tab, Key, Incr) ->
     do_dirty_update_counter(async_dirty, Tab, Key, Incr).
-    
+
 do_dirty_update_counter(SyncMode, Tab, Key, Incr)
   when is_atom(Tab), Tab /= schema, is_integer(Incr) ->
     case ?catch_val({Tab, record_validation}) of
@@ -1638,7 +1638,7 @@ dirty_match_object(Pat) when is_tuple(Pat), tuple_size(Pat) > 2 ->
     dirty_match_object(Tab, Pat);
 dirty_match_object(Pat) ->
     abort({bad_type, Pat}).
-    
+
 dirty_match_object(Tab, Pat)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     dirty_rpc(Tab, ?MODULE, remote_dirty_match_object, [Tab, Pat]);
@@ -1697,8 +1697,8 @@ remote_dirty_select(Tab, [{HeadPat,_, _}] = Spec, [Pos | Tail])
 	    %% Returns the records without applying the match spec
 	    %% The actual filtering is handled by the caller
 	    CMS = ets:match_spec_compile(Spec),
-	    case val({Tab, setorbag}) of 
-		ordered_set -> 
+	    case val({Tab, setorbag}) of
+		ordered_set ->
 		    ets:match_spec_run(lists:sort(Recs), CMS);
 		_ ->
 		    ets:match_spec_run(Recs, CMS)
@@ -1730,14 +1730,14 @@ dirty_all_keys(Tab) when is_atom(Tab), Tab /= schema ->
     end;
 dirty_all_keys(Tab) ->
     abort({bad_type, Tab}).
-    
+
 dirty_index_match_object(Pat, Attr) when is_tuple(Pat), tuple_size(Pat) > 2 ->
     Tab = element(1, Pat),
     dirty_index_match_object(Tab, Pat, Attr);
 dirty_index_match_object(Pat, _Attr) ->
     abort({bad_type, Pat}).
 
-dirty_index_match_object(Tab, Pat, Attr) 
+dirty_index_match_object(Tab, Pat, Attr)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case mnesia_schema:attr_tab_to_pos(Tab, Attr) of
 	Pos when Pos =< tuple_size(Pat) ->
@@ -1752,7 +1752,7 @@ dirty_index_match_object(Tab, Pat, Attr)
 				      [Tab, Pat, Pos]);
 			true ->
 			    abort({bad_type, Tab, Attr, Elem})
-		    end		    
+		    end
 	    end;
 	BadPos ->
 	    abort({bad_type, Tab, BadPos})
@@ -1810,7 +1810,7 @@ do_dirty_rpc(Tab, Node, M, F, Args) ->
 	    %% Sync with mnesia_monitor
 	    try sys:get_status(mnesia_monitor) catch _:_ -> ok end,
 	    case mnesia_controller:call({check_w2r, Node, Tab}) of % Sync
-		NewNode when NewNode =:= Node -> 
+		NewNode when NewNode =:= Node ->
 		    ErrorTag = mnesia_lib:dirty_rpc_error_tag(Reason),
 		    mnesia:abort({ErrorTag, Args});
 		NewNode ->
@@ -1821,9 +1821,9 @@ do_dirty_rpc(Tab, Node, M, F, Args) ->
 			    %% to acquire the lock on the NewNode.
 			    %% In this context we do neither know
 			    %% the kind or granularity of the lock.
-			    %% --> Abort the transaction 
+			    %% --> Abort the transaction
 			    mnesia:abort({node_not_running, Node});
-			{error, {node_not_running, _}} -> 
+			{error, {node_not_running, _}} ->
 			    %% Mnesia is stopping
 			    mnesia:abort({no_exists, Args});
 			_ ->
@@ -1858,21 +1858,21 @@ table_info(_Tid, _Ts, Tab, Item) ->
     any_table_info(Tab, Item).
 
 
-any_table_info(Tab, Item) when is_atom(Tab) ->    
+any_table_info(Tab, Item) when is_atom(Tab) ->
     case Item of
 	master_nodes ->
 	    mnesia_recover:get_master_nodes(Tab);
-%	checkpoints -> 
+%	checkpoints ->
 %	    case ?catch_val({Tab, commit_work}) of
 %		[{checkpoints, List} | _] -> List;
 %		No_chk when is_list(No_chk) ->  [];
 %		Else -> info_reply(Else, Tab, Item)
 %	    end;
-	size -> 
+	size ->
 	    raw_table_info(Tab, Item);
 	memory ->
 	    raw_table_info(Tab, Item);
-	type -> 
+	type ->
 	    case ?catch_val({Tab, setorbag}) of
 		{'EXIT', _} ->
 		    abort({no_exists, Tab, Item});
@@ -1885,8 +1885,8 @@ any_table_info(Tab, Item) when is_atom(Tab) ->
 		    abort({no_exists, Tab, Item});
 		Props ->
 		    lists:map(fun({setorbag, Type}) -> {type, Type};
-				 (Prop) -> Prop end, 
-			      Props) 
+				 (Prop) -> Prop end,
+			      Props)
 	    end;
 	name ->
 	    Tab;
@@ -1927,14 +1927,14 @@ bad_info_reply(_Tab, memory) -> 0;
 bad_info_reply(Tab, Item) -> abort({no_exists, Tab, Item}).
 
 %% Raw info about all tables
-schema() -> 
+schema() ->
     mnesia_schema:info().
 
 %% Raw info about one tables
-schema(Tab) -> 
+schema(Tab) ->
     mnesia_schema:info(Tab).
 
-error_description(Err) -> 
+error_description(Err) ->
     mnesia_lib:error_desc(Err).
 
 info() ->
@@ -1951,18 +1951,18 @@ info() ->
 	    io:format( "---> Processes waiting for locks <--- ~n", []),
 	    lists:foreach(fun({Oid, Op, _Pid, Tid, OwnerTid}) ->
 				  io:format("Tid ~p waits for ~p lock "
-					    "on oid ~p owned by ~p ~n", 
+					    "on oid ~p owned by ~p ~n",
 					    [Tid, Op, Oid, OwnerTid])
 		  end, Queued),
 	    mnesia_tm:display_info(group_leader(), TmInfo),
-	    
+
 	    Pat = {'_', unclear, '_'},
 	    Uncertain = ets:match_object(mnesia_decision, Pat),
 
 	    io:format( "---> Uncertain transactions <--- ~n", []),
 	    lists:foreach(fun({Tid, _, Nodes}) ->
 				  io:format("Tid ~w waits for decision "
-					    "from ~w~n", 
+					    "from ~w~n",
 					    [Tid, Nodes])
 		  end, Uncertain),
 
@@ -2023,15 +2023,15 @@ display_tab_info() ->
     io:format("master node tables = ~p~n", [lists:sort(MasterTabs)]),
 
     Tabs = system_info(tables),
-    
+
     {Unknown, Ram, Disc, DiscOnly} =
 	lists:foldl(fun storage_count/2, {[], [], [], []}, Tabs),
-    
+
     io:format("remote             = ~p~n", [lists:sort(Unknown)]),
     io:format("ram_copies         = ~p~n", [lists:sort(Ram)]),
     io:format("disc_copies        = ~p~n", [lists:sort(Disc)]),
     io:format("disc_only_copies   = ~p~n", [lists:sort(DiscOnly)]),
-    
+
     Rfoldl = fun(T, Acc) ->
 		     Rpat =
 			 case val({T, access_mode}) of
@@ -2041,7 +2041,7 @@ display_tab_info() ->
 				 table_info(T, where_to_commit)
 			 end,
 		     case lists:keysearch(Rpat, 1, Acc) of
-			 {value, {_Rpat, Rtabs}} -> 
+			 {value, {_Rpat, Rtabs}} ->
 			     lists:keyreplace(Rpat, 1, Acc, {Rpat, [T | Rtabs]});
 			 false ->
 			     [{Rpat, [T]} | Acc]
@@ -2161,20 +2161,20 @@ system_info2(fallback_activated) ->
 
 system_info2(version) ->
     case ?catch_val(version) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    Apps = application:loaded_applications(),
 	    case lists:keysearch(?APPLICATION, 1, Apps) of
 		{value, {_Name, _Desc, Version}} ->
 		    Version;
 		false ->
 		    %% Ensure that it does not match
-		    {mnesia_not_loaded, node(), now()} 
+		    {mnesia_not_loaded, node(), now()}
 	    end;
 	Version ->
 	    Version
     end;
 
-system_info2(access_module) -> mnesia_monitor:get_env(access_module); 
+system_info2(access_module) -> mnesia_monitor:get_env(access_module);
 system_info2(auto_repair) -> mnesia_monitor:get_env(auto_repair);
 system_info2(is_running) -> mnesia_lib:is_running();
 system_info2(backup_module) -> mnesia_monitor:get_env(backup_module);
@@ -2183,7 +2183,7 @@ system_info2(debug) -> mnesia_monitor:get_env(debug);
 system_info2(dump_log_load_regulation) -> mnesia_monitor:get_env(dump_log_load_regulation);
 system_info2(dump_log_write_threshold) -> mnesia_monitor:get_env(dump_log_write_threshold);
 system_info2(dump_log_time_threshold) -> mnesia_monitor:get_env(dump_log_time_threshold);
-system_info2(dump_log_update_in_place) -> 
+system_info2(dump_log_update_in_place) ->
     mnesia_monitor:get_env(dump_log_update_in_place);
 system_info2(max_wait_for_decision) -> mnesia_monitor:get_env(max_wait_for_decision);
 system_info2(embedded_mnemosyne) -> mnesia_monitor:get_env(embedded_mnemosyne);
@@ -2204,9 +2204,9 @@ system_info2(transaction_failures) -> mnesia_lib:read_counter(trans_failures);
 system_info2(transaction_commits) -> mnesia_lib:read_counter(trans_commits);
 system_info2(transaction_restarts) -> mnesia_lib:read_counter(trans_restarts);
 system_info2(transaction_log_writes) -> mnesia_dumper:get_log_writes();
-system_info2(core_dir) ->  mnesia_monitor:get_env(core_dir); 
-system_info2(no_table_loaders) ->  mnesia_monitor:get_env(no_table_loaders); 
-system_info2(dc_dump_limit) ->  mnesia_monitor:get_env(dc_dump_limit); 
+system_info2(core_dir) ->  mnesia_monitor:get_env(core_dir);
+system_info2(no_table_loaders) ->  mnesia_monitor:get_env(no_table_loaders);
+system_info2(dc_dump_limit) ->  mnesia_monitor:get_env(dc_dump_limit);
 system_info2(send_compressed) -> mnesia_monitor:get_env(send_compressed);
 
 system_info2(Item) -> exit({badarg, Item}).
@@ -2281,7 +2281,7 @@ system_info_items(no) ->
      core_dir,
      version
     ].
-    
+
 system_info() ->
     IsRunning = mnesia_lib:is_running(),
     case IsRunning of
@@ -2308,62 +2308,62 @@ load_mnesia_or_abort() ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Database mgt
 
-create_schema(Ns) -> 
+create_schema(Ns) ->
     mnesia_bup:create_schema(Ns).
 
-delete_schema(Ns) -> 
+delete_schema(Ns) ->
     mnesia_schema:delete_schema(Ns).
 
-backup(Opaque) -> 
+backup(Opaque) ->
     mnesia_log:backup(Opaque).
 
-backup(Opaque, Mod) -> 
+backup(Opaque, Mod) ->
     mnesia_log:backup(Opaque, Mod).
 
-traverse_backup(S, T, Fun, Acc) -> 
+traverse_backup(S, T, Fun, Acc) ->
     mnesia_bup:traverse_backup(S, T, Fun, Acc).
 
-traverse_backup(S, SM, T, TM, F, A) -> 
+traverse_backup(S, SM, T, TM, F, A) ->
     mnesia_bup:traverse_backup(S, SM, T, TM, F, A).
 
-install_fallback(Opaque) -> 
+install_fallback(Opaque) ->
     mnesia_bup:install_fallback(Opaque).
 
-install_fallback(Opaque, Mod) -> 
+install_fallback(Opaque, Mod) ->
     mnesia_bup:install_fallback(Opaque, Mod).
 
-uninstall_fallback() -> 
+uninstall_fallback() ->
     mnesia_bup:uninstall_fallback().
 
-uninstall_fallback(Args) -> 
+uninstall_fallback(Args) ->
     mnesia_bup:uninstall_fallback(Args).
 
-activate_checkpoint(Args) -> 
+activate_checkpoint(Args) ->
     mnesia_checkpoint:activate(Args).
 
-deactivate_checkpoint(Name) -> 
+deactivate_checkpoint(Name) ->
     mnesia_checkpoint:deactivate(Name).
 
-backup_checkpoint(Name, Opaque) -> 
+backup_checkpoint(Name, Opaque) ->
     mnesia_log:backup_checkpoint(Name, Opaque).
 
-backup_checkpoint(Name, Opaque, Mod) -> 
+backup_checkpoint(Name, Opaque, Mod) ->
     mnesia_log:backup_checkpoint(Name, Opaque, Mod).
 
-restore(Opaque, Args) -> 
+restore(Opaque, Args) ->
     mnesia_schema:restore(Opaque, Args).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt
 
-create_table(Arg) -> 
+create_table(Arg) ->
     mnesia_schema:create_table(Arg).
-create_table(Name, Arg) when is_list(Arg) -> 
+create_table(Name, Arg) when is_list(Arg) ->
     mnesia_schema:create_table([{name, Name}| Arg]);
 create_table(Name, Arg) ->
     {aborted, badarg, Name, Arg}.
 
-delete_table(Tab) -> 
+delete_table(Tab) ->
     mnesia_schema:delete_table(Tab).
 
 add_table_copy(Tab, N, S) ->
@@ -2371,38 +2371,38 @@ add_table_copy(Tab, N, S) ->
 del_table_copy(Tab, N) ->
     mnesia_schema:del_table_copy(Tab, N).
 
-move_table_copy(Tab, From, To) -> 
+move_table_copy(Tab, From, To) ->
     mnesia_schema:move_table(Tab, From, To).
 
-add_table_index(Tab, Ix) -> 
+add_table_index(Tab, Ix) ->
     mnesia_schema:add_table_index(Tab, Ix).
-del_table_index(Tab, Ix) -> 
+del_table_index(Tab, Ix) ->
     mnesia_schema:del_table_index(Tab, Ix).
 
-transform_table(Tab, Fun, NewA) -> 
+transform_table(Tab, Fun, NewA) ->
     case catch val({Tab, record_name}) of
-	{'EXIT', Reason} -> 
+	{'EXIT', Reason} ->
 	    mnesia:abort(Reason);
-	OldRN -> 
+	OldRN ->
 	    mnesia_schema:transform_table(Tab, Fun, NewA, OldRN)
     end.
 
-transform_table(Tab, Fun, NewA, NewRN) -> 
+transform_table(Tab, Fun, NewA, NewRN) ->
     mnesia_schema:transform_table(Tab, Fun, NewA, NewRN).
 
 change_table_copy_type(T, N, S) ->
     mnesia_schema:change_table_copy_type(T, N, S).
 
 clear_table(Tab) ->
-    case get(mnesia_activity_state) of 
+    case get(mnesia_activity_state) of
 	State = {Mod, Tid, _Ts} when element(1, Tid) =/= tid ->
 	    transaction(State, fun() -> do_clear_table(Tab) end, [], infinity, Mod, sync);
-	undefined -> 
+	undefined ->
 	    transaction(undefined, fun() -> do_clear_table(Tab) end, [], infinity, ?DEFAULT_ACCESS, sync);
 	_ -> %% Not allowed for clear_table
 	    mnesia:abort({aborted, nested_transaction})
     end.
-	    
+
 do_clear_table(Tab) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts}  ->
@@ -2415,7 +2415,7 @@ do_clear_table(Tab) ->
 
 clear_table(Tid, Ts, Tab, Obj) when element(1, Tid) =:= tid ->
     Store = Ts#tidstore.store,
-    mnesia_locker:wlock_table(Tid, Store, Tab), 
+    mnesia_locker:wlock_table(Tid, Store, Tab),
     Oid = {Tab, '_'},
     ?ets_insert(Store, {Oid, Obj, clear_table}),
     ok.
@@ -2423,26 +2423,26 @@ clear_table(Tid, Ts, Tab, Obj) when element(1, Tid) =:= tid ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - user properties
 
-read_table_property(Tab, PropKey) -> 
+read_table_property(Tab, PropKey) ->
     val({Tab, user_property, PropKey}).
 
-write_table_property(Tab, Prop) -> 
+write_table_property(Tab, Prop) ->
     mnesia_schema:write_table_property(Tab, Prop).
 
-delete_table_property(Tab, PropKey) -> 
+delete_table_property(Tab, PropKey) ->
     mnesia_schema:delete_table_property(Tab, PropKey).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - user properties
 
-change_table_frag(Tab, FragProp) -> 
+change_table_frag(Tab, FragProp) ->
     mnesia_schema:change_table_frag(Tab, FragProp).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - table load
 
 %% Dump a ram table to disc
-dump_tables(Tabs) -> 
+dump_tables(Tabs) ->
     mnesia_schema:dump_tables(Tabs).
 
 %% allow the user to wait for some tables to be loaded
@@ -2455,10 +2455,10 @@ force_load_table(Tab) ->
 	Other -> Other
     end.
 
-change_table_access_mode(T, Access) -> 
+change_table_access_mode(T, Access) ->
     mnesia_schema:change_table_access_mode(T, Access).
 
-change_table_load_order(T, O) -> 
+change_table_load_order(T, O) ->
     mnesia_schema:change_table_load_order(T, O).
 
 change_table_majority(T, M) ->
@@ -2471,13 +2471,13 @@ set_master_nodes(Nodes) when is_list(Nodes) ->
 	yes ->
 	    CsPat = {{'_', cstruct}, '_'},
 	    Cstructs0 = ?ets_match_object(mnesia_gvar, CsPat),
-	    Cstructs = [Cs || {_, Cs} <- Cstructs0], 
+	    Cstructs = [Cs || {_, Cs} <- Cstructs0],
 	    log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning);
 	_NotRunning ->
 	    case UseDir of
 		true ->
 		    mnesia_lib:lock_table(schema),
-		    Res = 
+		    Res =
 			case mnesia_schema:read_cstructs_from_disc() of
 			    {ok, Cstructs} ->
 				log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning);
@@ -2497,7 +2497,7 @@ log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning) ->
     Fun = fun(Cs) ->
 		  Copies = mnesia_lib:copy_holders(Cs),
 		  Valid = mnesia_lib:intersect(Nodes, Copies),
-		  {Cs#cstruct.name, Valid}  
+		  {Cs#cstruct.name, Valid}
 	  end,
     Args = lists:map(Fun, Cstructs),
     mnesia_recover:log_master_nodes(Args, UseDir, IsRunning).
@@ -2523,7 +2523,7 @@ set_master_nodes(Tab, Nodes) when is_list(Nodes) ->
 	    case UseDir of
 		true ->
 		    mnesia_lib:lock_table(schema),
-		    Res = 
+		    Res =
 			case mnesia_schema:read_cstructs_from_disc() of
 			    {ok, Cstructs} ->
 				case lists:keysearch(Tab, 2, Cstructs) of
@@ -2553,7 +2553,7 @@ set_master_nodes(Tab, Nodes) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Misc admin
 
-dump_log() -> 
+dump_log() ->
     mnesia_controller:sync_dump_log(user).
 
 subscribe(What) ->
@@ -2568,10 +2568,10 @@ report_event(Event) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Snmp
 
-snmp_open_table(Tab, Us) -> 
+snmp_open_table(Tab, Us) ->
     mnesia_schema:add_snmp(Tab, Us).
 
-snmp_close_table(Tab) ->  
+snmp_close_table(Tab) ->
     mnesia_schema:del_snmp(Tab).
 
 snmp_get_row(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex) ->
@@ -2583,26 +2583,26 @@ snmp_get_row(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex)
 		    SnmpType = val({Tab,snmp}),
 		    Fix = fun({{_,Key},Row,Op}, Res) ->
 				  case mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) of
-				      RowIndex -> 
+				      RowIndex ->
 					  case Op of
 					      write -> {ok, Row};
 					      _ ->
 						  undefined
 					  end;
-				      _ -> 
+				      _ ->
 					  Res
 				  end
 			  end,
 		    lists:foldl(Fix, undefined, Ops);
 		Key ->
 		    case Mod:read(Tid, Ts, Tab, Key, read) of
-			[Row] ->  
+			[Row] ->
 			    {ok, Row};
-			_ -> 
+			_ ->
 			    undefined
 		    end
 	    end;
- 	_ -> 
+	_ ->
  	    dirty_rpc(Tab, mnesia_snmp_hook, get_row, [Tab, RowIndex])
     end;
 snmp_get_row(Tab, _RowIndex) ->
@@ -2613,7 +2613,7 @@ snmp_get_row(Tab, _RowIndex) ->
 snmp_get_next_index(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex) ->
     {Next,OrigKey} = dirty_rpc(Tab, mnesia_snmp_hook, get_next_index, [Tab, RowIndex]),
     case get(mnesia_activity_state) of
- 	{_Mod, Tid, #tidstore{store=Store}} when element(1, Tid) =:= tid ->		
+	{_Mod, Tid, #tidstore{store=Store}} when element(1, Tid) =:= tid ->
 	    case OrigKey of
 		undefined ->
 		    snmp_order_keys(Store, Tab, RowIndex, []);
@@ -2639,7 +2639,7 @@ snmp_get_next_index(Tab, _RowIndex) ->
 snmp_order_keys(Store,Tab,RowIndex,Def) ->
     All = ?ets_match(Store, {{Tab,'$1'},'_','$2'}),
     SnmpType = val({Tab,snmp}),
-    Keys0 = [mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) || 
+    Keys0 = [mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) ||
 		Key <- ts_keys_1(All, Def)],
     Keys = lists:sort(Keys0),
     get_ordered_snmp_key(RowIndex,Keys).
@@ -2648,7 +2648,7 @@ get_ordered_snmp_key(Prev, [First|_]) when Prev < First -> {ok, First};
 get_ordered_snmp_key(Prev, [_|R]) ->
     get_ordered_snmp_key(Prev, R);
 get_ordered_snmp_key(_, []) ->
-    endOfTable.	       
+    endOfTable.
 
 %%%%%%%%%%
 
@@ -2657,7 +2657,7 @@ snmp_get_mnesia_key(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(Row
  	{_Mod, Tid, Ts} when element(1, Tid) =:= tid ->
 	    Res = dirty_rpc(Tab,mnesia_snmp_hook,get_mnesia_key,[Tab,RowIndex]),
 	    snmp_filter_key(Res, RowIndex, Tab, Ts#tidstore.store);
-	_ -> 
+	_ ->
 	    dirty_rpc(Tab, mnesia_snmp_hook, get_mnesia_key, [Tab, RowIndex])
     end;
 snmp_get_mnesia_key(Tab, _RowIndex) ->
@@ -2670,7 +2670,7 @@ snmp_oid_to_mnesia_key(RowIndex, Tab) ->
 		{ok, MnesiaKey} -> MnesiaKey;
 		undefined -> unknown
 	    end;
-	MnesiaKey -> 
+	MnesiaKey ->
 	    MnesiaKey
     end.
 
@@ -2690,20 +2690,20 @@ snmp_filter_key(undefined, RowIndex, Tab, Store) ->
 	    SnmpType = val({Tab,snmp}),
 	    Fix = fun({{_,Key},_,Op}, Res) ->
 			  case mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) of
-			      RowIndex -> 
+			      RowIndex ->
 				  case Op of
 				      write -> {ok, Key};
 				      _ ->
 					  undefined
 				  end;
-			      _ -> 
+			      _ ->
 				  Res
 			  end
 		  end,
 	    lists:foldl(Fix, undefined, Ops);
 	Key ->
 	    case ?ets_lookup(Store, {Tab,Key}) of
-		[] -> 
+		[] ->
 		    undefined;
 		Ops ->
 		    case lists:last(Ops) of
@@ -2716,9 +2716,9 @@ snmp_filter_key(undefined, RowIndex, Tab, Store) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Textfile access
 
-load_textfile(F) -> 
+load_textfile(F) ->
     mnesia_text:load_textfile(F).
-dump_to_textfile(F) -> 
+dump_to_textfile(F) ->
     mnesia_text:dump_to_textfile(F).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -2727,7 +2727,7 @@ dump_to_textfile(F) ->
 table(Tab) ->
     table(Tab, []).
 table(Tab,Opts) ->
-    {[Trav,Lock,NObjects],QlcOptions0} = 
+    {[Trav,Lock,NObjects],QlcOptions0} =
 	qlc_opts(Opts,[{traverse,select},{lock,read},{n_objects,100}]),
     TF = case Trav of
 	     {select,Ms} ->
@@ -2740,10 +2740,10 @@ table(Tab,Opts) ->
     Pre  = fun(Arg) -> pre_qlc(Arg, Tab) end,
     Post = fun()  -> post_qlc(Tab) end,
     Info = fun(Tag) -> qlc_info(Tab, Tag) end,
-    ParentFun = fun() -> 
-			{mnesia_activity, mnesia:get_activity_id()} 
+    ParentFun = fun() ->
+			{mnesia_activity, mnesia:get_activity_id()}
 		end,
-    Lookup = 
+    Lookup =
 	case Trav of
 	    {select, _} -> [];
 	    _ ->
@@ -2757,27 +2757,27 @@ table(Tab,Opts) ->
 		[{lookup_fun, LFun}]
 	end,
     MFA  = fun(Type) -> qlc_format(Type, Tab, NObjects, Lock, Opts) end,
-    QlcOptions = [{pre_fun, Pre}, {post_fun, Post}, 
-		  {info_fun, Info}, {parent_fun, ParentFun}, 
+    QlcOptions = [{pre_fun, Pre}, {post_fun, Post},
+		  {info_fun, Info}, {parent_fun, ParentFun},
 		  {format_fun, MFA}|Lookup] ++ QlcOptions0,
     qlc:table(TF, QlcOptions).
 
 pre_qlc(Opts, Tab) ->
-    {_,Tid,_} = 
+    {_,Tid,_} =
 	case get(mnesia_activity_state) of
 	    undefined ->
 		case lists:keysearch(parent_value, 1, Opts) of
 		    {value, {parent_value,{mnesia_activity,undefined}}} ->
 			abort(no_transaction);
 		    {value, {parent_value,{mnesia_activity,Aid}}} ->
-			{value,{stop_fun,Stop}} = 
+			{value,{stop_fun,Stop}} =
 			    lists:keysearch(stop_fun,1,Opts),
 			put_activity_id(Aid,Stop),
 			Aid;
 		    _ ->
 			abort(no_transaction)
 		end;
-	    Else -> 
+	    Else ->
 		Else
 	end,
     case element(1,Tid) of
@@ -2785,9 +2785,9 @@ pre_qlc(Opts, Tab) ->
 	_ ->
 	    case ?catch_val({Tab, setorbag}) of
 		ordered_set ->   ok;
-		_ -> 
+		_ ->
 		    dirty_rpc(Tab, mnesia_tm, fixtable, [Tab,true,self()]),
-		    ok	    
+		    ok
 	    end
     end.
 
@@ -2806,7 +2806,7 @@ post_qlc(Tab) ->
 
 qlc_select('$end_of_table') ->     [];
 qlc_select({[], Cont}) -> qlc_select(select(Cont));
-qlc_select({Objects, Cont}) -> 
+qlc_select({Objects, Cont}) ->
     Objects ++ fun() -> qlc_select(select(Cont)) end.
 
 qlc_opts(Opts, Keys) when is_list(Opts) ->
@@ -2826,7 +2826,7 @@ qlc_opts(Opts,[],Acc) -> {lists:reverse(Acc),Opts}.
 
 qlc_info(Tab, num_of_objects) ->
     dirty_rpc(Tab, ?MODULE, raw_table_info, [Tab, size]);
-qlc_info(_, keypos) ->    2;         
+qlc_info(_, keypos) ->    2;
 qlc_info(_, is_unique_objects) ->    true;
 qlc_info(Tab, is_unique_keys) ->
     case val({Tab, type}) of
@@ -2836,9 +2836,9 @@ qlc_info(Tab, is_unique_keys) ->
     end;
 qlc_info(Tab, is_sorted_objects) ->
     case val({Tab, type}) of
-	ordered_set -> 
+	ordered_set ->
 	    case ?catch_val({Tab, frag_hash}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    ascending;
 		_ ->  %% Fragmented tables are not ordered
 		    no
@@ -2856,11 +2856,11 @@ qlc_format({match_spec, Ms}, Tab, NObjects, Lock, Opts) ->
     {?MODULE, table, [Tab,[{traverse,{select,Ms}},{n_objects, NObjects}, {lock,Lock}|Opts]]};
 qlc_format({lookup, 2, Keys}, Tab, _, Lock, _) ->
     io_lib:format("lists:flatmap(fun(V) -> "
-		  "~w:read(~w, V, ~w) end, ~w)", 
+		  "~w:read(~w, V, ~w) end, ~w)",
 		  [?MODULE, Tab, Lock, Keys]);
 qlc_format({lookup, Index,Keys}, Tab, _, _, _) ->
     io_lib:format("lists:flatmap(fun(V) -> "
-		  "~w:index_read(~w, V, ~w) end, ~w)", 
+		  "~w:index_read(~w, V, ~w) end, ~w)",
 		  [?MODULE, Tab, Index, Keys]).
 
 
@@ -2874,7 +2874,7 @@ do_fixtable(Tab, Store) ->
 	    ok;
 	_ ->
 	    case ?ets_match_object(Store, {fixtable, {Tab, '_'}}) of
-		[] -> 
+		[] ->
 		    Node = dirty_rpc(Tab, mnesia_tm, fixtable, [Tab,true,self()]),
 		    ?ets_insert(Store, {fixtable, {Tab, Node}});
 		_ ->
@@ -2886,10 +2886,10 @@ do_fixtable(Tab, Store) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Mnemosyne exclusive
 
-get_activity_id() -> 
+get_activity_id() ->
     get(mnesia_activity_state).
 
-put_activity_id(Activity) -> 
+put_activity_id(Activity) ->
     mnesia_tm:put_activity_id(Activity).
-put_activity_id(Activity,Fun) -> 
+put_activity_id(Activity,Fun) ->
     mnesia_tm:put_activity_id(Activity,Fun).
diff --git a/lib/mnesia/src/mnesia.hrl b/lib/mnesia/src/mnesia.hrl
index 2375b72d59..2855792646 100644
--- a/lib/mnesia/src/mnesia.hrl
+++ b/lib/mnesia/src/mnesia.hrl
@@ -70,6 +70,7 @@
 		  attributes = [key, val],         % [Atom]
 		  user_properties = [],            % [Record]
 		  frag_properties = [],            % [{Key, Val]
+		  storage_properties = [],         % [{Key, Val]
                   cookie = ?unique_cookie,         % Term
                   version = {{2, 0}, []}}).        % {{Integer, Integer}, [Node]}
 
diff --git a/lib/mnesia/src/mnesia_backup.erl b/lib/mnesia/src/mnesia_backup.erl
index f372ca0be5..736f2ed9bf 100644
--- a/lib/mnesia/src/mnesia_backup.erl
+++ b/lib/mnesia/src/mnesia_backup.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -56,14 +56,14 @@
 
 -export([
 	 %% Write access
-         open_write/1, 
-	 write/2, 
-	 commit_write/1, 
+         open_write/1,
+	 write/2,
+	 commit_write/1,
 	 abort_write/1,
 
 	 %% Read access
-         open_read/1, 
-	 read/1, 
+         open_read/1,
+	 read/1,
 	 close_read/1
         ]).
 
diff --git a/lib/mnesia/src/mnesia_bup.erl b/lib/mnesia/src/mnesia_bup.erl
index 14414537b9..fd87be1759 100644
--- a/lib/mnesia/src/mnesia_bup.erl
+++ b/lib/mnesia/src/mnesia_bup.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -62,7 +62,7 @@
                         fallback_tmp,
                         skip_tables = [],
                         keep_tables = [],
-                        default_op = keep_tables                       
+                        default_op = keep_tables
                        }).
 
 -type fallback_args() :: #fallback_args{}.
@@ -134,7 +134,7 @@ abort_restore(R, What, Args, Reason) ->
             [Mod, What, Args, Reason]),
     catch apply(Mod, close_read, [Opaque]),
     throw({error, Reason}).
-            
+
 fallback_to_schema() ->
     Fname = fallback_bup(),
     fallback_to_schema(Fname).
@@ -146,14 +146,14 @@ fallback_to_schema(Fname) ->
             {error, Reason};
         Schema ->
             case catch lookup_schema(schema, Schema) of
-                {error, _} -> 
+                {error, _} ->
                     {error, "No schema in fallback"};
                 List ->
                     {ok, fallback, List}
             end
     end.
 
-%% Opens Opaque reads schema and then close 
+%% Opens Opaque reads schema and then close
 read_schema(Mod, Opaque) ->
     R = #restore{bup_module = Mod, bup_data = Opaque},
     case catch read_schema_section(R) of
@@ -163,7 +163,7 @@ read_schema(Mod, Opaque) ->
             catch safe_apply(R2, close_read, [R2#restore.bup_data]),
             Schema
     end.
-    
+
 %% Open backup media and extract schema
 %% rewind backup media and leave it open
 %% Returns {R, {Header, Schema}}
@@ -227,7 +227,7 @@ refresh_cookie(Schema, NewCookie) ->
             Cs2 = Cs#cstruct{cookie = NewCookie},
             Item = {schema, schema, mnesia_schema:cs2list(Cs2)},
             lists:keyreplace(schema, 2, Schema, Item);
-        
+
         false ->
             Reason = "No schema found. Cannot be used as backup.",
             throw({error, {Reason, Schema}})
@@ -273,7 +273,7 @@ convert_0_1([{schema, db_nodes, DbNodes} | Schema], Acc, Cs) ->
 convert_0_1([{schema, version, Version} | Schema], Acc, Cs) ->
     convert_0_1(Schema, Acc, Cs#cstruct{version = Version});
 convert_0_1([{schema, Tab, Def} | Schema], Acc, Cs) ->
-    Head = 
+    Head =
         case lists:keysearch(index, 1, Def) of
             {value, {index, PosList}} ->
                 %% Remove the snmp "index"
@@ -334,7 +334,7 @@ create_schema(Ns, ok) ->
     case mnesia_lib:ensure_loaded(?APPLICATION) of
         ok ->
             case mnesia_monitor:get_env(schema_location) of
-                ram -> 
+                ram ->
                     {error, {has_no_disc, node()}};
                 _ ->
                     case mnesia_schema:opt_create_dir(true, mnesia_lib:dir()) of
@@ -358,7 +358,7 @@ create_schema(Ns, ok) ->
                                     {error, Reason}
                             end
                     end
-            end;        
+            end;
         {error, Reason} ->
             {error, Reason}
     end;
@@ -434,7 +434,7 @@ check_fallback_args([Arg | Tail], FA) ->
 check_fallback_args([], FA) ->
     {ok, FA}.
 
-check_fallback_arg_type(Arg, FA) ->    
+check_fallback_arg_type(Arg, FA) ->
     case Arg of
         {scope, global} ->
             FA#fallback_args{scope = global};
@@ -462,10 +462,10 @@ atom_list([H | T]) when is_atom(H) ->
     atom_list(T);
 atom_list([]) ->
     ok.
-    
+
 do_install_fallback(FA) ->
     Pid = spawn_link(?MODULE, install_fallback_master, [self(), FA]),
-    Res = 
+    Res =
         receive
             {'EXIT', Pid, Reason} -> % if appl has trapped exit
                 {error, {'EXIT', Reason}};
@@ -506,7 +506,7 @@ restore_recs(Recs, Header, Schema, {start, FA}) ->
             Pids = [spawn_link(N, ?MODULE, fallback_receiver, Args) || N <- Ns],
             send_fallback(Pids, {start, Header, Schema2}),
             Res = restore_recs(Recs, Header, Schema2, Pids),
-            global:del_lock({{mnesia_table_lock, schema}, self()}, Ns), 
+            global:del_lock({{mnesia_table_lock, schema}, self()}, Ns),
             Res
     end;
 
@@ -578,7 +578,7 @@ fallback_tmp_name() -> "FALLBACK.TMP".
 -spec fallback_receiver(pid(), fallback_args()) -> no_return().
 fallback_receiver(Master, FA) ->
     process_flag(trap_exit, true),
-    
+
     case catch register(mnesia_fallback, self()) of
         {'EXIT', _} ->
             Reason = {already_exists, node()},
@@ -610,7 +610,7 @@ local_fallback_error(Master, Reason) ->
     Master ! {self(), {error, Reason}},
     unlink(Master),
     exit(Reason).
-    
+
 check_fallback_dir(Master, FA) ->
     case mnesia:system_info(schema_location) of
         ram ->
@@ -659,7 +659,7 @@ fallback_receiver_loop(Master, R, FA, State) ->
             R2 = safe_apply(R, write, [R#restore.bup_data, Recs]),
             Master ! {self(), ok},
             fallback_receiver_loop(Master, R2, FA, records);
-        
+
         {Master, swap} when State =/= schema ->
             ?eval_debug_fun({?MODULE, fallback_receiver_loop, pre_swap}, []),
             safe_apply(R, commit_write, [R#restore.bup_data]),
@@ -834,7 +834,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
             ok = dets:delete(schema, {schema, Tab}),
             create_dat_files(Tail, LocalTabs);
         Storage =:= disc_only_copies ->
-            Args = [{file, TmpFile}, {keypos, 2}, 
+            Args = [{file, TmpFile}, {keypos, 2},
                     {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}],
             Open = fun(T, LT) when T =:= LT#local_tab.name ->
                            case mnesia_lib:dets_sync_open(T, Args) of
@@ -861,9 +861,9 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 	    Swap = fun(T, LT) when T =:= LT#local_tab.name ->
 			   Expunge(),
 			   case LT#local_tab.opened of
-			       true -> 
+			       true ->
 				   Close(T,LT);
-			       false -> 
+			       false ->
 				   Open(T,LT),
 				   Close(T,LT)
 			   end,
@@ -887,8 +887,8 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 	    create_dat_files(Tail, LocalTabs);
         Storage =:= ram_copies; Storage =:= disc_copies ->
 	    Open = fun(T, LT) when T =:= LT#local_tab.name ->
-			   mnesia_log:open_log({?MODULE, T}, 
-					       mnesia_log:dcl_log_header(), 
+			   mnesia_log:open_log({?MODULE, T},
+					       mnesia_log:dcl_log_header(),
 					       TmpFile,
 					       false,
 					       false,
@@ -917,7 +917,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 			       true ->
 				   Log = mnesia_log:open_log(fallback_tab,
 							     mnesia_log:dcd_log_header(),
-							     DcdFile, 
+							     DcdFile,
 							     false),
 				   mnesia_log:close_log(Log),
 				   case LT#local_tab.opened of
@@ -926,7 +926,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 				       false ->
 					   Open(T,LT),
 					   Close(T,LT)
-				   end,				   
+				   end,
 				   case file:rename(TmpFile, DclFile) of
 				       ok ->
 					   ok;
@@ -959,7 +959,7 @@ create_dat_files([], _LocalTabs) ->
     ok.
 
 uninstall_fallback() ->
-    uninstall_fallback([{scope, global}]).    
+    uninstall_fallback([{scope, global}]).
 
 uninstall_fallback(Args) ->
     case check_fallback_args(Args, #fallback_args{}) of
@@ -969,7 +969,7 @@ uninstall_fallback(Args) ->
             {error, Reason}
     end.
 
-do_uninstall_fallback(FA) ->    
+do_uninstall_fallback(FA) ->
     %% Ensure that we access the intended Mnesia
     %% directory. This function may not be called
     %% during startup since it will cause the
@@ -1040,11 +1040,11 @@ do_uninstall(_ClientPid, [], GoodPids, BadNodes, BadRes) ->
 
 local_uninstall_fallback(Master, FA) ->
     %% Don't trap exit
-    
+
     register(mnesia_fallback, self()),        % May exit
     FA2 = check_fallback_dir(Master, FA), % May exit
     Master ! {self(), started},
-    
+
     receive
         {Master, do_uninstall} ->
             ?eval_debug_fun({?MODULE, uninstall_fallback2, pre_delete}, []),
@@ -1052,7 +1052,7 @@ local_uninstall_fallback(Master, FA) ->
             Tmp = FA2#fallback_args.fallback_tmp,
             Bup = FA2#fallback_args.fallback_bup,
             file:delete(Tmp),
-            Res = 
+            Res =
                 case fallback_exists(Bup) of
                     true -> file:delete(Bup);
                     false -> ok
@@ -1079,7 +1079,7 @@ rec_uninstall(ClientPid, [], Res) ->
     ClientPid ! {self(), Res},
     unlink(ClientPid),
     exit(normal).
-    
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Backup traversal
 
@@ -1130,7 +1130,7 @@ do_traverse_backup(ClientPid, Source, SourceMod, Target, TargetMod, Fun, Acc) ->
         if
             TargetMod =/= read_only ->
                 case catch do_apply(TargetMod, open_write, [Target], Target) of
-                    {error, Error} -> 
+                    {error, Error} ->
                         unlink(ClientPid),
                         ClientPid ! {iter_done, self(), {error, Error}},
                         exit(Error);
@@ -1140,15 +1140,15 @@ do_traverse_backup(ClientPid, Source, SourceMod, Target, TargetMod, Fun, Acc) ->
                 ignore
         end,
     A = {start, Fun, Acc, TargetMod, Iter},
-    Res = 
+    Res =
         case iterate(SourceMod, fun trav_apply/4, Source, A) of
             {ok, {iter, _, Acc2, _, Iter2}} when TargetMod =/= read_only ->
                 case catch do_apply(TargetMod, commit_write, [Iter2], Iter2) of
-                    {error, Reason} -> 
+                    {error, Reason} ->
                         {error, Reason};
-                    _ -> 
+                    _ ->
                         {ok, Acc2}
-                end;            
+                end;
             {ok, {iter, _, Acc2, _, _}} ->
                 {ok, Acc2};
             {error, Reason} when TargetMod =/= read_only->
diff --git a/lib/mnesia/src/mnesia_controller.erl b/lib/mnesia/src/mnesia_controller.erl
index 6a561394d5..d488a33d67 100644
--- a/lib/mnesia/src/mnesia_controller.erl
+++ b/lib/mnesia/src/mnesia_controller.erl
@@ -107,14 +107,14 @@
 
 -include("mnesia.hrl").
 
--define(SERVER_NAME, ?MODULE).  
+-define(SERVER_NAME, ?MODULE).
 
 -record(state, {supervisor,
 		schema_is_merged = false,
 		early_msgs = [],
-		loader_pid = [],     %% Was Pid is now [{Pid,Work}|..] 
+		loader_pid = [],     %% Was Pid is now [{Pid,Work}|..]
 		loader_queue,        %% Was list is now gb_tree
-		sender_pid = [],     %% Was a pid or undef is now [{Pid,Work}|..] 
+		sender_pid = [],     %% Was a pid or undef is now [{Pid,Work}|..]
 		sender_queue =  [],
 		late_loader_queue,   %% Was list is now gb_tree
 		dumper_pid,          %% Dumper or schema commit pid
@@ -124,12 +124,12 @@
 		is_stopping = false
 	       }).
 %% Backwards Comp. Sender_pid is now a list of senders..
-get_senders(#state{sender_pid = Pids}) when is_list(Pids) -> Pids.    
+get_senders(#state{sender_pid = Pids}) when is_list(Pids) -> Pids.
 %% Backwards Comp. loader_pid is now a list of loaders..
-get_loaders(#state{loader_pid = Pids}) when is_list(Pids) -> Pids.    
+get_loaders(#state{loader_pid = Pids}) when is_list(Pids) -> Pids.
 max_loaders() ->
     case ?catch_val(no_table_loaders) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    mnesia_lib:set(no_table_loaders,1),
 	    1;
 	Val -> Val
@@ -153,7 +153,7 @@ max_loaders() ->
 		     remote_storage
 		    }).
 
--record(disc_load, {table, 
+-record(disc_load, {table,
 		    reason,
 		    opt_reply_to
 		   }).
@@ -184,7 +184,7 @@ max_loaders() ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
 	Value -> Value
     end.
 
@@ -199,7 +199,7 @@ sync_dump_log(InitBy) ->
 
 async_dump_log(InitBy) ->
     ?SERVER_NAME ! {async_dump_log, InitBy}.
-    
+
 %% Wait for tables to be active
 %% If needed, we will wait for Mnesia to start
 %% If Mnesia stops, we will wait for Mnesia to restart
@@ -227,7 +227,7 @@ do_wait_for_tables(Tabs, Timeout) ->
 	    exit(Pid, timeout),
 	    reply_wait(Tabs)
     end.
-	
+
 reply_wait(Tabs) ->
     case catch mnesia_lib:active_tables() of
 	{'EXIT', _} ->
@@ -270,7 +270,7 @@ rec_tabs([Tab | Tabs], AllTabs, From, Init) ->
 	    %% This will trigger an exit signal
 	    %% to mnesia_init
 	    exit(wait_for_tables_timeout);
-	
+
 	{'EXIT', Init, _} ->
 	    %% Oops, mnesia_init stopped,
 	    exit(mnesia_stopped)
@@ -279,11 +279,8 @@ rec_tabs([], _, _, Init) ->
     unlink(Init),
     ok.
 
-%% New function that does exactly what get_cstructs() used to do.
-%% When this function is called, we know that the calling node knows
-%% how to convert cstructs on the receiving end (should they differ).
 get_remote_cstructs() ->
-    call(get_cstructs).
+    get_cstructs().  %% Sigh not forward compatible always check version
 
 %% Old function kept for backwards compatibility; converts cstructs before sending.
 get_cstructs() ->
@@ -319,7 +316,7 @@ get_network_copy(Tab, Cs) ->
 %   We can't let the controller queue this one
 %   because that may cause a deadlock between schema_operations
 %   and initial tableloadings which both takes schema locks.
-%   But we have to get copier_done msgs when the other side 
+%   But we have to get copier_done msgs when the other side
 %   goes down.
     call({add_other, self()}),
     Reason = {dumper,add_table_copy},
@@ -341,14 +338,14 @@ get_network_copy(Tab, Cs) ->
  		    ignore
  	    end,
  	    Res#loader_done.reply;
- 	#loader_done{} -> 
+	#loader_done{} ->
  	    Res#loader_done.reply;
  	Else ->
  	    {not_loaded, Else}
     end.
 
 %% This functions is invoked from the dumper
-%% 
+%%
 %% There are two cases here:
 %% startup ->
 %%   no need for sync, since mnesia_controller not started yet
@@ -380,11 +377,11 @@ force_load_table(Tab) when is_atom(Tab), Tab /= schema ->
     end;
 force_load_table(Tab) ->
     {error, {bad_type, Tab}}.
-    
+
 do_force_load_table(Tab) ->
     Loaded = ?catch_val({Tab, load_reason}),
     case Loaded of
-	unknown -> 
+	unknown ->
 	    set({Tab, load_by_force}, true),
 	    mnesia_late_loader:async_late_disc_load(node(), [Tab], forced_by_user),
 	    wait_for_tables([Tab], infinity);
@@ -394,7 +391,7 @@ do_force_load_table(Tab) ->
 	    wait_for_tables([Tab], infinity);
 	_ ->
 	    ok
-    end.    
+    end.
 master_nodes_updated(schema, _Masters) ->
     ignore;
 master_nodes_updated(Tab, Masters) ->
@@ -438,15 +435,15 @@ connect_nodes(Ns) ->
     connect_nodes(Ns, fun default_merge/1).
 
 connect_nodes(Ns, UserFun) ->
-    case mnesia:system_info(is_running) of 
+    case mnesia:system_info(is_running) of
 	no ->
 	    {error, {node_not_running, node()}};
-	yes ->	  	   
+	yes ->
 	    Pid = spawn_link(?MODULE,connect_nodes2,[self(),Ns, UserFun]),
-	    receive 
-		{?MODULE, Pid, Res, New} -> 
+	    receive
+		{?MODULE, Pid, Res, New} ->
 		    case Res of
-			ok -> 
+			ok ->
 			    mnesia_lib:add_list(extra_db_nodes, New),
 			    {ok, New};
 			{aborted, {throw, Str}} when is_list(Str) ->
@@ -454,8 +451,8 @@ connect_nodes(Ns, UserFun) ->
 			    {error, {merge_schema_failed, lists:flatten(Str)}};
 			Else ->
 			    {error, Else}
-		    end;	    
-		{'EXIT', Pid, Reason} -> 
+		    end;
+		{'EXIT', Pid, Reason} ->
 		    {error, Reason}
 	    end
     end.
@@ -466,16 +463,16 @@ connect_nodes2(Father, Ns, UserFun) ->
     {NewC, OldC} = mnesia_recover:connect_nodes(Ns),
     Connected = NewC ++OldC,
     New1 = mnesia_lib:intersect(Ns, Connected),
-    New = New1 -- Current,    
+    New = New1 -- Current,
     process_flag(trap_exit, true),
     Res = try_merge_schema(New, [], UserFun),
     Msg = {schema_is_merged, [], late_merge, []},
     multicall([node()|Ns], Msg),
-    After = val({current, db_nodes}),    
+    After = val({current, db_nodes}),
     Father ! {?MODULE, self(), Res, mnesia_lib:intersect(Ns,After)},
     unlink(Father),
     ok.
-    
+
 %% Merge the local schema with the schema on other nodes.
 %% But first we must let all processes that want to force
 %% load tables wait until the schema merge is done.
@@ -483,7 +480,7 @@ connect_nodes2(Father, Ns, UserFun) ->
 merge_schema() ->
     AllNodes = mnesia_lib:all_nodes(),
     case try_merge_schema(AllNodes, [node()], fun default_merge/1) of
-	ok -> 
+	ok ->
 	    schema_is_merged();
 	{aborted, {throw, Str}} when is_list(Str) ->
 	    fatal("Failed to merge schema: ~s~n", [Str]);
@@ -535,7 +532,7 @@ im_running(OldFriends, NewFriends) ->
 schema_is_merged() ->
     MsgTag = schema_is_merged,
     SafeLoads = initial_safe_loads(),
-    
+
     %% At this point we do not know anything about
     %% which tables that the other nodes already
     %% has loaded and therefore we let the normal
@@ -545,7 +542,7 @@ schema_is_merged() ->
     %% that all nodes tells each other directly
     %% when they have loaded a table and are
     %% willing to share it.
-    
+
     try_schedule_late_disc_load(SafeLoads, initial, MsgTag).
 
 
@@ -589,7 +586,7 @@ remote_call(Node, Func, Args) ->
 	Else ->
 	    Else
     end.
-    
+
 multicall(Nodes, Msg) ->
     {Good, Bad} = gen_server:multi_call(Nodes, ?MODULE, Msg, infinity),
     PatchedGood = [Reply || {_Node, Reply} <- Good],
@@ -621,9 +618,9 @@ init([Parent]) ->
     Msg = {async_dump_log, time_threshold},
     {ok, Ref} = timer:send_interval(Interval, Msg),
     mnesia_dumper:start_regulator(),
-    
+
     Empty = gb_trees:empty(),
-    {ok, #state{supervisor = Parent, dump_log_timer_ref = Ref, 
+    {ok, #state{supervisor = Parent, dump_log_timer_ref = Ref,
 		loader_queue = Empty,
 		late_loader_queue = Empty}}.
 
@@ -656,17 +653,17 @@ handle_call(block_controller, From, State) ->
 
 handle_call({update,Fun}, From, State) ->
     Res = (catch Fun()),
-    reply(From, Res), 
+    reply(From, Res),
     noreply(State);
 
 handle_call(get_cstructs, From, State) ->
     Tabs = val({schema, tables}),
     Cstructs = [val({T, cstruct}) || T <- Tabs],
     Running = val({current, db_nodes}),
-    reply(From, {cstructs, Cstructs, Running}), 
+    reply(From, {cstructs, Cstructs, Running}),
     noreply(State);
 
-handle_call({schema_is_merged, [], late_merge, []}, From, 
+handle_call({schema_is_merged, [], late_merge, []}, From,
 	    State = #state{schema_is_merged = Merged}) ->
     case Merged of
 	{false, Node} when Node == node(From) ->
@@ -697,8 +694,8 @@ handle_call(disc_load_intents,From,State = #state{loader_queue=LQ,late_loader_qu
 
 handle_call({update_where_to_write, [add, Tab, AddNode], _From}, _Dummy, State) ->
     Current = val({current, db_nodes}),
-    Res = 
-	case lists:member(AddNode, Current) and 
+    Res =
+	case lists:member(AddNode, Current) and
 	    (State#state.schema_is_merged == true) of
 	    true ->
 		mnesia_lib:add_lsort({Tab, where_to_write}, AddNode),
@@ -732,7 +729,7 @@ handle_call({add_active_replica, [Tab, ToNode, RemoteS, AccessMode], From},
 	    noreply(State#state{early_msgs = [{call, Msg, undefined} | Msgs]})
     end;
 
-handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->    
+handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->
     KnownNode = lists:member(node(From), val({current, db_nodes})),
     Merged = State#state.schema_is_merged,
     if
@@ -752,16 +749,16 @@ handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->
     end;
 
 handle_call({net_load, Tab, Cs}, From, State) ->
-    State2 = 
+    State2 =
 	case State#state.schema_is_merged of
-	    true -> 	    
+	    true ->
 		Worker = #net_load{table = Tab,
 				   opt_reply_to = From,
 				   reason = {dumper,add_table_copy},
 				   cstruct = Cs
 				  },
 		add_worker(Worker, State);
-	    false -> 
+	    false ->
 		reply(From, {not_loaded, schema_not_merged}),
 		State
 	end,
@@ -804,16 +801,16 @@ handle_call({add_other, Who}, _From, State = #state{others=Others0}) ->
 handle_call({del_other, Who}, _From, State = #state{others=Others0}) ->
     Others = lists:delete(Who, Others0),
     {reply, ok, State#state{others=Others}};
-	    
+
 handle_call(Msg, _From, State) ->
     error("~p got unexpected call: ~p~n", [?SERVER_NAME, Msg]),
     noreply(State).
 
-late_disc_load(TabsR, Reason, RemoteLoaders, From, 
+late_disc_load(TabsR, Reason, RemoteLoaders, From,
 	       State = #state{loader_queue = LQ, late_loader_queue = LLQ}) ->
     verbose("Intend to load tables: ~p~n", [TabsR]),
     ?eval_debug_fun({?MODULE, late_disc_load},
-		    [{tabs, TabsR}, 
+		    [{tabs, TabsR},
 		     {reason, Reason},
 		     {loaders, RemoteLoaders}]),
 
@@ -822,14 +819,14 @@ late_disc_load(TabsR, Reason, RemoteLoaders, From,
 
     %% Remove deleted tabs and queued/loaded
     LocalTabs = gb_sets:from_ordset(lists:sort(mnesia_lib:val({schema,local_tables}))),
-    Filter = fun(TabInfo0, Acc) -> 
-		     TabInfo = {Tab,_} = 
-			 case TabInfo0 of 
+    Filter = fun(TabInfo0, Acc) ->
+		     TabInfo = {Tab,_} =
+			 case TabInfo0 of
 			     {_,_} -> TabInfo0;
 			     TabN -> {TabN,Reason}
 			 end,
 		     case gb_sets:is_member(Tab, LocalTabs) of
-			 true -> 
+			 true ->
 			     case ?catch_val({Tab, where_to_read}) == node() of
 				 true -> Acc;
 				 false ->
@@ -841,12 +838,12 @@ late_disc_load(TabsR, Reason, RemoteLoaders, From,
 			 false -> Acc
 		     end
 	     end,
-    
+
     Tabs = lists:foldl(Filter, [], TabsR),
-    
+
     Nodes = val({current, db_nodes}),
     LateQueue = late_loaders(Tabs, RemoteLoaders, Nodes, LLQ),
-    State#state{late_loader_queue = LateQueue}. 
+    State#state{late_loader_queue = LateQueue}.
 
 late_loaders([{Tab, Reason} | Tabs], RemoteLoaders, Nodes, LLQ) ->
     case gb_trees:is_defined(Tab, LLQ) of
@@ -859,7 +856,7 @@ late_loaders([{Tab, Reason} | Tabs], RemoteLoaders, Nodes, LLQ) ->
 	    LateLoad = #late_load{table=Tab,loaders=LoadNodes,reason=Reason},
 	    late_loaders(Tabs, RemoteLoaders, Nodes, gb_trees:insert(Tab,LateLoad,LLQ));
 	true ->
-	    late_loaders(Tabs, RemoteLoaders, Nodes, LLQ)	     
+	    late_loaders(Tabs, RemoteLoaders, Nodes, LLQ)
     end;
 late_loaders([], _RemoteLoaders, _Nodes, LLQ) ->
     LLQ.
@@ -899,7 +896,7 @@ late_load_filter([RL | RemoteLoaders], Tab, Nodes, Acc) ->
     end;
 late_load_filter([], _Tab, _Nodes, Acc) ->
     Acc.
-    
+
 %%----------------------------------------------------------------------
 %% Func: handle_cast/2
 %% Returns: {noreply, State}          |
@@ -911,7 +908,7 @@ handle_cast({release_schema_commit_lock, _Owner}, State) ->
     if
 	State#state.is_stopping == true ->
 	    {stop, shutdown, State};
-	true -> 
+	true ->
 	    case State#state.dumper_queue of
 		[#schema_commit_lock{}|Rest] ->
 		    [_Worker | Rest] = State#state.dumper_queue,
@@ -932,7 +929,7 @@ handle_cast(unblock_controller, State) ->
 	    [_Worker | Rest] = State#state.dumper_queue,
 	    State2 = State#state{dumper_pid = undefined,
 				 dumper_queue = Rest},
-	    State3 = opt_start_worker(State2),	    
+	    State3 = opt_start_worker(State2),
 	    noreply(State3)
     end;
 
@@ -948,31 +945,31 @@ handle_cast({mnesia_down, Node}, State) ->
 
     %% Fix if we are late_merging against the node that went down
     case State#state.schema_is_merged of
-	{false, Node} -> 
+	{false, Node} ->
 	    spawn(?MODULE, call, [{schema_is_merged, [], late_merge, []}]);
 	_ ->
 	    ignore
     end,
-    
+
     %% Fix internal stuff
     LateQ = remove_loaders(Alltabs, Node, State#state.late_loader_queue),
-    
+
     case get_senders(State) ++ get_loaders(State) of
 	[] -> ignore;
-	Senders -> 
+	Senders ->
 	    lists:foreach(fun({Pid,_}) -> Pid ! {copier_done, Node} end,
 			  Senders)
     end,
-    lists:foreach(fun(Pid) -> Pid ! {copier_done,Node} end, 
+    lists:foreach(fun(Pid) -> Pid ! {copier_done,Node} end,
 		  State#state.others),
-    
+
     Remove = fun(ST) ->
 		     node(ST#send_table.receiver_pid) /= Node
 	     end,
     NewSenders = lists:filter(Remove, State#state.sender_queue),
     Early = remove_early_messages(State#state.early_msgs, Node),
-    noreply(State#state{sender_queue = NewSenders, 
-			early_msgs = Early, 
+    noreply(State#state{sender_queue = NewSenders,
+			early_msgs = Early,
 			late_loader_queue = LateQ
 		       });
 
@@ -981,8 +978,8 @@ handle_cast({merging_schema, Node}, State) ->
 	false ->
 	    %% This comes from dynamic connect_nodes which are made
 	    %% after mnesia:start() and the schema_merge.
-	    ImANewKidInTheBlock = 
-		(val({schema, storage_type}) == ram_copies) 
+	    ImANewKidInTheBlock =
+		(val({schema, storage_type}) == ram_copies)
 		andalso (mnesia_lib:val({schema, local_tables}) == [schema]),
 	    case ImANewKidInTheBlock of
 		true ->  %% I'm newly started ram_node..
@@ -1000,7 +997,7 @@ handle_cast(Msg, State) when State#state.schema_is_merged /= true ->
     noreply(State#state{early_msgs = [{cast, Msg} | Msgs]});
 
 %% This must be done after schema_is_merged otherwise adopt_orphan
-%% might trigger a table load from wrong nodes as a result of that we don't 
+%% might trigger a table load from wrong nodes as a result of that we don't
 %% know which tables we can load safly first.
 handle_cast({im_running, Node, NewFriends}, State) ->
     LocalTabs = mnesia_lib:local_active_tables() -- [schema],
@@ -1027,7 +1024,7 @@ handle_cast({sync_tabs, Tabs, From}, State) ->
 
 handle_cast({i_have_tab, Tab, Node}, State) ->
     case lists:member(Node, val({current, db_nodes})) of
-	true -> 
+	true ->
 	    State2 = node_has_tabs([Tab], Node, State),
 	    noreply(State2);
 	false ->
@@ -1043,10 +1040,10 @@ handle_cast({force_load_updated, Tab}, State) ->
 	    State2 = node_has_tabs([Tab], SomeNode, State),
 	    noreply(State2)
     end;
-    
+
 handle_cast({master_nodes_updated, Tab, Masters}, State) ->
     Active = val({Tab, active_replicas}),
-    Valid = 
+    Valid =
 	case val({Tab, load_by_force}) of
 	    true ->
 		Active;
@@ -1066,10 +1063,10 @@ handle_cast({master_nodes_updated, Tab, Masters}, State) ->
 	    State2 = node_has_tabs([Tab], SomeNode, State),
 	    noreply(State2)
     end;
-    
+
 handle_cast({adopt_orphans, Node, Tabs}, State) ->
     State2 = node_has_tabs(Tabs, Node, State),
-    
+
     case ?catch_val({node_up,Node}) of
 	true -> ignore;
 	_ ->
@@ -1101,7 +1098,7 @@ handle_cast(Msg, State) ->
     error("~p got unexpected cast: ~p~n", [?SERVER_NAME, Msg]),
     noreply(State).
 
-handle_sync_tabs([Tab | Tabs], From) ->    
+handle_sync_tabs([Tab | Tabs], From) ->
     case val({Tab, where_to_read}) of
 	nowhere ->
 	    case get({sync_tab, Tab}) of
@@ -1145,7 +1142,7 @@ handle_info(#dumper_done{worker_pid=Pid, worker_res=Res}, State) ->
 	    {stop, fatal, State}
     end;
 
-handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->    
+handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
     LateQueue0 = State0#state.late_loader_queue,
     State1 = State0#state{loader_pid = lists:keydelete(WPid,1,get_loaders(State0))},
 
@@ -1153,7 +1150,7 @@ handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
 	case Done#loader_done.is_loaded of
 	    true ->
 		%% Optional table announcement
-		if 
+		if
 		    Done#loader_done.needs_announce == true,
 		    Done#loader_done.needs_reply == true ->
 			i_have_tab(Tab),
@@ -1187,7 +1184,7 @@ handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
 		State1#state{late_loader_queue=gb_trees:delete_any(Tab, LateQueue0)};
 	    false ->
 		%% Either the node went down or table was not
-		%% loaded remotly yet 
+		%% loaded remotly yet
 		case Done#loader_done.needs_reply of
 		    true ->
 			reply(Done#loader_done.reply_to,
@@ -1210,7 +1207,7 @@ handle_info(#sender_done{worker_pid=Pid, worker_res=Res}, State)  ->
     Senders = get_senders(State),
     {value, {Pid,_Worker}} = lists:keysearch(Pid, 1, Senders),
     if
-	Res == ok ->	    
+	Res == ok ->
 	    State2 = State#state{sender_pid = lists:keydelete(Pid, 1, Senders)},
 	    State3 = opt_start_worker(State2),
 	    noreply(State3);
@@ -1252,7 +1249,7 @@ handle_info(Msg = {'EXIT', Pid, R}, State) when R /= wait_for_tables_timeout ->
 	    {stop, fatal, State};
 	false ->
 	    case lists:keymember(Pid, 1, get_loaders(State)) of
-		true -> 
+		true ->
 		    fatal("Loader crashed: ~p~n state: ~p~n", [R, State]),
 		    {stop, fatal, State};
 		false ->
@@ -1338,7 +1335,7 @@ code_change(_OldVsn, State0, _Extra) ->
     State1 = case State0#state.loader_pid of
 		 Pids when is_list(Pids) -> State0;
 		 undefined -> State0#state{loader_pid = [],loader_queue=gb_trees:empty()};
-		 Pid when is_pid(Pid) -> 
+		 Pid when is_pid(Pid) ->
 		     [Loader|Rest] = State0#state.loader_queue,
 		     LQ0 = [{element(2,Rec),Rec} || Rec <- Rest],
 		     LQ1 = lists:sort(LQ0),
@@ -1346,7 +1343,7 @@ code_change(_OldVsn, State0, _Extra) ->
 		     State0#state{loader_pid=[{Pid,Loader}], loader_queue=LQ}
 	     end,
     %% LateLoaderQueue
-    State = if is_list(State1#state.late_loader_queue) -> 
+    State = if is_list(State1#state.late_loader_queue) ->
 		    LLQ0 = State1#state.late_loader_queue,
 		    LLQ1 = lists:sort([{element(2,Rec),Rec} || Rec <- LLQ0]),
 		    LLQ  = gb_trees:from_orddict(LLQ1),
@@ -1355,7 +1352,7 @@ code_change(_OldVsn, State0, _Extra) ->
 		    State1
 	    end,
     {ok, State}.
- 
+
 %%%----------------------------------------------------------------------
 %%% Internal functions
 %%%----------------------------------------------------------------------
@@ -1365,20 +1362,20 @@ maybe_log_mnesia_down(N) ->
     %% so if we are not running (i.e haven't decided which tables
     %% to load locally), don't log mnesia_down yet.
     case mnesia_lib:is_running() of
-	yes -> 
+	yes ->
 	    verbose("Logging mnesia_down ~w~n", [N]),
 	    mnesia_recover:log_mnesia_down(N),
 	    ok;
-	_ ->	    	    
+	_ ->
 	    Filter = fun(Tab) ->
 			     inactive_copy_holders(Tab, N)
 		     end,
 	    HalfLoadedTabs = lists:any(Filter, val({schema, local_tables}) -- [schema]),
-	    if 
+	    if
 		HalfLoadedTabs == true ->
 		    verbose("Logging mnesia_down ~w~n", [N]),
 		    mnesia_recover:log_mnesia_down(N),
-		    ok;		
+		    ok;
 		true ->
 		    %% Unfortunately we have not loaded some common
 		    %% tables yet, so we cannot rely on the nodedown
@@ -1407,7 +1404,7 @@ orphan_tables([Tab | Tabs], Node, Ns, Local, Remote) ->
     BeingCreated = (?catch_val({Tab, create_table}) == true),
     Read = val({Tab, where_to_read}),
     case lists:member(Node, DiscCopyHolders) of
-	_ when BeingCreated == true -> 
+	_ when BeingCreated == true ->
 	    orphan_tables(Tabs, Node, Ns, Local, Remote);
 	_ when Read == node() -> %% Allready loaded
 	    orphan_tables(Tabs, Node, Ns, Local, Remote);
@@ -1445,13 +1442,13 @@ orphan_tables([], _, _, LocalOrphans, RemoteMasters) ->
     {LocalOrphans, RemoteMasters}.
 
 node_has_tabs([Tab | Tabs], Node, State) when Node /= node() ->
-    State2 = 
+    State2 =
 	case catch update_whereabouts(Tab, Node, State) of
 	    State1 = #state{} -> State1;
 	    {'EXIT', R} ->  %% Tab was just deleted?
 		case ?catch_val({Tab, cstruct}) of
 		    {'EXIT', _} -> State; % yes
-		    _ ->  erlang:error(R) 
+		    _ ->  erlang:error(R)
 		end
 	end,
     node_has_tabs(Tabs, Node, State2);
@@ -1477,14 +1474,14 @@ update_whereabouts(Tab, Node, State) ->
 	    true ->
 		lists:member(Node, Masters)
 	end,
-    
+
     dbg_out("Table ~w is loaded on ~w. s=~w, r=~w, lc=~w, f=~w, m=~w~n",
 	    [Tab, Node, Storage, Read, LocalC, ByForce, GoGetIt]),
     if
 	LocalC == true ->
 	    %% Local contents, don't care about other node
 	    State;
-	BeingCreated == true ->	    
+	BeingCreated == true ->
 	    %% The table is currently being created
 	    %% It will be handled elsewhere
 	    State;
@@ -1501,8 +1498,8 @@ update_whereabouts(Tab, Node, State) ->
 		    State
 	    end;
 	Storage == unknown ->
-	    %% No own copy, continue to read remotely	    
-	    add_active_replica(Tab, Node),	    
+	    %% No own copy, continue to read remotely
+	    add_active_replica(Tab, Node),
 	    NodeST = mnesia_lib:storage_type_at_node(Node, Tab),
 	    ReadST = mnesia_lib:storage_type_at_node(Read, Tab),
 	    if   %% Avoid reading from disc_only_copies
@@ -1542,16 +1539,16 @@ initial_safe_loads() ->
 	    Tabs = val({schema, local_tables}) -- [schema],
 	    LastC = fun(T) -> last_consistent_replica(T, Downs) end,
 	    lists:zf(LastC, Tabs);
-	
+
 	disc_copies ->
 	    Downs = mnesia_recover:get_mnesia_downs(),
 	    dbg_out("mnesia_downs = ~p~n", [Downs]),
-		
+
 	    Tabs = val({schema, local_tables}) -- [schema],
 	    LastC = fun(T) -> last_consistent_replica(T, Downs) end,
 	    lists:zf(LastC, Tabs)
     end.
-    
+
 last_consistent_replica(Tab, Downs) ->
     Cs = val({Tab, cstruct}),
     Storage = mnesia_lib:cs_to_storage_type(node(), Cs),
@@ -1628,7 +1625,7 @@ remove_early_messages([], _Node) ->
     [];
 remove_early_messages([{call, {add_active_replica, [_, Node, _, _], _}, _}|R], Node) ->
     remove_early_messages(R, Node); %% Does a reply before queuing
-remove_early_messages([{call, {block_table, _, From}, ReplyTo}|R], Node) 
+remove_early_messages([{call, {block_table, _, From}, ReplyTo}|R], Node)
   when node(From) == Node ->
     reply(ReplyTo, ok),  %% Remove gen:server waits..
     remove_early_messages(R, Node);
@@ -1682,9 +1679,9 @@ is_tab_blocked(W2C) when is_list(W2C) ->
 is_tab_blocked({blocked, W2C}) when is_list(W2C) ->
     {true, W2C}.
 
-mark_blocked_tab(true, Value) -> 
+mark_blocked_tab(true, Value) ->
     {blocked, Value};
-mark_blocked_tab(false, Value) -> 
+mark_blocked_tab(false, Value) ->
     Value.
 
 %%
@@ -1717,7 +1714,7 @@ del_active_replica(Tab, Node) ->
     update_where_to_wlock(Tab).
 
 change_table_access_mode(Cs) ->
-    W = fun() -> 
+    W = fun() ->
 		Tab = Cs#cstruct.name,
 		lists:foreach(fun(N) -> add_active_replica(Tab, N, Cs) end,
 			      val({Tab, active_replicas}))
@@ -1746,7 +1743,7 @@ update_where_to_wlock(Tab) ->
 unannounce_add_table_copy(Tab, To) ->
     catch del_active_replica(Tab, To),
     case catch val({Tab , where_to_read}) of
-	To -> 
+	To ->
 	    mnesia_lib:set_remote_where_to_read(Tab);
 	_ ->
 	    ignore
@@ -1759,7 +1756,7 @@ user_sync_tab(Tab) ->
 	_ ->
 	    ignore
     end,
-	
+
     case erase({sync_tab, Tab}) of
 	undefined ->
 	    ok;
@@ -1778,11 +1775,11 @@ i_have_tab(Tab) ->
 
 sync_and_block_table_whereabouts(Tab, ToNode, RemoteS, AccessMode) when Tab /= schema ->
     Current = val({current, db_nodes}),
-    Ns = 
+    Ns =
 	case lists:member(ToNode, Current) of
 	    true -> Current -- [ToNode];
 	    false -> Current
-	end,   
+	end,
     remote_call(ToNode, block_table, [Tab]),
     [remote_call(Node, add_active_replica, [Tab, ToNode, RemoteS, AccessMode]) ||
 	Node <- [ToNode | Ns]],
@@ -1827,7 +1824,7 @@ get_workers(Timeout) ->
 		    {timeout, Timeout}
 	    end
     end.
-    
+
 info() ->
     Tabs = mnesia_lib:local_active_tables(),
     io:format( "---> Active tables <--- ~n", []),
@@ -1836,12 +1833,12 @@ info() ->
 info([Tab | Tail]) ->
     case val({Tab, storage_type}) of
 	disc_only_copies ->
-	    info_format(Tab, 
-			dets:info(Tab, size), 
+	    info_format(Tab,
+			dets:info(Tab, size),
 			dets:info(Tab, file_size),
 			"bytes on disc");
 	_ ->
-	    info_format(Tab, 
+	    info_format(Tab,
 			?ets_info(Tab, size),
 			?ets_info(Tab, memory),
 			"words of mem")
@@ -1881,7 +1878,7 @@ handle_early_msg({cast, Msg}, State) ->
     handle_cast(Msg, State);
 handle_early_msg({info, Msg}, State) ->
     handle_info(Msg, State).
-    
+
 noreply(State) ->
     {noreply, State}.
 
@@ -1929,7 +1926,7 @@ add_worker(Worker = #send_table{}, State) ->
 add_worker(Worker = #disc_load{}, State) ->
     opt_start_worker(add_loader(Worker#disc_load.table,Worker,State));
 % Block controller should be used for upgrading mnesia.
-add_worker(Worker = #block_controller{}, State) -> 
+add_worker(Worker = #block_controller{}, State) ->
     Queue = State#state.dumper_queue,
     Queue2 = [Worker | Queue],
     State2 = State#state{dumper_queue = Queue2},
@@ -1938,13 +1935,13 @@ add_worker(Worker = #block_controller{}, State) ->
 add_loader(Tab,Worker,State = #state{loader_queue=LQ0}) ->
     case gb_trees:is_defined(Tab, LQ0) of
 	true -> State;
-	false -> 
+	false ->
 	    LQ=gb_trees:insert(Tab, Worker, LQ0),
 	    State#state{loader_queue=LQ}
     end.
 
 %% Optionally start a worker
-%% 
+%%
 %% Dumpers and loaders may run simultaneously
 %% but neither of them may run during schema commit.
 %% Loaders may not start if a schema commit is enqueued.
@@ -1958,7 +1955,7 @@ opt_start_worker(State) ->
 	    %% Great, a worker in queue and neither
 	    %% a schema transaction is being
 	    %% committed and nor a dumper is running
-		    
+
 	    %% Start worker but keep him in the queue
 	    if
 		is_record(Worker, schema_commit_lock) ->
@@ -1966,7 +1963,7 @@ opt_start_worker(State) ->
 		    reply(ReplyTo, granted),
 		    {Owner, _Tag} = ReplyTo,
 		    opt_start_loader(State#state{dumper_pid = Owner});
-		
+
 		is_record(Worker, dump_log) ->
 		    Pid = spawn_link(?MODULE, dump_and_reply, [self(), Worker]),
 		    State2 = State#state{dumper_pid = Pid},
@@ -1976,7 +1973,7 @@ opt_start_worker(State) ->
 		    %% or sender
 		    State3 = opt_start_sender(State2),
 		    opt_start_loader(State3);
-		
+
 		is_record(Worker, block_controller) ->
 		    case {get_senders(State), get_loaders(State)} of
 			{[], []} ->
@@ -1989,7 +1986,7 @@ opt_start_worker(State) ->
 		    end
 	    end;
 	_ ->
-	    %% Bad luck, try with a loader or sender instead 
+	    %% Bad luck, try with a loader or sender instead
 	    State2 = opt_start_sender(State),
 	    opt_start_loader(State2)
     end.
@@ -1997,8 +1994,8 @@ opt_start_worker(State) ->
 opt_start_sender(State) ->
     case State#state.sender_queue of
 	[]->   State; 	    %% No need
-	SenderQ -> 
-	    {NewS,Kept} = opt_start_sender2(SenderQ, get_senders(State), 
+	SenderQ ->
+	    {NewS,Kept} = opt_start_sender2(SenderQ, get_senders(State),
 					    [], get_loaders(State)),
 	    State#state{sender_pid = NewS, sender_queue = Kept}
     end.
@@ -2007,11 +2004,11 @@ opt_start_sender2([], Pids,Kept, _) -> {Pids,Kept};
 opt_start_sender2([Sender|R], Pids, Kept, LoaderQ) ->
     Tab = Sender#send_table.table,
     Active = val({Tab, active_replicas}),
-    IgotIt = lists:member(node(), Active),    
-    IsLoading = lists:any(fun({_Pid,Loader}) -> 
+    IgotIt = lists:member(node(), Active),
+    IsLoading = lists:any(fun({_Pid,Loader}) ->
 				  Tab == element(#net_load.table, Loader)
 			  end, LoaderQ),
-    if 
+    if
 	IgotIt, IsLoading  ->
 	    %% I'm currently finishing loading the table let him wait
 	    opt_start_sender2(R,Pids, [Sender|Kept], LoaderQ);
@@ -2029,11 +2026,11 @@ opt_start_loader(State = #state{loader_queue = LoaderQ}) ->
     Current = get_loaders(State),
     Max = max_loaders(),
     case gb_trees:is_empty(LoaderQ) of
-	true -> 
+	true ->
 	    State;
-	_ when length(Current) >= Max -> 
+	_ when length(Current) >= Max ->
 	    State;
-	false -> 
+	false ->
 	    SchemaQueue = State#state.dumper_queue,
 	    case lists:keymember(schema_commit_lock, 1, SchemaQueue) of
 		false ->
@@ -2064,7 +2061,7 @@ already_loading(#disc_load{table=Tab},Loaders) ->
 
 already_loading2(Tab, [{_,#net_load{table=Tab}}|_]) -> true;
 already_loading2(Tab, [{_,#disc_load{table=Tab}}|_]) -> true;
-already_loading2(Tab, [_|Rest]) -> already_loading2(Tab,Rest);     
+already_loading2(Tab, [_|Rest]) -> already_loading2(Tab,Rest);
 already_loading2(_,[]) -> false.
 
 start_remote_sender(Node, Tab, Receiver, Storage) ->
@@ -2093,8 +2090,8 @@ send_and_reply(ReplyTo, Worker) ->
 
 load_and_reply(ReplyTo, Worker) ->
     Load = load_table_fun(Worker),
-    SendAndReply = 
-	fun() -> 
+    SendAndReply =
+	fun() ->
 		process_flag(trap_exit, true),
 		Done = Load(),
 		ReplyTo ! Done#loader_done{worker_pid = self()},
@@ -2161,7 +2158,7 @@ load_table_fun(#disc_load{table=Tab, reason=Reason, opt_reply_to=ReplyTo}) ->
 	ReadNode == nowhere ->
 	    %% Already loaded on other node, lets get it
 	    Cs = val({Tab, cstruct}),
-	    fun() -> 
+	    fun() ->
 		    case mnesia_loader:net_load_table(Tab, Reason, Active, Cs) of
 			{loaded, ok} ->
 			    Done#loader_done{needs_sync = true};
@@ -2204,10 +2201,10 @@ filter_active(Tab) ->
     Active  = val({Tab, active_replicas}),
     Masters = mnesia_recover:get_master_nodes(Tab),
     Ns = do_filter_active(ByForce, Active, Masters),
-    %% Reorder the so that we load from fastest first 
+    %% Reorder the so that we load from fastest first
     LS = ?catch_val({Tab, storage_type}),
     DOC = val({Tab, disc_only_copies}),
-    {Good,Worse} = 
+    {Good,Worse} =
 	case LS of
 	    disc_only_copies ->
 		G = mnesia_lib:intersect(Ns, DOC),
@@ -2218,7 +2215,7 @@ filter_active(Tab) ->
 	end,
     %% Pick a random node of the fastest
     Len = length(Good),
-    if 
+    if
 	Len > 0 ->
 	    R = erlang:phash(node(), Len+1),
 	    random(R-1,Good,Worse);
@@ -2237,5 +2234,5 @@ do_filter_active(false, Active, []) ->
     Active;
 do_filter_active(false, Active, Masters) ->
     mnesia_lib:intersect(Active, Masters).
-    
+
 
diff --git a/lib/mnesia/src/mnesia_dumper.erl b/lib/mnesia/src/mnesia_dumper.erl
index f8d7664156..e2a0aa3bda 100644
--- a/lib/mnesia/src/mnesia_dumper.erl
+++ b/lib/mnesia/src/mnesia_dumper.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -43,7 +43,7 @@
 
  %% Internal stuff
 -export([regulator_init/1]).
-	
+
 -include("mnesia.hrl").
 -include_lib("kernel/include/file.hrl").
 
@@ -70,14 +70,14 @@ incr_log_writes() ->
 
 adjust_log_writes(DoCast) ->
     Token = {mnesia_adjust_log_writes, self()},
-    case global:set_lock(Token, [node()], 1) of 
+    case global:set_lock(Token, [node()], 1) of
 	false ->
 	    ignore; %% Somebody else is sending a dump request
-	true -> 
-	    case DoCast of 
+	true ->
+	    case DoCast of
 		false ->
 		    ignore;
-		true -> 
+		true ->
 		    mnesia_controller:async_dump_log(write_threshold)
 	    end,
 	    Max = mnesia_monitor:get_env(dump_log_write_threshold),
@@ -93,16 +93,16 @@ adjust_log_writes(DoCast) ->
 opt_dump_log(InitBy) ->
     Reg = case whereis(?REGULATOR_NAME) of
 	      undefined ->
-		  nopid; 
+		  nopid;
 	      Pid when is_pid(Pid) ->
-		  Pid 
+		  Pid
 	  end,
     perform_dump(InitBy, Reg).
 
 %% Scan for decisions
 perform_dump(InitBy, Regulator) when InitBy == scan_decisions ->
     ?eval_debug_fun({?MODULE, perform_dump}, [InitBy]),
-    
+
     dbg_out("Transaction log dump initiated by ~w~n", [InitBy]),
     scan_decisions(mnesia_log:previous_log_file(), InitBy, Regulator),
     scan_decisions(mnesia_log:latest_log_file(), InitBy, Regulator);
@@ -112,8 +112,8 @@ perform_dump(InitBy, Regulator) ->
     ?eval_debug_fun({?MODULE, perform_dump}, [InitBy]),
     LogState = mnesia_log:prepare_log_dump(InitBy),
     dbg_out("Transaction log dump initiated by ~w: ~w~n",
-	    [InitBy, LogState]), 
-    adjust_log_writes(false),    
+	    [InitBy, LogState]),
+    adjust_log_writes(false),
     case LogState of
 	already_dumped ->
 	    mnesia_recover:allow_garb(),
@@ -142,7 +142,7 @@ perform_dump(InitBy, Regulator) ->
 			    mnesia_lib:important(Desc, Reason),
 			    %% Ignore rest of the log
 			    mnesia_log:confirm_log_dump(Diff);
-			false -> 
+			false ->
 			    fatal(Desc, Reason)
 		    end
 	    end;
@@ -189,9 +189,9 @@ do_perform_dump(Cont, InPlace, InitBy, Regulator, OldVersion) ->
 insert_recs([Rec | Recs], InPlace, InitBy, Regulator, LogV) ->
     regulate(Regulator),
     case insert_rec(Rec, InPlace, InitBy, LogV) of
- 	LogH when is_record(LogH, log_header) ->	    
+	LogH when is_record(LogH, log_header) ->
 	    insert_recs(Recs, InPlace, InitBy, Regulator, LogH#log_header.log_version);
-	_ -> 
+	_ ->
 	    insert_recs(Recs, InPlace, InitBy, Regulator, LogV)
     end;
 
@@ -199,7 +199,7 @@ insert_recs([], _InPlace, _InitBy, _Regulator, Version) ->
     Version.
 
 insert_rec(Rec, _InPlace, scan_decisions, _LogV) ->
-    if 
+    if
 	is_record(Rec, commit) ->
 	    ignore;
 	is_record(Rec, log_header) ->
@@ -227,7 +227,7 @@ insert_rec(H, _InPlace, _InitBy, _LogV) when is_record(H, log_header) ->
         H#log_header.log_kind /= trans_log ->
 	    exit({"Bad kind of transaction log", H});
 	H#log_header.log_version == CurrentVersion ->
-	    ok; 
+	    ok;
 	H#log_header.log_version == "4.2" ->
 	    ok;
 	H#log_header.log_version == "4.1" ->
@@ -247,8 +247,8 @@ do_insert_rec(Tid, Rec, InPlace, InitBy, LogV) ->
 	[] ->
 	    ignore;
 	SchemaOps ->
-	    case val({schema, storage_type}) of 
-		ram_copies -> 
+	    case val({schema, storage_type}) of
+		ram_copies ->
 		    insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy, LogV);
 	        Storage ->
 		    true = open_files(schema, Storage, InPlace, InitBy),
@@ -264,13 +264,13 @@ do_insert_rec(Tid, Rec, InPlace, InitBy, LogV) ->
 	_ ->
 	    ignore
     end.
-    
+
 
 update(_Tid, [], _DumperMode) ->
     dumped;
 update(Tid, SchemaOps, DumperMode) ->
     UseDir = mnesia_monitor:use_dir(),
-    Res = perform_update(Tid, SchemaOps, DumperMode, UseDir),    
+    Res = perform_update(Tid, SchemaOps, DumperMode, UseDir),
     mnesia_controller:release_schema_commit_lock(),
     Res.
 
@@ -279,23 +279,23 @@ perform_update(_Tid, _SchemaOps, mandatory, true) ->
     %% dumper perform needed updates
 
     InitBy = schema_update,
-    ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),    
+    ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),
     opt_dump_log(InitBy);
 perform_update(Tid, SchemaOps, _DumperMode, _UseDir) ->
     %% No need for a full transaction log dump.
     %% Ignore the log file and perform only perform
     %% the corresponding updates.
 
-    InitBy = fast_schema_update, 
+    InitBy = fast_schema_update,
     InPlace = mnesia_monitor:get_env(dump_log_update_in_place),
     ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),
-    case catch insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy, 
+    case catch insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy,
 			  mnesia_log:version()) of
 	{'EXIT', Reason} ->
 	    Error = {error, {"Schema update error", Reason}},
 	    close_files(InPlace, Error, InitBy),
             fatal("Schema update error ~p ~p", [Reason, SchemaOps]);
-	_ ->		    
+	_ ->
 	    ?eval_debug_fun({?MODULE, post_dump}, [InitBy]),
 	    close_files(InPlace, ok, InitBy),
 	    ok
@@ -318,7 +318,7 @@ insert_ops(Tid, Storage, [Op | Ops], InPlace, InitBy, Ver) when Ver < "4.3" ->
 disc_insert(_Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
     case open_files(Tab, Storage, InPlace, InitBy) of
 	true ->
-	    case Storage of 
+	    case Storage of
 		disc_copies when Tab /= schema ->
 		    mnesia_log:append({?MODULE,Tab}, {{Tab, Key}, Val, Op}),
 		    ok;
@@ -331,7 +331,7 @@ disc_insert(_Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
 
 %% To fix update_counter so that it behaves better.
 %% i.e. if nothing have changed in tab except update_counter
-%% trust that the value in the dets file is correct. 
+%% trust that the value in the dets file is correct.
 %% Otherwise we will get a double increment.
 %% This is perfect but update_counter is a dirty op.
 
@@ -353,12 +353,12 @@ dets_insert(Op,Tab,Key,Val) ->
 			_ when Incr < 0 ->
 			    Zero = {RecName, Key, 0},
 			    ok = dets:insert(Tab, Zero);
-			_ -> 
+			_ ->
 			    Init = {RecName, Key, Incr},
 			    ok = dets:insert(Tab, Init)
 		    end;
 		false ->  ok
-	    end;				    
+	    end;
 	delete_object ->
 	    dets_updated(Tab,Key),
 	    ok = dets:delete_object(Tab, Val);
@@ -366,17 +366,17 @@ dets_insert(Op,Tab,Key,Val) ->
 	    dets_cleared(Tab),
 	    ok = dets:delete_all_objects(Tab)
     end.
-	    
-dets_updated(Tab,Key) -> 
+
+dets_updated(Tab,Key) ->
     case get(mnesia_dumper_dets) of
-	undefined -> 
+	undefined ->
 	    Empty = gb_trees:empty(),
 	    Tree = gb_trees:insert(Tab, gb_sets:singleton(Key), Empty),
 	    put(mnesia_dumper_dets, Tree);
 	Tree ->
 	    case gb_trees:lookup(Tab,Tree) of
 		{value, cleared} -> ignore;
-		{value, Set} -> 
+		{value, Set} ->
 		    T = gb_trees:update(Tab, gb_sets:add(Key, Set), Tree),
 		    put(mnesia_dumper_dets, T);
 		none ->
@@ -398,14 +398,14 @@ dets_incr_counter(Tab,Key) ->
 
 dets_cleared(Tab) ->
     case get(mnesia_dumper_dets) of
-	undefined -> 
+	undefined ->
 	    Empty = gb_trees:empty(),
 	    Tree = gb_trees:insert(Tab, cleared, Empty),
 	    put(mnesia_dumper_dets, Tree);
 	Tree ->
 	    case gb_trees:lookup(Tab,Tree) of
 		{value, cleared} -> ignore;
-		_ -> 
+		_ ->
 		    T = gb_trees:enter(Tab, cleared, Tree),
 		    put(mnesia_dumper_dets, T)
 	    end
@@ -417,7 +417,7 @@ insert(Tid, Storage, Tab, Key, [Val | Tail], Op, InPlace, InitBy) ->
 
 insert(_Tid, _Storage, _Tab, _Key, [], _Op, _InPlace, _InitBy) ->
     ok;
-    
+
 insert(Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
     Item = {{Tab, Key}, Val, Op},
     case InitBy of
@@ -447,18 +447,18 @@ insert(Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
 disc_delete_table(Tab, Storage) ->
     case mnesia_monitor:use_dir() of
 	true ->
-	    if 		
-		Storage == disc_only_copies; Tab == schema ->  
+	    if
+		Storage == disc_only_copies; Tab == schema ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    Dat = mnesia_lib:tab2dat(Tab),
-		    file:delete(Dat);		
-		true -> 
+		    file:delete(Dat);
+		true ->
 		    DclFile = mnesia_lib:tab2dcl(Tab),
 		    case get({?MODULE,Tab}) of
 			{opened_dumper, dcl} ->
 			    del_opened_tab(Tab),
 			    mnesia_log:unsafe_close_log(Tab);
-			_ -> 
+			_ ->
 			    ok
 		    end,
 		    file:delete(DclFile),
@@ -490,7 +490,7 @@ insert_op(Tid, Storage, {{Tab, Key}, Val, Op}, InPlace, InitBy) ->
 insert_op(_Tid, schema_ops, _OP, _InPlace, Initby)
   when Initby /= startup,
        Initby /= fast_schema_update,
-       Initby /= schema_update -> 
+       Initby /= schema_update ->
     ignore;
 
 insert_op(Tid, _, {op, rec, Storage, Item}, InPlace, InitBy) ->
@@ -507,7 +507,7 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 	_ ->
 	    ignore
     end,
-    if  
+    if
 	N == node() ->
 	    Dmp  = mnesia_lib:tab2dmp(Tab),
 	    Dat  = mnesia_lib:tab2dat(Tab),
@@ -531,8 +531,8 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		    true = open_files(Tab, disc_only_copies, InPlace, InitBy),
 		    %% ram_delete_table must be done before init_indecies,
 		    %% it uses info which is reset in init_indecies,
-		    %% it doesn't matter, because init_indecies don't use 
-		    %% the ram replica of the table when creating the disc 
+		    %% it doesn't matter, because init_indecies don't use
+		    %% the ram replica of the table when creating the disc
 		    %% index; Could be improved :)
 		    mnesia_schema:ram_delete_table(Tab, FromS),
 		    PosList = Cs#cstruct.index,
@@ -540,17 +540,17 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		{disc_only_copies, ram_copies} ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    disc_delete_indecies(Tab, Cs, disc_only_copies),
-		    case InitBy of 
-			startup -> 
+		    case InitBy of
+			startup ->
 			    ignore;
-			_ -> 
+			_ ->
 			    mnesia_controller:get_disc_copy(Tab)
 		    end,
 		    disc_delete_table(Tab, disc_only_copies);
 		{disc_copies, disc_only_copies} ->
 		    ok = ensure_rename(Dmp, Dat),
 		    true = open_files(Tab, disc_only_copies, InPlace, InitBy),
-		    mnesia_schema:ram_delete_table(Tab, FromS), 
+		    mnesia_schema:ram_delete_table(Tab, FromS),
 		    PosList = Cs#cstruct.index,
 		    mnesia_index:init_indecies(Tab, disc_only_copies, PosList),
 		    file:delete(Dcl),
@@ -558,8 +558,8 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		{disc_only_copies, disc_copies} ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    disc_delete_indecies(Tab, Cs, disc_only_copies),
-		    case InitBy of 
-			startup -> 
+		    case InitBy of
+			startup ->
 			    ignore;
 			_ ->
 			    mnesia_log:ets2dcd(Tab),
@@ -576,7 +576,7 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 insert_op(Tid, _, {op, transform, _Fun, TabDef}, InPlace, InitBy) ->
     Cs = mnesia_schema:list2cs(TabDef),
     case mnesia_lib:cs_to_storage_type(node(), Cs) of
-	disc_copies -> 
+	disc_copies ->
 	    open_dcl(Cs#cstruct.name);
 	_ ->
 	    ignore
@@ -604,28 +604,34 @@ insert_op(Tid, _, {op, restore_recreate, TabDef}, InPlace, InitBy) ->
 		    mnesia_checkpoint:tm_del_copy(Tab, node())
 	    end
     end,
+    StorageProps = Cs#cstruct.storage_properties,
+    
     %% And create new ones..
     if
 	(InitBy == startup) or (Storage == unknown) ->
 	    ignore;
 	Storage == ram_copies ->
-	    Args = [{keypos, 2}, public, named_table, Type],
+	    EtsProps = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Type | EtsProps],
 	    mnesia_monitor:mktab(Tab, Args);
 	Storage == disc_copies ->
-	    Args = [{keypos, 2}, public, named_table, Type],
+	    EtsProps = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Type | EtsProps],
 	    mnesia_monitor:mktab(Tab, Args),
-	    File = mnesia_lib:tab2dcd(Tab),	    
-	    FArg = [{file, File}, {name, {mnesia,create}}, 
+	    File = mnesia_lib:tab2dcd(Tab),
+	    FArg = [{file, File}, {name, {mnesia,create}},
 		    {repair, false}, {mode, read_write}],
 	    {ok, Log} = mnesia_monitor:open_log(FArg),
 	    mnesia_monitor:unsafe_close_log(Log);
 	Storage == disc_only_copies ->
 	    File = mnesia_lib:tab2dat(Tab),
 	    file:delete(File),
+	    DetsProps = proplists:get_value(dets, StorageProps, []),
 	    Args = [{file, mnesia_lib:tab2dat(Tab)},
 		    {type, mnesia_lib:disk_type(Tab, Type)},
 		    {keypos, 2},
-		    {repair, mnesia_monitor:get_env(auto_repair)}],
+		    {repair, mnesia_monitor:get_env(auto_repair)} 
+		    | DetsProps ],
 	    mnesia_monitor:open_dets(Tab, Args)
     end,
     insert_op(Tid, ignore, {op, create_table, TabDef}, InPlace, InitBy);
@@ -635,6 +641,7 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
     insert_cstruct(Tid, Cs, false, InPlace, InitBy),
     Tab = Cs#cstruct.name,
     Storage = mnesia_lib:cs_to_storage_type(node(), Cs),
+    StorageProps = Cs#cstruct.storage_properties,
     case InitBy of
 	startup ->
 	    case Storage of
@@ -644,22 +651,25 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 		    ignore;
 		disc_copies ->
 		    Dcd = mnesia_lib:tab2dcd(Tab),
-		    case mnesia_lib:exists(Dcd) of  
+		    case mnesia_lib:exists(Dcd) of
 			true -> ignore;
 			false ->
-			    mnesia_log:open_log(temp, 
+			    mnesia_log:open_log(temp,
 						mnesia_log:dcd_log_header(),
-						Dcd, 
-						false, 
+						Dcd,
+						false,
 						false,
 						read_write),
 			    mnesia_log:unsafe_close_log(temp)
 		    end;
 		_ ->
+		    DetsProps = proplists:get_value(dets, StorageProps, []),
+
 		    Args = [{file, mnesia_lib:tab2dat(Tab)},
 			    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)},
 			    {keypos, 2},
-			    {repair, mnesia_monitor:get_env(auto_repair)}],
+			    {repair, mnesia_monitor:get_env(auto_repair)} 
+			    | DetsProps ],
 		    case mnesia_monitor:open_dets(Tab, Args) of
 			{ok, _} ->
 			    mnesia_monitor:unsafe_close_dets(Tab);
@@ -671,7 +681,7 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 	    Copies = mnesia_lib:copy_holders(Cs),
 	    Active = mnesia_lib:intersect(Copies, val({current, db_nodes})),
 	    [mnesia_controller:add_active_replica(Tab, N, Cs) || N <- Active],
-
+	    
 	    case Storage of
 		unknown ->
 		    mnesia_lib:unset({Tab, create_table}),
@@ -695,8 +705,8 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 			    %% Indecies are still created by loader
 			    disc_delete_indecies(Tab, Cs, Storage)
 			    %% disc_delete_table(Tab, Storage)
-		    end, 
-		    
+		    end,
+
 		    %% Update whereabouts and create table
 		    mnesia_controller:create_table(Tab),
 		    mnesia_lib:unset({Tab, create_table})
@@ -754,7 +764,7 @@ insert_op(Tid, _, {op, clear_table, TabDef}, InPlace, InitBy) ->
 	       true ->
 		    ignore
 	    end,
-	    %% Need to catch this, it crashes on ram_copies if 
+	    %% Need to catch this, it crashes on ram_copies if
 	    %% the op comes before table is loaded at startup.
 	    catch insert(Tid, Storage, Tab, '_', Oid, clear_table, InPlace, InitBy)
     end;
@@ -766,16 +776,16 @@ insert_op(Tid, _, {op, merge_schema, TabDef}, InPlace, InitBy) ->
 	    %% If we bootstrap an empty (diskless) mnesia from another node
 	    %% we might have changed the storage_type of schema.
 	    %% I think this is a good place to do it.
-	    Update = fun(NS = {Node,Storage}) -> 
+	    Update = fun(NS = {Node,Storage}) ->
 			     case mnesia_lib:cs_to_storage_type(Node, Cs) of
 				 Storage -> NS;
-				 disc_copies when Node == node() -> 
-				     Dir = mnesia_lib:dir(),    
+				 disc_copies when Node == node() ->
+				     Dir = mnesia_lib:dir(),
 				     ok = mnesia_schema:opt_create_dir(true, Dir),
 				     mnesia_schema:purge_dir(Dir, []),
 				     mnesia_log:purge_all_logs(),
 
-				     mnesia_lib:set(use_dir, true),	     
+				     mnesia_lib:set(use_dir, true),
 				     mnesia_log:init(),
 				     Ns = val({current, db_nodes}),
 				     F = fun(U) -> mnesia_recover:log_mnesia_up(U) end,
@@ -783,11 +793,11 @@ insert_op(Tid, _, {op, merge_schema, TabDef}, InPlace, InitBy) ->
 				     raw_named_dump_table(schema, dat),
 				     temp_set_master_nodes(),
 				     {Node,disc_copies};
-				 CSstorage -> 
+				 CSstorage ->
 				     {Node,CSstorage}
 			     end
 		     end,
-	    
+
 	    W2C0 = val({schema, where_to_commit}),
 	    W2C = case W2C0 of
 		      {blocked, List} ->
@@ -854,9 +864,9 @@ insert_op(Tid, _, {op, del_snmp, TabDef}, InPlace, InitBy) ->
 	InitBy /= startup,
 	Storage /= unknown ->
 	    case ?catch_val({Tab, {index, snmp}}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    ignore;
-		Stab -> 
+		Stab ->
 		    mnesia_snmp_hook:delete_table(Tab, Stab),
 		    mnesia_lib:unset({Tab, {index, snmp}})
 	    end;
@@ -874,7 +884,7 @@ insert_op(Tid, _, {op, add_index, Pos, TabDef}, InPlace, InitBy) ->
 	    true = open_files(Tab, Storage, InPlace, InitBy),
 	    mnesia_index:init_indecies(Tab, Storage, [Pos]);
 	startup ->
-	    ignore; 
+	    ignore;
 	_  ->
 	    case val({Tab,where_to_read}) of
 		nowhere -> ignore;
@@ -890,7 +900,7 @@ insert_op(Tid, _, {op, del_index, Pos, TabDef}, InPlace, InitBy) ->
     case InitBy of
 	startup when Storage == disc_only_copies ->
 	    mnesia_index:del_index_table(Tab, Storage, Pos);
-	startup -> 
+	startup ->
 	    ignore;
 	_ ->
 	    mnesia_index:del_index_table(Tab, Storage, Pos)
@@ -939,16 +949,19 @@ open_files(Tab, Storage, UpdateInPlace, InitBy)
 		{'EXIT', _} ->
 		    false;
 		Type ->
-		    case Storage of 
+		    case Storage of
 			disc_copies when Tab /= schema ->
 			    Bool = open_disc_copies(Tab, InitBy),
 			    Bool;
 			_ ->
+			    Props = val({Tab, storage_properties}),
+			    DetsProps = proplists:get_value(dets, Props, []),
 			    Fname = prepare_open(Tab, UpdateInPlace),
 			    Args = [{file, Fname},
 				    {keypos, 2},
 				    {repair, mnesia_monitor:get_env(auto_repair)},
-				    {type, mnesia_lib:disk_type(Tab, Type)}],
+				    {type, mnesia_lib:disk_type(Tab, Type)} 
+				    | DetsProps],
 			    {ok, _} = mnesia_monitor:open_dets(Tab, Args),
 			    put({?MODULE, Tab}, {opened_dumper, dat}),
 			    true
@@ -964,7 +977,7 @@ open_files(_Tab, _Storage, _UpdateInPlace, _InitBy) ->
 
 open_disc_copies(Tab, InitBy) ->
     DclF = mnesia_lib:tab2dcl(Tab),
-    DumpEts = 
+    DumpEts =
 	case file:read_file_info(DclF) of
 	    {error, enoent} ->
 		false;
@@ -975,7 +988,7 @@ open_disc_copies(Tab, InitBy) ->
 			mnesia_lib:dbg_out("File ~p info_error ~p ~n",
 					   [DcdF, Reason]),
 			true;
-		    {ok, DcdInfo} -> 
+		    {ok, DcdInfo} ->
 			Mul = case ?catch_val(dc_dump_limit) of
 				  {'EXIT', _} -> ?DumpToEtsMultiplier;
 				  Val -> Val
@@ -983,12 +996,12 @@ open_disc_copies(Tab, InitBy) ->
 			DcdInfo#file_info.size =< (DclInfo#file_info.size * Mul)
 		end
 	end,
-    if 
-	DumpEts == false; InitBy == startup ->	    
-	    mnesia_log:open_log({?MODULE,Tab}, 
-				mnesia_log:dcl_log_header(), 
-				DclF, 
-				mnesia_lib:exists(DclF), 
+    if
+	DumpEts == false; InitBy == startup ->
+	    mnesia_log:open_log({?MODULE,Tab},
+				mnesia_log:dcl_log_header(),
+				DclF,
+				mnesia_lib:exists(DclF),
 				mnesia_monitor:get_env(auto_repair),
 				read_write),
 	    put({?MODULE, Tab}, {opened_dumper, dcl}),
@@ -997,9 +1010,9 @@ open_disc_copies(Tab, InitBy) ->
 	    mnesia_log:ets2dcd(Tab),
 	    put({?MODULE, Tab}, already_dumped),
 	    false
-    end. 
+    end.
 
-%% Always opens the dcl file for writing overriding already_dumped 
+%% Always opens the dcl file for writing overriding already_dumped
 %% mechanismen, used for schema transactions.
 open_dcl(Tab) ->
     case get({?MODULE, Tab}) of
@@ -1007,10 +1020,10 @@ open_dcl(Tab) ->
 	    true;
 	_ -> %% undefined or already_dumped
 	    DclF = mnesia_lib:tab2dcl(Tab),
-	    mnesia_log:open_log({?MODULE,Tab}, 
-				mnesia_log:dcl_log_header(), 
-				DclF, 
-				mnesia_lib:exists(DclF), 
+	    mnesia_log:open_log({?MODULE,Tab},
+				mnesia_log:dcl_log_header(),
+				DclF,
+				mnesia_lib:exists(DclF),
 				mnesia_monitor:get_env(auto_repair),
 				read_write),
 	    put({?MODULE, Tab}, {opened_dumper, dcl}),
@@ -1047,7 +1060,7 @@ close_files(InPlace, Outcome, InitBy, [{{?MODULE, Tab}, {opened_dumper, Type}} |
     case val({Tab, storage_type}) of
 	disc_only_copies when InitBy /= startup ->
 	    ignore;
-	disc_copies when Tab /= schema -> 
+	disc_copies when Tab /= schema ->
 	    mnesia_log:close_log({?MODULE,Tab});
 	Storage ->
 	    do_close(InPlace, Outcome, Tab, Type, Storage)
@@ -1082,7 +1095,7 @@ do_close(InPlace, Outcome, Tab, dat, Storage) ->
 	true ->
 	    file:delete(mnesia_lib:tab2tmp(Tab))
     end.
-    
+
 
 ensure_rename(From, To) ->
     case mnesia_lib:exists(From) of
@@ -1096,7 +1109,7 @@ ensure_rename(From, To) ->
 		    {error, {rename_failed, From, To}}
 	    end
     end.
-    
+
 insert_cstruct(Tid, Cs, KeepWhereabouts, InPlace, InitBy) ->
     Val = mnesia_schema:insert_cstruct(Tid, Cs, KeepWhereabouts),
     {schema, Tab, _} = Val,
@@ -1114,15 +1127,15 @@ delete_cstruct(Tid, Cs, InPlace, InitBy) ->
 
 temp_set_master_nodes() ->
     Tabs = val({schema, local_tables}),
-    Masters = [{Tab, (val({Tab, disc_copies}) ++ 
-		      val({Tab, ram_copies}) ++ 
-		      val({Tab, disc_only_copies})) -- [node()]} 
+    Masters = [{Tab, (val({Tab, disc_copies}) ++
+		      val({Tab, ram_copies}) ++
+		      val({Tab, disc_only_copies})) -- [node()]}
 	       || Tab <- Tabs],
     %% UseDir = false since we don't want to remember these
     %% masternodes and we are running (really soon anyway) since we want this
     %% to be known during table loading.
     mnesia_recover:log_master_nodes(Masters, false, yes),
-    ok.    
+    ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Raw dump of table. Dumper must have unique access to the ets table.
@@ -1152,7 +1165,7 @@ raw_named_dump_table(Tab, Ftype) ->
 		{ok, TabRef} ->
 		    Storage = ram_copies,
 		    mnesia_lib:db_fixtable(Storage, Tab, true),
-		    
+
 		    case catch raw_dump_table(TabRef, Tab) of
 			{'EXIT', Reason} ->
 			    mnesia_lib:db_fixtable(Storage, Tab, false),
@@ -1179,11 +1192,11 @@ raw_dump_table(DetsRef, EtsRef) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Load regulator
-%% 
-%% This is a poor mans substitute for a fair scheduler algorithm 
-%% in the Erlang emulator. The mnesia_dumper process performs many 
-%% costly BIF invokations and must pay for this. But since the 
-%% Emulator does not handle this properly we must compensate for 
+%%
+%% This is a poor mans substitute for a fair scheduler algorithm
+%% in the Erlang emulator. The mnesia_dumper process performs many
+%% costly BIF invokations and must pay for this. But since the
+%% Emulator does not handle this properly we must compensate for
 %% this with some form of load regulation of ourselves in order to
 %% not steal all computation power in the Erlang Emulator ans make
 %% other processes starve. Hopefully this is a temporary solution.
@@ -1230,6 +1243,6 @@ regulate(RegulatorPid) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
-	Value -> Value 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
+	Value -> Value
     end.
diff --git a/lib/mnesia/src/mnesia_event.erl b/lib/mnesia/src/mnesia_event.erl
index 5a060a28ff..8085155fd5 100644
--- a/lib/mnesia/src/mnesia_event.erl
+++ b/lib/mnesia/src/mnesia_event.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/src/mnesia_frag_hash.erl b/lib/mnesia/src/mnesia_frag_hash.erl
index 610ba2535c..3dfdb87f30 100644
--- a/lib/mnesia/src/mnesia_frag_hash.erl
+++ b/lib/mnesia/src/mnesia_frag_hash.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -101,21 +101,19 @@ del_frag(OldState) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
-key_to_frag_number(#hash_state{function = phash, next_n_to_split = SplitN, n_doubles = L}, Key) ->
-    P = SplitN,
-    A = erlang:phash(Key, power2(L)),
+key_to_frag_number(#hash_state{function = phash, n_fragments = N, n_doubles = L}, Key) ->
+    A = erlang:phash(Key, power2(L + 1)),
     if
-	A < P ->
-	    erlang:phash(Key, power2(L + 1));
+	A > N ->
+	    A - power2(L);
 	true ->
 	    A
     end;
-key_to_frag_number(#hash_state{function = phash2, next_n_to_split = SplitN, n_doubles = L}, Key) ->
-    P = SplitN,
-    A = erlang:phash2(Key, power2(L)) + 1,
+key_to_frag_number(#hash_state{function = phash2, n_fragments = N, n_doubles = L}, Key) ->
+    A = erlang:phash2(Key, power2(L + 1)) + 1,
     if
-	A < P ->
-	    erlang:phash2(Key, power2(L + 1)) + 1;
+	A > N ->
+	    A - power2(L);
 	true ->
 	    A
     end;
diff --git a/lib/mnesia/src/mnesia_lib.erl b/lib/mnesia/src/mnesia_lib.erl
index e8b8c58c70..ae6631646c 100644
--- a/lib/mnesia/src/mnesia_lib.erl
+++ b/lib/mnesia/src/mnesia_lib.erl
@@ -413,7 +413,7 @@ pr_other(Var, Other) ->
 	    [self(), process_info(self(), registered_name),
 	     Var, Other, Why]),
     case Other of
-	{badarg, [{ets, lookup_element, _}|_]} ->
+	{badarg, [{ets, lookup_element, _, _}|_]} ->
 	    exit(Why);
 	_ ->
 	    erlang:error(Why)
diff --git a/lib/mnesia/src/mnesia_loader.erl b/lib/mnesia/src/mnesia_loader.erl
index eb83168498..e443b54016 100644
--- a/lib/mnesia/src/mnesia_loader.erl
+++ b/lib/mnesia/src/mnesia_loader.erl
@@ -61,9 +61,11 @@ do_get_disc_copy2(Tab, _Reason, Storage, _Type) when Storage == unknown ->
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_copies ->
     %% NOW we create the actual table
     Repair = mnesia_monitor:get_env(auto_repair),
-    Args = [{keypos, 2}, public, named_table, Type],
+    StorageProps = val({Tab, storage_properties}),
+    EtsOpts = proplists:get_value(ets, StorageProps, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case Reason of
-	{dumper, _} -> %% Resources allready allocated
+	{dumper, _} -> %% Resources already allocated
 	    ignore;
 	_ ->
 	    mnesia_monitor:mktab(Tab, Args),
@@ -82,7 +84,9 @@ do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_copies ->
     {loaded, ok};
 
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == ram_copies ->
-    Args = [{keypos, 2}, public, named_table, Type],
+    StorageProps = val({Tab, storage_properties}),
+    EtsOpts = proplists:get_value(ets, StorageProps, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case Reason of
 	{dumper, _} -> %% Resources allready allocated
 	    ignore;
@@ -115,10 +119,14 @@ do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == ram_copies ->
     {loaded, ok};
 
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_only_copies ->
+    StorageProps = val({Tab, storage_properties}),
+    DetsOpts = proplists:get_value(dets, StorageProps, []),
+
     Args = [{file, mnesia_lib:tab2dat(Tab)},
 	    {type, mnesia_lib:disk_type(Tab, Type)},
 	    {keypos, 2},
-	    {repair, mnesia_monitor:get_env(auto_repair)}],
+	    {repair, mnesia_monitor:get_env(auto_repair)} 
+	    | DetsOpts],
     case Reason of
 	{dumper, _} ->
 	    mnesia_index:init_index(Tab, Storage),
@@ -349,17 +357,21 @@ do_init_table(Tab,Storage,Cs,SenderPid,
     end.
 
 create_table(Tab, TabSize, Storage, Cs) ->
+    StorageProps = val({Tab, storage_properties}),
     if
 	Storage == disc_only_copies ->
 	    mnesia_lib:lock_table(Tab),
 	    Tmp = mnesia_lib:tab2tmp(Tab),
 	    Size = lists:max([TabSize, 256]),
+	    DetsOpts = lists:keydelete(estimated_no_objects, 1,
+				       proplists:get_value(dets, StorageProps, [])),
 	    Args = [{file, Tmp},
 		    {keypos, 2},
 %%		    {ram_file, true},
 		    {estimated_no_objects, Size},
 		    {repair, mnesia_monitor:get_env(auto_repair)},
-		    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}],
+		    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}
+		    | DetsOpts],
 	    file:delete(Tmp),
 	    case mnesia_lib:dets_sync_open(Tab, Args) of
 		{ok, _} ->
@@ -370,7 +382,8 @@ create_table(Tab, TabSize, Storage, Cs) ->
 		    Else
 	    end;
 	(Storage == ram_copies) or (Storage == disc_copies) ->
-	    Args = [{keypos, 2}, public, named_table, Cs#cstruct.type],
+	    EtsOpts = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Cs#cstruct.type | EtsOpts],
 	    case mnesia_monitor:unsafe_mktab(Tab, Args) of
 		Tab ->
 		    {Storage, Tab};
@@ -429,7 +442,7 @@ init_table(Tab, disc_only_copies, Fun, DetsInfo,Sender) ->
 	{ErtsVer, DetsData}  ->
 	    Res = (catch dets:is_compatible_bchunk_format(Tab, DetsData)),
 	    case Res of
-		{'EXIT',{undef,[{dets,_,_}|_]}} ->
+		{'EXIT',{undef,[{dets,_,_,_}|_]}} ->
 		    Sender ! {self(), {old_protocol, Tab}},
 		    dets:init_table(Tab, Fun);  %% Old dets version
 		{'EXIT', What} ->
@@ -516,10 +529,13 @@ handle_last({disc_only_copies, Tab}, Type, nobin) ->
     Dat = mnesia_lib:tab2dat(Tab),
     case file:rename(Tmp, Dat) of
 	ok ->
+	    StorageProps = val({Tab, storage_properties}),
+	    DetsOpts = proplists:get_value(dets, StorageProps, []),
+
 	    Args = [{file, mnesia_lib:tab2dat(Tab)},
 		    {type, mnesia_lib:disk_type(Tab, Type)},
 		    {keypos, 2},
-		    {repair, mnesia_monitor:get_env(auto_repair)}],
+		    {repair, mnesia_monitor:get_env(auto_repair)} | DetsOpts],
 	    mnesia_monitor:open_dets(Tab, Args),
 	    ok;
 	{error, Reason} ->
diff --git a/lib/mnesia/src/mnesia_locker.erl b/lib/mnesia/src/mnesia_locker.erl
index 0492d794f3..a22c95d454 100644
--- a/lib/mnesia/src/mnesia_locker.erl
+++ b/lib/mnesia/src/mnesia_locker.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -66,14 +66,14 @@
 
 -record(queue, {oid, tid, op, pid, lucky}).
 
-%% mnesia_held_locks: contain       {Oid, Op, Tid} entries  (bag)
+%% mnesia_held_locks: contain       {Oid, MaxLock, [{Op, Tid}]} entries
 -define(match_oid_held_locks(Oid),  {Oid, '_', '_'}).
-%% mnesia_tid_locks: contain        {Tid, Oid, Op} entries  (bag) 
+%% mnesia_tid_locks: contain        {Tid, Oid, Op} entries  (bag)
 -define(match_oid_tid_locks(Tid),   {Tid, '_', '_'}).
 %% mnesia_sticky_locks: contain     {Oid, Node} entries and {Tab, Node} entries (set)
 -define(match_oid_sticky_locks(Oid),{Oid, '_'}).
 %% mnesia_lock_queue: contain       {queue, Oid, Tid, Op, ReplyTo, WaitForTid} entries (bag)
--define(match_oid_lock_queue(Oid),  #queue{oid=Oid, tid='_', op = '_', pid = '_', lucky = '_'}). 
+-define(match_oid_lock_queue(Oid),  #queue{oid=Oid, tid='_', op = '_', pid = '_', lucky = '_'}).
 %% mnesia_lock_counter:             {{write, Tab}, Number} &&
 %%                                  {{read, Tab}, Number} entries  (set)
 
@@ -83,11 +83,11 @@ start() ->
 init(Parent) ->
     register(?MODULE, self()),
     process_flag(trap_exit, true),
-    ?ets_new_table(mnesia_held_locks, [bag, private, named_table]), 
+    ?ets_new_table(mnesia_held_locks, [ordered_set, private, named_table]),
     ?ets_new_table(mnesia_tid_locks, [bag, private, named_table]),
     ?ets_new_table(mnesia_sticky_locks, [set, private, named_table]),
     ?ets_new_table(mnesia_lock_queue, [bag, private, named_table, {keypos, 2}]),
-    
+
     proc_lib:init_ack(Parent, {ok, self()}),
     case ?catch_val(pid_sort_order) of
 	r9b_plain -> put(pid_sort_order, r9b_plain);
@@ -98,8 +98,8 @@ init(Parent) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_); 
-	_VaLuE_ -> _VaLuE_ 
+	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_);
+	_VaLuE_ -> _VaLuE_
     end.
 
 reply(From, R) ->
@@ -111,10 +111,10 @@ l_request(Node, X, Store) ->
 
 l_req_rec(Node, Store) ->
     ?ets_insert(Store, {nodes, Node}),
-    receive 
-	{?MODULE, Node, Reply} -> 
+    receive
+	{?MODULE, Node, Reply} ->
 	    Reply;
-	{mnesia_down, Node} -> 
+	{mnesia_down, Node} ->
 	    {not_granted, {node_not_running, Node}}
     end.
 
@@ -128,10 +128,10 @@ send_release_tid(Nodes, Tid) ->
     rpc:abcast(Nodes, ?MODULE, {self(), {sync_release_tid, Tid}}).
 
 receive_release_tid_acc([Node | Nodes], Tid) ->
-    receive 
-	{?MODULE, Node, {tid_released, Tid}} -> 
+    receive
+	{?MODULE, Node, {tid_released, Tid}} ->
 	    receive_release_tid_acc(Nodes, Tid);
-	{mnesia_down, Node} -> 
+	{mnesia_down, Node} ->
 	    receive_release_tid_acc(Nodes, Tid)
     end;
 receive_release_tid_acc([], _Tid) ->
@@ -152,27 +152,27 @@ loop(State) ->
 
 	%% Really do a  read, but get hold of a write lock
 	%% used by mnesia:wread(Oid).
-	
+
 	{From, {read_write, Tid, Oid}} ->
 	    try_sticky_lock(Tid, read_write, From, Oid),
 	    loop(State);
-	
+
 	%% Tid has somehow terminated, clear up everything
 	%% and pass locks on to queued processes.
 	%% This is the purpose of the mnesia_tid_locks table
-	
+
 	{release_tid, Tid} ->
 	    do_release_tid(Tid),
 	    loop(State);
-	
+
 	%% stick lock, first tries this to the where_to_read Node
 	{From, {test_set_sticky, Tid, {Tab, _} = Oid, Lock}} ->
 	    case ?ets_lookup(mnesia_sticky_locks, Tab) of
-		[] -> 
+		[] ->
 		    reply(From, not_stuck),
 		    loop(State);
 		[{_,Node}] when Node == node() ->
-		    %% Lock is stuck here, see now if we can just set 
+		    %% Lock is stuck here, see now if we can just set
 		    %% a regular write lock
 		    try_lock(Tid, Lock, From, Oid),
 		    loop(State);
@@ -188,7 +188,7 @@ loop(State) ->
 	    ?ets_insert(mnesia_sticky_locks, {Tab, N}),
 	    loop(State);
 
-	%% The caller which sends this message, must have first 
+	%% The caller which sends this message, must have first
 	%% aquired a write lock on the entire table
 	{unstick, Tab} ->
 	    ?ets_delete(mnesia_sticky_locks, Tab),
@@ -205,14 +205,14 @@ loop(State) ->
 		[{_,N}] ->
 		    Req = {From, {ix_read, Tid, Tab, IxKey, Pos}},
 		    From ! {?MODULE, node(), {switch, N, Req}},
-		    loop(State)	   
+		    loop(State)
 	    end;
 
 	{From, {sync_release_tid, Tid}} ->
 	    do_release_tid(Tid),
 	    reply(From, {tid_released, Tid}),
 	    loop(State);
-	
+
 	{release_remote_non_pending, Node, Pending} ->
 	    release_remote_non_pending(Node, Pending),
 	    mnesia_monitor:mnesia_down(?MODULE, Node),
@@ -229,16 +229,23 @@ loop(State) ->
 	{get_table, From, LockTable} ->
 	    From ! {LockTable, ?ets_match_object(LockTable, '_')},
 	    loop(State);
-	
+
 	Msg ->
 	    error("~p got unexpected message: ~p~n", [?MODULE, Msg]),
 	    loop(State)
     end.
 
-set_lock(Tid, Oid, Op) ->
-    ?dbg("Granted ~p ~p ~p~n", [Tid,Oid,Op]),
-    ?ets_insert(mnesia_held_locks, {Oid, Op, Tid}),
-    ?ets_insert(mnesia_tid_locks, {Tid, Oid, Op}).
+set_lock(Tid, Oid, Op, []) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, Op}),
+    ?ets_insert(mnesia_held_locks, {Oid, Op, [{Op, Tid}]});
+set_lock(Tid, Oid, read, [{Oid, Prev, Items}]) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, read}),
+    ?ets_insert(mnesia_held_locks, {Oid, Prev, [{read, Tid}|Items]});
+set_lock(Tid, Oid, write, [{Oid, _Prev, Items}]) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, write}),
+    ?ets_insert(mnesia_held_locks, {Oid, write, [{write, Tid}|Items]});
+set_lock(Tid, Oid, Op, undefined) ->
+    set_lock(Tid, Oid, Op, ?ets_lookup(mnesia_held_locks, Oid)).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Acquire locks
@@ -261,32 +268,32 @@ try_lock(Tid, Op, Pid, Oid) ->
 
 try_lock(Tid, Op, SimpleOp, Lock, Pid, Oid) ->
     case can_lock(Tid, Lock, Oid, {no, bad_luck}) of
-	yes ->
-	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid),
+	{yes, Default} ->
+	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid, Default),
 	    reply(Pid, Reply);
-	{no, Lucky} ->
+	{{no, Lucky},_} ->
 	    C = #cyclic{op = SimpleOp, lock = Lock, oid = Oid, lucky = Lucky},
 	    ?dbg("Rejected ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    reply(Pid, {not_granted, C});
-	{queue, Lucky} ->
+	{{queue, Lucky},_} ->
 	    ?dbg("Queued ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    %% Append to queue: Nice place for trace output
-	    ?ets_insert(mnesia_lock_queue, 
-			#queue{oid = Oid, tid = Tid, op = Op, 
+	    ?ets_insert(mnesia_lock_queue,
+			#queue{oid = Oid, tid = Tid, op = Op,
 			       pid = Pid, lucky = Lucky}),
 	    ?ets_insert(mnesia_tid_locks, {Tid, Oid, {queued, Op}})
     end.
 
-grant_lock(Tid, read, Lock, Oid = {Tab, Key})
+grant_lock(Tid, read, Lock, Oid = {Tab, Key}, Default)
   when Key /= ?ALL, Tab /= ?GLOBAL ->
     case node(Tid#tid.pid) == node() of
 	true ->
-	    set_lock(Tid, Oid, Lock),
+	    set_lock(Tid, Oid, Lock, Default),
 	    {granted, lookup_in_client};
 	false ->
 	    try
 		Val = mnesia_lib:db_get(Tab, Key), %% lookup as well
-		set_lock(Tid, Oid, Lock),
+		set_lock(Tid, Oid, Lock, Default),
 		{granted, Val}
 	    catch _:_Reason ->
 		    %% Table has been deleted from this node,
@@ -296,87 +303,71 @@ grant_lock(Tid, read, Lock, Oid = {Tab, Key})
 		    {not_granted, C}
 	    end
     end;
-grant_lock(Tid, {ix_read,IxKey,Pos}, Lock, Oid = {Tab, _}) ->
+grant_lock(Tid, {ix_read,IxKey,Pos}, Lock, Oid = {Tab, _}, Default) ->
     try
 	Res = ix_read_res(Tab, IxKey,Pos),
-	set_lock(Tid, Oid, Lock),
+	set_lock(Tid, Oid, Lock, Default),
 	{granted, Res, [?ALL]}
     catch _:_ ->
 	    {not_granted, {no_exists, Tab, {index, [Pos]}}}
     end;
-grant_lock(Tid, read, Lock, Oid) ->
-    set_lock(Tid, Oid, Lock),
+grant_lock(Tid, read, Lock, Oid, Default) ->
+    set_lock(Tid, Oid, Lock, Default),
     {granted, ok};
-grant_lock(Tid, write, Lock, Oid) ->
-    set_lock(Tid, Oid, Lock),
+grant_lock(Tid, write, Lock, Oid, Default) ->
+    set_lock(Tid, Oid, Lock, Default),
     granted.
 
 %% 1) Impose an ordering on all transactions favour old (low tid) transactions
 %%    newer (higher tid) transactions may never wait on older ones,
 %% 2) When releasing the tids from the queue always begin with youngest (high tid)
 %%    because of 1) it will avoid the deadlocks.
-%% 3) TabLocks is the problem :-) They should not starve and not deadlock 
+%% 3) TabLocks is the problem :-) They should not starve and not deadlock
 %%    handle tablocks in queue as they had locks on unlocked records.
 
-can_lock(Tid, read, {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
-    %% The key is bound, no need for the other BIF
-    Oid = {Tab, Key}, 
-    ObjLocks = ?ets_match_object(mnesia_held_locks, {Oid, write, '_'}),
-    TabLocks = ?ets_match_object(mnesia_held_locks, {{Tab, ?ALL}, write, '_'}),
-    check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, read);
+can_lock(Tid, read, Oid = {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
+    ObjLocks = ?ets_lookup(mnesia_held_locks, Oid),
+    TabLocks = ?ets_lookup(mnesia_held_locks, {Tab, ?ALL}),
+    {check_lock(Tid, Oid,
+		filter_write(ObjLocks),
+		filter_write(TabLocks),
+		yes, AlreadyQ, read),
+     ObjLocks};
 
 can_lock(Tid, read, Oid, AlreadyQ) -> % Whole tab
     Tab = element(1, Oid),
     ObjLocks = ?ets_match_object(mnesia_held_locks, {{Tab, '_'}, write, '_'}),
-    check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, read);
+    {check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, read), undefined};
 
-can_lock(Tid, write, {Tab, Key}, AlreadyQ) when Key /= ?ALL -> 
-    Oid = {Tab, Key},
+can_lock(Tid, write, Oid = {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
     ObjLocks = ?ets_lookup(mnesia_held_locks, Oid),
     TabLocks = ?ets_lookup(mnesia_held_locks, {Tab, ?ALL}),
-    check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, write);
+    {check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, write), ObjLocks};
 
 can_lock(Tid, write, Oid, AlreadyQ) -> % Whole tab
     Tab = element(1, Oid),
     ObjLocks = ?ets_match_object(mnesia_held_locks, ?match_oid_held_locks({Tab, '_'})),
-    check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, write).
+    {check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, write), undefined}.
+
+filter_write([{_, read, _}]) -> [];
+filter_write(Res) -> Res.
 
 %% Check held locks for conflicting locks
-check_lock(Tid, Oid, [Lock | Locks], TabLocks, X, AlreadyQ, Type) ->
-    case element(3, Lock) of
-	Tid ->
-	    check_lock(Tid, Oid, Locks, TabLocks, X, AlreadyQ, Type);
-	WaitForTid ->
-	    Queue = allowed_to_be_queued(WaitForTid,Tid),
-	    if Queue == true -> 
-		    check_lock(Tid, Oid, Locks, TabLocks, {queue, WaitForTid}, AlreadyQ, Type);
-	       Tid#tid.pid == WaitForTid#tid.pid ->
-		    dbg_out("Spurious lock conflict ~w ~w: ~w -> ~w~n",
-			    [Oid, Lock, Tid, WaitForTid]),  
-		    %% Test..
-		    {Tab, _Key} = Oid,
-		    HaveQ = (ets:lookup(mnesia_lock_queue, Oid) /= []) 
-			orelse (ets:lookup(mnesia_lock_queue,{Tab,?ALL}) /= []),
-		    if 
-			HaveQ -> 
-			    {no, WaitForTid};
-			true -> 
-			    check_lock(Tid,Oid,Locks,TabLocks,{queue,WaitForTid},AlreadyQ,Type)
-		    end;
-		    %%{no, WaitForTid};  Safe solution 
-	       true ->
-		    {no, WaitForTid}
-	    end
+check_lock(Tid, Oid, [{_, _, Lock} | Locks], TabLocks, _X, AlreadyQ, Type) ->
+    case can_queue(Lock, Tid, Oid, _X) of
+	{no, _} = Res ->
+	    Res;
+	Res ->
+	    check_lock(Tid, Oid, Locks, TabLocks, Res, AlreadyQ, Type)
     end;
 
 check_lock(_, _, [], [], X, {queue, bad_luck}, _) ->
     X;  %% The queue should be correct already no need to check it again
 
 check_lock(_, _, [], [], X = {queue, _Tid}, _AlreadyQ, _) ->
-    X;  
+    X;
 
-check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
-    {Tab, Key} = Oid,
+check_lock(Tid, Oid = {Tab, Key}, [], [], X, AlreadyQ, Type) ->
     if
 	Type == write ->
 	    check_queue(Tid, Tab, X, AlreadyQ);
@@ -387,7 +378,7 @@ check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
 	    %% If there is a queue on that object, read_lock shouldn't be granted
 	    ObjLocks = ets:lookup(mnesia_lock_queue, Oid),
 	    case max(ObjLocks) of
-		empty -> 
+		empty ->
 		    check_queue(Tid, Tab, X, AlreadyQ);
 		ObjL ->
 		    case allowed_to_be_queued(ObjL,Tid) of
@@ -403,16 +394,36 @@ check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
 check_lock(Tid, Oid, [], TabLocks, X, AlreadyQ, Type) ->
     check_lock(Tid, Oid, TabLocks, [], X, AlreadyQ, Type).
 
+can_queue([{_Op, Tid}|Locks], Tid, Oid, Res) ->
+    can_queue(Locks, Tid, Oid, Res);
+can_queue([{Op, WaitForTid}|Locks], Tid, Oid = {Tab, _}, _) ->
+    case allowed_to_be_queued(WaitForTid,Tid) of
+	true when Tid#tid.pid == WaitForTid#tid.pid ->
+	    dbg_out("Spurious lock conflict ~w ~w: ~w -> ~w~n",
+		    [Oid, Op, Tid, WaitForTid]),
+	    HaveQ = (ets:lookup(mnesia_lock_queue, Oid) /= [])
+		orelse (ets:lookup(mnesia_lock_queue,{Tab,?ALL}) /= []),
+	    case HaveQ of
+		true -> {no, WaitForTid};
+		false ->  can_queue(Locks, Tid, Oid, {queue, WaitForTid})
+	    end;
+	true ->
+	    can_queue(Locks, Tid, Oid, {queue, WaitForTid});
+	false ->
+	    {no, WaitForTid}
+    end;
+can_queue([], _, _, Res) -> Res.
+
 %% True if  WaitForTid > Tid -> % Important order
 allowed_to_be_queued(WaitForTid, Tid) ->
     case get(pid_sort_order) of
 	undefined -> WaitForTid > Tid;
-	r9b_plain -> 
+	r9b_plain ->
 	    cmp_tid(true, WaitForTid, Tid) =:= 1;
-	standard  -> 
+	standard  ->
 	    cmp_tid(false, WaitForTid, Tid) =:= 1
-    end.	    
-	    
+    end.
+
 %% Check queue for conflicting locks
 %% Assume that all queued locks belongs to other tid's
 
@@ -421,25 +432,25 @@ check_queue(Tid, Tab, X, AlreadyQ) ->
     Greatest = max(TabLocks),
     case Greatest of
 	empty ->  X;
-	Tid ->    X; 
-	WaitForTid -> 
+	Tid ->    X;
+	WaitForTid ->
 	    case allowed_to_be_queued(WaitForTid,Tid) of
 		true ->
 		    {queue, WaitForTid};
-		false when AlreadyQ =:= {no, bad_luck} -> 
+		false when AlreadyQ =:= {no, bad_luck} ->
 		    {no, WaitForTid}
 	    end
     end.
 
 sort_queue(QL) ->
     case get(pid_sort_order) of
-	undefined -> 
+	undefined ->
 	    lists:reverse(lists:keysort(#queue.tid, QL));
-	r9b_plain -> 
-	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) -> 
+	r9b_plain ->
+	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) ->
 			       cmp_tid(true, X, Y) == 1
 		       end, QL);
-	standard  -> 
+	standard  ->
 	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) ->
 			       cmp_tid(false, X, Y) == 1
 		       end, QL)
@@ -456,22 +467,22 @@ set_read_lock_on_all_keys(Tid, From, Tab, IxKey, Pos) ->
     Op = {ix_read,IxKey, Pos},
     Lock = read,
     case can_lock(Tid, Lock, Oid, {no, bad_luck}) of
-	yes ->
-	    Reply = grant_lock(Tid, Op, Lock, Oid),
+	{yes, Default} ->
+	    Reply = grant_lock(Tid, Op, Lock, Oid, Default),
 	    reply(From, Reply);
-	{no, Lucky} ->
+	{{no, Lucky},_} ->
 	    C = #cyclic{op = Op, lock = Lock, oid = Oid, lucky = Lucky},
 	    ?dbg("Rejected ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    reply(From, {not_granted, C});
-    	{queue, Lucky} ->
+	{{queue, Lucky},_} ->
 	    ?dbg("Queued ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    %% Append to queue: Nice place for trace output
-	    ?ets_insert(mnesia_lock_queue, 
-			#queue{oid = Oid, tid = Tid, op = Op, 
+	    ?ets_insert(mnesia_lock_queue,
+			#queue{oid = Oid, tid = Tid, op = Op,
 			       pid = From, lucky = Lucky}),
 	    ?ets_insert(mnesia_tid_locks, {Tid, Oid, {queued, Op}})
     end.
-       
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Release of locks
 
@@ -520,30 +531,40 @@ release_locks([]) ->
 release_lock({Tid, Oid, {queued, _}}) ->
     ?ets_match_delete(mnesia_lock_queue, #queue{oid=Oid, tid = Tid, op = '_',
 						pid = '_', lucky = '_'});
-release_lock({Tid, Oid, Op}) ->
-    if
-	Op == write ->
-	    ?ets_delete(mnesia_held_locks, Oid);
-	Op == read ->
-	    ets:delete_object(mnesia_held_locks, {Oid, Op, Tid})
+release_lock({_Tid, Oid, write}) ->
+    ?ets_delete(mnesia_held_locks, Oid);
+release_lock({Tid, Oid, read}) ->
+    case ?ets_lookup(mnesia_held_locks, Oid) of
+	[{Oid, Prev, Locks0}] ->
+	    case remove_tid(Locks0, Tid, []) of
+		[] -> ?ets_delete(mnesia_held_locks, Oid);
+		Locks -> ?ets_insert(mnesia_held_locks, {Oid, Prev, Locks})
+	    end;
+	[] -> ok
     end.
 
+remove_tid([{_Op, Tid}|Ls], Tid, Acc) ->
+    remove_tid(Ls,Tid, Acc);
+remove_tid([Keep|Ls], Tid, Acc) ->
+    remove_tid(Ls,Tid, [Keep|Acc]);
+remove_tid([], _, Acc) -> Acc.
+
 rearrange_queue([{_Tid, {Tab, Key}, _} | Locks]) ->
     if
-	Key /= ?ALL->	    
-	    Queue =  
-		ets:lookup(mnesia_lock_queue, {Tab, ?ALL}) ++ 
+	Key /= ?ALL->
+	    Queue =
+		ets:lookup(mnesia_lock_queue, {Tab, ?ALL}) ++
 		ets:lookup(mnesia_lock_queue, {Tab, Key}),
-	    case Queue of 
-		[] -> 
+	    case Queue of
+		[] ->
 		    ok;
 		_ ->
 		    Sorted = sort_queue(Queue),
 		    try_waiters_obj(Sorted)
-	    end;	
-	true -> 
+	    end;
+	true ->
 	    Pat = ?match_oid_lock_queue({Tab, '_'}),
-	    Queue = ?ets_match_object(mnesia_lock_queue, Pat),	    
+	    Queue = ?ets_match_object(mnesia_lock_queue, Pat),
 	    Sorted = sort_queue(Queue),
 	    try_waiters_tab(Sorted)
     end,
@@ -556,7 +577,7 @@ try_waiters_obj([W | Waiters]) ->
     case try_waiter(W) of
 	queued ->
 	    no;
-	_ -> 	    
+	_ ->
 	    try_waiters_obj(Waiters)
     end;
 try_waiters_obj([]) ->
@@ -573,10 +594,10 @@ try_waiters_tab([W | Waiters]) ->
 	    end;
 	Oid ->
 	    case try_waiter(W) of
-		queued -> 	    
+		queued ->
 		    Rest = key_delete_all(Oid, #queue.oid, Waiters),
 		    try_waiters_tab(Rest);
-		_ ->		    
+		_ ->
 		    try_waiters_tab(Waiters)
 	    end
     end;
@@ -592,22 +613,22 @@ try_waiter({queue, Oid, Tid, Op, ReplyTo, _}) ->
 
 try_waiter(Oid, Op, SimpleOp, Lock, ReplyTo, Tid) ->
     case can_lock(Tid, Lock, Oid, {queue, bad_luck}) of
-	yes ->
+	{yes, Default} ->
 	    %% Delete from queue: Nice place for trace output
-	    ?ets_match_delete(mnesia_lock_queue, 
+	    ?ets_match_delete(mnesia_lock_queue,
 			      #queue{oid=Oid, tid = Tid, op = Op,
 				     pid = ReplyTo, lucky = '_'}),
-	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid),	    
+	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid, Default),
 	    reply(ReplyTo,Reply),
 	    locked;
-	{queue, _Why} ->
+	{{queue, _Why}, _} ->
 	    ?dbg("Keep ~p ~p ~p ~p~n", [Tid, Oid, Lock, _Why]),
-	    queued; % Keep waiter in queue	
-	{no, Lucky} ->
+	    queued; % Keep waiter in queue
+	{{no, Lucky}, _} ->
 	    C = #cyclic{op = SimpleOp, lock = Lock, oid = Oid, lucky = Lucky},
 	    verbose("** WARNING ** Restarted transaction, possible deadlock in lock queue ~w: cyclic = ~w~n",
 		    [Tid, C]),
-	    ?ets_match_delete(mnesia_lock_queue, 
+	    ?ets_match_delete(mnesia_lock_queue,
 			      #queue{oid=Oid, tid = Tid, op = Op,
 				     pid = ReplyTo, lucky = '_'}),
 	    Reply = {not_granted, C},
@@ -645,7 +666,7 @@ mnesia_down(N, Pending) ->
 	    Pid ! {release_remote_non_pending, N, Pending}
     end.
 
-%% Aquire a write lock, but do a read, used by 
+%% Aquire a write lock, but do a read, used by
 %% mnesia:wread/1
 
 rwlock(Tid, Store, Oid) ->
@@ -657,9 +678,10 @@ rwlock(Tid, Store, Oid) ->
 	    Lock = write,
 	    case need_lock(Store, Tab, Key, Lock)  of
 		yes ->
-		    {Ns, Majority} = w_nodes(Tab),
+		    {Ns0, Majority} = w_nodes(Tab),
+		    Ns = [Node|lists:delete(Node,Ns0)],
 		    check_majority(Majority, Tab, Ns),
-		    Res = get_rwlocks_on_nodes(Ns, rwlock, Node, Store, Tid, Oid),
+		    Res = get_rwlocks_on_nodes(Ns, make_ref(), Store, Tid, Oid),
 		    ?ets_insert(Store, {{locks, Tab, Key}, Lock}),
 		    Res;
 		no ->
@@ -718,7 +740,7 @@ sticky_rwlock(Tid, Store, Oid) ->
     sticky_lock(Tid, Store, Oid, read_write).
 
 sticky_lock(Tid, Store, {Tab, Key} = Oid, Lock) ->
-    N = val({Tab, where_to_read}), 
+    N = val({Tab, where_to_read}),
     if
 	node() == N ->
 	    case need_lock(Store, Tab, Key, write) of
@@ -805,9 +827,9 @@ sticky_wlock_table(Tid, Store, Tab) ->
 %% aquire a wlock on Oid
 %% We store a {Tabname, write, Tid} in all locktables
 %% on all nodes containing a copy of Tabname
-%% We also store an item {{locks, Tab, Key}, write} in the 
+%% We also store an item {{locks, Tab, Key}, write} in the
 %% local store when we have aquired the lock.
-%% 
+%%
 wlock(Tid, Store, Oid) ->
     wlock(Tid, Store, Oid, _CheckMajority = true).
 
@@ -845,10 +867,10 @@ wlock_no_exist(Tid, Store, Tab, Ns) ->
 
 need_lock(Store, Tab, Key, LockPattern) ->
     TabL = ?ets_match_object(Store, {{locks, Tab, ?ALL}, LockPattern}),
-    if 
+    if
 	TabL == [] ->
 	    KeyL = ?ets_match_object(Store, {{locks, Tab, Key}, LockPattern}),
-	    if 
+	    if
 		KeyL == [] ->
 		    yes;
 		true  ->
@@ -865,7 +887,7 @@ del_debug() ->
     erase(mnesia_wlock_nodes).
 
 %% We first send lock request to the local node if it is part of the lockers
-%% then the first sorted node then to the rest of the lockmanagers on all 
+%% then the first sorted node then to the rest of the lockmanagers on all
 %% nodes holding a copy of the table
 
 get_wlocks_on_nodes([Node | Tail], Orig, Store, Request, Oid) ->
@@ -875,51 +897,31 @@ get_wlocks_on_nodes([Node | Tail], Orig, Store, Request, Oid) ->
     case node() of
 	Node -> %% Local done try one more
 	    get_wlocks_on_nodes(Tail, Orig, Store, Request, Oid);
-	_ ->    %% The first succeded cont with the rest  
+	_ ->    %% The first succeded cont with the rest
 	    get_wlocks_on_nodes(Tail, Store, Request),
 	    receive_wlocks(Tail, Orig, Store, Oid)
     end;
-get_wlocks_on_nodes([], Orig, _Store, _Request, _Oid) -> 
+get_wlocks_on_nodes([], Orig, _Store, _Request, _Oid) ->
     Orig.
 
 get_wlocks_on_nodes([Node | Tail], Store, Request) ->
     {?MODULE, Node} ! Request,
     ?ets_insert(Store,{nodes, Node}),
     get_wlocks_on_nodes(Tail, Store, Request);
-get_wlocks_on_nodes([], _, _) -> 
+get_wlocks_on_nodes([], _, _) ->
     ok.
 
-get_rwlocks_on_nodes([ReadNode|Tail], _Res, ReadNode, Store, Tid, Oid) ->
+get_rwlocks_on_nodes([ReadNode|Tail], Ref, Store, Tid, Oid) ->
     Op = {self(), {read_write, Tid, Oid}},
     {?MODULE, ReadNode} ! Op,
     ?ets_insert(Store, {nodes, ReadNode}),
-    Res = receive_wlocks([ReadNode], undefined, Store, Oid),
-    case node() of
-	ReadNode -> 
-	    get_rwlocks_on_nodes(Tail, Res, ReadNode, Store, Tid, Oid);
-	_ ->
-	    get_wlocks_on_nodes(Tail, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks(Tail, Res, Store, Oid)
+    case receive_wlocks([ReadNode], Ref, Store, Oid) of
+	Ref ->
+	    get_rwlocks_on_nodes(Tail, Ref, Store, Tid, Oid);
+	Res ->
+	    get_wlocks_on_nodes(Tail, Res, Store, {self(), {write, Tid, Oid}}, Oid)
     end;
-get_rwlocks_on_nodes([Node | Tail], Res, ReadNode, Store, Tid, Oid) ->
-    Op = {self(), {write, Tid, Oid}},
-    {?MODULE, Node} ! Op,
-    ?ets_insert(Store, {nodes, Node}),
-    receive_wlocks([Node], undefined, Store, Oid),
-    if node() == Node ->
-	    get_rwlocks_on_nodes(Tail, Res, ReadNode, Store, Tid, Oid);
-       Res == rwlock -> %% Hmm	    
-	    Rest = lists:delete(ReadNode, Tail),
-	    Op2 = {self(), {read_write, Tid, Oid}},
-	    {?MODULE, ReadNode} ! Op2,
-	    ?ets_insert(Store, {nodes, ReadNode}),
-	    get_wlocks_on_nodes(Rest, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks([ReadNode|Rest], undefined, Store, Oid);
-       true ->
-	    get_wlocks_on_nodes(Tail, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks(Tail, Res, Store, Oid)
-    end;
-get_rwlocks_on_nodes([],Res,_,_,_,_) ->
+get_rwlocks_on_nodes([],Res,_,_,_) ->
     Res.
 
 receive_wlocks([], Res, _Store, _Oid) ->
@@ -944,8 +946,8 @@ receive_wlocks(Nodes = [This|Ns], Res, Store, Oid) ->
 	    Tail = lists:delete(Node,Nodes),
 	    Nonstuck = lists:delete(Sticky,Tail),
 	    [?ets_insert(Store, {nodes, NSNode}) || NSNode <- Nonstuck],
-	    case lists:member(Sticky,Tail) of		
-		true -> 		    
+	    case lists:member(Sticky,Tail) of
+		true ->
 		    sticky_flush(Nonstuck,Store),
 		    receive_wlocks([Sticky], Res, Store, Oid);
 		false ->
@@ -957,7 +959,7 @@ receive_wlocks(Nodes = [This|Ns], Res, Store, Oid) ->
 	    flush_remaining(Ns, This, Reason1)
     end.
 
-sticky_flush([], _) -> 
+sticky_flush([], _) ->
     del_debug(),
     ok;
 sticky_flush(Ns=[Node | Tail], Store) ->
@@ -991,7 +993,7 @@ opt_lookup_in_client(lookup_in_client, Oid, Lock) ->
 	    %% Table has been deleted from this node,
 	    %% restart the transaction.
 	    #cyclic{op = read, lock = Lock, oid = Oid, lucky = nowhere};
-	Val -> 
+	Val ->
 	    Val
     end;
 opt_lookup_in_client(Val, _Oid, _Lock) ->
@@ -1000,8 +1002,8 @@ opt_lookup_in_client(Val, _Oid, _Lock) ->
 return_granted_or_nodes({_, ?ALL}   , Nodes) -> Nodes;
 return_granted_or_nodes({?GLOBAL, _}, Nodes) -> Nodes;
 return_granted_or_nodes(_           , _Nodes) -> granted.
-    
-%% We store a {Tab, read, From} item in the 
+
+%% We store a {Tab, read, From} item in the
 %% locks table on the node where we actually do pick up the object
 %% and we also store an item {lock, Oid, read} in our local store
 %% so that we can release any locks we hold when we commit.
@@ -1059,9 +1061,9 @@ rlock_get_reply(Node, Store, Oid, {granted, V}) ->
     ?ets_insert(Store, {{locks, Tab, Key}, read}),
     ?ets_insert(Store, {nodes, Node}),
     case opt_lookup_in_client(V, Oid, read) of
-	C = #cyclic{} -> 
+	C = #cyclic{} ->
 	    mnesia:abort(C);
-	Val -> 
+	Val ->
 	    Val
     end;
 rlock_get_reply(Node, Store, Oid, granted) ->
@@ -1079,7 +1081,7 @@ rlock_get_reply(Node, Store, Tab, {granted, V, RealKeys}) ->
 rlock_get_reply(_Node, _Store, _Oid, {not_granted, Reason}) ->
     exit({aborted, Reason});
 
-rlock_get_reply(_Node, Store, Oid, {switch, N2, Req}) ->    
+rlock_get_reply(_Node, Store, Oid, {switch, N2, Req}) ->
     ?ets_insert(Store, {nodes, N2}),
     {?MODULE, N2} ! Req,
     rlock_get_reply(N2, Store, Oid, l_req_rec(N2, Store)).
@@ -1095,7 +1097,7 @@ ixrlock(Tid, Store, Tab, IxKey, Pos) ->
 	    %%% Old code
 	    %% R = l_request(Node, {ix_read, Tid, Tab, IxKey, Pos}, Store),
 	    %% rlock_get_reply(Node, Store, Tab, R)
-	    
+
 	    case need_lock(Store, Tab, ?ALL, read) of
 		no when Node =:= node() ->
 		    ix_read_res(Tab,IxKey,Pos);
@@ -1135,11 +1137,23 @@ rec_requests([], _Oid, _Store) ->
 
 get_held_locks() ->
     ?MODULE ! {get_table, self(), mnesia_held_locks},
-    receive {mnesia_held_locks, Locks} -> Locks  end.
+    Locks = receive {mnesia_held_locks, Ls} -> Ls after 5000 -> [] end,
+    rewrite_locks(Locks, []).
+
+rewrite_locks([{Oid, _, Ls}|Locks], Acc0) ->
+    Acc = rewrite_locks(Ls, Oid, Acc0),
+    rewrite_locks(Locks, Acc);
+rewrite_locks([], Acc) ->
+    lists:reverse(Acc).
+
+rewrite_locks([{Op, Tid}|Ls], Oid, Acc) ->
+    rewrite_locks(Ls, Oid, [{Oid, Op, Tid}|Acc]);
+rewrite_locks([], _, Acc) ->
+    Acc.
 
 get_lock_queue() ->
     ?MODULE ! {get_table, self(), mnesia_lock_queue},
-    Q = receive {mnesia_lock_queue, Locks} -> Locks  end,
+    Q = receive {mnesia_lock_queue, Locks} -> Locks after 5000 -> [] end,
     [{Oid, Op, Pid, Tid, WFT} || {queue, Oid, Tid, Op, Pid, WFT} <- Q].
 
 do_stop() ->
diff --git a/lib/mnesia/src/mnesia_log.erl b/lib/mnesia/src/mnesia_log.erl
index 94153473cb..18303869ed 100644
--- a/lib/mnesia/src/mnesia_log.erl
+++ b/lib/mnesia/src/mnesia_log.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -180,8 +180,8 @@
 	 view/1,
 	 write_trans_log_header/0
 	]).
-	
-	
+
+
 -compile({no_auto_import,[error/2]}).
 
 -include("mnesia.hrl").
@@ -210,7 +210,7 @@ decision_tab_version() -> "1.0".
 
 dcl_version() -> "1.0".
 dcd_version() -> "1.0".
-     
+
 append(Log, Bin) when is_binary(Bin) ->
     disk_log:balog(Log, Bin);
 append(Log, Term) ->
@@ -218,9 +218,9 @@ append(Log, Term) ->
 
 %% Synced append
 sappend(Log, Bin) when is_binary(Bin) ->
-    ok = disk_log:blog(Log, Bin);  
+    ok = disk_log:blog(Log, Bin);
 sappend(Log, Term) ->
-    ok = disk_log:log(Log, Term).  
+    ok = disk_log:log(Log, Term).
 
 %% Write commit records to the latest_log
 log(C) when  C#commit.disc_copies == [],
@@ -283,7 +283,7 @@ previous_log_file() -> dir("PREVIOUS.LOG").
 decision_log_file() -> dir(decision_log_name()).
 
 decision_tab_file() -> dir(decision_tab_name()).
-    
+
 previous_decision_log_file() -> dir("PDECISION.LOG").
 
 latest_log_name() -> "LATEST.LOG".
@@ -297,10 +297,10 @@ init() ->
 	true ->
 	    Prev = previous_log_file(),
 	    verify_no_exists(Prev),
-	    
+
 	    Latest = latest_log_file(),
 	    verify_no_exists(Latest),
-	    
+
 	    Header = trans_log_header(),
 	    open_log(latest_log, Header, Latest);
 	false ->
@@ -346,20 +346,20 @@ open_log(Name, Header, Fname, Exists, Repair, Mode) ->
 	    write_header(Log, Header),
 	    Log;
 	{repaired, Log, _Recover, BadBytes} ->
-	    mnesia_lib:important("Data may be missing, log ~p repaired: Lost ~p bytes~n", 
+	    mnesia_lib:important("Data may be missing, log ~p repaired: Lost ~p bytes~n",
 				 [Fname, BadBytes]),
 	    Log;
 	{error, Reason} when Repair == true ->
 	    file:delete(Fname),
-	    mnesia_lib:important("Data may be missing, Corrupt logfile deleted: ~p, ~p ~n", 
+	    mnesia_lib:important("Data may be missing, Corrupt logfile deleted: ~p, ~p ~n",
 				 [Fname, Reason]),
-	    %% Create a new 
+	    %% Create a new
 	    open_log(Name, Header, Fname, false, false, read_write);
 	{error, Reason} ->
 	    fatal("Cannot open log file ~p: ~p~n", [Fname, Reason])
     end.
 
-write_header(Log, Header) -> 
+write_header(Log, Header) ->
     append(Log, Header).
 
 write_trans_log_header() ->
@@ -376,12 +376,12 @@ stop() ->
 close_log(Log) ->
 %%    io:format("mnesia_log:close_log ~p~n", [Log]),
 %%    io:format("mnesia_log:close_log ~p~n", [Log]),
-    case disk_log:sync(Log) of 
+    case disk_log:sync(Log) of
 	ok -> ok;
-	{error, {read_only_mode, Log}} -> 
+	{error, {read_only_mode, Log}} ->
 	    ok;
-	{error, Reason} -> 
-	    mnesia_lib:important("Failed syncing ~p to_disk reason ~p ~n", 
+	{error, Reason} ->
+	    mnesia_lib:important("Failed syncing ~p to_disk reason ~p ~n",
 				 [Log, Reason])
     end,
     mnesia_monitor:close_log(Log).
@@ -392,7 +392,7 @@ unsafe_close_log(Log) ->
 
 
 purge_some_logs() ->
-    mnesia_monitor:unsafe_close_log(latest_log), 
+    mnesia_monitor:unsafe_close_log(latest_log),
     file:delete(latest_log_file()),
     file:delete(decision_tab_file()).
 
@@ -466,10 +466,10 @@ chunk_log(Log, Cont) ->
 		  [Log, Reason]);
 	{C2, Chunk, _BadBytes} ->
 	    %% Read_only case, should we warn about the bad log file?
-	    %% BUGBUG Should we crash if Repair == false ?? 
+	    %% BUGBUG Should we crash if Repair == false ??
 	    %% We got to check this !!
 	    mnesia_lib:important("~p repaired, lost ~p bad bytes~n", [Log, _BadBytes]),
-	    {C2, Chunk}; 
+	    {C2, Chunk};
 	Other ->
 	    Other
     end.
@@ -492,7 +492,7 @@ open_decision_log() ->
     Latest = decision_log_file(),
     open_log(decision_log, decision_log_header(), Latest),
     start.
-    
+
 prepare_decision_log_dump() ->
     Prev = previous_decision_log_file(),
     prepare_decision_log_dump(exists(Prev), Prev).
@@ -586,11 +586,11 @@ view_file(C, Log) ->
 	    eof;
 	{C2, Terms, _BadBytes} ->
 	    dbg_out("Lost ~p bytes in ~p ~n", [_BadBytes, Log]),
-	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end, 
+	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end,
 			  Terms),
 	    view_file(C2, Log);
 	{C2, Terms} ->
-	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end, 
+	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end,
 			  Terms),
 	    view_file(C2, Log)
     end.
@@ -655,7 +655,7 @@ check_backup_args([Arg | Tail], B) ->
 check_backup_args([], B) ->
     {ok, B}.
 
-check_backup_arg_type(Arg, B) ->    
+check_backup_arg_type(Arg, B) ->
     case Arg of
 	{scope, global} ->
 	    B#backup_args{scope = global};
@@ -714,7 +714,7 @@ select_tables(AllTabs, B) ->
 
 safe_write(B, []) ->
     B;
-safe_write(B, Recs) ->	
+safe_write(B, Recs) ->
     safe_apply(B, write, [B#backup_args.opaque, Recs]).
 
 backup_schema(B, Tabs) ->
@@ -754,7 +754,7 @@ abort_write(B, What, Args, Reason) ->
 		  [Mod, abort_write, [Opaque], Other]),
 	    throw({error, Reason})
     end.
-	
+
 backup_tab(Tab, B) ->
     Name = B#backup_args.name,
     case mnesia_checkpoint:most_local_node(Name, Tab) of
@@ -768,7 +768,7 @@ backup_tab(Tab, B) ->
 	{error, Reason} ->
 	    abort_write(B, {?MODULE, backup_tab}, [Tab, B], {error, Reason})
     end.
-    
+
 tab_copier(Pid, B, Tab) when is_record(B, backup_args) ->
     %% Intentional crash at exit
     Name = B#backup_args.name,
@@ -829,7 +829,7 @@ handle_last(Pid, _Acc) ->
     exit(normal).
 
 iterate(B, Name, Tab, Pid, Source, Age, Pass, Acc) ->
-    Fun = 
+    Fun =
 	if
 	    Pid == self() ->
 		RecName = val({Tab, record_name}),
@@ -874,7 +874,7 @@ tab_receiver(Pid, B, Tab, RecName, Slot) ->
 	    Recs2 = rec_filter(B, Tab, RecName, Recs),
 	    B2 = safe_write(B, Recs2),
 	    tab_receiver(Pid, B2, Tab, RecName, Next);
-	
+
 	{Pid, {last, {ok,_}}} ->
 	    B;
 
@@ -885,7 +885,7 @@ tab_receiver(Pid, B, Tab, RecName, Slot) ->
 	    Reason = {error, {"Tab copier crashed", {'EXIT', R}}},
 	    abort_write(B, {?MODULE, remote_tab_sender}, [self(), B, Tab], Reason);
 	Msg ->
-	    R = {error, {"Tab receiver got unexpected msg", Msg}}, 
+	    R = {error, {"Tab receiver got unexpected msg", Msg}},
 	    abort_write(B, {?MODULE, remote_tab_sender}, [self(), B, Tab], R)
     end.
 
@@ -910,9 +910,9 @@ ets2dcd(Tab, Ftype) ->
 	case Ftype of
 	    dcd -> mnesia_lib:tab2dcd(Tab);
 	    dmp -> mnesia_lib:tab2dmp(Tab)
-	end,    
+	end,
     TmpF = mnesia_lib:tab2tmp(Tab),
-    file:delete(TmpF),    
+    file:delete(TmpF),
     Log  = open_log({Tab, ets2dcd}, dcd_log_header(), TmpF, false),
     mnesia_lib:db_fixtable(ram_copies, Tab, true),
     ok   = ets2dcd(mnesia_lib:db_init_chunk(ram_copies, Tab, 1000), Tab, Log),
@@ -926,8 +926,8 @@ ets2dcd(Tab, Ftype) ->
 
 ets2dcd('$end_of_table', _Tab, _Log) ->
     ok;
-ets2dcd({Recs, Cont}, Tab, Log) -> 
-    ok = disk_log:alog_terms(Log, Recs),     
+ets2dcd({Recs, Cont}, Tab, Log) ->
+    ok = disk_log:log_terms(Log, Recs),
     ets2dcd(mnesia_lib:db_chunk(ram_copies, Cont), Tab, Log).
 
 dcd2ets(Tab) ->
@@ -937,12 +937,12 @@ dcd2ets(Tab, Rep) ->
     Dcd = mnesia_lib:tab2dcd(Tab),
     case mnesia_lib:exists(Dcd) of
 	true ->
-	    Log = open_log({Tab, dcd2ets}, dcd_log_header(), Dcd, 
+	    Log = open_log({Tab, dcd2ets}, dcd_log_header(), Dcd,
 			   true, Rep, read_only),
 	    Data = chunk_log(Log, start),
 	    ok = insert_dcdchunk(Data, Log, Tab),
 	    close_log(Log),
-	    load_dcl(Tab, Rep); 
+	    load_dcl(Tab, Rep);
 	false -> %% Handle old dets files, and conversion from disc_only to disc.
 	    Fname = mnesia_lib:tab2dat(Tab),
 	    Type = val({Tab, setorbag}),
@@ -956,13 +956,13 @@ dcd2ets(Tab, Rep) ->
 	    end
     end.
 
-insert_dcdchunk({Cont, [LogH | Rest]}, Log, Tab) 
-  when is_record(LogH, log_header),  
-       LogH#log_header.log_kind == dcd_log, 
-       LogH#log_header.log_version >= "1.0" ->    
-    insert_dcdchunk({Cont, Rest}, Log, Tab);   
+insert_dcdchunk({Cont, [LogH | Rest]}, Log, Tab)
+  when is_record(LogH, log_header),
+       LogH#log_header.log_kind == dcd_log,
+       LogH#log_header.log_version >= "1.0" ->
+    insert_dcdchunk({Cont, Rest}, Log, Tab);
 
-insert_dcdchunk({Cont, Recs}, Log, Tab) ->     
+insert_dcdchunk({Cont, Recs}, Log, Tab) ->
     true = ets:insert(Tab, Recs),
     insert_dcdchunk(chunk_log(Log, Cont), Log, Tab);
 insert_dcdchunk(eof, _Log, _Tab) ->
@@ -971,13 +971,13 @@ insert_dcdchunk(eof, _Log, _Tab) ->
 load_dcl(Tab, Rep) ->
     FName = mnesia_lib:tab2dcl(Tab),
     case mnesia_lib:exists(FName) of
-	true -> 	    
+	true ->
 	    Name = {load_dcl,Tab},
-	    open_log(Name, 
-		     dcl_log_header(), 
-		     FName, 
+	    open_log(Name,
+		     dcl_log_header(),
+		     FName,
 		     true,
-		     Rep, 
+		     Rep,
 		     read_only),
 	    FirstChunk = chunk_log(Name, start),
             N = insert_logchunk(FirstChunk, Name, 0),
@@ -1015,10 +1015,10 @@ add_recs([{{Tab, Key}, Val, update_counter} | Rest], N) ->
 	    true = ets:insert(Tab, Zero)
     end,
     add_recs(Rest, N+1);
-add_recs([LogH|Rest], N) 
-  when is_record(LogH, log_header),  
-       LogH#log_header.log_kind == dcl_log, 
-       LogH#log_header.log_version >= "1.0" ->    
+add_recs([LogH|Rest], N)
+  when is_record(LogH, log_header),
+       LogH#log_header.log_kind == dcl_log,
+       LogH#log_header.log_version >= "1.0" ->
     add_recs(Rest, N);
 add_recs([{{Tab, _Key}, _Val, clear_table} | Rest], N) ->
     Size = ets:info(Tab, size),
diff --git a/lib/mnesia/src/mnesia_monitor.erl b/lib/mnesia/src/mnesia_monitor.erl
index 8cb2e92c08..c08bbc879f 100644
--- a/lib/mnesia/src/mnesia_monitor.erl
+++ b/lib/mnesia/src/mnesia_monitor.erl
@@ -80,9 +80,9 @@
 		going_down = [], tm_started = false, early_connects = [],
 		connecting, mq = []}).
 
--define(current_protocol_version,  {8,0}).
+-define(current_protocol_version,  {8,1}).
 
--define(previous_protocol_version, {7,6}).
+-define(previous_protocol_version, {8,0}).
 
 start() ->
     gen_server:start_link({local, ?MODULE}, ?MODULE,
@@ -188,7 +188,7 @@ protocol_version() ->
 %% A sorted list of acceptable protocols the
 %% preferred protocols are first in the list
 acceptable_protocol_versions() ->
-    [protocol_version(), ?previous_protocol_version].
+    [protocol_version(), ?previous_protocol_version, {7,6}].
 
 needs_protocol_conversion(Node) ->
     case {?catch_val({protocol, Node}), protocol_version()} of
@@ -417,6 +417,8 @@ handle_call({negotiate_protocol, Mon, Version, Protocols}, From, State)
 	    case hd(Protocols) of
 		?previous_protocol_version ->
 		    accept_protocol(Mon, MyVersion, ?previous_protocol_version, From, State);
+		{7,6} ->
+		    accept_protocol(Mon, MyVersion, {7,6}, From, State);
 		_ ->
 		    verbose("Connection with ~p rejected. "
 			    "version = ~p, protocols = ~p, "
diff --git a/lib/mnesia/src/mnesia_schema.erl b/lib/mnesia/src/mnesia_schema.erl
index 179e15197e..6e43052fb0 100644
--- a/lib/mnesia/src/mnesia_schema.erl
+++ b/lib/mnesia/src/mnesia_schema.erl
@@ -188,6 +188,7 @@ do_set_schema(Tab, Cs) ->
     [set({Tab, user_property, element(1, P)}, P) || P <- Cs#cstruct.user_properties],
     set({Tab, frag_properties}, Cs#cstruct.frag_properties),
     mnesia_frag:set_frag_hash(Tab, Cs#cstruct.frag_properties),
+    set({Tab, storage_properties}, Cs#cstruct.storage_properties),
     set({Tab, attributes}, Cs#cstruct.attributes),
     Arity = length(Cs#cstruct.attributes) + 1,
     set({Tab, arity}, Arity),
@@ -644,6 +645,14 @@ cs2list(Cs) when is_record(Cs, cstruct) ->
     rec2list(Tags, Tags, 2, Cs);
 cs2list(CreateList) when is_list(CreateList) ->
     CreateList;
+%% 4.6
+cs2list(Cs) when element(1, Cs) == cstruct, tuple_size(Cs) == 19 ->
+    Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
+	    load_order,access_mode,majority,index,snmp,local_content,
+	    record_name,attributes,
+	    user_properties,frag_properties,storage_properties,
+	    cookie,version],
+    rec2list(Tags, Tags, 2, Cs);
 %% 4.4.19
 cs2list(Cs) when element(1, Cs) == cstruct, tuple_size(Cs) == 18 ->
     Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
@@ -674,8 +683,17 @@ cs2list(ver4_4_19, Cs) ->
 	    load_order,access_mode,majority,index,snmp,local_content,
 	    record_name,attributes,user_properties,frag_properties,
 	    cookie,version],
+    rec2list(Tags, Orig, 2, Cs);
+cs2list(ver4_6, Cs) ->
+    Orig = record_info(fields, cstruct),
+    Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
+	    load_order,access_mode,majority,index,snmp,local_content,
+	    record_name,attributes,
+	    user_properties,frag_properties,storage_properties,
+	    cookie,version],
     rec2list(Tags, Orig, 2, Cs).
 
+
 rec2list([Tag | Tags], [Tag | Orig], Pos, Rec) ->
     Val = element(Pos, Rec),
     [{Tag, Val} | rec2list(Tags, Orig, Pos + 1, Rec)];
@@ -728,6 +746,29 @@ list2cs(List) when is_list(List) ->
     Frag = pick(Name, frag_properties, List, []),
     verify({alt, [nil, list]}, mnesia_lib:etype(Frag),
 	   {badarg, Name, {frag_properties, Frag}}),
+
+    BEProps = pick(Name, storage_properties, List, []),
+    verify({alt, [nil, list]}, mnesia_lib:etype(Ix),
+	   {badarg, Name, {storage_properties, BEProps}}),
+    CheckProp = fun(Opt, Opts) when is_atom(Opt) ->
+			lists:member(Opt, Opts)
+			    andalso mnesia:abort({badarg, Name, Opt});
+		   (Tuple, Opts) when is_tuple(Tuple) ->
+			lists:member(element(1,Tuple), Opts)
+			    andalso mnesia:abort({badarg, Name, Tuple});
+		   (What,_) ->
+			mnesia:abort({badarg, Name, What})
+		end,
+    BadEtsOpts = [set, ordered_set, bag, duplicate_bag,
+		  public, private, protected,
+		  keypos, named_table],
+    EtsOpts = proplists:get_value(ets, BEProps, []),
+    is_list(EtsOpts) orelse mnesia:abort({badarg, Name, {ets, EtsOpts}}),
+    [CheckProp(Prop, BadEtsOpts) || Prop <- EtsOpts],
+    BadDetsOpts = [type, keypos, repair, access, file],
+    DetsOpts = proplists:get_value(dets, BEProps, []),
+    is_list(DetsOpts) orelse mnesia:abort({badarg, Name, {dets, DetsOpts}}),
+    [CheckProp(Prop, BadDetsOpts) || Prop <- DetsOpts],
     #cstruct{name = Name,
              ram_copies = Rc,
              disc_copies = Dc,
@@ -743,6 +784,7 @@ list2cs(List) when is_list(List) ->
              attributes = Attrs,
              user_properties = lists:sort(UserProps),
 	     frag_properties = lists:sort(Frag),
+	     storage_properties = lists:sort(BEProps),
              cookie = Cookie,
              version = Version}.
 
@@ -1881,18 +1923,18 @@ prepare_op(Tid, {op, create_table, TabDef}, _WaitFor) ->
             mnesia:abort(UseDirReason);
 	ram_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_ram_table(Tab, Cs#cstruct.type),
+	    create_ram_table(Tab, Cs),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
 	disc_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_ram_table(Tab, Cs#cstruct.type),
+	    create_ram_table(Tab, Cs),
 	    create_disc_table(Tab),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
 	disc_only_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_disc_only_table(Tab,Cs#cstruct.type),
+	    create_disc_only_table(Tab,Cs),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
         unknown -> %% No replica on this node
@@ -2044,7 +2086,7 @@ prepare_op(_Tid, {op, change_table_copy_type,  N, FromS, ToS, TabDef}, _WaitFor)
 	    mnesia_dumper:raw_named_dump_table(Tab, dmp);
 	FromS == disc_only_copies ->
 	    Type = Cs#cstruct.type,
-	    create_ram_table(Tab, Type),
+	    create_ram_table(Tab, Cs),
 	    Datname = mnesia_lib:tab2dat(Tab),
 	    Repair = mnesia_monitor:get_env(auto_repair),
 	    case mnesia_lib:dets_to_ets(Tab, Tab, Datname, Type, Repair, no) of
@@ -2132,8 +2174,9 @@ prepare_op(_Tid, {op, merge_schema, TabDef}, _WaitFor) ->
 prepare_op(_Tid, _Op, _WaitFor) ->
     {true, optional}.
 
-create_ram_table(Tab, Type) ->
-    Args = [{keypos, 2}, public, named_table, Type],
+create_ram_table(Tab, #cstruct{type=Type, storage_properties=Props}) ->
+    EtsOpts = proplists:get_value(ets, Props, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case mnesia_monitor:unsafe_mktab(Tab, Args) of
 	Tab ->
 	    ok;
@@ -2141,6 +2184,7 @@ create_ram_table(Tab, Type) ->
 	    Err = "Failed to create ets table",
 	    mnesia:abort({system_limit, Tab, {Err,Reason}})
     end.
+
 create_disc_table(Tab) ->
     File = mnesia_lib:tab2dcd(Tab),
     file:delete(File),
@@ -2154,13 +2198,15 @@ create_disc_table(Tab) ->
 	    Err = "Failed to create disc table",
 	    mnesia:abort({system_limit, Tab, {Err,Reason}})
     end.
-create_disc_only_table(Tab,Type) ->
+create_disc_only_table(Tab, #cstruct{type=Type, storage_properties=Props}) ->
     File = mnesia_lib:tab2dat(Tab),
     file:delete(File),
+    DetsOpts = proplists:get_value(dets, Props, []),
     Args = [{file, mnesia_lib:tab2dat(Tab)},
 	    {type, mnesia_lib:disk_type(Tab, Type)},
 	    {keypos, 2},
-	    {repair, mnesia_monitor:get_env(auto_repair)}],
+	    {repair, mnesia_monitor:get_env(auto_repair)}
+	    | DetsOpts],
     case mnesia_monitor:unsafe_open_dets(Tab, Args) of
 	{ok, _} ->
 	    ok;
@@ -2688,17 +2734,17 @@ restore_schema([{schema, Tab, List} | Schema], R) ->
 	    R2 = R#r{tables = [{Tab, undefined, Snmp, RecName} | R#r.tables]},
 	    restore_schema(Schema, R2);
 	recreate_tables ->
-	    case ?catch_val({Tab, cstruct}) of
-		{'EXIT', _} ->
-		    TidTs = {_Mod, Tid, Ts} = get(mnesia_activity_state),
-		    RunningNodes = val({current, db_nodes}),
-		    Nodes = mnesia_lib:intersect(mnesia_lib:cs_to_nodes(list2cs(List)),
-						 RunningNodes),
-		    mnesia_locker:wlock_no_exist(Tid, Ts#tidstore.store, Tab, Nodes),
-		    TidTs;
-		_ ->
-		    TidTs = get_tid_ts_and_lock(Tab, write)
-	    end,
+	    TidTs = case ?catch_val({Tab, cstruct}) of
+			{'EXIT', _} ->
+			    TTs = {_Mod, Tid, Ts} = get(mnesia_activity_state),
+			    RunningNodes = val({current, db_nodes}),
+			    Nodes = mnesia_lib:intersect(mnesia_lib:cs_to_nodes(list2cs(List)),
+							 RunningNodes),
+			    mnesia_locker:wlock_no_exist(Tid, Ts#tidstore.store, Tab, Nodes),
+			    TTs;
+			_ ->
+			    get_tid_ts_and_lock(Tab, write)
+		    end,
 	    NC    = {cookie, ?unique_cookie},
 	    List2 = lists:keyreplace(cookie, 1, List, NC),
 	    Where = where_to_commit(Tab, List2),
@@ -2839,15 +2885,15 @@ do_merge_schema(LockTabs0) ->
     end.
 
 fetch_cstructs(Node) ->
-    case mnesia_monitor:needs_protocol_conversion(Node) of
-	true ->
+    case need_old_cstructs([Node]) of
+	false ->
+	    rpc:call(Node, mnesia_controller, get_remote_cstructs, []);
+	_Ver ->
 	    case rpc:call(Node, mnesia_controller, get_cstructs, []) of
 		{cstructs, Cs0, RR} ->
 		    {cstructs, [list2cs(cs2list(Cs)) || Cs <- Cs0], RR};
 		Err -> Err
-	    end;
-	false ->
-	    rpc:call(Node, mnesia_controller, get_remote_cstructs, [])
+	    end
     end.
 
 need_old_cstructs() ->
@@ -2868,7 +2914,9 @@ need_old_cstructs(Nodes) ->
 		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 17 ->
 		    ver4_4_18;			% Without majority
 		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 18 ->
-		    ver4_4_19			% With majority
+		    ver4_4_19;			% With majority
+		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 19 ->
+		    ver4_6			% With storage_properties
 	    end
     end.
 
diff --git a/lib/mnesia/src/mnesia_tm.erl b/lib/mnesia/src/mnesia_tm.erl
index f62f7cb7c8..0af7f55c06 100644
--- a/lib/mnesia/src/mnesia_tm.erl
+++ b/lib/mnesia/src/mnesia_tm.erl
@@ -36,7 +36,7 @@
 	 prepare_checkpoint/2,
 	 prepare_checkpoint/1, % Internal
 	 prepare_snmp/3,
-	 do_snmp/2,	 
+	 do_snmp/2,
 	 put_activity_id/1,
 	 put_activity_id/2,
 	 block_tab/1,
@@ -68,7 +68,7 @@
 	       majority = []
 	      }).
 
--record(participant, {tid, pid, commit, disc_nodes = [], 
+-record(participant, {tid, pid, commit, disc_nodes = [],
 		      ram_nodes = [], protocol = sym_trans}).
 
 start() ->
@@ -77,12 +77,12 @@ start() ->
 init(Parent) ->
     register(?MODULE, self()),
     process_flag(trap_exit, true),
-    
+
     %% Initialize the schema
     IgnoreFallback = mnesia_monitor:get_env(ignore_fallback_at_startup),
     mnesia_bup:tm_fallback_start(IgnoreFallback),
     mnesia_schema:init(IgnoreFallback),
-    
+
     %% Handshake and initialize transaction recovery
     mnesia_recover:init(),
     Early = mnesia_monitor:init(),
@@ -101,11 +101,11 @@ init(Parent) ->
 	false ->
 	    ignore
     end,
-    
+
     mnesia_schema:purge_tmp_files(),
     mnesia_recover:start_garb(),
-    
-    ?eval_debug_fun({?MODULE, init},  [{nodes, AllOthers}]),		   
+
+    ?eval_debug_fun({?MODULE, init},  [{nodes, AllOthers}]),
 
     case val(debug) of
 	Debug when Debug /= debug, Debug /= trace ->
@@ -118,8 +118,8 @@ init(Parent) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_); 
-	_VaLuE_ -> _VaLuE_ 
+	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_);
+	_VaLuE_ -> _VaLuE_
     end.
 
 reply({From,Ref}, R) ->
@@ -136,7 +136,7 @@ req(R) ->
 	undefined ->
 	    {error, {node_not_running, node()}};
 	Pid ->
-	    Ref = make_ref(), 
+	    Ref = make_ref(),
 	    Pid ! {{self(), Ref}, R},
 	    rec(Pid, Ref)
     end.
@@ -161,7 +161,7 @@ rec(Pid, Ref) ->
 	    Reply;
 	{'EXIT', Pid, _} ->
 	    {error, {node_not_running, node()}}
-    end.   
+    end.
 
 tmlink({From, Ref}) when is_reference(Ref) ->
     link(From);
@@ -209,7 +209,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
 	    end;
-	
+
 	{From, {sync_dirty, Tid, Commit, Tab}} ->
 	    case lists:member(Tab, State#state.blocked_tabs) of
 		false ->
@@ -220,7 +220,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
 	    end;
-	
+
 	{From, start_outer} -> %% Create and associate ets_tab with Tid
 	    case catch ?ets_new_table(mnesia_trans_store, [bag, public]) of
 		{'EXIT', Reason} -> %% system limit
@@ -236,16 +236,16 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    S2 = State#state{coordinators = A2},
 		    reply(From, {new_tid, Tid, Etab}, S2)
 	    end;
-	
+
 	{From, {ask_commit, Protocol, Tid, Commit, DiscNs, RamNs}} ->
-	    ?eval_debug_fun({?MODULE, doit_ask_commit}, 
+	    ?eval_debug_fun({?MODULE, doit_ask_commit},
 			    [{tid, Tid}, {prot, Protocol}]),
 	    mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
-	    Pid = 
+	    Pid =
 		case Protocol of
 		    asym_trans when node(Tid#tid.pid) /= node() ->
 			Args = [tmpid(From), Tid, Commit, DiscNs, RamNs],
-			spawn_link(?MODULE, commit_participant, Args);		
+			spawn_link(?MODULE, commit_participant, Args);
 		    _ when node(Tid#tid.pid) /= node() -> %% *_sym_trans
 			reply(From, {vote_yes, Tid}),
 			nopid
@@ -258,7 +258,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			     protocol = Protocol},
 	    State2 = State#state{participants = gb_trees:insert(Tid,P,Participants)},
 	    doit_loop(State2);
-	
+
 	{Tid, do_commit} ->
 	    case gb_trees:lookup(Tid, Participants) of
 		none ->
@@ -272,14 +272,14 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    Member = lists:member(node(), P#participant.disc_nodes),
 			    if Member == false ->
 				    ignore;
-			       P#participant.protocol == sym_trans -> 
+			       P#participant.protocol == sym_trans ->
 				    mnesia_log:log(Commit);
-			       P#participant.protocol == sync_sym_trans -> 
+			       P#participant.protocol == sync_sym_trans ->
 				    mnesia_log:slog(Commit)
 			    end,
 			    mnesia_recover:note_decision(Tid, committed),
 			    do_commit(Tid, Commit),
-			    if 
+			    if
 				P#participant.protocol == sync_sym_trans ->
 				    Tid#tid.pid ! {?MODULE, node(), {committed, Tid}};
 				true ->
@@ -296,13 +296,13 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    doit_loop(State)
 		    end
 	    end;
-	
+
 	{Tid, simple_commit} ->
 	    mnesia_recover:note_decision(Tid, committed),
 	    mnesia_locker:release_tid(Tid),
 	    transaction_terminated(Tid),
 	    doit_loop(State);
-	
+
 	{Tid, {do_abort, Reason}} ->
 	    ?eval_debug_fun({?MODULE, do_abort, pre}, [{tid, Tid}]),
 	    case gb_trees:lookup(Tid, Participants) of
@@ -317,7 +317,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    Commit = P#participant.commit,
 			    mnesia_recover:note_decision(Tid, aborted),
 			    do_abort(Tid, Commit),
-			    if 
+			    if
 				P#participant.protocol == sync_sym_trans ->
 				    Tid#tid.pid ! {?MODULE, node(), {aborted, Tid}};
 				true ->
@@ -335,7 +335,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    doit_loop(State)
 		    end
 	    end;
-	
+
 	{From, {add_store, Tid}} -> %% new store for nested  transaction
 	    case catch ?ets_new_table(mnesia_trans_store, [bag, public]) of
 		{'EXIT', Reason} -> %% system limit
@@ -355,14 +355,14 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 
 	{'EXIT', Pid, Reason} ->
 	    handle_exit(Pid, Reason, State);
-	
+
 	{From, {restart, Tid, Store}} ->
 	    A2 = restore_stores(Coordinators, Tid, Store),
 	    clear_fixtable([Store]),
 	    ?ets_match_delete(Store, '_'),
 	    ?ets_insert(Store, {nodes, node()}),
 	    reply(From, {restarted, Tid}, State#state{coordinators = A2});
-	
+
 	{delete_transaction, Tid} ->
 	    %% used to clear transactions which are committed
 	    %% in coordinator or participant processes
@@ -377,7 +377,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    clear_fixtable(Etabs),
 			    erase_ets_tabs(Etabs),
 			    transaction_terminated(Tid),
-			    doit_loop(State#state{coordinators = 
+			    doit_loop(State#state{coordinators =
 						  gb_trees:delete(Tid,Coordinators)})
 		    end;
 		true ->
@@ -385,20 +385,20 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{participants=gb_trees:delete(Tid,Participants)},
 		    doit_loop(State2)
 	    end;
-	
+
 	{sync_trans_serial, Tid} ->
 	    %% Do the Lamport thing here
 	    mnesia_recover:sync_trans_tid_serial(Tid),
 	    doit_loop(State);
-	    
+
 	{From, info} ->
-	    reply(From, {info, gb_trees:values(Participants), 
+	    reply(From, {info, gb_trees:values(Participants),
 			 gb_trees:to_list(Coordinators)}, State);
-	
+
 	{mnesia_down, N} ->
 	    verbose("Got mnesia_down from ~p, reconfiguring...~n", [N]),
 	    reconfigure_coordinators(N, gb_trees:to_list(Coordinators)),
-	    
+
 	    Tids = gb_trees:keys(Participants),
 	    reconfigure_participants(N, gb_trees:values(Participants)),
 	    NewState = clear_fixtable(N, State),
@@ -408,34 +408,34 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 	{From, {unblock_me, Tab}} ->
 	    case lists:member(Tab, State#state.blocked_tabs) of
 		false ->
-		    verbose("Wrong dirty Op blocked on ~p ~p ~p", 
+		    verbose("Wrong dirty Op blocked on ~p ~p ~p",
 			    [node(), Tab, From]),
 		    reply(From, unblocked),
 		    doit_loop(State);
 		true ->
-		    Item = {Tab, unblock_me, From}, 
+		    Item = {Tab, unblock_me, From},
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
-	    end;	    
-	
+	    end;
+
 	{From, {block_tab, Tab}} ->
 	    State2 = State#state{blocked_tabs = [Tab | State#state.blocked_tabs]},
 	    reply(From, ok, State2);
-	
+
 	{From, {unblock_tab, Tab}} ->
 	    BlockedTabs2 = State#state.blocked_tabs -- [Tab],
 	    case lists:member(Tab, BlockedTabs2) of
 		false ->
 		    mnesia_controller:unblock_table(Tab),
 		    Queue = process_dirty_queue(Tab, State#state.dirty_queue),
-		    State2 = State#state{blocked_tabs = BlockedTabs2, 
+		    State2 = State#state{blocked_tabs = BlockedTabs2,
 					 dirty_queue = Queue},
 		    reply(From, ok, State2);
 		true ->
 		    State2 = State#state{blocked_tabs = BlockedTabs2},
 		    reply(From, ok, State2)
 	    end;
-	
+
 	{From, {prepare_checkpoint, Cp}} ->
 	    Res = mnesia_checkpoint:tm_prepare(Cp),
 	    case Res of
@@ -448,18 +448,18 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 	    reply(From, Res, State);
 	{From, {fixtable, [Tab,Lock,Requester]}} ->
 	    case ?catch_val({Tab, storage_type}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    reply(From, error, State);
 		Storage ->
 		    mnesia_lib:db_fixtable(Storage,Tab,Lock),
 		    NewState = manage_fixtable(Tab,Lock,Requester,State),
 		    reply(From, node(), NewState)
 	    end;
-	
+
 	{system, From, Msg} ->
 	    dbg_out("~p got {system, ~p, ~p}~n", [?MODULE, From, Msg]),
 	    sys:handle_system_msg(Msg, From, Sup, ?MODULE, [], State);
-	
+
 	Msg ->
 	    verbose("** ERROR ** ~p got unexpected message: ~p~n", [?MODULE, Msg]),
 	    doit_loop(State)
@@ -508,7 +508,7 @@ prepare_pending_coordinators([{Tid, [Store | _Etabs]} | Coords], IgnoreNew) ->
 		    ignore
 	    end,
 	    prepare_pending_coordinators(Coords, IgnoreNew);
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    prepare_pending_coordinators(Coords, IgnoreNew)
     end;
 prepare_pending_coordinators([], _IgnoreNew) ->
@@ -538,7 +538,7 @@ handle_exit(Pid, _Reason, State) when Pid == State#state.supervisor ->
 
 handle_exit(Pid, Reason, State) ->
     %% Check if it is a coordinator
-    case pid_search_delete(Pid, gb_trees:to_list(State#state.coordinators)) of 
+    case pid_search_delete(Pid, gb_trees:to_list(State#state.coordinators)) of
 	{none, _} ->
 	    %% Check if it is a participant
 	    Ps = gb_trees:values(State#state.participants),
@@ -552,9 +552,9 @@ handle_exit(Pid, Reason, State) ->
 		    NewPs = gb_trees:delete(P#participant.tid,State#state.participants),
 		    doit_loop(State#state{participants = NewPs})
 	    end;
-	
+
 	{{Tid, Etabs}, RestC} ->
-	    %% A local coordinator has died and 
+	    %% A local coordinator has died and
 	    %% we must determine the outcome of the
 	    %% transaction and tell mnesia_tm on the
 	    %% other nodes about it and then recover
@@ -578,7 +578,7 @@ recover_coordinator(Tid, Etabs) ->
 	    %% Tell the participants about the outcome
 	    Protocol = Prep#prep.protocol,
 	    Outcome = tell_outcome(Tid, Protocol, node(), CheckNodes, TellNodes),
-	    
+
 	    %% Recover locally
 	    CR = Prep#prep.records,
 	    {DiscNs, RamNs} = commit_nodes(CR, [], []),
@@ -589,7 +589,7 @@ recover_coordinator(Tid, Etabs) ->
 		    recover_coordinator(Tid, Protocol, Outcome, Local, DiscNs, RamNs),
 		    ?eval_debug_fun({?MODULE, recover_coordinator, post},
 				    [{tid, Tid}, {outcome, Outcome}, {prot, Protocol}]);
-		false ->  %% When killed before store havn't been copied to 
+		false ->  %% When killed before store havn't been copied to
 		    ok    %% to the new nested trans store.
 	    end
     end,
@@ -610,12 +610,12 @@ recover_coordinator(Tid, sync_sym_trans, aborted, _Local, _, _) ->
 
 recover_coordinator(Tid, asym_trans, committed, Local, DiscNs, RamNs) ->
     D = #decision{tid = Tid, outcome = committed,
-		  disc_nodes = DiscNs, ram_nodes = RamNs},		
+		  disc_nodes = DiscNs, ram_nodes = RamNs},
     mnesia_recover:log_decision(D),
     do_commit(Tid, Local);
 recover_coordinator(Tid, asym_trans, aborted, Local, DiscNs, RamNs) ->
     D = #decision{tid = Tid, outcome = aborted,
- 		  disc_nodes = DiscNs, ram_nodes = RamNs},		
+		  disc_nodes = DiscNs, ram_nodes = RamNs},
     mnesia_recover:log_decision(D),
     do_abort(Tid, Local).
 
@@ -631,7 +631,7 @@ add_coord_store(Coords, Tid, Etab) ->
 
 del_coord_store(Coords, Tid, Current, Obsolete) ->
     Stores = gb_trees:get(Tid, Coords),
-    Rest = 
+    Rest =
     	case Stores of
     	    [Obsolete, Current | Tail] -> Tail;
     	    [Current, Obsolete | Tail] -> Tail
@@ -642,14 +642,14 @@ del_coord_store(Coords, Tid, Current, Obsolete) ->
 erase_ets_tabs([H | T]) ->
     ?ets_delete_table(H),
     erase_ets_tabs(T);
-erase_ets_tabs([]) -> 
+erase_ets_tabs([]) ->
     ok.
 
 %% Clear one transactions all fixtables
 clear_fixtable([Store|_]) ->
     Fixed = get_elements(fixtable, Store),
     lists:foreach(fun({Tab,Node}) ->
-			  rpc:cast(Node, ?MODULE, fixtable, [Tab,false,self()]) 
+			  rpc:cast(Node, ?MODULE, fixtable, [Tab,false,self()])
 		  end, Fixed).
 
 %% Clear all fixtable Node have done
@@ -661,7 +661,7 @@ clear_fixtable(Node, State=#state{fixed_tabs = FT0}) ->
 	    lists:foreach(
 	      fun(Tab) ->
 		      case ?catch_val({Tab, storage_type}) of
-			  {'EXIT', _} -> 
+			  {'EXIT', _} ->
 			      ignore;
 			  Storage ->
 			      mnesia_lib:db_fixtable(Storage,Tab,false)
@@ -680,9 +680,9 @@ manage_fixtable(Tab,true,Requester,State=#state{fixed_tabs = FT0}) ->
     end;
 manage_fixtable(Tab,false,Requester,State = #state{fixed_tabs = FT0}) ->
     Node = node(Requester),
-    case mnesia_lib:key_search_delete(Node, 1, FT0) of 
+    case mnesia_lib:key_search_delete(Node, 1, FT0) of
 	{none,_FT} -> State; % Hmm? Safeguard
-	{{Node, Tabs0},FT} -> 
+	{{Node, Tabs0},FT} ->
 	    case lists:delete(Tab, Tabs0) of
 		[] -> State#state{fixed_tabs=FT};
 		Tabs -> State#state{fixed_tabs=[{Node,Tabs}|FT]}
@@ -691,7 +691,7 @@ manage_fixtable(Tab,false,Requester,State = #state{fixed_tabs = FT0}) ->
 
 %% Deletes a pid from a list of participants
 %% or from a gb_trees of coordinators
-%% {none, All} or {Tr, Rest} 
+%% {none, All} or {Tr, Rest}
 pid_search_delete(Pid, Trs) ->
     pid_search_delete(Pid, Trs, none, []).
 pid_search_delete(Pid, [Tr = {Tid, _Ts} | Trs], _Val, Ack) when Tid#tid.pid == Pid ->
@@ -701,7 +701,7 @@ pid_search_delete(Pid, [Tr | Trs], Val, Ack) ->
 
 pid_search_delete(_Pid, [], Val, Ack) ->
     {Val, gb_trees:from_orddict(lists:reverse(Ack))}.
- 
+
 transaction_terminated(Tid)  ->
     mnesia_checkpoint:tm_exit_pending(Tid),
     Pid = Tid#tid.pid,
@@ -713,14 +713,14 @@ transaction_terminated(Tid)  ->
     end.
 
 %% If there are an surrounding transaction, we inherit it's context
-non_transaction(OldState={_,_,Trans}, Fun, Args, ActivityKind, Mod) 
+non_transaction(OldState={_,_,Trans}, Fun, Args, ActivityKind, Mod)
   when Trans /= non_transaction ->
-    Kind = case ActivityKind of 
+    Kind = case ActivityKind of
 	       sync_dirty -> sync;
 	       _ -> async
 	   end,
     case transaction(OldState, Fun, Args, infinity, Mod, Kind) of
-	{atomic, Res} -> 
+	{atomic, Res} ->
 	    Res;
 	{aborted,Res} ->
 	    exit(Res)
@@ -766,7 +766,7 @@ transaction(OldTidTs, Fun, Args, Retries, Mod, Type) ->
 
 execute_outer(Mod, Fun, Args, Factor, Retries, Type) ->
     case req(start_outer) of
-	{error, Reason} -> 
+	{error, Reason} ->
 	    {aborted, Reason};
 	{new_tid, Tid, Store} ->
 	    Ts = #tidstore{store = Store},
@@ -792,7 +792,7 @@ execute_inner(Mod, Tid, OldMod, Ts, Fun, Args, Factor, Retries, Type) ->
 
 copy_ets(From, To) ->
     do_copy_ets(?ets_first(From), From, To).
-do_copy_ets('$end_of_table', _,_) -> 
+do_copy_ets('$end_of_table', _,_) ->
     ok;
 do_copy_ets(K, From, To) ->
     Objs = ?ets_lookup(From, K),
@@ -813,7 +813,7 @@ execute_transaction(Fun, Args, Factor, Retries, Type) ->
 	    mnesia_lib:incr_counter(trans_commits),
 	    erase(mnesia_activity_state),
 	    %% no need to clear locks, already done by commit ...
-	    %% Flush any un processed mnesia_down messages we might have 
+	    %% Flush any un processed mnesia_down messages we might have
 	    flush_downs(),
 	    catch unlink(whereis(?MODULE)),
 	    {atomic, Value};
@@ -846,7 +846,7 @@ check_exit(Fun, Args, Factor, Retries, Reason, Type) ->
 	    maybe_restart(Fun, Args, Factor, Retries, Type, {node_not_running, N});
 	{aborted, {bad_commit, N}} ->
 	    maybe_restart(Fun, Args, Factor, Retries, Type, {bad_commit, N});
-	_ -> 
+	_ ->
 	    return_abort(Fun, Args, Reason)
     end.
 
@@ -888,11 +888,11 @@ restart(Mod, Tid, Ts, Fun, Args, Factor0, Retries0, Type, Why) ->
 	    SleepTime = mnesia_lib:random_time(Factor, Tid#tid.counter),
 	    dbg_out("Restarting transaction ~w: in ~wms ~w~n", [Tid, SleepTime, Why]),
 	    timer:sleep(SleepTime),
-	    execute_outer(Mod, Fun, Args, Factor, Retries, Type);	
+	    execute_outer(Mod, Fun, Args, Factor, Retries, Type);
 	_ ->
 	    SleepTime = mnesia_lib:random_time(Factor0, Tid#tid.counter),
 	    dbg_out("Restarting transaction ~w: in ~wms ~w~n", [Tid, SleepTime, Why]),
-	    
+
 	    if
 		Factor0 /= 10 ->
 		    ignore;
@@ -911,7 +911,7 @@ restart(Mod, Tid, Ts, Fun, Args, Factor0, Retries0, Type, Why) ->
 	    mnesia_locker:receive_release_tid_acc(Nodes, Tid),
 	    case get_restarted(Tid) of
 		{restarted, Tid} ->
-		    execute_transaction(Fun, Args, Factor0 + 1, 
+		    execute_transaction(Fun, Args, Factor0 + 1,
 					Retries, Type);
 		{error, Reason} ->
 		    mnesia:abort(Reason)
@@ -934,7 +934,7 @@ decr(_X) -> 0.
 
 return_abort(Fun, Args, Reason)  ->
     {_Mod, Tid, Ts} = get(mnesia_activity_state),
-    dbg_out("Transaction ~p calling ~p with ~p failed: ~n ~p~n", 
+    dbg_out("Transaction ~p calling ~p with ~p failed: ~n ~p~n",
 	    [Tid, Fun, Args, Reason]),
     OldStore = Ts#tidstore.store,
     Nodes = get_elements(nodes, OldStore),
@@ -945,7 +945,7 @@ return_abort(Fun, Args, Reason)  ->
 	Level == 1 ->
 	    mnesia_locker:async_release_tid(Nodes, Tid),
 	    ?MODULE ! {delete_transaction, Tid},
-	    erase(mnesia_activity_state),	    
+	    erase(mnesia_activity_state),
 	    flush_downs(),
 	    catch unlink(whereis(?MODULE)),
 	    {aborted, mnesia_lib:fix_error(Reason)};
@@ -958,14 +958,14 @@ return_abort(Fun, Args, Reason)  ->
 			      level = Level - 1},
 	    NewTidTs = {OldMod, Tid, Ts2},
 	    put(mnesia_activity_state, NewTidTs),
-	    case Reason of 
+	    case Reason of
 		#cyclic{} ->
 		    exit({aborted, Reason});
-		{node_not_running, _N} -> 
+		{node_not_running, _N} ->
 		    exit({aborted, Reason});
-		{bad_commit, _N}-> 
+		{bad_commit, _N}->
 		    exit({aborted, Reason});
-		_ -> 
+		_ ->
 		    {aborted, mnesia_lib:fix_error(Reason)}
 	    end
     end.
@@ -982,10 +982,10 @@ put_activity_id(MTT) ->
     put_activity_id(MTT, undefined).
 put_activity_id(undefined,_) ->
     erase_activity_id();
-put_activity_id({Mod, Tid = #tid{}, Ts = #tidstore{}},Fun) ->    
+put_activity_id({Mod, Tid = #tid{}, Ts = #tidstore{}},Fun) ->
     flush_downs(),
     Store = Ts#tidstore.store,
-    if 
+    if
 	is_function(Fun) ->
 	    ?ets_insert(Store, {friends, {stop,Fun}});
 	true ->
@@ -1000,14 +1000,14 @@ erase_activity_id() ->
     flush_downs(),
     erase(mnesia_activity_state).
 
-get_elements(Type,Store) ->    
+get_elements(Type,Store) ->
     case catch ?ets_lookup(Store, Type) of
 	[] -> [];
 	[{_,Val}] -> [Val];
 	{'EXIT', _} -> [];
 	Vals -> [Val|| {_,Val} <- Vals]
     end.
-    
+
 opt_propagate_store(_Current, _Obsolete, false) ->
     ok;
 opt_propagate_store(Current, Obsolete, true) ->
@@ -1030,8 +1030,8 @@ intercept_best_friend([],_) ->    ok;
 intercept_best_friend([{stop,Fun} | R],Ignore) ->
     catch Fun(),
     intercept_best_friend(R,Ignore);
-intercept_best_friend([Pid | R],false) ->    
-    Pid ! {activity_ended, undefined, self()}, 
+intercept_best_friend([Pid | R],false) ->
+    Pid ! {activity_ended, undefined, self()},
     wait_for_best_friend(Pid, 0),
     intercept_best_friend(R,true);
 intercept_best_friend([_|R],true) ->
@@ -1047,18 +1047,18 @@ wait_for_best_friend(Pid, Timeout) ->
 		false -> ok
 	    end
     end.
-    
+
 my_process_is_alive(Pid) ->
     case catch erlang:is_process_alive(Pid) of % New BIF in R5
-	true -> 
+	true ->
 	    true;
-	false -> 
+	false ->
 	    false;
-	{'EXIT', _} -> % Pre R5 backward compatibility 
+	{'EXIT', _} -> % Pre R5 backward compatibility
 	    case process_info(Pid, message_queue_len) of
 		undefined -> false;
 		_ -> true
-	    end 
+	    end
     end.
 
 dirty(Protocol, Item) ->
@@ -1070,12 +1070,12 @@ dirty(Protocol, Item) ->
 	async_dirty ->
 	    %% Send commit records to the other involved nodes,
 	    %% but do only wait for one node to complete.
-	    %% Preferrably, the local node if possible. 
-		    
+	    %% Preferrably, the local node if possible.
+
 	    ReadNode = val({Tab, where_to_read}),
 	    {WaitFor, FirstRes} = async_send_dirty(Tid, CR, Tab, ReadNode),
 	    rec_dirty(WaitFor, FirstRes);
-		
+
 	sync_dirty ->
 	    %% Send commit records to the other involved nodes,
 	    %% and wait for all nodes to complete
@@ -1097,7 +1097,7 @@ t_commit(Type) ->
     if
 	Ts#tidstore.level == 1 ->
 	    intercept_friends(Tid, Ts),
-	    %% N is number of updates 
+	    %% N is number of updates
 	    case arrange(Tid, Store, Type) of
 		{N, Prep} when N > 0 ->
 		    multi_commit(Prep#prep.protocol,
@@ -1135,8 +1135,8 @@ arrange(Tid, Store, Type) ->
     Recs = prep_recs(Nodes, []),
     Key = ?ets_first(Store),
     N = 0,
-    Prep = 
-	case Type of 
+    Prep =
+	case Type of
 	    async -> #prep{protocol = sym_trans, records = Recs};
 	    sync -> #prep{protocol = sync_sym_trans, records = Recs}
 	end,
@@ -1146,7 +1146,7 @@ arrange(Tid, Store, Type) ->
 	    case Reason of
 		{aborted, R} ->
 		    mnesia:abort(R);
-		_ -> 
+		_ ->
 		    mnesia:abort(Reason)
 	    end;
 	{New, Prepared} ->
@@ -1155,7 +1155,7 @@ arrange(Tid, Store, Type) ->
 
 reverse([]) ->
     [];
-reverse([H=#commit{ram_copies=Ram, disc_copies=DC, 
+reverse([H=#commit{ram_copies=Ram, disc_copies=DC,
 		   disc_only_copies=DOC,snmp = Snmp}
 	 |R]) ->
     [
@@ -1164,7 +1164,7 @@ reverse([H=#commit{ram_copies=Ram, disc_copies=DC,
        disc_copies      =  lists:reverse(DC),
        disc_only_copies =  lists:reverse(DOC),
        snmp             = lists:reverse(Snmp)
-      }  
+      }
      | reverse(R)].
 
 prep_recs([N | Nodes], Recs) ->
@@ -1191,7 +1191,7 @@ do_arrange(Tid, Store, RestoreKey, Prep, N) when RestoreKey == restore_op ->
 	     (BupRec, CommitRecs, RecName, Where, Snmp) ->
 		  Tab = element(1, BupRec),
 		  Key = element(2, BupRec),
-		  Item = 
+		  Item =
 		      if
 			  Tab == RecName ->
 			      [{{Tab, Key}, BupRec, write}];
@@ -1200,7 +1200,7 @@ do_arrange(Tid, Store, RestoreKey, Prep, N) when RestoreKey == restore_op ->
 			      [{{Tab, Key}, BupRec2, write}]
 		      end,
 		  do_prepare_items(Tid, Tab, Key, Where, Snmp, Item, CommitRecs)
-	  end,	  
+	  end,
     Recs2 = mnesia_schema:arrange_restore(R, Fun, Prep#prep.records),
     P2 = Prep#prep{protocol = asym_trans, records = Recs2},
     do_arrange(Tid, Store, ?ets_next(Store, RestoreKey), P2, N + 1);
@@ -1222,20 +1222,20 @@ prepare_items(Tid, Tab, Key, Items, Prep) when Prep#prep.prev_tab == Tab ->
     Recs = Prep#prep.records,
     Recs2 = do_prepare_items(Tid, Tab, Key, Types, Snmp, Items, Recs),
     Prep#prep{records = Recs2};
-    
+
 prepare_items(Tid, Tab, Key, Items, Prep) ->
     Types = val({Tab, where_to_commit}),
     case Types of
 	[] -> mnesia:abort({no_exists, Tab});
-	{blocked, _} -> 
+	{blocked, _} ->
 	    unblocked = req({unblock_me, Tab}),
 	    prepare_items(Tid, Tab, Key, Items, Prep);
 	_ ->
 	    Majority = needs_majority(Tab, Prep),
 	    Snmp = val({Tab, snmp}),
-	    Recs2 = do_prepare_items(Tid, Tab, Key, Types, 
+	    Recs2 = do_prepare_items(Tid, Tab, Key, Types,
 				     Snmp, Items, Prep#prep.records),
-	    Prep2 = Prep#prep{records = Recs2, prev_tab = Tab, 
+	    Prep2 = Prep#prep{records = Recs2, prev_tab = Tab,
 			      majority = Majority,
 			      prev_types = Types, prev_snmp = Snmp},
 	    check_prep(Prep2, Types)
@@ -1273,7 +1273,7 @@ have_majority([{Tab, AllNodes} | Rest], Nodes) ->
     end.
 
 prepare_snmp(Tab, Key, Items) ->
-    case val({Tab, snmp}) of 
+    case val({Tab, snmp}) of
 	[] ->
 	    [];
 	Ustruct when Key /= '_' ->
@@ -1286,10 +1286,10 @@ prepare_snmp(Tab, Key, Items) ->
 	    [{clear_table, Tab}]
     end.
 
-prepare_snmp(_Tid, _Tab, _Key, _Types, [], _Items, Recs) -> 
+prepare_snmp(_Tid, _Tab, _Key, _Types, [], _Items, Recs) ->
     Recs;
 
-prepare_snmp(Tid, Tab, Key, Types, Us, Items, Recs) -> 
+prepare_snmp(Tid, Tab, Key, Types, Us, Items, Recs) ->
     if Key /= '_' ->
 	    {_Oid, _Val, Op} = hd(Items),
 	    SnmpOid = mnesia_snmp_hook:key_to_oid(Tab, Key, Us), % May exit
@@ -1334,7 +1334,7 @@ prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind == snmp ->
     Rec2 = Rec#commit{snmp = [Item | Rec#commit.snmp]},
     prepare_node(Node, Storage, Items, Rec2, Kind);
 prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind /= schema ->
-    Rec2 = 
+    Rec2 =
 	case Storage of
 	    ram_copies ->
 		Rec#commit{ram_copies = [Item | Rec#commit.ram_copies]};
@@ -1345,7 +1345,7 @@ prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind /= schema ->
 			   [Item | Rec#commit.disc_only_copies]}
 	end,
     prepare_node(Node, Storage, Items, Rec2, Kind);
-prepare_node(_Node, _Storage, Items, Rec, Kind) 
+prepare_node(_Node, _Storage, Items, Rec, Kind)
   when Kind == schema, Rec#commit.schema_ops == []  ->
     Rec#commit{schema_ops = Items};
 prepare_node(_Node, _Storage, [], Rec, _Kind) ->
@@ -1354,7 +1354,7 @@ prepare_node(_Node, _Storage, [], Rec, _Kind) ->
 %% multi_commit((Protocol, Tid, CommitRecords, Store)
 %% Local work is always performed in users process
 multi_commit(read_only, _Maj = [], Tid, CR, _Store) ->
-    %% This featherweight commit protocol is used when no 
+    %% This featherweight commit protocol is used when no
     %% updates has been performed in the transaction.
 
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
@@ -1381,11 +1381,11 @@ multi_commit(sym_trans, _Maj = [], Tid, CR, Store) ->
     %%    perform the updates.
     %%
     %%    The outcome is kept 3 minutes in the transient decision table.
-    %%    
+    %%
     %% Recovery:
     %%    If somebody dies before the coordinator has
     %%    broadcasted do_commit, the transaction is aborted.
-    %%    
+    %%
     %%    If a participant dies, the table load algorithm
     %%    ensures that the contents of the involved tables
     %%    are picked from another node.
@@ -1394,15 +1394,15 @@ multi_commit(sym_trans, _Maj = [], Tid, CR, Store) ->
     %%    the outcome with all the others. If all are uncertain
     %%    about the outcome, the transaction is aborted. If
     %%    somebody knows the outcome the others will follow.
-    
+
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
 
     {WaitFor, Local} = ask_commit(sym_trans, Tid, CR, DiscNs, RamNs),
-    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []), 
-    ?eval_debug_fun({?MODULE, multi_commit_sym}, 
-		    [{tid, Tid}, {outcome, Outcome}]), 
+    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []),
+    ?eval_debug_fun({?MODULE, multi_commit_sym},
+		    [{tid, Tid}, {outcome, Outcome}]),
     rpc:abcast(DiscNs -- [node()], ?MODULE, {Tid, Outcome}),
     rpc:abcast(RamNs -- [node()], ?MODULE, {Tid, Outcome}),
     case Outcome of
@@ -1422,15 +1422,15 @@ multi_commit(sync_sym_trans, _Maj = [], Tid, CR, Store) ->
     %%   This protocol is the same as sym_trans except that it
     %%   uses syncronized calls to disk_log and syncronized commits
     %%   when several nodes are involved.
-    
+
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
 
     {WaitFor, Local} = ask_commit(sync_sym_trans, Tid, CR, DiscNs, RamNs),
-    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []), 
-    ?eval_debug_fun({?MODULE, multi_commit_sym_sync}, 
-		    [{tid, Tid}, {outcome, Outcome}]), 
+    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []),
+    ?eval_debug_fun({?MODULE, multi_commit_sym_sync},
+		    [{tid, Tid}, {outcome, Outcome}]),
     [?ets_insert(Store, {waiting_for_commit_ack, Node}) || Node <- WaitFor],
     rpc:abcast(DiscNs -- [node()], ?MODULE, {Tid, Outcome}),
     rpc:abcast(RamNs -- [node()], ?MODULE, {Tid, Outcome}),
@@ -1451,7 +1451,7 @@ multi_commit(sync_sym_trans, _Maj = [], Tid, CR, Store) ->
     Outcome;
 
 multi_commit(asym_trans, Majority, Tid, CR, Store) ->
-    %% This more expensive commit protocol is used when 
+    %% This more expensive commit protocol is used when
     %% table definitions are changed (schema transactions).
     %% It is also used when the involved tables are
     %% replicated asymetrically. If the storage type differs
@@ -1462,14 +1462,14 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%   commit record and votes yes or no depending of the
     %%   outcome of the prepare. The preparation is also performed
     %%   by the coordinator.
-    %%   
+    %%
     %% 2a Somebody has died or voted no
     %%    Tell all yes voters to do_abort
     %% 2b Everybody has voted yes
     %%    Put a unclear marker in the log.
     %%    Tell the others to pre_commit. I.e. that they should
     %%    put a unclear marker in the log and reply
-    %%    acc_pre_commit when they are done. 
+    %%    acc_pre_commit when they are done.
     %%
     %% 3a Somebody died
     %%    Tell the remaining participants to do_abort
@@ -1492,7 +1492,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%    If we have no unclear marker in the log we may
     %%    safely abort, since we know that nobody may have
     %%    decided to commit yet.
-    %%    
+    %%
     %%    If we have a committed marker in the log we may
     %%    safely commit since we know that everybody else
     %%    also will come to this conclusion.
@@ -1506,7 +1506,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%    up. When all involved nodes are up and uncertain,
     %%    we decide to commit (first put a committed marker
     %%    in the log, then do the updates).
-    
+
     D = #decision{tid = Tid, outcome = presume_abort},
     {D2, CR2} = commit_decision(D, CR, [], []),
     DiscNs = D2#decision.disc_nodes,
@@ -1518,10 +1518,10 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
     {WaitFor, Local} = ask_commit(asym_trans, Tid, CR2, DiscNs, RamNs),
-    SchemaPrep = (catch mnesia_schema:prepare_commit(Tid, Local, {coord, WaitFor})), 
-    {Votes, Pids} = rec_all(WaitFor, Tid, do_commit, []), 
-    
-    ?eval_debug_fun({?MODULE, multi_commit_asym_got_votes}, 
+    SchemaPrep = (catch mnesia_schema:prepare_commit(Tid, Local, {coord, WaitFor})),
+    {Votes, Pids} = rec_all(WaitFor, Tid, do_commit, []),
+
+    ?eval_debug_fun({?MODULE, multi_commit_asym_got_votes},
 		    [{tid, Tid}, {votes, Votes}]),
     case Votes of
 	do_commit ->
@@ -1530,20 +1530,20 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
 		    mnesia_log:log(C), % C is not a binary
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_log_commit_rec},
 				    [{tid, Tid}]),
-		    
+
 		    D3 = C#commit.decision,
-		    D4 = D3#decision{outcome = unclear},		
-		    mnesia_recover:log_decision(D4),			
+		    D4 = D3#decision{outcome = unclear},
+		    mnesia_recover:log_decision(D4),
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_log_commit_dec},
 				    [{tid, Tid}]),
 		    tell_participants(Pids, {Tid, pre_commit}),
 		    %% Now we are uncertain and we do not know
 		    %% if all participants have logged that
 		    %% they are uncertain or not
-		    rec_acc_pre_commit(Pids, Tid, Store, {C,Local}, 
+		    rec_acc_pre_commit(Pids, Tid, Store, {C,Local},
 				       do_commit, DumperMode, [], []);
 		{'EXIT', Reason} ->
-		    %% The others have logged the commit 
+		    %% The others have logged the commit
 		    %% record but they are not uncertain
 		    mnesia_recover:note_decision(Tid, aborted),
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_prepare_exit},
@@ -1564,7 +1564,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     end.
 
 %% Returns do_commit or {do_abort, Reason}
-rec_acc_pre_commit([Pid | Tail], Tid, Store, Commit, Res, DumperMode, 
+rec_acc_pre_commit([Pid | Tail], Tid, Store, Commit, Res, DumperMode,
 		   GoodPids, SchemaAckPids) ->
     receive
 	{?MODULE, _, {acc_pre_commit, Tid, Pid, true}} ->
@@ -1598,7 +1598,7 @@ rec_acc_pre_commit([], Tid, Store, {Commit,OrigC}, Res, DumperMode, GoodPids, Sc
 	    %% everybody are uncertain.
 	    prepare_sync_schema_commit(Store, SchemaAckPids),
 	    tell_participants(GoodPids, {Tid, committed}),
-	    D2 = D#decision{outcome = committed},		
+	    D2 = D#decision{outcome = committed},
 	    mnesia_recover:log_decision(D2),
             ?eval_debug_fun({?MODULE, rec_acc_pre_commit_log_commit},
 			    [{tid, Tid}]),
@@ -1611,10 +1611,10 @@ rec_acc_pre_commit([], Tid, Store, {Commit,OrigC}, Res, DumperMode, GoodPids, Sc
 	    sync_schema_commit(Tid, Store, SchemaAckPids),
 	    mnesia_locker:release_tid(Tid),
 	    ?MODULE ! {delete_transaction, Tid};
-	
+
 	{do_abort, Reason} ->
 	    tell_participants(GoodPids, {Tid, {do_abort, Reason}}),
-	    D2 = D#decision{outcome = aborted},		
+	    D2 = D#decision{outcome = aborted},
 	    mnesia_recover:log_decision(D2),
             ?eval_debug_fun({?MODULE, rec_acc_pre_commit_log_abort},
 			    [{tid, Tid}]),
@@ -1702,7 +1702,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    end,
 			    ?eval_debug_fun({?MODULE, commit_participant, do_commit},
 					    [{tid, Tid}]);
-			
+
 			{Tid, {do_abort, _Reason}} ->
 			    mnesia_recover:log_decision(D#decision{outcome = aborted}),
 			    ?eval_debug_fun({?MODULE, commit_participant, log_abort},
@@ -1710,7 +1710,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    mnesia_schema:undo_prepare_commit(Tid, C0),
 			    ?eval_debug_fun({?MODULE, commit_participant, undo_prepare},
 					    [{tid, Tid}]);
-			
+
 			{'EXIT', _, _} ->
 			    mnesia_recover:log_decision(D#decision{outcome = aborted}),
 			    ?eval_debug_fun({?MODULE, commit_participant, exit_log_abort},
@@ -1718,7 +1718,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    mnesia_schema:undo_prepare_commit(Tid, C0),
 			    ?eval_debug_fun({?MODULE, commit_participant, exit_undo_prepare},
 					    [{tid, Tid}]);
-			
+
 			Msg ->
 			    verbose("** ERROR ** commit_participant ~p, got unexpected msg: ~p~n",
 				    [Tid, Msg])
@@ -1739,7 +1739,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 		    verbose("** ERROR ** commit_participant ~p, got unexpected msg: ~p~n",
 			    [Tid, Msg])
 	    end;
-	
+
 	{'EXIT', Reason} ->
 	    ?eval_debug_fun({?MODULE, commit_participant, vote_no},
 			    [{tid, Tid}]),
@@ -1750,7 +1750,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
     ?MODULE ! {delete_transaction, Tid},
     unlink(whereis(?MODULE)),
     exit(normal).
-    
+
 do_abort(Tid, Bin) when is_binary(Bin) ->
     %% Possible optimization:
     %% If we want we could pass arround a flag
@@ -1761,7 +1761,7 @@ do_abort(Tid, Bin) when is_binary(Bin) ->
     %% mnesia_schema:undo_prepare_commit/1.
     do_abort(Tid, binary_to_term(Bin));
 do_abort(Tid, Commit) ->
-    mnesia_schema:undo_prepare_commit(Tid, Commit), 
+    mnesia_schema:undo_prepare_commit(Tid, Commit),
     Commit.
 
 do_dirty(Tid, Commit) when Commit#commit.schema_ops == [] ->
@@ -1799,7 +1799,7 @@ do_update(Tid, Storage, [Op | Ops], OldRes) ->
 
 	    verbose("do_update in ~w failed: ~p -> {'EXIT', ~p}~n",
 		    [Tid, Op, Reason]),
-	    do_update(Tid, Storage, Ops, OldRes); 
+	    do_update(Tid, Storage, Ops, OldRes);
 	NewRes ->
 	    do_update(Tid, Storage, Ops, NewRes)
     end;
@@ -1807,7 +1807,7 @@ do_update(_Tid, _Storage, [], Res) ->
     Res.
 
 do_update_op(Tid, Storage, {{Tab, K}, Obj, write}) ->
-    commit_write(?catch_val({Tab, commit_work}), Tid, 
+    commit_write(?catch_val({Tab, commit_work}), Tid,
 		 Tab, K, Obj, undefined),
     mnesia_lib:db_put(Storage, Tab, Obj);
 
@@ -1816,7 +1816,7 @@ do_update_op(Tid, Storage, {{Tab, K}, Val, delete}) ->
     mnesia_lib:db_erase(Storage, Tab, K);
 
 do_update_op(Tid, Storage, {{Tab, K}, {RecName, Incr}, update_counter}) ->
-    {NewObj, OldObjs} = 
+    {NewObj, OldObjs} =
         case catch mnesia_lib:db_update_counter(Storage, Tab, K, Incr) of
             NewVal when is_integer(NewVal), NewVal >= 0 ->
                 {{RecName, K, NewVal}, [{RecName, K, NewVal - Incr}]};
@@ -1824,17 +1824,17 @@ do_update_op(Tid, Storage, {{Tab, K}, {RecName, Incr}, update_counter}) ->
                 New = {RecName, K, Incr},
                 mnesia_lib:db_put(Storage, Tab, New),
                 {New, []};
-	    _ -> 
+	    _ ->
 		Zero = {RecName, K, 0},
 		mnesia_lib:db_put(Storage, Tab, Zero),
 		{Zero, []}
         end,
-    commit_update(?catch_val({Tab, commit_work}), Tid, Tab, 
+    commit_update(?catch_val({Tab, commit_work}), Tid, Tab,
 		  K, NewObj, OldObjs),
     element(3, NewObj);
 
 do_update_op(Tid, Storage, {{Tab, Key}, Obj, delete_object}) ->
-    commit_del_object(?catch_val({Tab, commit_work}), 
+    commit_del_object(?catch_val({Tab, commit_work}),
 		      Tid, Tab, Key, Obj, undefined),
     mnesia_lib:db_match_erase(Storage, Tab, Obj);
 
@@ -1846,11 +1846,11 @@ commit_write([], _, _, _, _, _) -> ok;
 commit_write([{checkpoints, CpList}|R], Tid, Tab, K, Obj, Old) ->
     mnesia_checkpoint:tm_retain(Tid, Tab, K, write, CpList),
     commit_write(R, Tid, Tab, K, Obj, Old);
-commit_write([H|R], Tid, Tab, K, Obj, Old) 
+commit_write([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, write, Old),
     commit_write(R, Tid, Tab, K, Obj, Old);
-commit_write([H|R], Tid, Tab, K, Obj, Old) 
+commit_write([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:add_index(H, Tab, K, Obj, Old),
     commit_write(R, Tid, Tab, K, Obj, Old).
@@ -1859,11 +1859,11 @@ commit_update([], _, _, _, _, _) -> ok;
 commit_update([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, write, CpList),
     commit_update(R, Tid, Tab, K, Obj, Old);
-commit_update([H|R], Tid, Tab, K, Obj, Old) 
+commit_update([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, write, Old),
     commit_update(R, Tid, Tab, K, Obj, Old);
-commit_update([H|R], Tid, Tab, K, Obj, Old) 
+commit_update([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:add_index(H, Tab, K, Obj, Old),
     commit_update(R, Tid, Tab, K, Obj, Old).
@@ -1872,11 +1872,11 @@ commit_delete([], _, _, _, _, _) ->  ok;
 commit_delete([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, delete, CpList),
     commit_delete(R, Tid, Tab, K, Obj, Old);
-commit_delete([H|R], Tid, Tab, K, Obj, Old) 
+commit_delete([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, delete, Old),
     commit_delete(R, Tid, Tab, K, Obj, Old);
-commit_delete([H|R], Tid, Tab, K, Obj, Old) 
+commit_delete([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:delete_index(H, Tab, K),
     commit_delete(R, Tid, Tab, K, Obj, Old).
@@ -1885,12 +1885,12 @@ commit_del_object([], _, _, _, _, _) -> ok;
 commit_del_object([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, delete_object, CpList),
     commit_del_object(R, Tid, Tab, K, Obj, Old);
-commit_del_object([H|R], Tid, Tab, K, Obj, Old) 
-  when element(1, H) == subscribers -> 
+commit_del_object([H|R], Tid, Tab, K, Obj, Old)
+  when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, delete_object, Old),
     commit_del_object(R, Tid, Tab, K, Obj, Old);
-commit_del_object([H|R], Tid, Tab, K, Obj, Old) 
-  when element(1, H) == index -> 
+commit_del_object([H|R], Tid, Tab, K, Obj, Old)
+  when element(1, H) == index ->
     mnesia_index:del_object_index(H, Tab, K, Obj, Old),
     commit_del_object(R, Tid, Tab, K, Obj, Old).
 
@@ -1898,11 +1898,11 @@ commit_clear([], _, _, _, _) ->  ok;
 commit_clear([{checkpoints, CpList}|R], Tid, Tab, K, Obj) ->
     mnesia_checkpoint:tm_retain(Tid, Tab, K, clear_table, CpList),
     commit_clear(R, Tid, Tab, K, Obj);
-commit_clear([H|R], Tid, Tab, K, Obj) 
+commit_clear([H|R], Tid, Tab, K, Obj)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, clear_table, undefined),
     commit_clear(R, Tid, Tab, K, Obj);
-commit_clear([H|R], Tid, Tab, K, Obj) 
+commit_clear([H|R], Tid, Tab, K, Obj)
   when element(1, H) == index ->
     mnesia_index:clear_index(H, Tab, K, Obj),
     commit_clear(R, Tid, Tab, K, Obj).
@@ -1913,7 +1913,7 @@ do_snmp(Tid, [Head | Tail]) ->
 	{'EXIT', Reason} ->
 	    %% This should only happen when we recently have
 	    %% deleted our local replica or recently deattached
-	    %% the snmp table 
+	    %% the snmp table
 
 	    verbose("do_snmp in ~w failed: ~p -> {'EXIT', ~p}~n",
 		    [Tid, Head, Reason]);
@@ -1922,7 +1922,7 @@ do_snmp(Tid, [Head | Tail]) ->
     end,
     do_snmp(Tid, Tail).
 
-commit_nodes([C | Tail], AccD, AccR) 
+commit_nodes([C | Tail], AccD, AccR)
         when C#commit.disc_copies == [],
              C#commit.disc_only_copies  == [],
              C#commit.schema_ops == [] ->
@@ -1934,7 +1934,7 @@ commit_nodes([], AccD, AccR) ->
 
 commit_decision(D, [C | Tail], AccD, AccR) ->
     N = C#commit.node,
-    {D2, Tail2} = 
+    {D2, Tail2} =
 	case C#commit.schema_ops of
 	    [] when C#commit.disc_copies == [],
 		    C#commit.disc_only_copies  == [] ->
@@ -1954,8 +1954,8 @@ commit_decision(D, [], AccD, AccR) ->
     {D#decision{disc_nodes = AccD, ram_nodes = AccR}, []}.
 
 ram_only_ops(N, [{op, change_table_copy_type, N, _FromS, _ToS, Cs} | _Ops ]) ->
-    case lists:member({name, schema}, Cs) of 
-	true -> 
+    case lists:member({name, schema}, Cs) of
+	true ->
 	    %% We always use disk if change type of the schema
 	    false;
 	false ->
@@ -2025,12 +2025,12 @@ get_dirty_reply(Node, Res) ->
 	    Reply;
 	{mnesia_down, Node} ->
 	    case get(mnesia_activity_state) of
-		{_, Tid, _Ts} when element(1,Tid) == tid -> 
+		{_, Tid, _Ts} when element(1,Tid) == tid ->
 		    %% Hmm dirty called inside a transaction, to avoid
 		    %% hanging transaction we need to restart the transaction
 		    mnesia:abort({node_not_running, Node});
 		_ ->
-		    %% It's ok to ignore mnesia_down's since we will make 
+		    %% It's ok to ignore mnesia_down's since we will make
 		    %% the replicas consistent again when Node is started
 		    Res
 	    end
@@ -2068,10 +2068,10 @@ ask_commit(_Protocol, _Tid, [], _DiscNs, _RamNs, WaitFor, Local) ->
 %% to be safe we let erts do the translation (many times maybe and thus
 %% slower but it works.
 % opt_term_to_binary(asym_trans, Head, Nodes) ->
-%     opt_term_to_binary(Nodes, Head);    
+%     opt_term_to_binary(Nodes, Head);
 opt_term_to_binary(_Protocol, Head, _Nodes) ->
     Head.
-	    
+
 rec_all([Node | Tail], Tid, Res, Pids) ->
     receive
 	{?MODULE, Node, {vote_yes, Tid}} ->
@@ -2085,7 +2085,7 @@ rec_all([Node | Tail], Tid, Res, Pids) ->
 	{?MODULE, Node, {aborted, Tid}} ->
 	    rec_all(Tail, Tid, Res, Pids);
 
-	{mnesia_down, Node} ->  
+	{mnesia_down, Node} ->
 	    %% Make sure that mnesia_tm knows it has died
 	    %% it may have been restarted
 	    Abort = {do_abort, {bad_commit, Node}},
@@ -2095,7 +2095,7 @@ rec_all([Node | Tail], Tid, Res, Pids) ->
 rec_all([], _Tid, Res, Pids) ->
     {Res, Pids}.
 
-get_transactions() -> 
+get_transactions() ->
     {info, Participant, Coordinator} = req(info),
     lists:map(fun({Tid, _Tabs}) ->
 		      Status = tr_status(Tid,Participant),
@@ -2125,7 +2125,7 @@ get_info(Timeout) ->
 display_info(Stream, {timeout, T}) ->
     io:format(Stream, "---> No info about coordinator and participant transactions, "
 	      "timeout ~p <--- ~n", [T]);
-    
+
 display_info(Stream, {info, Part, Coord}) ->
     io:format(Stream, "---> Participant transactions <--- ~n", []),
     lists:foreach(fun(P) -> pr_participant(Stream, P) end, Part),
@@ -2134,7 +2134,7 @@ display_info(Stream, {info, Part, Coord}) ->
 
 pr_participant(Stream, P) ->
     Commit0 = P#participant.commit,
-    Commit = 
+    Commit =
 	if
 	    is_binary(Commit0) -> binary_to_term(Commit0);
 	    true -> Commit0
@@ -2161,11 +2161,11 @@ search_pr_coordinator(S, [{Tid, _Ts}|Tail]) ->
 	    io:format( "Tid is coordinator, owner == \n", []),
 	    display_pid_info(Tid#tid.pid),
 	    search_pr_coordinator(S, Tail);
-	_ -> 
+	_ ->
 	    search_pr_coordinator(S, Tail)
     end.
 
-search_pr_participant(_S, []) -> 
+search_pr_participant(_S, []) ->
     false;
 search_pr_participant(S, [ P | Tail]) ->
     Tid = P#participant.tid,
@@ -2176,15 +2176,15 @@ search_pr_participant(S, [ P | Tail]) ->
 	    Pid = Tid#tid.pid,
 	    display_pid_info(Pid),
 	    io:format( "Tid wants to write objects \n",[]),
-	    Commit = 
+	    Commit =
 		if
 		    is_binary(Commit0) -> binary_to_term(Commit0);
 		    true -> Commit0
 		end,
-	    
+
 	    io:format("~p~n", [Commit]),
 	    search_pr_participant(S,Tail);  %% !!!!!
-	true -> 
+	true ->
 	    search_pr_participant(S, Tail)
     end.
 
@@ -2200,7 +2200,7 @@ display_pid_info(Pid) ->
 		       Other ->
 			   Other
 		   end,
-	    Reds  = fetch(reductions, Info), 
+	    Reds  = fetch(reductions, Info),
 	    LM = length(fetch(messages, Info)),
 	    pformat(io_lib:format("~p", [Pid]),
 		    io_lib:format("~p", [Call]),
@@ -2254,7 +2254,7 @@ send_to_pids([_ | Pids], Msg) ->
     send_to_pids(Pids, Msg);
 send_to_pids([], _Msg) ->
     ok.
-    
+
 reconfigure_participants(N, [P | Tail]) ->
     case lists:member(N, P#participant.disc_nodes) or
 	 lists:member(N, P#participant.ram_nodes) of
@@ -2262,25 +2262,25 @@ reconfigure_participants(N, [P | Tail]) ->
 	    %% Ignore, since we are not a participant
 	    %% in the transaction.
 	    reconfigure_participants(N, Tail);
- 
+
 	true ->
 	    %% We are on a participant node, lets
 	    %% check if the dead one was a
 	    %% participant or a coordinator.
 	    Tid  = P#participant.tid,
-	    if 
+	    if
 		node(Tid#tid.pid) /= N ->
 		    %% Another participant node died. Ignore.
 		    reconfigure_participants(N, Tail);
 
 		true ->
-		    %% The coordinator node has died and 
+		    %% The coordinator node has died and
 		    %% we must determine the outcome of the
 		    %% transaction and tell mnesia_tm on all
 		    %% nodes (including the local node) about it
 		    verbose("Coordinator ~p in transaction ~p died~n",
 			    [Tid#tid.pid, Tid]),
-			    
+
 		    Nodes = P#participant.disc_nodes ++
 			    P#participant.ram_nodes,
 		    AliveNodes = Nodes  -- [N],
@@ -2332,8 +2332,8 @@ system_terminate(_Reason, _Parent, _Debug, State) ->
 
 system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldVsn,downgrade) ->
     case is_tuple(Cs0) of
-	true -> 
-	    Cs = gb_trees:to_list(Cs0),	    
+	true ->
+	    Cs = gb_trees:to_list(Cs0),
 	    Ps = gb_trees:values(Ps0),
 	    {ok, State#state{coordinators=Cs,participants=Ps}};
 	false ->
@@ -2342,7 +2342,7 @@ system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldV
 
 system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldVsn,_Extra) ->
     case is_list(Cs0) of
-	true -> 
+	true ->
 	    Cs = gb_trees:from_orddict(lists:sort(Cs0)),
 	    Ps1 = [{P#participant.tid,P}|| P <- Ps0],
 	    Ps = gb_trees:from_orddict(lists:sort(Ps1)),
diff --git a/lib/mnesia/test/mnesia_atomicity_test.erl b/lib/mnesia/test/mnesia_atomicity_test.erl
index cf878fc820..06c4d16d71 100644
--- a/lib/mnesia/test/mnesia_atomicity_test.erl
+++ b/lib/mnesia/test/mnesia_atomicity_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -31,13 +31,13 @@ end_per_testcase(Func, Conf) ->
     mnesia_test_lib:end_per_testcase(Func, Conf).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-all() -> 
+all() ->
     [explicit_abort_in_middle_of_trans,
      runtime_error_in_middle_of_trans,
      kill_self_in_middle_of_trans, throw_in_middle_of_trans,
      {group, mnesia_down_in_middle_of_trans}].
 
-groups() -> 
+groups() ->
     [{mnesia_down_in_middle_of_trans, [],
       [mnesia_down_during_infinite_trans,
        {group, lock_waiter}, {group, restart_check}]},
@@ -297,7 +297,7 @@ mnesia_down_during_infinite_trans(Config) when is_list(Config) ->
     ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, test_ok}) end)),
     mnesia_test_lib:start_sync_transactions([A2, A1]),
-    
+
     %% Obtain a write lock and wait forever
     RecA = {Tab, 1, test_not_ok},
     A1 ! fun() -> mnesia:write(RecA) end,
@@ -471,12 +471,12 @@ lock_waiter_w_wt(Config) when is_list(Config) ->
 
 start_lock_waiter(BlockOpA, BlockOpB, Config) ->
     [N1, N2] = Nodes = ?acquire_nodes(2, Config),
-    
+
     TabName = mk_tab_name(lock_waiter_),
     ?match({atomic, ok}, mnesia:create_table(TabName,
 					     [{ram_copies, [N1, N2]}])),
-    
-    %% initialize the table with object {1, c} - when there 	
+
+    %% initialize the table with object {1, c} - when there
     %% is a read transaction, the read will find that  value
     ?match({atomic, ok}, mnesia:sync_transaction(fun() -> mnesia:write({TabName, 1, c}) end)),
     rpc:call(N2, ?MODULE, sync_tid_release, []),
@@ -484,7 +484,7 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
     Tester = self(),
     Fun_A =fun() ->
 		   NewCounter = incr_restart_counter(),
-		   if 
+		   if
 		       NewCounter == 1 ->
 			   Tester ! go_ahead_test,
 			   receive go_ahead -> ok end;
@@ -493,13 +493,13 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 		   lock_waiter_fun(BlockOpA, TabName, a),
 		   NewCounter
 	   end,
-        
+
     %% it's not possible to just spawn the transaction, because
     %% the result shall be evaluated
     A = spawn_link(N1, ?MODULE, perform_restarted_transaction, [Fun_A]),
-    
+
     ?match(ok, receive go_ahead_test -> ok after 10000 -> timeout end),
-    
+
     mnesia_test_lib:sync_trans_tid_serial([N1, N2]),
 
     Fun_B = fun() ->
@@ -507,21 +507,21 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 		    A ! go_ahead,
 		    wait(infinity)
 	    end,
-    
+
     B = spawn_link(N2, mnesia, transaction, [Fun_B, 100]),
-    
+
     io:format("waiting for A (~p on ~p) to be in the queue ~n", [A, [N1, N2]]),
     wait_for_a(A, [N1, N2]),
-    
-    io:format("Queus ~p~n", 
+
+    io:format("Queus ~p~n",
 	      [[{N,rpc:call(N, mnesia, system_info, [lock_queue])} || N <- Nodes]]),
-    
+
     KillNode = node(B),
     io:format("A was in the queue, time to kill Mnesia on B's node (~p on ~p)~n",
 	      [B, KillNode]),
-    
+
     mnesia_test_lib:kill_mnesia([KillNode]), % kill mnesia of fun B
-    
+
     %% Read Ops does not need to be restarted
     ExpectedCounter =
 	if
@@ -535,20 +535,22 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 	    BlockOpA == rt, BlockOpB /= sw -> 1;
 	    true -> 2
 	end,
-    ?match_multi_receive([{'EXIT', A, {atomic, ExpectedCounter}}, 
-			  {'EXIT', B, killed}]),
-    
+    receive {'EXIT', B, _} -> ok
+    after 3000 -> ?error("Timeout~n", []) end,
+    receive {'EXIT', A, Exp1} -> ?match({atomic, ExpectedCounter}, Exp1)
+    after 3000 -> ?error("Timeout~n", []) end,
+
     %% the expected result depends on the transaction of
     %% fun A - when that doesn't change the object in the
     %% table (e.g. it is a read) then the predefined
     %% value {Tabname, 1, c} is expected to be the result here
-    ExpectedResult = 
+    ExpectedResult =
 	case BlockOpA of
 	    w -> {TabName, 1, a};
 	    sw ->{TabName, 1, a};
 	    _all_other -> {TabName, 1, c}
 	end,
-    
+
     ?match({atomic, [ExpectedResult]},
 	   mnesia:transaction(fun() -> mnesia:read({TabName, 1}) end, 100)),
     ?verify_mnesia([N1], [N2]).
@@ -567,7 +569,7 @@ lock_waiter_fun(Op, TabName, Val) ->
 	srw -> mnesia:read(TabName, 1, sticky_write);
 	sw ->  mnesia:s_write({TabName, 1, Val})
     end.
-    
+
 wait_for_a(Pid, Nodes) ->
     wait_for_a(Pid, Nodes, 5).
 
@@ -589,12 +591,12 @@ check_q(Pid, [_ | Tail], N, Count) ->
 check_q(Pid, [], N, Count) ->
     timer:sleep(500),
     wait_for_a(Pid, N, Count - 1).
-    
+
 perform_restarted_transaction (Fun_Trans) ->
     %% the result of the transaction shall be:
     %%  - undefined (if the transaction was never executed)
     %%  - Times ( number of times that the transaction has been executed)
-    
+
     Result = mnesia:transaction(Fun_Trans, 100),
     exit(Result).
 
@@ -666,10 +668,10 @@ restart_sw_two(Config) when is_list(Config) ->
 
 start_restart_check(RestartOp, ReplicaNeed, Config) ->
     [N1, N2, N3] = Nodes = ?acquire_nodes(3, Config),
-    
+
     {TabName, _TabNodes} = create_restart_table(ReplicaNeed, Nodes),
-    
-    %% initialize the table with object {1, c} - when there 	
+
+    %% initialize the table with object {1, c} - when there
     %% is a read transaction, the read will find that  value
     ?match({atomic, ok}, mnesia:sync_transaction(fun() -> mnesia:write({TabName, 1, c}) end)),
 
@@ -681,9 +683,9 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 		    NewCounter = incr_restart_counter(),
 		    case NewCounter of
 			1 ->
-			    mnesia:write({TabName, 1, d}),			    
+			    mnesia:write({TabName, 1, d}),
 			    %% send a message to the test proc
-			    Coord ! {self(),fun_a_is_blocked}, 			    
+			    Coord ! {self(),fun_a_is_blocked},
 			    receive go_ahead -> ok end;
 			_ ->
 			    %% the fun will NOT be blocked here
@@ -691,19 +693,19 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 		    end,
 		    NewCounter
 	    end,
-    
+
     A = spawn_link(N1, ?MODULE, perform_restarted_transaction, [Fun_A]),
-    ?match_receive({A,fun_a_is_blocked}),    		
-    
+    ?match_receive({A,fun_a_is_blocked}),
+
     %% mnesia shall be killed at that node, where A is reading
     %% the information from
     kill_where_to_read(TabName, N1, [N2, N3]),
-    
+
     %% wait some time to let mnesia go down and spread those news around
     %% fun A shall be able to finish its job before being restarted
-    wait(500), 
+    wait(500),
     A ! go_ahead,
-    
+
     %% the sticky write doesnt work on remote nodes !!!
     ExpectedMsg =
 	case RestartOp of
@@ -717,19 +719,19 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 			{'EXIT',A,{atomic, 2}}
 		end
 	end,
-    
-    ?match_receive(ExpectedMsg),    		
-    
+
+    ?match_receive(ExpectedMsg),
+
     %% now mnesia has to be started again on the node KillNode
     %% because the next test suite will need it
     ?match([], mnesia_test_lib:start_mnesia(Nodes, [TabName])),
-    
-    
+
+
     %%  the expected result depends on the transaction of
     %%  fun A - when that doesnt change the object in the
     %%  table (e.g. it is a read) then the predefined
     %%  value {Tabname, 1, c} is expected to be the result here
-    
+
     ExpectedResult =
 	case ReplicaNeed of
 	    one ->
@@ -746,7 +748,7 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
     ?verify_mnesia(Nodes, []).
 
 create_restart_table(ReplicaNeed, [_N1, N2, N3]) ->
-    TabNodes = 
+    TabNodes =
 	case ReplicaNeed of
 	    one ->  [N2];
 	    two ->  [N2, N3]
@@ -754,7 +756,7 @@ create_restart_table(ReplicaNeed, [_N1, N2, N3]) ->
     TabName = mk_tab_name(restart_check_),
     ?match({atomic, ok}, mnesia:create_table(TabName, [{ram_copies, TabNodes}])),
     {TabName, TabNodes}.
-    
+
 restart_fun_A(Op, TabName) ->
     case Op of
 	rt -> mnesia:read_lock_table(TabName);
@@ -774,8 +776,8 @@ kill_where_to_read(TabName, N1, Nodes) ->
 	    ?error("Fault while killing Mnesia: ~p~n", [Read]),
 	    mnesia_test_lib:kill_mnesia(Nodes)
     end.
-    
-sync_tid_release() ->    
+
+sync_tid_release() ->
     sys:get_status(whereis(mnesia_tm)),
     sys:get_status(whereis(mnesia_locker)),
     ok.
diff --git a/lib/mnesia/test/mnesia_evil_coverage_test.erl b/lib/mnesia/test/mnesia_evil_coverage_test.erl
index 17d6c6c212..64b61288ef 100644
--- a/lib/mnesia/test/mnesia_evil_coverage_test.erl
+++ b/lib/mnesia/test/mnesia_evil_coverage_test.erl
@@ -37,7 +37,8 @@ end_per_testcase(Func, Conf) ->
 all() -> 
     [system_info, table_info, error_description,
      db_node_lifecycle, evil_delete_db_node, start_and_stop,
-     checkpoint, table_lifecycle, add_copy_conflict,
+     checkpoint, table_lifecycle, storage_options, 
+     add_copy_conflict,
      add_copy_when_going_down, replica_management,
      schema_availability, local_content,
      {group, table_access_modifications}, replica_location,
@@ -244,7 +245,7 @@ db_node_lifecycle(Config) when is_list(Config) ->
     ?match([], mnesia_test_lib:start_mnesia(AllNodes)),
 
     ?match([SNs, SNs, SNs], 
-	   lists:map({lists, sort}, 
+	   lists:map(fun lists:sort/1,
 		     element(1, rpc:multicall(AllNodes, mnesia, table_info, 
 					      [schema, disc_copies])))),
 
@@ -259,7 +260,7 @@ db_node_lifecycle(Config) when is_list(Config) ->
            mnesia:change_table_copy_type(schema, Node2, disc_copies)),
 
     ?match([SNs, SNs, SNs], 
-	   lists:map({lists, sort}, 
+	   lists:map(fun lists:sort/1,
 		     element(1, rpc:multicall(AllNodes, mnesia, table_info, 
 					      [schema, disc_copies])))),
 
@@ -462,7 +463,7 @@ table_lifecycle(Config) when is_list(Config) ->
     ?match({atomic, ok}, mnesia:create_table([{name, already_exists},
 					      {ram_copies, [Node1]}])),
     ?match({aborted, Reason23 } when element(1, Reason23) ==already_exists,
-	   mnesia:create_table([{name, already_exists}, 
+	   mnesia:create_table([{name, already_exists},
 				{ram_copies, [Node1]}])),
     ?match({aborted, Reason21 } when element(1, Reason21) == bad_type,
            mnesia:create_table([{name, bad_node}, {ram_copies, ["foo"]}])),
@@ -520,12 +521,57 @@ table_lifecycle(Config) when is_list(Config) ->
     ?match({atomic, ok},
            mnesia:create_table([{name, create_with_index}, {index, [3]},
                                 {ram_copies, [Node1]}])),
-    ets:new(ets_table, [named_table]),
 
+    ets:new(ets_table, [named_table]),
     ?match({aborted, _}, mnesia:create_table(ets_table, [{ram_copies, Nodes}])),
+    ?match({aborted, _}, mnesia:create_table(ets_table, [{ram_copies, [Node1]}])),
+    ets:delete(ets_table),
+    ?match({atomic, ok}, mnesia:create_table(ets_table, [{ram_copies, [Node1]}])),
+    ?match(Node1, rpc:call(Node1, mnesia_lib, val, [{ets_table,where_to_read}])),
+    ?match(Node1, rpc:call(Node2, mnesia_lib, val, [{ets_table,where_to_read}])),
+    ?match({atomic, ok}, mnesia:change_table_copy_type(ets_table, Node1, disc_only_copies)),    
+    ?match(Node1, rpc:call(Node2, mnesia_lib, val, [{ets_table,where_to_read}])),
+    
+    ?verify_mnesia(Nodes, []).
+
+
+storage_options(suite) -> [];
+storage_options(Config) when is_list(Config) ->
+    [N1,N2,N3] = Nodes = ?acquire_nodes(3, Config),
+
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,foobar}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,[foobar]}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,[duplicate_bag]}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{dets,[{type,bag}]}]}])),
+
+    ?match({atomic, ok}, mnesia:create_table(a, [{ram_copies, [N1]},
+						 {disc_only_copies, [N2]},
+						 {storage_properties,
+						  [{ets,[compressed]},
+						   {dets, [{auto_save, 5000}]} ]}])),
+    ?match(true, ets:info(a, compressed)),
+    ?match(5000, rpc:call(N2, dets, info, [a, auto_save])),
+    ?match(ok, mnesia:dirty_write({a,1,1})),
+    ?match([{a,1,1}], mnesia:dirty_read({a,1})),
+    mnesia:dump_log(),
+    W2C1 = [{N2, disc_only_copies}, {N1, ram_copies}],
+    ?match(W2C1, lists:sort(rpc:call(N2, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(W2C1, lists:sort(rpc:call(N3, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match({atomic,ok}, mnesia:change_table_copy_type(a, N1, disc_only_copies)),
+    W2C2 = [{N2, disc_only_copies}, {N1, disc_only_copies}],
+    ?match(W2C2, lists:sort(rpc:call(N2, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(W2C2, lists:sort(rpc:call(N3, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(undefined, ets:info(a, compressed)),
+    ?match(5000, dets:info(a, auto_save)),
+    ?match({atomic,ok}, mnesia:change_table_copy_type(a, N1, disc_copies)),
+    ?match(true, ets:info(a, compressed)),
 
     ?verify_mnesia(Nodes, []).
 
+
+
+
+
 add_copy_conflict(suite) -> [];
 add_copy_conflict(doc) -> 
     ["Verify that OTP-5065 doesn't happen again, whitebox testing"];
diff --git a/lib/mnesia/test/mnesia_frag_hash_test.erl b/lib/mnesia/test/mnesia_frag_hash_test.erl
new file mode 100644
index 0000000000..095d25e74f
--- /dev/null
+++ b/lib/mnesia/test/mnesia_frag_hash_test.erl
@@ -0,0 +1,94 @@
+-module(mnesia_frag_hash_test).
+
+-export([test/0]).
+
+-define(NUM_FRAGS, 20).
+-define(NUM_KEYS, 10000).
+
+-record(hash_state,
+	{n_fragments,
+	 next_n_to_split,
+	 n_doubles,
+	 function}).
+
+% OLD mnesia_frag_hash:key_to_frag_number/2.
+old_key_to_frag_number(#hash_state{function = phash, next_n_to_split = SplitN, n_doubles = L}, Key) ->
+    P = SplitN,
+    A = erlang:phash(Key, power2(L)),
+    if
+	A < P ->
+	    erlang:phash(Key, power2(L + 1));
+	true ->
+	    A
+    end;
+old_key_to_frag_number(#hash_state{function = phash2, next_n_to_split = SplitN, n_doubles = L}, Key) ->
+    P = SplitN,
+    A = erlang:phash2(Key, power2(L)) + 1,
+    if
+	A < P ->
+	    erlang:phash2(Key, power2(L + 1)) + 1;
+	true ->
+	    A
+    end;
+old_key_to_frag_number(OldState, Key) ->
+    State = convert_old_state(OldState),
+    old_key_to_frag_number(State, Key).
+
+
+% NEW mnesia_frag_hash:key_to_frag_number/2.
+new_key_to_frag_number(#hash_state{function = phash, n_fragments = N, n_doubles = L}, Key) ->
+    A = erlang:phash(Key, power2(L + 1)),
+    if
+	A > N ->
+	    A - power2(L);
+	true ->
+	    A
+    end;
+new_key_to_frag_number(#hash_state{function = phash2, n_fragments = N, n_doubles = L}, Key) ->
+    A = erlang:phash2(Key, power2(L + 1)) + 1,
+    if
+	A > N ->
+	    A - power2(L);
+	true ->
+	    A
+    end;
+new_key_to_frag_number(OldState, Key) ->
+    State = convert_old_state(OldState),
+    new_key_to_frag_number(State, Key).
+
+
+% Helpers for key_to_frag_number functions.
+
+power2(Y) ->
+    1 bsl Y. % trunc(math:pow(2, Y)).
+
+convert_old_state({hash_state, N, P, L}) ->
+    #hash_state{n_fragments     = N,
+		next_n_to_split = P,
+		n_doubles       = L,
+		function        = phash}.
+
+
+test() ->
+    test2(mnesia_frag_hash:init_state(undefined, undefined)), % phash2
+    test2({hash_state, 1, 1, 0}). % phash
+
+test2(I) ->
+    test_keys(I),
+    lists:foldl(
+        fun(_, S) -> test_frag(S) end,
+        I, lists:seq(1, ?NUM_FRAGS)),
+    ok.
+
+test_frag(State) ->
+    {State2,_,_} = mnesia_frag_hash:add_frag(State),
+    test_keys(State2),
+    State2.
+
+test_keys(State) ->
+    [test_key(State, Key) || Key <- lists:seq(1, ?NUM_KEYS)].
+
+test_key(State, Key) ->
+    Old = old_key_to_frag_number(State, Key),
+    New = new_key_to_frag_number(State, Key),
+    Old = New.
diff --git a/lib/mnesia/test/mnesia_install_test.erl b/lib/mnesia/test/mnesia_install_test.erl
index 3a2d44aa95..06d53d3912 100644
--- a/lib/mnesia/test/mnesia_install_test.erl
+++ b/lib/mnesia/test/mnesia_install_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/test/mnesia_test_lib.erl b/lib/mnesia/test/mnesia_test_lib.erl
index 9da45975d5..ba5bf84e24 100644
--- a/lib/mnesia/test/mnesia_test_lib.erl
+++ b/lib/mnesia/test/mnesia_test_lib.erl
@@ -99,7 +99,7 @@
 	 slave_start_link/0,
 	 slave_start_link/1,
 	 slave_sup/0,
-	
+
 	 start_mnesia/1,
 	 start_mnesia/2,
 	 start_appls/2,
@@ -131,7 +131,7 @@
 	 struct/1,
 	 init_per_testcase/2,
 	 end_per_testcase/2,
-	 kill_tc/2	
+	 kill_tc/2
 	]).
 
 -include("mnesia_test_lib.hrl").
@@ -187,7 +187,7 @@ verbose(Format, Args, File, Line) ->
 		    ok
 	    end
     end.
-    
+
 -record('REASON', {file, line, desc}).
 
 error(Format, Args, File, Line) ->
@@ -196,9 +196,9 @@ error(Format, Args, File, Line) ->
 		     line = Line,
 		     desc = Args},
     case global:whereis_name(mnesia_test_case_sup) of
-	undefined -> 
+	undefined ->
 	    ignore;
-	Pid -> 
+	Pid ->
 	    Pid ! Fail
 %% 	    global:send(mnesia_test_case_sup, Fail),
     end,
@@ -217,7 +217,7 @@ storage_type(Default, Config) ->
 default_config() ->
     [{nodes, default_nodes()}].
 
-default_nodes() ->    
+default_nodes() ->
     mk_nodes(3, []).
 
 mk_nodes(0, Nodes) ->
@@ -231,7 +231,7 @@ mk_nodes(N, Nodes) when N > 0 ->
 
 mk_node(N, Name, Host) ->
     list_to_atom(lists:concat([Name ++ integer_to_list(N) ++ "@" ++ Host])).
-    
+
 slave_start_link() ->
     slave_start_link(node()).
 
@@ -247,11 +247,11 @@ slave_start_link(Host, Name) ->
 
 slave_start_link(Host, Name, Retries) ->
     Debug = atom_to_list(mnesia:system_info(debug)),
-    Args = "-mnesia debug " ++ Debug ++ 
+    Args = "-mnesia debug " ++ Debug ++
+	" -pa " ++
+	filename:dirname(code:which(?MODULE)) ++
 	" -pa " ++
-	filename:dirname(code:which(?MODULE)) ++ 
-	" -pa " ++ 
-	filename:dirname(code:which(mnesia)),    
+	filename:dirname(code:which(mnesia)),
     case starter(Host, Name, Args) of
 	{ok, NewNode} ->
 	    ?match(pong, net_adm:ping(NewNode)),
@@ -264,8 +264,8 @@ slave_start_link(Host, Name, Retries) ->
 	    {ok, NewNode};
 	{error, Reason} when Retries == 0->
 	    {error, Reason};
-	{error, Reason} ->	    
-	    io:format("Could not start slavenode ~p ~p retrying~n", 
+	{error, Reason} ->
+	    io:format("Could not start slavenode ~p ~p retrying~n",
 		      [{Host, Name, Args}, Reason]),
 	    timer:sleep(500),
 	    slave_start_link(Host, Name, Retries - 1)
@@ -284,7 +284,7 @@ starter(Host, Name, Args) ->
 slave_sup() ->
     process_flag(trap_exit, true),
     receive
-	{'EXIT', _, _} -> 
+	{'EXIT', _, _} ->
 	    case os:type() of
 		vxworks ->
 		    erlang:halt();
@@ -292,7 +292,7 @@ slave_sup() ->
 		    ignore
 	    end
     end.
-    
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Index the test case structure
 
@@ -305,7 +305,7 @@ doc(TestCases) when is_list(TestCases) ->
     io:format(Fd, "<TITLE>Test specification for ~p</TITLE>.~n", [TestCases]),
     io:format(Fd, "<H1>Test specification for ~p</H1>~n", [TestCases]),
     io:format(Fd, "Test cases which not are implemented yet are written in <B>bold face</B>.~n~n", []),
-    
+
     io:format(Fd, "<BR><BR>~n", []),
     io:format(Fd, "~n<DL>~n", []),
     do_doc(Fd, TestCases, []),
@@ -349,7 +349,7 @@ do_doc(Fd, Module, TestCase, List) ->
 
 print_doc(Fd, Mod, Fun, Head) ->
     case catch (apply(Mod, Fun, [doc])) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    io:format(Fd, "<DT>~s</DT>~n", [Head]);
 	Doc when is_list(Doc) ->
 	    io:format(Fd, "<DT><U>~s</U><BR><DD>~n", [Head]),
@@ -428,10 +428,10 @@ test_driver({Module, TestCase}, Config) ->
 	_ ->
 	    log("Eval test case: ~w~n", [{Module, TestCase}]),
 	    try timer:tc(?MODULE, eval_test_case, [Module, TestCase, Config]) of
-		{T, Res} -> 
+		{T, Res} ->
 		    log("Tested ~w in ~w sec~n", [TestCase, T div Sec]),
 		    {T div Sec, Res}
-	    catch error:function_clause -> 
+	    catch error:function_clause ->
 		    log("<WARNING> Test case ~w NYI~n", [{Module, TestCase}]),
 		    {0, {skip, {Module, TestCase}, "NYI"}}
 	    end
@@ -472,13 +472,13 @@ get_suite(Module, TestCase, Config) ->
 
 %% Returns a list (possibly empty) or the atom 'NYI'
 get_suite(Mod, {group, Suite}) ->
-    try 
+    try
 	Groups = Mod:groups(),
 	{_, _, TCList} = lists:keyfind(Suite, 1, Groups),
 	TCList
     catch
 	_:Reason ->
-	    io:format("Not implemented ~p ~p (~p ~p)~n", 
+	    io:format("Not implemented ~p ~p (~p ~p)~n",
 		      [Mod,Suite,Reason, erlang:get_stacktrace()]),
 	    'NYI'
     end;
@@ -487,7 +487,7 @@ get_suite(Mod, all) ->
 	{'EXIT', _} -> 'NYI';
 	List when is_list(List) -> List
     end;
-get_suite(_Mod, _Fun) -> 
+get_suite(_Mod, _Fun) ->
     [].
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -511,7 +511,7 @@ wait_for_evaluator(Pid, Mod, Fun, Config) ->
     receive
 	{'EXIT', Pid, {test_case_ok, _PidRes}} ->
 	    Errors = flush(),
-	    Res = 
+	    Res =
 		case Errors of
 		    [] -> ok;
 		    Errors -> failed
@@ -531,7 +531,7 @@ wait_for_evaluator(Pid, Mod, Fun, Config) ->
 
 test_case_evaluator(Mod, Fun, [Config]) ->
     NewConfig = Mod:init_per_testcase(Fun, Config),
-    try 
+    try
 	R = apply(Mod, Fun, [NewConfig]),
 	Mod:end_per_testcase(Fun, NewConfig),
 	exit({test_case_ok, R})
@@ -588,7 +588,7 @@ mapl(_Fun, []) ->
 
 diskless(Config) ->
     case lists:keysearch(diskless, 1, Config) of
-	{value, {diskless, true}} -> 
+	{value, {diskless, true}} ->
 	    true;
 	_Else ->
 	    false
@@ -634,7 +634,7 @@ sync_trans_tid_serial(Nodes) ->
 
 select_nodes(N, Config, File, Line) ->
     prepare_test_case([], N, Config, File, Line).
-    
+
 prepare_test_case(Actions, N, Config, File, Line) ->
     NodeList1 = lookup_config(nodes, Config),
     NodeList2 = lookup_config(nodenames, Config), %% For testserver
@@ -666,10 +666,10 @@ do_prepare([delete_schema | Actions], Selected, All, Config, File, Line) ->
 	true ->
 	    skip;
 	false ->
-	    Del = fun(Node) -> 
+	    Del = fun(Node) ->
 			  case mnesia:delete_schema([Node]) of
 			      ok -> ok;
-			      {error, {"All nodes not running",_}} -> 
+			      {error, {"All nodes not running",_}} ->
 				  ok;
 			      Else ->
 				  ?log("Delete schema error ~p ~n", [Else])
@@ -680,7 +680,7 @@ do_prepare([delete_schema | Actions], Selected, All, Config, File, Line) ->
     do_prepare(Actions, Selected, All, Config, File, Line);
 do_prepare([create_schema | Actions], Selected, All, Config, File, Line) ->
     case diskless(Config) of
-	true -> 
+	true ->
 	    skip;
 	_Else ->
 	    case mnesia:create_schema(Selected) of
@@ -705,12 +705,12 @@ set_kill_timer(Config) ->
     case init:get_argument(mnesia_test_timeout) of
 	{ok, _ } -> ok;
 	_ ->
-	    Time0 = 
+	    Time0 =
 		case lookup_config(tc_timeout, Config) of
 		    [] -> timer:minutes(5);
 		    ConfigTime when is_integer(ConfigTime) -> ConfigTime
 		end,
-	    Mul = try 
+	    Mul = try
 		      test_server:timetrap_scale_factor()
 		  catch _:_ -> 1 end,
 	    (catch test_server:timetrap(Mul*Time0 + 1000)),
@@ -718,7 +718,7 @@ set_kill_timer(Config) ->
     end.
 
 kill_tc(Pid, Time) ->
-    receive 
+    receive
     after Time ->
 	    case process_info(Pid) of
 		undefined ->  ok;
@@ -739,10 +739,10 @@ kill_tc(Pid, Time) ->
 		    exit(Pid, kill)
 	    end
     end.
-    
+
 
 append_unique([], List) -> List;
-append_unique([H|R], List) -> 
+append_unique([H|R], List) ->
     case lists:member(H, List) of
 	true -> append_unique(R, List);
 	false -> [H | append_unique(R, List)]
@@ -751,13 +751,13 @@ append_unique([H|R], List) ->
 pick_nodes(all, Nodes, File, Line) ->
     pick_nodes(length(Nodes), Nodes, File, Line);
 pick_nodes(N, [H | T], File, Line) when N > 0 ->
-    [H | pick_nodes(N - 1, T, File, Line)]; 
+    [H | pick_nodes(N - 1, T, File, Line)];
 pick_nodes(0, _Nodes, _File, _Line) ->
     [];
 pick_nodes(N, [], File, Line) ->
     ?skip("Test case (~p(~p)) ignored: ~p nodes missing~n",
 	  [File, Line, N]).
-   
+
 init_nodes([Node | Nodes], File, Line) ->
     case net_adm:ping(Node) of
 	pong ->
@@ -777,7 +777,7 @@ init_nodes([Node | Nodes], File, Line) ->
 init_nodes([], _File, _Line) ->
     [].
 
-%% Returns [Name, Host]    
+%% Returns [Name, Host]
 node_to_name_and_host(Node) ->
     string:tokens(atom_to_list(Node), [$@]).
 
@@ -793,7 +793,7 @@ lookup_config(Key,Config) ->
 
 start_appls(Appls, Nodes) ->
     start_appls(Appls, Nodes, [],  [schema]).
-    
+
 start_appls(Appls, Nodes, Config) ->
     start_appls(Appls, Nodes, Config, [schema]).
 
@@ -815,9 +815,9 @@ start_appls([], _Nodes, _Config, _Tabs) ->
 
 remote_start(mnesia, Config, Nodes) ->
     case diskless(Config) of
-	true -> 
-	    application_controller:set_env(mnesia, 
-					   extra_db_nodes, 
+	true ->
+	    application_controller:set_env(mnesia,
+					   extra_db_nodes,
 					   Nodes -- [node()]),
 	    application_controller:set_env(mnesia,
 					   schema_location,
@@ -830,7 +830,7 @@ remote_start(mnesia, Config, Nodes) ->
     end,
     {node(), mnesia:start()};
 remote_start(Appl, _Config, _Nodes) ->
-    Res = 
+    Res =
 	case application:start(Appl) of
 	    {error, {already_started, Appl}} ->
 		ok;
@@ -842,13 +842,13 @@ remote_start(Appl, _Config, _Nodes) ->
 %% Start Mnesia on all given nodes and wait for specified
 %% tables to be accessible on each node. The atom all means
 %% that we should wait for all tables to be loaded
-%% 
+%%
 %% Returns a list of error tuples {BadNode, mnesia, Reason}
 start_mnesia(Nodes) ->
     start_appls([mnesia], Nodes).
 start_mnesia(Nodes, Tabs) when is_list(Nodes) ->
     start_appls([mnesia], Nodes, [], Tabs).
-    
+
 %% Wait for the tables to be accessible from all nodes in the list
 %% and that all nodes are aware of that the other nodes also ...
 sync_tables(Nodes, Tabs) ->
@@ -924,26 +924,26 @@ verify_nodes([Tab| Tabs], N) ->
 	mnesia:table_info(Tab, ram_copies),
     Local = mnesia:table_info(Tab, local_content),
     case Copies -- Nodes of
-	[] -> 
+	[] ->
 	    verify_nodes(Tabs, 0);
 	_Else when Local == true, Nodes /= [] ->
 	    verify_nodes(Tabs, 0);
         Else ->
-	    N2 = 
+	    N2 =
 		if
-		    N > 20 -> 
-			log("<>WARNING<> ~w Waiting for table: ~p on ~p ~n", 
+		    N > 20 ->
+			log("<>WARNING<> ~w Waiting for table: ~p on ~p ~n",
 				 [node(), Tab, Else]),
 			0;
 		    true -> N+1
-		end,	    
+		end,
 	    timer:sleep(500),
 	    verify_nodes([Tab| Tabs], N2)
     end.
 
 
 %% Nicely stop Mnesia on all given nodes
-%% 
+%%
 %% Returns a list of error tuples {BadNode, Reason}
 stop_mnesia(Nodes) when is_list(Nodes) ->
     stop_appls([mnesia], Nodes).
@@ -1047,7 +1047,7 @@ verify_replica_location(Tab, DiscOnly0, Ram0, Disc0, AliveNodes0) ->
     Read = ignore_dead(DiscOnly ++ Ram ++ Disc, AliveNodes),
     This = node(),
 
-    timer:sleep(100), 
+    timer:sleep(100),
 
     S1 = ?match(AliveNodes, lists:sort(mnesia:system_info(running_db_nodes))),
     S2 = ?match(DiscOnly, lists:sort(mnesia:table_info(Tab, disc_only_copies))),
@@ -1080,7 +1080,7 @@ do_remote_activate_debug_fun(From, I, F, C, File, Line) ->
     timer:sleep(infinity).  % Dies whenever the test process dies !!
 
 
-sort(L) when is_list(L) -> 
+sort(L) when is_list(L) ->
     lists:sort(L);
 sort({atomic, L}) when is_list(L) ->
     {atomic, lists:sort(L)};
diff --git a/lib/mnesia/test/mnesia_test_lib.hrl b/lib/mnesia/test/mnesia_test_lib.hrl
index fc377dbd2c..281634c239 100644
--- a/lib/mnesia/test/mnesia_test_lib.hrl
+++ b/lib/mnesia/test/mnesia_test_lib.hrl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -112,7 +112,7 @@
 -define(remote_deactivate_debug_fun(N, I),
 	rpc:call(N, mnesia_lib, deactivate_debug_fun, [I, ?FILE, ?LINE])).
 
--define(is_debug_compiled, 
+-define(is_debug_compiled,
 	case mnesia_lib:is_debug_compiled() of
 	    false ->
 		?skip("Mnesia is not debug compiled, test case ignored.~n", []);
@@ -120,7 +120,7 @@
 		ok
 	end).
 
--define(needs_disc(Config), 
+-define(needs_disc(Config),
 	case mnesia_test_lib:diskless(Config) of
 	    false ->
 		ok;
@@ -128,5 +128,5 @@
 		?skip("Must have disc, test case ignored.~n", [])
 	end).
 
--define(verify_mnesia(Ups, Downs), 
+-define(verify_mnesia(Ups, Downs),
 	mnesia_test_lib:verify_mnesia(Ups, Downs, ?FILE, ?LINE)).
diff --git a/lib/mnesia/test/mnesia_trans_access_test.erl b/lib/mnesia/test/mnesia_trans_access_test.erl
index ca3f0fbf49..c040d0ca3f 100644
--- a/lib/mnesia/test/mnesia_trans_access_test.erl
+++ b/lib/mnesia/test/mnesia_trans_access_test.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -31,22 +31,22 @@ end_per_testcase(Func, Conf) ->
 
 -define(receive_messages(Msgs), mnesia_recovery_test:receive_messages(Msgs, ?FILE, ?LINE)).
 
-% First Some debug logging 
+% First Some debug logging
 -define(dgb, true).
 -ifdef(dgb).
 -define(dl(X, Y), ?verbose("**TRACING: " ++ X ++ "**~n", Y)).
--else. 
+-else.
 -define(dl(X, Y), ok).
 -endif.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-all() -> 
+all() ->
     [write, read, wread, delete, delete_object,
      match_object, select, select14, all_keys, transaction,
      {group, nested_activities}, {group, index_tabs},
      {group, index_lifecycle}].
 
-groups() -> 
+groups() ->
     [{nested_activities, [],
       [basic_nested, {group, nested_transactions},
        mix_of_nested_activities]},
@@ -80,128 +80,133 @@ end_per_group(_GroupName, Config) ->
 
 write(suite) -> [];
 write(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = write, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:write([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:write({foo, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:write({Tab, 1, 2})), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = write,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:write([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:write({foo, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:write({Tab, 1, 2})),
     ?verify_mnesia(Nodes, []).
 
 %% Read records
 
 read(suite) -> [];
 read(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = read, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 1, 3}, 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:read([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab}) end)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = read,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 1, 3},
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:read([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:read({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:read(OneRec) end)), 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [OneRec, TwoRec]}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:read({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:read(OneRec) end)),
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [OneRec, TwoRec]},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:read({Tab, 1})),
     ?verify_mnesia(Nodes, []).
 
 %% Read records and set write lock
 
 wread(suite) -> [];
 wread(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = wread, 
-    Schema = [{name, Tab}, {type, set}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 1, 3}, 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:wread([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab}) end)), 
+    [_N1,N2] = Nodes = ?acquire_nodes(2, Config),
+    Tab = wread,
+    Schema = [{name, Tab}, {type, set}, {attributes, [k, v]}, {ram_copies, Nodes}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 1, 3},
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:wread([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:wread(OneRec) end)), 
-    
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [TwoRec]}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:wread({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:wread(OneRec) end)),
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [TwoRec]},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:wread({Tab, 1})),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Tab, {Tab, 42, a}, sticky_write) end)),
+    ?match({atomic, [{Tab,42, a}]},
+	   rpc:call(N2, mnesia, transaction, [fun() -> mnesia:wread({Tab, 42}) end])),
     ?verify_mnesia(Nodes, []).
 
 %% Delete record
 
 delete(suite) -> [];
 delete(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = delete, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:delete([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab}) end)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = delete,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:delete([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:delete({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:delete({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete({Tab, 1})),
     ?verify_mnesia(Nodes, []).
 
 %% Delete matching record
 
 delete_object(suite) -> [];
 delete_object(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = delete_object, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = delete_object,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
 
-    OneRec = {Tab, 1, 2}, 
+    OneRec = {Tab, 1, 2},
     ?match({aborted, {bad_type, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object([]) end)),
     ?match({aborted, {bad_type, _}},
@@ -215,17 +220,17 @@ delete_object(Config) when is_list(Config) ->
     ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:delete_object(OneRec) end)),
     ?match({atomic, ok},
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, ok}, 
 	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
-    ?match({atomic, ok}, 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:delete_object(OneRec) end)),
-    
+
     ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete_object(OneRec)),
 
-    ?match({aborted, {bad_type, Tab, _}}, 
+    ?match({aborted, {bad_type, Tab, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object({Tab, {['_']}, 21}) end)),
-    ?match({aborted, {bad_type, Tab, _}}, 
+    ?match({aborted, {bad_type, Tab, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object({Tab, {['$5']}, 21}) end)),
 
     ?verify_mnesia(Nodes, []).
@@ -234,108 +239,108 @@ delete_object(Config) when is_list(Config) ->
 
 match_object(suite) -> [];
 match_object(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = match, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    OneRec = {Tab, 1, 2}, 
-    OnePat = {Tab, '$1', 2}, 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)), 
-    
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:match_object({foo, '$1', 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:match_object({[], '$1', 2}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:match_object(OnePat)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = match,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    OnePat = {Tab, '$1', 2},
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:match_object({foo, '$1', 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:match_object({[], '$1', 2}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:match_object(OnePat)),
     ?verify_mnesia(Nodes, []).
 
 %% select
 select(suite) -> [];
 select(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = match, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = match,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
 
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 2, 3}, 
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 2, 3},
     OnePat = [{{Tab, '$1', 2}, [], ['$_']}],
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)), 
-
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, {match, '$1', 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, [{'_', [], '$1'}]) end)), 
-
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat)), 
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, {match, '$1', 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, [{'_', [], '$1'}]) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat)),
     ?verify_mnesia(Nodes, []).
 
 
 %% more select
 select14(suite) -> [];
 select14(Config) when is_list(Config) ->
-    [Node1,Node2] = Nodes = ?acquire_nodes(2, Config), 
-    Tab1 = select14_ets, 
-    Tab2 = select14_dets, 
-    Tab3 = select14_remote, 
-    Tab4 = select14_remote_dets, 
-    Schemas = [[{name, Tab1}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-	       [{name, Tab2}, {attributes, [k, v]}, {disc_only_copies, [Node1]}], 
+    [Node1,Node2] = Nodes = ?acquire_nodes(2, Config),
+    Tab1 = select14_ets,
+    Tab2 = select14_dets,
+    Tab3 = select14_remote,
+    Tab4 = select14_remote_dets,
+    Schemas = [[{name, Tab1}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+	       [{name, Tab2}, {attributes, [k, v]}, {disc_only_copies, [Node1]}],
 	       [{name, Tab3}, {attributes, [k, v]}, {ram_copies, [Node2]}],
-	       [{name, Tab4}, {attributes, [k, v]}, {disc_only_copies, [Node2]}]], 
+	       [{name, Tab4}, {attributes, [k, v]}, {disc_only_copies, [Node2]}]],
     [?match({atomic, ok},  mnesia:create_table(Schema)) || Schema <- Schemas],
 
     %% Some Helpers
     Trans = fun(Fun) -> mnesia:transaction(Fun) end,
     LoopHelp = fun('$end_of_table',_) -> [];
-		  ({Recs,Cont},Fun) -> 
+		  ({Recs,Cont},Fun) ->
 		       Sel = mnesia:select(Cont),
 		       Recs ++ Fun(Sel, Fun)
 	       end,
-    Loop = fun(Table,Pattern) -> 
+    Loop = fun(Table,Pattern) ->
 		   Sel = mnesia:select(Table, Pattern, 1, read),
 		   Res = LoopHelp(Sel,LoopHelp),
 		   case mnesia:table_info(Table, type) of
 		       ordered_set -> Res;
 		       _ -> lists:sort(Res)
-		   end 
+		   end
 	   end,
-    Test = 
+    Test =
 	fun(Tab) ->
-		OneRec = {Tab, 1, 2}, 
-		TwoRec = {Tab, 2, 3}, 
+		OneRec = {Tab, 1, 2},
+		TwoRec = {Tab, 2, 3},
 		OnePat = [{{Tab, '$1', 2}, [], ['$_']}],
 		All = [OneRec,TwoRec],
 		AllPat = [{'_', [], ['$_']}],
 
-		?match({atomic, []}, Trans(fun() -> Loop(Tab, OnePat) end)), 
-		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-		?match({atomic, [OneRec]}, Trans(fun() -> Loop(Tab, OnePat) end)), 
-		?match({atomic, All}, Trans(fun() -> Loop(Tab, AllPat) end)), 
-		
+		?match({atomic, []}, Trans(fun() -> Loop(Tab, OnePat) end)),
+		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+		?match({atomic, [OneRec]}, Trans(fun() -> Loop(Tab, OnePat) end)),
+		?match({atomic, All}, Trans(fun() -> Loop(Tab, AllPat) end)),
+
 		{atomic,{_, Cont}} = Trans(fun() -> mnesia:select(Tab, OnePat, 1, read) end),
 		?match({aborted, wrong_transaction}, Trans(fun() -> mnesia:select(Cont) end)),
-		
-		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, {match, '$1', 2},1,read) end)), 
-		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, [{'_', [], '$1'}],1,read) end)), 
-		?match({aborted, _}, Trans(fun() -> mnesia:select(sune) end)),     
-		?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat,1,read)), 
-		?match({aborted, {badarg,sune}}, 
+
+		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, {match, '$1', 2},1,read) end)),
+		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, [{'_', [], '$1'}],1,read) end)),
+		?match({aborted, _}, Trans(fun() -> mnesia:select(sune) end)),
+		?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat,1,read)),
+		?match({aborted, {badarg,sune}},
 		       Trans(fun() -> mnesia:select(sune) end))
 	end,
     Test(Tab1),
@@ -349,28 +354,28 @@ select14(Config) when is_list(Config) ->
 
 all_keys(suite) ->[];
 all_keys(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = all_keys, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    Write = fun() -> mnesia:write({Tab, 14, 4}) end, 
-    AllKeys = fun() -> mnesia:all_keys(Tab) end, 
-    
-    ?match({atomic, []},  mnesia:transaction(AllKeys)), 
-    
-    ?match({atomic, ok},  mnesia:transaction(Write)), 
-    ?match({atomic, [14]},  mnesia:transaction(AllKeys)), 
-    
-    ?match({atomic, ok},  mnesia:transaction(Write)), 
-    ?match({atomic, [14]},  mnesia:transaction(AllKeys)), 
-    
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:all_keys(foo) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:all_keys([]) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:all_keys(Tab)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = all_keys,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    Write = fun() -> mnesia:write({Tab, 14, 4}) end,
+    AllKeys = fun() -> mnesia:all_keys(Tab) end,
+
+    ?match({atomic, []},  mnesia:transaction(AllKeys)),
+
+    ?match({atomic, ok},  mnesia:transaction(Write)),
+    ?match({atomic, [14]},  mnesia:transaction(AllKeys)),
+
+    ?match({atomic, ok},  mnesia:transaction(Write)),
+    ?match({atomic, [14]},  mnesia:transaction(AllKeys)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:all_keys(foo) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:all_keys([]) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:all_keys(Tab)),
     ?verify_mnesia(Nodes, []).
 
 
@@ -436,49 +441,49 @@ transaction(Config) when is_list(Config) ->
 basic_nested(doc) -> ["Test the basic functionality of nested transactions"];
 basic_nested(suite) -> [];
 basic_nested(Config) when is_list(Config) ->
-    Nodes = ?acquire_nodes(3, Config), 
-    Args =  [{ram_copies,  Nodes}, 
-	     {attributes,  record_info(fields,  ntab)}], 
-    ?match({atomic,  ok},  mnesia:create_table(ntab,  Args)), 
-    do_nested(top), 
+    Nodes = ?acquire_nodes(3, Config),
+    Args =  [{ram_copies,  Nodes},
+	     {attributes,  record_info(fields,  ntab)}],
+    ?match({atomic,  ok},  mnesia:create_table(ntab,  Args)),
+    do_nested(top),
     case mnesia_test_lib:diskless(Config) of
 	false ->
 	    lists:foreach(fun(N) ->
-				  ?match({atomic,  ok}, 
+				  ?match({atomic,  ok},
 					 mnesia:change_table_copy_type(ntab,  N,  disc_only_copies))
-			  end,  Nodes), 
+			  end,  Nodes),
 	    do_nested(top);
-	true -> 
+	true ->
 	    skip
     end,
     ?verify_mnesia(Nodes, []).
 
 do_nested(How) ->
     F1 = fun() ->
-		mnesia:write(#ntab{a= 1}), 
+		mnesia:write(#ntab{a= 1}),
 		mnesia:write(#ntab{a= 2})
-	end, 
+	end,
     F2 = fun() ->
 		 mnesia:read({ntab,  1})
-	 end, 
-    ?match({atomic,  ok},  mnesia:transaction(F1)), 
-    ?match({atomic,  _},  mnesia:transaction(F2)), 
+	 end,
+    ?match({atomic,  ok},  mnesia:transaction(F1)),
+    ?match({atomic,  _},  mnesia:transaction(F2)),
 
-    ?match({atomic,  {aborted,  _}}, 
-	   mnesia:transaction(fun() -> n_f1(), 
+    ?match({atomic,  {aborted,  _}},
+	   mnesia:transaction(fun() -> n_f1(),
 				mnesia:transaction(fun() -> n_f2() end)
-		       end)), 
+		       end)),
 
-    ?match({atomic,  {aborted,  _}}, 
-	   mnesia:transaction(fun() -> n_f1(), 
+    ?match({atomic,  {aborted,  _}},
+	   mnesia:transaction(fun() -> n_f1(),
 				mnesia:transaction(fun() -> n_f3() end)
-		       end)), 
-    ?match({atomic,  {atomic,  [#ntab{a = 5}]}}, 
-	   mnesia:transaction(fun() -> mnesia:write(#ntab{a = 5}), 
+		       end)),
+    ?match({atomic,  {atomic,  [#ntab{a = 5}]}},
+	   mnesia:transaction(fun() -> mnesia:write(#ntab{a = 5}),
 				       mnesia:transaction(fun() -> n_f4() end)
-			      end)), 
-    Cyclic = fun() -> mnesia:abort({cyclic,a,a,a,a,a}) end,  %% Ugly 
-    NodeNotR = fun() -> mnesia:abort({node_not_running, testNode}) end,   
+			      end)),
+    Cyclic = fun() -> mnesia:abort({cyclic,a,a,a,a,a}) end,  %% Ugly
+    NodeNotR = fun() -> mnesia:abort({node_not_running, testNode}) end,
 
     TestAbort = fun(Fun) ->
 			case get(restart_counter) of
@@ -490,46 +495,46 @@ do_nested(How) ->
 				ok
 			end
 		end,
-    
-    ?match({atomic,{atomic,ok}}, 
+
+    ?match({atomic,{atomic,ok}},
 	   mnesia:transaction(fun()->mnesia:transaction(TestAbort,
 							[Cyclic])end)),
-    
-    ?match({atomic,{atomic,ok}}, 
+
+    ?match({atomic,{atomic,ok}},
 	   mnesia:transaction(fun()->mnesia:transaction(TestAbort,
 							[NodeNotR])end)),
-							    
+
     %% Now try the restart thingie
     case How of
-	top ->	    
-	    Pids = [spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}])], 
-	    ?match({info, _, _}, mnesia_tm:get_info(2000)),	    
+	top ->
+	    Pids = [spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}])],
+	    ?match({info, _, _}, mnesia_tm:get_info(2000)),
 	    lists:foreach(fun(P) -> receive
 					{P,  ok} -> ok
 				    end
-			  end,  Pids), 
+			  end,  Pids),
 	    ?match([],  [Tab || Tab <- ets:all(), mnesia_trans_store == ets:info(Tab, name)]);
-				
+
 	{spawned,  Pid} ->
-	    ?match({info, _, _}, mnesia_tm:get_info(2000)),	    
+	    ?match({info, _, _}, mnesia_tm:get_info(2000)),
 	    Pid ! {self(),  ok},
 	    exit(normal)
     end.
 
 
 n_f1() ->
-    mnesia:read({ntab,  1}), 
+    mnesia:read({ntab,  1}),
     mnesia:write(#ntab{a = 3}).
 
 n_f2() ->
-    mnesia:write(#ntab{a = 4}), 
+    mnesia:write(#ntab{a = 4}),
     erlang:error(exit_here).
 
 n_f3() ->
-    mnesia:write(#ntab{a = 4}), 
+    mnesia:write(#ntab{a = 4}),
     throw(funky).
 
 n_f4() ->
@@ -555,24 +560,24 @@ nested_trans_both_dies(Config) when is_list(Config) ->
     nested_transactions(Config, abort, abort).
 
 nested_transactions(Config, Child, Father) ->
-    [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),    
+    [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),
     Tab = nested_trans,
 
-    Def = 
+    Def =
 	case mnesia_test_lib:diskless(Config) of
 	    true ->
 		[{name, Tab}, {ram_copies, Nodes}];
 	    false ->
-		[{name, Tab}, {ram_copies, [Node1]}, 
+		[{name, Tab}, {ram_copies, [Node1]},
 		 {disc_copies, [Node2]}, {disc_only_copies, [Node3]}]
 	end,
 
     ?match({atomic, ok}, mnesia:create_table(Def)),
     ?match(ok, mnesia:dirty_write({Tab, father, not_updated})),
-    ?match(ok, mnesia:dirty_write({Tab, child, not_updated})),    
+    ?match(ok, mnesia:dirty_write({Tab, child, not_updated})),
 
     ChildOk = fun() -> mnesia:write({Tab, child, updated}) end,
-    ChildAbort = fun() -> 
+    ChildAbort = fun() ->
 			 mnesia:write({Tab, child, updated}),
 			 erlang:error(exit_here)
 		 end,
@@ -616,7 +621,7 @@ nested_transactions(Config, Child, Father) ->
     ?verify_mnesia(Nodes, []).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-mix_of_nested_activities(doc) -> 
+mix_of_nested_activities(doc) ->
     ["Verify that dirty operations in a transaction are handled like ",
      "normal transactions"];
 mix_of_nested_activities(suite) ->   [];
@@ -624,27 +629,27 @@ mix_of_nested_activities(Config) when is_list(Config) ->
     [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),
     Tab = tab,
 
-    Def = 
+    Def =
 	case mnesia_test_lib:diskless(Config) of
 	    true -> [{ram_copies, Nodes}];
-	    false -> 
-		[{ram_copies, [Node1]}, 
-		 {disc_copies, [Node2]}, 
+	    false ->
+		[{ram_copies, [Node1]},
+		 {disc_copies, [Node2]},
 		 {disc_only_copies, [Node3]}]
 	end,
 
     ?match({atomic, ok}, mnesia:create_table(Tab, [{type,bag}|Def])),
-    Activities = [transaction, sync_transaction, 
+    Activities = [transaction, sync_transaction,
 		  ets, async_dirty, sync_dirty],
     %% Make a test for all 3000 combinations
-    Tests = [[A,B,C,D,E] || 
+    Tests = [[A,B,C,D,E] ||
 		A <- Activities,
 		B <- Activities,
 		C <- Activities,
 		D <- Activities,
 		E <- Activities],
-    Foreach = 
-	fun(Test,No) -> 
+    Foreach =
+	fun(Test,No) ->
 		Result = lists:reverse(Test),
 		?match({No,Result},{No,catch apply_op({Tab,No},Test)}),
 		No+1
@@ -661,9 +666,9 @@ apply_op(Oid = {Tab,Key},[Type|Next]) ->
 				       apply_op(Oid,Next)
 			       end)).
 
-check_res(transaction, {atomic,Res}) -> 
+check_res(transaction, {atomic,Res}) ->
     Res;
-check_res(sync_transaction, {atomic,Res}) -> 
+check_res(sync_transaction, {atomic,Res}) ->
     Res;
 check_res(async_dirty, Res) when is_list(Res) ->
     Res;
@@ -673,11 +678,11 @@ check_res(ets, Res) when is_list(Res) ->
     Res;
 check_res(Type,Res) ->
     ?match(bug,{Type,Res}).
-    
+
 read_op(Oid) ->
     case lists:reverse(mnesia:read(Oid)) of
 	[] -> [];
-	[{_,_,Ops}|_] -> 
+	[{_,_,Ops}|_] ->
 	    Ops
     end.
 
@@ -686,24 +691,24 @@ read_op(Oid) ->
 
 index_match_object(suite) -> [];
 index_match_object(Config) when is_list(Config) ->
-    [Node1, Node2] = Nodes = ?acquire_nodes(2, Config), 
-    Tab = index_match_object, 
-    Schema = [{name, Tab}, {attributes, [k, v, e]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = 3, 
-    BadValPos = ValPos + 2, 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_match_object({Tab, '$1', 2}, ValPos) end)), 
-    OneRec = {Tab, {1, 1}, 2, {1, 1}}, 
-    OnePat = {Tab, '$1', 2, '_'},     
+    [Node1, Node2] = Nodes = ?acquire_nodes(2, Config),
+    Tab = index_match_object,
+    Schema = [{name, Tab}, {attributes, [k, v, e]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = 3,
+    BadValPos = ValPos + 2,
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_match_object({Tab, '$1', 2}, ValPos) end)),
+    OneRec = {Tab, {1, 1}, 2, {1, 1}},
+    OnePat = {Tab, '$1', 2, '_'},
     BadPat = {Tab, '$1', '$2', '_'},  %% See ref guide
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
 
-    Imatch = fun(Patt, Pos) -> 
+    Imatch = fun(Patt, Pos) ->
 		     mnesia:transaction(fun() -> lists:sort(mnesia:index_match_object(Patt, Pos)) end)
 	     end,
     ?match({atomic, [OneRec]}, Imatch(OnePat, ValPos)),
@@ -711,13 +716,13 @@ index_match_object(Config) when is_list(Config) ->
     ?match({aborted, _}, Imatch({foo, '$1', 2, '_'}, ValPos)),
     ?match({aborted, _}, Imatch({[], '$1', 2, '_'}, ValPos)),
     ?match({aborted, _}, Imatch(BadPat, ValPos)),
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_match_object(OnePat, ValPos)), 
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_match_object(OnePat, ValPos)),
 
     Another = {Tab, {3,1}, 2, {4,4}},
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Another) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, {4, 4}, 3, {4, 4}}) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Another) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, {4, 4}, 3, {4, 4}}) end)),
 
     ?match({atomic, [OneRec]}, Imatch({Tab, {1,1}, 2, {1,1}}, ValPos)),
     ?match({atomic, [OneRec]}, Imatch({Tab, {1,1}, 2, '$1'}, ValPos)),
@@ -727,110 +732,110 @@ index_match_object(Config) when is_list(Config) ->
     ?match({atomic, [OneRec]}, Imatch({Tab, {'$2', '$1'}, 2, {'_', '$1'}}, ValPos)),
     ?match({atomic, [OneRec, Another]}, Imatch({Tab, '_', 2, '_'}, ValPos)),
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 4, 5, {7, 4}}) end)),     
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 7, 5, {7, 5}}) end)),     
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 4, 5, {7, 4}}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 7, 5, {7, 5}}) end)),
 
     ?match({atomic, [{Tab, 4, 5, {7, 4}}]}, Imatch({Tab, '$1', 5, {'_', '$1'}}, ValPos)),
 
     ?match({atomic, [OneRec]}, rpc:call(Node2, mnesia, transaction,
-					[fun() -> 
-						lists:sort(mnesia:index_match_object({Tab, {1,1}, 2, 
+					[fun() ->
+						lists:sort(mnesia:index_match_object({Tab, {1,1}, 2,
 										      {1,1}}, ValPos))
-					 end])),    
+					 end])),
     ?verify_mnesia(Nodes, []).
 
 %% Read records by using an index
 
 index_read(suite) -> [];
 index_read(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_read, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = 3, 
-    BadValPos = ValPos + 1, 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-
-    OneRec = {Tab, 1, 2}, 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, BadValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(foo, 2, ValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read([], 2, ValPos) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_read(Tab, 2, ValPos)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_read,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = 3,
+    BadValPos = ValPos + 1,
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
+    OneRec = {Tab, 1, 2},
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, BadValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read(foo, 2, ValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read([], 2, ValPos) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_read(Tab, 2, ValPos)),
     ?verify_mnesia(Nodes, []).
 
 index_update_set(suite) -> [];
 index_update_set(Config)when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_test, 
-    Schema = [{name, Tab}, {attributes, [k, v1, v2, v3]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = v1, 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_test,
+    Schema = [{name, Tab}, {attributes, [k, v1, v2, v3]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = v1,
     ValPos2 = v3,
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-    
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
     Pat1 = {Tab, '$1',  2,   '$2', '$3'},
-    Pat2 = {Tab, '$1', '$2', '$3', '$4'}, 
-    
-    Rec1 = {Tab, 1, 2, 3, 4}, 
+    Pat2 = {Tab, '$1', '$2', '$3', '$4'},
+
+    Rec1 = {Tab, 1, 2, 3, 4},
     Rec2 = {Tab, 2, 2, 13, 14},
-    Rec3 = {Tab, 1, 12, 13, 14}, 
-    Rec4 = {Tab, 4, 2, 13, 14}, 
-    
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)), 
-    ?match({atomic, [Rec1]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)), 
-    {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+    Rec3 = {Tab, 1, 12, 13, 14},
+    Rec4 = {Tab, 4, 2, 13, 14},
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
+    ?match({atomic, [Rec1]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)),
+    {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R1)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)), 
-    {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
+    {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2], lists:sort(R2)),
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end)), 
-    
-    {atomic, R3} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end), 
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end)),
+
+    {atomic, R3} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2], lists:sort(R3)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)), 
-    {atomic, R4} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
+    {atomic, R4} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2, Rec4], lists:sort(R4)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)), 
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)),
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
     ?match({atomic, ok}, mnesia:del_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos2)),
-    
-    {atomic, R5} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end), 
+
+    {atomic, R5} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2, Rec4], lists:sort(R5)),
-    
+
     {atomic, R6} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2, Rec4], lists:sort(R6)),
-    
+
     ?match({atomic, []},
 	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 4, ValPos2) end)),
     {atomic, R7} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 14, ValPos2) end),
@@ -857,62 +862,62 @@ index_update_set(Config)when is_list(Config) ->
     ?match([Rec1], lists:sort(R11)),
     ?match({atomic, [Rec1]},mnesia:transaction(fun() -> mnesia:index_read(Tab, 4, ValPos2) end)),
     ?match({atomic, []},mnesia:transaction(fun() -> mnesia:index_read(Tab, 14, ValPos2) end)),
-    
+
     ?verify_mnesia(Nodes, []).
 
 index_update_bag(suite) -> [];
 index_update_bag(Config)when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_test, 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_test,
     Schema = [{name, Tab},
 	      {type, bag},
-	      {attributes, [k, v1, v2, v3]}, 
-	      {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = v1, 
+	      {attributes, [k, v1, v2, v3]},
+	      {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = v1,
     ValPos2 = v3,
 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
 
     Pat1 = {Tab, '$1',  2,   '$2', '$3'},
-    Pat2 = {Tab, '$1', '$2', '$3', '$4'}, 
+    Pat2 = {Tab, '$1', '$2', '$3', '$4'},
 
-    Rec1 = {Tab, 1, 2, 3, 4},    
-    Rec2 = {Tab, 2, 2, 13, 14},  
-    Rec3 = {Tab, 1, 12, 13, 14}, 
-    Rec4 = {Tab, 4, 2, 13, 4}, 
+    Rec1 = {Tab, 1, 2, 3, 4},
+    Rec2 = {Tab, 2, 2, 13, 14},
+    Rec3 = {Tab, 1, 12, 13, 14},
+    Rec4 = {Tab, 4, 2, 13, 4},
     Rec5 = {Tab, 1, 2, 234, 14},
 
     %% Simple Index
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)), 
-    ?match({atomic, [Rec1]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)), 
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
+    ?match({atomic, [Rec1]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)),
     {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R1)),
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
     {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R2)),
 
     {atomic, R3} = mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R3)),
- 
+
     {atomic, R4} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec1, Rec3, Rec2], lists:sort(R4)),
- 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)), 
-    {atomic, R5} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
+    {atomic, R5} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2, Rec4], lists:sort(R5)),
 
-    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)), 
+    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)),
     {atomic, R6} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R6)),
 
@@ -922,20 +927,20 @@ index_update_bag(Config)when is_list(Config) ->
     ITab = mnesia_lib:val({index_test,{index, IPos}}),
     io:format("~n Index ~p @ ~p => ~p ~n~n",[IPos,ITab, ets:tab2list(ITab)]),
     ?match([{2,1},{2,2},{12,1}], ets:tab2list(ITab)),
-    
+
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec5) end)),
     {atomic, R60} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1,Rec5,Rec2], lists:sort(R60)),
 
     ?match([{2,1},{2,2},{12,1}], ets:tab2list(ITab)),
-    
+
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec3) end)),
     {atomic, R61} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1,Rec5,Rec2], lists:sort(R61)),
     {atomic, R62} = mnesia:transaction(fun() -> mnesia:index_read(Tab,12, ValPos) end),
     ?match([], lists:sort(R62)),
     ?match([{2,1},{2,2}], ets:tab2list(ITab)),
-    
+
     %% reset for rest of testcase
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec5) end)),
@@ -943,19 +948,19 @@ index_update_bag(Config)when is_list(Config) ->
     ?match([Rec1, Rec2], lists:sort(R6)),
     %% OTP-6587
 
-    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec1) end)), 
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
+    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec1) end)),
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
     {atomic, R7} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2], lists:sort(R7)),
-    
+
     %% Two indexies
     ?match({atomic, ok}, mnesia:del_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos2)),
-    
+
     {atomic, R8} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2, Rec4], lists:sort(R8)),
 
@@ -1001,12 +1006,12 @@ index_update_bag(Config)when is_list(Config) ->
 index_write(suite) -> [];
 index_write(doc) -> ["See ticket OTP-8072"];
 index_write(Config)when is_list(Config) ->
-    Nodes = ?acquire_nodes(1, Config), 
+    Nodes = ?acquire_nodes(1, Config),
     mnesia:create_table(a, [{index, [val]}]),
     mnesia:create_table(counter, []),
 
     CreateIfNonExist =
-	fun(Index) ->			       
+	fun(Index) ->
 		case mnesia:index_read(a, Index, 3) of
 		    [] ->
 			Id = mnesia:dirty_update_counter(counter, id, 1),
@@ -1017,7 +1022,7 @@ index_write(Config)when is_list(Config) ->
 			Found
 		end
 	end,
-    
+
     Trans = fun(A) ->
 		    mnesia:transaction(CreateIfNonExist, [A])
 		    %% This works better most of the time
@@ -1030,9 +1035,9 @@ index_write(Config)when is_list(Config) ->
 		     Res = lists:map(Trans, lists:seq(1,10)),
 		     Self ! {self(), Res}
 	     end,
-    
+
     Pids = [spawn(Update) || _ <- lists:seq(1,5)],
-    
+
     Gather = fun(Pid, Acc) -> receive {Pid, Res} -> [Res|Acc] end end,
     Results = lists:foldl(Gather, [], Pids),
     Expected = hd(Results),
@@ -1075,7 +1080,7 @@ add_table_index(Config, Storage) ->
            mnesia:add_table_index(Tab, 1)),
     ?match({aborted, Reason44 } when element(1, Reason44) == bad_type,
            mnesia:add_table_index(Tab, 0)),
-    ?match({aborted, Reason45 } when element(1, Reason45) == bad_type, 
+    ?match({aborted, Reason45 } when element(1, Reason45) == bad_type,
            mnesia:add_table_index(Tab, -1)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({aborted, Reason46 } when element(1, Reason46) == already_exists,
@@ -1083,10 +1088,10 @@ add_table_index(Config, Storage) ->
 
     NestedFun = fun() ->
                         ?match({aborted, nested_transaction},
-                               mnesia:add_table_index(Tab, ValPos)), 
+                               mnesia:add_table_index(Tab, ValPos)),
                         ok
                 end,
-    ?match({atomic, ok}, mnesia:transaction(NestedFun)), 
+    ?match({atomic, ok}, mnesia:transaction(NestedFun)),
     ?verify_mnesia(Nodes, []).
 
 create_live_table_index_ram(suite) -> [];
@@ -1110,7 +1115,7 @@ create_live_table_index(Config, Storage) ->
     mnesia:dirty_write({Tab, 1, 2}),
 
     Fun = fun() ->
-                  ?match(ok, mnesia:write({Tab, 2, 2})),        
+                  ?match(ok, mnesia:write({Tab, 2, 2})),
                   ok
           end,
     ?match({atomic, ok}, mnesia:transaction(Fun)),
@@ -1133,17 +1138,17 @@ create_live_table_index(Config, Storage) ->
 	     end,
 
     ?match([{atomic,ok}|_], [Create(N) || N <- lists:seq(1,50)]),
-    
+
     ?match([], mnesia_test_lib:stop_mnesia([N2,N3])),
     ?match(ok, rpc:call(N2, mnesia, start, [[{extra_db_nodes,[N1]}]])),
     ?match(ok, rpc:call(N3, mnesia, start, [[{extra_db_nodes,[N1]}]])),
-    
+
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
-    
+
     ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]}, mnesia:transaction(IRead)),
-    ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]}, 
+    ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]},
 	   rpc:call(N2, mnesia, transaction, [IRead])),
-    
+
     ?verify_mnesia(Nodes, []).
 
 %% Drop table index
@@ -1210,49 +1215,49 @@ idx_schema_changes(Config, Storage) ->
 	    ram_copies ->
 		{disc_copies, disc_only_copies}
 	end,
-    
+
     Write = fun(N) ->
 		    mnesia:write({Tab, N, N+50})
-	    end,   
-    
+	    end,
+
     [mnesia:sync_transaction(Write, [N]) || N <- lists:seq(1, 10)],
     ?match([{Tab, 1, 51}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 51, Idx])),
     ?match([{Tab, 1, 51}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 51, Idx])),
 
     ?match({atomic, ok}, mnesia:change_table_copy_type(Tab, N1, Storage1)),
-    
+
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [17]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [18]])),
-    
+
     ?match([{Tab, 17, 67}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 67, Idx])),
     ?match([{Tab, 18, 68}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 68, Idx])),
-    
+
     ?match({atomic, ok}, mnesia:del_table_copy(Tab, N1)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [11]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [12]])),
-    
+
     ?match([{Tab, 11, 61}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 61, Idx])),
     ?match([{Tab, 12, 62}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 62, Idx])),
 
     ?match({atomic, ok}, mnesia:move_table_copy(Tab, N2, N1)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [19]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [20]])),
-    
+
     ?match([{Tab, 19, 69}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 69, Idx])),
-    ?match([{Tab, 20, 70}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 70, Idx])),   
-    
+    ?match([{Tab, 20, 70}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 70, Idx])),
+
     ?match({atomic, ok}, mnesia:add_table_copy(Tab, N2, Storage)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [13]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [14]])),
-    
+
     ?match([{Tab, 13, 63}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 63, Idx])),
     ?match([{Tab, 14, 64}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 64, Idx])),
-    
+
     ?match({atomic, ok}, mnesia:change_table_copy_type(Tab, N2, Storage2)),
-    
+
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [15]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [16]])),
-    
+
     ?match([{Tab, 15, 65}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 65, Idx])),
     ?match([{Tab, 16, 66}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 66, Idx])),
 
diff --git a/lib/mnesia/vsn.mk b/lib/mnesia/vsn.mk
index ebf79dd2ae..080548acac 100644
--- a/lib/mnesia/vsn.mk
+++ b/lib/mnesia/vsn.mk
@@ -1 +1 @@
-MNESIA_VSN = 4.5.1
+MNESIA_VSN = 4.6
diff --git a/lib/observer/doc/src/Makefile b/lib/observer/doc/src/Makefile
index f82a49abbe..cd9f9466ca 100644
--- a/lib/observer/doc/src/Makefile
+++ b/lib/observer/doc/src/Makefile
@@ -36,6 +36,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
 XML_APPLICATION_FILES = ref_man.xml
 XML_REF3_FILES = \
 	crashdump.xml \
+	observer.xml \
 	etop.xml \
 	ttb.xml
 XML_REF6_FILES = observer_app.xml
@@ -48,6 +49,7 @@ XML_PART_FILES = \
 XML_CHAPTER_FILES = \
 	crashdump_ug.xml \
 	etop_ug.xml \
+	observer_ug.xml \
 	ttb_ug.xml \
 	notes.xml \
 	notes_history.xml
diff --git a/lib/observer/doc/src/make.dep b/lib/observer/doc/src/make.dep
deleted file mode 100644
index 3c1b3df771..0000000000
--- a/lib/observer/doc/src/make.dep
+++ /dev/null
@@ -1,29 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex crashdump.tex crashdump_ug.tex etop.tex \
-		etop_ug.tex observer_app.tex part.tex ref_man.tex \
-		ttb.tex ttb_ug.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: etop_5.ps etop_lines.ps etop_main.ps etop_opt.ps
-
-book.dvi: et_modsprocs.ps et_processes.ps
-
diff --git a/lib/observer/doc/src/notes.xml b/lib/observer/doc/src/notes.xml
index baa1354268..a9554a08f4 100644
--- a/lib/observer/doc/src/notes.xml
+++ b/lib/observer/doc/src/notes.xml
@@ -31,6 +31,125 @@
   <p>This document describes the changes made to the Observer
     application.</p>
 
+<section><title>Observer 1.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    The following bugs in <c>ttb</c> have been corrected:</p>
+          <p>
+	    <list> <item><c>ttb:tracer/2</c> would earlier crash when
+	    trying to set up tracing for a diskless node to wrap
+	    files, i.e. when option
+	    <c>{file,{local,{wrap,Filename,Size,Count}}}</c> was
+	    used.</item> <item><c>ttb:stop([fetch])</c> would
+	    sometimes silently fail if multiple nodes with different
+	    current working directories were traced.</item>
+	    <item><c>ttb:stop([fetch])</c> would crash if the tracer
+	    was started with option
+	    <c>{file,{local,Filename}}</c></item> <item>A deadlock
+	    would sometimes occur due to an information printout from
+	    the <c>ttb_control</c> process when <c>ttb</c> was
+	    stopped.</item> </list></p>
+          <p>
+	    Own Id: OTP-9431</p>
+        </item>
+        <item>
+          <p>
+	    The file trace port to which the IP trace client relays
+	    all traces from diskless nodes was not flushed and closed
+	    properly on ttb:stop. This has been corrected.</p>
+          <p>
+	    Own Id: OTP-9665</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    A new GUI for Observer. Integrating pman, etop, appmon
+	    and tv into observer with tracing facilities.</p>
+          <p>
+	    Own Id: OTP-4779</p>
+        </item>
+        <item>
+          <p>
+	    The following new features are added to <c>ttb</c>:</p>
+          <p>
+	    <list> <item>A one-command trace setup is added,
+	    <c>ttb:start_trace/4</c>.</item> <item>The following new
+	    options are added to <c>ttb:tracer/2</c>: <list>
+	    <item><em><c>shell</c></em> - Show trace messages on the
+	    console in real time</item> <item><em><c>timer</c></em> -
+	    Time constrained tracing</item>
+	    <item><em><c>overload</c></em> - Overload
+	    protection</item> <item><em><c>flush</c></em> - Flush
+	    file trace port buffers with given frequency</item>
+	    <item><em><c>resume</c></em> - Automatically resume
+	    tracing after node restart</item> </list> </item> <item>
+	    A new shortcut is added for common tracer settings
+	    similar to using the <c>dbg</c> module directly,
+	    <c>ttb:tracer(shell | dbg)</c>. </item> <item> Some
+	    shortcuts are added for commonly used match
+	    specifications in <c>ttb:tp</c> and <c>ttb:tpl</c>.
+	    </item> <item> The <c>Options</c> argument to functions
+	    <c>ttb:tracer</c>, <c>ttb:write_config</c>,
+	    <c>ttb:stop</c> and <c>ttb:format</c> may now be one
+	    single option instead of a list. </item> <item> The
+	    history buffer of the last trace is now always
+	    automatically dumped to the file <c>ttb_last_config</c>
+	    when <c>ttb:stop</c> is called. </item> <item> The
+	    following new options are added to <c>ttb:stop/1</c>:
+	    <list> <item><em><c>fetch_dir</c></em> - Specify where to
+	    store fetched logs</item>
+	    <item><em><c>{format,FormatOpts}</c></em> - Specify
+	    options to use when formatting the fetched logs</item>
+	    <item><em><c>return_fetch_dir</c></em> - Indicate that
+	    the return value from <c>ttb:stop/1</c> should include
+	    the name of the directory where the fetched logs are
+	    stored</item> </list> </item> <item> The option
+	    <c>disable_sort</c> is added to <c>ttb:format/2</c>. When
+	    this option is used, trace messages from different logs
+	    are not merged according to timestamps, but just appended
+	    one log after the other. </item> </list></p>
+          <p>
+	    Own Id: OTP-9403</p>
+        </item>
+        <item>
+          <p>
+	    The following non backwards compatible changes are done
+	    in <c>ttb</c>:</p>
+          <p>
+	    <list> <item> When setting up trace with ttb, the
+	    'timestamp' trace flag will now always be set. </item>
+	    <item> The 'fetch' option to ttb:stop/1 is removed since
+	    it is now default behavior that trace logs are fetched
+	    when stopping ttb. Fetching can be disabled with the
+	    'nofetch' option to ttb:stop/1. </item> <item> The name
+	    of the upload directory is changed from
+	    ttb_upload-Timestamp to ttb_upload_FileName-Timestamp.
+	    </item> <item> To format the output using 'et', you now
+	    need to provide the option {handler,ttb:get_et_handler()}
+	    instead of {handler,et}. </item> <item> When formatting a
+	    trace log, the handler state was earlier reset after each
+	    trace file, this is now changed so the handler state is
+	    passed not only from one trace message to the next in the
+	    same file, but also from one file to the next. </item>
+	    </list></p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9430</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Observer 0.9.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/observer/doc/src/observer.xml b/lib/observer/doc/src/observer.xml
new file mode 100644
index 0000000000..03830f2b1c
--- /dev/null
+++ b/lib/observer/doc/src/observer.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE erlref SYSTEM "erlref.dtd">
+
+<erlref>
+  <header>
+    <copyright>
+      <year>2011</year>
+      <holder>Ericsson AB, All Rights Reserved</holder>
+    </copyright>
+    <legalnotice>
+  The contents of this file are subject to the Erlang Public License,
+  Version 1.1, (the "License"); you may not use this file except in
+  compliance with the License. You should have received a copy of the
+  Erlang Public License along with this software. If not, it can be
+  retrieved online at http://www.erlang.org/.
+
+  Software distributed under the License is distributed on an "AS IS"
+  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+  the License for the specific language governing rights and limitations
+  under the License.
+
+  The Initial Developer of the Original Code is Ericsson AB.
+    </legalnotice>
+
+    <title>Observer</title>
+    <prepared>Dan Gudmundsson</prepared>
+    <responsible></responsible>
+    <docno>1</docno>
+    <approved></approved>
+    <checked></checked>
+    <date>2011-12-08</date>
+    <rev>PA1</rev>
+    <file>observer.xml</file>
+  </header>
+  <module>observer</module>
+  <modulesummary>A GUI tool for observing an erlang system.</modulesummary>
+  <description>
+    <p>The observer is gui frontend containing various tools to
+    inspect a system.  It displays system information, application
+    structures, process information, ets or mnesia tables and a frontend
+    for tracing with <seealso marker="ttb">ttb</seealso>.
+    </p>
+
+    <p>See the <seealso marker="observer_ug">user's guide</seealso>
+    for more information about how to get started.</p>
+  </description>
+  <funcs>
+    <func>
+      <name>start() -> ok</name>
+      <fsummary>Start the observer gui</fsummary>
+      <desc>
+        <p>This function starts the <c>observer</c> gui.
+	Close the window to stop the application.
+	</p>
+      </desc>
+    </func>
+  </funcs>
+</erlref>
diff --git a/lib/observer/doc/src/observer_ug.xml b/lib/observer/doc/src/observer_ug.xml
new file mode 100644
index 0000000000..569d72e71e
--- /dev/null
+++ b/lib/observer/doc/src/observer_ug.xml
@@ -0,0 +1,190 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+
+    </legalnotice>
+
+    <title>Observer</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>observer_ug.xml</file>
+  </header>
+
+  <section>
+    <title>Introduction</title>
+    <p>Observer, is a graphical tool for observing the characteristics of
+    erlang systems.  Observer displays system information, application
+    supervisor trees, process information, ets or mnesia tables and contains
+    a frontend for erlang tracing.
+    </p>
+  </section>
+
+  <section>
+    <title>General</title>
+    <p>Normally observer should be run from a standalone node to minimize
+    the impact of the system being observed. Example:
+    </p>
+    <code>
+ > erl -sname observer -hidden -setcookie MyCookie -run observer
+    </code>
+    <p>
+      Choose which node to observe via <c>Nodes</c> menu. The <c>View/Refresh
+      Interval</c> controls how frequent the view should be updated.
+      The refresh interval is set per viewer so you can
+      have different settings for each viewer. To minimize the system
+      impact only the active viewer is updated and the other
+      views will be updated when activated.
+    </p>
+    <note>
+      <p>Only R15B nodes can be observed.</p>
+    </note>
+
+    <p> In general the mouse buttons behaves as expected, use left click
+    to select objects, right click to pop up a menu with most used
+    choices and double click to bring up information about the
+    selected object. In most viewers with several columns you can change
+    sort order by left clicking on column header.
+    </p>
+  </section>
+
+  <section>
+    <title>Applications</title>
+    <p>The <c>Applications</c> view lists application information.
+    Select an application in the left list to display its supervisor
+    tree.
+    </p>
+    <p><c>Trace process</c> will add the selected process identifier
+    to <c>Trace Overview</c> view and the node the process resides on
+    will be added as well.
+    </p>
+    <p><c>Trace named process</c> will add the
+    registered name of the process. This can be useful when tracing on
+    several nodes, then processes with that name will be traced on all traced
+    nodes.
+    </p>
+    <p><c>Trace process tree</c> and <c>Trace named process
+    tree</c> will add the selected process and all processes below,
+    right of, it to  the <c>Trace Overview</c> view.
+    </p>
+  </section>
+
+  <section>
+    <title>Processes</title>
+    <p>The <c>Processes</c> view lists process information.
+    For each process the following information is presented:
+    </p>
+    <taglist>
+      <tag>Pid</tag>
+      <item>The process identifier.</item>
+      <tag>Reds</tag>
+      <item>This is the number of reductions that has been executed
+       on the process</item>
+      <tag>Memory</tag>
+      <item>This is the size of the process in bytes, obtained by a
+       call to <c>process_info(Pid,memory)</c>.</item>
+      <tag>MsgQ</tag>
+      <item>This is the length of the message queue for the process.</item>
+    </taglist>
+    <note>
+      <p><em>Reds</em> can be presented as accumulated values or as values since last update.</p>
+    </note>
+    <p><c>Trace Processes</c> will add the selected process identifiers to the <c>Trace Overview</c> view and the
+    node the processes reside on will be added as well.
+    <c>Trace Named Processes</c> will add the registered name of processes. This can be useful
+    when tracing is done on several nodes, then processes with that name will be traced on all traced nodes.
+    </p>
+  </section>
+
+  <section>
+    <title>Table Viewer</title>
+    <p>The <c>Table Viewer</c> view lists tables. By default ets tables
+    are visible and unreadable, private ets, tables and tables created by the OTP
+    applications are not visible.  Use <c>View</c> menu to view "system"
+    ets tables, unreadable ets tables or mnesia tables.
+    </p>
+    <p>Double click to view the content of the table. Select table and activate <c>View/Table Information</c>
+    menu to view table information.
+    </p>
+    <p>In the table viewer you can regexp search for objects, edit and delete objects.
+    </p>
+  </section>
+
+  <section>
+    <title>Trace Overview</title>
+    <p>The <c>Trace Overview</c> view handles tracing. Tracing is done
+    by selecting which processes to be traced and how to trace
+    them. You can trace messages, function calls and events, where
+    events are process related events such as <c>spawn</c>,
+    <c>exit</c> and several others.
+    </p>
+
+    <p>When you want to trace function calls, you also need to setup
+    <c>trace patterns</c>.  Trace patterns selects the function calls
+    that will be traced. The number of traced function calls can be
+    further reduced with <c>match specifications</c>.  Match
+    specifications can also be used to trigger additional information
+    in the trace messages.
+    </p>
+    <note><p>Trace patterns only applies to the traced processes.</p></note>
+
+    <p>
+      Processes are added from the <c>Applications</c> or <c>Processes</c> views.
+      A special <c>new</c> identifier, meaning all processes spawned after trace start,
+      can be added with the <c>Add 'new' Process</c> button.
+    </p>
+    <p>
+      When adding processes, a window with trace options will pop up. The chosen options will
+      be set for the selected processes.
+      Process options can be changed by right clicking on a process.
+    </p>
+    <p>
+      Processes added by process identifiers will add the nodes these
+      processes resides on in the node list. Additional nodes can be added by the <c>Add
+      Nodes</c> button.
+    </p>
+    <p>
+      If function calls are traced, trace patterns must be added by <c>Add Trace Pattern</c> button.
+      Select a module, function(s) and a match specification.
+      If no functions are selected, all functions in the module will be traced.
+      A few basic match specifications are provided in the tool, and
+      you can provide your own match specifications. The syntax of match
+      specifications are described in the <seealso
+      marker="erts:match_spec">ERTS User's Guide</seealso>.  To simplify
+      the writing of a match specification they can also be written as
+      <c>fun/1</c> see <seealso marker="stdlib:ms_transform">ms_transform manual page</seealso> for
+      further information.
+    </p>
+
+    <p>Use the <c>Start trace</c> button to start the trace.
+    By default trace output is written to a new window, tracing is stopped when the
+    window is closed, or with <c>Stop Trace</c> button.
+    Trace output can be changed via <c>Options/Output</c> menu.
+    The trace settings, including match specifications, can be saved to, or loaded from, a file.
+    </p>
+    <p>More information about tracing can be found in <seealso
+    marker="runtime_tools:dbg">dbg</seealso> and in the chapter "Match
+    specifications in Erlang" in <seealso marker="erts:match_spec">ERTS User's
+    Guide</seealso> and the
+    <seealso marker="stdlib:ms_transform">ms_transform manual page</seealso>.
+    </p>
+  </section>
+</chapter>
diff --git a/lib/observer/doc/src/part.xml b/lib/observer/doc/src/part.xml
index bd6c2b6c77..0d6aad09f2 100644
--- a/lib/observer/doc/src/part.xml
+++ b/lib/observer/doc/src/part.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2002</year><year>2009</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -31,6 +31,7 @@
     <p>The <em>Observer</em> application contains tools for tracing
       and investigation of distributed systems.</p>
   </description>
+  <xi:include href="observer_ug.xml"/>
   <xi:include href="ttb_ug.xml"/>
   <xi:include href="etop_ug.xml"/>
   <xi:include href="crashdump_ug.xml"/>
diff --git a/lib/observer/doc/src/ref_man.xml b/lib/observer/doc/src/ref_man.xml
index 3d37570d2d..c33ce74141 100644
--- a/lib/observer/doc/src/ref_man.xml
+++ b/lib/observer/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2002</year><year>2009</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -34,6 +34,7 @@
     <br></br>
   </description>
   <xi:include href="observer_app.xml"/>
+  <xi:include href="observer.xml"/>
   <xi:include href="ttb.xml"/>
   <xi:include href="etop.xml"/>
   <xi:include href="crashdump.xml"/>
diff --git a/lib/observer/doc/src/ttb.xml b/lib/observer/doc/src/ttb.xml
index 2c80891925..4e63aecbf2 100644
--- a/lib/observer/doc/src/ttb.xml
+++ b/lib/observer/doc/src/ttb.xml
@@ -25,11 +25,12 @@
 
     <title>ttb</title>
     <prepared>Siri hansen</prepared>
+    <prepared>Bartlomiej Puzon</prepared>
     <responsible></responsible>
     <docno>1</docno>
     <approved></approved>
     <checked></checked>
-    <date>2002-02-25</date>
+    <date>2010-08-13</date>
     <rev>PA1</rev>
     <file>ttb.sgml</file>
   </header>
@@ -43,6 +44,35 @@
   </description>
   <funcs>
     <func>
+      <name>start_trace(Nodes, Patterns, FlagSpec, Opts) -> Result</name>
+      <fsummary>Start a trace port on each given node.</fsummary>
+      <type>
+        <v>Result = see p/2</v>
+        <v>Nodes = see tracer/2</v>
+        <v>Patterns = [tuple()]</v>
+        <v>FlagSpec = {Procs, Flags}</v>
+        <v>Proc = see p/2</v>
+        <v>Flags = see p/2</v>
+        <v>Opts = see tracer/2</v>
+      </type>
+      <desc>
+        <p>This function is a shortcut allowing to start a trace with one command. Each
+          tuple in <c>Patterns</c> is converted to list which is in turn passed to
+          <c>ttb:tpl</c>.
+          The call:<code type="none">
+ttb:start_trace([Node, OtherNode],
+[{mod, foo, []}, {mod, bar, 2}],
+{all, call},
+[{file, File}, {handler,{fun myhandler/4, S}}])</code>
+          is equivalent to <code type="none">
+ttb:start_trace([Node, OtherNode], [{file, File}, {handler,{fun myhandler/4, S}}]),
+ttb:tpl(mod, foo, []),
+ttb:tpl(mod, bar, 2, []),
+ttb:p(all, call)</code>
+        </p>
+      </desc>
+    </func>
+    <func>
       <name>tracer() -> Result</name>
       <fsummary>This is equivalent to tracer(node()).</fsummary>
       <desc>
@@ -50,6 +80,17 @@
       </desc>
     </func>
     <func>
+      <name>tracer(Shortcut) -> Result</name>
+      <fsummary>Handy shortcuts for common tracing settings</fsummary>
+      <type>
+        <v>Shortcut = shell | dbg</v>
+      </type>
+      <desc>
+        <p><c>shell</c> is equivalent to <c>tracer(node(),[{file, {local, "ttb"}}, shell])</c>.</p>
+        <p><c>dbg</c> is equivalent to <c>tracer(node(),[{shell, only}])</c>.</p>
+      </desc>
+    </func>
+    <func>
       <name>tracer(Nodes) -> Result</name>
       <fsummary>This is equivalent to tracer(Nodes,[]).</fsummary>
       <desc>
@@ -62,14 +103,21 @@
       <type>
         <v>Result = {ok, ActivatedNodes} | {error,Reason}</v>
         <v>Nodes   = atom() | [atom()] | all | existing | new</v>
-        <v>Opts = [Opt]</v>
-        <v>Opt = {file,Client} | {handler, FormatHandler} | {process_info,PI}</v>
+        <v>Opts = Opt | [Opt]</v>
+        <v>Opt = {file,Client} | {handler, FormatHandler} | {process_info,PI} |
+          shell | {shell, ShellSpec} | {timer, TimerSpec} | {overload, {MSec, Module, Function}}
+          | {flush, MSec} | resume | {resume, FetchTimeout}</v>
+        <v>TimerSpec = MSec | {MSec, StopOpts}</v>
+        <v>MSec = FetchTimeout = integer()</v>
+        <v>Module = Function = atom() </v>
+        <v>StopOpts = see stop/2</v>
         <v>Client = File | {local, File}</v>
         <v>File = Filename | Wrap</v>
         <v>Filename = string()</v>
         <v>Wrap = {wrap,Filename} | {wrap,Filename,Size,Count}</v>
         <v>FormatHandler = See format/2</v>
         <v>PI = true | false </v>
+        <v>ShellSpec = true | false | only</v>
       </type>
       <desc>
         <p>This function starts a file trace port on all given nodes
@@ -96,7 +144,70 @@
           is the process' registered name its globally registered name,
           or its initial function. It is possible to turn off this
           functionality by setting <c>PI = false</c>.
-          </p>
+        </p>
+        <p>The <c>{shell, ShellSpec}</c> option indicates that the trace messages should
+          be printed on the console as they are received by the tracing
+          process. This implies <c>{local, File}</c> trace client. If the ShellSpec
+          is <c>only</c> (instead of <c>true</c>), no trace logs are stored.
+        </p>
+        <p>The <c>shell</c> option is a shortcut for <c>{shell, true}</c>.</p>
+        <p>The <c>timer</c> option indicates that the trace should be
+          automatically stopped after <c>MSec</c> milliseconds. <c>StopOpts</c>
+          are passed to <c>ttb:stop/2</c> command if specified (default is <c>[]</c>).
+          Note that the timing is approximate, as delays related to
+          network communication are always present. The timer starts after
+          <c>ttb:p/2</c> is issued, so you can set up your trace patterns before.
+        </p>
+        <p>The <c>overload</c> option allows to enable overload
+          checking on the nodes under trace. <c>Module:Function(check)</c>
+          is performed each <c>MSec</c> milliseconds. If the check returns
+          <c>true</c>, the tracing is disabled on a given node.<br/>
+          <c>Module:Function</c> should be able to handle at least three
+          atoms: <c>init</c>, <c>check</c> and <c>stop</c>. <c>init</c> and
+          <c>stop</c> give the user a possibility to initialize and clean
+          up the check environment.<br/>
+          When a node gets overloaded, it is not possible to issue <c>ttb:p</c>
+          nor any command from the <c>ttb:tp</c> family, as it would lead to
+          inconsistent tracing state (different trace specifications on
+          different node).
+        </p>
+        <p>The <c>flush</c> option periodically flushes all file trace
+          port clients (see <c>dbg:flush_trace_port/1</c>). When enabled,
+          the buffers are freed each <c>MSec</c> milliseconds. This option is
+          not allowed with <c>{file, {local, File}}</c> tracing.
+        </p>
+        <p><c>{resume, FetchTimeout}</c> enables the autoresume feature.
+          Whenever enabled, remote nodes try to reconnect to the controlling node
+          in case they were restarted. The feature requires <c>runtime_tools</c>
+          application to be started (so it has to be present in the <c>.boot</c>
+          scripts if the traced nodes run with embedded erlang). If this is
+          not possible, resume may be performed manually by starting
+          <c>runtime_tools</c> remotely using <c>rpc:call/4</c>.<br/>
+          <c>ttb</c> tries to fetch all logs from a reconnecting node before
+          reinitializing the trace. This has to finish within FetchTimeout milliseconds
+          or is aborted<br/>
+          By default, autostart information is stored in a file called
+          <c>ttb_autostart.bin</c> on each node. If this is not desired
+          (i.e. on diskless nodes), a custom module to handle autostart
+          information storage and retrieval can be provided by specifying
+          <c>ttb_autostart_module</c> environment variable for the <c>runtime_tools</c>
+          application. The module has to respond to the following API:
+          <taglist>
+            <tag><c>write_config(Data) -> ok</c></tag>
+            <item>Store the provided data for further retrieval. It is
+              important to realize that the data storage used must not
+              be affected by the node crash.</item>
+            <tag><c>read_config() -> {ok, Data} | {error, Error}</c></tag>
+            <item>Retrieve configuration stored with <c>write_config(Data)</c>.</item>
+            <tag><c>delete_config() -> ok</c></tag>
+            <item>Delete configuration stored with <c>write_config(Data)</c>.
+              Note that after this call any subsequent calls to <c>read_config</c>
+              must return <c>{error, Error}</c>.
+            </item>
+          </taglist>
+        </p>
+        <p>The <c>resume</c> option implies the default <c>FetchTimeout</c>, which is
+          10 seconds</p>
       </desc>
     </func>
     <func>
@@ -110,7 +221,7 @@
       </type>
       <desc>
         <p>This function sets the given trace flags on the given
-          processes.
+          processes. The <c>timestamp</c> flag is always turned on.
           </p>
         <p>Please turn to the Reference manual for module <c>dbg</c>
           for details about the possible trace flags. The parameter
@@ -119,6 +230,9 @@
           registered names or process identifiers. If a registered name
           is given, the flags are set on processes with this name on all
           active nodes.</p>
+        <p>Issuing this command starts the timer for this trace if
+          <c>timer</c> option was specified with <c>tracer/2</c>.
+        </p>
       </desc>
     </func>
     <func>
@@ -155,6 +269,18 @@
           <tag><c>ctpg</c></tag>
           <item>Clear trace pattern on global function calls</item>
         </taglist>
+        <p>With <c>tp</c> and <c>tpl</c> one of match specification shortcuts
+          may be used (example: <c>ttb:tp(foo_module, caller)</c>). The shortcuts are:
+          <taglist>
+            <item><c>return</c> - for <c>[{'_',[],[{return_trace}]}]</c>
+              (report the return value)</item>
+            <item><c>caller</c> - for <c>[{'_',[],[{message,{caller}}]}]</c>
+              (report the calling function)</item>
+            <item><c>{codestr, Str}</c> - for <c>dbg:fun2ms/1</c> arguments
+              passed as strings (example: <c>"fun(_) -> return_trace() end"</c>)
+            </item>
+          </taglist>
+        </p>
       </desc>
     </func>
     <func>
@@ -189,7 +315,7 @@
       </desc>
     </func>
     <func>
-      <name>write_config(ConfigFile,Config,Opt) -> ok | {error,Reason}</name>
+      <name>write_config(ConfigFile,Config,Opts) -> ok | {error,Reason}</name>
       <fsummary>Creates a config file.</fsummary>
       <type>
         <v>ConfigFile = string()</v>
@@ -197,7 +323,8 @@
         <v>Mod = atom()</v>
         <v>Func = atom()</v>
         <v>Args = [term()]</v>
-        <v>Opt = [] | [append]</v>
+        <v>Opts = Opt | [Opt]</v>
+        <v>Opt = append</v>
       </type>
       <desc>
         <p>This function creates or extends a config file which can be
@@ -213,9 +340,9 @@
           should be a list of integers pointing out the entries to be
           stored.
           </p>
-        <p>If <c>Opt</c> is not given or if it is <c>[]</c>,
+        <p>If <c>Opts</c> is not given or if it is <c>[]</c>,
           <c>ConfigFile</c> is deleted and a new file is created. If
-          <c>Opt = [append]</c>, <c>ConfigFile</c> will not be deleted.
+          <c>Opts = [append]</c>, <c>ConfigFile</c> will not be deleted.
           The new information will be appended at the end of the file.</p>
       </desc>
     </func>
@@ -226,7 +353,9 @@
         <v>ConfigFile = string()</v>
       </type>
       <desc>
-        <p>Executes all entries in the given config file.</p>
+        <p>Executes all entries in the given config file. Note that the history
+          of the last trace is always available in the file named
+          <c>ttb_last_config</c>.</p>
       </desc>
     </func>
     <func>
@@ -243,6 +372,9 @@
           </p>
         <p>The content of a config file can be listed with
           <c>list_config/1</c>.</p>
+        <p> Note that the history
+          of the last trace is always available in the file named
+          <c>ttb_last_config</c>.</p>
       </desc>
     </func>
     <func>
@@ -334,29 +466,51 @@
       </desc>
     </func>
     <func>
-      <name>stop(Opts) -> stopped</name>
+      <name>stop(Opts) -> stopped | {stopped, Dir}</name>
       <fsummary>Stop tracing and fetch/format logs from all nodes</fsummary>
       <type>
-        <v>Opts = [Opt]</v>
-        <v>Opt = fetch | format</v>
+        <v>Opts = Opt | [Opt]</v>
+        <v>Opt = nofetch | {fetch_dir, Dir} | format | {format, FormatOpts} | return_fetch_dir</v>
+        <v>Dir = string()</v>
+        <v>FormatOpts = see format/2</v>
       </type>
       <desc>
-        <p>Stops tracing on all nodes.
-          </p>
-        <p>The <c>fetch</c> option indicates that trace logs shall be
-          collected from all nodes after tracing is stopped. This option
-          is useful if nodes on remote machines are traced. Logs and
-          trace information files are then sent to the trace control
+        <p>Stops tracing on all nodes. Logs and
+          trace information files are sent to the trace control
           node and stored in a directory named
-          <c>ttb_upload-Timestamp</c>, where <c>Timestamp</c> is on the
+          <c>ttb_upload_FileName-Timestamp</c>, where <c>Filename</c> is
+          the one provided with <c>{file, File}</c> during trace setup
+          and <c>Timestamp</c> is of the
           form <c>yyyymmdd-hhmmss</c>. Even logs from nodes on the same
           machine as the trace control node are moved to this directory.
-          </p>
+          The history list is saved to a file named <c>ttb_last_config</c>
+          for further reference (as it will be not longer accessible
+          through history and configuration management functions (like
+          <c>ttb:list_history/0</c>).
+        </p>
+        <p>The <c>nofetch</c> option indicates that trace logs shall not be
+          collected after tracing is stopped.
+        </p>
+        <p>The <c>{fetch, Dir}</c> option allows to specify the directory
+          to fetch the data to. If the directory already exists, an
+          error is thrown.
+        </p>
         <p>The <c>format</c> option indicates that the trace logs
-          shall be formatted after tracing is stopped. Note that this
-          option also implies the <c>fetch</c> option, i.e. logs are
-          collected in a new directory on the trace control node before
-          formatting. All logs in the directory will be merged.</p>
+          shall be formatted after tracing is stopped. All logs in the fetch directory will be merged.
+          You may use <c>{format, FormatOpts}</c> to pass additional
+          arguments to <c>format/2</c>.</p>
+        <p>The <c>return_fetch_dir</c> option indicates that the return value
+          should be <c>{stopped, Dir}</c> and not just <c>stopped</c>.
+          This implies <c>fetch</c>.
+        </p>
+      </desc>
+    </func>
+    <func>
+      <name>get_et_handler()</name>
+      <fsummary>Returns <c>et</c> handler.</fsummary>
+      <desc>
+        <p>The <c>et</c> handler returned by the function may be used with <c>format/2</c>
+          or <c>tracer/2</c>. Example: <c>ttb:format(Dir, [{handler, ttb:get_et_handler()}])</c>.</p>
       </desc>
     </func>
     <func>
@@ -372,37 +526,40 @@
       <type>
         <v>File = string() | [string()]</v>
         <d>This can be the name of a binary log, a list of such logs or the name of a directory containing one or more binary logs.</d>
-        <v>Options = [Opt]</v>
-        <v>Opt = {out,Out} | {handler,FormatHandler}</v>
+        <v>Options = Opt | [Opt]</v>
+        <v>Opt = {out,Out} | {handler,FormatHandler} | disable_sort</v>
         <v>Out = standard_io | string()</v>
-        <v>FormatHandler = {Function, InitialState} | et</v>
+        <v>FormatHandler = {Function, InitialState}</v>
         <v>Function = fun(Fd,Trace,TraceInfo,State) -> State</v>
         <v>Fd = standard_io | FileDescriptor</v>
         <d>This is the file descriptor of the destination file <c>Out</c></d>
         <v>Trace = tuple()</v>
         <d>This is the trace message. Please turn to the Reference manual for the <c>erlang</c>module for details.</d>
         <v>TraceInfo = [{Key,ValueList}]</v>
-        <d>This includes the keys <c>flags</c>, <c>client</c>and <c>node</c>,  and if <c>handler</c>is given as option to the tracer function,  this is also included. In addition all information written with the <c>write_trace_info/2</c>function is included. </d>
+        <d>This includes the keys <c>flags</c>, <c>client</c> and <c>node</c>,  and if <c>handler</c> is given as option to the tracer function,  this is also included. In addition all information written with the <c>write_trace_info/2</c>function is included. </d>
       </type>
       <desc>
-        <p>Reads the given binary trace log(s). If a directory or a
-          list of logs is given and the <c>timestamp</c> flag was set
-          during tracing, the trace messages from the different logs are
-          merged according to the timestamps.
-          </p>
+        <p>Reads the given binary trace log(s). The logs are processed
+          in the order of their timestamp as long as <c>disable_sort</c>
+          option is not given.
+        </p>
         <p>If <c>FormatHandler = {Function,InitialState}</c>,
           <c>Function</c> will be called for each trace message. If
-          <c>FormatHandler = et</c>, <c>et_viewer</c> in the <em>Event Tracer</em> application (<c>et</c>) is used for presenting the
-          trace log graphically. <c>ttb</c> provides a few different
+          <c>FormatHandler = get_et_handler()</c>, <c>et_viewer</c> in
+          the <em>Event Tracer</em> application (<c>et</c>) is used for presenting
+          the trace log graphically. <c>ttb</c> provides a few different
           filters which can be selected from the Filter menu in the
           <c>et_viewer</c>. If <c>FormatHandler</c> is not given, a
           default handler is used which presents each trace message as a
           line of text.
           </p>
+        <p>The state returned from each call of <c>Function</c> is passed to the next call,
+          even if next call is to format a message from another log file.
+          </p>
         <p>If <c>Out</c> is given, <c>FormatHandler</c> gets the
-          filedescriptor to <c>Out</c> as the first parameter.
+          file descriptor to <c>Out</c> as the first parameter.
           </p>
-        <p><c>Out</c> is ignored if <c>FormatHandler = et</c>.
+        <p><c>Out</c> is ignored if <c>et</c> format handler is used.
           </p>
         <p>Wrap logs can be formatted one by one or all in one go. To
           format one of the wrap logs in a set, give the exact name of
diff --git a/lib/observer/doc/src/ttb_ug.xml b/lib/observer/doc/src/ttb_ug.xml
index 44b7b08fd3..08093a9451 100644
--- a/lib/observer/doc/src/ttb_ug.xml
+++ b/lib/observer/doc/src/ttb_ug.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2002</year><year>2009</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -48,11 +48,13 @@
       <item>Formatting of binary trace logs and merging of logs from
        multiple nodes.</item>
     </list>
-    <p>Even though the intention of the Trace Tool Builder is to serve
-      as a base for tailor made trace tools, it is of course possible
-      to use it directly from the erlang shell. The application only
-      allows the use of file port tracer, so if you would like would
-      like to use other types of trace clients you will be better off
+    <p>The intention of the Trace Tool Builder is to serve
+      as a base for tailor made trace tools, but you may use it directly
+      from the erlang shell (it may mimic <c>dbg</c> behaviour while
+      still providing useful additions like match specification shortcuts).
+      The application only
+      allows the use of file port tracer, so if you would like
+      to use other types of trace clients you will be better off
       using <c>dbg</c> directly instead.</p>
   </section>
 
@@ -64,14 +66,15 @@
       trace flags on the processes you want to trace with
       <c>ttb:p/2</c>. Then, when the tracing is completed, you must stop
       the tracer with <c>ttb:stop/0/1</c> and format the trace log with
-      <c>ttb:format/1/2</c>.
+      <c>ttb:format/1/2</c> (as long as there is anything to format, of
+      course).
       </p>
-    <p><c>ttb:tracer/0/1/2</c> opens a file trace port on each node
-      that shall be traced. All trace messages will be written to this
-      port and end up in a binary file (the binary trace log).
+    <p><c>ttb:tracer/0/1/2</c> opens a trace port on each node
+      that shall be traced. By default, trace messages are written
+      to binary files on remote nodes(the binary trace log).
       </p>
-    <p><c>ttb:p/2</c> specifies which processes that shall be
-      traced. Trace flags given in this call specifies what to trace on
+    <p><c>ttb:p/2</c> specifies which processes shall be
+      traced. Trace flags given in this call specify what to trace on
       each process. You can call this function several times if you like
       different trace flags to be set on different processes.
       </p>
@@ -105,14 +108,15 @@
 -export([f/0]).
 f() ->
    receive 
-      From when pid(From) -> 
+      From when is_pid(From) ->
          Now = erlang:now(),
          From ! {self(),Now}
    end.      </code>
       <p>The following example shows the basic use of <c>ttb</c> from
         the erlang shell. Default options are used both for starting the
-        tracer and for formatting. This gives a trace log named
-        <c>Node-ttb</c>, where <c>Node</c> is the name of the node.  The
+        tracer and for formatting (the custom fetch dir is however provided).
+        This gives a trace log named <c>Node-ttb</c> in the newly-created
+        directory, where <c>Node</c> is the name of the node.  The
         default handler prints the formatted trace messages in the
         shell.</p>
       <code type="none"><![CDATA[
@@ -131,11 +135,11 @@ f() ->
 (tiger@durin)50> 
 (tiger@durin)50> %% Here I set a trace pattern on erlang:now/0
 (tiger@durin)50> %% The trace pattern is a simple match spec
-(tiger@durin)50> %% generated by dbg:fun2ms/1. It indicates that 
-(tiger@durin)50> %% the return value shall be traced.
-(tiger@durin)50> MS = dbg:fun2ms(fun(_) -> return_trace() end).
-[{'_',[],[{return_trace}]}]
-(tiger@durin)51> ttb:tp(erlang,now,MS).
+(tiger@durin)50> %% indicating that the return value should be
+(tiger@durin)50> %% traced. Refer to the reference_manual for
+(tiger@durin)50> %% the full list of match spec shortcuts
+(tiger@durin)50> %% available.
+(tiger@durin)51> ttb:tp(erlang,now,return).
 {ok,[{matched,tiger@durin,1},{saved,1}]}
 (tiger@durin)52> 
 (tiger@durin)52> %% I run my test (i.e. send a message to
@@ -145,11 +149,11 @@ f() ->
 (tiger@durin)53> 
 (tiger@durin)53> %% And then I have to stop ttb in order to flush
 (tiger@durin)53> %% the trace port buffer
-(tiger@durin)53> ttb:stop().
-stopped
+(tiger@durin)53> ttb:stop([return, {fetch_dir, "fetch"}]).
+{stopped, "fetch"}
 (tiger@durin)54> 
 (tiger@durin)54> %% Finally I format my trace log
-(tiger@durin)54> ttb:format("tiger@durin-ttb").
+(tiger@durin)54> ttb:format("fetch").
 ({<0.125.0>,{m,f,0},tiger@durin}) call erlang:now()
 ({<0.125.0>,{m,f,0},tiger@durin}) returned from erlang:now/0 ->
 {1031,133451,667611}
@@ -166,11 +170,9 @@ ok      ]]></code>
 -module(mydebug).
 -export([start/0,trc/1,stop/0,format/1]).
 -export([print/4]).
-
 %% Include ms_transform.hrl so that I can use dbg:fun2ms/2 to
 %% generate match specifications.
 -include_lib("stdlib/include/ms_transform.hrl").
-
 %%% -------------Tool API-------------
 %%% ----------------------------------
 %%% Star the "mydebug" tool
@@ -180,28 +182,28 @@ start() ->
     %% module shall be used as format handler
     ttb:tracer(all,[{file,"debug_log"},{handler,{{?MODULE,print},0}}]),
     %% All processes (existing and new) shall trace function calls
-    %% and include a timestamp in each trace message
-    ttb:p(all,[call,timestamp]).
+    %% We want trace messages to be sorted upon format, which requires
+    %% timestamp flag. The flag is however enabled by default in ttb.
+    ttb:p(all,call).
 
 %%% Set trace pattern on function(s)
-trc(M) when atom(M) ->
+trc(M) when is_atom(M) ->
     trc({M,'_','_'});
-trc({M,F}) when atom(M), atom(F) ->
+trc({M,F}) when is_atom(M), is_atom(F) ->
     trc({M,F,'_'});
-trc({M,F,_A}=MFA) when atom(M), atom(F) ->
-    %% This match spec specifies that return values shall 
-    %% be traced. NOTE that ms_transform.hrl must be included
-    %% if dbg:fun2ms/1 shall be used!
+trc({M,F,_A}=MFA) when is_atom(M), is_atom(F) ->
+    %% This match spec shortcut specifies that return values shall
+    %% be traced.
     MatchSpec = dbg:fun2ms(fun(_) -> return_trace() end),
     ttb:tpl(MFA,MatchSpec).
 
 %%% Format a binary trace log
-format(File) ->
-    ttb:format(File).
+format(Dir) ->
+    ttb:format(Dir).
 
 %%% Stop the "mydebug" tool
 stop() ->
-    ttb:stop().
+    ttb:stop(return).
 
 %%% --------Internal functions--------
 %%% ----------------------------------
@@ -226,9 +228,9 @@ do_print(Out,{trace_ts,P,return_from,{M,F,A},R,Ts},N) ->
               [N,Ts,P,M,F,A,R]).      ]]></code>
       <p>To distinguish trace logs produced with this tool from other
         logs, the <c>file</c> option is used in <c>tracer/2</c>. The
-        logs will therefore be named <c>Node-debug_log</c>, where
-        <c>Node</c> is the name of the node where the log is produced.
-        </p>
+        logs will therefore be fetched to a directory named
+        <c>ttb_upload_debug_log-YYYYMMDD-HHMMSS</c>
+      </p>
       <p>By using the <c>handler</c> option when starting the tracer,
         the information about how to format the file is stored in the
         trace information file (<c>.ti</c>). This is not necessary, as
@@ -278,13 +280,157 @@ do_print(Out,{trace_ts,P,return_from,{M,F,A},R,Ts},N) ->
         must be given to the <c>tracer/2</c> function with the value
         <c>{local, File}</c>, e.g.</p>
       <code type="none">
-(trace_control@durin)1> ttb:tracer(mynode@diskless,[{file,{local,
-{wrap,"mytrace"}}}]).
+(trace_control@durin)1> ttb:tracer(mynode@diskless,{file,{local,
+{wrap,"mytrace"}}}).
 {ok,[mynode@diskless]}      </code>
     </section>
   </section>
 
   <section>
+    <title>Additional tracing options</title>
+    <p>When setting up a trace, several features may be turned on:</p>
+      <list type="bulleted">
+        <item>time-constrained tracing,</item>
+        <item>overload protection,</item>
+        <item>autoresuming.</item>
+      </list>
+      <section>
+        <title>Time-constrained tracing</title>
+        <p>Sometimes, it may be helpful to enable trace for a
+          given period of time (i.e. to monitor a system for 24 hours
+          or half of a second). This may be done by issuing additional
+          <c>{timer, TimerSpec}</c> option. If <c>TimerSpec</c> has the
+          form of <c>MSec</c>, the trace is stopped after <c>MSec</c>
+          milliseconds using <c>ttb:stop/0</c>. If any additional options
+          are provided (<c>TimerSpec = {MSec, Opts}</c>), <c>ttb:stop/1</c>
+          is called instead with <c>Opts</c> as the arguments. The timer
+          is started with <c>ttb:p/2</c>, so any trace patterns should
+          be set up before. <c>ttb:start_trace/4</c>
+          always sets up all pattern before invoking <c>ttb:p/2</c>.
+          Note that due to network and processing delays the the period
+          of tracing is approximate.
+          The example below shows how to set up a trace which will be
+          automatically stopped and formatted after 5 seconds
+        </p><code>
+(tiger@durin)1>ttb:start_trace([node()],
+                               [{erlang, now,[]}],
+                               {all, call},
+                               [{timer, {5000, format}}]).
+</code>
+        </section>
+        <section>
+          <label>Overload protection</label>
+          <p>When tracing live systems, special care needs to be always taken
+            not to overload a node with too heavy tracing. <c>ttb</c> provides
+            the <c>overload</c> option to help to address the problem.</p>
+          <p><c>{overload, MSec, Module, Function}</c> instructs the ttb backend
+            (called <c>observer_backend</c>, part of the <c>runtime_tools</c>
+            application) to perform overload check every <c>MSec</c> milliseconds.
+            If the check (namely <c>Module:Function(check)</c>) returns
+            <c>true</c>, tracing is disabled on the selected node.</p>
+          <p>Overload protection activated on one node does not
+            affect other nodes, where the tracing continues as normal.
+            <c>ttb:stop/0/1</c> fetches data from all clients, including everything
+            that has been collected before overload protection was activated.
+            Note that
+            changing trace details (with <c>ttb:p</c> and <c>ttb:tp/tpl...</c>)
+            once overload protection gets activated in one of the traced
+            nodes is not permitted in order not to allow trace setup
+            to be inconsistent between nodes.
+          </p>
+          <p><c>Module:Function</c> provided with the <c>overload</c> option must
+            handle three calls: <c>init</c>, <c>check</c> and <c>stop</c>. <c>init</c>
+            and <c>stop</c> allows to perform some setup and teardown required by
+            the check. An overload check module could look like this (note that
+            <c>check</c> is always called by the same process, so <c>put</c> and
+            <c>get</c> are possible).
+          </p><code>
+-module(overload).
+-export([check/1]).
+
+check(init) ->
+    Pid = sophisticated_module:start(),
+    put(pid, Pid);
+check(check) ->
+    get(pid) ! is_overloaded,
+    receive
+        Reply ->
+            Reply
+    after 5000 ->
+            true
+    end;
+check(stop) ->
+    get(pid) ! stop.</code>
+        </section>
+        <section>
+          <title>Autoresume</title>
+          <p>It is possible that a node (probably a buggy one, hence traced)
+            crashes. In order to automatically resume tracing on the node
+            as soon as it gets back, <c>resume</c> has to be used. When
+            it is, the failing node tries to reconnect
+            to trace control node as soon as <c>runtime tools</c> is started.
+            This implies that <c>runtime_tools</c> must be included in
+            other node's startup chain (if it is not, one could still
+            resume tracing by starting <c>runtime_tools</c> manually,
+            i.e. by an RPC call).</p>
+          <p>In order not to loose the data that the failing node stored
+            up to the point of crash, the control node will try to fetch
+            it before restarting trace. This must happen within the allowed
+            time frame or is aborted (default is 10 seconds, can be customized with
+            <c>{resume, MSec}</c>). The data fetched this way is then
+            merged with all other traces.</p>
+          <p>Autostart feature requires additional data to be stored on
+            traced nodes. By default, the data is stored automatically
+            to the file called "ttb_autostart.bin" in the traced node's cwd.
+            Users may decide to change this behaviour (i.e. on diskless
+            nodes) by specifying their own module to handle autostart data
+            storage and retrieval (<c>ttb_autostart_module</c>
+            environment variable of <c>runtime_tools</c>). Please see the
+            ttb's reference manual to see the module's API. This example
+            shows the default handler</p>
+          <code>
+-module(ttb_autostart).
+-export([read_config/0,
+         write_config/1,
+         delete_config/0]).
+
+-define(AUTOSTART_FILENAME, "ttb_autostart.bin").
+
+delete_config() ->
+    file:delete(?AUTOSTART_FILENAME).
+
+read_config() ->
+    case file:read_file(?AUTOSTART_FILENAME) of
+        {ok, Data} -> {ok, binary_to_term(Data)};
+        Error      -> Error
+    end.
+
+write_config(Data) ->
+    file:write_file(?AUTOSTART_FILENAME, term_to_binary(Data)).
+          </code>
+          <p>Remember that file trace ports buffer the data
+            by default. If the node crashes, trace messages are not
+            flushed to the binary log. If the chance of failure is
+            high, it might be a good idea to automatically flush
+            the buffers every now and then. Passing <c>{flush, MSec}</c>
+            as one of <c>ttb:tracer/2</c> option flushes all buffers
+            every <c>MSec</c> milliseconds.</p>
+        </section>
+        <section>
+          <title>dbg mode</title>
+          <p>The <c>{shell, ShellType}</c> option allows to make <c>ttb</c>
+            operation similar to <c>dbg</c>. Using <c>{shell, true}</c>
+            displays all trace messages in the shell before storing them.
+            <c>{shell, only}</c> additionally disables message storage
+            (so that the tool behaves exactly like dbg). This is allowed
+            only with ip trace ports (<c>{trace, {local, File}}</c>).
+          </p>
+          <p>The command <c>ttb:tracer(dbg)</c> is a shortcut for the pure-dbg
+            mode (<c>{shell, only}</c>).</p>
+        </section>
+  </section>
+
+  <section>
     <marker id="trace_info"></marker>
     <title>Trace Information and the .ti File</title>
     <p>In addition to the trace log file(s), a file with the extension
@@ -292,13 +438,9 @@ do_print(Out,{trace_ts,P,return_from,{M,F,A},R,Ts},N) ->
       is the trace information file. It is a binary file, and it
       contains the process information, trace flags used, the name of
       the node to which it belongs and all information written with the
-      <c>write_trace_info/2</c> function.
-      </p>
-    <p>To be able to use all this information during formatting, it is
-      important that the trace information file exists in the same
-      directory as the trace log, and that it has the same name as the
-      trace log with the additional extension <c>.ti</c>.
-      </p>
+      <c>write_trace_info/2</c> function. .ti files are always fetched
+      with other logs when the trace is stopped.
+    </p>
     <p>Except for the process information, everything in the trace
       information file is passed on to the handler function when
       formatting. The <c>TI</c> parameter is a list of
@@ -327,7 +469,12 @@ do_print(Out,{trace_ts,P,return_from,{M,F,A},R,Ts},N) ->
       each log. <c>ttb</c> will create a new binary log each time a log
       reaches the maximum size. When the the maximum number of logs are
       reached, the oldest log is deleted before a new one is created.
-      </p>
+    </p>
+    <p>Note that the overall size of data generated by ttb may be greater
+      than the wrap specification would suggest - if a traced node restarts
+      and autoresume is enabled, old wrap log is always stored and
+      a new one is created.
+    </p>
     <p>Wrap logs can be formatted one by one or all at once. See
       <seealso marker="#format">Formatting</seealso>.
       </p>
@@ -348,12 +495,10 @@ do_print(Out,{trace_ts,P,return_from,{M,F,A},R,Ts},N) ->
       present the trace log graphically (see <seealso marker="#et_viewer">Presenting trace logs with Event Tracer</seealso>).
       </p>
     <p>The first argument to <c>ttb:format/1/2</c> specifies which
-      binary log(s) to format. This can be the name of one binary log, a
-      list of such logs or the name of a directory containing one or
-      more binary logs. If this argument indicates more than one log,
-      and the <c>timestamp</c> flag was set when tracing, the trace
-      messages from the different logs will be merged according to the
-      timestamps in each message.
+      binary log(s) to format. This is usually the name of a directory
+      that ttb created during log fetch. Unless there is the <c>disable_sort</c>
+      option provided, the logs from different files are always sorted
+      according to timestamp in traces.
       </p>
     <p>The second argument to <c>ttb:format/2</c> is a list of
       options. The <c>out</c> option specifies the destination where the
@@ -363,7 +508,10 @@ do_print(Out,{trace_ts,P,return_from,{M,F,A},R,Ts},N) ->
       option is not given, the <c>handler</c> option given when starting
       the tracer is used. If the <c>handler</c> option was not given
       when starting the tracer either, a default handler is used, which
-      prints each trace message as a line of text.
+      prints each trace message as a line of text. The <c>disable_sort</c>
+      option indicates that there logs should not be merged according to
+      timestamp, but processed one file after another (this might be
+      a bit faster).
       </p>
     <p>A format handler is a fun taking four arguments. This fun will
       be called for each trace message in the binary log(s). A simple
@@ -396,10 +544,24 @@ end    </code>
       <c>handle_gc/4</c> in the module <c>multitrace.erl</c> which can
       be found in the <c>src</c> directory of the Observer application.
       </p>
-    <p>By giving the format handler <c>et</c>, you can have the trace
+    <p>The actual trace message is passed as the second argument (<c>Trace</c>).
+      The possible values of <c>Trace</c> are:</p>
+      <list type="bulleted">
+        <item>all trace messages described in <c>erlang:trace/3</c> documentation,
+        </item>
+        <item><c>{drop, N}</c> if ip tracer is used (see <c>dbg:trace_port/2</c>),
+        </item>
+        <item><c>end_of_trace</c> received once when all trace messages have
+          been processed.</item>
+      </list>
+    <p>By giving the format handler <c>ttb:get_et_handler()</c>, you can have the trace
       log presented graphically with <c>et_viewer</c> in the Event
       Tracer application (see <seealso marker="#et_viewer">Presenting trace logs with Event Tracer</seealso>).
-      </p>
+    </p>
+    <p>You may always decide not to format the whole trace data contained
+      in the fetch directory, but analyze single files instead. In order
+      to do so, a single file (or list of files) have to be passed as
+      the first argument to <c>format/1/2</c>.</p>
     <p>Wrap logs can be formatted one by one or all in one go. To
       format one of the wrap logs in a set, give the exact name of the
       file. To format the whole set of wrap logs, give the name with '*'
@@ -407,7 +569,7 @@ end    </code>
       </p>
     <p>Start tracing:</p>
     <code type="none">
-(tiger@durin)1> ttb:tracer(node(),[{file,{wrap,"trace"}}]).
+(tiger@durin)1> ttb:tracer(node(),{file,{wrap,"trace"}}).
 {ok,[tiger@durin]}
 (tiger@durin)2> ttb:p(...)
 ...    </code>
@@ -443,7 +605,7 @@ ok
         to the User's Guide and Reference Manuals for the <c>et</c>
         application.
         </p>
-      <p>By giving the format handler <c>et</c>, you can have the
+      <p>By giving the format handler <c>ttb:get_et_handler()</c>, you can have the
         trace log presented graphically with <c>et_viewer</c> in the
         Event Tracer application. <c>ttb</c> provides a few different
         filters which can be selected from the Filter menu in the
@@ -495,9 +657,23 @@ ok
         filters respectively, except that each module or function can
         have several vertical lines, one for each process it resides on.
         </p>
-      <p>As an example this module is used, and the function
-        <c>bar:f1()</c> is called from another module <c>foo</c>.</p>
+      <p>In the next example, modules <c>foo</c> and <c>bar</c> are used:</p>
       <code type="none">
+-module(foo).
+-export([start/0,go/0]).
+
+start() ->
+    spawn(?MODULE, go, []).
+
+go() ->
+    receive
+        stop ->
+            ok;
+        go ->
+            bar:f1(),
+            go()
+    end.
+</code><code type="none">
 -module(bar).
 -export([f1/0,f3/0]).
 f1() ->
@@ -506,12 +682,23 @@ f1() ->
 f2() ->
     spawn(?MODULE,f3,[]).
 f3() ->
-    ok.      </code>
-      <p>The <c>call</c> and <c>return_to</c> flags are used, and
-        trace pattern is set on local calls in module <c>bar</c>.
-        </p>
-      <p><c>ttb:format("tiger@durin-ttb", [{handler, et}])</c> gives the
-        following result:
+    ok.</code>
+
+      <p>Now let's set up the trace.</p>
+<code>
+(tiger@durin)1>%%First we retrieve the Pid to limit traced processes set
+(tiger@durin)1>Pid = foo:start().
+(tiger@durin)2>%%Now we set up tracing
+(tiger@durin)2>ttb:tracer().
+(tiger@durin)3>ttb:p(Pid, [call, return_to, procs, set_on_spawn]).
+(tiger@durin)4>ttb:tpl(bar, []).
+(tiger@durin)5>%%Invoke our test function and see output with et viewer
+(tiger@durin)5>Pid ! go.
+(tiger@durin)6>ttb:stop({format, {handler, ttb:get_et_handler()}}).
+</code>
+
+      <p>This shoud render a result similar to the
+        following:
         </p>
       <p></p>
       <image file="et_processes.gif">
@@ -520,25 +707,37 @@ f3() ->
       <image file="et_modsprocs.gif">
         <icaption>Filter: "mods_and_procs"</icaption>
       </image>
+
+      <p>Note, that we can use <c>ttb:start_trace/4</c> function to help
+        us here:</p>
+<code>
+(tiger@durin)1>Pid = foo:start().
+(tiger@durin)2>ttb:start_trace([node()],
+                               [{bar,[]}],
+                               {Pid, [call, return_to, procs, set_on_spawn]}
+                               {handler, ttb:get_et_handler()}).
+(tiger@durin)3>Pid ! go.
+(tiger@durin)4>ttb:stop(format).
+</code>
+
     </section>
   </section>
 
   <section>
     <marker id="fetch_format"></marker>
     <title>Automatically collect and format logs from all nodes</title>
-    <p>If the option <c>fetch</c> is given to the <c>ttb:stop/1</c>
-      function, trace logs and trace information files are fetched
-      from all nodes after tracing is stopped. The logs are stored in a
-      new directory named <c>ttb_upload-Timestamp</c> under the working
-      directory of the trace control node.
+    <p>By default <c>ttb:stop/1</c> fetches  trace logs and
+      trace information files from all nodes. The logs are stored in a
+      new directory named <c>ttb_upload-Filename-Timestamp</c> under the working
+      directory of the trace control node. Fetching may be disabled by
+      providing the <c>nofetch</c> option to <c>ttb:stop/1</c>. User can
+      specify a fetch directory of his choice passing the
+      <c>{fetch_dir, Dir}</c> option.
       </p>
     <p>If the option <c>format</c> is given to <c>ttb:stop/1</c>, the
       trace logs are automatically formatted after tracing is
-      stopped. Note that <c>format</c> also implies <c>fetch</c>,
-      i.e. the trace logs will be collected from all nodes as for the
-      <c>fetch</c> option before they are formatted. All logs in the
-      upload directory are merged during formatting.
-      </p>
+      stopped.
+    </p>
   </section>
 
   <section>
@@ -546,13 +745,18 @@ f3() ->
     <p>For the tracing functionality, <c>dbg</c> could be used instead
       of the <c>ttb</c> for setting trace flags on processes and trace
       patterns for call trace, i.e. the functions <c>p</c>, <c>tp</c>,
-      <c>tpl</c>, <c>ctp</c>, <c>ctpl</c> and <c>ctpg</c>. The only
-      thing added by <c>ttb</c> for these functions is that all calls
-      are stored in the history buffer and can be recalled and stored in
-      a configuration file. This makes it easy to setup the same trace
-      environment e.g. if you want to compare two test runs. It also
-      reduces the amount of typing when using <c>ttb</c> from the erlang
-      shell.
+      <c>tpl</c>, <c>ctp</c>, <c>ctpl</c> and <c>ctpg</c>. There are only
+      two things added by <c>ttb</c> for these functions:
+      <list type="bulleted">
+        <item>all calls  are stored in the history buffer and can be
+          recalled and stored in a configuration file. This makes it
+          easy to setup the same trace environment e.g. if you want to
+          compare two test runs. It also reduces the amount of
+          typing when using <c>ttb</c> from the erlang shell;</item>
+        <item>shortcuts are provided for the most common match
+          specifications (in order not to force the user to use
+          <c>dbg:fun2ms</c> continually</item>).
+      </list>
       </p>
     <p>Use <c>list_history/0</c> to see the content of the history
       buffer, and <c>run_history/1</c> to re-execute one of the entries.
@@ -574,7 +778,8 @@ f3() ->
       selected entries from the history by calling
       <c>ttb:write_config(ConfigFile,NumList)</c>, where
       <c>NumList</c> is a list of integers pointing out the history
-      entries to write.
+      entries to write. Moreover, the history buffer is always dumped
+      to <c>ttb_last_config</c> when <c>ttb:stop/0/1</c> is called.
       </p>
     <p>User defined entries can also be written to a config file by
       calling the function
@@ -720,9 +925,7 @@ ok
 {ok,[{matched,1},{saved,1}]}
 (tiger@durin)113> dbg:get_tracer(), seq_trace:reset_trace().         
 true
-(tiger@durin)114> ttb:stop().                                       
-ok
-(tiger@durin)115> ttb:format("tiger@durin-ttb").                    
+(tiger@durin)114> ttb:stop(format).
 ({<0.158.0>,{shell,evaluator,3},tiger@durin}) call dbg:get_tracer()
 SeqTrace [0]: ({<0.158.0>,{shell,evaluator,3},tiger@durin}) 
 {<0.237.0>,dbg,tiger@durin} ! {<0.158.0>,{get_tracer,tiger@durin}} 
@@ -743,9 +946,7 @@ ok
 (tiger@durin)117> seq_trace:set_token(send,true), dbg:get_tracer(), 
 seq_trace:reset_trace().
 true
-(tiger@durin)118> ttb:stop().
-ok
-(tiger@durin)119> ttb:format("tiger@durin-ttb").
+(tiger@durin)118> ttb:stop(format).
 SeqTrace [0]: ({<0.158.0>,{shell,evaluator,3},tiger@durin}) 
 {<0.246.0>,dbg,tiger@durin} ! {<0.158.0>,{get_tracer,tiger@durin}} 
 [Serial: {0,1}]
diff --git a/lib/observer/priv/erlang_observer.png b/lib/observer/priv/erlang_observer.png
new file mode 100644
index 0000000000..78e70461b1
--- /dev/null
+++ b/lib/observer/priv/erlang_observer.png
diff --git a/lib/observer/src/Makefile b/lib/observer/src/Makefile
index 3875b62101..ca26afc11d 100644
--- a/lib/observer/src/Makefile
+++ b/lib/observer/src/Makefile
@@ -1,19 +1,19 @@
 #
 # %CopyrightBegin%
-# 
+#
 # Copyright Ericsson AB 2002-2011. All Rights Reserved.
-# 
+#
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
 # compliance with the License. You should have received a copy of the
 # Erlang Public License along with this software. If not, it can be
 # retrieved online at http://www.erlang.org/.
-# 
+#
 # Software distributed under the License is distributed on an "AS IS"
 # basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 # the License for the specific language governing rights and limitations
 # under the License.
-# 
+#
 # %CopyrightEnd%
 #
 include $(ERL_TOP)/make/target.mk
@@ -41,11 +41,25 @@ MODULES= \
 	etop_gui \
 	etop_tr \
 	etop_txt \
+	observer \
+	observer_app_wx \
+	observer_lib \
+	observer_wx \
+	observer_pro_wx \
+	observer_procinfo \
+	observer_sys_wx \
+	observer_trace_wx \
+	observer_traceoptions_wx \
+	observer_tv_table \
+	observer_tv_wx \
 	ttb \
 	ttb_et
+
 HRL_FILES= \
 	../include/etop.hrl
 INTERNAL_HRL_FILES= \
+	observer_tv.hrl \
+	observer_defs.hrl \
 	crashdump_viewer.hrl \
 	etop_defs.hrl
 ERL_FILES= $(MODULES:%=%.erl)
@@ -54,7 +68,7 @@ EXAMPLE_FILES= multitrace.erl
 TARGET_FILES= $(MODULES:%=$(EBIN)/%.$(EMULATOR)) $(APP_TARGET) $(APPUP_TARGET)
 
 PRIVDIR= ../priv
-WEBTOOLFILES= $(PRIVDIR)/crashdump_viewer.tool
+WEBTOOLFILES= $(PRIVDIR)/crashdump_viewer.tool $(PRIVDIR)/erlang_observer.png
 BINDIR= $(PRIVDIR)/bin
 ifeq ($(findstring win32,$(TARGET)),win32)
 WIN32_EXECUTABLES= $(BINDIR)/etop.bat $(BINDIR)/getop.bat $(BINDIR)/cdv.bat
@@ -92,8 +106,7 @@ ERL_COMPILE_FLAGS += \
 # ----------------------------------------------------
 # Targets
 # ----------------------------------------------------
-
-debug opt: $(TARGET_FILES)
+opt debug: $(TARGET_FILES)
 
 clean:
 	rm -f $(TARGET_FILES)
@@ -105,11 +118,13 @@ $(APP_TARGET): $(APP_SRC) ../vsn.mk
 $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
 	sed -e 's;%VSN%;$(VSN);' $< > $@
 
+$(TARGET_FILES): $(INTERNAL_HRL_FILES)
+
 docs:
 
 # ----------------------------------------------------
 # Release Target
-# ---------------------------------------------------- 
+# ----------------------------------------------------
 include $(ERL_TOP)/make/otp_release_targets.mk
 
 release_spec: opt
diff --git a/lib/observer/src/observer.erl b/lib/observer/src/observer.erl
new file mode 100644
index 0000000000..098100e8ee
--- /dev/null
+++ b/lib/observer/src/observer.erl
@@ -0,0 +1,25 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+
+-module(observer).
+
+-export([start/0]).
+
+
+start() ->
+    observer_wx:start().
diff --git a/lib/observer/src/observer_app_wx.erl b/lib/observer/src/observer_app_wx.erl
new file mode 100644
index 0000000000..62046577ad
--- /dev/null
+++ b/lib/observer/src/observer_app_wx.erl
@@ -0,0 +1,524 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(observer_app_wx).
+
+-export([start_link/2]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_event/2, handle_sync_event/3, handle_cast/2]).
+
+-behaviour(wx_object).
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+
+-record(state,
+	{
+	  parent,
+	  panel,
+	  apps_w,
+	  app_w,
+	  paint,
+	  current,
+	  app,
+	  sel,
+	  appmon
+	}).
+
+-record(paint, {font, pen, brush, sel, links}).
+
+-record(app, {ptree, n2p, links, dim}).
+-record(box, {x,y, w,h, s1}).
+-record(str, {x,y,text,pid}).
+
+-define(BX_E, 10). %% Empty width between text and box
+-define(BX_HE, (?BX_E div 2)).
+-define(BY_E, 10). %% Empty height between text and box
+-define(BY_HE, (?BY_E div 2)).
+
+-define(BB_X, 16). %% Empty width between boxes
+-define(BB_Y, 12). %% Empty height between boxes
+
+-define(DRAWAREA, 5).
+-define(ID_PROC_INFO, 101).
+-define(ID_PROC_MSG,  102).
+-define(ID_PROC_KILL, 103).
+-define(ID_TRACE_PID, 104).
+-define(ID_TRACE_NAME, 105).
+-define(ID_TRACE_TREE_PIDS, 106).
+-define(ID_TRACE_TREE_NAMES, 107).
+
+start_link(Notebook, Parent) ->
+    wx_object:start_link(?MODULE, [Notebook, Parent], []).
+
+init([Notebook, Parent]) ->
+    Panel = wxPanel:new(Notebook, [{size, wxWindow:getClientSize(Notebook)},
+				   {winid, 1}
+				  ]),
+    Main = wxBoxSizer:new(?wxHORIZONTAL),
+    Splitter = wxSplitterWindow:new(Panel, [{size, wxWindow:getClientSize(Panel)},
+					    {style, ?wxSP_LIVE_UPDATE},
+					    {id, 2}
+					   ]),
+    Apps = wxListBox:new(Splitter, 3, []),
+    %% Need extra panel and sizer to get correct size updates
+    %% in draw area for some reason
+    P2 = wxPanel:new(Splitter, [{winid, 4}]),
+    Extra = wxBoxSizer:new(?wxVERTICAL),
+    DrawingArea = wxScrolledWindow:new(P2, [{winid, ?DRAWAREA},
+					    {style,?wxFULL_REPAINT_ON_RESIZE}]),
+    wxWindow:setBackgroundColour(DrawingArea, ?wxWHITE),
+    wxWindow:setVirtualSize(DrawingArea, 800, 800),
+    wxSplitterWindow:setMinimumPaneSize(Splitter,50),
+    wxSizer:add(Extra, DrawingArea, [{flag, ?wxEXPAND},{proportion, 1}]),
+    wxWindow:setSizer(P2, Extra),
+    wxSplitterWindow:splitVertically(Splitter, Apps, P2, [{sashPosition, 150}]),
+    wxWindow:setSizer(Panel, Main),
+
+    wxSizer:add(Main, Splitter, [{flag, ?wxEXPAND bor ?wxALL},
+				 {proportion, 1}, {border, 5}]),
+    wxWindow:setSizer(Panel, Main),
+    wxListBox:connect(Apps, command_listbox_selected),
+    wxPanel:connect(DrawingArea, paint, [callback]),
+    wxPanel:connect(DrawingArea, size, [{skip, true}]),
+    wxPanel:connect(DrawingArea, left_up),
+    wxPanel:connect(DrawingArea, left_dclick),
+    wxPanel:connect(DrawingArea, right_down),
+
+    DefFont  = wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT),
+    SelCol   = wxSystemSettings:getColour(?wxSYS_COLOUR_HIGHLIGHT),
+    SelBrush = wxBrush:new(SelCol),
+    LinkPen  = wxPen:new(SelCol, [{width, 2}]),
+    %%  GC = wxGraphicsContext:create(DrawingArea),
+    %%  _Font = wxGraphicsContext:createFont(GC, DefFont),
+    {Panel, #state{parent=Parent,
+		   panel =Panel,
+		   apps_w=Apps,
+		   app_w =DrawingArea,
+		   paint=#paint{font= DefFont,
+				pen=  ?wxBLACK_PEN,
+				brush=?wxLIGHT_GREY_BRUSH,
+				sel=  SelBrush,
+				links=LinkPen
+			       }
+		  }}.
+
+setup_scrollbar(AppWin, App) ->
+    setup_scrollbar(wxWindow:getClientSize(AppWin), AppWin, App).
+
+setup_scrollbar({CW, CH}, AppWin, #app{dim={W0,H0}}) ->
+    W = max(W0,CW),
+    H = max(H0,CH),
+    PPC = 20,
+    if W0 =< CW, H0 =< CH ->
+	    wxScrolledWindow:setScrollbars(AppWin, W, H, 1, 1);
+       H0 =< CH ->
+	    wxScrolledWindow:setScrollbars(AppWin, PPC, H, W div PPC+1, 1);
+       W0 =< CW ->
+	    wxScrolledWindow:setScrollbars(AppWin, W, PPC, 1, H div PPC+1);
+       true ->
+	    wxScrolledWindow:setScrollbars(AppWin, PPC, PPC, W div PPC+1, H div PPC+1)
+    end;
+setup_scrollbar(_, _, undefined) -> ok.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+handle_event(#wx{event=#wxCommand{type=command_listbox_selected, cmdString=AppStr}},
+	     State = #state{appmon=AppMon, current=Prev}) ->
+    case AppStr of
+	[] ->
+	    {noreply, State};
+	_ ->
+	    App = list_to_atom(AppStr),
+	    (Prev =/= undefined) andalso appmon_info:app(AppMon, Prev, false, []),
+	    appmon_info:app(AppMon, App, true, []),
+	    {noreply, State#state{current=App}}
+    end;
+
+handle_event(#wx{id=Id, event=_Sz=#wxSize{size=Size}},
+	     State=#state{app=App, app_w=AppWin}) ->
+    Id =:= ?DRAWAREA andalso setup_scrollbar(Size,AppWin,App),
+    {noreply, State};
+
+handle_event(#wx{event=#wxMouse{type=Type, x=X0, y=Y0}},
+	     S0=#state{app=#app{ptree=Tree}, app_w=AppWin}) ->
+    {X,Y} = wxScrolledWindow:calcUnscrolledPosition(AppWin, X0, Y0),
+    Hit   = locate_node(X,Y, [Tree]),
+    State = handle_mouse_click(Hit, Type, S0),
+    {noreply, State};
+
+handle_event(#wx{event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=undefined}) ->
+    observer_lib:display_info_dialog("Select process first"),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_INFO, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    observer_procinfo:start(Pid, Panel, self()),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_MSG, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    case observer_lib:user_term(Panel, "Enter message", "") of
+	cancel ->         ok;
+	{ok, Term} ->     Pid ! Term;
+	{error, Error} -> observer_lib:display_info_dialog(Error)
+    end,
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_KILL, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    case observer_lib:user_term(Panel, "Enter Exit Reason", "") of
+	cancel ->         ok;
+	{ok, Term} ->     exit(Pid, Term);
+	{error, Error} -> observer_lib:display_info_dialog(Error)
+    end,
+    {noreply, State};
+
+%%% Trace api
+handle_event(#wx{id=?ID_TRACE_PID, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel={Box,_}}) ->
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), [box_to_pid(Box)]),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_NAME, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel={Box,_}}) ->
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), [box_to_reg(Box)]),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_TREE_PIDS, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=Sel}) ->
+    Get = fun(Box) -> box_to_pid(Box) end,
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), tree_map(Sel, Get)),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_TREE_NAMES, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=Sel}) ->
+    Get = fun(Box) -> box_to_reg(Box) end,
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), tree_map(Sel, Get)),
+    {noreply, State};
+
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
+
+%%%%%%%%%%
+handle_sync_event(#wx{event = #wxPaint{}},_,
+		  #state{app_w=DA, app=App, sel=Sel, paint=Paint}) ->
+    %% PaintDC must be created in a callback to work on windows.
+    DC = wxPaintDC:new(DA),
+    wxScrolledWindow:doPrepareDC(DA,DC),
+    %% Nothing is drawn until wxPaintDC is destroyed.
+    draw(DC, App, Sel, Paint),
+    wxPaintDC:destroy(DC),
+    ok.
+%%%%%%%%%%
+handle_call(Event, From, _State) ->
+    error({unhandled_call, Event, From}).
+
+handle_cast(Event, _State) ->
+    error({unhandled_cast, Event}).
+%%%%%%%%%%
+handle_info({active, Node}, State = #state{parent=Parent, current=Curr, appmon=Appmon}) ->
+    create_menus(Parent, []),
+    {ok, Pid} = appmon_info:start_link(Node, self(), []),
+    case Appmon of
+	undefined -> ok;
+	Pid -> ok;
+	_ -> %% Deregister me as client (and stop appmon if last)
+	    exit(Appmon, normal)
+    end,
+    appmon_info:app_ctrl(Pid, Node, true, []),
+    (Curr =/= undefined) andalso appmon_info:app(Pid, Curr, true, []),
+    {noreply, State#state{appmon=Pid}};
+
+handle_info(not_active, State = #state{appmon=AppMon, current=Prev}) ->
+    appmon_info:app_ctrl(AppMon, node(AppMon), false, []),
+    (Prev =/= undefined) andalso appmon_info:app(AppMon, Prev, false, []),
+    {noreply, State};
+
+handle_info({delivery, Pid, app_ctrl, _, Apps0},
+	    State = #state{appmon=Pid, apps_w=LBox}) ->
+    Apps = [atom_to_list(App) || {_, App, {_, _, _}} <- Apps0],
+    wxListBox:clear(LBox),
+    wxListBox:appendStrings(LBox, [App || App <- lists:sort(Apps)]),
+    {noreply, State};
+
+handle_info({delivery, _Pid, app, _Curr, {[], [], [], []}},
+	    State = #state{panel=Panel}) ->
+    wxWindow:refresh(Panel),
+    {noreply, State#state{app=undefined, sel=undefined}};
+
+handle_info({delivery, Pid, app, Curr, AppData},
+	    State = #state{panel=Panel, appmon=Pid, current=Curr,
+			   app_w=AppWin, paint=#paint{font=Font}}) ->
+    App = build_tree(AppData, {AppWin,Font}),
+    setup_scrollbar(AppWin, App),
+    wxWindow:refresh(Panel),
+    wxWindow:layout(Panel),
+    {noreply, State#state{app=App, sel=undefined}};
+
+handle_info(_Event, State) ->
+    %% io:format("~p:~p: ~p~n",[?MODULE,?LINE,_Event]),
+    {noreply, State}.
+
+%%%%%%%%%%
+terminate(_Event, _State) ->
+    ok.
+code_change(_, _, State) ->
+    State.
+
+handle_mouse_click(Node = {#box{s1=#str{pid=Pid}},_}, Type,
+		   State=#state{app_w=AppWin,panel=Panel}) ->
+    case Type of
+	left_dclick -> observer_procinfo:start(Pid, Panel, self());
+	right_down ->    popup_menu(Panel);
+	_ ->           ok
+    end,
+    wxWindow:refresh(AppWin),
+    State#state{sel=Node};
+handle_mouse_click(_, _, State = #state{sel=undefined}) ->
+    State;
+handle_mouse_click(_, right_down, State=#state{panel=Panel}) ->
+    popup_menu(Panel),
+    State;
+handle_mouse_click(_, _, State=#state{app_w=AppWin}) ->
+    wxWindow:refresh(AppWin),
+    State#state{sel=undefined}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+create_menus(Parent, _) ->
+    MenuEntries =
+	[{"File",
+	  [#create_menu{id=?ID_PROC_INFO, text="Process info"},
+	   #create_menu{id=?ID_PROC_MSG,  text="Send Msg"},
+	   #create_menu{id=?ID_PROC_KILL, text="Kill process"}
+	  ]},
+	 {"Trace",
+	  [#create_menu{id=?ID_TRACE_PID,  text="Trace process"},
+	   #create_menu{id=?ID_TRACE_NAME, text="Trace named process"},
+	   #create_menu{id=?ID_TRACE_TREE_PIDS,  text="Trace process tree"},
+	   #create_menu{id=?ID_TRACE_TREE_NAMES,  text="Trace named process tree"}
+	  ]}],
+    observer_wx:create_menus(Parent, MenuEntries).
+
+popup_menu(Panel) ->
+    Menu = wxMenu:new(),
+    wxMenu:append(Menu, ?ID_PROC_INFO,  "Process info"),
+    wxMenu:append(Menu, ?ID_TRACE_PID,  "Trace process"),
+    wxMenu:append(Menu, ?ID_TRACE_NAME, "Trace named process"),
+    wxMenu:append(Menu, ?ID_TRACE_TREE_PIDS, "Trace process tree"),
+    wxMenu:append(Menu, ?ID_TRACE_TREE_NAMES, "Trace named process tree"),
+    wxWindow:popupMenu(Panel, Menu),
+    wxMenu:destroy(Menu).
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+locate_node(X, _Y, [{Box=#box{x=BX}, _Chs}|_Rest])
+  when X < BX ->
+    {left, Box};
+locate_node(X,Y, [Node={Box=#box{x=BX,y=BY,w=BW,h=BH}, _Chs}|Rest])
+  when X =< (BX+BW)->
+    if
+	Y < BY -> {above, Box}; %% Above
+	Y =< (BY+BH) -> Node;
+	true -> locate_node(X,Y,Rest)
+    end;
+locate_node(X,Y, [{_, Chs}|Rest]) ->
+    case locate_node(X,Y,Chs) of
+	Node = {#box{},_} -> Node;
+	_Miss ->
+	    locate_node(X,Y,Rest)
+    end;
+locate_node(_, _, []) -> false.
+
+locate_box(From, [{Box=#box{s1=#str{pid=From}},_}|_]) -> Box;
+locate_box(From, [{_,Chs}|Rest]) ->
+    case locate_box(From, Chs) of
+	Box = #box{} -> Box;
+	_ -> locate_box(From, Rest)
+    end;
+locate_box(From, []) -> {false, From}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+build_tree({Root, P2Name, Links, XLinks0}, Font) ->
+    Fam = sofs:relation_to_family(sofs:relation(Links)),
+    Name2P = gb_trees:from_orddict(lists:sort([{Name,Pid} || {Pid,Name} <- P2Name])),
+    Lookup = gb_trees:from_orddict(sofs:to_external(Fam)),
+    {_, Tree0} = build_tree2(Root, Lookup, Name2P, Font),
+    {Tree, Dim} = calc_tree_size(Tree0),
+    Fetch = fun({From, To}, Acc) ->
+		    try {value, ToPid} = gb_trees:lookup(To, Name2P),
+			 FromPid = gb_trees:get(From, Name2P),
+			 [{locate_box(FromPid, [Tree]),locate_box(ToPid, [Tree])}|Acc]
+		    catch _:_ ->
+			    Acc
+		    end
+	    end,
+    XLinks = lists:foldl(Fetch, [], XLinks0),
+    #app{ptree=Tree, dim=Dim, links=XLinks}.
+
+build_tree2(Root, Tree0, N2P, Font) ->
+    case gb_trees:lookup(Root, Tree0) of
+	none -> {Tree0, {box(Root, N2P, Font), []}};
+	{value, Children} ->
+	    Tree1 = gb_trees:delete(Root, Tree0),
+	    {Tree, CHs} = lists:foldr(fun("port " ++_, Acc) ->
+					      Acc; %% Skip ports
+					 (Child,{T0, Acc}) ->
+					      {T, C} = build_tree2(Child, T0, N2P, Font),
+					      {T, [C|Acc]}
+				      end, {Tree1, []}, Children),
+	    {Tree, {box(Root, N2P, Font), CHs}}
+    end.
+
+calc_tree_size(Tree) ->
+    Cols = calc_col_start(Tree, [0]),
+    {Boxes,{W,Hs}} = calc_tree_size(Tree, Cols, ?BB_X, [?BB_Y]),
+    {Boxes, {W,lists:max(Hs)}}.
+
+calc_col_start({#box{w=W}, Chs}, [Max|Acc0]) ->
+    Acc = if Acc0 == [] -> [0]; true -> Acc0 end,
+    Depth = lists:foldl(fun(Child, MDepth) -> calc_col_start(Child, MDepth) end,
+			Acc, Chs),
+    [max(W,Max)|Depth].
+
+calc_tree_size({Box=#box{w=W,h=H}, []}, _, X, [Y|Ys]) ->
+    {{Box#box{x=X,y=Y}, []}, {X+W+?BB_X,[Y+H+?BB_Y|Ys]}};
+calc_tree_size({Box, Children}, [Col|Cols], X, [H0|Hs0]) ->
+    Hs1 = calc_row_start(Children, H0, Hs0),
+    StartX = X+Col+?BB_X,
+    {Boxes, {W,Hs}} = calc_tree_sizes(Children, Cols, StartX, StartX, Hs1, []),
+    Y = middle(Boxes, H0),
+    H = Y+Box#box.h+?BB_Y,
+    {{Box#box{x=X,y=Y}, Boxes}, {W,[H|Hs]}}.
+
+calc_tree_sizes([Child|Chs], Cols, X0, W0, Hs0, Acc) ->
+    {Tree, {W,Hs}} = calc_tree_size(Child, Cols, X0, Hs0),
+    calc_tree_sizes(Chs, Cols, X0, max(W,W0), Hs, [Tree|Acc]);
+calc_tree_sizes([], _, _, W,Hs, Acc) ->
+    {lists:reverse(Acc), {W,Hs}}.
+
+calc_row_start(Chs = [{#box{h=H},_}|_], Start, Hs0) ->
+    NChs = length(Chs),
+    Wanted = (H*NChs + ?BB_Y*(NChs-1)) div 2 - H div 2,
+    case Hs0 of
+	[] -> [max(?BB_Y, Start - Wanted)];
+	[Next|Hs] ->
+	    [max(Next, Start - Wanted)|Hs]
+    end.
+
+middle([], Y) -> Y;
+middle([{#box{y=Y}, _}], _) -> Y;
+middle([{#box{y=Y0},_}|List], _) ->
+    {#box{y=Y1},_} = lists:last(List),
+    (Y0+Y1) div 2.
+
+box(Str0, N2P, {Win,Font}) ->
+    Pid = gb_trees:get(Str0, N2P),
+    Str = if hd(Str0) =:= $< -> lists:append(io_lib:format("~w", [Pid]));
+	     true -> Str0
+	  end,
+    {TW,TH, _, _} = wxWindow:getTextExtent(Win, Str, [{theFont, Font}]),
+    Data = #str{text=Str, x=?BX_HE, y=?BY_HE, pid=Pid},
+    %% Add pid
+    #box{w=TW+?BX_E, h=TH+?BY_E, s1=Data}.
+
+box_to_pid(#box{s1=#str{pid=Pid}}) -> Pid.
+box_to_reg(#box{s1=#str{text=[$<|_], pid=Pid}}) -> Pid;
+box_to_reg(#box{s1=#str{text=Name}}) -> list_to_atom(Name).
+
+tree_map({Box, Chs}, Fun) ->
+    tree_map(Chs, Fun, [Fun(Box)]).
+tree_map([{Box, Chs}|Rest], Fun, Acc0) ->
+    Acc = tree_map(Chs, Fun, [Fun(Box)|Acc0]),
+    tree_map(Rest, Fun, Acc);
+tree_map([], _ , Acc) -> Acc.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+draw(_DC, undefined, _, _) ->
+    ok;
+draw(DC, #app{dim={_W,_H}, ptree=Tree, links=Links}, Sel,
+     #paint{font=Font, pen=Pen, brush=Brush, links=LPen, sel=SelBrush}) ->
+    %% Canvas = wxGraphicsContext:create(DC),
+    %% Pen    = wxGraphicsContext:createPen(Canvas, ?wxBLACK_PEN),
+    %% wxGraphicsContext:setPen(Canvas, Pen),
+    %% Brush = wxGraphicsContext:createBrush(Canvas, ?wxLIGHT_GREY_BRUSH),
+    %% wxGraphicsContext:setBrush(Canvas, Brush),
+    %% Font  = wxGraphicsContext:createFont(Canvas, wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT)),
+    %% wxGraphicsContext:setFont(Canvas, Font),
+    %% draw_tree(Tree, Canvas).
+    wxDC:setPen(DC, LPen),
+    [draw_xlink(Link, DC) || Link <- Links],
+    wxDC:setPen(DC, Pen),
+    %% wxDC:drawRectangle(DC, {2,2}, {W-2,H-2}), %% DEBUG
+    wxDC:setBrush(DC, Brush),
+    wxDC:setFont(DC, Font),
+    draw_tree(Tree, root, DC),
+    case Sel of
+	undefined -> ok;
+	{#box{x=X,y=Y,w=W,h=H,s1=Str1}, _} ->
+	    wxDC:setBrush(DC, SelBrush),
+	    wxDC:drawRoundedRectangle(DC, {X-1,Y-1}, {W+2,H+2}, 8.0),
+	    draw_str(DC, Str1, X, Y)
+    end.
+
+draw_tree({Box=#box{x=X,y=Y,w=W,h=H,s1=Str1}, Chs}, Parent, DC) ->
+    %%wxGraphicsContext:drawRoundedRectangle(DC, float(X), float(Y), float(W), float(H), 8.0),
+    wxDC:drawRoundedRectangle(DC, {X,Y}, {W,H}, 8.0),
+    draw_str(DC, Str1, X, Y),
+    Dot = case Chs of
+	      [] -> ok;
+	      [{#box{x=CX0},_}|_] ->
+		  CY = Y+(H div 2),
+		  CX = CX0-(?BB_X div 2),
+		  wxDC:drawLine(DC, {X+W, CY}, {CX, CY}),
+		  {CX, CY}
+	  end,
+    draw_link(Parent, Box, DC),
+    [draw_tree(Child, Dot, DC) || Child <- Chs].
+
+draw_link({CX,CY}, #box{x=X,y=Y0,h=H}, DC) ->
+    Y = Y0+(H div 2),
+    case Y =:= CY of
+	true ->
+	    wxDC:drawLine(DC, {CX, CY}, {X, CY});
+	false ->
+	    wxDC:drawLines(DC, [{CX, CY}, {CX, Y}, {X,Y}])
+    end;
+draw_link(_, _, _) -> ok.
+
+draw_xlink({#box{x=X0, y=Y0, h=BH}, #box{x=X1, y=Y1}}, DC)
+  when X0 =:= X1 ->
+    draw_xlink(X0,Y0,X1,Y1,BH,DC);
+draw_xlink({#box{x=X0, y=Y0, h=BH, w=BW}, #box{x=X1, y=Y1}}, DC)
+  when X0 < X1 ->
+    draw_xlink(X0+BW,Y0,X1,Y1,BH,DC);
+draw_xlink({#box{x=X0, y=Y0, h=BH}, #box{x=X1, w=BW, y=Y1}}, DC)
+  when X0 > X1 ->
+    draw_xlink(X1+BW,Y1,X0,Y0,BH,DC);
+draw_xlink({_From, _To}, _DC) ->
+    ignore.
+draw_xlink(X0, Y00, X1, Y11, BH, DC) ->
+    {Y0,Y1} = if Y00 < Y11 -> {Y00+BH-6, Y11+6};
+		 true -> {Y00+6, Y11+BH-6}
+	      end,
+    wxDC:drawLines(DC, [{X0,Y0}, {X0+5,Y0}, {X1-5,Y1}, {X1,Y1}]).
+
+draw_str(DC, #str{x=Sx,y=Sy, text=Text}, X, Y) ->
+    %%wxGraphicsContext:drawText(DC, Text, float(Sx+X), float(Sy+Y));
+    wxDC:drawText(DC, Text, {X+Sx,Y+Sy});
+draw_str(_, _, _, _) -> ok.
diff --git a/lib/observer/src/observer_defs.hrl b/lib/observer/src/observer_defs.hrl
new file mode 100644
index 0000000000..586e7bbff9
--- /dev/null
+++ b/lib/observer/src/observer_defs.hrl
@@ -0,0 +1,47 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+
+-record(match_spec, {name = "",
+		     term = [],
+		     str  = [],
+		     func = ""}).
+
+-record(tpattern, {m, fa, ms}).
+
+-record(traced_func, {func_name, %atom
+		      arity, %integer
+		      match_spec = #match_spec{}}).
+
+-record(create_menu,
+	{id,
+	 text,
+	 help = [],
+	 type = append,
+	 check = false
+	}).
+
+-record(attrs, {even, odd, deleted, changed, searched}).
+-define(EVEN(Row), ((Row rem 2) =:= 0)).
+-define(BG_EVEN,    {230,230,250}).
+-define(BG_ODD,     {255,255,255}).
+-define(BG_DELETED, {100,100,100}).
+-define(FG_DELETED, {240,30,30}).
+-define(BG_SEARCHED,{235,215,90}).
+-define(BG_CHANGED, {230,230,250}).
+
+-define(LCTRL_WDECR, 4). %% Remove some pixels in column width to avoid creating unnecessary scrollbar
diff --git a/lib/observer/src/observer_lib.erl b/lib/observer/src/observer_lib.erl
new file mode 100644
index 0000000000..5260861497
--- /dev/null
+++ b/lib/observer/src/observer_lib.erl
@@ -0,0 +1,375 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+
+-module(observer_lib).
+
+-export([get_wx_parent/1,
+	 display_info_dialog/1, user_term/3,
+	 interval_dialog/4, start_timer/1, stop_timer/1,
+	 display_info/2, fill_info/2, update_info/2, to_str/1,
+	 create_menus/3, create_menu_item/3,
+	 create_attrs/0,
+	 set_listctrl_col_size/2
+	]).
+
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+
+get_wx_parent(Window) ->
+    Parent = wxWindow:getParent(Window),
+    case wx:is_null(Parent) of
+	true -> Window;
+	false -> get_wx_parent(Parent)
+    end.
+
+interval_dialog(Parent0, {Timer, Value}, Min, Max) ->
+    Parent = get_wx_parent(Parent0),
+    Dialog = wxDialog:new(Parent, ?wxID_ANY, "Update Interval",
+			  [{style, ?wxDEFAULT_DIALOG_STYLE bor
+				?wxRESIZE_BORDER}]),
+    Panel = wxPanel:new(Dialog),
+    Check = wxCheckBox:new(Panel, ?wxID_ANY, "Periodical refresh"),
+    wxCheckBox:setValue(Check, Timer /= false),
+    Style = ?wxSL_HORIZONTAL bor ?wxSL_AUTOTICKS bor ?wxSL_LABELS,
+    Slider = wxSlider:new(Panel, ?wxID_ANY, Value, Min, Max,
+			  [{style, Style}, {size, {200, -1}}]),
+    wxWindow:enable(Slider, [{enable, Timer /= false}]),
+    InnerSizer = wxBoxSizer:new(?wxVERTICAL),
+    Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
+    Flags = [{flag, ?wxEXPAND bor ?wxALL}, {border, 2}],
+    wxSizer:add(InnerSizer, Check,  Flags),
+    wxSizer:add(InnerSizer, Slider, Flags),
+    wxPanel:setSizer(Panel, InnerSizer),
+    TopSizer = wxBoxSizer:new(?wxVERTICAL),
+    wxSizer:add(TopSizer, Panel, [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}]),
+    wxSizer:add(TopSizer, Buttons, [{flag, ?wxEXPAND}]),
+    wxWindow:setSizerAndFit(Dialog, TopSizer),
+    wxSizer:setSizeHints(TopSizer, Dialog),
+    wxCheckBox:connect(Check, command_checkbox_clicked,
+		       [{callback, fun(#wx{event=#wxCommand{commandInt=Enable0}},_) ->
+					   Enable = Enable0 > 0,
+					   wxWindow:enable(Slider, [{enable, Enable}])
+				   end}]),
+    Res = case wxDialog:showModal(Dialog) of
+	      ?wxID_OK ->
+		  Enabled = wxCheckBox:isChecked(Check),
+		  setup_timer(Enabled, {Timer, wxSlider:getValue(Slider)});
+	      ?wxID_CANCEL ->
+		  {Timer, Value}
+	  end,
+    wxDialog:destroy(Dialog),
+    Res.
+
+stop_timer(Timer = {false, _}) -> Timer;
+stop_timer(Timer = {true, _}) -> Timer;
+stop_timer(Timer = {_, Intv}) ->
+    setup_timer(false, Timer),
+    {true, Intv}.
+start_timer(Intv) when is_integer(Intv) ->
+    setup_timer(true, {true, Intv});
+start_timer(Timer) ->
+    setup_timer(true, Timer).
+
+setup_timer(false, {Timer, Value})
+  when is_boolean(Timer) ->
+    {false, Value};
+setup_timer(true,  {false, Value}) ->
+    {ok, Timer} = timer:send_interval(Value * 1000, refresh_interval),
+    {Timer, Value};
+setup_timer(Bool, {Timer, Old}) ->
+    timer:cancel(Timer),
+    setup_timer(Bool, {false, Old}).
+
+display_info_dialog(Str) ->
+    Dlg = wxMessageDialog:new(wx:null(), Str),
+    wxMessageDialog:showModal(Dlg),
+    wxMessageDialog:destroy(Dlg),
+    ok.
+
+%% display_info(Parent, [{Title, [{Label, Info}]}]) -> {Panel, Sizer, InfoFieldsToUpdate}
+display_info(Frame, Info) ->
+    Panel = wxPanel:new(Frame),
+    wxWindow:setBackgroundColour(Panel, {255,255,255}),
+    Sizer = wxBoxSizer:new(?wxVERTICAL),
+    wxSizer:addSpacer(Sizer, 5),
+    Add = fun(BoxInfo) ->
+		  {Box, InfoFs} = create_box(Panel, BoxInfo),
+		  wxSizer:add(Sizer, Box, [{flag, ?wxEXPAND bor ?wxALL},
+					   {border, 5}]),
+		  wxSizer:addSpacer(Sizer, 5),
+		  InfoFs
+	  end,
+    InfoFs = [Add(I) || I <- Info],
+    wxWindow:setSizerAndFit(Panel, Sizer),
+    {Panel, Sizer, InfoFs}.
+
+fill_info([{Str, Key}|Rest], Data) when is_atom(Key); is_function(Key) ->
+    [{Str, get_value(Key, Data)} | fill_info(Rest, Data)];
+fill_info([{Str, {Format, Key}}|Rest], Data)
+  when is_atom(Key); is_function(Key), is_atom(Format) ->
+    [{Str, {Format, get_value(Key,Data)}} | fill_info(Rest, Data)];
+fill_info([{Str,SubStructure}|Rest], Data) when is_list(SubStructure) ->
+    [{Str, fill_info(SubStructure, Data)}|fill_info(Rest,Data)];
+fill_info([{Str,Attrib,SubStructure}|Rest], Data) ->
+    [{Str, Attrib, fill_info(SubStructure, Data)}|fill_info(Rest,Data)];
+fill_info([], _) -> [].
+
+get_value(Key, Data) when is_atom(Key) ->
+    proplists:get_value(Key,Data);
+get_value(Fun, Data) when is_function(Fun) ->
+    Fun(Data).
+
+update_info([Fields|Fs], [{_Header, SubStructure}| Rest]) ->
+    update_info2(Fields, SubStructure),
+    update_info(Fs, Rest);
+update_info([Fields|Fs], [{_Header, _Attrib, SubStructure}| Rest]) ->
+    update_info2(Fields, SubStructure),
+    update_info(Fs, Rest);
+update_info([], []) ->
+    ok.
+
+update_info2([Field|Fs], [{_Str, Value}|Rest]) ->
+    wxStaticText:setLabel(Field, to_str(Value)),
+    update_info2(Fs, Rest);
+update_info2([], []) -> ok.
+
+
+to_str(Value) when is_atom(Value) ->
+    atom_to_list(Value);
+to_str({bytes, B}) ->
+    KB = B div 1024,
+    MB = KB div 1024,
+    if
+	MB > 10 -> integer_to_list(MB) ++ " mB";
+	KB >  0 -> integer_to_list(KB) ++ " kB";
+	true -> integer_to_list(B) ++ " B "
+    end;
+to_str({time_ms, MS}) ->
+    S = MS div 1000,
+    Min = S div 60,
+    Hours = Min div 60,
+    Days = Hours div 24,
+    if
+	Days > 0 -> integer_to_list(Days) ++ " Days";
+	Hours > 0 -> integer_to_list(Hours) ++ " Hours";
+	Min > 0 -> integer_to_list(Min) ++ " Mins";
+	true -> integer_to_list(S) ++ " Secs"
+    end;
+
+to_str({func, {F,A}}) when is_atom(F), is_integer(A) ->
+    lists:concat([F, "/", A]);
+to_str({func, {F,'_'}}) when is_atom(F) ->
+    atom_to_list(F);
+to_str({A, B}) when is_atom(A), is_atom(B) ->
+    lists:concat([A, ":", B]);
+to_str({M,F,A}) when is_atom(M), is_atom(F), is_integer(A) ->
+    lists:concat([M, ":", F, "/", A]);
+to_str(Value) when is_list(Value) ->
+    case lists:all(fun(X) -> is_integer(X) end, Value) of
+	true -> Value;
+	false ->
+	    lists:foldl(fun(X, Acc) ->
+				to_str(X) ++ " " ++ Acc end,
+			"", Value)
+    end;
+to_str(Port) when is_port(Port) ->
+    erlang:port_to_list(Port);
+to_str(Pid) when is_pid(Pid) ->
+    pid_to_list(Pid);
+to_str(No) when is_integer(No) ->
+    integer_to_list(No);
+to_str(Term) ->
+    io_lib:format("~w", [Term]).
+
+create_menus([], _MenuBar, _Type) -> ok;
+create_menus(Menus, MenuBar, Type) ->
+    Add = fun({Tag, Ms}, Index) ->
+		  create_menu(Tag, Ms, Index, MenuBar, Type)
+	  end,
+    [{First, _}|_] = Menus,
+    OnMac = os:type() =:= {unix, darwin},
+    Index = if Type =:= default -> 0;
+	       First =:= "File" -> 0;
+	       OnMac -> 0;
+	       true -> 1
+	    end,
+    wx:foldl(Add, Index, Menus),
+    ok.
+
+create_menu("File", MenuItems, Index, MenuBar, Type) ->
+    OnMac = os:type() =:= {unix, darwin},
+    if OnMac, Type =:= default ->
+	    Index;
+       not OnMac, Type =:= plugin ->
+	    MenuId = wxMenuBar:findMenu(MenuBar, "File"),
+	    Menu = wxMenuBar:getMenu(MenuBar, MenuId),
+	    lists:foldl(fun(Record, N) ->
+				create_menu_item(Record, Menu, N)
+			end, 0, MenuItems),
+	    Index + 1;
+       true ->
+	    Menu = wxMenu:new(),
+	    lists:foldl(fun(Record, N) ->
+				create_menu_item(Record, Menu, N)
+			end, 0, MenuItems),
+	    wxMenuBar:insert(MenuBar, Index, Menu, "File"),
+	    Index+1
+    end;
+create_menu(Name, MenuItems, Index, MenuBar, _Type) ->
+    Menu = wxMenu:new(),
+    lists:foldl(fun(Record, N) ->
+			create_menu_item(Record, Menu, N)
+		end, 0, MenuItems),
+    wxMenuBar:insert(MenuBar, Index, Menu, Name),
+    Index+1.
+
+create_menu_item(#create_menu{id = ?wxID_HELP=Id}, Menu, Index) ->
+    wxMenu:insert(Menu, Index, Id),
+    Index+1;
+create_menu_item(#create_menu{id=Id, text=Text, help=Help, type=Type, check=Check},
+		 Menu, Index) ->
+    Opts = case Help of
+	       [] -> [];
+	       _ -> [{help, Help}]
+	   end,
+    case Type of
+	append ->
+	    wxMenu:insert(Menu, Index, Id,
+			  [{text, Text}|Opts]);
+	check ->
+	    wxMenu:insertCheckItem(Menu, Index, Id, Text, Opts),
+	    wxMenu:check(Menu, Id, Check);
+	radio ->
+	    wxMenu:insertRadioItem(Menu, Index, Id, Text, Opts),
+	    wxMenu:check(Menu, Id, Check);
+	separator ->
+	    wxMenu:insertSeparator(Menu, Index)
+    end,
+    Index+1;
+create_menu_item(separator, Menu, Index) ->
+    wxMenu:insertSeparator(Menu, Index),
+    Index+1.
+
+create_attrs() ->
+    Font = wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT),
+    Text = case wxSystemSettings:getColour(?wxSYS_COLOUR_LISTBOXTEXT) of
+	       {255,255,255,_} -> {10,10,10};  %% Is white on Mac for some reason
+	       Color -> Color
+	   end,
+    #attrs{even = wxListItemAttr:new(Text, ?BG_EVEN, Font),
+	   odd  = wxListItemAttr:new(Text, ?BG_ODD, Font),
+	   deleted = wxListItemAttr:new(?FG_DELETED, ?BG_DELETED, Font),
+	   changed = wxListItemAttr:new(Text, ?BG_CHANGED, Font),
+	   searched = wxListItemAttr:new(Text, ?BG_SEARCHED, Font)
+	  }.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+get_box_info({Title, List}) when is_list(List) -> {Title, ?wxALIGN_LEFT, List};
+get_box_info({Title, left, List}) -> {Title, ?wxALIGN_LEFT, List};
+get_box_info({Title, right, List}) -> {Title, ?wxALIGN_RIGHT, List}.
+
+create_box(Panel, Data) ->
+    {Title, Align, Info} = get_box_info(Data),
+    Box = wxStaticBoxSizer:new(?wxHORIZONTAL, Panel, [{label, Title}]),
+    Left  = wxBoxSizer:new(?wxVERTICAL),
+    Right = wxBoxSizer:new(?wxVERTICAL),
+    Expand    = [{flag, ?wxEXPAND}],
+    ExpAlign  = [{flag, Align}],
+    AddRow = fun({Desc, Value}) ->
+		     wxSizer:add(Left, wxStaticText:new(Panel, ?wxID_ANY, Desc ++ ":"), Expand),
+		     Field = wxStaticText:new(Panel, ?wxID_ANY, to_str(Value)),
+		     wxSizer:add(Right, Field, ExpAlign),
+		     Field
+	     end,
+    InfoFields = [AddRow(Entry) || Entry <- Info],
+    wxSizer:add(Box, Left),
+    wxSizer:addSpacer(Box, 10),
+    wxSizer:add(Box, Right),
+    wxSizer:addSpacer(Box, 30),
+    {Box, InfoFields}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+set_listctrl_col_size(LCtrl, Total) ->
+    wx:batch(fun() -> calc_last(LCtrl, Total) end).
+
+calc_last(LCtrl, _Total) ->
+    Cols = wxListCtrl:getColumnCount(LCtrl),
+    {Total, _} = wxWindow:getClientSize(LCtrl),
+    SBSize = scroll_size(LCtrl),
+    Last = lists:foldl(fun(I, Last) ->
+			       Last - wxListCtrl:getColumnWidth(LCtrl, I)
+		       end, Total-SBSize, lists:seq(0, Cols - 2)),
+    Size = max(150, Last),
+    wxListCtrl:setColumnWidth(LCtrl, Cols-1, Size).
+
+scroll_size(LCtrl) ->
+    case os:type() of
+	{win32, nt} -> 0;
+	{unix, darwin} ->
+	    %% I can't figure out is there is a visible scrollbar
+	    %% Always make room for it
+	    wxSystemSettings:getMetric(?wxSYS_VSCROLL_X);
+	_ ->
+	    case wxWindow:hasScrollbar(LCtrl, ?wxVERTICAL) of
+		true -> wxSystemSettings:getMetric(?wxSYS_VSCROLL_X);
+		false -> 0
+	    end
+    end.
+
+
+user_term(Parent, Title, Default) ->
+    Dialog = wxTextEntryDialog:new(Parent, Title, [{value, Default}]),
+    case wxTextEntryDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Str = wxTextEntryDialog:getValue(Dialog),
+	    wxTextEntryDialog:destroy(Dialog),
+	    parse_string(ensure_last_is_dot(Str));
+	?wxID_CANCEL ->
+	    wxTextEntryDialog:destroy(Dialog),
+	    cancel
+    end.
+
+parse_string(Str) ->
+    try
+	Tokens = case erl_scan:string(Str) of
+		     {ok, Ts, _} -> Ts;
+		     {error, {_SLine, SMod, SError}, _} ->
+			 throw(io_lib:format("~s", [SMod:format_error(SError)]))
+		 end,
+	case erl_parse:parse_term(Tokens) of
+	    {error, {_PLine, PMod, PError}} ->
+		throw(io_lib:format("~s", [PMod:format_error(PError)]));
+	    Res -> Res
+	end
+    catch
+	throw:ErrStr ->
+	    {error, ErrStr};
+	_:_Err ->
+	    {error, ["Syntax error in: ", Str]}
+    end.
+
+ensure_last_is_dot([]) ->
+    ".";
+ensure_last_is_dot(String) ->
+    case lists:last(String) =:= $. of
+	true ->
+	    String;
+	false ->
+	    String ++ "."
+    end.
diff --git a/lib/observer/src/observer_pro_wx.erl b/lib/observer/src/observer_pro_wx.erl
new file mode 100644
index 0000000000..7578215ff9
--- /dev/null
+++ b/lib/observer/src/observer_pro_wx.erl
@@ -0,0 +1,594 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(observer_pro_wx).
+
+-behaviour(wx_object).
+
+-export([start_link/2]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_event/2, handle_cast/2]).
+
+-include_lib("wx/include/wx.hrl").
+-include("../include/etop.hrl").
+-include("observer_defs.hrl").
+-include("etop_defs.hrl").
+
+%% Defines
+-define(COL_PID,  0).
+-define(COL_NAME, ?COL_PID+1).
+%%-define(COL_TIME, 2).
+-define(COL_REDS, ?COL_NAME+1).
+-define(COL_MEM,  ?COL_REDS+1).
+-define(COL_MSG,  ?COL_MEM+1).
+-define(COL_FUN,  ?COL_MSG+1).
+
+-define(ID_KILL, 201).
+-define(ID_PROC, 202).
+-define(ID_REFRESH, 203).
+-define(ID_REFRESH_INTERVAL, 204).
+-define(ID_DUMP_TO_FILE, 205).
+-define(ID_TRACE_PIDS, 206).
+-define(ID_TRACE_NAMES, 207).
+-define(ID_TRACE_NEW, 208).
+-define(ID_TRACE_ALL, 209).
+-define(ID_ACCUMULATE, 210).
+
+-define(TRACE_PIDS_STR, "Trace selected process identifiers").
+-define(TRACE_NAMES_STR, "Trace selected processes, "
+	"if a process have a registered name "
+	"processes with same name will be traced on all nodes").
+
+
+%% Records
+
+-record(sort,
+	{
+	  sort_key=?COL_REDS,
+	  sort_incr=false
+	}).
+
+-record(holder, {parent,
+		 info,
+		 sort=#sort{},
+		 accum=[],
+		 attrs,
+		 node,
+		 backend_pid
+		}).
+
+-record(state, {parent,
+		grid,
+		panel,
+		popup_menu,
+		parent_notebook,
+		timer,
+		procinfo_menu_pids=[],
+		sel={[], []},
+		holder}).
+
+start_link(Notebook, Parent) ->
+    wx_object:start_link(?MODULE, [Notebook, Parent], []).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+init([Notebook, Parent]) ->
+    Attrs = observer_lib:create_attrs(),
+    Self = self(),
+    Holder = spawn_link(fun() -> init_table_holder(Self, Attrs) end),
+    {ProPanel, State} = setup(Notebook, Parent, Holder),
+    {ProPanel, State#state{holder=Holder}}.
+
+setup(Notebook, Parent, Holder) ->
+    ProPanel = wxPanel:new(Notebook, []),
+
+    Grid  = create_list_box(ProPanel, Holder),
+    Sizer = wxBoxSizer:new(?wxVERTICAL),
+    wxSizer:add(Sizer, Grid, [{flag, ?wxEXPAND bor ?wxALL},
+			      {proportion, 1},
+			      {border,4}]),
+
+    wxWindow:setSizer(ProPanel, Sizer),
+
+    State = #state{parent=Parent,
+		   grid=Grid,
+		   panel=ProPanel,
+		   parent_notebook=Notebook,
+		   holder=Holder,
+		   timer={false, 10}
+		   },
+    {ProPanel, State}.
+
+
+%% UI-creation
+
+create_pro_menu(Parent, Holder) ->
+    MenuEntries = [{"File",
+		    [#create_menu{id=?ID_DUMP_TO_FILE, text="Dump to file"}]},
+		   {"View",
+		    [#create_menu{id=?ID_ACCUMULATE, text="Accumulate",
+				  type=check,
+				  check=call(Holder, {get_accum, self()})},
+		     separator,
+		     #create_menu{id=?ID_REFRESH, text="Refresh\tCtrl-R"},
+		     #create_menu{id=?ID_REFRESH_INTERVAL, text="Refresh Interval"}]},
+		   {"Trace",
+		    [#create_menu{id=?ID_TRACE_PIDS, text="Trace processes"},
+		     #create_menu{id=?ID_TRACE_NAMES, text="Trace named processes (all nodes)"},
+		     #create_menu{id=?ID_TRACE_NEW, text="Trace new processes"}
+		     %% , #create_menu{id=?ID_TRACE_ALL_MENU, text="Trace all processes"}
+		    ]}
+		  ],
+    observer_wx:create_menus(Parent, MenuEntries).
+
+create_list_box(Panel, Holder) ->
+    Style = ?wxLC_REPORT bor ?wxLC_VIRTUAL bor ?wxLC_HRULES,
+    ListCtrl = wxListCtrl:new(Panel, [{style, Style},
+				      {onGetItemText,
+				       fun(_, Row, Col) ->
+					       call(Holder, {get_row, self(), Row, Col})
+				       end},
+				      {onGetItemAttr,
+				       fun(_, Item) ->
+					       call(Holder, {get_attr, self(), Item})
+				       end}
+				     ]),
+    Li = wxListItem:new(),
+    AddListEntry = fun({Name, Align, DefSize}, Col) ->
+			   wxListItem:setText(Li, Name),
+			   wxListItem:setAlign(Li, Align),
+			   wxListCtrl:insertColumn(ListCtrl, Col, Li),
+			   wxListCtrl:setColumnWidth(ListCtrl, Col, DefSize),
+			   Col + 1
+		   end,
+    ListItems = [{"Pid", ?wxLIST_FORMAT_CENTRE,  120},
+		 {"Name or Initial Func", ?wxLIST_FORMAT_LEFT, 200},
+%%		 {"Time", ?wxLIST_FORMAT_CENTRE, 50},
+		 {"Reds", ?wxLIST_FORMAT_RIGHT, 100},
+		 {"Memory", ?wxLIST_FORMAT_RIGHT, 100},
+		 {"MsgQ",  ?wxLIST_FORMAT_RIGHT, 50},
+		 {"Current Function", ?wxLIST_FORMAT_LEFT,  200}],
+    lists:foldl(AddListEntry, 0, ListItems),
+    wxListItem:destroy(Li),
+
+    wxListCtrl:setItemCount(ListCtrl, 1),
+    wxListCtrl:connect(ListCtrl, size, [{skip, true}]),
+    wxListCtrl:connect(ListCtrl, command_list_item_activated),
+    wxListCtrl:connect(ListCtrl, command_list_item_right_click),
+    wxListCtrl:connect(ListCtrl, command_list_col_click),
+    %% Use focused instead of selected, selected doesn't generate events
+    %% for all multiple selections on Linux
+    wxListCtrl:connect(ListCtrl, command_list_item_focused),
+    ListCtrl.
+
+dump_to_file(Parent, FileName, Holder) ->
+    case file:open(FileName, [write]) of
+	{ok, Fd} ->
+	    %% Holder closes the file when it's done
+	    Holder ! {dump, Fd};
+	{error, Reason} ->
+	    FailMsg = file:format_error(Reason),
+	    MD = wxMessageDialog:new(Parent, FailMsg),
+	    wxDialog:showModal(MD),
+	    wxDialog:destroy(MD)
+    end.
+
+start_procinfo(undefined, _Frame, Opened) ->
+    Opened;
+start_procinfo(Pid, Frame, Opened) ->
+    case lists:member(Pid, Opened) of
+	true ->
+	    Opened;
+	false ->
+	    observer_procinfo:start(Pid, Frame, self()),
+	    [Pid | Opened]
+    end.
+
+call(Holder, What) ->
+    Ref = erlang:monitor(process, Holder),
+    Holder ! What,
+    receive
+	{'DOWN', Ref, _, _, _} -> "";
+	{Holder, Res} ->
+	    erlang:demonitor(Ref),
+	    Res
+    after 2000 ->
+	    io:format("Hanging call ~p~n",[What]),
+	    ""
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%% Callbacks %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+handle_info({holder_updated, Count}, State0=#state{grid=Grid}) ->
+    State = update_selection(State0),
+
+    wxListCtrl:setItemCount(Grid, Count),
+    wxListCtrl:refreshItems(Grid, 0, Count-1),
+
+    {noreply, State};
+
+handle_info(refresh_interval, #state{holder=Holder}=State) ->
+    Holder ! refresh,
+    {noreply, State};
+
+handle_info({procinfo_menu_closed, Pid},
+	    #state{procinfo_menu_pids=Opened}=State) ->
+    NewPids = lists:delete(Pid, Opened),
+    {noreply, State#state{procinfo_menu_pids=NewPids}};
+
+handle_info({active, Node},
+	    #state{holder=Holder, timer=Timer, parent=Parent}=State) ->
+    create_pro_menu(Parent, Holder),
+    Holder ! {change_node, Node},
+    {noreply, State#state{timer=observer_lib:start_timer(Timer)}};
+
+handle_info(not_active, #state{timer=Timer0}=State) ->
+    Timer = observer_lib:stop_timer(Timer0),
+    {noreply, State#state{timer=Timer}};
+
+handle_info(Info, State) ->
+    io:format("~p:~p, Unexpected info: ~p~n", [?MODULE, ?LINE, Info]),
+    {noreply, State}.
+
+terminate(_Reason, #state{holder=Holder}) ->
+    Holder ! stop,
+    etop:stop(),
+    ok.
+
+code_change(_, _, State) ->
+    {stop, not_yet_implemented, State}.
+
+
+handle_call(Msg, _From, State) ->
+    io:format("~p:~p: Unhandled call ~p~n",[?MODULE, ?LINE, Msg]),
+    {reply, ok, State}.
+
+
+handle_cast(Msg, State) ->
+    io:format("~p:~p: Unhandled cast ~p~n", [?MODULE, ?LINE, Msg]),
+    {noreply, State}.
+
+%%%%%%%%%%%%%%%%%%%%LOOP%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+handle_event(#wx{id=?ID_DUMP_TO_FILE}, #state{panel=Panel, holder=Holder}=State) ->
+    FD  =  wxFileDialog:new(Panel,
+			    [{style,?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
+    case wxFileDialog:showModal(FD) of
+	?wxID_OK ->
+	    Path = wxFileDialog:getPath(FD),
+	    wxDialog:destroy(FD),
+	    dump_to_file(Panel, Path, Holder);
+	_ ->
+	    wxDialog:destroy(FD)
+    end,
+    {noreply, State};
+
+handle_event(#wx{id=?ID_ACCUMULATE,
+		 event=#wxCommand{type=command_menu_selected, commandInt=CmdInt}},
+	     #state{holder=Holder}=State) ->
+    Holder ! {accum, CmdInt =:= 1},
+    {noreply, State};
+
+handle_event(#wx{id=?ID_REFRESH, event=#wxCommand{type=command_menu_selected}},
+	     #state{holder=Holder}=State) ->
+    Holder ! refresh,
+    {noreply, State};
+
+handle_event(#wx{id=?ID_REFRESH_INTERVAL},
+	     #state{panel=Panel, timer=Timer0}=State) ->
+    Timer = observer_lib:interval_dialog(Panel, Timer0, 1, 5*60),
+    {noreply, State#state{timer=Timer}};
+
+handle_event(#wx{id=?ID_KILL}, #state{sel={[_|Ids], [ToKill|Pids]}}=State) ->
+    exit(ToKill, kill),
+    {noreply, State#state{sel={Ids,Pids}}};
+
+
+handle_event(#wx{id=?ID_PROC},
+	     #state{panel=Panel, sel={_, [Pid|_]},procinfo_menu_pids=Opened}=State) ->
+    Opened2 = start_procinfo(Pid, Panel, Opened),
+    {noreply, State#state{procinfo_menu_pids=Opened2}};
+
+handle_event(#wx{id=?ID_TRACE_PIDS}, #state{sel={_, Pids}, panel=Panel}=State)  ->
+    case Pids of
+	[] ->
+	    observer_wx:create_txt_dialog(Panel, "No selected processes", "Tracer", ?wxICON_EXCLAMATION),
+	    {noreply, State};
+	Pids ->
+	    observer_trace_wx:add_processes(observer_wx:get_tracer(), Pids),
+	    {noreply,  State}
+    end;
+
+handle_event(#wx{id=?ID_TRACE_NAMES}, #state{sel={SelIds,_Pids}, holder=Holder, panel=Panel}=State)  ->
+    case SelIds of
+	[] ->
+	    observer_wx:create_txt_dialog(Panel, "No selected processes", "Tracer", ?wxICON_EXCLAMATION),
+	    {noreply, State};
+	_ ->
+	    PidsOrReg = call(Holder, {get_name_or_pid, self(), SelIds}),
+	    observer_trace_wx:add_processes(observer_wx:get_tracer(), PidsOrReg),
+	    {noreply,  State}
+    end;
+
+handle_event(#wx{id=?ID_TRACE_NEW, event=#wxCommand{type=command_menu_selected}}, State) ->
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), [new]),
+    {noreply,  State};
+
+handle_event(#wx{event=#wxSize{size={W,_}}},
+	     #state{grid=Grid}=State) ->
+    observer_lib:set_listctrl_col_size(Grid, W),
+    {noreply, State};
+
+handle_event(#wx{event=#wxList{type=command_list_item_right_click,
+			       itemIndex=Row}},
+	     #state{panel=Panel, holder=Holder}=State) ->
+
+    case call(Holder, {get_row, self(), Row, pid}) of
+	{error, undefined} ->
+	    undefined;
+	{ok, _} ->
+	    Menu = wxMenu:new(),
+	    wxMenu:append(Menu, ?ID_PROC, "Process info"),
+	    wxMenu:append(Menu, ?ID_TRACE_PIDS, "Trace processes", [{help, ?TRACE_PIDS_STR}]),
+	    wxMenu:append(Menu, ?ID_TRACE_NAMES, "Trace named processes (all nodes)",
+			  [{help, ?TRACE_NAMES_STR}]),
+	    wxMenu:append(Menu, ?ID_KILL, "Kill Process"),
+	    wxWindow:popupMenu(Panel, Menu),
+	    wxMenu:destroy(Menu)
+    end,
+    {noreply, State};
+
+handle_event(#wx{event=#wxList{type=command_list_item_focused,
+			       itemIndex=Row}},
+	     #state{grid=Grid,holder=Holder} = State) ->
+    case Row >= 0 of
+	true ->
+	    SelIds = [Row|lists:delete(Row, get_selected_items(Grid))],
+	    Pids = call(Holder, {get_pids, self(), SelIds}),
+	    {noreply, State#state{sel={SelIds, Pids}}};
+	false ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{event=#wxList{type=command_list_col_click, col=Col}},
+	     #state{holder=Holder}=State) ->
+    Holder !  {change_sort, Col},
+    {noreply, State};
+
+handle_event(#wx{event=#wxList{type=command_list_item_activated}},
+	     #state{panel=Panel, procinfo_menu_pids=Opened,
+		    sel={_, [Pid|_]}}=State)
+  when Pid =/= undefined ->
+    Opened2 = start_procinfo(Pid, Panel, Opened),
+    {noreply, State#state{procinfo_menu_pids=Opened2}};
+
+handle_event(Event, State) ->
+    io:format("~p:~p: handle event ~p\n", [?MODULE, ?LINE, Event]),
+    {noreply, State}.
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+update_selection(State=#state{holder=Holder, grid=Grid,
+			      sel={SelIds0, SelPids0}}) ->
+    Sel = {SelIds,_SelPids} = call(Holder, {get_rows_from_pids, self(), SelPids0}),
+    set_focus(SelIds0, SelIds, Grid),
+    case SelIds =:= SelIds0 of
+	true -> ok;
+	false ->
+	    wx:batch(fun() ->
+			     [wxListCtrl:setItemState(Grid, I, 0, ?wxLIST_STATE_SELECTED) ||
+				 I <- SelIds0],
+			     [wxListCtrl:setItemState(Grid, I, 16#FFFF, ?wxLIST_STATE_SELECTED) ||
+				 I <- SelIds]
+		     end)
+    end,
+    %%io:format("Update ~p -> ~p~n",[{SelIds0, SelPids0}, Sel]),
+    State#state{sel=Sel}.
+
+get_selected_items(Grid) ->
+    get_selected_items(Grid, -1, []).
+
+get_selected_items(Grid, Index, ItemAcc) ->
+    Item = wxListCtrl:getNextItem(Grid, Index, [{geometry, ?wxLIST_NEXT_ALL},
+						{state, ?wxLIST_STATE_SELECTED}]),
+    case Item of
+	-1 ->
+	    lists:reverse(ItemAcc);
+	_ ->
+	    get_selected_items(Grid, Item, [Item | ItemAcc])
+    end.
+
+set_focus([], [], _Grid) -> ok;
+set_focus([Same|_], [Same|_], _Grid) -> ok;
+set_focus([], [New|_], Grid) ->
+    wxListCtrl:setItemState(Grid, New, 16#FFFF, ?wxLIST_STATE_FOCUSED);
+set_focus([Old|_], [], Grid) ->
+    wxListCtrl:setItemState(Grid, Old, 0, ?wxLIST_STATE_FOCUSED);
+set_focus([Old|_], [New|_], Grid) ->
+    wxListCtrl:setItemState(Grid, Old, 0, ?wxLIST_STATE_FOCUSED),
+    wxListCtrl:setItemState(Grid, New, 16#FFFF, ?wxLIST_STATE_FOCUSED).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%TABLE HOLDER%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+init_table_holder(Parent, Attrs) ->
+    Backend = spawn_link(node(), observer_backend,etop_collect,[self()]),
+    table_holder(#holder{parent=Parent,
+			 info=#etop_info{procinfo=[]},
+			 node=node(),
+			 backend_pid=Backend,
+			 attrs=Attrs
+			}).
+
+table_holder(#holder{info=#etop_info{procinfo=Info}, attrs=Attrs,
+		     node=Node, backend_pid=Backend}=S0) ->
+    receive
+	{get_row, From, Row, Col} ->
+	    get_row(From, Row, Col, Info),
+	    table_holder(S0);
+	{get_attr, From, Row} ->
+	    get_attr(From, Row, Attrs),
+	    table_holder(S0);
+	{Backend, EtopInfo=#etop_info{}} ->
+	    State = handle_update(EtopInfo, S0),
+	    table_holder(State#holder{backend_pid=undefined});
+	refresh when is_pid(Backend)->
+	    table_holder(S0); %% Already updating
+	refresh ->
+	    Pid = spawn_link(Node,observer_backend,etop_collect,[self()]),
+	    table_holder(S0#holder{backend_pid=Pid});
+	{change_sort, Col} ->
+	    State = change_sort(Col, S0),
+	    table_holder(State);
+	{get_pids, From, Indices} ->
+	    get_pids(From, Indices, Info),
+	    table_holder(S0);
+	{get_rows_from_pids, From, Pids} ->
+	    get_rows_from_pids(From, Pids, Info),
+	    table_holder(S0);
+	{get_name_or_pid, From, Indices} ->
+	    get_name_or_pid(From, Indices, Info),
+	    table_holder(S0);
+
+	{get_node, From} ->
+	    From ! {self(), Node},
+	    table_holder(S0);
+	{change_node, NewNode} ->
+	    case Node == NewNode of
+		true ->
+		    table_holder(S0);
+		false ->
+		    self() ! refresh,
+		    table_holder(S0#holder{node=NewNode})
+	    end;
+	{accum, Bool} ->
+	    table_holder(change_accum(Bool,S0));
+	{get_accum, From} ->
+	    From ! {self(), S0#holder.accum == true},
+	    table_holder(S0);
+	{dump, Fd} ->
+	    etop_txt:do_update(Fd, S0#holder.info, #opts{node=Node}),
+	    file:close(Fd),
+	    table_holder(S0);
+	stop ->
+	    ok;
+	What ->
+	    io:format("Table holder got ~p~n",[What]),
+	    table_holder(S0)
+    end.
+
+change_sort(Col, S0=#holder{parent=Parent, info=EI=#etop_info{procinfo=Data}, sort=Sort0}) ->
+    {Sort, ProcInfo}=sort(Col, Sort0, Data),
+    Parent ! {holder_updated, length(Data)},
+    S0#holder{info=EI#etop_info{procinfo=ProcInfo}, sort=Sort}.
+
+change_accum(true, S0) ->
+    S0#holder{accum=true};
+change_accum(false, S0=#holder{info=#etop_info{procinfo=Info}}) ->
+    self() ! refresh,
+    S0#holder{accum=lists:sort(Info)}.
+
+handle_update(EI=#etop_info{procinfo=ProcInfo0},
+	      S0=#holder{parent=Parent, sort=Sort=#sort{sort_key=KeyField}}) ->
+    {ProcInfo1, S1} = accum(ProcInfo0, S0),
+    {_SO, ProcInfo} = sort(KeyField, Sort#sort{sort_key=undefined}, ProcInfo1),
+    Parent ! {holder_updated, length(ProcInfo)},
+    S1#holder{info=EI#etop_info{procinfo=ProcInfo}}.
+
+accum(ProcInfo, State=#holder{accum=true}) ->
+    {ProcInfo, State};
+accum(ProcInfo0, State=#holder{accum=Previous}) ->
+    ProcInfo = lists:sort(ProcInfo0),
+    {accum2(ProcInfo,Previous,[]), State#holder{accum=ProcInfo}}.
+
+accum2([PI=#etop_proc_info{pid=Pid, reds=Reds, runtime=RT}|PIs],
+       [#etop_proc_info{pid=Pid, reds=OldReds, runtime=OldRT}|Old], Acc) ->
+    accum2(PIs, Old, [PI#etop_proc_info{reds=Reds-OldReds, runtime=RT-OldRT}|Acc]);
+accum2(PIs=[#etop_proc_info{pid=Pid}|_], [#etop_proc_info{pid=OldPid}|Old], Acc)
+  when Pid > OldPid ->
+    accum2(PIs, Old, Acc);
+accum2([PI|PIs], Old, Acc) ->
+    accum2(PIs, Old, [PI|Acc]);
+accum2([], _, Acc) -> Acc.
+
+sort(Col, Opt=#sort{sort_key=Col, sort_incr=Bool}, Table) ->
+    {Opt#sort{sort_incr=not Bool}, lists:reverse(Table)};
+sort(Col, S=#sort{sort_incr=true}, Table) ->
+    {S#sort{sort_key=Col}, lists:keysort(col_to_element(Col), Table)};
+sort(Col, S=#sort{sort_incr=false}, Table) ->
+    {S#sort{sort_key=Col}, lists:reverse(lists:keysort(col_to_element(Col), Table))}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+get_procinfo_data(Col, Info) ->
+    element(col_to_element(Col), Info).
+col_to_element(?COL_PID)  -> #etop_proc_info.pid;
+col_to_element(?COL_NAME) -> #etop_proc_info.name;
+col_to_element(?COL_MEM)  -> #etop_proc_info.mem;
+%%col_to_element(?COL_TIME) -> #etop_proc_info.runtime;
+col_to_element(?COL_REDS) -> #etop_proc_info.reds;
+col_to_element(?COL_FUN)  -> #etop_proc_info.cf;
+col_to_element(?COL_MSG)  -> #etop_proc_info.mq.
+
+get_pids(From, Indices, ProcInfo) ->
+    Processes = [(lists:nth(I+1, ProcInfo))#etop_proc_info.pid || I <- Indices],
+    From ! {self(), Processes}.
+
+get_name_or_pid(From, Indices, ProcInfo) ->
+    Get = fun(#etop_proc_info{name=Name}) when is_atom(Name) -> Name;
+	     (#etop_proc_info{pid=Pid}) -> Pid
+	  end,
+    Processes = [Get(lists:nth(I+1, ProcInfo)) || I <- Indices],
+    From ! {self(), Processes}.
+
+
+get_row(From, Row, pid, Info) ->
+    Pid = case Row =:= -1 of
+	      true ->  {error, undefined};
+	      false -> {ok, get_procinfo_data(?COL_PID, lists:nth(Row+1, Info))}
+	  end,
+    From ! {self(), Pid};
+get_row(From, Row, Col, Info) ->
+    Data = case Row+1 > length(Info) of
+	       true ->
+		   "";
+	       false ->
+		   ProcInfo = lists:nth(Row+1, Info),
+		   get_procinfo_data(Col, ProcInfo)
+	   end,
+    From ! {self(), observer_lib:to_str(Data)}.
+
+get_rows_from_pids(From, Pids0, Info) ->
+    Res = lists:foldl(fun(Pid, Data = {Ids, Pids}) ->
+			      case index(Pid, Info, 0) of
+				  false -> Data;
+				  Index -> {[Index|Ids], [Pid|Pids]}
+			      end
+		      end, {[],[]}, Pids0),
+    From ! {self(), Res}.
+
+get_attr(From, Row, Attrs) ->
+    Attribute = case Row rem 2 =:= 0 of
+		    true ->  Attrs#attrs.even;
+		    false -> Attrs#attrs.odd
+		end,
+    From ! {self(), Attribute}.
+
+index(Pid, [#etop_proc_info{pid=Pid}|_], Index) -> Index;
+index(Pid, [_|PI], Index) -> index(Pid, PI, Index+1);
+index(_, _, _) -> false.
diff --git a/lib/observer/src/observer_procinfo.erl b/lib/observer/src/observer_procinfo.erl
new file mode 100644
index 0000000000..ec08d3aff1
--- /dev/null
+++ b/lib/observer/src/observer_procinfo.erl
@@ -0,0 +1,305 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+
+-module(observer_procinfo).
+
+-behaviour(wx_object).
+
+-export([start/3]).
+
+-export([init/1, handle_event/2, handle_cast/2, terminate/2, code_change/3,
+	 handle_call/3, handle_info/2]).
+
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+
+-define(REFRESH, 601).
+-define(SELECT_ALL, 603).
+-define(ID_NOTEBOOK, 604).
+
+-record(state, {parent,
+		frame,
+		pid,
+		pages=[]
+	       }).
+
+-record(worker, {panel, callback}).
+
+start(Process, ParentFrame, Parent) ->
+    wx_object:start_link(?MODULE, [Process, ParentFrame, Parent], []).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+init([Pid, ParentFrame, Parent]) ->
+    try
+	Title=case observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, registered_name]) of
+		  [] -> io_lib:format("~p",[Pid]);
+		  {registered_name, Registered} -> atom_to_list(Registered)
+	      end,
+	Frame=wxFrame:new(ParentFrame, ?wxID_ANY, [atom_to_list(node(Pid)), $:, Title],
+			  [{style, ?wxDEFAULT_FRAME_STYLE}, {size, {850,600}}]),
+	MenuBar = wxMenuBar:new(),
+	create_menus(MenuBar),
+	wxFrame:setMenuBar(Frame, MenuBar),
+
+	Notebook = wxNotebook:new(Frame, ?ID_NOTEBOOK, [{style, ?wxBK_DEFAULT}]),
+
+	ProcessPage = init_panel(Notebook, "Process Information", Pid, fun init_process_page/2),
+	MessagePage = init_panel(Notebook, "Messages", Pid, fun init_message_page/2),
+	DictPage    = init_panel(Notebook, "Dictionary", Pid, fun init_dict_page/2),
+	StackPage   = init_panel(Notebook, "Stack Trace", Pid, fun init_stack_page/2),
+
+	wxFrame:connect(Frame, close_window),
+	wxMenu:connect(Frame, command_menu_selected),
+	%% wxNotebook:connect(Notebook, command_notebook_page_changed, [{skip,true}]),
+	wxFrame:show(Frame),
+	{Frame, #state{parent=Parent,
+		       pid=Pid,
+		       frame=Frame,
+		       pages=[ProcessPage,MessagePage,DictPage,StackPage]
+		      }}
+    catch error:{badrpc, _} ->
+	    observer_wx:return_to_localnode(ParentFrame, node(Pid)),
+	    {stop, badrpc, #state{parent=Parent, pid=Pid}}
+    end.
+
+init_panel(Notebook, Str, Pid, Fun) ->
+    Panel  = wxPanel:new(Notebook),
+    Sizer  = wxBoxSizer:new(?wxHORIZONTAL),
+    {Window,Callback} = Fun(Panel, Pid),
+    wxSizer:add(Sizer, Window, [{flag, ?wxEXPAND bor ?wxALL}, {proportion, 1}, {border, 5}]),
+    wxPanel:setSizer(Panel, Sizer),
+    true = wxNotebook:addPage(Notebook, Panel, Str),
+    #worker{panel=Panel, callback=Callback}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%Callbacks%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+handle_event(#wx{event=#wxClose{type=close_window}}, State) ->
+    {stop, normal, State};
+
+handle_event(#wx{id=?wxID_CLOSE, event=#wxCommand{type=command_menu_selected}}, State) ->
+    {stop, normal, State};
+
+handle_event(#wx{id=?REFRESH}, #state{pages=Pages}=State) ->
+    [(W#worker.callback)() || W <- Pages],
+    {noreply, State};
+
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
+
+handle_info(_Info, State) ->
+    %% io:format("~p: ~p, Handle info: ~p~n", [?MODULE, ?LINE, Info]),
+    {noreply, State}.
+
+handle_call(Call, From, _State) ->
+    error({unhandled_call, Call, From}).
+
+handle_cast(Cast, _State) ->
+    error({unhandled_cast, Cast}).
+
+terminate(_Reason, #state{parent=Parent,pid=Pid,frame=Frame}) ->
+    Parent ! {procinfo_menu_closed, Pid},
+    case Frame of
+	undefined ->  ok;
+	_ -> wxFrame:destroy(Frame)
+    end,
+    ok.
+
+code_change(_, _, State) ->
+    {stop, not_yet_implemented, State}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+init_process_page(Panel, Pid) ->
+    Fields0 = process_info_fields(Pid),
+    {FPanel, _, UpFields} = observer_lib:display_info(Panel, Fields0),
+    {FPanel, fun() -> case process_info_fields(Pid) of
+			  Fields when is_list(Fields) ->
+			      observer_lib:update_info(UpFields, Fields);
+			  _ -> ok
+		      end
+	     end}.
+
+init_text_page(Parent) ->
+    Style = ?wxTE_MULTILINE bor ?wxTE_RICH2 bor ?wxTE_READONLY,
+    Text = wxTextCtrl:new(Parent, ?wxID_ANY, [{style, Style}]),
+    Font = observer_wx:get_attrib({font, fixed}),
+    Attr = wxTextAttr:new(?wxBLACK, [{font, Font}]),
+    true = wxTextCtrl:setDefaultStyle(Text, Attr),
+    wxTextAttr:destroy(Attr),
+    Text.
+
+init_message_page(Parent, Pid) ->
+    Text = init_text_page(Parent),
+    Format = fun(Message, Number) ->
+		     {io_lib:format("~-4.w ~p~n", [Number, Message]),
+		      Number+1}
+	     end,
+    Update = fun() ->
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info,
+					      [Pid, messages])
+		     of
+			 {messages,RawMessages} ->
+			     {Messages,_} = lists:mapfoldl(Format, 1, RawMessages),
+			     Last = wxTextCtrl:getLastPosition(Text),
+			     wxTextCtrl:remove(Text, 0, Last),
+			     case Messages =:= [] of
+				 true ->
+				     wxTextCtrl:writeText(Text, "No messages");
+				 false ->
+				     wxTextCtrl:writeText(Text, Messages)
+			     end;
+			 _ -> ok
+		     end
+	     end,
+    Update(),
+    {Text, Update}.
+
+init_dict_page(Parent, Pid) ->
+    Text = init_text_page(Parent),
+    Update = fun() ->
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, dictionary])
+		     of
+			 {dictionary,RawDict} ->
+			     Dict = [io_lib:format("~-20.w ~p~n", [K, V]) || {K, V} <- RawDict],
+			     Last = wxTextCtrl:getLastPosition(Text),
+			     wxTextCtrl:remove(Text, 0, Last),
+			     wxTextCtrl:writeText(Text, Dict);
+			 _ -> ok
+		     end
+	     end,
+    Update(),
+    {Text, Update}.
+
+init_stack_page(Parent, Pid) ->
+    LCtrl = wxListCtrl:new(Parent, [{style, ?wxLC_REPORT bor ?wxLC_HRULES}]),
+    Li = wxListItem:new(),
+    wxListItem:setText(Li, "Module:Function/Arg"),
+    wxListCtrl:insertColumn(LCtrl, 0, Li),
+    wxListCtrl:setColumnWidth(LCtrl, 0, 300),
+    wxListItem:setText(Li, "File:LineNumber"),
+    wxListCtrl:insertColumn(LCtrl, 1, Li),
+    wxListCtrl:setColumnWidth(LCtrl, 1, 300),
+    wxListItem:destroy(Li),
+    Update = fun() ->
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info,
+					      [Pid, current_stacktrace])
+		     of
+			 {current_stacktrace,RawBt} ->
+			     observer_wx:try_rpc(node(Pid), erlang, process_info,
+						 [Pid, current_stacktrace]),
+			     wxListCtrl:deleteAllItems(LCtrl),
+			     wx:foldl(fun({M, F, A, Info}, Row) ->
+					      _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+					      ?EVEN(Row) andalso
+						  wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+					      wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str({M,F,A})),
+					      FileLine = case Info of
+							     [{file,File},{line,Line}] ->
+								 io_lib:format("~s:~w", [File,Line]);
+							     _ ->
+								 []
+							 end,
+					      wxListCtrl:setItem(LCtrl, Row, 1, FileLine),
+					      Row+1
+				      end, 0, RawBt);
+			 _ -> ok
+		     end
+	     end,
+    Resize = fun(#wx{event=#wxSize{size={W,_}}},Ev) ->
+		     wxEvent:skip(Ev),
+		     observer_lib:set_listctrl_col_size(LCtrl, W)
+	     end,
+    wxListCtrl:connect(LCtrl, size, [{callback, Resize}]),
+    Update(),
+    {LCtrl, Update}.
+
+create_menus(MenuBar) ->
+    Menus = [{"File", [#create_menu{id=?wxID_CLOSE, text="Close"}]},
+	     {"View", [#create_menu{id=?REFRESH, text="Refresh\tCtrl-R"}]}],
+    observer_lib:create_menus(Menus, MenuBar, new_window).
+
+process_info_fields(Pid) ->
+    Struct = [{"Overview",
+	       [{"Initial Call",     initial_call},
+		{"Current Function", current_function},
+		{"Registered Name",  registered_name},
+		{"Status",           status},
+		{"Message Queue Len",message_queue_len},
+		{"Priority",         priority},
+		{"Trap Exit",        trap_exit},
+		{"Reductions",       reductions},
+		{"Binary",           binary},
+		{"Last Calls",       last_calls},
+		{"Catch Level",      catchlevel},
+		{"Trace",            trace},
+		{"Suspending",       suspending},
+		{"Sequential Trace Token", sequential_trace_token},
+		{"Error Handler",    error_handler}]},
+	      {"Connections",
+	       [{"Group Leader",     group_leader},
+		{"Links",            links},
+		{"Monitors",         monitors},
+		{"Monitored by",     monitored_by}]},
+	      {"Memory and Garbage Collection", right,
+	       [{"Memory",           {bytes, memory}},
+		{"Stack and Heaps",  {bytes, total_heap_size}},
+		{"Heap Size",        {bytes, heap_size}},
+		{"Stack Size",       {bytes, stack_size}},
+		{"GC Min Heap Size", {bytes, get_gc_info(min_heap_size)}},
+		{"GC FullSweep After", get_gc_info(fullsweep_after)}
+	       ]}],
+    case observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, item_list()]) of
+	RawInfo when is_list(RawInfo) ->
+	    observer_lib:fill_info(Struct, RawInfo);
+	_ ->
+	    ok
+    end.
+
+item_list() ->
+    [ %% backtrace,
+      binary,
+      catchlevel,
+      current_function,
+      %% dictionary,
+      error_handler,
+      garbage_collection,
+      group_leader,
+      heap_size,
+      initial_call,
+      last_calls,
+      links,
+      memory,
+      message_queue_len,
+      %% messages,
+      monitored_by,
+      monitors,
+      priority,
+      reductions,
+      registered_name,
+      sequential_trace_token,
+      stack_size,
+      status,
+      suspending,
+      total_heap_size,
+      trace,
+      trap_exit].
+
+get_gc_info(Arg) ->
+    fun(Data) ->
+	    GC = proplists:get_value(garbage_collection, Data),
+	    proplists:get_value(Arg, GC)
+    end.
diff --git a/lib/observer/src/observer_sys_wx.erl b/lib/observer/src/observer_sys_wx.erl
new file mode 100644
index 0000000000..09602bbd9e
--- /dev/null
+++ b/lib/observer/src/observer_sys_wx.erl
@@ -0,0 +1,177 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(observer_sys_wx).
+
+-behaviour(wx_object).
+
+-export([start_link/2]).
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_event/2, handle_cast/2]).
+
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+
+-define(ID_REFRESH, 101).
+-define(ID_REFRESH_INTERVAL, 102).
+
+%% Records
+-record(sys_wx_state,
+	{parent,
+	 node,
+	 parent_notebook,
+	 panel, sizer,
+	 menubar,
+	 fields,
+	 timer}).
+
+start_link(Notebook, Parent) ->
+    wx_object:start_link(?MODULE, [Notebook, Parent], []).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+init([Notebook, Parent]) ->
+    SysInfo = observer_backend:sys_info(),
+    {Info, Stat} = info_fields(),
+    Panel = wxPanel:new(Notebook),
+    Sizer = wxBoxSizer:new(?wxHORIZONTAL),
+    {FPanel0, _FSizer0, Fields0} =
+	observer_lib:display_info(Panel, observer_lib:fill_info(Info, SysInfo)),
+    {FPanel1, _FSizer1, Fields1} =
+	observer_lib:display_info(Panel, observer_lib:fill_info(Stat, SysInfo)),
+    wxSizer:add(Sizer, FPanel0, [{flag, ?wxEXPAND bor ?wxTOP bor ?wxBOTTOM bor ?wxLEFT},
+				 {proportion, 1}, {border, 5}]),
+    wxSizer:add(Sizer, FPanel1, [{flag, ?wxEXPAND bor ?wxTOP bor ?wxBOTTOM bor ?wxRIGHT},
+				 {proportion, 1}, {border, 5}]),
+    wxPanel:setSizer(Panel, Sizer),
+    Timer = observer_lib:start_timer(10),
+    {Panel, #sys_wx_state{parent=Parent,
+			  parent_notebook=Notebook,
+			  panel=Panel, sizer=Sizer,
+			  timer=Timer, fields=Fields0 ++ Fields1}}.
+
+create_sys_menu(Parent) ->
+    View = {"View", [#create_menu{id = ?ID_REFRESH, text = "Refresh\tCtrl-R"},
+		     #create_menu{id = ?ID_REFRESH_INTERVAL, text = "Refresh interval"}]},
+    observer_wx:create_menus(Parent, [View]).
+
+update_syspage(#sys_wx_state{node = Node, fields=Fields, sizer=Sizer}) ->
+    SysInfo = observer_wx:try_rpc(Node, observer_backend, sys_info, []),
+    {Info, Stat} = info_fields(),
+    observer_lib:update_info(Fields, observer_lib:fill_info(Info, SysInfo) ++
+				 observer_lib:fill_info(Stat, SysInfo)),
+    wxSizer:layout(Sizer).
+
+info_fields() ->
+    Info = [{"System and Architecture",
+	     [{"System Version", otp_release},
+	      {"Erts Version", version},
+	      {"Compiled for", system_architecture},
+	      {"Emulator Wordsize", wordsize_external},
+	      {"Process Wordsize", wordsize_internal},
+	      {"Smp Support",  smp_support},
+	      {"Thread Support",  threads},
+	      {"Async thread pool size",  thread_pool_size}
+	     ]},
+	    {"CPU's and Threads",
+	     [{"System Logical CPU's", logical_processors},
+	      {"Erlang Logical CPU's", logical_processors_online},
+	      {"Used Logical CPU's", logical_processors_available}
+	     ]}
+	   ],
+    Stat = [{"Memory Usage", right,
+	     [{"Total", {bytes, total}},
+	      {"Processes", {bytes, processes}},
+	      {"Atoms", {bytes, atom}},
+	      {"Binaries", {bytes, binary}},
+	      {"Code", {bytes, code}},
+	      {"Ets", {bytes, ets}}
+	     ]},
+	    {"Statistics", right,
+	     [{"Up time", {time_ms, uptime}},
+	      {"Max Processes", process_limit},
+	      {"Processes", process_count},
+	      {"Run Queue", run_queue},
+	      {"IO Input",  {bytes, io_input}},
+	      {"IO Output", {bytes, io_output}}
+	     ]}
+	   ],
+    {Info, Stat}.
+
+%%%%%%%%%%%%%%%%%%%%%%% Callbacks %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+handle_info(refresh_interval, #sys_wx_state{panel = Panel,
+					    node = Node} = State) ->
+    try
+	update_syspage(State)
+    catch error:{badrpc, _} ->
+	    observer_wx:return_to_localnode(Panel, Node)
+    end,
+    {noreply, State};
+
+handle_info({active, Node}, #sys_wx_state{parent = Parent, panel = Panel,
+					  timer = Timer} = State) ->
+    UpdState = State#sys_wx_state{node = Node},
+    create_sys_menu(Parent),
+    try
+	update_syspage(UpdState),
+	{noreply, UpdState#sys_wx_state{timer=observer_lib:start_timer(Timer)}}
+    catch error:{badrpc, _} ->
+	    observer_wx:return_to_localnode(Panel, Node),
+	    {noreply, State}
+    end;
+
+handle_info(not_active, #sys_wx_state{timer = Timer} = State) ->
+    {noreply, State#sys_wx_state{timer = observer_lib:stop_timer(Timer)}};
+
+handle_info(Info, State) ->
+    io:format("~p:~p: Unhandled info: ~p~n", [?MODULE, ?LINE, Info]),
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_, _, State) ->
+    {stop, not_yet_implemented, State}.
+
+handle_call(Msg, _From, State) ->
+    io:format("~p~p: Unhandled Call ~p~n",[?MODULE, ?LINE, Msg]),
+    {reply, ok, State}.
+
+handle_cast(Msg, State) ->
+    io:format("~p~p: Unhandled cast ~p~n",[?MODULE, ?LINE, Msg]),
+    {noreply, State}.
+
+handle_event(#wx{id = ?ID_REFRESH, event = #wxCommand{type = command_menu_selected}},
+	     #sys_wx_state{node = Node, panel = Panel} = State) ->
+    try
+	update_syspage(State)
+    catch error:{badrpc, _} ->
+	    observer_wx:return_to_localnode(Panel, Node)
+    end,
+    {noreply, State};
+
+handle_event(#wx{id = ?ID_REFRESH_INTERVAL,
+		 event = #wxCommand{type = command_menu_selected}},
+	     #sys_wx_state{timer = Timer0, parent_notebook = Notebook} = State) ->
+    Timer = observer_lib:interval_dialog(Notebook, Timer0, 1, 5*60),
+    {noreply, State#sys_wx_state{timer=Timer}};
+
+handle_event(Event, State) ->
+    io:format("~p:~p: Unhandled event ~p\n", [?MODULE,?LINE,Event]),
+    {noreply, State}.
diff --git a/lib/observer/src/observer_trace_wx.erl b/lib/observer/src/observer_trace_wx.erl
new file mode 100644
index 0000000000..d0b6a1e063
--- /dev/null
+++ b/lib/observer/src/observer_trace_wx.erl
@@ -0,0 +1,866 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+
+-module(observer_trace_wx).
+
+-export([start_link/2, add_processes/2]).
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_event/2, handle_cast/2]).
+
+-behaviour(wx_object).
+
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+
+-define(SAVE_TRACEOPTS, 305).
+-define(LOAD_TRACEOPTS, 306).
+-define(TOGGLE_TRACE, 307).
+-define(ADD_NEW, 308).
+-define(ADD_TP, 309).
+-define(TRACE_OUTPUT, 310).
+-define(TRACE_DEFMS,  311).
+-define(TRACE_DEFPS,  312).
+
+-define(NODES_WIN, 330).
+-define(ADD_NODES, 331).
+-define(REMOVE_NODES, 332).
+
+-define(PROC_WIN, 340).
+-define(EDIT_PROCS, 341).
+-define(REMOVE_PROCS, 342).
+
+-define(MODULES_WIN, 350).
+
+-define(FUNCS_WIN, 360).
+-define(EDIT_FUNCS_MS, 361).
+-define(REMOVE_FUNCS_MS, 362).
+
+-define(LOG_WIN, 370).
+-define(LOG_SAVE, 321).
+-define(LOG_CLEAR, 322).
+
+-record(state,
+	{parent,
+	 panel,
+	 n_view,  p_view, m_view, f_view,  %% The listCtrl's
+	 logwin, %% The latest log window
+	 nodes = [],
+	 toggle_button,
+	 tpids = [],  %% #tpid
+	 def_trace_opts = [],
+	 output = [],
+	 tpatterns = dict:new(), % Key =:= Module::atom, Value =:= {M, F, A, MatchSpec}
+	 match_specs = []}). % [ #match_spec{} ]
+
+-record(tpid, {pid, opts}).
+
+start_link(Notebook, ParentPid) ->
+    wx_object:start_link(?MODULE, [Notebook, ParentPid], []).
+
+add_processes(Tracer, Pids) when is_list(Pids) ->
+    wx_object:cast(Tracer, {add_processes, Pids}).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+init([Notebook, ParentPid]) ->
+    wx:batch(fun() -> create_window(Notebook, ParentPid) end).
+
+create_window(Notebook, ParentPid) ->
+    %% Create the window
+    Panel = wxPanel:new(Notebook, [{size, wxWindow:getClientSize(Notebook)}]),
+    Sizer = wxBoxSizer:new(?wxVERTICAL),
+    Splitter = wxSplitterWindow:new(Panel, [{size, wxWindow:getClientSize(Panel)}]),
+    {NodeProcView, NodeView, ProcessView} = create_process_view(Splitter),
+    {MatchSpecView,ModView,FuncView} = create_matchspec_view(Splitter),
+    wxSplitterWindow:setSashGravity(Splitter, 0.5),
+    wxSplitterWindow:setMinimumPaneSize(Splitter,50),
+    wxSplitterWindow:splitHorizontally(Splitter, NodeProcView, MatchSpecView),
+    wxSizer:add(Sizer, Splitter, [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}, {proportion, 1}]),
+    %% Buttons
+    Buttons = wxBoxSizer:new(?wxHORIZONTAL),
+    ToggleButton = wxToggleButton:new(Panel, ?TOGGLE_TRACE, "Start Trace", []),
+    wxSizer:add(Buttons, ToggleButton, [{flag, ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:addSpacer(Buttons, 15),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_NODES, [{label, "Add Nodes"}])),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_NEW, [{label, "Add 'new' Process"}])),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_TP, [{label, "Add Trace Pattern"}])),
+    wxMenu:connect(Panel, command_togglebutton_clicked, [{skip, true}]),
+    wxMenu:connect(Panel, command_button_clicked, [{skip, true}]),
+    wxSizer:add(Sizer, Buttons, [{flag, ?wxLEFT bor ?wxRIGHT bor ?wxDOWN},
+				 {border, 5}, {proportion,0}]),
+    wxWindow:setSizer(Panel, Sizer),
+    {Panel, #state{parent=ParentPid, panel=Panel,
+		   n_view=NodeView, p_view=ProcessView, m_view=ModView, f_view=FuncView,
+		   toggle_button = ToggleButton,
+		   match_specs=default_matchspecs()}}.
+
+default_matchspecs() ->
+    Ms = [{"Return Trace", [{'_', [], [{return_trace}]}], "fun(_) -> return_trace() end"},
+	  {"Exception Trace", [{'_', [], [{exception_trace}]}], "fun(_) -> exception_trace() end"},
+	  {"Message Caller", [{'_', [], [{message,{caller}}]}], "fun(_) -> message(caller()) end"},
+	  {"Message Dump", [{'_', [], [{message,{process_dump}}]}], "fun(_) -> message(process_dump()) end"}],
+    [make_ms(Name,Term,FunStr) || {Name,Term,FunStr} <- Ms].
+
+create_process_view(Parent) ->
+    Panel  = wxPanel:new(Parent),
+    MainSz = wxBoxSizer:new(?wxHORIZONTAL),
+    Style = ?wxLC_REPORT bor ?wxLC_HRULES,
+    Splitter = wxSplitterWindow:new(Panel, []),
+    Nodes = wxListCtrl:new(Splitter, [{winid, ?NODES_WIN}, {style, Style}]),
+    Procs = wxListCtrl:new(Splitter, [{winid, ?PROC_WIN}, {style, Style}]),
+    Li = wxListItem:new(),
+    wxListItem:setText(Li, "Nodes"),
+    wxListCtrl:insertColumn(Nodes, 0, Li),
+
+    AddProc = fun({Name, Align, DefSize}, Col) ->
+			   wxListItem:setText(Li, Name),
+			   wxListItem:setAlign(Li, Align),
+			   wxListCtrl:insertColumn(Procs, Col, Li),
+			   wxListCtrl:setColumnWidth(Procs, Col, DefSize),
+			   Col + 1
+		   end,
+    ListItems = [{"Process Id",    ?wxLIST_FORMAT_CENTER,  120},
+		 {"Trace Options", ?wxLIST_FORMAT_LEFT, 300}],
+    lists:foldl(AddProc, 0, ListItems),
+    wxListItem:destroy(Li),
+
+    wxSplitterWindow:setSashGravity(Splitter, 0.0),
+    wxSplitterWindow:setMinimumPaneSize(Splitter,50),
+    wxSplitterWindow:splitVertically(Splitter, Nodes, Procs, [{sashPosition, 155}]),
+    wxSizer:add(MainSz, Splitter, [{flag, ?wxEXPAND}, {proportion, 1}]),
+
+    wxListCtrl:connect(Procs, command_list_item_right_click),
+    wxListCtrl:connect(Nodes, command_list_item_right_click),
+    wxListCtrl:connect(Procs, size, [{skip, true}]),
+    wxListCtrl:connect(Nodes, size, [{skip, true}]),
+
+    wxPanel:setSizer(Panel, MainSz),
+    wxWindow:setFocus(Procs),
+    {Panel, Nodes, Procs}.
+
+create_matchspec_view(Parent) ->
+    Panel  = wxPanel:new(Parent),
+    MainSz = wxBoxSizer:new(?wxHORIZONTAL),
+    Style = ?wxLC_REPORT bor ?wxLC_HRULES,
+    Splitter = wxSplitterWindow:new(Panel, []),
+    Modules = wxListCtrl:new(Splitter, [{winid, ?MODULES_WIN}, {style, Style}]),
+    Funcs   = wxListCtrl:new(Splitter, [{winid, ?FUNCS_WIN}, {style, Style}]),
+    Li = wxListItem:new(),
+
+    wxListItem:setText(Li, "Modules"),
+    wxListCtrl:insertColumn(Modules, 0, Li),
+    wxListItem:setText(Li, "Functions"),
+    wxListCtrl:insertColumn(Funcs, 0, Li),
+    wxListCtrl:setColumnWidth(Funcs, 0, 150),
+    wxListItem:setText(Li, "Match Spec"),
+    wxListCtrl:insertColumn(Funcs, 1, Li),
+    wxListCtrl:setColumnWidth(Funcs, 1, 300),
+    wxListItem:destroy(Li),
+
+    wxSplitterWindow:setSashGravity(Splitter, 0.0),
+    wxSplitterWindow:setMinimumPaneSize(Splitter,50),
+    wxSplitterWindow:splitVertically(Splitter, Modules, Funcs, [{sashPosition, 155}]),
+    wxSizer:add(MainSz, Splitter,   [{flag, ?wxEXPAND}, {proportion, 1}]),
+
+    wxListCtrl:connect(Modules, size, [{skip, true}]),
+    wxListCtrl:connect(Funcs,   size, [{skip, true}]),
+    wxListCtrl:connect(Modules, command_list_item_selected),
+    wxListCtrl:connect(Funcs, command_list_item_right_click),
+    wxPanel:setSizer(Panel, MainSz),
+    {Panel, Modules, Funcs}.
+
+create_menues(Parent) ->
+    Menus = [{"File",
+	      [#create_menu{id = ?LOAD_TRACEOPTS, text = "Load settings"},
+	       #create_menu{id = ?SAVE_TRACEOPTS, text = "Save settings"}]},
+	     {"Options",
+	      [#create_menu{id = ?TRACE_OUTPUT, text = "Output"},
+	       #create_menu{id = ?TRACE_DEFMS, text = "Match Specifications"},
+	       #create_menu{id = ?TRACE_DEFPS, text = "Default Process Options"}]}
+	    ],
+    observer_wx:create_menus(Parent, Menus).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%Main window
+handle_event(#wx{obj=Obj, event=#wxSize{size={W,_}}}, State) ->
+    case wx:getObjectType(Obj) =:= wxListCtrl of
+	true ->  observer_lib:set_listctrl_col_size(Obj, W);
+	false -> ok
+    end,
+    {noreply, State};
+
+handle_event(#wx{id=?ADD_NEW}, State = #state{panel=Parent, def_trace_opts=TraceOpts}) ->
+    try
+	Opts = observer_traceoptions_wx:process_trace(Parent, TraceOpts),
+	Process = #tpid{pid=new, opts=Opts},
+	{noreply, do_add_processes([Process], State#state{def_trace_opts=Opts})}
+    catch cancel -> {noreply, State}
+    end;
+
+handle_event(#wx{id=?ADD_TP},
+	     State = #state{panel=Parent, nodes=Nodes, match_specs=Ms}) ->
+    Node = case Nodes of
+	       [N|_] -> N;
+	       [] -> node()
+	   end,
+    case observer_traceoptions_wx:trace_pattern(self(), Parent, Node, Ms) of
+	cancel ->
+	    {noreply, State};
+	Patterns ->
+	    {noreply, do_add_patterns(Patterns, State)}
+    end;
+
+handle_event(#wx{id=?MODULES_WIN, event=#wxList{type=command_list_item_selected, itemIndex=Row}},
+	     State = #state{tpatterns=TPs, m_view=Mview, f_view=Fview}) ->
+    Module = list_to_atom(wxListCtrl:getItemText(Mview, Row)),
+    update_functions_view(dict:fetch(Module, TPs), Fview),
+    {noreply, State};
+
+handle_event(#wx{event = #wxCommand{type = command_togglebutton_clicked, commandInt = 1}},
+	     #state{panel = Panel,
+		    nodes = Nodes,
+		    tpids = TProcs,
+		    tpatterns = TPs0,
+		    toggle_button = ToggleBtn,
+		    output = Opts
+		   } = State) ->
+    try
+	TPs = dict:to_list(TPs0),
+	(TProcs == []) andalso throw({error, "No processes traced"}),
+	(Nodes == []) andalso throw({error, "No nodes traced"}),
+	HaveCallTrace = fun(#tpid{opts=Os}) -> lists:member(functions,Os) end,
+	WStr = "Call trace actived but no trace patterns used",
+	(TPs == []) andalso lists:any(HaveCallTrace, TProcs) andalso
+	    observer_wx:create_txt_dialog(Panel, WStr, "Warning", ?wxICON_WARNING),
+
+	{TTB, LogWin}  = ttb_output_args(Panel, Opts),
+	{ok, _} = ttb:tracer(Nodes, TTB),
+	setup_ttb(TPs, TProcs),
+	wxToggleButton:setLabel(ToggleBtn, "Stop Trace"),
+	{noreply, State#state{logwin=LogWin}}
+    catch {error, Msg} ->
+	    observer_wx:create_txt_dialog(Panel, Msg, "Error", ?wxICON_ERROR),
+	    wxToggleButton:setValue(ToggleBtn, false),
+	    {noreply, State}
+    end;
+
+handle_event(#wx{event = #wxCommand{type = command_togglebutton_clicked, commandInt = 0}},
+	     #state{toggle_button = ToggleBtn} = State) ->
+    %%Stop tracing
+    ttb:stop(nofetch),
+    wxToggleButton:setLabel(ToggleBtn, "Start Trace"),
+    wxToggleButton:setValue(ToggleBtn, false),
+    {noreply, State#state{logwin=false}};
+
+handle_event(#wx{id=Id, obj=LogWin, event=Ev},
+	     #state{toggle_button = ToggleBtn, logwin=Latest} = State)
+  when Id =:= ?LOG_WIN; is_record(Ev, wxClose) ->
+    case LogWin of
+	Latest ->
+	    %%Stop tracing
+	    ttb:stop(nofetch),
+	    wxToggleButton:setLabel(ToggleBtn, "Start Trace"),
+	    wxToggleButton:setValue(ToggleBtn, false),
+	    {noreply, State#state{logwin=false}};
+	_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?LOG_CLEAR, userData=TCtrl}, State) ->
+    wxTextCtrl:clear(TCtrl),
+    {noreply, State};
+
+handle_event(#wx{id=?LOG_SAVE, userData=TCtrl}, #state{panel=Panel} = State) ->
+    Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
+    case wxFileDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Path = wxFileDialog:getPath(Dialog),
+	    wxDialog:destroy(Dialog),
+	    wxTextCtrl:saveFile(TCtrl, [{file, Path}]);
+	_ ->
+	    wxDialog:destroy(Dialog),
+	    ok
+    end,
+    {noreply, State};
+
+handle_event(#wx{id = ?SAVE_TRACEOPTS},
+	     #state{panel = Panel,
+		    def_trace_opts = TraceOpts,
+		    match_specs = MatchSpecs,
+		    tpatterns = TracePatterns,
+		    output = Output
+		   } = State) ->
+    Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
+    case wxFileDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Path = wxFileDialog:getPath(Dialog),
+	    write_file(Panel, Path,
+		       TraceOpts, MatchSpecs, Output,
+		       dict:to_list(TracePatterns)
+		      );
+	_ ->
+	    ok
+    end,
+    wxDialog:destroy(Dialog),
+    {noreply, State};
+
+handle_event(#wx{id = ?LOAD_TRACEOPTS}, #state{panel = Panel} = State) ->
+    Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_FILE_MUST_EXIST}]),
+    State2 = case wxFileDialog:showModal(Dialog) of
+		 ?wxID_OK ->
+		     Path = wxFileDialog:getPath(Dialog),
+		     read_settings(Path, State);
+		 _ ->
+		     State
+	     end,
+    wxDialog:destroy(Dialog),
+    {noreply, State2};
+
+handle_event(#wx{id=Type, event=#wxList{type=command_list_item_right_click}},
+	     State = #state{panel=Panel}) ->
+    Menus = case Type of
+		?PROC_WIN ->
+		    [{?EDIT_PROCS, "Edit process options"},
+		     {?REMOVE_PROCS, "Remove processes"}];
+		?FUNCS_WIN ->
+		    [{?EDIT_FUNCS_MS, "Edit matchspecs"},
+		     {?REMOVE_FUNCS_MS, "Remove trace patterns"}];
+		?NODES_WIN ->
+		    [{?ADD_NODES, "Trace other nodes"},
+		     {?REMOVE_NODES, "Remove nodes"}]
+	    end,
+    Menu = wxMenu:new(),
+    [wxMenu:append(Menu,Id,Str) || {Id,Str} <- Menus],
+    wxWindow:popupMenu(Panel, Menu),
+    wxMenu:destroy(Menu),
+    {noreply, State};
+
+handle_event(#wx{id=?EDIT_PROCS}, #state{panel=Panel, tpids=Tpids, p_view=Ps} = State) ->
+    try
+	[#tpid{opts=DefOpts}|_] = Selected = get_selected_items(Ps, Tpids),
+	Opts = observer_traceoptions_wx:process_trace(Panel, DefOpts),
+	Changed = [Tpid#tpid{opts=Opts} || Tpid <- Selected],
+	{noreply, do_add_processes(Changed, State#state{def_trace_opts=Opts})}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_PROCS}, #state{tpids=Tpids, p_view=LCtrl} = State) ->
+    Selected = get_selected_items(LCtrl, Tpids),
+    Pids = Tpids -- Selected,
+    update_process_view(Pids, LCtrl),
+    {noreply, State#state{tpids=Pids}};
+
+handle_event(#wx{id=?TRACE_DEFPS}, #state{panel=Panel, def_trace_opts=PO} = State) ->
+    try
+	Opts = observer_traceoptions_wx:process_trace(Panel, PO),
+	{noreply, State#state{def_trace_opts=Opts}}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?TRACE_DEFMS}, #state{panel=Panel, match_specs=Ms} = State) ->
+    try %% Return selected MS and sends new MS's to us
+	observer_traceoptions_wx:select_matchspec(self(), Panel, Ms)
+    catch _:_ ->
+	    cancel
+    end,
+    {noreply, State};
+
+handle_event(#wx{id=?EDIT_FUNCS_MS}, #state{panel=Panel, tpatterns=TPs,
+					    f_view=LCtrl, m_view=Mview,
+					    match_specs=Mss
+					   } = State) ->
+    try
+	[Module] = get_selected_items(Mview, lists:sort(dict:fetch_keys(TPs))),
+	Selected = get_selected_items(LCtrl, dict:fetch(Module, TPs)),
+	Ms = observer_traceoptions_wx:select_matchspec(self(), Panel, Mss),
+	Changed = [TP#tpattern{ms=Ms} || TP <- Selected],
+	{noreply, do_add_patterns({Module, Changed}, State)}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_FUNCS_MS}, #state{tpatterns=TPs0, f_view=LCtrl, m_view=Mview} = State) ->
+    case get_selected_items(Mview, lists:sort(dict:fetch_keys(TPs0))) of
+	[] -> {noreply, State};
+	[Module] ->
+	    FMs0 = dict:fetch(Module, TPs0),
+	    Selected = get_selected_items(LCtrl, FMs0),
+	    FMs = FMs0 -- Selected,
+	    update_functions_view(FMs, LCtrl),
+	    TPs = case FMs of
+		      [] ->
+			  New = dict:erase(Module, TPs0),
+			  update_modules_view(lists:sort(dict:fetch_keys(New)), Module, Mview),
+			  New;
+		      _ ->
+			  dict:store(Module, FMs, TPs0)
+		  end,
+	    {noreply, State#state{tpatterns=TPs}}
+    end;
+
+handle_event(#wx{id=?TRACE_OUTPUT}, #state{panel=Panel, output=Out0} = State) ->
+    try
+	Out = observer_traceoptions_wx:output(Panel, Out0),
+	{noreply, State#state{output=Out}}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?ADD_NODES}, #state{panel=Panel, n_view=Nview, nodes=Ns0} = State) ->
+    try
+	Possible = [node()|nodes()] -- Ns0,
+	case Possible of
+	    [] ->
+		Msg = "Already selected all connected nodes\n"
+		    "Use the Nodes menu to connect to new nodes first.",
+		observer_wx:create_txt_dialog(Panel, Msg, "No available nodes", ?wxICON_INFORMATION),
+		throw(cancel);
+	    _ ->
+		Ns = lists:usort(Ns0 ++ observer_traceoptions_wx:select_nodes(Panel, Possible)),
+		update_nodes_view(Ns, Nview),
+		{noreply, State#state{nodes=Ns}}
+	end
+    catch cancel ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_NODES}, #state{n_view=Nview, nodes=Ns0} = State) ->
+    Sel = get_selected_items(Nview, Ns0),
+    Ns = Ns0 -- Sel,
+    update_nodes_view(Ns, Nview),
+    {noreply, State#state{nodes = Ns}};
+
+handle_event(#wx{id=ID, event = What}, State) ->
+    io:format("~p:~p: Unhandled event: ~p, ~p ~n", [?MODULE, ?LINE, ID, What]),
+    {noreply, State}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+handle_call(Msg, From, _State) ->
+    error({unhandled_call, Msg, From}).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+handle_cast({add_processes, Pids}, State = #state{panel=Parent, def_trace_opts=TraceOpts}) ->
+    try
+	Opts = observer_traceoptions_wx:process_trace(Parent, TraceOpts),
+	POpts = [#tpid{pid=Pid, opts=Opts} || Pid <- Pids],
+	S = do_add_processes(POpts, State#state{def_trace_opts=Opts}),
+	{noreply, S}
+    catch cancel ->
+	    {noreply, State}
+    end;
+handle_cast(Msg, _State) ->
+    error({unhandled_cast, Msg}).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+handle_info({active, _Node}, State=#state{parent=Parent}) ->
+    create_menues(Parent),
+    {noreply, State};
+
+handle_info(not_active, State) ->
+    {noreply, State};
+
+handle_info({update_ms, NewMs}, State) ->
+    {noreply, State#state{match_specs=NewMs}};
+
+handle_info(Any, State) ->
+    io:format("~p~p: received unexpected message: ~p\n", [?MODULE, self(), Any]),
+    {noreply, State}.
+
+terminate(_Reason, #state{nodes=_Nodes}) ->
+    ttb:stop(nofetch),
+    ok.
+
+code_change(_, _, State) ->
+    {stop, not_yet_implemented, State}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+do_add_patterns({Module, NewPs}, State=#state{tpatterns=TPs0, m_view=Mview, f_view=Fview}) ->
+    Old = case dict:find(Module, TPs0) of
+	      {ok, Prev}  -> Prev;
+	      error -> []
+	  end,
+    case merge_patterns(NewPs, Old) of
+	{Old, [], []} ->
+	    State;
+	{MPatterns, _New, _Changed} ->
+	    %% if dynamicly updates update New and Changed
+	    TPs = dict:store(Module, MPatterns, TPs0),
+	    update_modules_view(lists:sort(dict:fetch_keys(TPs)), Module, Mview),
+	    update_functions_view(dict:fetch(Module, TPs), Fview),
+	    State#state{tpatterns=TPs}
+    end.
+
+do_add_processes(POpts, S0=#state{n_view=Nview, p_view=LCtrl, tpids=OldPids, nodes=Ns0}) ->
+    case merge_pids(POpts, OldPids) of
+	{OldPids, [], []} ->
+	    S0;
+	{Pids, New, _Changed} ->
+	    update_process_view(Pids, LCtrl),
+	    Ns1 = lists:usort([node(Pid) || #tpid{pid=Pid} <- New, is_pid(Pid)]),
+	    Nodes = case ordsets:subtract(Ns1, Ns0) of
+			[] -> Ns0; %% No new Nodes
+			NewNs ->
+			    %% if dynamicly updates add trace patterns for new nodes
+			    All = ordsets:union(NewNs, Ns0),
+			    update_nodes_view(All, Nview),
+			    All
+		    end,
+	    S0#state{tpids=Pids, nodes=Nodes}
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+update_process_view(Pids, LCtrl) ->
+    wxListCtrl:deleteAllItems(LCtrl),
+    wx:foldl(fun(#tpid{pid=Pid, opts=Opts}, Row) ->
+		     _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+		     ?EVEN(Row) andalso
+			 wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+		     wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str(Pid)),
+		     wxListCtrl:setItem(LCtrl, Row, 1, observer_lib:to_str(Opts)),
+		     Row+1
+	     end, 0, Pids).
+
+update_nodes_view(Nodes, LCtrl) ->
+    wxListCtrl:deleteAllItems(LCtrl),
+    wx:foldl(fun(Node, Row) ->
+		     _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+		     ?EVEN(Row) andalso
+			 wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+		     wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str(Node)),
+		     Row+1
+	     end, 0, Nodes).
+
+update_modules_view(Mods, Module, LCtrl) ->
+    wxListCtrl:deleteAllItems(LCtrl),
+    wx:foldl(fun(Mod, Row) ->
+		     _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+		     ?EVEN(Row) andalso
+			 wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+		     wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str(Mod)),
+		     (Mod =:= Module) andalso
+			 wxListCtrl:setItemState(LCtrl, Row, 16#FFFF, ?wxLIST_STATE_SELECTED),
+		     Row+1
+	     end, 0, Mods).
+
+update_functions_view(Funcs, LCtrl) ->
+    wxListCtrl:deleteAllItems(LCtrl),
+    wx:foldl(fun(#tpattern{fa=FA, ms=#match_spec{str=Ms}}, Row) ->
+		     _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+		     ?EVEN(Row) andalso wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+		     wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str({func,FA})),
+		     wxListCtrl:setItem(LCtrl, Row, 1, Ms),
+		     Row+1
+	     end, 0, Funcs).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+merge_pids([N1=#tpid{pid=new}|Ns], [N2=#tpid{pid=new}|Old]) ->
+    {Pids, New, Changed} = merge_pids_1(Ns,Old),
+    {[N1|Pids], New, [{N2,N2}|Changed]};
+merge_pids([N1=#tpid{pid=new}|Ns], Old) ->
+    {Pids, New, Changed} = merge_pids_1(Ns,Old),
+    {[N1|Pids], [N1|New], Changed};
+merge_pids(Ns, [N2=#tpid{pid=new}|Old]) ->
+    {Pids, New, Changed} = merge_pids_1(Ns,Old),
+    {[N2|Pids], New, Changed};
+merge_pids(New, Old) ->
+    merge_pids_1(New, Old).
+
+merge_pids_1(New, Old) ->
+    merge(lists:sort(New), Old, #tpid.pid, [], [], []).
+
+merge_patterns(New, Old) ->
+    merge(lists:sort(New), Old, #tpattern.fa, [], [], []).
+
+merge([N|Ns], [N|Os], El, New, Ch, All) ->
+    merge(Ns, Os, El, New, Ch, [N|All]);
+merge([N|Ns], [O|Os], El, New, Ch, All)
+  when element(El, N) == element(El, O) ->
+    merge(Ns, Os, El, New, [{O,N}|Ch], [N|All]);
+merge([N|Ns], Os=[O|_], El, New, Ch, All)
+  when element(El, N) < element(El, O) ->
+    merge(Ns, Os, El, [N|New], Ch, [N|All]);
+merge(Ns=[N|_], [O|Os], El, New, Ch, All)
+  when element(El, N) > element(El, O) ->
+    merge(Ns, Os, El, New, Ch, [O|All]);
+merge([], Os, _El, New, Ch, All) ->
+    {lists:reverse(All, Os), New, Ch};
+merge(Ns, [], _El, New, Ch, All) ->
+    {lists:reverse(All, Ns), Ns++New, Ch}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ttb_output_args(Parent, Opts) ->
+    ToWindow = proplists:get_value(window, Opts, true),
+    ToShell = proplists:get_value(shell, Opts, false),
+    ToFile = proplists:get_value(file, Opts, false),
+    ToWindow orelse ToShell orelse ToFile orelse
+	throw({error, "No output of trace"}),
+    {LogWin,Text} = create_logwindow(Parent, ToWindow),
+    Write = output_fun(Text, ToShell),
+    Shell = output_shell(ToFile, Write),
+    FileOpts = output_file(ToFile, proplists:get_value(wrap, Opts, false), Opts),
+    {[{file, {local,FileOpts}}|Shell], LogWin}.
+
+output_shell(true, false) ->
+    []; %% File only
+output_shell(true, Write) when is_function(Write) ->
+    [{shell, Write}];
+output_shell(false, Write) when is_function(Write) ->
+    [{shell, {only, Write}}].
+
+output_fun(false, false) -> false;
+output_fun(false, true) -> fun(Trace) -> io:put_chars(textformat(Trace)) end;
+output_fun(Text, false) ->
+    Env = wx:get_env(),
+    fun(Trace) ->
+	    wx:set_env(Env),
+	    wxTextCtrl:appendText(Text, textformat(Trace))
+    end;
+output_fun(Text, true) ->
+    Env = wx:get_env(),
+    fun(Trace) ->
+	    wx:set_env(Env),
+	    IoList = textformat(Trace),
+	    wxTextCtrl:appendText(Text, IoList),
+	    io:put_chars(textformat(Trace))
+    end.
+
+output_file(false, _, _Opts) ->
+    "ttb";  %% Will be ignored
+output_file(true, false, Opts) ->
+    proplists:get_value(filename, Opts, "ttb");
+output_file(true, true, Opts) ->
+    Name = proplists:get_value(filename, Opts, "ttb"),
+    Size = proplists:get_value(wrap_sz, Opts, 128),
+    Count = proplists:get_value(wrap_c, Opts, 8),
+    {wrap, Name, Size*1024, Count}.
+
+
+create_logwindow(_Parent, false) -> {false, false};
+create_logwindow(Parent, true) ->
+    LogWin = wxFrame:new(Parent, ?LOG_WIN, "Trace Log", [{size, {750, 800}}]),
+    MB = wxMenuBar:new(),
+    File = wxMenu:new(),
+    wxMenu:append(File, ?LOG_CLEAR, "Clear Log\tCtrl-C"),
+    wxMenu:append(File, ?LOG_SAVE, "Save Log\tCtrl-S"),
+    wxMenu:append(File, ?wxID_CLOSE, "Close"),
+    wxMenuBar:append(MB, File, "File"),
+    wxFrame:setMenuBar(LogWin, MB),
+    Text = wxTextCtrl:new(LogWin, ?wxID_ANY,
+			  [{style, ?wxTE_MULTILINE bor ?wxTE_RICH2 bor
+				?wxTE_DONTWRAP bor ?wxTE_READONLY}]),
+    Font = observer_wx:get_attrib({font, fixed}),
+    Attr = wxTextAttr:new(?wxBLACK, [{font, Font}]),
+    true = wxTextCtrl:setDefaultStyle(Text, Attr),
+    wxFrame:connect(LogWin, close_window, [{skip, true}]),
+    wxFrame:connect(LogWin, command_menu_selected, [{userData, Text}]),
+    wxFrame:show(LogWin),
+    {LogWin, Text}.
+
+setup_ttb(TPs, TPids) ->
+    _R1 = [setup_tps(FTP, []) || {_, FTP} <- TPs],
+    _R2 = [ttb:p(Pid, dbg_flags(Flags)) || #tpid{pid=Pid, opts=Flags} <- TPids],
+    [#tpid{pid=_Pid, opts=_Flags}|_] = TPids,
+    ok.
+
+%% Sigh order is important
+setup_tps([First=#tpattern{fa={_,'_'}}|Rest], Prev) ->
+    setup_tp(First),
+    [setup_tp(TP) || TP <- lists:reverse(Prev)],
+    setup_tps(Rest, []);
+setup_tps([First=#tpattern{fa={F,_}}|Rest], Prev = [#tpattern{fa={F,_}}|_]) ->
+    setup_tps(Rest, [First|Prev]);
+setup_tps([First|Rest], Prev) ->
+    [setup_tp(TP) || TP <- lists:reverse(Prev)],
+    setup_tps(Rest, [First]);
+setup_tps([], Prev) ->
+    [setup_tp(TP) || TP <- lists:reverse(Prev)].
+
+setup_tp(#tpattern{m=M,fa={F,A}, ms=#match_spec{term=Ms}}) ->
+    ttb:tpl(M,F,A,Ms).
+
+dbg_flags(Flags) ->
+    [dbg_flag(Flag) || Flag <- Flags].
+
+dbg_flag(send) -> s;
+dbg_flag('receive') -> r;
+dbg_flag(functions) -> c;
+dbg_flag(on_spawn) -> sos;
+dbg_flag(on_link) -> sol;
+dbg_flag(on_first_spawn) -> sofs;
+dbg_flag(on_first_link) -> sofl;
+dbg_flag(events) -> p.
+
+textformat(Trace) when element(1, Trace) == trace_ts, tuple_size(Trace) >= 4 ->
+    format_trace(Trace, tuple_size(Trace)-1, element(tuple_size(Trace),Trace));
+textformat(Trace) when element(1, Trace) == drop, tuple_size(Trace) =:= 2 ->
+    io_lib:format("*** Dropped ~p messages.~n", [element(2,Trace)]);
+textformat(Trace) when element(1, Trace) == seq_trace, tuple_size(Trace) >= 3 ->
+    io_lib:format("*** Seq trace not implmented.~n", []);
+textformat(_) ->
+    "".
+
+format_trace(Trace, Size, TS0={_,_,MS}) ->
+    {_,{H,M,S}} = calendar:now_to_local_time(TS0),
+    TS = io_lib:format("~.2.0w:~.2.0w:~.2.0w:~.6.0w", [H,M,S,MS]),
+    From = element(2, Trace),
+    case element(3, Trace) of
+	'receive' ->
+	    case element(4, Trace) of
+		{dbg,ok} -> "";
+		Message ->
+		    io_lib:format("~s (~100p) << ~100p~n", [TS,From,Message])
+	    end;
+	'send' ->
+	    Message = element(4, Trace),
+	    To = element(5, Trace),
+	    io_lib:format("~s (~100p) ~100p ! ~100p~n", [TS,From,To,Message]);
+	call ->
+	    case element(4, Trace) of
+		MFA when Size == 5 ->
+		    Message = element(5, Trace),
+		    io_lib:format("~s (~100p) call ~s (~100p) ~n", [TS,From,ffunc(MFA),Message]);
+		MFA ->
+		    io_lib:format("~s (~100p) call ~s~n", [TS,From,ffunc(MFA)])
+	    end;
+	return_from ->
+	    MFA = element(4, Trace),
+	    Ret = element(5, Trace),
+	    io_lib:format("~s (~100p) returned from ~s -> ~100p~n", [TS,From,ffunc(MFA),Ret]);
+	return_to ->
+	    MFA = element(4, Trace),
+	    io_lib:format("~s (~100p) returning to ~s~n", [TS,From,ffunc(MFA)]);
+	spawn when Size == 5 ->
+	    Pid = element(4, Trace),
+	    MFA = element(5, Trace),
+	    io_lib:format("~s (~100p) spawn ~100p as ~s~n", [TS,From,Pid,ffunc(MFA)]);
+	Op ->
+	    io_lib:format("~s (~100p) ~100p ~s~n", [TS,From,Op,ftup(Trace,4,Size)])
+    end.
+
+%%% These f* functions returns non-flat strings
+
+%% {M,F,[A1, A2, ..., AN]} -> "M:F(A1, A2, ..., AN)"
+%% {M,F,A}                 -> "M:F/A"
+ffunc({M,F,Argl}) when is_list(Argl) ->
+    io_lib:format("~100p:~100p(~s)", [M, F, fargs(Argl)]);
+ffunc({M,F,Arity}) ->
+    io_lib:format("~100p:~100p/~100p", [M,F,Arity]);
+ffunc(X) -> io_lib:format("~100p", [X]).
+
+%% Integer           -> "Integer"
+%% [A1, A2, ..., AN] -> "A1, A2, ..., AN"
+fargs(Arity) when is_integer(Arity) -> integer_to_list(Arity);
+fargs([]) -> [];
+fargs([A]) -> io_lib:format("~100p", [A]);  %% last arg
+fargs([A|Args]) -> [io_lib:format("~100p,", [A]) | fargs(Args)];
+fargs(A) -> io_lib:format("~100p", [A]). % last or only arg
+
+%% {A_1, A_2, ..., A_N} -> "A_Index A_Index+1 ... A_Size"
+ftup(Trace, Index, Index) ->
+    io_lib:format("~100p", [element(Index, Trace)]);
+ftup(Trace, Index, Size) ->
+    [io_lib:format("~100p ", [element(Index, Trace)])
+     | ftup(Trace, Index+1, Size)].
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+write_file(Frame, Filename, TraceOps, MatchSpecs, Output, TPs) ->
+    FormatMS = fun(#match_spec{name=Id, term=T, func=F}) ->
+		       io_lib:format("[{name,\"~s\"}, {term, ~w}, {func, \"~s\"}]",
+				     [Id, T, F])
+	       end,
+    FormatTP = fun({Module, FTPs}) ->
+		       List = format_ftp(FTPs, FormatMS),
+		       io_lib:format("{tp, ~w, [~s]}.~n",[Module, List])
+	       end,
+    Str =
+	["%%%\n%%% This file is generated by Observer\n",
+	 "%%%\n%%% DO NOT EDIT!\n%%%\n",
+	 [["{ms, ", FormatMS(Ms), "}.\n"] || Ms <- MatchSpecs],
+	 "{traceopts, ", io_lib:format("~w",[TraceOps]) ,"}.\n",
+	 "{output, ", io_lib:format("~w",[Output]) ,"}.\n",
+	 [FormatTP(TP) || TP <- TPs]
+	],
+    case file:write_file(Filename, list_to_binary(Str)) of
+	ok ->
+	    success;
+	{error, Reason} ->
+	    FailMsg = file:format_error(Reason),
+	    observer_wx:create_txt_dialog(Frame, FailMsg, "Error", ?wxICON_ERROR)
+    end.
+
+format_ftp([#tpattern{fa={F,A}, ms=Ms}], FormatMS) ->
+    io_lib:format("{~w, ~w, ~s}", [F,A,FormatMS(Ms)]);
+format_ftp([#tpattern{fa={F,A}, ms=Ms}|Rest], FormatMS) ->
+    [io_lib:format("{~w, ~w, ~s},~n     ", [F,A,FormatMS(Ms)]),
+     format_ftp(Rest, FormatMS)].
+
+read_settings(Filename, #state{match_specs=Ms0, def_trace_opts=TO0} = State) ->
+    case file:consult(Filename) of
+	{ok, Terms} ->
+	    Ms  = lists:usort(Ms0 ++ [parse_ms(MsList) || {ms, MsList} <- Terms]),
+	    TOs = lists:usort(TO0 ++ proplists:get_value(traceopts, Terms, [])),
+	    Out = proplists:get_value(output, Terms, []),
+	    lists:foldl(fun parse_tp/2,
+			State#state{match_specs=Ms, def_trace_opts=TOs, output=Out},
+			Terms);
+	{error, _} ->
+	    observer_wx:create_txt_dialog(State#state.panel, "Could not load settings",
+					  "Error", ?wxICON_ERROR),
+	    State
+    end.
+
+parse_ms(Opts) ->
+    Name = proplists:get_value(name, Opts, "TracePattern"),
+    Term = proplists:get_value(term, Opts, [{'_',[],[ok]}]),
+    FunStr = proplists:get_value(term, Opts, "fun(_) -> ok end"),
+    make_ms(Name, Term, FunStr).
+
+make_ms(Name, Term, FunStr) ->
+    #match_spec{name=Name, term=Term, str=io_lib:format("~w", Term), func = FunStr}.
+
+parse_tp({tp, Mod, FAs}, State) ->
+    Patterns = [#tpattern{m=Mod,fa={F,A}, ms=parse_ms(List)} ||
+		   {F,A,List} <- FAs],
+    do_add_patterns({Mod, Patterns}, State);
+parse_tp(_, State) ->
+    State.
+
+get_selected_items(Grid, Data) ->
+    get_indecies(get_selected_items(Grid, -1, []), Data).
+get_selected_items(Grid, Index, ItemAcc) ->
+    Item = wxListCtrl:getNextItem(Grid, Index, [{geometry, ?wxLIST_NEXT_ALL},
+						{state, ?wxLIST_STATE_SELECTED}]),
+    case Item of
+	-1 ->
+	    lists:reverse(ItemAcc);
+	_ ->
+	    get_selected_items(Grid, Item, [Item | ItemAcc])
+    end.
+
+get_indecies(Items, Data) ->
+    get_indecies(Items, 0, Data).
+get_indecies([I|Rest], I, [H|T]) ->
+    [H|get_indecies(Rest, I+1, T)];
+get_indecies(Rest = [_|_], I, [_|T]) ->
+    get_indecies(Rest, I+1, T);
+get_indecies(_, _, _) ->
+    [].
diff --git a/lib/observer/src/observer_traceoptions_wx.erl b/lib/observer/src/observer_traceoptions_wx.erl
new file mode 100644
index 0000000000..6a634e06f0
--- /dev/null
+++ b/lib/observer/src/observer_traceoptions_wx.erl
@@ -0,0 +1,673 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+
+-module(observer_traceoptions_wx).
+
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+
+-export([process_trace/2, trace_pattern/4, select_nodes/2,
+	 output/2, select_matchspec/3]).
+
+process_trace(Parent, Default) ->
+    Dialog = wxDialog:new(Parent, ?wxID_ANY, "Process Options",
+			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER}]),
+    Panel = wxPanel:new(Dialog),
+    MainSz = wxBoxSizer:new(?wxVERTICAL),
+    PanelSz = wxBoxSizer:new(?wxHORIZONTAL),
+    LeftSz = wxStaticBoxSizer:new(?wxVERTICAL, Panel,  [{label, "Tracing options"}]),
+    RightSz = wxStaticBoxSizer:new(?wxVERTICAL, Panel, [{label, "Inheritance options:"}]),
+
+    FuncBox = wxCheckBox:new(Panel, ?wxID_ANY, "Trace function call", []),
+    check_box(FuncBox, lists:member(functions, Default)),
+    SendBox = wxCheckBox:new(Panel, ?wxID_ANY, "Trace send message", []),
+    check_box(SendBox, lists:member(send, Default)),
+    RecBox = wxCheckBox:new(Panel, ?wxID_ANY, "Trace receive message", []),
+    check_box(RecBox, lists:member('receive', Default)),
+    EventBox = wxCheckBox:new(Panel, ?wxID_ANY, "Trace process events", []),
+    check_box(EventBox, lists:member(events, Default)),
+
+    {SpawnBox, SpwnAllRadio, SpwnFirstRadio} =
+	optionpage_top_right(Panel, RightSz, [{flag, ?wxBOTTOM},{border, 5}], "spawn"),
+    {LinkBox, LinkAllRadio, LinkFirstRadio} =
+	optionpage_top_right(Panel, RightSz, [{flag, ?wxBOTTOM},{border, 5}], "link"),
+    SpawnBool = lists:member(on_spawn, Default) orelse lists:member(on_first_spawn, Default),
+    LinkBool = lists:member(on_link, Default) orelse lists:member(on_first_link, Default),
+    check_box(SpawnBox, SpawnBool),
+    check_box(LinkBox,  LinkBool),
+    enable(SpawnBox, [SpwnAllRadio, SpwnFirstRadio]),
+    enable(LinkBox, [LinkAllRadio, LinkFirstRadio]),
+    [wxRadioButton:setValue(Radio, lists:member(Opt, Default)) ||
+	{Radio, Opt} <- [{SpwnAllRadio, on_spawn}, {SpwnFirstRadio, on_first_spawn},
+			 {LinkAllRadio, on_link},  {LinkFirstRadio, on_first_link}]],
+
+    [wxSizer:add(LeftSz, CheckBox, []) || CheckBox <- [FuncBox,SendBox,RecBox,EventBox]],
+    wxSizer:add(LeftSz, 150, -1),
+
+    wxSizer:add(PanelSz, LeftSz, [{flag, ?wxEXPAND}, {proportion,1}]),
+    wxSizer:add(PanelSz, RightSz,[{flag, ?wxEXPAND}, {proportion,1}]),
+    wxPanel:setSizer(Panel, PanelSz),
+    wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND}, {proportion,1}]),
+    Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
+    wxSizer:add(MainSz, Buttons, [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}]),
+    wxWindow:setSizerAndFit(Dialog, MainSz),
+    wxSizer:setSizeHints(MainSz, Dialog),
+    wxCheckBox:connect(SpawnBox, command_checkbox_clicked,
+		       [{callback, fun(#wx{event=#wxCommand{}},_) ->
+					   enable(SpawnBox, [SpwnAllRadio, SpwnFirstRadio])
+				   end}]),
+    wxCheckBox:connect(LinkBox, command_checkbox_clicked,
+		       [{callback, fun(#wx{event=#wxCommand{}},_) ->
+					   enable(LinkBox, [LinkAllRadio, LinkFirstRadio])
+				   end}]),
+
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    All = [{SendBox, send}, {RecBox, 'receive'},
+		   {FuncBox, functions}, {EventBox, events},
+		   {{SpawnBox, SpwnAllRadio}, on_spawn},
+		   {{SpawnBox,SpwnFirstRadio}, on_first_spawn},
+		   {{LinkBox, LinkAllRadio}, on_link},
+		   {{LinkBox, LinkFirstRadio}, on_first_link}],
+	    Check = fun({Box, Radio}) ->
+			    wxCheckBox:getValue(Box) andalso wxRadioButton:getValue(Radio);
+		       (Box) ->
+			    wxCheckBox:getValue(Box)
+		    end,
+	    Opts = [Id || {Tick, Id} <- All, Check(Tick)],
+	    wxDialog:destroy(Dialog),
+	    lists:reverse(Opts);
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    throw(cancel)
+    end.
+
+trace_pattern(ParentPid, Parent, Node, MatchSpecs) ->
+    try
+	Module = module_selector(Parent, Node),
+	MFAs  = function_selector(Parent, Node, Module),
+	MatchSpec = select_matchspec(ParentPid, Parent, MatchSpecs),
+	{Module, [#tpattern{m=M,fa={F,A},ms=MatchSpec} || {M,F,A} <- MFAs]}
+    catch cancel -> cancel
+    end.
+
+select_nodes(Parent, Nodes) ->
+    Choices = [{atom_to_list(X), X} || X <- Nodes],
+    check_selector(Parent, Choices).
+
+module_selector(Parent, Node) ->
+    Dialog = wxDialog:new(Parent, ?wxID_ANY, "Select Module",
+			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER},
+			   {size, {400, 400}}]),
+    Panel = wxPanel:new(Dialog),
+    PanelSz = wxBoxSizer:new(?wxVERTICAL),
+    MainSz  = wxBoxSizer:new(?wxVERTICAL),
+
+    TxtCtrl = wxTextCtrl:new(Panel, ?wxID_ANY),
+    ListBox = wxListBox:new(Panel, ?wxID_ANY, [{style, ?wxLB_SINGLE}]),
+    wxSizer:add(PanelSz, TxtCtrl, [{flag, ?wxEXPAND}]),
+    wxSizer:add(PanelSz, ListBox, [{flag, ?wxEXPAND}, {proportion, 1}]),
+    wxPanel:setSizer(Panel, PanelSz),
+    wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND bor ?wxALL},
+				{border, 5}, {proportion, 1}]),
+    Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
+    wxSizer:add(MainSz, Buttons, [{flag, ?wxEXPAND bor ?wxALL},
+				  {border, 5}, {proportion, 0}]),
+    wxWindow:setSizer(Dialog, MainSz),
+    OkId = wxDialog:getAffirmativeId(Dialog),
+    OkButt = wxWindow:findWindowById(OkId),
+    wxWindow:disable(OkButt),
+    wxWindow:setFocus(TxtCtrl),
+    %% init data
+    Modules = get_modules(Node),
+    AllModules = [{atom_to_list(X), X} || X <- Modules],
+    filter_listbox_data("", AllModules, ListBox),
+    wxTextCtrl:connect(TxtCtrl, command_text_updated,
+		       [{callback, fun(#wx{event=#wxCommand{cmdString=Input}}, _) ->
+					   filter_listbox_data(Input, AllModules, ListBox)
+				   end}]),
+    wxListBox:connect(ListBox, command_listbox_doubleclicked,
+		      [{callback, fun(_, _) -> wxDialog:endModal(Dialog, ?wxID_OK) end}]),
+    wxListBox:connect(ListBox, command_listbox_selected,
+		      [{callback, fun(#wx{event=#wxCommand{commandInt=Id}}, _) ->
+					  Id >= 0 andalso wxWindow:enable(OkButt)
+				  end}]),
+
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    SelId  = wxListBox:getSelection(ListBox),
+	    case SelId >= 0 of
+		true ->
+		    Module = wxListBox:getClientData(ListBox, SelId),
+		    wxDialog:destroy(Dialog),
+		    Module;
+		false ->
+		    wxDialog:destroy(Dialog),
+		    throw(cancel)
+	    end;
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    throw(cancel)
+    end.
+
+function_selector(Parent, Node, Module) ->
+    Functions = observer_wx:try_rpc(Node, Module, module_info, [functions]),
+    Choices = lists:sort([{Name, Arity} || {Name, Arity} <- Functions,
+					   not(erl_internal:guard_bif(Name, Arity))]),
+    ParsedChoices = parse_function_names(Choices),
+    case check_selector(Parent, ParsedChoices) of
+	[] -> [{Module, '_', '_'}];
+	FAs ->
+	    [{Module, F, A} || {F,A} <- FAs]
+    end.
+
+check_selector(Parent, ParsedChoices) ->
+    Dialog = wxDialog:new(Parent, ?wxID_ANY, "Trace Functions",
+			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER},
+			   {size, {400, 400}}]),
+
+    Panel = wxPanel:new(Dialog),
+    PanelSz = wxBoxSizer:new(?wxVERTICAL),
+    MainSz  = wxBoxSizer:new(?wxVERTICAL),
+
+    TxtCtrl = wxTextCtrl:new(Panel, ?wxID_ANY),
+    ListBox = wxCheckListBox:new(Panel, ?wxID_ANY, [{style, ?wxLB_EXTENDED}]),
+    wxSizer:add(PanelSz, TxtCtrl, [{flag, ?wxEXPAND}]),
+    wxSizer:add(PanelSz, ListBox, [{flag, ?wxEXPAND}, {proportion, 1}]),
+    SelAllBtn   = wxButton:new(Panel, ?wxID_ANY,   [{label, "Check Visible"}]),
+    DeSelAllBtn = wxButton:new(Panel, ?wxID_ANY, [{label, "Uncheck Visible"}]),
+    ButtonSz = wxBoxSizer:new(?wxHORIZONTAL),
+    [wxSizer:add(ButtonSz, Button, []) || Button <- [SelAllBtn, DeSelAllBtn]],
+    wxSizer:add(PanelSz, ButtonSz, [{flag, ?wxEXPAND bor ?wxALL},
+				    {border, 5}, {proportion, 0}]),
+    wxPanel:setSizer(Panel, PanelSz),
+    wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND bor ?wxALL},
+				{border, 5}, {proportion, 1}]),
+
+    Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
+    wxSizer:add(MainSz, Buttons, [{flag, ?wxEXPAND bor ?wxALL},
+				  {border, 5}, {proportion, 0}]),
+    wxWindow:setSizer(Dialog, MainSz),
+    wxWindow:setFocus(TxtCtrl),
+    %% Init
+    filter_listbox_data("", ParsedChoices, ListBox, false),
+    %% Setup Event handling
+    wxTextCtrl:connect(TxtCtrl, command_text_updated,
+		       [{callback,
+			 fun(#wx{event=#wxCommand{cmdString=Input}}, _) ->
+				 filter_listbox_data(Input, ParsedChoices, ListBox, false)
+			 end}]),
+    Self = self(),
+
+    %% Sigh clientdata in checklistbox crashes on windows, wx-bug I presume.
+    %% Don't have time to investigate now, workaround file bug report later
+    GetClientData = fun(LB, N) ->
+			    String = wxListBox:getString(LB, N),
+			    {_, Data} = lists:keyfind(String, 1, ParsedChoices),
+			    Data
+		    end,
+    wxCheckListBox:connect(ListBox, command_checklistbox_toggled,
+			   [{callback,
+			     fun(#wx{event=#wxCommand{commandInt=N}}, _) ->
+				     Self ! {ListBox, wxCheckListBox:isChecked(ListBox, N),
+					     GetClientData(ListBox, N)}
+			     end}]),
+    Check = fun(Id, Bool) ->
+    		    wxCheckListBox:check(ListBox, Id, [{check, Bool}]),
+    		    Self ! {ListBox, Bool, GetClientData(ListBox, Id)}
+    	    end,
+    wxButton:connect(SelAllBtn, command_button_clicked,
+    		     [{callback, fun(#wx{}, _) ->
+    					 Count = wxListBox:getCount(ListBox),
+    					 [Check(SelId, true) ||
+    					     SelId <- lists:seq(0, Count-1),
+    					     not wxCheckListBox:isChecked(ListBox, SelId)]
+    				 end}]),
+    wxButton:connect(DeSelAllBtn, command_button_clicked,
+    		     [{callback, fun(#wx{}, _) ->
+    					 Count = wxListBox:getCount(ListBox),
+    					 [Check(SelId, false) ||
+    					     SelId <- lists:seq(0, Count-1),
+    					     wxCheckListBox:isChecked(ListBox, SelId)]
+    				 end}]),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    wxDialog:destroy(Dialog),
+	    get_checked(ListBox, []);
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    get_checked(ListBox, []),
+	    throw(cancel)
+    end.
+
+get_checked(ListBox, Acc) ->
+    receive
+	{ListBox, true, FA} ->
+	    get_checked(ListBox, [FA|lists:delete(FA,Acc)]);
+	{ListBox, false, FA} ->
+	    get_checked(ListBox, lists:delete(FA,Acc))
+    after 0 ->
+	    lists:reverse(Acc)
+    end.
+
+select_matchspec(Pid, Parent, MatchSpecs) ->
+    Dialog = wxDialog:new(Parent, ?wxID_ANY, "Trace Match Specifications",
+			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER},
+			   {size, {400, 400}}]),
+
+    Panel = wxPanel:new(Dialog),
+    PanelSz = wxBoxSizer:new(?wxVERTICAL),
+    MainSz = wxBoxSizer:new(?wxVERTICAL),
+    TxtSz = wxStaticBoxSizer:new(?wxVERTICAL, Panel, [{label, "Match specification:"}]),
+    BtnSz = wxBoxSizer:new(?wxHORIZONTAL),
+    SavedSz = wxStaticBoxSizer:new(?wxVERTICAL, Panel, [{label, "Saved match specifications:"}]),
+
+    TextCtrl = create_styled_txtctrl(Panel),
+    wxSizer:add(TxtSz, TextCtrl, [{flag, ?wxEXPAND}, {proportion, 1}]),
+
+    AddMsBtn  = wxButton:new(Panel, ?wxID_ANY, [{label, "New"}]),
+    EditMsBtn  = wxButton:new(Panel, ?wxID_ANY, [{label, "Edit"}]),
+    DelMsBtn  = wxButton:new(Panel, ?wxID_ANY, [{label, "Delete"}]),
+    wxSizer:add(BtnSz, AddMsBtn),
+    wxSizer:add(BtnSz, EditMsBtn),
+    wxSizer:add(BtnSz, DelMsBtn),
+
+    ListBox = wxListBox:new(Panel, ?wxID_ANY, []),
+    wxSizer:add(SavedSz, ListBox, [{flag, ?wxEXPAND}, {proportion, 1}]),
+    wxSizer:add(PanelSz, TxtSz, [{flag, ?wxEXPAND}, {proportion, 1}]),
+    wxSizer:add(PanelSz, BtnSz),
+    wxSizer:add(PanelSz, SavedSz, [{flag, ?wxEXPAND}, {proportion, 1}]),
+
+    wxWindow:setSizer(Panel, PanelSz),
+    wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND bor ?wxALL},
+				{border, 5}, {proportion, 1}]),
+    Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
+    wxSizer:add(MainSz, Buttons, [{flag, ?wxEXPAND bor ?wxALL},
+				  {border, 5}, {proportion, 0}]),
+    wxWindow:setSizer(Dialog, MainSz),
+    OkId = wxDialog:getAffirmativeId(Dialog),
+    OkButt = wxWindow:findWindowById(OkId),
+    wxWindow:disable(OkButt),
+    wxWindow:disable(EditMsBtn),
+    wxWindow:disable(DelMsBtn),
+
+    Choices = ms_names(MatchSpecs),
+    filter_listbox_data("", Choices, ListBox),
+
+    Add = fun(_,_) ->
+		  case edit_ms(TextCtrl, new, Parent) of
+		      Ms = #match_spec{} -> add_and_select(-1, Ms, ListBox);
+		      Else -> Else
+		  end
+	  end,
+    Edit = fun(_,_) ->
+		   SelId = wxListBox:getSelection(ListBox),
+		   case SelId >= 0 of
+		       true ->
+			   #match_spec{name=Name} = wxListBox:getClientData(ListBox,SelId),
+			   case edit_ms(TextCtrl, Name, Parent) of
+			       Ms = #match_spec{} -> add_and_select(SelId, Ms, ListBox);
+			       Else -> Else
+			   end;
+		       false ->
+			   ok
+		   end
+	   end,
+    Del = fun(_,_) ->
+		  SelId = wxListBox:getSelection(ListBox),
+		  case SelId >= 0 of
+		      true ->
+			  wxListBox:delete(ListBox, SelId);
+		      false ->
+			  ok
+		  end
+	  end,
+    Sel = fun(#wx{event=#wxCommand{commandInt=Id}}, _) ->
+		  case Id >= 0 of
+		      true ->
+			  wxWindow:enable(OkButt),
+			  wxWindow:enable(EditMsBtn),
+			  wxWindow:enable(DelMsBtn),
+			  #match_spec{func=Str} = wxListBox:getClientData(ListBox,Id),
+			  wxStyledTextCtrl:setText(TextCtrl, Str);
+		      false ->
+			  try
+			      wxWindow:disable(OkButt),
+			      wxWindow:disable(EditMsBtn),
+			      wxWindow:disable(DelMsBtn)
+			  catch _:_ -> ok
+			  end
+		  end
+	  end,
+    wxButton:connect(AddMsBtn,  command_button_clicked,  [{callback,Add}]),
+    wxButton:connect(EditMsBtn,  command_button_clicked, [{callback,Edit}]),
+    wxButton:connect(DelMsBtn,  command_button_clicked,  [{callback,Del}]),
+    wxListBox:connect(ListBox, command_listbox_selected, [{callback, Sel}]),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    SelId  = wxListBox:getSelection(ListBox),
+	    Count = wxListBox:getCount(ListBox),
+	    MSs = [wxListBox:getClientData(ListBox, Id) ||
+		      Id <- lists:seq(0, Count-1)],
+	    Pid ! {update_ms, MSs},
+	    MS = lists:nth(SelId+1, MSs),
+	    wxDialog:destroy(Dialog),
+	    MS;
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    throw(cancel)
+    end.
+
+output(Parent, Default) ->
+    Dialog = wxDialog:new(Parent, ?wxID_ANY, "Process Options",
+			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER}]),
+    Panel = wxPanel:new(Dialog),
+    MainSz = wxBoxSizer:new(?wxVERTICAL),
+    PanelSz = wxStaticBoxSizer:new(?wxVERTICAL, Panel,  [{label, "Output"}]),
+
+    %% Output select
+    WinB = wxCheckBox:new(Panel, ?wxID_ANY, "Window", []),
+    check_box(WinB, proplists:get_value(window, Default, true)),
+    ShellB = wxCheckBox:new(Panel, ?wxID_ANY, "Shell", []),
+    check_box(ShellB, proplists:get_value(shell, Default, false)),
+    [wxSizer:add(PanelSz, CheckBox, []) || CheckBox <- [WinB, ShellB]],
+    GetFileOpts = ttb_file_options(Panel, PanelSz, Default),
+    %% Set sizer and show dialog
+    wxPanel:setSizer(Panel, PanelSz),
+    wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND bor ?wxALL}, {proportion,1}, {border, 3}]),
+    Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
+    wxSizer:add(MainSz, Buttons, [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}]),
+    wxWindow:setSizerAndFit(Dialog, MainSz),
+    wxSizer:setSizeHints(MainSz, Dialog),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Res = [{window, wxCheckBox:getValue(WinB)},
+		   {shell, wxCheckBox:getValue(ShellB)} | GetFileOpts()],
+	    wxDialog:destroy(Dialog),
+	    Res;
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    throw(cancel)
+    end.
+
+edit_ms(TextCtrl, Label0, Parent) ->
+    Str = ensure_last_is_dot(wxStyledTextCtrl:getText(TextCtrl)),
+    try
+	MatchSpec = ms_from_string(Str),
+	Label = case Label0 == new of
+		    true -> get_label(Parent);
+		    _ -> Label0
+		end,
+	#match_spec{name=Label, term=MatchSpec,
+		    str=io_lib:format("~w",[MatchSpec]),
+		    func=Str}
+    catch
+	throw:cancel ->
+	    ok;
+	throw:Error ->
+	    observer_wx:create_txt_dialog(Parent, Error, "Error", ?wxICON_ERROR),
+	    ok
+    end.
+
+get_label(Frame) ->
+    Dialog = wxTextEntryDialog:new(Frame, "Enter alias: "),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    wxTextEntryDialog:getValue(Dialog);
+	?wxID_CANCEL ->
+	    throw(cancel)
+    end.
+
+ms_from_string(Str) ->
+    try
+	Tokens = case erl_scan:string(Str) of
+		     {ok, Ts, _} -> Ts;
+		     {error, {SLine, SMod, SError}, _} ->
+			 throw(io_lib:format("~w: ~s", [SLine,SMod:format_error(SError)]))
+		 end,
+	Exprs  = case erl_parse:parse_exprs(Tokens) of
+		     {ok, T} -> T;
+		     {error, {PLine, PMod, PError}} ->
+			 throw(io_lib:format("~w: ~s", [PLine,PMod:format_error(PError)]))
+		 end,
+	Term = case Exprs of
+		   [{'fun', _, {clauses, Clauses}}|_] ->
+		       case ms_transform:transform_from_shell(dbg,Clauses,orddict:new()) of
+			   {error, [{_,[{MSLine,Mod,MSInfo}]}],_} ->
+			       throw(io_lib:format("~w: ~p", [MSLine,Mod:format_error(MSInfo)]));
+			   {error, _} ->
+			       throw("Could not convert fun() to match spec");
+			   Ms ->
+			       Ms
+		       end;
+		   [Expr|_] ->
+		       erl_parse:normalise(Expr)
+	       end,
+	case erlang:match_spec_test([], Term, trace) of
+	    {ok, _, _, _} -> Term;
+	    {error, List} -> throw([[Error, $\n] || {_, Error} <- List])
+	end
+    catch error:_Reason ->
+	    %% io:format("Bad term: ~s~n ~p in ~p~n", [Str, _Reason, erlang:get_stacktrace()]),
+	    throw("Invalid term")
+    end.
+
+add_and_select(Id, MS0, ListBox) ->
+    [{Str,User}] = ms_names([MS0]),
+    Sel = case Id >= 0 of
+	     true ->
+		  wxListBox:setString(ListBox, Id, Str),
+		  wxListBox:setClientData(ListBox, Id, User),
+		  Id;
+	      false ->
+		  wxListBox:append(ListBox, Str, User)
+	  end,
+    wxListBox:setSelection(ListBox, Sel).
+
+filter_listbox_data(Input, Data, ListBox) ->
+    filter_listbox_data(Input, Data, ListBox, true).
+
+filter_listbox_data(Input, Data, ListBox, AddClientData) ->
+    FilteredData = [X || X = {Str, _} <- Data, re:run(Str, Input) =/= nomatch],
+    wxListBox:clear(ListBox),
+    wxListBox:appendStrings(ListBox, [Str || {Str,_} <- FilteredData]),
+    AddClientData andalso
+	wx:foldl(fun({_, Term}, N) ->
+			 wxListBox:setClientData(ListBox, N, Term),
+			 N+1
+		 end, 0, FilteredData),
+    FilteredData.
+
+get_modules(Node) ->
+    lists:sort([Module || {Module, _} <- observer_wx:try_rpc(Node, code, all_loaded, [])]).
+
+optionpage_top_right(Panel, TopRightSz, Options, Text) ->
+    Sizer = wxBoxSizer:new(?wxVERTICAL),
+    ChkBox = wxCheckBox:new(Panel, ?wxID_ANY, "Inherit on " ++ Text, []),
+    RadioSz = wxBoxSizer:new(?wxVERTICAL),
+    Radio1 = wxRadioButton:new(Panel, ?wxID_ANY, "All " ++ Text, [{style, ?wxRB_GROUP}]),
+    Radio2 = wxRadioButton:new(Panel, ?wxID_ANY, "First " ++ Text ++ " only", []),
+    wxSizer:add(Sizer, ChkBox, []),
+    wxSizer:add(RadioSz, Radio1, []),
+    wxSizer:add(RadioSz, Radio2, []),
+    wxSizer:add(Sizer, RadioSz, [{flag, ?wxLEFT},{border, 20}]),
+    wxSizer:add(TopRightSz, Sizer, Options),
+    {ChkBox, Radio1, Radio2}.
+
+
+create_styled_txtctrl(Parent) ->
+    FixedFont = observer_wx:get_attrib({font, fixed}),
+    Ed = wxStyledTextCtrl:new(Parent),
+    wxStyledTextCtrl:styleClearAll(Ed),
+    wxStyledTextCtrl:styleSetFont(Ed, ?wxSTC_STYLE_DEFAULT, FixedFont),
+    wxStyledTextCtrl:setLexer(Ed, ?wxSTC_LEX_ERLANG),
+    wxStyledTextCtrl:setMarginType(Ed, 1, ?wxSTC_MARGIN_NUMBER),
+    wxStyledTextCtrl:setSelectionMode(Ed, ?wxSTC_SEL_LINES),
+    wxStyledTextCtrl:setUseHorizontalScrollBar(Ed, false),
+
+    Styles =  [{?wxSTC_ERLANG_DEFAULT,  {0,0,0}},
+	       {?wxSTC_ERLANG_COMMENT,  {160,53,35}},
+	       {?wxSTC_ERLANG_VARIABLE, {150,100,40}},
+	       {?wxSTC_ERLANG_NUMBER,   {5,5,100}},
+	       {?wxSTC_ERLANG_KEYWORD,  {130,40,172}},
+	       {?wxSTC_ERLANG_STRING,   {170,45,132}},
+	       {?wxSTC_ERLANG_OPERATOR, {30,0,0}},
+	       {?wxSTC_ERLANG_ATOM,     {0,0,0}},
+	       {?wxSTC_ERLANG_FUNCTION_NAME, {64,102,244}},
+	       {?wxSTC_ERLANG_CHARACTER,{236,155,172}},
+	       {?wxSTC_ERLANG_MACRO,    {40,144,170}},
+	       {?wxSTC_ERLANG_RECORD,   {40,100,20}},
+	       {?wxSTC_ERLANG_SEPARATOR,{0,0,0}},
+	       {?wxSTC_ERLANG_NODE_NAME,{0,0,0}}],
+    SetStyle = fun({Style, Color}) ->
+		       wxStyledTextCtrl:styleSetFont(Ed, Style, FixedFont),
+		       wxStyledTextCtrl:styleSetForeground(Ed, Style, Color)
+	       end,
+    [SetStyle(Style) || Style <- Styles],
+    wxStyledTextCtrl:setKeyWords(Ed, 0, keyWords()),
+    Ed.
+
+
+keyWords() ->
+    L = ["after","begin","case","try","cond","catch","andalso","orelse",
+	 "end","fun","if","let","of","query","receive","when","bnot","not",
+	 "div","rem","band","and","bor","bxor","bsl","bsr","or","xor"],
+    lists:flatten([K ++ " " || K <- L] ++ [0]).
+
+
+enable(CheckBox, Radio) ->
+    case wxCheckBox:isChecked(CheckBox) of
+	false ->
+	    [wxWindow:disable(R) || R <- Radio];
+	true ->
+	    [wxWindow:enable(R) || R <- Radio]
+    end.
+
+
+check_box(ChkBox, Bool) ->
+    case Bool of
+	true ->
+	    wxCheckBox:set3StateValue(ChkBox, ?wxCHK_CHECKED);
+	false ->
+	    ignore
+    end.
+
+parse_function_names(Choices) ->
+    StrList = [{atom_to_list(Name) ++ "/" ++ integer_to_list(Arity), Term}
+	       || Term = {Name, Arity} <- Choices],
+    parse_function_names(StrList, []).
+
+parse_function_names([], Acc) ->
+    lists:reverse(Acc);
+parse_function_names([{H, Term}|T], Acc) ->
+    IsFun = re:run(H, ".*-fun-\\d*?-"),
+    IsLc = re:run(H, ".*-lc\\$\\^\\d*?/\\d*?-\\d*?-"),
+    IsLbc = re:run(H, ".*-lbc\\$\\^\\d*?/\\d*?-\\d*?-"),
+    Parsed =
+	if IsFun =/= nomatch -> "Fun: " ++ H;
+	   IsLc =/= nomatch -> "List comprehension: " ++ H;
+	   IsLbc =/= nomatch -> "Bit comprehension: " ++ H;
+	   true ->
+		H
+	end,
+    parse_function_names(T, [{Parsed, Term} | Acc]).
+
+ms_names(MatchSpecList) ->
+    MsOrAlias = fun(#match_spec{name = A, str = M}) ->
+			case A of
+			    "" -> M;
+			    _ -> A ++ "    " ++ M
+			end
+		end,
+    [{MsOrAlias(X), X} || X <- MatchSpecList].
+
+ensure_last_is_dot([]) ->
+    ".";
+ensure_last_is_dot(String) ->
+    case lists:last(String) =:= $. of
+	true ->
+	    String;
+	false ->
+	    String ++ "."
+    end.
+
+ttb_file_options(Panel, Sizer, Default) ->
+    Top   = wxBoxSizer:new(?wxVERTICAL),
+    NameS = wxBoxSizer:new(?wxHORIZONTAL),
+    FileBox = wxCheckBox:new(Panel, ?wxID_ANY, "File (Using ttb file tracer)", []),
+    check_box(FileBox, proplists:get_value(file, Default, false)),
+    wxSizer:add(Sizer, FileBox),
+    Desc  = wxStaticText:new(Panel, ?wxID_ANY, "File"),
+    FileName = proplists:get_value(filename, Default, "ttb"),
+    FileT = wxTextCtrl:new(Panel, ?wxID_ANY, [{size, {150,-1}}, {value, FileName}]),
+    FileB = wxButton:new(Panel, ?wxID_ANY, [{label, "Browse"}]),
+    wxSizer:add(NameS, Desc,  [{proportion, 0}, {flag, ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:add(NameS, FileT, [{proportion, 1}, {flag, ?wxEXPAND bor ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:add(NameS, FileB, [{proportion, 0}, {flag, ?wxALIGN_CENTER_VERTICAL}]),
+
+    WrapB = wxCheckBox:new(Panel, ?wxID_ANY, "Wrap logs"),
+    WrapSz = wxSlider:new(Panel, ?wxID_ANY, proplists:get_value(wrap_sz, Default, 128),
+			  64, 10*1024, [{style, ?wxSL_HORIZONTAL bor ?wxSL_LABELS}]),
+    WrapC = wxSlider:new(Panel, ?wxID_ANY, proplists:get_value(wrap_c, Default, 8),
+			 2, 100, [{style, ?wxSL_HORIZONTAL bor ?wxSL_LABELS}]),
+
+    wxSizer:add(Top, NameS, [{flag, ?wxEXPAND}]),
+    wxSizer:add(Top, WrapB, []),
+    wxSizer:add(Top, WrapSz,[{flag, ?wxEXPAND}]),
+    wxSizer:add(Top, WrapC, [{flag, ?wxEXPAND}]),
+    wxSizer:add(Sizer, Top, [{flag, ?wxEXPAND bor ?wxLEFT},{border, 20}]),
+
+    Enable = fun(UseFile, UseWrap0) ->
+		     UseWrap = UseFile andalso UseWrap0,
+		     [wxWindow:enable(W, [{enable, UseFile}]) || W <- [Desc,FileT,FileB,WrapB]],
+		     [wxWindow:enable(W, [{enable, UseWrap}]) || W <- [WrapSz, WrapC]],
+		     check_box(WrapB, UseWrap0)
+	     end,
+    Enable(proplists:get_value(file, Default, false), proplists:get_value(wrap, Default, false)),
+    wxPanel:connect(FileBox, command_checkbox_clicked,
+		    [{callback, fun(_,_) ->
+					Enable(wxCheckBox:getValue(FileBox),
+					       wxCheckBox:getValue(WrapB))
+				end}]),
+    wxPanel:connect(WrapB, command_checkbox_clicked,
+		    [{callback, fun(_,_) ->
+					Enable(true, wxCheckBox:getValue(WrapB))
+				end}]),
+    wxPanel:connect(FileB, command_button_clicked,
+		    [{callback, fun(_,_) ->  get_file(FileT) end}]),
+    fun() ->
+	    [{file, wxCheckBox:getValue(FileBox)},
+	     {filename, wxTextCtrl:getValue(FileT)},
+	     {wrap, wxCheckBox:getValue(WrapB)},
+	     {wrap_sz, wxSlider:getValue(WrapSz)},
+	     {wrap_c, wxSlider:getValue(WrapC)}]
+    end.
+
+get_file(Text) ->
+    Str = wxTextCtrl:getValue(Text),
+    Dialog = wxFileDialog:new(Text,
+			      [{message, "Select a file"},
+			       {default_file, Str}]),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Dir = wxFileDialog:getDirectory(Dialog),
+	    File = wxFileDialog:getFilename(Dialog),
+	    wxTextCtrl:setValue(Text, filename:join(Dir, File));
+	_ -> ok
+    end,
+    wxFileDialog:destroy(Dialog).
diff --git a/lib/observer/src/observer_tv.hrl b/lib/observer/src/observer_tv.hrl
new file mode 100644
index 0000000000..05e4f928d0
--- /dev/null
+++ b/lib/observer/src/observer_tv.hrl
@@ -0,0 +1,34 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+
+-record(tab, {name,
+	      id = ignore,
+	      size,
+	      memory=0,   %% In bytes
+	      owner,
+	      reg_name,
+	      protection = public,
+	      type=set,
+	      keypos=1,
+	      heir=none,
+	      compressed=false,
+	      fixed=false,
+	      %% Mnesia Info
+	      storage,
+	      index
+	     }).
diff --git a/lib/observer/src/observer_tv_table.erl b/lib/observer/src/observer_tv_table.erl
new file mode 100644
index 0000000000..f432173f57
--- /dev/null
+++ b/lib/observer/src/observer_tv_table.erl
@@ -0,0 +1,795 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+
+-module(observer_tv_table).
+
+-export([start_link/2]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_event/2, handle_sync_event/3, handle_cast/2]).
+
+-include("observer_defs.hrl").
+-import(observer_lib, [to_str/1]).
+
+-behaviour(wx_object).
+-include_lib("wx/include/wx.hrl").
+-include("observer_tv.hrl").
+
+-define(ID_TABLE_INFO, 400).
+-define(ID_REFRESH, 401).
+-define(ID_REFRESH_INTERVAL, 402).
+-define(ID_EDIT, 403).
+-define(ID_DELETE, 404).
+-define(ID_SEARCH, 405).
+
+-define(SEARCH_ENTRY, 420).
+-define(GOTO_ENTRY,   421).
+
+-define(DEFAULT_COL_WIDTH, 150).
+
+-record(state,
+	{
+	  parent,
+	  frame,
+	  grid,
+	  status,
+	  sizer,
+	  search,
+	  selected,
+	  node=node(),
+	  columns,
+	  pid,
+	  source,
+	  tab,
+	  attrs,
+	  timer={false, 30}
+	}).
+
+-record(opt,
+	{
+	  sort_key=2,
+	  sort_incr=true
+	}).
+
+-record(search,
+	{enable=true,          %  Subwindow is enabled
+	 win,                  %  Sash Sub window obj
+	 name,                 %  name
+
+	 search,               %  Search input ctrl
+	 goto,                 %  Goto  input ctrl
+	 radio,                %  Radio buttons
+
+	 find                  %  Search string
+	}).
+
+-record(find, {start,              % start pos
+	       strlen,             % Found
+	       found               % false
+	      }).
+
+start_link(Parent, Opts) ->
+    wx_object:start_link(?MODULE, [Parent, Opts], []).
+
+init([Parent, Opts]) ->
+    Source = proplists:get_value(type, Opts),
+    Table  = proplists:get_value(table, Opts),
+    Node   = proplists:get_value(node, Opts),
+    Title0 = atom_to_list(Table#tab.name) ++ " @ " ++ atom_to_list(Node),
+    Title = case Source of
+		ets -> "TV Ets: " ++ Title0;
+		mnesia -> "TV Mnesia: " ++ Title0
+	    end,
+    Frame = wxFrame:new(Parent, ?wxID_ANY, Title, [{size, {800, 300}}]),
+    IconFile = filename:join(code:priv_dir(observer), "erlang_observer.png"),
+    Icon = wxIcon:new(IconFile, [{type,?wxBITMAP_TYPE_PNG}]),
+    wxFrame:setIcon(Frame, Icon),
+    wxIcon:destroy(Icon),
+    MenuBar = wxMenuBar:new(),
+    create_menus(MenuBar),
+    wxFrame:setMenuBar(Frame, MenuBar),
+    %% wxFrame:setAcceleratorTable(Frame, AccelTable),
+    wxMenu:connect(Frame, command_menu_selected),
+
+    StatusBar = wxFrame:createStatusBar(Frame, []),
+    try
+	TabId = table_id(Table),
+	ColumnNames = column_names(Node, Source, TabId),
+	KeyPos = key_pos(Node, Source, TabId),
+
+	Attrs = observer_lib:create_attrs(),
+
+	Self = self(),
+	Holder = spawn_link(fun() ->
+				    init_table_holder(Self, Table, Source,
+						      length(ColumnNames), Node, Attrs)
+			    end),
+
+	Panel = wxPanel:new(Frame),
+	Sizer = wxBoxSizer:new(?wxVERTICAL),
+	Style = ?wxLC_REPORT bor ?wxLC_VIRTUAL bor ?wxLC_SINGLE_SEL bor ?wxLC_HRULES,
+	Grid = wxListCtrl:new(Panel, [{style, Style},
+				      {onGetItemText,
+				       fun(_, Item,Col) -> get_row(Holder, Item, Col+1) end},
+				      {onGetItemAttr,
+				       fun(_, Item) -> get_attr(Holder, Item) end}
+				     ]),
+	wxListCtrl:connect(Grid, command_list_item_activated),
+	wxListCtrl:connect(Grid, command_list_item_selected),
+	wxListCtrl:connect(Grid, command_list_col_click),
+	wxListCtrl:connect(Grid, size, [{skip, true}]),
+	wxWindow:setFocus(Grid),
+
+	Search = search_area(Panel),
+	wxSizer:add(Sizer, Grid,
+		    [{flag, ?wxEXPAND bor ?wxALL}, {proportion, 1}, {border, 5}]),
+	wxSizer:add(Sizer, Search#search.win,
+		    [{flag,?wxEXPAND bor ?wxLEFT bor ?wxRIGHT bor
+			  ?wxRESERVE_SPACE_EVEN_IF_HIDDEN},
+		     {border, 5}]),
+	wxWindow:setSizer(Panel, Sizer),
+	wxSizer:hide(Sizer, Search#search.win),
+
+	Cols = add_columns(Grid, 0, ColumnNames),
+	wxFrame:show(Frame),
+	{Panel, #state{frame=Frame, grid=Grid, status=StatusBar, search=Search,
+		       sizer = Sizer,
+		       parent=Parent, columns=Cols,
+		       pid=Holder, source=Source, tab=Table#tab{keypos=KeyPos},
+		       attrs=Attrs}}
+    catch node_or_table_down ->
+	    wxFrame:destroy(Frame),
+	    stop
+    end.
+
+add_columns(Grid, Start, ColumnNames) ->
+    Li = wxListItem:new(),
+    AddListEntry = fun(Name, Col) ->
+			   wxListItem:setText(Li, to_str(Name)),
+			   wxListItem:setAlign(Li, ?wxLIST_FORMAT_LEFT),
+			   wxListCtrl:insertColumn(Grid, Col, Li),
+			   wxListCtrl:setColumnWidth(Grid, Col, ?DEFAULT_COL_WIDTH),
+			   Col + 1
+		   end,
+    Cols = lists:foldl(AddListEntry, Start, ColumnNames),
+    wxListItem:destroy(Li),
+    Cols.
+
+create_menus(MB) ->
+    File = wxMenu:new(),
+    wxMenu:append(File, ?ID_TABLE_INFO, "Table Information\tCtrl-I"),
+    wxMenu:append(File, ?wxID_CLOSE, "Close"),
+    wxMenuBar:append(MB, File, "File"),
+    Edit = wxMenu:new(),
+    wxMenu:append(Edit, ?ID_EDIT, "Edit Object"),
+    wxMenu:append(Edit, ?ID_DELETE, "Delete Object\tCtrl-D"),
+    wxMenu:appendSeparator(Edit),
+    wxMenu:append(Edit, ?ID_SEARCH, "Search\tCtrl-S"),
+    wxMenu:appendSeparator(Edit),
+    wxMenu:append(Edit, ?ID_REFRESH, "Refresh\tCtrl-R"),
+    wxMenu:append(Edit, ?ID_REFRESH_INTERVAL, "Refresh interval..."),
+    wxMenuBar:append(MB, Edit, "Edit"),
+    Help = wxMenu:new(),
+    wxMenu:append(Help, ?wxID_HELP, "Help"),
+    wxMenuBar:append(MB, Help, "Help"),
+    ok.
+
+search_area(Parent) ->
+    HSz = wxBoxSizer:new(?wxHORIZONTAL),
+    wxSizer:add(HSz, wxStaticText:new(Parent, ?wxID_ANY, "Find:"),
+		[{flag,?wxALIGN_CENTER_VERTICAL}]),
+    TC1 = wxTextCtrl:new(Parent, ?SEARCH_ENTRY, [{style, ?wxTE_PROCESS_ENTER}]),
+    wxSizer:add(HSz, TC1,  [{proportion,3}, {flag, ?wxEXPAND}]),
+    Nbtn = wxRadioButton:new(Parent, ?wxID_ANY, "Next"),
+    wxRadioButton:setValue(Nbtn, true),
+    wxSizer:add(HSz,Nbtn,[{flag,?wxALIGN_CENTER_VERTICAL}]),
+    Pbtn = wxRadioButton:new(Parent, ?wxID_ANY, "Previous"),
+    wxSizer:add(HSz,Pbtn,[{flag,?wxALIGN_CENTER_VERTICAL}]),
+    Cbtn = wxCheckBox:new(Parent, ?wxID_ANY, "Match Case"),
+    wxSizer:add(HSz,Cbtn,[{flag,?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:add(HSz, 15,15, [{proportion,1}, {flag, ?wxEXPAND}]),
+    wxSizer:add(HSz, wxStaticText:new(Parent, ?wxID_ANY, "Goto Entry:"),
+		[{flag,?wxALIGN_CENTER_VERTICAL}]),
+    TC2 = wxTextCtrl:new(Parent, ?GOTO_ENTRY, [{style, ?wxTE_PROCESS_ENTER}]),
+    wxSizer:add(HSz, TC2,  [{proportion,0}, {flag, ?wxEXPAND}]),
+    wxTextCtrl:connect(TC1, command_text_updated),
+    wxTextCtrl:connect(TC1, command_text_enter),
+    wxTextCtrl:connect(TC1, kill_focus),
+    wxTextCtrl:connect(TC2, command_text_enter),
+    wxWindow:connect(Parent, command_button_clicked),
+
+    #search{name='Search Area', win=HSz,
+	    search=TC1,goto=TC2,radio={Nbtn,Pbtn,Cbtn}}.
+
+edit(Index, #state{pid=Pid, frame=Frame}) ->
+    Str = get_row(Pid, Index, all),
+    case observer_lib:user_term(Frame, "Edit object:", Str) of
+	cancel -> ok;
+	{ok, Term} -> Pid ! {edit, Index, Term};
+	Err = {error, _} -> self() ! Err
+    end.
+
+handle_event(#wx{id=?ID_REFRESH},State = #state{pid=Pid}) ->
+    Pid ! refresh,
+    {noreply, State};
+
+handle_event(#wx{event=#wxList{type=command_list_col_click, col=Col}},
+	     State = #state{pid=Pid}) ->
+    Pid ! {sort, Col+1},
+    {noreply, State};
+
+handle_event(#wx{event=#wxSize{size={W,_}}},  State=#state{grid=Grid}) ->
+    observer_lib:set_listctrl_col_size(Grid, W),
+    {noreply, State};
+
+handle_event(#wx{event=#wxList{type=command_list_item_selected, itemIndex=Index}},
+	     State = #state{pid=Pid, grid=Grid, status=StatusBar}) ->
+    N = wxListCtrl:getItemCount(Grid),
+    Str = get_row(Pid, Index, all),
+    wxStatusBar:setStatusText(StatusBar, io_lib:format("Objects: ~w: ~s",[N, Str])),
+    {noreply, State#state{selected=Index}};
+
+handle_event(#wx{event=#wxList{type=command_list_item_activated, itemIndex=Index}},
+	     State) ->
+    edit(Index, State),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_EDIT}, State = #state{selected=undefined}) ->
+    {noreply, State};
+handle_event(#wx{id=?ID_EDIT}, State = #state{selected=Index}) ->
+    edit(Index, State),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_DELETE}, State = #state{selected=undefined}) ->
+    {noreply, State};
+handle_event(#wx{id=?ID_DELETE},
+	     State = #state{pid=Pid, status=StatusBar, selected=Index}) ->
+    Str = get_row(Pid, Index, all),
+    Pid ! {delete, Index},
+    wxStatusBar:setStatusText(StatusBar, io_lib:format("Deleted object: ~s",[Str])),
+    {noreply, State};
+
+handle_event(#wx{id=?wxID_CLOSE}, State) ->
+    {stop, normal, State};
+
+handle_event(Help = #wx{id=?wxID_HELP}, State) ->
+    observer ! Help,
+    {noreply, State};
+
+handle_event(#wx{id=?GOTO_ENTRY, event=#wxCommand{cmdString=Str}},
+	     State = #state{grid=Grid}) ->
+    try
+	Row0 = list_to_integer(Str),
+	Row1 = min(0, Row0),
+	Row  = max(wxListCtrl:getItemCount(Grid)-1,Row1),
+	wxListCtrl:ensureVisible(Grid, Row),
+	ok
+    catch _:_ -> ok
+    end,
+    {noreply, State};
+
+%% Search functionality
+handle_event(#wx{id=?ID_SEARCH},
+	     State = #state{sizer=Sz, search=Search}) ->
+    wxSizer:show(Sz, Search#search.win),
+    wxWindow:setFocus(Search#search.search),
+    wxSizer:layout(Sz),
+    {noreply, State};
+handle_event(#wx{id=?SEARCH_ENTRY, event=#wxFocus{}},
+	     State = #state{search=Search, pid=Pid}) ->
+    Pid ! {mark_search_hit, false},
+    {noreply, State#state{search=Search#search{find=undefined}}};
+handle_event(#wx{id=?SEARCH_ENTRY, event=#wxCommand{cmdString=""}},
+	     State = #state{search=Search, pid=Pid}) ->
+    Pid ! {mark_search_hit, false},
+    {noreply, State#state{search=Search#search{find=undefined}}};
+handle_event(#wx{id=?SEARCH_ENTRY, event=#wxCommand{type=command_text_enter,cmdString=Str}},
+	     State = #state{grid=Grid, pid=Pid, status=SB,
+			    search=Search=#search{radio={Next0, _, Case0},
+						  find=Find}})
+  when Find =/= undefined ->
+    Dir  = wxRadioButton:getValue(Next0) xor wx_misc:getKeyState(?WXK_SHIFT),
+    Case = wxCheckBox:getValue(Case0),
+    Pos = if Find#find.found, Dir ->  %% Forward Continuation
+		  Find#find.start+1;
+	     Find#find.found ->  %% Backward Continuation
+		  Find#find.start-1;
+	     Dir ->   %% Forward wrap
+		  0;
+	     true ->  %% Backward wrap
+		  wxListCtrl:getItemCount(Grid)-1
+	  end,
+    Pid ! {mark_search_hit, false},
+    case search(Pid, Str, Pos, Dir, Case) of
+	false ->
+	    wxStatusBar:setStatusText(SB, "Not found"),
+	    Pid ! {mark_search_hit, Find#find.start},
+	    wxListCtrl:refreshItem(Grid, Find#find.start),
+	    {noreply, State#state{search=Search#search{find=#find{found=false}}}};
+	Row ->
+	    wxListCtrl:ensureVisible(Grid, Row),
+	    wxListCtrl:refreshItem(Grid, Row),
+	    Status = "Found: (Hit Enter for next, Shift-Enter for previous)",
+	    wxStatusBar:setStatusText(SB, Status),
+	    {noreply, State#state{search=Search#search{find=#find{start=Row, found=true}}}}
+    end;
+handle_event(#wx{id=?SEARCH_ENTRY, event=#wxCommand{cmdString=Str}},
+	     State = #state{grid=Grid, pid=Pid, status=SB,
+			    search=Search=#search{radio={Next0, _, Case0},
+						  find=Find}}) ->
+    try
+	Dir  = wxRadioButton:getValue(Next0),
+	Case = wxCheckBox:getValue(Case0),
+	Start = case Dir of
+		    true -> 0;
+		    false -> wxListCtrl:getItemCount(Grid)-1
+		end,
+	Cont = case Find of
+		   undefined ->
+		       #find{start=Start, strlen=length(Str)};
+		   #find{strlen=Old} when Old < length(Str) ->
+		       Find#find{start=Start, strlen=length(Str)};
+		   _ ->
+		       Find#find{strlen=length(Str)}
+	       end,
+
+	Pid ! {mark_search_hit, false},
+	case search(Pid, Str, Cont#find.start, Dir, Case) of
+	    false ->
+		wxStatusBar:setStatusText(SB, "Not found"),
+		{noreply, State};
+	    Row ->
+		wxListCtrl:ensureVisible(Grid, Row),
+		wxListCtrl:refreshItem(Grid, Row),
+		Status = "Found: (Hit Enter for next, Shift-Enter for previous)",
+		wxStatusBar:setStatusText(SB, Status),
+		{noreply, State#state{search=Search#search{find=#find{start=Row, found=true}}}}
+	end
+    catch _:_ -> {noreply, State}
+    end;
+
+handle_event(#wx{id=?ID_TABLE_INFO},
+	     State = #state{frame=Frame, node=Node, source=Source, tab=Table}) ->
+    observer_tv_wx:display_table_info(Frame, Node, Source, Table),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_REFRESH_INTERVAL},
+	     State = #state{grid=Grid, timer=Timer0}) ->
+    Timer = observer_lib:interval_dialog(Grid, Timer0, 10, 5*60),
+    {noreply, State#state{timer=Timer}};
+
+handle_event(_Event, State) ->
+    %io:format("~p:~p, handle event ~p\n", [?MODULE, ?LINE, Event]),
+    {noreply, State}.
+
+handle_sync_event(_Event, _Obj, _State) ->
+    %io:format("~p:~p, handle sync_event ~p\n", [?MODULE, ?LINE, Event]),
+    ok.
+
+handle_call(_Event, _From, State) ->
+    %io:format("~p:~p, handle call (~p) ~p\n", [?MODULE, ?LINE, From, Event]),
+    {noreply, State}.
+
+handle_cast(_Event, State) ->
+    %io:format("~p:~p, handle cast ~p\n", [?MODULE, ?LINE, Event]),
+    {noreply, State}.
+
+handle_info({no_rows, N}, State = #state{grid=Grid, status=StatusBar}) ->
+    wxListCtrl:setItemCount(Grid, N),
+    wxStatusBar:setStatusText(StatusBar, io_lib:format("Objects: ~w",[N])),
+    {noreply, State};
+
+handle_info({new_cols, New}, State = #state{grid=Grid, columns=Cols0}) ->
+    Cols = add_columns(Grid, Cols0, New),
+    {noreply, State#state{columns=Cols}};
+
+handle_info({refresh, Min, Max}, State = #state{grid=Grid}) ->
+    wxListCtrl:refreshItems(Grid, Min, Max),
+    {noreply, State};
+
+handle_info(refresh_interval, State = #state{pid=Pid}) ->
+    Pid ! refresh,
+    {noreply, State};
+
+handle_info({error, Error}, State = #state{frame=Frame}) ->
+    ErrorStr =
+	try io_lib:format("~ts", [Error]), Error
+	catch _:_ -> io_lib:format("~p", [Error])
+	end,
+    Dlg = wxMessageDialog:new(Frame, ErrorStr),
+    wxMessageDialog:showModal(Dlg),
+    wxMessageDialog:destroy(Dlg),
+    {noreply, State};
+
+handle_info(_Event, State) ->
+    %% io:format("~p:~p, handle info ~p\n", [?MODULE, ?LINE, _Event]),
+    {noreply, State}.
+
+terminate(_Event, #state{pid=Pid, attrs=Attrs}) ->
+    %% ListItemAttr are not auto deleted
+    #attrs{odd=Odd, deleted=D, changed=Ch, searched=S} = Attrs,
+    wxListItemAttr:destroy(Odd),
+    wxListItemAttr:destroy(D),
+    wxListItemAttr:destroy(Ch),
+    wxListItemAttr:destroy(S),
+    unlink(Pid),
+    exit(Pid, window_closed),
+    ok.
+
+code_change(_, _, State) ->
+    State.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%  Table holder needs to be in a separate process otherwise
+%%  the callback get_row/3 may deadlock if the process do
+%%  wx calls when callback is invoked.
+get_row(Table, Item, Column) ->
+    Ref = erlang:monitor(process, Table),
+    Table ! {get_row, self(), Item, Column},
+    receive
+	{'DOWN', Ref, _, _, _} -> "";
+	{Table, Res} ->
+	    erlang:demonitor(Ref),
+	    Res
+    end.
+
+get_attr(Table, Item) ->
+    Ref = erlang:monitor(process, Table),
+    Table ! {get_attr, self(), Item},
+    receive
+	{'DOWN', Ref, _, _, _} -> "";
+	{Table, Res} ->
+	    erlang:demonitor(Ref),
+	    Res
+    end.
+
+search(Table, Str, Row, Dir, Case) ->
+    Ref = erlang:monitor(process, Table),
+    Table ! {search, [Str, Row, Dir, Case]},
+    receive
+	{'DOWN', Ref, _, _, _} -> "";
+	{Table, Res} ->
+	    erlang:demonitor(Ref),
+	    Res
+    end.
+
+-record(holder, {node, parent, pid,
+		 table=[], n=0, columns,
+		 temp=[],
+		 search,
+		 source, tabid,
+		 sort,
+		 key,
+		 type,
+		 attrs
+		}).
+
+init_table_holder(Parent, Table, MnesiaOrEts, Cols, Node, Attrs) ->
+    TabId = case Table#tab.id of
+		ignore -> Table#tab.name;
+		Id -> Id
+	    end,
+    self() ! refresh,
+    table_holder(#holder{node=Node, parent=Parent,
+			 source=MnesiaOrEts, tabid=TabId, columns=Cols,
+			 sort=#opt{sort_key=Table#tab.keypos, sort_incr=true},
+			 type=Table#tab.type, key=Table#tab.keypos,
+			 attrs=Attrs}).
+
+table_holder(S0 = #holder{parent=Parent, pid=Pid, table=Table}) ->
+    receive
+	{get_attr, From, Row} ->
+	    get_attr(From, Row, S0),
+	    table_holder(S0);
+	{get_row, From, Row, Col} ->
+	    get_row(From, Row, Col, Table),
+	    table_holder(S0);
+	{Pid, Data} ->
+	    S1 = handle_new_data_chunk(Data, S0),
+	    table_holder(S1);
+	{sort, Col} ->
+	    table_holder(sort(Col, S0));
+	{search, Data} ->
+	    table_holder(search(Data, S0));
+	{mark_search_hit, Row} ->
+	    Old = S0#holder.search,
+	    is_integer(Old) andalso (Parent ! {refresh, Old, Old}),
+	    table_holder(S0#holder{search=Row});
+	refresh when is_pid(Pid) ->
+	    %% Already getting the table...
+	    %% io:format("ignoring refresh", []),
+	    table_holder(S0);
+	refresh ->
+	    GetTab = rpc:call(S0#holder.node, observer_backend, get_table,
+			      [self(), S0#holder.tabid, S0#holder.source]),
+	    table_holder(S0#holder{pid=GetTab});
+	{delete, Row} ->
+	    delete_row(Row, S0),
+	    table_holder(S0);
+	{edit, Row, Term} ->
+	    edit_row(Row, Term, S0),
+	    table_holder(S0);
+	What ->
+	    io:format("Table holder got ~p~n",[What]),
+	    table_holder(S0)
+    end.
+
+handle_new_data_chunk(Data, S0 = #holder{columns=Cols, parent=Parent}) ->
+    S1 = #holder{columns=NewCols} = handle_new_data_chunk2(Data, S0),
+    case NewCols =:= Cols of
+	true -> S1;
+	false ->
+	    Parent ! {new_cols, lists:seq(Cols+1, NewCols)},
+	    S1
+    end.
+
+handle_new_data_chunk2('$end_of_table',
+		       S0 = #holder{parent=Parent, sort=Opt,
+				    key=Key,
+				    table=Old, temp=New}) ->
+    Table = merge(Old, New, Key),
+    N = length(Table),
+    Parent ! {no_rows, N},
+    sort(Opt#opt.sort_key, S0#holder{n=N, pid=undefine,
+				     sort=Opt#opt{sort_key = undefined},
+				     table=Table, temp=[]});
+handle_new_data_chunk2(Data, S0 = #holder{columns=Cols0, source=ets, temp=Tab0}) ->
+    {Tab, Cols} = parse_ets_data(Data, Cols0, Tab0),
+    S0#holder{columns=Cols, temp=Tab};
+handle_new_data_chunk2(Data, S0 = #holder{source=mnesia, temp=Tab}) ->
+    S0#holder{temp=(Data ++ Tab)}.
+
+parse_ets_data([[Rec]|Rs], C, Tab) ->
+    parse_ets_data(Rs, max(tuple_size(Rec), C), [Rec|Tab]);
+parse_ets_data([Recs|Rs], C0, Tab0) ->
+    {Tab, Cols} = parse_ets_data(Recs, C0, Tab0),
+    parse_ets_data(Rs, Cols, Tab);
+parse_ets_data([], Cols, Tab) ->
+    {Tab, Cols}.
+
+sort(Col, S=#holder{n=N, parent=Parent, sort=Opt0, table=Table0}) ->
+    {Opt, Table} = sort(Col, Opt0, Table0),
+    Parent ! {refresh, 0, N-1},
+    S#holder{sort=Opt, table=Table}.
+
+sort(Col, Opt = #opt{sort_key=Col, sort_incr=Bool}, Table) ->
+    {Opt#opt{sort_incr=not Bool}, lists:reverse(Table)};
+sort(Col, S=#opt{sort_incr=true}, Table) ->
+    {S#opt{sort_key=Col}, keysort(Col, Table)};
+sort(Col, S=#opt{sort_incr=false}, Table) ->
+    {S#opt{sort_key=Col}, lists:reverse(keysort(Col, Table))}.
+
+keysort(Col, Table) ->
+    Sort = fun([A0|_], [B0|_]) ->
+		   A = try element(Col, A0) catch _:_ -> [] end,
+		   B = try element(Col, B0) catch _:_ -> [] end,
+		   case A == B of
+		       true -> A0 =< B0;
+		       false -> A < B
+		   end;
+	      (A0, B0) when is_tuple(A0), is_tuple(B0) ->
+		   A = try element(Col, A0) catch _:_ -> [] end,
+		   B = try element(Col, B0) catch _:_ -> [] end,
+		   case A == B of
+		       true -> A0 =< B0;
+		       false -> A < B
+		   end
+	   end,
+    lists:sort(Sort, Table).
+
+search([Str, Row, Dir0, CaseSens],
+       S=#holder{parent=Parent, table=Table}) ->
+    Opt = case CaseSens of
+	      true -> [];
+	      false -> [caseless]
+	  end,
+    Dir = case Dir0 of
+	      true -> 1;
+	      false -> -1
+	  end,
+    Res = case re:compile(Str, Opt) of
+	      {ok, Re} ->
+		  search(Row, Dir, Re, Table);
+	      {error, _} -> false
+	  end,
+    Parent ! {self(), Res},
+    S#holder{search=Res}.
+
+search(Row, Dir, Re, Table) ->
+    Res = try lists:nth(Row+1, Table) of
+	      Term ->
+		  Str = format(Term),
+		  re:run(Str, Re)
+	  catch _:_ -> no_more
+	  end,
+    case Res of
+	nomatch -> search(Row+Dir, Dir, Re, Table);
+	no_more -> false;
+	{match,_} -> Row
+    end.
+
+get_row(From, Row, Col, Table) ->
+    case lists:nth(Row+1, Table) of
+	[Object|_] when Col =:= all ->
+	    From ! {self(), format(Object)};
+	[Object|_] when tuple_size(Object) >= Col ->
+	    From ! {self(), format(element(Col, Object))};
+	_ ->
+	    From ! {self(), ""}
+    end.
+
+get_attr(From, Row, #holder{attrs=Attrs, search=Row}) ->
+    What = Attrs#attrs.searched,
+    From ! {self(), What};
+get_attr(From, Row, #holder{table=Table, attrs=Attrs}) ->
+    What = case lists:nth(Row+1, Table) of
+	       [_|deleted]  -> Attrs#attrs.deleted;
+	       [_|changed]  -> Attrs#attrs.changed;
+	       [_|new]      -> Attrs#attrs.changed;
+	       _ when (Row rem 2) > 0 ->
+		   Attrs#attrs.odd;
+	       _ ->
+		   Attrs#attrs.even
+	   end,
+    From ! {self(), What}.
+
+merge([], New, _Key) ->
+    [[N] || N <- New]; %% First time
+merge(Old, New, Key) ->
+    merge2(keysort(Key, Old), keysort(Key, New), Key).
+
+merge2([[Obj|_]|Old], [Obj|New], Key) ->
+    [[Obj]|merge2(Old, New, Key)];
+merge2([[A|_]|Old], [B|New], Key)
+  when element(Key, A) == element(Key, B) ->
+    [[B|changed]|merge2(Old, New, Key)];
+merge2([[A|_]|Old], New = [B|_], Key)
+  when element(Key, A) < element(Key, B) ->
+    [[A|deleted]|merge2(Old, New, Key)];
+merge2(Old = [[A|_]|_], [B|New], Key)
+  when element(Key, A) > element(Key, B) ->
+    [[B|new]|merge2(Old, New, Key)];
+merge2([], New, _Key) ->
+    [[N|new] || N <- New];
+merge2(Old, [], _Key) ->
+    [[O|deleted] || [O|_] <- Old].
+
+
+delete_row(Row, S0 = #holder{parent=Parent}) ->
+    case delete(Row, S0) of
+	ok ->
+	    self() ! refresh;
+	{error, Err} ->
+	    Parent ! {error, "Could not delete object: " ++ Err}
+    end.
+
+
+delete(Row, #holder{tabid=Id, table=Table,
+		    source=Source, node=Node}) ->
+    [Object|_] = lists:nth(Row+1, Table),
+    try
+	case Source of
+	    ets ->
+		true = rpc:call(Node, ets, delete_object, [Id, Object]);
+	    mnesia ->
+		ok = rpc:call(Node, mnesia, dirty_delete_object, [Id, Object])
+	end,
+	ok
+    catch _:_Error ->
+	    {error, "node or table is not available"}
+    end.
+
+edit_row(Row, Term, S0 = #holder{parent=Parent}) ->
+    case delete(Row, S0) of
+	ok ->
+	    case insert(Term, S0) of
+		ok -> self() ! refresh;
+		Err -> Parent ! {error, Err}
+	    end;
+	{error, Err} ->
+	    Parent ! {error, "Could not edit object: " ++ Err}
+    end.
+
+insert(Object, #holder{tabid=Id, source=Source, node=Node}) ->
+    try
+	case Source of
+	    ets ->
+		true = rpc:call(Node, ets, insert, [Id, Object]);
+	    mnesia ->
+		ok = rpc:call(Node, mnesia, dirty_write, [Id, Object])
+	end,
+	ok
+    catch _:_Error ->
+	    {error, "node or table is not available"}
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+column_names(Node, Type, Table) ->
+    case Type of
+	ets -> [1, 2];
+	mnesia ->
+	    Attrs = rpc:call(Node, mnesia, table_info, [Table, attributes]),
+	    is_list(Attrs) orelse throw(node_or_table_down),
+	    ["Record Name"|Attrs]
+    end.
+
+table_id(#tab{id=ignore, name=Name}) -> Name;
+table_id(#tab{id=Id}) -> Id.
+
+key_pos(_, mnesia, _) -> 2;
+key_pos(Node, ets, TabId) ->
+    KeyPos = rpc:call(Node, ets, info, [TabId, keypos]),
+    is_integer(KeyPos) orelse throw(node_or_table_down),
+    KeyPos.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+format(Tuple) when is_tuple(Tuple) ->
+    [${ |format_tuple(Tuple, 1, tuple_size(Tuple))];
+format(List) when is_list(List) ->
+    format_list(List);
+format(Bin) when is_binary(Bin), byte_size(Bin) > 100 ->
+    io_lib:format("<<#Bin:~w>>", [byte_size(Bin)]);
+format(Float) when is_float(Float) ->
+    io_lib:format("~.3g", [Float]);
+format(Term) ->
+    io_lib:format("~w", [Term]).
+
+format_tuple(Tuple, I, Max) when I < Max ->
+    [format(element(I, Tuple)), $,|format_tuple(Tuple, I+1, Max)];
+format_tuple(Tuple, Max, Max) ->
+    [format(element(Max, Tuple)), $}];
+format_tuple(_Tuple, 1, 0) ->
+    [$}].
+
+format_list([]) -> "[]";
+format_list(List) ->
+    case printable_list(List) of
+	true ->  io_lib:format("\"~ts\"", [List]);
+	false -> [$[ | make_list(List)]
+    end.
+
+make_list([Last]) ->
+    [format(Last), $]];
+make_list([Head|Tail]) ->
+    [format(Head), $,|make_list(Tail)].
+
+%% printable_list([Char]) -> bool()
+%%  Return true if CharList is a list of printable characters, else
+%%  false.
+
+printable_list([C|Cs]) when is_integer(C), C >= $ , C =< 255 ->
+    printable_list(Cs);
+printable_list([$\n|Cs]) ->
+    printable_list(Cs);
+printable_list([$\r|Cs]) ->
+    printable_list(Cs);
+printable_list([$\t|Cs]) ->
+    printable_list(Cs);
+printable_list([$\v|Cs]) ->
+    printable_list(Cs);
+printable_list([$\b|Cs]) ->
+    printable_list(Cs);
+printable_list([$\f|Cs]) ->
+    printable_list(Cs);
+printable_list([$\e|Cs]) ->
+    printable_list(Cs);
+printable_list([]) -> true;
+printable_list(_Other) -> false.	     %Everything else is false
diff --git a/lib/observer/src/observer_tv_wx.erl b/lib/observer/src/observer_tv_wx.erl
new file mode 100644
index 0000000000..b276965f83
--- /dev/null
+++ b/lib/observer/src/observer_tv_wx.erl
@@ -0,0 +1,353 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(observer_tv_wx).
+
+-export([start_link/2, display_table_info/4]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_event/2, handle_sync_event/3, handle_cast/2]).
+
+-behaviour(wx_object).
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+-include("observer_tv.hrl").
+
+-define(GRID, 500).
+-define(ID_REFRESH, 401).
+-define(ID_REFRESH_INTERVAL, 402).
+-define(ID_ETS, 403).
+-define(ID_MNESIA, 404).
+-define(ID_UNREADABLE, 405).
+-define(ID_SYSTEM_TABLES, 406).
+-define(ID_TABLE_INFO, 407).
+
+-record(opt, {type=ets,
+	      sys_hidden=true,
+	      unread_hidden=true,
+	      sort_key=2,
+	      sort_incr=true
+	     }).
+
+-record(state,
+	{
+	  parent,
+	  grid,
+	  node=node(),
+	  opt=#opt{},
+	  selected,
+	  tabs,
+	  timer
+	}).
+
+start_link(Notebook,  Parent) ->
+    wx_object:start_link(?MODULE, [Notebook, Parent], []).
+
+init([Notebook, Parent]) ->
+    Panel = wxPanel:new(Notebook),
+    Sizer = wxBoxSizer:new(?wxVERTICAL),
+    Style = ?wxLC_REPORT bor ?wxLC_SINGLE_SEL bor ?wxLC_HRULES,
+    Grid = wxListCtrl:new(Panel, [{winid, ?GRID}, {style, Style}]),
+    wxSizer:add(Sizer, Grid, [{flag, ?wxEXPAND bor ?wxALL},
+			      {proportion, 1}, {border, 5}]),
+    wxWindow:setSizer(Panel, Sizer),
+    Li = wxListItem:new(),
+    AddListEntry = fun({Name, Align, DefSize}, Col) ->
+			   wxListItem:setText(Li, Name),
+			   wxListItem:setAlign(Li, Align),
+			   wxListCtrl:insertColumn(Grid, Col, Li),
+			   wxListCtrl:setColumnWidth(Grid, Col, DefSize),
+			   Col + 1
+		   end,
+    ListItems = [{"Table Name", ?wxLIST_FORMAT_LEFT,  200},
+		 {"Table Id",   ?wxLIST_FORMAT_RIGHT, 100},
+		 {"Objects",    ?wxLIST_FORMAT_RIGHT, 100},
+		 {"Size (kB)",  ?wxLIST_FORMAT_RIGHT, 100},
+		 {"Owner Pid",  ?wxLIST_FORMAT_CENTER, 150},
+		 {"Owner Name", ?wxLIST_FORMAT_LEFT,  200}
+		],
+    lists:foldl(AddListEntry, 0, ListItems),
+    wxListItem:destroy(Li),
+
+    wxListCtrl:connect(Grid, command_list_item_activated),
+    wxListCtrl:connect(Grid, command_list_item_selected),
+    wxListCtrl:connect(Grid, command_list_col_click),
+    wxListCtrl:connect(Grid, size, [{skip, true}]),
+
+    wxWindow:setFocus(Grid),
+    {Panel, #state{grid=Grid, parent=Parent, timer={false, 10}}}.
+
+handle_event(#wx{id=?ID_REFRESH},
+	     State = #state{node=Node, grid=Grid, opt=Opt}) ->
+    Tables = get_tables(Node, Opt),
+    Tabs = update_grid(Grid, Opt, Tables),
+    {noreply, State#state{tabs=Tabs}};
+
+handle_event(#wx{event=#wxList{type=command_list_col_click, col=Col}},
+	     State = #state{node=Node, grid=Grid,
+			    opt=Opt0=#opt{sort_key=Key, sort_incr=Bool}}) ->
+    Opt = case Col+2 of
+	      Key -> Opt0#opt{sort_incr=not Bool};
+	      NewKey -> Opt0#opt{sort_key=NewKey}
+	  end,
+    Tables = get_tables(Node, Opt),
+    Tabs = update_grid(Grid, Opt, Tables),
+    wxWindow:setFocus(Grid),
+    {noreply, State#state{opt=Opt, tabs=Tabs}};
+
+handle_event(#wx{id=Id}, State = #state{node=Node, grid=Grid, opt=Opt0})
+  when Id >= ?ID_ETS, Id =< ?ID_SYSTEM_TABLES ->
+    Opt = case Id of
+	      ?ID_ETS -> Opt0#opt{type=ets};
+	      ?ID_MNESIA -> Opt0#opt{type=mnesia};
+	      ?ID_UNREADABLE -> Opt0#opt{unread_hidden= not Opt0#opt.unread_hidden};
+	      ?ID_SYSTEM_TABLES -> Opt0#opt{sys_hidden= not Opt0#opt.sys_hidden}
+	  end,
+    case get_tables2(Node, Opt) of
+	Error = {error, _} ->
+	    self() ! Error,
+	    {noreply, State};
+	Tables ->
+	    Tabs = update_grid(Grid, Opt, Tables),
+	    wxWindow:setFocus(Grid),
+	    {noreply, State#state{opt=Opt, tabs=Tabs}}
+    end;
+
+handle_event(#wx{event=#wxSize{size={W,_}}},  State=#state{grid=Grid}) ->
+    observer_lib:set_listctrl_col_size(Grid, W),
+    {noreply, State};
+
+handle_event(#wx{obj=Grid, event=#wxList{type=command_list_item_activated,
+					 itemIndex=Index}},
+	     State=#state{grid=Grid, node=Node, opt=#opt{type=Type}, tabs=Tabs}) ->
+    Table = lists:nth(Index+1, Tabs),
+    case Table#tab.protection of
+	private ->
+	    self() ! {error, "Table has 'private' protection and can not be read"};
+	_ ->
+	    observer_tv_table:start_link(Grid, [{node,Node}, {type,Type}, {table,Table}])
+    end,
+    {noreply, State};
+
+handle_event(#wx{event=#wxList{type=command_list_item_selected, itemIndex=Index}},
+	     State) ->
+    {noreply, State#state{selected=Index}};
+
+handle_event(#wx{id=?ID_TABLE_INFO},
+	     State = #state{grid=Grid, node=Node, opt=#opt{type=Type}, tabs=Tabs, selected=Sel}) ->
+    case Sel of
+	undefined ->
+	    {noreply, State};
+	R when is_integer(R) ->
+	    Table = lists:nth(Sel+1, Tabs),
+	    display_table_info(Grid, Node, Type, Table),
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?ID_REFRESH_INTERVAL},
+	     State = #state{grid=Grid, timer=Timer0}) ->
+    Timer = observer_lib:interval_dialog(Grid, Timer0, 10, 5*60),
+    {noreply, State#state{timer=Timer}};
+
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
+
+handle_sync_event(_Event, _Obj, _State) ->
+    ok.
+
+handle_call(Event, From, _State) ->
+    error({unhandled_call, Event, From}).
+
+handle_cast(Event, _State) ->
+    error({unhandled_cast, Event}).
+
+handle_info(refresh_interval, State = #state{node=Node, grid=Grid, opt=Opt}) ->
+    Tables = get_tables(Node, Opt),
+    Tabs = update_grid(Grid, Opt, Tables),
+    {noreply, State#state{tabs=Tabs}};
+
+handle_info({active, Node}, State = #state{parent=Parent, grid=Grid, opt=Opt,
+					   timer=Timer0}) ->
+    Tables = get_tables(Node, Opt),
+    Tabs = update_grid(Grid, Opt, Tables),
+    wxWindow:setFocus(Grid),
+    create_menus(Parent, Opt),
+    Timer = observer_lib:start_timer(Timer0),
+    {noreply, State#state{node=Node, tabs=Tabs, timer=Timer}};
+
+handle_info(not_active, State = #state{timer = Timer0}) ->
+    Timer = observer_lib:stop_timer(Timer0),
+    {noreply, State#state{timer=Timer}};
+
+handle_info({error, Error}, State) ->
+    handle_error(Error),
+    {noreply, State};
+
+handle_info(_Event, State) ->
+    {noreply, State}.
+
+terminate(_Event, _State) ->
+    ok.
+
+code_change(_, _, State) ->
+    State.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+create_menus(Parent, #opt{sys_hidden=Sys, unread_hidden=UnR, type=Type}) ->
+    MenuEntries = [{"View",
+		    [#create_menu{id = ?ID_TABLE_INFO, text = "Table information\tCtrl-I"},
+		     separator,
+		     #create_menu{id = ?ID_ETS, text = "&Ets Tables",
+				  type=radio, check=Type==ets},
+		     #create_menu{id = ?ID_MNESIA, text = "&Mnesia Tables",
+				  type=radio, check=Type==mnesia},
+		     separator,
+		     #create_menu{id = ?ID_UNREADABLE, text = "View &Unreadable Tables",
+				  type=check, check=not UnR},
+		     #create_menu{id = ?ID_SYSTEM_TABLES, text = "View &System Tables",
+				  type=check, check=not Sys},
+		     separator,
+		     #create_menu{id = ?ID_REFRESH, text = "Refresh\tCtrl-R"},
+		     #create_menu{id = ?ID_REFRESH_INTERVAL, text = "Refresh Interval..."}
+		    ]}],
+    observer_wx:create_menus(Parent, MenuEntries).
+
+get_tables(Node, Opts) ->
+    case get_tables2(Node, Opts) of
+	Error = {error, _} ->
+	    self() ! Error,
+	    [];
+	Res ->
+	    Res
+    end.
+get_tables2(Node, #opt{type=Type, sys_hidden=Sys, unread_hidden=Unread}) ->
+    Args = [Type, [{sys_hidden,Sys}, {unread_hidden,Unread}]],
+    case rpc:call(Node, observer_backend, get_table_list, Args) of
+	{badrpc, Error} ->
+	    {error, Error};
+	Error = {error, _} ->
+	    Error;
+	Result ->
+	    [list_to_tabrec(Tab) || Tab <- Result]
+    end.
+
+list_to_tabrec(PL) ->
+    #tab{name = proplists:get_value(name, PL),
+	 id = proplists:get_value(id, PL, ignore),
+	 size = proplists:get_value(size, PL, 0),
+	 memory= proplists:get_value(memory, PL, 0),   %% In bytes
+	 owner=proplists:get_value(owner, PL),
+	 reg_name=proplists:get_value(reg_name, PL),
+	 protection = proplists:get_value(protection, PL, public),
+	 type=proplists:get_value(type, PL, set),
+	 keypos=proplists:get_value(keypos, PL, 1),
+	 heir=proplists:get_value(heir, PL, none),
+	 compressed=proplists:get_value(compressed, PL, false),
+	 fixed=proplists:get_value(fixed, PL, false),
+	 %% Mnesia Info
+	 storage =proplists:get_value(storage, PL),
+	 index = proplists:get_value(index, PL)}.
+
+display_table_info(Parent0, Node, Source, Table) ->
+    Parent = observer_lib:get_wx_parent(Parent0),
+    Title = "Table Info: " ++ atom_to_list(Table#tab.name),
+    Frame = wxMiniFrame:new(Parent, ?wxID_ANY, Title,
+			    [{style, ?wxSYSTEM_MENU bor ?wxCAPTION
+				  bor ?wxCLOSE_BOX bor ?wxRESIZE_BORDER}]),
+
+    IdInfo = {"Identification and Owner",
+	      [{"Name", Table#tab.name},
+	       {"Id", case Table#tab.id of
+			  ignore -> Table#tab.name;
+			  Id -> Id
+		      end},
+	       {"Named table", Table#tab.id == ignore},
+	       {"Owner", Table#tab.owner},
+	       {"Owner Name", case Table#tab.reg_name of
+				  ignore -> "-";
+				  Id -> Id
+			      end},
+	       {"Heir", Table#tab.heir},
+	       {"Node", Node}]},
+    MnesiaSettings = case Source of
+			 ets -> [];
+			 mnesia ->
+			     [{"Local storage type", case Table#tab.storage of
+							 unknown -> "Not available";
+							 ST -> ST
+						     end},
+			      {"Index positions", list_to_strings(Table#tab.index)}]
+		     end,
+    Settings = {"Settings",
+		[{"Source",       Source},
+		 {"Key Position", Table#tab.keypos},
+		 {"Table Type",   Table#tab.type},
+		 {"Protection Mode", Table#tab.protection},
+		 {"Fixed",        Table#tab.fixed}
+		 | MnesiaSettings ]},
+    Memory = {"Memory Usage",
+	      [{"Number of objects", Table#tab.size},
+	       {"Memory allocated",  {bytes, Table#tab.memory}},
+	       {"Compressed",        Table#tab.compressed}]},
+
+    {_, Sizer, _} = observer_lib:display_info(Frame, [IdInfo,Settings,Memory]),
+    wxSizer:setSizeHints(Sizer, Frame),
+    wxFrame:center(Frame),
+    wxFrame:show(Frame).
+
+list_to_strings([]) -> "None";
+list_to_strings([A]) -> integer_to_list(A);
+list_to_strings([A|B]) ->
+    integer_to_list(A) ++ " ," ++ list_to_strings(B).
+
+handle_error(Foo) ->
+    Str = io_lib:format("ERROR: ~s~n",[Foo]),
+    observer_lib:display_info_dialog(Str).
+
+update_grid(Grid, Opt, Tables) ->
+    wx:batch(fun() -> update_grid2(Grid, Opt, Tables) end).
+update_grid2(Grid, #opt{sort_key=Sort,sort_incr=Dir}, Tables) ->
+    wxListCtrl:deleteAllItems(Grid),
+    Update =
+	fun(#tab{name = Name, id = Id, owner = Owner, size = Size, memory = Memory,
+		 protection = Protection, reg_name = RegName}, Row) ->
+		_Item = wxListCtrl:insertItem(Grid, Row, ""),
+		if (Row rem 2) =:= 0 ->
+			wxListCtrl:setItemBackgroundColour(Grid, Row, ?BG_EVEN);
+		   true -> ignore
+		end,
+		if Protection == private ->
+			wxListCtrl:setItemTextColour(Grid, Row, {200,130,50});
+		   true -> ignore
+		end,
+
+		lists:foreach(fun({_, ignore}) -> ignore;
+				 ({Col, Val}) ->
+				      wxListCtrl:setItem(Grid, Row, Col, observer_lib:to_str(Val))
+			      end,
+			      [{0,Name}, {1,Id}, {2,Size}, {3, Memory div 1024},
+			       {4,Owner}, {5,RegName}]),
+		Row + 1
+	end,
+    ProcInfo = case Dir of
+		   false -> lists:reverse(lists:keysort(Sort, Tables));
+		   true -> lists:keysort(Sort, Tables)
+	       end,
+    lists:foldl(Update, 0, ProcInfo),
+    ProcInfo.
diff --git a/lib/observer/src/observer_wx.erl b/lib/observer/src/observer_wx.erl
new file mode 100644
index 0000000000..5a593abf11
--- /dev/null
+++ b/lib/observer/src/observer_wx.erl
@@ -0,0 +1,562 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(observer_wx).
+
+-behaviour(wx_object).
+
+-export([start/0]).
+-export([create_menus/2, get_attrib/1, get_tracer/0,
+	 create_txt_dialog/4, try_rpc/4, return_to_localnode/2]).
+
+-export([init/1, handle_event/2, handle_cast/2, terminate/2, code_change/3,
+	 handle_call/3, handle_info/2, check_page_title/1]).
+
+%% Includes
+-include_lib("wx/include/wx.hrl").
+
+-include("observer_defs.hrl").
+
+%% Defines
+
+-define(ID_PING, 1).
+-define(ID_CONNECT, 2).
+-define(ID_NOTEBOOK, 3).
+
+-define(FIRST_NODES_MENU_ID, 1000).
+-define(LAST_NODES_MENU_ID,  2000).
+
+-define(TRACE_STR, "Trace Overview").
+
+%% Records
+-record(state,
+	{frame,
+	 menubar,
+	 menus = [],
+	 status_bar,
+	 notebook,
+	 main_panel,
+	 pro_panel,
+	 tv_panel,
+	 sys_panel,
+	 trace_panel,
+	 app_panel,
+	 active_tab,
+	 node,
+	 nodes
+	}).
+
+start() ->
+    case wx_object:start(?MODULE, [], []) of
+	Err = {error, _} -> Err;
+	_Obj -> ok
+    end.
+
+create_menus(Object, Menus) when is_list(Menus) ->
+    wx_object:call(Object, {create_menus, Menus}).
+
+get_attrib(What) ->
+    wx_object:call(observer, {get_attrib, What}).
+
+get_tracer() ->
+    wx_object:call(observer, get_tracer).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+init(_Args) ->
+    register(observer, self()),
+    wx:new(),
+    catch wxSystemOptions:setOption("mac.listctrl.always_use_generic", 1),
+    Frame = wxFrame:new(wx:null(), ?wxID_ANY, "Observer",
+			[{size, {850, 600}}, {style, ?wxDEFAULT_FRAME_STYLE}]),
+    IconFile = filename:join(code:priv_dir(observer), "erlang_observer.png"),
+    Icon = wxIcon:new(IconFile, [{type,?wxBITMAP_TYPE_PNG}]),
+    wxFrame:setIcon(Frame, Icon),
+    wxIcon:destroy(Icon),
+
+    State = #state{frame = Frame},
+    UpdState = setup(State),
+    net_kernel:monitor_nodes(true),
+    process_flag(trap_exit, true),
+    {Frame, UpdState}.
+
+setup(#state{frame = Frame} = State) ->
+    %% Setup Menubar & Menus
+    MenuBar = wxMenuBar:new(),
+
+    {Nodes, NodeMenus} = get_nodes(),
+    DefMenus = default_menus(NodeMenus),
+    observer_lib:create_menus(DefMenus, MenuBar, default),
+
+    wxFrame:setMenuBar(Frame, MenuBar),
+    StatusBar = wxFrame:createStatusBar(Frame, []),
+    wxFrame:setTitle(Frame, atom_to_list(node())),
+    wxStatusBar:setStatusText(StatusBar, atom_to_list(node())),
+
+    %% Setup panels
+    Panel = wxPanel:new(Frame, []),
+    Notebook = wxNotebook:new(Panel, ?ID_NOTEBOOK, [{style, ?wxBK_DEFAULT}]),
+
+    %% System Panel
+    SysPanel = observer_sys_wx:start_link(Notebook, self()),
+    wxNotebook:addPage(Notebook, SysPanel, "System", []),
+
+    %% Setup sizer create early to get it when window shows
+    MainSizer = wxBoxSizer:new(?wxVERTICAL),
+
+    wxSizer:add(MainSizer, Notebook, [{proportion, 1}, {flag, ?wxEXPAND}]),
+    wxPanel:setSizer(Panel, MainSizer),
+
+    wxNotebook:connect(Notebook, command_notebook_page_changing),
+    wxFrame:connect(Frame, close_window, [{skip, true}]),
+    wxMenu:connect(Frame, command_menu_selected),
+    wxFrame:show(Frame),
+
+    %% I postpone the creation of the other tabs so they can query/use
+    %% the window size
+
+    %% App Viewer Panel
+    AppPanel = observer_app_wx:start_link(Notebook, self()),
+    wxNotebook:addPage(Notebook, AppPanel, "Applications", []),
+
+    %% Process Panel
+    ProPanel = observer_pro_wx:start_link(Notebook, self()),
+    wxNotebook:addPage(Notebook, ProPanel, "Processes", []),
+
+    %% Table Viewer Panel
+    TVPanel = observer_tv_wx:start_link(Notebook, self()),
+    wxNotebook:addPage(Notebook, TVPanel, "Table Viewer", []),
+
+    %% Trace Viewer Panel
+    TracePanel = observer_trace_wx:start_link(Notebook, self()),
+    wxNotebook:addPage(Notebook, TracePanel, ?TRACE_STR, []),
+
+
+    %% Force redraw (window needs it)
+    wxWindow:refresh(Panel),
+
+    SysPid = wx_object:get_pid(SysPanel),
+    SysPid ! {active, node()},
+    UpdState = State#state{main_panel = Panel,
+			   notebook = Notebook,
+			   menubar = MenuBar,
+			   status_bar = StatusBar,
+			   sys_panel = SysPanel,
+			   pro_panel = ProPanel,
+			   tv_panel  = TVPanel,
+			   trace_panel = TracePanel,
+			   app_panel = AppPanel,
+			   active_tab = SysPid,
+			   node  = node(),
+			   nodes = Nodes
+			  },
+    %% Create resources which we don't want to duplicate
+    SysFont = wxSystemSettings:getFont(?wxSYS_SYSTEM_FIXED_FONT),
+    %% OemFont = wxSystemSettings:getFont(?wxSYS_OEM_FIXED_FONT),
+    %% io:format("Sz sys ~p(~p) oem ~p(~p)~n",
+    %% 	      [wxFont:getPointSize(SysFont), wxFont:isFixedWidth(SysFont),
+    %% 	       wxFont:getPointSize(OemFont), wxFont:isFixedWidth(OemFont)]),
+    Fixed = case wxFont:isFixedWidth(SysFont) of
+		true -> SysFont;
+		false -> %% Sigh
+		    SysFontSize = wxFont:getPointSize(SysFont),
+		    wxFont:new(SysFontSize, ?wxFONTFAMILY_MODERN, ?wxFONTSTYLE_NORMAL, ?wxFONTWEIGHT_NORMAL)
+	    end,
+    put({font, fixed}, Fixed),
+    UpdState.
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%Callbacks
+handle_event(#wx{event=#wxNotebook{type=command_notebook_page_changing}},
+	     #state{active_tab=Previous, node=Node} = State) ->
+    Pid = get_active_pid(State),
+    Previous ! not_active,
+    Pid ! {active, Node},
+    {noreply, State#state{active_tab=Pid}};
+
+handle_event(#wx{event = #wxClose{}}, State) ->
+    {stop, normal, State};
+
+handle_event(#wx{id = ?wxID_EXIT, event = #wxCommand{type = command_menu_selected}}, State) ->
+    {stop, normal, State};
+
+handle_event(#wx{id = ?wxID_HELP, event = #wxCommand{type = command_menu_selected}}, State) ->
+    External = "http://www.erlang.org/doc/apps/observer/index.html",
+    Internal = filename:join([code:lib_dir(observer),"doc", "html", "index.html"]),
+    Help = case filelib:is_file(Internal) of
+	       true -> Internal;
+	       false -> External
+	   end,
+    wx_misc:launchDefaultBrowser(Help) orelse
+	create_txt_dialog(State#state.frame, "Could not launch browser: ~n " ++ Help,
+			  "Error", ?wxICON_ERROR),
+    {noreply, State};
+
+handle_event(#wx{id = ?wxID_ABOUT, event = #wxCommand{type = command_menu_selected}},
+	     State = #state{frame=Frame}) ->
+    AboutString = "Observe an erlang system\n"
+	"Authors: Olle Mattson & Magnus Eriksson & Dan Gudmundsson",
+    Style = [{style, ?wxOK bor ?wxSTAY_ON_TOP},
+	     {caption, "About"}],
+    wxMessageDialog:showModal(wxMessageDialog:new(Frame, AboutString, Style)),
+    {noreply, State};
+
+
+handle_event(#wx{id = ?ID_CONNECT, event = #wxCommand{type = command_menu_selected}},
+	     #state{frame = Frame} = State) ->
+    UpdState = case create_connect_dialog(connect, State) of
+		   cancel ->
+		       State;
+		   {value, [], _, _} ->
+		       create_txt_dialog(Frame, "Node must have a name",
+					 "Error", ?wxICON_ERROR),
+		       State;
+		   {value, NodeName, LongOrShort, Cookie} -> %Shortname,
+		       try
+			   case connect(list_to_atom(NodeName), LongOrShort, list_to_atom(Cookie)) of
+			       {ok, set_cookie} ->
+				   change_node_view(node(), State);
+			       {error, set_cookie} ->
+				   create_txt_dialog(Frame, "Could not set cookie",
+						     "Error", ?wxICON_ERROR),
+				   State;
+			       {error, net_kernel, _Reason} ->
+				   create_txt_dialog(Frame, "Could not enable node",
+						     "Error", ?wxICON_ERROR),
+				   State
+			   end
+		       catch _:_ ->
+			       create_txt_dialog(Frame, "Could not enable node",
+						 "Error", ?wxICON_ERROR),
+			       State
+		       end
+	       end,
+    {noreply, UpdState};
+
+handle_event(#wx{id = ?ID_PING, event = #wxCommand{type = command_menu_selected}},
+	     #state{frame = Frame} = State) ->
+    UpdState = case create_connect_dialog(ping, State) of
+		   cancel ->  State;
+		   {value, Value} when is_list(Value) ->
+		       try
+			   Node = list_to_atom(Value),
+			   case net_adm:ping(Node) of
+			       pang ->
+				   create_txt_dialog(Frame, "Connect failed", "Pang", ?wxICON_EXCLAMATION),
+				   State;
+			       pong ->
+				   change_node_view(Node, State)
+			   end
+		       catch _:_ ->
+			       create_txt_dialog(Frame, "Connect failed", "Pang", ?wxICON_EXCLAMATION),
+			       State
+		       end
+	       end,
+    {noreply, UpdState};
+
+handle_event(#wx{id = Id, event = #wxCommand{type = command_menu_selected}}, State)
+  when Id > ?FIRST_NODES_MENU_ID, Id < ?LAST_NODES_MENU_ID ->
+
+    Node = lists:nth(Id - ?FIRST_NODES_MENU_ID, State#state.nodes),
+    UpdState = change_node_view(Node, State),
+    {noreply, UpdState};
+
+handle_event(Event, State) ->
+    Pid = get_active_pid(State),
+    Pid ! Event,
+    {noreply, State}.
+
+handle_cast(_Cast, State) ->
+    {noreply, State}.
+
+handle_call({create_menus, TabMenus}, _From,
+	    State = #state{menubar=MenuBar, menus=PrevTabMenus}) ->
+    if TabMenus == PrevTabMenus -> ignore;
+       true ->
+	    wx:batch(fun() ->
+			     clean_menus(PrevTabMenus, MenuBar),
+			     observer_lib:create_menus(TabMenus, MenuBar, plugin)
+		     end)
+    end,
+    {reply, ok, State#state{menus=TabMenus}};
+
+handle_call({get_attrib, Attrib}, _From, State) ->
+    {reply, get(Attrib), State};
+
+handle_call(get_tracer, _From, State=#state{trace_panel=TraceP}) ->
+    {reply, TraceP, State};
+
+handle_call(_Msg, _From, State) ->
+    {reply, ok, State}.
+
+handle_info({nodeup, _Node}, State) ->
+    State2 = update_node_list(State),
+    {noreply, State2};
+
+handle_info({nodedown, Node},
+	    #state{frame = Frame} = State) ->
+    State2 = case Node =:= State#state.node of
+		 true ->
+		     change_node_view(node(), State);
+		 false ->
+		     State
+	     end,
+    State3 = update_node_list(State2),
+    Msg = ["Node down: " | atom_to_list(Node)],
+    create_txt_dialog(Frame, Msg, "Node down", ?wxICON_EXCLAMATION),
+    {noreply, State3};
+
+handle_info({'EXIT', _Pid, _Reason}, State) ->
+    io:format("Child crashed exiting:  ~p ~p~n", [_Pid,_Reason]),
+    {stop, normal, State};
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, #state{frame = Frame}) ->
+    wxFrame:destroy(Frame),
+    ok.
+
+code_change(_, _, State) ->
+    {stop, not_yet_implemented, State}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+try_rpc(Node, Mod, Func, Args) ->
+    case
+	rpc:call(Node, Mod, Func, Args) of
+	{badrpc, Reason} ->
+	    error_logger:error_report([{node, Node},
+				       {call, {Mod, Func, Args}},
+				       {reason, {badrpc, Reason}}]),
+	    error({badrpc, Reason});
+	Res ->
+	    Res
+    end.
+
+return_to_localnode(Frame, Node) ->
+    case node() =/= Node of
+	true ->
+	    create_txt_dialog(Frame, "Error occured on remote node",
+			      "Error", ?wxICON_ERROR),
+	    disconnect_node(Node);
+	false ->
+	    ok
+    end.
+
+create_txt_dialog(Frame, Msg, Title, Style) ->
+    MD = wxMessageDialog:new(Frame, Msg, [{style, Style}]),
+    wxMessageDialog:setTitle(MD, Title),
+    wxDialog:showModal(MD),
+    wxDialog:destroy(MD).
+
+connect(NodeName, 0, Cookie) ->
+    connect2(NodeName, shortnames, Cookie);
+connect(NodeName, 1, Cookie) ->
+    connect2(NodeName, longnames, Cookie).
+
+connect2(NodeName, Opts, Cookie) ->
+    case net_adm:names() of
+	{ok, _} -> %% Epmd is running
+	    ok;
+	{error, address} ->
+	    Epmd = os:find_executable("epmd"),
+	    os:cmd(Epmd)
+    end,
+    case net_kernel:start([NodeName, Opts]) of
+	{ok, _} ->
+	    case is_alive() of
+		true ->
+		    erlang:set_cookie(node(), Cookie),
+		    {ok, set_cookie};
+		false ->
+		    {error, set_cookie}
+	    end;
+	{error, Reason} ->
+	    {error, net_kernel, Reason}
+    end.
+
+change_node_view(Node, State) ->
+    get_active_pid(State) ! {active, Node},
+    StatusText = ["Observer - " | atom_to_list(Node)],
+    wxFrame:setTitle(State#state.frame, StatusText),
+    wxStatusBar:setStatusText(State#state.status_bar, StatusText),
+    State#state{node = Node}.
+
+check_page_title(Notebook) ->
+    Selection = wxNotebook:getSelection(Notebook),
+    wxNotebook:getPageText(Notebook, Selection).
+
+get_active_pid(#state{notebook=Notebook, pro_panel=Pro, sys_panel=Sys,
+		      tv_panel=Tv, trace_panel=Trace, app_panel=App}) ->
+    Panel = case check_page_title(Notebook) of
+		"Processes" -> Pro;
+		"System" -> Sys;
+		"Table Viewer" -> Tv;
+		?TRACE_STR -> Trace;
+		"Applications" -> App
+	    end,
+    wx_object:get_pid(Panel).
+
+create_connect_dialog(ping, #state{frame = Frame}) ->
+    Dialog = wxTextEntryDialog:new(Frame, "Connect to node"),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Value = wxTextEntryDialog:getValue(Dialog),
+	    wxDialog:destroy(Dialog),
+	    {value, Value};
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    cancel
+    end;
+create_connect_dialog(connect, #state{frame = Frame}) ->
+    Dialog = wxDialog:new(Frame, ?wxID_ANY, "Distribute node "),
+
+    VSizer = wxBoxSizer:new(?wxVERTICAL),
+    RadioBoxSizer = wxBoxSizer:new(?wxHORIZONTAL),
+
+    Choices = ["Short name", "Long name"],
+    RadioBox = wxRadioBox:new(Dialog, 1, "",
+			      ?wxDefaultPosition,
+			      ?wxDefaultSize,
+			      Choices,
+			      [{majorDim, 2},
+			       {style, ?wxHORIZONTAL}]),
+
+    NameText = wxStaticText:new(Dialog, ?wxID_ANY, "Node name: "),
+    NameCtrl = wxTextCtrl:new(Dialog, ?wxID_ANY, [{size, {200, 25}}]),
+    wxTextCtrl:setValue(NameCtrl, "observer"),
+    CookieText = wxStaticText:new(Dialog, ?wxID_ANY, "Secret cookie: "),
+    CookieCtrl = wxTextCtrl:new(Dialog, ?wxID_ANY,
+				[{size, {200, 25}}, {style, ?wxTE_PASSWORD}]),
+
+    BtnSizer = wxDialog:createStdDialogButtonSizer(Dialog, ?wxID_DEFAULT),
+    Flags = [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}],
+    wxSizer:add(RadioBoxSizer, RadioBox, Flags),
+
+    wxSizer:add(VSizer, RadioBoxSizer, Flags),
+    wxSizer:addSpacer(VSizer, 10),
+    wxSizer:add(VSizer, NameText),
+    wxSizer:add(VSizer, NameCtrl, Flags),
+    wxSizer:addSpacer(VSizer, 10),
+    wxSizer:add(VSizer, CookieText),
+    wxSizer:add(VSizer, CookieCtrl, Flags),
+    wxSizer:addSpacer(VSizer, 10),
+    wxSizer:add(VSizer, BtnSizer, [{flag, ?wxALIGN_LEFT}]),
+
+    wxWindow:setSizer(Dialog, VSizer),
+    CookiePath = filename:join(os:getenv("HOME"), ".erlang.cookie"),
+    DefaultCookie = case filelib:is_file(CookiePath) of
+			true ->
+			    {ok, Bin} = file:read_file(CookiePath),
+			    binary_to_list(Bin);
+			false ->
+			    ""
+		    end,
+    wxTextCtrl:setValue(CookieCtrl, DefaultCookie),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    NameValue = wxTextCtrl:getValue(NameCtrl),
+	    NameLngthValue = wxRadioBox:getSelection(RadioBox),
+	    CookieValue = wxTextCtrl:getValue(CookieCtrl),
+	    wxDialog:destroy(Dialog),
+	    {value, NameValue, NameLngthValue, CookieValue};
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    cancel
+    end.
+
+default_menus(NodesMenuItems) ->
+    Quit  = #create_menu{id = ?wxID_EXIT, text = "Quit"},
+    About = #create_menu{id = ?wxID_ABOUT, text = "About"},
+    Help  = #create_menu{id = ?wxID_HELP},
+    NodeMenu = case erlang:is_alive() of
+		   true ->  {"Nodes", NodesMenuItems ++
+				 [#create_menu{id = ?ID_PING, text = "Connect Node"}]};
+		   false -> {"Nodes", NodesMenuItems ++
+				 [#create_menu{id = ?ID_CONNECT, text = "Enable distribution"}]}
+	       end,
+    case os:type() =:= {unix, darwin} of
+	false ->
+	    FileMenu = {"File", [Quit]},
+	    HelpMenu = {"Help", [About,Help]},
+	    [FileMenu, NodeMenu, HelpMenu];
+	true ->
+	    %% On Mac quit and about will be moved to the "default' place
+	    %% automagicly, so just add them to a menu that always exist.
+	    %% But not to the help menu for some reason
+	    {Tag, Menus} = NodeMenu,
+	    [{Tag, Menus ++ [Quit,About]}, {"&Help", [Help]}]
+    end.
+
+clean_menus(Menus, MenuBar) ->
+    remove_menu_items(Menus, MenuBar).
+
+remove_menu_items([{MenuStr = "File", Menus}|Rest], MenuBar) ->
+    MenuId = wxMenuBar:findMenu(MenuBar, MenuStr),
+    Menu = wxMenuBar:getMenu(MenuBar, MenuId),
+    Items = [wxMenu:findItem(Menu, Tag) || #create_menu{text=Tag} <- Menus],
+    [wxMenu:delete(Menu, MItem) || MItem <- Items],
+    case os:type() =:= {unix, darwin} of
+	true ->
+	    wxMenuBar:remove(MenuBar, MenuId),
+	    wxMenu:destroy(Menu);
+	false ->
+	    ignore
+    end,
+    remove_menu_items(Rest, MenuBar);
+remove_menu_items([{"Nodes", _}|_], _MB) ->
+    ok;
+remove_menu_items([{Tag, _Menus}|Rest], MenuBar) ->
+    MenuId = wxMenuBar:findMenu(MenuBar, Tag),
+    Menu = wxMenuBar:getMenu(MenuBar, MenuId),
+    wxMenuBar:remove(MenuBar, MenuId),
+    Items = wxMenu:getMenuItems(Menu),
+    [wxMenu:'Destroy'(Menu, Item) || Item <- Items],
+    wxMenu:destroy(Menu),
+    remove_menu_items(Rest, MenuBar);
+remove_menu_items([], _MB) ->
+    ok.
+
+get_nodes() ->
+    Nodes = [node()| nodes()],
+    {_, Menues} =
+	lists:foldl(fun(Node, {Id, Acc}) when Id < ?LAST_NODES_MENU_ID ->
+			    {Id + 1, [#create_menu{id=Id + ?FIRST_NODES_MENU_ID,
+						   text=atom_to_list(Node)} | Acc]}
+		    end, {1, []}, Nodes),
+    {Nodes, lists:reverse(Menues)}.
+
+update_node_list(State = #state{menubar=MenuBar}) ->
+    {Nodes, NodesMenuItems} = get_nodes(),
+    NodeMenuId = wxMenuBar:findMenu(MenuBar, "Nodes"),
+    NodeMenu = wxMenuBar:getMenu(MenuBar, NodeMenuId),
+    wx:foreach(fun(Item) -> wxMenu:'Destroy'(NodeMenu, Item) end,
+	       wxMenu:getMenuItems(NodeMenu)),
+
+    Index = wx:foldl(fun(Record, Index) ->
+			     observer_lib:create_menu_item(Record, NodeMenu, Index)
+		     end, 0, NodesMenuItems),
+
+    Dist = case erlang:is_alive() of
+	       true  -> #create_menu{id = ?ID_PING, text = "Connect node"};
+	       false -> #create_menu{id = ?ID_CONNECT, text = "Enable distribution"}
+	   end,
+    observer_lib:create_menu_item(Dist, NodeMenu, Index),
+    State#state{nodes = Nodes}.
diff --git a/lib/observer/src/ttb.erl b/lib/observer/src/ttb.erl
index 221b71df6a..61fd6d1787 100644
--- a/lib/observer/src/ttb.erl
+++ b/lib/observer/src/ttb.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -18,9 +18,11 @@
 %%
 -module(ttb).
 -author('[email protected]').
+-author('[email protected]').
 
 %% API
--export([tracer/0,tracer/1,tracer/2,p/2,stop/0,stop/1]).
+-export([tracer/0,tracer/1,tracer/2,p/2,stop/0,stop/1,start_trace/4]).
+-export([get_et_handler/0]).
 -export([tp/2, tp/3, tp/4, ctp/0, ctp/1, ctp/2, ctp/3, tpl/2, tpl/3, tpl/4, 
 	 ctpl/0, ctpl/1, ctpl/2, ctpl/3, ctpg/0, ctpg/1, ctpg/2, ctpg/3]).
 -export([seq_trigger_ms/0,seq_trigger_ms/1]).
@@ -34,24 +36,38 @@
 
 -include_lib("kernel/include/file.hrl").
 -define(meta_time,5000).
+-define(fetch_time, 10000).
 -define(history_table,ttb_history_table).
 -define(seq_trace_flags,[send,'receive',print,timestamp]).
--define(upload_dir,"ttb_upload").
+-define(upload_dir(Logname),"ttb_upload_"++Logname).
+-define(last_config, "ttb_last_config").
+-define(partial_dir, "ttb_partial_result").
 -ifdef(debug).
--define(get_status,;get_status -> erlang:display(dict:to_list(NodeInfo)),loop(NodeInfo)).
+-define(get_status,;get_status -> erlang:display(dict:to_list(NodeInfo),loop(NodeInfo, TraceInfo)).
 -else.
 -define(get_status,).
 -endif.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%% Shortcut
+start_trace(Nodes, Patterns, {Procs, Flags}, Options) ->
+    {ok, _} = tracer(Nodes, Options),
+    [{ok, _} = apply(?MODULE, tpl, tuple_to_list(Args)) || Args <- Patterns],
+    {ok, _} = p(Procs, Flags).
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Open a trace port on all given nodes and create the meta data file
 tracer() -> tracer(node()).
+tracer(shell) -> tracer(node(), shell);
+tracer(dbg) -> tracer(node(), {shell, only});
 tracer(Nodes) -> tracer(Nodes,[]).
 tracer(Nodes,Opt) ->
-    start(),
-    store(tracer,[Nodes,Opt]),
     {PI,Client,Traci} = opt(Opt),
-    do_tracer(Nodes,PI,Client,Traci).
+    %%We use initial Traci as SessionInfo for loop/2
+    Pid = start(Traci),
+    store(tracer,[Nodes,Opt]),
+    do_tracer(Nodes,PI,Client,[{ttb_control, Pid}|Traci]).
 
 do_tracer(Nodes0,PI,Client,Traci) ->
     Nodes = nods(Nodes0),
@@ -59,24 +75,41 @@ do_tracer(Nodes0,PI,Client,Traci) ->
     do_tracer(Clients,PI,Traci).
 
 do_tracer(Clients,PI,Traci) ->
-    {ClientSucc,Succ} = 
+    Shell = proplists:get_value(shell, Traci, false),
+    DefShell = fun(Trace) -> dbg:dhandler(Trace, standard_io) end,
+    {ClientSucc,Succ} =
 	lists:foldl(
-	  fun({N,{local,File},TF},{CS,S}) -> 
-		  [_Sname,Host] = string:tokens(atom_to_list(N),"@"),
+	  fun({N,{local,File},TF},{CS,S}) ->
+                  {TF2, FileInfo, ShellOutput} =
+		      case Shell of
+			  only  -> {none, shell_only, DefShell};
+			  true  -> {TF, {file,File}, DefShell};
+			  {only,Fun} -> {none, shell_only, Fun};
+			  Fun when is_function(Fun) -> {TF, {file,File}, Fun};
+			  _    -> {TF, {file,File}, false}
+		      end,
+		  Host = case N of
+			     nonode@nohost ->
+				 {ok, H} = inet:gethostname(),
+				 H;
+			     _ ->
+				 [_,H] = string:tokens(atom_to_list(N),"@"),
+				 H
+			 end,
 		  case catch dbg:tracer(N,port,dbg:trace_port(ip,0)) of
 		      {ok,N} ->
 			  {ok,Port} = dbg:trace_port_control(N,get_listen_port),
 			  {ok,T} = dbg:get_tracer(N),
 			  rpc:call(N,seq_trace,set_system_tracer,[T]),
 			  dbg:trace_client(ip,{Host,Port},
-					   {fun ip_to_file/2,{file,File}}),
-			  {[{N,{local,File,Port},TF}|CS], [N|S]};
+					   {fun ip_to_file/2,{FileInfo, ShellOutput}}),
+			  {[{N,{local,File,Port},TF2}|CS], [N|S]};
 		      Other ->
 			  display_warning(N,{cannot_open_ip_trace_port,
 					     Host,
 					     Other}),
 			  {CS, S}
-		     end;
+		  end;
 	     ({N,C,_}=Client,{CS,S}) -> 
 		  case catch dbg:tracer(N,port,dbg:trace_port(file,C)) of
 		      {ok,N} -> 
@@ -98,17 +131,54 @@ do_tracer(Clients,PI,Traci) ->
 	    {ok,Succ}
     end.
 
+opt(Opt) when is_list(Opt) ->
+    opt(Opt,{true,?MODULE,[]});
 opt(Opt) ->
-    opt(Opt,{true,?MODULE,[]}).
+    opt([Opt]).
 
 opt([{process_info,PI}|O],{_,Client,Traci}) ->
     opt(O,{PI,Client,Traci});
 opt([{file,Client}|O],{PI,_,Traci}) ->
-    opt(O,{PI,Client,Traci});
+    opt(O,{PI,Client,[{logfile,get_logname(Client)}|Traci]});
 opt([{handler,Handler}|O],{PI,Client,Traci}) ->
     opt(O,{PI,Client,[{handler,Handler}|Traci]});
+opt([{timer, {MSec, StopOpts}}|O],{PI,Client,Traci}) ->
+    opt(O,{PI,Client,[{timer,{MSec, StopOpts}}|Traci]});
+opt([{timer, MSec}|O],{PI,Client,Traci}) ->
+    opt(O,{PI,Client,[{timer,{MSec, []}}|Traci]});
+opt([{overload_check, {MSec,M,F}}|O],{PI,Client,Traci}) ->
+    opt(O,{PI,Client,[{overload_check,{MSec,M,F}}|Traci]});
+opt([shell|O],{PI,Client,Traci}) ->
+    opt(O,{PI,Client,[{shell, true}|Traci]});
+opt([{shell,Type}|O],{PI,Client,Traci}) ->
+    opt(O,{PI,Client,[{shell, Type}|Traci]});
+opt([resume|O],{PI,Client,Traci}) ->
+    opt(O,{PI,Client,[{resume, {true, ?fetch_time}}|Traci]});
+opt([{resume,MSec}|O],{PI,Client,Traci}) ->
+    opt(O,{PI,Client,[{resume, {true, MSec}}|Traci]});
+opt([{flush,MSec}|O],{PI,Client,Traci}) ->
+    opt(O,{PI,Client,[{flush, MSec}|Traci]});
 opt([],Opt) ->
-    Opt.
+    ensure_opt(Opt).
+
+ensure_opt({PI,Client,Traci}) ->
+    case {proplists:get_value(flush, Traci), Client} of
+        {undefined, _}  -> ok;
+        {_, {local, _}} -> exit(flush_unsupported_with_ip_trace_port);
+        {_,_}           -> ok
+    end,
+    NeedIpTracer = proplists:get_value(shell, Traci, false) /= false,
+    case {NeedIpTracer, Client} of
+        {false, _}        -> {PI, Client, Traci};
+        {true, ?MODULE}       -> {PI, {local, ?MODULE}, Traci};
+        {true, {local, File}} -> {PI, {local, File}, Traci};
+        {true, _}             -> exit(local_client_required_on_shell_tracing)
+    end.
+
+get_logname({local, F}) -> get_logname(F);
+get_logname({wrap, F}) -> filename:basename(F);
+get_logname({wrap, F, _, _}) -> filename:basename(F);
+get_logname(F) -> filename:basename(F).
 
 nods(all) ->
     Nodes1 = remove_active([node()|nodes()]),
@@ -205,17 +275,29 @@ run_history([H|T]) ->
 	ok -> run_history(T);
 	{error,not_found} -> {error,{not_found,H}}
     end;
+
+run_history(all) ->
+    CurrentHist = ets:tab2list(?history_table),
+    ets:delete_all_objects(?history_table),
+    [run_printed(MFA,true) || {_, MFA} <- CurrentHist];
+run_history(all_silent) ->
+    CurrentHist = ets:tab2list(?history_table),
+    ets:delete_all_objects(?history_table),
+    [run_printed(MFA,false) || {_, MFA} <- CurrentHist];
 run_history([]) ->
     ok;
 run_history(N) ->
     case catch ets:lookup(?history_table,N) of
 	[{N,{M,F,A}}] -> 
-	    print_func(M,F,A),
-	    R = apply(M,F,A),
-	    print_result(R);
+            run_printed({M,F,A},true);
 	_ -> 
 	    {error, not_found}
     end.
+
+run_printed({M,F,A},Verbose) ->
+    Verbose andalso print_func(M,F,A),
+    R = apply(M,F,A),
+    Verbose andalso print_result(R).
 	
 write_config(ConfigFile,all) ->
     write_config(ConfigFile,['_']);
@@ -223,6 +305,8 @@ write_config(ConfigFile,Config) ->
     write_config(ConfigFile,Config,[]).
 write_config(ConfigFile,all,Opt) ->
     write_config(ConfigFile,['_'],Opt);
+write_config(ConfigFile,Config,Opt) when not(is_list(Opt)) ->
+    write_config(ConfigFile,Config,[Opt]);
 write_config(ConfigFile,Nums,Opt) when is_list(Nums), is_integer(hd(Nums)); 
 				       Nums=:=['_'] ->
     F = fun(N) -> ets:select(?history_table,
@@ -313,6 +397,7 @@ arg_list([A1|A],Acc) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Set trace flags on processes
 p(Procs0,Flags0) ->
+    ensure_no_overloaded_nodes(),
     store(p,[Procs0,Flags0]),
     no_store_p(Procs0,Flags0).
 no_store_p(Procs0,Flags0) ->
@@ -327,11 +412,12 @@ no_store_p(Procs0,Flags0) ->
 					     {error,Reason} -> 
 						 display_warning(P,Reason),
 						 {PMatched,Ps}
-					 end
+						     end
 			     end,{[],[]},Procs) of
 		{[],[]} -> {error, no_match};
 		{SuccMatched,Succ} ->
 		    no_store_write_trace_info(flags,{Succ,Flags}),
+		    ?MODULE ! trace_started,
 		    {ok,SuccMatched}
 	    end
     end.
@@ -339,7 +425,7 @@ no_store_p(Procs0,Flags0) ->
 transform_flags([clear]) ->
     [clear];
 transform_flags(Flags) ->
-    dbg:transform_flags(Flags).
+    dbg:transform_flags([timestamp | Flags]).
 
 
 procs(Procs) when is_list(Procs) ->
@@ -365,24 +451,30 @@ proc({global,Name}) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Trace pattern
 tp(A,B) ->
-    store(tp,[A,B]),
-    dbg:tp(A,B).
+    ensure_no_overloaded_nodes(),
+    store(tp,[A,ms(B)]),
+    dbg:tp(A,ms(B)).
 tp(A,B,C) ->
-    store(tp,[A,B,C]),
-    dbg:tp(A,B,C).
+    ensure_no_overloaded_nodes(),
+    store(tp,[A,B,ms(C)]),
+    dbg:tp(A,B,ms(C)).
 tp(A,B,C,D) ->
-    store(tp,[A,B,C,D]),
-    dbg:tp(A,B,C,D).
+    ensure_no_overloaded_nodes(),
+    store(tp,[A,B,C,ms(D)]),
+    dbg:tp(A,B,C,ms(D)).
 
 tpl(A,B) ->
-    store(tpl,[A,B]),
-    dbg:tpl(A,B).
+    ensure_no_overloaded_nodes(),
+    store(tpl,[A,ms(B)]),
+    dbg:tpl(A,ms(B)).
 tpl(A,B,C) ->
-    store(tpl,[A,B,C]),
-    dbg:tpl(A,B,C).
+    ensure_no_overloaded_nodes(),
+    store(tpl,[A,B,ms(C)]),
+    dbg:tpl(A,B,ms(C)).
 tpl(A,B,C,D) ->
-    store(tpl,[A,B,C,D]),
-    dbg:tpl(A,B,C,D).
+    ensure_no_overloaded_nodes(),
+    store(tpl,[A,B,C,ms(D)]),
+    dbg:tpl(A,B,C,ms(D)).
 
 ctp() ->
     store(ctp,[]),
@@ -423,6 +515,56 @@ ctpg(A,B,C) ->
     store(ctpg,[A,B,C]),
     dbg:ctpg(A,B,C).
 
+ms(return) ->
+    [{'_',[],[{return_trace}]}];
+ms(caller) ->
+    [{'_',[],[{message,{caller}}]}];
+ms({codestr, FunStr}) ->
+    {ok, MS} = string2ms(FunStr),
+    MS;
+ms(Other) ->
+    Other.
+
+ensure_no_overloaded_nodes() ->
+    Overloaded = case whereis(?MODULE) of
+                     undefined ->
+                         [];
+                     _ ->
+                         ?MODULE ! {get_overloaded, self()},
+                         receive {overloaded,O} -> O end
+                 end,
+    case Overloaded of
+        [] -> ok;
+        Overloaded -> exit({error, overload_protection_active, Overloaded})
+    end.
+
+-spec string2ms(string()) -> {ok, list()} | {error, fun_format}.
+string2ms(FunStr) ->
+    case erl_scan:string(fix_dot(FunStr)) of
+	{ok, Tokens, _} ->
+	    case erl_parse:parse_exprs(Tokens) of
+		{ok, [Expression]} ->
+		    case Expression of
+			{_, _, {clauses, Clauses}} ->
+			    {ok, ms_transform:transform_from_shell(dbg, Clauses, [])};
+			_ ->
+			    {error, fun_format}
+		    end;
+		_ ->
+		    {error, fun_format}
+	    end;
+	_ ->{error, fun_format}
+    end.
+
+-spec fix_dot(string()) -> string().
+fix_dot(FunStr) ->
+    [H | Rest]  = lists:reverse(FunStr),
+    case H of
+	$. ->
+	    FunStr;
+	H ->
+	    lists:reverse([$., H | Rest])
+    end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Support for sequential trace
@@ -457,66 +599,114 @@ no_store_write_trace_info(Key,What) ->
 %%% Stop tracing on all nodes
 stop() ->
     stop([]).
-stop(Opts) ->
+stop(Opts) when is_list(Opts) ->
     Fetch = stop_opts(Opts),
-    case whereis(?MODULE) of
-	undefined -> ok;
-	Pid when is_pid(Pid) -> 
-	    ?MODULE ! {stop,Fetch,self()},
-	    receive {?MODULE,stopped} -> ok end
+    Result =
+        case whereis(?MODULE) of
+            undefined -> ok;
+            Pid when is_pid(Pid) ->
+                ?MODULE ! {stop,Fetch,self()},
+                receive {?MODULE,R} -> R end
+        end,
+    case {Fetch, Result} of
+        {nofetch, _} ->
+            ok;
+        {_, {stopped, _}} ->
+            %% Printout moved out of the ttb loop to avoid occasional deadlock
+            io:format("Stored logs in ~s~n", [element(2, Result)]);
+        {_, _} ->
+            ok
     end,
-    stopped.
+    stop_return(Result,Opts);
+stop(Opts) ->
+    stop([Opts]).
 
 stop_opts(Opts) ->
-    case lists:member(format,Opts) of
-	true -> 
-	    format; % format implies fetch
-	false -> 
-	    case lists:member(fetch,Opts) of
-		true -> fetch;
-		false -> nofetch
-	    end
+    FetchDir = proplists:get_value(fetch_dir, Opts),
+    ensure_fetch_dir(FetchDir),
+    FormatData = case proplists:get_value(format, Opts) of
+                     undefined -> false;
+                     true ->      {format, []};
+                     FOpts ->     {format, FOpts}
+                 end,
+    case {FormatData, lists:member(return_fetch_dir, Opts)} of
+	{false, true} ->
+	    {fetch, FetchDir}; % if we specify return_fetch_dir, the data should be fetched
+	{false, false} ->
+	    case lists:member(nofetch,Opts) of
+		    false -> {fetch, FetchDir};
+		    true -> nofetch
+	    end;
+    {FormatData, _} ->
+            {FormatData, FetchDir}
+    end.
+
+ensure_fetch_dir(undefined) -> ok;
+ensure_fetch_dir(Dir) ->
+    case filelib:is_file(Dir) of
+	true ->
+	    throw({error, exists, Dir});
+	false ->
+	   ok
+    end.
+
+stop_return(R,Opts) ->
+    case {lists:member(return_fetch_dir,Opts),R} of
+        {true,_} ->
+            R;
+        {false,{stopped,_}} ->
+            stopped;
+        {false,_} ->
+            %% Anything other than 'stopped' would not be bw compatible...
+            stopped
     end.
 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Process implementation
-start() ->
+start(SessionInfo) ->
     case whereis(?MODULE) of
 	undefined ->
 	    Parent = self(),
-	    Pid = spawn(fun() -> init(Parent) end),
-	    receive {started,Pid} -> ok end;
+	    Pid = spawn(fun() -> init(Parent, SessionInfo) end),
+	    receive {started,Pid} -> ok end,
+            Pid;
 	Pid when is_pid(Pid) ->
-	    ok
+	    Pid
     end.
 
-
-init(Parent) ->
+init(Parent, SessionInfo) ->
     register(?MODULE,self()),
     ets:new(?history_table,[ordered_set,named_table,public]),
     Parent ! {started,self()},
-    loop(dict:new()).
+    NewSessionInfo = [{partials, 0}, {dead_nodes, []} | SessionInfo],
+    try_send_flush_tick(NewSessionInfo),
+    loop(dict:new(), NewSessionInfo).
 
-loop(NodeInfo) ->
+loop(NodeInfo, SessionInfo) ->
     receive 
 	{init_node,Node,MetaFile,PI,Traci} ->
 	    erlang:monitor_node(Node,true),
-	    MetaPid = 
+	    {AbsoluteMetaFile, MetaPid} =
 		case rpc:call(Node,
 			      observer_backend,
 			      ttb_init_node,
 			      [MetaFile,PI,Traci]) of
-		    {ok,MP} ->
-			MP;
+		    {ok,MF,MP} ->
+			{MF,MP};
 		    {badrpc,nodedown} ->
 			%% We will get a nodedown message
-			undefined
+			{MetaFile,undefined}
 		end,
-	    loop(dict:store(Node,{MetaFile,MetaPid},NodeInfo));
+	    loop(dict:store(Node,{AbsoluteMetaFile,MetaPid},NodeInfo), SessionInfo);
+	{ip_to_file_trace_port,Port,Sender} ->
+	    Ports = proplists:get_value(ip_to_file_trace_ports, SessionInfo, []),
+	    NewSessionInfo = [{ip_to_file_trace_ports,[Port|Ports]}|SessionInfo],
+	    Sender ! {?MODULE,ok},
+	    loop(NodeInfo, NewSessionInfo);
 	{get_nodes,Sender} ->
 	    Sender ! {?MODULE,dict:fetch_keys(NodeInfo)},
-	    loop(NodeInfo);
+	    loop(NodeInfo, SessionInfo);
 	{write_trace_info,Key,What} ->
 	    dict:fold(fun(Node,{_MetaFile,MetaPid},_) -> 
 			      rpc:call(Node,observer_backend,
@@ -524,55 +714,136 @@ loop(NodeInfo) ->
 		      end,
 		      ok,
 		      NodeInfo),
-	    loop(NodeInfo);
+	    loop(NodeInfo, SessionInfo);
 	{nodedown,Node} ->
-	    loop(dict:erase(Node,NodeInfo));
+            NewState = make_node_dead(Node, NodeInfo, SessionInfo),
+	    loop(dict:erase(Node,NodeInfo), NewState);
+        {noderesumed,Node,Reporter} ->
+            {MetaFile, CurrentSuffix, NewState} = make_node_alive(Node, SessionInfo),
+            fetch_partial_result(Node, MetaFile, CurrentSuffix),
+            spawn(fun() -> resume_trace(Reporter) end),
+            loop(NodeInfo, NewState);
+	{timeout, StopOpts} ->
+	    spawn(?MODULE, stop, [StopOpts]),
+	    loop(NodeInfo, SessionInfo);
+        {node_overloaded, Node} ->
+            io:format("Overload check activated on node: ~p.~n", [Node]),
+            {Overloaded, SI} = {proplists:get_value(overloaded, SessionInfo, []),
+                                lists:keydelete(overloaded, 1, SessionInfo)},
+	    loop(NodeInfo, [{overloaded, [Node|Overloaded]} | SI]);
+        {get_overloaded, Pid} ->
+            Pid ! {overloaded,proplists:get_value(overloaded, SessionInfo, [])},
+            loop(NodeInfo, SessionInfo);
+	trace_started ->
+	    case proplists:get_value(timer, SessionInfo) of
+		undefined -> ok;
+		{MSec, StopOpts}  -> erlang:send_after(MSec, self(), {timeout, StopOpts})
+	    end,
+	    loop(NodeInfo, SessionInfo);
+        flush_timeout ->
+            [ dbg:flush_trace_port(Node) || Node <- dict:fetch_keys(NodeInfo) ],
+            try_send_flush_tick(SessionInfo),
+            loop(NodeInfo, SessionInfo);
 	{stop,nofetch,Sender} ->
-	    dict:fold(
-	      fun(Node,{_,MetaPid},_) -> 
-		      rpc:call(Node,observer_backend,ttb_stop,[MetaPid])
-	      end,
-	      ok,
-	      NodeInfo),
-	    dbg:stop_clear(),
-	    ets:delete(?history_table),
-	    Sender ! {?MODULE,stopped};
-	{stop,FetchOrFormat,Sender} ->
-	    Localhost = host(node()),
-	    Dir = ?upload_dir++ts(),
- 	    file:make_dir(Dir),
-	    %% The nodes are traversed twice here because
-	    %% the meta tracing in observer_backend must be
-	    %% stopped before dbg is stopped, and dbg must
-	    %% be stopped before the trace logs are moved orelse
-	    %% windows complains.
-	    AllNodesAndMeta = 
-		dict:fold(
-		  fun(Node,{MetaFile,MetaPid},Nodes) -> 
-			  rpc:call(Node,observer_backend,ttb_stop,[MetaPid]),
-			  [{Node,MetaFile}|Nodes]
-		  end,
-		  [],
-		  NodeInfo),
-	    dbg:stop_clear(),
-	    AllNodes = 
-		lists:map(
-		  fun({Node,MetaFile}) ->
-			  spawn(fun() -> fetch(Localhost,Dir,Node,MetaFile) end),
-			  Node
+            do_stop(nofetch, Sender, NodeInfo, SessionInfo);
+	{stop,FetchSpec,Sender} ->
+            case proplists:get_value(shell, SessionInfo, false) of
+                only -> do_stop(nofetch, Sender, NodeInfo, SessionInfo);
+                _    -> do_stop(FetchSpec, Sender, NodeInfo, SessionInfo)
+            end
+    end.
+
+do_stop(nofetch, Sender, NodeInfo, SessionInfo) ->
+    write_config(?last_config, all),
+    dict:fold(
+      fun(Node,{_,MetaPid},_) ->
+              rpc:call(Node,observer_backend,ttb_stop,[MetaPid])
+      end,
+      ok,
+      NodeInfo),
+    stop_ip_to_file_trace_ports(SessionInfo),
+    dbg:stop_clear(),
+    ets:delete(?history_table),
+    Sender ! {?MODULE, stopped};
+
+do_stop({FetchOrFormat, UserDir}, Sender, NodeInfo, SessionInfo) ->
+    write_config(?last_config, all),
+    Localhost = host(node()),
+    Dir = get_fetch_dir(UserDir, proplists:get_value(logfile, SessionInfo)),
+    file:make_dir(Dir),
+    %% The nodes are traversed twice here because
+    %% the meta tracing in observer_backend must be
+    %% stopped before dbg is stopped, and dbg must
+    %% be stopped before the trace logs are moved orelse
+    %% windows complains.
+    AllNodesAndMeta =
+        dict:fold(
+          fun(Node,{MetaFile,MetaPid},Nodes) ->
+                  rpc:call(Node,observer_backend,ttb_stop,[MetaPid]),
+                  [{Node,MetaFile}|Nodes]
+          end,
+          [],
+          NodeInfo),
+    stop_ip_to_file_trace_ports(SessionInfo),
+    dbg:stop_clear(),
+    AllNodes =
+        lists:map(
+          fun({Node,MetaFile}) ->
+                  spawn(fun() -> fetch_report(Localhost,Dir,Node,MetaFile) end),
+                  Node
+          end,
+          AllNodesAndMeta),
+    ets:delete(?history_table),
+    wait_for_fetch(AllNodes),
+    copy_partials(Dir, proplists:get_value(partials, SessionInfo)),
+    Absname = filename:absname(Dir),
+    case FetchOrFormat of
+        fetch -> ok;
+        {format, Opts} -> format(Dir, Opts)
+    end,
+    Sender ! {?MODULE,{stopped,Absname}}.
+
+stop_ip_to_file_trace_ports(SessionInfo) ->
+    lists:foreach(fun(Port) ->
+			  case lists:member(Port,erlang:ports()) of
+			      true ->
+				  dbg:deliver_and_flush(Port),
+				  erlang:port_close(Port);
+			      false ->
+				  ok
+			  end
 		  end,
-		  AllNodesAndMeta),
-	    ets:delete(?history_table),
-	    wait_for_fetch(AllNodes),
-	    io:format("Stored logs in ~s~n",[filename:absname(Dir)]),
-	    case FetchOrFormat of
-		format -> format(Dir);
-		fetch -> ok
-	    end,
-	    Sender ! {?MODULE,stopped}
-         ?get_status
+		  proplists:get_value(ip_to_file_trace_ports,SessionInfo,[])).
+
+
+make_node_dead(Node, NodeInfo, SessionInfo) ->
+    {MetaFile,_} = dict:fetch(Node, NodeInfo),
+    NewDeadNodes = [{Node, MetaFile} | proplists:get_value(dead_nodes, SessionInfo)],
+    [{dead_nodes, NewDeadNodes} | lists:keydelete(dead_nodes, 1, SessionInfo)].
+
+make_node_alive(Node, SessionInfo) ->
+            DeadNodes = proplists:get_value(dead_nodes, SessionInfo),
+            Partials = proplists:get_value(partials, SessionInfo),
+            {value, {_, MetaFile}, Dn2} = lists:keytake(Node, 1, DeadNodes),
+            SessionInfo2 = lists:keyreplace(dead_nodes, 1, SessionInfo, {dead_nodes, Dn2}),
+            {MetaFile, Partials + 1, lists:keyreplace(partials, 1, SessionInfo2, {partials, Partials + 1})}.
+
+try_send_flush_tick(State) ->
+    case proplists:get_value(flush, State) of
+        undefined ->
+            ok;
+        MSec ->
+            erlang:send_after(MSec, self(), flush_timeout)
     end.
 
+get_fetch_dir(undefined,undefined) -> ?upload_dir(?MODULE_STRING) ++ ts();
+get_fetch_dir(undefined,Logname) -> ?upload_dir(Logname) ++ ts();
+get_fetch_dir(Dir,_) -> Dir.
+
+resume_trace(Reporter) ->
+    ?MODULE:run_history(all_silent),
+    Reporter ! trace_resumed.
+
 get_nodes() ->
     ?MODULE ! {get_nodes,self()},
     receive {?MODULE,Nodes} -> Nodes end.
@@ -582,19 +853,40 @@ ts() ->
     io_lib:format("-~4.4.0w~2.2.0w~2.2.0w-~2.2.0w~2.2.0w~2.2.0w",
 		  [Y,M,D,H,Min,S]).
 
+copy_partials(_, 0) ->
+    ok;
+copy_partials(Dir, Num) ->
+    PartialDir = ?partial_dir ++ integer_to_list(Num),
+    file:rename(PartialDir, filename:join(Dir,PartialDir)),
+    copy_partials(Dir, Num - 1).
+
+fetch_partial_result(Node,MetaFile,Current) ->
+    DirName = ?partial_dir ++ integer_to_list(Current),
+    case file:list_dir(DirName) of
+        {error, enoent} ->
+            ok;
+        {ok, Files} ->
+            [ file:delete(filename:join(DirName, File)) || File <- Files ],
+            file:del_dir(DirName)
+    end,
+    file:make_dir(DirName),
+    fetch(host(node()), DirName, Node, MetaFile).
 
+fetch_report(Localhost, Dir, Node, MetaFile) ->
+    fetch(Localhost,Dir,Node,MetaFile),
+    ?MODULE ! {fetch_complete,Node}.
 
 fetch(Localhost,Dir,Node,MetaFile) ->
-    case host(Node) of
-	Localhost -> % same host, just move the files
-	    Files = rpc:call(Node,observer_backend,ttb_get_filenames,[MetaFile]),
+    case (host(Node) == Localhost) orelse is_local(MetaFile) of
+    true -> % same host, just move the files
+	    Files = get_filenames(Node,MetaFile),
 	    lists:foreach(
-	      fun(File0) ->
-		      File = filename:join(Dir,filename:basename(File0)),
-		      file:rename(File0,File)
-	      end,
-	      Files);
-	_Otherhost ->
+            fun(File0) ->
+                Dest = filename:join(Dir,filename:basename(File0)),
+                file:rename(File0, Dest)
+            end,
+        Files);
+	false ->
 	    {ok, LSock} = gen_tcp:listen(0, [binary,{packet,2},{active,false}]),
 	    {ok,Port} = inet:port(LSock),
 	    rpc:cast(Node,observer_backend,ttb_fetch,
@@ -603,8 +895,17 @@ fetch(Localhost,Dir,Node,MetaFile) ->
 	    receive_files(Dir,Sock,undefined),
 	    ok = gen_tcp:close(LSock),
 	    ok = gen_tcp:close(Sock)
-    end,
-    ?MODULE ! {fetch_complete,Node}.
+    end.
+
+is_local({local, _, _}) ->
+    true;
+is_local(_) ->
+    false.
+
+get_filenames(_N, {local,F,_}) ->
+    observer_backend:ttb_get_filenames(F);
+get_filenames(N, F) ->
+    rpc:call(N, observer_backend,ttb_get_filenames,[F]).
 
 receive_files(Dir,Sock,Fd) ->
     case gen_tcp:recv(Sock, 0) of
@@ -646,9 +947,16 @@ wait_for_fetch(Nodes) ->
 %%% - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 write_info(Nodes,PI,Traci) ->
-    lists:foreach(fun({N,{local,C,_},F}) -> 
-			  MetaFile = F ++ ".ti",
-			  file:delete(MetaFile),
+    {ok, Cwd} = file:get_cwd(),
+    lists:foreach(fun({N,{local,C,_},F}) ->
+			  MetaFile = case F of
+                                         none ->
+                                             none;
+                                         F ->
+                                             AbsFile = filename:join(Cwd, F) ++ ".ti",
+                                             file:delete(AbsFile),
+                                             AbsFile
+                                     end,
 			  Traci1 = [{node,N},{file,C}|Traci],
 			  {ok,Port} = dbg:get_tracer(N),
 			  ?MODULE ! 
@@ -662,38 +970,35 @@ write_info(Nodes,PI,Traci) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Format binary trace logs
+get_et_handler() ->
+    {fun ttb_et:handler/4, initial}.
+
 format(Files) ->
     format(Files,[]).
 format(Files,Opt) ->
-    {Out,Handler} = format_opt(Opt),
+    {Out,Handler,DisableSort} = format_opt(Opt),
     ets:new(?MODULE,[named_table]),
-    format(Files,Out,Handler).
-format(File,Out,Handler) when is_list(File), is_integer(hd(File)) ->
+    format(Files,Out,Handler, DisableSort).
+format(File,Out,Handler,DisableSort) when is_list(File), is_integer(hd(File)) ->
     Files = 
 	case filelib:is_dir(File) of
 	    true ->  % will merge all files in the directory
-		MetaFiles = filelib:wildcard(filename:join(File,"*.ti")),
-		lists:map(fun(M) ->
-				  Sub = string:left(M,length(M)-3),
-				  case filelib:is_file(Sub) of
-				      true -> Sub;
-				      false -> Sub++".*.wrp"
-				  end
-			  end,
-			  MetaFiles);
+                List = filelib:wildcard(filename:join(File, ?partial_dir++"*")),
+                lists:append(collect_files([File | List]));
 	    false -> % format one file
 		[File]
 	end,
-    format(Files,Out,Handler);
-format(Files,Out,Handler) when is_list(Files), is_list(hd(Files)) ->
+    format(Files,Out,Handler,DisableSort);
+format(Files,Out,Handler,DisableSort) when is_list(Files), is_list(hd(Files)) ->
     StopDbg = case whereis(dbg) of
 		  undefined -> true;
 		  _ -> false
 	      end,
-    Details = lists:foldl(fun(File,Acc) -> [prepare(File,Handler)|Acc] end,
+    Details = lists:foldl(fun(File,Acc) -> [prepare(File)|Acc] end,
 			  [],Files),
     Fd = get_fd(Out),
-    R = do_format(Fd,Details),
+    RealHandler = get_handler(Handler, Files),
+    R = do_format(Fd,Details,DisableSort,RealHandler),
     file:close(Fd),
     ets:delete(?MODULE),
     case StopDbg of
@@ -702,7 +1007,30 @@ format(Files,Out,Handler) when is_list(Files), is_list(hd(Files)) ->
     end,
     R.
 
-prepare(File,Handler) ->
+collect_files(Dirs) ->
+    lists:map(fun(Dir) ->
+                      MetaFiles = filelib:wildcard(filename:join(Dir,"*.ti")),
+                      lists:map(fun(M) ->
+                                        Sub = string:left(M,length(M)-3),
+                                        case filelib:is_file(Sub) of
+                                            true -> Sub;
+                                            false -> Sub++".*.wrp"
+                                        end
+                                end,
+                                MetaFiles)
+              end, Dirs).
+
+get_handler(undefined, Files) ->
+    %%We retrieve traci from the first available file
+    {Traci, _} = read_traci(hd(Files)),
+    case dict:find(handler, Traci) of
+        error             -> {fun defaulthandler/4, initial};
+        {ok, [Handler]}   -> Handler
+    end;
+get_handler(Handler, _) ->
+    Handler.
+
+prepare(File) ->
     {Traci,Proci} = read_traci(File),
     Node = get_node(Traci),
     lists:foreach(fun({Pid,PI}) ->
@@ -714,19 +1042,21 @@ prepare(File,Handler) ->
 			  ets:insert(?MODULE,{Pid,PI,Node})
 		  end,Proci),
     FileOrWrap = get_file(File,Traci),
-    Handler1 = get_handler(Handler,Traci),
-    {FileOrWrap,Traci,Handler1}.
+    {FileOrWrap,Traci}.
 
-format_opt(Opt) ->
+format_opt(Opt) when is_list(Opt) ->
     Out = case lists:keysearch(out,1,Opt) of
 	      {value,{out,O}} -> O;
 	      _ -> standard_io
 	  end,
     Handler = case lists:keysearch(handler,1,Opt) of
-	      {value,{handler,H}} -> H;
-	      _ -> undefined
+                  {value,{handler,H}} -> H;
+                  _ -> undefined
 	  end,
-    {Out,Handler}.
+    DisableSort = proplists:get_value(disable_sort, Opt, false),
+    {Out,Handler,DisableSort};
+format_opt(Opt) ->
+    format_opt([Opt]).
 
 
 read_traci(File) ->
@@ -800,75 +1130,61 @@ check_client(Client,File) when is_tuple(Client),element(2,Client)==wrap ->
 check_exists(File) ->
     case file:read_file_info(File) of
 	{ok,#file_info{type=regular}} -> File;
-	_ -> 
+	_ ->
 	    exit({error,no_file})
     end.
-	
 
-get_handler(Handler,Traci) ->
-    case Handler of
-	undefined -> 
-	    case dict:find(handler,Traci) of
-		{ok,[H]} -> H;
-		error -> undefined
-	    end;
-	_ ->
-	    Handler
-    end.
 
-do_format(Fd,Details) ->
-    Clients = lists:foldl(fun({FileOrWrap,Traci,Handler},Acc) ->
-				  [start_client(FileOrWrap,Traci,Handler)
-				   |Acc]
+do_format(Fd,Details,DisableSort,Handler) ->
+    Clients = lists:foldl(fun({FileOrWrap,Traci},Acc) ->
+                                  [start_client(FileOrWrap,Traci)|Acc]
 			  end,[],Details),
-    init_collector(Fd,Clients).
-
-
-start_client(FileOrWrap,Traci,et) ->
-    dbg:trace_client(file, FileOrWrap, 
-		     {fun handler/2, 
-		      {dict:to_list(Traci),{{ttb_et,handler},initial}}});
-start_client(FileOrWrap,Traci,undefined) ->
-    dbg:trace_client(file, FileOrWrap, 
-		     {fun handler/2, 
-		      {dict:to_list(Traci),{fun defaulthandler/4,initial}}});
-start_client(FileOrWrap,Traci,Handler) ->
-    dbg:trace_client(file, FileOrWrap, 
-		     {fun handler/2, {dict:to_list(Traci),Handler}}).
-
-handler(Trace,State) ->
-    %% State here is only used for the initial state. The accumulated
-    %% State is maintained by collector!!!
-    receive 
-	{get,Collector} -> Collector ! {self(),{Trace,State}};
+    init_collector(Fd,Clients,DisableSort,Handler).
+
+start_client(FileOrWrap,Traci) ->
+    dbg:trace_client(file, FileOrWrap,
+		     {fun handler/2, dict:to_list(Traci)}).
+
+handler(Trace,Traci) ->
+    %%We return our own Traci so that it not necesarry to look it up
+    %%This may take time if something huge has been written to it
+    receive
+	{get,Collector} -> Collector ! {self(),{Trace,Traci}};
 	done -> ok
     end,
-    State.
+    Traci.
 
-handler1(Trace,{Fd,{Traci,{Fun,State}}}) when is_function(Fun) ->
-    {Traci,{Fun,Fun(Fd,Trace,Traci,State)}};
-handler1(Trace,{Fd,{Traci,{{M,F},State}}}) when is_atom(M), is_atom(F) ->
-    {Traci,{{M,F},M:F(Fd,Trace,Traci,State)}}.
+%%Used to handle common state (the same for all clients)
+handler2(Trace,{Fd,Traci,{Fun,State}}) when is_function(Fun) ->
+    {Fun, Fun(Fd, Trace, Traci, State)};
+handler2(Trace,{Fd,Traci,{{M,F},State}}) when is_atom(M), is_atom(F) ->
+    {{M,F}, M:F(Fd, Trace, Traci, State)}.
 
 defaulthandler(Fd,Trace,_Traci,initial) ->
     dbg:dhandler(Trace,Fd);
 defaulthandler(_Fd,Trace,_Traci,State) ->
     dbg:dhandler(Trace,State).
 
-init_collector(Fd,Clients) ->
+init_collector(Fd,Clients,DisableSort,Handler) ->
     Collected = get_first(Clients),
-    collector(Fd,sort(Collected)).
+    case DisableSort of
+        true -> collector(Fd,Collected, DisableSort, Handler);
+        false -> collector(Fd,sort(Collected), DisableSort, Handler)
+    end.
 
-collector(Fd,[{_,{Client,{Trace,State}}}|Rest]) ->
+collector(Fd,[{_,{Client,{Trace,Traci}}} |Rest], DisableSort, CommonState) ->
     Trace1 = update_procinfo(Trace),
-    State1 = handler1(Trace1,{Fd,State}),
-    case get_next(Client,State1) of
-	end_of_trace -> 
-	    handler1(end_of_trace,{Fd,State1}),
-	    collector(Fd,Rest);
-	Next -> collector(Fd,sort([Next|Rest]))
+    CommonState2 = handler2(Trace1, {Fd, Traci, CommonState}),
+    case get_next(Client) of
+	end_of_trace ->
+	    collector(Fd,Rest,DisableSort, CommonState2);
+	Next -> case DisableSort of
+                    false -> collector(Fd,sort([Next|Rest]), DisableSort, CommonState2);
+                    true -> collector(Fd,[Next|Rest], DisableSort, CommonState2)
+                end
     end;
-collector(_Fd,[]) ->
+collector(Fd,[], _, CommonState) ->
+    handler2(end_of_trace, {Fd, end_of_trace, CommonState}),
     ok.
 
 update_procinfo({drop,_N}=Trace) ->
@@ -895,7 +1211,7 @@ update_procinfo(Trace) ->
     ProcInfo = get_procinfo(Pid),
     setelement(2,Trace,ProcInfo).
 
-get_procinfo(Pid) when is_pid(Pid) ->
+get_procinfo(Pid) when is_pid(Pid); is_port(Pid) ->
     case ets:lookup(?MODULE,Pid) of
 	[PI] -> PI;
 	[] -> Pid
@@ -913,21 +1229,21 @@ get_procinfo({Name,Node}) when is_atom(Name) ->
 
 get_first([Client|Clients]) ->
     Client ! {get,self()},
-    receive 
-	{Client,{end_of_trace,_}} -> 
+    receive
+	{Client,{end_of_trace,_}} ->
 	    get_first(Clients);
-	{Client,{Trace,_State}}=Next -> 
+	{Client,{Trace,_}}=Next ->
 	    [{timestamp(Trace),Next}|get_first(Clients)]
     end;
 get_first([]) -> [].
 
-get_next(Client,State) when is_pid(Client) ->
+get_next(Client) when is_pid(Client) ->
     Client ! {get,self()},
-    receive 
-	{Client,{end_of_trace,_}} -> 
+    receive
+	{Client,{end_of_trace,_}} ->
 	    end_of_trace;
-	{Client,{Trace,_OldState}} -> 
-	    {timestamp(Trace),{Client,{Trace,State}}} % inserting new state!!
+	{Client,{Trace, Traci}} ->
+	    {timestamp(Trace),{Client,{Trace,Traci}}}
     end.
 
 sort(List) ->
@@ -971,19 +1287,37 @@ display_warning(Item,Warning) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Trace client which reads an IP port and puts data directly to a file.
 %%% This is used when tracing remote nodes with no file system.
-ip_to_file(Trace,{file,File}) ->
+ip_to_file({metadata,_,_},{shell_only, _} = State) ->
+    State;
+ip_to_file(Trace, {shell_only, Fun} = State) ->
+    Fun(Trace),
+    State;
+ip_to_file(Trace,{{file,File}, ShellOutput}) ->
     Fun = dbg:trace_port(file,File), %File can be a filename or a wrap spec
     Port = Fun(),
-    ip_to_file(Trace,Port);
-ip_to_file({metadata,MetaFile,MetaData},Port) ->
+    %% Store the port so it can be properly closed
+    ?MODULE ! {ip_to_file_trace_port, Port, self()},
+    receive {?MODULE,ok} -> ok end,
+    case Trace of
+        {metadata, _, _} -> ok;
+        Trace            -> show_trace(Trace, ShellOutput)
+    end,
+    ip_to_file(Trace,{Port,ShellOutput});
+ip_to_file({metadata,MetaFile,MetaData},State) ->
     {ok,MetaFd} = file:open(MetaFile,[write,raw,append]),
     file:write(MetaFd,MetaData),
     file:close(MetaFd),
-    Port;
-ip_to_file(Trace,Port) ->
+    State;
+ip_to_file(Trace,{Port, ShellOutput}) ->
+    show_trace(Trace, ShellOutput),
     B = term_to_binary(Trace),
     erlang:port_command(Port,B),
-    Port.
+    {Port, ShellOutput}.
+
+show_trace(Trace, Fun) when is_function(Fun) ->
+    Fun(Trace);
+show_trace(_, _) ->
+    ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% For debugging
@@ -996,5 +1330,3 @@ dump_ti(<<>>,Acc) ->
 dump_ti(B,Acc) ->
     {Term,Rest} = get_term(B),
     dump_ti(Rest,[Term|Acc]).
-
-
diff --git a/lib/observer/test/Makefile b/lib/observer/test/Makefile
index 6073e6ea00..bf99f07081 100644
--- a/lib/observer/test/Makefile
+++ b/lib/observer/test/Makefile
@@ -22,7 +22,10 @@ MODULES =  \
 	observer_SUITE \
 	crashdump_viewer_SUITE \
 	etop_SUITE \
+	ttb_helper \
 	ttb_SUITE \
+	client \
+	server \
 	crashdump_helper
 
 ERL_FILES= $(MODULES:%=%.erl)
diff --git a/lib/observer/test/client.erl b/lib/observer/test/client.erl
new file mode 100644
index 0000000000..90b72d3f8f
--- /dev/null
+++ b/lib/observer/test/client.erl
@@ -0,0 +1,28 @@
+-module(client).
+-compile(export_all).
+
+init(Node) ->
+    application:start(runtime_tools),
+    net_kernel:connect_node(Node).
+
+init() ->
+    init(server_node()).
+
+restart() ->
+    init:restart().
+
+server_node() ->
+    {ok,HostName} = inet:gethostname(),
+    list_to_atom("server@" ++ HostName).
+
+get() ->
+    erlang:send({server,server_node()}, {get,self()}),
+    receive Data -> Data
+    after 1000   -> no_reply
+    end.
+
+put(Thing) ->
+    erlang:send({server,server_node()}, {put,self(),Thing}),
+    receive ok -> timer:sleep(2), ok
+    after 1000 -> no_reply
+    end.
diff --git a/lib/observer/test/crashdump_helper.erl b/lib/observer/test/crashdump_helper.erl
index d1c65f97e8..520fcdfd0d 100644
--- a/lib/observer/test/crashdump_helper.erl
+++ b/lib/observer/test/crashdump_helper.erl
@@ -19,7 +19,7 @@
 
 -module(crashdump_helper).
 -export([n1_proc/2,remote_proc/2]).
--compile(r12).
+-compile(r13).
 -include("test_server.hrl").
 
 n1_proc(N2,Creator) ->
diff --git a/lib/observer/test/crashdump_viewer_SUITE.erl b/lib/observer/test/crashdump_viewer_SUITE.erl
index fdc4a2f1ff..79ece7edf5 100644
--- a/lib/observer/test/crashdump_viewer_SUITE.erl
+++ b/lib/observer/test/crashdump_viewer_SUITE.erl
@@ -70,7 +70,7 @@ init_per_suite(Config) when is_list(Config) ->
     application:start(inets), % will be using the http client later
     httpc:set_options([{ipfamily,inet6fb4}]),
     DataDir = ?config(data_dir,Config),
-    Rels = [R || R <- [r12b,r13b], ?t:is_release_available(R)] ++ [current],
+    Rels = [R || R <- [r13b,r14b], ?t:is_release_available(R)] ++ [current],
     io:format("Creating crash dumps for the following releases: ~p", [Rels]),
     AllDumps = create_dumps(DataDir,Rels),
     ?t:timetrap_cancel(Dog),
@@ -722,7 +722,8 @@ dump_prefix(Rel) ->
 	r11b -> "r11b_dump.";
 	r12b -> "r12b_dump.";
 	r13b -> "r13b_dump.";
-	current -> "r14b_dump."
+	r14b -> "r14b_dump.";
+	current -> "r15b_dump."
     end.
 
 compat_rel(Rel) ->
@@ -733,5 +734,6 @@ compat_rel(Rel) ->
 	r11b -> "+R11 ";
 	r12b -> "+R12 ";
 	r13b -> "+R13 ";
+	r14b -> "+R13 ";
 	current -> ""
     end.
diff --git a/lib/observer/test/server.erl b/lib/observer/test/server.erl
new file mode 100644
index 0000000000..f6d3542c96
--- /dev/null
+++ b/lib/observer/test/server.erl
@@ -0,0 +1,44 @@
+-module(server).
+-compile(export_all).
+
+start() ->
+    application:start(runtime_tools),
+    Pid = spawn(?MODULE,loop,[[], 0]),
+    register(server,Pid).
+
+stop() ->
+    case lists:member(server, registered()) of
+	true ->
+	    server ! stop;
+	false ->
+	    ok
+    end.
+
+loop(Data, Num) ->
+    receive
+	{put,From,Ting} -> timer:sleep(2),
+			   received(From,Ting),
+			   From ! ok,
+			   loop([Ting|Data], Num+1);
+	{get,From}      -> From ! Data,
+			   loop(Data, Num+1);
+	stop            -> stopped;
+	clear           -> loop([], Num+1);
+	{cnt, From}     -> From ! Num,
+			   loop(Data, Num)
+    end.
+
+counter() ->
+    server ! {cnt, self()},
+    receive
+	Num ->
+	    Num
+    end.
+
+received(From, Thing) ->
+    case Thing of
+	never_send_this_atom ->
+	    loop(Thing, 0);
+	_ ->
+	    {return, 27, Thing, From}
+    end.
diff --git a/lib/observer/test/ttb_SUITE.erl b/lib/observer/test/ttb_SUITE.erl
index 24b4a22aa9..695d41b48a 100644
--- a/lib/observer/test/ttb_SUITE.erl
+++ b/lib/observer/test/ttb_SUITE.erl
@@ -1,7 +1,7 @@
-%%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
+%%
+%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -33,12 +33,34 @@
 -include_lib("test_server/include/test_server.hrl").
 
 -define(default_timeout, ?t:minutes(1)).
+-define(OUTPUT, "handler_output").
+-define(FNAME, "temptest").
+-define(DIRNAME, "ddtemp").
 
-init_per_testcase(_Case, Config) ->
-    ttb:stop(),
+init_per_testcase(Case, Config) ->
     ?line Dog=test_server:timetrap(?default_timeout),
+    ttb:stop(),
+    rm(?OUTPUT),
+    [rm(Upload) || Upload<-filelib:wildcard("ttb_upload*")],
+    rm(?DIRNAME),
+    [rm(At) || At <- filelib:wildcard("*@*")],
+    rm("ttb_last_config"),
+    %% Workaround for bug(?) in test_server - if the test case fails
+    %% with a timetrap timeout, then end_per_testcase will run with
+    %% faulty group_leader - which in turn makes test_server:stop_node
+    %% hang (stop_node is called by most of the cleanup functions).
+    %% Therefore we do the cleanup before each testcase instead - this
+    %% is obviously not 100% correct, but it will at least make sure
+    %% that the nodes which are to be started in a test case at are
+    %% terminated.
+    try apply(?MODULE,Case,[cleanup,Config])
+    catch error:undef -> ok
+    end,
     [{watchdog, Dog}|Config].
-end_per_testcase(_Case, Config) ->
+end_per_testcase(Case, Config) ->
+    %% try apply(?MODULE,Case,[cleanup,Config])
+    %% catch error:undef -> ok
+    %% end,
     Dog=?config(watchdog, Config),
     ?t:timetrap_cancel(Dog),
     ok.
@@ -49,12 +71,31 @@ all() ->
     [file, file_no_pi, file_fetch, wrap, wrap_merge,
      wrap_merge_fetch_format, write_config1, write_config2,
      write_config3, history, write_trace_info, seq_trace,
-     diskless, otp_4967_1, otp_4967_2].
+     diskless, diskless_wrap, otp_4967_1, otp_4967_2,
+     fetch_when_no_option_given, basic_ttb_run_ip_port, basic_ttb_run_file_port,
+     return_fetch_dir_implies_fetch, logfile_name_in_fetch_dir, upload_to_my_logdir,
+     upload_to_my_existing_logdir, fetch_with_options_not_as_list,
+     error_when_formatting_multiple_files_4393, format_on_trace_stop,
+     trace_to_remote_files_on_localhost_with_different_pwd,
+     trace_to_local_files_on_localhost_with_different_pwd,
+     trace_to_remote_files_on_localhost_with_different_pwd_abs,
+     changing_cwd_on_control_node, changing_cwd_on_remote_node,
+     changing_cwd_on_control_node_with_local_trace,
+     one_command_trace_setup, dbg_style_fetch, shell_tracing_init,
+     only_one_state_for_format_handler, only_one_state_with_default_format_handler,
+     only_one_state_with_initial_format_handler, run_trace_with_shortcut1,
+     run_trace_with_shortcut2, run_trace_with_shortcut3, run_trace_with_shortcut4,
+     cant_specify_local_and_flush, trace_sorted_by_default,disable_sorting,
+     trace_resumed_after_node_restart, trace_resumed_after_node_restart_ip,
+     trace_resumed_after_node_restart_wrap,
+     trace_resumed_after_node_restart_wrap_mult
+].
 
 groups() -> 
     [].
 
 init_per_suite(Config) ->
+    clean_priv_dir(Config),
     Config.
 
 end_per_suite(_Config) ->
@@ -76,7 +117,7 @@ file(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"file"),
     ?line {ok,[Node]} =
 	ttb:tracer(Node,[{file, File},
@@ -92,18 +133,20 @@ file(Config) when is_list(Config) ->
     ?line {ok,[{matched,_,1},{matched,_,1}]} = ttb:tp(?MODULE,foo,[]),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(filename:join(Privdir,atom_to_list(Node)++"-file")),
     ?line ok = ttb:format(filename:join(Privdir,
 					atom_to_list(OtherNode)++"-file")),
 
-    ?line [{trace,{S,_,Node},call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace,
-	   {trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},
+	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
     ok.
 
+file(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
 file_no_pi(suite) ->
     [];
 file_no_pi(doc) ->
@@ -113,7 +156,7 @@ file_no_pi(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"file"),
     ?line {ok,[_,_]} =
 	ttb:tracer([Node,OtherNode],[{file, File},
@@ -123,20 +166,23 @@ file_no_pi(Config) when is_list(Config) ->
     ?line {ok,[{matched,_,1},{matched,_,1}]} = ttb:tp(?MODULE,foo,[]),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(filename:join(Privdir,atom_to_list(Node)++"-file")),
     ?line ok = ttb:format(filename:join(Privdir,
 					atom_to_list(OtherNode)++"-file")),
 
-    ?line [{trace,LocalProc,call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,LocalProc,call,{?MODULE,foo,[]}, {_,_,_}},
 	   end_of_trace,
-	   {trace,RemoteProc,call,{?MODULE,foo,[]}},
+	   {trace_ts,RemoteProc,call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
     ?line true = is_pid(LocalProc),
     ?line true = is_pid(RemoteProc),
     ok.
 
+file_no_pi(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
+
 file_fetch(suite) ->
     [];
 file_fetch(doc) ->
@@ -146,7 +192,7 @@ file_fetch(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line ThisDir = filename:join(Privdir,this),
     ?line ok = file:make_dir(ThisDir),
     ?line OtherDir = filename:join(Privdir,other),
@@ -170,12 +216,11 @@ file_fetch(Config) when is_list(Config) ->
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
     ?line ?t:capture_start(),
-    ?line ttb:stop([fetch]),
+    ?line ttb:stop([return_fetch_dir]),
     ?line ?t:capture_stop(),
     ?line [StoreString] = ?t:capture_get(),
     ?line UploadDir =
 	lists:last(string:tokens(lists:flatten(StoreString),"$ \n")),
-    ?line ?t:stop_node(OtherNode),
 
     %% check that files are no longer in original directories...
     ?line ok = check_gone(ThisDir,atom_to_list(Node)++"-file_fetch"),
@@ -194,14 +239,18 @@ file_fetch(Config) when is_list(Config) ->
     ?line ok = ttb:format(filename:join(UploadDir,
 					atom_to_list(OtherNode)++"-file_fetch")),
 
-    ?line [{trace,{S,_,Node},call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace,
-	   {trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},
+	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
 
     ?line ok = file:set_cwd(Cwd),
     ok.
 
+file_fetch(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
+
 wrap(suite) ->
     [];
 wrap(doc) ->
@@ -211,7 +260,7 @@ wrap(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"wrap"),
     ?line {ok,[_,_]} = 
 	ttb:tracer([Node,OtherNode],[{file, {wrap,File,200,3}},
@@ -224,19 +273,18 @@ wrap(Config) when is_list(Config) ->
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(filename:join(Privdir,
 					atom_to_list(Node)++"-wrap.*.wrp")),
-    ?line [{trace,{S,_,Node},call,{?MODULE,foo,[]}},
-	   {trace,{S,_,Node},call,{?MODULE,foo,[]}},
-	   {trace,{S,_,Node},call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
     ?line ok = ttb:format(filename:join(Privdir,
 					atom_to_list(OtherNode)++"-wrap.*.wrp")),
-    ?line [{trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},
-	   {trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},
-	   {trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
 
     %% Check that merge does not crash even if the timestamp flag is not on.
@@ -244,17 +292,19 @@ wrap(Config) when is_list(Config) ->
 		 [filename:join(Privdir,
 				atom_to_list(Node)++"-wrap.*.wrp"),
 		  filename:join(Privdir,
-				atom_to_list(OtherNode)++"-wrap.*.wrp")]),
-    ?line [{trace,{S,_,Node},call,{?MODULE,foo,[]}},
-	   {trace,{S,_,Node},call,{?MODULE,foo,[]}},
-	   {trace,{S,_,Node},call,{?MODULE,foo,[]}},
-	   end_of_trace,
-	   {trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},
-	   {trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},
-	   {trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},
+				atom_to_list(OtherNode)++"-wrap.*.wrp")],[{disable_sort,true}]),
+    ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
     ok.
 
+wrap(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
 wrap_merge(suite) ->
     [];
 wrap_merge(doc) ->
@@ -264,7 +314,7 @@ wrap_merge(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"wrap_merge"),
     ?line {ok,[_,_]} = 
 	ttb:tracer([Node,OtherNode],[{file, {wrap,File,200,3}},
@@ -277,8 +327,7 @@ wrap_merge(Config) when is_list(Config) ->
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(
 		 [filename:join(Privdir,
 				atom_to_list(Node)++"-wrap_merge.*.wrp"),
@@ -289,11 +338,13 @@ wrap_merge(Config) when is_list(Config) ->
 	   {trace_ts,{S,_,Node},call,{?MODULE,foo,[]},_},
 	   {trace_ts,_,call,{?MODULE,foo,[]},_},
 	   {trace_ts,{S,_,Node},call,{?MODULE,foo,[]},_},
-	   end_of_trace,
 	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},_},
 	   end_of_trace] = flush(),
     ok.
 
+wrap_merge(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
 
 wrap_merge_fetch_format(suite) ->
     [];
@@ -304,7 +355,7 @@ wrap_merge_fetch_format(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"wrap_merge_fetch_format"),
 
     %% I'm setting priv_dir as cwd, so ttb_upload directory is created there
@@ -324,19 +375,19 @@ wrap_merge_fetch_format(Config) when is_list(Config) ->
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
     ?line ttb:stop([format]),
-    ?line ?t:stop_node(OtherNode),
     ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},_},
 	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},_},
 	   {trace_ts,{S,_,Node},call,{?MODULE,foo,[]},_},
 	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},_},
 	   {trace_ts,{S,_,Node},call,{?MODULE,foo,[]},_},
-	   end_of_trace,
 	   {trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},_},
 	   end_of_trace] = flush(),
 
     ?line ok = file:set_cwd(Cwd),
     ok.
 
+wrap_merge_fetch_format(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
 
 write_config1(suite) ->
     [];
@@ -348,7 +399,7 @@ write_config1(Config) when is_list(Config) ->
     ?line c:nl(?MODULE),
     ?line S = self(),
 
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"write_config1"),
     ?line ok = ttb:write_config(File,
 				[{ttb,tracer,[[Node,OtherNode],
@@ -360,16 +411,14 @@ write_config1(Config) when is_list(Config) ->
     ?line ok = ttb:run_config(File),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(
 		 [filename:join(Privdir,
 				atom_to_list(Node)++"-write_config1"),
 		  filename:join(Privdir,
 				atom_to_list(OtherNode)++"-write_config1")]),
-    ?line [{trace,{S,_,Node},call,{?MODULE,foo,[]}},
-	   end_of_trace,
-	   {trace,Other,call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,Other,call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
 
     case metatest(Other,OtherNode,Privdir,"-write_config1.ti") of
@@ -388,6 +437,10 @@ write_config1(Config) when is_list(Config) ->
     end,	    
     ok.
 
+
+write_config1(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
 write_config2(suite) ->
     [];
 write_config2(doc) ->
@@ -397,7 +450,7 @@ write_config2(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"write_config2"),
     ?line {ok,[_,_]} = 
 	ttb:tracer([Node,OtherNode],[{file, File},
@@ -410,16 +463,14 @@ write_config2(Config) when is_list(Config) ->
     ?line ok = ttb:run_config(File),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(
 		 [filename:join(Privdir,
 				atom_to_list(Node)++"-write_config2"),
 		  filename:join(Privdir,
 				atom_to_list(OtherNode)++"-write_config2")]),
-    ?line [{trace,{S,_,Node},call,{?MODULE,foo,[]}},
-	   end_of_trace,
-	   {trace,Other,call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,Other,call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
 
     case metatest(Other,OtherNode,Privdir,"-write_config2.ti") of
@@ -438,6 +489,10 @@ write_config2(Config) when is_list(Config) ->
     end,
     ok.
 
+write_config2(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
+
 write_config3(suite) ->
     [];
 write_config3(doc) ->
@@ -447,7 +502,7 @@ write_config3(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"write_config3"),
     ?line {ok,[_,_]} = 
 	ttb:tracer([Node,OtherNode],[{file, File},
@@ -455,18 +510,18 @@ write_config3(Config) when is_list(Config) ->
     ?line {ok,[{all,[{matched,_,_},{matched,_,_}]}]} = ttb:p(all,call),
     ?line {ok,[{matched,_,1},{matched,_,1}]} = ttb:tp(?MODULE,foo,[]),
     ?line ok = ttb:write_config(File,[1,2]),
-    ?line ttb:stop(),
+    ?line ttb:stop([nofetch]),
     ?line [_,_] = ttb:list_config(File),
     ?line ok = ttb:run_config(File),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(
 		 [filename:join(Privdir,
 				atom_to_list(Node)++"-write_config3"),
 		  filename:join(Privdir,
 				atom_to_list(OtherNode)++"-write_config3")]),
-    ?line [] = flush(), %foo is not traced
+    ?line [end_of_trace] = flush(), %foo is not traced
 
     ?line ok = ttb:write_config(File,[{ttb,tp,[?MODULE,foo,[]]}],
 			      [append]),
@@ -474,16 +529,14 @@ write_config3(Config) when is_list(Config) ->
     ?line ok = ttb:run_config(File),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(
 		 [filename:join(Privdir,
 				atom_to_list(Node)++"-write_config3"),
 		  filename:join(Privdir,
 				atom_to_list(OtherNode)++"-write_config3")]),
-    ?line [{trace,{S,_,Node},call,{?MODULE,foo,[]}},
-	   end_of_trace,
-	   {trace,Other,call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
+	   {trace_ts,Other,call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
 
     case metatest(Other,OtherNode,Privdir,"-write_config3.ti") of
@@ -502,6 +555,10 @@ write_config3(Config) when is_list(Config) ->
     end,
     ok.
 
+write_config3(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
+
 
 history(suite) ->
     [];
@@ -514,7 +571,7 @@ history(Config) when is_list(Config) ->
     ?line S = self(),
 
     ?line Nodes = [Node,OtherNode],
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"history"),
     ?line StartOpts = [{file, File},
 		       {handler,{fun myhandler/4, S}}],
@@ -531,15 +588,16 @@ history(Config) when is_list(Config) ->
     ?line ?MODULE:foo(),
     ?line ok = ttb:run_history([3,4]),
     ?line ?MODULE:foo(),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(
 		 [filename:join(Privdir,atom_to_list(Node)++"-history"),
 		  filename:join(Privdir,atom_to_list(OtherNode)++"-history")]),
-    ?line [{trace,{S,_,Node},call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
     ok.
-    
+
+history(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
 
 
 write_trace_info(suite) ->
@@ -551,7 +609,7 @@ write_trace_info(Config) when is_list(Config) ->
     ?line {ok,OtherNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"write_trace_info"),
     ?line {ok,[_,_]} = 
 	ttb:tracer([Node,OtherNode],[{file, File},
@@ -561,20 +619,21 @@ write_trace_info(Config) when is_list(Config) ->
     ?line ok = ttb:write_trace_info(mytraceinfo,fun() -> node() end),
     ?line ?MODULE:foo(),
     ?line rpc:call(OtherNode,?MODULE,foo,[]),
-    ?line ttb:stop(),
-    ?line ?t:stop_node(OtherNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(
 		 [filename:join(Privdir,atom_to_list(Node)++"-write_trace_info"),
 		  filename:join(Privdir,
 				atom_to_list(OtherNode)++"-write_trace_info")],
 		 [{handler,{fun otherhandler/4,S}}]),
-    ?line [{{trace,{S,_,Node},call,{?MODULE,foo,[]}},[Node]},
-	   {end_of_trace,[Node]},
-	   {{trace,{_,_,OtherNode},call,{?MODULE,foo,[]}},[OtherNode]},
-	   {end_of_trace,[OtherNode]}] = flush(),
+    ?line [{{trace_ts,{S,_,Node},call,{?MODULE,foo,[]},{_,_,_}},[Node]},
+	   {{trace_ts,{_,_,OtherNode},call,{?MODULE,foo,[]},{_,_,_}},[OtherNode]},
+	   end_of_trace] = flush(),
 
     ok.
 
+write_trace_info(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
 
 seq_trace(suite) ->
     [];
@@ -583,7 +642,7 @@ seq_trace(doc) ->
 seq_trace(Config) when is_list(Config) ->
     ?line S = self(),
 
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"seq_trace"),
     ?line {ok,[Node]} = ttb:tracer(node(),[{file,File},
 				     {handler,{fun myhandler/4, S}}]),
@@ -593,10 +652,10 @@ seq_trace(Config) when is_list(Config) ->
 
     ?line Start = spawn(fun() -> seq() end),
     ?line timer:sleep(300),
-    ?line ttb:stop(),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(
 		 [filename:join(Privdir,atom_to_list(Node)++"-seq_trace")]),
-    ?line [{trace,StartProc,call,{?MODULE,seq,[]}},
+    ?line [{trace_ts,StartProc,call,{?MODULE,seq,[]},{_,_,_}},
 	   {seq_trace,0,{send,{0,1},StartProc,P1Proc,{Start,P2}}},
 	   {seq_trace,0,{send,{1,2},P1Proc,P2Proc,{P1,Start}}},
 	   {seq_trace,0,{send,{2,3},P2Proc,StartProc,{P2,P1}}},
@@ -650,7 +709,7 @@ diskless(Config) when is_list(Config) ->
     ?line {ok,RemoteNode} = ?t:start_node(node2,slave,[]),
     ?line c:nl(?MODULE),
     ?line S = self(),
-    ?line Privdir=?config(priv_dir, Config),
+    ?line Privdir=priv_dir(Config),
     ?line File = filename:join(Privdir,"diskless"),
     ?line {ok,[RemoteNode]} = 
 	ttb:tracer([RemoteNode],[{file, {local, File}},
@@ -660,15 +719,45 @@ diskless(Config) when is_list(Config) ->
 
     ?line rpc:call(RemoteNode,?MODULE,foo,[]),
     ?line timer:sleep(500), % needed for the IP port to flush
-    ?line ttb:stop(),
-    ?line ?t:stop_node(RemoteNode),
+    ?line ttb:stop([nofetch]),
     ?line ok = ttb:format(filename:join(Privdir,
 					atom_to_list(RemoteNode)++"-diskless")),
 
-    ?line [{trace,{_,_,RemoteNode},call,{?MODULE,foo,[]}},
+    ?line [{trace_ts,{_,_,RemoteNode},call,{?MODULE,foo,[]},{_,_,_}},
+	   end_of_trace] = flush(),
+    ok.
+
+diskless(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
+
+diskless_wrap(suite) ->
+    [];
+diskless_wrap(doc) ->
+    ["Start tracing on diskless remote node, save to local wrapped file"];
+diskless_wrap(Config) when is_list(Config) ->
+    ?line {ok,RemoteNode} = ?t:start_node(node2,slave,[]),
+    ?line c:nl(?MODULE),
+    ?line S = self(),
+    ?line Privdir=priv_dir(Config),
+    ?line File = filename:join(Privdir,"diskless"),
+    ?line {ok,[RemoteNode]} =
+	ttb:tracer([RemoteNode],[{file, {local, {wrap,File,200,3}}},
+				 {handler,{fun myhandler/4, S}}]),
+    ?line {ok,[{all,[{matched,RemoteNode,_}]}]} = ttb:p(all,call),
+    ?line {ok,[{matched,RemoteNode,1}]} = ttb:tp(?MODULE,foo,[]),
+
+    ?line rpc:call(RemoteNode,?MODULE,foo,[]),
+    ?line timer:sleep(500), % needed for the IP port to flush
+    ?line ttb:stop([nofetch]),
+    ?line ok = ttb:format(filename:join(Privdir,
+					atom_to_list(RemoteNode)++"-diskless.*.wrp")),
+
+    ?line [{trace_ts,{_,_,RemoteNode},call,{?MODULE,foo,[]},{_,_,_}},
 	   end_of_trace] = flush(),
     ok.
 
+diskless_wrap(cleanup,_Config) ->
+    ?line ?t:stop_node(ttb_helper:get_node(node2)).
 
 otp_4967_1(suite) ->
     [];
@@ -688,7 +777,7 @@ otp_4967_2(doc) ->
     ["OTP-4967: Trace message sent to {Name, Node}"];
 otp_4967_2(Config) when is_list(Config) ->
     io:format("1: ~p",[now()]),
-    ?line Privdir = ?config(priv_dir,Config),
+    ?line Privdir = priv_dir(Config),
     io:format("2: ~p",[now()]),
     ?line File = filename:join(Privdir,"otp_4967"),
     io:format("3: ~p",[now()]),
@@ -715,19 +804,41 @@ otp_4967_2(Config) when is_list(Config) ->
     io:format("11: ~p",[now()]),
     ?line true = lists:member(heihopp,Msgs), % the heihopp message itself
     io:format("13: ~p",[now()]),
-    ?line {value,{trace,_,send,heihopp,{_,otp_4967,Node}}} = 
+    ?line {value,{trace_ts,_,send,heihopp,{_,otp_4967,Node},{_,_,_}}} =
 	lists:keysearch(heihopp,4,Msgs), % trace trace of the heihopp message
     io:format("14: ~p",[now()]),
     ?line end_of_trace = lists:last(Msgs), % end of the trace
     ok.
     
 
-
-
 myhandler(_Fd,Trace,_,Relay) ->
     Relay ! Trace,
     Relay.
 
+simple_call_handler() ->
+    {fun(A, {trace_ts, _, call, _, _} ,_,_) -> io:format(A, "ok.~n", []);
+	(_, end_of_trace, _, _) -> ok end, []}.
+
+marking_call_handler() ->
+    {fun(_, _, _, initial) -> file:write_file("HANDLER_OK", []);
+	(_,_,_,_) -> ok end, initial}.
+
+counter_call_handler() ->
+    {fun(_, {trace_ts, _, call, _, _} ,_,State) -> State + 1;
+	(A, end_of_trace, _, State) -> io:format(A,"~p.~n", [State]) end, 0}.
+
+ret_caller_call_handler() ->
+    {fun(A, {trace_ts, _, call, _, _, _} ,_,_) -> io:format(A, "ok.~n", []);
+	(A, {trace_ts, _, return_from, _, _, _}, _, _) -> io:format(A, "ok.~n", []);
+	(_, _, _, _) -> ok end, []}.
+
+node_call_handler() ->
+    {fun(A, {trace_ts, {_,_,Node}, call, _, _} ,_,_) -> io:format(A, "~p.~n", [Node]);
+	(_, end_of_trace, _, _) -> ok end, []}.
+
+otherhandler(_Fd,_,end_of_trace,Relay) ->
+    Relay ! end_of_trace,
+    Relay;
 otherhandler(_Fd,Trace,TI,Relay) ->
     {value,{mytraceinfo,I}} = lists:keysearch(mytraceinfo,1,TI),
     Relay ! {Trace,I},
@@ -794,3 +905,630 @@ check_gone(Dir,File) ->
 	      false -> 
 		  ok
 	  end.
+
+start_client_and_server() ->
+    ?line {ok,ClientNode} = ?t:start_node(client,slave,[]),
+    ?line ok = ttb_helper:c(code, add_paths, [code:get_path()]),
+    ?line {ok,ServerNode} = ?t:start_node(server,slave,[]),
+    ?line ok = ttb_helper:s(code, add_paths, [code:get_path()]),
+    ?line ttb_helper:clear(),
+    {ServerNode, ClientNode}.
+
+stop_client_and_server() ->
+    ClientNode = ttb_helper:get_node(client),
+    ServerNode = ttb_helper:get_node(server),
+    erlang:monitor_node(ClientNode,true),
+    erlang:monitor_node(ServerNode,true),
+    ?line ?t:stop_node(ClientNode),
+    ?line ?t:stop_node(ServerNode),
+    wait_for_client_and_server_stop(ClientNode,ServerNode).
+
+wait_for_client_and_server_stop(undefined,undefined) ->
+    ok;
+wait_for_client_and_server_stop(ClientNode,ServerNode) ->
+    receive
+	{nodedown,ClientNode} ->
+	    erlang:monitor_node(ClientNode,false),
+	    wait_for_client_and_server_stop(undefined,ServerNode);
+	{nodedown,ServerNode} ->
+	    erlang:monitor_node(ServerNode,false),
+	    wait_for_client_and_server_stop(ClientNode,undefined)
+    end.
+
+begin_trace(ServerNode, ClientNode, Dest) ->
+    ?line {ok, _} =
+	ttb:tracer([ServerNode,ClientNode],[{file, Dest}]),
+    ?line ttb:p(all, call),
+    ?line ttb:tp(server, received, []),
+    ?line ttb:tp(client, put, []),
+    ?line ttb:tp(client, get, []).
+
+begin_trace_local(ServerNode, ClientNode, Dest) ->
+    ?line {ok, _} =
+	ttb:tracer([ServerNode,ClientNode],[{file, Dest}]),
+    ?line ttb:p(all, call),
+    ?line ttb:tpl(server, received, []),
+    ?line ttb:tpl(client, put, []),
+    ?line ttb:tpl(client, get, []).
+
+check_size(N, Dest, Output, ServerNode, ClientNode) ->
+    ?line begin_trace(ServerNode, ClientNode, Dest),
+    ?line case Dest of
+        {local, _} ->
+            ?line ttb_helper:msgs_ip(N);
+        _ ->
+            ?line ttb_helper:msgs(N)
+    end,
+    ?line {_, D} = ttb:stop([fetch, return_fetch_dir]),
+    ?line ttb:format(D, [{out, Output}, {handler, simple_call_handler()}]),
+    ?line {ok, Ret} = file:consult(Output),
+    ?line true = (N + 1 == length(Ret)).
+
+fetch_when_no_option_given(suite) ->
+    [];
+fetch_when_no_option_given(doc) ->
+    ["Fetch when no option given"];
+fetch_when_no_option_given(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line {ok, Privdir} = file:get_cwd(),
+    ?line [] = filelib:wildcard(filename:join(Privdir,"ttb_upload_temptest*")),
+    begin_trace(ServerNode, ClientNode, ?FNAME),
+    ?line ttb_helper:msgs(4),
+    ?line stopped = ttb:stop(),
+    ?line [_] = filelib:wildcard(filename:join(Privdir,"ttb_upload_temptest*")).
+
+fetch_when_no_option_given(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+
+basic_ttb_run_ip_port(suite) ->
+    [];
+basic_ttb_run_ip_port(doc) ->
+    ["Basic ttb run ip port"];
+basic_ttb_run_ip_port(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line check_size(1, {local, ?FNAME}, ?OUTPUT, ServerNode, ClientNode),
+    ?line check_size(2, {local, ?FNAME}, ?OUTPUT, ServerNode, ClientNode),
+    ?line check_size(10, {local, ?FNAME}, ?OUTPUT, ServerNode, ClientNode).
+basic_ttb_run_ip_port(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+basic_ttb_run_file_port(suite) ->
+    [];
+basic_ttb_run_file_port(doc) ->
+    ["Basic ttb run file port"];
+basic_ttb_run_file_port(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line check_size(1, ?FNAME, ?OUTPUT, ServerNode, ClientNode),
+    ?line check_size(2, ?FNAME, ?OUTPUT, ServerNode, ClientNode),
+    ?line check_size(10, ?FNAME, ?OUTPUT, ServerNode, ClientNode).
+basic_ttb_run_file_port(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+return_fetch_dir_implies_fetch(suite) ->
+    [];
+return_fetch_dir_implies_fetch(doc) ->
+    ["Return_fetch_dir implies fetch"];
+return_fetch_dir_implies_fetch(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace(ServerNode, ClientNode, ?FNAME),
+    ?line ttb_helper:msgs(2),
+    ?line {_,_} = ttb:stop([return_fetch_dir]).
+return_fetch_dir_implies_fetch(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+logfile_name_in_fetch_dir(suite) ->
+    [];
+logfile_name_in_fetch_dir(doc) ->
+    ["Logfile name in fetch dir"];
+logfile_name_in_fetch_dir(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace(ServerNode, ClientNode, {local, ?FNAME}),
+    ?line {_,Dir} = ttb:stop([return_fetch_dir]),
+    ?line P1 = lists:nth(3, string:tokens(filename:basename(Dir), "_")),
+    ?line P2 = hd(string:tokens(P1, "-")),
+    ?line _File = P2.
+logfile_name_in_fetch_dir(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+upload_to_my_logdir(suite) ->
+    [];
+upload_to_my_logdir(doc) ->
+    ["Upload to my logdir"];
+upload_to_my_logdir(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line {ok, _} =
+	ttb:tracer([ServerNode,ClientNode],[{file, ?FNAME}]),
+    ?line {stopped,_} = ttb:stop([return_fetch_dir, {fetch_dir, ?DIRNAME}]),
+    ?line true = filelib:is_file(?DIRNAME),
+    ?line [] = filelib:wildcard("ttb_upload_"++?FNAME).
+upload_to_my_logdir(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+upload_to_my_existing_logdir(suite) ->
+    [];
+upload_to_my_existing_logdir(doc) ->
+    ["Upload to my existing logdir"];
+upload_to_my_existing_logdir(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line ok = file:make_dir(?DIRNAME),
+    ?line {ok, _} =
+	ttb:tracer([ServerNode,ClientNode],[{file, ?FNAME}]),
+    ?line {error,_,_} = (catch ttb:stop([return_fetch_dir, {fetch_dir, ?DIRNAME}])),
+    ?line {stopped,_} = ttb:stop(return_fetch_dir).
+upload_to_my_existing_logdir(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+fetch_with_options_not_as_list(suite) ->
+    [];
+fetch_with_options_not_as_list(doc) ->
+    ["Fetch with options not as list"];
+fetch_with_options_not_as_list(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line {ok, _} =
+	ttb:tracer([ServerNode,ClientNode],[{file, ?FNAME}]),
+    ?line {stopped, D} = ttb:stop(return_fetch_dir),
+    ?line false = filelib:is_file(?OUTPUT),
+    ?line ttb:format(D, {out, ?OUTPUT}),
+    ?line true = filelib:is_file(?OUTPUT).
+fetch_with_options_not_as_list(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+error_when_formatting_multiple_files_4393(suite) ->
+    [];
+error_when_formatting_multiple_files_4393(doc) ->
+    ["Error when formatting multiple files"];
+error_when_formatting_multiple_files_4393(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace(ServerNode, ClientNode, ?FNAME),
+    ?line ttb_helper:msgs(2),
+    ?line {_, Dir} = ttb:stop(return_fetch_dir),
+    ?line Files = [filename:join(Dir, atom_to_list(ServerNode) ++ "-" ++ ?FNAME),
+		   filename:join(Dir, atom_to_list(ClientNode) ++ "-" ++ ?FNAME)],
+    ?line ok = ttb:format(Files).
+error_when_formatting_multiple_files_4393(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+format_on_trace_stop(suite) ->
+    [];
+format_on_trace_stop(doc) ->
+    ["Format on trace stop"];
+format_on_trace_stop(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace(ServerNode, ClientNode, {local, ?FNAME}),
+    ?line ttb_helper:msgs_ip(2),
+    ?line file:delete("HANDLER_OK"),
+    ?line {_,_} = ttb:stop([fetch, return_fetch_dir, {format, {handler, marking_call_handler()}}]),
+    ?line true = filelib:is_file("HANDLER_OK"),
+    ?line ok = file:delete("HANDLER_OK").
+format_on_trace_stop(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+%% The following three tests are for the issue "fixes fetch fail when nodes on the same host
+%% have different cwd"
+trace_to_remote_files_on_localhost_with_different_pwd(suite) ->
+    [];
+trace_to_remote_files_on_localhost_with_different_pwd(doc) ->
+    ["Trace to remote files on localhost with different pwd"];
+trace_to_remote_files_on_localhost_with_different_pwd(Config) when is_list(Config) ->
+    ?line {ok, OldDir} = file:get_cwd(),
+    ?line ok = file:set_cwd(".."),
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line check_size(2, ?FNAME, ?OUTPUT, ServerNode, ClientNode),
+    ?line ok = file:set_cwd(OldDir).
+trace_to_remote_files_on_localhost_with_different_pwd(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+trace_to_local_files_on_localhost_with_different_pwd(suite) ->
+    [];
+trace_to_local_files_on_localhost_with_different_pwd(doc) ->
+    ["Trace to local files on localhost with different pwd"];
+trace_to_local_files_on_localhost_with_different_pwd(Config) when is_list(Config) ->
+    ?line {ok, OldDir} = file:get_cwd(),
+    ?line ok = file:set_cwd(".."),
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line check_size(2, {local, ?FNAME}, ?OUTPUT, ServerNode, ClientNode),
+    ?line ok = file:set_cwd(OldDir).
+trace_to_local_files_on_localhost_with_different_pwd(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+trace_to_remote_files_on_localhost_with_different_pwd_abs(suite) ->
+    [];
+trace_to_remote_files_on_localhost_with_different_pwd_abs(doc) ->
+    ["Trace to remote files on localhost with different pwd abs"];
+trace_to_remote_files_on_localhost_with_different_pwd_abs(Config) when is_list(Config) ->
+    ?line {ok, OldDir} = file:get_cwd(),
+    ?line ok = file:set_cwd(".."),
+    ?line {ok, Path} = file:get_cwd(),
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line File = filename:join(Path, ?FNAME),
+    ?line check_size(2, File, ?OUTPUT, ServerNode, ClientNode),
+    ?line ok = file:set_cwd(OldDir).
+trace_to_remote_files_on_localhost_with_different_pwd_abs(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+%% Trace is not affected by changes of cwd on control node or remote nodes during tracing
+%% (three tests)
+changing_cwd_on_control_node(suite) ->
+    [];
+changing_cwd_on_control_node(doc) ->
+    ["Changing cwd on control node during tracing is safe"];
+changing_cwd_on_control_node(Config) when is_list(Config) ->
+    ?line {ok, OldDir} = file:get_cwd(),
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace(ServerNode, ClientNode, ?FNAME),
+    ?line NumMsgs = 3,
+    ?line ttb_helper:msgs(NumMsgs),
+    ?line ok = file:set_cwd(".."),
+    ?line ttb_helper:msgs(NumMsgs),
+    ?line {_, D} = ttb:stop([fetch, return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, simple_call_handler()}]),
+    ?line {ok, Ret} = file:consult(?OUTPUT),
+    ?line true = (2*(NumMsgs + 1) == length(Ret)),
+    ?line ok = file:set_cwd(OldDir).
+changing_cwd_on_control_node(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+changing_cwd_on_control_node_with_local_trace(suite) ->
+    [];
+changing_cwd_on_control_node_with_local_trace(doc) ->
+    ["Changing cwd on control node during local tracing is safe"];
+changing_cwd_on_control_node_with_local_trace(Config) when is_list(Config) ->
+    ?line {ok, OldDir} = file:get_cwd(),
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace(ServerNode, ClientNode, {local, ?FNAME}),
+    ?line NumMsgs = 3,
+    ?line ttb_helper:msgs_ip(NumMsgs),
+    ?line ok = file:set_cwd(".."),
+    ?line ttb_helper:msgs_ip(NumMsgs),
+    ?line {_, D} = ttb:stop([fetch, return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, simple_call_handler()}]),
+    ?line {ok, Ret} = file:consult(?OUTPUT),
+    ?line true = (2*(NumMsgs + 1) == length(Ret)),
+    ?line ok = file:set_cwd(OldDir).
+changing_cwd_on_control_node_with_local_trace(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+changing_cwd_on_remote_node(suite) ->
+    [];
+changing_cwd_on_remote_node(doc) ->
+    ["Changing cwd on remote node during tracing is safe"];
+changing_cwd_on_remote_node(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace(ServerNode, ClientNode, ?FNAME),
+    ?line NumMsgs = 2,
+    ?line ttb_helper:msgs(NumMsgs),
+    ?line ok = rpc:call(ClientNode, file, set_cwd, [".."]),
+    ?line ttb_helper:msgs(NumMsgs),
+    ?line {_, D} = ttb:stop([fetch, return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, simple_call_handler()}]),
+    ?line {ok, Ret} = file:consult(?OUTPUT),
+    ?line true = (2*(NumMsgs + 1) == length(Ret)).
+changing_cwd_on_remote_node(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+one_command_trace_setup(suite) ->
+    [];
+one_command_trace_setup(doc) ->
+    ["One command trace setup"];
+one_command_trace_setup(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line ttb:start_trace([ClientNode, ServerNode],
+			  [{server, received, '_', []},
+			   {client, put, 1, []},
+			   {client, get, '_', []}],
+			  {all, call},
+			  [{file, ?FNAME}]),
+    ?line ttb_helper:msgs(2),
+    ?line {_, D} = ttb:stop(return_fetch_dir),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, simple_call_handler()}]),
+    ?line {ok, Ret} = file:consult(?OUTPUT),
+    ?line 5 = length(Ret).
+one_command_trace_setup(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+dbg_style_fetch(suite) ->
+    [];
+dbg_style_fetch(doc) ->
+    ["Dbg style fetch"];
+dbg_style_fetch(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line DirSize = length(element(2, file:list_dir("."))),
+    ?line ttb:start_trace([ClientNode, ServerNode],
+			  [{server, received, '_', []},
+			   {client, put, 1, []},
+			   {client, get, '_', []}],
+			  {all, call},
+			  [{shell, only}]),
+    ?line DirSize = length(element(2, file:list_dir("."))),
+    ?line ttb_helper:msgs(2),
+    ?line DirSize = length(element(2, file:list_dir("."))),
+    ?line stopped, ttb:stop(format),
+    %%+1 -> ttb_last_trace
+    ?line true = (DirSize + 1 == length(element(2, file:list_dir(".")))),
+    ?line {ok,[{all, [{matched,_,_}, {matched,_,_}]}]} =
+	ttb:start_trace([ClientNode, ServerNode],
+			[{server, received, '_', []},
+			 {client, put, 1, []},
+			 {client, get, '_', []}],
+			{all, call},
+			[{shell, only}]),
+    ?line ttb:stop().
+dbg_style_fetch(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+shell_tracing_init(suite) ->
+    [];
+shell_tracing_init(doc) ->
+    ["Shell tracing init"];
+shell_tracing_init(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line ttb:tracer([ClientNode, ServerNode], shell),
+    ?line ttb:stop(),
+    ?line ttb:tracer([ClientNode, ServerNode],
+		     [{file, {local, ?FNAME}}, shell]),
+    ?line ttb:stop(),
+    ?line local_client_required_on_shell_tracing =
+	try  ttb:tracer([ClientNode, ServerNode],[{file, ?FNAME}, shell])
+	catch
+	    exit:local_client_required_on_shell_tracing ->
+		local_client_required_on_shell_tracing
+	end.
+shell_tracing_init(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+only_one_state_for_format_handler(suite) ->
+    [];
+only_one_state_for_format_handler(doc) ->
+    ["Only one state for format handler"];
+only_one_state_for_format_handler(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace_local(ServerNode, ClientNode, ?FNAME),
+    ?line ttb_helper:msgs(2),
+    ?line {_, D} = ttb:stop([return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, counter_call_handler()}]),
+    ?line {ok, Ret} = file:consult(?OUTPUT),
+    ?line [5] = Ret.
+only_one_state_for_format_handler(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+only_one_state_with_default_format_handler(suite) ->
+    [];
+only_one_state_with_default_format_handler(doc) ->
+    ["Only one state with default format handler"];
+only_one_state_with_default_format_handler(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace_local(ServerNode, ClientNode, ?FNAME),
+    ?line ttb_helper:msgs(2),
+    ?line {_, D} = ttb:stop([return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}]),
+    ?line true = filelib:is_file(?OUTPUT).
+only_one_state_with_default_format_handler(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+only_one_state_with_initial_format_handler(suite) ->
+    [];
+only_one_state_with_initial_format_handler(doc) ->
+    ["Only one state with initial format handler"];
+only_one_state_with_initial_format_handler(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line {ok, _} =
+	ttb:tracer([ServerNode,ClientNode],[{file, ?FNAME}, {handler, counter_call_handler()}]),
+    ?line ttb:p(all, call),
+    ?line ttb:tpl(server, received, []),
+    ?line ttb:tpl(client, put, []),
+    ?line ttb:tpl(client, get, []),
+    ?line ttb_helper:msgs(2),
+    ?line {_, D} = ttb:stop([return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}]),
+    ?line {ok, Ret} = file:consult(?OUTPUT),
+    ?line [5] = Ret.
+only_one_state_with_initial_format_handler(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+run_trace_with_shortcut(Shortcut, Ret, F) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line {ok, _} =
+	ttb:tracer([ServerNode,ClientNode],[{file, ?FNAME}]),
+    ?line ttb:p(all, call),
+    ?line ttb:F(client, put, Shortcut),
+    ?line ttb_helper:msgs(2),
+    ?line {_, D} = ttb:stop([return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, ret_caller_call_handler()}]),
+    ?line {ok, Ret} =file:consult(?OUTPUT),
+    ?line stop_client_and_server().
+
+fun_for(return) ->
+    {codestr, "fun(_) -> return_trace() end"};
+fun_for(msg_false) ->
+    {codestr, "fun(_) -> message(false) end"}.
+
+run_trace_with_shortcut1(suite) ->
+    [];
+run_trace_with_shortcut1(doc) ->
+    ["Run trace with shortcut 1"];
+run_trace_with_shortcut1(Config) when is_list(Config) ->
+    ?line run_trace_with_shortcut(caller, [ok,ok], tp),
+    ?line run_trace_with_shortcut(caller, [ok,ok], tpl).
+run_trace_with_shortcut1(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+run_trace_with_shortcut2(suite) ->
+    [];
+run_trace_with_shortcut2(doc) ->
+    ["Run trace with shortcut 2"];
+run_trace_with_shortcut2(Config) when is_list(Config) ->
+    ?line run_trace_with_shortcut(return, [ok,ok], tp),
+    ?line run_trace_with_shortcut(return, [ok,ok], tpl).
+run_trace_with_shortcut2(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+run_trace_with_shortcut3(suite) ->
+    [];
+run_trace_with_shortcut3(doc) ->
+    ["Run trace with shortcut 3"];
+run_trace_with_shortcut3(Config) when is_list(Config) ->
+    ?line run_trace_with_shortcut(fun_for(return), [ok,ok], tp),
+    ?line run_trace_with_shortcut(fun_for(return), [ok,ok], tpl).
+run_trace_with_shortcut3(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+run_trace_with_shortcut4(suite) ->
+    [];
+run_trace_with_shortcut4(doc) ->
+    ["Run trace with shortcut 4"];
+run_trace_with_shortcut4(Config) when is_list(Config) ->
+    ?line run_trace_with_shortcut(fun_for(msg_false), [], tp),
+    ?line run_trace_with_shortcut(fun_for(msg_false), [], tpl).
+run_trace_with_shortcut4(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+cant_specify_local_and_flush(suite) ->
+    [];
+cant_specify_local_and_flush(doc) ->
+    ["Can't specify local and flush"];
+cant_specify_local_and_flush(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line flush_unsupported_with_ip_trace_port =
+	try ttb:tracer([ServerNode, ClientNode],
+		       [{flush, 1000}, {file, {local, ?FNAME}}])
+	catch
+	    exit:flush_unsupported_with_ip_trace_port ->
+		flush_unsupported_with_ip_trace_port
+	end.
+cant_specify_local_and_flush(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+trace_sorted_by_default(suite) ->
+    [];
+trace_sorted_by_default(doc) ->
+    ["Trace sorted by default"];
+trace_sorted_by_default(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace_local(ServerNode, ClientNode, ?FILE),
+    ?line ttb_helper:msgs(2),
+    ?line {_, D} = ttb:stop([return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, node_call_handler()}, {disable_sort, false}]),
+    {ok, Ret} = file:consult(?OUTPUT),
+    ?line [ClientNode,ServerNode,ClientNode,ServerNode,ServerNode] = Ret.
+trace_sorted_by_default(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+disable_sorting(suite) ->
+    [];
+disable_sorting(doc) ->
+    ["Disable sorting"];
+disable_sorting(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace_local(ServerNode, ClientNode, ?FILE),
+    ?line ttb_helper:msgs(2),
+    ?line {_, D} = ttb:stop([return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, node_call_handler()}, {disable_sort, true}]),
+    {ok, Ret} = file:consult(?OUTPUT),
+    ?line [ClientNode,ClientNode,ServerNode,ServerNode,ServerNode] = Ret.
+disable_sorting(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+%% -----------------------------------------------------------------------------
+%% tests for autoresume of tracing
+%% -----------------------------------------------------------------------------
+
+trace_resumed_after_node_restart(suite) ->
+    [];
+trace_resumed_after_node_restart(doc) ->
+    ["Test trace resumed after node restart, trace to files on remote node."];
+trace_resumed_after_node_restart(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace_with_resume(ServerNode, ClientNode, ?FNAME),
+    ?line logic(2,6,file).
+trace_resumed_after_node_restart(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+trace_resumed_after_node_restart_ip(suite) ->
+    [];
+trace_resumed_after_node_restart_ip(doc) ->
+    ["Test trace resumed after node restart, trace via tcp/ip to local node."];
+trace_resumed_after_node_restart_ip(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace_with_resume(ServerNode, ClientNode, {local, ?FNAME}),
+    ?line logic(2,6,local).
+trace_resumed_after_node_restart_ip(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+trace_resumed_after_node_restart_wrap(suite) ->
+    [];
+trace_resumed_after_node_restart_wrap(doc) ->
+    ["Test trace resumed after node restart, wrap option."];
+trace_resumed_after_node_restart_wrap(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace_with_resume(ServerNode, ClientNode, {wrap, ?FNAME, 10, 4}),
+    ?line logic(1,4,file).
+trace_resumed_after_node_restart_wrap(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+trace_resumed_after_node_restart_wrap_mult(suite) ->
+    [];
+trace_resumed_after_node_restart_wrap_mult(doc) ->
+    ["Test trace resumed after node restart, wrap option, multiple files."];
+trace_resumed_after_node_restart_wrap_mult(Config) when is_list(Config) ->
+    ?line {ServerNode, ClientNode} = start_client_and_server(),
+    ?line begin_trace_with_resume(ServerNode, ClientNode, {wrap, ?FNAME, 10, 4}),
+    ?line logic(20,8,file).
+trace_resumed_after_node_restart_wrap_mult(cleanup,_Config) ->
+    ?line stop_client_and_server().
+
+logic(N, M, TracingType) ->
+    helper_msgs(N, TracingType),
+    ?t:stop_node(ttb_helper:get_node(client)),
+    timer:sleep(2500),
+    ?line {ok,_ClientNode} = ?t:start_node(client,slave,[]),
+    ?line ok = ttb_helper:c(code, add_paths, [code:get_path()]),
+    ?line ttb_helper:c(client, init, []),
+    ?line helper_msgs(N, TracingType),
+    ?line {_, D} = ttb:stop([return_fetch_dir]),
+    ?line ttb:format(D, [{out, ?OUTPUT}, {handler, ret_caller_call_handler2()}]),
+    ?line {ok, Ret} = file:consult(?OUTPUT),
+    ?line M = length(Ret).
+
+begin_trace_with_resume(ServerNode, ClientNode, Dest) ->
+    ?line {ok, _} = ttb:tracer([ServerNode,ClientNode], [{file, Dest}, resume]),
+    ?line ttb:p(all, [call, timestamp]),
+    ?line ttb:tp(server, received, []),
+    ?line ttb:tp(client, put, []),
+    ?line ttb:tp(client, get, []).
+
+ret_caller_call_handler2() ->
+    {fun(A, {trace_ts, _, call, _, _} ,_,_) -> io:format(A, "ok.~n", []);
+	(_, _, _, _) -> ok end, []}.
+
+helper_msgs(N, TracingType) ->
+    case TracingType of
+        local ->
+            ttb_helper:msgs_ip(N);
+        _ ->
+            ttb_helper:msgs(N)
+    end.
+
+priv_dir(Conf) ->
+    %% Due to problem with long paths on windows => creating a new
+    %% priv_dir under data_dir
+    Dir = filename:absname(filename:join(?config(data_dir, Conf),priv_dir)),
+    filelib:ensure_dir(filename:join(Dir,"*")),
+    Dir.
+
+clean_priv_dir(Config) ->
+    PrivDir = priv_dir(Config),
+    case filelib:is_dir(PrivDir) of
+        true -> rm(PrivDir);
+        false -> ok
+    end.
+
+rm(This) ->
+    case filelib:is_dir(This) of
+        true ->
+            {ok,Files} = file:list_dir(This),
+            [rm(filename:join(This,F)) || F <- Files],
+	    file:del_dir(This);
+        false ->
+	    file:delete(This)
+    end.
diff --git a/lib/observer/test/ttb_helper.erl b/lib/observer/test/ttb_helper.erl
new file mode 100644
index 0000000000..76b06cd3ce
--- /dev/null
+++ b/lib/observer/test/ttb_helper.erl
@@ -0,0 +1,157 @@
+-module(ttb_helper). %%Nodes control
+-compile(export_all).
+
+%%API
+%%get() -> client:get()
+%%put(X) -> client:put(X)
+%%msgs(N) -> N times client:put(test_msg)
+%%clear() -> restart server
+%%ensure_running() / stop() -> start/stop nodes
+%%get_node(atom) -> return atom@hostname
+
+-define(NODE_CMD(Name),
+	"erl -sname " ++ atom_to_list(Name) ++
+	" -pa .. -pa . -detached -run ttb_helper send_ok").
+-define(REG_NAME, nc_testing).
+
+new_fun() ->
+    fun(_, end_of_trace, _, Dict) -> io:format("~p~n", [dict:to_list(Dict)]);
+       (_, T, _, Dict) -> case element(2, T) of
+                              {Pid, _, _} ->
+                                  dict:update_counter(Pid, 1, Dict);
+                              Pid ->
+                                  dict:update_counter(Pid, 1, Dict)
+                          end
+    end.
+
+new_fun_2() ->
+    fun(_, end_of_trace, _, Dict) -> io:format("~p~n", [dict:to_list(Dict)]);
+       (_, T, _, Dict) ->  case element(2, T) of
+                               {_, Name, _} when is_atom(Name)->
+                                  dict:update_counter(Name, 1, Dict);
+                              Pid ->
+                                  dict:update_counter(Pid, 1, Dict)
+                          end
+
+    end.
+
+
+ensure_running() ->
+    try_start_node(server),
+    try_start_node(client),
+    clear().
+
+try_start_node(Node) ->
+    global:unregister_name(?REG_NAME),
+    global:register_name(?REG_NAME, self()),
+    global:sync(),
+    N = get_node(Node),
+    case net_adm:ping(N) of
+	pong ->
+	    io:format("Node ~p already running~n", [N]);
+	_ ->
+	    io:format("Starting node ~p... ~p ", [Node, os:cmd(?NODE_CMD(Node))]),
+	    recv()
+    end.
+
+clear() ->
+    s(server, stop, []),
+    init().
+
+stop() ->
+    s(init, stop, []),
+    c(init, stop, []).
+
+msgs(N) ->
+    [c(client, put, [test_msg]) || _ <- lists:seq(1, N)],
+    s(server, received, [a,b]),
+    [dbg:flush_trace_port(Node) || Node <- [get_node(client), get_node(server)]].
+
+msgs_ip(N) ->
+    [c(client, put, [test_msg]) || _ <- lists:seq(1, N)],
+    s(server, received, [a,b]),
+    timer:sleep(200). %% allow trace messages to arrive over tcp/ip
+
+run() ->
+    ttb({local, "A"}),
+    msgs(2),
+    c(erlang, whereis, [ttbt]).
+
+get() -> c(client, get, []).
+put(Thing) -> c(client, put, [Thing]).
+
+get_node(Node) ->
+    {ok, Host} = inet:gethostname(),
+    list_to_atom(atom_to_list(Node) ++ "@" ++ Host).
+
+trace_setup() ->
+    ttb:p(all, call),
+    ttb:tp(server, received, []),
+    ttb:tp(client, put, []),
+    ttb:tp(client, get, []).
+
+ttb() -> ttb("A").
+ttb(File) ->
+    ttb:tracer([get_node(client), get_node(server)], [{file, File}, resume]),
+    ttb:p(all, [call, timestamp]),
+    ttb:tp(client, put, []),
+    ttb:tp(client, get, []),
+    ttb:tp(server, received, []).
+
+tc() ->
+    TC = example_config_gen:create_trace_case("dummy comment"),
+    Patterns = example_config_gen:create_pattern(client, put, 1, return),
+    Flags = example_config_gen:create_flags(all, call),
+    Merge = example_config_gen:create_merge_conf(show_handler(), "dummy merge comment"),
+    Merge2 = example_config_gen:create_merge_conf(undefined, "dummy merge comment"),
+    TC2 = example_config_gen:add_pattern(Patterns, TC),
+    TC3 = example_config_gen:add_flags(Flags, TC2),
+    TC4 = example_config_gen:add_merge_conf(Merge, TC3),
+    TC5 = example_config_gen:add_merge_conf(Merge2, TC4),
+    example_config_gen:add_nodes([get_node(client), get_node(server)], TC5).
+
+
+show(X) ->
+    io:format(user, "Showing: ~p~n", [X]).
+
+state_handler() ->
+    {fun(_,_,I,S) -> io:format(user, "Got from ~p: ~p~n", [I,S]), S+1 end, 0}.
+
+show_handler() ->
+    {fun(A,B,_,_) -> io:format(A, "~p~n", [B]) end, []}.
+
+opts() ->
+    [[get_node(client), get_node(server)],
+     [{server, received, '_', []},
+      {client, put, '_', []},
+      {client, get, '_', []}],
+     {all, call},
+     [{file, "TEST"}]].
+
+overload_check(check) ->
+    true;
+overload_check(_) ->
+    ok.
+%%%Internal
+s(M, F, A) -> rpc:call(get_node(server), M, F, A).
+c(M, F, A) -> rpc:call(get_node(client), M, F, A).
+
+send_ok() ->
+    pong = net_adm:ping(get_node(test)),
+    global:sync(),
+    global:send(?REG_NAME, node()).
+
+init() ->
+    True = s(server, start, []),
+    io:format("ok1: ~p~n", [True]),
+    true = c(client, init, [get_node(server)]).
+
+recv() ->
+    receive
+	Node ->
+	    io:format("Node ~p ready.~n", [Node]),
+            ok
+    after 5000 ->
+	    io:format("Startup failed~n",[]),
+	    throw(startup_failed)
+    end.
diff --git a/lib/observer/vsn.mk b/lib/observer/vsn.mk
index 76e2f591fa..fa104ede01 100644
--- a/lib/observer/vsn.mk
+++ b/lib/observer/vsn.mk
@@ -1 +1 @@
-OBSERVER_VSN = 0.9.10
+OBSERVER_VSN = 1.0
diff --git a/lib/odbc/aclocal.m4 b/lib/odbc/aclocal.m4
index 151fd5ea5a..339a15a2bb 120000..100644
--- a/lib/odbc/aclocal.m4
+++ b/lib/odbc/aclocal.m4
@@ -1 +1,1766 @@
-../../erts/aclocal.m4
\ No newline at end of file
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/odbc/c_src/Makefile.in b/lib/odbc/c_src/Makefile.in
index ed3eeb1d42..3a96a53ef8 100644
--- a/lib/odbc/c_src/Makefile.in
+++ b/lib/odbc/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -89,9 +89,10 @@ TARGET_FLAGS =  @TARGET_FLAGS@
 # ----------------------------------------------------
 # Targets
 # ----------------------------------------------------
+_create_dirs := $(shell mkdir -p $(OBJ_DIR) $(BIN_DIR))
 
 ifdef EXE_TARGET
-opt debug: create_dirs $(EXE_TARGET) 
+opt debug: $(EXE_TARGET) 
 else
 opt debug:
 endif
@@ -119,10 +120,6 @@ endif
 $(OBJ_DIR)/odbcserver.o: odbcserver.c
 	$(CC) $(CFLAGS) $(INCLUDES) $(TARGET_FLAGS) -o $@ -c odbcserver.c
 
-create_dirs:
-	$(INSTALL_DIR) $(OBJ_DIR)
-	$(INSTALL_DIR) $(BIN_DIR)
-
 # ----------------------------------------------------
 # Release Target
 # ---------------------------------------------------- 
diff --git a/lib/odbc/configure.in b/lib/odbc/configure.in
index 2369e16813..bec65c71bf 100644
--- a/lib/odbc/configure.in
+++ b/lib/odbc/configure.in
@@ -1,7 +1,7 @@
 dnl
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 2005-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 2005-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -63,25 +63,11 @@ AC_PROG_CC
 dnl ---------------------------------------------------------------------
 dnl Special windows stuff regarding CFLAGS and details in the environment...
 dnl ---------------------------------------------------------------------
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
+LM_WINDOWS_ENVIRONMENT
+	
 AC_PROG_MAKE_SET
 
-AC_CHECK_PROG(LD, ld.sh)
+AC_CHECK_PROGS(LD, ld.sh)
 AC_CHECK_TOOL(LD, ld, '$(CC)')
 
 AC_SUBST(LD)
diff --git a/lib/odbc/doc/src/Makefile b/lib/odbc/doc/src/Makefile
index e2f09733d0..0d456085f3 100644
--- a/lib/odbc/doc/src/Makefile
+++ b/lib/odbc/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -29,14 +29,6 @@ VSN=$(ODBC_VSN)
 APPLICATION=odbc
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -89,32 +81,10 @@ EXTRA_FILES = $(DEFAULT_GIF_FILES) \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-TOP_PS_FILE  = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -128,8 +98,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif			# Copy them to ../html
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -144,32 +112,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)	# We depend just to copy them to ../html
@@ -182,8 +124,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -193,32 +133,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-	$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-endif
-endif
-
-endif 
 
 release_spec:
-
-
-
-
diff --git a/lib/odbc/doc/src/make.dep b/lib/odbc/doc/src/make.dep
deleted file mode 100644
index d62e8dd8f0..0000000000
--- a/lib/odbc/doc/src/make.dep
+++ /dev/null
@@ -1,27 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex databases.tex error_handling.tex \
-		getting_started.tex introduction.tex odbc.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: odbc_app_arc.ps
-
diff --git a/lib/odbc/doc/src/notes.xml b/lib/odbc/doc/src/notes.xml
index 9c6ca8a017..08763163b8 100644
--- a/lib/odbc/doc/src/notes.xml
+++ b/lib/odbc/doc/src/notes.xml
@@ -31,7 +31,43 @@
   <p>This document describes the changes made to the odbc application.
   </p>
 
-  <section><title>ODBC 2.10.11</title>
+  <section><title>ODBC 2.10.12</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    An ODBC process should exit normally if its client exits
+	    with 'shutdown'</p>
+          <p>
+	    There is nothing strange about the client shutting down,
+	    so the ODBC process should exit normally to avoid
+	    generating a crash report for a non-problem. (Thanks to
+	    Magnus Henoch)</p>
+          <p>
+	    Own Id: OTP-9716</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>ODBC 2.10.11</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/odbc/src/odbc.appup.src b/lib/odbc/src/odbc.appup.src
index f3a3af8c29..853323da09 100644
--- a/lib/odbc/src/odbc.appup.src
+++ b/lib/odbc/src/odbc.appup.src
@@ -1,10 +1,12 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
+  {"2.10.11", [{restart_application, odbc}]},
   {"2.10.10", [{restart_application, odbc}]},
   {"2.10.9", [{restart_application, odbc}]}
  ],
  [
+  {"2.10.11", [{restart_application, odbc}]},
   {"2.10.10", [{restart_application, odbc}]},
   {"2.10.9", [{restart_application, odbc}]}
  ]}.
diff --git a/lib/odbc/src/odbc.erl b/lib/odbc/src/odbc.erl
index 68497292db..36afd1abcf 100644
--- a/lib/odbc/src/odbc.erl
+++ b/lib/odbc/src/odbc.erl
@@ -748,6 +748,9 @@ handle_info({'DOWN', _Ref, _Type, _Process, normal}, State) ->
     
 handle_info({'DOWN', _Ref, _Type, _Process, timeout}, State) ->
     {stop, normal, State#state{reply_to = undefined}};
+
+handle_info({'DOWN', _Ref, _Type, _Process, shutdown}, State) ->
+    {stop, normal, State#state{reply_to = undefined}};
  
 handle_info({'DOWN', _Ref, _Type, Process, Reason}, State) ->
     {stop, {stopped, {'EXIT', Process, Reason}}, 
diff --git a/lib/odbc/vsn.mk b/lib/odbc/vsn.mk
index 120ed9ee3d..fb6e208a52 100644
--- a/lib/odbc/vsn.mk
+++ b/lib/odbc/vsn.mk
@@ -1 +1 @@
-ODBC_VSN = 2.10.11
+ODBC_VSN = 2.10.12
diff --git a/lib/orber/COSS/CosNaming/Makefile b/lib/orber/COSS/CosNaming/Makefile
index d3deec7600..064447f148 100644
--- a/lib/orber/COSS/CosNaming/Makefile
+++ b/lib/orber/COSS/CosNaming/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -113,7 +113,7 @@ debug:
 	@${MAKE} TYPE=debug
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES)  $(APP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES)  $(APP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC)
@@ -124,13 +124,15 @@ docs:
 # ----------------------------------------------------
 # Special Build Targets
 # ----------------------------------------------------
-$(GEN_FILES): cos_naming_ext.idl cos_naming.idl
+IDL-GENERATED: cos_naming_ext.idl cos_naming.idl
 	erlc $(ERL_IDL_FLAGS) +'{this,"CosNaming::NamingContext"}' \
 	+'{this,"CosNaming::NamingContextExt"}' cos_naming_ext.idl
 	erlc $(ERL_IDL_FLAGS) +'{this,"CosNaming::NamingContext"}' cos_naming.idl
+	>IDL-GENERATED
 
-#	echo "ic:gen(cos_naming, [{this, \"CosNaming::NamingContext\"}]), halt()."| $(ERL) $(ERL_IDL_FLAGS)
+$(GEN_FILES): IDL-GENERATED
 
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/orber/doc/src/Makefile b/lib/orber/doc/src/Makefile
index b8e26d5ba3..68fbe3dce0 100644
--- a/lib/orber/doc/src/Makefile
+++ b/lib/orber/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -28,14 +28,6 @@ VSN=$(ORBER_VSN)
 APPLICATION=orber
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -128,32 +120,10 @@ EXTRA_FILES = summary.html.src \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-TOP_PS_FILE  = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -167,8 +137,6 @@ $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -184,35 +152,6 @@ clean clean_docs:
 	rm -f errs core *~
 	rm -f $(JD_HTML) $(JD_PACK)
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(INTERNAL_HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTMLDIR)/*
-	rm -f $(MAN3DIR)/*
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-	rm -f $(JD_HTML) $(JD_PACK)
-
-endif
-
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -224,9 +163,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -236,30 +172,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-
-endif
-endif
-
-endif
 
 release_spec:
-
diff --git a/lib/orber/doc/src/Orber/ignore_config_record.inf b/lib/orber/doc/src/Orber/ignore_config_record.inf
deleted file mode 100644
index 0a5053eba3..0000000000
--- a/lib/orber/doc/src/Orber/ignore_config_record.inf
+++ /dev/null
@@ -1 +0,0 @@
-This file makes clearmake use the -T switch for this subdirectory
diff --git a/lib/orber/doc/src/ch_install.xml b/lib/orber/doc/src/ch_install.xml
index dde4bf4006..de9c0e3a9d 100644
--- a/lib/orber/doc/src/ch_install.xml
+++ b/lib/orber/doc/src/ch_install.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -394,84 +394,16 @@ nodeB@hostB> orber:start().
         <cell align="left" valign="middle">The same as <c>iiop_ssl_port</c></cell>
       </row>
       <row>
-        <cell align="left" valign="middle">ssl_server_cacertfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_certfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_verify</cell>
-        <cell align="left" valign="middle">0 | 1 | 2</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_depth</cell>
-        <cell align="left" valign="middle">integer()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_password</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_keyfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_ciphers</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
+        <cell align="left" valign="middle">ssl_server_options</cell>
+        <cell align="left" valign="middle">list()</cell>
+        <cell align="left" valign="middle">See the <seealso marker="ssl:ssl">SSL</seealso> application 
+	for valid options.</cell>
       </row>
       <row>
-        <cell align="left" valign="middle">ssl_server_cachetimeout</cell>
-        <cell align="left" valign="middle">integer() | infinity</cell>
-        <cell align="left" valign="middle">infinity</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_cacertfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_certfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_verify</cell>
-        <cell align="left" valign="middle">0 | 1 | 2</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_depth</cell>
-        <cell align="left" valign="middle">integer()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_password</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_keyfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_ciphers</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_cachetimeout</cell>
-        <cell align="left" valign="middle">integer() | infinity</cell>
-        <cell align="left" valign="middle">infinity</cell>
+        <cell align="left" valign="middle">ssl_client_options</cell>
+        <cell align="left" valign="middle">list()</cell>
+        <cell align="left" valign="middle">See the <seealso marker="ssl:ssl">SSL</seealso> application 
+	for valid options.</cell>
       </row>
       <row>
         <cell align="left" valign="middle">iiop_ssl_out_keepalive</cell>
@@ -698,40 +630,10 @@ nodeB@hostB> orber:start().
       <item>If set, the value must be an integer greater than zero or 
       <c>{local, DefaultNATPort, [{Port, NATPort}]}</c>. See also
       <seealso marker="ch_install#firewall">Firewall Configuration</seealso>.</item>
-      <tag><em>ssl_server_cacertfile</em></tag>
+      <tag><em>ssl_server_options</em></tag>
       <item>the file path to a server side CA certificate.</item>
-      <tag><em>ssl_server_certfile</em></tag>
-      <item>The path to a file containing a chain of PEM encoded certificates.</item>
-      <tag><em>ssl_server_verify</em></tag>
-      <item>The type of verification used by SSL during authentication of the
-       other peer for incoming calls.</item>
-      <tag><em>ssl_server_depth</em></tag>
-      <item>The SSL verification depth for outgoing calls.</item>
-      <tag><em>ssl_server_password</em></tag>
-      <item>The server side key string.</item>
-      <tag><em>ssl_server_keyfile</em></tag>
-      <item>The file path to a server side key.</item>
-      <tag><em>ssl_server_ciphers</em></tag>
-      <item>The server side cipher string.</item>
-      <tag><em>ssl_server_cachetimeout</em></tag>
-      <item>The server side cache timeout.</item>
-      <tag><em>ssl_client_cacertfile</em></tag>
-      <item>The file path to a client side CA certificate.</item>
-      <tag><em>ssl_client_certfile</em></tag>
+      <tag><em>ssl_client_options</em></tag>
       <item>The path to a file containing a chain of PEM encoded certificates.</item>
-      <tag><em>ssl_client_verify</em></tag>
-      <item>The type of verification used by SSL during authentication of the
-       other peer for outgoing calls.</item>
-      <tag><em>ssl_client_depth</em></tag>
-      <item>The SSL verification depth for incoming calls.</item>
-      <tag><em>ssl_client_password</em></tag>
-      <item>The client side key string.</item>
-      <tag><em>ssl_client_keyfile</em></tag>
-      <item>The file path to a client side key.</item>
-      <tag><em>ssl_client_ciphers</em></tag>
-      <item>The client side cipher string.</item>
-      <tag><em>ssl_client_cachetimeout</em></tag>
-      <item>The client side cache timeout.</item>
       <tag><em>iiop_ssl_out_keepalive</em></tag>
       <item>Enables periodic transmission on a connected socket, when no other 
        data is being exchanged. If the other end does not respond, the 
diff --git a/lib/orber/doc/src/ch_security.xml b/lib/orber/doc/src/ch_security.xml
index 938025a629..a25a8a5052 100644
--- a/lib/orber/doc/src/ch_security.xml
+++ b/lib/orber/doc/src/ch_security.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2009</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -55,40 +55,15 @@
 
     <section>
       <title>Configurations when Orber is Used on the Server Side</title>
-      <p>The following three configuration variables can be used to configure Orber's SSL
-        behavior on the server side.</p>
+      <p>There is a variable to conficure Orber's SSL behavior on the server side.</p>
       <list type="bulleted">
-        <item><em>ssl_server_certfile</em> - which is a path to a file containing a
-         chain of PEM encoded certificates for the Orber domain as server.</item>
-        <item><em>ssl_server_cacertfile</em> - which is a path to a file containing 
-         a chain of PEM encoded certificates for the Orber domain as server.</item>
-        <item><em>ssl_server_verify</em> - which specifies type of verification: 
-         0 = do not verify peer; 1 = verify peer, verify client once,
-         2 = verify peer, verify client once, fail if no peer certificate. 
-         The default value is 0.</item>
-        <item><em>ssl_server_depth</em> - which specifies verification depth, i.e. 
-         how far in a chain of certificates the verification process shall
-         proceed before the verification is considered successful. The default
-         value is 1. </item>
-        <item><em>ssl_server_keyfile</em> - which is a path to a file containing a
-         PEM encoded key for the Orber domain as server.</item>
-        <item><em>ssl_server_password</em> - only used if the private keyfile is
-         password protected.</item>
-        <item><em>ssl_server_ciphers</em> - which is string of ciphers as a colon
-         separated list of ciphers.</item>
-        <item><em>ssl_server_cachetimeout</em> - which is the session cache timeout
-         in seconds.</item>
+        <item><em>ssl_server_options</em> - which is a list of options to ssl. 
+        See the <seealso marker="ssl:ssl">SSL</seealso> application for further 
+	descriptions on these options.</item>
       </list>
-      <p>There also exist a number of API functions for accessing the values of these variables:</p>
+      <p>There also exist an API function for accessing the value of this variable:</p>
       <list type="bulleted">
-        <item>orber:ssl_server_certfile/0</item>
-        <item>orber:ssl_server_cacertfile/0</item>
-        <item>orber:ssl_server_verify/0</item>
-        <item>orber:ssl_server_depth/0</item>
-        <item>orber:ssl_server_keyfile/0</item>
-        <item>orber:ssl_server_password/0</item>
-        <item>orber:ssl_server_ciphers/0</item>
-        <item>orber:ssl_server_cachetimeout/0</item>
+        <item>orber:ssl_server_options/0</item>
       </list>
     </section>
 
@@ -97,50 +72,22 @@
       <p>When the Orber enabled application is the client side in the secure connection the 
         different configurations can be set per client process instead and not for the whole domain
         as for incoming calls.</p>
-      <p>One can use configuration variables to set default values for the domain but they can be changed 
-        per client process. Below is the list of client configuration variables.</p>
+      <p>There is a variable to set default values for the domain but they can be changed 
+        per client process.</p>
       <list type="bulleted">
-        <item><em>ssl_client_certfile</em> - which is a path to a file containing a
-         chain of PEM encoded certificates used in outgoing calls in the current
-         process.</item>
-        <item><em>ssl_client_cacertfile</em> - which is a path to a file containing a
-         chain of PEM encoded CA certificates used in outgoing calls in the
-         current process.</item>
-        <item><em>ssl_client_verify</em> - which specifies type of verification: 
-         0 = do not verify peer; 1 = verify peer, verify client once, 
-         2 = verify peer, verify client once, fail if no peer certificate. 
-         The default value is 0.</item>
-        <item><em>ssl_client_depth</em> - which specifies verification depth, i.e. 
-         how far in a chain of certificates the verification process shall proceed
-         before the verification is considered successful. The default value is 1. </item>
-        <item><em>ssl_client_keyfile</em> - which is a path to a file containing a
-         PEM encoded key when Orber act as client side ORB.</item>
-        <item><em>ssl_client_password</em> - only used if the private keyfile is
-         password protected.</item>
-        <item><em>ssl_client_ciphers</em> - which is string of ciphers as a colon
-         separated list of ciphers.</item>
-        <item><em>ssl_client_cachetimeout</em> - which is the session cache timeout
-         in seconds.</item>
+        <item><em>ssl_client_options</em> - which is a list of options to ssl.
+        See the <seealso marker="ssl:ssl">SSL</seealso> application for further 
+	descriptions on these options.</item>
       </list>
-      <p>There also exist a number of API functions for accessing and changing the values of this 
-        variables in the client processes.</p>
-      <p>Access functions:</p>
+      <p>There also exist two API functions for accessing and changing the values of this 
+        variable in the client processes.</p>
+      <p>Access function:</p>
       <list type="bulleted">
-        <item>orber:ssl_client_certfile/0</item>
-        <item>orber:ssl_client_cacertfile/0</item>
-        <item>orber:ssl_client_verify/0</item>
-        <item>orber:ssl_client_depth/0</item>
-        <item>orber:ssl_client_keyfile/0</item>
-        <item>orber:ssl_client_password/0</item>
-        <item>orber:ssl_client_ciphers/0</item>
-        <item>orber:ssl_client_cachetimeout/0</item>
+        <item>orber:ssl_client_options/0</item>
       </list>
-      <p>Modify functions:</p>
+      <p>Modify function:</p>
       <list type="bulleted">
-        <item>orber:set_ssl_client_certfile/1</item>
-        <item>orber:set_ssl_client_cacertfile/1</item>
-        <item>orber:set_ssl_client_verify/1</item>
-        <item>orber:set_ssl_client_depth/1</item>
+        <item>orber:set_ssl_client_options/1</item>
       </list>
     </section>
   </section>
diff --git a/lib/orber/doc/src/corba.xml b/lib/orber/doc/src/corba.xml
index cae0e09b0b..08ec555f94 100644
--- a/lib/orber/doc/src/corba.xml
+++ b/lib/orber/doc/src/corba.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -221,8 +221,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
@@ -287,8 +286,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
@@ -319,8 +317,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>ObjectId = string()</v>
       </type>
@@ -360,8 +357,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
diff --git a/lib/orber/doc/src/corba_object.xml b/lib/orber/doc/src/corba_object.xml
index e0f9a9f503..ef440f1a2d 100644
--- a/lib/orber/doc/src/corba_object.xml
+++ b/lib/orber/doc/src/corba_object.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
@@ -75,8 +75,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
@@ -117,8 +116,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
@@ -149,8 +147,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
diff --git a/lib/orber/doc/src/make.dep b/lib/orber/doc/src/make.dep
deleted file mode 100644
index cf5aad747d..0000000000
--- a/lib/orber/doc/src/make.dep
+++ /dev/null
@@ -1,62 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: CosNaming.tex CosNaming_BindingIterator.tex \
-		CosNaming_NamingContext.tex CosNaming_NamingContextExt.tex \
-		Module_Interface.tex any.tex book.tex ch_contents.tex \
-		ch_debugging.tex ch_exceptions.tex \
-		ch_idl_to_erlang_mapping.tex ch_ifr.tex ch_install.tex \
-		ch_interceptors.tex ch_introduction.tex ch_naming_service.tex \
-		ch_orber_kernel.tex ch_orberweb.tex ch_security.tex \
-		ch_stubs.tex corba.tex corba_object.tex example_part.tex \
-		fixed.tex interceptors.tex intro_part.tex \
-		lname.tex lname_component.tex orber.tex orber_acl.tex \
-		orber_diagnostics.tex orber_ifr.tex orber_tc.tex \
-		ref_man.tex tools_debugging_part.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-ch_contents.tex: ../../../../system/doc/definitions/term.defs
-
-ch_idl_to_erlang_mapping.tex: ../../../../system/doc/definitions/term.defs
-
-ch_install.tex: ../../../../system/doc/definitions/term.defs
-
-ch_introduction.tex: ../../../../system/doc/definitions/term.defs
-
-ch_naming_service.tex: ../../../../system/doc/definitions/term.defs
-
-ch_orber_kernel.tex: ../../../../system/doc/definitions/term.defs
-
-orber_ifr.tex: ../../../../system/doc/definitions/term.defs
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: firewall_nat.ps
-
-book.dvi: interceptor_operations.ps
-
-book.dvi: dependent.ps orbs.ps
-
-book.dvi: name.ps
-
-book.dvi: iiop.ps theORB.ps
-
-book.dvi: dataframe1.ps dataframe2.ps dataframe3.ps \
-		dataframe4.ps dataframe5.ps dataframe6.ps \
-		dataframe7.ps dataframe8.ps menuframe.ps
-
diff --git a/lib/orber/doc/src/notes.xml b/lib/orber/doc/src/notes.xml
index c8477d9252..35ee5e35dd 100644
--- a/lib/orber/doc/src/notes.xml
+++ b/lib/orber/doc/src/notes.xml
@@ -32,7 +32,51 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>Orber 3.6.22</title>
+  <section><title>Orber 3.6.23</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Remove usage of ssl:seed/1 in orber test cases. </p>
+          <p>
+	    Own Id: OTP-9728</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+	    <p> The SSL option handling has been changed. There are
+	    now two new orber options <c>ssl_server_options</c> and
+	    <c>ssl_client_options</c> which takes a list of options
+	    to the socket. </p> <p> The old options are now
+	    deprecated and removed from the documentation but they
+	    can still be used for backward compatibility as long as
+	    the two new options not are used. </p> <p> If
+	    <c>ssl_server_options</c> and <c>ssl_client_options</c>
+	    contain an TCP option that <c>orber</c> needs to set to a
+	    specific value it will be skipped and a warning will be
+	    written to the error_log. </p>
+          <p>
+	    Own Id: OTP-9773 Aux Id: seq11932 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Orber 3.6.22</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/orber/doc/src/orber.xml b/lib/orber/doc/src/orber.xml
index 5e38e4cf9f..35e9f57008 100644
--- a/lib/orber/doc/src/orber.xml
+++ b/lib/orber/doc/src/orber.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -356,7 +356,7 @@
         <v>Type = normal | ssl</v>
         <v>Port = integer() > 0</v>
         <v>ConfigurationParameters = [{Key, Value}]</v>
-        <v>Key = flags | iiop_in_connection_timeout | iiop_max_fragments | iiop_max_in_requests | interceptors | iiop_port | iiop_ssl_port</v>
+        <v>Key = flags | iiop_in_connection_timeout | iiop_max_fragments | iiop_max_in_requests | interceptors | iiop_port | iiop_ssl_port | ssl_server_options</v>
         <v>Value = as described in the User's Guide</v>
         <v>Result = {ok, Ref} | {error, Reason} | {'EXCEPTION', #'BAD_PARAM'{}}</v>
         <v>Ref = #Ref</v>
@@ -378,7 +378,7 @@
           counterparts (See the
           <seealso marker="ch_install#config">Configuration</seealso> chapter
           in the User's Guide). 
-          But the following parameters there are a few restrictions:</p>
+          But for the following parameters there are a few restrictions:</p>
         <list type="bulleted">
           <item><em>flags</em> - currently it is only possible to override the global
            setting for the <c>Use Current Interface in IOR</c> and 
@@ -450,92 +450,32 @@
       </desc>
     </func>
     <func>
-      <name>ssl_server_certfile() -> string()</name>
-      <fsummary>Display  the path to the server certificate</fsummary>
+      <name>ssl_server_options() -> list()</name>
+      <fsummary>Display the SSL server options</fsummary>
       <desc>
-        <p>This function returns a path to a file containing a chain of PEM encoded 
-          certificates for the Orber domain as server. 
+        <p>This function returns the list of SSL options set for the Orber domain as server. 
           This is configured by setting the application variable 
-          <em>ssl_server_certfile</em>.</p>
+          <em>ssl_server_options</em>.</p>
       </desc>
     </func>
     <func>
-      <name>ssl_client_certfile() -> string()</name>
-      <fsummary>Display the path to the client certificate</fsummary>
+      <name>ssl_client_options() -> list()</name>
+      <fsummary>Display the SSL client options</fsummary>
       <desc>
-        <p>This function returns a path to a file containing a chain of PEM encoded 
-          certificates used in outgoing calls in the current process.
+        <p>This function returns the list of SSL options used in outgoing calls in the current process.
           The default value is configured by setting the application variable 
-          <em>ssl_client_certfile</em>.</p>
+          <em>ssl_client_options</em>.</p>
       </desc>
     </func>
     <func>
-      <name>set_ssl_client_certfile(Path) -> ok</name>
-      <fsummary>Set the value of the client certificate</fsummary>
+      <name>set_ssl_client_options(Options) -> ok</name>
+      <fsummary>Set the SSL options for the client</fsummary>
       <type>
-        <v>Path = string()</v>
+        <v>Options = list()</v>
       </type>
       <desc>
-        <p>This function takes a path to a file containing a chain of PEM encoded 
-          certificates as parameter and sets it for the current process.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_server_verify() -> 0 | 1 | 2</name>
-      <fsummary>Display the SSL verification type for incoming calls</fsummary>
-      <desc>
-        <p>This function returns the type of verification used by SSL during authentication of the other 
-          peer for incoming calls. 
-          It is configured by setting the application variable 
-          <em>ssl_server_verify</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_client_verify() -> 0 | 1 | 2</name>
-      <fsummary>Display the SSL verification type for outgoing calls</fsummary>
-      <desc>
-        <p>This function returns  the type of verification used by SSL during authentication of the other 
-          peer for outgoing calls. 
-          The default value is configured by setting the application variable 
-          <em>ssl_client_verify</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>set_ssl_client_verify(Value) -> ok</name>
-      <fsummary>Set the value of the SSL verification type for outgoing calls</fsummary>
-      <type>
-        <v>Value = 0 | 1 | 2</v>
-      </type>
-      <desc>
-        <p>This function sets the SSL verification type for the other peer of outgoing calls.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_server_depth() -> int()</name>
-      <fsummary>Display the SSL verification depth for incoming calls</fsummary>
-      <desc>
-        <p>This function returns the SSL verification depth for incoming calls. 
-          It is configured by setting the application variable 
-          <em>ssl_server_depth</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_client_depth() ->  int()</name>
-      <fsummary>Display the SSL verification depth for outgoing calls</fsummary>
-      <desc>
-        <p>This function returns the SSL verification depth for outgoing calls. 
-          The default value is configured by setting the application variable 
-          <em>ssl_client_depth</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>set_ssl_client_depth(Depth) -> ok</name>
-      <fsummary>Sets the value of the SSL verification depth for outgoing calls</fsummary>
-      <type>
-        <v>Depth = int()</v>
-      </type>
-      <desc>
-        <p>This function sets the SSL verification depth for the other peer of outgoing calls.</p>
+        <p>This function takes a list of SSL options as parameter and sets 
+	it for the current process.</p>
       </desc>
     </func>
     <func>
diff --git a/lib/orber/examples/Stack/Makefile b/lib/orber/examples/Stack/Makefile
index 6e7f292a04..b985f348fa 100644
--- a/lib/orber/examples/Stack/Makefile
+++ b/lib/orber/examples/Stack/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -64,6 +64,8 @@ HRL_FILES=
 
 ERL_FILES= $(MODULES:%=%.erl)
 
+GEN_FILES = $(GEN_ERL_MODULES:%=%.erl) $(GEN_HRL_FILES)
+
 JAVA_CLASSES = \
 	StackClient
 
@@ -94,16 +96,20 @@ ERL_COMPILE_FLAGS += \
 debug opt: $(TARGET_FILES) 
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_ERL_MODULES:%=%.erl) $(GEN_HRL_FILES) $(CLASS_FILES)
+	rm -f $(TARGET_FILES) $(GEN_ERL_MODULES:%=%.erl) $(GEN_HRL_FILES) $(CLASS_FILES) IDL-GENERATED
 	rm -f errs core *~
 
 docs:
 
 test: $(TEST_TARGET_FILES)
 
-
-$(GEN_ERL_MODULES:%=%.erl) $(GEN_HRL_FILES): stack.idl
+IDL-GENERATED: stack.idl
 	erlc $(ERL_IDL_FLAGS) stack.idl
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/orber/priv/Makefile b/lib/orber/priv/Makefile
index 2847727035..af82177466 100755..100644
--- a/lib/orber/priv/Makefile
+++ b/lib/orber/priv/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/priv/blank.html b/lib/orber/priv/blank.html
index 44e86908a0..44e86908a0 100755..100644
--- a/lib/orber/priv/blank.html
+++ b/lib/orber/priv/blank.html
diff --git a/lib/orber/priv/info_frames.html b/lib/orber/priv/info_frames.html
index 75456a67a4..75456a67a4 100755..100644
--- a/lib/orber/priv/info_frames.html
+++ b/lib/orber/priv/info_frames.html
diff --git a/lib/orber/priv/main_frame.html b/lib/orber/priv/main_frame.html
index 056a92812e..056a92812e 100755..100644
--- a/lib/orber/priv/main_frame.html
+++ b/lib/orber/priv/main_frame.html
diff --git a/lib/orber/priv/orber.tool b/lib/orber/priv/orber.tool
index 910a7d7e45..910a7d7e45 100755..100644
--- a/lib/orber/priv/orber.tool
+++ b/lib/orber/priv/orber.tool
diff --git a/lib/orber/priv/orber_help.txt b/lib/orber/priv/orber_help.txt
index a6580dc30a..a6580dc30a 100755..100644
--- a/lib/orber/priv/orber_help.txt
+++ b/lib/orber/priv/orber_help.txt
diff --git a/lib/orber/priv/start_info.html b/lib/orber/priv/start_info.html
index 0ad521c90a..0ad521c90a 100755..100644
--- a/lib/orber/priv/start_info.html
+++ b/lib/orber/priv/start_info.html
diff --git a/lib/orber/src/Makefile b/lib/orber/src/Makefile
index ccc449333c..d2e98686da 100644
--- a/lib/orber/src/Makefile
+++ b/lib/orber/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -212,7 +212,7 @@ debug:
 opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET)
 
 clean:
-	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET)
+	rm -f $(TARGET_FILES) $(GEN_FILES) $(APP_TARGET) $(APPUP_TARGET) IDL-GENERATED
 	rm -f errs core *~
 
 $(APP_TARGET): $(APP_SRC) ../vsn.mk
@@ -227,15 +227,14 @@ docs:
 # Special Build Targets
 # ----------------------------------------------------
 
-$(GEN_ERL_FILES1) $(GEN_HRL_FILES1): $(ERL_TOP)/lib/ic/include/erlang.idl
+IDL-GENERATED:  $(ERL_TOP)/lib/ic/include/erlang.idl CORBA.idl OrberIFR.idl
 	erlc $(ERL_IDL_FLAGS) $(ERL_TOP)/lib/ic/include/erlang.idl
-
-$(GEN_ERL_FILES2) $(GEN_HRL_FILES2): CORBA.idl
 	erlc $(ERL_IDL_FLAGS) CORBA.idl
+	erlc $(ERL_IDL_FLAGS) +'{this,"Orber::IFR"}' OrberIFR.idl
+	>IDL-GENERATED
 
-$(GEN_ERL_FILES3) $(GEN_HRL_FILES3): OrberIFR.idl
-	erlc $(ERL_IDL_FLAGS) +'{this,"Orber::IFR"}' \
-	OrberIFR.idl
+$(GEN_ERL_FILES): IDL-GENERATED
+$(TARGET_FILES): IDL-GENERATED
 
 $(GEN_ASN_ERL) $(GEN_ASN_HRL): OrberCSIv2.asn1 OrberCSIv2.set.asn
 	erlc $(ERL_COMPILE_FLAGS) $(ASN_FLAGS) +'{inline,"OrberCSIv2"}' OrberCSIv2.set.asn
diff --git a/lib/orber/src/corba.erl b/lib/orber/src/corba.erl
index ecec768544..989e84f581 100644
--- a/lib/orber/src/corba.erl
+++ b/lib/orber/src/corba.erl
@@ -947,7 +947,7 @@ handle_cast2(M, F, A, InternalState, State, Ctx) ->
 	    {noreply, {InternalState, NewState}}
     end.
 
-handle_exit(InternalState, State, {undef, [{M, F, _}|_]} = Reason, 
+handle_exit(InternalState, State, {undef, [{M, F, _, _}|_]} = Reason, 
 	    OnewayOp, {M, F}, A) ->
     case catch check_exports(M:module_info(exports), F) of
 	{'EXIT',{undef,_}} ->
@@ -979,7 +979,7 @@ handle_exit(InternalState, State, {undef, [{M, F, _}|_]} = Reason,
 			     #'OBJ_ADAPTER'{minor=(?ORBER_VMCID bor 4),
 					    completion_status=?COMPLETED_MAYBE})
     end;
-handle_exit(InternalState, State, {undef, [{M2, F2, A2}|_]} = Reason, 
+handle_exit(InternalState, State, {undef, [{M2, F2, A2, _}|_]} = Reason, 
 	    OnewayOp, {M, F}, A) ->
     case catch check_exports(M2:module_info(exports), F2) of
 	{'EXIT',{undef,_}} ->
diff --git a/lib/orber/src/orber.erl b/lib/orber/src/orber.erl
index 386c07d227..5ab240e046 100644
--- a/lib/orber/src/orber.erl
+++ b/lib/orber/src/orber.erl
@@ -36,6 +36,7 @@
 -export([start/0, start/1, stop/0, install/1, install/2, orber_nodes/0, iiop_port/0,
 	 domain/0, iiop_ssl_port/0, iiop_out_ports/0, iiop_out_ports_random/0,
 	 iiop_out_ports_attempts/0,
+	 ssl_server_options/0, ssl_client_options/0, set_ssl_client_options/1,
 	 ssl_server_certfile/0, ssl_client_certfile/0, set_ssl_client_certfile/1,
 	 ssl_server_verify/0, ssl_client_verify/0, set_ssl_client_verify/1,
 	 ssl_server_depth/0, ssl_client_depth/0, set_ssl_client_depth/1,
@@ -524,6 +525,15 @@ iiop_ssl_port() ->
 nat_iiop_ssl_port() ->
     orber_env:nat_iiop_ssl_port().
 
+ssl_server_options() ->
+        orber_env:ssl_server_options().
+
+ssl_client_options() ->
+        orber_env:ssl_client_options().
+
+set_ssl_client_options(Value) ->
+        orber_env:set_ssl_client_options(Value).
+
 ssl_server_certfile() ->
     orber_env:ssl_server_certfile().
     
diff --git a/lib/orber/src/orber_diagnostics.erl b/lib/orber/src/orber_diagnostics.erl
index c12dbfa896..3ab55c448d 100644
--- a/lib/orber/src/orber_diagnostics.erl
+++ b/lib/orber/src/orber_diagnostics.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -130,10 +130,10 @@ missing_modules_helper([[Mod, Type]|T], ErrorsFound) when Type == ?IFR_StructDef
     end;
 missing_modules_helper([[Mod, Type]|T], ErrorsFound) when Type == ?IFR_InterfaceDef ->
     case catch Mod:oe_get_interface() of
-	{'EXIT', {undef,[{Mod, _, _}|_]}} ->
+	{'EXIT', {undef,[{Mod, _, _, _}|_]}} ->
 	    io:format("Missing (Interface): ~p~n", [Mod]),
 	    missing_modules_helper(T, ErrorsFound + 1);
-	{'EXIT', {undef,[{OtherMod, _, _}|_]}} ->
+	{'EXIT', {undef,[{OtherMod, _, _, _}|_]}} ->
 	    io:format("Missing (Inherited by the ~p Interface): ~p~n", 
 		      [Mod, OtherMod]),
 	    missing_modules_helper(T, ErrorsFound + 1);
diff --git a/lib/orber/src/orber_env.erl b/lib/orber/src/orber_env.erl
index d80edb4ee0..8758450104 100644
--- a/lib/orber/src/orber_env.erl
+++ b/lib/orber/src/orber_env.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,7 +20,7 @@
 %%
 %%-----------------------------------------------------------------
 %% File: orber_env.erl
-%% 
+%%
 %% Description:
 %%    Handling environment parameters for Orber.
 %%
@@ -49,20 +49,22 @@
 	 iiop_max_in_connections/0, iiop_backlog/0, objectkeys_gc_time/0,
 	 get_ORBInitRef/0, get_ORBDefaultInitRef/0, get_interceptors/0,
 	 get_local_interceptors/0, get_cached_interceptors/0,
-	 set_interceptors/1, is_lightweight/0, get_lightweight_nodes/0, secure/0, 
+	 set_interceptors/1, is_lightweight/0, get_lightweight_nodes/0, secure/0,
 	 iiop_ssl_backlog/0, iiop_ssl_port/0, nat_iiop_ssl_port/0, nat_iiop_ssl_port/1,
+	 ssl_server_options/0, ssl_client_options/0, set_ssl_client_options/1,
 	 ssl_server_certfile/0, ssl_client_certfile/0, set_ssl_client_certfile/1,
 	 ssl_server_verify/0, ssl_client_verify/0, set_ssl_client_verify/1,
 	 ssl_server_depth/0, ssl_client_depth/0, set_ssl_client_depth/1,
-	 ssl_server_cacertfile/0, ssl_client_cacertfile/0, 
+	 ssl_server_cacertfile/0, ssl_client_cacertfile/0,
 	 set_ssl_client_cacertfile/1, ssl_client_password/0,
 	 ssl_server_password/0, ssl_client_keyfile/0, ssl_server_keyfile/0,
 	 ssl_client_ciphers/0, ssl_server_ciphers/0, ssl_client_cachetimeout/0,
-	 ssl_server_cachetimeout/0, get_flags/0, typechecking/0,  
+	 ssl_server_cachetimeout/0,
+	 get_flags/0, typechecking/0,
 	 exclude_codeset_ctx/0, exclude_codeset_component/0, partial_security/0,
 	 use_CSIv2/0, use_FT/0, ip_version/0, light_ifr/0, bidir_context/0,
 	 get_debug_level/0, getaddrstr/2, addr2str/1, iiop_packet_size/0,
-	 iiop_ssl_ip_address_local/0, ip_address_local/0, iiop_in_keepalive/0, 
+	 iiop_ssl_ip_address_local/0, ip_address_local/0, iiop_in_keepalive/0,
 	 iiop_out_keepalive/0, iiop_ssl_in_keepalive/0, iiop_ssl_out_keepalive/0,
 	 iiop_ssl_accept_timeout/0, ssl_generation/0]).
 
@@ -87,38 +89,39 @@
 	[flags, iiop_port, nat_iiop_port, iiop_out_ports, domain, ip_address,
 	 nat_ip_address, giop_version, iiop_timeout, iiop_connection_timeout,
 	 iiop_setup_connection_timeout, iiop_in_connection_timeout, iiop_acl,
-	 iiop_max_fragments, iiop_max_in_requests, iiop_max_in_connections, 
+	 iiop_max_fragments, iiop_max_in_requests, iiop_max_in_connections,
 	 iiop_backlog, objectkeys_gc_time, orbInitRef, orbDefaultInitRef,
 	 interceptors, local_interceptors, lightweight, ip_address_local,
-	 secure, iiop_ssl_ip_address_local, iiop_ssl_backlog, 
-	 iiop_ssl_port, nat_iiop_ssl_port, ssl_server_certfile, 
-	 ssl_client_certfile, ssl_server_verify, ssl_client_verify, ssl_server_depth, 
-	 ssl_client_depth, ssl_server_cacertfile, ssl_client_cacertfile, 
-	 ssl_client_password, ssl_server_password, ssl_client_keyfile, 
-	 ssl_server_keyfile, ssl_client_ciphers, ssl_server_ciphers, 
+	 secure, iiop_ssl_ip_address_local, iiop_ssl_backlog,
+	 iiop_ssl_port, nat_iiop_ssl_port, ssl_server_certfile,
+	 ssl_client_certfile, ssl_server_verify, ssl_client_verify, ssl_server_depth,
+	 ssl_client_depth, ssl_server_cacertfile, ssl_client_cacertfile,
+	 ssl_client_password, ssl_server_password, ssl_client_keyfile,
+	 ssl_server_keyfile, ssl_client_ciphers, ssl_server_ciphers,
 	 ssl_client_cachetimeout, ssl_server_cachetimeout, orber_debug_level,
 	 iiop_packet_size, iiop_in_keepalive, iiop_out_keepalive,
-	 iiop_ssl_in_keepalive, iiop_ssl_out_keepalive, iiop_ssl_accept_timeout]).
+	 iiop_ssl_in_keepalive, iiop_ssl_out_keepalive, iiop_ssl_accept_timeout,
+	 ssl_server_options, ssl_client_options]).
 
 %% The 'flags' parameter must be first in the list.
 %-define(ENV_KEYS,
-%	[{flags, ?ORB_ENV_INIT_FLAGS}, {iiop_port, 4001}, nat_iiop_port, 
-%	 {iiop_out_ports, 0}, {domain, "ORBER"}, ip_address, nat_ip_address, 
-%	 {giop_version, {1, 1}}, {iiop_timeout, infinity}, 
-%	 {iiop_connection_timeout, infinity}, {iiop_setup_connection_timeout, infinity}, 
+%	[{flags, ?ORB_ENV_INIT_FLAGS}, {iiop_port, 4001}, nat_iiop_port,
+%	 {iiop_out_ports, 0}, {domain, "ORBER"}, ip_address, nat_ip_address,
+%	 {giop_version, {1, 1}}, {iiop_timeout, infinity},
+%	 {iiop_connection_timeout, infinity}, {iiop_setup_connection_timeout, infinity},
 %	 {iiop_in_connection_timeout, infinity}, {iiop_acl, []},
-%	 {iiop_max_fragments, infinity}, {iiop_max_in_requests, infinity}, 
-%	 {iiop_max_in_connections, infinity}, {iiop_backlog, 5}, 
-%	 {objectkeys_gc_time, infinity}, 
+%	 {iiop_max_fragments, infinity}, {iiop_max_in_requests, infinity},
+%	 {iiop_max_in_connections, infinity}, {iiop_backlog, 5},
+%	 {objectkeys_gc_time, infinity},
 %	 {orbInitRef, undefined}, {orbDefaultInitRef, undefined},
 %	 {interceptors, false}, {local_interceptors, false}, {lightweight, false},
-%	 {secure, no}, {iiop_ssl_backlog, 5}, {iiop_ssl_port, 4002}, 
+%	 {secure, no}, {iiop_ssl_backlog, 5}, {iiop_ssl_port, 4002},
 %	 nat_iiop_ssl_port, {ssl_server_certfile, []}, {ssl_client_certfile, []},
-%	 {ssl_server_verify, 0}, {ssl_client_verify, 0}, {ssl_server_depth, 1}, 
-%	 {ssl_client_depth, 1}, {ssl_server_cacertfile, []}, 
+%	 {ssl_server_verify, 0}, {ssl_client_verify, 0}, {ssl_server_depth, 1},
+%	 {ssl_client_depth, 1}, {ssl_server_cacertfile, []},
 %	 {ssl_client_cacertfile, []}, {ssl_client_password, []},
-%	 {ssl_server_password, []}, {ssl_client_keyfile, []}, 
-%	 {ssl_server_keyfile, []}, {ssl_client_ciphers, []}, 
+%	 {ssl_server_password, []}, {ssl_client_keyfile, []},
+%	 {ssl_server_keyfile, []}, {ssl_client_ciphers, []},
 %	 {ssl_server_ciphers, []}, {ssl_client_cachetimeout, infinity},
 %	 {ssl_server_cachetimeout, infinity}, {orber_debug_level, 0}]).
 
@@ -129,33 +132,33 @@
 
 %%-----------------------------------------------------------------
 %% External functions
-%%-----------------------------------------------------------------    
 %%-----------------------------------------------------------------
-%% function : 
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%%-----------------------------------------------------------------
+%% function :
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 start(Opts) ->
     gen_server:start_link({local, orber_env}, ?MODULE, Opts, []).
 
 %%-----------------------------------------------------------------
 %% function : get_keys
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 get_keys() ->
     ?ENV_KEYS.
 
 %%-----------------------------------------------------------------
 %% function : get_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 get_env(Key) when is_atom(Key) ->
     case catch ets:lookup(?ENV_DB, Key) of
@@ -164,13 +167,13 @@ get_env(Key) when is_atom(Key) ->
 	_ ->
 	    undefined
     end.
- 
+
 %%-----------------------------------------------------------------
 %% function : get_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 set_env(Key, Value) when is_atom(Key) ->
     case catch ets:insert(?ENV_DB, #parameters{key = Key, value = Value}) of
@@ -179,20 +182,20 @@ set_env(Key, Value) when is_atom(Key) ->
 	_ ->
 	    undefined
     end.
- 
+
 
 %%-----------------------------------------------------------------
 %% function : info
 %% Arguments: IoDervice - info_msg | string | io | {io, Dev}
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 info() ->
     info(info_msg).
 
 info(IoDevice) ->
-    Info = 
+    Info =
 	case orber_tb:is_running() of
 	    true ->
 		Info1 = create_main_info(),
@@ -211,7 +214,7 @@ info(IoDevice) ->
 	string ->
 	    Info;
 	io ->
-	    io:format("~s", [Info]); 
+	    io:format("~s", [Info]);
 	{io, Dev} ->
 	    io:format(Dev, "~s", [Info]);
 	_ ->
@@ -220,14 +223,14 @@ info(IoDevice) ->
 
 create_main_info() ->
     {Major, Minor} = giop_version(),
-    [io_lib:format("======= Orber Execution Environment ======~n"		   
+    [io_lib:format("======= Orber Execution Environment ======~n"
 		   "Orber version.................: ~s~n"
 		   "Orber domain..................: ~s~n"
 		   "IIOP port number..............: ~p~n"
 		   "IIOP NAT port number..........: ~p~n"
 		   "Interface(s)..................: ~p~n"
 		   "Interface(s) NAT..............: ~p~n"
-		   "Local Interface (default).....: ~p~n"		   
+		   "Local Interface (default).....: ~p~n"
 		   "Nodes in domain...............: ~p~n"
 		   "GIOP version (default)........: ~p.~p~n"
 		   "IIOP out timeout..............: ~p msec~n"
@@ -254,18 +257,18 @@ create_main_info() ->
 		   "Debug Level...................: ~p~n"
 		   "orbInitRef....................: ~p~n"
 		   "orbDefaultInitRef.............: ~p~n",
-		   [?ORBVSN, domain(), iiop_port(), nat_iiop_port(), host(), 
+		   [?ORBVSN, domain(), iiop_port(), nat_iiop_port(), host(),
 		    nat_host(), ip_address_local(),
 		    orber:orber_nodes(), Major, Minor,
-		    iiop_timeout(), iiop_connection_timeout(), 
+		    iiop_timeout(), iiop_connection_timeout(),
 		    iiop_setup_connection_timeout(), iiop_out_ports(),
 		    iiop_out_ports_attempts(), iiop_out_ports_random(),
-		    orber:iiop_connections(out), orber:iiop_connections_pending(), 
-		    iiop_out_keepalive(), orber:iiop_connections(in), 
-		    iiop_in_connection_timeout(), iiop_in_keepalive(), 
-		    iiop_max_fragments(), iiop_max_in_requests(), 
+		    orber:iiop_connections(out), orber:iiop_connections_pending(),
+		    iiop_out_keepalive(), orber:iiop_connections(in),
+		    iiop_in_connection_timeout(), iiop_in_keepalive(),
+		    iiop_max_fragments(), iiop_max_in_requests(),
 		    iiop_max_in_connections(), iiop_backlog(), iiop_acl(),
-		    iiop_packet_size(), objectkeys_gc_time(), get_interceptors(), 
+		    iiop_packet_size(), objectkeys_gc_time(), get_interceptors(),
 		    get_local_interceptors(), get_debug_level(), get_ORBInitRef(),
 		    get_ORBDefaultInitRef()])].
 
@@ -277,7 +280,7 @@ create_flag_info(Info) ->
 	    FlagData = check_flags(?ORB_ENV_FLAGS, Flags, []),
 	    [Info, "System Flags Set..............: \n", FlagData, "\n"]
     end.
-  
+
 check_flags([], _, Acc) ->
     Acc;
 check_flags([{Flag, Txt}|T], Flags, Acc) when ?ORB_FLAG_TEST(Flags, Flag) ->
@@ -289,7 +292,7 @@ check_flags([_|T], Flags, Acc) ->
 create_security_info(no, Info) ->
     lists:flatten([Info, "=========================================\n"]);
 create_security_info(ssl, Info) ->
-    lists:flatten([Info, 
+    lists:flatten([Info,
 		   io_lib:format("ORB security..................: ssl~n"
 				 "SSL generation................: ~p~n"
 				 "SSL IIOP in keepalive.........: ~p~n"
@@ -316,26 +319,26 @@ create_security_info(ssl, Info) ->
 				 "SSL client ciphers............: ~p~n"
 				 "SSL client cachetimeout.......: ~p~n"
 				 "=========================================~n",
-				 [ssl_generation(), iiop_ssl_port(), 
+				 [ssl_generation(), iiop_ssl_port(),
 				  iiop_ssl_in_keepalive(), iiop_ssl_out_keepalive(),
-				  nat_iiop_ssl_port(), iiop_ssl_accept_timeout(), 
+				  nat_iiop_ssl_port(), iiop_ssl_accept_timeout(),
 				  iiop_ssl_backlog(), iiop_ssl_ip_address_local(),
 				  ssl_server_certfile(), ssl_server_verify(),
-				  ssl_server_depth(), ssl_server_cacertfile(), 
-				  ssl_server_keyfile(), ssl_server_password(), 
+				  ssl_server_depth(), ssl_server_cacertfile(),
+				  ssl_server_keyfile(), ssl_server_password(),
 				  ssl_server_ciphers(), ssl_server_cachetimeout(),
-				  ssl_client_certfile(), ssl_client_verify(), 
-				  ssl_client_depth(), ssl_client_cacertfile(), 
+				  ssl_client_certfile(), ssl_client_verify(),
+				  ssl_client_depth(), ssl_client_cacertfile(),
 				  ssl_client_keyfile(), ssl_client_password(),
 				  ssl_client_ciphers(), ssl_client_cachetimeout()])]).
 
 
 %%-----------------------------------------------------------------
 %% function : iiop_acl
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 iiop_acl() ->
     case application:get_env(orber, iiop_acl) of
@@ -352,7 +355,7 @@ iiop_packet_size() ->
 	_ ->
 	    infinity
     end.
-  
+
 
 iiop_port() ->
     case application:get_env(orber, iiop_port) of
@@ -368,7 +371,7 @@ nat_iiop_port() ->
 	    Port;
 	{ok, {local, Default, _NATList}} ->
 	    Default;
-	_ -> 
+	_ ->
 	    iiop_port()
     end.
 
@@ -378,7 +381,7 @@ nat_iiop_port(LocalPort) ->
 	    Port;
 	{ok, {local, Default, NATList}} ->
 	    orber_tb:keysearch(LocalPort, NATList, Default);
-	_ -> 
+	_ ->
 	    iiop_port()
     end.
 
@@ -407,9 +410,9 @@ iiop_out_ports_attempts() ->
 	_ ->
 	    1
     end.
-   
 
-domain() -> 
+
+domain() ->
     case application:get_env(orber, domain) of
 	{ok, Domain} when is_list(Domain) ->
 	    Domain;
@@ -449,7 +452,7 @@ nat_host([Host]) ->
 	{ok,{multiple, [I|_] = IList}} when is_list(I) ->
 	    IList;
 	{ok,{local, Default, NATList}} ->
-	    [orber_tb:keysearch(Host, NATList, Default)]; 
+	    [orber_tb:keysearch(Host, NATList, Default)];
 	_ ->
 	    host()
     end.
@@ -462,7 +465,7 @@ host() ->
 	{ok,{multiple, [I|_] = IList}} when is_list(I) ->
 	    IList;
 	%% IPv4. For IPv6 we only accept a string, but we must support this format
-	%% for IPv4 
+	%% for IPv4
 	{ok, {A1, A2, A3, A4}} when is_integer(A1+A2+A3+A4) ->
 	    [integer_to_list(A1) ++ "." ++ integer_to_list(A2) ++ "." ++ integer_to_list(A3)
 	     ++ "." ++ integer_to_list(A4)];
@@ -489,7 +492,7 @@ ip_address_local() ->
 	_ ->
 	    []
     end.
- 
+
 
 ip_address() ->
     ip_address(ip_version()).
@@ -526,7 +529,7 @@ addr2str({A1, A2, A3, A4, A5, A6, A7, A8}) ->
 	int16_to_hex(A3) ++ ":" ++ int16_to_hex(A4) ++ ":" ++
 	int16_to_hex(A5) ++ ":" ++ int16_to_hex(A6) ++ ":" ++
 	int16_to_hex(A7) ++ ":" ++ int16_to_hex(A8).
-    
+
 
 int16_to_hex(0) ->
     [$0];
@@ -613,7 +616,7 @@ iiop_max_fragments() ->
 	_ ->
 	    infinity
     end.
-    
+
 iiop_max_in_requests() ->
     case application:get_env(orber, iiop_max_in_requests) of
 	{ok, Max} when is_integer(Max) andalso Max > 0 ->
@@ -653,7 +656,7 @@ iiop_out_keepalive() ->
 	_ ->
 	    false
     end.
- 
+
 
 
 get_flags() ->
@@ -706,9 +709,9 @@ bidir_context() ->
 	?ORB_FLAG_TEST(Flags, ?ORB_ENV_USE_BI_DIR_IIOP) ->
 	    [#'IOP_ServiceContext'
 	     {context_id=?IOP_BI_DIR_IIOP,
-	      context_data = 
-	      #'IIOP_BiDirIIOPServiceContext'{listen_points = 
-					      [#'IIOP_ListenPoint'{host=host(), 
+	      context_data =
+	      #'IIOP_BiDirIIOPServiceContext'{listen_points =
+					      [#'IIOP_ListenPoint'{host=host(),
 								   port=iiop_port()}]}}];
 	true ->
 	    []
@@ -819,7 +822,7 @@ get_lightweight_nodes() ->
 	_ ->
 	    false
     end.
-   
+
 
 %%-----------------------------------------------------------------
 %% Security access operations (SSL)
@@ -838,8 +841,8 @@ ssl_generation() ->
 	    V;
 	_ ->
 	    2
-    end.	 
- 
+    end.
+
 iiop_ssl_ip_address_local() ->
     case application:get_env(orber, iiop_ssl_ip_address_local) of
 	{ok,I} when is_list(I) ->
@@ -876,10 +879,10 @@ iiop_ssl_accept_timeout() ->
     case application:get_env(orber, iiop_ssl_accept_timeout) of
 	{ok, N} when is_integer(N) ->
 	    N * 1000;
-	_  -> 
+	_  ->
 	    infinity
     end.
- 
+
 iiop_ssl_port() ->
     case application:get_env(orber, secure) of
 	{ok, ssl} ->
@@ -923,6 +926,52 @@ nat_iiop_ssl_port(LocalPort) ->
 	    -1
     end.
 
+ssl_server_options() ->
+    case application:get_env(orber, ssl_server_options) of
+	{ok, V1}  when is_list(V1) ->
+	    V1;
+	_ ->
+	    []
+    end.
+
+ssl_client_options() ->
+    case application:get_env(orber, ssl_client_options) of
+	{ok, V1}  when is_list(V1) ->
+	    V1;
+	_ ->
+	    []
+    end.
+
+check_ssl_opts(Value) ->
+    check_ssl_opts(Value, []).
+check_ssl_opts([], []) ->
+    ok;
+check_ssl_opts([], Acc) ->
+    {error, Acc};
+check_ssl_opts([{active, _} |T], Acc) ->
+    check_ssl_opts(T, [active |Acc]);
+check_ssl_opts([{packet, _} |T], Acc) ->
+    check_ssl_opts(T, [packet |Acc]);
+check_ssl_opts([{mode, _} |T], Acc) ->
+    check_ssl_opts(T, [mode |Acc]);
+check_ssl_opts([list |T], Acc) ->
+    check_ssl_opts(T, [list |Acc]);
+check_ssl_opts([binary |T], Acc) ->
+    check_ssl_opts(T, [binary |Acc]);
+check_ssl_opts([_ |T], Acc) ->
+    check_ssl_opts(T, Acc).
+
+set_ssl_client_options(Value) when is_list(Value) ->
+    case check_ssl_opts(Value) of
+	ok ->
+	    ok;
+	{error, List} ->
+	    exit(lists:flatten(
+		   io_lib:format("TCP options ~p is not allowed in set_ssl_client_options()",
+				 [List])))
+    end,
+    put(ssl_client_options, Value), ok.
+
 ssl_server_certfile() ->
     case application:get_env(orber, ssl_server_certfile) of
 	{ok, V1}  when is_list(V1) ->
@@ -932,7 +981,7 @@ ssl_server_certfile() ->
 	_ ->
 	    []
     end.
-    
+
 ssl_client_certfile() ->
     case get(ssl_client_certfile) of
 	undefined ->
@@ -950,7 +999,7 @@ ssl_client_certfile() ->
 
 set_ssl_client_certfile(Value) when is_list(Value) ->
     put(ssl_client_certfile, Value).
-    
+
 ssl_server_verify() ->
     Verify = case application:get_env(orber, ssl_server_verify) of
 	{ok, V} when is_integer(V) ->
@@ -964,7 +1013,7 @@ ssl_server_verify() ->
 	true ->
 	   0
     end.
-    
+
 ssl_client_verify() ->
     Verify = case get(ssl_client_verify) of
 		 undefined ->
@@ -986,7 +1035,7 @@ ssl_client_verify() ->
 
 set_ssl_client_verify(Value) when is_integer(Value) andalso Value =< 2 andalso Value >= 0 ->
     put(ssl_client_verify, Value), ok.
-    
+
 ssl_server_depth() ->
     case application:get_env(orber, ssl_server_depth) of
 	{ok, V1} when is_integer(V1) ->
@@ -994,7 +1043,7 @@ ssl_server_depth() ->
 	_ ->
 	    1
     end.
-    
+
 ssl_client_depth() ->
     case get(ssl_client_depth) of
 	undefined ->
@@ -1010,7 +1059,7 @@ ssl_client_depth() ->
 
 set_ssl_client_depth(Value) when is_integer(Value) ->
     put(ssl_client_depth, Value), ok.
-    
+
 
 
 ssl_server_cacertfile() ->
@@ -1022,7 +1071,7 @@ ssl_server_cacertfile() ->
 	_ ->
 	    []
     end.
-    
+
 ssl_client_cacertfile() ->
     case get(ssl_client_cacertfile) of
 	undefined ->
@@ -1040,7 +1089,7 @@ ssl_client_cacertfile() ->
 
 set_ssl_client_cacertfile(Value) when is_list(Value) ->
     put(ssl_client_cacertfile, Value), ok.
-    
+
 
 ssl_client_password() ->
     case application:get_env(orber, ssl_client_password) of
@@ -1108,10 +1157,10 @@ ssl_server_cachetimeout() ->
 
 %%-----------------------------------------------------------------
 %% function : configure
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 configure(Key, Value) when is_atom(Key) ->
     configure(Key, Value, check);
@@ -1125,10 +1174,10 @@ configure_override(Key, _) ->
 
 %%-----------------------------------------------------------------
 %% function : multi_configure
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 multi_configure(KeyValueList) when is_list(KeyValueList) ->
     case orber_tb:is_loaded() of
@@ -1144,7 +1193,7 @@ multi_configure(KeyValueList) when is_list(KeyValueList) ->
 	    end
     end;
 multi_configure(KeyValueList) ->
-    ?EFORMAT("Given configuration parameters not a Key-Value-pair list: ~p", 
+    ?EFORMAT("Given configuration parameters not a Key-Value-pair list: ~p",
 	     [KeyValueList]).
 
 multi_configure_helper([], _) ->
@@ -1237,7 +1286,7 @@ configure(iiop_port, Value, Status) when is_integer(Value) ->
 %% Set the NAT listen port
 configure(nat_iiop_port, Value, Status) when is_integer(Value) andalso Value > 0 ->
     do_safe_configure(nat_iiop_port, Value, Status);
-configure(nat_iiop_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso 
+configure(nat_iiop_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso
 							       Value1 > 0 andalso
 							       is_list(Value2) ->
     do_safe_configure(nat_iiop_port, {local, Value1, Value2}, Status);
@@ -1312,12 +1361,20 @@ configure(iiop_ssl_backlog, Value, Status) when is_integer(Value) andalso Value
     do_safe_configure(iiop_ssl_backlog, Value, Status);
 configure(nat_iiop_ssl_port, Value, Status) when is_integer(Value) andalso Value > 0 ->
     do_safe_configure(nat_iiop_ssl_port, Value, Status);
-configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso 
+configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso
 								   Value1 > 0 andalso
 								   is_list(Value2) ->
     do_safe_configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status);
 configure(iiop_ssl_port, Value, Status) when is_integer(Value) ->
     do_safe_configure(iiop_ssl_port, Value, Status);
+
+%% New SSL options
+configure(ssl_server_options, Value, Status) when is_list(Value) ->
+    do_safe_configure(ssl_server_options, Value, Status);
+configure(ssl_client_options, Value, Status) when is_list(Value) ->
+    do_safe_configure(ssl_client_options, Value, Status);
+
+%% Old SSL options
 configure(ssl_server_certfile, Value, Status) when is_list(Value) ->
     do_safe_configure(ssl_server_certfile, Value, Status);
 configure(ssl_server_certfile, Value, Status) when is_atom(Value) ->
@@ -1434,9 +1491,9 @@ code_change(_OldVsn, State, _Extra) ->
 
 %%-----------------------------------------------------------------
 %% function : env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
+%% Arguments:
+%% Returns  :
+%% Exception:
 %% Effect   : Used when Key always exists (Default Value)
 %%-----------------------------------------------------------------
 env(Key) ->
@@ -1445,10 +1502,10 @@ env(Key) ->
 
 %%-----------------------------------------------------------------
 %% function : init_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 init_env() ->
     application:load(orber),
diff --git a/lib/orber/src/orber_ifr.erl b/lib/orber/src/orber_ifr.erl
index e56672be93..c23374cd68 100644
--- a/lib/orber/src/orber_ifr.erl
+++ b/lib/orber/src/orber_ifr.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -500,7 +500,7 @@ get_tc(Id, Type) ->
 	    case catch Module:tc() of
 		{'EXIT', Reason} ->
 		    case Reason of
-			{undef,[{Module, tc,[]}|_]} ->
+			{undef,[{Module, tc,[],_}|_]} ->
 			    orber:dbg("[~p] ~p:get_tc(~p);~nMissing ~p:tc()~n",
 				      [?LINE, ?MODULE, Id, Module], ?DEBUG_LEVEL),
 			    corba:raise(#'UNKNOWN'{minor=(?ORBER_VMCID bor 1),
diff --git a/lib/orber/src/orber_iiop_net.erl b/lib/orber/src/orber_iiop_net.erl
index 58eba9f039..2eed0b538a 100644
--- a/lib/orber/src/orber_iiop_net.erl
+++ b/lib/orber/src/orber_iiop_net.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -161,31 +161,51 @@ terminate(_Reason, _State) ->
 %%-----------------------------------------------------------------
 get_options(normal, _Options) ->
     [];
-get_options(ssl, Options) ->
-    Verify = orber_tb:keysearch(ssl_server_verify, Options, 
-				orber_env:ssl_server_verify()),
-    Depth = orber_tb:keysearch(ssl_server_depth, Options, 
-			       orber_env:ssl_server_depth()),
-    Cert = orber_tb:keysearch(ssl_server_certfile, Options, 
-			      orber_env:ssl_server_certfile()),
-    CaCert = orber_tb:keysearch(ssl_server_cacertfile, Options, 
-				orber_env:ssl_server_cacertfile()),
-    Pwd = orber_tb:keysearch(ssl_server_password, Options, 
-			     orber_env:ssl_server_password()),
-    Key = orber_tb:keysearch(ssl_server_keyfile, Options, 
-			       orber_env:ssl_server_keyfile()),
-    Ciphers = orber_tb:keysearch(ssl_server_ciphers, Options, 
-				 orber_env:ssl_server_ciphers()),
-    Timeout = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
-				 orber_env:ssl_server_cachetimeout()),
-    [{verify, Verify},
-     {depth, Depth} |
-     ssl_server_extra_options([{certfile, Cert},
-			       {cacertfile, CaCert},
-			       {password, Pwd},
-			       {keyfile, Key},
-			       {ciphers, Ciphers},
-			       {cachetimeout, Timeout}], [])].
+get_options(ssl, Options) ->    
+    SSLOpts = 
+	case orber_tb:keysearch(ssl_server_options, Options,
+				orber_env:ssl_server_options()) of
+	    [] ->
+		Verify = orber_tb:keysearch(ssl_server_verify, Options, 
+					    orber_env:ssl_server_verify()),
+		Depth = orber_tb:keysearch(ssl_server_depth, Options, 
+					   orber_env:ssl_server_depth()),
+		Cert = orber_tb:keysearch(ssl_server_certfile, Options, 
+					  orber_env:ssl_server_certfile()),
+		CaCert = orber_tb:keysearch(ssl_server_cacertfile, Options, 
+					    orber_env:ssl_server_cacertfile()),
+		Pwd = orber_tb:keysearch(ssl_server_password, Options, 
+					 orber_env:ssl_server_password()),
+		Key = orber_tb:keysearch(ssl_server_keyfile, Options, 
+					 orber_env:ssl_server_keyfile()),
+		Ciphers = orber_tb:keysearch(ssl_server_ciphers, Options, 
+					     orber_env:ssl_server_ciphers()),
+		Timeout = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					     orber_env:ssl_server_cachetimeout()),
+		KeepAlive = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					       orber_env:iiop_ssl_in_keepalive()),
+		[{verify, Verify},
+		 {depth, Depth},
+		 {certfile, Cert},
+		 {cacertfile, CaCert},
+		 {password, Pwd},
+		 {keyfile, Key},
+		 {ciphers, Ciphers},
+		 {cachetimeout, Timeout},
+		 {keepalive, KeepAlive}];
+	    Opts ->	
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_server_options(Options),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_server_extra_options(SSLOpts, []).
 
 %%-----------------------------------------------------------------
 %% Func: parse_options/2
@@ -266,23 +286,28 @@ handle_call({add, IP, Type, Port, AllOptions}, _From, State) ->
     Family = orber_env:ip_version(),
     case inet:getaddr(IP, Family) of
 	{ok, IPTuple} ->
-	    Options = [{ip, IPTuple}|get_options(Type, AllOptions)],
-	    Ref = make_ref(),
-	    ProxyOptions = filter_options(AllOptions, []),
-	    case orber_socket:listen(Type, Port, Options, false) of
-		{ok, Listen, NewPort} ->
-		    {ok, Pid} = orber_iiop_socketsup:start_accept(Type, Listen, Ref,
-								  ProxyOptions),
-		    link(Pid),
-		    ets:insert(?CONNECTION_DB, #listen{pid = Pid, 
-						       socket = Listen, 
-						       port = NewPort, 
-						       type = Type, ref = Ref,
-						       options = Options,
-						       proxy_options = ProxyOptions}),
-		    {reply, {ok, Ref}, State};
-		Error ->
-		    {reply, Error, State}
+	    try [{ip, IPTuple} |get_options(Type, AllOptions)] of
+		Options ->
+     	            Ref = make_ref(),
+		    ProxyOptions = filter_options(AllOptions, []),
+	            case orber_socket:listen(Type, Port, Options, false) of
+		        {ok, Listen, NewPort} ->
+		            {ok, Pid} = orber_iiop_socketsup:start_accept(Type, Listen, Ref,
+		       					                  ProxyOptions),
+		            link(Pid),
+		            ets:insert(?CONNECTION_DB, #listen{pid = Pid, 
+						               socket = Listen, 
+						               port = NewPort, 
+						               type = Type, ref = Ref,
+						               options = Options,
+						               proxy_options = ProxyOptions}),
+		            {reply, {ok, Ref}, State};
+	          	Error ->
+		            {reply, Error, State}
+	            end
+            catch
+		error:Reason ->
+		    {reply, {error, Reason}, State}
 	    end;
 	Other ->
 	    {reply, Other, State}
@@ -461,3 +486,31 @@ update_counter(#state{max_connections = infinity} = State, _) ->
 update_counter(State, Value) ->
     State#state{counter = State#state.counter + Value}.
 
+
+check_old_ssl_server_options(Options) ->
+    try
+	0 = orber_tb:keysearch(ssl_server_verify, Options, 
+			       orber_env:ssl_server_verify()),
+    	1 = orber_tb:keysearch(ssl_server_depth, Options, 
+			       orber_env:ssl_server_depth()),
+     	[] = orber_tb:keysearch(ssl_server_certfile, Options, 
+				orber_env:ssl_server_certfile()),
+	[] = orber_tb:keysearch(ssl_server_cacertfile, Options, 
+				orber_env:ssl_server_cacertfile()),
+	[] = orber_tb:keysearch(ssl_server_password, Options, 
+				orber_env:ssl_server_password()),
+	[] = orber_tb:keysearch(ssl_server_keyfile, Options, 
+				orber_env:ssl_server_keyfile()),
+	[] = orber_tb:keysearch(ssl_server_ciphers, Options, 
+				orber_env:ssl_server_ciphers()),
+	infinity = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+				      orber_env:ssl_server_cachetimeout()),
+	false = orber_tb:keysearch(iiop_ssl_in_keepalive, Options, 
+				   orber_env:iiop_ssl_in_keepalive())
+    catch
+	_:_ ->
+					      io:format("hej\n",[]),
+	    error_logger:warning_report([{application, orber},
+			 "Ignoring deprecated ssl server options used together with the ssl_server_options"])
+    end.
+   
diff --git a/lib/orber/src/orber_iiop_pm.erl b/lib/orber/src/orber_iiop_pm.erl
index bf36b353bc..927d12b3b2 100644
--- a/lib/orber/src/orber_iiop_pm.erl
+++ b/lib/orber/src/orber_iiop_pm.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,44 +108,82 @@ connect(Host, Port, SocketType, Timeout, Chars, Wchars, Ctx)
     end.
 
 get_ssl_socket_options([]) ->
-    [{verify, orber:ssl_client_verify()},
-     {depth, orber:ssl_client_depth()} |
-     ssl_client_extra_options([{certfile, orber:ssl_client_certfile()},
-			       {cacertfile, orber:ssl_client_cacertfile()},
-			       {password, orber:ssl_client_password()},
-			       {keyfile, orber:ssl_client_keyfile()},
-			       {ciphers, orber:ssl_client_ciphers()},
-			       {cachetimeout, orber:ssl_client_cachetimeout()}], [])];
+    SSLOpts = 
+	case orber_env:ssl_client_options() of
+	    [] ->
+		[{verify, orber_env:ssl_client_verify()},
+		 {depth, orber_env:ssl_client_depth()},
+		 {certfile, orber_env:ssl_client_certfile()},
+		 {cacertfile, orber_env:ssl_client_cacertfile()},
+		 {password, orber_env:ssl_client_password()},
+		 {keyfile, orber_env:ssl_client_keyfile()},
+		 {ciphers, orber_env:ssl_client_ciphers()},
+		 {cachetimeout, orber_env:ssl_client_cachetimeout()},
+		 {keepalive, orber_env:iiop_ssl_out_keepalive()}];
+	    Opts ->
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_client_options([]),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_client_extra_options(SSLOpts, []);
 get_ssl_socket_options([#'IOP_ServiceContext'
 			{context_id=?ORBER_GENERIC_CTX_ID, 
 			 context_data = {configuration, Options}}|_]) ->
-    Verify = orber_tb:keysearch(ssl_client_verify, Options, 
-				orber_env:ssl_client_verify()),
-    Depth = orber_tb:keysearch(ssl_client_depth, Options, 
-			       orber_env:ssl_client_depth()),
-    Cert = orber_tb:keysearch(ssl_client_certfile, Options, 
-			      orber_env:ssl_client_certfile()),
-    CaCert = orber_tb:keysearch(ssl_client_cacertfile, Options, 
-				orber_env:ssl_client_cacertfile()),
-    Pwd = orber_tb:keysearch(ssl_client_password, Options, 
-			     orber_env:ssl_client_password()),
-    Key = orber_tb:keysearch(ssl_client_keyfile, Options, 
-			     orber_env:ssl_client_keyfile()),
-    Ciphers = orber_tb:keysearch(ssl_client_ciphers, Options, 
-				 orber_env:ssl_client_ciphers()),
-    Timeout = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
-				 orber_env:ssl_client_cachetimeout()),
-    [{verify, Verify},
-     {depth, Depth} |
-     ssl_client_extra_options([{certfile, Cert},
-			       {cacertfile, CaCert},
-			       {password, Pwd},
-			       {keyfile, Key},
-			       {ciphers, Ciphers},
-			       {cachetimeout, Timeout}], [])];
+    SSLOpts = 
+	case orber_tb:keysearch(ssl_client_options, Options,
+				orber_env:ssl_client_options()) of
+	    [] ->
+		Verify = orber_tb:keysearch(ssl_client_verify, Options, 
+					    orber_env:ssl_client_verify()),
+		Depth = orber_tb:keysearch(ssl_client_depth, Options, 
+					   orber_env:ssl_client_depth()),
+		Cert = orber_tb:keysearch(ssl_client_certfile, Options, 
+					  orber_env:ssl_client_certfile()),
+		CaCert = orber_tb:keysearch(ssl_client_cacertfile, Options, 
+					    orber_env:ssl_client_cacertfile()),
+		Pwd = orber_tb:keysearch(ssl_client_password, Options, 
+					 orber_env:ssl_client_password()),
+		Key = orber_tb:keysearch(ssl_client_keyfile, Options, 
+					 orber_env:ssl_client_keyfile()),
+		Ciphers = orber_tb:keysearch(ssl_client_ciphers, Options, 
+					     orber_env:ssl_client_ciphers()),
+		Timeout = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
+					     orber_env:ssl_client_cachetimeout()),
+		KeepAlive = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					       orber_env:iiop_ssl_out_keepalive()),
+		[{verify, Verify},
+		 {depth, Depth},
+		 {certfile, Cert},
+		 {cacertfile, CaCert},
+		 {password, Pwd},
+		 {keyfile, Key},
+		 {ciphers, Ciphers},
+		 {cachetimeout, Timeout},
+		 {keepalive, KeepAlive}];
+	    Opts ->	
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_client_options(Options),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_client_extra_options(SSLOpts, []);
 get_ssl_socket_options([_|T]) ->
     get_ssl_socket_options(T).
 
+
 ssl_client_extra_options([], Acc) ->
     Acc;
 ssl_client_extra_options([{_Type, []}|T], Acc) ->
@@ -814,6 +852,36 @@ init_interceptors(Host, Port, {SHost, SPort}) ->
             %% Either 'false' or {Type, PIs}.
 	    Other
     end.
+
+
+check_old_ssl_client_options(Options) ->
+    try
+	0 = orber_tb:keysearch(ssl_client_verify, Options, 
+			       orber_env:ssl_client_verify()),
+    	1 = orber_tb:keysearch(ssl_client_depth, Options, 
+			       orber_env:ssl_client_depth()),
+     	[] = orber_tb:keysearch(ssl_client_certfile, Options, 
+				orber_env:ssl_client_certfile()),
+	[] = orber_tb:keysearch(ssl_client_cacertfile, Options, 
+				orber_env:ssl_client_cacertfile()),
+	[] = orber_tb:keysearch(ssl_client_password, Options, 
+				orber_env:ssl_client_password()),
+	[] = orber_tb:keysearch(ssl_client_keyfile, Options, 
+				orber_env:ssl_client_keyfile()),
+	[] = orber_tb:keysearch(ssl_client_ciphers, Options, 
+				orber_env:ssl_client_ciphers()),
+	infinity = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
+				      orber_env:ssl_client_cachetimeout()),
+	false = orber_tb:keysearch(iiop_ssl_out_keepalive, Options, 
+				   orber_env:iiop_ssl_out_keepalive())
+
+    catch
+	_:_ ->
+	    error_logger:warning_report([{application, orber},
+			 "Ignoring deprecated ssl client options used together with the ssl_client_options"])
+    end.
+   
+
     
 
 %%-----------------------------------------------------------------
diff --git a/lib/orber/src/orber_socket.erl b/lib/orber/src/orber_socket.erl
index ec2cf8f42a..07a0e09ccc 100644
--- a/lib/orber/src/orber_socket.erl
+++ b/lib/orber/src/orber_socket.erl
@@ -14,8 +14,7 @@
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%%
-%% %CopyrightEnd%
+%%%% %CopyrightEnd%
 %%
 %%
 %%-----------------------------------------------------------------
@@ -37,7 +36,7 @@
 %%-----------------------------------------------------------------
 -export([start/0, connect/4, listen/3, listen/4, accept/2, accept/3, write/3,
 	 controlling_process/3, close/2, peername/2, sockname/2, 
-	 peerdata/2, peercert/2, sockdata/2, setopts/3, 
+	 peerdata/2, peercert/2, sockdata/2, setopts/3,
 	 clear/2, shutdown/3, post_accept/2, post_accept/3]).
 
 %%-----------------------------------------------------------------
@@ -75,8 +74,6 @@ connect(Type, Host, Port, Options) ->
 	case Type of
 	    normal ->
 		[{keepalive, orber_env:iiop_out_keepalive()}|Options1];
-	    _ when Generation > 2 ->
-		[{keepalive, orber_env:iiop_ssl_out_keepalive()}|Options1];
 	    _ ->
 		Options1
 	end,
@@ -251,8 +248,7 @@ listen(ssl, Port, Options, Exception) ->
 	       end,
     Options4 = if
 		   Generation > 2 ->
-		       [{reuseaddr, true}, 
-			{keepalive, orber_env:iiop_ssl_in_keepalive()}|Options3];
+		       [{reuseaddr, true} |Options3];
 		   true ->
 		       Options3
 	       end,
@@ -362,8 +358,8 @@ peercert(ssl, Socket) ->
     ssl:peercert(Socket);
 peercert(Type, _Socket) ->
     orber:dbg("[~p] orber_socket:peercert(~p);~n"
-	      "Only available for SSL sockets.", 
-	      [?LINE, Type], ?DEBUG_LEVEL),
+ 	      "Only available for SSL sockets.",
+ 	      [?LINE, Type], ?DEBUG_LEVEL),
     {error, ebadsocket}.
 
 %%-----------------------------------------------------------------
diff --git a/lib/orber/src/orber_tb.erl b/lib/orber/src/orber_tb.erl
index e6d5ee4400..d3e3a8497d 100644
--- a/lib/orber/src/orber_tb.erl
+++ b/lib/orber/src/orber_tb.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -39,7 +39,8 @@
 -compile({no_auto_import,[error/2]}).
 -export([wait_for_tables/1, wait_for_tables/2, wait_for_tables/3,
 	 is_loaded/0, is_loaded/1, is_running/0, is_running/1, 
-	 info/2, error/2, unique/1, keysearch/2, keysearch/3]).
+	 info/2, error/2, unique/1, keysearch/2, keysearch/3,
+	check_illegal_tcp_options/1]).
 
 %%----------------------------------------------------------------------
 %% Internal exports
@@ -179,6 +180,38 @@ error(Format, Args) ->
 				 Args).
 
 
+
+
+
+%%----------------------------------------------------------------------
+%% function : check_illegal_tcp_options/1
+%% Arguments: 
+%% Returns  : 
+%% Exception: 
+%% Effect   : 
+%%----------------------------------------------------------------------
+check_illegal_tcp_options(Options) ->
+    check_illegal_tcp_options(Options, []).
+
+check_illegal_tcp_options([],[]) ->
+    ok;
+check_illegal_tcp_options([],IllegalOpts) ->
+    {error, IllegalOpts};
+check_illegal_tcp_options([{active, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{active, V} |IllegalOpts]);
+check_illegal_tcp_options([{packet, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{packet, V} |IllegalOpts]);
+check_illegal_tcp_options([{mode, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{mode, V} |IllegalOpts]);
+check_illegal_tcp_options([list |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[list |IllegalOpts]);
+check_illegal_tcp_options([binary |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[binary |IllegalOpts]);
+check_illegal_tcp_options([{reuseaddr, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{reuseaddr, V} |IllegalOpts]);
+check_illegal_tcp_options([_H|T], IllegalOpts) ->
+    check_illegal_tcp_options(T, IllegalOpts).
+
 %%----------------------------------------------------------------------
 %% Internal functions
 %%----------------------------------------------------------------------
diff --git a/lib/orber/test/Makefile b/lib/orber/test/Makefile
index b682bcf24b..d4be009af3 100644
--- a/lib/orber/test/Makefile
+++ b/lib/orber/test/Makefile
@@ -176,6 +176,7 @@ clean:
 	rm -f idl_output/*
 	rm -f $(TARGET_FILES) 
 	rm -f errs core *~
+	rm IDL-GENERATED
 
 
 docs:
@@ -184,31 +185,17 @@ docs:
 # Special Targets
 # ----------------------------------------------------
 
-#
-# Each IDL file produces many target files so no pattern
-# rule can be used.
-#
-TGT_ORBER = \
-	$(GEN_HRL_ORBER:%=$(IDLOUTDIR)/%) \
-	$(GEN_MOD_ORBER:%=$(IDLOUTDIR)/%.erl)
-TGT_IIOP = \
-	$(GEN_HRL_IIOP:%=$(IDLOUTDIR)/%) \
-	$(GEN_MOD_IIOP:%=$(IDLOUTDIR)/%.erl)
-
-TGT_TEST_SERVER = \
-	$(GEN_HRL_TEST_SERVER:%=$(IDLOUTDIR)/%) \
-	$(GEN_MOD_TEST_SERVER:%=$(IDLOUTDIR)/%.erl)
-
-$(TGT_ORBER): orber_test.idl
+IDL-GENERATED: orber_test.idl iiop_test.idl orber_test_server.idl
 	erlc $(ERL_IDL_FLAGS) -o$(IDLOUTDIR) orber_test.idl
-
-$(TGT_IIOP): iiop_test.idl
 	erlc $(ERL_IDL_FLAGS) -o$(IDLOUTDIR) \
 		+'{preproc_flags,"-I../COSS/CosNaming"}' iiop_test.idl
-
-$(TGT_TEST_SERVER): orber_test_server.idl
 	erlc $(ERL_IDL_FLAGS) -o$(IDLOUTDIR) \
 	+'{cfgfile,"orber_test_server.cfg"}' orber_test_server.idl
+	>IDL-GENERATED
+
+$(GEN_FILES): IDL-GENERATED
+
+$(TARGET_FILES): IDL-GENERATED
 
 # ----------------------------------------------------
 # Release Targets
diff --git a/lib/orber/test/csiv2_SUITE.erl b/lib/orber/test/csiv2_SUITE.erl
index 95cd8c56b3..60ffa1eb09 100644
--- a/lib/orber/test/csiv2_SUITE.erl
+++ b/lib/orber/test/csiv2_SUITE.erl
@@ -70,46 +70,46 @@
 	 profiles =
 	 [#'IOP_TaggedProfile'
 	  {tag = ?TAG_INTERNET_IOP,
-	   profile_data = 
+	   profile_data =
 	   #'IIOP_ProfileBody_1_1'{
 	     iiop_version = #'IIOP_Version'{major = 1,
 					    minor = 2},
 	     host =  "127.0.0.1",
 	     port = 0,
 	     object_key = [0,86,66,1,0,0,0,24,47,70,77,65,95,67,73,82,80,77,65,78,95,80,79,65,95,83,69,67,85,82,69,0,0,0,0,4,0,0,4,186,0,0,2,10,81,218,65,185],
-	     components = 
+	     components =
 	     [#'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS,
 				     component_data = #'SSLIOP_SSL'{
 				       target_supports = 102,
 				       target_requires = 66,
 				       port = 49934}},
 	      #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST,
-				     component_data = 
+				     component_data =
 	      #'CSIIOP_CompoundSecMechList'{stateful = true,
-					    mechanism_list = 
+					    mechanism_list =
 					    [#'CSIIOP_CompoundSecMech'
 					     {target_requires = 66,
 					      transport_mech = #'IOP_TaggedComponent'{
 						tag = ?TAG_TLS_SEC_TRANS,
-						component_data = 
+						component_data =
 						#'CSIIOP_TLS_SEC_TRANS'{
 						  target_supports = 102,
 						  target_requires = 66,
-						  addresses = 
+						  addresses =
 						  [#'CSIIOP_TransportAddress'
 						   {host_name = "127.0.0.1",
 						    port = 49934}]}},
-					      as_context_mech = 
+					      as_context_mech =
 					      #'CSIIOP_AS_ContextSec'{
 						target_supports = 0,
 						target_requires = 0,
 						client_authentication_mech = [],
 						target_name = []},
-					      sas_context_mech = 
+					      sas_context_mech =
 					      #'CSIIOP_SAS_ContextSec'{
 						target_supports = 1024,
 						target_requires = 0,
-						privilege_authorities = 
+						privilege_authorities =
 						[#'CSIIOP_ServiceConfiguration'
 						 {syntax = 1447174401,
 						  name = "Borland"}],
@@ -124,7 +124,7 @@
 						supported_identity_types = 15}}]}},
 	      #'IOP_TaggedComponent'
 	      {tag = ?TAG_CODE_SETS,
-	       component_data = 
+	       component_data =
 	       #'CONV_FRAME_CodeSetComponentInfo'{'ForCharData' =
 						  #'CONV_FRAME_CodeSetComponent'{
 						    native_code_set = 65537,
@@ -151,15 +151,15 @@
 
 -ifdef(false).
 %% PKIX1Explicit88
--define(AlgorithmIdentifier, 
+-define(AlgorithmIdentifier,
 	#'AlgorithmIdentifier'{algorithm = ?OID,
 			       parameters = ?ANY}).
 
 -define(Validity, #'Validity'{notBefore = {utcTime, "19820102070533.8"},
 			      notAfter = {generalTime, "19820102070533.8"}}).
 
--define(SubjectPublicKeyInfo, 
-	#'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier, 
+-define(SubjectPublicKeyInfo,
+	#'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier,
 				subjectPublicKey = ?BIT_STR}).
 
 -define(AttributeTypeAndValue,
@@ -178,26 +178,26 @@
 
 -define(UniqueIdentifier, ?BIT_STR).
 
--define(Extension, #'Extension'{extnID = ?OID, 
-				critical = ?BOOLEAN, 
+-define(Extension, #'Extension'{extnID = ?OID,
+				critical = ?BOOLEAN,
 				extnValue = ?OCTET_STR}).
 
 -define(Extensions, [?Extension]).
 
 -define(TBSCertificate,
-	#'TBSCertificate'{version = ?Version, 
-			  serialNumber = ?CertificateSerialNumber, 
-			  signature = ?AlgorithmIdentifier, 
-			  issuer = ?Name, 
-			  validity = ?Validity, 
-			  subject = ?Name, 
-			  subjectPublicKeyInfo = ?SubjectPublicKeyInfo, 
-			  issuerUniqueID = ?UniqueIdentifier, 
-			  subjectUniqueID = ?UniqueIdentifier, 
+	#'TBSCertificate'{version = ?Version,
+			  serialNumber = ?CertificateSerialNumber,
+			  signature = ?AlgorithmIdentifier,
+			  issuer = ?Name,
+			  validity = ?Validity,
+			  subject = ?Name,
+			  subjectPublicKeyInfo = ?SubjectPublicKeyInfo,
+			  issuerUniqueID = ?UniqueIdentifier,
+			  subjectUniqueID = ?UniqueIdentifier,
 			  extensions = ?Extensions}).
 
--define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate, 
-				    signatureAlgorithm = ?AlgorithmIdentifier, 
+-define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate,
+				    signatureAlgorithm = ?AlgorithmIdentifier,
 				    signature = ?BIT_STR}).
 
 %% PKIX1Implicit88
@@ -206,66 +206,66 @@
 
 -define(GeneralNames, [?GeneralName]).
 
-%% PKIXAttributeCertificate	
--define(AttCertValidityPeriod, 
-	#'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8", 
+%% PKIXAttributeCertificate
+-define(AttCertValidityPeriod,
+	#'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8",
 				 notAfterTime = "19820102070533.8"}).
 
 
--define(Attribute, #'Attribute'{type = ?OID, 
+-define(Attribute, #'Attribute'{type = ?OID,
 				values = []}).
 
 -define(Attributes, [?Attribute]).
 
--define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames, 
-				      serial = ?CertificateSerialNumber, 
+-define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames,
+				      serial = ?CertificateSerialNumber,
 				      issuerUID = ?UniqueIdentifier}).
 
 -define(DigestedObjectType, publicKey). %% Enum
 
--define(ObjectDigestInfo, 
-	#'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType, 
-			    otherObjectTypeID = ?OID, 
-			    digestAlgorithm = ?AlgorithmIdentifier, 
+-define(ObjectDigestInfo,
+	#'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType,
+			    otherObjectTypeID = ?OID,
+			    digestAlgorithm = ?AlgorithmIdentifier,
 			    objectDigest = ?BIT_STR}).
 
--define(V2Form, #'V2Form'{issuerName = ?GeneralNames, 
-			  baseCertificateID = ?IssuerSerial, 
+-define(V2Form, #'V2Form'{issuerName = ?GeneralNames,
+			  baseCertificateID = ?IssuerSerial,
 			  objectDigestInfo = ?ObjectDigestInfo}).
 
 -define(AttCertVersion, v2).
 
--define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial, 
-			  entityName = ?GeneralNames, 
+-define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial,
+			  entityName = ?GeneralNames,
 			  objectDigestInfo = ?ObjectDigestInfo}).
 
 -define(AttCertIssuer, {v2Form, ?V2Form}).
 
 -define(AttributeCertificateInfo,
-	#'AttributeCertificateInfo'{version = ?AttCertVersion, 
-				    holder = ?Holder, 
-				    issuer = ?AttCertIssuer, 
-				    signature = ?AlgorithmIdentifier, 
-				    serialNumber = ?CertificateSerialNumber, 
+	#'AttributeCertificateInfo'{version = ?AttCertVersion,
+				    holder = ?Holder,
+				    issuer = ?AttCertIssuer,
+				    signature = ?AlgorithmIdentifier,
+				    serialNumber = ?CertificateSerialNumber,
 				    attrCertValidityPeriod = ?AttCertValidityPeriod,
-				    attributes = ?Attributes, 
-				    issuerUniqueID = ?UniqueIdentifier, 
+				    attributes = ?Attributes,
+				    issuerUniqueID = ?UniqueIdentifier,
 				    extensions = ?Extensions}).
 
--define(AttributeCertificate, 
-	#'AttributeCertificate'{acinfo = ?AttributeCertificateInfo, 
-				signatureAlgorithm = ?AlgorithmIdentifier, 
+-define(AttributeCertificate,
+	#'AttributeCertificate'{acinfo = ?AttributeCertificateInfo,
+				signatureAlgorithm = ?AlgorithmIdentifier,
 				signatureValue = ?BIT_STR}).
 
 
 %% OrberCSIv2
--define(AttributeCertChain, 
-	#'AttributeCertChain'{attributeCert = ?AttributeCertificate, 
+-define(AttributeCertChain,
+	#'AttributeCertChain'{attributeCert = ?AttributeCertificate,
 			      certificateChain = ?CertificateChain}).
 
 -define(CertificateChain, [?Certificate]).
 
--define(VerifyingCertChain, [?Certificate]).	
+-define(VerifyingCertChain, [?Certificate]).
 
 -endif.
 
@@ -314,15 +314,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -335,7 +335,7 @@ end_per_group(_GroupName, Config) ->
 %% NOTE - the fragment test cases must bu first since we explicitly set a request
 %% id. Otherwise, the request-id counter would be increased and we cannot know
 %% what it is.
-cases() -> 
+cases() ->
     [ssl_server_peercert_api, ssl_client_peercert_api].
 
 %%-----------------------------------------------------------------
@@ -361,14 +361,20 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 init_per_suite(Config) ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL is not installed!"};
-	_ ->
-	    Config
+    try crypto:start() of
+        ok ->
+	    case orber_test_lib:ssl_version() of
+		no_ssl ->
+		    {skip, "SSL is not installed!"};
+		_ ->
+		    Config
+	    end
+	catch _:_ ->
+	    {skip, "Crypto did not start"}
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),
     Config.
 
 %%-----------------------------------------------------------------
@@ -385,272 +391,272 @@ end_per_suite(Config) ->
 code_CertificateChain_api(doc) -> ["Code CertificateChain"];
 code_CertificateChain_api(suite) -> [];
 code_CertificateChain_api(_Config) ->
-    {ok, Enc} =	
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('CertificateChain', ?CertificateChain)),
-    ?match({ok, [#'Certificate'{}]}, 
+    ?match({ok, [#'Certificate'{}]},
 	   'OrberCSIv2':decode('CertificateChain', list_to_binary(Enc))),
     ok.
 
 code_AttributeCertChain_api(doc) -> ["Code AttributeCertChain"];
 code_AttributeCertChain_api(suite) -> [];
 code_AttributeCertChain_api(_Config) ->
-     {ok, Enc} = 
-	?match({ok, _}, 
+     {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertChain', ?AttributeCertChain)),
-    ?match({ok, #'AttributeCertChain'{}}, 
-	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertChain'{}},
+	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))),
     ok.
 
 code_VerifyingCertChain_api(doc) -> ["Code VerifyingCertChain"];
 code_VerifyingCertChain_api(suite) -> [];
 code_VerifyingCertChain_api(_Config) ->
-     {ok, Enc} = 
-	?match({ok, _}, 
+     {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('VerifyingCertChain', ?VerifyingCertChain)),
-    ?match({ok, [#'Certificate'{}]}, 
-	   'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))),       
+    ?match({ok, [#'Certificate'{}]},
+	   'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))),
     ok.
 
 %% PKIXAttributeCertificate
 code_AttributeCertificate_api(doc) -> ["Code AttributeCertificate"];
 code_AttributeCertificate_api(suite) -> [];
 code_AttributeCertificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertificate', ?AttributeCertificate)),
-    ?match({ok, #'AttributeCertificate'{}}, 
-	   'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertificate'{}},
+	   'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))),
     ok.
 
 code_AttributeCertificateInfo_api(doc) -> ["Code AttributeCertificateInfo"];
 code_AttributeCertificateInfo_api(suite) -> [];
 code_AttributeCertificateInfo_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertificateInfo', ?AttributeCertificateInfo)),
-    ?match({ok, #'AttributeCertificateInfo'{}}, 
-	   'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertificateInfo'{}},
+	   'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))),
     ok.
 
 code_AttCertVersion_api(doc) -> ["Code AttCertVersion"];
 code_AttCertVersion_api(suite) -> [];
 code_AttCertVersion_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttCertVersion', ?AttCertVersion)),
-    ?match({ok, ?AttCertVersion}, 
-	   'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))),   
+    ?match({ok, ?AttCertVersion},
+	   'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))),
     ok.
 
 code_Holder_api(doc) -> ["Code Holder"];
 code_Holder_api(suite) -> [];
 code_Holder_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('Holder', ?Holder)),
-    ?match({ok, #'Holder'{}}, 
-	   'OrberCSIv2':decode('Holder', list_to_binary(Enc))),   
+    ?match({ok, #'Holder'{}},
+	   'OrberCSIv2':decode('Holder', list_to_binary(Enc))),
     ok.
 
 code_AttCertIssuer_api(doc) -> ["Code AttCertIssuer"];
 code_AttCertIssuer_api(suite) -> [];
 code_AttCertIssuer_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttCertIssuer', ?AttCertIssuer)),
-    ?match({ok, {v2Form, _}}, 
-	   'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))),   
+    ?match({ok, {v2Form, _}},
+	   'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))),
     ok.
 
 code_AttCertValidityPeriod_api(doc) -> ["Code AttCertValidityPeriod"];
 code_AttCertValidityPeriod_api(suite) -> [];
 code_AttCertValidityPeriod_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttCertValidityPeriod', ?AttCertValidityPeriod)),
-    ?match({ok, #'AttCertValidityPeriod'{}}, 
-	   'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))),   
+    ?match({ok, #'AttCertValidityPeriod'{}},
+	   'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))),
     ok.
 
 code_V2Form_api(doc) -> ["Code V2Form"];
 code_V2Form_api(suite) -> [];
 code_V2Form_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('V2Form', ?V2Form)),
-    ?match({ok, #'V2Form'{}}, 
-	   'OrberCSIv2':decode('V2Form', list_to_binary(Enc))),   
+    ?match({ok, #'V2Form'{}},
+	   'OrberCSIv2':decode('V2Form', list_to_binary(Enc))),
     ok.
 
 code_IssuerSerial_api(doc) -> ["Code IssuerSerial"];
 code_IssuerSerial_api(suite) -> [];
 code_IssuerSerial_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('IssuerSerial', ?IssuerSerial)),
-    ?match({ok, #'IssuerSerial'{}}, 
-	   'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))),   
+    ?match({ok, #'IssuerSerial'{}},
+	   'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))),
     ok.
 
 code_ObjectDigestInfo_api(doc) -> ["Code ObjectDigestInfo"];
 code_ObjectDigestInfo_api(suite) -> [];
 code_ObjectDigestInfo_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('ObjectDigestInfo', ?ObjectDigestInfo)),
-    ?match({ok, #'ObjectDigestInfo'{}}, 
-	   'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))),   
+    ?match({ok, #'ObjectDigestInfo'{}},
+	   'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))),
     ok.
 
 %% PKIX1Explicit88
 code_Certificate_api(doc) -> ["Code Certificate"];
 code_Certificate_api(suite) -> [];
 code_Certificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('Certificate', ?Certificate)),
-    ?match({ok, #'Certificate'{}}, 
-	   'OrberCSIv2':decode('Certificate', list_to_binary(Enc))),   
+    ?match({ok, #'Certificate'{}},
+	   'OrberCSIv2':decode('Certificate', list_to_binary(Enc))),
     ok.
 
 code_TBSCertificate_api(doc) -> ["Code TBSCertificate"];
 code_TBSCertificate_api(suite) -> [];
 code_TBSCertificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('TBSCertificate', ?TBSCertificate)),
-    ?match({ok, #'TBSCertificate'{}}, 
-	   'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))),   
+    ?match({ok, #'TBSCertificate'{}},
+	   'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))),
     ok.
 
 code_CertificateSerialNumber_api(doc) -> ["Code CertificateSerialNumber"];
 code_CertificateSerialNumber_api(suite) -> [];
 code_CertificateSerialNumber_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('CertificateSerialNumber', ?CertificateSerialNumber)),
-    ?match({ok, ?CertificateSerialNumber}, 
-	   'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))),   
+    ?match({ok, ?CertificateSerialNumber},
+	   'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))),
     ok.
 
 code_Version_api(doc) -> ["Code Version"];
 code_Version_api(suite) -> [];
 code_Version_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Version', ?Version)),
-    ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))),   
+    ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))),
     ok.
 
 code_AlgorithmIdentifier_api(doc) -> ["Code AlgorithmIdentifier"];
 code_AlgorithmIdentifier_api(suite) -> [];
 code_AlgorithmIdentifier_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AlgorithmIdentifier', ?AlgorithmIdentifier)),
-    ?match({ok, #'AlgorithmIdentifier'{}}, 
-	   'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))),   
+    ?match({ok, #'AlgorithmIdentifier'{}},
+	   'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))),
     ok.
 
 code_Name_api(doc) -> ["Code Name"];
 code_Name_api(suite) -> [];
 code_Name_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Name', ?Name)),
-    ?match({ok, {rdnSequence,_}}, 
-	   'OrberCSIv2':decode('Name', list_to_binary(Enc))),   
+    ?match({ok, {rdnSequence,_}},
+	   'OrberCSIv2':decode('Name', list_to_binary(Enc))),
     ok.
 
 code_RDNSequence_api(doc) -> ["Code RDNSequence"];
 code_RDNSequence_api(suite) -> [];
 code_RDNSequence_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('RDNSequence', ?RDNSequence)),
-    ?match({ok, [[#'AttributeTypeAndValue'{}]]}, 
-	   'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))),   
+    ?match({ok, [[#'AttributeTypeAndValue'{}]]},
+	   'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))),
     ok.
 
 code_RelativeDistinguishedName_api(doc) -> ["Code RelativeDistinguishedName"];
 code_RelativeDistinguishedName_api(suite) -> [];
 code_RelativeDistinguishedName_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('RelativeDistinguishedName', ?RelativeDistinguishedName)),
-    ?match({ok, [#'AttributeTypeAndValue'{}]}, 
-	   'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))),   
+    ?match({ok, [#'AttributeTypeAndValue'{}]},
+	   'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))),
     ok.
 
 code_AttributeTypeAndValue_api(doc) -> ["Code AttributeTypeAndValue"];
 code_AttributeTypeAndValue_api(suite) -> [];
 code_AttributeTypeAndValue_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttributeTypeAndValue', ?AttributeTypeAndValue)),
-    ?match({ok, #'AttributeTypeAndValue'{}}, 
-	   'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeTypeAndValue'{}},
+	   'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))),
     ok.
 
 code_Attribute_api(doc) -> ["Code Attribute"];
 code_Attribute_api(suite) -> [];
 code_Attribute_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Attribute', ?Attribute)),
-    ?match({ok, #'Attribute'{}}, 
-	   'OrberCSIv2':decode('Attribute', list_to_binary(Enc))),   
+    ?match({ok, #'Attribute'{}},
+	   'OrberCSIv2':decode('Attribute', list_to_binary(Enc))),
     ok.
 
 code_Validity_api(doc) -> ["Code Validity"];
 code_Validity_api(suite) -> [];
 code_Validity_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Validity', ?Validity)),
-    ?match({ok, #'Validity'{}}, 
-	   'OrberCSIv2':decode('Validity', list_to_binary(Enc))),   
+    ?match({ok, #'Validity'{}},
+	   'OrberCSIv2':decode('Validity', list_to_binary(Enc))),
     ok.
 
 code_SubjectPublicKeyInfo_api(doc) -> ["Code SubjectPublicKeyInfo"];
 code_SubjectPublicKeyInfo_api(suite) -> [];
 code_SubjectPublicKeyInfo_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('SubjectPublicKeyInfo', ?SubjectPublicKeyInfo)),
-    ?match({ok, #'SubjectPublicKeyInfo'{}}, 
-	   'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))),   
+    ?match({ok, #'SubjectPublicKeyInfo'{}},
+	   'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))),
     ok.
 
 code_UniqueIdentifier_api(doc) -> ["Code UniqueIdentifier"];
 code_UniqueIdentifier_api(suite) -> [];
 code_UniqueIdentifier_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('UniqueIdentifier', ?UniqueIdentifier)),
-    ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))),   
+    ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))),
     ok.
 
 code_Extensions_api(doc) -> ["Code Extensions"];
 code_Extensions_api(suite) -> [];
 code_Extensions_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Extensions', ?Extensions)),
-    ?match({ok, [#'Extension'{}]}, 
-	   'OrberCSIv2':decode('Extensions', list_to_binary(Enc))),   
+    ?match({ok, [#'Extension'{}]},
+	   'OrberCSIv2':decode('Extensions', list_to_binary(Enc))),
     ok.
 
 code_Extension_api(doc) -> ["Code Extension"];
 code_Extension_api(suite) -> [];
 code_Extension_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Extension', ?Extension)),
-    ?match({ok, #'Extension'{}}, 
-	   'OrberCSIv2':decode('Extension', list_to_binary(Enc))),   
+    ?match({ok, #'Extension'{}},
+	   'OrberCSIv2':decode('Extension', list_to_binary(Enc))),
     ok.
 
 %% OpenSSL generated x509 Certificate
 code_OpenSSL509_api(doc) -> ["Code OpenSSL generated x509 Certificate"];
 code_OpenSSL509_api(suite) -> [];
 code_OpenSSL509_api(_Config) ->
-    {ok, Cert} = 
-	?match({ok, #'Certificate'{}}, 
+    {ok, Cert} =
+	?match({ok, #'Certificate'{}},
 	       'OrberCSIv2':decode('Certificate', ?X509DER)),
-    AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate, 
+    AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate,
 					  certificateChain = [Cert]},
-    {ok, EAttrCertChain} = 
+    {ok, EAttrCertChain} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', AttrCertChain)),
-    ?match({ok, #'AttributeCertChain'{}}, 
+    ?match({ok, #'AttributeCertChain'{}},
 	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(EAttrCertChain))),
     ok.
 
@@ -663,66 +669,65 @@ ssl_server_peercert_api(doc) -> ["Test ssl:peercert (server side)"];
 ssl_server_peercert_api(suite) -> [];
 ssl_server_peercert_api(_Config) ->
     case os:type() of
-        vxworks ->
-	    {skipped, "No SSL-support for VxWorks."};
-        _ ->
-	    Options = orber_test_lib:get_options(iiop_ssl, server, 
-						 2, [{iiop_ssl_port, 0}]),
-	    {ok, ServerNode, ServerHost} = 
-		?match({ok,_,_}, orber_test_lib:js_node(Options)),
-	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
-	    SSLOptions = orber_test_lib:get_options(ssl, client),
- 	    {ok, Socket} = 
-		?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)),
-	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
-%	    ?match({ok, #'Certificate'{}}, 
-%		   'OrberCSIv2':decode('Certificate', PeerCert)),
-	    destroy_fake_ORB(ssl, Socket),
-	    ok
+	vxworks ->
+ 	    {skipped, "No SSL-support for VxWorks."};
+	_ ->
+ 	    Options = orber_test_lib:get_options(iiop_ssl, server,
+ 						 2, [{iiop_ssl_port, 0}]),
+ 	    {ok, ServerNode, ServerHost} =
+ 		?match({ok,_,_}, orber_test_lib:js_node(Options)),
+ 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+ 	    SSLOptions = orber_test_lib:get_options(ssl, client),
+  	    {ok, Socket} =
+ 		?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)),
+ 	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
+						%	    ?match({ok, #'Certificate'{}},
+						%		   'OrberCSIv2':decode('Certificate', PeerCert)),
+ 	    destroy_fake_ORB(ssl, Socket),
+ 	    ok
     end.
 
 ssl_client_peercert_api(doc) -> ["Test ssl:peercert (client side)"];
 ssl_client_peercert_api(suite) -> [];
 ssl_client_peercert_api(_Config) ->
     case os:type() of
-        vxworks ->
-	    {skipped, "No SSL-support for VxWorks."};
-        _ ->
-	    Options = orber_test_lib:get_options(iiop_ssl, client, 
-						 2, [{iiop_ssl_port, 0}]),
-	    {ok, ClientNode, _ClientHost} = 
-		?match({ok,_,_}, orber_test_lib:js_node(Options)),
-	    crypto:start(),
-	    ssl:start(),
-	    ssl:seed("testing"),
-	    SSLOptions = orber_test_lib:get_options(ssl, server),
-	    {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)),
-	    {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)),
-	    IOR = ?match({'IOP_IOR',_,_}, 
-			 iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", 
-						 "localhost", 6004, "FAKE", 
-						 [#'IOP_TaggedComponent'
-						  {tag=?TAG_SSL_SEC_TRANS, 
-						   component_data=#'SSLIOP_SSL'
-						   {target_supports = 2, 
-						    target_requires = 2, 
-						    port = LPort}}])),
-	    spawn(orber_test_lib, remote_apply, 
-		  [ClientNode, corba_object, non_existent, [IOR]]),
-	    {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)),
-	    ?match(ok, ssl:ssl_accept(Socket)),
-	    
-	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
-%	    ?match({ok, #'Certificate'{}}, 
-%		   'OrberCSIv2':decode('Certificate', PeerCert)),
-	    ssl:close(Socket),
-	    ssl:close(LSock),
-	    ssl:stop(),
-	    ok
+	vxworks ->
+ 	    {skipped, "No SSL-support for VxWorks."};
+	_ ->
+ 	    Options = orber_test_lib:get_options(iiop_ssl, client,
+ 						 2, [{iiop_ssl_port, 0}]),
+ 	    {ok, ClientNode, _ClientHost} =
+ 		?match({ok,_,_}, orber_test_lib:js_node(Options)),
+ 	    crypto:start(),
+ 	    ssl:start(),
+ 	    SSLOptions = orber_test_lib:get_options(ssl, server),
+ 	    {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)),
+ 	    {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)),
+ 	    IOR = ?match({'IOP_IOR',_,_},
+ 			 iop_ior:create_external({1, 2}, "IDL:FAKE:1.0",
+ 						 "localhost", 6004, "FAKE",
+ 						 [#'IOP_TaggedComponent'
+ 						  {tag=?TAG_SSL_SEC_TRANS,
+ 						   component_data=#'SSLIOP_SSL'
+ 						   {target_supports = 2,
+ 						    target_requires = 2,
+ 						    port = LPort}}])),
+ 	    spawn(orber_test_lib, remote_apply,
+ 		  [ClientNode, corba_object, non_existent, [IOR]]),
+ 	    {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)),
+ 	    ?match(ok, ssl:ssl_accept(Socket)),
+
+ 	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
+						%	    ?match({ok, #'Certificate'{}},
+						%		   'OrberCSIv2':decode('Certificate', PeerCert)),
+ 	    ssl:close(Socket),
+ 	    ssl:close(LSock),
+ 	    ssl:stop(),
+ 	    ok
     end.
 
 %%-----------------------------------------------------------------
@@ -731,105 +736,105 @@ ssl_client_peercert_api(_Config) ->
 -ifdef(false).
 %% Not used yet.
 context_test(Obj) ->
-    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, 
+    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent,
 				    value = true},
-    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, 
+    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous,
 				    value = false},
-    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, 
+    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName,
 				    value = [0,255]},
-    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, 
+    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain,
 				    value = [1,255]},
-    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, 
+    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName,
 				    value = [2,255]},
-    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, 
+    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX,
 				    value = [3,255]},
 
     MTEstablishContext1 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken1, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken1,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext2 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken2, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken2,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext3 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken3, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken3,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext4 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken4, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken4,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext5 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken5, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken5,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext6 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken6, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken6,
 				       client_authentication_token = [1, 255]}},
     MTCompleteEstablishContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTCompleteEstablishContext, 
-       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTCompleteEstablishContext,
+       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX,
 					       context_stateful = false,
 					       final_context_token = [1, 255]}},
     MTContextError = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTContextError, 
+      {label = ?CSI_MsgType_MTContextError,
        value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX,
-				   major_status = 1, 
-				   minor_status = 2, 
+				   major_status = 1,
+				   minor_status = 2,
 				   error_token = [2,255]}},
     MTMessageInContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTMessageInContext, 
-       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTMessageInContext,
+       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX,
 				       discard_context = true}},
-    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext1},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext2},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext3},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext4},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext5},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext6},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTCompleteEstablishContext},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTContextError},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTMessageInContext}],
     ?line ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])).
 
@@ -837,7 +842,7 @@ context_test(Obj) ->
 fake_server_ORB(Type, Port, Options) ->
     start_ssl(Type),
     {ok, ListenSocket, NewPort} =
-	orber_socket:listen(Type, Port, 
+	orber_socket:listen(Type, Port,
 			    [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     orber_socket:post_accept(Type, Socket),
@@ -847,7 +852,7 @@ fake_server_ORB(Type, Port, Options) ->
 
 fake_server_ORB(Type, Port, Options, Action, Data) ->
     start_ssl(Type),
-    {ok, ListenSocket, _NewPort} = 
+    {ok, ListenSocket, _NewPort} =
 	orber_socket:listen(Type, Port, [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     orber_socket:post_accept(Type, Socket),
@@ -857,8 +862,7 @@ fake_server_ORB(Type, Port, Options, Action, Data) ->
 
 start_ssl(ssl) ->
     crypto:start(),
-    ssl:start(),
-    ssl:seed("testing");
+    ssl:start();
 start_ssl(_) ->
     ok.
 
@@ -887,13 +891,13 @@ fake_client_ORB(Type, Host, Port, Options, Action, Data) ->
 do_client_action(Type, Socket, fragments, FragList) ->
     ok = send_data(Type, Socket, FragList),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Par;
 do_client_action(Type, Socket, fragments_max, FragList) ->
     ok = send_data(Type, Socket, FragList),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Exc;
 do_client_action(Type, Socket, message_error, Data) ->
@@ -918,4 +922,4 @@ send_data(_Type, _Socket, []) ->
 send_data(Type, Socket, [H|T]) ->
     orber_socket:write(Type, Socket, H),
     send_data(Type, Socket, T).
-    
+
diff --git a/lib/orber/test/multi_ORB_SUITE.erl b/lib/orber/test/multi_ORB_SUITE.erl
index 608fb23f3e..3c1ffd59d3 100644
--- a/lib/orber/test/multi_ORB_SUITE.erl
+++ b/lib/orber/test/multi_ORB_SUITE.erl
@@ -50,30 +50,33 @@
 %%-----------------------------------------------------------------
 %% External exports
 %%-----------------------------------------------------------------
--export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
+-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
 	 init_per_suite/1, end_per_suite/1, basic_PI_api/1, multi_orber_api/1,
-	 init_per_testcase/2, end_per_testcase/2, multi_pseudo_orber_api/1, 
-	 light_orber_api/1, light_orber2_api/1, 
+	 init_per_testcase/2, end_per_testcase/2, multi_pseudo_orber_api/1,
+	 light_orber_api/1, light_orber2_api/1,
 	 ssl_1_multi_orber_api/1, ssl_2_multi_orber_api/1, ssl_reconfigure_api/1,
 	 iiop_timeout_api/1, iiop_timeout_added_api/1, setup_connection_timeout_api/1,
 	 setup_multi_connection_timeout_api/1, setup_multi_connection_timeout_random_api/1,
 	 setup_multi_connection_timeout_attempts_api/1,
-	 fragments_server_api/1, fragments_max_server_api/1, 
+	 fragments_server_api/1, fragments_max_server_api/1,
 	 fragments_max_server_added_api/1, fragments_client_api/1,
 	 light_ifr_api/1, max_requests_api/1, max_requests_added_api/1,
-	 max_connections_api/1, max_packet_size_exceeded_api/1, 
+	 max_connections_api/1, max_packet_size_exceeded_api/1,
 	 max_packet_size_ok_api/1, proxy_interface_api/1, proxy_interface_ipv6_api/1,
 	 multiple_accept_api/1, implicit_context_api/1,
-	 pseudo_implicit_context_api/1, pseudo_two_implicit_context_api/1, 
+	 pseudo_implicit_context_api/1, pseudo_two_implicit_context_api/1,
 	 oneway_implicit_context_api/1, implicit_context_roundtrip_api/1,
 	 oneway_pseudo_implicit_context_api/1, flags_added_api/1,
-	 oneway_pseudo_two_implicit_context_api/1, 
+	 oneway_pseudo_two_implicit_context_api/1,
 	 local_interface_api/1, local_interface_ctx_override_api/1,
 	 local_interface_acl_override_api/1, bad_giop_header_api/1,
 	 bad_fragment_id_client_api/1, bad_id_cancel_request_api/1,
 	 close_connections_api/1, close_connections_local_interface_api/1,
-	 close_connections_local_interface_ctx_override_api/1, ssl_reconfigure_generation_3_api/1,
+	 close_connections_local_interface_ctx_override_api/1,
 	 ssl_1_multi_orber_generation_3_api/1, ssl_2_multi_orber_generation_3_api/1,
+	 ssl_reconfigure_generation_3_api/1,
+	 ssl_1_multi_orber_generation_3_api_old/1, ssl_2_multi_orber_generation_3_api_old/1,
+	 ssl_reconfigure_generation_3_api_old/1,
 	 close_connections_alt_iiop_addr_api/1, close_connections_multiple_profiles_api/1]).
 
 
@@ -84,15 +87,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -105,7 +108,7 @@ end_per_group(_GroupName, Config) ->
 %% NOTE - the fragment test cases must be first since we explicitly set a request
 %% id. Otherwise, the request-id counter would be increased and we cannot know
 %% what it is.
-cases() -> 
+cases() ->
     [fragments_server_api, fragments_max_server_api,
      fragments_max_server_added_api, fragments_client_api,
      flags_added_api, bad_fragment_id_client_api,
@@ -134,21 +137,28 @@ cases() ->
      setup_multi_connection_timeout_attempts_api,
      setup_multi_connection_timeout_random_api,
      ssl_1_multi_orber_api,
+     ssl_1_multi_orber_generation_3_api_old,
      ssl_1_multi_orber_generation_3_api,
      ssl_2_multi_orber_api,
+     ssl_2_multi_orber_generation_3_api_old,
      ssl_2_multi_orber_generation_3_api,
-     ssl_reconfigure_generation_3_api, ssl_reconfigure_api].
+     ssl_reconfigure_api,
+     ssl_reconfigure_generation_3_api_old,
+     ssl_reconfigure_generation_3_api].
 
 %%-----------------------------------------------------------------
 %% Init and cleanup functions.
 %%-----------------------------------------------------------------
-init_per_testcase(TC,Config) 
+init_per_testcase(TC,Config)
   when TC =:= ssl_1_multi_orber_api;
        TC =:= ssl_2_multi_orber_api;
        TC =:= ssl_reconfigure_api ->
     init_ssl(Config);
-init_per_testcase(TC,Config) 
-  when TC =:= ssl_1_multi_orber_generation_3_api; 
+init_per_testcase(TC,Config)
+  when TC =:= ssl_1_multi_orber_generation_3_api_old;
+       TC =:= ssl_2_multi_orber_generation_3_api_old;
+       TC =:= ssl_reconfigure_generation_3_api_old;
+       TC =:= ssl_1_multi_orber_generation_3_api;
        TC =:= ssl_2_multi_orber_generation_3_api;
        TC =:= ssl_reconfigure_generation_3_api ->
     init_ssl_3(Config);
@@ -156,21 +166,31 @@ init_per_testcase(_Case, Config) ->
     init_all(Config).
 
 init_ssl(Config) ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL is not installed!"};
-	_ ->
-	    init_all(Config)
+    case  ?config(crypto_started, Config) of
+	true ->
+	    case orber_test_lib:ssl_version() of
+		no_ssl ->
+		    {skip, "SSL is not installed!"};
+		_ ->
+		    init_all(Config)
+	    end;
+	false ->
+	    {skip, "Crypto did not start"}
     end.
 
 init_ssl_3(Config) ->
-    case orber_test_lib:ssl_version() of
-	3 ->
-	    init_all(Config);
-	2 ->
-	    {skip,"Could not find the correct SSL version!"};
-	no_ssl ->
-	    {skip,"SSL is not installed!"}
+    case  ?config(crypto_started, Config) of
+	true ->
+	    case orber_test_lib:ssl_version() of
+		3 ->
+		    init_all(Config);
+		2 ->
+		    {skip, "Could not find the correct SSL version!"};
+		no_ssl ->
+		    {skip, "SSL is not installed!"}
+	    end;
+	false ->
+	    {skip, "Crypto did not start"}
     end.
 
 init_all(Config) ->
@@ -194,12 +214,18 @@ end_per_testcase(_Case, Config) ->
 init_per_suite(Config) ->
     if
 	is_list(Config) ->
-	    Config;
+            try crypto:start() of
+                ok ->
+		    [{crypto_started, true} | Config]
+            catch _:_ ->
+	       [{crypto_started, false} | Config]
+            end;
 	true ->
 	    exit("Config not a list")
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),    
     Config.
 
 %%-----------------------------------------------------------------
@@ -211,238 +237,238 @@ implicit_context_api(suite) -> [];
 implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
-    
+
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
 
-implicit_context_roundtrip_api(doc) -> 
+implicit_context_roundtrip_api(doc) ->
     ["IIOP Implicit Contex roundtrip tests"];
 implicit_context_roundtrip_api(suite) -> [];
 implicit_context_roundtrip_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     Relay = ?match(#'IOP_IOR'{},
 		   corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     IOR = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
 
-    
+
+
 oneway_implicit_context_api(doc) -> ["IIOP Implicit Contex oneway tests"];
 oneway_implicit_context_api(suite) -> [];
 oneway_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
 
-    %% We must wait for a few seconds for the client to be able to set up the 
+    %% We must wait for a few seconds for the client to be able to set up the
     %% connection (since it's a oneway operation).
     timer:sleep(5000),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
 
-    
+
 pseudo_implicit_context_api(doc) -> ["IIOP Implicit Contex tests (via pseudo object)"];
 pseudo_implicit_context_api(suite) -> [];
 pseudo_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
-pseudo_two_implicit_context_api(doc) -> 
+
+pseudo_two_implicit_context_api(doc) ->
     ["IIOP two Implicit Contex tests (via pseudo object)"];
 pseudo_two_implicit_context_api(suite) -> [];
 pseudo_two_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    put(oe_server_in_context, 
-	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+    put(oe_server_in_context,
+	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 			       context_data = {interface,
 					       IP}}]),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
+
 oneway_pseudo_implicit_context_api(doc) -> ["IIOP Implicit Contex tests (via pseudo object oneway)"];
 oneway_pseudo_implicit_context_api(suite) -> [];
 oneway_pseudo_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
-oneway_pseudo_two_implicit_context_api(doc) -> 
+
+oneway_pseudo_two_implicit_context_api(doc) ->
     ["IIOP two Implicit Contex tests (via pseudo object oneway)"];
 oneway_pseudo_two_implicit_context_api(suite) -> [];
 oneway_pseudo_two_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
     %% Add incoming implicit context which must be removed.
-    put(oe_server_in_context, 
-	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+    put(oe_server_in_context,
+	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 			       context_data = {interface,
 					       IP}}]),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
+
 
 
 multiple_accept_api(doc) -> ["IIOP Multiple Accept tests"];
@@ -450,7 +476,7 @@ multiple_accept_api(suite) -> [];
 multiple_accept_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
@@ -461,84 +487,84 @@ multiple_accept_api(_Config) ->
 
     IOR1 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     ?match([_], orber:iiop_connections(out)),
 
     {ok, Ref1} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal])),
 
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ?match([_,_], orber:iiop_connections(out)),
 
     {ok, Ref2} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal, 9543])),
     ?match({error, eaddrinuse},
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, normal, 9543])),
 
     IOR3 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":9543/NameService")),
-    ?match({'external', {Loopback, 9543, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, 9543, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR3)),
     ?match([_,_,_], orber:iiop_connections(out)),
 
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref1])),
     %% Wait a few seconds to be sure that the connections really has been removed.
     timer:sleep(4000),
     ?match([_,_], orber:iiop_connections(out)),
-    
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref2])),
     %% Wait a few seconds to be sure that the connections really has been removed.
     timer:sleep(4000),
     ?match([_], orber:iiop_connections(out)),
-    
+
     ?match({'EXCEPTION',_},
 	   corba:string_to_object("corbaloc::1.2@"++Loopback++":9543/NameService")),
     ?match({'EXCEPTION',_},
 	   corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-   
+
     IOR4 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR4)),
 
     ok.
 
 
-proxy_interface_api(doc) -> ["IIOP Proxy Interface tests", 
+proxy_interface_api(doc) -> ["IIOP Proxy Interface tests",
 			     "This case test if the server ORB use the correct",
 			     "interface when exporting IOR:s"];
 proxy_interface_api(suite) -> [];
 proxy_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR1 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ok.
 
-proxy_interface_ipv6_api(doc) -> ["IIOP Proxy Interface tests", 
+proxy_interface_ipv6_api(doc) -> ["IIOP Proxy Interface tests",
 				  "This case test if the server ORB use the correct",
 				  "IPv6 interface when exporting IOR:s"];
 proxy_interface_ipv6_api(suite) -> [];
@@ -550,103 +576,103 @@ proxy_interface_ipv6_api(_Config) ->
 	    Reason
     end.
 
-proxy_interface_ipv6_api2() ->		    
+proxy_interface_ipv6_api2() ->
     Loopback = orber_test_lib:get_loopback_interface(inet6),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
 							  ?ORB_ENV_LOCAL_INTERFACE)}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_IPV6}])),
-    
+
     IP = orber_test_lib:remote_apply(ClientNode, orber_test_lib, get_host, []),
 
     IOR1 = ?match(#'IOP_IOR'{},
-		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					      ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   orber_test_lib:remote_apply(ClientNode, iop_ior, get_key, [IOR1])),
     IOR2 = ?match(#'IOP_IOR'{},
-		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					      ["corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService"])),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   orber_test_lib:remote_apply(ClientNode, iop_ior, get_key, [IOR2])),
     ok.
 
-local_interface_api(doc) -> ["IIOP Local Interface tests", 
+local_interface_api(doc) -> ["IIOP Local Interface tests",
 			     "This case test if the server ORB use the correct",
 			     "local interface when connecting to another ORB"];
 local_interface_api(suite) -> [];
 local_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, Loopback}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
 
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
 
     ok.
 
-local_interface_ctx_override_api(doc) -> 
-    ["IIOP Local Interface tests", 
+local_interface_ctx_override_api(doc) ->
+    ["IIOP Local Interface tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 local_interface_ctx_override_api(suite) -> [];
 local_interface_ctx_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					[#'IOP_ServiceContext'
-					 {context_id=?ORBER_GENERIC_CTX_ID, 
+					 {context_id=?ORBER_GENERIC_CTX_ID,
 					  context_data = {interface, Loopback}}]])),
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
 
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
     ok.
 
-local_interface_acl_override_api(doc) -> 
-    ["IIOP Local Interface tests", 
+local_interface_acl_override_api(doc) ->
+    ["IIOP Local Interface tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 local_interface_acl_override_api(suite) -> [];
@@ -654,74 +680,74 @@ local_interface_acl_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
     ACL = [{tcp_out, IP ++ "/18", [Loopback]}],
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP},
 						 {iiop_acl, ACL},
 						 {flags, ?ORB_ENV_USE_ACL_OUTGOING}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					[#'IOP_ServiceContext'
-					 {context_id=?ORBER_GENERIC_CTX_ID, 
+					 {context_id=?ORBER_GENERIC_CTX_ID,
 					  context_data = {interface, IP}}]])),
     ?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
 
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
-    ?match([{IP, Port, IP}], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, IP}], orber_test_lib:remote_apply(ClientNode, orber,
 							 iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
     ok.
 
 
-iiop_timeout_api(doc) -> ["IIOP TIMEOUT API tests", 
+iiop_timeout_api(doc) -> ["IIOP TIMEOUT API tests",
 			 "This case test if timeout configuration behaves correctly"];
 iiop_timeout_api(suite) -> [];
 iiop_timeout_api(_Config) ->
-    
+
     %% Install two secure orber.
-    {ok, ClientNode, ClientHost} = 
+    {ok, ClientNode, ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_timeout, 6},
 						 {iiop_connection_timeout, 3},
 						 {iiop_in_connection_timeout, 3}])),
     ClientPort = orber_test_lib:remote_apply(ClientNode, orber, iiop_port, []),
-    
-    {ok, ServerNode, ServerHost} = 
+
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_timeout, 6},
 						 {iiop_connection_timeout, 3},
 						 {iiop_in_connection_timeout, 12}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [timeout])),
 
-    %% Tell client_orb to interoperate with server_orb. 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    %% Tell client_orb to interoperate with server_orb.
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   lookup,
 					   [ServerHost, ServerPort])),
     %% Interop worked fine, perform delay tests.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   timeouts,
 					   [ServerHost, ServerPort, 6000])),
-    
+
     %% Create a connection to the "client_orb", which will now act as server.
-    ?match({'IOP_IOR',_,_}, 
+    ?match({'IOP_IOR',_,_},
 	   corba:string_to_object("corbaloc::1.2@"++ClientHost++":"++integer_to_list(ClientPort)++"/NameService")),
     %% Check that the connection is established.
     ?match([{_, ClientPort}], orber:iiop_connections(out)),
@@ -729,13 +755,13 @@ iiop_timeout_api(_Config) ->
     %% have been closed.
     timer:sleep(8000),
     ?match([], orber:iiop_connections(out)),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [timeout])),
     ok.
 
-iiop_timeout_added_api(doc) -> ["IIOP TIMEOUT API tests", 
+iiop_timeout_added_api(doc) -> ["IIOP TIMEOUT API tests",
 			 "This case test if timeout configuration behaves correctly"];
 iiop_timeout_added_api(suite) -> [];
 iiop_timeout_added_api(_Config) ->
@@ -743,18 +769,18 @@ iiop_timeout_added_api(_Config) ->
     {ok, Node, _Host} = ?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_in_connection_timeout, 3},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, Port}]])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [timeout])),
 
-    ?match({'IOP_IOR',_,_}, 
+    ?match({'IOP_IOR',_,_},
 	   corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService")),
     %% Check that the connection is established.
     ?match([{_, Port}], orber:iiop_connections(out)),
@@ -762,9 +788,9 @@ iiop_timeout_added_api(_Config) ->
     %% have been closed.
     timer:sleep(8000),
     ?match([], orber:iiop_connections(out)),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [timeout])),
     ok.
 
@@ -772,27 +798,27 @@ iiop_timeout_added_api(_Config) ->
 %%  API tests for ORB to ORB using pseudo call/cast, no security
 %%-----------------------------------------------------------------
 
-multi_pseudo_orber_api(doc) -> 
-    ["MULTI ORB PSEUDO API tests", 
+multi_pseudo_orber_api(doc) ->
+    ["MULTI ORB PSEUDO API tests",
      "This case test if data encode/decode (IIOP) for pseudo objects",
      "produce the correct result, i.e., the test_server echos",
      "the input parameter or an exception is raised (MARSHAL)."];
 multi_pseudo_orber_api(suite) -> [];
 multi_pseudo_orber_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [pseudo])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.1@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    Obj = 
-	?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj =
+	?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 	       'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
     orber_test_lib:corba_object_tests(Obj, NSR),
 
@@ -809,11 +835,11 @@ multi_pseudo_orber_api(_Config) ->
     orber_test_lib:test_coding(Obj),
 
     %% Test if exit is handled properly.
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 	   orber_test_server:stop_brutal(Obj)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [pseudo])),
     ok.
 
@@ -821,77 +847,77 @@ multi_pseudo_orber_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with local flags definition set.
 %%-----------------------------------------------------------------
-flags_added_api(doc) -> 
+flags_added_api(doc) ->
     ["MULTI ORB PSEUDO with local flags definition set"];
 flags_added_api(suite) -> [];
 flags_added_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{flags, (?ORB_ENV_LOCAL_INTERFACE bor
 						  ?ORB_ENV_EXCLUDE_CODESET_COMPONENT)},
 					 {iiop_port, Port}]])),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [pseudo])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		       corba:string_to_object("corbaname::1.1@"++IP++":"++
 					      integer_to_list(Port)++"/NameService#mamba")),
-    ?match({'external', {IP, Port, _ObjectKey, _Counter, 
-			 #'IOP_TaggedProfile'{tag=?TAG_INTERNET_IOP, 
-					      profile_data= 
-					      #'IIOP_ProfileBody_1_1'{components=[]}}, 
-			 _NewHD}}, 
+    ?match({'external', {IP, Port, _ObjectKey, _Counter,
+			 #'IOP_TaggedProfile'{tag=?TAG_INTERNET_IOP,
+					      profile_data=
+					      #'IIOP_ProfileBody_1_1'{components=[]}},
+			 _NewHD}},
 	   iop_ior:get_key(Obj)),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
 
 
-					 
+
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with limited concurrent requests
 %%-----------------------------------------------------------------
-max_requests_api(doc) -> 
+max_requests_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent requests tests"];
 max_requests_api(suite) -> [];
 max_requests_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_in_requests, 1}])),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_in_requests, 1}])),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     max_requests(Node, Host, Port).
 
-max_requests_added_api(doc) -> 
+max_requests_added_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent requests tests"];
 max_requests_added_api(suite) -> [];
 max_requests_added_api(_Config) ->
     %% --- Create a slave-node ---
     [IP] = ?match([_], orber:host()),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_max_in_requests, 1},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, Port}]])),
     max_requests(Node, IP, Port).
 
-max_requests(Node, Host, Port) ->    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+max_requests(Node, Host, Port) ->
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [pseudo])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		       corba:string_to_object("corbaname::1.1@"++Host++":"++
@@ -899,7 +925,7 @@ max_requests(Node, Host, Port) ->
 
     %% Can we even contact the object?
     ?match(ok, orber_test_server:print(Obj)),
-    
+
     %% Invoke one blocking call followed by several invokations.
     spawn(orber_test_server, pseudo_call_delay, [Obj, 15000]),
     %% Wait for a second to be sure that the previous request has been sent
@@ -912,8 +938,8 @@ max_requests(Node, Host, Port) ->
     %% allow one request at a time to the target ORB.
     ?match(true, (MegaSecsB + (Before+8)*1000000) < (MegaSecsA + After*1000000)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
@@ -921,17 +947,17 @@ max_requests(Node, Host, Port) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with limited concurrent connections
 %%-----------------------------------------------------------------
-max_connections_api(doc) -> 
+max_connections_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent connections tests"];
 max_connections_api(suite) -> [];
 max_connections_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_backlog, 0},
 						 {iiop_max_in_connections, 2}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 install_test_data,
 						 [nameservice])),
 
     %% Claim connection 1 & 2
@@ -939,26 +965,26 @@ max_connections_api(_Config) ->
 		       corba:string_to_object("corbaname::1.2@"++ServerHost++":"++
 					      integer_to_list(ServerPort)++"/NameService#mamba")),
     %% Claim backlog
-    {ok, ClientNode, _ClientHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
 
     spawn(ClientNode, orber_test_server, print, [Obj]),
     timer:sleep(5000),
     ?match([_], orber_test_lib:remote_apply(ClientNode, orber,
 						  iiop_connections, [])),
-    
+
     %% Try to connect. Should fail. Due to the behavior of different TCP stacks, backlog 1
     %% might not be the precise value. Hence, we also need to define the iiop_timeout. Otherwise
     %% this test case will fail. For the same reason we must GC this connection.
-    {ok, ClientNodeII, _ClientHostII} = 
+    {ok, ClientNodeII, _ClientHostII} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_setup_connection_timeout, 5},
 						 {iiop_timeout, 5},
 						 {iiop_connection_timeout, 8}])),
 
-    ?match({'EXCEPTION', _}, 
-	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server, 
+    ?match({'EXCEPTION', _},
+	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server,
 				       testing_iiop_string, [Obj, "Fail"])),
-    
+
     %% Remove 2 connections. We need to wait a moment so that both sides has detected it.
     timer:sleep(5000),
     ?match([_,_], orber:iiop_connections()),
@@ -968,23 +994,23 @@ max_connections_api(_Config) ->
     ?match(ok, orber_iiop_pm:close_connection([{Host, Port}])),
     timer:sleep(5000),
     ?match([], orber:iiop_connections()),
-    
+
     ?match([_], orber_test_lib:remote_apply(ClientNode, orber,
 					    iiop_connections, [])),
 
     ?match([], orber_test_lib:remote_apply(ClientNodeII, orber,
 					   iiop_connections, [])),
 
-    ?match({ok, "OK"}, 
-	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server, 
+    ?match({ok, "OK"},
+	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server,
 				       testing_iiop_string, [Obj, "OK"])),
-    
+
     timer:sleep(4000),
     ?match([_], orber_test_lib:remote_apply(ClientNodeII, orber,
 					    iiop_connections, [])),
 
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
@@ -993,18 +1019,18 @@ max_connections_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for terminating connection by using an IOR.
 %%-----------------------------------------------------------------
-close_connections_api(doc) -> 
+close_connections_api(doc) ->
     ["Close outgoing connection "];
 close_connections_api(suite) -> [];
 close_connections_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IP = orber_test_lib:get_host(),
@@ -1028,108 +1054,108 @@ close_connections_api(_Config) ->
     ok.
 
 
-close_connections_local_interface_api(doc) -> 
-    ["IIOP Local Interface disconnect tests", 
+close_connections_local_interface_api(doc) ->
+    ["IIOP Local Interface disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_local_interface_api(suite) -> [];
 close_connections_local_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, Loopback}])),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     Port = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
-		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					     ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
 
     %% Check that the connnection is up and running using the default interface
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close the connection
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR])),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connection shall be gone.
-    ?match([], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ClientNode, orber,
 					   iiop_connections, [out])),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
 
     ok.
 
-close_connections_local_interface_ctx_override_api(doc) -> 
-    ["IIOP Local Interface disconnect tests", 
+close_connections_local_interface_ctx_override_api(doc) ->
+    ["IIOP Local Interface disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_local_interface_ctx_override_api(suite) -> [];
 close_connections_local_interface_ctx_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP},
 						 {ip_address, IP}])),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     Port = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
-		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					     ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					      [#'IOP_ServiceContext'
-					       {context_id=?ORBER_GENERIC_CTX_ID, 
+					       {context_id=?ORBER_GENERIC_CTX_ID,
 						context_data = {interface, Loopback}}]])),
 
     timer:sleep(2000),
     %% Check that the connnection is up and running using the default interface
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close not supplying the interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR])),
-    
+
     timer:sleep(2000),
     %% The connection shall still be up and running
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close not supplying the interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR, IP])),
 
-    timer:sleep(2000),    
+    timer:sleep(2000),
     %% The connection shall still be up and running
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
-    
+
     %% Try to close supplying the correct interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR, Loopback])),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connection shall be gone.
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
-    ?match([], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ClientNode, orber,
 					   iiop_connections, [out])),
     ok.
 
-close_connections_alt_iiop_addr_api(doc) -> 
-    ["IIOP alternate address disconnect tests", 
+close_connections_alt_iiop_addr_api(doc) ->
+    ["IIOP alternate address disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_alt_iiop_addr_api(suite) -> [];
@@ -1137,12 +1163,12 @@ close_connections_alt_iiop_addr_api(_Config) ->
     %% --- Create a slave-node ---
     Loopback = orber_test_lib:get_loopback_interface(),
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{giop_version, {1, 2}},
 						 {ip_address, {multiple, [IP, Loopback]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [{nameservice, Loopback, ServerPort}])),
     %% Create two connections
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
@@ -1151,25 +1177,25 @@ close_connections_alt_iiop_addr_api(_Config) ->
     ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 	   corba:string_to_object("corbaname::1.2@"++Loopback++":"++
 				  integer_to_list(ServerPort)++"/NameService#mamba")),
-    timer:sleep(2000),    
+    timer:sleep(2000),
     %% The connection shall still be up and running
     ?match([{_,_}, {_,_}], orber:iiop_connections(out)),
     ?match([{_,_}, {_,_}],
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       iiop_connections, [in])),
-    
+
     %% Try to close the connection
     ?match(ok, orber:close_connection(Obj)),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connections shall be gone.
     ?match([], orber:iiop_connections(out)),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
     ok.
 
-close_connections_multiple_profiles_api(doc) -> 
-    ["IIOP alternate address disconnect tests", 
+close_connections_multiple_profiles_api(doc) ->
+    ["IIOP alternate address disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_multiple_profiles_api(suite) -> [];
@@ -1177,11 +1203,11 @@ close_connections_multiple_profiles_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
     %% --- Create a slave-node ---
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{ip_address,
 						  {multiple, [Loopback, IP]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
 					   install_test_data, [nameservice])),
     %% Create two connections
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
@@ -1193,23 +1219,23 @@ close_connections_multiple_profiles_api(_Config) ->
     %% The connection shall still be up and running
     ?match([{_,_}, {_,_}], orber:iiop_connections(out)),
     ?match([{_,_}, {_,_}],
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       iiop_connections, [in])),
-    
+
     %% Try to close the connection
     ?match(ok, orber:close_connection(Obj)),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connections shall be gone.
     ?match([], orber:iiop_connections(out)),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
     ok.
 
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with iiop_packet_size set
 %%-----------------------------------------------------------------
-max_packet_size_exceeded_api(doc) -> 
+max_packet_size_exceeded_api(doc) ->
     ["Exceed the maximum request size"];
 max_packet_size_exceeded_api(suite) -> [];
 max_packet_size_exceeded_api(_Config) ->
@@ -1219,11 +1245,11 @@ max_packet_size_exceeded_api(_Config) ->
 	{ok, LS} ->
 	    (catch gen_tcp:close(LS)),
 	    %% --- Create a slave-node ---
-	    {ok, ServerNode, ServerHost} = 
+	    {ok, ServerNode, ServerHost} =
 		?match({ok,_,_}, orber_test_lib:js_node([{iiop_packet_size, 1}])),
 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber,
 						     iiop_port, []),
-	    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
+	    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
 		   corba:string_to_object("corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService")),
 	    ok
     end.
@@ -1231,7 +1257,7 @@ max_packet_size_exceeded_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with iiop_packet_size set
 %%-----------------------------------------------------------------
-max_packet_size_ok_api(doc) -> 
+max_packet_size_ok_api(doc) ->
     ["Not exceed the maximum request size"];
 max_packet_size_ok_api(suite) -> [];
 max_packet_size_ok_api(_Config) ->
@@ -1241,7 +1267,7 @@ max_packet_size_ok_api(_Config) ->
 	{ok, LS} ->
 	    (catch gen_tcp:close(LS)),
 	    %% --- Create a slave-node ---
-	    {ok, ServerNode, ServerHost} = 
+	    {ok, ServerNode, ServerHost} =
 		?match({ok,_,_}, orber_test_lib:js_node([{iiop_packet_size, 5000}])),
 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber,
 						     iiop_port, []),
@@ -1251,7 +1277,7 @@ max_packet_size_ok_api(_Config) ->
     end.
 
 
- 
+
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
@@ -1259,49 +1285,49 @@ max_packet_size_ok_api(_Config) ->
 light_ifr_api(doc) -> ["LIGHT IFR ORB API tests"];
 light_ifr_api(suite) -> [];
 light_ifr_api(_Config) ->
-    
-    {ok, ClientNode, _ClientHost} = 
+
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),
 
     ?match([_,_,_,_], orber_test_lib:remote_apply(ClientNode, orber, get_tables, [])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-                                                 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+                                                 install_test_data,
                                                  [nameservice])),
 
 
-    {ok, ServerNode, ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),    
+    {ok, ServerNode, ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     ?match([_,_,_,_], orber_test_lib:remote_apply(ServerNode, orber, get_tables, [])),
 
-    Obj = ?match({'IOP_IOR',_,_}, 
+    Obj = ?match({'IOP_IOR',_,_},
 		 corba:string_to_object("corbaname::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
     ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, test_coding, [Obj])),
 
     ?match(0, orber_test_lib:remote_apply(ClientNode, orber_diagnostics, missing_modules, [])),
 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId1",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_StructDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId2",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_UnionDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId3",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_ExceptionDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId4",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_InterfaceDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId5",
-							     module=orber_test_lib, 
+							     module=orber_test_lib,
 							     type=?IFR_InterfaceDef}])),
     ?match(5, orber_test_lib:remote_apply(ClientNode, orber_diagnostics, missing_modules, [])),
 
@@ -1316,14 +1342,14 @@ light_ifr_api(_Config) ->
 							 absolute_name="::Module::NonExisting"})),
     ?match(ok, mnesia:dirty_write(#ir_InterfaceDef{ir_Internal_ID = "FakedIId5",
 							 absolute_name="::orber::test::lib"})),
-    
+
     ?match(5, orber_diagnostics:missing_modules()),
 
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 uninstall_test_data,
 						 [nameservice])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+						 uninstall_test_data,
 						 [nameservice])),
     ok.
 
@@ -1331,23 +1357,23 @@ light_ifr_api(_Config) ->
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-light_orber_api(doc) -> ["LIGHT ORB API tests", 
+light_orber_api(doc) -> ["LIGHT ORB API tests",
 			 "This case test if a light Orber can communicate correctly",
 			 "with an fully installed Orber."];
 light_orber_api(suite) -> [];
 light_orber_api(_Config) ->
     %% --- Create a slave-node ---
     LocalHost = net_adm:localhost(),
-    {ok, Node, _Host} = 
+    {ok, Node, _Host} =
 	?match({ok,_,_}, orber_test_lib:js_node([{lightweight, ["iiop://"++LocalHost++":"++integer_to_list(orber:iiop_port())]}],
 						lightweight)),
     ?match(ok, orber:info(io)),
     ?match([_], orber_test_lib:remote_apply(Node, orber_env, get_lightweight_nodes,[])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [light])),
-    
+
     Obj1=(catch orber_test_server:oe_create(state,[{pseudo,true}])),
     ?match({_,pseudo,orber_test_server_impl, _,_, _}, Obj1),
     Obj2=(catch orber_test_server:oe_create(state,[])),
@@ -1357,11 +1383,11 @@ light_orber_api(_Config) ->
     'CosNaming_NamingContext':bind(NS, lname:new(["mamba"]), Obj1),
     'CosNaming_NamingContext':bind(NS, lname:new(["viper"]), Obj2),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "viper"])),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "mamba"])),
@@ -1370,17 +1396,17 @@ light_orber_api(_Config) ->
 
     catch corba:dispose(Obj1),
     catch corba:dispose(Obj2),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [light])),
     ok.
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-light_orber2_api(doc) -> ["LIGHT ORB API tests", 
+light_orber2_api(doc) -> ["LIGHT ORB API tests",
 			 "This case test if a light Orber can communicate correctly",
 			 "with an fully installed Orber. This case test if we can",
 			 "start as lightweight without first setting the environment",
@@ -1389,16 +1415,16 @@ light_orber2_api(suite) -> [];
 light_orber2_api(_Config) ->
     %% --- Create a slave-node ---
     LocalHost = net_adm:localhost(),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([], 
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([],
 						{lightweight, ["iiop://"++LocalHost++":"++integer_to_list(orber:iiop_port())]})),
     ?match(ok, orber:info(io)),
     ?match([_], orber_test_lib:remote_apply(Node, orber_env, get_lightweight_nodes,[])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [light])),
-    
+
     Obj1=(catch orber_test_server:oe_create(state,[{pseudo,true}])),
     ?match({_,pseudo,orber_test_server_impl, _,_, _}, Obj1),
     Obj2=(catch orber_test_server:oe_create(state,[])),
@@ -1407,12 +1433,12 @@ light_orber2_api(_Config) ->
     NS  = corba:resolve_initial_references("NameService"),
     'CosNaming_NamingContext':bind(NS, lname:new(["mamba"]), Obj1),
     'CosNaming_NamingContext':bind(NS, lname:new(["viper"]), Obj2),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "viper"])),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "mamba"])),
@@ -1421,10 +1447,10 @@ light_orber2_api(_Config) ->
 
     catch corba:dispose(Obj1),
     catch corba:dispose(Obj2),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [light])),
     ok.
 
@@ -1432,13 +1458,13 @@ light_orber2_api(_Config) ->
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-multi_orber_api(doc) -> ["MULTI ORB API tests", 
+multi_orber_api(doc) -> ["MULTI ORB API tests",
 			 "This case test if data encode/decode (IIOP)",
 			 "produce the correct result, i.e., the test_server echos",
 			 "the input parameter or an exception is raised (MARSHAL)."];
 multi_orber_api(suite) -> [];
 multi_orber_api(_Config) ->
-    
+
     NewICObj1 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
     NewICObj2 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{regname, {local, newic2}}])),
     NewICObj3 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{regname, {global, newic3}}])),
@@ -1448,34 +1474,34 @@ multi_orber_api(_Config) ->
     catch corba:dispose(NewICObj1),
     catch corba:dispose(NewICObj2),
     catch corba:dispose(NewICObj3),
-    
+
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.2@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    
+
     ?match({'EXCEPTION',{'CosNaming_NamingContext_NotFound',_,_,_}},
 	   'CosNaming_NamingContext':resolve(NSR, lname:new(["not_exist"]))),
 
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
     ?match(ok, orber_test_server:print(Obj)),
 
-    Obj12B = ?match({'IOP_IOR',_,_}, 
+    Obj12B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.2@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj11B = ?match({'IOP_IOR',_,_}, 
+
+    Obj11B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.1@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
-    Obj10B = ?match({'IOP_IOR',_,_}, 
+    Obj10B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
     context_test(Obj12B),
@@ -1484,7 +1510,7 @@ multi_orber_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj12B)),
     ?match(ok, orber_test_server:print(Obj11B)),
     ?match(ok, orber_test_server:print(Obj10B)),
-    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}}, 
+    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}},
 	   corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Wrong")),
 
     ?match(ok, orber_test_lib:corba_object_tests(Obj12B, NSR)),
@@ -1493,22 +1519,22 @@ multi_orber_api(_Config) ->
 
     %%--- Testing code and decode arguments ---
     orber_test_lib:test_coding(Obj),
-    
-    ?match({'EXCEPTION',#'BAD_CONTEXT'{}}, 
+
+    ?match({'EXCEPTION',#'BAD_CONTEXT'{}},
 	   orber_test_server:
-	   print(Obj12B, 
+	   print(Obj12B,
 		 [{context,
-		   [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					  context_data = {interface, 
+		   [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					  context_data = {interface,
 							  {127,0,0,1}}}]}])),
-    
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 	   orber_test_server:stop_brutal(Obj12B)),
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 		 orber_test_server:print(Obj12B)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [nameservice])),
     ok.
 
@@ -1516,9 +1542,9 @@ multi_orber_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security, using basic interceptors
 %%-----------------------------------------------------------------
-basic_PI_api(doc) -> ["MULTI ORB API tests", 
+basic_PI_api(doc) -> ["MULTI ORB API tests",
 		      "This case test if data encode/decode (IIOP)",
-		      "produce the correct result when using basic interceptors,", 
+		      "produce the correct result when using basic interceptors,",
 		      "i.e., the test_server echos",
 		      "the input parameter or an exception is raised (MARSHAL)."];
 basic_PI_api(suite) -> [];
@@ -1526,21 +1552,21 @@ basic_PI_api(_Config) ->
     %% Change configuration to use Basic Interceptors.
     orber:configure_override(interceptors, {native, [orber_test_lib]}),
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{interceptors, {native, [orber_test_lib]}}])),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([{interceptors, {native, [orber_test_lib]}}])),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
-    Obj12 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj12 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.2@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
-    
-    Obj11 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj11 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.1@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
-    
-    Obj10 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj10 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.0@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
 
     ?match(ok, corba:print_object(Obj12)),
@@ -1552,13 +1578,13 @@ basic_PI_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj10)),
 
 
-    Obj12B = ?match({'IOP_IOR',_,_}, 
+    Obj12B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.2@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj11B = ?match({'IOP_IOR',_,_}, 
+
+    Obj11B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.1@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj10B = ?match({'IOP_IOR',_,_}, 
+
+    Obj10B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
     ?match(ok, corba:print_object(Obj12B, info_msg)),
@@ -1568,7 +1594,7 @@ basic_PI_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj12B)),
     ?match(ok, orber_test_server:print(Obj11B)),
     ?match(ok, orber_test_server:print(Obj10B)),
-    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}}, 
+    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}},
 		 corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Wrong")),
 
     ?match(ok, orber_test_lib:alternate_iiop_address(Host, Port)),
@@ -1583,8 +1609,8 @@ basic_PI_api(_Config) ->
 
     application:set_env(orber, interceptors, false),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [nameservice])),
     ok.
 
@@ -1593,62 +1619,95 @@ basic_PI_api(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 1
 %%-----------------------------------------------------------------
 
-ssl_1_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+ssl_1_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			       "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_1_multi_orber_api(suite) -> [];
 ssl_1_multi_orber_api(_Config) ->
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
-    
-ssl_1_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+
+
+ssl_1_multi_orber_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+			       "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_1_multi_orber_generation_3_api_old(suite) -> [];
+ssl_1_multi_orber_generation_3_api_old(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ssl_suite(ServerOptions, ClientOptions).
+
+
+ssl_1_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			       "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_1_multi_orber_generation_3_api(suite) -> [];
 ssl_1_multi_orber_generation_3_api(_Config) ->
-   
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
-    
 
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, ssl security depth 2
 %%-----------------------------------------------------------------
 
-ssl_2_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_2_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_2_multi_orber_api(suite) -> [];
-ssl_2_multi_orber_api(_Config) -> 
-    
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+ssl_2_multi_orber_api(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
 					       2, [{iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
 					       2, [{iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
 
-ssl_2_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+
+ssl_2_multi_orber_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
+			     "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_2_multi_orber_generation_3_api_old(suite) -> [];
+ssl_2_multi_orber_generation_3_api_old(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       2, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       2, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ssl_suite(ServerOptions, ClientOptions).
+
+
+ssl_2_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_2_multi_orber_generation_3_api(suite) -> [];
-ssl_2_multi_orber_generation_3_api(_Config) -> 
-    
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+ssl_2_multi_orber_generation_3_api(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       2, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       2, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
@@ -1656,79 +1715,135 @@ ssl_2_multi_orber_generation_3_api(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 2
 %%-----------------------------------------------------------------
 
-ssl_reconfigure_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_reconfigure_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_reconfigure_api(suite) -> [];
-ssl_reconfigure_api(_Config) -> 
-    ssl_reconfigure([]).
+ssl_reconfigure_api(_Config) ->
+    ssl_reconfigure_old([]).
+
 
-ssl_reconfigure_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_reconfigure_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
+			     "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_reconfigure_generation_3_api_old(suite) -> [];
+ssl_reconfigure_generation_3_api_old(_Config) ->
+    ssl_reconfigure_old([{ssl_generation, 3}]).
+
+ssl_reconfigure_old(ExtraSSLOptions) ->
+
+    IP = orber_test_lib:get_host(),
+    Loopback = orber_test_lib:get_loopback_interface(),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_},
+	       orber_test_lib:js_node([{iiop_port, 0},
+				       {flags, ?ORB_ENV_LOCAL_INTERFACE},
+				       {ip_address, IP}|ExtraSSLOptions])),
+    orber_test_lib:remote_apply(ServerNode, ssl, start, []),
+    orber_test_lib:remote_apply(ServerNode, crypto, start, []),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [Loopback, normal, [{iiop_port, 5648},
+							   {iiop_ssl_port, 5649},
+							   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]])),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE},
+						   {iiop_port, 5648},
+						   {iiop_ssl_port, 5649},
+						   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]),
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [Loopback, ssl, ServerOptions])),
+
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       2, [{iiop_ssl_port, 0}|ExtraSSLOptions]),
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+    orber_test_lib:remote_apply(ClientNode, ssl, start, []),
+    orber_test_lib:remote_apply(ServerNode, crypto, start, []),
+    Obj = ?match(#'IOP_IOR'{},
+		 orber_test_lib:remote_apply(ClientNode, corba,
+					     string_to_object, ["corbaname:iiop:1.1@"++Loopback++":5648/NameService#mamba",
+								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+												  context_data = {configuration, ClientOptions}}]}]])),
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server,
+					   print, [Obj])).
+
+
+ssl_reconfigure_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_reconfigure_generation_3_api(suite) -> [];
-ssl_reconfigure_generation_3_api(_Config) -> 
+ssl_reconfigure_generation_3_api(_Config) ->
     ssl_reconfigure([{ssl_generation, 3}]).
 
+
 ssl_reconfigure(ExtraSSLOptions) ->
 
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, 
-	       orber_test_lib:js_node([{iiop_port, 0}, 
-				       {flags, ?ORB_ENV_LOCAL_INTERFACE}, 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_},
+	       orber_test_lib:js_node([{iiop_port, 0},
+				       {flags, ?ORB_ENV_LOCAL_INTERFACE},
 				       {ip_address, IP}|ExtraSSLOptions])),
     orber_test_lib:remote_apply(ServerNode, ssl, start, []),
     orber_test_lib:remote_apply(ServerNode, crypto, start, []),
-    orber_test_lib:remote_apply(ServerNode, ssl, seed, ["testing"]),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
-    ?match({ok, _}, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, normal, [{iiop_port, 5648},
 							   {iiop_ssl_port, 5649},
 							   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]])),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
-					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE}, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
+					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						   {iiop_port, 5648},
 						   {iiop_ssl_port, 5649},
 						   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]),
-    ?match({ok, _}, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, ssl, ServerOptions])),
 
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       2, [{iiop_ssl_port, 0}|ExtraSSLOptions]),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
     orber_test_lib:remote_apply(ClientNode, ssl, start, []),
     orber_test_lib:remote_apply(ServerNode, crypto, start, []),
-    orber_test_lib:remote_apply(ClientNode, ssl, seed, ["testing"]),
-    Obj = ?match(#'IOP_IOR'{}, 
+    Obj = ?match(#'IOP_IOR'{},
 		 orber_test_lib:remote_apply(ClientNode, corba,
 					     string_to_object, ["corbaname:iiop:1.1@"++Loopback++":5648/NameService#mamba",
-								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 												  context_data = {configuration, ClientOptions}}]}]])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server,
 					   print, [Obj])).
 
 
-
 %%-----------------------------------------------------------------
 %%  API tests for Orber to Java ORB, no security
 %%-----------------------------------------------------------------
 
-%orber_java_api(doc) -> ["ERLANG-ORB <-> JAVA-ORB API tests", 
+%orber_java_api(doc) -> ["ERLANG-ORB <-> JAVA-ORB API tests",
 %			"This case test if data encode/decode (IIOP)",
 %			"produce the correct result, i.e., the test_server echos",
 %			"the input parameter or an exception is raised (MARSHAL)."];
@@ -1741,38 +1856,38 @@ ssl_reconfigure(ExtraSSLOptions) ->
 %% Arguments: Config
 %%            Depth
 %% Returns  : ok
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 ssl_suite(ServerOptions, ClientOptions) ->
 
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
     %% Tell the client to interoperate with the server. The purpose of this
     %% operation is to look up, using NameService, an object reference and
     %% use it to contact the object.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   lookup,
 					   [ServerHost, ServerPort])),
-    
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   alternate_ssl_iiop_address,
 					   [ServerHost, ServerPort, SSLServerPort])),
-    
+
     %% 'This' node is not secure. Contact the server. Must refuse connection.
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		       corba:string_to_object("corbaloc::1.2@"++ServerHost++":"++
 					      integer_to_list(ServerPort)++"/NameService")),
-    
+
     %% Should be 'NO_PERMISSION'??
     ?match({'EXCEPTION',{'COMM_FAILURE',_,_,_}},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["not_exist"]))),
@@ -1782,8 +1897,8 @@ ssl_suite(ServerOptions, ClientOptions) ->
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
 
     %% Uninstall.
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
     ok.
 
@@ -1795,7 +1910,7 @@ setup_connection_timeout_api(suite) -> [];
 setup_connection_timeout_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_backlog, 0)),
     %% Wait to be sure that the configuration has kicked in.
-    timer:sleep(2000),    
+    timer:sleep(2000),
     {ok, Ref, Port} = create_fake_server_ORB(normal, 0, [], listen, []),
     ?match(ok, orber:configure(iiop_setup_connection_timeout, 5)),
     ?match(ok, orber:info(io)),
@@ -1815,7 +1930,7 @@ setup_connection_timeout_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  iiop_setup_connection_timeout API tests for ORB to ORB.
 %%-----------------------------------------------------------------
-setup_multi_connection_timeout_api(doc) -> 
+setup_multi_connection_timeout_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_api(suite) -> [];
 setup_multi_connection_timeout_api(_Config) ->
@@ -1840,7 +1955,7 @@ setup_multi_connection_timeout_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_out_ports, undefined)),
     ok.
 
-setup_multi_connection_timeout_attempts_api(doc) -> 
+setup_multi_connection_timeout_attempts_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_attempts_api(suite) -> [];
 setup_multi_connection_timeout_attempts_api(_Config) ->
@@ -1866,7 +1981,7 @@ setup_multi_connection_timeout_attempts_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_out_ports, undefined)),
     ok.
 
-setup_multi_connection_timeout_random_api(doc) -> 
+setup_multi_connection_timeout_random_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_random_api(suite) -> [];
 setup_multi_connection_timeout_random_api(_Config) ->
@@ -1901,17 +2016,17 @@ bad_giop_header_api(_Config) ->
     orber:configure_override(interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     ?match(ok, orber:info(io)),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     Req = <<"GIOP",1,2,0,100,0,0,0,5,0,0,0,10,50>> ,
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
 				     message_error, [Req])),
-    
+
     application:set_env(orber, interceptors, false),
     orber:configure(orber_debug_level, 0),
     ok.
-    
+
 
 %%-----------------------------------------------------------------
 %%  Fragmented IIOP tests (Server-side).
@@ -1929,34 +2044,34 @@ fragments_server_api(doc) -> ["fragments API tests for server-side ORB."];
 fragments_server_api(suite) -> [];
 fragments_server_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.2@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
 
     Any = #any{typecode = {tk_string,0},
 	       value = "123"},
-    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr, 
+    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr,
 				   value = iop_ior:get_objkey(Obj)},
-    %% Fix a request header. 
+    %% Fix a request header.
     {Hdr, Body, HdrLen, _What, _Flags} =
 	cdr_encode:enc_request_split(
-	  #giop_env{version = {1,2}, objkey = Target, 
+	  #giop_env{version = {1,2}, objkey = Target,
 		    request_id = ?REQUEST_ID,
-		    response_expected = true, 
-		    op = testing_iiop_any, 
-		    parameters = [49], ctx = [], 
-		    tc = {tk_void,[tk_char],[]}, 
+		    response_expected = true,
+		    op = testing_iiop_any,
+		    parameters = [49], ctx = [],
+		    tc = {tk_void,[tk_char],[]},
 		    host = [orber_test_lib:get_host()],
 		    iiop_port = orber:iiop_port(),
 		    iiop_ssl_port = orber:iiop_ssl_port(),
@@ -1971,11 +2086,11 @@ fragments_server_api(_Config) ->
 		<<AligmnetData:Aligned/binary,49>> = Body,
 		list_to_binary([AligmnetData, <<0,0,0,18,0,0,0,0,0,0,0,4,49>> ])
 	end,
-    
+
     MessSize = HdrLen+size(NewBody),
     ReqFrag = list_to_binary([ <<"GIOP",1:8,2:8,2:8,0:8,
 			       MessSize:32/big-unsigned-integer>> , Hdr |NewBody]),
-    ?match(Any, fake_client_ORB(normal, Host, Port, [], fragments, 
+    ?match(Any, fake_client_ORB(normal, Host, Port, [], fragments,
 				[ReqFrag, ?FRAG_2, ?FRAG_3, ?FRAG_4])),
 
     ok.
@@ -1988,9 +2103,9 @@ fragments_max_server_api(suite) -> [];
 fragments_max_server_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_fragments, 2},
-						 {ip_address, IP}])),    
+						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     fragments_max_server(ServerNode, IP, ServerPort).
 
@@ -1999,37 +2114,37 @@ fragments_max_server_added_api(suite) -> [];
 fragments_max_server_added_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     ServerPort = 1 + orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_max_fragments, 2},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, ServerPort}]])),
     fragments_max_server(ServerNode, IP, ServerPort).
 
 fragments_max_server(ServerNode, ServerHost, ServerPort) ->
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 corba:string_to_object("corbaname::1.2@"++ServerHost++":"++
 					integer_to_list(ServerPort)++"/NameService#mamba")),
-    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr, 
+    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr,
 				   value = iop_ior:get_objkey(Obj)},
-    %% Fix a request header. 
+    %% Fix a request header.
     {Hdr, Body, HdrLen, _What, _Flags} =
 	cdr_encode:enc_request_split(
-	  #giop_env{version = {1,2}, 
-		    objkey = Target, 
-		    request_id = ?REQUEST_ID, 
-		    response_expected = true, 
-		    op = testing_iiop_any, 
-		    parameters = [49], ctx = [], 
-		    tc = {tk_void,[tk_char],[]}, 
+	  #giop_env{version = {1,2},
+		    objkey = Target,
+		    request_id = ?REQUEST_ID,
+		    response_expected = true,
+		    op = testing_iiop_any,
+		    parameters = [49], ctx = [],
+		    tc = {tk_void,[tk_char],[]},
 		    host = [orber_test_lib:get_host()],
 		    iiop_port = orber:iiop_port(),
 		    iiop_ssl_port = orber:iiop_ssl_port(),
@@ -2048,8 +2163,8 @@ fragments_max_server(ServerNode, ServerHost, ServerPort) ->
     MessSize = HdrLen+size(NewBody),
     ReqFrag = list_to_binary([ <<"GIOP",1:8,2:8,2:8,0:8,
 			       MessSize:32/big-unsigned-integer>> , Hdr |NewBody]),
-    ?match(#'IMP_LIMIT'{}, 
-	   fake_client_ORB(normal, ServerHost, ServerPort, [], fragments_max, 
+    ?match(#'IMP_LIMIT'{},
+	   fake_client_ORB(normal, ServerHost, ServerPort, [], fragments_max,
 			   [ReqFrag, ?FRAG_2, ?FRAG_3, ?FRAG_4])),
 
     ok.
@@ -2065,11 +2180,11 @@ fragments_client_api(_Config) ->
     application:set_env(orber, interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     orber:info(),
-    IOR = ?match({'IOP_IOR',_,_}, 
-		       iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", 
+    IOR = ?match({'IOP_IOR',_,_},
+		       iop_ior:create_external({1, 2}, "IDL:FAKE:1.0",
 					       "localhost", 6004, "FAKE", [])),
-    spawn(?MODULE, create_fake_server_ORB, [normal, 6004, [], fragments, 
-					    [?REPLY_FRAG_1, ?FRAG_2, 
+    spawn(?MODULE, create_fake_server_ORB, [normal, 6004, [], fragments,
+					    [?REPLY_FRAG_1, ?FRAG_2,
 					     ?FRAG_3, ?FRAG_4]]),
     ?match({ok, Any}, orber_test_server:testing_iiop_any(IOR, Any)),
     application:set_env(orber, interceptors, false),
@@ -2085,16 +2200,16 @@ bad_fragment_id_client_api(_Config) ->
     application:set_env(orber, interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     orber:info(),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     Req = <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,100,50>> ,
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
 			       message_error, [Req])),
-    
+
     application:set_env(orber, interceptors, false),
     orber:configure(orber_debug_level, 0),
-    
+
     ok.
 
 %%-----------------------------------------------------------------
@@ -2102,22 +2217,22 @@ bad_fragment_id_client_api(_Config) ->
 %%-----------------------------------------------------------------
 bad_id_cancel_request_api(doc) -> ["Description", "more description"];
 bad_id_cancel_request_api(suite) -> [];
-bad_id_cancel_request_api(Config) when is_list(Config) ->   
-    Req10 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 0}, 
+bad_id_cancel_request_api(Config) when is_list(Config) ->
+    Req10 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 0},
 						    request_id = 556}),
-    Req11 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 1}, 
+    Req11 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 1},
 						    request_id = 556}),
-    Req12 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 2}, 
+    Req12 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 2},
 						    request_id = 556}),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req10])),    
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req11])),    
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req12])),    
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req10])),
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req11])),
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req12])),
     ok.
 
 %%-----------------------------------------------------------------
@@ -2133,141 +2248,141 @@ pseudo_calls(0, _) ->
 pseudo_calls(Times, Obj) ->
     orber_test_server:pseudo_call(Obj),
     New = Times - 1,
-    pseudo_calls(New, Obj). 
+    pseudo_calls(New, Obj).
 pseudo_casts(0, _) ->
     ok;
 pseudo_casts(Times, Obj) ->
     orber_test_server:pseudo_cast(Obj),
     New = Times - 1,
-    pseudo_casts(New, Obj). 
+    pseudo_casts(New, Obj).
 
 context_test(Obj) ->
-    CodeSetCtx = #'CONV_FRAME_CodeSetContext'{char_data =  65537, 
+    CodeSetCtx = #'CONV_FRAME_CodeSetContext'{char_data =  65537,
 					      wchar_data = 65801},
     FTGrp = #'FT_FTGroupVersionServiceContext'{object_group_ref_version = ?ULONGMAX},
-    FTReq = #'FT_FTRequestServiceContext'{client_id = "ClientId", 
-					  retention_id = ?LONGMAX, 
+    FTReq = #'FT_FTRequestServiceContext'{client_id = "ClientId",
+					  retention_id = ?LONGMAX,
 					  expiration_time = ?ULONGLONGMAX},
 
-    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, 
+    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent,
 				    value = true},
-    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, 
+    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous,
 				    value = false},
-    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, 
+    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName,
 				    value = [0,255]},
-    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, 
+    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain,
 				    value = [1,255]},
-    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, 
+    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName,
 				    value = [2,255]},
-    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, 
+    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX,
 				    value = [3,255]},
 
     MTEstablishContext1 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken1, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken1,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext2 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken2, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken2,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext3 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken3, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken3,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext4 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken4, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken4,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext5 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken5, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken5,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext6 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken6, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken6,
 				       client_authentication_token = [1, 255]}},
     MTCompleteEstablishContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTCompleteEstablishContext, 
-       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTCompleteEstablishContext,
+       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX,
 					       context_stateful = false,
 					       final_context_token = [1, 255]}},
     MTContextError = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTContextError, 
+      {label = ?CSI_MsgType_MTContextError,
        value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX,
-				   major_status = 1, 
-				   minor_status = 2, 
+				   major_status = 1,
+				   minor_status = 2,
 				   error_token = [2,255]}},
     MTMessageInContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTMessageInContext, 
-       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTMessageInContext,
+       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX,
 				       discard_context = true}},
-    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_CodeSets, 
+    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_CodeSets,
 				 context_data = CodeSetCtx},
-	   #'IOP_ServiceContext'{context_id=?IOP_FT_GROUP_VERSION, 
+	   #'IOP_ServiceContext'{context_id=?IOP_FT_GROUP_VERSION,
 				 context_data = FTGrp},
-	   #'IOP_ServiceContext'{context_id=?IOP_FT_REQUEST, 
+	   #'IOP_ServiceContext'{context_id=?IOP_FT_REQUEST,
 				 context_data = FTReq},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext1},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext2},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext3},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext4},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext5},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext6},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTCompleteEstablishContext},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTContextError},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTMessageInContext},
-	   #'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+	   #'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 				 context_data = {any_kind_of_data, {127,0,0,1}, 4001}}],
     ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])).
 
 
 create_fake_server_ORB(Type, Port, Options, listen, _Data) ->
     {ok, _ListenSocket, NewPort} =
-	orber_socket:listen(Type, Port, 
+	orber_socket:listen(Type, Port,
 			    [{backlog, 0}, {active, false}|Options]),
     Socket = orber_socket:connect(Type, 'localhost', NewPort, [{active, false}|Options]),
     {ok, {Type, Socket}, NewPort};
 create_fake_server_ORB(Type, Port, Options, Action, Data) ->
-    {ok, ListenSocket, _NewPort} = 
+    {ok, ListenSocket, _NewPort} =
 	orber_socket:listen(Type, Port, [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     do_server_action(Type, Socket, Action, Data),
@@ -2301,14 +2416,14 @@ do_client_action(Type, Socket, fragments, FragList) ->
     ok = send_data(Type, Socket, FragList),
     timer:sleep(3000),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Par;
 do_client_action(Type, Socket, fragments_max, FragList) ->
     ok = send_data(Type, Socket, FragList),
     timer:sleep(3000),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Exc;
 do_client_action(Type, Socket, message_error, Data) ->
@@ -2325,4 +2440,4 @@ send_data(_Type, _Socket, []) ->
 send_data(Type, Socket, [H|T]) ->
     orber_socket:write(Type, Socket, H),
     send_data(Type, Socket, T).
-    
+
diff --git a/lib/orber/test/orber_acl_SUITE.erl b/lib/orber/test/orber_acl_SUITE.erl
index b43a00be19..49107cde84 100644
--- a/lib/orber/test/orber_acl_SUITE.erl
+++ b/lib/orber/test/orber_acl_SUITE.erl
@@ -80,7 +80,7 @@ end_per_group(_GroupName, Config) ->
 %%-----------------------------------------------------------------
 init_per_suite(Config) ->
     if
-        list(Config) ->
+        is_list(Config) ->
             Config;
         true ->
             exit("Config not a list")
diff --git a/lib/orber/test/orber_nat_SUITE.erl b/lib/orber/test/orber_nat_SUITE.erl
index 625f168520..ee31b162c2 100644
--- a/lib/orber/test/orber_nat_SUITE.erl
+++ b/lib/orber/test/orber_nat_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 2006-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 %%
@@ -50,14 +50,15 @@
 %%-----------------------------------------------------------------
 %% External exports
 %%-----------------------------------------------------------------
--export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
+-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
 	 init_per_suite/1, end_per_suite/1,
-	 init_per_testcase/2, end_per_testcase/2, 
+	 init_per_testcase/2, end_per_testcase/2,
 	 nat_ip_address/1, nat_ip_address_multiple/1,
 	 nat_ip_address_local/1, nat_ip_address_local_local/1,
 	 nat_iiop_port/1, nat_iiop_port_local/1,
-	 nat_iiop_port_local_local/1, nat_iiop_ssl_port/1,
-	 nat_iiop_ssl_port_local/1]).
+	 nat_iiop_port_local_local/1,
+	 nat_iiop_ssl_port_old/1, nat_iiop_ssl_port_local_old/1,
+	 nat_iiop_ssl_port/1, nat_iiop_ssl_port_local/1]).
 
 
 %%-----------------------------------------------------------------
@@ -66,15 +67,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -84,25 +85,38 @@ end_per_group(_GroupName, Config) ->
     Config.
 
 
-cases() -> 
-    [nat_ip_address, nat_ip_address_multiple,
-     nat_ip_address_local, nat_iiop_port,
-     nat_iiop_port_local, nat_ip_address_local_local,
-     nat_iiop_port_local_local, nat_iiop_ssl_port,
+cases() ->
+    [nat_ip_address,
+     nat_ip_address_multiple,
+     nat_ip_address_local,
+     nat_iiop_port,
+     nat_iiop_port_local,
+     nat_ip_address_local_local,
+     nat_iiop_port_local_local,
+     nat_iiop_ssl_port_old,
+     nat_iiop_ssl_port_local_old,
+     nat_iiop_ssl_port,
      nat_iiop_ssl_port_local].
 
 %%-----------------------------------------------------------------
 %% Init and cleanup functions.
 %%-----------------------------------------------------------------
-init_per_testcase(TC, Config) 
+init_per_testcase(TC, Config)
  when TC =:= nat_iiop_ssl_port;
-      TC =:= nat_iiop_ssl_port_local ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL not installed!"};
-	_ ->
-	    init_per_testcase(dummy_tc, Config)
-    end;
+      TC =:= nat_iiop_ssl_port_local;
+      TC =:= nat_iiop_ssl_port_old;
+      TC =:= nat_iiop_ssl_port_local_old ->
+      case  ?config(crypto_started, Config) of
+	  true ->
+	      case orber_test_lib:ssl_version() of
+		  no_ssl ->
+		      {skip,"SSL not installed!"};
+		  _ ->
+		      init_per_testcase(dummy_tc, Config)
+	      end;
+	  false ->
+	      {skip, "Crypto did not start"}
+      end;
 init_per_testcase(_Case, Config) ->
     Path = code:which(?MODULE),
     code:add_pathz(filename:join(filename:dirname(Path), "idl_output")),
@@ -125,12 +139,18 @@ end_per_testcase(_Case, Config) ->
 init_per_suite(Config) ->
     if
 	is_list(Config) ->
-	    Config;
+            try crypto:start() of
+                ok ->
+		    [{crypto_started, true} | Config]
+            catch _:_ ->
+	       [{crypto_started, false} | Config]
+            end;
 	true ->
 	    exit("Config not a list")
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),    
     Config.
 
 %%-----------------------------------------------------------------
@@ -143,13 +163,13 @@ nat_ip_address(suite) -> [];
 nat_ip_address(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, Loopback}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -158,14 +178,14 @@ nat_ip_address_multiple(doc) -> ["This case test if the server ORB use the corre
 nat_ip_address_multiple(suite) -> [];
 nat_ip_address_multiple(_Config) ->
     IP = orber_test_lib:get_host(),
-   
-    {ok, ServerNode, _ServerHost} = 
+
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, {multiple, ["10.0.0.1"]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -174,13 +194,13 @@ nat_ip_address_local(doc) -> ["This case test if the server ORB use the correct"
 nat_ip_address_local(suite) -> [];
 nat_ip_address_local(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, {local, "10.0.0.1", [{IP, "127.0.0.1"}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -190,19 +210,19 @@ nat_ip_address_local_local(suite) -> [];
 nat_ip_address_local_local(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 
-						  (?ORB_ENV_LOCAL_INTERFACE bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags,
+						  (?ORB_ENV_LOCAL_INTERFACE bor
 						   ?ORB_ENV_ENABLE_NAT)},
 						 {nat_ip_address, {local, "10.0.0.1", [{IP, "10.0.0.2"}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR1 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.2", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.2", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     IOR2 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ok.
 
@@ -211,13 +231,13 @@ nat_iiop_port(doc) -> ["This case test if the server ORB use the correct",
 nat_iiop_port(suite) -> [];
 nat_iiop_port(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_iiop_port, 42}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -226,13 +246,13 @@ nat_iiop_port_local(doc) -> ["This case test if the server ORB use the correct",
 nat_iiop_port_local(suite) -> [];
 nat_iiop_port_local(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_iiop_port, {local, 42, [{4001, 43}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -242,27 +262,27 @@ nat_iiop_port_local_local(suite) -> [];
 nat_iiop_port_local_local(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 
-						  (?ORB_ENV_LOCAL_INTERFACE bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags,
+						  (?ORB_ENV_LOCAL_INTERFACE bor
 						   ?ORB_ENV_ENABLE_NAT)},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, [nat_iiop_port, {local, 42, [{ServerPort, 43}]}]),
     IOR1 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, 43, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, 43, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     {ok, Ref} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal, 10088])),
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":10088/NameService")),
-    ?match({'external', {IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
@@ -271,103 +291,204 @@ nat_iiop_port_local_local(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 1
 %%-----------------------------------------------------------------
 
-nat_iiop_ssl_port(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+nat_iiop_ssl_port_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+			   "Make sure NAT works for SSL"];
+nat_iiop_ssl_port_old(suite) -> [];
+nat_iiop_ssl_port_old(_Config) ->
+
+    IP = orber_test_lib:get_host(),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{iiop_ssl_port, 0},
+						   {flags, ?ORB_ENV_ENABLE_NAT},
+						   {ip_address, IP}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{iiop_ssl_port, 0}]),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
+    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
+    SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+    NATSSLServerPort = SSLServerPort+1,
+    {ok, Ref} = ?match({ok, _},
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
+						   [IP, ssl, NATSSLServerPort])),
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
+				 {local, NATSSLServerPort, [{4001, 43}]}]),
+
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
+					      string_to_object,
+					      ["corbaname::1.2@"++IP++":"++
+						   integer_to_list(ServerPort)++"/NameService#mamba"])),
+
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
+	   iop_ior:get_key(IOR1)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
+					   [ssl])),
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       remove_listen_interface, [Ref])),
+    ok.
+
+nat_iiop_ssl_port_local_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+				 "Make sure NAT works for SSL"];
+nat_iiop_ssl_port_local_old(suite) -> [];
+nat_iiop_ssl_port_local_old(_Config) ->
+
+    IP = orber_test_lib:get_host(),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{iiop_ssl_port, 0},
+						   {flags,
+						    (?ORB_ENV_LOCAL_INTERFACE bor
+							 ?ORB_ENV_ENABLE_NAT)},
+						   {ip_address, IP}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{iiop_ssl_port, 0}]),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
+    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
+    SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+    NATSSLServerPort = SSLServerPort+1,
+    {ok, Ref} = ?match({ok, _},
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
+						   [IP, ssl, NATSSLServerPort])),
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
+				 {local, NATSSLServerPort, [{NATSSLServerPort, NATSSLServerPort}]}]),
+
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
+					      string_to_object,
+					      ["corbaname::1.2@"++IP++":"++
+						   integer_to_list(ServerPort)++"/NameService#mamba"])),
+
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
+	   iop_ior:get_key(IOR1)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
+					   [ssl])),
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       remove_listen_interface, [Ref])),
+    ok.
+
+
+nat_iiop_ssl_port(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			   "Make sure NAT works for SSL"];
 nat_iiop_ssl_port(suite) -> [];
 nat_iiop_ssl_port(_Config) ->
 
     IP = orber_test_lib:get_host(),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0},
 						   {flags, ?ORB_ENV_ENABLE_NAT},
 						   {ip_address, IP}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
     NATSSLServerPort = SSLServerPort+1,
     {ok, Ref} = ?match({ok, _},
-		       orber_test_lib:remote_apply(ServerNode, orber, 
-						   add_listen_interface, 
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
 						   [IP, ssl, NATSSLServerPort])),
-    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, 
-				[nat_iiop_ssl_port, 
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
 				 {local, NATSSLServerPort, [{4001, 43}]}]),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
 
-    IOR1 = ?match(#'IOP_IOR'{}, 
-		  orber_test_lib:remote_apply(ClientNode, corba, 
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
 					      string_to_object,
 					      ["corbaname::1.2@"++IP++":"++
 						   integer_to_list(ServerPort)++"/NameService#mamba"])),
 
-    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP, 
-			 #host_data{protocol = ssl, 
-				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}}, 
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
 	   iop_ior:get_key(IOR1)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
-nat_iiop_ssl_port_local(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+nat_iiop_ssl_port_local(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 				 "Make sure NAT works for SSL"];
 nat_iiop_ssl_port_local(suite) -> [];
 nat_iiop_ssl_port_local(_Config) ->
 
     IP = orber_test_lib:get_host(),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0},
-						   {flags, 
-						    (?ORB_ENV_LOCAL_INTERFACE bor 
+						   {flags,
+						    (?ORB_ENV_LOCAL_INTERFACE bor
 							 ?ORB_ENV_ENABLE_NAT)},
 						   {ip_address, IP}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
     NATSSLServerPort = SSLServerPort+1,
     {ok, Ref} = ?match({ok, _},
-		       orber_test_lib:remote_apply(ServerNode, orber, 
-						   add_listen_interface, 
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
 						   [IP, ssl, NATSSLServerPort])),
-    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, 
-				[nat_iiop_ssl_port, 
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
 				 {local, NATSSLServerPort, [{NATSSLServerPort, NATSSLServerPort}]}]),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
 
-    IOR1 = ?match(#'IOP_IOR'{}, 
-		  orber_test_lib:remote_apply(ClientNode, corba, 
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
 					      string_to_object,
 					      ["corbaname::1.2@"++IP++":"++
 						   integer_to_list(ServerPort)++"/NameService#mamba"])),
 
-    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP, 
-			 #host_data{protocol = ssl, 
-				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}}, 
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
 	   iop_ior:get_key(IOR1)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
diff --git a/lib/orber/test/orber_test_lib.erl b/lib/orber/test/orber_test_lib.erl
index ffc13d0e3c..0ddde49cd6 100644
--- a/lib/orber/test/orber_test_lib.erl
+++ b/lib/orber/test/orber_test_lib.erl
@@ -41,28 +41,31 @@
 	       end
        end()).
 
--export([js_node/2, 
+-export([js_node/2,
 	 js_node/1,
 	 js_node/0,
-	 slave_sup/0, 
-	 remote_apply/4, 
+	 slave_sup/0,
+	 remote_apply/4,
 	 install_test_data/1,
 	 light_tests/3,
-	 uninstall_test_data/1, 
-	 destroy_node/2, 
+	 uninstall_test_data/1,
+	 destroy_node/2,
 	 lookup/2,
 	 alternate_iiop_address/2,
 	 create_alternate_iiop_address/2,
 	 alternate_ssl_iiop_address/3,
 	 create_alternate_ssl_iiop_address/3,
-	 test_coding/1, 
-	 test_coding/2, 
-	 corba_object_tests/2, 
+	 test_coding/1,
+	 test_coding/2,
+	 corba_object_tests/2,
 	 timeouts/3,
 	 precond/3,
 	 postcond/4,
 	 oe_get_interface/0,
 	 create_components_IOR/1,
+	 get_options_old/2,
+	 get_options_old/3,
+	 get_options_old/4,
 	 get_options/2,
 	 get_options/3,
 	 get_options/4,
@@ -89,13 +92,13 @@
 
 %%------------------------------------------------------------
 %% function : ssl_version
-%% Arguments: 
+%% Arguments:
 %% Returns  : integer()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 ssl_version() ->
-    try 
+    try
 	ssl:module_info(),
 	case catch erlang:system_info(otp_release) of
 	    Version when is_list(Version) ->
@@ -114,10 +117,10 @@ ssl_version() ->
 
 %%------------------------------------------------------------
 %% function : version_ok
-%% Arguments: 
+%% Arguments:
 %% Returns  : true | {skipped, Reason}
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 version_ok() ->
     {ok, Hostname} = inet:gethostname(),
@@ -151,8 +154,8 @@ version_ok() ->
 %% function : get_host
 %% Arguments: Family - inet | inet6
 %% Returns  : string()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 get_host() ->
     get_host(inet).
@@ -172,13 +175,13 @@ get_host(Family) ->
 	    [IP] = ?match([_], orber:host()),
 	    IP
     end.
-  
+
 %%------------------------------------------------------------
 %% function : get_loopback_interface
 %% Arguments: Family - inet | inet6
 %% Returns  : string()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 get_loopback_interface() ->
     get_loopback_interface(inet).
@@ -193,12 +196,12 @@ get_loopback_interface(Family) ->
 		_ when Family == inet ->
 		    "127.0.0.1";
 		_ ->
-		    "0:0:0:0:0:FFFF:7F00:0001" 
+		    "0:0:0:0:0:FFFF:7F00:0001"
 	    end;
 	_ when Family == inet ->
 	    "127.0.0.1";
 	_ ->
-	    "0:0:0:0:0:FFFF:7F00:0001" 
+	    "0:0:0:0:0:FFFF:7F00:0001"
     end.
 
 %%------------------------------------------------------------
@@ -220,7 +223,7 @@ js_node(InitOptions, StartOptions) when is_list(InitOptions) ->
     {A,B,C} = erlang:now(),
     [_, Host] = string:tokens(atom_to_list(node()), [$@]),
     _NewInitOptions = check_options(InitOptions),
-    js_node_helper(Host, 0, lists:concat([A,'_',B,'_',C]), 
+    js_node_helper(Host, 0, lists:concat([A,'_',B,'_',C]),
 		   InitOptions, 10, StartOptions).
 
 js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
@@ -234,8 +237,8 @@ js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
 		    ok = rpc:call(NewNode, file, set_cwd, [Cwd]),
 		    true = rpc:call(NewNode, code, set_path, [Path]),
 		    rpc:call(NewNode, application, load, [orber]),
-		    ok = rpc:call(NewNode, corba, orb_init, 
-				  [[{iiop_port, Port}, 
+		    ok = rpc:call(NewNode, corba, orb_init,
+				  [[{iiop_port, Port},
 				    {orber_debug_level, 10}|Options]]),
 		    start_orber(StartOptions, NewNode),
 		    spawn_link(NewNode, ?MODULE, slave_sup, []),
@@ -247,8 +250,8 @@ js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
 	    end;
         {error, Reason} when Retries == 0 ->
             {error, Reason};
-        {error, Reason} ->          
-            io:format("Could not start slavenode ~p:~p due to: ~p~n", 
+        {error, Reason} ->
+            io:format("Could not start slavenode ~p:~p due to: ~p~n",
                       [Host, Port, Reason]),
             timer:sleep(500),
 	    js_node_helper(Host, Port, Name, Options, Retries-1, StartOptions)
@@ -285,7 +288,7 @@ starter(Host, Name, Args) ->
 slave_sup() ->
     process_flag(trap_exit, true),
     receive
-        {'EXIT', _, _} -> 
+        {'EXIT', _, _} ->
             case os:type() of
                 vxworks ->
                     erlang:halt();
@@ -296,8 +299,7 @@ slave_sup() ->
 
 start_ssl(true, Node) ->
     rpc:call(Node, ssl, start, []),
-    rpc:call(Node, crypto, start, []),
-    rpc:call(Node, ssl, seed, ["testing"]);
+    rpc:call(Node, crypto, start, []);
 start_ssl(_, _) ->
     ok.
 
@@ -310,68 +312,106 @@ start_orber(lightweight, Node) ->
 start_orber(_, Node) ->
     ok = rpc:call(Node, orber, jump_start, []).
 
-
 %%-----------------------------------------------------------------
 %% Type    - ssl | iiop_ssl
 %% Role    - 'server' | 'client'
 %% Options - [{Key, Value}]
 %%-----------------------------------------------------------------
-get_options(Type, Role) -> 
-    get_options(Type, Role, 2, []).
+get_options_old(Type, Role) ->
+    get_options_old(Type, Role, 2, []).
 
-get_options(ssl, Role, Level) -> 
-    get_options(ssl, Role, Level, []).
+get_options_old(ssl, Role, Level) ->
+    get_options_old(ssl, Role, Level, []).
 
-get_options(ssl, Role, 2, Options) -> 
+get_options_old(ssl, Role, 2, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{depth, 2},
      {verify, 2},
      {keyfile, filename:join([Dir, Role, "key.pem"])},
-     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])}, 
-     {certfile, filename:join([Dir, Role, "cert.pem"])}|Options];
-get_options(iiop_ssl, _Role, 2, Options) ->
+     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])},
+     {certfile, filename:join([Dir, Role, "cert.pem"])} |Options];
+get_options_old(iiop_ssl, _Role, 2, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{ssl_server_depth, 2},
      {ssl_server_verify, 2},
      {ssl_server_certfile, filename:join([Dir, "server", "cert.pem"])},
-     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
+     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
      {ssl_server_keyfile, filename:join([Dir, "server", "key.pem"])},
      {ssl_client_depth, 2},
      {ssl_client_verify, 2},
      {ssl_client_certfile, filename:join([Dir, "client", "cert.pem"])},
-     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
+     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
      {ssl_client_keyfile, filename:join([Dir, "client", "key.pem"])},
-     {secure, ssl}|Options];
-get_options(iiop_ssl, _Role, 1, Options) ->
+     {secure, ssl} |Options];
+get_options_old(iiop_ssl, _Role, 1, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{ssl_server_depth, 1},
      {ssl_server_verify, 0},
      {ssl_server_certfile, filename:join([Dir, "server", "cert.pem"])},
-     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
+     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
      {ssl_server_keyfile, filename:join([Dir, "server", "key.pem"])},
      {ssl_client_depth, 1},
      {ssl_client_verify, 0},
      {ssl_client_certfile, filename:join([Dir, "client", "cert.pem"])},
-     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
+     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
      {ssl_client_keyfile, filename:join([Dir, "client", "key.pem"])},
-     {secure, ssl}|Options].
+     {secure, ssl} |Options].
 
+get_options(Type, Role) ->
+    get_options(Type, Role, 2, []).
+
+get_options(ssl, Role, Level) ->
+    get_options(ssl, Role, Level, []).
+
+get_options(ssl, Role, 2, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{depth, 2},
+     {verify, 2},
+     {keyfile, filename:join([Dir, Role, "key.pem"])},
+     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])},
+     {certfile, filename:join([Dir, Role, "cert.pem"])} |Options];
+get_options(iiop_ssl, _Role, 2, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{ssl_server_options, [{depth, 2},
+			{verify, 2},
+			{certfile, filename:join([Dir, "server", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "server", "key.pem"])}]},
+     {ssl_client_options, [{depth, 2},
+			{verify, 2},
+			{certfile, filename:join([Dir, "client", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "client", "key.pem"])}]},
+     {secure, ssl} |Options];
+get_options(iiop_ssl, _Role, 1, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{ssl_server_options, [{depth, 1},
+			{verify, 0},
+			{certfile, filename:join([Dir, "server", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "server", "key.pem"])}]},
+     {ssl_client_options, [{depth, 1},
+			{verify, 0},
+			{certfile, filename:join([Dir, "client", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "client", "key.pem"])}]},
+     {secure, ssl} |Options].
 
 create_paths() ->
     Path = filename:dirname(code:which(?MODULE)),
     " -pa " ++ Path ++ " -pa " ++
-        filename:join(Path, "idl_output") ++ 
+        filename:join(Path, "idl_output") ++
 	" -pa " ++
-        filename:join(Path, "all_SUITE_data") ++ 
-        " -pa " ++ 
+        filename:join(Path, "all_SUITE_data") ++
+        " -pa " ++
         filename:dirname(code:which(orber)).
 
 %%------------------------------------------------------------
 %% function : destroy_node
 %% Arguments: Node - which node to destroy.
 %%            Type - normal | ssl
-%% Returns  : 
-%% Effect   : 
+%% Returns  :
+%% Effect   :
 %%------------------------------------------------------------
 
 destroy_node(Node, Type) ->
@@ -385,13 +425,13 @@ stopper(Node, _Type) ->
             slave:stop(Node)
     end.
 
-  
+
 %%------------------------------------------------------------
 %% function : remote_apply
 %% Arguments: N - Node, M - Module,
 %%            F - Function, A - Arguments (list)
-%% Returns  : 
-%% Effect   : 
+%% Returns  :
+%% Effect   :
 %%------------------------------------------------------------
 remote_apply(N, M,F,A) ->
     case rpc:call(N, M, F, A) of
@@ -412,7 +452,7 @@ remote_apply(N, M,F,A) ->
 
 install_test_data(nameservice) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     true = corba:add_initial_service("Mamba", Mamba),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
@@ -421,7 +461,7 @@ install_test_data(nameservice) ->
 
 install_test_data({nameservice, AltAddr, AltPort}) ->
     oe_orber_test_server:oe_register(),
-    Obj = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Obj = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     Mamba = corba:add_alternate_iiop_address(Obj, AltAddr, AltPort),
     true = corba:add_initial_service("Mamba", Mamba),
     NS = corba:resolve_initial_references("NameService"),
@@ -431,8 +471,8 @@ install_test_data({nameservice, AltAddr, AltPort}) ->
 
 install_test_data(timeout) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], {local, mamba}), 
-    Viper = orber_test_timeout_server:oe_create([], {local, viper}), 
+    Mamba = orber_test_server:oe_create([], {local, mamba}),
+    Viper = orber_test_timeout_server:oe_create([], {local, viper}),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N1 = lname:insert_component(lname:create(), 1, NC1),
@@ -451,7 +491,7 @@ install_test_data(pseudo) ->
 
 install_test_data(ssl) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N = lname:insert_component(lname:create(), 1, NC1),
@@ -459,7 +499,7 @@ install_test_data(ssl) ->
 
 install_test_data(ssl_simple) ->
     oe_orber_test_server:oe_register();
-    
+
 install_test_data(light) ->
     %% Nothing to do at the moment but we might in the future
     ok;
@@ -480,7 +520,7 @@ uninstall_test_data(pseudo) ->
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N = lname:insert_component(lname:create(), 1, NC1),
     _Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(timeout) ->
@@ -494,7 +534,7 @@ uninstall_test_data(timeout) ->
     Viper = (catch 'CosNaming_NamingContext':resolve(NS, N2)),
     catch corba:dispose(Mamba),
     catch corba:dispose(Viper),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(nameservice) ->
@@ -504,7 +544,7 @@ uninstall_test_data(nameservice) ->
     N = lname:insert_component(lname:create(), 1, NC1),
     Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
     catch corba:dispose(Obj),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(ssl) ->
@@ -513,7 +553,7 @@ uninstall_test_data(ssl) ->
     N = lname:insert_component(lname:create(), 1, NC1),
     Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
     catch corba:dispose(Obj),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(ssl_simple) ->
@@ -531,27 +571,27 @@ uninstall_test_data(_) ->
 %% Arguments: TestServerObj a orber_test_server ref
 %%            OtherObj - any other Orber object.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 corba_object_tests(TestServerObj, OtherObj) ->
-    ?match(false,  
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:orber_parent/inherrit:1.0")),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_parent/inherrit:1.0")),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_test/server:1.0")),
-    ?match(false,  
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:orber_test/server:1.0")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_parent/inherrit:1.1")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "NotValidIFRID")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_nil(TestServerObj)),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_equivalent(OtherObj,TestServerObj)),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_equivalent(TestServerObj,TestServerObj)),
     ?match(false, corba_object:non_existent(TestServerObj)),
     ?match(false, corba_object:not_existent(TestServerObj)),
@@ -563,32 +603,32 @@ corba_object_tests(TestServerObj, OtherObj) ->
 %% function : lookup
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 lookup(Host, Port) ->
     Key = Host++":"++integer_to_list(Port),
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
 						  ["iiop://"++Key]),
 
     NC1 = lname_component:set_id(lname_component:create(), "not_exist"),
     N1 =  lname:insert_component(lname:create(), 1, NC1),
     ?match({'EXCEPTION',{'CosNaming_NamingContext_NotFound',_,_,_}},
 	   'CosNaming_NamingContext':resolve(NSR, N1)),
-    
+
     NC2 = lname_component:set_id(lname_component:create(), "mamba"),
     N2  = lname:insert_component(lname:create(), 1, NC2),
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, N2)),
     orber_test_server:print(Obj),
-    Obj2 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj2 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		  corba:string_to_object("corbaname:iiop:1.1@"++Key++"/NameService#mamba")),
-    
+
     orber_test_server:print(Obj2),
 
-    NSR2 = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_}, 
+    NSR2 = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		  corba:string_to_object("corbaloc:iiop:1.1@"++Key++"/NameService")),
-    Obj3 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj3 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		  'CosNaming_NamingContext':resolve(NSR2, N2)),
     orber_test_server:print(Obj3).
 
@@ -596,11 +636,11 @@ lookup(Host, Port) ->
 %% function : alternate_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 alternate_iiop_address(Host, Port) ->
     IOR = create_alternate_iiop_address(Host, Port),
-    
+
     ?match(false, corba_object:non_existent(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR, 10000)),
@@ -610,145 +650,145 @@ alternate_iiop_address(Host, Port) ->
 %% function : create_alternate_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_alternate_iiop_address(Host, Port) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = Port}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}}],
     #'IOP_IOR'{type_id=TypeID,
-	       profiles=P1} = _IORA = iop_ior:create({1,2}, 
+	       profiles=P1} = _IORA = iop_ior:create({1,2},
 						     "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-						     [Host], 8000, -1, 
+						     [Host], 8000, -1,
 						     "NameService", MC, 0, 0),
-    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create({1,1}, 
+    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create({1,1},
 						     "IDL:omg.org/CosNaming/NamingContextExt:1.0",
 						     [Host], 8000, -1,
 						     "NameService", [], 0, 0),
     #'IOP_IOR'{type_id=TypeID, profiles=P2++P1}.
-    
+
 
 %%------------------------------------------------------------
 %% function : create_components_IOR
-%% Arguments: 
+%% Arguments:
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_components_IOR(Version) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = "127.0.0.1", 
+				   'HostID' = "127.0.0.1",
 				   'Port' = 4001}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS, 
-				 component_data = #'SSLIOP_SSL'{target_supports = 0, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS,
+				 component_data = #'SSLIOP_SSL'{target_supports = 0,
 								target_requires = 1,
 								port = 2}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_GROUP, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_GROUP,
+				 component_data =
 				 #'FT_TagFTGroupTaggedComponent'
-				 {version = #'GIOP_Version'{major = 1, 
-							    minor = 2}, 
-				  ft_domain_id = "FT_FTDomainId",		
+				 {version = #'GIOP_Version'{major = 1,
+							    minor = 2},
+				  ft_domain_id = "FT_FTDomainId",
 				  object_group_id = ?ULONGLONGMAX,
 				  object_group_ref_version = ?LONGMAX}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_PRIMARY, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_PRIMARY,
+				 component_data =
 				 #'FT_TagFTPrimaryTaggedComponent'{primary = true}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_HEARTBEAT_ENABLED, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_HEARTBEAT_ENABLED,
+				 component_data =
 				 #'FT_TagFTHeartbeatEnabledTaggedComponent'{heartbeat_enabled = true}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST,
+				 component_data =
 				 #'CSIIOP_CompoundSecMechList'
 				 {stateful = false,
-				  mechanism_list = 
+				  mechanism_list =
 				  [#'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_TLS_SEC_TRANS,
 				     component_data=#'CSIIOP_TLS_SEC_TRANS'
-				    {target_supports = 7, 
-				     target_requires = 8, 
-				     addresses = 
-				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1", 
+				    {target_supports = 7,
+				     target_requires = 8,
+				     addresses =
+				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1",
 								 port = 6001}]}},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}},
 				   #'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_NULL_TAG,
 				     component_data=[]},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}},
 				   #'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_SECIOP_SEC_TRANS,
 				     component_data=#'CSIIOP_SECIOP_SEC_TRANS'
-				    {target_supports = 7, 
-				     target_requires = 8, 
+				    {target_supports = 7,
+				     target_requires = 8,
 				     mech_oid = [0,255],
 				     target_name = [0,255],
-				     addresses = 
-				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1", 
+				     addresses =
+				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1",
 								 port = 6001}]}},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}}]}}],
     iop_ior:create(Version, "IDL:omg.org/CosNaming/NamingContextExt:1.0",
@@ -760,11 +800,11 @@ create_components_IOR(Version) ->
 %% function : alternate_ssl_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 alternate_ssl_iiop_address(Host, Port, SSLPort) ->
     IOR = create_alternate_ssl_iiop_address(Host, Port, SSLPort),
-    
+
     ?match(false, corba_object:non_existent(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR, 10000)),
@@ -775,37 +815,37 @@ alternate_ssl_iiop_address(Host, Port, SSLPort) ->
 %% function : create_alternate_ssl_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_alternate_ssl_iiop_address(Host, Port, SSLPort) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = Port}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag=?TAG_SSL_SEC_TRANS, 
-				 component_data=#'SSLIOP_SSL'{target_supports = 2, 
-							      target_requires = 2, 
+	  #'IOP_TaggedComponent'{tag=?TAG_SSL_SEC_TRANS,
+				 component_data=#'SSLIOP_SSL'{target_supports = 2,
+							      target_requires = 2,
 							      port = SSLPort}}],
     #'IOP_IOR'{type_id=TypeID,
-	       profiles=P1} = _IORA = iop_ior:create_external({1,2}, 
+	       profiles=P1} = _IORA = iop_ior:create_external({1,2},
 							      "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-							      Host, 8000, 
+							      Host, 8000,
 							      "NameService", MC),
-    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create_external({1,1}, 
+    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create_external({1,1},
 							      "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-							      Host, 8000, 
+							      Host, 8000,
 							      "NameService", []),
     #'IOP_IOR'{type_id=TypeID, profiles=P2++P1}.
 
@@ -814,11 +854,11 @@ create_alternate_ssl_iiop_address(Host, Port, SSLPort) ->
 %% function : timeouts
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 timeouts(Host, Port, ReqT) ->
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
             ["iiop://"++Host++":"++integer_to_list(Port)]),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N1 = lname:insert_component(lname:create(), 1, NC1),
@@ -828,21 +868,21 @@ timeouts(Host, Port, ReqT) ->
     Viper = 'CosNaming_NamingContext':resolve(NSR, N2),
 
     ?match({'EXCEPTION',{'TIMEOUT',_,_,_}},
-	   orber_test_timeout_server:twoway_function(Viper, ReqT, ReqT*2)), 
-    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)), 
+	   orber_test_timeout_server:twoway_function(Viper, ReqT, ReqT*2)),
+    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)),
 
     ?match({'EXCEPTION',{'TIMEOUT',_,_,_}},
-		 orber_test_server:testing_iiop_twoway_delay(Mamba, ReqT)), 
+		 orber_test_server:testing_iiop_twoway_delay(Mamba, ReqT)),
     ?match(ok, orber_test_server:testing_iiop_oneway_delay(Mamba, ReqT)),
-    
+
     %% Since the objects are stalled we must wait until they are available again
     %% to be able to run any more tests and get the correct results.
     timer:sleep(ReqT*4),
-    
-    ?match(ok, orber_test_timeout_server:twoway_function(Viper, ReqT*2, ReqT)), 
-    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)), 
-    
-    ?match(ok, orber_test_server:testing_iiop_twoway_delay(Mamba, 0)), 
+
+    ?match(ok, orber_test_timeout_server:twoway_function(Viper, ReqT*2, ReqT)),
+    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)),
+
+    ?match(ok, orber_test_server:testing_iiop_twoway_delay(Mamba, 0)),
     ?match(ok, orber_test_server:testing_iiop_oneway_delay(Mamba, 0)),
 
     timer:sleep(ReqT*4),
@@ -853,11 +893,11 @@ timeouts(Host, Port, ReqT) ->
 %% Arguments: Host - which node to contact.
 %%            Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 light_tests(Host, Port, ObjName) ->
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
             ["iiop://"++Host++":"++integer_to_list(Port)]),
     NC1 = lname_component:set_id(lname_component:create(), "not_exist"),
     N1 =  lname:insert_component(lname:create(), 1, NC1),
@@ -868,7 +908,7 @@ light_tests(Host, Port, ObjName) ->
 	   'CosNaming_NamingContext':resolve(NSR, N1)),
     NC2 = lname_component:set_id(lname_component:create(), ObjName),
     N2  = lname:insert_component(lname:create(), 1, NC2),
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, N2)),
     Nodes = orber:get_lightweight_nodes(),
     io:format("Light Nodes: ~p~n", [Nodes]),
@@ -890,165 +930,165 @@ test_coding(Obj) ->
 test_coding(Obj, Local) ->
     %%--- Testing code and decode arguments ---
     ?match({ok, 1.5}, orber_test_server:testing_iiop_float(Obj, 1.5)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_float(Obj, atom)),
 
     ?match({ok,1.0}, orber_test_server:testing_iiop_double(Obj, 1.0)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_double(Obj, "wrong")),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_short(Obj, 0)),
     ?match({ok,?SHORTMAX}, orber_test_server:testing_iiop_short(Obj, ?SHORTMAX)),
     ?match({ok,?SHORTMIN}, orber_test_server:testing_iiop_short(Obj, ?SHORTMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, atomic)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, ?SHORTMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, ?SHORTMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ushort(Obj, 0)),
     ?match({ok,?USHORTMAX}, orber_test_server:testing_iiop_ushort(Obj, ?USHORTMAX)),
     ?match({ok,?USHORTMIN}, orber_test_server:testing_iiop_ushort(Obj, ?USHORTMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ushort(Obj, ?USHORTMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ushort(Obj, ?USHORTMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_long(Obj, 0)),
     ?match({ok,?LONGMAX}, orber_test_server:testing_iiop_long(Obj, ?LONGMAX)),
     ?match({ok,?LONGMIN}, orber_test_server:testing_iiop_long(Obj, ?LONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, "wrong")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, ?LONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, ?LONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_longlong(Obj, 0)),
     ?match({ok,?LONGLONGMAX}, orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMAX)),
     ?match({ok,?LONGLONGMIN}, orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, "wrong")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ulong(Obj, 0)),
     ?match({ok,?ULONGMAX}, orber_test_server:testing_iiop_ulong(Obj, ?ULONGMAX)),
     ?match({ok,?ULONGMIN}, orber_test_server:testing_iiop_ulong(Obj, ?ULONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 		 orber_test_server:testing_iiop_ulong(Obj, ?ULONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 		 orber_test_server:testing_iiop_ulong(Obj, ?ULONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ulonglong(Obj, 0)),
     ?match({ok,?ULONGLONGMAX}, orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMAX)),
     ?match({ok,?ULONGLONGMIN}, orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMIN-1)),
-    
+
     ?match({ok,98}, orber_test_server:testing_iiop_char(Obj, 98)),
     ?match({ok,$b}, orber_test_server:testing_iiop_char(Obj, $b)),
 
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_char(Obj, atomic)),
 
     ?match({ok,65535}, orber_test_server:testing_iiop_wchar(Obj, 65535)),
     ?match({ok,$b}, orber_test_server:testing_iiop_wchar(Obj, $b)),
 
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wchar(Obj, atomic)),
-    
+
     ?match({ok,true}, orber_test_server:testing_iiop_bool(Obj, true)),
     ?match({ok,false}, orber_test_server:testing_iiop_bool(Obj, false)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_bool(Obj, atom)),
-    
+
     ?match({ok,1}, orber_test_server:testing_iiop_octet(Obj, 1)),
 % No real guards for this case.
-%    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+%    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 %	   orber_test_server:testing_iiop_octet(Obj, 1.5)),
     IOR12 = create_components_IOR({1,2}),
     ?match({ok,Obj}, orber_test_server:testing_iiop_obj(Obj, Obj)),
     ?match({ok,IOR12}, orber_test_server:testing_iiop_obj(Obj, IOR12)),
     PObj = orber_test_server:oe_create([], [{pseudo,true}]),
     ?match({ok, _}, orber_test_server:testing_iiop_obj(Obj, PObj)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_obj(Obj, "no_object")),
     ?match({ok,"string"}, orber_test_server:testing_iiop_string(Obj, "string")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_string(Obj, "ToLongString")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_string(Obj, atomic)),
 
     ?match({ok,[65535]}, orber_test_server:testing_iiop_wstring(Obj, [65535])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wstring(Obj, "ToLongWstring")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wstring(Obj, atomic)),
 
-    ?match({ok, one}, 
+    ?match({ok, one},
 		 orber_test_server:testing_iiop_enum(Obj, one)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_enum(Obj, three)),
-    ?match({ok,[1,2,3]}, 
+    ?match({ok,[1,2,3]},
 		 orber_test_server:testing_iiop_seq(Obj, [1,2,3])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_seq(Obj, [1,2,3,4])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_seq(Obj, false)),
 
 
-    ?match({ok,[#orber_test_server_struc{a=1, b=2}]}, 
-		 orber_test_server:testing_iiop_struc_seq(Obj, 
+    ?match({ok,[#orber_test_server_struc{a=1, b=2}]},
+		 orber_test_server:testing_iiop_struc_seq(Obj,
 					  [#orber_test_server_struc{a=1, b=2}])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_struc_seq(Obj, false)),
 
-    ?match({ok,[#orber_test_server_uni{label=1, value=66}]}, 
-		 orber_test_server:testing_iiop_uni_seq(Obj, 
+    ?match({ok,[#orber_test_server_uni{label=1, value=66}]},
+		 orber_test_server:testing_iiop_uni_seq(Obj,
 					  [#orber_test_server_uni{label=1, value=66}])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_uni_seq(Obj, false)),
 
-    ?match({ok,{"one", "two"}}, 
+    ?match({ok,{"one", "two"}},
 		 orber_test_server:testing_iiop_array(Obj, {"one", "two"})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_array(Obj, {"one", "two", "three"})),
-    ?match({ok,#orber_test_server_struc{a=1, b=2}}, 
-		 orber_test_server:testing_iiop_struct(Obj, 
+    ?match({ok,#orber_test_server_struc{a=1, b=2}},
+		 orber_test_server:testing_iiop_struct(Obj,
                                          #orber_test_server_struc{a=1, b=2})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_struct(Obj, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_struct(Obj,
                                          #orber_test_server_struc{a="WRONG", b=2})),
-    ?match({ok,#orber_test_server_uni{label=1, value=66}}, 
-	   orber_test_server:testing_iiop_union(Obj, 
+    ?match({ok,#orber_test_server_uni{label=1, value=66}},
+	   orber_test_server:testing_iiop_union(Obj,
                                            #orber_test_server_uni{label=1, value=66})),
 
-    ?match({ok,#orber_test_server_uni_d{label=1, value=66}}, 
-	   orber_test_server:testing_iiop_union_d(Obj, 
+    ?match({ok,#orber_test_server_uni_d{label=1, value=66}},
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=1, value=66})),
 
-    ?match({ok,#orber_test_server_uni_d{label=2, value=true}}, 
-	   orber_test_server:testing_iiop_union_d(Obj, 
+    ?match({ok,#orber_test_server_uni_d{label=2, value=true}},
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=2, value=true})),
 
     ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
-	   orber_test_server:testing_iiop_union_d(Obj, 
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=2, value=66})),
 
     case Local of
 	true ->
-	    ?match({ok,#orber_test_server_uni{label=2, value=66}}, 
-		   orber_test_server:testing_iiop_union(Obj, 
+	    ?match({ok,#orber_test_server_uni{label=2, value=66}},
+		   orber_test_server:testing_iiop_union(Obj,
 							#orber_test_server_uni{label=2, value=66}));
 	false ->
-	    ?match({ok,#orber_test_server_uni{label=2, value=undefined}}, 
-		   orber_test_server:testing_iiop_union(Obj, 
+	    ?match({ok,#orber_test_server_uni{label=2, value=undefined}},
+		   orber_test_server:testing_iiop_union(Obj,
 							#orber_test_server_uni{label=2, value=66}))
     end,
 
@@ -1059,258 +1099,258 @@ test_coding(Obj, Local) ->
     C4 = orber_test_server:fixed52negconst1(),
     C5 = orber_test_server:fixed52negconst2(),
     C6 = orber_test_server:fixed52negconst3(),
-    
+
     ?match({ok,C1}, orber_test_server:testing_iiop_fixed(Obj, C1)),
     ?match({ok,C2}, orber_test_server:testing_iiop_fixed(Obj, C2)),
     ?match({ok,C3}, orber_test_server:testing_iiop_fixed(Obj, C3)),
     ?match({ok,C4}, orber_test_server:testing_iiop_fixed(Obj, C4)),
     ?match({ok,C5}, orber_test_server:testing_iiop_fixed(Obj, C5)),
     ?match({ok,C6}, orber_test_server:testing_iiop_fixed(Obj, C6)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-		 orber_test_server:testing_iiop_fixed(Obj, #fixed{digits = 5, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+		 orber_test_server:testing_iiop_fixed(Obj, #fixed{digits = 5,
 								  scale = 2,
 								  value = 123450})),
 
     ?match(ok, orber_test_server:testing_iiop_void(Obj)),
 
-    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}}, 
+    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}},
 	   orber_test_server:pseudo_call_raise_exc(Obj, 1)),
-    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}}, 
+    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}},
 	   orber_test_server:pseudo_call_raise_exc(Obj, 2)),
-    ?match({'EXCEPTION',{'orber_test_server_UserDefinedException',_}}, 
+    ?match({'EXCEPTION',{'orber_test_server_UserDefinedException',_}},
 		 orber_test_server:raise_local_exception(Obj)),
     ?match({'EXCEPTION',{'orber_test_server_ComplexUserDefinedException',_,
-			       [#orber_test_server_struc{a=1, b=2}]}}, 
+			       [#orber_test_server_struc{a=1, b=2}]}},
 		 orber_test_server:raise_complex_local_exception(Obj)),
     %% Test all TypeCodes
-    ?match({ok, #any{typecode = tk_long, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({ok, #any{typecode = tk_long, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_float, value = 1.5}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_float, 
+    ?match({ok, #any{typecode = tk_float, value = 1.5}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_float,
 							      value = 1.5})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_double}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double, 
+    ?match({ok, #any{typecode = tk_double}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double,
 							      value = 1.0})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_short, value = -1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short, 
+    ?match({ok, #any{typecode = tk_short, value = -1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short,
 							      value = -1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_ushort, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort, 
+    ?match({ok, #any{typecode = tk_ushort, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_long, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({ok, #any{typecode = tk_long, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_longlong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong, 
+    ?match({ok, #any{typecode = tk_longlong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_ulong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({ok, #any{typecode = tk_ulong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 1})),
-    ?match({ok, #any{typecode = tk_ulong, value = 4294967295}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({ok, #any{typecode = tk_ulong, value = 4294967295}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 4294967295})),
     ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 4294967296})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_ulonglong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong, 
+    ?match({ok, #any{typecode = tk_ulonglong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_char, value = 98}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({ok, #any{typecode = tk_char, value = 98}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							      value = 98})),
-    ?match({ok, #any{typecode = tk_char, value = $b}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({ok, #any{typecode = tk_char, value = $b}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							      value = $b})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_wchar, value = 65535}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({ok, #any{typecode = tk_wchar, value = 65535}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							      value = 65535})),
-    ?match({ok, #any{typecode = tk_wchar, value = $b}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({ok, #any{typecode = tk_wchar, value = $b}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							      value = $b})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_boolean, value = true}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({ok, #any{typecode = tk_boolean, value = true}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							      value = true})),
-    ?match({ok, #any{typecode = tk_boolean, value = false}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({ok, #any{typecode = tk_boolean, value = false}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							      value = false})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							value = 1})),
-    ?match({ok, #any{typecode = tk_octet, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_octet, 
+    ?match({ok, #any{typecode = tk_octet, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_octet,
 							      value = 1})),
-    ?match({ok, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, value = Obj}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, 
+    ?match({ok, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, value = Obj}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"},
 							      value = Obj})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"},
 							value = "No Object"})),
-    ?match({ok, #any{typecode = {tk_string, 6}, value = "string"}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_string, 6}, 
+    ?match({ok, #any{typecode = {tk_string, 6}, value = "string"}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_string, 6},
 							      value = "string"})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_string, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_string,
 							value = atomic})),
-    ?match({ok, #any{typecode = {tk_wstring, 1}, value = [65535]}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1}, 
+    ?match({ok, #any{typecode = {tk_wstring, 1}, value = [65535]}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1},
 							      value = [65535]})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1},
 							value = atomic})),
-    ?match({ok, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
-			   value = two}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
+    ?match({ok, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
+			   value = two}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
 							      value = two})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
 							      value = three})),
 
 
-    ?match({ok, #any{typecode = {tk_sequence, tk_long, 3}, 
-			   value = [1,2,3]}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3}, 
+    ?match({ok, #any{typecode = {tk_sequence, tk_long, 3},
+			   value = [1,2,3]}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3},
 							      value = [1,2,3]})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3},
 							value = false})),
 
 
 
-    ?match({ok, #any{typecode = {tk_array,{tk_string,0},2}, 
-			   value = {"one", "two"}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({ok, #any{typecode = {tk_array,{tk_string,0},2},
+			   value = {"one", "two"}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							      value = {"one", "two"}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							value = {"one", "two", "three"}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							value = {1, 2}})),
     ?match({ok, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 				       "struc",
-				       [{"a",tk_long},{"b",tk_short}]}, 
-			   value = #orber_test_server_struc{a=1, b=2}}}, 
+				       [{"a",tk_long},{"b",tk_short}]},
+			   value = #orber_test_server_struc{a=1, b=2}}},
 		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 									  "struc",
 									  [{"a",tk_long},{"b",tk_short}]},
 							      value = #orber_test_server_struc{a=1, b=2}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 								    "struc",
-								    [{"a",tk_long},{"b",tk_short}]}, 
+								    [{"a",tk_long},{"b",tk_short}]},
 							value = #orber_test_server_struc{a=1, b="string"}})),
-    ?match({ok, #any{typecode = 
+    ?match({ok, #any{typecode =
 			   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-			    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-			   value = #orber_test_server_uni{label=1, value=66}}}, 
+			    "uni", tk_long, -1, [{1,"a",tk_long}]},
+			   value = #orber_test_server_uni{label=1, value=66}}},
 		 orber_test_server:
-		 testing_iiop_any(Obj, 
-				  #any{typecode = 
+		 testing_iiop_any(Obj,
+				  #any{typecode =
 				       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-					"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+					"uni", tk_long,	-1, [{1,"a",tk_long}]},
 				       value = #orber_test_server_uni{label=1, value=66}})),
     case Local of
 	true ->
-	    ?match({ok, #any{typecode = 
+	    ?match({ok, #any{typecode =
 				   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-				    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-				   value = #orber_test_server_uni{label=2, value=66}}}, 
+				    "uni", tk_long, -1, [{1,"a",tk_long}]},
+				   value = #orber_test_server_uni{label=2, value=66}}},
 			 orber_test_server:
 			 testing_iiop_any(Obj,
-					  #any{typecode = 
+					  #any{typecode =
 					       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-						"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+						"uni", tk_long,	-1, [{1,"a",tk_long}]},
 					       value = #orber_test_server_uni{label=2, value=66}}));
 	false ->
-	    ?match({ok, #any{typecode = 
+	    ?match({ok, #any{typecode =
 				   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-				    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-				   value = #orber_test_server_uni{label=2, value=undefined}}}, 
+				    "uni", tk_long, -1, [{1,"a",tk_long}]},
+				   value = #orber_test_server_uni{label=2, value=undefined}}},
 			 orber_test_server:
 			 testing_iiop_any(Obj,
-					  #any{typecode = 
+					  #any{typecode =
 					       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-						"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+						"uni", tk_long,	-1, [{1,"a",tk_long}]},
 					       value = #orber_test_server_uni{label=2, value=66}}))
     end,
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:
-		 testing_iiop_any(Obj, 
-				  #any{typecode = 
+		 testing_iiop_any(Obj,
+				  #any{typecode =
 				       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-					"uni", tk_long, -1, [{1,"a",tk_long}]}, 
+					"uni", tk_long, -1, [{1,"a",tk_long}]},
 				       value = #orber_test_server_uni{label=1, value="string"}})),
 
-    ?match({ok, #any{typecode = {tk_fixed,5,2}, 
-			   value = #fixed{digits = 5, scale = 2, value = 12345}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,5,2}, 
-							      value = #fixed{digits = 5, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,5,2},
+			   value = #fixed{digits = 5, scale = 2, value = 12345}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,5,2},
+							      value = #fixed{digits = 5,
+									     scale = 2,
 									     value = 12345}})),
-    ?match({ok, #any{typecode = {tk_fixed,10,2}, 
-			   value = #fixed{digits = 10, scale = 2, value = 1234567890}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,10,2}, 
-							      value = #fixed{digits = 10, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,10,2},
+			   value = #fixed{digits = 10, scale = 2, value = 1234567890}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,10,2},
+							      value = #fixed{digits = 10,
+									     scale = 2,
 									     value = 1234567890}})),
-    ?match({ok, #any{typecode = {tk_fixed,6,2}, 
-			   value = #fixed{digits = 6, scale = 2, value = 300000}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,6,2}, 
-							      value = #fixed{digits = 6, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,6,2},
+			   value = #fixed{digits = 6, scale = 2, value = 300000}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,6,2},
+							      value = #fixed{digits = 6,
+									     scale = 2,
 									     value = 300000}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
           orber_test_server:
 		 testing_iiop_server_marshal(Obj, "string")),
-    
+
     RecS = #orber_test_server_rec_struct{chain = [#orber_test_server_rec_struct{chain = []}]},
     ?match(RecS, orber_test_server:testing_iiop_rec_struct(Obj, RecS)),
-    
-    RecU = #orber_test_server_rec_union{label = 'RecursiveType', 
+
+    RecU = #orber_test_server_rec_union{label = 'RecursiveType',
 					value = [#orber_test_server_rec_union{label = 'RecursiveType',
 									      value = []}]},
     ?match(RecU, orber_test_server:testing_iiop_rec_union(Obj, RecU)),
 
 %%     RecA1 = #any{typecode = unsupported, value = RecS},
 %%     RecA2 = #any{typecode = unsupported, value = RecU},
-%%     ?match(RecA1, 
-%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA1)),    
-%%     ?match(RecA2, 
-%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA2)),    
+%%     ?match(RecA1,
+%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA1)),
+%%     ?match(RecA2,
+%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA2)),
 
     ok.
 
@@ -1333,14 +1373,14 @@ Result    : ~p
     ok.
 
 %%--------------- Testing Missing Module ---------------------
-oe_get_interface() ->  
+oe_get_interface() ->
     non_existing_module:tc(foo).
 
 %%--------------- INTERCEPTOR FUNCTIONS ----------------------
 %%------------------------------------------------------------
 %% function : new_in_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 new_in_connection(Arg, CHost, Port) ->
     Host = node(),
@@ -1354,14 +1394,14 @@ To Host   : ~p
 To Port   : ~p
 Peers     : ~p
 Arg       : ~p
-==========================================~n", 
+==========================================~n",
 			  [Host, CHost, Port, SHost, SPort, Peers, Arg]),
     {Host}.
 
 %%------------------------------------------------------------
 %% function : new_out_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 new_out_connection(Arg, SHost, Port) ->
     Host = node(),
@@ -1370,73 +1410,73 @@ Node      : ~p
 To Host   : ~p
 To Port   : ~p
 Arg       : ~p
-==========================================~n", 
+==========================================~n",
 			  [Host, SHost, Port, Arg]),
     {Host}.
 
 %%------------------------------------------------------------
 %% function : closed_in_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 closed_in_connection(Arg) ->
     error_logger:info_msg("=============== closed_in_connection =====
 Node      : ~p
 Connection: ~p
-==========================================~n", 
+==========================================~n",
 			  [node(), Arg]),
     Arg.
 
 %%------------------------------------------------------------
 %% function : closed_out_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 closed_out_connection(Arg) ->
     error_logger:info_msg("=============== closed_out_connection ====
 Node      : ~p
 Connection: ~p
-==========================================~n", 
+==========================================~n",
 			  [node(), Arg]),
     Arg.
 
 %%------------------------------------------------------------
 %% function : in_request_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
-in_request_encoded(Ref, _ObjKey, Ctx, Op, 
+in_request_encoded(Ref, _ObjKey, Ctx, Op,
 	   <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>, _Args) ->
     error_logger:info_msg("=============== in_request_encoded =======
 Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, T, Ctx]),
     {T, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_reply_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_reply_encoded(Ref, _ObjKey, Ctx, Op,
-	 <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>, 
+	 <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>,
 	 _Args) ->
     error_logger:info_msg("============== in_reply_encoded ==========
 Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, T, Ctx]),
     {T, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : out_reply_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_reply_encoded(Ref, _ObjKey, Ctx, Op, List, _Args) ->
     error_logger:info_msg("============== out_reply_encoded =========
@@ -1444,14 +1484,14 @@ Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, List, Ctx]),
     {list_to_binary([<<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8>>|List]), "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : out_request_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_request_encoded(Ref, _ObjKey, Ctx, Op, List, _Args) ->
     error_logger:info_msg("============== out_request_encoded =======
@@ -1459,14 +1499,14 @@ Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, List, Ctx]),
     {list_to_binary([<<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8>>|List]), "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_request
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_request(Ref, _ObjKey, Ctx, Op, Params, _Args) ->
     error_logger:info_msg("=============== in_request ===============
@@ -1474,14 +1514,14 @@ Connection: ~p
 Operation : ~p
 Parameters: ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Params, Ctx]),
     {Params, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_reply
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_reply(Ref, _ObjKey, Ctx, Op, Reply, _Args) ->
     error_logger:info_msg("=============== in_reply =================
@@ -1489,14 +1529,14 @@ Connection: ~p
 Operation : ~p
 Reply     : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Reply, Ctx]),
     {Reply, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : postinvoke
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_reply(Ref, _ObjKey, Ctx, Op, Reply, _Args) ->
     error_logger:info_msg("=============== out_reply ================
@@ -1504,14 +1544,14 @@ Connection: ~p
 Operation : ~p
 Reply     : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Reply, Ctx]),
     {Reply, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : postinvoke
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_request(Ref, _ObjKey, Ctx, Op, Params, _Args) ->
     error_logger:info_msg("=============== out_request ==============
@@ -1519,7 +1559,7 @@ Connection: ~p
 Operation : ~p
 Parameters: ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Params, Ctx]),
     {Params, "NewArgs"}.
 
diff --git a/lib/orber/vsn.mk b/lib/orber/vsn.mk
index 29b21e8e01..0eac1e1410 100644
--- a/lib/orber/vsn.mk
+++ b/lib/orber/vsn.mk
@@ -1,3 +1,3 @@
 
-ORBER_VSN = 3.6.22
+ORBER_VSN = 3.6.23
 
diff --git a/lib/os_mon/c_src/Makefile.in b/lib/os_mon/c_src/Makefile.in
index 1a371eb380..bac0413ece 100644
--- a/lib/os_mon/c_src/Makefile.in
+++ b/lib/os_mon/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -82,13 +82,9 @@ ALL_CFLAGS = @CFLAGS@ @DEFS@ $(CFLAGS)
 # Targets
 # ----------------------------------------------------
 
-debug opt: $(OBJDIR) $(BINDIR) $(TARGET_FILES)
+_create_dirs := $(shell mkdir -p $(OBJDIR) $(BINDIR))
 
-$(OBJDIR):
-	-@mkdir -p $(OBJDIR)
-
-$(BINDIR):
-	-@mkdir -p $(BINDIR)
+debug opt: $(TARGET_FILES)
 
 clean:
 	rm -f $(TARGET_FILES)
diff --git a/lib/os_mon/doc/src/make.dep b/lib/os_mon/doc/src/make.dep
deleted file mode 100644
index b657f2e036..0000000000
--- a/lib/os_mon/doc/src/make.dep
+++ /dev/null
@@ -1,21 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex cpu_sup.tex disksup.tex memsup.tex \
-		nteventlog.tex os_mon.tex os_mon_mib.tex os_sup.tex \
-		ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/os_mon/doc/src/notes.xml b/lib/os_mon/doc/src/notes.xml
index f641bbd828..b459e31fa5 100644
--- a/lib/os_mon/doc/src/notes.xml
+++ b/lib/os_mon/doc/src/notes.xml
@@ -30,6 +30,35 @@
   </header>
   <p>This document describes the changes made to the OS_Mon application.</p>
 
+<section><title>Os_Mon 2.2.8</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Os_Mon 2.2.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/os_mon/mibs/Makefile b/lib/os_mon/mibs/Makefile
index cbbc337491..655190edf4 100644
--- a/lib/os_mon/mibs/Makefile
+++ b/lib/os_mon/mibs/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -78,6 +78,9 @@ $(SNMP_BIN_TARGET_DIR)/OTP-MIB.bin:     $(ERL_TOP)/lib/$(OTP_MIBDIR)/mibs/OTP-MI
 v1/%.mib.v1: %.mib
 	$(ERL_TOP)/lib/snmp/bin/snmp-v2tov1 -o $@ $<
 
+$(SNMP_BIN_TARGET_DIR)/OTP-OS-MON-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/OTP-REG.bin \
+	$(SNMP_BIN_TARGET_DIR)/OTP-MIB.bin \
 
 # ----------------------------------------------------
 # Release Target
diff --git a/lib/os_mon/src/cpu_sup.erl b/lib/os_mon/src/cpu_sup.erl
index e414e2c10b..34251178ee 100644
--- a/lib/os_mon/src/cpu_sup.erl
+++ b/lib/os_mon/src/cpu_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -764,8 +764,7 @@ port_receive_cpu_util_entries(_, _, Data) ->
      exit({data_mismatch, Data}).
 
 start_portprogram() ->
-    Command = filename:join([code:priv_dir(os_mon), "bin", "cpu_sup"]),
-    Port = open_port({spawn, Command}, [stream]),
+    Port = os_mon:open_port("cpu_sup", [stream]),
     port_command(Port, ?ping),
     4711 = port_receive_uint32(Port, 5000),
     Port.
diff --git a/lib/os_mon/src/memsup.erl b/lib/os_mon/src/memsup.erl
index ba07a529bc..49533da1f7 100644
--- a/lib/os_mon/src/memsup.erl
+++ b/lib/os_mon/src/memsup.erl
@@ -802,8 +802,7 @@ port_init() ->
     port_idle(Port).
 
 start_portprogram() ->
-    Command = filename:join([code:priv_dir(os_mon), "bin", "memsup"]),
-    open_port({spawn, Command}, [{packet, 1}]).
+    os_mon:open_port("memsup",[{packet,1}]).
 
 %% The connected process loops are a bit awkward (several different
 %% functions doing almost the same thing) as
diff --git a/lib/os_mon/src/os_mon.erl b/lib/os_mon/src/os_mon.erl
index ef368571db..3098c38808 100644
--- a/lib/os_mon/src/os_mon.erl
+++ b/lib/os_mon/src/os_mon.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,7 +22,7 @@
 -behaviour(supervisor).
 
 %% API
--export([call/2, call/3, get_env/2]).
+-export([call/2, call/3, get_env/2, open_port/2]).
 
 %% Application callbacks
 -export([start/2, stop/1]).
@@ -79,6 +79,22 @@ get_env(Service, Param) ->
 	    Service:param_default(Param)
     end.
 
+open_port(Name, Opts) ->
+    PrivDir = code:priv_dir(os_mon),
+    ReleasedPath = filename:join([PrivDir,"bin",Name]),
+    %% Check os_mon*/priv/bin/Name
+    case filelib:is_regular(ReleasedPath) of
+	true ->
+	    erlang:open_port({spawn, ReleasedPath}, Opts);
+	false ->
+	    %% Use os_mon*/priv/bin/Arch/Name
+	    ArchPath =
+		filename:join(
+		  [PrivDir,"bin",erlang:system_info(system_architecture),Name]),
+	    erlang:open_port({spawn, ArchPath}, Opts)
+    end.
+
+
 %%%-----------------------------------------------------------------
 %%% Application callbacks
 %%%-----------------------------------------------------------------
diff --git a/lib/os_mon/src/os_mon_mib.erl b/lib/os_mon/src/os_mon_mib.erl
index a4ce274a16..ea17f928cc 100644
--- a/lib/os_mon/src/os_mon_mib.erl
+++ b/lib/os_mon/src/os_mon_mib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -65,11 +65,11 @@
 %% Shadow argument macros 
 -define(loadShadowArgs, 
 	{loadTable, string, record_info(fields, loadTable), 5000,
-	 {os_mon_mib, update_load_table}}). 
+	 fun os_mon_mib:update_load_table/0}).
 	
 -define(diskShadowArgs, 
 	{diskTable, {integer, integer}, record_info(fields, diskTable), 5000,
-	 {os_mon_mib, update_disk_table}}). 
+	 fun os_mon_mib:update_disk_table/0}).
 
 %% Misc
 -record(diskAlloc, {diskDescr, diskId}).
diff --git a/lib/os_mon/src/os_mon_sysinfo.erl b/lib/os_mon/src/os_mon_sysinfo.erl
index 5d12bd95d1..080885d5d6 100644
--- a/lib/os_mon/src/os_mon_sysinfo.erl
+++ b/lib/os_mon/src/os_mon_sysinfo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,9 +108,7 @@ code_change(_OldVsn, State, _Extra) ->
 %%----------------------------------------------------------------------
 
 start_portprogram() ->
-    Command =
-	filename:join([code:priv_dir(os_mon),"bin","win32sysinfo.exe"]),
-    Port = open_port({spawn,Command}, [{packet,1}]),
+    Port = os_mon:open_port("win32sysinfo.exe", [{packet,1}]),
     receive
 	{Port, {data, [?OK]}} ->
 	    Port;
diff --git a/lib/os_mon/test/os_mon_mib_SUITE.erl b/lib/os_mon/test/os_mon_mib_SUITE.erl
index 4bd256a3f7..a137efc441 100644
--- a/lib/os_mon/test/os_mon_mib_SUITE.erl
+++ b/lib/os_mon/test/os_mon_mib_SUITE.erl
@@ -718,7 +718,7 @@ del_dir(Dir) ->
     {ok, Files} = file:list_dir(Dir),
     FullPathFiles = lists:map(fun(File) -> filename:join(Dir, File) end,
 			      Files),
-    lists:foreach({file, delete}, FullPathFiles),
+    lists:foreach(fun file:delete/1, FullPathFiles),
     file:del_dir(Dir).
 
 %%---------------------------------------------------------------------
diff --git a/lib/os_mon/vsn.mk b/lib/os_mon/vsn.mk
index f000e24a8f..89dfa59dd9 100644
--- a/lib/os_mon/vsn.mk
+++ b/lib/os_mon/vsn.mk
@@ -1 +1 @@
-OS_MON_VSN = 2.2.7
+OS_MON_VSN = 2.2.8
diff --git a/lib/otp_mibs/doc/src/make.dep b/lib/otp_mibs/doc/src/make.dep
deleted file mode 100644
index 2885155315..0000000000
--- a/lib/otp_mibs/doc/src/make.dep
+++ /dev/null
@@ -1,20 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex introduction.tex mibs.tex otp_mib.tex \
-		part.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/otp_mibs/doc/src/notes.xml b/lib/otp_mibs/doc/src/notes.xml
index 94c1dd4228..71e33fceb9 100644
--- a/lib/otp_mibs/doc/src/notes.xml
+++ b/lib/otp_mibs/doc/src/notes.xml
@@ -31,6 +31,26 @@
   <p>This document describes the changes made to the OTP_Mibs
     application.</p>
 
+<section><title>Otp_Mibs 1.0.7</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Otp_Mibs 1.0.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/otp_mibs/src/otp_mib.erl b/lib/otp_mibs/src/otp_mib.erl
index e8b0e51b91..619104007c 100644
--- a/lib/otp_mibs/src/otp_mib.erl
+++ b/lib/otp_mibs/src/otp_mib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -48,11 +48,11 @@
 %% Shadow argument macros 
 -define(erlNodeShadowArgs, 
 	{erlNodeTable, integer, record_info(fields, erlNodeTable), 5000,
-	 {otp_mib, update_erl_node_table}}). 
+	 fun otp_mib:update_erl_node_table/0}).
 
 -define(applShadowArgs,
 	{applTable, {integer, integer}, record_info(fields, applTable), 
-	 5000, {otp_mib, update_appl_table}}).
+	 5000, fun otp_mib:update_appl_table/0}).
 
 %% Misc
 -record(erlNodeAlloc, {nodeName, nodeId}).
diff --git a/lib/otp_mibs/vsn.mk b/lib/otp_mibs/vsn.mk
index c2fa7c9474..f070288032 100644
--- a/lib/otp_mibs/vsn.mk
+++ b/lib/otp_mibs/vsn.mk
@@ -1,4 +1,4 @@
-OTP_MIBS_VSN = 1.0.6
+OTP_MIBS_VSN = 1.0.7
 
 # Note: The branch 'otp_mibs' is defunct as of otp_mibs-1.0.4 and
 # should NOT be used again.
diff --git a/lib/parsetools/doc/src/make.dep b/lib/parsetools/doc/src/make.dep
deleted file mode 100644
index 3a09ecdedd..0000000000
--- a/lib/parsetools/doc/src/make.dep
+++ /dev/null
@@ -1,21 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex leex.tex ref_man.tex yecc.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-ref_man.tex: ../../../../system/doc/definitions/term.defs
-
diff --git a/lib/parsetools/doc/src/notes.xml b/lib/parsetools/doc/src/notes.xml
index 0c611db1ec..ac29cbb893 100644
--- a/lib/parsetools/doc/src/notes.xml
+++ b/lib/parsetools/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,6 +30,26 @@
   </header>
   <p>This document describes the changes made to the Parsetools application.</p>
 
+<section><title>Parsetools 2.0.7</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Parsetools 2.0.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/parsetools/include/yeccpre.hrl b/lib/parsetools/include/yeccpre.hrl
index 80a3afbdb6..3672394fc5 100644
--- a/lib/parsetools/include/yeccpre.hrl
+++ b/lib/parsetools/include/yeccpre.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -28,10 +28,11 @@ parse(Tokens) ->
 
 -spec parse_and_scan({function() | {atom(), atom()}, [_]}
                      | {atom(), atom(), [_]}) -> yecc_ret().
-parse_and_scan({F, A}) -> % Fun or {M, F}
+parse_and_scan({F, A}) ->
     yeccpars0([], {{F, A}, no_line}, 0, [], []);
 parse_and_scan({M, F, A}) ->
-    yeccpars0([], {{{M, F}, A}, no_line}, 0, [], []).
+    Arity = length(A),
+    yeccpars0([], {{fun M:F/Arity, A}, no_line}, 0, [], []).
 
 -spec format_error(any()) -> [char() | list()].
 format_error(Message) ->
@@ -67,7 +68,7 @@ yeccpars0(Tokens, Tzr, State, States, Vstack) ->
             Error
     end.
 
-yecc_error_type(function_clause, [{?MODULE,F,ArityOrArgs} | _]) ->
+yecc_error_type(function_clause, [{?MODULE,F,ArityOrArgs,_} | _]) ->
     case atom_to_list(F) of
         "yeccgoto_" ++ SymbolL ->
             {ok,[{atom,_,Symbol}],_} = erl_scan:string(SymbolL),
diff --git a/lib/parsetools/src/yeccparser.erl b/lib/parsetools/src/yeccparser.erl
index 63127802ee..e4b8b06db5 100644
--- a/lib/parsetools/src/yeccparser.erl
+++ b/lib/parsetools/src/yeccparser.erl
@@ -17,7 +17,7 @@ line_of(Token) ->
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -83,7 +83,7 @@ yeccpars0(Tokens, Tzr, State, States, Vstack) ->
             Error
     end.
 
-yecc_error_type(function_clause, [{?MODULE,F,ArityOrArgs} | _]) ->
+yecc_error_type(function_clause, [{?MODULE,F,ArityOrArgs,_} | _]) ->
     case atom_to_list(F) of
         "yeccgoto_" ++ SymbolL ->
             {ok,[{atom,_,Symbol}],_} = erl_scan:string(SymbolL),
diff --git a/lib/parsetools/test/yecc_SUITE.erl b/lib/parsetools/test/yecc_SUITE.erl
index a5f66b48e9..3d26adf1be 100644
--- a/lib/parsetools/test/yecc_SUITE.erl
+++ b/lib/parsetools/test/yecc_SUITE.erl
@@ -1197,7 +1197,7 @@ yeccpre(Config) when is_list(Config) ->
                 catch error: error ->
                         ok
                 end,
-                try parse_and_scan({{yecc_test, scan}, [exit]})
+                try parse_and_scan({fun yecc_test:scan/1, [exit]})
                 catch exit: exit ->
                         ok
                 end,
@@ -1650,10 +1650,11 @@ yeccpre_v1_2() ->
 parse(Tokens) ->
     yeccpars0(Tokens, false).
 
-parse_and_scan({F, A}) -> % Fun or {M, F}
+parse_and_scan({F, A}) ->
     yeccpars0([], {F, A});
 parse_and_scan({M, F, A}) ->
-    yeccpars0([], {{M, F}, A}).
+    Arity = length(A),
+    yeccpars0([], {fun M:F/Arity, A}).
 
 format_error(Message) ->
     case io_lib:deep_char_list(Message) of
diff --git a/lib/parsetools/vsn.mk b/lib/parsetools/vsn.mk
index 093523f0e7..e2594564cb 100644
--- a/lib/parsetools/vsn.mk
+++ b/lib/parsetools/vsn.mk
@@ -1 +1 @@
-PARSETOOLS_VSN = 2.0.6
+PARSETOOLS_VSN = 2.0.7
diff --git a/lib/percept/doc/src/make.dep b/lib/percept/doc/src/make.dep
deleted file mode 100644
index df16cffd4f..0000000000
--- a/lib/percept/doc/src/make.dep
+++ /dev/null
@@ -1,34 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex egd.tex egd_ug.tex part.tex percept.tex \
-		percept_profile.tex percept_ug.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-egd_ug.tex: img.erl img_esi.erl
-
-percept_ug.tex: sorter.erl
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: img_esi_result.ps test1.ps test2.ps test3.ps \
-		test4.ps
-
-book.dvi: percept_compare.ps percept_overview.ps percept_processes.ps \
-		percept_processinfo.ps
-
diff --git a/lib/percept/doc/src/notes.xml b/lib/percept/doc/src/notes.xml
index 95c2bbda56..1ac1a5ab62 100644
--- a/lib/percept/doc/src/notes.xml
+++ b/lib/percept/doc/src/notes.xml
@@ -32,6 +32,21 @@
   </header>
   <p>This document describes the changes made to the Percept application.</p>
 
+<section><title>Percept 0.8.6.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Percept 0.8.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/percept/doc/src/part_notes.xml b/lib/percept/doc/src/part_notes.xml
index 4965e67640..4965e67640 100755..100644
--- a/lib/percept/doc/src/part_notes.xml
+++ b/lib/percept/doc/src/part_notes.xml
diff --git a/lib/percept/test/percept_SUITE_data/ipc-dist.dat b/lib/percept/test/percept_SUITE_data/ipc-dist.dat
index 14ab6c0c5d..14ab6c0c5d 100755..100644
--- a/lib/percept/test/percept_SUITE_data/ipc-dist.dat
+++ b/lib/percept/test/percept_SUITE_data/ipc-dist.dat
diff --git a/lib/percept/vsn.mk b/lib/percept/vsn.mk
index 3b4d9bbb64..9267a41055 100644
--- a/lib/percept/vsn.mk
+++ b/lib/percept/vsn.mk
@@ -1 +1 @@
-PERCEPT_VSN = 0.8.6
+PERCEPT_VSN = 0.8.6.1
diff --git a/lib/pman/doc/src/make.dep b/lib/pman/doc/src/make.dep
deleted file mode 100644
index 2f6a8a06cd..0000000000
--- a/lib/pman/doc/src/make.dep
+++ /dev/null
@@ -1,26 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex part.tex pman.tex pman_chapter.tex \
-		ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: main_window.ps options.ps trace.ps
-
diff --git a/lib/pman/doc/src/notes.xml b/lib/pman/doc/src/notes.xml
index 27e3b5e5fe..407a10a50a 100644
--- a/lib/pman/doc/src/notes.xml
+++ b/lib/pman/doc/src/notes.xml
@@ -30,6 +30,21 @@
   </header>
   <p>This document describes the changes made to the Pman application.</p>
 
+<section><title>Pman 2.7.1.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Pman 2.7.1</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/pman/vsn.mk b/lib/pman/vsn.mk
index d190164053..a62a9d7c89 100644
--- a/lib/pman/vsn.mk
+++ b/lib/pman/vsn.mk
@@ -1 +1 @@
-PMAN_VSN = 2.7.1
+PMAN_VSN = 2.7.1.1
diff --git a/lib/public_key/.gitignore b/lib/public_key/.gitignore
new file mode 100644
index 0000000000..d30fe62c9d
--- /dev/null
+++ b/lib/public_key/.gitignore
@@ -0,0 +1,7 @@
+# public_key
+
+asn1/*.asn1db
+asn1/*.erl
+asn1/*.hrl
+include/OTP-PUB-KEY.hrl
+include/PKCS-FRAME.hrl
diff --git a/lib/public_key/asn1/DSS.asn1 b/lib/public_key/asn1/DSS.asn1
index 77aca3808b..77aca3808b 100755..100644
--- a/lib/public_key/asn1/DSS.asn1
+++ b/lib/public_key/asn1/DSS.asn1
diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile
index 94abec083c..943d97bdb8 100644
--- a/lib/public_key/asn1/Makefile
+++ b/lib/public_key/asn1/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+# Copyright Ericsson AB 2008-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -38,12 +38,12 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN)
 .SUFFIXES: .asn1
 .PRECIOUS: %.erl
 
-ASN_TOP = OTP-PUB-KEY
+ASN_TOP = OTP-PUB-KEY PKCS-FRAME
 ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \
-	PKIXAttributeCertificate PKCS-1 PKCS-3 OTP-PKIX 
+	PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 PKCS5v2-0  OTP-PKIX 
 ASN_ASNS = $(ASN_MODULES:%=%.asn1)
-ASN_ERLS = $(ASN_TOP).erl
-ASN_HRLS = $(ASN_TOP).hrl
+ASN_ERLS = $(ASN_TOP:%=%.erl)
+ASN_HRLS = $(ASN_TOP:%=%.hrl)
 ASN_CONFIGS = OTP-PUB-KEY.asn1config
 ASN_DBS = $(ASN_MODULES:%=%.asn1db) OTP-PUB-KEY.asn1db  
 ASN_TABLES = $(ASN_MODULES:%=%.table)
@@ -65,7 +65,7 @@ EBIN = ../ebin
 EXTRA_ERLC_FLAGS = 
 ERL_COMPILE_FLAGS += $(EXTRA_ERLC_FLAGS)
 
-ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj +asn1config +inline
+ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj +asn1config +inline +nif
 
 # ----------------------------------------------------
 # Targets
@@ -79,11 +79,11 @@ clean:
 
 docs:
 
-%.erl: %.set.asn
+%.erl %.hrl: %.set.asn
 	erlc $(ASN_FLAGS) $<
 
-$(HRL_FILES):	$(ASN_HRLS)
-	cp -p $(ASN_HRLS) $(INCLUDE)
+$(INCLUDE)/%.hrl: %.hrl
+	cp -p $<  $@
 
 # ----------------------------------------------------
 # Release Target
@@ -113,3 +113,8 @@ OTP-PUB-KEY.asn1db:		PKIX1Algorithms88.asn1 \
 				PKCS-1.asn1\
 				PKCS-3.asn1\
 				OTP-PKIX.asn1
+
+$(EBIN)/PKCS-FRAME.beam: 	        PKCS-FRAME.erl PKCS-FRAME.hrl
+PKCS-FRAME.erl PKCS-FRAME.hrl:			PKCS-FRAME.asn1db
+PKCS-FRAME.asn1db:			PKCS-8.asn1\
+					PKCS5v2-0.asn1
\ No newline at end of file
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1
index ad704191a9..fbf531df40 100644
--- a/lib/public_key/asn1/OTP-PKIX.asn1
+++ b/lib/public_key/asn1/OTP-PKIX.asn1
@@ -91,7 +91,7 @@ IMPORTS
        id-ce-certificateIssuer, CertificateIssuer,
        id-ce-holdInstructionCode, HoldInstructionCode,
        id-ce-invalidityDate, InvalidityDate
-
+       
        FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) 
        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 
        id-pkix1-implicit(19) }
@@ -114,8 +114,20 @@ IMPORTS
 	id-ecPublicKey, EcpkParameters, ECPoint
 	FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
 	     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
-	     id-mod-pkix1-algorithms(17) };
-
+	     id-mod-pkix1-algorithms(17) }
+	     
+       md2WithRSAEncryption,
+       md5WithRSAEncryption,
+       sha1WithRSAEncryption,
+       sha256WithRSAEncryption,
+       sha384WithRSAEncryption,
+       sha512WithRSAEncryption	     
+    	     
+      FROM PKCS-1 {
+       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
+        modules(0) pkcs-1(1)
+	};	   
+	     
 --
 -- Certificate
 --
@@ -295,6 +307,9 @@ PublicKeyAlgorithm ::=  SEQUENCE  {
 SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { 
 		    dsa-with-sha1 | md2-with-rsa-encryption |
 		    md5-with-rsa-encryption | sha1-with-rsa-encryption |
+		    sha256-with-rsa-encryption |
+		    sha384-with-rsa-encryption |
+		    sha512-with-rsa-encryption |
 		    ecdsa-with-sha1 } 
 
 SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { 
@@ -340,6 +355,18 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= {
 			    ID sha1WithRSAEncryption 
 			    TYPE NULL }
 
+   sha256-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha256WithRSAEncryption 
+			    TYPE NULL }
+
+   sha384-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha384WithRSAEncryption 
+			    TYPE NULL }
+	    
+   sha512-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha512WithRSAEncryption 
+			    TYPE NULL }
+
    -- Certificate.signature
    -- See PKCS #1 (RFC 2313). XXX
 
diff --git a/lib/public_key/asn1/PKCS-1.asn1 b/lib/public_key/asn1/PKCS-1.asn1
index b06f5efa9d..b06f5efa9d 100755..100644
--- a/lib/public_key/asn1/PKCS-1.asn1
+++ b/lib/public_key/asn1/PKCS-1.asn1
diff --git a/lib/public_key/asn1/PKCS-8.asn1 b/lib/public_key/asn1/PKCS-8.asn1
new file mode 100644
index 0000000000..8412345b68
--- /dev/null
+++ b/lib/public_key/asn1/PKCS-8.asn1
@@ -0,0 +1,143 @@
+PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8)
+        modules(1) pkcs-8(1)} 
+
+-- $Revision: 1.5 $
+
+-- This module has been checked for conformance with the ASN.1
+-- standard by the OSS ASN.1 Tools
+
+DEFINITIONS IMPLICIT TAGS ::= 
+
+BEGIN
+
+-- EXPORTS All --
+-- All types and values defined in this module is exported for use in other
+-- ASN.1 modules.
+
+--IMPORTS
+
+-- informationFramework
+--        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
+--                                usefulDefinitions(0) 3} 
+
+--Attribute
+--        FROM InformationFramework informationFramework
+--        FROM InformationFramework;
+
+-- This import is really unnecessary since ALGORITHM-IDENTIFIER is defined as a 
+-- TYPE-IDENTIFIER
+-- Renome this import and replace all occurences of ALGORITHM-IDENTIFIER with
+-- TYPE-IDENTIFIER as a workaround for weaknesses in the ASN.1 compiler
+--AlgorithmIdentifier, ALGORITHM-IDENTIFIER
+--        FROM PKCS5v2-0 {iso(1) member-body(2) us(840) rsadsi(113549)
+--        pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)};
+
+-- Inlined from PKCS5v2-0 since it is the only thing imported from that module
+-- AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= 
+AlgorithmIdentifier { TYPE-IDENTIFIER:InfoObjectSet } ::= 
+SEQUENCE {
+--  algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
+  algorithm TYPE-IDENTIFIER.&id({InfoObjectSet}),
+--  parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet}
+  parameters TYPE-IDENTIFIER.&Type({InfoObjectSet}
+    {@algorithm}) OPTIONAL }
+
+-- Private-key information syntax
+
+PrivateKeyInfo ::= SEQUENCE {
+  version Version,
+--  privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
+  privateKeyAlgorithm AlgorithmIdentifier {{...}},
+  privateKey PrivateKey,
+  attributes [0] Attributes OPTIONAL }
+
+Version ::= INTEGER {v1(0)} (v1,...)
+
+PrivateKey ::= OCTET STRING
+
+-- Attributes ::= SET OF PKAttribute
+Attributes ::= SET OF PKAttribute {{...}}
+
+-- Encrypted private-key information syntax
+
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+--    encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
+    encryptionAlgorithm AlgorithmIdentifier {{...}},
+    encryptedData EncryptedData 
+}
+
+EncryptedData ::= OCTET STRING
+
+-- PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
+PrivateKeyAlgorithms TYPE-IDENTIFIER ::= {
+    ... -- For local profiles
+}
+
+-- KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
+KeyEncryptionAlgorithms TYPE-IDENTIFIER ::= {
+    ... -- For local profiles
+}
+
+-- From InformationFramework
+PKAttribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE {
+  type               ATTRIBUTE.&id({SupportedAttributes}),
+  values
+    SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+  valuesWithContext
+    SET SIZE (1..MAX) OF
+      SEQUENCE {value        ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+                contextList  SET SIZE (1..MAX) OF Context} OPTIONAL
+}
+
+Context ::= SEQUENCE {
+  contextType    CONTEXT.&id({SupportedContexts}),
+  contextValues
+    SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
+  fallback       BOOLEAN DEFAULT FALSE
+}
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the context specifications
+SupportedContexts CONTEXT ::=
+  {...}
+
+
+CONTEXT ::= CLASS {
+  &Type          ,
+  &DefaultValue  OPTIONAL,
+  &Assertion     OPTIONAL,
+  &absentMatch   BOOLEAN DEFAULT TRUE,
+  &id            OBJECT IDENTIFIER UNIQUE
+}
+  
+-- ATTRIBUTE information object class specification 
+ATTRIBUTE ::= CLASS {
+  &derivation            ATTRIBUTE OPTIONAL,
+  &Type                  OPTIONAL, -- either &Type or &derivation required 
+  &equality-match        MATCHING-RULE OPTIONAL,
+  &ordering-match        MATCHING-RULE OPTIONAL,
+  &substrings-match      MATCHING-RULE OPTIONAL,
+  &single-valued         BOOLEAN DEFAULT FALSE,
+  &collective            BOOLEAN DEFAULT FALSE,
+  &dummy                 BOOLEAN DEFAULT FALSE,
+  -- operational extensions 
+  &no-user-modification  BOOLEAN DEFAULT FALSE,
+  &usage                 AttributeUsage DEFAULT userApplications,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+
+-- MATCHING-RULE information object class specification 
+MATCHING-RULE ::= CLASS {
+  &ParentMatchingRules   MATCHING-RULE OPTIONAL,
+  &AssertionType         OPTIONAL,
+  &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+
+AttributeUsage ::= ENUMERATED {
+  userApplications(0), directoryOperation(1), distributedOperation(2),
+  dSAOperation(3)}
+
+END
+
+
diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn
new file mode 100644
index 0000000000..69b6727bef
--- /dev/null
+++ b/lib/public_key/asn1/PKCS-FRAME.set.asn
@@ -0,0 +1,2 @@
+PKCS-8.asn1
+PKCS5v2-0.asn1
diff --git a/lib/public_key/asn1/PKCS5v2-0.asn1 b/lib/public_key/asn1/PKCS5v2-0.asn1
new file mode 100644
index 0000000000..fe7e16c7fa
--- /dev/null
+++ b/lib/public_key/asn1/PKCS5v2-0.asn1
@@ -0,0 +1,142 @@
+-- PKCS #5 v2.0 ASN.1 Module
+-- Revised March 25, 1999
+
+-- This module has been checked for conformance with the
+-- ASN.1 standard by the OSS ASN.1 Tools
+
+PKCS5v2-0 {iso(1) member-body(2) us(840) rsadsi(113549)
+  pkcs(1) pkcs-5(5) modules(16) pkcs5v2-0(1)}
+
+DEFINITIONS ::= BEGIN
+
+-- Basic object identifiers
+
+rsadsi OBJECT IDENTIFIER ::= 
+  {iso(1) member-body(2) us(840) 113549}
+pkcs OBJECT IDENTIFIER ::= {rsadsi 1}
+pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}
+
+-- Basic types and classes
+
+AlgorithmIdentifier { TYPE-IDENTIFIER:InfoObjectSet } ::= 
+SEQUENCE {
+  algorithm TYPE-IDENTIFIER.&id({InfoObjectSet}),
+  parameters TYPE-IDENTIFIER.&Type({InfoObjectSet}
+    {@algorithm}) OPTIONAL }
+
+--ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
+
+-- PBKDF2
+
+-- PBKDF2Algorithms ALGORITHM-IDENTIFIER ::= 
+--   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
+
+id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+
+-- algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
+--   {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+
+PBKDF2-params ::= SEQUENCE {
+  salt CHOICE {
+    specified OCTET STRING,
+    otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
+  },
+  iterationCount INTEGER (1..MAX),
+  keyLength INTEGER (1..MAX) OPTIONAL,
+  prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
+{algorithm id-hmacWithSHA1, parameters NULL : NULL}}
+--    algid-hmacWithSHA1 }
+
+PBKDF2-SaltSources TYPE-IDENTIFIER ::= { ... }
+
+PBKDF2-PRFs TYPE-IDENTIFIER ::=
+  { {NULL IDENTIFIED BY id-hmacWithSHA1}, ... }
+
+ -- PBES1
+
+PBES1Algorithms TYPE-IDENTIFIER ::= 
+  { {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC} |
+    {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC} |
+    {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC} |
+    {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC} |
+    {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} |
+    {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC}, ...}
+
+pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1}
+pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4}
+pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3}
+pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6}
+pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10}
+pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11}
+
+PBEParameter ::= SEQUENCE {
+  salt OCTET STRING (SIZE(8)),
+  iterationCount INTEGER }
+
+-- PBES2
+
+PBES2Algorithms TYPE-IDENTIFIER ::= 
+  { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
+
+id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+
+PBES2-params ::= SEQUENCE {
+  keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+  encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
+
+PBES2-KDFs TYPE-IDENTIFIER ::=
+  { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
+
+PBES2-Encs TYPE-IDENTIFIER ::= { ... }
+
+-- PBMAC1
+
+PBMAC1Algorithms TYPE-IDENTIFIER ::= 
+  { {PBMAC1-params IDENTIFIED BY id-PBMAC1}, ...}
+
+id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14}
+
+PBMAC1-params ::=  SEQUENCE {
+  keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}},
+  messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}} }
+
+PBMAC1-KDFs TYPE-IDENTIFIER ::=
+  { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
+
+PBMAC1-MACs TYPE-IDENTIFIER ::= { ... }
+
+-- Supporting techniques
+
+digestAlgorithm OBJECT IDENTIFIER     ::= {rsadsi 2}
+encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3}
+
+SupportingAlgorithms TYPE-IDENTIFIER ::=
+  { {NULL IDENTIFIED BY id-hmacWithSHA1} |
+    {OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} |
+    {OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} |
+    {RC2-CBC-Parameter IDENTIFIED BY rc2CBC} |
+    {RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD}, ... }
+
+id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
+
+desCBC OBJECT IDENTIFIER ::=
+  {iso(1) identified-organization(3) oiw(14) secsig(3)
+    algorithms(2) 7} -- from OIW
+
+des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}
+
+rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2}
+
+RC2-CBC-Parameter ::= SEQUENCE {
+  rc2ParameterVersion INTEGER OPTIONAL,
+  iv OCTET STRING (SIZE(8)) }
+
+rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9} 
+
+RC5-CBC-Parameters ::= SEQUENCE {
+  version INTEGER {v1-0(16)}, -- (v1-0),
+  rounds INTEGER (8..127),
+  blockSizeInBits INTEGER (64 | 128),
+  iv OCTET STRING OPTIONAL }
+
+END
diff --git a/lib/public_key/doc/src/Makefile b/lib/public_key/doc/src/Makefile
index afb17399da..9616a96195 100644
--- a/lib/public_key/doc/src/Makefile
+++ b/lib/public_key/doc/src/Makefile
@@ -29,14 +29,6 @@ VSN=$(PUBLIC_KEY_VSN)
 APPLICATION=public_key
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif 
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -79,33 +71,10 @@ EXTRA_FILES = \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-        $(XML_PART_FILES:%.xml=%.tex) \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = public_key-$(VSN).pdf
-TOP_PS_FILE  = public_key-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS
 # ----------------------------------------------------
@@ -118,8 +87,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -134,33 +101,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ min_head.gif \
-	$(LATEX_CLEAN)
-
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -173,8 +113,6 @@ debug opt:
 # ----------------------------------------------------
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -184,30 +122,6 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-endif
-endif
-
-endif
-
 release_spec:
 
 info:
diff --git a/lib/public_key/doc/src/introduction.xml b/lib/public_key/doc/src/introduction.xml
index 8cf11ee10e..a21fcf3576 100644
--- a/lib/public_key/doc/src/introduction.xml
+++ b/lib/public_key/doc/src/introduction.xml
@@ -48,5 +48,13 @@
     of the concepts of using public keys.</p>
   </section>
 
+  <section>
+    <title>Performance tips</title>
+    <p>The public_key decode and encode functions will try to use the nifs
+    which are in the asn1 compilers runtime modules if they can be found.
+    So for the best  performance you want to have the asn1 application in the
+    path of your system. </p>
+  </section>
+
 </chapter>
 
diff --git a/lib/public_key/doc/src/make.dep b/lib/public_key/doc/src/make.dep
deleted file mode 100644
index 2675556f1b..0000000000
--- a/lib/public_key/doc/src/make.dep
+++ /dev/null
@@ -1,21 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex cert_records.tex introduction.tex \
-		part.tex public_key.tex public_key_records.tex \
-		ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml
index efd4a37eb9..c9a5561e3f 100644
--- a/lib/public_key/doc/src/notes.xml
+++ b/lib/public_key/doc/src/notes.xml
@@ -34,6 +34,28 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Public_Key 0.14</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+          <p>
+	    The asn1 decoder/encoder now uses a runtime nif from the
+	    asn1 application if it is available.</p>
+          <p>
+	    Own Id: OTP-9414</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Public_Key 0.13</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 9a3832c68b..0b6673e826 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -61,11 +61,14 @@
     <p><code>string = [bytes()]</code></p>
    
     <p><code>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| 'RSAPublicKey'
-    'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo'</code></p>
+    'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo'| 'PrivateKeyInfo'</code></p>
     
     <p><code>pem_entry () = {pki_asn1_type(), binary(), %% DER or encrypted DER
-          not_encrypted | {"DES-CBC" | "DES-EDE3-CBC",  crypto:rand_bytes(8)}}.</code></p>
-    
+          not_encrypted | cipher_info()} </code></p>
+
+    <p><code>cipher_info()  =  {"RC2-CBC | "DES-CBC" | "DES-EDE3-CBC", crypto:rand_bytes(8)} |
+    'PBES2-params'} </code></p>
+	  
     <p><code>rsa_public_key()  = #'RSAPublicKey'{}</code></p>
 
     <p><code>rsa_private_key() = #'RSAPrivateKey'{} </code></p>
@@ -118,7 +121,8 @@
 <funcs>    
 
   <func>
-    <name>decrypt_private(CipherText, Key [, Options]) -> binary()</name>
+    <name>decrypt_private(CipherText, Key) -> binary()</name>
+    <name>decrypt_private(CipherText, Key, Options) -> binary()</name>
     <fsummary>Public key decryption.</fsummary>
     <type>
       <v>CipherText = binary()</v>
@@ -131,7 +135,8 @@
   </func>
 
   <func>
-    <name>decrypt_public(CipherText, Key [, Options]) - > binary()</name>
+    <name>decrypt_public(CipherText, Key) - > binary()</name>
+    <name>decrypt_public(CipherText, Key, Options) - > binary()</name>
     <fsummary></fsummary>
     <type>
       <v>CipherText = binary()</v>
@@ -198,7 +203,8 @@
   </func>
 
    <func>
-    <name>pem_entry_decode(PemEntry [, Password]) -> term()</name>
+    <name>pem_entry_decode(PemEntry) -> term()</name>
+    <name>pem_entry_decode(PemEntry, Password) -> term()</name>
     <fsummary>Decodes a pem entry.</fsummary>
     <type>
       <v> PemEntry = pem_entry() </v> 
@@ -213,7 +219,8 @@
   </func>
 
    <func>
-    <name>pem_entry_encode(Asn1Type, Entity [,{CipherInfo, Password}]) -> pem_entry()</name>
+    <name>pem_entry_encode(Asn1Type, Entity) -> pem_entry()</name>
+    <name>pem_entry_encode(Asn1Type, Entity, {CipherInfo, Password}) -> pem_entry()</name>
     <fsummary> Creates a pem entry that can be fed to pem_encode/1.</fsummary>
     <type>
       <v>Asn1Type = pki_asn1_type()</v>
@@ -224,7 +231,7 @@
       dsa_public_key() and this function will create the appropriate
       'SubjectPublicKeyInfo' entry.
       </d>
-      <v>CipherInfo = {"DES-CBC" | "DES-EDE3-CBC",  crypto:rand_bytes(8)}</v>
+      <v>CipherInfo = cipher_info()</v>
       <v>Password = string()</v> 
   </type> 
   <desc> 
@@ -446,7 +453,7 @@
   <desc>
     <p>Encodes a list of ssh file entries (public keys and attributes) to a binary. Possible
     attributes depends on the file type, see <seealso
-    marker="ssh_decode"> ssh_decode/2 </seealso></p>
+    marker="#ssh_decode-2"> ssh_decode/2 </seealso></p>
   </desc>
   </func>
 
diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl
index 5f97d80f7e..2475295974 100644
--- a/lib/public_key/include/public_key.hrl
+++ b/lib/public_key/include/public_key.hrl
@@ -23,6 +23,7 @@
 -define(public_key, true).
 
 -include("OTP-PUB-KEY.hrl").
+-include("PKCS-FRAME.hrl").
 
 -record('SubjectPublicKeyInfoAlgorithm', {
  	  algorithm, 
diff --git a/lib/public_key/src/Makefile b/lib/public_key/src/Makefile
index 5a24b02d2a..062c495a65 100644
--- a/lib/public_key/src/Makefile
+++ b/lib/public_key/src/Makefile
@@ -42,10 +42,11 @@ MODULES = \
 	public_key \
 	pubkey_pem \
 	pubkey_ssh \
+	pubkey_pbe \
 	pubkey_cert \
-        pubkey_cert_records 
+	pubkey_cert_records 
 
-HRL_FILES = $(INCLUDE)/public_key.hrl
+HRL_FILES = $(INCLUDE)/public_key.hrl 
 
 INTERNAL_HRL_FILES = 
 
@@ -109,4 +110,3 @@ release_spec: opt
 	$(INSTALL_DATA) $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) $(RELSYSDIR)/ebin
 
 release_docs_spec:
-
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 5ab9642279..b76e32a2a0 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -351,7 +351,7 @@ extensions_list(Extensions) ->
 
 
 extract_verify_data(OtpCert, DerCert) ->
-    {0, Signature} = OtpCert#'OTPCertificate'.signature,
+    {_, Signature} = OtpCert#'OTPCertificate'.signature,
     SigAlgRec = OtpCert#'OTPCertificate'.signatureAlgorithm,
     SigAlg = SigAlgRec#'SignatureAlgorithm'.algorithm,
     PlainText = encoded_tbs_cert(DerCert),
@@ -376,6 +376,10 @@ encoded_tbs_cert(Cert) ->
 
 digest_type(?sha1WithRSAEncryption) ->
     sha;
+digest_type(?sha256WithRSAEncryption) ->
+    sha256;
+digest_type(?sha512WithRSAEncryption) ->
+    sha512;
 digest_type(?md5WithRSAEncryption) ->
     md5;
 digest_type(?'id-dsa-with-sha1') ->
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
new file mode 100644
index 0000000000..43f6c42f10
--- /dev/null
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -0,0 +1,213 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%% Description: Implements Password Based Encryption PKCS-5, RFC-2898
+
+-module(pubkey_pbe).
+
+-include("public_key.hrl").
+
+-export([encode/4, decode/4, decrypt_parameters/1]). 
+-export([pbdkdf1/4, pbdkdf2/6]).
+
+-define(DEFAULT_SHA_MAC_KEYLEN, 20).
+-define(ASN1_OCTET_STR_TAG, 4).
+-define(IV_LEN, 8).
+
+%%====================================================================
+%% Internal application API
+%%====================================================================
+
+%%--------------------------------------------------------------------
+-spec encode(binary(), string(), string(), term()) -> binary().
+%%
+%% Description: Performs password based encoding
+%%--------------------------------------------------------------------
+encode(Data, Password, "DES-CBC" = Cipher, KeyDevParams) ->
+    {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
+    crypto:des_cbc_encrypt(Key, IV, Data);
+
+encode(Data, Password, "DES-EDE3-CBC" = Cipher, KeyDevParams) ->
+    {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
+    <<Key1:8/binary, Key2:8/binary, Key3:8/binary>> = Key,
+    crypto:des_ede3_cbc_encrypt(Key1, Key2, Key3, IV, Data);
+
+encode(Data, Password, "RC2-CBC" = Cipher, KeyDevParams) ->
+    {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
+    crypto:rc2_cbc_encrypt(Key, IV, Data).
+%%--------------------------------------------------------------------
+-spec decode(binary(), string(), string(), term()) -> binary().
+%%
+%% Description: Performs password based decoding
+%%--------------------------------------------------------------------
+decode(Data, Password,"DES-CBC"= Cipher, KeyDevParams) ->
+    {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
+    crypto:des_cbc_decrypt(Key, IV, Data);
+
+decode(Data, Password,"DES-EDE3-CBC" = Cipher, KeyDevParams) ->
+    {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
+    <<Key1:8/binary, Key2:8/binary, Key3:8/binary>> = Key,
+    crypto:des_ede3_cbc_decrypt(Key1, Key2, Key3, IV, Data);
+
+decode(Data, Password,"RC2-CBC"= Cipher, KeyDevParams) ->
+    {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
+    crypto:rc2_cbc_decrypt(Key, IV, Data).
+
+%%--------------------------------------------------------------------
+-spec pbdkdf1(string(), iodata(), integer(), atom()) -> binary().
+%%
+%% Description: Implements password based decryption key derive function 1.
+%% Exported mainly for testing purposes.
+%%--------------------------------------------------------------------
+pbdkdf1(_, _, 0, Acc) ->
+    Acc;
+pbdkdf1(Password, Salt, Count, Hash) ->
+    Result = crypto:Hash([Password, Salt]),
+    do_pbdkdf1(Result, Count-1, Result, Hash).
+
+%%--------------------------------------------------------------------
+-spec pbdkdf2(string(), iodata(), integer(), integer(), fun(), integer())
+	     -> binary().
+%%
+%% Description: Implements password based decryption key derive function 2.
+%% Exported mainly for testing purposes.
+%%--------------------------------------------------------------------
+pbdkdf2(Password, Salt, Count, DerivedKeyLen, Prf, PrfOutputLen)->
+    NumBlocks = ceiling(DerivedKeyLen / PrfOutputLen),
+    NumLastBlockOctets = DerivedKeyLen - (NumBlocks - 1) * PrfOutputLen ,
+    blocks(NumBlocks, NumLastBlockOctets, 1, Password, Salt, 
+	   Count, Prf, PrfOutputLen, <<>>).
+%%--------------------------------------------------------------------
+-spec decrypt_parameters(#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{}) -> 
+				{Cipher::string(), #'PBES2-params'{}}.
+%%
+%% Description: Performs ANS1-decoding of encryption parameters.
+%%--------------------------------------------------------------------
+decrypt_parameters(#'EncryptedPrivateKeyInfo_encryptionAlgorithm'{
+		      algorithm = Oid, parameters = Param}) ->
+     decrypt_parameters(Oid, Param).
+    
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
+password_to_key_and_iv(Password, _, #'PBES2-params'{} = Params) ->
+    {Salt, ItrCount, KeyLen, PseudoRandomFunction, PseudoOtputLen, IV} =
+	key_derivation_params(Params),
+    <<Key:KeyLen/binary, _/binary>> = 
+	pbdkdf2(Password, Salt, ItrCount, KeyLen, PseudoRandomFunction, PseudoOtputLen),
+    {Key, IV};
+password_to_key_and_iv(Password, Cipher, Salt) ->
+    KeyLen = derived_key_length(Cipher, undefined),
+    <<Key:KeyLen/binary, _/binary>> = 
+	pem_encrypt(<<>>, Password, Salt, ceiling(KeyLen div 16), <<>>, md5),
+    %% Old PEM encryption does not use standard encryption method
+    %% pbdkdf1 and uses then salt as IV
+    {Key, Salt}.
+
+pem_encrypt(_, _, _, 0, Acc, _) ->
+    Acc;
+pem_encrypt(Prev, Password, Salt, Count, Acc, Hash) ->
+    Result = crypto:Hash([Prev, Password, Salt]),
+    pem_encrypt(Result, Password, Salt, Count-1 , <<Acc/binary, Result/binary>>, Hash).
+
+do_pbdkdf1(_, 0, Acc, _) ->
+    Acc;
+do_pbdkdf1(Prev, Count, Acc, Hash) ->
+    Result = crypto:Hash(Prev),
+    do_pbdkdf1(Result, Count-1 , <<Result/binary, Acc/binary>>, Hash).
+
+iv(#'PBES2-params_encryptionScheme'{algorithm = Algo,
+				    parameters = ASNIV}) when (Algo == ?'desCBC') or
+							      (Algo == ?'des-EDE3-CBC') ->
+    %% This is an so called open ASN1-type that in this
+    %% case will be an octet-string of length 8
+    <<?ASN1_OCTET_STR_TAG, ?IV_LEN, IV:?IV_LEN/binary>> = ASNIV,
+    IV;
+iv(#'PBES2-params_encryptionScheme'{algorithm = ?'rc2CBC',
+				    parameters = ASN1IV}) ->
+    {ok, #'RC2-CBC-Parameter'{iv = IV}} = 'PKCS-FRAME':decode('RC2-CBC-Parameter', ASN1IV),
+    iolist_to_binary(IV).
+
+blocks(1, N, Index, Password, Salt, Count, Prf, PrfLen, Acc) ->
+    <<XorSum:N/binary, _/binary>> = xor_sum(Password, Salt, Count, Index, Prf, PrfLen),
+    <<Acc/binary, XorSum/binary>>;
+blocks(NumBlocks, N, Index, Password, Salt, Count, Prf, PrfLen, Acc) ->
+    XorSum = xor_sum(Password, Salt, Count, Index, Prf, PrfLen),
+    blocks(NumBlocks -1, N, Index +1, Password, Salt, Count, Prf, 
+	   PrfLen, <<Acc/binary, XorSum/binary>>).
+
+xor_sum(Password, Salt, Count, Index, Prf, PrfLen) ->
+    Result = Prf(Password, [Salt,<<Index:32/unsigned-big-integer>>], PrfLen),
+    do_xor_sum(Prf, PrfLen, Result, Password, Count-1, Result).
+
+do_xor_sum(_, _, _, _, 0, Acc) ->
+    Acc;
+do_xor_sum(Prf, PrfLen, Prev, Password, Count, Acc)-> 					   
+    Result = Prf(Password, Prev, PrfLen),
+    do_xor_sum(Prf, PrfLen, Result, Password, Count-1, crypto:exor(Acc, Result)).
+
+decrypt_parameters(?'id-PBES2', DekParams) ->
+    {ok, Params} = 'PKCS-FRAME':decode('PBES2-params', DekParams),
+    {cipher(Params#'PBES2-params'.encryptionScheme), Params}.
+
+key_derivation_params(#'PBES2-params'{keyDerivationFunc = KeyDerivationFunc,
+				      encryptionScheme = EncScheme}) ->
+    #'PBES2-params_keyDerivationFunc'{algorithm = ?'id-PBKDF2',
+				      parameters =
+					  #'PBKDF2-params'{salt = {specified, OctetSalt},
+							   iterationCount = Count,
+							   keyLength = Length,
+							   prf = Prf}} = KeyDerivationFunc,
+    #'PBES2-params_encryptionScheme'{algorithm = Algo} = EncScheme,
+    {PseudoRandomFunction, PseudoOtputLen} = pseudo_random_function(Prf),
+    KeyLen = derived_key_length(Algo, Length),
+    {OctetSalt, Count, KeyLen,
+     PseudoRandomFunction, PseudoOtputLen, iv(EncScheme)}.
+
+%% This function currently matches a tuple that ougth to be the value
+%% ?'id-hmacWithSHA1, but we need some kind of ASN1-fix for this.
+pseudo_random_function(#'PBKDF2-params_prf'{algorithm = 
+						{_,_, _,'id-hmacWithSHA1'}}) ->
+    {fun crypto:sha_mac/3, pseudo_output_length(?'id-hmacWithSHA1')};
+pseudo_random_function(#'PBKDF2-params_prf'{algorithm = ?'id-hmacWithSHA1'}) ->
+    {fun crypto:sha_mac/3, pseudo_output_length(?'id-hmacWithSHA1')}.
+
+pseudo_output_length(?'id-hmacWithSHA1') ->
+    ?DEFAULT_SHA_MAC_KEYLEN.
+
+derived_key_length(_, Len) when is_integer(Len) ->
+    Len;
+derived_key_length(Cipher,_) when (Cipher == ?'desCBC') or 
+				  (Cipher == "DES-CBC") ->
+    8;
+derived_key_length(Cipher,_) when (Cipher == ?'rc2CBC') or 
+				  (Cipher == "RC2-CBC") ->
+    16;
+derived_key_length(Cipher,_) when (Cipher == ?'des-EDE3-CBC') or 
+				  (Cipher == "DES-EDE3-CBC") ->
+    24.
+
+cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'desCBC'}) ->
+    "DES-CBC";
+cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'des-EDE3-CBC'}) ->
+    "DES-EDE3-CBC";
+cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'rc2CBC'}) ->
+    "RC2-CBC".
+
+ceiling(Float) -> 
+    erlang:round(Float + 0.5).
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index c26815bc04..910473d629 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -43,8 +43,6 @@
 -include("public_key.hrl").
 
 -export([encode/1, decode/1, decipher/2, cipher/3]).
-%% Backwards compatibility
--export([decode_key/2]).
 
 -define(ENCODED_LINE_LENGTH, 64).
 
@@ -69,23 +67,23 @@ encode(PemEntries) ->
     encode_pem_entries(PemEntries).
 
 %%--------------------------------------------------------------------
--spec decipher({pki_asn1_type(), DerEncrypted::binary(),{Cipher :: string(),
-							 Salt :: binary()}},
+-spec decipher({pki_asn1_type(), DerEncrypted::binary(),
+		{Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}}},
 	       string()) -> Der::binary().
 %%
 %% Description: Deciphers a decrypted pem entry.
 %%--------------------------------------------------------------------
-decipher({_, DecryptDer, {Cipher,Salt}}, Password) ->
-    decode_key(DecryptDer, Password, Cipher, Salt).	
+decipher({_, DecryptDer, {Cipher, KeyDevParams}}, Password) ->
+    pubkey_pbe:decode(DecryptDer, Password, Cipher, KeyDevParams).
 
 %%--------------------------------------------------------------------
--spec cipher(Der::binary(),{Cipher :: string(), Salt :: binary()} ,
+-spec cipher(Der::binary(), {Cipher :: string(), Salt :: iodata() | #'PBES2-params'{}} ,
 	     string()) -> binary().
 %%
 %% Description: Ciphers a PEM entry
 %%--------------------------------------------------------------------
-cipher(Der, {Cipher,Salt}, Password)->
-    encode_key(Der, Password, Cipher, Salt).
+cipher(Der, {Cipher, KeyDevParams}, Password)->
+    pubkey_pbe:encode(Der, Password, Cipher, KeyDevParams).
 
 %%--------------------------------------------------------------------
 %%% Internal functions
@@ -127,8 +125,20 @@ decode_pem_entry(Start, Lines) ->
     Type = asn1_type(Start),
     Cs = erlang:iolist_to_binary(Lines),
     Decoded = base64:mime_decode(Cs),
-    {Type, Decoded, not_encrypted}.
-    
+    case Type of
+	'EncryptedPrivateKeyInfo'->
+	    decode_encrypted_private_keyinfo(Decoded);
+	_ ->
+	    {Type, Decoded, not_encrypted}
+    end.
+
+decode_encrypted_private_keyinfo(Der) ->
+    #'EncryptedPrivateKeyInfo'{encryptionAlgorithm = AlgorithmInfo,				  
+			       encryptedData = Data} = 
+	public_key:der_decode('EncryptedPrivateKeyInfo', Der),
+    DecryptParams = pubkey_pbe:decrypt_parameters(AlgorithmInfo), 
+    {'PrivateKeyInfo', iolist_to_binary(Data), DecryptParams}.
+
 split_bin(Bin) ->
     split_bin(0, Bin).
 
@@ -160,37 +170,6 @@ join_entry([<<"-----END ", _/binary>>| Lines], Entry) ->
 join_entry([Line | Lines], Entry) ->
     join_entry(Lines, [Line | Entry]).
 
-decode_key(Data, Password, "DES-CBC", Salt) ->
-    Key = password_to_key(Password, Salt, 8),
-    IV = Salt,
-    crypto:des_cbc_decrypt(Key, IV, Data);
-decode_key(Data,  Password, "DES-EDE3-CBC", Salt) ->
-    Key = password_to_key(Password, Salt, 24),
-    IV = Salt,
-    <<Key1:8/binary, Key2:8/binary, Key3:8/binary>> = Key,
-    crypto:des_ede3_cbc_decrypt(Key1, Key2, Key3, IV, Data).
-
-encode_key(Data, Password, "DES-CBC", Salt) ->
-    Key = password_to_key(Password, Salt, 8),
-    IV = Salt,
-    crypto:des_cbc_encrypt(Key, IV, Data);
-encode_key(Data, Password, "DES-EDE3-CBC", Salt) ->
-    Key = password_to_key(Password, Salt, 24),
-    IV = Salt,
-    <<Key1:8/binary, Key2:8/binary, Key3:8/binary>> = Key,
-    crypto:des_ede3_cbc_encrypt(Key1, Key2, Key3, IV, Data).
-
-password_to_key(Data, Salt, KeyLen) ->
-    <<Key:KeyLen/binary, _/binary>> = 
-	password_to_key(<<>>, Data, Salt, KeyLen, <<>>),
-    Key.
-
-password_to_key(_, _, _, Len, Acc) when Len =< 0 ->
-    Acc;
-password_to_key(Prev, Data, Salt, Len, Acc) ->
-    M = crypto:md5([Prev, Data, Salt]),
-    password_to_key(M, Data, Salt, Len - size(M), <<Acc/binary, M/binary>>).
-
 unhex(S) ->
     unhex(S, []).
 
@@ -228,6 +207,10 @@ pem_end(<<"-----BEGIN DSA PRIVATE KEY-----">>) ->
     <<"-----END DSA PRIVATE KEY-----">>;
 pem_end(<<"-----BEGIN DH PARAMETERS-----">>) ->
     <<"-----END DH PARAMETERS-----">>;
+pem_end(<<"-----BEGIN PRIVATE KEY-----">>) ->
+    <<"-----END PRIVATE KEY-----">>;
+pem_end(<<"-----BEGIN ENCRYPTED PRIVATE KEY-----">>) ->
+    <<"-----END ENCRYPTED PRIVATE KEY-----">>;
 pem_end(_) ->
     undefined.
 
@@ -242,18 +225,14 @@ asn1_type(<<"-----BEGIN PUBLIC KEY-----">>) ->
 asn1_type(<<"-----BEGIN DSA PRIVATE KEY-----">>) ->
     'DSAPrivateKey';
 asn1_type(<<"-----BEGIN DH PARAMETERS-----">>) ->
-    'DHParameter'.
+    'DHParameter';
+asn1_type(<<"-----BEGIN PRIVATE KEY-----">>) ->
+    'PrivateKeyInfo';
+asn1_type(<<"-----BEGIN ENCRYPTED PRIVATE KEY-----">>) ->
+    'EncryptedPrivateKeyInfo'.
 
 pem_decrypt() ->
     <<"Proc-Type: 4,ENCRYPTED">>.
 
 pem_decrypt_info(Cipher, Salt) ->
     io_lib:format("DEK-Info: ~s,~s", [Cipher, lists:flatten(hexify(Salt))]).
-
-%%--------------------------------------------------------------------
-%%% Deprecated
-%%--------------------------------------------------------------------
-decode_key({_Type, Bin, not_encrypted}, _) ->
-    Bin;
-decode_key({_Type, Bin, {Chipher,Salt}}, Password) ->
-    decode_key(Bin, Password, Chipher, Salt).
diff --git a/lib/public_key/src/public_key.app.src b/lib/public_key/src/public_key.app.src
index 1963bd05d4..4cc81ea573 100644
--- a/lib/public_key/src/public_key.app.src
+++ b/lib/public_key/src/public_key.app.src
@@ -3,10 +3,12 @@
    {vsn, "%VSN%"},
    {modules, [	  public_key,
 		  pubkey_pem,
+		  pubkey_pbe,	
 		  pubkey_ssh,
 		  pubkey_cert,
 		  pubkey_cert_records,
-		  'OTP-PUB-KEY'
+		  'OTP-PUB-KEY',
+		  'PKCS-FRAME'
             ]},
    {applications, [crypto, kernel, stdlib]},
    {registered, []},
diff --git a/lib/public_key/src/public_key.appup.src b/lib/public_key/src/public_key.appup.src
index 4986801dad..2945fb1213 100644
--- a/lib/public_key/src/public_key.appup.src
+++ b/lib/public_key/src/public_key.appup.src
@@ -1,70 +1,16 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
- {"0.11",
-   [
-    {update, public_key, soft, soft_purge, soft_purge, []},
-    {update, pubkey_pem, soft, soft_purge, soft_purge, []},
-    {add_module, pubkey_ssh, soft, soft_purge, soft_purge},
-    {update, pubkey_cert, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []}
-   ]
-  },
-
- {"0.10",
-   [
-    {update, public_key, soft, soft_purge, soft_purge, []},
-    {update, pubkey_pem, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []}
-   ]
-  },
- {"0.9",
-   [
-    {update, public_key, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert, soft, soft_purge, soft_purge, []}
-   ]
-  },
-  {"0.8",
-   [
-    {update, 'OTP-PUB-KEY', soft, soft_purge, soft_purge, []},
-    {update, public_key, soft, soft_purge, soft_purge, []},
-    {update, pubkey_pem, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert, soft, soft_purge, soft_purge, []}
-   ]
-  }
+  {"0.13", [{restart_application, public_key}]},
+  {"0.11", [{restart_application, public_key}]},
+  {"0.10", [{restart_application, public_key}]},
+  {"0.9",  [{restart_application, public_key}]},
+  {"0.8",  [{restart_application, public_key}]}
  ],
  [
-  {"0.11",
-   [
-    {update, public_key, soft, soft_purge, soft_purge, []},
-    {update, pubkey_pem, soft, soft_purge, soft_purge, []},
-    {delete_module, pubkey_ssh, soft, soft_purge, soft_purge},
-    {update, pubkey_cert, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []}
-   ]
-  },
-
-  {"0.10",
-   [
-    {update, public_key, soft, soft_purge, soft_purge, []},
-    {update, pubkey_pem, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []}
-   ]
-  },
-  {"0.9",
-   [
-     {update, public_key, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert, soft, soft_purge, soft_purge, []}
-   ]
-  },
-  {"0.8",
-   [
-    {update, 'OTP-PUB-KEY', soft, soft_purge, soft_purge, []},
-    {update, public_key, soft, soft_purge, soft_purge, []},
-    {update, pubkey_pem, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert_records, soft, soft_purge, soft_purge, []},
-    {update, pubkey_cert, soft, soft_purge, soft_purge, []}
-   ]
-  }
+  {"0.13", [{restart_application, public_key}]},
+  {"0.11", [{restart_application, public_key}]},
+  {"0.10", [{restart_application, public_key}]},
+  {"0.9",  [{restart_application, public_key}]},
+  {"0.8",  [{restart_application, public_key}]}
  ]}.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 33fcce2c44..2e2a6cd296 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -45,17 +45,10 @@
 	 ssh_decode/2, ssh_encode/2
 	]).
 
-%% Deprecated
--export([decode_private_key/1, decode_private_key/2, pem_to_der/1]).
-
--deprecated({pem_to_der, 1, next_major_release}).
--deprecated({decode_private_key, 1, next_major_release}).
--deprecated({decode_private_key, 2, next_major_release}).
-
 -type rsa_padding()          :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' 
 			      | 'rsa_no_padding'.
 -type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
--type rsa_digest_type()      :: 'md5' | 'sha'.
+-type rsa_digest_type()      :: 'md5' | 'sha'| 'sha256' | 'sha512'.
 -type dss_digest_type()      :: 'none' | 'sha'.
 
 -define(UINT32(X), X:32/unsigned-big-integer).
@@ -104,22 +97,23 @@ pem_entry_decode({Asn1Type, Der, not_encrypted}) when is_atom(Asn1Type),
 pem_entry_decode({Asn1Type, Der, not_encrypted}, _) when is_atom(Asn1Type),
 							 is_binary(Der) ->
     der_decode(Asn1Type, Der);
+pem_entry_decode({Asn1Type, CryptDer, {Cipher, #'PBES2-params'{}}} = PemEntry, 
+		 Password) when is_atom(Asn1Type) andalso
+				is_binary(CryptDer) andalso
+				is_list(Cipher) ->
+    do_pem_entry_decode(PemEntry, Password);
 pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry, 
-		 Password) when is_atom(Asn1Type),
-				is_binary(CryptDer),
-				is_list(Cipher),
-				is_binary(Salt),
-				erlang:byte_size(Salt) == 8
-				->
-    Der = pubkey_pem:decipher(PemEntry, Password),
-    der_decode(Asn1Type, Der).
+		 Password) when is_atom(Asn1Type) andalso
+				is_binary(CryptDer) andalso
+				is_list(Cipher) andalso
+				is_binary(Salt) andalso
+				erlang:byte_size(Salt) == 8 ->
+    do_pem_entry_decode(PemEntry, Password).
 
 %%--------------------------------------------------------------------
 -spec pem_entry_encode(pki_asn1_type(), term()) -> pem_entry().
--spec pem_entry_encode(pki_asn1_type(), term(),
-		       {{Cipher :: string(), Salt :: binary()}, string()}) ->
-			      pem_entry().
-%
+-spec pem_entry_encode(pki_asn1_type(), term(), term()) -> pem_entry().
+%%
 %% Description: Creates a pem entry that can be feed to pem_encode/1.
 %%--------------------------------------------------------------------
 pem_entry_encode('SubjectPublicKeyInfo', Entity=#'RSAPublicKey'{}) ->
@@ -137,21 +131,36 @@ pem_entry_encode('SubjectPublicKeyInfo',
 pem_entry_encode(Asn1Type, Entity)  when is_atom(Asn1Type) ->
     Der = der_encode(Asn1Type, Entity),
     {Asn1Type, Der, not_encrypted}.
-pem_entry_encode(Asn1Type, Entity, 
-		 {{Cipher, Salt}= CipherInfo, Password}) when is_atom(Asn1Type),
-							      is_list(Cipher),
-							      is_binary(Salt),
-							      erlang:byte_size(Salt) == 8,
-							      is_list(Password)->
-    Der = der_encode(Asn1Type, Entity),
-    DecryptDer = pubkey_pem:cipher(Der, CipherInfo, Password),
-    {Asn1Type, DecryptDer, CipherInfo}.
-
+pem_entry_encode(Asn1Type, Entity, {{Cipher, #'PBES2-params'{}} = CipherInfo, 
+				    Password}) when is_atom(Asn1Type) andalso
+						    is_list(Password) andalso
+						    is_list(Cipher) ->
+    do_pem_entry_encode(Asn1Type, Entity, CipherInfo, Password);
+
+pem_entry_encode(Asn1Type, Entity, {{Cipher, Salt} = CipherInfo, 
+				    Password}) when is_atom(Asn1Type) andalso
+						    is_list(Password) andalso
+						    is_list(Cipher) andalso
+						    is_binary(Salt) andalso
+						    erlang:byte_size(Salt) == 8 ->
+    do_pem_entry_encode(Asn1Type, Entity, CipherInfo, Password).
+    
 %%--------------------------------------------------------------------
 -spec der_decode(asn1_type(), Der::binary()) -> term().
 %%
 %% Description: Decodes a public key asn1 der encoded entity.
 %%--------------------------------------------------------------------
+der_decode(Asn1Type, Der) when (Asn1Type == 'PrivateKeyInfo') or 
+			       (Asn1Type == 'EncryptedPrivateKeyInfo')
+			       andalso is_binary(Der) ->
+    try
+	{ok, Decoded} = 'PKCS-FRAME':decode(Asn1Type, Der),
+	Decoded
+    catch
+	error:{badmatch, {error, _}} = Error ->
+	    erlang:error(Error)
+    end;
+
 der_decode(Asn1Type, Der) when is_atom(Asn1Type), is_binary(Der) ->
     try 
 	{ok, Decoded} = 'OTP-PUB-KEY':decode(Asn1Type, Der),
@@ -166,6 +175,16 @@ der_decode(Asn1Type, Der) when is_atom(Asn1Type), is_binary(Der) ->
 %%
 %% Description: Encodes a public key entity with asn1 DER encoding.
 %%--------------------------------------------------------------------
+der_encode(Asn1Type, Entity) when (Asn1Type == 'PrivateKeyInfo') or 
+				  (Asn1Type == 'EncryptedPrivateKeyInfo') ->
+     try
+	{ok, Encoded} = 'PKCS-FRAME':encode(Asn1Type, Entity),
+	iolist_to_binary(Encoded)
+    catch
+	error:{badmatch, {error, _}} = Error ->
+	    erlang:error(Error)
+    end;
+
 der_encode(Asn1Type, Entity) when is_atom(Asn1Type) ->
     try 
 	{ok, Encoded} = 'OTP-PUB-KEY':encode(Asn1Type, Entity),
@@ -335,7 +354,10 @@ sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
 %%--------------------------------------------------------------------
 verify(PlainText, DigestType, Signature, 
        #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) 
-  when is_binary (PlainText), DigestType == sha; DigestType == md5 ->
+  when is_binary (PlainText) and (DigestType == sha orelse
+				  DigestType == sha256 orelse 
+				  DigestType == sha512 orelse 
+				  DigestType == md5) ->
     crypto:rsa_verify(DigestType,
 		      sized_binary(PlainText), 
 		      sized_binary(Signature), 
@@ -535,6 +557,14 @@ ssh_encode(Entries, Type) when is_list(Entries),
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
+do_pem_entry_encode(Asn1Type, Entity, CipherInfo, Password) ->
+    Der = der_encode(Asn1Type, Entity),
+    DecryptDer = pubkey_pem:cipher(Der, CipherInfo, Password),
+    {Asn1Type, DecryptDer, CipherInfo}.
+  
+do_pem_entry_decode({Asn1Type,_, _} = PemEntry, Password) ->
+    Der = pubkey_pem:decipher(PemEntry, Password),
+    der_decode(Asn1Type, Der).
 
 encrypt_public(PlainText, N, E, Options)->
     Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding),
@@ -632,20 +662,3 @@ validate(DerCert, #path_validation_state{working_issuer_name = Issuer,
 sized_binary(Binary) ->
     Size = size(Binary),
     <<?UINT32(Size), Binary/binary>>.
-
-%%--------------------------------------------------------------------
-%%% Deprecated functions
-%%--------------------------------------------------------------------
-pem_to_der(CertSource) ->
-    {ok, Bin} = file:read_file(CertSource),
-    {ok, pubkey_pem:decode(Bin)}.
-
-decode_private_key(KeyInfo) ->
-    decode_private_key(KeyInfo, no_passwd).
-
-decode_private_key(KeyInfo = {'RSAPrivateKey', _, _}, Password) ->
-    DerEncoded = pubkey_pem:decode_key(KeyInfo, Password),
-    'OTP-PUB-KEY':decode('RSAPrivateKey', DerEncoded);
-decode_private_key(KeyInfo = {'DSAPrivateKey', _, _}, Password) ->
-    DerEncoded = pubkey_pem:decode_key(KeyInfo, Password),
-    'OTP-PUB-KEY':decode('DSAPrivateKey', DerEncoded).
diff --git a/lib/public_key/test/Makefile b/lib/public_key/test/Makefile
index 6889ae9a8a..b7f91981a5 100644
--- a/lib/public_key/test/Makefile
+++ b/lib/public_key/test/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+# Copyright Ericsson AB 2008-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -30,6 +30,7 @@ INCLUDES= -I. -I ../include
 MODULES= \
 	erl_make_certs \
 	public_key_SUITE \
+	pbe_SUITE \
 	pkits_SUITE
 
 ERL_FILES= $(MODULES:%=%.erl)
diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl
index 8b01ca3ad4..254aa6d2f9 100644
--- a/lib/public_key/test/erl_make_certs.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) ->
 issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
     {issuer_der(Issuer), decode_key(IssuerKey)};
 issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
     {issuer_der(Cert), decode_key(IssuerKey)}.
 
 issuer_der(Issuer) ->
@@ -185,7 +185,7 @@ issuer_der(Issuer) ->
     Subject.
 
 subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
+    User = if IsRootCA -> "RootCA"; true -> user() end,
     Opts = [{email, User ++ "@erlang.org"},
 	    {name, User},
 	    {city, "Stockholm"},
@@ -196,6 +196,14 @@ subject(undefined, IsRootCA) ->
 subject(Opts, _) ->
     subject(Opts).
 
+user() ->
+    case os:getenv("USER") of
+	false ->
+	    "test_user";
+	User ->
+	    User
+    end.
+
 subject(SubjectOpts) when is_list(SubjectOpts) ->
     Encode = fun(Opt) ->
 		     {Type,Value} = subject_enc(Opt),
diff --git a/lib/public_key/test/pbe_SUITE.erl b/lib/public_key/test/pbe_SUITE.erl
new file mode 100644
index 0000000000..380a67db7b
--- /dev/null
+++ b/lib/public_key/test/pbe_SUITE.erl
@@ -0,0 +1,259 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(pbe_SUITE).
+
+-include_lib("test_server/include/test_server.hrl").
+-include_lib("public_key/include/public_key.hrl").
+
+%% Note: This directive should only be used in test suites.
+-compile(export_all).
+%% Test server callback functions
+%%--------------------------------------------------------------------
+%% Function: init_per_suite(Config) -> Config
+%% Config - [tuple()]
+%%   A list of key/value pairs, holding the test case configuration.
+%% Description: Initialization before the whole suite
+%%
+%% Note: This function is free to add any key/value pairs to the Config
+%% variable, but should NOT alter/remove any existing entries.
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    try crypto:start() of
+	ok ->
+	    Config
+    catch _:_ ->
+	    {skip, "Crypto did not start"}
+    end.
+%%--------------------------------------------------------------------
+%% Function: end_per_suite(Config) -> _
+%% Config - [tuple()]
+%%   A list of key/value pairs, holding the test case configuration.
+%% Description: Cleanup after the whole suite
+%%--------------------------------------------------------------------
+end_per_suite(_Config) ->
+    application:stop(crypto).
+
+%%--------------------------------------------------------------------
+%% Function: init_per_testcase(TestCase, Config) -> Config
+%% Case - atom()
+%%   Name of the test case that is about to be run.
+%% Config - [tuple()]
+%%   A list of key/value pairs, holding the test case configuration.
+%%
+%% Description: Initialization before each test case
+%%
+%% Note: This function is free to add any key/value pairs to the Config
+%% variable, but should NOT alter/remove any existing entries.
+%% Description: Initialization before each test case
+%%--------------------------------------------------------------------
+init_per_testcase(_TestCase, Config) ->
+   Config.
+
+%%--------------------------------------------------------------------
+%% Function: end_per_testcase(TestCase, Config) -> _
+%% Case - atom()
+%%   Name of the test case that is about to be run.
+%% Config - [tuple()]
+%%   A list of key/value pairs, holding the test case configuration.
+%% Description: Cleanup after each test case
+%%--------------------------------------------------------------------
+end_per_testcase(_TestCase, _Config) ->
+   ok.
+
+%%--------------------------------------------------------------------
+%% Function: all(Clause) -> TestCases
+%% Clause - atom() - suite | doc
+%% TestCases - [Case] 
+%% Case - atom()
+%%   Name of a test case.
+%% Description: Returns a list of all test cases in this test suite
+%%--------------------------------------------------------------------
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     pbdkdf1,
+     pbdkdf2,
+     encrypted_private_key_info].
+
+groups() -> 
+    [].
+
+init_per_group(_GroupName, Config) ->
+    Config.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+
+%% Test cases starts here.
+%%--------------------------------------------------------------------
+pbdkdf1(doc) ->
+    ["Test with PKCS #5 PBKDF1 Test Vectors"];
+pbdkdf1(Config) when is_list(Config) ->
+    %%Password = "password"
+    %%     = (0x)70617373776F7264
+    %%Salt     = (0x)78578E5A5D63CB06
+    %%Count    = 1000
+    %%kLen     = 16
+    %%Key      = PBKDF1(Password, Salt, Count, kLen)
+    %%= (0x)DC19847E05C64D2FAF10EBFB4A3D2A20
+
+    Password = "password",
+    Salt = <<16#78,16#57,16#8E,16#5A,16#5D,16#63,16#CB,16#06>>,
+    Count = 1000,
+
+   <<16#DC, 16#19, 16#84, 16#7E,
+     16#05, 16#C6, 16#4D, 16#2F,
+     16#AF, 16#10, 16#EB, 16#FB,
+     16#4A, 16#3D, 16#2A, 16#20, _/binary>> =
+	pubkey_pbe:pbdkdf1(Password, Salt, Count, sha).
+
+pbdkdf2(doc) ->
+    ["Test with PKCS #5 PBKDF2 Test Vectors"];
+pbdkdf2(Config) when is_list(Config) ->
+    %% Input:
+    %%   P = "password" (8 octets)
+    %%   S = "salt" (4 octets)
+    %%   c = 1
+    %%   dkLen = 20
+    
+    %% Output:
+    %%   DK = 0c 60 c8 0f 96 1f 0e 71
+    %%        f3 a9 b5 24 af 60 12 06
+    %%        2f e0 37 a6             (20 octets)
+    
+    <<16#0c, 16#60, 16#c8, 16#0f, 16#96, 16#1f, 16#0e, 16#71,
+      16#f3, 16#a9, 16#b5, 16#24, 16#af, 16#60, 16#12, 16#06,
+      16#2f, 16#e0, 16#37, 16#a6>> = pubkey_pbe:pbdkdf2("password", "salt", 1, 20, fun crypto:sha_mac/3, 20),
+    
+    %% Input:
+    %%   P = "password" (8 octets)
+    %%   S = "salt" (4 octets)
+    %%   c = 2
+    %%   dkLen = 20
+    
+    %% Output:
+    %%   DK = ea 6c 01 4d c7 2d 6f 8c
+    %%   cd 1e d9 2a ce 1d 41 f0
+    %%   d8 de 89 57             (20 octets)
+    
+    <<16#ea, 16#6c, 16#01, 16#4d, 16#c7, 16#2d, 16#6f, 16#8c, 
+      16#cd, 16#1e, 16#d9, 16#2a, 16#ce, 16#1d, 16#41, 16#f0,  
+      16#d8,  16#de,  16#89, 16#57>>  =
+	pubkey_pbe:pbdkdf2("password", "salt", 2, 20, fun crypto:sha_mac/3, 20),
+
+     %% Input:
+     %%   P = "password" (8 octets)
+     %%   S = "salt" (4 octets)
+     %%   c = 4096
+     %%   dkLen = 20
+
+     %% Output:
+     %%   DK = 4b 00 79 01 b7 65 48 9a
+     %%        be ad 49 d9 26 f7 21 d0
+     %%        65 a4 29 c1             (20 octets)
+
+    <<16#4b, 16#00, 16#79, 16#01, 16#b7, 16#65, 16#48, 16#9a,
+      16#be, 16#ad, 16#49, 16#d9, 16#26, 16#f7, 16#21, 16#d0,
+      16#65, 16#a4, 16#29, 16#c1>> = pubkey_pbe:pbdkdf2("password", "salt", 4096, 20, fun crypto:sha_mac/3, 20),
+
+    %% Input:
+    %%    P = "password" (8 octets)
+    %%    S = "salt" (4 octets)
+    %%    c = 16777216
+    %%    dkLen = 20
+
+    %%  Output:
+    %%    DK = ee fe 3d 61 cd 4d a4 e4
+    %%         e9 94 5b 3d 6b a2 15 8c
+    %%         26 34 e9 84             (20 octets)
+
+    
+    <<16#ee, 16#fe, 16#3d, 16#61, 16#cd, 16#4d, 16#a4, 16#e4, 
+      16#e9, 16#94, 16#5b, 16#3d, 16#6b, 16#a2, 16#15, 16#8c, 
+      16#26, 16#34, 16#e9, 16#84>> = pubkey_pbe:pbdkdf2("password", "salt", 16777216, 20, fun crypto:sha_mac/3, 20),
+    
+    %% Input:
+    %%    P = "passwordPASSWORDpassword" (24 octets)
+    %%    S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
+    %%    c = 4096
+    %%    dkLen = 25
+
+    %%  Output:
+    %%    DK = 3d 2e ec 4f e4 1c 84 9b
+    %%         80 c8 d8 36 62 c0 e4 4a
+    %%         8b 29 1a 96 4c f2 f0 70
+    %%         38                      (25 octets)
+    
+    <<16#3d, 16#2e, 16#ec, 16#4f, 16#e4, 16#1c, 16#84, 16#9b, 
+      16#80, 16#c8, 16#d8, 16#36, 16#62, 16#c0, 16#e4, 16#4a, 
+      16#8b, 16#29, 16#1a, 16#96, 16#4c, 16#f2, 16#f0, 16#70, 
+      16#38>>
+	= pubkey_pbe:pbdkdf2("passwordPASSWORDpassword", 
+			     "saltSALTsaltSALTsaltSALTsaltSALTsalt", 4096, 25, fun crypto:sha_mac/3, 20),
+    
+     %% Input:
+     %%   P = "pass\0word" (9 octets)
+     %%   S = "sa\0lt" (5 octets)
+     %%   c = 4096
+     %%   dkLen = 16
+
+     %% Output:
+     %%   DK = 56 fa 6a a7 55 48 09 9d
+     %%        cc 37 d7 f0 34 25 e0 c3 (16 octets)
+
+    <<16#56, 16#fa, 16#6a, 16#a7, 16#55, 16#48, 16#09, 16#9d, 
+      16#cc, 16#37, 16#d7, 16#f0, 16#34, 16#25, 16#e0, 16#c3>>
+	= pubkey_pbe:pbdkdf2("pass\0word", 
+			     "sa\0lt", 4096, 16, fun crypto:sha_mac/3, 20).
+    
+encrypted_private_key_info(doc) ->
+    ["Tests reading a EncryptedPrivateKeyInfo file encrypted with different ciphers"];
+encrypted_private_key_info(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+    {ok, PemDes} = file:read_file(filename:join(Datadir, "des_cbc_enc_key.pem")),
+    
+    PemDesEntry = public_key:pem_decode(PemDes),
+    test_server:format("Pem entry: ~p" , [PemDesEntry]),
+    [{'PrivateKeyInfo', _, {"DES-CBC",_}} = PubEntry0] = PemDesEntry,
+    KeyInfo = public_key:pem_entry_decode(PubEntry0, "password"),
+    
+    {ok, Pem3Des} = file:read_file(filename:join(Datadir, "des_ede3_cbc_enc_key.pem")),
+
+    Pem3DesEntry = public_key:pem_decode(Pem3Des),
+    test_server:format("Pem entry: ~p" , [Pem3DesEntry]),
+    [{'PrivateKeyInfo', _, {"DES-EDE3-CBC",_}} = PubEntry1] = Pem3DesEntry,
+    KeyInfo = public_key:pem_entry_decode(PubEntry1, "password"),
+
+    {ok, PemRc2} = file:read_file(filename:join(Datadir, "rc2_cbc_enc_key.pem")),
+
+    PemRc2Entry = public_key:pem_decode(PemRc2),
+    test_server:format("Pem entry: ~p" , [PemRc2Entry]),
+    [{'PrivateKeyInfo', _, {"RC2-CBC",_}} = PubEntry2] = PemRc2Entry,
+    KeyInfo = public_key:pem_entry_decode(PubEntry2, "password"),
+
+    check_key_info(KeyInfo).
+
+
+check_key_info(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				     #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?rsaEncryption},
+				 privateKey = Key}) ->
+    #'RSAPrivateKey'{} = public_key:der_decode('RSAPrivateKey', iolist_to_binary(Key)).
diff --git a/lib/public_key/test/pbe_SUITE_data/des_cbc_enc_key.pem b/lib/public_key/test/pbe_SUITE_data/des_cbc_enc_key.pem
new file mode 100644
index 0000000000..eaa06145aa
--- /dev/null
+++ b/lib/public_key/test/pbe_SUITE_data/des_cbc_enc_key.pem
@@ -0,0 +1,11 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBozA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIfWBDXwLp4K4CAggA
+MBEGBSsOAwIHBAiaCF/AvOgQ6QSCAWDWX4BdAzCRNSQSANSuNsT5X8mWYO27mr3Y
+9c9LoBVXGNmYWKA77MI4967f7SmjNcgXj3xNE/jmnVz6hhsjS8E5VPT3kfyVkpdZ
+0lr5e9Yk2m3JWpPU7++v5zBkZmC4V/MwV/XuIs6U+vykgzMgpxQg0oZKS9zgmiZo
+f/4dOCL0UtCDnyOSvqT7mCVIcMDIEKu8QbVlgZYBop08l60EuEU3gARUo8WsYQmO
+Dz/ldx0Z+znIT0SXVuOwc+RVItC5T/Qx+aijmmpt+9l14nmaGBrEkmuhmtdvU/4v
+aptewGRgmjOfD6cqK+zs0O5NrrJ3P/6ZSxXj91CQgrThGfOv72bUncXEMNtc8pks
+2jpHFjGMdKufnadAD7XuMgzkkaklEXZ4f5tU6heIIwr51g0GBEGF96gYPFnjnSQM
+75JE02Clo+DfcfXpcybPTwwFg2jd6JTTOfkdf6OdSlA/1XNK43FA
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/lib/public_key/test/pbe_SUITE_data/des_ede3_cbc_enc_key.pem b/lib/public_key/test/pbe_SUITE_data/des_ede3_cbc_enc_key.pem
new file mode 100644
index 0000000000..22ea46d56f
--- /dev/null
+++ b/lib/public_key/test/pbe_SUITE_data/des_ede3_cbc_enc_key.pem
@@ -0,0 +1,11 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIeFeOWl1jywYCAggA
+MBQGCCqGSIb3DQMHBAjUJ5eGBhQGtQSCAWBrHrRgqO8UUMLcWzZEtpk1l3mjxiF/
+koCMkHsFwowgyWhEbgIkTgbSViK54LVK8PskekcGNLph+rB6bGZ7pPbL5pbXASJ8
++MkQcG3FZdlS4Ek9tTJDApj3O1UubZGFG4uvTlJJFbF1BOJ3MkY3XQ9Gl1qwv7j5
+6e103Da7Cq9+oIDKmznza78XXQYrUsPo8mJGjUxPskEYlzwvHjKubRnYm/K6RKhi
+5f4zX4BQ/Dt3H812ZjRXrsjAJP0KrD/jyD/jCT7zNBVPH1izBds+RwizyQAHwfNJ
+BFR78TH4cgzB619X47FDVOnT0LqQNVd0O3cSwnPrXE9XR3tPayE+iOB15llFSmi8
+z0ByOXldEpkezCn92Umk++suzIVj1qfsK+bv2phZWJPbLEIWPDRHUbYf76q5ArAr
+u4xtxT/hoK3krEs/IN3d70qjlUJ36SEw1UaZ82PWhakQbdtu39ZraMJB
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/lib/public_key/test/pbe_SUITE_data/rc2_cbc_enc_key.pem b/lib/public_key/test/pbe_SUITE_data/rc2_cbc_enc_key.pem
new file mode 100644
index 0000000000..618cddcfd7
--- /dev/null
+++ b/lib/public_key/test/pbe_SUITE_data/rc2_cbc_enc_key.pem
@@ -0,0 +1,12 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBrjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIrHyQPBZqWLUCAggA
+AgEQMBkGCCqGSIb3DQMCMA0CAToECEhbh7YZKiPSBIIBYCT1zp6o5jpFlIkgwPop
+7bW1+8ACr4exqzkeb3WflQ8cWJ4cURxzVdvxUnXeW1VJdaQZtjS/QHs5GhPTG/0f
+wtvnaPfwrIJ3FeGaZfcg2CrYhalOFmEb4xrE4KyoEQmUN8tb/Cg94uzd16BOPw21
+RDnE8bnPdIGY7TyL95kbkqH23mK53pi7h+xWIgduW+atIqDyyt55f7WMZcvDvlj6
+VpN/V0h+qxBHL274WA4dj6GYgeyUFpi60HdGCK7By2TBy8h1ZvKGjmB9h8jZvkx1
+MkbRumXxyFsowTZawyYvO8Um6lbfEDP9zIEUq0IV8RqH2MRyblsPNSikyYhxX/cz
+tdDxRKhilySbSBg5Kr8OfcwKp9bpinN96nmG4xr3Tch1bnVvqJzOQ5+Vva2WwVvH
+2JkWvYm5WaANg4Q6bRxu9vz7DuhbJjQdZbxFezIAgrJdSe92B00jO/0Kny1WjiVO
+6DA=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl
index a325a975e9..e59f299399 100644
--- a/lib/public_key/test/pkits_SUITE.erl
+++ b/lib/public_key/test/pkits_SUITE.erl
@@ -72,7 +72,8 @@ groups() ->
       [invalid_name_chain, whitespace_name_chain, capitalization_name_chain,
        uid_name_chain, attrib_name_chain, string_name_chain]},
      {verifying_paths_with_self_issued_certificates, [],
-      [basic_valid, basic_invalid, crl_signing_valid, crl_signing_invalid]},
+      [basic_valid, %%basic_invalid, 
+       crl_signing_valid, crl_signing_invalid]},
      %% {basic_certificate_revocation_tests, [],
      %%  [missing_CRL, revoked_CA, revoked_peer, invalid_CRL_signature,
      %%   invalid_CRL_issuer, invalid_CRL, valid_CRL,
@@ -116,14 +117,12 @@ end_per_testcase(_Func, Config) ->
     Config.
 
 init_per_suite(Config) ->
-    {skip, "PKIX Conformance test certificates expired 14 of April 2011,"
-     " new conformance test suite uses new format so skip until PKCS-12 support is implemented"}.
-    %% try crypto:start() of
-    %% 	ok ->
-    %% 	    Config
-    %% catch _:_ ->
-    %% 	    {skip, "Crypto did not start"}
-    %% end.
+    try crypto:start() of
+     	ok ->
+	  crypto_support_check(Config)  
+    catch _:_ ->
+     	    {skip, "Crypto did not start"}
+    end.
 
 end_per_suite(_Config) ->
     application:stop(crypto).
@@ -134,109 +133,109 @@ valid_rsa_signature(doc) ->
 valid_rsa_signature(suite) ->
     [];
 valid_rsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.1", "Valid Signatures Test1", ok}]).
+    run([{ "4.1.1", "Valid Certificate Path Test1 EE", ok}]).
 
 invalid_rsa_signature(doc) ->
     ["Test rsa signatur verification"];
 invalid_rsa_signature(suite) ->
     [];
 invalid_rsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.2", "Invalid CA Signature Test2", {bad_cert,invalid_signature}},
-	 { "4.1.3", "Invalid EE Signature Test3", {bad_cert,invalid_signature}}]).
+    run([{ "4.1.2", "Invalid CA Signature Test2 EE", {bad_cert,invalid_signature}},
+	 { "4.1.3", "Invalid EE Signature Test3 EE", {bad_cert,invalid_signature}}]).
 
 valid_dsa_signature(doc) ->
     ["Test dsa signatur verification"];
 valid_dsa_signature(suite) ->
     [];
 valid_dsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.4", "Valid DSA Signatures Test4", ok},
-	 { "4.1.5", "Valid DSA Parameter Inheritance Test5", ok}]).
+    run([{ "4.1.4", "Valid DSA Signatures Test4 EE", ok},
+	 { "4.1.5", "Valid DSA Parameter Inheritance Test5 EE", ok}]).
 
 invalid_dsa_signature(doc) ->
     ["Test dsa signatur verification"];
 invalid_dsa_signature(suite) ->
     [];
 invalid_dsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.6", "Invalid DSA Signature Test6",{bad_cert,invalid_signature}}]).
+    run([{ "4.1.6", "Invalid DSA Signature Test6 EE",{bad_cert,invalid_signature}}]).
 %%-----------------------------------------------------------------------------
 not_before_invalid(doc) ->
     [""];
 not_before_invalid(suite) ->
     [];
 not_before_invalid(Config) when is_list(Config) ->
-    run([{ "4.2.1", "Invalid CA notBefore Date Test1",{bad_cert, cert_expired}},
-	 { "4.2.2", "Invalid EE notBefore Date Test2",{bad_cert, cert_expired}}]).
+    run([{ "4.2.1", "Invalid CA notBefore Date Test1 EE",{bad_cert, cert_expired}},
+	 { "4.2.2", "Invalid EE notBefore Date Test2 EE",{bad_cert, cert_expired}}]).
 
 not_before_valid(doc) ->
     [""];
 not_before_valid(suite) ->
     [];
 not_before_valid(Config) when is_list(Config) ->
-    run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", ok},
-	 { "4.2.4", "Valid GeneralizedTime notBefore Date Test4", ok}]).
+    run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3 EE", ok},
+	 { "4.2.4", "Valid GeneralizedTime notBefore Date Test4 EE", ok}]).
 
 not_after_invalid(doc) ->
     [""];
 not_after_invalid(suite) ->
     [];
 not_after_invalid(Config) when is_list(Config) ->
-    run([{ "4.2.5", "Invalid CA notAfter Date Test5", {bad_cert, cert_expired}},
-	 { "4.2.6", "Invalid EE notAfter Date Test6", {bad_cert, cert_expired}},
-	 { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7",{bad_cert, cert_expired}}]).
+    run([{ "4.2.5", "Invalid CA notAfter Date Test5 EE", {bad_cert, cert_expired}},
+	 { "4.2.6", "Invalid EE notAfter Date Test6 EE", {bad_cert, cert_expired}},
+	 { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7 EE",{bad_cert, cert_expired}}]).
 
 not_after_valid(doc) ->
     [""];
 not_after_valid(suite) ->
     [];
 not_after_valid(Config) when is_list(Config) ->
-    run([{ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", ok}]).
+    run([{ "4.2.8", "Valid GeneralizedTime notAfter Date Test8 EE", ok}]).
 %%-----------------------------------------------------------------------------
 invalid_name_chain(doc) ->
     [""];
 invalid_name_chain(suite) ->
     [];
 invalid_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.1", "Invalid Name Chaining EE Test1", {bad_cert, invalid_issuer}},
-	 { "4.3.2", "Invalid Name Chaining Order Test2", {bad_cert, invalid_issuer}}]).
+    run([{ "4.3.1", "Invalid Name Chaining Test1 EE", {bad_cert, invalid_issuer}},
+	 { "4.3.2", "Invalid Name Chaining Order Test2 EE", {bad_cert, invalid_issuer}}]).
 
 whitespace_name_chain(doc) ->
     [""];
 whitespace_name_chain(suite) ->
     [];
 whitespace_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.3", "Valid Name Chaining Whitespace Test3", ok},
-	 { "4.3.4", "Valid Name Chaining Whitespace Test4", ok}]).
+    run([{ "4.3.3", "Valid Name Chaining Whitespace Test3 EE", ok},
+	 { "4.3.4", "Valid Name Chaining Whitespace Test4 EE", ok}]).
 
 capitalization_name_chain(doc) ->
     [""];
 capitalization_name_chain(suite) ->
     [];
 capitalization_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.5", "Valid Name Chaining Capitalization Test5",ok}]).
+    run([{ "4.3.5", "Valid Name Chaining Capitalization Test5 EE",ok}]).
 
 uid_name_chain(doc) ->
     [""];
 uid_name_chain(suite) ->
     [];
 uid_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.6", "Valid Name Chaining UIDs Test6",ok}]).
+    run([{ "4.3.6", "Valid Name UIDs Test6 EE",ok}]).
 
 attrib_name_chain(doc) ->
     [""];
 attrib_name_chain(suite) ->
     [];
 attrib_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", ok},
-	 { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8",  ok}]).
+    run([{ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7 EE", ok},
+	 { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8 EE",  ok}]).
 
 string_name_chain(doc) ->
     [""];
 string_name_chain(suite) ->
     [];
 string_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.9", "Valid UTF8String Encoded Names Test9", ok},
-	 { "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", ok},
-	 { "4.3.11", "Valid UTF8String Case Insensitive Match Test11", ok}]).
+    run([{ "4.3.9", "Valid UTF8String Encoded Names Test9 EE", ok},
+	 %%{ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10 EE", ok},
+	 { "4.3.11", "Valid UTF8String Case Insensitive Match Test11 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 
@@ -245,9 +244,9 @@ basic_valid(doc) ->
 basic_valid(suite) ->
     [];
 basic_valid(Config) when is_list(Config) ->
-    run([{ "4.5.1",  "Valid Basic Self-Issued Old With New Test1", ok},
-	 { "4.5.3",  "Valid Basic Self-Issued New With Old Test3", ok},
-	 { "4.5.4",  "Valid Basic Self-Issued New With Old Test4", ok}
+    run([{ "4.5.1",  "Valid Basic Self-Issued Old With New Test1 EE", ok},
+	 { "4.5.3",  "Valid Basic Self-Issued New With Old Test3 EE", ok},
+	 { "4.5.4",  "Valid Basic Self-Issued New With Old Test4 EE", ok}
 	]).
 
 basic_invalid(doc) ->
@@ -255,9 +254,9 @@ basic_invalid(doc) ->
 basic_invalid(suite) ->
     [];
 basic_invalid(Config) when is_list(Config) ->
-    run([{"4.5.2",  "Invalid Basic Self-Issued Old With New Test2",
+    run([{"4.5.2",  "Invalid Basic Self-Issued Old With New Test2 EE",
 	  {bad_cert, {revoked, keyCompromise}}},
-	 {"4.5.5",  "Invalid Basic Self-Issued New With Old Test5",
+	 {"4.5.5",  "Invalid Basic Self-Issued New With Old Test5 EE",
 	  {bad_cert, {revoked, keyCompromise}}}
 	]).
 
@@ -266,16 +265,16 @@ crl_signing_valid(doc) ->
 crl_signing_valid(suite) ->
     [];
 crl_signing_valid(Config) when is_list(Config) ->
-    run([{ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6", ok}]).
+    run([{ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6 EE", ok}]).
 
 crl_signing_invalid(doc) ->
     [""];
 crl_signing_invalid(suite) ->
     [];
 crl_signing_invalid(Config) when is_list(Config) ->
-    run([{ "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7",
-	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8",
+    run([%% { "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7 EE",
+	 %%   {bad_cert, {revoked, keyCompromise}}},
+	 { "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8 EE",
 	   {bad_cert, invalid_key_usage}}
 	]).
 
@@ -285,7 +284,7 @@ missing_CRL(doc) ->
 missing_CRL(suite) ->
     [];
 missing_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.1", "Missing CRL Test1",{bad_cert,
+    run([{ "4.4.1", "Missing CRL Test1 EE",{bad_cert,
     revocation_status_undetermined}}]).
 
 revoked_CA(doc) ->
@@ -293,7 +292,7 @@ revoked_CA(doc) ->
 revoked_CA(suite) ->
     [];
 revoked_CA(Config) when is_list(Config) ->
-    run([{ "4.4.2", "Invalid Revoked CA Test2", {bad_cert,
+    run([{ "4.4.2", "Invalid Revoked CA Test2 EE", {bad_cert,
     {revoked, keyCompromise}}}]).
 
 revoked_peer(doc) ->
@@ -301,7 +300,7 @@ revoked_peer(doc) ->
 revoked_peer(suite) ->
     [];
 revoked_peer(Config) when is_list(Config) ->
-    run([{ "4.4.3", "Invalid Revoked EE Test3", {bad_cert,
+    run([{ "4.4.3", "Invalid Revoked EE Test3 EE", {bad_cert,
     {revoked, keyCompromise}}}]).
 
 invalid_CRL_signature(doc) ->
@@ -309,7 +308,7 @@ invalid_CRL_signature(doc) ->
 invalid_CRL_signature(suite) ->
     [];
 invalid_CRL_signature(Config) when is_list(Config) ->
-    run([{ "4.4.4", "Invalid Bad CRL Signature Test4",
+    run([{ "4.4.4", "Invalid Bad CRL Signature Test4 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 invalid_CRL_issuer(doc) ->
@@ -317,7 +316,7 @@ invalid_CRL_issuer(doc) ->
 invalid_CRL_issuer(suite) ->
     [];
 invalid_CRL_issuer(Config) when is_list(Config) ->
-    run({ "4.4.5", "Invalid Bad CRL Issuer Name Test5",
+    run({ "4.4.5", "Invalid Bad CRL Issuer Name Test5 EE",
 	  {bad_cert, revocation_status_undetermined}}).
 
 invalid_CRL(doc) ->
@@ -325,7 +324,7 @@ invalid_CRL(doc) ->
 invalid_CRL(suite) ->
     [];
 invalid_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.6", "Invalid Wrong CRL Test6",
+    run([{ "4.4.6", "Invalid Wrong CRL Test6 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 valid_CRL(doc) ->
@@ -333,18 +332,18 @@ valid_CRL(doc) ->
 valid_CRL(suite) ->
     [];
 valid_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.7", "Valid Two CRLs Test7", ok}]).
+    run([{ "4.4.7", "Valid Two CRLs Test7 EE", ok}]).
 
 unknown_CRL_extension(doc) ->
     [""];
 unknown_CRL_extension(suite) ->
     [];
 unknown_CRL_extension(Config) when is_list(Config) ->
-    run([{ "4.4.8", "Invalid Unknown CRL Entry Extension Test8",
+    run([{ "4.4.8", "Invalid Unknown CRL Entry Extension Test8 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.9", "Invalid Unknown CRL Extension Test9",
+	 { "4.4.9", "Invalid Unknown CRL Extension Test9 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.10", "Invalid Unknown CRL Extension Test10",
+	 { "4.4.10", "Invalid Unknown CRL Extension Test10 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 old_CRL(doc) ->
@@ -352,9 +351,9 @@ old_CRL(doc) ->
 old_CRL(suite) ->
     [];
 old_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.11", "Invalid Old CRL nextUpdate Test11",
+    run([{ "4.4.11", "Invalid Old CRL nextUpdate Test11 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12",
+	 { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 fresh_CRL(doc) ->
@@ -362,7 +361,7 @@ fresh_CRL(doc) ->
 fresh_CRL(suite) ->
     [];
 fresh_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", ok}]).
+    run([{ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13 EE", ok}]).
 
 valid_serial(doc) ->
     [""];
@@ -370,9 +369,9 @@ valid_serial(suite) ->
     [];
 valid_serial(Config) when is_list(Config) ->
     run([
-	 { "4.4.14", "Valid Negative Serial Number Test14",ok},
-	 { "4.4.16", "Valid Long Serial Number Test16", ok},
-	 { "4.4.17", "Valid Long Serial Number Test17", ok}
+	 { "4.4.14", "Valid Negative Serial Number Test14 EE",ok},
+	 { "4.4.16", "Valid Long Serial Number Test16 EE", ok},
+	 { "4.4.17", "Valid Long Serial Number Test17 EE", ok}
 	]).
 
 invalid_serial(doc) ->
@@ -380,9 +379,9 @@ invalid_serial(doc) ->
 invalid_serial(suite) ->
     [];
 invalid_serial(Config) when is_list(Config) ->
-    run([{ "4.4.15", "Invalid Negative Serial Number Test15",
+    run([{ "4.4.15", "Invalid Negative Serial Number Test15 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.18", "Invalid Long Serial Number Test18",
+	 { "4.4.18", "Invalid Long Serial Number Test18 EE",
 	   {bad_cert, {revoked, keyCompromise}}}]).
 
 valid_seperate_keys(doc) ->
@@ -390,7 +389,7 @@ valid_seperate_keys(doc) ->
 valid_seperate_keys(suite) ->
     [];
 valid_seperate_keys(Config) when is_list(Config) ->
-    run([{ "4.4.19", "Valid Separate Certificate and CRL Keys Test19",   ok}]).
+    run([{ "4.4.19", "Valid Separate Certificate and CRL Keys Test19 EE",   ok}]).
 
 invalid_separate_keys(doc) ->
     [""];
@@ -408,11 +407,11 @@ missing_basic_constraints(doc) ->
 missing_basic_constraints(suite) ->
     [];
 missing_basic_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.1",  "Invalid Missing basicConstraints Test1",
+    run([{ "4.6.1",  "Invalid Missing basicConstraints Test1 EE",
 	   {bad_cert, missing_basic_constraint}},
-	 { "4.6.2",  "Invalid cA False Test2",
+	 { "4.6.2",  "Invalid cA False Test2 EE",
 	   {bad_cert, missing_basic_constraint}},
-	 { "4.6.3",  "Invalid cA False Test3",
+	 { "4.6.3",  "Invalid cA False Test3 EE",
 	   {bad_cert, missing_basic_constraint}}]).
 
 valid_basic_constraint(doc) ->
@@ -420,20 +419,20 @@ valid_basic_constraint(doc) ->
 valid_basic_constraint(suite) ->
     [];
 valid_basic_constraint(Config) when is_list(Config) ->
-    run([{"4.6.4", "Valid basicConstraints Not Critical Test4", ok}]).
+    run([{"4.6.4", "Valid basicConstraints Not Critical Test4 EE", ok}]).
 
 invalid_path_constraints(doc) ->
     [""];
 invalid_path_constraints(suite) ->
     [];
 invalid_path_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.5", "Invalid pathLenConstraint Test5", {bad_cert, max_path_length_reached}},
-	 { "4.6.6", "Invalid pathLenConstraint Test6", {bad_cert, max_path_length_reached}},
-	 { "4.6.9", "Invalid pathLenConstraint Test9", {bad_cert, max_path_length_reached}},
-	 { "4.6.10", "Invalid pathLenConstraint Test10", {bad_cert, max_path_length_reached}},
-	 { "4.6.11", "Invalid pathLenConstraint Test11", {bad_cert, max_path_length_reached}},
-	 { "4.6.12", "Invalid pathLenConstraint Test12", {bad_cert, max_path_length_reached}},
-	 { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16",
+    run([{ "4.6.5", "Invalid pathLenConstraint Test5 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.6", "Invalid pathLenConstraint Test6 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.9", "Invalid pathLenConstraint Test9 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.10", "Invalid pathLenConstraint Test10 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.11", "Invalid pathLenConstraint Test11 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.12", "Invalid pathLenConstraint Test12 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16 EE",
 	   {bad_cert, max_path_length_reached}}]).
 
 valid_path_constraints(doc) ->
@@ -441,12 +440,12 @@ valid_path_constraints(doc) ->
 valid_path_constraints(suite) ->
     [];
 valid_path_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.7",  "Valid pathLenConstraint Test7", ok},
-	 { "4.6.8",  "Valid pathLenConstraint Test8", ok},
-	 { "4.6.13", "Valid pathLenConstraint Test13", ok},
-	 { "4.6.14", "Valid pathLenConstraint Test14", ok},
-	 { "4.6.15", "Valid Self-Issued pathLenConstraint Test15", ok},
-	 { "4.6.17", "Valid Self-Issued pathLenConstraint Test17", ok}]).
+    run([{ "4.6.7",  "Valid pathLenConstraint Test7 EE", ok},
+	 { "4.6.8",  "Valid pathLenConstraint Test8 EE", ok},
+	 { "4.6.13", "Valid pathLenConstraint Test13 EE", ok},
+	 { "4.6.14", "Valid pathLenConstraint Test14 EE", ok},
+	 { "4.6.15", "Valid Self-Issued pathLenConstraint Test15 EE", ok},
+	 { "4.6.17", "Valid Self-Issued pathLenConstraint Test17 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 invalid_key_usage(doc) ->
@@ -454,14 +453,14 @@ invalid_key_usage(doc) ->
 invalid_key_usage(suite) ->
     [];
 invalid_key_usage(Config) when is_list(Config) ->
-    run([{ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1",
+    run([{ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1 EE",
 	   {bad_cert,invalid_key_usage} },
-	 { "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2",
-	   {bad_cert,invalid_key_usage}},
-	{ "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4",
-	  {bad_cert, revocation_status_undetermined}},
-	 { "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5",
-	   {bad_cert, revocation_status_undetermined}}
+	 { "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2 EE",
+	   {bad_cert,invalid_key_usage}}
+	%% { "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4 EE",
+	%%   {bad_cert, revocation_status_undetermined}},
+	%%  { "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5 EE",
+	%%    {bad_cert, revocation_status_undetermined}}
 	]).
 
 valid_key_usage(doc) ->
@@ -469,7 +468,7 @@ valid_key_usage(doc) ->
 valid_key_usage(suite) ->
     [];
 valid_key_usage(Config) when is_list(Config) ->
-    run([{ "4.7.3",  "Valid keyUsage Not Critical Test3", ok}]).
+    run([{ "4.7.3",  "Valid keyUsage Not Critical Test3 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 certificate_policies(doc) ->    [""];
@@ -503,32 +502,32 @@ valid_DN_name_constraints(doc) ->
 valid_DN_name_constraints(suite) ->
     [];
 valid_DN_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.1",  "Valid DN nameConstraints Test1", ok},
-	 { "4.13.4",  "Valid DN nameConstraints Test4", ok},
-	 { "4.13.5",  "Valid DN nameConstraints Test5", ok},
-	 { "4.13.6",  "Valid DN nameConstraints Test6", ok},
-	 { "4.13.11", "Valid DN nameConstraints Test11", ok},
-	 { "4.13.14", "Valid DN nameConstraints Test14", ok},
-	 { "4.13.18", "Valid DN nameConstraints Test18", ok},
-	 { "4.13.19", "Valid Self-Issued DN nameConstraints Test19", ok}]).
+    run([{ "4.13.1",  "Valid DN nameConstraints Test1 EE", ok},
+	 { "4.13.4",  "Valid DN nameConstraints Test4 EE", ok},
+	 { "4.13.5",  "Valid DN nameConstraints Test5 EE", ok},
+	 { "4.13.6",  "Valid DN nameConstraints Test6 EE", ok},
+	 { "4.13.11", "Valid DN nameConstraints Test11 EE", ok},
+	 { "4.13.14", "Valid DN nameConstraints Test14 EE", ok},
+	 { "4.13.18", "Valid DN nameConstraints Test18 EE", ok},
+	 { "4.13.19", "Valid DN nameConstraints Test19 EE", ok}]).
 
 invalid_DN_name_constraints(doc) ->
     [""];
 invalid_DN_name_constraints(suite) ->
     [];
 invalid_DN_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.2", "Invalid DN nameConstraints Test2", {bad_cert, name_not_permitted}},
-	 { "4.13.3",  "Invalid DN nameConstraints Test3", {bad_cert, name_not_permitted}},
-	 { "4.13.7",  "Invalid DN nameConstraints Test7", {bad_cert, name_not_permitted}},
-	 { "4.13.8",  "Invalid DN nameConstraints Test8", {bad_cert, name_not_permitted}},
-	 { "4.13.9",  "Invalid DN nameConstraints Test9", {bad_cert, name_not_permitted}},
-	 { "4.13.10", "Invalid DN nameConstraints Test10",{bad_cert, name_not_permitted}},
-	 { "4.13.12", "Invalid DN nameConstraints Test12",{bad_cert, name_not_permitted}},
-	 { "4.13.13", "Invalid DN nameConstraints Test13",{bad_cert, name_not_permitted}},
-	 { "4.13.15", "Invalid DN nameConstraints Test15",{bad_cert, name_not_permitted}},
-	 { "4.13.16", "Invalid DN nameConstraints Test16",{bad_cert, name_not_permitted}},
-	 { "4.13.17", "Invalid DN nameConstraints Test17",{bad_cert, name_not_permitted}},
-	 { "4.13.20", "Invalid Self-Issued DN nameConstraints Test20",
+    run([{ "4.13.2", "Invalid DN nameConstraints Test2 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.3",  "Invalid DN nameConstraints Test3 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.7",  "Invalid DN nameConstraints Test7 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.8",  "Invalid DN nameConstraints Test8 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.9",  "Invalid DN nameConstraints Test9 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.10", "Invalid DN nameConstraints Test10 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.12", "Invalid DN nameConstraints Test12 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.13", "Invalid DN nameConstraints Test13 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.15", "Invalid DN nameConstraints Test15 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.16", "Invalid DN nameConstraints Test16 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.17", "Invalid DN nameConstraints Test17 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.20", "Invalid DN nameConstraints Test20 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_rfc822_name_constraints(doc) ->
@@ -536,9 +535,9 @@ valid_rfc822_name_constraints(doc) ->
 valid_rfc822_name_constraints(suite) ->
     [];
 valid_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.21", "Valid RFC822 nameConstraints Test21", ok},
-	 { "4.13.23", "Valid RFC822 nameConstraints Test23", ok},
-	 { "4.13.25", "Valid RFC822 nameConstraints Test25", ok}]).
+    run([{ "4.13.21", "Valid RFC822 nameConstraints Test21 EE", ok},
+	 { "4.13.23", "Valid RFC822 nameConstraints Test23 EE", ok},
+	 { "4.13.25", "Valid RFC822 nameConstraints Test25 EE", ok}]).
 
 
 invalid_rfc822_name_constraints(doc) ->
@@ -546,11 +545,11 @@ invalid_rfc822_name_constraints(doc) ->
 invalid_rfc822_name_constraints(suite) ->
     [];
 invalid_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.22", "Invalid RFC822 nameConstraints Test22",
+    run([{ "4.13.22", "Invalid RFC822 nameConstraints Test22 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.24", "Invalid RFC822 nameConstraints Test24",
+	 { "4.13.24", "Invalid RFC822 nameConstraints Test24 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.26", "Invalid RFC822 nameConstraints Test26",
+	 { "4.13.26", "Invalid RFC822 nameConstraints Test26 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_DN_and_rfc822_name_constraints(doc) ->
@@ -558,16 +557,16 @@ valid_DN_and_rfc822_name_constraints(doc) ->
 valid_DN_and_rfc822_name_constraints(suite) ->
     [];
 valid_DN_and_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", ok}]).
+    run([{ "4.13.27", "Valid DN and RFC822 nameConstraints Test27 EE", ok}]).
 
 invalid_DN_and_rfc822_name_constraints(doc) ->
     [""];
 invalid_DN_and_rfc822_name_constraints(suite) ->
     [];
 invalid_DN_and_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28",
+    run([{ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29",
+	 { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_dns_name_constraints(doc) ->
@@ -575,33 +574,33 @@ valid_dns_name_constraints(doc) ->
 valid_dns_name_constraints(suite) ->
     [];
 valid_dns_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.30", "Valid DNS nameConstraints Test30", ok},
-	 { "4.13.32", "Valid DNS nameConstraints Test32", ok}]).
+    run([{ "4.13.30", "Valid DNS nameConstraints Test30 EE", ok},
+	 { "4.13.32", "Valid DNS nameConstraints Test32 EE", ok}]).
 
 invalid_dns_name_constraints(doc) ->
     [""];
 invalid_dns_name_constraints(suite) ->
     [];
 invalid_dns_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.31", "Invalid DNS nameConstraints Test31", {bad_cert, name_not_permitted}},
-	 { "4.13.33", "Invalid DNS nameConstraints Test33", {bad_cert, name_not_permitted}},
-	 { "4.13.38", "Invalid DNS nameConstraints Test38", {bad_cert, name_not_permitted}}]).
+    run([{ "4.13.31", "Invalid DNS nameConstraints Test31 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.33", "Invalid DNS nameConstraints Test33 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.38", "Invalid DNS nameConstraints Test38 EE", {bad_cert, name_not_permitted}}]).
 
 valid_uri_name_constraints(doc) ->
     [""];
 valid_uri_name_constraints(suite) ->
     [];
 valid_uri_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.34", "Valid URI nameConstraints Test34", ok},
-	 { "4.13.36", "Valid URI nameConstraints Test36", ok}]).
+    run([{ "4.13.34", "Valid URI nameConstraints Test34 EE", ok},
+	 { "4.13.36", "Valid URI nameConstraints Test36 EE", ok}]).
 
 invalid_uri_name_constraints(doc) ->
     [""];
 invalid_uri_name_constraints(suite) ->
     [];
 invalid_uri_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.35", "Invalid URI nameConstraints Test35",{bad_cert, name_not_permitted}},
-	 { "4.13.37", "Invalid URI nameConstraints Test37",{bad_cert, name_not_permitted}}]).
+    run([{ "4.13.35", "Invalid URI nameConstraints Test35 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.37", "Invalid URI nameConstraints Test37 EE",{bad_cert, name_not_permitted}}]).
 
 %%-----------------------------------------------------------------------------
 delta_without_crl(doc) ->
@@ -609,20 +608,20 @@ delta_without_crl(doc) ->
 delta_without_crl(suite) ->
     [];
 delta_without_crl(Config) when is_list(Config) ->
-  run([{ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1",{bad_cert,
+  run([{ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1 EE",{bad_cert,
 							       revocation_status_undetermined}},
-       {"4.15.10", "Invalid delta-CRL Test10", {bad_cert,
-						revocation_status_undetermined}}]).
+       {"4.15.10", "Invalid delta-CRL Test10 EE", {bad_cert,
+						   revocation_status_undetermined}}]).
 
 valid_delta_crls(doc) ->
     [""];
 valid_delta_crls(suite) ->
     [];
 valid_delta_crls(Config) when is_list(Config) ->
-    run([{ "4.15.2",  "Valid delta-CRL Test2", ok},
-	 { "4.15.5",  "Valid delta-CRL Test5", ok},
-	 { "4.15.7",  "Valid delta-CRL Test7", ok},
-	 { "4.15.8",  "Valid delta-CRL Test8", ok}
+    run([{ "4.15.2",  "Valid delta-CRL Test2 EE", ok},
+	 { "4.15.5",  "Valid delta-CRL Test5 EE", ok},
+	 { "4.15.7",  "Valid delta-CRL Test7 EE", ok},
+	 { "4.15.8",  "Valid delta-CRL Test8 EE", ok}
 	]).
 
 invalid_delta_crls(doc) ->
@@ -630,10 +629,10 @@ invalid_delta_crls(doc) ->
 invalid_delta_crls(suite) ->
     [];
 invalid_delta_crls(Config) when is_list(Config) ->
-    run([{ "4.15.3",  "Invalid delta-CRL Test3", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.4",  "Invalid delta-CRL Test4", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.6",  "Invalid delta-CRL Test6", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.9",  "Invalid delta-CRL Test9", {bad_cert,{revoked, keyCompromise}}}]).
+    run([{ "4.15.3",  "Invalid delta-CRL Test3 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.4",  "Invalid delta-CRL Test4 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.6",  "Invalid delta-CRL Test6 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.9",  "Invalid delta-CRL Test9 EE", {bad_cert,{revoked, keyCompromise}}}]).
 
 %%-----------------------------------------------------------------------------
 
@@ -642,10 +641,10 @@ valid_distribution_points(doc) ->
 valid_distribution_points(suite) ->
     [];
 valid_distribution_points(Config) when is_list(Config) ->
-    run([{ "4.14.1",  "Valid distributionPoint Test1", ok},
-	 { "4.14.4",  "Valid distributionPoint Test4", ok},
-	 { "4.14.5",  "Valid distributionPoint Test5", ok},
-	 { "4.14.7",  "Valid distributionPoint Test7", ok}
+    run([{ "4.14.1",  "Valid distributionPoint Test1 EE", ok},
+	 { "4.14.4",  "Valid distributionPoint Test4 EE", ok},
+	 { "4.14.5",  "Valid distributionPoint Test5 EE", ok},
+	 { "4.14.7",  "Valid distributionPoint Test7 EE", ok}
 	]).
 
 valid_distribution_points_no_issuing_distribution_point(doc) ->
@@ -661,13 +660,13 @@ invalid_distribution_points(doc) ->
 invalid_distribution_points(suite) ->
     [];
 invalid_distribution_points(Config) when is_list(Config) ->
-    run([{ "4.14.2",  "Invalid distributionPoint Test2", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.3",  "Invalid distributionPoint Test3", {bad_cert,
+    run([{ "4.14.2",  "Invalid distributionPoint Test2 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.3",  "Invalid distributionPoint Test3 EE", {bad_cert,
 							  revocation_status_undetermined}},
-	 { "4.14.6",  "Invalid distributionPoint Test6", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.8",  "Invalid distributionPoint Test8", {bad_cert,
+	 { "4.14.6",  "Invalid distributionPoint Test6 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.8",  "Invalid distributionPoint Test8 EE", {bad_cert,
 							  revocation_status_undetermined}},
-	 { "4.14.9",  "Invalid distributionPoint Test9", {bad_cert,
+	 { "4.14.9",  "Invalid distributionPoint Test9 EE", {bad_cert,
 							  revocation_status_undetermined}}
 	]).
 
@@ -676,7 +675,7 @@ valid_only_contains(doc) ->
 valid_only_contains(suite) ->
     [];
 valid_only_contains(Config) when is_list(Config) ->
-    run([{ "4.14.13", "Valid onlyContainsCACerts CRL Test13", ok}]).
+    run([{ "4.14.13", "Valid onlyContainsCACerts CRL Test13 EE", ok}]).
 
 
 invalid_only_contains(doc) ->
@@ -684,11 +683,11 @@ invalid_only_contains(doc) ->
 invalid_only_contains(suite) ->
     [];
 invalid_only_contains(Config) when is_list(Config) ->
-    run([{ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11",
+    run([{ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.12", "Invalid onlyContainsCACerts CRL Test12",
+	 { "4.14.12", "Invalid onlyContainsCACerts CRL Test12 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.14", "Invalid onlyContainsAttributeCerts Test14",
+	 { "4.14.14", "Invalid onlyContainsAttributeCerts Test14 EE",
 	   {bad_cert, revocation_status_undetermined}}
 	]).
 
@@ -697,8 +696,8 @@ valid_only_some_reasons(doc) ->
 valid_only_some_reasons(suite) ->
     [];
 valid_only_some_reasons(Config) when is_list(Config) ->
-    run([{ "4.14.18", "Valid onlySomeReasons Test18", ok},
-	 { "4.14.19", "Valid onlySomeReasons Test19", ok}
+    run([{ "4.14.18", "Valid onlySomeReasons Test18 EE", ok},
+	 { "4.14.19", "Valid onlySomeReasons Test19 EE", ok}
 	]).
 
 invalid_only_some_reasons(doc) ->
@@ -706,15 +705,15 @@ invalid_only_some_reasons(doc) ->
 invalid_only_some_reasons(suite) ->
     [];
 invalid_only_some_reasons(Config) when is_list(Config) ->
-    run([{ "4.14.15", "Invalid onlySomeReasons Test15",
+    run([{ "4.14.15", "Invalid onlySomeReasons Test15 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.16", "Invalid onlySomeReasons Test16",
+	 { "4.14.16", "Invalid onlySomeReasons Test16 EE",
 	   {bad_cert,{revoked, certificateHold}}},
-	 { "4.14.17", "Invalid onlySomeReasons Test17",
+	 { "4.14.17", "Invalid onlySomeReasons Test17 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.20", "Invalid onlySomeReasons Test20",
+	 { "4.14.20", "Invalid onlySomeReasons Test20 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.21", "Invalid onlySomeReasons Test21",
+	 { "4.14.21", "Invalid onlySomeReasons Test21 EE",
 	   {bad_cert,{revoked, affiliationChanged}}}
 	]).
 
@@ -723,9 +722,9 @@ valid_indirect_crl(doc) ->
 valid_indirect_crl(suite) ->
     [];
 valid_indirect_crl(Config) when is_list(Config) ->
-    run([{ "4.14.22", "Valid IDP with indirectCRL Test22", ok},
-	 { "4.14.24", "Valid IDP with indirectCRL Test24", ok},
-	 { "4.14.25", "Valid IDP with indirectCRL Test25", ok}
+    run([{ "4.14.22", "Valid IDP with indirectCRL Test22 EE", ok},
+	 { "4.14.24", "Valid IDP with indirectCRL Test24 EE", ok},
+	 { "4.14.25", "Valid IDP with indirectCRL Test25 EE", ok}
 	]).
 
 invalid_indirect_crl(doc) ->
@@ -733,9 +732,9 @@ invalid_indirect_crl(doc) ->
 invalid_indirect_crl(suite) ->
     [];
 invalid_indirect_crl(Config) when is_list(Config) ->
-    run([{ "4.14.23", "Invalid IDP with indirectCRL Test23",
+    run([{ "4.14.23", "Invalid IDP with indirectCRL Test23 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.26", "Invalid IDP with indirectCRL Test26",
+	 { "4.14.26", "Invalid IDP with indirectCRL Test26 EE",
 	   {bad_cert, revocation_status_undetermined}}
 	]).
 
@@ -744,9 +743,9 @@ valid_crl_issuer(doc) ->
 valid_crl_issuer(suite) ->
     [];
 valid_crl_issuer(Config) when is_list(Config) ->
-    run([{ "4.14.28", "Valid cRLIssuer Test28", ok}%%,
-	 %%{ "4.14.29", "Valid cRLIssuer Test29", ok},
-	 %%{ "4.14.33", "Valid cRLIssuer Test33", ok}
+    run([{ "4.14.28", "Valid cRLIssuer Test28 EE", ok}%%,
+	 %%{ "4.14.29", "Valid cRLIssuer Test29 EE", ok},
+	 %%{ "4.14.33", "Valid cRLIssuer Test33 EE", ok}
 	]).
 
 invalid_crl_issuer(doc) ->
@@ -755,11 +754,11 @@ invalid_crl_issuer(suite) ->
     [];
 invalid_crl_issuer(Config) when is_list(Config) ->
     run([
-	 { "4.14.27", "Invalid cRLIssuer Test27", {bad_cert, revocation_status_undetermined}},
-	 { "4.14.31", "Invalid cRLIssuer Test31", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.32", "Invalid cRLIssuer Test32", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.34", "Invalid cRLIssuer Test34", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.35", "Invalid cRLIssuer Test35", {bad_cert, revocation_status_undetermined}}
+	 { "4.14.27", "Invalid cRLIssuer Test27 EE", {bad_cert, revocation_status_undetermined}},
+	 { "4.14.31", "Invalid cRLIssuer Test31 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.32", "Invalid cRLIssuer Test32 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.34", "Invalid cRLIssuer Test34 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.35", "Invalid cRLIssuer Test35 EE", {bad_cert, revocation_status_undetermined}}
 	]).
 
 
@@ -780,7 +779,7 @@ unknown_critical_extension(doc) ->
 unknown_critical_extension(suite) ->
     [];
 unknown_critical_extension(Config) when is_list(Config) ->
-    run([{ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2",
+    run([{ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2 EE",
 	   {bad_cert,unknown_critical_extension}}]).
 
 unknown_not_critical_extension(doc) ->
@@ -788,16 +787,18 @@ unknown_not_critical_extension(doc) ->
 unknown_not_critical_extension(suite) ->
     [];
 unknown_not_critical_extension(Config) when is_list(Config) ->
-    run([{ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1", ok}]).
+    run([{ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 run(Tests) ->    
-    File = file(?CERTS,"TrustAnchorRootCertificate.crt"),
-    {ok, TA} = file:read_file(File),
+    [TA] = read_certs("Trust Anchor Root Certificate"),
     run(Tests, TA).
 
 run({Chap, Test, Result}, TA) ->
-    CertChain = sort_chain(read_certs(Test),TA, [], false, Chap),
+    CertChain = cas(Chap) ++ read_certs(Test),
+    lists:foreach(fun(C) ->
+			  io:format("CERT: ~p~n", [public_key:pkix_decode_cert(C, otp)])
+		  end, CertChain),
     Options = path_validation_options(TA, Chap,Test),
     try public_key:pkix_path_validation(TA, CertChain, Options) of
 	{Result, _} -> ok;
@@ -1134,6 +1135,7 @@ read_crls(Test) ->
     [CRL || {'CertificateList', CRL, not_encrypted} <- Ders].
 
 test_file(Test) ->
+    io:format("TEST: ~p~n", [Test]),
     file(?CONV, lists:append(string:tokens(Test, " -")) ++ ".pem").
 
 file(Sub,File) ->
@@ -1150,79 +1152,246 @@ file(Sub,File) ->
     end,
     AbsFile.
 
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.5.3"->
-     [CA, Entity, Self] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-     [CA, Self, Entity];
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.5.4";
-					    Chap == "4.5.5" ->
-     [CA, Entity, _Self] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-     [CA, Entity];
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.24";
-					    Chap == "4.14.25";
-					    Chap == "4.14.26";
-					    Chap == "4.14.27";
-					    Chap == "4.14.31";
-					    Chap == "4.14.32";
-					    Chap == "4.14.33" ->
-    [_OtherCA, Entity, CA] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.28";
-					    Chap == "4.14.29" ->
-    [CA, _OtherCA, Entity] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.33" ->
-    [Entity, CA, _OtherCA] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-
-sort_chain(Certs, TA, Acc, Bool, Chap) ->
-    do_sort_chain(Certs, TA, Acc, Bool, Chap).
-
-do_sort_chain([First], TA, Try, Found, Chap) when Chap == "4.5.6";
-						  Chap == "4.5.7";
-						  Chap == "4.4.19";
-						  Chap == "4.4.20";
-						  Chap == "4.4.21"->
-    case public_key:pkix_is_issuer(First,TA) of
-	true -> 
-	    [First|do_sort_chain([],First,Try,true, Chap)];
-	false ->
-	    do_sort_chain([],TA,[First|Try],Found, Chap)
-    end;
-do_sort_chain([First|Certs], TA, Try, Found, Chap) when Chap == "4.5.6";
-							Chap == "4.5.7";
-							Chap == "4.4.19";
-							Chap  == "4.4.20";
-							Chap == "4.4.21"->
-%%    case check_extension_cert_signer(public_key:pkix_decode_cert(First, otp)) of
-%%	true ->
-    case public_key:pkix_is_issuer(First,TA) of
-	true ->
-	    [First|do_sort_chain(Certs,First,Try,true, Chap)];
-	false ->
-	    do_sort_chain(Certs,TA,[First|Try],Found, Chap)
-    end;
-%%	false ->
-%%	    do_sort_chain(Certs, TA, Try, Found, Chap)
-%%   end;
-
-do_sort_chain([First|Certs], TA, Try, Found, Chap) ->
-    case public_key:pkix_is_issuer(First,TA) of
-	true ->
-	    [First|do_sort_chain(Certs,First,Try,true, Chap)];
-	false ->
-	    do_sort_chain(Certs,TA,[First|Try],Found, Chap)
-    end;
-
-do_sort_chain([], _, [],_, _) -> [];
-do_sort_chain([], Valid, Check, true, Chap) ->
-    do_sort_chain(lists:reverse(Check), Valid, [], false, Chap);
-do_sort_chain([], _Valid, Check, false, _) ->
-    Check.
+cas(Chap) ->
+    CAS = intermidiate_cas(Chap),
+    lists:foldl(fun([], Acc) ->
+			Acc;
+		   (CA, Acc) -> 
+			[CACert] = read_certs(CA),
+			[CACert | Acc]
+		end, [], CAS).
+ 
+intermidiate_cas(Chap) when Chap == "4.1.1";
+			    Chap == "4.1.3";
+			    Chap == "4.2.2";
+			    Chap == "4.2.3";
+			    Chap == "4.2.4";
+			    Chap == "4.2.6";
+			    Chap == "4.2.7";
+			    Chap == "4.2.8";
+			    Chap == "4.3.1";
+			    Chap == "4.3.3";
+			    Chap == "4.3.4";
+			    Chap == "4.3.5";
+			    Chap == "4.4.3"
+			    ->
+    ["Good CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.2" ->
+    ["Bad Signed CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.4";
+			    Chap == "4.1.6" ->
+    ["DSA CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.5" ->
+    ["DSA Parameters Inherited CA Cert", "DSA CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.2.1";
+			   Chap == "4.2.5" ->
+    ["Bad notBefore Date CA Cert"];
+
+intermidiate_cas(Chap) when  Chap == "4.16.1";
+			    Chap == "4.16.2" ->
+    ["Trust Anchor Root Certificate"];			    
+
+intermidiate_cas(Chap) when Chap == "4.3.2" ->
+    ["Name Ordering CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.34";
+			    Chap == "4.13.35" ->
+    ["nameConstraints URI1 CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.13.36";
+			   Chap == "4.13.37" ->
+    ["nameConstraints URI2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.30";
+			    Chap == "4.13.31";
+			    Chap == "4.13.38"
+			    ->
+    ["nameConstraints DNS1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.32";
+			   Chap == "4.13.33" ->
+    ["nameConstraints DNS2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.27";
+			    Chap == "4.13.28";
+			    Chap == "4.13.29" ->
+    ["nameConstraints DN1 subCA3 Cert", 
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.21";
+			    Chap == "4.13.22" ->
+    ["nameConstraints RFC822 CA1 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.23";
+			    Chap == "4.13.24" ->
+    ["nameConstraints RFC822 CA2 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.25";
+			    Chap == "4.13.26" ->
+    ["nameConstraints RFC822 CA3 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.1" ->
+    ["Missing basicConstraints CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.2" ->
+    ["basicConstraints Critical cA False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.3" ->
+    ["basicConstraints Not Critical cA False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.2";
+			    Chap == "4.5.5" ->
+    ["Basic Self-Issued New Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.1" ->
+    ["Basic Self-Issued New Key OldWithNew CA Cert", "Basic Self-Issued New Key CA Cert"];
+
+intermidiate_cas(Chap) when	Chap == "4.5.3" ->
+    ["Basic Self-Issued Old Key NewWithOld CA Cert", "Basic Self-Issued Old Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.4" ->
+    ["Basic Self-Issued Old Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.1"; 
+			    Chap == "4.13.2";
+			    Chap == "4.13.3";
+			    Chap == "4.13.4";
+			    Chap == "4.13.20"
+			    ->
+    ["nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.5" ->
+    ["nameConstraints DN2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.6";
+			    Chap == "4.13.7" ->
+    ["nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.8";
+			    Chap == "4.13.9" ->
+    ["nameConstraints DN4 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.10";
+			    Chap == "4.13.11" ->
+    ["nameConstraints DN5 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.12" ->
+    ["nameConstraints DN1 subCA1 Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.13";
+			    Chap == "4.13.14" ->
+    ["nameConstraints DN1 subCA2 Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.15";
+			    Chap == "4.13.16" ->
+    ["nameConstraints DN3 subCA1 Cert",
+     "nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.17";
+			    Chap == "4.13.18" ->
+    ["nameConstraints DN3 subCA2 Cert",
+     "nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.19" ->
+    ["nameConstraints DN1 Self-Issued CA Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.6" ->
+    ["Basic Self-Issued CRL Signing Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.1";
+			    Chap == "4.7.4" -> 
+    ["keyUsage Critical keyCertSign False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.2";
+			    Chap == "4.7.5" -> 
+    ["keyUsage Not Critical keyCertSign False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.3" -> 
+    ["keyUsage Not Critical CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.7" -> 
+    ["RFC3280 Mandatory Attribute Types CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.3.8" -> 
+    ["RFC3280 Optional Attribute Types CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.6" -> 
+    ["UIDCACert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.4" -> 
+    ["basicConstraints Not Critical CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.26" -> 
+    ["nameConstraints RFC822 CA3 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.9" -> 
+    ["UTF8String Encoded Names CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.10" -> 
+    ["Rollover from PrintableString to UTF8String CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.11" -> 
+    ["UTF8String Case Insensitive Match CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.7";
+			    Chap == "4.6.8"
+			    -> 
+    ["pathLenConstraint0 CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.6.13" -> 
+    [ "pathLenConstraint6 subsubsubCA41X Cert",
+      "pathLenConstraint6 subsubCA41 Cert", 
+      "pathLenConstraint6 subCA4 Cert", 
+      "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.14" -> 
+    [ "pathLenConstraint6 subsubsubCA41X Cert",
+      "pathLenConstraint6 subsubCA41 Cert", 
+      "pathLenConstraint6 subCA4 Cert", 
+      "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.15" -> 
+     [ "pathLenConstraint0 Self-Issued CA Cert",
+       "pathLenConstraint0 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.17" -> 
+    ["pathLenConstraint1 Self-Issued subCA Cert",
+     "pathLenConstraint1 subCA Cert", 
+     "pathLenConstraint1 Self-Issued CA Cert", 
+     "pathLenConstraint1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.5";
+			    Chap == "4.6.6" -> 
+    ["pathLenConstraint0 subCA Cert", 
+     "pathLenConstraint0 CA Cert"]; 
+
+intermidiate_cas(Chap) when Chap == "4.6.9";
+			    Chap == "4.6.10" -> 
+    ["pathLenConstraint6 subsubCA00 Cert",
+     "pathLenConstraint6 subCA0 Cert",
+     "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.11";
+			    Chap == "4.6.12" -> 
+    ["pathLenConstraint6 subsubsubCA11X Cert",
+     "pathLenConstraint6 subsubCA11 Cert",
+     "pathLenConstraint6 subCA1 Cert",
+     "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.16" ->
+    ["pathLenConstraint0 subCA2 Cert",
+     "pathLenConstraint0 Self-Issued CA Cert",
+     "pathLenConstraint0 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.7";
+			    Chap == "4.5.8"
+			    ->
+    ["Basic Self-Issued CRL Signing Key CRL Cert", 
+     "Basic Self-Issued CRL Signing Key CA Cert"].
 
 error(Format, Args, File0, Line) ->
     File = filename:basename(File0),
@@ -1340,3 +1509,12 @@ inhibit_any_policy() ->
      {"4.12.8",  "Invalid Self-Issued inhibitAnyPolicy Test8",    43 },
      {"4.12.9",  "Valid Self-Issued inhibitAnyPolicy Test9",      ok},
      {"4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10",   43 }].
+
+crypto_support_check(Config) ->
+    try crypto:sha256(<<"Test">>) of
+     	_ ->
+	    Config
+    catch error:notsup ->
+	    crypto:stop(),
+     	    {skip, "To old version of openssl"}
+    end.
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem
deleted file mode 100644
index 8f00499440..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1
-zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k
-MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg
-KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV
-HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w
-DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p
-th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi
-wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT
-aV+IWdHVMKREjOXtHakoKQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates anyPolicy EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwQWxsIENlcnRp
-ZmljYXRlcyBhbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDXI8MbFkMJTmeIdP1EpYg8qYdNkQRq1yNQYMHH
-9TxFgw3L7sCGGxJS6PN4SS67CdnNZKNseFT+qAIDIbBw+p6uuAB4PWZEireOFo+s
-PSdbG2Os76qFi12SpIniE64W5aSMzmccMf6RqzuqUROYH8wOzk8w6y+RI2qnkqDx
-0HxJrwIDAQABo2UwYzAfBgNVHSMEGDAWgBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAd
-BgNVHQ4EFgQUC8LFyye3gbbbFeNrasBg1Fq10JYwDgYDVR0PAQH/BAQDAgTwMBEG
-A1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQAmASNJNMm+5XfUYE/I
-IhtOmsbGvCrIWyMyhcv7gosAMSsXYU+8CzWpkjP0zS42rEphyqP8zUAWjR/BqUJV
-9uwenHlpNeVflKgq0UVqYeoqc+afpvgLe+2o2Fe81Uz2tQ+LjwRQCm0/dhEVeZ4B
-JutCF8LtmT3hv2RlWp5v1mmG4w==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2:
-        88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29:
-        62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96:
-        84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf:
-        ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80:
-        9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1:
-        4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba:
-        90:6c
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD
-hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt
-5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ
-eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/
-awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem
deleted file mode 100644
index ea336fce35..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem
+++ /dev/null
@@ -1,107 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=No Policies CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICWzCCAcSgAwIBAgIBIjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOTm8gUG9saWNp
-ZXMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWH/haSHmzYQAYFLKMA
-cbwROk7OaY3N6TMLQIz4yWrwGzpy+kiIDZ2xVPnyHRHp12VlAI5u78kQKAivhpNw
-ovjgrUmE86zb3/OOa341tubElI6Y9G1Y1tnzPCK+hi1vjrHAHr1Glf8VOgZ9ijpU
-SjXOsw5pFlz22uc7BRI7S/K1AgMBAAGjYzBhMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBRTwRQlfeVbPleR+JYOkJ5dxiWoujAOBgNV
-HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBr
-G1ayCZm1VdyAqi1JuxUTt6bQcd8iNR0vvnl49QzjKgCNRqNV69RCH0U4ZST8D57t
-TVN8DJITlnH+Kbid6OWcgkb+vi5C0SPLPNym18RVzKNQtR88lJCByvNbx/CprRYl
-EfsMrs6FA8loVY0rVrUpEsTjVxyDh+fb8GZ3CAJIng==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates No Policies EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=No Policies CA
------BEGIN CERTIFICATE-----
-MIICbzCCAdigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVz
-IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQDEzFBbGwgQ2Vy
-dGlmaWNhdGVzIE5vIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbFHIGRAKQBl4eS/EWvFaVcb/7H30je7Yf
-LmXoIYQGeWJZQfXWSsJyXyoaMhf4uLonxy8mi1Ap8vy3Fqc9b55Cm48xatNCao6D
-W6YbSQu9hiSXCMxjXWnrYfi62KywO6I2y5JbT0CZ2PbQO0lFXYKPaTFDKzgf9l4x
-ppvlkUQdsQIDAQABo1IwUDAfBgNVHSMEGDAWgBRTwRQlfeVbPleR+JYOkJ5dxiWo
-ujAdBgNVHQ4EFgQUy5AB5Gdr2u2a+KXtJZFHFSHyopEwDgYDVR0PAQH/BAQDAgTw
-MA0GCSqGSIb3DQEBBQUAA4GBAGk2l02zPeeK5Xca7UysnHmcjV08jAnZw6WqKJlS
-ZK/upXnIu/i4JXjxhC/aBpFDs1foGPEPb7vPwJBq6psJ/qvrL3FxzWnmp08P4iUP
-c7e9vxXYaMIQC3duKeV6SOn5VrpSPYRfchw/i70FJ+QCw9xAvNZ2X45Pzi9k9xUg
-VfLw
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=No Policies CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:53:C1:14:25:7D:E5:5B:3E:57:91:F8:96:0E:90:9E:5D:C6:25:A8:BA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:a4:9a:ca:5f:51:9e:91:db:fb:8a:0a:85:9b:64:c7:08:ef:
-        d5:17:43:34:7b:ad:53:90:4d:d1:43:10:f9:47:88:de:f3:78:
-        67:2a:3a:4b:0e:5c:1a:a5:ee:19:b9:ef:f9:eb:3f:f1:39:2c:
-        31:ab:e5:14:a7:90:8a:87:71:c6:78:a1:75:df:84:aa:3a:68:
-        37:8a:ba:65:79:1f:31:93:8c:4e:6a:f1:1c:3b:fb:68:79:34:
-        55:5b:42:55:8d:f3:2d:9f:f6:47:8d:64:6a:02:84:0b:97:aa:
-        2c:c6:96:18:ed:b3:b1:a1:62:b4:73:40:83:00:1f:1e:96:ec:
-        d2:ff
------BEGIN X509 CRL-----
-MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVzIENBFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBRTwRQl
-feVbPleR+JYOkJ5dxiWoujAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAy
-pJrKX1Gekdv7igqFm2THCO/VF0M0e61TkE3RQxD5R4je83hnKjpLDlwape4Zue/5
-6z/xOSwxq+UUp5CKh3HGeKF134SqOmg3irpleR8xk4xOavEcO/toeTRVW0JVjfMt
-n/ZHjWRqAoQLl6osxpYY7bOxoWK0c0CDAB8eluzS/w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem
new file mode 100644
index 0000000000..0c32ce2edb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 2A D0 22 62 8A 0E 0C C6 9F EB 81 2D 56 D1 0F 7A 3D B2 F9 79 
+    friendlyName: All Certificates No Policies Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates No Policies EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=No Policies CA
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIBATANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEXMBUGA1UEAxMOTm8gUG9s
+aWNpZXMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBqMQswCQYD
+VQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE6MDgGA1UE
+AxMxQWxsIENlcnRpZmljYXRlcyBObyBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6WDyHxhLZpA4ge
+LxU8BbeIOR03CkUXr/Vvnl1X/ncT1gvBBBnQ7Po7o90+gGpGzBPMjif4gMSkUJ8q
+Q+R0STU5SIHBBPl3mxEKU6htvRX47h0hvUzRWKnN2lvQyzD4GkwQhJC7Tv2TDLCr
+tVm5E324xPUAmBYLnbILJ4yQjLXWIa+usF0r1rm0L77cjkVz7HQp9hT/VAOEof8u
+/TWuHTr6CoPEJQLsybS6/tP9WbyD3aPS0F/X//QGM2jwbVVcwlkuodxKrFz5DaMb
+D4EaG5cr5NdDyjbnd71OUXG6j/LuQYuRb2fmXo3YQE3KK6/iStbqEudSUqma7DdD
+7PhI3McCAwEAAaNSMFAwHwYDVR0jBBgwFoAUQiQD7aVLdpyXmFx06gU6G/w15Jww
+HQYDVR0OBBYEFNpNr/S+ZFlUsYAeWIckHljqxZp+MA4GA1UdDwEB/wQEAwIE8DAN
+BgkqhkiG9w0BAQsFAAOCAQEA0xqFOkeCtxlsvCwBTB4pfZNN6qpoRnJFjYD7vmaU
+6XJQAO2EUUCVefK8eYoxPYwgbg2uTYk4HtTTF4cbvsr04hNjh0rBm7F0X7BlyvcF
+TLBW7FEk5aAKjtNGca9kJw7aPo/5vaDkPjnrwTwkUBzEfRveXJE8JqS7KIL/0+SS
+QCNhqf/Fn9KOpcwhQRKZXLcLlvVGtAqkexNM8ZNWuSLidt1Aeihudf0h/dC7g/fx
+NTGfhBSvoKVyGS3AdadQvv9Ce3l2IY3P1NAczdaY/RY+gE2ccmEiRSc3IXETiUXj
+gyzsUXK129XEY9fOQ88ns7RLifh3JBp4NhIvCx0oDWcezQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A D0 22 62 8A 0E 0C C6 9F EB 81 2D 56 D1 0F 7A 3D B2 F9 79 
+    friendlyName: All Certificates No Policies Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F93E81F0FC4D6CD1
+
+8/7NnGtFRy+0fJgWW6hMw8LZ4Hm65YTBb/+ft8ET419gDdlc4exP6dWbvUNTx+3n
+xM59XpMjLFRFKhM72sBWc5ORymftUErbvWz6Mk2Uij6V2kVGUZ9GyCwQIkcixem6
+BH9vjXvu/v8R78fYfXbwhRFLmDxVs7d+J08a4vRR5bZkNkVHycGPBPojQYQ2AUrt
+IBgn5l/HY6tMMNDOBe3VGXCHesGcnsxnjmTcYhG4VTAFchZj6NqSwCmEuV8RDwCd
+odkN9BqFvbYp8uuBT87THx8+QYYySFmMfSlpJcTibQVkvCEyBSF0lccAeqW5WPCW
+6l4ACED5lBBoVzxYERtfiEE1i1C/c0tMYahGDyRtjX5khh3IT2WDLbt0ktaBBViB
+3BbBv7pkJEyMp1SjjFXwXiBwOqEWqEjGgnQB9LYafpjxSn7ZwGZ8/ihnqBUUr27Z
+o3TmQV4JV+Ar4/sSz3vjg3/vKgjCymjLKw0hAB4fodJN0CAdTeK6gPhFp4gjcu5B
+a4sc4loF6xKf5YCOIGb9xWZLi+w4M5Yp6wWHI6KvNTC8Pp9/dt+7F/hiZ7q1YeG5
+YN2LDHmHgCjMAGMlScJ0+D/fgCFrCA30BkOmzXPRaudCSg75zSuBh/oYPkLBDOof
+ko4zs4TFplXqL1Omi25H2h6eF/0PBo8DQL6KYzBrCvzw5hLcrAY3cHRCLMfBUY7y
+bE56+LTb53z/dGK/2KfjgdTGcimGe5AQ6DQTFnelqDNzODXjnc7x+Bt5ngK16N/H
+cEWE5IUvmYf66aUGiImP4cyvDq4gChNj8AUxh2HpXYN9kYGz0qjPJyS8jsvN0cMe
+SWN38A8jXCc63Di6Bqj8JLTJ0kSFnTyiu1tFm2EDCgLT5JLMe8dkfKCX1eN9vvZQ
+JG9iMt0SMm/kNnxKWP/aV79W112FYZKjkceus6MUDkxqGXbcmF6TRSEFl7E2Nh9t
+ebEHGznMVUef0v2o/ksggndfQZGYrvPJZ6/rBiWA85FHCerbtATm2JuIP0uuGpLw
+Hp9xZJTo7Q8sMvP7KCKAq+3c/c1gRgggWsmGvLhTNg1Y2InGGVGcF4TA5PfNxHrM
+XRFwqMwt7hEZpzJFzuc+Q2QwbUcjIgTmzYgPc0u22L7cgB7zykihmuqHNtA8jZFn
+dEVffyO6kPM579Ebrb75d3QUtY8mJXzc4ZFczV9sXlzxC0MctvB2INUfgYwTBHqh
+kNv1vh0HvXEkKUCMmmvEMY+dmscDZN4HzLfqRsOBTbNQPIwOxj4RnSco1tiz/JxM
+EmIrjUvX6/5FrHdr3IeRdECO2+/oGO9MYj+siqKwnPsqbIcX1Agz2h6KGJYxXPPz
+IoTM8g7AKjL3z2zkuckW47EvH2tJgBi3GXxVMUzOxhZKrvTVyA4UgNq5B5dZqnJL
+JOK7xlbGCf1D4hXNG8Hzv7Gf/uesog2pUt8wEApRAUDxXTWrhUQyXfRkkc9FDWBy
+36QCTtRt4EE2kn+TLSbtAoVzHXb5lxBdHEoQ+57yXA9tLxDUgNE79c1LSi1AqRdD
+27CN5LFKEEPf1RzHhrlc6u9KVYke1Z+PhXHE4x2/RlLLmzTLmDNcdg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem
deleted file mode 100644
index 62412e9602..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGgxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE9MDsGA1UEAxM0QWxsIENl
-cnRpZmljYXRlcyBTYW1lIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QxMDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmrdM0DTddXChaxuvVK1/9AmbK3pj
-B7nrBT7FrZ4f+6sp0e/vN7kCNEiAaRq1BDUFjyiesHIoL7gVKw96xoYTQ1qdCGZO
-04GFQtVjtBx8SZCDsvjWgaXxs2BPj3ooNV199aMCiKTeNPm1TwL2zpmGRBaV5As8
-X8eCNYjiya9c6jMCAwEAAaN5MHcwHwYDVR0jBBgwFoAUAONl6YHUhrnHHefzMzkG
-XkwRpfkwHQYDVR0OBBYEFMb2N25TEoHRRp8AmP8/XLXv9HDaMA4GA1UdDwEB/wQE
-AwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkq
-hkiG9w0BAQUFAAOBgQBM+wZzcjByDVKWb9MADcwg0VTmgmhOhSmt3fqhHagC9q3G
-ZY6+OWkM6gCdmw1JBr9JRTHPl1uo/W5dI4OVIupjsct4ObPWx1yn29VM30lyaYDR
-iBhgjOp5tonCixdFbt7pMnviPwsIDKdQLQz0k8m7d/au9BVHVSlyDoqm0I0uSg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem
new file mode 100644
index 0000000000..3db8e63cbc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: ED 37 7A 96 E4 F4 B9 50 1C 32 6F C3 52 F4 15 29 25 8A CA 1D 
+    friendlyName: All Certificates Same Policies Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates Same Policies EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowbTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExPTA7BgNV
+BAMTNEFsbCBDZXJ0aWZpY2F0ZXMgU2FtZSBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQIvsOjHjY
+csCDpWm9SJNK2Lwz8/4bpvlcdaG59lROqyk6OL+0/Rd214G74S26m6BrgZuzoLbH
+MlAaCjdFDbUSjh086jFDMgXHwdud78f442+V3ms02gqmijFPvSsOWWyRu0BzTz0P
+bW9IWYtIAG8DDqGflBISatXkxS8wQHCuZdY/x+XjjISn7oSOjPamfdoqT5jEThof
+50jzBxDEdW1vbjU4afAwQBD28t6fZCdCG5kUO1uZ3CED0R44ZV0gajS1Oah9qvrH
+jeCFGGRmoi1biVzNqe9N9tyqw4PWZ+TnzANsaf+InI09mZGyPoiQXB6mbfJFnuCD
+ZQ7AcQiP1VPbAgMBAAGjeTB3MB8GA1UdIwQYMBaAFNhfNeKawTcqJs6DzHMOcBUq
+OuIxMB0GA1UdDgQWBBQKlt4EYF5FmsVHFjO1gRk49P4KtzAOBgNVHQ8BAf8EBAMC
+BPAwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDQYJKoZI
+hvcNAQELBQADggEBACu8kiAp80ujcBGHavjXgp+HpVSQTqRzTLKbf0EFFib6KedE
+sT67cvLjuTZMcPmwYHnUjBk/KGdyn9IwetblMTj3hueKNx1yKXfYYNVmE13KPPpN
+NcPe4Eal9g4I2noPVt8Eg3SgNIghPFz3XJQNGjN5hMdhmcQfeaEJe1Mlwv2cdgs3
+D02kpjI/KGca9whyDpE0jpu77gkO4ZmRXZxaGe8i35xaRrrs124Zhz0qtJn7iIaV
+s7ouezKkvE1UinCY2pdTZHMTs8LSklBE/IL0Ojwqpt81FptUFMihOaMtMrg01E/D
+rahtaL5Nbj8nVUGlVwiEkUy1CII3ALs50xqw8gM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: ED 37 7A 96 E4 F4 B9 50 1C 32 6F C3 52 F4 15 29 25 8A CA 1D 
+    friendlyName: All Certificates Same Policies Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EB98A807DC3D399
+
+fhnzBwxtkklORe+Yh4iudRuENOFlYa9T0GStebQUNLB4fpdxlVUWKCd6hGDhVdAh
+xrTDyXWAE/CUquhCUphGt3vhZgThk03pYX4MiAGyC/Dyw4VGSkqujc+P/3oMpWyI
+Z7Q5yKYxmXIPo0ueQMXL9gMJjOJfmHweVMEaGZGozIh0fNO3QLC8X65yttS9xxT+
+dMG+3o5B+wRcwFMxe5i44FbGiDHdarsaHTYrmxiuWgsQaxD5iSM4TSXfFReAerkG
+3/M6GdeHGbyd/ePTzbLY6APLoj3zREmrRlxPdV+pqMXp1TJORyoea3Dwwn8tzlEC
+juh/7dvzeUCX3yFZmO70nyC3YY3pVHE44yj8tx5JswNvQUWnXPK/imvJbRgs7RfH
+syU6uFD2nOrHa9DoKNDUENZuSt8Ck+6xpLwUfgrzE0IcP0S+o7xC7lfs8KfjbkgO
+CtMxS8AacRkfv5GQCDcS7aT37aQz1Z3chZkjbacW/FljDupK6FZBmQo/KIvrRZWQ
+KhaTG7EfLEwDGzHQB85dAyTcacNRzpZg0tccdfBFNzj/52vLVWm+ng2pvR/TudaL
+M5xA9I6Ykp5VNFR5jwNwNvOhxQ7T2I4dfTXbhFW9VgMJYTqoTxtdt5skL8mSiRHd
+24pnV+B3Io17jPhuNXPpJgtbCFd+H8Nx24yo9Lo3L/lAQvgvwuAD8rrAnSBVY7mG
+vXuabzh93vgEt6tL4UJEVBMTIEuclcDTsSPPWVAcdcHqFFbXseQwJDGRSHRRMIP7
+UAb71S6jx0CBeO5igiIwpPBpfmDujskCo6CihN9fxH2TqaCvR2dYaE/V9qj0tBWb
+nze8mdsTfo0l2zKp5F2EWfnE047vDRS2M6fCS1hCIkvN1DLsDcSd19dafG4SKEgM
+lHeY6wf0cnus/fhK6Z7yaG6mffHALPHhZBk4yGV8pwB3413DCG/0cEHNO4DSSQBB
+113ZUUcnzeSvjYYeUV2LHRPi1+bc+Go35j12PZ1xk3wQq23yPfcJdGdNzpNvMM5g
+F2KMJhdJXfZoDgqDpiS0F/UNnivYl0/IDmcdalMhc9NATBtDSQvSVvCcDlKeo7QK
+cc08JwoBN1aF7XDCqb1fxr4GZDk6V5qgRFOAEXm83QjE9ADNJ3tS/1u6PwEAebWs
+KJjE4EvYG3bcADvoyoU6I1BbewUtHCxEvorYuj0t0wZxodnOew9Lx7JeDNFQTmxW
+PB10T16LEu4Myw+/W3zZ/oGOJsGfVZ/f0eSnkrfHMMGiBg+BYpliyZvBtrXTkGLA
+7yAFUwu0yiIfpt3y7aJjjYyujyKDqKuMz3nSIoAANEVHyGdlMIknlxqsf1FVpM7L
+muN46G5nn5howKX52NPe7zyEb61NwkalDHriVl6a8pImGv991ZMfVjavc5ODubXf
+sJl+hTCejauRGf878kyomrb/ullIz8t2WgaAePfKvw4cGsmZ2N3kqfjKYWg7K/gJ
+jC4HrmnRc/Wak01ZVgRL4hk3R2AQu1lklzdSBSZKO3rbzIOe65qsSK/Bh2ViA7y2
+hUlzqaotDhjZ21oOa6+wfzYx0oe/I+jzmOvV7Qb8XyVJWS4BDFTC1ZLLS/SyIYoM
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem
deleted file mode 100644
index 888f8c117a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBoMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNVBAMTNEFsbCBD
-ZXJ0aWZpY2F0ZXMgU2FtZSBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6RCve4HAIbl7RQiw7tPY3IJ0oT
-KvS2jsUu4eNuzThRoKW0cWW3N+Jk1rkqgaaebVodXrb9cuDFONWRL0X2DZazb5h/
-4FX3obShqywkydsz7vBoixmRXa/oKtIa78h5zQTSDPR0sJeWIikOUJZMIJv4CNw1
-Pwvu3Y3i9CwT6m2fAgMBAAGjgYgwgYUwHwYDVR0jBBgwFoAU0L/Nm9/xkf2Ch1oQ
-z5Cvi7zyxcwwHQYDVR0OBBYEFGqUba1DKQxc60sgeqLAqyOR/22bMA4GA1UdDwEB
-/wQEAwIE8DAzBgNVHSAELDAqMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjAM
-BgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAAd1diIEB4YaH7gH6DO1vptE
-G2YpbuvISfPDhWjrLI/sLSJTH3l+kC/GE4FDEHJ0Rc76la5gyUbRwX1zTZKHGyxx
-NhuE3i0XkrAlR6xRUJRcb1SgD7JqMzup7ZuFP9h3+txi71G33fMStCxKGa6ijUKd
-LTzImFXGxbWm6SZujuyJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem
new file mode 100644
index 0000000000..286627830f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 98 55 92 32 22 6E A5 AD A2 4F EE 02 A2 E5 67 24 74 DF 79 20 
+    friendlyName: All Certificates Same Policies Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates Same Policies EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UEAxMQUG9saWNp
+ZXMgUDEyMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMG0xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMT0wOwYD
+VQQDEzRBbGwgQ2VydGlmaWNhdGVzIFNhbWUgUG9saWNpZXMgRUUgQ2VydGlmaWNh
+dGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuonnfN9t
+4ddPZ+ia26RVmETsLKghhyuChxjPOzey0QTTUvM7qpHFYdIxV33GrQo6A7gFqhHd
+fWyAk0/BneTtf7NMzEVpBhgN/ALibFRF+gtg+9+PRECBOBTE4/Fn3NTVei0br+vY
+IHq3/S1YmJfbaT75IMLxJLevjBaIEg1ZAC8e42BydhD6yOvclRCtQaTmlVMPAF2w
+16xXisHhOlIdkmoTvVUNsggM7sfp3Mh7rdUsUgZTdx7lN7COEYIo+i3IU8YqOfeo
+nonwyxPR9p+vHCCau0445QquJxq6BBiIIFBqyEKPbw2y0a5tXWu9HAqkWSZD+1oJ
+y15//w8dWuiHwwIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFIwoCtoNCRRi7j09lrhx
+kxKJ6uhjMB0GA1UdDgQWBBQV5I2I9FFatmEJLjYrRhl3ENmoajAOBgNVHQ8BAf8E
+BAMCBPAwMwYDVR0gBCwwKjAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDAYK
+YIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAebUg/2b+Scy+m8LoFzpVGpLL
+81MsDH+Ft+90ub0m3BPmLhy6M+pL6I3w4roiOqdnbokcNWiUKLV+0aGR0T+fLw7H
+mhltaORuZHTZAPZq3X1GwRS80r7kPBJDCmT5sf0DrxMg9e0tpJSKu3UQrONk8DyH
+z64u6w4tlg702fdr2VZv4VLlUtLkx2cMPwMK+ZKJ+FBK07z/69EroGdakfaJqMA8
+SW+VOyqg+koUo35DUv1n/t8/DaE7rNux298Ii1JZj8umtVmIet4sHBuIf5Y4nmYD
+KJxml+xOmIJ2jXfAb0A0VmpGg4SYCcUTH4gWKA7oPAYnic4llcUeM71RGKzuoA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 98 55 92 32 22 6E A5 AD A2 4F EE 02 A2 E5 67 24 74 DF 79 20 
+    friendlyName: All Certificates Same Policies Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6598F90C651D7B14
+
+gLVeHzEcRzOUseMCKz1TMOnYdSgh9Vc/Miav9QDr3v24THseAgHafvP/HSB4YUSL
+O83vdnoePDKsNavnbhgKIeW+c6N+ByqWGbuerECn6m41aJJ5VSoch6RwMva8W1T1
+DiW1WR1mqU0heCgd6iMP3ja+oL49GQdBcT3RHBT5Vj+eHJaruOTCGMlG1q2Z5vVy
+Ofj7ZXIx42RP5AkLRTXXTORpLqnG8E0wA5u+S3EYDpEecrjNlq/lejCgwEWh2++U
+ODFw4FqZ24v03RLqpzeWQvT8oCrLv/HuZUqeGHK/PBCMNzRkNHsF7E78m2SdhbCo
+ysIGCwfZzHk+yKf6+xktAfDFf1XpFZ4gEfjddfH/IsKLMcrAwLQnqKUpN1eUvG6l
+JUteVwwpxHIP46ZdOvMHExYp82uGFE92yyGrJS/3z5JGISpLqh1PqA5lhqd5a5eW
+7p6qdcvwzSuBPLVKbwgKE3QROHNjvmCmVDeY/U+U7bYhZ535Zq5vdm1ZLpclhcP9
+qE1XOGl+Nf1nnyGEk2ITECnZFSdsUo+HdSA27qCqQ6IHgI1P6I5vGCLWuuE2OQ6N
+EckKeOw+NXKUxqDJDCXhOLa2UMDYHopOO3hx4MjMg5d0CZHv9Dbc11sPnpENx+dX
+XO2qJGuhQV2a1O0B2hFMGkDAUkcSoFXyWf8kJVh5s9Og8GDP3IeskUzbEKmhBsb6
+5nKBq/OX0dZFuObEBiDuG069yGlxSut8L5d3agB8F965efezS/tJmAjfK+JVXxGw
+Kq4rE30aOhxVybbUrJYCLsq6g4GmRtPGxWyCGrteJHSr6iMJwU8IqpKShM3XV+KD
+I/8V5H+3/QoF2BLiz6HaP+uwQZmoXX1/5QCvzqArLYeBGx8ucoPDuAnw6acS9khi
+pKuZwBsVX2UfuqPdWNNR/DC5kf95/ldg31cfgiU/5YyjtvuK82PU06nJ7SYchlZW
+QZ+4b6LY4X+rhxIzDJ6CeTDnYq5RuqaUA5Kteu9Tg+4xmijS1paatZghRJjnYrgc
+Gy96sn6LwmHWcIvlEXPEZJ0YKkF189FpJNWRpnpjz3+bvLDi/MeBx4c6zWOlDmtU
+OZyU4k4C9sphpmX3QslS6pVNV0wkkGJNScgGePjkviAC3RIwf8fHozAub4tLKG9Q
+onhrdCV+ivoHO193GZq2FbKn9XkeGKfJLrA3mQaebjiYln0O79+B9vdzF5ceDDLS
+eLvK2sFmyxt9EWtCRy847uW08xUU3Get2g50v8o4blbRh0G0I0JcMjFGaoFPaMP7
+kWC4DaBEHHSP131NV0rq6boQx4kWTaEZnXBf+F/A838+7jSTXfsWbvwhkLmi7XtI
+trFU11oYTHx1KHhhyA68GdDH+kCbg7NrPdF+ur06kpG4N87iSBeCpiodYmlDv0wA
+7MUYlH3cZ3OYG6MJdWwA2hjSNeqeNvqLJE4+wfFUxkSs8JZEMQLCqaS8+4rvXAgb
+/rzzTnI+MVFQWNen6bvobvMFHpEhn77FMmE6WPdhvp/bR2nFoEH4QAXUbgpIw9K5
+wwhVODTI4Ux0eIpKFKeC+7OXUmFQdESB2qdSHEhyVwuFrJL2YPMOKA9yyNT0LxyG
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem
new file mode 100644
index 0000000000..4cc6cfff41
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 59 4F 91 03 49 2A 65 52 E3 14 F7 53 14 56 CF 19 A0 86 25 43 
+    friendlyName: All Certificates anyPolicy Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates anyPolicy EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMYW55UG9s
+aWN5IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNVBAMT
+MEFsbCBDZXJ0aWZpY2F0ZXMgYW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3Qx
+MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKLRwAzuUEtOy/V47M/
+rUpbPiMDRXuhXbrcDN+erHgrUrGHJA5FpjmB6PRYL7fR1mJl+yGRCDrquNaHkEoi
+iUVGpuC59jBUIguJr46ZPrAg4XYzWe/Wh8JTCDubDKEVlbN5F3c+ih8N8aKxQpGW
+ZPm/CWaMljKSBgZeyFzDN4lrAvQYfFeR5yvRQ1rZbQPi3mLjUHG0JwsaCbPYSv3y
+v8XSye1NENSaPaDQ9H/CzLfUKldvkNCnZmeFaI6UKkaqr7RMvqymdIpSjz/Ic7fR
+96ZZgQzCX3EPZ5k4qyaTDgvuLCvlMrYVmHRy3oj8XHkb0VP1zEFmVYyx8gM1UBk0
+HKkCAwEAAaNlMGMwHwYDVR0jBBgwFoAUu8neyByV50LikKKOrgNcqyRgfoUwHQYD
+VR0OBBYEFP0x7qhv8jhIP4wDRMsNB2Ztq9jpMA4GA1UdDwEB/wQEAwIE8DARBgNV
+HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAGpQqQ5cWZS64sgYSqdC
+NW7g6xU43pbHIqs0NxBefMaYoHRcnBZKZZ51mesxhLHBqOQmJZfEGmUVDJvdOfDD
+N2ShmiO9sZhVqkPZ+PMu3M1hNcnuhyNO7XnlmKKzWXApasvMivL9qM6ZNa0yHELY
+2sgKEo3y/pL4Pxld5usNH+dBib7FrhEvCZzgOKZcfC6ZQskkVDiduhtPlRM8FRtl
+wlrWwLPEPMrYe9rtqGozEOKS7HP8SWI2zzkhIZK5dVXYUpJ+oRAYtLmKuiIAJ+PY
+hWFAwNYtyafe1P164tjeT/JtHAGPQ5ogzcelmzRk8UDG+G/V/MW9wqQTCDzkCR1c
+Fmo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 59 4F 91 03 49 2A 65 52 E3 14 F7 53 14 56 CF 19 A0 86 25 43 
+    friendlyName: All Certificates anyPolicy Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F7043571D5460386
+
+EEhobVClGaXIyJ/GA9o6jtbCSsogPBfCwuUDW0AsT/M5xV1I8L0q5D/IhNM3QJj+
+acq0D04zTNEJQC+06OdxYA4XiLXLJrepc8+e6crkS25+YkCPaWhxVElquJIrORca
+nl7fH8CbF/sTzNVs3dO8pA+WmIqaYdkZCMOT4U3P7chwyqszBQn8PHvS14Il1YCX
+MINX3YiYr9YCsA2yMy5QwBnQx2G74O/+gdyfpJzbP5Rs8L2x4aYHm+w+MlQTF0Hl
+wo+LMbGC2Eu0AWTOSH88d41nDzZPBnCY8CKUWu00JP7OAWEODTe/MAlqn5AZ5Edx
+M9c1PknSgHFB3atXTgc7oEMaX14xDmCxET26mWOfmixDvBVIGh613Eh9FUba0rlV
+BsUhD49w4E2phyz4vy12BPihlthYGHtg9osWOSPFtAWGk0JjcbwgvwT2SlBUs5/E
+zl5lfB2YIA+OkdyTKIG0sdAZqyXdZX0cuwV7sir8WtfJQusXRqEtFIqbNaTFpoB3
+r32YavVyG7Vjlz12BuznCmlGazQeLlHw1LZISVFBzPaIwzDwJPRXjVyB19sxOLCv
+LdrTQHSRLJosfFoMxbKOqm1Lzhh/ExOQ2ZLBCul4PH3e9Txy+h/eQbuS/P5ee2G1
+6zFXhMQT+M8oyDfJJ+QsfOoevk4bG98uQr+6IRx+1IifUpx63DYHTpnQUVzdnhCg
+qHTgxbyJRRkxNWgXb3feSw0T0ZUkyG4XMOF+iqCuaADwtk1DlAG7Dxq0D8YnbUAF
+JNRRxTFgrIW5Rea9zqAyg2dPLqJ6vAl7QezVRIc8QG1QQr0z24neQ6hKLOhhHzdD
+X7NNfAQHEFmMncJBd4EsY0HdBYK3ZkXIYgJtzVopBEW6XTlmRe0mj+LQ//Vz2nzj
+SP63MY6zmNlCklF30O2raSKjBew2EM602jNHu/S5RYDPzFASWDvzWboY2gDYGDzF
+zhhucl1Ij/kyejH6EF8uSOdAJvxfolXlVn73+zAHt3lk1TaHDygtBdD3lRWVYa7Z
+GUg08X2GBrEGo9v0CkdD6/YiFU2M0/oFhNdm6Wej2MJ9+a3LDuXAi8/HsU7QtxA6
+xg2wCB58x4Lk+dR/sUWQxjVeQfkiZkjJfGYtOMp1b07AjCWI5w+EQmc0THwrteE9
+WAq2RKmqexXkTmCEMzgzeJnk5YxuwgzNqwxzl9O5ja95H8iXQgy94RDIIqIsX4oZ
+nRVlr15PpH3oAHlkX7+uCBYuZb84I5pz+lqiXEOkEDIXRc2oSExxW5tEhkmTmSB8
+KLlCtzxg3ALXulXc4VbqJUrRkJGRFx8GJlhuNE9bnc1stcpg5fpbEqTMD+NQuiDz
+0m5NZSS83hHClPyFebiOlXYrZQR9FThWezPmDOzCuVVFO3szL/IZ7YOG3Lt0NJaM
+Kz4HmJsF8h9SENI6+nWbYAow7F/gwgADx5AsqLBdmmq0pouawsZYPNZSqz+++p+u
+/ZYzPflLW8HOwqbH0H/gq89H3675/YbwHSPNpfTLkUOBSkwpwerkF40/U1w5a3e3
+fMs8UNwxyv2h1hhEO7CCVE2hmODBsyM5tOAAF7abgVXqNL90ztjoOg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem
deleted file mode 100644
index 82576fb4a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=anyPolicy EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICdDCCAd2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfYW55UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAosJmcfDGby4vpcrZs7/LeCfqnvDfXgZakoRonLHgudPwLK839x7AtBqsAAsx
-wYNmtj+gGNu9x2hjBOrEFHjxVhCZbr+V2b3NuZ0C2p+OcSZ6nKYxxmgtP9NrTYZs
-MVo8uJ/d9zDXB7/Hflbl2iOtwHe4CpWlWkAcb55leIZdFx0CAwEAAaNrMGkwHwYD
-VR0jBBgwFoAUPrOeouRDhftnQDGGE5vGYe2G1eIwHQYDVR0OBBYEFEAG933vDjVc
-5TJ4xVFIKNj24AmHMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHS2x3KJlEZ/YeT5mje964ccV/zmiYkiy
-SP02lLjIQuB7b4R8xS4TYb6lXC18dc0776mMu6BQVqECrBq71A77N5cd5Xuc/+5U
-5ZMyLiowPxjhgjqMOZV6Vno6zYQh+4bdFIqNZ4Wv1l0KyhvD5KU5gBQ6uK/Gbmgx
-gC2356iQiJE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1
-zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k
-MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg
-KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV
-HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w
-DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p
-th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi
-wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT
-aV+IWdHVMKREjOXtHakoKQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2:
-        88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29:
-        62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96:
-        84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf:
-        ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80:
-        9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1:
-        4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba:
-        90:6c
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD
-hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt
-5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ
-eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/
-awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem
new file mode 100644
index 0000000000..2ea5812527
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 5F 71 8A 9C 9E FA B6 77 CB 18 B2 A0 2F 5D 73 4E 72 B5 2C D8 
+    friendlyName: AnyPolicy Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=anyPolicy EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMYW55UG9s
+aWN5IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMT
+H2FueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDKV4x9YSxioiuPeQ7ngd0MdwlQUnIwpX/DTeU+Zjxw
+UXS4MzHRn8zuzbGP7DfS6lmx9RMpFE0UV+zyo6/iXaeGgSYIoDoP+mX+o2Fy1ctK
+sJjDmq42VSs4OOKsYGm4kVvLhRI3xPdj/OzB38aukiJgBpyBa6d/y9RoTSdRibE1
+yjgI7GeZq1Oe8L6U4JwHTDG4HXZe1cHYROPtr0favOsOsROEvScIOG6nzNtcdCgy
+yHcRODBMqI7huxuQdgdUDk1oc7upF6H/RHLIWnIYPTT7zR1J5+6LEt4OG9jKB2/X
+M8FbTR0OYcg5gpAHMNfWozYLLolyNdo/PUz8os9N9T9BAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFLvJ3sgcledC4pCijq4DXKskYH6FMB0GA1UdDgQWBBSxz2HJeKGhgtmf
+nkgFMNb1Oc+6ZzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQBPBpWPbfq2YB7SyxdRFRsYl0Y88JvLRKme
+jmCrJlUPetIxVd64HNJrcrguqsXM/iWn+U4Z3lyNS0gGDUkazuKi5yoWonFqdrzg
+z9e7c7HY9NoLfb0c3dNmfll9ZGLB977XFWOIPj7Nwrfaoge6LvjyUT/hT1QqZ1aX
+2DOGOwucC6HoO1S3uDQuWDO5ZvVrLLP9oydpd3nfHtBu1S04qG1fZ0A58YYLhT1k
++IiZX35xhNtNDKbiCQPu6uYeN5zABQuL+e5SjDujOPVHJDeHphAGLgpbFIu5+NkO
+SXbxdzrX+dllyieqlkyWIuEPHWa9SSNRRUv1kQSqd9ON+iL7DilL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5F 71 8A 9C 9E FA B6 77 CB 18 B2 A0 2F 5D 73 4E 72 B5 2C D8 
+    friendlyName: AnyPolicy Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,057D52701BD0DDD5
+
+JLZVDDBeeuWyNhonJgsHH8oLBq9lCLmBtMlJcSnDCCd1p3q8BwqpnXKEu06luy1d
+pBBSnx1UrYdslgGV7NumlcuOnDY/YwgpqxvFVHWk8cpUTZArqkij36YDj5ItGuhN
+V7OtGMxz/9dvc/8X9QiSaINo7WWkNr2ac4mHjltgCCnIiyFRKeX156inNdrrHhr6
+0UU0I8Q4CYf6rRH03pLhGCdDFV8fI1fSagJ80nGsYNPis06RFXjIS3vwNfT7PNeM
+LGnLjTnRJWjIQ4Oes6gQ63GFrq2Pyhrd9sBuZZDidhLGosbYWWMlVcX4lEsuN/Wo
+BIRIS4C37WGLCQPTizlTHFLlUBZEVkhW9yiTxDeKeg6cZDEuYLKPaiD6+UnmxUlN
+WW+ag+BMisyGSBJHcTMRiV4yisNM2Hfwl9yd0RLK8my8iXXjpx0DEy4Eqmol9vwF
+GqC3TfhqDCKVN311JeDJDj+4JZ7Cf1EtNT6SYgu1feS1cPX9MJOm4xshF3Dpys/3
+Wv0Z7rZi3QczqFt4D+Dr5YV7iYXuX+i27zECMQsjFhT283f4YdZVJ2OegCXNQIKY
+g75IiIUqNRJPlkolyeUHs0q1fP6DyTfOMRzu/WmQtnmwqLml6+pE62ZjxKyJz3bB
+H/9cm7WmsFKzRMPf/53NsofLHzkr3VXxC5hb3zLKoAKfAyih2jpov5EWDr2USEMF
+gII54p2s7x1dh43/sBCfZ9ujM0MMuhvI6nG2mkvOf+XnnSA4zP1Chvo3JlcBmJVf
+dWamIjZi0EeBcSo9oqXj3lo96fFBIzx+pPb4E/mxdnBagWCWyu4s7/GTm23Pf9AI
+UdzlMpZuzEMQslRMJy0ikb6OGL21qs7JkhQ3XnQxawSl0+sBto5Em6jkIB1FhAeR
+UCuN7MZQ9QuxOHJwO5yMqG6IeslWGex96GVaoq3dKQh6SPkFXO0WaTOlvs4836c7
+jpBEZdJq3180WYwMOvm6U09FiIP0oWDsnn2REydlO579DuT8vkpDdJCJmNRwqcAb
+uDTulMEDuodGP28cojooGzRh6SaqXHXLUqUD0iPgzo5+jtvww7IdNCsCaC8DbvT8
+OGdjpZm/QMtjpl8C9sAIMhB8UvrT6uJfeknPshrzpmi90YM6eRZsoRtCNWNyZFJq
+ATbOY0EdCyujOknEVO9sqdKIRyFaA3nyOpalT54Gp5Y0LiQPZsWvuEigC00JLwD9
+AsVjnhr65mA7ySL8+8A4QVmVTokByWxc7byp+AG40FkzYcnUw/3Z1+klikpnXCDQ
+mIaEiPvH27OVHL37jtp3y0umbsrd58YsdUqo8nRa/5jv6MRqt6GmfN0mB//MkBFS
+MZBikweEmGj0YVW33o6wlNpxL8l+AMMw8lucu2ZtpqDrwq/n95GjIuIWwo+qRvWH
+GBiV/T77L8ktuE2PPhgPaDnh0/LspJ017ocHGANHOLbdeDHj6AQcJjP2Ow+R0Rzx
+4EjDxGPmmZ/LPKXqOnVKpJRNp0Na05ZjnyYY9m3HKEpwVUG9soKUYZ9iTukBcWbP
+jwx8Z+YPZWQ7Khze0JL6hORGf4vyu0udFl5IcaX49C3nFKb5Ld6Zdg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem
new file mode 100644
index 0000000000..af919d4076
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6C 2E 70 1D 7D 2F 76 3F DB 8C 72 E3 FE F8 E8 EC F0 51 EA 09 
+    friendlyName: Bad CRL Issuer Name CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad CRL Issuer Name CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+FkJhZCBDUkwgSXNzdWVyIE5hbWUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDF7G8LGjdh/MYdt6lQvrWQX7aQBOGHFSdheaon8f6pFkeQ6kE4aIKq
+Iw++7OQ6YfzkVfZRRJXC9SxqjdR+hGjUlGcwV4g5hDHRzZwyDa14++AMjmSMM+VB
+j9qcz3OviM4zmJf0Rlt6znCxVO72cARGJ2Qzly+RKlkN+/uKdayvHKhnVp+YVfyr
+C7gt7bfq7pjNXSrfS8F6UAU5u9f2z46volJYEaCzAoWa88PGtNbg8hwwydsZxuZ4
+WtZFuogcZJG+G1+gOA0Fz75xb8WL5dVLj4SCiqwjmncy1x3nosWjalb3kmHF5RXQ
+mLlVX6TRuOlS1MoOuucFEULpC7hNcCDtAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQRcvI1XQTVDkogBwdBKP2UcAAc
+cTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACss9Ku6BdiLgwVZq4DX+N6E
+dZWy5a3zfTRVo7Xb9nLTuzxlu+OeoCwgMf/+hCtFxJoAuQWWvhU00AaYQHGyG7ol
+odpaA1Ys/vqEg3XnDpIlHWbTYE5PSRS5Kcfh2bUk+o2BimVwxMYazaltdktclOXD
+ajPu5aE5fgLHoCi/fLghLGcr5WEzBR2l/pYvK40CtsUutuA1PgL1GIGql8yYeZT0
+jQ6ohUM7I/kTzvQcMjML7rFPJkyzjEuji2d5/4Vehh29wg3kap/FuDiPSYwAsxto
+0+uPT9Uu/vgcMq/js5sP65AJ6A3NiciYaq4/Mgfic+zOKz5MDq6+WILzoWnY96I=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6C 2E 70 1D 7D 2F 76 3F DB 8C 72 E3 FE F8 E8 EC F0 51 EA 09 
+    friendlyName: Bad CRL Issuer Name CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7EC803DAA0D9D267
+
+7RECEzxjaCmI3Tg6198FOdR4qkfyYprNug4mGyspIeBsHfpsfkyNOi7Iz+zR/NjB
+ad52bL9B9MIxU7VDN2+dPQtPoBIhir23O59ct7S/2Jxlw6W0aFOUZ+KuuAuuwsVg
+2wGJ+kdpzn2M/Gg8MZ3DBzIB7GUWzUU5EBF2M7TmgrPZ8Ga6UoIvo9ae02hkTXeR
+YASFVlLbfr30RF6h7XPVzwVHDmsikdcdbFAafFJuKMeCz4/JurpSf8ywbgw5BfJD
+Jx60v8JWEGt5JuXYCMd8ZeGGDJfO8NXjV54sp5oiKRM5b1ldeQfzciihmtCwEbrt
+Jxk0Mu3tyl3tvnzHTK7MiRU3txvA22//MkR9XpGZDTEKh+OSG0hcDf5Y6Qzwp7FK
+1elWJ6DDZrXyZeqQMnVFy1K+ZdGFG0K2Q9D9Ff6GfD8gurEDrGOuuY2DRVvGpvKp
+yZcPcjAnMB85oQKmw5k2JLWmMhtf6Ur5Zim/HqbXUTh+pGS+pa7SCT/G2Rj9uPa3
+1sYPhI9AYMmP8lMfUycc2UF0Oh7yIUou57MzcwK1YatEmsnnnkbMB3dOngv8nS/7
+FV+maszUmn7YvP5+HRqsLfN2qA8aV4ovBdBdD7XGbznyvFS/bHbfbiMKPfRhPf4H
+CmSfgFa3n3dA2Htokp3vhxds/6tKFf+zZclN8Yb9TWrXhlahkGVtBe6Y0nt8u0oz
+LBQSJJ458dzU9Q0aeU8tSAmbYZo19FkzveMpQihSHWrCxJUw+vYV0JYkKBobjsnV
+8aq2HIgvHv168rZisoNxJ+AVc8wYheGhHiZDQFXHe9NRyt5p0buCof4eMeEDenUP
+N2VAvRIjm+YWt0EbcPS1xknormptWPH8QvRS95R7nivsPPRbijQidrqmZ9VIbBd4
+JWJ5XqFqdZmVl/Bneid/DqMMkd4ATNnPow16MUWLi61xuLY8ILLJoYGVGZ8Y+fyC
+DGTlbSS5RLCIncImxui/yVmL/ZCdryvAs7yutkNFYkMqfz0fTvhTTklzsktt5MN8
+BlW6JR46qbj0rksJ0ELoCfxY07JaNDZakkC/aY8fvuNX9HP3A4BhNBDHAO0AnbQU
+Pq3bM3PLdopsWeFraQlHj1gex0RbjCzBXJX8eQB2UEyOjqOiWZfSvHBAODKnKFu9
+DUup46HrdBSYMEsJ3voQtyT3tLW2FTP8HiX3zm6/qittG0rOdyB3syW55QtqXt6m
+CmsJ14b7JDbeRhBXZMjKG8HCw3RuCIXifUqnWpTBArKm3bKV5qx5JaPQyvSKpTXZ
+p/yDEREYJCKUrRoAQC5aN1hHiNThmMaXoxBvI9iYliB7ql/1NkZ2TW9OfkkNr67o
+cv1AtD6i9u7BDqKFMH7LTUbd2Y5k1+97AXYW4nQW/5bdZQ+93E/KJoTG52YJ6/Lm
+I6e+GR/UMPS4OcdFEaqPAJZmjlULKB6WltEiiSJlGKbK1q5lWIZj+cpDW2BY7NW/
+kq2r4zHwbDsHTojGQE48B3ng2qv9xvSADJeq+w4DzmDMB012+ejFBSB9orJYs/w9
+Y4551TT74ecSgtHQf1m8+HhVilIQk0t3nen5hWsxLPbfY8aax5Ee9E3NKl91JV3d
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem
new file mode 100644
index 0000000000..b9676c0c12
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: DA B9 9D 19 8C B0 DB E4 62 3D DB 90 AF C6 87 F0 8E A1 DB AF 
+    friendlyName: Bad CRL Signature CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad CRL Signature CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FEJhZCBDUkwgU2lnbmF0dXJlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAopjCrwdkeFD3gKtDsVn8LE7eimUrRMYO2xbIQvoovb7ovBhk5DSjwQcH
+IPV10+5GZi2mTMN1/EIVbljKPn+flNvMv/TQRlyGL4OlX6Cn8jgs+YQomw+xPWC6
+jW5x3lLxzkGF+5XJEJFMLDBAYOQUNj41BMlJX47wWalyulucuJAnbbesOdJ3DUso
+1sDlkZ+GGHQB/U49naBOqf4EbSP/TAQbGNfOd8vuZl77D97eDYD1/SpgW6BbwdU7
+2aeKVkOqg7l0efHzTlgpnKmrlyDrAj5HFD3aqbOdOBezhTwz57rAufiJbpPJo8PY
+zTJ6YxBtJ5z11P80SN5IPgI6rUpTbwIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/R
+XJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUMYs1jZ5EYTAU3ucLLhQZSCTb+b0w
+DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAsBDSBWEBw5h39jknYGFWZO8XM
+4ZH0g/9MXqCIhvGwQqAqs62pcMlEWhhXJkxTlKHEBeNqb+L5iffq7RhfH2CMeWbM
+FW896V2CHxnYXToKQTq+y550qOX0m7Wm9OvFebCW4B2OCKWZde9esxkTZvlNCCkm
+wVFBvb3+nrlW3fLFsAmfixxftD+pYkA91Bud0M9zJElT/vKwzXa5nNrvc2UmIATg
+D4i3+iR75+yXdJ3e4xe8LAjJqqMXJfjgHOmM2IJTIuBOKKwkuEFuQYRAQsrPd4j6
+l7ibnhqlEkAF2gsaHkQhL55l/8d7H//Qjk5TSUuYThqhqeZEHfabdVUJAUEv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DA B9 9D 19 8C B0 DB E4 62 3D DB 90 AF C6 87 F0 8E A1 DB AF 
+    friendlyName: Bad CRL Signature CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F7EBA9B2412BFCCD
+
+JfZvfm1e18aeiPLCPi8xpXJui/JMWaxa2yNeIaDVWvfIvLxKPKUZrwj4bvCColo4
+H5z2ibaZaHjkykulFaLTDfZd4RwQdKy4kL35IzfQj1ZwczXvq0vrqbmk7t2os1JN
+6X7D4rAl/cjzjnmjeMVqkv+M1I0vew7UQ0AzSPrtoDQn4Tn9ePu1RUFzYPa4z+fZ
+umqxCXQJ7OdYMtc4Sryjehc930DTXa9FMKjnckpq7AJ1vJbMn+FdOEv34tzVmwiv
+7XT+/7Db1e/lfVyPb+eoltGANuzku5Ov1Ow9gzhuN1rFWXAsCKlnpGm86Oeo5Xh5
+mUx0nyYt+OXkb/HwaLVHYVglUcN/BdUu6YFRjnyoebwFltoniCslfRko4Jntn1XN
+PazLe7yDBGCYDE+mNlHhpsNQm1GU52HxDknb4QQ/UiqmIh0+hABQL/xWmPkh87mi
+0QfHJClNeATOoux4vERgRnQBAwjNp2kumDbYZopQzRlR/4APL+Rj+gZQDwSdPar/
+PGLm4hKwoHkR/qql60Y/9UOzkmMAND3Gx2mg02uwr34XkNUtpssc7I5S6W+C8lJ8
+jbZledwVLWP9Nc5heZHo51HejD6ewzuC3QLfkkSfo3TO+NcZt/nBmnvf1avg4t35
+eRQVeWAk2SclJ2snD69sYxQKRN6owRZz3KnDUZaGXyVjzKmLlGg/rkiXvD8h1V0u
+tgEsSF2EPeGIQiExgbausGNxZMxPgOxc2esdjipxZJ9Kd3P4DeBrhF5eOyE68Ikc
+g2E1omF1ZgUv5OlEjfpS4k7d0kQXaSfYAuCBMA3ayvaIDe8cXpKXMJ1hGB/o7mvg
+rEkQAAWExtdJofFSfGI4KtMKgcxcMDbTZoAQNL2s5D5ImnsDjnyonFGL8zxYIhFo
+g9N4I495b7yy7v1e/6m6TLB2BAWRaa2M6aI6f8w3vEuMclloDP6AUJCiLavld0E6
+iOk9uUB45XLM9ZnZRC5uzJZ3JwI6kBrEatHOkLxXevUfnxyCvEqKsJAIlC4NNkvm
+aE6LCfCK+Tq2joGWAxArBK/ZwGLskJWGddmCcaH2Z78mOmLdwqUsk0xAuQIQLtvO
+Roj1rJqhlukXgzu/6VD6u0rCLIPK6+wKNIoFT9IPRpf2FqD7JntSRPUjb4WEE+6d
+AqA7+5T04cc1VDGqjy39zz8AgQkV2ze5/y57d0YkyfEFzbM0HU2xFplnuuq4/8VE
+RZtJvOohrq+7qrG1d0MVWtxCJl+0cwM/pX7x3iphtM1f7KiiJpYvSHXvEKkO6eFr
+e276hHFQ2+qHmTGpXhjAgCUdoWJ/F4XL5GKaKzei7vMnJrJIV9E6GEHJcvbH0C69
+wAuuYznu2eujeryPtb85ze+BHStBuRDhGTWURZV7bMCkS4lrSI/WxyFjJCOJh5yl
+spIykbdqDeKHtXcB42GL0WGtiwhLIul+VKTfqEBK6RS0t/JiN/n5iViGTvwnBrHy
+E+mYHMlrBDiMUQGgktAmf1+Aoo+5ArXOuTsGoCEdHy/u3y01PGS5kIP/nofNriEC
++/8fQh5CTahXzAZs4kgxb4WYCm12CEoc43xIHWSz3YRgD1XprueTa4m5oHsjZ52l
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem
new file mode 100644
index 0000000000..7e1c0cbd44
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 78 48 C3 C1 72 F3 54 5B C2 57 A6 5C BD AA 01 AB 25 C7 06 D9 
+    friendlyName: Bad Signed CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad Signed CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFjAUBgNVBAMT
+DUJhZCBTaWduZWQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf
+77zrq/d3vnq9i8r8Trn+BmzL4FkkTxewQRXNUnk6QnZ3Zi929sKAyv6cHCJK0r3p
+JQj89gjkcHFt4Wsqzo9cRS/39ynAiCBoPqdOdCiy6J1AhKjMAVjrx0U597QUMKXj
+jQvxpsLptqnn6kEX0VQzHqrChCbYogCHGVzyOEM8EA4KK8byAf2ZwUE34FqcSYjb
+XtX2Kl+NsNGEBMTiqNEE82w+HmuRM5XYxG9+3EnCuT5O5b4WWqzsvYHAXEzgu+K0
+ghe4Wail7rFP1Ho046GZCwUzi+U518bek8liQ9qiqS1L6oVa8dnQf7QDImDBIb5F
++2IJmU/NPAJwTNAhK3mBAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBR73RA7SuDI3USFTog8WovNmSKTrzAOBgNVHQ8B
+Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQELBQADggEBAWS/T/8EU0O0tLjvTs5hWudZV+co6/NMpRBk
+gUjCI8VuNjpi/bmhLuNioJ3tCgLWlZ4Lhd9fLyOvktEo5HtJ0HNedz1Nq6+L4S+u
+h8yYAIXSawnnyZLof8p67U4Z0hz7typr+a9FLpbkvOi6KUykbEgNOwES0+2PZLlf
+0O3/I4JLkA7w0JXQi6CyOgVlRxF6fxw4O3Z/C+u560TndrUaISdyugt9a00gTmZc
+9cQpAfZUn6WS0xp4D+xQ1h1l8BU0nXR32uODwxTh4PHh6sjZhY4pWrwbRgBjKkzI
+iqEDzQlzqYwtPjIntlbAkwC4KM1pFaMwZU+WJ79rrPJGMGWFF3Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 78 48 C3 C1 72 F3 54 5B C2 57 A6 5C BD AA 01 AB 25 C7 06 D9 
+    friendlyName: Bad Signed CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C048FC6B63AB6285
+
+DawdHO3mXL21Xkgpb/P19gucgX1ie3SOsq91XIvu5o6fhnoWjLjyhXCAFEAW81Ch
+lZqDMwAHIh7VVGpaSh2lhbaX3gncOiPbI7JXoZtBKuv8tRSY24/B6Bllnp2igveS
+7uTrD6RZKgiZ11zbPzUk31ikV8s28GXkhFd9wXDKYqvyBUHnPHBJ283RxirE6KTA
+e6LASDhQckX47Knjb2tQFuH/geRGxvaE9DpR45gppDqvguMsaKNOFl5cB/XotePj
+VDqCOB5+Syj+yVM86U92fB9lYnIzhwT+fPuZoBnXolegb0FxzzBvp2A8X9srQ5Iy
++W1mIXtSLzjXUhoKyVH0LEaw0/gS5qTfNTBpJJ2qCxahiUviydXBaOPxU0k+EC+S
+2tVJDgC8P+uQML/X02kHdzhf1y/0j40GBUCUhiXVcv2koXpjxrNt732RhsH+2z1s
+5FbtgZ8OCNGtyx8CwUBrL6eqEhN/QJWypDlAbaidZb8OAljVv457nQYvztoRBS7S
+e/zwpUQb6afUHij5ZkrRA4DxT88HUIiCxOhlbTbY1a+f+4pk3I1zCqZlutITvIx7
+RbAzmXKCGbsb+W087tew4MmqqNw9f+RTTia0ZzB0+Y1O6ABL5OBj+/lK57nQHzLK
+g4s1MOLqM3BSuAMqVfoHcWuzew8xGKoPm0W7aGU8oRTeSGQRgqsFUd57F9x5ekB8
+HzWlyVjoSMNiaijy0dqAzsQmz2AzpAQzD3Ri8PG+nRysvu0xuRLfgE/23zW619Hh
+1Sj0P/S+GiSZF2K2Tt4jkWGzZytfEoyRpueDxxM45wRHSzLfg+4EsWpKyFRNQMI4
+arYmsiZeQwSZbwgT//rJbpxuUQyDVa0u6xR6EIL7USqH/ZoPBVfeGG3Q3E9swzjb
+/DXh7aTNt4ACBVfIe94p1cLkxB2px1aONmtA66gsmHPkR4YLydySdcdqlBwH1+h0
+FrheWxP48P6okxZit3HJgTENa6CTLfGnC5QHARU6zvpFC1OuZxyWmM9xXmERGOUy
+fff499oyEl86KDjCySX2nAGRzJ1UqPIL5xu2NwEIsGF/IP2kG5BsmBoEoHy6SjLz
+0U3Esx6aUCFS7tI8QiqE16N1yzswtG2GHBVurhHvsU6q08b3nP4RQYSlnBrWsAGp
+D6xBuIFQY8LVuhDbM3iLiEiZThbv7iEw2olJWCxsiyuyFAiVs13xfMwIFVW9QRtU
+zSISktCZ0h2qT0+R5o97cetHR3YKoDgpGT6Vf/asm2HwwcBjAsDnUOJrbfW+Aqar
+Igi8lNhTPKXXowc93l6rXvRY1P62pRnu4IMSdqWFboDOS5aTTzPWJX+lywKH8aY+
+BEnVMVwMHR21Wi6vMbMU3l89TCOLTtdDzwv47vEMPhn6y6Wv7H+jRPKNmLYPFptt
+/utX9RtwsPLLqGqtX1/ZXWFaQbV0iGLLEV02h6kTiW75qyqZMKaQItmThIbKzV5D
+EA62TMKyKfbXmEd/6TU6V2MATTGJjLhTIan6gxAeYSpolrirXrukOEGUPEXLDbaJ
+2UR+KFUiXm8wtzNIorzqVOpPfSdOsqcAzaGnus/d9QBXj6r7CT79Rdfbm1XN+hIf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem
new file mode 100644
index 0000000000..948c1aaeaa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 9F 98 F9 64 49 AB 11 7B 7E 52 9C 0F BD C6 5E DC 60 CF B9 66 
+    friendlyName: Bad notAfter Date CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad notAfter Date CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTExMDEwMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FEJhZCBub3RBZnRlciBEYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAypzKnjMK9B852wzLGnbU3ueOStmx1eypNdu7Hp4p+tGo4yA+MtHxmowk
+V6+nvIJPlouENL+PsGm5hG78ZUcZdyJxIWDjSwdq3xI8nLFWfNftlDBg46lWJUoq
+NLktefuraN7VVdxT3BAS2qTV0t4jjXHwgwln+cnQbxWPD1wjLY87yip9vkhPVMnR
+bLjdPIkvW5C99JjcqCyDn29T0mbWuYtUmsYbYYdIAbwAHU915tJQJ15JqHucNfu8
+Xk67nakILTO6vzc++lmYSkVJEkGE7Gen2BMpOCAjLjmRU9nFBfp2d8SOVl5aggu2
+hJrok70GS9auRuJBwZoQJjp0PiTJkwIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/R
+XJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQULA799+4886Rm7OcFn4iz4s90Rtgw
+DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmiMVZwyJLiTnmwJLfGZ5jfdi4
+nNcnS202Eao1JeJ7+N1npN3KyAj6lHsey8PtRvsliHAtTOgILzAKdY7pfXoqbUKg
+KB0lwXQAquIA0yXuVZRledjaSvqoyadymyDds+5oFuk1X1i4VQAxzF6PmTu669E5
+WGQryGH8oR6+xLAB+kQ3xAkE/X1NsQSrwp87GKGBAG2VXTvBEVCXovRBWEhqQLaK
+OXS/YMCySS+G9WHXQdW4IPj7lB/2ri/N/+zUE59szrmO5Q2uqZsMqHAiSzj3cWhq
+o7jIJZfyQ9biZZVo5NnR4Eltpev0Tl+4Z/OqZt4is6dHKI2A1p7ze4KqZrQm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9F 98 F9 64 49 AB 11 7B 7E 52 9C 0F BD C6 5E DC 60 CF B9 66 
+    friendlyName: Bad notAfter Date CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B48D9A8A87153757
+
+/XVUIfzT/dqBk4T1wAytV/NIEjXjYgeCG73089udaZQ+0uvOxpWaMlyeX3pi0fQ9
+Cff16gFGpthFZV1FGzghdG8Ycb8Pkaxz8f5b6E6rfgUuoWdY+TJnS1l/hIPrK7jp
+NaL0/atBVOEiFucipTPZ2DTfNCtZ0oRh7R6BSKosy7WVERrQWMy9PCNH4BqlezbS
+dgiGKwQ1CNFrrePRoJLzfesRFZ1ogw9F0v9WzbV+8hHNiJKnJCEFYlHnNKiJKFX1
+YhnSnNFQfJ/RGSLUVpOZziU9yJs6DwpO7rcLY9WW+H8KGhzD8b5pVoE/SFd5MznM
+0HjAkk6hAJ9wRiOFCPaE0ziBg73yfR51I307JY0FmWMfcQQp/t8aBfMnUP9irRwV
+sb2g7ud4zGDzc1dq9qPMvT2pjrLJVLJnAg07cYg6RjFw7DdnradQICVEnmuDbry2
+aggynkfiFKvNiZ+57LQJYzNJZpTjJcTdpfEL4UBK3PuUSpz6W8AHLnPcm8m3zUXd
+dqCgkIPVy2kCAD5pvLA1wtl8Q13VMT0/SJywjJWx/vx+g8jDirxXN8TwOa0hc2BK
++gyXufS/phlv6NqMKYxmMGkoScCkcxaUidHP3h0H/RpaLhPxD5JpgCjvHtMWhCHS
+s1JXAPBLDewrZdvc7R6A/GCnznrJ/BpV8iwDjtC5vKf4mSdqm/1KJMdi/PHYRDBr
+EqsQfBa2Y11DL0OqMBkBUT+2aYc3cDfIZqsIj91Hk6z7E41/j0b5SfaXFqWSL3rH
+mbkUCoH45UR2Yo/dHFIOyyMCckfkQChbjOiVpJ/pX2qaG0u/j7JkF5eqdBpsEK3d
+ke1OOLvbwkHhwmj9u6Fy+HobF3F3he81L72iuYkqTqPPx+qT138ovbrgj/1thYox
+xEj8tDJv4R4w3vG1pebV1Rq/2HN+Z9c2I16xO5lQJrHtnMEIksO1UuQ6pyDF5hX/
+p4ez0TSq9PEXMC4iqaz4du4Zx7/sUYmo2fFVEll9jWpURcsRf4qbQXEsFf19hsuh
+bsv3bV5gWEgxSruXYcCAXDzuYnW29yh3XQuq1w3T0XiSZLp6rYoU2GNxTRjJgyOm
+UBGr4zyHJa3pauo1+C3XftpmmFvu7tCGH39ZlFk0iMuCDVrTeMAiaCeMrgfbIDr/
+K8c13FwapkpFxy3Pm3cnGN6/vtxyxWB6TgEuILQJrO4Msnmoh/AF9mkZ+odeLD/s
+9BuiIH5CaF8pTF410b/xIVeRhc6K2HZRRf9LNBNYeDu+c8ji/RBWWNj0nJpMyzJc
+DMfuf3EmN92pt77t1/Ow2M/MgsFhTdQQjfuLAP8NOABumYXLpjgAivirhwEbhMF1
+SOPy719UpJ871VLAAobjNxVvq/kgLxmdFBbw/Vpk5wjBCtppRYyum4XRE1QBK2EK
+imLZvpFn65RK0yr1cG2e6MukI5bAcZshBn0Yxr5q4C9GN+5UDDytLVAf+hfFwcBu
+CHt5ec385GqphIYFxJ90h9dLRYDbJNglEm7fc2lT80dhTBepbVVn1GkCNsi+bcf3
+aGITjjQBqGHXYBrzRhuaSy95ZqVqjJKmHyvBv+rSznGUeh+e/XaN9Mb2p5BX6tLf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem
new file mode 100644
index 0000000000..65a6a205a7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D0 48 89 61 17 78 37 17 95 F7 CA 06 62 4B 39 71 31 8A C7 5E 
+    friendlyName: Bad notBefore Date CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad notBefore Date CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTQ3MDEwMTEyMDEwMFoXDTQ5MDEwMTEyMDEwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FUJhZCBub3RCZWZvcmUgRGF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKdTl1qhx5hGD+CvPHQU/pDSJCVnLWeXmdblHoJ746b/bW3/GkXFSUPl
+1yT36yl6CZJzUJqOYzFkSE3aN2vDcrjviJOAInET39JOxLTkc7J8DxCpz13PmliN
+KpQl5p3fY3Lll8UumG/5mZsdphQSp2gIN6w68nJKS6Nmad46or/5l1qsAteEjIGx
+a26CC6tV5yEqchk1Htsd4hJz7xUi7vijBM987pOidUjCYNltpZYQYvdbGIjl2LnX
+ILVLy2B7Sska+bMVllQM6d932/mzFUxCXCR7eow5ZKo3dPAKOuwTnjTAR3MHfCij
+/mRVgxSBDh017j55dVB16y0Si9flCfkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGM+vBqe+6HyWaEvS5X+5t5WuIZA
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAtkgaLAbOwuudAqkh/5xJw8ur
+RsA3e1joOqVXy3iP5Uj8o663gzdoBl+sIyDGntdx0h5GjR4QM/SWPlz5yxFrExe/
+AaoxXHr77fYZfkgGBCLblxo3wb0iNpKz5OKmb4qtwEOpHygOpSSiV5e2wZDjhN1q
+yR3v2lR5L2exD+k4l2Td/0w4uCpom62k+sWY36/h/zKiWFWhnIWqpHYyYOGhYzTM
+EtJNWj6H0EWEoB1YNsNZYT3f2w4jOFa7oxfiqFS9kzXIjenc+MIt9uU6+oLFjdzt
+jVCxa181mRD3+OiQw9SDtTZXEwPQmp0jj7B5bLGSKK477cAIX1uqxE7jyO8t2g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D0 48 89 61 17 78 37 17 95 F7 CA 06 62 4B 39 71 31 8A C7 5E 
+    friendlyName: Bad notBefore Date CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0854315DC810CC2B
+
+oU+cNRSsrQLPHupZquTWR5MxFD5aQCMQ98zPAIBMby8OcQgmJK75sTatLp3R2tTO
+uux6L2ITikqV4OX5oWqF5rkqsukF7OvtXpFjZfOvg+an+3LymMhWfMRT+YflUGvJ
+XFu2tq9CbQ7Ov1Dwv35SFAzX6lDG0/c9ct148i90vMFrLZUpIl5fxI2x6B+lLALL
+tJ3T0oXCh5Ux4x3YEgG/NpCMyfB5QeX6C69/Dv/qbr4GkK35OktT2LkcO+9o2dj9
+lC/B8Jx2lpNDw+wAw/nURngTRMvSoYCInCq3m3PnZaSAzq4/XKS0wjznYqBhSDrD
+uUjf0K3b6MK/DxKFdp/F6sH77CwNapTH5SLrXL8wEKK9AHM3HEab8Ec8i9gFFrku
+irVkDXFkvFNDohE6xAPcHRHKLmQI90L92lepUuBp7Eb3AQu3V3OKfLW1Onpuh3kd
+RAUbhtzGAEGB1Nl+C9GJ8G6gCS3hKPBDyM+QXdulkurz3XuVRxcxboH7eB5HFA2q
+NH1kjmvHCXszOHltUDq4MxcjaGlI7apBtyrgWaPBWjGg7M+yiCHhTC9hl0ZOxgzV
+NaatnTAJk0JwZ5I5b8hy5SyTV38QRQo3DmW6TC/oS2jmAC9dWUXh0SwGoViWRqBF
+6Xx3B9To9tgEtpfTG5m7snLNwxqtW/FX3uZn01Yz2WMwUYxh8DTTOF5q+dWyhTYF
+vBvSxqmetd9zVGJHIdik5zfVwnzbHanrMhW1+zEVUeO+kz+2i/clJmvnmBhWNMHe
+ElLj8tGifpWMGAZbz270k539SZL+O4DcMaukA5oyp0vhl8kVWkvmw9L5+pZH2gUR
+PoV0AZ/9gYEAgzFqvNLcNkkjQWcjYkc+htxVbaKdCVFTm+LC4hEkjT0WUz38IZoF
+vufOUTlaRHZpHOIALn5vlmnt2VZ9LUWKdWLQHU87pDBKkwLNl7i03+PGnzVhdUrf
+daSY38cOxEOaqkaV8ZPu7p7nSRMTwrrC4aaUYLjrKVNVXY+ULj2Jy+K0tgOa1ast
+p3VXCnAEBmbvQ0xAiWnkTz2iljE1GTPs0i8iZYfuCM5Y0ZzBcdD2KDjM/C9MykUR
+iv+1QQ2uvYwOlQw9jMVsXfqAvh6Bwlzacc5bIZNO/C2EQZiXBW/w1AmNcqU2I+bS
+h3rAnBIpR3yYFH/E+m78m70hQt2b9a/OF54ncjBoJPI/wCyEkbuX6BdZzmnwEeon
+NzKqgO3auHBnaGwmV58jnhHm8nSUttj2D/9xHgPmkbIMeF4Rb9ri558XXh4yF1Q7
+P+vxmk7Lev8qxCV7S1Cuj7zjkiIKM32qT0gJO57dSxHYY6LwGWlCHHkdXFMBMNNz
+2FqjzPyPqfA9vA8hd/y8E6mGAibIrJtbn+XAd4tG2qVI+AObYGWUR7N/AR/NDLdV
+e+n8xyudrcdhxQ2VzLN+R75H8ogNyUypp/COlULBnj5GsxCfmiujqIpfM6mOUyoj
+f4c4B70aDbf+GTMmVU/w3XjPCRfft83tQDdDj58iOh5h5kHTHIRypLp5atXJDKIN
+1E8ar3xB+hKJutkBoP+xIRQTE9ma52+nJ0OMuZWnFI3hkpfTFHCbBusGentg38Ty
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem
new file mode 100644
index 0000000000..914736b9ef
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F7 AB 05 2F BA 7C E0 A7 7C A8 B9 C5 C7 44 3B A3 F3 79 36 83 
+    friendlyName: Basic Self-Issued CRL Signing Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBFTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLTArBgNVBAMT
+JEJhc2ljIFNlbGYtSXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJvLh5HoW8mGRzWeJaiULtvBNwejGSVKBBvs
+kgOl3tZPkDrTH+O8gQ1os1sTlAGpEbCeXJ4wBFM7++R2BT5uxrAM/DThMcSakEuz
+IK7p896N+CzCy+ylZt8q/3mlND5z4uWH9f9sUSv/iA9Gppye3aqQWQfFcgeCF4PX
+6loBMiEpfccBQL1bWSRYklkZFVzMwqVZurxqOqlLVkX3YiWuKdP4d1H92NzMCSY6
+bd4qYOeNx3pEHeW//Xn6JV9UPa2NrsBgAFxsXCEq3EgIk/Vy6yrJ1gM4c6hQZNo5
+mMHHhfwFJ9W7nI4v6G38Ih8R1BimvAMgbB67QWbB1M9fvs7dKfcCAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFCmaRS42
+lZ3s8l5UnBPV2fZEkSwTMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAlYZp
+OypzMxPbyQTGr4YyG6KfC6jsXWoDPjKTQ0Hf1MxJqwRhwmS4VfAff+mVu4E/c7D5
+6RM94oLGUSvhDOY/i4Sd3GvRMCHcMl+oIx+2ixhSVhekvtdZayPWTmSDzAjw02yg
+6KSCHolEL0pKs9+SuvelVQtO/r8/7AL3vVfJyS/S8bG3Q8rPG1G7LY6y92kbsq4i
+uxHWR8y9kY4nJDgXztdPmQND89UeqmhhgiSj2vEI7nSFDNRqtVFmLJubjhc335q1
+O4ziqvRFfhrFoEAuZdo5ivsYA4lVR7OSiAA2CBu7p5AKhn5njeGXSfqXRE32xzAj
+AlBwl0hRSkow5npWfw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F7 AB 05 2F BA 7C E0 A7 7C A8 B9 C5 C7 44 3B A3 F3 79 36 83 
+    friendlyName: Basic Self-Issued CRL Signing Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44D03361F214F3FE
+
+4G8csmNRDxV5P5lDILi1qKO7gK12cBhwKnzMbPzpxMmABdmisgALWgDBfLBBaimq
+d0YAT4S+O++fBaJnFwO441VMAy1qKWdcfGmyBOqKyAE1jeLV6lBKr96rLjZ0Ues7
+L9e3AsIE45dpn0cP3VENj8BKD8g5kK3QeqsoRSybF88FtJGdemx4kuulMfBSoDja
+wBB+4p6HHZqgDl8/bOFY+KI5p3ToROyhmcM6DioCDRcxrMh0bco9LoES3WHmBROH
+w8NcMv22BG6armqMW8iIG3u/f1RtEy9fSfKTX3bt8qRPMKhJIov6I9YuEWpjUPee
+Jq+I1IHof4GMKh1wQQIXG23Ya18vLTwg9NFh8PL6eu5s3Z3gef+POGIJqsY+25Sq
+mLTqjSNUur1yCm2JEshgu9aFQs7kQwwjcbozxKlRVQWY2QmSdbkuZnxXtRrZJqy6
+e/DHG/URstn7u0Z91cvjhwgeOkDc0HToqNRu50gn2QiSXvYJnHI+FKjcfRpNiCgl
+dA7e6dBOZiXiev7Jj6ThYH4uwiGsABkiwY/Lm25ufrnl6DFERC10Phw7qpyPt6YO
+Saw8u+6OzyhDMFVRXquOxVp0R0my398OWPZgU2CUa4ofJTYq5xZPYoFnd9VGElTY
+wDnWIF7O0QpSiyVoFHeV7WuZH6JHzXZB/r8KcrW4qNYOztOuuKMNshxBaJAPqKVr
+uvSRqd14518ZyLfPzRSFbJXEOLL9tAwLFcbFC3SpdJdHBYUQ+oB9ULxqMS6PBw+P
+m6pBVK84a5VCmQp0e4wlmSG34i/Sjm2aZ20avaUrlu/PvJR572wzrmY6CzV4L8ea
+lhTpJGjop+o9XUUeCSldvNPRoCJJOEV3q+3MVGnh7/on5buBEj7pbULd/IzV8p4N
+/krV1N99ikIELRoSNKzFVPF7ivgkQOCdVw3+rwa8nCSCOC6bqVfx6145fFouGUoI
+COEzt3HG187d2aUvXwcACvlxkjPLN05pzHrrKu019AU/6mDOZLm+wxzsrfQYqSjK
+n9hHpdOkf0MTwaO5mYDP/J0/fUE0KPla491SJIoPwGUHFG6t77xj+PlyOZK3u1op
+ySmC7aBx0WwbQ8RaX1WBAVTmo++J4tGxobpftJx7dlpjs98rP5+EUjph2oBoszCY
+hgXOWxVpAhEup9MSKx5TZI0qkH1Ory7/p4lNOgSpAALFlXpTTZmGMGhR40i+N+uR
+iM4akQ9A0tVUvXZEynMEK10n4W8G51HhbJB/BPcq20VeJaPm3hdDgHmbyDmnn51n
+iDKJCSJ5wn3EsB7qDwxbMsMN8OTLM1c6nsvdvoZzITUVG2VMSYx2py636OXwRClB
+3okmWP1CM0XyKF/ZjTpcKcoGK/k5UfEgM9qtfiK63Lrj+ZCTcTAU6msTUqjd30Xb
+X+JLvgWfWHzJjx4gV4OjiSY9SeFKtZRL0BU5GWvEMzN9bh8ypSZhgvcXVakuGpnU
+7WpSHjtVHCMNsTIK+QcmBwQL8TU/yeBQcc+Bv2VlkwdwdjP1YEhlwRj2xqqDaKj5
+Z3SWFzdYa0C37X91LrmgA4jyOQ5JDwvmSuiyEXgB2b2ubQ5aL9hDCA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem
new file mode 100644
index 0000000000..d26b6e327a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 7B 46 A6 9E 26 6A DE 25 57 81 65 81 4B 80 C3 BB DC 97 03 B4 
+    friendlyName: Basic Self-Issued CRL Signing Key CRL Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIELjCCAxagAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowXTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVkIENSTCBT
+aWduaW5nIEtleSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB7
+JPY6CCsaf7+x7xOXYuekYA6S8sncRWor8AbIH0EXsWYHwfoE6cWVmtYrvewbvug4
+iO39JecD8f5/U3v400q9tM9wnLK1WQeGMktU9y9kv5qcbLDpO+ayIo64MCT+N1zP
+QMMjaTTT0p7bKxDBXJ9xfQ/WRDd4XCHpR/i1VdJwUz3XM1NF3rwdYQo9N4ZOCqlw
+oWo5cUiAsU8kJNqO7oS6O4SbEgTpE4b3k0+a0vWFbLB4GVgC33VBPYW2yh+0f9b5
+4XUkz2xTk8q48xHxQSD0QV4F2AyHLjuTg+ynSZwLVoQ/Z6muzDjmDZ92lX1aWp+G
+IflBWKEVf9NcFb0e4kECAwEAAaOB+DCB9TAfBgNVHSMEGDAWgBQpmkUuNpWd7PJe
+VJwT1dn2RJEsEzAdBgNVHQ4EFgQUJMFVcfqe4SGFKvCtYacVudVNQxcwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIBAjCBiQYDVR0fBIGBMH8w
+faB7oHmkdzB1MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTFFMEMGA1UEAxM8U2VsZi1Jc3N1ZWQgQ2VydCBEUCBmb3IgQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMA0GCSqGSIb3DQEBCwUAA4IB
+AQApbC4TkWyKb+M6KLhhxF8tjfw/GjGv1laoCAlhW/kUWaJluNiOjIPvcrd+yx9y
+1Fqq6HGPaNv73GaO+rEp8aGG3tiCiviCaWq9SB2JpTgvQRz7qOGJ3boMTN4i55zl
+5+acq11NdMbLxnFb7Lpzc2QbnIKIuXQ2EJ2wgGm9jfs6cFLNKfNQiBkObeQVRSf2
+es9xqkY9X4Dj4h0HDYW9qOg/50r9/6kCByUWmTNAFm17IgqBwMK6n8N9O8qAPnhr
+E55WLuUUTllwQME1BukTrtrALVXFlFohEzA58wtNoZQ2PPGPP0TO/pQ7VtGCi8pW
+TJxkdlqxBhl/uyOGYopFSjw2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7B 46 A6 9E 26 6A DE 25 57 81 65 81 4B 80 C3 BB DC 97 03 B4 
+    friendlyName: Basic Self-Issued CRL Signing Key CRL Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,81E92508AFE521EF
+
+VYXB1vTlA6McBsEVnThW2sKdDnJiTghN6vmfRJ9gytkwgmlpc6zY9AmNg9xhDRQL
+zf96D+W6HoI+sU8Qv1s7zADF9FOxtDntwgH9Uhw0Fj6QWsXRcGbs6m6KgmdDGN9G
+fZWct3qI0j8n4LFn8Kc2ygR/WbeOZAthBD5Rj8rCceoEMbKmCh43XOJe/0UGybZi
+p3C2HMfkNPPeKZ37Mpwy3ucM3gVjk71fTbi9VXHRvn9SSAjiFQSstKGH23TuP3gj
+wxBMvzOqDZhtmRtzXFV9RAEhs/ryKpZg61OV97tW9wZm8p3tJePKxbmdaa/VHurf
+As8OKzG3x3VR/fUN95uTjchxMSckeAoVuQNCW3z4SI4RO/eA6LhZED03sSe1M1W6
+qCquSGVmkHknb5AqxgrWtINKQOqu/iV+gD+rlzcGjCSrzIKbNbElrE2YRtdvEf+d
+E7hm/zdFwo0Ag/lF8o5s7A+ygTI+3dkwwVuWPTq7JINGApspXDgehIJf7zIKregK
+XnwNr+MvlP9qJm6LrzTrJW6IW8aaJo7vSLg7jKRXcjMOhnkkYag2pvYgeTODARIl
+2LUaH9xcfKQwuo7hXOCOgz3mDzuFNSrqA/8LPKaGASFQCsJ+JWlqQNqMxTxU57RE
+4DyrEezMmUMBGgtf5k5QyrAThx16+zdbJPbkLJ1F4cMHYhDfowRXwNkZNCOqW3zl
+u7fciLynocwD0xwh8z/Fr6wSelVRL8cb7iTc3aEfMSBPGp6GLUcO8wDT8Kg5dQUM
+F+AgxooIUdHqZbwIT25g9hZWhv78hJfUPdRCFzi3LE7owvwyKxinUw5gZ8eqcqrJ
+AAuNRPUJWfbk7q5JuImHIgQltwiCycYRazjwvckJvX3KTsxDOJR44Zkl9cS3AA1r
+abBpI8MDjEIoC8Is+IuXdqX1wyA7fK9w6UUXSqzfd23CNpXZDLH2gV7U4WiMVJjB
++6Vr/j7uRTjUmEQ7H/UuCgQprs/4HD09L6J7rvncs+dq8CGccQG4HLuywBgzQd+N
+6I3WpMtmnflPJAHRMb7Z/XLeed5wAy+GHX2oYnauMdIvBfMiycXtx0U03Dmei8YQ
+ymgR0+AR3tCjKZkWFDcutED1Bs8+uvYx8Quc1CMM3Aoclkov/yMbldwOzMyBY8uY
+9GBSd7HYk7y51ksbOKyusHO43v8vh+Y+jkoOKGYqwCMBRepXhPn6Zi/lhuduITXn
+Jp+CFzzdglaqXNXoBzm0i3BdMrymmHpOOax5WOb3RCePNHau94Ohck+7WizVJd38
+2dhAEPnOyTS4ABhCkV1VkLHvXEFFgGBqHG1oqJxz8UI20jc5NXiaJeHX11/U9Znu
+itcrTBZ3VgLkIXkd4bV1olpXNM33GK0tvOA+pOqeG6kYJiIW9XVILwZcCJTLyFVj
+w31PCbEVD+RDQNw5brCOtTFA2xhnKjqEo5JrBNJbzQvZaPp8W88wuGDGeu6S4q4R
+gAZmcYpUrMfpM2bHk8di/clepLwlT551b6aFfPbuLvgYZbPauJM8Mm/L06P4WXRu
+mow3wA49YZtkBqfUPrGyO9sLMsOFO8T4lYBuqVLQTwFH21q5+fJFDWEtcqoDKwSu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem
new file mode 100644
index 0000000000..0c57da8dda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8A B0 4E 26 B4 94 C4 F4 FB 01 1C 89 1E 7A 47 7F 7E F3 90 EE 
+    friendlyName: Basic Self-Issued New Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBEzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC5XNHuGz6iZWNrbQQ+XdMzbP1SPooVGGXGj+rqjwsBJMBd
+apOl0bPLVFAikdp9fDHrH35OtKliNJDYMF8bHIDNAslp4XzXSL5c375aKBwBh45E
+qqMf5Ny3Hx4rD6T8bGgusQfLpkByPW3vXvJdvMVOxBebK86wjlRzqtkJmR8sUFZb
+1LvX2lqPV+kAEMRET7EpvYYsEtWK2v4JxwM3AXn4BO6/q4CZnOkdscQ0s0l6wE81
+TWepi1DQ2gXQdCsRYMT38MhKfUnOC2E3N7YKgR7lvs19p15Zbjzo7yhC+jNvbDdu
+/IpQFYp7Zx5FXN7VVoYnUL9LtVlDRx8lekzidFo7AgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSg/MAs61XukgZsqR7p
+X1+in2IjlTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEVk+zdazhBmjrFG
+k8gFU/zIFK2usFkMJEJKlrNib05uBQZOb2CImrFQyPnxtBb8ejZRk9d1zlTXQs4G
+6O4k9Z24Pd9zbTq/rponVyu7VmW1vAkNJg+716lTeH1VtuqTuqX63mBkISHRY7Tb
+O/KpL7cla8EfoH/I8iITinQR6c2jbqtUhuiEPsgvLXJg1MRuLY4fjJavcH156FZE
+R3ctID4Ww0uesZfVsV6sIBkw8S/EbCmGxs0aSph4qPIzSa/ay+HWN+gXR3PucFoL
+K8Ryx/7FB2JHAUu52idJF2liIhrEeA0Mneiu+RY1RPUel3t/YIVFtqcFJvVz143U
+M6elH8Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8A B0 4E 26 B4 94 C4 F4 FB 01 1C 89 1E 7A 47 7F 7E F3 90 EE 
+    friendlyName: Basic Self-Issued New Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1CA182710FD852CF
+
+NoTa0aX1LM2mIEhbAb/Dfvueb+Io0G+kEJcuIV/07hQ09nMvb6azUEYh9T8b5nul
+a+tsYrIba7vB+xqhk595df66YKMay0JwLzBF9zABlRB/XpomHTcyA1cc6r9kclpw
+fyhLMiN6GxW4zJZrq6/UipFIhBHSdYcf7SnqeweaUO+Al0691ieWrDzc6qC781Pm
+gBsvTwOtehUJhd58G+rZAcz8XKKlNKmPedD9Ljoba+pQLe16jTqKLEmYOkqfROng
+nUAp60UhDZiM8ea6VTvQpE+TT/as91msr0daH6II/ztVALFKnYGg+0JMA3XEo1lU
+QTvxpc30u7XCIcPWO3yiyvmkiyQFUFslfuMK4yfM2GVTDNs3q53X/32iiQEjR2B1
+/bHXWCXrJfjTw/R0oSyKZAIRE6oiVnBD+HxmaQPAAOU5yVQMRdPAWEhlmt8iJzsM
+zb2GU32FF6G5P4KPM8e5bQXIv1wOS5OHOJ6FF9UMW2uMa3IgVWR1fvc/r6L3nauV
+BK3QWDfrqWargvW/tYnK+oKKJfbKwl2uUO4uBaENZQDxOptmCMjRi1xcNBnmvPzV
+EJVM+Az3fpL7wEmJJW1rap6DmoLiMC1qNvIIAo23PjUnz0CVbrYlXY3WMHzoSnrA
+aZF63VS0wKdlVQzvX07nbck0XoPAeaU4imj1Uo5DiSeaaHZtI6HjvydDpO00jJ/x
+r6pBphRUZrLyO+qm2X4iM8yZV+Tpx00DdwFxOqCq1nkOOxo6sgmc2SS+p6Bjo/Qw
+PfY48SyXaYPyDYuJNnjiYG69Vn/LxCbUH9iIpOzNNhR5V4L08C9fGsAnCIWD58Gu
+vQFM2eCwJoWpSpO33K8hlrgkODcNW4djbFY59qDNhSeSN2Vek+R7Mxg5s1n+WEb/
+ETMnmZXhar4eazlYlbTyBJC/GP6W7bT+TCSpMmBdEpQ/oaMVanax/gnVB8LFaa0D
+LadAY/fD2jgM7tZS7k2g8c3M07pMjE8Mhv3CJkgalH0Ruzf8wndfqWp0BRw0EKss
+yamMO9RUhCHXdBVdmkgOy49v8BhC+yCd9Jml8s83pGNkqprU36Zz+hZTLYxtouU0
+HeMw3aa5D78CpO/Hr4PN5QxVQMvzvBBG3SQFE8M0Au+u316pIZjUp5qHEJATazFz
+o9ZlAieuN9O21drccNYPBCWssXbV+GtfQxTjngHnqrrJtBhiUyqQOH6FzBmQnjfu
+uZaP5wNeWxdejV7/QQlt4mtNdEztHyKqNe2q4l1FR/VeBCi79uA/uSuazSe4xqoC
+nY1tEpKtQ0u/Z0uu8jjVtNlFskvWUJUikM0o/LOHkk/9DuphqoR2gKXdVsDpA5u4
+SFk7LSdEKnkDCyx7flzoIcyfWFhN6UCkKlmypHpnCRhWEeIRhtwILLUNNU9hBd8W
+80bmUd1bOVzlEHqmzmJA5qlxiBn7Fo6j5zemA5CtiPhduNsecKvdOa4hIzvtuJev
+vUI+qurHN9ep4FVVXzsExW7aLRKEpm9QhNj3N1ubTSic8B++RkrAAzBgQqpnAJxB
+BLWHT6NyCCm/sBAXTwlLr+uasGFbJAOOF+k4ENapkAbrtkQmPG+wfg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem
new file mode 100644
index 0000000000..c04ed686f5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 11 8B BC C3 76 8B 8A 53 89 80 E1 B5 AC 95 25 AB 3F 34 CB 36 
+    friendlyName: Basic Self-Issued New Key OldWithNew CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3VlZCBOZXcgS2V5IENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuYeWkqqoBSkNp3YdQQ4G+ay
+LFZFCn+bnYVlzzsOkYPtTBLCrGmO4pbRT17KlawJz6BHgKuorO6P3gDDtxyJA4Ia
+i4E3JFxtv496ZacKkj8ktM4GpSPK3e7GioWaGd7lUqS9OYAIJxrphwHE2Vg069r+
+EmwSDZFGl97qxJsEkapd/FfrnYGCmCeIxZix5ulH8+cQbBwZJ3sLCW4S/HYhmYc+
+9yaL3A29enmnPMRtqhqv0yeSugUweimx9BcZ5LmQL3usvWnsvC/OwuuXVt9u9SMF
+NvrM1YNraYPYDCXt5Iin38J/N7tQDoohgbZJ08nBfQk8ki+wSYiu/e5dC2UKlQID
+AQABo3wwejAfBgNVHSMEGDAWgBSg/MAs61XukgZsqR7pX1+in2IjlTAdBgNVHQ4E
+FgQUdnzYZAQ0CU/fcSF0DwwWmzaogtcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQANwgEHq+Gto3HLdtdiToVQjR+jvcI2oAMSwxwU0eHK1gxXvcT4zZR6i+aq
+Y7wtO+dHmo30QF4AeHGK7k1sYrlg3gbmd2dYKkhDmGO/Jz+Ca+4ekt/6TKgNMaVp
+30vI4wZrWaF0WGgjAhmvnqVn2FJR3QvYODBnLP+FI7wPejWa8zotkGqwfItm0UMF
+0VSKJ9OYB6hdNX01INtZmCdP7oPaH2syEHAmjjrotbQjdX1IQCzUCRoWAY6vs1ig
+pFuraG04tCBR/iqw1FYiASQuYEnlDezh6/g5939WqY4DFdXZDDmPx5P6E8hsLeNN
+1KkYRLxXEMcNVa9szORpOQP16nuU
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 11 8B BC C3 76 8B 8A 53 89 80 E1 B5 AC 95 25 AB 3F 34 CB 36 
+    friendlyName: Basic Self-Issued New Key OldWithNew CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B88FDDABBD002B91
+
+Ye82Wk/TIzdwItiZon6+kZrsjnbUdVdTaw8BxIwYtP5m1nbKHpKCtGzk4kM79iLD
+gqjwSidKu8aaK0on/QJiUvAv/r8PusRTcSuJ/2tXeLAxcPjFjoamHmfJtfW/sx1z
+nahpijCH6qL/GlznyvbokF3Ay6PRWYhcCyc6KBKkJtNs2wLDNV+cwjr/9xjRKmvz
+MbPBfzScPyYHTnKs7OtvVXBCrIw8yX0xkfTOd+o9JVJVoGjwvIofau1jQwbWXOn9
+KBJw0hO+yTd1xHC0YdEIJJcCfkd4m3IMCmREgASTtIyc9aEtNB+5goC2hj31g8yn
+ma77pYegInyt3mzN5idiBq3DfSsj4k1McsllrtJ6ZhThmEkKRw0y1iyXUDJt8HZe
+Mh99A2M0I/kafvqnfkBp50pEfLY5mOw1LlKfYSWncmgtUpnZRTl5mm/gw9x5zVLU
+Fn5xuPo+5fSqf73FTfww9cJ7iB9Q5Ye6B8081KPJYD/0tyBi51+2KEy0iltcNRhi
+Pe8vLKNfMWJYx0FneZWdLg2d9NyfderEZSkFuIjwKGpoRQL0DQoUxqOrKjudDy6V
+eotuDpp1J1iZjxgUejtzTbmH9pxASFAfuhMyaQo5ktDjVVpjABC0Uy2CHMhcJ5CI
+EGb6lVRAnAiYSnH+FKDa3EqYFGEYLMn6bs9eo6htWJF/P1uWPve6ID59Fa/QzHVS
+B/xiiLsy6XmAETsh5kUwvftJ45SXEOBVhfFOGqU0N7aQ8dBWwjUD2CsiKn5IWyw+
+J8H1cerc0jPsB+K8Wj6NO3TbLr/GmeefvxjvKi3GlUApf479L8Mw2SBnUBnPDnmp
+aw95YfWaCs/3DgqOcAfpEXt8stsuZSoLQfYkMfJBJObIcvd6mQChe2/ifFVNtknD
++5DBeKB/+HH3fpTU/57uQQpO7hfLebSVIf7O07ToPOo9FLevTMg5iTcux3NvsfCW
+kVmIOfkT8sPgeeGbqpCHGMRSZB56ZJlogQE7zXjJeSeR2/uTQT3amiRLZDBIxk0V
+sA9tcMNW8re79QjQQnTOjYYrRmrq6Dg6fLLbWWdJZUpAhXBE5J2Qk+BI/8rY0AU5
+VRnjqq5TfURuPPozQhVsQZHBGDNJQUOICeF0ELNn7/PAtNdh0BtqiAfowZx+2Adq
+2nw2CaqaGOdyxbrRC9rYHULA6nrjCGquL9XGWONFjL5qwCyprasYOuE/N3g5dEiF
+I9STgmrTjqR98ydBPo7iORWPWgtmAv/YEywjOahKYWcSaymJMkFMvvyLEaswdR74
+0ETMllJlun83DpRiAiYBcQ3aHN7QEcB//YcVnXAp0Ce9BZKZfU/OqJyMrQVznCjq
+p7nXXcUdw6xolRwumuWdzADiwbs+0WKQbDnQZAIGe9Btl1JhZk5ZUJq9TWjLHdfT
+x3vAy8/PHh1qsY5D16r/If9wlKftSQqABEqKJTkD95dZx6QEvoYb+6S8EPcJsSgI
+p+aMnTcupRxrPMd32SYDkhsCIo3QD3myJvr2r/81cV2jaKusihdSvxD6B4Aw6kjI
+R+9itv+ciAr5D9woo+ty0S+qLx524wd919/UgYhzBlTGhOEntgNVQw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem
new file mode 100644
index 0000000000..13d9b8cad7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C1 21 F7 65 9F 11 1C DC 53 33 E9 C3 7D 17 B2 88 64 29 E6 81 
+    friendlyName: Basic Self-Issued Old Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDON/+4hQq8n9yn0+zOChnBhoToiUxpbFbxeXd2nZuipHsT
+I6CihmiMA+KSX2Dmugp79bMcGt2V0q8wpFzH7unuyGj2J46gLJzE59a9CY9K9SaW
+aW3cnQdpY3XpaqvYX/5VNvbC9xNsdM78d3wYQtWGWF4q19orG5zbWkASYmDjiwGR
+inJcWBtZ+wcBiAKjMBIthvuKlr48QCwhda7xETbcd6Ms1xPVJNMF9NHEVcLgpXbl
+4ZEAlsUu9pqT+4re9wzgNrHCGTxzsz5uOHUl/kFhpSaSbEYmqwGnMH0Y0W/okVZX
+/sXUaaGeyEgLeoT/3/WjQte2X1Axbi33LFnm6egPAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTdDXWNU2gSxMsVQMAU
+hhQWMKG+rzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI+gcK03dWLaBlfh
+1iFqzeQoN9IffPfdEr45bA0kKELDQ2mhez7xqmZc05p54BJQVCldcZ5L+L8HRuYA
+rDXQxoaahQE6QevQtsvdcoVfixLF5xc4nkizsHCx5foyZlo9l9mkeyBmLQtMn8iN
+UnOkZOhkPxsWrgOLE5F/3y+UAf2vYu9AblcXz0w9UOecDkNrzt/6BB54DzIHYWCZ
+v/CC9cwPpwVOgOAwZ9oUfb3IPDhsolRLFlXKSdZEK2MO3B/ATqrvDm1ndETnPs5N
+PB2K5jXS9ydHxNJhm8SUT10gxOV/WNIqATHZAHxEWL/7wGi3sZVqLdUegxBDV2Ap
+8GR6OMg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 21 F7 65 9F 11 1C DC 53 33 E9 C3 7D 17 B2 88 64 29 E6 81 
+    friendlyName: Basic Self-Issued Old Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,686BA42463727BE8
+
+eCspoSk+HBiBPxPw3/jc6CjBbtpzrvvAvUdXwjNr4dVcyUBoApqhs7DvMk9WaHNz
+hvKgkqB3uis+cS7nJqYD75/Fkkm9hNQBj0jSORAlkLdhERMURTLE51Lgfw1U8wX0
+n0jcO+6tQaN3VADG8haui4RRZ01y6pTtYxnN9ry98/WDKgNdkMI76U9o1k6dTXhO
+anSzkbtCL/N/nlTDvcZGdT+PQcHUy1pjYgpfcE6xxC4vNWpgcfMRFtZ7KZHv5QzW
+dexqgBoTP6VMgVUpbpUm26L4sQ0Vs6wpVQrHrHjIo2ZThuIUH8iX8GNreZl/LhIH
+foYNeY2LtWca9+qOZGUNWzFwnXtK6vtfbmQMWYtYg3YxOIlqKbzkbkJufErP4dnL
+6Idfwz7mgw8KfNpvh1VamoHiGZV2FksZazv5N5fsKvuUokK82FvyfY9eIIU6ObRA
+fROowXltBFobm0VGIfjGvRlZrNFFJdkbDTIZLqF01+u2/E5SO92QiZ6N16SmuJxE
+hAEcW/NRFz4b2JhHaYO3dLxtI/QLXhuW0jvMZaRyAB3jTdsVIzT7S4HIOgHnJi/G
+Z3o39Ss/cdGCuejzDfVarPx2CTSmFI5Xy2T20DJkvQU4gKYeZWZarr1UMIUybXPs
+A9aBZHjisoSWe8eevsIH3ywbeP9TUC9OFQy2K8gZ49g4/Is9ETMz+FpuqVXIqDLl
+gm7nVFX5nNDEvnzHcJKa0Sor28I8mI6a7Fr8/6eXjWkJdn9xWoMTiqnFiZ7+6kmK
+hIJ457ZLJ1LVwD3vHA9xtZTv6S0CiaJp+qUpTT94WuZm+bE6/10h15JHTWIR1Cz8
+z4lAI7EDNMoeso2Z9F9UvhLnfcwRqsZ2DqSlYv+DBPH/3GaEk1CbLhMc+CFoiSJ1
+YAs6utmbPxqDRuKnvBrlLUGdFuIepzcCWv6z/IH/gCcnrmE8domcnQQHAm+nNQWa
+0K/XX1uPjhdMaq/vsj1LT8Lx2atmVFVEHTRJTPlPB0Pn8ySmgutIqn1+7JrWBwqF
+oNX1aTDg6tOm5Au3CD4Pn0kQYuR3aQouc+QHBjlDoMXfQAEThnZTPpkUEqFWmkCD
+yQh1ptEbp4OLDasG/4ZSqW+8hisy6KBw94vnuDihyipEjXCcNyl7OuiaLnaoqlpC
+2f3uAdWPl1SiQmqdpvNeTAa13P7ZhZM9bhY4+5ihczRv0OTMYevfjpNJWfdG7cI9
+8MKRMsGL4SmlZHAhQnalvjrH5+5xO3u2Jpne2rwe5kAqx0tXKfVCIQo/gXfCg3Rj
+qgGizdk3DebGq0NPSju+iaqhcXGTz6nkpGrIoUYq72RBQ7zDN4xN5x6ujeCMHCHG
+vXrk9M+QMzWy8IPKjpWVSWwA8OMLAq8UeN3xlvMxpeDsY3j8PQ41mjyXTzi1xGxB
+jmFj0AiC5VFEds/UA5RRU74QYpjD6I9ugIj1nZgsF03k2nPo9736UNt0vsc1HQrI
+GyTU+JI/eT2lAT6jSW2LFkRf3QtNOqhdQfLx2qHZxmUpkeFf5SkBUWixNPsEm1kM
+V4SsRP8ofaSV/ek6/mSw9E2sJ1dDXVeToBEsSpa6hv3mDGxXunJDgg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem
new file mode 100644
index 0000000000..25358166c3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 8A 32 06 AC 0D 6B 5A F8 27 70 A5 01 B0 CF FE DF B4 D7 33 5C 
+    friendlyName: Basic Self-Issued Old Key NewWithOld CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIEJzCCAw+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnBPMPPNq8WIRK88icq0J2qG
+OEExybgfxxPFyBcrFCWbj0inqiig0WPqiSCrcW4ZT6VZISTr6QCAl1dLOcVbuQee
+RAb0cAmOQjJi0uwwJbU0x7v/SXnDVRLsfSVEr/MidweYBGypXZGAKgkdc970LaZG
+929yh9RUliQ5BCSskTfrigH49LEgGBAW3apYmxtEMQb/ut/RcDXHKd7737AGlOAt
+b8X8scwNro1xtAg65ZAZC/QJUtSb/M8RuwWFoR5MJJPJIIqseUnWEfdJkbD847eJ
+GdqXrOG1mg7sbrV7ZP15aGoDPQBxaMMfIZfHcHUGqTQ3IiGzC7yr69PtEN9ZCQID
+AQABo4IBADCB/TAfBgNVHSMEGDAWgBTdDXWNU2gSxMsVQMAUhhQWMKG+rzAdBgNV
+HQ4EFgQUiF++PzU5ZprrTcImGyaxKie1CCowDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MIGABgNVHR8EeTB3
+MHWgc6BxpG8wbTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExPTA7BgNVBAMTNFNlbGYtSXNzdWVkIENlcnQgRFAgZm9yIEJhc2lj
+IFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwDQYJKoZIhvcNAQELBQADggEBAGstwlRN
+EPUE3/8XGiiovpDxI2IFDQui4YhbkoxuY0Cn99tG6XeAnO2RNmERe02iTqDTM+dQ
+VRBNkmCSN4doDsi8/14pFeoDz4KSwQeV8H1bFZn+BPHs3E1rCiZOxNSPsgPseReT
+F/FkVyLsChKEJpPC+mCFB6DUUAaoun3EMFKFZzL0BqAHOnQPWj5mff1XKth0CyPD
+4KLl/n+n/IXyMPftmCDaFpvC3QcYDll2jnSXB7VVcipEcSJbzbCRKU0WEEYl7cd+
+agEmeuwWa3KldkWU2hZ5iiGxPPrZOzemyRRu1a2bWARcGJIrnZaJHiDrPmRZmYNX
+VIztjeAlYFC/hDU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8A 32 06 AC 0D 6B 5A F8 27 70 A5 01 B0 CF FE DF B4 D7 33 5C 
+    friendlyName: Basic Self-Issued Old Key NewWithOld CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE464B14C12B703D
+
+kPOe+CWFp+pW4sWunL4ROXcBMn2cNwjylW9O5KugAhvwh8zRntaVyltp/JQTz5ly
+zVIeTOsdWkaOq0sT1gAXqBQ8ZAsHFPFxuxYGMLHZaIllbgZh9DV0AV9NjmDpsCJv
+eqTg/uvwLY1qbMF6qkiaM6pHxglhF0sgkZBhmJGXTkoyuoB+PpBtm5E4to22ks/s
+WkPKFgOt9qX5Pe8qEYfCxvnZ0mfg+iyQFPLMgTH+NaOzvGoQl0KrsNDCiuWEFswA
+2Y0mJ7y+dVkeaYyIy6XSjymvWF9vMuqozC5jpbc1OloAtdCNClsPJ3sD75Jz/+Rd
+TMxgamq9oeB6OZrLK2Ep25uBF7NsHxgidcoBLdxck1LlJD90vs/9+dockrwfFScj
+FSfU9O9Tkg3+m5oYchI2jeIQuscVGJHKxd7/j6sBEhJyYiZzQsbMqhZjNGuYZxBm
+wDih9bawzIdu7GGE63bu58gdYrEFuU2/DNUuu7OcGn106TYiEkQZC2yMIud5lOYe
+Vt/m9t8iBxZBDXRWqer+YCcYvsN5fRDmtAKbJe3Josi0RRpCcEL0+J8PcSbA51yE
+q94iEPWIA5gAuROzDs8BzUxqefMVh2jfMCmnmCT7/TSQsTaYs2lm3MuUg2MDEN4W
+xe5Tv4JHIvx6bx+wfU+Qt31MGoVEhhdtLCUlJVkbv0rwLZWbllmBPVlqkBBMFP9V
+CPQN+ujEpFH9v76uBnYf66bQYcMYcnRC5ZAgI3aEgG1sCdTL6WIewqaSBhV2rzeR
+ZG0THu/a68IuQ4RFmNOBxYBSV0U5j3qTgQWNtritn9yA2sJBqtYrxeJBOaLGvs/G
+70VVNv7JH7VfY2BpefcmixoyOUHegj6/y1kTy2PAnchF+uW/MndqdgZQwBp2WqWI
+yYAXyqteQedhXKPAIkSqhkXuRTzFmNs+0ePk0ai6D3Emjujx+9JPu/onex6ft+lm
+4tctQL3O7m3TMqhJ4epyWHOeinIu7794NBH8BM1eCJg+Hnmfy9eHGhcmBUH3FBR/
+cuENsrlPAhZrZ55P0vIMq4CL8sImcDKmjDuf1HNftTLRfu1ujq9VISwV5jIGWm2v
+zNG+E+H9oDWOwVWihVn7RW8pOQnsy3JS0dMw5JTUHl3096uZvfy4P9sFicKRrFm7
+AaH1266VcV9dcmVwIKy5QUYiXdAQoY8AGzLBbMqo+ItjNrvyiFYeAjRZevBLnyhk
+vFHK+L3V3IcHgag2Y+ELzLXu1vrKYKA5b1jJGvYsCZACgDFJjlIg1uwbPZAwb65/
+50+7UFjhiC9DnrW73d6LnsmsronNhUqUMmQbt3+U5b97+5EOdrHl33DiAEE5oWYt
+4BWaKJ/aEPIKTFAVKdm1N6G83CinQDnpYTMWIVNt5+m1MVm+eyEi1j4pXI6JxePG
+3cK+1Byg4y8dQJDRMdbUfeYqjCgSMT4L2th14w6bDmy128TEqXo2K3Rv9qvgr11o
+rl1uyVR3pVbMTU/X5qdk1W36JaUqdByX3jyXjdApecfKMCXccwWI2gl/V9MmLZ8d
+tg4dAMfeLNZHpQJ5cYSH/OXLCmjEkqGlOUTkbUUxa6s42ENKBGE21/Ti9e/XMOa+
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem
deleted file mode 100644
index bd06526d83..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem
+++ /dev/null
@@ -1,120 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=CPS Pointer Qualifier EE Certificate Test20
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICuTCCAiKgAwIBAgIBFTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK0NQUyBQb2ludGVyIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAMoJaBG/FNuQhA4cgeiGiLpg79tevgtM1J+7DRztxWNGR1ETJ2fT
-76YKUm8p81GifGLyp0GPixlRYrORVU04fWNYnx8Zf7rkoCPeVEDinuLDtIrrENam
-41t/iHh8pI2pzuA+AUUT9MOXDyVHFx+hGhjOseGtcUIJB0h641auD/XtAgMBAAGj
-gagwgaUwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FMLcmlwicNMKSIWer8jYAJSooOpzMA4GA1UdDwEB/wQEAwIE8DBTBgNVHSAETDBK
-MEgGCmCGSAFlAwIBMAEwOjA4BggrBgEFBQcCARYsaHR0cDovL2NzcmMubmlzdC5n
-b3YvY3Nvci9wa2lyZWcuaHRtI3BraXRlc3QwDQYJKoZIhvcNAQEFBQADgYEAfDo9
-XQCL4ynO7TfTvX9MENaHI304AZw1YU+SP2zkPuDd4HxsI1FK04q1NbIaJ+TOVfk3
-Fke0kNKWelXWa4JcqZ8eg1RxzRsqB47a0IdMOcVwwjKNI5U9KkHRvHjCBMip0wjU
-j6Qw2ktcJRAOZf2zsNks/lq7d2+7udwTCiASQ84=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem
new file mode 100644
index 0000000000..88d531697b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 10 DB EA EB 83 D9 52 B0 6E 6B FB F7 D3 A1 04 D5 B2 47 49 0F 
+    friendlyName: CPS Pointer Qualifier Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=CPS Pointer Qualifier EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBFTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytDUFMg
+UG9pbnRlciBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDIwMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhW1cwuWNSLDxdyrOixpJM40XwVpspuF
+pFGa73TiwQs58B/3i6tfcGygyAAmZHYGoVKjIq5LvPbirMTnCYQ4AtPQwji0AuQN
+KmCwSAAjY8WPT73mSvAEpv1C6vhWq/PYcNbHq1PHstsD+V3dXc/sLvBXAXPFEbD+
+nyhBpIReB+efZ+fcLDRg34th2GezPq07Q7OsROHL+35JDqtMTPibpsNSSMETa8B/
+5wW0j9PxpQqufx0sVPpSXtrcK7tn0dlhhwW6UnDfOQn1XwFqmYG/UQ7fKU/uIH1a
+VQTAA7GnemZ4W0XFZwoccOOiDapNmlMfMIs4JhlkpUd1uTinDGCzPwIDAQABo4HP
+MIHMMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBTu
+QtAPWnapZlaIwYeYrcROSL3D4zAOBgNVHQ8BAf8EBAMCBPAwegYDVR0gBHMwcTBv
+BgpghkgBZQMCATABMGEwXwYIKwYBBQUHAgEWU2h0dHA6Ly9jc3JjLm5pc3QuZ292
+L2dyb3Vwcy9TVC9jcnlwdG9fYXBwc19pbmZyYS9jc29yL3BraV9yZWdpc3RyYXRp
+b24uaHRtbCNQS0lUZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBqPx9Nphzkn+AqwLQC
+tz30JaETh2kPhqKYjS7nUwbHzXz/zxeTrbQ7fRy6UGa8c1hyUtnekKZ7Y8T/cNAv
+ltT+mxWtye/58YbSBSu+RdTJmJZIXbr7ZHFDwZC6gcMwvIuOe5nGRom6Yxthmciz
+rCQ7m6H0VqkwZLMc2rKPKw9t2MmkUMHgxCIyh+Fa0x7jvkbe4cUP/7+CRr9tT7m+
+Lh/94RYNQ16zIN/GCZnH9s4sjQLnOiGMQ41fa9zKngazpS4fMrxXPGc+NgFjVrk6
+qZ+NRavzckQPEGoIZrR+8i4GFxfjFzTD+rGUiKHb/LO+n/+GKJhc3EhyIuHulRV4
+eB2G
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 DB EA EB 83 D9 52 B0 6E 6B FB F7 D3 A1 04 D5 B2 47 49 0F 
+    friendlyName: CPS Pointer Qualifier Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7280BC01FA9C2DEF
+
+hO0TJe62lPeI7f8ZwXJ6u89ylbiT79g54Mbri0gQDYk1oAZDn+7JkkNOwsZyI7Bw
+mdPQYqnSaWYkIZXCqm/vuQuWpO58SgxqLoL9PfAkG9M0I8FpEmI4BaXrv9m30Kkx
+1d52XSE3h6d9LdJ51qXsxgSngM7tUaKo/6mk3u/MLdfhETfqB19Q19wLR2yoeYsn
+SaizInE9STM6yswayHOrlrhVDGDtbRi7gavaxaM6WgQ/8P98JwrcZ+IK+4K/kdkl
+KhhOZsyZYrJ19HlWccv0Vxn/rX/K+2Ddu8MLr/g79E7Q8k6TAcS1ExAhmMtqXVlR
+oF3fGa96Ai3cjehUgIrgsx/lKjB9bMTV0m7Nvzlfr5ERuaEHR/Xr7jl+rpAU3jPc
+7gAThCQe90xFzOnNhFhw7xcAPMZX4NFtED6LXt0sEV/NbBxVcHBeYaLBZRXi7dNu
+PggRhqAA19Sl7DDyf+VFAdlVTbHRllU4SMsW/2xbicM0SzVrjs1h47n4SiJZzR1n
+RXZ5WY11ADHUyep74Ba+wgZJASPj0t2/gjRg8FCmUq+sAy8oAo95Khkm1rx/wOBA
+gINsYtfVql7Rj7Nnh1e6W28Mml1o4xrjYzLcqHWTqnt3NH1xHSPm51PKKUnb74qT
+JzgXbABQ4u1JTKMmlxPPUBnKLswap3fdazvr5rlNiKN+tW4qEj4JLNtib2NpLExn
+aceBVaH2G5IuuUGAachdvEGO61ZC+lXHEarffCsQD7xAt0w3zu4nYs4FTudtdn3X
+iVFqC+a9fPPR93YfHB+m6pD3LfTeP2IVGhSAIS5C9OV7iHqR/Hzzt+kitaQxjj4S
+dZpKFh3w1G5hbkfyHII0AWWPgIKJyOEz+9pJVsIogXRC9elZIFwAcDPr/ugoiErL
+hVWKxgbQe9KkPEnEogrU3zcAlqTPiDIHWSqZ7nEdImBDR0LF9yAXBEy0tyPynNHU
+vqR0vjp372HN3CyH1huszkJ6l58qiU8JnOBS8xjnwnE+aZR1zPVuLFyqYmUxwhFd
+rR8LCCR6k1JhKFgZoGDYEqRmFB78pKajK8YoZlF/7oYAfjVh8bygHMYuFIXl2+BX
+lyHOmGUGawsW3VuHMWM6nprLckqt3EA7faG5ifXYvYUy2REqzfUaRocHHm3sNs8V
+vhkSDakppHozbUyfnqU4GWkp5xI8rPHRyoKl14RRsVd2vphVTACoACXLzZNh0u2C
+iX5dXJ4wQdoecDKtF0mgtRqjJ14ps8pBVFk5wA2oZGUO6t89cdKdYNGW2o+agmep
+u5xAh9rhPd5tWSoyzydM1jBfKcGGa9RyqoHe6YYjfpYdGnI+gHsm+qr21FaT2CAt
+hVB4pygAoB6l9uFXsPbm4QMRTPwloquHOHJUUN5bEjxhcQR79T5qPtYxSEWzRxda
+Eb6qiD0x143h94j7PAV5uC750Vr5abQqMpqwfV7Q6JgNBvhqw3CLN91G/1YBZ+e5
+2gxfSR3a8T0ExkFEtYjB1XCs62jnujUcqrEWYuiE6lmxUidXyIyw5FQHwmIPPFq2
+axismUOyMVjarITj+KlE30ZLrolKzgkQMpC0vwjMJYlIhdPZY65UXX8T+n/wqSQ4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem
new file mode 100644
index 0000000000..b6eb97d8bc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem
@@ -0,0 +1,48 @@
+Bag Attributes
+    localKeyID: 6D FE 06 FE 1E 1C B9 70 5C 82 34 BE 5A E9 49 2C 2D E1 99 AF 
+    friendlyName: DSA CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=DSA CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEETCCAvmgAwIBAgICB9EwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDFRydXN0
+IEFuY2hvcjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMD8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQD
+EwZEU0EgQ0EwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA3+URPtrptm4Q1uqd4p06
+sEe9RADHVsjMbtAzhFZHNT32VMjjwq27unXzLzMMpvkx7Gfj5Zlt/CluqleIcjTi
+jgCQ4KOsZI7A9jwdj7TISkgwXn+qnHYmC9sTczODl8DFs+Y39T7/FQ3UoS66Mfir
+h9gLzHeYQm6sk5jCvS57NAsCFQDPBgTY/4vrAOn2XAeWc/2WZTovBwKBgQDM4Xyw
+zpJfY+w4u0S63ZI0tl6+ZXvYcXcEnexmfDsEzrbzUv4PklUC704Sq12aLi9uVvNw
+7GrtmyK4qBPLDJwW6sEKjiEmRKUM+aDsYuBwMcxo9QuFpEobbnn0wfk2WjhvTu+E
+U99n/cz3WWKPnJzNEI9cpA+ctwfsYPO+r345mAOBhAACgYAm8r68RrnkebglcwaR
+1iwnDKicj8nv2gXOXfK9O7sigjC4yPmhGy9h5RrMWu/BS88O0U+nfGtn37ap9xYy
+cmH0x6ionWK0gfjwiP274z1r27bbXVQ6hbaP9z1vizdHHPPNiP1sRFJMWBSKt5SO
+cfWhPir+cD8ln0CrcSVAm6e5x6N8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFI+Qxox06HsMyFnHfTxbVFlgJQuxMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAGE4aQgafVYNodDWs4oastLldKjYFnOlegU3B
+iKKfHJTPRF7ibMpIEx26666j+8r/yAo3mdO3AjjEcRYpY861CTnwXFbwvkZ+LDCm
+oWVRj4E7yElt9B6VlL0kkKGvsQsuVTOF6wBApuBRezet6egoy/tlnvhy/BIzEWpd
+2O1Id4Ty8p52hujNqVLWS4WV0zObdvNc9hv028L/hcuXPKFsSUBZLxdAezJqu5Lp
+SS5XKS8jW7qkkzMqnlj5JwZlZ/MkbR74zHzr2YYf4N4oH4LjlQLaTMeoul/Gx4c1
+4baQloxKPHAS6pZgSLW4Q2FEGJMAz8CXT3sFjrX3m+H4V/u1UA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D FE 06 FE 1E 1C B9 70 5C 82 34 BE 5A E9 49 2C 2D E1 99 AF 
+    friendlyName: DSA CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FF088FBCDF515038
+
+0/MfMzElgraRX9os51FaeJdcx6A9jjAzUNa5OUxtrvUKd6DzckyDweCe1boFF/hF
+29DeFyqQZPiHcRA1/hKgGaXhOD469xGlbcdBEVfP+uhdknwihEer+llPlZBndbQx
+ue6w3urDVOI6bU/YkQtFIGah8FCvviPVK08/6HFHqn47+S1cyqaZwGUpwKqDFqI3
+mwujq3jFLs5iqb9q6pBybrxQ8Dq9rYyxM9LW15PjU2qev4e18vK3zhyY4l61xPqr
+m/9PWTvt10OFsusjOnQFsrnhGmKfAYBVlFZMGjJOkmGuuWr2GCdAih0r0rpys2hF
+5G2HvFB1fUbYz0YNnsR+HmGel7FkLlhkVwLmKE/shXGKaLOKEM5A1VxfHAyl/4Xw
+d7ytkUScDWJ1Q0MOZRI8NZXCPagVUFwxYy0GyrSqSyKJS+nlIGSDuokuUYNBEDYT
+5eYamXAS6QvyK71nQa9/+8LTqoWblvUITYlXgfABxiNQklxjc1PfOfihqeLHuMyz
+j+JwpUK+OVAXkyo7jY6AgjQFehk1ce/2VQtVkvo/KZKw8q1z+4p/WNeeMUbXe+H3
+Ni9y/gecu4oNjYZK1ZQIlm+ucDFs6J4e
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem
new file mode 100644
index 0000000000..eb0e3f5a1b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem
@@ -0,0 +1,38 @@
+Bag Attributes
+    localKeyID: 17 40 D3 E7 90 C7 A5 D9 5D 9E C7 97 9F FC AB DD 19 CC 36 F7 
+    friendlyName: DSA Parameters Inherited CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=DSA Parameters Inherited CA
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIICHjCCAd2gAwIBAgIBAjAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBUMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbRFNBIFBhcmFt
+ZXRlcnMgSW5oZXJpdGVkIENBMIGSMAkGByqGSM44BAEDgYQAAoGAdC9PddCBVyNv
+LWZjkNFCIMtDn07i9ToU0tjH6t3zsh6BmmEQQAmyelHzZvk2I3BU6OlmepSlsfQb
+MRhWXb+KGRZHkWCq+Y1FXAJLf2ezAvaPbRS5zWSQ3QyIx8RLEtG4vjKgn7lKhDPD
+q7ZCS0sy7Sk9B/gHfqL32KJWU3EqU3ujfDB6MB8GA1UdIwQYMBaAFI+Qxox06HsM
+yFnHfTxbVFlgJQuxMB0GA1UdDgQWBBRlgZ9wOoyt9kMdyOePVY7oS9uH4jAOBgNV
+HQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQF
+MAMBAf8wCQYHKoZIzjgEAwMwADAtAhRH8JjJuwWpgsURK3pfyRHlg5C32QIVAJPh
+C76tJQgAB4hw38NZTyKc6tQP
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 17 40 D3 E7 90 C7 A5 D9 5D 9E C7 97 9F FC AB DD 19 CC 36 F7 
+    friendlyName: DSA Parameters Inherited CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4582A07BDBECD705
+
+pDmXrWFfJ+/o5nvbPDvx4ixcy5zuqvwYuAIkUqfl0KbsgtnEtnbmx/Nx0PnELeTF
+CsC9BXd0ojXHd5kV/xp8iU0IT3YoKl7OZ2wzm2rKQ3EA4GhKLlJGcVjpTX1Xu78s
+Yl2qUhl/Y9UCfT8bltXeLxT3A2qJAkiGE2UC0BKz7ZRjVWeus8eSw6mjtuZxquqr
+vAwC1ridF+Xg/ENgv+NpxqXvN8alKjiBdI2t+hjyKsYjEjf+fCX8XXObLmpRru8s
+MZdn/Zxi6FODJE6lm1no+k7zc9Em+MQ3ZCcdy9ebI4ibFCf1uCzzOR+SOGUe+6Hh
+1vX9wch8GYLaCg4nZDj+TI1YxcxVP0lKhRJrvUaeiGBd61s9iqwpctGvLFGGG7zw
+eEpWnrecPtXrqAadYyK7y1SFABf9rxiyBz8VsXgeDnXK4LbK0ftkA71neFi+dXM8
+AewSr0h+K5isEQrUneGwRGohVuedL/W3PnEZEHMg20ixOm4oPBO4EpoBbb0oJVg2
++wfMFUnyil66xR3YI3uAZjh17TbFYhvx+jb5+5YF9GucBsbZxgEt9bkwHJpmjss5
+YSuS69n7MCK69o1y3cW3MA==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem
deleted file mode 100644
index 4084a4851c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=Policies P3 CA
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAz
-IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTEwLwYDVQQDEyhEaWZmZXJl
-bnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDEyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCyCzdT70A8+vsLoViq8TWIYg7Eta6CLxVYgGuIT/jHnsK+
-+FbOsG9GIxdLYhdZrrlKG4cAlkpS/6K9L23KfQGiNNjQ4LaWC/geLyNeOOOrnXBk
-nMhffhtlQ4PzTnEtjtr0fUr5iNZtCZpTUSQKxvZfEL8s8HUbsiPagLV9TwXO3QID
-AQABo2swaTAfBgNVHSMEGDAWgBSOvWaPjlVlz1HkWabJKh5iv/elvDAdBgNVHQ4E
-FgQUgYdlKg2WZsyn5n9xnCVxsVRQwz4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQUFAAOBgQA+sKsTmg7nH6jqpWTD
-0+ku3zH37P/CeNynrYlFtFA/3QZZNSeBUtmPEgSANp/iYSgpIOeqcUR+vJZhsIXT
-+0wX4SS7+hy3sHAuDmSZ7d4XXowNWmfn2MElY7INaPvTzjRY3+XIeTfMK43LglF5
-sftSt0FIy+7QSZiQwKIX35Hdig==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOUG9saWNpZXMg
-UDMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzB4tlymiLVW8a6Ps0y
-porV4ZwLRY6O21qBHaMeOvMroSc49aMMmsNM5Hq1c37ETR2NROBT065S3xFyQT58
-Q+6gu30masLdypu0ewe1f4waXVKzrOrXleRrha2wyu33duzC9XoU5rLxLJUrPXjd
-F7bYw/NIHmdKb2gKdGDD5ZhlAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowHQYDVR0OBBYEFI69Zo+OVWXPUeRZpskqHmK/96W8MA4G
-A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/
-BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAGIeHrFlfEpz
-33KeWUQrArkcbXi4ONGl0zsMAelL8FjVyZJqVjBi4/z+31K608b9FleH0H4QlO1V
-pADcQhn+/9ChWXCvHtSUuBsIPFO3WWIdgYTtmSAqxsEq3uwQIR3ku8NoMpgiak6B
-EdVSLx709Z1oHVmuqVn1fYV/0968h9fo
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:BD:66:8F:8E:55:65:CF:51:E4:59:A6:C9:2A:1E:62:BF:F7:A5:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        70:a1:09:11:c0:05:80:09:b9:cb:96:bd:30:59:49:1e:07:57:
-        d3:9b:e2:f1:41:3f:f5:f1:d7:90:67:ab:db:81:2f:1f:b6:6d:
-        b4:e5:45:ba:94:55:25:9c:e1:11:06:71:a3:dc:ed:1f:6d:eb:
-        91:33:7f:7d:1f:40:2e:1c:84:1a:c2:45:8a:26:ed:0c:a5:6f:
-        1c:00:50:99:fd:7b:d1:3a:cf:a0:1a:da:0c:f0:7a:9a:4e:b5:
-        f1:fb:90:9b:ab:54:57:1d:55:ab:b7:c3:a6:c4:27:e9:c8:6b:
-        83:28:68:cc:9e:0b:f0:99:7e:0a:f5:f2:ca:35:28:7b:78:59:
-        7c:88
------BEGIN X509 CRL-----
-MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAzIENBFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBSOvWaP
-jlVlz1HkWabJKh5iv/elvDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQBw
-oQkRwAWACbnLlr0wWUkeB1fTm+LxQT/18deQZ6vbgS8ftm205UW6lFUlnOERBnGj
-3O0fbeuRM399H0AuHIQawkWKJu0MpW8cAFCZ/XvROs+gGtoM8HqaTrXx+5Cbq1RX
-HVWrt8OmxCfpyGuDKGjMngvwmX4K9fLKNSh7eFl8iA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem
new file mode 100644
index 0000000000..9f256c30ff
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 00 D8 F9 29 B3 56 E8 17 FD 7D D0 C2 BC 92 05 FD 79 AA 2B A9 
+    friendlyName: Different Policies Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P3 CA
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEXMBUGA1UEAxMOUG9saWNp
+ZXMgUDMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBhMQswCQYD
+VQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTExMC8GA1UE
+AxMoRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QxMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPN0T7wjQBhGUgt53voETJXwpFYH
+7LSwR966p1DkDY/sTYGE7D/xxxxrz8FP0BPUvcAncfBKwBkEJ0ioEc7Wjgz9vnaJ
+o+tzJxiC3Ez1aRXEcEUNCYybApVy4hWAoKBqFp3sSZJjrZ97hzYkihCJEkTewMDg
+nE7Ru8WTt1JjSaplKZ5OajYdhdLGvESIOpFGMEbA4RlptpHeUjN8TU5a2E18vHfP
+yOs5tZzD3H9ZnmdKosn6RswkMO2W7gMO+nmvo4BfDnpmXgwMzBzDVoS+rW7MGVwP
+eMNNVz7h9UYlBYhRDSceAjF8DThevpzMAYfr4+g1lmdxmVT0ATXZ1OYl6FECAwEA
+AaNrMGkwHwYDVR0jBBgwFoAU2AWrLKCLw5Lcxq1qP7/zxpjl3P0wHQYDVR0OBBYE
+FMNvgVWsNk7EWKBgwL8ilshd+5PVMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAQwDQYJKoZIhvcNAQELBQADggEBAKMG4iNWYroyty8c3qaz
+37GdWGbiDQEhIQ6xJqxykoNZoi7D+ixkbH4OxT3pGB407ig84zH6rSHTgUrGh+gZ
+nrNWzDJY1qUc6NDcmH4VkoX0XpGoxqcWe3F9WV9HA1ZHY24Oa9wPTg3Srjdg9V7/
+eMe8KiObAMGy19rgrmiPX1NrhsYL+E79qfp9UpjwrSr4YWwQo8vzxwFxClAdFbK0
+eeNxr8/kn4+9Q8+z2R9L7NMpKU4nSsZdozcJBqPsmRRKDjbBxKQg1defVscbp0Wk
+i8eOL7EJYT0oljx5QMQ1o3HUDzsYGQ84MfJ7fCkLcT2kQpRR9cF743q0CZMYl4JA
+XTo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 00 D8 F9 29 B3 56 E8 17 FD 7D D0 C2 BC 92 05 FD 79 AA 2B A9 
+    friendlyName: Different Policies Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DBA3E0F11E927D17
+
+eYd1nqpaoKS3dlDv+Ge3fOtBToNio0qP5xYCCdtWRoW6cBAMGLAeU6fA+225MCD/
+cc4sDMIs+17o8sGH+CHZosLY/MJyEnM/uZELt1VbQ7vKvvz2Umkotv5HEoyk/BWX
+BK0iWlYwL6rzYZMKssKczdCpSnUB06lKAx54LsIm2Zvjk96FkD2uDyDyvq8qVzCH
+ssyjbWiybrlYVIJsqW3Q/5SnEBv+GJ6kVqPEhfILLzSgJS9mL+DdINawWTL0IIJU
+eYjxfz+McHYGP7EYyVNUpCoUmv5kojy9b93gAXXiXpskseBC7Smxiw6SSupWVcDG
+Sv8+3gIRW0P2emzaLBUf5z5y6o6++s7NMFIieMiRk/BXr9jjjXyQjmfXNb/YxHFw
+9RSn3wou5v7z6dLjgAmMiTaQdkAhsXBp+Lyg5l2Sy25K4b2TEN9WFb4VKZzg4vM8
+GdUpxlcaOQoPfSGdzqq3D9SPyzGBpflkPv3isJo3P7EL6B9fPXC6ZG7AlTWAsUIL
+v7JJvtbe02P/mVObkqINnYztAsbQT0goDA2l09Lv4QlqC0qDFv755kLCoZiUABS8
+gs6+OUmouBrog2YmmHk/WWTrzdqq1yIXSiZNztTkgkcVc76OfpspeOt2B4FEFlAj
+Vpr42EPjVYlfxUr10Eotv5UsKmpYo0bxJvH7HZMC8JOC93mw7IuLRqsIncRov+Z3
+3OkYFM1NCxSMWi9csQM03EG6gs0jG8ofeWryySKfTy5oGYDO19YrYw1/v3Ydmyj0
+0xY9oz5eoQEFjsaikfcAKJMLlfg4G8HNJsrl6WFSXxqtKn8mP+dHU9QNHLOpU48x
+t//Yw6yrRg0KajrxmCCQLhyk/qmfTYV0RBmpPtcQGPGznY+Xfro78q1gpKKkjwmC
+scxb3SHnMAZ2m3w/szPxjnKHsT8URkrYga69McNgNUtupckDrQqaIvRciIap44Oy
+pw1YBuj4YVUlsy5JjSIXuFDHts/bF4lbwgvYb9fwEaUmU94INnyaIccbxuXHB0Np
+1uFHo0Trjr4uNpWrbdk4V0SfpU9wTF/pztciVIIfjItjJJM/HWUZrvilKl6LbmA7
+OxV0S6BkO+elzNOD7GTuGvNytta3GSD74rfy2ybIFSzOU/o0AMANCfk3HHEMHJoK
+QhnC3a0P2QaPF3y7IpCNDtYd4MgQjYjO0f2IZCbbnGc8Dz8e8qV05uHaA6A8VnWT
+oAFJXrfGrGHCa6JfjQensBph7R0gi8aMSlde+MWgVuCsegHe4hwWHNR6dfuVA66z
+zp96xLgpe5nhYKheXsbNfGaa5mpfr6LqPPfgl2Ea9/IVO0QPVLsLLIrPc2mAU6Hw
+Zch6w6ncqE//Rba48b5/t/21gZhVGD5W5lrP3CDPd0qX5Y6FivVEFZIYdaMIzW74
+fdJtdoXrY0X8TqsLqWXQSyCn8hndq/QasfLBXcBHEjA/lwZ9xsaGuH5egnSDaV1M
+sTxWTAxywse94eFTxopJ4dkQ/i5gMHfEiRvsKOrgbjVVl7dMwUgg2+aIIVojxbKK
+LdITZTwfoqtKRYl1o3xsy2i7CV/ptgC1/EvL/UU5MA+kyGcBBTc9q/Hq1o/Icsp8
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem
deleted file mode 100644
index 81624cdd69..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P2 subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBEDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBFMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1
-YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFuj/BeKqm7wDc+UMIp7Qh
-eY7RqfB/VGqZuKUb5UNpLiXT37UrhteMqYSqBkd76l1qvhhBwRPJt9Nq2tf5slrS
-NJOAnUfF0McB9RUJMGhkITa9As3KZy0u31hre09MUaacltcuJx4irpHKUEjn+qY1
-ZdZ7NNEzH9VXWN+6lARLIQIDAQABo3wwejAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7
-J0TXNTPfmhWUxzAdBgNVHQ4EFgQU5FhKqtjykfUZF2iehQcjbgo0680wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAGilgDaBiDA1cbd6xUxAl/K5DVQ8ack+2fk1
-P8G5fTuQoQtDbWX6eA7Q/nXFXBCj2i1tmJF/q8Pzh1GU6MKQ5f7J5ibEstM1+lgb
-hidM5kd85uVTxTBL7GSS94BSfXFnNOOSWbRTyhSIZRxScCjERfnSfF8yBDRIbFGO
-ma6qPeAC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA
------BEGIN CERTIFICATE-----
-MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAy
-IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowWzELMAkGA1UE
-BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTAwLgYDVQQDEydEaWZm
-ZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANc03XT9xYcVcwSWI/zfZ5VWnTC4uy5WFMe8/BNL8QuP
-5xFw/xGTjgkS/ABNJJJ+a/RWsi0Q92MSeMbVNkgD0/i94SgjALWOdsg9k4LI3iH1
-ziOZ1OWKjKsJIxgCbTls+JRu7bRi4dnVYHB96WnGFVsVp9xyoS3hUYYwpCFXYLWz
-AgMBAAGjazBpMB8GA1UdIwQYMBaAFORYSqrY8pH1GRdonoUHI24KNOvNMB0GA1Ud
-DgQWBBRyOnvPdzFG1aaQtBqWQiKlfmoaPjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBACWQn4A03gqLgppl
-ROwBGIIxHZD+wVr9BgoDJj2xwX6NaofqHfhAyVq9hDqEwylmfr0rH6m8PBAgnST0
-CnoWgQEQQ2sESHf6f/7/CTcVLlx8UQDXaTlA22nhmoJG9Y4iOdjdzhgvn/9yYySs
-aTByh3KCB3TV4q9GJw6nUNAmnoOo
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E4:58:4A:AA:D8:F2:91:F5:19:17:68:9E:85:07:23:6E:0A:34:EB:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c3:6b:fd:b1:c9:49:fe:a7:76:33:87:24:1f:f7:df:41:31:b8:
-        37:15:f2:3c:ae:8e:c7:17:a1:30:ea:a6:53:99:4a:8b:a1:7c:
-        ae:c1:4e:58:81:4f:65:e2:0d:eb:a0:cc:2d:f5:a2:ba:03:ee:
-        1e:81:1c:64:3a:b1:9f:2b:d2:40:27:69:6f:32:95:fa:85:f7:
-        c8:76:8b:4b:7a:11:12:8d:7c:fa:1f:54:84:d7:ff:72:23:63:
-        46:55:0a:e4:d2:38:1d:83:2c:57:bb:60:21:dc:44:0d:6a:95:
-        11:ad:f0:b5:57:82:68:f4:20:37:f4:d7:46:93:cd:c4:c6:90:
-        fd:c1
------BEGIN X509 CRL-----
-MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1YkNB
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTk
-WEqq2PKR9RkXaJ6FByNuCjTrzTAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB
-gQDDa/2xyUn+p3YzhyQf999BMbg3FfI8ro7HF6Ew6qZTmUqLoXyuwU5YgU9l4g3r
-oMwt9aK6A+4egRxkOrGfK9JAJ2lvMpX6hffIdotLehESjXz6H1SE1/9yI2NGVQrk
-0jgdgyxXu2Ah3EQNapURrfC1V4Jo9CA39NdGk83ExpD9wQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem
new file mode 100644
index 0000000000..1862cf4545
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BF 95 B8 E8 8F 67 D3 65 DD E4 08 43 E1 5E 46 35 4E DB B2 AC 
+    friendlyName: Different Policies Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UEAxMRUG9saWNp
+ZXMgUDIgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBgMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEwMC4G
+A1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QzMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L32QT0g01F68LYjocgXqdQT
+T3dlBxvACUPsrp2+NKeweuoSK2yPKvs/QN4Ce4ox41QANy0KredM+kotXEl38eDC
+PTdSueu4Aib8XwXqNN47H0jXb3GXebDzdSdJRbrkLvV4hNYaf/PVWxtKdL/W4R7Y
+zWCisxXow4MIXFcGS29ZGcx4yReMxwZ1UCbk0Vg7lfxIIsM0AJ7mCKXWKpGAYxrl
+nAOjI1fvdD/NdEncadoeBL/Nv0wa9MA1k+EumSoPggSSZEmQJICZOJMeEiI12Lqv
+oOgbPaCkDIlpnRzk06h8D2JC1LxIxoX56lSkzQKLBBtS0X4Y0LNOqjHUr0KZYwID
+AQABo2swaTAfBgNVHSMEGDAWgBRePIRznjBwcnGYroE2GdsiDnyvAzAdBgNVHQ4E
+FgQUWCD2nzAOZgQ9p8fRaOygrwpU7vYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAZKkhGrleiJkNwbr5
+/sNaPHcU8EvmcsUyyxHIUoQmXOcVDAFiUxs0TVTDoopeTMD6Mw/H2HXX1EOz41dI
+MiHRWAZGKl9v1Y0t67D5aNoZly9QZxm7hkZ7O9SdC2pdE3y9xyQK4cTIafEedLLh
+2+qOIFhB8GZlU+drtdCV9SVK+1R2vcurVkTHYeOeK7Clisfo4vEdhqFNnxKtnIvu
++LXurxBQvol14NuLoOTPvysuR+K9oNogoAUZMbpy76fkDO4usRkrE3+cJb3kx/pd
+W1BlJ95+daVa30HVXq+jD1VwFyoX9wonijkfjgmk/nWBxjgeVxk/xwAdvF0qI8CH
+Ggqn5g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BF 95 B8 E8 8F 67 D3 65 DD E4 08 43 E1 5E 46 35 4E DB B2 AC 
+    friendlyName: Different Policies Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,57D8FF98C92B6676
+
+1JVtB1HPXYvncvcKeUmtRWpZQ9fnqS4ea22mgzVZpRjqq3EuU8O2cfb0gi+ZnaUg
+sWjSUaK9nEnEnxTCHrfr7+IQAG6DcdwOYv0nH4udLEQbj2avZ0hn2XI2UGalEp3q
+vquIqtI7SLVF8U2vYc2e8XXJ6lsKv2CR+5z9mP4uL2KnwhXYz94sD3K7r9ForKo/
+TBl5lfXK5rGoYRV2PbtyX/YnACsIlj/RuCCxiTqZIxUJ0Ic4F9APYLd6yrNhe0PX
+2jahWnYkJUaAk1fn1x9X+rQiC732WvEXPcWgM644i+6u1qRGNNMmCw/kRCxXFN2E
+gLWeRpeNZYxiqzcQlDD1N61FwmRDIomCtPvMVvhhYB0N8JKyMMpSz8qEU3Q5bStG
+KYUvOsyt0dulrA9cWqSB5sLGeSIaqvVwE8BrP26m2T6D3E6BvlbD9dPpFhnAFnmI
+mrHU0nWV1x9DEEACBTVVohQ7f+235UUjXjt93aTxVaKqWv9yr6M9NozKTukoxAQI
+6rcyBwwIBpTeQwOGcb9PcROWmN7xoUqahxerxN1Ti6ePcOlXAe1RAiMV9WRrJudj
+OnQzcFHXCZ2qzYDcr1dIDPqnsLF5N6pHvMFvkYSXKd9eWT+BfOrrvCHiMGJQgsBf
+NfLBBgdomEoCwarvjt8fW6p38HZ0EpUbKtb9e+Zv+bY3W2je4t301w1zqlLbV7hT
+gmd/P/opiILDj0pg4cUmJH6IFxmeSQ2jPb7TV4uUhaJWTWaTb67FUKvijT6QGMZC
+uYxIG5dw8caYb9hlYzwI6Uy6PO609Y387QZTpi1ZdVyH392s9YdC1I4eYkYCbF5s
+pYKxCP9CFtstwe9FNnDrt8UIF2rEzlurLAgo9lUP8RTqOPKpt5jY2TZn3t9Zw//c
+LfTvOCFw1KDRhJyCjhXg1XCqxCF2JzGd+YLhoNA0feZAWdif1lvHNoHCy1ypP1V6
+ErsMpQAz4KD3k0gpVbIZYdj4nrPpSc8hRWKMSHmihanPG6VKETm4wuzL+FY6jtPa
+bSZ79R1ckie+TpCV3EEQhUkFOtFG7qWDk8Ypo0XqeN19YVo9JS5ACBpBOxkRTRZc
+8pr2CqWEEGQr4aUBe1ba4JkKV/AWOyGiVoFETO5efL0UF2JNEQgDqyEwHhfX34it
+CZrowX/1TjAYV/Jq5KrlP6PIWmKaDKge2iUJ9ED1IJdtM3LFqCTeHsi1xbnNdcHl
+h3oJAPKT+dC6+2CdZHuzPJCDXr0JHGsT/Hw0b9UlhkYRpWEYlh1owfUAeZYFz6AN
+7BkOwU/Bv1my8OmgwTu6v7X08+9kjmhG62x0c8Mj4iXy1/kIn2Wbp00pceXkwWqr
+ZTtMoVHkd0JfuSXxjAyPfUdTy6z8fPWT6SpKTLRG8B2PSKw+BpHlVkf1QxzzLgmI
+SA9VX3tfrBJ3DySTdC6AH1dVElLeIz5+Gopts7+tK7H9PQYp+6vhjO7W7r/9ePSy
+wM3SWtnLS7pm9qeNJSgRzuDa9pPue+EKlJnjypzB+Xhq8w9QROKe56oHFAQOSk4U
+NUkVhKDzT0o9vuVFbgIPKosfWYbMuB/NwfP+8miY9wqyXjOd2S6tqQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem
deleted file mode 100644
index 42c902dac2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Good subCA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0Ew
-HhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBbMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNVBAMTJ0RpZmZlcmVudCBQ
-b2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAo97r9TnN6B3H+x4fSXruIfEelkjmA4Ti1Q93FP3Op0Pfk8ybf7W8
-/meQsMFMMXAVrZ+pwfLj3YvzTspivZUbJGWA4o7r2DwkVkuXr6Rv2n3OhPlCwljb
-TAFxb5S3wOOJ53FHJw33R19R8d3B0CpxKxLK1oXQVOOu0t3UKizFJakCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUfFxpfJ3IVbEiBSlD+8R7j+rquH0wHQYDVR0OBBYEFOIy
-WsL+F3ByhN7vnBDlbJNEkZS3MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAVoBWMI/tY2C3bNKXPdDQHwOq
-+JplKCmu37pLQlMNSVP8yssW5khRqkKYi48Jz7b21NKFN3w3/0MuV2AxjEA6ROZX
-MBwaIKyeHMRCRDJndHYU3CkOvex/eDDnLXvNxTXuda755S3qZUbhNKRZnLv1iDzH
-KN6TmIq39yQReXlNoNo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA+MQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPPDgvwjnBtonTcZM5RPe+FqtX3glBmw
-zdb+WOm6gKoAp5euYnW2UZOOjSztJyTUKsmnK3qhKgntDjO8z/ito6Pz0Uo7zoby
-wftFeKr76K0iBIp0t2DJQ4khnA8KjIB7LJp5CKIT1rhPdrLhPbc/r+LcUTZrAfRt
-ZcQkxbznhxZxAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz
-35oVlMcwHQYDVR0OBBYEFHxcaXydyFWxIgUpQ/vEe4/q6rh9MA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAM
-BgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAI8yIYi19lr+NUCxlq3CXkpZ
-TAgRtU0pqH1VbEootkv0o7apbF2cC8SHB0UDiih/yqZjqw3kHtpbBaf75KHxqoQ4
-PKqoZXt3K4rjiQooU+2cyC+mxI3uegcFjQ444R10jXwv5EqNQ4joXhz5hocJA/PF
-JGFA0gkGm2pMEBR567ka
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7C:5C:69:7C:9D:C8:55:B1:22:05:29:43:FB:C4:7B:8F:EA:EA:B8:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a1:14:35:58:41:58:4a:93:ea:8a:e7:cc:c1:be:02:22:8c:9a:
-        21:32:d6:a9:bf:1d:df:7d:60:8c:ba:f2:8c:01:a9:38:a4:94:
-        8a:6d:69:46:e5:ac:63:48:17:e5:c9:c0:de:df:13:73:c6:ec:
-        3f:b7:ed:61:a2:6c:42:d8:cf:7a:ff:3b:35:41:8a:04:c8:fe:
-        85:37:b8:7d:dc:a0:05:35:ba:e0:bb:39:c8:be:2a:79:57:82:
-        db:f1:da:21:e0:c6:54:2b:37:2a:e1:0d:82:aa:2f:47:ab:15:
-        fc:30:11:dd:52:ba:93:cf:bc:46:39:a7:94:29:7d:e0:2a:5c:
-        d4:ce
------BEGIN X509 CRL-----
-MIIBNzCBoQIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EXDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHxcaXydyFWx
-IgUpQ/vEe4/q6rh9MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAKEUNVhB
-WEqT6ornzMG+AiKMmiEy1qm/Hd99YIy68owBqTiklIptaUblrGNIF+XJwN7fE3PG
-7D+37WGibELYz3r/OzVBigTI/oU3uH3coAU1uuC7Oci+KnlXgtvx2iHgxlQrNyrh
-DYKqL0erFfwwEd1SupPPvEY5p5QpfeAqXNTO
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem
new file mode 100644
index 0000000000..c03b2ee55f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E7 47 03 92 87 C2 13 AA D2 64 83 7F E3 21 B5 CE 86 91 D5 66 
+    friendlyName: Different Policies Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTETMBEGA1UEAxMKR29vZCBz
+dWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGAxCzAJBgNVBAYT
+AlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTAwLgYDVQQDEydE
+aWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxty81j9zfbcl+YtNeRrNlpCRHCO1tJ7MZ
+0EjEu8j64WkbvrzcPfxHeYAyzwduXLOORu3FJar1wJ+ZTJ4ay4ONqvTiOnnw/tLx
+KFI3aQSu4SWDl/F16bL6cfelY+B+tc2J7QoMMNQLvNGShnaefeqtS2xNQeCB8Zjk
+quY9lsQlmafVfOPxKtJA9EjnokOU9+mfnhh/ngbr24NKkT1uuRQ0Tg6sWoa7QB0V
+S+gGV6CNGEB7pJo58cCEOu7Tsxjd3q4bhazCXf4BQCtsF/MtkyFXfdkL2D+WzYzu
+XoEyQL/o/2SM4SU13PfhtrF0StEnRbvlNF5Hefxhd8SLPFRjf9uXAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFDIHLJ50XS1dKbuxeo07FVK0fUJ4MB0GA1UdDgQWBBSxPono
+OMkTA43/Ahv4n1sw3dzLdjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQBiTlDMrFBwu0cpUufJeAXPXKdQ
+ohGYFCCTW2DA/T+PsQHnvRlRizHgt9kIJI6+4lqKAKmw240r1rsVecwDBd/Y++HP
+LGofEWvgA66DjnSOI45C7uJC01fu9Xhc4QJ3FGgDNHncsqFIJs/Bijol94PnPYjZ
+Tf6xUYy4pAU/CMWuc+sox34TZE9KjXgQp7JbjYHRrFWNTyDoFBQKqoechN3tWGH+
+bIRx9Ck8RT6mhkUouR2KP+d8212wOEE/6ctpFCslGXyMt7jZjcuSlYAOcRNQWhkM
+hiRoCMkvqO1yGAHvXCo+kGeHe5flqzQdcmuEknkDmPZx8XEse+XjtR5hI7D3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E7 47 03 92 87 C2 13 AA D2 64 83 7F E3 21 B5 CE 86 91 D5 66 
+    friendlyName: Different Policies Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,78D7FC965498441D
+
+P87XTD3VLVwqhAUwYB4Ulb8Xi35NMdW+5ajmm2za5Pk99uwJ9iXEchDPEG4LRhOp
+sR9q0d7Sn3Z5cs2odT0+a6sun2ijAy4tTC7ZqDJRsW2NPzo4mbUamsLqcS9jLNAM
+8cq/RA2EdTb40bKOgherEPZmwiZYkLrGoYApUCP8uneOGZf2wVifSOSTKxysNELC
+XSlz+sISR5Nj8gfMDVtlZf2k38kUn8GE1YfJItr4ALAva66Vo4ix6YRhQqLRdw8e
+vjGoDG7gXfhQttgqr5pTaMYcrhEH4IRpeB6AIgthKZkrYXHniYL30tiCghHhdtob
+Sjoym+I4TAnZu5PgfuJeAX6xaxRlFJcZtl1/+Of4Z0w5Ap2qXB52yDp2fMzxLkOL
+A5Cu94A9XXJTVU1R54LnF2BPOFYW9pt0eKdQ4RwbxXHIpq5ik5/JVZZQb8FiRxEL
+1Oapr+339WsRdpAHbksFGfhY9IEsS4P4nfPqW08moc1ryM6aNIjr/J4XO23Qmgw1
+WMxH52fg1cR2nHWpw8NmHWGxoNi7rIC0QjUMlTZlLM1ZASWrBwY1xaNgAfO1kj6/
+BTgbHBqXq6bhTBJ8lBaQm21IfCBv4GUKyFzCnAcVtqWJiCiXP99arSyBWIqkh02K
+Hejinsb3zYgYbZrurPcWEr96LQL8hjDlrMSD8Jiw8wQzSpasvMiaexBxG3gQ0MNq
+VIkpNd2QtvdhiK7zRVdkvRv02vu4ELYPNFzCgud+aapH4Zun/QfFKrvSgmX6AoUL
+HOc2ufDHxfj6JcFoT/MvAHM11xcSANhOKB5lb1fPi+8G3BoSfoxf043+aShIPX4p
+d2xTreOmA919uhGS2zuGrvFse2xkiTFHWBXtcpX1qOLCnQ7CDvGkx9NMJpjHMpQn
+MPgcJuxHHQo3l8MdOesfs8gTnX2wTAkEEla6v5sYtGsxUfoFlUoUaElbtBkP5Xul
+imdt75jxlE6AifsZ6mw4a1XGqCU8yvkKCFleuR+6ZntfRQ617j8EAD8G0nxoAbdb
+hmUL1h7q6HxxjxrHcw4SiaeZPkEeKhxkdW1baQ1zi96obw9PGR5BBaCSVS9OQ15T
+4D3lumHaXoqJihul8xapaISU9a97ApOuJiKYsLTPyctV0gSYymlUAFhpZIVKt/vA
+7043fcoElNWwhq+FvHUtRCl+go7lftinYJyaf1mWTRumm45jxtvgsXw7eUc8qqMK
+F7rpOmSSV0jD1eEXAgcLc1l1COL4Vm7Cv+s8CzKXYAFp9HM7PbgzKc+z/frW+RYT
+pEWN+7WyufYPIcbXXtG2pkI/TfqKpPGNlUN/1NOJpssZHxGYUJZaZO8lN9eH8aE8
+ppD3bwrfB2XMY+2Qq0G0ous5pX98fWp8hsQ5BIyqP9/fZTI7PCKUN5toJqJwlvBs
+dY+7QRe9xxSpQCX5XzD+swQHuWtYPvgukpgumg1wgwxBz+GqctFbzNs24zY0NDQ/
+EHMFDdBZalY8uC5NT9j871DeJlnLhK3TNVB0zwtCid8R0fP0tV22oDJ4oyt0biE/
+ChrQlI6SVqRXaWdCjGcp5xEpiGi8aBnWlINayceaLFQ37yoESDMgjNplZCs2zuLP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem
deleted file mode 100644
index bb476975c0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA2
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAy
-IHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNV
-BAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnRGlm
-ZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCwZH5VW/9MO5bUFBrHnWcQmxnLKiqHAu593o6kFZKt
-zkkYkVCA/vu0Wqgk09UeJz2jQPFuJEFYl/VdkkyS3U5TMdJBBcIHMYpmVTeTJSzP
-G+II79/nOVLpVRfuMtKclAU+oCCJb29oiXRaOFzZjzbXuU/NvSXZu24sVctBtFQA
-DQIDAQABo2swaTAfBgNVHSMEGDAWgBRx6y8V7VGl/4VJjHwa9kumm6SUBjAdBgNV
-HQ4EFgQU0BTRTBvIbX1D6I9/J/Wkp7/iGNwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAVgTBnKECQtHJE
-rSdkBjW41mPMbdbsbYgsl00518Qv4kS2bIsmMOB4V6kl48oIlmIql2dgUqb0QgvA
-JFFmwyLWdyUy1Ngv1H4tT2i9htTQAG7Yhx619BHqWCfqCiue49ySUsKOefY3ZYuy
-Ew2nYu2yBbFQuBajQDA+6rT6RjvF+Q==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P2 subCA2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBEjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBGMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1
-YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtLTO6yKdiF3dWPmvdMIU
-ljhMl5k5/mSISipm74fsNPvCJOAfdPJa7ZsmCH2mXZeXa5xOUPG9YzcqgSoj8YEa
-L6h9u4t40L+OyapOZKiYykXi9hoZEzCuilIIu3km9rU0jF/hTntZ5QSdE65fM5qn
-iMQnAPkod5ehi3XASsHZu9cCAwEAAaOBizCBiDAfBgNVHSMEGDAWgBS3LqaCy8LI
-vKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUcesvFe1Rpf+FSYx8GvZLppuklAYwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8E
-BTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEApvxtR+QrmkV9
-u+IYUO9+MXgIGn7U3aab9pnQfxH2Dqkx2uPGGYsw3+Md7m0+Y29god0WgGwgrmlS
-9VnFhuDw0Sks4ofgjOWCrO0gK10fO2AHzYMwxcbsaqrIPS0dIkUflnnB6vUPoz1t
-0/y853VkBY8fwZC5lSrXe1j/wkrITt4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:EB:2F:15:ED:51:A5:FF:85:49:8C:7C:1A:F6:4B:A6:9B:A4:94:06
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0f:c9:61:2b:d8:db:62:52:36:67:85:d2:bf:79:00:4e:44:4c:
-        3b:2e:a1:0f:58:1d:06:1d:47:bb:2d:b2:3f:62:d5:9c:7d:da:
-        bd:34:86:5d:44:f2:ec:42:d8:cb:37:16:8d:87:d7:73:3b:d1:
-        82:e3:e9:2c:d6:db:6f:f5:f3:db:d4:11:bf:bf:aa:15:10:7a:
-        51:76:d6:56:e5:f6:27:00:54:54:87:14:e8:0f:5a:e1:5b:64:
-        16:53:de:31:1a:69:c2:6b:a5:fe:77:8c:bc:f2:42:d6:ad:84:
-        6a:f5:bb:94:16:c0:12:64:af:4a:2e:68:64:2f:f5:14:5c:b1:
-        c5:cf
------BEGIN X509 CRL-----
-MIIBPzCBqQIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1YkNB
-MhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU
-cesvFe1Rpf+FSYx8GvZLppuklAYwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQAD
-gYEAD8lhK9jbYlI2Z4XSv3kATkRMOy6hD1gdBh1Huy2yP2LVnH3avTSGXUTy7ELY
-yzcWjYfXczvRguPpLNbbb/Xz29QRv7+qFRB6UXbWVuX2JwBUVIcU6A9a4VtkFlPe
-MRppwmul/neMvPJC1q2EavW7lBbAEmSvSi5oZC/1FFyxxc8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem
new file mode 100644
index 0000000000..5b2666edb1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BB 77 D6 04 86 C7 AF 5A 53 52 F6 9C AF 07 E5 C4 57 9E B2 73 
+    friendlyName: Different Policies Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEbMBkGA1UEAxMSUG9saWNp
+ZXMgUDIgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDEL
+MAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAu
+BgNVBAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANc7eW7KCq7KAlGjq9aqVs2M
+lsnXH8C8SqOXRofpJ0M/j53afDE0ILmH4hgoaOVhxyRcpVmcC/72sVP4gSTpAHck
+XHULhlvx5E3tUr+ki6goatM9qKTboJymwV/hmx10idGMNVWT6ejet9ji/J23RiC+
+EQ+TxjIsAF/fWdB74H4zCvPXnxRWy1CitydVL26GH8MnekOcp4njmDmIyVWrAwUF
+geTwAB3xHz6/7iA9C9W95xRCTtHXUHeMAIEdELouBZotgsP725TXCC+pm1tUvbZi
+a0P2LxR9QcMgZCsDfO7t7My49fegLLaZpJqd7V6+b/2JlJeIcNrDmmrNiopd9VkC
+AwEAAaNrMGkwHwYDVR0jBBgwFoAUFyzqA7gHd4E9ZaW/Mx/MetKY/L4wHQYDVR0O
+BBYEFJiUy7I6Fq3xRsRaizIrMbUtUg75MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAB+8jMz17pv82w09
+6pJhu2R2WHjLME/wzJ5dRBzcG8tniwcSXKzravLiOVJPFIHt4K2WGHK5D06E+6yw
+VU4BLu1lvL8jsZwsmdXishdolGNpmZEdOH8X9siOUvtxmApeVnwsyKCEsc41Y4Sr
+itz2siDC2nNtvG+MtVGi4tbGBsAD2+COHFWGSqjc5nBG7RBTxJL9c2JpZ+Ln8udp
+7ccOfxSrF/LgVkdPyHj+6CvO7R57WWjcBIT2UTACl9ERGGxhAIEe0T/odhaU+9P9
++qkb4ZxyYBAuarU8/qRGzk2lAnjv0gfnurCrRCjLwh83uF9dF/eo9SF0N9/6J1bT
+OOZB0Ek=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BB 77 D6 04 86 C7 AF 5A 53 52 F6 9C AF 07 E5 C4 57 9E B2 73 
+    friendlyName: Different Policies Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CBA4E381EE361867
+
+p9Hn+TnHC4Q+ErF33Ril0s0y84bpX+RK9zwxK1s0I/xSEneCjV9TaL7BORl8P6kB
+3+zZKnNR9jb2fqJVG3UWW+UIpjxsDsplIcn+QAbUfU7mzGwsTa3yb7K/0omItCWI
+XJvlbxhytb+zgOOZGg9ES28quIGJtXpAwEx4fLKQuXaMKsnUMFUjPt+KZTCDcsNs
+e4cM9PFk5L1w2JFckYyfe7eW0DTuNsmLH0QQqq/QkspIQXhJYeE1JTNEW9LlV9cT
+ZGTTK2JBWg7ipKX2F1OgXW2OvMKUkdTke1U95FkJh6oGD4kGgwhdtB9EnnbTrc3L
+vvEzvNCeZZaVNazhby2e/+5qPOfxhe4EPPHhtHejZdmt2xwqcRU3JjMF78zab8ro
+m5zIUdKkU0X1YLO2O6QE1yA1Hyy+AvOfT27aU4+nE8hAkZxcp4E0uG5N4IJVRKbW
+MuOWJZgEGSRI31Z5yhhthGbM7B9Su/lS8lKqTv0ZuZvwtjAZIBbLocVvjt47KTY1
+q7MHB0wlrgPUVv4zqbfkp40Mgr892Jow7gHeVTCTSbeF48zg/I2NbrDGaSMkuqee
+X6fpbXPiYMcHMMZWaBXmhqqsBB035JeAIG7cfkcJi5+6IrM3Ttg41klvdJTihrV3
+iEfJLwQcIR62Qa9OGVdanT9oJKoDhkFbO8KjI36Lj5XcJR+SvtJ4WnFI87U2vEY+
+TqL9B9M41wLPh8RPyKWXd4ppqUV5TsGvAakVFUeTlDMET/1smHC544vryJnLTdCH
+2IWJaRjqUi7oUazKvXcgEETQ4sko9F5Hgjf34OVchxUe1QZOOOUfCP4tSTtUG3AJ
+bkSTtAJ5mHviEL115RYwLbJMD5j3y10ynQkmQHQbT/v1/3zBsiUPJ4lq+ELvRSSS
+rYYileo/RTH0kp5hD0tOyJRSLXmWfhpEtccpJZOw6EBFOHs8l0RubK0kvQgCnqn5
+MxZwxP0JnL+amE1MsttK724Uo2bXcf8rInBwsuyhNobHsApli7buerVhSGn7xa7b
+EmO5GZUMEywe5SMKNMyk9L4G6G7in0tW+qrAHRbpid+BpOFmZ7hTs4hGEfDd2gbH
+NP4HuOiMMQz24ckcyPq4fPECCWYyaixxt39TbD0RSgwwQxzRj/V8OyL8+PLN1Eld
+i7ijnvpasIz1Xa1FyrynYjfU0KMRr+Xh2R2iPAR6kZxQu1Y1ORAm7Lhe2aElHiDb
+oNCcoufceGTkXB8uzMYOgH6LrtfQcrjRIZdZyvHlZPlbMsMbKokamAJNtzHuhH0T
+QDkQVtHV4ext11mf1ebSt4wKmTVTiXS79ieVHWAcxVX0OOFOQeKKfrlpY3UNxUF1
+y1rSWp879v9DyiJmy0/pVrtAXf8a4WHoU1btyAQBvFv0LL2Ta7em35ytmpYS8cst
+hUjXbUtMDha08no0jzwFLsX5SZ975ILA26E/qtP7PLcbwezb8B0VKQpsPmbp+/1m
+iyoUQaMdYo2I/lkAHj/MLjXLwZBn5jTYGtLewVNTRSFRze8doZ1JD5G1Extd0bBh
+FjKSe4WmSXZ/EO5M1ADH4JOEUnK045DCYSxPfAhuueIUulKXr8cvLw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem
deleted file mode 100644
index 64913817fc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem
+++ /dev/null
@@ -1,211 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx
-MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT
-G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA3JEcFcmqBaOdX0aQIeLKgr184G8kZkUDCWXFVa8Rl8JEbH8nKumt
-oT+D502p0fAxQ/lu67/+Wz9X+0bAwkuPsCzJ1QCXR2UIRpVr1NxN7Rpz/7c6kzfL
-/DJwrly/lSBnj0R0YirNdtTRRbIo0/YEP7P2B0gorC16aSbZViLod4ECAwEAAaN8
-MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFCOJ
-nPgjYULoGZabFjVqvDC9XoqCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBE
-8ZcL9nvf0LT9xC+cY0M+u5LPMYNxkecfdmiF5H1xmtqQ+pyLB7lUIyeSE0FWSbFS
-HxkKQAkO31yPfR0lvAkmJS8uVhZf7kiMfNhK/iHQA2LE4ubMmgyfbnAidPaVhPJ/
-waAqgUmU3waTfWo4RyKCWsWN6L95KJNO3HkS5l83zg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj
-aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll
-J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2
-tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD
-YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j
-BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL
-fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB
-MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c
-pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0
-r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
------BEGIN CERTIFICATE-----
-MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx
-MjMgc3Vic3ViQ0FQMTJQMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4G
-A1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7BLYQUkQ5JoVVov7G3lnh8JAEwYq
-LMbqpRCqw7cUk5pzpmQsxkZs6/Ucuz/aR9dCCaRZJ+YQ8GZSQ+igOWzOfGwugT2P
-1F9uHaqW5hLEm4nKD0sCR7e+SSsZcVLDu43aKeP9M9W+eIiVgBDqqO/sIiP+H9lA
-XGxBY7aZKR9PbQIDAQABo3wwejAfBgNVHSMEGDAWgBQjiZz4I2FC6BmWmxY1arww
-vV6KgjAdBgNVHQ4EFgQU8kOeHdO942r3cR78izbu/QscRBMwDgYDVR0PAQH/BAQD
-AgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBAB7JKK79k5557tO3m4Z6Ggwb+wna9YjHdiEEmFrP0CbG
-ydKsCOn176W5roPXJfVz4LNWRaQ1VD9hJBRNk7l7hCgrbazLj9TtrU9RrklDu54/
-tyZH3BQrH0znl+dxlEgYdfzhd0XQhMP4AGAlIzZUANHCnmjRKkqikPNXO5bMpnza
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99:
-        d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8:
-        5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38:
-        13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f:
-        c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4:
-        84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70:
-        23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9:
-        57:d2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi
-Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99
-a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6
-pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:23:89:9C:F8:23:61:42:E8:19:96:9B:16:35:6A:BC:30:BD:5E:8A:82
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:53:72:c0:cb:e3:f9:84:7d:49:58:c4:73:96:61:3f:7d:1a:
-        78:47:82:fa:be:2b:9a:55:99:d4:73:ad:49:14:9d:a3:3c:5e:
-        99:66:20:f4:df:d9:c3:d3:03:61:75:0d:18:f6:c4:b8:29:0f:
-        e7:e3:e9:37:f3:0d:e0:74:a0:ef:8e:9f:fa:12:18:20:a2:8a:
-        3a:bb:72:e6:20:4f:2a:2b:7f:22:5d:56:01:e8:fb:76:fd:62:
-        44:16:83:a8:7e:53:4d:6a:4a:0c:94:10:64:85:02:07:1d:d3:
-        28:57:9f:e7:57:65:99:37:99:f4:52:ae:de:5e:4f:5c:e9:08:
-        f2:cc
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi
-c3ViQ0FQMTJQMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUI4mc+CNhQugZlpsWNWq8ML1eioIwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAOFNywMvj+YR9SVjEc5ZhP30aeEeC+r4rmlWZ1HOtSRSdozxe
-mWYg9N/Zw9MDYXUNGPbEuCkP5+PpN/MN4HSg746f+hIYIKKKOrty5iBPKit/Il1W
-Aej7dv1iRBaDqH5TTWpKDJQQZIUCBx3TKFef51dlmTeZ9FKu3l5PXOkI8sw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem
new file mode 100644
index 0000000000..37fd72a219
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E3 C8 85 A5 89 54 F8 7A 74 DA 95 B7 7D 60 D7 81 41 5E 30 A6 
+    friendlyName: Different Policies Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P1
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUG9saWNp
+ZXMgUDEyMyBzdWJzdWJDQVAxMlAxMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMDAuBgNVBAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALX5qIQqd/Uw
+7MRg2gQjHoTe735/Mxlza2yZGICgJIvj2V7auQHGGXTgsFg1rWaJUXJMGGql2z07
+xZa7WLruITA+1kU1BZ87zY4aifFG/WvgItXFhtDB+OT4kSEJZiNWOg8996AwuhcV
+6w8pZ0cm7idgb/gMJ6lbeI5DN04of9ojxKbuq6JzLKLLxLQmha1XC2PqSUHOHiS3
+yfX9hElPnrORJGjnDZ03p/l8eIb/J8s+L9osoqQ363Km837bdxuioYv42D4YHHLy
+lBm9vTuxd7R234qTINJ7jOSg43/0DPg0gO8gMfZ12JRvy+DyP+Askl7RDGMuxTRq
+z8moPGpV1TkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5Bs+RrfmyKnY7dEzfwXh8V0S
+JMIwHQYDVR0OBBYEFJn4esVCw8dzBLgHq2Sp4l01/p9yMA8GA1UdEwEB/wQFMAMB
+Af8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIB9jANBgkq
+hkiG9w0BAQsFAAOCAQEAfzbl1OcrDaD7SGeIH23hl+fmPWKKJhbP6QUM9NRGHVIr
+FaxxdfvL1YJrU5Y4zcqK0O2pYespDfNRJOFJMVAoOzwWrhi4f9lkZIiEaUyIppXP
+mDpI2UQeru/mvOrMvuvd9/FeKi2KtqyxNHCJgj3Z9pdYPUv3pad7cdIILVV3jRbz
+YPS4WguwQhCEEw3ft9D+B2PXMSPhvEBNfAUC0xan6yODR1XjgIihkLuiQe/80Bql
+d5EX0ib/SO9JK/7ybfssFcmxzjas+0geZyg2gDP4H1J1PBoZLw6SXTJ4DO6CIud0
+EhNY3lZQpWUlN7CXlAJiqiQ4tPDto9XZcQJ4S2nHJQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E3 C8 85 A5 89 54 F8 7A 74 DA 95 B7 7D 60 D7 81 41 5E 30 A6 
+    friendlyName: Different Policies Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C81C50A3417BD7AC
+
+35uZCwoHIukL6Eoc7HT9txdqgFWZO7UvF2/K1+AU8WplGZAL/D62oWsT+xlEOrug
+FsGiIH/6GpVkF/8NOB2nlWAVv4F6hkDdzfFRIt4vJJmQlGZnG5YKpMfmm95ZnFre
+TE5l3eGnZyhEUK++4Bfq3GwN3AHMV9QSKSjq+EY3D00yaThjWJw3D8YHvXjSIAFz
+gQq6PY9YjtrTFbTgwYo5C7VscvMEhClQs4awU8lBKzt8SFQJVnrG6c8TrQDCq8T5
+N7jNbraxlX0A68djM1ZtisIOTJ5ZoiamshSBU6RFoxPPo714AcSeAYd8dy/7AzAC
+o9FGqxjQe5vRu7OBDTVvKez9hqVgQhEoXBYFDGq1ztRdbBSPc8osXSOlrh+TZjWf
+BrMBznxsP5I07MNaRteQpfFZVQCyIbaeyMO7u5Vb65RNvl/KBoVrN/mu6ONoWInY
++cJBxeA9T9TJmHkA+X1ljR9ofdiRG6C1TQx3XSy5BS7ABaO5RfJpk3tDokAZLB6k
+GnQGu1qfaERGPhOgmejatEs8YKHbUss4jFTzehteJzC9YTvjnd6azAQ1ig2/i0ki
+9PZ1if7o+LkQ9otIM9PzHK04VMf5kv9OgfYSFOTx3wZXisj6kplBgEFl5owKzNHZ
+uAQd/hdPvZU9Cg2MjOnnQg0N6w6ld9GFyVmBWqStibYxLu7z5XrmGrhy5o4C+zTw
+PUjUxKW15GgG3StbOPD/IEgMPOJYgBMZiIM/9kJ1PfmSCVVc4gsKeqTsLsMDzKMM
+QwgAz5Ay1fsJBefxv46KGnubeVPJ427UcUUOMQIajrP6zdKRkPDY1H10l2SV7Jgh
+MQV3lO032PkT/bj+DyXSUnnj5Lr9T/zvPYMml+Rws+P6HFkq1o3VaMxt2p1hHkLY
+ytjaGOsvwGGhIRom0zFsZx39elkG88hqQS46yjR+sV19k+TozKgWwd34LxYhejE+
+qtMa1tunKwJPk7x8zZZRS9X402ZCuds9/6knwlMBtIiSjW3wLv2wYJxyZoyljZ1o
+jUjLzG89VwbLGigf+MZxBMvCH242Gbt8TeyquMTZgX9soXVxqiItzH+jWpEoq8Dp
+CkNOa8bpxFi2ff2hNmfejFB+qdYEWX6Bha4wvXtazSySwKgQjzZZ2++UHOuH+k+v
+/7M7GutB1ZEzsGIErH0FUPKORFHAFR8bbW0GYz3Lxr264HW1JQL31+WDGMUfiRLG
+iI6uwn5ZoCxfjaQ7NKgjlGQsmplDCEeiOEjQEypYdNE01pv5vhIdF9BOGjFVq+Ud
+wnrLYQqk1v1EucB/sb8IatsHu+eQDS4kIRJBlxiMKSNc0uEVqBDBGnE5QXOb2fKi
+pCw7dkdVjgsl92ZJpAhUOQ1KVNTMQku2hi+cCJXtHes8+DcB6G5saJHrNoZBi85O
+gtJQOVbhTqdLke3/6ZuAt3aJHGhUDosQGKAsM7UFJWJWYau5AfA+oiqwtkwF9PxT
+RIrjwmgEMU1xqxssAGvwQFYOXs5IsA4BZg5fL6aTiJFfRWc9nrsrwod7ddU9dPOx
+TbblMBSQCMWjuLIgYXfYx2FHGjdJ1VZKosl4EG3h4rVdtTxrFkP6jza1fgGyJbkq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem
deleted file mode 100644
index 0468f302f0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 subCAP1
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIICfTCCAeagAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUG9saWNp
-ZXMgUDEyIHN1YkNBUDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKniBOhW
-3+GUH9cLSjfU8TnmUuKC8zu+bx+7Vd8N20wFU83y33ReAvzS9j5mBAT6qqLMg52i
-t5h4ni8MAttxqQivCwZR6U+Mg2KMdHEAbvTp8ya69ZdGzc8StBaJ1OIIRHtRicl2
-Ek85wzHazjfWPtmnO0EaIzJImL3U24pAKDq3AgMBAAGjfDB6MB8GA1UdIwQYMBaA
-FADjZemB1Ia5xx3n8zM5Bl5MEaX5MB0GA1UdDgQWBBRCiBzBeLdD2gCvvd66Q6fl
-tWH/8jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYKVZU12G6lcEkxyRYlMJ
-umN4xtytcDe50I4AFgMJlgCcLvupgFN+5QWwSGtdBpSrN3lDBFTUQ/ZrAL3O4nzA
-HaKM6LaBCQS1//FE6qbi2UvRHfp8RoYUH4hM1nzTb7/Za0wsWTwegcz1uOZ4aLQ5
-M7QKfWfzax6EarTJ4jorUQA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
-issuer=/C=US/O=Test Certificates/CN=Policies P12 subCAP1
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAx
-MiBzdWJDQVAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlQ
-b2xpY2llcyBQMTIgc3Vic3ViQ0FQMVAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCgzy2UzpvEK8JSY1wMRMaoYi/MuP+Hkmtwerm88lsIWe07HlT55nuxjp5/
-vSPZEgCYm+wk0AU87yD2n6OkCJn+oUVbeucGoJSwuTEs7HK0YZq+RyYdzcoZ7Z4Z
-EzNUC2I+vPj01u9NL0XBZLJ7g5h6Au8d3zGEkn6bEPk565LiewIDAQABo3wwejAf
-BgNVHSMEGDAWgBRCiBzBeLdD2gCvvd66Q6fltWH/8jAdBgNVHQ4EFgQUZ+UNjYxs
-KrtVbS3oIqoES3MriCowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAESq+2Cg
-vywkdxLqsugNl7K/+BK8s0yadUr/Q/DZKPALlPRaVW7GzKJ7aCGw1xRiMmkV5Z1Z
-UjSdHXTJetXdNpCfjpVnnrAB9DjkA7RrKI1KTPxhnywtwQNTpD4gceRP6icRwaN6
-7Y/GlL6Fi1LbuHlGF94I9XchvB1mTQ0PF52O
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAx
-MiBzdWJzdWJDQVAxUDIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBb
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNV
-BAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxJrMY6Ju+VhfX1vaWidfiPUdCuUMy5lF
-7s2Vle2r9FOQQ8se76y2jPKssqb3XIIG+VLRlS5GMp8T4t6VgLtE+gqb4mcBuIdV
-KMwJtDrYnfNFML4yyCKSvh51ionton2akkJGnJ2POvQ4z7sLXrKKCKcGTWvbVqej
-BwfkNvwk9KcCAwEAAaN8MHowHwYDVR0jBBgwFoAUZ+UNjYxsKrtVbS3oIqoES3Mr
-iCowHQYDVR0OBBYEFOEf7/tJiP53/PPTMiuw+1ENh3KRMA4GA1UdDwEB/wQEAwIB
-9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkq
-hkiG9w0BAQUFAAOBgQAkAFezJ/Jf3nv9Kuw+VwXEuX91e8e8wClFff+eY0Af+kXl
-fvUJnXN2TOh1iBU8C21WkavgIS9o8grJb3hbDpS03Yodnt/0151BiCMdLQI02sFK
-mHABJwiZZlLj7peF4avVV4Piw4arjXD7Z1bKYlHOZeTHF1hgS/XINAc8IUsfDQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 subCAP1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:42:88:1C:C1:78:B7:43:DA:00:AF:BD:DE:BA:43:A7:E5:B5:61:FF:F2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:85:fb:83:ec:f4:d5:e4:42:27:68:d3:d6:5f:c9:d5:60:4a:
-        fc:33:39:94:ce:d9:28:71:4e:fe:aa:e6:61:05:6b:1c:42:96:
-        56:40:e4:48:e6:96:65:21:17:f2:e6:8e:69:50:6f:44:8f:33:
-        a3:8c:28:e9:f5:85:d6:de:55:bb:03:30:02:eb:bc:49:70:3b:
-        bb:12:c6:f0:8c:8e:d6:5f:3f:30:aa:58:a9:6a:4e:3e:46:a1:
-        f6:76:e7:a8:7d:28:e8:d8:44:32:58:76:88:f0:05:5f:37:27:
-        03:28:e0:b3:88:c3:75:41:50:81:c2:fe:04:22:be:ea:4a:2b:
-        fc:a1
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAxMiBzdWJD
-QVAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRCiBzBeLdD2gCvvd66Q6fltWH/8jAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQA4hfuD7PTV5EInaNPWX8nVYEr8MzmUztkocU7+quZhBWscQpZWQORI5pZl
-IRfy5o5pUG9EjzOjjCjp9YXW3lW7AzAC67xJcDu7EsbwjI7WXz8wqlipak4+RqH2
-dueofSjo2EQyWHaI8AVfNycDKOCziMN1QVCBwv4EIr7qSiv8oQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:67:E5:0D:8D:8C:6C:2A:BB:55:6D:2D:E8:22:AA:04:4B:73:2B:88:2A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        25:a2:e2:75:db:ff:f0:10:9c:e2:59:90:7c:f9:c6:8e:63:cc:
-        d4:d1:19:7e:d4:97:09:0e:ea:09:59:88:13:b4:ec:07:f9:58:
-        7d:fd:87:4e:85:00:16:e2:e4:54:c3:ec:fe:0e:bf:f3:ab:59:
-        af:49:e4:97:ba:c2:df:6e:45:e9:4f:e9:0e:4a:07:41:85:8e:
-        f5:7c:da:c7:21:73:33:37:ff:e1:e0:fc:ae:98:29:f6:04:2d:
-        d1:4b:54:a4:fb:ee:17:ae:4d:73:b9:ff:ca:6e:6d:56:c3:27:
-        d8:d2:b4:d5:9c:c6:3d:40:48:f9:37:8d:2f:22:bb:55:4f:84:
-        07:65
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAxMiBzdWJz
-dWJDQVAxUDIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFGflDY2MbCq7VW0t6CKqBEtzK4gqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACWi4nXb//AQnOJZkHz5xo5jzNTRGX7UlwkO6glZiBO07Af5WH39
-h06FABbi5FTD7P4Ov/OrWa9J5Je6wt9uRelP6Q5KB0GFjvV82schczM3/+Hg/K6Y
-KfYELdFLVKT77heuTXO5/8pubVbDJ9jStNWcxj1ASPk3jS8iu1VPhAdl
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem
new file mode 100644
index 0000000000..768abb6848
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B0 E5 E0 9E 85 E8 D6 CB 4B DC EE DE 28 1C 24 C5 7D 32 B6 7A 
+    friendlyName: Different Policies Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 subsubCAP1P2
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUG9saWNp
+ZXMgUDEyIHN1YnN1YkNBUDFQMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGAxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTAwLgYDVQQDEydEaWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUg
+VGVzdDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBmcAEklgPYV1v
+LOS3HNnWEIU4xixNfJqIAwV8nqXrQx7a0eymXeQ7ijyCkGPTOG+X5SHl7MT1EYun
+ASdRHbAgauU8IMhcG3a9GW6cP1uT04cHpS5WJ9SU71MDPRmLN9YorypgZP3ZxqIm
+Jp4g1KWYqwqegJ26wu+8JpmFFhj79MYGRmbM9TisxgPZP0kyJroYcSrdNJMXOXaU
+bmsJpQwwuzuDn4NtH+nTpaHx7ab2BKyqKYKyxkFLmr84YbD9Hqa9/czLJGF0Tf+u
+IUwenhHylbsWRlHirRA0FqHagTIl1O9+ptNsYcQGtYKE4mqMtRohd3GMgKqJx7IK
+yjG9uSWHAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMelN6fQ+iTlfN/b8l1p2+7K9pnu
+MB0GA1UdDgQWBBQXoW+qF2xTgQ0UHV2q7B8e9Jbn9DAPBgNVHRMBAf8EBTADAQH/
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAOBgNVHQ8BAf8EBAMCAfYwDQYJKoZI
+hvcNAQELBQADggEBAASApMwfhokiI14ONWgsD8Q0fVCOMZAHpFBEFWWsI7FPtyPR
+sLVIdpHCBg1CqlW8hM9EMOa8IGBlN/rfsX/EbWFtOTUD5VNXG7HD9qfexVdddf01
+hqyLKW6IQUZdiGy8ljN2nuLN5kjrv6EaAYbbcrfgkrSiB1dNMvSG0ZCZfALNXAl8
+5ny4g1l6uvzGmb6k3O6F6s1NOMpJuUpHlgZ9Ggd6NZG61vpYDSMHzknfduvzbHhy
+r5A57ceLPfJrCzdGXNhKhtIrq63zfkIFCC8MygAWcySXN3HtxcHu7QTz4M3rVID6
+tVUg+PqT+oteuGr6tqeJpZwM4xZk9VabHaVr4i0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B0 E5 E0 9E 85 E8 D6 CB 4B DC EE DE 28 1C 24 C5 7D 32 B6 7A 
+    friendlyName: Different Policies Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0FB51308505B1026
+
+tYU/hbHcZnDlwz+bcFhFWFNLw8Ha/+9Rg+i9j1SaFMEQAWkj/tBkhoXKd3+8F/IQ
+gIonTU2u3keet25wJueGZnryg8c/tGAcWaZby36qIA6Q2BFK8UYu1NsRKKGMJF+V
+RQ2W0NuHNCfvM8J//9BmFggNtK/IDWa9KgbDstIJW70Q3Y4pJdrgSiiR4+nj0G/4
+oxH+rIy9Wds+8BgacJkwbPSVgzNjFwlxDZHefOeA6kUBcp9G6ZhnoAv0C4IBL2nH
+rIGzuyJuZ4ziU7I2D6ABGdzc0kcLqbP3D4d7iVILh7Bn2P1RWqmnzwHmFO3Obcvm
+e7amM0y2KCQyPqrtCXB+1a5jBsYE/KI4w7Ckp1X4ZylFx8gNgW4OHJHoHBor6nss
+rb+sL8sRviary3nbtUFIjWSHxDaebo7m4nP32dk7k3fd+EKq3FegSCLeUpbhk0+L
+dw/Gn0xWJIgrMcHgYYil+h+VKIJ8zhLY2BmRb1u8uGcGzKh7XkKLP1tBuzxdmwa8
+gLfpBeqT+4GAxFb1CeiTgoBoJSci0taRyNa8+BAtiVfZTf1NgAneqvK0ElpmAu6F
+H3cH1H+Suq+rL0nBDKtY6VwTZsSAigYVky4ZI6lGKUFT+qilK6V0TqTWNfTJ+Cxg
+RqK8jESxzRWWkF7cXe7FCEuUiBIQPjEp4CJiv5pfVfUoFpIF2yWw29MxmlZvb1g2
+xAaY7m6jjXuHovWMzKJfc1bXCW3uq02hTlk5NHcJtnSOYok1tZ+YjmJU1Uv8wKYF
+A3IzGAqUMQUjIxYNQDe3Osy90tqKnqjX9FrwRi58cpdWu4vejPp91mnWuvGvfdBQ
+FIi3m6hUFTCIN8bZXwBswEjCcztjWgPCDBthLST1B2MKgdHHbSQ15L6o8njMvN4j
+zeufk1L5/+RaBPvKtaE5Oa542DdZIMOSx6u9FeZ7PtPqw8bU8JfMqvt9iP1SPvvo
+55OC8Nmxv+liwEgZ6bK3PwBGJDBEutgNvrlh8LC9DxYh3Xp+DTdeZHLljr6FWmWq
+f2gGHh5lP0L2bLLVk8rioiTy/SYaX0ik96cBzAyy4IUMIbfFB8B0zYNyP8YSbDHD
+gnk39nwpDHm7LaT3LL8zg+8nSSAnXdJonjOCV8s1f5At2Gg0JJXx197FlH8S/tIm
+VLe49xTMs4MsXgW7Yn7Pe+obc8P5GkYBaprXW7b3JTpox8AhTJPXcwIXs3CorosN
+yTdDunGLXbSFIUdA/xEzJOfiuOaiBTk7ippGeT+2ZgMVRvaztnH2hcgAjTJ0I3t0
+HYu4Ax1y3w+q+x5viRvDbC2zQF1Mpl041dvwngI0kevx7p/BOdZaslZiAwVm0k8m
+1+KZFkVTxa06uVCOas3LnaxF49NOrLnW0dVLJPVl85ucPpZp5y7wKV9Z2lSNF2m8
+hBbVT7JV+gQjJC9l1CFbtzTNV54XHEsNYptv73/JkdVz5IBOylfrY7QzILF47BYG
+ecmTZqvFuNS0bFSyev5OEL4ZtQoA6Bvnpmq0+prtQ4lbyahCBmXaCaF8xATLbVB6
+wwOMl2DL64fIIAtNzq2tDE5oqWr5T8+9t3jp8jdeMVTn8D7vK11HKg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem
deleted file mode 100644
index 4b2ed859a9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx
-MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT
-G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA/QzSHTVMWeTWiSZ9qa++M+UWF0AfCPT9oTdaLUwN0Tnb845G4Jh5
-Ov5u75dfUmAmvRM1brlhZoYZZa3cBvQP+1YoAOosVY1qy4xX/6OE2zqM45IRhyLd
-VlAJ2WJ96jOpb/HV3vodX2vjDndDMMxKRXd0WIHzbC/aZGzWYXwUvfkCAwEAAaN8
-MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFIvs
-OfOjrm45cGR/aCtNVJAsjgXAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCg
-uNxU4/XUIM6O0+DSr6607Epm4PaQEAnvLsgMdHGHCLXL0mwL/9sNnSXGQg08zVpa
-k5RjmIGMD+UcMJ28kArNA9u3q4QNB5OXZtrhoPTGhBaBtwR3rL2ZEvQxUw67t2wV
-TpBcguqwCt7IIuNbBOoN3Uilox3T4WptJ/A7+zW8oA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj
-aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll
-J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2
-tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD
-YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j
-BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL
-fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB
-MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c
-pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0
-r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAx
-MjMgc3Vic3Vic3ViQ0FQMTJQMlAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowWzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MTAwLgYDVQQDEydEaWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKiBlSODZy8jLC4WxxNVbFCA
-SbxY2A4DLV2OXhCjWmUmHQvZhiXk2p/wQCX/9VMcX7XRH9a3JLM9l6ZSEIGVT6lO
-R55lGOjNfpF8x+pGe/t0yPB/6ntPn5e9ZSNhDJDoYkJHfdplTFu2AZLbaVPlysXL
-AoO69sbnDPVxAjxFX2zLAgMBAAGjazBpMB8GA1UdIwQYMBaAFNMqu/C1V0GVUt3P
-qLuSnOARbnO8MB0GA1UdDgQWBBQg7JO9uU0ScBZcuzznmEWH36QRTzAOBgNVHQ8B
-Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAEeaZ7Bsae+J0lNKAzqJhR4MHfT/5SBBazWGVSwIbpWl02esU9RtrStOTA8d
-zcMp2eLg3KDI+XRsYkxFb+fmJDckIYhGk2g3B9kW1a24k8DetYIqOXtFvleJ55dG
-iROwoCaH8/bW75CMK0alSXqJCAnTq+Pbg5i0nPX0ShJlSjAf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx
-MjMgc3Vic3ViQ0FQMTJQMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFQxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcG
-A1UEAxMgUG9saWNpZXMgUDEyMyBzdWJzdWJzdWJDQVAxMlAyUDEwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMa9AAnNzFuqJqv1OdC4F1PtY4Lqcc+JJQBnnaIi
-roTN/plb6fUL5m/SFbfSZnf/qQbYUkosko2p0cdF5VrblaCvx7vB6l12at9Zskn4
-wKneBrfSJUVDEgSyWm7mY6t1Fla7OSfywUObt1NWEzq3pyWoSKTIQxpMJ3jnYERr
-/wJ9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFIvsOfOjrm45cGR/aCtNVJAsjgXAMB0G
-A1UdDgQWBBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAgk/D/ABBm/yIi8Qk1ISreDz7OgEaqXoqyrQY9uq3nf/Xzlmrktxe
-C7bEDiYGugly0cHFHGProTJppes2ECdcVmrpXoIHSlbP3WucAOsWcyIW9tfH+Xsk
-HAts3bXwDmfI5WEndwM+p6kMKwRsMT8/q8XJ3ZCNgsu34eoKRWhBzlQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99:
-        d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8:
-        5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38:
-        13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f:
-        c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4:
-        84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70:
-        23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9:
-        57:d2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi
-Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99
-a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6
-pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:EC:39:F3:A3:AE:6E:39:70:64:7F:68:2B:4D:54:90:2C:8E:05:C0
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:7c:38:8c:95:0d:e2:8e:c6:fb:4c:43:f5:4f:c6:0f:4b:ec:
-        2e:bb:a1:8b:67:77:3f:7f:55:8a:02:ed:2a:f0:4e:0a:7c:e8:
-        d8:c1:26:37:47:28:ba:e5:47:de:79:74:30:b4:a1:66:8f:bd:
-        8e:7d:9a:4f:37:52:71:ad:c6:50:b1:fb:ce:eb:0b:f0:58:54:
-        a8:22:51:9f:d5:d3:92:06:20:35:f6:e2:4b:8e:7f:a8:12:f8:
-        38:a3:51:fb:cd:92:4b:2d:40:2f:f9:b9:ff:25:4d:f0:7d:9d:
-        20:00:e3:eb:94:24:fe:05:ed:e2:b3:7e:fc:fb:1b:c1:4e:cf:
-        9d:30
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi
-c3ViQ0FQMTJQMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUi+w586OubjlwZH9oK01UkCyOBcAwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAmnw4jJUN4o7G+0xD9U/GD0vsLruhi2d3P39VigLtKvBOCnzo
-2MEmN0couuVH3nl0MLShZo+9jn2aTzdSca3GULH7zusL8FhUqCJRn9XTkgYgNfbi
-S45/qBL4OKNR+82SSy1AL/m5/yVN8H2dIADj65Qk/gXt4rN+/PsbwU7PnTA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D3:2A:BB:F0:B5:57:41:95:52:DD:CF:A8:BB:92:9C:E0:11:6E:73:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        37:cf:8e:70:a0:12:c6:cf:ee:13:28:cd:1d:e3:f8:8c:6b:09:
-        fd:d7:31:1a:c3:2c:77:f5:13:3e:ff:6e:b7:23:0d:4d:33:3f:
-        a1:f4:37:4d:c2:84:0f:6d:2a:25:df:40:f8:25:96:40:7a:fb:
-        59:29:4e:99:c8:8d:63:7b:23:b6:c8:eb:72:70:8e:f3:ca:5a:
-        2a:36:bb:c6:9a:80:45:63:49:c9:9f:68:32:90:84:e4:a6:ca:
-        22:52:d9:99:16:fa:34:93:38:ec:ba:f9:81:0d:26:b9:5b:03:
-        3b:0a:ce:85:43:8e:bd:47:ca:de:50:4b:42:e8:97:91:74:12:
-        ac:5a
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAxMjMgc3Vi
-c3Vic3ViQ0FQMTJQMlAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQA3z45woBLGz+4TKM0d4/iMawn91zEawyx39RM+/263
-Iw1NMz+h9DdNwoQPbSol30D4JZZAevtZKU6ZyI1jeyO2yOtycI7zyloqNrvGmoBF
-Y0nJn2gykITkpsoiUtmZFvo0kzjsuvmBDSa5WwM7Cs6FQ469R8reUEtC6JeRdBKs
-Wg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem
new file mode 100644
index 0000000000..6771c05fc5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 81 22 E6 1F 10 35 F9 D3 8E 1C 0B 35 C9 38 1A BE 5E CA 1B 30 
+    friendlyName: Different Policies Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubsubCAP12P2P1
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgUG9saWNp
+ZXMgUDEyMyBzdWJzdWJzdWJDQVAxMlAyUDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBgMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEwMC4GA1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRp
+ZmljYXRlIFRlc3Q5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvves
+edFLgv8vlu0sxCTplwV97n0bNnx9po9ihH5BWII4NuhB1SG566w+qeo+LxlUDCr7
+SF3lwgxIvo+PaKcNP7SIiFEt++kSyhk8DjX5qKNZjPWDNWDDD6ZJBTLAl9YGlUdY
+knJdMBfjmsCQ0BP66ip203PSnQTCuhLdRN/syXTP5GC7MejAmILFCyIddxBi9wwd
+nDNMKNl4qhwcYdU8gCAB52ERHJ/WFJ9fSGkVWus81ViI5FaWblGC33EgUm8jqFX4
+hlvygwD4Q/9bjVVJefDXXXJ6uStLrY+K6Vf8rwtTLneOo51ZE3QMfkL2VqR9sB1v
+8Yx4HcOez04D3XiIvQIDAQABo2swaTAfBgNVHSMEGDAWgBSJIBeE+6y7CdfeXl6e
+aPY5UB9AiDAdBgNVHQ4EFgQU4wZXd/NUEr4ONS0cVpjBz6mlU+gwDgYDVR0PAQH/
+BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEAO8XGc+e+gxRvjmGI9a7myCl3mhrS9UuU+yid6C6u+C00it+ummR7SeHikTDJ
+j4VGXGpsaIRTPg0O+ddfegXB+WsQ8Rls4dpjUz7RLfMZFVvr7vWBMBDSZjQPYieE
+BYvzK0boQRrTeAchP06/SOl9JHfFuYm/YOqvgofTJaG1SiEULCdC3kqhU6V5rY1w
+oJPvgmBOyw0Cudj4H2zdLlcWqF0wl9Tc+BECqyJe+A4WW1nbrCmS98aHtLOnWlSI
+nAfWDY6emd7hja7EuJdNqWVenkX/mske6yMlH7PNNEhMjeNVQMt9YlLNb+A7i/XP
++W/k74kCn3JDwq9dfLK1kya+xQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 81 22 E6 1F 10 35 F9 D3 8E 1C 0B 35 C9 38 1A BE 5E CA 1B 30 
+    friendlyName: Different Policies Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EA41D9D067E8186F
+
+20aVc5sPdsVTrKZiDEgRPqQDKgU5ItFmVr9RfnxMnSqLAS35g5nTuIpKrpX1n4oi
+rUqa86/MEW//0BFkaw9+N4wTfhbuASR5PulqxwaREjhlcbwQaeGyenJMv/Kk0ZlR
+EvTQl8ATW6Z3zAnfmDB5AEwjy/0uddw1ApYgk8uRh5K1aXYKYW7iBIju0nqu8+Dm
+7lwlVvJXGRf+YUUeMIYHFPAY6OIdLFGPJrIGxmc717a4pGXKRyUw8g0EGAc/wR7+
+ZzJCo1DBMphBXIF9NOYBbOBjQqXW7+Pq9lFfXq7SbVzGCnJnJ3rJm54Pkh+RBosS
+Dhv8WsKHwH4szC2isG8vWiK0ymIDYak6ii1joPmR9kRBjxGRgdfVoluUHdWZ9XcT
+y5w/XULCdiRv0j1rLtGTP/A7th+urJUONHd4S5fh/RQVhGN7MCK54V9pwULHvGz7
+qWSE221o2lAjPW73G0aGESqMTE5w9Hx70GWtdeCO0uBTizf0TVL73Ycfa0+5bGpc
+tT/kNvYT2cxiM9dgSY9fc4v3X77V9AdibgA5/rVS1w+XQpsYVA4OpeOiNoT5+3X9
+cq1eS5U2iceom/uL2lXa+s3WGopFpl31b8zRyd49AMnqFD2OSn7VSy9SXff8nj1Q
+7QdU8d+3seGzEqolAfJuOmPUDAL6C2gx0Fyov9BIFcuTYfsS5XB77uxcdoaMsUSN
+Oq7F0DEHYEi09ZJtxjvsUXMALib12j8v0YhU1oOF6S+XGytBhfzNeZlKFXiiY5o3
+TRyJyldpH3uLn7CC17NoCqC4SEmDxJTHFdItvGNX1YnRz1TGw4wiLKdao+IBytqB
+MV7RzC0PGFVeEkbd5w6NoLdyydT1lYMN6WntX+maf0VPUfDjoEp6qAPctW05Hj/I
+4VjdBpf5AlNHh0heOgEMYhbckyLvfUAEBCCKSAAnxkHIoqF4IcQpYXG1IEQg63KJ
+EeFAX+ea8U0ggzbHMkCWKTFp4FmBbDR9mgggv+eCNWKhmU23yxuBXDIilqRlBA01
+5QbwHLJEyUcznsAuyU1q7EC957Zxu4rFrxVmE59Fh9rRY9WyoCE7unHoqYpP8HFE
+fJw9+xYYgDnyfGad6q0o+RwSXNhvaG2nxMGap48nkHISmONY1um5ikFotyir6sA3
+4p25JKJADhHWFHMvZzReaS749hAlduWfN8Es9vwzuPGxSiimfBeMBblcOC4j7AO7
+iJF6cQXvrR437XxkJ7UbB0zp+6bFXjQuYOtbTP3tEYKuovdGSD76PsqSzcZYdEC5
+6dWvIGO+1ThdJQwrRyKAG19cXdPwPW79ziPeiOrLXPEHwADOVebpfBCGUz0aY/eq
+NDJhwxRBttgQZRojV7DMQt0wVGlW2eFWBHmrxKk08gx3BUcurW7+3Y30esB9kQdn
+/EvI5GTmUaGxhpSAftvlVL5JCw6ro2f5MFr8xtKIgFX5EpVeEDDIF0Mq19kgkTFq
+hKPA9joU4FFX4DR046n0IIonsH+uFig8p0n1TvqEWNX8CO754ppQauoxfr/uysxp
+rgFIGwVhUmzE0iDEnuleLTKZZ/Tmb3Kk7kApVhnAw5EChe1GzSEx/g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..5b4e1a8184
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A AD A2 3C FC C5 21 08 24 A2 27 F2 BF FB F5 69 7E FA DD 72 
+    friendlyName: GeneralizedTime CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=GenerizedTime CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMT
+H0dlbmVyaXplZFRpbWUgQ1JMIG5leHRVcGRhdGUgQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDIYwPTkYLo2i4nGu322ECa0tqWdZ8/nED3T6b9CkeI
+qHuEoNkfyqjF5BUs0WdomqKXQtJ3UB0MOX0E5j0QUBaU/Hlg8/JQw7v1E44AeNFQ
+nAaQIXzIppIPl9DXe1UZebGRW2DzYS5sBhtxqpJ9xsdcK5oAUKETy/SoBNL7k9r9
+d5vdC0Au1b0W++GhavoJvgPDaoiYNZB2Mm8D4Q/KlR6WpWkOK4PVxFpOdteyJOIP
+6Iw17x6g7WKiBg3NhJnKjmACxPjZLJSqSocyFRRGGLiHd5/drpO8zPysx52IklDz
+dYm2VWvGTqPUJYzTGExj3ZJfOReyHnBDr3aOkRT/+503AgMBAAGjfDB6MB8GA1Ud
+IwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBR+KnXvDDbHS+cg
+2X9hSEeOEoMaLDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKpBfr1XfvGm
+jFyTY4aoS/B9PFwiKgDbh0QVQ98D5vH/1kEsz45DwjaIbhiPXQd4pa/y+om6j/Vj
+dNrbxhUTKGsl/HHQN0kUDK8h2HbNEzgaRSiaENVcCef8N8HzoljsF+M1CglctyaP
+j4b2oFcqoJDezN1Bcmvwte0WmQ8zEhIh4gwzhmoMcSlV0cOoZtB66JRou28Z8FeD
+q5ns/Q+C/fOlFv19RuzhLhps9l4LylzzBx72fUdAGzeyvsVxJCG6if/jBG+DB1Ty
+hqKBozIY/MncXochP7Pkkixx43pomL942n5eLmflhJS9g/Yl0tutw7EtjTDmURCa
+TpyqzihsbBQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A AD A2 3C FC C5 21 08 24 A2 27 F2 BF FB F5 69 7E FA DD 72 
+    friendlyName: GeneralizedTime CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82A93BC67947ED12
+
+TwDHTK6R5L4AYOO4XVPJjzV+CvgWSREM7UgQDzniSlI/Ll4jLylVXELbgrbfChDl
+tpVy01j3pzzXAdLLyJlafT/LMOzO6XkC+IBPEtK0OmkTZy74yy9qF1/s0Rcn5y4x
+0OcvUvKiB5BdmNYwsWVIPxIewExuXJXFpiUzAsSKfVQGfrBHI87QvXfLv6ozTlcX
+YeTAF+7yvQjkYYi7ibO9+Tc2VNlUNRsx86EnMjN8osqQYG4cUnpYeYGDhdeTd3nh
+gHXq0cuHYjMr4RWj7ZtDOLAxahDv1qRL6V/mfdWtXuiaMyN8f23s7GI8hDNSsxXA
+PlvE7tiSGlvCZNtRR7rXWo6tkZdvot+yn3XoRE8fwOm7gIAeD2GQDKaGr5B6XWG0
+dXFwZ10kIXeYEMSFOMWf17AT1cXl0JyfFLCpzPXuWPBgeMeuESrOm+f51pgbYMJL
+7iRwAWppAdQXCNcXSaAs4XCHOm89tEFT6uNUVwatzdMpYwWe0lE+W+pImWcH8/rp
+Mcn5j8mL50KDH3nKjLisj4nSu8t/A1mUfspLsz3GymnTsPO7pRhFhl92nQp+GGSK
+kNFCEYkFTk02eJE6XhGVP9+0pdG7tK1aGlnymQkqDTvhYID1dxIGGIg7pb1ZQy2Z
+zc9w9ka/bJsVTxt+v3ey8r6K3oqM7chOkOQOK/7HXHK/NSoejWoT4Wne8GxDIWbY
+ok63wZ2bLxumA2Odg3kzNSB/pvwzhK4GMJ1ETuFsAQJv4zkxUBf1+2P9g2i6OKOD
+P1sY3VjkbuSsRHUC/qxGsM7sMLjDmSKSJYcf/0vnJbAEG1Qo+r1g+wO7nFnRw50m
+/3sRYQtmgjP78ikN2fLedqzJluF/xj44beluU2mCoHsDAd4z5szK2YlHrTf8Wib9
+0Aef1QI7leym+/8meKpkL2HxWb1O4FnUJelmJIxgTT1pMZ9pYn5U2TMNIN+Zt5Yo
+Z1KfZN+4BuUc1v3jsZ/WuRI+zoRer36iCf7OwwvjOE6uX/4UZHVNRX0EhDEf5+Xt
+fVjeT3NE+6Y/E2kYHT7mnHOTL7wNEvL1FRyt2Ii9161VIP4BZTA/pc/1MTuwN6O/
+rCLM4q08VucXxc10fW6y0HfMci1XK3sw7VhQtxEjBlZk4fS8aUPm+QPKvHfn1h8M
+8H21FWaFDzuDPBQutOdjE8SZPejQinPAfYkYWpynBrmio+1gv1F0NBUcjYbSVZwO
+tYMTu8/7tfcT3zhsBblP+g9CGetVxw9eDrRTQF7+K/nCgToPTCg5znHMZ1j8N59X
+GwS/YsGM2DNrW8aldQ5nJxRS+aEGwlcHfqLc1CXv1uHkUxBUMwqm8aoGF2hIGGJ/
+62l06ZzkirqlJtxMxAZ8MOz0v05bqkvggVoafiNQBgZLg/rMO8KNRIYckszQOwLK
+L1UOupVEgPtrQvmjw16yuUbTDk5Q/cBuB4FytxmPD29RiBYVkk3bn8/oum7PRm1V
+TJtWPmsZf9kymTmHZaYarR3G5DgVFM7sdEDGtCUtGHwc3CtToHg6dmMLmU8Ap7bw
+UfjUmU25Ys9rt/j3QTNMfM6hf2tVZyguLPqD4+NIjzfd+MJ7i10eBdZhMd3gpaUa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem
new file mode 100644
index 0000000000..ac9006fab1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6F 49 77 95 33 D5 65 E8 B7 C1 06 25 03 EA B4 14 92 C3 8E 4D 
+    friendlyName: Good CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowQDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEDAOBgNVBAMT
+B0dvb2QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQWJpHYo37
+Xfb7oJSPe+WvfTlzIG21WQ7MyMbGtK/m8mejCzR6c+f/pJhEH/OcDSMsXq8h5kXa
+BGqWK+vSwD/Pzp5OYGptXmGPcthDtAwlrafkGOS4GqIJ8+k9XGKs+vQUXJKsOk47
+RuzD6PZupq4s16xaLVqYbUC26UcY08GpnoLNHJZS/EmXw1ZZ3d4YZjNlpIpWFNHn
+UGmdiGKXUPX/9H0fVjIAaQwjnGAbpgyCumWgzIwPpX+ElFOUr3z7BoVnFKhIXze+
+VmQGSWxZxvWDUN90Ul0tLEpLgk3OVxUB4VUGuf15OJOpgo1xibINPmWt14Vda2N9
+yrNKloJGZNqLAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZ
+XahmMB0GA1UdDgQWBBRYAYQkG7wrUpRKPaUQchRR9a86yTAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADWHlxbmdTXNwBL/llwhQqwnazK7CC2WsXBBqgNPWj7m
+tvQ+aLG8/50Qc2Sun7o2VnwF9D18UUe8Gj3uPUYH+oSI1vDdyKcjmMbKRU4rk0eo
+3UHNDXwqIVc9CQS9smyV+x1HCwL4TTrq+LXLKx/qVij0Yqk+UJfAtrg2jnYKXsCu
+FMBQQnWCGrwa1g1TphRp/RmYHnMynYFmZrXtzFz+U9XEA7C+gPq4kqDI/iVfIT1s
+6lBtdB50lrDVwl2oYfAvW/6sC2se2QleZidUmrziVNP4oEeXINokU6T6p//HM1FG
+QYw2jOvpKcKtWCSAnegEbgsGYzATKjmPJPJ0npHFqzM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6F 49 77 95 33 D5 65 E8 B7 C1 06 25 03 EA B4 14 92 C3 8E 4D 
+    friendlyName: Good CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A56D1AC2450522CA
+
+ie3dH3qeOIyFqScl7j3cb0iu+A+OWH0vEz1BO1dVcqv/APWWvSbNl4zsBoFdeIHn
+SGSDnSskPpBgH0ca25h7xo3jOfxxAVoA7lCGT1fNlFtxCNaztHSP31Dyyn6ZpXY1
+OMSllMqNfH0aateQFl8aE+0TPg8oUq2wS0axrWMU0qQe/TOxuliDTfXskJxp7Jag
+jk8sp5PoZ2qmlO7fhvbWL6jljFdoTYeJGCHGEkc57FpD0gE6PVfJ+hZ9DYwpz//5
+yiONS1IjuY3b5BB53/cZ5WerPNZoHpGmAq4FsrP19IAXz9GdRvTlfNelBh8lwhoU
+T/YLB90JRegpbcFzzVCenD7NvXk/0Tk6qwP6JfED+1755HnknP8M1E26uFZYKFLf
+N7KCKEdZ+cim0EYH5cJyeHk3dD1laBdaxz1bK1n2Vle4Ymps1xpyj1YKAhIjEl3s
+guJg2TRDL2t056AhuXrk6J0qzO8Zj17KVq2RMXKqIGLJqi3ggfin52hL1n1idkoR
+IRj9Oo9TN8/qxt6i7xXr9Hmt4oyrJE1xfoRofwgNNM8N8Ku3Q67g4Ky2iAI6SGgU
+aqPCCPdrEIh+bQyklS6yOCtHb4S477sPr3R7raypUmrD4zqczA8sE56OCnOyW69C
+Y3JKGcfOAL3v3e8YehGmgtpMRitAIDQEIYyvBr+Bup8lNyEF4PZF4zdeuDmuk1ga
+BtPKyz6VxCoK3lLTyuky8SqL/SaAVWpazrZpbMlv8XDUIbZOcRlaAhowyyW9MSKg
+j1jJ4u3zkqUL6nJIUcjqVTKWPJC4f10LcHa63SGYu6IWK6YKbtKKXKOpuOc/HVUt
+3YStOhVdB2OJZvPGqp0xVo9alhjQrHnIQ/CAkfOWt3x5VneHw1cli4PJAzlzs11L
+isLtJTIlPSxCK1BIWH7KbSMUj3TWQYzanvomOiLqNdE+HH8EbusylOUhJilCj9tO
+lcxHwwRu5lhoYvnlDLy9ulocCsPpiNzVyZsI/efRXf1NAcjASVSO8S9KBFw27kqV
+/jKHME01NPM4sFZmbnbcH9HoNk+XBhxNcsEnIhh7CKcf0QH6M2x3eTKyomHwB3G0
+MZxp0TtlgB2ynGsDgnWkSAduKZdDruGauUvj3ykT6ErYkK/nrXPZspRlrYaoFiHt
+n++sACgyrhDY5EyZrx8kiBjvdoTpXvG2jD2tPkj7VO5jYP9kmfwya+VYXI3pm2zp
+qIDgP3Rj8ZwmMuZJbSgwfjEJ2wBGOIAoDWYlVaJ+CRXe5/z6NPSjgOheOATOXZJJ
+3+HCe+8V79k6W+pWlA0lIPYmHvpTZvvGgpEB8DEFqvVCYuxh8TNxUREGi4vzUf0/
+/7T21PeCuTUzUDLMxV3a5C7Y88G2DxiupE3xD5SnQ0Yue51RUurVEGTD4dIuPSR9
+T8luhGHJon1BtsYDHPKRqqO12tIEZCVOHOkPcIVjxuQQtV00/rAFiIN7x4Z/Y7bH
+yqr/dRb+t0l0crgk8GlW5ReLokplkaApD58ypueken9PifDbfehz/yChLA/7SlFY
+8BJC7dF3t6lQSw9BXZmgP5Ukx7Wqqjn4bOBi5WYan7MZxD02Ovnpfg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem
new file mode 100644
index 0000000000..c169547ead
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: CF B2 F3 BA B8 E9 70 C8 5A B2 DA A5 F8 DE 28 23 A2 59 BE 41 
+    friendlyName: Good subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBETANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRMwEQYDVQQDEwpHb29k
+IHN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg6YlsgUI+Jx
+eULQ+eIB+57x/d39rz5zlcqfjzxk95+il+BC1o3VuwtIIxYMSNmi/5GvBuGLtjA0
+/XLCvM9GnONzZhmBUGU6voomA7W/WFZAqi7cDNEEzT9E7oJAoiQBNXPXngmJX8OL
+G9yLMOTolFlLoUvmAoDGryln42gYcYXdJMoWCq+JkAaxs4tVCl+OkAfLRM7yh/IZ
+rhjfeQpMcy01e+Oku2AqdJTQSDjDBrvI21+rB3LnjJvWbpm7NbJL35LmOc/kd2YP
+yFw4vJ0uFdn95lKEuM6HY/PtkJNr36/qwJ0ixntXPCyYLyDSFqaSa+9LGbcJrp6y
+RoCD4hcZOwIDAQABo4GLMIGIMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1
+rzrJMB0GA1UdDgQWBBQyByyedF0tXSm7sXqNOxVStH1CeDAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDAYD
+VR0kBAUwA4ABADANBgkqhkiG9w0BAQsFAAOCAQEAcX2vRsH1O1HQsB/7Jlf+ov4p
+fIwfT5PAvv+p4bo+wWcumPIC1DjUk8xnOQUz3RkhQyqTbE+1OGuA1fjO0VJZ7Yev
+KlO6MHkMYT4N5mge2ZuxMW+35ohZ23DHEHGk174QY6V8l4ICau2s1/SRajFqfRmY
+3s8gZFo0UBX0KIcmXSu0YHfaHWXnq7bs8kCODW0qMQnlpsUtbwdlPn5jt1kbMnRk
+rKzjruehXGm7gXC2QlHgH/MfJgpawne/n0DwPBVMs/KVuR/HRadunSuGf5Vy/rm6
+kZ8Lnu8+sk3pfWXdwEK2tWArcVUv3wh6jROOasEQC1Ah3H0iXv/ETCv3BnBHFQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CF B2 F3 BA B8 E9 70 C8 5A B2 DA A5 F8 DE 28 23 A2 59 BE 41 
+    friendlyName: Good subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C57A135D4BC7FE7
+
+MudOD7QTH7R0S0CeaqyAAHnkZQhrmWUqA+ZRYQLsN48JP/xaCrJ0yn8dcKpPxCr/
+Qv9TCnMStiRu4wRBqVSx1yIrIkEnWNFEXntzRM2+I486+kpXO038R9tg0U8Is9hl
+A++U5DM5+W07bhlJ5BRbwmBSXhqIqWozjOclAw4bTpkQEiiJFBgwo7ZBxZW0pDWq
+cldBvQvswXPkn42XBNKKebz+cAQENWqGUuz8GEx59UjUVg5Bj6GFknUSc6q41pdF
+dQw5acMtkHQwY7kvMBiy26Upx/vuZwlkPZxdf4C8jBwg9r/dCtHcQRhjZV70fiax
+SAwZbPwmf9cMweSrKPZ1WmG1fTqKW9zPd+tEsPTQTeri2zS70s6EsqwIYIZIifGI
+P1mS+LZ9cUXHfaQT9R9WjLM+mPZjzSkeEltx/30e9L2/UvE6/cYXYeTiKmusxD8b
+nb1ZQGhoqf3efij0+pfvCp709156LGyLe/g6Xg5SgpijQfTQkFfuXtk8cyHpa4/n
+9/JDAClHTa4sRo3uii30Y0Gvcu2bzG5McPmhjRQiIsHrEKq8M3f2h8VMeAktEwiO
+cc9FQy4ODUlO3TQ5CwUsTSBUhF/SvHP3e0jMpgEj+l88bxIyfVLz5grnbwTm3BHA
+4sjm4cCCae/OdRb6kqtyrKdFXRaiAfTX9d6gdJwrQPsaeW9bjeMJDHviMkwJ13Jx
+YBeaU9VOi/sf0vxgnWDndRcLQzKwDeGwH+LlNIur94QcKv98X4wpFJ9CrpDpap0W
+wHnWit/2dNWkbL8GeAsCnLhx5blaPY/TvAxnuUKgZ9o97MEUf2gBDhg/buHA8YGi
+c9eg5XWtwrfny7/HWRYtdnrG0eqY1uhBKeFCNz7sG5IY6vT0RHadOlTFzmFAmHp7
+8UG01hUHnMZKFPVTb19PQw8ZgmjmnIAhhwXvrVjddFtqqOjIkIg/Vfzyjl6aE4UN
+jPzc8j24p78EYqo+6gqT73Mci4x3wSjlYNQRVCKDMOQ6fhWV/TRe6jEpykRLdTJb
+B9oeRIbwIH90VcbTarhW5MqRSgpPi8dNc5XkrYlqXzJjghQGEnnjbHYYUvJkbNfk
+08XVP1SIDk212veafCGou78BzCUM1NXyQwy9zcKlb02/F7KYItaPQ99oyKxOk0h3
+/1iNUdesBBKfyowG6BOpD/aknUxVJVehKutmDTirbEMcIBWyu/7ehp7J1+GhmtTC
+CxhgoWtqozHDTf+O0ZHk9cYb0/SzveAvziJOuKzAP0cEW4+VWD+JSj6E/B5h0AGl
+Fr6ROjVTNFDZRdAPGisW79klZZuiqllWgwLTVOnSuFrwn+BHsYk9XuYBWBTXxDfN
+424SLBEHpWNcad8syLz5bpx9EOLrE2llWwXlYc/3DjN+bOFzkRrapZwHtUKjLIZ+
+Q0HF/rwYTaC5HiFuznGj98yhFlZ6r7pMSZtSs6e4ZDWe26B6WiGkFw3PIOXzwKNM
+4NrG6c1x8ERwKA1tI7bn+OGhthjj9oHVFBGnIesR/F86iU4pq9kLlcNTTf9IVSFh
+h3fgE5MREQNeJ2VxNmoNwEc/qYBfejVGA/fLsi85FJoJ39JTqbpAQTDo2o+1fn0a
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..a06c938cbc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 8B 5F BB 21 90 3F 65 D3 30 D6 81 F7 76 B1 A6 AC 31 5D 51 42 
+    friendlyName: Good subCA PanyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDxDCCAqygAwIBAgIBFjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFsxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSswKQYDVQQDEyJHb29k
+IHN1YkNBIFBhbnlQb2xpY3kgTWFwcGluZyAxdG8yMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAyHIxLkjNU7QX3AYrkULGwUqy03uLcvbUEHQInt9Bp/Pg
+XVX+CqX7DX4nF+BumfO3NZ1vgPO7fYrpw2igH+2wgB/eebl5xHhGzurjNNKJf1Rj
+ikk0VDg7HVHpEoFZO+LQj+GVNj42mkrjEF9zhk8Gz1+K7I+MsdNN4qqJsavkO99s
+ZKh8tuleFRUakUSdMDA8LrJbQgsfvVgrO2/AYiIwPiLbSRDqhNse3Hg4/+c9rQ5f
+AxUBaW6j5gyNDbo3x9Zv4frFmtKqutRSzCHTfPXPsPduRozkQ9klYGOw2BDxiWfj
+QTJYTESOFXwamS5hui8Y8J4Vunngk6WFtse3+VSTQQIDAQABo4GtMIGqMB8GA1Ud
+IwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBRbc3mZ464G04qm
+M04UeOSgHbHkyTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNV
+HSQEBTADgAEAMBEGA1UdIAQKMAgwBgYEVR0gADAmBgNVHSEBAf8EHDAaMBgGCmCG
+SAFlAwIBMAEGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBACIjsluMNLOx
+owudQB61hn4d2AhLpSGzbgqU0PE7p/666w49TrJ66XGuIq0c+z/Xtl8mdGQ/lz2Q
+CZqGNX0rb5NdjMV1MNJtEaiied89eI9sLBwbvu0cFAXeW6EYjyRCaQwh8/kn3K/b
+Wvr1Tnj9SmBfyGaPoTZDpQ60rE2mrDL0CbKGnp4H/jIYtHnItuRe+ETOvkSiF0qG
+X382kqIBHKji6xTF7HNHQr+C86OzdU0hffbCf38gt3LwUYn8MOKdInt1UEmKwG8W
+1kqf3Y/IaGhhfBNEN8yNaJFNr+Bjj0blSkuqtt53jxHjXrZ9NPVmE6A7IAIx8av/
+u7BUc8H7ALE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8B 5F BB 21 90 3F 65 D3 30 D6 81 F7 76 B1 A6 AC 31 5D 51 42 
+    friendlyName: Good subCA PanyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C5018292BD2605F
+
+M3Ol5bfO74yfUMcETlL+y/qZXK6sPzgX7ae0iWbHucn1l9UGwfDbdq9GMhjdXoeH
+LcZhgBNNhQ9uqABdmHnULn/0oot9BntYDLtj5j2TAK1a8HHf0sAhNuugpEcSuN1Q
+m6ewmF2HKpFBE0QIxn52GOussAQkwqQ1TFpCBK39E3pUf23U1KZxtZnTWMuIxX6q
+TwrjKb20AAzLIkja0dlFluQzQyRLDbUo17yXjoiYMzqUtbQekvNcxThtH6xnAsjv
+ItIRWOiSmoMoNwTHMuuhhKOacYpHpdofbfxeLphvXRBGnwGuG6r4+mepxDTKUa7D
+DiFLRT95vPfGCd7SiOEK8IadIjIMDEPLoW1eTVKMgESCxaULDM9O1X/qLq/17wDD
++a+9/+jOhfypJ+tb0qVlfRY/uzrwsYqepKcg5OwhWRc/c9moSv6GNbDrA5QJRV/r
+I0sQ0KzK8AkapeQXDhkM5Bmr21HVtaQtTSozf5xIhninpRSIQMfxDPHRqgKgP9xH
+tqG8bBFSygzlmHR7U9YBvm5G0tNXhyIyumEMj3ljpJqbxe08+feIiZqv17HwEhVE
+/N+J1Ou+dk5p3CwUH0Zs61NY3W90TwVut7L0nF30VaGg4FHFKmUNZIZR4zxcgBec
+Wyich+jHlowm91DQeazmTec6EJKCyPlLGOP6p0ez2qX3+Qnu4zrFBmFkpqYdpbOp
+maCnsvzrYn3J5gC0yp7UhPFduDLi7oSFlNQs6GYVKjGjVhghx+un2mb+SwPboC1f
+6ok3Y5q3POY2WL/ox4qzToppMjulYiXJwCPv1IqxJGc4xyOplJfJSvCjJOg1StT+
+8+MjWcBMrjnWDB7YO/ZXFfnecQVlskbFG2u3TCjpMMdkyIZTTBgUZAm1dy3TJM1x
+EczaWDipUsgrs9p6Ip9UHwytclLk3Sl2Xf/V260myoWj6Nfv8QpXOzYH4lID3kp9
+tMw8wXUpZDXQAB6VvyAgrJX6s/9jCGDZn6WXvahaRN7eEyvMT1AbTgKmPzbjZOO9
+/JR3dIpAdeUHjfhrfec+x3qo3JZFKWn+2M2z8TQfng6jTs+o9+Tzh3xsclAO8lB8
+08T/Mp84hSZJ2sYHpLFi9qpmQCdMOJ209FIoP/q6yqlivU2ZEcWdoWIzuNw4s+6R
+29KQ8+nDm89nlsBR1jgJUJO6nX2IiLjQSr9TEUdcpTwvlKGz6lkr+WuvyfzgV4fm
+5sBczXMHmudkV14TWfHEUH2wb5TzLk+6EbFLb20y7knwu7TIaw9TAtXA6wgsFCkg
+1tcXzWnt70cZHOOVWHc3V3mlUx6lmWgakLwS8NaQp5MpqLucS+YuZAbyBvKjWOW2
+IEQyuKKRC9iNCWzg6D1MvBF9A0bZ6iIu4mNj6NhMEul5/dmTKQSy5pCo6mv36kYx
+NWaZsie3Dwqk63op5VPBoz9xkGzTcUDPr3kqQ/kwZPMsdx6+aasyWY6w9f511dDr
+ml08wn/zF72P00Go2Jl7PCdwJIeK0Ggu+4nMJSrTp8jn2wKt6NREjY1tA/C/8MCu
+ivdfNGnhMjBwfkO4nodwc2+tyIikYP1+LCXHGgsxCbB4T6KNsNmyGpgKOGuuvkyn
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem
deleted file mode 100644
index f8cfbfdebc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWQmFkIENSTCBJ
-c3N1ZXIgTmFtZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8VTZxnGg
-pV60/E3F2RBR9N0VgI/w8ZdVENnRoqcpmY276I2t0UaRM95qNori4u/6Rb6RI6Jy
-BL5dPaJuS4hoVphnqLjMMF+huDF61ov49vcOtMo9Qw7NJYgeoINC4KcUrxvn5O33
-IjvyvGkMbrzczslZh1IaGrquWlS9DQDv3jECAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMg02+C1YxZR0VCkMtLFWfhD
-jOBnMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCYg+l+IX369jmWSOMWB2Gw
-tuancmzEylYvy1g4di3sVNNOTRaST6hG6M0QkyVJDpr5wYwDCAu1me4CkJlaRHT9
-RZB8rW2LK9ydBJG5peFQa8QPQv9phrb4Hc7/2xjr0Eq6sUAQOBsCL09IY5pi2jxH
-o4m0vETRDlhl/Lqsc3dLTQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Issuer Name EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFkJhZCBDUkwgSXNz
-dWVyIE5hbWUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBkMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOTA3BgNVBAMT
-MEludmFsaWQgQmFkIENSTCBJc3N1ZXIgTmFtZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmWwjDb3FCLH56CnXApSXwVHB
-KUEdYLsDL5afA0uwYq3CutM9nFTfpI4wfWoh8z8rbcyzMhNU/b90XnkcJeUlLe4R
-GVC87g/Oh67ONY431E5nS0t2mU3gA5A+QJwCJ5GgkoRJy4aZS7IhIVayya97aITa
-eeInMge1hpOIbhG4RWMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUyDTb4LVjFlHRUKQy
-0sVZ+EOM4GcwHQYDVR0OBBYEFLIo4xfziwpQ8zkzEpaYHC7RAmffMA4GA1UdDwEB
-/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD
-gYEAYRbr0XdXa3sve8krgu8sJ/Dj90/LJexPg4kRViyO7965tP3sBCNUAIO1Q8QW
-n27WeL4IjVXDSrspE/72yM2b8MNWJ4phd+PJMkQb+ioBbC8qPrNvnesSKPbqNcDR
-qLz/G2oPMHBWA5zuzG1O2ecxU1MLUV3tY4QxY1oNRuMunPo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Incorrect CRL Issuer Name
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C8:34:DB:E0:B5:63:16:51:D1:50:A4:32:D2:C5:59:F8:43:8C:E0:67
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:95:96:bc:9d:a1:bc:e9:8b:10:db:0c:3a:19:c0:f6:b3:bc:
-        a0:15:ef:97:6c:c5:83:6b:e6:ee:c3:8b:fa:54:c7:86:7b:ba:
-        e8:73:c0:9d:d6:e5:1a:90:74:4c:8c:71:bf:ce:81:e7:36:df:
-        95:4a:d8:6a:71:e6:16:6a:20:ab:9b:7b:de:eb:c6:ec:2e:83:
-        e9:0d:61:4f:62:df:3b:5f:02:28:98:01:04:5b:d7:19:18:1a:
-        f9:18:63:83:62:2f:de:0b:9f:a8:5a:d4:8b:91:5b:94:cf:bf:
-        44:d8:18:71:89:fd:99:14:c9:92:7a:a0:6b:ed:15:13:5d:37:
-        91:fd
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGUluY29ycmVjdCBDUkwgSXNz
-dWVyIE5hbWUXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFMg02+C1YxZR0VCkMtLFWfhDjOBnMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACqVlrydobzpixDbDDoZwPazvKAV75dsxYNr5u7Di/pUx4Z7uuhz
-wJ3W5RqQdEyMcb/Ogec235VK2Gpx5hZqIKube97rxuwug+kNYU9i3ztfAiiYAQRb
-1xkYGvkYY4NiL94Ln6ha1IuRW5TPv0TYGHGJ/ZkUyZJ6oGvtFRNdN5H9
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem
new file mode 100644
index 0000000000..c3d5661683
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 83 38 B9 B1 1E 8B 1A B1 01 EC 85 06 77 73 50 80 9E 77 8D 72 
+    friendlyName: Invalid Bad CRL Issuer Name Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Bad CRL Issuer Name EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Bad CRL Issuer Name CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWQmFkIENS
+TCBJc3N1ZXIgTmFtZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTkwNwYDVQQDEzBJbnZhbGlkIEJhZCBDUkwgSXNzdWVyIE5hbWUgRUUgQ2VydGlm
+aWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbUQc/
+aDfzozsGi/PMBuOvwbdh4u/eGd5PwWOqPgwARtSrxA+gRKdsLq/Gh9ySRhABGV+h
+92N/B4xPnilGJJt2SUULOZz65G2Jb8yUZrO2RSLXcGSzExmQL58GC8jQ13rPveDn
+tChy8oiRh1Q+Qswy1dIP/iya8fhceDjt6YhP35Du/CzDaPIEdxlMYfnsiM5PZukl
+Yc/0+bg/T59xvjypk1oAOxVdGngaXEpkpwDyKoTdXMATrWWIIoA+NgmsJfTRlwes
+l/Mzy2pJxRRql9tW8yteW78ddNBIMHeSfJkqcwJ9y3rdW6CC4qE2ih+5O119FMTU
+hlkdv0bKseMyrb8zAgMBAAGjazBpMB8GA1UdIwQYMBaAFBFy8jVdBNUOSiAHB0Eo
+/ZRwABxxMB0GA1UdDgQWBBTJMGp5bfvpKIG6aOzEVAK6YN1WYzAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQCNUhve7sX9MgDZzE0LREXi85Qx+HDApJzt7BZ0n7jjN+mKBR7z3mGqfvIWd+nd
+yEtDj2G5+PEd59nPp/tlNGwcKHuD2ht/83jX2tjrNZE1XizGyPS6m7vI07OiVhNi
+8CODBlCX5jimwwqH6i+2WNFI/3xQZwqjx//q5izI9TMryIDbX8mwWGYtDd9O04u5
+3Ey1oZdm7fxE9QJ5Hsg3zOGHKNVr0JFlIHx2yaub9F4CUEHVx56rAdY/13v89iUD
+yD3KEZHOxuGRLD1nKvK4rU7vEmYOXRF1z2iobzxA9VbBuybrsJwZyaCZRZ9C09XU
+kw1e5M/h7zZuDUtLKIyzA0pJ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 83 38 B9 B1 1E 8B 1A B1 01 EC 85 06 77 73 50 80 9E 77 8D 72 
+    friendlyName: Invalid Bad CRL Issuer Name Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,619AE424395184AF
+
+fidkvMzQmt7seLs9JoKXAFeoeWyIs/Dn0wWqjju6InvbFGt5e9dBqJOHqXOiR2Ad
+hSGbVkcvXRyUokJudi60t1cHjXd37l/8tK1f0Cji6EUUMUekG08BlF4jrsA2R3Pb
+5Q2Ya9uhNO+2FDf1dYk7+Tyvg2SOUPtyN3xS8S54+Ao6761jSy9yGHm4KOws8ViQ
+c0njkI8erjzYo/H9TPgOtW48JHBxa/GA5gBWFF/2z/AOIhSLtOMeIiJEcqiENlnm
+pOzHXp+UnCDdVb+xEO5lYKyNA9h2BPhZ6x9SA5VXjNK+S+rC6g0Vj6bgX58JfAg3
+DoFKy+RpkYBB4MXskmU8+SWVXrXmcd3JTZS2dN+pkFRxEvdR+Xj6Wi7XIpZIY9Dw
+BL/YNX5+ruefdisDncgR4WdDy0rWuKnJvFl8FyE3M3cQl+LBUwxwf46TotGcIHwj
+Lb43hD0p1xPSPwcElVi0iJIZClVEDM4jNXv0rYk0fD1GUD5I3f3jTILxlTrIjWcr
+y0I3c74aRgRBp4B+Wh6Vh8OzHDVZeko4e8WCWT9QnknQw0b56/yKQErymhT5xCSe
+ZxLZ+JsveW5s6u8ySC2iScdRh/TTHag8Y2y1aIkc4iZRCFcLi/Udh/EuZ9unNHOE
+4lSEMD5gwHaeb+y8iVdwHOVIdelp0RceTmHiyzd/OlDCZOKt2Ha2TasdVdK1g43e
+MNqvW77Lz4isgIuROIZmn8vwBoprFXXSPZBnjDvEtichw6i3kRJbLtI60CkVK7dx
+P5Ffx7IhwOIFoxfxzMxOaxB2FknnciEoUpAyTUOqI007BVuwx+mQk6Anzh2/Osc6
+AvVf8SvuufJYAaTYovAmJlwFpTETkwUui6zH2Qt1k3x5njTN2EXscUJDLAJ8PWGW
+QNj3YlKdQdT5bfQGRolmQN/Aki5BhjhNamGzN66T5Bi+MjTmaK9o2kz+ed1sdGUO
+M9g7RPJ390RzTjMf2g+pagVw6Q5jzNFmgKn/3QPnhREeFZXUby2KkrENqf5Gv34C
+s10//lqT2ln0Qx6OZjYn/ydWt0fmdn3msDYzMn0UcSxSRqHZgf5Z/J7GAPeUtxzE
+1sTo/qx5gkZ7KV+HAkODoGOjUWDY56aVTzNvukzZ7g/HoB+71m06ce01hgxEhduu
+eDdVoWlRaV3MWATYKGsEO7G2dOP8oouzYYXxip8TZClYy0QJkfSxrHx+eoYDU16M
+SxGrtYkSRf9SvBTAjpcI1IYJwCmLOXbyJldhNDz/XgXjE7VNjwpucy4n/NSkGA98
++cE4oG8FKPvU1rlAZP8uSi+jW64yOykMYrGyCRfe72Gc0WrDp/TPVoJpFiDulLJt
+06XV+LA1A7Iv+aOgej4NMYvQDHUuDlQGgTPeU6aWSgiFQZkMWyxt1r63MTC0qeK6
+6buWTP/teEyzDyJlTb2dTwsUJaK9BwT6Cm4M0MW75zlQw0lnR4VWwKHCnAn1OQka
+ojcVVmSs2ixDCAB8fOBrcqRZIEw427lb8rJyHhvqCdMyje+D3s/T87vTtPaYaaYV
+SAF6BFFcV+3bAymDNnVB01QLIOlQbucjE/M49Y+J+ZS1gke6WFRGPdV4SvcHtYaR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem
deleted file mode 100644
index 6fd7c1dc31..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad CRL Signature CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIENSTCBT
-aWduYXR1cmUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJdogWv9CPXo
-9rQEcxwXXws6b/WT7R/AspFsq4aVO/l7puHNxGIQybx5jK5W55wqPtHa5PPGSpJA
-YkcuKVXL1ZqZh8A+VenvazNg0XoldwJZalTN0AwR3FprLL3cXYIwu8FFFERp8l/S
-YgHz8wHRlA37Ph4a7cU78oLWK0wziElzAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts
-1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBT7CxX9unvmOEiZWhVgVVCXqjZs
-QzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAmZ8+7Hn2elBnvNREi2gDIa3P
-POFc8RHEq6ajCkhgeJoQRygSFdfenhTKGtfvet/3j6hBZRHEVI2e8x5yiyBN/ZKV
-SAdRCjXTg99nJJtkkqDhifkO5uUaxfcgj2LFt9DI7/b/jZzlNSD8BXqcifbjAf1s
-IIlWmY0HVZgwucYLmC8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Signature EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Bad CRL Signature CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2ln
-bmF0dXJlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYjELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYDVQQDEy5J
-bnZhbGlkIEJhZCBDUkwgU2lnbmF0dXJlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQDbS7uYXT/RjXcp9qBIMFgzo5WJJA
-3/1rXCiA/BzowTDl87A4iGOmZ+LEkwpLarYI8mFzGmQAVIlJCn3KlTO4AuTWaMth
-VZPgVZ5gVxVHQbqdb2VZXHVJGYB/yn+PJrghL5uy+kv9qzocq/jUrEHcnvBTQ+iI
-8mutd/z8C/Qy9QIDAQABo2swaTAfBgNVHSMEGDAWgBT7CxX9unvmOEiZWhVgVVCX
-qjZsQzAdBgNVHQ4EFgQUK1L621YMk2XrXnaVZG9PC/61mSYwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA5
-Kis0tSW5S+c/zwTmKqh6DTRRISk2nn+KeQSUJdi6YXcuX3YIX/P4SxWNQ46dwKDl
-lNNDVR3u7fiwwYf9BxICorMqY2FhrdFOoGclO1mCpRuBMhmER7hWivrftdi7ekeE
-2aEHKWWnWwzU/qs6Z/6FK9waN4GviF8X+sqt/EHo+A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad CRL Signature CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:0B:15:FD:BA:7B:E6:38:48:99:5A:15:60:55:50:97:AA:36:6C:43
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:7d:ef:9b:2c:27:82:c2:3c:2f:16:6a:09:27:73:ac:90:da:
-        2e:66:07:a0:f4:c2:4e:4c:3a:52:02:f7:23:dc:52:f5:3e:2e:
-        94:29:22:b8:f4:f1:c7:44:85:5e:84:8a:6e:37:5c:84:16:5e:
-        70:b5:f5:13:81:8e:89:09:b6:48:0e:51:9c:15:94:21:f1:21:
-        e6:38:14:50:a4:c3:85:4c:84:e9:eb:f6:b7:6a:a4:cc:12:02:
-        a5:0f:42:af:9a:1c:d9:c0:4c:98:c3:1c:12:2e:f7:84:d8:fa:
-        24:4b:68:3c:20:c6:7c:60:78:d6:46:37:68:28:4f:81:c1:b7:
-        32:30
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2lnbmF0dXJl
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBT7CxX9unvmOEiZWhVgVVCXqjZsQzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBofe+bLCeCwjwvFmoJJ3OskNouZgeg9MJOTDpSAvcj3FL1Pi6UKSK49PHH
-RIVehIpuN1yEFl5wtfUTgY6JCbZIDlGcFZQh8SHmOBRQpMOFTITp6/a3aqTMEgKl
-D0KvmhzZwEyYwxwSLveE2PokS2g8IMZ8YHjWRjdoKE+BwbcyMA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem
new file mode 100644
index 0000000000..2ee07eb3f4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A DE BE 1C 7E 70 F5 E1 0E BA 55 EB 2D 41 E2 4C 7D F6 6A 8F 
+    friendlyName: Invalid Bad CRL Signature Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Bad CRL Signature EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Bad CRL Signature CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUQmFkIENS
+TCBTaWduYXR1cmUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBn
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3
+MDUGA1UEAxMuSW52YWxpZCBCYWQgQ1JMIFNpZ25hdHVyZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoh2hBRa2n/
+4/sUJnItoF7DlFyPUGn2CSBjfW61rFCpa0UFPhjN18/5HPV2AvDSyfeVsQbaOqBN
+mGcN+3ClEaDM0MxDR373PtXwfZlqxBeyufsFrgskpV77KB0dwTPJBkFDDf5K8Z+d
+kRv6wf8L3TVQkWCZmqtBGyYpb+ciqjqlON79M+mX5rGy+95P49jqzq3Ufe7/frQ3
+twWzfLyvT16+X3erXinXrkMBOJqKvH9n0AmeV7H244Ekak/kyYjn8cMKCHptmpyO
+XXB2dhDrSSkFClVE6Qyk/ynFBPo29lq1ZBM4WeKI961/Sku3DL8cE9LgNvzRx448
+wM8vF++T9EUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUMYs1jZ5EYTAU3ucLLhQZSCTb
++b0wHQYDVR0OBBYEFDFtEQEQ4iF+FFSg1ZEs2O0msQvFMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACXx
+1TSmGPZscKlY2e9Zuqp5LP8ehTiXLtWOErouEeF9tfobMh+hOGruSmdtJv7tmqz7
+ePchR3c+ROsT51qEpOW+y7Hjv8opoRaWJdMJZ4zVGiH6wlaj9Iy1rrxFMnbRM2ZN
++md4SDJnKmMzbUf1H05qAuiCDiDleVkPycyIOLWInwEX+5cW9SOaeoiBnO0GmkBe
+RJPNV9rrTNpcq8cDoQh08xaaoKRPtIlxR14XP25SNfljdbCVZQXIoKHEsQV+UV27
+RVKCSqzZAv9W1nXeZX7rH+8kEKvQR8y5fMYi7Hi9zk3tqH53A/8QGPKrCqRJaw/+
+UAQA3LZBkaU9hpO5JAU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A DE BE 1C 7E 70 F5 E1 0E BA 55 EB 2D 41 E2 4C 7D F6 6A 8F 
+    friendlyName: Invalid Bad CRL Signature Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6CD186847B6D8CF0
+
+e+e0uY4ANLFnP1kBMLdAz6JO7+Tq5FRSVOAEOGNG8Sx3QgbEpLfgJ/MkMC6n3Fw/
+AqnQFZh7Edi0RsFAr0GWyOzcyz3fpUfMS1WtRpIgC7E5Cx6MK4iOQN3yUinvtKnI
+9qV1nHMw+UlvBV7mfODEBHOum3M4wXtgWcjDXGE3VrDqwxeYTqb2z/gMMFSUDRGZ
+2ZFYveiiIT8B2nGAxtTKTeG0Yv4BzRhArKLSMD0zJl+x3QM3PH7a5WhKS+b69uzy
+PaCxjdRzYsNsVNjnIhVFdnXtFJ3njDL6Shn5yCJkNWdoJk3wnG4FUuhR5FKCCEtO
+2mLRGcVXj6fonOy5KZ79GN7kp6N0L6EtUhZiO7Gn2Xp34EjfoXyCoGRKQsVr6Xmk
+vyaR+Ui+81ro1xGRpMGRyyFzovXFWTMSIvq6RDC3ru555/OCQ0HisCSDfxu/xAIQ
+VhAENI1Fmj5TJuzS39nZsDfNX+G9mkv0W8V5YNR2mZSEeurGWFOYEqxPNXEdZgci
+pMkjN8vVIv12pDds9YYqpJuexjCFLaS8ZS3ZU/55KBNY/U+/q9MuhKO49sdtNBxq
+5ffXYc2ybnHKDTcN9bzLgbBuqYP3bfGtgn+BSK2nxX24PRckFjj9h7QqSXot05mX
+Z9WdQMRs0vAsnhhEZXOjMhxusLeJIOssnXY2EuXt79Z/Sc4BEE7KFWQ+ZTgZ7kv2
+l/vJWlYBLcUrlbcgWdu5DgLau45fgWFfx7Z7R+cg5cB6W0ZVlE89+c8FRTh4v1UR
+rfG/k0QMIzP1CNMuc4rngEjVLpWn53jXlNM1ljeQynOYQTBZuCiwyXCJs59ZU3v+
+AYr129U2ooPpe24N+Nvu6qHnQ9V+jeHgoU4nbOD9/akhy68xukVaeDIDgezVD7oa
+BIAOziVFo37SHFC6Fbi0/JNQCoByhRbpUnHiG5PRsBO5OEY3Ud3irlhuPFofg27y
+QJ5qnl+qdlGbH0iBZrGXwiE7ZUjpEPPxR3+IaLSvj7k0l7zxOtK4JoHAa4njxXNC
+VAKdjrekp+6lbfJwZjrAVVSU2wuTQ5UFbdZLugfyHgWH7qb6BFePytfM69eD73b5
+ZaU4lWcTFaa+IEdqAZZG+DJ79jcYiynBHdOVOcLnRt+hKlo/NGY7nP46hytuEefh
+0ppwNMkXXWxNGVzfUKiWoKBUNpkMyRcPveQKJhBQpbNt/soCTkh0csH7CieRXQj8
+7LQMKC15St07nncPVsXYtcD9fPMh0aU576SdoYTW9sb0kTThV9evEAdS/NFervwJ
+yqBa/a5kCxhpi78LrfljTkfL2/9weS80UNj/4ebC/Et8uuES1WeUyDE7ELFqMoHg
+NBfBnsyu82KRRxU8BpEqZ05CX7VrZHHL9hGPIp9+7isSFyjx2t4PUZmab93CwI5z
+Psj+z+IsR2ZLA25ttpi3bOcnqKJ91okUBVJCaiR533Ss3Ar+/tl+ZRESSDhh8vbP
+Wqgd6YpXVOADF3F4tdRwPhwTSUM4mJ/0JFVNINOkONfMai/hEbHZfPh9XMfctspF
+XWXsaBMejr6WBE8wUYQ9tI68cQld2Y6tr+LyBYy04fglExIn9GmPYWsfEMoUipC0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem
deleted file mode 100644
index a70e68731c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln
-bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBANehtRiWYBhPipRRR0tIxuV4U49+DofUBRVQP5JDT79DtTbKaVOR
-HWgSi30ZrKSm3WkblfZoncF9ZMN/ocoqxeUNXwBqp8/wJYbE6js5YwBGTsfi3UfP
-s14vC1mU4ssE+ogwozLkXRcJGuFtJwNTZcEf43OkjdjLWiIH5DVhj9ZXAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFEnJ/LcDPGdtCgCTqeTWpR6SH7URMB0GA1UdDgQWBBTa
-6ZIK1lgoOotgyyB2SLZbDxCDHDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAA/4ne7fgjMJuty5+P1V3QiH
-TxmpO+boz9+NO3Wc2Nj23sToATQqIcc6W1G3yKbN7uQEXtHgtPcIz5diAIJ8JNQl
-INBUxGlFASTWHNfnNJDgN7lwn4VjSAE7HzEKIJ3+HVTXI6+mdiCl/IYL9q02KSGi
-djAHT73bFgK6ydVH8Cal
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem
new file mode 100644
index 0000000000..f5ae145d4c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E6 12 3F 89 00 F0 C6 9C 39 A2 C7 8F 9B 88 6B D5 E4 71 62 9F 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgQmFzaWMgU2VsZi1Jc3N1
+ZWQgQ1JMIFNpZ25pbmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ1Ncwjk9f7Jh7x49a+7BccpR9imE9kX
+WNxzQRvvBx/ps0H6O0u1zIdwap06h2+FtZTsrSUn86di4rh93ebVSvSdyvjRTZ8C
+9Wzp2bL+hkeKHLwDWu9EMXUGCudejQGRzcSdR3UBA8vyQcxzG0fNqaXVv6R9OLcW
+fOg4hZCB7eROyjQlGw5EbDQb1Mwn5b3uqTtW13lFLIcCcoW4RfhyW75japyyi9Oh
++tCN54yJsOOwjZ52PLbHTYr6/iRRKXkosL8BLS5B+B4WkIRXeFkwlq7wJRFfFiI7
+tyd9h5vHk7cwBl2ZiZCvxQ/Nlfi9wzXEFPto0LbD1feSoZ1BkWDmqwIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQpmkUuNpWd7PJeVJwT1dn2RJEsEzAdBgNVHQ4EFgQUV4fq
+Vxkw9RXSdq1WA6DhF8IkJzcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEATKc5gYlWDtz8z6JjAO7O2AuY
+LB9lOLe6vRxZHjGME9s9lrupp3rM1lMEvDEcOkfo/36AR0ZWmdWbW0m94TUyu8wd
+MmF3aXQxxkJGHAdwgD8OzpzVQWYM966uD4awzXMLvzx3IqymLwiLK4veDIaNeOVU
++LTZO/CgO8jp9lbyhNs3PLU/jeeAXSpx2WCIwHVMzuetpicwWAab57FAov7p5MPo
+Est9Pk7dk9iXe5XvnnNyOavoCSbOP5XddVUR370ghSNXnoFsgzh40LWDe6HSrgXO
+ZyaArB/ECUADegv99A29DiKxDSmM0zM5NzTrmbQEpALzt57CfnsHt1T2C5ck2Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 12 3F 89 00 F0 C6 9C 39 A2 C7 8F 9B 88 6B D5 E4 71 62 9F 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,276B857A89B89609
+
+ucRyf9n3BU/DKfv7RVXPVBnyhidmBvM5gIlW+KzmUFP/h6oGZaW8OaU7HC5frMZ2
+GTMBvXwAootFy2HHGOoiKawgo2Zq+Fs3O0amgrn4RTIFYwfn3Dlg1fU+JnCU+ST+
+ZlGtAjPQ8vfSeCRlxkz1SSA28R+8mKQymBFF6ZkLGBraZNVFmIxGPs9PFJewX2hD
+iC+UoIdLulYgwg1RrXRy5hVxKkvaYDBUIMlYOyqzUmkQRaJhC3pr+ngb5THJj6y5
+T78tVRhkuo70/WoB6fVXF2XTd3fujEN4ksW5S2LkgWs+9XfMsntP3jeVZouOyinP
+SHySjke0TCOdzcZYedAaLcHZUsnheevsvQa5pmNSuxJBYX10f5y5sehojgcvL/uy
+c928kBlyd3b3jTzbuirTV0/AO4081BT1733bQmIfArplPWngSex4ADIF8cgIPjT0
+A2WgBOaZWNIsP5KyNiokVc4hM7ulcyurI37E1mgHMlS0cUyv53dvZcrg6g+ScjMu
+rco2GhA1LlGKWofyTC8dWpikip8S00FR2JAggL/4LQMoPJioqLv3PywU43FJyK41
+OG7CZ3GEzXJgkx2h7bbJINjz/CvhC12CBGXejXJP0kU+1fp2Pr0LBYMYOUbj2tXA
+hfMpSWElN+XZaRRsIOaYxgVIMvTpsKHudr4o4Jo7+BgJZ3V6Po60z4QZCZi7TdOV
+FZVFM9yjCzFPRU5Xv09eSf9zTVM8AKXDJvMIQ+FcaErTsO4EpdB90/jCgsk4W9R/
+ZooWrSARU0DBd7V+OIRLt0FbSXC0BKm68zg5eqLG/skbWVvZzrU0ef9BNiOuAyck
+IKcex2M0Aw3TAvpj4ZKW6ADGfBANl4/IbNDn6kU+c/7NoGGIo9c5AqAlGFKSaHkq
+y7AJdC55HqR03Y9604mB48cHwcHhpqjw6L3TF4/nv/CTYeUGw3ng1er3bxDdLdZJ
+A2ephKjF1uYYWsjmXWmAxLs1zasXC5QCTRKOWr3J/UN7f2jtTYfux5hmnh+73aQ7
+3khln5kT0s7AoWt9ML69TivVT1rdZnPDxyIBUBfmplrnHZobdpDNpapwuJxzFyQn
+QrFd/flMDvMaoTczflg0+koN4iEmOhPQpzcIDC9DikHSbryf9zcVl044qdUADI88
+saczJwKYSSKdtCAF7oldisvekfhZcERLkXLi6WrNGzI1YX4Qf6MhWyOvTs9danxR
+ukGQ8WOmb/TfQftwa/r5v9L122qJVZLjPAOPO9lGgUa/DydPYiABjOKVIfbo8u28
+KFDoP/BSAZ6ibH/2XmIfEPyf9Hr0BXDWgFiV0IbuPxE/TD6SCH0dnu/MOZiHC2Gh
+Tq14PMr/8+kmZkw0btc9/3rOsm/Phmf5BaqpQzp+KjQim7XYx2VwbJUyEXoAPNBY
+Vq8WstHlvZWe87WeMlCfjAxzP14BqqC6tCUEHi47dVoOEmC6QR3VxESWBPV6VE6j
+1vP4d9TFkamwfxQHFSdbverYgfxnWw5DcJGDaOc/BKmucFi7RwO7PImw5mYnPdSF
+Z8pTqupvQEz2ZL6gYBAHptwykG16VqNYI+4t65ZmVk2HW7Tw0/1BIR5qefjXL8BR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem
deleted file mode 100644
index 1865a68006..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln
-bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKvhIgfCe7osai3K6RoZSmpIrNAB/YJ7ImOrOZihxenRuEczoaGn
-0dC3ajSeX3sg2RIomf4JTDpzcBM2swr8JOcChUwnFzOZ/Fz6Q6OREST65hRxXECk
-GbkjgRrFnTgv3/s/v9Ilt/GbdIcgBxJ1797Fr+rOEDkwld4TGgIAIOO/AgMBAAGj
-azBpMB8GA1UdIwQYMBaAFA9yyjNDqcQRUatj2kSHD2Gk9L5HMB0GA1UdDgQWBBRx
-0uz3/5i8F8pGl1n7xes8mS3ymzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABvl4GhXI+6jjTcXaeraQVtN
-9WsB0kIXPXptGui6yVAMTsB6MhCgqlhY3xihDUJIIXRy1oV4efSfFO7UbRWOoN5T
-MikwqCAVoLnl3KAZZ4qXuwi6+OIUSXx0m8CfPRNAYdEAHCHJT+KFR8wtY4eAgyVw
-ZVhFDwnSxbqX6ThJ5wdN
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem
new file mode 100644
index 0000000000..f615bcf744
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F4 66 4F DE C2 E1 DB FC FB 51 0B 82 61 B3 31 5C 81 09 D3 DD 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgQmFzaWMgU2VsZi1Jc3N1
+ZWQgQ1JMIFNpZ25pbmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol4o/PaoUHfmfauJSNBudpqdHZMlL9Sy
+AWTgosb1N1sDIAswsQmo0kHLjxW1p1zcVljpQso+13cnjBtP+k6PGCmfQ7uAuRGb
+r4zljd0X5talJ+jaCcQrmoDDcl/aznqVQySJ1jLSuDKLqSEjvObatrLvyhrawMH6
+9oEuno612WHt2L0kxjDtrTqauVCkUDsbC40LK4Qc4UBponYRqgOedeFnGJSmt5WF
+SeLEELadfaxCSVeT+IEUFQ3HV6D3icKhRsS9YKneOnOUn7BvuTHFUEisz07Q7wJp
+3NatsukCsRMW0w7KJhzYh8QElm188tzJoScQR/ETIQw49tDBH1M1qwIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQkwVVx+p7hIYUq8K1hpxW51U1DFzAdBgNVHQ4EFgQUaAjV
+TuVUjiYIJGsaF16hnMaOnu0wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAmAQkit0tiMpNN+36ZZKdZgJ4
+h4s5B/oh+1NS53RzqD2fSEcLuh2zaX5Lq4GJJ5q0KQTn4yhyLDZbXSGNnmR+T3vM
+b6cBIA173e2na7ZaYmNsdTLeSdX29QFxJvWGFeGrnpft1JW0uQStrRTaqu5WCCJF
+7tWCNs/Y4V6VmnjXKs54TophgffFFSizMHOq5eedZ0ZLDQCct36gPPHcF4MFdEDB
+kpatcioxP7NA+ANWxkkQ3bm469ivlolt6cM3qhVwaQdXgv1kPUNsgpe1rZi4n4pJ
+ldddkxuiu0SYBnxtAsutBl9tA0cfUrORcDyMOTJI51Ql1FKq4qVPHBCi/uDn/A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F4 66 4F DE C2 E1 DB FC FB 51 0B 82 61 B3 31 5C 81 09 D3 DD 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C9EEE21DB0A49417
+
+kjbZTeNlxh/qNwryOSveCeSjWhfJXP2/eMetmVAJ2roO5FIoy2WK8fqpsRu68rq2
+1UIwv3hl39NmfxIXzvX5s70HyzXzNLfm82ElvVKjrCzFS3b47pdcZQCczMYzz3ht
+2XDxqubJqaj8zIZxizdokvkg8656jRM78sr5vhxd59Wkp6VHwh/8Z1iYnx0RuRRd
+7K4GwkfbBqn4BMEvw5j40MSC//48hGDljNVwLNIcWPHybzGXHwjvwaynkqjYo9X4
+BuwlBZZdd4sPKUCaGmpz2gOTBOyPVuVJFKjCjZYAV333CQu0WBJu0r+BB96RJ7c4
+Hoby3fkmO/QlIYtCCWrHOCnulUTyP5HNWy7qN22Cs7XTaWFw0hAV3EmJ9xDdYyMp
+DoEoJAdu1npfDCw69qURfJqZdZWcRHV0IdEiW0lEDaXwarHO4465+rLQ6Cz+fXoq
+ThRxbMwqWC0xcaMvrzu4DmQ/0gaWxAOgBm6mhhcgVXEAs/gmytGwesTBWLFembLg
+DT8HEYuaP+JUzvblpPNqNsmDy7Awg8VFns6UmdN1/BPcjcN55Ex/S8HUi/6nrcTc
+EEEp36OKRG+MeYKLN6M5XKVFIyjpba/3uN4cftvcp93R4tPaopfOvZeVua5SVVch
+Q8pYrCwe6h6Cjo+SkYiIKsMZWN9azFaj5cHHDbqy8v9kXvVtnumAKJarb6l3ET9W
+R9IKboeoNWFxNdrJJ0nIwVW8bFdBGSNU3nRdunLcukvyNk9kKMNtKW31MmnDTPvX
+lyzE63H4U6HiXxYGF0Kkw9URCL42qkUumDgjQEOOCaVdA5/FfuhiPJH9m9cHVBO5
+ZivnvMw1SExTthqUgMZCWhRpTR+rvfnUi7OJ1bWcjcz7Ot0CkXrFkbqeOb4o1Zvf
+LKQxtD/rV+7A2hvjFvDvYG72txT7JSlpPmK3/70MVB21DVKQf1vLYeEV+Tc/9zPh
+UKezzpUhZVfn0EJXtxItuwT8ZR+LQdsZRTGFA1U/PjXDamBfmHFQCOkdFkAgnNLz
+ErRq13os5jChZ23citg5+cQnmlzgQXHMidyOylHqagohJ2ZVuo3hXna+dVD2yTTs
+UMPO4JJ6MLtsNbtFJ9wI8wpC9upnr0jIxVcPhzNi4uIi6B5qkQGcjSTFtqwHxll4
+n1WW4PKArth+v54FGI7BzROHzsU0rX2y8eZJSuWH/yLwFpj/osQtrdsYP0If+ZqN
+AHuf1LyFA+8XOGU1HAgxu5dVWdaqpIVib8BdkLBSMsvXtBY8vx16KIYyD5Wnrcds
+dj9fy1wgpBoalkOuDG4UXPf2tEZ58oM64fgho56z721RT5WKLqIMpvS7dclkzAs6
+IBCDrZwGWl5oEGmyqQAqBjSxrDUfzrwDS2y85ULfukqqw7rWdNH74jUvYsny1uq8
+FzGUbfLeDlyyGX0GIKilL5e1eNVoYgH66lYqDATpfwxWqV3Hx9eZviOUr4dYbI1J
+f8k3Y8x8Yz9ooAuWXJq0c46Zt5mOiSMpu457+fK6/AW1n313s15Dx6Lor8DgQLrv
+rR264AasTQDI2rZdYqrMRj2UTkE7sfpHK9kbGbnqInm/KWYUXKALuph4ZACiQj+T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem
deleted file mode 100644
index 51a795fa99..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued New With Old EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBvMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBC
-BgNVBAMTO0ludmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgTmV3IFdpdGggT2xkIEVF
-IENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCT
-jnQuWQQfSAPHMxbQs5/JPin7talEYrAwqnyOVuFLu5omsqP9HAX7nkKxNRfOUlP6
-af7Ha9u8C+frLG5WwPmnf9XYIBaisUdEiga8saNMEGChSlZmaPoLD/LTNlCcwCEt
-HaHuhAAN62AgP9WMXsrfctRTccjIaQVsJnnTOCUAqwIDAQABo2swaTAfBgNVHSME
-GDAWgBT6omq57vpPxXKdddNLem2M5Fw5JDAdBgNVHQ4EFgQUUw9DlHqj5ferws7b
-XdljGKM4E7cwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQAzzPXRKubQgAmne7+Rqggy+8Ezi3Q7+1cNjILV
-wVSnnVggqbd6C/cOV9P4aw1ljohm6fH5IXxfCpP1UqahccTT/m0482gfIxmCobF4
-MBi/cq6qlhQQIjBxGRkyysQIb911FCME2mVUlLQJbjkgpzl6oMu0M2Lt8m8ypgVf
-YqDhRA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem
new file mode 100644
index 0000000000..b517fee0c2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 6A 28 AF FC A8 53 FD 75 C8 02 E3 3A 5D BD AE F4 8C EA 46 
+    friendlyName: Invalid Basic Self-Issued New With Old Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued New With Old EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUQwQgYDVQQDEztJbnZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBX
+aXRoIE9sZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAKdBgafx2op0ilCfXFnMomtQos2eWUOojL0pa0weh+1coc/s
+JP0Bi4a/lqr4zKPuomUMUG9rjaA+PW85qbCBh3I7MliOmaEfIrbjrBjXv5xOv7PL
+IJSUAYCfCsvLtm2djtMOxfSiOFCqCcP0wBUI7lKRAvFvodF+cNs6h8Uyb7Q29DgS
+W9Qz6oAXIXLCkLGbIE1aPqwja7bznjJOd7YcpH7muDaVIripW2INqJViDvHDPXnA
+29KTjY4i5sre9W/k9iudexcHircRRdLDCeSjccmhR0ogzZEeVctQ32icG2+Yl4ak
+PgqCrMwCVOXomDyVYakR9eo9vLC39EUNssATgtECAwEAAaNrMGkwHwYDVR0jBBgw
+FoAU3Q11jVNoEsTLFUDAFIYUFjChvq8wHQYDVR0OBBYEFLQGHiravKZOSLcCXHIN
+6rlg79jcMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBAHlrlGfh2haGDB2u/qW9ngyAyYIMXbEOf9548qyp
+yNLIu5SKP4oMnhJoMQ4sG2rxAtABo9UjGv+yOLAGOZQlP8n1dPc3n09i5QFroAnQ
+mV2SwHnalmq2IIxhsvs1TcLDLwIV3bOikZq4U8rFdly/Qh9j3VcJvmJdBhP+0roW
+XDyLIfqQdAeTtxszKdDSTatd2uKyGh/Sef2Z6A2T2s7Yn8txRWHPIj0QeTaE49r9
+TQVjJZ3lLD4O2f0qXFbvYWy2x19LizWWkNR+79Xivfo1lSxp2D32gwd0HFvpqVHp
+RyA9g3kOvZuzTe3J5n50iTH4fxWotF1tNnmuwZFHC1qs+q8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 6A 28 AF FC A8 53 FD 75 C8 02 E3 3A 5D BD AE F4 8C EA 46 
+    friendlyName: Invalid Basic Self-Issued New With Old Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C00A44F6FBA277D7
+
+OWjEf2A/4WUr/ODkDuwfwtuhFPz1X11cB7hYcaiY54tjOo8QdWjFHI77buK+Q46m
+fL7Mq/GE3KINNNIxCMNN9HLMBNG+g2724TCsJZq+misTQiVx1FWk+rtKs5W/HIrD
+PfJ8youcyd9Ngw1BWDZ6QWuBcsu/MmCBZxA/vUyplhOac4MZH6Gorkb3yBZiWrCj
+xbq02XsImhif45rOjtJ4yHVJEpBLSasjbO+lMB4sQ1ihHU7pZIWrd5epVKSLXkRU
+355xjT2Nsw9UY5KSN258FgEHzQq7G/sUGXw8vp7S2rT/P/3iJr+Q72AZKsKT9yBG
+OGNBEfGy/CsptoKU1sOlbpVZml8vV30pM1SMPAvyqau4Chj3K2Sj+DT0CcRgqAjC
+JW3NHqZpTR0A4I77unNOfT0LWwCAAQNxcC+RjjN7ZHL8F1PzIB/9JzCey8sXYgHf
+X97E8lAH905xdfhyBg+R5CsLRL62KCdebu5wJj8993jNCIQKuHlLqnUXdOFS0s/C
+KjHYgL3aMDIf36QxCk0Fsmdqhxp7DdRihw0Kv00IhrRZHKW+7bMrR1I+9kh3L6sB
+zrjWGNXFbIkB6/ZuW4t4l3mc6pOLfFS0yuRxfZbEVCKO9bjoASTfImELoeeHj7qA
+n50NFidOD9AKn220BrDgnH/9vuDp8bRrEQTLNpncVyp2gv47REosIDfn+0AdxcrD
+JUB8gzN1lvqQl5Sns17zTl/74kkxW0B020ih7acF0d38DnDkiVGUrZd3OcabpKxd
+axZ1WxY9ZhNxr7+Nz774twnL4NRX9RVy9Ofw9XQMqA4yl3nYrl/tD3PE4DvDivSg
+o/HpfldrBnYVfS1Ts7HdhidXqm5EW0sFYNXysOnDHiqM7YSaya2xFPI+37jhMOlL
+Nn3WrKEfPUXlBhkEVNNPC+1ANpLoGgf6hEwHbjho/znOzPWAlWITqtaiZoL82gZD
+zGox5aBSOfdkRX+tFSn+wOD4QkH0YUr7jUtLROIAPUUCs+OWCwdwc05fTmaz9vi3
+r3WeU329HUtl/NUOgxidZSMDw9+HHKLzRfRASEmK7qvy/FEL7zC2mAiThv+90Tct
+37KnfMifUcsRyORjontpmmor5Y5agaE2h3CnPQpxKKs7SyrUGAhpHJ7zzd+Q1HXY
+Ya7JGduB7T83EJv2mRpNQxJ5kXcIk3RBEhwVUjVVtqK+FP+/ZZL14VaNbxgps2j4
+LakQAZG2WOi/wv46fVrS63seYG8yu1/c2D21jfRT6kK8+Qs6V/zaXbuDxhd7TsMy
+T/khtdChhr1kt8Rz7XNbc2H4DREeKTqwhpVFG+o73ySfALgO0ECVMBS8POhytBqf
+URP5GUQwGDqDwBKvS7JotpJSkrCApAesduv/7Vq5I/+7B2HUiYt5RLVUYL4tgYdo
+gtPKrerlGu+zXJ672z2kmKg5LVWd2zsw96efGgFop5s129BpCzY+d5axCP0Y/oCj
+Jpas8ODtvadh611R2YqNOcgKcTH7lhTEOGc9IzKI0rf2pFL1eUvDOwe8Edwldn0M
+EgZAf9jZm8yVb+AdTBfhiusnDtftQge5PXiJQFnpujVe8LNy4SWPJjBxhbidx54/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem
deleted file mode 100644
index e0924953b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBEzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgTmV3IEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-tCkygqcMEOy3i8p6ZV3685us1lOugSU4pUMRJNRH/lV2ykesk+JRcQy1s7WS12j9
-GCnSJ919/TgeKLmV3ps1fC1B8HziC0mzBAr+7f5LkJqSf0kS0kfpyLOoO8VSJCip
-/8uENkSkpvX+Lak96OKzhtyvi4KpUdQKfwpg6xUqakECAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFK+5+R3CRRjMuCHi
-p0e8Sb0ZtXgoMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCuRBfDy2gSPp2k
-ZR7OAvt+xDx4toJ9ImImUvJ94AOLd6Uxsi2dvQT5HLrIBrTYsSfQj1pA50XY2F7k
-3eM/+JhYCcyZD9XtAslpOkjwACPJnODFAY8PWC00CcOxGb6q+S/VkrCwvlBeMjev
-IH4bHvAymWsZndBZhcG8gBmDrZMwhQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANa7RRhusOV0Ub10qBKMsUMG7QViaonYz0IcJLX0FKEI
-EpTq0SV6NeVjjzmcrSrzjHQfJpkywOHRiMw7XvYunmzlwGSoD6TW1ZUYVDaQbKUT
-oWooVoCzVstf6AsZiJiHQtBt4x4OHap7QRcJdlh7aPhp6TR+zq8gB1HsG8yUlG0x
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFK+5+R3CRRjMuCHip0e8Sb0ZtXgoMB0GA1Ud
-DgQWBBTJW9PRvwbxAcF5XLtzDY1MRsst2TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAhIZ09WrNK3jX+b8HugQygNCBEVVfX7TOCCFkmRaxp4R/QBHWvcts0YQT
-6M5ZC6b877id6zRYegHadKekVVqwFbLKEO0MnpD2yGhGgDpbil2HlEaQ9yKQXpGF
-CBx05/e7jkNhk/zGDsBqmNzkozrJOYBohkwUOjVFkAuLyovPhTY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued Old With New EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBvMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBC
-BgNVBAMTO0ludmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgT2xkIFdpdGggTmV3IEVF
-IENlcnRpZmljYXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv
-b2Xj8btEB2QsPM7mVVrsnON6Aw/LdDQc2nszxDNBn133XQWeVkHORkod3p9DEg4i
-TEdCG+rweF78vMSAhWAucXcFC59NAjUgxMiaIneUK2lKDW3afmmLHzV3nHjlNkj2
-DN/BvUmo3Pp2lhrmdTY1WFfvQdueeiZKbCB5dor8+QIDAQABo2swaTAfBgNVHSME
-GDAWgBTJW9PRvwbxAcF5XLtzDY1MRsst2TAdBgNVHQ4EFgQUJuUNG88pizoZguKT
-iPPiMZLmggYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQDGIVBl9ctXIMIN1Zy2QYgGnP8POYBiHPRkHZwT
-IGhox7QsinsIS/Lc83H8Y4OeUaJWrGGL2HkSTR/eQgSFGwf2u297IhHOwtutllNJ
-MvzlnvuG6uNAfRCuJftf8hSU3ouJoVVCi9CuCg1IhW6Eg61/oFIqZW33Jr6EvI8R
-WDDSrQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:B9:F9:1D:C2:45:18:CC:B8:21:E2:A7:47:BC:49:BD:19:B5:78:28
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        73:fe:c5:db:86:ee:6b:0e:f8:68:85:d2:0d:c1:44:01:d1:33:
-        5d:9a:42:14:a7:a9:20:bd:38:30:c1:f1:3e:c1:b8:d9:4c:ba:
-        fd:3d:7c:a9:66:5f:94:fa:46:e8:23:94:4e:8d:09:1c:45:6b:
-        21:ce:b5:cf:3f:e6:18:33:d0:ac:a6:ea:c5:f9:32:6e:75:31:
-        79:6b:1a:8e:50:05:86:89:f9:f3:e9:8f:67:e7:93:b7:d3:05:
-        b0:9f:2c:97:9c:b7:7e:01:7e:c6:5e:f8:72:4d:11:6b:9d:30:
-        f2:69:df:68:5d:aa:a0:84:f1:07:68:15:fd:93:f6:14:a1:f9:
-        90:ce
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE5ldyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgED
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFK+5
-+R3CRRjMuCHip0e8Sb0ZtXgoMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AHP+xduG7msO+GiF0g3BRAHRM12aQhSnqSC9ODDB8T7BuNlMuv09fKlmX5T6Rugj
-lE6NCRxFayHOtc8/5hgz0Kym6sX5Mm51MXlrGo5QBYaJ+fPpj2fnk7fTBbCfLJec
-t34BfsZe+HJNEWudMPJp32hdqqCE8QdoFf2T9hSh+ZDO
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem
new file mode 100644
index 0000000000..add056fc3c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 93 4A 83 29 A5 7E 8E 01 5A 7D 6E 64 BB BC 80 08 D1 AD EC 46 
+    friendlyName: Invalid Basic Self-Issued Old With New Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued Old With New EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUQwQgYDVQQDEztJbnZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBX
+aXRoIE5ldyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAONFtaBbEeY/tf224reAYPfWB1koSJrZRslSjHqNiok5MQ1J
+d8kfXe8BJafeKWnWfmwg4aoVR82DdeUlRjZwiypHduV85fP4Vt/BYAmlM3xZB9bX
+Pz0H4Frzk7//+RXs5TOhdpgVoCD6GmVvx/leAjdcPXbFoM+QmDa7ZZ9ef6Cdy71d
+4Wed7Ps/2NlGda2fBbVAeVE1RVNAeEEzu/6y431aoCaIZgNRMKqu6AhieUV9Ivzr
+Z4pdThxoR+nLSATSD2/hT+OENQuU58KeluxHOSSrNdcikbLU2dg7ZEeAh0lt8kJr
+IVmHxiXAB4ijXHjsExkbOrXtztcaZR89K/cko1kCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUdnzYZAQ0CU/fcSF0DwwWmzaogtcwHQYDVR0OBBYEFGCc3XbGoH8/97MyHZJe
+FFeD8q91MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBADwA+jd4g5vKoR+8C1UXnL8eCHaiO3TNCL58JLqe
+BAErAUSEzOtdZ7g4eefuWwOGiLy0gP8CmnZ8F0g9urAVT18h8VmbnT+h9sfUI/6V
+bcTourPNHdB3YzcwC9rX/wx3DK14NNIMPMM8vwLaroGNYvVZjyTWkIQGmDlZqC32
+ibV4zFYTaw+MuqcqmKC2IrUXQoNLE/aQzEKZk4rSs6o0l/0ikDrsQUgvJMf1DBVV
+cae81wsyvqyg+mbm+lBXnE8D3lfuQHZisx9zxCMmk/VHCtHG8FBZtyvuobSpfMKq
+uUwnwRtDO35UgLdA5/SGtuSvGrMUyjUTH/PK+VySElBtA14=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 4A 83 29 A5 7E 8E 01 5A 7D 6E 64 BB BC 80 08 D1 AD EC 46 
+    friendlyName: Invalid Basic Self-Issued Old With New Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2767B788F932E013
+
+xnFbMzgh5RkhuVCWZqr0bLQ7assqqQTViX9rNT41QM6gCGKywyGn14fB6i6fSRe6
+xeRXske/LUmJO8Vi8hcCANGj6Bb3WUBqxfGO2LX2q+pBvqh9qztx51/7uF0x7A/p
+w/1M4eIVltBJl3gpDzc78ISRUIb6KRAQswcNSOhvavlE+e3VbJ3iFP5c5hLvTBC6
+ogT8GcjpvQIMWHyDIZIXJuZyMojWhuddQxGplB4korkB4cSRcM0uleTSkyVFyjgA
+n/wm0k5juurwdhXP89Gp0TtiC3eL4+b7ygwFZpND81eFptXzwNCE1cLZX38ubFcU
+jY0cqufvpvCcU2afW01OtFObc+3RXPAjSz3anaX6Hu4etKZAjGw9fiqRcqdNTYE7
+GEzWqfCIAG/7mE/lcNT9HVJtolLQhjcl+LoYrWc5IWSuoJauZ7gs6/ENM6PPeU+h
+nktNe+J8flQLiPufJDdsbICYIBYyA+rBJWRyHAxb7WBrNFuFfrkLEKRAj39YlbzP
+ryQ92uXCLGWcp/d6uKYNuegjw12mxnP3yb+6ngUYQkoeZNXLRAEyWb5nO/iZQiNO
+RwDyFBmmJTFnO+dSoKE1Mf4EyppwrHoi/dITvqu55bOohIHQ4+XaX2we+G5CQzb/
+QiTreQudv57y1tH9alx9Hw6WdW225TpDDCNG/PI8OpQZLpK6duUoEN8I1tG8kTq7
+kJwOS9x8QymT0gIUQ5zOCH0SWHodM3+JdukocKds+J6St0YmCIjFpKNeMAEpg7VX
+oVjEWCEOHaDuViRerXiEkPzZGh0/BLqjiBeyTogXfjvN31hZAyxmDxst1MlwhiAz
+H8KIDqPZmDSxUHAYouulA0grrpA77OJFGXgINXxi5OtkEywe/6fmy0gWg+U/o9nK
+ctkURuXfJej398hjRI7Z2/gN5vM5GeDPMJBIp8sQrbZqueXXuyyXSbBV9X7I05WS
+m09jBpflDoRZANx5CLz3o+EXA1pb3carkCipakcHVunCCjT6RZv043leZVymREd0
+WmHngxm+gDreNJPzcxWpbj3lRsrq9lzZZHQRYosyga1fLOK9966G9AwJnClaI5EV
+Gp/fMMkBQS5n6s4k9uwX3m95PLkypG2gK7vyXmsdQGMx8RSeJT4gx/l3zoOibn61
+EONf9A7geaApsEDDoxS9i1m2N7dUbv73E0IUT4W5qSBidNCj+PniWB2ostRiH80d
+6r0GkvboaAMxfKTYatdo2ZURmFC0P1JNmM9tCuhhxBkQ3RGgnqgUcKE8vFV/S0Aw
+nBqatpC+r1KpmoMG7AzunAeA7nZJXkBbq8lGEcArKiEvxo4brDM+OnxE3o3Kn8/W
+mmpOwuaUTfNbGgAvwLYf18ltCqXHRwqm74T/o1pl9Ax8UoHVR2n3rn6ivs7idtDQ
+d4aEfaLer3trPOZ2Ljesend2A7P6mqvEAnF5bSebx+VE8HgxrEpnPUBKmx7DtIVO
+PGTedGW+Y8MOLBhtKQEcM4240pBCDSda9E3LkB7kAtGiwf9ncvRKlxRSwj5uhKSt
+QX5nyHBLdRv/woaLUhTJrPQu7WbIlHYBgjCDGvHmi5TCR3fXZqJqkg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem
deleted file mode 100644
index 520f583902..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid CA Signature Test2
-issuer=/C=US/O=Test Certificates/CN=Bad Signed CA
------BEGIN CERTIFICATE-----
-MIICcDCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDUJhZCBTaWduZWQg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGkludmFsaWQg
-Q0EgU2lnbmF0dXJlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw
-QAB1tOhQDQfPXGHNyIA/wyXWG+GAx10kyG++1vTg81Le2VcCJjiZqVFLmLfBA9n1
-cD4b9zSs2MrdUpnwVRWbHmeVYLW558PktB5UwAoEPQuV73PuRiN3GQQULGgh2AlF
-k8PciufvFGkmYEco5d8AEM9Gv3QIgOKEraQME0I/NQIDAQABo2swaTAfBgNVHSME
-GDAWgBRCG2+XCyN5H8EIV546pgqckIgf2DAdBgNVHQ4EFgQUfIdcwY2/jxziMCvk
-H33rpDMUuV4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQBgBJI+iPa3EWEHQqZr88JOAiU+tMO54vqLZ56J
-visDO48tZuOHCSkrqHvBzsabiTuHjDvcHtivavtV43IyHAnyrajntNrs4lPBJlr3
-XvTn5qVlsmuNGJqUrbxiyeNH/y1OB1Embx/RaoSOy0ffruRpL5PXyFvhn9z30I8f
-2zkCOA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Bad Signed CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICczCCAdygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEWMBQGA1UEAxMNQmFkIFNpZ25l
-ZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA16COIB4MAs+kpSoCuSHv
-grtYTFABazGQDi3rvkQzAbL4QlKE64PAaeN4S3E9A1wg7uWYiru7ZM2D4k6grNKR
-3QGx9APutE7yZHZt8Wd2upDOP62BTYHPrP7hWBSDWBmOKi367A3eviObljIH6BeF
-EY6XcgDZg3o5AisPFzKK/pECAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFEIbb5cLI3kfwQhXnjqmCpyQiB/YMA4GA1Ud
-DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQASa6C+NTUfhhObLuxx8/8DFxAuEv5l+BQV
-S7NV/MAZBPHBSw89ffEPEfbxBTcBYRI+UP59a/zHrzscTSqri7WoTEy/8tKIegHd
-QDjTSXNL6oYGiQXDJY/r2kQB2mArrcL+KzKkC++gNgrdoJlpk6+4lfaBLiETQNtD
-RBJVYzR5MA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad Signed CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:42:1B:6F:97:0B:23:79:1F:C1:08:57:9E:3A:A6:0A:9C:90:88:1F:D8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        11:91:7d:19:a5:03:4e:a7:f1:1f:18:62:94:fa:97:a0:46:41:
-        96:31:95:19:49:79:a9:e5:f1:84:aa:c8:dc:c8:7f:92:07:e4:
-        fc:66:96:9b:2e:8e:73:aa:ad:70:11:19:fd:8e:be:f2:74:3f:
-        79:02:5a:e6:2a:67:b4:46:d7:1d:8a:de:c8:d0:b7:cc:f6:85:
-        db:90:a6:46:9c:ad:23:09:47:aa:f0:44:45:63:f5:40:dd:fc:
-        75:bf:4b:85:2f:fa:74:09:f8:19:8f:29:97:92:ae:34:5c:6e:
-        6b:6b:40:74:51:58:26:df:95:b7:72:13:3d:b1:76:9a:0a:43:
-        37:31
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDUJhZCBTaWduZWQgQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFEIbb5cL
-I3kfwQhXnjqmCpyQiB/YMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBABGR
-fRmlA06n8R8YYpT6l6BGQZYxlRlJeanl8YSqyNzIf5IH5PxmlpsujnOqrXARGf2O
-vvJ0P3kCWuYqZ7RG1x2K3sjQt8z2hduQpkacrSMJR6rwREVj9UDd/HW/S4Uv+nQJ
-+BmPKZeSrjRcbmtrQHRRWCbflbdyEz2xdpoKQzcx
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem
new file mode 100644
index 0000000000..6bb7e343f8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 1D C0 51 02 E4 A0 E0 B0 BF 9D 2A F0 E7 6B 23 E0 39 16 90 FC 
+    friendlyName: Invalid CA Signature Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA Signature Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Bad Signed CA
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAxMNQmFkIFNp
+Z25lZCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQD
+ExpJbnZhbGlkIENBIFNpZ25hdHVyZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJpto6V//mi4jC6Q4e/y1J79mi//TInYf0KaP3Aw5rsaMhC8
+IJbEAdkIhfj6Skvg6uPj6gJB0zsmN9Tf8NVArEfcRwjAq7IvvDtVrDz6I5Ie0bFD
+8MGkcdP0otJIpbTTHAcefxoqQQeTCt39X9viZokrLeBHWnB4L6zE4d05f/7Wh8ca
+KlDiKjRQl8aIqj8wPsu4MlVC4jnSYTQ6wEd6cA3gJRygcUWkaLaVleaV+PYyUqD7
+8X7p3+i16q1DzgtL9yXUP1b0rt48UWqfGBiIkTNUB0zN9heA7GyI/ilo1Ga8THpN
+pha2SLqNB1rMWl3T9fRTsu0HGKRHZobhzGi7zJsCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUe90QO0rgyN1EhU6IPFqLzZkik68wHQYDVR0OBBYEFK0h9T1WA6JYJDOopjeq
+QZiYko4FMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBAJKcaDXNDhjePhSydqe+QrUBUS0YNqamRezwkiQ/
+NoKO8CMTNvta/bbq/tIYarPtac6n4d0rTuHURuCSC1l6VsruAWsNgn6Ja+G3nqeV
+MP8WM5XYIToIPHy8OMzCXfu04IV2dAuaX4igWL3hn0PXrh7JnrTwfnK5ytSbzxbh
+IWcFLpSqxL0XzEAfJz24325SbAyXqvwx+McF5UU34JHgEUQcvTUTXjr2Xp1i5moV
+68a0CjqYABdZ2pDpHAWoFzvVrcv7o93Y+/DbR+5dVpuN2184q7cJcoez/c7aSp8W
+A7R6Ggi+lJEic2RkktRRZTjh0oMM0ndj5c9Ya7CGfEN3gEY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D C0 51 02 E4 A0 E0 B0 BF 9D 2A F0 E7 6B 23 E0 39 16 90 FC 
+    friendlyName: Invalid CA Signature Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AB5FA72411EBEACC
+
+W5xxITU6f1vDKkdkfxFdGDxGjjQPgqDQzeqA7LqNAtn8uc814vH8D5HzzMTau2HX
+M/NMlo21ewfEUKlm7VFKu1GLnTKS1gOJ2KQTg6/IUTx+OPPN5AnwFZsnsJ2z1RqA
+M3VZQPEofeODlNBTxujCQr2TR+F2pQd/uZCuiiLtY/I4YjYMu9ueyycgyhh9Xu4r
+UKqaQD/JYtSkW+pQelS+pK1FoHn+5wOUXEO+02cAn+n9L8/1ztSZalEZcpmEZ60O
+tXNhIaPtAVlMKRh9LP2kD35deL6I7VDEeqLrz+4L150w9mCNFEYeiHrr9EszeGf0
+KAvej45ALQqZhVTPhP8ySZvUy0C7bVk+eY3XWZ9BIevmIhoruZNGFapoSSyDbp0j
+FBXptGYFi2FUKQClSUAg6YEoHV8Sh/r4vWJBdhWbaiGSl2umak4kTE15tUdv6QuJ
+qWcEQwgAEGhfjm+fCJ6Pf2KA6R1Ywe8TulmCtIjEPk6+jTQ4AXEqfw0gIvQ7STYj
+9kwTeYvtYODk7QHYBUEH30IQKTj/KhDq2Ld8/2V2GDPsj6zTzEM8PW6UHZj1Ngj6
+14qFEc21iDRKhAiRjQ6G40mZVtBdONL7HrG6CKrAfsniEMXrdmceRCI6/mWmVUNF
+WQzQUbMUtFj6h8aemQhUUR+AT1MgzKhNQwSNhKiIjmGRniLEaZ4CkAuZyQzwmr/x
+GckD0Nho39EhoTNGHl08gN6yQM/1mYf4lQg0w6DZN2hazEplBvnn87b0BT0/Gji1
+WfVGIsiYqnhtP9pC12TQbQnpg3ICxZBKLsrKxIdnMlwJRidKhsWzWRuDrwa9f4ox
+6ZAGYICdaaxur2xwWk3xQrzRgSJOqqFh99U5VGnASr76OoX58yLnF1UvB7nnhaKK
+GOKVhgRnIqB68Vr7FBAAy0qq6o2xQZD8djMsTHS0Oyl9bzy5Ov8eW1+1j0uREfsg
+Z3rGVxcnPdQSvbN42xHF2qJ4P9IrMZB8EDfVLcfuUKAb8VsT0eN6gR5OsWaOlHTu
+C+DHXaBgp7qeIFCDKZYdj1mOEhSoEVI7h4IYnrqlRAD7U3sYNNMaWLiZnu6n6Lk2
+ECLUomojHHljU4EoJYGVft4cDy5uijcZv25x60wJM+RnqYr6Xt0ckHWYLwyBp3kW
+YSlRJ7olV1mJqJp9FekUGcbR09KnOtksqLiaS2PSALTU527bFAVeHZCAPtk/7T/A
+I/Ek3TTaLSvj+3gA9u7Xdm82w/qxfn2H0snLaCyU8LDT5Y3JHD27gmCKBUqVAAHo
+qzSUOPr93j5LsXBRx7mcZPESjz3MmxZxYovo/OKtT2JDRGZgxU9BjYHpEW8jIdna
+qpXyvCLaz7zd4zSob530Wnhg21X5KKOhsatypGOkedBDBoGyMOOJyIycyhloHpCc
+GVti6QjBrx8tzYjJ8Zl6qmyn/NFftRK4S1+z7Hor68rPC/E5xgKWGXIR1BG5X7iw
+JTmzqVTLhdKDW5J2juyKMRh/AInLl4cH66R226yhzka4n9XR8uPGEfAsj/0RYkHK
+927AA61HiHcggeEhyHxxt7xxNQKCwJyy7XRWvHd+h8XVaCB3PDVdgQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem
deleted file mode 100644
index db8f821780..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad notAfter Date CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0wMjAxMDExMjAxMDBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIG5vdEFm
-dGVyIERhdGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO8t6F1gCSiD
-eAh0EXEEP1RGW1G+zM3TmSeKbm0GLmH4SJp7HbsjBab4wtNEVlOrYMG5phm3dro3
-P6YEmVt0q2yzDo8OkpfbYwJEy6e/vdjF9itss2yajms7qA6xPbggpdYElK4y/1Ei
-o0+nUli6dZQpEz7/V5tSk8S3zvh+lJ+jAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts
-1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQtDCY+YSMuNxOnyukyqVHgELUF
-MjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMDkUbWtYhitXM+mGr3TBaTgM
-IlnMLUMsqxka0EQ7fiEaLtVsOD8CjMRKeNcWo6ZwVfJk7EDOnV4+E1TlAzNp1m9z
-rHB+fc97XJlIaQwOF1WMnjaZl96TO5Tb8FIaebsIeknz2m8IhfZ/EuWPfqs37ZxQ
-b0YPNilIGsUSrT3rTBk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid CA notAfter Date EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Bad notAfter Date CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBub3RBZnRl
-ciBEYXRlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYDVQQDEy1J
-bnZhbGlkIENBIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOhmxDd5kdaDqSlvran3+R64X7ilMaOb
-DINojoBxIW3XAxrXD3TFdV/twdn97GoxEkeh14g1W9IV7RTwfDoVf95tjNli7Zsg
-ye+NVj1gYVV+DdMpxy44biOW6s9l2wRqNqoeE1AFSj2su1PgamWIHiGo4BQkcE5F
-bMwHbJCR8znNAgMBAAGjazBpMB8GA1UdIwQYMBaAFC0MJj5hIy43E6fK6TKpUeAQ
-tQUyMB0GA1UdDgQWBBRsW4S+GLLshXYDAKY/yVcV2NlPtjAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBANJW
-FdT2Ss72xFAtOuGm5EoRp7tP32SI2iyLmeLRi7YeIo/95FVK6xVzjZ8zT3pjyKvx
-7qe2O/cF9SyQssnebmTqLJQxCeWHWzt0BpbI4U9GZJF0vEeqTU/psLhr6p+20T6R
-XmeWECYyRGe0Wmndt5GJ74PBYrUjR5mtDojhKn/o
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad notAfter Date CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:0C:26:3E:61:23:2E:37:13:A7:CA:E9:32:A9:51:E0:10:B5:05:32
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a6:dd:d9:bd:87:0d:1d:95:02:a5:1f:92:e9:dd:bc:1f:16:df:
-        b4:5d:31:d9:76:6f:06:90:cf:da:09:6e:f8:15:1e:bd:41:d6:
-        4f:a3:f4:78:a8:67:96:1d:ef:8a:c1:77:e8:b2:83:81:5e:d0:
-        f3:53:36:a8:78:39:d2:cf:eb:b7:57:e6:13:ac:33:87:9c:19:
-        64:08:a3:14:5d:71:79:b7:10:88:93:44:a5:32:79:85:fc:fa:
-        a5:a5:81:d6:99:60:2e:a5:2e:2e:6a:60:41:29:70:2a:27:b7:
-        9b:52:75:fd:9e:06:e2:80:f6:6e:0e:19:39:75:9e:a8:70:b3:
-        ca:d7
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBub3RBZnRlciBEYXRl
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBQtDCY+YSMuNxOnyukyqVHgELUFMjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQCm3dm9hw0dlQKlH5Lp3bwfFt+0XTHZdm8GkM/aCW74FR69QdZPo/R4qGeW
-He+KwXfosoOBXtDzUzaoeDnSz+u3V+YTrDOHnBlkCKMUXXF5txCIk0SlMnmF/Pql
-pYHWmWAupS4uamBBKXAqJ7ebUnX9ngbigPZuDhk5dZ6ocLPK1w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem
new file mode 100644
index 0000000000..3b3758fc03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 71 89 00 06 55 9E 49 96 C1 F6 06 A4 66 6A 0E 6C AD 32 17 AD 
+    friendlyName: Invalid CA notAfter Date Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA notAfter Date EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Bad notAfter Date CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUQmFkIG5v
+dEFmdGVyIERhdGUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBm
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE2
+MDQGA1UEAxMtSW52YWxpZCBDQSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRl
+IFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CcZ0DqE9Pw6
+P0I9jfc3becBcujw8y+uEiSGI2WWZvtY/5cEnif001zkbDJYCCXsaegUoJeh1/uv
+GL+wFCAw9ZKJ/po3NzuLSq9ER+jZrkjQeskhs1TWFVAL5Z1HphBRruutpMB31nhx
+P6MCP1ZS1wxbWwZRTtg2yINKqX2wRRGTIPB2dWa5Dlv0UL7DfypPfQsVoQF6XZ/7
+X6yWyYmRsiL9OJRh07ExsVAQFALZ/6tIXrWpgyQWRJInygoNwmkSTTc9gmetr53d
+5e0W/EPBSr8sCbmYpDI6MWJsyZvh16lAc3Zf6sx1PHJtaZ9tt6/WJ148aLV0ffUS
+gnvHrdBjjwIDAQABo2swaTAfBgNVHSMEGDAWgBQsDv337jzzpGbs5wWfiLPiz3RG
+2DAdBgNVHQ4EFgQUc086TbYTKqLTmNpBE0qlpFjKkKMwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEANsYL
+aZkskh6vUFY0z42Z3HqV7ewk535l/Zcqytm9JFoUtt4tX11iVVLvzKRzE1xRZQrI
+1SIvfCSexc+vwMjw4bIRV8PSytQqXI6R27RERT5RLkpSBFfSXYJXrl6z4txFcEGD
+ed9220tfXUDOt5lZ/V9qlvOKInpq1gKj2C8mknHDYm6643I4Sefi+Mw5M3ohPfEs
+8y1AdEwow02R702NYa2dvBDu309BpjryhYrRxfXezN2l0Yc7z8Y2bISXclx3W2dh
+dqeABI571GE28EkfhPbRKuW+yQOUnjyMqvik6y5A7jtnFicTeoi/IIT8COWEg7gE
+/6N/kRUqqgeRucK71g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 71 89 00 06 55 9E 49 96 C1 F6 06 A4 66 6A 0E 6C AD 32 17 AD 
+    friendlyName: Invalid CA notAfter Date Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7AF8507B66BE68CC
+
+c+7/e3hmItJX4kdcx342E2hSdfXjFdUSN2T7OGDruPUtWjolA8t00FXibbhk4HFn
+J/PB5+gdQaouG63l9AIHGpSjIfc0djUVi+fr6ceQELkQ0JdsZvgPLD7OnRIN+GiH
+GGkiLschzGxHi/+GvhpACDSgPOhuOkO3aOaO3RfQxLmWNo2Ufpulh+pmii2mAcwz
+F9IblPWkFHj/86VQVxWC7OF/XnydfZA1QBTGOp8XCnmyUErrcXLqS9RsaTupxpzs
+MZINtHcluFL4jpoNDzkgmxts1zfqSRJAbcwzUd3OSPAYXHg5/NPt2PGRL+LL54YU
+D8yczY+FGwlVJcAJ6pVv2LJ+Qah7ynoo265+wtPX24WpdoecqPoBmYaIYQmnPAay
+CAn5Rgs3sjtfmb99/P3lOUsmguKbJCZFmnGEDzZHBlKDw2Q5EpyLGXV6khVsmaUC
+/+8BAeUkuHwA9tHYPHTFnlRSlN4eDVavE6dkOWXrgE8zkbMNTfxqi/UG0kdQR0RA
+P1ND+jLEwst5fauzSIIsTUwwB0M65fIdm5syQiLuyV7B5BwKshE4dbjFRSBMBWiC
+pyA+eEjuVwn9AoZLcnWyQ6nVtRIzx6YeP3B+SoeDpboTtXIlfIveO10bffctE2F9
+hsc9BXzWpjSvqF4uWM2dDnCTOhXDymOlynZQLphTChILPJihsdWtzIG6wtaJaZU1
+ucWncCwv+3nx8L5cH4PXHvn2gkCeHo/6E8maZwwVpfOWcc/azhS1F06jvIrN9DmZ
+wFBve3317ehzYAc4TpACqUqtI9oZusH84R2HBuATBBimzkBJjkMLGJy782MJQQf4
+P/uJJx5Ov2Op0YfSYrHxWlEqLnpKn4gLCzro7sjwbBp2rrZ96LL8qIxcOzisXz/t
+XYZiJS+PZsAsXHCBUf8UJ2Bb31Fl9HSKXqIUL22bOOtyZxyeZR57bZGmnsfYmjck
+GNPa8ZRupbYDCDiCPWA4cOiiSvqpPpr0ABYptZh2KkirQJ9kkU6CLnN7wjGCPJTd
+g89MxnUWF/FjdTcD8URi8oJ1EVMi28BqvYNLBtoG+oWCGZeejSPOJgbM4b+5gLBq
+AJqB54BUX8IoIW0So1AUwj1OhL5vsFYByNiPMe+suCLLi7KrljqROMWtavgEKxcE
+7VZEalyrUQ5kW5ctZ8TVjW58nRBgP1oQRaspqox5L6RxnGUpGlI4PU0/E/HAKcFm
+v0XMwoG2+03Sfa+H9gXjsjP2C5TR8RVb+AqsKKMH3FczH3h2mLVran/AQe72z8Gy
+h/LF4GtN/1W4tDWX9WqCpWzdhEt67mA1XjDtR3XmLjOYXnS1gcvcPDHVltfUNKYM
+MfjFepzaU57WmCy7o7LgwsP3qkhS5Cb8N37hyhCutyASsaQ2lM/AQu7SK2Lmwanr
+tGIt85QmIiSMuamLDz7RvnPQ+AaRwx7MRu9JMiA2ck1Saa2mdlHE8RDF7WylxSQ+
+91KDyN1ea+98COzfG40/jbIuw5uJyWV/SCsz/Z3WU18CKBdfRris+uRJRT99LIMb
+DkQPq+iK7PTI6bxDVCjUmXvv/Rmn8C0tnskXDMRP3zwVAewg4hjluwohXwUr5QOO
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem
deleted file mode 100644
index 6a9d14d41f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad notBefore Date CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw00NzAxMDExMjAxMDBaFw00OTAxMDExMjAxMDBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVQmFkIG5vdEJl
-Zm9yZSBEYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJp+RthgxM
-5Y+NQaGv+L8CNjnEejXyimG9JuXmo6Uc6ZjMhYgIlr3iAA+dcZRCJhsJxY7RXaS4
-q3rRLSR7ROQdjSDNbuGXRht0SGe3MlOoIJEqFVGWppp3BVY4GUwN/s5zmgj/vE+2
-eCwl96Fk8NWIm/qvugmG7+bvAy80zDvMLwIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUHnoz+COKGJwqbE84ItXL/Z2Q
-fVgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJpC5ygICALpvY5i3Q5a3179
-Ao05EA6N8ZKZHoS49lok81lUMy/MLGY5zQlggicV916WyTdDd2CO8q/lSCMTRO3C
-CrsU9kd4w1V1J/OnfYDuHoRIH0hqowTdm6bEnyMhuq2YnRotAKhkX2g/ekDYuC9A
-Lo8Ispl3HslMbhf/mhGj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid CA notBefore Date EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Bad notBefore Date CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUJhZCBub3RCZWZv
-cmUgRGF0ZSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBDQSBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuT/PBuMdSN+JtQHVYA67GVmByJJV
-4dw76fphkGkaVX0EhLBs1ZK0jH4H+/rGlzrmDGTT5k2xwYc73ZJOkGDq+5EPnKy2
-0MMuiU34oORcfElE/rYu4tqGwh9aARFDBpjzBNqCNMTR6wD5uIJ1HpZI3KfyuP1b
-sX5KW83tw4qRbmsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHnoz+COKGJwqbE84ItXL
-/Z2QfVgwHQYDVR0OBBYEFGl/WT2zZWdmw1t+EsACdTdTWeWwMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-bf33IqIzT3eBs8IJCqw6hFy40WjrIDPUgfNMdPE02k+Z8/0y+QCczqm4PXynRsyk
-Zrn38tggQf2IVs/q+1IJsZS+3FWaj/iucO3twNWqPGqq60uc0xwpRhbIx1V8s1Dt
-1Jh1zD4+KU9o+ai5aN2ErGWfCjBpIlFhwI1XXT0NLKY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad notBefore Date CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1E:7A:33:F8:23:8A:18:9C:2A:6C:4F:38:22:D5:CB:FD:9D:90:7D:58
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8a:4b:5c:e0:02:33:0e:3b:5e:59:a5:2d:7e:5c:16:2d:22:fc:
-        b4:11:aa:00:7f:9c:51:f3:38:85:a3:84:33:3e:68:e5:7a:0d:
-        d9:e1:c7:6a:f9:48:cc:f0:ee:0c:c8:15:b4:41:b7:a6:20:2a:
-        9d:68:8e:74:dd:b6:ee:eb:03:ae:fa:4d:50:c4:80:e7:7a:6a:
-        0a:0e:eb:64:ca:a5:a6:64:e4:98:96:75:f1:50:9f:c3:a6:c8:
-        b6:d5:b7:64:7b:8e:ce:40:f2:bc:13:1b:16:52:4a:e5:8b:22:
-        ae:9a:59:a9:e3:a7:44:0a:8f:92:b6:15:76:cc:25:f3:c7:a4:
-        1c:f0
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUJhZCBub3RCZWZvcmUgRGF0
-ZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUHnoz+COKGJwqbE84ItXL/Z2QfVgwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAiktc4AIzDjteWaUtflwWLSL8tBGqAH+cUfM4haOEMz5o5XoN2eHHavlI
-zPDuDMgVtEG3piAqnWiOdN227usDrvpNUMSA53pqCg7rZMqlpmTkmJZ18VCfw6bI
-ttW3ZHuOzkDyvBMbFlJK5YsirppZqeOnRAqPkrYVdswl88ekHPA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem
new file mode 100644
index 0000000000..832f36523f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 85 27 76 BF 51 D8 74 A2 97 51 FD 88 33 89 7E E5 84 06 67 8A 
+    friendlyName: Invalid CA notBefore Date Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA notBefore Date EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Bad notBefore Date CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVQmFkIG5v
+dEJlZm9yZSBEYXRlIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgQ0Egbm90QmVmb3JlIERhdGUgRUUgQ2VydGlmaWNh
+dGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8ENtBwoEZ
+CsDl8JmmxVIgE7Oxt2NxKj5KrXslioWozKJzjRKKK1N2jHF/RHEmzFYoolOnNMJJ
+gIFFYSeAeJshYirpGm9mI5xZ9l72ZfaxtA7SA8m2UhE78WwJJ+oa82CDIiqoOCEm
+26yEV1M8OgtFFu/g3by/PcknMXXLd3C7zYPynO/ExnHUfiPfTsorYCTEPqr/p7Ds
+yGjTRwdNbF9diPObop4B29TZanZ3gYOVBOTn9N0k1oy2eLF12W9W5CwY+FgywI4R
+ZMYQHNK3XNde4KuBoUxgXdAGUBzL/Puz2LY3Vd+2AjNS/hl3i76SKKwK9VrbUkXl
+v0EVWvc00ZDJAgMBAAGjazBpMB8GA1UdIwQYMBaAFGM+vBqe+6HyWaEvS5X+5t5W
+uIZAMB0GA1UdDgQWBBSp+Lh7Vm9xnfn/IdnPPSVIJfemjTAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBK
+OJZjmGp4sWnBQ541UKsMzBO4X8+YGKPA8tGpC/ZjLPG/G7zwq9IUaKekb6KZ3Q17
+KeX8YwORze2nSsMzAkED+rJKa8Bgx7+OFBU10b5qTdVc0Ac9PCDhhq9CGa/sj/yv
+ggEXLKq3f2BRnDLKdWO20hR2+FkOrmqtDx4q7wZQDtspGFl20AigOV83joWKHPcB
+DtjS5/N8zxeOzciNMHhxy1Sv6A9RCUw95ujhrs7c6WM7yXqWbsWhF2sT2856/FIH
+m+Hl4rSmu2MMsrZbcWSbga3AbanFdDX2wsccdmsqAPBzYGpJbTdR/s5HXnPei4fw
+PY7kH4Kc9zHuOqFxkL6k
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 85 27 76 BF 51 D8 74 A2 97 51 FD 88 33 89 7E E5 84 06 67 8A 
+    friendlyName: Invalid CA notBefore Date Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BEED679442F2FAAF
+
+DS4CtEvKIWfQlTyjruaWDz4w7XphOaMNg5RW4vKNL/VJ4D7UKOH9VqCPFrrdsybI
+S2BMpR3vwR84ZKF2ZOOjawzT9CC8ZFAjvCCnVJgetSNI93bvbrM6C38wwro51y9N
+P0vjOF1IaK9JZ/XPWG35Q2h09Z4oESK7HZyxD9FpiCueNW1wM5FQ0kGQdhvLWQaA
+S65EkfZZ1dBjAMywmxjsFdIYU51p6kLFhvh20p7ev+Y1kkwLiYB3/Bbo8z8Ktotc
+1bPC9HS0tjDxRVdg91uKto31VRRK0Lqi2/L5NsInQtxgGWkzxFgbM9BsmZ6WxJn7
+by5FvlzmNvwQZMwIE0XH5y+35RCeRY6Iy8FjbRO60567gh73b5gM8zD3C85gD0EX
+uZFJ3nBn+AaUaiPi99y0Vc+JKJmfVmGQ007FIQgjdlOO/XqPoanmzagfETI3tqgC
+blvTsK1eFnXu6INi7KkxQRkGqYi8T1LqcfKXF++woL6U8d5ypovRwtGWJPKc574h
+xagG5n0sw5/nTPH1YiK1KpP7/VuxRCjuWG9kQ8QPp0HsW8pRSZQnOUR0ySrRE19A
+SW6jO/1QZf75WkQFtGVYrA0GDfVzY31d8qtSv3+kcp2hkZuudqoEpR8TrZCgoUpW
+6sWOKEifzXTO1r3Hw9iPtP58BHDX+/Ojv2B+u8Jocv8MMicrxVaiEGyOtttkZ63Z
+uG4e0JBkxhWvztDP83/BtWRxm0yKs+PXntlIEz25wg79vzcDNZg5pP3/TW8GkrWW
+WxO4J2CzgVNvrWih8W5IGwfytslFhzzkNJRS3kY7CRT5VSWHu8pCG7scN8Vdia6Q
+1yjcxu7VwQ+lU2qbHPQAmbUqDU+F/Lq3SmMZ6fN9FrYPPoxAHRH9d+SyA9TyJdNQ
+kyxtpA2jLX66g1gIcrQGeOSIEKgWRi1XinUaMMRVeHmrjtYyEmKh/ydD+bZIDueN
+Lwgv3Gxwmykhux27PPo2LAP2Ep9+O5TCpDHz95mlpQrH+e4/up/x9ZTXCTMzp+tA
+YJ5CYqijDG/yOL2LPC50AFup0TIcF7MUlDMOrAxkZpjxJH9SeM6jM0voC2eASuQx
+9Y6ZWROyk8xNh0agvY/iCkjC0ko2hSANEDAE61+JDuby3kzk9s0XEtTw/c7lB1av
+dG0ZjaHcmlLrXpa97fdLVl5p09RU2mXkI147575EN/7odJFWPtbynSDVQpHRBtwB
+6yAR1nU0FUyl8KbJ7L9jbnPKPVqXsHSta2tpqNWCMN36d7688lAs0i5tP1vVDkxK
+LdwJSh964kFI0eYhrqyS08YIlk1x/HWQ6O+J/+Y4TJlOT5mkoJePzmdlBR4V34Te
+tHdbuBk4O1hQvw2m9WKNKuxgb2W3j4AIvc0ZJRJp9yKLBcPQRJroMeeB/kjPfGG8
+Qnxuy4ZRbhPaoRuJllTwunPc2m7ejbHr7yhJTEpGO2eB7YXjO3dGMMwIh1VZ9y2d
+Vdp5MJzNIofqXBfG1JOMQTlLkInZAAP6RN1PklLa8wzuelUIaPsIU+EYUdyvWhdH
+G2rOcQ8OhSZd7DtoSCqkjunKF3R8SwpX4aK4KRIxdg2L6cbLV4ZMxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem
deleted file mode 100644
index 732af1b50b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test31
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICwjCCAiugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDMxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8Xm5JY/SJcUmQCDr+0GM+
-besWWL+OVllIdYjVus23p+8nx/r0PV4GQIKxh/12lQHPVKesX5OzuXUnlrFs0MNS
-hDKURr8PbBBD9pCKfwqTuDVGjcYNbxgOR7uCxwIWs62VK/yw3NqulTjTxjVba+Ih
-NDJEggvzeyEavzd9UoppGQIDAQABo4GbMIGYMB8GA1UdIwQYMBaAFHXnZ0cYCavx
-iIjbno3VF1KO/HN4MB0GA1UdDgQWBBQvlbhY4sw3ciETxMClyRfo7svC/DAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMC0GA1UdEQQmMCSC
-InRlc3RzZXJ2ZXIuaW52YWxpZGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEF
-BQADgYEAS0/t3TgdHeRWJY1IdcR6w3gBMrNIweoAzXNnKgrodk3esABKU4lZrMr8
-UMW4sDbD1yNjLhGagmSj+1joyqYLTCh0NYgGbj7xS+zQfAGBdbctVpKYJ1l/pmxe
-CVPOHHU/YkBHnWMouumAnTpEcgbtHTMvsxQNef/pH9IcCBlnOSY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem
new file mode 100644
index 0000000000..7271d9b923
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AB 42 AA 02 73 01 C7 1E AC CB 57 EC 44 91 72 EE B4 07 CC 97 
+    friendlyName: Invalid DNS nameConstraints Test31 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test31
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIID0TCCArmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWz
+PkxcjfrTx5HDvt3XZVNg70GescrEk15PleNAp9F5sKxnbKvlJXk9Ei6imacf6tqY
+GH4gtc0fdD/Tk77oT26I+Q6E/hPk+QvoFi5CyHEKa1EsupAWS+/yudrVkKCxQgoi
+43pTUFPVZf2OgnTyGAqR+n4EjOeFKCQbXblGQjOQm0gHXiSDqYgsAam1Hw3P/R33
+6SNSrs1ClBL6m2cLE36e5zANzNfl9ev0avuc2QS46XNteE+Dol6d6B0StjCV2CSi
+Ipl0tqvurU/fYPJsYFVVPt2cdHEmig35BY3R+A+LLyYtT8j565p0tsoFtpTxC07e
+FaV7CAwwF6qtUj0TpPkCAwEAAaOBmzCBmDAfBgNVHSMEGDAWgBSxqhfw48/M0qeJ
+poMH3f9u2gfjSTAdBgNVHQ4EFgQUcth3X+ns0hx1Nih4TvYCKoI/bXMwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAtBgNVHREEJjAkgiJ0
+ZXN0c2VydmVyLmludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUA
+A4IBAQA6HLry6wY654Uab5ADefymDgTAUI+zFlTB4rxL+zz5H01iwjyFOQDhkpWO
+yJLbj7Ncwr1AZW19zYAeJ9et3mWTv6assHW22CRecv1M/oSFGmNlbTUYS/UPO4wc
+rCOx4rAnTXwIPaUdzF88HVdGqlTr45sUuH9OwQDnPmb+TKLCkLfRo+TUsvBhzjeF
++tuaca3sFhLvw8hZixlySkpYRmQ2Ih+w16G2ocA3tfqSb4U+vhM4PAqeRP/E1i5K
+1WRY5ZTuSn2nMS3s+ItayivhPoWjMBa3+LIqvlZM1vB6ALREKt9ab5B0lj9IO3Jf
+SHQ4skVRdnOis7u2cSrdZnbCy3Xx
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AB 42 AA 02 73 01 C7 1E AC CB 57 EC 44 91 72 EE B4 07 CC 97 
+    friendlyName: Invalid DNS nameConstraints Test31 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,97EDBBB8B797E455
+
+5vqItS7ic0Fq6H4D7dklCCKzIo8FvyQsXz4LYVTLhRbBnAx5hO4oNNQB54+l0gpj
+zHOQUnJoexwy/3ozzhs/zRLswktS0b0gBOo2aiVnO8ypNuTFfOUuWt+lj3dx1UAe
+ILT5kGJjsI0wqEB8l9gZtm4042m1TaWuFTaMrQYWsb0DIU/Enf3XJmVDRwO2o3Sa
+jze7+pX+okd86ZHm5MAXSFPdAakWOz020sL9vt3EMue93lwP0kfn0FYJTnlJ5Qaj
+hez0VA3y17gzmT2TJyEYuI66wxLXPgYB5ppujH9DPOscQsioumiD2b1XhruXb9u4
+rcw8ppML7eyV/gB+SC0L3MkSBL7etxB9Is1RyyXh5WFgIn2Y/sLzLgWCxG67JVQ8
++Vfu/IevfQ1WwjH6JLLY6imBbNXyKLXQu9jjlH/IwixPzIi+LqjTcq26W9VBZkB/
+LOCmmO+t+x7LKUyFzeZ+sq5wKjVpVKV5mXni6FXKgmA0zbx+MK27LkGbd71ZEP/J
+bYp5oJqON2xKaXs+oAs/9KCHlz4VWCUl1yLxRN63XbhLtRc1xlQeSKoqzmWTQXdN
+xy6K+sutPJkLbmleAVDy3exyyz7Zs17b5Tk8yAUxdGpxnyYgNmOmjpZXVsxVLuz/
+TX2mAHAS0XHjT5Ry+oRwi6HXu0dGkpWxE6H96vhbQCg5boPz4aYj3acOqkXDQ0y9
+4LasYPgO6EE0u+tFtgQ4tHZ2MItQ7Lun6XFOMfBqAYYISwvrppNOO0VPd2ra/gd+
+1XVbWLCyM+C5HATHNB4unsEX9A1zqzmJeIJzRlwPUOgS3gSGULFoHjLS+Q6gzVIa
+HQqftYuiJ5oKw32UAHZK70WXbNd2yO9oOOWAgK06C1d5PDxe6y+eMb3Rr80upj3T
+OsFni+rOkX0TxT/3t2VXB0sxX7fw2NkvVnACV3P+udjqQcqHPQy0M4n5e8N4qgmS
+wnVosaDxL65vyRHrl3rDMsi0yCCBE+vJCvPPK2jmy64IUYsGi70Fe+K/ZGrQPkam
+0B6CNbF+DzOC8OHK4hZLMXhp5hwWSYmai3SMTJ0l366bajY24gN9KQVZ5Y+G1QCj
+3DgE08T3XhiMbz1wlTleQ09BmMUB4h+LPhSG3TdsthRCg6SBDq2eyUcLDU53XEin
+jWElYmxDV1XRTRHHhT1VBymtSKSvGwRZLFYhbTxWfpH7FgBxBdxyfeRLaoJLIsST
+ASKTuts+QcTQ2hadEmpg7kNZXmJ/Ccd4iCmiP/oV2P8vg7W4MkvUVk4ZIJtdNRlu
+L2Mg6wkr7Z8ENasEdDfCULwNlYFEE+AiDqgwl2Iw1fgVbize+eEFzwCNQLd7f8r6
+LlveOwtnUlVHqjDe/gOb2CuenWhVR2sNYMHImDMr13Hmxfsv9v/bYJSVd/jcpcfg
+1F2umrq10UPFzI5Lth9vWiws8AtJ88E7hTMJTRWGna2BHA/2Mvg3O5ggYacoNcUl
+sCFCA+hKCngy9c0PnqnXDLLtPT0HWIo4t7K4SQ2upcbU5PGrHYfitCIIjEWqLN/J
+Bjg1wDGNxsQ20K/2CPMYaRac1g4MXahKQWRiBWbq5asv/vrEJTmbWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem
deleted file mode 100644
index fc1e759012..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmefIFU
-RUgrahNMyIfzibuPD5LXv1aF765kc/ROx4BQYuBUZehjaB0G3eHv0wGu5rSJbnoy
-Lpdv0XVvBKEai/K+9iIereljhcwZzKTbHHvAdhCtgImX/Zz/KZ7OU4GZJGkdcj9r
-e/szQBEqTWkWB7hT25WM4ghi5xAz1Tn3foOxAgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFH6Q3Dvq3pzSm0JE73sa
-zW6PkuC0MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYIXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAekwpteebcTHJ3RTTqNmNlRsw
-aSa2MtBlaOVNyWi/Qsgy/LO5We9Ahkq56VlKB4WTWCFBdrbbnZ4k1Dpgj+NA8YBD
-Ysuq9KofKqycs+alN4JOOMtKHzbm05wPqkhY1qbBFAUbrEm5felp5drbJys97mCX
-bm7XHTxTuImtWM4ESC4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test33
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
------BEGIN CERTIFICATE-----
-MIICtzCCAiCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDMzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxL/NbfBumGy235WIg06BG
-/D3/nRm8g5DewpBeSbgEPD/1yljXiblJ9TItVB7HrbJsewZWk28/396FVXb69SeD
-rmYXPflrEmgQlCp6IT0axE+gS6zTeS6qCAeHVWGLLvKOx6/9j/xqw2zUUDb1kZTy
-IedQLQlkNsdE966MUxr7fwIDAQABo4GQMIGNMB8GA1UdIwQYMBaAFH6Q3Dvq3pzS
-m0JE73sazW6PkuC0MB0GA1UdDgQWBBTg13snqN9OjzwRLPdrP94IHHcERDAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCIGA1UdEQQbMBmC
-F2ludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBALVLczfP
-n/oPIoeyzrVNW7swi6hL0k/Hp4Ki4rB1HA+cXcuGMJTM1mnk7gLd9Mjjyp0Iz7DP
-82k+Kv+9+EpOWHhwkvAJVJisKGVO4NrUbuxGhoYggP+ig5gsuHAfCAlzLfzQgW+V
-BtejP9VrkYTGxKno9uiIjXfO/VQ9w8pB1Kci
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:90:DC:3B:EA:DE:9C:D2:9B:42:44:EF:7B:1A:CD:6E:8F:92:E0:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        02:f1:3c:9c:25:d8:e5:f3:99:97:72:47:d1:94:a1:f0:11:0a:
-        8d:ef:9f:4c:c6:3e:93:23:1c:76:92:f7:68:f7:8f:9d:d0:ab:
-        7d:73:20:ba:f8:ea:1c:90:10:59:01:07:c3:11:36:15:70:b3:
-        e1:80:3f:38:65:42:77:78:95:79:6d:a9:88:c7:54:59:b2:52:
-        9d:da:5a:58:a1:73:1e:07:78:00:01:67:02:41:9e:82:b4:ab:
-        f3:d1:74:00:8f:ce:fa:78:8b:c5:ff:ca:40:ca:88:90:ac:74:
-        78:41:4b:60:85:3f:43:31:7e:1c:60:bb:3d:91:09:df:9d:f3:
-        6a:40
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR+kNw76t6c0ptCRO97Gs1uj5LgtDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAC8TycJdjl85mXckfRlKHwEQqN759Mxj6TIxx2kvdo94+d0Kt9cyC6
-+OockBBZAQfDETYVcLPhgD84ZUJ3eJV5bamIx1RZslKd2lpYoXMeB3gAAWcCQZ6C
-tKvz0XQAj876eIvF/8pAyoiQrHR4QUtghT9DMX4cYLs9kQnfnfNqQA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem
new file mode 100644
index 0000000000..98e9795eb3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 37 53 53 19 AB 78 01 73 27 05 18 43 EE 87 32 9E C1 06 7A D1 
+    friendlyName: Invalid DNS nameConstraints Test33 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test33
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAq6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYb
+B1v9GpRI/WrpcpiPQwAnQbViU0MATTXN5t8MypI72+0ExFrnmC3gPpZkImwXOlIn
+EpFA/EU2xNrc5+1mzC+rfPUzZ9W1xpM189Nsdobp7UP8laTGpeP1qB/5bYKwHr3w
+poPYnm189HfyTcVfOBqrb4w8SxyfZBZv9znzHlNayguKAgx+7v1IBrPSYz2dQKpm
+44UfeKpdRLfBYmfwtFn8fo7G+gSzLev19SdPiiTM6Mm/7c3wvSjPfoFChOmCDjmR
+hHcDC/Y3IOp9913OU6MyfX1JWWtCekDmovPzH9FdYvmYA4qJEP+RTHLG3Tjjx1MY
+rGfjZf+FnQktoa7DG1kCAwEAAaOBkDCBjTAfBgNVHSMEGDAWgBRGSJxCCY5dU3DY
+Fh7gwckYFTUKBjAdBgNVHQ4EFgQUqPuoi5cYHAfhxk4Sb8kAu3oLs1MwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAiBgNVHREEGzAZghdp
+bnZhbGlkY2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAL59qoRdK
+H5WO0ZnkKiOAfs0egI4Hm9xbC+xax2LVNHxtmsXa1ksxOgX9dMuJH4uo6XXzNqyp
+KbZ3m6z6g1lAsdfww1o7d+7EOIGhTNOBWhRZOxYe+XEWxzIKKgO7qPGffYbEhpM4
+HI+2QsGnKGP2iBcVWS22KE3O/3xRGjiSUff9hGsroTtv8xTbPBA93d4Vr36VzRp6
+noAywsV0iZt45Zpoo368aX+Ph62TqXCg/1+VERrG8OJe3+lWQqeBfKo05pwZhh7D
+Vi1VnGCLRptvUiwJuiOBksuCI6Uidi9vEN2DaIz5K+8mGAWn9C9Qjps/Kat9dHFD
+ctZ9Gd4lR1XzyA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 53 53 19 AB 78 01 73 27 05 18 43 EE 87 32 9E C1 06 7A D1 
+    friendlyName: Invalid DNS nameConstraints Test33 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42DDDCCC4E0E0812
+
+InO/EZ0bUhdxLdwVzylMQPQR9u4xMA41CFhQBlg8yS4ovqtRm1MVkKsVHOEm0VgT
+Xnez/9FZqk6KilG9MCXFGeQCbK3fhtIlRJMp4pft+7P3MpNYj09crslN4DqPWosc
+4ffNKCbHcfxYknEjn5CvxEmSwcSYXGs99n80jb4TNc9h22rIJPMxcA4JjZVJymyG
+Ym80H+9BKpgWgG47VWH9E4Pe7rsYKQNYlOEeK32xNQe/Ukj+/ANlPyCssMt1W6FZ
+1NVdme/Vhiwp4aYdCvUP4c878Yu3BcqWakw5JfKTghSiLosqu0YcqQGd5GATe0iI
+OWhANpFojMvJXeQdOzWL+VnSmqtMsixJ0l0DtiWJIF/PAA/j4Ab50yWUOoSrusp4
+9OWPdLfXRqEqdIL2GrEBbYd6AxP/5QG2cFq/K5oKpK4KzHWY3RhmWXy6rqD0VMZf
+y+GfjSUmrEH+S7oKhLPBH4Mq+iAfX8R2YfXFM3QCf8yhWQiOmUft2XDxq8BVULnH
+zLFZWY8WI6+ZgUAcDZGmN4Hki3sjmt6gGiI1CouN8wlrDs4doneb+GWyB18k4EmN
+8FboI5b1kjr//76kpIhAG7yIIDQcXS3GU7I1iD8wcjV3u0dYYnnsc9jcRnkgTbkD
+U8F42AVFdfC+nCKR9oKRBlqBnD97SFbneNcZS3PyOaEUY1AxeMPfbBXeEOmUBp/r
+YVYBNSUbIyIcwpe+gMkX76/pTZkaOnnzN/vLXnYTlW9Mbh0oNIpnAD+BAyT2dc0R
+LMUVlu1+t+RMQaBgDEiWw5jdHf9JRjYO6Lf8G8nNbZupbhGtkY+mAroK7MoPRGlc
+1WQkQD3P6Y31IEAli0iObCAS2MOLL75XPhbapja0KHiTX1QGWiY6JT1QTsJ5ZPDc
+r7ZtVHJRyL6omdz1xLKqD69IG0krmbjWZUq+aeFg1LbsEPX10r3yzaz12BMs0Gmy
+ZG2qA3GGiQMrh5toE0uWZCBvZCLqpM2GauWKF7R8Bsj59rSPtYpIpSGib80lUAbL
+eYB1NOeoPzQQOVRS+C2UiTGmZmq0ID94Vnb7vWcHVk3zLYi3sQ0XozqJ2T6vI2XU
+5DLzUqUW6jSnWDQA5Y93/Y5W3b8bdyxWKfTAKVBNjciGlTM2s2sk6sQie3/c8Gye
+SZ+HFnX1jGTROgprJvcFZTFUuVDIQx4mdIufm7IiwY4V/zJRiDTfybzVxDD6pr59
+8RTQNvZpggWvtwSM9zlxBGnQ4Pg5HWJi06xZsOwgZ8Pvve6TW+GgOlbVKrdUwdUe
+V8t8MMa/48rR77/xb5k2xI8uwWuxE/bpiYzUjpsi0ZPh/GX0ruNZn+hn9ph2thx8
+QYMHbNIszbBAY6FSZSuaOTUOKu7Jg2zzAR9rxYDkyaRbF431NRjHEIhS32EL6k2l
+98abtTqhtMUJ+Odq6B9vttvOBunGQh7ym3jiWbT54b9wFgVcHtu2CsPu3H7A/E9k
+5trrY8QKvcmyZt/Y57OQ8yDoYcVLG+6boI7F7c9IZWNDocF7gEV0/rEFwIudVRr3
+bxy1izO7o1l2X1V+/E0yvV21MY+0c/yrrO+n8yrK+wvy5xB/fns5eDhAyNkKByDu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem
deleted file mode 100644
index 7930eb4ddc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test38
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICtjCCAh+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLztSKsWY+S4ZhmNgTffbb
-H8aIXhiw0mDQqoBzB40KjeMgX3OEnxCBBmDLNqdQtcMhlcKST+FbcFNUzrWySjDL
-UhFqTes5kgzTAyyIeMKHG/Y8b9D7mNuH3GJmtCWOCcajKBy7g9IuPRTtOu/f217J
-pqw42pwtbI+7PX2v2cTiVwIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFHXnZ0cYCavx
-iIjbno3VF1KO/HN4MB0GA1UdDgQWBBQtwjU8JMdU3wDsp2MQVttA0RtaVTAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCEGA1UdEQQaMBiC
-Fm15dGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAYzw7EH4l
-W8Vcu3FH96T5cE/RL5hRpoj2PU440l6/1ScnutWvY2WXwCAhO5LkkyDdE+a8Pv4S
-v5BusKldAEzFQy3H6jlDnK29Z9m/6RNIrskTys2Jqt04I+JWV85ZNVCyTu4px5iY
-SmR9uXP/4hfVB74Ct8bSrOBQVy0te1ZcR08=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem
new file mode 100644
index 0000000000..dd33413a94
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 48 A3 C9 BB D3 CD F0 ED F5 84 3A 8C 2E 9D E2 86 7D 30 E7 6F 
+    friendlyName: Invalid DNS nameConstraints Test38 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test38
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKh6
+dMeji/U5K/ekBPo8CedDexJtu59S60Zbb3AdsoCF+t7mMkB7bkSY9aNOPXfsmBfi
+YH7FJFNzIwIoG0yHAB8qROxhbt4STVpB4c3XyqkWByLdHAzPM/+CAwX2ZtYTLF81
+FqT8KM7QmUMbjkcNx87nD+r8OQ795j0fAQQ3fC8XXgYVdDdfuoACAyYVgJplwLMF
+ejdjj72LERuDgiJKHy5BiUrtOr74ZRRoysDnX6C9cAD6BJjkrvFryQmCsnifit41
+3X5TWR3nSYY+93/ioiZ8kr+xDCtx6ODFs8DohTpue+SNnTW8w7QwtoR4gxnLWw2C
+3FNRWu1l++/VOOZEd0UCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBSxqhfw48/M0qeJ
+poMH3f9u2gfjSTAdBgNVHQ4EFgQUzkAnIqjWGiY7B5H+8RntUEbOS3cwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAhBgNVHREEGjAYghZt
+eXRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBFZ1PNe87h
+xxEKYU1zDBenTJ4doWDxfNls/SC1fl9y4sV5gYdVvXMfMvFNpv3cuO9RdFhc/r7U
+an8zS8YA1bP+ts5EDma3yIuRkOAifEeE1ivPjzmEH0acOsfFmjgF5OBqS850KFqS
+Gtxa5YDgeuV6/GaUh+QTnkweGcQau51QIalB34UMxmG93hsNI3M4ZxPAiInJjb5n
++XKyQBWwAhaPhGPVbLIU0BtnyafxIs3fkksxFvp0TvrxNoDKmyGn1xMPf66rKgPV
+ziiayHvu9e8uhwEjXmugCy0T5zxb67CVVgHofZZfphlk99gUzeqr0rxA+7gPsoVt
+99WV0A+bbNk7
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 A3 C9 BB D3 CD F0 ED F5 84 3A 8C 2E 9D E2 86 7D 30 E7 6F 
+    friendlyName: Invalid DNS nameConstraints Test38 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6E7BE2BB1EBDA90D
+
+/3LYRb7V6mLvFHL6h6V+UcL+eHtdgcQIYRfMJnf9duANOgPmFcASfUGnwWP04Kzz
+cmG9hi7a5mHX1ZMLL6r5xw/TI+ui15RGKL1QqJKU/bs0W7A8Pv7fJPXIkRyozXvo
+qk4Y8oGUHYFGZ4CSNl6B6MiBghjHitDxcYq8HSiLpuZc0eoRNvGx+2K08tz5e99r
+69w3sRTMrjdwraRuH2I/KUVGd6zsYc0Y58EbimoakEuAmU85fQV5CSmFJrxY4VQ9
+W0EHnUMt6ay3eKe9CpdDVZL0REjaNeBA3wm+aD8o2ajnZgHZh3q/HTTAn+05x9mY
+bGzJE01HmJnqskot8RWGFUfgcIXFOH3I9w3gF7niJrRBl1IjXprZlPAxEMdas70w
+WMI7ereIJbe1HOYd7s8B5TZXhJr400rw/KkcPFJaYRTRPpe0k7R+hxzVI+o8zDV8
+Cq1/GKENTcnI9Y1FlrH7yt5vLo0nJD+jXhbj6etgshYQnfdyNs9qEJVftaYeKnGj
+C10l2YmsLrn1F/OtfDNUYIfEPw11t9PNxygTGBmOcZ0rCsPcpcimdWh+qWnhjcYr
+SqanW0CZj4RKhE0R7zPvUbBGkssGu165NkPSyTDLrwQJtoAX3hjPuJ9R58Wc50Cy
+fFdglrp7WhLJ3IGTlWSv4TbLYjQfrSVgwHcUnnUGjkK4Akd/bxNKFq7hCHosb9aC
+oiFwRuIPUh9Xk7cAhqL3ELZpmvHUMoU8KzXOu0zL81C5J7j5n4w0/64Ih3qe3MRP
+bLm9fyOQU2dNc+onffryZF7BhHOwicV57GqV2awUUGqSln6g+CGcFOMzvTv+txr5
+Gk7mjIoIM2Cm/Y+kRhJkKmAwystZMnxVJfauSO0uNCtOuU/ay29br7V4mixZPUAL
+xTF+aRlYQGsH91UVkAJZqqiUe4ZjCKuoYgahim9UMViyq7XHzCq9tvfMLTHT9Q/q
+NPbzmqXcupL2/o23dtPHcF9YBTvfZ1bFdJPianLBt0LrC0Rxz0E3t5glt7tPfDpf
+uFmoisv1/APxyo5m796LzJg+tYl1HjlKEw+CUEZczmuvCvLh5ChwofTGmg/cA/tw
+fMjkMeFBmd1Hgqf7+q7v4wlIZwNnINXPj6yBqTX35TTxEaotlnCD9IJ5yfQsoEEl
+0qPPiLBKwUDUK2GyA/+jJMOUTodoTc+vuFHngdrhQ0Y2y9gwwX/sy8DcgIcGfN/E
+wGZLMoaI3Cz6q6JPg9su+gEToivrWwJE9ESgOmBMPa2lguBU/4OKkYcmtNeNfWeZ
+Wcq1UavyfhJ92ybnEXHJnTYSDixbRQh4A8ghK01ES4LVGK2Bb1dC5lc8DECo+iLw
+ogpKsVPYjbyeMYq4AN/B8qDP7BSm8ejQ5yTy92HouO1e9rc7/9LFr1M24OhsTYTr
+ONzxGwxf4joBPYyuJQ4Om9llVpLEbXNYeuotga3cUnshAc/e+Aj+6pSlY16gfGsb
+vUHEKa24nvEaOD4Tan7ojRg6+dcgiG9OPLZb8gCuL3sU1jEecMNzaq63UDYmkokC
+2JXgDG9UngFxugmBrhhLKHm2y6pVtRx4DZ+ZIK/wezyGPiFKvNeHpg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem
deleted file mode 100644
index 18fb09781b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test28
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDBjCCAm+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGLMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUQwQgYDVQQDEztJbnZhbGlkIEROIGFuZCBSRkM4MjIgbmFtZUNvbnN0cmFp
-bnRzIEVFIENlcnRpZmljYXRlIFRlc3QyODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA5P+v5wlPmnZe/uEH6HyaKnq85ORqBL8HNiSn0EhAtQNHISd/M6VJvcrJ
-YCdSaQbE+A61yEjhCfckVgjt0lY081fJsDvDU757lDPe7SLP5hyrVS+myINWP3V3
-Fnu8BeK5Lz4Ytkx6uvnfE73jdWSregNtKqtyQD7kyLMTFVlVXt0CAwEAAaOBmTCB
-ljAfBgNVHSMEGDAWgBRXq/icJ8jS9ObPb6ogCzVnBIMkazAdBgNVHQ4EFgQUDvHN
-oL4nbNoIN4BmY5QBKMupyFQwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATArBgNVHREEJDAigSBUZXN0MjhFRUBpbnZhbGlkY2VydGlmaWNh
-dGVzLmdvdjANBgkqhkiG9w0BAQUFAAOBgQBtZkdww8Uz1loAnrdjOhd30Om7eO4h
-Ph2kKsyLJm3aeptHUIKnAXrY4+drzXmVlzMcMK0t7VT0CMP2vWSVrzHyUXnGxpsK
-ZGKNRLzdCrr4sEVtsYjGvMK9LzM66kx1CFVbl2IftM7cVEgadA7RyfakTHJJAAQw
-by2klF/gQrv13A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem
new file mode 100644
index 0000000000..eed50ffe62
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: CD F3 00 7D CE 6A AB C7 2C 72 7B 2B A8 53 D8 C4 04 A5 77 3F 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test28 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test28
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFEMEIGA1UEAxM7SW52YWxpZCBETiBhbmQgUkZDODIyIG5h
+bWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjgwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC4vbpQh0jJq3Nji3nx4Sfd4a9Ek4bG4H6jLwpj
+rsy/shoK6yz8nnXe/w8ZSIYH/pETrz72I3kEz5/VI6rxHf9Qo+lqLURImkRhxwSc
+ylpDPcbu6LApCackMGAms8ocHu+g6ZELzg5ubrcfg7IcHjnZMdUjXqEWptkZf74X
+cDGjkJtpA1jJgvEiwSy5A2MkBRkf51/4SGxpN0tbnLyW4P9T4s9p0ZECanXijTK0
+px8Ln6lAaV8/mwjat4G1WzpMsiMKYkzD7dC4uSunEY+1+M0NOsiWJwxS8oIA8AcF
+DOzTjx9WV8xeofZeY3ZJQJyJoCI+L70s+/9dwHxeXVbBbkGbAgMBAAGjgZkwgZYw
+HwYDVR0jBBgwFoAUJ0nkBNlF+myYlGz87Q3DJFJtVUQwHQYDVR0OBBYEFK8MG92q
+3AJ6cZcpow9Tp0emF1RiMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwKwYDVR0RBCQwIoEgVGVzdDI4RUVAaW52YWxpZGNlcnRpZmljYXRl
+cy5nb3YwDQYJKoZIhvcNAQELBQADggEBAIZk5m0SIfQF5ZF59PLUTrwGaG3jiJKm
++IdyCCM2JsVcKiJ/DoWkU3Ao14nmJkyjAFG3HoYqap5lxKyWpwvmv9VzBGmvJun5
+v38Z6zVGWSAKMt/w4yAJBVWWaDKHTP4nfBBYX8uAKmAewlNxn4LjWuZ3AWKfbuqx
+ve0yYWP9wBs95PlW47j9ky9uYjwAgXX3z4XnG3NkOH13uxPI6ZjBCdacVuIKDVZt
+3pqzHcBT5FV+9JrwvPxnaIauRpb07aWopvcl8vUF5Z2ndZjtBIjAtlnH8AHo3dwy
+b1v4tBbIjYfNUSlCtBjUC2SrlX0AiAqzq0jPL9YBiT+E0VnjRaYHmM8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD F3 00 7D CE 6A AB C7 2C 72 7B 2B A8 53 D8 C4 04 A5 77 3F 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test28 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1D6AA7F606ABEB63
+
+B44Kh+Eawf7VN46/8/zrkiV2Nx5S/ABhA1JNcjIUoXWr1bsHOwPrru1/PZMzh2pT
+Xi+U5L0pAVLKGNxAzx2iyOEHQLKHNqmxLJ05kcn4edJYY38dmP/Mv/VobSmIFcQ0
+7o5ZSCP43dcSHCAtoRYvNfLRrWnaXkm4bMz5j1OfPSN5fu15F5HvAW84yd5WgGoI
++1d5dwdRrxtm0BYtdJqNjxk/zKsxAkP27Qj0YxaLZCEt5mMcKIqRvnW41k0vFDUZ
+xovH3/X+VeQJCJSQtibLqwhiN/16q+BLicADRiN6Tr+18nn7qYNjIPNBbGnYWKsi
+KkRx48nhkOa66HIqs3mPupQi8vLoYqB/nFkrT7kRwZt1fspbfUuSqWaGwYLbgwpH
+bTEWI82g/5emW21YXwIekvI13YwzQb0tXSJH8uUQENXqiWtQwJ2ke8tI/6sYqIWj
+CrDQEGX1iZmedCvuPtZpS1oPO70n+5RaKmBg43QP2fhp0mrCHR3zMof/wt6t/yUe
+Zs3KL5yp3pb00FxivqYlYhsBMwhc7LkBZz8auIsunXyoF6BZ9ZoHb2AkXHetQc/H
+GY1W0zpVWG1dFIrpQogNWtpZmd78915iepHXAHyl0cFTF30fj31Ae90lhJU3ivRM
+3LdqdnOAU3khHIIzJfEnFa1bP4860RBhbHoNmwykE68BrlOsdfpZ0DrcB4H6yhC3
+hl3DnJI+BARFWD4ApWkSNMbfYwFkHbcSebJ33k/bR2k0KjAIJYfcznVoPEXbGL8E
+5uKaqgTloQH8tCpPPd52IhyzMQBkqR3/Iv25jua2L4Cq9lgaQXoGYsxj0e0BCRqs
+cOgLQVahRPX8HJr9dZA1lyjg+0/usQAlm0GcpPqw/NZOFdGXyjxnPCXUQOxjSfSt
+PqUkTUzqUjK2SOKKxn4acil7O/zg7n0H9Y85rKB7pieouVen5du6Z824hZQySlMN
+JWEsjg4YbRVP6aqrU8sUpkXRyThJvtDA2dADGNVqUfD5k4UkP7XlNqEqmzXKZnXu
+S9pmo93kY7i0k6ebzzCurc5D3fg69TDcFREfXOow6Wo9VbP0PB+wo1FDrejQynAu
+4KaPN9KS5Cwv8SfH44T17VltAOuopHkZyLaFN30CyENyJksFvVGCi9UH9pLqQaaZ
+B1GU+twMzxG8uNwkhzy4Wen1D7PxfqiH35ruxQxRavodft2OXRCeq0Nemr9dnDGt
+wEymDDFVlYSdLgasWLosEQhnsgeUy5xdT06minlE9eOBuxA1Hx7tg5n0c+t3ulFT
+08nF7m0pxhCDpPF/RVEgoZp4eO2/4OUfNroGunAvNnL2zmKPMkZmREprfewa+q6z
+STCVLXjVmK97nZLjfZRPNFuqd17aSs9BMdGE6+eMCCXd612vAntzbKF5zzfQjlqU
+yHJ+c5h3VrYLxlgdBsZaMR6ymNk8KS4aKiZoSStplenXVO//N3+a95KOUGiqDVa6
+ZYVuQ4jxxmMFCK3wfvcR1PHE76eILoRH6TaOTKy044IY+/sE7+vDsDSBdEG4z7PH
+qQOPHsYzCmT/h7oK8fmRwk5Ka/xHO9Vl5phWbadMjFUY2aehN/WWqpgoWenOQafR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem
deleted file mode 100644
index cb31959b73..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test29/[email protected]
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDCDCCAnGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIG8MQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUQwQgYDVQQDEztJbnZhbGlkIEROIGFuZCBSRkM4MjIgbmFtZUNvbnN0cmFp
-bnRzIEVFIENlcnRpZmljYXRlIFRlc3QyOTEvMC0GCSqGSIb3DQEJARYgVGVzdDI5
-RUVAaW52YWxpZGNlcnRpZmljYXRlcy5nb3YwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANFptsaiuqG58SeSbnVMTNr7XG3kbwY6wtsLkDomOXBGR/46vTeRu4CG
-CaubArviUAJ+JILIVs3bO02m4H6NUk6clLHjb1iou8cA0UR8XHkzJ1ZNmDZJiBJA
-CAqNmtpuolbgToov0SeuLYdDRTwLlkLpjykO6EMiAjI0bs0u769XAgMBAAGjazBp
-MB8GA1UdIwQYMBaAFFer+JwnyNL05s9vqiALNWcEgyRrMB0GA1UdDgQWBBR/JuUf
-MNbcNM7ktf6v5K72qnwyNzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAHgiOAzfqxYOlP2ugGMXcXWDQai9
-VcfKXZM4zdBV3TmksgiLkZTyhj51RfoZOhQn8RB90lDZYdSqRGnGHuUZW6ejX+A2
-JXWuY3uhE2d2WwJIwYHItLSl+DVv2Jm0Wrv8BFY2PnKaDKJgLG3WM0bp2LKn2dzi
-FXK5SfJJE0q4WU2x
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem
new file mode 100644
index 0000000000..90a2b0d652
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D7 F1 F2 82 16 4C 9F 48 C4 47 62 0A 5F B4 7F 6C B0 9E 94 A6 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test29 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test29/[email protected]
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgcExCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFEMEIGA1UEAxM7SW52YWxpZCBETiBhbmQgUkZDODIyIG5h
+bWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjkxLzAtBgkqhkiG9w0B
+CQEWIFRlc3QyOUVFQGludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoHPUN2bg6yLDHBYTGVFhMWB7jFvgUuh1geM
+i3nK4E4UqszjE3nm6YRJDExcfBRCPuH4NoiF7aQtOXqAP90h6hY+6ikQ18WZDx07
+1FxSDTqwSgDpNS3UyheEDvTyD9d5GpcVasvuLmQ4ITibTT3GHaGcV6Tg7jwif3lY
+6GxNl73YoOzscwtYuzSNmVerlrUAoy+w5LhLjuwWxPzeoaUHayamLXipBwiaKLWL
+4WYr/S7rNHz92cHFzIHjF3bQuFLpP9r6El3MDfZbXmu6K5vj/LDGKcOj1gCHbIC5
+GZIW0tbPxuMfLh4CPZfsrpGw7Cw+fnTocUPTv1yasn46YzhA1wIDAQABo2swaTAf
+BgNVHSMEGDAWgBQnSeQE2UX6bJiUbPztDcMkUm1VRDAdBgNVHQ4EFgQUKqooRqSK
+ejekpkSf3GDoIwRd8JgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZI
+AWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAIJzDlmebZhMjzkhP+mOudtaSDpex
+GaQjDFetxOQ84CcVDofcsMoxWqRv/DRBHd3YfY90nbRpxNVPx55/C8hjYugK+KIB
+tY8JfMZrLY+nb4Ol2IFdPIDBX129nKrpaudrRE7onKdCAmfneGQfZIA4Hy7PozB2
+I0AscYOZp+e4F/0YBo5iaO74fafllHCN5nj3WL5+hRcghhvTaOrmTea3D14OIl17
+wn1aIdclzOQoMu/SQUXuwflUDDbDHntudZBpr9TTtm0M+fuAYcJvsXdrT0PfoQSj
+BpV5kId6JE3tjhsIc0e+Hv27Hrifq2xQAIonuOgqlDLPqlTHeoAgofv43g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 F1 F2 82 16 4C 9F 48 C4 47 62 0A 5F B4 7F 6C B0 9E 94 A6 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test29 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3D2649F13B51B3AB
+
+Ohs7+yDEVD1+Km2b7OswFMWhpy90ZHv69BL+zOULt5p9bpAMvG1kZwsIkdMqK/3N
+dT78GnLlgvLflgvVf8mCeJ0Vu7YG9wyD2hU058v7y5bELb2PZpP40y5QUDFI5gy9
+yoWfMy6/5DSpIP9uNgDNHRQ2DXo1hR7v/PSTSU21LvkwdaIsmSf2F/oOXD9UMbWm
+SnDmT6UuPqQaimgE4ejXrztGr5Bac1pPKj3t3iOnpVPTltN+A27bSKXgFUVJ3rxc
+DVUms/BzCwyxnnA2lT7IPidq0ZtZhX8075gFd7Fug5v6GRxd0OhBNC2TvO0Bt8m7
+K96BvurO7nveZqwtnL/zIRFVbnjAo2B6t5Y37uPzDtZcpB2sGhMcaZEA2aF4Pb6y
+ZiSY9BHm8AxoIiI5Wpo03vtPyAKvBXRP8xsEizmyPkf95ji57hB0zTsqx8SyiQLg
+HGigqleXR4aDMadnXlPUG6h7xcAimmSbxkIbdGNRf6pG8EcP8eE5Uk4gho1q+sji
+j6BZpu+7qy5UIlpLJIxoYEGA3+zMsUgzYokFyLfIf3Q9lNAwoSV72cpqkNHUKYH0
+IYk/kTk4Ej+Ypha/Ex2Yy0PJsJsaUQTlV0EC/GEkSyxu7nGItGfzIJoZPelC3PAU
+KwSzlKyJaR53QGN+kgd2K40XFxnpr0QPVJSGgQcq/rb1gPzoTxLOWC4bufVDvimW
+2VKVtlzcOPuSWM57psVWavi0XeIf1hAqtcWwbwXN6wYWkbtXIH32Arg5m9hYogKA
+ml1PIbgRyPK/2cK7y9DVW4UGZC14a0jUZ6JWZLA5sH+MtZ9TZ+lh5/0nEDPpxSKp
+HpO75Bs7aFywUwmGj3kxVZgmOBY97X+GpNnyye8RFaxQhXm6tQcGnYP8GnXnb2Ig
+YG5g4L+C3giVaUiYIVjGQY88kRC8u+ZwKFsnrkIzhtRmofuMwBhwJAZ5n0SIzUqh
+oDNPKWXWVTWV5cbssTdNAXiPwDh7om/htkf6rYn2HcWJssERFqD+WOWm61yKaa4N
+4CckPcH9G9gC/rVMAhBp/xmeH/KOHz72ygZYDgPskT35z4wpXy835OipyLJuDafg
+qtXtVPoXCzfdqjacQ0Y/yTXtGM+Ti9dri6Mbu8nSIa2RlVtf9GxAgv7lRbzRln14
+htlZpjrzdwnXV+kNbybqP525K+iKwjIwAwcqX8H+GMkkHRQOsyBDR5fRrnziC9yS
+Syl/5nkfiR2YR1qLpUK6/Nvs89vogX/o+rb+1ixw2ZevRG8rGLoY3OVaJ4HT6GWZ
+wN1Fpl3Iq7pxEpNvYkiVhf9QDRYLmZa0171LL2FWJGPQu3Z+d4JXg9PlWN2Gv7o1
+NIlF72ExRD5eRUjVKy1s7NxyxTK5McKm9OUNfn9VCW0nL7lj0X3iEz/SQRClAeSO
+YJheKoST8PKuyORHHI6PffbeShcgAl/N6Cj1RBb+87XlYAa8dSU3BpQ6jKJsgnXd
+/5PimVl9vbzWfxYu3oVMky8+GuDvY1njxuMBuam9ciQIfJVK9t026ZV4iamXxxxi
+bXyZYyVmO6BzIJ3toXCdNGCFdUoPlCOpzuudo2doNOomSEb64IDJ1Bu2kv4gmugX
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem
deleted file mode 100644
index d79077aaba..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
------BEGIN CERTIFICATE-----
-MIICxzCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjCBmzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQL
-ExFwZXJtaXR0ZWRTdWJ0cmVlMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE5
-MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4wtLGQI2aSdxL
-gklYOXIk2EqQgeDaSAj8Qxcobr8rZ0rgMBdG0A4ygWX+jdsMNqu18m+WGLs4W84P
-I3+0QpnI7DrNez1cOAzew7lPKnkDW9tnBqKQaGzafp/L9i/QwFxw7q0/OyJXLNqx
-96I70felgr/e9i6Yk/NzhfHNoKqL1QIDAQABo2swaTAfBgNVHSMEGDAWgBQSNZ+s
-wbmh4zr+8S+6d7IITk1Z7TAdBgNVHQ4EFgQUwaAOiJj2GtamtV9rZWhiH3jfonUw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQAsM+4rszF68aQzKZtZ+iLup5xun1WT0hwwvbL4qbzJuLAcCNWj
-22+3xcVPnJ/ODouOh8JN6vzYFUIm4Zojsdm6VJQlcf8Avp09vAMUWLyo7ScyNJgi
-/BXluYQ6PfjP/XwskA4RlOGYZ33Ewmh1xaic85c78iFgRWe1UfjmPxvMQA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDRjCCAq+gAwIBAgIBQjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxmMyGO18
-wxt7plFRZcGPd5GxKiCL+NJ+O/UB82qQ1+GhwlsBTSo86QNLh9KPIjs3rrARYIo0
-FqA86FPnpIiE/yWOfuQOeI3t6yvWf0XsXvcffhjW6n6sErOqhXX7voiJODZMseiM
-wQ2Md8CcE3j78i6crfbdO6xGp2xNX63VmkMCAwEAAaOCAUQwggFAMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQSNZ+swbmh4zr+8S+6
-d7IITk1Z7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgcMGA1UdHgEB/wSBuDCBtaBLMEmkRzBFMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBl
-cm1pdHRlZFN1YnRyZWUxoWYwZKRiMGAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTEwDQYJKoZIhvcNAQEFBQADgYEAp32j43pb
-BqBj+2V14kyvmo+pgQ9H/ag1zf7WG4ei+McEkF7yvHSC6nfXJA19r+q2fAnvIU4M
-TriscCGq9oE6qzd3VIQ5wx8eJp8v9SG62gxZe3n1A8gzG37TvTwBOeEgxOKBa/BS
-8MNUbMO2SJwuE2pi9fnMhCgx9JxUQvQLou0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:12:35:9F:AC:C1:B9:A1:E3:3A:FE:F1:2F:BA:77:B2:08:4E:4D:59:ED
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        74:3d:76:85:10:61:c5:e4:1e:19:16:23:27:99:ac:bf:2e:c9:
-        07:40:7b:fb:45:44:5d:c1:6e:d5:5a:e5:6d:35:d1:4e:9c:e1:
-        b7:21:0c:2a:7b:7f:27:ed:9f:f4:59:15:1c:67:1d:4b:8e:ca:
-        19:7c:a2:78:22:bf:28:67:31:5f:bf:f3:73:73:ed:c3:9c:fe:
-        2f:16:56:80:ea:ec:27:dd:7a:85:15:2c:e8:fd:c5:80:2d:ad:
-        36:ac:8f:39:5b:d9:79:ff:54:82:c6:61:37:e2:b6:07:46:8b:
-        df:2c:86:2b:69:ca:d1:c3:71:4f:3f:c7:e9:4c:c9:23:85:85:
-        19:9d
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFBI1n6zBuaHjOv7xL7p3sghOTVntMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHQ9doUQYcXkHhkWIyeZrL8uyQdAe/tFRF3BbtVa5W010U6c4bchDCp7
-fyftn/RZFRxnHUuOyhl8ongivyhnMV+/83Nz7cOc/i8WVoDq7CfdeoUVLOj9xYAt
-rTasjzlb2Xn/VILGYTfitgdGi98shitpytHDcU8/x+lMySOFhRmd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem
new file mode 100644
index 0000000000..dc3b928db1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: A4 C4 39 FD 46 16 0B 83 D6 45 2A E7 E8 2A DC 7C FC 5D 92 26 
+    friendlyName: Invalid DN nameConstraints Test10 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+-----BEGIN CERTIFICATE-----
+MIID1jCCAr6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGgMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAXBgNVBAsTEGV4Y2x1ZGVk
+U3VidHJlZTExOTA3BgNVBAMTMEludmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMtcOJE/RnaVHILDfZtHlUhM1+XAYb43ZVRpNwV5FSIRq9QuSR5liQ/UspVX
+Sf8+7TtcTN2jsJf8mpTsMFRg7bM7U9MYdtKkEMCuSZw23p7ViAdMXA8C1ZTrQP/a
+eqWRqjxcnywYAygYhxq3zJ+JPUzKJSOosgfd5bzhnteVXKUktQeOZkoJyi421/1b
+eXkMGK6EeMl7wQY0LofwaXVdjo07iv9T5c4CeHhTTctGqxEvpvkx5tf/eP7wEdvV
+5sQ9/FxcG+lzlnsi5G1ScvPoHrbWzSL18qnm7cVkTnl5qhKVWrGluFca9UDNgXEZ
+fMjrPn0KbHzma61GVkg9+W5SSRkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUup8JypA5
+nE53Wuv7EJWs06dKXScwHQYDVR0OBBYEFPh89wp4MlOC1+WYAt+HqvvzZdLQMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBABeqoXPiGjUdCzGWnsb1grkUibPx8tfb31bfSFuo0iWoKA+RVecI
+xaepmZjcSRFdYN3lKRiPpmCXsBa8zN3vnQzAc53FGkxKmX/0FCUI/tKAKdeWN4Tj
+dahGQAjXBVWBUCaRlonqQ8xDzkWEGIuYS2/indcUZ3b4mp2QOD9tWMbglcRIpwoo
++Jp/VT0GjCncj/NOr5tnsImNUbZDSXUSQEatXsjQCK4kPqRhe56A7AWAXvS28L+2
+1BOYIyshE8G/2zYHwexSna4gvhrN23NbvLE0Jib+XzHekc2s2sss26qY7ZlkzMLq
+Ad88C6Kz0Va/w3kSxfmhF1fUrmYWgHkJ75w=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A4 C4 39 FD 46 16 0B 83 D6 45 2A E7 E8 2A DC 7C FC 5D 92 26 
+    friendlyName: Invalid DN nameConstraints Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,306CF9F2D3E6B1A6
+
+Zp9pcPFWANIirpQvHK1Oo/0T8DgG7mQeMIIuDWfKIv5pVvgFMchXizcEoqPCGtAA
+oH1UJhJCXbqO7Iwckv27OzpT8H6q9fQkQhd1sIYN++h0eOfwlC98Dc+Chq1sUFNx
+KzDU5qa51Io+K5m1KB+IDFmUmodpF2abmHC1EGF3DrR+a0GK/gZKEDiQ/80H0Uhq
+nyVj6Db3t8CQfFSvOoDFOQ4SnDOQ5Dd6yl55spw5LxO3fvFpXKtp8VMAmeAYMfKq
+2nJB0FhRNFNVDsnFmlHfAFrDZNCXWcCzE5s6uRirmnkNkwic6UZG1shPym/Ov6E7
+TxsMW5lLMPpHup2tCHcFl40LvH+6dIteDIvH/RW+/GU2RQMSqexoVjLKVeIRsCJN
+2YaSSYWXbu1r39ago1hxZpQpiAb/zSFX9WLnbwwkgF+LxXkRGhCDN9CF/+OaEvCR
+6zhuEChW8H24LCZ1Eiylv1jwL/tGaxgJgaW1WZx5+rgdtm1kDA3yljyPNzNQM5gq
+hQtvnCR8xvvl/oRpP1pfOJT01hw/CIGVMaAbuD4GkUbyq8qbACPoUV7VkAdyNYtC
+p+4cpsfibY3z2mG3Ln76zqCH8fFanAmKgvK8ywR0J7g6T9DWmIeqx2uexdoGNLag
+GWJkE7/Gl8149SN3Yl9foTf6+xnfHkgCZkLeYRaOU659pNrqsDjZ+/tXIaDh1de4
+YEs2F+LhKZB+U3+gh7vs1c/4+rViHcexFBagr8fSVnvFZyH968vb41al1tyPxXke
+I/MCqAvq84vA/WSE3jdpu1/1FdS8+hbiT5hGgClJJqYCFBXuQ5IeSQX75cNQgU4W
+BUkbiZqA/gMAjoT0Yr1C4dWgK6099WfEVqhlJTwRNGleDI6kQWTUnBUIo+ZU6u6C
+AXKllUPix9dlIKW+c2pOs+eAhM9oP4QXPP+63xFnVlTg7yuSzbZ8Xfnv66FKSq1c
+1HRbkIw1CO8A5r3u/ysK/iZdyA/EaBXSmgK0iy4Q3kMyYgqdbWrFyaxZIe4r0180
+dXE71fhUCiSIaF27KUPd/ZHQ+YDLec/ZW2nnA9DcLqAaMIEjLgszyt6DTqerS/YL
+zwv5fSZw9jlFQQPoiyuCRx1iXlVjeBDLwpH9iBBb1PZTbx544O+yYW/JtMwpBRg8
+d7zneCezW81dKMczmJvxhGEoGNIZ9FPAbfRbqWg2Il1Zz5mYyinUbso/UTYa1RUP
+tzkuZulPM6aPYEQbm+gMlFUqhZJ81VozDgj4k2XHIXiHApmMVXRyOvlEcCxOWJSh
+SksqVxwNjf+OlNZ0SwYDqdqxd/o3zovsSW0viH1dmorG+R9Yjil2HkZTxh9c8VOJ
+9EUWdlGmdV0YsiV2VkZ7Pl5x90mKZ8Jac5iZdPE1T8soQTlow/fGO3PCILun1Sym
+W5nR0amYd/xswerC63u5pd8XPGZZxcrLhZED9aipGSo51N2mwUFDcu2wI25VetDr
+DJdLglyIjWWIakrCEAYNcN8ekPDpxTJENPj1QoLMIb9T+n++TPiDAv+ourN4Cjfo
+FuwyMRdBEk9hRUo1oV2cdPO/oq6TTC0iEvYRjB7gCjoYXb4Va4y5W3PzVoYnmeu/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem
deleted file mode 100644
index 4b5c41460e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem
+++ /dev/null
@@ -1,166 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test12
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMTAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGAMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK3EJPKm
-RDv1REuSTNdGYi/Gay9ESpl/z2BBw2n0WqiF9SLFNEuRfTZ7FQVNFQ0qhoP4V2xa
-YUeaSgmwZNcIdZg159xf8j2Qkc3uGAQoMGmRp4vbcj1Ev5yFXhvVLPnhp5eE8wKx
-u96ZMOfL8M/sxSRrI0zUKEUCMbzK2E0Mr/RBAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FO65z9YvjsiFkwj+EBDuo1BY/kIwMB0GA1UdDgQWBBRlWUYl70WL4wPhhb56CsXD
-+SjqmzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
-CSqGSIb3DQEBBQUAA4GBAKnGr+IbKqqwN2t7AB4bae9QRHntR6fokA0gcPPMY7qA
-GxZGcA1fClTM+WZKr4AoCiDelOsxy45Pim+0bZUtzqtfhWKulkfgpS5cdPZmNj2r
-UkLeXnjjTjDm5s8YsQovhy20KPc4VoeYRMhkB5Wika28mXV2l0jFTG1VxcDZ2BxV
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDHzCCAoigAwIBAgIBBTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpBRaRDexKAJwtC+
-60QonOrQnFJ3VA/u5f6qj4iI30hKCIXL1aeAM5c2KmzL5gO3Vg7dZWw1f9gW2uaj
-mpHjfGmScQpaIFP7yNbI29PIlN0h8H2o4I6v7zDCteSnYy2qAkDkNLX6fbVENa7f
-eHcx8cvG7W1VNi0PKVQdVBz/PHkCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU7rnP1i+OyIWTCP4QEO6jUFj+QjAw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MHUGA1UdHgEB/wRrMGmgZzBlpGMwYTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQAD
-gYEAm5m4xlbfmnv2vDQ/hGoNbPv96saVQ2NMhkH3JVSF5lGUWfamMIsH866TS9Jm
-BDWOWMPDF1kL5hLEiGLSWA8ki5s+29AwhYXt0jcwdIbGfGCwVX1w3KF5k1nYv8RR
-FhwwXNlM+EKqqLc1nWgaXnsE8fSRMesdyNjQaJdCqRAYFXI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EE:B9:CF:D6:2F:8E:C8:85:93:08:FE:10:10:EE:A3:50:58:FE:42:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        31:75:7f:a7:8f:25:e4:4b:09:d0:29:6a:68:0c:3c:54:a8:42:
-        d4:f8:f7:6e:be:e5:b0:bb:f1:4a:e5:1d:e7:1d:b8:d6:98:ba:
-        3c:6f:23:4d:a0:8c:53:2a:5a:13:7e:4f:3c:1b:fc:16:c6:18:
-        54:05:e5:fe:b6:48:84:fb:c1:0b:7a:ea:bc:44:55:bf:4a:7a:
-        51:1a:e3:a6:d5:94:0f:37:3c:fa:4d:f8:51:ae:c6:74:de:06:
-        d8:41:69:92:8e:a2:a8:d9:6c:73:98:d1:63:5d:52:61:7d:90:
-        88:c2:0e:ee:ba:eb:74:c9:19:b8:c8:20:f3:09:a3:50:7f:10:
-        f9:e0
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMRcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU7rnP1i+OyIWTCP4Q
-EO6jUFj+QjAwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAMXV/p48l5EsJ
-0ClqaAw8VKhC1Pj3br7lsLvxSuUd5x241pi6PG8jTaCMUypaE35PPBv8FsYYVAXl
-/rZIhPvBC3rqvERVv0p6URrjptWUDzc8+k34Ua7GdN4G2EFpko6iqNlsc5jRY11S
-YX2QiMIO7rrrdMkZuMgg8wmjUH8Q+eA=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem
new file mode 100644
index 0000000000..2905cbe756
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E0 B4 95 9A 2A 9C 56 3B 18 FF 89 B7 70 82 97 38 1A 1E 3E 3F 
+    friendlyName: Invalid DN nameConstraints Test12 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ex
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgYUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTE5MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWlu
+dHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsaY3YvZQ0g7cMEm8Ci7BM6eT6NjOLozJ+1H72HTRBstqGwFfoQow
+3jyt9v5Ea1qcrsDbzaCtV2JJDEx5jmt3//MkuJLNpXJRic2AZzK5zBlV5PoxzjId
+TiB28gPJ9JASOO6tC142FjxfZzn1/Id4xcEf4WccFfJiQbNMUe9kuIIBfEVLfVco
+gfEB1Vo5WblyMPbUWwt+b8xY7wFF2NQpNb8Cg6ebTGqPy9OSOaraNZQ+mLQOVVDT
+NqfwAaEY3QoqObS/zoI+aDE/ebim7U6MvWzZU1NZkbWY1ngD0+pLZX9l8op4NjJV
+Z4SOoUvhdn5NRdcEqYcpCXMW2ETJnMj9jwIDAQABo2swaTAfBgNVHSMEGDAWgBTh
+OA4UGBRDXM7nS2LHGsGS9maC6jAdBgNVHQ4EFgQUhQ2EBOSyja4LSx4MxUG0kb2e
+/jkwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
+hkiG9w0BAQsFAAOCAQEAj32dGQGImnemdjlbIgsR+DypC8tThQ6wED4/9HUarJ34
+NJ7yHV3s3GhPyfjGr+WiGgqp6Yo1Prd/epDxbDvdBKfrTV0yDZI/yCYZtZ6WHc9J
+x/ThYTx2XyTKdZs6GrgOMviX+ZgpV8147nxK6DKZv5jk0WoshMh7nYh84JeehjQY
+UON3XZ5NoiQD57HCUSNGrc0M7pUOK1CQHZzDh9pJnqSbR1sHERVgD8U38bEUFfUv
+mweQov0WolmQJmcVuzPZioDeNlhv72gt4qg9gAZEgbQDSyKo72qbcEZ7EMVB4nFU
+QOcPMqU0aq6HXBcML7OcgGZQm0iqDJrCpVwlqsaWlA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 B4 95 9A 2A 9C 56 3B 18 FF 89 B7 70 82 97 38 1A 1E 3E 3F 
+    friendlyName: Invalid DN nameConstraints Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E3F57532B0E11C3A
+
+IhKIRIJX5AaatoF08s5ynXUb6FbIPL2Rbb0YcUFAw1pFgq87cvUAXWyyTkFna+H/
+bL395/7gnF7AdVAHYuRDhr38mgi5JPFkkB61s8j6Xts7RflSs87WV5lhDRV6d6z9
+/Ym13Ci9F9maC+ySb/ueTshw4htYQL8nK1wL7W8K+RKD3EHubHG4dd8fKkVWsA+C
+yrllIQKAxq03Biu0yjVqNweZXfLEer0nkh+3gh4xiS27EyuwOR875rdv+WXpHfdk
+bJWJVLCZ8KzwJumgQvHCWs7vXzjOtp9szlfshheA+VzngAw0wng03z9VqM60xtg0
+RfjgoTRkkGCgYTWDzrYIJ/pKYKIm+VmWlOXX4utPUtH2P3JQRJfjGVQiwlrQ4nP2
+m/aiLNGp4+wuaMg+fwDJGs1pZNZqy1EO3nuQSvVtwuZw1EcgAn0yn2XFoJWKxNZF
+rdSDpqV7zbmQMkRapqoRK89JG3wlaz+c5uCsHaAMBxmmxH10ZWz+uIIa69M3JCGj
+8pYA2KTI/e4Fic2sKrBMECzZvQf5AZvZIp9YbUR5PBzWLQ7FUDL2AAYtwBFi9QV6
+A9JAXFxH4Fe8Qop+zefRzcnl+8JPNNirkMx/GM+LsBhWyXUyRrC/PexSoL+S6L3J
+ub/zTPbIHUYUHn6Pt1yxQ1Xz0V0a28uaP/BVsDayC7dMcUJ9gYoJbTTNq0or18oy
+PyQ/Ws3vEYGYtmjvBJuXWdOi3vdhK+OGZ4qz/+/W2BKaVFoLD+x0rCZGrqTDR/Cd
+7yHlM6jAVlB27N3TiOLq+U7xHdTag5WQfhlAzJe3LpXzR3pngfw2+s5NYnEAf48k
+UIz5oonMVKGJ5s9XBIOOG9OXiooEfmRD4w+0YLiY2DEPaKAgU9VT+rdk3BZAdCtM
+4aeEe60YzTHU5xQJO/fe4BrEOGfyF5Lr9doWa0x7Bj1kZIUwuAX6Oa/egMqsReX9
+MxFb/fhRsl2x+O6LAcrWuS0ZagdUzpaKtqw77viXDO52fplUbRINyMtsjRHnZ5vP
+4e5z7NU/ER6IiFLLwXLATUPEmtozGUefL2wt9RzBH+UpZOohKWjc/eET5DvejBAU
+e+QepPEnLVVjqI1veeuo3gzdGMUczRwyPw7t6bhKaxf+fmR9xVxV1pjpX++QzMx6
+842Rd3eKMwPI9jdpSq5U21K/7NlNzQZKa9T6y1lBIgWY8F+ocdPU1Oi8x7X0Vhkr
+NP1kFG+D1kBMcd34gfQw+orvMACI++DgXWb8zQzwlTlPkQjmPTHjn0aeIZii1ZMt
+zTUGeojlP/9aaBrjhrhcAUdTvGBK5MS+TSxc2IAgDtM+XrmHxK/L5OJWhOLlfsvt
+OjOh4Bz8lRe4ybz7znywoGpISK9KtJsh47m+WON8XrIGRxlQDw4HlPi42XBbleqa
+FrQWaat16buFiG2OoJL6qKe2fqpuaT/zd4vQBEuBE0Be4zhBEoJZ1hJyFq157LBD
+9u6XAat3riRv6kzJ2G8RvFwGbTVoYtIOSIwzVdRtk2HHPaE6yp3cc/tpis1ig5cG
+xI5qksskLmPRC5FGvQ0i3K3t4YJrWQisrVwth4wSe/5YvfbNpD+QjA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem
deleted file mode 100644
index f80308db49..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem
+++ /dev/null
@@ -1,166 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test13
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMjAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGAMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzBUwkX
-ODmjiKuO7MZlzTSc4Re/YVclO6AWzJbjVn1RazUtEisXPWkpv08n2R5ufbWSSnp9
-Q2/iMhNutgXf1w1kQ3tCZ/T3bhIR1c6w/ouwi8ykUP/dQlCo91V9PBaGbA/ARORv
-R5mJqw113jWqok2Mr9xcMe393f7kLFt8yx5fAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FNWvaygNna1IbAyCKv/SaAkvFG1XMB0GA1UdDgQWBBSCt3/nyCSzztm6BrD2K2Fl
-4aJOtjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
-CSqGSIb3DQEBBQUAA4GBAJaAuvc9jA52+D7MggYkPmix9SdKXbI3nEcYpIXuzwO2
-hAzPuV6wpHgf4Ol9x+zrbWQ2KVvJ7zXGEKOjbKZb7O7ynb0yqDv9nRbOWIEU4lwD
-Fzj8Pb3n9FnnF7awDloK1pMoqxOXeLWsk7RP+psMqVuAQgVxrYYBbTwQXqMCAmIi
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDAzCCAmygAwIBAgIBBjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAteRgCqKcIeCHmYMc
-xyzmM+fCjW6MAEl+OFQ9Q7UJ1n9YE0TuaGiSxjTkrTXwDF2JoDwMtC6FoqnvEyEk
-kAxNlM0oiLhRxM9FcNCow3VK458jtPozrIgd/7PAP+FXsqPanD2DRYj4c1gNKSl4
-U/l6HyTj+yV6ax5EkPgQDLQlJksCAwEAAaOB2DCB1TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU1a9rKA2drUhsDIIq/9JoCS8UbVcw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMjANBgkqhkiG9w0BAQUFAAOBgQANN5YtrqXFWfdpK19qY+rn50d/fYdLaOU5
-dSIAqmnB5woTCXdWF0LUADF4DkPfcWBxbE36lwBuGXBfiInH/5yLRy0Y9cZbtHSg
-QwTIf2a+38pR6QyBniftVBmBTuhO/PV+/kA8gKAZ6X4+vGMv69YjU9avYeS1o+XW
-liQdX8l7vg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:AF:6B:28:0D:9D:AD:48:6C:0C:82:2A:FF:D2:68:09:2F:14:6D:57
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:f5:73:47:0b:2b:ce:c1:5c:82:7a:07:ed:cd:ce:55:02:85:
-        34:07:7e:46:10:13:e0:94:7e:8c:27:9c:f5:52:89:55:5b:fc:
-        e9:08:32:b3:54:75:03:c0:ad:8a:b7:e3:fa:5e:73:10:90:5f:
-        26:ca:6e:1c:e2:68:e4:99:4c:06:38:3b:56:25:ce:82:a5:7a:
-        3f:0e:c5:a4:78:8b:19:d2:fc:a6:4f:f2:6d:d6:12:5f:69:03:
-        98:b8:00:c2:0d:4f:9e:47:fd:66:3e:ac:e4:fb:55:f3:4b:bf:
-        42:54:ce:46:a2:5c:fd:c4:5f:d8:61:5a:61:9b:a1:2c:af:0a:
-        a2:2e
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq
-/9JoCS8UbVcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAr/VzRwsrzsFc
-gnoH7c3OVQKFNAd+RhAT4JR+jCec9VKJVVv86Qgys1R1A8Ctirfj+l5zEJBfJspu
-HOJo5JlMBjg7ViXOgqV6Pw7FpHiLGdL8pk/ybdYSX2kDmLgAwg1Pnkf9Zj6s5PtV
-80u/QlTORqJc/cRf2GFaYZuhLK8Koi4=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem
new file mode 100644
index 0000000000..a630148db1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4A 1F 06 92 A4 FF A8 63 D9 EB E7 9D D9 DB B8 18 BF BA 17 DD 
+    friendlyName: Invalid DN nameConstraints Test13 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ey
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgYUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTE5MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWlu
+dHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuD/PFvZ4Qii7uYsJkBh3y1o8UCIOhlno/UJa9fVTjh3hwChhv4mR
+V2+1yfOib7xKN7694HOCyl/u13ZrsLG7rG/7FcQnZmEd43+1gpinF1Y9QNYv6Ilh
+/inHyGe4iLRveuNCzneUH5JcDtklbuaEhUZvVBch9BWEeD/Jp/th2q0ojbFzltMI
+3dG2a24zL4BGbNHBdD8PkbfKdE2N9CYC6f2Rd1c0TYdhZ8ZCW2WZ7zUiK70zUKAO
+Ng/Bs1VGhaB1DjWu3gbrC+d4z4Q77FN1h1ZPJP5ON/SC7Tf93TWHHXHfWT1lCot7
++abuzyuN6kCKjunaC5tRCaMXGTT5EMEt3QIDAQABo2swaTAfBgNVHSMEGDAWgBSi
+L1iDW0yVl7fu9oe0lw7gf+CXFTAdBgNVHQ4EFgQUwJd0yB0ypi+GIJqugHjmrt1C
+HB8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
+hkiG9w0BAQsFAAOCAQEAJv/hxkQtOORch6bfYubBEe1urCmntR2Fj73iIooxcewT
+5iC1EPgWR3IluR44YUoWulHhmRNeUqnAtfJYJu5HhYIt1NLXU5yODWJKJ+ZSIUsa
+WkFqdPAVp1GDRhDUP4shZC1Nur3gH0wXBQQ3pxsWjwPWNccxF9ZHR7gJxPRPPdE+
+FYGeeTyfzpOaDdiQ8Tgihhjh3CTk463nA5XaFWd/7MG+YjnbvGQWb/ag5TZh4yHo
+O0Qm5dWFzqyY/UUDV8D2YaDY9DFEk0rpJsfRTCg6fvq+PviGAY+D6uC4YMe3mVBz
++HYIIgOC1OOet4dCoXsgIiy/0nyx5lRU1LSWOCUCSw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A 1F 06 92 A4 FF A8 63 D9 EB E7 9D D9 DB B8 18 BF BA 17 DD 
+    friendlyName: Invalid DN nameConstraints Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EFE45D2311943BF
+
+t2sVjyqv8j4shfBShB9JGyHiR66fXfETyuBtShElRz9MZAEVETzBGUunQoY8nkcB
+VkntDIige6tpxLUM55A0JNqsd9wfaR16FtJyEa0yVjaaKHgLjKfp+Kjg/t6tXnmR
+V7RV6CpyVkyXaBnXFg35JC1KPl5SNJQM/RlYAPI1uigyFuEQdLdArA5L+eY4p+Xt
+m0xwkZDVFAkQDnjz/I1+d8HkXzNfwFZI/F/CkwCdkDaezKTxUix5h9DDmTcxa63+
+xWUF3jmXRw7UQP3WKAlAQQp0H8uWLfS3iEQSsq9L1vPFG99sXQG3QxRihDBilUKb
+Qj7JMst36B/xSRH8vHAU+VqellZaKHM2HB9p+wk9t76j2yS9HQqwW5InjM0KEabq
+Ik9dZg0TJ2lXJGHKWn0zUv1u+yCZZslES6n+7kFspDGhu4Z7tUnlBzWCM0xTyt+b
+PtE8cnudvqUzOgic2GOOyb8fZQ82IONasVHgkFSMt5swBcB9zp6vmNoi7U7POjxh
+h4HajSQiPRTUE1J5hePLVkAqC92PxsT/Nl8IJDuSOySojFGepuOddL2o1KbyYru/
+7UEnSJHliaEQPwiCCI4crMFx6Km4W7UagalhqF3g3aqjPS3TnID9gQKpv9SN67FQ
+9D3E98AEEV0G0SBLzSu6ZFD9cfDhg120FX5m7xwkLdFjy9P3n9M/sqTiV9GyewGa
+HO9tnJZ6fh6+PR+Yd+RYf6827KTCHbVs9Ure1g2SsAtzjjg84tnjpEm+aHQxGa12
+IGnWTdAFr2gNG+7nq4I0gaqPpbdTwpT108hrv/IO6JZnjolTl3fQ99QyiP8YPqXt
+kuAuJLf2wKM/KJzdq/UW/94s9G17FOkmxdnXKs5dh+wNivcpUtlWGPcEorCTU+mH
+I4Saic1oT1/zgH3ldvAlWjKc4ht4nxRJdnwAwssEZqu0beqUu+35IjeblkpATzAW
+6ec/DR3P/Cq5UwT1ZbEO9E0y/NzbDKb8TE4fTWe2G9PU6e1IQ3J70kCyMEcY9wJu
+UN9p8qEa8NZUL5b5fN4dOfg0MeeOIwGIu7H3j7OlBkdc15WEWUAnoKgg2m/E8mL/
+72JcmiWeWXvuwK0FVln2XhDdOSAn4S5xg02zftorRQSP4Mg8OMigG7goq0qZAX5F
+VOGJewlfsyq2vD4NRPxVhRw9AvECpox3hDW9xHaxiyf4VjDOZzAPgM2aYqnmxJ4o
+XxrAqlKu8mBf69eCd+WFdL+dzSht7x6s4FBZ87Bj+A0Yr8+X2G6+XMIY4xh/hrIN
+gtlNwVlqduguhFgBBN1mKAds/wQT4EiHoeP6ctveHI9c/FgRuT5NsVYQgum/cxIR
+MW9zMJxOySC77Q9OSMRP1TL2pBETBqVX+rI0Bhzoh4Aw+Eav9w6Be1zJN/8rW8Yx
+FLdRnKbXeUduW41E/MC4pnLMHWCriXjBzN4w3rAIHUz9Rb/rcBpicY9ELfGO4ynT
+nrTVGd/Pr/XOgartdpCBenRsnKAy3pOksHI6POpbEB4oNUspFIEPooJ9jH/xiDuV
+4UIBhmbDgt7yu+x2IJ4wwOhQHxRdFVaNaqHc57o0QLyePTBH+aQJDg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem
deleted file mode 100644
index bc87ba867d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem
+++ /dev/null
@@ -1,164 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTUwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALLQPz8+2Ja6+sIASgBJ/ylBL061WtWS7vJK/LRNLFf9MyYG
-VjXkjZyk9ZzlafhinCiXgrG77RGH8mVjuSwDNewt+DGGphh4dSnvg/MHRdi+NdSX
-hjVOzH76HO6U0iKSSQCvNPSlTJrPWQkZDfj6AGO+5Pmn5RXRX7vwRuKDSsAdAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFK2SFB0uK9H4irG3IS5+jhlpPDR1MB0GA1UdDgQW
-BBSpk2fPoInUxlgPeiQDw8iOa8Xp6DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBACfYnz7Xr82ytcccJe6v
-+1rv6v8SSi/dupn3lA8ZLFPQiM8Ep2kf5XkmrQCHk498pBRQJirzWX20QQSTv83B
-M9DG721LCvFZuFB17sf03DMGDXw4ISy3bs+3I87HwHyziC9OtryWACWfZ2lAGUpD
-V3U25s5CA62+qbg1jhc5LAKq
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCmh9zeM9BeyKndgrRFYNxn7+qDC4AKVdFmpv1ciqlk3RwU04FCEhC9
-kN1hhqnghWi2XzHZ67kQD/azFMLQZU1b0JTg062pMox1ezyVsZCejrXUK8kMHEnW
-SNSHkU6KnrSC4aHU5jSV8T2uANRsR0wQ80iBfuq+XcyF3r8jVsbpqQIDAQABo4HX
-MIHUMB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBSt
-khQdLivR+IqxtyEufo4ZaTw0dTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0eAQH/BE4wTKFKMEik
-RjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQADgYEATe1pMNm0
-Ae3tuDLPpXrBaSog47WFgLklqGnB7xH9+4x4SGehRirWS/0TH839Rbb/rmp0XptG
-ECuOUS+tqrhiMPYmWxv65XMpPfwKHjxj9etcu/MgXytG7l1kFwuHP08zu43BEqRS
-JY0NuHpCTzI4Natc8cB3JTktdUOAF2P22c0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:92:14:1D:2E:2B:D1:F8:8A:B1:B7:21:2E:7E:8E:19:69:3C:34:75
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:dc:3c:fd:cc:c2:50:20:4a:d3:de:11:60:93:75:ef:28:af:
-        87:35:19:c7:47:5e:f2:c0:73:35:5c:47:4a:bd:54:84:f9:04:
-        30:4c:a1:32:27:85:14:cb:ca:72:9e:77:70:14:ac:20:72:a9:
-        d2:6f:50:b2:ae:b4:29:03:fe:00:c4:92:96:14:68:81:b3:d2:
-        dd:60:41:d5:ee:d5:66:db:b4:f0:d4:5f:a0:6c:93:d8:3e:e7:
-        a2:59:90:af:9f:05:22:b0:1e:f1:67:06:2b:85:eb:dc:a3:16:
-        13:ad:74:89:dd:db:2a:71:8d:a8:22:8e:2f:f8:ca:7b:15:f3:
-        cf:32
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBStkhQdLivR+IqxtyEufo4ZaTw0dTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAu3Dz9zMJQIErT3hFgk3XvKK+HNRnHR17ywHM1XEdKvVSE+QQw
-TKEyJ4UUy8pynndwFKwgcqnSb1CyrrQpA/4AxJKWFGiBs9LdYEHV7tVm27Tw1F+g
-bJPYPueiWZCvnwUisB7xZwYrhevcoxYTrXSJ3dsqcY2oIo4v+Mp7FfPPMg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem
new file mode 100644
index 0000000000..f0fe0166dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 60 0A 20 9C 91 CF 51 0B 4C ED 5E 8F 9D 2F 1D 28 18 91 9E AE 
+    friendlyName: Invalid DN nameConstraints Test15 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTExOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK4B4XI7DVIEJPX7gqGREXO6XSno
+4X9Z4RamnbW0YiB1VGZeK6xusEN/StHlO4bDt/KfrvqUXJvm9D1oJjPX2rE6By+t
+Mi5al/5fCGE9rUov73jyKb4eUSCy5aTHfyjuu5b/ts46WkYOKqGEwSBCQLPqGR4O
+YXK5/QSZPIJwuvVJXwEp5/4dv9Fg2WRwRab7EXQfYut7AbQcyb4FrMwGPpja84JW
+q5jCvM7EsdmWZXhRvoDrqUtap+aotmfhps67INDFvoL4waIKzrTX2gmjO5kU62VT
+78gJfCWE2boB0tUsGGZLyRdvJ8SPbd0eEKykBejqvHcXb51ea205H8xZarECAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUgLzHLveOGn/xOHv0Nevd6VjGPFAwHQYDVR0OBBYE
+FHfYNlCl24s86ePnQaSo5hQFK+GuMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAGqCCsaPWvIjVZbJd4Eh
+wY/G7O/cnYbUjVR4IRbj5Ce0lS2+nspJK3D6gqT+DCOxZF6LJQuGOJP6sQUX9OHR
+T2oAbrb02A0UqlrpA3s9DtbspM1/yWcHoU9hAP81zVcNq5VNrcdqdFMvmV2MwSiy
++Fvlc6K8QhHxnDaL6kSfdci+C27FWCahH5r2N/1l3Bpou8WhTtjsRqvAgzj2yHRd
+DgJhZKMjtieSQkSWQF4yvkUMH/AVnD5xOpSqceaiVFqUFfRSRhHKbtq/eCNZW0RY
+i1she5uNHI3aMZS7cajWOltPZ6GYCQ9ovLddg5foIcr6YMaH5u3BYAUCdvMwZeZw
+8Qw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 0A 20 9C 91 CF 51 0B 4C ED 5E 8F 9D 2F 1D 28 18 91 9E AE 
+    friendlyName: Invalid DN nameConstraints Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FC1B613AD21A2C7F
+
+Ebd82tkOQya0n0wh75My+7nzbmeoUtouc5grb4vdfB5fiU6VOE+W+tV6qJLOUBXr
+Bue1GRFfVMkOKhHdzfK6fKKoaVSOxMZJhM8uieJrFnfGPwMhl52el81y4A6lvN80
+VKwybkHXZZ43kyi2CwUN1Qrj/AsXSpwQ4pJntYt8ukqqp1NN52HUbNFraHP+/xrN
+qGinXGbcwYJCmBhwEyC9LvLWDP8svwJFBsRN2RCfZarlKNjNxqxiyJzej0C/1qp3
+0ATwsmMhGkLq8UBNeaJtzppKQJh/SEeLS0FpKybImxXJ4L5vKOkTsTeDH42SpQnq
+xQCBf+4S2ZMOtyyD6LYVeR4pkWycJIdDtlfKNdsNt0ynitlyLDPqGM3L1hShfqpE
+9O7TL5rNzccnejc4KzqiSISjAF3tM5nYTPbyfOlx44XS11K36OMnMewPQ2Yu1+os
+NGam/6TTM2wshx2zH2bgxq2gGKIEcNn9Tlab3bB2fxt5Gu0WJZ+LuMW0KtWEGLJy
+K1kWkUE7cnF/sqtsbz6sZd5ooyJyOuJfgI+Y3xNeqbAaBDddYUsuORrXbRzRNIrs
+PlwddJQzcZoQ9lyN2KsTUi44zv2oc1BNBWQtRDZqimgdFouybnnhcjAD7Nj3mNLG
+ewf1vFubZeQRIGFkgwBBMgjU5HST1BDNbOrMxZiwmvVF01k6sCDvRlxRVaSZepBA
+ewwenA4hoaYpcXkgooFDuLfRFzlrtkVsO/3mpLT9PYGrWbETfdkKbWhQ0dwi/Vo2
+7eptrrZNJy6oyLzNk7ptXf1M5DVXDCjqg0yH+dE1RrGH+ursq0q845j3iwhMX7sL
+xlJcj/Fi8kkKI2YrzsDNbB557JK3RuudID2WPu7EuUYgbSVckX8Jl8P2OhH+DrDi
+PBHkJvnxaWLs9tZA3edfS7uFGeTobNP2Lk5Xvc3ecf1vGsnnLsN3F4UgT7u2+cKP
+WQ1CO0fQcJd7V79NzDqf/q7fPn3XM4PlykhZIVQF6fZvGpo+BJKyqOGRuNz/0YSF
+D8mqyA3RJxxkiIuUi9hogA52kuuMd1Jb+rZWMJzpg9OB6/B1X8TVR9NGcSS7qxyl
+Fl8+Vu9MdDT1VTtrWrAV9WjdBHUfrZ7ZGeEMoe6ZZHz7V7H31mUZlNZ8TWrRlv4r
+e2ph1qYp2DPNpX2hFyp62q/2niSZ4o98Z6IcIxF3ARjP5NpEH/n4lyeegXhBfC+E
+BEc33I6FFiq/vLixq51DkE4Dl2ou4TOZzpdSive3WYU+KVCQSaOFQIMPFwjY0ObN
+5rk7in6sac7IxPgAr4wB1xdwiAwKisDs3okGAAXzhXmkiN48P1CGaznDKUqgViih
+xiA+3cxCn5xzviO+lpb6A7V8NEgIHeSqL8BeRTkx07a8smQEHZFi/wjIc9DNYd57
+xDtwbcdvXfoJmtTQGgkzIWdzXuy0Gy7f3FmDV83WBfsv9RN9Kpgy8wn9Wbj4Z5E6
+HaIwE1/hQkXQSft2EmUrnGH5zmHDNf6FS+HR2w0OauvIsfkZ5ULrj8iy4byTzVbi
+4YGMGQTdBSCuVV06seeFhQpdSkVIBSM2U4ks6o3hea9MRx2U1CeT8sYria7trvdJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem
deleted file mode 100644
index febf0898f0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem
+++ /dev/null
@@ -1,164 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUyMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAOHnVdpKkQqlze09wh5nIsO6XQJwHBHVdhdaB5eaMXveb0Vj
-yiVBMk4NTrzIJ/7lL9J/qc4WzXAr1u1AFed4shRiiOEMAT10BXPoDfS3FjPytZC5
-UWXRE49DyE8Ksc9hSa0IBwf77wKXBAIM/ygc8XXYwFLHWy0Nbq1C2mo5AFpFAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFK2SFB0uK9H4irG3IS5+jhlpPDR1MB0GA1UdDgQW
-BBT3GktmXZE00780GNgXA/GoC2kWPzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAJtYdflHLEVQC1ar27ke
-RBKtpwSsi61XphZ/gDlrI7bo3wG41pjy5tvPv8xuIOsC5isYgU8dyjJw3CF5LRdF
-FweDdftBHwQ/zmwL1sWj0h01k2ggA4c0AHDqG1J9gPKRO42rdqcRUQ2wgq1rZSDu
-iaJY1seFNoxyls5MxFF26Gue
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCmh9zeM9BeyKndgrRFYNxn7+qDC4AKVdFmpv1ciqlk3RwU04FCEhC9
-kN1hhqnghWi2XzHZ67kQD/azFMLQZU1b0JTg062pMox1ezyVsZCejrXUK8kMHEnW
-SNSHkU6KnrSC4aHU5jSV8T2uANRsR0wQ80iBfuq+XcyF3r8jVsbpqQIDAQABo4HX
-MIHUMB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBSt
-khQdLivR+IqxtyEufo4ZaTw0dTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0eAQH/BE4wTKFKMEik
-RjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQADgYEATe1pMNm0
-Ae3tuDLPpXrBaSog47WFgLklqGnB7xH9+4x4SGehRirWS/0TH839Rbb/rmp0XptG
-ECuOUS+tqrhiMPYmWxv65XMpPfwKHjxj9etcu/MgXytG7l1kFwuHP08zu43BEqRS
-JY0NuHpCTzI4Natc8cB3JTktdUOAF2P22c0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:92:14:1D:2E:2B:D1:F8:8A:B1:B7:21:2E:7E:8E:19:69:3C:34:75
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:dc:3c:fd:cc:c2:50:20:4a:d3:de:11:60:93:75:ef:28:af:
-        87:35:19:c7:47:5e:f2:c0:73:35:5c:47:4a:bd:54:84:f9:04:
-        30:4c:a1:32:27:85:14:cb:ca:72:9e:77:70:14:ac:20:72:a9:
-        d2:6f:50:b2:ae:b4:29:03:fe:00:c4:92:96:14:68:81:b3:d2:
-        dd:60:41:d5:ee:d5:66:db:b4:f0:d4:5f:a0:6c:93:d8:3e:e7:
-        a2:59:90:af:9f:05:22:b0:1e:f1:67:06:2b:85:eb:dc:a3:16:
-        13:ad:74:89:dd:db:2a:71:8d:a8:22:8e:2f:f8:ca:7b:15:f3:
-        cf:32
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBStkhQdLivR+IqxtyEufo4ZaTw0dTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAu3Dz9zMJQIErT3hFgk3XvKK+HNRnHR17ywHM1XEdKvVSE+QQw
-TKEyJ4UUy8pynndwFKwgcqnSb1CyrrQpA/4AxJKWFGiBs9LdYEHV7tVm27Tw1F+g
-bJPYPueiWZCvnwUisB7xZwYrhevcoxYTrXSJ3dsqcY2oIo4v+Mp7FfPPMg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem
new file mode 100644
index 0000000000..c316526811
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AE 1E 1A 0A 94 59 91 60 A1 B2 34 57 3D 1B F4 FF 56 01 07 37 
+    friendlyName: Invalid DN nameConstraints Test16 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIxOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZg8OxefrZytpf0OyjRrUzPyqCB
+BZveBF5ZuHB7qRZwF/Qq1v05U23mk3+7fz7oE6xGAgPvNKjktkfflGZI2hRdPNlN
+GGqlc2YwMWDwLTmtS0hyyT8Ui7AL0cwHJrDeau7litk6uFOBP6VE7FlUEnMU9ENm
+hHBOmYt/tjARDf+kzSle2+saArLbWqBPdMtLtRwD3vTS9Zr+DvccEn2Jx7YiSZDM
+tRJaPgoiv+15Voln0E2/XS2fDdog4olDCO5fZ51KNIokMmp+6r55yevXxWxUae2j
+ZBLFyfD7hS3NTGDBhCFEry2dbRZb/sXOlPSwKN+x+QwCWBRo63UArRoi348CAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUgLzHLveOGn/xOHv0Nevd6VjGPFAwHQYDVR0OBBYE
+FGC39OnVftLAciz19L+MYPKsjyXGMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAE7YpcJArWSxTC/zSZh/
+22a7N/+JOQysAJJ+wKuudXUeN//eiycICbpkUy+hVF9JtZ8Ryy07GyEXm/CMg/Ub
+PX1EEvIkH3nyAI6rw13hw2PywCzRabDXwaipbRU8A4dhTh3IAcuQoCcnO4gYVBk5
+2Z2Wl5v1jXsCzgEj9gUuZdwLeWqJ2NIQvrOIvauRDP11OcUs69lC7zjJLWgCQ9y3
+2UC8nFkkN85P7Mc4A90HcGPJuc1DnPCTvhY5JdXem9/snjVcpa7PTbusyZbrh0X0
+inB2hldbyOVTyX4mpUsUW1h2X3rOETdkBHZuLwWRwbyXc01ElGuGnfgihaX1w1i5
+BoM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AE 1E 1A 0A 94 59 91 60 A1 B2 34 57 3D 1B F4 FF 56 01 07 37 
+    friendlyName: Invalid DN nameConstraints Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EF370C6F852FA1AF
+
+Q+F/GgVNCGwQOIJ1hUTYigCtf69Z66XJ4h79h2Tq3LzgC3OS55xpdLWgxqDXftbv
+gxZuben61n/Ui0vpQs5g870JJcYLJfic5DXAlRHsP+aXOyUssvJ4IV3UetqnGjF/
+0p2rC0jgjdIR+jdlXLjPU8JaegWMdd1/Mx67PW49CfWg+ZvnbIs0UB3ADwrjBrb4
+OKL9dkVXqg0+pPjXhOgD62GT8DUXtAH24o76E6gJLBaivXHnihxx36dVdmOYampv
+kVn9NHir0isprjjpY7Es8QLDXc16HvEyO2oUSRcE2x8tmblUyuTrm8+CFfYQ2Y8P
+0zfa8bwDdxr8L3/DTAgsam/ckjo6wdOhvkqvMiiErl8DdoLyAysCNRhhDROkr62V
+syFeJfzOP+5RvHDkMaHTt8QpsV/2yqW8LoIyxhnDHxh4+SrZDjxg/3sh0aNApWOl
+m/WVsBITcdX4w5XtnkqqOWVr3YH72aPy7RQ6MSYLHSh1q2vrYOrbigcFnwFWFag1
+ZlavGpxatKwADvpCslZqM7NtSQDF8onL0vDaZ/1hU7BsLamfSCmXhlzeLyqCKeLN
+XtC3fMog4Gy8qOYC/JEYAIptZMjjuocDfbGVhUrJVhXxqzBgUxxAtw4Pm1ZgNxTD
+0qS438itpk9U2ZT15YqTOidKclWOIYEtJx1BHIZXCbgXl+YToHH1WhSDlPrOEr8v
+6Ptbd6KgkZhlpkzEi5wFo5iWCtHSXPD3dcv36goD/eNU/FcjtuTSWUtQdrS6sBks
+m9luLlHosaVb8VImmbQpyzLyWBVWg5NnlO+DjWM7pmQbFRGsIuHc9eP8H4TJ+6ci
+P8AiV3GF0zQbYVBT4Uvkk3J8lGSsKYOFYkDIrxaLid66dWEjBvTO/McXTbs0EhqO
+iOLms7t+CH1Y0FWhL5fYOWj5GxjY+ZNPv9L1geVSPydGKw0nCtpASXyeC5RTJ0lC
+DOBEBL727nwXe847qxdt2IcKJPEHiTkyO2+wUxw52Ge/Wbb3iwF3uWJBDZwiMzdL
+3RGAYe1pCL/rh4nJ2abp7iLY5iaqqTlKebSV8KQf8jb0o/oNvNPP9Mpkcis3afIG
+ntlCE/lxCSSxG9VxMmRUZaYIiRP16c3yGCNaBi3DKXTNLXUZ7q+9USq0co5IgpkO
+f9eA+GZPYBkvfxXUgIN396nGpMOxlbkueDjK24oQmdYqynVRslmj0VxYGC53nrzw
+8EO5qdETufndMNCWWB1yy9xxxNjDI8DibSdC2nd/b/U4egRC6OJad7RwpOWy6Kdl
+dPQHosJBaLJLkpCjA8HXgnEcuk3PrdzjL7MiO67QxbW64ZRA1OD7ib8iS60/ijyi
+7kloHMH4WJlf956AKxTENts8dbKaXP5H45yxuc90H0LhZzenSOrgcFIIwGzGZtow
+yjFHY+5O/lXvXOgKSC3UnsdVXVqrw6pvKrnWioodr647xfUYw252KSD1D/xW54wc
+Mi337lAgoExNUJEzXilq/FVYksTvcnzCgIJarut6jqCuGPzTvVPWz6h6bgQv6A7T
+fyUTgdS3WCH5nBhGQ1k/CWySuIsDHuxrQVbYBpBl2u8xLEKxTgOx7q3IZly3FWj/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem
deleted file mode 100644
index 0c9aa3554b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBANw5GunDquXK+XElcoKtGRzY1ESARSYhxi+qK4BM6L0rxSe5
-tXiajO4Eb379Qv2z7wkn224q4lkLiiry/gmRj27aTjhch3XF5C7E2hIeHz5qGtcu
-uY6vyT4DxweIYibYubyBZC/MCk2YuLtsLiSd5QuyXXmQYZzeyu2SpRax/nXHAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFAtIvihxakgkCjziStQFKuLXHjXvMB0GA1UdDgQW
-BBRFrHYfuo8284F89Fc//hnutkf4KTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAEPuGBhTmRXtD/1JNHgo
-Jj8yfLsXQzG8AENHe1KZs7Kpj45M3p4u0TGUJI2S3MXh3IY8gEf33t9eQbJIY0s4
-AiUXe1G/CjtDeo5ZkfTpZHRd654czJ9oLQ3c2vczwYEeaeLxQXqEFS0xewIz5udq
-AUVVqV79i9BB/BOmAx9qBkiH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICyzCCAjSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDCH3OWCAvPFZXpNTKMN3DoOML+FK32+icT19l0MQXIXBqoJyw8qF2z
-xcl4ahdLxfSFpf8OF3ttKbzN5fk2/Dxue6beAMs0L1r4VUilJaUhOmTMrlYXB6UI
-QX2nzlu6lZbNrI0VFt8qM2C9CdbG+2ZQuJQQO0BtHXWJC9el4t68/QIDAQABo4G8
-MIG5MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBQL
-SL4ocWpIJAo84krUBSri1x417zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0eAQH/BDMwMaAvMC2k
-KzApMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMwDQYJ
-KoZIhvcNAQEFBQADgYEAV7W8Yarxgw2gPgl0gz1Vz7IdH6ZbzLBpsB0W+gyPTd+R
-toE/N42Efda3DIG5BoxqTj00uc9j2GF5LqBgKaEieenzkv5E6qbTrZ0F/FdX1c17
-DBpRvkchpd4FACNL+FhSq824LEKdBDOx669LmsH664nk6NSPtv04LjUxa+822aw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0B:48:BE:28:71:6A:48:24:0A:3C:E2:4A:D4:05:2A:E2:D7:1E:35:EF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c0:0c:a7:28:80:0d:2c:71:66:4d:67:82:ec:c7:30:4f:48:29:
-        fe:d4:20:82:f2:5c:e6:ef:24:8b:9f:f2:b8:c5:3b:e0:86:53:
-        f4:b5:fc:67:db:b2:1d:45:77:8a:78:47:eb:63:bb:43:b8:14:
-        c0:05:ff:ca:7b:d5:1f:fa:df:e7:7a:a5:39:e7:00:ed:4a:d9:
-        6d:fd:d1:78:a1:44:f0:71:f4:89:4c:52:d5:ef:99:5c:59:eb:
-        80:c4:5d:ed:48:2b:5a:55:0b:d1:df:4a:a5:49:69:f1:67:a2:
-        aa:ce:9d:99:9b:74:0f:ec:da:60:d9:3e:14:45:a3:6c:5b:47:
-        fa:d0
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQLSL4ocWpIJAo84krUBSri1x417zAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQDADKcogA0scWZNZ4LsxzBPSCn+1CCC8lzm7ySLn/K4xTvghlP0
-tfxn27IdRXeKeEfrY7tDuBTABf/Ke9Uf+t/neqU55wDtStlt/dF4oUTwcfSJTFLV
-75lcWeuAxF3tSCtaVQvR30qlSWnxZ6Kqzp2Zm3QP7Npg2T4URaNsW0f60A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem
new file mode 100644
index 0000000000..7cf51db10e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 0A F8 83 93 BF 5D 4F FC 86 5C 8F 47 1B 63 B2 D7 BC F4 A3 A2 
+    friendlyName: Invalid DN nameConstraints Test17 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTExOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP9rpCat1D5Io1BWYqPNBT3HkkQ
++k2vKuqHt9zXif0WRtnmGzqUvpy5crHBlToyawqJQAMVPMt5W/gTJrzzV+Bf79+X
+yetrlM3qs5n5eNfIU5D897S1AEfPIkRdjR9kdL1xZYkDZrEBmFHgsRS9TDK+01rt
+aJ2qOKscJI1z1ngZUZscSLwCwznvw44W5AP6WLxX+g0ERBsNRjakWQS6JlWgGvn5
+oq5PYqnrIh7TgtGgjL9jVX+xbz8lg/f5iLwbfTw6SxGMZV+89jrMPHjW+58NMUDy
+2kn5W7B6eUqUOA2Eb+oYKWLujNqYeaoUZa5TUBo2iUV9WnJ4ndiMHwzveOUCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUzATtaigdft5k6gCIKux1Eb+lLmcwHQYDVR0OBBYE
+FBFLTj7lB0xsW4f9PPb1I2VfHkVqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADjr4s6VekQmcVVddOQH
+8wbIQNXHEQINEtlqUQqaCE+wlszME24sKPs3qMNEuVyQVFvwZdpnPXF7/oSxAyMw
+yO/hzSGcJmBEd1VvlabY0IJ/PAy5vq5XuQk0sWbWRAOF4bcgAdn8gH0vCX+6+ajC
+o7znSglF/G0vsEkaqPhaUk7Ookee59hpHSKOOqhp/f82/BFjrF6lo+AJcRKqj3rx
+aMckYizxJ4+pLPEtG7shS5KKZsz8PW6DHDhJpNe733gSKU4wx/Lf9BNBRdlKmnqo
+EmIG/lzkZWwd4kh3/CGOko7qTLcLQy3ARHRQg6z+8qhmtTySJriamAHL/3nIFKCx
+z84=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A F8 83 93 BF 5D 4F FC 86 5C 8F 47 1B 63 B2 D7 BC F4 A3 A2 
+    friendlyName: Invalid DN nameConstraints Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,076EA454D8F48AD9
+
+znVgT6cIGCKODD69NLk8D1gEFWz5Z73ySLjV0FgXUrhyxphSEAeEcg0VI9bP7qzJ
+LBTpalVSXEaydZM6cHxjD68IYb3C6hnX4D0DHshzq425oK/BUTh8623SLxDTFLA3
+pt8iX21ubhngnFRNseZAZgZLp9xdH63mlW/DwAn0PGgks4mhdjHcJUmkKqsVUavZ
+GSoAjyC/xi1TEE/sasofRr5BvoO3xbn2NnzgO5hPPbZFgZzJ7KCHl/QHm0NH9LBl
+Vmmb0es8oAqL+z3NfcdAJJE7Czz2ItXfl/iZX9bmOv+u+RWPZlHI1PwTnaCCebcS
+Ks+n+9J1CaS1pu1ztvOSJXD5C2zOCpcWTwjTnsLs9y8Vc+MBls5PDWLA4qx9tiqR
+dF3rZBBN+xSWZt0ahbHLkI/F1jMBZtA8OOc0eKs3+kmadSUr/koGvyN51jydWBJx
+VRsku6Frhj6/RSfOEi2nB1wg6D7lryg29+x5/UCj1vZeT31r3J9k6UIZvd0c2D77
+rh9OiIwO2bNb3enSiEd2KfRPCHKK5LuEwq9sECZRYjCYksRt0vmFRflGbR22nvAV
+bBEwxxcGxC+T+XWgDJiIoWq2d/C77PiSAQTVaSE5WHEMFJ0MtxEvw5mAv2g74lIP
+cj/hD0tC27mB94xaLIfcHlQT6CtCHwYSB/7zlVdMBHJbwyjTIAvqIFYwhvLweCGC
+Q0aUKqXwBVaVvZypZkGKnjsUukLeX0ISLkrmMv0r156nTmh2pyY2AaSDJi3jcjbd
+UAnE1wHbuELkOTsyznDgxMiOFGlySEyyzGWSimzrmvCnecQOi8nV0YnfG7S+ITpb
+FBVY9tfP1ExOJT0TJURihJpWmXNKmd1LiJZTa+eXZVaqNKz3pgb81tPFcXZue9rA
+vtyG/fG67CFoJsPorFEO2r5PwbIgxl+S55/oTyc1DUDGF8jGa5CCj7V8OnPH2/fr
+eJ4x4pk/bsjzWIZg5cFHmQEFZZZTjVnsf5uiVGCxKgOImd4maWXZFv2nsG4RXUNf
+IwgJcNXeDxgEUA3RDFyljIRC/qtedSo+dRiPJ2O2yjsnjwg/o56MzjB8EkBIUrH6
+AD6CmUxweF90v1XShplFKa8/Z9suBTmXAvuwZPXLbES4PpLwXANxDGCSbLNaWfyl
+P5Vs9AmwuMbI0QBKjiWrxw4mijFy2Oim5JX8GP9HIYhtFIvYy7JcbBBsI6EZgyCi
+ZVAjdyHg/ECwrPBsRRIRckjYfCCJ02ZiIxYQNec/AMlvJUo6MeKl7Hl7cjyAANDQ
+GXZxilURtg+ITxh+8NtjIrtQDIjxKdyTNq99Bk5UuN0bAu5AklnA8asConrhp+su
+4VcFnYMnlrhwNra6BWna+Mlw79+DF484nMbaIcuDg0vPuzYCVwgJvdV6JOWWXM4b
+nb4cIr2oY6VD+he3ZkFYTArPS0A+aZ0eZphwJJdPy2T1B4Ed5bicBRIq1eEN5JEI
+L+eUyW9HdSf8lso6eMRZ7MWPO7L0KNfXf9yPMwMoATgrOoX/3H3ktIguKQWNiAuT
+ekMbzY4kgpm50T7wsBPBw7K4+1HLIdW0xxj/pGKKXstvNiEigu3BTtUqLSO5ZGGm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem
deleted file mode 100644
index 04a7eb62a5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCbvVmVPGFgKGPBqkMhQ8HfwsS10dQ7ark92qOnKM0cmOtqxp7Y+5xK
-fVwtP4znhPQr3rGzj2x81FCIghi3hwSRBg2O6DhpFdTAXAwHnM0QkUb29QTNqRfW
-E4jOPciTY/BonXFJXf+VM61ntdAT4aoVshmiy64p2SBUhRYA/QrYuQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBROLqPn2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU3rps
-AkOOTOy07L8tC4ckaa3lRqMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCOtc7hRrlpfYG3VtjPhElE0x7R
-VEiASfooTBrkKHNkajTVNgolaJq1+1UqMpIFCe0KBUL+k9YQgsjDbr3m/oL7ml3x
-9iNWxEjBOH8YRaPvArpcb6HMvMVTdbInB7T/ogFDs2bdUBWt4H2KJLoogGJjLBX/
-NkpGvXdFmxasmv0wkw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem
new file mode 100644
index 0000000000..3635391d3a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 3B 85 87 B8 28 20 E2 20 BE E0 2F 14 5E 60 AD D7 A5 CC DA A3 
+    friendlyName: Invalid DN nameConstraints Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBCTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+ME8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR8wHQYDVQQDExZuYW1lQ29uc3RyYWludHMgRE4xIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA1ExvqY+GA/Rkxpv9Ks8KcNqtdknXm5idOg9XrvIe
+d8xy9vkyIs8iZbBgoOI9JI2mhabIchnw9ALe+XFtKL64UEWS2dTH8EqhLgkoIfBB
+B8kHZhNaiUxf6kjvOx+/H4TWeTws9iawctciW2FwmmP4G4bZlBP10tZFAspJj/fu
+UWJ4rZn4jks7qHNpUOpZw4z8Q8Xf7cKLLSloCIDIJtyUxpM2bT/fC5w2Q6Z3MmKQ
+BMi38zWscyG7z7zy6ceYyRBlG5xRsgCYUsj5sWVvtHn3uDpJ6XAW27Im3YxqnRuA
+R7fO/i4pNX2RZpkFuJhQ+CveyXXvj0loAbcyDAX8OcbnHQIDAQABo2swaTAfBgNV
+HSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQUWEq64IDyyEM8
+lrIC90qylY3WwjMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATANBgkqhkiG9w0BAQsFAAOCAQEASvXlo2YzLidKbhlVkkfFsdclc0NAn1yT
+YgVEgLpFixmVilXQqH4lX1cZ/wkFljd90H7VUQacMnqfacLOyJyHLBhxA1kBv+bG
+bERpTDveXwmBgNxs2uMinO+EbCEZbWdSrALyUyLrJUaiqVln/m9gtA3tnLJ6/9lS
+uHcZ8uYHjZC05SQOgCp2GI6yo/nS0Pm4D9Z6Ljh676Zoc+Xqe8mbOPUdCNfnv/xS
+6jIIN7HtRNLUWlrq0RfT7T2oOls0lVX6vE6tunEwh5Nqw+aHLFcQNRJw8nqeoJ3o
++1t4936HAgpU6H9+qejS3qXKnGSalhyEZF4B7YIjMw+QgMq1iy3FDQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3B 85 87 B8 28 20 E2 20 BE E0 2F 14 5E 60 AD D7 A5 CC DA A3 
+    friendlyName: Invalid DN nameConstraints Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3BAB1EB257C75977
+
+RJHzKgebVBCq5Ke0uIHW19JC7LSCkTYhTIdLpy9yRhD3dFndup70fBmZrWu6Sgsw
+FNU22CTI1L4JfftRwry0/xsM48FGHdW9Jo8D++OOeC1Rkzplw/SC7gPpDpE0YP/f
+iedr244vRtUemUI2Zqqh2Np/lzrIl8GWraoRKsCGbGzWe7axPtnrlMaP+/YR3m2D
+cOVmDl3iYwwkMYgDZrO7lHop6fdfCRnU32Aws3ooio/eR2/GUbYJVmkxP9p4Z1Uk
+t6SaBau1R/YnEKYAxJCbiUhStiSonBgvrMkZ7uMGdsMTkGUqAmHgtzsKWq8EKJct
+viHL5AZ2+tGB+feO4HGnT7ANEO5V9+ygYpfvbolGSpB2Ym4E8I1e7henuQtOSTu+
+dmib/dKHovXFtB5AVy3kdeP2cw74/bLScuads1oMR4GKn3VaNzyFbdY4JkQJiK6Z
+rfKYdJkna6Go6bSVHAb7nwvDLcyrFc+5mR6bEz8j25gq/RWm2N22dqRG8bBo85iM
+53KAhOYrYwd5AivXjGtZ2gkHAbZ6ilublmd5/7lNsFQbUatHMa0w7Db/8cFADDfC
+wB42czsmHFBE68jqV4AUvIWssDCPXiGyGsZbpRwxDPkZLg3iXS04LmB03m0+f+L2
+D0DxtBiVuczD4jhnfCYokjL41PWGT1gNaovyd3JcXNUjOit6m8ndZ3hih1B51i67
+gLXxjaj80ZFbNljAUXo58GFinvYM5PlRKTOGN96PZflivJQuy6RK8UY30O40Ir4k
+9RX7MFkaIKDnoprm3hv8KPaAP6QFXuCUNwG0XMdEX2Q5I0LKi+Gu2ADfMnEq9Ka1
+rQSzFt+Wq0AWrisUy48kgAlQeBYkfzE0t6njTO4gJJPnMwSptBhPnFhVHH9mF/Fw
+PQl5kn0sHi9sNucvQ0Oc7k1QuhbZPM2oK6YngEEBC10t5Bu/9mDZnBOqNQIJbUxL
+D8pBk5XiPNal5MQkeTCFqya0vJTXZNIcvsgZTKDEfmx1o+rblG2YSRZ+nKux4nGf
+iPAPYRjymw8+YyAnpbPRcI6pzF+aKY1C20gs2AqWC5dgQkOlcKY+8kFqeXp3Rh7t
+S2uz6p/uCupugKKd+q5DrGsNQB9eO0D5vdZ4Aw4rnLK67MEbJgIaneXzl34xoQ76
+5Lf9ws7jLo0jvhq7HztTyKTvHUJXG+8aOb6Zg/S1LK2LtlGly+h81FECtNmXR7LL
+t0F84jkQeMrIcEtmg0QYoJ4fTAvukwhdeRfggYgEO3EXl+CIDWMSXVcn0++/SFCO
+QXufLmU2ISwZGc53oRvC/eiDQmT46AygqJCV5fMoDwa5o7X4uYXh9+H9Ayxa9Zmu
+VT/59nvNhU5oNI1owaLgsDAywLm6l0vaRbQQVpHYxwH8D49uXXJu3Ad+cz1NcSlr
+/L3qrGJ+42FNaMrT8NfrC9MjjAOgGA/yHAs3C9KdJq3SVB9Ff9r7lFujJGHVIItd
+sO5nhzgGXwjDL5E/3CTuqm2eTiLm0xxeXX5aK2KwQ7dR7NXcriQgNSQv09jgWlqa
+KAopv//ImlmYGdOrb2UN6+ICTti1hhf6iXEJmAI9YLwEBvuqT66VPw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem
new file mode 100644
index 0000000000..60e47e3724
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DB 51 E4 D1 79 AE CD 38 A2 4C 2A CC 70 48 05 19 03 13 80 04 
+    friendlyName: Invalid DN nameConstraints Test2 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEhHHtIQeSm0sk2SFRU1s6R4tZgm0tafsm
+dRRDgwig7Ne2fUawQFelK+hr+kMzQJMCb+ogMkzZfPtgOjDnhH7Z2964MaZPHzpf
+JlxY4aM6A91wZ4WopRp24jyeMmKlH/CO19LqjOc+UBuhtGUHKk4ZFdPac3PMXIXj
+x9ogd57ttbYdjIk9Ix+X+o/tPnrL1Lp4RSjhkPs4VnsOkm90rgxEwNZTyCTgNVkc
+qhJE/0eXgBIV7ZXc59uS1TDVImybZa8NY79ClvJ0Lhl6mvtPnoUvOgOZh+SQu0nh
+OOuy8hzmhqNLqTYkTDzjtVzOHW4wKZ1qfwVjcmXq0fCR7uyHdup7AgMBAAGjazBp
+MB8GA1UdIwQYMBaAFEF4QkbNTqiC5+E53/epFsAK/O+GMB0GA1UdDgQWBBT8c/+k
+4lqB9ybLskI79g0ctafZ1TAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBW6ljxbVxaa654QlFBrLWa3bDc
+FfC1lnbmE0Ya1pzkcIbsD+ayZ0JcKcuLPUjWp36m7BpuIrmEpndmc1O0cEQyqveH
+R9vfSDxd3/R6jVMQbFfa10HVNDmlKrjYyIq+FQla0qv3qn3W2icJWRds031t92+6
+gb+fLBd3YMXEtEH7+VCQNyfVZo+9F2xoUTxKWSr52jsxsMaIdRXjZUIZBI8pZI21
+QcYSdNPk4TxvHgbQijY8+n9y8qV0aPUckZOjo00KczVPtytT9v5tzvNk3JubXJ9W
+hh+9WSe9uJT92xu6e3aAt1WVhCx0XIdg49GK0hFQs50dTT1mLAoi6aGEd8+R
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DB 51 E4 D1 79 AE CD 38 A2 4C 2A CC 70 48 05 19 03 13 80 04 
+    friendlyName: Invalid DN nameConstraints Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3A5D187640629E66
+
+R+I5lkrhsMjEbdFbvxmcljp5A0rL8EcZXNyXp1qZtrvNK2wLbKwGuYJfVhLnsKMJ
+y5Iloj/U8UHGe5GhUbxdE3iCmUu3UXheHTyU+IGWQvnH2F6KZm8dopYWMAqZAJfj
+PHJyz8Clv4c03i681QCQ7LBHSa7voWOEHp/9oeheeZFWeGrIR/sUJ9cfSxIBeeDR
+fkNwDsEzWmGtMhT+LAN5A/cA031ILesY3mdDY+ILePSAy5/+x1dcuU8vbebjgvSk
+qx2iXR++ygK6or8UWYP3Cf+xyAloCm5eKmLwQUMZ+IwrR66pXPdCEKEbrMw5p9Qx
+ZrCctSzIH1Aw+Gmy8gTSUCNdx85vRCa8Tn7joj2BK53YzMGtKGzA8BzsV8L3erKY
+oRT3fji5cT4dJRTvxROWU1GOwW/r2lYOYggg+uNjEo6OwWydX06X29rC3fymnkuL
+hsVNOPxDc2ie6rcDyGqHjDpmiYOEppQd23utZKIHQyPhag6rTC3V7AgPCjL92c19
+BT15n6Wa8VXXos6PBIQHWZb4dUj1B9XwTQtLoZZv/RVnUjEMo+NNCpUwvK+5ke0V
+9/xtiFNnKedcbaMVNku9XlmSaKjX+fsmT+wulA65Osc+ZEobJ/EXC4AVChRsMl9v
+ujiG1z+Vo/UKEmIf4/8PXVZMFSLNLEaUAO9wiJeDpeGAvfAT3ScIH70nTyR4q3qf
+4DRXq404NTy8AzCy36PufW944a5+3FP+q3afLuuzWVvytQun6byFZOE6fo7zcOn3
+mEnbG42n9f+3SyS1ND8yVwAR0VoqRcmk5QtacUE1tPrX5pvVyphIZaKsadmf9fsC
+X+TJ1jgkGDCY0RxGhR9uGiPNYPjNBg48o7/w1LSYiOQ6LHwf3PBYHe56E2MSOOeh
+bvpu7eN35J8uwswfXOZxefmEQ3COUGAZnMcHn/q46cyLpEqlf1s7tPyAjIAV2yvi
+9ETgUD+KCpcQSn5qednbVPStEgljRTTM4pR+PFNhNGNgqntuY8HMWzHFjsO2uafF
+0mhn8ytDbziAc6IvNo7xbkTOzjY+CcuirfN7FsRcyxs0qvwQTWcB4yj+c7Wg0W7S
+O8qZ0siZajvOXAgMNHNnYZFG7YiVl/IwMXWTQD2pk6Ff2PEw6pD1c+w4hPO51z5W
+7kUXuwb1tlcmSeYz1PDu1ozcbhJOpSuECq5E1ezX4HrNIbpysTrVlzx3cnSVyhhW
+0AJ7dvVH0NuRBSLhfKlr45K5uVTW/Y1zX5GPte6fauqj2JFvG9NNOeUYoK78HBk+
+dvrrrKpoLHsCiRPL5OJPRRb510+b6lZK7YLW5uIF0PvH3duS5v2m54jcB9HUBr4+
+z8Z2czuSirHRjH7gXp4OTfURUkCI9HMRz1neYw9G+SxwhJWOYoD8iOzEuqmAbLOE
++ErjtU9vz7So8VsvhDSmZy5cyY+pmg1HGAqZvUllR8ZEFPMXk5c53I7NEoHURO1k
+KQAPj3uIv8ONuReC/2/HLH/0qtaLmVdJNuRVqI9fX1X30Z2RmcvKio4GpZYzNddr
+MvwSluhTd8Ir/2KJJ/uQ6mgFSrTvtU/iWJAyft0DOIJMrcziBTDVpg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem
deleted file mode 100644
index 7c2b410b91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDPTCCAqagAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB/MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTgwNgYDVQQDEy9JbnZhbGlkIEROIG5hbWVDb25z
-dHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyUV/VUccWeiLd97UNg9PsfI5JBKyMkLviLCMbEGIggBG9W+5DKyu
-loDjDpVTzzz4pO4/LQqcZgxP61RsM9sdvJTyxHWpU8fEb3CFFPX47WEEdzFEjvay
-iqEorgwgt0OuiDc6ygpjvje94MD9/tn2oXGXiZXf225UPJOAg/4G2CECAwEAAaOB
-/TCB+jAfBgNVHSMEGDAWgBROLqPn2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU
-XNZp2F2DSh5YkgNExED/5j5eRE4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATCBjgYDVR0RBIGGMIGDpIGAMH4xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0
-cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDMwDQYJKoZIhvcNAQEFBQADgYEAF0YtbEJ7UriPhjA5X7Ms
-bjlEt6/l18J5LUKX6SdvzojVZW6wSnfiinjESVIMS7+nvplPU1D5y6BBzB2jCHZx
-uxC/Db9r8CeNek1COMl9nvav4pyuA1e+INl/it59qgfHMZ/pBdsYkYKI3B31oinp
-TSHj4AKIIi1y358PHk3BZWw=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem
new file mode 100644
index 0000000000..bbb2dabaed
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 8F 46 F1 9C B9 73 85 3F E8 0D 08 C5 23 3E 06 4A 97 E9 29 90 
+    friendlyName: Invalid DN nameConstraints Test3 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEVTCCAz2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGEMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQg
+RE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QzMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQ+BCdHFQbNq1Bp0GEuyOvaYS2gc2xwp
+YD7153M9L0wHxwNCAnjTjFdAc5e2SLlaCI8Bb3ZbGl8yTKyXaJ25CceHxpyzNWW+
+elq9FJDZjGpxZ5hbiYnhdkS9RVwgkDbVXwv4QfU2blSlQy1vyAH8gfy4mF5XJqfh
+58o+tcECrOZcD+116VHrK4HIMsp+FBGowH6VNhuyOOp3FaXII0NLLUVjBsjGwbkj
+3gFoTq5dPnTuFkr5Q3RQw55A9vcJkmzxHbZko1UiywiVIbcXHneqWrKgyJCp00sb
+w3gEc1Gk8jpKtluNsj3ogmnRrG27SKjcpVhZi+KLzOkAEOvBAVU2/wIDAQABo4IB
+BDCCAQAwHwYDVR0jBBgwFoAUQXhCRs1OqILn4Tnf96kWwAr874YwHQYDVR0OBBYE
+FDipyuJ4S5MA+1KCLlTd2a5ByjG0MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwgZQGA1UdEQSBjDCBiaSBhjCBgzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAXBgNVBAsTEGV4Y2x1
+ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRz
+IEVFIENlcnRpZmljYXRlIFRlc3QzMA0GCSqGSIb3DQEBCwUAA4IBAQAbvjL5yhOt
+fWiiB5PSQ+FM3M39S/xDOI5uMQpo0Z/KMs/ENKT5SVqKeOGuNOItovk0pNpBfrOr
+8jHuo4KuZbWiVUFSrUeB7gX6lJHXoM+Vqa602UHkrxKeZVQGEQ899RTysUH/zW5e
+RIRTbU4GVuYYyFl6PXp5Ve7Fb5grC6moak+bzuF0eN/GTrp1o7l036LHSdAbi2qz
+Blg5KbihSptmhELFjnC2lZyD6eyYvpcBeW0qUjH+PqQzqdOnrxpfy2aH0qGWceMa
+y7RE3OZklQsUbF06hrhuviBgkz988Ih/fVXtANKOIrdsEZXx2UoHOGILDpZxa+WG
+Fov/1Hl0j699
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8F 46 F1 9C B9 73 85 3F E8 0D 08 C5 23 3E 06 4A 97 E9 29 90 
+    friendlyName: Invalid DN nameConstraints Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C504397326E13FA8
+
+JVQONDk8Fa+egVOWef6gv8NQR9V+3X5PzOPmNMWb3WIipTeXloazJEki4ei8DaPb
+CA2TkayTEfIm5jN072iS2aUQtSaQvwX6uh8xm6mEmPz+zcyeolxhMfTsIz8n1kVP
+a0FRWb7u75H953g/ojaR1JhiYXzo9RkjbQHnCu2iwt2lpE2aZ8nf1ngJx2p0hcSl
+xWZmWU7DFF1AQIK2oHCjd/iWQr/yEi+Btlr60Z8dVRiRHxVj+UHhmn2+mB2JzL0f
+CFwP2xOQ6z0ksg+GzvVu0CvM0NQn2/SrmlvfiGkoFbCzX3b/I/6raiS7hYR+G9Ju
+X4NK/2jOsFRX5itDjCn1SADuKz1hP4sy6B97psrvDr8aYvDw+nN4Z17mOI2zrvF6
+sP3OOTMnFuWfY9fs23qCnyZ0mmLfZrw3vKxQPH/oBlGDbtM+tRG7jUOdU/NP6XMG
+7mYRU31GKHHsQXYBWSLMRyEBtsnP/fbzU/krPk56v1EdZoEgXt5TeBIt+C5XQpe/
++8eZvxJp2VDkYjE1OTi9CGf4A5aobWy/OnjMMXLzm+R1O0Vc7Tn8rObEDgoEYNl8
+7DfH2ESGEWLbdrto7WmyI6oEPyqRcsxGSIgb7oKLKEcu1dqfmyNxrgRcUUB6t3XF
+1becWs93DrU2p1MIaqJ/rCOE/VavhLXsY1siAFS+04+Fpb0eKgCiffHjAVGa3pgB
+47urVqUo1ztDKZgX2mbrTrPfhfd3nockXoNq/+BJvNsMEXrwwn0SRrMAy4MGhU6Y
+vwlUbnEi2GIXjauvGEF3L1xLtL4m7IuhBuLld+bzo9tqcohdgKpnQttuOP2uz81r
+uphiyTcP5kvEdcY4qNx4C3N/VvryYzyrNK8VwiA790jTYJ4Vvquv9j13NAYYNkv+
+Bu6vkw0js6KZeKKsevMMfS/OR5HboXJjB4yiBpPRtt3jPIikXxfZpokAbfqKReeu
+4StZjZS6KrgRnVCUom7dhVU+N9+KByEk1kNna2dh+tt+bd4RNI6H0ZDb7nnW6yjc
+0rV45zcNH+Hwfn+H7+1wg2ayd8mF/DarKXANKGYXQ6BPa1n8oc39so6vsMO87CtK
+5n8UwiIgKpteEAEy/ktysgi3Hi8ieLJaTylOwZBec/rW8l91AqNzXQYas1xYQU2s
+nbuaLK8n6tgHQPDtq69KCRm2Ds2Mibxoa44uTSWFaWGVDCQT8HwmPdmQLe5xcD/0
+y5uHHsnMrUmw7uGh/BgcKI1D8jCKs8ehVAZNKcXLE5aYzVfKXFVps7L0BmFs3M6H
+6yH6Z6Xmn2oHH7aeuAjqPN+0KCFiDpi5+3yRovgvi0qUXI/h2qvKTLemmOO32Ld+
+x+itnJY6vLRt3q6RE/iLGvCPJTtd5DNyvsHFoaxGZp4arOzlAZfkbKNC5SFu0ijJ
+4LXOkaPYGR8p/2eroUtGqg02tUFz0f3jXOk8d5NTNoiqDawgXJ3E6yTGvJH9Km5e
+eH8WFD8g7OWvwSvcQVQ35hqnoDvpFptf79AZ2qymQAD3rghvmAA/nslcrHzEXk9x
+zVJXK/0I6gQhy1VV2pR0wBHO/XD2mAHrVATuEB+Z3bxQcgL3rP/pGXqui99BNKOS
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem
deleted file mode 100644
index 66b10244d4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCTL1HBt+N66tLKmFW98QfimYn+8h4asDqh1Q919/M7TSNyoUAS9y3U
-ZCRVwviSwB78P1HReztqDDX7dkKHazvtXY28fVhPwv1lCxj8sh+U3QoprauZoukz
-wx6J56XR40wEckL6qf6l2qNeVTuPEQW21ZRBgPEKIqikZYLjl1c/jQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBSL47hYVp8Dat892Ac7swc24cu2yjAdBgNVHQ4EFgQU8nNR
-dG/7HQqs2Y/HH+yF2vQ6QYUwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA4Lj7z67AHCPqJNPK30vJT6DzO
-BIMzF5uXn1uLFPibVYwzith0bxt+lS6X+XY0D8JVcCoGvQXIajaOz6SQW1Rjl9d4
-/ZtQK/Fa4aWO/SNJ/mUev7+CaFuSpzVNwU6TyY8mBs3THbFis9zVbllRK8ejAkZz
-CrLUsdP7tsReU49LLA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem
new file mode 100644
index 0000000000..57dea771a7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D7 12 98 EE 93 96 EE E1 85 90 C8 0F 4E 99 FF 95 78 10 1A 4A 
+    friendlyName: Invalid DN nameConstraints Test7 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeg0Q4UuYbfP+YbFOzQ9YSaIj6bLj1XqVJ
+wNegsJlRNNFOlEqGjLx2s7WKQQz+GhTXN49e09Dnsf8V1uYS02UlaSMM5NKF5mJ/
+xq7eOAbq+yzYMjl9GsL8HQghiy9E6igRDOIrvfYDIJydWGMAyMO2AjW0MGJHzvFl
+F/kV3c9b9goVmWSvxCzHuv2aTyaPPzXQQpY5ZNkquU12xRiujJzCdiXU7csjySJA
+1FHHI3n8oE/+fi/LMnPdBO+rpaLfr/IA5XKUeJUHb3WEXJ3iwi+mMoZrn9doiUvb
+gnWUsKmPSoQ85RL0HWVSU/Qw7vItixSHKcKrXCSanL7A4jRWrI9VAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFAbcW77HEjdZpIpAdHwJnUU8SqHbMB0GA1UdDgQWBBSFsJW4
+SPk0c+uYjBzxBnzjY03dtTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAihLqlYMuqWs3P74TsKop+Ilgy
+d+zng8ltbEFodH7lYIIdbghsS4nHHmYIApf8Fd++zpf2Vg5NY1Celolriqb8v6nb
+VeygO1Mhtwq/yKUCAU2DgSpj3KkbcP4gaS8PwHtSTNzus/soD8jaRd1y3/37QGMl
+LxatbtPI3+nHsaVPqwQJfeeyQAnOXGyB2t11LD171aS2uoRkGp+9ZwX1lhXEGV2D
+oNnwQ9NzO1JJUWYtnDl0Q9xbWzT2AZ2FXQr4uVBnkdtTOPvpH88gNpRt8y5WIkjd
+0pQDFt+EyePgBAKk2HXPImtseHPPH3z+ZRoRUGet4iESVIFVekv5/olJrfeL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 12 98 EE 93 96 EE E1 85 90 C8 0F 4E 99 FF 95 78 10 1A 4A 
+    friendlyName: Invalid DN nameConstraints Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B45FD083D1103F77
+
+SBwOS6JkHV4xazjf3hMz+pQIdJABaX+JxoOLhDp77GtVbTXTL7gVYK7JDAU2dSAv
+MUCI2V0EL+3lsu9afJcTqYMBa6dWAUXA+HQ+4ztQ7oqeHuHvYuAKIm+ks1QF+YdV
+CrYjmto1LN+UDt7HA0tFf0LEGC9Axdlc0hxf/EhX1UV7BiIs/AFL8dI2TEMzHBSL
+Ugx+7HxpZ86mJYwfqyV57lWFIlZHDZ0w221wcb9tZj0jPhfZQ6iWsiFB9uk8CA+M
+z7vFpCHc1+/m4G+gAX0R+diYA9rSVjSS3068O3kkW31aSQGwTlM3u/Fnr5ouRfSj
+JoQEhCSGY+Axo2lJi1jRdZ86Uc4Fy5k/ou/Na7YAuZRvFe88BgMonjrEaD8hZOaq
+F5sZFKfLfLInQ7mHj6RPR9lwYdh0MsoHKhJztSkVnCpkRJFwAgZavPQ2AiYE/Fiy
+WPOwQPszKyjSFCTWQxCefiOCj6RCkcW0y/2xvy+nvSGtD8Lbt42uz/8wErpnKnIC
+50LT5t8bwC2O2pcjnZ3wdaOXT4PVdUu/rc4UgetzkkLxBfpNyHSpjyamVIY3S95e
+dnmVEJ9P0Ga/rNxIHK9l/BNLouMf8n6f6DJTn/fFbWeUYByp/WZUi5MUngg9qfop
+Zw371/PhyhhpQghj3SJEmfLZZlZfVBYIlFUT5xQyNP3L840HTog+11LW+uFabsFf
+VqlWUDHGKJN/cVOMYiijTrtNF8kpemqXS7Y7eS7mvbW8U6nyHGqQXrji1pQo1O0W
+d1bfNY4jlPR9pIgP++TG1IqCeu4GFMo6BZMi0Exir+0Ag8VB0zcjKgXWZMzXOWYN
+aYZgI1bEkAAPC6HJ0UOwQ1BBT0SxiQyeyZSRyvO+rYNZPzHvrxB8ChM6QyDJD4Se
+DfnWcBwUeC37oKuqsk3abkWiF615/KnuEFF6AcR5sbiIq+STRZmCvS+GXqksR1Qd
++gdBaKBqhlbNrciNQXsFqX1Z4JYG0zRM/MC3tTEhq7xpU1rOVdCzyT0yd67chK8b
+G58ZXl+PckkWe8IC/06NWECsjtVAR8pqBnQmNfVIVCS1U9dHQ8L6j84n3/qF3fpN
+++OG8Wqmql/ZB9/X4yk1XWEnb7vI0chnDQBJPg/0sdLM3hzVwZ7xH9WC4CX/5URL
+NUlMazP5zFS49lUyY07kps+P6/jJdl6rqMQNDJ2BliBSUe6JXsgZ7fcLTehJ6ltJ
+bOrnelOfh9HyrGEgynGweEG2/ouCh+8k7L/Wfada8ad2G7MpSTrWF+IGvBSSlR/X
+pFv2Jc1W6LjjrrC0MTD1yojnykfN3jgU/9CVGnKFLdCc3WX7MeLki+aIJndlq6iF
+Co7/rN0aZsuNPpQQ+XXF5Zacn2iPgoAaLzrRCaG4wIG6sliuZIinMobi1aLruZOM
+JZFR7EQp8LZMkVxeNtdYWfk16NaASUJt+oeFRZW3sBs3WRZxuCErZzI7fBReCtGr
+mjrg2XXW0sEJy91PyPoN1EtxGvTTnibB1SivT+/o7ainX4BFXEd41uxWoRL7h+DM
+FIDNy7O4xM9N87c2WaUbA8ErtTghYapiEkfb74jQY1xd+2YEnB4Zmk0WttWKEnnV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem
deleted file mode 100644
index de2503fe99..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDRLWTNLHouiD2wN3hJ0jdnrj4fTjlz2+99l/B+6xTOCtwBUJpACTye
-HIN9D2KKM0Qmh9stFmyS37OoOs2WPy4d6zXJI09x3ENRMHVD4XL8zIYvdc554XCO
-r6r5F4NDD9PXfx7zbY5zIa8xvuuRodLcz7HjxXCATmiy/Ylbq/tAvQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBQzKeiMgEymrSeDjSUCZ8XltnYEzDAdBgNVHQ4EFgQU2i3L
-WI4ETNSzaANnEBgojWiA0sowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCF1bG1gRn+77BAUXRG0YGUPMgR
-9DHNB3htuZ16XVRT2TqgE6hFiTROTrYgQekzo37hAKapBXUk09KjbIEZZWimwkzo
-lsh96Mt3Mri/s1KHNnRsPWR7Z9noTDZW2doxIx9IdZnbpceQ/z+E9xHaEZZX2QTU
-oFgdRZWQ6koAHlJt+A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBQTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy/f6yuk+
-9T8iA8JCNC3qD0GOvAIXRNgKM4QLcAsVsDZkgrXmmyKyX3e+W5lgLeuzzgLxM9Fc
-Pm1NCRAX+AleMx8MI9Vyii9xcNT3KY90roWbXvSiixffCQyKwgjcNazm4nMgcKcY
-GCrTnvtjwDq4r0ov0chfZ4FYvOdxRXKJIscCAwEAAaOCASYwggEiMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQzKeiMgEymrSeDjSUC
-Z8XltnYEzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdHgEB/wSBmjCBl6GBlDBIpEYwRDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBl
-eGNsdWRlZFN1YnRyZWUxMEikRjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVz
-dCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZI
-hvcNAQEFBQADgYEABIMFw3c0vt6dsO0Lzu4cyBPZB6GobaJ9EVCLCKcuwdvmyMgo
-YamK8D4AEsT88YhCFji3zELvEeg4P8QsRhtIsr0nto5r+CV02degP3F2XAPQr8gw
-qBP/8ejUC0UPnOz3QlkiM4mZ3mN3A3KJPCmPmtRIVst622/8nt4HWGLYi38=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:33:29:E8:8C:80:4C:A6:AD:27:83:8D:25:02:67:C5:E5:B6:76:04:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:57:1e:3d:c5:08:85:5b:0a:d1:cb:66:61:ba:9c:ad:1e:d1:
-        7c:28:1c:08:2f:2e:52:53:18:63:ac:0f:c1:fd:30:d2:f1:90:
-        bd:fa:89:97:c4:2f:73:a9:c7:36:bf:5d:e6:2a:21:f2:d9:81:
-        ae:f3:47:05:14:8c:ec:fc:80:c9:c5:3d:37:cb:5a:e5:8c:56:
-        d7:be:e7:ed:8f:f7:21:0f:d6:6c:e3:f8:cd:dc:c6:bd:70:90:
-        b6:30:bd:d1:76:47:62:33:02:ba:bf:97:41:a1:cf:62:12:21:
-        4c:1f:d0:49:a8:b7:50:f9:a3:63:40:5e:f9:0b:5b:ac:de:7e:
-        f4:27
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFDMp6IyATKatJ4ONJQJnxeW2dgTMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAH1XHj3FCIVbCtHLZmG6nK0e0XwoHAgvLlJTGGOsD8H9MNLxkL36iZfE
-L3Opxza/XeYqIfLZga7zRwUUjOz8gMnFPTfLWuWMVte+5+2P9yEP1mzj+M3cxr1w
-kLYwvdF2R2IzArq/l0Ghz2ISIUwf0Emot1D5o2NAXvkLW6zefvQn
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem
new file mode 100644
index 0000000000..1e804be846
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B0 F4 81 5A CD C5 8B 61 B1 98 71 20 81 CB B9 D4 74 B9 44 6A 
+    friendlyName: Invalid DN nameConstraints Test8 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDgwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd8E++Do+azS0Y/46cd+mli2KpLKET6z1f
+h6a2XTdv41TEtc0FJwgrEUxzzPX9gbx/NVNU0lHpVs9xoZ3/g8k4sC3/tSB5Ud8o
+dNy5yjOzrkCqMmf3dwxQ5bmf/8pQUsN4qch/nCnnLH6LllR8S6ZlO7HD2+jqS7jS
+FnGm/ExZs1fvBz647RQi1RxojTdd8ek18y2xMMf5c+0BqNBjuuSQ2l7iWCSPsT9n
+UVrvwhJopi5irEti0QP/bUcax7okraeFT0RnJTGrrxIREx+/bvTJ8jc4yFAsmuu5
+KsMzROuEPWz6tPjXHJItIAy9hhtIjHOE5tkfFwfBQI6KJpwi0RzXAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFGxJNq0uWIkSNlFBO1RSJiQA08p1MB0GA1UdDgQWBBQdy6zN
+eXfT6urnrougyDWvP3JkPDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAmvLMakt11xX2Nh0adOhzCqqB2
+Ea9gZ1LAusrw87JblOzSrHUGrwR3cL/yTAdyNhuudqJQTe4aobU+7DorluFEF29v
+hvwtIEHAhw+WRmX/pNZ9txamcYTfH4Pi/HHaSxG0nFNNT4LWTr0ACO61wkIH8FhZ
+Y+K6iHx7+e1vvGfuUFimKyH6lW2Ia59LCo3E02OUEv7r/d8z4oc2sH7wYZ1fFlOF
+RHzcE/rMmO+3t41Ejwg8WXCrojdeYpWxXjA/kL7dOQoYs4E0fffiousFtMkAi57V
+daf/BhKsPsr6vCIucSZVcoFXqVTXhRdKR9bqcczLjG8um0VXD+GcABkC/5Rs
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B0 F4 81 5A CD C5 8B 61 B1 98 71 20 81 CB B9 D4 74 B9 44 6A 
+    friendlyName: Invalid DN nameConstraints Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D0469F3B107F0E0E
+
+uKVaM0Ffc6kK79EkfZBuI/L2JuyQphClPbrmZNq9puVY+VLlVLwjEq3S/JK7clhg
+ofOl5OJbVF0vWrqDW2hR/vbMplgtn9CJ/u8A0UJG4mHln+0EclUqZQlAg2MI2FCV
+3uEe6Z6Z2VD6R8QwNEMkC4bBLcX/kwvIKxUi4lRB5bPzWiHvEGjN70b1FEO1Ewy+
+CNEMJ82REYzZ1ddH+N6KfTYtZxT87Jv/4YjcRVK5vKdlMnEmuMWW4EQM8l/Ey0lx
+DL6tjTfjcQ/idf2lO+tPrYEWYKGQLwotsF8iHgcW3umgMPA9CbeId3em7Aa9Fuzy
+tGp6DUMGWdmeVFL6bipNXYNgwia/wSKZcLcldWzSzcMdWDm64rP7UF8bDi2UWSBb
+jGvLzmTlVORMHhkqF6qzDbZWJjN0HCpoOClux8H9hoEY3n/WGsyzZaMAzoemHMMt
+3adetPrQYXUt0qGeJzf8IZrgds3TQhjakzDhPoi0Vjf1MY/+THp5z5A5zWJrcL07
+0eZOdNt1ahys94lHeILgh3eeqHCPP+q5hcmDbuxSRzeEnu7wjtPACuExYYTpNnfW
+1aHtGicw29jQcucPJlh1V9Dq4rVJVtVnr+AtNyPvq3FxIQ5rzniPHvAoZgzB7pmj
+oE/TNR2Pf6LIbc5JoiuAuH+2wMynDqZbD6X8QbYOxZazu0FX6JkdsVk7luH+B7Wz
+fZsXijSC/Kb5VOoQddJ+4pLXBForVWgwfULvFyF0sXN7cwxfTIC93N3q7jfWfd/q
+dsizeO2v/qbcXL6PTCGxPBtXQu5oTeur31/xeXeYPMXp2QMAjgFJN03au3W48NCi
+vxjrTVkxHaK550B7i5KfYNrvCtqYBctZNaCcRVwTsbfyxKfLzW5n9jDp47ataDn+
+bxu/hjgJNaZ/eJl36bJXXMK+WsF50lMhtNztD32pCwCBC/wjHWQc67ughlhExuFM
+hOZTOZd8B9OTAQZcPf8g/aoXrd3rxHY/TsHgGQsTPUJPPkEnvXnwy70vn/6ORb0o
+K6ftAMAYwZ7epmnNs7o3eMgjyEA6FegUQBuSr6upvM1+xBHQ6dWnYJfRJYY8j06+
+Cffd0k7yd3700KSeFMHNyaXkzIs5ixyZ8Ambb6LsnLQta40HcT4hBG6fjCQMKBLn
+K2AKHxcwIOp/GZ7u6lrjamuZ6v8LHF3vNaS+lvMUkWTLXt2t8cw4ddG5qPzXhavL
+a1eBeOv03QuFXgTLo6xNDFlZYBReHCnPomU72UiM6F/Adl+FL5BtSd6lda5YYAxU
+QS77VUc4M+YjZCmfkisch1fQ/byksgP/e/dhNJAXg6nywNemjUOfk3CW7NZK+0SI
+nyghbuwcc94aOOcjdh7k+DtUQxOeAEXta7Jb/FQJnnvdqtsd7oCiadCnU6oP+DVv
+wxfE7dA7ghqaND6SG0RfM2ve9h+Odquq9Xo64xOyByHL7Vl+CiWz3SUOM4i8qZol
+eHIQe3FybwC5VLZJVTWBRPo4r3WMVaRlMtcFR7Z+M77KOoUfCMsv547hSXWbQVHl
+eOoaJIlqZkYDbYvtO2VZuD9A+S1ItU8eWDzBJXx8Csh/uNEAs/+hfA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem
deleted file mode 100644
index 450c232004..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTIxODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCh34/kUYUgkdgErLgpO39ywlNRcYoZme/9B+Qf6xXvtvQsMVSTRlYj
-SSl7WicS1s0i8wU0jrejAaH4wKVmEKpUXvDAnMWqnRTgL7EN4ni4vaorV9S5/6+A
-qXnmW+4GGg76TP9cj+SQ31mg5DHaHMGc5WeGygDJ0iaYXHqtUczkQwIDAQABo2sw
-aTAfBgNVHSMEGDAWgBQzKeiMgEymrSeDjSUCZ8XltnYEzDAdBgNVHQ4EFgQUWfRX
-bghjCb+4MfpDq1DFnXXWtZkwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBqpi8ums5mTqAUxfvjuqAIdAzU
-vDfiJ9uAvSRyTLckdIKvbvqgn1xK4LFKEHh98dWr48RosYc8wkofI0wHpwYrhYcP
-y2kgyqtaTrdeSgbBcBibusuagwpz9o25LUTRTMVg9sq+1yJJYlGHGV9LuTnn/ZcP
-vCtQwWgLy74cJC0WvQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBQTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy/f6yuk+
-9T8iA8JCNC3qD0GOvAIXRNgKM4QLcAsVsDZkgrXmmyKyX3e+W5lgLeuzzgLxM9Fc
-Pm1NCRAX+AleMx8MI9Vyii9xcNT3KY90roWbXvSiixffCQyKwgjcNazm4nMgcKcY
-GCrTnvtjwDq4r0ov0chfZ4FYvOdxRXKJIscCAwEAAaOCASYwggEiMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQzKeiMgEymrSeDjSUC
-Z8XltnYEzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdHgEB/wSBmjCBl6GBlDBIpEYwRDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBl
-eGNsdWRlZFN1YnRyZWUxMEikRjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVz
-dCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZI
-hvcNAQEFBQADgYEABIMFw3c0vt6dsO0Lzu4cyBPZB6GobaJ9EVCLCKcuwdvmyMgo
-YamK8D4AEsT88YhCFji3zELvEeg4P8QsRhtIsr0nto5r+CV02degP3F2XAPQr8gw
-qBP/8ejUC0UPnOz3QlkiM4mZ3mN3A3KJPCmPmtRIVst622/8nt4HWGLYi38=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:33:29:E8:8C:80:4C:A6:AD:27:83:8D:25:02:67:C5:E5:B6:76:04:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:57:1e:3d:c5:08:85:5b:0a:d1:cb:66:61:ba:9c:ad:1e:d1:
-        7c:28:1c:08:2f:2e:52:53:18:63:ac:0f:c1:fd:30:d2:f1:90:
-        bd:fa:89:97:c4:2f:73:a9:c7:36:bf:5d:e6:2a:21:f2:d9:81:
-        ae:f3:47:05:14:8c:ec:fc:80:c9:c5:3d:37:cb:5a:e5:8c:56:
-        d7:be:e7:ed:8f:f7:21:0f:d6:6c:e3:f8:cd:dc:c6:bd:70:90:
-        b6:30:bd:d1:76:47:62:33:02:ba:bf:97:41:a1:cf:62:12:21:
-        4c:1f:d0:49:a8:b7:50:f9:a3:63:40:5e:f9:0b:5b:ac:de:7e:
-        f4:27
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFDMp6IyATKatJ4ONJQJnxeW2dgTMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAH1XHj3FCIVbCtHLZmG6nK0e0XwoHAgvLlJTGGOsD8H9MNLxkL36iZfE
-L3Opxza/XeYqIfLZga7zRwUUjOz8gMnFPTfLWuWMVte+5+2P9yEP1mzj+M3cxr1w
-kLYwvdF2R2IzArq/l0Ghz2ISIUwf0Emot1D5o2NAXvkLW6zefvQn
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem
new file mode 100644
index 0000000000..d0a035da68
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7B D8 8F 64 F4 1A 03 69 E2 8A 68 DD 4F 46 8B 56 B8 6A B4 FA 
+    friendlyName: Invalid DN nameConstraints Test9 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMjE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyBT5iEc/Tv46A838epWd5siS3H6q5kdzw
+winlJhMTUca8dVCuiZ9Xwgh+N86g54NvIJXzQiAey/KJan+2DXRcMu5EGOJjABk8
+t6jc/oTvdX4KjMkvYobBKcSsRuhuMkCn3vy47e40e8nxhmVhO/f0crEsmWGE4Eaq
+pnrcFD3YPRZLaW/2HRWXiOn0TpwJLpus+NYxghAwvI/IKDh5ymBj2BywUvvxngT3
+iKQ4BgoT5W/4Ce5XMekn/S78BD/DWiQMHqNjBPeb6eH+WvyPXpn6pTuIGg/Vpn3d
+KJzpl9t3WMo0yQaFzYlrUhNYGOJMXWboX27tHetlmdhQ7kF+E8WPAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFGxJNq0uWIkSNlFBO1RSJiQA08p1MB0GA1UdDgQWBBRQpDE2
+BhuO18HQzangbKt4zr2s7zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCom5SmP8qsQSlBzA8HM0nOGzLG
+oD7VEV8/kxv8VBLzXzgI7bijCIWzSReTUFCp8gBzdMYLlvXHkfy+5kvC9fIEmzyw
+uq7vNwjmFOA2sXtoGcbn5LwOhEepf0qdi2Y5oOxqQRrj98FelZ62bsXjOEKdR5g9
+J+2+VcU3P0ENrAQisVy7mw/MteuUEL7v8iEtfpvxjR6ZP9IsRQY2XsPXNX5hzlzZ
+C+M3eKDVmg3c4QEjXvbBdhntVU9H+YYaEtQZ2F0vKH/lv2f2/Vj7yupxExakxpQP
+6ukRNeDvnG6ujitq8qhWu6QDEfCdzzEx2ZuAVZqTJjAKWC6HwfZUioDjhHFZ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7B D8 8F 64 F4 1A 03 69 E2 8A 68 DD 4F 46 8B 56 B8 6A B4 FA 
+    friendlyName: Invalid DN nameConstraints Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,454FD50E5AA86909
+
+snoxER3TwKSfJIMUgfnKUjqQ96OcVNV92TihvkayHtqbUXsaqgQ9z+zIRp7Q+oiy
+7kkNkgPXPLVVM0SfIEIdtxRH70Fg6nwV+We8YH/3etFY8yxhr+qbbx9ouIVzk5YA
+4inJNfS2OU13J+26BGzi/eqosJzgNJ8jMBxsxbCQNb1TDC/WfFQiOUUW+Qxha5c9
+vNhJwQeI8s4YCic7HJ2a1xUviMLAkFXBtn+1uptLR4M0eZh9yZA4udYzsugk/uvW
+h5Wz3ZjZgM0mRYsBzsymxOBc/UhmXMFvMsiEmoO/TEexvGEXODhsALxzUhxQttgT
+7BlBko7cqKN01cxie8ePJKXa0BmLRcY2fQklVi5Nts90Yr15QFJ3R41Iah4zoigT
+PJ9U8f4fDhMkDdiriAcXYFpSDYd+jQ99EsoQi6c9LH/PtX4EUsVAWsM2xjlVUGCq
+iaVx5lKEjsN4UCtxEu/LdLwExnYUZwgiJEC0lCZoRTz8iPEoblMtB2mYmJp2coPx
+9JjULNwUiKa7+4UoxzBMOjGjsRel1J+NkXXjaA6tGI3ul3SeQ542SSAesv4MLwJR
+weNL6hEFdLtJ98TqhaXibr7iupjmAIqdN+IwdbViLeSHa/YaxtI/W/5D3ub/KdjX
+tegv0+IJrPg+HSFB7FZY+HDha8h5xNariyjz/K7EgfWqYl0XyMFvEHZ4VWr+M4aY
+kUGLfnoIVWBl+7n3YhzzCyyRgzos09SkWPuqsj5NAIDFIruFZ45TcQ6wRP1UV59a
+iPrEsmv+bwAYw+L71LtGKgWp4OfhjuxZp8XmEtcMcRPq+luNny/oZO2GVJ75mm++
+b9Aqdl8tkWjFRYleDv/IBu/eRqhQH387gICxQORpjIIo/tuHyOGdYbIIXL08cbMQ
+h+cNSGR3kQ24IFoFUGBnF/LgsfftretK09zV4Uk1uPUdOHZjt3eZf2VWk3aWoLQz
+krgL3yR2Y+yqfrdPeDAzfzQr2QtyS9ioN0fNDqk6vdCz138YGr/X/wfPZoj8ynxY
+1NbDQHKNl8Wp+4a/OQJT+SleL/SsHkCj/st+UBDZ5eGNdZGT9Zc+4wwPY5oXUFU0
+owqODQFLhEpU9a2tru39wTTrQQJJgUBTTHfjrMACCbatlOIDBNrf2kf8R4q8Jqtu
+wXrpbOiINsGqv+Mi9/qHOXXQO9M7keyMoIcg4nRCtTVmqz1aMs3NTEbPV8das8E8
+gd6AgGWOCmQUUh9z8v2U8zLOCR30mTmh3kstV+v6UniPzmVBMLj5SZSDJyCor/az
+bx2LQvTQ187fmKrSJwbVzQa5GHWeKQ5x6MU7la/5CjdlGxLmkzgd10Quk3RAOzAb
+aIPDUk49hV0Wb7VuMjkerhXyDX6ZE0o5O7UWNBXxDX6qUGKnq85f2XNxqUjvkZZ2
+fbUuVrbOC2gei52XzRhbaDiFbESg/mxTRprjIIBx+tPYgWzSFYBENRBYqUQQQSN4
+W1RM99Z6q838RXAFTKQr4jNtaZnSP3LOpDyuo9TbxHHSM6c+ldtgaL51mY8jHJO/
+p6clyR6EaRhKFeS4VmrTqUszOiaOeq2Cv/wRaxuXN+FDUrtV0FF9ZHpKDSxOTkFg
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem
deleted file mode 100644
index 55164dda04..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem
+++ /dev/null
@@ -1,104 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid DSA Signature EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIIDNzCCAvagAwIBAgIBAzAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMTMwMQYDVQQDEypJbnZhbGlkIERTQSBTaWduYXR1
-cmUgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEA
-vbB6Gzy0SX2N5smRzWMqz0VoZRd5JR2pZblQy69qF7L9wXPemawRZc4n8w8GB+4+
-IDHq2L8Uex+2KP9lRuXNnaUp+C/BCIB1cHBBJwA2Wzqhe0uyoVb9qvDOQuU27zRU
-dymarmOqSfc+ruHC+faJMv+ZaHv5zjRd8XwpZHs0ZK0CFQCXYwgNQsqfF7gNfgA6
-5QUzpC5bwwKBgGBfbUNGPILwforCRr06QOuBEKduLdWEZngS7RkwrK5N12jxDw34
-bvbzjzqlldmdKRu8kUG2bhSV9aF/EzvyppEkVBZ0j4NmnQtO/kvigCL12hmSucnN
-3Ir4+32prJX4ycxuECJYsbU5LPfHicJT9x5o8Yy4IcxJkzfkL/O3WE1KA4GEAAKB
-gC1pr90wK1tDu2BegyCB0M5MOerDtoYTJ+js/5N0yrMApqjdguHSRoq6nyc/33dn
-gAlOKsmYuClo4V9v5sQ1rPYYa4Pt9DL105oCu3uZAlASTSqiUc6FV1IYlEEyErXp
-JM5sYFEtet0LoIq2QvmcbHx3OZXrTS7ZgvKCNwNFBQ3Qo2swaTAdBgNVHQ4EFgQU
-3GZpOXKnsDrffRsT0zC/TrR+oPEwHwYDVR0jBBgwFoAUdBXVJBy9XmWIH+GLCX5/
-6hlITmEwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJ
-BgcqhkjOOAQDAzAAMC0CFQC8jW6jJtLFOVb/3gB8Ud6zDADC1AIUXggJS+znTQfq
-yuMe+SHndjnV3Gw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem
new file mode 100644
index 0000000000..767c46f04a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem
@@ -0,0 +1,44 @@
+Bag Attributes
+    localKeyID: 9E E2 98 1C FE 0B 6B 55 A4 BD D5 C2 22 34 2D C3 98 4E F4 8A 
+    friendlyName: Invalid DSA Signature Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DSA Signature EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAwCgAwIBAgIBAzAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBjMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEzMDEGA1UEAxMqSW52YWxpZCBE
+U0EgU2lnbmF0dXJlIEVFIENlcnRpZmljYXRlIFRlc3Q2MIIBtjCCASsGByqGSM44
+BAEwggEeAoGBAL2wehs8tEl9jebJkc1jKs9FaGUXeSUdqWW5UMuvahey/cFz3pms
+EWXOJ/MPBgfuPiAx6ti/FHsftij/ZUblzZ2lKfgvwQiAdXBwQScANls6oXtLsqFW
+/arwzkLlNu80VHcpmq5jqkn3Pq7hwvn2iTL/mWh7+c40XfF8KWR7NGStAhUAl2MI
+DULKnxe4DX4AOuUFM6QuW8MCgYBgX21DRjyC8H6Kwka9OkDrgRCnbi3VhGZ4Eu0Z
+MKyuTddo8Q8N+G728486pZXZnSkbvJFBtm4UlfWhfxM78qaRJFQWdI+DZp0LTv5L
+4oAi9doZkrnJzdyK+Pt9qayV+MnMbhAiWLG1OSz3x4nCU/ceaPGMuCHMSZM35C/z
+t1hNSgOBhAACgYAQWbmkwRf6MP4B9U3eJlPnnlqXNvSHUkc20sM1M+rUzpCjtMD9
+A19x3QZBz2/6zKHJH5FErjnPtTzrGeTf5Z+TKVJZhnu0h7488ylP6DH1xHlIGotx
+192SGnw2XbuwsovncnWlqcT7+Agh9y+xdVzyUJ0FhE3Qx+x/teDgzlz4lqNrMGkw
+HwYDVR0jBBgwFoAUj5DGjHToewzIWcd9PFtUWWAlC7EwHQYDVR0OBBYEFIZoDvoq
+SWtJ8EVev2KlUt2FIGBFMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8B
+Af8EBAMCBsAwCQYHKoZIzjgEAwM+ATAtAhQ/pOQA65i8c4YUyXW7sZs/U+tedgIV
+AIgP6varGB6QfVQJyKjqwXPCn5iiAAAAAAAAAAAAAAAAAAI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9E E2 98 1C FE 0B 6B 55 A4 BD D5 C2 22 34 2D C3 98 4E F4 8A 
+    friendlyName: Invalid DSA Signature Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4EAF1A94DD24EEA9
+
+DVXBBzQxV6Wl7CrTeW5ZOsIk2TDqnaxGZecFTO2LrzXipC8TwHQjNnB1qi/XHgUU
+z8fnnHYvcEexfyUpR79IWaZaf4e6i3ptKAPtVqxTZjic1Kjg/JTARpP51s3AkFwW
++5dvcjJbA4NRq29N5ciVs5kCTmXOOy7VvC81to5b2g6rZR+xEDNnjuMjbhph4vBV
+RyFpNGMjkC8ZMy8ykXGt14aHIv7tSdSjObIZO5/xrlpfx6ldAQxZS6RwgbjumPu9
+sRYxh+e//cOv+qbl+a4VCqEovlpCZAj2ycwPGRLxbQi8NpgM2LH0D+eVjDio9ft+
+Kxv7DFVQPGJvWD5ZtF8x90DAEM2qdx/5ILO8X85Spmc2zDzqd4Sq43BU9ftPTOw1
+A5ih2j1bZu9euZakhEB3v+XneXslXNwri0+N9WSXMthSWYzXVRQR+kYkfFEh1GUF
+GwUYg3YUKFO8B7gn4s/f7imqStJOftrYWz11cDuBNXDDHJwvWglwRfptuNwd96LL
+8rCYpqY6wvcq0zTKt72ohfqVkLa3DoKKX9id8AQ3XvD13/x39NXakiyUNcGGbz2K
+yKcBBRVnq4Q9FpNQPMV92Q==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem
deleted file mode 100644
index 998b139518..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid EE Signature Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGkludmFsaWQgRUUgU2ln
-bmF0dXJlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYuEosZMlo
-4XLnLFz0FHAoAVIElosiQpT0Z0p3AtLcG9tCIN83S7m8WXOBhuRBoRLaHQvEnPE0
-n5azBwJ+zhWD4+MglyPcJ1FrO7SPiHOB9UotWr0EG4cjkAVUMrrkFRLfoLIPJqz3
-sNEYnP5qPOe32IGDKbXybjoddfzHbompcwIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUU/uacMtyT3ntU/H7h/8/HstM
-ebcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQBHY2fzJrZTRjpqPLxzU7ZABeS9O/01ZTY/9uYl0JrJsfN4
-WlxaYMtSRcTJceQAvfyrafk1x354iJF+GjW7XIJR9RhGlkQXquT1Pqlv/Z2vpSjq
-glf4JuAbERm1V92qP2Acyiphm+P98Pu21c/Vq9xK3Jh/9/GUSOCmPIhvVG00MA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem
new file mode 100644
index 0000000000..7f8cb9673c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: B2 88 B6 C1 D4 45 AC 2D 04 63 A5 A8 3F 32 C7 47 65 EA 65 78 
+    friendlyName: Invalid EE Signature Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE Signature Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQDExpJbnZh
+bGlkIEVFIFNpZ25hdHVyZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL0hKwE3BTkysVg5uG7li7trnzIg3Nr5gt86tdXWBMvUxtobZoTirYpn
+xeWYd7nak/BcsY1/s2PG0eKHK7p0/U8TwSiOKrjaY4MbEXD9nnWdsOttQbNufHvj
+clD+rj4qxFjpUPhDNO4hlC97x+A3PUwarY7UfPbmHSOxwhXdaC+ewQ5PP0KpjYdV
+ImdRiDW/6ViFocaoEi7X6oxa7wq+fX0I+EIYF9ff5gQWXjH7627CGS5Mb4pPMIqu
+uNAucKCUhm5ebNp+4IGm0aS8NY/Nps5Ar2bj7tJqneiUDi/NtMRF1DG5f1hrNTMc
+URVDk+EGDknqLO8FfOH/T2ePhrYFo3MCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGE
+JBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYEFMGDz5JBPp/wUvjh7G5TzmS74rxC
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBAAOz8GXBwa0o8jyF/ebFdC11whr/04CPLRHs8QK3VAeOaeKU
+qnN3retPzhN69/6vVl8ZngJqFZMQFVZ727iSDsva1w1j4eNbugjU6Hv8754pVBsz
+7aaR9Aza/JobeMmQ8iWZ0H3oR7ArV7vLbMwrDPpAMM4fT4lUnitVtbcggiY9H+LG
+guH2d8PbtEv2CZsE3nj3kSW+Tbo3cVd3BmRMyRvgqJGwEnRlJl33bWi2g0n2n5P9
+liABaYGW0oVeGPGHaKLrj7mIfKJHiz8xWHgouzjYv0amTHRqat01y9HCuRTvw0VS
+EXfdrlGih5HJj6SPux0KTr5O4PeaPJVrlFHi7Ts=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B2 88 B6 C1 D4 45 AC 2D 04 63 A5 A8 3F 32 C7 47 65 EA 65 78 
+    friendlyName: Invalid EE Signature Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B5DD1EEAB4CFFF8C
+
+eG6G3FYzv3Cw+pSy2czXeDfoSoe3uR0FcWK2ZHPR3ZqIPOJAytegNUW8e2rGwuA1
+dIJjE1FVKG7aREmp5MNNxxU4pS2LtmMh+tsoprWGuCHNGe3MMCkRpLDFhMI6HEKk
+I/XIWmGRAvXExp/u86IghVb7hLBOpBprtcX/AoYA3Wca/USq/XjG70dxcub2U5Al
+0Iu01dsYoNv1yjMBXAyDLwVeOBhgeAN/xb+xSaCG+i85lIL2GFQCi8B+mc7j5EVf
+DVhNrXR+uRZ2LeW72Z6XwMnbQRiaqd8rDTJWlLWGagPWYeCaKRB8eYR5GksZzmko
+YA0bUBuj9lhhmPWWq7ExifNlMBm+nqBxzOiDk0HkzvndGaUUaNPXOXL1ImjBZ3Uv
+iG76OcBh0OnABW2SGj7Nk8DRbJt0WpSKq413vZbfCxPZkbpw/Lo/Zil5tqDM+7G4
+aTW9DDx4lXGotgFVR0yn6AwSs71BjpzTf3AI1DzCc9N1xU6Q3M4YLezvX43WX3Zv
+wcygNFLrSJScJwhu9glNluPsD7leJfczNUMeclSbXSrIx6VWSEVuadQr1hriqZK6
+ELdGSeKeYU/Eg30umu6QcA8SoF5jIDpVjZSHI290rWLwEN38pgohBSZ58XrdObSO
+3gTHIQqcTBBucDKpAD0tcwx+tNyjht/4m8oer6ROk8/ewkCHOZFVpK97MJA0J9aB
+MFfqpe/yJ5uTXy8PR8uxw0r8DgvWOqM3VwCdguNlcKVE+SgIARi+gX6jq7InkQBu
+VCsnR6+ZosQNXNH248XzOoeiXL4JNUi+d3U6dlb5DbY2adC5VwNgC1JlUmkk1clF
+V/P42cCwDn9DmGM8+Wpe4eT9hwZ7iTkxb9s/kcjNGJg1cME1kFjFxZw9cPMfgqRA
+UOgEprTXSBFTuBsOnzQSQ6HsdaBCHrVwxBn0mn2NH+nwQ8Pyk7XW+WCKW2OT02fW
+PQz7KYPcm9Exoozkn1eHyULqpGNY4Sw9nKmmjMa8Zty/VfrYwwz8xfm/t9+LOi8m
+415J2IQIslxutzbD6/aNDsZLlvvnSLkGaTA5tPdT/GO9A2tk1kY3d7/nArnOQTWR
+jZulgzLWi33fABX8rXBU+JtWmX7RKbM9yP6cKXG2BumJb8xMqULGkupynv3a/iFX
+nmkkl99DFqwGmhliqQEm0swjB/p7lY4LpiaNkwMmX/jXkKXet+qtIpYMH4Uo88vZ
+oWfoyOzKEKl/p6/lRTVO2toLU79rejdzTwAbL3mbiMYWjFM38aJGQQ8GQiNVcLvq
+JFnpa3JxkFhTZPQlfqAHD3Y9dyR4cNU/6jP2rGYKJlrkqA1KmhgdJVDWyYRkiYgn
+vZFtbnuHSPrRmrdjoaSCR6UIm7Xmwpe9Tv35IHrXAi9wQphZo3CTMFedInQi5Z6o
+wrYifORXu0f1CBlJeWAgFw9yZIslVmKQiGsV7o5GXPC6sFSvAisJ5tL0nZkZaQ8Z
+gkubFwqQ06fOP/1UZK/ck2veBueNG7/PHgNSP2rhQGXhAoqdcmxXMvgEUNh15B9c
+TC3eQ+z+90tksKUZNmlx/U7eO97TMAXqx7KysqwAL4xXdnr6whxjIw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem
deleted file mode 100644
index a9fb2b27fc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid EE notAfter Date EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICfTCCAeagAwIBAgIBBjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMDIwMTAxMTIwMTAwWjBhMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUludmFsaWQgRUUgbm90
-QWZ0ZXIgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAyCOeDYaml7SOL+2x9UWcwqcMIR9a0vGlP8Do87TNFZz+wiLZ
-0nMYVMfnQWT28E37L2tcdoZUM7SW8dlvfMfTKIoSKeXUiD4bRftrWVj4/s9Ipb/h
-8Gl9k0GwUmg9gN3LDvdRw2z2CiBtP6xsNJZ9vFW+o5QIhd84r74TPs1H2xECAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FP4ipJtrQCKWa5Vq2wk2HfpPnJnGMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEADdATbChw44x7r1EYA7A2
-1BGzR/9Qmz2Dhd9d1stBum7SiD6Rclpo9A+CfwMmPhzNuaAScE6jL7LGwOYIbKp0
-LczJhPXVy5XLwf+pciCQFDFVc04/qEIugQJm25iQkm6W0E6kpOuwrOlpUU6SRAB8
-AktPedUhRoKNsB06vemChz8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem
new file mode 100644
index 0000000000..e80dbea823
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F6 4C 36 C8 65 51 7B A9 5F 73 BB 49 44 AC 4A EF CF DC A6 CF 
+    friendlyName: Invalid EE notAfter Date Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE notAfter Date EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0xMTAxMDEwODMwMDBaMGYxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYwNAYDVQQDEy1JbnZh
+bGlkIEVFIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVkIXCcTqIC0o6oloj+rv8wFYVu8ss
+0yLlBy5nINdpFsuWwMezsprPdut5NnThg0m+t6SiQpFqJcqQKVh2i+z8/DUWfWNr
+1H6ShCDO7xPupe2o5pSJe5dTonyC2LHLABc9HQxGxCvL6hAXz+/nMciADvYrCHlr
+n8ztVSKXI6jaBZwb0KzcsWHtjFxVWbPZ2KVp2yElWUJxUdX9rUnOYVATeKVKHohV
+QFYA6wAe/UETnkCdz1JWqs+vG3QMjw5/w1V1lthf+SFbJiT3PVV8VCxq23bNy4wF
+M5GVeDJYs3lIm7rIo0/d7PvLhVUCQWmsQKMyLwS3xgBrOeIWNsVAPM5LAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBQl
+6Mt3tdW2ryNfEQ9WI7oGr62koTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBUXyfp0KcfRQdV031V8bA9
+gngzQtrEI05Aa0VbgTv3b7VKeIcgwsUMeNjuJZ5hUxAISm8+xwoY5e27EOHxWG+y
+Dtk2Czfv46Ga7Pau5P5wag2QkPk2WlmVovMp92zb+GI5vyLFnEdNY3zkTtFxCbYI
+LEMROtRjDM3EGkXmkoblz+Z+u7NaLW4cKI9gBYytP3Ezg0R8dCRjDRkXy+95CE8q
+6taAwnxIQ6FqGxjBgf84oXVW81qcIf8N3i+ZztMK2a3swEDY1CyeSnj9WAX4kt18
+Qou/YP2hqVJxApNFFcBfqybSUOyLu8mbYlBAAYNB70QchygcEayvAXOIXX/NunA5
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F6 4C 36 C8 65 51 7B A9 5F 73 BB 49 44 AC 4A EF CF DC A6 CF 
+    friendlyName: Invalid EE notAfter Date Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D12A38D94C74CBDE
+
+7qNutaQU4Li4WSh6pGKQKoSS5jbHR/a2L5H6DcpJYGjDaHRyWmf5FEC/VEC0NXda
+QA8xVcZD8AMM1e1HnlniqwGDE4+SwPSNHOZ5qnIPmnwz/9iW0HxkQT95bMzcur+Z
+Nuew4iwrJ0VfjbB5DeX8OZSW/Ut9kQMRakWSPsygjTudsC+RMG+/SJDBDsA+8A7N
+SELORpkRB8WL5szF+tifUMg1fCLeXIWk1S1ByBezSNYkUmtVkdpzBWCHWQ6CjL2s
+a0aU56Vb3AYex4srhgM1Hp6XOvrRAAYmSU0DMoy2xh1XHgi2pK9dx0+hveuHTTIU
+/XbK5CQgMFGvOvSMx6qlMlp3diEFsw6JtC0Iqc6RX5iSHmJ1S5uL0Uk6vw+/UV3W
+68D1DzaXr12gLF1kpMFq/16mVBzvBAlGBQAKNwvPtZRgU866V5rf3/bWh1p5FlAI
+vaiokUR/tUQuDQjAQ8PwgH1csHtKW6BpGHDZK5D9FXtAQOZNP8l6LOX+4LRpcgZx
+x2Yp8sOhuzjO359cxGt9TZnIKpEjX/M/tQEO298q8EMjHTWSRzTb03PwoUUIgZyZ
+3lyCGY456MORDM8DUpl028kG/hwJi68EyfDmDR9jFAy3UNHyK9fEhP+VInk+82Ix
+GemQXlGr998QeuOodUisUufn+yYyE7hIIahTDlHW05earGfg3UhYHjb+w4WYM3Gd
+aQRiEqF8srAGZL7HXnl5OGXSABheyIaqi0SLzPpJTtoWcKOi5TthXavMpHNnz+3q
+WXD2XkzJBCZyiMkDW/BYmmtOoVdIawEAuFoIuyIht3TmjQQmao6II2LlT3a/XFLB
+p8Rm2zw2IF23+nDdHQ1o3MJ6JBQPChAjDGMrXI4aKWXURqO75+9Z8VaK2zBwB0EQ
+HsJUAlFnCVrEic7m0PQbJcfU0XjCOaYT26ICmX6InwkdQH3p/jFxaSpT7dRiijUL
+SGqP4Gtv+Um+ZJ+IdfZvYDqZ54Ga9wFoJvDvuSkptasrzre2IfJXm2+sj2WNYP5L
+eNAaBWfY66NJ7Smfl9WBmyQ99yX8J50Yyq+CKOvRupNSYHWLnXOq8a7rhaTGNPse
+KjbVtsxG81wkOMed+7t2LWLj585FVBqIpHkAiAdFEZW54eWXC2Fc48VSmfBJfmqF
+Ub3petrSdSC642Bpx8FUlvLz8dQOMT9l0Y0MiHIrS579hihlEkC5D+ycYVO9PhtB
+gDV5xSHaILQ9IzMg1bmoFXvIOcFN0/qRfo257znG0nMUMeemQsQJLLzH2BQStHrM
+Htjbty4n03oYuiTd/B51ztLHd0Ou2y7X6hBpKuAHSsA95tAJ2rPG+nf5ylXXC4AY
+2CBysvFPm1TWthSiwL4X9TRTjxTw5PKB2hZzxBEZJ0o3/I7RMH6pq3KEn0Xl5yhC
+PErTitHGfMCUkol3o1C/C1PJJXIepEcrahZKSUriCTvRZgrg7wHfODGmKncroHHi
+i0g38wYLdqVy8GkK69zOuSexeJZk4G3/eZwxBDJ+ST1m9oYLVHCz8YAVIr9Jr5N8
+ZskNdz+wSV2xyfFTbzmG7s+dpb5y9CcP+jTfGZG5TvfpMzS1cuv611o8EzFlQJ6L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem
deleted file mode 100644
index 6208b7d277..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid EE notBefore Date EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-NDcwMTAxMTIwMTAwWhcNNDkwMTAxMTIwMTAwWjBiMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMTLkludmFsaWQgRUUgbm90
-QmVmb3JlIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDIwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAM6vu936ab1N3e528zJ2ryTW9quJh45gf03iwH7dWEYsZpO5
-t9UBImXpFR+j74ZQenhHmcgGQNy58Zc4KwbzxnNMnvW7INMVc36TZzdvq5hfXCsV
-SX5gBctkPQ1hgh6LZHLQoUnxJiI7iijUUE6P2p4HfaqfEkh1tQfjivyF2yo1AgMB
-AAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+aFZTHMB0GA1UdDgQW
-BBShT/d1PnEn2vh4FZtBbivDFsd2djAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGYyJnIuxfaHwIyiOnLc
-T3IRt4wcrAOMimrliGD1dHOozDxUnNA2gZqA11JYlTJ6QzScfOQ7Wg8XKu3mxA8u
-c2A/x1cX9PYiJ5Js37f4OBW3/sWTk+X+9G5iS3cDB4e7LDqCdf+Q4eEGlyEZ8xw3
-FgxmIZrL8hh7RlY8QIAMRc3S
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem
new file mode 100644
index 0000000000..24330b19a6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 44 B4 F4 DB 49 50 44 B5 A2 25 5B 57 D9 F2 92 13 9E 7E 9D 39 
+    friendlyName: Invalid EE notBefore Date Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE notBefore Date EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw00NzAxMDExMjAxMDBaFw00OTAxMDExMjAxMDBaMGcxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5JbnZh
+bGlkIEVFIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3QyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc20YJ/j2rSNlGJ/J9rqsxZKwQvD
++f2lCf9yV6nowMsJGRYdX5ERKWoqW29xpRaseNUf38roqv9TiBy5bXzOoJ3a6zfN
+SvhWPf//uk4zP5fBAEwq7VL8+UrpZBsKpbTaVIvIeOfTpvWr9qW1N9J1aH0Y5B8D
+VsFsdzrGc7rjbDvb3bz2bymkDKGW2A4XClecaAIGJiJOguEuYMhq4B5tndQ0cAQN
+QcDXS9li//HO3vlYyiRYv40hZwaTt41m5cQ21xTfFOa/ORsCa96sAL2TR64sT/u4
+DWck/9kh3qxsw9gRSkRydr1xOX3HjA6gYUl7nv04OmUSHwf/w590ry4elwIDAQAB
+o2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86yTAdBgNVHQ4EFgQU
+mXSnPUJsL24xEXiVXHTV4VzB9nIwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAPSuzpUlBOhAZ8lTzHWdq
+Zoo5cC8+mX8vg3YOTm02idO47H/HcqUjQMJZaUr/gsnr0dABy2kuiU802/JbLp3i
+jLGTygmGtU7Wqj2t9IEgDeZdQflrYfaCm8rPqNeiwrQb0Mw52dXLMz3YFLqG1BAG
+Fqrxg2utLDQfstLrpMs2BHXsSxSBq6ad7BS32qRweNr1KXQJ4QNnRGFrOARTMxi6
+MBY3zCiMJWYtgtV6aCt9t/q1kt1NFCkc8CzFdpgV8/rz4poS4FNweXhT+RqyF7UT
+PBzHycgL90/QG2N6LlTHxux9ElHQYy8HwwxlJoE+lPv89DSLNwra1mQ8MJMu7h9+
+qg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 44 B4 F4 DB 49 50 44 B5 A2 25 5B 57 D9 F2 92 13 9E 7E 9D 39 
+    friendlyName: Invalid EE notBefore Date Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAAA900EEACAED9E
+
+d+pM/3UW90Y4Ig/6oE1g9MLVEkCn//6Oo3HubTLjk3NM88UFOAyLp1Ifm1Dhhz2r
+njXXB7Hxz1LkRin974RKvNfHZMmrFBHNCHHGpfWP6680dVmCBygdUnBX1Ex8d9Ua
+pt2+MIq/O4ceA5ajoCLENp/l1oBaqkBNEmzJ0vO6UWjOe9TipYzmhzyIbw8K6Q7E
+BoXnQCt5kKWOWFJx3wlfhap9ecd1YxFG9C+EXzI9rJhbZ72Nm5VJSFefQ+YmnerW
+oOV05pXUm76QrcpJH5SUAMdIajUnlrXlHKXTyBAIG8iKSBg17fU3kBJil9sLBrL6
+wp9/hW54KiUBdGhQ4jyqOp0rbHALHF7Rrj0iOn8oxG+vjXywMlvH6UDY9iLBRqwq
+q0fQ3W2T/fG9XQHLBjRD/y6OgG3k4nWtOatOzPsyZsUwU97jNzVtUd4gHR/vc3im
+DmecIfmNrt4owEv1dOi6vGoowgA+tSAzzD+r+brHwynTM5YFXHBtHKlt5EaA9A6M
+hBA4hpwnhBcBVI+Ai9FZhUfPl70K9vGYlF4Xv+yclGLlTKDryVfqrT/XH7I4oImB
+LwgcywnocjjP895Te9MDpxZE+FSeiTnLoI4dks0O/kMwZ4g2R4wmc+3h0RWXFCEL
+PMCgBbHVJ/n/8vt/L6AnKgShx5dcP6gEh+2zUxzPocQP4oJt/kJslGiINQlYXzXn
+wZ7b1iKz8zfFzPhzDp9qpYH13xs6/NvAXq/VdWUqZfkHSZEs6BL5wc3LHIsrwoQm
+aPqMTn2roBW1/gRaaa6bjErKf8Kfk7S/aVyyck1LB6hhgzAtHd6ZWBegRZaEguse
+0RlePqDtJ1Aj1FkogR26ZQhVmP1k7XpQtsvOO+fGE9IAEEv2OlxLCnD9IULxbeK2
+QDiPd/AKkMXtQ1C445ayKbEYOfIU1DEBRXzXz637dy0HiOHPyslRjEKz8KwvKcMt
+Z4uLTt7h9uNzn9GuNrDZPy5k8qieM4QTCKLvgA3NUxuEQnfrVo5ySQ5yNh635AOC
+NRRhv2wpEDivSUzpOK2rdw76K4Yu81st5nwi3NSvvfX5maEV0AqUneIzZr2qK42I
+Myrq9ZVqgt9mrrKIgV2qVfStVOpYaJ0aL8Qlo8MVtjpcZ06/eIpBsE3zVcTr9xfs
+QIV4LH+/5/pEXVRQuhYLMRcpTheIUDLex/dfELb4xe/Ekf0v7/RllB2nVgxMRauT
+Z54UTj5fE4aw8Sswcg00D8Bi/BuCEnNmtR6upGsVN/8Ltpj04Ql24+YzEt0YJ4ua
+3XjM9QVd1YwsNnwIUxX4GLBFfXVLmUKUM3Ou9CuIJPcW4Ea3H/bFgl6Zf9nAX7JU
+hE7esuv6KMOgKZsTjlPhZ/k/Z3NSyNqPRQdjlaL2Ax6DGBO2Pseiyp3idLjwMyov
+P9+y/IWlR+poqb5NvZnx6LVWvIc8Zc+0ygIvOi+olaB3F+ziiYse49V298CiAAVI
+E7a24HgcjkYVLihaZ+qZInQnu5eX3JznGC6s/PTToLjDqTWrb0MJeLTjEokc7S3e
+gKA4ka4Uwx0Qhcbiag8JCr4/RMm+JTeQ5pgwOXWAw2TxKm7+qa2p/hhgH07tXTGh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem
deleted file mode 100644
index e8f2b80b3d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem
+++ /dev/null
@@ -1,116 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid IDP with indirectCRL EE Certificate Test23
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA1
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UEAxMySW52YWxp
-ZCBJRFAgd2l0aCBpbmRpcmVjdENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjMwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJR1Ogq33bnWdnMPT8T7u4psSBkPFbwr
-6mSgwNE1ZPPI3wkF66/zJAKMPK8LTskPhZ9QVaKvAt2MnLz004Yv+rS2N5H+cvTL
-oeXp0h0SbIgwRsgHWNBoOLACifcpIqR+dGuSakGD7dHG+NClC6jVJp8mf9EzxW84
-bjJvdhmADg7LAgMBAAGjazBpMB8GA1UdIwQYMBaAFGzBFF/Ypy3ghpMZXAvwSbkl
-W+gcMB0GA1UdDgQWBBTbRhIag+0VzAQ6Vki6uTqYN+IjxzAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGxw
-5QQhnpLypGVABOGVcbBYU+WO8Wkdo3htkGA1XHJSVggDQSbnHzX+1V/ETnAicQrh
-6ktOuzBTCLOG5TjmgKKcnS5y7rIndkGZ/3lo3DJydBzVGoLVUs5FWAvuWjIikQZO
-BEymYFtHwJh7iV0ma8n5No+re9BhnsQuWIfS7YXX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem
new file mode 100644
index 0000000000..919f66170f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1C 9B 82 D8 89 4E 86 A0 03 5B 14 40 C5 CC 2F C7 D4 ED 03 97 
+    friendlyName: Invalid IDP with indirectCRL Test23 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid IDP with indirectCRL EE Certificate Test23
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOzA5BgNV
+BAMTMkludmFsaWQgSURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUg
+VGVzdDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm7caH1lpNAI
+shNu0OY69PXWaaBENPHHSe3ot0KHTb7EN9Rc4Ypl9KadClpdSmNdgUvL0QSqmdZA
+k592lYXRBS6kSlumWQpIx2SA3MWsc1XWAeWOE/aw0m6fhTQ8yL/4S97stjfJgjwl
+97G0sXcMF4DDeTNR3NHleo11/SPasoZqQvjCWfKEJ+vuzP0zW6JR6PzJdhll+VzO
+A9txxI6Vtq6gusfoq2e3Gf+9YTl03G/ta0S3Ssf/G1FZbNS9U1hSJlff969925kE
+Py2cgVq0i99mGGSf9dxLj21jgZH7lTuPYDiXz6mR6qdgK+5EKJroI+ev1qH6921R
+XOAzsi0wzwIDAQABo2swaTAfBgNVHSMEGDAWgBQl+K/8r7apGht5S9vLZCyLS7EV
+zTAdBgNVHQ4EFgQUTEZlYAf0YvkjTogjZLSWonv4Q1UwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAdWW7
+g+KdfMOKQal4UHHE9pxyR/z3CLnVck4gGmGkdnsuaUV4BsuPC3PHCeKyNJcrLneS
+vb56GZm6WcLohMLBIsasqg7H7VK9ActQx4fC23qV2zRqtLsATIcWOKVLSYP0XNxS
+1yu967LvXoOlgF5RojE62aaLfAWgi9L8+DNyUiFMxM8ymKOr3K+AmgAQRtT3s+99
+V/t6q+2pHMQkA48GOU/0us9Pb5dQs6KDEZUmt8g5jvLiX1XrXKl1zBODmFJMViJx
+VWtSwncbqzE2DwWpmUPxN/tMFtzC9vcxf/Y3DW65hA6654YR6esTw6xJBknJv5NB
+PyJyp1AOs8KblEtA7w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1C 9B 82 D8 89 4E 86 A0 03 5B 14 40 C5 CC 2F C7 D4 ED 03 97 
+    friendlyName: Invalid IDP with indirectCRL Test23 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,48A5FEA583B75121
+
+BvzSOqMhhehMvvoyLiaXS9wzeebKAz0sV7pRF6OjYeM1yV166w4vEaU86z4Q2rQ1
+GkvIfnJ0TP+EmpHmK/qUaJALEy7GCYEcceNLNF1+ciN1wBP8z/n16ff7pOeVQHsF
+N7Zwx1oPKKMl6K3zdsNrbIYMbLMa7dx/U4+0JtAI7EtMwZ6Xuj9htCjkf+KLkSU4
+2hfom4dyTjJLiffl2Wq5YqyoJZyVgq99/LOPjIltDpL1Atrv9BSbNpZpZV7c4i8r
+R82feIJqaQwT/T3rg+7hfp2EiJGwlQv2umtlywm5Se3W6y79tjC/CSBS/kKI03SZ
+d7RETnqczKXi27wB2vSjKIQIMP4LyydfLLvSNzKQyIlWAiSELLKR4hUD8vhFykGf
+/PFox9uXQ8hP/Mzd3ZXOZwOpiLKg8aJ4FUD4VWwtnuBA7YHxPXMr5egZaALp/aYa
+9FAQgLr6qkMXBwQu9XCr7E5eXlhh6DMghNwIrnrjnecpUcUpYO9i5Gsp6jGyoGJ/
+V7UroRL4cfw61Pegz5C5KbwXtWVn8Bj6EU+TNvTdLCKUGvaoyR/7Fw1FyjHn670V
+0/P+MWtaG/Wv9TFGr+xW6ytM0lJ4E7fNXyzMDnaRKZKYLFik+Z8VsqTmrNZp2MMi
+iOEre4X6sjYY9n4o5R16H2XjOPSzCokg9DfmVN/kRZU1RrVmlSUPFeQqnGFH/Prw
+f52/LPx6mECYYj3muFSIehzcDf2GAYn/JA8xTSbKdTiJzH8OZwVqdePMpwM+3bHz
+/JfdU/+6UKAhONcHCgaFnLCUXNiEIn0eAqGsxlFDlzxVsm7GOG8a3U+LLJohx1O7
+FTLKLE95MPryQ4exC3Q4U0VvqbI1aN8oYqoOyYor2A48oPo2ptc1kZqNVHKrvBEh
+ujJTGy7KZNaidCz8zgVBEKFz/LlmAdvMprMQdxz/00RSoWXugqDDdt7X9L7pY6Fv
+4vZAW6pDFORPGIV1q9Y1zninGaMn6Yjou8tWmTl3r/lT8DsKD6pi/djhSiU8/KWH
++c2odEWSU9YSlp7yG5eylV9d/ki0iBMEp5gE4pqiybfnqOjOKSYzNBWNWPtbc3EW
+rHSrcwVRecviTLrCfN2849oyibnoN2vf2N/8KNv6+ysivEgmMpq4lmDksmNkB3ir
+kgRzjASm4zZaXbgIghn4pFWxmcfOBpJLQegX7F3sFVSoUQv+DFBOlocMlAXJKCY8
+/H1THWUVJGwlw30uQc47qt9d9SfmxgsRfGR8fPLC5WtGf3o+S/UaMvwtHmTX42TC
+GbAS9bP/ymPmK0iUyxngTmGJ3Ke8kWRihRK6M5bPdHkOHFveFbBs34e0OfLMObc4
+tX1vi+wsNT1hPEpWJisKtzzXaZ+h7msiuZrb7IODtKzwUgDL756uCgK/vxrl+VLu
+LNd9QEnnNWlfteaDNSPB7PXb95BeJ3T8kX0NCjbSQRQWq2DW1NNrgy/E49+k4VPz
+PP9XZPo4+cabHWzv8GKF/N6YceD6qAZv06x4RuKV4oGuVtnr+REIcTb8dK3CxOyL
+WQD+zIEggED3WeiAyygyV7FANxi27LbSzYJQCJnDlDQSVZ052ZhnU4Ih/dUbA2S/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem
deleted file mode 100644
index ec66261d9d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid IDP with indirectCRL EE Certificate Test26
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4zCCAkygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UEAxMySW52YWxp
-ZCBJRFAgd2l0aCBpbmRpcmVjdENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjYwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJWG0QMGGkC8v7EYNdgiIW21p0tpEHdc
-A5GWLdFuWvXKCk0fjKc6H/xux8sQgSPzqQkSVwRCvoQZuP8YbELalcOpbU1KN+NY
-xJUjVXB1FZwvz+9tBl8EXV6h+WdvQ5i0H9q5HIhiRqKx3ol2pTbnbE7Tq2lSeFZs
-J9pjj19d2bEvAgMBAAGjgcMwgcAwHwYDVR0jBBgwFoAUwa+CD9XTTxDwMWI8WIm5
-inS7nAEwHQYDVR0OBBYEFNqqzRuM3BRGiQozMByWP0u9kYvjMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwVQYDVR0fBE4wTDBKokikRjBE
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNV
-BAMTEGluZGlyZWN0Q1JMIENBMXgwDQYJKoZIhvcNAQEFBQADgYEASYGU+PXCspmb
-cqsXmUr/HLCeEc9QXXTDPtkqweBOdgVc27fLaugIkTOEcwkHnxGBst2VRxbG7TXR
-sdcakIKE52+VN4ll8u/oPLs+rp+Fp4Xe9nMj0scOzjcSzBRMTN1VtpVoFUM1Jp5T
-JFEnAXzAMD3ex1dtQYriGo4yHKWcpkc=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem
new file mode 100644
index 0000000000..6e70b85799
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 3D B0 2E F2 05 35 87 13 B6 6F E8 54 C2 6B DF F5 0E DB AD E9 
+    friendlyName: Invalid IDP with indirectCRL Test26 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid IDP with indirectCRL EE Certificate Test26
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOzA5BgNV
+BAMTMkludmFsaWQgSURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUg
+VGVzdDI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJp7Mm8AkEMq
+W4e034nVkgFmlWsFMdAxhIzcgHthAQ7sIQTi7sN7P0EenZOMSSeP0K10xy4EXyzW
+AQXFU9P4fsVpQDgh2U6fHO3t0YNikBvfOvaiZ9eQ4WPhIPx4RO0cw4iBpq5ysfSP
+WedNqTG/pc4qH3f7fXz2m85kMaNj2hUwe7/bJL00ey+PPtNU/Rt9p/fH9B+Y+iPw
+fjwIkzS79mhQqYrMlnozbZoNGPgEhIfOK7evenqKzx7uSF5U2Hl7Nhn8FyDKDSEj
+Hn7uwH0xyxwNiur6LEPT1tjp9UPAF1gkxkoTA6TsswvqYLv6AdZn9AQv2RShzjtU
+ATC1fwKXqwIDAQABo4HIMIHFMB8GA1UdIwQYMBaAFIgj4bOz8mz+Mam+i2GqO5KH
+BaSjMB0GA1UdDgQWBBQdm73CEymor8YNtVmDdOAPqDK4LDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFoGA1UdHwRTMFEwT6JNpEswSTEL
+MAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAX
+BgNVBAMTEGluZGlyZWN0Q1JMIENBMXgwDQYJKoZIhvcNAQELBQADggEBAAL+uBvK
+t4dq2d7MweVluDX0HLIGnti0R6b4E/IVXl10IPGh+X1XijPwVfV2Qm/5hDw6BXqh
+t/rs1JoEwEEJ6y+O2XAJjJtHWwI9hzwgW3DOj9qIK5BZ1iGlvINyF2zCbTfrralf
+6xWNJ1ranPB881cS0LzAMt0BhfhzjPC/NSs4gwu1MXY7MEUR6WPlUzhw/s4gnEtC
+0ZJFHYC8ZxC3WNHOgS9P4hVibw9dvZVFrtF+eNogqxuJqABvMv5qWJFd2h96ErVk
+ZjYHStm+iX+qoygvbRV/b88Oby7CCLevBru0T/TsyFPfxxx4m1bLjpdfaz2wPrZV
+RnN3PlAouVSXbb4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D B0 2E F2 05 35 87 13 B6 6F E8 54 C2 6B DF F5 0E DB AD E9 
+    friendlyName: Invalid IDP with indirectCRL Test26 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,890D36A52515C723
+
+BuvcGzvcJdjeMJfbJwLTep9xfmuaoQmVL7ApyJF7FLCghz6Uay8cCpaULPB27Z69
+LRSHtaZB23jYdSSdC0dy/94a1QsAPRdt+OfrnXE2M/pd/TGLM36EKANr0uslDIaF
+B3DBHsM3fV00UqCVCLZANUEKGEF3DNQ7F9uXQYDgvpWkLdoenC/bnIw6f9NO7ZZE
+kQYLZj9WH8KIo0EH3DlAg456UeVkawsYYlBRQTnUUbFEOpsM1q+xwMjpiDJfg9vI
+72nGeElfy9O7QWDQzEKui8LrMiIk7YVev42awnwjCiEhGIqKrwpQv+JPv0tAf9KK
+v5nrzpitqv9/jtZTkGoIQDg9CueDr1UvDGSBOKgFSdgDihwTbmS7xzM2cS1awXMF
+2RgFIrRSg0fR4iU6mJn3tqzxFmzg7TKYWEKvGhcEuJsKo3637Ru6xzpq41iMfccw
+FtzLLAVdYW3t3DVd0Dwkg2WzJCxm8W0mLnQ1Sa6rsXiK4uaFKnbIC6L/wZyZqnCf
+GzyPHmjh1Watm/znXrbUV8wtpKPX4UD4kxt9O5HO0XdM50Fq3QkEw0KCfbKzkcqG
+2ARJzY/Z+DfK/atudcg1LNy8RieTPrgUcuPkrlN8Vvu/vpqGt8bHKFh1SOOju8fX
+WwWUb0MQBOordLkD+sTPBn9SYZ7GnfHxtIbzCWkzkuBIDVWx8bvW/01+i59k0wed
+96WRazUK5cz0w94DgZ9MLdY1tUGoR9LdykLdQxrQO6m5WuFy7+aqLrF8+1UBqqXj
+WmaP+soIGcc83f2Yx7No5PD0oEJzbTRCSVK7/Yf84UvrptHAF8bLYeX84D+9DTEp
+HuVpsteNClcXuw6qlj2+RgwjFtZ/a4dECtuIWg6yC17YB+kuso0A4F0ESSEC9ghL
+CWz7bcvtE2UxPG51RC1UY/xWDdOdtTVEWdrGen2ypU9h0m7Zgd78LivGZ0mL/mmF
+ykZDHY+zok28LJiKuLdX6VEoP82uKD7pJ389QkRVUIgseQtq3egGt0HZ73PRFB1E
+kXvqHtJz63voKyyd165fscJ7kl+gJO1m1cZa0pDRVGv491fNboukFrRDcaGyrp2d
+G1L54kvoy+gcKF630Ob4DYvRdi1ti78r7PJ/uwnNfpEE+bBu+AL7HO5TTYPn3V8h
+ARYmHJ3UOEOdoU0We3DSn3yYQSEsSlsL8asAat3qCNuPr8/1siCD52238TqPl5wA
+86fQmEd80rK87iJx8mpYZ4GVK54abh9FMuhajpR9wfNPF9ts+cwPnFOajKmK8IFU
+KXZbSVG2zFMl1wb6WEV0KVsVNZI1rmyrI8pa/l6ZxEKRKITtrV/pX2c7+4QWe6aJ
+iIPHTzjEDtLztB8GVFaRKtUp2GVXE0K1XN5WWTXLTmdG8ZqJ53lKfKrSnV3MOa5c
+Q3lT9dZnSc+kMPiGbJEVlZSqaNlbRtxpyssvRmH3apd76KdmYHSgs3R7rBJU1iA1
+4jzQFQvu1yA92Yy5ODuv8hTwrXxim7WH8oQmhvaQ2qkkhG+NMy/Hebrn3EMEFBoe
+cjIti5UdMcN9/kSmUuuQSHsTxyTwYpGjtgvFGwedSJ1XcOig+/xsVA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem
deleted file mode 100644
index 81cb0d51d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Long Serial Number EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxOTA3BgNVBAMTMEludmFsaWQgTG9uZyBTZXJpYWwgTnVtYmVyIEVF
-IENlcnRpZmljYXRlIFRlc3QxODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-2sI1yl0rje3fSYBkT9yPudlTELF0ndMo5oaWr8vE9UjhpBrgSFFtYu6GZAbqeZEB
-i0faI9SWBl06pWZj47auSdPeU0Akrzn6If3Vc2eVJKCtAHQuxnd9dToJDqjIiA0z
-YVT7YTE7zLs9d0HHhDhM/VYqBKqtqrOTEhss0ryQRSsCAwEAAaNrMGkwHwYDVR0j
-BBgwFoAU3z1I++My57kmUova7PgJT7PH36YwHQYDVR0OBBYEFLVbztWeCD3WQICU
-BucmQT4POFoDMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDQYJKoZIhvcNAQEFBQADgYEAZjyhu29ssno3io8WqDGabhCgGRL6lS3tgEsq
-k5sxDXO5xgZf//iGlwXTy8w2H+MZ/SX+2acfmFnALYXcGkK5ZHjKQjMOpJZwF/kB
-mzJP4HDEVY5lsvPyVKYqks4lRkbJOMXVBh3Ub5/ag1eOcTeljYhwU66DUMByVzQP
-1RwAcK8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem
new file mode 100644
index 0000000000..3fda53159a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 92 F9 81 17 68 15 DD D6 FE 9B CD 7C E0 AA 62 28 9A B4 D5 7E 
+    friendlyName: Invalid Long Serial Number Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Long Serial Number EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTkwNwYDVQQDEzBJbnZhbGlkIExvbmcgU2VyaWFs
+IE51bWJlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTgwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDGM6BFTNKAqi4hroDetUQaaLcSL1wz3qHK8yuKvBRb8Xfw
+OUPa8/hk8GA1HMsJSbs+X5vdq3mTlGehpLFFWimXhMUPY0GbYgo9wR68xGohj4SB
+57eYDXqc5X3Yu6N1nspAH7VxHkeLtKVbj8ggJzw1nsoW2f9Qd1FKHvH8+ds1HiqR
+FabGg2Aeyq0roXZNBASnXPagI+t2Qe3XME2ZDkdtUW8p4L15IegiNSNYnbVGiT94
+KVHtnEmuXmj7pslehnPu884Bi0KBzVRVQujp3bmu6lW59JAXRmNhTrMHyHrTdmOC
+zR5jds44d9e96mM25boq3k3Q8ItLi+FsIj6r86IZAgMBAAGjazBpMB8GA1UdIwQY
+MBaAFAtjt0euwgcyG39v4zq46gv/12SkMB0GA1UdDgQWBBSioFR+93C1hrptVnU8
+tv8CWImEdDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA0GCSqGSIb3DQEBCwUAA4IBAQBZtZv/5s2Km20KY3ZKpVYTYffZ/ITIojuqcInT
+P6lsq+tT5+Akm26rPffWJ7gUkjHKr5vpMpScFTMLYCIs9KWoSmv9INeZBjsbFt+N
+B/GPj7PM0zYlgoRdVZYlmXOgJ+XBhIZ3QwgK+Es2DBWpEdpXBmls8o6QfbwUx7bN
+mJ5UhtC8SOrPsHz9BkiZ5oD1PmbcMY4m8Z6wmjiQzHUw2c9sDdWrxqJ9Gw/uCZif
+C8OFAtKeCUbIS/1H4r+PQV6k51tgFZH8nluvWYTQPL/uCbAbfHlDpbWqQRRJce2/
+OtRZsO6qQznDK+2y75B5aTCq2fhT8UvxA6NgKHhh4rFBdTrG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 92 F9 81 17 68 15 DD D6 FE 9B CD 7C E0 AA 62 28 9A B4 D5 7E 
+    friendlyName: Invalid Long Serial Number Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,34BA072362B77DFE
+
+BP22t+h1zL/WWHrXvkKh5OFPlIwzhZ2jkQMTxl49VtK1AyIo58NsQQnghfoQ3Ct8
+mBfrFDuG3qyyshyDp47CvXiOyckjOX8eyG4BOhfuadqk8/d2bAUddXLSw9ijE/hL
+C9P6OdRU6WdTc1UiMF7sLfIcO22cewEuoR/+ZKMT4ZI4fCDyD6gbvtu5au9xcSdU
+q58vvWTOQ5zCZktiqWphRzv9cBe2B7bzvSRvzuFWiw4reIZZa30/H+Al5p+T98f8
+3Pujr5Fnigb+xHUnk3kokSoWXUX9gh0ckU5sGpeWXma00EF4gkW/qV9lOTlTAycV
+7X8lsIKwsUnBcE/nNmvku21M+BpKP4EKBefTLFCKqLUjltDobSzPqoNg2fdZGqDj
+tb32RwEowFV3kFfRe2OpdXiaTwMk0s9tytEf1F21NKVhqZ6ILNgnWHp/Vk263XXT
+bedwgSEel/I3c3DGRaR71ETabsrkpQ5vi6+0AUm4XuW5H84gqXXJ884Z+RNkXEAT
+lpRhfg3JV1WR5ardhyTDKcx3VZHjRSxBLUvDp9O5YwAEecENQgf+QTAYnPnOeXHX
+fye/sspezzKF3fb1rAB3yuUDjzTd2ov5Z1eJqmzsaI17lw60TONTACMEv4QL/T/f
+AKyE5h0f90EjVkU/vj9YhA8JF1kt1NEPZWaGvw3LdXY6vLa68/KQcS4auUI3CH2U
+MzgYT6VCjiOwZUlrW73oFRKA9dfQhgVjxeG6pj5GvN8gYkiHRLSJnBYrmZJGEveF
+WGYVQKr1HRz67GDGvAF9AnMcYaXJNrAGwMdO+xm0I9hKoYdfeLhxyXLMfl6+YZxN
+lHSvY4F0tv514A3P1ISELU306JtGuKiVI9ZwTJukak2QGYHd1ctokPJ/yvOJ3UfK
+QYOxGLgUR/HKVpkL+X7IuDoRoiybK+NaPhnJvQSttl8F3ZRkuhXkB5S5n4FdizXk
+kEpL8ojKm+C2oJqnrDLVUBfOFjShqDzbbfVBTY2T6vI8lyH/IwHn6rBkU8HaP/X6
+t4REr7Vk6F9f8PlBfIAGSIHeWhoPalUWcY8WxxatwODX3X7+o2ylvfqAyYwLn2lg
+kvIawM4Dpfv7n63NxLdNpG4g9pnPTicrasGCBRKiEJ9WvGGXJmClKoi+dXLaZsci
+0eS06glbt4Q7JU+BhM4ehnjOJNdKWBH9fLpTybEiT4o5mBbMPU3rsxhaClSA08iB
+v6tMSvltG3hZpfd6x0uz/j6x+Bby6F0plMVcLyf/4Vn9ld7N3Kml9fH9ACYZaiWx
+pmppHMiUMS+VRtbj4fS5IXe7lYEb3TTbtUccYGkUiI0lDkoF1fMlarQ+MLHjANWo
+cn3bi/+GHp8//dPcO8z1z7B/fTctrs7IsIp3foaqLLxGKIqrYApDLTzBDiX5PLcc
+/5uyy+q9F/jf4UWwHa0RhfwIRZJp4ZNbnMnbzuJpWQjG3609kw6eSJtE4czM2X+T
+3n252jwqRZFK77eXns9ovYU6eEISj5CoK/HFLOt0kHP5zVOWiKFm8x+qY4iyEXlh
+3ZVw3/MLrrLbmNbbgTfPeSUAvNZ+xJTpbHT/qFpFwmyzpH2x3CIg8lTzaUjCgGWV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem
deleted file mode 100644
index 792032e282..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Mapping From anyPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU1hcHBpbmcgRnJv
-bSBhbnlQb2xpY3kgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBn
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNV
-BAMTM0ludmFsaWQgTWFwcGluZyBGcm9tIGFueVBvbGljeSBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtfiBNk2i7y/WBuI5
-GCW0+6q3VwFnT3frj/wV+Ie2r2bKy2iasXlilOldX5jcywoO2qcMHUmoeK2eE6rM
-/ffDK4Zd4EhJJ5RJdgoWhjBpfKNGD73JlCIAVGGooCiVx9zJICN9DFl/X6hybpM8
-Gs/BWxcHB7vzpzCGqKwI91lstiUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU98GrNdgv
-hgNaNjdZb8HBpG2kpEgwHQYDVR0OBBYEFNuifbLkKO+WtPZNnKM58l/XwUD6MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
-AQEFBQADgYEAXZ+i/Dd4d11xpuKLT90bOID/badZcsjgBbJ2hTG4JhzrHQN6kxzI
-Xt3L5FBaqgg1SfvC0K6/eex8SDEdEJ5LlbmflMths7r8DICoo3Dyo+y/G6ziqRR7
-fOrYKBk6zhliAHXNqrtQ/fUCCNke/OMk62U7WgbaQuELj+tzZHPHShA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBMzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTWFwcGluZyBG
-cm9tIGFueVBvbGljeSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmMII
-TPwdFq+61dFOwrrjLrVHakDcX3fO14s58oprgJ0Qcm88Fjs1+HyurbqB1r7rySfg
-zIZhJjb6ZZqV4qwd2fyQGhYHSctVTxOfxYc+JnK/eLQ09eCM0Uv2U2e9AyyObT0A
-Gt8DpfnfiMrkyadyKRICC/6dOHLb/OnT82jrw/UCAwEAAaOBqjCBpzAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU98GrNdgvhgNaNjdZ
-b8HBpG2kpEgwDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYEVR0gADAgBgNV
-HSEBAf8EFjAUMBIGBFUdIAAGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAP
-BgNVHSQBAf8EBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAImTlpjaX4CkEQLrZZsd
-iyLe+gkOFWF7maBKcZQcCHDUNuIGFeYmRqB+eXsYqooAvYOUfSz30L709ODiWLH4
-Zm5y79xssrJYzS+sDfDHmNMjKo/U9Dj4nVO+ln6PGGe8PPW7P04gUXcQjJFHCLfh
-+czJLt8J7JUOUznIvSEIIsto
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F7:C1:AB:35:D8:2F:86:03:5A:36:37:59:6F:C1:C1:A4:6D:A4:A4:48
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        05:b0:d2:68:c9:a0:5c:dd:e8:e0:e1:ed:95:35:cd:01:70:d6:
-        24:88:d7:37:d3:05:59:04:38:c3:51:64:ca:aa:c4:07:31:80:
-        c5:12:d7:9a:38:5f:67:c7:dd:0b:05:98:71:a1:b3:65:dd:09:
-        cb:87:c5:8a:e2:bf:26:27:0a:56:0b:8d:c3:46:b1:75:4f:f3:
-        03:5b:3d:ec:84:f9:e1:03:ee:a1:8a:c7:e9:22:6f:29:b2:6b:
-        64:02:e4:aa:7b:5e:bd:84:fe:af:a9:25:98:7d:7b:b8:f0:ef:
-        3f:df:f9:26:a6:84:d0:16:6e:b9:2d:bd:15:95:8f:47:7a:a8:
-        28:28
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU1hcHBpbmcgRnJvbSBhbnlQ
-b2xpY3kgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPfBqzXYL4YDWjY3WW/BwaRtpKRIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAWw0mjJoFzd6ODh7ZU1zQFw1iSI1zfTBVkEOMNRZMqqxAcxgMUS
-15o4X2fH3QsFmHGhs2XdCcuHxYrivyYnClYLjcNGsXVP8wNbPeyE+eED7qGKx+ki
-bymya2QC5Kp7Xr2E/q+pJZh9e7jw7z/f+SamhNAWbrktvRWVj0d6qCgo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem
new file mode 100644
index 0000000000..f378d4d029
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0F 0F B4 FA C4 86 AD 59 C5 CB 92 28 10 E7 7E AF 50 2F 13 C3 
+    friendlyName: Invalid Mapping From anyPolicy Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Mapping From anyPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping From anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZTWFwcGlu
+ZyBGcm9tIGFueVBvbGljeSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGwxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTwwOgYDVQQDEzNJbnZhbGlkIE1hcHBpbmcgRnJvbSBhbnlQb2xpY3kgRUUg
+Q2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDF9e5qo1oWtVVI+OfFQW0ZD4HihKuXcOZyHrCSc/UQJuc4inG5/g8CLClzXX9g
+xSnOeyREom5k1AY0N+W/ynyH31lbKPVZvBmT/nMMhgzIVq691d3O3wSIiYEH44Oi
+wMyhkY+mCRHerh0LktpIX5fnmS0FvT1wYAVFiECrFPCOR2cNsvKL8KZOutoJYtIG
+nM2QtKcUYfdYhwpKq+3f1ae8nlErlhWS8GIn0C7E8x1HPeoCPAoPBuM9BDsa4q7R
+tQ8vkCiL+7mMMf02mBvY6qddPK+LpCvaFZSTFGFZwX7T+TQUXnZtYRFjI0aMWajm
+X7NGQYjwDrojn0v07UMmjLmlAgMBAAGjazBpMB8GA1UdIwQYMBaAFGhzFOALNM9y
+QNqUltYVq3qkby6MMB0GA1UdDgQWBBQxi4iTbnfO7LvkRyyrlaUs+tKzdTAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
+CwUAA4IBAQA730R9YAV/PansUKZky4hN5m2RQibLIju1MNH6xqQD0T7Bkq4aP1mQ
+TqzZbk7n7v1hcLpLxDZDQnZZ1AQAHQl5JNjLMwKgonL8gX0YLIypXXFeZtxU7oJR
+zdmVNPxTmcnPgLcMm6uPVRGR76qV2DhhgSWYV4C4ewIuEG1Zl6x4azJ5eOkL5xp1
+yM9ara/0T+lGywgOr06T0+76/Kmwrr+kF+fHXkb5r8unU32lvSpIuKKxkyjEcN6A
+1s9g6BxFkfpNVzZUuXphYoAy0olkMAvUWmrAeMz/jP9Zq4Bmq8UHLGmFFg4y5+fh
+6OV3RFRDk3BzX8WuG40rlzE1IYgDDmV/
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 0F B4 FA C4 86 AD 59 C5 CB 92 28 10 E7 7E AF 50 2F 13 C3 
+    friendlyName: Invalid Mapping From anyPolicy Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A906794B7E07D855
+
+oFcaEPtdmJzgte9y/6wrEQ3s6bIGNZNXWACnA+udLYD/fHdN62qALuN+ajqeeIPP
+Kr4BxU+M4TLcImd4zpqLqvJyDtySGIBZhc7dplXjviJOaG5/DzrvvSesg2oOugqI
+B721nJmoeKilLMd5StbBFt/4xPe60eB6IeUlura3IMMitV2WK3SR390LfnU9H48g
+10jlzTxyoyFpXfLkoV2SHlu6ujz5MXdvnaKeJUbFvsAGXnzyU+c+Z0sTzlkiE3Lu
+8CPDVMDNQDcbSoUOoI81v4cI71j2QVdnH2W2wtsrjImoxtUUkSOc2e2HM75UTorh
+PgsS7WzMxWONng6OurElcH7mbciVCmEc0razbJb2NHnbp5tp+iLeJAAeDSCgUpwM
+QaqLBciEY4ds5/6guGd3AuKOX3D6oi1ARTvyXSDAFoGVgMdiBj7yc28W2xatqJHI
+q8DBt6Qhl0JoYu9uyg74PZf9VBD85/vIlZXrNRWwwJ2iTwbY3pBehqpXMCbYBZ3F
+gjRj9tn+peVlpggZlvYo6gRm0Uo2HnLLqURljHCFKzxh7B2he3Ud+xJrxrMlpQsN
+XQDB87Ej1RjjRfzBIZbQhZsxoqEoHrSbsHDMa5zVLN0Uy/yCEmw99YaZx0utrsGK
+0ZWawS58TqvfFRFne8zFl/8ZFB420yXpBWh248IYCF45atHzGTAqxtpuKxAbxcc2
+DcuchCX1zGFpcoyBl5aytL9TVSaxeNARzk35nGx8JrO/niIM59VwgGVI5UCarhqI
+dfsS2wY3f74vSGlv8i2d1r3GT7UMM6hm9UDRqR+78KKicQ98eCVrqDylghOa1udZ
+mFaOcdlm1lJYh/rLPZynLBXjzaAqjCS/vo0zMV/+i/mOGOCcYzXCBw7oNSWSGOcX
+9jCZkDpNorgfzsuS7pl7xyUi2Lk/7LF5s+qwiT+DdQkNN+nPf0QfQBcB/cQcOM+U
+pksQbvIV7v2y2iqiQYpNp6I/PWROaKWpGAUjLevtKpxYezaJjjmtpx4y+5mQtSxh
+BZi8HUjSXA5qGtjj0eozhen9WFsweuXMQL1RmIBL8UWvXFNcH2DIZ92KnkwPcVKU
+0qF9TSkV/mMEPAXjxu03V4ByEaJiiQ1tmmT8MUJxR2DnPLDwXhLQrxC4atfNxPGH
+NNdLGFt9CEE7VSjyDs1H+sLlHEsK1Oh/ADVbHmg/iOR5ZfFyDS7vj9g6PjTB2qsQ
+Lv1qjtns+XpLkknri04PqcxEadolJPu9wfMERdjq4GVwTvoSb5H31IdcOZKoBksy
+bvSeTfpoIGXR39lDPfYWQdc1SyORg2JKYXvEUo2BVaAK6MDmhQ63nyTVxO9I6oNM
+ZUE15sTeuHmYU9MXVqjM4vviON0pTzuTSobTxtdCZljYZqoWI8yVUFiQTzwFGvCj
+kBvImf6h4G67dkLr1y8oWuEqVdVyTIUmgmdvtFhXI7M/7xtsGpOqbG53QYC73G5R
+nrNdMMLMBd+sCV+G2XFSYhlCCB2EctBqegMoN4/ZbXkC9QjFQT1Ce8B8JzxhwBOA
+tv2N8hHzXMH/gexgaIYjmweefcWMB5Mx22b0l7v5NNK8PwWoBmjYIXM3Py8MxrJ1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem
deleted file mode 100644
index 9981bba023..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Mapping To anyPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF01hcHBpbmcgVG8g
-YW55UG9saWN5IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIE1hcHBpbmcgVG8gYW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRl
-c3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1bl/gTqVbi6yVtJxnXxNx
-DlekTcCxPmcwCs7HEqTWzpbyvYxgoXfNIP7bjtabs/IK9+SG1YQpqAHt/UFImBzC
-jdgEBzfRwt2eGR4wSeGN09s2jAjT2aq9dbkF+Ib99D2DNKjlPKBbb4GeNWnNEDno
-yf4eZEPAx8P3QSsAfUqocQIDAQABo2UwYzAfBgNVHSMEGDAWgBS6gMx6LKdjWhCr
-Tj+ExFNVCmn6HTAdBgNVHQ4EFgQUm+ENjbV3/gxDFuaWw6Dwa1YRk3swDgYDVR0P
-AQH/BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQCQ
-H92kSHC9YZU7taUlRQda3eEkg775JMosyIMd1DwSzbT/wRoWU7/6BnsV99dq1Ja8
-2pZn316o7wfz6POeSg/VzNFd4HC+j84NTUMBrFt/SSdoqh1CkUXNAKbqffDzn4gN
-Sry4MX5zRGXwI3GYFol9TnNutj6HQl9Tr3iolkPufg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBNDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXTWFwcGluZyBU
-byBhbnlQb2xpY3kgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJrojWZR
-mKqz0wTzKWxK+BvdLHiNYkl7deU8v1nJqthPCd0D2ZxiM1IwaskiG9Nm+sO+91AZ
-pk/QFCW8XKa70to819onqj29QyYeO8ukMtlXuLI0pXVjyN4cWxfHH9o5IUH897/t
-hcTbFWYC1+TqZUNaPASnCw67YZejfdZZtD4VAgMBAAGjgbAwga0wHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFLqAzHosp2NaEKtOP4TE
-U1UKafodMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-IAYDVR0hAQH/BBYwFDASBgpghkgBZQMCATABBgRVHSAAMA8GA1UdEwEB/wQFMAMB
-Af8wDwYDVR0kAQH/BAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQC4HMzKV0x+spl2
-wCvBKf+ArCiSCklHEDKpj3HrJ7zIH1lqU73rZjOJQB3hsnSMYEB+ch4DQNDzOQIB
-bGspRwEeTIRjZ1u6CZ9h+kIVu2R4eyfq9mNYOvYFeY/kB/zwrMQnoeJtJ9sQ6IQi
-rwtT53uxl1gZv4pBZRIURDq8KEyoUQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BA:80:CC:7A:2C:A7:63:5A:10:AB:4E:3F:84:C4:53:55:0A:69:FA:1D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        92:da:09:1f:2a:48:11:8d:5a:7b:8f:a6:74:bc:32:70:4a:03:
-        30:8b:f1:26:b4:cf:a0:9c:9d:89:84:98:71:48:4f:93:09:59:
-        08:c0:07:e4:65:bf:12:ca:49:90:3d:36:f3:31:83:3e:34:b3:
-        9a:df:d3:a4:f6:7d:cb:ee:5b:1e:cf:e0:70:25:94:0e:0e:54:
-        9c:32:4a:50:41:ea:bf:f4:57:d3:53:02:7c:c7:bc:d4:04:a9:
-        9f:36:51:04:26:6f:37:1f:62:8a:ea:f7:7b:2f:d1:24:53:17:
-        de:db:e1:ce:89:00:3e:71:23:73:b2:da:af:79:f7:4a:2b:a4:
-        2a:bb
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF01hcHBpbmcgVG8gYW55UG9s
-aWN5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBS6gMx6LKdjWhCrTj+ExFNVCmn6HTAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCS2gkfKkgRjVp7j6Z0vDJwSgMwi/EmtM+gnJ2JhJhxSE+TCVkIwAfk
-Zb8SykmQPTbzMYM+NLOa39Ok9n3L7lsez+BwJZQODlScMkpQQeq/9FfTUwJ8x7zU
-BKmfNlEEJm83H2KK6vd7L9EkUxfe2+HOiQA+cSNzstqvefdKK6Qquw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem
new file mode 100644
index 0000000000..7ec0a9a27e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D F9 67 26 C4 8C DA E1 53 C3 F9 DF DC FE BC EA E0 D8 AF 13 
+    friendlyName: Invalid Mapping To anyPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Mapping To anyPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping To anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXTWFwcGlu
+ZyBUbyBhbnlQb2xpY3kgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBNYXBwaW5nIFRvIGFueVBvbGljeSBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMr1
+1erPw8vN57992tE1rFW83nzG1kHn6XMLHEmZkIdJASQbO/ZReTiFot1Xi+K6PpBO
+mGbcSQ8uXLxWZVCk4fIwD6a0MU2Jmy5oHWFd4dqDmsBUroCbhiU5wrDWv49zV6ap
+PmqPeQrLsN7FV0cwrFqS6YqU7MHaBkEoRlFvT8FyvyDb2SYaMbF1Vc3GPWudBQPo
+Uq8qwpBYriAflA3P2dO4bTnr09XDZxV2FGbH6cVuKVpwErEHFYZ77ykngP9VfTQO
+dXhygSD0jWvCgTqg5jXkcdfyyT1zxbVSGusMw+lBh3wBJKo0hJWq0Qup7GQkFV09
+m0iTMj1vhbasHvBCPDUCAwEAAaNlMGMwHwYDVR0jBBgwFoAUFCztk/EeGnAVlIst
+k7SY0rcFCKwwHQYDVR0OBBYEFKLkfME6MVHySnJusYPgXpJL2uCoMA4GA1UdDwEB
+/wQEAwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAE2j
+J+NBiXf7fiA+1jBa1NWMTi/Fkrt7h35JicUUr6GGsfmS722UHOxcnqsxm22aqu04
+HYld9m4FA6/ntPRQj1uDw26FM3r9sPXKExdF+Ohufqd7ACiiE4KXF94Be5oHk6YP
+tfbMxoNx1C6gJqAr5nqLLGxuV/NfUKH2RnvU2QDVNZ1MjlooubzTtEeORrVnLqIh
+8Qt3olTa1dYY1t+bAmea7+vyVd7aK+CXQ/iSCyVpX+oMkJGh263OLXGsniXK1A3d
+HWf5jgBRLr5aUQe4prFZ/cgM+gFe0QNe88ObgrgKHL14OJw210WKHazf1xQKErar
+Jk9IJeH/nwZq46/Nhn0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D F9 67 26 C4 8C DA E1 53 C3 F9 DF DC FE BC EA E0 D8 AF 13 
+    friendlyName: Invalid Mapping To anyPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4ECA13BB3BB90EC3
+
+SDIdiEs9qfLaXJ4j393SyXyi1O9vQdH+XanYSz8aVIMNPXL56Kz1UkiV+JBqhTVI
+C44UDsPE/Hra72K8RA9GeARFBS5SggpUm4UoefVHq/v6Utm+UAZQGLKr+W2NCLMH
+KpJPRs1iECtVZ4iyVVxtAAWZGE2kf2aEknOiVhiQnZfiR9YA/5wigmJKQJK8JrLh
+XWgTDqXtXVRI4sJjomLfVRSBy4Robmoed4o24rLY9MD2Te4v7ASDpJYGXH6oVBBf
+V5GB0vRWJ/nmNuNGLmcW2dS+gaaeFQl4+rECtsXUqT/AK+nLH1Cr2B+FN1IRBIzA
+Q7o4LsObBn6BDZyk8jpFgEkq3j4EPF3SB5zM6gFWmER9UQgaSZKSjwbbChKVAZDC
+DbKViSJ9WcyA2tQYI6rYYIkDHI3ipVcYwvg1cVzWqVvX4q68QOfesaZcOHApv3G1
+rgDdanA85hcf/2l8nGdlDBAjuPazygc1eZM2ircZtRQXFlEfqsc7vtQOg9y3no4w
+5G8C6EslaIgbncaNHdr1E8iEO6PKRsoQGmAZrodUnsXXxW3V0/XHHL5DM47Ye1UJ
+Xm8S9LUfH2F05p9YaJ2ZUlx6glE2q7SrRmALUVLWVzVRZHbFVx4cpvVEpTYANgBe
+qN6KpvjDCAxKly6GtoWuSH+HtjZaPoIi7Ksg8jnAg6VGolAenGUmdeIrMSHDLdt0
+bmJIp7o/Gx3U3deAcvyIGZzDK4A8z21HdxRu1/hLq4981wHJxHeZZPgHZToP0+PQ
+jSoSyeO7cKoBlex3xFz92y5fsf+xu8g2UR8ghYUzsrRK8jsbkQEhP8pmRgCBDkKe
+Gq5iVshIWSI9M8A8hmxwhNCAr83pEqmY4uIeQzMz8JA8fA5z7bZQ7/Kdo1MBac1D
+vGL7uO7rEijBMiL7K5Q5P8fTFG7z0tNd19OaTa/kZ38FSKa82lgZmEB7+mQoaRk+
+7JwmW39vGsKeJ9NxAZ+cBvS6ECCi1L4ze4uGRjos2X1yrjFziWdTp76Ys8MuHkWZ
+LIQhpSCVkYJBTtL9kWf4dWlBIU8LV3LdvKlHVUVxVgpFgWh68N/JSbPhL2G9NxQG
+mF/BR9NchW83nE79tOpUKv9Xz82xWphTgh1vx3pSBV21rxZtCwkE6aOzZtN1GOzf
+BlrAAzB5OE8LDm5RDSkDgVcOE5Wy3IWFn+1tbVY+TsnHExuyrBr8q/rfys50PfCc
+9mAQgXQpD+MR1MnkdTLKXi4hBbX/wlA8Jtq9nsuap2MgDPX0SfwLWeV1vKG7xnqL
+FfnG/ZYLuv1P+ia7dPdfQclay8kLLPd/fO4OAFOVAV7v4MbZHT8PCtIftGx6NkEs
+iFMiEyDC3oQBQvnUvq6PwEa7GXBfFV7gJGOrDZKiFcN7zdV+kF8LhiTYSvBL+xF1
+EN8Gz8RPFXekevqL5LQcwI2movy0uXKpzhCOKkvfLChBQQpl9gK8vPk6ZwDUMsSK
+qgTpuiKFdLZt3RSf/AwGaG6cQjHcPtg2qOgBM27fOQdt4L6v1yvW3FAkKhgM5GHt
+EvD30T+Xua1v1o0G3Y5AmoA1uU/Mshkvw1akhbmuD3HhEMri4zBcmrPd64Q4Iw66
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem
new file mode 100644
index 0000000000..e424cc9db2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: A3 3F 2A A0 BF 95 C5 73 EC 6E B9 44 71 6A A6 87 2B 36 17 06 
+    friendlyName: Invalid Missing CRL Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Missing CRL EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=No CRL CA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTESMBAGA1UEAxMJTm8gQ1JM
+IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYTELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMTAvBgNVBAMTKElu
+dmFsaWQgTWlzc2luZyBDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwDJ7k0JNn4/Y2C7aFezOHrjKJg7+w523p
+euAG+QWBedeSq3v7KwwmYK8B/xT4lqkMsujlYZ2VZOuClpvStmSE6/scFnoLSpjR
+Irw5ATpG3PuqclSElxMqufaxZbHo0Or/YOM3Ik6m+sP2bg+PZVzmM4EqylvF2Yfd
+BtlWSgNykgJ423auEY6eTc+bMtqD+76pBY30iBuDnEal+t+ToFP79JuY5MbbCRFG
+0ub7n1tJdJ4TIT59HBjrQhUevqtJWvP7B7RVu+aTyaCfupuqgU8DDgC9dtugV9RK
+T4obzxGqrazxH6Fc7EQ5YlhdnlOlZWPPDjjANxxtI5a6RlZws6HJAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFG6uRdP5/cyueml//bgG0kwH7AIWMB0GA1UdDgQWBBSApNzR
+MY0z53gpJM2Z2jxyk7abfDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCnahkAQGoZS+74N7JrW2MEYonr
+q+Dj4rRjyMKBQtTfTMds6/6hkExRLIXBiqc5mlGpeP+QHggU1L+1KTlXxXxJNG1I
+dXCYV2JNRmS3rtt3taKtvZHiJmWI0anc0x04wqVffmiIECuLdjP26Kd02WlK6djp
+EVBYK9SzthVfNAiJ5FJbHcoG+wuMWmiL7V6JkLNJXlzPV5XqDfUvnjte8BDAyxYc
+uquJd1uKqX+pdCLhho4QL0QXth4lXtyyhQ1Y7b31QHI8hySnqXbrArZeuFg7o/Ed
+fOmwvmwt8Tu4YQ0Q7gdj5YLpxhthAPaNd0csdKXzfiIcMoWC3Y4L1vtszqPS
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A3 3F 2A A0 BF 95 C5 73 EC 6E B9 44 71 6A A6 87 2B 36 17 06 
+    friendlyName: Invalid Missing CRL Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,ADA5D50F350C44C2
+
+/hPizfAKmJuQrbvRfUq70yiL3owIVL25akrbu/Y4MqYc+RzLjB6c8k7tC8Rf+GQQ
+9Ky6ngj6wfiRSiFYkajAWRa7tHu3kw9TommWCSFVVVqx01+c3wshMWh5EBCCG0wY
+ysWw5vfDJYWlFj51rbEOeSJrVVeNusUmHATqbk/QRXm7DeAuTd5yQosYJTGQcebg
+6e3OfTV+e7ysUd28RBva72h+fHTXmL7KzO+RiVx5IMNd9fiYl2VVYovxJLRdVyhM
+iBqs59krueWWHxp/Z2FL9lIMmH1zU2VwDwgAG13IWNSeXKox1C/XuDG4OY+rSuFE
+l20xShbrEPoZ8HyIdwyUlqkIBz83hf1sifdC5mWWEBdMzZk2/25R2mx8idZuObRC
+xRzRUTyay0UOUVSQwKJKXhha3FdYlsQGODNRnX8wsleb8Ps1ME85P79XU8ymL/X6
+IkO1blRIec9U/q5cNeUr+6GlS28Rp7SnAuLSmVY4NxeUbyQVm/eCIKRE9Da38mph
+xyfLijm6j9J2UQvJdQY0NDTHQ1djJvHpGWZ1XfVfFF2mM7ur/zr+HijUWd0+0rbd
+iyMgXiuGsN5inZn53ge2KJM3OgQBDxXy47SRb4jzOlh0xmhAYsRANQ42V2R1Sj3z
+cWHcEzzsg2eumbqGVpOKWKG8YPe8OpRkvkSfh3F6fLhySCqkr576D7pF0PD6ZL/q
+nM6f05sIpQAGnRah9opHjLIVCggXREwrZXWnIEyUb4/UYGYxs3Sj5QIEVV7j8bdm
+8wlXmoUA648KxS/PUfPjFqjBisXrSmYtDUJCmKqCJhR+F8fuiAtGqnYkOelV8BqM
+697v7jtkPbond/WDa6MN7Ga2P5fwm6qaUht0tuqb59UFBeO37n+Ayc2kXCX5CL3j
+wtXajaiYfhcP5zpr6cmot1utKZ0WHYYx0srwMC9Derof6Tryj5aWnlS6cG4JZZC7
+qoAccg6d7dweMVq2KlYdUlwzln06L9hslorPq1jx9/kIdyM52hV6w7cTPDYZAczd
+JWbUQhluWFQlvuCju8LLYsN/HgHunEC2WV1Nirj02qEPGB2xFX75jMTykcUajKlw
+A7sQg9upSuDIqPy1H3vX/csj7JGX/uz7omF8DeFL7Jf6MjxGqf6nQXGk/pjiByQy
+R/+1qxUFccLE7ike9PolA07dUChNGYZ4uvAv2e6AMUiPW0dtF4o3ic+PIpAom+/9
+krfoHpk7poD/RbvMOOLG7jDpokt5EjU6HmQMYcKRPqNXO8ISHtc5E7w0OQoDnsTH
+nyjCLiRt1QnJPM4Fu1b59DcVfWTsgwaBrgAyTBCeC2E2QV/ph7KOJ1jL9VjIUXpr
+RmEeoZARSXjOWx2oq/NQ7yT0QOLDNHgCc8VWYwEfDiyEqkHAMbWL7gb3yv8h0qly
+Jh/y+LK+CIfXHwk79CBtH4vaC2RvXIK6Kos2+J12Ww+VA4Hc7afUGcjabggijjrC
+tKE7yfHjXjYe+KeLwjWJMWZPP0T798AdtNjm9KVUXY16Uv7qAhZToDNaB0yvGCpD
+kPEeaVZVhV7PHYSk0Ph8fFGeNDKj7YKLVsFL2cdvO4xTyFYKD6+0kYlzFCFSaAC7
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem
deleted file mode 100644
index 77a888caf9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Missing basicConstraints CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcDCCAdmgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbTWlzc2luZyBi
-YXNpY0NvbnN0cmFpbnRzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO
-9yKuCeu6dhjdDO1FYBjOw7a3vWSCZ6ukoQAD5724THVzb548yc2GIGKHC0mWgXiX
-fB6PBIQAwAhwCIetZaZICbOaJLAEgrfYEc2BK1uYPcnPDq3akXxh5lwFwL8N/xT9
-ajSDOeq+fWCIH4K3cgzvQFksXSMBrCLeSqRqpxg7aQIDAQABo2swaTAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQURqBdN9KpBRGTRazt
-XDHnzRcB9gEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQCIvIvzmMIwJ8YV4vFP0812ct/Jsheq3QAcCH22
-0akUpHCoryoLL8cVkdCCP6lG5QD0BdEszwovHnuu6X1kPCe/85mpvlueAMAcr3Wh
-sSZA7vot2fdmAqwje/64fADpW2pI3muEixUfmNSMsjXFzGSFT2tWJ1XNfFAI9EYK
-j0nmiw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Missing basicConstraints EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Missing basicConstraints CA
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG01pc3NpbmcgYmFz
-aWNDb25zdHJhaW50cyBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGkxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE+MDwG
-A1UEAxM1SW52YWxpZCBNaXNzaW5nIGJhc2ljQ29uc3RyYWludHMgRUUgQ2VydGlm
-aWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIu/B3NsTKFd
-3NwujgznvY/HGzG+YIVddeXJ/bIUYqj0gIh6FNebF1p5DnC4tljBvuux5UMrmGOi
-6/MoDmiVL8VyVr87z69Hx4DKUjwmHa8KOQ8L5KcklyNCiqovL+IWvl/ifcvU3tQ2
-olOq4vjYRupu8NdmpY4IZl6UQScR5P6lAgMBAAGjazBpMB8GA1UdIwQYMBaAFEag
-XTfSqQURk0Ws7Vwx580XAfYBMB0GA1UdDgQWBBT7lvAQxDdV8M61puLxGf+ZGq5u
-WDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
-SIb3DQEBBQUAA4GBALqhV3pig7Li1sMxfgarLLYB4xxjsbFinx7EtEDlju0sTe3j
-F7e9rh62n7fnZqZ8KSyRCikPu3r3qBCLx2TV+i31inM/GqvU2yrBGdVm9HUi2CSp
-YUePLjOyojWECk+rYNq3vVYFVKJkonzfR3533mruAKakqDJ0PQLTEx84ugv9
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Missing basicConstraints CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:46:A0:5D:37:D2:A9:05:11:93:45:AC:ED:5C:31:E7:CD:17:01:F6:01
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:49:47:9b:06:de:66:8d:df:13:40:35:7f:95:83:f5:1c:92:
-        da:0d:33:78:99:cd:9c:34:02:32:14:17:ea:86:48:3a:9e:ba:
-        c6:5a:de:0e:5b:68:0d:1e:9c:f5:07:b6:81:e3:47:fe:29:45:
-        aa:c4:51:01:21:b6:70:ed:1b:28:cd:c1:81:f2:43:e7:12:00:
-        48:78:7b:6e:28:5f:71:8f:f9:56:2a:22:8f:3a:7c:8b:8b:7c:
-        8a:f4:2c:23:67:c7:b6:b4:85:02:99:d9:48:01:29:c8:6c:ad:
-        be:24:a7:3a:8e:56:ea:92:4b:e4:8d:d8:9b:f7:17:b3:e9:b5:
-        87:fa
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG01pc3NpbmcgYmFzaWNDb25z
-dHJhaW50cyBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAURqBdN9KpBRGTRaztXDHnzRcB9gEwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAlElHmwbeZo3fE0A1f5WD9RyS2g0zeJnNnDQCMhQX6oZIOp66
-xlreDltoDR6c9Qe2geNH/ilFqsRRASG2cO0bKM3BgfJD5xIASHh7bihfcY/5Vioi
-jzp8i4t8ivQsI2fHtrSFApnZSAEpyGytviSnOo5W6pJL5I3Ym/cXs+m1h/o=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem
new file mode 100644
index 0000000000..b244a1b201
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F5 04 22 89 16 8F 33 16 74 FC EE 68 D4 17 0A 0A 64 05 88 D6 
+    friendlyName: Invalid Missing basicConstraints Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Missing basicConstraints EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Missing basicConstraints CA
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbTWlzc2lu
+ZyBiYXNpY0NvbnN0cmFpbnRzIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowbjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExPjA8BgNVBAMTNUludmFsaWQgTWlzc2luZyBiYXNpY0NvbnN0cmFpbnRz
+IEVFIENlcnRpZmljYXRlIFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz0Q7jVXn/KP1L4kWn3MnNkLMHv4kNcWGV8Sz2Z2VUq8WlLhFuzpFvyPh
+NXcaZ98iVRqDqvSmb25/Gf5HoyrLTFxayY0wm72Drm5VW6REQ9evIg3xJV2x/4pg
+7qHE1ikSCD1yHSgrhQvWVVbkYnnTSgVERxm81TDFMmn6nOQzuvjLr50dgcdz9tI1
+sULjP7pyk7vDuBRNhsphW+QP7iUDr02Fph7IO2nJevAZ1p+80O4lMoLLAWelO7c5
+KKyhGa2NqZOCqSsS+cUMtkhUGhEyDdlxC1maCPpsS6zfmtWasUKBn1FLLGXDzALC
+COWJwxztub3n2UVKu2bFEn6aYK9iFQIDAQABo2swaTAfBgNVHSMEGDAWgBQwVrwV
+EY1PxibGtZyhcJLS+U8NeTAdBgNVHQ4EFgQUTfAA8MgHRVCO/ShtbVSoByR2AIQw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
+9w0BAQsFAAOCAQEAVnYgcBUarDoQoiuDXLPNBtPKARX91BCSAJSI4s0yP8Ba307d
+28L6BUVWzbYevwBKK1042PTO3Baz5WTc8I/cgNMUolZKfSbjrTCZ5H3MLVpH1Zdj
+zr7Y4bNppL3aGwXPjjaDHHE6F3h4ukFZaoX9fTr1OTxcyOmz96/hLJ3NbHmRPHPv
+pA1y5yepi3RDltyIMQsXIGPIofZ19LQ/+hCjYuh01wrd2r4DEQYDmyEEDMXRaeFy
+LSZqGQBhvOwcrfX6iz2cIz8YnbfU/cte5C2Id7V7zW5GZP4oCgjHsANbe+hGVbsR
+AUSJ4G96MY5zlwVFYdpLldKm2BywOGs+CU+uxQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 04 22 89 16 8F 33 16 74 FC EE 68 D4 17 0A 0A 64 05 88 D6 
+    friendlyName: Invalid Missing basicConstraints Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FBCC7DE9B3E67417
+
+ddz83O0BO0HXwyO0stvbC3Vgu0Xdmk958NkNArfvUA6xAU11fif4N+53XHRy5azv
+4dcEBgdx1cMq2FH0Fsq3NjNKDALJV6jCewzHkPTOgqbJhkwbAZxpVDjnAf8j1cyK
+SV7f7aPg33n9/If8lOao3ZSIYZoKaiOY3oLxchNHNWLZoH83hocKgtx6rcZxOpEf
+Q4ySjllF+jn+jBMTpURJ+WBTwSebP+spHe3vi9jnKxpXhZq42GdMeFLa7RmFCmXZ
+yfgI9VJY/YFtCqivKmWRlAvTA7MTPGnGr7j1T7jAzg+wfgiuAtBssVAKmXFwSrYz
+r/TW6AxvVVj0sgovGPuxrpdSmHdThlm42UVUfw4HaSLjYBK3BD5vFPVaLfLwwYgr
+oN8/mOslZlUkPVr4JV+uAzpVniY5d98YAUSnYn7ASrH6KGrQgbPQFUv6IWY9nS9r
+n5stGf15Ncbx/NnnqsuuIglSHnYQlhXnoBdJGvqMiXAL/QPxxAMNJAsTA22Je55f
+M9xmPxOtszKXAiDB66bhVN1msfDC6i896vLgwsggdyPH3ljJbVHNh+YAmmVtrGgJ
+5sfoPCI8anpBf+LzIzV1rtmV2uQT9aR8cQ4nzkFViS/UKI9BfZPSlXeIkZbjb0fQ
+nwJXYn4xAXhXdV6B33zX2Ih6b/5aXVrdZ6AcZDtSfTwSEEdLgHmQaZAMX8IsGI+y
+gzGnbQTYk4jMyL/C0Z9ikmd/DOGrNCepM3ui9eXxal74qiDla4rVZGXMCghyNt7O
+Ak8TxTogNmcQUNKFWCT5eNCSq5Ewljq+ivdSWbw2vE42JFSWmXSDQycWyi2/bDcr
+0qEksyaJYgbcff+KON6zomidVZOeNl7vHjUHSAzdzN4uCQ1f/EgQsJy2kwUg+Q4Y
+/zM0wTLkl0gELwYi8IhpOkcNtBX8+IE9fG0wg3mzcD9iadOEymBfgGpxRk8MvGyF
+46LJRWZv9UtuuuJRnGGu7czCMYAMJfV+gzm47B6Kw21OHREoEZXtVZaJnUL4AIyD
+cWfTPZOOrUNgKlNIgxNGsHxYK9ATpdDCAh4bV9W7e4WdcBFDgI7e94bQhC2RrK4w
+xN9b1+inE8rlANVn2brIBYuFZoIHeVz0qRBAgNOWo/94puFcafWhyZ4uGZ4wS/a4
+slmsz/T5+sOArZxgrlcMdhtPntonDUZKv7uEvfNl78L8G6rkw6Y7ePDv/1723UuO
+p5SigZc0BFse3wJwvrLKkka/qX4ZXXBm96+atfIappYR4GNpGLKjRyThFp9MQ5AR
+u4be4qNfx2fTWJT+vODocWS0dx9QFZxP9QZan1/hP94Xl1wIMcFgDpATY7yZXfyI
+M0a2baduud6dzjnJ0V0pBYMHG/PmfeEWJU/xCCgHq8Eemxq28HXmNjXSAjOAyQWk
+gl8WRUh0MZm6F/hSR2r4IPbjGNbBVvmhYmXYw0iPMpimMIapI01eVHq8QvCfjjFW
+KTVDcHW/XgdX96k6fO9wVfpHhgGhWj6dPYvFQ+RxpvcyyHzZgaEYRC0mTFY++UW6
+KJk4OrJsoEbPA01cvfflIZNAIaz6HJDiUSUKCanbPbXT3Ca50evkPHMGkGpBNVXL
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem
deleted file mode 100644
index ce0428ec3b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Name Chaining EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA Root
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDEdvb2QgQ0EgUm9v
-dDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEGA1UEAxMqSW52YWxpZCBO
-YW1lIENoYWluaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCtoV9f+SA4KyB9i+bRylcLprvUHWg6W/anXTtNepZjeYRI
-h45BCVfF9mYQIoBvqYkSOdB64I/qUShwGf3kj75YiGotm1AzP/e8A1dIyvdxVT75
-vZwCWaOjqX5wEyaGnXS2u1NDzvZ/5JBtwo1KumaVAd9bLw2nhHAwbJ65Hx1eWwID
-AQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4E
-FgQU0QFCXwgNnxwQuYUlKF7ehgYiFvYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQB8cokOobcm6ZNTDk59
-Ieo9rWzeCUeh8ku0vO2bp0hyVadPHfCvXRRFlWZ6WKMTkBXOs/i5gHEtEGB9cLDO
-kmOOHijG06pi9KyYqh54As2hG8wKngUEyOZsIkKK6JfdMx9besNZ5lQlSK3SZpV4
-wTIx6poqzlbJx24yad7rPgiUxg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem
deleted file mode 100644
index dd9f0a5d86..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAsTGk9yZ2FuaXph
-dGlvbmFsIFVuaXQgTmFtZSAxMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBVbml0
-IE5hbWUgMjEZMBcGA1UEAxMQTmFtZSBPcmRlcmluZyBDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAz4GBJOnsdl/i9wT8fK6n4zN5AHkLGLTaV9MLbBL5heti
-HmMEj4t80NsHynN8WrNyxjxjeDoAnlUixCHAT6totgzgeWKumN7Pt48lWyP7K9eV
-j0mJ/e0X8EYCrm1idgjBevSpFpC8sT0m7Lgo60wWBrYqKBE2OW2oLqjK2a9itJkC
-AwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0O
-BBYEFP/4JkT0Lojo+NeoS4SRoshoYlphMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCrzt7jsc3zpys78suxiiHSl9hYrO0L3UJE4TYhMKsTdu2r1KStNCY1MA05
-8U2gLxTSvnibuRTn81AHALvjm5bd3oiKFRr3ISzo9SkBx6wXO7x23f26giO4h6WR
-Yjce1wWutjpvkyXJWxLqKD5eE2PVqwjujs3eiNAV0KkiQTqZkQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Name Chaining Order EE Certificate Test2
-issuer=/C=US/O=Test Certificates/OU=Organizational Unit Name 2/OU=Organizational Unit Name 1/CN=Name Ordering CA
------BEGIN CERTIFICATE-----
-MIIC1DCCAj2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQLExpPcmdhbml6YXRp
-b25hbCBVbml0IE5hbWUgMjEjMCEGA1UECxMaT3JnYW5pemF0aW9uYWwgVW5pdCBO
-YW1lIDExGTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EwHhcNMDEwNDE5MTQ1NzIw
-WhcNMTEwNDE5MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxOTA3BgNVBAMTMEludmFsaWQgTmFtZSBDaGFpbmluZyBPcmRl
-ciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAlIUiHjq7IwwwfDgHAnDwX3nPnYsaZ6Bu8w8lZNS/15MDdOmQg71tVoCIC0he
-PJBMDiqwuUQ3pbgsavDR26tQnAXGzmJllHIFry4XfdUozW3Du9KUR4eFHDkgiQCj
-IXj4VSgaMAXyDSGO8tQpZvweKQLreeur5220Pf3K7zabhcMCAwEAAaNrMGkwHwYD
-VR0jBBgwFoAU//gmRPQuiOj416hLhJGiyGhiWmEwHQYDVR0OBBYEFEu0FDAWAxWm
-n1pTTcqqIcZ0G7JJMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHrnqIOietTCGSRZ38iulDWfnU8JraF8Z
-x0MJGiOWHh5iM21Rfwux8XyoJ022fncuDoZAsUjriRwBn3u0faPPFouOEEVMglWU
-woUFoMYymfDUYmA+kavP7A4gRhSfhi4JJJHdb1AbnNkHbMfIBRSz48wsphGJEyk/
-NE5gmcum3Bg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FF:F8:26:44:F4:2E:88:E8:F8:D7:A8:4B:84:91:A2:C8:68:62:5A:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:c4:1d:56:f0:e3:a4:27:bc:09:13:d4:99:6e:6a:94:5c:0a:
-        5e:33:09:0a:a0:6c:df:0f:3d:a5:03:15:e8:da:cd:53:10:e0:
-        26:82:d4:82:34:2e:75:62:f0:8d:a5:b0:17:ba:77:e5:1c:b2:
-        ca:d4:71:78:2c:fb:3c:cb:51:58:4f:1f:b8:90:22:7e:60:c1:
-        60:03:64:04:58:60:3d:a8:36:c4:37:6e:b4:c1:28:0c:4d:16:
-        89:5e:31:4b:1a:7d:4d:33:35:8d:0b:92:38:90:f2:70:e1:f4:
-        c6:14:7e:fd:3b:9c:c2:d7:da:8f:ce:1f:6d:36:3b:ce:5e:28:
-        1b:fb
------BEGIN X509 CRL-----
-MIIBiDCB8gIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBV
-bml0IE5hbWUgMTEjMCEGA1UECxMaT3JnYW5pemF0aW9uYWwgVW5pdCBOYW1lIDIx
-GTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFP/4JkT0Lojo+NeoS4SRoshoYlphMAoG
-A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBALTEHVbw46QnvAkT1JluapRcCl4z
-CQqgbN8PPaUDFejazVMQ4CaC1II0LnVi8I2lsBe6d+UcssrUcXgs+zzLUVhPH7iQ
-In5gwWADZARYYD2oNsQ3brTBKAxNFoleMUsafU0zNY0LkjiQ8nDh9MYUfv07nMLX
-2o/OH202O85eKBv7
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem
new file mode 100644
index 0000000000..6cbfdc3a6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D2 C7 3A EE 21 D6 E3 2F 8C 6A 2A BC 1A FF A1 9B 04 2E 74 92 
+    friendlyName: Invalid Name Chaining Order Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Name Chaining Order EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/OU=Organizational Unit Name 2/OU=Organizational Unit Name 1/CN=Name Ordering CA
+-----BEGIN CERTIFICATE-----
+MIID4zCCAsugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAsTGk9yZ2Fu
+aXphdGlvbmFsIFVuaXQgTmFtZSAyMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBV
+bml0IE5hbWUgMTEZMBcGA1UEAxMQTmFtZSBPcmRlcmluZyBDQTAeFw0xMDAxMDEw
+ODMwMDBaFw0zMDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMTkwNwYDVQQDEzBJbnZhbGlkIE5hbWUgQ2hh
+aW5pbmcgT3JkZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCmGHtkF4itTUq3AQnzZatlEBh9xeYcGGHKW4YG71VW
+tuN7bK7l/LNJ2rANrU4d3FvjcjS/uz1mInuC8Jmc83z4O6E07zDERh3vJMuMYZRM
+/3Gq/b5MfGc2SSPiE0x3I8K7IVOjwa2GtYAKm7W3nEJ80//fkdRbzu9WYXLpKGfx
+ffEZq4j8kBwmNGYLO2eyOmIKLeY/UdnzN+IV/wy9u4CvNQEoagLCXsaAsLJZWPeO
+e+92n90GVdAdKB/Ml9PMTBfDh0R1jrmOFAEOcJfIYGpfj0tFIsAZ1AdcDNPXSx4s
+A0cLfSG0xuJu6iBxHHIsCRW2Q2cK8yo2aIq7FNNE8bvPAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFL9Ki4GbTYwUMYxb6czdL+h5ElFQMB0GA1UdDgQWBBRXIRom3xYohMEv
+pN0iRtvORdgoWDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQAynecH6qf01AWM0adG9SZ3BQ5N/oBfcu7e
+WjwU0dPuMZP5O3+Ak0x7lt9F4QRwmcoyHsB7AZgGMNu5xWE3dpebr4mF09RP0+pa
+T0lli8Vi5QMUCaqYkbXOfchl/A9k2py5H5xrZ0OJZrZonmAGZTMmSuAhY1xu6scW
+gs6X2CSnU8siNg9Zcd7jqbfHUWSLvz4k9N7UzTqT7Pzwof1vaTPqcggDGUC/jQV3
+v6BgnIcxxHjRL4VSg4Z/fMh4hwXQlEFZGHoyBzzYNhYPnpgpxU/64cVHbOLNC6X0
+sUVsT9JfCt/kFAPOoWnBOifSzjeqVXmteVsb/9SP4wF/f4gBmJjg
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D2 C7 3A EE 21 D6 E3 2F 8C 6A 2A BC 1A FF A1 9B 04 2E 74 92 
+    friendlyName: Invalid Name Chaining Order Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4EBB2B43D79854E2
+
+M4O8H3FXV/0Q8oJmUXqDk60NUbwnBWNKvGM2twA2XZU1rEodmvWWlwo0mmH+j8rX
++A0itJomhWox8Q88Sdi56G8PhZfBk2ocPPAIDrG2z4EFqbjCNATqJlIJmMyukzbl
+B6tYDt3Tx/vWdYRZSFyNPtn4GTuY+KIGTNlyf2F1hBhbSU4MKPoEAgF0JLRvKj5E
+tZIZO+EHfHctq6cTcqLdqBhP0bS70UqqqlvZ/232SwpPmaXWvMYjnqMo9W3neBID
+XIEP5mF4vmaTLoVcH2hoRM5qvh5DDSYfp5StfFcN0R6d5bl5v//bP+1tu79kLr4W
+HPvXQcApsUrNUgmtGNUiqM/uwEdlgYiyjN+yQpSrc7I5lT+5nBYWfJ4fsUD/K5Nb
+2/rECornDiP53DJ5daM26Q4P/mpNCHZQzBXCFb84aSSLtUvijvOtUxt4Ej2rGtHb
+t8F5ucVb9JmU7CkP9a5uy/t43z/NPxVqqgxltlb3Qh+4Pky8xUd9j24578KevBUd
+Ufi0kErFk+1ShcYBVab1QcQh4zeuq0oPWmfgyWjWZ3KyKwdMDo613YA41MgoCvbh
+OtZmi52rtoFJ/dIrYp7ls8o3L9H7UZDugRuSQmDNsFYN7+xSSb/6Tgzq1vQIo5CY
+g5At1yRtiirZoKPA4NlrCtXTVe4hAdGRQOKC2uSmZAC3pbES03lCxtTsAQncxBfL
+Z3eeR/n57waMKPykDwrIzIvbxebA7obPfpX2Pqapt/WGRbseX4/JPDYQVM/6vLfA
+DyTwC16eMO2XUIAMJ3ThBmRCzz/2cMxsMIVMGEZKFOSmcvL6FvqCtve9/vEUxCs1
+BbUWetauDkZypEPEHWPVYCGl7aMOG2SmeeUECx2xoTCCPC2gp03L2LlS4STvgKig
+Nwe+A7WwTVQlxUq+x2BXJEcU3lZh+qemj/b6bcomvkuszWyiiLh1yUSERdTZDUSC
+oYyasTIlDpERQGyyAcn3vqSKx3gdcOqX/bl8o8yR/EdUncAde5KMKegpBZlxbF5V
+TkXHeOUBJotq7qMjcxBbT4+YKwmBO6QwK79bwpuFuzBswCAquVPsg/uRylT78Qpz
+GRit5SxH+S4KkFxGAmPAzQLILGpS35qxVrFBv47MzWbxBOakFpFvBWujWC2eBVfq
+y1YnF5NU1++kIRFORX05sq6aDdeIhcA/OnCZESQKp92Nud2Br8wHHHpbDr9sF9tY
+17qjulQQ75JXuGm0CEp+wwud3Lfc++IlMRI8bUSn8xGe06bZng1mK3kdHyK2tkgM
++4pljAh3JVzfv2q2sB4ZAv7omkBFemfoeiqrxF+8jpOq961v+nySeFYsHV64LRyQ
+hoISt1GrdsCL59/dd7PX/3YYqUGIsKSdzxJVPlds+Gn7uku0jPSUgCF0RfVtri7t
+cpXGiz7irjZV4RDkvBKfM4NQpIKLGW/Hf1NnUM11Yc8aEhzaUgw6NwqB98CBTaUg
+8QhczEGBSQhzVBuEINKwbopB91UwsmdHQXhth75e2+miV+T15JBievUfS2LFC1jK
+qhBPfRfWK4I9JMzAiI3lN6sL07O/z74c9coci28MKLg0iSEtCw7H3//MdHsRLWek
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem
new file mode 100644
index 0000000000..97ff96bc49
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7D 6D BF 10 BB 59 DF EC 2A 3E D7 D5 26 AE CF 0A B3 5A 21 F5 
+    friendlyName: Invalid Name Chaining Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Name Chaining EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA Root
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBCTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMR29vZCBD
+QSBSb290MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMzAxBgNVBAMT
+KkludmFsaWQgTmFtZSBDaGFpbmluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+nEW5gQmCvT4PQ4bfEwb8YmHX2
+bhQjlGRTHO894s1c8ntn8sOGipmZujpyWKEnuLYYXnrx/8d6EaQ5iHWc2STa5xO2
+/FYakp8YF7+wGIrvAKI2gXIaIFzFC6BBtZiDBb9esrLPA3tiu6u5F9WBsGWuA1TQ
+jKqaTll9i5WvnXY8Fq4JbfHOeh9SCJKnyLtY/o6QqfJu4IvGIy3SVMUOpy35ZR6O
+Hdy4JXBISnOe44NDd27PQNnkb7VlcvspL873wQSp5YJKW5tvoPMtCGegEssZIGGN
+lN9bNTzeXAB+BfwtYoqP0Ej769uC6863UgGeWztLxe5YlvyS7CXaMmNdyosCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYE
+FBrADjt6tfm3fhTgKkOCvTN+XnXkMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAHmYLicHjD0aYoBwgy4J
+fY9KHQVyP3enwjKFrzxt3lLh0+hvUeJG49oxt3lRPjU5d7GJYSzB9hmbECnD8hYf
+/NVRIa6UnLTK/blp3yc0fgYrZSFgzU77f6i51hxScIwprI/rNKUKjwYwPBQ6XZoS
+Lb5nZkbFoSaPjorD7/rTBp1A0vPt9QNn8wBph59HSKyUnHm256Y5kv67Knkt5W11
+tazp3HAc2nsE21MClKg4S4IHQYCva6p3KhViH5Wntu0AaG6Cl3eVbMDe+rzu2i7a
+SsP+m1IhK/geXvUOHGkKQd0ESsNaHakpy5mQXpYbxxpem1NCcsbPPlipMa0AN5p/
+ksU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 6D BF 10 BB 59 DF EC 2A 3E D7 D5 26 AE CF 0A B3 5A 21 F5 
+    friendlyName: Invalid Name Chaining Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D8417684F15C42FF
+
+vKv6b2ZRAwVHf3IhthcuPQrJKx3OAjv8c+lHRnmJfHrFJkUf1am4rrCc05dszvUF
+TjTR92O3UYb41SmqEJhgidYEcM1I8ktzt5It1pItk/ZHlnrJ30qoWmtYx7GGI6En
+fXsV4tuL7jEvgKlkrYztkaUCpbauktbKcgLCeZM0YQ1WTHsDFK3KTGnz+a7Y0Wvs
+sl7UtwwjaiGLzJBF3AxKIDwGatxAxZaSUR5+9/17pLJ9Aw4irQUlERtjwKcs2LdS
+EZDbgbfPMqXOmZoZO1zCD+ZfyUM3BNOfXs9S7DqzHYjW0EeOmQiOLOWDApUPpSwl
+Ywp/hr/8DCv7POi0uiAO3xK+DNRMKHtig33+d3xU4YkEw8yZDmesgByeEEF8KlzW
+lWasO6kimeIBSmhccj7E2bu1+FEg6x3m5AJkVUxOs5hj+D5zOuihofhatD3aCJ4G
+jdRZenNZAre4l/5rKHsndQVsKOOFjVhMBP7Id+wv//eRez+OHS1yxlRzunm0O05T
+1a+jypMOV8v9lb/UYTx3CRsEtXJeqB6tObGZP/BcLDw4e3qhrEZ8wj4ys8J6Gk1q
+czlYliZzVEc6qCCnIRMf4q2jMSb++klUAuWO9ieU9uD5ms2CYyKDM2b+Swky852z
+PBh9b8/pKidwhXc5xSGxEP2lDjVHajBhlzloPpmTz31bACS1RMsYnmskU6PAFuWY
+sUVObgF3C0hbjCCZlubAqEgmfAJTfsta5ILZ9t3yn+ucS05fniAXQGPZ2dTg5zh+
+r86+Bz7h7ZVEF5aQIx4nYouJsW6vUYNBb6FV0ej7n1QbS25d9BtIlicncKaGNIis
+OIXYNICAD267B2Y0+7/NJTjO6LZwE2sFAZM5k/5fjK28DiR+Z7TqZxzcbMurTguZ
+FmbKunAe+wBaaN3cunbi33hwIMIVNuFfRYiYNnPvoLpIzm4zfxpDXfVNEqpWqIuN
+J0Aj+dq95RFo7cHiwp9wXAwkM36rMK9I0ahutISvEWIDDyw7qk9E9ivUHcMk5YT4
+Mn+IVromU0cXcM6sp1pxX8sDeu5M72nw4NDSvEvHtj0fIxHvzhlwsBy9US2yEAsK
+SUxlQsDnkDJrY5G+yEt7MkuibJBPgR4CYQKoq/GIGPyjB86TQqAeRTV4OTHE3xkY
+t4CuqoKOwzy1ieFZtgW67n6qpMsD0tPNYk4zWkIDM58yOpZ77PdMclSuUjffHAKm
+v5SAFXoAB2n/ld+k9j3cOsuBKvrlRZNADZmgeYM9ttNDM3n6pyPi2+yyc4RqfEfk
+CMckhOCI6OL8Rkl8UvPyo50+kYzBNsrEUDgtgXh6zTNzE+0KCoMcvgW/dRjjGJwQ
++VEKwPOSTXMQJAKx6g8qjOoM76gZrr10geiHhalicn6a16gaa8E2or3DlgXUV9ZG
+Mac3Esvn5x/gnljjLnkaNzf0ehfe/blTlaCeqJjLv7j+ZD+zt0tL5mfBmkS7zaY4
+3p9AvHVaLB/wFT2z6BCxBAm0hAu3Cxd54NhKrYg6aI5hKiJ8DMROCadRsc6ydM6h
+84WRHdKOI7J3jkTVDyKG/1Zug7IgHkv6nzC6xvpwMYIHJttUoz2F0g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem
deleted file mode 100644
index 9310adbf42..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Negative Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTmVnYXRpdmUg
-U2VyaWFsIE51bWJlciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw5yD
-rVmP3dVETqSrKKVXvXWAnpc5K5Xh6mhHBvy/YpoERigE1MP8A/6eE3mY6OnMJVAh
-QJRWniYBrIDg5zR873cTAbn1O7MwSfs3LLxEO81iAf2k4nFFxAGtQp5AUwx0cQVK
-8oMVty8BEcAkazVA87HQgpycQySqDLmklHNqkncCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJCMpyNNS/fqobISh7nA
-0w4zWMuCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYz9xXPhMcniA6W0RG
-0A59JbhJJpAZmnLBusWQjWYIZsVit1M1OXc/zDGAP/ik3blednL+t+wbdJc1qg9m
-4bgoXS14lg+6IGMF2VWcoKkDJDIHpkVrdQc9WGNm0qqPyHGW0ggbi5VrBv1potkF
-xBtl1WkY3ZTLuI71pJ15ebGZ/A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Negative Serial Number EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=Negative Serial Number CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIB/zANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNl
-cmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBo
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNV
-BAMTNEludmFsaWQgTmVnYXRpdmUgU2VyaWFsIE51bWJlciBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKczL4/N4jrniwj
-6tO7tR683qVrEG+1DB4XcrWL4wENZS5O2qkppGZD7cOXkGuOemheT0QGmaEtQjOa
-yRVw86jvq4n3iQdSEvRb6C2GtYQ7hFASTBsQn4qKbcldkhv+XQAzLMc65GcFv0l6
-n0xR1miZq8E0mDxBLg9J5iv6abyHAgMBAAGjazBpMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMB0GA1UdDgQWBBR1iOR4fH+ykQ1KqxHgeC1Wl2TuQzAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAAAfyUd30ByRjggXgiu4vNE7KBbaY6fbiYYugGriPx/HPPIJM3M9
-3W2m85AhLW9Qt/dpaXQGeICkDfrLrpTCV8MWnedoVwQMBla8v5QNs4pUdkTXuV7R
-9LZqxgeDvUTEadGrNLjZ4WumiFApRA+DRjJE0LsnS58wWtklsYDoHJtH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Negative Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:90:8C:A7:23:4D:4B:F7:EA:A1:B2:12:87:B9:C0:D3:0E:33:58:CB:82
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: -01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:55:77:de:74:f8:ae:25:02:35:ad:53:74:92:6f:89:f9:ed:
-        b3:4c:bf:a7:70:b1:0e:20:4a:c3:03:7f:a9:99:01:5b:5a:a0:
-        67:df:cd:74:08:d6:80:2d:ca:f7:c0:be:9e:68:35:d3:79:89:
-        45:a7:6e:f2:75:86:e5:28:d0:00:2c:96:14:03:96:eb:75:d0:
-        fa:a7:78:f8:50:e7:70:6b:cc:1a:9d:8a:30:1e:c5:5d:22:a9:
-        ef:dd:07:48:85:87:d6:2f:15:02:d0:07:81:2c:bf:fa:c6:ce:
-        49:03:44:08:37:f3:f3:79:b1:61:ab:c7:f9:21:29:3f:4f:cb:
-        36:c0
------BEGIN X509 CRL-----
-MIIBajCB1AIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNlcmlhbCBO
-dW1iZXIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgH/Fw0w
-MTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAH1V
-d950+K4lAjWtU3SSb4n57bNMv6dwsQ4gSsMDf6mZAVtaoGffzXQI1oAtyvfAvp5o
-NdN5iUWnbvJ1huUo0AAslhQDlut10PqnePhQ53BrzBqdijAexV0iqe/dB0iFh9Yv
-FQLQB4Esv/rGzkkDRAg38/N5sWGrx/khKT9PyzbA
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem
new file mode 100644
index 0000000000..7479b46674
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 17 72 29 99 FA BE 47 81 E4 B1 01 CE DF FF 1E 8F 24 20 D0 99 
+    friendlyName: Invalid Negative Serial Number Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Negative Serial Number EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIB/zANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZTmVnYXRp
+dmUgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMG0xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMT0wOwYDVQQDEzRJbnZhbGlkIE5lZ2F0aXZlIFNlcmlhbCBOdW1iZXIgRUUg
+Q2VydGlmaWNhdGUgVGVzdDE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA62KPWxrURH3uoUly4l86zjX1hpi4DnpB94DYzQ9LSGGpGznlFDt+RyvkNjRB
+UomO6ZpzUw05LdrHNwEKY/Lt8l23PrRH6rUQW+epbYq8F7xXb2UMlmgjRw+IVY7+
+sVnLKk4bWzyCOOU4QXY1MZnoaOJGnZauWePVvA932WDny1MEV6THpnb3TUR4GVoY
+wP1rTv8knj+kMr822fT/QixZiAm6Jimm7ja0Nlj/FpXx/9Gv/LP8LMMnQ2esKJUM
+iLBZHPNtZhHcGKzVzqxAhrzRTZUddXmBS24k2doY1iV1KypyxgG7WBFX0MfLlqCK
+jC+9IpoPA6manH6k3R1UJfZ0KwIDAQABo2swaTAfBgNVHSMEGDAWgBRi5C41xg/F
+6JHQC8GN3rav2ojZPzAdBgNVHQ4EFgQUkfQx97LimEmUaVujcr+gLY2rJqkwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEASWqVVZv1Mi0Wor1uUCsSnDwNn1qBhzHRgCJ7RvTS5I/uKey6YqtG
+ozvw22AfDPOa43ltwuCuOeVX0rG1BpC57ZzHEJgQcksysR6iZ/uY/vN0tD4chgHp
+yi+8sTayGRPBqrpANbgTD2vzNULrcHo/nZIBiUAWs5I/38iWMAnRvuskzwEhAZcJ
+xU3Z7laFlU5TQGoTMxLeyMzKbJRJWW098aYscKWhG8bEy8CIRsXiuF+BcrFqqzTb
+jZA9n2Yn6S805yMK+TuDWDh+VzPwHRZliww4+ROGHT7LgRdxeN9ZlKx+XqJ1yvVo
+OSsRBKUwZyf/8dm9ItkC5J6XM6dfreX/bg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 17 72 29 99 FA BE 47 81 E4 B1 01 CE DF FF 1E 8F 24 20 D0 99 
+    friendlyName: Invalid Negative Serial Number Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,89AF3DBDD02217E9
+
+uv4c65SWYATqAOZuPg0VAf2OWnVv4nfLYiMSqgjc5mHTtRKWvXrA6uP8otgl3iQb
+PmyXN/C2eFwFfzM+JU2VnREj7Y40YVLMPKARJ/sbY/SfUhZOVsI/IuKWk/o3EiBV
+LDulYfkt+9yPOdvJRivNx96Tr6+6ItdMGiNFfouZMIA8N6GI8PyWcygI+XQU43Bx
+hVdoQsD/yrpSKzNUVqXEYbPcK34D4W7wVMkxToQHwKe7N+GDFMQbc+yqC+do97of
+lK5Ps8dv7U1SAhXb+bAxnwvRqQ20+KKlXb4FGlS56rK7ksKrGpr5lTAVbDGrCu1K
+Ib6rmdLwDM6lz+it3JM4hwlDg5s3v0uND3BIBkVzIi5b71VRNBsEoXVt96LsTCoi
+pwW7cDZm7pG2uDH/jVrpEtqfDskRWuFz5KwB4uP3Ne9g4/uAOj8QIDkmqH4gxep6
+XEmTaVEQ1kDAn5NoURExr8Z6uW5EsVpfKeXiWg5AlnqrUKoCLXxf7+bYxzd8KbF9
+QixAGeUy2Hk4l39afPcAOg5/av/UZL6S8YHMWZ5H6ks8bPnLPoYMBtwegxFRMvXP
+QS/z83bhAkw2s1DKlU4jkBM2McFAJJgl3D5G10Ps8BNNERpZr9pdiKQOPXz1RIAp
+bhaYE4EvYWV8yV1pODnYH8Y0YN9RaG1L1D9PuGBpZAtsVc/kcMz0JLzNPzp3LYbb
+aoJzoXj3VdrqdgefYmj5FbjgdIl887ZcAnm+3t1MydwDZQDtk6WluSw13/Pm8nM1
+O/bRCUadOyCSIfUHP54AABGlpto4wH8pPB2OOSe+2oEHqDq2qBRZ4mH5gDquPSPo
+TdQTgQVltNiAE9H2P3wEOob0xk8uxZgq+tR7ZYrsevBkOMXL+egimccgqndEh0pn
+bg7j1TPC/6dj5UVYpvEhcvZ1oEWEPMcMxm6Tmvr2PtcfT2Z1M5+jGYVRQVknWL6R
+ELJMLeoZ8QchYnHBg7IlRaLyKt5OAl3PpAjrQOtnXdjmEy51C2ujrpTyelZ8q9lh
+KKzGg3N0wtT7Bwg97fyYQP37wHDi7fuyPtbdF8T4JnCZxeCXgNyXUOZ0NbEUgMVC
+tC7Azst1YdtyR1ErUirsu9kAbr91KWqF9dj49wgzzuoiOsuxr3O7WykzuGf4iBIe
+WSGoucPvyStZc0ZTDtJiLsqYE52VXAjJmGarh7i64bP2v2v/ssMEKY0WNPiX4Wtb
+955ippwJsI2b+MEr1BpisujKkzoreRLAT7Tnx9tz5Z7R12iNKP4w0uhPVwZDUHBT
+qz+GB5sukQMCzhSMXhbEkHZvQhZNVp4Vkn2E6CYi0LvLLGDF+Q7docAoo5ciw95Y
+tjffPgYVSaHSMg4ndhgGxFIxJMci6IbZF0j1Mmf6A8UQET05gr6trD/yj82irR/i
+Quyj4ZkV3Hjb0K7JXS5KCxGfYZHvN7y27s5712dhuO+fIr19VUc+erlMVbcEXGlg
+ligwtLjZDp74ZA7Vbi3HyRLlhHDN9bGQcRIL7CiJCC/9Bm1B3PRPZ1q8x2Bpakg4
+l3WIs6epQEaYWO7IrgHBeS2G/M34gl3jwV+DdaVSMU2Z+eOK6LOlQk/xKvFAoWFu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem
deleted file mode 100644
index 43f4c11eeb..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVT2xkIENSTCBu
-ZXh0VXBkYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3mWvvYS5A
-sFNH3PbxcSFtUQ/3TzWlO4y6wINHN6Ypk9Okpx3uHSwBpkQ1N0htmUhGQYFyhzBx
-ATrb4vlB4KzylhOwfX0F4cYko464NaCZNL7OzwjzOCgZ8097o6RD+Z2vsM0GmOeD
-ycpB9yeqLhC4e30k8dFJqxzCAEJC0Et5swIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwGrz/yOO0EdEUB5DUcJ8XjGJ
-zAcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADOSGYLxhRxOj7gm33bTOeiQ
-PIlmAlvVtqg+44hgkcovBETHehNU1xBQRF/tdPACobZUA1/0YoyNZTHIY87qLDkJ
-Ks0twBDEHmgmadu+IKhutKIZzHSsU9xVfyipeAX7BfgDDeEaRdyPCan3KO9hpbhS
-CruOE+/WuIQiY2bS2SPs
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Old CRL nextUpdate EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFU9sZCBDUkwgbmV4
-dFVwZGF0ZSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMw
-SW52YWxpZCBPbGQgQ1JMIG5leHRVcGRhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDEx
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvSHDwBMR2xa4zMZPJ+4WCtp4V
-RyIBBXrHretH519ipC4dqURqRrI7/N9ApYs6t/xevUxi+T2rDzXZB8L6x3AhE+BZ
-xOknZ/gpSN3du4ofSeM8DT7vzkwkj9S+bdEcU480Om0P40OwnQUIiR92HM8xO5r1
-qNrXauV14rf3F461HwIDAQABo2swaTAfBgNVHSMEGDAWgBTAavP/I47QR0RQHkNR
-wnxeMYnMBzAdBgNVHQ4EFgQU/pqWPiQxXU/VEoME39jSmPZFApEwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOB
-gQC2hDiZpMieKwCdZ3STNKZnLhmmgmcxMnshFx6iQ2B8XIbpY8fNvTUCPf9MMEvP
-a+1O7EDTEdrQCEpnKZWExBuB5qpOeP6ddjsedieij7YZUsPCn8aYxz3Cc8uBailz
-2ooOjU9ubv3hI/vnWXYKhZZwPdognMfenzqgqVonVkrt7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:01:00 2002 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C0:6A:F3:FF:23:8E:D0:47:44:50:1E:43:51:C2:7C:5E:31:89:CC:07
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        09:dc:b4:50:29:96:87:a1:e0:b8:2e:39:6e:17:6e:95:7c:a2:
-        45:a8:24:5d:ce:da:6a:00:6f:8c:7a:19:77:5e:d8:d6:ff:63:
-        12:a5:68:c5:3e:e2:17:87:57:98:08:d7:2b:26:2e:1b:3d:12:
-        56:39:9c:93:8c:0e:c4:ed:19:af:37:4e:9c:2e:4a:54:85:8b:
-        54:2f:b2:a5:c9:ca:5a:9c:d2:a7:76:c5:00:1f:92:c0:cb:3e:
-        1d:0f:69:63:4c:f9:40:fe:40:d7:17:fa:ae:b2:5f:e2:f4:8b:
-        01:b1:2f:bc:7e:8a:b4:05:1a:97:21:8a:84:66:94:ec:5f:fa:
-        4d:28
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFU9sZCBDUkwgbmV4dFVwZGF0
-ZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMDIwMTAxMTIwMTAwWqAvMC0wHwYDVR0jBBgw
-FoAUwGrz/yOO0EdEUB5DUcJ8XjGJzAcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEACdy0UCmWh6HguC45bhdulXyiRagkXc7aagBvjHoZd17Y1v9jEqVoxT7i
-F4dXmAjXKyYuGz0SVjmck4wOxO0ZrzdOnC5KVIWLVC+ypcnKWpzSp3bFAB+SwMs+
-HQ9pY0z5QP5A1xf6rrJf4vSLAbEvvH6KtAUalyGKhGaU7F/6TSg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem
new file mode 100644
index 0000000000..61ed3e8504
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D 56 D6 60 D6 34 00 EC 8D B6 50 91 FC DA 09 9A F3 9B 79 A5 
+    friendlyName: Invalid Old CRL nextUpdate Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Old CRL nextUpdate EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=Old CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVT2xkIENS
+TCBuZXh0VXBkYXRlIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+aTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+OTA3BgNVBAMTMEludmFsaWQgT2xkIENSTCBuZXh0VXBkYXRlIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUCQ6ht
+nIHGtGfWIymBLnkyZ/b+51EMYGK3oG2KyVWoC+++h1CzZaDiG8p0Gv54dQjJm5Vi
+z3SPO5TTkzmEIWCa/1uKIQPjOVVRey0qApCvymRoXXEJf59gnBqPDx26bXb6NsoZ
+fGk6yEkvhH+MhGzQCHN95ARUNMtYSbPgooEDzJR0ym+qj2LFmZhRwKEp0IubF109
+JPVk/NQIbI3HPZXUdCzp5jK1clTWl+NGS958LnnO4jEK9xJ6euTg/6x/uR+t1oRa
+IxLnB28PFaavkhQG4vVQ+M4Nb8QGBsXmjl8XyOB0YLf+ZVbDXZ1f1UG3MYsjY/4Y
+vksxOmddND9NtIMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUztof2lrMjpf6IBUpT6yW
+jSrNeBMwHQYDVR0OBBYEFFZ23wygTM9MCKaXTBWP52hKEFSlMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEB
+AK1ocp8QO0gPKOT/sFZ92czs4wkA6tiiPte/lWgK1OQ5bPt5u3kT51mqBp+7c2T5
+Vph6MyKO3mp9gLEwFQPyxp4DyZd2i0GfTz50sIM7JUYFvpjThENKLkBwIHDB+fFp
+O2K6JtboC2dutQXhseGvWNc9nadR6/MaNlYEZGBCtcRv7jkNzsqzrVCwKZySxh5a
+Gz+yM9JeDcTJQIIi9FTtiI5EmBAmWU9Ny2GuehF71srlR6Vv+TNxZHZCPc+jAzBh
+3CAV7MPCTIDXbBTtRrh60063/x94KJQ6RIvnqnkX+y3A0wIbEDv8XtwvG8GI8q7a
+Ff95NQbv9wnAVBcG7YoEI6k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D 56 D6 60 D6 34 00 EC 8D B6 50 91 FC DA 09 9A F3 9B 79 A5 
+    friendlyName: Invalid Old CRL nextUpdate Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6D678DE8D634ED06
+
+vwypvzYx+kueXlE9gvBOHTXYAezmvVluBqFSC8jJO+am6Qe6ky3oQFcPMZ2xP9n3
+nHwS5xwXEdabH/uLxZ0t0uE41oWW3L6cpnhR+Rc4zY7qHB4pF/9fBya2jUg0fREe
+ItQrFbLZdTfLNMF5+DGuLwxE5RblToi9InTMBrZyUHBvE6sj8YFuZ//qzkV1VnD+
+JmIRZUNOBwUXsfCG4qoBrjOcrFgktQz8SsAxGflwWkchf15X6s5OxtHm5dImXpPN
+EPzewQSvQnnE9P8/44BLtvEwFRLbuR8oT+YLFcyJO//KgoZN2ojpjRB1/skW5BNM
+ABe91qhsyAMdFmNcWQz5HZ+ouovZByaP2CI3+J1WDUjakAY9roWS7X1pBXV792+W
++w7S1gd62vKS/+lds/SF6mrKPzJz21NJlgAtqPj5QrKvgN88MYfpEp3GxN8D7k7A
+lgeMVrHhh/v3aFaJ/G/Hl+nJmzunNaIdTXrqwIj70sqy+QWVOZOTkVevaW31nG4v
+Hs5V/ZC7+4gdG+Pu4XCFoRgVQKJd+XBkOgZXaX2XDi2WvCDfnPJA0calf+eUVUjq
+owoYbQCX5brOwUgqmkBzHWyFRqxBxvJqOLCreFykvWDQpSN6gmGaBlpb/V28ltLr
+V3rFBoZ6+tVnocDlUhvOkCrxpd99E+hmBkofyaQRH2az1fJCv/0unooxNFdy3FAU
+tsaQik2vo5NUpBhn14/XkN7/qv84CXVek54ip+ho9zJiuz+tAyu39dGdlZ4W5pMx
+euuR6NdVoeXmGzsDMW7AV+d+skgDSajlBgurbN6uIZqUS4emRjDizbmmHkecg8K+
+Q8UwKFVc3lQYdetgIdHEXPebSrhtfjfGSo7Ie8LIkX0vx0CAGeElsUwIYDfQxZUi
+Pe0K0HiDGG0f+Cj5lozDJM/Qlf4a0QK00qwABuoI10Tn9dfa0snUJcSC0gi9X5j6
+gwLUzKhb6KlSeU2YxPQFioIzWBMEy4Fb4P3vkwnEeTYe8iAwXXGuZ80iVeIkU3sI
+CffT4O+u9OTNNHqXAa9AHtyNyjK7RybJAahPThzriiMrBAgJfA7JsDEYbBfDIuIM
+O5Tj6MPHcRXLjoZp4shSfLzREvoZ67iSjwfc5rXMVgdCez4TQiq2KGsiYtxSt/gY
+mlioWnkyLsMpITAt68rJBGxM3Q22hBI1VeDPg6HOk4IBb4oDruum+/DpHgx62T7F
+UCPRbxybGqIoIFd1m4toOh/Wtsgj6uukAqLCc2mZF6LZCzV2jS9+KdDi/2dISNEE
++R5KlNAXTtlnhlfjwWTmbw9Xk+x8Km8LSldHgDPC8J5ZlQskxECKcMD7mC6qxZoJ
+6mcdyMKpJo2fqwyAkrDMal7lnFt04/O43zCobhVojfptju0GFXpXVIgRsr37t08/
+ULdYl/ZU1aa5jJNrlxM7XnyzE9s5ln3dJOz36Un/VeoMF4ffOotex9EV5NOzrPnq
+fXv2YG3pDfGHPPhrnQ+VJPeQspYplCDaRSX7m1yFw5B7wKXxCgh5+cTlG2FadXYr
+vkGg7YiBDPVd3IF0NhrI55ghEo8Q71WhzWFZibnjqPFpeh0inSKAQw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem
deleted file mode 100644
index 3c896b358d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem
+++ /dev/null
@@ -1,172 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0Eg
-UGFueVBvbGljeSBNYXBwaW5nIDF0bzIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBgMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxNTAzBgNVBAMTLEludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChB9eTYlpZl1JR
-8TrbGxGjxB92HiDmmZ2KLK8LOAzDhLn6pDzsOGwkyo7M6CDyAoWz/eaCmRD1i6qy
-QKVu2sn162p7KlvlNyd1JYAVIAPjkGR/a8VfCm9q3N/lRKwsSj/GZIek/8iSW/KC
-FdaqSGbsEbHK6Fn8vcQ4Lh4eUroNKwIDAQABo2swaTAfBgNVHSMEGDAWgBSR1+G1
-pJYIkfGicS9m2Sd7SoKTmjAdBgNVHQ4EFgQUqFpT/L04k96R6J+5dQbd8YN6qoMw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQADIM+40SMZ1r8wWXESNPXd8FCdvGJyWdeFjUA0Ads0pN+XIsnC
-4sPLYgWB1xdrSQyNdrwkLoyy2UGPHgSTwlhlX7NxZHyfxaMZRN1FKRPHs6alDc/M
-603qZ04FrwJd54rHiHLAI5/fgJzZRu5bOUBiDFxW7skEOp/4AiVZG4+8Wg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICtTCCAh6gAwIBAgIBFjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFu
-eVBvbGljeSBNYXBwaW5nIDF0bzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ANGY6UqVJ9oB3KneANaPiYS3vFaEAo7CVhPn358boVTv2/wQv8iwT9MvDcASa4Fi
-5kaob+B5k7T8qjNOtxaZJb69UDUDsAYww6r/NK5pkS1KNf7CJZW6/RQC06GsivKO
-kQoudXfGEjAMhmHNuEXS4biTlRuVUXJqLPq2yLwAJPZ1AgMBAAGjga0wgaowHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJHX4bWklgiR
-8aJxL2bZJ3tKgpOaMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAw
-JgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB
-/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBNuXYJvgOn
-wez9J/K4ZZhWpMPo/7Qso2S6BAoJh7QdTymJKxD6nDnPwetIpbQkbEtq+V30ZA+o
-6v+0cntT/I7cm9JKOXMOKn35BODzS8u5UJTDwWc/l5SA0scCSRfTT9LJambCyz+m
-C0/k+v5zw5VpFozVY4FoV4/KnwIhJPuDwg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:91:D7:E1:B5:A4:96:08:91:F1:A2:71:2F:66:D9:27:7B:4A:82:93:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:e7:b7:e3:46:cf:59:49:72:d2:0e:de:0e:f6:c3:1a:ca:34:
-        59:50:f1:2d:fb:11:31:f7:bb:b2:f7:dd:0e:fb:bd:6b:7a:7f:
-        e7:dd:02:be:6c:7b:36:1c:49:50:38:d9:85:67:97:a5:0f:84:
-        49:de:8a:d5:0b:d0:36:fc:6c:4a:82:cb:83:73:ed:1e:af:31:
-        dc:0f:6f:eb:69:18:67:b7:fb:1e:a8:1d:a5:36:84:dd:05:72:
-        52:f1:51:e1:93:6a:ff:2f:92:6b:7a:c1:67:90:0b:7f:66:0e:
-        f1:83:22:d9:52:5e:f7:58:5d:5c:7a:1b:69:84:91:da:b1:18:
-        11:c2
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFueVBv
-bGljeSBNYXBwaW5nIDF0bzIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJHX4bWklgiR8aJxL2bZJ3tKgpOaMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAJfnt+NGz1lJctIO3g72wxrKNFlQ8S37ETH3u7L3
-3Q77vWt6f+fdAr5sezYcSVA42YVnl6UPhEneitUL0Db8bEqCy4Nz7R6vMdwPb+tp
-GGe3+x6oHaU2hN0FclLxUeGTav8vkmt6wWeQC39mDvGDItlSXvdYXVx6G2mEkdqx
-GBHC
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem
new file mode 100644
index 0000000000..9f7ffefc55
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C3 F9 93 C4 0D 7F C8 D2 5E 2B F1 AA FD B7 35 76 2B 93 F7 1D 
+    friendlyName: Invalid Policy Mapping Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiR29vZCBz
+dWJDQSBQYW55UG9saWN5IE1hcHBpbmcgMXRvMjAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTUwMwYDVQQDEyxJbnZhbGlkIFBvbGljeSBNYXBwaW5nIEVF
+IENlcnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAKgYrs2bp2rDpT6ZXc4PgBYjMV+WHjSqGUgrAPdR62UDChqzNHrE1Pw0Lgh2
+IoWY+M7poGGp2Gsl9puYwBnXoViJ4dcD3EHwJGG0FvlWGpvKbV3l1AAd7cEJHokv
+S72hma5YVH20kPfdF3Kd34WZNZTY14L0k+h/COfBuL9EQfq47rmSAiWLy1K+4fBF
+jgc2Fo+UG37bpSxjZqTVt0dPmHzaJT5Ft9WfElx9GDQPl8tMES5gbY2asmubPk6q
+FmG6ey1hM5Tn4EvoouxgHEEAKqeo6jZVPbVgDgL6vKiMbmDUUvB+ujR+diuvmp2L
+HxrVx1s2bXkD9mkal41OxPy9/c0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUW3N5meOu
+BtOKpjNOFHjkoB2x5MkwHQYDVR0OBBYEFPG//ujd6Iehzjh3gjYhBFAefR0kMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAK96lyXiY85zaUn/7YefYb8m7f0S+IghFiiq8tbityudKhvMlna6
+0C/os+x2O5Mhy84okB3MBcjghp9/Nl2WUnyYyO+BjCeDk51xyAFNtXl5VkEsa029
+vfMKMWWOy51egYnVzErYmeud4H5pOFB7+x/55hMbMRrs6ww2eqtuM+i14iYKLNaM
+MIAMJKMjGUu20CoNnEeYz/lLCtcD3+/qlMrBcnM+H662A46e6L+5Q/o7mMyQQCvc
+jMKI90clD+5t7o6pA/rhv0wSpYz/GAcGciuAA5GMuJJOZjHSycMISz3nrBFvo6Jr
+F5tYb+cl5W0BUCJDswlj4X0wWsXvblfOG20=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C3 F9 93 C4 0D 7F C8 D2 5E 2B F1 AA FD B7 35 76 2B 93 F7 1D 
+    friendlyName: Invalid Policy Mapping Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A32053B6D3456380
+
+b3XSd0KkeY/Put6bpMXSPKWjmmmQGmo1oBTol3Gucht0gv9oVx3WQ2F2C0Kcl3q5
+GngVI39rccFLRt4uLbBugJ+FwvGuukeCW2OYF/PH+vuYZXfzKrS/DcuVV0q/KchN
+CkqWwSGFCLtUibk+jDwtSS0N7WzLmmXTBhBUrk7vXSP4dQex5xEuVJtl0/rXvV6j
+jQno4k5UwFldNY1Ynffaq15lxu0p0x67f4rR3mJjTwXS0mHR6T6t5uNqUUlQLl7f
+fVjSakaAHlVLhZmKNJ2vgVTaHDMOZaDOiQ99DFseaKajhUB/tCYd5sq7PLeOoeLW
+pLm5VcRt2LQyzMicoHTDfDSKNpcfzVxv7uCAExOaGE9DzPpe8WqwiWRvhuyN4+XT
+f4L2ZjOXxvcM05v41x/xxTKDDZEt7YitP53YQWgmLwR7mrba0jYYRWK6WyR0VzsS
+kW9KCvapfBNO0LVTfUhEVrpqk88pIy0X3vLk/Fa52G2N4bj8TU+hDyudilJCnL5c
+gHIPOyP2YGkatRdMsZh5janilmom28RV/wnoESMKIfRL0Gt8Ct7k6syg5rp1X6r8
+WRD9pK1vp3BQb7dGOzDM13S3ZFD49hqoIQb1p3Lc8S1hlDKQO0pVvuPHK2EltbwV
+R0nAFbGW506dTNdpEbAR13zXS0H/WtisIAxVtpiKPY3vEEFX+dmyU7uKICCcttkQ
+LV3LqGo30fg5NgX554g4x37pW4wj+SDbHnmw+YaTAgSJN+n2zfBYmh2nb7WZgBSO
+5cRRwDson3j4HUX4Kdxbi1zNzQy/R7PKwtq9i/BpSxFLvFFt/nVbKCH2AQ1p5bqT
+kaYdL2b9L8eb82nJE42gOJ2m9mLG6FmLWEcb5EAyH2MTCET403T//cun+EVu2raw
+iJ9oUuNQfVGbU9dIkrVQ+fpMKkO3yiB9GoPYy0U8zMXRvKJEruKZpLKGgz/RNWex
+Rb4umWp43DhxO0zCLVWVAdr/Bj2qgGjDDO8j6TuYO1zIb8M3Y6HlQJ//3GDmmEys
+yzuLmIMpSJTbqQG5+sXdjpUfH3UHEYSda3x9g8irkkAPv5GOlZwoSaw+un4VvAK5
+qE2zj0k3PH57/1YKdddUZUqYJm/L1TP9TzBxWYyDgWH3DxY/mGtz2hcIDs48wTj0
+IaiBenFCy0ulz/+zg5e8bgFXPqzyFkOYQg90Kj1Tm+E73Bd0/my7FpBGbDvs+xzV
+aZIrG5XxeOumLXRMr3SrjpgqMR1izY8oSpbWsBXGKyuBWaBGS3Qxd3riIOnFXPxO
+89XO/Jn2Ts3VneDvQaOotAcgrzNT/FwiMtfwk502Xes/Mg/Chb1C+hloIGwJBD0D
+NuE3R69v4Ky/BgvRUNmIvcK5sKuRgnDW0bMmEP6KdLx3IDxPVME6TV7W0pDVSiU3
+j3WmApXzM+Fha+W6aKfZuIu4rqVmQKaNc7zDD+5Zc4YkyjMW43r05vbjBR4GDp2K
+DptJ/xlDLNiUDJ8IdP8t+5Uz1rPRb9VL4aOuSvvM3F2CgaeECQ13BEzMqX3TIrKt
+n2BXWScOnLxDb8EpgA5AjjGRHrwtJ3LsaKC+ck5bYj2sM+aXuhduzA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem
deleted file mode 100644
index 43fc124d7d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRv
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrSW52YWxp
-ZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAoadvCebWnauqUaHFp40w4mCV71scsCOfYsKd2A1Z
-qG7a+bY47N5PYZ3U5Ma08y9eYo1tp/KdyjpqVjRyjuThypOpD9w0G+SKNSSO9qWC
-MDvLPUi28tTApRjWztYYwN/g5vFkSu17fxV+2UFjktKI5L7kajObs+ukIn+CZjp2
-ZJsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUNzuKobqNp3SbwOvWOcshDI2jVn0wHQYD
-VR0OBBYEFP3Ru6m0Dy03xmdc1XvYMeSY1zK/MA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAGhBCvmaevxrJ
-N0Kz2kBu8iSaQ909Y6uo5N0DyRRCZQGADpcApXIr7/C/Uu4qBIyC3WTBsx2cxZFV
-5FThscR7x6s7loGSYxVh2GrCKj3t643zzznkIP7iMZxSGBdVJpEsjScMJ/7tXnkp
-IaawhSXoSuDs35Gvi32ldHbXmUh9NvY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBMDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPTWFwcGluZyAx
-dG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXwTHRx8gVHWtSe1VX
-oLPFQmGX4Y0U4v535jowfMd9254hmwW4VbZzK7rrXGOAimFxGHKwa7mkPEo80MIW
-8YQC5HZs3jaXLh/xsmV1qlzwceCXooef+wu8W0pgoJ63MmY+ZJWiNK2ygRV/EVFF
-x2ii8ZGDW+SKEX2WIYI7JhmcTQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ3O4qhuo2ndJvA69Y5yyEMjaNWfTAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB
-/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/
-MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAphAVDZECciXjDiCta9HU
-ZubezLaRjcl0IaUmTlvuhUqkfGG2x1KhB6QTq7JGCmBrlxL93qhU+8sGW1k26/3p
-c3hc60bKZ5oBG96iN05oLWWF3udbqBESMO7gn1zX14s97qLtuqQAyuERy2L2uOkk
-n/emInqTFTixe284WjHR3XY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:3B:8A:A1:BA:8D:A7:74:9B:C0:EB:D6:39:CB:21:0C:8D:A3:56:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        29:63:8c:57:a4:35:bb:2c:2e:a0:1e:7e:c1:e2:0e:39:2c:83:
-        d6:5f:29:3a:03:70:63:aa:1f:42:e8:fd:3f:64:f6:8b:ad:86:
-        27:c3:a6:5d:48:9d:ef:6d:bc:be:7a:24:a9:6d:b0:4e:4d:58:
-        4f:52:c8:bf:dc:70:7c:ea:8d:5e:54:12:db:5d:62:c5:63:06:
-        2e:00:b4:d2:fa:51:6c:da:3f:41:04:36:14:ce:63:b5:46:e6:
-        7d:10:01:db:50:07:69:82:6a:34:45:0b:38:5e:f2:d5:8b:77:
-        e4:ea:6a:7f:9a:18:fa:74:ed:b4:5a:ba:68:f2:68:c4:d2:55:
-        17:9e
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRvMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUNzuK
-obqNp3SbwOvWOcshDI2jVn0wCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-KWOMV6Q1uywuoB5+weIOOSyD1l8pOgNwY6ofQuj9P2T2i62GJ8OmXUid7228vnok
-qW2wTk1YT1LIv9xwfOqNXlQS211ixWMGLgC00vpRbNo/QQQ2FM5jtUbmfRAB21AH
-aYJqNEULOF7y1Yt35Opqf5oY+nTttFq6aPJoxNJVF54=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem
new file mode 100644
index 0000000000..d371a30fe0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DD 2D 93 ED 79 0D 8A 49 8F 16 40 52 06 71 64 BC A0 C3 D0 B8 
+    friendlyName: Invalid Policy Mapping Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPTWFwcGlu
+ZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNV
+BAMTK0ludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP0ZnJwVL9VAfdOd5XKlTy
+DBfVk0gJc5L/Xc1KAvdB4p8wMJnx08oy7X9zp2zJUdN8nMP8+C/PL9LssmwLIPCz
+MfZJmiCynpann3CPnoXjlRyYZtHFMeW6D8ganSXetE4O1vKrCR0KOVU0xEwp5PuE
+JvC2c9QrTyZQYKgv7Gj3zZ2QFNi46Mullsibu3FOWfVpncFDZMebzPS+qIfv5I5U
+Vjec7wYjoSY25aL1/vDLwkzlTBkrPjGJeGb2oKeK1cmuDzHB5k6kPTpyBXYpF2z6
+ifqjU/wLFo94hASA0l4cMh2IstJ+koKUZIuWOipTR5K2nDMywNpLyrHwdJ9Nwzwt
+AgMBAAGjazBpMB8GA1UdIwQYMBaAFJnFeGnLPTN2wpmsROWwDv659NvHMB0GA1Ud
+DgQWBBQc93qRn7CZN550xzB1rEvWIX+9tTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQDGxaCY0Qeaztw8
+J0tdbO75i+EoXmPj8SdrzEvPS4YNnCsOt0sgBKQeP5BpfFScQgIoGHTt3leCUXlM
+c6hu8rLTLB1Shs0ZSAPj+nmNx4LdppBbgZQ3KNBzhsgvz16CXK3PceMIuDfrcyRR
+DtpqeIXCTp66esYzwq1LsdJuBdusYlkywZ/Q4NR8cHubhcAFM+iA289XjucldDDK
+Xo1L2XERrSqXK3R4p1ZUIIcbYeFsOhZyBPU5UnXJcac4DG5LPZnnZxMAbUL8Rq+9
+nx4NpZeML+uuIu+heoU51t2PzKDjJZOFhnspC7ZwrTmAYYIxTblTaZULF97Zvvc5
+QKBZoV2y
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DD 2D 93 ED 79 0D 8A 49 8F 16 40 52 06 71 64 BC A0 C3 D0 B8 
+    friendlyName: Invalid Policy Mapping Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9AA315A6F70CA697
+
+UpFJgV3wr8eBPi/ZnZni/I2XHHWMLBoM8LbF33siJxRhRGuWxqbg8ja0HwbY1KCM
+whlDYTc+wWp1VwEf8vxSykcdwBjgPlS9ITjf09Qr9A+YquKVZD8kLt9kBWeoFtz9
+RKlsZ2a0MNoQ9aEA9KgrR21K3iuxHhyKgacba4anc4wDNOJgmMqww7KkTTVN+y5C
+4P2mFxPR+57MH7sDyAdCrtL21kXdlzoAUqp7HdExKqJhb9RDbSiaIPDuCdIV4GuG
+U1N1dVVJRU+dpnLVOACmBZWJF9RoavZzo/CIL9aSHgYCqBpqMyM9xRL0ZzXcHtyq
+jTeqkSY5L+ffKmZQrdpz5/zAYlcAgpWDfnvH2VhqTw9jOjbXT168/zIXhoX9ZfSw
+WTX6Ko3s6Hxdq2xds4AFAt4eFJ321JVuRa1pwMbm/B682QVxsEQMRGmsZQRd46rc
+Hk1RCP4IEkh1ERU/1R6s48rL72j3nhKgs3reh67p8Eyawh1UToF1nerghUBlqHu7
+KOaUBOHwHWAAdEINf2wQKnJsgJJ2+4u/g2nwhUgyvn/XikstUCHMkx7Sx80aq16C
+tyQHZohWFU91grZO6Xixxbj57nJgtzD8hrPsbhNZ530ECNiHBC7BilJ5QXGRGAjP
+BWFSuNpP7payaETMQkWts+m+yHFEgSsdEFo4q4kZLLm/unR1SYQGcJTMF68efBlg
+MUc+//uXGBkeL6r2iwPeg75l/T0vrSdhRDSH64+2vitoJ4MXu+QotDeZKBwPuJXG
+umk4Lusz2lKbaBGhKTCn7zqZPKR+7ixKDhOYMtlquczeoQVBv4qzCdeI0+EKpTCz
+zQeRkS6J9NUiaJopMqY0LAzisWfAEOIu0++kJ6t8+XyGTIKNR7Onlh14p66pP+EL
+WaPBrIB4gXlEj4Sf+lrrv+k8scah7iTsQA+y3vpqGv/f8clZ4vB2OHp2UtXFxhka
+bcYUuXrRk8z48Y8YinQr/KYXLWbJAqOcHn0K6IkhbNusT8FRrQFFKJmBFkWfWeW5
+7Nllrf3jsQC8qeVb+PiKt2nmaP5iJzK4Z9djxSyusDIszTklDTmX5L1+K4jEa8lv
+ch6pGEXNBr5LC5QOl8OBfKzRgFRjCjFchEAHiuw9eeMQLd5mxXA+z3xQxr7jdTpj
+K+SMIKIHzzsX7pGmzyZY1LbpyN/DvfCT2EgkXOtiGvV8GuHCsDMtkeMUIij4aTV3
+0aRkjOM58AVUVGNwN8TqnOZIxcv+1Jdb2/JGxK9b0y/ksinfBUr+bulHUx7C608F
+y5mbNEVA1mlRX7PV7cywWXeyPtcQchqHgi5IHIg2xKkUZhZOYbB6NIfaVhzNdV83
+7AlZ5w/04tFCZgkoCq95ndcov8Rxdjx/5KDDwx+07GcXalMQCfKO0lGFNYMlLtxJ
+NjFHh4RcIMS1gwQYwkuWbB4DYg63Vp+oUapeSMbxm4Jh3TatdMmh8fMV9fjE3hVJ
+XzD8mbBgD1SbU07CIWCFaYMmqZcaYparGe09XdbjoguNRiTQyMI+kVMeS3Iuk1wi
+bRn/dirFwfRdB1TkoEJZ10VUT7FAD7fosGgs8/wY6IK/jvf6T+Gs+A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem
deleted file mode 100644
index 5c77a406bd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
------BEGIN CERTIFICATE-----
-MIICjTCCAfagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5n
-IDF0bzMgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBf
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNV
-BAMTK0ludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJprKoJhJkwv9iBN1IYtMV3uRD5s
-uHrGKo8QKVwNvqYLHai3buTlKV5MkXVGAX4jOoo4gsNST1yqaYHmB/PN8gpC5Zei
-k0+5yWdAraOAj6IeMEJzs6Vu9ajsCKNQ/hbc6SBJ7wYIxviyUzvUVS9L7tGbO9ww
-+pDzJ+GDcBzAhMJNAgMBAAGjazBpMB8GA1UdIwQYMBaAFPYssbcpta6Vf7D4OUFT
-LS4PBOPHMB0GA1UdDgQWBBSEY/EgMg6/W2kqOBHmu0ZzH+8FdjAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GB
-AI26nbSlHGf56TsealBKtrzfLJm4+UtAODZ+a5qU/JtzajvXGdh66TgEK+NFB83w
-h3OtGs/OQ39fhXosCcXXmXk8mNBj6MokhRptFdnJz+edT9yqz96ufAHZSKpG1Di2
-d9bllknCKDikzWUOGTOiCuHc2n7ymexbgnYnUAdvLw2s
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5n
-IDF0bzMgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBNMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMT
-GVAxMiBNYXBwaW5nIDF0bzMgc3Vic3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAJjo4/4TekqllLI7gPzmE2OceB30SRuraEVWVdR/lmFpFTks5fKkqf96
-WjYpnJZwaqE1ZdUQxgeNsswPm4pUAhVmU9IHvqBaM+bNXFsrwBOYYhfZY3xnwcxp
-IZsvkLPuEq1vLwxpn+0zTDOpDGf9zhiTrswEUoGYBwOVqRDaToYdAgMBAAGjgbMw
-gbAwHwYDVR0jBBgwFoAUXcS6eHk0JsNyV9FZ9KPiVKcocdEwHQYDVR0OBBYEFPYs
-sbcpta6Vf7D4OUFTLS4PBOPHMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwG
-CmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
-AwIBMAQGCmCGSAFlAwIBMAgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCass0kmtqSdWX5lffBs/tSTSvnGK38REo2IwTFLHduO4cvzAyS7ProbF/J
-al8FtT9mdnl+NpwrH4KlFNu+uti47wFj9xov/kbcmp21DvZ/m8ihmStk4FG2r6Ad
-0gdmVfBYem0mOu/1r/F8deNFP/Dpd8w3KFnv3Dd9wZd/Eb5hrg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIC1TCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAx
-MiBNYXBwaW5nIDF0bzMgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AMsNrOgngQPHY/5QvmR5y8mHOJJ2T8Vjf+3/DPv5eMF+q11urxfCat4faDdtchBa
-QXOWQ2TEy6tqpR7u8UJ2wnI7phld51gAcT2I8V7swo/EM1Ga1i5bWa5G10vPmZw5
-l7QwqT/D6JkHdthcaJdQrBP9zesYPEp13RFQU9mP5451AgMBAAGjgc0wgcowHwYD
-VR0jBBgwFoAUreIKE61SbSWszamYogoEaK1yrrIwHQYDVR0OBBYEFF3Eunh5NCbD
-clfRWfSj4lSnKHHRMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFl
-AwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAIG
-CmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUDAgEwBzAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHwK+aOYJpXAoXSRQ1o82pqD++jA/uvr
-2eJoXbcch64CAdRNuCA7rQoRAx1nSUgjoLmHcTDrowQzodrVXVmCmYqXxB5XswG6
-z5Oj09NorxHxpAs7E/izElYwEXl5n0NMInD6S2r1SWOnRpGnCL8PYM3gW+xne8rJ
-CZMIMADOWvrc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:C4:BA:78:79:34:26:C3:72:57:D1:59:F4:A3:E2:54:A7:28:71:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:bb:13:8f:22:9e:5f:ae:7d:26:76:5b:6f:8d:8b:a4:37:1d:
-        fa:87:83:61:23:70:ca:f2:bd:ba:ae:72:04:3e:0a:21:70:4e:
-        01:97:4c:e3:16:d0:ef:d9:31:50:6f:5b:ff:51:10:40:73:82:
-        0f:f2:00:90:1a:bb:f8:93:68:b9:0c:15:9d:b2:c3:5b:56:73:
-        52:d3:1c:0f:75:2f:51:5b:40:3f:8b:71:42:54:33:af:55:20:
-        c8:ff:bf:ff:68:43:78:93:55:01:fb:7e:4d:db:a8:57:36:34:
-        df:a2:90:75:bb:fa:23:f3:9f:de:e4:4d:92:30:65:8c:f2:64:
-        e0:01
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5nIDF0bzMg
-c3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF3Eunh5NCbDclfRWfSj4lSnKHHRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBABW7E48inl+ufSZ2W2+Ni6Q3HfqHg2EjcMryvbqucgQ+CiFwTgGXTOMW
-0O/ZMVBvW/9REEBzgg/yAJAau/iTaLkMFZ2yw1tWc1LTHA91L1FbQD+LcUJUM69V
-IMj/v/9oQ3iTVQH7fk3bqFc2NN+ikHW7+iPzn97kTZIwZYzyZOAB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F6:2C:B1:B7:29:B5:AE:95:7F:B0:F8:39:41:53:2D:2E:0F:04:E3:C7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:b3:1a:29:36:35:76:c7:62:11:6e:e9:29:e6:83:8b:5e:bf:
-        25:ea:4d:71:56:16:50:25:92:68:a8:a2:e9:4d:09:a3:74:36:
-        e2:9b:c1:52:dd:87:0a:64:98:58:da:6a:96:e6:c4:02:90:d8:
-        cd:4c:10:71:4c:98:1d:bb:d4:8d:7d:74:f9:34:3f:98:f7:8a:
-        5e:eb:bf:7c:8f:90:2a:7b:c4:f3:29:cc:3c:62:a3:f8:08:c2:
-        0a:ae:35:92:8d:ed:c0:30:a3:f2:a1:c7:7c:a1:68:1d:b0:48:
-        4d:c1:4f:50:7f:1f:af:c6:f3:a1:d0:ad:8a:1a:78:05:84:6d:
-        d9:7e
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5nIDF0bzMg
-c3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPYssbcpta6Vf7D4OUFTLS4PBOPHMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAG+zGik2NXbHYhFu6Snmg4tevyXqTXFWFlAlkmiooulNCaN0NuKb
-wVLdhwpkmFjaapbmxAKQ2M1MEHFMmB271I19dPk0P5j3il7rv3yPkCp7xPMpzDxi
-o/gIwgquNZKN7cAwo/Khx3yhaB2wSE3BT1B/H6/G86HQrYoaeAWEbdl+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem
new file mode 100644
index 0000000000..2ba54b3a1b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CD A2 F4 2B 63 C8 3E C1 A4 26 1B 31 5F A7 8C 6B EB 6A B7 B5 
+    friendlyName: Invalid Policy Mapping Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDnDCCAoSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUDEyIE1h
+cHBpbmcgMXRvMyBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTQwMgYDVQQDEytJbnZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3Q0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOegev0I
+rw/xlikpHk/FMYCcY96SImlDS0RBDaTJkie8ehC41c2dn4GAWeTxoFn5c+joQ6dq
+Y1Po7teA59bYP4USHordfUKh7UjD36NPQnzbfU4GVUmVksb0f5PdABQnRwmYH+AX
+ZaCfS37WRuoge7+XqUza3YLgY32y1Fh9VPNRygcGfvbhyYv4S2T+qruvc70C5ILB
+lBGt+deKtqDqngE+7DZEZN6hn3H8Fgme8AAPdx48JNTLi4apId9Aag0BR7MMb0nC
+Ntz463ci+/EhcD3HYZihuoZQ+kDlF2/zQOukhnebBpUv3VZqDuCvGJUAZPRrDRRo
+dK5QZ6BSyfJ1zwIDAQABo2swaTAfBgNVHSMEGDAWgBQAXTk+D+WqKl4t9q5oKq0z
+mz2bczAdBgNVHQ4EFgQU8p5RygFbuse22sy2ekGu4lIT1zQwDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEA
+bXWDCbc7hJbeoWLcbO9gVwLftrtj68acV7Z+Jq0giW79OirTxTOZz9qmrkHiVZ+M
+l5EdyY8TYchJBzxztll0mpbCc8j4tdin6H7I5X6/+RnTp3OBN6yln9X9Ap1iJTzA
+t8y0K0LR55ytAMboQBvv7Qzd5AaWV3LP5Ue1QbrSMBwy5CBeUz6wKktrgzXUn/UM
+Nmuf01iaEAt/GbhrSxC4EaUIF3P3H1u/TI/8Jw3uKdKnCMl1I/FGxeJyQL5CqJ9a
+jFoZCpRcYKFItuPzr3HIpcjqaiZTB/qJXCLOQr4Vc2HAIOtt/eV2FXIc3pgqi87p
+wojndjN58Fvx90EZIkOiMg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD A2 F4 2B 63 C8 3E C1 A4 26 1B 31 5F A7 8C 6B EB 6A B7 B5 
+    friendlyName: Invalid Policy Mapping Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7784074D4170A74D
+
+QuOusDv3vk1IUQEPwqV+p8unoJTsvfgFwSOgKI4keWDWGC8v8jlcKduJkHrDAGmk
+X4oBRY82mcMjOtD7VvYVSvGkdVUPz/CQF6FdUNCpzTR9DrZHDO3dYnqNZfO6xFd0
+ZTa8HYiiiM7/NOb6Vjms/1HVg2dw3gWcUaiX4o27JYoEi3VvggMAv2W021HHGlud
+ppHw/RvY+VhLZsLT/JfgF5NvSUP/n2nkKvej+mFwuwuRRqp6TNqlwOF4iAgtiCWX
+fqdq8/XWmyvGf43M/n1Ipz/q4zQxIzNrq/ZNN7C255cQGKVf8n0H7b5zxoQcLDGz
+odVr16t01X/PM+i/wJiph1BcY/xYRXGkIGpu8l/JfGx7rwZCS4IhaEHnjOzosrnH
+U2wGuVkC+AVBBCz0dQzEcqm38TRl/c/8c+lrepDpY5H9WsMAfo7fBKPT2FyO0Diw
+G8PX6NDyEsE0L41Wbqpob7gmyApNmF5iH3LPTuLapXw0OQiwEj3KyBf6ktSO0dCP
+/gP9k8FKqVmzuwGd7/1f4NoZxYEg1F7CODSAxKxPJphSHKeQi7e0SxqvT7AsEFqe
++BZ7crQ+B0+sSDsMbSzNUeX5tQFg8NyHs9IbbvSCeDV/8mF1T/xxlIlUs0A6YKAY
+IByqE4dYbVvIXKcLPUdDMHu9nIusna7tcgHk7MDzLqRs5JLADdQRyLe3zolRaAdr
+QJFLiE1yDdspJS5iyfeYr4fDzSs7wg5A+M9oF4JNTRarZgUMz8CBwowV5QY1XZS2
+8i2LMKUSC2iTwz9TwwnkaSQSJHf9Zc50iAn+BW5Sq3QgDUATEiRDmmXQfq7DiFQI
+BTM/INoyYA/BoqnV1Tn5iJLC9m2XGBUNH+PEwcyADC1Jjv6gqZOe8XMizMUcqKko
+0yZMERleSwvDOeTIctkiHLaEFUwYOQnnHd4KIJ3UZMt+9Ce/UnwZYQMV+mtMiYEH
+2j8BIOz51h1GLCPa8Lc1KRVHDwn8riBpugH77NL6XcfsiAI/1DpUG2u/hcnt8Tp4
+VZeMQT1ugJQUVQNxqRFrT8vvwyk5IsmgVa9RbSGmuIJk7dT3lDMFMmgEpEFDa+wH
+A5bL6y83zbYV5bzNjv8rHn0Vj0Zoo8dnkBva20OyPSlLAWH7Uo3D7TPIZNJ2PJwa
++6OlaVaPOQ/iEJqv20TqJ4qHkTynkt5dpJZDeXTzE1w6+6CABcWPdnE1bhdDTY3u
+Mrsw17n4gRnp/AXCgUZSg7dO49x4ZdNcsOQwIrmRrjXZ1vtX4nMaewN3e61KHc2H
+q6llFD1//0qLmWC8tAkW+jLDJalblJPo+BqjefGcp9ts6+/RnqR0jfDX8nTVNf9T
+alpIef//juR9V/nEloUQm28tvW26MDd6k3ESgs9qBWtofx/4TQ8hfF2T0Qg7dLfQ
+tQVcWcQQ2ZcPdv9rV5y80k/sCJpWvSZYkRb0pTHMtueD/GZg36XK9kLsbw6OermC
+DI6qNMIywpC527nYgx2ENnjAB53TCylfaOWrNaOfCrXnkmapGcwrv1kMNRClGCQV
+aXeDZEQhpWrCGLfpRanYDUvUJ1BFc1XvULQGSOH2+9viVWuFMdfF3vo0NZ3U27kD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem
deleted file mode 100644
index 074716e415..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOYG
-d2HszTJIsVTazKriCUJ/ExxUo4U4HEZN9+/XVXsQVkZYIzWtyCTC3IFmSAyb9ZED
-Gu3jmF/evXpfNXmxiURUu6W0bLEpIkZiVpPpTKqoJx2EHj+wXOfe31AD0OmKidXP
-66+LVgIJLWGMr3Msbzb4T3gpKb2ynQc2/XnE3RkbAgMBAAGjgaYwgaMwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFON/hXqOojue7rgS
-HXkTqsS9LlmtMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4EVLnRlc3RjZXJ0
-aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAJjXEGmrQ1/Muud+NZwajR9x
-it/32SNVvHI+/O7bopout/RnhJudrmsdqGlcSk0KXfcXI22cJOkAYe1M39znxgba
-VitYYLxfsS+3O2pLpMgQMFCZuOJATfAQUlui+dVtPTaIam7jimms5Qam2K2SuZ/t
-eJ2J/rIDHCOrIGktQS8H
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test22
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDIyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ3Uy3P0KWoLsX
-XvhOf4ODgEJBTbtvW+xeevCGrTVdm3mG+1Lobp74rIRSpQShRCN+ltNnmEOHPIeJ
-YuV92pX3FQbBX9mz3ZgKznyb9qVBwysiyfX19PBeESDLn+O6Kcvl9XfUu3HdXMQP
-KA+UPU6txM1pbhkvRK5OSG/TBaRI+QIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFON/
-hXqOojue7rgSHXkTqsS9LlmtMB0GA1UdDgQWBBT4EdpzVCY8SgosOEgawdqBAjYT
-5zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCgGA1Ud
-EQQhMB+BHVRlc3QyMkVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEB
-BQUAA4GBAENRegfOIUdgTAhpzFZDtmSaJUrYqkW4ft0v2t+flv6Nf+uAjlYMXThj
-7Q4LUtevMKeoFkGX5gnGL7HKo0/QwTPETD0qTCYcQo9uw3SCdVie4kp7X0/w/rHo
-sNUMPAPe86k7l98/xN3/zO6P4o82pX4vp5xqgs5koOZKqExh8kzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E3:7F:85:7A:8E:A2:3B:9E:EE:B8:12:1D:79:13:AA:C4:BD:2E:59:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:77:73:f7:12:e7:d7:20:9a:bd:e1:00:a8:b1:6a:7a:65:1e:
-        8e:56:c9:ca:38:33:7e:d5:37:41:c1:e7:95:a4:81:ab:9b:40:
-        31:1d:aa:6c:14:f9:19:e4:3f:85:6b:24:ff:d6:bf:cb:fd:27:
-        a9:65:35:5c:b7:6b:82:87:b7:e1:c2:4d:34:ca:42:5c:46:66:
-        45:11:d2:c0:48:0f:08:8c:b0:a7:58:66:63:9d:ae:0a:68:0a:
-        5b:5b:ee:fe:12:93:77:03:90:6e:a4:8d:32:2e:56:56:cf:1f:
-        85:b8:95:52:f7:73:78:5e:d0:04:66:2c:8c:ca:78:36:da:43:
-        10:07
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTjf4V6jqI7nu64Eh15E6rEvS5ZrTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQC0d3P3EufXIJq94QCosWp6ZR6OVsnKODN+1TdBweeVpIGrm0Ax
-HapsFPkZ5D+FayT/1r/L/SepZTVct2uCh7fhwk00ykJcRmZFEdLASA8IjLCnWGZj
-na4KaApbW+7+EpN3A5BupI0yLlZWzx+FuJVS93N4XtAEZiyMyng22kMQBw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem
new file mode 100644
index 0000000000..1cb3880747
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 79 FA B2 5A 2B 67 0B FA 4F F3 76 2A BF 0E F3 F3 06 C0 C2 8D 
+    friendlyName: Invalid RFC822 nameConstraints Test22 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test22
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANL6mw8zfZFK7YonjGlE008qAPEdOsOk+EExeugqWGTUCv/Dq74SUVM5jDWf
+CsQtfPc/miyUEvcl5ep3fISwLriz3lSSQW3Qn5RzYJdpA5U4ahg4FKqMjNTqt9/2
+VAEsRiP3tdsyYREY1G0QT9ROpN95Cr6siEm2qVa2r4iPApydbxxYr2yR4uIk5HsY
+IZ5gnJvnrP68ibAoKrhVr0V5Y9bhsYEreS4LpBpHGwidcrN49vg3WhuRNFVhCNz7
+qgfAU2vnCJdWsE/4R4rlhmlm7uvorkDX2++YoOMKxS8Q7OreLzMHdDqAFMtjyj9C
+N+FEQZBku2asKYHBehARSa8nCL0CAwEAAaOBljCBkzAfBgNVHSMEGDAWgBTIao6x
+D0uqpYi4p4+R2+ozSujV4jAdBgNVHQ4EFgQUz4Q/P/5DzDB2OPkED44YfyyeisEw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
+ITAfgR1UZXN0MjJFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsF
+AAOCAQEAAU/7LeKzJxvHV8Z871YW+xG1i2nsULXHrweWhaKU3u6L7HYNxvZJSHti
+9vhgqOBc8JyyIvu8GUCyqED7S0/VDalPwCysrbAJDNTfgxx2amlOp9gb2LBgpMVv
+EROwfwFsZhl486M57w8qK/PvRuVFDhm1+QhDm1q7boTU4+az+9DgX+UjBtWPPYGq
+nAMyH/0X9Abmkv7Tm9egKtVxe3ScjV1P0Ti385LaUVqIekrxjItWZIU8lMBgsbXV
+1jA3HKOwHNJGyL8D0TnoF/8Q2GRA4j747hHyz4bkSxnLi/GwTLb4ldEab87vzzOp
+tlNkycHkL4+iAMH1ZBHG5CnoVVmg6g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 79 FA B2 5A 2B 67 0B FA 4F F3 76 2A BF 0E F3 F3 06 C0 C2 8D 
+    friendlyName: Invalid RFC822 nameConstraints Test22 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55CCC16C61DECF36
+
+Xyu6redjnchvrC3oGfm0cnAJKK4XAWtzVg3aj7+4jh/7Gab9LDBBSzzoY9WFPKzi
+/FNaZotEfW4vgsTVGZk4HqI94RqX5CjAxbcrWivNVdc9whEsIOuEqKb8oYYfU1Q4
+ZA1Sv8UPfFOPKIw/IUyev7brY/BddG8zvbDqQNOYsZG3KhZ5s6n3i/taNhUmOWV8
+Oei/vLkW8SYjlaY2mgOohWmQQ9Pi449Tl0mX0Ng47cWCXqsy5k3AC8oQnyMMnQ4V
+FN+iDJyRePYNxTJRL6/7dAWAvlBRd4aL+4Qvwy/WAozfWWO6g/5/YOasbZph+Dav
+twZIgyV7QV410VRTNNA2ipqzSVl1/aPyq1Q15nS9GOa+HJMEuJUFjEl+q5Xa2lbt
+XeI/N77iJgmSWQvVuVyyr6azwiivDFL/Nq6RE00Vl938PgOnBiWwlik2VSzXuyD7
+ZbKgGpBt/hnF/mt3Vl71QW8FB9llffrYXvoBcAw/9mMeT5pt0lxKSTm619UdlAR7
+r2DB02VfWue58nhZ/UldpjkGVbALaCxlPavS8zi9Vhp3tIMrNX0K+BYY4vZhzgJZ
+HSw1png5MUqZVQQkSg6RuhW+cN9ZJWcmGZpvHKEOjRM6AG8qrsGc657Zg8D2eV+s
+S3w1ZssF2Eca9j2ZVdt+hDJ4yBZHDPgO+clM7oMqb0PP9LJSPHayFkrG2rtYniI3
+zwO/qrv+OuW1AIufZJtE3SQDjgf9sAcDi0iFcMtW7X748BvOKZJSDr7mgET8mPRS
+Zyt0RVKB/rvvajk1j5zgPncY4dQ1t+eNVtr5f4T6fZ2SwqfdDK/u11+PfJAL/owf
++yEHScSQm6EqOxLEdUli/H5QICT9yy5KkDgusc2yo8WDU2mqzdCEqq+0ZtA3hbZH
+33ZCqg+wfpGgMpxzSgOU1oFv4Fh+Pxenlj+GppLpX3STtDA/a/TaSeyHPyl+p2xX
+6k9heoiEPQRvD6PU9WMICMtjcvIOAdXBin4ImnpSOGOy2F6RTy2fbUIXN6qnWUU5
+5JOjoH+gr67lXOG3xDLViw5qLp9U3OyQlixU7ZdC7YlOEN2c4o4qWJGBfzIvN8Hj
+O3B5tBat+IxlozMLeWHmVwj1HsfkuKpw29ET4bh37vKGzU/U5cHNw+BSxlYoZjJ5
+7dtQjE+Nci1JWg927kpK8FnKuY7JxlW62l21S8MDHrCCgNVY6KTcU6YFbEVOWVhS
+WY588wAIR9bkMDq+mqinyHn6rV2jwoJR757vALTQOXG8F1XYpW5/axE203m/S0pq
+qWTLmY+IZP7xn7sApm0y4LTToBn/mb9VJ6xSkUWhwJfxbNtQDmkoBNwHwG2rABaT
+f5Q5hCrjzojFs4IvrALSj8WUJPTnsCUgr5MAXHVPdk0vFPhOaYDEKifFtKyDOOz5
+hM0p6PwdnbPin7UPM5gjXaVFqKzutZvIjUV4jWmMPylDGqXvD/HaPiVGg6a942bx
+T/cMrrCQEjm/LX6rkEpJnJJLWl1PDT7jIn9OXw22+j88QURqjbMHMiHxE8y3yMIP
+xUQNfSTPzbSP24llbuBfVYt2rcpIZ15dZ+b2sY2Wyga50SRu27FvThFzVvwVFfUq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem
deleted file mode 100644
index 10cf51c207..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPZ
-S8+5+/2AgG2N8tsByPeKGxCC5bOrNXho0b3fSjvK452P3luNUPIf46KvIBU6UYAP
-4rGMqcUdmgFD+PdXq6TMW8bWNuYRICw6c6ni5uyre5bovptoJCsmBw/IqinDoqbO
-Qyoq0YDltds+lSROlTUCA/7qOBHOdwpcjhVfYJSJAgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBQbKzZmdEuTqzFV
-h6QxqzZjbzXJMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAsOYxl05xGFDRHUO8Myp9EM/X
-ahfChzUabmgo1Tqpk+TLbxcZw+GfesxOp+jCd7jtTBJKhB0HeX1vaCVUpURbWEAt
-fuE35slQQr/c9dgwCw/JwBNdkFFT2z/73nDEN96rUK3GYs2OO8OJVMqdKb4iBUxH
-M/bZyCy4CB3+hthr4to=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test24
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
------BEGIN CERTIFICATE-----
-MIICzjCCAjegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqPW6bvTBs4Led
-75oTaGYT0mZgPeMvygJtDc882QlIF9vXBnhm4761p+ULe5iKwIWjfjyGva96UcKU
-bFfkfWeMxS+dDwb9v7pBjxCUMp9tTVWIFZDPZJTi/RpNCwPVSN9pE7JxoXKPHZsN
-20WcbrGJtUvvKFhei9eltGndiYkSrQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFBQb
-KzZmdEuTqzFVh6QxqzZjbzXJMB0GA1UdDgQWBBTyvLyqMRiaUCgziZZt9Dl46omW
-eDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1Ud
-EQQsMCqBKFRlc3QyNEVFQG1haWxzZXJ2ZXIudGVzdGNlcnRpZmljYXRlcy5nb3Yw
-DQYJKoZIhvcNAQEFBQADgYEArrFpI+Kiy9ZDD8Q9WoEG1XixP5/icUu/fk+PYsad
-2fU9G82dE2gBtN0L/T5FqgYo7uMY8R/ZDptaB6l/exqrPIGsA7xvvOYBzO8sAPyS
-GZul8SmHmKX117/0ZhZ6Ln9vCMK/IablztFZ+LcEDvpldAu8ro/lW2XXgd/KLdY5
-m8g=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:1B:2B:36:66:74:4B:93:AB:31:55:87:A4:31:AB:36:63:6F:35:C9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        47:93:cd:d6:9b:31:b0:dd:6a:d8:c4:e2:5e:3a:73:cd:2b:69:
-        5c:47:1a:75:56:6b:56:1c:a4:2f:c2:66:4c:6b:a4:9a:86:53:
-        fb:26:39:3e:61:d2:14:1b:85:1e:9c:f0:1e:ac:c8:c1:73:a5:
-        c3:29:1c:c6:12:21:08:4c:4a:5a:d6:1d:21:4e:eb:7d:16:14:
-        a4:a8:18:07:2e:e9:31:ef:39:ce:f8:6e:2b:d7:09:c1:ad:be:
-        6a:c3:d8:46:24:95:12:ea:cf:2c:c6:84:50:bf:78:31:91:79:
-        35:8c:02:47:d1:11:0d:aa:55:34:22:d6:d4:a2:ac:be:b8:07:
-        60:3c
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQUGys2ZnRLk6sxVYekMas2Y281yTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQBHk83WmzGw3WrYxOJeOnPNK2lcRxp1VmtWHKQvwmZMa6SahlP7
-Jjk+YdIUG4UenPAerMjBc6XDKRzGEiEITEpa1h0hTut9FhSkqBgHLukx7znO+G4r
-1wnBrb5qw9hGJJUS6s8sxoRQv3gxkXk1jAJH0RENqlU0ItbUoqy+uAdgPA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem
new file mode 100644
index 0000000000..d17a9a393a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 33 67 FA 2A 63 B5 47 5E B4 8E 48 32 E1 20 9A E0 3E 2A A3 E5 
+    friendlyName: Invalid RFC822 nameConstraints Test24 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test24
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAO3QrhcrFnARNcuvNoKoiR9dNECwpiyjNYIMkr/sbcZQnnDHLTX+KgQf09Mm
+5DI6sXWmBwFlZCJYDP03ntCXO5thnb9X2fU5eYlsKivE/gPsasDXYjBCkhiztSzG
+n8P504ZOy/lfnn4AryvauvAnN/2PjPCoysWp5hUmSotCCbpu7i6MyLdjVx1slPbg
+W+nIthsZGIbo/6n4eXq70D+PA0fpnS47DLaT2wgmveiXE+493ilAE8LcQqhcHJo6
+Pw08KQtPo23Fpf3o3Kh5QWOPm8lw4AAE2A7btkYJr8LsN8hYF3EApmEjFelHI4wW
+3OpRe0FKh6l00rZzmWyrwom8nrMCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBRRgM36
+SXJIPO0OTgvOzh9AZRJwoDAdBgNVHQ4EFgQUjKQ6o0y35k1d94MC6HLB+wAbONAw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
+LDAqgShUZXN0MjRFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
+CSqGSIb3DQEBCwUAA4IBAQAw+N6NgtahpWR9GAlOpTU6BDQ1jAUlL04btBcufBrr
+6QCBibzNfigkYBS014FyJ86qCj7JoRLjzyYP7C6PE3tKBXklxB1hwoqE6CdLL200
+amMPsWfORjIBp5vSC1m99pPUOVyxFJSFV4oRZQ752AoXEWXJj7qYlqL+3hdNdxjH
+xw1UQQITlsEYmPJSmhh/HrBXNB6+5rRxyu0uYo3y3f1B8khq10wSrQV5pXj1Jowk
+oZjjqd/pMUWWJU7UoJom9FdwKUZ9hhfEwL8pT75yVgZLvqoqGsqR/o3ni1NJ5LK0
+GST2v+jrlvs4riCqbFPRMk70Ix6UOoO3Psv2urfsxTx0
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 33 67 FA 2A 63 B5 47 5E B4 8E 48 32 E1 20 9A E0 3E 2A A3 E5 
+    friendlyName: Invalid RFC822 nameConstraints Test24 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BC2846C0A372C848
+
+AOoji699wLDwE10c4MhSQDvO4d3D6IQwEESJ8cMXQwkQYJqgmLUf1xYbhpH0/+uu
+5CPbz5QcdyXuu50LnkTNXIkVfVC2Vx0w8Q9HuCZRQFjR+XQgRzzWC3LJkpTd5dy9
+OsMR9ZN2+TRvue8kFTt2zbV+JaHAWKOPQqx4+mEf9eI73jqIHhznjaNF+OaIfBB4
+t4BFo9yLDzabgD5WR15sQt/S1zzdm0jOZurcpB6gjlZMjjaMglynxeBR+JJIsf5L
+pGkC+AMP89ghoaNDMX3deD3x2pdZFGOQN9jVJzW7ambDl0ASQWqz9OROPwWxIU7K
+E5fmI2ZDizsKGo1+YE/3qeJwsNNEx2xMJDqjA3IeF4WcvEUmAcsEAPQ7awqH8Pwy
+u/cSLJqmwzN6F81VNX4u30VwR42pHqyKrGbHLHIDZxmbKvNx42zu9XzSTORIW6qj
+qouAQc3vz5NYs00S34llMvzNp+ncxEAmhEiF6YNjTBPnbYnBtXcGq/iDyU794j00
+T89FxT/4FT/gwbRugkEMYGZ6XqcGqoYRfYQANEZoUrVrzBEer+lrqMlz/IYvmktp
+3hbyZJAHpruaM3IdhDiEMWLABXqTZCu/nLal61nkhIFOWrmI+gAQ1rHFCRpwWgus
+mMLYAFyS3bve+M/vwSjmk3ZnjQ3J3TxhMSPGFPfdRSMo2hOY5ecw+f95am5zE4SB
+qhPekhGVtTiwfl2fafjHe08T8MNvM9rYMhgJqelqWmWSg3GSFEQ4svBBSAUOFnG7
+s2AzXvZesEiAhm/ocwmmWydgTUV2JGXC+WKC4O2LYNC/vJ8h47F9aoihYicwp/nE
+8QUlpcht+lOOKcVA5NeKbLDdKCbYiAqA85qW25Gzu7l3bAGboTo0IzyL1pe+GVrs
+sQgJLXXXn/xnh1A8KCEqr5KP8ZLEJk2rya0NQI+LFfUyomjGrrd7FZ1QXomBGTUJ
+mDqYqR4hwWHEPSPJ+jsV0TxdnlWgReeW5Ge1Ma2kj5UQz7GNZoCHRbFrMc81rMU7
+N30kI2UMo9yw/lN9G51GAVuq8tyZ6eEWG4xfCiBas0ilfyHlbkScmjbLQ6kh4YKg
+I3mAnJwqcBeF6AFIJB8T+ctp5IromVxW3qlZ/J1KlXUuszOqobGLoMzTIYMPwf/C
+SRZ9vwShbIqI1jr+nIsjaedUCmXGCFNDT4tqKryVZ6JBBYfDbFvYU66Q6lji3JIO
+ziDg250XZJYkpId7OcZlU1Cubh/onqSV534Ll9CJeLsBiXvarbn7bPtc5qE/h4by
+lZS/7YW1bmpxxerRFFuLBz+GhRVFUQ/NdQsvwinTQUbF5YF2YOHoq4rtwnuk079W
+f6yLLIJfycmtgIevnA8vhLk2zfwF+3eBXfHjT2c9bOOLItG+emBpiehmhiEzOHSP
+jFv7UaVlKUU4Pq8oer4rBvvvlIGK+DuI8HWhg93i1nEKvGWkaPVSmeLbbICGIdgH
+U6qIKB+fQJ8t+zQheYuOh9P5wn1Bs8OKcUFsYozfAkW/8bUJC85filjE0ClTTIUM
+m8AY8YcVBxNMQTF6KjxmL2FZOuNRzFMRoV+vll1XPUycub1HGn7xbE1tUpoo0Het
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem
deleted file mode 100644
index 05b770b3f2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMii
-1odFMCSlNLo+1reNBLAhQ3rkRllmPUUfznMkHE+tVOXNCuGNSPuCJPQNO5495PH/
-vsBZUVltMrhOpo00ibzoFrcLwaxj5Gmb8rNV/aPwDiRX8frLslhpw+QEjxMZKP8O
-bdOlItBR3dFauvxrwLz1DUUlG7aX/QoEtws/fE59AgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOq3bporCYA2Z2m1
-jdo1pYY9KXgcMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoRgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAcyB2R0h4mQZ671JhQ0r6cmPF
-iaEHtdJL+REJT8yGWiERgT/2wh65vHtCierHK8+0aJ8Wy/nJzUAWcKeGESTPVTey
-IxQg08VdFJIohXm1lvJ3hfzgHIcFPk2tXZvYSk3qYllYHt8tGCoyh4p3q4vpyTou
-HcOOTD0ogzE9KbjD3Dk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test26
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EzMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDI2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7jNtdzJgwipTJ
-BBs5x+7Zode/Av/i5gvFc0vC7CQSf8VCYp5gKT5H1lXopLZt6hYd0cr+IuDRVMCU
-ipwl1nRUgnh+5XOWwN83Eu4AVd8B/aAWOngoac5Th0S+Dm4jCE0MNgOEySMKDZEQ
-niPNQo8/t6RyIkKxWqVbIyazMwecSwIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFOq3
-bporCYA2Z2m1jdo1pYY9KXgcMB0GA1UdDgQWBBSUvOjq7LDrQWg4ycgFgZma5kZn
-KjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCgGA1Ud
-EQQhMB+BHVRlc3QyNkVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEB
-BQUAA4GBAMNNCicEAT2nht/rinoSsxFccd2XKYncNITOUA/eKz2SqXcRPCimQjHn
-CEfGgdPU+/Sw47+dBQ2aFNUmGyJazLIdnx18TczXpVmTIcgyUQGWOkG+RdAeSn15
-kIsvSAdiDQuzrptYG9TvTicyLKcl+FuOCLN+uBJ5FutlSWvMNIpa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EA:B7:6E:9A:2B:09:80:36:67:69:B5:8D:DA:35:A5:86:3D:29:78:1C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6d:0a:0a:c4:67:91:af:de:5d:89:9f:fc:df:e2:7a:7a:52:
-        3e:4d:ec:50:b9:46:83:3a:7d:2d:9b:5d:84:8b:6d:ba:bf:4b:
-        41:74:e3:3b:c1:90:73:a2:83:02:4f:e4:04:b8:b9:7a:70:7b:
-        0c:bc:59:f7:db:83:93:00:87:98:53:43:a2:71:d5:2f:d0:fe:
-        2f:c2:46:55:d5:64:54:01:90:72:4f:a2:37:dd:88:b8:3b:63:
-        24:df:d3:ed:7e:6d:da:2f:57:9b:cc:d7:96:67:48:7e:a5:b0:
-        6d:cb:c9:5e:e9:78:58:c6:be:f0:cc:b1:16:e3:4a:57:45:86:
-        90:12
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EzFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTqt26aKwmANmdptY3aNaWGPSl4HDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCMbQoKxGeRr95diZ/83+J6elI+TexQuUaDOn0tm12Ei226v0tB
-dOM7wZBzooMCT+QEuLl6cHsMvFn324OTAIeYU0OicdUv0P4vwkZV1WRUAZByT6I3
-3Yi4O2Mk39Ptfm3aL1ebzNeWZ0h+pbBty8le6XhYxr7wzLEW40pXRYaQEg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem
new file mode 100644
index 0000000000..6922557d6d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 96 5F 97 3D 72 E1 88 14 07 36 12 E7 DA 47 93 EE 6A D1 1D 01 
+    friendlyName: Invalid RFC822 nameConstraints Test26 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test26
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTMwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOPaHJrQm/Kqqf/4/xBLsdQP9fekUUNe2JiuIA3XdwLgabu6paTFdV5jVcR/
+imqnAWJ8Wx2IBlfy6li6la4rhHrc0aU1T2mmiqXcbFyxnslvKsPTOevBh++PfbLx
+zP+NkPl8tA6W33/oLnCQsDBYmqdZiLrjL5hZStWAq0YugLKE2HSjRorXTRT6Ged9
+xwawSrbCsG2RRP5+jJtvtu/AhCjx+75mVBsBinhlDN10/7TNmwA1hYNQ1BBiszxZ
+PuWkI72jCjsJtI4uG5Ds9B4FzWMLjCRMS/eCO4/wX3WbeQHzHsTbPg+qsgo4kElv
+XvInxXNc7ZJH8UC1WfKbryDd4L0CAwEAAaOBljCBkzAfBgNVHSMEGDAWgBSaujlN
+2iF1r+pBwzxsUdioRal/ozAdBgNVHQ4EFgQUImSefsikOFzboCbTld2bd2ooI/cw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
+ITAfgR1UZXN0MjZFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsF
+AAOCAQEAXr9hF23UlbewDYWKUwzUTOrAUaEQ3SiN8f+D9c0bX0S61RUZWDcsiqVb
+pThRuIamdDPEPoyxOSJOGNHKJc/mIixymmnjDRwSCho+FvbI75T710aOecpmrQ8k
+IymBEXfebP9GXc1jQxi0tDKYpv4avAz1zMnKs4JLxiUYftwiQd99JizQKnG9bqsS
+M2Ogn1QWsZRzW/YZD8i4k69WQIV/a4M45b510y/qHU6T5U61JO/EXiEJPxsjOwta
+W613Q0ow022r4b7pTyU8gKyDgi0sgF6k2GL+cD9Q0+rcFwT8w0OQlynq5yM9n1Dp
+gHWSV1lpJjz1R59LX1j77NESaDhDyw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 5F 97 3D 72 E1 88 14 07 36 12 E7 DA 47 93 EE 6A D1 1D 01 
+    friendlyName: Invalid RFC822 nameConstraints Test26 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4C6FCE24D6C96FB8
+
+wMA3pyp1K7bxUCEYDMA6/xklluUcN7LlYpYddtOz0PvbskbEANGyd3jWAdQDGDJv
+LZvSGYXEVYgXKO1kZJC27wGisYnnN1XpgiBrg3I84Uh34FB2iVioAK7Ngs4gaW7Z
+uPysTJSmurhCmp2HQ5p0hIHxtUsC1jVV8Un3lsnVlNVB2uWYXilqqb+9cJXL498o
+SdMn4R/F7/m5MipDlk12dBJQywbSlEj0tVR3MPxadpZRgMT6URFQEHbdqtLYE25m
+9DzFMuSQNQIDi5CPV9s2RLsHXUgGMhWDAMsNem7SXDkZ/0F95BIBtRLXtrVxp8Jf
+8lZV7+ndJlI+6Nx9dup366O6ogb4wQUZ0B9JNLJLy2n58CV3UQq4nz04fCZGg/M8
+vwFRxF9SAwsKstrm7+5CIK5hSriApS7W2QnKA0SyRcl4OkCBKCEya5OsIHuW+H4H
+LGo2NMbo6HKxIRuT2mvSH3EhIRQ/EJHsd9vsUQOB1ax6ZUT9GmUsdllntbnwJo3r
+bzhQ65PI/xe3lc7GU3NQylQjDND/RtS3ZahxRFFlPxD+vn4geVpdQDfjCSq9hoJy
+Kxjzzzt8aZKfKFAZoL/cuvN2c4KzRCjSIfPGhgeUg2g/rCYrFc3RrqaA8u4H5B4O
+hhGEca8g6oxwKNFICFOo4Oq/BE9u/HDXx/Fr30sPD5WbsqvwP3oa458Yjg5Sp2+2
+xvufYBFd09mVqSDn1VCaBEM7xUhs8ncRD2v4aklYS0ByBQSadL7xKvwsnPwD/d8i
+6nlPQvcDz2Lk9d+pmrJWBxMvfYxvl7H3z+GUJV3acVXamTr6Ju0xBZRHctrEDRId
+MDWXdy8ILy9mSD8RwAA+VV+YGUJ4XBTONGP2lb4tLcYIphXhTbm9jlI2Ey1IR334
+y4+LsYku5l8zUz6fqDVnZUbYfMxQ2gnlKUsD6SM26eRYdcG6QSheh8VoPQz6aM8s
+5Z1FLVCHr9HKKeAar8DtOwp1lfRRgCk0iG4bTzh4OwFGdR64rUZe6BnmH9F6C6PE
+jjm6G686fCIbuw22gM8DAE48XoA00rL3F2JjfiC1n8C1JqYFAVosU+LVAS10mbcf
+eWNCj81sknWtP25KZAKx8VJT6p1pYPGIYSYCQIMdxkSggXGvCMuRUmZ9RrBd+Ag4
+IpVOB8So5wWnwu7xX7/gcJMNepE9b/Iwr4bO+hbe2eycFrSSWZwfOD0IUCwMbVkR
+v/0D1QVOajeAA2Ns7WJ27ir579jR2CznW5Dpea2CbCw35CxlIwAxw+LJJqWZMX/F
+gj5DA0lFbch6XNgApfxoqOQeKRekjgghSLN6AnnIqYW/47FKdXWWYpmiY3rKfPOR
+vpG9liCJnNswSxV8TeV5zg9fFaR6Yn9Zu3AO8xbw9ZDG4tzUF+PDpnirhqFaqEaq
+2hXly5xFm7lhZ70l6v/POq6YEy6HIYFd7zI5yapB3Xk82fdP+ZbgktglT2Q94EgL
+SHW14KgNwT7XwgIJoYNVMVGK0QacrAB6wkyWk+hu7bfEr1asHRXGsVEwYJBBtcmK
+hjwDVnruEiH/GGhwnN1Xel4yL/ZBWCs0K+EomCXrlScm2Dq6KqDCWDArIKxiVLKZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem
deleted file mode 100644
index 1b70f7cd0f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid requireExplicitPolicy EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBmMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOzA5BgNVBAMTMkludmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5IEVFIENl
-cnRpZmljYXRlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFGGwB
-xudAxGlVkjikIYygmyMRqHU1E/QoVNlt9Ebezg0wLbnUUkCIPw2HMIMfbDIHeaJN
-eOaIwT3f4QVMET9H4tp5gWQOKRBl8Lj3Qted/du3ZnX85zwGimmHpE5HPLUus1xJ
-FEDvx8tiCGFe/MThjl7mwPANLHMWEQN0JqJhNwIDAQABo1IwUDAfBgNVHSMEGDAW
-gBT3hCvdsfuVH7p6WmLgczEWsirIeTAdBgNVHQ4EFgQUT4ePIvuBwyFLywgAVQDh
-kO/dvOwwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAJkkSBpAtETJ
-/dkW/B+frVBgw9yRjQ5r03xtGarbShYju5enZfbWEg2t8HkbDzyw3b0Upp8GcSyX
-zrbFBiGyo2hxjN8U6j5w+MCd9NJtGEW1C2O8m3S2uP44Zi0rTALMCI1thhoiDezC
-+To+oSu15R1fOkNPNHwlpaFpryy8ZJM2
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKa5BuVP6ndJvlLbsZTTbB4nvZWYbY2Ihc7C5sly521U1EBj
-aLheGs9ObXh32aFJ3kZQuAj8VpBEakL9zChjwFkBU7dEWO9OQFf8NV+RD01i6c7g
-NquatLdDUmTvS16/E23aZBNa9jDAQ4nQffOf/cx06GbvOBF80dnNnM8TXve5AgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFCV+kLQN0LLzwRNH8EF577JC5jX7MB0GA1UdDgQW
-BBQjYThxLAlhvqK819WJ1thQPr3rxTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAzVx4zKfg2OZPg4KGdTVJSzYGD69T0AfuFdTI101IvDNbKuc2SEmpmul33Px4
-z5gMKCZsIpsVXzf4rm6kuxl89PofVdztUuHIivKy5gr4iBt07YDmUNZZfl86CPoF
-7aARp2XRQ0rJCbF1RU0YVWZRyn//oFYyY49Bq1aDelri0WM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5LYa
-vXx/4T4pOwg2eV0ZZmBRTcjTivfmUhGf4t3BjAXalsDsWFkwmVCVg0jnQW4iuT3s
-a3lq9JO4ZUMcejACcPBO0AyXyrTo6DjXDy7Snf89AIpyDx/ct/WqvnO07ceHwTDO
-CZY11pYLMerONqANweAyCKsio69S35piBx1QqmcCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUJX6QtA3QsvPBE0fw
-QXnvskLmNfswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQQwDQYJKoZIhvcNAQEF
-BQADgYEAPUNGMb0+cubTj0DAP3jW3mlPGZeGtc6jDLe/Fdrf30Au88GX5G2FJTql
-/I7wFlUgHTGQyHF3Zad9Qfzf6+dO0j9RhlEqgCk5+FqFsboPQ9E8rtCrABUUuovD
-RgkPDAKZsSLR7uQBUDgk0A3OqN1UpiMKKxFz1O1ya8u1DgGWxJU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANF3obVmdl9+Tj44uOFKTDkrdPu/AlUyitHu0YQC
-vsUY7GjYy3dKjm70g7hQfnCtA3XIwm3H1a36Wo41R0Dvj8QJ/8qPhQNejONRzBzB
-jnXx2Lr+bfh3zxebwgUmDyzCkPXj8tjFerVTpxc8aAgfWcSLD6xK9h5OtKy17aME
-zZ9zAgMBAAGjfDB6MB8GA1UdIwQYMBaAFCNhOHEsCWG+orzX1YnW2FA+vevFMB0G
-A1UdDgQWBBS+bKwACUxTlLgb5MIRkSOlqwdjCDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAF1/+ajWFOu2Im9slgmi4YnPnqk5oWYqOrOh3yAR44wEchHfHD74/
-ed+jlGZewF+V4QotdYoG8dnld7lbYZzkdtTxcOUr4k/aUgml3yTeb5O8rBXNXytN
-JqEKXEp/ggaG4rKzUyA8zwYm9fIjG1jL0KU/1L9JSMzmwJAmR6aIq0Q=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALjYqyTd452AWgD9QeSfn+Exc56nVJkK
-dx0FEleM5YEqeEUl33GTd7FRwtkYdznsQzeFYOWbWluYE5Gl3DapcqpMlu2PQmo6
-dZMbzh1Bi2yahE1wWmY15NSjOz3TFAJBZRZk0PgxvohpdPP8LLCwA9zQUlTnpG7D
-LBESzn390XCLAgMBAAGjfDB6MB8GA1UdIwQYMBaAFL5srAAJTFOUuBvkwhGRI6Wr
-B2MIMB0GA1UdDgQWBBT3hCvdsfuVH7p6WmLgczEWsirIeTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEAJzvxMRdZl5IWypM7YNiMcWqk7GpMuRvozUyoRQq8cA+z
-fdskZk75lh97jsW2RFnP/fyA30/5NAfVuD2R8+TqJaF28jgHOnU/6qTcM5sxnRJ0
-h+icRKt6II8LNfWUQ1zv+pBxfuy/yOrYpw7/7ba2Zeson/cLpa0dhLFNCGEkfbs=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:25:7E:90:B4:0D:D0:B2:F3:C1:13:47:F0:41:79:EF:B2:42:E6:35:FB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        98:e7:69:c4:4c:c3:6b:08:80:30:4c:81:3c:d8:b3:06:88:91:
-        e8:a3:c5:d3:c0:35:51:35:f0:16:8e:38:0f:b3:e6:26:20:d1:
-        45:39:1a:a9:08:be:f0:5f:e1:00:8c:a6:91:54:ff:ec:32:bd:
-        e2:17:92:a3:41:f3:c0:fc:e0:84:86:54:18:ff:b5:89:9d:15:
-        e9:a9:92:a8:96:a7:4e:97:02:2e:d5:e5:e5:f7:70:5a:1e:5d:
-        d2:6f:40:34:f5:c6:63:65:5b:85:c9:b7:6a:4b:60:5a:76:35:
-        12:01:1c:80:59:9a:d3:1a:a7:27:7d:f4:f8:00:ea:b7:f1:3a:
-        62:e6
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFCV+kLQN0LLzwRNH8EF577JC5jX7MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJjnacRMw2sIgDBMgTzYswaIkeijxdPANVE18BaOOA+z5iYg0UU5
-GqkIvvBf4QCMppFU/+wyveIXkqNB88D84ISGVBj/tYmdFempkqiWp06XAi7V5eX3
-cFoeXdJvQDT1xmNlW4XJt2pLYFp2NRIBHIBZmtMapyd99PgA6rfxOmLm
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:23:61:38:71:2C:09:61:BE:A2:BC:D7:D5:89:D6:D8:50:3E:BD:EB:C5
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a3:9c:67:02:44:57:a0:9d:d2:78:46:fb:e7:76:bb:66:cc:60:
-        1c:2c:7a:7e:d6:ec:a4:c2:4d:2c:51:8a:97:1a:e2:c2:7a:0e:
-        e7:7b:4d:79:49:c2:6c:a2:b7:a5:e1:74:64:9a:03:f5:7a:5d:
-        cc:18:2e:25:dd:a2:fd:84:03:ae:d8:cf:1d:17:ea:fa:59:77:
-        9e:22:3b:7e:97:f5:74:12:34:71:c1:10:6a:4b:03:6e:92:d0:
-        a9:6d:cd:ca:5f:69:7f:c8:b0:b5:97:78:5f:14:b1:34:d3:30:
-        09:36:f3:03:2e:dd:01:52:33:61:2c:8d:cf:74:01:71:47:9e:
-        f4:66
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFCNhOHEsCWG+orzX1YnW2FA+vevFMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAKOcZwJEV6Cd0nhG++d2u2bMYBwsen7W7KTCTSxRipca4sJ6
-Dud7TXlJwmyit6XhdGSaA/V6XcwYLiXdov2EA67Yzx0X6vpZd54iO36X9XQSNHHB
-EGpLA26S0KltzcpfaX/IsLWXeF8UsTTTMAk28wMu3QFSM2Esjc90AXFHnvRm
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BE:6C:AC:00:09:4C:53:94:B8:1B:E4:C2:11:91:23:A5:AB:07:63:08
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        84:fa:09:1f:fe:84:d0:14:26:86:5c:37:6b:2c:31:aa:04:7a:
-        22:84:ec:b0:df:99:15:99:f0:b7:e9:d6:fc:70:9a:8f:4f:50:
-        d5:24:28:0b:12:79:90:85:69:a3:56:ca:0e:16:79:5e:77:d3:
-        7a:62:9f:14:58:8a:d5:7d:de:e2:6f:a4:0f:d1:2e:27:ec:25:
-        82:a2:91:67:0b:44:39:cc:b2:e5:21:49:ac:25:2c:91:df:33:
-        95:1d:08:6e:ab:8d:8b:fc:2a:59:7b:8d:5d:c2:68:90:c2:a7:
-        06:00:26:e0:cd:40:6e:f3:37:1f:37:61:f6:6a:50:a1:dd:92:
-        53:fe
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFL5srAAJTFOUuBvkwhGRI6WrB2MIMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAIT6CR/+hNAUJoZcN2ssMaoEeiKE7LDfmRWZ8Lfp1vxw
-mo9PUNUkKAsSeZCFaaNWyg4WeV5303pinxRYitV93uJvpA/RLifsJYKikWcLRDnM
-suUhSawlLJHfM5UdCG6rjYv8Kll7jV3CaJDCpwYAJuDNQG7zNx83YfZqUKHdklP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F7:84:2B:DD:B1:FB:95:1F:BA:7A:5A:62:E0:73:31:16:B2:2A:C8:79
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        05:e0:f0:e8:75:5d:d6:4f:dc:29:ea:db:22:b6:bb:72:13:f1:
-        ff:b5:e0:03:31:9c:64:d9:3b:2b:4d:78:f7:5e:ab:0b:e5:82:
-        13:7e:61:18:95:79:42:bb:9d:56:78:dd:9a:01:92:5e:0b:e8:
-        fa:78:b3:b3:e2:4a:9e:d7:d1:30:60:03:7d:31:e4:04:13:61:
-        a0:de:ac:e9:0e:a0:97:16:aa:03:81:40:56:de:36:a8:e2:13:
-        45:f6:08:72:c2:4e:d3:2d:55:25:9e:0c:dd:da:40:82:d8:75:
-        01:44:75:35:92:92:fc:79:bb:d8:b1:54:83:7f:ff:13:da:df:
-        11:ea
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFPeEK92x+5UfunpaYuBzMRayKsh5MAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAAXg8Oh1XdZP3Cnq2yK2u3IT8f+14AMxnGTZOytN
-ePdeqwvlghN+YRiVeUK7nVZ43ZoBkl4L6Pp4s7PiSp7X0TBgA30x5AQTYaDerOkO
-oJcWqgOBQFbeNqjiE0X2CHLCTtMtVSWeDN3aQILYdQFEdTWSkvx5u9ixVIN//xPa
-3xHq
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem
deleted file mode 100644
index 8eccc6c3b0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem
+++ /dev/null
@@ -1,266 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid requireExplicitPolicy EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3Vic3Vic3ViQ0FSRTJSRTQwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBmMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxOzA5BgNVBAMTMkludmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQCg0lngplHQSomxVxizv8r33zMQpbWDB+H13FvEhgFq5KE02tWBVkz7vXAr2hXP
-Y7LVgaGSQIOZqHrbMR+Izv57cGr+79ResVXZ4ulw8qxCgVrA/1Bty6kmyvQiyQZ/
-1z8EARO+Mu2R/XgSx2uCasNmLtgo3Stuop+2coLPfwqW9QIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTnAqvOKOVo6WoEaT4ppTZjcAShmjAdBgNVHQ4EFgQUUj/qKg3WunpK
-bbAcCDrHDB8Awg8wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAAZO
-rTXTH1bBaJ1hKzh+NWBuI+gHfWUhVlxs3mgw4oCtqqhrbDCBQwA+D5sN/91EPODR
-oEUqrZbyUgTQWas37LqDXhoxm9uvX0Z3521iA5pwllvHgtmrNpPxNE1ylbIT5lLa
-927kjS03tbzpOlbvFj/OTmh4yyPaeL2oJyvDaC3X
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoN8Q
-UsSTUjVJGaxxoQdGouge30kgdc3+9+sup5NAWj8oyZQiGa/FlrayJlgnNXIO5xbA
-Foe3dhwCEAfsrDIofXlPacb6W9dTxdlh3GwG4GJY9gvfuVfkEb4EaYVyU8J+tmPq
-WDI/P7B03nMhQNNChUFIcuBKaAzDRwqIIGd5I7cCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnSIV59sBcIhO8mIv
-cMu1wc0QTk0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQcwDQYJKoZIhvcNAQEF
-BQADgYEAL+ADYS2dJuo7zZ5LoNXv2wNfJcyaTU25ajW4jvi4dN4jwEPgqCfrQ1Vy
-lf1YHDAzKYc6nIZnG031PEqEFTZmuXCcngo+CFmOpT3O8WOb/vHVolb6Cd5MhCZj
-AWkQgkXQ7HW3nIEkPFqNC5ljPrmRkGtu1MjN5jAq70iztFF1hpw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBT
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNV
-BAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3ViQ0FSRTIwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN8u+z8KfD1wxuMq85cY2R9ISBwrx0kSTvHcxkgfd8Hh
-/aOd/f5SUqPS0TsXeUJZ4491ildJLBmeyOsaMXfR1wUCjs1GzCTV2lwmHy1v8TEA
-Y8Zk77Z0xk7JM+Qa6sYNBQDvcqMerys/5ky8Lvqentpzs/rW1L3SBQYg2PfJX3S9
-AgMBAAGjgY4wgYswHwYDVR0jBBgwFoAUnSIV59sBcIhO8mIvcMu1wc0QTk0wHQYD
-VR0OBBYEFOtoCcblL8PzCgZRS7NYc5w5GD9LMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8E
-BTADgAECMA0GCSqGSIb3DQEBBQUAA4GBACFHfp/nuX3TO1xb40P5+iKE+BZPRduA
-ftJoYKvefkbjxlmMHoUdIUcntVLAyhaJlW797m/y+C+FDfkqtbBUFDjycGuAmFgA
-y59FSYCF8j4X1ghg+neMHyCzvkhN2IokMmzt3IITVLINy17XKITOwuMtJJSaR34A
-e0IQMPlYYnGK
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3Vic3ViQ0FSRTJSRTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBcMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3Vic3Vic3Vi
-Q0FSRTJSRTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALo8WG8R0uWydjHS
-XfEB/PfNI/TnhECaPZoH2W5ht/eblnw1w1zAJGFgDQt3USnxkZvjIa/Eud0VJ3KP
-1WFyD2IA40YtxHQsVTWF608T2eRLc1URZ23e/C7Op7EiXdo+YoJ7KwhiUyhNxxS6
-oIa1OQlAEOurYT7cU1BSxe4X+oY5AgMBAAGjfDB6MB8GA1UdIwQYMBaAFMsSDLuK
-o5HnMkT9UFBgNQkdakUmMB0GA1UdDgQWBBTnAqvOKOVo6WoEaT4ppTZjcAShmjAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAR64KcgRdPGS/TLDzWJlnI2aOww1U
-eFC/9/IQbIeFS6Q6uwO58GzT7DdeGDwBiztdMcGMUx0z0HX9lTVEQu1zWMNnTWuz
-7LJPjucrwXeA/s2vhMTA44l0hgMIJjjiLDOJWm3/gI2DWh0HPOGCo/cRdLeXKiyO
-O9E/0IzZw84Ul+k=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
------BEGIN CERTIFICATE-----
-MIICsTCCAhqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3ViQ0FSRTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBZMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-LjAsBgNVBAMTJXJlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3Vic3ViQ0FSRTJSRTQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALR5w4GO7XWupkCybIrksb86Qn9A
-XltnfkZIGhDabLaMyFOrnfcfJnh1RKKwqJfi8/pF7xDxJL301Qud+jUZc78vFUYT
-lMO6u7jmYYl6zLgoshCc4T95EMH8r/qoGx7U4S1o5B9maWm/Xrov12WP7mjPxeBb
-BmWY4BAPOQBt6gS9AgMBAAGjgY4wgYswHwYDVR0jBBgwFoAU62gJxuUvw/MKBlFL
-s1hznDkYP0swHQYDVR0OBBYEFMsSDLuKo5HnMkT9UFBgNQkdakUmMA4GA1UdDwEB
-/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
-/zAPBgNVHSQBAf8EBTADgAEEMA0GCSqGSIb3DQEBBQUAA4GBACwLeGO55YLNW2d9
-1sZkNe3ulFUkXCfVtxfO7FoO7gvCv9xKjnGOef+hnMFeLj5L4UtOUeekpnipm/51
-pi2QP8O9Vvwt6YtZ57t+ednuOPORQsvh/SaPSo7GT5H6ILwf4E/JaFiAtuwgYJQX
-D9YTw88ufWnBrPQ1yX8ReXseLZPN
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:22:15:E7:DB:01:70:88:4E:F2:62:2F:70:CB:B5:C1:CD:10:4E:4D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:5b:d2:82:80:08:3a:f4:5f:8a:3a:63:b6:7e:46:e6:49:5f:
-        d1:ea:1e:82:24:cf:15:80:4b:37:bd:f2:e4:b7:28:10:54:eb:
-        60:d8:3b:e5:be:a0:3e:38:70:aa:d0:7b:0e:98:99:55:9a:0c:
-        30:2e:8d:86:ce:65:a1:16:5d:60:55:e9:b4:af:c1:a2:df:cb:
-        63:c7:a3:45:82:85:87:4e:2c:7a:3b:52:e7:3f:37:0b:0b:8a:
-        41:f2:a8:e8:d9:db:2a:a9:e5:e8:50:4a:bc:f5:51:b2:47:fd:
-        8c:73:13:57:cf:97:35:dd:0f:08:a3:c7:cb:ac:2a:cb:53:0d:
-        df:45
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFJ0iFefbAXCITvJiL3DLtcHNEE5NMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJVb0oKACDr0X4o6Y7Z+RuZJX9HqHoIkzxWASze98uS3KBBU62DY
-O+W+oD44cKrQew6YmVWaDDAujYbOZaEWXWBV6bSvwaLfy2PHo0WChYdOLHo7Uuc/
-NwsLikHyqOjZ2yqp5ehQSrz1UbJH/YxzE1fPlzXdDwijx8usKstTDd9F
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EB:68:09:C6:E5:2F:C3:F3:0A:06:51:4B:B3:58:73:9C:39:18:3F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        00:dc:24:0a:9b:ba:25:d9:fb:09:b0:e6:d8:9c:61:d1:09:f9:
-        f9:d8:09:86:fb:ea:e4:13:5a:c6:0e:0c:53:c6:e2:38:78:70:
-        1e:6f:39:25:5c:b5:4f:b7:5c:07:7c:1a:7f:b4:8e:0b:7a:b3:
-        6e:85:c9:88:9a:8d:07:d4:f2:8b:8d:e0:49:f0:86:7e:b7:2b:
-        a2:be:c4:8d:e5:36:03:b4:47:3b:c1:8d:eb:8d:34:3e:a1:97:
-        ce:97:10:84:e9:06:79:72:c1:a1:4c:7a:b3:78:99:97:01:1f:
-        90:cd:a4:ed:30:2c:df:36:64:46:ff:c1:0a:9d:61:26:89:c7:
-        40:b2
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3ViQ0FSRTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFOtoCcblL8PzCgZRS7NYc5w5GD9LMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAADcJAqbuiXZ+wmw5ticYdEJ+fnYCYb76uQTWsYODFPG
-4jh4cB5vOSVctU+3XAd8Gn+0jgt6s26FyYiajQfU8ouN4Enwhn63K6K+xI3lNgO0
-RzvBjeuNND6hl86XEITpBnlywaFMerN4mZcBH5DNpO0wLN82ZEb/wQqdYSaJx0Cy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CB:12:0C:BB:8A:A3:91:E7:32:44:FD:50:50:60:35:09:1D:6A:45:26
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a6:50:12:5a:4a:b8:b4:85:a7:62:1c:b0:bf:67:05:d6:37:9f:
-        56:37:ff:51:90:9e:8e:f1:7a:27:03:e2:02:8d:2b:64:0f:fc:
-        db:28:76:69:63:2c:36:63:48:43:12:3f:06:7b:29:87:cf:2d:
-        7a:05:9f:8b:03:3f:be:fd:e7:0f:fb:5c:19:fb:c1:35:b1:27:
-        17:dd:00:b4:10:70:f0:92:79:33:0b:05:89:8b:07:c1:96:2e:
-        72:03:00:ce:db:e7:a0:f6:05:69:15:e4:c7:7f:4a:ba:e7:ff:
-        9a:f0:6f:98:f9:e9:aa:df:d4:c4:7b:14:d6:1e:8d:a7:83:48:
-        33:a8
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3Vic3ViQ0FSRTJSRTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFMsSDLuKo5HnMkT9UFBgNQkdakUmMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBAKZQElpKuLSFp2IcsL9nBdY3n1Y3/1GQno7x
-eicD4gKNK2QP/NsodmljLDZjSEMSPwZ7KYfPLXoFn4sDP7795w/7XBn7wTWxJxfd
-ALQQcPCSeTMLBYmLB8GWLnIDAM7b56D2BWkV5Md/Srrn/5rwb5j56arf1MR7FNYe
-jaeDSDOo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E7:02:AB:CE:28:E5:68:E9:6A:04:69:3E:29:A5:36:63:70:04:A1:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:2e:d1:19:d1:46:60:25:13:6f:1e:9c:04:5b:c9:4f:6e:e2:
-        fe:f6:3a:8c:eb:4d:50:cd:03:36:d9:aa:cf:ce:14:30:7e:8a:
-        0c:24:6d:67:63:c8:87:69:a4:1b:cd:86:aa:d2:3b:40:38:c9:
-        f9:ff:19:47:8d:23:f1:3e:dc:f8:9f:d1:af:30:a5:47:59:cf:
-        8a:c2:0e:8f:2a:8c:9c:d9:78:63:5d:8c:cf:18:1c:79:fa:13:
-        0e:3e:f0:8e:0f:97:dc:67:28:af:5f:19:6d:01:87:e5:e0:26:
-        8d:03:8b:91:f5:69:f6:09:30:f8:5e:d0:79:e2:86:51:36:32:
-        1f:48
------BEGIN X509 CRL-----
-MIIBVTCBvwIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3Vic3Vic3ViQ0FSRTJSRTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFqgLzAtMB8GA1UdIwQYMBaAFOcCq84o5WjpagRpPimlNmNwBKGaMAoGA1Ud
-FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAAEu0RnRRmAlE28enARbyU9u4v72Oozr
-TVDNAzbZqs/OFDB+igwkbWdjyIdppBvNhqrSO0A4yfn/GUeNI/E+3Pif0a8wpUdZ
-z4rCDo8qjJzZeGNdjM8YHHn6Ew4+8I4Pl9xnKK9fGW0Bh+XgJo0Di5H1afYJMPhe
-0HnihlE2Mh9I
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem
deleted file mode 100644
index da9273524d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Revoked subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICbjCCAdegAwIBAgIBDjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBBMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3ViQ0Ew
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOOm11GxhTUrNTzIsGL2HeKkXDSY
-fuue6iKn5fTFuhHFBY9sABHgqkRwS7lT9J5OL+Li0oTfq3En9SzqPZ1pTG7nI0tc
-qo/XLks9e9E5GrdjiSPJSvcdETspZ4MKgNIeEQXyX/KqhvOlFuIkvQ6CkB26h0Ys
-ds/2NM1G2HIcqoGdAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1
-M9+aFZTHMB0GA1UdDgQWBBR49b1LlhuzLeZAUDLruLRHVAvySDAOBgNVHQ8BAf8E
-BAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADgYEAUGhyEOC1558EMH9u+aVPXS5vZ39mJh2Y719gMZiT
-OXDZsqIbxJ5npOYdL40yZD5vhio5mvpKFm0DtAmAQsp6SF5nTdj9Rn70rqQI0rdN
-9m7nF1ZRRL6YBRkSymloliboDsspsoZUSitT7yMtxcIocV9V0QxcGFSFw1i6W3/H
-OYw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Revoked CA Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Revoked subCA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3Vi
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBYMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEludmFsaWQg
-UmV2b2tlZCBDQSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA2aktQuUqYvrSvuQR0Y5vu/X29VQgITZB3a39NV5uIZXvWgUWyD1Q
-SGYbtu0YzKSDMzLAeuSgs9c6u4r1wTxno9XgzSJvcaupysi94Eeqqt3OCaJmLg5Z
-sV12741X6CqpUSZ6Tap8rsFqYspyzMExUZqJ0d1zszbDQ9uqfCan5ocCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUePW9S5Ybsy3mQFAy67i0R1QL8kgwHQYDVR0OBBYEFD7V
-xiNcO7bHOzxBFfhSNMhrEZnyMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA3uoPgaDGPEy7AddpjA6a7Dm4
-3Mm2CcAZuFUSURGmmoYfaTQldWpf6ySCHr9t7vOm+7Gv607TPdqF1Gw0BU6DpC7h
-Et/uaN0/vE/XHxyYEi3Gfzx//aNgr9ZcDnhr6iGmVAAxjfSmVoq1SYvWo2cskAq1
-UO8Ub1+lilBTCeJDLTo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Revoked subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:78:F5:BD:4B:96:1B:B3:2D:E6:40:50:32:EB:B8:B4:47:54:0B:F2:48
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:13:8b:21:ea:c4:2e:36:3b:d1:23:d0:aa:e8:87:13:62:4b:
-        63:07:14:68:8d:92:b1:00:5a:22:3a:99:5e:72:a7:92:01:41:
-        b6:b0:85:f0:ff:48:ea:da:58:d2:77:26:c2:e1:56:52:69:45:
-        ca:38:98:f5:ab:9d:1b:4c:fe:9a:30:64:58:64:e3:68:f7:a5:
-        3f:86:1c:ff:3a:82:bd:56:a7:a3:a2:5b:fb:f7:21:8d:14:98:
-        0d:00:3b:81:bc:09:3d:94:90:8c:df:4f:6b:14:b5:10:68:3c:
-        07:cf:e7:06:69:71:4c:0d:b1:7a:53:24:5c:49:8f:fa:05:05:
-        18:9a
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3ViQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHj1vUuW
-G7Mt5kBQMuu4tEdUC/JIMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBADgT
-iyHqxC42O9Ej0KrohxNiS2MHFGiNkrEAWiI6mV5yp5IBQbawhfD/SOraWNJ3JsLh
-VlJpRco4mPWrnRtM/powZFhk42j3pT+GHP86gr1Wp6OiW/v3IY0UmA0AO4G8CT2U
-kIzfT2sUtRBoPAfP5wZpcUwNsXpTJFxJj/oFBRia
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem
new file mode 100644
index 0000000000..b3ebd9f981
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F8 11 2E B1 BB 28 D9 92 63 FB 6C E9 A9 9E AD 87 A3 15 51 D5 
+    friendlyName: Invalid Revoked CA Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Revoked CA Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Revoked subCA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAxMNUmV2b2tl
+ZCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMF0xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMS0wKwYDVQQD
+EyRJbnZhbGlkIFJldm9rZWQgQ0EgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ9Y5RCWTe1kcC0UDNMfNbMB7mhZg2IYyd
+wVIZ0H7zUCGeRgP+EnH5/lCL7F2FAUGgC6iYOY89bJ3a5/CsYyMXrO4iRqxM9kUt
+fGKJRTCYlOjuWEEOPzcFTo9bdrZk9k5oxwhAqk17m0IvPpoOTAIDKqLaoIz0gqyy
+ziEmaRRxGehXBLCgJwDA7zs1qRZPOiJ7LI8EIXm7l940eGUbU5Rs+XlA/YY/HeG2
+IfKKo9I/fCwV3kFTvYWiL0TCrRtKEyihLwytrpa+NsG2Pk+lHjtmXnRnDCzTkDF8
+g4BT+6WYI8puLUFxzOEpRhVUycH8S9FLP3Gfrkosc4fb0ZaE5O4PAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFJZvkpmg6XZ0u1/U+PsZ2c8dBaDvMB0GA1UdDgQWBBSsAecm
+BprTTYb0YInq5LHji2iDxjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBy+xF3B7mOc/clEsV/pqovLkjI
+iBu5SIcDpgbLDC4ob53X0xFC6EPo+FTkjVNBMZ6ICQOI+NWCHrhAe9NgfWivzORF
+dDiP/w4v7n7QL8XFug9+Ib+KKO98TSEAO0X9DY0YNyOHHO17Zo5Ev0sU7UuZ/3za
+9A7gG8P7Fjl1u53FnR6BT7S7pLmQabCEy+cVnN41giSUX82Wtc+VLo7AuOAxbXqE
+/fy6+/bvldsbMz9KcgoG5Qdj6E6nVyaENDaJe7eWZhfLeXKb905YkqXU4H0T8bLM
+YA9BW15DSOhrylXqLHIg+pa79+ujLyqlw9Xz9shQQedLz4y4nf8DbjmYa/nA
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 11 2E B1 BB 28 D9 92 63 FB 6C E9 A9 9E AD 87 A3 15 51 D5 
+    friendlyName: Invalid Revoked CA Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,10B18725F104434C
+
+G1BIGWw8PiMynohCHUCkVX8obnqxs7hNDvjaAjqm70Tyli2vUjjH+o0IR2liO0VC
+2F2ecwJZUBuLGWGkd/8N1lXW2ishF0Y/7AtJGpOoUpH9kgRyShNbjIJzkBSDhxtP
+x3Uh6jJ7i64YnWdaW2/Cfm9s3SXYT9DJ4HJVohFosnLCKimaEdAfM0ui9OD+/kYU
+zsGqcXAqQ4St6oXmwPqcVbv1UP4+sLO+VQrddFvJbs8hkZpI2eoSo7LD+axsC+Tx
+fa0cRuregZlRm/xIKobBkdEeLANUszDcWKKNGNPa/ywX9brgkQlzS7vTUrZdeVKU
+/rLuQTjoh34h1NdZkux4LsdWnbff/TK3twj2Ge/ZsdmS6Sq9wKniqQDE+LUUlj+k
+BeL6jjxAsd36cTUWTDTU/zmCFoFjhQteSK1ldY+PWK59cQS13tawvn98I1FWz/83
+Q6O6bfzB3/8v5DDx6TPv37IuwN82WNxWPYyy/tFx8rlW5jHIxmP1foTnxgeQSDx9
+8lukOJJjPt0byE/pNcJbdfaU5mOOwsaXPiYrvCN36kQkPxWTrN6zqv+AXpU55r2N
+DB3oA1MS4FghmQjXr6uDA1ugmN3xQEJl7/biNdPk9TL/5ur38tJ2utb68hXKey/s
+xG1EWxvRO38btEZjlI7W4b5LlfmEOaEss5l5d9W3O+Fl8Pk1TD//5zx0ielHcqbd
+7wdAluO0Yq2KgSIzj8wHmzJsHqoamoP6VbwnIq9igYkzIw7wgOEGpf2iGCia3Ptw
+hqr0VYZwKODUj4ZaidckmjS4ncbf3Fk2TwXOPI0Udqo0qU50U0uV/6LM0i27/ygY
+EM0MqKU/9L6PC73Cm2Qgp8iCbN+nN2s8LQ95MfoJ/i9wWcB8xlx0cbdD6c+L72xq
+K4THPxfWkgULbZYVPbLvTlw5jVdyzxaH6szLGhiUz9Z2d2xFl29o0WWvlXtTQcHB
+m+WL83LmmvV508Rmi/yhHmGFSG9kUgyCZF9K4iPLQ+33kgAif6sg2fXaJ2Kxhfi4
+twLtue6PZsrJm4pjFhCMbG3LLFE0Epo/1D1dRfUab4Bi1L2hf9h0nijAwFh9eay4
+19Oldc2x7bB/KRk4i4/h4bmWscJj6nhFREzqs6dL87Gpl9pZHtTBnQEc0y4gacCz
+jv13Nl2g8PH/YTQd7tvdbOUn7MqZA8oP6lff511Ef3gHNWp6LaxqFDGB9wumwAy+
+9CY6dBPjRXf+Bfya6Q4qUrVrw8DL1LrUf5gta++eSOgWW2eFVjPiffY+FE3TqaHC
+J7QcbR6G8hJqFYrAc6yrbe8nCLF0CP5r5U2k/JaJJXA85ZtvPke1Q3LGd+anRLgg
+HE/BxMafRRQHEQQ4gCLT+3ZN+G1hi3dTBmP0ufSAXCwgYRIMikkXEOHG2DKLtYBb
+fULiXYAfFKqtgLqKKLunKHyI99gCGKLNZ2tBKPqypJoemFV9fCwlnXARsgwreRmX
+Kiu98Xc0SMImSL8N94jwGsHI6k5y4FlGn88JWlZjrtAo90A7Vj/UHPAdpUusLmXP
+uFIHQaQrCM+WpspxugtWAP3LuUOYoqvmkvcv9i1Ufn3ThDUtp00IHP9u80pkWmCv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem
deleted file mode 100644
index 1463a6fd34..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Revoked EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICdDCCAd2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBYMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEludmFsaWQgUmV2b2tl
-ZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEArULgNTYVsg53ILvaQpaeciApmyq6N0bmhjEiwYKYPdZSQ6A5tHN2X0hNYGEf
-Qg37W+OVgufTdQYW9KHRNQDisSLHoFpDaxdeSJbRshvd3iaY70ad01q0/L+mAhoq
-ULHc6QVDrE3PiDd2M2Rt+JNpIMX07CPN/nq8EyiJQUYI5AsCAwEAAaNrMGkwHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJyIJr6rimQM
-qOzR65FZzrJ1clsAMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHLF0HF9GpuEFWTdc4BuejhAejEBiOTAb
-YfTbYZYqwl0l+JU5CtXiOOdbOcY0XNpPI1XwN1HtIhTiFIxjaRLQ8uSd7yExaiJp
-HR2lqTC8A1efBd0eFY2MuknW6tGu3XWv+2I/NKGGyIKfWAwpPZbt3EdRnjKGhfgU
-VixHhlnpHlE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem
new file mode 100644
index 0000000000..2921552453
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 1A 57 03 C4 6F 9F 1A 40 19 C8 9F F9 43 D9 A8 59 9D 9C A7 02 
+    friendlyName: Invalid Revoked EE Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Revoked EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIBDzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMF0xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMS0wKwYDVQQDEyRJbnZh
+bGlkIFJldm9rZWQgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC3CqKP+NqhATHU9Ype3p9gqwZT2yJYnoZS0jqLff20
+2TShaoPJ7V0RtaTdle3RMAw6nsu5jehIzYk21kGlNURVYcKO6y+undUfJgYTXX0F
+ZHSCMuMAWuGVdla5oFSqVlzNS9m4gIHlYunhBuzJRFSJQV+eKzPr/ITdO14QEGrO
+DNzu2N1MEMlBzwuExczNN5ZIRWvqLyd52380a+oD9vujGIM8oZQOHcBPZTvbgn7q
+RaH1719locD7oMhj67trLALbsHuRnP2APe/0vuaM7mNTlLzUpb9mAefSjY8o5t93
+38am1l2Z3BDBDLu4BgBi3q8131dczc3y6IrrBtYfpREzAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBQHFry9nAga3iH1
+aQqYBs0caFrLfDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQCCPGXUH3RC5BlNt3cfMDGxsZkfsxYhftwU
+m2b9gwZwBYcHppIxBzHV1ktOPl3uJgpFar02ypnHKWANAcIUIjFZaHhZ6X2YlBeA
+5iQalPQvOyPEUwncGSwWTYNo1KdCev8p29UgyjvZnmdEtMMBUejzDfVHfdyvo0Le
+Z3Gvclnqpn7tu4xkMrYbVGwDmcNRAGhSpXzINk1SUDcHvONQk0n2swPZs3/NjxR5
+oQK3prqEj/ANim+ujHAWVIRIuRwhR1hOQ7SwbZ5CSF7rYB2QZVlpuORrsNurmonK
+JOLp2lDXvMiR6JFO7JAy89bQSCkUNqpPjNIaF8KQ9bEbCZ8qH9W3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 57 03 C4 6F 9F 1A 40 19 C8 9F F9 43 D9 A8 59 9D 9C A7 02 
+    friendlyName: Invalid Revoked EE Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8B62CB31A9ACE059
+
+9GmR577tNmXpWrBhkP0uF+4EUaEXZt2RbDCE2iFeGK8muqDRlK9857ybYNuq0cQ+
+tMqJrXHtoqGEomrH3L0slGVhopdlZTuIyT4iy+XPQs0ArZYZfie0mfhtXWiNJrSd
+TJFdFsMp9KZ+/jaP90DltOPmg7CVt8PBBNEvdVtvHfRTOZ1ytNZACgNeMxMSDng/
+UXu4kZ+zEQWDttZxCv8DD4emZJ6PYei9szEHosjYGVFLCiPHvvMV5JBWq42tnvOm
+cRxmOxZ8qx2J8NMpluEZN2bgEPIjdlXbG7slayqFkUqoPgzKYnBDjR6Vi4Tq+1xd
++Zw5d2f6Z0LB/938imM8ZM+y6BTN+6v4I/Mc4vEnan+klMDqGCW/3wcYH0YaRfS9
+eD2ViJuGNApQ5t/Y9W+yOoqWkz43wL/9UUPzFlJOG3+Qoks95ZqhVaQI07vH61z/
+hUXHiaUmQOn07QKrgcRiFkSrV8v6B0hXK3FCOPIlzJkqGr4GswaNM6cd8y62UISX
+UqoZm3gUVBpPrgqbqmabyWEFtBk+RgObs8S3lbtvRaLJMSqiYfoUheXX+3USfOsp
+hS6O6CzeD0zPClicf8dekZWTge6vmUTZNyd8Wrze2X3nrQ0KFWlZjQkQAId3KK3I
+T3ZrBbnqNTyqqVWFbXwltMeqcfVj24GSaYWTcTPbzWPiwNkhbTsBATNtcgKVsPYr
+fpHcxmq4EZNSk5+aPiDrltrYAPgLjWV5+7wXs9wueRoQtsLEJdKa2B+8yak0OZ7E
+v8OILfX7oDaKYldahTBbYCZEAIh9YMcyPIwn/n8RrUM9Mqw+4kUnv7ug1nlrLT/0
+nk6NqtvDCHPMuwnGOvWs0b2qjhQ/8QELPgbp2vlg4Qc5/3owJ/3micil35WyOH2O
+8SmXgeDeBRiNAprlSjB0lCo0Z3cTECFqPpAVrmZMgC3yaTUbvywoDak8muqeh3zv
+Zv8UOgS5zzuKyUtKoB6pLaPPflX0uX89wGYZ2pZyvY2NzjYNRbKbSy6LTFFd3Krm
+c9ub/6N3F/p4JxOx47Baw0Dc7NlkNfuSZJDKK4oflW20DqNl+DPmO9Qmler3Z0a6
+cxAjfgZCOITJzQGL9DV99gAAy9KiNRuem8/5WutIX0wT3StvRK9r5yUyaF6hh6Ru
+c/4sgveqxox7wxEsX20IQVoNGNd+Tw87A+8xiXtL1jOWjApATepDygRRvzCZFCDZ
+jjL0p4TUth0xIfKVrLAeWYyO4s9VHQG3eh2XW9eOuQYK2+fFsqks28kkmI6E+eDi
+tnanUjjv/vTXVAGugmfxuNI6Qr02otA2TXipkfuTAl+b3z1RgKPC7SCB0FbTfFzK
+fx19/89KXHRi3078u/Dsgc1O6S3zNFlydgwIxFQCUQWMu649S/o4XGPb8oYEZ71+
+tlRBuecqmECiiOLSk6t4T8rtiVsP84j82/FFBu8LEP4AMpmMUAnecIue4nK4x680
+L4iI/tUZW9puzgC+qKS0w1kHaQU431yzR7A6RwpRAXZuAQzf3CdQCUajTCr2m3Y6
++Z1qmrV+7rN4Bp+goSuUcuf5kIFRsgh0QaIMKspzZ9zDP5t99zvbJuNYT2SCUwDK
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem
deleted file mode 100644
index eb302f72da..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBCTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMT
-Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBANItJYQvAndzEuOPLnWhU3+T5fsnTmDZ6JJ02F66VAcrpMjpsFaFiojEgiY/
-nfnbJzFwi6A0VjvStsiM6fOFbVY0vALdhKMSl1OJvPspcf6YMW1MUg68akqffpG2
-1zIqiltFmmT4Lvq/yg9+q2A9W7yB68fS6173hf2h+fGzR8JDAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBShuvXAVFzy
-kwUMm0EKULQY2GdPITAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAElrFa8GafGokZssZp8xXcrnM2FIcSbd
-JXCXQeSFsH7JvXS+3BT1v+0saEhJou7UQ55B7Z0t6COKHryuC0E0ySNyDAOMHGJy
-nbbqmdyyKeXb8cEzFUWN+jTte+P4bCc7qJW+mBGNMLjWFZ0sD6R//NF/LiS8kDhU
-CSYphECUPTcs
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem
deleted file mode 100644
index 7462210961..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCd/67ojjbNifZYVq2WHl1rQRvHb6qWjPGD/UvROusJiCTgq+tLG56G
-Yhb5//E5lAwUUzNZIfrwHml2Pn4iH3vJeRDzhdlPd0IIlP6Q2Dxy2/QrBf7k4luQ
-F9TLihsAH9NuOh1bR/+hB4tV3/E2fvztlVmHOlxbAW/c0xE3jI+WiwIDAQABo3Yw
-dDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU7253
-ms8B2VtX6DNkqlHmWAPzWTgwDgYDVR0PAQH/BAQDAgH2MBEGA1UdIAQKMAgwBgYE
-VR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACgW+giBnGTr
-WXyUZ38pVKHUK9uAxjpPOw5UZC2krfC4nqifiItuVLJgqbPmvETc+8fGD4hi07Lv
-owJkVeBq0ZQGlYoxtz7z6/gEt46nf+lK5gU+al33eTzgga0845cxLE7kpKRYsyhX
-eCRGC8Cmifmc+1AJ12kj61Ys7XE8P9q+
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem
new file mode 100644
index 0000000000..e1d36aaa9b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5E D2 45 B6 7F E4 4B 8E 8E 55 E5 51 AB A4 39 EA 62 3E 9D 43 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kxIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALF4YK3LWtJiBgUl5Tn3nfwLF69a8RzoolTy
+yaH+AC5GnpkNUDC8Mae8jF0rRErvKDlDgHmHFYrEXoZ6ROCsqx2m0PCYcM0aSc5I
+Nt0zfc0V/SjB8PEitoIsDTBNWQHoWBysMKdEvPcPgEbQ6g/I9AMuo2ENAu3JAK/k
+mFT7y5P4Auk3pwAzK9eM/qiVVSoK62ykN2e90B/v/W8Mp2B1oSLkbrUq+pZdG0Cl
+lqPw8jaA6/GRttWiOINW1MERdhyYXIZa9HrhE1vHQNBWT9ZNs0z8WXlSx0qSe5Bf
+ZRC6U4A7HagfKnp97XwcfgzLEZVeRzq8ydhdKyYL/GIQ6skBA00CAwEAAaN2MHQw
+HwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFNeq4+x4
+jtMItdkkxE+pjUaRGjiSMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRV
+HSAAMA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAw+zWEOZ2oOy7
+pak+z0Wn3q9yg06WNlv55x61qIF9FLPsUKHcq5HZNHUqYUXhsGP08cU5bIq20epK
+xuAj34fGieLjH1KgbgG+Bwe8pkG43gzh7ggqdqcUEXQZFOMLlZz6AnRWeG8/ZoKt
+J1u5XBLhBO6poXF8n3T8t0us4f+HtVOjdNeRdrS1QEiHrXLOanN6YIViBraciCOd
+ezeYCJvDquy2ZCoAUDpJS6dofveoHGr4BpMDgLe1g19JWAbZhvHQ/WHzTJrMnd/q
+rvpQcTRAwaLr/Sp3zY5tp4Mb7AV4iYYszVbwQQyHhsq0E590x6kQz6lVtKh7joOU
+4naDVzv2ig==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5E D2 45 B6 7F E4 4B 8E 8E 55 E5 51 AB A4 39 EA 62 3E 9D 43 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9DBA21FEB1BBF3A3
+
+vEXQyEjZcFlzS31kO8IeWEvB/hYjpm7DzvDAFbfVZtfW9/khycLB1pUhbMEzVvH8
+L6pKBRETAoU33dCwAIkySaegzKzLCd9WFpmlOIeFH+WSyVoRs4nnSHPBk42mBKj/
+NK5ue63pzko+QZVIiFPt8x7R44i2lGRXRCgaqiyIJkSyby98aPlAxi3AUChU49vA
+ZXCDUg1YQIe4xVqJ6ONYRmyVk5DbIWY6aQSV7jQ0OL3olL8+WgXmUiQFuvva1rdL
+s3Z2MTGQMJH4wU0lpsAtX6UCgGvoSy6PSu+W0OUH7zG/4/MjCp82BnY5xJLzmPKi
++2jEWuw9CfdiFMLrFNLew1SIe1attx8CZ6sYAKakOcyZ856HiOsO634yzaRgOhh5
+SmmNN49StebbBv261z4cmVc4VeDPvjyvkGKjLxBYLMgWwsvZOhskednUDwGi3cJ2
++3FMFDorpbJ4+7o2MkyjIAMuvqVI/cWaKlzTsi7NWVeNQf1Shg1P+m6jLL1SueiH
++4Ce1Mah3OujFO+Rd3Vb0NcKgobKklL7Jc828ArMC2t1P6xmEUJPG2PngXC3mDII
+x3aj+ApQ7Fbt2UIXRGA10z+hRYvELAACGUA4lPMI/7/p2xoEgE/2+6pyKaGhZc7r
+VEhygISd46RcMUb053KqY4vPP4lDRjyZ7N1ebGVYGrJ85mMWR35B2Lh2jGqbCecx
+X2jMqvOUTGScgx0afxA4gPHO9McQwusrG3AePcmRrR4qxiur0DhK8veK1j8wFuRk
+ZwXhXSP87NLtUQ0F5TzJm8zFviF8Ad8+Tpb+nEYrZK4XEnwVzJZXwAeikJu/wWmZ
+23w56a8YAR5KEz/lXhFgJqXV1x2RteToTNKp7X5ofVHjJeySdRvrJbwEPokRoHgz
+mhwK8rEBeAjeQpImLzjjACV2gU1BybOnnB67WoM5z9mByscCFumy/bni+5Dogqua
+WApGMeRdqLPl3KX5bc9Q1F1b6gXygSYxGsBVAIFxwxmJdKlShat8qP2rYUySE4Pi
+c0WoXMwx4bHgLM7eXlMgfM1D9sV+kww9B2kQlC33cVMTkqcPcP87sJJXXO933xQQ
+RxNnPQ5SlkbapVZAiajhagcALhNLVFxgxz+wJX8cxoGj5aZutJcKEsRpt/UGgx78
+ZMDHLEelO5dt2KUci3Zd4qQTVBkxkfLIGyV/6nZUyPNK2l36yTRmd64DiAMyF8NY
+vU8aNb/aiVtTKLTr5edZOTJ84inTqLdsORpsWqRU2i25epB9TkHsTQHky83kUSqX
+at7iuELBsREAhhUmviJgnRwPiH/FZUVAwaS1frZ27kxEPuicZZKqTL7sz0tHduQA
+TiQvrbuKUDdyLjLRGYLow1LZFDpL1DXZcEI8YhzDVCfU5u0EaAGFeBq+3owBjpVi
+RJCdp9ZRl1SGdY/Lbs+/S+Jxgq4MLqFs/d2+NRijh+jTZfTHCggih5vbkB+A36pY
+CUYmYOsnLmcV4cD2K9S4X1Rgl51rLqnYRuJLIgNW2yRh/g2bCHakLqUeHOb7UlQq
+H8CIaxiSjdS5tVntPnQQYr9DwZ137JY4xBLMzasFYcU70DWkCO/xTA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem
deleted file mode 100644
index c4536e1bc9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem
+++ /dev/null
@@ -1,230 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdEFueVBvbGljeTEgc3Vic3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCSWo7+2d9aVEIC1GxMTDBcE+ozTf3DLetgbtqH0eb/EK+ZLwVz
-cVTjWrdl1UTfNgUR9FkYIxWkXmme/JXqvYFtYTmNiz0Yj4KGpl25Mi4qoxtRFk2M
-BKLOpp+oY4PsNGSc5CMRc3sfZHeKe8jZK3nA4G5nv0/KELI4m69QKI7u4wIDAQAB
-o3YwdDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU
-Iskd1THdwnbnw9yS/MCFk6rmzc4wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgw
-BgYEVR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADf72Lgp
-rqTepmy2dScOvurWUGzi/mA303snWu2b/DOnZOn2MJmmN2OIau2+7H9N1CVJDq+9
-gF97Zy3sIukm2yyJ623TL2sO5JeKNIP87CGXEiuU8qe/7BaW8C4dkm9dE0hIq82/
-vPG+JF3KAey6HeGOdaLoj+DyiSWJsJmzb1OC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitAnyPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQ
-b2xpY3kxIHN1YnN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MG0xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAG
-A1UEAxM5SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0QW55UG9saWN5IEVFIENl
-cnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ/9Ia
-17vdObtOssUs8md1zwyBeKcC3f6mFfybdaruKZpzVmuAkDJec9ZV+ye3BJUB/5Vd
-FE+xni7v7HcxxRwnFHLMDEqoBYuAuMxi8tWDpWAT9bG9tlMH27i6in9PqUFDtMba
-A2eI2p7J64Nm+mtNtbwY8obe+0CbvRPJDnBU+wIDAQABo2swaTAfBgNVHSMEGDAW
-gBQiyR3VMd3CdufD3JL8wIWTqubNzjAdBgNVHQ4EFgQUON+KAQ3zmTRqwEhvTM0g
-vMZUZF4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
-BgkqhkiG9w0BAQUFAAOBgQBxH+ujnhDuJ8w84wkOZvsaXK8TaJMO7AkbWriyl9Bm
-rMj0tb0bKud0bFlnK+uuetnpFGNysBArTwGQMpQ8C9KsHDEDVoC5A7TAUXHJgtyG
-geWX6fiC8ZBA/LDkDjqLchdfF2r/Enjo84+EbjA28xHQeJt+AMv2PrX41z7EWjjj
-dA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:22:C9:1D:D5:31:DD:C2:76:E7:C3:DC:92:FC:C0:85:93:AA:E6:CD:CE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1d:88:c0:b5:68:f8:c5:35:0c:66:d2:54:82:7f:06:cd:fb:e4:
-        14:7b:81:fd:e0:ff:7f:0c:33:e4:b4:07:82:8e:40:8e:46:36:
-        5c:05:8c:72:bc:b9:83:50:2b:c9:d5:23:08:40:c9:a3:47:ca:
-        cf:41:15:86:1d:a8:fe:50:a9:ec:75:78:c9:d1:6f:94:00:86:
-        c3:05:3d:e4:39:af:b4:a0:9e:07:88:24:fe:66:f9:7b:f5:95:
-        7c:dc:08:c5:ca:e4:4c:d3:82:bb:6c:de:07:8a:f2:18:71:ff:
-        8b:d2:a0:95:2d:c4:e2:12:37:bf:12:cc:e9:bb:75:de:16:9f:
-        86:32
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kx
-IHN1YnN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUIskd1THdwnbnw9yS/MCFk6rmzc4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAHYjAtWj4xTUMZtJUgn8GzfvkFHuB/eD/fwwz5LQHgo5AjkY2
-XAWMcry5g1ArydUjCEDJo0fKz0EVhh2o/lCp7HV4ydFvlACGwwU95DmvtKCeB4gk
-/mb5e/WVfNwIxcrkTNOCu2zeB4ryGHH/i9KglS3E4hI3vxLM6bt13hafhjI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem
new file mode 100644
index 0000000000..55fd665be7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CC 64 FB 32 6F 67 8A 1E 96 53 A4 EC FE 77 2C 95 89 CE E7 02 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitAnyPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subsubCA2
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dEFueVBvbGljeTEgc3Vic3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowcjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExQjBABgNVBAMTOUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBv
+bGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANrGXh8C+n2LlFXpLZsOJgBIEL0cYBmcOraLKe7Uvg2hJc9AD8r/
+z8WHmVQlSq4B8l5SFHNeRfZ80BEnvnpsTYyLF8ANVwtG5OT/tYqaJnda7njYnjML
+hMkR8VHTaeplaXavFjQAesIG/JXDzHpX4U3FzcLo32jX30Jl0t1wSSVgufSYzPmz
+vN4snvG+K/U6wIwW1Zj+bzDTf+WFNTL2KW+jEr7X8XfWi7gqNUaWdqkskRAkBM0n
+CyiuRiEe9bFulCodYxEJB2pJKwdjXCxdHtJS3FiwOq86oOXgvThoQdHgxbAt7JWC
+RqwyDXmi1cLLG5sioGKwAKDcE1jtuL9Ep2UCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
+EX3AnIp2+Ukz96SBS44wdZU76IgwHQYDVR0OBBYEFJ/nMvWSZoe1IShDy5EYfznX
+2OM+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
+KoZIhvcNAQELBQADggEBAJjr02r+qm4q+XG/oDosR+zfakP0pcDGVwwLwHqHV6i6
+hf32iODdTy7N+3GfB1vOdWJ1HKJT8TbXcM/zyYyglvw9rXAWdeaTeZLExRaavB+k
+LlIAycxXFl4gSslEqbxnGl7FN4BN8DAa+4WtHwW0Ff3U0wTbSNMBx4x7skvP/9ZO
+8Qllw94V7dAwBUDwbVL185tJsJI87lMXUqxMdrBCGoa0lqS1I8ZFCYXV0TOCeeTI
+ruSYrANu8eHRJliHGb4+SAZ9xVWFqsqAJyqrs+pJHFm4+7q/YdBeVjV70jTjN+R+
+Jxh+nojv3Cn5l9DmG8xQZzc4Q3QTsd7Dpmb51+N+N7Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CC 64 FB 32 6F 67 8A 1E 96 53 A4 EC FE 77 2C 95 89 CE E7 02 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6A1C69F9982793EE
+
+k71tl+AyI5R0Zaid9r0W4MdpNwhQHzNbrE0OybQzNpvyMYEd45AAPZSkTw3P0loK
+MyWXVvI9Y8xTBtorqE0bHlPbpJhdxBqv8NO2glThprJYVG+G8m9O3y2/vKSFCOqr
+nsHAHR7X4KjpPif3gTovYdKLGRDBSpFnTzwGGEHX47Ey/7goy+r6gbHYfpGaCHwQ
+UcDpatkSc3GUkgSwSodNZPvWeymvdZBXyHyp73GWN+tgX0WyQYsh5bADAjIsReXu
+D0wnzYcXQtHxmbQbqv6QyXiBPY91GNxcvAwa/1QcbiI5O20EIieOesTQI31yCRHT
+a8mp/E47C191Gn+9DrgXtk4/YyR2JIWxhsbHceTOCN3JLnPngFHKZ6A0bNfLtZP9
+Uj7ZclhcVz6dxoqs3hM3j4MEGJ2PMNp9u+03He2Rt1NMZuns81ioXSzHAWsGzVSn
+PcUyqUMafdzHlGYLxq7NHzw95+SpSvWAIXDnfOfrlZiP1LOnWNwxFXWnQ8JksahG
+rQQPCv7YFhTJzr8MvlKdDrOoG709ANpsnWgf+G1vD9MVuZ7ZrBHSFFzjnyZu4OW9
+c2JTlB+ZPWfspMDNMhuVhpVkOWktPFGpHz1sB+r/GsAq3MqeuefcQVeR9hHApbdZ
+CBwHqjZVatSDMV6DCXGPAjShRLLNAi22wa+Nsu/k4AqSiSnnT/6UWyFTwYDBxk0f
+fTqHgOd18A2vVjL90tlAlyzC6vcYM/fM1xmBaX9y8M+MesZPBIAhMHN1Axl4iX5W
+q5vkqh9u1pxtKJnhn9pQ9g/hqZbcRp1T/na7HWAzwOoty9157Kl6WrkRFiJXicy5
+7MsEzjyUPtCv51YVgvNHVGadCeQprKkVNYjuZAzXt0E901xqyOLMOeFv2LSwAe6N
+BE3BMBOq4QIUYw1ia9bKeju8GdfdDKpCwbtnjns1Pk5O04TCJFuAk/1VWzKnfGUp
+4+JrN9VCM6x+Rhwlw+uHiDDQwgRU0W41BUJv+EI3Ol47NnnuaaRYGx36q3k2XVhk
+/F/KoDDyDcc2P9oxGJTdkimmgSeW2XTkoiet7Oop+9SOmr8+6QiPuSe3hTJq5548
+5ihfZVZRzT8AOL3wYr1RTYfcEW3/Yhnlm3r2htLphB/05NxcZJTubVpybHFcfZSD
+KNqqjZicL5MwMR8Jx3/oDKJ0Y2Hl335HUZez3d4SFuNf2FTVe8gLPEe2l82SFLJJ
+WOyIpmKyGI3GzkIet7hi4V33va4Yvvh02IPfKd4JsDXYMNoj8cusVRuDwobFbLF6
+rB1UXfYH799oAUBnZBzNLip2WKCBqU8NJi4aYpyszq4afuZ6umG9oXuXzXBtSt0j
+32kdr8/7WrOJzAb4qpzKjY0uPrh/W8hR0tJphVQB71qFMs6jKc6TFdeuDORnX5Ky
+45U5ZL+WeRF9+s7Aoist+n0ObC6kdVUMd64Ft7VPmRwv0ayOuMvdBvKTUMOeDgFV
+c9vaPZHNo5d7Rd5WGn53A7f+9vs54sx/GcXyYZgsfewKqmautEGmzmwCxP2PA9KL
+6r2mgE3b7WI+AfaORZh3s6r5GK0jtbxLyobFxWfG+I/bjjj4cLDXJ6fzcpSWM7uD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem
deleted file mode 100644
index 5d5bad56aa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem
+++ /dev/null
@@ -1,200 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFH
-MEUGA1UEAxM+SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFwcGlu
-ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBALSurY6um4v6Evz2ZZkBR0WlROEOIvWcYk9AFjbvZnEXlHBzmkfiz93q0Bi1
-a98FZyy05zNbGmfXdXDbAuNwWdWnYFJqFQF5yKUTSQOjNNy5afttfVbM3ibrmE52
-KsMfdN73UU2pHclkhpRJ9ex52s3nofBFCXZQVRZzoeOqe/tfAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFEGmJOdLRsqNTr1i/ZUfoEVERdaDMB0GA1UdDgQWBBThQ779KH6I
-bjPzWxJ3ysMVnek3RjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAHsSdG99XQKSMIQzQLp/vngNcqtmTCC5
-jBCt3KnnUwJ/Nrk2oEQpRwjetItPwFFYN/IR1MUnb0TtKwr+WqFeMI5MgyzkuiG8
-b8Wi8Nfa+GP+ZaWx9W0hIwlvixhloYr/wO5roHJLmZdiyrUJlEGb/7VLK5ZlmSDd
-LhmwYoEZUDxg
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwDCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEn
-MCUGA1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC8nvl2y4d/yNUHP7aG5vOrKPi3d7UXdNZHRGzP
-KFYbJk+OVhNwnX26uR8hCEDDfjBI28f/541hjsDbgy60IS+nCklaPQkS5uD2R6Lq
-9WPZpnSNT+obNGFQqIuE0iQbBIXeXKy/E1lxCIQazKZHl7/QhjIso5/eRagUVF6m
-ahAnsQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwV
-MB0GA1UdDgQWBBRBpiTnS0bKjU69Yv2VH6BFREXWgzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAKKfnJVgNVANlABGqhZPFB+MA6EeX9BLJIERR69poKaUCigLoIdovWQx9/sT
-MYvGE/gIulPhyTI2P+UM8yJHPmsucrlDwVwgyTE9WCsfVRZOV/DVqGzvHtpUGetp
-GZVUYWRIJtdAFXq1h04c6KSFenC2BqH6A19N8SkUyT9v8khC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem
new file mode 100644
index 0000000000..c06445050d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A 05 D1 E1 38 BC D1 DA 42 C0 F7 50 50 DA 43 FD 84 D8 96 20 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBv
+bGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp5QAd+u/Uos7XJmpFiMxS2UfCoX4S7F2Z8X+H5aE
+ROK+YmaczS0wMScaDNXiqifUvntr2PEVPGpjAdVg711oP4yJUO6yxljUqZl/DVV7
+//qRPkD76MUCIxNx1dxLrsOd6PDmFV3ZcS1w5R6dB7E4AGV6jG2ikMHAp1UH69sJ
+nxbMKCtpigzpxYTQtcH9+oB59lMkkAtSk0k09NvW0GHlDR6+suZgQHHfmJMV8C1+
+WitpjZncCSlS6jc0QnYpGeytIPY3JVq5I9xaaiBsKLQAxf+N2XSNzs/SoUWDNfPy
+tBlUdU9h8HmLx5ZB6OV8fF0G8jTH/kJ9qhOtzOBGuz26BwIDAQABo2swaTAfBgNV
+HSMEGDAWgBRZuWxk6vOuluq2UVwljzvP7fWTDjAdBgNVHQ4EFgQUKnl4yMYjPGWd
+wygY26eKCylWgpowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAmjzrR+7LxCOYhqiancHFg4jAXcy8IQNF
+w8M3p9yWNIusPl3UwTBGf1o6nn7Pbp+sWPrqsdRETfOk+14+UpVFwwIu4tpNdNZN
+KQGsovaMjGdr1ZawnSxGg7s7aRaTA/EN66brxdWQosoDVPByNjDIqzLx89UIcEPt
+qVSK6UukAx6UqPPyZSj31V3VK/5zCvpaSmekzBdmRYoRyhTyCE9Siqqtqh+MOJYn
+QRGpn1qPp+wZAqH9x4g+lsuUVjU3mll81rwQGHAWke/ZAbUmzZIkw2i6G08SJUhY
+M6a3CsWate1y1nryzWjsVOzERK1X1dkKC5GsYm1X36COcZq+lkIshw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A 05 D1 E1 38 BC D1 DA 42 C0 F7 50 50 DA 43 FD 84 D8 96 20 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,45343F863105C0DC
+
+jROO6JFmYZtrJFFPJ803OpyapdIAijSNsy44v78PGRCPbqp5qCErYohOUfD+o/au
+iQZIeAOqfJQA4M8PISN7fyIQjfCoKT58HJ2O3R1x65CkbL7eSC1VKkTvOcZed4v4
+kSCqWp66spB51u1akvAwd9EYTtdZh6HPFg6wf89Lpav1sagKX42e5A3E6WhUasdk
+/WGvLJiar6rRbrCxw/ydicSgM2VmGV4X+drp7OVr2Mgl6mJ0FTbnSFFMREUHncE9
+MHM30XIU1/Cm4cH3jUspYftlRmJetghwLI1MZrKONIHz4Ko5ZXgKA++6f4cKKnCK
+ycCXTj3NOG3VRor/auTzMZ2lqYFsUjjH3QnrfxSKvz1K7Jj81mkdRQDP47vAbi3R
+gNgg2r7vwRpxzQgoVd4Bl2cL2VwQMspXH9RehhuAoMcVOuRBWUKed2abtjwuNBPC
+nENtMKeVfovnbEVkurNVSAROmQ4LEf2XA4HnAIXOKN2TvE4Z64yhuZvU9r9Si5JW
+VEXPpYUFrgFCr9lvGzYQWl2lbS1r8tmZJRbLz/FWm++fXHt3j60IEGMREZw96Wlz
+dasKD/sx96PSa/8PPzwsGGgn8+fvTc3T9F4rQ9AVNlvEs9ynU7Nzxk5NxomgMqBz
+NvTVA6+jzzGP3rmIV0fxdnmTXHSJVb5Z47R34KMmVXBHQBcJ/4jjQKK+ayItymSS
+TYDGlde65C8YRUKg/OGSrUvhKAPh1hxEDza279vTV46+HFDO2uus888+UH/M81tY
+Qjks7kz3l7SjXD9tb8bsI93nI5Ab1fjqJ44xN8GMVehUCFDsrpgQjZzHHUPagXig
+zotyOh5P2OCFuANf1KNmkkbP3xHqGMMnfA9VmGZHMrvfrAh0HfmfS/vrtL9iuPfK
+j/xi7cTHx23FuAx+aUbHzu6vkvdu4pcZoieI9CvZuQwmSTHsuD3XzLEKc51rI7HV
+W6GxUDWb4bSEQMidT9npTtIXpjyGoIYkZyChqJTxqi6UQmvf20AONH88crHpaID6
+cBbtcHjob13A/yxVD54es943TCWFdR8eAhXEcmbAiayhRULWSgNKlsLykPHQ3ldo
+AX4gQKZWtxm/aIEGyoGcWQ14JAz1Seo5B/lmG23gKIs9gtqwXN7rslKPR1dhGFMY
+g2KazhBpXinjFXQayRatQVWjko0R7jJoTlHOewHm1JiQzOcphLugrDIwVKRAnPJ4
+MTpbRrNAJp+zAhoS0PUB51cYzQrWNzgslN+g9D90+fYEPxhTlNkoG9oeSJPdT7sT
+JQhe2tucqY8BHB17uSMsdSlXDJvryefplRtfnveO/b2Q8xcauj/1BSDAw5FNHnAs
+meunYTQIT+DxdD3HWnoJGj0hqHGwzfO3pnFzMz/Y2f0Wl7BBC2exRYwrMmXLFr5Q
+IdQd4FSpg12EpBo7DsMyMGG3VejUa744Lg4cHMgpvHmVnUMzE1a1Yv+KWFLyfxzh
+w44r9fdyveDrtHxcQbyz7TngSRUcQKLcoUwVK6jDWEK7AG8uM2VbuRJwDetqMVAo
+ucVr5gScU6tepyHwSsC1/kSG8YDFtnJtdNy0hhuWcSSAEUAsfwkHbA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem
deleted file mode 100644
index 30cfbd8ac3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem
+++ /dev/null
@@ -1,200 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFH
-MEUGA1UEAxM+SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFwcGlu
-ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBALCdOCljPs8W35hbzEaZA4tSBiEAP7TpJfmh7c+CyK7UORyXxmyvM6U8V4Gs
-PBqmswzgVMkMhosS/Bhk73RmCn38i5dNYizu/3yOGp9piOxNNtktH6bhKyeHq/wM
-hHhgiZhACGBZZDdZFinn4ohF2SmbpxFuugZsJPnX4tj1KZJRAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFEGmJOdLRsqNTr1i/ZUfoEVERdaDMB0GA1UdDgQWBBTTdhSEDG2I
-nAn6zC50pNDdzdZIezAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBAK/N3uvvde9B7whxXVd4IA0MSe3DHGLK
-n/OBEw3cIXCYST42xPqPV8mkuz82JMTlete1834sdk/ayNFUloeyXzQTAdDg1JoD
-s6Cq3DzqfG1sVcu3wcsYbmpq7zxjXAERJQb2xSOYTvaJC0eb8FSfY6pXWx57qak/
-EPSox/J2fkc6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwDCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEn
-MCUGA1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC8nvl2y4d/yNUHP7aG5vOrKPi3d7UXdNZHRGzP
-KFYbJk+OVhNwnX26uR8hCEDDfjBI28f/541hjsDbgy60IS+nCklaPQkS5uD2R6Lq
-9WPZpnSNT+obNGFQqIuE0iQbBIXeXKy/E1lxCIQazKZHl7/QhjIso5/eRagUVF6m
-ahAnsQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwV
-MB0GA1UdDgQWBBRBpiTnS0bKjU69Yv2VH6BFREXWgzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAKKfnJVgNVANlABGqhZPFB+MA6EeX9BLJIERR69poKaUCigLoIdovWQx9/sT
-MYvGE/gIulPhyTI2P+UM8yJHPmsucrlDwVwgyTE9WCsfVRZOV/DVqGzvHtpUGetp
-GZVUYWRIJtdAFXq1h04c6KSFenC2BqH6A19N8SkUyT9v8khC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem
new file mode 100644
index 0000000000..df95d54f0f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 13 79 42 A0 AC F6 47 3D B9 5E B6 E8 5D B5 7C 8B 86 3B 91 37 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBBTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBv
+bGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA7Ubrj1mNP+NcBMyG2sr7H6cZ6y3lj+3xG6IfCsfO
+TWglSnkb2CjlNIx/NjcGYn1YNubiDge31rG7CZNdO61NGtYgFxiAl3DQtg2HR+se
+TWg7h8ZdTt6bCV2ccoGTajtCzKtfJbxEjC+ah94NvIk+IHcEu7JSf9A94efdSxnH
+ESeVTat7aPkW7UlwTUZ/ua3oJ+1WwdUN3KgVmB9mDbATCYfiRk63RL/X1cKQZr2C
+qYGnhh8ugZme/BgoClJrvDw0rYnepgPxYyV/XDTHe1F/KCclUCt2X74n9kwIGcyk
+89i9pk4Tmr4WWDkSViuBBym+f/SDxnUFsgg4d2k265vaWQIDAQABo2swaTAfBgNV
+HSMEGDAWgBRZuWxk6vOuluq2UVwljzvP7fWTDjAdBgNVHQ4EFgQUsEmMF+z3zVR8
+cNCXb40wgeCroccwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAShWF28EnDlNq3BCLCZnLPBE173JUcUzG
+W8M3dA/+WBXujtD0xCKDnWMy+2QVNZkiao4ovBJBhZQXVVhkv1lGulx6kpuQwv/f
+G8HB0esbeYOvGsRntOQM28vpioCKn2+7jG79SURwXGLO9k4QtQKEVrbOyQq+ki1O
+r4ZUIBsKnsQe14SJJWN/vqAOfvoA6StL6l0LHoGr58TZdEyqINecPq0Uw+KWQLpN
+oq//RG53Vm9P6yujzumBLf6llJII1izqotfy7jjFPS0azvJUO+LrtNMZB0Zf+8/L
+0yj1hgvr5+em6YVvaOX4kG8xBQuSNYLyPF2O9aUo97lqZLKvyNm7Kw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 13 79 42 A0 AC F6 47 3D B9 5E B6 E8 5D B5 7C 8B 86 3B 91 37 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,713450B885AEA6B0
+
+XUgfUQQxUwpHLBeZxdJ/HzBHng6cMez7ndN+8M68U02XwYk6Ypa31Ny5FzdCV6Nn
+tNDPlFUuc3aoH28fAcVccb0wFmsGYcodnYDqlsEyB4ednidgyTB46m4wK34kPH7H
+86wztEN8ruPKZIXUQM/blOC6NMbJsbFSGS0v+izolbX9ne3YaHqUJ/8/fxJ7HV61
+ZPk8f0xlojgbYBetrzD0bAzmJfTTjUgnBDTwE7HxS0lydnqZM6BBE59usDZ+n0Py
++TzRl5v+IE8aC9Y6n2LzxzoXNNdsIG/ooSmPYwx9lGFW1meXtALaGDsEKS/fJLN7
+N1CEOpatI5lKbpJX/g5Z3sKmFLdDaqlOBWaY4rqp3OeKmCDsDonu4urBfCwGmWMl
+LCEXXqsz51BtVoLiP/x1zzjdutgLYx3M4dV4qkD9hiCPeaq+BCz/N8nc2bKu/ldt
+j1jV+/xQs3VYNitR/lhN3Hg32m0C/VSZ428jJUMKbjXQBca5CcYN2yGEpLAC7pnG
+C+IW2Z1w4nBJfs4KCeB0WIeDc6KMPgsiG5Joc4LlGEssmMJL4fHENyiXnA48Lc/s
+jF6vnWSjOU9Lck/0aoJYhNMoXebVhOddexAS9vjl90IV90MYMBChcPVfzqRbMOWB
+PMX8z5RDOV4lcDfE1whYmkkjwnU7H3iMYXv3vCxropvj/YRk3cu7DCS9FN60BrNJ
+ybU+uGsTFog1Rl4hFP5KQ233dy9+cpkkgc8qL6QSUeO9iebDPEVyP8uiHv/n5Add
+yEQTuyHIy4EsAFmeVZV1A3zXi0RX0UoHJ/275EJhh2apV4T9hhvAkoOxy8EC2n8m
+UocPHdBs5HQXcyVa2nmiRwSnXm04V6SldsunJ21XiGMWAckDLfSxPYuwNgZxZx+/
+lrd20Ol1tj6vic5k15iCnNK+kaTjO+EkS4/0XrJBtve1Fa5HO2RVuLiGG3ddqfsY
+Zdy6pH4N0Sb6B7y1d8qFRcRE56sWK6bGwQH6Uwq4IREMwfNjWKYghl0Vg/qh6+WU
+djCXwySkWkxzR4sswSisAAFqH+NBdBPRgFU0UBy6ayggEO8Ry12UnDV3Ver/TmpV
+KX/tiZ+lz4DRHj+MbVMIOXJtpNxlfiByof0MMIRQ3RE6Jne/S9JCVqUWTLVb030J
+RXEa0Z0K7w+6eWKF/oSaNj4u7TQvX+sO9+DNYAfwVcW4XXnIfTUovsfrC+rYaQ6P
+/9kuB4vDmV06sCzCcBs8Xuq+wywAUJOu9t9xGNHmiEfCCcHrz/qx849flTIAFrvB
+yxR7KQ/4bCJu5f7NmdN6ZY6T5luQY7BRmE8Sf0D9IdpWxXO8rlmhnnk8NJeY4YdJ
+Fz8xaWb2AtvBcaVHkgK/mxlE0GuHVQqXUVf7p9N2Jy8wCbgk+YN6ycEqD0DTJHAz
+MhsSbkHICtLQ+hccdAZyzQjVnggzjfgrejJRKvguDvTa4kS2Up0yfo7IZWkQITfU
+iyKgd5gs0yM1tnUEI720CKYkuwVmgeB8PhbvKeAUh4aMCsWGtYyo6EoQdFR/RvLN
+4LcYszGIv8kVZtUO1jNinHSCQ0S+aMUwv5MkVzgstZBudIY59YUR9A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem
deleted file mode 100644
index c6ef8e0f7a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem
+++ /dev/null
@@ -1,233 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czFGMEQGA1UEAxM9SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFw
-cGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA2ZkYyttS3QceAgvQBMI8apGZ8GOGdNJJrZmaGrXTlkDpRqFBGwv5vx0I
-D958BpDYH1LIN7/T0VKWubFI7UIsU8brS5aic8C92RXCvZM2QdGkQKoiWLE66AeH
-+Fy35j8Tkrk/hoO764l/U3eQB3MD2u4Hf5NuqRAGcngjWAJyIjsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwHQYDVR0OBBYEFDKnsv6Y
-5OcDK1R9UWEjFuJ9ytbxMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAMwDQYJKoZIhvcNAQEFBQADgYEARAcPbJvFFgARsBpZO6o4SSHkn4if
-ZfTlwL3z5foZWrjQ0JDVIBj6uz9n3sP0V/xTfR+ZYVH13WgaoIxBIRMhV8lzW7yu
-d2Zz/d98BA0wwE8C9yxqVUuPje9zLRlmAEVQcYY4eWMlFZz2d8XHyckt/LcrCYrK
-iNQtbHdgmlb3dDM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzSzQEVqFvTtWkK35YRQKG14a/Ui8zOCix
-lDhIv5FBbG4G15V4laMoRYB38uWxU4/v0K/7UsU7J2ZQZA0iJNgZdYZmM9mMF//t
-37x13Zxd4GcHDbX0FoSgZUNXxSF/AUN86GXCCjrFMhHZAFgqLuYaust5NQdTk9Li
-tSFfyfRl1QIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5j
-MwwVMB0GA1UdDgQWBBR+l0OkAn3eZZE7Nxl9J70SpPPQozAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALHfJ6kZFXxW875Sui9xpPd2/OXVv4ltULYqS4sYa6iAKR2nNl2dwe4x
-g4crvrxXC8Dp29uqsmno4zOqNaSVjEYctbN3htkL/k/QG4Y9GgklkdqZosT2UXV7
-BI1xQXAiQVbBwcABjHTEAoW4flzUO7+GhapXp36TsEUOYA32+n5X
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:97:43:A4:02:7D:DE:65:91:3B:37:19:7D:27:BD:12:A4:F3:D0:A3
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        04:cc:f2:b1:f4:89:f0:41:53:c8:66:c7:4d:6f:88:a1:63:45:
-        28:ff:81:51:07:c0:ef:98:b9:b5:a7:9b:b3:77:d9:1d:ed:f1:
-        6e:80:66:f4:0d:cf:35:ab:67:18:fd:e0:10:7c:0c:06:50:44:
-        fa:4e:bd:eb:1a:69:b4:e5:80:56:a2:21:b2:8c:0c:36:6d:13:
-        ac:b4:1a:00:86:bb:90:69:00:ff:66:c4:a2:16:bf:e3:70:5f:
-        2a:dd:c1:78:cf:a8:cf:1c:d3:33:4b:b2:67:6d:16:96:23:3b:
-        08:68:e3:00:c0:71:88:38:16:17:7e:fd:fb:f7:5a:79:77:f6:
-        6c:f5
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABMzysfSJ8EFTyGbHTW+IoWNFKP+BUQfA75i5taeb
-s3fZHe3xboBm9A3PNatnGP3gEHwMBlBE+k696xpptOWAVqIhsowMNm0TrLQaAIa7
-kGkA/2bEoha/43BfKt3BeM+ozxzTM0uyZ20WliM7CGjjAMBxiDgWF379+/daeXf2
-bPU=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem
new file mode 100644
index 0000000000..7f8ad6be61
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D 6D 26 20 E8 AE 2F 69 0A A5 F2 4A A6 C3 8A B6 AD 96 4A 2B 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJp
+dFBvbGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDgwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC21AXVGQebH8AHBIoewxwmy42xH3DuTS5GYC9g
+FXijp4jeOhdLJCM2uAzHMM7Qib+uSYR0O/Cdz9NKQ/Np9gudh49XgtGMzflsjSM7
+SgijS2qF97/TYv3wq8BkFjATs/PXJWo2S2VQuPce/yHzo63LO8ObEjnHcC1j4r5G
+LY7718RgxXw6NeJDSXOxwJtFjPLMrXEFSVOiPh0vbew3EM1x9ieqJqVwcSaiBUpX
+qIawbxJczfi2UqTuj9SVa7zuObF8qrDdhkdNUYOEFc2IzuVVIOskotPcAB4PwbDE
+HFw02dcwdFrG5BUHhpdvIOmEy5IxQXwMyvsd0Phv/kwqNw/rAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFD5FdKKL0vFWjEYBZnhwJMYiwQOeMB0GA1UdDgQWBBSyFwdJn4xf
+l/2lQPJVfyRDZWC6gTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATADMA0GCSqGSIb3DQEBCwUAA4IBAQAY3dfWtAt0zVsSibvIAi3jQ4bHtVq6
+jSo+i/7Cl2E2qevfmDrS/uUPwjjUXLOsJeiyFIPl/lB8yNC8KkT0oEe1PTr34gLw
+9TTnLt3ZRdCbKqg2WRMv9Y1PsBgWTRcYED+/0U8UQxePr2pyHDetdpJuT+phwvRc
+2GvvJ10UjVJvRCVw521PuHwDyF8JBmpsJQSPOe/L+jnLWOehAxHOeI7CMaqsddpq
+JEq6LZ5ofOV7JaFJMxYscuj9mLRKcXTAnnWUp/9PzrUGI6wr1WG5OdECNwQHqO9s
+uxeEelksAhiqK4Yg1BFJeppQvyfKwd/Njw7ohwTYBcsfojiSLl2a//HO
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D 6D 26 20 E8 AE 2F 69 0A A5 F2 4A A6 C3 8A B6 AD 96 4A 2B 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,63347D0B822C10C3
+
+HPQLqJ3F6WsoqOtawonx9WdBroYveRAPN69bZFHKZ0pygr/kwvoCe7hY7FWZP/4k
+JlmpQ0fVTmh6nPRcl4KLc9Dk3CoJYLZwejlKMhjpF5SEBMuoYEqZYC8MGgV4NOZt
++KLZCxTsgXVz1HOXVbXXKZuWaf+X2ecbUPU71/aij6GZzYQ9uoJAZ8lPmW4T2Ndd
+ibtiMvwJO4R6V6CTdGvfaaQ2wrD0h5MsR6ZZXdLLKyu4KviFQtX5kOhn3K8eUFTT
+IDLmnE7mZahEiKmDDQ3p+eO9xlgUihwG9L7l2hXaSHvxEtdglqAPW52Ym4gzKzfD
+LJlA5la3tXz13c+syqO80xkhZOs9ZAJJYvvrcVG05kFWADr/Mx6qeik52uMdizVk
+a+ugMhLzdnaMQDGbH0DPaes0mV7vqkVv+3M9Zhad7S6VpqkE10SMy0zpOKuNdPu8
+ZpaEN/DyCwLGcpYRs7KnsCnI7pZV0stizEGx4SzuMiL0JTEcky550fxGVO72GLlM
+RuMHohNxAB9ie5kCJoM5QiNGaDaw8x1k0duTSGpsN+ZDFvE/0KTq46Mwumfx9cVU
+mPhkPiiJ89tQx7Ejv9wUK1J4w14DkATQyAEueZePTQ04YMF/spBGXb1YtaMqhbpF
+HDwcnwL+dXH5N8R3HBxUsVKk6fJMM9VfzmmJxw6g77quo/amRsQqQBptD8pBDms5
+LziokjnLT7Jpmc2g44HtTTwKFmFi1E/DZTRQp3nx6WcsYI4o8waHDk2KSY0A4ll0
+2OgNYwiEh5J60dsxMebTORFO/DsATVHE3kCUGvS0I2uwnADgteO8jrTCRaw6Mq08
+VucKsKddHLiC6McgdQukFiRq0w0vr1vcd+IWJwTSlHcRheDWOfaguJYoX8SMBPu9
+Et15NwYkYl03cZB3FNPXhUouRqYIwL85dNCdYlyp43hWQRg/LX+ENaSNr/hJ7+ea
+9f8jYvH1whWj34YKVYpFfbXu2yJyvw2Tz8yTBRiKWszcSXm/uXRJczIzWZFfWRp5
+Su1Qeh6CBjpj/yXd68xsqdOc/akI/ftZvrvklJxbUcJ7u35oTvcTtUE8k+aIvGBU
+HvA+cX/Jg12XuYFRIsdHaxyocuWNum35RY9IktqEkcc4xhY550kAzCvgTFawA8fj
+ODQexc0n8SEc3a57VpRnXLPRe7uKjvNeqjbymRrFhohyvB1pfqgFGKmAb7ppUk0d
+1KIART1MaKtG7/IbddaEmyZ60QaP5N6UtiOWbtZHMSGV265XOoh7YWiT15F9p5go
+voqg0d/RHqlxisDcXOyTS3c3dWsqixFEoocEgocpDVCQ8I6VB6cQ8bCicwdp2AXQ
+c1cTmuOlQHmnQbGR7wahWEauEMMa0QUFz75hEQO+qwygtrTxwetTmEzXlVVU2Ruq
+56Hu4IjlXrYpC2NAsE79hmbguTGZkdlCbVzTC/vKjKaOJ6KlWUDdfbgHFJzRkSoJ
+uC0D5I+fFy6kdBpavlCEYktrvR/PnHVRtrE32i3UevEsfc80+n5QENqutYS40d9P
+tL+xPb3QYYkiLbgfLBf2vttk52aImULXlPQWqzf288dSE+WUKaExM/qMVii0t2Ka
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem
deleted file mode 100644
index ecd49f4f58..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem
+++ /dev/null
@@ -1,233 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czFGMEQGA1UEAxM9SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFw
-cGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAylxeQoRBPgPQvR6PrLfrhYdQPa+pAircmIyNSp/en2b65foW6Dvx/sHc
-Y9lLvbx48Dv+XPUR4a0xsGGvX0GBy4GOUv+6nqaFOdce8VYwmIFybQGDaxoqytYo
-bhhZZD8g6dfyWuWMQ5LUt5vyIL2FbCnDevgD/ivnIwBKJFEn/B0CAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwHQYDVR0OBBYEFN+F7ghB
-89TFNj8vas0p8wMYmcU1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAKODQTLmhlOsijlIfpBZNXzohZOzj
-J27r0eok4ACPAFNwUCue2GMNerlrKqHiHChov8zvh4AoQDfcZBwRFcGnRMq8QyDn
-EkxvE9P/4Ib7XERwVDPmVPgvQYvcqC7hz7B7oYO7rigckrroh2X2x/tynphxnIRS
-6Mpc00/1Fs34Cv0=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzSzQEVqFvTtWkK35YRQKG14a/Ui8zOCix
-lDhIv5FBbG4G15V4laMoRYB38uWxU4/v0K/7UsU7J2ZQZA0iJNgZdYZmM9mMF//t
-37x13Zxd4GcHDbX0FoSgZUNXxSF/AUN86GXCCjrFMhHZAFgqLuYaust5NQdTk9Li
-tSFfyfRl1QIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5j
-MwwVMB0GA1UdDgQWBBR+l0OkAn3eZZE7Nxl9J70SpPPQozAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALHfJ6kZFXxW875Sui9xpPd2/OXVv4ltULYqS4sYa6iAKR2nNl2dwe4x
-g4crvrxXC8Dp29uqsmno4zOqNaSVjEYctbN3htkL/k/QG4Y9GgklkdqZosT2UXV7
-BI1xQXAiQVbBwcABjHTEAoW4flzUO7+GhapXp36TsEUOYA32+n5X
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:97:43:A4:02:7D:DE:65:91:3B:37:19:7D:27:BD:12:A4:F3:D0:A3
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        04:cc:f2:b1:f4:89:f0:41:53:c8:66:c7:4d:6f:88:a1:63:45:
-        28:ff:81:51:07:c0:ef:98:b9:b5:a7:9b:b3:77:d9:1d:ed:f1:
-        6e:80:66:f4:0d:cf:35:ab:67:18:fd:e0:10:7c:0c:06:50:44:
-        fa:4e:bd:eb:1a:69:b4:e5:80:56:a2:21:b2:8c:0c:36:6d:13:
-        ac:b4:1a:00:86:bb:90:69:00:ff:66:c4:a2:16:bf:e3:70:5f:
-        2a:dd:c1:78:cf:a8:cf:1c:d3:33:4b:b2:67:6d:16:96:23:3b:
-        08:68:e3:00:c0:71:88:38:16:17:7e:fd:fb:f7:5a:79:77:f6:
-        6c:f5
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABMzysfSJ8EFTyGbHTW+IoWNFKP+BUQfA75i5taeb
-s3fZHe3xboBm9A3PNatnGP3gEHwMBlBE+k696xpptOWAVqIhsowMNm0TrLQaAIa7
-kGkA/2bEoha/43BfKt3BeM+ozxzTM0uyZ20WliM7CGjjAMBxiDgWF379+/daeXf2
-bPU=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem
new file mode 100644
index 0000000000..9529a12af2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 03 9C 43 5D 1B 7D 07 1F 16 A4 A8 35 4A F8 11 40 8E FF 44 71 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJp
+dFBvbGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDh7DaIU7QitpglwGQwVBh4gziggxUNZYv4N9CF
+ua9cMz1wtL8igEcrkH3bS7ExC4XDquZH5UQpQ/rrMvW5McM8DB8yoHcDq6PdTHts
+swQ/IhF9IxGcHYlC6xXf2IDFk/QVa6PGEa8a+M///xPK5m3ikh6LJDJhWwOjcYyh
+uOh8CR5E7qN2F48w/Rn3JkOVEfYzR+x36DUE4qYZ9prP1EE9f8zurYqPNfGRRfou
+pSANSXjvEd4WJgWeL6Hc0KnEbxTvGywdIZFopeyxyWFpi5Dhl0XoM5ViS5IqL2yG
+6yJgtrnhkwRV6vTRr0pZlHul1LPLVf92wGHGe3VdiXRBwI7jAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFD5FdKKL0vFWjEYBZnhwJMYiwQOeMB0GA1UdDgQWBBQGUJPs1t5H
+/XdkaQnJb4buZH4dZjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQBd4fpr0FEBAS7pX+anaaynR6VwZngp
+VoG0SZ0FUwOTvUAU80cI8G0QJCcjQ7Ho6/KmeKznOb7zXJj0j6bmdlUvOTTQCDtd
+Qh3Exa0x4Yv1s/wp3FVMFt8kc5V31ABQDj480IrFjHW5TZF7lsSE3eHpxKkl70oK
+idmdbcVUbLHRm1+S8RYAUMrQn1kJpnP61URJZgiYoFzbCYgcswaIrf0oFZwdTZ/C
+ueXiVLJdlbVkYp4u6FoC77Oo7vcIe8kw8i1byu2PaOmIjpmI4xjOBlYbwnqOeG7X
+Z3vfgaVVMZ/fygknW+LpZZakKSnAkDun7Pm5WRNDCiRRn8rVL0NIYnuK
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 03 9C 43 5D 1B 7D 07 1F 16 A4 A8 35 4A F8 11 40 8E FF 44 71 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E7BB37E587E6FC08
+
+qCYMlRWoxSwmtR9ff3GkkMZm92syFY5jMFQmaddFj3gBagBR7MCMlL8t8MUEvuFA
+VCyYG9xfgDyAGE4o0ALc4jy3ZQG1wqf1WuUeNxNmx1JHtmGGvUIIkIK21hIQVWP6
+1CgGOh1MoCOp3SEI7bBTC//3rqdelq1QvC0tCORmbFZYdNCn0YUjwmLOeaWh1VhE
+YK5O21MUkkcGOaeDEvq8TNQ8GXMCZQVYa0ooselhZpFG7puKQ3Gm4D2IIqXOXtnv
+HuUlxpCYedxF7ggNkJRLhEDYv4HQ7jyHiRompH8dYVTNEhHSw1ivI3TxVC0Rbd0R
+jspNZL3rn8yb4Lf3yembLHLozmREBoKArQPc7rY2SGeuz5lG2szibuJLTkx3qMGt
+6agb1wGVfdlnTd1AOgUL2ChoYiMR56IJFcNzbkfNI5jGuq4TaIStkgdWygnQGJzS
+N86elMc+LgnCUI1P0HZm4RzLV5MTrh4N7MK56rAU6OVCRSLPSqN7ds8V54owjHBt
+RycZLp3E/7o2m93Vp+/IcLSpuVHs3aW0hA49DbOH4UyONIKwSFpPfsfFRIgftrCy
+Tc1AD6rEuJzmbbHPeiB1sxbgSxMPL26r+DiDBwTo61FpGWAoRPEbBptjFzLyKESi
+B6I/DWpIIJLSq0uYtTpE1JzIYisK7GV2YUf2DcmWOT9kfXLlsLNGWOalk5taYuft
+T8vVPcF+ALXQElcr0Gf5WY2UnpWDZ8J2rQZvJZHYVm5SsnvmoX48aUvp1+HcC5BR
+2GLM7bMerNvLQDGBtFrbvLwhFDxBJ6b4MCQ5lLa5siw+tUqRoLJl9IbzruH1mGoe
+zilz8uYUeJ9MGy8vMkxFbG+LeQLQn6bT+3WiWjJoB3K1foloZHOHHYwjiUaguMWZ
+giMBC52RYZRfFI8TmwReTreJFFuEsTwceUaLKg1mlHq+c32MRrNb5133ir863rFu
+tKy7PNe2buXgC1Url8BBC9C3UYUy8ISVLbdUfWmjfeqBrk1uWRdGsb84ZvxMfVzw
+iBbdXCayyMX86PlVCp6NboTn/K+Tth4bQQx9wRSB+sfr/fe6eDnaIQ85LsdoXr+k
+sJ8pOoH8DtTwbiQRsTh6pnivOiN+zTJK4VGDT+7AeFBjRRi7sMF9AkuZWcNiiKj1
+bbYJAEMNVC6bioxnWb4240wCy1TBelFITStR7RtfnVFLTmV1SmFtkLDoGqe80w6c
+I+zPVrbTgoHfa6U7fFIFid5BEhf1oKoySYPV9JlFTvwvJZV7W7EmRx6ycH62r/1u
+lauM0tFYhhuwWvmGB7ha5uHne9wKPb4rJrzApG1lgQEi2IR/MYBGj1UkILAqx7sv
+3VxBP82zMKJ7otH1TiiDMPWqanj61jUFfGhKx3S0SpDNm1jklIKtO6U/1bC9T7Xy
+jXw7fVPDpH26/gBSycX199ve96uvolzAmeF1qY9PY1CF2fnJNaZRzoo6glAfNr5u
+LwCP3jKOT8YRVUfLDMKJlWU7/8OJDR5FQCIjjaIDaue5dzRQYPAmmqd69h1QcG/7
+bdJOy46SR5R0dMV2BpGkf5T5Vk7oP8I0I1Qtb6hy0Ew90HH5Dhut6kHr7Sju2kPm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem
deleted file mode 100644
index cec2eaaf87..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem
+++ /dev/null
@@ -1,179 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDDqMCqoLUxLw5wCcxhD3+5J80k2C5ESu+Co4n3V3Nu2SyzcfKET0wx5QvxYm5V
-bzsntf6IudJpfXgzxHIwJ4i5v+Ycc8NYiqmCNhsW5sFRzhjQDyTWu0fEYm+tmyBv
-FavwXAcp8ptUMElDMAv/bKSD+7MDC9uHZQOmVsY0ndcNUQIDAQABo3wwejAfBgNV
-HSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUOK0lyEJa1w3p
-SvQY5iylU6RQ9EwwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAA9NjcDXXcF4
-FXkwZWIDYtowLXCpbshsU80nGx0/7QVNApSTnUq9pe0t8qAClcYZuaXgB/uYINl5
-qozAW6KR4wFaNUv6mnm+0ppWeiTnIn5O37IycPbAKVZRhauf3p/cTkZ6RZ3MJ5Q+
-fMTJscvSXtMhU+Q3Pp5PGRXlXhs1zFNp
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAsFRY6folIcigIrpQ/iMlyqdk9EBMIL6NqCJEqkvun/36zcYeHsPv8t29
-hFHDBrhQT/Fi+9MNOXx0uiJT0cetYETo/HiiAqub27NG0Z82sxwsEiLASEWZ4ctu
-8AIom0mQl11rsK/4z4OemcI4Mxh5j6fCiI1ouogv1Vx4us4ew/UCAwEAAaN8MHow
-HwYDVR0jBBgwFoAUOK0lyEJa1w3pSvQY5iylU6RQ9EwwHQYDVR0OBBYEFAJSemtC
-TrDjzYKlY89uAwAjlIk1MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCFLUIH
-3Nuh+TAs+Kpg/tZTFK3cl2DGM1+W+wnsgn3pQhJnqIYCI/iAuPRs2bJGH1lQ0CTr
-HAQU9y0kmWpsNCzI6k9ZyuLd2w7MdXezVhjpE3iwAQCnVG1vw0MTFGzyR7wMeWp0
-Ejrp6mVdwu8LV6lngeqmNv0QNjYSutrFAsDHUg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued pathLenConstraint EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBv
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBCBgNV
-BAMTO0ludmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDE2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfnEYg
-5tV8iksMhoNkR/PLNDStGXw9l6sTCiF+m+EF+/pDeN0Y/509SepxvXOZbQ8D7CkB
-PfgmSL8hs0dxdE3Fvf/AjvTFyyjI1q5wkFXd/qWMewquuMMm2j+FWn0fmSoFnyM6
-EEYvKLhqj1QuWiJJN/250ngjuufsh51HnlR/6QIDAQABo2swaTAfBgNVHSMEGDAW
-gBQCUnprQk6w482CpWPPbgMAI5SJNTAdBgNVHQ4EFgQURA7pZi8vxURs7KKf3U9B
-ItsxSAMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
-BgkqhkiG9w0BAQUFAAOBgQAweIEFGj6V0Kr9Dz4wEyhUVK5bf5Frg+J8ap0YnoNT
-EmoLFqQtKPB3MVfcUkXrZAY149XFJJLI0v5VCK2mBN535do/Grxve2MMW8BbmmU4
-FQOKJruMJARneqYEHxbZUEmBvEoIoi4C/2SLxO7hOnhpiK+6UsetU35F19FPfGVp
-UQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:52:7A:6B:42:4E:B0:E3:CD:82:A5:63:CF:6E:03:00:23:94:89:35
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        23:10:0e:ae:60:60:7f:db:a0:d8:fe:8e:bb:0e:99:db:df:36:
-        32:a0:54:7c:1c:ea:79:12:34:f1:a5:cb:75:f7:4b:d6:5d:6e:
-        df:56:9d:c1:d9:a2:a1:ab:7e:53:ac:ab:4f:fb:61:c6:86:bb:
-        60:ec:f2:44:14:49:22:54:6e:5e:72:96:23:b0:bb:d7:8f:e8:
-        4b:c1:5e:f1:16:d7:1b:2a:68:ef:ca:25:1c:63:15:21:7b:a3:
-        80:c3:50:97:f6:41:81:b1:ec:5c:5b:77:b2:df:1c:cc:48:97:
-        61:56:01:b2:9e:6e:8e:c0:89:05:82:7c:42:1f:61:34:e8:12:
-        c6:72
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJSemtCTrDjzYKlY89uAwAjlIk1MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACMQDq5gYH/boNj+jrsOmdvfNjKgVHwc6nkSNPGly3X3S9Zdbt9W
-ncHZoqGrflOsq0/7YcaGu2Ds8kQUSSJUbl5yliOwu9eP6EvBXvEW1xsqaO/KJRxj
-FSF7o4DDUJf2QYGx7Fxbd7LfHMxIl2FWAbKebo7AiQWCfEIfYTToEsZy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem
new file mode 100644
index 0000000000..edf314a84d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 16 21 0C FD 5B A4 24 DF 48 9A F6 49 6E 38 F4 BF F7 79 21 9A 
+    friendlyName: Invalid Self-Issued pathLenConstraint Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued pathLenConstraint EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMUQwQgYDVQQDEztJbnZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJh
+aW50IEVFIENlcnRpZmljYXRlIFRlc3QxNjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMUAJaSBrAZoZKqqNKxkwBcU+6HyF8FbDUmVONn7QXBreqY5hP/u
+iH4t1VgIIQfYuDq4KuFG8w+j8XlwNyG1/LRipLXAGFPTthfve4YqxksDMlEtjKEv
+6/Ed2/u27iRmTN4Xclfae50TcS/lPI7LcGhA3xb8i1zRV9jhwSOze/lUrH7w7XTd
+S0l+PZXwjFlz4rQF0nglux9GWUIIfi6j98lKkSlozIJ+i9UheODwktnaLcYIJdvW
+fh7c5g023RzmkF35VetdYnalZRQuAoqxRMMMJbUP4fQdHePTSG4N4tazyjeFebnE
+bvZcaXaTpXPe4EGW4oLQQ4yg6RP5f3hQEkECAwEAAaNrMGkwHwYDVR0jBBgwFoAU
+xgkqG/u46T5oYHrHl86zWFF7dt4wHQYDVR0OBBYEFPfHm47xpBBMA/uidLHze1WU
+6Yn1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
+KoZIhvcNAQELBQADggEBAEaV6lhnnBOu4mwaZuNF2UldqMeLtPZchw0uoVW0fwjL
+9BLVSV6A8kwJnxINPrpcCOY56IHjfYR8cT1cbGRABEq+FDsdNFhRLXnUWnaPprGW
+fZo/Fb1KS6EfGupVp2h3jKG8fsSD81KfRaJNc/jbEJi0vKoHIlW87/SHk1B2sN57
+wMWG1d13zwbVULq34Dr125HMU4kgvvwyBPx2pf3tf4mAeXK8WlLyu5s3aTrLACso
+ZYRkh6hcY+LNx5nUa6xwU6LmwNg6VgnHu4aHCrjcofFDcF9Ww488XisnugMVo7FR
+8QiAz8k5MWqiBbvpfHkgvWLOdpj56uvH+waD3GjD+04=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 16 21 0C FD 5B A4 24 DF 48 9A F6 49 6E 38 F4 BF F7 79 21 9A 
+    friendlyName: Invalid Self-Issued pathLenConstraint Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A518FB9EF9ABBD73
+
+bCPVUoj67Xsx51BOv9b+sk6qYULYNCbXCXzMs9Db8Aos1p3jz24J8z2RuPss3WuO
+AewIRUEoQXvJ1WomHEfON62mxw7RSi3stDFNLpQ/V1JiMv0WZzUQrIynJIXxSoGC
+rMIkBHvX3kV5FnImE1AwU1YXWwtR8Hi4vpZpQzwyEk/nR5kzVPfHmbflje8yy+aR
+ZNEpxrlpceZ3KcroyAItehWl0LbLutbFeQlWIUp8rh4O/rjoBvmiOR66FpL3KvKI
+gh8tOA575bG+dMBGOBvDFBSjP16VBxtg+goxkCBqDz3j+k7/VVP+N3FcssR5Bq/V
+3uqRLUuxQI8dsn+TY6UcGrJTNd37Lizb6z9rjxTQzGlCX6cOWeZDnmfIpyETNLOG
+e1q4/OB2ru+z2Os4N8wuBVQYFhO4RcZja5MkTut+e/gi7LS1Kpb2F5EfyllL8A6u
+BPj8HcDe51devdgojvwaq/0GwYR+DtvYfhXm0TwgqorNWhp3LTjw0ZAQxL9IX2Sb
+cBIwIR6TVIoHbFsOQUzsyZSujms7nRM3Hrmfod7Cv1gNRUJiNurQDKuOYFxj4Dlr
+vhDgQ5LxTPu2QLise8tS/a2wDhyVZ727D53n+iLSGZFEiIw2FMAZbG1nXTv46KZ1
+J/oXU7OSvKyKRroGPuXIk65yQnLcmINfgQgTeB8OpKEL4Wsyx9MHsRAMGhFLpYUI
+z6wvPis5Vi1hk0KTQOYFSRe2lRJpqAdgmxPyafRoOFwwJg1wqpqvy1kK/PHUbj/i
+r9biXV8SZ/6DBKdR9bqZm8EPzLx4Gs7ZDl2uQp/tSAuTKGPoBKzGIshMmC1/RhbP
+H8kb3uUu0VSgOQgU0d4dDkhLjYpEYRTkCcX6QFmnBG3GcNC9OyZeNvSyU3IfsTgD
+2DwPRkTF6HeLGSV9sQHM/+TQsof+wEnDEFmXdgdcMmBWzmOC8ljExx9YdWiocjz+
+NlJDEovng6ks3DNLf1xtsBDOsHarPwJG+spPQ3pwoyww9PrRYXi7VCyhxjMb+JbV
+xuxSFQiy7hdPZb3KGC95obRYXU+x+pJNaZaiU3jXMvo9UjlawHVxqr7h0pTTu/uD
+IeBshxhA1Ag/V+hd38Lm06lpM5pr6fXE73s6+ax4e+it6OEjUv8RkPSOpWcoIieD
+Ooqpruqq8KmXx1jpcxmCGyrAEGvzpFcc1/Zh/mO1G8cEpEAtEUQVhYMScKqTr0cH
+0A8Jy56wpolGumTNlMTGXFCzfemfrEchinpYJtRJzfdfcynjvtn2amrr9sgBk61L
+GL5kHYbBa+juZbIIKcRrNGZTpGkJcVgDs2hRkGQ9wjTfAmmVbDL2nSDR075u/SMC
+4wWX8JrSy2zAjN3gOxbmaJ2JlwUAqXE14TF/Lz93rJbh+bAfGhvkkaSArSX9CJbW
+c2Bv8GiHwUH2ZnFauxFJo/SrJDsvKj6AQlqn7vZS9dKrnscThEWRhC/EHWR/Y/Rc
+LYYoFX2aMNsY/xdyO1Wta52VTPBpoWHNdnEVTwhumd4wOWZj5R8l4iDWzyTxEwrU
+bCbEMR8d3sXJZI6Nmz1x8GghU/VVEItNQHS0FqwqPce9shcBpWA5+7DTjwPgYl4H
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem
deleted file mode 100644
index 317350f047..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjByMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRzBF
-BgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDXic0buOl4pV10DvAMBMgoZ3V0agmq+0F+nQLwUbtdeSIl99vQg0Mm1p7TLuBE
-ABo1EoiXuHlZCog5DA4XokYy6FpTEonY7whLXSUYYCfOzPAvG9v83mIGwoIlGyAf
-r80gVbCuYRpW2LcaqwmGiplI/k7AW4HgDPnPNoTI6wndIwIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTeKdbm40+XHQOoOqbqTeRGX4+CMDAdBgNVHQ4EFgQUq/kyDfFv0NrK
-Hsyq7J+/np0Fn38wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBADdS
-qEYYNaD9ukw0/coVvMDpPV7exx7R58ORlWTm0f/OMOI/dQv35ePIHaJCgInLtKgZ
-/e6UcxGi76E3j9oFzHjd3B9LIYeleJD5w0oASN+63KCbbtpVphjTo7KdsJUli+Cl
-WZJMNDS1X6486Y2zjJcQZ6F8SWW3+ij1o/JqEyfq
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAJ2xj97xq5PBOjaij1jBcMKFCjaRE1wlUR+5Zz8QkwCtipee
-6O1spOPGECu/sOzZ766YgD6B9GrGQsjXYGzHSxnOl8rcgpkeN99/57f2LYSLxKfc
-/qvcMvgHk6SZiGtpkYOvlLl1r1qUMedtPK29920CI0sp5sxygDaL6PgMvtoVAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFBPmjMErD2dLTHodDrbAIVokmVCEMB0GA1UdDgQW
-BBTeKdbm40+XHQOoOqbqTeRGX4+CMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAH0fkK5ieWFtKe6g/7cN3kI240vvPajxZTkTPnacLXOL4nCfA7kkHnhVVIgzP
-liF4TQ60/yMlUBSBBgTV3/AaMaSO4eZlEdLkKchYp9OwrZ9dfyKdJW3wuEFyGKpZ
-6END4vk7F87/ZyFQNkhMPLD890f4ArarDhqw5eHuFoarvxo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DE:29:D6:E6:E3:4F:97:1D:03:A8:3A:A6:EA:4D:E4:46:5F:8F:82:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:5f:f9:84:20:e3:84:f0:ea:6b:4e:78:c8:18:98:e9:17:56:
-        9b:ed:99:2f:d5:94:89:60:a0:11:82:40:e0:7f:94:0b:36:76:
-        9e:1b:88:e2:bb:e2:41:81:cd:f7:66:e4:85:e7:ad:63:d7:e0:
-        07:7a:9b:4e:54:27:76:49:c4:8d:30:07:c6:ce:6a:e4:b7:d9:
-        f5:9d:94:02:e7:91:5a:17:bb:ef:23:8a:66:20:27:cc:34:f7:
-        3f:e0:f0:57:43:1e:72:4f:2f:ac:75:48:a6:ab:74:19:95:a1:
-        a2:38:5b:3b:6d:67:4b:69:6b:01:ca:96:b0:76:83:2a:b5:1e:
-        c3:fe
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAIVf+YQg44Tw6mtOeMgYmOkXVpvtmS/VlIlgoBGCQOB/lAs2
-dp4biOK74kGBzfdm5IXnrWPX4Ad6m05UJ3ZJxI0wB8bOauS32fWdlALnkVoXu+8j
-imYgJ8w09z/g8FdDHnJPL6x1SKardBmVoaI4WzttZ0tpawHKlrB2gyq1HsP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem
new file mode 100644
index 0000000000..b33f740e03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    friendlyName: 
+    localKeyID: 26 65 4C D2 03 03 A2 AA 2D 7A D7 81 A3 81 F7 32 DA 05 2E D3 
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUcwRQYDVQQDEz5JbnZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMpH5Ypo+vnXJBia4f1mbnxhkV5cPzmsJbefrK6N19Q1
+/eCApM79FHX9P+kh0bZnbdbjXiUKwNsQc9JAG1Il66+qu9bfOvF73Au7qAvYH4Yh
+bAvpARaQZD9sIXjUfOY1t4NK6uRdNOSoykfpVqwa2GhsI2NfVgKNzJj4HwO2/k2c
+qcOUTds82VbcOHM9Z9AcXwK4TvQo6gUs0HkNNXVO7Vj3+Y4JXG5BFG0K0xoJT1tj
+M4ZKn1z29+TOkIDoYD9qM2ZGVMGhDLam2+OXM/f/d6C3eVGMBc4wLPYZxwnExrwY
+07GQUBn6dgM2DVMY7BDVqQG8frfDa4kIZ+vZzD9BoysCAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUIHf+TDCN4rNRHY+w9xx/HYOYDkcwHQYDVR0OBBYEFBdp3Tg8vwRCOWFC
+TfeJoRRkfWArMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEABr0a
+hM0sHQk9v6Z/9xK3gKE0iphqV5SrOUgtJz/DBzm2VapDSY0No7dTsSweTR8toL4f
+1ynzt3V8u3NP4Se82nphDaFD2eaUDnGWcFCj604pfhlt+rJtjF1mWgWAy6HQP2qf
+5+jhDE+S0AqqlOwlkj4wVEVlodDTUJyeU54kR2aUIXMTs/OD2PtNJ+7w0Sl9UspB
+SBuiJ964Qi+MdZRoFOpYCR3avVagU3CpURNyLm/l5rNu15sbnpFLhCsDx2jffIGP
+yikRtq3rrmY/xeGj4lX06KJkOCa6jAjlZEjlOPDXWOZtx93nowyliPZI1yjVfCYj
+zVx3huyEnj+ozMCnlA==
+-----END CERTIFICATE-----
+Bag Attributes
+    friendlyName: 
+    localKeyID: 26 65 4C D2 03 03 A2 AA 2D 7A D7 81 A3 81 F7 32 DA 05 2E D3 
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,450C5A5904CAA6E4
+
+qgynPJ6g496fN3uZ6Wnmbobkj52yLp9F8A3yI+fjFvmrIdQuqsLS2h4bbItcHhvk
+ohe6axiG+WIkOrdzfjkPq53PbTdZ1/aW2AkKFcF8D6lQJFM678lYQpQq64m7h3Rq
+bLr9ood2HzXoKVh0b4lVSICXXyEj43WPPnkRQ8w2gSX93Ts+Yf/JEEr8E2u4div1
+6dkX8ifdp7vTt9ocCPTySRE7R3AAJX3sxBjTK/XCR8AHllQIRIVzsOQrq7kKCjcS
+1SZT9v3GLdyKKfsur5bNuHBaAv/B4UvNTlfsOcX4ul/MEet2cylhvIlhoNkvGCT5
+YgyelRm8IQ1hL+KNFIOWzomaDXETJBjpycHNg/RbhBcJf5pfb5tJNU0m3xPKsq2Y
+ZcSrmddcdICbgedZXaqYTkxrgl5cpdJG0OztIgXTw8WWhAe8LgLsjQ2W3T1+mBFL
+hKRzqXUgR0PHRwTvgJYHS36UWkSU8BUb3L1076CFssmdxKZe4ptiMIFQoDZqfv+0
+pY7RCCC2AoaaBR540myOWV/FgiQu6DP/KhFcqHa/Ba1LXJ9r1qgbZ+uGpZnZ1dOY
+7dtwcoLTBR3PUlp5BIzeWW2eDZuBE2pHmFhxiJlozmvN/ClKEO91SZ+RWEEnlu6s
+kWSYNUQSXrcrjBzfXserdVqYF8DU0qceFKwaX6dCYEkYQT0BEE/3/6d8PeygGzuJ
+fFKecRVK+vO36cXvxXIDVt2GRVZ9bo23yQRp+afNGQhJfjwwWOrjCaw6QM+cld+p
+nybgnPmkzMRhvAuz0r8qyc+gbiuiYIgGkP6a0QLWPz0UfdT1LtlVGd5Lkw1+0zsW
+mvaW4y+RqIzLqkOqlZ69N3e0OyKe4lB8znpCWYsmGCh/ZiMzIzFt7fxklbwcL/nx
+4Lbecqy19V4rbxmWQET5kHgh5T24TfYjuo+63f0s7pfiHTpXW7ledqdN+kWpXrt5
+p6aWCRuQMTpKvGCJUP4a/zj8ENrtiqv1+yHcyXTq1oILUrHnyxzBR2dwAZiRuZNf
+UJQzF//0g2XHbzjU4jgSmo34FC16mTSy5s6RfOwvBi+UGlInpVSo7Zrc9GZG346m
+Xvf1y9FY5ijOWKcW/EeL5Zwuvp7BFtA/jGSTFWZNbfOrpwvLTRibyjZNpzfg3lEZ
+w5i0SZpmi0elv8fiZuHfepdapbhu2lMIZS8nozbIDcsCFSI+4L47BQuuQYt4mLnx
+i/MwIS1xc/VLY99EqVw59meXjtmbCniX7LGjYRcE2bBJxTjH4lLfLMZ9FWSciom1
+Pqb2CHlMr8wEAamuKkqck5f2NskJn0svrz8gGHsdA15vmZ30Dnvwt2GxP9dB1F0J
+NgqlUdYNkbXE/czDp1RWygNgRgjAM3Vm6cwrtaiFLULbAvVio/fSfm4WVQXkKR4u
+wg//bgbIiLJc/u33LOaUiRBtNcsGoXSBF+Wy+4k681pzAGbNi4hWUS2eY77z8w0q
+5kKmemOpt1RWirmJMEbw5jZJGPY0Y1eKnGpwAKCXOQxHCpnGAslHlS5foSo1VHEq
+Vj0Ts24KKqUGNXxvKBaCMy4ZeycuWVUK1Vw6nfoeskq6422jkHev/azgbOXxdyRP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem
deleted file mode 100644
index d87c1081b1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjByMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRzBF
-BgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDJsMQQW4ogbj2q9WRWxOqmrcy6BVtHesg3yJh2pcqzUxvNGZWtrZ3M/JI82WbD
-Ns4kgihlmrZZH3sZhjzcdMw/+m05p+rvy7//zB6P1qCRraiYdNJHquzG/7HSnf6f
-i6GdUBsK6YzhP7MtTwfpwVRIUepSCNPIXMVlbIqmh+7fdwIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTTC/BpEgViARafFwSWNmeHq7iGMDAdBgNVHQ4EFgQUjuHoODqDJSoy
-729WEoyqq6oPRNYwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAKvn
-C5ifYeQnv76PvBmEmSAh1whhdRDKTrua+Zl86HgUZZY7/NJl3ny9FyJr0kE9DAN9
-+KRem7jju5ciq8gEwArflK87sdGcpAIq+jiPbGFnD698w7EANZIhIefy3d+lcB6k
-LWpjLAY3+ontoTQAB+/iTBtv4mXMzEh/M7kC3CSC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAJ2xj97xq5PBOjaij1jBcMKFCjaRE1wlUR+5Zz8QkwCtipee
-6O1spOPGECu/sOzZ766YgD6B9GrGQsjXYGzHSxnOl8rcgpkeN99/57f2LYSLxKfc
-/qvcMvgHk6SZiGtpkYOvlLl1r1qUMedtPK29920CI0sp5sxygDaL6PgMvtoVAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFBPmjMErD2dLTHodDrbAIVokmVCEMB0GA1UdDgQW
-BBTeKdbm40+XHQOoOqbqTeRGX4+CMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAH0fkK5ieWFtKe6g/7cN3kI240vvPajxZTkTPnacLXOL4nCfA7kkHnhVVIgzP
-liF4TQ60/yMlUBSBBgTV3/AaMaSO4eZlEdLkKchYp9OwrZ9dfyKdJW3wuEFyGKpZ
-6END4vk7F87/ZyFQNkhMPLD890f4ArarDhqw5eHuFoarvxo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANKdKlFcL/bTvKva2ieqdnoU22tpCEtz1o0HfL/Pz/O0
-4DV5ZVG6hKXh69ev5TjepWl25LTNShr/q+MzVRAEaZ2nxmlAcK9/bneomo1JEuyi
-nE2YDexqxrA8mvilh7k7KF88FBLM6x62rRoW5Pa3rImUa7BruBnOVENN9FiT+Bzr
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMB0GA1Ud
-DgQWBBTTC/BpEgViARafFwSWNmeHq7iGMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAG301e612hE7Pdkp3cuJYqwZjTc3NpGnxXnr9uwU44o7qHInBBN0S9GDe
-L++I1sIIiGLIeCflVfEsrGNpkRdHUM2fpfAR7iI0fOfQE7bnAxzFMRyVXXnBoTu/
-N6DupbEncPs47o/raseXsxSBteu7BkiORxBEOXxGtbCktIZ+tRk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DE:29:D6:E6:E3:4F:97:1D:03:A8:3A:A6:EA:4D:E4:46:5F:8F:82:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:5f:f9:84:20:e3:84:f0:ea:6b:4e:78:c8:18:98:e9:17:56:
-        9b:ed:99:2f:d5:94:89:60:a0:11:82:40:e0:7f:94:0b:36:76:
-        9e:1b:88:e2:bb:e2:41:81:cd:f7:66:e4:85:e7:ad:63:d7:e0:
-        07:7a:9b:4e:54:27:76:49:c4:8d:30:07:c6:ce:6a:e4:b7:d9:
-        f5:9d:94:02:e7:91:5a:17:bb:ef:23:8a:66:20:27:cc:34:f7:
-        3f:e0:f0:57:43:1e:72:4f:2f:ac:75:48:a6:ab:74:19:95:a1:
-        a2:38:5b:3b:6d:67:4b:69:6b:01:ca:96:b0:76:83:2a:b5:1e:
-        c3:fe
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAIVf+YQg44Tw6mtOeMgYmOkXVpvtmS/VlIlgoBGCQOB/lAs2
-dp4biOK74kGBzfdm5IXnrWPX4Ad6m05UJ3ZJxI0wB8bOauS32fWdlALnkVoXu+8j
-imYgJ8w09z/g8FdDHnJPL6x1SKardBmVoaI4WzttZ0tpawHKlrB2gyq1HsP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem
new file mode 100644
index 0000000000..6c39f75247
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D6 2A B2 F2 66 0C 2C 58 01 B2 A2 CB E5 34 90 29 F7 A6 DB 9D 
+    friendlyName: Invalid Self-Issued requireExplicitPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUcwRQYDVQQDEz5JbnZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMy56QuuWL4z4T/hWo/3VB/kVEeDeGVv1rUBciSdtpBc
+G+dYzJ0Y4IhU5rTLKjCPgL9NWXJAlZ1xCHG1NKDtNXKhXFtWUBvjGg8cVn0K3g8Y
+FMOR9rxiDaXyzTQSBSMhUXfyc+T93eyt5OdlKSh5dljxtLI4L3UZunZ31hqCOxTd
+N41T7S7XBKlmFnh+ICv44ApWOxndOjY6X72Yfgn1JOaz52YyDDRK/fLzSevInhee
+IJVfWEqj3nSZ4SK1AFGID8JK5yxhtO/aa0M92TYNCBZDJb+Ow1aA1sS1gAt94kwV
+4l+VBqmLyJehvfNfH3zYDGLDN0AQ1Pt6bsuEu05JrKECAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUSQpnYVZHjdJZl68iZjBRd1Cq3KIwHQYDVR0OBBYEFMgulWC04OIHYKL5
+NsodeizMbr+rMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAPXjo
+buDiYyD2GJrx/C5uDJWDWnvG8RQpPaPjexNQqyOXqopA8g/64QkBZHnzfDtsxmIo
+182199sp8LhA0IK1kOktpKdDwpVdwavDHmVwEdEBSaz9JL7kRUHZ7ui+Z9Ka/gi+
+/RyBOqMfVrugxdru0CthfGAtap7OpADZcbactgL6/F+jMgHhGQDkSY8fe3Dg+JvR
+BLW42PItCICC1LvD45w7oVHVgnQlgYfJhxf6ZKKqy5oHeOtpX6FMqs7TZ1+6V+qV
+9wGpYNk812vN8AykTv8MO6iTOoafhfTSDB8vuxSBA6ilQ8BXOzgf7iBGUedKAiDo
+Xf9GhVMsdvLU83Eogg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 2A B2 F2 66 0C 2C 58 01 B2 A2 CB E5 34 90 29 F7 A6 DB 9D 
+    friendlyName: Invalid Self-Issued requireExplicitPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FE0DD66672C2306
+
+8Gn+x7A90lItKcrrp3OBpBvu1rQQRDWKvaHtLjjiX1WE1Wibym1iJfY0dq9ARYYf
+R/97+Bdrw3pufmLgOiFOKUpKFnDBWb4mgXOrkB1QK9s7E8v4PQFF2Sjhr408B4zp
+2obPk5j+snftrBhtNFsqnxcXdpmYXmO1RYys6LztVyg604OPpyQXTk5Gj49ZZjJt
++rS7r0Ecuy8SOXrR6rhPGLqS/fKd8b/36hI5x1nXKDkX02EwMksffpdufg2P6UGk
+7yXYriDXo2LDD4e8V4QwqbO2G5DYxIqqVoNgwnMyXMSsUPRLfESBKgKw730lCCps
+GOwD4Ae1B8Inr0Hsf9/bsQ3Ll9tgFHle4K0y3Kx6MRia1r+SZ4c6mjbjWXzMw7MJ
+s+66X6OqrrBs1NX7TfWD29NsYDOAv6fyheQo4FKYXMRSx43kr2N+fBZWsU2VKJ1C
+FvAO4W0zd9WsbZYKVaMZq7pT6I/+ZepE9tvMXeOTUm+3wTPcfIjcEq3JD9paOSYh
+92+JRCcW/KKGd+WPeUJR5HEoxnLi3uQHhBriG84xWEYSm/NMJFENFLPS144/K8D0
+PERXi5jqoB+TLS9NHcZgGmmW4tVUi5SqGURXArHdyN97wkh+wuisa8yDYPO1A5lH
+DghmYj8u1BpX9VCWgJGPN+IQJYea2gnoYIPXxy4p6xB6v+k4WytVzlkCVocWf/7a
+1ZgdbeOF9JKEYDmzV8gJLYDF05TONI9tN1czfcUReRHINp2WvMdoyup7n8JPbckg
+OcVnrUc7GyQNQMkCHDT81UTTgLOZJBfN20JCFqZRGAAtFavkE7uy+lP4UCLYrAsr
+pvw6MTdvJKbO/4vZey82M9mjwplCJrGNvwjhZLx/xcjPrOqjOUCTgEfuQphfv4yG
+s0zFzfq4wA9n9ecApPfkGl417/S+YST7sWSV+MsOxm92bQCk5rHyI7zENvTgfuvr
+L0+9Ld8mTUgS09Rl1IBxuA9KLJSK6dDjguxBS9uRoeGCm5IlDFZlqZ6hxR8K9gpn
+Io4ZbhBXbErk5DHpo4f6TgMPJtUmsvHq+V3mlybyFb6eLZyf/xMV31fOK7+bwa9V
+4F4ynGHiLxjy1hsHKwNqJvnFCx2Pq4Ps6fu8TEQ8zZ4QPgoeUdA45gp9e8pd7GUK
+Q/ikA8gq9JOpLb4ha1F73fDDu/eKQcaAOj/ddA3hJERfjMLUjn4PgeT5cfi+eNr9
+EIe0Gtg+7sS8bMmLZTN/TzpI2MYpEarIyAo4K3cLLZv2bsq70USTe+m1YSuqSQqu
+FaJW2NQTivug2pksUEkbXwAs3UoX3c2re4m9dLwtKmjoezaq0qYBydOQ0MlSlD33
+ssAd9Hi9ghURMGE6KqXZfGmXh6GWe7sT1eSsvCnwMkZOxMyZDunv+QsJSTUWoNWt
+NHqe9bA2DVTnxrLK2HwL2+4PX0Y1CkanADx//+seTPbeYVmkdGhHXMg4ZjXgsNie
+POVSEqQ0MkSYMjQtqMNJPnckMqCw1RWdZ2OQ7qIL6tSR9TV+sFqGSINGwGR5oLRR
+8Y5iwuytQ1NpwQ7GJu0cr4t1MOZ9GcnmK7Nu727vsyaXVCtaM8qqEPtrfZ49YCGH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem
deleted file mode 100644
index 8850f5ee64..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBZjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzpVbQYnufknoy1tKbCSY840pKcfP2S+jFm6OFC9hzkLFn9uiYzCV
-rCjczQI8lFfM/4p9rUApMIgp4IUAxCOEcgJuKPKmiuoTwPD9XxbmZ/uv+iaLXqF+
-QVcbDGouj0z6RMNz3KGtf0pbgg+/+/wIK4c0XOIM9wTSK0aJVqweAnECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIr9
-Qil7WXhSSvdIHHG3xHGKplfbMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAo0h6slmGQJsCsth+yeyOMK3j
-2CqJ9gEajx3fWs7x2JJ8LM4zfbFFYctGPKpXdGRBTO8Dj9lQJCr7i1IMMHTitTa/
-xpjn8E0SQgzvkB/0BnSt7DiwV0LXCdtBlLxOS2Fw9NdvbE7jsuBK2W4KDOPElhHJ
-TKQ0T3TjKv8gwxTq8mw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtI4Yuumg8WznOojgeWHVZxG23imfdB9ntiQccDxAnvywEfQv6Vlq
-HNVQ5vsVQfvfUZCad2Nbf42DHRtpmVhlxIhKBjoNu/m6xdvz/A6/kvDvrEg+7M7N
-A2ZRVI0T3Z/mMaPuLHuCzKwU20TF6NonxgZXIbATrppAqRUfSY+UQCsCAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJtc
-UbwiJzEiQJQJJf/Pg3mto4EZMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBs
-BZsxRaZk1qx3balE6qmVZd7jG6C9Gg/n+I5QfXR75ZIus+0Y6GAviBzywvJ8CDZ3
-kIOOrYolpnycedLS17Jnv4D/IDP6OwvmT6/0XvforKDQlmAk6ioJBRAwHRDYHBZg
-lj8FXyMNUS313Un0l2FXJBhfJNBqb1ZqYwWcmJ2t+w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test20
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBzMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxSDBGBgNVBAMTP0ludmFsaWQgU2VwYXJhdGUgQ2VydGlmaWNhdGUgYW5k
-IENSTCBLZXlzIEVFIENlcnRpZmljYXRlIFRlc3QyMDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA19qbNR+soft39JVcTiKn2OTKmaGswAGUpi1lZGYOE4O7xiq9
-FIlSEq2xDeNXvcOEx0GFhZxKefbPzGp8mxtaGpfnV17G1SS/dCxeGZL4D8FUGlzg
-Q0GmhbMZvgroxNvGQD6X/+kdpA34fc6mtgHcR94KE+O5sYTKO4MhqLczr7cCAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUm1xRvCInMSJAlAkl/8+Dea2jgRkwHQYDVR0OBBYE
-FDep7bd0aDt8e8YpJLYhvRpdGYqPMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAAMSu/B2VpmHV3q3fxUJ3
-7MbeT000oqwthzAG8xJUMten8hTYui0iB5EdxQXBnai07+ZHPBKZVSu6kya/W/zU
-PbSkjS5Agq5eVUDUjCnuVkjOwQsZGA4V86i3oLxyrYeUgmxUSl2/O2tbonLm2u7o
-jkncAUpUj+Sk1N2wFIiBenI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8A:FD:42:29:7B:59:78:52:4A:F7:48:1C:71:B7:C4:71:8A:A6:57:DB
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:7f:8e:79:fc:1e:57:0e:34:9e:bc:05:3c:28:df:90:bb:1f:
-        c7:f4:6a:a1:95:51:f1:d2:b4:1f:3a:64:41:35:b6:42:62:b7:
-        e7:14:1c:bf:0b:ed:6b:ca:f6:4c:c9:a7:48:ab:42:9e:04:9e:
-        0a:b5:f1:86:99:0f:b1:7e:6e:dd:d6:a6:b3:b1:3f:fc:79:6a:
-        bf:f0:39:3f:03:ac:69:15:b5:2f:5a:17:12:64:8b:e9:46:9f:
-        82:09:f2:09:91:90:b4:fd:56:a1:ab:04:79:a0:17:33:26:c6:
-        49:6a:96:d9:42:8b:44:a5:ed:ad:69:82:63:78:8e:e7:96:1d:
-        17:2d
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowIjAgAgECFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1Ud
-IwQYMBaAFIr9Qil7WXhSSvdIHHG3xHGKplfbMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAV/jnn8HlcONJ68BTwo35C7H8f0aqGVUfHStB86ZEE1tkJit+cU
-HL8L7WvK9kzJp0irQp4Engq18YaZD7F+bt3WprOxP/x5ar/wOT8DrGkVtS9aFxJk
-i+lGn4IJ8gmRkLT9VqGrBHmgFzMmxklqltlCi0Sl7a1pgmN4jueWHRct
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem
new file mode 100644
index 0000000000..99c9ac1734
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D7 96 E0 4A FD 8C 92 2F 28 EB F9 C9 A3 99 B0 57 7B 21 8E ED 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUgwRgYDVQQDEz9JbnZhbGlkIFNlcGFyYXRlIENlcnRp
+ZmljYXRlIGFuZCBDUkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjAwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy9hAZ7ztyJhNh2rSY+hM5b60feX34
+EeKvDgFGMYroiDVjUnlDnvdS0bIDNbw2FPl1ArAutE8uxS6uu682pT15YJXGXUDV
+rgW+/IKHUDXOvoXL+CsaykJQv2Ev5L//GKsL1m9XsClk++WHcZoB+9CmV9rvWQkV
+OzOY2H+Ql8uCtaFb2bPEB5+p2z+wcRYG+flPR7g5VlzTjOeim6mH3g+KpPTl9CMR
+1QLFhkrJiSIKJCo/v1vSOHG7ZwVgwgwsS8+MJcA1syIhPktec8misa/3X22w7KeI
+/teFMGIfXfPQNhYRsz9KU8l48H+zLmBJr/8eJQcl0sYOZ6GHQDrYpBpDAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFPBl2j8aF1re1bZImTsXFBDXTBSkMB0GA1UdDgQWBBQm
+qTfRPNZ64UsoODQnQmbEedR80jAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBmHeWnPEFJr+PH5Qpxg/Kw
+jlLc1+sL/wVjqMyYsL2xZxalijHZaYrW48cT6fuLkOMLEZaJaXRu0rj+mTY6rhmu
+ZOpBA+rBaHFlC41h+z2sWmutmSbZPQuhqTzH3/5+8NKVgnpTdV0WElzqfC+vOjZ9
+3Etny1E5GpdwwOUZEcKW6xqhUCysVY9zJzWhMPCvs9GJaQbjAG2X8Sz0o5boSVux
+PX8oftrzRx4uAbAPDX/UCWpcOmLaBYqVxZEjyz3cqO3IPgwMifSggtlKFxsRVS37
+mu2+InNHi6pWLxFTgNRkK0tdEjpORbacDZwkWUWE89WtJ84WEgLuCZEO3kCepZuy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 96 E0 4A FD 8C 92 2F 28 EB F9 C9 A3 99 B0 57 7B 21 8E ED 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EA55018A4C99C6A
+
+CQpOARkAEerLL+qYOQp9l2E9YcuNSOSPXcGnP0qV3KzZhC3LIHnVwVZu2htiwhZ4
+Qn8yddIzJKLm87TEmsMOV0Hp2Oz5XFbaNTbai92/EdNgu1MVp78SEqkr5STHyvmc
+yLREBia+D43509LGNRKAk610qUNf+RJ/mIGfiweEQITd435G2C5G4uKRUj6Zo6mB
+E0WYA36b27/RWPsjikQHKw8BkgMgc8Tc22vOfESUzx6Q8QAQ905QFAnOv5zrAsd2
+CjVL0XudrZXn+wDg9V1x9mvPdV8YEtA3j03L+ajSmYvafKqw6o0YW6hlxtwIZKnn
+MNn6CXVQ9J6fih9r+GAs0ouwk4l2y7Dxj3iL/WlEJE91y5YUpuwEPqihNVx2jJht
+5O30u+HXVypznzMirPLjuX7ORJF30r4rIzVu1KORYuvK5JY7741o2qCsDOCOJVQ3
+JB4v3aRxJoghUdzUwHtLWRMD+AAZ48bOr8pMcx2y1wCGBqQEyTt9ASUBR/lixfeH
+slm5KK02kB15V2RYiPpCeJ6wpHYueX6Tbwy0lxT9PTPOxE+NE5u5plfllU8tL8t1
+7ZB+olVdEVkmoZ+xGTySkRa3QC80gx9IzqcAprHlnfdWq2i9k4THDfDMxickEYxA
++ufhOI2iXe3apBs7Wa9caNuNwIfdziZ2/bc+hbJlJdPOsxGdk10ASAofk+7TkY41
+ntCNTPaa82AM8hTymWpK8yU5oKGzEV/4c2A9pLEEX36vi+D7/mJhs2gijNKA63UN
+aZfBfta43AKCoEpsgf5ijBtK9x+9lyjIQNYpG0o3s1b42K6g4q/DmjUHSJzFqBro
+7QGMbFtrdLfxehbhOLJa3U2+eCT2/nXx1xErzQIyUq7X+vxgcPEVJT1uEzg/9NoJ
+4v0w78L8izWg5nGEAVeQ4p9UHBSA6NQs2xrsfilUMWkbRLmRdYLFCzFjBhhJ4rcN
+ty+ZWj5xbcK7p2ix8rRDDpV8AHJ39+g+vHvTeZTxtjKw5yltcaF21IJPzrV85Q0O
+UTIRBiPIy8pI0j+JglRdS9WkIl4MSryC6lWLyk3bI1mbYwOuSxnP5F/j+L1F/mXu
+8GLaEIjqGvM9Jgm2wQ7hMdEdevy+FIF85cHUfUgKM9nIEWseV1lrIa7pgb3PwpUj
+cYaqzfu7ml3r5oVIXRQMsnQx+S8PC7agYmmTTDelgz14qhmjFIQTiktnCSCflBfE
+trcxcTfWSb7pRQzpkWOXGPQBvAiKtZnzWwbJkJ0uKfz3C98N6WjOi2RgvYvfGc3D
+2Dc+8yX++Q3V9TAI3o0wMDnvIgFBK8e9vmg/DYtBGWQ1+8VWM1ExTIzFRNTjvyxz
+fE8b8c+wO0rivUrRT+L3f9b0jxsj710DPZAfTI8bESvlSBujeX4GHyVEpqyz/Tf7
+J+H6G8mQqsj9lGrhKjf6E/RF+aPgqAh6GLRAdv703ySNLec71LMrWI8D6dmfNiB5
+J9wlJwVNr84SFdr6LtfliVUWvQK5QaGm0trFgidDvSxmGRLUw65VHfXtZwsrbUPi
+KFZBezCmGvPODOvRoA+8U5wbsSnErBceW32bSoPEcyNB3pNsLlNu6Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem
deleted file mode 100644
index 10fae293df..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem
+++ /dev/null
@@ -1,129 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBaDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAkE8ewG6H/K9jn0Mr7uh5z08m2Q6L7j8F5TVV2RmRs5Pg7bhbYp84
-NplFussZhcF8atUil4VjtO7lRP7tJU1+whPYfXiGfJD4zPT/Xm6lmDdSFc8R2y0q
-tzJgoGWHlJgV//Pqd+n+UOLGZ5zGu6RW032gStSaTqwSKJZb4teHKEECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFFX8
-0tqrZMOyYTeQKZ7TKM9hKhqnMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAQED5V5G6uHHjObLE3i2wzZcA
-u6p/+2z2HqalTsdJp8Nrbi6HIYSknqTJISfZtamnd7a5yoevYv6NCt2pE35uXibI
-4RppXx1RfRHygFa/owUulclmTIfUnF2OqAvKJ2kIHyaEaS4xOZsH2czU9tHC63Nf
-ps1BS8MMZbABdGW8398=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA3KYLjNA57lhgkT+vLnGuU5pyEDLnM+ziS9ieLUKICACgJVoWIffi
-mlCwAibbpcCvUUXOXuJafNB0BrgRf40KooyTOQJUckIm4UsMNuth0c0rkM0uT8sO
-dzfZ2OmD4or6Og4QQlHHFnSJJ/Z8sELlzOot8jb1LmpNW+j9DamSUq8CAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFLgZ
-mHzJeDS0JL5/mP3lo87ejVq+MA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCt
-w82gQMooCa5xgbsT0eM6FUdx767nks7Ty/HLHe0EJ6NwKxIV1JQ7QO1A9+B/i3oX
-I4bStXzp7xb6I0F+9vkpjDf/rOLN384olQ5WMvck2yiud7606uYPGPKNY5pK2KbP
-Au452W+m5r1g5hzg7Cp/VolIepWLazfVISLk/D3EuA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test21
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBzMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxSDBGBgNVBAMTP0ludmFsaWQgU2VwYXJhdGUgQ2VydGlmaWNhdGUgYW5k
-IENSTCBLZXlzIEVFIENlcnRpZmljYXRlIFRlc3QyMTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAz5LVC14LIVOAWSDaOhj3dMdR3uhZoXO8IIu2MptactPNTm0y
-vKDMchcc9c33HActpSJH6vGOrl1DWTMfFv7g+lAfhxAyD7/Pe+MY82bUCee/2y3M
-5hlk9MlVlFKCuZ3w3GST1bOxnwIunLQ3OuZw90o88OWQ56udtd1pDlFSs3sCAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUuBmYfMl4NLQkvn+Y/eWjzt6NWr4wHQYDVR0OBBYE
-FIRTaV2lGD+eaFK3LoplVXGjlEG0MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAX8GUnKuy9YrVyKYhWiNY
-XXNHf78GfFyK+477KeBSUdNQlX3swh3jQZAMgEY0hy/SrunP4TcO/G9Wba1y+O3T
-dO7bBLaMNHNcbnfJZL7py11wtl0BryXFbQWeWQulRw/8AohgtrAzhz4C6KCNZBKl
-x5j9BiH1ClsZAQMLLFjZYEk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:55:FC:D2:DA:AB:64:C3:B2:61:37:90:29:9E:D3:28:CF:61:2A:1A:A7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:25:e2:82:ca:46:5a:88:06:0d:a4:bb:97:86:32:d8:a0:c7:
-        8e:04:6d:f3:43:05:d5:a5:e3:87:f6:6f:19:5a:56:49:87:15:
-        c1:f8:26:67:e2:ec:28:c3:e1:3f:ab:aa:ed:3f:40:9a:0d:e0:
-        16:22:47:ba:3a:c2:b4:ff:ea:5d:80:82:df:68:0d:ad:b0:11:
-        bd:15:3c:1d:1c:56:87:81:2e:d4:e8:cf:53:ac:c0:41:fa:5d:
-        22:53:3c:f5:6e:25:e4:8f:43:59:c8:17:22:4f:13:da:38:55:
-        dd:92:d3:b0:23:27:8e:c5:85:35:1e:28:e2:a7:6b:79:f9:25:
-        43:ee
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFFX80tqrZMOyYTeQKZ7TKM9hKhqnMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBAHMl4oLKRlqIBg2ku5eGMtigx44EbfNDBdWl
-44f2bxlaVkmHFcH4Jmfi7CjD4T+rqu0/QJoN4BYiR7o6wrT/6l2Agt9oDa2wEb0V
-PB0cVoeBLtToz1OswEH6XSJTPPVuJeSPQ1nIFyJPE9o4Vd2S07AjJ47FhTUeKOKn
-a3n5JUPu
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem
new file mode 100644
index 0000000000..7979fc7e21
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F4 5E 46 CB DF 93 A7 E4 A7 49 A0 16 D6 07 DD 5F 5B 7A F2 38 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUgwRgYDVQQDEz9JbnZhbGlkIFNlcGFyYXRlIENlcnRp
+ZmljYXRlIGFuZCBDUkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjEwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4eso2FdVu4KMbGh5ZSUiUNKvacwKd
+xo+zNg9SrAdzpn+b6f1MroSAsBHEt6nKNF2CxLET40hRCUzV/YWVIfSLhnA4J685
+PcSwahhEUdO0b0yHpre8eH4jzvccREjJYfY0GlMc4w0IwQ4GHFlazUZ0lSWyC8vQ
+OgldRnRIRwODBtaQeTe3Q18A14M1bvrhnyUcj55QzqOrHLLrN+e86TV5bIs0Ju1n
+9OmT9CiA4sQt4clJUWpKSfE92tMRN7MTQiSYQA6s25+TgAOJUVsrwHsqXKmLYN8n
+r5wJyCaZP+0m6t4OmYLIY1VL3Jecg9sgQMoyX+Rn/in5y8mrYDo0FhOnAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFDijFoE4jhhORX8H9hGi4kBnm3TgMB0GA1UdDgQWBBQY
+XHzOUCQFF6+ld+krVQWdvRm5fTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBTLc/iHmqWng5utaXE8hhP
+V3alhBweT+f8to1OhLB/2uwsFS2IUWtcalvNsfJQ6uxRzuC4Yomalxj/fHBUr5pT
+SnPlz+ToE+7Ic6rJ1UJrweZ+6t43+wgvpUVPj5kaCngZZ6qzHLd+kiaVHc2GQF9C
+/OZoBcY0AUvRDlvICdxlR0CLJXIvJG5mr0ypqS/zm0U70HDVgRkt2YX/uUbP2l2r
+ZUF2rnpVVjB3lyD3bweR6pJ3nKCdjf+LMKtDyWYow2o68NlQUArJdVqRdWCBsPJn
+923k+3wXHxmlYphFLXKrpzfvsnawWQZih/g/Vo1NQrbNeYEQu0x/WDoV1f6H1eba
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F4 5E 46 CB DF 93 A7 E4 A7 49 A0 16 D6 07 DD 5F 5B 7A F2 38 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0201561735544790
+
+j71gmSgbPl7vHaG1iNScu8Fu8xpELkYq1CswaVOepZlXZk7seVupIl3gLzPBNLa0
+3YRX75NT6IZNKvzoKFcV0kwCpgZ0KFTahZbBpkzhdVnjE8C6Te9HB8OvtZlhP9z1
+6hHNcyCtoqB99PFLklIoTm52QXNN1hUIEfNIWFL/lZ00df3u/7Iq4gBhezIdSeQR
+JzPyTt8ymxMcFS+cdb/FvyIlgWoKDJ2KVl/+0KI38FMTGXIN0gdoJayRMfR/kx9i
+y9BmbWWvlXTr+bwOuCtw7Vr/RNynCa7YsJB10FnBDvvONFu/vzRNhAwsC4efuTVd
+ash4mKMKSNgALDS8y/vMpC1j7+cN7xNhxCAyI/RLVVc943NnxMK75G8q+C4rWCaH
+39/8aDAOLhUib7VMGgtPAvKWJXoTLqG0LRZIbmWYeeiEciqdgg0nEYVQ+0ycCakX
+zFwLfrLTYI1oMDVRJ24M5gLjO38kThlmzsxPyXLMAE01TENweoV/XkQ20NSnzP2x
+Tr8Sw6I2/o6PBZ0denVl1RER8VfeZd4K/PPXfQuC3bXOkHl1DCJxyuzrlhXI9e9U
+VADhdE4fACaq5PBLQNnDKNZEfO8L6AgCO0CixnoY+/fI/xQz5XDr6N+UFvwUNnW8
+fvwFyXKDLGIRRlO0xRtXHuqGiVbyDW5chziPqAuoODroA4+cA6DGk/pdTW8oicOB
+MYTtJL7v0yBwU3xDdflRXneJxPhAlbTYfrA9q4iM8BPoD7HSHuBd6jxMizUHN+7z
+GP+UpTvK/ulKF1gc55M9G9MpxLlMW7AIwe0oiZhv6oZLG7JeymuPoKtbzooIRqtL
+uXAEynKHPkNs00IwQ4S95uwjkv5gKKo8gNuG3X0lclle+9ZED6MCPxBN2+3xjBsi
+Jw3hQAG1W/D0sPlVS95gDQO8RntpMlV5CeRKBEgE+Psrsz5rbDtV2nd0o6ywCHGX
+gxS1qMLdXgsXVEzVhi1o01DSpuFPMZnV/Yx7mzG5wCB6Hwxqp/dOKQ7bOZy9MCtg
+6vjmoV+ftEbovwX6HxcTtvnxEfpDmTvhuvX/nnI4guFIthL+EACQnIgwYnUMhiMx
+CXCX56FdxqldA/Q+o8+XpnpoDl+v+d50kCOZKCPBGlWh5YUZD40OyFKQH8mmPKu5
+1TgwgzK2TC+qV1zZEA54fNsA0l8APfhjt9/3KGxxsReuHw/uMJkbY/NM/+pmCYAr
+uxzW7pxKT8EdqH5FsVj59OJegfK5adzS++VO5MffS/xA6pGsK3Jot5UOpW/FodTr
+xJMCuxTUi1TSXTRP06VmbGpQKy5kVHkNPeZyGP8KzV8EAwdZUIZPAuhgmiPaXFCO
+WFfjKcrYgi0p+2P3wsa83aSHsH8wUchQLGIADJMGkwA388lufE5OL2CEz9HJ2xpC
+nV8F0E4q3g/m8R+aRIVXWsnf1SD0FX8SA3NRWOggIdaHmd65V03c46a5dQtGASt+
+cwIrx44UWggJyZ6iwmmPo+eKK2Sc/fVbm3r0TVcDCta3flUda+uN+ZUEishDzok5
+W5Q3yy/nlsHJkLUo0JSWRq5fSRMAq22XyvVoMmX9EXFUyfVsTgO4gw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem
deleted file mode 100644
index 8cda2ecdb0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBSDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKxL9gyE
-2WbKCoEEU+RviucDsSOeDHQfoVxci7AD0RhpGDZkMaDQhM+DUHywwIo9zUpLVeGi
-xQNu1+1bQ4SzVBT6k7vcf8ZxPOUI+8WQzMNO5H2/PGz3XGpfIw/RJrRH79ICwZlC
-6QzvSbLJhOtJTQS9kFTECA4AeBzHEN3f0igTAgMBAAGjgaYwgaMwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKwdFrpLHgtf4rxhruHZ
-ZFp5vkXWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4YVLnRlc3RjZXJ0aWZp
-Y2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAHbVqbpvjgN0GV8abRGms01xVNHT
-PtqMarG3/zQImm9xDzqUqv81kX/8DOy9I/lo3Mvp83M9B74mEEiTTnxkYEpaSouE
-fE3/VAW8dTJb35NeZcOCNWDQv3eA7bufOVO+4KjEHERlxBfEYlPEkJGSLD98SF62
-OYmmR3Cda8cKBk6p
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid URI nameConstraints EE Certificate Test35
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
------BEGIN CERTIFICATE-----
-MIICyDCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIFVSSSBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7pFXOed1oA+6DHAsdURi
-YtGnBPvAO55F3hR42UcP8vCvKmdtq0HpJsn34xYHoFPjGctei8AiFVXnj1jrbb8w
-LyDLTRVPFPFHmy3Q956KRU0DteJ8ptI4FRQRT7KeqKADvth4tP91aH2DyFy4MTr4
-wvUfV1mnYKgY7gpfBGlOPQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFKwdFrpLHgtf
-4rxhruHZZFp5vkXWMB0GA1UdDgQWBBRJujI3sGa+0thW8SoF9JqAlJH04zAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1UdEQQsMCqG
-KGh0dHA6Ly90ZXN0Y2VydGlmaWNhdGVzLmdvdi9pbnZhbGlkLmh0bWwwDQYJKoZI
-hvcNAQEFBQADgYEAMZko+lW6d/NUyq1yPydllz9hzKbH8duOaaM8azG14FqmvYnz
-EylKSfh2WuqTwkvpusjhdtr/33S7AFU74OJ9dJy1IgqvLWhD/qCm4fbEq44Ejhr5
-sChHIwMIvecNIEOi6e2R7Ue9ivA2gtFEQCfse4ZVPf/f3MLErRsp1dtITxI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AC:1D:16:BA:4B:1E:0B:5F:E2:BC:61:AE:E1:D9:64:5A:79:BE:45:D6
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        48:8d:62:fe:d7:4c:f3:06:9a:78:4d:e0:96:d6:4b:12:b3:93:
-        23:96:6d:00:b6:6b:7f:35:25:e3:94:20:1b:fe:c8:cb:3d:5c:
-        7b:e8:f3:cf:c3:db:96:d3:62:4e:b7:5b:93:05:11:c3:7f:41:
-        94:e8:75:d2:8a:67:bf:f3:b0:81:25:22:99:a3:4c:02:9f:1c:
-        87:1d:b1:20:a6:0f:b7:c8:f2:2b:e5:b2:4d:b4:e1:bc:c3:85:
-        b7:54:29:13:e8:7e:53:ed:d2:cc:a7:95:3f:71:32:5d:3a:09:
-        a1:fe:af:ba:45:14:41:1a:67:fb:8f:46:03:6a:fb:78:26:71:
-        02:1b
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSsHRa6Sx4LX+K8Ya7h2WRaeb5F1jAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBIjWL+10zzBpp4TeCW1ksSs5Mjlm0Atmt/NSXjlCAb/sjLPVx76PPP
-w9uW02JOt1uTBRHDf0GU6HXSime/87CBJSKZo0wCnxyHHbEgpg+3yPIr5bJNtOG8
-w4W3VCkT6H5T7dLMp5U/cTJdOgmh/q+6RRRBGmf7j0YDavt4JnECGw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem
new file mode 100644
index 0000000000..ea4090779e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B9 9C EE E5 06 0B AB 05 CA 39 77 87 BA 12 4E B5 D9 31 F3 BC 
+    friendlyName: Invalid URI nameConstraints Test35 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid URI nameConstraints EE Certificate Test35
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALA8
+CtHPii7fw28cFZaZuH3dG0rXPq84FZPv6pvNJw69Z2qgNbiwyudr+U3JacGVOQl0
+DxncAg+RfSCSzkZoIwtukH9TC+IFD3J4POTu1uLATudMVsiDM0gmzHR64zc9GRSQ
+2pfSDs5zHFStkdfcZau0xxSff0vXU59UtO+n6AuVOZcZfosrFWTxSf2hEyyt04MH
+FVH/vDIT0mym1kChxQ+NYLqo7A104ZTrJq4ejxFP7Fp62JGqvDGLSnisFNjkcVac
+5f1dehlAIm/ssRyMHK+Q6Dh2KrjPRdkcSuYzDFz82ZhWGaoBj3OrYYljISCZnT8p
+s0HqA6BFbBXhveCFVgMCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBT6KK1BFt4qaBfI
+DxwjPyYD3gIUAjAdBgNVHQ4EFgQUokLglRky7eXtrwkCdqZ9KB4g5tMwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREELDAqhiho
+dHRwOi8vdGVzdGNlcnRpZmljYXRlcy5nb3YvaW52YWxpZC5odG1sMA0GCSqGSIb3
+DQEBCwUAA4IBAQBY+uta9QOhKurTMvpDULkPL4HU4wWHAN7+kL+Q9va6SDimwLTt
+N+PT5OfoPbALrC3ETTdcfyJXcvvEbuLcu2/mozR8ZPE76pLeV03v73UlApv3pfzM
+u0ydogvBtA+//I2cZv9JDN55LwM2NxHzEps0GBNjDSqgF5jEPqOqJYZF3U5JvIvd
+tx6OzIGAbq4Y1p4iiyMjEhOZUZ11V9V37LPl7wkWxbp7a6a2+jZCupfWJbDLJHiR
+MrEM7imDoSbkOkwgajrtmRHksuQi1fk/faJfP84fVRFIrBzHhPgG8yV5fLSmLgTp
+O7lmeu5uvo7psQ2Qa1JHtMbw+9YqgK23nR2I
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 9C EE E5 06 0B AB 05 CA 39 77 87 BA 12 4E B5 D9 31 F3 BC 
+    friendlyName: Invalid URI nameConstraints Test35 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,25C09EB350EDA71D
+
+fzMhGZFyuZHOZar1Ex1YnClyTLjlH99699MkjHMwap8R7dljeW2EcgW5AmE9FfZ6
+36OUWMoleVzXUc3Maz6Cmm+9uaaPY8/OyJN8F56Nkeyh66O/3C3ZpcYP6xLiPfRW
+qp3qtpDqrXlPQ+7agcnEAvcAkPtMU8+8LxSbam7AVdYegUrKBTF6n/8sXWQkBQ1b
+MaH6dsEqBI8dpa42mC+DSXtj68ep6uoLupbLkBy+1KAekkLTRARwjCjo2yPclMIO
+XvOF+o0/tIntRwmkyqV+m0aVTEoI828ptbjQsRXyIozdRiZBYQpb7evweLrr1OGE
+bQb3VU81mczr0gvaRoS3977eHasbPKnLRNaEhn/YtuqJZzWqM9m7F5ZhX18Jw2VT
+hKlShw0qHLQwO5RgelNxiq99l/EICtR1ZdAe0rW1UPyho17XTRDBSLVHB5/bKc78
+Qgpz0Jn7iCRSur4n3w+MYhtpH1B4lctNrcU4rbj2GLBwYaps3H9Zh6qtlyhiRgpq
+4mUhbELsVZgIAEA1I5coax6EKQ1INTEjNInQ2qXXfXpFOzQiXRZN5FyTdJcr3eYp
+lW4w1Ftx/gCcnd39ASOuNHFu9wI1zud0FglhuLYqP9MKzQxKp8vsri8DaU/08eDi
+/xhR9yhiNlTgoMrVXs9ymW5bMQVPuXOem1wnaOj10tS+7IUt4dMvWYaSwBhNhs4Z
+WYUNNF/+K+uXwGLLG7olR8KDGAz1Ntcj/YFJ0gFxHOO7VHzneJPQaEGV7F7S/+m0
+G6xqRTjv56ZA7RdZYvyhhcJ6+8040b7bXAuxeBILg/R2yoi26KDsXlUN8VkqTQJi
+rvlymcRkPdA1P77mcBZ2FIGvDT6kfpmQ4J3fgAlxeRA6Z1yud1MWYjI+QjhH8k98
+3TRmHiITXssfAAAvFauWBef9waFydBuksceDgMgVcMaAL89hC7SlKSJ9EIKBWqB0
+Z27UIZXVjz6qlLu+1k9yLVjE8v3isfIN6WUBb/Epw5tyOUReIH3a4Ejo7C7sG8W5
+SajwycO6+fGYpb5H1ins0CHbGYqFMkjKVsiI707ZC83D4hXuubXp2YbWM2LLqVlx
+MQHiISQRhS7u3Edqnx0iK2s7cxwgn4RnAglzgE7OwgrOF/tRVF68ljKNYyb2+dvJ
+P+B0tHWe9leMyoWNNl/cKkHmDXBbjSQlNkE154Af0q4ncKY2WRmCA9G4LuNIONuP
+TRnaBMxikRWAPEJBt8X5CEsiXzRC8+Aa9ULwdrid3Blv2QiaUlPJ9D6z5ffDDXue
+xJFEKYOcMwkVHzJ0+DO/gdtNLXsDdGrsjGRjDwJIKaOY5Z5YgEMQRnsjSoxhGqIP
+QfFFNaoyidM3paJ7+0Cj9J0716Sv4dNiALkA0wHuTQfGZ7JZITYGsQ0errFqnq8R
+ZmlUEs8gXMd8iE98D+gmegENCaUe1MtN3lTpuomzzN4p1PljDYGeioFSm96Uw4QA
+2IKLQuJi9Njfn6/E3sMdZpgZ4lxl1rOY1MQIYTYIdrOKRFyrJNJXRW4xdmmHdoFd
+Eb9YHCkR9DCy5hDRaVXxW3DJNKTEnwUD+e32UkOj9C5LaiwKwKzC4QoAIFsn95Ju
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem
deleted file mode 100644
index 8564b40553..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBSTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCu/tVS
-XB6TUXM4bU2lQ7EKvQrGMy49TSnHlIwEVZ9UNvbSA/ChnCxPIKWiVWlqdqr0evlL
-xdLPxQe6xHuVjkvgFleY6RjA9LqD7YFFvf8AnDD6BV0kIr3itChNI2abON8Dh6IG
-+o48bCPAt9bqxCepQbrSn4mYSlcKjyn66Ev7AgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIakVWPxjKAjp6e8y2yq
-bdBaxg9aMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYYXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAXeaQUlCHmmhg1rKHYxVfKaCq
-S574GPbDh1QtQoNmVqFF+yGHse9s4hcYcv7VZB74kYKCFUShbBWl1VcmgPbJLDnc
-MDjP1B35WdH4IGAxCBLHOiuv/1AWL9EfHUdhX2ZoFpJqNty9lFkahCZ6MARJwtS2
-fBh60OItInetzMDECnE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid URI nameConstraints EE Certificate Test37
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
------BEGIN CERTIFICATE-----
-MIICyDCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIFVSSSBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7RoVBb6HAXuZfLDEJZHtZ
-ZqQoQWTPZt8PsM1IGx7uBWtoC8OpBufVE0QTJZV7uKwsbPCvIAHlsKsoTgxWMPpG
-83/daynjox1RbmbI9Vlc+tK/SbwbkIVJ7bO65t52t1SDIfnPSxBa24BxP8wPqbCj
-d1alYdvUt+5ERxY6pW+3tQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFIakVWPxjKAj
-p6e8y2yqbdBaxg9aMB0GA1UdDgQWBBQJ/mqtsTQDfDnYag36Bwgfh5EMFDAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1UdEQQsMCqG
-KGZ0cDovL2ludmFsaWRjZXJ0aWZpY2F0ZXMuZ292OjIxL3Rlc3QzNy8wDQYJKoZI
-hvcNAQEFBQADgYEAWfo3+4bDtxvUvo7zJGGkAMWVXpX27OK57XmNG8U6Ge4H9ruL
-S3OImTHGFt4EbUhw7OIxtSSCdT9x3SAg+jLVLn5FZYM3tkPk83lLSgSS1kvoRJNN
-zf69vibTDpsT9yzeMDt0vFKe/YN4RJwfBWm0ty7yrI6uUu3oxcwLsV7+Wbo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:86:A4:55:63:F1:8C:A0:23:A7:A7:BC:CB:6C:AA:6D:D0:5A:C6:0F:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:1d:ee:ad:1d:21:24:88:c7:70:27:82:cf:68:1d:fa:61:18:
-        da:2c:a9:9e:05:0d:b4:7e:e3:ac:49:fc:82:76:d0:6c:80:1c:
-        b3:b0:36:4c:44:da:e9:0e:aa:9a:df:66:1e:0a:80:f4:f0:0c:
-        84:02:2f:57:47:96:e1:f7:ae:e6:be:85:9e:53:e0:97:1e:9a:
-        68:7e:f2:32:8c:d7:89:1e:63:dd:3f:47:06:30:44:e3:42:ee:
-        30:c2:d6:ce:3a:46:4f:6c:8c:e2:43:c3:7e:5a:51:ce:5e:73:
-        7a:ed:f7:5a:04:a8:0d:f2:f0:67:af:e1:0e:b8:eb:9f:cd:2b:
-        24:62
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSGpFVj8YygI6envMtsqm3QWsYPWjAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBzHe6tHSEkiMdwJ4LPaB36YRjaLKmeBQ20fuOsSfyCdtBsgByzsDZM
-RNrpDqqa32YeCoD08AyEAi9XR5bh967mvoWeU+CXHppofvIyjNeJHmPdP0cGMETj
-Qu4wwtbOOkZPbIziQ8N+WlHOXnN67fdaBKgN8vBnr+EOuOufzSskYg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem
new file mode 100644
index 0000000000..6bef580768
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 53 75 D0 B7 C9 37 05 AB BE 60 9B 70 09 E6 46 C4 1D BC 94 63 
+    friendlyName: Invalid URI nameConstraints Test37 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid URI nameConstraints EE Certificate Test37
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2x
+nbrTtgYrZ7vvgjKR+rj+GcPuu7hubTLNz64dJYq4bO1F2Pp3AGeit4SFt5mWT67B
+p+jjMo8dpqoO7+Y6+sebnJv1pharZ0fzQodcfl9/wTPTCwQ3hd5hOIwIKEC5rwhF
+OfC7CfAG0LBIc3L8ayYbDu3rfvHr43tSrXeNQCDs4sT50yYrkmSc9cSx9zrBin7y
+1XEEsyvcxbwG6vfazFyBtWylBIxrryPqp8/tCpj4v+YKpjNtBXbtI/rh3NQRWqmC
+0/byyDKuu+ZqkOwBZ/VWX0QysdoH+z010rhboJp09kQqL9P9hgB8WW+8zBk1mjnK
+fhk9TBzniVk7SZFntLUCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBRN64lx3/AEAbL6
+djpYsbpg3YzTwzAdBgNVHQ4EFgQUtJ9QNnzYVFt58I4Udp2pJfKkuSAwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREELDAqhihm
+dHA6Ly9pbnZhbGlkY2VydGlmaWNhdGVzLmdvdjoyMS90ZXN0MzcvMA0GCSqGSIb3
+DQEBCwUAA4IBAQBB9r2UKkXqMVYrheLH937+0QmR/JOtK+oaJcw+mJBOzy2NbIPO
+7m9OEAElkt/PSaONwtLyuoEm3/c2Z9DVyFE/ep1ndQ/58Ow9vj0WE2mwU1zhwn1x
+R/pZz2WAfFQrgJZLqFoACN38Hsb4SsGbDIWGQrJSabtJPr2XDfKE6TBhVAMHYtcs
+Xia5zyRiL8c4BEATlHrBlw1CngLBfBIDGDc9sKaXboOoz44uyisAwG6FJ9XR/v47
+Wt1hVvxa2WF7AJAI+HZn8KdlLyJK9zi+eCETErxPu0hwMLhe53M+MllHSzD9kOfq
+7gHu2jUzx/W4G4YH5jEo0EW8qEUcCEQX1cR9
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 53 75 D0 B7 C9 37 05 AB BE 60 9B 70 09 E6 46 C4 1D BC 94 63 
+    friendlyName: Invalid URI nameConstraints Test37 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,75BC6CB11B15DF92
+
+3DizqDfEvcgL0nq3ByKA+fh1S3y6pB6VUxFVsKq3gqNoh/y551DDwYTXq9f6ZlSD
+j984y50YtYufkDg948E+w31Ja4J2/Q6LWSQ6KsHSRzao+rYVIGY5Bi6ClPJRZH9/
+ffym90Xi3HHhmdqBbmUGeWGegYcXLUR8bxH/EMRP3QVuxeMr4oXkNWIa2Daw3SGO
+ea6hvfUOOqLVj/22zswqBiu2u8IJYhL4ZSECTck8uFLvs8ys4CP4RkSQ3lqW2cJ/
+BeGqWWTO1naMkNvyywaObDkiM5IuKH5AkN7aMYr+VTAWJXOlQnrsixMZgRQsBAD4
+sz4sN88En7ZnGCxVrzEKdigvYlwUqTOl5Al1Z7Lb/u+//jyHw8ooF92f9RcLhkFZ
+9o3riTn7PJUNiyHC1i7XfXm0o2TC0NEJrNeTTs6a7JQDjY+1vcUT0KGPJ9CYWWOn
+k6MTqq7Y0CwrOiI5LGnrXn0BGMLD3lLtCve03Io0XthCKcLWa7pyiHmlKyAg1LsH
+Q4uVRMIy/Vc50k4MF4q58UKj+LVZtoFOBBR/aMYK77QtfobrVLJk+9qgscS8iz7h
+YdeE08tvk64AOnzyOZGXXkvHDifXTILbdwsM9yiweKoAMMLRelX6IKaldcku+sa7
+OmR6bOXv6jqWl9PuYte/T6HOqQEqFGOUMR58pC9si8LWiNYzEEGXdcduysZ3lF+o
+UtmfmKHRKBWf5xFLma81mhhp3RbZG8gRKkDqnIJRUBBs7oJEDxZGMX3THCkx2FP+
+TfS2ToyOFk3fIUxR7s/e3ej4wmM3panPmZjwy88AKl4Vjd4c0FLR6FHORlYgdTj3
+c1Rfvj+8TNZVuzn4OL3L5mnuc0q9MqhELeQtNE9E4uVifD8//IAknnEABrJpGgcT
+XbJGmM7ZGMm21jMKnZkDgV4bvCNeuPp2SmM++v6tu8fX+nUePbMMbzFt8tbGfjLp
+6addsVIwNGrsh7XYIV9KvcwCDVMPFbQ3oJd3QS+UYvTwxNvSpAXBeMpmToxuCn9l
+E4JVRWrL9yKEo1GF+2mVGHOasuicjQ2RjXFJ2vtJBk4RDdE9/4b454hL9nXN2ghg
+mAKkn53PypLprugnvywhRSEQ3YBgqLQkq6bRjcJElUFv3YfQdWOamI/KAKn82J2r
+FO5AiNgFAilZHuBSxsfCmK3VAdKE+CZlWWkDEJsjlMFdYY8Lg5iHzDjfMJD8iSDm
++urOHgyvh2eSaOW9SB+7+1ucjga0xIIkotUzxv7HqLdCMYNk/6YYRR8fHmc+Czid
+mMTScS0FZaBLZrR6k6DUBvE2NCzhVu/8w8fYq2yeZch3sv7wIyhVvct91g99gIfr
+wUCw6KAOAJXtCSR4neqKQDh3yKUj9CPCeSUPAwtH+9KDRRaiNuGFgXejLjRsYlwe
+EpJPHcnXy2P7/AWCMmjx24CAgtezPoqkLr8aK8cJcA2CUkO3bSVe30MZzgqWxQ7R
+u26EjHPWF/fOmCPpx2D6mTh/nZa1yqSxmgOVecODKkD4y3m2iF0m1ZPAZdhZNDzb
+2KnX9sAjPjw9t3YFEd5+Jm607M9DfZLr+c6YnRiQKJ1GDCFhQt8LNw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem
deleted file mode 100644
index 0834f93e74..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBDDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UEAxMeVW5rbm93biBD
-UkwgRW50cnkgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC4N3fv71Sg97CctA2gdnDYdBCxvD0dw26KQaNDbFJBOuoUZ2YczhV1669VascT
-67yTxIEcK9/IDZ3YH24KxfGvQ/QPio8W8AMrVyCcHJvX6LyAe8VOYc1STiqxmpxi
-lp0TtHeYT9eIybRSaoqtDChQrkbPKB3unwxZbFwK7EJz+QIDAQABo3wwejAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU9Vvr2srl76qI
-n9lsv1vOk2kRTYAwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAAHH0P2ABpSL
-gN0JmwJ5PRblM4ot5qt69t9Qxgui/fn5pIZa+tDA3zKtJx1/S1Sm3gdZb+2A71hS
-3h/LIkmSD7rTwgJTfjtKd2rVxvPhLlvC6Pt+8cOlOAfxT88Q5atXsU0P+7ZMw/4U
-3F6PnahEk6JTNn1ylgi/e3jRoVAew8qv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Entry Extension EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlVua25vd24gQ1JM
-IEVudHJ5IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMGwxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFB
-MD8GA1UEAxM4SW52YWxpZCBVbmtub3duIENSTCBFbnRyeSBFeHRlbnNpb24gRUUg
-Q2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPIB
-J/eXGbgEoIPq9cvpKM1LhdR/nU/V8FVZG6E6cGIPHhm6FpNthtmafeQMPHMkT4eV
-41lXx8f9O4+xj0BUXNv/WhGhsT1PHxs+VzLNTG2mp4a6gOaLprNo0vi8C0jMfyQ/
-QMqq0d3vM/QmM4H1AJnguuG4xoSFqLZqIAYC1Xb1AgMBAAGjazBpMB8GA1UdIwQY
-MBaAFPVb69rK5e+qiJ/ZbL9bzpNpEU2AMB0GA1UdDgQWBBQoe5/NueRG8dILVNg3
-c7z7YF5PVjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBADjyBhwUgM1wXGm948RATjxho9tRdPLLVwj3K0Mh
-JSy5uURrxX2u5UUutqr2ZOpMjUcO0KY0qePFA7Oi2i1Wh49awyxUEqYVxRgBxNtB
-sKxMJG/iV6sX+9X3ObXDCG960+AD2q16GmjPiVrqxE3JQE/1dvdEyHduVgugTEpu
-WOKs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F5:5B:EB:DA:CA:E5:EF:AA:88:9F:D9:6C:BF:5B:CE:93:69:11:4D:80
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-    Signature Algorithm: sha1WithRSAEncryption
-        46:89:76:03:d1:a8:eb:7d:04:de:bf:a8:1f:86:48:8a:d9:78:
-        ae:21:21:62:91:3d:ba:79:b0:17:d4:ca:41:ae:d3:43:4c:77:
-        2d:9e:99:65:93:59:dc:72:dc:d4:90:04:e4:f3:ec:ed:63:bd:
-        09:59:3c:a8:0b:ae:fa:ef:11:73:b2:a4:9a:e7:6e:c2:fe:11:
-        04:f1:f5:58:78:95:d2:24:2d:4c:4b:7e:7b:f1:8e:9f:ce:82:
-        76:be:a5:5e:77:e2:33:10:a5:d1:2a:2a:c8:e2:f5:09:6d:e2:
-        e7:c7:9c:cc:5b:3c:52:29:f4:a0:3d:6e:8a:87:8a:94:2a:65:
-        74:fb
------BEGIN X509 CRL-----
-MIIBhDCB7gIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlVua25vd24gQ1JMIEVudHJ5
-IEV4dGVuc2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA3MDUC
-AQEXDTAxMDQxOTE0NTcyMFowITAKBgNVHRUEAwoBATATBglghkgBZQIBDAIBAf8E
-AwIBAKAvMC0wHwYDVR0jBBgwFoAU9Vvr2srl76qIn9lsv1vOk2kRTYAwCgYDVR0U
-BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEARol2A9Go630E3r+oH4ZIitl4riEhYpE9
-unmwF9TKQa7TQ0x3LZ6ZZZNZ3HLc1JAE5PPs7WO9CVk8qAuu+u8Rc7Kkmuduwv4R
-BPH1WHiV0iQtTEt+e/GOn86Cdr6lXnfiMxCl0SoqyOL1CW3i58eczFs8Uin0oD1u
-ioeKlCpldPs=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem
new file mode 100644
index 0000000000..64d05c4a64
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CA 4B E6 E6 B1 A7 D1 4B 05 CA E0 3A 9C D6 BD CC 66 FA B4 EA 
+    friendlyName: Invalid Unknown CRL Entry Extension Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Entry Extension EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Entry Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeVW5rbm93
+biBDUkwgRW50cnkgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowcTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExQTA/BgNVBAMTOEludmFsaWQgVW5rbm93biBDUkwgRW50cnkgRXh0
+ZW5zaW9uIEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA8pQkABHQjAg0Rtoy+Yv5tsEOzBdRIAZdfoierPmbsVp9mOZG
+LkHAevOhNvunCVK8NeFinVz7NEaIaxsBdbAOqcQOez338byeOKLTA3woSTTHK0Yz
+yE2P57stG28RtP6oDYBN/+7Em1V7HT3+nZmvut6hX/ijhYM3wCtq/wwb0Yvopms3
+fMKM8wJ2XCBHIdKhFrQ7d9rW03VYQvsRnLEasOCYIDaoguRgM60pHfdQVCj+ahUs
+9/ZEJCg6bSmnybJnhdEjiy48AOJJwx5dE51diw8aCruouIlpZcuAjx8QGHmtDl41
+VhjDT5UvvsI1Zl4LIF8aCnO/7PAZGtOaRB05dQIDAQABo2swaTAfBgNVHSMEGDAW
+gBQAphnLoS1NKC8i89JMN8//TDDN6jAdBgNVHQ4EFgQUmuFGJWWGdlodm00iyfNS
+V8B1N6wwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEAhom7StGhTRkAiy7XBsP7ToZ/jg3ErbepTvpGLQw3
+TH+zX5Sc1b3R8tR4zJ6RChxonMEWq3HvLNdn8ddyI/n0z9yJxanvt3MTg1OPYIBU
+zV6Oua7ryA4BaVNQ6Mg21pdYtFFxoVfhdP6O/2T97GeW8fp9cvKLagDIegl/KQoX
+CGM9uqjiFup6u/EllniCZsx0EKJXsjxA8CptSxbEgiqxFdo+t+7LM+UMMhcqynMx
+imHOzUGLh8H7WSiPo8H0+KNCDRCh8mO1CANEt+PuW6o3hD1K79QTd3b5qBzMPlW6
+5UWHk/Ncn72YrKxKZT8gc0QMdOtGO2L2h7fH2hPXZWETbA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CA 4B E6 E6 B1 A7 D1 4B 05 CA E0 3A 9C D6 BD CC 66 FA B4 EA 
+    friendlyName: Invalid Unknown CRL Entry Extension Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8ED5E5A518FD8B64
+
+5a8ty0N+/lsBZJVhArhMOdNjFyjrJZyD5xea97tdyu8+xtqWQguWvFbhvnHktP1J
+ZKEVrSa+KY/3RWa9/tYs7fpMrQf2FHBB8Dnrx0sw03RAdKiKEnB+9psQxGPBYfEG
+nGFtJvDgrASnrDdpRW1izeixNTMA3/w63wt0InU26KV+5CfV8iRVH0OFm1mmhEnY
+ZKvRxVAtR3WX7DvaYyaRhLRIHWOYT+NzQ+i/I4p0LXTaeYcMTEc3zVHNELpqGiEY
+FQ48IFvqR73reeC5T79OCfXRlDtRvTACZIeig6KsDQET60/cz3DKzJnBJ4m+uQF8
+kVoxz6zVSjTdqwUiA2QBeJ0HYwR5H0617M+OOegG8KC+UmKy3OSkq4DI1A7pzAMZ
+fRxSaQ3jVUX+BJZZt0QKRQdvlKCV7p2wnvb+YCaZ3WwczlM8MLgJ2XtEmHsqsy0m
+ReU/aP5BukEambvjwa/dw8zvDXZehCwqmNoLjT38u/Z4hAMS8vhH0B5bPMabWINU
+fv3uZUsssRg2/1cwtaOU1QaWWKruKDXMFoZ1Q6CEQpZCsYSEoEb3MCAKqZ72KGCh
+XWKWiXL533z8e1PoTJfaWplUSd0ki11xZVrawcJq+zY9nD8z2z5C5C3p97Cko9Hq
+F8Ub/eYPIb32S6jH+U0kbKnjXxq+3/71gianVgUoHb5+V9O9mwVUR6C6eVf68P3L
+tmcMQK6GUu+XKyVMM4lwd/Ql11fyj+LO7EYNCFtne9nYV1K70H4l83FM/ptDeh9u
+IADB8XPzHtm9cxDmEaDD0qSkZJdTWO54RSa9pXR6dljYA61b618ydq2uG9vz/PME
+VLQBy+7VyK8wU8srI9GWtTUD16GrX3CuYhZHo33pqbnkFPDwFqKHkaI0ya4y0lDD
+tUTpBkv9a9v6gzXvb4ZlRWr6Qapm1x5YeU0KZKrOrsbW5WqJeMaraIJPDJtNnCGu
+Uva+oAdtpXOa7yvw1nZS+uU22SoM4q8duLwd4xJO7++V0/iL0Mec5OBIKsSLuGdW
+bbzQs/r/u5wjXhn/iSUrPD+OrllCAHHZI/LYjBr7A/MFoXx3BTCGWKbGf78gPTpi
+fjCtBBxdlOSaDa29dkKddNJ3QHTaCY38e+pfY+nYTc6dzybH1azWKzEUDKWOX+/8
+SSNMLkOD81guneMVIduKhfujej+gQia1ZARIAcI1SoJI++LaEZBgvIxGuK6Es9pn
+mUEXWKWBk6cWEV4o98PdOK8Odx4qfXT0nEWJlrnIUeccfYjmfhwl9dmWoyPy0PlT
+/QNPPQ4/dgPwQc6MaDrxfqecIJs3ng1o+CEsJTLYgEKreD84HXNUoiOswbqGAHaX
+QUjiQFr8Xo6m5slci7Le2WFzNELJhwAYicEZXeBkN+cShcgOjbVHQiNmkaZBLhqZ
+plX0K9kGFRRsAstse5LIoIlgaq4DeKfvYglIukZy0JTGWDWdsnU2mqVwPuc15SbL
+yoPaVX5a3oPv5MxeLiZP3y2r3sisid0+AOCc9Ey6P/iZGiorVu+RBLfE3ft/cROr
+ZxLGPRV3YBguu1WnhBNneSDGaRm0O8O4NrtyQwXt7EAy4XAIqMP4w51RNrkjtSiP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem
deleted file mode 100644
index 8dc7416970..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBDTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYVW5rbm93biBD
-UkwgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytAs/
-JAs2Ja8c89As83uwUulH9T9tQPZcA7nYHvlyElO2ck8TAyHsxyTJEX3dSXo5IOhG
-VD2Onq3BDeRFf6pu5OMpoQ3OGJbb4q22/qZtN6etR0haIBvS2ftAIPX1mJHU48rv
-TuMEQ0hoVtFxKdyYSeFaw9iBTbcaZdPUCMbnIwIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUao8V/5j0N/1M9CcF3W7o
-YaFVtKswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFoi3BNwtKmwgQu7YVgw
-RJCuLiqFCNPny8zbrLdJOyTSB1MqnPBzrnx0E2U6i+5RTiuIUrD5V54/46OcAenb
-ABT5jTygyoV5M03Iy6ZRQ71ZqeX2hc8LeHetvMTN1fZiNOtwt6Qn4LtWGyw5KH34
-KMAytthglbz5meZVb+cbK820
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Extension EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JM
-IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UE
-AxMzSW52YWxpZCBVbmtub3duIENSTCBFeHRlbnNpb24gRUUgQ2VydGlmaWNhdGUg
-VGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi6/iZeRoibZWIgFQb
-pVXsmxIdt4k56SpvzvPgJPyoxkehfaVCNpZQ9udynRLZaogzk1Js85Xmf+O3MBul
-a/xJq4BU0Mit5jPBDcfqEpOu4ovFBfX7i+nBDbBiS+2v+QkqntokkwaDKKCnDRV2
-qjQdAnTFbFNpkpyO3yhWJ6ASOwIDAQABo2swaTAfBgNVHSMEGDAWgBRqjxX/mPQ3
-/Uz0JwXdbuhhoVW0qzAdBgNVHQ4EFgQUkm2zSID0l7fhHwrbvsB+O9PRHtkwDgYD
-VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
-AQUFAAOBgQCMYaiiImk6MCNreccITRisfSs0mHnXu7opjgpXuD6GcKnQtOhN/52T
-12dfAZMp+ROHHg2hZ1xWY7Uvn5IWbWEepjY0SpyGDsuzLgEO2xXg7DU5n1yxZpao
-mnsYHYHJPrTQK7jpsbutOP27RSNid2jQNfnyDoYsn2uCl6zen1aoCw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:8F:15:FF:98:F4:37:FD:4C:F4:27:05:DD:6E:E8:61:A1:55:B4:AB
-
-            X509v3 CRL Number: 
-                1
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        87:83:34:a5:84:cb:5a:ea:95:df:cf:c0:15:aa:4a:32:5a:e7:
-        29:82:92:af:40:f0:c1:5b:0f:f8:4f:c5:ba:af:bf:12:16:85:
-        b2:d9:df:d5:f3:5a:da:bd:15:8a:ec:d3:a1:af:e7:8f:80:48:
-        54:1f:22:c2:8a:74:9e:c1:c8:5b:33:a4:8f:6a:30:43:91:35:
-        0b:08:c2:87:c5:5a:b0:b4:30:6c:f4:f7:22:7b:71:b6:ff:7e:
-        3f:ae:da:aa:b7:d2:4a:a7:10:7c:70:b7:6a:10:85:d1:9f:d1:
-        5d:bc:36:44:30:32:6c:bc:a6:8e:24:96:62:d6:68:c0:24:13:
-        55:3a
------BEGIN X509 CRL-----
-MIIBfjCB6AIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JMIEV4dGVu
-c2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQEXDTAx
-MDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaBEMEIwHwYDVR0jBBgwFoAUao8V/5j0
-N/1M9CcF3W7oYaFVtKswCgYDVR0UBAMCAQEwEwYJYIZIAWUCAQwCAQH/BAMCAQAw
-DQYJKoZIhvcNAQEFBQADgYEAh4M0pYTLWuqV38/AFapKMlrnKYKSr0DwwVsP+E/F
-uq+/EhaFstnf1fNa2r0ViuzToa/nj4BIVB8iwop0nsHIWzOkj2owQ5E1CwjCh8Va
-sLQwbPT3Intxtv9+P67aqrfSSqcQfHC3ahCF0Z/RXbw2RDAybLymjiSWYtZowCQT
-VTo=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem
new file mode 100644
index 0000000000..346ce3a3ad
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A7 BB 02 45 25 F3 7D F1 D8 E1 43 94 79 35 18 70 BF 19 F4 03 
+    friendlyName: Invalid Unknown CRL Extension Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Extension EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYVW5rbm93
+biBDUkwgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowbDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExPDA6BgNVBAMTM0ludmFsaWQgVW5rbm93biBDUkwgRXh0ZW5zaW9uIEVFIENl
+cnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKxv/RraXalQIMNtg/u4DOowVy6Z42Ie7yUF43FcKATg9O4UDlM6fPF/Kex2QvwX
+zFx5gy3obUkZ+IdCmuURe+zb5NpPWdvT6XnMG4gkNsXnjWIXA2aSLJocDfktOcZ8
+xDpagVh0LjRgXJ0sZqYBG5xV3AS60+2ZZ76F6sS5DieU5ZM8kjVPtZg+keG5iB66
+N0VSeoeunx12TABPn98i8pqkhqd29KWKLZ0fAa9nwx+W79BDvEhitdEl+RZtiHmI
+XojnB8nlNWNqQd22Ecr2HVxDXZ7K2rraHnjfecQL3Hfi5/0IGdPxO1GAjW+3v2bv
+Ok7qDdZt7DMnzmrCSMB0wwUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU/f/+GU3bDJ3F
+otiCVuuw2RBh4zEwHQYDVR0OBBYEFOvpVndbfwazHTWOwGmszyZU2w5AMA4GA1Ud
+DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEL
+BQADggEBACtOcemz0wi8/F5s10MSmAelSSFXOe9srcYq+E6wGW2tdBgf4hDZZ7wo
+RixYJgU0ia5ZhIcEvpU97rZV/wRwDhl/W9mSgj9WFpKNaS1BVl4dmLlQ366Ssxqj
+lMxugFKpqA1lK8R3CG/XlMXVfJYQD5yonkkw7H9Ozu5tqn7sXmRRvMGD2GpyoHDq
+h5TXQ9X/gEcEpvilOUqju0PxZ4XGqf7v12X+RaQRg3CSwZR1OufNQxBUYDkfhW91
+MD0rFQLdXZMTLtvWD7N/8Ycqb4d6BUWgWfIC3hzO+LBlGSPio+2G51XbsjoJbF2N
+1rHplRvqqoK7mUx5TaxKmRmB3O/N0C0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A7 BB 02 45 25 F3 7D F1 D8 E1 43 94 79 35 18 70 BF 19 F4 03 
+    friendlyName: Invalid Unknown CRL Extension Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44BA9792D4E9C9EE
+
+7XjVfX5tOxPAvijjneOooE1jtYcjKeKaOAdWnwPa5hSobrsxgyIvTUKuTkaiNmFC
+viD5YeOMD02uRdoUE56QnSFFgm/7KUw7B+ei6b7x/Gw+T0o73Po7Kn0MSS6LZ81P
+kBCyETCrt8nGnVXunU1ufyKZQuoQr8egypfg+iNaOJ2m74KZMoXHeZWIfX2sh6HO
+8jZdlRbjQip1mR37c+pxf2aNMN7M1L2yy4HXGcATI3GRgWyoHT/Y2N96fplG7q/f
+ql72slc7kA2590sDFLLndIJYbkNTshjcwds6/EhimEdQ/ji4rnh2srp4mNgLbz3X
+GAsJxmrd1OHycZ4nhxgGHwk9ww/sI/sb7FNsc0+uKWUNcN7MPqVdX1R4N/hn/H3z
+S4UNFdRG6fX0qjDFccRzq4CSPqdcarNwRKrLSN2WairHdY1N60gSDPdt1rgdxhsm
+4myi2h+nIJc1qKU9ddUox3+mJ4r/xmXxeD1U1bXU5pvsiTP1GGQMQcVBsuzHINkP
+FCAVnOREP6wVCKbgZwg6kFe65NeJ19hBSFHZKFim9rjwFSfAfQoVsh7nUHCoAOGI
+FtabfzLbyucleuUk24s1Qtcc67FOGbZCsTgshzqjAkeyciEVDyx0JiuNb51DCsEP
+oav665KQodNU1rZHz2nBI1veDaiHBMsuoTytuVg5q77w9THo2HqJOp6zIiO4dJbt
+k95boKUOw5oQCPEj2ALumzBT3W6maYwNDXKiC4IPnJr6OcgqAKv3UdECgOUYNTAJ
+78ogF7fv4cSA3iwj05cIsiE2vN5Sqk/3HyD+OrSrk8BUQzD0MCv1B3M8GlVs3cvj
+/6q+p+u5q3VK2IymLnm7kb+cI6s/l5COpTA6P/Np4G2Y1JGus0L3p0Y5GsGbeFap
+YHl+e8TtvAZTqALnNlx1844VOOgp3GdYDlKpgChs+Od3ARuLTNpppm2yUhpbeQ2h
+uNkuzYgkZuXZT94ExPaOHEF4OmHz8iWLF3i22+F2UmvqGMYAO4EpS0y1CrIcNFTZ
+BiW2a98/uWmwffp8PuMAATABqbU8xbPJEhyxhl8VLnef8j+mlUJDsCq3Kq235Pvq
+zuSTK8mFz7NHbRzH+LUl588Xg42nhgLkDzVSpql6sONENrdoEU1KVxBEp/LpXA8c
+Wks+vQVkXLpNLB4PmtraOiRtYbmYk7QLNv/Woxjr4BljrOS6uz71dvHcZnCGopuY
+4FHDYF92Z2HmkTjHMEIKzVWlBAeBiYn4WQlS+n8Ov3t2odUBlXZYrcNU9uMsdrJF
+HH+Ja4B1QW1xT6qg736fssi5xD7hdOinNV8hliQ9mAlYuTtPVZSFvYDu5Xwe0N5g
+fqc49ifyy7RUOoK9m993sx+6JQc3MoaKZnW1GlgV0QX99AQ+60sVCJDqgm+kAioa
+sLuJZlBDGXnsxYktWvKVmgwndj3QfFXEx2CQr4csjrUzQEJNotrje644hd6dOHuu
+Ol8dWNgkRiJV0xmP9H9eX2ybFdmDadnind2ntwqV0z+UJxWnujqDC7oxnbb+gLO1
+K/w/PlfbJGpvhGqa24JelP2v5/zersCzPmliw6pzRCF73FcBLhJoozyxMfQrNVzQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem
deleted file mode 100644
index ed2ddac429..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBDTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYVW5rbm93biBD
-UkwgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytAs/
-JAs2Ja8c89As83uwUulH9T9tQPZcA7nYHvlyElO2ck8TAyHsxyTJEX3dSXo5IOhG
-VD2Onq3BDeRFf6pu5OMpoQ3OGJbb4q22/qZtN6etR0haIBvS2ftAIPX1mJHU48rv
-TuMEQ0hoVtFxKdyYSeFaw9iBTbcaZdPUCMbnIwIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUao8V/5j0N/1M9CcF3W7o
-YaFVtKswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFoi3BNwtKmwgQu7YVgw
-RJCuLiqFCNPny8zbrLdJOyTSB1MqnPBzrnx0E2U6i+5RTiuIUrD5V54/46OcAenb
-ABT5jTygyoV5M03Iy6ZRQ71ZqeX2hc8LeHetvMTN1fZiNOtwt6Qn4LtWGyw5KH34
-KMAytthglbz5meZVb+cbK820
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Extension EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JM
-IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UE
-AxMySW52YWxpZCBVbmtub3duIENSTCBFeHRlbnNpb24gRUUgQ2VydGlmaWNhdGUg
-VGVzdDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN5hxrET3bqQkPGYoOqM
-k59f/6Bz8rfuR0w0CP8UqMM+W2xDKIj+J1+sHfl1rsbgm3kKLrIF/DeRgOUS9k+m
-1gTj4NxYqTLXRu3AeqoWe7Z04z8WxqhHyD40VbqJeZgRl960H7nqSS7FUCE5Uhrz
-cBhoLlhH2/lYNtZmNFemPVA9AgMBAAGjazBpMB8GA1UdIwQYMBaAFGqPFf+Y9Df9
-TPQnBd1u6GGhVbSrMB0GA1UdDgQWBBQ/ld8yhWsnGl6nmqhcM8TxDa9n7jAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
-BQUAA4GBADFhplcYCh5Wt/vpCzwZMGj0be5RMlPSh+6UWKY8gR+TknXyeyhIN0TU
-R7DRXv/XE6ZRQda9Pslooz1WB/VBez54Sg3EirsB8hK/E+PS//mo0NN5ooOdWb8s
-WqML3eEo3XVs0Fj1mYc+8U4bYRPrtDVO4Mr/SnyKNNCf1O5R+X74
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:8F:15:FF:98:F4:37:FD:4C:F4:27:05:DD:6E:E8:61:A1:55:B4:AB
-
-            X509v3 CRL Number: 
-                1
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        87:83:34:a5:84:cb:5a:ea:95:df:cf:c0:15:aa:4a:32:5a:e7:
-        29:82:92:af:40:f0:c1:5b:0f:f8:4f:c5:ba:af:bf:12:16:85:
-        b2:d9:df:d5:f3:5a:da:bd:15:8a:ec:d3:a1:af:e7:8f:80:48:
-        54:1f:22:c2:8a:74:9e:c1:c8:5b:33:a4:8f:6a:30:43:91:35:
-        0b:08:c2:87:c5:5a:b0:b4:30:6c:f4:f7:22:7b:71:b6:ff:7e:
-        3f:ae:da:aa:b7:d2:4a:a7:10:7c:70:b7:6a:10:85:d1:9f:d1:
-        5d:bc:36:44:30:32:6c:bc:a6:8e:24:96:62:d6:68:c0:24:13:
-        55:3a
------BEGIN X509 CRL-----
-MIIBfjCB6AIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JMIEV4dGVu
-c2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQEXDTAx
-MDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaBEMEIwHwYDVR0jBBgwFoAUao8V/5j0
-N/1M9CcF3W7oYaFVtKswCgYDVR0UBAMCAQEwEwYJYIZIAWUCAQwCAQH/BAMCAQAw
-DQYJKoZIhvcNAQEFBQADgYEAh4M0pYTLWuqV38/AFapKMlrnKYKSr0DwwVsP+E/F
-uq+/EhaFstnf1fNa2r0ViuzToa/nj4BIVB8iwop0nsHIWzOkj2owQ5E1CwjCh8Va
-sLQwbPT3Intxtv9+P67aqrfSSqcQfHC3ahCF0Z/RXbw2RDAybLymjiSWYtZowCQT
-VTo=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem
new file mode 100644
index 0000000000..242a518027
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 22 6C 84 58 83 E7 67 7B 55 13 23 18 2F 9F 0C 4A 9F 44 5D F1 
+    friendlyName: Invalid Unknown CRL Extension Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Extension EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYVW5rbm93
+biBDUkwgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowazELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExOzA5BgNVBAMTMkludmFsaWQgVW5rbm93biBDUkwgRXh0ZW5zaW9uIEVFIENl
+cnRpZmljYXRlIFRlc3Q5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+sZdrxzcECX8Ri0LLXI1mzV9xmBAlrK0DAO2FWpm7H/EojNUfwYjmGK5Im4UWJ/Gj
+HpOopwkum3ZmnsjIGZwv/8xZhzTvirJwlvXluaTLpxjjec38Ns/aS4KMRBZfYTe3
+nffklLOsmYUiEaDehtA8igBCA7PQCMmi/UzEPx4oBBErihBid80k1fooZy2Rdm1q
+Y9oWRDZtDZQnoloPzp0Z9NjqB7AzaTMYnhmo7kJu5LyUeGM/oWjHw6K5XFT0Ktiw
+d7RUquN0FbMKgYJlpuB0SygFqkO7Vd/Cik0qDfgzfSN3Q7e5bwF9gWKBxJHh8oeW
+vjJIhJlaDCJjyG6wCBq7SwIDAQABo2swaTAfBgNVHSMEGDAWgBT9//4ZTdsMncWi
+2IJW67DZEGHjMTAdBgNVHQ4EFgQUqInp6e7BpgRmX50LwW/1K/AeplgwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsF
+AAOCAQEAK0J7ckIbbVyqqgEXIzziD1qpliCNXcjw0ei9x873IYVdmkGqFF0aFAo5
+lRdzVw451cGt81zHoJekwpQSUKneH1bFEsXWY1Z2wSbu8VFSGwcdnvMHhvhRJ2vv
+qeX/GG4VZm8QH6Ut9MKQB0ouQ4WCNR9nSeomSomQd7NapE9JcxZ7s1c0nBpGeIaX
+q5+MN4vVMrkEv6RvaeXJEtQw2S+wz4ZLgT74bzi52VxpCW9L1ilH+LO6LVqL+LWO
+SghiO/N5LT7oPT6+uIUCAXZn1JQw0j5v3+ljPLiuxHzr8bJKQu/dnqgsz9VA4C+B
+HRsOqzFlVMaEjl4nJtiLhm3NEs4Xlw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 22 6C 84 58 83 E7 67 7B 55 13 23 18 2F 9F 0C 4A 9F 44 5D F1 
+    friendlyName: Invalid Unknown CRL Extension Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B4184B7D6FCDA35C
+
+yM86fFbHKFOUuwVFtV3YvfqNhikDBjZqcXZHqEErVMcks6oU5aSFzKXZKENZRSK/
+2mSlo2d2/9bNC+2Q+e7PPanZ/pyst2c3TcfL4Zvkx4qe9rR1Lys6el0eQEVv4reO
+Bvnh/kh7G/+bkYNiAIS54A3XH6bdSI+nde2B3ZODePJNFuRkAlOzEVzTSlxgia/B
+P3a6TrmlrkfMHavoue5AQj+pmNJkrSfWrzo/Qx0lrpJpOoHEpIyCM1vMEz5gR0xI
+OjuVcA9jVwaVttiOlSfPsPMwNbi3JwRc/x2IRFvL92z1ZkaEOlPIP0g4e1d2M//8
+OPqouTcPH/mFq1i0PPnQllX3+uhkk67Y4zFKcr745an9t5fH+g0gD/D+K8cZ7hha
+DRVRJx3kWhqv1TNrMQmssd3qgApmB++P/LlV3uEwu3Sam+Vv/DCesxSd4rEEFv7E
+KMWa+7aQfZ9HWdG7HEHfGrx9v06cWiBEN15SPF7+BERQSV137M8ElUlpwQj5WY5r
+Xo9dkqc6c2yt9s3xlHilUrinOi+fWhoE7cpd/6LEiOAEKq/j6QI3Uaj2/ih/tsBc
+7EVwSQeSIasf+eIPGq8BDouMCIQ3nBxGfUHwJ+U4zGLzqpPPGXT1QfvS+9SnstSq
+5RL3HpBHKfclSC5HYLdE7h9PVDYW1baVt+jDSOYJqntDK4+KeiIVTLQu3aIrzssv
+sLGKfofCAxDvNMCEZjyoPXjwo5qdltSx4qZ2u+7knsMmeIaP0no9dTS0ZbZaRfLW
+DfX2TMZdXl++jrQh9VHiNwvJN/vM0gOpLdOjvn3CPnms6m0/YRf/nj2yYkT6AMay
+EaxXlKPS6G3MAtPwoJ24X1k7WliDJztZzP11nF+CHllbtUpTgUoOfOKOmuPk4b8K
+SWO/udoNjrXFQwD/zI4RoF1z5Hz46JpmYDYH7XrX0y0rbUuLfEp9SCK3BfTEmMzM
+HZ1lefBDXDBImkbugtf2Zd6xaxTHL0BeE245mnOiEkwPon+lW6JkSavhSEfH7I5M
+LvO86Ovy2y5T+YZz2mXky8UfywFhGPPUW9SIOkTgGwrS71n+7c3j28U4OiCG4JB4
+8JzxqJ2O9rufxFYF+HcbWYK1vd5+jq47mnvSCRn7EMLZKtK/IenFyENRPHNhPicm
+0n52bn2lGz8BzD4EX/OTOzPyrS6Lm/g+82RMX5ygu4CRf4WwmNOi/3mPj/tNnLeN
+yGIYN9k70MTSdaoI1HBp4X8o9/tJGmcLEtu0/tLtRr66034kqqz/L6SZT5NV5wym
+W2HAGz2ae5LsOL19rr1Sr/x7PYPURTJnFY1N6nkEHZ/4+lfekAd1JKPtMk40RljG
+Vix75xnH4CVlb/DjXl5aq6kxrD2Xmpssw02VxGlcIu42FXyI9UfkH8qkQBuQYyE5
+8L3yOehKV/b5IdtCVMZ0JUfT8ugqK4g27KTXS4FCAvbJsbv3A0PpQ67XNU8eDAMo
+aKBPsM6gcyd3asAU5lERXuT8VQT2yxlYQo6l4pTk8WbTh8TmXDsYlldfkdIFtSkX
+gQMXf5gcj6XotTMchY97Qarv7mUsujxg23e9CnbijWpceV8aA4VUHVFLG6ctVn39
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem
deleted file mode 100644
index bf772ff279..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem
+++ /dev/null
@@ -1,58 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown Critical Certificate Extension EE Cert Test2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBXzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMHAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFFMEMGA1UEAxM8SW52YWxpZCBV
-bmtub3duIENyaXRpY2FsIENlcnRpZmljYXRlIEV4dGVuc2lvbiBFRSBDZXJ0IFRl
-c3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdgE9VN0Ghm/NmN4sGBIWC
-mYNYrK8ADbOxwu75ug/F5jR3Wq3Hlg4aC8SCNQ2h/sEnsGhZ1nsQwF1mDWMvsGrR
-87vV31pE9SlPQvMPG5S9UlqHO0b/4wj057sWoMHSvOcROdgJti2Dzt9p9+ArbK56
-kYAf4TYDVQi/UvCb4TYe9wIDAQABo4GAMH4wHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFCWr0F6axQ7dDvC4QVdDsvqzwEdgMA4GA1Ud
-DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEwYJYIZIAWUCAQwC
-AQH/BAMCAQAwDQYJKoZIhvcNAQEFBQADgYEAC49hK2AAPynegAqkmf6gK9o2lbGR
-G1PQFqTf+zLATRWYbB+S1lvMJEOYcf1/T2arOgWO6xXJHvQ2xvYr6VbfBSnIdhUW
-OoIQIAowM3RWpZaHu9Ze31BXnoiw3AJxmzIzuD5l+4RyE5OeqTtfJK15kOpeJVdH
-aMmBFW2/5/9zl0k=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem
new file mode 100644
index 0000000000..1a90066703
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 20 42 CE B3 BB 2A 33 9E E1 57 6F BA 05 88 00 FB 02 43 03 E9 
+    friendlyName: Invalid Unknown Critical Certificate Extension Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown Critical Certificate Extension EE Cert Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBXzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowdTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExRTBDBgNVBAMT
+PEludmFsaWQgVW5rbm93biBDcml0aWNhbCBDZXJ0aWZpY2F0ZSBFeHRlbnNpb24g
+RUUgQ2VydCBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL11
+HGmB8QxySRRl7MvXOzraGLZJeos5aZMRg3lNXzHEmkW+O4/2YkjzYUvj10VhEs9D
+lUAejvIboJ6ZXkYiFx87pZww1Ab7tp0TbrSzT4N2O3+oYosaRNTyYB9Rl6+JOmAQ
+nmk0Wz6Q7KbFzhQPG10mbFtP6WZPW36l9M+KNiLgTdpbPk3R+cVI+ICwaHBC+8Tv
+dNlDsK//6P5NwqS0LyYTT24Tjk7WTpt7f/i/Uczr4k+2hG3hGbMh9x18sZcsSsZi
+5QdsTU0PgefHt1dFlyRP+zY7xBEyCDkLR2KWZdPW6f19qPNagNOLzu7k88oa50v4
+YAegSLRu8SI2dA1Ys0UCAwEAAaOBgDB+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBQK0YrYt0innsAmNsSrdytVebzazDAOBgNVHQ8B
+Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBMGCWCGSAFlAgEMAgEB
+/wQDAgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAckvMPK/r5WshWWXP+qSdUqT7WOfj7
+hdAJfI0aAdCT4sNrR0boObpmHl7sqo9CVRhW9GCgsavFNl4yjEOOdjyz/9wzs08Q
+YI3qgnbqV/r6OiklMuSar8PLoy4v2EmSnB7RLQ2ErbAtLv/gK7lKYj/Rq3Ktyfds
+rnudx2kHpi7t4M1rmHa9SxlheEj4JCTTiDjkn0dVyMov0dvgegQ2bfvTBOmvjt6e
+yo7uiCo0UqrDyoV1ZFa00ylk4EgoenpMfsXbQMUgzS/m0w5O4nPA2YxyBxL+pJAf
+4XP9PD0Ro2E8EKk1i81OuEucKruaXBy774BEGrdZ72TTo0XJSp/TT4L1
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 20 42 CE B3 BB 2A 33 9E E1 57 6F BA 05 88 00 FB 02 43 03 E9 
+    friendlyName: Invalid Unknown Critical Certificate Extension Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,651BDA338F446BFF
+
+AZUCywxK4m9yRJrXqO2HqYZyh099Z1G0dOf0B9Bj3onzixwTb/2NJphl/KP3qeoR
+N/TqXCawDW6VtEHD2beiP/6AMbucgK0aPwHn6S/RYU0Y3tedPD9ZfiIx7Wu024Jf
+2XMCM+WhNv4MRcW8lq08lm3eRk6awQOtNJKUpA1AsPtxwjGVNSVKgaZS4/IHREdu
+r2AYg1R4amj7/PFfZFAymPyWXwNFGHIf4IlORu2yOyjnVFm96OZYm6H89DgKZtkk
+y29ZKEVhyljM4CIfqAT84OVRKLN4182dPL+F+GKoctQjVP/7+CgNya+d5SObsBSy
+s0SNwJ2bz9Ea3H40s2tjSy1tK/NbsgIf8QMODvUqzaB+09vBXrhH0fVR6NeA+8KV
+0gpoZI7lfcJUcCf90bosVxSSWcxNZkqbO5dUmrDS5ZeT8/O+62Ibnb5nmJCzqQZ8
+s7mlbzNaZ+gxQjdpPQufLN9iiVVR3hQPWxbev71DoQEI3HC1iq5/CwlDyOPKVUcp
+Yvboxki+vsYEpxDklSgOcVNnEnRZcSk/YnwGJbOCaWo4bWqAoR7EIfXFiSDW65Pn
+vuJOFQPDFXejfT6MIoqpxhquIh/9CtE0mnfFq4ZvqNzLlaTA0j8nb2tXiimXlMtX
+iosOCPSmKhkzam5NeoiXxo00LAJLISolPA0nfOEF/WWkzE6cw9+6UGo1UZYBKwp6
+O4bwHzv4LAjn98sXOQlEJF9n9ODH10oM+Q6b/ZTfeSA0OfZkV8g+s3/WkXVg2Pwn
+KiPdAnwzj1puY2sdeaDxraJdf8G1F7eerwMILDdkdftb2NjUl9dBhnQuOSp4srwb
+8oLvJMFDqqHWcRW+phkNIUDep19iDfgfiDDTzhSFZdeVIqHywzoXj/KttiQT57n+
+mZtRvdvoUJ//5OioMhuiXBaRL90GfA6/i326mTgWELdI6XGsohsVzH6rPZDJiWFU
+sABwl4fMTTAsSkDA76kFb4SwwENY01uRDbF/U3GqKt8Wl3gil0PkMs9vaBM/zyBb
+xuwjVrFAYl8qLyfYcs/r0prYwp8pIvjZNzo9po4RXGLIu0DXZaHCH0Gl4lgAfDar
+vK8U96JM6m1BW1ktNZO9WW7IVyiytxhRMVEL4qV9bwb/77aMAGe6mHrivh7N1HT6
+9pRrM+fUB2/8xIqpnGR7EJ3e+Ci79MPbD2Kt4UW7XuhzOBlY9Hc5Yh0SaYcVPfUO
+iBXwkUbuEIMIjJbnVowW0+fM8dCMABO5n4LTULJG4LejSLFhNC6RKhddHK471HbH
+Sunz1bsnOPkukh6ipjdZvn4jtRvR8frY66qvmi/bEqUJ9Zypy7iz1H3I8aD9v9ly
+WVuKLkDFOu/p4Yw0yU6UGZl+XNGmXm1eOw7Rqf0J4Xk8HA7XJB4fOplBhXbt79+P
+e5Z7u8uo8BZhXHAZaEPnFf7JAVBEfP4Y8J4ptcWLvISv+5cy3zX9VcrXOxPCBIm9
+crSxMn6VqbpnyEzvmZQlCJKBCNxckAciqHJsVOjSKi0yiJYNPc7q794H8dK2hXij
+szapKjWjmPPd3hzOrEMHqFqhuL1LPfZ4uD71D0RG9QJw7LC0UPOIIBM/E9APGIW5
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem
deleted file mode 100644
index 7f10e7695f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Wrong CRL CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBCjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMV3JvbmcgQ1JM
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrjpkZYUtNf/4W6weCyaK0
-JDUtJyXxK8YEL9R2hpnPnGceXRXEkq7XPWyNBAC+lpGPd+mWjvX4A/MAsGHsOiY3
-I35sJHR0ViNoDDIpACYBuNhtFTQ0JHS34zOZR+jG0BYSib4h+svHctlVWGOY3l8F
-lp8EWSm8YZ3kt7kycshWzQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQU1G3jwp/Wffea3VwN0SfwS1Rpd6gwDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAI844RkGSuDIY9HF+gW3Nd6C3sILutA0Zsqw
-Ih0wWh/y9VOV6TNvPd8BlF1i0WkAMcswgqhrODgySpG7fdDlgMTSI/Tz0ObYbsA/
-Dcd3OplmCfRKi8biDWnBn6LdZysZ9uiIOBFyOFr5cfWGlgSctiXxtZc15sju+TTA
-EwWcPVar
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Wrong CRL EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Wrong CRL CA
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFdyb25nIENSTCBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMmSW52YWxpZCBX
-cm9uZyBDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDYwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALC3wWGmw5/yOOPg3RNvStJ9JJIfBz6CyFWksquf/4icnW/wL4rx
-hCxN1vNOSiH+IrOgWYTpkpGPiMvbvn4h9I2Ytzimw1O0EPTXFAE6CdJagxdcsFHA
-1UJMR/+666NEypeYmyaFMPduqmcR7rED7TZZgQGhltY2+06s0SghWO1fAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFNRt48Kf1n33mt1cDdEn8EtUaXeoMB0GA1UdDgQWBBTI
-T2I2nkS+ARaPkr3QPXOlb30emTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAKM9XsZ6SDRWXHk1nyBsa28P
-ItsxtO1B0ZnK4Aboih9fOPg14udmRCVjgc7Z3UCl+F8YXFWKkisitt55o74MCv60
-2vlEaBrRBPMvTpHwqyNIWCcuDYBT4JrfC+iF8RwHtts9c0KUUn/bwXAuvDclEg79
-XUWTzrxsqFVOnMEktZUm
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem
new file mode 100644
index 0000000000..8a764dae01
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 49 9A 22 5C 7E 4F 47 9C F9 9D 01 7F BA C4 B9 7D B7 18 B9 A2 
+    friendlyName: Invalid Wrong CRL Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Wrong CRL EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Wrong CRL CA
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMV3Jvbmcg
+Q1JMIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JkludmFsaWQgV3JvbmcgQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q2MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLSUqSQ+ff5gAG8H8PWG4MFHgx2SKmPN
+Rr1wAwhfFEIrA9cJWns8gYqTKXRkfTHoQlqHXdg+7dzmZ3QRy9DZ8FHDTGK1YikH
+lTTbTo3j19OmOY7pVmByLa7FOHitP+0ck0QdFTw1eS5frVgs7K9abmLbvz+4YZY5
+bPAdVttyOnw0h4IoHEftx1K+7F+aZUc0WR9GD/XL3gsrnRkiNYVOraX+07frVn4a
+3hLtDWqOEn/0GDZoSfDuMdsjFhwjkObbnzzOQGZOMZerLdwva9c3F5nl52H7iNk+
+4UfaSahjOPfcCNDSQf/teiId+VnO0mCMMqkDxDh+dAENlKwbjGfO1wIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQMJUbgiXpRB0qvNa/NkMRyDreoBjAdBgNVHQ4EFgQUg4Fm
+s0iyLn2sM7+I9tk78gxwvKEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAIhouVXz76OgM7KW9IxI4DJ5N
+SYjcUdKLaVKMmmxsvAt4M5dqPFEmpJMRon+gcR7rFF/M5BkNw0nBQZHUarzMG42F
+u73I2sJWTEbEbg3usXPJKnDISUrvJTBA9y5R+DZ9aRlnZ/OCJz05cS59R2MKdIJ4
+ntOEvWVKeRet0oz1UScIY1hc1DqdZ8YgjUR3waTMKLxRayESKysAAoOxDILlWovk
+WPTD32as+5goMh44r6+0Ntwj0vZ5W0Sg4F24m/R6ZEHhs+elV1ilPNCgghMJ85Tp
+pbE/8xN3Z2ndZzhXlXkFQLdWGQwpQ+2Lld2NFrsn+2+OXGEzT6v+QRLZse0WOw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 9A 22 5C 7E 4F 47 9C F9 9D 01 7F BA C4 B9 7D B7 18 B9 A2 
+    friendlyName: Invalid Wrong CRL Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DB3B0C652578E1F9
+
+WTacPVyIqEiSiv5N8GuiGcrH3xfwU/TZehvEIPBwkx9PginD2FwfwVqltOaCHSBd
+OXs9LCoWsAsAoCcp8GlNwSTYer4lgJsBNnJlGVF0WUMvMandeHrmnR9Ig4LJLH9M
+WHFtmLyY+2Il2aRYN5PPCKKAV9ifAB4bygdOsm76Rat8SFNLC1HD4lmjSEwPmvxR
+bhgs19wti5I708K7kFnV4OdQpqcMIbfgRLA3HZxPdTnN53tGxXUjRxEEAP6SG8pC
+WAleiIS2tyoIYTu0lZSO/OiPb2wQ5mLVxIDrN2PgN6HrqrpRRXwcaAQmuUpA3nkX
+Bx04EtNXHJo59kK8+a6r3BXlT9FxUl+liTZemxC+6aek79zhHgM7xaExOvUdgQWR
+2rY2KZtDkSp7k06hPe0f08kW8GfpRCmkBNIltk3Gn+PxszsPUwZSPZPKjMagmWGX
+AVEKrvMZoVmhTVJAlS4km+sQ246XjrztUGeWwKndsB7YmKYxc1mozguKt/pd9pwF
+DhGKjh9IHxWLSEc0DniLHEDWgwnVOa+TCZVwSPqQHNfXQzKeRSiGCvxBF3mLx4ge
+QGcFKkAPxBb30ZGKlrHxbkFHl+kusXXEZ3neSYZBDwR8H66aAb3lgDmybPeb0kgS
+XP5pW1yk4ldngaEr03NomxqxjtX8p4Dn2TUqnTRzBSGkBSw/2khdgk/s+bgF8QnO
+fEl3gzcGFEcqqH1R8UMJ5lEtRqA2ynVDlAb1d2+5pFkpLh7B3DqiYXz+a0ITf3/X
+sHR+7oTg7olwCLR5xEAPhTKC3QyNBtX4jpt3y0V+HqZCqphJnb49XcJjSPcZF2mk
+quE1kpgjP8U465PR6fmRl6lx82YOWXren0/QMH8FIL18dTXFVJr/+HqluARx4cIQ
+1R4bvG066jYOy4yUPrPDDhqIwBccxVfOWH18wHMBIM0GVUg43glYnKL4Vf8eJwnx
+YXXgC74daXMQK747+/CUsxn7OLk7OrIW8/7969TwQphEoKXxnSNbJy+P/32t5ikb
+HPQ48TBlRoXF+/pD1Jh/BDT2gZT35KrukCUdtzyqkIrl2pd6KVJfXHqObEInysQv
+QXSbhoug1lJZtmzkhF9LcGEFU6fp4suEhmsj39K5UpXIrjjcY17gGOafEVg3FN30
+tetlrlGSrzTg/7i9HwZoB1W2CQmr+D/2v6PdFDJOXAoeYft1clWKNowNY+t9X81v
+NHEwJ8/TY1//TOQHJ+TlrrHgmtP+Z4pehsXvU9ILopFxeaE56KTggsEE32QMC2Iw
+BiyxwYWiM/b3sirmxJ+KdCzKKX8WOvVKflsAYqK9UhrofEsjblwtGtoAvjm/5tjQ
+M+vPvwrHA1pr6O+Ttq7QA+AvVOGPTBSN0DJ+FJgIqLJa5mGZ1Aeshuh/4bqijoCl
+x5/02Hg+YMqxCgqObq/ddlgQRIRelNCyBJA+LD1PMT5wtg992udAFPjtpgISDXr9
+BjaGp9J29L1LevQNQa4T8wLs8XCgLWdW4jEt8mW+b5pPFvkMH7LRFIND+m6fjttO
+G7re6NHwzVsUImFR7pEgZvL1BLTOQUMbS53NBUtxux3wDhdnusPONg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem
deleted file mode 100644
index f64a9bb06c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBFzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlYmFzaWNDb25z
-dHJhaW50cyBDcml0aWNhbCBjQSBGYWxzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAsmocvHtIhy06xoGU8RgpDv0nBGXIPSXRG6Poy/+IGxarpbG06NmC
-maF9YsRYKMKl35fIYgRSJXsZQNbNdFp+OP0unEc2gkWnRFkd5UYXaUYUw+1joRBQ
-rv66WNwMkTSpFnzmb0Pvvxw+5Yy8MMzvfYTwnw4GIgLtTrffpS9B4V8CAwEAAaN5
-MHcwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMdH
-T3Qigo2QmpSYRbO1Q8N1GDbOMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQCYmJK2
-5OMOWxlviglY0yKGvQpDwTyJ4CJmsGGI/rtSjvfFiqHPmq2c/QGm+pAdKMqkhGXN
-FjVPKm8pLqrFbAnWXSG5OeWq5wEMckNe1Qjp91ag5gmWEVwdq86eNxkkA6w/+hjp
-BxoCAT74c74EqPpOX8c6NGlI3VyN0hODzePSHA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cA False EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJWJhc2ljQ29uc3Ry
-YWludHMgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBZMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxLjAsBgNVBAMTJUludmFsaWQgY0EgRmFsc2UgRUUgQ2VydGlmaWNhdGUg
-VGVzdDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWAnb4eGXIMKqcvxV1N
-I1WYOIgPGw0pmor0ePIVaJFQZALxDndu3IUvzZCuK/m5nBAn3qtGItKULZEqeZx1
-sqbagMshYrHDkntnRShl1luH40b/RdWn0SnkWcYiA+ZTmcUYTV4t0OmgeUzQMtMj
-LRQ76i3JymtkR6MDgbJ6NWQzAgMBAAGjazBpMB8GA1UdIwQYMBaAFMdHT3Qigo2Q
-mpSYRbO1Q8N1GDbOMB0GA1UdDgQWBBTQ3jc8Qy+MJLvnf+0PWJpzZUdgHzAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
-BQUAA4GBAKhCguYapRZdH/DcOaj9Mtc/x8+/QbXwwWTyETUNHItDAWqwXgCbEHKN
-tbgWB6IZnzhzWvLcNk0HJrqf8jnYEC3EWj9ruOl7oaCWRuq5uLwtnf6MCI32zjzT
-yJDh7QLWt2STzMDmppGt84nl3PjN8MaQhp2qTJyP9f8ue+n+Ng0D
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C7:47:4F:74:22:82:8D:90:9A:94:98:45:B3:B5:43:C3:75:18:36:CE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:bc:12:1f:84:d0:b6:3e:72:a0:fb:d9:75:99:ca:e5:2a:05:
-        09:e6:c8:27:74:47:1c:dc:0c:d4:9f:bc:9f:b2:62:25:b4:6d:
-        5b:e5:0b:e8:2a:8e:07:eb:3e:6b:c5:1e:9a:d2:14:fd:89:5b:
-        c3:10:bf:19:77:67:0a:33:45:1b:bc:6c:ed:af:84:30:59:fb:
-        7c:71:95:63:60:31:9b:9b:0a:ea:77:f1:70:f1:b9:2e:d1:a9:
-        04:42:66:94:b9:54:48:db:44:56:56:1a:57:5a:01:0e:7c:4d:
-        d7:c0:1f:5c:6f:13:f5:a3:57:88:6a:9a:71:cd:d5:ae:c3:00:
-        b1:28
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJWJhc2ljQ29uc3RyYWludHMg
-Q3JpdGljYWwgY0EgRmFsc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFMdHT3Qigo2QmpSYRbO1Q8N1GDbOMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBADK8Eh+E0LY+cqD72XWZyuUqBQnmyCd0Rxzc
-DNSfvJ+yYiW0bVvlC+gqjgfrPmvFHprSFP2JW8MQvxl3ZwozRRu8bO2vhDBZ+3xx
-lWNgMZubCup38XDxuS7RqQRCZpS5VEjbRFZWGldaAQ58TdfAH1xvE/WjV4hqmnHN
-1a7DALEo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem
new file mode 100644
index 0000000000..1c8a8c279c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E5 65 2B 75 8B E9 2A F9 2E C8 83 32 11 38 9E 62 D2 61 91 73 
+    friendlyName: Invalid cA False Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cA False EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Critical cA False CA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlYmFzaWND
+b25zdHJhaW50cyBDcml0aWNhbCBjQSBGYWxzZSBDQTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMF4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMS4wLAYDVQQDEyVJbnZhbGlkIGNBIEZhbHNlIEVFIENl
+cnRpZmljYXRlIFRlc3QyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+5pPuSskaT7pQvNS0XtLWfsJa8Jtq4V2jt2MY0BMegVCjknFfUEajR7X40eKlCACB
+QD9awY8FrNrkR+k6IHrtNsn7YhwyO7gxC+8loRip9NEnrKweYDB1MiYGEhmep3wu
+IXUrFdNVIXbazuQDQzTNVRnJGGSKxP8SlxIrLg6C7gxmYpr61WlajauE87FtalMe
+lAMQp3pJUiwF8Ooy36Ja/38fgyVhEX/0Qw+OcMfAg4Oe8xVhLaffWF8ZBpji/z45
+NqiNJ/ZJ+IqwfcAp+8vhcM26GBX4l0c7CBXfjSCi2NvUdsHjv2XeloDRDdfZfoBx
+lGdkeODccKklxTJE72ylVwIDAQABo2swaTAfBgNVHSMEGDAWgBRw30QvA5kcF3MY
+8jY8FDTQCdHy7TAdBgNVHQ4EFgQUfLh7mOwGIojKj5FQ2sTCLnyBGFIwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsF
+AAOCAQEAYrhQ0Oit0VO721Zoeuz9vRSVb5pEyWOkXstseN4oBBCAwd+L63rzNYGT
+SIzFTMh7ePO160xVWOJnSjbCDhEDdLG48yYI1bIZ5B7mdOaGqfo+kh3+oWXbM8CE
++hQu0PbS2d931zpzKgikars+50o3g8veVaD59Wxft/JGeiIIK1Hld97vjNRnsi2o
+7wqeYVTQHeRT4kksFTPfY0O2DgeGDVvCwIPP11DtSxkgBkonxBqCSUIqngKdDPV9
+nD1PbNFiabVgIB1AWLThO0zAge4ZjiHSzaY6lZwCzqW7KWLgjscmvHDd2Y2DTIR3
+xE8o44JWsXaJAO5uYDD8w0iQQ2Zagw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E5 65 2B 75 8B E9 2A F9 2E C8 83 32 11 38 9E 62 D2 61 91 73 
+    friendlyName: Invalid cA False Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55AFA660EF18FA45
+
+kf6xL6LLcWVhm2YeI9NLp7e/QJi8iblF79iSwggzH3uozQOYuAaeA3tVfIxRHu5o
+CvsnvytZmsF0uaxGhm1mtPerBOQZHtqOXU2J1jKIZguAWW8qNID3CitLVDmibx/J
+jOr8m2gtgGEbJ6Z/Oa35JgNQPU5rbypAQJIrxiW9Uh3CWWVXXNyab1/WtxE2CzF+
+8eegosPhUSyjP1qrGdij+tsmgygQbnp+sShHb+/viY2dpfuzkBX6HzK5YdDpssp7
+hf+5mijMck80JrJIIgdMCCkpv/C/Xjk7bF8apchmUEDCLGva4QKKZ/Qh3+LJD9+m
++BXGab0Hh2PdGkLLZR41Mgjt6CYz+UgoxSlkJNK6TzovmXPlJ29mVBo8+L/ECWW6
+5amVM6ZHax2PLRfskZYl2Dj06aCJcbz+Hgnh4dMoL76KEb4p1rGXkULO/zewM+pr
+4j2zVpOKgJi2iv6QI39MfpIWuxM5MDKqgYsYcdDhuuXn0R+VcGPeQoGPWJ2VCoFr
+8tTL+SFpilNrtLmrlw1x7RmrxKpifWAUUQNHd9D5o5cbpwPwq7GYaIE2AKtrps4r
+NFzq57NZPak1kN4tzFfgiW/etl6A1zCS80Keb7/uZ3W8/rsaT3PwJF4tRxkQgRHe
+9l8Avk6g7Suu+viySRXXyL+bPVt3OonxKdN059sKyqaWl0iTLBk9nK6HX55gG+FI
+lmSf2fHixg7b13ur65SE5ypg/TUmF0kRMGusscwv4EP9JJv8eFcOo5LfzmkMsHhB
+chTZz6EEw8NK1okSSyzYnQF00XrNpeo3bIb1dAg1XeGI97XuJn3c8cc3KdMBKLsG
+OG4Df08YFCVInVkeKyGvQYec5eGKlkByXTpriDiQ4hlMzu6enGzVkRggffSRnX1G
+VK49gPBqIDA3872xizE3CV+h5yGyjaI6c5wokkt0XbCQmpO1ZmocMrvlgrt2SirC
+IOPC9WYkwumsvaS/ne2uPnPkEAdWQWllvHW/u9GFD00wb4aYW54xiXepxYM+ZR8n
+jXUt6X6r3SA0VYPsM0vxVqyPyFGnbkKiG16EK7EqL2HwFCbujIABUSVn3i/tYRSL
+uV6wrkmPN/XtgWXANChCsZ62n6bTKj7Red/W9FZPPWw8RHJrdCBPX6+EjHnGW9To
+J/CpXlkJoqZHXnqbqIvk/HTwQCGFUDRvLwAJamxAnkQbxSoowsKgaaKy3NiMH/AX
+vsKXhL+hwpQuyHNaOt7TxFq3YmbLMjXldl5yhzPJ2HjZNhkm3U7Gr/REq4vZjmEj
+q2o5cQOLhsS39Ao2G4hRdKbIg9N2e+vNzWPlS626m8Zc2vCySdJ/GR6d049nve5o
+cavpyiXav2VF9tZQfGrI/y+SuRYIoQAz/1BmP4RY3zL6b7vCNgTGq93vlR2Db0VT
+H389riCMDpV8M3GDpZBhu7CO4C6KUM2JM93prRN9vHZNZzFcDQIZofRpNlnvzXS/
+Lw73X1WbxLHcI2BoyvOZRfO1bKBbWr73M8ZtEEFuQ/K4umfEnIXh2KjUVEVTb+I8
+KJZqJbulxVkfnRxx9ihb3+TmP/APxJu/0IedxU02CYKD95+13STPQrec097TUz26
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem
deleted file mode 100644
index 8784c21050..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBGDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEyMDAGA1UEAxMpYmFzaWNDb25z
-dHJhaW50cyBOb3QgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALebKuy5EJW95AkM4MZ0p12UxwWQqlclzW+C7Ntov96ejAjA
-ciH9FrTh8IzXl99nnQnHHO8O+pZ1jzh8hQx+kAGx6ENV87E9ByTgcNUwSgHgEHX+
-59fIr8RTbdUtF2T1U8iyFM88FkpI682I0GvNDuej65588/P/OAHTmZbqcWrfAgMB
-AAGjdjB0MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQW
-BBTEleK6dmzd47tLaP1CRfgUVOxbzTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAhjgF
-Diuvic63KpOvuZxczWMf0K//uMCtUxtXXRTI3/Wm4ryKa+yI52FUGhUcNB5wRAES
-R1tJSuphGx6rdcSHZTE95gLo24lnyc+oTZQ3gcK2xouTy3F3CvhmPs9QMMjaqtfn
-NDJKzUyBvAasUQ9SZxk+bifeeSQ/RDzmQxNKHr8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cA False EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNVBAMTKWJhc2ljQ29uc3Ry
-YWludHMgTm90IENyaXRpY2FsIGNBIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFowWTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMS4wLAYDVQQDEyVJbnZhbGlkIGNBIEZhbHNlIEVFIENlcnRpZmlj
-YXRlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5JEpPUEhR94hD
-geH4nu6tuBiM/sUvTffvOfzdSftTXOQ/4pHuZPXKDz7SrM5gAimRZMXlC0ZngP7z
-9Q7StXqOqMvZI75GjHGYr3S3W56vvCxfDh639L/x3UlhfKqEzn3rMLMDC52lJzcH
-npMqMRIYWdedIvqg6OaxMDj30va12wIDAQABo2swaTAfBgNVHSMEGDAWgBTEleK6
-dmzd47tLaP1CRfgUVOxbzTAdBgNVHQ4EFgQUxBUts6LKOH9HITo2TnmeY1hdGNsw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQAnnZ9Y8fdKeA3cdodXsQqz302mCLQLH1jhcE7UnfAYrTdecJ5s
-8xxE7AKdNEG7/KUAoSwKDsGw0HBIQDPD62kblZEWKViT4+e4isf4Dy3G31BRbkiu
-bcJsDKzOOdCeCdXJvGXAJ18su8P+4srOddrQuINqRy2YgDG5Rka2WArY2g==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C4:95:E2:BA:76:6C:DD:E3:BB:4B:68:FD:42:45:F8:14:54:EC:5B:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a4:53:e8:4c:ac:c5:d6:66:9f:c8:a6:4c:ad:d2:6f:2e:31:b6:
-        48:37:6b:9e:e8:76:8a:ff:23:80:3a:49:a2:91:d4:94:0a:bd:
-        9b:2c:0b:cd:c3:9f:e8:a4:7e:b1:ce:37:ea:23:5c:ff:c2:76:
-        6e:c4:84:d3:21:2a:ef:7d:2e:fd:71:54:2d:8a:ef:f5:96:73:
-        f1:7a:c9:1a:7c:77:86:b4:df:0c:47:a3:8b:9b:b1:f7:bc:21:
-        64:6d:19:97:ca:b2:1b:e8:4d:f7:66:c4:78:75:5d:76:b8:7c:
-        5d:88:f4:ae:b8:6c:27:11:c4:96:09:b2:35:fb:6a:da:f8:fe:
-        73:df
------BEGIN X509 CRL-----
-MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNVBAMTKWJhc2ljQ29uc3RyYWludHMg
-Tm90IENyaXRpY2FsIGNBIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTEleK6dmzd47tLaP1CRfgUVOxbzTAKBgNV
-HRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQCkU+hMrMXWZp/Ipkyt0m8uMbZIN2ue
-6HaK/yOAOkmikdSUCr2bLAvNw5/opH6xzjfqI1z/wnZuxITTISrvfS79cVQtiu/1
-lnPxeskafHeGtN8MR6OLm7H3vCFkbRmXyrIb6E33ZsR4dV12uHxdiPSuuGwnEcSW
-CbI1+2ra+P5z3w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem
new file mode 100644
index 0000000000..54a073fb11
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BE F6 72 6E EE 29 F1 27 15 4E CD 61 48 20 85 A7 AA 00 6E 1B 
+    friendlyName: Invalid cA False Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cA False EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical cA False CA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEyMDAGA1UEAxMpYmFzaWND
+b25zdHJhaW50cyBOb3QgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwHhcNMTAwMTAxMDgz
+MDAwWhcNMzAxMjMxMDgzMDAwWjBeMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVz
+dCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlSW52YWxpZCBjQSBGYWxzZSBF
+RSBDZXJ0aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOMqfzk11boRFBbpNA1tq4GZJbk1M45bsflY/IBB0d8KUdhotWgSOm065GL3
+sB10F5JZI/sLVpXuH7R9TABBvnZu8XqX5RKKkNB7zMXlkpr4TFXGZnYgSmX09ta+
+fuZ4TQgj6BdztW1l/634f4exa7qZirzCISqddB99CN318WhQgMqxmounqUfkUD12
+e1UM3TjOPKqI7eYOJIfnfw2Ea6BhT55ncTXp5lcAhAajos+iWYhiqlPWc+cd1c8U
+3VrVi7kuKK6uuVBqA68QTiDnuaPEJsxadp9AuYY5WYGT4HT2HpsXzCd6R2fk94hZ
+iV/C0hSIAq0mVtq9FJF9qh/XwsECAwEAAaNrMGkwHwYDVR0jBBgwFoAUOdCbt08p
+N77TsIp26mqeze9GvlgwHQYDVR0OBBYEFI/4W2j9iCltyb9KCY6b8q11whJ3MA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAG22QQs5JmmHtqLDRPAiJP+IjtpGyiOCH7IhyGLW6MKk88cjH9xe
+M066O9SE3asTYTrhQBirfy+nOxV1Qg+DdSmtA6ibr3USxTkH5xcz3OR+Sd3fkxEI
+qkjK5nYkXWs6B/xbX8A3iUrRmG2Yp/gLI4Fs3ZEobwh93E7wIamQ8PJ1SbnXTTcx
+xBy/IKY/usd7NdwtobmHP6fH2bWM0GyNxmOscLCxAhESLjmuq30srVG/jHs/Q0vL
+Jww3lWZSPbJXcRxKMzlu35IrP92RZWjtByv1Wndugh7q5rjT1ccw0eF95b/U5whx
+X2XPc74bSpqoh8dfNGTWjtq2JeHhGoJd+9k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BE F6 72 6E EE 29 F1 27 15 4E CD 61 48 20 85 A7 AA 00 6E 1B 
+    friendlyName: Invalid cA False Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CF0C33F0D543AF3F
+
+TqNxwYWalKi89i8CJ27L6UcVTOqnEwzxawfBToP2sP2gwAcuYy/XrECuWOyTyeX3
+yJcZdmSSbHdXEyxZPgcRLTB3rzn5fb3tJHy7pU257nJtm7NnyT/4iPUXYe5QRpeZ
+SrIPxY8IXG26zv8hgs4hxwKWUFOzBKJrHLB1Q7MXlTxGYltJahDUmS6nwEcKBRJK
+pxhFQb+804FuNyrhidWfh1ubibvPX9AGX4QgWEcaL42trTbVFjc6VNAN51vE8j4t
+L/bIGdhEUbbE+SHxIBityvyntiiMb1lJyQpsvNr5svsvzXdv9adMFdiBzRxkf9RI
+hJWsPTqQvBN5mtX+aw9Ag4xCYwkE2eb6Vy6pWyow1WsXDaYbH89T7rPZEAl6ZmK4
+FNnycmLQWlmcuKB7Qd3vUIrjiUZ569vuQobdkEq/HjYpgIQVLKFb60tLLrVwraly
+ZEZAHIRf3kxR4P9tlcI3MvTXPSR2FdLCHNvp+JfRcXulFfPLOSJiMQo/t/TJjRVi
+iLv1W+UAp6flSOArCTf/SkEBnF101kf+KMVQoJrhRlEDdWGOCWxchrcni3LRxl+r
+wyZqqZYsA2UKGSB7E9ZWgN1XKxIxIUAh4xBu1amwm8KOfIiNSwarOi4E/73wAiW4
+f4WBzD4nhh1x6JwY9b0Ot+tqgCRL/LYcdCfJwLd+aO3cIiYFyVER2TV387QANCy+
+QgO6CC91I75pdPt0yLuyFQeoEuvzBpsZnC4d7pN6xI/JeUfBhaHzgDWX8ay6iH0G
++mON7WpEXqZXEgJCZovBtPx98gqE6fuBvdN2DpljQnDsVSzxqZ5TpfNE2NNUNFlK
+pXgq3F5MyueCHm3GT/yl5EIxJo0mB47h9rIV8iPIqDOdb5BjlfRqNbQhl9DBWDvq
+dtWNp8PBpVRU51IswMoVRqSMqTlWnZyyX/vjPkbErpei37NGfLeJadqaM970XAid
+IjVzGNEWKVo0Oc6coK2si7GVF1Dq1gTwiAJDdqbjEBlM4YgDOHxuYWg2/0vONZM1
+AuxdJftyJonRctNoc9r+AmEihjPKsbJb5uMBXUKyz7h/m34rU8X0gmRC3LD0IIsO
+IXV7+MSWWPISg+rdmYk1QN+imQuUv9qgxXfwEnHt/ZX3Eki4bed4NYfHZFCk5yMn
+vIM/oCIJStlIIE0aEUG9AJhaYSLFsnKWEjZBT5tQhmewi/I1YJ2NtcBSbELjRa3Y
+QbgICdGWP/FvvtX50oPSApRkfA+6UmxajF7FotYcupF7jD+dYuL19JaDY1D/zBYu
+QzYE4SY14SVyMazzk7meRAGE82C3p5gTx8hIxXq7Em5H9Ls+V/+JgKDv843gsf0W
+qdbk57p39Ib0LP3JROfPibPPTBVOsQ03UjD1a2WUxvWLBgCRC3P3QVbZVkcqztzV
+cLGnxuqAKziFQPcjp2djCy/7SOZ/WSnLh4UPtyryjCtEo37ojtiPeWi9hiHnT3MD
+Q4pYnLafEapb5U5c+4VfnF+6c/gH20jg6so7RpRZj7LYt8rCIeaLrfZFBsiuhAsN
+1t1Auz4G9Q4IG2RMZzl8C8QvkMnXjIc8DSy8mIjEdPj9bmAur5nAXKfJgK9WJc53
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem
deleted file mode 100644
index 357566f6e2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem
+++ /dev/null
@@ -1,140 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test27
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIICzzCCAjigAwIBAgIBBDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDI3MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDBePXreW7TEQz9U98u5IjkoUpf/CRELuDW4EWLSx0ib7kJ
-njp5do8pREmTX9nvLo1/CiJnv0RRNY4hKwqjR3V+j/2+BT7JDu5T8YuM3MmgWlJt
-G46pHVekb8uXAofDTqMlvAtGTQauE9F3JU7oJ1FJebMo9SRHwIBQvvwnLIn2qQID
-AQABo4G6MIG3MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0u5wBMB0GA1Ud
-DgQWBBRA5ST4jwbcfGOGKDw9sAjuw+hKSzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMEwGA1UdHwRFMEMwQaI/pD0wOzELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRAwDgYDVQQDEwdHb29kIENB
-MA0GCSqGSIb3DQEBBQUAA4GBADHmdwVGWHDLCpX0n65DVgDpC2wWpGgu929rlB5w
-nhGi79lgn3z2a5+3UCaXHQY+vMhJgMFVYoOfmUCNd4cnTgHMtr5Ai9tOS934lj0Z
-xL/XOfx1v6ownw2VOZ5LWxMi2YnYTqC8323wPhcHjTecnE9JprakdJa6q54gsbZR
-j1fs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem
new file mode 100644
index 0000000000..ef47e0ac46
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 8C 29 EC 44 7C D6 41 58 5C 23 39 CD A4 39 0F B4 06 89 86 7B 
+    friendlyName: Invalid cRLIssuer Test27 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test27
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID4zCCAsugAwIBAgIBBDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyNzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvJAVQl+mEVV76pxF99Fc9KxIhU
+DuSfs05Fqh87Pl42ZCLpoiPbhudnMaqp2y1ifi3dxPvDIAxH5Tc/N3SoftcSPxdn
+W3DE4tS1A4uymQeWnY1eGHnhz5Y6NsqYCbm/lxCZQLRO/krnm7xrTH57QG54M9E+
+MTMpEidf1718C5K8y/OvGbtv15Edefc+k69SplhiTJc394PYUxt0LI9HzHdOlsXt
+WAQwhjZnt0EXuqn+J6NFum9IM6MYaFsTjZaGHSRroKz+UfAzFGW5tA/6EXLBVGD6
+DPLZta+5Z1LUfveWbBoKkgnH8PUwBtrEDY5SBENtlO9NSVWiXJ3VsrfIPpMCAwEA
+AaOBvzCBvDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWkozAdBgNVHQ4E
+FgQUVSJwCEr2Q8gS6e/AwFKOUnZdz2swDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATBRBgNVHR8ESjBIMEaiRKRCMEAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRAwDgYDVQQDEwdHb29k
+IENBMA0GCSqGSIb3DQEBCwUAA4IBAQBf33KnXHUpBAiIQXAWCZAEbyNYB6Fk/BIa
+zgm21r/1dqB9Wuovu+AiacxaeqOfusdB8HsQHKk8uTxK1LS1Zqmf0Ym37tPd3Qtp
+dK1D+Lnthbw89dBBjr9MTbwZKblrsqArmhulfo2LB+OYLaODU24zy8i+pwUkJuMF
+lApg5z1ksE2+Hhcavz7ZljjSrQTZU4gZ7rq5IleXw6i4a4RqROQdwGXSdAMKO2fr
+14aq/21J3VZ8hqIPy8KLokwwD/7979H0AvKCyWJh6UHGqWiq+2tLOzXTMSVEDztF
+V3lYqmXmnK4YmWwD+L4YO3JI1Har+eC1Xr2WRD/IVhELgJzybsUQ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 29 EC 44 7C D6 41 58 5C 23 39 CD A4 39 0F B4 06 89 86 7B 
+    friendlyName: Invalid cRLIssuer Test27 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE17934CAEAF3C91
+
+ssa3xZ1gRO+SH8hvfDW0uJsR43CM1VKsQCNm9IRuH+qhEgRA1ElYCCvH02lLGTJ5
+MR+sPJFrDM3Wf2Ho6g9E1UZ5OfyPmNIk5iHCUvdQbRB0TGRhnTMcG5EbI371DPyv
+tU0DwTqgItTsJyWmw9gLdE400rP5BgYZpmt47/DVKNheXfSeeg647Wt3baSxHxUb
+iy4iOdbYhVnEouT9zJC8Bbp05hhNtQaOBpF3MyUUi1OHtp31Ep+3YWKFz/3ghiB6
+r8Fgy8CZ9wfXQDnjPB0FRnBlz14lcbyxM2et8fdqFFnyIoQ1tU8wJbVB6QTursSZ
+FSVX8Nm3T9xqHiv5yzpoM4Jxrqmq+jzFeaNX1NekLhREybhBHZweW5tWrjcsshAx
+uWa8AaL2X4Fpq1XdnNHfTBIn1jDfAa2dwyB56gXXgm1GHGRaakvxkP3nLfeHtj8e
+DFEZN1gc+T0djaxaoO/b+J9cnML4mqY+faWHkJTCh+mbtTHwLcil63HIWSvohtWM
+xMhcJkLhNVo+8kjlu6+BzYG6Uf9tX/W4nBT77qrTBjUyYeVF6r0OlyQzA4kf1O9T
+eUQmrQ10mcMrc5rVrDXRlBeivio+uuc5LvdgG8rV5XzlEFf0OXPbDMh5/1UHXrkM
+lT8egxMrAtC0yx/3zTPBTLd8681OAZiqX6WUHWk0e9BxnQmYW1DayQWJnMODmyPn
+m2cMtLn47/MFOPIMQSzMfdT463wjPTRybhJR5eLKXXJWTxlPktqEoG5ZFz/9KtfH
+HH7maYTHiRv5TgvU4vH4x5y7IXjt7m1KB1EUympq5MYmQ5/9j5npPKfxeToZQxJk
+50fwcss7zQW2fbDrudy1Rl35dVgr91A04DHHhzuPnxbHgBsJtPOF5NuvQByTDvf8
+yhleM9HNchEPW3Ohu5aVL8oFRyFfFGntAVtSiGFUHM+JqXwpT0dp7AIx3pwfVnAy
+eDY6b44cuq51f+26fw593uxKNcwvPkQVl6xMDThGuF9j/lrAj0vySxof67uybDgK
+wP36pId5bfSLApDFj7Kk7hHhAA4hM2MOmw1nsf9vf+rpXuyyuMPZpqQXmRdaqz4d
+pw9S2neKBl2MtWNIL/YJqMkFdTj0DxE7hhOLGGbJ7pMUyVH7YC7ZYN3ztlJNLekH
+/3lfG/hFLsqTRI79Rl8wneNDfncdPkhT8LJxz7qF3VJsE1iwGdPuK9DJeT24brqx
+N6qubGkzIWIyGEDfrNR4fi+TRfzabnVixL9tREyTbGmL17RWDePhzNwSu7SZMVSP
+bqRctEsUpgJxKWNR4Tr3Sx0B8ZLogoMmQeOgf9zLh3l4UFLlituCc/1QTS8GcpPt
+6l1akizdOBEAyW66QReVPwj9HIaUiN8Fs33nEbA8dMRuWuhMxz4Ly20LJYUeDQLV
+wZpL0WCO9WMmee3P2a4gMPT4QkHFFJPzn6fnQ1M1cLA+BgFNAE3YrcWDLM/c+LC3
+1B9uQZS8cY8OhLTk8mZaAN2PYvSR3Zur9MlXMEA0YQ4e+nh9WI8WL46BMGpoq6BD
+mZ1mRLC64lIb9mxh96r7dTlexKoIh9rej80/eoXObqf1mpe0eSkGzUOP6dP8b8qf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem
deleted file mode 100644
index a370fa86a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test31
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUzCCArygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDMxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDF62+bmWqsIJDuZD87vUAXArOAHy8ctB87FGlfVI/UMp3x
-SJEM7Bb7cFD9DtWIsr+NcvEGIJIHqxSS+uqbSTkhLRkkQ6V3vZBWw9iK4YCixNHV
-4ngJovgzMWKjjTHBN0+8wtZz2gccx4lD4l8gvC41scMQ7qyQqIX0ByUafTEMAQID
-AQABo4IBPTCCATkwHwYDVR0jBBgwFoAUwhs+qhpOwTOKGqpZSQOxZqIc8H0wHQYD
-VR0OBBYEFDRJXOe+nS5RsQPtEvFYSSZSIXVPMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgc0GA1UdHwSBxTCBwjCBv6B0oHKkcDBuMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBpbmRp
-cmVjdENSTCBDQTaiR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqGSIb3DQEB
-BQUAA4GBAIPT9aAYLcz53VCc4i5LC7bw2UhSE06ovDozPQVlLW7ykaoApryS0aRb
-jRDf/csLFBaDbcmymFBGlYDsnDMv1+R2Azj5eUy4ssEpCYDsKyJnNvY1AD1aldyn
-hwyrIcLgWdU0rmHIT9m+/yLKdk31P8B3WKl6nNEtJVe1hlyeR8Fs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem
new file mode 100644
index 0000000000..90560091ca
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 04 69 7A C0 F8 D1 7E 3D 6C D4 CC E2 AB EC D3 47 99 21 7F 3A 
+    friendlyName: Invalid cRLIssuer Test31 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test31
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEbDCCA1SgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOdZlYRiJUYOp5WYFV1jVCmoQisZ
+Wrsuz0ZIazNWxlXfUx6xCMZrSVa4uixQ8dwvvqUbQ6/H3DLXdhp9R6br11Fw9Hcb
+E7cCYSJ6/NuP1koE0eBHooh78n5thPOzOJks0DfVYPwoXM63B+z1MN+w0juSdNYH
+5ck2QeCO6FU0xlk2UnkmuWhoIvA2UFFx9LQgv4nX0WfmHg/k5e6dSU/O1hcjxT/r
+ivNnvBNLKjRhLrEOb57Fv47C0rs2nOruQSK95oxuBRgGaSSDdrT9TTFSgHQ3POUD
+pqm5vhrBzBPwBsoWZYMHaYz/HnQlBhIWgBDP47Vq7OrXx38n56Q0tcbaYqECAwEA
+AaOCAUcwggFDMB8GA1UdIwQYMBaAFB/JII0Lo2wtd08T3kL0C7beKnYxMB0GA1Ud
+DgQWBBSRqu0FdQ+STZMQVrOX23I4Bqkh5jAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHXBgNVHR8Egc8wgcwwgcmgeaB3pHUwczELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBp
+bmRpcmVjdENSTCBDQTaiTKRKMEgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwDQYJ
+KoZIhvcNAQELBQADggEBALJdyQ0VWtdTlrYjwxr1svYyFO4orqmxszn+1Bjhbqy2
+9jTBWUv5Cf/+wnRjFsS74OuLxS+CXkR5LJ5K9Wzk0oVBIS32QqSVZf4RkP935p5r
+D4QpQVnKqdzoqGJ+qfWkayXjNW3kxaXc33v12Z3JeAnh5kpZv7CmBe1FDpoAVu72
+wGbbZ4joNc5QV0qTTw0jHL/mH2iaaPiJClmC0l5zB9w/t3OXCWOyr4fBmnUag2vu
+ROYeTpfBXPBLJqxtDoAnkr2fqeNiyxJ+ORGC0sbbI2cIbs7TWomS5l6VnJCv0R+X
+TpqqCqwccXjJmR/qhF3iJkn9bxrDgrixX6H3FcXcIiM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 69 7A C0 F8 D1 7E 3D 6C D4 CC E2 AB EC D3 47 99 21 7F 3A 
+    friendlyName: Invalid cRLIssuer Test31 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8DF42EF54A7ED06E
+
+4nKZD/ybq6VJE6lI6y1Xk4SDZ7OPMhDEsnLnYqu+/V03g8ItSWKWwZG/wQ02LlSt
+NXGLPbx2hURYayjCjGKMgHPTfImuKUcurL7qKaftZ1D8YoroyybQ6SMLmmdanBAX
+y1SDOyMud73jgrfDj80Dej2eX8CL3ip5myGmFr3HJ4riysWLOaS9lttcXgXXs2kl
+LTC5HUKLtr9wPjbgC9PD25Rx1gG00XnSUWthYn8ATVVrRhf41VbIDM9ZGISBa2j1
+ibfIZ3Bl/AerrTRknDJe/tHILGX6Q8Zy0Umep6K5ByM9O1rsjuTbcCNxXiO+bGYk
+tehb+1e+i/dkv92NZ7xC2NCAI+bSqwi0vvKL1E9Vlrp8ix1oBAIy2bY7qYETRFY/
+qNKqa7oyo9f4ThTDo94Cfk8wp36/PMyqQD4addS1yYTQFbTAPqtM7NApL23O9Q6q
+a9kSE+yereIu3ztAAqKwaEGBZPqrLS1ldXt9xBtxUr7F1KoytENESylVo8ULVSfc
+/ew5/2toQGVB0YkJfzPKL+ZCqGnaelwh/m+V3D7o+RJlZhfd8cTMAEP0MI8xO78R
+VeG7nowYvLSd+fbG+ehyALH3JRPdLrjnyjlta3ALa1bfNh08U9ZCswdh8+mAca5x
+p4VQwgAtDo1Iu8lYpmJa1oYMdJhRsE+x6KwI1/ZL8tE3h2q3YDEZrieHu5FniIod
++0gz6EGUNYiSel4gxNEvcDs14itsy9AM97fEDWR3U3M7u9y/hS5/htICWsyOXtGD
+SPqwWtD4nlsmWkd1TM9eUyKI1PmrRPQXkEb2i1G5gAFXn1JXV2ju2CCvqoLaLBHE
+UJgTujUAx6A851T3/K1WtJT4/eVvlC2P3KlkYAaKysEHzvHVzPmR/JeutgNdtlk0
+pwMO4ITTCdjWkjbAaIImlpbrDGTROcjaf/CllSfcTXPQwV5V4rotW2UYOwGEgidS
+x2+17lQkVnJRQlhVMY3iwNK+mg3VD6hrV9ACWZ4uf8o0Y33UcAea35qeXj+JktUz
+ZcQwO3N2ZRRK90vipd7SlL11oGgPeHS6YHCPDI4nzy6JX9WyK5WLxcbMw2m5rx25
+pDw7ZH8As6IDcQVX3w/SlMXjJsSL4mX+nqKTo9sGzOButih0ZzLbvK6Ty0ZllPSG
+IGbllNI/JZmNbu1ozkKYn/1X2H1/8+igfXYaMlJsR/QRcLseGbHWUOuCS/VvnnUa
+HnUtWpQN1nDzv/6zGhCEe0aLM3OeQG6KjmUpyFakF/GVPpuCmkcTsOkL2HOQv+r/
+fvYgpiNCC0/bR1D4m0U9byIIg8qVBEItex7q6eMBgHNYVuOVvzVhK2AWcvuM6n3U
+2hluJHJPRKoODvBqlzlTz7Hh1P6eROWlKRB8sokKWe+pEYQro1oSGpOCOpWbe2Y/
+oYADEZ+CgKeCglKAtXeDBOSrUo/lmvrLFsMI08pdddNHgdFwApNFfy6ZNo51LAA9
+GvjJ5NxEKbbIscGUhEQ/RVTObduQqUpcuYqkcnEqtJAEgZR6qy8bos9cLR5bG5Y0
+oN0RB8NRTPw4l7Bldp1+iDRmlYM2TvKqBwtbV04/TPcrxKAzjIgZmw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem
deleted file mode 100644
index 5dab635a7e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test32
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUzCCArygAwIBAgIBCTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDMyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDGNK1Y+eOYRm50GYuyrg+CaupAyx1885TUh0lz/2sHwXp2
-OmsLIqfukEyyIfBt/gEHZ4e3CvSb8unsTq/Jlt++srjlPkTPaJAJZmVhhLBS33c/
-L4t1J9CE+W5JEzzQjzhhtAgsOxH4gy6PqQ7MQ3LPRSUFqwtFlOjUaVDekanP/wID
-AQABo4IBPTCCATkwHwYDVR0jBBgwFoAUwhs+qhpOwTOKGqpZSQOxZqIc8H0wHQYD
-VR0OBBYEFCFEpTMSRVJmDIG3biuYZ63bFngaMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgc0GA1UdHwSBxTCBwjCBv6B0oHKkcDBuMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBpbmRp
-cmVjdENSTCBDQTaiR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqGSIb3DQEB
-BQUAA4GBAKZ16nizt2hCVkrf+WfJV1t/frRX9W7Oi4whQqH9BEA2nEZ9LVeGnCAZ
-he10WnY1rXA2JHICijj3YDBoAlOMWtp43Qhv32QJ4dFR08kuSWjvCygSokh9uyoX
-Q/zpF1amF1x/Br/uteHCBILXFFGLLsSauW15U4HWUiJQHob56396
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem
new file mode 100644
index 0000000000..913d2a06e6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 83 AF 9B 57 E2 15 82 8D AD 37 03 DC BF 66 47 87 B1 78 53 6F 
+    friendlyName: Invalid cRLIssuer Test32 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test32
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEbDCCA1SgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANR/hypQd5ZfgQVkP+On0t+Rs82X
+m+cbn8RfIKdGJ16TJx+umPn5RbrBegqLCsNMlnuSayqfI8dRDNud1lygtx3o8jVq
+7Hghl+UKnhzgq6kJoQLTcps12ELcEU78o8hkf7p//zpHTu4KgPu8uOlHHeh4poqG
+2HumXXJjVXgl3YTUeufUCIp83N0U+bzZ1hJp/1giElpUO7mzg3Fgqod8pklHsIab
+NwYPMA7nBGpOgd5U2OTJezmxd0s+qIpB8pE2TOHkg0j2K3o28YHHtCdRR+0eR8bv
+e/9c1JguAgwlOxYexaw8ILTF2AIRCdCqKQGzuayx1wkuyMrbTbZRhIQrSdkCAwEA
+AaOCAUcwggFDMB8GA1UdIwQYMBaAFB/JII0Lo2wtd08T3kL0C7beKnYxMB0GA1Ud
+DgQWBBTzLCUxrEFAGDyfXPzyKzqsnz+oMTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHXBgNVHR8Egc8wgcwwgcmgeaB3pHUwczELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBp
+bmRpcmVjdENSTCBDQTaiTKRKMEgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwDQYJ
+KoZIhvcNAQELBQADggEBAH6YyaHCZXx+PWVzfSNQJClpQbMWgdnFe6430QrRzXXq
+djUbh94OnKIJsv8Q4IjN2dgcClEm/UMyPmE5BYNhrUwtTJ1qkaVJPXWDhUHACKiM
+fpyvFedpP744+uyE5hjGe/d6Yy67XIJ31Utj37u9dqA1u51nN+lsy4UN8a8OVeqO
+Coe7QZjlVLn3VVr981YvW/3zbk+RE1AZlOtZ6UhRfUaYSJpKjBf4PO1NzGVEWSgQ
+2I97mAcgjwgt/xY4ydOUqPvExGvsbG3fC0tBmzbqPuV4ISoZ64bWW2sEX8Wuz1aw
+yTzhyxQSkCTUNlGS7DRkguwFpjMGUr8D4i6QOdkAnCY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 83 AF 9B 57 E2 15 82 8D AD 37 03 DC BF 66 47 87 B1 78 53 6F 
+    friendlyName: Invalid cRLIssuer Test32 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B98AA6601A7ABDD2
+
+MrLMqzxICNQXMq2sBzGu6gIhOpr0VCPS50gHE8ZaiQo1Fo5cburZWUG3xwtivTxK
+spxUCoomPrP3vgyK/xZLuIVxsblHuRn3UnlgESB5fNoTbpkhA2ayz892tC9e5vw2
+wnQOW876vd4XT3vB6U9zH7QXGh5IJP5ynbtvHu0j9hQZbYuUBXBCXt9WWzAEpSEp
+udL3BLUJ8LsMkCExS7rRwKd6DauL1Wl3/PZx7wMiAX1xgoAatQJt2R8fC5cK50Pk
+rUpGXASy7tAYvkKgXDtoSePpZPeQG1JBH/Atr6MNuIBNvCR/FCWTb/RHcZONi1k2
+TaQ2lHwK69hV+irlsmnU0x0GXwlSW16PRcwp5I5OBqJDGUdKVBhcb8+oqu2ihNaj
+mPx9fY+BS89RdMwHWZPopgxzvsOfOO1yXK6Iv5jA5GZGoko5BswKjfC8AdZcNvay
+IjQ/tOhQIfxZUjYAuKvItR5lUEy189nMJBApQ5a9H6c6gdnBk6qvlKVJuzwW0B5X
+2WcQuf9aFL5H1vugKCQZYOQYVN3sm8/t0zTjs3eKQTU/opIVoz7QialxljJUa5Pg
+loNFztRsvkB2SjowGy4tkKWhiIWqGCl628RQHrZdDrye2S/+OgfiOsBZKm9K4wAX
+aMH7lIxlnsgZTW6VCN2FP53TRV2CA4eNqXec8Pu0WXyXkglN+VNZ5r2wL25mdwDq
+eRRM2nKzypS2tT3FpxbU+orZtfVQV4nEhMPCs4rYsq+R2+OITr+2DGcTLGnsMyBj
+K8+lQ4PVaWJuzank5TSjK9wZtlOtyp9ewZ/TZ8evyQ8SvKm908CiTtSBGUfUfeRt
+SS2Nh2UlsSIQ6FT59vjf6/N+mZevXoWLSaLyVZLVANLKSQ5VkAPtrVJaM9c5Bij/
+axO7+gPMuCI4Ee6OJsKEfc+VglKnyA4rdr3RRmXQjjuWItrsxrt++VRoOuoMGTrJ
+tnymW8vAykeXQYUEsfNbeXqsC4NdKG7EBuSkEKpV8x03PIyqpyQoNUT3W6QeiPHs
+FtRiRcTlfP9T9f+8vZnsCMn3m2tciAvZCBzodCZLWuAtxfFm45evG8NzwnVPSmQb
+aBrdW3l/QOwPmdQMv81sd1fkn4Cc39ZN1+49KSiJlX70BgnDCBRxRNPGCBiyg4Cn
+bLZhUZW+ctPMkj5wEXxcveairewFJqvpc6rRTg5MG4Yo5sfKj0F4xwWYY+I0BzKW
+4gCXSXiPnmPR8Vnw0mKOxUyBCFW7/kx0K6h+PyqUQO3yNAZqs3lr/qRCnVqs9PHf
+cXTqfqKjavbLKTejYgdSnzJlYRShFjE2E4YB+0c9OkJbV0epua/N9wrFxj3ineXv
+wYQclFFY9ZWXpdh+8Z9Mh0EJk8z3UC8wV6/+nh77cHGOY8NnTyxCMIHyVtoQe73h
+ang99VGp0KwC7AHReWWorS/m1jldGKtXnFgs+ImuLa8cVAr3g6hYpOI4+gyDgvbs
+jvkaw/sWFznat664Ztvi/08s6SfS4CpqqLrQiHh+NExso8mmt+N1mKNuSBfFlQiX
+Pjm7yMZEc/Oy6cOvjWt9qU9z3JyTwS341E/jojBMX4VO417KLib65A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem
deleted file mode 100644
index 2e62d70320..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem
+++ /dev/null
@@ -1,205 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test34
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA5
------BEGIN CERTIFICATE-----
-MIIC/DCCAmWgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDM0MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCSaPRkABN56ESU2SA5P4mVXVChuwxsllnznUrRrpaH+L60
-m9Sa11iyGiUqTcGPQbEsPUN8zQQmsjnGSpIMtMRrnkaOTaUmzszVKp9xOuZ5vgSd
-8KeQJjqISqeeJL/oSynuMBOfir1TH2HToo+HetNsfXhumdPDKUojywjZcp1N7wID
-AQABo4HnMIHkMB8GA1UdIwQYMBaAFJStEtHhDn7DuzdLQT1tWYA/RFdtMB0GA1Ud
-DgQWBBQ4QCS2SjHLQtR3kH7i8O8sleHk8DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMHkGA1UdHwRyMHAwbqBsoGqkaDBmMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGly
-ZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwgQ0E1MA0G
-CSqGSIb3DQEBBQUAA4GBAAppj9RM8AKRmrj/d56ZzOcNlN79bi39iFp7ZuxrkdL7
-ZcnUm4A5y0u2ZoywD1LTUUYh+egAhtpccsYYjmMVQVbEtgwVKorXOwcm6iNmENQ6
-lsZPlEkEXBLlfZLuhPr4Ju+QjaMo7SLAiXOG9lwry8ZFcfAGLIfpLlQyGZ2cnahX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem
new file mode 100644
index 0000000000..c59c3f3943
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 89 5F 98 0C B1 66 E7 9E 21 5E 85 65 34 D3 11 DC D3 14 31 8E 
+    friendlyName: Invalid cRLIssuer Test34 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test34
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+-----BEGIN CERTIFICATE-----
+MIIEEDCCAvigAwIBAgIBCzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzNDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZM/UiUPAWzidGDMrvQQbEw5ccN
+ZDki0OBiRr2Tu3rM4VqPd/QD7mFrjNMrncCBdxjE1Qsz3ZEJ89HXf+G6M8uYosh2
+spbvAtn79j73GDlVAhhZwFSx9zgd4pgpsFmufyFdHQrh7UldgyJ6pmEbtxbWcee7
+ZqkSPY5rtvNEDRcF16sUjkXGdfQK+5my17lltU8uZJtmZ/5xY61HpfvI0Owjy6Ay
+tHCf9/Kf2WXHFT4ezwIQW1eTA3cNtQFHOIBuQu0C1EtiZFJBHthJyG4u7plg9FOr
+V7b8rtv9hIerEX6FGJ+/Jw8H+gPInhaFxdzOtkCV3LBiwgM4XhStsTegLGUCAwEA
+AaOB7DCB6TAfBgNVHSMEGDAWgBSB96q9SHVZgLDP3yMYndiTRoIWszAdBgNVHQ4E
+FgQUiiMx2fHS3UBFAJNBSQUGJhyCgP4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATB+BgNVHR8EdzB1MHOgcaBvpG0wazELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsTD2lu
+ZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwgQ0E1
+MA0GCSqGSIb3DQEBCwUAA4IBAQBtVJxXc5x2a9fH2xCyJz8Rb2A/vJhatQ5J13Tr
+yPCuFcFfadOtMHGAZJL4A0bHxyiML5zhaNeXn7vk22RQxzLa/lSsJB9dRoSR3R9/
+XCK+f0babRaz5MxjGg6Xak+L2ZAYqhyHDeE+P13Hq64QZFsz8wuhX3dK6fd8pEOg
+3BtLHFjgOnrYZ3q93i7f6ehf3skfkEANC1rIiVwuTQdMutnVQzdw8tKw9pQHWgLZ
+f7r8zNr5YZV2RcPlK8alAfcGANKikTi6l+9SpOIpUDx/ebOjEekNA2tA1SPQCvqU
+J2nP9ZZ3l8MFwJHA56doOY+wy0Ee6AJZvYMjjx9RMAGXPyVX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 89 5F 98 0C B1 66 E7 9E 21 5E 85 65 34 D3 11 DC D3 14 31 8E 
+    friendlyName: Invalid cRLIssuer Test34 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55A1A3201C7E23DA
+
+OAZ2ghpfbykGcuAG0gn6n5Jr84azhS9N/KWE1AsXazS1Za6WsDRP5c5fdKf/7Q2C
+7f/G60/zxazydN5IjhGnowKjkam9qQIoe5fpOYwBQ/cS2BOYiUUvnqgf7x2MMpKF
+lLdpSMR+/UgfQV61e26IqsYCv6Fxqsy2Mrido569V1UFR1HS5UoV3hU64d9DIx60
+hItCW+bk0SeHsj3V9DqyWW22jNJ5udGFEjEzUXyla9xr1NUt69uPvyFpyrajLNSD
+6VzDZOTGTQ55QAAYMDO3G4sSZI3SUAueOZdW4IFa8p4PdJaNaIIXmHu94WKGJwAp
+PMhHsY5V43VO9eHDwbDHpw3qQ7t/fpg3wy7M2GDSaCreilnojgss/Y02s6+lU8mH
+Hsn+2NcAwqrtdLkuCmLx4AtAWdsO+rqtMVHDwFaHrlaOezBlYTvycCQhpu3NAAkR
+zWVXLqageP2oBRCdjLshUE5XH5AqDjws+YANM3LUyEFojGeA14nJsCmGFKoUdSCh
+rorhOm5DxtA/0ETzBhkr64iE9RGMIg9lYl3WVZ+IewFoOhcO0jPnv/wRnQFpvNxV
+pXamOAnfdJzaBDhobizVK2XnSkI1gV4CVeBkf2PxjcsQwC/qfxPW+4L6wa/ISiTF
+9/7QnEF9ejY9JSbv0wKCZsCw64CPatVmgDN3HYc166VEQG9uKM4nhJzbrf3qFHu9
+3AWdObVlIBTBRanwW0/iRLlGZJTsyJ57bQgHU3dxWwafWtycgLfvDXe6+zV2FH9e
+inZwNUB+gQtNC07V0YmozwDO6XM9Mm7eul46suit8NFC7RTeEezzHDB8Wvprf9Bp
+lR7UVCyS2NrEWxpjEgSCv+kNKMqQLzZGnBt7+KPbWMR12EzHgvxuyaglK9CqjW+8
+r8GSwbWBpCfRr7QxR26zyF9eaS92E2io/WKHOD+bidzl8eesCohHxCqFqYvm97sy
+e2zqUPJHU8lUVjr9W7IdUDwTdQfV9+F+y+otPsahu9DhxGqTp7COjeluxb1Ef6AW
+3rBhLxyWk7tGtzaBkQlJoQbQc2/JxVz/M2CEGqJ1PEcodulYRTr6Pp2IB5triivQ
+1GCUjOL0mlSJqBcexvx8/P7u0czhfefZW4MT/iMV9J7Dt1L9N/nTqpm+yYghYr4+
+/l7YhXZ1Gv39FTlh+FTmhNyZRPSt3mY2fnHF3vzLukV76r1Zw+sN/xtTYyJw4tIQ
+NC12TofcaZ69cQGj3qDQv8EajEfAhUcX2vEb7x15sYg+LjKjcfe1dpMgWx9U++Ie
+MlACrfZKc/QtIhPgG+alrR/tbmuUBU9+RyEM46IyWf3i0FU+6BMDjJk0kNWGLnYq
+XGZrQriPoqNvH3cG4qeC/1lFblEuseoMCZyEurGYRR48actk0fV6wahKDGE1whq8
+JVreifyiAtPjelNsMdjd8KBqFIWQ2zL3exyW3JkmoyxTl/ykHTFtPhFDZ9X7fqv+
+lvtUwpsH6s1I5jh8q8Se04Zv9d1RlCuZpax8e9q3ImP8c06/097BEAS8N74cnW7E
+pW6Nft+fN2jY1Rcvi8/34OFpO9P7ZSXp9BhJgehMosDXPKEvTdTm0e0oK/g4ozRZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem
deleted file mode 100644
index 814ed525f6..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem
+++ /dev/null
@@ -1,207 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test35
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA5
------BEGIN CERTIFICATE-----
-MIIDSzCCArSgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDM1MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDcad27MapNxZI8cHsmcsbc69H6JrfyxEdrb8jo4H7kREvw
-Ysye/I+06+hyhrY2ziYjoPjk5qwOT6MZoD6a8nysxt+wJwTtwWP7qrrHUrTTM4wZ
-825zHunib1GDGS6NDkRGi3ZZyHgwYGJIpNFvpZ2tYbnQ1YCd+82ApJ/pVK7luwID
-AQABo4IBNTCCATEwHwYDVR0jBBgwFoAUlK0S0eEOfsO7N0tBPW1ZgD9EV20wHQYD
-VR0OBBYEFHF/hceoUsXQv3cfdoCyVLgI9NqMMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgcUGA1UdHwSBvTCBujCBt6BsoGqkaDBmMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwg
-Q0E1okekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNjANBgkqhkiG9w0BAQUFAAOBgQAH
-2pRXjertT5rd9nPU9I5ZthZL8EBhTAfMObbfi8/CYJ+Cftct++cBQATBDBr6ho3Z
-TNjd6Qkd1wPPR2EgMk1HWJ6QS4/eQooeTsqstbgz6n/KcMB/+gQeYZbEyFoVu5e6
-C13SPmHSsdy1dtEVVELLreIOhfgSjoMBBQYMCJwffw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem
new file mode 100644
index 0000000000..4df5ca0eff
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 27 B3 78 2D BE B8 62 40 21 6A 96 79 23 0F 12 D1 10 89 05 8F 
+    friendlyName: Invalid cRLIssuer Test35 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test35
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgIBDDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzNTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEZ3vjFkn5G0Phb9GsSjLsBjr69
+XZacj4oUQYXZE6KTPrGTuLxdS2p9kfr63rMkSLoKY+XcbcHDuc3MC9a8JUxCLLts
+TCi1XmiuiEy+/cTS8k0rQf/A/9uKZvqdp6AoVQmtIxWFbKV3SiOz9nz7d5tva6zV
+oxcpy6tNNuCB9On/t6teb548WBpMM2S28uzLLvTYKfB0J7QHCRf/kUhnWJX+ZkIG
+hq8b1UMZPSFNmm9pw7tYPNcra2u9MkP7FxnoBM7W0rQAEMZaKwhKQv8aE23pJyVD
+df59MBeqMEk7Jmejf4FQ+EiyF9EFdFnGc3VARqPYxk7RQzG4aXJxodf361sCAwEA
+AaOCAT8wggE7MB8GA1UdIwQYMBaAFIH3qr1IdVmAsM/fIxid2JNGghazMB0GA1Ud
+DgQWBBQ0OaRqmcOBlY37EyGFHakWthy79zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHPBgNVHR8EgccwgcQwgcGgcaBvpG0wazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RD
+UkwgQ0E1okykSjBIMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MA0GCSqGSIb3DQEB
+CwUAA4IBAQBL5cTjpHCWMwkWTeogYVLdVYyuUsPNyTJrGmx3Z9j0zBz4iEJoNJ92
+85zcB2deTuHIlFT+U3UZEk6ifJ8zUOE9TBC8Oyjl84EDOguoPgK0oQ3Jj/6b55Hl
+OS8A9CrB57Tn4slKocrF00uFdCiqmEjU1v+sbu6ABVBvAVd50qO2Tvy7kYu7H/eO
+M3hQPS5fo76cYJTtsn3ASFjtHZ2Zy06LRuE8YA4/h8h7Lvf26MfHeSJilhdibbmK
+C6qzmPhSKJTX4aFwhy4p/y5vNeSWy11eEjuCK8Szqhg/wfo+b5gtSlbUQLhXJAqQ
+24n2R4wWJ4Qic9ILAGdWLSa0uKAh3Vam
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 B3 78 2D BE B8 62 40 21 6A 96 79 23 0F 12 D1 10 89 05 8F 
+    friendlyName: Invalid cRLIssuer Test35 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DDC5EBDD1E2194D9
+
+Eo+ohoIFCoEj7N81YA/LxKJRjP9pBtRPlbBr4NBi5s/aUb/xB9zcacJHmnKxhoda
+bJQsd18mTuoGW9LZaIEjt9bYyLXIK/4xfep8Cysn23AQJXzkLpY3x5g2aOVnX0B9
+Ou9LUtZvQWQdZlfceA9LeDZPYsAaf+UGw1H36KVIwPyChZ/G68MKnNUPkbNNM2y2
+ndft9/HmIYB5/KzXdx5BnHkvXG2eU/bVuzUSzfdtHra8IJEHcY0Ox6dymoVW+sSG
+6H5t2kUIp/z9z7gAv9JH4L0asVs2HYb5puWP7Lt/4iKuOTF839YeJ/7h2DkGv5Vv
+mGfJIyqUHZzpi+SIVj7X88Ab8DPs1j/7OHAWp7BYFdE1Owa7X5gtBW1sHJmPbTfq
+3moN3miZoti9hFj13N+S/+BR5GpRHott3QO/Y5SUq5CKfAZsFS8SPSBNDn7tZ7gF
+atS1dHQfWXG53L5qN0JUWMuNCae1IrWGF0ChbwWG3GkRnckhZWo+5Yi9MxX3NfjC
+EUWn0Csb9BjLap1JSXRzoQIhEYsephk1xlYm4z93Li+6+ixiPldxN4NSp4osdpFc
+JBsewhkYgyiYBhZ4hC/SorLeWNupjfSi7kI7VPgMWA3Xi9qTkLoxjh1kfTKAlf69
+x0HqjdByVof1/n29mke01yyq6Q0XZExDtj82ST7lNK43job76NNYqdH+eEWu31aD
+qUcGT1veiuE4oi5wpiO/RNyPZ9cknXNJUk8zgEEah3BLp137FYJ5LpRc886yXw9z
+TNbNhQMdEQLDmZgJwYYEoDTNB48Iu3cghH1PN9Pmf36RDZPkWvLt8+8UhabgwtIf
+Qlmgm9Ux7GML+E7Ijs3+2XiIXx8VaNHJF969pWOkzJV3v/Y/lpbYnb/cJ149k178
+kfCKZNDLXUm1Nm8I94/X4m75K1bLzUXDbCkMbLnAhsfy9kMHNKKAeVzJ7jcdw4av
+h0RsWUy6c39xtxlm8ZvnDW/3xZ0HXRT00jxmqSb36J1gtSrsK7rcFf5XyCoqjH1n
+uwgXN13VpMelQTg6FV6OsnJZHnHdIEcOQ5+H8VQwizJz/D0C1IgD/YsxMRlZYzPG
+3hwNy2XbCTWh0oK0ddEGeFotuLDKpthaLb0euW4UHv5hPoNoMb7r0lpbt57tzjV9
+qQJXf8unpPNLPtS2lbHKGiy6eAPQiy+LFK6tLT8bWDM9/mcGid+N5jM6WI8yXjNo
+391XgOpIFK385rEslj/yNbn2aRfBjtPJzAe8QSnv2+t6zDUBW1CTSEUvWa5aVkp3
+Gq/1hwGKRE0WUmAEWQYOn8wrhUKnBtWgFvpOWeNcT0wtDxD188W4rLCYJ6WSMAMv
+0Jta6Lirm4DlW3MAMW6ZJ3Tc6NtKGEoZKU91g/DIE2g7rFlESTeSNirLjIYjXnJb
+PlurzxN7Sj9Ssy46V0RLmFJrVQIwnwp3IjLr2NAKMs2pq4onpACGUagmDU3H4cr4
+2AOUT/aR+IEHREeO+6r33vzcvFq7zp78rcubRk2/ftw14IZmyO9HFwUQBHLaFS4C
+4JlJtknLnOlPoygMe3gCeQCWfi8r+Q3OimxRwuUiO3y9WOVYVjBTmQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem
deleted file mode 100644
index 3cafe6afb8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBWjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcZGVsdGFDUkxJ
-bmRpY2F0b3IgTm8gQmFzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-oG4BhBi9qCt4Gbrc/LcngtoFA7DzmY22GBOLt1eBY0FyQGpf4K9UJ/LOfsnV+Q1z
-VMrQi85AV2IqI6mgtxHLyw698P62RlAXRHWMHyj7K/bgc9YjZXUrY7Dy/rAbHaww
-JVlnlNsli3eVdnIPzuxxJ4qRhRgxixJng9IvLPDQaSUCAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIvW/54p6SweUNEj
-eV1lB9tgcPTTMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQARpTTRRjgFmYIu
-Mnx53B9cpWlZhaDRm9P+XdLuN3Tc4rdqxW3PccPPBB02TbfuXKXNGOQZpKhhF2BR
-oulfvRUkwEfeB7DHQNuEGVct08IknDXryj2KFLPQgWdprgO0hOgZxF1SPuUOh1q7
-iSvok8TmmeNswbnOq7EszJMT6EmnUA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRLIndicator No Base EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGRlbHRhQ1JMSW5k
-aWNhdG9yIE5vIEJhc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBqMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPzA9
-BgNVBAMTNkludmFsaWQgZGVsdGFDUkxJbmRpY2F0b3IgTm8gQmFzZSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvGpcW2w
-QEDfvwR7XCYsQkH0qjyrTAjaWC37qTDFXdVea7SsRiN2tW0REkGLtoF/BGWwq3/K
-KNS47aRTkHkYyNJIlv+1vRXEYxlHI0k6HGfH+50i/40w6T3EzV7RUhcGUGQzP2bT
-K9Bpc6fHT2sjEgqChhY1By2i/j1sQcIt9TMCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-i9b/ninpLB5Q0SN5XWUH22Bw9NMwHQYDVR0OBBYEFGc/qnf9bJRTuHQc0l5B5FN/
-kKYbMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
-KoZIhvcNAQEFBQADgYEADuC/4FucvKYngf2DKlHL2CRM7Io+GiuRab4hlwCc+ma1
-VPQC6R+vlIABlQvMPmw4WG+SuFUDZNUssb8KPHQZdrvlnFHPjim3wRzYsdvAPIJt
-5zncVjkebsrXuA///nNffcUlemq0f871Une/4Vtxe1VBbGzCZ7s8DxQumEH4B6E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:D6:FF:9E:29:E9:2C:1E:50:D1:23:79:5D:65:07:DB:60:70:F4:D3
-
-            X509v3 CRL Number: 
-                1
-            X509v3 Delta CRL Indicator: critical
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:84:e0:d0:5d:12:bb:90:a4:b0:49:2d:9c:98:2f:c5:8f:39:
-        aa:08:09:8d:4a:14:7f:5b:59:00:a0:4d:f2:b6:47:88:33:fb:
-        a8:51:d9:b1:44:71:66:7d:48:c4:02:fe:ee:fd:2b:ab:80:0d:
-        07:ad:41:d6:51:cb:86:03:c8:8e:99:0a:6e:b3:65:72:65:58:
-        3b:f1:b9:af:cc:75:ab:ac:7c:59:18:32:59:8e:ca:d9:cd:50:
-        f2:f9:03:d6:4e:41:13:5e:62:2a:e2:3a:98:12:d8:ff:08:cb:
-        14:6e:1d:69:4d:d6:19:74:cf:b5:2d:c7:2d:3c:60:a6:30:95:
-        34:4c
------BEGIN X509 CRL-----
-MIIBWDCBwgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGRlbHRhQ1JMSW5kaWNhdG9y
-IE5vIEJhc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgPjA8MB8G
-A1UdIwQYMBaAFIvW/54p6SweUNEjeV1lB9tgcPTTMAoGA1UdFAQDAgEBMA0GA1Ud
-GwEB/wQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAHOE4NBdEruQpLBJLZyYL8WPOaoI
-CY1KFH9bWQCgTfK2R4gz+6hR2bFEcWZ9SMQC/u79K6uADQetQdZRy4YDyI6ZCm6z
-ZXJlWDvxua/MdausfFkYMlmOytnNUPL5A9ZOQRNeYiriOpgS2P8IyxRuHWlN1hl0
-z7Utxy08YKYwlTRM
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem
new file mode 100644
index 0000000000..cf4a0188f3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 14 51 E3 D7 23 38 AF 15 1A E2 D6 76 9A 9B 1A EE 53 65 D3 16 
+    friendlyName: Invalid deltaCRLIndicator No Base Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRLIndicator No Base EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRLIndicator No Base CA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcZGVsdGFD
+UkxJbmRpY2F0b3IgTm8gQmFzZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMT8wPQYDVQQDEzZJbnZhbGlkIGRlbHRhQ1JMSW5kaWNhdG9yIE5vIEJh
+c2UgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCbhw2QqOjic0nMo+o+00dV/CeqcpriB+Ybd37dJoPpNPan0fliKh7L
+gC5qlfRMl1/G4aiY9/rn4c6IZKHKvZvtqxWeWdk9rfkZrzd5jdchg3X9js3W+Pew
+os3xdg0s5C6LAxUpdZKXUfnp+rgXJP+5DBJbp0zT0E+E2+wFCEFmCwvBXsdC4wS5
+V37eh0xM3D+AmmRpmZU1sNwE6CHCXS/FxAT6M0l2uOrrsAasOAlYyKomNrwuI4JX
+F3o2iOP2FmcUdfbipILts/m/i9IXBbD7Y6CHpxaxwO5C5M2QGmbrzpWRwnH2X5si
+lC9xrwWMDkDICl4iWZM0EpD/fvylKDXnAgMBAAGjazBpMB8GA1UdIwQYMBaAFPQ4
+diWrpOMcwMh1jI0Ta2MjtoqBMB0GA1UdDgQWBBReXpncoHSAGA199holyuOyoazn
+5DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
+SIb3DQEBCwUAA4IBAQBJ/eVvOyfvPW6TIbZC836c9ReK6HHWGskd3H5FmhJpOGRD
+yqKrWC44Zg9TaEcnMUZdvGT70DPTKaHVte9hOzQHWlXPDZlpIPQie2luL4i/6hsY
+r4kGcK3jbPw/rexK0R8K6s0ZE+CpP5VQnRbRzCxdQiWny1m/PACa9zhklI/wEovL
+ha+CdOwDNBNDQzA1dsz8IqRAyIRiHJ1W/n71rkK72xCphrl0EcIZRk+aIkDNrO6j
+EHYzDFuGiknsLCZ9nrxUbdx16eeTaqG8wEkiZP/f8hERqB4TqNw+J0d2m4IVdo/B
++ZbHSIBkCA4aE92Z+PM4gibKanjLggGYrkPMshkJ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 14 51 E3 D7 23 38 AF 15 1A E2 D6 76 9A 9B 1A EE 53 65 D3 16 
+    friendlyName: Invalid deltaCRLIndicator No Base Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3AF61BEF1EAC1D72
+
+dWuz0jfIsicCkLiRuz0wUgfo5h7OVwLWI3sJEz8MJV5O9BEiF5t4ixGeIboEHbap
+4IBUKJ6MTWmtY9tmfXvKSWxM+BkyZXeAj0SzqTfNiPPOfG9wJqBgWKjVKQCnN1CV
+jM+A5IXthf/4Frbgbqccrzzd2fLOhJICaVOrcrTh//1ryATG2rUnMYMVbbLlxeHz
+8vWsJQZRNElgPl3BHeBRL6/K4qrP8UWQo/uivNmpVRY1OmzNtpFfOIt2jC5m7Hni
+6iVyta8GNn+633oxjn/Ji19JIX/yTjY7G4MoQY2MnQyML2mS9GUVllIiQqwN6tMn
+4Xk5CbxKKXx3Mqv6WN01o0oObRahhXx3GDHi8i0rWXFi+L6vz2fRPxInX4b0USIS
+oZvBS6JXJnYGctRp8akBajUEd9zb+cdP06J6YHlEV2ZzHVjulYPW10tgyLkJHesF
+n8bbfeUkaokt4yThN8cRiLqwj6r8/sLeo7DEguHkV/S7XKo5G5+AKT8TMg9qjEku
+pRmMnITqgtwQlNm/04g7woWLod7SdmOASsOhi1zko86MOLUKkCUSFa4ABOszpx3y
+oQEbnSHPI9Zaj93XLikF/RwS9pGdj3UHqbcuEvAowWlttt85JmD7VQR6JH7Q3dw5
+ISIdQJZVIVH3/IFCxe0tpw3Otqlee42m+OLq6DQOxrHJDyeHds0PTz9revgV2YTv
+4TGgxZSJMf+eRjNhxXwEB2+a3op/jWLv/kcV7ZN5tO8YbiaU/4v2DzLZu/rqRFz5
+HiMSVUc6wRVUm+EFasFBut/Hria/SDta4ayL+OUDXJ0G3NewngH7OG8H65v2jKbQ
+3hm3iaQgnm4YMwcRyOiF4qt6wPaR+uZXJcaflPfvR/nBnoN6L93dy4hpRuI0KIDW
+Wq7/KpVnBqEVJST2sOq1wGskbSvr2ozse02lObk0xAtlBLDFCkaRZDPZnG0tJ0F/
+j5dLAYe9e0j8SBkmY7AnxQyC82u4silVdMYk4tF9uuc2SuOswD0BFcy6+pwvJ9US
+gP5LRnVR0cCm9sdmitmulkMME6RzRXeXtLrfcv+XWOgT9anL/on/qOJ2JfWkTWhj
+z0wgwe3iIPvLYixOj25V2IPH4jz00ma9aLS8byebwWBLUZ8nN+oib7wQL/I6iOD5
+ARMcTb7SsJyiz5wWtJOkCRSnZrm6IsdRc2apuKIdjCivN+sIZiSIpqg4xfgB3bl5
+X/w9DtXHc/gWDOopWvDTC5BCjF00pZhvBclypVu9xsnjqcrW2IVBrz21Rb7RY2UW
+y78+DzkrE2FhrpgIgCltOe+J38gF7ywC+LEjL0BzDwFtF+wHthH9nPiaq3qrhrfe
+X2ynSuD8Y1D+2ygbO6gLZZvZBe8kY09h2F1qpcnezXwWYxnHThGsllzo8sh+yFTY
+xL0eU7ID/H7oVJaRrF3n6Y2r6OCu9lbjmrvJsvJ5T/RoY4IkxOFQ8gh0mxrHH5Fq
+kavoB/OjUGTgVTyjDslAKnbdUXI88SwyjOczbiX919PISbrnGsvsdU8O4eTbfK2K
+PfNniDgCGDc/aWRyfs/a+RjKG4lUmd7gGIjriXg+etZbbNG8/xbDzg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem
deleted file mode 100644
index 4ca36378b2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem
+++ /dev/null
@@ -1,150 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyjb9j3IekGOkHy1SMKbO2
-cxwOgq+Yl8JiAoQJk+wbolHouwKi3RFA75+gpgOiN0SeLz08puksttu+6NNeBmlI
-VBHm6vN402CMD2mE5JN9ze88PmgzLW/NusnlGNUoYksZn6JLwIyAMqCq9ftTWh/d
-Dy0s9MipYeAfErZCKqRoewIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQU4hgGT7/eQNb/M10iVoncEPfOcL0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJ3F2hdP5d9HdGajPqfdokQc5GBFeZOqwu0M
-3NB8RwFrC1PmrnRvCZETjCk9bMAlDIYde7XTym3nNwdl2xrMWn6xBBnBtVBU1uAo
-96PxqkGgbm/uFUgMLUlww+CwMtAWfpZylChZNNxZSK40iS4jOlN5JajF1iLB+CTG
-rC1IKMyc
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA3
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMmSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAPg+ULgLYvxSkvSwcxwt2gPwS+Snwayze8EhWojhINAcpYlb8sPh
-4OaEgcnDvdOrOUGPIB2D/KOYrKEAqlRmM5zx12ZvpLevcV81RvNfe4FTRCqAqwhK
-Vs+5ktfrGpJxjBVWC0Lds9VitDFQpVoA8ksVekcaTe2bHsI0Ovr0DJiXAgMBAAGj
-ggEXMIIBEzAfBgNVHSMEGDAWgBTiGAZPv95A1v8zXSJWidwQ985wvTAdBgNVHQ4E
-FgQU10CyKhocLN3j/y/kw/ue6MjvEF8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNS
-TCBDQTMwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQK
-ExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0EzMA0GCSqG
-SIb3DQEBBQUAA4GBAAUoNQS5AyzkN32ziPcC+VbKBJACILROlR93/RKUabl710wa
-BNk1iOD+MQ9iUwOLXI/bAo5bqQP43gvVFETGio6KpzbsDfofpXMbliYNRyX6NYqy
-38eEMeX/Tu2GvtAwIWPlW2rdCrAl0KS57hwRtpXvyikNxUHoYGmtREmOdFN+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA3
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E2:18:06:4F:BF:DE:40:D6:FF:33:5D:22:56:89:DC:10:F7:CE:70:BD
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                2
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        14:8e:0d:04:69:d0:fb:fc:c1:e0:51:af:b2:9c:b1:0e:d6:8d:
-        da:4a:f1:94:a2:23:3e:6f:c9:9c:4d:d6:b0:03:6e:ae:c7:23:
-        fc:6c:69:3e:66:ee:12:fa:2d:b4:12:08:76:16:e7:45:7c:6b:
-        7c:b5:ca:dd:f3:67:81:c7:78:d0:0a:54:52:05:0e:a9:8e:36:
-        5c:3e:9b:b7:b5:f1:18:a9:04:61:5a:95:4c:3f:a9:d2:76:c3:
-        71:dd:2a:9a:78:27:4d:3e:e8:02:93:40:21:42:14:02:a8:0d:
-        86:f4:27:53:8c:3c:07:ab:d4:70:29:2e:42:6b:db:5a:2d:06:
-        54:e9
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMxcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWqA+MDwwHwYDVR0jBBgwFoAU4hgGT7/e
-QNb/M10iVoncEPfOcL0wCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQIwDQYJKoZI
-hvcNAQEFBQADgYEAFI4NBGnQ+/zB4FGvspyxDtaN2krxlKIjPm/JnE3WsANurscj
-/GxpPmbuEvottBIIdhbnRXxrfLXK3fNngcd40ApUUgUOqY42XD6bt7XxGKkEYVqV
-TD+p0nbDcd0qmngnTT7oApNAIUIUAqgNhvQnU4w8B6vUcCkuQmvbWi0GVOk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:00:00 2003 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E2:18:06:4F:BF:DE:40:D6:FF:33:5D:22:56:89:DC:10:F7:CE:70:BD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA3
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        87:f9:64:9d:19:1d:03:e9:68:e0:a8:3b:2a:8a:f2:74:a3:26:
-        8a:2b:00:7e:6c:b3:4f:ae:70:d1:e3:ad:39:b5:ba:70:25:34:
-        31:9b:12:06:6e:b2:59:f0:a8:56:24:67:c9:fc:76:54:74:4f:
-        28:14:6c:7d:51:20:d7:8f:52:69:12:e1:67:2b:3a:d1:70:03:
-        d6:8a:e5:c5:92:1e:61:29:9d:e5:55:c6:54:bb:8a:a9:b4:b7:
-        f6:3b:ee:b1:63:90:a3:39:2c:29:b0:f3:2e:00:1c:f4:dd:76:
-        46:40:31:0c:7e:29:ab:fb:35:ae:a8:73:8e:ca:a1:23:1c:12:
-        8e:50
------BEGIN X509 CRL-----
-MIIBkDCB+gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMxcNMDEw
-NDE5MTQ1NzIwWhcNMDMwMTAxMTIwMDAwWqCBhTCBgjAfBgNVHSMEGDAWgBTiGAZP
-v95A1v8zXSJWidwQ985wvTAKBgNVHRQEAwIBATBTBgNVHS4ETDBKMEigRqBEpEIw
-QDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYD
-VQQDEwxkZWx0YUNSTCBDQTMwDQYJKoZIhvcNAQEFBQADgYEAh/lknRkdA+lo4Kg7
-KorydKMmiisAfmyzT65w0eOtObW6cCU0MZsSBm6yWfCoViRnyfx2VHRPKBRsfVEg
-149SaRLhZys60XAD1orlxZIeYSmd5VXGVLuKqbS39jvusWOQozksKbDzLgAc9N12
-RkAxDH4pq/s1rqhzjsqhIxwSjlA=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem
new file mode 100644
index 0000000000..1b705fb0e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 68 FE 2C E6 EB F7 D1 DC 72 5F E6 EF 20 5A 31 AD 25 7D 30 FD 
+    friendlyName: Invalid deltaCRL Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEQjCCAyqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JkludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDEwMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvANALh142nlDnxUbBVwMZf4H8TGU6+cn
+B3S/k65XoHWSCIQaHJm8ViPDebtC2Y1lxXJAuUQ5vrXhMNViCXvsXVv3Fyqh0v8Q
+xWCcW3Mx8f1uIBa4iWs+GyD2978gvyy4wOLeAYAESUYG0XStMq2JvmLqAugT21T0
+0CrRVBXBcG4tsbxJFoCMFN/UrS87ampiKLDfUrer1kKOpTIYVZJ/tLqy/MIyTzsl
+cll6n2Qs6BH77TijvQ+SzRja+f3jbrUHUZuHSoJ1VF9hsyKO6jnVwIqzIMXOox5G
+n4jqfRmMVf77zPZF87XJ2lqgDoqmiEzxth/B94GOqxavMadaVT+czwIDAQABo4IB
+ITCCAR0wHwYDVR0jBBgwFoAU72PTqE6x+d9h4g3DBaOYGNKTmecwHQYDVR0OBBYE
+FBLdWepYnXF0v83nAlTQiBuan5S7MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0
+YUNSTCBDQTMwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBD
+QTMwDQYJKoZIhvcNAQELBQADggEBAKpHl7P1CWrLLGUFP6PuAz4hr9Y0OyCV2JLt
+sravF+p4eArmXPaAVzZz6/lYajw2i+b4eVQxm3qds6WoxgIIKSGyHPEBU2kz/93B
+kHP87Lwwk5yPG7XdX18t0dJ7AQhbPhyACkUbpwsZrN0tNCUby0S6iHUgCDBPU5MW
+duSUqgptZCka9niVz6eVtTbY5796ayHh36+MWGzodBQByJQqNum3/Wxhftbj04Ng
+wlL2MfEcDnE3swKRRE4uxe/GEdaaUmSzbFsQX+fokCrHO6udaaoMLpKIa/HZpb4f
+xvCy+cimsD/LjJ8hIo1A0sgGbeM4oybqfLkQ3ELSljF9R8+svdY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 68 FE 2C E6 EB F7 D1 DC 72 5F E6 EF 20 5A 31 AD 25 7D 30 FD 
+    friendlyName: Invalid deltaCRL Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AC1EB1F42BAD4578
+
+Cs8dov7sh8fRdw/5WuIE9nxqQvg/rjIq5qYQnxcyNZXsr7ktj1Y+JPybHvcku8Md
+8Wrg8u/C0vINm5f0/dyzdF5KwidTg3EI0x++5HQmvK+3agest+PldX+8Kvpr6EyL
+TZKqvsMqAYoAsSbC4jeMoFUGRF/7kzIar7mkY0yw+v155q9Ot3wvUwvcEqug720m
+4zJ6kGAZNIzQvoZjdf9bvQgaFXJ5gWuHCmKdOyb2Jd2rSzVdE7vgtF7Gi6ID3NUy
+kDek+PLQQFbTlUWdG8KaSqI9qEp3j1Cbuqc6CKtTLPcNWDZ1rHP39ag1ZFnP89uY
+9DX5Xekraq54c1CYozZ2PKtLSXmWqW8io+c4/LurIvMKjJR0gAuIUZtD1m813h8L
+w07izH6QKZjAJ0ALNa/SBkOKeSNSN9o+2u3cCh9KmFMYcebNXoCPeacdNSpRrl3F
+cWXwaGUP8JGn2HMYJOYE1KdQKmeiIAigrrKYgNilQtKzo43TVHkG0758gaEz3P8L
+fogsqPHDWIf+t9c0PSnE/g1ZsXOVTDQmkk+inW4RzAOW0i0leIRklA0WQLrdpPBI
+O509+0WsPsdN0dFtQa4GhmsskjGt5JTDgfi/5Yge8TgGmHEoeSZuz5M8HRpfjMr2
+BRn5WBkOUgwEHsP08fE7YyjEE7lpiBRtSqryPpezN1JfBUllbgHMQ2x3MMmKUyvN
+Q8wqH0bG3+ORSU/swn0xemObXf0Y/dzlCxlF2t6yd6m2HrE2oCkT2AW1eF2mVBZR
+zzQugVYSudBRHH6AvtohGdoIBE7tDQ7DqL7BQi1rbCtZ1THEpVTiSENxRUumP08K
+ElP1G5lb96GdZJepltrKJ9iXEbxMjHbYejZ3X309zmCOKymJvanAAhs7BleED1Yz
+0EdD3mAHVaycjnXn8SxC6/libT3jsU8sO/Hy5u1qxqwFHUlIJhxu7foV9KMMyVML
+sXo+H0kiflUg3iHKNFBI/UM07ml2Z+VVSbxTl3D0zxpJFRUaUD8JSdwZos+dqNhP
+qpig4z04eMzGTSTzaoQ6VHx3TvAIbyLFjGzynk1upk/lDVOsNR8mxklV8XkvPV2p
+onSQ9xzX9o44SMlp+KsBmPOBiJI9Vgzhz0EwspTHs0r4w9B9kg6sfPpAo7BsJWzb
+PNJgxyXyIsqW765VR0btgSJjA4g46GzhzrKo7irwtgZtXe2SjeglyIileefBbj+b
+OHI/0IS05TFR7l0MqpPZFhpLBY5NLwV2cCsZ+Fgq9rHq/o//XfEgNI4hlr0TvenU
+g+wiO1K4Hh+zlgTGor654HFoUepehXjOEvhBAuj6+6weusjXGg1PEpNWZQ2qcrqV
+EfT4bYpf3AsLYt3AXRu4HUM7JyRX7VCgNZ8onBVosG36rdv2Dw53vqKDTnD5ISPB
+MeiKYjKJAFK8090u+T4H4qZKfwa/wa81rqQ4Ussfio3J6nkMqUDBr95wVmcvD6Or
+KSQQDqXdtwP8fNWvqKO/QOapGfzVVWRtvdciipuicjYWdXZudKAuBd8x5xrrg8yx
+ClR34LtK8hg87MIMfT0ppXUe2TanG34+86GGHeq81lKlpTiqN7jX/A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem
deleted file mode 100644
index b76c876c1e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzxx97S8BoEgN9xfoNoA/Llxt6uPlOWZ+ivv604fkNJjK8fwEFgGh
-IX2rOp0JvgxD9GNhW03cAb99VuVWaKCGZetc3qdUF2xWlxxXgYBV1Js2xsyjmGbR
-pqAvaRtcrtlqE6hmltSJmkP92c49XhgCOIkV/KNyODYzPpFNe5RyZ/MCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBSxLLxeL6rboh2Wk+01TTFMKEr2LTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAjeR/ZFSYPKsGsR0G5k/dJwEp8GMQM/lG8s5DOWP1JbD8Ebl6
-aao3oD0FCF9jzK+rtRkL1GVRXX48sLANOStAEInSVm06g7LocOuGGb7NRggCbLRY
-rMCjHVqCHM8aJLARHyGGvUlhNfuzWxTNX4Ru6LnhGQmXqvWcGlY4dVv4vUg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem
new file mode 100644
index 0000000000..3f2d5cfb17
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: DF 2B AC 36 40 9C 8E 17 CD FB D5 7A 6B 23 8D A1 F0 05 94 5A 
+    friendlyName: Invalid deltaCRL Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0thD2uHKXQil6QX9ihT20V55pfCU176xg
+xfE4bF/rUqIJr1QtBB3go+0Haquuzo9Nnm13khuoWMyaSmjdzvSCT3w0GW3ynnU3
+yYJ/p7fJZ3jlVWPkvMn3Meba6o2+txfsws25NSzmKdImawaPbWTeBPuzOGXNY0Lq
+ApdYfUd+Qq2jf+RWWMYQExBlgXwP2k5PgtmVqsKcbNKTC6rUP1L5McjM2ZFi5h9W
+HsHgOObOsGKYKIiVX+7pEQQkdNTSbPmiuS3f668FY9CCXwCGtyfrFt1OeL1ZTnDx
+/yjc0LppdCQv0EMuj0CORDhUjk8Uocu6GkieECZXF1s127oZ3+arAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+psHlOGWlxb4PmdbGfVntoeCyBNgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAYHmgNuF1unFbwYcC0qsNM9gWmk3vbXFecTPL
+0EPYmRqi9MUgxFQGrNN89TJiCMiTqnUVHJy2jq16crGIQQPTknd+h1UehoyQ27qA
+yxHJK3dJK76vaWAU7+MJU2cWAxZ5eRD5kvpfjTvIWjEvCt3HJUAlkXnbn4GNkKAx
+XMkk3jQ/7xzHrSYEBLfuFrw6Kyphs4AACCY/b8AUONImu3BBAF3jKHr6CubpiuEF
+fOAUDfJdtxf71i7dUVPARF8Yo9IZdRW9OXXXjlWsXwKsCdiutyjaXXdyeHIFK59T
+IYDaSBblRRwTeVYrW2O04AQgyeSIj6L5M+OjsffPMNSc0+ib+g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DF 2B AC 36 40 9C 8E 17 CD FB D5 7A 6B 23 8D A1 F0 05 94 5A 
+    friendlyName: Invalid deltaCRL Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3432D17D5C1A80E7
+
+9MtYHI+46l3XbWivigwkEoOJorfDpDN0SfjSL6zaWqT7sC2Q6wV4IY+l709oc/o9
+Yj0NanvgWxEVpFFw4mwQ8UkQcuIeZS4uh8+5w0QeYZa4vbX/SdpOX0rD9oNocmTl
+kVpLc2TTDNk9ve9S9FZp8XtgUtutXk5xal7WIj2CNooJm2FnT3S9C343nPajCchU
+ElCaxJk/tOijvvnk/AkucWgjdxi8eU89zC18ffvzPSnx2X7wJu8BoHtLiewm3mNI
+AY+FK3R+Cd2xrfISlQVVznJ5Ydg3iZFTLKwPzWVKBYpGNvskKSHZDHmvkqYFiKZW
+xqFyLpDVCAjtGwIGYpQVg0EPuWnhHlm1X5cd7/XJFt3XaXuvrAqixgZAa9PpN/sj
+CwvOvsjlUsvPFJtpnSykQ66pa5Q3Dxt/OxYqkF7/PRWO1+0RU5/ilV6+aG8Mt7JI
+PDnG8pGVHs+ItOwjUcJl8W3gxGJy1MWX3mC+jNKcNYbp6pY6XFO2zOriGgHJCgLU
+hxX+GmVwmkxxC4grURsRBqbY+eE66qaMkTlcdXL3POsyi7CQ4pBBTM1RXHm8I6hx
+HP6SyWePXcR7ayd/zxIH8RT7hkFV9CCty0Adg2P4WKPgyBubZp4NzrqYoYM6WsT/
+ala1iUpwayas2S/5Mqwo9bwXBUVgLQA5zKz/epAX+d/SIg+7LJeeaZ3N5YOL8XNM
+HbxgjHvcA4MHhZTO4uPiT6nG2Q5G8/y1FYr9nneJc/mIP0M/90ecGVLcSoMfrgPD
+74oLyB05QPZA5jpT+kCqHhHfPNF6yiMinMCw0JiXNbC2If4GckIalUmVUysiIyNk
+7XQ8/zPWqIppefMBRCuxdlr5IPhyLXet/qSD2MSOZUB6dtG29BycOwI144xvcXDO
+erJQSBdoRVLzH8Lwwq7lM1M7Vt1e3TW3Dw68LOx7eNs+A9hx7kexFB3LnGjIwSGP
+wOAqWMLY4RMpg3hN/CHl9TViI1P6WxJIj/Zcc8IkCM8x47bb+eTyscj/fW/9YDiu
+1eyvNajjFXJ7BT4FB+VknysFB7GLIcs8uImTM8adtmQC8X5p1PtCg0yuICgeHnQV
+UrzjVPY74QnI8UcWgnfiyeJ2r8rl38ldwjSQSL8Sp3/72C15iB/NoZF1NmANQobg
+ZvwZVpgPhB8+z/iQgtBKCKsfaqZ3tat0P9PqwljoXI1o1tCRdd+rmed/qbEfwD5Q
+m3M59rRPgkMvgxWerdBzU9QpjC38+wInuIJBhLG5ESmTM5ILQWcGbthdHpteOIlv
+iyp3/aEB+5eAI3ZR41vmaVhCrhySLMCE1wHW3YJlR2gbbK78lluPVy0IbsJUW32C
+wDU8RMQnW7Vihc6p2uyjd+jMmllXzu18EyVJ0wFE04ukeGY3MhU54396LLZSgkra
+CR4xaFEq3RywIjZ40Xdxv3pYkuaG5JVcAf9fs0OLUvX4u5M8M8ArRC8GlflVPwCo
+6tiRJg5H/jE+s51iLeQp0r8Q9m+Vd1rKIoMYSUB+SGqd+68aT+wQFHIFcOqELKhg
+ZP3LRnJHvxutJNVykZhRi6wdjcBZ9PorVS70Wcs1ATd4o4wRqfvcUA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem
deleted file mode 100644
index a23bf8d464..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEApl35weU2/WxOlBNEikRZQw51mRQgwiHdME99VsoaDgFPYglJARYk
-IQDYMoImgMANlcfHOiVaOAyXU4lXuGmpw8z64BNhazbSkSEl5lHedJaTrG3pwst8
-RIaAAvQbxOYAqrZyDz+9InoAj7ci9+TPhthUrmjkHxs7x/Bmkbmj9pcCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBSZxHSKiyXXvxkmVXDhDuryYei0YTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAVQbnMvz/UBEqrjWC/M/CNgiN/9NfiIj2+eYySOYG+HoJrVWC
-qCDdYeXfKIHh8CtoS6s+S+xaYpEschIVX3kOjn/VMGOmvAtWlR3iy0nvVoRUoGDa
-4eBv1NPq2MlQn5L7WsYHJFnJrLx+z9lWgfFYNKPiDY60dVmNPSfFzQpevu8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem
new file mode 100644
index 0000000000..0be4778f49
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: AE 85 DF 8C 89 D8 AB 19 F7 29 2B C4 7B 9B 8D FA C7 F9 9B 92 
+    friendlyName: Invalid deltaCRL Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZqiQixIeBTrVSToKowkdbwEHI0yH5H5QQ
+6K1sURO5gJwPnZhXO1S5cFaQo7WwKYfxbFMcEx/kPI3lmcUfm5tBVk11bAjgp5Ft
+Y0vW80Vz6ABCOjPtaF2lVItqBMFroDU7H2ZVjwuhunj5AzURHqMIR1N4N1a/L46/
+/nyR6uZRLe2FDH4XmymO/Yh/hqEgnyOwYIQWnm5oE8CLh90Z4sc1Xw/CanCvhaDc
+AM7VFiZH1r/0hx/ogQ7ZzhfZ7IY5OWK7c+ww+StDOiIOG/7kHChh09yoURji7a/Z
+c8Rx2BB05jTSzjI/RxoRNi22Iq3lCTX45PQub8KRTA8cRugPT/inAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+yMWFM4r6w1i+BiUVek9gmjbgnAEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAWIZ2nB1hbPwnabw3PDZdYtB7oAg69uP4Bes1
+alM0Wr/mwFeWf8TVF/GuVt+5Ef1IK2hgbx6YpwDC6762CoHUCC0jsu2VtmSESITk
+tRTOMNLpzp5qbxg21Hs9q2dIJXBZyltzKqh95+kERpsanp8x2u++/0JZycKzvZZr
+0W557uKJSforuvrYXIk9+PtAdF/HqEhCI8UWufJsMNeGjn14SnnXy0id7leIBWfs
+5AuGkSR/AnlBQYcImdBJtlHbq6a7llTwZOuOrQvtIPkwdkKeFC3oxhKUU7Psn7Vw
+6bVE0zECH4cx86j3jEdXzQfA+93hFBL/9D7ngXheTNDftFKT/g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AE 85 DF 8C 89 D8 AB 19 F7 29 2B C4 7B 9B 8D FA C7 F9 9B 92 
+    friendlyName: Invalid deltaCRL Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7BB7D5713526F3DD
+
+XgiCoLDnlzYySBOR7RpxZ6PYgYBgtkfG5/1UuarivwaJ5AhS3quH1pNZM5FCG96u
+icSAGBAy02/mT2tWK53NsEhpS1iKR1577PgeBYAFt+3UEfSok8eUtyYdy5ubb3+P
+NGtwNVvr5oc67XcMtxKVeOccDb8vYUyrGfhxQA7aAxjEd3+5YPec5x3n/FjJvFy3
+VJIzF9OzE4jrJsyC/Wj11q/R4aTC2qKBu04B7U4N9+7HWvmT26zB/yismeDFJTWC
+Lng6xTaVW8C/HcRsGUH/rmaByYotIbptz03nomZINWRKoJhOjDL/H29UbnMak35v
+CUuilzP//VLW1IFJ0KlorqbfVu0NIHcI2yF925SFgGW4S5r4QlnTYwqi9umjg0XQ
+YySKHqA+pVt5cHM6w/8AITb+o/e27yClm/UmMr9x26DYkNLXaGJht4n3CL6sD+bq
+tw6F+ZYNzrvZ14p0/iyNv11iR92dXLCPN8EJr8AtFUvX8ioNveEN6RanTfmUq3q9
+0CCXWThSIreab8qnaUkOa02IivgBHYW1OdRWAA8pH31JHYGMGdqGh5xhBpgx7vke
+nHv8btoQ/Ur9BqZN8hlwWSgMT6V45JOweSv2mR18EqryMUj+cWom2GEgwpuY/C9U
+TAMi8qSFBRtomvbag4wFVvs4mvN8hG0wSxbGCC0wRT/bn711FexwwM5rmeHVILRV
+HMrCpihBI9ZKelGiSSDGdeMWXqXsjVgrIzxzQUfro53XVzMfFAiFvNCgrnM5ViDS
+uxmUjdu580Ncz20MZt0pom4T5h1VjQ+f3grfnOfcW3mIkZS1gLCmTHRrcMEQqVDL
+nXh7CyFwAF2pKbInkmx9NAtVYjld0cU+e7WehJBwwzNAJmTh1DsuXSbjuOdgXPbm
+4xCZCqeJGPKa1KuwS9zFiwdgTN5rR9BuqG2ad+F/glkYV9v8SAhc7YVjRVBCRNsS
+xQP+WgZFWkGZlsdei6aib8/3C8ktR8vga2jr1tZ/TTcNz1i7RssgUjxN0BQLjz53
+tRmBNklFn0PeJ9LmlEULoRQR35nmHfSBPQ3QwRhDxQ32jbKLe073ZekBZc+M0Rdh
+Cvgd+A7Gcnrct+PnzUDccyMk4uhAdiRRnmawscYupGid3Vm4CsJJaNxWeSRQuH7X
+4u/EHvI89r9ixJd4s87bi6VhFa22sg8eGDEgBUNfH5UqVSI9RRVfW4Iz2GkRR2WN
+ZcjWjeunn5PbQRcKOzn7x81ZfF3IBuCbmWnzNl1B8DGrDsQytTzE4ar3pBGNHZ6+
+HBj42b8hBAY7OXyoob91mn8b9RvOxsI+jxd8frdoNXgGLWsmy3fcPNY/SOXDkgle
+mNIYOkTl/XxUlQMdnCsLv1u8Dyy5ZEdhRYFX93k5XIOvfASU6KuxuHMT6hY3hNzo
+6X/Jc58AYC2+pVoMW3Z7DJaXFc3byhwEudfgYrrUtJNfrzSyU1Ic1qktDzsiDBa6
+59zHO99ftdB6WC5RhCtcljBSPKnOhD/5oAnqLTiY3irgn/wdqBvMJn0dkSiWrT8a
+aGpWOAO0QfmAfvZYUk8LQrtTakNa7lW9Msd4+3aaVJruqcVrh+2OSQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem
deleted file mode 100644
index e918530f97..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAscrNGz91htFkIREH4kXyOxo9/1St8nJA9dIDFUm8mrrSSju1W8oD
-Xp8EeOhyKguxnDGTfGnp5SIrvLUB3IEn2Jjme0QUKtz3lVdWYMNZcyESeKIhz2Hs
-GCFxmYHAzafSbJ4dh9VLWVEkARbN31prGZT9BIls24r6PWhRDanqOZ0CAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBRyJcnOHzbSUbchF1gWSl+d/EKipjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAUGZgoTW4dnlTr4u8+RArHmwDwiSDY0cXQimlo5QXcoeZczkt
-s6hrTXRDO2ZiijUqoKqP+F7hBWROoKc2U9kq0yLfZXxsRBx5atus0zwV9PE2pYS9
-5doAUve+eXvnEBzwjBzlPNoWo0yklkwaVIhBZFY8HS2G8P115VnipQebcZk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem
new file mode 100644
index 0000000000..33323e9a29
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: EC 20 A3 FC BF 35 4B 38 27 1D DB B9 77 DE DA F1 7C 38 13 B2 
+    friendlyName: Invalid deltaCRL Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChdlfiKhgkVBZls9SSGM+R/2fkQXuDV0hM
+wkswSv31By0st3Rxv/Rdk2M5HQYcG9BJwfWqHmmfIywnsfWXY8hXl9W81O5xCQT8
+6I2qVmxulBwFDGa21Ik6vyOaVkh3GjNoUYDFvngr1srEpd8Y9j6ooDr6uQBuvaeV
+p7loDWGnCQFldjlZfHoSvmiOyx9oV14ZIW+8o6IoUQTOrnTuXXtr7whOd63KMBjg
+tPTczxQ6pGIF4c5CjmEzasNs0bcovGhmRfL078elh8VrB5sv2XMAeCUNWQP/GSoy
+OdP8R+FDzke+teFQmBaAJkKPLlHlBFRMIFoZ6WG76hB8GzaoflGZAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+spIp9bjrEucJCdPG4GtrsDiEOD8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAGTUyGnLvpOUE4M2D+spZazvR0m54B0BHclY1
+rNqvv0PZ2Qg4hi9l/bntIH0q5F8OpH0LSZ/4CgcJfmflRtOgxU0R7m76yYZpH+K3
+7qhwBzd9Ij7tZWD1C1eKwaLGSduMVm01PbjjqHG1wuoGM14524GKoq/6g049c6Nm
+dOqVSxFf10LhI1StU/ptj3RhSz1YXquDHuMimPeFxI/yPpdVUNO4kF4qZrj7Nwp1
+L5zFnmpXpSo2QeIEfWjgCfEKOyGo7jgNshhsoEwogFQp+VS8opaKnJn5J6uNkrPz
+4UgLpsTk4UYXqgYMLDx54HTzVELXocW+YdeRv+H70w2XyfBwSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC 20 A3 FC BF 35 4B 38 27 1D DB B9 77 DE DA F1 7C 38 13 B2 
+    friendlyName: Invalid deltaCRL Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6BF125E43F84522D
+
+yYCvvGQ/1feC0wRhswMyrwY/pF3JbXfstV3xlG00CXrVeZ8NlZdAg5Q6QJ9krJPD
+VRYziXTi+aMZbF4auvwRFe/CNuFxclKTHGDSQwIl9qRz/1EPKUhiJi4Xp/RSnAY8
+PBSYL/Pg/53apWqMOUHwAdoQ/9EkYC09gd8nXk/XfKuNRXDrAYd2x9dfmLZ743dl
+aXLr+6L+AzjzTNKLLjbhSPh2QRfUPwaiG44uAkl3mch7W8yNF41rBOLDuXbpzI82
+iAH3D34mtpiZmD7a8psm0R+2NgxYzfnAIe6ak8DmKTXGYk1OBhoKQTvABteai7dv
+utZD3JAQeCt4+Reom2bu+trjD4iAP4Rl/vCu7r4PnaVxRKsPsrAWapzIJmdBWdud
+4rTmSvnZzBmlTF/VrND52a09T4GgmXndWPhJdCyi9obOEpkNHFNBqQcntU3IW+Ow
+a3RBKIeKOuXhOLo86VblzRqP1xt4GJ5dp/8EK93hosocEos7T9e+0w0FF+IgjK3Y
+FfDgwdfepNS6FBs7gVxq8wuly9GNe2NrQezmNtQzLwM/IvuRLHh7oSWnjnwi/4Ux
+lbMYdQZduhHYvVbqTYgKaxn7Jye+8naQsJ6eWq9wLVSEx4dvHISWv5Fu3HeiskGv
+7GSqE174AaqCr4K/vQvxNVMy5PI1tdqTvPU6CeDwPM658hzuCS51qADbJkFY4pOj
+XaS1+phNt1a9t/sIrOLpX7I4bT6b094qVXqy6OuKWHLyky9QsL4Abp6MpnLShi8W
+QrUiCcw0I4BbtCGJRqfggRI5kR70zfTEDs7eBOWhuzTDTCm5sG2jaGLdH5mKFC7D
+aw7u774F3aIZA08ktj9tqeUDmJ0I3X7zWm3/CW3MdFkX0qehCqL7rk0IaO9cJtjT
+05/l9CTSEWQqQPryV+W8EyHJf9jEsDcY435hxD4x+q9PSeztcBMqOG4eh/l3XfLN
+JQXWdi0xIESrJUcOK/ca/psKcRIEIlw2LUdZupXFdJwuxrcjxfmwie5WMMXFv4tH
+pDKDOmDb9tJ/eJ0o3HLllPQ3VSzuKsSHcxKmx76MEqe0a5HcZ+7tzlSXIgFQ/7hM
+VUH7PBn+knEL+OSw1lfgfVmRiQm1B1FVAK4e/0IkqWZB09/7V/NO2zOvErR2bbWP
+ZpjLo8jJ9P9SjWiW7RCmvBS1SYdLtqAU+A8blpDpxMpXN3WKpRzhBt1MRj3ymSyO
+Ze7nm17FmfYQumU8DNqHR0gKSXVT7Swty9vmjUh/5X1MxPizVEnpxAWbvZ4E5wPm
+L4nMHIywYNWfaDXICBffWQm3Pv7wkCTTOqhQW1I27nYxz1CiVTWIExnEJdU1oXK1
+aM54hKv1v25xVctT4KFT0/gO2JpNcTAkWGhjvosPSI/FKXK3/KYdzo6jI0faGtR2
+BU+XYH9frKc68kwHbRu8DTem4IMl1WJ64MnJ3GsOr6S+V6r58UW9rFkcSOnAiocM
+bOrROd1qQhiv778dHseayZx2Si4T6jXviV/qV2ATQhJNbjTWwAltX40h7JZ4BN1i
+AxGR7TWCWtdkrauff5cXQujwWHAt1vRgPG/CtvdM9E+gOFBopayb8g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem
deleted file mode 100644
index f96feae051..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr2MUpxzH8HIqzmAylEvng
-qJvVIxI4xzM8NSpC7P7T2R1dmFXK/19W+m5yqOagB9VxgxP9IYbI2VJ/FrbQSD/+
-afpuHA8++piSAs2e/1BoRagiln3PnQTLemPsmVy00eSLnsw6QRdC0MIZjme0/SHv
-Z6XuWPNvicDyA/Uml2pCqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUo5OrV2YmbXI6bLyDZaOa/I4MQwswDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAFnKbCQCHJI6HhnaoKJkHKk3dBK/E1DNHc3a
-u9yx3wYdmqwkoG5iKJjssQDLcbLfpjuF7jU9nKbk2gcmOIa5//lgCmUaok4WZSUA
-u8bzMnpiZyzIjjoW78RyuntCMXbZzcs7umsOKfOlDXj4wwsev4E7m5nvP2Qv7hEX
-ECR/9DaG
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA2
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAuJgOh28x++Wg1L68WeOKQN8XdV1qhrZmuHQgwEWL8HA4HNqPU18v
-laXijT2AqIMjNJs0Ja41CFGbeaiVSNrV7nMsuQAiXTiiS6R8yrRScEd1baqSvzRT
-PPgXoN1qSTYKXXeEYR3dKsHZ2DVAjdlvm/bwIm6lGKGchu4FxwoHCecCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFKOTq1dmJm1yOmy8g2WjmvyODEMLMB0GA1UdDgQW
-BBRJKQemGd+zHC3BYsO7nLEzQ8rHazAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMjBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIwDQYJKoZI
-hvcNAQEFBQADgYEAf2NJLZQsLgMF9j1YG0b0IP3nQETOE/M1kAExKmgex/QteM25
-DBV4d4vJzuh6DFQxNk91Y9K9bR7qIPlsK31NGGpq4lbct4XgbIlM0+4phq3sORcJ
-AU3cfsMvJwZNmfJ6W22nEhF9Dgd0JNo+9g9FQGlSH6z2O34vBB/jPtkDJEU=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        25:e0:e6:a0:65:11:f0:81:2b:f1:ed:47:8c:1c:a4:dd:79:26:
-        78:05:22:84:96:35:60:de:7b:13:ec:70:ee:50:3d:ac:d4:9a:
-        22:fe:e3:9a:77:a4:fb:bb:86:98:21:80:3e:d3:20:85:57:b2:
-        0f:2e:bd:53:d4:7a:ac:96:02:3e:17:00:67:67:6d:16:01:9d:
-        93:cb:fc:b6:f1:c2:23:0b:e2:de:c2:02:5a:70:05:34:35:8a:
-        72:8c:cb:78:ad:62:96:86:50:5d:6c:ba:1a:bb:e5:b8:e8:5f:
-        b6:7c:33:8f:8b:aa:c6:b1:78:a7:e4:56:12:76:09:7a:db:ae:
-        f5:ff
------BEGIN X509 CRL-----
-MIIBbDCB1gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMhcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaA+MDwwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa/I4M
-QwswCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-JeDmoGUR8IEr8e1HjByk3XkmeAUihJY1YN57E+xw7lA9rNSaIv7jmnek+7uGmCGA
-PtMghVeyDy69U9R6rJYCPhcAZ2dtFgGdk8v8tvHCIwvi3sICWnAFNDWKcozLeK1i
-loZQXWy6GrvluOhftnwzj4uqxrF4p+RWEnYJetuu9f8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                2
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA2
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6a:af:6c:a0:70:12:90:02:5b:70:fd:d4:b6:8d:28:9a:51:5c:
-        fd:04:ed:47:e1:a0:5a:60:e7:41:83:23:ff:a3:e0:c6:b1:fc:
-        71:db:cb:8e:a7:20:0e:f6:9a:ae:e3:fd:61:33:a6:21:69:4f:
-        7f:7f:23:cc:33:47:45:23:bc:fc:a1:79:02:31:3f:8d:77:e7:
-        c0:9c:8d:90:ef:6a:9d:38:fe:13:b7:03:dd:ac:36:72:b5:94:
-        e5:7b:43:a8:7a:96:ce:16:bc:55:00:bd:cc:1b:a7:81:93:40:
-        f7:f6:11:bf:c6:dd:7a:ab:32:e5:be:fb:88:32:e2:06:41:9f:
-        5f:d5
------BEGIN X509 CRL-----
-MIIBtTCCAR4CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQGggYUwgYIwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa
-/I4MQwswCgYDVR0UBAMCAQIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFD
-UkwgQ0EyMA0GCSqGSIb3DQEBBQUAA4GBAGqvbKBwEpACW3D91LaNKJpRXP0E7Ufh
-oFpg50GDI/+j4Max/HHby46nIA72mq7j/WEzpiFpT39/I8wzR0UjvPyheQIxP413
-58CcjZDvap04/hO3A92sNnK1lOV7Q6h6ls4WvFUAvcwbp4GTQPf2Eb/G3XqrMuW+
-+4gy4gZBn1/V
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem
new file mode 100644
index 0000000000..cbb9429d12
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 9E 19 61 2D 56 31 8E 7E 86 26 8B 26 46 08 30 44 ED 1B C6 A9 
+    friendlyName: Invalid deltaCRL Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcE10fbivD8YbnEDA+sI0O+XaIUsukUp/a
+yfj/WxEn9t2eUiwN5UbG579KJ8eLcFDNQhZrRjzsy1yWNJllb8pBjjRRyQozZ7rd
+mHlzW492WmaspKUVT/enEDTGOXlmvxGFRz91isOCgEqGPZ+6MLcXx5halMlQfD80
+X6qsJjaSFGSMxPPFUij4eyghF2dnmAzdJrLW8UKjSDjFPCrTY+1AGkzIaifpKDN1
+qdxUR936ago3xfCKujbRhOkjbeaAHxwBVdAPZQhmsJejhRl6kY5k0rA0Hbz8I03K
+6Ev61b9y6j/WFIU/GSnTvvZ98gwpI24lIRS/7uE47Uyf2pgXU6tFAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR82Pa+A0zOz7c/oRm7M6u11437xDAdBgNVHQ4EFgQU
+lHekQ7FVrwObog3Zam6ZJLkbICowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMjBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MjANBgkqhkiG9w0BAQsFAAOCAQEASXs9VkAAMDzy/RNxg/DiQJf6z53J8rBmrKZd
+LgHqb0nWVu42Ibgmcc9GvE3jRekXAkoZOESOKzwnzTKFoNkSh4iOf2TwDajamAwZ
+4NTsy33kgxLggaVOqx+YHJDVGxc8LBPVlQK/1fgNuq0zQdCbzp2qcK5cFJ9PY9Xv
+4ktwPMZb7mDMuO6Oav3JjAy9obJ413mF7RAo75wrHL/+fUfFGpVT0sN5dNR9kjeo
+undhANx2cP4tuCvTq3IUROFr8s6qNFHsYP+kCIAsQHLYK8vnaJ8APIZfm589SAeR
+ohx5pQ/4gghyE1vBqnuDf4tzZyari1c7EQ7CTe2PVJF/g2nsHA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9E 19 61 2D 56 31 8E 7E 86 26 8B 26 46 08 30 44 ED 1B C6 A9 
+    friendlyName: Invalid deltaCRL Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7FF86D7F3F2E87A3
+
+6vAuGMtew8Lpbmh+ROvHn4bEG1cDfkxZ5zJZigKNUagHN4nwEP9lD5y3Bv/K65gf
+d4/ac4RHMnaexNBR/8e5Dq7UqFWJpJSV1IgQBn0dlloLoqhXgHl2vsLEXGlJFZKa
+w8/V1yRW0+Gt/GxtpjdOzLE5dVH7JH/9GETETF83Bz0LTBCQZK0soRXPKRuQZqmF
+ukAuZKPz5bROEipUIe4DWm8O5jN7joP5irs+wdB7KnI2rOlZAQZT0GIONWOWfVQ0
+zhFzKVxB1ETU+8eUnY42NUXdArvILK/Adh+lCfv6wYabF8ezmZQpFNTf1wSDu1Ug
+Q1jd48shwbu1ZzR+86w2BjAA3kgHfSC3ljkVrVLOyGw2HMPHekAGm68vxchsv1vU
+DTrHWIU/hQCvsOmLXGhfF/sPVg+uivuI6fc8UVm/AFAOm5AcaSBnIcoUNjKHOq0A
+JzbJG1ATpNfQ1kn2aWAhl+VwT2wf6lhrNNyqnpAzUbpNe5Xt39x8YrQH7j3eXCjT
+JS5mDHiLq5iMmsATTF5u8+ZSZB+2+Xh31joNyf85qS90KccxyxwvXkSUUmvhaDYy
++chSCNwYnPHpy3/B0LrZt5ixs0a0kQAxhx10lpWFc/OSvwnOmITAtD0jD5iYftZs
+IMs9V0EDfwCU5rI2RLQcEZkG4DzlXbhnu91dSmssMrMp5GCgOHlrTOWKMMdEnVQ4
+/e1v3YHArSHWMUureOXIb23TQjZuqVFbWU/UlRO+xYgCbLrhlNQ6/67UUc5OaY6Q
+1pikMkJxpaeQmMqJ5p501QLVRfr0Tvt21GjGmKS6n6o+mrklGhBzWNS0qmuX2Kpk
+0ZrTNckSiWtjfvxMCWG8erQsTayws2gpJkXOSzqWEZhhwBZ5OacqQGi4N875mZ+f
+yjNWp2PYxcnxy8NwS6xgFBBtXrPlF2iJHNV+SgXrJiAVC4W3hG4p54e0C+xsVX/H
+w2iJkyMSVUTKdYxcqaJdCQbx2QrV4LVoFIubOIAz3a078RKPoWdLcvB29tWCn+g6
+M88Ciz0Bljq6SbsyBRwtH6rwPuM1WrupWTXyZhVKs/ni3kPBXUsWUQzfmAEllfT9
+gj7HuQRoKl5iZh2LAYNuFnrcgPHzdgWEwE8YcZCZCmDNSFqZusgouQ5Wwjgq1Tex
+KTFOnEbQ8e7oKxTm8k/cUQFcXBTp09NnmbwkEZklWEni8VyoM8wu1o+hVqwvBOto
+Jqm9qXUTqY/VTJPumnxrWBtBhQTO70L07c5WAk8rqLHA954XRvG1SAR0JC3LnS/I
+o9TtyGdSJEHHy9DdMvLfb0305eeeSo5vO7VTZwfSZIXRuzrx56UjVBRMzDZlB0YC
+FiKvWchbLnmC7uzDc9p2qBvrvawP1lql3pE91BOyi3Mk23Ew5ssJVXva9qFIzLfK
+1yCfPKDv5sDq4B1sriVsNvz1l8x/dbeyptE2QEqZiVsSOT0Yc3Ka25yMvG4ZRGxs
+wO/pX+5hnXCh2WwzvfTHXcZmak96HLJaPDl+QNydGqc4BSQ52Hb50w2Sd1v+QzPK
+acM2W5mjpgvxUwAOjkCx29dsrv1EYiBqkWmmgfVyaDBzZKcN0X9pOJcb5rFlpTl0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem
deleted file mode 100644
index e2b8ef58dc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test2
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA737UO+PFs1t9bQRYiD1XQvoj5CgT
-W0o3qMiBsk3AhuMx4ozSScw86kyooet/wxn2pJeFuHhNbdmWF5Mz4kyUuTWHl11Z
-T0aauPWb15KkPWKyYGcwMPrh1xNR17ddZWhDJsgvtraLthiXLTiumcoof7LrTWd8
-lR6y9AZzJkxw3aUCAwEAAaOB8zCB8DAfBgNVHSMEGDAWgBSeHx1QV2qFbxv45kFe
-63q6MH669DAdBgNVHQ4EFgQUDby2uXBoHkNmqlHt58+tVdKbG6UwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCBhAYDVR0fBH0wezB5oHeg
-daRzMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEe
-MBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkwxIG9m
-IGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQUFAAOBgQDcQ+nXCvsA
-WSXbtnoQr+PKV/BOIwQGVJgCtsiEj3Qt04kNFEDjXnXwsKB4LNclGBe5Hi/PsxLG
-nrxqkXIoArMFjjZe4eNbkZotgOz2xN1lH/e4+5O1Ji7CbuNXbtSABVh4ZJYzZJYu
-d418yGh18wIXgBC0R7QwhHtX5I5tRJPSOA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem
new file mode 100644
index 0000000000..c734f6b3b7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 84 11 59 C5 D9 70 BC F6 E2 E3 AE 65 5B 85 ED 97 AD 51 92 82 
+    friendlyName: Invalid distributionPoint Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTYO+uijkL
+kLhQ6RCPP/jdjZaflgwCZ/5vJf836R0+nLLKy1a5ixBZRJZpBCo38Yu0dhUSFNaB
+sb+GCrY1qVbRaAndL1k2vNJibkXPaixlOxi6ujXoOCZmRNL5bAhxosUxjp9YPFYP
+dLMaCPMfOy/cg3r/gbI2g7ZG5DYeJxyuRfZN73P2klfctSmIfAVQprTT++L0VvAY
+yFO6tZkpRVMeFN/MmhNh96414DyXFFrkItsuvG8GexZneUVQHT8QZJsX0ObzJn9t
+ctienvZ9AQGKWB715t78MU4UCRcqB++KFCZIl9lKM/VQZi/ZLn1xukwyDZ2Fgv69
+gO5EiDlezxU3AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAUETBzvY1wKILSb8/SN+3N
+6yOR2+8wHQYDVR0OBBYEFEPX0sGOqiykogAik/m2vAhdQh/oMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYsGA1UdHwSBgzCBgDB+oHyg
+eqR4MHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNS
+TDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBCwUAA4IBAQCI
+cEp1LqU+I90nVxwQnTlwlRtzX/Y7WOva6Ob7orHrFXCaT0ZFr6J2xs2wio7rML5F
+x5swu8SPOgCMtEh/LQdqyLYu3VP4IR1QMTjdELWliX68HJt8ySe1g3gpFchv4U5F
+JiOfSawNJqx0LPFdNNq5lJsY1BBgIvp6v9vucDcNOiASWeCDlHQzZ8AFOUMO7smK
+23qjZjUP5xAEOqeGEQ72ASfLJ8toA19FxT+JoP4A+y78d9P/kROrrPtLJOqJPCd0
+cAvuHv7beOJpeceSjxdJ9rbrcWQ3D7G/ln+Q8ljD+H74UWuo2Toy2m3Q9KaeMY2v
+r8GAm558Phcf5kn5wfyc
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 84 11 59 C5 D9 70 BC F6 E2 E3 AE 65 5B 85 ED 97 AD 51 92 82 
+    friendlyName: Invalid distributionPoint Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,788F49663AD6ABE8
+
+WghmPOUfBAREyv5bDVqkJvMinWhwqTqEdQXEEb6A12s8mWvKA5GFH59GmiF0VZlQ
+2t48KNtCbpfZQE2SjCULKif1y8ENnsSogv3mYPo0RwdaEd0on1pPBi8APrrJkX9q
+44Os0s95LRhWU/9xZalOVTJhelgJWUXt2hoCJLNy9Hy1AnzGxYWYUb3ybV5E4n1S
+69p4AF6F+nKc8R5Xq5oEbTN/Me8wn9+bmUe135SWZXlnkJgTVE1fXm63rTQ6Y6Xf
+9H04vWz3NSowE6oyoEk0+oK/e9yi1O7fwg83W/2d2Bxdfns81rBEnulLUAZ/prqY
+cg+EOcTd2UN6/MqhGfpf4ymg/uT52jpuzw0YQtyBKEre3JU6OZlhm9Q4kRQ6DfdV
+rSArKVC+rWoTR1j1NnWmP1J+Hckh42hob4OlyYCpMEVWPkA0HQLIjD3THUoQVoSu
+aIPSBPLchTi/SLAX7/hq1mhl7iu1oDeF/PoGtN7PP2DNjWYVI3lN2uPBH4eQDBbO
+4zvUEFP/6RP3/CPfCG6g14KsRTV4j3VfVAYDOQE9S2sZwLpbLrFQnJcYvgn7C97P
+kpjdF4irqSJFnxWrRjkAc6a26FZH9p72NF4JqCtQQPkvaDAhLSOP8Bf+SPhdbmym
+mf1gKde9jXG+Wh0YgjXdVKx2PvRNMaXP4ezhuQqdQM0Pg+TdnrDm0GOrCk00iHs7
+g6ZiOa1SCi1yl8OTpLiAG3Z/1Hy6Fa5u0KzZOw5C9JPO1HWC2IRuO+xNef5YkacC
+l6BqKvny/W6TzAvIiA8zLh5v/X/OH+QHMHRtn/sickxeCnAcPBxB39xwDVVxVQI1
+vZr3ya016Y5hL/NtxhxbcpT5BdzVHysHMS7QHKXKUdZ4W08oWZ/MQD8u7kWGFZ9c
+CJXfYAyp+vA/esa/grpNSVJJE7cl4bt+5JMrXlsnLEbav6mjZknt0j/zUj2LcJ70
+648FUu+GgEk7f0mWbNwnxch7wBNSOKYKYHYNPht+cia+BTX10ln2FbWrROxfkZIX
+XEDqxhypqIxAAVri3PljkDdAXwqmqV+HtBBoPc6YJvXb7ekIfd4BZIxPrJf6n/iG
+jW53P5lYJqrZ50sZva7VyihgE4q+VBgGNvkSd8V8qM5BM+UkJ3ZIk2DsegJDqiNI
+lBw9q/GGxjdMSbRFdg9lE5eAhUqqdvWlhI7Gvu37KiQ+BPVFX2Xcm05ONo0Y6DK8
+yRUynfvlDZP19+a8FEk0oEuw4xBn4/XUqtq/GbwmTx8waoVJFAc50FqDtpcG4Fev
+b1oB7G36MfBnagevljMRJW7q7GIN0ZoSlYhciH536dESqgekJBj1M4fg7+c98kZQ
+3sIHNhddclj75cYWnWxLr5CkwPYlwiwwbgczUJYu+GO0Rer6uURHr+Tb1iOi7QXg
+uUkZoSbdTxlIzfd2MeQblf9b8sTSEdDHexvnw3TJnKCZaOeeKHtK97HD1hHoZ2Kj
+NFjIRog88KW+2+JvCQws0x5wCB/1fxzTyZoYpYJMCHwlQ9mk2dinUMapefPkqirP
+moRBI9R7F7Kiysfp5MNszbAJqjkIIb5tOgH+ITQlZI76XEd26nN/q43AMccA05S1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem
deleted file mode 100644
index 2772115950..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test3
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuS5Lgb3o+ul4HsVLgHgzRL9MeLx1
-KnKHTzQ7EedCPCAL/7h2oNWVaOCqaRzy5E4ke3W53AP0lHEyygZjKFnLw2QjEtGj
-1qytIz79bI9YKeHX1pnOldsesBJtKAfb/RBhtwEsieibfV3nFTTckFhqtMWkRX+b
-xgbfcd5yKPMhQRECAwEAAaOB8zCB8DAfBgNVHSMEGDAWgBSeHx1QV2qFbxv45kFe
-63q6MH669DAdBgNVHQ4EFgQUxeG0ipAP1oMfhg4iMi/dmI5iNgcwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCBhAYDVR0fBH0wezB5oHeg
-daRzMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEe
-MBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkx4IG9m
-IGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQUFAAOBgQDnY+V8RkGw
-+kpIYbTDHFKNX/7Tkk4ZRLWJXXk21ah6V7OqKJblsAWGSOKJa65p4GKLrf+uNvW5
-BuOTRbdFpJrjslIZ87Z8XSdWXo/guQWTLacYkBPfKeimVeBInc2uoKkzt3L3gunO
-zcm1s3DmNsCcQFvuG+GsDDn3xIkTxnTkHQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem
new file mode 100644
index 0000000000..fa5abf8e5d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 40 7F CC 7C 2C 8B 21 AC 98 C5 2D F7 70 0F B2 6A 0A BC 2F D0 
+    friendlyName: Invalid distributionPoint Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCD0xHj/74
+p3hpJkJHrM7PT5avhjPpoPT3z/V3qkE6pwe1wFF4WGpuCEN1CsOlyESi1LoT5vxb
+BeMk588wa+n/hr1T5bwn2EfyzbLLJDbuNE4NvQunN3byvnBUw1wcEMns4WAPzI5Q
+UQ9wt+w6yt9fzZECOODbpR4vLK3BKgVv0+LCwNeNfHXaalzGgChMo0xTDwknSLY8
+2Pvf3j5aP4X8ly/XksCgEZzzosn9a+4DHPC3jhR8D4vHj6k4IDZK3gz0nw2e14QV
+bhRov6qkHFNuRNFImxwdVcaII2D3O/s7ktHvuxQYuVpu9Xi2be8FZXn48qlnDrDC
+Gn3yo+rUdahXAgMBAAGjgfowgfcwHwYDVR0jBBgwFoAUETBzvY1wKILSb8/SN+3N
+6yOR2+8wHQYDVR0OBBYEFGakshok498dtHSxxOvB7FKt50npMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYsGA1UdHwSBgzCBgDB+oHyg
+eqR4MHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNS
+THggb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBCwUAA4IBAQAU
+agmCYpMQKrh7PpozaNQM9OFYe7O27WlMMCVh+nkAsoyABAeO7lVI/ey+D9E8ntAt
+aJZf6EnG2k/DQcpZUWwGtbx+uIDL3zpaKxGZ0x0Or6OF/UjjAURx/Hfs4iOLpwR5
+jtFG2Y55j3AQMsFtXBuocJh13pLKO8rTwK31HezwIq2le9CqZh0UzAEharNYEuxp
+x0cE04sEutiOECDVaoVPUoA3WXinaW69lc/nLKI1upWoSRslPAqn472nozcQQ29B
+CrSibOfrxuN5AwmX0VPfqyQCqAwRcQLZqhZMZu2NDTGxpAe0gJi1wHrQ49LfRRSp
+Xs5hGFBfB9kzE7VuoalE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 40 7F CC 7C 2C 8B 21 AC 98 C5 2D F7 70 0F B2 6A 0A BC 2F D0 
+    friendlyName: Invalid distributionPoint Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DA935BF2297D8F72
+
+kIAs9fHkWQqKBc6mGkdMTENh0UIAeYw6k28cbsgRsVL3TDGlRSA7ukrQrj6OlUy6
+vES23ccL/K2p7x3YdM+4/D+s7vWZU4phiu93jG2RGYK8E/r62kllwRAM8AVF0eDe
+uJvZXM3XrcW+L8W0j3lFHwM1hWXYVZiY+xGMpQH5WyNfzN5UwOyiR48/sQdUWCrJ
+meVcOmTEgFBTgRj6SdNiw8cIqRBtYSJoNYPYctPGTt4Dm0BTki659/7Cms+mubVR
+CR2X5R8/GTbb4ymvQoiQ/Pf/46VVR6iuG7nJ6n0tZ3sLAGUTDmCeBqwNKThQoYjn
+h6AK6+GFM2B2/VZu6BzvdJamw15O3fuEQJeLQr7lGzK5LbVk7whzwSEwuFkWOt/t
+6XKRCrTWF6gDhBuQTd/JtVX+Hu0D4OnI7Da5SX+sRZRkrtFduN4NrO1BHHFU6pLB
+Hr3qJYTJSkJzTCBFiOOGmXQb/uPpPZinOC3xBTILlMJ8GmTXBRil7Wez4RDyvuKn
+4UC+832/X014xmANYgbYOZfS8PBglN9DrNB0OnWgLOxsQkdI03zNu/tjfqXSaYPt
+1hu/iJJ+Z1b9f2ffL7rE7aAc7VsuL3+auL9Q7SQxAlMqxWibauoltJBdm08WDxeX
+dYRvQWnjTd8txwnjN5emJkpCa9WrfuziFLHEZTnLuuIz05rQSDbIsAD3d4R87LmM
+8HWQrOeN7fryk/dYVCrSTQAH0UT+RlFuTsQmGSEc/3dl+LdK09CuG40V86g08d12
+Qku5FAe/b6yREqZhWNlQjWolfkQzUML98Ry0mekZuWqKwGkSebYpk05S/DxcSzPX
+6PNl4M04rEM8SlyEFwNbTTweKgJ3BdVFixhp/00MeMuBN+x25/MfqVCxCOEjmZo3
+ossHKoZjpU2eUgaV1JQ5bA9t4Vz3wBpA4sXsATFcH7NLfW1NYL5lNS6bg9dGsyQ7
+U0z1YrmEcAmaId6BJbALu+9B0CKKmpCy2GGdX5s3iQ9v/U3jTCKMOHDsAzJid9Se
+aneyFZacnAmAuKSGkovHIdFRRpQ0dDt4rIMvY0zmhGy0PN1F4Q8eB9I0XIUE0o+0
+Tyqu6BTgE5qXD2zAaSi6s5/3PC0dJz5r1Zg0J0h/uvXBsIEDXqFB9/B3YS1bebiW
+z/GSFpsx4/qYjsV7kRZNG4WbGiHu0B/TZ+swQkeYBawORdDWZa8YFDYvv/WzWiP2
+503mTd5dIYsI1f2rBexeapv/oZKG8pwOQnBo+BbfVXp1xgC7Zd92N9zv4RcrXG1z
+jz8Lsy6YQLRQxuI/A+u6EBWUu/qWslbY0PnVQ1njzR+pxQKJsBV4vJrX6SFTRZ/u
+IBUe0cEGZ14yaZOqypyP4SsqlpYeEqRQd7M2KiLJQD4MGnSqkPh1zr2bt9KbKEOB
+D8jcIv5zLynb/YnDCCtTU0XKIWWMhS4nj4SSYoH42tttBmFHWAHF0txr7oqCQxoe
+SFWeYw1W2KgxosKPa0RJmHvpHviapcRJrfE8pdDaYMSKQKzr9mcCCv/2jpgFpmJO
+F2DNjtfScbY1D9sLK2OmD+NTWMO96TMTrVUzbps3DASrEmRmknj1hQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem
deleted file mode 100644
index 0d018c8e11..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test6
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICxTCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwbnDywy9lvaPs3ihfyfLPtBoMo+v
-C+fBtx91KNEmBz2ACO825iLx9Cyq+vbSLMDPiBbEbBpUtXDAXuaa6omJ1BnyVp+4
-dDmnpIB7IZm6z2mwQ1/xp1Nse1vb1zxkbDnMVVpkSJTqaTqMUnR5s9ht0XI62DgL
-ZEFlpTiBkCVCWFsCAwEAAaOBozCBoDAfBgNVHSMEGDAWgBQ6NIsF43ZYWMSHBJh9
-fh2MrF25TjAdBgNVHQ4EFgQUNTlA81m7xBu1FOhMV8hYWiP2hpIwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA1BgNVHR8ELjAsMCqgKKEm
-MCQGA1UEAxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcN
-AQEFBQADgYEANn9ezG9vEUyKzHQDQt0yQTrF9KcG5PUqzKQiaIIzKvEBLX9d/nj5
-N0wEpklLq//fxWFFPlhZS7qsDal+jjkPnccIlgIDLNAYYOXEm05+6eeXXKMKwC9I
-TdJghmMFwSDvbp2s/dnQvjOrHIexlatSbbCEDS9XnSeMmHVJ0lx7aZ8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem
new file mode 100644
index 0000000000..586acb4680
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 36 B9 D3 99 DD 92 AE 80 2E B9 68 DA 6E 73 9C AF 01 68 DF EA 
+    friendlyName: Invalid distributionPoint Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV4IgjGn5Z
+rdXDjs4TsxeXIQB2TgPlOe/PcBeqCUIlP1YAWrevsPt/Py2Qr2EYRaMGjtGGtgok
+tZGSrRRCo2cf187WWyAs3iycMhRIwfh4ZAOC/kGhKY2nsZeScqid/3tlB4HC5xFt
+fpR9Yx3KU/KNKY8qw8ecHNayu3d5Zj6RflcvQuv2LmfUWorIYBcv+Bm/lc83Tb6P
+cGem7WLCqN2AGe2fbT+IDjffHNjJyuAILv4EBAeht44bkNNGHyjkhgMxkinJmcuV
+kdwTNw8Zo4M6cFrQzYhN4nAwJknflLWB4Pkoo0++ZoAyuf0HGVq+ZmzHQv/NQi1G
+XxICk4yWBq6XAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAURGzu229/605Jf3j+zeUY
+oOy7YGswHQYDVR0OBBYEFHsvpwhX2kU3OE6JlvWn2bNsPJJUMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
+BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQyIENBMA0GCSqGSIb3DQEB
+CwUAA4IBAQBN6kTmJtDkGt05YiGKwnHkV7cbwRVAMCzmco2ulLYMXKsYGOTTfTYc
+w5qlHizxUygLyqWRByTpFWA8NXTc8VGQOrBrhtczKGdE2tir9bH5N53PcNWTvS0g
+GQr4AkCpd/aBm9WIx6iK4rK/f+B5E9TxLkJiubbbV2aWz8LUPpjU+9NxUm53ihE7
+XNg69ZhEqU1f61S6k7Rm44sXrJ9jQvD4ioC2FivP8H3NmQxNQlkxE6eo9cZqaW+n
+jeulLanRbnGTCKr38w3sjNJrWHdhserC5owK+toTPkZMNo7qQRrIvEVFiY1x8uOZ
+qPv9L26IlojDBKab6fjPOSZ6EaYaWl5L
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 36 B9 D3 99 DD 92 AE 80 2E B9 68 DA 6E 73 9C AF 01 68 DF EA 
+    friendlyName: Invalid distributionPoint Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DD4CD9F490AFA91D
+
+pDLSI0fVUz5UXLvYn5W7dr7xx00QG0G1qW/NGiXRvwwhXzA1BPKzYPqf/xJe858X
+nuONm7bsOuYWrvTIRElM1M47eRITuqdYBbNGB96UK245A/T/67C8x+yVV3r26YoQ
+rnzbreb7Lk0xoVtDzG39BtEJQ2GnKEtKrQ+jhhAta4ZhAMTmaCD/JX0iCVHK6Ine
+tHbRK9S++B6RIX4LT5vBPo3CSBhXMT1hK8i4WQs+sfYtP/Kj2mgx1baZBMlcrGYT
+5F6hK80aUeJYpVxiz4IhKkg8ssTKatMGDULSR9WiuUbWCdI4A3IT8iuFzb2yaCys
+A1rKtUrbkufE0dsn/jceYLhpbHSLiIwDBy9K1+M4RzZk8cqe3urgFgWNN4usRX2D
+eW/gS4EWmcgvHkWv1Pi3YLuU0cYmUtKzryOTInMEyjbIKkRqhTsffPdiXxB4BpFn
+R8Tk1x3MZvHtt/j1NGiWX5f8+giSqfXuEDkjKFHuotsRuEMQ8tJk3KRJ9imVeQSQ
+NIopXNxypyDurLYE507f2rxJgvRDVSSk5a1mPdXw4H1YJWtFJ49Wa4mNWT26oEPX
+tpz+ifqIiAwtU7RAOJRSdbTaFmHh2gx7PocEE+26w6iQMXKqHTsooq4W0QKPk2e3
+2TON2XrEy6oLQxcYNwVucfVCkOddpcQyXe8D0UxSkiGFppLoGPC90SFI03xwj4Hl
+CiITSLznaMjXp/t2dT5DHNUSNYn3e0h/RGz190StT0Jrx31UvHeO1NBeKdKDAod1
+x54rH5ePECBMt9Wzd2zTNbpFJfSuNP2WCWD+PGji44ICpGYJlgRsNRzw1wED+cwW
+6txxmDBXH0kudLNE5aCoIvJPBJUkZxwu2Nib87Ekh4KMYPHs8k2DXfk2txPl6evo
+rRNjDxGT8+YAMmuLAvNRw8Lvco0GsQjrIzjUED9lb7qmks8JBaJN2gYztPBq8LXa
+NWU4mFGBEkRvJI+IBLZ5Cv504ztosfcuXVTQM3yW1fM2kWQYkkhaUfMNOEWrpGMy
+epGV2SU/ZImnpQE5azAeoyI8/g6Sq/TYSZ1rAsN0eiTTOb6iu9QwQ0G2ISPWpWbN
+DriYzoGWAfpG5qElsKF9+44q95TPfOg6VKoxGGWjdNfQpduS7hcsccchbJfvOcgQ
+wL9mubUhRIsmd+80TIGmsdlkkunPCTDjrr6A8S4VCSFVMnWb0pf9Pz4E2fgzNztq
+oZ4awGu2A4f9JzPPqYGNzAEJierpDiOIJeq+a4RWmoSXqVgVJwld1J03ZrcttPao
+OWlQilY+M0+nNpGJ84kW/ClsLFdTWEek4qpkbNeKAdGSkWsszuQh13wZ5SNpx2DO
+GXELXcqTCSX5ykAmmyTNZpjIU/wYgOPVVeli5WYtnOSM7na4iZNKx0q/vkLxKwv8
+v6PC/N0K8OxmImQ59Dy51UOxhSQaRGKCzZTH/KNPF4R2oIRogu/iv3VE02g/BHdi
+i9MaUbYL6H7wy+v2qNzu+XgFhvq2pOEq6raWFFwN+UXsY5N7FHgr4YuMYLTIzpDU
+w7LBJXMtUgCPkIiv0ccWHnsMu8YpMo/GyZ1nTxASrp+ADPRU96+geg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem
deleted file mode 100644
index 2ccff7ecb8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test8
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIIC7DCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtqwbk/YTst4JgaZksbi+cItOdDg1
-ZDBk0znRRey4EXHLWBRaSV8RAAw9bNbbQEuq8IgHKD2Gny2ObJsV1WXdoGXwz/Kt
-zGLxkxN7VMH/euhCh/0aMr7sO4yRZgC72ub09FOxmDtEynuiurF5+jGJ8FoLHkke
-TMWpLls04hy4ITUCAwEAAaOByjCBxzAfBgNVHSMEGDAWgBQ6NIsF43ZYWMSHBJh9
-fh2MrF25TjAdBgNVHQ4EFgQUsMTcbBp2ScLfBL5qe3q9w9pjVuUwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBcBgNVHR8EVTBTMFGgT6BN
-pEswSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQADgYEA
-lvXRt3px1v5T+WzaqJpecpxWzan+l2WrMC4vCYTcyFyQvQKDZl2jGO2PubJTDLym
-xwenSbt7quBVMKJ9pbXkNe9gFQInbT/3+NMPsI9Kc3Ajn7cfWW8TslHPaxtG5pcM
-XQR5wls8vzdmE9pirEbf4HDsnKBfC5sP1GOAYhIt/Ms=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem
new file mode 100644
index 0000000000..791d9ca257
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 14 55 C6 99 6E A5 E7 3C 42 E9 30 3A E9 9B EE 2F 04 5D 2C 93 
+    friendlyName: Invalid distributionPoint Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC203pOwsFZ
+g4ufpsQb/dtjKIoc8xzFlvmEwLV/KKdqUOwpmtCAVzP+KVT1S77NGtErNItytt9l
+lzeDn4Kdu/Vgy19LLbjU2RPYbi0WqXihFrh2Je9lHoc+Rb+pofpf3M8Ou9BtqKRg
+pSpqR7Q/d/uu0mmlpqKXRTM/ok1ExfFJoub3C0siQWRmHRDs9ob7qQK5erpvFNf+
+R5HTEg/LacOauYWGuD2czWeZ7iYhCc1G7dAdtq5ufauPA8LzSSROvzhp62Yaqhme
+vnBStTlE01ZtT/quS5shxpcn50EaI6Za51oW49fzQoNjeCm99cXZLYfv32i7Xga3
+6jhZdZLP3NNXAgMBAAGjgc8wgcwwHwYDVR0jBBgwFoAURGzu229/605Jf3j+zeUY
+oOy7YGswHQYDVR0OBBYEFIQjF/h4qPlUpp067Gu9q64IfsVZMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwYQYDVR0fBFowWDBWoFSgUqRQ
+ME4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQELBQAD
+ggEBAFEGXuXGGGNMBSosWxFRbvB1/VkumjXFubrMkUb6n8RYdNlBiQ9aO9QsYXoO
+fRoSds0ZyFvClBV5ohPH0IQgQrBKDUmUdas9BtzACdjjeLTsPNFLYR1BiKv5iCWU
+gLuakMFiEKCJXry+DglaJPWQR63b/eQWvXuWixYxCX/urpluCvQrmTQcbhYlHzeJ
++s7Fbr+IEIsn0bpyd5fFXkuw70Yj4iYwkA3GdD5/KjHRaBWj0sfUz1RJdHzZTNce
+sTW6RZtz5eHPIIj//1G6rB3llO4eUijSTObnl8VXzkhTNyC/Ln/IkI71RCerrWpL
+T2WQ7NXT+oaKNdWkNV2goYgdFsI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 14 55 C6 99 6E A5 E7 3C 42 E9 30 3A E9 9B EE 2F 04 5D 2C 93 
+    friendlyName: Invalid distributionPoint Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D8EF51F4CFB3050E
+
+9lUj0kxhfaJBYQ1BPgfR8YhA9kjcjpsGE5na7KM4T2HOCqubF7Bpmbq73W0m1ngY
+SKXcBkURwCcnZG527YQ74pf+HZ5Ar3yrE4UVAnMqlRCzEoFEvereQ2/MUobb8lxE
+E4sPKBXCk5XJ2/xj66U22wQycB9PEJahIGSPNe1hBl6UPLdBQQ4vBzQMkitAarjx
+K2O61FdXBZdqPNf7uwoWyJhBOCI9Yf25b4+90RkQhYhWE9g+CYI7yEyujayN7+a3
+Q5Eb2By5HdituZO0DWQDmJPvVACDACFTOw4jE1uW2c4CTOldSLMoci5MlpuMCY+U
+v1ymketI9rm1wKPG+4Aagvcgyf2gsqx1Zh1f+YqkWcZ8VR/1ohplPpzS9/gVtlUu
+2xNu+KUojCseqzbwJxWOqEEqbAV1YhnT9h4dkBFGVCUNhZRieeqli7E13/+XHLZv
+z2xltvd1xBEfr5XNv5RGdpbD9L7/X8reQLHkLwOi3w3fBHAO2uw3aCt6fWIHT8qv
+r8o3mP/sJ3M9kXuLOkQaInswafzKGzvVhE7/FeGLAG3JiF365aiVpCedeYaWhTL4
+IUG1km3edyZXyAs1NntHB9WG3RPtR8jNOdbeySZp04Cz/nHYB7v+Hd+FlecDnl0W
+fUEXAAlPlRS3J66bKP40QlnW3BSh3+ESwXy74MQIoKXpMdTG6oU8efp5x6wVjMG2
+VeHJRC6WMWwSqSFlugyV7csoqcym0L5jeIw06LAl/OrqohEdZrp5kOK0S6ZIkyTA
+IiZgHK2R85m3WjGw0SGWj9qAlKm72syDDvkpkoet1CWbeQZZzF5r4MCNtskNTOTv
+EvKMsThqaI4Ao4yT4Hq98/DMfscYC+mlymvqOUYxFFxHecQ4QKVsUv5IpXmplYBS
+vi4jRarAxk8HCpwAGzZ43NSA9Fv3fLaxlTTbf36itIq1LP3h1AtapkzOoac6KXTg
+25IPi6VtLxUIFWKEwzhkNB/SLiNqAgCtriVEd/P51OorWDUFYvAZolVmks/ON6Il
+EqHWGsBIfUKHhX0dk2684PekGEAZr7g4U9/Wef1WMkCYppnhoH7tUEqIJkuuqyYL
+MEIl5OxGgeUnr140Gh7bx48vbZZPNLBpFRzWcDbi97Mw3VDxTUIg4CO3LHMOEMff
+Wyev77l9sy6cp/+wNJaRnlnlbEPKo39RZrow/awWFzJLTqee531PTaOxzPL4eO+i
+b+lMquN2KO7eGSndp14JLVL5HHZS9O9FiYoapjr7WOP9QLibL3MlbQhecRG5X4EB
+pxGIesurYKuDNirrwuG75HIqNo1lczQNpX0qBZ3WxBqQH0u9PE3/IQXLEPGm3Ka6
+2erK5KYHf9fGwGpDSe/armKLhTU9hTGXJWY2UtGg5U1jVjdQFqD7AkODMP+3Xhdr
+8pMMe/ZLj+I9Yop4A4g/BD9cEqc6gzM1GidFu0lP1DkVFTgtxaUUqU+dI0PCLD7X
+d38/olQaUKrmjlboL+GyAuhI/h9wFS5eJT9mpYcADjfZgRS3ULkcwC6vOVlC8KGO
+Gro/DBndgzyF1QCOL+uXC9L9MxPlbPDssYbqcJjyOPbISo1FfYp7hg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem
deleted file mode 100644
index 3a3eeefc07..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test9
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0/suVDtpZX4ZdGIHhrhtDHDiiy4k
-5awaeTNhUVeZhKlIDNnniPSVG5/0Q2JlWvIywo/Ch0y41j/ihleGbI69zoL1p5z8
-hh+yK51J32JdQ5gpc49P1NnVtoNSZApTJt1VUR4LwJv1/AhIksEEOg6YHN3/yq/C
-wVMoMv7wnisqqykCAwEAAaNrMGkwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFLYB9DyXTb7g1exMOFd6gOIt97g+MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-HdkglZQIYTBxilyAJvuFkSrvNo90F3wuIb0FmfVrjH6Hs147bgRF9nsp3sh/VvC4
-gf7pwYRING0tY/RV+n79U2FxHcE3MN6WNGA+GX77LcWth+s3Sa6Hr5QMaUcapGbq
-2B+bkzQUiWX8sXPvX0KWzBmbcY3Aup56MpwytlF7ywQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem
new file mode 100644
index 0000000000..aa001dbd71
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EB 5B B8 8B 0B 10 C2 79 81 7B 27 2E E7 9B 75 D9 E6 E0 DD 62 
+    friendlyName: Invalid distributionPoint Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKyk8HE6e
+PQjbQTZ9IkLDPjf+22btjiqAtAWS+6W2uVxyU6dliSHMswdSVOO+08YgmZtcRFVD
+rsw85o91RW5i4Pm20IIeCBNf+WVgmFUJ7t3uy5biH0s930zWyxkCqfyI9eKrxia9
+ej0hU1vdJ4K1L0XBSDpkHmn3vG74ARa7k2ZrlnD5NMn7UhEegwaLs8RKTCcH0kWW
+u7cfYgBD+AUjTbP6iR1ll4V7UNIGVcmyc4LdSnZE4+ihyWdwzPGp/E4ph1G6lGmX
+1knyIKhpIC9BW92e3DMCAPA7DjBVQNduGqaCIxrZ3nPk3GBVXqumNowmVb8+K+kN
+0CAe6eX1pO2BAgMBAAGjazBpMB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBQHhKpeEYEjvTDgLVQu6PXIjYv0CzAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAq
+yXgKDIVqTrgboHhLxi4heoZnxuohXK8Ag/1xFQ0DWLL0mgLemNqzrutLhWwQC2LD
+MHXbDT9B3ZgIOIgWBVDG2qV642Ln4xG5VCug+AWk+N2meTvDUaE7HtjQ9qvL4Zbn
+X+0pafFSuY1q6xcW7s2EDggf7hnnyb86LXSJwiP5St2er86QJ08Z47DKrrEkTaJY
+mx5lhCJYdtA0/pWeS4teEmDskJU8GDRlc4ZA+okCHVgU4zvLig5t5Q4tS7I8ICd8
+KtstuDiUyIdVy1MN4pVetIQO5cu4kQfCliHKH99+c/QYz3GIzz3U/9TiMv3wBlLg
+vZl51izphB8ha9hzCzJN
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EB 5B B8 8B 0B 10 C2 79 81 7B 27 2E E7 9B 75 D9 E6 E0 DD 62 
+    friendlyName: Invalid distributionPoint Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CF20677602086B07
+
+NYiiAl4fxd7wtuqSspb2fJi+hJaU2mxNuf1QQdw0Jhr9EmD+2OhqGEbaUBHXw62X
+6rONswcLoz6oawOaQtnYzbG36E6b5q1cgowCc6o4+hk/T2NFhVZ9GOaEbIq8qqXB
+iZLOD324II0VHMAU/OOkJ/l848dMiJEJTizxfiUAB5er1RgFpGF7eqqkjy4OSd7N
+q90RIhoSgWy8+wwOgZ5Wg2fdxki9Ja/UvXYuYMY5qAGFL4J1+vjggLPLD8D+gN9r
+Rgj4Zz/MWDY1brdY9xjHFWUAxvr5s5zpXQg4U3GFAd4PJZRthvw6ta6Pta5cKOFu
+yGkTr9UX6PYGjyxbnEcdKXMbnl0uAIkXIacGUdVxhNHVLxDsGN0k5mF9SYEkH0IA
+AC0B6CYLTo1ATTCqucvINxXuoV6AwbC+IbWq95RgVqxgkn94BTdGTsal0fv4QzGE
+4n/P05tqdKZYVntp9YTDGGaf0mbFmN3B68mqWghM8MEW31SB6uUqIdnZtF6FPjgg
+kKnfuIc0lTpc8YKh/UjKiyF2+jvN11v5srJ0UyUnUmI+5R6uTuYPKBbIkFydoFHU
+66iuXfLjilJMD9pw370qxTVfaLnVtDZbhyj1oX6zB5Knf70EfyClSbEHgXxwZwWP
+OhmlGxGD3ggeat+uhlETH1qiZfH9c3fUN+HDhnVC6tzBMzQmpk6Q2VGpvvcjc1Qu
+7S9wB/6EDWKyXliVBa9W5+woKPOWs5cOkuUyPKNgUhTu9dwBwnDZo9fePMEnznb6
+xJ1dIzwN7oZp31NofTiNxTKt1i2ih9Eiiqy2NlGUACuD+04CWTKvi89V/PufCW/W
+q44dEHCbm4PrLclSI/rqs7NUq5zsBMRkcgFeEe1gARXGt+qbLEV4spWBZv8DzuJ3
+xL7PQuAofN1dOHSSX8aP7NOBEWMt0Zlh8lpu0UJN8xIgLQciXrb/QXevYrXugqRe
+TdH/a3o9IqjabXbMM7qPTlrsh6D4xv6aQHmht/4gLgpPZxua2xBFDXsdyXw9i8Ic
+wPd65o00smrOeJjDsVdbCrPSCfJDUUoSIXk8G60OTSY0R0vRW7S1Wy387cF2vYH7
+LEX10/Nm81xeKzDi4cMOp/hPtGSEtCFj69eeDTVX8+oVRwRPSb/KZkYNq/JaHQFd
+uZ7jbqNkomrAK9PAnBdZAHwSlNOVZMPUWMCQOPcTP2rKC7IVrjtzmpvfvuNNfeOs
+d1x1Z3XwdhlKr8aNff2BjOlmuH+ZTaua8CJi93Qf//+klpWxCLVniHIea9ZPZ1VI
+tVeyD+MuQlEoHVuxuKnNvxDp1vzzY7IRT1uRpjV6bkfetq9LcTdiZtebTQ6sVeks
+/fzUyrkD0t2qC27lan4YlFze/0bILXeVCuGt15uyv/N9ug3Im4xQErp2vnZRpiR9
+uO0dkBnpw2b2YTex9j974Lb4CYqXouq1LwEKKlvov1e6i+9A1DI3HOA0TB7YvgNC
+p4Tq2SVf3bp2OfSTkvMfaXTyW60iIxoeuGFPfXf5u86uRBqjqdREJVLkH7Epfvsk
+KFc/qbi9cdzybWqfS6lpWZNaCkZu7wCFQX8X+ohIEQdQZjgb9gQI8R68U/KwbBSl
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem
deleted file mode 100644
index c873549a35..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYDVQQDEy1J
-bnZhbGlkIGluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALU75+fsqkoJ1rj9rLPys9PtX999U+V+
-71N40CaTnqxIlY4+U6A/BBm3iqNTQdcyEGo3Buy3OJEELx0+8jI3Sm9ja4iR/4tk
-gi9OYh29Ps0LcRyqUihECPaPFOvI2vEFJId74DFoUPgwNfPD0CzYkm1bYwNcMHwb
-0QMmUcxk8yTDAgMBAAGjZTBjMB8GA1UdIwQYMBaAFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMB0GA1UdDgQWBBRgJfQvy84RFEADVPWlCcnfV9YiljAOBgNVHQ8BAf8EBAMC
-BPAwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBBQUAA4GBAI1bh7Hi4BQZ
-w7LpH+0QxTA+hUMNiV3kKdM9vhGFAwm+UbQvTYeIDaIpDxX42Sv2j7Vw9Z9nkMc1
-UyaIcxezk4LAN4vG3WIJiO/eAFuCz49QWhE53AbRVprrra8N/Mzv0yB/8ysQ9fUJ
-AVMgwRz+4Fd2AoK0CWNHeDRUD+IN+enU
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBOzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALXCzoaXAEbX
-pgMPDk3SCu2nzrt+I18MsI4lg/0oLjQAgPsD0np8LOGHMzo3UBtfJtpV0BXCc+E+
-+Ni+ehXFWfA4BXjFc3GdUdJmn7y3F9X7XSIauTE1GSYR2+bMW/IRbmjpMDzldmRs
-WNb40N+jWAxw1h+YN61Pv0MD7Ef2ds0NAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEAMA0GCSqG
-SIb3DQEBBQUAA4GBALhhUDb9VolIM2bKpbpat4dNjGrkOmVT/HvGBl+FGwSXa7Mj
-cLgZ3WygZ9gil3l7X+wL7lM9zKpXljV5WNpX+58RclQ2kK7Yk4qcY0tpPEUn8R4/
-9yg64Nferl/2gn9W79ODU3BiBFF/GiAJJ4SiwvLWl/JnPDoQuJv67IS24+Oa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:40:98:60:08:E6:C8:FD:5C:D1:D8:2F:0B:EA:00:EC:1A:45:06:CF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        60:ab:a2:8a:e3:22:04:cb:95:4a:c5:ca:68:46:70:0a:d0:31:
-        b0:98:cc:ad:4b:23:8c:3e:fc:b4:c7:7a:93:0d:6a:31:68:c4:
-        ff:30:37:7b:5c:48:01:6d:e1:85:f7:d0:9b:73:53:ca:62:36:
-        00:5c:29:c8:af:a6:40:62:d5:f5:af:32:a9:4a:b6:a2:a7:0b:
-        cb:bb:72:2e:3e:0b:77:64:17:8d:2d:59:2f:fc:cf:2f:1f:a6:
-        77:83:9a:7c:68:b0:15:f6:5a:63:67:74:b2:3a:fa:74:b8:d3:
-        a9:70:e6:87:04:bc:4c:79:ef:c8:b4:31:70:17:ae:f3:ef:ae:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kw
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBSdQJhgCObI/VzR2C8L6gDsGkUGzzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBgq6KK4yIEy5VKxcpoRnAK0DGwmMytSyOMPvy0x3qTDWoxaMT/MDd7XEgB
-beGF99Cbc1PKYjYAXCnIr6ZAYtX1rzKpSraipwvLu3IuPgt3ZBeNLVkv/M8vH6Z3
-g5p8aLAV9lpjZ3SyOvp0uNOpcOaHBLxMee/ItDFwF67z7656Ow==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem
new file mode 100644
index 0000000000..ba817eea6c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B1 B5 95 BF 5E 4E 68 BC 59 6E D1 37 D5 5D 8A D0 31 AF D1 F7 
+    friendlyName: Invalid inhibitAnyPolicy Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBm
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE2
+MDQGA1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRl
+IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNW1wTtifNXg
+S/7/6OTB9nSbSKSw2BLiidrM8x0nGdCwUY++tWaryTAV6tJVLmfDOSrlcqgNgubo
+U2ufM/4Kxrkt4I7I8V7GIuXMVSOSG9DjroelJDTfv/PKfxd/Eb+6mV0lrfempURc
+27X5CfAfKmM22sCPohtfBzKwjsi22RA5dZ6nlUygOhrJgvz3D7/3Gzrrnt+fEtye
+USyq+8nR/zXX+JbOi9gC2WsZMvyRb7pR5+9Lu/qQjXQldZaY+trrEfUmLRUmrxUZ
+CwFjs3eV+vObbmsXnORZWwuTPhw/GBMx227uefpgnZ6x1uJB+YEitiHX72MDkS4q
+6I4Y8p3y2wIDAQABo2UwYzAfBgNVHSMEGDAWgBQYoKB6av9qnYWCJM3DJoX4v4o3
+BjAdBgNVHQ4EFgQUBKSzfwBnruEoSD6YjRYo9lI4/ZcwDgYDVR0PAQH/BAQDAgTw
+MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEARGD3khHtk07o
+014aVan3Tjr0c4mX7zn4cgm4Vgep+/DOtUEcV44m13/YZ4KjUXR9zaHc8OQhOZW2
+oWCAaEyL0Qw4im0m5LVWkKhlomLU4TJPT34u6m2xlURUwmcUkAaaKf4Jpy949zH6
+x5SFLFB0VCWUgsxSgIgTI0cdl1gnd8WE5nsc3yUKbC/1HRscx0RgjH3y0UFE85FC
+fkcICoA6prUdt2Q328dRd+mY82AI0/lD4Amr1gvbyUC1M0znxTsCZPNHRPQDVqbx
+rQLcUDlh4004RiOEkfPyvm4OsfTD8df7euRyegy/gPde/vipEYQP4bARJalAC+ae
+/U1rEo3zNA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B1 B5 95 BF 5E 4E 68 BC 59 6E D1 37 D5 5D 8A D0 31 AF D1 F7 
+    friendlyName: Invalid inhibitAnyPolicy Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,83990521C98D081C
+
+PVZi2XabBgzng1zcjU/P0sUAiwIEJmPAIQAnbG9kzRvv+a1qFXm6LvXFsW/lb+aO
+hZPOcBrO4ABhZl3ctCHpMDb2oHpQ2HxA3y2YgS+LCm/+VR4LbO3TCTmcuX0oKGWD
+4wqbJQKmKLzDiXNDvZYm/7FMmFtp4cXVqECiAEAx8peRlfEj4YvfS3vQMXWbLCK7
+v06Ge/HJJ5byyhIxRUhSMSZdPuhZLq6UYw0wAdpW99f1gEv7GPY2MVPxJQ5pDE3g
+4xeRGdWAYdUSPi/eSj3JDQucMV1ujm9DfAPxc/LaRo+nLcy8FCvrw+HmPBL778Ic
+cN6ryTqjzsQacPrhtvzB91BbMKgKRM2rgPafgmSmNBcWFE++X5OJUQe0/4liT4Sk
+tFUd4eahfXj+LsXoqlJa3l+jTTJN68OivyHNesJm75mRFnTkURs5gNBCwibs8wlq
+SSDkQlUEKXs7/6Un9hpZj3Xb5Uv0jhXpAz5iNfOe6+z/nLYB52B2cGege0NZPNot
+4738AyHrxPIxYanLiFZCMA+X5tdfc7sgMi6siY95c3VdWwdkVVk2oYxJ0QGYR9/b
+D6Si23/trJZOVbfIkqqOYTR75T05FJA1p5tP1xfKt4+/dcJ4ZO4q6dsEvAR5RGqG
+VPpRyhFYxGBqLwncfYqH9C+vZ75uWyJHAxC6G0DOre8h3KUOs6/DsPBe19c99oUR
+G8/65pMxrGrEcR/T79CKbcF8zEMC4xexP+JAvbILdEMO4b8IgfPlNGZRjcok0VZ9
+Y7WAOlOr/Wj5qkUKmHYbCHb0+Y2uawZW3kA+TzBXvAbddzL4gCELIo5IFig0qG91
+6TJyn5EmmAy3B8J8DFioZBdy4zYw9m6xmpElGpSzFHAQodqCNlREiwihhG8hI2Eo
+zgVtKMPoY1h/722M5kMZnQ33Y30pi7Dqo5Eeph07pI0G5wxJ+SzyKoAqj623Cdz0
+ofxRLoWb8g0BVfJ/S0kkFhgG2pq7Z9/huNCBySk1SHwT+wqWXT4l2AD19gvSe3QO
+SgVv2igWo3Kc8ORbYxW69szAescLoee/50Y9Di/uTNaBd7/KV1BVaPxocVFNReGf
+17nZdjRi9N09FISZ3kRLG37rl7A1yp8ihdqbsVRXo+TSsW3K3/mjdkJjhC7IveRu
+07nSM+xo8BT4Lpvd8cOY4nxTJ75r159Z6mRCeTDFsarjsRg9ZZk9+qvLFiAY1JvD
+5IDb1zpVeo6NKTIbD2u1YrArI1HR1A50XGS2R9ywSv545A8imQFH/lh8rJdW3KQU
+BY73YnJVg/TlueyKzIi2nG5+S076S3QIXbeKegtIoELxMNvMogZG3UoGN+MtRVtJ
+pCK5oBbOg3zgsBtyPYBu4RLx4TYUBudsZdwa9YFmf0OwtKYl1GVoUoNeAcoZRX7S
+DRkX8PLWdbVq6f3n3AthHZlGp2T36yc2gFU9JOupUb9iXutML3cHpBelfBhmggBo
+5MIoQKb9huNXTJV4WR4tV0vGKqi1gkcsJm6kN8SpxrgyWqKPl8GWxc7oWxSVQRjs
+d0c0xL+s6Ffz8kM8dHl2O2SL3yFHdH4IF1CJV7SfwRTqF/r/g9SIMg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem
deleted file mode 100644
index a81968caaa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMvuM5rrG+hunxSZwR8TVsLND7teVaTAzIxbnJv0xpVvawDeQiN1A+CIdJH8
-TUXrgcfdU+E04StBCqDRBr1+DBMt/PuBDS/I2PcKqBuP6sfkSDr/lPYkbRBI8wZ9
-87H/ke7seqh7cSVORfqg4KupdEE3i2gxONHlTT/7XV0C5aOlAgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFGbbtZTHBcSzPiuRud/IqNBNKzREMB0GA1UdDgQWBBQpIHiUjoSQ
-KUJLfKsOgyq+NVs8FTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuKZUyh6gvU8Ab5pl
-P79yddRQcx4G1navwUD3YSS7q2rnmqY2ucmHX8H1JsOhQUqvLL81fIqAkWPANAmQ
-K4NU/ZSkkjtfTcJy5oYsVXjz0MyLKOwrt52j8MLZsUW/TIf5e57kPbORC7RQhEr+
-yMDT6AY3En8iF4h8mqMhwnQnO3U=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGEx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE2MDQGA1UE
-AxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3Q0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCulajzJmaByVbyDkLDGhU38CXN
-JW16bKIyjnbsg1tPLvigEcShDVU6jXZt8gRlscw+5nINvdOEYD9l/0QEzonMhVRP
-0GFT8aToKcCcPBlmhIA0PJqChMNZBGp4uitZKXKi8F8lGo09eB84V7bGs5YvP1LK
-J/G7vkncZXQbCUaX0wIDAQABo2UwYzAfBgNVHSMEGDAWgBQpIHiUjoSQKUJLfKsO
-gyq+NVs8FTAdBgNVHQ4EFgQUhUkKnqSDJde1NS49+ClAYeMS9kswDgYDVR0PAQH/
-BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQDK4Dok
-Sw1YWZrBgRIF5omNPAn9ZimPP/+5QRuYz42bdOl0F3v0uID3CnVfk+7UHbeylW/2
-n2KlU7OeOk5/B/FtFEm9RFaQIoeMkZadszaleUIvZxkrYkkwd///I0T9LzBBKUGV
-gDbif+oCGUYlgqLCQ/aXPDWA0mHKwmHD3FdRoQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:29:20:78:94:8E:84:90:29:42:4B:7C:AB:0E:83:2A:BE:35:5B:3C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        75:3b:42:7f:44:c5:fa:ab:b2:c4:63:ac:10:89:84:e0:50:32:
-        4b:96:80:48:15:1d:19:1c:b8:49:6d:42:c3:4c:b4:bd:a0:29:
-        e0:14:56:1a:1d:df:92:90:19:27:a0:b7:f3:1b:7a:32:32:2d:
-        cd:ee:29:38:d0:75:8e:8c:51:9d:02:7f:92:a6:af:08:ef:23:
-        8e:bc:b2:a6:47:36:d1:9c:e6:dd:4b:05:55:1c:56:47:1a:40:
-        67:4b:01:bd:b4:d0:74:12:5a:97:83:20:d5:4e:a7:d2:bb:ad:
-        52:a5:ac:13:44:fc:95:1f:d9:70:fa:a2:05:fb:73:e2:9d:15:
-        61:ac
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAdTtCf0TF+quyxGOsEImE4FAyS5aASBUdGRy4SW1Cw0y0vaAp4BRW
-Gh3fkpAZJ6C38xt6MjItze4pONB1joxRnQJ/kqavCO8jjryypkc20Zzm3UsFVRxW
-RxpAZ0sBvbTQdBJal4Mg1U6n0rutUqWsE0T8lR/ZcPqiBftz4p0VYaw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem
new file mode 100644
index 0000000000..1c375e882b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 94 63 D5 71 32 01 BB 1C FB 48 70 19 F2 ED 4D 8D 71 71 2C 
+    friendlyName: Invalid inhibitAnyPolicy Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNjA0BgNVBAMTLUludmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKOzb2us
+Rap/gcyEbEwwK0iXF70rX0khyal5XsZa1RjAWbLF+wifYFR/Y1Pee1seu+5+Y9d5
+Y6OlpDWYZd81RunoYs10UNfSC+MdbLEJrqKsX9Ol/iDg3PaGnsHHqJPkPpnZgCxM
+9KgV3SxPXgg9UzDeFgNs142NbrFeCUjtU4s6Z3h4CRNUG08DTB06aq5c5PWnNJDo
+HGXkssX6+seFinJZC1S4og/wJOclr0g3+6rBw6aftcvQgsUMl1aeLe6adl9yLuYt
+HMopbU0wbgiGeNyjs/Z1/sZZ52xrsGCt6iUMZ6i+EAEoqCrwhNMG/zRUSDyXN3m4
+9lZCX4HJh9VGHxMCAwEAAaNlMGMwHwYDVR0jBBgwFoAUdKDVWNkrU9IrsM1dccah
+v0OnyBUwHQYDVR0OBBYEFBIkx7AI9TiDfo2NT4HTCl44Z0KyMA4GA1UdDwEB/wQE
+AwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHhbECZV
+VvZ3I4PTD5AZubZbJlT4CrJXvqc02fLFqiG5/n/XsEwIBAPBiHw+ni6N/10w9Sl1
+SZxkONAMLx688plmbZl1sq+uWVLo7Zn8oLte1ka5di5YteBL3Q9xgxTiT/n5gLip
+AamIJ2+Sconm6lw/ox2Bwk9GvQ1V9BhTCXZYpA636a2qwhgsgypHcvBtxxo5dpAH
+76B1+opjDl90vtMmOLYZ3DDmE05SdQOW3hu3FyOZWlo9hveSKp1jCpI9YTBh5xs7
+YtziLdcidNDuWF5qCrkAfJKn2bVIgWCV6QUGsa68tMzM2tX9PDEIulsjIrEy7TDE
+TWdj2tcah6t6zqQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 94 63 D5 71 32 01 BB 1C FB 48 70 19 F2 ED 4D 8D 71 71 2C 
+    friendlyName: Invalid inhibitAnyPolicy Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42A99473A944A1DF
+
+5zr76H83m6KniZ1E38SpAkE9Ha9JPtTrSaRfDt6p7We0CbiD0BDdBaTjy5iDnp2s
+CRAnwCuzfdLZNaYtc29N55KPfdWDoxp2uk9AVYovCPtWI8gPS5q9WUVw//MniWOz
+EgR13VdqTOMeW74wYvcVt4TBtTPZ468EbPUDSnrHU3htehvudOojgXKw2oeTpbVJ
++Yh9yWJoRUIhxkk1IoDK7+06Fb7Uxh29HdX6ZWxp4LPbgjB4iXV1bIp/5Ee2p0W1
+dhKu1RE7F1IPRdRG2JGv4LBQAPu/Roq68XvUNjqcnnTLC9M0d9ukTajwM1fcLzj6
+AxW40V3xT357tY34Swh+WlXlogfymD+dVIgkfS+lPPYhJxF0QpuLWLegIyRrbiVH
+ssu2p2phv+MjkcwKiMBWS92cJ8ev6p1E9yD8U+43Ri9TyES4xtz0EerJWMj/8AQ5
+PBBq4kLflT95PxdUlltfl9vpQE3USlOSCOx0nTTU0lOoKxRcVWmeuDPDF6dAAqEH
+vIW6SYX919Ty5glcLTxD4kyBKEZowecjsxxQHVSWL8C0/sZJaNz4JYYaUILgRcXO
+Vchs05mbh3d3Z06jDPleBCGAelL9hDZMlt9nIVqS0TJL1VtsuWbothe9npeDMv57
+h/AxQr8RCWMzslIKRRKsVchBjHfVieu659Yz6c0Ot3AH3jGNCn9L1KRjHZU9oAN4
+xLkw+iGgrMVvefiU3WW3BnDGmw1bjjIVO+sQl7aihtq6HinhLixYd8AMlgivsjVb
+RWWHt4NBBkizbHv2lRzwZOA1KNtw7RABmmyz1vbSQ+I2VGsyApADcRZMuYb7CnSs
+q8GsLhNkI6cag+RqDu6Msqs04yktB2mJOdg5oxYHhubfVGKVp+J3yhfcmHHY5/2L
+kiZRA0PdBR2CxS1CrDIme5ML/mwLAw1nbQatGnJIihey9wgalJ1jPSMiyEMcA2xj
+0p4FHsWGE+cUtRurogz+FjpKBlagriTqesnEYOsMRXM+Z8wyKoGJXmoB8uZCippa
+wdsb0k3qSiyZitrs4ZAENKza6BQJGM8+27T5jP0HOjCM51imH2jPgHFFn6Q5XjSI
+mpZ1mp5IGF3qMAr1Gi3/aDZxSC3Q2QWC9Mpd9gsyjZdAhFd+Vh+3BUmd106/LI74
+qBsGGd2PcWW0S8e7wq3GxPqOOvz4UPfCyYyEgaAoteW77ysTDxBcRCDv322Yvz+U
+FDWH7her6L3SraX588aZ+sxqRH/NLoTKwf288bSFJTXzIgYbt5NYR+pBSip1gjpz
+HLISC/jUtDUL8WSd1YLGjwe8J3bay49F9vsODmrm6w7yKyNbYvzxqHHdoLPtLLSr
+UHRyCQsGez2cxJrR9YKdyD/wkY4TvK2S7aI+C2dt/Qk4Eh146UHAbjupe/ls6jW/
+POPOJm5z5huX8D5w4lGnAP3/8++8RTabbTNuQtbVVZP5bAN2raKJbR2e4QibZHrC
+U1u/A5xbd9Wj+8R9fSH2B60f7416QVzyZ547U5QgI6T0M6Sm3fkFUFpUO4f84W3j
+Ep0CV7eKYtUwFMLZDaim8rcahMN8RJc2LOwfElpKA5M8fLEww34pSzHa6vpPoi+f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem
deleted file mode 100644
index 20f42c20ac..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGmluaGliaXRBbnlQ
-b2xpY3k1IHN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-YTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYD
-VQQDEy1JbnZhbGlkIGluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVz
-dDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJx+sbJu7vInzoWetJ2rz0L
-6GPGRCd/xtyjMfyMSExsWdgxczZPdBMn9ON9XI/ASBPwvhcoq2pB9VqD+g2X9tfV
-y7usPePkKYweFOPmIlrWZb9tAEfTgwkoHYiWEWazYt+6y65407713raA+9DmYQgX
-m9RHrTFiSVJ3Z9RAtBEHAgMBAAGjZTBjMB8GA1UdIwQYMBaAFHMQBPkM9GScsvEb
-je+3VaqkohmvMB0GA1UdDgQWBBQTUueG5HoT3TWlqqICt/b/VK5ROjAOBgNVHQ8B
-Af8EBAMCBPAwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBBQUAA4GBAEp6
-lUPLqrzZI5cW9d33rfE+6PJIi7fI3T6aRuc2eG0GuaiGnwOJvwDXA1uHC2GzbiJZ
-U61janUuTgxWCdE7uDZFU7f4M6Ws0V/RP0BDzWca9mLZenhrmNFYwCp+9ve9QMMx
-6WjbrV0PBuEStbrdAH4wRquSNws7JKnHrpW2O88C
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF2luaGliaXRBbnlQ
-b2xpY3k1IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQD
-ExppbmhpYml0QW55UG9saWN5NSBzdWJzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEArf8a4YQqh0caACibKN+ne7IKGYWnwL8N2E4534sCUjlfic+5O3/s
-ELf3kOpyOfw7NMoMTXQcsi+9wtB24eilTbHwdStKU/Mt15FCe5go7GepA2TbdomL
-3mKUocf87YN4pZc8QBPA/hs5sYPbnCx4X2TK2oCNCwvfUgWWhnCN2mMCAwEAAaN8
-MHowHwYDVR0jBBgwFoAUSndiWCMHosO57sdu3+0AiYhNl28wHQYDVR0OBBYEFHMQ
-BPkM9GScsvEbje+3VaqkohmvMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCG
-LcmSqA61BeAN21ekDRt5DAa9UGDAU8Bp/txAT+4H81/dzp5710w8QBHUcViEoL7l
-Znf4/IR4isqKlRS6ctmN/K2BRJ/19TQiYN8JiaZQAluzpLlgMUV4iC+/JwZHnJZu
-2c4mhWPSSBfUqHME3sp4dQxsrZNou/yOwzhTjmsNVw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3k1IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdp
-bmhpYml0QW55UG9saWN5NSBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAqzUjeD5TJL7TtPxRXU0nMcnBDmkPWyIAC1pNu3Tv0XwSE59I5Wr/Ytc+wMkJ
-dM4d1IFPKtN+MlzNv4dHwxOQrb9Fi3ItNVRIOLRIttgQFMvCWl0FTh9svTC8NIUZ
-lKD8zzDoBGD2ZEwHTYX1qLzneeTf3hMN4AyvxDVGekJWsdECAwEAAaOBjDCBiTAf
-BgNVHSMEGDAWgBTGAIxxpplipn/SVG/ybgTKMLU6vzAdBgNVHQ4EFgQUSndiWCMH
-osO57sdu3+0AiYhNl28wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GA1UdNgEB/wQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBABOzlfB8CEJvHMdfoVtuMRmwTdF+Ypyvb6ileMKr9P+8j4gRzVgr
-jZiHkH/a8ODtOat8ADR9USeVUAMIv2LZnw33x6xKWCZNJCwPysTVz72PLIPQ+2c0
-yeOayIZxdJb9hidU7BT4q6FdbFecUUgSZS5FySOod8WI1jYTyHNEZeLa
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJDz7OZ8u34K
-hjI6cDaSvyyjIWPPGVdObfPls5iLOT434gz5hx3uyX17mOJnw+/5rOgcqatRDJ1I
-mAI1pl0ZUVaaattiyBifI6LONlUpzVOmtr6yotsGY0DiCmtKBJh4geA9jQl/UCou
-of64Smt1vsIL3SqiWkqCg0XFrXpTCCz1AgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMYAjHGmmWKmf9JUb/JuBMow
-tTq/MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEFMA0GCSqG
-SIb3DQEBBQUAA4GBAGt+M+PIMRTWFAO2C58l6vCjg40P4NFF6B3LWjGcpPnRDYP4
-injOp/wD4IVvnXRpIFOq59qlJzmOJJDxCHGB11jkkxJK0v+pi7gvDrDw2av8wznR
-K735aiuC7KCpEy7tQ59Ive9M8PPOuQ+Vd3CgKhv0GuGNb/6M+3cojz0fCNx6
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:00:8C:71:A6:99:62:A6:7F:D2:54:6F:F2:6E:04:CA:30:B5:3A:BF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        4e:c7:09:29:78:ea:ef:43:a3:de:f8:6f:a5:b6:13:f2:ac:8e:
-        93:7b:ce:f9:4f:12:e3:48:f5:f5:1e:47:b1:39:20:b4:ce:33:
-        ea:bc:72:c1:11:a0:ab:75:59:68:03:68:dd:c8:96:02:1d:73:
-        7f:fa:39:9d:2a:88:ce:53:d0:3d:73:27:d3:61:6f:d3:75:01:
-        f2:2f:f8:02:cb:d4:00:63:71:eb:0c:84:19:10:d9:ac:48:6d:
-        77:8f:3a:23:36:9a:63:98:4d:9a:16:bd:bd:08:1d:77:4b:59:
-        98:21:d2:89:fd:1a:f5:f0:70:86:40:08:c5:be:59:5f:de:a8:
-        fb:f2
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3k1
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTGAIxxpplipn/SVG/ybgTKMLU6vzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBOxwkpeOrvQ6Pe+G+lthPyrI6Te875TxLjSPX1HkexOSC0zjPqvHLBEaCr
-dVloA2jdyJYCHXN/+jmdKojOU9A9cyfTYW/TdQHyL/gCy9QAY3HrDIQZENmsSG13
-jzojNppjmE2aFr29CB13S1mYIdKJ/Rr18HCGQAjFvllf3qj78g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4A:77:62:58:23:07:A2:C3:B9:EE:C7:6E:DF:ED:00:89:88:4D:97:6F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        86:aa:0d:7c:0b:72:97:47:34:6d:6c:97:58:2d:d9:6a:0d:c5:
-        8c:df:04:31:39:f7:22:cf:a8:20:3f:06:71:91:7b:72:cc:08:
-        ae:bd:b5:c6:21:ec:95:a9:7c:95:8a:4d:b0:f5:ab:ff:0f:bf:
-        5c:24:8f:01:fd:f6:1b:d2:08:61:ef:d0:8a:6e:84:29:cf:6c:
-        32:bd:79:b6:bb:e1:cb:71:c9:ef:eb:17:14:fd:ca:87:4d:c9:
-        54:5b:47:ee:f9:39:c4:9c:c2:fd:64:0e:2b:66:8d:0a:a8:6c:
-        83:9b:07:e4:fa:5d:8a:34:91:99:e9:9a:0d:34:60:7c:0c:20:
-        ba:44
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF2luaGliaXRBbnlQb2xpY3k1
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBRKd2JYIweiw7nux27f7QCJiE2XbzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCGqg18C3KXRzRtbJdYLdlqDcWM3wQxOfciz6ggPwZxkXtyzAiuvbXG
-IeyVqXyVik2w9av/D79cJI8B/fYb0ghh79CKboQpz2wyvXm2u+HLccnv6xcU/cqH
-TclUW0fu+TnEnML9ZA4rZo0KqGyDmwfk+l2KNJGZ6ZoNNGB8DCC6RA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:73:10:04:F9:0C:F4:64:9C:B2:F1:1B:8D:EF:B7:55:AA:A4:A2:19:AF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1d:c7:8a:0a:91:d4:7e:b5:29:3b:00:db:72:e0:8f:61:ef:9a:
-        d1:b2:cc:11:bb:06:bb:aa:dd:6b:aa:76:8a:44:f5:57:b4:d2:
-        ae:b5:28:29:7b:eb:06:a6:1c:c9:de:0c:61:d5:f4:6d:df:76:
-        ee:9f:d4:00:6b:29:2d:15:18:e6:cb:02:52:4b:48:38:4c:b1:
-        ed:4e:50:1d:60:68:92:85:86:b5:fb:98:d5:b5:1a:52:ba:a1:
-        7e:d8:22:fe:b4:f1:04:b6:8b:6d:cc:5f:1f:dd:25:a2:a6:42:
-        f0:13:60:de:bf:2e:fb:d6:38:dd:ed:ec:ea:7c:dd:5d:f0:a7:
-        4a:c3
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGmluaGliaXRBbnlQb2xpY3k1
-IHN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBRzEAT5DPRknLLxG43vt1WqpKIZrzAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAdx4oKkdR+tSk7ANty4I9h75rRsswRuwa7qt1rqnaKRPVXtNKu
-tSgpe+sGphzJ3gxh1fRt33bun9QAayktFRjmywJSS0g4TLHtTlAdYGiShYa1+5jV
-tRpSuqF+2CL+tPEEtottzF8f3SWipkLwE2Devy771jjd7ezqfN1d8KdKww==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem
new file mode 100644
index 0000000000..a9363a60c3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 86 77 29 4F 2D 37 B5 A9 F8 51 C4 B6 73 CF 2F 85 37 6F 80 
+    friendlyName: Invalid inhibitAnyPolicy Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMaaW5oaWJp
+dEFueVBvbGljeTUgc3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBmMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE2MDQGA1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRp
+ZmljYXRlIFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA195F
+jNz2GSpq6/NfJwsI1oWaPDb/TIRaMvsEhof4Du7/nnHZLHEKCHncySsw3S1wqAaf
+gJCqFiOuUUQNc7KORn2p3OQjnQ6Rx+bqFTRFhUopVriqtIohLh14uvN30gZCwz4b
+cw7uw2I5uEzPWVZjF6gnY3p+mVHCRR5+rp7glk0TIzOUDK8nvu9iUUPB88rRwlm4
+4CwQZPMCnd7+3TEcX2Z53do2w7OStN/J28/tuEO7CMwYeOFZZ+Umy3xX6fD1GHTa
+d3aeqdKGHpTs3UzKS55z++st87x9o/9SDMzDhzuiJv7eVtW5w/df8B6YCXZajDq0
+D7pcygmL2EZsRbvpuwIDAQABo2UwYzAfBgNVHSMEGDAWgBQx4T/8Ym6AZc2peRAA
+K26JWugFwzAdBgNVHQ4EFgQU7ezFAtleK5pOd1B3fpcAOhJ7b5QwDgYDVR0PAQH/
+BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEALvsV
+SM9/5C8mjAMEOnsUzL6HCXvgRuQ8nHmTEDTOThapesSndUMoJQMPlXlCbeRP1apB
+zUsPuavZxi4DAmSs+xdge9QLVDbVzf6uC698FeHXKMoVs77HNKFQOpWATB9J+1OL
+zgSzZYGdrFQyYl8rQFdrpXTguzMDKAbCcyQiSoSGr4zlHg2yJXUP/nxtgsDVqYfF
+SIpduRdnil3dV5h9GH/74QIqBZC/9sKO6jVnxD0RbIc64nL35LoVlMFSke4UBS6Z
+PmcQzvnfMtpK4Gi3v4H8btSpKstdIt+jgUpgz48xzejGlaRX5Ad0MNgNjFmN61ib
+XANJSNmGQZWK4w1woQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 86 77 29 4F 2D 37 B5 A9 F8 51 C4 B6 73 CF 2F 85 37 6F 80 
+    friendlyName: Invalid inhibitAnyPolicy Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,56DCA0D712C9A6A3
+
+k/kKgh/wqFfQslGzpJ0/Vqt5MnfjMpCCf9qmbLS856/K48AUhDnY2bkLrC8PP6cJ
+/aykfk4CNZODl+a8xh3G3CBdKsCH92VNhKqtAQdNHVRNJJA8CA95LsftMhUZ9ajM
+52KWmXbbB1H/wCbV5ZcNtvnDtTJGGMAOmYBvxpynP9+aVlFuIWiDYdoINv2NZR/K
+Qixw6k475ERS8nixxNAOiDtoZZ+vy4xSIIrMzkkQ2hlqklrzB47uBn2UORtUuot8
+TDhpNo864EEKb2lvRW+AQ0EM3zvpO4Px6vOVvS2dGv0eSDsmNWZh99ZABtu3WHPX
+3nAqQTSAI6zLmRLVq9rCeD6eX0YfvdtRty8eqJbVp6N9pz2ejudAfX3bx04kmXK9
+CXlqOyXo03iprSe8EACZDFvB9p/lCS1MCkNBmq829zC3VVyGjSMNP6JJ7+mxkhwd
+MnnjJ8MjR103FE7gxnsE/68wrJN7o740yuV5AE8axxJtaGpafjc/D2KlfXvxnjyV
+078BFgp3u3lFHPEKPEwzJePvnbC+yE7nxUbBKoLyk58+0ge7eQAbgwyLLsQws3PP
+nJukh68PubJEXveMAK5+o4pVqEG86EcCwRQ2M/VkpIPTcw4YIZaS6BlbLqcvCLL8
+QSg+N15RsegNJHq37Urdq7gXLwoD5EHnPWn3DjL8sqDr9p1EO8Z4im9fE8aCMaW2
+K3zOiIoAWlZEHTrjkg2gwcpbCMIuB6wlxm+4sF5coUdcRAfVzPO9c5730xA9NSHc
+gdkcMooKrte2HqrpRxI3qR+J4501ND1YIIdnJS//ebKVy1UMT/m9/+8Hz2i9h7Bh
+vk2xZE+F8XW8GVDftCKCi4Hhbo2DLGQSNYjfpqPW6M0chdtEFCECEJTohso0/2hy
+OYq9MChRUHpsYf8r046lnB/kiKHZBB/Q/9wLeEUC1+/P9WPBlPvUONJtwVl5hWdI
+lwxy0dg/gvo3SxVetYnbqQIz4RrHpQj8bD5OInUVkzXdy7ESTj4pNb6cJjZsW/ym
+7thBFsJza/XcWPuwvUB53YHy40SqqYUJ4LL/yEYB5SeDZv2ykPC6W/p5f1kGzGMr
+wIWKxzoyfRuEbHM6ckn/kZ+qVzGUJl/ErPwl5gAZXl67Y08QS8AdzvnJ/niUty4+
+ia3Q9KgssqS2dCQgXkGNcsapVk3CH/7srxrB7JtHnGok2vr83+JaZixQCN7iXaDD
+tHNh+ODJ2h+Pq0mWUr9aX4AA6W2ar0JMOdlEoHQPpAnDDVyVX99oVkqydASefToX
+i7rPun8430TLGXmfD1Y4Y+6EvhioHgCkTgGQur9yhqf8h9BGPVULAfzjiBj1blwS
+6sIMn0u3PwuoekTeW0E3Dz+EqoYsoTE1HigHnigt5iwG5+zJJerpzCPI00JiNgYc
+GJRAchiiHxKSognw4rjOQb9ov0XmN7YHYXk3jQyhQVuw2eHeAvKdnrTSZvGtzI0O
+8+l3bQ45GlNtsjpNohUBw9QKyAELUHGrPpZ9YXJxmN8PMYSywL4xIs8pCc/3nmIy
+ApVjOExkqMfFpVv1r98zVuAJvgx5b6ANgCWOKd5+gud4h5c0WRgD4S9kOppwwyMJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem
deleted file mode 100644
index ed99033596..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBSUFQNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE2MDQG
-A1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRl
-c3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmovuW9G83CLO5Kfr9ogDW
-3M2PMCzM46Btwj9BIzBg6T+Z0toxnoHQHTRXf2tp8Nj5bLXb66AotgJeHWXGrGxI
-Kjx0w4OKRuhiBVjMsT7gJmbmJ9neH+D6gfc83LPzHtMNrH0OPlfAEiCXGfTeHBug
-bMfQlc3WJ747aWkIv54emwIDAQABo2UwYzAfBgNVHSMEGDAWgBQFKWMS3ubCghc9
-e190DHOosBJvaDAdBgNVHQ4EFgQUswzkrq5gD2HHDjnsZYw9qjeh7WEwDgYDVR0P
-AQH/BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQBl
-Ndj1mSjoh6od200M/46rSMjCcoQ92FMFygp/7mEK3MomCWTKikCKTp1xDYS20vE6
-R2hCQlhkV2nRYNoSLvYM88uba0diTZDbX+txbiJ1DX82U9f0/zpXhCVLxc962ftK
-ZneaZF9AzYxqTvGS1yOwGFV7jimzg4ZdSKWcUX44+g==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtp
-bmhpYml0QW55UG9saWN5MSBzdWJDQUlBUDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANW9X4Le7QZci9gVhxS6PY2u0Fxe2EtutUH8zZO66QHNyygwW510D4dQ
-tOvvKfuiS+Ciu2PV2zjc2AcL5U1x9j6hGKIl7NbVFo+mZbBV6GzWLP+oaTy8oz69
-BNSDXwFW6FPTOQbaiyRa8f4nXVFl3QQYM8jTdGGS9lalXnxusSE3AgMBAAGjgYww
-gYkwHwYDVR0jBBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFAUp
-YxLe5sKCFz17X3QMc6iwEm9oMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYBAf8EAwIBBTANBgkq
-hkiG9w0BAQUFAAOBgQCzfOac7wbFryN6VSS2bfYlcBtdLypBJugZaDururS3VvRk
-Y9SVSAQSh/m+ydbzhZ8LyNw7e7Uj4mjGuyFzznlAHsWxyO0JTPbhUwutJ3QrQhJW
-kIbsGR97otFLnmhZwotzU9dr0LhhJEqeyrM64zPoOT2SyhbooCh7Oh27eUSSjg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:05:29:63:12:DE:E6:C2:82:17:3D:7B:5F:74:0C:73:A8:B0:12:6F:68
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        cf:a9:d2:6e:1b:81:59:22:25:1b:6b:2a:df:26:ac:ee:64:cf:
-        2d:65:1b:ad:15:43:22:fd:7b:ec:84:c0:8d:4e:b1:17:dc:9d:
-        ae:d3:45:ba:91:2d:b6:7c:be:a5:80:5c:d6:e2:89:80:fe:54:
-        8e:15:90:f8:dd:e4:0d:c6:16:c2:24:6e:61:94:44:6a:fe:4d:
-        44:ac:be:fb:46:4c:c7:3b:24:36:10:c1:d5:9c:89:3e:a6:f8:
-        f3:7e:0c:79:08:65:68:a0:c5:18:30:4c:d3:e4:c1:c8:7e:2d:
-        9a:65:b6:e0:84:2c:b2:58:e2:fc:96:8f:95:13:cb:e1:e5:fa:
-        e8:9b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kx
-IHN1YkNBSUFQNRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUBSljEt7mwoIXPXtfdAxzqLASb2gwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAz6nSbhuBWSIlG2sq3yas7mTPLWUbrRVDIv177ITAjU6xF9yd
-rtNFupEttny+pYBc1uKJgP5UjhWQ+N3kDcYWwiRuYZREav5NRKy++0ZMxzskNhDB
-1ZyJPqb4834MeQhlaKDFGDBM0+TByH4tmmW24IQsslji/JaPlRPL4eX66Js=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem
new file mode 100644
index 0000000000..bc14434030
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 42 42 4D 29 08 2B 18 F3 76 C6 31 67 2C 5E 89 BD E2 5C 75 00 
+    friendlyName: Invalid inhibitAnyPolicy Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCAIAP5
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0FJQVA1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExNjA0BgNVBAMTLUludmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQU
+JVlJJR67nbtRHW3D6vzK+HBOXh5S097ZMQEPce170libKgRiLesqEC9fNpzls8pN
+VPwxOcZOgaHes1XlzdDkbf4TVXuprfJwcvHT6KWfzIehUopULihB/oJuMa289M0q
+VFhS0XAhzLR8KPzNjyqEew5g20u4uvpDG2TQOO4QQgLJ8nQEtQuSTsAPK8E6d0sD
+jgsHLOGETorVSgjW7zSIp2RZ1dNx8AEGm3l7tCl+xhkzKl7Me2W2qXJg+Iy17Jl5
+0Ik0uj38yZaUt0LNuddEQaqZVGwh+19uZdbj8wD6QgHcF8sUBLeOHbKrsI8VaGvH
+SHgiBW8dGWLp7rETQqkCAwEAAaNlMGMwHwYDVR0jBBgwFoAUiQRUdAZgs/cAbqBh
+jhX7vlICBiYwHQYDVR0OBBYEFAOX8L+bVJZR0b0hAu1UhcFEzOxMMA4GA1UdDwEB
+/wQEAwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAFFd
+fv8IwDnGrwxVdDqlMHz2fz7dZOnpMPRX5sleEzs0q11YJpVWu2VZJhDtqEFoLtZ8
+7HRCdkeN3kI0RWsXhj/j5F1UdPKu3exA5aQ/+BQeeboF8DqbawC2kTf71cY48sS8
+ECgGbXmd4dNI2ByZjMLVsq8ow9566ZpJZsfTEAw0dQ7TU9/4fasWSQ7LDFK/N9Z2
+hqUS5eIJdveMB2HDL9o8pNohsA8smIfX0ARKCkcEbMTjLjEABcZKtK+y9cwdln3p
+hQoA6GPCFY29vEqaq/T8XMNcWaTobelNsDMgKD9GZfa1CVnh1rwDve4f3PairHKm
+h+iOTwouhOvswtsridM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 42 4D 29 08 2B 18 F3 76 C6 31 67 2C 5E 89 BD E2 5C 75 00 
+    friendlyName: Invalid inhibitAnyPolicy Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F9AA48841E5D1B2E
+
+B6CcWA4SnOnxWmixvDlAO44VUbwuTRWzqz1Zwx66zlVkLDwnyxisRrBKzkx7TY9j
+IGZ3nT2WDSsmRifc2Up7iwO+e3cHJPgK1IMxEAzX+W/0G2b9oG7Y7FObIk9xF84/
+XHwy5yVzGVKfskLiXSSUS3y7v0KFDD1hs6XyZ7ZhioG0Dzkpka7BcgZmf/mwWIxB
+uXmFY1pMs1fIrSe7h+C8JSoYHk7mtD9GWin5SomqI8/MCEDUmVr2/5+QiKgg4Miz
+C9wAUM97wfo1pGhNRtHpfLcm7pliZ9bh5bYYhV4J1CnCSiwYmYJC2WMk9z8107kE
+wMYYmDORSuKkxLDD760jTeZ+T6ggnfocZQjZG7cBZG8lfji7S06mFK9y5pkd2a+z
+LQQPCmGGCZ7jT7MQgdqitw7x7iR3KNaPXECitVS8doMbL1g9ueo4rNJ/vblD8tDn
+H5gTbaLv9MzPghyvO/Pk9HHK1uT50nTpEKVjNGA5f+soB8/1dDZAMz/hCma+4qhL
+anN0QpcW3Cg7WtFjpoGV0UDqd+XAwYT8niWwaEz4YCvRFOqKk4UbnQHobxaPWuI3
+iXyNSTk6FKx8L08j58vqFHKnxLMVUbOLokq8Cm6oDEIKQO1Xm2h5/Lo7KTWCSXEU
+EnGbVMWy6S5+qjvUDp4A10GIxQ5G3owyhanv94arbiGSmj2CJIR5XnjUwxKXdRR/
+e4739AqJ32kbSWu8/aFnYrCsy5lrtuvikLQGPERAT6UgHXNC+hoWCEzu62K1//PK
+35GKaS1V437hJJfzdrxboJSapEe4u58lBOy2ZWiJMT8UWxrQzwPWXgIgrZppet0E
+9Ep/3cgvLbydq1Tipg6YXXUn3+RHWbdzH6tVjIe5yU0kQtb6UlevC27xau+1tb0K
+kyCh96ZlHrZuoaLsFS0QnTOg+f4w4M/EBLkgjd/ezU9TSlLZibMK3Y/OGf5uoxlj
+TCqGkoPgMI/lU7QbNBu/ZOPEBIxXAihVwl5AQeCBldj6kWYFw8DqUG0lKEYceEdg
+TeIKQQk5WMZ1rWLIf+x7Lm4HxCW3gf04yExwWW/o0EXieE8m2vwFrCYTV9iGVUCO
+rq1/IoCNNjnVjYJdFol633/xPwVYeCCzoOU0ulUwHjIzPE5FW/qRKKnlRvVg/V7T
+NZuGDuNhHAtRldXpMgDFH+3/iXjQ8jNFnbQmFhY2QxogPSt9O0f+oSk5dIjgsTXR
+qizviC+Qz9AuB1e2h+98kNog/e6c9bFaF2H/j4AdX4H1t+QnILEMW8tTwNRcN1aF
+khpI8fpx8PFrLCTx41meBYJYTwfSQErat8/OafS+qf21rMG0OeDbFRSBs32/7IzJ
+tpRpATwZphMks0ke0y5r3b7ey4Vs44AsuJclBryecfMzLbbP1BP1wgUnOAb1U+Cv
+h2JaN0VRjS6MCdTjNCRamr5n4HQJ5eeY48iD81skBuVVsV1GjrTqKAdZ2R1eRnA5
+1ApHYGMepNuw6VcONLoyQxOVKx2/vBEi4SK9g5/IhQ875TKsyZrEQ9wiZ9EylFAW
+OipkcTblhCJ7n1+lJHazw0hlshnIqAdD3HxwOA1EmFJX5XcummtU/ZT9LdLr3o8r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem
deleted file mode 100644
index 785448794a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem
+++ /dev/null
@@ -1,161 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBNzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYaW5oaWJpdFBv
-bGljeU1hcHBpbmcwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQIzx8
-7J8x9DkeOhXlBG/eAUo6B99wk9uPjSwrZ7f+CXzaECXTCOk88n35mahe/lgpBbr8
-ujs9D6bCgS+AVciyqJAtZFW45FX6xjb6fcLzebF4HTOpBYVxkqlJ9nLLCkaBHMIq
-1U5jR8jDZhgTnMBvNm0yBdNFo6Lh6A5d+Gr5jwIDAQABo4GRMIGOMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBRs6ccKAUJAQfXzcI7u
-4dFSXtc3WjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBADANBgkqhkiG9w0B
-AQUFAAOBgQDR8om42wMsHX434zvF/Yl3Lm4GBdFmFWIiRNpqH5iS8X1lGbi1pEAg
-m37Pvvobd5tcsZd2tsz0/DOTvntZhUdX5rmvN4x0i3JUXb9bOPMDs2iJs5oFF6Iq
-TSk9wJXUwsPy3ltGGWpU817s4uj8HU3tffkyOyc7j1u3l8x2LJWPvA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
------BEGIN CERTIFICATE-----
-MIICozCCAgygAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE6MDgG
-A1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsNiBmaKBCN2+twi8
-zZHkggWucFtI5ZszQOXjX8ivFQMOkIaUz2HqFIeurNmSEN2Ta8WHJJ/thRgpUF4l
-p8ovjgthh7/tScnTlJMN60ros1uQl6+qm/dzqn8kQ42EGLA9n6Ut5LuJ8AGCil+L
-9TFs7vbPktHo0h2YcwCvEjyyZRECAwEAAaN5MHcwHwYDVR0jBBgwFoAUMLGv3K7V
-MPIMOabjLBUhOK+ii9AwHQYDVR0OBBYEFDO/lIeGch/Q9DaWzigYcWwKxuVBMA4G
-A1UdDwEB/wQEAwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUD
-AgEwAjANBgkqhkiG9w0BAQUFAAOBgQCKhd9JcXnw+W9w7fb+IhKEeepUh2J7y4w6
-11+U8Skm7KgNeSHdCzQjFMqGyeoJK+XV1j21mGK1YqXrbLjo+fHbHF68tf2rzWTC
-Y2igOFwDQFpFFbqrKbYogBOuqR8TCR3LFH9mypYIqbcfiohQF5XSwMnyNEzDc8WH
-hEapxbpusQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
------BEGIN CERTIFICATE-----
-MIICtzCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xp
-Y3lNYXBwaW5nMCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdFBvbGljeU1hcHBpbmcwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDWkQsHOT5qYxFfYJsGV/LbLwMtr5DBFdB/k19gzvAjYpjlKgVD
-MgfJDc/d3WyMB8t5oICqdJDVFEq4JBU+T/J27G89SJusZSRJdmQXogfiXWHSOXtA
-f3Z4IcRxAwjoNJaF6n9LR2q5YTDIoiEK3+h1jhOiNoFwYmvTajzcJ15SKQIDAQAB
-o4GlMIGiMB8GA1UdIwQYMBaAFGzpxwoBQkBB9fNwju7h0VJe1zdaMB0GA1UdDgQW
-BBQwsa/crtUw8gw5puMsFSE4r6KL0DAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZI
-AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKnjTqcv
-cg3JfloLHCOwWWPdk64BNIs0gLMI584sPNdiQR5bCz4KCoKMzvzIEZDL+kVo6RnR
-l39fdQ1rIbv5lE6nUVlTJNcj5Mq66NMsdVFsz5plRGUN4YpEDhz30hiwjkoo/B6N
-Bs76rDEC1VReVfNcwcglyKXIIEjHTMMsG0GH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:E9:C7:0A:01:42:40:41:F5:F3:70:8E:EE:E1:D1:52:5E:D7:37:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        cc:98:13:01:ea:eb:7a:16:12:f0:2e:66:3a:2e:6b:fd:c4:2a:
-        17:89:46:64:18:5a:ca:d2:00:55:3e:bd:00:bc:ce:f4:76:7e:
-        68:bf:f2:73:cb:d2:04:b4:e4:b4:21:6b:e0:4e:ea:c5:61:20:
-        3d:b8:db:61:e2:d5:27:19:48:65:cb:47:d1:66:3b:29:a9:c7:
-        66:f6:11:09:2c:48:9a:c3:37:a9:b0:74:16:91:b3:d4:ea:90:
-        2c:af:a8:4a:6a:1f:4e:fb:40:b0:e8:5e:13:58:f6:cb:82:53:
-        47:43:79:ef:05:89:6b:5e:e9:99:1c:1e:83:07:10:5d:40:ed:
-        f2:06
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xpY3lNYXBw
-aW5nMCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUbOnHCgFCQEH183CO7uHRUl7XN1owCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAzJgTAerrehYS8C5mOi5r/cQqF4lGZBhaytIAVT69ALzO9HZ+aL/y
-c8vSBLTktCFr4E7qxWEgPbjbYeLVJxlIZctH0WY7KanHZvYRCSxImsM3qbB0FpGz
-1OqQLK+oSmofTvtAsOheE1j2y4JTR0N57wWJa17pmRwegwcQXUDt8gY=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:B1:AF:DC:AE:D5:30:F2:0C:39:A6:E3:2C:15:21:38:AF:A2:8B:D0
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        ce:d5:06:91:52:5b:f0:21:b9:9e:d1:3b:5c:d3:17:a9:f1:b7:
-        70:51:ab:64:ac:d3:3d:4b:e6:bd:eb:68:fb:0b:45:7e:04:45:
-        4b:26:b5:fd:ca:66:7f:39:9b:42:2d:bc:1a:56:92:65:39:2a:
-        28:6b:d3:6a:7e:6a:8f:eb:c6:2c:3f:29:1e:73:75:9e:dd:01:
-        19:29:e5:d4:5c:fd:d8:ce:15:81:35:f7:8c:45:19:1a:64:35:
-        79:e2:00:cb:3c:38:56:63:11:38:05:07:c6:1c:c4:27:61:fb:
-        0e:a8:b1:1a:3c:6f:8c:e9:0f:3c:8e:ab:d7:3a:45:bb:15:4b:
-        41:60
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUMLGv3K7VMPIMOabjLBUhOK+ii9AwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAztUGkVJb8CG5ntE7XNMXqfG3cFGrZKzTPUvmveto+wtFfgRF
-Sya1/cpmfzmbQi28GlaSZTkqKGvTan5qj+vGLD8pHnN1nt0BGSnl1Fz92M4VgTX3
-jEUZGmQ1eeIAyzw4VmMROAUHxhzEJ2H7DqixGjxvjOkPPI6r1zpFuxVLQWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem
new file mode 100644
index 0000000000..2689b692e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 71 15 64 2C 19 9D 4E F7 74 B4 7F D7 B0 5B 4D 45 4B FF F6 D0 
+    friendlyName: Invalid inhibitPolicyMapping Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDsjCCApqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowajELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBpbmcgRUUg
+Q2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDN0IaRs5W2GuI+RQoATLnfq2uut62sjrBHpXm+/0DkgNuM/dfoGsYDLwBKfGn3
+qgoAo6ji6khYrCtR/+SKIurS8zuH+I/cYeiRZ12Ibg/Ua8/xKRbh/7nd/80SBDiA
+9CxbInnuiP+oHXSLf40ITa8aFCfrlPah71XFk5J7LBWKrGgNmQoA23m0tP1R8QWS
+OvvlxEVeQGazDd/2gQlr5t/cmbvzGTS7beiHjq+guzeoaERJ1oYldpvk9hYf2IsG
++MaVIyNLj935jopLVkAG5Zt1zVfYeSgm8Rxba3+S2OcCmHlAOM3XBUxBUVJN9WsC
+PkLXw+Dk0SAGw8zDQXh9a6+NAgMBAAGjeTB3MB8GA1UdIwQYMBaAFP+0c2JSjVyW
+OlqQrhq8uDx5gWMeMB0GA1UdDgQWBBRGnoIVM9ZVKmQsZhmhhwsQpoe8VTAOBgNV
+HQ8BAf8EBAMCBPAwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIB
+MAIwDQYJKoZIhvcNAQELBQADggEBAIYTbq4NLd0+LIfk3ppsdEzOz5LONFBc54w0
+sh386ycVC5SBgXxibYDy0oN238lmZoAjvx6TWgAeVMP7TRwPyjMrOWivYWN2wBQy
+8wE4g+Bo/NoLBzAHm9yaWUeILEG7xDm9Qpkj81Am/2jDJv4RTHkPqhC90Tbh/j9I
+itkoVftRQlxsXx0NxJoSsfjDoG4+0LRM5elYHfBIldlHYLQiPcI4z4YW5FgtIs8m
+WTAzVduck7L/ttW00UBYyWjek8HE6eDkTJFvHFfwOQ832M6inyBLrFiB0lD6w/qH
+wekDTXqRelr/dtJvG0LpHq8/dEZeachaKBkm1oJoLKARAFkZWtE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 71 15 64 2C 19 9D 4E F7 74 B4 7F D7 B0 5B 4D 45 4B FF F6 D0 
+    friendlyName: Invalid inhibitPolicyMapping Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,588D74E5A29155F8
+
+QG7xbh7WoC9L/rNrseIj+nvQux4U7zOP9BdQSRKJaTb20ydKw/loQoSHLfDyR4OK
++qs2RFYTXuq9x0UwJVBZxVirlvkfikGaOaYX3PdsHyQJxgi5mvXkGzey9sHGPBOT
+qBkU/Bkn41Fle+UGoYesfQ3kZx2j0u8AN8C6r9EoQHRbOD8a/B0ls5q7n6YQ+MYc
+BfmELzhRCkRzBHkwbhBaurI1SfNIlO5ze/VTV0UzDZcRkpzBIiEYBKt3R/wV6rSV
+dEgrdFLgKk2y0a92Ai4GqevmtnJFboKUPb7gHj8hfInN+5M5po76ahHw9fpRlS0D
+/GYzw9Uh2R2cxMr7Gv10GW9MNHB9+zHoOa4v5RH+zPp2edttXAEUCFFFzi952ehb
+dwkJ8HVD1phftmSpmpy6RetpUoMlKjWyGWjE/A/WGrGvnIwrbPfFPo560PZDtNtC
+VUN4hZTiUYe+bf2tycKgSouPP9N5y5Y6t0eIFWh3U0A2YV+VFac7rWHYT8gDr23b
+YYvYdnR29W4M9g23rO65nb4+dMEOfLte1BgdI404/kVVNaBXJL7FndKnCYsUaz7T
+TaL2gh/oT2jA1BxTrJGy/koXjyydLMyPL9NpWETIfjssiDSc6AVp6MuT72Mz33Rb
+e53QYH0shuxRjJ9tQ+iRN85IoJzlzwhEwgo8QjMi1XCd3SIRArrbtzehgAb0HRxC
+QGLVF6mIaGeT7LkBp347v4qM8ezkYEhsF7Sh9Cpb9hxJMCBsv8U6rIyHQUV9xYfJ
+l6gVkis83Fqa1zLydbDIpFxyPO8t1qeCNXMU/PSgi3QQBeq2DvDREJel+eYCXNUc
+0GvZjQXs13e8DwrWufp2dIOW7FwgAR9BtkHSc2gbDoIotVBQPiqC0Yyy8vcSmpLf
+b+NXzqLm6MRTW6+i6qkEqeOVGNRQLyTFoBAiGpVsYhTqdeNMBAulkLc9Wwjbtemu
+lDmfjPoAq/funxct+7NMl+JI3UtmDfa8t6dQ1v5soYa8cby3vcN7pqb/Fe9GwSce
+pkUem8sffrM9Vr0EPNlKi27flJYtu9qbM4wn3JRfIkd5XIeyO0CSHCL5rVgvAHL8
+k6Q1HB0iIT3SJivlVT97ilvVhV5DsRlI52FYQj+a5WExHLgjdx7XtTqaUTnHMLnr
+NSbammoSyY4MKSrf3gNK5u76nMls4QmDumPb+DxDZGqQK/k041bb6oWblJeBQ0RA
+ZO0KHDfNNd+Ksi6dXCATAJ4jOfU9ohbq7kYGjhQZ/y+4/qhe9Z3g6mRRFg/ygc7B
+GEra8F2JiFFzYVqZbRcOeTVfeFsZJ5xP7RVtO4qFdjk+q1udkSQ+CfuEM61A8dXv
+2ByLevRVfAq9BxivadALLcXq6P/Q5/dcjQDB6U7ptgHdDHvjXcVQllGu7esgXLUH
+oK7H3GlRkwVRgdFbJehYEAnc+qee67J4V/QrOXQqaGi5V4i1KHg5RMpN6HDJnY2z
+d54v6DPMOE08xfVai8YSOXx6+mP0kPpQvd+66eD35WrgJf+Kct2uQGcW9SuIQW2q
++rCkdeAWv4PVJTMt5yT1J1j4vQYxKu4+G8QzngeSfCBYIU4rTIBqoRVq1H8Abtd2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem
deleted file mode 100644
index b1fe680fbd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem
+++ /dev/null
@@ -1,216 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
------BEGIN CERTIFICATE-----
-MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBlMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBpbmcgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKb7DrW9
-Hb+KTJCO7IrKHRUs3FihVXeQr2+m4mUyxOo1SFMZQq+7bojuyImkv08GBbeMXPqV
-RHdNWwVUgMMfynWekNRrlwGFNAfSKd+vxmPUTTqzH6fxQqCRx1CGp4dVV1o9BTES
-DuwmZurFPYEu2/tf6gnxaHBNUUsYqRdztXIZAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FFqTS++Wnq4+QxYmpBgeeYui5pshMB0GA1UdDgQWBBS7Wt9YatmqgSrox0Q7yWRL
-lJU+9zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAFMA0G
-CSqGSIb3DQEBBQUAA4GBADOVfkwUiMO6wkkOxQ/lMXr+bjJlFLz4nFQx7/YBmUBH
-cn7z1B8KAhf9SlqwOmMSz0OD/1ALmdjyX0oymWVB9RWyQyvvmin7tTZKBW0KdcQZ
-GKmRog0HaZ8rHx37ewB3ANJfyarjBABp9einu4Aj8ak+aePYU1mth1YNGS1YVwfb
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIC0zCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiRgbTlXD7Tr33rE8bkM1fLhA/0RcC0
-n6UIcVb6xSELqRqVIpXK2C038i/3Ta6+eoiCdjT6kvQwsM9uMBJnB7uePzDzpkSE
-G3Php6MSbnAO+6LPrGFBJ0LNo6yXvsV3HQ1Uwh8iND8Yt37obPJ05PzfU6hSnMgV
-47YDMrmE5h+5AgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUF3qKMAb26lw2QA2u2J+/
-ub2CzFIwHQYDVR0OBBYEFFqTS++Wnq4+QxYmpBgeeYui5pshMA4GA1UdDwEB/wQE
-AwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNV
-HSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIBMAUwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQCh/ZM7m2L0OxzF6RXxeVUhY5xlTjRO0HGd
-0xOnDkOesSYfCI4gUflMo6/T9Ot67Vnb9mgzwWSEXB6g2R22/3DVR1ord/UgZFKe
-w4llbMnwRS5e3zjqLGsLeWk2ZdyjoD2vmKiFBiX+rlHvaLk+5xYcGEfOupTVqWMO
-OHuz9iinWQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:93:4B:EF:96:9E:AE:3E:43:16:26:A4:18:1E:79:8B:A2:E6:9B:21
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        64:90:80:33:7a:e3:e8:e4:66:09:4e:4d:1d:ae:cb:f4:f5:b2:
-        ea:4d:48:24:be:04:8f:39:9e:c1:da:6c:14:fa:0a:a5:be:47:
-        84:19:27:c0:3e:15:ab:18:78:71:0e:93:e7:6e:c8:05:ea:f2:
-        bd:c3:7b:fc:52:04:be:fc:b2:22:80:81:35:b3:ab:57:7b:23:
-        ca:39:66:ed:47:19:cd:1f:2c:ab:14:4a:28:5d:23:ab:24:7b:
-        e3:51:bb:78:79:05:20:25:ff:13:4f:c5:d1:2c:e1:67:b3:e4:
-        29:35:2b:1c:5e:aa:01:17:aa:49:bb:04:66:52:a3:1a:7c:0b:
-        f5:57
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFqTS++Wnq4+QxYmpBgeeYui5pshMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAGSQgDN64+jkZglOTR2uy/T1supNSCS+BI85nsHa
-bBT6CqW+R4QZJ8A+FasYeHEOk+duyAXq8r3De/xSBL78siKAgTWzq1d7I8o5Zu1H
-Gc0fLKsUSihdI6ske+NRu3h5BSAl/xNPxdEs4Wez5Ck1KxxeqgEXqkm7BGZSoxp8
-C/VX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem
new file mode 100644
index 0000000000..5b1e4ed0c8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EA 9D E0 FA 86 7E 3B 5C B8 87 06 8A FE 4B 65 C3 6F 21 7F D7 
+    friendlyName: Invalid inhibitPolicyMapping Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGoxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTowOAYDVQQDEzFJbnZhbGlkIGluaGliaXRQb2xpY3lNYXBw
+aW5nIEVFIENlcnRpZmljYXRlIFRlc3QzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAv52QYQ1BWUErsri346fudEihcaQNINeU16WfsFvSYR/3ouv3u2Iu
+kK9BngF3VahW7oyBeXwxmj/iAV2jimT/Fi1g2h639V3eHn8mOa5f9xzRbnUDk7vz
+HqIx8UYup1zPcup4grk44BrkYyJoE3U4CRxDQB2Vw6lNV6osd+MuNyxkFZLnOie5
+Hcl3UoXWG4lc5nCN5iNxxkaooKKlnOh4UR0Zd1jUh+AVP2zkzjw3OtER8PILl3fv
+9hN/qcwW+0BSAemGQJDV5Nd7D5fCNJzbbXHToA3k/Bp3F3BqeE45IdFv4varhUjc
+9pXAmno8Y9TXt6QAM5iN5UaJvOLTHkqqUwIDAQABo2swaTAfBgNVHSMEGDAWgBTX
+gFwTi45BdroKtXNx6KNAgHQO0TAdBgNVHQ4EFgQUfdcKiPEJVz+3CWS6VMEBm+M5
+jCIwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwBTANBgkq
+hkiG9w0BAQsFAAOCAQEAVLVv3n3zSEYB7Pva607pG1mONfUdPsSkK+F+2SA3tSDW
+v39v9BuFVejJ/WcJi8S9Oj7dB4F8GkbH/Mgjlr/SGWNC2gG5z1eG/Xa5ZsVYxT8M
+o1XTK4S8TKdPPT2fvL3rHFwfsvhjama4zbB9/cG4HV0rRGOZIl2Dr4DwfdKxVllu
+pF8syWwTfzNOPiwbBVGRVDqVapQ0s/qjMkwKYmVj0E+xcVphBmjG5f4KLzB3fTiL
+YQHp6e/hD6fqDy34gnJKnvIdIpPS3mCJ32jUvs00gihBUXytvmF9mDmtx4D0gr/I
+HW06yZ8bXGZay35h+u/+32Qi8rs6E5p9xZjqhk7yzA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA 9D E0 FA 86 7E 3B 5C B8 87 06 8A FE 4B 65 C3 6F 21 7F D7 
+    friendlyName: Invalid inhibitPolicyMapping Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2EFFAF2EC16FBA85
+
+mnA8D/OO9/bRdXRtgF1460ooWSCBxgdMIp/ykM51o530doJX7pWwntIUnJstg5aZ
+wHhC7vJUrpcojZl1jzjNlMPAQ2GD5Tf3vGgvn+RoNrslRY8b0ipPh1R+73tn6ChN
+6dRI/GFbX0DbyxECglvrNynf1jbQaK+ljECnvypbjkBic4daBEAZzREP0RqWXzb4
+54MUmDGBFiOuGYNrUmFBk/1T2neOTHI0ry0nYVQqtU80QsNVbsYTs63dY7YR4RZQ
+voC+jW8xsrRFnCZkkmAsXFPzJPK8aUI5oAuOuE/cq0ymOXz3PcjGtZ5J0pCK7ruC
+i/YdtSmHwoJH/TEV/hWErlSduHziitORjqk6KHnSRUbU+bd2CEcgo9JBwn9OV56o
+QdUpPFfdrGFA768qPqmQnXSCeCUGvtqIR/sxdUhQ0LLUbdbMDgLsaOqXkXwchTPC
+LvWexL2kbtQUaUaV0pgDlaBfRYx/Vdm7hhM+b8Fdd6zy1eET+60fdsLyZuh8eyXx
+jDIWCRh7htT1XPdxGsCTXBMzgjG2PmbMfXWuZ293YnRsWx0Ll5Ed48kvzQiLjPEq
+duVDh9PIw3lOnjZGBk33ubn+8b/ZmCkTCVbNT0c7a060TXgekJnoXxut/7bexlf+
+nq57Z9JBmhVpUrT8Nu0Qrss/OwNuE2ZPUPDxzYoPqXu+WEUqlgs0wmpcpCFxc79z
+ELYXJAK1pVkw9ddVouLXbB+u+C7YpmoxZg8biUb0Z09eTDcw5ngHu8MoUMBLQpho
+TSrC/pH0fEpe192cqWyUY1oaAfFFzzRLvTSfBvzHYEGI3pPL9+4JSKbBvRjyIIz9
+yiPnXm673/mchrkKM4kfACRvhIlbUtF3VcZAE10mI24teFnsS+pjBij+hDI8fh8z
+W4CE9KUj/AhXGfjFveFRVmJ1vi4WX9h8Sl76Ne1MEqzyha7jNc+8orwMOEoHXI+v
+Dkws7KLCtVfhsRY14vQXFuOw02H3hQI39VfMhb7gerfllO33ZjdR8ygNuGc0DI0l
+H4Zib5SgtuawMpxKLH9hTCCQqkssKS6UZUtCP8iOnz5xq3+x7aRLblZqpINVdBEv
+DkPcROdqssbzHT29kheDd0KfZJF8zAHzRBvdM1LFLyvlJuSyWnnGuRDJj9Ttno+g
+/QZVRbjs/LIz74FOQjx33rFJGYGewH41mz6+4BbFjYDo8Kee9sqxte4Dj3YnNgdV
+Wcb3UDFHNv0qy9Ec/U/6a2JNx0fT3sKl624j+GMDddJv7/2ToR2GWYb5vF9peoUE
+KaeyGlIdi6nfCtTJzbTlg6on+i3T8xnft0IdrfNyfm8h6q7TtBYgsBhJYHX1sccc
+YY9oOcfq8Ymm7M1ER6wdTKYZY8WFXRCOtUrK3N3TrVStpjhIxlYgCILeCYo2/ceC
+GzJLjSlaXUWGZi0JziP0jym1K5poLrhVQGaRQ/NZheSmJ4H+s3BDFwy2g92Slb8b
+pw58GvcOukDjrAPafNRn8C5unDLBkHjHI0OzS1VvksldFRHuLhqvYmzFgbGq68M5
+hzakqEVOTr+Ny3vqF6nXOpVn1ckkUbMa54uPtiTM/LxJPpODjvCYXA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem
deleted file mode 100644
index a14824bcb7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem
+++ /dev/null
@@ -1,264 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YnN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCzgPv0jUMseTafKoAOspqZCAtVctNqO5SipAee2vLt
-7PijWRyqmveQUmDdJ5SFkFnevzRHhOINFIhKjygmtJQe0px86XknNJhW6OPICI2M
-jxgzst9Cs5w3cYjsOxsD5+FXzritqz6jSQ8Fa52IhmBYcbRncSOcu2IOGGMOUfLf
-7wIDAQABo3wwejAfBgNVHSMEGDAWgBTvkHRdvSchXG13RCZt3L/7vmNrCzAdBgNV
-HQ4EFgQUBN9qa50ER9oRS3e69lS0UhaUJsowDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALo5V4PwqAf314Emx79p7ce/cKrLjdi63pS2BsN4dFQ7TbY4Uru6/0Gc
-lZvOzyBVyvb4KxYTgvmOUkaNIpEe6xyRjHN5oAOEuOOgnXjL6kQz1st793h3WaTA
-hTg1AyHkktBRVhr0g1rCHCsGdrq6HSU9jZqvOOPaWomS+woTciNh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBOTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYaW5oaWJpdFBv
-bGljeU1hcHBpbmc1IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmgb4z
-lKzduO0U0YgdsR69hYe1HUrPtFTUc7C3KMaX2LsYdutgdW5fQ5atnORTBTTRY11C
-G4hIuo7WabxJOcSK9lrleEw58bZjDsNc5/o8xo3cF1zkmc6/DH4P5CGxk0nOzeLY
-XJ9vyj/nZc5i0k6H7NU+cde/s5tknCDntmnf3QIDAQABo4GRMIGOMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBRAFr9wLgI4+Lavp1rZ
-sgNDWZj1TDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBBTANBgkqhkiG9w0B
-AQUFAAOBgQAfLQvmb/5mx+Mi05zSJQyITwTfrw+AMrYezSpljeUZcymBLkK64BCs
-eVXrxImcI3hi3oWPcJL2dt5mmQB/o96qOYkEBbxDD0WQ0rwKgXOODhD+Di5aZPqB
-g9ZeBDxQgveLqLpEh0JL0MwJDLXH8Lca6XVdmPmFuaob3aIOP/zdcQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE6MDgGA1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqU2HY4J5
-i4TyagwhHyTz6DgQT7GKk0xSor3iKrPjBUTpEVWM041qODnfp8RL42lhZ24okQbQ
-8DoNH5dL/jtH5RsbZnfJnhHL8GDttKjLwHpRVRLbv4IlV4eQoPzTSRR7D0ishs06
-PdRXDoy0+UhNcABrm3ko1gZjAcPRL/ammFMCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-JLZxrVfA94Sar1a34h5IbPP9rjEwHQYDVR0OBBYEFEqYOSxfq1nokOSM2rwp2uDB
-0O6pMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJ
-KoZIhvcNAQEFBQADgYEASMkNNbv9N1yfYt5C2j3Lmy5rhbrTjrEDjNCJsQ1Pun3c
-qrJCtX52pGRNef3Sabh2W4jOExljobE/P45PdPw5uJtQd7YgGN58cr6wOz08SA2c
-j4vAlaNjcbNW5d3sUX6LgXFOHsamawjTncegVpR7mCY8lqVjxmW9ha9NF7h6ACY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDcDskVa22gKY6hi1NN0qxc3EGcrc7Ef9QD5LomWJ0NbPF2omux
-VOp4diM850F8rFaVpqHpOI6ElWc1K4PYVN+gp/sZ5V6unFR0ixzEvpsPTZa38btH
-kcqGMFfxw/f5HtdvgB1dt09da6xG2UFKxnubgQuxUPEx9FcEYSCrbLq3gQIDAQAB
-o4GOMIGLMB8GA1UdIwQYMBaAFEAWv3AuAjj4tq+nWtmyA0NZmPVMMB0GA1UdDgQW
-BBTvkHRdvSchXG13RCZt3L/7vmNrCzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4EB
-ATANBgkqhkiG9w0BAQUFAAOBgQBNZ4dVlouj30O2fD0c418lyzVO85YIAuof3wDW
-LW4XjH/r40L/BUPDyFJceZXA7Yaym+UuYLZh9RQBEtkplLkcqgezH5GT5EkefBjQ
-CrQFgsqRttLQAuw03v+2I9a8vHY3u0L2puzJQ1l1GkV4gqSAgEv2YVdva0gkq7sQ
-52udtw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YnN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT9hQ7qYK6NHbsH0I4rzox6PZHPasVXKNr
-Er1k+U5DVQ4tuCaZk6QEdBpLSMc4V62MtVl6mu/Zox73h6yvllHZDBuH63fEVFLc
-WWCQ0TejhcMx4wp6A0TVqocawS4C1gMhOeXrYZ18ZWakU8DPVwOb23y4/zseqUt6
-1tXPvs2uwQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFATfamudBEfaEUt3uvZUtFIW
-lCbKMB0GA1UdDgQWBBQktnGtV8D3hJqvVrfiHkhs8/2uMTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBAHwn3D10SDne03e21/XMdNEGPmNE+jCS3S12gtAPbeHa3KxqsmmuBcEv
-ahsKPoF8CtAAPiLUK4M9GqwK5Vf0bsBlduOnF6vSnZQGKp9OQKOhbTfIoLSWRGIF
-TtQX94lVnOBpO+qXCl+FBKm/eUGyAa6/K1s6vwVtNwW2uT1YPKe/
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:40:16:BF:70:2E:02:38:F8:B6:AF:A7:5A:D9:B2:03:43:59:98:F5:4C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:3b:6c:aa:51:1a:cf:0c:81:3f:8c:c1:f0:60:03:0a:7f:36:
-        01:0d:82:fe:71:4a:14:99:5d:f7:cd:33:30:2c:e5:11:0c:8b:
-        6e:7e:79:6f:56:9a:eb:cc:20:49:44:c0:1d:33:2a:3c:52:98:
-        3a:dc:32:37:d1:54:16:96:4c:b8:e5:32:39:ae:93:d5:8b:1d:
-        36:06:b8:bc:05:d5:d9:71:bf:79:4f:b9:45:6d:86:50:38:b1:
-        af:af:68:eb:32:c5:77:86:53:6f:d8:dc:f1:a8:bc:e2:fd:e0:
-        4b:81:5b:1f:33:7f:9d:2e:45:c9:66:1d:5d:8c:da:ad:79:aa:
-        8b:7f
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xpY3lNYXBw
-aW5nNSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUQBa/cC4COPi2r6da2bIDQ1mY9UwwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAbztsqlEazwyBP4zB8GADCn82AQ2C/nFKFJld980zMCzlEQyLbn55
-b1aa68wgSUTAHTMqPFKYOtwyN9FUFpZMuOUyOa6T1YsdNga4vAXV2XG/eU+5RW2G
-UDixr69o6zLFd4ZTb9jc8ai84v3gS4FbHzN/nS5FyWYdXYzarXmqi38=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EF:90:74:5D:BD:27:21:5C:6D:77:44:26:6D:DC:BF:FB:BE:63:6B:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:e0:23:55:35:fa:8c:e8:35:21:f8:35:28:a6:2f:57:5b:6b:
-        df:3e:12:97:76:05:15:72:73:5c:da:7b:17:86:63:13:80:19:
-        33:5e:c8:f6:3b:13:a1:33:e0:06:ed:1a:8e:1f:ef:8a:02:cc:
-        9e:33:22:c2:b5:94:05:32:98:0e:65:71:02:c4:ae:e8:36:9d:
-        81:d3:9e:24:51:01:77:ea:d1:a9:a1:e6:04:c5:62:bb:82:2a:
-        7f:aa:3a:59:a6:72:48:95:07:91:ba:34:20:26:a9:d4:ef:6b:
-        11:09:57:8e:64:19:29:70:77:34:92:e3:eb:82:9a:c1:ee:a9:
-        83:32
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAU75B0Xb0nIVxtd0Qmbdy/+75jawswCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAM+AjVTX6jOg1Ifg1KKYvV1tr3z4Sl3YFFXJzXNp7F4ZjE4AZ
-M17I9jsToTPgBu0ajh/vigLMnjMiwrWUBTKYDmVxAsSu6DadgdOeJFEBd+rRqaHm
-BMViu4Iqf6o6WaZySJUHkbo0ICap1O9rEQlXjmQZKXB3NJLj64Kawe6pgzI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:04:DF:6A:6B:9D:04:47:DA:11:4B:77:BA:F6:54:B4:52:16:94:26:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1c:39:2f:17:f0:d4:ca:3a:70:97:52:46:b0:ed:08:8e:3a:3a:
-        92:e3:5e:f5:33:4c:73:0a:a8:14:49:ae:ca:d8:90:6f:e1:ec:
-        23:36:9f:95:e8:a9:d2:b1:6c:2d:99:94:21:f2:6b:7f:98:c8:
-        f4:e7:f0:a8:26:e4:58:e6:a1:f4:68:dc:10:33:a1:c6:c5:0f:
-        a7:a6:7d:1b:4e:cf:6e:b7:72:71:a2:6a:d2:e5:e5:e1:b8:d7:
-        88:3a:a8:d2:e7:bd:a4:ce:ff:1f:ca:f5:7e:7d:fd:2c:4c:03:
-        2f:96:87:d8:4b:ba:35:a3:63:e2:87:cd:95:2e:c9:34:97:9c:
-        fe:30
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUBN9qa50ER9oRS3e69lS0UhaUJsowCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAHDkvF/DUyjpwl1JGsO0Ijjo6kuNe9TNMcwqoFEmuytiQ
-b+HsIzafleip0rFsLZmUIfJrf5jI9OfwqCbkWOah9GjcEDOhxsUPp6Z9G07Pbrdy
-caJq0uXl4bjXiDqo0ue9pM7/H8r1fn39LEwDL5aH2Eu6NaNj4ofNlS7JNJec/jA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:24:B6:71:AD:57:C0:F7:84:9A:AF:56:B7:E2:1E:48:6C:F3:FD:AE:31
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        35:d5:ce:cc:ec:10:2e:1a:1a:f7:ff:19:1f:16:bd:7e:46:c2:
-        ea:f8:79:b1:36:48:74:28:e9:6a:68:59:f0:a0:32:c5:9f:64:
-        f4:02:5a:bc:5c:2a:bb:62:10:2f:73:66:a7:cf:de:b7:77:26:
-        1b:c8:7a:95:6a:2f:1d:e6:3e:db:1b:15:02:3b:fe:bf:e1:5f:
-        3f:08:29:6b:a7:84:0a:08:46:6f:66:f3:71:84:41:97:8f:96:
-        02:39:ab:ea:c3:c9:21:99:1f:6f:93:5d:19:4b:df:95:59:60:
-        0a:71:2b:a9:e6:a1:bc:e0:e4:fc:5e:b4:a6:2c:99:a0:2a:76:
-        cd:d4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUJLZxrVfA94Sar1a34h5IbPP9rjEwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEANdXOzOwQLhoa9/8ZHxa9fkbC6vh5sTZIdCjpamhZ
-8KAyxZ9k9AJavFwqu2IQL3Nmp8/et3cmG8h6lWovHeY+2xsVAjv+v+FfPwgpa6eE
-CghGb2bzcYRBl4+WAjmr6sPJIZkfb5NdGUvflVlgCnErqeahvODk/F60piyZoCp2
-zdQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem
new file mode 100644
index 0000000000..3c52fc5fc4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DE 8C 5F DA 70 9A 8C 60 6F F9 AE BB A1 65 E3 82 D9 09 27 B9 
+    friendlyName: Invalid inhibitPolicyMapping Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YnN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowajELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBp
+bmcgRUUgQ2VydGlmaWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC0i3fp+XfZPUG9DSTq/8OqOa6mw5BfqUR2OVuxulyooJ4qHigWqHCk
+muBd/ACPkowfECXCUCBypLRZ9hfDv+jZ+Jm5VWVMQ9N5qEkKae0BIxa7yv+r2r7Y
+5zHMWK67D0qIh29nCdCJE9aH4q56ig/8oz5icRc5tA723KT7/nDHVBGIfr5EPkAI
+/W2x1uNEwq85Qvy1bQdCUQkH4tbe0qLpYs013UQNFNH/NLuRQpDYFTMTyGApf34r
+gNlFzcnwNtbDj8ewQITe4LWC0zw54McUtzmqdvSdSaawg91XyXg7bg6ecDoRCnPn
+Ig/bCtm5RYKwPOIG5TMBFpn/vUtdUcyhAgMBAAGjazBpMB8GA1UdIwQYMBaAFK5j
+y9fiw3Hj9M5u/DX0m9JNPtwXMB0GA1UdDgQWBBQMlU4t80WgAZvBvO7pkJDrW61R
+nzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA0GCSqG
+SIb3DQEBCwUAA4IBAQAubNdSsC6g4XBAAeavQ+94LbgE5Doy/MprXYSH7gGUDEDJ
+aLUiqgOS4imF0gdBv2v4PQpsD3yALD4igMdIwO8M7wMSEwY2WyCNHa95KGmzvbSl
+CcYjpPqXsrZOrZjYWF3JSSjIBEFVzWgSM5pGbtAnRD+wRXygTBGkUzKq9Rj6pFUs
+FWs90SxaR0EBCc5vtNcpIQK5iXnYCO3rPHzcdcSN5Cr8VCrt5WvCrbxLFIoKr/Kz
+KKoj1CbFqedcGBnRwwskfTLvEZdDs9xTr8I+A9DAZEoIPrcVB0rz9MH4biZBPDBg
+GxCqwudDV9TUmuqh1Udp39odeV1CPWfTSzJz/gK2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DE 8C 5F DA 70 9A 8C 60 6F F9 AE BB A1 65 E3 82 D9 09 27 B9 
+    friendlyName: Invalid inhibitPolicyMapping Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,00F5B427B5DC90D5
+
+HL3b7J8zUgENhTrSgUcPeQKTGJF3nUZi2FSeAC6x9TQW2jciLcI+ySs6oovnLbpv
+KRRcr9wgPwjw8fbzajYEVK6Q041QNE7XdOocq167PtSdKmQVMlLTabzsNNvHnatb
+A/vXXFk7OGWEKuit8HBTYiK38Ur1xI2YNT7kx6Fu7udBoimPZ1dj5y8dktbzWFCq
+pcf2xrhKbXhCZvTAcaDZgQHJWcnQIzTFdEa6L78r1eavrtD35ebEYyNRePSGSmNp
+1cDJ6CF5INsSvmdAjWIXHYmmoqdRe1buLSq8ar9pc9jfxYZjH+RnqWqiNdakti2a
+FUMn966dQCxaTOmWeruSg4ySXos/E1ZWwhY3qzuwc0PSc45dLr/FNY1YB5VtrHlZ
+OXd+s/CdElmXATjt1f05+AZAzRw32JENUHBNPLlG5v0Ze79y8aQyq4FWIZvfawoE
+su0W0hIM9EEb+Jgfl1Lew9FeKHETnzOQcOKvxQwnzbiwwG3v/ttFkquRAN9y3rn+
+uT1Ab1uBK/KptHBJlC1xcL4PLmM9vxsM13xsPdzbnRXvgvouAmZUirrwdQkau0K9
+mPP5GfhmV+yueaUleLa+KitNH2sSQ8hYUHZL8JfUFR1T+XAL+njZsVw0kdmbVsTs
+FCmRhPUYABxZInGRUXS49AFKbS+nz6+m5p825R2/kGmu6Kj9AX273fzWUvQT28J1
+IL/GEbIrp9uMm8rokUhCJNKW7us5A1M2cxXCVtGGxX0SuP0UdrOvaeepBFAqoqV1
+2X/jNPaEpu82pIXjYOZU2p/JSdQiwHrojcJUeiWl3gALhNkuwaesPOrIYow5Yv+u
+Nyro+J2aSYcunfuUgD/0A7lhpXae2PGFG6dP/GxJzsNYvaj/YCZb4MSGh/K9qpP7
+e+1YTxwRE4jcpwLb1RrpcuuPVmT6c836hbHPTJHnq8ELyDYooDum6BwquVifebZj
+nUaxpmL5hHgR6QR9GdmGiQBlWlGZo4lmOBMBIVqnW+OWKSgJFUSdsWTmZBGmYrG3
+cp9bj8hNFfGt/G/11atg/A8jJZlv17s1xYWcM6QUcAhCnCwvftL+N2odYYwhcD6e
+RIO11B5MN/jDDA42qvZic1wk2MKp0Vs1c/LcvDhyvYv2KxbTg4ytyy1g+LvVBZFY
+aJxgrSaZ+kuvccc2KWgDe4XSOnxqv5vh6mTY4d4RxJPAvDrjWMcTqJSDoKyApKZf
+k49dNtwzLQj1iZM5T6aDYOAMhCvphHlIFqBaF/XPtdoPbzOSSjnfBxORYRfQ4/ON
+v+LcBcDMBOJPzyD2IIvQCUrhS3e5+1KLBARrDH7Z4i7g6XP47mirM9tujdTmBeL+
+UCxgqpjEChegVP8aMWj6jVzjewDHLhv4S6PIte254vBHROT0WRPgRwP6qgeN2/pm
+auULnZwpXuYe3bwUtIYWMrO8Esi6AMvwWhVcLpZy6aV3hbqkUsUL+2t47VLToReZ
+p3ZKcwKs2lzCLyFc3eV6ZfuCrUfk3cZxISPs1ENS92KUGPKCsgWAybCJrKmjJTtB
+SyiNMKvAUySLMeyxe14tgIp+3cMOvksQmFXbWWWm7ZmcU/pRze1Be3jJaCO+MB5k
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem
deleted file mode 100644
index 1e617839c9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem
+++ /dev/null
@@ -1,217 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0FJUE01MB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowZTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMTowOAYDVQQDEzFJbnZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVF
-IENlcnRpZmljYXRlIFRlc3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-pIyvpHy1AEaR244X+WehPi6kJ4zfm/clYT73uCvd/wtRc1ecFT83WALtOg6iWRxn
-DxQ/Av2+6Sb5BGvOIyHVT/2cJIf325EZ/zxW6u9qb6+u2oWp8PX5ddUbH7yKAmXm
-l3p3cVsZB1GkL4KdBrCQGdF8Khnb5cF5YBSuYEPZXQIDAQABo2swaTAfBgNVHSME
-GDAWgBQkqwNVlYuV1wNEx93/fv32kbGgFjAdBgNVHQ4EFgQUYSBfuS0yhqXL/Jfv
-5l9yYaw12g8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-AzANBgkqhkiG9w0BAQUFAAOBgQBa/IMv8cgYRBzo8cjsbIb+tzD4986MKnaHn5lL
-SEdCOU8nZTscVwdXEg0N1Bza86ara3HXHtgpLauXgmcA0L7BUkGJty9vIMzqc6LN
-VfDTX5iZoftoIKzFx8AsQio3Y9BlGRGU1NxKWyvrZj+PvT9lXym/Moe+b5pxez8b
-WLtRZw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIICujCCAiOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBXMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAq
-BgNVBAMTI2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0FJUE01MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg4hWz7PbBhsTO+fpr6qznJLoay+MQhSxm
-gq7gcER+qcx6hOwpIxvX2HUQ/q5RqJ6X539C1HyngpS383VGDqxzWTILMJ9p79He
-5GhleTga2r/BSvq51G4uSJz4iJUJDEhzhQncRKUY65v1L8dz+lh/IHLRBGues3zP
-dWc1cRQ1mQIDAQABo4GcMIGZMB8GA1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEF
-ICZmMB0GA1UdDgQWBBTm3o5WsPOWysSqTpK6CZqUqZRwPjAOBgNVHQ8BAf8EBAMC
-AQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDwYDVR0T
-AQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgQEFMA0GCSqGSIb3DQEBBQUAA4GBAEge
-Ag2ZoOuHLLqscTmz4NbRwXvWWtesM8lVBhQtShOlAgBpxm6c7kd4e1LMeAPN7yPD
-63DL3mDZnK+qtyvqXaK3uVSMg9CMGsGCqXGDRbmml0nbxbkLNGKYEtkJVzmIR9nZ
-vf0ZHnAqC4006H8s1uFPNIJwjb6hfK6oecY1nqms
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
------BEGIN CERTIFICATE-----
-MIIC2zCCAkSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0FJUE01MB4XDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFowWjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMS8wLQYDVQQDEyZpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YnN1YkNB
-SVBNNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoWsXQ0sXtSdVHZZ6NBai
-/YaSnuULPstaxcOXjt23ujwGnhffZLbzqoz6crjhOj3j7u5CAl76NNcQPuYi9/EW
-vxys93HyGAbgpl+YZ/zKL61BPTj5sBK4l5NEQoKUoPZsoeTDTXyD3HDWMDlJifXK
-gDYpaao45yFD8N0WCfd8pccCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBTm3o5WsPOW
-ysSqTpK6CZqUqZRwPjAdBgNVHQ4EFgQUJKsDVZWLldcDRMfd/3799pGxoBYwDgYD
-VR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMC
-ATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAzAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAImakMw5q9O9ghGN6g4TQ/IG
-gI7NgrjqoAKQiqZuD+kmbzSf1sGONmiLK44kykgJ0zZY4xbkoXVOQiNrnqDclNdf
-Za0+Fmvfx9vVTlSoLQGwSHE3oWDKcamton847GkEmnP0RacqUkRkgpZam83tnDEX
-c6eHTCxBYDmTTPuFe4fi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E6:DE:8E:56:B0:F3:96:CA:C4:AA:4E:92:BA:09:9A:94:A9:94:70:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        14:9f:a7:ad:6e:15:65:a1:9b:cc:49:11:63:ae:0e:76:54:26:
-        5f:8b:a3:f4:12:98:db:47:80:4f:38:bf:c0:0a:f6:d8:df:b4:
-        07:7e:06:6a:ae:f2:9c:6a:c2:9c:6a:75:99:df:19:36:ee:d3:
-        de:59:91:32:7f:08:93:c3:31:6c:b1:cd:42:cb:72:74:04:27:
-        1c:49:66:33:e0:10:8a:99:32:7b:66:6b:8b:8d:48:21:23:6d:
-        1f:c4:b4:40:d6:8f:76:00:00:9c:6e:a1:bf:90:95:5e:b8:8d:
-        e9:c7:a1:18:f1:bc:5c:28:05:7c:73:72:85:da:f1:a6:00:53:
-        5c:0e
------BEGIN X509 CRL-----
-MIIBUDCBugIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0FJUE01Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-oC8wLTAfBgNVHSMEGDAWgBTm3o5WsPOWysSqTpK6CZqUqZRwPjAKBgNVHRQEAwIB
-ATANBgkqhkiG9w0BAQUFAAOBgQAUn6etbhVloZvMSRFjrg52VCZfi6P0EpjbR4BP
-OL/ACvbY37QHfgZqrvKcasKcanWZ3xk27tPeWZEyfwiTwzFssc1Cy3J0BCccSWYz
-4BCKmTJ7ZmuLjUghI20fxLRA1o92AACcbqG/kJVeuI3px6EY8bxcKAV8c3KF2vGm
-AFNcDg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:24:AB:03:55:95:8B:95:D7:03:44:C7:DD:FF:7E:FD:F6:91:B1:A0:16
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:dc:20:33:f7:b1:e9:f8:9d:47:00:86:08:2e:56:bc:02:0a:
-        e4:46:90:48:a0:cd:37:63:71:fb:69:34:e1:0a:d0:aa:e4:f7:
-        61:67:46:a7:b8:ba:11:67:30:eb:1b:85:e1:1d:0c:9b:e6:fd:
-        fb:50:ea:c9:f3:e4:19:73:05:85:6b:cc:c3:f0:4a:2b:bc:75:
-        7e:0f:b4:d1:64:39:b6:38:39:dc:30:77:33:91:b8:77:52:b6:
-        70:ed:24:b3:34:7a:b8:ef:46:93:78:f7:7e:6d:6a:ae:2e:c8:
-        a0:d7:76:ac:46:47:ff:1e:9d:fa:51:9b:47:cb:06:c3:c6:85:
-        4c:9e
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0FJUE01Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBQkqwNVlYuV1wNEx93/fv32kbGgFjAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQAD3CAz97Hp+J1HAIYILla8AgrkRpBIoM03
-Y3H7aTThCtCq5PdhZ0anuLoRZzDrG4XhHQyb5v37UOrJ8+QZcwWFa8zD8EorvHV+
-D7TRZDm2ODncMHczkbh3UrZw7SSzNHq470aTePd+bWquLsig13asRkf/Hp36UZtH
-ywbDxoVMng==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem
new file mode 100644
index 0000000000..9ec0bff532
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 41 AF E0 5C 50 DC 4A F2 4A F9 36 A6 FA 5A 12 CD 25 20 65 6D 
+    friendlyName: Invalid inhibitPolicyMapping Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMmaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQUlQTTUwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTE6MDgGA1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5
+TWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANL0XE/6QZLLGmP45AS6Fok2FJ3qtjzy+nkJFlJ4QfdgvkLA
+F/wf/aCbiX/p41LtukSbRGLWwVPfwN6uWZRvZcj4SOxhIRAgvWK4WrwNtgqVwGNE
+3lt8AOJ83NFUArK+FANDH2rtzbY8igJOIEGQ0H1CPyYHM0g6O9gbACN6iABkxeoS
+UrAFL6u+cjDFg7Huwt3C0DgZzZZk3zmi82K4RyfQnQ5n4sFHhJHCDviY3xQvW8u/
+gC7o4LxeWrPJWSgn2jFUly771l+bg557D9CbR40HH37/JNf328clwHIFqwweU1gp
+2MNz6/IobTvdSL9b0AgSUjbwpjCn1CtuN4p46t0CAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUEocbNWfwvKGgNroVqCkZ7RqbW3AwHQYDVR0OBBYEFJCTnO92Cq+5fy1mUiJ4
+S7FH+7GqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMw
+DQYJKoZIhvcNAQELBQADggEBAKWNC8GBMa/d2a5ls5LSN4BVRt0OK2AK41N0Ts/Q
+A6D5aE29h4nScxZ20I7LB+8fMcuNyfT2rZFuBgZQ62Oqad+XsDsBFRj4NITol6M3
+1OdW86Dezbc272tAukA2KqYAo/Z4j+/ag167leUKu5tf+5Cz/xrAx8/FbVZEXS3K
+kyprlh/fy27UadewavhCgc88KTLF3DMnTPg15Ov/0SEtDZ46wdy7V4D7ao57Xe6Q
+V2pPUHl6w5mvgCtscZkCqf0+AL3AUL81ks+wUghBnzCUBdn9Lsv/lfHYIUanRO7z
+0VEto1h+4ot/XjDSG1nqJ3bTAJ++VB7pBJMGuiHeiEyhKQM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 41 AF E0 5C 50 DC 4A F2 4A F9 36 A6 FA 5A 12 CD 25 20 65 6D 
+    friendlyName: Invalid inhibitPolicyMapping Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9A03DDA465C74E3
+
+clCgBK0EV4rLPjpjo7s1sVyde1o38htaXjfAdmsQxZM4RoNr+XxkGRmPp2JU9/K4
+nzyYCl7E+ONJPogEVLv7P7PAfDrDNo6eCWPWksKP6tP+aIaTmA0jHjqAHDxuUOTp
+Oa7D8VhtDs7d2JIWQv5tgz8N45DC4XA+lfH7lTpgXbKzdbCaLNwWpJ4rHLtGpMJ5
+u3eADc+oVG1RY+5Ia8Towk6Va1t155vjiZZsOgMfogeCEYaG6jLPZX5RftB0Pr5n
+RHdVjDCeasLxLK0wSAQ+AX3j8mXEtP3DQNfhKM4MwQK6wPd2JwKAtZ3f9UimcaAJ
+t88ioUP7ODiRU2QPuBLNO7YnvFmBmPh+ogUPElVZPu6owqS4kTEVB2/f1SgwA1V2
+YaGPyhOoGlxi5BCFFN+mg0tWe/f6d05WFWIvA4p5phAfZcd6SySaaV/DG1EP0+DP
+xL9M0LZmPnqJQ/ZINakDvmn/dHA2AK2GAwgOyrXuwq1ODUfp24k7kqUAY8ZDC932
+rMkAp0HemgeZ6TXO6sIbAzTceboYxEEnYklfuM8wnpVwejkT5bwevfL46Pde8WKU
+uL/0L3BEMxSB0Yt1zNErTBvKJupRjRk8V+VC+O20O8PpIdey7Sj1Ai8fkxgIfRe3
+4aCRzIvCFe2a0FrFxKQiUjVLRXKUbuQfr6Wh0PC84rdY/DKjPAB0dG97FPQjDfTW
+CWb8MmpEHaj5Jh+LY/GJp1FkeB4xHPCJseyCQoRVvmt6WeAntoorHXk17+esGod6
+y3wWEC1kpZyT3kFbBI/QLku87SJe2cG3C3qLmLZgPOBNvD5tijryVziC0ydg8c8M
+D7IFXhs0/lwyZeQZkw+DbqMWRh6HyjR869/7M7SKiYtS6KeCDY0T/b7Dw61Vde8L
+5VeddnonZ6akZBxT62QqdqUZC9Xp0fsD2kQnHCOTOFkc1aV21/1ldzJ8z6NBe6NQ
+SqIFBNzfGzudSaXoznpIWeiAfayc3gFULYeP80ZjorVbb4LFI33M/X6K2jkKcQkY
++SNlPzE2u3jskw3eyh8CLsWp02Ax7wdlyHC25BPsbR95IJcVjOYym1JbDZeqU3C0
+afb2atFq1QM2PZQswl0W/DGDiri3BLi2Fo0VnX+99Kxjdw9F1lqlyKjW3T8EXYIB
+ohK90Vs0PaD9TcZuw36TrgvjnbwOmw+3dH5PG5WQ9qxDDxsjE5lDSfpKqn6trV3b
++EBiHiuYyiJin4Ib6aOGy/+fONkVG7eUHpXttzhtPOGbjtmas3bOjgIBs/JBzqjm
+VH4l5rEkgM9sVIPzgWHLj0z5VtZjKSIkcFwSG/WfcEHZ5dzkbybWFryEfnP5hrA3
+3QsfxBH3gzKsDdh6BqTmj2FqSf5uS+ImUOn6KEk4XaXCNsLgadh7UbKS3kP6eZq0
+rgtmIYNDkOHmiYkH0/K7NP89satMkNbIi4DD7o9WvHqGHhsAczDkEqnmP5GXdxpx
+GYsl03gV/F5OjqG19mVmuMV9sSJRqF2pH6str9WNCDHTTVcDXn3Aam/U79310/vB
+J8ko2grQRkTPox8P995o+ocp2yIRq+5XTmMmvHsb/R+v/w5NA9UDbQ2Ve6TeA81r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem
deleted file mode 100644
index 12418ff1a1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBIDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFYxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczErMCkGA1UEAxMia2V5VXNhZ2Ug
-Q3JpdGljYWwgY1JMU2lnbiBGYWxzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA4iwG9rt4eJXUwy+UTNrUEq7gFuAYWGYaf0DCMDkLcYPIAwlWow99RTeX
-jXir2B5PC/YcGARB1+bLQDTn7C8R2bilNXujkHWU4w10Vt56sONz+0ASNoIXCPn4
-EFXAneC3z7q9ZONoU4U3MBxMhuepSqGeBWNgh5KI/ICyYI/P61UCAwEAAaN8MHow
-HwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJSB6cRQ
-9gcgcCaUPO/fMC7eP3TNMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBvUd6L
-OoQLwzSqlbFY2JYA5GGxYuAdrT0FxeuRK2wGwiPmNCKn0w8t/wwQTrbPdrENV2Rc
-gzeZ9A5RY/Qs6EogNvy0qfC6lw2aUZsjEFjpPvnXmjb23sL2A3twFUWuoZdy8Wtd
-PTGWD96vq7KEdsMb3IRwUMk0XxyPZ4MUOqtVyg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Critical cRLSign False EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImtleVVzYWdlIENy
-aXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBwMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxRTBDBgNVBAMTPEludmFsaWQga2V5VXNhZ2UgQ3JpdGljYWwgY1JMU2lnbiBG
-YWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAy7qxBfmtCspcqkqi9Slrzqm5Oaxst+HoLMAM77zVMEmIDI2IYsm1+PKV
-WNIdR8whYpz9OvVP16/Ujt4D4902/HLCQGcMfprQ4M7S2ba4Ujvig4fe6SFwVCRs
-YbCOmVA7rHiPEz2uguVgeAkJolSooUz/QEtakvGSEKGO8zhuQFsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUlIHpxFD2ByBwJpQ8798wLt4/dM0wHQYDVR0OBBYEFOsTlV2h
-OTNSDv1rZhunjIMov0boMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAgST/vGwENhUdJayqletDgqTapBVi
-mXOpojLaV5Q71AWzCA6oY3D0ATMW3QbzK9OBaDtURLb6zyKPLtx/2jZU3hw1c1Ia
-bIIKe8MPc9VVlABo3GW8vYwKucYZValIq4YAV9AbtFYz+5L+7UAsZC3iU9t5UJ9G
-GftSrxstYAKAeRg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:81:E9:C4:50:F6:07:20:70:26:94:3C:EF:DF:30:2E:DE:3F:74:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        df:6c:04:71:99:bd:11:54:35:2e:e7:bb:54:60:3c:46:38:0c:
-        cb:d3:e9:06:bd:55:2a:03:35:2b:cf:e5:a3:b6:f1:13:5c:8b:
-        43:5e:9b:8c:10:8e:c6:82:83:ee:af:1f:50:3a:14:2c:f3:a4:
-        43:00:90:21:f9:59:4b:15:c4:5c:30:1c:86:75:2a:cb:a1:86:
-        33:b1:f9:75:46:99:34:07:64:dc:4f:6e:d1:f2:cd:f5:0b:7f:
-        00:1d:ca:9e:60:0f:93:8a:c5:22:cd:59:46:e5:21:2d:26:ef:
-        98:ff:6d:50:2a:7d:5e:15:81:4c:b8:3c:ca:9a:1a:b5:1b:6f:
-        4c:9f
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImtleVVzYWdlIENyaXRpY2Fs
-IGNSTFNpZ24gRmFsc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJSB6cRQ9gcgcCaUPO/fMC7eP3TNMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAN9sBHGZvRFUNS7nu1RgPEY4DMvT6Qa9VSoDNSvP
-5aO28RNci0Nem4wQjsaCg+6vH1A6FCzzpEMAkCH5WUsVxFwwHIZ1KsuhhjOx+XVG
-mTQHZNxPbtHyzfULfwAdyp5gD5OKxSLNWUblIS0m75j/bVAqfV4VgUy4PMqaGrUb
-b0yf
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem
new file mode 100644
index 0000000000..19ff6b3bf4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D3 3B EB 31 DA B7 F3 2C 87 7D 9A 83 E1 31 FF 35 A2 20 88 61 
+    friendlyName: Invalid keyUsage Critical cRLSign False Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Critical cRLSign False EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Critical cRLSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMia2V5VXNh
+Z2UgQ3JpdGljYWwgY1JMU2lnbiBGYWxzZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMUUwQwYDVQQDEzxJbnZhbGlkIGtleVVzYWdlIENyaXRpY2Fs
+IGNSTFNpZ24gRmFsc2UgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDEU52VUxkPNxFuLOEIPwROevCUVbZbolJu2uOK
+hMqmu3yXDYKR1FBC5xGsxfZeep3tn+PGr9z5+O2gaD39SGxlMhxvSdbVc/QT1u25
+0fTq1U0gte59c0JsrG9MhvZBwz0kC7jMkc/1De1UTKtz8kSLwTqZgKQKruSHBgM1
+QLeMl47cR27fiUnzXAa2ZEOGIByyxdEG37yXJ924NHffS3Ig9PrPYFyt74Ck9Fir
+pc+gS5ayFmJLrmerYNTDkA1lVehXWkxZeK/xwj1+PIhlOFylbKKPrB3gFN6fqppT
+TkP/PSLoJcAA40b91W8T1sJvqRvgx31t/72sTup5zEUIHnglAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFMLKafW0rxMt9JzyEVXLKjCz0lpJMB0GA1UdDgQWBBQ+1JjhVKTI
+Ycfsx9NS9lCKWrDbIjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBiFYY8R0mw8pMTdH+nZzSKMKj3aONg
+mhYYsS5cKGpx8oQOv/iNdYZf+W2f20nLKt9iKoCwbV7qWFai5HasT2AeXypTgEMc
+nRcn5NkQCIkOFYjKwouSFUF9Lt5gcRfQhD2E6yEORH+6OuhRhkydk0NbmOu3EctI
+hR9RKSIY3cCS1got9Kxmj1N8/KFqKTOXleg6tdC27Fqo3tfPQOYccxagBPAzmZbR
+f17XUbqiY0fl0CVUBZImmUY1C18ov0xgnUF5m7vc+DQOhFemNemdi3wMbIN77Dva
+925L/R1Pek6PDaTRYrikU9zS+CkdEgfB7Pt/+PkV01xA11ew60ob+QEB
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 3B EB 31 DA B7 F3 2C 87 7D 9A 83 E1 31 FF 35 A2 20 88 61 
+    friendlyName: Invalid keyUsage Critical cRLSign False Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,336947DE40803472
+
+8ihZdQwa7EBBTKR6EeY4EW9YEwdyd4+xMA3jGB6d89YisIsJ+xBpMRDI8CzEWG2d
+rWJ7Tsoc1EfcAC5TP6ObS7BHhcDaebA23xMBdrInYaZFqLUKVBTL4tGP8auqQuAJ
++Y4fxnd2DTlXIjSAtuFA8PLmqMdtbAmI8pf0qmG/60R6yMExB7tYdEdkGJALaleB
+C4VJtcd6kRqfyuXcs15QDc5+dohTn39t7i+flu1srBxVkqLUNcS3P1Juo7FEtRAb
+xSE1hgQyz1b14PqnSOA8Z7G3aS3uZRwyq4lR/aip6qJmfbREKvxY3BXOE+1woqbO
+76glocZMWcUJ7rZawysJAZCA0ixGk2pIBhcvacCAsGczojkhADnTlie0KOyIuYsw
+0ExHSVeSGNlQqvT2SoDIgnZkb7Cbnc6yqK5mjVjRlG/PKrBbSztmbEbNxwFllsJQ
+oHBeyp/QGVhEkjNyf08OYfY2WZkYMkXnNGzoM8keW6Lya+sckfP+RWLfHC9c3Mmf
+U+tmKz9Cxizfuq2OVJyFSsRTLr3sOsz7NUWp3e7rzo8H28986nH+Omr7RXJBmUMz
+vHtKFNgZc1+06KYmfWRMtOYuRpUAODRF0Vw47JqUPbLg5J+BuAE26pbqbvPSY9rx
+RFNgnvxUM6L2sZim7UgfM8jAJip11NMtn5e19QmQw3jcO6KH9sFn6rGxRMOsDTvU
+qoPlYRhR+JvJPG24q2M6uWAGzkq3Cdp7IgRbfj+RD6bhuPlII2ODQVHYL3LWQvOF
+MsugpnZIqNcN69qQuRjvmq1+xOWC5EOzjgIXsSirT0Odw6At2pxxDros8lgVeq3D
+WTsuogGG1knw4kUB5cbvrnCdn5xHf3CXfSzuZAuBnMFI2BtFznDSSv6E52eQRMG1
+BUno9M9UsBSlqVNem3tmjaT0Lil1q3GPaJ5kguBPEddiYY1uUrym6hIUVxk14Bbv
+Hn9oVmIR86h94H18p4Qt+wrC+yl4uv5PAeXOnLjtgt9BvDYiAU6aikfyB+ij/jMv
+X/OotNasHmv6N8dlLI5r4XaaLIK9vKnQFRg7+Q2nkXTC3f3rbfrJS4chIcxKLzK5
+WRrwtZW5SueY/nDXF7wH4VVWD9aBKR7oJSUsIqPsF13Lf3O/WolzpwQyhyJGQV7h
+DMaeloxnp7fF08QKuowYYScAUJgHiNRUawLLldr+uHcBgt1JyZhsFNRpJL959jFU
+1JqTI43tWplzN56O5vzO5KO/P5ub7kqJWNFzI8wxUBq9/0MEuru9mDs8BiaNP6cP
+mCMp/KY7RpQ9Rr9EomplXLrroPp97kLzbWfKG59DHYLn6YynRaOjqcSsl1iLT7FX
+AQPhIKIMZGxJePHgFvzAbx+XlABrf4+AOErI7m3lBTOyKcq0+fQFgFxNxtXlRQko
+xlS0bFh2koJlbKtzY/ris68r0dz2ahIzdfI+v+HUAY3pBbr4Ptsz66fI9yzuwVDI
+DNX0vZ7rKLwlUwpZ6ZuDKdV8JJTYWb1p9EcPRYo1izO1S+jXbpDfH0ajkKuBVaw3
+fnSMTZGWZfu2iBTLXk3LuPvoNBLuIT+Kq6p0nN7XZWofgnAJ+HV+3TwF1JAhrEOD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem
deleted file mode 100644
index 70eca0a203..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBHTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMma2V5VXNhZ2Ug
-Q3JpdGljYWwga2V5Q2VydFNpZ24gRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALm+L1UcoJG+mviuHuN0sBN3JeuYb9p4T8GP3zMU2o4qU0bwjq9L
-PcOqj8RnfIrHIMUR9kgNmxJVXX+02rORMvzU9LsxdQxFNxN8sokG04ZZv5iqSr4W
-NnG/UD+RYlBLRrHuNx0fDoW1zAac8JO28LeCdhot2Un+J1W8knpYlAt9AgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSU
-Abz4nHw/6JK2TckGtNNyMU46NzAOBgNVHQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-ifJcYkKWo1wikfXTF8s9sBKQjt+cMW2Kn2+25hF8KBXRmo3lJzJXyKtMQucC/+6W
-rWB4brLC4KiyxVC9OCbEIxlsc9Mx35cgX39iXI5b2BEn/pZt9ceios9WPQYU6t/Y
-D78koBp3ni6yy5WGa3mpU/xh18UaG/8VnfARvbTQcGs=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Critical keyCertSign False EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIENy
-aXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowdDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMUkwRwYDVQQDE0BJbnZhbGlkIGtleVVzYWdlIENyaXRpY2FsIGtleUNl
-cnRTaWduIEZhbHNlIEVFIENlcnRpZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCgVfrVarIrsGAAz+ak13NJrkcspcEeCVsjrOtzHf619eeO
-TDalq7iyspJxTEhn7lG7q/UazRqEp6lBu1fVFkdFBPHi1uuNtyLB80MNy0ztjPAf
-Ct0/wV1jDvNbaCg/TFXflKtDTY+jcVWTOmWMwI6hZwokQ7Csbee02czrHw3gLQID
-AQABo2swaTAfBgNVHSMEGDAWgBSUAbz4nHw/6JK2TckGtNNyMU46NzAdBgNVHQ4E
-FgQU9ghpzs2MqUouYVwzB2XsoCyL6W8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQADeKlzkdXLEofSM2r4
-SIPYc9g0A4EXIb1h+1YhhYyiuhSRb3zpAHlvgtfDaHu/ic2pHNDRKAjHGf6349p8
-OCAnqQvl9yZIvOa5/N7F13V1Ay+igdgGSPXmKRD76jX5ccQvoEQUQlA9G4P5/qaC
-IonfinaLZXjcklWJuhV/XMzYWA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:01:BC:F8:9C:7C:3F:E8:92:B6:4D:C9:06:B4:D3:72:31:4E:3A:37
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        37:7b:99:a3:64:09:89:d3:3b:eb:15:ec:5c:bf:4e:86:74:eb:
-        de:88:f2:7e:33:ee:e1:2a:ed:04:81:bd:f3:bb:33:69:16:ca:
-        f0:89:38:11:1f:5c:11:ba:83:2a:be:e4:8b:ff:12:68:c5:58:
-        d4:fd:cc:fd:58:8f:49:5c:6f:2d:86:7c:1c:86:b8:b9:3b:4d:
-        47:06:4d:e3:f5:d3:c4:f0:b0:e2:56:41:19:b9:a7:08:77:78:
-        80:49:55:f9:7d:d7:b0:84:92:28:bb:25:e2:83:75:e2:59:a9:
-        12:8c:cb:d0:7b:03:c7:30:13:c2:79:d6:c5:9c:f3:73:7d:63:
-        3a:e0
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIENyaXRpY2Fs
-IGtleUNlcnRTaWduIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBSUAbz4nHw/6JK2TckGtNNyMU46NzAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQA3e5mjZAmJ0zvrFexcv06GdOveiPJ+M+7h
-Ku0Egb3zuzNpFsrwiTgRH1wRuoMqvuSL/xJoxVjU/cz9WI9JXG8thnwchri5O01H
-Bk3j9dPE8LDiVkEZuacId3iASVX5fdewhJIouyXig3XiWakSjMvQewPHMBPCedbF
-nPNzfWM64A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem
new file mode 100644
index 0000000000..b3509c2e69
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 26 27 30 F3 44 29 A8 E5 D9 F4 4B 83 92 0A AE C3 05 CA 79 96 
+    friendlyName: Invalid keyUsage Critical keyCertSign False Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Critical keyCertSign False EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Critical keyCertSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMma2V5VXNh
+Z2UgQ3JpdGljYWwga2V5Q2VydFNpZ24gRmFsc2UgQ0EwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjB5MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTFJMEcGA1UEAxNASW52YWxpZCBrZXlVc2FnZSBDcml0
+aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANf896E4DA1yEvLrX3/cGYNrRlVf
+A76pwTLL8ttdnT5H5CjhJ+iiSRGJex/SIqyw65lOAji765fxX7F4zxrYr3fdS+d2
+dPzMwT4K7a7EHoM+CbjS4cK6/8h6YinfliLa8vsma1/cNNTImaTCAwbJu12j7PzY
+9c/z6mkdrrtl2FFO2QNATVfkr+W0ySGvl6i3ptILE4cveSRZcUBXJZRF5PF35ntz
+DETThlUZ3gm3BpW+qVskj4EkaVvdsVh4dAU1knFbzC5QeamvtIsaVnOcGl4bq7dy
+PQcNI1BNUfcM8ohqq8DaHl+lxpIkL2Wctd+C/TivzyP7dAXFk6tkjWcJ/SkCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUNFULZ/wcsdzCcgoU8GPp1JvwY/kwHQYDVR0OBBYE
+FIQbJBPifwi611fyrtWctSgqZB4dMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAJmjrWO0GlQGCOakvQrm
+qhUsHPSqpZKgM1i2NSp+MnJp3zJoHa9kp8jwkykLSK2AuKKfoLOixQ4r6dLmwLkJ
+rlB5V5vmNVUCSqgIjD+vN2QAiNsE9R0ct40c0XUiTNv+87XTzZ0Y9XrsvHi5OAhy
+t0d3R6lFVDmLB0S0/BueNpW9JPW0R6Hj5p9aDJyYHllAWNzONsr6PVwIfKAw3I2T
+PTS2uEwVSCRi1bp1itJJOsefwogh+EXVwAaT4CcA98XllAGn4aw7l3niL3GRhDN0
+r4a80Zy4bCS42pAvqpq7BvzGlP3UaW5vRSPwV3MGyX2W7765rm05lT/QuGApTZ+K
+Igk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 26 27 30 F3 44 29 A8 E5 D9 F4 4B 83 92 0A AE C3 05 CA 79 96 
+    friendlyName: Invalid keyUsage Critical keyCertSign False Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,813B1DE6E55637D1
+
+baDEG0KJJmA76GdmNBYhREkCTLfiBp9GtpJIOrbe4/Y/GFmSqQrGpk4Xd60VAaRb
+crmQOYbN0A0Xnack4U060+KskFg11RpR/pE6MBN4WxyOx1R3wUSiuaPh/taxFwMA
+loI+Bdyxc+jA63BtC+cwhzllusE2T2pNLW50YMnwV1XmmjO61VMJLLKs2P6FCi1Z
+nE8z6ycuQl9mP6VAB1p2mB9rzLY4BkQS6vpOhpxVGj+flMu9qJyVmn1y+TIdjJTP
+xrpyJrXfnJa9uvdAgzi/XAN4W0/mCyMqiTa+Q1oKfjAGCItG/Hfqozh+GY5OsEIc
+acKW+i+3KPNy+4oqo+IYqDRFD1YfUntV1DafkFBV0Cqjphv3iHUh+gmvPPRlhDI2
+TupL6/zUogp4jEqq9LSROWNOqvQMjmUPDaaPiHfNd5Oaf2yvMuLhWiZDeqvePjNw
+BOOftWofOWOa+a0WNq3l/O2ldjCafUOAzqDzrWjMtPy4GlZy1KVtopS53Jrrd92Y
+cyX55wc2cUG7QGzWhYqbTC36C/ePg6Gunqz1+28vkReKdsfF/Rn7GVuT++H0kLPk
+GdzjjOaTBB3PO+gpubpq9oXQTj8W1Imt09rfCZhmaatWstqGc3j89ypSDTd2unfm
+DHrGsDsbIAPfDsqX8RhlGouoB46GrsxcT30VztHabMQ2G/x2Kc4RmMbCxp6INaP2
+dq3g/2sFpiLycHmXFGu+rRYWUP+PlSuQnRiOaLGaLnzibWgmR7tGcHSUcU64dWHK
+TgwselBiKHQUnaMz4zY4Z+BATbZonL5bIWIEofRiGEeGyyaRguMAc7jQJRN4kb0h
+dynrxzD6mZLZ7gA5gh/Aay61CrDhA2/7NTwVhrZeYDukKTvJox7WT5DpS7Mg+RGu
+uH0HzEfWw9Y97l2N79t0PCvfXcfAO/RhbisLp4m0FpFACiENbBVatYrIKwTWmgh0
+KL32vu8HFGxR5Aw1CFIez7+J1QJ6wvcvGhDtMN6lU7N8AfgUhS53kMBumz7FKtyd
+J1jmDBY5iDfPPcv217VENjF/3mBPIAZtw7+gbIThuG+8fjcKKp4LqaaRdBpeMv2g
+eaN89jRL7/bO+/7jnQymSPm5DHHMHbKwA1ueY/eW+TaHgDnSp2PWvtRSi9CKSMSY
+3x+viL4wjDqlv+ruiDjIgrx8dNpZc+hv9nFYHH3jYT+VlzAK8CHxHXnySD9Y+47L
+kclbK7QZvOrl2XmP6QHjQE+BQBtNpxkbqkEuDQCuKCqew7+7bGBXkXFQ+3NS8zab
+YwBr0FVOiwFKOocJgW16CdAD3fQNIdrT74lBVQBLaAWTZVsvGV9jSSu1Tict7ku6
+GIcZjZWG1anwH8327XoXmjG7Vii+ZHZUAZ29TPucMmICWyQjcBXM9MD/Ip57qe//
+CxuNovlwwgcn/VTJ07c0zp04iTnG2CvYDEhmHBQ65HPl3nR0T77j/06V1/fwesMf
+lADnfRsHXYajjj7oawzhawGtv+74dUTMKVWgOK6tJyRR0XnU5gZCHLkX/d07vQcW
+c+C/3BxYLD8opbX34Z2UVxFQxxF4LrX+sd0Dob8oDuCfT0ixrxSdsrLRTg255Q2N
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem
deleted file mode 100644
index 0efaff7138..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBITANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMma2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAMLOm8AZjGbhdJ7A5TMeS8YqKDv+sSvYbu/N0xYhBYw9btWqMvhg
-UQRchnPigIMNH270hJTB0xUODgi5kEfd3aMcqP4p7092jT7nGwWiWqMfcOiDob/B
-jwJbfa/pcDWtLtL9gGu3mD5phBMV422/vXk7DNPVTOsm0LK+kYcbkutzAgMBAAGj
-eTB3MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSb
-FqRb5CIAWLVWFP8usoK/Iuj2+DALBgNVHQ8EBAMCAgQwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAXayz
-RGBvRtkZyRHdFZY+3aIHHo7AdgjRSbvWFShHnbrZnd2E8mbkkk5NH7sD6IQygi5b
-6s2ZEpMFRDc8NNSG1Qh5NagIp8Wguyqa8HgSA15CytfKd9nDdIY8NSFPiqXCXIOp
-AXIf+LI9d8QnF/zOuRdKQiX26iVbh/Ofiij5b8s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Not Critical cRLSign False EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIE5v
-dCBDcml0aWNhbCBjUkxTaWduIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowdDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMUkwRwYDVQQDE0BJbnZhbGlkIGtleVVzYWdlIE5vdCBDcml0aWNhbCBj
-UkxTaWduIEZhbHNlIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCniZx3i5eOoYfB4+DHDtBDWS3+uKOzezExgLASJeRuST/z
-FBDywPOCHD9BqbsVdo+fQMjOEBs5C2QePhrQmo36vBpuTGeS6o0ZwnPqZEiR7BDm
-BhaU5GfHWArITIQqqKeGMrcd6inS3EgiNfLoIgErgIYUE2Ay7N3jNAkZ+gHFsQID
-AQABo2swaTAfBgNVHSMEGDAWgBSbFqRb5CIAWLVWFP8usoK/Iuj2+DAdBgNVHQ4E
-FgQUO/h+SZvyJuF7i3RkSFnq+ekut+kwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQB63lqdcOrQ5elffexi
-Pm+erQomlHA4QBd/o7W9oGu3wh9o/OxaXUX+q1y/xsFQPWY8rnd9WX2K/GbDnAkg
-b9VumR4AI31DBsR9ON1LP252rSHzpH5VeLVX4yp+RU1J6VvXAFXD3RgVwYE16JFC
-NKsFf0HL8FRjpLQp9+/qcp6A7Q==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9B:16:A4:5B:E4:22:00:58:B5:56:14:FF:2E:B2:82:BF:22:E8:F6:F8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        09:d0:9f:43:ea:14:8b:96:bc:51:a7:26:e2:ad:a1:d9:85:d4:
-        c4:54:67:72:3b:27:b9:51:74:ca:a5:72:a2:88:21:2d:f0:46:
-        21:ca:5e:36:02:5f:bb:9c:1f:a4:84:63:64:8a:52:5a:17:b8:
-        d5:5f:3f:d5:73:38:f0:f5:7e:e3:59:80:ef:1a:70:89:da:37:
-        d4:b1:31:4a:94:01:ea:c9:71:98:aa:c4:ae:e2:8c:18:ab:7d:
-        a9:7a:fc:23:1b:57:ee:90:81:0e:29:4b:c6:1f:78:2f:65:4d:
-        38:df:f9:6e:74:90:71:57:a1:aa:06:4a:8a:a9:15:ab:87:17:
-        1a:ee
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIE5vdCBDcml0
-aWNhbCBjUkxTaWduIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBSbFqRb5CIAWLVWFP8usoK/Iuj2+DAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQAJ0J9D6hSLlrxRpybiraHZhdTEVGdyOye5
-UXTKpXKiiCEt8EYhyl42Al+7nB+khGNkilJaF7jVXz/Vczjw9X7jWYDvGnCJ2jfU
-sTFKlAHqyXGYqsSu4owYq32pevwjG1fukIEOKUvGH3gvZU043/ludJBxV6GqBkqK
-qRWrhxca7g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem
new file mode 100644
index 0000000000..56a6656ed1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 3A 45 96 8B E1 9F 54 7B 94 F1 83 24 33 A5 5A F0 D8 3C 7F 09 
+    friendlyName: Invalid keyUsage Not Critical cRLSign False Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Not Critical cRLSign False EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical cRLSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMma2V5VXNh
+Z2UgTm90IENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjB5MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTFJMEcGA1UEAxNASW52YWxpZCBrZXlVc2FnZSBOb3Qg
+Q3JpdGljYWwgY1JMU2lnbiBGYWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6kAGMAGNnO8CvJ2PjAYd6v3pcL
+vPjKj7gXi4mOj0xJc1rp6f/8pxy/Ua1aPCyRiGonwfc8rZb/mdR+HKpTTJjZgygW
+26aX93qRrJIvvb/Vie0yu63PraLINIUKzg4FeTIAmCu3g58FhVdsaLALdA9wD6st
+Ru+BcE5BbZCssejYjMxiAxjrv7GWE08R/O+6u5GxqE+3ZWg4StDq1UyvDL/HhEjc
+DmuODxI/sruN7fMv3SN4o+GfkkennaAnYE4YWK37p8gbeUSglVsTHliyEPFcclH0
+sAElmBLEOfkZK6XRGQVln7g4+CjmbSuvuoZUKT4RHOPTwdoXB68uwIALDW8CAwEA
+AaNrMGkwHwYDVR0jBBgwFoAU+X5SoHlmBAhECGV5EA7dkOZD8dgwHQYDVR0OBBYE
+FP/OMrJ781bfdvIdIFOwNrNmArfaMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAIvo2bd8LXplAdh4RhqY
+XGsOB5E6oyj5lqaZ9SH+wi8ss5J+Oiv28rYRYVqYnS4ceffJz0q9waAuab8GIbfS
+NWXIfsXTncRqEq2kM3W+/77qIItkjcfEOCxV3rtWayCd/ugW+dwO+YChBRdiAMV6
+VkBLR4lo8pO+rT/pS4REBTZbdoZ2ToQB3RF2M4AJMrHGzeBi4vMNcxTVo9iMnvOb
+QvGLwU20mmMt5+WsR8HZviXmOnyhikb/pba5sLhFm+kY6VZoZ4eMaGIjbs9okOjs
+hOyxLkfZYsICWxDMrHeLnat1/hV7dQ2jZd4iZzvXaHfRK16y9c9kX6nXeQRDuays
+HpM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3A 45 96 8B E1 9F 54 7B 94 F1 83 24 33 A5 5A F0 D8 3C 7F 09 
+    friendlyName: Invalid keyUsage Not Critical cRLSign False Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,15F9F9CF3F6BEE9B
+
+EfR+sG4W6NxweenHODSkvOFk6tg9VJLdcV4Ui6KXy36UW24j1fztUlUu6RJE7XKc
+EVvhy9sXPngo3eFOS5ziK5aY+rVMuDHp00kRfG76P4iCUpiPo6BGXrt+gBf6CQ39
+Z9Z5U890M2Ljt4cpKj4lTdHSsAef83Y7GZM4xgH2V5ihTOgO71OuDnZdtDrfoVtJ
+r901xr35u+1spyA9EscEMZqgbffFGQK8rBEdCR3dH2EPawxdrkj0Ud6Aa7meY1BQ
+IGkzbGDasO7aLJMxqtJfwWe2xaESgDKo+g5Z4Yh2xcAGH6MlHLIt8iN3OhFh7qaC
+kTnGOySSL46dh4oHdk0QoiSjVuICYkXFZLXxiaP7+4IRRFo1+4YTL5Hw2nd9afO3
+1xb5vqewZULv7td7NT8NGBHHFDnhY2Vi5Ilg5NHNhc8VIqsi9DBT50ShaBgAdxLO
+2X1SkBXFeYPFVfVgJUhDLAzFU6lm0GNGkX9kz4r6f5bmrgEAaPC1Ct0rq5m92Orn
+VnfNsKg2F/AHa/VzLHA9HNHqPatin/cFC5rhLRLpssKdFuyJVnuBg6LeUeuiCh1g
+FmU2w1Ka0h0/0YEBOxY+QfeGWoF7gEhX22o8ttcUTsFs2BQpnVKmuW6S0JZcH/f2
+p6ykr9pN1Sl7C/sE2MLoF7zaCFxHBUG4pdabi1D3Gx0ch9bD28M23W4NiJYudACd
+mf3scQDlABKsvN2AV+StGcza+kbvRJOjz9EsyEffienzc2qfPcgm8G/NyX0TiQn9
+8Ci261Db7gpdDdJKDYjCfi3zMhLhyw+hVGI4f3rb66GYGwIOk9yf8vhwsMaNuvHm
+eCM0AEX+RTHaZixPhPSfCo/LLdK/YN0zGwERcdii7/8sS8WrhZk5u03il9gf57l4
+vHf03lAcZSZB/5aZJs0YJil0Whb3li9BIZRd0g5GF36qajHEGbS1aNgmyQ2H8Xuf
+9B7/sVDgkK4X2NOqxMqsrSJmDJ+vF1+UN3e/pKlwSNNffTzSMwTHzexHOrsDdHnm
+GqoLOhtnCtqTq2f/r9LWCzkg0nj/oboZfIxIZKfnRV252N+2/XWKkLyJZnLvfrdC
+NYiKukdLQpYVCvwknIq3aWrnOZLXogqhFcMHCQY5W7F5mWUefFtklYZ3SYB0i7Y1
+lSka1MHLVxkDiycVh4EW4MwEJ3S58I5lPqOclktKuz2p00C56D369lS85Uds0L2L
+jRi0Ojz8C0QctT/QTunJwX9ev7XJSR5UNLPjkGsEcGF1YEd0UReKFo/wZTM39bvq
+uGWfYEAS4MrkSqNHlXeoAY/luhb6PIbTOE1/Y0Sl8hXf91GeJNWDfLSo+HuhObtL
+GmXTdW8NTWmDnHPbQTh/qnFCWwZLDZD0cytnrUKpgEqW0n6/kTKURlvQRtDAVWWu
+U67Bc1Jypui6OLWaOX43ef8HFF0KTORX/luz11cBu0aiU1T5lwdAcYCEZSHWNhLw
+x1DiNKhQcnu6PSRnlRCp2KLcF8A+oLDyjBAaEVT7Mw51o+dt5dZM6qrDmv2UDWL1
+wFHJW7E/MRw9S07KCB3YgnLQUKC2hHK9pjIw4qDcn3RxpaVouXaZbg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem
deleted file mode 100644
index 7fc272ea18..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICjTCCAfagAwIBAgIBHjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEGA1UEAxMqa2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCo1QPZC5T5F1L7XkkAguXC8vf9C9YbYfj8VbP8CXU6/3EG
-wUPK43eDJfWBzzwk7bgumreNheNFRcFW+dcroOFvVflXXBjj/UR7qkXULMf9DqK4
-dqMYYafyTrI3QrgNfdN06ngaY0qNnXa4Z58ecPAQPnQprJHJ0fDTlwultqudJQID
-AQABo3kwdzAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4E
-FgQU3wy5NIl1eNIjkh7wgSHfwnYXZbQwCwYDVR0PBAQDAgECMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AFYPjvJm9+IVM7cHs7OMJLoeNCnhUL5nlx9HuDLzP6/+0o4V3aQgiP787/zfOBFj
-yWLTLfKqJTkm+8fs+TLFf675Vs2s3dPELXJLvFwgQFYDiSQpV46thD7NLw474dse
-tN1i9Scl7y0RsDHbi9qBIPsRX4UV8/8nawbo9yW8hpqt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Not Critical keyCertSign False EE Cert Test2
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
------BEGIN CERTIFICATE-----
-MIICsDCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKmtleVVzYWdlIE5v
-dCBDcml0aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQTAeFw0wMTA0MTkxNDU3MjBa
-Fw0xMTA0MTkxNDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczFGMEQGA1UEAxM9SW52YWxpZCBrZXlVc2FnZSBOb3QgQ3JpdGlj
-YWwga2V5Q2VydFNpZ24gRmFsc2UgRUUgQ2VydCBUZXN0MjCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAp67g5m0ja/YdBc6nUr+UTz3XzQoajL7y9/EF7M0He7yq
-nlQvh/d2kEpE3e0EUZviJtg9L9sxQRgCFWVR+f9rLpPNEBIAZ2HQ83SxFRr+UbfX
-LTOLNaLhasu4lG9LY8DtyYxjrnvmOHkvTk14kD9L+YPJbR9LmCjNHbmoFiNu0Z8C
-AwEAAaNrMGkwHwYDVR0jBBgwFoAU3wy5NIl1eNIjkh7wgSHfwnYXZbQwHQYDVR0O
-BBYEFLkvB65lcMDXjd55uk984ACgePDSMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAf9WmZ9PcF2mY7Fst
-f0t6wDbfkMenvluK5yTnfZGZi1Xa5WFt+1ifSxYjkxTMTw4DJ5IXWRZNr40+NhCo
-2dvFQbeTEh90GuwSrFOY1LoT6stxoc/OXatyOCuO4rved9tzjRAArQndpnd6Zqsd
-p/cT+7yvFwM9fxMinMUy3p6rR9E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:0C:B9:34:89:75:78:D2:23:92:1E:F0:81:21:DF:C2:76:17:65:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9e:b2:db:db:fb:42:09:bb:05:d6:af:1d:1e:b5:2a:e7:88:75:
-        f0:e6:a9:52:0d:ad:a3:4d:a6:64:06:e3:53:b4:39:db:4f:96:
-        08:5d:ea:da:bb:09:d1:d6:32:53:91:62:ed:33:e9:0d:87:6c:
-        f9:12:a0:4a:c5:e9:e9:6f:d5:d1:02:8f:22:9a:d7:7c:82:d2:
-        17:48:0c:c3:2a:c2:d9:e5:f7:0e:77:1b:52:e7:1a:9c:2c:7d:
-        5f:31:a3:aa:90:32:ca:9e:ad:42:ef:b3:9b:cd:11:da:13:36:
-        7c:cb:85:48:75:59:7e:6c:03:9a:a0:70:e3:19:d4:c1:dd:c5:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBVzCBwQIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKmtleVVzYWdlIE5vdCBDcml0
-aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU3wy5NIl1eNIjkh7wgSHfwnYXZbQwCgYD
-VR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAnrLb2/tCCbsF1q8dHrUq54h18Oap
-Ug2to02mZAbjU7Q520+WCF3q2rsJ0dYyU5Fi7TPpDYds+RKgSsXp6W/V0QKPIprX
-fILSF0gMwyrC2eX3DncbUucanCx9XzGjqpAyyp6tQu+zm80R2hM2fMuFSHVZfmwD
-mqBw4xnUwd3Fejs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem
new file mode 100644
index 0000000000..713655159d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 96 66 5F 5A DF 09 34 F8 08 18 23 5C 0E E1 91 99 9E CB 07 77 
+    friendlyName: Invalid keyUsage Not Critical keyCertSign False Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Not Critical keyCertSign False EE Cert Test2
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical keyCertSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvzCCAqegAwIBAgIBATANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEzMDEGA1UEAxMqa2V5VXNh
+Z2UgTm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMB4XDTEwMDEwMTA4
+MzAwMFoXDTMwMTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRl
+c3QgQ2VydGlmaWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQga2V5VXNhZ2Ug
+Tm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIEVFIENlcnQgVGVzdDIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc8DNtbU9YabxHAoWqRyRxHTrx
+VL8YwSE94cbcBbMA4tskut30Eqd/j1CYbCrD9KIyn68THeypVDFGL82wg3/N2lZM
+P44b8KvH2ouJNqljDVDhipAu8Tjiun0y+3L9diMlpsfrx2ZSdDO+WbeHoUjovd8Y
+DrPtG0U6THisgQj9sgWI8oIgPpQRjoMIb1ZAC/IsMPYVNJL/a14dlqit2PsGpLnW
+RYEG064MAde5SHUfgV66pwAxisEWH5xl/v4Bbrh2mqMsQ16izLKStQiuW/sVMEdH
+iEJefQh4y8anEbWkudAUDvV31mUyHivZmfz8eldAy9ICi2RdSEOf0QCfARalAgMB
+AAGjazBpMB8GA1UdIwQYMBaAFLIl0igw0FVobky1wkjzypsV8kBFMB0GA1UdDgQW
+BBTzsk4G1clcuVdkoLbl/++tircPZDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQB4eFm1jkEg53bNCSXO
+pa2ViAfw7FgAGt0+trq/MaMv0SVuIWZRgkhDWSuTffNi6zC0cIXO+H/IlOA9pPz9
+CHnH9FRigpZleyl8/WMx9EeEYzpS8Bde6LLZh8nzeLiBsXZ3A9+Bp8lqfgMoj3kW
+GUIcMGyN0MS4PtXuuwz0Ur3FXfyXEEJCqwQ3iyiIfDvYaA2Qq+ttHZcJlwkzeMEZ
+pwM/lZZEnapou8sdKtfbA9h0+0ep6tamOC6tRv7Gz4OGtPKWstl0jdf382Oq60hX
+0TqCs8uCX5l46vnYweDOFzj9118sceZ9XXCYxNmRXPNbEf2guCrirvPZCRXcmE0v
+7AOi
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 66 5F 5A DF 09 34 F8 08 18 23 5C 0E E1 91 99 9E CB 07 77 
+    friendlyName: Invalid keyUsage Not Critical keyCertSign False Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,76FDB2972170DCBE
+
+EaoMivLV7+N1+6wNegyZ2zfOaRVnjO+se3Y5Py1dOOrrUs6R7tv42WSmrU5nYbXe
+DkgVoQrH6xBqPbTLqewzqjvBycQM8qdVXUAI444cosm4tFV0V+UlU7F97jDYBrR/
+0c75ee+8dfUM0iS92TfO0+znPYFjstsvNczbL7O9XFS2IzdBVXDHWsevvzmTjOiV
+KA3iPFrpzUWhrTCYmZsnmjy5w2e+KTGQLhgN0RHDSj4kja7YZJWi7+nUtUjHKtIs
+T6AnvuthxCieYmaC2RCsqT0ptU6gyQQahMkr6ZTJqgvmhQTqDDdRE5xx07V2xol/
+JGzOCxvi/LlUR2HXyxt2Ip6k+nHixE6E3/PCmkHm2EfM766z6jS777etp+TOKsuT
+j/hyr3FT67qfp1/M0p4jTttJgSfQ+gmlIaNzYu31VklODJGzXJ6l1QxOx7TWgefn
+/K2Qi2WaQjEfKlcUZXVilt/DucRDsDPnMV70yMzl6VXiVkDDXSgUZg85AK0v/sKM
+EbqrDmZq+QbNZOh93/lQdd402ujrIcmk89O0Pq8V+9t2/Lkjiu0PWoEbAfUYe49r
+dMSh7biAlqfe6dXA+9h/Ggco00dm1diXtSZpdDrv1yyttLyCpaF1en8suqXc69FD
+30jjXsRSGZ5xRKnj1hfFiET8PD9TKuCvHDHCc4k1KttQaRtSzAEUvHIuN89SWVdr
+CiXTcw+FM8wrtRYM2I/GmrNU/klyHBycgog0hppUPUGnRJSevnw9CO2HiBLtSScj
++NlId3IjXi/zO6vmtxYtqAl18hK9aS8KU/lxsvZGhCHs1CDea8TQUW8womcYOKk/
+WFAs8KWcgeuVPPSExFXh9L0Gmcd45qBQLfSuFyc3IwBbptpOPTxnPqsam8fe7ohp
+F6DBClXexeZIOSCWFYI2x+heoO76W9caw31zkIAJpBGFB10FOoBy9uCApGdPj0zz
+zVHPD/EH7xkxeBGf0jMBTcf/j0w8otkNRSMc0TwZxuCN+1rMvG+5pcKNQA5xeAhG
++ViOO8Pbm+/iNY7Q23rSW6n8Og+6rZhgmD5LyIVW5lSJ5KH9yXJX2IhvHSYL1VZW
+5bAnPemCdIESLovzgj4D+ZQQVOPyoBO5jaltisqySTGVFKjWTvA2KHpB2khJQI3h
+sxUHAORjmSNOjHw9k/JFEIAr8o4U9XP1X9fsLyORVqNxAGuhatmllFRUv8QGEAVo
+IZfYZB1OL6qN3azk/hERP3DjHrnrNochgMmXgV6XDZC8D7fc20JcX3+LhpoVgIU0
+P+BBumdym8t1wH6XNLUUIS71V/BrWayt0luiJwiiju5AflV0rkdQ74wjanvcU5Av
+bQTyZYXTP/tw/qV9cLeNtyjBXHcoLXjWn6fyZmZRZfipGrGdIYmBtQIVUW+QDunW
+TSdG1pzZDOI5PHeIGpmeRiz7PXj1W0bTnuBaca/LH0DXu5DbuMcqS/plysObH0Za
+An9Mw9UFzlo445TXP9gwEllgeEeCiy33QCTmssgBRBiHNCSHW5C25igewYkChvvm
+7HtIjHWQF6hld+zE+YRPmR/DWbSvztovy7wPr9zlOzpOffC6f6r9SA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem
deleted file mode 100644
index f1d3094eed..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBTzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEmMCQGA1UEAxMdb25seUNvbnRh
-aW5zQXR0cmlidXRlQ2VydHMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALSCJ7MnQSSfqf3cAKyFUJRK6CV6MSLa2t9JmoGgpu6snUGfPogvAguvdYP27085
-2+7ZAe2MA5+VRBKl2gtUJeS0qdMlrQyLMw8SBfIuCc0cMrbGnRHqeBPHPVdq1n3b
-xx+pwvDV2egYWx53Vyq72HVv7E6QhdGjEwO41216OFXzAgMBAAGjfDB6MB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBTFKJWbEsMCo9m4
-+7Yd323jU625IjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAH50jqtmZxb9s
-51U/Olz2Z4OskoazeeNVJ0LXvUzF2vYzqBhXseLUd996wDmvQWsoczt8etO5zJdI
-/iXtC61WyqmSDgSSSEvoIAL/xWFYQh1QAjG+FD7qHxfJ5TUiVFUzkQe/nE2wSWYL
-oiZe8DkJHsi/T6sBMbZeNLcXa8CliLI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsAttirubteCerts EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHW9ubHlDb250YWlu
-c0F0dHJpYnV0ZUNlcnRzIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowbDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMUEw
-PwYDVQQDEzhJbnZhbGlkIG9ubHlDb250YWluc0F0dGlydWJ0ZUNlcnRzIEVFIENl
-cnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnRFu
-rk1+JntR2FWOywl3/YsAK7L4yrNCEx5T7OIJOPeYo2gQ4HcNYzhCfrs8BnXBgRWm
-SmYiz83DHjDXf1v1EYvmLbuorfhe6oqbZjFFmFSFVYoBBQGoweqSBuEP+Dfz5JCQ
-3j/U5P9kHacuVt5EvNDFuxC2QpNlKDMKVp1kO1ECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUxSiVmxLDAqPZuPu2Hd9t41OtuSIwHQYDVR0OBBYEFH75KmUzZ/T1lVkx9E97
-tlW7zv91MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAcnsbImj6Bq19wrmv1lsHuwr0rR9v5AU5A5BvxBGX
-7L9250MNODFbkR2trDXDu8Aj4xDl14ksrH1CW5oqqvhSIN890dWabjEIWXzPJPXm
-Ogj5ekGTXsXnOsbO8CEfvjAvg8zfRVlWuR+mxGvk8qw4t0xB0GIqutURQegGF/zY
-tJ4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C5:28:95:9B:12:C3:02:A3:D9:B8:FB:B6:1D:DF:6D:E3:53:AD:B9:22
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        4d:d0:f1:a7:37:36:13:e4:57:d2:e5:1b:bb:c0:68:35:91:0c:
-        84:53:55:01:9e:2f:bf:4b:d4:7e:55:4f:ea:6c:71:f4:54:a5:
-        b7:38:50:ac:43:c7:85:b9:13:88:4f:36:5c:35:5c:83:56:49:
-        1d:ea:d0:34:ce:bf:d6:21:40:f8:4a:62:ee:c4:88:74:f7:05:
-        13:cc:15:90:46:d3:8e:04:5f:00:2e:ef:1f:43:cf:da:84:d4:
-        27:b1:22:c6:b5:ad:83:cd:aa:8b:cf:0e:d7:1f:76:37:a6:29:
-        8e:3a:e7:3f:58:12:8d:2b:77:58:b1:eb:7f:35:6d:96:74:f6:
-        48:1d
------BEGIN X509 CRL-----
-MIIBWzCBxQIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHW9ubHlDb250YWluc0F0dHJp
-YnV0ZUNlcnRzIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoEAwPjAf
-BgNVHSMEGDAWgBTFKJWbEsMCo9m4+7Yd323jU625IjAKBgNVHRQEAwIBATAPBgNV
-HRwBAf8EBTADhQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3Q8ac3NhPkV9LlG7vAaDWR
-DIRTVQGeL79L1H5VT+pscfRUpbc4UKxDx4W5E4hPNlw1XINWSR3q0DTOv9YhQPhK
-Yu7EiHT3BRPMFZBG044EXwAu7x9Dz9qE1CexIsa1rYPNqovPDtcfdjemKY465z9Y
-Eo0rd1ix6381bZZ09kgd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem
new file mode 100644
index 0000000000..efbb15d909
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 70 8F 11 3C FD DF C2 D5 D0 76 89 58 15 1F DE C6 C9 D9 E4 D5 
+    friendlyName: Invalid onlyContainsAttributeCerts Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsAttirubteCerts EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsAttributeCerts CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdb25seUNv
+bnRhaW5zQXR0cmlidXRlQ2VydHMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBxMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTFBMD8GA1UEAxM4SW52YWxpZCBvbmx5Q29udGFpbnNBdHRpcnVidGVD
+ZXJ0cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCupG+ZQFa1+AF3vKIN0iZQf4EAprxupX4n8IgjFQWXI42ZN8sQ
+rgpjM7GU/jQbheNxHcuZSPIkp9MAYkaoESZsq81ai045iqZRKEsCnoL8rWN9OJVK
+wRSkHXLeKfaRhYo86JFfjx0KkefPGw4G4IIxbtlulVcc/q4OSa0cKNEhrDQWD2uM
+dTNhHDYQQxt6kHaYZRb8krtPWwlEl+s3oYAVfzYo/b55hKlWCBkGa17X2RfFreGQ
+WcV+EseidphAB5YytCiZMsZ6L6CW0DEICVYi0OhH/0UX0BgRdOIvfgd2PRmL6uGj
+Jwd4yqI5aGfLOTF7bxrjqHdPOhdNJXHlk4VPAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FE0H/vYtvLUZGlBN35kEem0zcJBOMB0GA1UdDgQWBBT/0UE0DUG+pU7lJIfWua/D
+vs0c6zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCOPkqYnbLIBrJBXY6Jdcs0/qHhYCKjUGuwSM0xV+ui
+/11R419qTZlDeVEkUnF6wzHa2LrvGOxQuRfGcW4GeOnEq4p20iJy3h/kkZjwhuTO
+4GfrWYkHIH3wFdQ8xwSOW0egU4h+zdki7Z5ABi0nUYWQMV0bcIj5t69r8YM2Y/DD
+dddGgtxOkM5wJ1zuaFEvDT7YXrPXv2ndPy1j2ZecQ1N/87XS5Vt1y9whcfUyT2E1
+vy42AkyG+ePgNG4Z/ldDXOXYpCmfsITWgipmmkBgHztWgfdCRq780P1zKRwfMWyl
+C1ajhmo05Zm2uO2rQ1QoyzseVqS9d5oW9jEPaRQ3Q/FU
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 70 8F 11 3C FD DF C2 D5 D0 76 89 58 15 1F DE C6 C9 D9 E4 D5 
+    friendlyName: Invalid onlyContainsAttributeCerts Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,60AF22A385D8A200
+
+vOM/Va8LUV+WEEoQr2eSsCybH+PMQPzHDwFvGiy7JEPwODr0e6qeaEaWFYj44RDN
+/SWUbgktQFzykev9OCIiyUP9cbGOD8T3O62k5omFStgZpMIF7SysnBLK1Tb4wLrR
+U/xA+h04SsZpUXWbVtTV8kIzG7zjoEVFZQkTMYTM46ax+wVCsF6O199rofHjtUBV
+hOwqE6ae2ntBrAioWIPI2iiZMhdJUk5fX8Meq7rQLBmEXgrNZlRVJn6OIjAjTpin
+UDu6Wh85Y4oEA6F/+JzhA5fF0iglRL+8NQEAwGTx8uLs3BzUGNisSBtiURtLoNvK
+/LU/iUcUfoU7YZDW9SgfE5LCcEJEHHj/kiCFsu491sCFS+6fqNMM7E20bxZZ3Ufn
+3ZJ/eBXapNI/rhqTlFhyBWxrOFhMcbuK8smmTsG1EOrl+B+9JcGZbjJhNfX0MIhL
+w4nLxg2+GS2f3pxz43c8+RkxdENCPe2DSaeTn15kNgo3KD1gg0aORN0OqFee8X3r
+lWbSmj0jwjLtxoEwy36A1K+sCVzvNy7ai2iHwk2XzPEgMK7rvPjjL0XPEI36YvMX
+LeAm2MGjAUHlzBoqcCQI4juhRT+tyudaW3+zfQeoM4adlja4RYpSV+7CGJsjvZ7I
+GxO99Wojl7sD3B0LhFpMAqFob38dqyadETWys9L9OcqQJwi657b8VfmnfIN0V61Q
+H5Nuo0rHmHiz+QJOEBwXj9KwMpPEBp6wl1KJsMuf0YbVDERd6uFdlH+nz7JnxJqU
+TE7GBDI1CC1Sw0eRBwHLMgNnJGF8BDa9dtTDCGhfOU0OWaslmMMsno/I7ujztQ0Q
+HElkSzLasv9u7eDeBN7c5D6e3Wew0FNpzG9c98SWbGa7UZRU24hKlBy6eLKNmCAg
+e+YrtxfJ6LZ1BGiq/1wAK+wePdG4WPAcOEmj3LmDTvCwwvs9tp93wxVdNK2U3eKD
+MN9aAHZvYBRatOkuuF5xdTUXHSD/xOCPCvrGckGPhd3UP4TXmynqJxXDeJLZRRQ6
+Xtm9TB/AyWDnfBqNQY+oWEUzwxHPge/rexI14MCptsA6vJwHHVZISwHyTme9yeUX
+XnXudqEoFpDPp6CJufFXQJZsIadgc9gFlRfQ+daqzziKoTy4HplpZ9uTjsPS5soD
+hO1ZqHX7XU/7m0eSRKzp0I2/HdZr/JycnU1Pj19vzbrMsgccfOq8Ih8et+JJsid4
+50/x5sbNdj8UCDEbF08sn+TyOqnPSibburaug3K3mLFOhCb1ss6NV2nsnRV1xquU
+GzbYay1ig7I1un9XDnNzva4jcuQYUfQt2mogStozmkmBrvDIJr6VgJdoUWU7MNwK
+CT7wZsrP760mh5Lf5YrRJm8DSu/QjdZ/Kq7b45DTHeBjDsdj3KPecZ8qG1gBcmNN
+eODKpKqmXMQDDioJFXp8ljOIr4zgZHd7w2HiuxX0BqnQZUNyenymEmHEABzM3Qn5
+WpsvZT3uB5HY5R/sRcu/mPqm90V0Kyv+68WvKfZSWacOZpYP0QEaLMcpqoT3QnL4
+F9ccIQ4dx0Wg0V3+sVFnjaZGYYbV4mJHOYlyD++eHwERceloZPIZ7A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem
deleted file mode 100644
index 14d5cba2f9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBTjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWb25seUNvbnRh
-aW5zQ0FDZXJ0cyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqP8z3Y0v
-UCVXIVXCpbr+dcdoZFi0UZQPvl77hqqVORSs9FefV5mTeuoDDfhtUYa+O6Wzh2v/
-Yzv1MzPQzePG3eho/6CLs4pzqVWZDzYTG6OXubjPvYT10WykqfaWuivcn5YxbHuA
-cRitNsBAvY1Nq/kPDtsPJz1t5+PDRVO64gsCAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPOhB0Zne+mPWavrVYaTyKzk
-VbcYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGkMUjQFfto4SQpRJ2fAeU
-qXp2dn4kt+s/ITPOIykUFaybQ6eaGRcWN4kTi7IufbSeI7lmaa4SC+bq14tfSf/w
-gJSpwu58pIbPHKN0IgB+9S8eRS8wmB4HcBflmNZz/NX6wJzwJt15ZC+gek+eZGUw
-Qck6L9wt5i1wMFyRwBmAHQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsCACerts EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWlu
-c0NBQ2VydHMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBlMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOjA4BgNVBAMT
-MUludmFsaWQgb25seUNvbnRhaW5zQ0FDZXJ0cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFmoy4sb7+FLLRfH0FTJkEA
-4DUgy6WKlx+o6gViRTKyicSNbY5GWZ31r5z+B8SyeL0HaAYwkDBBNIJ2tLhSgKCs
-YASvqHqBa8YgpnDs3fh7d7perSH4t7SLblf2Ul9ABuDvFt/lCizK2LXgfDhcdrUU
-D7ZeOZTr59cuMd+tAN+vAgMBAAGjazBpMB8GA1UdIwQYMBaAFPOhB0Zne+mPWavr
-VYaTyKzkVbcYMB0GA1UdDgQWBBSsVnmrX9OpfaLqvFvE4FydtKiYrDAOBgNVHQ8B
-Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAFqv88cSXJ667X0tM4dQ5AyFGYONJIioud7mI0SXcDeh0Me/J1wmqDmlS7oj
-3vVTE6unv0EjjtEcLJr6FkHqYIksi9Fsuudte8FvQQ7aJEz6nzBpTe+kBINtK59k
-picBSyDN77AoX8AMqoDj39NP9DCaiq7fO3XL2Ei0MF4uG/1Y
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:A1:07:46:67:7B:E9:8F:59:AB:EB:55:86:93:C8:AC:E4:55:B7:18
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        54:27:ac:fc:b5:7a:93:93:e7:f2:e9:63:f7:52:ad:20:08:4c:
-        52:08:62:e6:f6:81:71:1d:72:f4:1d:bf:db:06:52:d6:4f:8b:
-        86:68:4a:ca:01:4a:fd:b9:7e:5d:7a:df:48:67:36:9b:31:12:
-        dd:13:29:b2:8e:b6:ba:c4:20:31:57:4f:7e:c6:d1:3c:0b:e5:
-        1c:a0:c2:15:c6:09:5b:77:ca:95:37:31:7d:a8:08:4d:ae:60:
-        4f:3c:b4:ef:92:9d:f1:11:5f:a1:1b:2d:ff:e6:2e:07:88:4e:
-        2c:88:54:b8:e1:be:4e:6c:22:90:0e:37:0d:b2:8d:61:21:46:
-        36:29
------BEGIN X509 CRL-----
-MIIBVDCBvgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWluc0NBQ2Vy
-dHMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQDA+MB8GA1UdIwQY
-MBaAFPOhB0Zne+mPWavrVYaTyKzkVbcYMAoGA1UdFAQDAgEBMA8GA1UdHAEB/wQF
-MAOCAf8wDQYJKoZIhvcNAQEFBQADgYEAVCes/LV6k5Pn8ulj91KtIAhMUghi5vaB
-cR1y9B2/2wZS1k+LhmhKygFK/bl+XXrfSGc2mzES3RMpso62usQgMVdPfsbRPAvl
-HKDCFcYJW3fKlTcxfagITa5gTzy075Kd8RFfoRst/+YuB4hOLIhUuOG+TmwikA43
-DbKNYSFGNik=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem
new file mode 100644
index 0000000000..7ee148209f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 13 FC A4 6D 9C FF 3E B8 F2 54 76 76 5F 2D 50 2E 88 CB E7 9E 
+    friendlyName: Invalid onlyContainsCACerts Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsCACerts EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWb25seUNv
+bnRhaW5zQ0FDZXJ0cyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGoxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTowOAYDVQQDEzFJbnZhbGlkIG9ubHlDb250YWluc0NBQ2VydHMgRUUgQ2VydGlm
+aWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/4K
+0zMGaBEBzUZZ6uDkrqE773KlasKE7Ymp+9lwJD/u21K+67usJGF5nAdf8TJo39zd
+gzRiXpjJDEi6vHev7JQF7ZAfBUzpawXXCWKE22qrXC5mPYuaVKpGVgVqcPc2wscl
+LgqbTx+M/Jv6tT3Fc7v6i0xTdr0dC/ibu6Z2RIYRzK9oqzBMlSNbRhtK+dAUJWd/
+8eLtuLcjZYnEpomjCvWrx5g+rG6fYynQVY8vatECuuqNl8xzKhjvR19OX5PTTU/i
+1Nk8UynsEEBfdY+E0p+wXbsTMbUT40F07tc6QdOOzl2h3vxAD/ndNElaGeaN6myk
+98oly7EBZvDdxiW/MQIDAQABo2swaTAfBgNVHSMEGDAWgBQlOMOuyi11eltN1MAD
+kogTIsdsVDAdBgNVHQ4EFgQUR+X98QRRekMAokMlz+LSmBXnQUcwDgYDVR0PAQH/
+BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEADDWIC5mPJ09cQA+cNKz5Q+ChL1bQA0/1BLW5pKJQnG32QprScoDhWue75BZf
+3xR3XvpQA1TQSDdZUSVyO3p2gr7EwZEfpmM6VqXV8V4CH5J5ftXdHXVZxjauLxXg
+xaS7ijTZYuz20GryP01mqFdd5xrtE2Vc8DeAs4sES5HkPYcmlMV+tlplmDO9S4Fn
+rGigBRCu/+AnyJqDXipXNn3cEY3FXPx/e8z4Ol0N+UeVq8QyRNDAvwO3h9mXlQQm
+tQ219UqTn8gUfIl0P89PC8FRXK+kzcHW+oqDeiMGqMov1SQaAnYUCJ7dS9j7LtKt
+I6J24jnmVifPHYRTxEoggCGWHg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 13 FC A4 6D 9C FF 3E B8 F2 54 76 76 5F 2D 50 2E 88 CB E7 9E 
+    friendlyName: Invalid onlyContainsCACerts Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,024C1D296C254FC7
+
+u65GxQQYdsrHdpxx4wp7d0J4WnlUBfQXvJnCauLK21H6ucElJUF9ILhdTst5vKSs
+jkNtGorKh7b7M2r91Wvc3GkzxhNBNgKJHW9/XsIXWc7KaO0X3d1rnts5VMsD3hmk
+ad4oO5NOslsJ02TKy/56rPTiQ9uRH6Y+jalbY0DPcy+6ul/IsRn6EZ+eRLcy/Bp6
+fSNiR6IvUWV8yr0qXuE/koxxW4m6JgL7x3hwi52GFEMewJ4u0Tk6ytTvmhMkQyAj
+pE12zRd3szUjO7OkSzqp3r4Kgahx5dmJBei6S0rc/nqoHDoy746uTVG0h55Dnvul
+rhOg/3Ioe1Qs0kToQBy/WFjzkJKD3opz0Y1vUm/KG2S9Wwsw5s6irkwO5s5tBwp6
+RJnW2TvS6bKZ6AJsvLGAhIh6m2MOeJV5H3FEqttA0cahzNfhLjIJKR3imEYVm2mS
+BU2LztU7sxlFSpJg0uGW1x6N5LQ4vTM6dS/SD+J5FpT3JSkokrjoI35xt15vkPQV
+94uIQuP5A5j3xFhakoWKvnX11ivb7VTr5kO4rcLMSsoqeRVD1+9Q/j6UFky1Uitb
+nwjRBHj8Xe9yBIJQQGhSe0f6HlC3DHsEMWgKpTHtUCNUuwEU5tDYJ6iULkpXz4if
+4adDW5d8yOWAywfdvOMyizl+GCbeyaGhHPUoFePmkoqLUtpBDhPgEUqUiUI7GlTk
+H57XnCBBvkwLmIRyrpcItU78GB9qFoRKK2/oyVGbtlct28Jt02GXQ0i6OVWyFUIe
+5uTlUrYJX51rcCbksk0zrLBkzYrUV1Jv+MRso1u5Ik/Zl8It3LGZSvrFcVjbQgf3
+mab0A7p19mElW51KmbQGTcWqXUNTsLD/7VPKEve8CtnQJ/gqWdM7ZN+w66X52uJX
+xvGgEDZf529wBfTuqLX13EVMovtcYql60MO9haH2Nlr1xs96vE1Vk8iYhxRt+c6Z
+HSZHGSJWhvt66pKRHxhyFM/csjoh2MAJPfKT9Ybrm2pz6rlSXdZ8I1UiBeN4Y/Ps
+97mxctU5iZI678tt7toQLF6PCyqrQKqWydLccd1145jz+R7tzwsBBfxCSsAJxZ8q
+exLe/FVRlkUK2yzRD5eDq0Axla3QuK3yzZ3BWV5Y+StUh+6BitLwFAZSNE7QZSRC
+tDUwWeyWMLuQLg2aWG/Lc+OPH8ypRQNeMj0fouQyxx0KFxP9cbK0Ue+k6lMwK62q
+1lYI0Ovv7dQ9CV9weSrmay0pPnv1mXhmBvQYN7jpT5VJIxYOo4n0/q5PfhpZLlj+
+OJB69K+AwPiPi5hPvX4LXn8CBSFJxb8fdR4lpGnU+MkKWxAoy8JUoQ1DZNxJCXyj
+qJzenggc5hmdaZBbjwFbSeqdwFuq3kk4lZkb90L/lIVTjS88pgsdRct/Q/bs3MYx
+HzZDRo0xB8nJNi5mZZyKYBAfG6hpFrPmTqTSgeEz9UjVY4AI2sS7Yoc0LZ6Vb+eJ
+DJ2pWSMmdfU7ziRp7eaiCs7TPzsk0aT92dhCcbKGX/mudxmguqtHYdlRgIJmmUUh
+9SAsK/4/yQx+GR49kpUcPlmBekrAoX7HcEOAjRHpgYk4V/UlT0PRrw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem
deleted file mode 100644
index 237f79a05e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBTTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYb25seUNvbnRh
-aW5zVXNlckNlcnRzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9uYsu
-53u2+DI6YJnVIbUEBXbifJtOvR4Id3dAWtLRtp1J1/cjbUdtunT8MP8UdMiOu5GH
-qkkjCow40bwn18zVUFC+tbTitFHZwkcY6vpoBiYh7kfUGyOWMuGhYDDmL6f1GyGq
-1cPMSG3TI65vxTRu69NqZ6A69+6oecCzEhZwDQIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUWss3HtJGmFwTlfjfuDr/
-EUCtFfIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB4p94csINQawOHlCIzE
-BoDqe6fIaND41iV0Ho1HK5OQyoKdGUAUm3cuoyXOmA++mMrGdqZd+xqQswur3Ve1
-iKj1z3ZAfFHI07GT7nOS9yTHPwIwW1FaFsaMkJyHm5McmiVJ2RVPcuhZM8Hg/O1t
-lEtxFRbVcGf+7bi5eI/HHmmB
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsUserCerts EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGG9ubHlDb250YWlu
-c1VzZXJDZXJ0cyBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UE
-AxMzSW52YWxpZCBvbmx5Q29udGFpbnNVc2VyQ2VydHMgRUUgQ2VydGlmaWNhdGUg
-VGVzdDExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgvtvHKcfaEySW+gTB
-goP/idcErgtO4WHFdiTLJV2wwSRVKNwruXMNUfgnsksQ+Tqa24KJWAJpnh44cvcT
-C63piJcmXs35SuSRbS3kefpDW1HmvkZUJ+xEp+jouS6IXKBI+bX0iASJpBC8rDtw
-TdyTa1MWv7veksCshAZr3cxBgQIDAQABo3wwejAfBgNVHSMEGDAWgBRayzce0kaY
-XBOV+N+4Ov8RQK0V8jAdBgNVHQ4EFgQUb0/1XSOZ9YvHmG7rvM8eBcBgOI8wDgYD
-VR0PAQH/BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJybyf0fbsSEKPlQbxKeyZBQXdWfQGeo
-1NVyDN87XSKQUe9fech7qiUC4Ua2z7mWrIIbDBylvl7ff0NFiPTK6+tl4Rt+zaX9
-qzA+dIuVr/7NPrlaTSmJglaX5n1/2h/dYhFbJUXe5L5FOpE3uq/Cp83MC5AQzDxR
-UrWoUQdNtOhm
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:CB:37:1E:D2:46:98:5C:13:95:F8:DF:B8:3A:FF:11:40:AD:15:F2
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        52:63:40:55:91:4a:88:23:0d:64:84:b4:3e:50:a2:0c:ba:30:
-        81:b2:86:2f:ce:0e:b5:b7:e0:c2:d5:10:63:82:0e:88:ab:90:
-        d6:a4:df:11:22:96:15:f3:7e:cd:ce:0b:87:54:0b:3f:60:c7:
-        6b:a6:04:9a:25:8d:51:af:b2:c4:da:f9:d5:63:57:f2:b8:f8:
-        07:d1:bf:0b:a3:77:a7:e6:e3:87:a0:97:5d:4a:41:07:b9:36:
-        98:bd:54:93:95:32:d9:7c:07:83:e5:d7:54:77:be:e4:eb:e1:
-        03:fa:e7:83:fd:78:45:4b:a0:42:87:52:c1:1c:18:06:4f:39:
-        f3:09
------BEGIN X509 CRL-----
-MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGG9ubHlDb250YWluc1VzZXJD
-ZXJ0cyBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqBAMD4wHwYDVR0j
-BBgwFoAUWss3HtJGmFwTlfjfuDr/EUCtFfIwCgYDVR0UBAMCAQEwDwYDVR0cAQH/
-BAUwA4EB/zANBgkqhkiG9w0BAQUFAAOBgQBSY0BVkUqIIw1khLQ+UKIMujCBsoYv
-zg61t+DC1RBjgg6Iq5DWpN8RIpYV837NzguHVAs/YMdrpgSaJY1Rr7LE2vnVY1fy
-uPgH0b8Lo3en5uOHoJddSkEHuTaYvVSTlTLZfAeD5ddUd77k6+ED+ueD/XhFS6BC
-h1LBHBgGTznzCQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem
new file mode 100644
index 0000000000..c12b5a1934
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 56 67 0E 71 41 E6 F2 AA 69 74 97 F7 89 E4 5B B5 28 28 BB 
+    friendlyName: Invalid onlyContainsUserCerts Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsUserCerts EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsUserCerts CA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYb25seUNv
+bnRhaW5zVXNlckNlcnRzIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowbDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExPDA6BgNVBAMTM0ludmFsaWQgb25seUNvbnRhaW5zVXNlckNlcnRzIEVFIENl
+cnRpZmljYXRlIFRlc3QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOaBsVf5mQNZERJjfa68546sUDPNfixGH/qzKOIBzlTFSfSuD7jIYTRkIr6qrbBo
+dPF2V2Rnsz+lJNYvNol8D1BfKkZgjpz5QPCqOQ1JBskqQfO6MXG8xl2DBb7FH6Ge
+jURHGJu7RS30qob03dvQTGEFc7aS7lAj/Ul2D2+IjMDJxIICb3/SwI1lOcWFmmJj
+wm2nBat41oGiUZ41C+lJZ8vbOs3e7BwsJIi7NdnDH2ke4AKTnavfO22CvSs1RVbB
+1kHMvi+Ux5/dQVZAqmv03oXkC4BgHjCra3vLv1O08jRg8f32fdxDCLAA2gQsOQIH
+1wcJaTWap7Ls5IxiaVEWt1cCAwEAAaN8MHowHwYDVR0jBBgwFoAUnbwAqdwBzf4d
+loh9tZ5Pmd4k0gUwHQYDVR0OBBYEFIeuKR8BSlP4kL3Yk3Y4khRKcv8MMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAdaRcEMmTAKhn8X7yDP1m5Rztq5pvbDbh
+C11BkkMph0iaaGqfv9+rLhoSUsSPMcI10R3mGb4lJnG0pRSWOg3ue8FaLTqSK7Eh
+QrdLjieU2w36bsp8yUg5XIXvhjYA0TLJ7SxqitUmoniOLHpERNd04nAP5bXJMNvo
+G45/n99z1jXUugbCs2DND84EMXSjKekhzN3cO73VFaT4b+BIlbnqVx89CvMNj+eJ
+O3xfgd4eBmMvPC6mrxGuXw3E83sUOOqlumIZsmf0zcWci8aJIPvgih3yEBa5Tihm
+BPnFS6XFB48CEs/iiPTVzSL8VbHudw0rxrT/ZAfi3C78mXEPzu/AZw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 56 67 0E 71 41 E6 F2 AA 69 74 97 F7 89 E4 5B B5 28 28 BB 
+    friendlyName: Invalid onlyContainsUserCerts Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AC64C592EFCB03CD
+
+nlYYtTW0DxFH9vpDyxm7PKRBLHiz8SrqsKUelN8D7C3uuynXtssBXf++0Y0zNHZj
+qcRd2yuIKhMnBrrIDOC3RzMcKRfAIxbW+AdUsV8sWuhvnTdXwEj7tmnDmtL5vuG+
+zqTe5/4l0oo7QQEUxNUWriPb1ZQyPFAsxdtzcihd30EgLOIUM8cfNl4FVikGPZ3X
+Qm8FDsEWnvPBaDV6pfd4Nh/YnrB1vfHsal2eJJ5Txkqc3gUjnoADwmith2/6ZTBd
+S6b5PiqiZSyqtDO7zxvueV1Qa5Dn7k4b6eG+lOnCo11FP2Tk4Ltz2/3QxIGCSv7F
+C1MpSkmNCZANcCHii8qZBQbB5Rm3tiR5mIY58EWBk2ZaX5086QCr9fzViQnLbCFd
+a0fjx1P/qb5ZbsSki6DI5es0+UrjkoTXyDSmvj+9NyClA99Wl2zCIyeFD4heie4J
+Cn512Js850qTCuE81tXg1HDOvbRz+jSBHrvj9KSMTZdS9e37Mqi4sZbNPBoQ+B7k
+Z8FBHnZKqJY2ojVbU01yeVUq3ztclRUbgsmUS3Cb65TACiOfwrUF5BL0M7THy/Tq
+0Ztdefmn1iwBF8qLySSt25d2yQGXTyRXu3sHtsiqVis7QCYwmMOVWeAzi/BwjaM0
+TLuMIm3lGJWs+Y0U/S4ZthjMR2CjpY+h07wlxjJiLOSczCYnhduo18D92OZ/r279
+OtaSOhlAbTYXPGufIeHAN3mANaq5jWezLQHGD6D5vdn6W25r80qbTOuFPxb87dsd
+tj8UBb6ybik3Ub2z0kUcuoL9kIzQp23HQeJn9D4jQor3vAT7A2JdpVcuAn21pWiq
+MO6rLla2eCJIUo5hn48jbjBbQxxt/PZApVZZiqKz3lCwhYRM1kilHrseGgv49p2i
+pULQoYZk2hfWn660H3T7Y/Y5hBX1HeCzJmvNsrqJSgsKRsYsgzoR2xRm89jdO1kh
+TUO4dbM7olL6ASECNAnLh37VHV4/KDp2wXUC9lZI4aXqH+GZrKvW1UUs4JD6Ste4
+lYTAklrnMVla79fI7PPfy1n+ihIlzdzelhI/CTyTzs8xxNh+2mPM9+CIHAmzyVOs
+gApir62xWFb2sid9qY4NyuKvkeDQ/cQIE9/ULfeL3GIkhtB7KoaRkBAtsZ5+lSQ/
+fjhczdDkPXg2ZqxsHYhNaw1PRMCRhE5l69D3nluxZpoCb+moJxtb+Pi2EAYzvC7S
+px6oGEZYYL4Hu8zJvVvoTeku0QK5nBXUXQg8A4mjUYoj9jCurOyQsqXrxnkz2MBZ
++mCjAq93lsfpy98+jEBByM8d173wzjmaMGnS0Ub6YoqJ/NVjKF58ZxGNDSmoJPk1
+LaR+/B/SdD3JbPO7QdUN2h3e+6QK+S21gz3KX7tRy2by2jKmJbtPKXkbdXEbX4O3
+ENm0xwJuh6qdllaVpBG3sPQYNy4M9R6WXoiYVW9KCCjIFry7JvGWc3LqZ6t21nNU
+G4tJzb51ysMda5NWZr5mRAcN+z1BE1drFxTS5Sdg55kVFnn5CrRcj0RHg5FppJCK
+/MrF3vDRuyu0Y5IjnBdrncP/vgjoJKeHVd3lq+y/lSprOQIPkHp5xw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem
deleted file mode 100644
index 819cc4017f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem
+++ /dev/null
@@ -1,156 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqY5YemfCgwOg
-IB+hdOlRZFTinhkf1OaHBpkEgH6r2jJPiuhXh30ZT2TwX9aBiEGnnKuHuZmwGUK/
-DCnAfvpZ621Oo7LXsNQFtGDYrh8Rfu93TxunsJNZQ9ZXWEcIjot4YGkbOO8Nu0il
-Z/zLKJKQUSKKBW/5glVtiynAaixm6k0CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOBimt8FUL0fD1sYSf6+cB3M3Dlu
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbnkFzDActclPpCRyu9PWbUrnQ
-ZU76d5EXV40N6ma0OBngkU+7TJgmUNS2anUuxF51tkeYvMlqADT7KijrN/rGSipZ
-yVR/ds2UaXdbfIfuFOs5TuVeClJ21BkYQgrmZ90/ti2fgIKn+cA1MQcnthtmtGJx
-1JuSgthIOVfbeMWdCQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlsynYvXyvl+q7eNnQ1pHRTzYR3jQt0ko
-GQ/U1Q9AsMdHihxgohDFbqyRbq2ODI6t3HGT/h8JPCPLT+dLhvwixeYhgms3m/TJ
-+mnXebr5bHI3PjF61Cw/mJe45Ab+arDxdumnvJRtw4EIB5lDwOrD9bHBE/WS1mem
-ndOkBLQNG8UCAwEAAaNrMGkwHwYDVR0jBBgwFoAU4GKa3wVQvR8PWxhJ/r5wHczc
-OW4wHQYDVR0OBBYEFKqEMbmbidNhzPioeu9tHpG1I305MA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAIIqO
-DY8YnDAv4BQddow4PTv5P8bnPkA2Ogs3Du04Lps9gxrBVYHDIT7UQVZ5hzZeXnmW
-rLwQeI2wDJNhjMhemXksv4rrf1pL65em4hQCuwlCsY0Nlc3z5hJjLslTd85fgQXk
-mDYbw0db0b1fRGsA+RkiIRM7ynpuT6753gVv4ho=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....`
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        99:f8:e1:09:a8:5d:d4:4d:a9:18:5c:91:9c:2c:a2:51:7c:dd:
-        61:bd:4a:38:0c:5c:88:46:56:55:06:29:70:0f:cc:1d:cf:44:
-        d9:9a:b9:11:94:82:53:48:b5:08:4d:19:89:42:c0:ff:7d:42:
-        e0:39:98:43:6f:40:f3:e9:5e:8e:fe:56:3f:f4:4c:60:0e:22:
-        29:c3:90:7d:2d:ea:d2:96:f1:3d:ce:35:d4:30:72:f2:9b:fc:
-        86:44:fb:05:b7:3a:08:d2:bc:95:e8:d3:2b:18:a1:64:c9:25:
-        19:3f:6e:8a:a5:9b:99:e4:f4:ac:1f:f9:ea:72:9c:88:b8:8f:
-        ac:e9
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEBFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQGgQTA/MB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASDAgVgMA0GCSqGSIb3
-DQEBBQUAA4GBAJn44QmoXdRNqRhckZwsolF83WG9SjgMXIhGVlUGKXAPzB3PRNma
-uRGUglNItQhNGYlCwP99QuA5mENvQPPpXo7+Vj/0TGAOIinDkH0t6tKW8T3ONdQw
-cvKb/IZE+wW3OgjSvJXo0ysYoWTJJRk/boqlm5nk9Kwf+epynIi4j6zp
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0......
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        5a:9a:70:59:4f:6b:42:27:d8:2a:70:9e:91:bf:f5:09:c0:2c:
-        8e:21:5d:6a:76:0f:70:61:ee:f8:20:c3:00:cf:7b:40:78:c5:
-        25:5d:17:cf:c7:74:61:29:40:93:91:c1:52:68:4c:02:e3:b7:
-        c2:0c:e3:26:ab:fa:2f:e2:0e:70:60:d9:ed:34:ec:72:4b:98:
-        57:8c:5a:dd:1c:50:d2:6c:44:ee:4b:89:d6:f9:d4:79:64:9f:
-        e7:f2:4f:e9:10:0c:8b:12:c4:ef:e4:2d:f8:8a:c6:94:9a:59:
-        24:1b:f9:d4:6e:4c:19:4d:ed:4f:3f:e8:b1:29:f6:6e:2e:0c:
-        d1:ef
------BEGIN X509 CRL-----
-MIIBdzCB4QIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQagQjBAMB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBEGA1UdHAEB/wQHMAWDAwefgDANBgkqhkiG
-9w0BAQUFAAOBgQBamnBZT2tCJ9gqcJ6Rv/UJwCyOIV1qdg9wYe74IMMAz3tAeMUl
-XRfPx3RhKUCTkcFSaEwC47fCDOMmq/ov4g5wYNntNOxyS5hXjFrdHFDSbETuS4nW
-+dR5ZJ/n8k/pEAyLEsTv5C34isaUmlkkG/nUbkwZTe1PP+ixKfZuLgzR7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem
new file mode 100644
index 0000000000..26e7942db8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 91 3A 6A 9B 0C 86 1F ED 56 FB E5 1A FD F7 57 70 9E 4C ED 88 
+    friendlyName: Invalid onlySomeReasons Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVrlEw9XZiZPi
+mepF7QiknCt+8ohKGyg8nAGV5rVbeT+oyOa3yqjcBBh8ON02JWnb8TD/TJMT3WwY
+UUc7AWPuKhK5tL8eaK9OvkN1R5adVRHW8P0XQ/DyObtxFP+bGHt+XvjBCGQWd0gP
+lrMo+24AgFgijyTRtbAVi5RDg2vG8PAVIPgO1kV5Ly7tIpp7ovQB4wpVbdjoD+Xy
+zmgm2kxbYy5j6TV1phFV0GNVr7Pb2+4FSOuvqCp54XSqO/qeXVSc0oUD/ZZznQzD
+23GQ3lIvdKhjfefhzlKExEGIbPEo1gYEZ4DI6M7+aERB1+1STbZRUE6o/wMOTJHQ
+75Fim7QPAgMBAAGjazBpMB8GA1UdIwQYMBaAFFBo0QlBJ4fnCk63eFb7F47uBAdx
+MB0GA1UdDgQWBBSmoXAX8YjFXLcBX1sI6Uhdu0kKQTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAlWQIc
++Zh8/MirsIMTkslJm7tGZ/WLZlhRf0t0xqAc9gNvfh+tGkAe6jKWBrm3Le3wLsQl
+BfwAnI7gA58qqDvO7KQqaaQS2WJH9seZjG33Wtxwy92Ct+4koh5zNEXGVwmAtGQR
+hD7Fo7H0E/gRVXnpkv29ObPJBluGh/zYMCVAXfyCDUjHjDUyrLXAYHieNzBIUQgg
+GRuzrOy42lrO5PZl8Y+BANpKXzL0mmrWC0bjMdaQjWm6obqPOiSrK+/g2Q+k2Jjc
+I4GxzuuRKrDc4+q1w2R5OWe3yY2u4ecQWrGKL6t/TO7oB3F0JLYxqvwzE6Mr15et
++ygEE42T8tUSuz9G
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 91 3A 6A 9B 0C 86 1F ED 56 FB E5 1A FD F7 57 70 9E 4C ED 88 
+    friendlyName: Invalid onlySomeReasons Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,90A5B5CF0638D715
+
+Y25oaoeE+pbdQJ3tN2fVM8ZLJvFDiLjeT5oThNrK/6yS08BfU88nIDsLrVebi2Aw
+IxHE+TbWDtmLdbg5Ql8/DO8VlRZKDAvsPKrGs3s3O8fv8BLEUnwPgXP1g0Ko7Exx
+NrnzD/+p4LlKOpHxiCyZwXckCitFY3uNwFiH7fHY2KyupFS7vM7AES0b8tl+vyma
+IfAdL+uiAMqKh7x7um9dywyJbuX2008qRIK6BF6HRLNQUyjPyV7qLjM6r4g6I6iN
+YD3QMqXimPdrdC5yrl/nBGuESczO5JEdIc21MKkyssz9kc17YbfAPv1OdP7+P2iL
+3hvqemLmfm2jRay5bu/OiofegXfoN6P4g7q9qQ3RoBTnamSSuI7UUWxrnnO5SlA5
+F9MmpLG40WAm34SYlkYxHsicntKrs+rRDKkntfxER8c3tOOMhyKHBDkDzHHvSHSe
+M6QUXsNimcU/vfcO1XeD8x7X+hYW8NGzwAO7nD8ViBm/d36Sud7gnfnmYv3ZkNiP
+JU2Xhf1ngZCbrFjniiOTltVJoGJfdlJkPjxAReEO9Uk8hshoVygfRM7syYVEbNaU
+SJmxh9AGg7Xma67yVVlPwQlFBcp+wKe6dCXq5aoFeYQxiOA3BPKkpKhir6IdjS/p
+Y22wBBUUrwhqhfxWLi4PwZwgX44oAXmjGyWbs5sVaRn8aXLbSs7+Y6I3B3eL+8Wg
+uBFfBEbugXtnt4Bb/SCzn6B1RqsFC/vNb1x1vqrA0l/y2+2hPVetEaiD1vlUIDC0
+kvxbWSH6EarH4k6eM1dI6ie+rZ87hM12LfFbKzjrJxoxdo8Rep4h7B0cStzz0Vc3
+I75ZnUmncB9gDrF+cbVi/5yQ6O5JKTpwFyFilV3kyWUJJpIdMg/UBlDXN3Xq8B9O
+T+k98F8cOzapFu7sBFj/euD27zubl2WQFvYjzsP/l9BB0GruMAFAxqNrvvpq6/Uo
+r2xVvBrmpXbqd8uXsaGg+cLCw5p8mlPaOcRVXeuveP6bvAy8u0PP9wlTOVj0f4vB
+Rz4VOg/0GderyudWgz5WqSTSmk/AuRVM7txtQwRoTKR0pNB62AM2/LBNymfoNcwn
+My/dfWqvUQXLqVwK/Rq8aln4W2GJhw9ABAzsfin4gOupIqFmOIsMx9DmKw++ETg6
+OE6a/Qrtp9I2gbxshEQkYDg5DMFXApSwC25dO9kpXmRQUWqMTyglRXeldmJLA/Yc
+m74FQrsaTznEm7ji1XPUEgkM6Es1fdXJiXj5WuUKZrcfsgMVeRHockanIAgO7svj
+hdNn7AAmcXhzWqF4m/992Sc3V4VIuZKsCskT5fxMHRUVNXh3nZYBNpMLKbU89p7k
+W9u3+tTdT9yXtaDHg6sXGK5Dz0HIMa1i929cAPggzinqY/fUAXoH5wIABCa6vHEz
+o74lnyMxcHvu62/KKvuv8ba7jdFmtW0pKPMUxjKLSAPNDOeZVt98+Yip0Hx2BeLM
+1mnNWFPVbQBOcswVFToqH6zPzrB+/p46JArv8PlIYbsnPLHDpmhFm16C6VDF0vvm
+/QKcsYWA6D+f2ghn1ggxz12b+kUDbP534MsxTSIpWvKUAR8D7BEDxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem
deleted file mode 100644
index 76ef3b7b53..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem
+++ /dev/null
@@ -1,156 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqY5YemfCgwOg
-IB+hdOlRZFTinhkf1OaHBpkEgH6r2jJPiuhXh30ZT2TwX9aBiEGnnKuHuZmwGUK/
-DCnAfvpZ621Oo7LXsNQFtGDYrh8Rfu93TxunsJNZQ9ZXWEcIjot4YGkbOO8Nu0il
-Z/zLKJKQUSKKBW/5glVtiynAaixm6k0CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOBimt8FUL0fD1sYSf6+cB3M3Dlu
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbnkFzDActclPpCRyu9PWbUrnQ
-ZU76d5EXV40N6ma0OBngkU+7TJgmUNS2anUuxF51tkeYvMlqADT7KijrN/rGSipZ
-yVR/ds2UaXdbfIfuFOs5TuVeClJ21BkYQgrmZ90/ti2fgIKn+cA1MQcnthtmtGJx
-1JuSgthIOVfbeMWdCQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlmAr5pfd8vA/RDJSfo8qPEDAbLwbxhVf
-lv1WYCncGfhiyC77BYzSvBHiEp+84tJW6lBUUEewGRBDKerNZAnqkirYwLYccwav
-76qQJnSFTKmjDS7BofPWH8/bVZXjwjGikKAChuVcBykwZt9zOhFCM4y5wUv1IEHe
-iiDpoHEIPqsCAwEAAaNrMGkwHwYDVR0jBBgwFoAU4GKa3wVQvR8PWxhJ/r5wHczc
-OW4wHQYDVR0OBBYEFJdQKB8LbKa2dsGgu3qroJY+rlmzMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAG5qf
-f86xb10ogmC7H1f//9eykm6gAA0EWFwyXzjCkIlk9WPjGOTBU3WNURziN5LdblcZ
-Csf3gFtni07sN4ISdLTnJFzuW8Nk9vfmmhV74guH9wvMv4fCVInMBZEaak0bR2dY
-LxvWYJ8K2rgUN4E3A5nNFA81/1xxbwCq7c2koa8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....`
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        99:f8:e1:09:a8:5d:d4:4d:a9:18:5c:91:9c:2c:a2:51:7c:dd:
-        61:bd:4a:38:0c:5c:88:46:56:55:06:29:70:0f:cc:1d:cf:44:
-        d9:9a:b9:11:94:82:53:48:b5:08:4d:19:89:42:c0:ff:7d:42:
-        e0:39:98:43:6f:40:f3:e9:5e:8e:fe:56:3f:f4:4c:60:0e:22:
-        29:c3:90:7d:2d:ea:d2:96:f1:3d:ce:35:d4:30:72:f2:9b:fc:
-        86:44:fb:05:b7:3a:08:d2:bc:95:e8:d3:2b:18:a1:64:c9:25:
-        19:3f:6e:8a:a5:9b:99:e4:f4:ac:1f:f9:ea:72:9c:88:b8:8f:
-        ac:e9
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEBFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQGgQTA/MB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASDAgVgMA0GCSqGSIb3
-DQEBBQUAA4GBAJn44QmoXdRNqRhckZwsolF83WG9SjgMXIhGVlUGKXAPzB3PRNma
-uRGUglNItQhNGYlCwP99QuA5mENvQPPpXo7+Vj/0TGAOIinDkH0t6tKW8T3ONdQw
-cvKb/IZE+wW3OgjSvJXo0ysYoWTJJRk/boqlm5nk9Kwf+epynIi4j6zp
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0......
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        5a:9a:70:59:4f:6b:42:27:d8:2a:70:9e:91:bf:f5:09:c0:2c:
-        8e:21:5d:6a:76:0f:70:61:ee:f8:20:c3:00:cf:7b:40:78:c5:
-        25:5d:17:cf:c7:74:61:29:40:93:91:c1:52:68:4c:02:e3:b7:
-        c2:0c:e3:26:ab:fa:2f:e2:0e:70:60:d9:ed:34:ec:72:4b:98:
-        57:8c:5a:dd:1c:50:d2:6c:44:ee:4b:89:d6:f9:d4:79:64:9f:
-        e7:f2:4f:e9:10:0c:8b:12:c4:ef:e4:2d:f8:8a:c6:94:9a:59:
-        24:1b:f9:d4:6e:4c:19:4d:ed:4f:3f:e8:b1:29:f6:6e:2e:0c:
-        d1:ef
------BEGIN X509 CRL-----
-MIIBdzCB4QIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQagQjBAMB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBEGA1UdHAEB/wQHMAWDAwefgDANBgkqhkiG
-9w0BAQUFAAOBgQBamnBZT2tCJ9gqcJ6Rv/UJwCyOIV1qdg9wYe74IMMAz3tAeMUl
-XRfPx3RhKUCTkcFSaEwC47fCDOMmq/ov4g5wYNntNOxyS5hXjFrdHFDSbETuS4nW
-+dR5ZJ/n8k/pEAyLEsTv5C34isaUmlkkG/nUbkwZTe1PP+ixKfZuLgzR7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem
new file mode 100644
index 0000000000..f4692f06c6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FC 19 32 E3 5B 7A 6F 8D 2A 12 5C 1F 0E 6C 58 47 CD 38 02 B3 
+    friendlyName: Invalid onlySomeReasons Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq8KivhrS5GZix
+Tpa3ipGTij1/L7BsHNs4DNbMHldcc8b0clfqiS4/svyHh0VryHBWmHRdCgZbkQey
+6DjkzmCk4w3bCP1HtEiMGY5Wxr/XdDBuzCwb87pqKb1KFFqgzgxRfnIswCBPlmY/
+IE0+WL2hbMDCOcfswi0ErEjBAhLglYqzuCb8r4md8jbkn5G1slSeR81NEpBoB/RJ
+0pRFlAlToLm5rp3B19nOYg10J0xhUe+UvQ+4VA9waWVj+X0YrAPebjU68TGP09XO
+r4bmI8Wr+3evvbG5YoibP2xKxkaM3TIvkKKMwvAwXF9riZwIgH8jzr0gvPquRDWG
+d+/X9HdrAgMBAAGjazBpMB8GA1UdIwQYMBaAFFBo0QlBJ4fnCk63eFb7F47uBAdx
+MB0GA1UdDgQWBBSpmSNi0uf7AXBBlsBPTYcCUJ5jZDAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBxIJ/R
+TDz+JlEBsKmnazaVAZqhgitlJffJGlWgsWj/Upaw/3CcGtvfY0lOjD3+IFdloKNm
+gmoiDvovGFwx+a498KvDG+xiiAQ80sJfCWhSrobV+CfqH1zI5KIenbk0tziaUyX1
+BudL/+68UPc8gvuTy+nGZlF2TNx0ur9fQ0YTxHMQqInRzI1S8lRDGAWnXiE9j98a
+BUvTPgJIe9g4TUBJmzDg4A4WQjyLbyHgzk5nT5QAkwcejbw+eBlIR4fMAIcKFTp7
+7VMxuHNgLCeRq2kejdJ8sFoeInFVJg6+WDP/3KMiKZ1DnSVOsIKJpIiwBXR0hg2u
+7qYSQLZQDhrFf1CT
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FC 19 32 E3 5B 7A 6F 8D 2A 12 5C 1F 0E 6C 58 47 CD 38 02 B3 
+    friendlyName: Invalid onlySomeReasons Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,401E21BDD2BD841A
+
+0atul2/gZlaBAQfxewjEVGTp5EG00HVEpV4Ll+94rY+pUyCz3QTOb2/kY1++6HY3
+M5a3BWCVONvlEhNJHhq3DDCmroo8sdt3prhUAIu36JNeguySL78FY+KYb07mtygY
+74dHdI1InXkEQYApCkcDL7umrRXh5Wb+wbYoXBjlom+yL4THQLYDhhfEJVpJKVO1
+oCLdCzD9Lt1A10siesKHvqiIokuaGz+iZitY6lIiIgtFp4W1u+L+bbZd3JRddpuQ
+xZFtwW5SCf7tb1zUx9bcFxQDlm64+dLtklxdTbN5uLc2HcF22YPyip2qmmhxnkX2
+VE16SALv++CqVhHL4a7q2ZoWbteddRvvu0KTdVXkzTJPni1GikR0UexaL9mxodLY
+ctNrxvi1vnv0bH54VKRwDFJD6cG6poMjrbmZvr/8q/33o62qU4+lSyKkl5iqwqXr
+CwW98+USoQ3Zh7jYNtou+/8HShpqiDEO8sR0Z/8DUscxs8e88ZXIE5q2jfglP2qx
+gshFKUEEF1dwP/0rzVDZIKBOqTG5fDvBeKM+38ZELt/EiD+FbIIkV7ZX3MlHa8np
+zQXYZqD15Ns3Sl5lbO5KgCgGLvHq9QAcFb2GenJWX+18j9nrT5A7kaZpk6/nRQn/
+rPCORm/Xz5Sd3rNlI3MrqtP+hqEECUYm9KrnYUrjtfeRGoftQrMTHLiL3ryDrowv
+XyPjVKjSlVBKAbFCvqYqeBq6VMDWaPtu/kRlBZ5NqKGXu+PcEcbzlHfp3KwTsvJY
+qxh+atDb68RMAooTkXRs9zDEJOcSsGeozSYpKuypBrJiQ4K7l3qxeo3flAjUbGYI
+zSCVY2PqvAktHoqe/tUzPiUfDoVJ/ohxKw8oAPjy0+1czV0k4vGBs3gEj6lfqBGY
+6oaMtOaTwcYJJWAklH1S55JC09pNvsy04wtRSH//AvVrAwbPrVKXyIfg7pborWX5
+AZw6/ccYszPbASmLlSFQRBkoF4JrxIXMsG/M0WqMHETjdFVT0rYJ6WVZcTlb9Rk9
+AfoNifeMS6cBJXszAAV8wCdA0gI2s6AuGEInFbuuIezNg8KqJ/hsiLYSxGJfSLs2
+4Mu+48vY1JrvbyBZ5fbs4A35jZ4RmrqjkaiVgArgWxcarJcrOiqgxzJPv22l2Xqc
+UntQ9MmeZrSGx2Zp83CdcYt63H5UX1pxt9annguYaVFyZ8P1S7/QtWWauUTHyxpn
+sdwQWXHTNKcn1D+xqtdRDZkTnkcbHLZYJxN38UfAUL+yG8TsSE4YL3i3zlmI+T+q
+Z7rRddx7jrZAXYpWOVQF62kpV5Uolw7ycYUawjKD3zzy/hn5O0ZxTrwlRH7ikHP2
+7OSUW4TIgoCDr16brTvxMWq9W/JuwC6atjQhOE7DcVKtl59lszihZTabrMbFV30f
+eaHvamBqZaEK65vRuVeJeG4diEysTam2PJA4905Ji/6oRj1VtvrnwoW19x5WH61J
+23+CvEj/cJDrzUtX5sEDuvj0U2drmlDjauuoR6OZJfrB/gzrq+s3pvT98g8loCML
+yMDrZBPtFm4o5UkgJMXCjUKQNtHVbq+t2wOJZWpLPRDoQnM4VsZn/Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem
deleted file mode 100644
index c20945cd91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem
+++ /dev/null
@@ -1,146 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxjus5muZnJK+
-vbTiSr7l+wNZkm4bBceUnfDkXaEsbIwJRhzBb2TVPT0Do+y3R/r9DGfLYXxCHohP
-OsEkgaaxsJcVNb560ICl7I/WjFftw3D82YeCiqtUageZZbHBGBpb/utZyPdGLoc+
-F6OmUprS/F3KhP6SSVq5/tN8vYA7dqsCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKqh79hc2DiyM4fnkx5FQRjQinuN
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAn3+Yq1ETHIYeBdtTuzCeQHWWo
-VC03XoW3PZMLAKJZof8WbYui9I0Mz8eF7Ae1tgk4luOkc+1VEuf9Yj1R3/DnrFYR
-Ws6bImkBgnSYYiUSo1GuqCC6L3FuD7KLs7vaCp+9EfS0igqOXxJwEESXgJixsOkz
-/lp/IH1QU84Vh6fKlw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA2
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNzCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr8VCnAdQKISRnLmjaXbkkMYcS02qC5Mj
-4f2jw/FDEJKBWKopXex3k9qR+Dvaz6yGEJoi2wj1sUo8xdChVd1XbjGEYxwkaqpe
-cOPYjHlvVF43YGWYhqWOtohBZfIT5uJi0rxZNApuHARfo6UGBaceSk/DUFbos1ag
-lCxoF4pf+5cCAwEAAaNrMGkwHwYDVR0jBBgwFoAUqqHv2FzYOLIzh+eTHkVBGNCK
-e40wHQYDVR0OBBYEFK5QFuk+bZ4HFuTJCRy2qPFS7YZ6MA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAOShO
-p8bEYTzkGWyiUXPs0fZAQzFbgCpN3Q+ky2VZblbIuJTOToG/UiyIQ2FNCq53oBYe
-ZYiuewxa/WWDunOwx7LwPtcksOo3M5BzFmZEqTKALQryiXj9X3ob3tZJFTpAs+X2
-joJ0q+U06GYvbXscfXdm8nvBNA+r5BczWTlAG/4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:A1:EF:D8:5C:D8:38:B2:33:87:E7:93:1E:45:41:18:D0:8A:7B:8D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0.....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:01:7c:3a:47:fa:d7:7a:f9:a0:3c:17:f8:db:94:e7:1d:a0:
-        fa:47:07:6b:ae:03:68:f4:f8:b4:4c:7b:70:a5:0b:5f:92:8c:
-        b8:c3:32:e9:55:34:38:53:61:ba:d9:3d:dc:8f:39:45:dc:51:
-        5c:ab:7b:67:80:47:b8:60:6c:88:4b:1a:8a:57:fd:73:69:0a:
-        ff:2d:c3:23:8a:62:ea:31:c3:4a:07:3b:8b:89:a6:dd:4e:e8:
-        8b:99:67:71:62:92:db:40:1e:af:e0:b4:e1:09:62:1d:42:69:
-        b6:45:64:d8:94:4f:30:40:43:e9:38:3a:59:29:6d:0f:8d:72:
-        0d:8c
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQTA/MB8GA1UdIwQYMBaA
-FKqh79hc2DiyM4fnkx5FQRjQinuNMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASD
-AgEGMA0GCSqGSIb3DQEBBQUAA4GBADgBfDpH+td6+aA8F/jblOcdoPpHB2uuA2j0
-+LRMe3ClC1+SjLjDMulVNDhTYbrZPdyPOUXcUVyre2eAR7hgbIhLGopX/XNpCv8t
-wyOKYuoxw0oHO4uJpt1O6IuZZ3FikttAHq/gtOEJYh1CabZFZNiUTzBAQ+k4Olkp
-bQ+Ncg2M
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:A1:EF:D8:5C:D8:38:B2:33:87:E7:93:1E:45:41:18:D0:8A:7B:8D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0.....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:a8:95:98:a1:9d:34:e4:fd:7f:b4:bf:94:48:d5:42:03:a5:
-        cc:e1:85:55:65:15:c2:e7:cb:33:a1:fd:d8:cd:12:04:92:50:
-        cb:bf:ea:6c:e2:ae:bc:55:48:cf:4a:29:61:6b:42:00:4c:08:
-        35:f6:49:30:e7:37:94:a7:38:bc:bb:3c:8c:c3:11:ea:11:f3:
-        0e:bd:9f:8f:a0:32:a2:b9:8a:03:cf:6c:eb:75:d7:5d:5f:f1:
-        fe:97:f7:d8:33:e8:9d:9e:21:b6:8e:ba:2a:63:c1:0c:57:64:
-        dd:90:98:34:4f:db:a1:d1:11:0e:77:13:87:f4:b0:61:c1:36:
-        1f:c8
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQTA/MB8GA1UdIwQYMBaA
-FKqh79hc2DiyM4fnkx5FQRjQinuNMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASD
-AgMYMA0GCSqGSIb3DQEBBQUAA4GBAA6olZihnTTk/X+0v5RI1UIDpczhhVVlFcLn
-yzOh/djNEgSSUMu/6mzirrxVSM9KKWFrQgBMCDX2STDnN5SnOLy7PIzDEeoR8w69
-n4+gMqK5igPPbOt1111f8f6X99gz6J2eIbaOuipjwQxXZN2QmDRP26HREQ53E4f0
-sGHBNh/I
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem
new file mode 100644
index 0000000000..c8452ff291
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 93 C2 7F 92 78 A5 D0 5C 78 50 72 A5 F6 62 FD 93 CA EF 6B D8 
+    friendlyName: Invalid onlySomeReasons Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA2
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdyWxytNcj3eU+
+PWXaYyWOlUWPg260Q+7EygIhIMtLWwazFS1aJlH2AYPhjpz2u439OI1iijK/koDI
+oxH9CiCJPRWL+IwKA0YKgfxrcFy+g98ZcMiuIPvO8aYVIX61oaCWt2megEMv+iaT
+EiCd7FY7wtY2hFNYnsxaWzVnFw4uvWBJRtq01eyseDnbZwBkYprLZBruZ2NUuFmr
+Q3UGTZUyIDbJLGDcXI18oPcVRZCy/H0nZ74G2Tlp1lXedwmq+/bS/4dJ+mi/Pp1/
+oKJRmK68qws5/5CSrZdTTxij6Y4X71YjTAxT7nncv90Y74kp7r9kXBzE5AmRngCH
+JYeWOm+XAgMBAAGjazBpMB8GA1UdIwQYMBaAFGBj39IjpCnWQaSsyoZ5mKZlAUiu
+MB0GA1UdDgQWBBRzj0ftEusY+0fq1BL8qXXHBtuKYzAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAZ2lOz
+SmjaLWMxDGxzcQ4GFP3G6AmmmvZ1sVAnx4sOR+felUoU2Y5rSdP04zN5loCrY+gM
+vP4YIbgHGqvoapdvTLTwVCjxXKIt49fYBiT8u7KErvtgyFC4HMh98SlPjbVLPwFH
+NPfcx2CtdiVaMFpw4k0MFwhSWfLyEqHzYG9qVJUZ2FdlgJ7/fjM+Xw8+OyN6z5ey
+Z5HVIdS1aFHcR6Je08WL63GQGz4DmpASlMMtuQCgNz/kESJlXhD+4kwchA8v3xc7
+NtXeGL/qF/J7EQmH1JwGytg1n6WUWUmOakv3F7pL6Xj4Ivf9OOKFI4FpdeYBzuQw
+TTaBNhknlz9zwf1Q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 C2 7F 92 78 A5 D0 5C 78 50 72 A5 F6 62 FD 93 CA EF 6B D8 
+    friendlyName: Invalid onlySomeReasons Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,26B819BA3A805333
+
+e62CbjykF8e9NCDf3Zq9VJMGKdo6vwbHCy4HNfbIGUAzUbLkYw94cI1fEuD9BapB
+gaazv0Bss+FlieKLqqv4Euv+t8+dOjX5zorXZTIaHjz5ABLbPSpvPyBuThgQGLQH
+dzY45kBRU7S14lM27R5ZhSVVljb8c1afY24B8r9YAavWInPGMMCNs0/GRSzk/YLK
+Cx27HunJgnkssgvS8TMyQKjd4Hth+tjvb23JRCspAY/dP/cWDUUTBpRnc50aztQn
+4OXS8XE6inkpKhT/sg6B4jlOoW3xdLiis7lS/pRZKqT2Sqcum+FTeXtl4Li9/h9P
+93mg+7Fnv+YdFKjlZYgWkqRui920SRBWTZb7yynjCqRvA8GRRcz/MLMqc2xCyvXQ
+Y/pcCR/N+uFu5ZAon7f3qQ7ZZgKJ1zYRPg21WoWwWpPCbL5zI3+5m5+ERAGQIGHG
+wv4044esRpxbZRCzCWvWCwYObY42dXoDWuhHN/Pk47wc9dxu6118rrE9H1g4fqRy
+Hoi1mARNWWTcpSJWKaph9St5M7JLzkOA8Oen6oSMoXXBnN1CiFSofoI0ibymM1NI
+1MTVda9DabToMpV365yvR7Jb1CR74jhtHN8EzV66zdz2jQUJ+32OA+TKAxqZRPlR
+B/1NK0L4ZL/t18DpUf2l7aw7jaM25iviwJRkEZ0BWMNc70E43Qsza4I1YJrw9pk7
+njTYse901rURDB7++ptOntB7n85wi4wbgpEAXxnRlApzyRKwqdjkWamT5n7MSwAo
+eKO3XU8OJAZKlsQn7oraRY5yzsr188k0G6qoicXfOf8oGpQZZ+WE+3MNJk1QYxNX
+eTyu6xNiGfM9ZPBSM5tvstjd0vOl4USaPAYEpWOPT4oEHjVWrVX/RwmbHr8yFJZc
+9GgVjwAbE7eMo8+yd6mDmQND9QS7qkn7ciMt9FyW10U3eWj9zTGTl5xUx10ocFVn
+RcXvVEBvKZlWSVYXHZjN0F1X7e6HRzlaYt8LG0F0GFub++WBoDjYxATiTF+vH3wH
+9NWB8WPVgNwcoJHpg8vaUkf7LDB4HU2dqUwfzTGszd7PctTafbvAlR0OjW3tGUXr
+E3EdckoFmwsBepsWZ38oLId44n+jJEfYTL4/1AaQcvoIj1SAoqHkU98+vckhU9+1
+1vP3h7/UNGA5HJH/SvNlp0V2wrv8b5SYZmNYcjQZvScurMXLHNibSfTUWo4CZK2w
+cn9qLSCtgHWeLrI41Fb+GzgHZrhUYtkPDHUa3UkEKameaSuP8kq0Zw3Y/76OST4R
+fDqxsjEayJfJ18vEArTXj2+/lVKasMt9Sz3O7ZZzc/safPf2jimCp3D87x41v8YE
+X7LzfKrymF7sNayxG2QhXZITvE0Y1cVHcBBiVdLmWXtyJmOlQF+yxfwltKfETa2z
+6rbKTMHwl5N7oRDCVhASsfWHFHLXb25AZVzApqmSk+dsc4LSzPxnEudj0VrIR+pL
+OlIfv9UdUnTWYIU5f9pryJ9sP6jubJ4LhC9/0RlbYIv8JY8s/jLv3fS92VWIZMn0
+b8GNIIM/Z5IzP5dkfB06grHR2gqrmlH76/kuCkA9/a+VJRSwaTrGghTYJUDlwX0l
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem
deleted file mode 100644
index 91c6b1fb56..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test20
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDZDCCAs2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QyMDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo/2deWn2P1temSytp9fRh3t+UZIp62k5
-iNe1RKLHz08HxSTMrPeCRNnJFp5opbLpQEsUk8xludZeIcWGyLtBTN5w46xk04gh
-1Px8Z2+/mnT/ngizwoMvKZf1dqA1/IYacDNHoZB8wlR7iMEa3scvBmFE/B/Ieudc
-hxnOxEhEprUCAwEAAaOCAUQwggFAMB8GA1UdIwQYMBaAFD++QPH3awL7sFnDAKRa
-4JdUCOkZMB0GA1UdDgQWBBT9Hi+HZ9Okq+jLk3TXM424X5IyqzAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIHUBgNVHR8EgcwwgckwYqBc
-oFqkWDBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-HDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGBAgVg
-MGOgXKBapFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwy
-gQMHn4AwDQYJKoZIhvcNAQEFBQADgYEAEyLMappHZG7NaHTIJRCcyylzQD0od1Bi
-cIsRgkSX4W6BWas7pnbYsIaBtY7SX6PU8lcrIBdjUlKUmzZP+0f08ptO5a4ZPaY3
-mJ7GjPUXPN8T/P8cfpU5A3AlaLam894aWe2vJuwmNlrEs6I0mP20WbXkYjmg2qzP
-joyjMV62Zb4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem
new file mode 100644
index 0000000000..b290e103b2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: D3 C5 3E C8 EF 55 F3 CD 93 1A 83 A1 DA FA E6 40 04 A0 52 2B 
+    friendlyName: Invalid onlySomeReasons Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEfTCCA2WgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiRMsPRNlOugMy
+cCBZrkN/m6EPMxUK2+PNt+QSx4QWPS3OlSLxzUhhD6yc+zMeMyluGW0rTvlaiFeG
+/6zZKonarHmHwwqc142IFGSZU9WFT08sZ/w/j80GROqxD/Jtn1IREh62S8KeWJMg
+1zxPgJYXS4CzI+MGs0B0J9aSAngRlca6nGN2a8VoQP0vdw68Ndty5R6+/eTHjY0K
+av6WdqC2C6sJVTXuL/5gTewVfVsGd/jKWsVdS4l0gIMSyfB0XxuCUzOhLgiKJ8BL
+eWjanMWO5QhmFbfe3HhMzJAS6K3FL2uLc5V7cFElCoJpnXVqld+zqcVCoBsUcDx/
+NJOG7aT9AgMBAAGjggFOMIIBSjAfBgNVHSMEGDAWgBS+ZtweDAY79tOINJFTJoEN
+aBduyTAdBgNVHQ4EFgQUGACS0xeS/VfcsU8QUHe/mKls0JEwDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB3gYDVR0fBIHWMIHTMGegYaBf
+pF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGB
+AgVgMGigYaBfpF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNV
+BAMTBENSTDKBAwefgDANBgkqhkiG9w0BAQsFAAOCAQEAlo+iWYN5GvvLUmNv/OOK
+T5LL4QSHSsEsRdsq5ZJsM53pqDVm0/DtGncdiknY450Gf0194CTntp19YXmOOWWe
+FTr90lahPlXb60lRMngOFTpusFymkxhfwqVukhu6wGrq7B56lozEziFc4TB+HLX2
+z4I+n88inNtPN6diUh8ga4PGtqAJoHUYPRwPFRTw+wi4NlHSQZggGKEpNHHkj7yD
+hJtgv3QYSTHvolbYx9Yp4u1RpFX0qEK0koIHVgHGEFxNMLcMScPrmfA1R0zrcRAT
+PSu6f8jlT9RA+Z3InPSQg4FBrUzt5BLORt54CCpHWu/I6DDfoBHrsLiyRFvQiENm
+qA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 C5 3E C8 EF 55 F3 CD 93 1A 83 A1 DA FA E6 40 04 A0 52 2B 
+    friendlyName: Invalid onlySomeReasons Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,936BF71DC9DBD730
+
+5tsLFC8puE+be9YJclRpByPGMUuvjdyd3zuCN63T6QCm9KH+ZVw0oaT1RVKg+Q1R
+w4ejiaqjxXJtsTu5cig5LMJvRzA1/9EB6b0Oa91SibME3AK3l1i0GoA274KQZ/J0
+FcEgMNTcFN2yyfL0uVW+aAZLYnQ36tLp6Z0pHQay6bfgpahDpRA/BpHoyYhxnqoU
+GeArspTdLdhy4f7+HBSVkMnEET9pBtOYXywOfjsj3aWKLy3Y9Tz+LVH7Ezi631Em
+x1/fauHxQxNXIP2eaV6Y3g+YaAIVGe83014V2KSH22YT2rHeO1OOyt/Vfss5dsfH
+D2wFvpB6/c4jBGHL3wGW0dIl6LJSSVSOXx+P4s1hi2otksacO851HNctZicv6s3O
+1b4V7KuTlSO85milbMl/XCjMvQ/lj0ZN41/FPwFLokcV5VDFLmRYRpM8X/FHa8na
+1AikczhWU0LlhH65JLYA4erQLsnehf2zyZS7L77MpZPZHRAoVYTAggHRUE0h9D7m
+qNNYqtdHvjxNyv090Iv+qs3HRhc+YWpLQGlBRDeCeiDSweSlKv2MIVXv9jRAQvtV
+IQuBfpzjrBlwU0OGnTR/LfRCZqEqoJxnnuVwuVuxgaO+zFY4HeEHAm3P6jPX5BHC
+Wbnhly5yne3lZQNcklLXu7W7lqW0SjT3lOiJmZoWqQsPmOBaWu77Q1DRr/NwnA7n
+lD+jZ4MioZcOkI/WKOkeKnFMwRfceEo8HaHYxfWPtm0MpC5TDD6CjSc34w3xLZ31
+83HfUlLeZdbkJ680SecLm2A918lob8sZjSOZAjx1ZoJQeaTVhm5mLTAhAAWE9K8Q
+KBo/exosNh9b8mjtxe5QG3puXd+p2almF1w+Xa0URiAzWFo5rDfHE4pURbYWUs6d
+m9telasFGEikjJkJBnvKz5wPRIjWGNbOzg2oTU42wyZpCwpqiKNAZ4hi1j/nUGlF
+nX4Ku7fKLebD/vvoJN5z/kFz9zpxa8/ygq4OR3IooOBHP75fcVYQeIDa8zRUYu2g
+M8v6vydKgSKBS53zC9hGVxSmg0EeI86XzJVGFaxMArkkybs2Qcm4VpaTtRsRWc//
+tjHePHUzEjgeI6eN7sDlTNY0euzRrrTEUXBPIrLbhUDrAQO0Agnt0ibqND0T/BGp
+8YN8v2fjgI0mvAlh82hn/oFC4b1d+NqEbZyUL+bcLuf8kPYSq8UYYpdE8npW0TZS
+sIA0eTGWLT0apKBcRIBT+fuhvn3F6sqagL2d4SQBLWelt5bImOf48PWBDocngY4U
+MdenQAGxGPc14yPBx9NigcLj7kfXywcnZYNum9NbUgTITIlkXsTS+Y9AI2TNGPvy
+/KCZSoXDX/aoNWuhIa5FCGjJ3tAnHBSCFOxwLYTpsVV3xu7aCB622strxP0XzYNf
+C05Fr6LAsZckRyp6lcrPNeWksh1TPIVxZuQgbTaiGfqbMa5WqsMezWkRWhd55R53
+EBl/g52D2v8DAucROQcja72O6GYq1QNRLFhUUR/IRn1ZhrkdosgKWt/wWvNEoflB
+edxk1kI4xNxRI7Xiabc0DC/V8wc1ot/daAeO+lMfBAXpgxMjwGjTLCBlLDgrsz05
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem
deleted file mode 100644
index 07b5c9b27a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test21
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDZDCCAs2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QyMTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzgd55Gu4oIU3A4rk6mO8UVYckksUPNUx
-c+r5iyehCTZg5HpsL0JSKVXAlRwGm5Q7YtHJE+teXB2BM0iMSAIZGNX8fktIN8nK
-Lrw3CHA+5ZySf38wiaNzTgw3V7UTBQ01sd50PWuvL+jOm+AcaCMvdcqFJBP0yhCS
-nkdd2MUeY1MCAwEAAaOCAUQwggFAMB8GA1UdIwQYMBaAFD++QPH3awL7sFnDAKRa
-4JdUCOkZMB0GA1UdDgQWBBT41fIkHaXWHPGTFvG2DPuOcjtPXDAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIHUBgNVHR8EgcwwgckwYqBc
-oFqkWDBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-HDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGBAgVg
-MGOgXKBapFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwy
-gQMHn4AwDQYJKoZIhvcNAQEFBQADgYEANlJq9PF7a+NShO7uJTf788sIG++L3xeT
-OiO5bnuAe91jbQN8l4j+dHxDiT4CdVBdlUPwlENF5rtuKsjSn6baeKMwAo5A6ji0
-7YObkqeg6Be0P6fIKT29KyT17o0bXi7rRTK6PqODvOePJ/kf+x5pMpQrHEutym09
-VmHbVhUkHEA=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem
new file mode 100644
index 0000000000..0e0fa5d206
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: A4 66 39 01 86 64 7F DC CC F1 85 53 E8 29 9E 2A 83 BC 7E A9 
+    friendlyName: Invalid onlySomeReasons Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEfTCCA2WgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDorS+B8w/Omx4m
+EBUTz7QShkAsc2IODZ7s92lMmuyrwsunqvs4+eECVas4ESRfTfQ02x9wV8GnX51y
+ftm+/CZfpw3Ly7KGWKKy8+Hhb3vgoXM6GJLpkeI4GpipGl8bWrk3vJio0GbvQ+hD
+TxCoVolLgg3oCS6B0Wc8sc+90BQuPWEGYJrF9hoAICWifdEcUgFoYMYo26T2f9UT
+Mh2uipdxxgoTl6AMb4GlFYAIuzo4nnHL2C7q4DEnGX9eHCl9EJvyxhXMf/FDYMxz
+NxkE00KphWnRYnCczcnRb5kNfGD0VeEa6Qf/gLKpQ88zlaIpdGl1HeVuW2qRLJE7
+s2SetEYpAgMBAAGjggFOMIIBSjAfBgNVHSMEGDAWgBS+ZtweDAY79tOINJFTJoEN
+aBduyTAdBgNVHQ4EFgQUJzdl7+nc9pHBPeuaqXr8BGm6JRowDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB3gYDVR0fBIHWMIHTMGegYaBf
+pF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGB
+AgVgMGigYaBfpF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNV
+BAMTBENSTDKBAwefgDANBgkqhkiG9w0BAQsFAAOCAQEALZ6z/4QBq+fcjAsk42c4
+f/6/CitFWZY+db1jZuyjnhZcUyNqZXWczjEaIfwUeEcxPHIzthqyn+6Hw+QoY2Af
+bcvePuof71KqTwlyNvS95ggqzIDvB5JfUYYoqLX3uGsHIY8qRg91QIhwvHRv/Y7H
+EC10wckgUqUGPEvVfvX5h0FJVvedXM27SbhkfOhxufcLFnzO9a5+Hn+s/KDxPgBD
+QXxGz+uQk+h5dvanVXXVNjwQxwIKAz8SSnzob1XTiZShrhkKd0qBq3yYv/98/prM
+DH6Z4IWT5w3xpaHpmgtUNcteCXutoDAts1AMilmDV7cHLU3Pjp/zPdHAKAz0aeky
+4Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A4 66 39 01 86 64 7F DC CC F1 85 53 E8 29 9E 2A 83 BC 7E A9 
+    friendlyName: Invalid onlySomeReasons Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A28CE1427426524
+
+8v0WCIu3uMxm+zbaXC1cKoL4XunvJPSAed4XjMX9L1mHli9XxExo0xdaNuSAAfZq
+6B/twZt1FFO3uVfOBMjTupUFIXDRiJ4DMpWsliN1XXzotdsW9f/brWHbb6QZM34D
+LPYhxd7m2wzRyA7O8OWOAFKSnZMUeH69RdTFQD02EYxhhV+sHOr55K8Bf12rtySj
+09iwMCgOBOhCZ2/cyT2AyN4sPaVpgkPX9ndlcqzhAaH2ExIpeBzdRj63rWV8mZh/
+q2K4bWV1RXO79vuJRZuA6nsdynCP8j04wqEFXh5pKbbVnEOUBkeE9I9xih2YB6H2
+dZSnKqAPXRTyKu0QyiY9orM6bDtpGE8lp7f243zdIb9boYBy7yfOc7KI0J1Tt6jN
+zVM7SsltNUAS0MQ7NR4cyH+C+mDL0FGN8U9K6CUmb9fkDpFwfDTiFpJ4O4z3Q27M
+rNgE5393wU/DoWwNzi1Q43+46nrRBtD8x1az63xEvDzlRxd/JY1QXRKGVnpA6mPl
+JyjL6BdwOvySRNDwS+gvU8v50W8HDpTMPIWxrkL+hGFFBHKyK/EErVxpWb+a1pio
+hY28vhs2yk9TTI93gqNGDe+VBduLs0KnTxeWNI67/ML8ATftYN73A+TExGAs2Xis
+ahCV1vNv3kKWOq0tgeqGCmaL3umpsPAb8sPE51UULc0W5Kj9OJ+qTsOS6pRE0+KA
+RzhKfrLe3Fr/JBY2zONyroxcfzSW1qUamTgCh7EhbTHUq5INWTx3vaKOqeI9N49i
+wM24/ZGDULF6yckVHKbDVx8gOrame2DAOMivmglQ4ZiQ5Sr6cAfM1KZ5offji0td
+CyRS20Ou5dukqI3sbSMV+W5Vl5giAC0s6ICRjvZE8ECg3I02KZ2JvBBI14XEJbtH
+Dqb0cQsahHh0vxtkZA81J4b6hF5RjaWbwrJP7Jo9bEjhgS8335C3/kAqYkAgXEPO
+a3/esjyuzH6IM8OGjsieFbkto/WTl992ERDj885Gm1RTLAD+Jqnnv7y329cUfK0G
+BEiqDQd0nU/8qBwT0C/Tc4V2UoEuHp8mUULDawnjbIODFjbTuaO5g9Iv3+LCfbJ6
+i3GYrsQ3NF0B0/L87s96Cv2IcEhEcqc5PR4hwE6YQap4V/IWKgcZyw5WjZWY2maW
+YL2p7Pqc0VlR4SqRreg9HsvjUP5N7mNSG7YUHO7mjwTkXBnEHXddzuFPtFXg5G9Y
+Mv5M97Ix9rbNEeF+OmkZpxxZ0yE4HbxHzMwMdT08DfGL/b0A/666Q5ydsLggQ+4h
+kG8WJhEA+MaMFJft5t2po/Jqw3GLUT/NgPMpvrTY1wTjE/fQumz2xHGdPC7D0uGs
+TTzjKi8JZ9F0Il/gyxIf5YtiOnxH2uwvpx6yJW8+gIQy1deGmQrrO0txwju5vVIj
+2ogU7MEm4Rf54c/z6qruJJEd15qCt0L3oCqRxE3TQQV6iH5i2M0Rj91ov8nr+nT/
+OCtmKP56/WeqCMiGQZyaaa2V7MghQBX7U2OPZnHP3pYnLtTewsGbx0W2K4d0op0d
+PPLuQ+Uk3dyaWSzkZhq13QmMflfcTLM+Y1JRBdJXI8CySwdxxL2E7NuI9/huwNVu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem
deleted file mode 100644
index 1ef60f3971..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem
+++ /dev/null
@@ -1,211 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAt36UX+gq562CFiw9L16IZ/AjJhU0BB9ji/77uw3AfvBGggmikeDq79BD
-yzBFrHys/L5UeXepakX1v+XvlxFjwvc8c226jf6uKEop5KJZDI8aV4byQvc1C8Ol
-MdgZ4pd6ofTl28r1VDkdDt94c7+Gl0CqBo6LawwGmNfSHUWqf6UCAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFAJIeLnM
-AVExdH85KjfCRJN+mGmAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQCm
-Qa7i6335O64eyxJjXl3U2Bw5wN3JaK9t7f4dJAxfOlcblWbbes+Gk12UCYtxTZDj
-oZ70F4IoGU7JQt5CcdB2yQtctPK+X7A3/Vsxjknm11nCn4IhcU7LDkEiSovBGLR0
-KV3NAqQQhr1WQoY1Uf3Ncpl7b+SaZscZ3r35UJo4iw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTAwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTAwMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC3rH58cOqP9U5iyQflKaVyYw+1LMhr3jDW9/Q3aedlH/TY
-iLmT71FUjHaJMWOCO6sAEYMphrRdIUy82rai3iJgrNtJ21uIFOlmjgwgl9amHX8B
-yT+qgiwLs8kzE6NgPYHgLgbKEIqgZ+AZplCt60tCbeGKLR/WtXrxAIgqU+ar1wID
-AQABo38wfTAfBgNVHSMEGDAWgBQCSHi5zAFRMXR/OSo3wkSTfphpgDAdBgNVHQ4E
-FgQUauYRxUFtrRo+gtywXa3yGfFQzgswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB
-BQUAA4GBADnBidpEzasWbrLankXCoCaeizozu2dGAMMWpbs02cplC/vIlcr0myWK
-noFSuxUuQa7sMxp72p5r2ziJp5pk1gT2KX/kgOYlQqgbJ4UmARGP7er+zIPulXib
-suMShSCGO1xC+fXppdhPy+YQq8a7Mzi7XKqP5su+aTWw/B3a8ys9
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTAwMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowYzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgw
-NgYDVQQDEy9JbnZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
-IFRlc3QxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr0SfgP3iREpEpoxL
-34yNQOjycTI5wM/Y9YXQ6E26DxRndEt8gy0Nt+w7/WcO0aJ/EA76704ckmtzahRW
-gH7YAntSVCkBwyB8EDt0eBxom9vWRhPmqJgF6PJtcuAZnkISqXfw7zurQN/p1HzT
-iBta6ocTlilBTPujtQ/X4O12W5kCAwEAAaN8MHowHwYDVR0jBBgwFoAUauYRxUFt
-rRo+gtywXa3yGfFQzgswHQYDVR0OBBYEFLsMSzv8dfhgJ3MxRW07FltMDKkGMA4G
-A1UdDwEB/wQEAwIB9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
-BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAfOH+DXogRwi00dAkv43qzCo23eOg7
-uaaD7fgNVn7RrEYkyc0RZWf1P56IXe9aTM41eVmi1PyblkZ0aXH9e7ShaOW11Jk4
-OpIpx+vR7HqBjW0yqIXES3pbA6Vm26gj1WDuq0oSps0+BxKTL5cHxVlCT9+YES4B
-T1SmCaLl/UdsEA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:48:78:B9:CC:01:51:31:74:7F:39:2A:37:C2:44:93:7E:98:69:80
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        44:34:f6:c5:c0:16:f7:24:42:33:a8:e4:ca:74:71:94:76:93:
-        e7:4b:7c:a3:8b:ac:ae:11:ab:46:94:f6:0d:88:b6:e0:96:1f:
-        ab:04:6a:92:b7:6d:4b:aa:6a:b0:13:58:58:a7:7e:06:de:c1:
-        26:d4:09:e0:7b:a9:e4:dd:73:da:b0:cc:a0:61:ab:c4:c7:cb:
-        c2:e1:66:f9:f2:2a:c2:c9:59:5f:05:c6:74:f8:bd:bb:92:24:
-        77:12:34:23:7d:95:99:bf:35:e0:6f:cf:2a:b6:19:29:9e:59:
-        d2:0b:2f:07:44:25:66:6a:e9:5a:ed:7f:99:33:b5:3e:65:69:
-        57:95
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTAXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJIeLnMAVExdH85KjfCRJN+mGmAMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAEQ09sXAFvckQjOo5Mp0cZR2k+dLfKOLrK4Rq0aU9g2ItuCWH6sE
-apK3bUuqarATWFinfgbewSbUCeB7qeTdc9qwzKBhq8THy8LhZvnyKsLJWV8FxnT4
-vbuSJHcSNCN9lZm/NeBvzyq2GSmeWdILLwdEJWZq6Vrtf5kztT5laVeV
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:E6:11:C5:41:6D:AD:1A:3E:82:DC:B0:5D:AD:F2:19:F1:50:CE:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        42:5b:18:71:be:d6:f0:b4:80:f6:33:3c:cd:99:0d:26:f3:90:
-        70:42:44:f8:f9:61:72:1c:b3:91:02:0a:14:55:67:d0:1b:23:
-        06:f0:90:76:49:c6:82:23:70:da:3a:15:95:90:80:aa:8f:0e:
-        fb:4e:5b:9b:66:38:21:14:15:c1:65:71:1d:e5:b6:90:ae:b2:
-        7a:73:84:9a:1d:3c:f2:2f:65:0a:b4:7f:52:90:a1:1d:37:a6:
-        24:a8:7f:5e:72:e5:1a:8b:89:31:ac:dc:0a:3a:d2:15:7f:f5:
-        97:f3:1a:82:d6:fd:74:b5:92:0f:d5:d3:a5:74:1d:a3:7f:62:
-        1b:c4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTAwFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBRq5hHFQW2tGj6C3LBdrfIZ8VDOCzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBCWxhxvtbwtID2MzzNmQ0m85BwQkT4+WFyHLORAgoUVWfQ
-GyMG8JB2ScaCI3DaOhWVkICqjw77TlubZjghFBXBZXEd5baQrrJ6c4SaHTzyL2UK
-tH9SkKEdN6YkqH9ecuUai4kxrNwKOtIVf/WX8xqC1v10tZIP1dOldB2jf2IbxA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem
new file mode 100644
index 0000000000..2d7bbd0916
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E5 50 22 A8 C1 4E 7B 5C CB 90 98 45 C4 A7 F0 0A E0 ED 2E 33 
+    friendlyName: Invalid pathLenConstraint Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMDAwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCXqvJf0Sbty1YiHYZ7PHwNkMnllNAX+ilKxDm339jET5zegwNzwyTXh0nk05rc
+wLCqE0slxm6iWWfh3sK7DE+zWyj5RwiiwbT7K49hFLgnZ7/3x3wARVb0lLhN699d
+iRJm+Af3vNDVGkQ1FSpy4OBiUuc2XMiWktOV/smBAty8HvjZOBB4Zy0ijV1YZK+/
+ihX/Feqm0PjLsrASBqH5PAVYDzTXH406ayeUCK+daoxc9nO3jShm9bvTZwoc9tN5
+M/VzFHoG8S5lMWNBcnZd/8++FCEKb8H8FnLktCOYKGWahdYjiIMuGzwyM6XooCEJ
+rxfe03QfYtEknHXO5NZWF1oRAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLq54oj31Fkl
+iuMp30+gBjjdcXSCMB0GA1UdDgQWBBTYF8STFBH7QOb0JnwVIxfQr6560zAXBgNV
+HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAfYwDQYJKoZIhvcNAQELBQADggEBAPWrCmLHcQdJfIVQpCQ6ZAWKOStZ3fqB
+G6hjLBxvA54p3+y2yq7p/0pRR3w22yHOBUNqVjiR6WWRaZBBzQTxt0hj3Dlbj+CH
+qyBc1bbBWk7m/tKziUfcxdPuo9CcG0u1nLTgIE32OHUgSzTmpWO8/JDICCQ4dd6q
+ugfxqWJnlJVGhQSyrSUk7ZcCFG3H2oHDMPYiv2spEv6g6lbno4YrYE/8vl/IbE4w
+BDAjtU3v+DUvI9vxWUa7pocGyb2dBE87ED/4HqmfUmj6cZnzIYRTKX1zoEueu3ei
+bf8l1natz4YwVbQItLU8STxkCRQiYH8d01JBMVlIRA4g8YhPc9Bwmao=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E5 50 22 A8 C1 4E 7B 5C CB 90 98 45 C4 A7 F0 0A E0 ED 2E 33 
+    friendlyName: Invalid pathLenConstraint Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,772EA7F9D57E3F11
+
+5Cj9j5qaOVLoai3GpY+FqYYvsjrAKoTHbLkjhIgjpRzrT1qGkdVe33DZ3mmw3td3
+gGVT8zN0sqvBW2nMAHkPMzpu93XZ0spQXuURePeletXPNTybPJRp5MFSFJynd/aq
+7ClQImECrXzKN4BR3bcSa5Dxld4K7ii4dOdlIQp2yhwOjpTk2o6EXj4eUy9EaKjI
+IOtwWNIXfOdMwc2+ABGSgZ4V1hinfuTm9h9UKMsg0U7AvUIIfk9jpl9AY0ZXT+Zl
+26fz9cM93p5afUFqHnKC1hUgzDY2RGGbipYXJhcFYyGMybXmR/9FpfdHBBbjTdDl
+KyVt7J0oKh8rknounW9or4M7MBdde74Gph2fCui+qh7ti75rgUuuxvjn7mW9+hbn
+RTyVudQ+Qde9NBi+FaQ1T3A7CdlnyfTcEVHtUoEaDUWz5QVuN4U7wwLfk3p8ifdy
+Ws2qoc4YINEXiv01LmQ1RXlYWBTqqQ+giMlS5pagttzppIvEZ/C7aalUEmJleIeV
+O8LHL8SXxfKbzayt0B4TA9B2A1JLQw9GNUzPSqRHTAdYF/oyQouHuij1N86gYub2
+tFIUCd8I2GGcKRgXM04NUslBc+aN0YWxKBqDCnJy9RlVF7SMcppnmyfvRmBPhcI4
+SCFNfKoZCywAVvjMc0rdAgWGG06bBg+8OUG5jfH07Rn0ydbp+StiURp4/xYUqc8U
+i3yDx+NljZdDt/JYM8z3sZKXNltfbypdK+1BCV4sxyfzWzjYqd6smmmtjR2A8AOD
+sMAAWMQPZSCJ6PtgNBEXNnDuQtdMNwrIpdHhUfTv9xB3ePdxpzfuKuZ7ncqfrTQ7
+De45pEt/eEWvlQuEABW7KKSPilRj7LKzFxk+qK/bwT5YB59q3veQ0ktpvo+KhUMB
+Ku7efDPV0TTbreNriUlM0ipUTdN8O30FHbxOX6ZzZ7YvpBQRZtKgG01OXpPsUOv9
+qi5JdkQuETK0YHKxy9Kg36VdPKS+pm58nxd7Vk1NL4Uw5Btb/6/96VdC/U4HTE4V
+dV/BsPV1SZQOONutjRIyMI2IPDlEfMcQgyojfHYRMG9VvHQvXfL9oRv+5eU6pxkE
+IILyicibk+tE2hNR1lZuCwHZ9qF3bcu7FvJVTiUeqrBMFtmyQYgQXrXNT7SwO0UC
+GECT4Jd2f+BnS4OgW4uKxJWqhwmTfxyevEGBQfAKGhL30J/foblBZDbc5yPIPiTv
+5PhyqHqlsYDEp/7phdyExgpMCnnqBO0NA2ET2yY576FpiWpaCVIlYODixK0xPNuE
+ziw6bZ2OOGUzj743b7CFVNUesd1S7CbPB1m4A3J+iimsuFUq1XGsesdM1ldOxZlA
+4MyBbkvweHtBP7YH86odh6nASA7n8I8RRVHOGa1dLAcwKHDs3qhjPd0EnZmrrrba
+t+SC2aunuXee2eyeM780obWfkSOmtJlXm2seq7bScNiAYzsCL+9Z3tOkCsH1LjNv
+mETaxgW+RRAklGMuVzRUzfprt+4pqeRdDrz5Uq/kJpYKx8d1Mi1YKuWN2JugPyOu
+qOEF0J+h+ydTBNL9d4DeME69PvD4JMq6Vny/lL4OVpS6ip+Tg75vpQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem
deleted file mode 100644
index 259d24610f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAmzChDurmjaO/gLW4mwfnkQwkFgDcZvpMdZEqpd4u4+RaoyI7I6LlTFQ+
-wkZ0cnLVA8C/F6+ZqpMXg4s9pb04PuHb0xsgBHFefpSASxTCIBWVOmLq462zY6o8
-Iun/AQo4JVGx175EcIUkcldAg19+3l1NV4fg7BN7waHWiVfIzS0CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEQ04VAm
-/zwjDK2/vU7Ge+AMSIqqMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOBgQCK
-Fy4Zq2RJVwWE4qzs2QbzST7CRcwqzwlUwH2S53MA3J38uXAEjqjJLyLSG7k9xjYq
-Xwq0hQZIfdeOkSMfSEUl3XWgYfQFGfmHdsUPJ0NX79NXXoyxsfZPRH9LF+CPnv8d
-kwA/on1VypfAuAv4/M6L3p7jFDISJRRGcXRBRB13lA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSXWC7L0WLN2ZeSCkEhh0EhpdojjOAr8wqSRoVWRnyzGMM
-swGD3i80PXaZFl1qIeaER7LF0udID27SF6sC5g+kklfiK3UAn0YscNa2U6r27vwO
-2pj95+SfvnAuFgQoO82T4VQtUJnUOB+NAwWHGZ0Y9WiAxus6qNqEVTbr3CcT4wID
-AQABo38wfTAfBgNVHSMEGDAWgBRENOFQJv88Iwytv71OxnvgDEiKqjAdBgNVHQ4E
-FgQUs8D3URQQ9lyaTiyHUFHlkdNYWyswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBADYFuhgJI8Nyw7Mhpcq5n2NHNEXkP8g5ibaa86O1I//NQRsXnQ42VQrQ
-UemJMwtYlYjXHCL3MaiZOOXv+jaJDAbAE8zDq1c11WuKYBQ/ABNR+jCYnOlnR4lH
-1Ibtl3Y4v7sEq5V6MyO6DugCihflJSVSOV8UFaYxZQ3cb/AgI41q
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0ExMVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALXNtkOI9gcg1V1Ecg8VBS17NqL8yaeNOG8h
-VgH8Peay4GsCzxqYOSnPDeBKtlMJ+TAmMmz30FZ4XtEJScvx9yllHjEM85LdyvTM
-ZD6gy7yWApPgkhMipi9vww7JUtH6RrDQmKurTvtx5BhM/lYWlDVSnxX/CmWFm22r
-vwk/Rbz1AgMBAAGjfDB6MB8GA1UdIwQYMBaAFLPA91EUEPZcmk4sh1BR5ZHTWFsr
-MB0GA1UdDgQWBBRqNvBXdT9CFVC16QgdKDfFreIGvDAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAXlaYIT0dDTF0GGAJ8H41hvUkovy3ge8i7YDWofVBhdt+rEeC
-v0tvUcc+7mPSj3i5flZgJnbXMwS7wNlLhttOpbBMqL5/vWyIcvrgXm3qmXowQF0H
-WuW/WllHgGzQ8tIbGUWcl2bvkFNA5nIeumCrK1vmIgNqYaRUdOH9xuPuvxw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTExWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/Kz6a5RrnL
-VxjtAz2f5jD2LFhGyAiWK8+D2zGdebUqwosPmO1bFaTy4UpTN1y2NDdhbZJ9u6q4
-UyBlEswNHWLbKw2eAhhlj4tL8W7qCcCTiIDusf+/it87dawc9FbLFDa6ZhPQn3zf
-fOKdROTtdR1GLihtxkPeVht0YCU0Y5jBAgMBAAGjazBpMB8GA1UdIwQYMBaAFGo2
-8Fd1P0IVULXpCB0oN8Wt4ga8MB0GA1UdDgQWBBSms0sRlWo2giuUP4b24hz3mOOT
-ZjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
-SIb3DQEBBQUAA4GBAGVBiyATRLrOnNHi80uCRg3a7ZWI4275SlflSYwZhFBkGkd2
-C4kyAGKsNrFGtuCpDNM7IgF4xbQweHBODNwwCOfsdc9OahGntqhxeKxUQpDkwc8a
-3Faqn6fs/BnZqkNzepiZdHCsTdiyiiB7LxL9LVo7575vfuB0yBsCk2lGgbkz
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:44:34:E1:50:26:FF:3C:23:0C:AD:BF:BD:4E:C6:7B:E0:0C:48:8A:AA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:23:83:69:3d:e9:a9:b9:0c:9f:fd:64:34:97:b1:1e:e3:c6:
-        25:62:c4:d5:cb:ee:87:98:04:d6:96:04:0e:7e:96:3b:22:7c:
-        3f:e7:f6:f8:a5:d4:14:a2:86:2c:10:d6:b6:08:a6:da:2a:3e:
-        7e:70:f1:d1:e6:a0:6e:55:1c:68:10:4f:65:d2:1f:51:d7:a0:
-        6b:d7:df:db:7e:2e:f6:8f:5e:64:5e:6a:ca:48:2b:8c:f0:85:
-        37:f3:70:67:c9:44:c4:8f:7f:ad:93:93:e6:d9:c0:7e:8d:0e:
-        01:16:01:82:e2:b9:a6:28:1f:3b:e9:0a:d0:ea:d6:23:a1:c4:
-        a5:1a
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEQ04VAm/zwjDK2/vU7Ge+AMSIqqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAI0jg2k96am5DJ/9ZDSXsR7jxiVixNXL7oeYBNaWBA5+ljsifD/n
-9vil1BSihiwQ1rYIptoqPn5w8dHmoG5VHGgQT2XSH1HXoGvX39t+LvaPXmReaspI
-K4zwhTfzcGfJRMSPf62Tk+bZwH6NDgEWAYLiuaYoHzvpCtDq1iOhxKUa
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:C0:F7:51:14:10:F6:5C:9A:4E:2C:87:50:51:E5:91:D3:58:5B:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:3d:a5:ee:09:93:d8:4f:cf:28:3b:05:87:8e:8b:08:7e:2d:
-        36:0e:c2:f0:cd:54:94:05:54:07:2f:9d:e6:8d:1b:9c:f5:fe:
-        92:7e:3f:bc:94:d5:fd:82:c0:87:dc:93:32:c8:ab:01:59:3b:
-        6a:df:8e:af:cb:14:f7:f7:39:50:da:8c:ac:02:7c:97:24:27:
-        ce:11:a9:9b:38:72:6e:32:c4:a1:0a:f3:34:5d:62:9d:f8:ea:
-        21:1a:bc:0e:22:98:6f:80:25:1f:5c:c4:fe:1e:7b:ff:9c:4a:
-        83:ec:02:29:db:a0:6e:cb:9e:98:89:33:be:25:8c:2d:48:9d:
-        70:3d
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSzwPdRFBD2XJpOLIdQUeWR01hbKzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBfPaXuCZPYT88oOwWHjosIfi02DsLwzVSUBVQHL53mjRuc
-9f6Sfj+8lNX9gsCH3JMyyKsBWTtq346vyxT39zlQ2oysAnyXJCfOEambOHJuMsSh
-CvM0XWKd+OohGrwOIphvgCUfXMT+Hnv/nEqD7AIp26Buy56YiTO+JYwtSJ1wPQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:36:F0:57:75:3F:42:15:50:B5:E9:08:1D:28:37:C5:AD:E2:06:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c1:d4:9f:53:f4:86:55:66:46:ba:2f:82:df:c3:81:ad:52:
-        95:0f:cb:f0:c0:25:ca:b2:fa:80:c7:b4:50:a3:95:70:ea:01:
-        b1:30:fe:c9:da:a0:b4:fb:a6:9f:55:ec:3f:df:12:37:bb:44:
-        cf:6a:5c:7d:fa:34:93:7c:9d:5f:f0:d6:fc:dc:07:9f:1f:2d:
-        bc:02:3f:80:59:de:31:ba:19:c8:e8:a9:3c:e7:1d:28:e8:cb:
-        f7:4d:e2:f6:26:cd:45:2f:d4:70:77:68:ae:1e:5d:0f:55:c6:
-        fb:f4:5d:64:3c:e0:30:a7:2d:3a:ed:4e:7b:a1:e2:13:70:da:
-        30:e4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTExWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUajbwV3U/QhVQtekIHSg3xa3iBrwwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAk8HUn1P0hlVmRrovgt/Dga1SlQ/L8MAlyrL6gMe0
-UKOVcOoBsTD+ydqgtPumn1XsP98SN7tEz2pcffo0k3ydX/DW/NwHnx8tvAI/gFne
-MboZyOipPOcdKOjL903i9ibNRS/UcHdorh5dD1XG+/RdZDzgMKctOu1Oe6HiE3Da
-MOQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem
new file mode 100644
index 0000000000..6c456d7ec8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E6 98 9F F1 E4 B5 04 FF 24 2E EC AB 3E 07 30 38 21 C7 01 FF 
+    friendlyName: Invalid pathLenConstraint Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBMTFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowaDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExODA2BgNVBAMTL0ludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQg
+RUUgQ2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA1cl8/9ip/J/At2SsSX+IJEEVyheRfuATAjbGXo7Cxrc0hDSRHTovhpBn
+9bvr2U3tLle6PnM+04bGz+Xt4+XAwq3bYepL0Y9TKx6S9sFwdVSWM3tpfS15OfeB
+G0dIugOZMSm+o8VQUoFRkEazcWCOUdu+9KEHXBecAeWxRof3IM0R6i3cTprfjCs5
+yXgsCln5HUPLDw5twRYOEE5mnEWtraWEFUeYE8xVFwwk69N9b95gpTsEvzPnyc7Y
+vcEeVGDsezBQmPxDSOXA1pDOqBswDj90rFy/ZxQWPSOdV7dSk08Aa2KayXgL30gz
+mO6ENzNWfIZ0g6TN9Oq8K+lhRx/E6wIDAQABo2swaTAfBgNVHSMEGDAWgBSD2ri1
+xp3Iiwh8iz/tGnIl4q8b6jAdBgNVHQ4EFgQUOVf5EG2PkPu3WYGjOi+xdDjbuacw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
+9w0BAQsFAAOCAQEApEdV59RrhEgGjn1V6YgmOZrmFoy7Vr1Ss36w+MY7OqJ5zdYj
+BJPk/cDWct/Fk/X+i735WzzY11K4KrLc1DVkfrTyRPLHChRFma5g0p5OUUDvofyj
+5gky5i8S3+3l8GthFqJyVgjqagILlj6+az/liTiCLrlKk3+MOeI3xZfqu0fhfWTL
+CMmxAhrG5hjMR/YAcoSLsM3Vu7cwWVn8zB7PA22EnEBspIxwjrH1diVSSix0Mr2U
+VIjrBMmLHIuYv2s4ZS29iPsKcikiXK6+GynT6QuNf0hXEB9a/H1NEBu69+AnXnNN
+8KDP6+hPJxVKCLApWqbmGqJE8b6swlhRomACaA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 98 9F F1 E4 B5 04 FF 24 2E EC AB 3E 07 30 38 21 C7 01 FF 
+    friendlyName: Invalid pathLenConstraint Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,686D0DE45DA2B6C2
+
+VaAU12sWq1Yg+V760zkDSlnQXjjyrXCaIhGOwTxTgbrD7+7ZxAnKlXuV4oNnJQm3
+bIn7RQlR7UiOVdNhgMLz0Mq4J2zpqgCJMTm+mkLIukiICn7a7f/e0VlMyBfFQeWH
+gsCUz0pIwJ/dT+hPTFkcBmnpN/2gPkZTb2roGFksUZ6Vk2rV2Ut4tg2rqG3SoYws
+BSNx3ZAl0updwkLjjwa+/YtGOOAfqqUfJHsLmhkYgaZ0l4gumy6oxz8wcc9YLOCC
+qX+5MHfV0cpgjw39N64RYY/vbEvUp1lVFT+LZW2PQF1IJTlw7JvRk2RDxpKTkAai
+QcqYmFoTnPQrcPQ6YtJn6lFTd+iHts7bA/zn+FXkd/a2wm0zwhGLFmYIVfxICC+d
+1zHZBg5BEYBEq4IYx9vbHGXyLnWbe6/jqBQZs+iWmLoia00CwtLy03JFIU+K0xAW
+bCNd7KHo+gtV3H0WREVl07/a1zsjUEx0hbfENQJL6I674WQpYR5+ca6RK6JFhchc
+OiuAOz5X0tYcV/0dZwdN4iu3ezTbnz/wjeTbxvkFyX5GMgJ2QN0IB4ZKedEbmdhC
++a1S8Q4DHMC7XE89R8jC4nIV0TsSbAmGhK8PwelKamBRG+WZrd9r+j+JQ4Sikn2g
+djGA6/7I3BdRppMScqwhRxc72tWPLguwU4oA9eLcatZ53MFiYd6ntVuTeRVjRpeL
+IhapZxZDSvNubE8+ObyvmKGTxUgedotSWHJXyv8+2GKGCwl30LSTBVrizsXry+Tf
+0H6gHC8OY4v6S6UdsLVauXojkdVI7xH1GBco9XDGibmvi9HxggBC9QMRdRE3PU90
+Xl2ur/CWEkMMrmjz0ZfXapQZgGSaLUy+PJShX5SxKifoNT9tLZmHPSTgYlIT8ijc
+pu/DUL/bkF7J8Pv0660T7Gj3RWnfIe+2MX0AUObKRBgP7heVJB2a9xmX7VbHLP+9
+0zp7Omk15r3DrWVEqZJQhnM7/0B77NWRXWtdyTlO7jA6fW6i9q0ZIsgcxAf+VqN3
+tpeKI42jby51SopRNwdbVwi8WmVonzpYnwuDeXlRScBMZpDaqbn5+fQjsMzt3Pjc
+Ly6Nqq1tngz9f1QAb2a2RLSM1RKuWoGvDzSQCgdcgH9C3XOXi/6WNI+9/oaIcvKg
+PACApYS6OfoHzb9o6pntUAXTWHV4djx71TX1tcpDRoR8OKlMbF4ZzWOVX+iOmnkz
+LUVyILMB9HWuns7l/Dr7oogP3sTua1GyVuywCZBgVIxrrMtVJJJfKH3B+rte9jDy
+lvKFAxlPOT3lwTcd/1Dx7FX7RVQM0l1uB8qWH3h+2N/H+4y+ETBg6yadKKrfzjro
+I+JDpQU2oGBNdORnNSBHBYXYSlYE5heqfeNz02GsT5uhPkhV4yWP1FOnxi5A/kcV
+iDkKYk7jAjVx/2dlZPa4oPHiGf9PNGE72cn3nMdlPNNcM+bjJogLAc1czNeU9B6u
+mWraqdYS56WRNkOIZmw/2JrSNAQOSGx+WM5UL6qaPqdlylVzPsHQEpTQ0mepbwfH
+Ftecmyrb9VyAkW5qmOnpFPhNVvPAGi3paxm1gFBKYSsynO4tkw9VUJMPEOOcyff6
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem
deleted file mode 100644
index 3325707a9b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAmzChDurmjaO/gLW4mwfnkQwkFgDcZvpMdZEqpd4u4+RaoyI7I6LlTFQ+
-wkZ0cnLVA8C/F6+ZqpMXg4s9pb04PuHb0xsgBHFefpSASxTCIBWVOmLq462zY6o8
-Iun/AQo4JVGx175EcIUkcldAg19+3l1NV4fg7BN7waHWiVfIzS0CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEQ04VAm
-/zwjDK2/vU7Ge+AMSIqqMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOBgQCK
-Fy4Zq2RJVwWE4qzs2QbzST7CRcwqzwlUwH2S53MA3J38uXAEjqjJLyLSG7k9xjYq
-Xwq0hQZIfdeOkSMfSEUl3XWgYfQFGfmHdsUPJ0NX79NXXoyxsfZPRH9LF+CPnv8d
-kwA/on1VypfAuAv4/M6L3p7jFDISJRRGcXRBRB13lA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSXWC7L0WLN2ZeSCkEhh0EhpdojjOAr8wqSRoVWRnyzGMM
-swGD3i80PXaZFl1qIeaER7LF0udID27SF6sC5g+kklfiK3UAn0YscNa2U6r27vwO
-2pj95+SfvnAuFgQoO82T4VQtUJnUOB+NAwWHGZ0Y9WiAxus6qNqEVTbr3CcT4wID
-AQABo38wfTAfBgNVHSMEGDAWgBRENOFQJv88Iwytv71OxnvgDEiKqjAdBgNVHQ4E
-FgQUs8D3URQQ9lyaTiyHUFHlkdNYWyswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBADYFuhgJI8Nyw7Mhpcq5n2NHNEXkP8g5ibaa86O1I//NQRsXnQ42VQrQ
-UemJMwtYlYjXHCL3MaiZOOXv+jaJDAbAE8zDq1c11WuKYBQ/ABNR+jCYnOlnR4lH
-1Ibtl3Y4v7sEq5V6MyO6DugCihflJSVSOV8UFaYxZQ3cb/AgI41q
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0ExMVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALXNtkOI9gcg1V1Ecg8VBS17NqL8yaeNOG8h
-VgH8Peay4GsCzxqYOSnPDeBKtlMJ+TAmMmz30FZ4XtEJScvx9yllHjEM85LdyvTM
-ZD6gy7yWApPgkhMipi9vww7JUtH6RrDQmKurTvtx5BhM/lYWlDVSnxX/CmWFm22r
-vwk/Rbz1AgMBAAGjfDB6MB8GA1UdIwQYMBaAFLPA91EUEPZcmk4sh1BR5ZHTWFsr
-MB0GA1UdDgQWBBRqNvBXdT9CFVC16QgdKDfFreIGvDAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAXlaYIT0dDTF0GGAJ8H41hvUkovy3ge8i7YDWofVBhdt+rEeC
-v0tvUcc+7mPSj3i5flZgJnbXMwS7wNlLhttOpbBMqL5/vWyIcvrgXm3qmXowQF0H
-WuW/WllHgGzQ8tIbGUWcl2bvkFNA5nIeumCrK1vmIgNqYaRUdOH9xuPuvxw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTExWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYWPPc7psjO
-loPqdJ0NVow1+jFLB3yaoLHoJ+72kbII2gHjDiiZqm3e1E8Bqo136BrJlUrf5ZBj
-5G7DoA0OWn12+0bHhTNOEucIAFe/M6DpdHEIRR3l9CA20h4VMN5dUnQlVRt5uzGb
-RWcxgL5F79IUTDI1M2JJz2z8Aj/WIsbRAgMBAAGjfDB6MB8GA1UdIwQYMBaAFGo2
-8Fd1P0IVULXpCB0oN8Wt4ga8MB0GA1UdDgQWBBQfCYLms5akqSyTnpkK+G20CC7J
-7zAOBgNVHQ8BAf8EBAMCAfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEABeLBzaJ0fJ0vgFUpXxNodli4
-jWo3oP+YW75X3NsMhhl31MbHAyUVw7CCEspHiIIRtSfJCALAaH9Ug7kMFjFDrxTH
-2790IdTodWieyUn/sdU9WWVRXiR7d5M2SVIYwdc6NjmsSVg6m++W99Uv5pBzoTAA
-ClExK3cmR6k5T7cF58Y=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:44:34:E1:50:26:FF:3C:23:0C:AD:BF:BD:4E:C6:7B:E0:0C:48:8A:AA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:23:83:69:3d:e9:a9:b9:0c:9f:fd:64:34:97:b1:1e:e3:c6:
-        25:62:c4:d5:cb:ee:87:98:04:d6:96:04:0e:7e:96:3b:22:7c:
-        3f:e7:f6:f8:a5:d4:14:a2:86:2c:10:d6:b6:08:a6:da:2a:3e:
-        7e:70:f1:d1:e6:a0:6e:55:1c:68:10:4f:65:d2:1f:51:d7:a0:
-        6b:d7:df:db:7e:2e:f6:8f:5e:64:5e:6a:ca:48:2b:8c:f0:85:
-        37:f3:70:67:c9:44:c4:8f:7f:ad:93:93:e6:d9:c0:7e:8d:0e:
-        01:16:01:82:e2:b9:a6:28:1f:3b:e9:0a:d0:ea:d6:23:a1:c4:
-        a5:1a
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEQ04VAm/zwjDK2/vU7Ge+AMSIqqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAI0jg2k96am5DJ/9ZDSXsR7jxiVixNXL7oeYBNaWBA5+ljsifD/n
-9vil1BSihiwQ1rYIptoqPn5w8dHmoG5VHGgQT2XSH1HXoGvX39t+LvaPXmReaspI
-K4zwhTfzcGfJRMSPf62Tk+bZwH6NDgEWAYLiuaYoHzvpCtDq1iOhxKUa
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:C0:F7:51:14:10:F6:5C:9A:4E:2C:87:50:51:E5:91:D3:58:5B:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:3d:a5:ee:09:93:d8:4f:cf:28:3b:05:87:8e:8b:08:7e:2d:
-        36:0e:c2:f0:cd:54:94:05:54:07:2f:9d:e6:8d:1b:9c:f5:fe:
-        92:7e:3f:bc:94:d5:fd:82:c0:87:dc:93:32:c8:ab:01:59:3b:
-        6a:df:8e:af:cb:14:f7:f7:39:50:da:8c:ac:02:7c:97:24:27:
-        ce:11:a9:9b:38:72:6e:32:c4:a1:0a:f3:34:5d:62:9d:f8:ea:
-        21:1a:bc:0e:22:98:6f:80:25:1f:5c:c4:fe:1e:7b:ff:9c:4a:
-        83:ec:02:29:db:a0:6e:cb:9e:98:89:33:be:25:8c:2d:48:9d:
-        70:3d
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSzwPdRFBD2XJpOLIdQUeWR01hbKzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBfPaXuCZPYT88oOwWHjosIfi02DsLwzVSUBVQHL53mjRuc
-9f6Sfj+8lNX9gsCH3JMyyKsBWTtq346vyxT39zlQ2oysAnyXJCfOEambOHJuMsSh
-CvM0XWKd+OohGrwOIphvgCUfXMT+Hnv/nEqD7AIp26Buy56YiTO+JYwtSJ1wPQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:36:F0:57:75:3F:42:15:50:B5:E9:08:1D:28:37:C5:AD:E2:06:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c1:d4:9f:53:f4:86:55:66:46:ba:2f:82:df:c3:81:ad:52:
-        95:0f:cb:f0:c0:25:ca:b2:fa:80:c7:b4:50:a3:95:70:ea:01:
-        b1:30:fe:c9:da:a0:b4:fb:a6:9f:55:ec:3f:df:12:37:bb:44:
-        cf:6a:5c:7d:fa:34:93:7c:9d:5f:f0:d6:fc:dc:07:9f:1f:2d:
-        bc:02:3f:80:59:de:31:ba:19:c8:e8:a9:3c:e7:1d:28:e8:cb:
-        f7:4d:e2:f6:26:cd:45:2f:d4:70:77:68:ae:1e:5d:0f:55:c6:
-        fb:f4:5d:64:3c:e0:30:a7:2d:3a:ed:4e:7b:a1:e2:13:70:da:
-        30:e4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTExWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUajbwV3U/QhVQtekIHSg3xa3iBrwwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAk8HUn1P0hlVmRrovgt/Dga1SlQ/L8MAlyrL6gMe0
-UKOVcOoBsTD+ydqgtPumn1XsP98SN7tEz2pcffo0k3ydX/DW/NwHnx8tvAI/gFne
-MboZyOipPOcdKOjL903i9ibNRS/UcHdorh5dD1XG+/RdZDzgMKctOu1Oe6HiE3Da
-MOQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem
new file mode 100644
index 0000000000..0f42c6ad35
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B9 41 D4 07 1D 24 78 06 BC 38 DC A0 11 D0 45 7A 76 7E 26 78 
+    friendlyName: Invalid pathLenConstraint Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBMTFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowaDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExODA2BgNVBAMTL0ludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQg
+RUUgQ2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAmVlts3N4uHNv7lGOT4GLaF+tsPvd1uviRc+qIdHp7qZNONV0TCr2Kt9l
+K9MGtM0OSLUhrrKN/oooKo3oVgqfGBMEzbPERKF2oy96WHjhA7WoVcHpQyPKOuUP
+hUY8rhMXYoTFeRakKK5kFobrKE70mI8tsmfOBA4JJKMBLSlu8ivgMigK1CT+bhHl
+uazZCm58czJ5Lw+ol00v5xQUKg8eJnYu++BBftkFkDU9QHW/2WH6ceiAcwzL9IUV
+1wuCQYfKfUklUtzcqSCoOCWNE0Yp3GaOgmgR6ssn5p2lyqXxZiVtGx1KcDhy42AE
+fbd5Kp3/FSQRV6UEr/KoJ86sBpkBmwIDAQABo3wwejAfBgNVHSMEGDAWgBSD2ri1
+xp3Iiwh8iz/tGnIl4q8b6jAdBgNVHQ4EFgQUF5D2PD0NAiPAZIw+M6ZDoKxgu7Mw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgH2MA0GCSqGSIb3DQEBCwUAA4IBAQCSRSJrJvGXtMVNUy9eDgXRV2P3
+ujCOCX3LsZAqd1x99DQorAhKoq1Hjd47XDmZherCmEpkkz6uq71sAg8UilLHEcwB
+cJ+IXJSohUIme3G2iil7BIU7FhIw3gbr+jpDlroqKTsx/9BKzh1Ms0c+PwoQGfHs
+CsIsYBb1Op7JQuJrpgggdTWskDIfcWOKg0QIRaTn72e/jF6IBKSr1S6D2xtFAxGm
+Kda8HVzltawA/WKcSy0U5qvLrBv8FK8vjkWut4wjid+eAmmsMQwOuwZNcqaXR2ve
+tDg1aWhFKdhmcOAirsC4wsuS5V0hTObIZR3d1BriitU8VhUq3PvlgAzrTaiE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 41 D4 07 1D 24 78 06 BC 38 DC A0 11 D0 45 7A 76 7E 26 78 
+    friendlyName: Invalid pathLenConstraint Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16A8528E11F2A947
+
+5QYPlv/Y0/58FuOcUlQgeS5owcOToBQQwmhiQNhFREiB4KdIEL2E3mEmgwvw6kjs
+RfjAALCN6akHebaTinBAodceQlWBkxCdC+LaQZ9nlZOenliuKtIgrCsu2DOQYRNS
+Q9kzTH0uRD1uJopiO18ov0R30Vs+nBr/L+JYS/saFalMylMW92eZmxz+4/bJfIwl
+S9SPhu2KIkpfEu1OTnE7KHEXei63/aMA5sIv4hO1fLwQQnfkWypDSyAJb7Yvh+tu
+bziY7yWe9hJq2GZSLk3rvf5mNmfz4Op7c0CROH1Eq4+uMfKB4ud3+s/nItxxgMmg
+TrXUzbYLYR2Zz+pIalwd9Kbt5fnNEGuGQRNfyd2WWMKqLyHwG4EztoCl9fkhek10
+jySn5Mi2gdeHSOykYMo60By6So+fdTOh7DFP+zXd0f9jp/ihGgm/Zbtby2g65cy5
+rt6WXD7px321jxxubUkdtv+UhBZgj0zasyoj36gpZjuptwfxMp1pc+Gbw3NsCFOu
+IjxiW6pbdip3Endvy8tUD6nljA0TKNyRL4ynpU2vqCsx70KE+UFBkg2oO2VB6FP9
+LmSmGT8IHqZD5n4slyLXpu63aX71ez7kWEMoP7oxASDT65dMDz3prkCJ1OTAbpOp
+nL3PO541KHo/e7OLfCo1SSYTSeiEOVcaM2GeuewmmaC18d4Jp5K9FT3ymyu5/PvQ
+XGmpQLnByoBVaf2/845r/AiVcmXL+AoP0/wmQD+6Unvlqe+bjcyfe6PcOP8iR7jK
+8U05B1qBzQkS+4l1UnsR+5ykSRVvx5U4QBqAf8xd4HwT9qPOtnIee9j/ubQWYy3B
+Rri8q2XvsaCPPkKgvnL8GtltODOC8aCGuROpEUR40Y0hm0q5Hpl8fUtr19wbVbhm
+3IMJrN/QKTLHz+qvme54GIwC2hiNbRX0xnR00eKHPNwyhXJ8hlwFst0RX4uN/4lo
+ZfmRnbHIHXEsDwsu5fRiZNlC5gT8omyDTgFNFdWtBRm8otaLzAzopHh9WGHw8/Qs
+S17hqB5qgbkmFSGpqHGfMQ6l4hAk2bmXC+lyABNa1K0cxx5oRVW+hnhjM4FFS7SM
+qu1Q4izlpEXZ55lq+hRTASwvdLCxli7V+dqsKtmsB8RVCLDSxv8gQOS5haMjZZTR
+Ojd6ODvdWXFw2PVPEIKBEYszi5XWZDaHcPNnFKaV5swqgqIGJNnEaxr0/5I+xOVV
+GtxHp62u01+fiZfqXCh5a1NtZ1IsMKLQd+SQESyDkqBsmF8gzUyYFkYaq+3HAPu9
+3DBclVJLkmDLXTc6fIirQ3pVerNEljrLL/sG83VLtegqCJCl96i1oSABjKtpCJ09
+MPlEbd1kQPNN7VYnArGbh9MYqhbt4GhXAb0jOCpFhvUIG+MZ7ne9keOxW8iuFtV0
+7hv8KvjtZQsIIOcO5767vXcTkIpSOK8rwUIclCZBWF80E6u46L/tbJPD+1AA0jNk
+OybgVukzWJj87kajWtgnA7lMmnu1zhsMZMl/MCpL9IdAQ4xfXT4wRtditk77s0Ng
+Gqrd5xJPrSIVs8n+lgbZ1vSAepao96RNiZxfbl/mY5Sxn36TaAk9VxBnGOGa4j/P
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem
deleted file mode 100644
index 6f28f19db3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC9F8qrs0xS57Qn1kibsZC0kS6JQNJyITUgX+oGjw6Y9R6Jh9m5WVI7BwMI
-FsyIDhUK42ZsG9b6hMdQyp5NKHZbYOh53VhWzsEAk3veMZvsEyE6K2Ip6SZO1xDq
-ta7FYY4SF+2S3nw8tyJGqXqNEG4Aob2k+QW1L7UgcsPyrAE66QIDAQABo3wwejAf
-BgNVHSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUjh+rRpwO
-S27n5VeIDCeT/ifW5xIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADW1rIN2
-092d2UN+8PysNq18Cl0i7qsx9JbK7SUwreNTgbpyw9Uh7HFYzJwBW9ACs94rDhZo
-iqG0u0K4zLTijCS3ixy9sVKVha/+QTy6YxHFcjLmriX4bfiYUjXJPqmmZFExM3vO
-XMyum0wyXdEc+hbuAj1+6WBRec8clffFlRdv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UE
-AxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsZWQnm88nqSXHt/QuMDuN373
-VZ5lU/JhChuvs6DBS9f9L9NFBKtTS7+iq0QmlWuc3qB1RDAUjwAF85QyXYlqujEL
-h22h7CWzEP26t43/megvHJFuT/wCuRBzbTm+fzKTlWI2v7u8YILgQcOxb9vbRKzc
-FpwTBBqlnT//Xqavj98CAwEAAaNrMGkwHwYDVR0jBBgwFoAUjh+rRpwOS27n5VeI
-DCeT/ifW5xIwHQYDVR0OBBYEFDsP7IkBHltfUoRf9AuD3aINP8pHMA4GA1UdDwEB
-/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD
-gYEAeuTAbPsAB5hEhGMN18ygmQ2hryyEu5o0OlbfiZbwgOSaNISSeYEUGr/+1uxV
-MHb6zNrauChrz4hTCgHMmhThDhfxHeIlh0bM/xKd1dOmlB9g/WMr59Uy8R6vvo/4
-HZC6bTc4Ukzj7n2maNkUNogPKghLEho3hlGx/dZoxOr59pI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:1F:AB:46:9C:0E:4B:6E:E7:E5:57:88:0C:27:93:FE:27:D6:E7:12
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:2d:ce:68:13:85:60:64:90:ea:5e:1d:ad:93:65:9c:93:9e:
-        a7:20:49:c9:bc:37:41:b6:05:bb:6e:b9:8e:c6:20:5b:d8:6b:
-        a5:76:f7:d1:40:f0:73:d7:19:68:a4:b0:68:ad:63:f0:b1:b5:
-        a0:52:b8:f6:ec:55:74:22:37:a5:2f:01:c0:af:a9:69:b8:54:
-        e3:0a:3c:06:10:23:3c:0b:7b:0d:e8:6d:ad:9c:36:b3:d3:54:
-        9c:6f:4d:c2:e6:35:e0:6b:0b:3b:a8:10:3a:86:78:76:1d:17:
-        08:b6:ec:1e:da:17:a1:3c:1b:ed:a7:e3:41:cf:45:cd:d2:b3:
-        b5:83
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUjh+rRpwOS27n5VeIDCeT/ifW5xIwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAiy3OaBOFYGSQ6l4drZNlnJOepyBJybw3QbYFu265jsYgW9hrpXb3
-0UDwc9cZaKSwaK1j8LG1oFK49uxVdCI3pS8BwK+pabhU4wo8BhAjPAt7DehtrZw2
-s9NUnG9NwuY14GsLO6gQOoZ4dh0XCLbsHtoXoTwb7afjQc9FzdKztYM=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem
new file mode 100644
index 0000000000..739d9ca02e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0D DE 1F 6D 7B 18 6E DB 7A 45 1F 51 B6 34 BC C0 AB 06 CF 1C 
+    friendlyName: Invalid pathLenConstraint Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNzA1BgNVBAMTLkludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
+aWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgxp+
+Hpglfzp9XX1K1glTgljSpG1M9dGpAlVk7K39GMVwkmnAtSBhQVBdG8GDNnr3kqCC
+J7LPOrNTDcRRkO4T7xdBL1RqmzOAuHHgJCiFt51qziQe//kZcmyIOwY8pgHN4Cy1
+q0BeWybbU4B9ybMiIVzFImOoOPUzkaADKic1iW1OBj5NpGCZ91qFyZx0Itk/iBC3
+v7CN2B8Qaho3hypDTCSRmVHiBB1kD/AKFU8UohIiHXsyGxbCg1bBLuKmWRTZ43y7
+L1m4qHBOg2i3do13YLss2oZoknsoOHOBa0YLrFXPPMQTNrOU6Im4IYiUU+Ge7+1g
+2a05ooIRBTS+QhSTAgMBAAGjazBpMB8GA1UdIwQYMBaAFBRiZxB90jfFcgbQ3n+1
+Fh3Ko3NeMB0GA1UdDgQWBBQPpyPBesQ9pYPwqgwp6+Jq4890gDAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQB/58kEOCkIVV2FaRCkyOKRYGVC3KnDEBQjc6w3ZEm+f3vFHJyB8V63J+zf9MBi
+i2LvwwRTaUusfrrVteAcCYcoXOSHmRo82sY4vWJ0KBn0CDHuQw/WakD12geNfcjn
+yTu2LTe+0as0RhQ91krC5qJuzoN4FBVj8eKhVoD9YQFCzoD+Rq7WqabgUVVjowvL
+UzSm4adqK9x0pGxgwFwuBgdjuY6gKyAnLUpbC0E2mkLuuhQh0tAcYu9LIPpM/l+M
+6c2DlhKdQ/I3KvPxjCpaUxTVQ6iX8OyocQlszKp+LWb4NRBnHYmBpiO5vSC3aBPg
+Ga3ewshaPQBSsN7f29AEHSgh
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0D DE 1F 6D 7B 18 6E DB 7A 45 1F 51 B6 34 BC C0 AB 06 CF 1C 
+    friendlyName: Invalid pathLenConstraint Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AD8B97178BCB0120
+
+CWmHiiIThJdI8Ot9R8wU/LfTFZL6YYbu37opP6dAaC+LUrUFtZfwCZ/eP4arKCh4
++FsAL5A61YhoVhqW/nAm2I5W8+q0NjU552LANcVkpgTej0cqU4e/Gpgd9iArrI//
+RI6JeUyb367JARXbJUqtLVXfyEg7ijZrC63S6orqk//+CcZkrmcV25/rWp7AL3vZ
+z0qhEYV0r9jFqMP+u2/I75MATEYWz6VOFIxr+oieM7ulqkUgvMiUCWydXaU86YAc
+TclzwvjQNDXlSw+fGRWJ/qTu4cBy98jI6SHqdCB59o+DieNjEpK3Ywvz6ARjhFmX
+IJXoXCkl7Q3gqTrqrHLLKR0ed3V7x0Cfd98OxumzA8Cfvl/KhfORI5Pn5bWcK3Hz
+NXrjoagTAsmyBrejvLK3HVKqN1GdOzR+veRo/EYxuN2uEABmjj74Lfisrkq6gEeW
+/ZvireBbwWOScSlu/AV4N5gYCocSXU4lhffzpOTC7p9tcSxC8FFDooORrC9ccpZd
+4ucW75OMXaYym2mu+ImSkNS/SgIq/ZVnDT1k5V1WEF58WSqOvpuH5QguB5p7CeFw
+UQn/Yz8i+0bZG6gFp8Er2pfhGENX8Ca7KLwt7f7dw/33kb6MpBCWSc1NG4gEQ4zS
+dO1Ketts1nY6hmwls1aMU3fPmUOBQGvFzA5Di9Hjbqfbb2Llz7x7hRAurh8ci/sv
+pw1wNIb0Cjlw/3v5vTpvCMnK4rrPh/isfUKA/4NAW8TL1wF6ZXfVGqylIGx/DsG0
+AJ1pfPBv6W+CDWlbh2XDjGbuqTWDffM2sa+5D0ohTIaB5ZduFTJArqA+bb4/sLzF
+HVqOydvAdzNdEK8XaZJCqdZ2tfv1weZzrv33wyzwx7wz09kX6/2o5LWQ9r9mCwNR
+s5Lp8J/6sjV6zsUOJbiGIKba2rdvo7SPLygM+T75TCOSAUlNOGjSEDTVrIWqCSe7
+mXDZ5YPBnN/0GKG2UMMpgNobkZRSVeuSb5biNKa7jYFTCh4+gK4gPa4LUGvWXkLN
+u28IndKHZ81ZILg8WNgsgAMhjRc2sXWPsghXJ22xXGMPx+ILKnoLtzIiBEKLLvRU
+4oIuEuNIQYwBJo+DLWW2zxT2vngU7lipH/zTCT7ZTw3uI6TqHtu/PD42NJyeQBNC
+2zsX4jsRKlaEunbKs7uRgwxV/r+KjZHf9r6FCFGhvfnYn5IL9AHcB1xE6VR6qHd7
+9jiUMA60ATCocS7mGGLobf+bnPy7OQf4k8amqskyfmC3hP3q7WPWPEZEhR4wbUIJ
+sQtWjvTJc6D6G2414olgk9hhRi38rrCbWOEHbOW1cKKeWKPxoOUfa/5mozGAgBBh
+02xSMGupni6D5LNpYS2cWe0OBpWxcHCfH6KQU0bkmtgpMi6Q+nOoIcmxjOwCSUAk
+wF0g52PlQC5nEgpBxKa9KGYU/657NFUDC1ao4TVKnYwRkuYUT0QGLNVlpPxf6MpK
+SkDGGm+QM4GJnC7Ot0uI1+tjfARdtgXwzsPLLIP2dR4GO+m5ni/Sj8qObph0yW5p
+TMmJs6V7j+O9SHpPKJt0l8HDSuS10nW3Iu1k6E7KRNgA5iUWvme/p5IMwtxiDmK7
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem
deleted file mode 100644
index c4fdb25d66..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem
+++ /dev/null
@@ -1,160 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC9F8qrs0xS57Qn1kibsZC0kS6JQNJyITUgX+oGjw6Y9R6Jh9m5WVI7BwMI
-FsyIDhUK42ZsG9b6hMdQyp5NKHZbYOh53VhWzsEAk3veMZvsEyE6K2Ip6SZO1xDq
-ta7FYY4SF+2S3nw8tyJGqXqNEG4Aob2k+QW1L7UgcsPyrAE66QIDAQABo3wwejAf
-BgNVHSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUjh+rRpwO
-S27n5VeIDCeT/ifW5xIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADW1rIN2
-092d2UN+8PysNq18Cl0i7qsx9JbK7SUwreNTgbpyw9Uh7HFYzJwBW9ACs94rDhZo
-iqG0u0K4zLTijCS3ixy9sVKVha/+QTy6YxHFcjLmriX4bfiYUjXJPqmmZFExM3vO
-XMyum0wyXdEc+hbuAj1+6WBRec8clffFlRdv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UE
-AxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqRnKex0cxpUb1ZFo+pXGEX8V
-39ndPC9BNFgD6o0pAqBpYd6zlYIIkQo+rpciQ1vHnizx6WP3ulT6unn4w5UhXCP7
-S9h+TKQt6KFwZNXaCASi/VTEgHt5XLrwqjrhCtIDamjCgEcR1L/VS6N+c+SARpEG
-aWQzmao86RmaEKBaI10CAwEAAaN8MHowHwYDVR0jBBgwFoAUjh+rRpwOS27n5VeI
-DCeT/ifW5xIwHQYDVR0OBBYEFCw8vCsEA7QX0lC4KFyI8IP18fO9MA4GA1UdDwEB
-/wQEAwIB9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQAUW32gQakGpEtbmPGP8WBo5wdAtIRXbRp/VGK0
-zZZzXsoEoME9XCHEOVvWO09Qcu1VP7hwwnaEqgYGWl1ooUih33plStn8ETtzLcQ6
-BhOfvj216EgmZINuLcozCAusomtXZJ9yRHO0uRveEebjOJYPWqqv3zD9NgKck6cm
-kq1Hlw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:1F:AB:46:9C:0E:4B:6E:E7:E5:57:88:0C:27:93:FE:27:D6:E7:12
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:2d:ce:68:13:85:60:64:90:ea:5e:1d:ad:93:65:9c:93:9e:
-        a7:20:49:c9:bc:37:41:b6:05:bb:6e:b9:8e:c6:20:5b:d8:6b:
-        a5:76:f7:d1:40:f0:73:d7:19:68:a4:b0:68:ad:63:f0:b1:b5:
-        a0:52:b8:f6:ec:55:74:22:37:a5:2f:01:c0:af:a9:69:b8:54:
-        e3:0a:3c:06:10:23:3c:0b:7b:0d:e8:6d:ad:9c:36:b3:d3:54:
-        9c:6f:4d:c2:e6:35:e0:6b:0b:3b:a8:10:3a:86:78:76:1d:17:
-        08:b6:ec:1e:da:17:a1:3c:1b:ed:a7:e3:41:cf:45:cd:d2:b3:
-        b5:83
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUjh+rRpwOS27n5VeIDCeT/ifW5xIwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAiy3OaBOFYGSQ6l4drZNlnJOepyBJybw3QbYFu265jsYgW9hrpXb3
-0UDwc9cZaKSwaK1j8LG1oFK49uxVdCI3pS8BwK+pabhU4wo8BhAjPAt7DehtrZw2
-s9NUnG9NwuY14GsLO6gQOoZ4dh0XCLbsHtoXoTwb7afjQc9FzdKztYM=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem
new file mode 100644
index 0000000000..4d8dd52863
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BC 5A 37 7B 3E BE BD 85 D6 14 A6 8F B1 6C 24 04 8A 7D E4 08 
+    friendlyName: Invalid pathLenConstraint Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNzA1BgNVBAMTLkludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
+aWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGDA3e
+m7k1Do5rvpYClVMdIDcvCU2SHLNNPewpFXamFNP7kZlxryeHmk+0HSg4iwu1Xtnd
+t3FQwV3EtxGfZGTtrQse5dozWQbtLh3sPvI9nEFOj6TuktbSkT01Bnb+HXxA13od
+QKj+Y2jJK8CfbzIQHh2JFfHY+rIjFL7hTgLT/IR8juMmaQxLTOtgBv7E07Vth4jA
+ry3Cs99c4F/NSIkLS8jphIbLXsmDHNeW4eqMl1DSRXJjygW48rdnmRLv88mp2HMI
+MNKoyiAyRogziAWD5bVcpnR2aSUgn1yt/hBRxjcKXOMfEDQEJIcMdgvq1oPmr53g
+TfwzCsWgTm0LV/KjAgMBAAGjfDB6MB8GA1UdIwQYMBaAFBRiZxB90jfFcgbQ3n+1
+Fh3Ko3NeMB0GA1UdDgQWBBT9iekRTg+hv4S/pIHUQuasw7wnATAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAfYw
+DQYJKoZIhvcNAQELBQADggEBAIiEa74JBZwpz1Y1MWdNpLE6YVBLeBfNDYLBLXgt
+t7pbeclKlY/28YLMWpACQysthnYfGOdXHOpHusbVbQBh1f1BiKHA8BfwqCC3oQu6
+9bugMmGSab2/UeNylWiIO4C3q2LCuFjNfE04V1Xl3XVMfFbMEPOqFkOhh4U0PuAe
+cYfCq23PRNyRtcYAWkQ0uPujg//EAyq5CVJKn2SZ4274stQVDeVHniaS4vYe+PJN
+lkqAicrYITjOlFmU7UerAN2F7rRcFWbuEF1xz4/vZItbidCdFl3I302/a94nQmzF
+BtoYYNVZPypEd0G2a8s47+mgAqG5leVPp7+GZb9igx2x7ig=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BC 5A 37 7B 3E BE BD 85 D6 14 A6 8F B1 6C 24 04 8A 7D E4 08 
+    friendlyName: Invalid pathLenConstraint Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,801664664B826479
+
+opViAlS7IYK44zekgL+iExW/Z6hZoZNylw89IwApslwn5EoKViqcLUu15ZaaWyk0
+pvhWm4yQVM7AL/GRpGADjTwZnIvmKvInsVTWXwnW2SVMpCUrtGjXonN3ijInwd3s
+v8vW6eeeg5jGTN/pS7OAVdQ2a63fIZD3eKPG21aWsPp7MhodpVbtW3tzlJsj/e0r
+VqiQ/O3J9wUij+nxolRhBRk39WvaotaYCOw0nNQuTf3/KEbunDPUgyJtorHiFZLN
+h8l7owjD/71KodEuYf37f2nosb1FphAlRsVKzNGbv4cUU0OuxjRhjNuZGxTeHk+r
+4kVO3PMhggubShSz53RSWtYuD9g+0ohBqHdvg2FMLyaRpjkPNN/vjmejuowGPc3F
+l+h4CdayR3MrHMK8Bjoizj3Xoz/FuyqxbyVnU/6td1m5GAFK3wfKju2ylZCwx+df
+pB4c1RJH79O4G6B3fUC+Z2uJ/7fWs0EbNoVgQFYf1FXqjW0IWyS15RqDDdvBKLFp
+a1yai9kCwd+zvHAwpIjtOfBF6w6QsneCKxP/AZzW44wQWh9b05cUNnU8b/07cO7b
+KM6KFOhUF6Zzw5O8BZtjzGSpvWB3w/aXCyrTqmaoc0zR+SqHsN+xuR3gKxVzgDpt
+AoP0/f6kLP6ig/roAWfKVDJEv/Hki6cxpWjEE6rYs2gaHdTWGdVamRaf0OvDF1UY
+U0AzN1AwEW7fSsOx4Ulu8PyiHIHg+EPkb61JgrUzvA8HKAvPyq4U+CettPUZLyzf
+W4ZSqRovjHSgGFnTkqhV5f8RLMveGeyP+4LM542WMSHkKmR7o/MiMOw/hsqpWiFI
+KeJYEiGkka5hh54K9vtkyTpQeNjv2IkXmreJUyZ54ylCCOdQVxhtINfZnhqDZNOu
+XQ9scCs0/Nh5dHDBC7lpFTda+0vCBdYljEE1tXCpHAr75jKONelW/EtijXuWw/Ji
+/57Je0zo+CJ5uxc97fEztbVj/Ie7gudXL2odo1I6FCDiHETdsWUdqxR3Q3qTgLKP
+vWE8hHR9xXRThAUh9wQpe8tHENs9rpuhocJUHxZu1zmXlFMPqpN2ht9w1Hlip0it
+PqwZN05TAa/fMSgkA6ENmAVU3vDLryTHtbyiwRaJ/Kx4u4Vy8qa20Ot/PI4P2feA
+9Y3nEKfrOMf0zwcd6rj6B+5SjHZMOP0F9fCvofmXsTYxF6b7y3PiesB7bPuJSixB
+k2Zbcgiyf9GJFpwG5o/TfQXWJ9f5gEJRBkSlYAgMywRTKWJtzSdddbNby+d6tgRt
+g2iHFMHzmjmcXzNOqIlXUl2QDKtXvVs+e5UNTXu+pXS62WW82gZoxG3Kc5ujlFvS
+yQnt3ArJA7KZIjHaO4jYKh4lfIvWxhvioHYb1x/DAfP+47PwXoAk0fn5NPVtVG+k
+hF4xakmkPBts6QT1GRWOg4gIXTB77i82c48zYLCozMbMsGfXpmidMprQhttkWobf
+A7EfK8NhOIl9mfnvo1ZzPWLLBBHQXPBsehpLaLwn2uiNKHSa4DotclkhRkfQQpbo
+JtXb+kk/KgBB5ZcHwLE5Tpn+KukxV7+tHesdu2MFiNlPZ9wzw+nFOA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem
deleted file mode 100644
index 8b61201901..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAt36UX+gq562CFiw9L16IZ/AjJhU0BB9ji/77uw3AfvBGggmikeDq79BD
-yzBFrHys/L5UeXepakX1v+XvlxFjwvc8c226jf6uKEop5KJZDI8aV4byQvc1C8Ol
-MdgZ4pd6ofTl28r1VDkdDt94c7+Gl0CqBo6LawwGmNfSHUWqf6UCAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFAJIeLnM
-AVExdH85KjfCRJN+mGmAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQCm
-Qa7i6335O64eyxJjXl3U2Bw5wN3JaK9t7f4dJAxfOlcblWbbes+Gk12UCYtxTZDj
-oZ70F4IoGU7JQt5CcdB2yQtctPK+X7A3/Vsxjknm11nCn4IhcU7LDkEiSovBGLR0
-KV3NAqQQhr1WQoY1Uf3Ncpl7b+SaZscZ3r35UJo4iw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTAwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTAwMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC3rH58cOqP9U5iyQflKaVyYw+1LMhr3jDW9/Q3aedlH/TY
-iLmT71FUjHaJMWOCO6sAEYMphrRdIUy82rai3iJgrNtJ21uIFOlmjgwgl9amHX8B
-yT+qgiwLs8kzE6NgPYHgLgbKEIqgZ+AZplCt60tCbeGKLR/WtXrxAIgqU+ar1wID
-AQABo38wfTAfBgNVHSMEGDAWgBQCSHi5zAFRMXR/OSo3wkSTfphpgDAdBgNVHQ4E
-FgQUauYRxUFtrRo+gtywXa3yGfFQzgswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB
-BQUAA4GBADnBidpEzasWbrLankXCoCaeizozu2dGAMMWpbs02cplC/vIlcr0myWK
-noFSuxUuQa7sMxp72p5r2ziJp5pk1gT2KX/kgOYlQqgbJ4UmARGP7er+zIPulXib
-suMShSCGO1xC+fXppdhPy+YQq8a7Mzi7XKqP5su+aTWw/B3a8ys9
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTAwMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowYjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcw
-NQYDVQQDEy5JbnZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
-IFRlc3Q5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxOmk5mQAdlYGqq0qW
-czN6fmOoFbl/XRAhBs0fzOYu7b06yC5QFIdW3963nkjYahDg/x0F2buDbOSNRvG9
-DPmercWLmz3Sar1KgPxqTCQ5XiTZ0t+20u/oYEM+0anic4RKiQNtuF9Ro4U83wdW
-w8ljyEFY255kWP0HVLh8REn+dQIDAQABo2swaTAfBgNVHSMEGDAWgBRq5hHFQW2t
-Gj6C3LBdrfIZ8VDOCzAdBgNVHQ4EFgQU1Bk+MIR/ztV37I8S8/91EZ2nlYUwDgYD
-VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
-AQUFAAOBgQCWb/JZpNi+GTLgqlUUktJuhFQzGNKwQLHtea991BN5v6GnXYtgGZhJ
-T9plUX42APML+l+b1J6DzyJYlrIw6EXf/1ZtBf0YzmNbJ7robzIjx0+3/EHFeOZ2
-B7X0aaJ6+tt/sgGcLueuSG2C/6j8cnWbKJpAzzocI8hklIO+EWdRWw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:48:78:B9:CC:01:51:31:74:7F:39:2A:37:C2:44:93:7E:98:69:80
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        44:34:f6:c5:c0:16:f7:24:42:33:a8:e4:ca:74:71:94:76:93:
-        e7:4b:7c:a3:8b:ac:ae:11:ab:46:94:f6:0d:88:b6:e0:96:1f:
-        ab:04:6a:92:b7:6d:4b:aa:6a:b0:13:58:58:a7:7e:06:de:c1:
-        26:d4:09:e0:7b:a9:e4:dd:73:da:b0:cc:a0:61:ab:c4:c7:cb:
-        c2:e1:66:f9:f2:2a:c2:c9:59:5f:05:c6:74:f8:bd:bb:92:24:
-        77:12:34:23:7d:95:99:bf:35:e0:6f:cf:2a:b6:19:29:9e:59:
-        d2:0b:2f:07:44:25:66:6a:e9:5a:ed:7f:99:33:b5:3e:65:69:
-        57:95
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTAXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJIeLnMAVExdH85KjfCRJN+mGmAMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAEQ09sXAFvckQjOo5Mp0cZR2k+dLfKOLrK4Rq0aU9g2ItuCWH6sE
-apK3bUuqarATWFinfgbewSbUCeB7qeTdc9qwzKBhq8THy8LhZvnyKsLJWV8FxnT4
-vbuSJHcSNCN9lZm/NeBvzyq2GSmeWdILLwdEJWZq6Vrtf5kztT5laVeV
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:E6:11:C5:41:6D:AD:1A:3E:82:DC:B0:5D:AD:F2:19:F1:50:CE:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        42:5b:18:71:be:d6:f0:b4:80:f6:33:3c:cd:99:0d:26:f3:90:
-        70:42:44:f8:f9:61:72:1c:b3:91:02:0a:14:55:67:d0:1b:23:
-        06:f0:90:76:49:c6:82:23:70:da:3a:15:95:90:80:aa:8f:0e:
-        fb:4e:5b:9b:66:38:21:14:15:c1:65:71:1d:e5:b6:90:ae:b2:
-        7a:73:84:9a:1d:3c:f2:2f:65:0a:b4:7f:52:90:a1:1d:37:a6:
-        24:a8:7f:5e:72:e5:1a:8b:89:31:ac:dc:0a:3a:d2:15:7f:f5:
-        97:f3:1a:82:d6:fd:74:b5:92:0f:d5:d3:a5:74:1d:a3:7f:62:
-        1b:c4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTAwFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBRq5hHFQW2tGj6C3LBdrfIZ8VDOCzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBCWxhxvtbwtID2MzzNmQ0m85BwQkT4+WFyHLORAgoUVWfQ
-GyMG8JB2ScaCI3DaOhWVkICqjw77TlubZjghFBXBZXEd5baQrrJ6c4SaHTzyL2UK
-tH9SkKEdN6YkqH9ecuUai4kxrNwKOtIVf/WX8xqC1v10tZIP1dOldB2jf2IbxA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem
new file mode 100644
index 0000000000..6588452f7b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 55 2B 38 60 25 2F FD 5B 4C CC D5 AB 28 A9 1F 90 7D 80 0E 2B 
+    friendlyName: Invalid pathLenConstraint Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMDAwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBnMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTE3MDUGA1UEAxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANLGB2+a1z3R1ROq3nfJr1wwDsswYFEnvsa/Wr3TmkHChPZaiqssCUawxeeCR1uu
+FS9X+Lt3CTROXKQ0G3GujkpNxTP+tLTjzSIRUOaxcyN8AipiKL3wwBGm36Mvy5Nh
+PGCOuQnvqpysvKtV4FOt+zlFZRpYnFR/Qom+v26vwECAPKmP86Uxs7o0umgUJtDd
+Sk5ihTMqD/aZ+ig+dCze8Ornxe3fS6NrnnvLWKSB9APN8CI3q2DWaiN5HtSU7la3
+m39Jzu/mPD2tEwrqJr9GZlj1Wgy3a0+zbHjiLYVQmXVcyfsH7LrQzXGuEMc1WKCo
+5KZMqejlnBPgeVTs1fNFa70CAwEAAaNrMGkwHwYDVR0jBBgwFoAUurniiPfUWSWK
+4ynfT6AGON1xdIIwHQYDVR0OBBYEFHkjxiIM9f+ESDif+mKJj9uEIvlSMA4GA1Ud
+DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEL
+BQADggEBAFDUrcx9Aq6taCu2kipVTgU4GQ9gJ/lEwCW6LP7p+D5iRJZsmXpXHIw3
+YZDBgxGXJXHzUFzeBbySLu/lQfabnq0XcLViWhgi++Ikqr8MPxoqbUvQH412kdbe
+b2Rf90fk3Mu31VrIBLbEp6U/h0QWWWPKJGcY+Z1jgdA14m3b1LPK7/p1kfT1yb3/
+cTtmliG7wzcWsecmK5xz0irZrywun2yWQhcps5g+lhMcMghogHKEmN0XnFqgL7ta
+beXQ4GEHuyyRoRuXrh2QMyDkFgr+CyqCbEQO3UKbvTQD1Q+jPkYpApi58UXxaKfa
+JTfJg896LS1hDrZG1R2AOrhUFidhPXw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 2B 38 60 25 2F FD 5B 4C CC D5 AB 28 A9 1F 90 7D 80 0E 2B 
+    friendlyName: Invalid pathLenConstraint Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6432CA2B85F30C35
+
+Mrp7JsvXVS28CIPmVV/xryGbHQaaYvpQD5Zir72ldbioSc05c1sI9lr9wADmtfUI
+clvXPryK4pDNdZnZD+3yhDotv1NYAYBOk5nVsDgzCPu10XSPKs1DmA5OHFOF6AP8
+r2rlSm/boRxnhVG1GupYpYRpPjDRU6ewL4ionfr1E6h5Dy3v+bBFmxynqmp8pbWI
+60YeRDYddcMurKQdfUul9uDnecFxemlJzSSWMX66gURg+T5iafEhG4mwM6mM381K
+TMnhKDqEaVggI61vHerdNc0L0P+tJ4fPsbu+2rIYYgHi8Qd0LKbRIOiGFuA51RrM
+MDSLi8ESPP380fhzm/YQ9BruKA+S8ZkWLnRH8Pgz/3pfIAbMWeetCBgoONJlwu/j
+8Rebetn+d44v/1Mw2Y2FMYjLyjjRrn5kJ669iswBqpo1yGW9TH99fIpHnK8UY/yj
+0amWiBEoLoRZ1/y3ipmnc8nXBHZS9Pz6Z1cfWVftZ5roSivqx5+BF1ijvyBoxGho
+wVZVyq2FkNEJ+27RdY4RyVUz+mhEIlHCelqd1MH61espsxKjX91QSjLPmqUIQTD9
+bemzzG/gK9yD5iXl8Pdo7tGddKSDCxTYMpo3Zb1/4aOw5NWrh4g22Pv4CAojuhx9
+7NIh09xB2XrNg1WrTU6t2uulh36rQCUysc5i8TrhmY0f/KcIKaUFI098fzM6WmjW
+x7K/qBuUmccvcCLPw+qc608Gh9IYLhuZXo1GV0tll506+mycqW4VWU9D7IHrUIz0
+nrp6Qx/zB1UzjFsSZkk10T5BshfsGbgWpsXNM01QsXPQV3VXyrrpvFfCrO10BDpL
+qxAxtLvvhIR7un50IhxlpYJuk2LS8W9yhdkk3WjIMWtKEHICOKl8suGMhQn/wtSo
+f+7S2BSkPc5hTBc/Ikijqxbz63RzF94D7mMHFiVQGYwXXS2pEiLmyeK7DRPoZYCA
+LzNOXt9j/fXU91ZVnrSIFrwk/QNklnIPN0MO8wAFZWEDr321GFghT1izNulkyLJT
+aaIwaFj+ZDXZJS8iu+SAcjggJPNYdobAhhj1pfq7MVoUuSSaTaSdZQtoXRgA3N58
+fjtV4g7evqF78GVfuNC/mI3bW+lzlkB8lunjpqLx/GzWIzugVWa4ypi9AAgl12BJ
+MYXMWyNGYY1xslYrxDwOs3Aqhk33JMS3lEKP3DpaytPAabPDjJlfEOpjb+WPZBgP
+OL3oDdxfrZqDf7vzDkVknAWuk1kvgEn5fgj0uYVbVLeYZ6KUtDbtejskB5KQ+UUG
+VTSvr8md2DZD/4aZfVLABCIuACgNuNjGOWiUSKH7nHrXAqGtMsffOw9JAUJty3V9
+djI3JnyIYeguktydV/VTyHDhDfG9eXv62ifx4QmRuDTVOW8WJmMN+zoFiHu5kdSR
+UaS8oknmc/7ltHdf2wjMaNdsLJKBC9MPBxxzDNWc+aXq/zaO/Ka5HqGXWsJlHDQi
+TJ0jelMY/4jCh03wUbt2/JHo9+SzDEGmaHwdlgon/vJ9SCzNZ+IL6limnAA5nPHr
+p3IP5Xu1iJXD70rJbIZdZCN/2iibX5mrTx9tcUT1ArqFGVPtaSBzvy59BI6oWHZH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem
deleted file mode 100644
index 2f78fa8423..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcHJlMjAwMCBD
-UkwgbmV4dFVwZGF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlMZQ
-vRTxm+l3FRtimp7Exo1NygL3qQsF8cpvpQMmM4S+vWWIQcZPBAGfTi4eW4ubaKOh
-UqzxbVtY6R97mA0Ng6GHXIclN5ozja/xJdqdIOz9CsB38IvgyXTTQv3kF7nch9Ir
-xAN+7Bf5oWOdRbN6Y+i5iDHb3j7f3r8EFtXX+EcCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFL16NgTVXQmVv12uq+yk
-UWCNJq9WMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB9/jemk5S7bYWeZC4Y
-bzwXzQEjfRTlrJ5xIj/cOAWG+BvCzeSkaoi3hw+Ltt/T571j6NoAQu84Mx/Jwbt/
-zNBwu4iMmeaeU5GM+9oTVU8JTOog2ZPGR2Yn1luPQv5LwbPE+mysPaEsM/mTl5cM
-OMB0yUOD5/jo/76IJhN/M48tvw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pre2000 CRL nextUpdate EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXByZTIwMDAgQ1JM
-IG5leHRVcGRhdGUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBo
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNV
-BAMTNEludmFsaWQgcHJlMjAwMCBDUkwgbmV4dFVwZGF0ZSBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANBocZCE1yNSbZiU
-rcH9R8bB0cZERzxNK6g7d9v0tUsmbo0Gk2JgSaKG9vBnOpxJhJ3hhSxNmpGpp61Q
-QlGo9louMi1AzibkrqOllW+FgXQImr89cxEicI9taSS9QRSIIKPW3kF4EhuZp4vR
-SksCSxXsghAsSWeDqx9CQG772BiRAgMBAAGjazBpMB8GA1UdIwQYMBaAFL16NgTV
-XQmVv12uq+ykUWCNJq9WMB0GA1UdDgQWBBRtKwIpcpf5JIosL9wN9VKKwAiAWzAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAIk3Dg2P1RArTBrVZ/kPeRAld8oPoTdmer7YAloo1Zavmcm5Fcvn
-WmJfONAye0p7jsYSkv6HMK3DL2b4/KEnEDB/Ok9CLOdvoTtptk04CiSXOcQcP9uK
-NY3uZgZoTo2O/lBe6KwA2apKitWtaHf/2Ig9AGhPvMBWtiDmgvpWE4T7
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
-        Last Update: Jan  1 12:01:00 1998 GMT
-        Next Update: Jan  1 12:01:00 1999 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BD:7A:36:04:D5:5D:09:95:BF:5D:AE:AB:EC:A4:51:60:8D:26:AF:56
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        3f:41:4b:5b:b5:47:1a:77:7e:2a:87:63:65:06:9e:f7:18:96:
-        8c:41:41:e6:9a:4f:45:91:ed:dd:8c:b1:d6:1f:e3:41:71:70:
-        ed:98:51:35:e2:24:bb:cd:26:8a:c9:43:f1:4c:58:43:2a:31:
-        5e:94:a5:5e:09:93:dd:a0:f9:d0:1a:c7:fd:d6:8b:4d:4c:6f:
-        3c:d7:43:6b:b9:87:8d:c0:fd:f6:5a:a7:4b:f0:74:01:23:fc:
-        61:24:fb:3d:32:5e:f7:fd:86:de:52:3f:09:2e:b2:f9:b5:99:
-        a2:2d:96:83:2e:b9:a9:99:58:fa:c0:e5:5b:8b:15:fc:0e:d0:
-        53:32
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXByZTIwMDAgQ1JMIG5leHRV
-cGRhdGUgQ0EXDTk4MDEwMTEyMDEwMFoXDTk5MDEwMTEyMDEwMFqgLzAtMB8GA1Ud
-IwQYMBaAFL16NgTVXQmVv12uq+ykUWCNJq9WMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAD9BS1u1Rxp3fiqHY2UGnvcYloxBQeaaT0WR7d2MsdYf40FxcO2Y
-UTXiJLvNJorJQ/FMWEMqMV6UpV4Jk92g+dAax/3Wi01MbzzXQ2u5h43A/fZap0vw
-dAEj/GEk+z0yXvf9ht5SPwkusvm1maItloMuuamZWPrA5VuLFfwO0FMy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem
new file mode 100644
index 0000000000..29dac9a077
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8E 8B B7 54 59 56 74 8C 94 BD BC EF 08 63 B2 EB C3 32 D1 25 
+    friendlyName: Invalid pre2000 CRL nextUpdate Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pre2000 CRL nextUpdate EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=pre2000 CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcHJlMjAw
+MCBDUkwgbmV4dFVwZGF0ZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMG0xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMT0wOwYDVQQDEzRJbnZhbGlkIHByZTIwMDAgQ1JMIG5leHRVcGRhdGUgRUUg
+Q2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAyYIKZ04nGTfv/cQgZYw9cORsRCow8lt4l2dL1MVPp50YW8e2yqrhPsjPSJUu
+7cYDAPjXJuBo4qSs1tIpRPU2nafDBsCNUFLRX7lpYXCMwj9yh+70SMmqlNION6Rd
+wLpfGWAH1I/TJ1P+dFctMBp4LOOMZ6nBTpfUfFN3heMmRYGj0XWn4uCBMzMMb0Vo
+HYCinO85FZ4lDAOhrz9hTgsR8GlzipckTmp8/xaTDCtRy4BJXz7gq1hTbGWJbgQZ
+eM5BKetvQsQLMnD5BUtv19lnuLpwt9OPggLQOG/oaMBpTjeri1pjh+jwQwJ7TW2z
+xgIw+ACnsLtZLNG2zNIbkX2u1QIDAQABo2swaTAfBgNVHSMEGDAWgBQeqEecYYBo
+KLFCmimM5igDKZIDzDAdBgNVHQ4EFgQUKCyOURD8t5yIKmvuLGs/+HtieYQwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEApdQg4JH6mV/wuIWWYaW5mPskzRye1Y4o2fpaX04xvMMnOjhEEOkY
+WmuwByb2dnjP1jYmqUxJJGEzDGuX3GEZuPmM9V2jicHv/SCn30vpQjA5dSo59Y3k
+7VOqInWTvmVX4YA8KO621BUZ0/5bZpjtXdqVLRDO/WEUIeS5YzMufnJTbhjb9Nov
+kmNOAkhOfyN0bTaInfm0p0RLfMOB0Remb+t3HUcQUNQh6dGDo1Q2EK8HnFvGMD7K
+3jXEyeiXeP1h7S+FX0MNmDdjlE9IQV7fbOJEdS/00fTxn2Z8aEGjklWusNfmd5Bu
+IuhmPZjMRN1yOspse7lJDPtVGCRpYlTruw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8E 8B B7 54 59 56 74 8C 94 BD BC EF 08 63 B2 EB C3 32 D1 25 
+    friendlyName: Invalid pre2000 CRL nextUpdate Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAD3CE9838B0CA00
+
+pehCDyTDvbCXH3cQ1BMx4e7zOorF53pZeabAY9jzVzj++tnGRldIwbxecWmz/aLD
+XxLdRr68T0MUho+dcWIiA5OgXbYawu0HUt306xopcFooaXLcudFHBnpWHy7hHBGW
+Ayq63RkY7WpSVNY7vANMZCOy+CjcL8ruQQlvrn70gRlbsIsC3aDTFtk/9ClUFDF8
+HcUC49ie+oJblqL/PcgdUjid3nxLPfX2QWTdmCxCMdDX5SUNoqbnyrWsEdGh2qr2
+mqtJTOTTFou+qIffCiKFWqVIQIU8AcS06cPFXB7hDKynHNrEiAVruh3w8fsb3ks4
+RtWyHiT9aqZW7siubZO3MAviRobczeVEP5V1li6BTWXQI/QK2H25Fh8A6IwsMWkP
+TceuS8MAcwy1y8oSzEkpL7RtnFyDCctY4AygCUYcJsShIx3yoCxMqwEHJUcw02YM
+QqhZsAoIxQEuGHAhFEbFzpbfBeQLE4rL5qx22WQtbvldJwtwsAGZggrLJD2SJg6+
+iAOf4RYoFnNMyeh3j7ajvRr3CUIpTRwNhdkKcTlwNtZSm6V0H7CGtbkJsFcaKF1/
+TEnx2hIT0YUylK4z1zmgtWJOH0iJOXgEbEHdENOckak2MnXSK+x1KNBcyg2sRi0x
+aAMSZKWFNNXkjd4MUoCaqNUgaEeAvgzGGWSvcKaPWAypRxrxwVuWI5AgDbPiKLdm
+jGg+YNaWZiPMuJztgFOHTdI45pSxJghS1NioQpIZPbYtIxPstd7wMgPdPVMo5wLI
+GfMAxDHYBui+6CjYPl7/OCFfGFIdL/50zoM70LL1i07eOXMMuzWmexy0suUBzkrr
+qnLP9eG+EJzgsQdb3/1MtpNHUcRnHIkV7AcQiY1kXd2VKdjFMhqPvlc9vsT8dI+Y
+M8++Pzl7teyjAO+RMmtK/rt+rlmaFJxLc/qYIz/1aFI/OJ1neZfq2rQ7+srfB0Fa
+bcFRgHKcH2nRDOOwZn7Ov6phu0IdZxBDOtMLiETD1mUL8242vfGkwRdrvg8RfwSh
+0MtRGojyejeGKYzzojNxejex7tY+VC7OOZLmGj5GKCUQpsgsE60WaV14AHZ5K9Bv
+pRRul87VRoOIk+GUnK3u+taFu+6DyGiGemU4OUN2LO7KMgxdg1+Ib6Xjl+wKjCog
+5FzVs65TnPStwks7xR4vwr/ZfZ8xIRqoUGkpuXeGORwZu5OVtN2V9TejoXRO43Ip
+8BWteG8K5XHBmV8p7dkFrlM/p4kvYn3VEAibQpMJC6M7CkBhHGFf2qDuVY0xHxwL
+RBB56OkMb7vAnTzjuPgWPGOkBt9i5tS1DZdE8tcG/mtDi9rLuoER7PNbgOGZ9Mcl
+fST1OapCef5m/WVEirMbKwVq81XdbA/FJM5XBHPyU3WnEjZjwYwfmUDF5ifcRAnH
++MJGhr/ge68yJ5TwueyCMrtshNPAKsdW7QEBw3a4VuWNCqtETBTA0jcyaSIxH3ab
+BfhoMOaawdOz6XzCyr7UVRTtSplyPcVsl2ES5vuGXm3L4/zisiEbwJW3T9enE/oQ
+aVSxGpJPzqAmm4i8Rj+QFTgC1m6j9w5W+vx5cfwHGPWzUJAI2socqQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem
deleted file mode 100644
index b36583cba8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pre2000 UTC EE notAfter Date EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBgP
-MTk5NzAxMDExMjAxMDBaFw05OTAxMDExMjAxMDBaMG0xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5SW52YWxpZCBwcmUy
-MDAwIFVUQyBFRSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7fxx2WFOac683w9E/iwLeqyFtr0OO
-RdS+onLEY/+HO6DR2uuIPEkhZ8MwxAnnLs+6tichSMDs3WUijbbI0KTEulpVVGVz
-D1Y8zI7z7TEWD1B/oB1pSot67IosuyjfSIOMRr3UlQHRonE2nY04nyFUfb4yYE3F
-GlcCUdTLgIEgSwIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPf
-mhWUxzAdBgNVHQ4EFgQU5KvHTN9wvcrF55wNiarbUUzd0tswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAW
-bdxkjCg9Ra6xo4ngUHF/RWRpe2353pvN0p32EjVjMyKTe1p3xZuFzCM9oi/PvMT+
-DlqUJpiiJJa3pDXT3Kh330VeTOYLPaAgRqxqm85gUTM3K+/1aHYOKNzbZCy6180y
-8ARB/lNpi1PO1KeJN1DmmeBdDVuRGte4wUXH+NSjpw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem
new file mode 100644
index 0000000000..3f996e944d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 58 24 DA 1E 4A 09 C5 56 FF CA 11 8B 62 00 BB 7A 00 91 93 90 
+    friendlyName: Invalid pre2000 UTC EE notAfter Date Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pre2000 UTC EE notAfter Date EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgGA8xOTk3MDEwMTEyMDEwMFoXDTk5MDEwMTEyMDEwMFowcjELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQjBABgNVBAMTOUlu
+dmFsaWQgcHJlMjAwMCBVVEMgRUUgbm90QWZ0ZXIgRGF0ZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ8k5yDE7wMf
+wlOhyZcxb9+PlGIC417Lq+G5CDDQQGbytGuZKYQR3+0AhiEUO7YwxfIeOtE4YOBl
+QsZsPUSOgSCb2l4s2rbH7V5QFfRcf8f3RQVDjMqhFXvIIWW5uys1poKMqXVDLw3x
+g3ysL2kVl/zORmqI3obmehIa2m1EUHR3jY++I43rJnFUsTvTNGKsE7HLTpkLDABH
+wptY+Ztt7J+sMc5w/pXweCkYLSdulazQ0EKwjDdmWS4BE/3CLIeQkTCB/CTkkseg
+dHPaD18xeV+4LLjAB2dsAmIwAnRiI+LouvCaF52pVBedX5cg6xMPTz1XfLzX3SkL
+3hj4LgUtuJMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWv
+OskwHQYDVR0OBBYEFNUChZ5TMCZHiJZ+TyOTFmSU8xivMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBABiL
+KJrH+iYNkDzEmwMr9Iebl4gc2uzCObyDkbaQ/UeuxbCvfUm3x1vYbty3HNEKp+tY
+JBXAEDh2GbHU1cLzhP+tNTYQuqgWzE86ZOKWLYI7wUkezHwL00wtOYI8RQfAScGV
+OySp2qwKgeKjXUAd/BVa6FVOzXkHavXNy903ssmko4d9sD+yb9FFY9UrlmIhXewl
+lR2rcUDtHT0dH5PJf7arPoGTRoePSFWeY6D7IBNuXfuhB3WEj+UQzzoANelmavIL
+VwM88Eszmwmofr2sbWi16b6z7XAKbwQm7n4hrwOd3vYTO/zRM0KBB9Y27p/trFLL
+6CmNjRghrN1erPNL1Z0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 58 24 DA 1E 4A 09 C5 56 FF CA 11 8B 62 00 BB 7A 00 91 93 90 
+    friendlyName: Invalid pre2000 UTC EE notAfter Date Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,58E9AEEF18E0642F
+
+lAF8yCrsPn67Fka1CA1NSaky16Uh+B4zjRfG3n3kKiqTvKJvLsr5AiQ5jOUlqQMk
+udlOGVTmt+XcHhAn7FLBWhS36aKrx3KV+YuHDSYzfTBjXupj3Cuhc2mQ9EMLmPj0
+MkcV08eg+Pp6IjMDouzq3+pNQljkBQjA3zNxt4ZXJ8xBiCugYPcIojRBHq6xWX9E
+Lhi6JnkjZzpC9VW7FCbFM7xIcwWCfl2mbOZ/s8E9gkU+nZLqFC8dCf/ZZGuLJRaL
+a6hHfVUvUSiMDJSPvEkx0TnUGQ/BHnwUuol/ICnFYesRSJsJhjAyy/AtjiC8nH+0
+9wcas1x+R2mk9os+EgewtoY1RZ4gO8Ug7JODD6NkVAaRAlUXABdWV8tUEnpNfhVR
+87XydAEmHUaK6zHyjIGZOTAg4uFd3Fd7vRbPbBtMI95d80eUYIBq0ETBQ4P37Gxy
+BVU47cWMWNsVKbA0g9LkGLOrfuQZ0Pv9m0eDV8pG8sumOE2HuxPoPFNRnTmhElCw
++sWX/i9/vDuyE+ZaCYvsyGrjwRouenzqh0J+eqwfVFOy1KGIdTVR6/VP5+IwPrqY
+me6gmDsgqIn3JxJ2tTKXYgK7yeviRJII12qLNfxute0tpHnDuOq+LUeZJfZh9QGW
+hsKhprgmq1R7X2dkG+xshnoJIHN6fxB30ENOON4fk58KlQdzaZLwtL03vq9jixBA
+LmFbf2yJSUsbQDqFDcnty+yLFbHk5fyla/LV2SY0n03TA1HjcFHcdkhZRPo3ZVnL
+TO0nRM+IWHuCUNG47tR1GKuykxOxMZbRWOI6EOGUWxx27iIDzRWeqv+Aw8Q+zsf9
+gIO2oZwOM+6yPrMQCuZViVtDb77b2fMmxMd0CFTNdYVFJUjNrTuArbO7zBPydJQG
+3LfSLmHFNiuLpE/mR0KrHMiRTpeQCdYTj2cemXo/mG7sATWQyBD7Gb3P5UoG07nU
+S9yy9y5/p2Dw87wuHFBY7oMQMX/cx0SPq4U+8nPoVYaqF2qhk2IetAKosyZm8/94
+IoSAo5KTM4OOZmkzICCIRn5FJW36VtwIYJYQ7iMyJXTHYzj3aBe8Zt3lBfHs2sVq
+ULr3jh7gsybyJ6ZLDA5CZBA/nZbsEp9a+fLxpaxGNLskuMy5Q5qdQg+p73VxNT0Y
+56OzvezZkvxpJuLPtHjfiQ9HpHmRVHIFPQq9ivnpTdecqR2jusxs24irbJzK34Ku
+tuo5u7AgamCx5HuCnSiKl3Z7HiXmSaL9d150TlR1S1M1yzI5f2sdmgH+2HJEIY3b
+qvCN5bft1eBrpgA4bfsp7uG6M/B+9cWtPa20HSJhNgg7G5A68ZlkE4vuo+0XdxEn
+KVoOrTi/juPJgS4wgp+l9uoWUkVhZ0bbDo6fo8GFcySnFOP+Sb7S/28KRa6ycBCd
+H9i89IjSkbtkBuuHRZwsy0wNOkngjyNKR1PVgiqRTdJQlCS7VZlEwKqMJUVKU73z
+ndkJ3ONBcy6xAEQDacZsZ+TWTXaz8jsmwWXlmwsDUyFHNHmQmIBuyBCQNF1kcr3u
+qHnLtCYjzFrDWTmZfQiR3IiThQavp6Ke5sP1NkNAS2D/VaV5zVzeGw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem
new file mode 100644
index 0000000000..c562f99fcb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CE 60 90 80 75 16 2C F2 2F CE 0B 9F A6 C2 D5 98 11 63 61 44 
+    friendlyName: Invalid requireExplicitPolicy Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid requireExplicitPolicy EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTswOQYDVQQDEzJJbnZhbGlkIHJlcXVpcmVFeHBsaWNpdFBv
+bGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANHpR/YhLPt/LkhU/hxCFZA3Ug2vdqoc9/PCCQcOHh3ZIZUPP03T
+k023na21kRQ/hNBFJYm89nteKHb/f3RBBYsQtA1tHa0BfTWqesFZavNZF4PVwLpM
+xTkJcxr8sXS6xX+SVIsEGkXgZF7zEo/SJ8Nk3nnP29uQyckOLlqF9c16D95JjlVw
+7WAu+1B+mVJTIsztDkj5sPYzxYvvLLkRmE3noJgpoZ7HqMYB/mfocfqH70PsrXYh
+ldQtkCjistQbF3uem8OEW2l1V+cWat954VUO/YzT1c3yqBD2tsJ28bMOadbkUYQs
+RDEQYfXTpCmxAJa5GFtK0mn/N3k5CCjZ2/UCAwEAAaNSMFAwHwYDVR0jBBgwFoAU
+FLvRJvSegTyLDhLP2XsVsizcoyEwHQYDVR0OBBYEFLIISgVhaKmQrx9w+bAv/uKa
+AXJ+MA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAVz36vPv/Ucy2
+1a6sbkX49qaUfqge0g1K3YYOMRQy3WGfZlnXkbc82SkvgTOdzMBEIGmxGLrC7vkb
+123Rv+nc6u2G0bninYms1u7qcLaGffjbtwEQxnT160WUvfRFkQnIx12mgkGmRS/J
+GKcCKzQzLiiOwRwxjEJ1hJe8ZyrLlNa0BdqG1i9UrBzGzIlF8w1S/ObHBhH28wVz
+b6gbo1HMT+I09piqPOjDsZF8Zrzsa3fn+uGfGZarNHeK7oJlKoJDYWOG579cxNXF
+YDKFJ3UghQcXcZWidGIgFfwaW2/yFt6y5a76nb0/1l3CF0G/xkuRI2IROptfdsh8
+o5ZpO/ZJkg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CE 60 90 80 75 16 2C F2 2F CE 0B 9F A6 C2 D5 98 11 63 61 44 
+    friendlyName: Invalid requireExplicitPolicy Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A7DDDBDFB3C29E8
+
+RXGJsD02CpUery7PuNN0bVaL9DHlNl12r1u/82Rr6sRHIFIVlgsK2Y4kWV+vsUgM
+HR8dDB5B0IB6Zh9PnVnc207OIRin6jaIule+TGaoSRzYtzXZ7F8IDHgQ9sTHJtRJ
+fKDNOhnZQg4w2LCjd+c5rN/z5CxGlvpZvTSBQCx6GoDz2EBufXzb5su+Jk93hF/9
+wP79J/blG39rwpGEiSs1pXhimDG7xp0HRcLtCLaUxBYpp2ap6WFCnWxgjg9fkbf4
+kYOW5h2fHOf+zbhMO+gd9KPsjimfLt2WJHYBfRKzCr7rr2mIf9NWbo3qFF/HfDdJ
+8SedRm38gpJhEMDiZfbXEV+SPkoX8988aI/3nSmfA8aF5MgemZFV3hzLtIAAPCOP
+/1l1ft0l137kbRZTT8AZVDu9VD4M0SUdGTLLB6mHu/XR/xsKoE6SEEAFPEZLMBmH
+ws7OXerisFualPwLjQ13W7Uer89fjfRX8/oPpLvHRLLFcvgVuAQDRNmQ+L1Hgpuq
+0QcGyMVHxFfsML6he9yyxB+pX1hUBGMwSv+BwJsdaNnklcWuUR53GfD+gBOZ/77e
+Fpq39ZozWTP7BFL0EwR2V0D3RaUuBJrW6cGdHjloHHGVMfuqsoycxw88vW5oVxDY
+bWjJPJipt0hi+ZuWwIvHq9CfbzKuCDoOoNZllrKMbAt3lkbpbwRXzmifod+ueVY3
+OODQL7waiyRuyfWfxD0vL8m4SMBoOYWQjFbsDRLedW8TI+CsINZ7kqzG5Nm3Rho7
+O6UDK2vdFHIvepnmlOMBhVD+/6KpJWzOzonp5DTBhxlsOgwebzRrbI2oxtasIzYP
+DNiZS6uuLm9uJ0ZcD/XFWfxygYVAgsH+AZtGIdGVhdEsncOQIEnO9dfSbcK+42o/
+nhmuoYEbNC/DzhtqPv0Jo8yH3tXtoLUCGQvqbVC7yheMYBfsBNHsL+v5Bi88H4kU
+Uwkb18o0NNvUhw0AYE3Myp1+Sfd0n8L2a4Z+jb5Doi8KTNtKa1nwJztJiUryjc0I
+zt+MX9+whCZPQtUM7OtGXZ1dlwOTjpYfQ754JdVxTYDb5AjzeA/Uf36qeRSJyTBw
+a6w23vS4br6rgqGoR1GNqpTe8QjcpA43tSlfx7Tg2MvHg54iSOMYo3lvqmmWiJOk
+qCcPZ5uj2B24BaRjDQxC9mIJrm2VnIB1/7Vj7rnXuNiKCc6L9dr3SxHAEFb0Qa1l
+8fUV4KmFBf4J/gDmviEbJz646xq1aN6RTzeqVEV4MpXdpndNu3vYfEnw7+houjGI
+alWNvIKidiz9/yovyN77F6i2DeIJ+EFnsc1xv+v96CASKXgFxPc4f8gGpdO5LIpX
+S72QE4Tw+jFi/o6VnPvVV/mhKllXksiqoiZr1X9ifl5hDbl+bMfqTko3S+pbk1Qy
+spEkr0ro+DpVsoKo12shFG5DV12Ic3dP3/mewj50TU/2VvmdIX3mMxNQgSd4P31+
+0T7ZoKq1RSBGeyMCiQLpSKWZNY8XipikKGkpO1vum5uOG+loO5KwDPSl/xRi8s6v
+Lqek+d/A5sixLs4R1EP/MvdEkQ8O95p9/noM3sgsIh/ulbvrrsWR5l7g9XU6moaB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem
new file mode 100644
index 0000000000..86b197c22b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 10 D8 85 4A 0E B2 DE 50 07 79 D8 6E 26 09 C2 F3 C8 A8 D0 CE 
+    friendlyName: Invalid requireExplicitPolicy Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid requireExplicitPolicy EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubsubCARE2RE4
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTExMC8GA1UEAxMocmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJzdWJzdWJDQVJFMlJFNDAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTswOQYDVQQDEzJJbnZhbGlkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAOKog33tBMcvKLdCEtAS4Mehc0LTwRfbt/eJ49owA2W/
+KSzT9XiKoZ7t1s7MPh0NfAkOu2YOlqjt5BOSlzQbQ57h+/3lBdMXkNBT3YEAsrgo
+ADlhGA6CVOIxPuZs7z2x+ux8m8wB54ZXO8h7JFfj+YrIKkMoTvePMltatxlox76r
+TUK2LsXOZKbYZBkKZEqtIUudUcd50N/WTkxg5qE2Up9V4oXhdY369sF//7mMadZ5
+KDBqDmHC3q996y9CERPghc/sZQVaX6widPtlsI+SO74IBMwOX29eIroug7mbeE7L
+JFQc1KYaGyB+Po29y9l+l6C9mfWOHeMLKOCzBlexG58CAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUeyxRYTEVrawsa6m+OzsYGpKqf0QwHQYDVR0OBBYEFLy7jwxuDW3P6K0Z
+wZCQ6vgkqxIEMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAjMJa
+DaSfZMbvgS2voQaA27koy3de4DX/dlI6a/QG0O2HHilgp3g1/G42thy90ewLvNse
+nkYf0tFM0Fhx3n6KwNTf1nItuwn2HwTIiw9jQ/ERwLqRzmnCor1fKf+maNGWqYg0
+vFmmrxVo897hX/0b9CFTpS+SP1RgMonaVnjkR4/sA79aJ49wUpdPkVZrmXOAaM8r
+MR8ryNohpRY8U2O5+S8MJZRKQEDyMFW0kXeC9Otngb2h4ORErh09DHI/xuGN15So
+90UadDApAMpCi3PijRNIKVcBpge8sAvXwR/iYX9ws8XNuJVkEGYQYJwLKU3t1NAA
+Ynvjy3YgibsBuUcfng==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 D8 85 4A 0E B2 DE 50 07 79 D8 6E 26 09 C2 F3 C8 A8 D0 CE 
+    friendlyName: Invalid requireExplicitPolicy Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9E632AC14FDE0912
+
+MZ7JO76n4gkNhZ/mbGaQ65kpwMvIaETRiu0Hv+ET579MVjVlGFccGFNNSYKVrISD
+c5xHwIYGp79eivhh6wFNdrTqgjVJMk0QGa35aNL5E528O9q4dT2awVoVgQm6huC8
+ajoQASr+lJttTVw+EFKiqlt5cVapnA/8bnx8I2vAZ3Jf7ZhmvlSD7rQgyRuDEid0
+otLv7u7TuBrBFOmjVSg6froikW9DwZxEMY1mjOyu1pSvOPZueAUN1KEsXMlCv9Uv
+k/U7mD04OqNJvbEZ5AF8viuqzfrDSwym9/XsjWIYhdH8fbFiDhYYaQhDfNwpxyCN
+JmWFUncY8qX2pG1ITr6hImn7xE91ZMK6WyUjQOgI4IvBMSD7OWQ9Ub5UqcO+8nx5
+tjij2bGB9crZ+CGrgpXeiYErVFsRSFayuC5sWGvyBHIbWsm24p7/DN8G9/VCuUbv
+0PQYbdmc0/HnpZHtlwtWGIn0RQXCSCefxl8y3OGFaL6QMPAq5rt3ZdidSFMvJ1QK
+iaZJsamlQdJjxHctGYr8ApLN0ZF3dyHB07aGXqektytsGx+1P5D6IfBPXhSD1u4U
+4rfyK8CBPXc9+hysiqcHVXRss/W/I+jC1mq1FvBSWCIXkZOrtzHMEfC9CiEO/pcg
+hG41fHZXdvBncGvnIcpJfG1NrlzbnVpGk3C63TeZH4U16956wgYoEFxc5GYVCIO3
+zcr/eL8STK9zNc4QuwZBuVKu66UjA5Jr/GKrGWB+2I5c06rfDc7qJO3Asgdm2BAX
+7J74WP+duNDMShd+l1IGeodhXsXZ1O4Ru05sUOVj/SmHG4Fxg8Alk/TuZI/OVqN8
+Rx4Zin/fbB+SAPNT6U0+LeLoHQizTPbzKpfp/0YnhExy7/tfTEMVvvG4CPNATjr6
+oeLjrrCPVSY0mABDO8sDFbcZhQUXvX8DTP61bJbSPgZ+oWtXSeihB0vUNn6aW3pr
+xl3+Nvo1Cs2PwbayJql2BEkarr2Fm4h+CM8s4FoaTErEVQlLVLTn8R9jRtQ9JQkR
+dR/S345k/GKtQajHzXz0YmzUveGsCp8TiEdIgkqf4uBS8ewCopsWtR7BJpyl70nF
+8m5ZfHljKTTpceRMD6kltQ4SM/TqqoTH5N3Nzm5GBdOR/R+wUS5XQiqoY4HqL3wa
+z62dZRfxed2GR/v5w1aX1rqHjpjXtMBdvrKbzeXtuajGd0L9FPEEBZ5Tj+ZdGjMg
+m3JvCz9bmHJEKzi72wUe+k3U+InbeaY3iHzOXDVrP7l7diQ78u4pHEge73QzsDVa
+nK5oXHe2bagyOlcbo8pBBb5WxtCmfHzSnwRthD1DeefP2MQ0pPuKiv5WACNQjTMc
+ATC8ll8X0rs7hICA6qU/4chWyE/qUUKvOf24p5geDLLH/ctO1gtawCWhq3pd56Hl
+gqw58zqhxtLktyMmhQ8VbCCeTCIoAcK/xpDbT8wpOpnHUg1KkoQacG0eAshzOliV
+TxmjLsVLdGIXEfrwrSzbyfOkIErWqfmknstkCtgRGCFhmd2/FwsOd89XyOEJwnbk
+E2vEyHbWiGT6I9rZpubfUUhEjiqLF+wpSVbHq+AUXS0Js6RM+yBljlkd8DEGXOoq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem
new file mode 100644
index 0000000000..ef687ce91e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 10 2E BD 75 C4 D3 AF A1 57 B4 A1 7B 62 22 2C 50 8B 04 27 53 
+    friendlyName: Long Serial Number CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FUxvbmcgU2VyaWFsIE51bWJlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMMaU0IdGR+wVMsv9u/acjIcUN1g1dlYOWamWDZgkiAuzZ2tQKzya2A4
+o5aK+otUElXuqmdqaid3NRyKkybkMdYEeFvK3Wi+CRgyeePBl8/SZNN3ZjPSsDXB
+bhHeCFu86s57lAbtlp/F5T//rHp1ZJeQBFm3YOQ9ffT35hX2qGST01hXhf0YCI8J
+fuCEQUj3SdUErJ9r5nntNi8r3pJfD2JBq1+fE8IO8jWImrxqNrF/3JEaQ3McJGLF
+aM+qIGz5MPUNBhdVxFBljfQrm/9A8N21SKeo6AnT0tRwuAysHgiXeItxd4Em5IW2
+4XJ+TzcC2CA3wy6zh+RrQCLPxeasDPECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFAtjt0euwgcyG39v4zq46gv/12Sk
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAf1t2PGg+vHksl8WzT5PxQla3
+2E0dBOmg5QWahk7xffR2Uybkj1ZpIV4ljcMviVDXV2AUNpxbsp1gTYDKN9tuBcmX
+3YuHVbJDKlyp0ldFApGAfc85Yau02hoxTHQbuc2n2IC4BK7BHaklDivYUSML0kbj
+0+SF/RXCrCQnGJBiNl6uRtLTDWQLTu++9+RbDIloumrSZKG2IRdNSCMmKN/51Ogq
+BDr656aQEMq+770BJ7SOWKdErMniwoz2jF+8CPkftjvZDZh50ihhF3YciXpUMH1H
+dZ4uwQ2AZzoHtPElpilzQc1XeXUZJ8bEi3+xgRTdUHniOP6KeRjf/cFNN1FdfQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 2E BD 75 C4 D3 AF A1 57 B4 A1 7B 62 22 2C 50 8B 04 27 53 
+    friendlyName: Long Serial Number CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8B970C0D9EF0C68C
+
+NtlaPOCh6XgFj7iu0GphVsrjvOjyv44kO5ocxgpmnbUOgWBoPmIKdMqgydK5lgF+
+HRN/f9ZZZfSRE202wTZKfnxeIBNyUStlq0BzoMjhpDFnGGuwLVhhGDPjw9w5Yv14
+f6B3eAmloY7gwfItkDWIKY/PwTpYW+g7PJiLKfgfBE3kzx8/R1/Ifc4o5nYV8Bu+
+oGA0h0/ncUZrgnLuUuseCf1xvhwkIUTn1rO/uzJjE35FLKqrHCruPG1BroCQdn8b
+ZXidhDWfrVLGXih5V2zInWz33ejpZPxhtXcog4gX5k0MU60lStzhpIm/mY6z38Q2
+xywJMD3Mxq8vRWKW3nYvsfK8JZ/wLdE49s984tqE0RhP+mys/H6xAYLMTEmxjWt7
+3LvlO6QniNMytr/XZQm8yBUkRGhT2YwJf8wIESdZVfFKHA6YsmU5w+lt17UiS7X1
+hE6zA9543BrCrYYeI6sE0//+KbAPy5EUCAms8xaQhBequwUNteyvuEHofKgKJ4d0
+fzwsxRHJlPJrab504zOj2zLnJDX69pdMynQxhODQFsqBkUEDJae1E5ZzZhSLHdms
+Ul1uSew0/Z821vq9QiZ85oKss+3Up2adpk35DQmCrnlqTxGfDFubCQsAIta/T56h
+4tRfT6ySWz4HNprGeyhBLYGtabhKwxC2HmwolfgFzFvWMaKG7NfYT7f/5Qg6q1za
+zIWKUvNZyZw/Kz6BtFHRn2bR2uzgbC+nJg9YKl1FLETLJHOAUH67whNIU3Uy3Y4O
+idkGvIXH9HgLYnCoDx8SaLPUbmctyza6WABZAuHQMejRTKOe0so9xhBYLJMoDPKg
+TFiG+wGnLKtuqQYO3OePk+c2WDVTrV5toiNDIJXU+JqKZ/tF3JFthTPIE0Iz/leA
+8CC8zORjvKqbmHJwvS75yTuoQTZ0lSyx+o8Xd08b0QC6GkXE6tII/vco8TVgkmnk
+aBPDbDzFwl4vGQ5y7f/Ekmo1aW8NdLouiAGJsZL3aG4BVCuYre5KY04hGguzoqfD
+cHj4OfVrmCbEwxGjvTvUbWEK9OfZOzcvPC6eS6OfjRLXUZNsbFd/8DFLCim1Enyy
+rRuhdTDQjKdYxzXbpZxNXxp7Aua2RclUAPgbuZDo5B5QU1qjjyPXONeOBfltNJyC
+8LQFj0SSYCB2zMuv2lMfQdWC1Jm2MUgIzAoheke9nqO+AlT0aX5MABgpGwmrALAs
+evtEXaS3D48OvSoWZ7mCmEzgRBcIVqx+mCppHnVonYi/6wpIXI8YIsOLKjEJoghW
+P0dkHJk3ZGVRdb49c4nS8zT8hcQY5crFN4luTUcPyNlAXw0sLYrPqaJjE+JnYvCt
+EVTOAWvf1KNZGyU9/y6zquYcOCbs5gjjuG155t2xaLeoqYm5QgFV8GuC07vpj9yC
+DVNSST1PK1SZLhK9qENREHGf692wvq84rleBdxc9FQbV3uCOyo51Esat8yk2zsUF
+CdsjVmbdwNuVQk28cSSbztYfYjHigeyjRZcA9FPyXHXe9nG4SSurQt2Jbkz9nZ7t
+kDeg7Usr09wlYeoBeC2EaRuCgkiDTHWdcQeEl44S+gTX7ATO9bm2kg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem
new file mode 100644
index 0000000000..abf2cd6285
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5A A1 7F 4B A2 41 76 28 19 72 F2 B7 8F 5D ED E9 67 77 8F 25 
+    friendlyName: Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D01hcHBpbmcgMXRvMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOBrczl/53SePwB1Ub5qyWVoVLy1LCGwRkezm19LowdwFJkzJV0YgrlXpEd0TeBF
+Wn3ObRNqZmcPBkvF9rUrRCmuMIuT+164rh+U80zAXVVJgPoCIWwAHKFyskha0L5q
+3DjC+ZsIqZKajL/hQj4OmbKlvJuP0Ptd8Bjiy9bG7NgLohzt7BvI91rjKjFu98vC
+nFvXrpFbPMyeatLKJ/x0kgHfPRQLCOot4ojSkQmbD5MZNNplW4G/4iWFCAwwsk5y
+jA34AkwYIe6mcML4Te1wBGueM71iGaga0pPdLnzodPV5rr5+sjcKsW8yZ2C3jca1
+ui0v1oDcQ5BR0dlvomx/VHMCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBTkfV/RXJWG
+CCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUmcV4acs9M3bCmaxE5bAO/rn028cwDgYD
+VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
+BTADAQH/MAwGA1UdJAQFMAOAAQAwJgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQCjpL09JCig5v+7S82FBPiu
+JTT1xgO/XBQqRIvDkfggs3F4HZCJR+XuQiloEGY/H86/laXVMy/dTj5t/Ojq+8cB
++T6jWzmNLTvjQkuIrLkzIQ15bce0+1EYnKEVVw+0BGMfsAObXsJGLDxmE1DYRUZi
+Bx+Ar5ZHwhTRXLNszYWSTXPR0oXfPly5YqFwnFWBAj4r0q6rUsIipcmIe1XuFMhY
+SFNJJNWzpTMS5ay817vhfMb0koA+fdM91hmONDOo8wbT8CDr5hWhss1FEbAqFheI
+RhYXLG7Mll5FWcfc7HbSU9+edq08W6aLsgXyupHF3SYrA0w0duk2l251GqwUgxx7
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5A A1 7F 4B A2 41 76 28 19 72 F2 B7 8F 5D ED E9 67 77 8F 25 
+    friendlyName: Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A1DE75F64A796C44
+
+io90ydFJNbW1sRPZ/CFOPMxQpvArQVmRj71uG6GysSZD892WtIDO8O5+m8oekh31
+3cZJENDZiCGt9HwbN3+qTxTseghUcmYT/le0u5XJRVtKorFwX6HYHwJNutgZ0eL+
+B0U5mSXWK6DVrbuh/tne7K8ER0gr6sGiiArgPlXPWeHqnxa4J77jZWq6q61kBKOV
+jVbpu6uHHKSCLj/3NUNQcKNwSCf49JW2j+dXw0BrWh3WSoaNn8uUoZHCyEoDx62V
+qtRgJenl55dzu3MsrO2fRaThvYX9u6U/n4w+Q11KyboRfhlZ1c0hzq6egcsYJahn
+TSekKbyZtBdvcUbP0RkaP2z5mYxzOWlxgyxPHMaD1+DHzt3qXvdlVNelR5sXwXZy
+lIl4uz7/3LtVUe8Q1ksnyV+VZULxwzTKtJDocn+4Ha323HwWeQk4MwFkeW4V24Ts
+OtBsW0N+HHJMv5ceortjOafIBhMDeM+mWF/tKV/nOnjhzozweuoyOJDRca2LYJwe
+WGKbvp2pubirZl/u0dKR4MfzPJ2rAnQrJkeqG6H28z4JvUMgGzPPoyeL/9pvlk0u
+Juurr6DWX1WDp4ba1DyaqLV6xEU2txOV4ZjbGyTCrgoKOirRHKaLtF0DIA8AYB03
+xSPHEBgTrFodVOzAkfsTX9BMSQrYMWL1gy9V2u+lTpgszSKGaUnYnzv0ocwem7ew
+5A4B7ZziQmEEem4Gmo8Qed3hcPcdZYieAdw7ZddGgjBNqUSPlvR+4bgVT4oDc+Vi
+8o5zJG+itLP/c5ULLNeXM34hPYn/i//7jGBz4vrYd6T65vDo0wO6pUV8m/eFcM1j
+KAf/e8gM6J7TTp8UIvesX5PResiQ5vRr7CE0rPFPyjIRDV/lh+pgn6Z+hUseBvzV
+7n5HB2W4uRPjCnVPHQUDcFerElAZZUPqb7EEOWCbLDDsK7bfxKC0YGymhRSTPxPd
+5te10pFtV0N4JT4GTkebnOYHiHLeVOuhGszEL6FgT7XlM16E0ltMAzmfggEXpH01
+qcrxGUW1OJTIUiwfe3SWBw7Xf2+nrdfq4xH0id9NtNvEFJl/m6J5hgKyc1J02BVK
+KpvoJhg2jgO1FTrvKcAaERNHOxu1AEPWUdOS1zLvzAp9plSKY8wSFoviqiE0iQ8g
+DvcUr6uuhXPvFAYyvUI1YtCczZC4peg9fgqepFJhEYASD1Og3sLwKocq7wh2rb/6
+Gcgy4rX+gu7PUAlpTkEFN9GcNs/ZHW3/SCLeAFMTo4YzEDreBRi2TABCkY6ODy5B
+XD4PCNtnNPinvejnFzveG9I0k9djB3PpERBLAJ3NyIcmDspe0wG5qfrnU9F0DOwT
+uWDh8nzRETDkfBNmKbAPiP/DXI7ROnISoM5uvMH1bcNigmCk4/kbiXIfpQ/oXW6g
+OUnJfKwSjqTMcjH5QPpem8zowWfOYNAPWZZPI2i2UPPUx1D4u5eIybmKx9AkSfv0
+b4T+Awd5bj8G6AnayfrgCTsHJEomEkX/K77W5AZv6V/dIYYSJp2CDJx9LYuU5J38
+qX7PYlIKvvWrtLE6neylW9lPxXxWr2gOkUPUBwuRZqBbhN/5Ecvpnc57SDX57UKh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem
new file mode 100644
index 0000000000..ccfbc36f75
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4F EF 0C 1F E1 01 8C D4 7E 71 BB CE 89 E1 6F C9 3D ED A9 F2 
+    friendlyName: Mapping From anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping From anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDvTCCAqWgAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GU1hcHBpbmcgRnJvbSBhbnlQb2xpY3kgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCrp6IDBPUKqlzfwBrwMM0/8mXKVyogMBl5xjRYIAzPCs0Mwv7R
+kEQbM1BIsYtbSJgsFJtldgS1u2yhYklqgcTsHZK7NrBL/QleugZcze2gunSlvAYW
+2qO6t9japmswZ5/8l2hTia0T7P7Nk9lcBbDi+HjNDRqZglalb/gXvfWnsWxOxAiS
+QY35dAnqxXl5KlkscU7uvsQubTBmNaQHsDrxoqSAXnMZG8dys1G3ET5Emp6FvYBZ
+LSYQqK2nWkL8xFIbbdureHpD1Af+HWFDTntlZzw1Vb2MXvmz0pYFdRGA75KD7SSp
+LEl5BiXwPLMF/UHmMZWhqVug0MlJ7mWl1UkzAgMBAAGjgaowgacwHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGhzFOALNM9yQNqUltYV
+q3qkby6MMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBEGA1UdIAQK
+MAgwBgYEVR0gADAgBgNVHSEBAf8EFjAUMBIGBFUdIAAGCmCGSAFlAwIBMAEwDwYD
+VR0kAQH/BAUwA4ABADANBgkqhkiG9w0BAQsFAAOCAQEACkuUlU5OLnBP9XTQLJdC
+4cZ2L1LbaCvAnUSD5ZU1UyDAPHcs+YsbjerZT1Alt/KqnVyD9pvkUuScevjjvLCy
+fSGq4slrV8mHUVBbMuumv5q+0Z4J2PFgNXIvdxHiIRFUq9A189ZiQkfUxSeRPUK4
+M3YmPO0iaeuS0SlAKIQ8a1dxNgm9ax8GOj+SQsx84FxED2wCR024sOajIHIPVvyh
+bWPQMQbdJVSuVULjsfuGDyMZyN6a0gR5uBQ1MXmsIVrnwAia0LTH7kjudgabGYa9
+MJkUVscZiu01jZBYfDqpaCN4MWkXCNvf9gksys7HoBvFlGyHm32/XiFrVKYufBkf
+iA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4F EF 0C 1F E1 01 8C D4 7E 71 BB CE 89 E1 6F C9 3D ED A9 F2 
+    friendlyName: Mapping From anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5C462AE8E9116220
+
+y+qcQ5rPSa/dw+OO+v0T3NcA/P8P29G7HJ0cOxdMp5gG8WsyH1eRcy7cxeQ+/qXG
+b0vOgpAOkrI5uVkZTHg4PkB4pP5bqOp5J4gvnDbQRpWFBTWzB/ojqzmBt+OQqSGy
+TeFD4ZyRTL0CLWFRX1EtLJKps+nb4qUaBGuIp1B1iBdo2S9r+saefCbDBM3MW3uG
+3Ji+Bb+ec7GfoW+C7OkU4+lD1AtT2lzFJer0kYH8idY3cYs7acgA9Ir2TVpBdAcV
+7RMk40w+kC8U7qJPauV3WwyoiTjy+ul95JSQWWaOEa4ZUbe3AO8y7tb7on6YQ0tO
+f73uAisqIV63+JsANtt3dWsRQI7WYKpKxZQwABz1jB1oLtpn3XrYsmeiyjW6YcOe
+pJBGRcwW5w/tMIrqtHqMDvN4y6gW29l/LLL7x6yDxDpqCSD8+7ojDwne3dA9lc6t
+wx7XoN5p2oEaGvhwtR2xXyC1rxownGC4LjVWmq/cgPbepZ1WGg1NgDHQTxoSdwmP
+jLQsXNRkNYYOkXZACG+q0aWeeqmqqYMacP1aUZnwF0E2R/isOGMprg5BNEpMM1AY
+rUhjiNPTaVkDkv4uSoGBVRuRYwKOv5pZB39ZsxywrDOuQgqAUzpfx+4FgZKTbQjG
+IqQoMCblsiDoywaqZjPMwFvV8gLYGgOg4MkF6Ba5uVkgWuyO2jSo9ZUmb/MoMeMN
+d/y7PszDQaQO3t4YtUprCD6eRuI5ni6U/jEWHzOirkQ6XZUekM0PEZuyEQNzQK3r
+qOl5hAfboXcQfrxmVL/tmri4R+022kkS5jylHuxg7vs6ADZalaAF238iybqlzAoL
+b24zqZXeKcM/w1F9FYHuVXThJn8ijJvKnWH59zT35sNjPqmnbc6rKxv0QKLoHkqd
+kP6Bzdwufq66PbEXXTZeVnc2gbWDmPywbEQY+WrnKuakdVNtdkczAm0C3tzS486U
+IQFQDG0ffs1AmyntosXmkePvjN4K5KHieMqFvy+tdYwboJBnsD/HnhcM01KaFv/0
+WULj2zQ3l9K4Wgt5p7nbo84CXL700mpadYbKNf0qVU0TBYaU6dnNDOCLs802B/R1
+9icOlaEBz/oGfqH5FLi3di+MAJOss/oXzfVlQ9zhrru864Mci8gKNN6WMuA9oAIy
+losEt512laXp+eAFtco/A51nH1RedJmj5EJV0RSgqhg29RiTDIE8UY1mWny/XM0T
+q3k4eSUHQFtIHUR3e9YvqbRIjqj0uM5J349uG4CirGStm3eCGUnTUL8ib/xi1PNJ
+sXDMOmdpZqbthOJQ2dWfaaMXhidUY4lAX+65wmFan+Jjd61nO5219mSqUZf5pF/I
+duLyTW/H6yC2AKYsnNWvlIfr/1vI4U0F4B3pVq0+xZDWoPxzQTZ6imU2KYgQDrOk
+cYw47YIe5iaos+Dnwk9L+zWVCG3nA3HKABakASOD6F9XfFKzlnmKhCB815aBNMq1
+54hlSzUQpYW4KJkFN2N0ujEkZpcfeR1CmaGwMmqMjm6MbEcU1hAKRf+H9FlxXFHb
+n5SophPEWRRVhjuYHePYIzBHkvBVGJvYT/0V3snUt5uUB7NSEoPpCwhsfzLUO27T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem
new file mode 100644
index 0000000000..04b48d919e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 38 6C D7 9D 70 F8 85 14 A2 EB 28 F0 B1 C8 BC 6A 6A 7A 18 CF 
+    friendlyName: Mapping To anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping To anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBNDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F01hcHBpbmcgVG8gYW55UG9saWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA7l+P4Iahif8g4OYCYpPVwbmJqrG0fnDR/oNBlVnC10F/uJiYK6a1
+7tCVcPXTHeD3N1XtvviZzr4hPny+F8DoVAyYsBQPn5pQ9YchgrsnMfuTmp6NGGt+
+4kTW2K97AwgH+cRwm4/5xZgsKZS4dUVSySds2Vl1tLxK7DH1nrjSvieDO1k6h6Pi
+fHZ/nfVI0CrPP+jwrPdUllp9lNv6IyrwO4gAEWUzVhwuqnEErKDA7FDLCMS/MG5I
+3rWJ+1UMN32/IZlRj7b97Obe5vmXUtcnVOPTtmKPF7Crctq9EnAxOz7aZObY6qAY
+6OJvaNCLA1YhHxNvSACVm6UdXaMeyodR3QIDAQABo4GwMIGtMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQULO2T8R4acBWUiy2TtJjS
+twUIrDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wIAYDVR0hAQH/BBYwFDASBgpghkgBZQMCATABBgRVHSAA
+MA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcNAQELBQADggEBADHu2GnJgEBdzRt+
+PSfkyzvActmVetZktEWh3fysA8LTQI0lPBN4us1QKw61o9KtO+ssVs83d3OF5l3X
+vkO4ilHyvT6Hz8bH5pXskMmXqYubrJI3lQjn58GohHNyCUDS8bYRDLe1Twz/t8VG
+hLyiQwNQknc/8h6q/oQuilB794AHTDP84np7rsT24X93LOTxQoEdZXhB0gvBK8FE
+j37F12ObeB/3fKRCW0kYo4leBgcPw5G7jm6z6nljCgvn62LBosINe6f4Gy++CLHc
+TVW3OsNOIrgSBqrZr0JfAwykOWfqJGCfOQGcOIP+MyFkGHL6jrS8WnLoM/b4I5a6
+NOBfmzU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 38 6C D7 9D 70 F8 85 14 A2 EB 28 F0 B1 C8 BC 6A 6A 7A 18 CF 
+    friendlyName: Mapping To anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3BFE1C8E0764811D
+
+FbLyNuu6zBe/eE8YLhTU2LyHAk12hF/DcPR++oUr1y+YQkRES6ciZ+M2VROJ3oZ1
+9AaUZqvlXcFX1G+/p1YBmDXQzsepmxS4Ofuw44ZuxWzJZCFWFz8zHQRiWqgRMYAc
+k/WNEKvVjRBZHzsCf2mkyry8bdyVJqWjeh2j731ERus28W1LdZC01H6uHYIcdO6N
+/Fe/tTzi1uqCwsNqGjqKcBzVJdXiOgKKygn/4eZDZ+OhvaTLbqsE3WbrrZij1LKJ
+s7brfzBlHIBxR8FiB8h27QQrKjyU7uB08V0dijq3u4sckOd9TzCcGx3GQ+IFLj0R
+Cxu77Hgh6btFAZYUFvxx/eFLF5Z8KQUqDDADfHnreJvu+cVcqdvG9HtBTA1kb1In
+gSbjuGa10I3JxyTGRbjj7MCCKRIy7DVow8qO+0Rbq8bfjBOdUk+dz8hgMvW4wCS4
+toJI8+kAAuQlEjnwGR5YOITvIBjrN+gauOv0yNx9bQM+pdoSfjMb/1f1Y3b6WPbN
+yoWILudv8zFay7hPWk/8MOpEgHUWRyELwLSgTzSSITFDoBziJqcrI+fHgX2jK3+8
+MdTlpvc0G6xkxTdocvmH3+bhba1bJqDFqMiwrG66dqUcYRrVZN2ee6rjj98nNHMs
+tUyfYSpusV82gTjH9p7daoUYPRHwjCm2NUrbAxd3w3uZYEIinanY8GHJjD6PqEBs
+Lwf/Ciq3y5bpn11pg5OzaCUq60nugEjGqU+nN3D/1rntyME0/o7e7GBc3BzQvuLi
+9sW4rh07vq0acZWVi6msm82WYUfgNj37859rlBYGaIV8GnUkl4wC+MvAEO/Bctkd
+ztKiS1g45xLOx+BYTLfs7u+vrVRR9P8hENtq369c7FNayjeSb+FXrQCWNYuqox1m
+hyIhg2o85x35bV+i0DTFru0WoAi2Zj7Ors8gmD1jCx/kiLGHcxb3egNZlJFSDExV
+2N4DsqHrneydplgiVtSat+COB3vUoIvSkBacnDi56YxNWsS/YTryFY0gy6P2daAj
+2jiToALSwfCkcUnwzEsbxV7+NbKi5wt/H/zK5yK2IbJszepwLLqSycZTLPfm1yK3
+aZv+57kL8urATlsCxMKSEDgCuGGQymDA70nKomK+YgW9RQo0+ugNHL1HllA+mnEf
+u9XyYhFDK44caO1TiiWEN30SUJuAOBfsL5sos3Qnagf80Oq9ermxmGUIgzA4FljO
+oQShwiSMMHS0lvqXWG1Aj0WnyF1qTCXgzEV8TK1J6RUuhVp07KY9PsPQ9pK8Zgt6
+ixgxpIF6KVqsRagHe4NN98YBdvXMGdDaOHQ5Y74zJJ2vB6JJmk8KM19pAvcdSBBf
+DnVBq2AxYeT6L9Upzfn2inHT9DBpX2VrtmesJHu8AAvMwpdEqF4s0JFWUtINADML
+hP2YGzy7qWUGn7g8ljV+nBLPvn901TibOkurmAZEnafMl5WcirhEjgqdsyyOX6HZ
+F/eLPKgiDE10D8I1KiCvBblZxo9Fr30fRYBU8W9dqHKhOjxWiUeYYpSMASH8PMHk
++A9JmoZe3p2K8i5OiBmUG8Wp1qNqquwU3uJQerRHQWiF9F6um9gc4Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem
deleted file mode 100644
index fcad66a5a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem
+++ /dev/null
@@ -1,76 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=No CRL CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbzCCAdigAwIBAgIBBzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMD0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczESMBAGA1UEAxMJTm8gQ1JMIENB
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvjr78zG/GobZnKabi/siuJQm7
-6k5APCdB3g3SJzzlYR3ivCQg+7i1pEFgHqLLPTEHOCHunC5EedZUGzUGQX0sXAxr
-KYeCqLS/s0+saOR0HBk/YsOaCwW7v6yBHA3s2XrtK8N4qJg6LdZaGEjUefMfUM7p
-iVQQPpw3uAQmZuYf7wIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA8
-6pq8h/9J6jAdBgNVHQ4EFgQUB6jzF5xOAmiWRcwRmAF9yHg/9SQwDgYDVR0PAQH/
-BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
-MA0GCSqGSIb3DQEBBQUAA4GBAAWDjIUq/V6y1p4vxO+A1xdmmM8c6yRveH2Lq2CM
-OwmpClTYfhLpqkWwm3WSXd2VvjiPUTgTC5y7EquFuZCCZkgLDVvUW9VplIm3a6I6
-dgZiOZDqnXZ5rC+CHGSszfdDo8gwjJ+vA8AV/CNSGNkkbo/ZQ1n7Ppm8dW/bS+8k
-anSO
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Missing CRL EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=No CRL CA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEjAQBgNVBAMTCU5vIENSTCBDQTAe
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFwxCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczExMC8GA1UEAxMoSW52YWxpZCBNaXNz
-aW5nIENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAz8OlGINaG0uEl2RAD7DtTn54qLrlCtUbCKs3O1dr9nEDDohfVU5x
-nLweQfR/m7b9F17BzhHcxFYjfRh26aj4eOQcxHrpBfNMj6U87coAeJ4ERn7okfqM
-lcGlHWS/Wh48iiZvnCvg4jeHhSktwMppTGKIBKmJ2S0L4yKNYCjZ32MCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUB6jzF5xOAmiWRcwRmAF9yHg/9SQwHQYDVR0OBBYEFJYM
-oy9aXt4kJDgRNj4KDS29NtDXMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAlNJLCSyrRZNUza9eL2Jc6eFS
-bjriRrz8ryND+rn0dnsceIVrXVApplWnVwUjfm8fjOZlNOLM4snxmzRJ+FyTR6z5
-u9nK9TAEkMrGo/NinCET2Y5v4mtxj0E6hJOIaFxfkZoj1mz8BvOYgiEIYxAK65lA
-BNDlWIYdh16AIUEZNAY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem
new file mode 100644
index 0000000000..1988c209ec
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 55 C5 ED 9E FA 09 D0 48 D5 76 97 A4 74 1F B7 33 BF ED AB F1 
+    friendlyName: Missing basicConstraints CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Missing basicConstraints CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G01pc3NpbmcgYmFzaWNDb25zdHJhaW50cyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALRWdlqDlLWqsR0om+sJgmRxE4QNnMkpzFQdkA65CXM2PzK9
++8cj6UqaHsEvMktB77yHztk2GhmEkrd/i6EAJNjxwBjAq1X0OhcFG4e0llZk1JaH
+50eCwZJ0OG92PZYAQ2l0d99/SvUTSEpZ6v/PmXDIiSS3vtGN+Kfbpw4S+3DMTduC
+vBjx6ibgsBYd68b4Oo0T+gYkKx2v+UZ8n8cV5WjVP0/Uy4tiQIU4MXUeNjZ4UKat
+zRadXVq5mGEK4tmP7RGn+5J+vukGq5TB/hg1+PvzY0QQ6TOLruuLhtGEwbTDZkz1
+uwiUqE7C4NALqABdICfwJonm3gjliEENTC8L9zMCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFDBWvBURjU/GJsa1nKFw
+ktL5Tw15MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAFgnHD7Mz1Gz+3SEuPsr7PgtjvAo5hnRZHgvlAAE
+X+usbcykRvVsgwp+d2SZPgybcYQ6g1CwGtNS9/dEHvoLXe37lkBr3kmE2/kEdjZi
+IHEU1Oh9thXs0X+Eg9m3JJ8ZI0iLuWpQd7xHA+riTlJ46SLE1d1xGHPSwAxRi3fk
+US7X8DAxejxjGixWGF988Ib3NqMMwx2Jcs5pf3u8kUiulP/kyK/+jtiDfCIxIJLw
+IaoFs5osPraKaE5IvvDrSvM0k5yBs+9ZU2WMNoMSzzY3+jy5+OETQPszItgXQ40W
+Jt2Cxs8ZzBFnuym9UsD9m6IXe38eiJOoP2ruwmFn6uaNPak=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 C5 ED 9E FA 09 D0 48 D5 76 97 A4 74 1F B7 33 BF ED AB F1 
+    friendlyName: Missing basicConstraints CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAD484F46827A5BA
+
+viFe9mUnjZ5hxyfbi5pxNHOaVC+aiCJ7Yn2fjmxZ+NcjLb2Ccv/cVdMpSO0Soe/o
+vVl2botOROQMXAwibrL30AUf1rsN29C2e3SD9DOB/FLQpq9jJ9ZS4cktDK3phCeh
+MPsxjxUdlE8Zmhos36bypL5mhIaG0wmF6Fuz66y8rhpAj8zl8yNGL6DqNw6JgpvS
+E2i+FZ+E3CB05W6WSjOQOFexPNnWBbkjyeXrFTB30DJ7BjcVhjfek1+tItF7hYIA
+qhUFXT2kur8WV/R5J0bzXlRaK1s4kj4m1VFcmINHYiSbUsExpPWccRmFv3Qbc1tu
+/NhVdjbsnc/BI4FyTdW/sio31VviXjewVWIXxhCeqr7QRqCCluM0HeAEqZFPS6jf
+3F7p1VIxqgz9ibeJ0JyyYtRgroK6iYkVfqCSiCoWh6aJ7/pBPLGmCIIEppbEQKGp
+NBQIRzpOoKTLrzuOlGypLyoTTqAASnNNofgStH5gy+tFTAWl/sKGc1KLFht6hn4z
+XvkMdDYi60zV43nxLlneq5JudABiuC1of7SJCdAbDqN9+oUr0H+3vjDpwgufLvfA
+QVdhT9WhJZg+KLY4drqbuBHEbYQGA+CNwQvXW4CddP85kC0gEBF2pl1FsXrKTA34
+GrRn7K4vJDsb8tRP0wuOAFj0wuKwbuY4y8lBBbaNhJtiosR9ZBacIwG9yh++6dVn
+6lLzJczCF9zQOaSTtNZAPrfQo0u7ldmhBPoR67QOkg0zI1YwRJF8Y5BOI/0dSdet
+CyNhM5bGaQgq/wdi0i4l1UM66I2SIO/agRYVFZdohE/3VzKFZZNvFtDXSTNqaGqo
+GHhp7Ke/rJKoAWx2TcdgKjPDAMBtmgINrWCaGrjt9LDDVsrhE8hIki8vEzKGgUCF
+nmlzPqUIcT6OkOhmBZhW2UqzZAyYmltMq23MpB+xn8UPoYVV3hKohT7batN/mvqg
+4CaLA2vfYomCXE1To+OjqeuqpbSxVljjywPT0N4Mii2yWq4B/f29qWL8cxMl2mWM
+/h5H2SoO8FOr3Hdc/IrSH1fsJ9CUNL8YUKHgBts5B+K653uUy0qubV33OeqXC2Cu
+NlYxiGqkDhO5mi9Tuw1YXLNgXipxqiANOLPZOoaeCP5spOQgnpQR3pxlrxTOw7qR
+wbH+VSRBhtABMDcJsadDLnGTWUnPR1q86ehqpo6XfipZMg1gGnbmN6PNthRWVmtk
+ZPUhekPCWFZnBS4obeFDw4ZRjnbFN8qPE7uHZ0VL+qO1rOoGX6p/2a97l9nJTACh
+anm3AOPE/vWURJsQ8Zc54LLhPJvTQtSoxt+49Xv0oitiz4AB5d23XlQ4IZ+avY7j
+Y5ZXuQpQKdnZeG9eS86aiHcBJ3Fvwt/gVVIu3i/jRrNU8Fk2WyyaJ3epwII8wgC+
+A58NcMf6HxHb8NXufZOGWwUePr/VQxcS5EXBXbFnp9tQynzKS4qUAV4QIhb2Pv4V
+OwL0p3VD5tGlLYj7IWAe7tJcf3u0q+hpzuc5DalbQ08NMZv2vuXjfvQ0ASaQ7nVq
+Sjm8fxoY1CIImWqq3Atuo3Mv8yyx2OvQgp9YWSm7fn0HcSg5Iy+eZg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem
new file mode 100644
index 0000000000..224d33f30a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D4 8E 43 5F 00 56 32 DA 2A 07 B9 D2 67 E4 66 E7 F2 5E 16 8B 
+    friendlyName: Name Ordering CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBBjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQL
+ExpPcmdhbml6YXRpb25hbCBVbml0IE5hbWUgMTEjMCEGA1UECxMaT3JnYW5pemF0
+aW9uYWwgVW5pdCBOYW1lIDIxGTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Izk2uos/TlxMQIzTb0CugRjW
+JZgTFHdIYxEN2K6eCpfTkU3yFaIIsqC84Jwc6sCT/uroouCtnBsDvoMw9ExsfX/0
+wBKiXYZ0WmpD+cqNCmXJObrxsw3qs7fb55J9b+4sKMyBPea4hwOwpSpdnk/d9oY/
+QqBac09/+bqQZi4gSM2MdNweomR8fzh8B1IgNwuObNH30EuuNpjjQfwdfPt53HDH
+DlHAVDQgT3/2wrj/kWCXYeairC/r4IZFmCGPfWpwdFBy3SXV14yqG3rzAnOYoTvQ
+qHIhOyj450InVnCJc3f2tP157JEejY3KxxtFT7JCb232thWZz0FduNKKx1IrAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQW
+BBS/SouBm02MFDGMW+nM3S/oeRJRUDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAB1RfNIX2NAP+HC88I5JhXw8wDo9r7T051XcB+KVhbUfK7sKE9WXOq8hxsyQ
+b6XaSwDMIlbxWNAeSl/8O7UGQ36IWepI047Y6wCLMGsOINtB5FGzPsg27mgS8txc
+80Y8yyxNrGrztJJOPEjyw0fyfW56Vyjee2z96/5ETtJJMFkr1JnbITqdrXL1+cxJ
+TH9KgJVXFNjr2vAzB4aV0lHcd1JRpfTCB7nRt+ALRqjfyUJze5NI8TN7DseNgGbx
+UBD42AlUMC6aHyTWNytAsUabonJefRatkLzY6BpJ0Ewe8d2ztqIhkYGezCb+IXJL
+m6bBRwtJ5KXTL3kz3toqdTJedcg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D4 8E 43 5F 00 56 32 DA 2A 07 B9 D2 67 E4 66 E7 F2 5E 16 8B 
+    friendlyName: Name Ordering CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AB3687F56B28B052
+
+2iZ4LeDKI88jUnITK4gw5o/dan2J/GfMGlCirQz8rITqLgUMBGwGqPJhnnwIFfQU
+7r+0RkFP4a4ty5B40YPAIRPBkNQ1boeabw+JaQORugzpBBowS9Gfm/PiZz/7PeQ7
+gcKcoaUKRySd5dosqBh6+u7a4b8YhI5xNKthXU1tmteUr6lwvxmBnMDu6rZf4f2S
+cB17apju088XOPi1blqwXIjnD4Jm167TkAhF47pMjJLyHx/oseURjKglQBHCkMfE
+lV+hySV+0lAA2QK8v1eRSmr+OaQI0lYDKBhsUqKHcNq3qqzgxF4om/RMvCpS/CXJ
+U7VPhnqgSn4HEhv7o5xJ5I+Hlhdq01WahzRoa7793oK+SPPoJaGcrK3659nhBURO
+AKBw/3royll2lldWZM6Q9hiJnYCgaeSxgI2R90zjn9m2vpP0+Lx2QLcKHf1fZLZs
+Z4sH6L61DW/hGpRJxdtG4ZHaec/0+Wwm9RQ+yOXPiyPpBa5wjCogkdis1Uv9tbak
+PJkwsAEAagdBU8W9NbH++yxyW8EB/2FA9WaY+qNWuax4hIMs22E9G1WUJwBQs4S1
+SZRDmTEPjGG/oBfTVwu3huxO81zMB1E4Be4gIwYb0hfLyDsDVPEbceKh5BHpGeJZ
+2zQeQy9bKogl29NHz/eov3QomKYvztGGK+jQW0nz4tzcQa8xEPkhmLetuM8iDsHT
+RGN2aD4Qgch8dPhpjyvINDa+MkwlxhkYvqp2HN7yOqvrdGA0YVFcW4m5oxYqOoEH
+Z9Og6qRoqMU1Jet8t9ko8Q9PnlJoO/vi5+BF0vzgBw76W7r0uE5Bk3QZlasS8BRV
+AxQjp4TZKTGdLWkxs9ZUD+JfPxPve+yKerO8px2XsNpBVzGw3iaCS2AMglvjp0qw
+l/cKD6LjyGuvYGK8dtN0Iz430f4vno5V+kLoFJfpF0fo3Dn+l3yvcsmco6Xt9+wU
+fYzVJllK4YSLC7C/LnX8Kr8pg+TC/oTw44MBdau9WKBwzjr40LaKA2HDWznaBTlg
++6UCybDdKkeD7PvBaWBPgqd/VR/6xc7v0Ecl51vs/TyE483aN/9YToq5dqBahf4O
++eRDzAmIY6JJ/GN1thT04/6WTjV9NS5rXPvO1VoYD2uumeLRxK6GYXI86G5ji8sN
+wbXl5kEUydTKJ9xsjTaLGvuhdPaXI9PXaC0+Ki6SGua75fxZIMrlUWBeywpE01As
+XfFCfjg4CXIeUR04aZ4nByU5cEhNRmm/X002c+NjiuPjNnk1XCag/6n7YKwUHvmW
+eeRZPu8jss2gR0tlgkR5IRYwO8yXJ6eXyFO5kbkeDKz6NngLj2z/Vo9CVxMOZc2O
+vLkHFyNG65i4kYm8f21X1SIimE9T+gGcpCdaePgfcVWxbejm7gIXY9zJBhpDsh+2
+GNXtBP0AtPGhG8avfUNgZb6plFGLfwIJ9+4bNgJ6tZ1dY5jLhrPKVflDmMo7JYmU
+uXpasIL6VKuNESYUxWACkVkGoaJB5NQUWgYHpb2N+KMbGCk487WMljNDaWDinPOH
+m4MGCthMhcQBcuuS21TWknSZ39RRuhDdPCJjWuDgNf/a9Kog8EbmXUFNv2kdpQmw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem
new file mode 100644
index 0000000000..bd925b26ee
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 03 7F 04 4F E2 C0 0C F3 2B AD 63 AC 0F F8 69 BD BA A9 57 
+    friendlyName: Negative Serial Number CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBETANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GU5lZ2F0aXZlIFNlcmlhbCBOdW1iZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCWz7ZliC4aPKhAsBsy0znZfbesj2UveREHH7BiOb9L3Q0rUODt
+VnQSmWVBb3GPz4kXejT51ad01LDy75YHWFSlSWSAEQC79MaawyiUj4gEPxDLx+fY
+INJNmJb7hQpze4e6sQwgYOMm0Z2c16wCsAzu2P23KMEFWn6hVQWj9NzNjdYSqkBK
+L+nOnnEERNWfsTjNJHiU8TPY4tDxyw6N89LDr4ulAYq8NcZp97PCt7KyqXFQrjBZ
+7saXv1faM8FMvCZOuQg2+SIYghpsqceDQLxO/2iNlmMASaQFBftLI4dVpimRp859
+cdHNPA2o5q26AhV5ib7qjlt4qHx5H2xQ9wq3AgMBAAGjfDB6MB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRi5C41xg/F6JHQC8GN3rav
+2ojZPzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAJgEmVAdEqm2wNErb2/
+Xj9gaOMaWrHhj/4vxtssSnwO1B/T3eq6nDngatSbtjItO1M9UNPX/tgSrXzHmURo
+Zoiq2tURPwiwWsYaGuvNLcZNAY7aTxLWNP+x6B33CJF3TRZVPskQcb/Zm+M6kM43
+fCpOe7i0Lf0C6nz4Zdg+Ej6G2/95STC+vkMzH+LeHtPeMKL0tCzTQMljsYVd3hzg
+c6TNjzsuY1IiD2SQYBAJ/IITEFELXqhojiNjFEX4XaDuD43gVe8DjX5PbXXVHme6
+QkDj8QytkxKpnhaibzxmTjhpDIDlBtnAIbJ8mcet3LAFgeCa7/qbzB2iAaRfYoMm
+ejY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 03 7F 04 4F E2 C0 0C F3 2B AD 63 AC 0F F8 69 BD BA A9 57 
+    friendlyName: Negative Serial Number CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,96779EBEB0E22806
+
+EbKe+X6uUHMQYjFUN313rKUnO7IK8mf9gKaxIWDUK2qszyI4cbYMTFE+xsH76/3R
+GYf6czYV9ZQPKY6nUeP0jyPfHR6I/cB4P3e6hxIm5tuiUedsIwjiJbaCm37HgeLV
+VNV8gHgrSFoiX6hOfC/l7pzm3M48ht2gEqvdjaVljZG7B/NIP35t2kr/SOxTZtTD
+bVrL0UjnMOaLlslK+oakoCbvmo3J58IRq+IoTnjzWCYRr2bOZ4yrdbC2eYGEIWfi
+0Hm8vTIuRXuf+BCydgdP3Zpp1Zk0shY4kAQc9ublN7ZeDExHVX49klWrBGn12B+G
+e/DraPK6GY4u9s/GdY5WygSe60k75c83U3xidMrj7QCT2PA8B1Lh6mCc1Omb7ErS
+OhMWtAbAIyWIwTDK9AOieLm4e/QdD2PsE54QvZ8rYQC3S5fsYbAH8yGThJ6Ma64m
+sEYHxxAfD2koJYkt814ygDuGdtDiPtZ3WXU2Maa+8KvCx83q2G2gTahz8q9+yr+T
+YqY1SAt6W3isic+vrjVz4vjai+RdPVkHybhvHlTx0Xc9+fnBdBcNFq0lRKM4Onq5
+Ls1Xi+LXkYp8cX5iBt9LbENA4e1GxdfiGIjpHVa2Ogv8BLsHYv8nWteVjCzimJz5
+w1cWC/W8P162E+2wIdefq/+hJlsdzjFLvsOqG2x2koVvs4TxgiaGLnJ4HQ7FhhJx
+cpcpalc2pZUosyibuEI6EwazNV4WvyJiXdE5LLml2mAzOLntHDpx+I/eqH2DbTnS
+vNjzWUaUz83dhDKo5aoViXJIqxrAZO+0fkHL8o6MR/EamJfypHbioxTqWZaI/Avi
+eFeQXZOXvfNqMFAAW0Bjsn5KgOfPJfM2m7f7960mPlpWRrYfOso81UyJsXlbaChy
+fDyYLWyKnOEuQpSp1JU6Odu4Lk0pC/IrLyzVWpm4MvIF2XGr1LrY1GFCrqPUwy4S
+VF6fX6Uf1VX5jTiakQHRJdRiQTgjUSq7o8AIGFLVKEpVFhGc9EQ3gLXsmqxIleks
+vw694zpx1j2MVkUfOUMg7SYGrv2syQmZ6xvxi5pJ37j0JZsuws1WJKeb1CS0M4ut
+mW/g0/6lGjOIFuZ+JzaR1YyJ69rO398sFIcdfp0GqGFNaVkhsIfdw2tZFvaxRvoz
+7TQaQgZS41Ln49sll+29qqcE1rlLeW4XmPGCK/4tUsNuyo8XCcMTTbUS4xzeu15p
+p4WXfjt6vvZ7OXQJzUqtC9jIq00LxCvNph94XyXEROKbkxgAVs2YlL36DKtq3UI/
+Vat5D7ELfGB1FopELgcgsFbhjsAjPYQ+qb/ODK1iMfR7M2dRtHf2AiShMhAgAmCf
+YZ0vbs7m9f5ZYlAaYuzZQF4GpCEGS9iwWrZd6zHMHBPWfS8n44wTo+A/jWPfJ87l
+FA6NYFgd24XJ8hYZVptrRK1yuAZ43sQ7vuFvhH/TK7xmM8pCXpUn4Ec+0RbI4E0K
+p1sXCOZhTwYzP2oG7NrpHyCpDILgO0HzrP1pQA9Yh2GePVaUbq7DP4XVq87qvD2G
+UbUGx1W8S+1EIi3ODMssb3KVouRAYIXFddyeQuy256kBnzVZlEjLnQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem
new file mode 100644
index 0000000000..fea0a3ece4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6B 47 2A 56 0C E5 3E 2C E4 6E 52 8E 30 60 15 42 EC E3 73 67 
+    friendlyName: No CRL CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=No CRL CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIBBzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowQjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEjAQBgNVBAMT
+CU5vIENSTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPK+0hcf
+DWQf4Y/xcch0tBEFy8majp1UWEluOQmlE8rVt2weoWdZfaBF1cN0+brVFt0Z4U/q
+XqdQBA/PvV1yBYBlsgbgCPcJ0+Q8eeWESeKlt/TXoUl35JeNhz1qc1YpQsce78O6
+Qm0F73tvYD6hD/EFwgYqu3uAl2S6pCRNTDkhCBrRXcsjKZ071/pN+Raoll8StUli
+SiIgn/YHeIs/C/fQKVdAH7ZEq6fLfj+HPQLlRSzWGOXAqyca3Nq3nf74dbxWH15X
+RuESMGcIwaduE+26VSZcmWYpEKdR92GOE/X+WSGiU0DmR98pXoiw1MSip8A/QQC5
+WjIwZDIqN5k2h3sCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZl
+p9ldqGYwHQYDVR0OBBYEFG6uRdP5/cyueml//bgG0kwH7AIWMA4GA1UdDwEB/wQE
+AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAQEAZ9m1wxVMGI0gYbsb28QvULx/Djy/zn5HsopaKobl
+UPHmmEe0LNUvqb4+3kqrKv8uWF9u5os56WdochV6SXaz17Yr6tmB7JeM/IL6VyqV
+Mqd5UNliAPjnIbO5i/wFXMd7jZwmAuZU7l4Uj2IEKyNJcBbgfD4TJZxtFVVtTCo+
+dSVYAO1ZjWpS772MXKmWqVeUpF23OPzAOEa8e7IR8l9zfHMlmohBxKyGTUvuwprn
++TS4ZVXrjjAHNz41aRzX+RYAUuNDHpWtFkuCpcU6FzcuzL76F9l0gRGd7onaT8SX
+ny3QlPHZQLJkgOVbsvn+eIixTzbZAI61iRjySWWbUguOCw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B 47 2A 56 0C E5 3E 2C E4 6E 52 8E 30 60 15 42 EC E3 73 67 
+    friendlyName: No CRL CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DC8376C0C95A435A
+
+n5BynILbtVbjzjbIfMjuMhFd06AsiRtmpmyp6bZSbu7vvGiIhiuUkxiYNZz14jJT
+QdfuD9hP2f85Td0mS5WVN4lXQpcrjQVpc3CiPF6slTQc7bv6EXfv8v0vV/5OV5Z6
+2YfmDkN273p4ytcRLJSYhMzntFKcIQ2F4wdPRsarcy1KqcJsSgneG0B920HXKi4p
+PoDdbSuJsCKVhNxJV/Lhf/53oVP0IEW/H0Q8NTXBBL9x/xLUVzuFM8gLMacoKISO
+MvOmWNv9J/TPp5kLWP6wtaZV4TKhYWB6gfn5x72L4QjHAOOPLtr/4oRUwXZq8enJ
+ixlZa7NczJrsopDvGUOWOSiYcqeRjgoUSOYC2hCGmzV7dBwxuAhETHXN2biXyBSb
+54Ruyswrzx9jTYbosVCng5I2tk+USx7dOiCaOD7PQ37uFycOFXpc9/i/X1brB26W
++176CGKu2JFxI8V/1ZQvAYUShF6YTD0pTnn8CYpuoHwiXVM2ofVES9BVGnt/JiRa
+jUEqr0d2tRICjU5w51I2H7cwEbOR7XEUONRthu3x1EJDxEF1ME3ziu3J0sF6gnzu
+kdzgUPv7WrjKe0mwtjPvEb+MN736hodRGrt6dROvq2GMDng0JHI+PBu4xpl0YSdS
+BjMDg2AFcpo4vKC+5qcHlvyhvNlTjjjackf4bw87KB4RV1XZaWBw5MyUhqdvKH58
+3yFXybTGN75fZKuAjkRYMXnFJvwm/DK0PmUcV4Fgt44lVGeYfbJJj4q9vjRWFZdJ
+WmBzAtLa02qEaRZfMIfIn+7/G/dPjb4lVb/YAfM0hWn+oXI1YnVLw+YIO9TLL8o4
+R65IgFBYsrr7YJ0JKjmnONsXrukoU2YvDEuZSffjIE373Go1kTKmPr8O/mJSqWq6
+q61jmjMt72lk785b4daESIICYeCR6fe5vm1uSDrC6AZCjNMirO0EZyd+Rk6+KEw3
+OD2eCvsMoqXfjgaEwPGeMt6gR5ipnDD8HuYJ0+Ntjas2clxWqjl1U58P/y86TwpA
+QsGo3ohWF7rPVj/hMUwiKphiNsNbiyvf2Ubh2xXS/Gnw+0i362M1Nh4JOeeVfOCC
+i3dNuDwonT2kbb7QS/OFN79jdsIwzjK+AUD7CNBy+mT1FKyH1UWqHydLVMhI6+Mu
+0Y14W5pHpWUnqqt+5gX7A/bNZ4Flfk+JS0lsaq2WZ47936goEpIjrt4bn8t0Mfie
+jdz1lZEV7LElUJ2akV4Mv9HMrakS1U7LySD/NGzyRW3ha+2nstu/JS7hFk+Jf9zk
+lr8SWV8L67SXxRdMekbXYVEJZ/1R9TWUnBSZEg4SKUGWygPMBgm802gKOjgzyOVK
+Hxa95RtEGdccKNGCcjoyHvpvYSLbZ5873zHYngNmWc3jV0k9mF6q8lwYaixgnaFa
+Bt79/zo7I92MtJMMSFsvAVJYlh/km1xPg2ZgzN6o2V7SvDcu2TAnLrxtDnBEeYB9
+8uUJxgdXxhg/hzV7lz8vz/agpQ238F9GjjafJpbyd+ZXyl/mUaXHVtd8uRsCsOHD
+BIVww4sQa1SX+/idOYzaeqMX/oyOokrOTwCHp75jrFU4ysqWF6Qv9mvLlHp8EfUY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem
new file mode 100644
index 0000000000..aa1bf01f04
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E0 4C C3 A3 D3 2E B7 AA 3E 7D EF B8 5D 28 C0 A1 4C 10 B5 C3 
+    friendlyName: No Policies CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=No Policies CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlKgAwIBAgIBIjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFzAVBgNVBAMT
+Dk5vIFBvbGljaWVzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+1rGRRtklAdQBZAIICc8jB889UiuPhuz42qkRhIXsu7pLBvoK6CJRcKDODBkxmoUc
+qkmyf2+6WIPK706gZ6ICLlaZJtU9XTG4+VdVe1hA09jjKmYQ5/RUoFto2Qn/jfqt
+jAnEgoiJuTpGbhMNcIqmUB8e9U6xF0n8wKRuoO352ZNmKkslQMg9IDTD2CTeg8UB
+Q5FIlTX+6ePUKgw49//7q6hdsOOsun19/Hc7zGfjI+ntqFpHXEL50sckzKVMO05F
+9qwVg5+4a3bL13QHFDUf71SqIaXyh3S2UkvSphEbyVz/XU5oF5mMnoZWsXn+QbR0
+gNqQlHGoqA7q5s78WqUDDwIDAQABo2MwYTAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUQiQD7aVLdpyXmFx06gU6G/w15JwwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAB5U
+gIV++5zaqU8TC9lSIq4uTTo+6Q81DBD7Fa7PWhFLqF9cKoZ+VFDnIPQVVhz4laar
+9Gtiz3Ix8vqGP6gPo5p+wpspJ13VF2YQqe61ZsOg0Mh15FETqEjvl6WZeVjdIvfR
+p6xsD+h3T++Am1eYNaAwieBZVi8OGRJGaMSS4Q2RNXs0vzT5I4RnPcYwzLQsE1jT
+7xkAkoNMHPaSMPAiQtfYHX2TqMn42Bp2CFuIIiDoZeKntLuo/vqKe28UW/d/uoUl
+1wE635wC9nhd+YzvbO6vVVjT77sz0H7KWbMA8kn3nx4HNNhVGC5CAtqtZKpQ71MU
+MnIgZeKsGC348hVKpRI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 4C C3 A3 D3 2E B7 AA 3E 7D EF B8 5D 28 C0 A1 4C 10 B5 C3 
+    friendlyName: No Policies CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4D0B9931D6FCDB0B
+
+xwCEkfEtoqtmk8ThayVcASqeRPvbex5x7XdY71H8DaA2yx3xu9CPwRelu7X+wm9q
+vPl50Ym7nuva9Obnvk6ZYx3ox0YO4NZApg5YZDmQnlrg593vZf6BoiQft8DaqxMv
+KJ/0Ar8mDd97VRZNfd7Alqr33AGlLVdsq6FkXZu/GhcGMIibUgnzdU2bNT20MD53
+rlitHQIj4wp4nd4sv02tDeKWYii6xkxGaWNJWlGHwFBi3+pYJW9lY/6lHgx1LCrt
++pQV8t/0ORoCAokxAZ1O1UHFOlvryvDgfWYayUPJ4riZqLvCRJET44Pd1H0OnY2F
+9w123cxjeDF1IXXbpb4myQUeN+u2XBrQK4mjJbUKytdBhKLrx3ONkGDcAuPgcHHL
+PRcHxJSs0ESwKZ1YxJhMX4CqeaWIachLUIXZu1JZV1OkeU4tTv+JHbxnSqbjPj12
+E0v7oQtyAKVXILXPS19wvVejZWbJviQB37N7xTNe63di8bOg30UhD6/gn0/iSOfC
+3lUEuaXNptx8cmQhPrbVSTHcFlp8GghkLES5NIz8Dbjgq8HG0jQrNDnrlhwou0H4
+Lgvu3uqs70tlsa+ZNI7kTiRjQ8s3b0fKXN3h6UFMejW8bHvaMWakVlayyusF/lyS
+km3HGcu/rZx0IngvyrUvOVKdUy1qMuG+LO2eZCjB5a5Gjiz7FvxK00DQrGNArW7s
+Kw5HyHxL+Qz8auWbsCjsWC9l2lG+wvZwFHdjw2C5gEJuwSdrtnToQoDvqEVLq3xu
+kS+uT1MeF1NPRjyMORMKIWtPjhyJLyCBpjALAIFvrI8ENuGTqeaKjy6YE7WS03iM
+VF3pJbm9/iBquBZU2ZGKRCle4eJNtLVQIt4us5qT3qkz16n3WMATvXBMpxRutPHy
+1J38c7g0f6tbngQz2jEEq6d/wHMVQbOTu8m4JAMkBDChXWFeoh6DK6KNn0j1JOBU
+xxZhKDSMcLjQ5qTO8WHfC0YtnWwDyJH3pdGEq9u+Vur4Lo96/tKMoxSMWTa7HxT1
+qi+DxxYY+zcj+aBDhfRiQQrMXA5v7aYJz7rquQ1h5oJfsBz5pBAhPh531hM2N7Nu
+/dn81tYsX084W6z7dAdHYppM1Ovg96Gl+IkNA1MXKy8ZLMrMJtc4H63z+1MJHfxR
+AY0VOXlsm7iAB8IoZLYM2aeuY+Yu+Xm2yKs98a98SKzXsV8qQO8SLwk8sfJuHv30
+SIql4vepd6otd0iJZEFonDMAV/fnrUfxQS3gET4lkAg1bCEK6j1NZ0HwpRYgvHm8
+iXF4t2wmcnPncfn4HkMM6X60+v+VUZlhl0y+9nqDaWM0n52DjWseHvJu6m5qF0o6
+w7ABt8YzEO/fVNVVWPRMGjxCvJXXgxkGbd/5cYKP8BRx/N47WLTzaah3AqtUpZr/
+ZtazCnraXDAsGbvG3bSBYHOPLBrunjzKuemSSR/wvVPpWbdlcsGhLHp8T/qBsGwL
+EoqbmZY/bPQg4VGD7D8DH5OqibEn9yUdxzXtJ5kinteG0+r0onUVXS7onth441dE
+pwNbzPjBhR1syNQ2bKzZ/93hOvkxTLDjTyv60YISMSyQ9peWfpBW83M3aaSN/DKa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem
new file mode 100644
index 0000000000..9222c1873b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7D 10 60 ED 0E E9 49 A2 C7 F7 2B 5F F1 3B 4E 43 13 36 C0 03 
+    friendlyName: No issuingDistributionPoint CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=No issuingDistributionPoint CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBTDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJzAlBgNVBAsT
+Hk5vIGlzc3VpbmdEaXN0cmlidXRpb25Qb2ludCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMCr+3UdavfOBl7iCrYG59vDPxixxgNXuhT4Qd2MRQty
+I9ncZ/36pjy08CrKmPWAfmVZqSeNOSSUdf+BFUfRhVlN7wNHa8UqQei+5WfVtBUb
+B+opVvaoswfaRZC5jRf6sPfP8j1WfaMgDTmaHenWZs2DolsuO2C6eGjvm2nYzQi9
+7km64+oqlTXI73rCKT6WWTqHXLn0oK2gBPf3sTSas2olu/WBu6Zp9M3CjbVV+VmM
+7lp8m2EJLNFrI0CMMLCdeeYyElJ2hFqmRObNqnhcWh4eUrp5IVm72Pmsi8/2EbGe
+BGFa/l8dwzgR6EvOLFgoVnGufXcsoR3oPiZey+JQ3iUCAwEAAaN8MHowHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLPLVL9qnfyfxzEO
+kgynR2uZAJ8xMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAINy+PfPJaZ5e
+hJYhM4p6aSvFXi02p8Jml91EVwGkZu3hwgreINpM+gL1N6sAGRPnIxx+vZyqMOoI
+X7q5TyjO4LjmEGb4yqWANzqUlsEd8nPE7n0jJyEk/fT3EJVnNgMP5tvnW+E/+IQk
+V8e1y345UWk0C7xw4eYUFqjE4jWRqxWLEzLIYOb5nLakI6k/aIfij5BXXQyYv8c1
+H67xMGr5dfy6zsy1+dJB5d8t0voJeYxhWRKE/YHxx81+1Y/Oum/5HrCsGIf07xFu
+AlXdSF2FDH+i/YMlZas1laFLoGxClpfIBKvCR490pQX+0tEihAsZuISUSo/SIp0R
+elkDzLq7nA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 10 60 ED 0E E9 49 A2 C7 F7 2B 5F F1 3B 4E 43 13 36 C0 03 
+    friendlyName: No issuingDistributionPoint CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8A63FBF19DC0800D
+
+QhG/rbdcof4QsGqihybqEK3EGzxyQu+zRHl3/3d2Jm0y1ByDUu5h//BzYvktwwfD
+YR+05f6rIAQf9l5Ghkl+nT8SuR+P6H+kr7ZXU4H6dYxo5EETL67gBDdqE6pT+DWE
+9H0ez/ZwOMYCYPPrU/c6AQ1N1YSVG3cBoEM7qqkUibOIVWsd8DT1nDSTg7ZW+sS+
+PEUiwLeYmu+qWVCoskKTpNSFUGRe1Xy6uO7qDK7bWaL6WuMMph7KZsudkXJ30d3+
+77VufR+nJ23OS+xrOHBqWHdBBPUBK+zT0u+ocD/imExNBxUKfXvN0+N8Elq7zZzj
+DtjA9LH4CpmEr1zVO+RZgB4DU+7SB14EnaAUZiNFdVfGCQEk//wMkmZw5FUdDBQz
+oOLRVDSuis6VvLFgQgDQCGeQdFVh69je625W9vQnry896v++HX1jSpzHpnrepqyL
+RsRgWsCpxyTC2dO5BxZi5V3OH2tpdgCiPvxAU7yG7gHSwq/ZFBoMYHmJdLH7EJqF
+MeuZ9QAX8BrGY6qOremH0dyXri3pj0jUUDqMBk5AIBSaPBonMBKGxVSWilN11dGb
+222RJCnupmLo6f9zqtEyZqKpCTzOzGXenHrG4Ncwbek30EkQ38NWzwBYucDg6w8w
+Nk51h+8pseLO2ZN72ZIv9WhL7sf0EXal/rcBJxLnVZBGo4X96cmSnIY/UW58Bj4m
+Xtcl/5tMYNgJMdlQhNip9bd+1XIpcVAiYXZ6UneBbIBsE/UGMSvMjqUV/DQEsVMe
+QsCOz0TfezvzJARpF+TQogD65mVRDpzSwoTLk3GJudRHxURxKb0vPBVc28v5G06P
+0yAFn8LWebnG6vXsOIPXnrchMFSDkYU/mnptIqXVBPnA+2EEnqvNrrwm7JkwznOK
+dgBqubSvvbue/Syzj0gA6eN8Zf3ez/yj+t3WyDG+FNkDjtIfiJStkSAwS5iyU5He
+pGmG+LtjVZrlwHhlv9gVQDU1RbLensJ3+cauasDdbs2UZhB99Fhka7kaaMfNonpW
+7Ft5/FvFFlomCosg1MuqJ4Av4H4DMvPKJXVToaMn5Zhl8++c+a78Vnjres0kdov6
+n9F8716q2L/xiBX90G7PdlUfTwTNbokzIowIaKkyz2LVEEYHQ3qIJG/YA2YCzVX3
+vkLKGWWA5y+z2sVr2JucAOKP+qwU8kGCB0BzsEvxjL8ADwZ0wmmWhxhJXIVzHVfM
+4cMKnW0Q2mcAEr9FxrccFSj/JNfo1EBqbKUEOyqeU+MkX+80yyorXsNiQsA6sK8X
+njrck2cwZOshKCe37n399spt8ZBByu4zmTw8Xvy/BiGvRlAoZEgld1KEilLWQtVB
+0rr/rKxCCJoWbaF/Oqr1SSl8yw5TGdoit3u/Bm0YA3ijruOtNjtYXeJRhj4pN9Df
+aFtCtLHpWvNkEYw4WpZD7CFy6dImbqkW7b0+Khg9xEPT8Rog1P97ltN+MqVRqJZ4
+8Dnomm/C5Ahsn6WAh2/WPyfxGXTULPia+jpDlpMZP+NpZNDDNPOHBIU7/I9F+n7U
+JqcDwyTBqGooGtm6z9Kz1ccUxj0cLl6B61AfKaY9OlR5sdqIUyPIJQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..0ec4b21b6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 06 21 29 E2 38 20 83 13 82 97 68 45 39 02 F6 E1 06 EA B4 9F 
+    friendlyName: Old CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Old CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FU9sZCBDUkwgbmV4dFVwZGF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL9dKBLjox+erXrb2q/rdAlXUWqvi4uRcldjKQjs+z/Egt/Vz3XSzOqE
+JVFUojykLto2tYO0C4ZM+FGnn6b438qsXkeIPU+WGv1eNqi7Mm0miU/+JKXnCDMG
++Aq+GQSK/1JoQbusbFR1rfhU+a2rH1eMbnclG0CuknK9jhXc+rhR3GcfW1ZC+0rl
+LAjH1CPM/uwyNB9th87sU4FJ1PpzKa46pgB0tCIZqDw5vAMWn3vllBvMRtvVQBOR
+GwmkewDGifBJlvI3IHsEwxvws+uBoGjni/0cM1Zf/LZkjZYdbEalLf+a0uAqzdyv
+VhPCKYwrJP1H85ubTpFRGajNw35h6NkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFM7aH9pazI6X+iAVKU+slo0qzXgT
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAuSS2lcdw8wEVWsN7SEqN/PFY
+fYY1/sJLPGnE33ItquQhD4Ab9+4b7o0hq6VWkomiQCos0lgrBhQyJgjiBSB3zjAp
+PIYXQp7kzXx0wo3iVhxVITv0MfEOfNbPNP2etUs6ivcOXcO/uxhB1rJvgs/xSzwv
+C1waXG33zCQcABSSHu6Ylkw6xkI16W2nbqbySz1zoilVthP/ulrVB1IffCyrB5Lk
+LpY3pV7O1ibyHjmpOliTfyktarUbJBXt9X6m8oWIRk3p/7dl/08oXD7bAFk+19L9
+BaNzLinwKdp3GvvI3SzmNOtUiweQ83tNJig0eI7YDTeHlfPRZE+hccTfw5DdSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 21 29 E2 38 20 83 13 82 97 68 45 39 02 F6 E1 06 EA B4 9F 
+    friendlyName: Old CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C60F4F875B4AE07C
+
+r1mixPIe6yhRKt7pKXN2rL0IbT3xqH1GydMztUKrUSYezhqkuQsw114en6v/1WD9
+RlfiHQvWp1eProra/8t6nVDpRdnrKGwCm1ov6Bxm6mkBQ2e70Wusl0N6Gi8ACjEm
++uMv8WU7ofPAd3Zf7LSdhLwuOpL2/Z6St+NfLU8MMch9PmegwBZ57JcVCPuHT7d+
+1W/k7GSqTfbof7E/A20CajhrzWjkDB0/0+zCxnfZRgy/kF9JJ+J5O0/90/VZQelv
+FzqG5M9ReSxGi+6KHVShuNRke4vPRAFkH3/Uu9sRXHFNcb5GbdxAkxNfJ+3UVegO
+rCdf6bp676QKTCGd+7V/e7gFMc/w1TScYAzU1JDT0qt2hbQuO3Ecr+UY8u4WZGiy
+x/ICs9hI+1Q+bSDRz7t/ozCLmmiRDExw5zUi+xbjbaBSiX6AdcYP4ZpwQLp0Yy1C
+A3lvY9yJGwAB5A5SIrJGnfsqlqg2Tv0aobIANvLzDMcduHuv546mDaiBXPnm4d8v
+gwsDZAaGJmCVDoo1O7Vv8wVf1YYFBTyuSznhj1RQiZBLKG+kfcBzADnThWmxXCQb
+GoiionyRwtLueUuBQLdfa3dywn2SFnd37QFJ3/ditUvWwSs5NLPFSNYsAnw42B3P
+GVCaDXWB8RZ3qnAIrsByMWLox7bes5zndblMKHsveZBWpjQSclqXsvm9vTYH7FcO
+gqN6mhv13G2kP962VUDEu+I083DFBN1BwqWU8qEWCv/qUjRKRg7v4ySC1vz4QeMc
+IfoNqY/CmtgNVx6hWQL+1x9iYPbG6yTxwuu3ke+qmnHkCrAEtVtZNE8Es6iFdckr
+lYMSSl0CmKmU35Es8OoLVVBnY0F4G6+wM6nRCnkFP/9wQk07+bRszz0G3vdv2eX+
+khoD4fs5o6wn7qDuus8peD4z7F7TKiTUATZgF0xa6zKDkAIiokrlaXxOArU/D4ky
+g+IP3fbR6m+3VWt3IMZ6IEWU2ZlzsUBkpCsFvGKLTF/Jos2PeCoPQbVu4eaH5vEd
+RhHL2tyQEFDYA1mLz8H0NFqFw5n0la+3dzIBQBwGU8zTkF7Agaq4FHo+o6JykI1K
+FDLW5Kv0aqO21SyJ4fiTSl4nsD3i9FeL8d8LIQim89L7GzhuVfY9tdk5GUV7D8Vg
+1I4mkISYYTkOeNwo1Bq3yxpslnMaoU/+TrvfvIrtfoozutLNCZmhFCGUzlriHPQ5
+JAP7rBKdhQdG8iBYFyq6hCjnDuAE8BoeuQEhHLxb0nefwZxv1CdS8pr6hVDRiWLy
+C855LiwRZzMhWPQINUnqpfdzVUNOeN4dBsbyuEHgegjXlmg+5K2g29pLofnvQP21
+5uy2qS/e4nAKmMIEMf5BpHjl9cuZcgGlz2f8QeHBC2rsYesptL3SaOukGKNHxUyg
+hWUEY/kMz87FMSZUlIIeGKfH/PLnSqmY2Voevkf7Jq6yxOOZT9uHMYBRXsDa27Lw
+kzn90KqeSvvfbciV47a1X+UVklepdl8KzMM9yFJsapyP9Nc36c9b3Jv1X0i/kb/s
+eRcv1pYK2LrkID+G+WUJJKgEts2qiVwmNucWFh+0xwWmxsSsCr5DyQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem
deleted file mode 100644
index 85f0b79c2c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 subCAP123
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFBvbGljaWVzIFAx
-MjM0IHN1YkNBUDEyMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UE
-AxMeUG9saWNpZXMgUDEyMzQgc3Vic3ViQ0FQMTIzUDEyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSpQwaDoPydLNMC8zANHGCiwSSV/p+yyB92D3cy4OofA3o
-E/MneZrL0kkAoaM3sxpkniK7a37+ghg7ydyUw5n9CRxAyNMONSetp9uBB9X1+fZy
-9JVVK2W+5ycWBDxh2YOfyFE/wQBbJK7rIIrqtgUgNi7O+6ppcpbnguodB17MZQID
-AQABo4GLMIGIMB8GA1UdIwQYMBaAFLZ7gxmIHEmBIEPO8oJM80aGKITZMB0GA1Ud
-DgQWBBTMtOdc+dU31FBVf7Ixli7kkaTEaDAOBgNVHQ8BAf8EBAMCAQYwJQYDVR0g
-BB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQB4KomH+VcsPxXsULBeuMVL7QtJMD6RoGaCHnL5
-NCdwpt7QE3TVRnWgL88gSXtmMudJ5QIb3ko7PYOsuUhA/6YZvoBvQIdJAnprjYbr
-kxDMfK3PoouD3cQncVSz4xqJ9VcIaH6/oAKGpDt36xSUY2uqOHb1DLO2qmKiStvW
-Cprikw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P1234 subCAP123
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAx
-MjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkGA1UE
-BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhQb2xp
-Y2llcyBQMTIzNCBzdWJDQVAxMjMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALs/TklxdGqU1GnW9LkoRaacXCpRHoy8tYpTUbUhznd5fkjOW5Dyc9HK7DWs8q1q
-aAvU0KeqAEtguNCACjKFeXPyWtQuYKRB5o5G1WXcqy4pYK2CCHsyaa6hf8+kU1Y/
-3VcEuHoDX0WFJ5JFlaRERNagLbzDTjG6KtM4yhcEnTHfAgMBAAGjgZkwgZYwHwYD
-VR0jBBgwFoAUMLt5B08Db7IYg3poQ6v3TKFAcQowHQYDVR0OBBYEFLZ7gxmIHEmB
-IEPO8oJM80aGKITZMA4GA1UdDwEB/wQEAwIBBjAzBgNVHSAELDAqMAwGCmCGSAFl
-AwIBMAEwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATADMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAM38BPBwz3qjIhPI9byaqLmDkw3tA5mxae/P9
-N6WYYwW+Dm0KyjXs9SQZ3BlHDl/+D9dJYNScOXjKpc3hnrAUT31rGyhC2CwV52mt
-xGukdJIxKOQgucIylxyxF7N5x66TyC5sxJGUh3sjItg6NAOQGMwBwKOz/5zNTdK6
-qDuaEoI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Overlapping Policies EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlBvbGljaWVzIFAx
-MjM0IHN1YnN1YkNBUDEyM1AxMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMF0xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEy
-MDAGA1UEAxMpT3ZlcmxhcHBpbmcgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT4JJTriZO8+53ZvgYrbg9m
-azzLgmYzgvBJ8/IvzLaXsCv7sw/M2DU/CyOdIPy8g9XchC9QBJrAI65Muvlpf8a0
-CGqWH5AQElXjIkicPMgfC14xd1govVHxaRIrM/g6zNgGPnSivMXOrTm6fMNphEvC
-CnG+SqRQ6oKAkO1k7jWxAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMy051z51TfUUFV/
-sjGWLuSRpMRoMB0GA1UdDgQWBBQLhzG1VDzXbIBJ1rnYkrn+iSfrCTAOBgNVHQ8B
-Af8EBAMCAfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEACuuacGsxw8Rq6HznT/dvzsw93OA250kOCJei
-8VJbyNw5x61+F9LxLZSBUtYgIfCOid3gUBe8MU0W1r8Qpg1PD4Vgq76l5IWyvH+K
-ACy4A7XpJB8a5zF7OUGexEkFC9RQ45PJ6i4JILtMeMLTR7c0pCkRthg2CW/vIc6a
-Cs1zrEk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P1234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsTCCAhqgAwIBAgIBIzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEUxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEaMBgGA1UEAxMRUG9saWNpZXMg
-UDEyMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMUyBhDbDKsFVn2a
-KCxh5Y64ZiH8OTq134EGg3NL8l0mqcA01qEhLCasHMR98sd5xKPtNEQB0kN9jf3d
-Zmv4gop4bAAqPlhvkcJ/KUMPLpLdMBT+1xLAdu1yKh7eKpoIo9vfus0fjH0aOWhT
-Wa7rCSuf+9I6DoDk1gC1Q9k57jDFAgMBAAGjgbUwgbIwHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFDC7eQdPA2+yGIN6aEOr90yhQHEK
-MA4GA1UdDwEB/wQEAwIBBjBBBgNVHSAEOjA4MAwGCmCGSAFlAwIBMAEwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATADMAwGCmCGSAFlAwIBMAQwDwYDVR0TAQH/BAUw
-AwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAMoj83UxGqz/rAVr
-SXl/vP2tx92XqrJj7UYRHcHHcTodTHoJ3j+m3MUHwwsoZrqvnhS1HtIqPQsoD9DD
-8Qg+uHFd5EH+Js40QK7zU7mHBOI64Kl8T8xrpgcnlLgXpg2H88at02UvMTDj4Lix
-ANfajLNnQx1htjJhMY3zzIgPApd+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:BB:79:07:4F:03:6F:B2:18:83:7A:68:43:AB:F7:4C:A1:40:71:0A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:b2:2e:86:63:50:7a:60:75:e3:ef:14:96:e2:19:21:90:ce:
-        61:fe:2a:1a:d1:37:59:b0:8f:3d:fe:c3:eb:b9:87:61:3a:7a:
-        f4:ef:3d:46:ce:ef:e4:a7:de:a6:7f:ff:25:1e:78:bd:df:4d:
-        8b:96:70:ac:47:8c:e4:77:1c:f2:94:3f:bb:36:18:21:35:0d:
-        10:d9:69:b9:80:42:d0:7e:81:15:55:df:6f:fc:50:b2:9c:b2:
-        53:0d:b5:0d:6c:69:55:b7:0b:65:84:7a:13:9f:74:8f:52:49:
-        58:2e:6c:bd:b7:19:b6:34:eb:d3:1d:cc:08:a9:3f:07:04:69:
-        75:e6
------BEGIN X509 CRL-----
-MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAxMjM0IENB
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBQw
-u3kHTwNvshiDemhDq/dMoUBxCjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB
-gQC7si6GY1B6YHXj7xSW4hkhkM5h/ioa0TdZsI89/sPruYdhOnr07z1Gzu/kp96m
-f/8lHni9302LlnCsR4zkdxzylD+7NhghNQ0Q2Wm5gELQfoEVVd9v/FCynLJTDbUN
-bGlVtwtlhHoTn3SPUklYLmy9txm2NOvTHcwIqT8HBGl15g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 subCAP123
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:7B:83:19:88:1C:49:81:20:43:CE:F2:82:4C:F3:46:86:28:84:D9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:d4:de:34:51:48:6a:d1:4b:e0:d7:2d:55:52:e2:e5:8d:a5:
-        ee:bc:a1:c6:44:0c:9d:b7:61:cb:a2:1c:58:1d:03:a1:cd:8e:
-        e5:9c:28:00:4c:07:c4:0d:ae:a3:b1:c8:aa:8e:8a:59:12:41:
-        57:b6:fc:db:34:10:a8:e6:c9:cb:0e:5c:28:6f:b5:3a:00:70:
-        9a:a9:ac:35:83:47:7a:02:24:69:46:26:63:29:0c:c5:51:c3:
-        92:c6:c2:6d:cf:5e:b8:25:eb:d5:b6:d1:62:87:3b:9b:24:6a:
-        b1:9e:33:a2:96:bb:14:74:21:ad:b7:7f:98:ab:b2:6a:25:2b:
-        0b:ed
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFBvbGljaWVzIFAxMjM0IHN1
-YkNBUDEyMxcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUtnuDGYgcSYEgQ87ygkzzRoYohNkwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEARdTeNFFIatFL4NctVVLi5Y2l7ryhxkQMnbdhy6IcWB0Doc2O5Zwo
-AEwHxA2uo7HIqo6KWRJBV7b82zQQqObJyw5cKG+1OgBwmqmsNYNHegIkaUYmYykM
-xVHDksbCbc9euCXr1bbRYoc7myRqsZ4zopa7FHQhrbd/mKuyaiUrC+0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:B4:E7:5C:F9:D5:37:D4:50:55:7F:B2:31:96:2E:E4:91:A4:C4:68
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5e:89:62:c5:3b:e0:10:f8:22:cd:fd:e2:44:73:c0:23:98:67:
-        89:29:67:ae:39:3b:53:4c:02:24:85:6a:37:16:1b:a0:c8:fa:
-        ae:0d:02:27:ed:3c:06:8d:e2:ed:35:53:a3:06:f4:a3:ce:6d:
-        63:d9:86:33:2c:95:ce:47:95:2d:7f:5a:f0:a0:68:79:5a:a8:
-        aa:12:5d:79:b9:4a:bb:a2:5a:85:af:39:1d:aa:b6:a0:18:da:
-        39:f6:0a:00:f1:0e:2e:fb:62:1f:6f:2d:d9:0e:b7:da:0e:a5:
-        92:1f:fd:1c:60:73:7d:48:f3:9a:73:2a:14:65:78:2a:9d:7c:
-        88:5a
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlBvbGljaWVzIFAxMjM0IHN1
-YnN1YkNBUDEyM1AxMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUzLTnXPnVN9RQVX+yMZYu5JGkxGgwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAXolixTvgEPgizf3iRHPAI5hniSlnrjk7U0wCJIVqNxYb
-oMj6rg0CJ+08Bo3i7TVTowb0o85tY9mGMyyVzkeVLX9a8KBoeVqoqhJdeblKu6Ja
-ha85Haq2oBjaOfYKAPEOLvtiH28t2Q632g6lkh/9HGBzfUjzmnMqFGV4Kp18iFo=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem
new file mode 100644
index 0000000000..3d5325d7fc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: ED 92 6F B3 30 66 FE 5D D6 12 7E 34 D2 4F C0 DD A7 7F C6 71 
+    friendlyName: Overlapping Policies Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Overlapping Policies EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 subsubCAP123P12
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeUG9saWNp
+ZXMgUDEyMzQgc3Vic3ViQ0FQMTIzUDEyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowYjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExMjAwBgNVBAMTKU92ZXJsYXBwaW5nIFBvbGljaWVzIEVFIENlcnRp
+ZmljYXRlIFRlc3Q2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9FQ
+t2aGcDvI7U42QCqMgObhOhdJlQWJSgI6EpQj0hEAvhPULpSpC3pqiRnBzmK86R7j
+zEk9TxnGNYFqDS7xM6Mdkj+0rOKmnzVIycEFrcQLHxglYGj8PwSgtvEq/fIuebJZ
+KEoS/jCrryVGnEUY4JWUNg4bqOGDSFTu0JBj9lSKOOH3gh+p9rJg5Hwc+Wbjb0Sy
+8pGRGuSXsumSugGqHKoxSWfErrnTQRcls7VqJ4y8MJwlw99q3+Xa0aVOwoi3ocPM
+mgArtDN0rHbP7+4tNcHsIjl/2WXUokGUn2/9GSW5gBIOJw3Nd6hvtOS2nlGf/qUO
+KM8j/wjWImLGF8MjkQIDAQABo3wwejAfBgNVHSMEGDAWgBRO9F6h+Qgwe2WsksAR
+CyzTtJYHHjAdBgNVHQ4EFgQUkrgz3HUFQnDN7aMnoK34budYbUEwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgH2
+MA0GCSqGSIb3DQEBCwUAA4IBAQBikCXaSOKIYSsx3TQPKgbpM0QMvbf2ios9BSNw
+uJv8LFXz+bxFq+7x5GyTxGZ3KLgB0hypILu6M6RfRpAuH6eRJJwuXfXM6w/y2uqC
+wqNIR5PwyWosBjqtBAUZZf6/VVU5Xd6BnpZ73jBNxxcgJ79svcw+6AFPXlcygLjY
+dhugLPhA7BNyKmA9kxRrnp6kCLh3dI1q7Qpl55Ytz6YuyCAHe3NMdC1Ee6c27RwJ
+GfCjDKhkCB/LSn3jbU+y/9lOSaMRSkAPKn+dkp73UpJnJzX57KJb/XE+q6R44m6h
+FNknITUZyD5S8UuF1g929cjBj+buejxo3P1jxH9Rb1+9/REV
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: ED 92 6F B3 30 66 FE 5D D6 12 7E 34 D2 4F C0 DD A7 7F C6 71 
+    friendlyName: Overlapping Policies Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DCC5536BE51EEBFA
+
+sTrmnRG3b+rHlW6MI5TX+ZyhauWPiSVXox1qksQP5vC2MH3pZm7DTmSxRLw01bWX
+ilEGhAyYxi5oX10rWVlEvuTOuR1zbHcke/omUGsyWodDaDI+sF27FvCwLIP9pEar
+OT5rKsYsSzXZePBW69uSyBacplqW53rw7StQ7fykOHufIxbUKmyl91RqlXCMEKjg
+HzOEKYpQu/5w/MJQ01KFdAjCgIewz5gCreBhnPlT+BIIb+sAxbqELXTsYY6dQy1a
+4XZr/lB4O3WshqEgrBmUN648iOgabEr8a6umGcQzn8nRNXUQ76pGD8SrYs5KXDMw
+zFZznVe5NM3pEQOuJB5f3XuKgDzsMmxmkGW7cSlETSLK9q/k0oP1FzPjYd3KxvVv
+wgqkXJeFW3lzqqqb1ppVQtH1GCcp1/HzKWyayulTxNF5xX7oA0hUdLirgUWzs3cp
+VAMn/vAtRFmdD4WZ1fSse48YbmpQr0D9PSwnHUYyMn2X7TPid1OcnQZ0wb46T/pP
+taZ0aNctyDFY1y7H533osK7YhUVHIPkIOOBAtvevPE8LB3VrZGGOf1TQlez+6P2Q
++l2EsguETB3lprKxy1jy0TUZp9R/GXqeGgf7p86o0C52VemiGWO/O19/nwd7lMzO
+Xcxz80nTENB/EdRwPVKtTWcER6EranArYgntW7t0WQOb6XOtmczwMS63K5Bfcf55
+Vm2bLLrjuuKAAMt+AIUM7xbkAKlpVqS6RcfldP8iD0mFxDHSjjT3KIcCF0PLtauf
+pc1q5c/za39VRiuNSQ8yJJtMEMINb+dgXSMY5UQTdVwWxvykRtOssVd2Spq6GSJP
+MnjugwasKNcgt+lzs7zRHbOIcox6rX3Ly4vgpqMYCrSpqQXoAC1WTBlRr12cWnsT
+IwbKvB2STGA/PKgIY1KkSQtfKhGIQr/qULm8NpAwwGcgHoaoRkNgXR2yZwtv0WDK
+E9x0LEQBtvhp5wIVPTwHlG8iCx5e35kGJNTNivzeITgw2wBhJr+xR2N2dL4B4dqi
+6Ee5nxlBLRk/oBM5xGOcLItj1CTsckNOiaBOWuI0CP/le7myMCiQqQtViASci2MN
+/aknFttZlf1yaDNfuSnVS3TZf7FzxD249ZCX0ZpKktRNkDnUsmw6MHzzIJdQEgUr
+QxaYyAIU12rR2E2LbzUASEIzSFdGx7SeC4oO++3qcrIOA6vsuzqHMoEyIqOhmpZ0
+WWjFOffW6ffVw4YMjavn4SIT95GeNNfftLoduWJZzBcfs1U3ziWlRIwcPWT7jlEK
+AvT2uQkKFhgcEtXbrDyWn6U1Hh4/a7eoSVpZtadB+KsbvoeS62OgNymUDdjQapIx
+dtZwo0dTzqlXKrYD3yIUcik50+sJsC6aInguWDs6xqZgE+aQd2p5FEoS8u+c+Ftq
+TAkuS/BK791eqcLduhmdAciut4pVc+xmc6WvD9piL8W00RrzayrwCvWzdVLAzdZ/
+bOiFUG9fzlacfT8tKYs7TD+BWLw8xT/yLAjiaQSjm7jz0qc3ExpkP1S3bBv1rxHK
+LiBN3mwDQ9SC+jRSRR/4v/0THHc058VaoRDecl9u5Q3ItPrVl76VvXuIu5m8jnx3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem
new file mode 100644
index 0000000000..b368687f44
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 9D 3F ED 42 23 33 E9 57 BA F9 4B BC 08 49 B9 4E 65 3B 44 79 
+    friendlyName: P12 Mapping 1to3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAragAwIBAgIBMTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E1AxMiBNYXBwaW5nIDF0bzMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCybxVTY2ahevfz61NSr7Rud7Bmrim/64S25e221g2bswm3M+BTZ71urQ4s
+JsDgpAew9ULwmJPjMBLbSqkkhld/X7p0q9ffmO10Vbgv5BzOHw71pnxP7qQlb6Tf
+F1pDlYFDhxBYqpwxmvtgOuP5XgqlkYpCzcG0fziyhL/EmgOLR4FxaeiTejMvJEpo
+XnN9El0THTG01qtbT6ZwLgz93yo3bxonxLRtQZtvkR6pjSJ6XF84IsUPY1CDoFdA
+8v1Syir5cEHxYeSSkH5yJSf/KwZ+dt3NFPZDk1VAIyFqPk1UpgsG0P41UavWPetR
+jrCB+1aydTyuHovXCrPof65cAbs9AgMBAAGjgcEwgb4wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFPz0jWEzMoB8fTWH3l9S+2nxHcES
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
+JQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwJgYDVR0hAQH/
+BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATADMA0GCSqGSIb3DQEBCwUAA4IB
+AQCQi4Yo6SjeCW1k/l7Txpz5pQjamJUDfBmgcr6v8n6RfCN+1NoMXbXX1hgti03O
+QsU+HAnZpB1B+2GNeNdtN7a8SSutKt0+ouswvZOK3w/3rC1AxJ/MIDMk5IvjBonu
+TBnSQIIvLIWsXcub6aEEG61GpG7cK9GnMeY4NxUH3YIIPDJs9nrrcHEaO78s+6+/
+rlt8+XuH4h2m+xv7xB+7GN8KKKSH3gZ03X1QpayGiw91rDX52O4EhfAQcxtNfX07
+9VvpjEcfn5Lpbe6p8BfkziM+TVf8zZmbfwR3mwinTdcLBB8AxENAbN3Oau965reL
+23HfMPn6+Rf8SYguskWt8K0W
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D 3F ED 42 23 33 E9 57 BA F9 4B BC 08 49 B9 4E 65 3B 44 79 
+    friendlyName: P12 Mapping 1to3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0E0CA028EA0BAC29
+
+Y2V44KvZbm7BLf1cweYyKkbNiQGtg4aDqH1TkMM0zzzCoc2Kc92wcFaEDywvs1GM
+wu7LI23hK9lUYkMHKT9lmTtclY3bwYT7//1M5Je3RgSF8h3vYXCl3u87imkIkuGx
+HwfdHUgFXmaLuppKFFZ7XYVsSDpYOkXDTzNKEymmSIfh2nldK+Ud0JIU4vrPAwjo
+Y1/R8q8XtrGInYLLeLxs/igDklJfD+QA+477w8lYJhbutuDcQnHG/1R3+GkbSekC
+K0sG4E/cIXy/IYJJRhTOgmRSEdbqbujBZHpyhqlNrsWCDZKiMuMUBrdZHS76y2/C
+8UfsYqDl1uZ6YhODiUh9agvRGW+w+ObqYG0JAhcg8TzwBoqXlZKKBnY7NuWUMtyo
+1bX80YvzjTR/wXLe1Wm1Vlqv1Zx+pF+fgiN5UcskzeK8YnqGwl1A0gl20+diykc7
+VlZBBcw3QRAFll4LPUavgNdZYpZbRzZz7dfq3rc3FdrOTMkdptOJoxCxwErYjCu4
+Mgh1yCzsAYgVnHUzPkv5p9iZtUaOknssq9kx1b52xa32wBoTskG7MNMVWGzYPoA/
+YMwrKsUXS+0kxPKjZITaU6KKNZ/WWzpmGlThXrFzrQotBoAXtrAz/WYLrnQhwA4d
+vvXZX9c5lGrvlMceXF7S8idEj/dhSh3F5f5H1jpPj8gLm8axxSpVzIzipe5rckwQ
+Uci/Dc6Wm/OZks8CTZJaj/GrT0ado0OWn6G3ZYt1YCZepcHhASAxTIJhzdjRqhC2
+GHyhj3C+eivoz2yojemiAV3FazATcWyTOvjA9LYPbtjCFzSTXAVf69NGZmpsKgpM
+xdRG9D987rZk9Gwju92v23zyPzTKFIE1DOkhkccOI4pht7zh1wlrBqn53Pbo3mA2
+yN7hT10+3sI95GDrq54ucPCyGBjersqFGrSvfgmZkcn6SQh86dw2Mpu3i9shyJpW
+F7/lMycuIW7PPueH340ca3SKkgLKMPAlaqimMke0S+JTEtGm9/1UWd+23eMBThsq
+EqwxapZoABAWcfg+n01urzcVXTDNVG8qNacQ4//eWjpTA1bTEcaHXzC73YdBSqSn
+TQkUVAaoQhUUVzelg2HvoTYwkRGpvSkrVOwNN+WbsWLa02k/k0r9GKW0ObSGPCCM
+1cZgU6xP3PRhlXlTiXcNC4cl8pj8AnZ+PEvLPi6wL+Exxq6bpKN41NAF7ZBbAj/W
+pRPOUQvj4adv3tdZumT7UBZThhFaz2LA8sKo1p1jtC4p8miq6B7UB5+o0w3sdX33
+Vk8zm7hDPHmpgzI351MrQkNpdqct0EoOG85r/LlFcPQLnQtCocVOmiPhXZ0x35ao
+YO3c7RyESU6RZ8O38aMbR7mpG2sL4lOwY3K1xlDGc+sLpailzjwO6KwP/zO8tWvE
+FqJ3f/+ADXw8XUc/FHKHPDg80TcyDL9gABIDjNl9PFoEOkrt+ZOWZsKk2DhxtN+A
+SfJd+Mz+GoOV6e4f1GX+ZFmaYBnCTFaH1KBgTiXGJtpQZG21fHNuroOsjUTPaeQ/
+PgU+XkSwTxsKTLo3VHHf/AAFTbDXojVO1BmpYkawDUqNBw3IlMahqg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem
new file mode 100644
index 0000000000..1197d44256
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 85 77 F3 95 01 38 A4 A2 F4 47 6F C9 40 01 4B 69 92 E4 63 7B 
+    friendlyName: P12 Mapping 1to3 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+-----BEGIN CERTIFICATE-----
+MIID5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTUDEyIE1h
+cHBpbmcgMXRvMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaME8x
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMR8w
+HQYDVQQDExZQMTIgTWFwcGluZyAxdG8zIHN1YkNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxEQSYM/pUi02SbG3+5QFT/rPnGdsz7WTlK84lI0muKNE
+ZF3ZhSs25xj5+M6Kak1HkGxP0heWALuor0rEPzNX4W4zXbFfeZRzLtYef5vFix3J
+5hVTVeKJncghN+/Ik2RDIubrcm8+rQKHW9f01ufxS0P7bc1cAueQSX+fQx4WaGiP
+fwa3hI1PoWfDZGfZe6Yb/POwHIpwEI8gtmZ5++z42TxBeXktFk88+qmjDzFm3EL9
+aARqFtOvCVnu4kZHNbHatq6mBsYV5WeJMENmihJj0bbOsmwxqmcgyrN+jTCkhyRa
+lIywhZddOIyw5CqnB6ELwU4bEhgcQ3Srogm8sDJYAQIDAQABo4HNMIHKMB8GA1Ud
+IwQYMBaAFPz0jWEzMoB8fTWH3l9S+2nxHcESMB0GA1UdDgQWBBS+exOToeSbxSc8
+MFPXpcnmWpZ6NDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNV
+HSAEHjAcMAwGCmCGSAFlAwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0
+MBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUD
+AgEwBzANBgkqhkiG9w0BAQsFAAOCAQEAbH0Zzzdz7zKpAJHd0euOWLiP0Zs08+9+
+d+JG/wsVrUwaJIFl5D/lBW6tMMqqkMERQNLoXW1PMf0joAeooxapJAcyc80G+CEv
+Qjont75l9RswXOeOJDr6cjKgDfJ0Su488bJ22YAK4/ywiiZMXZ/kFbjFzN6VaUtS
+jLHyB1L/tmahUMD1fWr1R06VFlwtaB4MEyBHRdYd0kr8pPEKTtIpvMYvgbHfpRqe
+yCGfKTgRRCuAnP8T16Xajq9LPkJv2/QjHWpTgeRKA7ddWrmEH0VQcmpHYgoPMIkR
+3uEv8/k8zdsI14AHOj5zUn9muQgFK4znUjvNspmqx4+x4S/3FjEoAQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 85 77 F3 95 01 38 A4 A2 F4 47 6F C9 40 01 4B 69 92 E4 63 7B 
+    friendlyName: P12 Mapping 1to3 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18BF239A1E00FC54
+
+4X2m+xhm6XNIGfVHSKHcXnzZhk7p0USieVlaWMH2TgX6oPy6oL5MTiufkYwoVder
+6MTHiGYW4QgWad3CcK+SFz63GBQjHjA8T95LpIWK19IcmGTiDshjPk41lu/lqNa9
+e4COgKXTFC6/p8u9kpz6+lNXhffgcAJdj29I8fAym431Y4cGC8JKoc3PMTH7cZCW
+/EV0sSdy51eaGUPAGkBr1wgX27L83BwCrb6tYq4pxmyuTgZ8qmOOwg1Zlc1duB8y
+hq8iF2xdvb//Ilep2MC+tuKKgC1V6YW7hpCLOpgUVPzeO2l0PL0y3e9rnnm+Z454
+0ezKIZebCffmTwOtlBSFBOANOsYuSA+zo5v1W9wQjoVOxiSwzLiwa110SZInoygL
+3+Qw28ct6ASDcol7AslYnmW5VNU7ZrqAMkE6YcKu6JoZL+u2ny0I1ET2o8ETXVai
+LyLrbOzGdZhXopIgYT6lb5zvq0SVAbOo+QKFwoGJT56K/k60mteqWPc1AdjKZDde
+e/Ff0TXISMxAa8u6yPJ18tGaOVEyMN1/KkEuxdIWTGvp/Y7ctD5xXaEHmhP8n4a5
++Mg8dlJcheYpOS1zr8mGkFwSZPmf/U5zBmsUH0lBwr4fvNvmRLMVHDE3XzaN2NXg
+Ztnf/DQk2ntmdVF2MJ/pJxorp8aIJZw0g/V8C03A+Skz7oHc72fPhP796usg/H2W
+mqVC40KOO5dCWXtaAcVy8GXfQS84TWPTpGMCpyHaK5y3YW2wPGDeNKBDicDqr/0j
+10xD2KOALKZ0N9osOlYD+5UfZ7J5D27FShuMBXXcUYphugtAKUP4nrCBZxEPoP6o
+7jdilf4ZPtHp4HdptZKkI0NqpQqGh0UMX2mNH9MmBHUibcrXaPaPnh5XwIGN9+iA
+9q+eFqP+/frPQDz9OMdiNHRV9bFvzy4E6X63jEl6CIwdPTR2aARyyVU4uiPZ5T9N
+LFrUzAz0AYbrAkxJ5mC2u3NUjFXpKXu53c/Z4ZYZr2qa52ULsM9heI2uI3NlnPsd
+08FHWVKUAcbXSJ7/5GW1683dgZl0JW9PI31bU+ifyRYSGDJRMZxGu4zAyIVvI0Rd
+hmc8cBzoQuGek4LjttsoQgy4OfBJUxTZwYsmkpvBx5f5ab3gRC74Eznr7GcfxK7R
+ikz4lZDIsv96TVnY2Zrb/UrlOfVcKvblpfmDvanw3hlaBf6OGQRCi5LFTesls6UG
+sejXtgpZpTbPX1roHP3QN2EW1ANRnCdOKOAyqprtDxkbc7UEu0yJ6s559gpZx7J0
+GtysuywbYZ3zT5DNzHJV2drN5bITtw9SjnolzbPmpY5Ousq35uVGmZwDX6uFcN89
+3/zox7p3O3Q1cEbR8lESNZenDcv1dS9hkI+X2HwE5Dksqyfx+zH8mceA8zIHDqE7
+2rz3sVE1r9ZyhrhbkjXQr3YvMcbG9iulFcUzzMABKxLvU0+AIijh+7oXZ77Cy209
+a2xlNATcVUIZ4Iixe/bx26o3kpd55ARlwO+MRPDSJwNbGFt1w+/oauU1Hbl4Zth6
+D83crY1gFDvMuQTTl0TgseUSRHNxDoKwIuFtJVD+GUwMErTKXnu1ZA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem
new file mode 100644
index 0000000000..dd468f794b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 1B 6C 32 06 4A DF 9F F5 21 F8 5D 2D 85 DD 38 9B 88 D8 37 F2 
+    friendlyName: P12 Mapping 1to3 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subCA
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUDEyIE1h
+cHBpbmcgMXRvMyBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSIwIAYDVQQDExlQMTIgTWFwcGluZyAxdG8zIHN1YnN1YkNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSGFUwgaiWWF5fUjELwFR+ISQbeAbroekuEg
+LzcnZa41l5oBmVXW/YdwIa0lbI8TEYdbSJKMPmj/VBZi1qEWkZMG7AkeS6ZXV5IX
+NZr3z5+xyUgLWNlWVvF5FMOi9oysAe8G3Lykzb7aEULDmSEJF08ZO2BAKmwqwHb5
+YeM/Qpig2XRbR5sPebFXbCPHgtDC21KBFg1RB9mYvkvbyeqqKNivtfaPbDcs7l6L
+Q5V4jxemwubG0n/b147PjTv5atcFsMozbY8AwRXhUZSv80Q3TpclTwbWoaCqc9Jz
+dAlVN4YywNosJr1TuIOWuo5NFHvQZMrDE2UTd6wCsVX9e1hSKwIDAQABo4GzMIGw
+MB8GA1UdIwQYMBaAFL57E5Oh5JvFJzwwU9elyeZalno0MB0GA1UdDgQWBBQAXTk+
+D+WqKl4t9q5oKq0zmz2bczAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEB
+Af8EHDAaMBgGCmCGSAFlAwIBMAQGCmCGSAFlAwIBMAgwDQYJKoZIhvcNAQELBQAD
+ggEBACej7rCcrK7NKu8FFh2Rf3IUevcGIbr70Ussmb+ybpHCSgniO5b2qOHtRy4L
+UGgSu4DW8oJpwQNiDfS4uFICS2Xfw1LImpY6WzsooMaBQOLUmpDfSNcW3vp930db
+qWcqShq49BijeENbYGuJ5nJu6XctxdJq4CkfdLULItz057rcMPZ/v0r6WolizKb3
+aOowWWR5iWPCfgKsK/pjA4CRZFdWkQeRcFZtpY9s7T3XWsYgzQ+RVSLKP8tuy+bX
++bXzpj2/FQ51kahd1XSilZ0YIhWrR7odQ1LIdlABuNmIcBAcTONhlpjrzx9Ukkem
+CqvWf4hQHK7beuDqtx3JSiLMakk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1B 6C 32 06 4A DF 9F F5 21 F8 5D 2D 85 DD 38 9B 88 D8 37 F2 
+    friendlyName: P12 Mapping 1to3 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C99FD623F1970FE0
+
+V8J2Tv5dI90kWWonlmglwquiB2aaI4VrjgwcQCkf2UT90Ik8WXNeVNCV4NUBXpYs
+aRizGDFFsyKp7u4p82gqh9K4xmgvLlQ8W2yldahj+jijjMXeTPzSDiQxVoI1DXSs
+TqbLG2mRcNlm9AHqnnSfUZu1MVBp/+BNMl0lmYNCHMSd48x2LSlMTVWdtDmhVPDu
+FjIfUivpcKKD7ja+wIeGF9rnXcQLlvRmcGLmNkIoMVi48Qmqx6mVA0L80D4cdG10
+IvEPV9azLnflZNkHbcMcybcgrATXYtsHqhQxPQmZlPsMsuPoY3+jrRDxlNm2EymZ
+4W8FOV++/bRXtEO0BMuBbluOPkgTjEfP2EcdeHPf8x79fIbO/nn8yzhMmYhnsq9j
+5SJXLmnxzRU57NuAv1kLaQVo5J2sE8F+D9ZU/ovBUKtPALwGyfqnzuJukLhuFeUx
+FSL1suo1HVv6SVf19xwpyQf+eTFco28XrrmCqlJV4I0M0geJDdWhSHSlKyaQdV1f
+gfqqNmeLAensQ6VSDdnCXtpyOyoy1JSegapbLb1GyUrZLYyfmgHMlSpmR2+BCoDx
+SGvhDeygDIRS1iA7czFTcBrrejNNINTJucbkPJszer1ZE3EeaKrCjsnCSV4gEOlu
+u2gMLTJL8sRXr9PZUfC3BqHP5PiaC4sfBmZDDUXMpfm4lvR55cB/MdQ3h0R940y8
+vvX5Kkm6T0WUi2reATjHLH9Lp6HC63rlI6845kgdWL5xCS5Lc3ULG3Mp7CzgAXUB
+hsWRWjKpgRrBpEFZmOIAdth2W28/eV/dcognxd97iDf+pfWmxwDiEj/q0T0rpFjz
+TEKR/z0mEMxBrZufH3j92gw+YXaDUQdzuVazKUoTPUwRqI81G/PrAskUG3DlLBvk
+iipb0ARCu8mNu6imv2g2IwwcrzWVYl/4+mMQKzXnbp9/tUXFAhbyhk1NclXSuIEg
+QQHaVgXYMqk4xvzyp3pc+xmCjEQRTIdzOiIQBuN9soQD4h1kLogheJuFRhzdL5Jr
+KpKpS8xmadt33c0zA+Sm+Pc9AxuLD0JH5zfTaWf7s0uDgOb1jFHozW5JIAjxFkxz
+bcRaACZ8oUtzLNnaA5n0QcDmskVIJmDIWqKS3067xwsu+wOxYY2RsG1+OY78D/ry
+Uj8XGDwKY0KP4zejsrAUZYlAsogQDBXb8gIKyiMVg3klhe5L+KF36iN/CyCUk8o2
+FRf4ER6wNrpDKy24G6TNp8jVyxvmB+vnHBLZH92Xe6Qqc2zpVIN/5jbNf9xTeCeV
+otJGIV/yj6kN+MP5aEYtZkXbQKt3ZyFjzzdbRVI4lppFIx5AS87WppnKTtJqnZUg
+U0+VsvSS7unrBk6qeCI/JufyWzBAO4IhGjuZPVsLOF6gXld89Z6XHh/6XB1wCFG4
+TxCjlj7caePMhPn3GZJ+BPXnhX8hVNmgHVS4UBbcbzpElWbauS5SUVmD12/Fd4ZO
+VCuXMcb8w3eMelsnzJq+zC1+snRicoyixxZdk9PgcdeVBIotarAYs4JWvZBglWw7
+V7W3oKSKREomYFGT0izQPY9BeNbYLoAOsn+FwXNawV1n3T6t+X/BpxNdL/9AvNvZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem
new file mode 100644
index 0000000000..ae724b8103
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C1 0B 96 F1 D4 06 3C DC 5C 20 BC 4F 9C 97 BE A9 3E 8C 12 F1 
+    friendlyName: P1 Mapping 1to234 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID9TCCAt2gAwIBAgIBMjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FFAxIE1hcHBpbmcgMXRvMjM0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA6EPLe37qOTEdD6xUQELy7WcT/725FAHRtk/O46EgnyRbLY1VTw/549tQ
+HEAeBnvBkfjD1c65JHMPFER6/LXHu1BT7EXfbaRPNvFFBrxO590dLZ7zkXggq+ZX
+/RDwCs8HMEsOrGa8g61yaYFICkTlMCwC+gWKK9SPQj3TS+YFfkmPFkF22ASIttqG
++QPyy5BHx4WV1k21sjw0dijh9V1Z+tZ6cGLGVp490Bov1syfcz8FTmiscacXTOwd
+hnlv/XFa+URTqDd7qvaiieYe3V7W7j1x0okIRENxZh1giKU0AcbAehfYgmXVT8Pg
+/FG4oxhZ4fflmfgIa+k6tGf1KmDelQIDAQABo4HnMIHkMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSVCwGpSXiqdtp/CQ2siBT59fdH
+kjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADBaBgNVHSEBAf8EUDBOMBgGCmCGSAFl
+AwIBMAEGCmCGSAFlAwIBMAIwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAzAYBgpg
+hkgBZQMCATABBgpghkgBZQMCATAEMA0GCSqGSIb3DQEBCwUAA4IBAQBFCspJbnGl
+9QA0VGqikE3JqvEe534hgJSjqUj3YXOdbHF3BzthYJxmCC8c8ZAQAj78LDctPO2E
+doS23rw94Hx23MOOMy92xoCYepjNWffZMdSgxUMBeGCVSw+I7TPG82c34h/nRung
+HcZ5OgG4p7j7DSiI6fbhdOxjvNPw1MTjYZd26QMcgqnsK4Ts0oCv2tiHsMWIX32I
+ZZZqMruUNHrapJZoayDbBSbx0ecusf9xxky2I3of8j/EDDWujCSTS+2+ld89U1Hm
+wLiGs4cGEHVkWT3bMpXC4vh6Ioh7MWcTGKGoH034mpOgMtG+Uixh8uWOmqvxlx22
+GWtLzZ8NDh2L
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 0B 96 F1 D4 06 3C DC 5C 20 BC 4F 9C 97 BE A9 3E 8C 12 F1 
+    friendlyName: P1 Mapping 1to234 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2F36EA26EC93C8FF
+
+d74PxY5ydPqm5kdwAnRDQLghqMnVsPYLnzMPEYQN6nmM7Nq6NPH/rNA5VKaHcMSj
+PGQaiWQq1R+oYzOmeeKyUE8accmmQ1ekGLgl5RM8B+3In9wJNP27G0NnVfYr+KkA
+5P9DlujsNFpUAXY1Iu1B7YC47B95PbaHl7oNYxfrG3h3uZqSHUdRKAYRoEUMtVXE
+jquLnRasDdf32Ykra2/pAZJy68aLrAIfUbp0rBmmfA+q57LjK7/OmprqMUiINXXJ
+/2CH901p0KYAit5YVO0IOPBPXse0TFrFU/w7NmT/jc5K7oIVUAJdIadI2Qv+govY
+oqvBdBtZfvMimbDRlgPBCyJhfx829D8OnIfDA2cMkOJQ72zaXwDkbjeeuCRLcnaF
+Ld6RUEf1BswsORBpnbD3SJyzUnPfxn1uceoul1y3wtjzvxYL8dRf1IsxzyviOjed
+jXOhTlN87LOIPmFs8JZJN0SR7ULvYPy561SH/HTKF+PILbIbD3XmvP0YHHLz2EeQ
+Y9XYp5SdcvoUzq8937eggRdzPD2+tIXNWJD38nWygLP7SBx+POr79UYsZPw+m7Gr
+rDgIg1Kfdi/YvIUqTZxjWdS/HlsCEZ/GrJd1jL2uXKmGIeDu8a0/hca3O83Kmh1v
+UiCrqPJkMT0BB2E0PTLkzl0k3yOBRs9GFpfM0ui30ajEwfnN7em5myL7BTAfqzek
+5Bldy54W0Y1gBPLj9VeokBCPnl3xRiB/Az8uSa7lZDe7GoZspdUmfsNfGfaS8cF5
+vVUzhNubzGTQB/W9mQOjUFEPFg80nSJ3nHf/gIWfR7FKFn3BeMROrY5EUw1vGy9x
+LQRfraio1SYdIYKeMzyHYzF+ILr1xUQDqSlOx2rLVOWuNvzALCnK+oUmOyAcpNrB
+701arwcyp2SAhgPoMD6EfvA48hVFwjvXfNJR+dCOSGkFDYnlOvnoB+3aDayiVG/a
+ACObQyB1yfpuDy5JRL+gd7eGdHHXhd3h2dpQxml8nRCrYuBePDkCM6Z5sKBvi9US
+e2lTIzTkd8aK/svLV4dO+r4VYEtOc1hLYFhNDd8OLLzbjJM2HiX25mY2y7XgTlFq
+lDhJjMeMOE5Qs+gpZKw+BntjUZVEaSIKfDWP8Mp5/bzsRD4dRjxMXs1K5KWwQIr2
+qRWUIt7ILwRSiUzL1XAjkM/vr4CLuM3f1K1nJmw7Fuc9LBzfH9HlOWc3FMW3pnxn
+2zFTeTQ/bKpBp0e0PhtrynriYvTqmVAFfnpkbKyAgE//A+uAaPqluzRZdVMe03BY
+h9a7MdnkRNrl8LetBg4mKGWqM9l2FPpE3JCRLj7i5YzKGhC+nbd+gMsZBPfCP6jf
+Xb794wmEb0y645XTp4F4TWJNiuXJ7TOJlmHUecqZE+BjEYRkDstyc8PjK8u/QwB4
+97Zx0R66NfdEcCa3v05g1aAN8kNAuWA4VjtHcOitcJo6Qu+TmziEadamkT/mEy//
+9HowWzLnSoHvnV1uwZozLfJorYIuzOS2+GYefp1x14HHQzp/3icnG5WkvhHOwvbm
+hFjbHxCeLNzTFyyFw42YyK+4x82aQPx7+5jGdNYoNFIVmfMAe7r3SA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem
new file mode 100644
index 0000000000..846712d23e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AA EF 0D 39 7E 1C B7 98 0C 76 3A 6D 21 0A B3 C6 87 31 77 96 
+    friendlyName: P1 Mapping 1to234 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 CA
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUUDEgTWFw
+cGluZyAxdG8yMzQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBQ
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEg
+MB4GA1UEAxMXUDEgTWFwcGluZyAxdG8yMzQgc3ViQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDCqo/fkI2CorkBLrk8+SW5B2Vf/V3rrujIfoLvDe7m
+xMzVUsj3fQgZUgeD7yG056J8OLaaV2X6AnYGSOR/IjkmxnmChoDBNZHgfxmjoIBB
+SrWaoYzucLOpPhxbRToBM68OV1YS7JuJyNZNOkpWCVDOnDUUGqZZJAOO9KKU2bW6
+/mWamcohebtrQQsSUAJqatKBd3DFgyJl9toV8bWgINwNHPJOG/zGmfXrM0XpTC6c
+cYqN3FnBO1BhuHvAmT7x9nKEP2d9+njVvSJijL5UefG2i3k73WD6FsK1NsD1TUiM
+W8R1uObBWDJSp7tMnpsRzpWYxN2UrB9DfejvhYwCW60lAgMBAAGjgc0wgcowHwYD
+VR0jBBgwFoAUlQsBqUl4qnbafwkNrIgU+fX3R5IwHQYDVR0OBBYEFAMX5ZUA/So5
+eK/LRvZAmGUKAu27MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MCUG
+A1UdIAQeMBwwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2
+MDQwGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgB
+ZQMCATAGMA0GCSqGSIb3DQEBCwUAA4IBAQABbF8fZ+aayNEPK6IYowHdDmpCNyiX
+ShlGuMbWbiSBilugkXB8z11tg/C+5D1wdeDk57vpcrmr63pjA/NVcJsp6nOFGsBT
+A0l2TQ6GA6Yqk8ptm8nzP3tD60KfDzu1+Ld0eGCkx4BWjwGrOBt7S5K/G/tTAXQa
++fZ0nNP+WGn30vRze055JcSScogmNcTJ0sYLBjnYbxyFjpbyOsdhiudG+FufGcIH
+P++VV//LWKA8t2DgMb4ejFdpihhWV8T8fLuvykmVJhD4QcV4Z+TTTW93QjCAa5oN
+XWhzyqOe4s4GLlO7jZw1LMEHhh8M7Q3SIrEGDA/1exOutvigUAQ8x0eE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AA EF 0D 39 7E 1C B7 98 0C 76 3A 6D 21 0A B3 C6 87 31 77 96 
+    friendlyName: P1 Mapping 1to234 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E280D00090F07056
+
+Zs/1E8+cofljE9h57m3zNjcZ0Nbw3iFy2vWQb5DayLt5k37yV7SnZVNp1KAGieyI
+8Rzj9NTlc3nuSTW6VxjBDgVqsZ4RXMTivT9PXzcOZZrm17TckytFLUL4ai7g+pUE
+JcihIk/vfzeOeU8xx0UVqkpt+wXLqASx60hDz4d4E7mWcz8tC86xGH6ysk3WINfd
+fTnvq6Ztl2osMUvHhcsFlMNyMFOxrOcrKYisTO6f81V8Z22TdlqDdcddrYEBP+no
+pozv5aNzucptbNDAG2ty/Sn0MWU1UzlDdZtLcrvEQK9/21QZPKRKIfqzCWt7xCxo
+CZ8cD5tzNhP7IiLqDdDfwBzQ/V/uDVgfoJh54SvmYemCYLLkwMax2eviKuj+5WNT
+STvLPt0OryCXz5x2rLsoESb34zmgPELRY1YFDszNggwR75OnhFM1wTEwqrEoJcMB
+Nu3hd4eORZAk616ut04BpQqqIIp7esQbe8Ni3c51NIUXC2TVr6QfbM/V8Oy86guF
+ebhR6aRlrX6n5owVekaunAVrxve0JM61VX1cTBDmztj2dri3SFVRBEZ/kKcVSzxz
+A5p3vN3k5GmO6Nd19R+3NnjGaWEqUCTm1CjZBL1VMYmm3UXSaMlAzSEzfSIgx5VE
+WQqkltma0FI48nwyBzIcF819+dRg6PPi5fvCJj6WJkNJukM4vQUe/BVuR78J1Ii1
+JpIsziBcsPIzd3HRfbrHhz/cwKGY8JJzATdNbB5klI4lfF/SSDvC2/YCKngctFjr
+bL8EQ4gfhpMeOvjhO/52HjZBDk6Xu066NBf/dh5p+BWvGX+r0z3dtPtkhpFuPkrz
+06vL9RCtDKUKUo2TkIbEfjhgIu4/nW4YJdyRxBepz9Rn61RkTPhfeieW25MkKCe2
+vqAtIzEgeNm1YBHh9a3v5sPFgGXyRf5yhOplBJ6Zjemu3p6TF6FYbI+jDvyLRzJq
+rWYW2/c1sDVJykEZ7tvCHOycliB+BZQLxDQr3sM/mybxzWmYCkhbuRNwRPxmW30e
+/kzbc9nbhaI6eGdacoCmCK/T+KmQSCGepnf8Xhn94imESWUDmnbGav/2DvYjK4Ad
+aoOXFmsXhbD+svWQ+uGFx0ifxugnTrtbCbeAywEQPU1vZ6vt/HhhitBtBpBNglbZ
+dADKHRMDNILX1+F//M9H6tw0U0y0gpdsPAxJROJGW+MO0IlYz8EnUOY0dQC2lYbz
+fDbz4PdLWOUYXKUZBceTo1dAq2DXJbaJi7zumLcZY4yLus8rljz7FrPrx41Rf923
+teQP2NrX5PdfX8T9n9NV4KqNZF+/h+qwtKoJxqN7a1ICcxS92kJM//L0pg229nXk
+WJ/bNtzZxAGN6qsvX/vGvhSqDA0025N15mxsfTjTrq/zaU+Ko2cP/FBvMZUS1fST
+2Kb0bm+pipPGKslc3siG0GxsrbG5+UQrkI9tqEaq0C96gVIyZwSzsoH0y2KJ9NUY
+/f+b3sRY3MeMCkh0bSHg5rOi87bGjQk7m0KFNMj4lLqw+ViYzAXONocQ4sm8skm3
+/LZMCOnR7pISZL7miEsMQt8Hrw7hZx1n7SB6W7h9ioJKfgBwDDgkWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..34c797976f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem
@@ -0,0 +1,69 @@
+Bag Attributes
+    localKeyID: 43 43 08 F9 CE 07 63 62 37 45 16 66 E9 B3 C1 63 15 23 19 7B 
+    friendlyName: P1anyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIFLTCCBBWgAwIBAgIBNjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G1AxYW55UG9saWN5IE1hcHBpbmcgMXRvMiBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANzb/x7g9fYUZJHLawFd5dXdaTd5QI6b394FF+evA8+llsAl
+r9BqwYe139iY9+RgTrroi8KRFeZaXndYBYANU+fvhLqFWAz3TK0nW+otpf5bJiCZ
+27slpFJEINgrpLQpENt12YVkQ60alGIrvYIxjZkOrhbgwHqTxxMc98Nqdf9PXmaY
+5qai+dWQ7RMewnkoX6bx1TmgQXOT17qlbOfyuAnYM1oabX1+86XEw7W69i6Cb8/z
+/VkC6qeRbV1Pmu3lVRsoidYwGs2cwAyMOzz4MpTflSk3b56w0MbmHhyflr+/d5yp
+mNAkE5dTqu0f4GZEACFbA0AP1qSbtgmG6vc1g5ECAwEAAaOCAhcwggITMB8GA1Ud
+IwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQfAigoMo5KhPi4
+i0HxXXvoJVJrhjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNV
+HSQEBTADgAEAMIIBeAYDVR0gBIIBbzCCAWswgbkGCmCGSAFlAwIBMAEwgaowgacG
+CCsGAQUFBwICMIGaGoGXcTk6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
+IHF1YWxpZmllciA5IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTEu
+ICBUaGlzIHVzZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgZm9yIFZhbGlk
+IFBvbGljeSBNYXBwaW5nIFRlc3QxMzCBrAYEVR0gADCBozCBoAYIKwYBBQUHAgIw
+gZMagZBxMTA6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmll
+ciAxMCBhc3NvY2lhdGVkIHdpdGggYW55UG9saWN5LiAgVGhpcyB1c2VyIG5vdGlj
+ZSBzaG91bGQgYmUgZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBU
+ZXN0MTQwJgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA0G
+CSqGSIb3DQEBCwUAA4IBAQAJ4zsy9qL10OJy/VRk1NA5w+0ncD1kOXO0I2cHSqA6
+wtQ6I23JPRgTutDfvR6ktvdBRfkeCwYHPVHHx9zrvfnk2MIAfdDeo93IVAqJEumo
+LIoi+XEUWpRH1MiJbl74CndIpdc7G8H4OOagqMz1p2XsZ4K8RpF/H0WUYGvWsX7g
+78EjEraD0D9PxWr1Na7kfnHoYxrqd/fmRYtnCwt26jO8A1DHXgrWerE/fnUlTxM5
+tHHN1OMOlggOimhGvJ2pn05BdXIhVtmWCdFo6+pTcyWYMm2IvOrzEaQtnGf3Zefp
+lObeComhN1QW5zDtLnzOhHUHc1t4deRAIN1zhE8vpYsG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 43 43 08 F9 CE 07 63 62 37 45 16 66 E9 B3 C1 63 15 23 19 7B 
+    friendlyName: P1anyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,190493828C849E72
+
+3ADKpf4RaFWJNff1Jg2iB1PXZ4JLDWjTsZz4ksV5g9hAXGT7dAIkgGh15NY+A+ng
+pHr65nQ2XENo0MUh/7Zs2bgGGU58Xx9K+DWWTWZfJvSedJU7SKLSmQBHUt6NC/bQ
+NtGzYnL2zymdNwtAbBqeSH6wdvqQWciBMuhG4UGKT3fLeBKEjBHH7mty5Pz2PQ/6
+MjNtLA5aqwxh+R1RveDI0oMsbQ7BV987kLNOs6soy2F1Zkn+6KPRiewIwdBCcB3O
+xkp5Su76YdUZMMfm6Zm0z8/MNSTwe+LSDQmEh28m0bByDKiR8CvmsU5MW3MuPh4N
++4faLrcwFTPk0JizNnlFcdB8wsRCUOKDnWzih7kPXUjGEZXiJTbmNNalEEgQOahE
+ZgHoCNbpSMHF46DRIzp+MTJnLiJDe+YCLqmlIWSAEnivjmkN6Ouj/X3eivPICgkE
+SQ7DAkuGAZoza46qVs1+Dx49HyDM8l/AifK6Y87eQf4fMdPtHC1woAMg+/6hgLdt
+Bz4k2xGPZWLINtUKTrEBieMntL+p5ppOMSKP0dGqArlNYHNLw7e1zone7FTNV15i
+oGZpblu9Iq/7Z6S/1JEo5lo9npHUm69Yo0dzTarVYx8KvqnSn3FPWCNwiEhR38jV
+gELMghyG6vT8kM6bzGVk8PdF5EJRyr6m+JQ9ZVEwjisQFOMHvQp2ecNtpIWvgSu4
+SRK4oMJmxVXdiz4YXFsDKpkLaE+IkpHW0kDKBIUnBckRPWva5zPnOrRjibMvZmRf
+d6w/tjCUR9kMuOhBbXSHJLm2GZpJizNWqLySJE9WgJ/ufnSYlx07gKHi+XnEdI/V
+Bo+LjykYlvubud5RsIG8XUJFLxtinJJ0mks3dNQchFHzmsVldKWJQoLN4mBH20O+
+BgmKCjv2Dg6Irrh2ZcqC+tZYnPh7/hg6q6LXp3HZcZcEsM7uKEZIR3ETrGRuuuoW
+H7z0FzMs7kn4/R81XSM/wEdcqHQk/142VyA1l2bGM7rbDwnHRk5KiDgMipQ5azJe
+gWkR4iso6Zj7RKyrzJ5srfmnlPknx+UPA9H7WrjeyvO6pQ0Crh/0CeitYLKNz/+R
+tInp5BYAv87MY1yByEno9SB2jWa5OkG31gk/8P7AMLtTqTqHBlR5iWIiuQp6pGr2
+nxCtPkaJ71o+d3gxy9V2CIc3Mr91KbOnytiFc6RYc/WZiFNBxVJl/aZBtcXZpal/
+gcYzQJFidHa6zezoFojHJgKvl8NwWIkJPNttdD9bT1DrAh/S4GidhGG3gG6HaKKv
+B+KYRO5nPFH0NRP+dXVd39IHX8SkGzr5ZlOrVBTwMbACM2mB07bcIzUpZceuEMX1
+ZI2bGj2EWLMq1v6+x20tQmxYRHLqMDDiZ2ZEypwfSwSSqH1hqwfyCeAzUvfYrNBR
+KVkJ8V2IVUOBfo/CSbfAfvP5dktG/xxK9CIOsd+PyKbS7kgfkVudODLkx+TU+//I
+PqeSFd5sECKQuSYEHG2O0Q22doufmtJNoygaBkyTG1ckiPitxO4lKIDxiUlId/Yi
+IietXGgeZxNzSs0AjrU3TEpH8f7kc+RzbMj+cl8bSZZUKmGOM44bT6rdEuRRYDNv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..f0bb491133
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EA AF 99 DE EB 5D E6 D0 27 6D B6 3F 8E 59 92 32 1D 51 AC 76 
+    friendlyName: PanyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=PanyPolicy Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBNTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+GlBhbnlQb2xpY3kgTWFwcGluZyAxdG8yIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA7it5KgqlOm7kgx373idsdbNuWSP2si6O6lKKZSjz/B/ER+zK
+sbo30/ZnpGepghDagsI2z1pvXZPjFcaX5jThOtKnKiB00ColGZQL9OMl52BYfHV8
+ygtI6FLosSe6J8A5grqnNiFUqupOAMS1MjsLDJssMivMyz1Mmb0FBqXzJOB3pMCS
+nvgsLsM+rXXZYTJ69SJZfv4W31iGyRQer57qoIiKYTypLuBqO2S0baY7J//g040q
+Sav7szmAh+K+Alseyheko9BY6tDW4kFSe2DshTvovJD6dZukmjh1IVLoU8LBMYy3
+/23tKavxkEyXBYbrF5MjJdyfHDulSIw24P5kzQIDAQABo4GtMIGqMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRHAycvQz3FL9mSrMfS
+dtAzxvl3uzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQE
+BTADgAEAMBEGA1UdIAQKMAgwBgYEVR0gADAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
+AwIBMAEGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBAEzmc6/HFDjAm/BX
+XujVfL34xHXsQ6Hvo5BiQHACompgIWEya5NwZQODcH4pig04UBkUg14d9VayDUic
+gAnwUdsAvL3tHqwnTafckHMmsYJSig0xkxpOyWbqcq/RVHGnMy3pLXGTrX2jpI/0
+1fYdE8EB5pcoL8MmktyTf51FvGJGQhQk0pIaCHhO5cHUADHIBdowWt8G31z4Kv/P
+GqaZygDC2R1YG5btN8EJ4CSGp2bGX0oMJOt2F7knvVVrIFNGH4vYfuXSxuQ7yuma
+kfS42S44/ES8W+FnhTW97iIq13l7Wh4XTvgfhHiT44dxbX9uUHH7TJqJq/rijbF/
+0zDEus4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA AF 99 DE EB 5D E6 D0 27 6D B6 3F 8E 59 92 32 1D 51 AC 76 
+    friendlyName: PanyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9EA299E542CF1FA9
+
+YezJFv2D7hxBVosplQvpAZsgejIrkEKxQUmTVVssLLPNZRmceZopLIsVKc1aXNrq
+6GILnOnDqxdudU97ZetUg4RH1uvbt5sdR2y2dcGHpJfgCXjqAJ8Tsm7fXKDsbnHl
+IRvnzVvzdnML2XkH1Ns77dSCz4eKV9XmFvqanOVNmTYsmYJW3bkTqfz+t39tz32/
+1YKZOblfAHuGl4T2+g9cmnD+nURTm5fKvvosx5H3FwrkGjmvJD9T2FrrmGRTzkoc
+Npc+Q9Oarr4L8/mWnNGHX6VmM6pASR5oeHHZk1gDfmj+8RX0SfVCtP4gNbh8GFhr
+deW7HhxEqb15ya9cbJoxC7C1plUTcYN1OB2dqC8TJIpd0Wk21DlKMyxBMpx5/CS7
+xFnWcG+QzTdXDBm6qXqS5ksbvgWNtMN9jJUbrglFN23Zt9U5XmpT0Sl/5+TWd+J3
+nRfS3JJO04o+vtCzcQK1Cf06omH7r8XEs2VpQXzBwtaQdYSdcDIynfTWQ3YGFKZx
+/ZiVkNVFIa7+6kskKziGl2DB7uhpaIX69sBZ+iBt5xq7Os85RlVJu0mGWw7hsUM5
+GuXmb13glbRxaGHRaYjXIT6Jh3MAn4GuS3jDWH6StgQgYCFEmlyaNk8X6OEF2XrO
+Uov8EOi09gpmo/LdJKZNw40E/FYSm2q9QJs53oovEGEC2THhWr4166oJVFgr72lB
+4qb7HcvQxyDm2n+d8whkGtk77aZ1/nVpUDSQ0QRglRy5WFf/rCDqk/X/I0bU3gH8
+KPwrCHmMggvibYVXnxhFcVOJ+5MU7hrkk1eJjxHLo0e5E8DDVcE9oi37fbELaR7m
+qf6TqAyHSURbRg7a9ynUtQR6Vw+ikREVMulJpnoLZwTS6VBGkH1A93TKnpaaSvm9
+eXYsIgVQQCvLrKj1PJfbb7HnyzZ8vt7uH/u7ZeMld3UWyfGkzM+yVoe4SahjAU5C
+oQhAyjY2VXF8tN+WygxAjLujGfql4uBbDvcrQRecoHEvkfugabFExEw5+9lwM053
+h2Fwbyd0V0QmVxfTmXbhfjUP0A+JG5uGsikknajbdkRHtE/TyDZ/sUyArpmDxuS6
+DOGUdz/S6hz5HAZrHRc6zKbk4cn82sjsAadpl7N53cnDrKA0LaEH+rZogBUt1B36
+PF193qqhLhZEKxo0tb8pN7h9Ib48vhcNvv/W7R3TRgGJMw5wGKDfhXuqfqkVfYtY
+o/YtZuepmOAFQuiRhzwy1zOyORJvoY62xmxXf9zNaRHU5aFMlmYVfaCxQqf5x9zU
+VY4Ma523VgdHuzhT61OOH+jaLd4TYE678oweL3xO6KoPUk2ZontyFXBJFIMiAYTH
+LS3BzagSBLAb44MrUMF6+DIYlsrPIYuF6gFUtJ8lhmSKQTaHOyHiNNVi++XaXn8J
+4djY6qN+n5j+XQ2kq7ckIFKQTxZPUV4uLBWE9MdqvoGGY/DO5KLajNKtc3k3oCPX
+j1olnFJ/91zEoQVE5E3NHEqsNiLqZ86bkKDiWSpxDjQJTN0BVMeZivh0YBGLj8vK
+Z189yusJ0VgByq55uXQhxs1N4+Nv7/INz4EfEuTZQAV9+8utqCuQ5rNh1PV3Wnxm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem
new file mode 100644
index 0000000000..2d198c343a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B1 12 1B 20 2E 0C AD 94 92 A7 5C 4C 84 AF 13 0E EC E3 AF 6A 
+    friendlyName: Policies P1234 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIBIzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAMT
+EVBvbGljaWVzIFAxMjM0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA5Zswifhj2dT7WU826z9T4VZWyc4sgtEpEVLsV7AbMOMFR2ind4R/fSTyrw7e
+szphTfev/5eBa95JdOVqxfPC5M+Cri2NIZEtTSll0ybxk/uy1UJ4s1ZTwCI0QqJw
+m5jR4JnFsoIhfaU2xP5yGOEbh/JpKK8L4Dlm2W5AXs4BCYiqdSJsoDlG/Ay9xBzo
+dP+u8Zv+MlNZWMKExqOQxxxvcsSuVxziTjYZggMchaLTOgUua2PifFWPm7DSVswl
+cOKbtaIsd6ya9VLmiutIGoWEeLOcjpiM8lkx4lk0DGx8SDTzDsT1yfrj/ul76ujP
+Lwf/GABHoLjC0Gv9yLG5699VxQIDAQABo4G1MIGyMB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT2/amMJiy0z9bT69QerZJqHbskUDAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMEEG
+A1UdIAQ6MDgwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAwGCmCGSAFlAwIB
+MAMwDAYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQsFAAOCAQEAPCzijaW/6TG6zZls
+SWF2RKrsRSG7qMXa1K7EWMqkCfHw/9QGe7xCtlhQRHC4ujJqwwHblOZx1t/07jLS
+pP2R7VjOfSoCER6a4e1ylKPsP3CrxxjxdngZ6c7JGN12MqO22d38yTuGfgYSiscJ
+ydBXzqygLGCO9ocBscvA1l49aDo7nkbStAc010/2nFiv6xdasBNxu+DLTRyHnDUq
+DaxJ06wsiWxRs+LpSov2m4cYPCG3/hy5LfQD9cRPPUBCSGVH77rk907LBpp5ZnAM
+NRxyldQ9z2EbjE6Kg5ZGIx1UbpvUw36YFX6yAWUj7wUcPT1mArZq7EWZByaVWa2J
+dNwGOg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B1 12 1B 20 2E 0C AD 94 92 A7 5C 4C 84 AF 13 0E EC E3 AF 6A 
+    friendlyName: Policies P1234 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,401B0181451A86B9
+
+Dtw0yEa+7EIZXS+q81Gmb1Osr7tYFnQQiRyFaMjkRGB8EGQiAvvt0ha2wZ9Im36E
+t9LcOiLHJbQWiG3g40rGSyJViEVYfaXpid5SzvoTCPYcTLnuun/S0pnZpoGO5ET8
+HfZ5+W4Zc79j1PSN6kzLCNee4rP5ieAcLOHdkimv4Obq19itZZ6r/Ca41cAYgjPP
+i4jsmlMAg20bjnfFJnDB+I6IZY9UkjSLysWE3eWWhCZMULNwYwTxZ8dJBU5zQ5vg
+ktFE1NO9NnYFwxyPp+xY3ALfrclwctskp7TxMzVuxdgcqaZ8jBgkj9EUaC8NmFuU
+Rw0UC06542RIDQC2xy5gmowbAETlG98jLMdIvAVcgLBDFGZDYmdWfaPPwFUBAkQ0
+pz163zON02lf8z1m0zuHy9DFeIMO2B/lmADC0HgY4g4ilk2dmnfdgBuBe/Fe4ba2
+VHxW1lVNelZcZ06PA1L9qSdjBn+8FwAqvd2I5xQjCzS1ELyYJjgS9NZ+QqielEKv
+HylSjAABdhhZ2JrViNWHYBdMbJk5cLn1npAR7rpo14b6YJg4hCh0J5FjvyUVPd9e
+SNf+T2zoZ4sK/WaewnDvIkU1s5Ap+AgsrSg5qfKXv+Tbb/Borhk1D/6NZiANme23
+oewu3r1Ycn3Y/fEs/pV9dHlkpsg/F+Oy65apQVZWfnzW7gmTx6ercFMnef51+wfN
+G5HZfWaJMYnzUDACF9HLmhMK3dGicv9n+8kJp/lK01tV4IXMeRPqVfkkqQGKxbU9
+IJhL0YLMa+Osp9SsPxmtR4XqsXCn/4bdP+uAe7fDOmT9f6F+LxG+rBmT3KlYNdS2
+0zj9lf//N9H7els/EC31Z8Jy7E7sMVQM5CypoTybvBweus6xFTbogiuI6/VhzDwQ
+oHMs0bkoYmJLIqAihmD4BqldfQeIRhjiqdl6jyYgZcrQSXj61t0DrKPhUFYmLdf8
+zbg3A60Dvs9fP+OmCyTCbMacd194UwAZHlgDecNgadyc1RQv9zspYUt5onFhD3vv
+Vqlx2b9A+WebWC+kegZHLrBlBb+g10OHfkSaBWU6wQ5LJmt74m2YKkPRux6dMseL
+lNJsmhL/Q/Vk1VPx1ASbQmc5ByhTIG409QHtmLTCiLVeH3vpToZXwR1l/fHtBRzP
+SFoOY0TKdWc8h1pjiDoDuvWsTa+i9WnH+/n2TtmBZTmPM17RijNRzIZV2WHvOZ1x
+6oNL+dLvBsQWQkQDKGrI+xYzLcRrM9XJeiO1XlLCngrAQ8F1tsjhhqojdZasDCmp
+4sdkv7wJ0d89zjHPlKxEsdT6zny2Q2NTGsba9FMsWBXMRSYvKhSLh4qt15cNpuul
+96hXl4oRaXtgtnR6bgmX3g9fQ6l71yxCTFzWmSR54T29Vo8E6hjKTTv+0E4Maa9h
++TmzCgCnEJOdVJzJ2NRfpH+BHl7524DBZtHCK+i67ACPmhe3g7sn4hbiGk1lU5uO
+9dyMnLryai9YCmL03NgJ7oZsua7/qSqotmlsZtNNbatjg3nl7r9vojk/B5znd56n
+9JB5SYIxZMuLl1zZuksuKCiHKvIFXdqhw4eC2gimsnyXVvlbGBT7RA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem
new file mode 100644
index 0000000000..4ab0bd9ccf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7A A7 95 0E 2D 5A 6A D1 66 6F 09 32 3C 35 A4 77 27 89 88 99 
+    friendlyName: Policies P1234 subCAP123 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 subCAP123
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UEAxMRUG9saWNp
+ZXMgUDEyMzQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBRMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8G
+A1UEAxMYUG9saWNpZXMgUDEyMzQgc3ViQ0FQMTIzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxonRcataWmsQBYe9Vlc/Fw8CXsaN+DAnB1XBH2YXYyPI
+DAfebRTxQp21q6sz2LcepGnSvbnzkzsg0nfB84I+vWmI6q3L6ydRXjRtyppa5qjs
+Zfyknor/AdboEykbvx/b5zEBUBc7Ot2nIHb/8mxhw5WnO7EVxtgxTlx5lE0SZdVt
+uc7G6WVe7/+SXuVqYnIZkq460YcUA3GtoDCx2oYUDfb3rKK3gjOLI3nK/JslrmeN
+A5kujM57Tl5JwAXeni4XXCDLR0aYymGlaJqyeT/3/SvddqEJkByyL92IAvsbun00
+bjPiY5ZRBwsBSdqwtc8wNtPPsouo/HD9gsYuiec/IwIDAQABo4GZMIGWMB8GA1Ud
+IwQYMBaAFPb9qYwmLLTP1tPr1B6tkmoduyRQMB0GA1UdDgQWBBS5qlCBpjRmUWid
+Qu4piGrsHMh89zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAzBgNV
+HSAELDAqMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATAD
+MA0GCSqGSIb3DQEBCwUAA4IBAQAPH4fu2YUh72cgr2bFYSRtzSeoosntPN56/dcS
+GPRl8SXABmCu/sIYFZyfRnKyTUwKPObPm0kcokAnEkkMkCd40n0m9jjIJIaSuSvi
+NocDswcOdofQx4fK/w//iW8VevGjjhrDbNUattppOWcaHkOAA+UnycLCRPYZmNco
+eR31JgQ3GbFQD3A9GU5TvQjZkRUbiAyc3ETO/rCuF+zqZ6FMoBMJgJj/Q6pqVyIA
+HLCmwq9MTKuLDhSyUB8X7OBd3vHiuCR+opFSGvIYuFpsyA20Mdmni0cJSu+08BgZ
+xGsDyQtQ14ns++kCw7xSJR+DHvOKk8LojNH6an+IbJM5Wz67
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7A A7 95 0E 2D 5A 6A D1 66 6F 09 32 3C 35 A4 77 27 89 88 99 
+    friendlyName: Policies P1234 subCAP123 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E8BAB8F32EEEBDA1
+
+8iT5O9SjBr68ie7Ok+XKZX83jA0rNiVSCY+XzWW2Lkd1pNd0d05qvcBT6VmidQyU
+Sqq3MRX4DUsW2wpYeO5q00u0/hrbGJavdGc2R6VEkK7SLr08Fe/ajDEditrSf55/
+jAFj9VG8WS2TIygXZo9g29PQ6PcEiHbqyTlw7mru6UV024qoYIQBk0tBMfRKYs+T
+dD8/yVuZYLlb7Go2Hd+21w82l3prpm+EezT9+JTyPmzyHoy0898vMp+abY/M3Wt7
+XeVhB+AvxsyIiHXu9ao6V3W/icSFQV4XMWViTAPAw1YKVwie4M7Mods6Jt8qIgcX
+76TXWLEcdEwkOGyoIU60jJx0x0WCpFfS9oKY4WAG7Uy8ZRMco6n8l6flzF2+/MkM
+Fe9ldPjwtJIp9bOFT6DPaoD301sHQOlajFiKeK0Qa9yrp4VG+7hzac5EtvcL6r3o
+NLx1LxGnDno5tVhi5iPzpVw64v2dHgWNEhSzqvywvdhTLBpP3vbmJwRonYRiEvnY
+FSFbJ0kOSh3/wr1Ngu8nkui7OCh8wK6ABr1bXvasuumR6ehz7a98OTHUBM4ZCY6I
+HQHRubFwS+RyinuXseisvXfDctp+e28HP6NF8g1hmSs2gQYLXgqZW6Iv3Fz8FGhz
+hnB1yELUIOX92e2MI4hhrxPlXWHQ7EhuwYhCNraSosRzRUXdEx2LoXF/OalHDDCm
+/YZA3Mq2yukes3b55BeT97stTqFOp1fIo/HkmEtqsjlfqXuDvnqqsjFjVR/OD58S
+hEyL3TIm9XgfgGZ2k+RwBrbCr8GGbgNWTWTk7S9IJBo7LJpkmtExZwolB9AWbQ61
+oHJHvB/REdNVJpeUXD7X6h6z52TlOCoO04BLp/dmFt5s3Xfcoz1uZCNn2izmhOpL
+Ei1WnbrzHzpcVLuqdt8jlYzieM6fsg11SQjbz52DH/nC3rRNON0x2kPdieGkU3Km
+0pEH4Huh3CTky15ilJ48V4o/QDgawLHbuqfIYHNWaLDEMB4XUNFMhdUu/A1OP5Yc
+N6SYqkgT4aZDsKkQOGMmdr0RBR9A9xRIiFWZlF3ZRme1U7bESkcpRbkiTXIxn7uQ
+yC9mecUBWrXSjsFS584IqSgdUvMysHMif6zp8noDQGj+9vVj6eUnxwwFXzcr8XoC
+sDUFS8Ujf0/6F/B/W1yMmNck0dKesUnoCWX/SW8aQvnU0ikXhWb+BE31XM5yJoJ/
+FC9owo0sHhzOuOkaI0Jo0lhdubU992iBYAa/bnTnkA+UVqQO3hsilcKfrCQriGOA
+/s6UIjdq3t2EqqQtt0ckb/s8n9ljMXlWwx5mCtU+oUnNo4kKCiq88zHDcQ8oXYmf
+gsojfiUMGyM7AYHP6xm5gC2u/Me6QJlFQ/nvosaJ+w88pYZ7uJ9QIXa0mCYbr/jI
+MbJ0J50RVZ+8hT4Y2i3HY3IudQPWaWdRn2XgfYAwjtPTNwIN0CDiOBRvqU403u+i
+AkrT+cN6k/PYZnpFdKp/IBdX529ghMcHFrChq2mCgdF0SAEiLtZQZcHC0sKBNKrE
+jfZgBRH80Hr00SDzF+PzMTnDc4HY0d0s6yJ8H3eivRasK9T5DzgnyA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem
new file mode 100644
index 0000000000..cf519d927c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 53 79 7E DB F0 15 0B AF ED 22 CF B8 D8 1B A0 D2 9A 15 02 EA 
+    friendlyName: Policies P1234 subsubCAP123P12 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 subsubCAP123P12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 subCAP123
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYUG9saWNp
+ZXMgUDEyMzQgc3ViQ0FQMTIzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJzAlBgNVBAMTHlBvbGljaWVzIFAxMjM0IHN1YnN1YkNBUDEyM1AxMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLo3Ua2Xvxtv8WZdDdpkpPFPN/U
+Z2u0Tv18NRxpPcmDI2pHWeA1cHyYL477uK8uKTG4O2RjaJYV0qFuH1dHCPFVUCVC
+i6D77CObOpIBW5HiWykfHK4mpvjavEJ9t0rOOXjBTvloIpT/WaX6J6Qc+M0I3DZj
+D8NZzTztV8zE1VDHwcB24WASkAEIZ7+pI6yRrvJF/RJ+xFG1Bt+XmbT4N8t8Pm8n
+pdYEhOp0tHlMBwI30pe0jBB87UAuytxircSktrSPVl6KWb46zj4kTwIazBTlEQvF
+yXNm0eDWzqnACQo6mETSLB8GSAftaDLmKLnDvkgn3yj3lxBl/wTQ17Q8zdMCAwEA
+AaOBizCBiDAfBgNVHSMEGDAWgBS5qlCBpjRmUWidQu4piGrsHMh89zAdBgNVHQ4E
+FgQUTvReofkIMHtlrJLAEQss07SWBx4wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIw
+DQYJKoZIhvcNAQELBQADggEBALy8qNbHDuf2apnfU6p0pR2HZtWwv9CjY8NlmhEZ
+ezLvgB5yODJvjYkKNgvU6F8pCTLTDhzpnciZ95rbSmPuT6SgcVM3LA4wNhwesgnH
+70TMBv5ArkIaYoTgizJNujAcE/yRJ0nypglb0p7Fscuj6HUSjkOJFtt9hY6JhnYm
+sGlmy7/yB4K30tfCfwqUx+NprBFoh97jCvzFLXfC0BPVAtfl2Yzv+CjTAEL8RK+P
+wqa4jaQKtaotLSTRtc8+Dm4Y6FYnHLLRsPHf6sONiL1RZn7w3m4srmjf0yjCfoPK
+6WuwbFboowgs2XJXX4vtEvwuME49LwdlGo8fxbw1zt85bTI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 53 79 7E DB F0 15 0B AF ED 22 CF B8 D8 1B A0 D2 9A 15 02 EA 
+    friendlyName: Policies P1234 subsubCAP123P12 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FDCD4B8C852BEC2A
+
+CyNbcokXAIxoPuGCOOBU/hPlz52XIJnO4l1FugvWwelVVyPM2CzjI+uu6Azdb3SF
+UHem3ki6T4tBk0uPUjl8fWpRLK7OsuqReYcH3E66scc/e082a9m9A2fM7z7H8ay3
+cg2cFMtcZMvw1z11UEp41aFzF6PR+DuoEUN+inTIxWzXyVkLxDilJbwbbuj80+Qc
+fRA71TQZTEuXF135jtuSztpYH6BT2dcIfP/XcQ9QOIfSUK2ahyeyxOF9FMeywNA+
+NFF9kzGFaL2u3SKOgfHX2//vl4O1nFq0MhDimA4vNzMhM23h0dylHnf8vIgf0MEj
+FLnPC8i8ih01AEeQrRCCnH+e7RNmAdfV9aMvsINkHpRtHv2kHusBO61og3d2XzIY
+bVLLwIyAeIUvmkv/sZZnsE4kH9gW/CsJdvKta/IK0luwpdTNc1Ac//QkFpNu/D9J
+UpjMjWU/z6CkC372BJzmHXyuoyuhk8zLV58gdLvv57YfuytIYQpLRMmAgrYjDXte
+aMX4k8RTicU5ji0deAxCy++KJWN1AxpahZuwa2ngJhwRhR3sOFq7LKNowmYgWuwp
+/0fRgg+Z7AEY3Uc7/Ls6+Bao6cJdolKBXiOLAGnJHchSoJtA9dO7EAliCEA1yOtm
++smPGSAGRDPWUmCxFhUXK3YfAgVtxl6sw9h4BnrVFRLo/MrlelQ2QZ/9Qp1irXp9
+L1eyLIF0JICiQgBgXYYQorOVT6j4kvZ8y3l2wbAjXqz/6dykUQwbCMezbsV8rYt9
+KYugm8CvUml/pBjW9eVj5KxPJdPCQGfyWI2cpT8PQnfqzYTKWX4mpRp/3zW1+9HD
+ks6RNvc4D8Jc8kYCBmXFc4RMdeubCBgYwqvBqFvp8YGkRo2+uttyv5vNBQpDBtvj
+6tCq7iwG43tfnfPEwxcAjc2cz9z/2u1ZnSlhzY44l7p+08x3vP6npvMQZF60AgfE
+klEnXg3d3lIr3c+vG5qtFFyq/ryTBlOOygNFM4MDcdMMRR3Md9vxkiV4YR7LFSoC
+u2J1ynXOrJFQd7M669XMXsXYRE15uH/iCAvOpAaYjPnla6jC4wYwD6eACiOyDaZa
+Dtk4bP4AJn+oIdBbua2z5i79UYRbrYxG9rBnKoP86EuqKZHA9PMr9sfeh9Cc/Wqs
+RluoNVXCS77qM99c1S+BTpJg6anyCb5vU0kFqXPMST9YUwlPFjPy4aqmFbf3gj6r
+WO8Ba7XULOYb2KiP0b/lXC61ANbXTj/ot8YE1dyVAW9T8vP42PS8GOW+fB7eZvf9
+LZlFXyNaiJ9JukLZxxvUcjiHJJlGLhS4WoZYXr/OF3Bwzp2H1rWT8RoxJFpLHFaE
+KWZsPKGQxnOWWs4mmC1/5HEOuUZoavNikyVe2QTSphQKyhV8n1+ey9cpC8HUH2Xh
+qYdSTOO+3njCqWugAerkTHpe1Q4FIOH5nqkEbH0FTYxSqHW0NHOfeLNdpI0vHC/7
+z5dtSMaNR7W8TxvnLgilhGrtPbQbZywEwHQy891/uyI5DtcAkaMg7RjOvXOwla1S
++yGgFO0q4BqQHUE2nbwojnTnczk2sJnU8Adsr21mpxlDXMGR1dyy2g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem
new file mode 100644
index 0000000000..597fd7e53d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C8 3E D7 01 6D 13 E8 D2 98 73 69 3F C1 B5 20 DE 12 ED 21 75 
+    friendlyName: Policies P123 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBJDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAXBgNVBAMT
+EFBvbGljaWVzIFAxMjMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCffODGihp4HxePe48+r7DuaPS/JNmLYWY1/38FcOJvrd8p1tZIEpi/bgjs6JdW
+n2T5FPfFbQaRiM5Do/3VH5oWxQIZuJi1Wwk1aENpSUZxyXhTDERdgWiMMxWi/4+j
+IX4xb2PX39awlmgArgJpBSHI3H0uqBYTOG9+zt4RUhd5aXXmq6boQA91euaSmXaG
+Y18WP4ehf55cJU7R138Ngbtne1QTE2DX0Z0ylBfS+dWSDnE22BMpcI2I3kFE12Wr
+1q2yyAtWIsN9ZH/DONL1nqUvqRw+boil1ELtr7QSlBFlYX/+mPwnDOJL8kfjRLlj
+RVZYzVZpPQBxkf1P5s/VWMuHAgMBAAGjgacwgaQwHwYDVR0jBBgwFoAU5H1f0VyV
+hggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFIwoCtoNCRRi7j09lrhxkxKJ6uhjMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwMwYD
+VR0gBCwwKjAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDAYKYIZIAWUDAgEw
+AzANBgkqhkiG9w0BAQsFAAOCAQEAK0X1I254izkWRa0Za2Ur/XYzrvZO+EF6AECL
+1EX1WCaVHxWawOIgZzfJpUHER7b52m9Tn6iTwRj+jJ40O1fjpW77TX+ooe62OgDr
+nxni6ZRq+aq6epkwe2YtdcIa+Qgb8PGKwW/WR0ucI6FnG38fuKa3YF6dzQUQKptH
+CWLoaAdo7Bb4R8nqdQeHFX1XHp8Pqw5mGBCuFAIr65gE0cqlefFs4fS7aAISF2rc
+ORHW9/7kUT2subzmmUmuzbiZHmO9cT4ozph7hrjVNjtN7STrU0PBEAHPw8E77usR
+KXb0M/xu8T5bHkVo347HGIsj5iyt/B564Swpv+BJ5ZlQwIuJDA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C8 3E D7 01 6D 13 E8 D2 98 73 69 3F C1 B5 20 DE 12 ED 21 75 
+    friendlyName: Policies P123 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A8B3D2D8BA3D1809
+
+zX4miwYVKvslNFPRqn9b62pmO+46k9RDeD0S4Wf3a7AF7oWdDJ6Wjpp9PYthCefF
+jiUCOFzR97YM/hRq/PXk4Avae1e6DETFo71Cdqa9DQA2j/HYIPizYIst4E/sIHoI
++xj+VmfFPT7ACK7oRYtS9OYwUoxm1epckuQD7xpUi3sLq3t7U62qj+Rz0MfPY+1D
+7m5PWLFB7XfsqMAhx+eEPttvFGCQBennS8LBdoso2sGvt1BVvDGmzC9IGWEbb0Da
+2GlO1b0hfoLgywPtMLdfguWKtaQrGktUafS45VOB7bqynq9a2SdBnKMh4cRBVXBb
+TSG1hMYPo2nRm9COkDx8FNt9zTWi8SwnG/mKHMtUc8z5Rtt7jR/hBDPTLKi9X2+x
+UEpApfnPLVLGlXlxzEDlj/QsU64c2YHZr/Ph3gCh0IIJ57BfcnQowY72gqRhM14A
+BRbiPYtMXu4AxZD4E29OJeD6lnqQikgcrU+yLKvkowoMmvBM77LnqweS/Sq92rP4
+PetuKkC/poHDIVdE3ZVuRozdEWz6pkV/skV/cjWVDyMPb6DrB+EkrBFjcWGsHFns
+6VEMSGA4GNc6DVILbkmDLvxbZbJ3db4uOiK7dT624ZAdZP5FICpcSM9j9dorijUN
+h4YJDhMEaJfAzDVKQyl2rStvTAOKVQBOAuFpr7tOyumc7o9Y5PrwcslAAXLVQhh3
+mnKYGjyK0lL/ubZcgukTDy3Xl34HCQmKqO1yBK0cs9d++mGEkhlDN+bFUO8+uO5x
+JMMwDeOI0s+zm2N8vposIvteVZ+Il/CbvDbqNXLRrsPMEdwIeRdvL2tbMzjSCWAH
+5JxTsUROQH+i8/+39/rJziJdZB2J3+uDzMEaVwO+vYoW3Cro//m/Ri26DaHaIfXb
+SIXK+oAUKaGoffr+NKLnIYewDkg87eiIgatr1X4qrlFjMF+8tvSyJtJ6JLlJWbwt
+9kv4iJohyL8YZ+iieLL9xr2iJ0Bi1WQtBcpfjXhqVPaQiNkY8sg2kWq5MdB1BWp2
+yzJm7KFfYWsOtGbgqtEMCPp6VqXZaM52cNqgb+bkkBsZNRO5WLA0GFhVow1vPUtA
+sJS0NnVr7LYqrsKdORAP6ZQ3jF8OVA3eO3RiNFwSZLPS5wNcFV+G+oT1DfqYwLnc
+S2gSzC7XX4LO5O4THH9Av/3i9eKIm3xIwLRwhjV1i3DRuStlB3wo/vpfP1IR1Qd0
+DVaOd8kLy6asWD4lWeZ9QZ+cFnJxVPZnSF6VoLIXApCr7QU2PfnKw5yQVjK7UfqY
+nUWhQrS8SnOyF2MDWSfR4TDP4Nuy3ijsvft2Lz9YmbJNWnph5eTyypNQ5Wqz7vsU
+tUXEPplGoTFyTujfNa419DJZcJ0CjXjAtTJDZG3RwBCTgtN+i4A8vxrt7z1JID9d
+JOq0Bylps0Dj/MYe87V9tXDyLAczt6l7YTlvwZEBDSUWvzFieAQwF90RsSb/Gojm
+SLy5cAUDxBJgDBGifcYFe6a8tMbo8cskL3CDGhVYIMyJx1zlJexYYybW6M227DaH
+0zfU3J5n2OiVhhqwJ+7HapaLS3hiY72s4NwJT5KZqdi0k+g7ZxW5OQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem
new file mode 100644
index 0000000000..d055119eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5C E9 47 35 0B 67 9B 93 0D F6 10 12 23 1B 71 FF 26 6E 32 22 
+    friendlyName: Policies P123 subCAP12 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UEAxMQUG9saWNp
+ZXMgUDEyMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaME8xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMR8wHQYD
+VQQDExZQb2xpY2llcyBQMTIzIHN1YkNBUDEyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArUStqR4b0h47BHbAWPMcIloYkfa4ASeY9bqzOejwnoJWbjR3
+80zGBLHB9BpGM658Nzr0hFJ8lgPAOnAoe3CzHSm7Inkgh+G0LfIFiRh8QpJagzmD
+Drz++lB+0iW9NwnfbxgQz6BlnddAWAY8Za+mvx1y09LE1r5mkfl4+cZh7pCSLekv
+eR2rw9nn9IbovnEg9Hn2f0JX586nNjL/3N/VB94OcnfZRe3Gn4UHlZBxwa6RplSs
+uDweO+g8oPN9QN9j20CP10Q22JYsZuvHPE03hjWylbbxcqrpUIDKOyehygI1K6K1
+7r9CWuSrRzPcQe4ccs6ef+1PN5WZbm91NAXWPwIDAQABo4GLMIGIMB8GA1UdIwQY
+MBaAFIwoCtoNCRRi7j09lrhxkxKJ6uhjMB0GA1UdDgQWBBTOANr9qpNA+MCgea3B
+eM4d1yf2njAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNVHSAE
+HjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOC
+AQEAV1edqpMmp2JfG73MOcPw3zffoQYGSf3UlbJf6rbmtcBwiKzjYvH2BqvdD0Pz
+wx+Ph6rRvTyuqF6XkAodMYU343ZnS7b62wtlx0XhoJTGSeinwsIFQsVuKdTfdQgS
+bSDGI4QHrSzjyjeFdk4sxyP9kGcKSqqwxTGJ2XWDPV24WWm6oeNkBOuQV0WmUigF
+vOBAohaCXhEyIhJrp3vYT/hmL9hE0BLgRO/mgYaZQq14GK8E/LfzRSA5eBQCCQTc
+iTPJ2rMVXMV3B79Hwa9dBuXpfVCNfafquNa87x//iBZ8kTREbBUc6mRQzpGNAnOE
+59OCcPtzlrEhGwmwAe14N3rCwQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5C E9 47 35 0B 67 9B 93 0D F6 10 12 23 1B 71 FF 26 6E 32 22 
+    friendlyName: Policies P123 subCAP12 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,395FD27DFED18F38
+
+3AYCS2UD9WpZLkte/nMex4XRtt8hjokNHYT7DBRmj8nKR883SWC2u3cWQS7smc4E
+lpxM2FAvOdmkKn89bYVM1WmD4Xw5/YyMIs+49k7jqXU0gT752wAPthGzaW2QSCHf
+p9QotZvXPAz4OTvCo6EU/roSoYw6745yLvMR35b6jkVJs5YIS6woRM/sTWUYsLj7
+gGjAFarbqXFM0a9sUAll8K5N0j9e5e7mtPLM+9QvaVdSKyjSvPQbNjuq/53KM8fj
+K73sELQvnKunoC0Asw7j2DKv0U5e/CKODfiY6mnYuYrPCZGkgCtNG/cco4/CKpwh
+If2fCUYAQggBol0CKMndFUr68NTm1lhxY4G3LdGsFM46xZuEvWOdubPQTbNer3C/
+yvhSPxkg46Ow5CHQIGxlJ87DTSkUjAKtsX9H86xjwswO+ddCis6yMEHDYg+4ur93
+XsfoHsly0V8EyEi2G0nvHMmQxtd5XvtI8rw4yMaFxz6EqGEDugUDodVUibtMGqDa
+9lnBqT8SdHqUSNyN2SrpxpPoAouGmZfCcpN6IzSAKolA/mojTAitmm2dveDdX3f+
+k259cz6X8b7ZFKSsDR+3gryUuE8WZd7GMJcU9fiw6+uBVAZscNh1MtO6ve26Jkdm
+lvHe4rtnk94K0Kl1D1AmXgZEB/n20kV6TT5w3YZf+vcf8nXjX1UB413bmH08sU5W
+oZIVsJSS+EB7xVteojpwauD5cO2OezeT2OTdY3byC22d6GO2OnJeKPoawxhES/hz
+kJJb7wS4BDVwSElUaLW2eWWua20wyHGjbXktzFAMkL64ANGg3UBKel3A/wXWBCnZ
+8anX7F3kplo6GNntTuE3ccWbvyVVBgLOKFwjEkFDaFzrttviCT6ClfVwLnIMBCR/
+D7V8Jj0QYcqgkWQG+N//xNXIUYER/HewIut6MAUjDT0iIVBbjtnrMbntSx/LyvSP
+1BVN3HxcUdalpSqLsONVQA4bfYcjXSzT1hqKbPISt0DfiAjNhDpggTo59JSSof9a
+nOE5mzarUlwNjlg2ajpjBmp9EfS/n+qeM4zS92o5JP6EdbpGwBR5pLpc6EDHn7SY
+YyZntBkdeFbaJz1t2ZtUUwO6/HbI7J33Aj0I2qSK/eu3aQJedKUql2/ke/YqyKxv
+GWmr8kfOr3upBvEwIe5Qv6sYPex/1ftWFyzj3+1BSf/QNr/NW5E5gxmy9UpAxfcL
+grJ5qHD1YOcoKmFC+oTFrTpdGGfhnXOTpvVS5gOyGrKkxWg8he+G3pGsy+paJv0t
+5dRo5SbA2T6Td8QL658aOPPeD292YNFiNbjckyiJV6t/vVDsqhp97rAsRh6sFiVz
+x9SoaHxAmAAy1itF7CLZsURN8RPyWREg7Egx8aHU3Oe/7VHmAc1pfMZFygfyw2TA
+ZUfc9UjQtBe3o3IkWzKxBWkNZWPwHm674iW0/NnyyVJDVtFWzxUgTS/ADwUEVHG/
++Y/0e+GhjxIMfiXrwXY3oJS8e26AfYhqJjwF+0t1FRydqg2FCAxswyIijixOYXgG
+s1UBAM6VfRq1+/OCVLRTJjVMwYp8Y/yzHD2haRkW8V+k3wcoOdPMYcSAMIuPZ+BJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem
new file mode 100644
index 0000000000..2fc07c16a0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 73 DB 79 6C 63 27 D1 8F E1 BF 95 2A E1 09 E2 9B C8 07 C6 68 
+    friendlyName: Policies P123 subsubCAP12P1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUG9saWNp
+ZXMgUDEyMyBzdWJDQVAxMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSQwIgYDVQQDExtQb2xpY2llcyBQMTIzIHN1YnN1YkNBUDEyUDEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZCOQ4P6kmZd3Oyodn6YD0UBbvotH9OTHX
+5zHKc1eekUGMMH3CRQgj0ze8g+N44aG3T3gVc7QNXpWnywIKQ7kaBBdYUwbE2vYX
+v3vDPK0kkR3A1r5yPAxO3fdrGSiutntn6H3HtGesSVfwTzvVijwG3RT6SfozXeLp
+Od0+arrnmh9QJQS1xxECCul54P/LhJCJlrzqA44b1Aox41nNtQLN+ySjQxX71Wi2
+5cxfgX7M8ZJ1AmQrQbMG+oUD8XPihZ373hbnQIHJoo/evgHpoX31Bj1wgw/ERVT6
+dg9GWwCaV9NML0DFGPmFwvoRdMQtiGO+MLw5yRlSrspde+HLbAYJAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFM4A2v2qk0D4wKB5rcF4zh3XJ/aeMB0GA1UdDgQWBBTkGz5G
+t+bIqdjt0TN/BeHxXRIkwjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIly
+f4oOX9PIzpaazE/Fp6PRRFXhCQaiSpPoUU/ndYBiLKY+6q3lCeT1NUaeO1RApaHb
+vrV0ZSSoKMoGChHAQG5Ewdo7ypLnknAqzxcDVIkF/DtSFjtM6x7Dd1qqF+svR0ql
+PiMct4NtcOHqtBLgmxPl6hoN050aoZovYWwQ/ZBt28khebKejAfT3lmAcW33VyKw
+tN+J7roGNPDXfJjSSHJ8eYDkoJUGemFhDaC0dwcqE1VjW/1HC632Spx2G347p9/e
+k0VYMAzGxTYk2nsa9zaKrLb5u5a9kFn+0tuFOdUQkoAzoptWuP1YlsWNuy4I4F3f
+P1+O4qZj/ChYIwALJ2A=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 73 DB 79 6C 63 27 D1 8F E1 BF 95 2A E1 09 E2 9B C8 07 C6 68 
+    friendlyName: Policies P123 subsubCAP12P1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B17D0ABDD5AA93F6
+
+vooo/LY/GZ+/kkXY3ZFp8gXZwEIsDFmcLdEVy4bLO7hMatwv2vp0dtHjjg0Ls2Qg
++1zIjL8Z9xJ0hOGhkILrK8mSLAZiPg6CFDmm0DcK/OtMfB5W/Wu7ipDcKFoHSdlZ
+bIanNeODhiK8/nidSiBC7xhWzMpG7bzhccJ7hrpdKhc2z5D9ZSymLqTGQy7Nh61/
+TwDtVwugt5QDXV+naJcKIyGmeksmbvTPDHAjumBbk419s/1lJXj37M26cwAR2gDE
+ht5HNF/2ZiYobDKxKskhMfaqe0aricC4dsqzkO8BMnV8ZFFkjecQ1X5SQPtSn0Up
+mLoI7q5LN+3Y4u3CVTF/f7ZI1mlx5OCaJieQFegFKM9faVAPN8PONGPb3cf7qp7F
+sFVR7uw+nn1Eo96BwXXXbMA8/lFLNUwgS3gHCOxSsNvnuIvF79hiN2HIAtEm3BEB
+ynvJVRhForcEKWIk71Qi+4LEJR45TpJmX58ugfo5c9ZVAyWstE33qdSOq86inIqp
+OAxwvOApCwifualLWzwmL7NFis9TPFS8rNxQ4jhRi7W/OKcfNLLgJCL31tSsJb7W
+RxZu5E5ddzm+mdQI+TUN8kDYb4kxBvBE+NT+AusBi2yQYf4xKRLOdXlNSS1fSnj9
+fQAGXa9L7xccnBrcvMy2EXPhKq7EhH4dKp8r2SKB+2Dd9sO9cqEOPUc+ZqhArOPf
+x8VzV16Blx7P4PQ2PflpcT/QW66frdHo0tT2jmkdmH5N0kjdrEO9OV5ln11pWTsn
+Z6YlGYey2HQoRflKimMWM54Iw/3QTkhngCpb2RoIerclMMzLTddtbVQIN3Zv/KOi
+fIBofBUqIcuS/HXWA1KSlyOSd4giQX00KF5mtCK0h0aBTTDohjHjvXiCFVlTKz1u
+z/6qSTntwZEDrUn1iGNOlSbIq3o7QdGjIx8k6nNWIjPlmEvd5jfkFWm7XuTXYJ9V
++Of1e1Bj1fPNSzakrYcrKNd9Cwxd6Jm/uRxm0aVVZof0pN3S368pfXGm8sCUOXJ6
+ZQ/ohRnnB8rex/1wd8cASyJeVRissm848/IFKiL1C/56sPcYGiL860Gds6CpTbAo
+3RGPqEW0yVeaciKnuMZX9bpE/POrDF1BaLISWbfwHb4Hj9/8jEc4ni1gthgNmRYE
+bEhXsx+Cm8bFmcJ93wR9IYctdPIU75vb/Zzh47aeK4h6jJuV7fLRtJJSH0wmeoJz
+VxtdovojcZdtBCod/RjAI32JU/LKy0tyb+RZAtig9gv4OXWASSOGv5SJ7Z7cWoEg
+2XiDT5tgMqQ43YRB9ju2LC1X6daQ8UPV4iSNueJVMLv2OYE2JwQqNx+gPlhQ7HNS
+843ENYJ35MsMHsOzAtF5kh0HayPstuxXy69J72wsS7puljZM7KdlqG1EAZIvpI0g
+eEkAFocdakBQW/p3OaamqF8fyiTBKujRH13FeehzliQ+IlG1iiDEeb8nP3bvoxge
+U+4NGaxG3ePgpGMuc8Dv4ataxomuMCnbfHZOlsR45xq3s9tSUwnHB73Up8+KPORm
+IJvN0P6/m7rHRlIlwpL/jTfhU+bqMunkOhkaocXUwcZgBvY158MrWocIxQkV6ln0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem
new file mode 100644
index 0000000000..bb90437ad0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1C 49 34 7C 8B 44 C5 12 A9 C7 8F 64 2A AA 52 59 B9 69 B8 B9 
+    friendlyName: Policies P123 subsubCAP12P2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P2
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUG9saWNp
+ZXMgUDEyMyBzdWJDQVAxMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSQwIgYDVQQDExtQb2xpY2llcyBQMTIzIHN1YnN1YkNBUDEyUDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu2XI0p6/0X+8rTP8FMrqJKjFC2fDJHzer
+MYV5HGjBMbMVJS1+V+mjNrjefbErnD4OlZ6de+ckdTZBMwn7YYcNw0W2YAX8gnXZ
+GRZLEjGbqvVJFXpHsjrwNdftP3k4MnmnvgeMJ3T1bmUFiwStmf9BA/qWpmxblo1Q
+C73IKSRfvOQrKm2x1t9niuBiDFBsEGuGbW+oGMyV6dBgrAfEv5r4RIqbcybqBWWI
+1V2BVFPRQGpIw9IVo3nKY9JU0fPR+m3gB1RozpHVvuHBEyAFG+6QLztmWVcrPXZj
+PC0X+q3JMhE3O3N2CqeeqBRCzJCd2hsN86rJztJjJzhZiM4aXChFAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFM4A2v2qk0D4wKB5rcF4zh3XJ/aeMB0GA1UdDgQWBBTp/LZe
+VhROBh3RMv2IYGsQ+AUbaTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBAE2c
+iEnVpboWIBLYhAY+KzMng7Bo142+HWiVSgn+7nLEXXODv80Y0OgvVplxliiO1D/s
+vCBHuFb84tWG5aIo0tZwir7dGsmiXxUvDBVySLbfftJZWK+NpcpBif1s0E5NOaR0
+Tj0wutAl05tSoZIH8AjZrBVsLiUt0HfYKs4ntAvcJC7CbTPMG3/8NWmWvOcfWLle
+sJUomwPMw6990m4lPLAGiKnYEbb8sy8FTmLdzLuI/Pxgj4n04J9/KRJW57dz42ea
+MfJI9M2gG77kMk0UqmPp2U/6nJkhPfiw3OXDQ+pOvHHG6UFYw99dxgT7o0RDAJHQ
+vAf808JCcAlN+EN/7kU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1C 49 34 7C 8B 44 C5 12 A9 C7 8F 64 2A AA 52 59 B9 69 B8 B9 
+    friendlyName: Policies P123 subsubCAP12P2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E57103BBD873AD10
+
+7BEFF8bzxG9RxKtNqMuMrJx1c+9MZyXyWivnDXuMVUeCimHFdFYc28G/jNDJnLPj
+Cgv+0Sq0+pUJ1X8QX19a1onk4dMGdwbn/UsyDTFiZZ3CGKCx86LNEf+krJ4KWvSH
+CkrtPaHJGgFO3yEF4abyYJ8ebv9LIh5zIT1f8jqQv8lNX4ZCjCGD3mNHUucKl2Zl
+xLGPZciqDnVNjmtMn2N9AnwPO6BQsD+WZgjMYV/YRHEE3+Qk5R+QLqQMbFJfRHCf
+eft0u1eBiO7S3qkXRmtm0ny+WrFITZ07RWlbTyekU5gTG6oTIU4AxkBQeuZ4vk6j
+Bi+6JZRlDbC69ND8pFl874yPWM8RWwYqU7B20erIeHr/qI2qUkDtxyeDtNBLCYEh
++hSNh36fZSS3c+wpPv/k/Wy00J0KwvVf2iDGCwvD7bzZJ3E0sDsRcC0FUf/mZTCq
+HHXxj3SZeuPSyhvyNUhmZZaDvsS0LBYxKj7sB3KNQyZUlbOg2TFrUjZyR8U8Moh5
+AFYKwyjIsMbBusZUUwLonXtSuN6oMZPjGXtzHsSYP+Rgc0EKxx4pqpcz6+2hvYJT
+q5YMeuUeQwNG94A+EG0euhxUDjJpFQMmz+6m2YPFmIKD9a2ff5DhOgFFc5Vdn7Da
+J0IygiB1BYi4HCiQxW0+PVOx6Fgqm7JIX9FGvSdY1szLtOk8fpBb3AaBqrAUcwYS
+oseQ6GSJ3eFvuzK0Xrjfp3jcnz4wDNKYsndNR9MsKvdmIOlluZ3apYMg220FcTmg
+QVJgMXHuuBVyIYeDClyERfYph19APnkg7FSoS203UkwSQDVka+b2kpsB75huiL+U
+auAtHG5hbByH5v4B5VQm4UI10vy6zSCjAkomWk1Ld5NJNWqNmXGvEwzEzmz8KsU2
+Hp42y80X7SIeCzO7fdDQQrduDg4/GWtNtzCXCIoZQT1JQkHiKUr1lQASdI6krFhb
+vJQoE4/HaCuwZXAYurClp2cMpcpzNleGgw3C7MkdiYkiVTmg3OxEJLQPxibVVjI2
+GTbHdCib3Ya02lYkUPkbfdSdbRuc7x8bJWXBPuFWhFQTQNMJX1fmavqcNBJk7YoG
+ROz6c2cmt5J7Bss476p/dw/cfR04/PNUAgFH/lnFXzYAYhvYWNKlGqIJuZbcgyly
+rZMZkROnoYP+3vMA59u7TLbggLcco/iHa5dA6wUNA+Vru+vwNdwP5OLaAB5cSfES
+Yoorx/8mKekZYa0SFP8LL25heYB33iz+UxlIamH0VsjjDes/MFg7xzldYLaIKF42
+JpZGQDLi/MVWVQ3JW8j+fIaBJY9vpkIu73Fc1knv8JOQYY6AkbtcXQ+JCLrERK/O
+D9W9UajfhsuiR/m8RGySzKY87vCJ9/c0vrs5crJDO7AmMS5dbfwQqn9nqZekCU0C
+PZGwLY2NlxNB/OI3D8PVW68qVKLVhwc8xK8mNu3Jhu5zJA7Mig8b2xyYJv0aq2nx
+aONGptIRkAMsKeggPDKCE4y7MBgSnCFMdSQUmXcnztdSTKiLUWME5JDQyHQ2Z5CI
+SDTZZY6SBt1bb2DMI1EpP0xrVn9VJd0magit6V6gV83E3YuRr7bJTh60uCJ7h6nw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem
new file mode 100644
index 0000000000..12bd21cad4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B7 EB CA 1B FC C3 8A 4A FC 54 77 73 A9 9E 4C A4 C4 56 E9 9D 
+    friendlyName: Policies P123 subsubsubCAP12P2P1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubsubCAP12P2P1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P2
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUG9saWNp
+ZXMgUDEyMyBzdWJzdWJDQVAxMlAyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExKTAnBgNVBAMTIFBvbGljaWVzIFAxMjMgc3Vic3Vic3ViQ0FQMTJQMlAx
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9X8Ddrh9jmdsYRFm28y
+92U7sqI995aXi5l+dZtIFpZebhYISF1OlBVv830ZcKZgW/npnqbTX4irRR/Si26j
+w3Z9DECHDLWGnAee+O/5wRNuSlbJzfnJfe+rNCPuy0vcAJhAfz6RmueuwyEdy5Ss
+isw92sb0e/UfqKq1ReyTpHh3Q8VDXse5kph0A753UY/1ZBZbPD7/Q/LYrRRnDhLr
+SVUOg6Mlfu93+jsuwFgcB8VIkd9rdbFIkuxS196/VqtycM+KYRlfYz9N3dSUJhzQ
+pL+xYfC7FRySc63BVFRwWYXd8/vmyrwpoGd8657RRp2/e4gp1avZZ5A4mYoPQ3Pl
+kQIDAQABo3wwejAfBgNVHSMEGDAWgBTp/LZeVhROBh3RMv2IYGsQ+AUbaTAdBgNV
+HQ4EFgQUiSAXhPusuwnX3l5enmj2OVAfQIgwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQBzP6juBoRYCOz8FzuCovzw5TK/XNmUtWAVYOH3mqjqpP0BECuSVbuZ
+BaSFm8IoFE26babq9OQ+W6YzZd2hcJOAQQA6yLHs20Es3sYk+sWpduSgLNDpf6CE
+7PFzgvQ1vwnuTANNlNLQcoNQrA5OYD1bNLnmZlvenAidbNbWDORDTiyL86Bc1JF7
+gKJFTet6SFKnVugZKWz0qcexhJtdTW6dPS7yZ1/HJlc66/KGPvD3Lxanz/qY5ZP1
+lg/32kPI1xOtoh+sL23f7iE/g/UHY6+yC4Ot4ufgH9j2wdAVhkclavvn4y9yd3b+
+nHGboqWnBZgQOPY33l7TvzvZC7bKpT5O
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B7 EB CA 1B FC C3 8A 4A FC 54 77 73 A9 9E 4C A4 C4 56 E9 9D 
+    friendlyName: Policies P123 subsubsubCAP12P2P1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,74ED1B9167B80CF9
+
+Vfojb2l8T+nyB0oBZ1ZOmouMar6/f/5RaKVL4YbrODk7vnZWW8aI3p/ROvlVj+nV
+vASmxrVVQAPe/NkY741eBEjDza7hL+WMUiXUVsMh+M3iYUrW1HOWqyPBWpuB893U
+OQShF2kFJr6uquJr0lCv9VfO7mj/PsvvCU0R7B7L8xICPX/4upR9oYqvXYTCEvml
+wwfEkYgcGUtgUkMZL0q5oRevrkcZZ7a7IUAiuHfLB9/6MFqfLp7tlaT71YIJuceC
+XOpIFfs5q3MLGwD0thK23+Nd8XbGZVk+da5eOQe2PNbQUo+Vqy+AQPirTMhY+sug
+N5VbFFeFJGp4kH1j5L8aiQTZDj5AnHVX4Ucxo6taP0GypjPrxkUHS44vhYWG1OkU
+O9zJEY/pBSgjqBcLo7yzz/Rb8Pwa3rxMKpr3lffx8MTiNSE+zDsjVHtSWR/8oBLV
+7zL+NugUKQ5wZfnoNeyR3I3WmOqqyTWdVtxxYUOm9+bvt3rITYYWnfjtsoEfGtUT
+q5ZCf6CpHvZqx/AlnlpPGO/gwSWAWBd68Kn3JZ8gGwRCFS5VyMqg5M1H5LhZhq0l
+4wh6D2EiVyDiNa5Nf7vIzV+CJQOLtVCLwXsqzOiEVCTEpf/5Q8JbZgrawnquUfFG
+yG9eMXgBOaIDdjkUhrPv5vkGk9wQXHdGb5dQ56LTBe7RXVkQnrbZGyFF/UXfmWnN
+YpVIR0S7/ben66DxcTWRIG7URRw0zHXQ2WEqs7g5ha73UJc8/iM3U4kN8NCHzH2K
+AnKEew037xju3MZCNvqkf8eJNKY4z10C2PsVouZV9LC0mmw1diJ5PVXrQ1c4bD4m
+K1U0XMr5qU/Z2sm3WmIZA8Z/IBDkB+lkhGalexT1HB4Y7uTG5NO4QJuCa2EV+uZ2
+trY9T0rOOJuqi2SH/e0q4emLjEZDinJNnkzE9H3vOX0xRDPz2JrEdwzfZZiEvjct
+ODQx37tiBPBSWYurkuGSAv466gjtqW3Ob4Q8XJ5R/f+e+nJN8T06RYMYkJfpCEGH
+bkO05LWKQHMf/Gm61aMBpVKtxXn5ESHLc4Y8DbMUYrmOvUEJmcwNslk+Yo7iQNEd
+ZfwAawTElj44YMhmPAdEWVmpKW1952oprbb1AvDqdnABKTIuzWk1pi+G0tTY4hMe
+o0a/IuocCE54Qb9Oy7zusnQFqDtSsF6gzaTwDl7KUb2ax7BSJmvJJ0tjfWLJYPov
+FSm2yyn58sK0V0p4yxtURGAGk7+otqlHbKLo/bCtSB+aWRqw3QPpqIY0Eo2UqQUe
+vtQ7zyNbX3ExBQqNv6ZxTWYfSZloVy+3Ydbtus0xIdai13YhnZi7egeifdYoXNAQ
+8dsqW0n93FayR24R8PPFzBGwHJOQ2evlYZq+bo4A/RThQ3wsuI/1RTHSTfYnuzjg
+ekj4Xd7Ly0EmfOLOd35WB8s4qSwJWGQxO0gKQHZZywJpk+VDZ/olOcwTHvNmiDJP
+/PSs4OUFNm8btfpOmlfqfbDxwpFrJt0RJHZCcrh8pgg3soKKqhw0goOAU+I2Di/n
+FurVfJv+rzmO92/dhdazwAAZr2a5S/FcwG7OaEmjBKt7NVuS4sDiJg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem
new file mode 100644
index 0000000000..90120378cd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 99 E2 CC 89 93 4E 48 80 0D 84 E9 EC EC B0 1E 67 0D 58 9F 68 
+    friendlyName: Policies P12 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBJTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D1BvbGljaWVzIFAxMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANRtyEq+rl+FhO+NHVJOJN2OiDDWN2do70bXRgbSRM+hytvZmhVtCwdDvrc66wSo
+nq+/5yMnEMw2SXzpsk4beZflV5IWBVo2TF9jdoRa73FMzVcDIQigT6JZUIGJAmTc
+VpfXbAhGXLpGdzCYV9GrkdWneOLn2C0vtKA9pyBO/60o1J5o3TMGfD79qU/UhZm+
+Up0jlotpuFo/wi1dInTyTWLLwQTOLHl92GCON+jQ7myetjCy5OPSi/YetgO1ivmF
+H6pPE7GClTgS9wKHlsdAKD/NvhJHRXKvUBV/IRo0wmYSbpPmDICaIEAT3jr9HV73
+XN4PkOkI8byCf4uD5zjHA3UCAwEAAaOBmTCBljAfBgNVHSMEGDAWgBTkfV/RXJWG
+CCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU2F814prBNyomzoPMcw5wFSo64jEwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADAlBgNV
+HSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsF
+AAOCAQEAkmpY6Gpz8ttXcYTVjZJxtH5HBhZZ4MQjPYWb7Yoz1Fg64BUeuPum8KIH
++KoyJFYJPmQ46Gop3uqosBj2S3kZ9zmzOd8PIBYiCn5iNZ5GzNhKvyOICWWD4nzH
+mIh0MLjON9H5aOKRPYqQj2R2vqyzqr5/YPPsbCAIj31a3XrEVN71161aPOn6wVMk
+l8/NkC+xtLzqpFxNdRlaAdmf7eT5MRy6J4GC/lf+YKp6RaPcLQTjlzTjF4ABxDbj
+57GFiSn5lzz2/eWvN9i0Eg6+LhCa42wJj2Iviruh+gVOqRe4eLjIyVcN3BwcwFCY
+BlFoAnTVg0CnLeR4swMjKUmHU3n86g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 99 E2 CC 89 93 4E 48 80 0D 84 E9 EC EC B0 1E 67 0D 58 9F 68 
+    friendlyName: Policies P12 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,477909ADC8726F67
+
+estbwupPlOnz8dKiSRcBipIkO9RbXHOdsiocDzIIoSd9mSxcV7Q4LkWq5hBNkbe0
+bCZwOR8QFGfH/uNTGkohgl21Z/m5MR3lirxC29ucHS6F55Z8oqMxs92RIsaNF8bt
+9vwRRRtEVofwuJaUovh817XZZY0RqWcSmmaEA4kmRTdAIzmxzCRme1JndgBiLra+
+uhS7Z7cj78INoCGX4Hef1ctFw2WPhMU4tDcTugQqaWARAPFtMjI13vdGreQHkj/j
+oLrx/MtPGOiDb1UXXHJtLX95mX+6AX3gCI+x8A8lgtvzPgHi1H7bnutlSXNlbFLS
+KKUwJTFVH1DYooBfiho3+7GLqjHBvT2LgsLbiuzNdzle/4ZBnL36ey0eIcfk3hWj
+vdwD18Arqp9SfR4OYBx6RQcevCkDZbeXI1iUyCbGPJ3ii1AfYtve5fCU2jORSWEt
+oZ35/cBwyK7qAYHaobEoIQP/qiapCBACHZ04BdZCbOKmK9cxZDWQM2lQOA47rrYs
+zPxhwOA2syyJsOOETEB9ZK6NwGHQ7A4pw5lybKZWYxXV76sZp5k4DK5ohbaOPz55
+61JkPY76bJYFYdHt0hp1OJZQm9uN//gd5MTHRwhVgR8p50Vv/1F/JoHSfKkqF6Nk
+YQRJ6q2WY+0dDwPFcq6dcb0vQtheShnpuFO5qUluxTzR9BIzUHRdYNiXCbL8rUhj
+uxmTHe5XmCYExo0ZB3xr7RWd+f70qeWQegUdsPUeHJ/BGdGQM2wOM5+JhhhIEHXJ
+HlwbCbp5AjfNxhxv0S1xU5xSNbXWZkFL3YcCn5ecRnSnxYvgx7WPDxTiIx7WX7AK
+UxpwAp720V52rg2tPYfiru1Ew/agJdcFRKd8APSf8+9hZ7PvpAw7YPyBX+UbggBG
+br0SyzR6ERfcJTYQoq5jRT9Wh+dJMiQ9RZaBvz+PUBRwNhzEM88zyuKYI9TM2T9L
+3kadHiAl9KNNGngJj0FamFNBhhHGa1d3x6/5dLo+oND2zYmaOjEiN42vBR73cBlM
+cl1IwBV7zpj5RvLRrIXQeEGirzPYQqI4Sx+v9s9s7k+Y01qEKNlzY6hVJS8cDHaB
+wy8zM3BVocNGw2kQ+HEviO2QnfULqUsd4fS34FcYXkLX1socBhmf2tOqSkztn+Hp
++YpJs9lQb2ZvAXSSstUghAJ/yarsFDmTFFY29kwr/sloVc1T7YmUlWfgLGlPqByM
+sV7IJG9SExfCDTLAH9Xd0XzcNhSsXhDzRJL6OtL6dZsPNS7vxoMVNPPzitMDtfau
+Oo5ZC6EmQNc1JcxAhXghQCrKjKU28eAbX6a5cjeqzvatmVvnfGWZNENhPVlPu658
+wYO5pVGT8wISe0QZqyLLMN8DMSBYZd5LT8epY13MpfWFf3BcTdCMbqSxijZo9ll6
+eWrdc/6IDKPx9wpyadrmf36/I/QNzS2VakhQ71z9H1QntqUuSoWewi29HWpgStNL
+2SRnRGRKygqy7kyrsZTx0Gjz0lXnQEUhakHxcFjReN5pkwbTpkmnqurhuXbJQhDx
+8xaoP68lOAlS+IWBWsBiMu3OoSC20hwnCPcrmrEeUrywoE8oLGtfqPwuLT8xVY/4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem
new file mode 100644
index 0000000000..17d257c76f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 2A A7 81 DB 5B 2E C0 0B 4F 80 69 F3 74 65 99 7C 24 03 0C C2 
+    friendlyName: Policies P12 subCAP1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 subCAP1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNV
+BAMTFFBvbGljaWVzIFAxMiBzdWJDQVAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw442fdRTg6Jv+ElCoFqKteS7oejZSQ2gkdvxjcCLHsujyZxb1Uoy
+vAnay9r6w6qOTgsJ4I1YO0XSRJo69S84jF2Y1/M8CdYS/cCIFVLaB8dOFz+c54LM
+gVkNJQGCDJJYmGWWVIvs/yEPX8wIticxl6EVBq/UYhHHq1bvcHi8N2g/uzn1LHWY
+rW2kPkXNbPkA0yUR07+sN4yL+xdi4Lp7IWAYqFgtW9gsQDigqeiAS33gTs0njsdZ
+6omNaJpuKil5y7ml94/8QJ5iJ4V1MFynga6h7fObSMvW8xe+CQY3TPdUe27z4Jf1
+O+ndMFxWgv3rskq5nTsX7lTKjKmGOHB8lQIDAQABo3wwejAfBgNVHSMEGDAWgBTY
+XzXimsE3KibOg8xzDnAVKjriMTAdBgNVHQ4EFgQUIp7XDrhIzgkOOl2+1k1YI1aN
+y9YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
+HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBQYlzL2nonRz75w9lngMPR
+kh+gIpr+MuOWEaWVYdYv61En2N4HIYxum4dXM/lobJlD3LtNfAwY5MLSld/7xpRG
+/KGJ5VEOg4f5J8cnBoBSCHKJfm+udg1wYz4nsIpsoCoUueLLnaIsJNSIVH/OrcGx
+wcWdKax5udzVGm7v+IKMyn3+S1By3VUACGY8XyGtzeQB4cR2QrhRhoxyUJ/Wthfr
+F5Ust1dUVtCNIZ8BJMEcSTvAsnjzNbmHudj0/DiAuXMF4C3uvUncoZsFoKw+VT3o
+FBsLX1QVPwaeXRvzkJu7vJyZBaWxvm5igkpqCni36UY+oa7OlKzLny7JNGg0ZJ5d
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A A7 81 DB 5B 2E C0 0B 4F 80 69 F3 74 65 99 7C 24 03 0C C2 
+    friendlyName: Policies P12 subCAP1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3B926AC0E223F935
+
+RwLOUodurgoPZ10EUaUobg5vPB5zDoqYjDuRdrDuB6cxiChkZ8vxBPm9mcKpRSPH
+0pahHhjJn++OK1hQgCag0RB98U8KEXuix1lrt16yW/PuXaACx9XXOAgM45SYtXJu
+FlMrkdj16kJIFcM8Za3SMFPiBaxDT3q27+lNuPRmS9kwbZugfqil22GBQaeLhwn+
+Gbx1J0waeXLNFR3maPWcu7mzYajNkJPD93YaHp1/AQQgXEbHmZ05JG8UWpbHBsYO
+5E25H5W1lNi7BDd9OpIVQaOCAwBgyrqtbf8Tlt4F+HbSb+KOf00yS9zkkE9HBo/T
+a34S67e8IoTQwHsC8qabuq3sSK8iViHTFCVt0NCZjnGkXBAzN1pTbtsQE41fiklt
+bY5G09GkO1oiqnIgujGyMEw3Yzzv3uWSDnAQxvl6e+cdWuQku9z4UTcmYkkjRR2G
+CGGtF0+bY3UpknUMHu2AW53bFXgc999JXCCrJteMxA5DYkBXuMbo6AT9o2A2d+D6
+ZXaoRqrwzNr9WjYSIVBn4PW/7cuV/tt22A0EiV5HjDoqZoMPwZQ3V6TgsWojkZMb
+JB9il7iaGBvmkNfHRcTOOYYE61fEzv9rDAiKm5Az8wuYpAecYBPhUCAprrGqXOBk
+bpDVJ+X1bq9EMYpKl27Pexc0rIXCFLh266QVppDzuGBwITsjihP0V0ljishfX2H3
+Z5WSRhSG5chILWnMc9xj4fMsMvNR9+kbRjRFSMupO5pLyTSIJ8XSzUmBYZLNXnaF
+oX2dtDbyCVw8pftJaWDBjZfGntm4Di1U/ic0mmCIT5AGK9sAmSSG5Pb4u55VuUw3
+EyyZlduX7OMArSAHxMmTwA5i+7Fm5CHhXe5Og3Awl3jU8UVvocm3tAMIbiucI0oh
+jik3U/3ZcNJoogzTehTBHYsvLa6ZYkw9duRHvCWalWJO93cfDmlssdu0PceiCRl2
+p1QXkqe1XercJkaQWAEbW5i5Q1UXQNSRA4Ab6SRxRWa06agT++cVuQqeZJdKKzmL
+FxASyjYCi1BTVLcesIKtgyK3YKS1as/BXw4R8Y/XZa/o/KYx33Fg5IcWo64DoLrJ
+XZy9UgqIIfNBZlyqj1Lhf3nDY2jnQlCbz6jRnc3HTtOSWzB7Sf92JT6hThHFbksC
+IQFvMWvcOh+rr1M+kMmmpAv4pn0TbKZ+6XqyvRKpUc/6D3pb1XQ8jCoKSoYvnv1K
+0WkTA+BmP9uhqeQM/DPXxyNLnSxDXVM/prV/Zk6muO9J5/J3vqVwOSlX/d/qnaWZ
+aXPCz8S5u5g1T+l5mAhu6RlA/zQcC99cvocObFrTLcPcmGLvOJKrrpIJqUDxZvD8
+JTUNo5ztAnI64gCQmzbIkeEue9qMlM2iyS+ihgiaYbAS6adtfdpC78nqwcGg2cN/
+pSPbrJx95ydM7MdMiQbxcJXEpWc1iKZ8jBhzZtaKmkwnNNJu2mNDgWhlMILV+MLZ
+ZfWOyJvJegtBUJY0seTv92SR0on84hmpCvNf/ornBIEyeD9US/Px7lzgojV/ST0F
+vtcP1DBx0Rr6D0bu+uq/VxgU7Z5ZLrTM0uDpGh09s0jMqI8lYJouKQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem
new file mode 100644
index 0000000000..e7879f759e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6B D9 E1 F2 73 99 FA C0 63 3E F1 B7 35 05 BD 8A C6 CA 41 B2 
+    friendlyName: Policies P12 subsubCAP1P2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 subsubCAP1P2
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 subCAP1
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUUG9saWNp
+ZXMgUDEyIHN1YkNBUDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBS
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEi
+MCAGA1UEAxMZUG9saWNpZXMgUDEyIHN1YnN1YkNBUDFQMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALcO073fv8c5JQbdcjDww0pNGK2g+usBAvTQmcWh
+Z3JhRdupod8gbYrEkMWebubmwz0qpdnMT9DN98KvBxnvzT1qUqAGv3XcUjLGg1mp
+AaTvkmSxHmABma74QKv9v/D8VfvHG5kzJU0HPlnJZy9yVTZs5pqdpKdE/8SkmtNj
+0fM96XXKpmprpuCzlhvujpi+3SQSbrXFK2cFgcXHsRp+chRmb3bLhg2W+cyU+Fl+
+YUMr24pljeGGZfPkTEmjXBxGsC8hYjwVWAp6Mpf0UavA9esKTJcsFHn3rMnbBZvx
+vgmV1YNRBo+CmUmH8QWceZ3AthN43SXUPsFDmTa5ThAXwskCAwEAAaN8MHowHwYD
+VR0jBBgwFoAUIp7XDrhIzgkOOl2+1k1YI1aNy9YwHQYDVR0OBBYEFMelN6fQ+iTl
+fN/b8l1p2+7K9pnuMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAS79LmgcD
+s1pCo0RLnthY6dTlCGa1z1TVOERBuf5VWC4mO6UdMZp1ahIegjocC5KJzypNyT6k
+IGSP6NeBN9rDF1smYx1M24mdV0xzQlEG1lcY6fetIvaC/U9i9nAIqRZStNMA59gW
+4LH1ctSlRIoErJFR/DsKkDO0LumnvCE79qs2PikXuJFPj/tD+KnSFNhZkCL4UJKm
+X7g0gXh0y0XQQUqzqwP/VoitGZJZ8ZeNvnQTfeMaS8z4+2bIMzdQN8AyVtSpWtnZ
+05VTmnYBCfFjx5z3f1srHvG84jzAedaN1Kpnebds3wvLW2ud8J/3t/mlLNmgHWFD
+jXYibav3P+Q6Dw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B D9 E1 F2 73 99 FA C0 63 3E F1 B7 35 05 BD 8A C6 CA 41 B2 
+    friendlyName: Policies P12 subsubCAP1P2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5911C827AAE9BB36
+
+tNsN0h+pBaoaYxjnxOvt75qBDO7vz+EawZ91cOaiBqDFSkXBLNpX+6vlzNFRe2Js
+nooSRFh8snOZxZPRa8bPmVg327TsL4sxVq+fpxEKGdevoOnFlMjTbX7WLYQcz/Mq
+60mDQUyvO+Gp0jDjRxOduCUHvzdB9ZoNmkNFuQ41pxKgJ/HjQ6djXiCb4REhhjbL
+lPEJshawWWrzKs3WVkE4xsFM9qoK1lbQ298XGKtWRdx2aeKjkTNbY3ivDfbMbpry
+deP2eEbeSVoUk2JQyqQMbhgffguc0gklEs2x4ioiHFmzzY12zo+UEaJ/8lHKFMBB
+Lb9Y1Ty2FVlnF0nt3bOTRdOjOLS5iePU0/mxQ6VC8OxGo/E5xDjN1JNvD1l8Z/kn
+Wu6Y9dmU71RYCzX6mO+LkJ0C5F1IuZmQjm8yzVj+ySoTNftryb8H0j87q0Yv+K0k
+Jc8YU3ivqIhwKf6Y+UtlyIuGy4bWv6IdleHeEHLUntMPW8wT9mQVY+PvGioZNeQz
+Khm+d5xTV/F2/2OVFJRg8RFTHwvkt/yYeq/8DvkOVGgowptngoLWJsnFiQS/muL6
+99CTkY1Gbv76JovHtILsWnXETar7m6N0UjvDcDpoWWWsOKK/OjGcUU52UPveL5C2
+tHIu9uT2ZjjPXG/XZUj0kIWVnZCgj3ipBRAIVaMBwx26oQlJVSC4HBSblk69K1Ts
+TghKKVR3tZi0ivkULcvKJLQq/RBXpRqnZUUjgmrHG9STK4jtuHUdkkibJqiEd578
+7UYDtXdRll8U4HfeqVz0X/GEAlsRhHNRCHtJVm6zsp1TnkPGmRe0RCZH8KoLePNe
+2Zi9lHwtG58VX3/yk2z7yOejwanHyMdUqu+bcRv/J60PDIWrvB2uxAzhg9DYFEU2
+Al31tZ70OQRXdDxF6Ap/4KD8s+otpwbGPT6qVYY3FDHTr6wRAeLyxI1pvSzRIVKY
+Qm59iuDxA22q/i2YV2Fn9V2pxXKa0pgfl8yJjpq8bObVSgS+Rcb7VBqLJ2/nP5vc
+BkbVOUc5RL+NZRaSJoyf745XRK+GmEHGGjnT3b/0s47kpZcYWaJKX5EOk5JOgTK7
+acYyT2+HpwKom34EjtH+rhaSUycePW1/GWcBlD0nUZAld1+SEHpb/CZwyD8b635k
+g2rWen1zrJSXRxxyxDEGMfQeCKX9bW8PovbzyHjNc8CRTQiI9ekxgguTikmhFeM9
+y5pM1qRP8faCqsXoZohinGuN1SMAA+boWZf9KSMrDuO9EZWpDzLx3XBgf/CqahEe
+aWuIfUQ0GbBIarYaWzeH0YDXKsjTPChRKEEY5E0m8egB3E71CVMIsHf8Yg+pqpBi
+TpCnMF82ejSvFSueaaiASQRl/+FyOdOOPsxm7FdHjiKy8/WLDCzDymXOp/oy49lP
+FZYKEuJl5K3q4VI8o90KGvbl8RLt9MeLKYI68cT4RhcD1JdB+pzPbVDyf8BYsNFX
+K5cfXVbu1oLBpR0RYv9u8QR5OMFTYeMpoTtGaeqiwl+2812UgYw6dCtGThDHUysD
+ypUueOn7uiA6LqIne3BB3r7uI88ieC6N0pm3cDhBsnRy1rMx6NUWEg2dqzr7J1ti
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem
new file mode 100644
index 0000000000..e370d68fda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 31 29 A9 E0 C8 DF 5A 0A FC 52 44 4C EB C9 1F EF 87 BF 5F C6 
+    friendlyName: Policies P2 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEsxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRswGQYDVQQDExJQb2xp
+Y2llcyBQMiBzdWJDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA
+1Xz0YVwI3XzROYh8YMIlBawvv7A2+T/y3AJJ4+yHFGsIYWOnM7LtEfERfkeGQlSA
+g9ad8IFH7vr1ZRl5SdgULBfmHAvEz20vdqFePL8ArM0mOuZU/pNNc7W+MgMV9SxL
+5dpwF84+dLuqHVXtm4HNgl6Ov2KxUcAac88mC5dH2cacGFGSgeCdTlmBioRNWCNe
+L9pTjpJ1VgopLB5ZytlScV5p+NgihrnCkRKZaxwKX292SXyTbKLCr6F6OTzbjzX+
+qOuFUPfrJjMISRlK2K1oa7d6FN8bI0mzc1RKiyLRVc28IS8QzXcyNKoS7wAE9mBQ
+8zTn3YfQE9ml7snMbH5PAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAUWAGEJBu8K1KU
+Sj2lEHIUUfWvOskwHQYDVR0OBBYEFBcs6gO4B3eBPWWlvzMfzHrSmPy+MA4GA1Ud
+DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAjAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBCwUAA4IBAQBCi5qkuqZz+Vu+
+Up9cFMNPiH4wEsAkwBs/rDcvCv0yHjpooTNz1Ra91TjgKPnqfkFjO4j9bKQebLAo
+lc0V4O4BP33UgG+jl1zZZVV+vRtC8c3sXDLyQXB4OmR1D9DDol8zgb+NbXn0SHPe
+3a+qmtBultEnrDqIdKl4cgZPKDioiEyBNmORsg/qI3bmmgS4U5LG9QI1HMUmlEsU
+Ccb7UrMih68eQ7lvITV3FRn4x+J5Eq55+gkuWTa4rgbPrjuAoTCHuzt1QH+u6kTm
+F00F+dF0jKW90XMIXq8P7OcUvQwuNERJ0Kn1NXCpyRhNMwW3BzWLT6eRJrr9nU3v
+Prz6Og6z
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 31 29 A9 E0 C8 DF 5A 0A FC 52 44 4C EB C9 1F EF 87 BF 5F C6 
+    friendlyName: Policies P2 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,697AD95373C83CCD
+
+sX+rlJImW26DSahjR8/AXFABLT4Sa9M+S8quVK+yGb/1ZlS6iw1BWE1OGOk8k+wz
+TyPZNHjTdbljCInaN+TNqxwkj7QdEdXvPlBdpp7zwnasKVXHfRubnIc2E2EYQf9W
+ydBpfH7r+vUbYNfoSJymA9XusFvIw6Gn7HizzyM4f6oZKxn6lTXRKo0rWYKCZJYl
+OSTTRDrTQlJyrGvBTUN7yoa4PPIY7UqTgqS17FRACIf6rRKlFGHAjVhtb1vpYEQH
+xMM6W+9ZXrn4U5iHfxYkhOXttCs7XQ2+4fAO8A4PihuiajYdITI8vyuKPUps2g7m
+SLSz6al5uVncaJcDeUpJ8Sic07ZXwvLjr3gar9bTMCd6DZtFcRbUq5BhAHTErWOK
+dV9qSlN2kH4AScN0c7T5Ex8dtR75I6geW293cdh54TRGcc9H+MCBIoc1cQa/ixzR
+eKbu1mQ7BDRyInMyLYQR/PU/LYieM4VhaJV8+MC0WWrWAARcEtUeaCbEQnL5vN5+
+vyz571ZbIkET9STEo1WF/+W8U3umO2Aaoi0hd/eE1F4UTpUUrJsWFUASMlHcDfa1
+ikcH1LOR4m2I1ljCXlxMT9oRJBlocyVYjLN+wO32rU8WGeoAgrQa4sRLS/emNYX3
+t96yeCkIZ8H1nAfQtyhioqoCg2fEBLhpewiUexu2o2IknJjyYRj38mV4SrtJSWYo
+whV3SndcmaSWrf4fNY1HuEdzWPq/YdKW4TWm2ptD2v3Eq8xLPCO59lQK9y7rvzk+
+B1qoSFYME5DIWYn+yId/dhEXqqprc3ax3ki5HM7TzNZxZbaYlnFZbZDHBpvGQKHH
+6TQFCJBIzPQ7UfLxFHasc0RkQgcCWKfMM0Twya7GRYqAIcPIhn2a6zQWy358orya
+8GYjKZkif8thbVfnrXw8KKlMrIpjgEhbawD7djNp89cfoEU9ZNTVMS+z73pGiiGt
+SOd+2TvsPI8l199GaxHHEh1tKcxvV4aL+s/D4cjoCZamWOVDQmZLwKWhA1yUbL/M
+h8Oqwn5+FDXXSU42ywOT3geipg3dMLefxHD53D8yYURwDOZq+f0svO65nFuNvxaa
+dTt734J/oySW3hloc6cx26mk2b1V7/Ne1q2WXnBit2698M0A9hBRq+cE8eAdBSO/
+l4JpGP8CNXt5Pr1WuYdSN50ZJBI1XppURb7O0h6CDQ/LA0zCFPBYOHC3wmg9cVIG
+en150Z4D10v7Zd3yM+Kj/chVuYTff19iiR+k567/XlZkUsK00bITAwF8gaFY3LJH
+k3mpmpyuqxDSLFuZDY4n6O9yPuJJIzPMwdbVHCxem7Cx4fknG4Xhaealcbu5c9zS
+sxwOkBKyy8aLxGHMba783VNOgBkIf8tVaffsXK0aUmWJiIr4ZPVBzTtP0v935t32
+XTj9B24T+N25HSdTwRL3HzWzNAjx5Ee0nRyoPltAmdQ5/82JrSniOf7MnawJfCXh
+mR1woS7qLblTx4FYtOOO5qMIhcOf2aF0Rf5N2TYgl0Uf3cSpV0JKFfM5yHNgJfXb
+3PThx6JrE0byyiyRxHiF7Bi58tWkxVIk9m7eyhgS+1xhOmlE4Rxta0AmXTkmW1J1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem
new file mode 100644
index 0000000000..4e4382abbb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 37 36 52 33 7A E8 77 97 E7 C4 84 96 23 ED 18 38 6E A3 FC 01 
+    friendlyName: Policies P2 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEoxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQDExFQb2xp
+Y2llcyBQMiBzdWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAONY
+pdHnfkkbKL2heQlsPDaTK3GP8UpxbIYB1XqtUGkKluuwcYbuk5IP8Epdq/PjxCzq
+jS+3tTzOFpNKRk1722cL9fszIEVupG0F69OvZ3LLiz7UxvtTQcPHYdBrOmuJGr/j
+R9Qie+7F9teXcKCdITo+5Zx65qrcR2GWoG0kqorbgEg5ckFeKoe+GnMJeR/HyzhX
+LQhi6BnJEwjFCmhcTNkdxUiIEOgNqV5A5mxYq8Q48bTaQTBkU+1UanUriLd0qcqN
+3uT+ZlvFU29GHZ503xNV0YMisbl4VERoBPZgJb5nIZoPyejMkpiVMTMYiIjCpzwe
+4BRFEJJNI+5NhUrReDkCAwEAAaN8MHowHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2l
+EHIUUfWvOskwHQYDVR0OBBYEFF48hHOeMHBycZiugTYZ2yIOfK8DMA4GA1UdDwEB
+/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+AjANBgkqhkiG9w0BAQsFAAOCAQEAdGtNBQ2x5Q2dsg3CvXxLjMO5Ij7kWTJ//BY9
+2QuZ/zZrVlYdCn4zquXXdGo96fSqJy4vK+ERQCVk9uHNs3jTSoQRN0vYGnKoKt85
+rEeMDvmahO44MQaOZlG13PwlleVy598Cu7Ylis1mnq5s3oDozMau6QZZIljdt6VE
+OernrHHcr4EmEmw1HuCIZZf8xcai4hqcrXw5GJPGr34uU6fedvmaKp1/1WWHPoEk
+O5CAiMmo8t/yeYWL1HmVkwvEwHJ79IXZFi8sIyO/8HCufS6DD1FthFlQfBuYHdjo
+fReXC5SMPIxbpHXMAUPJgTwm6HoO9/XW0WzLxCXvu9pMDDD1IA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 36 52 33 7A E8 77 97 E7 C4 84 96 23 ED 18 38 6E A3 FC 01 
+    friendlyName: Policies P2 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,203ADBD94D3004F7
+
+s28VgMsa5ofnjYv1TT+og1HmS7mZp/DahDg+fL1UdNhM638ec1lX/ArpfBiDXhW/
+KvdQk0I1bsRdpdDYeYnUAARhH3Lj45Hnn935CgpqKVrUiurhLdPUel7zVyW7UcyZ
+7CAAtFJKmCXKutlh73IdNP2g265gtzyupMsm1+rHKx8xxt2J3s49IltaDbpFgjPK
+tpQD2SlxlJbp6QY/hMktqd3jojCz8wh3WZLEC1Wj1zGPNgl5CNtebyb/8S2itoy8
+FbV0xti4shjNR2MQGAw7YYT0B+cyt2E9duv0zfRNLzp8rS6G9wHe9wPtnga+Qxnb
+ZPe7kvQrbxKBZEqKeZKmtI5pHqb1HXNnr07FvWDWIKt0H8iHTzd2hv5fA7lQLJEN
+iGdbl8GzJpANq086bNvnZW4maGaa62nMiCm2Ei/wLSRZ6Hv3HZ3ZluDDnOaW7OW3
+dHH9V5AwG3uDLvTgZDGmixcv77BKAdD2Arcafrw6Ii/XFcLHVn3FvV6xrVP6iY7y
+7XtIt0U22jXBZdcLMiw+f62EZo33K0HihkHEN3jfSMC76e/hgBhwh+XwxB06KvG/
+pqgHrwtQE4hY5s9Pv4kBucpl3CTYieD9VT3kQD6q9Od37q0HHWl3xqX7hvM7K/pe
+mkwpd/ellCR9nrAMuAs72xlAyJ9zVd/OMXA0NxzNxMplOiYG2WXOUAOqkTLt0tq+
+8ILg9pttE30zVHhjpVTZnGyTYrLKGnxU9Gu2QwGlKzBt6mTsT6PY2Rp0hR3RzMSG
+cj97CRBZP7l6TWBYahoZEXkL3AXGfGJd5EkTOnX0PVOe0JRPVd2Hn4AWc7uYtGr6
++1vXFtYngq76dSkErvXwKLbdBuvllFnj5xQbmcVv8/nvCzAmdhcIKDUDhBvZSYno
+kpcBE+1+Gkg74drj3ShYQ43z0y+uyKOb5g3IG5BsEhlEK7L7TZ7l8sFilRhY+oMJ
+g/Wo0aiLk6INFR7CgH8w/r8R+4uwwXIKoS7BvyrREfYJWaBicEld+AxiWNWS9Zbq
+jQoUPHup/cRrX4IpO6eMmWOT5t/anONjWuQ60ZzLVLi5pSFSKFYO2mMcZyH+zsNV
+G7xYMFkqeMr48xEjQTMuk+peXYAndmvy2l2Z4myFvjttNjqmMqffo2+iD0UX/jmh
+fzzHzxvptCdGd2uNGw4800M5oF14yI7GGAF6IqueoyNdnmRUujonThFvzKUe92W6
+GPNYtA9V+QN/ZJ4BoH40tb4L4MFdHWtS7ZQiIFdglbsHK+o1v8ULfz1amjI7XCXv
+H78Geg4CXX209lwW5ZXa9aDYWsuy1BnMhs0xqa3dHvUf5N3QvSuheljopo9nS7Il
+FU6XbKnpxUHOkJlJRggFK35z2FFe0lpJIbDBl8Zt1CoXXcSXL7VyCPxtQdVgrygI
+a+OPnMQ10ibIksGEbW67j5iADURrkN/STXToV9d90ffgsAZFH0isr4Dh7FBq/vn7
+djqLZk8s8uIjZD7iYreETwhdaS6zy9UWXkgblam195/AnA+qdUZUFyTXtRzII0j5
+UGIA0wo3HKiU/B2oZMvaErkV3sVgsz4bLN4Zs6JPIfYh8MEOBoSwIy5AN/ozB2b8
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem
new file mode 100644
index 0000000000..9155c3f497
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C4 72 AB 1A AC 9D 3A DA 8C D7 3D F4 EA 8D 94 4A 8F 6E 61 CB 
+    friendlyName: Policies P3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFzAVBgNVBAMT
+DlBvbGljaWVzIFAzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+4HTZ2qzQpYWTz2Y6/AOG/uDqyc7uIc/bltDD0h+0g3c2Y1cK2couvrTwShS8gxcj
+2va9m9EdMuex5Qk0kiekGoKNmWokKAKxTmVeU8fAgcPz7NJxLjsF4YX7CVVeB4+J
+YeOwT9i+4D7qQ0JjZfmZCqxJIqWKpW/U1C43QwMh2TvJ3EIAFwLpHqQpZanugNJZ
+Ljf5Jpntjn1dLFAvk086cx37dNn1nsFzy4pOpzSfMYK20rHK0VGtyTHc3AMR4mjm
+q2SOv5Xrnx2uI41HNxk5BHvX745TwS3sUBMWRTw2G8DMXTy1HonZxVc84GWDW+04
+RSpgPoh99Inz8xPTTNOTgwIDAQABo4GLMIGIMB8GA1UdIwQYMBaAFOR9X9FclYYI
+LAWuvnW2ZafZXahmMB0GA1UdDgQWBBTYBassoIvDktzGrWo/v/PGmOXc/TAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAXXC8Q5AzwLws
+Cynt11pa7Nl4I15DzEd661tWYavZj5o0OH+dKdu8kGRaH5fJi4th1oWdJ5V+y7OF
+XivnxP6fZMZy0CJhLZhoCm1O7y6BsM4PMOFRgZ7kPNgoKTaT9tMmGXTJDsG+x9ph
+/Ro4xL/ZAdREO+fN0r2LmyTZ8zud1D8mV4yrWA0+HLj6MoPe74w5JRnjI1bLp/pX
+6Rw5EwoYNKrKjMp1VutAEY2ZSdKgdzP1tVnMn0WsluxuzQbLMZ/Zzu8U+HEGsBPv
+nYWynisQlZsxqlz4dLqD1FuXv12GExxQSr1AbBJDGcZZg2D/QbDXT39lYKnjRl+U
+J9DHk++AHg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C4 72 AB 1A AC 9D 3A DA 8C D7 3D F4 EA 8D 94 4A 8F 6E 61 CB 
+    friendlyName: Policies P3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1EED1D6BBF5F074C
+
+mL1q7sb93AsGkMS7OHU3oQ45uCR8jlqS4UQ1Vsrk7FIpmFdMrH64USyIOidqT+m9
+ZSJQbNcv01afMqam9oOfqeEcnWk6oniiNDUpl5RO4cfYXtzcvnqJvOwRqYpT/2i1
+KgpfERAM2CxDlvj57L1qa6znG8+cs1+Dht4gpZ15uOzeKg/NNhq+JLMQDOJQ6MIi
+BcO2OAEw5wWCZd+K1/8kvdFPZK3sSC8Cizy5ktHR/OONbH8BzL3RvGnFxZMfQ5Dr
+E8Z+KysFZaX9ZbNYowkT/IcYxb7mwLBtk8owDcBfSFb1bwJD77rEbydxETIjCLyF
+VcSMshOBu31D+3/VuxWFKhrwXW3o6VDnkmoK973ckcfpbJBq/xtFzT7CaNbxEkPN
+wGZzbsfqZhgOeXjBdxEmGwY9RVUt7JUQXj1R/5z3kFzwehWwfX5V/W8gkE07MFQW
+7IQGvkBhj67xpwh2eK1oLhaJRmU/Bdhvw3Sg2qskcdzX6u19FEryGd+WGkuHnV+u
+d3TKTXbUrcZqeHt/+Y2s/6czgDA+3NOUd1WN5CRSerUcCLdemC9KWB/zLruLoFb9
+6neH5V9rmROoMu3eJWdEQTUgYrBx5z38e77Ya/u4gJY3h+kqmsaDQxNLPLdJ0DoT
+qa/JGIXdXlscz6xH9DIw1fvpvq/oNASGk0ln8LFZ9CAE0bA1GxMbfdKgPj2h3IdV
+IrPwwByTurTZP1LLL2z9xI1sqB5l5eHqvkv/QbrG1NS1X+nbHRavQBLQD59ibwsU
+wJIyla5X28e1wI6Jd0zyQamu0UxAumIBz1Rlkp1WN6bE3QR1xwvNu+zEFKfn/x4r
+pzXo0nn8yxEP72/LwBxp31ohl3Km7p13nLwx8IRQMt7ifFZsSFHp5dLNourpOcmh
+ACYjKDwTtkaVx8Sq2UnCp/SWq8ueA8984zZuZ4NxTYkrVx4LWelGjArey+FCdODi
+f6iPz16azcS2/dl7SzwjBescepeUo7w76O2xW8fOjksJ0gVzzNtzH1wKgIb698N+
+WzNZBsxSmg1Oo/fW9zDIhTbCH+HmojlNgYc4wUDK79Vll0H/nizy7Dt3xkT+GWIL
+e3aZLJ12L+0db/xwlIf2s4uKNhuPLPsxWp/ecOt+NEeM6jIuS4Hn9eSQqv2C/M5D
+6VQ/ZKjZpB0vrh0bmDOJG5Ly9hzITDOW5Ryh0q4ahDfoQwP36rhfG6BAIHTV/olG
+KzQUaCvUk/154Nh+kIUtj6MlHKLa4kVYgHGR0AdwZ77QFtxr0Wk8vyhydOhxVbj3
+TjaZKpcgtW9RSIsIHTwR9Yl0Wx2o+/s117cXasubjkwmkofBXzIYpqvrws0feObT
+w+KXNvitg4LLsoRjRNHCKR/5iVVPe2bdST03SPhNr3SBc8RgWT2qEBHvgQrYASTc
+v+lP5Xz3vkcTVF3G9Dudc09eGU1OBeccXd8rdITTwUQLBg4s1z2B22TZm+ZcBdpo
+GeWR5oAKoAKBrY+XJyagywfQsw6PXWfWMkvL09aGOgK52jqGyU4tuI55IisKxfXj
+vRA3dYxyHN2rQXv052S3JRWHv1UVbHWmJSXkpGKQm36iJLWDI/p1GSHHxaBofcZr
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem
new file mode 100644
index 0000000000..af9bb596d1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4D 87 16 00 23 A9 D1 66 F2 F8 4E C8 0A 4F 9F 45 FD 37 EB F1 
+    friendlyName: RFC3280 Mandatory Attribute Types CA Cert
+subject=/C=US/O=Test Certificates 2011/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBYDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRMwEQYKCZIm
+iZPyLGQBGRYDZ292MSAwHgYKCZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczER
+MA8GA1UECBMITWFyeWxhbmQxDDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUNDElMAVhx/zv4YAsDhenHhRX
+LtmaEBOCTKqCQF+rRfQuf9huc18yfKyylxeh/InZ2lRIsWDl7CSEHmE+mlHNt0xw
+/oei9oPMSrR20+ZN+HqaJ5s4Ds3FNnIjmpgRlOPWokzqqCJ9Gtyu8yKL/cFhbiXS
+YaADGz/ed1FqeiWuvfDKyaxPtG3bYa0Jq5iMuadfBQ3rdwFyPLaM3q6rNkDMrFtE
+Whp34TooxaatF72fQKphvamcnf0QNhCpTQGTjxrdKtGOwI/zsuvSHmm2IsfP5uqT
+DimedyldMhnqVomyNDuxfIUzR8y2Da6/UyCEEU7MN7LEAXaRD2zhLzF+SQINAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQW
+BBTwURhi785Bx7ewZ3RrArwyCjOZ6zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBACdlWQg/dlqwHgvP2lBoyEnv/xsOOACG7wzdNrK/CZzYL7vQ3tWrdVaPIEh7
+B4nDconwjPuI61JiZv6kS3BsI50jVq0uIEYcYBPVTZIv334xnqZDyFa/Y65dUdhU
+1Q0wKBxFNNlVo2dJDhlEjHAtUlvTDGVkCTk8sz4qsrAmu4KXC2ypEi6n33EuxF5+
+D9+leUviMx88AEP7/8KwHTUtsHLqvzxCk3l2gt4oY+EuY7+hKGdvvkVev7LtX2My
+5UuWkQ6jroQjHZIplTyOUdM5ZfbjMhaUQjdmJC1A2zNzSzhtslNWWNjKEtcceYt1
+5lfxS/cBIzJv8qLSVwsd136Wa3g=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4D 87 16 00 23 A9 D1 66 F2 F8 4E C8 0A 4F 9F 45 FD 37 EB F1 
+    friendlyName: RFC3280 Mandatory Attribute Types CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7C59D422931F29FB
+
+pAfgaxWooTDOmfaFUIm/eDzARkqyXWZcw7AeuE/ZC0l9FYt2qfRsIhZq7FujM4Od
+b6WS16nVPIJsQUDRZ0zV2DePlpW4JJgbOpNMmXRHEXfEVTkaZ70oDJdMSDCovp5K
+JG0ajomEcA88vtSWp2hjbK4ShSXcuHcm1nEdVmmvOZOG+43GW8ornfUcvPH6kbc/
+gWOHNTnZDndTTE0qBPI88fafOputHhpSLZUjTRQEPBk1TsnKcynHo+XR7pxCV7qa
+LvHw8gEZ50hIaAa7Gj1cEl9ito5nLSEIECKyB4b1KN4kS/kDIOi2b/XiNwJeS5U9
+WCJIEakbrodLaY2YZW8aDDEsPKxYoS9YhnPlMyY0UzHy0175GVH6WVohKpHCQLC5
+qIXQBO0+too14txu5CbSWIDT9W1TN0yrXmTYIHhh60CREdjuVFq5pq3kZg0FDgza
+VTqPMlflzmChhTfQ1bxtGfPdKQd2fydzdR36l2C1qOfj32rzBVcN8NrO7/xc1O9w
+R0ZkYXqXIY/68zcGrIFIf/mEJ1Roi2FEa3AVV3MFmwpL8SAC9kHmj7qKJAGcXl23
+4XetVCMIc9YleV/CCWJ+0RCQLnFrXcljEOEHDSGyoGChGl0Uul9Fb2pfq5lOy+bT
+8uI9R5IXI1eTuDVO7t+muMSU+YHCtsOBLx9JJJGAphvgH3N4q+CWd4O9bHLrissu
+3BRTfGo98ndrj16q8vN/qy2eJEpwKGPLsFwGVDNBxbFZQ6kTJy9UjkXLCSH5pv0g
+fPdaFlMMiPyWU9Jf5YT47MyLG1Aiv7uwxtZ/t3Hp40h27EJXrkcbWLQcW4qtvjjS
+PzmvZSO7HHh9xKhqr/D9YJupoRJLjNM8VZ62R+lkmD1lcNdDH343M6XcY8or3Oru
+Q/JFISSt7IqUJUEVT4oj0W5cAsOj3EplZ892XxRWDjd+yeDogo4jiTrbjPQgG4bF
+LQIbWRZwlLK8K801Y7GGFUtJ8o/gwoYigxm9rfMVigL+vncR2vHf7osjXPXVKX5b
+mkc5/v4rgDR6Qv4TpHdmuiBFtzoITxwl24nKwh+HgMLzd1dqYA/TCv9NCvK8nco3
+9xIz8F22960phiE7dB60QoJSq16IeJT4A89fEIDbdpJUyJloZ0R1TzxBzhEzyxRa
+KO6126UDvdA6cJUDb8AnpZiEW+DnBp9EmNGZ8Aa5XuiKqyIISJ5Sj3BrsnFgdyvx
+hh3dhZxmZpJ//z9MYq7e+e93KYg9c6RPZqqPF66wcMiatk402ItJAgmGQYWiQPt0
+EriT44dQg6e2WMKcvVtoQtoG3AJL+qjr7bhjxIU0gH3ct2PdlTLVEE/8BrFVlFK2
+wVvawOfsrYeF7dV1qBUnSDUGuu8tore1MkOrgsxSkSW/VeNstY6bZ8pbY/HuxoGe
+ZU0BlHMVw6s7jXLjsXsXSyWvb/FREyIw3tgDfb8OpFYgntVF/jVq1wuCHzqu4OdK
+Eyk7GA6F4GJDeCjfANsf2IFG51hEknaDDrjcRq6mnf3Fx96BM/icoCVdxMOOAQtl
+BEUwcAfgljViXl5EDjEKVzlGD+KNTxRymTqNvB8+Est8xfXFx6VxKA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem
new file mode 100644
index 0000000000..2f513ebe28
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: DA 68 43 8D 10 7C 82 D5 84 12 6F 02 DE 4B 7F 0A 58 CC 97 86 
+    friendlyName: RFC3280 Optional Attribute Types CA Cert
+subject=/C=US/O=Test Certificates 2011/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsSgAwIBAgIBYTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZ8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQH
+EwxHYWl0aGVyc2J1cmcxDTALBgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNV
+BEETCkZpY3RpdGlvdXMxCzAJBgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNV
+BAwTBE0uRC4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/fMlDz5JD
+/7MBJmlwT5o5VSaKNzR9atn91c7krfu5XtXr/o5sYmEj9KjxxFi6lj8aK2Cg/euN
++pnkVq+hDpPfGCpH61mSiEqTUl0IoNGe4OvOVzb4TSJdH/yK1MzWp/j+dsad/xk8
+nvkjKopwAnEDBysTXO6aBQOYFvnQjmCSGBI10Ol8y82eBRIbs6YJOUWNwcM1lbPv
+Xrv0xQjFHKTmUQI+FdL+GMS0bA9KyKUrNaJV+wjkUHLl4VJ6KqfXJHDdlljnyIuv
+I+aiCPLKSRlvyno5Y6TqiNEfSt/TZ5NgULmuRVN0Co3vGQ1SamZktsVMMOwezYfh
+HiI/iqJlgxPDAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZ
+XahmMB0GA1UdDgQWBBSbbm8/iqf057WMMVvOmUuRHHx8vTAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAAj6iDDC+RKlBUsSdZe8/5Equ2UzaVj2P8vP/zYIsxWS
+rJwFkWh4tzgjH73ebe2IgZ5J+C2TvQ1jyfAOR7QulIc6Sm3izVdPLviV4OYA8goi
+1dWKfxz4Aj6FATriooSFmH04ovaFUojUwdqlUkVJnWZTyLrIZJLMrIeP6BDHBjHH
+R3EivHM+Wrz3Jv8s3+wA63dVTfDRn/zC1ngjUvbaQc1XFZKl6nuRFB9EyCz2oAV5
+EyJqI8K12JJqeAwdOSg//FhTS8tQPrYe1XHT8a4yjKj8HXX2PXl9l1N9gXJ1+T6f
+Bmlx99K0UFrm5Ty7bfhLgjKoaBiFKjiLUDLzGkHaV6M=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DA 68 43 8D 10 7C 82 D5 84 12 6F 02 DE 4B 7F 0A 58 CC 97 86 
+    friendlyName: RFC3280 Optional Attribute Types CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,31CD9641338E51D2
+
+4LFuZYJt5eix2uTc9RfL2KQ52YS0Z0Vwo9I1BD+KECk2HxHNsaS4YaBmZGc0ddGZ
+bqVfCQx1Ri356spgyqhvmEBG4MvAsFO560/AXErLmABprYqokxxsRcJSTppfttW7
+ivjDcgAFItOkzDHnqigvKaKmJMcSHkzuJcxbvplMP5MoxuPaaq6sC6u525ZoJM2f
+B9hEqjpHcCb/WmPL0dHXt0N4Ev7kJb17/c255z9NlUiMuC1YQ6sd74QTofc5otsa
+su/NqmoRRGvE0bErU5ELiUOa7c+uqKSMr/Cff4BghTW8ZQRJ+2xOAejeqyUgmqdZ
+heyM6znc6kF93NJgJxxDIIUMTla7fjWWI25s7Y6F6NHO3BT1lGN3yresTY2BPKoh
+1+ahTdEqwEb/PWdYoJO6bZ9cfUCAA1UD1whQNwmGhaXMmts4FxTwVRVyjBCU+0JU
+TOabA6vfUURqzy/WFSxKSJ6CL84HAwzebkF0yZ9nXXMqGbi3GO9pAWxEap+ekEQ7
+gfYzhepUjAvIVS6eWQtv5cyNrvOtBkRgFAna9SvEktrp/t5njusiu1x2afVq6g0e
+ZfVvtEMpP9O2rpUhXyDyLmgxPss9fpaM+b44o7SeVF4RnzC95YK/QbX3KporPKp+
+e6FuVkGa3/H1+R1XoXTa/xdrnuPNxqxDpdAs3W001IIRp7ieZ3TI3MOIKVvHaQEE
+mVR2r5pFo5ZasWCZ14RiZGEbBSo201g31FZQJIyFtd7f8s/ThQolFz93gTnxIGxA
+wo4EsuVYEdjjUf8Wrbv2ARX+eMfZ3P+y425VXx3XGVwatKtiL/QJS9BQTGH3Qezg
+GU8g3t7YI4LKJ0RfYAG7s9yT0kxOQX12GFbYTnjF/X02pMYyMofEofwENJIIdWYb
+cuvMk2KFnFixjXGneu+sdfdsmwwoMu+D0Y6+eydHhdjFc1XnP3NKYjRVB6gHJZit
+BePcPvzmWDDvrehGkdY4erEjhaE4rl5w8wcMIkufb+g1b8szK6aqo+auiq4glDc6
+jlt0eXI+IiYEm5hC+BOpqPsrcnc7iP2tknNo/yATP2M7VvyKAffCyKMzEldCC+zM
+hu24bJ1Nc7420u/dbuL0s3RVTN3cR7vDiKc+kmoJjLSn+4t7OxX+bl+XYa4GZrZo
+8fn5l/dV3JIcQsV8RFgVJRHbQj06wfEgX7PdxYZwhCK9gdmqKqdZSMR3CXk/3ifn
+3guiGuwKgk3lVh4uk33r4XTl0vlTKS8vEBGOAA+poKoBJrlX35Eujm2L/E8u4BKM
+UObcSpXsMF1Tkj53dWy7SSUAUXWlaBwcfv/h1iE9xnbfdUwZy46TpTbqD5WhfHix
+1X/set9NxVjlWJhPGM1nvwsAtJt7Hhr7M5fDb+yc8nVGL6DKqMLBNErjVwMcLb4I
+nGX7IeOLX8aCxd/OMgsKeNyKipVSEOEibrCN0jOeg3xm+QbPCwqBeVJ7lLxlO6Kw
+riCD7+NFnOR/P650PIP4Q61/CqilpHZDSLY/SC48+iXeMLTE/ImAlETkvVyhk2Xb
+HWLHptJS6GgkVDoKllPcoPziHOctIuUG1oRxey+Bx33OWBJ9NU749By0b5EH8GDT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem
new file mode 100644
index 0000000000..32578b0876
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E1 41 83 40 CC FB 1C 3A 07 07 8B C5 19 5D 89 0D F6 2D E0 65 
+    friendlyName: Revoked subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Revoked subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEYxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRYwFAYDVQQDEw1SZXZv
+a2VkIHN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRilogkM
+H6zEvQ1U9XzZKWJeWbmtND2B6Lz5wY6wxo8EriHm7A3tZSrctmPwDwy5WBVvhG9e
+ySTRcoa3ufPTDvYzigh8x2pSUM3Vgp1GuW436kiTkWdM7kyxXSmgMJ7O6utUj2Lz
+nb3/X3XTA0j7AY3Fd9hLa9Jb6QrQYuzR6pAQkB4aiP8OUW6w/FBwcvR2wtDk57Li
+0Sx4eF6oebCkd3Ao5EIPlWhqqWeWRfx+Rl5nSuNSIUq7ac0czQBk+UzLCc7Wo/qd
+E8jc0v5IrxBEcXPtuSAPX5KvMYTpxoChlxOfBwLwAkmJXwvDV/KhREPhlFvegZ6Z
+kneDbUE1zigd+QIDAQABo3wwejAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR
+9a86yTAdBgNVHQ4EFgQUlm+SmaDpdnS7X9T4+xnZzx0FoO8wDgYDVR0PAQH/BAQD
+AgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQCHdQQiC/69bsibnkOyswShah4+Y1vm6sf70vQCnKcA
+Rdj6I3NEqVBO4/nFkDZIr8ItbU4QfbKGk52NgcQIvql9dWO9CpwTCCC2tgHFOz/U
+P5bjg2Y0iJaIBA/QX0xcwQs0cG5PXgcF9ywRbodQcKLnqdcInBA+fslFQVHuk3rp
+ZS6juDwJUs/AkB9RBjh3APvCelvjMOb1W54y/vUWP8DUJraHrZeoH6s51USu9cXm
+R5jRBIhrXD0Zgu2TDfmsYVY2gOGADox9Myx4LLjrfKkKcKTHGlNOkfwiEL0IH6To
+ASg23Vl7PA00Roz/tqC2LuVrnu1QVmnNGQgDiFqktcl8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 41 83 40 CC FB 1C 3A 07 07 8B C5 19 5D 89 0D F6 2D E0 65 
+    friendlyName: Revoked subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CC2FB6699EEC94E
+
+SSAqsCQcBeuyF0pejm4wQwIeMMgi0KxnE0XMlHu/9qfv/0ezDDdrswP//EvrFMh3
+ZtkaA0E+MFnUuhRa2Rhr2+ufK7xsgYPsKVwrWEu8XFE5QfCQ6VHa5VtwSjYp0/tM
+2VtFCsXkPT4JHr1IRfOwLzXR17/OVGOjwMZfrfFzUhkMUCUpVrAbWj1WNBgp8v4D
+4ngWedE/dsRmuQl2TDx/PY9ZOq0mFSikOTzOT4rRsztFzKFsAoF9smjz9+IOwvgr
+Da8HTxjWuk7WyJJrfB+qRWSks66+/QWEL51OqIsqpXLGFW/N5tL0sdhMqRTf1VhM
+G0zVZswQRenz7h7aAIex4TuDKviXEJhMUOycpjsYz3BzNtgc242+LMz0NDoO6hrU
+jzfWtvmrACv3aRWKLAvXBBRV9JB7FMEAc1J67X8rthpXI6Qdc/qU1skDBgLL6KFP
+IzW6zYKcW9+nfIU58a9fZXKgHL86zBRhXmQAVmMyRh5Tn2il8pefimgDupr7HA9K
+lgY5e68XxVeDEjbVtH7400DPlBL0uJUTfy50x3asSJJIA462egRJfP0rsxrQn7k3
+NyuzKYJr4Ga7ltXzPivw5fM+lRNYl4uMiFVmpaVptepS5NmdUhXTtXEO2pUkKFVQ
+P1UUc+pEmfywBLYn78h4LuOKsOein1Zg+QsfHqhoNMLErHs9X7eOI8cMCpvFYHaW
+0uri2IU1q2crBf4Q0NRooH6c7yjMAYq6Cgn82s4k5vAQ+qEae9X6Sebl+Fie/hk8
+eVhG1ki2DHtNTSBD0nodjh9OYApGnERh8SYSNpkmwtaR2n1Ht+N3Oq76iqkYGZda
+6meFubYq+qLzITdpqPppd9pbDQ2Qhvn07u/wStPAnrrTfTlpYf/AvsekRUXeWymE
++7gWv5X0QyVDHBIPR47Buj5bpoTzAgTMZdTypo05jCMgzGo7YcrYlrjEwXbTRi1H
+gfDChou+xksAPe3IOnwECIPeVF5cAtAuLaE9K1YpwZFjDJRr+1+Zi0zRqBhiFmau
+U3V5AKvqaWKhJgsfbqn3mbi1BWr5WN6SLjpDJiH50x9t0bQOxbs+I7SxyJ9GnNUW
+DMhLo4zw8kLPbMe+pcfgHvatGtpA0TJ/+aLAyDLKsKqvuXD/rQ575s5iVC0+BAVy
+MS8zbPf4PJbX/m+6MtaQTlyII+LGIK4UN8Hp/CRKPJJLDLUES+PifAm+56D1Mgpw
+V2a22kE9usvhQPQW4yO7AE0eSa1jdyP2PAdjcK1AjgboStHJLrvlIOOf14dKV1uD
+LzifkvZaei602VSxXNPeHzb2XP2QY9vaNkxqSmD9lzxURj64g+mCSPlO+aJ8m52a
+COLQTfZ5CEiBGgjlTdZKy8fFKgXSr9Zujd1oen+N/+mJANbPZIePHNhFYgJ3kMEt
+JiPw407COXeFlX8idmuuNqf7KceA9XghcC9wd2Ezrri5pwAtQjxpGU5RuzQrRMN1
+2khmYv5rdVjcnZQPwpbf+G1Sq3VWCmitJzgqKfJVlFBtwGL1dMDZbvlGb7jtSh8A
+rMDq1/wvncdzBW78t5oPUceCaKV1dAdfGImb4fLsoBYvEcsXS+h6atPKkDZC1bdf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem
new file mode 100644
index 0000000000..17e4e8259c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 D4 12 A0 DC 4B 51 3E 01 68 B3 B7 0B E0 32 00 08 50 CE D5 
+    friendlyName: Rollover from PrintableString to UTF8String CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+issuer=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3MDUGA1UEAwwuUm9sbG92
+ZXIgZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTAeFw0xMDAx
+MDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+DBZUZXN0IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDDC5Sb2xsb3ZlciBmcm9t
+IFByaW50YWJsZVN0cmluZyB0byBVVEY4U3RyaW5nIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuEETE+kVGfvnJPPJHUxpy7khkrkcBdQPlj2HTZ9i
+LbYRvpIAC+Qa2lAVwzAwshljKfoGD6ZuL0sHATtKDC0/+iyDTOG7UJCGesmbO90Y
+bgLR/j7fT9RNMND0BEycIOhBukZ4FkjKWU3+KFjQjMa9nUGECoNXyjYnKTAYj07X
+sR+rsMgmzRm2TzALDArS6D+toFAs8DbNbtT882ZsE1h8O9VmN5GkWzrEVBzDGiKo
+GUAt9P/ZmNVjx4gW5pB0MxacAvK+HxohxcF/y1gRZ3zp2dccZiirFK9GoCst0pDM
+qqEgDRyTTK2a7hZkLtmVRNp2VIh7x5+hk41UnOELKoRErwIDAQABo1UwUzAJBgNV
+HSMEAjAAMB0GA1UdDgQWBBS1bU8oP8e7sZikqaXQqFteSnSz5zAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQA4KPELZ6+9+ZDvahZzIrH+QTAWJg50Y4xbi9Zhs739Q4F0TGrzwvXIpCcTY5iC
+IrIBWHSqiE9cEEShxnY+sdGdAgtW7oJdRnVl3JfuNW9moIueVdvk5CbVGGdMzPIu
+FfhNwLUHfpSrUKek+nWpWPIoMpQCmMVbIXVMRbjL7yFJZB4kNxo1650+Er4Kdjzq
+TnedRp+n2+Lm1M4AxLUgJ/StrD6b1WkSjI3LgiqFLxdwOeH/Im99UEUyTulhSUCI
+ZeoOali6JrtcsuMwtE0su8xLuEuHgCuHV3rh54ekfiEFmgUOuviiUSoYU8WoFk0O
+ds/hkFuM1qLbRxFJU4h1AfKz
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 D4 12 A0 DC 4B 51 3E 01 68 B3 B7 0B E0 32 00 08 50 CE D5 
+    friendlyName: Rollover from PrintableString to UTF8String CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9DDA760B90D3F5F4
+
+odK0zz4yql9kRhptAZajKhjn8Z40phPXVyFw7Oa1H2W07aI8ebO7TFWG/woxEZC+
+AIx53YZA/Wqu4w+rSGokIXv7CMMmx0n1h3YGYE9nbS/Cvtqr02NF447J60Q8GGl1
+GRrOhSacfge3pKkdFZRZWgQwgcJgtZqLbPZI5rGkrqTc6h4AwRIhgNp9NdeSqKSn
+T7abY80UwouSMjaefqARTomvPihqKnVA3SZlKXkxB2Gz8elW5UP5MfWuZZV0yBqq
+NtegLaWeLKFKQOr99t21MUHFTD6vH5ELQr8XDHfYdDPTaMirhfySo+oUSa5ueE5M
+x454cqPbxPJznKoQrAXtfLjRdoFPSN5G6s4paVP327cvHmtIOD1YYgwEtG77H35j
+52lsSz4SOyBVWL0UfdnrlWmY3BaAg+HtfwkaacN+yFiPA/Eirgp8ImWn03GIbSwV
+3Lx6ztmIuDs+ma0n+miGAtJrC5rmAW9tJdwE38q4K/tG5UBASK7D63zm5/z28Jkj
+Wp8D6pmM4SnpTKJ4icARvIN2/BciEiuAUtlmqJel3YJhCDwcMbtdv1r2hyJSjwNx
+d8YwX0HHvQrWU0/yxUcC/aZ/yonRZq3cCujcQlZTILFFHm2uqkJGwHPi+C3TTctw
+Ct93ALYTDlq3YkIQwRY6jqluoDs4YgYlluE+cRv9a6+BnifwDeDnBikRFDhjEbqr
+SpOYNG80P0e4ifuKgngQUuR71GkezCJ633lyerqeG2RsXDRwVpbK9279uEL8IooN
+H8Ud4iQ4kXYUFDD7wRcUQy8Rz/4+DI6cixxhSmMR0/2ljEqDdtWpElnJQXoHgISP
+kY5vj3BT4WyH6xhWbImRI4BKLHriPT8s3zzE4a0UhRsy1YTvoKBp3//JQxx9drb0
+U10OFHOQsU9+dpdGOWmdUhBDdPpOA/iE0CBjwgar6Z+kVmRgiA3YkFI7ezbc4G77
+2Ep4ZD5PLEqK/Lh8MjXY8ysok5Ki6hcclq7R2XyHld2K4RxHIxidQybjH+Rn0NEB
+8RKF5ID5jTKaqe82ivCGpQ4NkbyqS5Vs9iml2yESOzQt8zKDbpoKO7WixBBWm0UJ
+FdRKek9xZj8gBTDLnDgDaXXLy2ZAmuYHo+NNbjbkSaYx21LJ37pGqL00OqMNhKVQ
+vLXaDHVrDVBqHKfnHlULNvR8tV1BH+BplyOebwawojgqSSwlIUCgkg54TC0TFBI+
+MpT71vFv9WzHQwGID5Lzxd0lC/I4osSCxERF2iZtyTdfWeSO8hbSKRea/jdt+DEc
+BPMe/DZuV/QcvrLJhcJKD4Twp6LYyLp7OxcJBaHoBajIznIN97d1VTn6PFYdSIHg
+exqDN/bULO6J/9gLrGlv3HgJzxmG9Zuk3xy81B3ua5Ke7/wkNIpmoInQxZuCH5ES
+x/BdQv4XlakRy3Jw+26sZQKAkAV26YAgj1IUTUUa8WeHfTgXMYKLzcekPimWyu5E
+JkeSjwaFBEf5978Tb3Fw9pM/OTB2dwt7XrZHbPVqdy9rZ3H38wUET42jTFX8QYpR
+/ni1glyQZ2EVGAfyLMNp9w8YB2AKPiZ5y36ePJS6cawoSFZ+yIE1ZQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem
new file mode 100644
index 0000000000..885034098f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 15 14 A0 80 15 E2 88 6F 58 26 40 63 59 58 94 CD D7 81 E0 46 
+    friendlyName: Separate Certificate and CRL Keys CA2 CRL Signing Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBaDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWmH0sVxVN7JSbzHWG1otmjl6HCXaQjmM+
+q3A7UZr2F/Cem94aL4tzAERsgT0VqpooRlGItI59uT3Ae9aYUHIRLCzs6tL28ZoA
+zqmYVtv9z+sDPfv9wddp/BcFzBh0ChfykqyH36+m+NjRePniF6AUJ7lJqgVKkHu9
+tRaW8BZTwk/BGbhr5d7GkpEiHsflSKlrPWf6GZa/FV/yA0P003s7sUwVOSLQR7l9
+GlE9/BQ1kH2ZmqB1U8Y3au1lvUY7AWSOSLO7RwDTPXjhgzY6DNLtMVFYThcbryrI
+StRZdpFjYoq4COILuJniUdmubgOPhrwD+aYSHsthHaiiFEf9PBsbAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQThD2E
+jx6qfIF3XzHdzWDzl5fZsTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0P
+AQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQCEm2lpy7GZwfeWqqR1AxiCsBBS
+iQQ7kQwgsqMx1RvP0YpT/Nb5t/Yk5TP0ofSyM42MNwhw/sMiZ9KEShiFy6ZPCG8M
+o2ZHdPLVV+SNcW/MI71ndc0crqhG772BNTkMN15DH0v7aGLcAKzPrE+t6Lb59cnG
+ec3M1+VQ1xNZZqSQuAX1d0OdlfIYkCcZooVcb6vqx/Ddmv/iV1fw6jgjxpY/dwze
+guYIEwugf/FRkIdymxfAiZ9B3AceD84BbOVoasJN1Vu0zj5AUd4murA+Evy9b/Is
+0uFesDDiT/HcOsySEOGlrfJo4TCQAmV/olVxK113cGVIgVP2RMaD1gXt1qnI
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 15 14 A0 80 15 E2 88 6F 58 26 40 63 59 58 94 CD D7 81 E0 46 
+    friendlyName: Separate Certificate and CRL Keys CA2 CRL Signing Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E1AD060693CB28B5
+
+XAFfOAUgjK17Ij6zmBZsVKwxp2vXtrlvHYiLHvfpEdWVXAYXrVuhfL/kdCkkhZ4J
+P3F6dkFzavQ0dZ3Qf8370FwxP7WJpJnj+6EgYs3Jg3omO8UL7hhm2kZLPo86/5UH
+atjmbe4imgCln0qPpeZNokbfa7EUEHC4UtGGPeJpeiODVtOkTKlrUDjkZ59Ywez0
+H/s1SclteJ62XFaQMKMLOImbi/PIyGCj/jm5xMJxZdj6eY6HjIpzA84yVofgDxMi
+sSc0sXKbPGqFNnUV9WnDDbI1rapWTuU3IMsGo3zjoIs2HhPW77YEUX4N57ntHn3I
+M39rXG6zFv3XJjCAM7qADfI6I2Pt5sbrVQBm3hszpZCdtxcxs1hC2xggX78vV6dd
+KIUa0zThsx/9hhaydNyysUx8z/Yy2Z2An5uEyIwWtgwO/lMfON2eQOeoP5ZX2zXe
+MjPyMgzog52yQcpJ1uvtuT2+FBrBs3kAczAU9uctauVMWOF0BLl3BTbg5b9pQlsk
++wZoMyn+RhHjWa8mdaOJB5SyOm4XSQsZNpgmcMjWYPSLgHErqcCQZgriaBV7kZVg
+ZFF65APt2a8bpa3bwFHl+EAgncn9MKi71AkJXJpwf/LWcp9WcH3mH32CuwYNaGYb
+vd/Z81XRSBLXU+XMMdAhywW4vTGzFG2RYiImb+GJIN6CSsodJhNyi44rgPt8ofKX
+a+SPps2Xj97DzVvJy8AzDX1C3HZESo3nQV5DBYtVaxAfkbBoSiyuXCx1kXOoaIHt
+FbXz7/O2p2Rw6I152/IqMw/3J4gzvqr3WSfUgpUepb44sT0yT11CQeZIu/ahsvy+
+V9ZW93P7AxYH4Xup8I5/YlxuNxFBRP3XRgI3nJzw0uUdNtY5QqQYJUJ/lL/INv3M
+8GzZh2U1PuZ70bb+nLa2L/XdNMcDGNonYE9H3Pd7/5rtk97sDS0Homnv1toYcqbD
+2oburjwDMTOWV1xDQcbLHnnMXLxYEwPzRYdH4ykSDxYo8QIrAjuX2O3gsQwzdDYF
+coNuNfAFXssWX420htjmNAZPm8vnHoEzWoye3v0mQTQ940pkn6Kr+FrBr18UZBgW
+DRE8WHqkA64xOUXaJJf6CbBQ18ZWyA9TCXbUD3YO7Lnr/K/LSXx4vfunQJRQa63q
+ZTGxQ1YPSMvgpnm4EIb+MIOZD0YLIXz4vUPP62gWhtk0g7yiw3ba9JO/54Vl2vJY
+XqUYTbxQOc3tqBXuFfq9M0675eNmFjplnqzzkLkLgGE43tK+ex6+uxjNmIuZHp3h
+Jxu/DSMJeeOe93eUEx52gBbMntGF+my6u6YDejyiI1rSiFf6+pbBvkC75VQ09vuj
+Jir6RTcWnr/TxJ+3bARFi92zw2pW37NyaQr9D730C1ipqPtxzMNHROGRi8czWpvI
+DbPLOes+e2tSttLSyBSqgX1EQwwwRV37zYH6GFdOCzCtJ2VQAo8/1xfE1SBKLnbb
+yz6Y1NcJBCm4Wgrxex8I2Mm5nBFhmZtpqCGBKYewvyDKAx92X+TIaIYyX2Yy79RL
+xrNKZCxGbPjuXTT8ntsYTldpYMHq/rpH2wfljtNuwzgXA2jH9d3EfskBRyNGus02
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem
new file mode 100644
index 0000000000..eadb947174
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A7 B6 16 A4 3B 15 81 93 4F B7 BA 41 DD 6F BD 0C 92 5D 23 4B 
+    friendlyName: Separate Certificate and CRL Keys CA2 Certificate Signing CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFYsYa9Wvs1smcULUHZqU/AJq1CmwzH168
+AzGaZnuLzIyYqct5aSydjaYh6pw8Qdo9YGpsGZdrdVIrorR2QXImqG2IdmMP+nyg
+/hEZKk1r2TqExjwextNIOJR40DCrpvtSjGj/zaP8QDGZKdi3cfY9BHIYUJVFHxiq
+dWkNEc0myPYSu+y+uV864I7WT+7w9aIlfwy70DF6o63YS+WYYXMwGKdUspcLg0GY
+7F+rqw8c72xOhAQZfSTUfOn9L8cB76kgvarYGT4zltGh38NrRoftXyMOGk0oRVsy
+1Qgae3u2PXm2H/BP4/JwN72xvv81clmAfhU3O6QD85CHGFrRCRlpAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQ4oxaB
+OI4YTkV/B/YRouJAZ5t04DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBAEBL
+58jRnzAPzJLFoI8KtE5sGyo7fTkftuUZlSUeQURg4VKGLGpKClldAzIXUJReOsMq
++79P8b4HnOTztmIw0ax/wM/mCcjQBDPcgNL6xi274neuVQl2d1ekmTE3j0IVsXyd
++ck4EdViI4YLs/m4lllj+o1nhoZBWoPheVJm6meQfIb6bhGJwVZOMGZfzVF5UfIX
+mvW5xJ/ItI9CI+gcxt+Xn+rBD0AQvUimSkxF7ToxcpjaziwL3gMAKK6UrtP+RzcI
+v9egONl1LBx7JcBfbbQEoxyzRad6t6ui9MajKFhHT8wQ5XnLahoXFcAJbII5TPkm
+C1H/b4W7FXQUbnxMCxE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A7 B6 16 A4 3B 15 81 93 4F B7 BA 41 DD 6F BD 0C 92 5D 23 4B 
+    friendlyName: Separate Certificate and CRL Keys CA2 Certificate Signing CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,849855E743148C79
+
+JSyzpxxzuTpP4rMHFriEzmS5Nj56E50L7dq3NkZ6mhlKdYSGHhNGU45rYVMY2D77
+1QagCtHIkuDPo0FlwHAuueq2W6lOMuaoUkVRtRXX15lAzkKjgSew/YPFZTljUeET
+5lIvxCLg/bOMXfmCjpN8deScogHIHb9HK7FHqVmoqzuXfoDmFQkrohBo7RaRnu3p
+Mgj67Zw/DqBhSLSN4Ug/AkqpelLYCuGU+hdTai4fMQNXtvDqzi2cp5glUbgNRoXM
+CCvkWGzcCls8bx/UVIlslPqUa9lzFoK8ija5tljhIKl9TSVJi6O+pLmgxI8GNpF8
+Rb7+aMOcxR/2k4O8/eYtRgmJv+TNYCeHxuuyWI5FauxGLfsRJoD4Q4Vat6xIvs/T
+C7itOaWKTnH54h7eUktkNzJwAvbrfNlhUgtlfeH9AHMm54/B8bE0Drv+rv3MJqt5
+GDYIjZcb6my7gZlrJ6RnXC85s2e9sa8tvN7JCDgSGFCK4vd62aPue6TMk29+k1QT
+Mzbfy1XDDQJgk9q9qc97XeKbNeZVYuMW/8PwDR8L/V0TLSWxlPmZt0p5S+Lb7KFt
+sNYBq4UuLRDrMpX4hZ1R3lY6rhlgxEOs44P0Zl+rzYjjoJr5II6QonrRv5BMVjqB
+2sR9cKvfOvFm9AVMvFylzCvEizLvtifDuEcRvYMjd7VBQleUWgOpnxCzydabhWVF
+nZ+BPVlmZZ3UpIENtP+7AGEt/uEZXU3aDiC/ryHY5X/eOHOU4GczVGBK793v4LmH
+qb25dLLhW6SLs5KobUlnRos6Pe2LrOCWo5/e+NSeI2WLQ3FqgGKlHAOENrw9sFSM
+ACcZ0ZuDNoXGj99c/f7uOE9Xryi0ITL1sRvm7qRruQ/goHDLYzJqJWW+uxugYMGR
+RmhLrkjRU8OSFOl1YprxY8JwzpHao/B2263PxUf0gQSbeIEuiH6kxWxABOX9ZkyE
+aBVKXwjtyAe3CJhfCNRZeTZTbeCaWmkY3vHPAcBCsdo1NU7YqgECWn21lXDNTslM
+kIPPvE1MF9GAXWV0EBC+1ihdk15Ml/QYP3R+a7KleRMvbBBdZhuh33z13qBt1WeI
+mThCtLNoTcx4nSdASeuwCa2Mz0hHcBTAaPMkEmZ5G083ehNVPYaxw37A2Ix49d+a
+y1B2qToCvj6N5t/BkQci+Jzfrtj6jOpianS24BLdO+VNIXtq3gX8QmftPNRyT9jI
+UMXAAuInIWlYP1HskPvHmghgemqEh5TuE2cClVM2YfNQKnysrLdaN9Yf30o/Keud
+bY2Eca8OLFQCMM05oC/TshkBaGy6CRvUuZJ4xVf39NeFPtJZimctHH0ChgXNCa/r
+MUMV6QSEYigI8qm7hgpsAyAWm+eeITqIhpdYYY5Wz9x1RfX1InqbHF+3UFKr0d8N
+pSde5byTb7AYRv1HC0IbKWcg1N0te5C+WKI5crvdTKgr4P7FsBbzkdQbUDoAtjOc
+3vq4BU78rqePm5Q36DKG2Ht/s2H6X3GR9PJuviKCRUf5nJyk6RWfzzD1nBWiNd3/
+z5ONNiFWnGLXh4AanZGUrm3J/FY3vxo6qMjxljpk2xZerCfgzrkhNvrTolAk/WH2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem
new file mode 100644
index 0000000000..d82e527597
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 7D 9A F8 FA A4 D2 DC D2 E8 CD C4 15 46 C3 04 51 78 C6 80 14 
+    friendlyName: Separate Certificate and CRL Keys CRL Signing Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBZjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt3Ehzo3kwZuJWuTbmmbCrbv+6wWb0P+BH
+VCe7s6xJ3E9OxRqvxlshp4j5LDydNpnIIuBlUXcVdNMi9dIrm5ibgYly3H8/AWlk
+oVT3cDJQlv74oJ1F2vM++dx7xpfE7efybfEVbX6/5l7ouqZkGvtHUA1dylN2iwWb
+EgmGkF0XIC1pYChFv8If3Kd9I3eMqoDXJv6eDB5sSWjjXAZAdcuxwWm3ImjaQHDU
+q33ICEEbdCY6Qst4ocbkhi9TcGyYP0UqO500onu3yFXPdPx0YXftEw8biRTAYjnY
+Sk3DR5i2VZc7kOcvO4xuvon2xirQVv4OBY8l1w+m5BFlxavLti9hAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRyikML
+BFs9PcRV4YPGn9+Qyur3XjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0P
+AQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQAh9MHideOQLdw0RnoaSAbA9i5d
+u2K3FdUw7X8o1Wk9VsJmTPHQ/lA3mmohF7sWChwC+YpSwxj/TYYUaT1MQC+t/sYn
+fiA9s4jlz4Xl36Si5ks7m3G2d35ApS/iaeWHWF8NHo6x04jEWaMNNtAwl4cSDzu7
+xljzpSiBpwr1KdEbW5STqnLogu1aSlN74NWVMo+fL5HJds007nO26v9wy2uzJVts
+6tx7C2LYkgu2ZaeenXmKxrSdj3dbpU11/lb5DsEt5xZj6h0qve3f03/Z+jTFcFZb
+hKp8MDt92jt476/yKQZUObKpWtvhekGbhaxeaArUqUXJEXyz63JqWf8+4zds
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 9A F8 FA A4 D2 DC D2 E8 CD C4 15 46 C3 04 51 78 C6 80 14 
+    friendlyName: Separate Certificate and CRL Keys CRL Signing Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2C08B269BEE274A6
+
+2nCMqz4Z9jAqZu3aJkQLe1ialqresIxKIiqamZwqTUAuRv6SLso0jkCcvDmRvtBb
+bc91dzoHIBdXRFDM/L0aMhTERo9qVIFXRB1hu2JqtNF/6IuATHxltsV11oJmW8F8
+UD6n9SCueAB3L1qVdopurS5/J/+wSwN7JVmJ4mF/yKpFXcmMIiAZ1uheyCflcqel
+3trlDc+/xKftrMIAGpIqLrJVAFRp+LLQQceoGVUSlBRLVtq8CebMz14LWtzof010
+PDJCVAl+hKwqF8KUaLwLqd14ev3NYSZFV0EAardOVmtErq/KpOclCSHOrxji1xXl
+lxdXL518Esj/2VJS36rZd4ex9GISmMcqY6Gj9ERy5dKDvMP0Wmb1tMBj0Zx+cFh+
+ErBAxfZLmD/xcMOZG3Id2Wk+62Z0RHd6cOQuF/hXdsDiMJ1wOqvovnjgu4JjSVur
+XVNzae91ppfMnIQDCjhvw0I4dSs+kV+x2h96oolMgADPg/tEGxqSvyNAtZFD/Bn9
+ISF3SVYEequMPeq/u4wRlm7gOPdzOzRm1Xc05T3bE/+Dpf2djRv6kc2BuDYALUbH
+u/6L9PETZxg7QIV9CrlOn7gA+8CPJ8kzLlOB93Tjr5vORUtCa0f5isVWjHarkSs/
+rySC98EIMwbBE5Gt2cBYkZE/6heTnkbJC6cY+D0136G5L+Z9S3R8MQSIm7fsb26F
+EeOfQj3ov2BZXrJdz/0TLKD9+u5ztSm6pI3Gz9ljztLZsq43JOjhlEdRU2KC7D91
+pFRelbFPyInpknG6OVpOiYLC4s3DthYXa3Iu+eNPCPAoAMRJyWV6L6DfY76PE+JX
+ZoYkHZxSGJ9ldsxY3HGOwPHSmO1H747wjvGvV5w1vyoVqDfsBrvOIYomydD5e8pI
+BLelkb7Cm5pFuO97RzBLfzfRt8m5HmVYx28vzZtQPYG2ES5YutvZIIahw77dhuX1
+Z36hs1EP16jPR83pMVIwRJMPq12lmb+jaHDgpDo8VksYXMItfmNyjSpTYjZrfQEx
+Kmccy4KFi28OJCIM6352kIIRNqbHDBB4b4KDQBQImszT7DkNYuKM+3wNab6xk/eF
+UaoT+4IdxIoB8ClRQdW6hvLkdKfHcITLSIAIhdf/XTKVGPoxUuEcSw0BCNAUHvSj
+nL+PGYUpUH4PmGn9SlQ0f5WrA+rw4qge1xOxaoUdDWpaaiq0Ouwy1QhBvIW/nXs/
+LiET+dRU6CG0LpH8Ia+lUAANfZQ3bX7zvNDpeiAoqxfaGjQw8lNJYgX8DUyPwKuU
+HSKKbi0JeaP31mRzESdvr6Lrcri763kFn/YZelID/NpfxPiDlQJEulw1MtvZBFSK
+tQlUb+5PCG80vC5m7usTfI3JCQDr9ayNEIMhntTWYUImK89VSNs9oNtEcRCY6kS/
+bK0Q+J3tNVqgAxiQEVnwpy1U+zuikNpRRhcx7jmqZ9sfMfPkfLAjgn7q1pL+SxyV
+KcQhi0/r/agn6Ub9AN22ybSBO5b4FMtnn7Emt5HwD58kP/vnXi+BSdqX40Sscycr
+51MWa7zYEv3u9I/+A+TiLxBpPji5i3MUwVydNEbb5LiljNar0ZS051+UGzHof+bU
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem
new file mode 100644
index 0000000000..96b2e52495
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 80 CA E3 C2 D0 55 9C 8D 74 57 6C 6E 6D 01 26 77 78 EF 0B B4 
+    friendlyName: Separate Certificate and CRL Keys Certificate Signing CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBZTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQDDtL08wy2lDqK70D2Rat++J9XUvMChIl
+EzlBcCgkephduAGsuC1OlEoXSwhy1ajQMJWoZgrWr+w4VecOHs1KS/3kt38LOCA9
+Bh7y/eRCfmn7uBcerIL7kgjP3C9qYVKzEVCNIV5SAt55VxraPdv3x+HcvvJWvYuy
+dwjcc16Ik/EET8h24TVmM+TLM9GQFsw6MxJVaPKRr7EPQwCrdZQ2dFQD82Mt5fMJ
+bi1Bt+0wYPtvP9n0h60mEbuYc8FmFPWdpRam9CNaEoh2JGtWoTKviVPzPiDNUCJ8
+y4I00mkos+oUerQSRD2ACwcKy4BZyzqmPis8zV+QQsv1DAXjQNjtAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTwZdo/
+Ghda3tW2SJk7FxQQ10wUpDAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBAEZK
+kUJKVqTUsc/16mk7xqEm9lSFPZ82+KI4Wc6R6Cii4kOv4V4dANxAzwKOGcuKIVkl
+Y+bTze7DmO8BCBQ6YW0mgswkiKn20hl8DrNbjQ8iijTGYFvoOp5CUBP+LPRKN1gn
+/4E5ZxArB2KhCSlAm5GY1eIs9gdfq1al4PDEBRLEK/m6+J0rbsIiJlwkqRgLy+8M
+rPUJYXSGBSsHYg6tuokTqgJ+YUFWahKufCgOduYjfKj+fx6hnMzB63IrGdeVE8xz
+IinTWR5N3cFMngryTH17o7Q0tfTI+Nwlbbk+fXP23HbUYHXK4HKDHMZUHw0qxMeP
+UZXUvPJPMlQvcQqSnQU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 80 CA E3 C2 D0 55 9C 8D 74 57 6C 6E 6D 01 26 77 78 EF 0B B4 
+    friendlyName: Separate Certificate and CRL Keys Certificate Signing CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C90A57E276098AC5
+
+OA/Py+SF4VJCx0ke2ZNdVdlQ+M45GGHp6v+XeLSFwQsr7d3UdrePCBuoGUkvYhBn
+CbZAF9WPugpIEzQN7G5ynpSZBbCcLc/SOgEm/A/vbsdbM6O9apaGk6IfYQWrIXig
+gIlezg5KIspbQkI4dcnc8D7KGdgftpTfd9FEU2xIZ5SPr7asUQ+nOT/E3EaLkYCH
+dYZ7ZRSVmhJfafkiYe/wdIp6tHWF2LL/z93iGfp/nm1fRdfa8bBA5N0RVKhBd97C
+GdTbYZj8rGt8ZWQK40xn3emhzLmmEG3NoN8sc1/l7zfX6Wa+4vPvQ/mUW7lWkgj3
+r4MX2pq+TbDSyVfzq5i8JdEVl+79aOMe7kU5r/FGCAf0KGrhUZl8LI3sD7I498tS
++QNmjyqnFucx/8Vgq6RAqPOB1VHFOTBc4e8xJnVIiZTkjhc7Z7g/4MFH77o2Gffj
+wHTHV3vsoTQr0BuwQ5hkbabWLD873rGvXn59meSnc1bHNrRswwBUsamFMpmsdtjC
+Z8wHjdMW7mFrQQqipsyt9xmzYRjo317Wi7LFwCVxGz7pv3F37LxpoHRW6A+pKdSK
+v4paTcBvqQIH0qhOa60reGBuQiqMz4NVoCxZIARd3NfVzOGis5XU7ps8bi3rPe3R
+W2PG/K7MMeyvOeyXxGyM+nDX4E0rlNTDLS03GINdmNLnRbT7geV12KDs8FS6Gy0e
+KSevEnGrO0d6xITwPhYWOhLOtPTxvdJkHx/2pxbh2RU9jTzByKkoNFTS2PGJ7GsY
+jx+zy4y1knrSfBvtPDW11xem5Urb4Jgebp3gHchijLixvjDbZNRZ4wC76LuU5jwD
+6TZbDkdmKYyXOT0vnIesh7qVUAPebP6NNRDwCBU4+dnct681sDU6CiWcBamsjnzL
+rXPSFnx6NDlkd7vW1t6eGGTDMJsqMfdI2EKD4Qm1xzvdIO3zHdJLJTy77uhS3mrm
+ZRn+Qdd4FEZm6OZDDDDwylrWHKifv4ioyiRMGol054/0AC/UZqPoDdTC/V99I0pi
+XjEnfBs/f5mmX2Vz0sgYpDVot10dmM080wzAO05u8WqhMSFCU9HXPuuvihtNtAEQ
+iIP6CncqNvOpI4PCFC3sr9r5iyRpdSNRXevCjYRPtT/jd6yo+wo1Edr2CgnK8nd9
+4A4T3x8LmZPJOIRDIBYWwkdXf9IUPNPWnXlEbhMlam6cexW01/CIXzf7joTEgcnp
+9P5diGkRECfLirQZs0jrAawDRzFNrfTMyCsYNLfAV5CJJAZI+XIyKkYU5Fm0nbK5
+Ij9t0dOTw4n0ChXWpLf6smJbk0yAKu4MJok9dpy/hSnQUMS7xJMU/EYB7oEW+S8J
+1ZbyHi7zn9Udnmozx2G5O8o9Tb0Cp6wbLXSFRZmOPTMBqJ0+1HwYYGpvaqQ4XO3y
+ItnAciO9PzeOrrwF/KttJPMCjYCxDl1LuDIAhGK0C2KrrgBFzdVi3Q7dJKiXyDS5
+xM3gNAxCN69HYYh71mMNYmUViaECAeByjmeyyMSqBqsbS2krdBX2q1sOLV/VP0tW
+dKyIEt/GDLOOP5n4rvmX3ELdxBbIfmCNoKsLAbYpWZJCcTwHUlgv6w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem
new file mode 100644
index 0000000000..5dae6269c6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem
@@ -0,0 +1,59 @@
+Bag Attributes
+    localKeyID: 9D 70 F8 16 6A 1A CC 2B 9F 0F 39 E9 89 C4 18 34 F2 C4 5C 06 
+    friendlyName: Trust Anchor Root Certificate
+subject=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DFRydXN0IEFuY2hvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmZ
+UYkRR+DNRbmEJ4ITAhbNRDmqrNsJw97iLE7bpFeflDUoNcJrZPZbC208bG+g5M0A
+TzV0vOqg88Ds1/FjFDK1oPItqsiDImJIq0xb/et5w72WNPxHVrcsr7Ap6DHfdwLp
+NMncqtzX92hU/iGVHLE/w/OCWwAIIbTHaxdrGMUG7DkJJ6iI7mzqpcyPvyAAo9O3
+SHjJr+uw5vSrHRretnV2un0bohvGslN64MY/UIiRnPFwd2gD76byDzoM1ioyLRCl
+lfBJ5sRDz9xrUHNigTAUdlblb6yrnNtNJmkrROYvkh6sLETUh9EYh0Ar+94fZVXf
+GVi57Sw7x1jyANTlA40CAwEAAaNCMEAwHQYDVR0OBBYEFOR9X9FclYYILAWuvnW2
+ZafZXahmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCYoa9uR55KJTkpwyPihIgXHq7/Z8dx3qZlCJQwE5qQBZXIsf5e
+C8Va/QjnTHOC4Gt4MwpnqqmoDqyqSW8pBVQgAUFAXqO91nLCQb4+/yfjiiNjzprp
+xQlcqIZYjJSVtckH1IDWFLFeuGW+OgPPEFgN4hjU5YFIsE2r1i4+ixkeuorxxsK1
+D/jYbVwQMXLqn1pjJttOPJwuA8+ho1f2c8FrKlqjHgOwxuHhsiGN6MKgs1baalpR
+/lnNFCIpq+/+3cnhufDjvxMy5lg+cwgMCiGzCxn4n4dBMw41C+4KhNF7ZtKuKSZ1
+eczztXD9NUkGUGw3LzpLDJazz3JhlZ/9pXzF
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D 70 F8 16 6A 1A CC 2B 9F 0F 39 E9 89 C4 18 34 F2 C4 5C 06 
+    friendlyName: Trust Anchor Root Certificate
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,589B438A6C375D73
+
+1Sqkes587j3AgZI7YAdtWcfZKBt6weCesfcJpZLA9jWYXune85Qs6QGZrjDHIQT2
+bDokTc2Icf8E40ayuBEvZ8IVhbxCBGmLv4aKOko0KZCr2/irqrRGc84nYrFQIlZm
+FI7GI+u5mStnM+KR1XaQasFt6wlYDf4sWwqxu5f8oF5D74TsdhuQ6DIjqhaxKdVc
+ju2wVsrrrZ8Aq5z2uy8lmMdsy7E+e1LRuqT1ZyB87Q9eC7LvKaAftFQDzbIu4Os+
+Xx+YxBVF6Rf8/Zzmj30s0GauRWwo8O8W9Iv3Idb0iRiIHlzrWYYLdUmx8TtYe8nE
+jwxovfs8V0BmmzyMSJIFnoYTuq9Mx+8eUUc2bdZvNyYCoNZtyzvdBDriqrMiI1J8
+anV7gXDno7YgpLPRnGB2XG7IU43bqWJPZO2etT0RQPemRA40wJRKcpwSJKn5EpO1
+mmaVnT+CLycq7Fdze/3WZTAPJ2F+i9aLqSCtst2Li6io5fMmhe5zKX8AB0sXNLAG
+28k+s6p6CmOszOs4ADznJQ+ckw7F3eU5671hH8NchQqp9/7OFF7ZTSO0vmgNHrV6
+ZoQGphvD6u29Qam8OfXVxrDU/fr+lJypygcz61WCPkFoOlWBnKOzIper6MJnBwtZ
+Q5Xnq5XaTybjw+9m42H8kKqx9RjbOriJ8O+NEgriGEn+2vKfkCRTMbwRVZAzszEp
+8/dOkueyR4Uvm87383Uxi0k38tQIfI+kHG565Wg65OW+d0i9paB11wUZZZrle+PJ
+/Dm7dskDNEtKh60GxUJV1oUr1dAqSqsicA0q2K1yQApIjH4jyMWr6jFo2lKHSd+4
+V/weG0j8jK+W02ohJ10Ei7cgtn85L+SAHcyiZhRH9eaHlzacZvKrbvEG+BaSTdh9
+Y1derGlf75ITaKmO98LtDVkBVPllxNcQXeYVLSJagcH8OGKDS8TZITAHW9m9BuKO
+T4UOgHAqEDSSWJTVzBLBPRSjLnwup1E48P17bUlg+mUx3B87zKdGrfXmywm0wPpx
+bsTQg8VfRy1B4uwsn4mmPfW1kuP8r1pKlkqDq7u/gQ9jf0R9RF5+ThKOAE7MZHfC
+r+LurSXn0XHZW/1b82vwA50e++xVH9saNv8lrcSmnnU15oWtqTEdQ7huEqbJFIoE
+7EtXQrat2UJixsEgH/xNtMow+k2E6a5cyZlq3Zp1EqoXH4Yz3Om6hSocSigSn9ua
++L+QsnE6RJx7e4ZMT2o4hQ4j/vVrUmWsQi8PV1LjZ7W1PIR7Hk7eTul7XgWidO+U
+3bPd3EG9byKcq86Lr6kUAlLuhIB010d+8RuynZ76RNnEwbSFEIR8fRLQKbhvXx26
+9vrCvjNoYnxr8I/LZcCdg6kVxq8JsHFwyFqzV2D/khu5DjiBAASjPtMt9bK2GY/0
+yrTmTeYr00Q1DNOhZB0xjCG1ncLsrlUbqNlED56lnwx1//UAQxlF221MUOOTGY+o
+n4UXC9mU4nniX7AGTUnRYy92uCOUjhJdmxYsREH8popLPU/GaaEI6SLcRLLYrmTt
+bUUV4KK7y3a85WIkqcdWzKTSxoCYxKKEfKZTIB+m6D+E/okaWWDLBw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem
new file mode 100644
index 0000000000..ead53efabd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 3E 8B 13 E3 DA A9 B1 FF F5 8E F8 E9 A1 D7 0D 9F 6C 7F CE 49 
+    friendlyName: Two CRLs CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Two CRLs CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIBCzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFDASBgNVBAMT
+C1R3byBDUkxzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVVw
+3mINvG9IC82MaVpCjNLN6vTS0MX35ka4XR9DiLjJnct3BjTPol5cSRkUGt4aD7/i
+yY4xH3KZaA1QIqHPrmha3xJq3KDwMOKgX85QpwEJQ79gRoxvh0PLInwOOOLEbgQK
+2m7cfRj8X38DEcLoetizt8bpefYqXg0cK5QQ930x1zdGobj2ZQY1dyfOgEOGbR6v
+b2H2tf4ADjjr5zCuGWgR4WIjeYg1nSKfGyFt1Te8kXYze3ps6JBsZwWbzZL0VzNc
+SyOs/0aSdqas2jeB15GbFx0mBYO7W7/Ruv5tKfQ1Bhndnhy1qOdqCHbjQm7JCW1U
++OQihBTPJua+WcoBEQIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51
+tmWn2V2oZjAdBgNVHQ4EFgQUEKEB1pmdgONt/efud0tf8UnZPFMwDgYDVR0PAQH/
+BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQCCV6uwBSTvSBXTOo/xsmUKJB7luilrOqM9S53y
+ZbAZDMR3CkQTgiofSi1AFmma6OKPSZb621YSc5eNkVIaV59TtMTW6birxp5fimet
+J0Gpccz4huD3mCHl19CyfiTRyHYrnv4KTLJNLISwATQ0kGV+H3UnOWwP/R6edMQx
+AdSlpO5Y7WeDLaO9RdcMSII22qn9Iy8dT2V2eOA3yHjnLozB56H9BV9TFFJaV66c
+rxhupQudk87bl5MvOWx5FSKevJKgIV359N2oVm9G04IRI6uxk7HTFOjXq9sSoNoh
+bWH7xSENkdiWaAwBXlZiL0O4M6AEfhCVrlt/vnklD4vLn0Fm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3E 8B 13 E3 DA A9 B1 FF F5 8E F8 E9 A1 D7 0D 9F 6C 7F CE 49 
+    friendlyName: Two CRLs CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2D4935EC571A0129
+
+R1jy0YiS4UdfbW7dq07IosLgsvObjCKFkQP6taBMFazcJRFQEbpW9mYfGiu3WBWe
++CRslantZU4BLBCeRf2XDmMTmSlQcYQDEFKxrpQvChhpaSF1o2F+9nocQ2B9YEQP
+EXfsCaLKgIg9U3NVujHoG2YlRwJi5SWoe/CUwts1czHAHTxpO6l9ArGm6uKD+SBk
+osetLW0RIuhNust8i7sArQULRS0BmW/HkKMxWhreQGQjqkOF8EyW4sWbI6j4WJan
+OBQ0dK2cxDDDoydEj+JQ3EOC9Twe4D8FXEg2zHWonlRfRX0qf7L1EUZEvVFBu8ak
+ltJsAmkEMl1mrJ0HGlmTm6mQ8DObc+kdOepbFXAGP4/7h3sD+cDEu0+vVky5Cw6u
+0Qi1icscf3BVKFPpv6m1SHNsoygVAGdMSTQV0L6i97LmZOnY+XaQ2n34ePfz99nP
+F3sM5lydLRZl5nSB0kZW/VAdC9dUBL0j3qvY0SEjBa0BQH2qExtx2q/Yyd+T6GZ2
+xRS0dWAq3UXbJNG6UJvWYId3hicZMDEpWpgsPYVQ30LaTYjK+e3z+zaR/etZ/de+
+aY0rH71OGXxF76vAZNOHpMGQ+nvVqhDqjTXaaFlHQ9MFUdZmY7f6+K4BZklv8p+4
+xtZzLanvEDudGxMdNCnAWCTM4T8A56Sbfgss/5S/9/XjnHl8wGSw03WUkMzOrplA
+q4fRgu3nTOFrDILfXUuil5iqfVnKj/77j78P3wEda5Y/IX67aCBqlexXrRuHuz8D
+HZR5LyXbxaB6eJHmsL89/VM5q2PtajK8yqIpjT8npX1/PeWNKWAuuXRCR3yNHQzA
+U5zNE+gOZwb05cj3wfV0ni/R72Oy9SXZSAWjKWxF75X3AWBMekJ+ht1AhFK8ydDZ
+DY99wEMNvUHQbOIMdY+0gOULL+azKlV9Z0fhyvrCB3k5Ek4JuBL2F/f4T6dPaenB
+kp7Nc2xL8e5GS9lWEo15EJalkOn5hn9n/0Pk3OKYVWVZ8n/hWZkcp7NhcYMJr7wm
+LwbcZn0yC8dgH624xi4CKF3ouryHFp3ZunJjyzCXwLSUz+Yg7lSjvz5q7XOm+bjo
+Prf6fHD8L3+4/1gDlhX3K1S1m2U+IyZa9uEkaAdsNW0tmEzVxOw5ROaBLZ2+62vB
+H4W378z5Bwjfu3G/Tee9J/gWJfLE3MeO8ZfC8TuSHnkd512ibg2gp17+lk8Tde5I
+zIf2A9Ljo7TSnFcw6OF6aoZDqvuF8tdTlANeusNhlrQpQWTxeDJm0PJnVwJkZSes
+B8Bc2DuECaCRlSihU4Ex0QcOmaTmioSpz2JP/GVmpwkRpPQj7deXYgQF9SDJrWVu
+WJAoR9kg/m7oVsP6SYYXSxHYSIwj6Ul1nJ1985H8jWljElZACnTVYpCNw6LOe3bF
+YBBJGKDAKjLpAeYzt/v5LP5InO1ReSyiVMPrItNoJeQaCzmx6eXxa6qngNquvZiW
+PiN+HWQpO0DrHyahL4Mjkj/XMNQ9El/LEuCpysYe7cmUmlu1a7bDCYcRr0Cd91U9
+0H/TX8smHEiLc8pE6yQcBM/aGYWJj5YXWZp/lKJp90eqo+7HvbtN+yswMG/V6Ebp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem
new file mode 100644
index 0000000000..1100bc4d8b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 55 ED E1 DB 35 27 4A 71 07 5F CC 53 2D 99 33 77 A9 D7 27 43 
+    friendlyName: UID CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UID CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDFRydXN0
+IEFuY2hvcjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMD8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQD
+EwZVSUQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeFABwDBUn
+ApJRGeo/+64E11KZ3rpoF+VJIX9apBq3DmF5GxhYb5PiFTkOPLN34PwLf3qLez93
+SSgZv/lXeQhWnudJlYLTwyHleDYo6uzFzG97ud10DKLEL4qz6tsNmgOFN7DUsARW
+cniQeA+PlB7FOAq+Np3AU3thtysN9pj/7kfthiHSpnaolauqdQFug2QC/Tsuqlpb
+wdZmC+0jcjz6F7FPOSo/dkTb1gy04sjoA6QRuCAskjlkQvSuviU48CYZwlXJg87m
+R6t5yDk1kv1NSUcL0g7PNC/yIMZiNKzkP+hVOYc/EK8dJv2u8rmp74xCW7Zq6lhe
+jgZF27pmsTuLAgMBAAGCAgUgo3wwejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51
+tmWn2V2oZjAdBgNVHQ4EFgQUED/FBDDx2EM2hXlcjI2Lne4vHKkwDgYDVR0PAQH/
+BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQALOuCe7LwozytIfL3W2cNZdLVrhfOXpE/spkte
+1wi3VLrPYFYX/WMaoL++FBP2Ct3vMRaAmBHeAScN+FYPXP5Nc4DUiDlDXIC7oHJa
+BFlZq50K9sUIfDUiH2acsdrNqwh6QRO5+tdah+kNRmSnq1x+b/gSVkruCyo/hgLe
+XuvjLlB9CHf7FcD2TjT6kVHwTztZVOyC3PD0itzmla8BiY+Bx27Mmhk9ivQLeM/l
+ZXScBDdjrKanYIqmcvdrHGVRjBzpMQE/Vq7wwb9pDsm0nUiaHcfJQxrzNOlIsov6
+jtBJCP2luvGQia/7gwP8r6Ft2SsgMqH59wBxSipXP3qpz6sS
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 ED E1 DB 35 27 4A 71 07 5F CC 53 2D 99 33 77 A9 D7 27 43 
+    friendlyName: UID CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,390F5B5463C07EF6
+
++b561AnTMFle7QTjksjB8FPxB8vnBF+TY5ruzWhIexa39ZBXY64FodVv5tiFbpHy
+r+zHzOkowBnFCgwn7TLyWrKg8cq9hR//07xDlGloK966SIRd+ZJ+pvVWUMZyyN4p
+D40ANS1sBBEhcT7P2ae9+Mz6Mv+cDRE0//qJ7/BEc3Hj/QxeGBIThSMKRReJ66jD
+HScThK8MyEUpfuz7PLd2dTFqxWjk2CuAz1LsseT7RD70zr9wiBmS0q3Fo6JVai3U
+DvTY7xViSPbPtZjkZ0NkiQRkXp2dh4r5yj5gCEbq+8wDDmC3qGhI8tVwF7rRSpUt
+IrWo+MSTgazPd67NsKVai2uFN4c5ZD/FrBOHaS63Boa8zX05VT5gYhfEohnlz/hG
+CptR5Oq1m7D/nSuKmo4YXz6BfkXYE4IWupylKkOs71tlNCyYTBfGUMHtDjqcaLU+
+3rEEFSeUwxlsA069OKubZ30a/A4AJGqhujFM/IQcgDXZnlBe9aSNxYSRFiGedOgD
+RM44jgKJviBx+wzdQ2FPUGPQLLbWd/9QeNyEZZqGVaSDXfaFvmkkKjhqKVKq9qrF
+1EEKFiABCuP8P8eIw6fS1SlPauYE/PRqF1vKZDvtUElsCpWR8uE9837rPmaY3dg1
+9plIDyxZQ8/JELqRu5suIAgZsfO9lCaTCvAtIjDcDVCxp6PcGRU2QX8BAQ5EMVmj
+3ZinX/AKCbiySnLXUOTt7Amo88rXqNRxtNPrcRZaRQGv1Lc+O492tYOZLwawLYAt
+OQPcZnHSfu6yfBK0p9xRroJklX086Q5FLdISb4AbuQlP0plzunXcB5aV45lyJmya
+VAcNh1edLl+WK6WG0/MDoYX7IAtpXuV6OQ6gmuAogPFvhD6Tku7gc6WVA5ADrxew
+H3t9ssfQ0vsWiQdDd7LjC+2ft1kfc0FxGOyA+A9Dbq19fXOjWrYi/oxuAe+RRauC
+zFfzUNvsZJkJFPOHFuMjLrZ5K8SYxkgiromqtgq8lZ8yULme/Ano0sm44wO0No1v
+fClibDyBAedvroSYqaQwHoPd9j1+3hIBBGQGF+t+qZRKkw8CfrSQYzfDYUUcLn3i
+v/GhxTgIOpGw+kxdOYjUQsS760/7Iw1ZuBy6kyz8J3RHntlTUC7bIvnlYTG4kQa1
+/tilt3cOmyZ0ONyIHfX/ErlSf7KBxyN0FHenD3cO888tbRav0fMmRT5EWe2LGg/a
+3a0anl6W70s5ypDPb9dhgfOwuuoTUzTjndF2IyQaPz51IoSoUWagIIjmOumB1lwv
+W/2b3Tw9EAXq+1TyLalAM7rRKLTGvjSEpDJwfvp2VIj8UnM2RZV9oxi60SY+Rc4s
+rqdSXMjnrc/SYZMVNp7J4pm/megIUAIh1k65vA+DdtyzELfXw8CY6reIHhCt5yG6
+/YKajR8Wad+9fV6Yu3fSKQLRtaWGtOJ7sP/Blxs36eGgWglvBx5sXWGvnx70HV6D
+8x07lawJaUv3LTzE8FiY7jmLgCXmaGrV7Liz7mQV9cQQ4qf133JtBZlAXH/9Jnan
+B8tfwvFPCPMUI+5t9fPq0APnfFHIowss70IehYQYqPWMiX7TyzY7mw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem
new file mode 100644
index 0000000000..1fff9f5e40
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4C E2 7D 0D F8 76 93 B4 5B 55 34 7B 13 B4 B5 CD 6D 3E EB 9C 
+    friendlyName: UTF8String Case Insensitive Match CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UTF8String Case Insensitive Match CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoMFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLTArBgNVBAMM
+JFVURjhTdHJpbmcgQ2FzZSBJbnNlbnNpdGl2ZSBNYXRjaCBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMG57Err72Y6WVucCLR9vA602ukJ6SGG/fkb
+m3MdFHFnIlwT4bTqW1vVDbWM6JGk6Ats6QdrCKHNepQUivKcTaOf+Z/AM0PF8Dm+
+/46w0H8slEycnjp9R9kVq3RxnfaCVUuoT1GUilrIl6lzYDbLmk586gIDHiKIB6G1
+EB1SbyGrTqUb4PbX6BqTP3DyMagsCXbB9mQtdub0TMopxgLPhx8c9J4dT4GT2zN0
+YhDhy1j2u/fe2IaKQ/cBYdli4UpwlJzvBQj9DChrTUeMU0bE8LUUot/+SgUnJzgM
+00LL1siFE9AwjpdtBp5TZWaGrGJGNWEzV/jiRtmiAKoU5qMr07ECAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGDfGNHK
+qVCSERchRNJ39Wqtpr54MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAXDmk
+vYzphSsHCShEza+0eHMVa+8vfRkgzCtHfL9ch77919MmuIbJSuXxvmkV8bwBdIzV
+A9prai62c2AAPgDGlFpQZwUY+ead5JWxnqhdhSbQQ82GguuLbjmwV6nWeGuNwX7S
+bLSt7V2e3aiijWB6grarbdReY0c4r2gceiNA5QpPmFpnL1r10GnE+hCf69dLJGpp
+sAzcGVaokxKA8DZhgag+Jv54NOMZKH6o0L7p4peM0l/acVHkLNvHmZTgjrz9If44
+wHSFmxIjghuYD5gEKtvxUm7blklS1anKqrHHaqQfYWyJfBAwdgNjiASvlfypETzz
+801tbjXPclw1G82spQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4C E2 7D 0D F8 76 93 B4 5B 55 34 7B 13 B4 B5 CD 6D 3E EB 9C 
+    friendlyName: UTF8String Case Insensitive Match CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D5A849F04F091743
+
++Se5p0hI32zfLidURyAPBD/QOrv3xuIPNygZ5Pu1RlSfya+tMtQ6Cl1w9FfkjQ3N
+qxunN8Z9QvRgy9ygSzSb43/zdPPG35tQsiihMqW3em90ILyJ+ZnkT9x/FmmQ6xHW
+ixAQPtwkGmC++FqPxdn4CzS2JaKihRkY57fbphw2JbMcccpi3qltSmgnL82mYedP
+2qYmQcwIryLrjU7obwfseTCW/jikAfTRSqHUS7vmXgSObuIi1RLT+botTQj/aV8B
+Gxgkjycbs0iOC5/O8fpw/Izbw+HpdSD5Rm/pEkT466hkrjFZodx1Wv0rUt/Dy47o
+jK6RVf620veoSotzmb+Em9wlkBoow5Mi8dGGT8FxsuKFE/qnG74QmmISNPHqInP+
+gLLfimbJ8IlJr1xVZKBTy6VgzjIwIWC6StaP1W78VC6n4qicSos15G26wrjwW0aW
+U+BRDmM1jEUhn4X77WDwTmk83+ku8PeaKJHCW4smruFWtEetFG1toZC8zCa50/JO
+FZVxVnn3zVFUGpd4m8kNiVXt50yF9zJ0jm2FabOHDGHuFdyyxjXRL3/NRX5inAgM
+/b8oCkLMnrDGbX0DRGTzGYLSLkGijSknvXsCnGoHVTJ0aHfxyK1adHOZT4zcFXWY
+NVg1TrYXfAVI9eZehuTAzfiM0a8tygdF7FqzpI6vFmSjnbyEz65VeT8IlxvSQEfS
+ZxWYH0Il5Zndh77mX2BUlxNThFpE0BHISV3zJpdfKozmaUl74VCn+epaB9P3midf
+7Ku8cCCTr9MFxerQH98BLFrMgKUO8CJ0n8exggk1ozKNQ2KNkKKwDoIvqfFn/TEO
+oJVAQUliB93ioiOHyb0bhrm49tmo1FmMyV4hX4/lPJ4E5O5kQShTDdrDUhQAgQUa
+cma+8oN8apz57CWaBdmXKWGEGNx/tP4LnUnbftN8gXTGIVTt+Vc3ihrwVwhbmzEZ
+Kdsezyi9aPP7OIt+L2156WkC+Da1VnZUnGxvs5n/4NG0sALVmJYqMVsytpzkXuFI
+BgBTp4KJlAjjuqsWe4D8yRgLNQN3Tv8qp6eaFNhkpBZxrPB85B+QoLSog3EgE3tr
+zPx/1+yaM6LNcqyuGB7W7B/kxz0AQ9wekJ+qrtC3aN++l/fc8/wGLkbjro3vEDJX
+0TwlcLt40p7udXIHTukEHztSgD6LaAgEwtWDyfZUPPdZdw4mKofpVhuu4Yc+mXqa
+Ead5sDa/xGHC3H7d5T3Utmyospzs5dStsjUaocmLnC0Fpik1hlU2+I/2Qt31AEWt
+wMvylO8qNzbqtKyxLyBpPN+0LE5NWxUnBpr7pSfI+q4+VvY6BJgJNlgDAoE3Edv6
+9e3gdQ16jVBBfkUDbit8s6Ey0wam1kQwUq9561A1ezpa3HnzeKf4BdJctBa4CFip
+Mq+LjtHR2H76kFNpKjKbjuwsUcpjAug3hbNX/2H8NQdfrA3pjyZS4fQlqnhfVB13
+ZsWgaBOnjHOYm9gvmKijLAsSk5xPLjY3W/xrQDQCbN0LiUZRQrukMYxqE+Qe3w6B
+9f0uzZ4nCiLIOws2RUZgWYTq24R8VHAnEfLfUBVcCvLQeGNwPL2GgQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem
new file mode 100644
index 0000000000..3f07a3a22a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 60 31 94 D1 83 3E 52 FF FC EE 93 39 04 04 7B 80 DF 3A D5 74 
+    friendlyName: UTF8String Encoded Names CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UTF8String CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIBYjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoMFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFjAUBgNVBAMM
+DVVURjhTdHJpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp
+FMdocNgWHWbH/yYbXj7cmkTMmrDj9bXTRwJQZM2I/fcTefta90CFELGbDX2RdtAn
+jlSJqkydCKjhhkKXfMQFXJDlM6MQLf4rcQoxEP8UI2KmnbkfEjfsyGBxnSEFWe0w
+ZZ8z5eWrLyIFZYk4x2Zyc5da7szsOnu63qN15kAJRf5qLTQyBVbvG6pJrOQaDF9I
+SrgA1Sj7UW2puqZ40fbX20zywWxMEIeX3QO1Ho4onJXwi81/LMjZ3CvWqtEuGXo+
+D5YJHhMBx2Ok777u34ahScf3f6h5YBixNf69RCCIR41Hki/aJ8Uwir0Ylx9mdT0X
+fE42LskS6v/MsFLGUpCtAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBQ7Z1tE8g2nSH1zKYyTn9Uk4xJgJjAOBgNVHQ8B
+Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQELBQADggEBAAP+S9Kl9ocPuIY66PoFSDnkqzKGoqlaqslJ
+7f7oUQTUwVKGx6hxk18tUGCR4rof/JpLBj6fjYLcfAutev7e/ZZPf+X6X9QlJW3R
+pqLCIcGfa4k0LdLLDIYUGKu3YzeByWf+7AHjrFarwSxlZSHwooknYMokxMrgroLo
+Mkawy5gZSMyykCgLxWtJdCHq/lSxLnseGN7Xfpa4Yr4ST9GgF3oyvMVIgp7jJUAw
+15Yjtfpu0NJ0EkWbLp3k27UG12xDzC4XZUfco5ecXy0Iflj1USDPXUMJ+9etyJQo
+6ctOAf1vXD90OpTS9YynXwm4VCqRRISItnWSbLIvEK0zg+YrB1U=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 31 94 D1 83 3E 52 FF FC EE 93 39 04 04 7B 80 DF 3A D5 74 
+    friendlyName: UTF8String Encoded Names CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F85DDC9DE7660E27
+
+yaEWNpSej94SaNM/VCAqe163L0r9ncBBhhHlsfECuxJ9sq8eJ/UKfg+CVACGk8fT
+lzS4PDjrQ4Hb5fruvgM3FGMDFDmX/7FURmwKq4Y7yxqwoSzDiz9Fkj/mfHIPBvnV
+WR/LHseGpQsbk9l4fJnT/h9HDFH3edhMIgGZGn226QdvJb0GOOO+VcmnD1wVCu9i
+ljMGJ+x1RsihD2cpXPLsibtTpy37FgGBGsE2Q0yxILF6HpjUXf2GpJ3IKesJXCGv
+IqNj9+JlUs2gWb0sio7BBq5u2pM0xug0HfR96s0R3oKSr6rOUCeqggd2d4200mv7
+o80vbwA6/A76W6oeUV6hpZcGOyGrn1PY3Re0bMzPDOmXzesANaV4iLC9Blcs72b2
+Ip9Mlf9270wyAx87X2itSCrWV8Q2YKHIrKGwpfW+Ew9L8d7nVOn1XSvjZfKuERVf
+ssOcd53yapyM/jRCihvL2TeBUjq0hF0iLvzjfHhfptkbaxVQAGS2h2yVu/HRCfsL
+tYKwa3IoZkxZpv3MA2HAOWs6GQaAsIH9pCtq+PjPSEgSn0dlNv5Xq1F7tXI0/FB/
+16rQyrDh+GxkhKJhMSE7KEGdIWmkFqGAxibVMhGEF7+OvNRsbYKy0w9H4vRdU5p9
+TBRF57fsj2IbWk3f9BNfV5TJn61Wy+g63I1Au9zKBt44UH1MqfDdG8iV/0BcX3M0
+YFuZSE60oqKueZYgEIR0xJM66uQHXCuP8f6FiJ8Y8EnE5fTxrBDDpsnVTZGe4cu6
+7RVAVuPb50jsEerREKNuyzZcIphS+DSIXeMZKxdijP5gHRdCjzVcVcNyMuqJXyi+
+CgfsfcFLcLFhx8UCugp/2ymVVmXp4eZ/hRO/7uPpV5I0vzJtbwocaaavH+6uSZb1
+oznWLPu/EpfjCS9nGWwXiNfuiJxuyQNxmkGSbAOwxHHnk+kBj9XJdVtFRSEgolSU
+5FKkWJeJ90FEN/6XnnLFy62fwH+VdYOp/U7EBPza9jplrwj01EaH672Hx1ijUDyz
++FN+X6Ny/EX4w6+sSqnTBFA43R/iFfZnM0cW2vYCWPCyt3lbVqFxpwb87o1Aa153
+YLENm6i5oCNaCqkdmov95efxVpJCGmz7zRMt0+f6g/VvUHRFCy1aFS5al5l4gduf
+uNpC560+bKO48TZPZkUhrqZGWHZL0qmEN6VkKDTzFc7Fcp+twptI1+Xcr04L1gNq
+o//Rr9D4R8+bfpsQ0b3chB6AnsMrKp1A63JmCGxUfkDyiPPzAC7P6FCmfXUQeNOM
+yaP6RCrqIGKpfApJDiDBjouSZZX4FXXewdehG/yYZBT8Bb70M0MOdme1s/IYWcv2
+qPcQ0hkWBOTOhsV+q8bZiyVZ2Ab7WgqkXnDcZC6Mm8JT0CfydGaQarvpuA3ulYCZ
+3dqCbrXdaC/eyTISfWnmrWWf2yXSqyZxZoQ90CE//ll/+W6MMfQ0v/nQ+9in4xVO
+joJpnzDKCLzH0BDD1xFI6v+IX7OtBoYw1PqEdt9gQyoPL3bS5TwgJKWmU77u8FoT
+hYo19g3+GGFYfuTYb+SNsl5rSLiiWBMpdwAyfU7wiOpy/qOnkQJymbX6CakiX6sR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem
new file mode 100644
index 0000000000..56a0860eea
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 65 43 CC 9B 34 B2 75 2A 14 F8 83 05 A4 1F 89 B3 73 7F 82 
+    friendlyName: Unknown CRL Entry Extension CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Unknown CRL Entry Extension CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBDDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJzAlBgNVBAMT
+HlVua25vd24gQ1JMIEVudHJ5IEV4dGVuc2lvbiBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJq2TVjGIQMG94IR0AGNlX+dXBLDqMZwDIJxAQ1UbqD0
+HQs4NhG/NDXeV02qg40uMBG0p4b3s7inEy/NLdw+ttgTkQ7XZhf1Fh1BrDY2md9z
+kgigRRvTPKJjzbW/nxY32ySomL0ABlPyQQQg7Fy27cWeqLbGFGF7K6avwI1sdnGw
+/QzdLvkTGSEWYGRQrfTJgSf74f4YuOXsiHniQ7Ln7pTKcGlhgLDMxGJOSb9bnaJ+
+inxuz8eDlNiCTu71qN4iKwJgT3Ch4waqG7w8JdoIkxDmkKXpd7ETKdyfYk2kUt1c
+26hvv10iWxUPZ+FGjSx6vJzC/S5FGRl2DbBabA4BcKcCAwEAAaN8MHowHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFACmGcuhLU0oLyLz
+0kw3z/9MMM3qMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAn+VVEQ6vEy68
+7EiskrOXl33w1rBT2/JUlSZnws4hRhBd0363UhXIGd0N/fBVGas0ufPXS4LtYQjs
+lFpO5UPj3aJGk8Bq9t+3DvPz5rOnTZCiiSZu+V17QmiDsKnNgS0YWr07ESK46nzM
+5mjXhARQPUkbFR7UEXsFVKU1GTvr/YwGHQ8wTvIryrIjgVI34tB37i1JOEK3j3FP
+lDUAGnaDIz8uAl+qFNX/W66/haHjDtwVa77j97HOA7rrhpfEkNaaOpjDxKPQLSOG
+nKitdrq2S6Q4TA4mHay0XpbaoDstAOHMDKOnZrD9XDo3szNWu3DVXhS/AwiI76Jt
+P15GKWEzOA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 65 43 CC 9B 34 B2 75 2A 14 F8 83 05 A4 1F 89 B3 73 7F 82 
+    friendlyName: Unknown CRL Entry Extension CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1F9F099D8BC977F9
+
+Pht6nyk49343UgIQNTZHJsR6hqAKFrHqQXCCcMqSU+cUfp9eBZlfY3kIDy1dLYrc
+3XRGZaD9hMqdy4Zb5JwTUiefw/KSs6GE18bz+eIvKz2iq34OZksNYrgF2V0c7IPN
+e94dTUvCL3fnSOh/UnSuJ7G3ySCU5AI0pi6k2J5x99HMIp+I9Hn67rXhOhlMTc47
+dt5HfArr2EaYYdD7NTttRwpr+37mx5EYbByYhN/3q3paC0AxRDMpktSPSniPfp0O
+n2Aj7kaRsOaagh5yi7V3cVJpbBTBKoqyQO+xUoFSZ99JcvOi3IXv9uMsUAcLtBG6
+6qNGVUHadISQ2m6XtVtzdE32az/Uj+AXYPZ7/OKfrU9rmw/LVtvxtvsX6cfxjZ/R
+6TMhwHzVpG6N35G+Pkq8FRpjMMkcdyOurTpUZINxgyeodUgPyKmOhrQwFMae1KMK
+aZgTf6RinXSlS4QOI03wl8+IvqdlWDZnN0AG2ZhsoI5dEKyB3oAG0wz8zlLH2T84
+Latr7ekgncqtXO9rJC/D2Po4rG4jTYrucUmKrRvXdN7hV8stLUSnhQHNjqrcR7+d
+HKKtglQWLiAPq8ytY372zGd1EIpC9qMFZNv/IQAMZqrCt6e+uMN+nXDJDPB0w7ws
+nbvl4t8pAOskfOY05ode2VH5R7QVr+S4FB0iH0ARUmyyVNe43QGPjxCEkocB5gLC
+/cnEs4u+1sKG4g2Jfm98xsDaD4mSJqXBsfz9A59jYMjcNZeuN3ZZ09OyyHmGAAHF
+O4xYOEMzU3RjQ4CAKqD0iaAhw0vxMRPBL6rR0ngTtrxRs3890revN0RwN+zomtTM
+wuyPL7b9KYJq0cFe+262AHIGi73DdgScEsyBLiXs/uwW3YM1WmR2gAy/F17CQLoS
+aRETP4pEcMHzX3vagkS1p8h/BO0cfUyob9ABybJiXaq8HzgUygOFjbRk/wRT558D
+bxzGVSNnTCvsGSoeIkmQuCjzZ7WqWmc4AVCq2yrYGqxhyzQlTjH0LZgfrz0YmliA
+PQINURKMvqPhsqsav0oKJ1LWwUkCYqNhFTAXsx7o3hdxf7mahQVvI+jhWUHhXIG7
+Qh80bLfTQsBy71R02FfBhh4jGJD0OOBxQJV09tkQf1XmeRTtTrt0AhOViZa3/KjS
+d9sGWWjJGeV1tBLJmEan/qNXOozM4josXaz8ot2c/2ERbIapp3lkNiHMh6tyPkRF
+ayaa6E6t2XBLaGl3nlawrXOozAdQbRbzMG8hZ7XjX9XAGQxHR7pOzEQXfJp+6BYN
+KnV3Sl5REI7L3/AuA/cABFA28WqPVOjzgBVAU5MfZNn5wgxqqkHbbpO6oIEw8awZ
+2e3/vpqkU5HNcD3S5fqcMVTx63Lu93Ry6RXzTmRBGoAHtZ3i447sTNTrO2DgckUf
+e6MWcysrUi2TkX6t2wKILhLUx4QboW7HH4WZjXUNVd+Jj/cojX9gXPDoTN5tF1l5
+oALvgZareTUYCW9F5sfqcIIZiGQYvhfFJeAXYbM8WI7ym+tIjzdEfUeP4RdtsE4C
+/xjA1sgGbZFF9FalzCuUmLLSHwsMo0tZZgU13N1/Qon2TdvT/u7BEnnaPPeSm7pB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem
new file mode 100644
index 0000000000..978a8f1192
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 29 F0 F6 2E C4 7A 8D 77 56 2E 28 64 D1 A6 96 7F 3E 14 3B 
+    friendlyName: Unknown CRL Extension CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBDTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GFVua25vd24gQ1JMIEV4dGVuc2lvbiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN3+bmlTsYBVkvHVXNA+SAx982qdi4yGQL2u0PlcbbsFaWN5Sl0U
+1ZF83NTAmeqJKesUvJKicpijbLSt4rh2VVlrwDEe2JL+D0R2mSomny8ViNAe2z1Q
+OSolQnAr0IlPE071WQ77b9kSWe0HOunRrORTQNEDmOS9YVBMW9hv2YtSSJP7RMht
+sV14x3JLmoZY25YlNo+nWxakLuabNERqfvK7+aZmlbtjGpkR9QsGouSHMJtH6nno
+tSyjg9R/RJZi5hUqzNz/0iRww7VUcIkr85rVAHLkHJNdOy4AiYOEMXpiq1gSapHO
+iqzo5WwU07AM6eG2pqUNurj/E4j9Q4K24lUCAwEAAaN8MHowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFP3//hlN2wydxaLYglbrsNkQ
+YeMxMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOMZEqelK1bLZqjY3Ap/i
+vt/zf0txQmVZooyCElcIZMGvUNrpBOUnAo1Pl9f/I0SZImszjOxY6gS7UJ4TYymN
+n6z968x42BiptCW560/djERAq1+15AGcTd6E6o+bAG1n35uVECkEj0VCovcBRJRf
+l8tDb4FMl9lTU0g4dQb5s2rjy8RWJrZ/DRGBTvniDUE/TYKO4LYKEWmu4uTTNnba
+1RCG8bGe8vheiIp4Pk58HklrLewClA2NiqSXmOgpl44FlGeWuzh7xlkf6cVVUuaH
+553QGvjiDd43pJKBx+ihsFfHzelGfrj1BrQWaRWFoR7lX1GdgUDsYvhOK4ybEKpb
+/A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 29 F0 F6 2E C4 7A 8D 77 56 2E 28 64 D1 A6 96 7F 3E 14 3B 
+    friendlyName: Unknown CRL Extension CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BF8997AE3F28C957
+
+Yb3OfRlikZzGcSRuE9Q/nGEx5tpHFL9zZbku9ta9WZLz1NhJYUBIb/rUud7UA+EA
+GN6RcKMDRfXwa7LTQjU8miQFwyfE9QXGsVBKFeRQ/SSPhvyyg+XErYmszsRYIJ06
+6MND+TKTKgbOSi7aTsfLPjLBfsiI9w9dW3Xn+Sp6+ViFZJCN/yqAalVvHsaRR/Ex
+D5DoipwaYcIr9wUW/Is5+xWdJOU46c4ILxao7kGtBvpf8roRfbY/pHND6oBK1YUB
+yZrnI32gz3eUXWyFibAJSvkOqKqXLFw81sN7+WyHLJJmNR403GBBBD5OxPmN74Ng
+n3lRQJt1rG4W1ZlPRylaiOeRwxIATqKyZ89ByJSc8Q8787o070eMGWR6fsYaAiHl
+HmjI63HXyqvF5MZOMBFBrHXjSBPOLqvDLqrccw/sI7su/mA/gRg76ce9Qx/Zg1Pb
+oF7zSo59fmFG7AsROBvVHK8GhPjYLe7t/cTNMh9mpX6Wv1KpH7o11Zw7ldMLGoZX
+t1X89dcj6MX5rN0qOHM6h3nVT1PQMIVPZRGKnbGU+sAzsd1W8wgktWWdHL4H1ubI
+yPCl2NGOLObTBVcmrk1OzGhdiDaexBjpwl/G9oLp+VWCLZ1pIMhn9LLYmT/ii85C
+cI8C1oYRncjgl9nRvdnpFWnsXd/1bewuIa7GS8is/4Yd8+aPwoA7X1ngZVfbvVU7
+nMogbZMp13CKme5NfSLxANLRd0v9sSbsFybg9seXx3nUXBh/GmIOPdYv8ZzcWf9y
+gA7bXH8VQGVdaHEPWrwPUfN4XMFPP7YBZlH8WOjxBm4hQIW48odVOUn/DrxumLPi
+6TvhUuTFnQw8G6xdLRb7HSOq+AEa6Vk/jdjj3K0axopByIUzGkz+a44vl3VnJGO2
+0uMpxbtlWqogEMESI8TzKJiugZpHc1DS/g/vcCx7lXwOVBXVIuXTBMkHAPQosfbt
+4NtB5D080yuOr7XBjzTvxWsMdWAFbbsLq6pElLVUf1ZwCa/xkqPU1FMHqUAJ6cUk
+VMMgy11esel+7Fdjg63f4wCq77me4Cg7pQU20Et66WYpDvKANB8dq9kilUKpSUAk
+ocBoFW9H7ERN/5i+XSzNIDDR/yeB42nqcWyN3Y21Hi0DQtEPwiXC+ye5SQZ0lDqJ
+CwAOGh2ytkiMua8bnDi5j1x1V+AZJYDSYHWagCypCK5ZgpRcOxd/9wAQCLvUoM5z
+F+y8KPvDbjw0Ru74wZoZgNB5ZQQHYcfbHjvglmu94vmL+MfsydFbgLDUXPIQj3/5
+BGiFm04bNP7AdJ0UC6J9yZWt3vL/CKdwQrXVp63Ix/v39NQjOT7MlvN5dZOvwMg9
+ED+7iCvCm+DL2h4wSOaf0xxC/74d2gh/5DzP9iX1YcbIpi5KlapYBEAifHV89HiK
+X6U3PvNVepaeeQmPVKfBVxYDOCQvCyUDZRlqEXVnw5rQhJfPfNj+apuEFL6LwtHx
+lKiuBGHoZMRFXnHgeGw30Ih3clGPvOMJm/Vup2DKEGdpuoAUcpjxOWK9aB961wmR
+p3czkqBheX2IrzIXlITEOM1dL8iud4qYGzTAJudeBaNLaLmcTrHp3A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem
deleted file mode 100644
index d22dbe7f91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem
+++ /dev/null
@@ -1,59 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC7zCCAligAwIBAgIBKDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBOb3Rp
-Y2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxNTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA0qDoX3O5t52G/m1yV6MSg0EJQQn8QFWgZUnEutHYAAdA
-GuRrFRXtkbdQkbyePIu4nzj2LCmMAfVM+QlOWLFCnc6/s38tfZDAir7WFHBFyUzB
-gkw+q1a9DIXfaq32yn22txxzus3dqRZJui+5J1DMNLbHPYS1WS7Hu/3dL5ZoR30C
-AwEAAaOB2TCB1jAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNV
-HQ4EFgQUHYqwkDHyipKBoBuH/YaAiORSh0owDgYDVR0PAQH/BAQDAgTwMIGDBgNV
-HSAEfDB6MHgGCmCGSAFlAwIBMAEwajBoBggrBgEFBQcCAjBcGlpxMTogIFRoaXMg
-aXMgdGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDEuICBUaGlzIGNlcnRp
-ZmljYXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwDQYJKoZIhvcNAQEFBQAD
-gYEASWwltYc1aGeHLYySbO4SCTVSgVrZAXfAoa/0RHmL0et8olJXCLdXTMq2/6rI
-gibDeTUDQ2N+5z23QN3hDG+Syz9rDBbj+m3MtvcsvyyXFK62g1NhZxyw1+dFrxwK
-Ci+jbMqXaXsdBG6a9cTYKw2geUpx9ig46FLMyn7idA7OrrY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem
new file mode 100644
index 0000000000..27b2cb33d6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D6 18 A4 68 95 87 7F 71 A3 B4 18 B7 4F EE 96 67 22 A1 C6 3A 
+    friendlyName: User Notice Qualifier Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIBKDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNVBAMT
+K1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkS8nR/CBLM63BPIASc/HIZLUW
+rQrETZeD+GSRfJD3dhns+yVXSruNS2NJIb9GJ9LWU759uH95jMGlAmFltbdAyd3a
+AZPqvAYmi8ZpCbS5z/Sg527s6XPHGFVjLWKuK9CN9GUyH0f9dJ2nuQTZESbELZRT
+2G9GOnaPKaNet9jlmu3ykU/av1UNoLOoJ//8hXRh3NaeI6c/3i+N2eTD26t4IpkF
++ez7xx9ULTjw3xAVBJDJK+iz0KdfZcVj65ahMEmhWZRBzn1qLhboVnK7cRzCNqWz
+XF+bIVRt04TaZ42laGLqPKv3cJK7KdRYxt9gRVNXnthIP0U8RODhAKlBeAALAgMB
+AAGjgdkwgdYwHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0O
+BBYEFI+sjau3vxyGncC/k0TJSTOkGg/HMA4GA1UdDwEB/wQEAwIE8DCBgwYDVR0g
+BHwwejB4BgpghkgBZQMCATABMGowaAYIKwYBBQUHAgIwXBpacTE6ICBUaGlzIGlz
+IHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmllciAxLiAgVGhpcyBjZXJ0aWZp
+Y2F0ZSBpcyBmb3IgdGVzdCBwdXJwb3NlcyBvbmx5MA0GCSqGSIb3DQEBCwUAA4IB
+AQChryB49S/BVXmv59TlPzJpVgyW7PstcWfaKX7Qbf+Fg3ef50OA33+0qT3dQz+L
+jU0f8PMJWfrez15/izohc/YZPY2sSiJ5zxzvPGliVqDeHqnJTUc+nWT0yeghmBHZ
+NEoNVSVJvSZEesXLCmNQh9g3BVZ02jx3dRDfRFesaxtTIZt8pazRdmV70aXJlT5y
+f0AiFsHzrk818uk2bTipjZcMGExgV8umbnjbk0P3UQPnhRGmGGH/GNytL1xO0br9
+dtwq0BNDWMELT/Ba/LhebotG1YUCYdd430Z+BxKk7gkwhFADdkbil6yFDmgRsYSY
+wnOpVqmDrMivVvLaqUozgsX6
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 18 A4 68 95 87 7F 71 A3 B4 18 B7 4F EE 96 67 22 A1 C6 3A 
+    friendlyName: User Notice Qualifier Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4B3BE0AF537F0D9C
+
+qJCpcjplG00+wJZIKUgQSCY4a4afYIbUB51eBwSfEPAOqD1DwB4Blhs8GI0YDPe3
+vgcUUqgMzOjzLNNzMp79X4dHJ2HAWMZ6n8e2nTkjMuRDyoky0OLtnJYQ+qIB66Pd
+UUUNQWz3SU174cjRBiiGy04/l6MDhiSsMAbEcf1qAJAF3/cyJmAefuUrBposYd5o
+1Os2ue3eU5K8bXjPGuo0ygwCM7M9tnK8tlk0ppH7hEuxdSq63yRhQ9zc/LZXtmpz
+zT+BV7QAce8et444v6HDAY5rxCL/guPNm6vqJwRwrQ2+9EbOzjciVEuiSWAIVZg5
+aLrFKjYU0863foC7ohaNDHKu2sBbDo7V7cFIsn/emr7bKs42eE5eS3ihWTjgcuCK
+Ew3jkbgWTFwW69+cb9VLzx5I1eaKBDU4sVwiCydOrF5pvTqC32CUwou5uF72WELv
+krm2b6dldjPn6TB3VfbXjwnKr0kdlnb1KxkK8n3DKuiHgkwSBBi/Tap0Stte5pHB
+c8ezNy4/WWT/lwzQQojWfVLi83m3DDz99uMG2JztxyJtN+PG4Dj+sqctCUf+dcDY
+EXicdcWIF2jvgb3+P4CIjJ8fQ3PammaSNhVTOOpmRb8Mz930E9ylrMxTL72RaY35
+/gkmVeEkTCb9T4+itQ2YJBs0TFlIAVmUkuJTkwunLF6h0N8N5CWVJV5yulmSghSB
+5NBsZKbxWBmx7qaH4ZT0tFBjelvV9isgbi0nuJjKNq6DDNV9ZemAKJC6K7J4m11x
+qUombB+njrrbfBmiXjOV/jnm3CRVcvd1gNFG706ywHm1SXvTUssmOB7t62ETKmNa
+i/4ti1O42ixjXsw8v/dydhFy2PeF3+STAD1+pkgb+2RBcHdSCOWmTMpEudScig70
+NVR6SMl52Knj5fuIvE/mJyCv+YMCJYOSMernEh5YW0YyUAUNz66u8n/I47GDR6gf
+pPu9ohQO16lbW+PIV96NUfChwgoAX5jf77AKAPYR0CQ5kWke4Z/tA/lLk3JLqYHy
+cx6LyMLGzeBgiB3Fh/PHdN582SrbwXxynBT9iBZvwyV2hN0Id6SlcRFEp7b133gA
+bz1J6Zd3zwaefUaI/8mNgFuzVNYy0zkpW1DzOs9ZxjFdijMQn8vpISzj10Z56uI7
+niBJDoWKXhg9aQIYtoyPy+qgSwYF5d1xwAHRnMV0wplGOqnIz55+uZH5FnNk5T9x
+DY5sN/GC9yPeAdTiFbZQ0xm2GGA9J/utE+H3iudyQjTDApTbvOr5eGJcDYAzbaFM
+7GzD0C5RAxXvBghi51i9zUCs/VflTGXt1aBa0Mm+8Z7/CH+WZyaW/fh0O09fPDOv
+x5VA8VX1Y9jCiCC/gBzxD1eJryuyQe2wXhIw+AMtH+Rrty4ttC/UG874PnS2PmkS
+rUhoSUDKloE83LQNCK5Oxp74l3eancMz2hMoWvaqU7K6fd6cs0EVUG8M8EGRc4LU
+VW9PGHRoY1xvvZodfrIU/UK1iJKx6/Ofb/bpaqn7gL4MMDpRdkmZ/I/+TPQJWhj6
+/OJHCka2VaeiiOnVclTFOJd0P94O0AjVb2nmIMYn0K8mjszI+mBPo4MKJX86fDxu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem
deleted file mode 100644
index df2bc3c515..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem
+++ /dev/null
@@ -1,124 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIDZjCCAs+gAwIBAgIBEzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1VzZXIgTm90aWNlIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKCz6DLhyX/EGx3xwNiwBuBXrfpuLfLcaPz4q3aq3BiiJS+f2vwk
-WI3BqpDluVEq7FW5zE6ATQc/K7hIiuRCHCD5ErXMnYb70mtz8xeVjU97316FzK/z
-eQYQMIIpb2JJ4JEU/ZyVNX5NW3W8tjAhuvEp+4brMLxyCM+xmA+S751zAgMBAAGj
-ggFUMIIBUDAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4E
-FgQUQFe42RtzGbaxdkQ6QallbyGIuDAwDgYDVR0PAQH/BAQDAgTwMIH9BgNVHSAE
-gfUwgfIweAYKYIZIAWUDAgEwATBqMGgGCCsGAQUFBwICMFwaWnExOiAgVGhpcyBp
-cyB0aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgMS4gIFRoaXMgY2VydGlm
-aWNhdGUgaXMgZm9yIHRlc3QgcHVycG9zZXMgb25seTB2BgpghkgBZQMCATACMGgw
-ZgYIKwYBBQUHAgIwWhpYcTI6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
-IHF1YWxpZmllciAyLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgbm90IGJlIGRp
-c3BsYXllZDANBgkqhkiG9w0BAQUFAAOBgQCrY2KIowGX/5zlQBKmdhF8WiCRnHfd
-VuzeXhc6C3G4YPpYBWQrnhxO88VH8QbvJefBpvRKIYsxu/tyihlkw2Vy5eztflUq
-Jkj5YbDicL/7U3VKfjfp3sW6ZBgqKKLQY2eDHtYup9wBzB/qzny9xfuVIlQQ+ihR
-vMKO1iVYGVLxPg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem
new file mode 100644
index 0000000000..73a6a65652
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 56 DB 55 2B B8 5D 42 93 15 32 4E D9 4C 09 91 F5 56 A1 05 EE 
+    friendlyName: User Notice Qualifier Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIEdTCCA12gAwIBAgIBEzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytVc2Vy
+IE5vdGljZSBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE2MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulbeEb7O7vcRacycC6/ainA+gXxpoasZ
+XBUoU+G+eo5d5yCnsyZ9FSguMM3v3bqc2THkHxZq3/9c9/MCwBEai70AQwS6Etvz
+GGIGk7MAw5c8gWi8smIHMMPY1Zqc6nQjFr1qxk/Bj/nWUKeqMhCWs6S69Q1IsmKN
+uwLYO7/DjcKwc9jgiUXVTcNCnkbzUIdjBM47jsyXrpMwP47D3dMYTA9bzBjKj/fN
+IFS3gLv4JqTu755LxVBjjjpg7Kt8EMXDSrNci5ZyViGdfitwd+F3MU0Q1Q/fnadi
+QpoASYBVHDx0scpwHSt/imQQz02Rfoo5cQ6SS2RVvXhZ6B4YfMm99wIDAQABo4IB
+VDCCAVAwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYE
+FAIO7iA6v+sW5S3aaqon7HTHzsOAMA4GA1UdDwEB/wQEAwIE8DCB/QYDVR0gBIH1
+MIHyMHgGCmCGSAFlAwIBMAEwajBoBggrBgEFBQcCAjBcGlpxMTogIFRoaXMgaXMg
+dGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDEuICBUaGlzIGNlcnRpZmlj
+YXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwdgYKYIZIAWUDAgEwAjBoMGYG
+CCsGAQUFBwICMFoaWHEyOiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBx
+dWFsaWZpZXIgMi4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIG5vdCBiZSBkaXNw
+bGF5ZWQwDQYJKoZIhvcNAQELBQADggEBAEgyglT7PF+xqOPfkWfZD+B87fSODdlO
+5HPCqZySlix3IrkJHL4/acMADY4mY4zP+W8dUawWs/6ud2ECVn2UJLQcpzo9n9yk
+XS96jwdihJG4cgOib7T2PUk0CiGU1kkPBHmUx8oCXqMKF3xSvK80fXZdByxg3o1Z
+2MG0xxqok7SNJ9YhFjMNl5KogfNEiY9tsTzM6zPTVqU0iSUSXCW7PQEPAuBhI+Le
+pWFaEPdjZBN7rRGzK8w8YDCBG5d/O/e91PTMO5NtjmliHkFu8XkGu/WBPHOx9qH+
+IyTErE6J6vUrWZ2ycgmrf8Apd62mBopcR48xY9X3acE7QcdtgEe5/Uk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 56 DB 55 2B B8 5D 42 93 15 32 4E D9 4C 09 91 F5 56 A1 05 EE 
+    friendlyName: User Notice Qualifier Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,52CC6EB1780167AC
+
+DfTgiDoKidNkLpLKZqI1RZv5ox0RsMlMzsbz6x9/7z4wFa11nTLHiUfgSSqT+t1d
+ZUOPtacc1tmR26Ix3BNxguSn/EOGldSaCzUcGRenWm0Negf7i5zPb74q7O4SsQgw
+8PzPAH9uB1wQgGNXXN1MoaZVs/8WU7a12D4NicAcXU5Bw+XR1AqDLz3/fzfGLzM8
+Csm8BXpq1A5JqM7HAfMUHb31+t4Sy026OzHvFVyn+r/sEbJ8pJ1bCbrvVvGorjUg
+Nm9+BcgmB9ani+EepglAS7HOSSZGzi5LSadxfBILVb4dEGkL2skzF6WEm7knZukQ
+Ti4zA8SkwYn/M+ltf06O5ZhL7PMdUA7hAr5YorBu+fbWlGXWyhJxNZcJq/jrkATV
+7pvKw6SfUa9IbIJQyZcbFcuzqPANONGBorpbZyW0u67stUkyTUXct+CEMxSxCRsH
+HAAVFGlK+RILNZ222gdblHappv30BVJstEEey9S+rL9He6tsWUKJ6So6iYeyYONR
+wbQkoBfOwxRm2Ga/7GpUo97dDix6ooFpxVuYatOn0PwJo/N5v/g1Q+dmaFY/BizB
+Couc1V6Dq8GiUwldUhcGEcuzVsTOlYmXqxY5WWFxexsydzyz53WIExsUz7wk+nY/
+jdBhNX3pbZxxxYjJ5HBLK/3lfEWRaK6MXpok+dagIBZJt6y9GnyfIhgzHA75VRi2
+TMI6O5nVyOHLOj32T4nJwe8wdBSW2RmpsZZR8BaUIbHFH75X092XpeQSnnr0QtsJ
+k++uGSSi2LteDB8qwBbAmjgbvWB9DaYD3jRrIEVMt7cDLlk34LEc1q9LX7Uvh8ip
+dNsmzZ7DtrVfToUAFn5HcIj6C2JLGbQ1NFMx0p/ElSfHYX1fXw/KCNzDGhPbBKr2
+/HM5EUeCR0mB9quHbUXiazZpaNys6rIDgNGI/ZY/XWCX0K3g3rvuzAMYbLBSaOIh
+kR0xqzUPOkoYWAeKI7flSJykq8CDh8ULSX4DhiKTZrHpOqFYNVoss5FbgyksmFxz
+1TpgQwzP0lvtu3Iz3xRNvcDAMJeczrRG47a7DcuPq3tMqV1x0XhS6KTyjNtoLCri
+w0m8delonjCInjKees3cIjOb/uiBxjuIzl+R+eFfeion1c0wtyyzu3+/JVV35JTv
+u7abnsrdQr474QcdDau1ghFdJGQK+dMC73a/CBC2Hxj/odTbMZ7pNkx8Td+bSe54
+VBCW2vGug5lDZG1r0y6gG+1kVj9hMgbGBgRUaNPVUjvh7VDJ51JAM3U3HBTtd0Y3
+wtgYcbV6pjleZ/Ym4YNHGWEPZp9aEjUMcsq6rKXrESI3bffvx51v0XBLua2c7lqA
+ApUNpRR2tm80XJQfoT2YVunD3Ccn/AveY6wConBcZyqv1N1YxtP7122/3CcduQic
+LPdEJHbkuRE3Kb8UQAgDahK82juPno5L5ZqhmJXIXC83Jtq+5AE/2d2ZsRS12JWN
+Cv8GUsAJbvwi9eYzD2PGEsgzL4Kx5uc+fOEX/hb+7c4hqK36RzPeMsPnJy6qg8iR
+jykMhKeQTeybGkNvKzrDfaHTAJdb0L7CmWasLY0OxtQd+HP/yYjVaw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem
deleted file mode 100644
index de751b01b9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem
+++ /dev/null
@@ -1,121 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIC4zCCAkygAwIBAgIBFDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1VzZXIgTm90aWNlIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALG5QbkrUYEf/BsUOmiq+gmSjIMtxbiVJ8G4i1XsVOAFNuJhfPyL
-nhsnhig2d+tp2aJHFnDfMbvmjdmCtwPwqrcuxVO5PhjkLyfFo9Pt7zNCF5xtCkLK
-P7LCEtvtBt5jXh7REsOPlQzQkxng4SxG6VdndW1ZiNAJIDAsONONmetRAgMBAAGj
-gdIwgc8wHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FM7tf43yWQflUjDL35BzbeLwWXDAMA4GA1UdDwEB/wQEAwIE8DB9BgNVHSAEdjB0
-MHIGBFUdIAAwajBoBggrBgEFBQcCAjBcGlpxMzogIFRoaXMgaXMgdGhlIHVzZXIg
-bm90aWNlIGZyb20gcXVhbGlmaWVyIDMuICBUaGlzIGNlcnRpZmljYXRlIGlzIGZv
-ciB0ZXN0IHB1cnBvc2VzIG9ubHkwDQYJKoZIhvcNAQEFBQADgYEAPium8qIa/cDO
-l7vNWoULaBGP7Z9XxxEyexzl2Y83xGab/xw+KGtbV+6+GiGhCw4qpn7XLidQQ6Xn
-t7D2vKo+KoLg3BAdbt/azb3wf5tYakf//0bv4xQZ7ANzWxxH0gP5VdHaRIcfKXXR
-3kHnu/lecCM8V+F9V8pEU8K3zREtp/8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem
new file mode 100644
index 0000000000..922eb98ee6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 61 F7 C9 40 D2 DD ED DC 92 F4 8B CE 0C 2E D8 41 4E D3 D8 12 
+    friendlyName: User Notice Qualifier Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIID8jCCAtqgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytVc2Vy
+IE5vdGljZSBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE3MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgx/GESPgx+f2iTkGzayiIzcQFdPHoke
+X5w5e985q9OYBAGQR8L3z1N5pzoNK7KdyuLfTH/5ymU9F/TAfMjzVejFuojT0kkM
+YKn0WhTpc7lL43DesIDLfpmVxNseL/AfP52wP5KWfzLPeS12xOwVkkYYk+rXBCsy
+4Wajt7CR/OgYVVZqr+l4eoMZXC8QkbRzpqYMRsPDLDDjWM8TrdJWOcm3fS33pgTA
+IYaihsgfIPRAMV6xbTi970Z5nqjWQuQ1KzdvUe9FUfGNeUDybmOJSIVzQjbNpTQs
+rWQYzW9BcSlCjiGCDi01O8tur062uk7V6vtxQU+LDl2vW+etQZx07QIDAQABo4HS
+MIHPMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBT+
+LIExXNIznYNgktX0s3YpDGcmLTAOBgNVHQ8BAf8EBAMCBPAwfQYDVR0gBHYwdDBy
+BgRVHSAAMGowaAYIKwYBBQUHAgIwXBpacTM6ICBUaGlzIGlzIHRoZSB1c2VyIG5v
+dGljZSBmcm9tIHF1YWxpZmllciAzLiAgVGhpcyBjZXJ0aWZpY2F0ZSBpcyBmb3Ig
+dGVzdCBwdXJwb3NlcyBvbmx5MA0GCSqGSIb3DQEBCwUAA4IBAQBfBRO7j1sk6/+/
+03HPnqa/E694vMdtGy/K/d8K3mdRuPTcxNcT2gW9VnVyQ8rKwrtZn0oWjehifnvz
+5DJCIrE8Qf03kY1rbCkcDsQ981Lbg4t11pzBqGARFVrAfzzeiKY1Q9EA7QPbpYvB
+RANQsSXkCSjE3BPvHdz/1ZZeP+kvzNSb+vrXOs0MXA5eAmz6Or9bOak+XOUDZS8l
+CrmEI6GRG8Coe8zy4YAbPy7uO7Zdvd+uQSEGDlwCDCtqQP0H2uWmNCstdAZHoJbi
+RevpMviFe7MFOtYgpJhEwgmK3wNLDcaPgznv5qCuH378n6gXL5Kv0ehBd9LcWPv4
+jZua3QQF
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 F7 C9 40 D2 DD ED DC 92 F4 8B CE 0C 2E D8 41 4E D3 D8 12 
+    friendlyName: User Notice Qualifier Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A67EF457602F9DB
+
+YagNBodo9QwnNc4gfwb3EiAHA7kg0zFRJCM2wV4Xy4HGMW4BknPDqBaFCui/iSm0
+4W7Y+LXHRLIzwUWy7xZdu1LfEIG3AHnz1Ben7VBNDLSJtbslPR6N0XC1T2Jh/InA
+WAvmGCmFny4DUGWcILjYJ5lUEistzxoBOF3v1+/5FEN9WpgBRmdvwLLl3cjkxZIk
+fTUYFZdE9vvxdAKs+ErnlRC9xM5xoNw9IN+swqsaGLq+05iUuQFIWSGptmzKbIy9
+RdhShNpCkgfB1hoBsv7mm0ivnjmLP3hx3QoVkP6KaYHtk0R5O9HnV6sgtUmm2evV
+qzPUvTFHu1+Awaf2m/ZAtOxQnlG0jm+SARSywwllRpeZaCHTWlYMMytIgN1qAcrH
+N9XesNJLohjjcF8jJT9Y1TSMR/yBB5CaM24nGdZdod00+Jhmb3M1KRJ52+bopMqx
+CzMu8+yiIk9Jc0gIekOdVhZUaD1mgEovibqlcWIahBfGC2LCU8AC1oczEEB0+dD1
+G3IYIiQtyShDvwhbqSdArmSQ6W4XJLxTVuHut1e0bzbtkRy6IF9eHBv0bfOYoX4r
+OMQH1l5B+Q8XYbDUi1ZXUYqKHEdrowsB3GpyKpideq2LtYx3hJ2+U2DAfaY2BGGg
+2bInIS39NdPqI4d1rCgC85iRg6N2bAqgW0Ack4yjc8orDj0KXZ5ZAjaomWPTRvdp
+Qt34gumzSeoE9shupaYfY2Y9Qwgh2os56ucjkhqanjSAGtkym8jftNsCjouAXVSx
+5kM7xAADzLtti1IMXuh/QZKtkzMjGRg6QxD+kqDQNArEZAr3Lpx4owOqWFjcfuBG
+p49iKbe5kTWITCAjytUOLXjkCsUjEYg+qfBJBAF6kqNZddL5trp3Rp5PF2IGU58n
+YIjE6JUOlWbsM/n0NML8q0s6x2HFn70bq+XHkSZq9UxQxW1Jy/VX2hqoEBXenZgm
+HDXM/gu928PSw3enWdRfpP/V0vIYnrSsO82rFhQd+sob62+ZXUSsQ1IPYThQCKXP
+200mOAw3vgIRYElLB8QxdQX9zZTaUvck+onF/vsUhUjnpfwNHEZsBFTnFRXaxT1g
+pGw4aItY18x7z+m2uRrFdnWZx4JIcYVhO+bWa7GT5eFEwycgmHX6e0UNIB/UG1zq
+biKcKw5g79ONR3iouXvQBRR+GIdGuYQ932TX1leYu335rER+lZuuwKJM/ZFI2kjY
+bpCIWbS6cIPiowH+yp/VqYX2q5lG7vIRVYa4P3t0kE+ylxEjKbzI1EJLJuwdiMuy
+2GEv1RsubsD0uEmJ4nyOw70AGTrLSIyyZyp6if3ivIntUy0V+rSozgWsfe3P2hit
+l3ZR/qzemIiQLLRs8Hm688CC9C4n+MAv6C68/cy5GZjNAVVTJpjh6BoP/GjC227s
+RcPwKbH4qc4xgCZG5gfIC9hRNj+ZInYjzKOUZNjBqWqlAdGpNrb8DlJ+FVJv1P4A
+Crvp5JaVOelF5Vm5zhKae2/CQSgojrS7HAIAf+ERbfZu4v8EnGxNjQJTJ3G9nnbG
+Z6R5twYPiCFR8ec8qbVO4X4xRObYcX9nL7ORNWaS/dguJLShLlaHvw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem
deleted file mode 100644
index 177e92ffad..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIIDxTCCAy6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBO
-b3RpY2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxODCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAxkN3itGxxUqfb6j8AgRX2jxaI/oIBzr2RuZsAfon
-x/XVoUmmiSxWDooZhr/PlfubyixNG5VJX2K/ukJ6gfIGMXCAqunKm8/9bXgzZB3T
-i2oIgAy6WnRwKE0cgbedH6fY003jwsQNDt/HilRB+atbEJ/engTxLOIpwBcsN1qj
-rg0CAwEAAaOCAaswggGnMB8GA1UdIwQYMBaAFADjZemB1Ia5xx3n8zM5Bl5MEaX5
-MB0GA1UdDgQWBBT8A5L4pL/8ywpme6U8lushm7qgwzAOBgNVHQ8BAf8EBAMCBPAw
-ggFTBgNVHSAEggFKMIIBRjCBnQYKYIZIAWUDAgEwATCBjjCBiwYIKwYBBQUHAgIw
-fxp9cTQ6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmllciA0
-IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTEuICBUaGlzIGNlcnRp
-ZmljYXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwgaMGBFUdIAAwgZowgZcG
-CCsGAQUFBwICMIGKGoGHcTU6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
-IHF1YWxpZmllciA1IGFzc29jaWF0ZWQgd2l0aCBhbnlQb2xpY3kuICBUaGlzIHVz
-ZXIgbm90aWNlIHNob3VsZCBiZSBhc3NvY2lhdGVkIHdpdGggTklTVC10ZXN0LXBv
-bGljeS0yMA0GCSqGSIb3DQEBBQUAA4GBAGFe+mIs7y5351adHxETDUI8/Oki9cBU
-9ShrYKlpGJn8K0ST8XCe3FhVI/EMMxPJ7a7cYnl/7VQjyrFH9ulMmB3zoFiwbijM
-hfv2DyMPMTMB1pN57MpoBl7NEV0ze1I/u0CKcemqthj2jynTljGeLyJOCAd2Oat/
-J0ohqgkjwhfW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem
new file mode 100644
index 0000000000..830f8256e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem
@@ -0,0 +1,67 @@
+Bag Attributes
+    localKeyID: 0A 9B 11 2B C6 B2 2D D5 47 CD 92 4C F1 22 3B 00 9F 2B 67 E2 
+    friendlyName: User Notice Qualifier Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIE1DCCA7ygAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNV
+BAMTK1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTgw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC88AhCshO70EgmfJ0LoJAP
+aEyUfJHUOk0+uSHgQxC+TXR4NZUZYKNeGwc97Cn80E3uoygIUKpOIoZLOmA4Xw5E
+ZA9fZNmmT7cIzAjDXUJv6Oy03LcQ+2KNFRUIQ5d5y2e/InkkZjJNVqVxcpt8DdJg
+VknMuYUk5kqD/uf+L8t4C57iEj0KlBQMgsXGa4vNVpc4dI9irDlTQVCPZofSchFk
+5Ek41YVy+wDxDHW59/Opqr7VfXJOmFN0BxZ6NTW3VmXS4wWMV7ZTdi/YMVJVb/b5
+0uCCk/JXtFGHlVz454T++Decj9xf6bFyCzNGJXzf0WMtSyuXVqT1jWsCo/hGzo8L
+AgMBAAGjggGrMIIBpzAfBgNVHSMEGDAWgBTYXzXimsE3KibOg8xzDnAVKjriMTAd
+BgNVHQ4EFgQU4DsI8hwak6jmjAEqCXZrCm8FaHEwDgYDVR0PAQH/BAQDAgTwMIIB
+UwYDVR0gBIIBSjCCAUYwgZ0GCmCGSAFlAwIBMAEwgY4wgYsGCCsGAQUFBwICMH8a
+fXE0OiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgNCBh
+c3NvY2lhdGVkIHdpdGggTklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyBjZXJ0aWZp
+Y2F0ZSBpcyBmb3IgdGVzdCBwdXJwb3NlcyBvbmx5MIGjBgRVHSAAMIGaMIGXBggr
+BgEFBQcCAjCBihqBh3E1OiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBx
+dWFsaWZpZXIgNSBhc3NvY2lhdGVkIHdpdGggYW55UG9saWN5LiAgVGhpcyB1c2Vy
+IG5vdGljZSBzaG91bGQgYmUgYXNzb2NpYXRlZCB3aXRoIE5JU1QtdGVzdC1wb2xp
+Y3ktMjANBgkqhkiG9w0BAQsFAAOCAQEAfxyDNghdSbzgxj/mObFvvEknTx5cjRIo
+L+CbP8ccGGrcfwJcbNEcZwlkzOSomEjsoROw4XPq6deZDC+x9McnYKYHwt78coSv
+urgue6YqvDga1785BozPcJqN9iTK8babcOeWno7ZPRbUEqNFfpesSfUtRjBoFh4G
++YrgneWORnvSZFS3Cz4X0h3yei0ZMNdPK/Zkt35QymLrPxr9rAIzOewaXOH32+x7
+bPgue6FhSz4na9iJQozynEsP1HSKRQdvm2E12ZYrE59hG7p2bqV/pUQSR8hZNnJZ
+IUC2I3sFck92TKZsdnYQHv3NuCl758S7O3cXnF436gqP31KGAzgcVA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A 9B 11 2B C6 B2 2D D5 47 CD 92 4C F1 22 3B 00 9F 2B 67 E2 
+    friendlyName: User Notice Qualifier Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B169BC8A27090A09
+
+znObGOy88Wfiu93UwhsYd3AH+KGrQzgcBvYNPNOzfdEN9SppYTeU6xuQCAJBe1Y+
+7428CPV/WM0Uf9X/ryEypZ20LA9dabDi19DZzGX4CHqIJBO4EHLepdA/yLkIHXo1
+1n80VaCTiFjSUxorJiMWBLVN+vNhZkuj2bZTpigTHlsrxrvbsGpHJwPuXNJwFXGg
+YKUZ8zgSAUwduMTv9RP2q85zGz0G7jbINmxBP+tImdi1m/I6+du3N3D8OD9gm2ZM
+Wc7GuRYpIweH+grva5lTHqJ6ndwxWvr6L5PoqdyU2MPBMKmtdiEVZKx/jysglBmO
+hSXm4ZQPzQ9gzxzxJImAYAv69wR17Lyd+wvBUdiuq0JB1GNJVo11HxKDzrq5shmE
+BAAFf+cgTU4pK1jlyKPWQ5uphKDjHXZPGarIXoN+zpZl2UAHWH6EUis+Zex/boAA
+8/orX9GYbMzvL7rGv1qWDeh95iBEY9JmoHmBiIbr3f+pmA/Wmk1x647/ylSMAjGM
+GCy4ynca0+o6TKvKrhXe3iZXB19ngSTJLW4+1m7J2kliyl3D9Emqv66vlOyBgBya
+ZXtfM0qQeROjdqrvjLMcnQqScgEQc32D1yWgEAown8z1xstqrR8mvLAK0VNowKZB
++9VhTXfzdamNC+F82YuinJzV2rDM47gZYHdWMEo3v5wahuQMQe7gRCkiDhYA0Y6e
+NH2S0ZdArCCeSav2pBaECBg06ML6JJ9U1z6gZmFYsX1tCirzxelPHefHhMegYRpe
+36JbnYsICtfc0a3fDdfJfI8V1jNHpxM70Je2mIlpT04i+b7pEJZWM8CsbQ1Iqkro
+k05o4WqehI6hGako97XdlZwXLnGDHNqY8fD+LPtK2EznHzPwaV9gIxdFhzSrp3cH
+wdXfGb7wyZTfcg9hr57zN08GrkEpj7b4sOife/bq9y4Vpqpow9TOKaEOv33p54xx
+xfZDK84k+F0cInPwpoGGGUc3JYqnqCXsIsi4UWgG+cyGwFlyv0TOhFQJzFu+haSh
+d/xhhAn9uDbL2Y1QoX+ep43BUi6nGbPYytMxPpFvK/zeZnMVuDYFH+uaGa2yhlj+
+LsWLYFi8FLBElHaNxFKBV9KespbFj0c/rHlYb4W1Ai3yya9NdaEZC3dpNunVNBrD
+e1weVMs5rb8Evff50PjFIpIK4Uv1h9EtzA//APUtT99AKexVF+bDrIIUKjZd3ubF
+8mnOrxI4m9Sl+o6HQI94igfG1f2Y/TBhSrnIWNQ/IgLHm9dCT/QRNv2rkAQSrDbN
+JkJx7Rz22VYZMHqnwhoq7U6MdofOHUlPsaLm3yc7Kmq0Xpd7ntyjDJheo67QLeh9
+YkPwoFar/LQ8934StLWj5/ZseauC9xdNdjfALJiNm5CTZ5n9x65oB4SsT+UkQczR
+pQEiVTJITBCUBrcoBQEwyrx80LdmjO0lyYtm/kLo3+82FHNkjWKGGBK60npBcjmT
+70qB7qmiWITmxZqSUwdp27hF5g+izXOGZwB90dopk588owoz13T4FjxRbSeWKAvE
+JA9rATNY32V9uY8wsAxxzKF7AfKKN3B4akAgSvYlnFsOlW0kU3j2rw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem
deleted file mode 100644
index cdfe8367ae..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem
+++ /dev/null
@@ -1,64 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIID3DCCA0WgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBOb3Rp
-Y2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxOTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAmkrJdJV6KkYpFv+9djQ5ybyWHKyjUB8Km9OL5bgATpab
-SN8gXK6Jd/EmkSQLM58dolce8oaizez9cBhO/myxYLK4WQGi/eR1zCWhOYz75f/o
-+MUwF1WFbuHvk7JcW6/0e7tI3sxdgtz2k8JDvyDZ6CH3Hb678ZfrlMMuCODEw1sC
-AwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0G
-A1UdDgQWBBR2o4bo1PW8nDTv5jAQJQYPDPfgtTAOBgNVHQ8BAf8EBAMCBPAwggFt
-BgNVHSAEggFkMIIBYDCCAVwGCmCGSAFlAwIBMAEwggFMMIIBSAYIKwYBBQUHAgIw
-ggE6GoIBNnE2OiAgU2VjdGlvbiA0LjIuMS41IG9mIFJGQyAzMjgwIHN0YXRlcyB0
-aGUgbWF4aW11bSBzaXplIG9mIGV4cGxpY2l0VGV4dCBpcyAyMDAgY2hhcmFjdGVy
-cywgYnV0IHdhcm5zIHRoYXQgc29tZSBub24tY29uZm9ybWluZyBDQXMgZXhjZWVk
-IHRoaXMgbGltaXQuICBUaHVzIFJGQyAzMjgwIHN0YXRlcyB0aGF0IGNlcnRpZmlj
-YXRlIHVzZXJzIFNIT1VMRCBncmFjZWZ1bGx5IGhhbmRsZSBleHBsaWNpdFRleHQg
-d2l0aCBtb3JlIHRoYW4gMjAwIGNoYXJhY3RlcnMuICBUaGlzIGV4cGxpY2l0VGV4
-dCBpcyBvdmVyIDIwMCBjaGFyYWN0ZXJzIGxvbmcwDQYJKoZIhvcNAQEFBQADgYEA
-J8J9A+SBJzSCvCFxcnWEMXbjUkKjp4BAEhkrRH5llfYFIwM5+QAqZTFKTvP5mhTj
-eeMD/sF7Ej90V/1wRzadHnmhXe3WRwe09BUVM4Aa4b+/th9PihRNvI7x10+mAuMD
-39/vWkwe5e0DTYQwe0t+8fHohmDgmJ6JkOiccJl0auE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem
new file mode 100644
index 0000000000..b501dcb4b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem
@@ -0,0 +1,68 @@
+Bag Attributes
+    localKeyID: 39 AE 3C 3A 63 6D BC 12 05 93 3D 33 81 F4 02 28 5A 6E CE A9 
+    friendlyName: User Notice Qualifier Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIE6zCCA9OgAwIBAgIBKTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNVBAMT
+K1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3E/MPmQrWuB1FwiUdy39Yth3/
+GCiDQBK1HGlJRkREfH5qLLXoXoXkdTfKoKMz7jetlTwfqh61oQcAGrUxJ+1uXFFo
+Z7rx39ZJy5WHoqh+/0KVFwVHzZlDjx6hRdDAV2wSH3CQA66JeGm6C/Q6seIPhXcs
+5NiM/7x1f+gaA6OKQbFyPhErhvwt6T3MiJgdnATXneT285aE9ERxGxq6pMqLTwCH
+7vnlDNq+86cr7qXwRxqgnrSyKZnd02g2aVRbQQbDe8GYJvn7FeJUruq33nGjYoUu
+cq8taqkWaVEvlAc6rNHjXP9bFUC37Dt/q05ODc7g0vHQvkgVKkcLvIor8GFJAgMB
+AAGjggHFMIIBwTAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNV
+HQ4EFgQUDU0KkzuR4M/gJ9ceN1sBfgKd6ZswDgYDVR0PAQH/BAQDAgTwMIIBbQYD
+VR0gBIIBZDCCAWAwggFcBgpghkgBZQMCATABMIIBTDCCAUgGCCsGAQUFBwICMIIB
+OhqCATZxNjogIFNlY3Rpb24gNC4yLjEuNSBvZiBSRkMgMzI4MCBzdGF0ZXMgdGhl
+IG1heGltdW0gc2l6ZSBvZiBleHBsaWNpdFRleHQgaXMgMjAwIGNoYXJhY3RlcnMs
+IGJ1dCB3YXJucyB0aGF0IHNvbWUgbm9uLWNvbmZvcm1pbmcgQ0FzIGV4Y2VlZCB0
+aGlzIGxpbWl0LiAgVGh1cyBSRkMgMzI4MCBzdGF0ZXMgdGhhdCBjZXJ0aWZpY2F0
+ZSB1c2VycyBTSE9VTEQgZ3JhY2VmdWxseSBoYW5kbGUgZXhwbGljaXRUZXh0IHdp
+dGggbW9yZSB0aGFuIDIwMCBjaGFyYWN0ZXJzLiAgVGhpcyBleHBsaWNpdFRleHQg
+aXMgb3ZlciAyMDAgY2hhcmFjdGVycyBsb25nMA0GCSqGSIb3DQEBCwUAA4IBAQBr
+LA2+uQdk+39kZyVEG4nvYUgMB+UvSTIYiXq7j451qekOwMNV735tLSqtWCzrSGVY
+rZ1tGVgnTBTf5LqcDa+lPVLEGeV1hUx2DnchGWPz8WZLtJXK6jVkG4wZlTx/xRR5
+miliPtgwpdkYsUf9H9MVUmMpawPvf5s3ZNubE4dQxjwN5vN5xemuDrbcOyGYUkDs
++xLxGrkGvdikgVOUIRXP4u0Erh9uTXXwu/ZQK6ygsAYTSO6XmKIzTJUEjeBxzpaP
+C/nEmljPBlHb680hA2nneeW/2HN+hmPpm0S9uDvwcIMNQc0c3q18lDNrhALaJQ1Q
+8NBTUeL4fQnsCosYSygC
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 39 AE 3C 3A 63 6D BC 12 05 93 3D 33 81 F4 02 28 5A 6E CE A9 
+    friendlyName: User Notice Qualifier Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16DBFEB38621F5C9
+
+bVgYG5xc+ER90RYRsDzgsa6txA1tgWk9xDWRusQk+tXyX+N/YyM74LR8Ixi7QaOa
+6JDH0JT8Zk1/ce3DBF0nVyKO30DcZ4pR1xbMPDCGDzS8DRD6JvaT2Eqf/CcpWIU7
+auO5iDT9UG31l9BgzXY81dZIxoUok+keIa3iYaNIwQu6TlZHbig4tlrAg9mfOUSK
+ETWopUIl+uJ0XLc2IVU+AlwJstr8csTkJWsvCKbTo0wEDgogTujYBTo6jwb9giNv
+VziqTQVrzqKajetKvC6wgGsw8tlhYsC5m+O5mik6/dh5R9B/gyNYJhE4DUswY1Xz
+153YejisupKdLkXGGRXIgBlRQs3EhKWmjw+kZqZWcWEFmSl6tpO2IFXO0cCZO+Z6
+y82Vy9HKFewUvhPN47JW3Q4Bskk9AWKaY+A08lJgxSpp2DD6Uw1x734ln8MJHSeC
+0KoOpPjWXxPCtixmqujaYyjfC9IkG0WByXdLONkonnsnp7/L9kyNEOJKqQFms2h0
+St5CLRQfgJ3vQGFQbLbg6JhX6pTSWu5wTMMdyB27lW/n8vZrb8NZTDSQjSWGOWnL
+91dTxzF02aGy5qh03FfX0FMgR692Ne09COm2uE3kcDeC61qeSxgGvGtNWfAMmnt8
+MA+ysbtJr36RfWay0IVYRQ2y/obuFU3dDxEW2GgGztqaN4U1BKfB5E8cbfQXtZy9
+fhTKbP4swQwiy3tTZnUoy8mN5R1KXEvZGB85o4IBBn5oR9HLbLSs8XEeCUES0ea1
+Akb8mfyH3puOVKNY1Hq2CNFdLtdLQvtLuT22q//fbcc/h11TJ3FRBywchUf6eh/A
+hYaHbALcxDCCjiWD6wjfaS/7iwQckIplhOYI29yZoDAPuz5V/4Y2bgjAk2T5d7KL
+ldl4SDSuD/7Mbrt7ZnDECQtyy540fGQnTUZIz2xkvXzKOcs/xj3Gadfl7zaCmrp2
+hv6S2/Mh0rUFmJD3wWM9Karbe3otQvUFwaLQ0NU7IoSa2pOxiGb60lNO1TQo5IBB
+ArUfLXiNmNEhn3I0hO3gJ497KjlcERC1HYfRhCDT+x7GMu9QoH982c3Nt64beGZ2
+53tiiQGZ4Df7/RNKvVvEmzLXTjhajoOLuEcqUD5sH1bWdHBz6pCruA+B8p9+izc0
+fzn1wJNNWCm0hEQl+XCloQVLk9UEvIJFB1hGIjffrAln2BNWVYK/TjKaogns66OV
+QeRf4Hff/ir6cEVukN3Eey1fzQ3Zob+pfUuabnuCMeT+v7bjGpiPJSjGpWpbVwOL
+NOozlqKsIM2285BJ9CBnva63lOEpTmaiE1QU8gFbjbGfXIZyh1tZ18jVep1RD0zE
+aJT0l3Vj6bj/0a3zpeEXV78tlcykbFm8DoyBvXWbF+rpFIwxEAiDpYeflGYlxYl4
+iRNrhz/fEnUe1/B2P0+knQzNi6rBPbo2OOMA6+zj2hN0wB+c3zFpyAbc5xVRiD7k
+PZEOQ3WDHzowaS62Dsgj3hC/wvQbmZwFRL6VXIvKl1yEgdjFu/Q7Fh4w2ojgsZrF
+sZuTwYIUNh6aLCn4yIOQmet6tINdQk97DpmifjLHIz1Ji18aoTa3SckbgvZl4UUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem
deleted file mode 100644
index a97ce07ad0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued CRL Signing Key EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFFMEMGA1UEAxM8VmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25p
-bmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQC99k/Db5BB/DrP9cxgHHm842L/I4al7GOXLq3eb2h8ego1QdJ9IsNb
-ExIULQIAAGVlTriZ118rlLqlVxj05ehWT5HaDh0ygcNDziiUc4NoLYqE7Vh+wK6V
-z29q5vKajywEjZ0mAsvkfQvi1aBL9DB28K87sCS7xIEAf3zu7znQGwIDAQABo2sw
-aTAfBgNVHSMEGDAWgBRJyfy3AzxnbQoAk6nk1qUekh+1ETAdBgNVHQ4EFgQUNe4s
-lmPDT3wyx9zkVIWEuwRUL10wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAtn7y8N9W/74qmny6jUyLJcq4P
-ni0IjpLLS1hl4RYbKPyeekw3t2Lbuk7jdg9LP2GTY68plnzvHyqcKa0IL+gWvk7j
-6g1SHNMi2utPONRFStefcOubKxjT4c/HZHcPjYVBrmnssH4wzOi8bd8MQ8ZfdQLO
-l3ADkB1F2GjjIofr1A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem
new file mode 100644
index 0000000000..7fe42dcdd0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 34 20 4D 89 51 7B 54 0C 6B 1A 52 FD 0D 72 D3 21 9F 58 87 FF 
+    friendlyName: Valid Basic Self-Issued CRL Signing Key Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued CRL Signing Key EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRTBDBgNVBAMTPFZhbGlkIEJhc2ljIFNlbGYtSXNzdWVk
+IENSTCBTaWduaW5nIEtleSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAND3qOzfoU+xaDx00z/q4nNVyzqNAr1QNbHd
+2Vr3Ny+UIQiQMN6wUgDa5fYlxpAYH3HyHYFGqsJZYqAEi+QOnW55ed5U6fgkuMIT
+n/cmHWrhrWxpkGeg9taQHF7JLv7rOQ7hJFwCpAGMIO8AcI4RT6uLFw4oJWlSFUNT
+U/Nuz3tll9cnN+Yka58LJz7MH8JpKiyKnu5k8rKb1BD31rds5RQtUfj/GGGz771W
+JFuJjDKN1UcL/EOAllJIfw4vmtjG3KwiR0xszG6xoQygEVKwr3eUE4GF7f2KKear
+EXZl2NutzBQqdY8sKD9K4P204/U165InI066R+fyI5qUg/JGQvECAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUKZpFLjaVnezyXlScE9XZ9kSRLBMwHQYDVR0OBBYEFDK9sG1g
+aWR2H3k1G4/tOHKlv+89MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACfVwWYG76TXRNenzqpOIJ2KRon5
+yMuzHhx7VEYiqjshbtUhBPf5P0WaidDatxO7aRV5F+UW36ZN40ToCkhigxFOaXR6
+lIATMJfqZ0yAP7FDwYzFJGmUO9m+FrZD/rge5aowjbWOuwnKTsjlu6IEz6j/v+cU
+4yO9xT8GgIs4HMagJ/e9qTAI9BhGpQqrkQUmuk8lEdzifR+f7jXLT7uPN1+GWL8n
+sY4eYTT1Saw4mhUFj21AOPwYtr4Bzb6IEEgJ3rU8y0vu0oTU4+e0i9+u0RbQAPWr
+zCY76nRguTsIVvPx/NhrJc8HvBij15cNTdYnWsQLSLGRkZkWV0fE4LtZpVU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 34 20 4D 89 51 7B 54 0C 6B 1A 52 FD 0D 72 D3 21 9F 58 87 FF 
+    friendlyName: Valid Basic Self-Issued CRL Signing Key Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0494381DE63BBE79
+
+IudZ0o8BDzB7EEI1+uMk1VOVrcBmrKfMlt3ce2aPGA0l02hF/YsuV3PEs/+8yWqL
+ZBPy+WHS7wc35VWrC1RssivAei/Ie7W4UM0SAKrZRrKUDkCURB90+jT2iZfa2XzP
+nMNeBMcg/27buoq3BJu/zyVU1wRmy8/+vpzu2tbOdND0d3qPGZ399gAGpF8Q8dbG
+3jUCINKvdDIpYeWkN4eKvCSRrcH+POqEpY80pWIBucRPUXk6X8UPgvrGrv6DGrQ7
+V8a2/mz2NTYmUSNJVAn3vVwg78v6YMHvD1tbMx2tb1kKcb4CSCQEvPY+jpBkg1Ab
+YQ3xt300Kg/JMRFRqOFBem7wH0p6E5veL2u4JuR/L3fJAQEwlXYC6VmKQ1HR7foz
+qpmBxmE8/BTzhE0kBjy3nh6VDMW5Q0I0RBu9tRPV5jpPvbTBpF7hle1CT1oiUf3N
+dylp1Oy0oq75nijtLbstgJRoGp8tw+lTR0P9T5zQPU/nR2aFT8nv4H9KgmJdehEc
+sCDvDWWXg5R2pK2hsjGGa6RNomM0KjH4CTnrZXA2qK8v0LO8eVhcY8wsmEhJBzPm
+H/ZtOGzh6uYuTD4yWa3Dl9ZjpQEIPbXhOP4V9aBrtEtpJ4IAdHTz8xawZF0pucy8
+C49a5XJ8bvTC4Sa5PqOqGOSHm+ylrxtqPnHgStDvr3eRo1dxNMUJ4vuCx6x2s7wc
+Bsrj9fwpdiqWKbwcLphJU+9WfkMBrZdSRvo+d697ilJqwvvvjgihlXucinB4gj13
+mvS90wUhIr19cUrJHE2aErLJbFvcnGNITrtDbml5dPZj3FZ4khxTf/d3wQK1l+BI
+h+pci12QVsOiDYncM85H+dz/wSWfpcW2zOka5n6QwKA1BGIF6b4uf6MtwHQp0UOC
+Ih2gCYh7hnCYA0QnF0F1gz4Ty17bRTBvhiHIcZpNKqWUAwbqs7HI1w4WsFMLlpA1
+4Zi4FC/vzUO/AbWq460FqPXAZnzcvxpnQsuCx+kjt7oD351xPbn7XjyjibS1qeDb
+Df0XpuDliV2omg1B1wZN0bf/BvgXpM212oAm65hEEGMIACf5AsJ6v9HSHBKa4zZx
+OGxsgkp2J6l1zdcnuPGdmZrNrR8Go4xAuoa06Z9PlwUak+hh+hWjx3RSBcXde7Tn
+IkiXmT5TnwgJo5GzvZzNnCS9RLmByjISTHvo0G+mcJ2wq5JvMhxrfKBnIFvNebRg
+zGSFtzswIO8NPNhpJd1tFm0fZH71cppWMmaEnAIGK2Vj75/niZqldbCqGkwHMumc
+nS2+eOCDMvNzm63Cata2X5RLozuNJCcuRtPyrbPQ+tBzcruV3AfEoradNGg0Nk3q
+kMbH8lQUpNUehpVBUTi2JgYeczmK7tGzrpar2IuektktzVONkqdy5EsoumaoaP0F
+uAysrVQcX68a+E5IwN0TLz1T/UNLewz6AH95iC09yvpiHiME47ZzVLaOFX+p+V3b
+grd2fvx038AnJXp0McsvRqAp3Ee+oXMIexxiuopm16Jx0N0lg+9tFL84XqESpaRH
+DG+RhhG0qIySIhRc524DIXO//ep4lubujus86NCcb5JaSrp6WCpdNAhCyHDcjohF
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem
deleted file mode 100644
index 1e0db3236e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued New With Old EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBXaXRoIE9sZCBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAln5v
-UhL9o7sN5MyQTZEB3Fhj6lKfzTNHMBCsngHpQqTP8zlmPvaEGpR53N+RNthxaW8K
-XmN4WVFvyXl8eaVl8+U5cewY1K/m/6OqDIZ6kvjXugMkKLbjL7ptsAGx5VoyHs/F
-xy4n0cEOmAXTZ7dbzFqM4xfqJRLqi2CgQUHnb1kCAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUG7qMIYdzBwWY+uu52W9BpEXVhuowHQYDVR0OBBYEFKVAiq/jp5QN4XgK0S+E
-OKaV0NBCMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAIgeBhcCa3jeEq1F6/+iNWMXRVgzyV3vsDielCRFy
-wKdpYGocHPJG59OSZEHCUsdDRF2n3hhGkEILL4huEgX+oiiOhyGM/Xrr+ACuEIaS
-qfs4gBQ/HrYydCxNN4OHOuLoFDmotodh/lvY9igeeaRZ1AFI7AicI0D4CAqXyLcU
-9WI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem
new file mode 100644
index 0000000000..f07496000c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0B 3F DC 89 46 44 62 27 7E D5 64 8E B1 B6 E3 B6 FF A3 1B EE 
+    friendlyName: Valid Basic Self-Issued New With Old Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued New With Old EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBOZXcgV2l0
+aCBPbGQgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCvB9Hx5fpvsmfyxZyAuxLiVbm5ZGySZNIbcBqQlZ4UZ35CG+zq
+H5ViyZ+id9ZDWkQB+RFQB1r93dvpCFiz0wYjRQ1cfxpudCCBQDiVgkTzt4/kD9pc
+iHk9w2ltb3fCqtjXTrLYl25PXXPq4boF10kWnxDvvEaoCl1jZBtEyta9VT3O20wt
+HeTLywU9Byql1qkkUp7fIBj/rgXDuMchFRfcN9C8xD3vSGp0Mn7w3dLkixVtk6fN
+mRgudZ1X4WtAzNJcWUZwzX1oBGMEoZ/p8l64lPuyX1SXtwHIbUkAtKDuUeqDpQa6
+CrtfqP/WfN6I3HCITRvw/K69sGjvXh3Ce9AfAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FIhfvj81OWaa603CJhsmsSontQgqMB0GA1UdDgQWBBQm6qJntGK/v9TM/WTbiNJv
+J4vrFTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQAz4udcgcZWr+2UzCvM8M9LWlJZIcpZTTDMgbIDKhAg
+WPcz7zI9T2gGVKy76yGTGisXSRuVPW/qUz6qSfP4OsKhkinToF2wDU8bYKB01AWe
+8JnTI13ZsOjlfunus1A6KXISn/OefW96YMTB9sloWS6YL2xYhs2tVbzAp7BDThNI
+x588Obo5IhjFuaq+v0J+iYl3guCHzfNMN08mbYomYCwZBYzoB6i/YSjrIhdVp+14
+Bfqb39ZLzdpxubzH2Oie/7PXibacCQo3h6IwxdWh/29vkt9p142MtnszMBUqrTOc
++yRvjXJbpv5rr9EmVaNhhIanrgVHHm7ehOcQZh+XDBFV
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0B 3F DC 89 46 44 62 27 7E D5 64 8E B1 B6 E3 B6 FF A3 1B EE 
+    friendlyName: Valid Basic Self-Issued New With Old Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A9052792081A4191
+
+QhIGxJGXZ5WORB7p/Sv0ohTZAtTuhVVcLmlwz3p81zuk2usweBDNN22OZiFVOUnW
+hJBfYLthgUz5rwmlb1h5rvyOjOqVVUtwE4CdiD4ZFBUWEX0gnMZhG82nDFHRohcT
+BIw7nE4rnXBdn+RuFrKn+fw4+9TcWPCWlKJsyc+M33DP8qzWWL1PRNl/EyhyGiuI
+/sRCpCFPfUI1wBDeWhXpiDIKB1N6OdZHj+gW5kwUMJsDJS1wPT5BpAPdgMi9yebs
+Jn2zW1osO+dYGeT6dHhyVrfd0ryFpSvVmdM4XwrAVysC9nP81woe1OldNtM9vPuM
+XevTzETwZ88U2IUYT514Zch+XGd5QpIfchDxdVlfxkrkrQ2M73UhAXnIDSQInjbg
+iQBmNQTqAbOTK2KlJdRji1iRfofMzWzHuDQcppDVn+5PgvI/bgqA14pZH2E76BGj
+6ev1vBrKS0U5dU3tUJm8lkDJqZF8JUsMnbiLkGv+7R0/iua+9kdwHEECKabTIaqQ
+jnNN1jb74wEjnKdCs2NPrn+I9mWGjwgPKDQdbYgmkliF9381uIDNs6hAi65pMmMQ
+/ubo609SY4JwMBwDdD0GXPbpoHPLKoPQcSqbP3exbU282ZU1RTrhN/xkaqMW26ew
+hb9A9RWskmJhi6QwLW+Yaw3ERyLWKTcv8yQpzynBy8qbPFKAv/0rJ/iQjbliQ9GT
+FxgvqVZ1TNvbKTLK/XB6+7rjtBbrr3FQU5y7tkfqSKi8FRLrTcTjWhn54tPDFHsG
+Hx+XAiE3+wrwx9pD4O9ZL1zMM3NY9paXsePvThxKt0TWCQJZT/dtQJxp574WxrK9
+NKMg3PmzVSja5TIyy0fiCrqHJ5hyusw9DtJuxQryi1G+S+J3jIzK5horevNMuu0Y
+zQmFyUiBpyiziLTVSJC++OkOqosP/6ikxkV6rXBRM5pSjFVsXVHnF5KfSya9XtTt
+kfiERcC3G2xk08ZMnKSPzYl+XDGcjcKzEBJlbjdeW8qMNhEDd1aL/mjlaJzdXYWN
+F24lh8zx8s9P4zPxxIJoq/+6+dP0SRypECTP79sR7ACv10c1FOS3FALaG2qu4gDU
+75ITWrAiHY5JS4IlTIeUoWuMNeV3EEpbAJdiXbY2lG5wvFcWT6DQ1mTD8nk64Uam
+Z01quDB0vKsbia0HwpuoqJT8q6urX2M/y9zwK1snzsXDJ7kP3EyYcJvI0UoKJD4i
+1kzo+dc9brliCNdVJKMEu2YaTB+gh+Bx9Bni/IleE5FkZ7C2gEMykvv7zlKTksSS
+e8d27GEJL6827JjZk4qqoxxzNU0wgxn8gWbQXcMn+X01PsHLUZTVKMPBDRXMNIZZ
+FshWPNbT+kS0t0O9IHWMZbBJP6H9YAKdo/7MyMHXDpoOdQnhGKeI2H5I5nyerqms
+zS7aXIqxNFuGx4Jg2f3+08XNW2bdHtbud7423k0zaPOMf2HDkaGIxtWzkdDBZjTP
+EyD6dXmO0IR/8Bov52Or/0bOuCz8SL0Kdi4mff+0mrb9oe0xbBOQtOx5dTTcZgOu
+Hq//gPWA5Bi8AZV7AHqZPiyht9P+wJWrwKEfr2+jL6PiOIY0DDuGDdKGAIVXtAjm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem
deleted file mode 100644
index dc7432e631..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued New With Old EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBXaXRoIE9sZCBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAogdB
-BnysUr/KTFA61NvJ5idc2kOLUlr2Nyx1WK3KTTQwISpC6JWv5b2oERCJDCL7/3g1
-C3k8J0WWk7CG0T6ydQI7A90xJDYMPGdknO2Sc+8vm/JBnwo5Qgfz2X5Oeo0Bedbz
-IDJHs35fj6KCHCxExaw5BHTbxC2cIu9YU35+KTECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAU+qJque76T8VynXXTS3ptjORcOSQwHQYDVR0OBBYEFHx6BhJiF7QEIUB6yCAl
-MoN5MbxqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAkmGbvODeNeoPt8PMnRvdgOCxlnqA/pzPuD+JbKui
-VPa3xQM64kKjbdTsq8JU+BtYbgy1Ocx4Lmvv/wdJ5AuIosaWiAfwW/+VVni4f6pq
-lb08+5rRTA6k0Z5lhV2RSx+AomDcQnrwsxgi+LPj2aWfwxPL3RkpQ+gnBnoRdOwI
-Fak=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem
new file mode 100644
index 0000000000..3fb27269be
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A F7 87 BE FB A5 B6 5A 03 1F 34 01 8A FC 21 34 0B C1 ED 93 
+    friendlyName: Valid Basic Self-Issued New With Old Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued New With Old EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBOZXcgV2l0
+aCBPbGQgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1hupFJIR+fBLxx23/Kru9609/2Of2reiVqs0uGOuzXEzcBfwg
+9WdOmpHE1tgrgnPeg8KPjQEdi3E0FMZ17szaxuBzWaBD82++ZUGuOsyjG+1U5pp7
+nnbay91jYHRKTscjnRRaey8vSorDe4H7lhnTUjeShTXnz1YOZCMf8MLNXbD7Yt5j
+bnwSo9EdvJvh2Te7ZY1jTvS7jWGmFZOTyaeVRXXkwN9jtm4uc+oc5B5D948nRAML
+o8qspGTdP8jokf788nWZrbqc8eFYK9mQxZkmkULPb+wgt/M1aNcTixwXuorxmUGM
++5ZmBxemRqqNIk9OlSScZ3oOKNaFEZ90QQZpAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FN0NdY1TaBLEyxVAwBSGFBYwob6vMB0GA1UdDgQWBBR0xH9Fw7Me7BU1MG+ThFGX
+FlOJSDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCJSpwZJZwrb6ql2kHDQmAuRxn30WNsAenJokeRhyL0
+GMvOWgt+IYyeL2DxoZL477cH5+zUG7JyefyZvXz2oAzfApgPK8MCeQC/opoU1gQY
+oCWuo5kQjFtqI68wosKxrQvGh+VJMhREKBfShcR0z+MQhRut52Snvb2vMpdj0+yX
+iLttI1yQExAATJR2LUBCG4lMIqwW29IgXLUkxDSH8yyMA4NsRKhkawlY6+rGV+8Y
+pqZr1e0rmZXNrkxe7X28c4a23f75cq/+oTAql+9IZVE1FqWE/z7Ae4iKudnZTxnw
+Vh989tNkrWJeVLTOxczANY8ULemtvO3b5192gj3WA0R8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A F7 87 BE FB A5 B6 5A 03 1F 34 01 8A FC 21 34 0B C1 ED 93 
+    friendlyName: Valid Basic Self-Issued New With Old Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DF2886BBB4A02584
+
+oUu71FFuDSTWIirwHAtUtRXTNC7IU1ZW+ORNKmQqHO356vmTvgT9DcWVWfWn9zgY
+z428amzxjkS2MnVMsM+EEKUY/PcMWBY3GF325nRgHdUylKirNFDXX0jpfA8ic0s6
+gMio4ELZJQzSgQE1Quizz23JkmkaEOWFR9d2lzi8N4N3i/XTogkmyLtX96ELm+C0
+yWBkRc0y73YljPgr5kh8R4iNSBhpdzC2LBDMa2kEUvM8Q4TDzxyY0evyP2V4QSaW
+v+1ovCiII+gwML11+0LiS8sdvpGguGGpop7aFceAmfDZ3BLCsXpfAweS1GQJU3aD
+ZTe8290oS198pmbvVGStlmrb9w75brS0eYFlTEZH8SsM6lA2a5Gf8PoaMxHxoxm+
+3BODRdpRLrpqzWaej+6JgZGv+uot6oOHDpNrRIT/381Vjt8tKQtepUG7ENvOg5y+
+AmquMjJ+3ynD+0GWgM263bcb6+QRX8O4fRY+drkfDR1sd3/tzwuHb1q9FSC0mZR0
+lSVAe4mRW6IiCdbSiqhrrP1KPygd6JGfheVlLN/7drJZaHpjFG/tHqEYVzLPIV4M
+FibSiwzOcuPbTbFTIRIfLFEHYkJqIMnCBeVytqQuIaDBoy6MixggSOLMCcwxkQXH
+BfLOecE2LSI07mMZbPMKbPCGrmsXidUAgqk5us+mSdeYcgUPhUlvJQj7GIfYr22Q
+eKRiyRpZw0C81LY/l35a2bw1Nzpt/Iv0TiY0UJPrnWf6OEZwQRnYJeM20mgrcois
+saP2yW1Vz+PHY3rcZE0zv1n8ZQEe6Cax2QbarUbm7Rwkn0pcAX6TraWfYltTNg+3
+9yMezsmWJuReJr8fr+aLXxFYtETcb7CuSSsEJF93MZW5XuH9rsB+prBACIyhXxSG
+RcVeuqIeFNM6jEzfCu1n9AOtiPuwk7s+gF0qrVnMGvf91eJ+hishC2aSEWfkFKCT
+EYBgAhZGJpVOYC+iI8QNFrbRVzQk9+8/TsQShMU5wWjA50uNbxB4pS9OSg5J1NqJ
+4Nu5y2nyyladU36EiFVuYW18iFLrJAvBf9lpaEL52JgW1UOWwWOorOOhIfSd0AE0
+FXKLyuuklU190vwe50OQaay5gHL14Y/MHlkgcJAwHgvogjtsi6I9NoVVgqeqLVlr
+rWVXLbOQ79J5RIw4A1DXyDJBFPBFsptCqHun0rlx2tj0glbJGU0Y975nGfo2GFSA
+mojl02Y0x07E8Hx2TmPZmirxepIlqUN+f2SRLb97rjZFP3NBVk2URY6iZ5bVW+iW
+JtKctGjyYD/tdtXoG11uPjiJd6Hlb3YEeoRvoUBKVr1ZSH96wVOtljiFKWVWPq8e
+XEeV6mhrvx1tqN08RKz/qZY0TzNmf/cRhztpUNPM6swpgW2pqkTFwGjJ+RF+Admc
+UBz/RqRH9fYQn9R753weJOyHJw2Md2TIW+wiD+PMOg5KoGZVSNKu0qsLhWDNfKCh
+X/CSWxyHQNHSKzip7RgzjEMrVR/dpoLAb4chz7JV8JCikgr8Ei7N0itZzfVJnpJ4
+IjEW4Th2ygeLmuzK9ofeuCtwogx4BCVZOv8QxJpcixZkpXUYLVdWVg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem
deleted file mode 100644
index 8a896652d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBEzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgTmV3IEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-tCkygqcMEOy3i8p6ZV3685us1lOugSU4pUMRJNRH/lV2ykesk+JRcQy1s7WS12j9
-GCnSJ919/TgeKLmV3ps1fC1B8HziC0mzBAr+7f5LkJqSf0kS0kfpyLOoO8VSJCip
-/8uENkSkpvX+Lak96OKzhtyvi4KpUdQKfwpg6xUqakECAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFK+5+R3CRRjMuCHi
-p0e8Sb0ZtXgoMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCuRBfDy2gSPp2k
-ZR7OAvt+xDx4toJ9ImImUvJ94AOLd6Uxsi2dvQT5HLrIBrTYsSfQj1pA50XY2F7k
-3eM/+JhYCcyZD9XtAslpOkjwACPJnODFAY8PWC00CcOxGb6q+S/VkrCwvlBeMjev
-IH4bHvAymWsZndBZhcG8gBmDrZMwhQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANa7RRhusOV0Ub10qBKMsUMG7QViaonYz0IcJLX0FKEI
-EpTq0SV6NeVjjzmcrSrzjHQfJpkywOHRiMw7XvYunmzlwGSoD6TW1ZUYVDaQbKUT
-oWooVoCzVstf6AsZiJiHQtBt4x4OHap7QRcJdlh7aPhp6TR+zq8gB1HsG8yUlG0x
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFK+5+R3CRRjMuCHip0e8Sb0ZtXgoMB0GA1Ud
-DgQWBBTJW9PRvwbxAcF5XLtzDY1MRsst2TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAhIZ09WrNK3jX+b8HugQygNCBEVVfX7TOCCFkmRaxp4R/QBHWvcts0YQT
-6M5ZC6b877id6zRYegHadKekVVqwFbLKEO0MnpD2yGhGgDpbil2HlEaQ9yKQXpGF
-CBx05/e7jkNhk/zGDsBqmNzkozrJOYBohkwUOjVFkAuLyovPhTY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued Old With New EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBXaXRoIE5ldyBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArImc
-Yf7s6ea0+dqzWPAcGg4gZE8CjbYlhP964Da56tk10sqLVKHCKxnRYgymvojftLHO
-4WYGhfOfDGxlEex3i/AvnxEqVlwzH0M1fCU7mvycYjZtMSObA4U1mr/MRoO7U2so
-ege9jkx/dSbZIRGY1huIipH8TjGnOmfa56IBLpECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUyVvT0b8G8QHBeVy7cw2NTEbLLdkwHQYDVR0OBBYEFLKHIZkLlnQV1U2SSzrY
-JQOcna7uMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAZu2t7x1PqFyZIdjnp2j/D37jnc5xmuhC2UOUuyt2
-WFggO+apFns8iYM3azA0uj819lQexXHqKAZi5tQnMzPcYJgDjb1ix0kUCwiW3v20
-LlHf39XU7HJjfXn5USPwqNvrHcWADkRfL10y0ve+F7tmkESFvb/yF3ZU+t/OBKb4
-Dgs=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:B9:F9:1D:C2:45:18:CC:B8:21:E2:A7:47:BC:49:BD:19:B5:78:28
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        73:fe:c5:db:86:ee:6b:0e:f8:68:85:d2:0d:c1:44:01:d1:33:
-        5d:9a:42:14:a7:a9:20:bd:38:30:c1:f1:3e:c1:b8:d9:4c:ba:
-        fd:3d:7c:a9:66:5f:94:fa:46:e8:23:94:4e:8d:09:1c:45:6b:
-        21:ce:b5:cf:3f:e6:18:33:d0:ac:a6:ea:c5:f9:32:6e:75:31:
-        79:6b:1a:8e:50:05:86:89:f9:f3:e9:8f:67:e7:93:b7:d3:05:
-        b0:9f:2c:97:9c:b7:7e:01:7e:c6:5e:f8:72:4d:11:6b:9d:30:
-        f2:69:df:68:5d:aa:a0:84:f1:07:68:15:fd:93:f6:14:a1:f9:
-        90:ce
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE5ldyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgED
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFK+5
-+R3CRRjMuCHip0e8Sb0ZtXgoMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AHP+xduG7msO+GiF0g3BRAHRM12aQhSnqSC9ODDB8T7BuNlMuv09fKlmX5T6Rugj
-lE6NCRxFayHOtc8/5hgz0Kym6sX5Mm51MXlrGo5QBYaJ+fPpj2fnk7fTBbCfLJec
-t34BfsZe+HJNEWudMPJp32hdqqCE8QdoFf2T9hSh+ZDO
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem
new file mode 100644
index 0000000000..b9dbf00b73
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 05 3F A6 27 06 55 4B 0C 69 50 D5 0F 5E FD BF 47 A1 9C 82 49 
+    friendlyName: Valid Basic Self-Issued Old With New Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued Old With New EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBPbGQgV2l0
+aCBOZXcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDev0QtgDJfvPcfzwqGf7Xo6oBJMIEKObeQqeEor34N6RpT4gdw
+mhmz/6dR+r0xpAVnpH9peH3F07hanqFzlYmv3oabgCYMmDBAxEFy1cptkE4hDdsf
+UZqruxtd7v84c+hUd55DSPmRjzCZtvbm445wpUJyTcIxTIckpS4Z46TIuM5CCgcX
+CJBLa/UA7nAFJD634GMYzjcIjwqQftmgmyvQxlEkGxc3Y8el2jBt160yHTlbcPUF
+2cB5heUWRvSLHWoYt2nBhL8W75NzJZaKAtL+4zSYQ/uSlutIuV1cAnubaR9kfQJE
+A3tKagf2BP8yokA4aOkXEESnnWV4gh+ZtvoPAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FHZ82GQENAlP33EhdA8MFps2qILXMB0GA1UdDgQWBBQD3ajkIvc9gpRLEUN3LsTP
+J+b/QzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQAgcf52e984C7/uhGUkZ6oTOyFsCZy84Vy46uuiCRkv
+Zv4di4AA1XURzEKGEwR+F7ewE3mNbrfsfvwv11ZC//bZn/9nJUN8z/VvxHwnlNm+
+Z0iYclryFKrs5lvWjwzlNG3tZeNl77X8rpGlwpwU1SbFJH2N93JvUWfMBXd0QUcn
+Wor68nK8FUBd/1tAq4njU5OT+nBfII3Cv+Fdg902zrUTqrJXZmdD+jSBifd3S5/m
++nitrP1YAODnCqZGjAmgzDZTq4C33B8b88nhfIZssqK0rEsQoN1qyRZb5nTBHZ9L
+P3LirbQTLxJHYSAZl3GmRQ8sUEODnIN9hkYRSWoJZOtl
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 05 3F A6 27 06 55 4B 0C 69 50 D5 0F 5E FD BF 47 A1 9C 82 49 
+    friendlyName: Valid Basic Self-Issued Old With New Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,10B08039DFA4A58D
+
+g68Sb53Ixkr6ma6Vo+HWtS30kwevnOgRyE4CEBC8a5mc3dLcXo+N8igPZh794SLs
+8aVAS+JVZezz6uLoiXXE3kjDeP6ggZMmWaNq87vWkk7dcvSX+JI8fJ04ziZpfOBL
+TGQsgePImkW1sBejluwySCmYywt8Zb8pLDTjrT6aWF5UCO/CoDadNJVL+LQG8NwK
+zsVYicJc0hWmlMuoNzi/yJx4cy74QrHRiX7G6ZA/JdMC+jV+6zgHcRxb7dqAv//C
++8AM7zuhOJUtQxEzeLYVBqBT12BYWEY0FLV1Lz0Kyt5s4Wt4AZLyOnQpFiYhbChT
+7MLuswQIJyi067yarkAcPIqdDbewjDUKEhMjs2IT5BvshlF6dKDvYhlUr0zhgUbw
+O5AsJu8H97vp/jaSisVRu7ZtDcpGn4lXy4ph5Q2o9++diK5v9HbywocigjRdwDqI
+C/704gRJMBUoFPpujM7uI9XkcGGdcDT+ZQ2i8zXtwNYprF3MxhX4vxF9Gp//VKtu
+po7tLpQcucUrMyDywiIJeoTJtWj/hRzmuJsXoNst1caGwoCpqP7TYhL4eGqFEg90
+ubR9B6qbabMCfATgKAEUpQ5NKjvbaJ5QgSm1AAncu/MgPBmH1WxnqH7dA7Qa34oV
+3GSIsKcYFV7EYwjVSTFZpHZACOe9xkL2G+rzY7JVINGzv8mCdau6sr6kQCQAVcY5
+cHMOOQvne9GsxEt7iN8OBr1mBGwFhJFRnoAp7ECHe2vxrJmN1W5rkq9TZHFrwCJq
+F2zWEj3C1It4+1cvdo5kMdvcFvdiK+svhgJu00Vi+clN81MRmre8Xm3HaueJ9Xn5
+BsPYP7M2vLGfd2QOC3wMtgCOjmlCiRQ/r2nLOU3ydYQiaEFltV8CK5SXGiI5i9/b
+UxY5tcdLHACcwlpaFvUADs73yfw7OJfd3RnPOTdLksdI9q0hx65oS4CgIF/haP2X
+K9z8G4C/1OFCx7TYC05QQo5C/K7sALErFzrpMtbVwUFddCzoktKFsG5PB9jsoWw8
+lhmXrJqKCok/f2W8o3hZHVfUEaVddIcPgcXGgKtsedXlBkjfIgqUDdLdcwF5lV8/
+mKw5jL9ozlEkMZmCU8rUOuSGWo161n44W9zGHkgTSxLiVOaOiqxmzACWHfHy7G2V
+9fx0ncJCgTffmcGnTYRJi9S1AizgaQ0OC89CrVxR809DQxykWeSeNpK43u95Lexr
+tKJvVK8lOl0gihDW6rKvwS1bdF7LzvSE1q6544FDx390+SkXYAq47BVQ8dNybif9
+hR4EroJ+C1Q+LjVb0A9w/nqNRFhRo7hTkgWE7BoW43JhRK+mIoV9joY5sa0hCRvZ
+6+B/4hNVQLgYp/tnNRm3k9shpk6jGzQB6a0BLnatDySPS2+MRovYgQsZCrZqcpO1
+kQ4hHfLaJ3jTndN5yytEJ2ZWcCUbCyY5Q48EyNpDpGHZe88iDuniD+H8xbGixn01
+b3xmcvgJ63ZsXiN4I9kjLUql3YxraWqbcaq2Kvh2MD2I8Z+O5dhyJcwaFZcfDF0Z
+3mj2YiTCZJb1xGX5fRQhrjwoEQCb7QjbGVvV8L3DJiSCCnjr6v7QC/c2Du+VCIUw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem
new file mode 100644
index 0000000000..c07567a658
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E1 28 46 4B E7 34 D0 F8 4B D9 28 51 6C 50 F1 5A 18 B5 2B 96 
+    friendlyName: Valid Certificate Path Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQDExpWYWxp
+ZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANncdxgQEBhgQfvneBAP+IR3cO8tblU7EaaZUj9t9L2hl/o2Hm5EQhHI
+U/51hpteNxKIon3ZcQjUSTVxzkbPW9BZjmUf60I9yg7cTJDYVGnPXjiyIGDdg1Eu
+39vVWziRWi3PmjO0b5aQ5XYUYkNphBDPVEH5Neqe1FqXnV4QWb3g5MNZidfe8nmw
+h2sCwFmhKgCCFW9rEREAUzR0PfThzFZiouRl6COxgx1YUwiyMy2WvuV9M54QWidz
+U91dmOJLEVNYkY/qchHsu5TyDQ9QrfIWtRoAJDHlFb0XBpCqJLGs3QxSHvCLaqu4
+9+3fY7TOlGi/XpbQRJbx+PR6Ogp5FVMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGE
+JBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYEFKg8CZ1n9thHuqLQ/BhyVohAbZWV
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBAB5a2Q+vYqW5Ury87AxhiBMBqgoPDUejnqmyFxv4o9ks0o04
+vjuyz9QxiM/OafSOx7lwBVHABofGlbT2avoxni3EF7Pt5XoZYRhujNHkDtqbbWyN
+BpDuLNF5WNiEzZtB0xji/pHGXwAnFGV7Evovvai/NI4tzxdMWFswDy5pZkUmJiGY
+0/OQrimHWk7Gvegofg+glOb/XLVcT92KYVkOBdL/xWnA04lK0cLlyPTICMP9KiNP
+hABcLEQtg4rCPSLHPGDyinjjG0Zl2pmP+GPB1HqgcKZ6pxCbnax/vhTwRCOHWKwQ
+FejzoL8eJcs2qwJpWq7/wG6wQ54Inhk8pzBujcI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 28 46 4B E7 34 D0 F8 4B D9 28 51 6C 50 F1 5A 18 B5 2B 96 
+    friendlyName: Valid Certificate Path Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1FE7617D7FAC4636
+
+p0Mn+JrDNgEXb1a+jzTU9Y0tXlkry6sa7zqyl7Sl9Krk1/dIYgWppKRE19A91EeR
+Ksiwo92hb+nfSJETfAr4OTL7egtQJoOf/jWhfb9WpFM8+X04L7EgtZUvL9cJHBpM
+UNrEGnwKC6Z+bJOnaSydWH2D8E6OweMZKpt5am4qjGXRLOv/hW5+N6uL5sbbrgQO
+BEHkEVw6uHBd3IvB5n5vvMfoFbpVPERXwrDRNPgY/2qtMOvGg40PWzTRVsoGm1YQ
+2FiOKkoeKfvc46/2K396npTBY2oQqZBMUb0GWBnpV5cdKHC0HnWzROPk2WZPgz30
+ppJvCzWsNqolQgKKuYYFnjAXY+JrmCuqJqdFsv96b/GdepyOdWj8jQiJa/T9Wp8P
+to85l5HJ5MfeT7LzK3lyWvlMHrUUs/ZT9hfXAJe2ZQRIMtYpwJkIMmRktHJ8kmVd
+u2zGzQxjIA/Yf3iKeVQu3yLS1ODC7jvjIqLEEmBegx5sFWKtVChyFrPn3J0fk53n
+07xZ5D0m5bX2bctLUR1lFADNO3Zvl2mJlz46wpmToIrlQFsKq1gO1JFwo7P7MzQX
+KWQjXOYWEs939TdiDvIk86ZnaWnNwxcuRK3SqzathM7qubKMWGPlQmMd+Irmm1Le
+Y4Lv3stgUJpnil/vhqT+MfqrCxtugyVX3PONdsh5mKIzl7dMsqtwDyRWNrZS+eID
+qXgs71PxU8TT0F+FvXbCnZ7uLUrOgdfXbyP4CF5lQEwZ8HxMTmJ4IOz/QK89uDSO
+VdZHoc6qpnhCnmVPyI8+yxwAGH1C3Qt3ubU7+EUBto1jITqFNyV6q+o/kL8vsUVF
+fwIFJSyHpEahx+9ytQKHxXCy0vPHirle03uGqLZuO3PvxadxE8CniNK1dUzMwsEN
+a7qmDmMjJWeG3ICzHbdirJeUQePApdLBMNOeUrUKGGrAqhH2qHPGcWOW0GxZJgtE
+02eGX9WsxhewEXNP/ccQDl+MyIA/ao9ypfEs2OgU+Y/TOAi1xKwQp8zi4Q3J+gSD
+saZC3mm/HLsAeTk5TYdca5FLDtbiQ5OvT3P+fh5glmSdEgZkq3x84lYnS/nMIjD9
+t8UEmmIQgLUkLqvfSVxzIavZdiszpVaf1cUNVp/0iQrUeocc5wFRV6KbKMKW2mYJ
+taUJeSQSXuZ393mj7dpQxW4puRTZWOztANImpmUm0kgQ3FLnLMCwA3d9W13IXwjl
+J39BmFbyBAsl8rJvD2v/qziflv8HT2SjC2/GbfSZ6C11MmoKTMRW+7NEC/crDk0V
+hBcHjuz/szivPSLHQiTAjYS/Xl+/15AYPhKL7k5d2RmcInNCmN2So1ketSQfeBQI
+9t08lQu759EoZDRJ8dnR+mWBKSAI8zUYThGc7lTtW+cQMOsgDYV9eQO3QkkvzvnK
+7gmmfqCHReWY7xm6Q6SM6iBpPHnQ55000RKEaglCzABv77RgLlS+D1OGRwGGdMr2
+yJOQnygTmlVpJt3bh4Tuh77wh1J9BwWBf2k1wQMkndbelL+5i8Mkvm+33MVEKJYD
+I109GqlY9x8RdI87SlBth3Bv50up/by/seRVcqFpa/7HhCiXhcJqsw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem
deleted file mode 100644
index cdaee8592d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid DNS nameConstraints EE Certificate Test30
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-MDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA08C22ZtMqDmJQjt6hWE9rPJX
-rWB8T165lEh/iTleDZqyVWl5PRT8V1PTxkkp5aURAXm8BsNc1b7YFZfdsiMx1bjU
-iBSvqDWP8HtarPF6+J0wsXO8Zxp8OV8kCjU1gA4hLHUvVghURkKoVXwzB2cwhlqm
-iJcKkvv65JpzZPinbCsCAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR152dHGAmr8YiI
-256N1RdSjvxzeDAdBgNVHQ4EFgQUYmleNHVLgQPdh5BhovyETaAgDeAwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAqBgNVHREEIzAhgh90
-ZXN0c2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GB
-AJCvVAtnYWZDsmocwYuC7e6N0annLwnm6MvbUgS7+KHuXfm1ty9YuZRe3t1SFQxX
-yhuTKj9iERpNsz7ldpdAKftS6PasptiZLlqhi3Z6csOnVtmFErdgN56iJoZgkDlv
-YTSVuG8xVfNBvOTHve/LWxGMlTGPDLMLf0hamDdBTfCK
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem
new file mode 100644
index 0000000000..cd8f0db851
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 02 C8 BA 4D 34 CD 09 12 AB D7 FF 9D 06 11 75 8B 9D A3 D2 54 
+    friendlyName: Valid DNS nameConstraints Test30 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DNS nameConstraints EE Certificate Test30
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgRE5TIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE3efE
+Ew9OTIYxe07PiuyT1xASI18+bk+gPhFo46a4GTv1BYJLzxKlWNQkeb2yHNhHamis
+09o2kHi8KxtgvEQpSItGO3orpoTNx/ag7GZ+uT7pPQX9NI8HDYaaHbU86E5Gf6l5
+xbFV+g5uVIJY1MKV6N/cJ2qAg3o1/aJOg87sXW0q7Xv3QKXbmzlRwVR38QrSRgdN
+r+BIcZ6r9plX8P3ghHH+/xHRfilCh7FWmrruGf0K3w7gudE0RjMTYm7zHOny4fs2
+W802lvgWW0Kls51YiqdjmT1V+AOoyR53SIzwfZR5jY+FsLqr2o0mPk6GbzwS5Pk5
+XBrbegxQ/UrfP4YNAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAUsaoX8OPPzNKniaaD
+B93/btoH40kwHQYDVR0OBBYEFEWSz28Tk7VuNoLpo6HEQTpxsHIgMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKgYDVR0RBCMwIYIfdGVz
+dHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEA
+pgUgjEi8b3mM4voUe2Wt14cuFOS0YImUvk/Pr53xJiZPLyJkBOVK821wqBKjmmD3
+29NaX9nshLc54lZfqvQBHTEWWBPeO1um94vimYyRNMVxoIuEA8c+a3RGGQndisFP
+2098JFQjdz55pW4NgG26CJNutjMmCW17GmVTEJCiQEpVrRYS0QEaYUZya1yp2Thr
+mQJGt3FyMi+LuoKqlhJsq1892cb10GO0E0Yhy/X33ihpbCXFMs7e5kqYa4oHRJIi
+cScs+CqFDO98FpiQaccUpWlgIbHIq/R2t6GcXgSsK9+JLrJqn2TMMpS5O2Qmy/bl
+AHzuGjGn+nomfAVFRuEZgw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 02 C8 BA 4D 34 CD 09 12 AB D7 FF 9D 06 11 75 8B 9D A3 D2 54 
+    friendlyName: Valid DNS nameConstraints Test30 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,577DCADE8158937E
+
+6IGI3x5K/D7d2IXqI/oa2gxu29K3UVhOrBxkBGoZMIxH+IPsN9xUautRc3j8qkxD
+Z84DO2EQd0f/JEYpJuJmwDP9T3UH9HkT5Gaypcwu/h0ZNpHN/9CyOU4wprh1X+AS
+pyFnr+dou8K6QZYnskttevV2rHEZVc8oHjI4fxYCqLOSD3dQYn0QVyvjMfygg9VS
+Gi4jJW6BAyNuEnoA+Fddo+Wu/BeqHMZyX+rKFwKxEVJnfeUcRE6uOiMw8Gv7ojDV
++n1oBdJ2Eo4JG2Jw1IcDBCSHQkCrMQ18HBw7menMEQQgwpIhOsa+vyK3cCI+wDhk
+MGrEOJPEiQOW8SR+JVEM8YTO0qZamveDGKSoPqWrVpMd+cHtvS2xf4cSOCZceDkd
+j8vPMA9CR93IecrKWDGqDuBSAwtFOW0qfX41JhDb3V6TxO2LNwNDsHpWjp+bKNk5
+VUWp4o6jGvu/YjrmUn3LskvNpZVxC54Z+3KShS0ev8BWHpOdFl6DIZ+3xR4coIcj
+AeyeP1wFqAXcw2VfPtZmQDH9f196jhfBGJqf/RYTzXd3uAMT9WRa69Xs/R2CrI00
+5YR6lu7kRVX56s/1WV04J3rY//wnzO+TWRurBgHqfp79eT0AVfdhWjp/VT10lbiR
+Q6UOcQ1IlSdpZGvx14ds7KAo5jTVh4uZhGomlR27sxxPHinS9mRoP8ka6deRI7ZA
+vDlUwkIjLF2JFK/yLVX9fWH0rL4WhoxiN0eMEu5XUnhlFe9oqWQC+hd9bIKwxfSj
+zMgXGg0N42FYbEygq1rNv+lAfqdZX9Y5VSkFyDeVB5+qYOmxCnk2MpFqQm6c6LX9
+9XWzZnLH20kWqBMxMXcEtEiwYZbrJwQs6DGVwWh80DykLuMU4Dm5L2N3gA3faEH6
+lUlBg8g4Z1pBRw8a9kE+6JQ9YOHEZveBQWgt2QxzoGOdo807kwBPkCzZRsMIr7Gz
+AdqbaeU+5XJJtf7MoCNuXzxWHdkbfDK55IRM57j/Smw9E7QE6BD1QEsZyFExWcm/
+z21b83nxae4QL8cCVGoIxCIWRconx0X6uHV/hmONVsuLqvdkJo6kQ1aRXpn9uTg3
+vaVpepV4stT3iKSZAXIbKQ4m3nzURH2Nca7gEJDwZa7T654ySnj9qLM0mLShUxxS
+m2lc0di6MWBEG9/6CdGCfIzoedyknL20cBXFXmNU1ioYyeyaym58dtvTtTqX6zDm
+547uFHvAOTzpuSNI6p4WfN/IC9K0UkxgOwynOtDmBisNR8q96ieVr4ICB64mFHqT
+Omi/qvy7vo9OaQUdEMRapkdOe/9Cu1X5VhjEgkOQA6Uss7yEJ0CBucLlicKGg8ji
+1pMRn+C0UsY3XWRLp0pzNkzdjiyZjr9Tn9+1gi6LMripWuBeMRd58nYriRXqrkpP
+86qNn3iA9VvvzT0QdOkjXeg6NvBghU7JjKYmbSenSNfMwCO94N2zbTieLUPJ7Vrp
+w0vg+lfk8ut/7yDv/BB7+6I/CXUaO9ane9qfs6vw3YNO1dAl5FtQubBPAV2q4Emv
+J9+OtZHp9pvAL+zMK6OHPX6aMiskglybah444IQs2nXbj4IVyyOvO2LsP8vY/pLR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem
deleted file mode 100644
index 62413ef929..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmefIFU
-RUgrahNMyIfzibuPD5LXv1aF765kc/ROx4BQYuBUZehjaB0G3eHv0wGu5rSJbnoy
-Lpdv0XVvBKEai/K+9iIereljhcwZzKTbHHvAdhCtgImX/Zz/KZ7OU4GZJGkdcj9r
-e/szQBEqTWkWB7hT25WM4ghi5xAz1Tn3foOxAgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFH6Q3Dvq3pzSm0JE73sa
-zW6PkuC0MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYIXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAekwpteebcTHJ3RTTqNmNlRsw
-aSa2MtBlaOVNyWi/Qsgy/LO5We9Ahkq56VlKB4WTWCFBdrbbnZ4k1Dpgj+NA8YBD
-Ysuq9KofKqycs+alN4JOOMtKHzbm05wPqkhY1qbBFAUbrEm5felp5drbJys97mCX
-bm7XHTxTuImtWM4ESC4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid DNS nameConstraints EE Certificate Test32
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA374o7AtX/s5zVHxqAws7oJ0X
-W9efE9ztupuhz0gxjrTuRbVoFj3Z98ikVL8RLG00VdWjgbKd9gWB+UI4GD01A7Wn
-M5bSXi2t5fcyVYPxPjzhrl2gW/DfUYO4U6LHtTqID+ARhddd3Xlz/6WXt+gOLARC
-4zuqAsvNuNpnFbI5yA8CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR+kNw76t6c0ptC
-RO97Gs1uj5LgtDAdBgNVHQ4EFgQUpTkqy96R+925D9dnz/clmePZZx0wDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAqBgNVHREEIzAhgh90
-ZXN0c2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GB
-ABBLDmNvZzxO6JM+lTiTscA+ikguaFV+BdfdORenOIJYUHV/j5MhzLCcOqh32U/B
-KZqQ9ataMvRSnqfnTHtRCWo19S5qT0QjVjVfYsDfX8QQy2jJ6bI9S5vn4bLO2HUK
-jLOabPS5lyHm10fdN+g59VKHjcBKmkBkngTkhVqVLOxL
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:90:DC:3B:EA:DE:9C:D2:9B:42:44:EF:7B:1A:CD:6E:8F:92:E0:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        02:f1:3c:9c:25:d8:e5:f3:99:97:72:47:d1:94:a1:f0:11:0a:
-        8d:ef:9f:4c:c6:3e:93:23:1c:76:92:f7:68:f7:8f:9d:d0:ab:
-        7d:73:20:ba:f8:ea:1c:90:10:59:01:07:c3:11:36:15:70:b3:
-        e1:80:3f:38:65:42:77:78:95:79:6d:a9:88:c7:54:59:b2:52:
-        9d:da:5a:58:a1:73:1e:07:78:00:01:67:02:41:9e:82:b4:ab:
-        f3:d1:74:00:8f:ce:fa:78:8b:c5:ff:ca:40:ca:88:90:ac:74:
-        78:41:4b:60:85:3f:43:31:7e:1c:60:bb:3d:91:09:df:9d:f3:
-        6a:40
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR+kNw76t6c0ptCRO97Gs1uj5LgtDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAC8TycJdjl85mXckfRlKHwEQqN759Mxj6TIxx2kvdo94+d0Kt9cyC6
-+OockBBZAQfDETYVcLPhgD84ZUJ3eJV5bamIx1RZslKd2lpYoXMeB3gAAWcCQZ6C
-tKvz0XQAj876eIvF/8pAyoiQrHR4QUtghT9DMX4cYLs9kQnfnfNqQA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem
new file mode 100644
index 0000000000..b3becaf563
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 81 FE 9A 03 53 0D D4 4C C1 A6 2F 85 29 05 F6 9B 6E 1A AF 1F 
+    friendlyName: Valid DNS nameConstraints Test32 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DNS nameConstraints EE Certificate Test32
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgRE5TIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjO31Q
+u1gnI8gYuBTTqe7O7qzK1fRNCHmFrxovthEckh/m2yz+SwSMCRV3tYWgOu4g/f68
+Gr0+3+0fhwI8ZNlkjvjZG6ZaaDLQejsfSwRDdB8OcB1V6p2EMSxRBGj6ZyTGObq2
+1XCUJhWE7aT4UDw0gZ9Gw5MsdzP9Mm0ZujF+nknrMx5IcktNwz4GrZ+PXDEd/7BU
+ZoosEtzX33b0toggo9LPTKRlu0c5GJqLbb7dCj9nuErxTaR2x9xGFdYdSuJxhlPK
+NwGCPV/RdbA+b5LmhxfBoCNRYsDHc9SGaxJxuzxJaRke7uqNc8E8xiEBb36uwN6B
++P7SaqaFMB02px9XAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAURkicQgmOXVNw2BYe
+4MHJGBU1CgYwHQYDVR0OBBYEFC+f+0RS6fd7DHdf1A7xDiGx5OcdMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKgYDVR0RBCMwIYIfdGVz
+dHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEA
+Afn8pFtzg5Eyk7U4Qz9iaw0+eaMiO4wX5iy8CP32AzJf7EJrykGk2G+/ZCJirXdB
+KJHPHqVa1SuIg/I5OOyku3VAl2nsVvR3FbouEDwrRQMMF9AaRAPHW0Gz6sb3DZWO
+gtoAdJgPQukkQ2t1Usl6DdsObESMNM+lE/O3qZBPvAS5FNuk8/GNt/l+7XUYub5M
+q9myI8bAITKwYNH45K/6uahjVM2Hzzw0cx1DINxfg9PxP4wmA6AbZkgLazgwGaZa
+Tv0xkbdy7RaP0nDXXRTlKpPYvplmmsfiYQiB1J9RedeHXsoShC2RPPcEWe9kAjcd
+ZVx3nY9LshmNiUS5XqpLhg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 81 FE 9A 03 53 0D D4 4C C1 A6 2F 85 29 05 F6 9B 6E 1A AF 1F 
+    friendlyName: Valid DNS nameConstraints Test32 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6F7A00D5B9CC3F0B
+
+VQl9PFCblPbDF+VKlw/ar0II/RjNtJlFeOvxArEr9OP58NYpTxVdLPzGV5iESA+k
+ZJUWpH09G7OylczvwVJYkuVCscsd26XrgRAsO7uc35hmwo4kuM6fzcitWdX5AWoP
+6k2Wnl0uT3ZrcUHYUU4TmVjqwG040ZO85zwU7NyG0Sr3rBInCYaOHoWPxYI+w0JM
+elxsMi+Vd/SIMrMdRz9bZe6OW7NnVEEF2dyM8v07zgVNEj2qdeky770urJ0ftIkl
+zFMjRa1O9E1uZfFZ+pMAh2MnB9ZLwHYn7k1jaekOzD3pxaM6L6ywCYULDQ6n4Kd/
+tnBHllU1pcJRgCyiuNSDcBRe1LvDSwY8R38afZVywSk7W3PFFOOb9E6OeWHE+cjG
+Gvz9I/Sm5Od5Ub27LHuqeRp58qExi5gTZvg8QrmSLOisCrWti3kEk4sNixSoTSoL
+DS/IiKie0SecB9rba8N3pyyIi/ExgZX2+z06/7Fxk1sY9WWK2WaQzG7oLyBPWM5R
+0AG9eWYRq9PiF3nVTyHfRR5p/XfrpOKl9i26Y0Ve3pjrr6BD9hA898/zuqqp3Z/F
+lQATWWmzdda8rCym3xH/PTlUfWFyX+eCR4sLlgHxga4TU8maMMImGocBMNvFa5vh
+amSpo+vzlBVtKXIQMUHtIEq9+vsiJgMMh8xbikz9/KCnB6QrR+gOFRaLsC1bVUsK
+DL11crzhbVDVLPwQSpbhut4gEuR85VDemQWKmn2jvQ7czdanVv5VlsfURF+A5IAa
+jspxKQs80+zZ5njoTrZog2peuMJZoh0vz7Rn9C9y0IE9KJu6Sd1eF1qgNT+jAFcs
+MBlTvQX+YZpiJp7kzXQAYdSFmDX3ohmttAGtKMrFDPErqUda47s3j6WBiDZpsRLD
+HB2yET1Tey+fyNq2kMWR63v18gAuW5CI6/8CDw/17kH72ro4Z6HpHEhPWF3lax/v
+AknUlI2vIw9YGCDwFgZnC6/FlhI7cURI5FvzPeeDBn6rZVAV5QDyAGGkI35yWOT0
+MOPmn2kwcAcfb2SFEy7hooSTo/PY2ExpS3gYKX53Zd2NyVDq66ccN99C41s29C8k
+1o31W47g55OLO7CRE8QZWZlgEuCcZqFIycqO/kyyCaY1SvZPG+gjhfzNe+smrm3J
+8asBn/If8czuqy81irL+oUYwW6+4q25zJNzgSHPdphFFuB5betA67+gsMOeTrKj5
+QrgRKyINQ1VDtHakoCxvAbdGDNYUseoZN3TR9935MMzjwZl9b+1C1PL8IvtRBwfU
+rN7sqB+EPP3RBMiXSUP9aDexx1ik0KYPLIZCxoj9EJUr87kI5UCfqgO+TAoSdo+e
+vfo5u8+vSr7yKVY0ldR/rJQ9Gp3csPJDM5vy9nsMg09SPTXZyXziMzsVlc57yqde
+qcl/p67YWULRGesh00UbiZCb0hnIIPBI1AmHwWSx8gVRZuI9IFVDJdXsIKT+b5Y4
+P99FharjpKMxkwXms3Jvrc1zd4F0WscmHJ8SHMkHn25PU1L4XuFdESBIoJ1CJlGt
+lDJ7W0CiP/ZuE3VpRzGJml82zHTIyLhKu5iwUVC6CXP0PUG6vv42ipGmOc9jhyWE
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem
deleted file mode 100644
index 1da7bd70d8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN and RFC822 nameConstraints EE Certificate Test27
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDATCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGJMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUIwQAYDVQQDEzlWYWxpZCBETiBhbmQgUkZDODIyIG5hbWVDb25zdHJhaW50
-cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAL23wxEGImwm+05H4yzrxRQXdJBQp/RrfHB1tjFbPIUzr6hR7T+xNjC+3M8r
-Y//0sOjggeDwLkrbhDl5TK9qQUui3Oys3QORkLfvuBIKjHtzUYfyizTV86KvAybY
-dMOrY8sc5zivU0N9+FESFwg/Kv+meXt0vgL9DSe7PsFnaC8fAgMBAAGjgZYwgZMw
-HwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+qIAs1ZwSDJGswHQYDVR0OBBYEFN3zmdIg
-RlRJJv9aNE/zRRJu9+n7MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwKAYDVR0RBCEwH4EdVGVzdDI3RUVAdGVzdGNlcnRpZmljYXRlcy5n
-b3YwDQYJKoZIhvcNAQEFBQADgYEAEiXPBPlFwaHGZ5TqIDXXTXn8ViKz9zfr1imR
-nhJlqZJTu2TlScmSN4vEg6++1wS0vVxiPiwNQkrH78lRNTH56MQOH92DxRyxF40M
-5YJc2GuFb6+ZkSKVWDG6UbkbMxjaZvqd+jnODcW1K2lBl1jHiv61hoNxe6VrNb4i
-m1dYiFQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem
new file mode 100644
index 0000000000..4420519b07
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: E4 9F 6B 9C EC 2A 8E 46 DD 98 0B 0D 37 F5 6B 26 15 4C 2D 48 
+    friendlyName: Valid DN and RFC822 nameConstraints Test27 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN and RFC822 nameConstraints EE Certificate Test27
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgY4xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFCMEAGA1UEAxM5VmFsaWQgRE4gYW5kIFJGQzgyMiBuYW1l
+Q29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDI3MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4YwJBaWuiNbOXsrZHR50iYNo/KP34QUkqySEdyVQ
+XRYjgcVtLO5sRCeH16qBeglO26DxAouS1ofdzD48hjMWLKzNwAumWmrQhkhtUQhP
+EA2ABxV4rFW2fKm+jjWmPNxhLWceJED3XEnY04pHfy83gC8YDgPQeqRn7gEdQbaf
+tgUT5/yzBii6idSbJwWwNtMho6/6a6DabRtdXlz4h0hg4OCPU6aPUuIEa+wupnnZ
+ac1Rl+XSZI9gt0jEMh99WDpi15o6QpItW/aPxiZ6uokdAds0DEEik5JsbGRSzLNZ
+JbiLV5kOQgtzyj/GQ4HcigW0k54UQWx1kjj4YwsgYvpOTwIDAQABo4GWMIGTMB8G
+A1UdIwQYMBaAFCdJ5ATZRfpsmJRs/O0NwyRSbVVEMB0GA1UdDgQWBBTRTIBGyj3H
+PjdjTstrMzXkvcN4pDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMCgGA1UdEQQhMB+BHVRlc3QyN0VFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292
+MA0GCSqGSIb3DQEBCwUAA4IBAQB5K5dCXwefGo7l2SB8szQesEoMosZISkK5QRIm
+xxHkPMc2snn61jVFDOVvL8muOL9hSNPBiOHBNnXC9mypo14FEfQRI5FjLm8MViWp
+doY5fn605DBnB5Cpn0gcwB/MlPe/TDbCVVON8/NNqWqyVZ0y24wF6LLjYaHR9QmV
+zdlMfljjO/gJVNxbhad0GL5IqMTjkUgAIC0z+ubj8M1BJb2qdIOk1v20syn8r9at
+iN/+SBwawEpSfVR7K+GIFL4xSjPCqHytmSMMCX4HkGlCw5rlJulusIvt2tc97Npc
+v2KJSeZ81jehHBt7sUVqV/DgO2XIrysN5qKcD3nZs59qx5YK
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E4 9F 6B 9C EC 2A 8E 46 DD 98 0B 0D 37 F5 6B 26 15 4C 2D 48 
+    friendlyName: Valid DN and RFC822 nameConstraints Test27 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,72CEB87CF5E919A0
+
+1kIqFRDkRsg9vR2Y140zuDWapk182kj2r9IZoE9dBx9TEOA19bs0GUqsZRE/DpVZ
+44bOzHVB913aL7wNEK4vEZD3tf6YDu5aduHPM5c3jmzNu4FjnGqby9kZP5DIiGRl
+7H13Esg+8a24sP8Uax1ypHUhhzzvwn07tpVrgpyf5xYyDcgJU/u5REaPq0xdpDH6
+A509+sAyqFm+Yq73NO7OE0czQlm2wyil8c+ngHvrNdD3AaJYhNz+tCy2tq5RXlrZ
+5OYSdPKz7P7y+av0JYki8L5HWp9QhD/qTjeUDn/v5JTD/QV0QtWKVrd9rJqdbAMR
+tGSAlB3PY11hhNq43M1/fgRYwzjqTsBPAjBjmtiWCu2kfqm7v59nOfljbsinbjiZ
+tziKJn7Ep2yWPOv5f5KqLywNU21IshuyuM2JWPWsnDkG+jldkS+PITCVZ1dkJooq
+po6xC4Yf2iY9JUy5zdXdUe/eTaLlpbM6e/R+rhHlfZo7MeyFxdiB5fJEA87T3txX
+hzuDjOIN4HUqND22mCcTwttRki8JJARcZdxPcZXWX65hPpoZh1qXCP7IC6YQ7Ck2
+gZycbr30JLPAMgXCNJvAwduDaU6R5wkI4KYWGTuGodfu+ELAbG1uYKHmf98++HFv
+o1ewQgshmK7fc/Jg1WgFISEu0aNMxy7u/llxzhsK1nWllVMULQ2RkjNkEfXcZB4H
+9m6KJrK8l7T8OSfhJCWr+d1JIso9Nypv98GpKKyq/rbbNizGqoXe7xPtvTjZF8gc
+zAy2ksJ38Kd8W2bxW+pzfsn2oHjyQAgEnyas87zzF1aYW0oVNwQ9LtCy9vgkJdY/
+KM5UPQIo4HT7kioz6RY+3ILug83cxblnM2Iy9ivwwMzvl49N/DIKSXtgntsbzNj5
+EaNMiQndpWTueD00hI3rSpzWDa43K30et9xVkqD5Ypg+pkwVg+OUeZl7jAfCtBFP
+6MOw8VADxerbKTFUSfJDafYA437Zs/34fst3FFCrp8WmNjKeFvjUrnQptv5epsq+
+BFp6dkz0w1VcHNJdVlp2WLtrXb0SRFHMlVsYduN4iwY7bXTewx0BDJXnIVADymsI
+OHykdXEnSxfxm4SephKBKEq3Ro71EOt+P/qLrnLxh6p+8RPbt7fr505QaKqSLO5s
+Znz0daEKhG4G2Fc9oo1YjSdqbTAZabI9o/TGIPF197A87fvjjwHbc+PLkldE++Gb
+x+nG2ufQAGmqepJkbzPNdkhDGtrr35lLqUXkPeX6MZNf+fdK6zCmAyXflyboSggN
+WX+5s4V9KhvMtsCEiiGDfR3ULzxRIdJgtK+In6YwfoXAdOdN6A4MIvnxSQnXy3Zn
+ttKsvEsCuFVnFA3axJuXYj9O+f6O9/I0GgQGyBNj28p8c+YZtNfW23Ct+In617z2
+d556AQI727H9vO9N2EwEeg7IuqVP3IuyrVXSj+jqss0LEkXOaaN4ZhqSkLybqCev
+xfpVV7z7u4dIrmX2GarKGJmwPalwpKLH3Ado1x77ZjxZ10y9RuvZrgVL65rP5qqf
+3E/ADVTPIdfw7CZIBfb2sSlgEKYZs5/iFHujqwEIl1rNiRPP7fJzvlcXpC/kixgH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem
deleted file mode 100644
index 45a7bb6036..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALJBCTy1/LSNTMnBOuzrGV4EuZM/iXN4/m+w9j5uwlLzfyPGdceIOSA+
-vOAPdr/9ralb/4Wvr2H7ive/ruSrj338JwY50O9BMowjNWiBs+G30rUMo+lFNoHV
-eUfBE9TZF5MiZMRPH2UiH1QqCHSn8Myeb19XahMyIfCVqISqwIEPAgMBAAGjazBp
-MB8GA1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBSa/kUI
-iD544eivJJmZZwWNNFasSDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGlp4H06BUnD5PHzz/2nv9PBE7Vc
-UFLCQzhBdC13Ml9hLy/5ZLFWjlxnMKCuL51OVW25ocoUaUubwgvi3crDc4O9p72W
-xYXIEa7PYpuPadAEOKbdZJNB0X1aKWORBpaj6yiK48WMG0UydqIZps0wcfAP3HwK
-yZa23hxUZyeu9lkv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem
deleted file mode 100644
index 921ee94669..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/OU=permittedSubtree2/CN=Valid DN nameConstraints EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
------BEGIN CERTIFICATE-----
-MIICxjCCAi+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjCBmjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQL
-ExFwZXJtaXR0ZWRTdWJ0cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIx
-NzA1BgNVBAMTLlZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJlfx3jHiQnBHgwQ
-XhHjF5QJIB+q+2Mc2w6gHDzym/PiEa5utF2eNcy1cskZiVaLmODreo/HtQpn8Iv+
-YBfTuMT3GDXVTpPFfhVvtm4c7xz+e8QcJhK5TapF4kA4ejKPY8/JzpEtMvIS1tbt
-w4ZQteFe2G55WqBlnMnwK3yQtphFAgMBAAGjazBpMB8GA1UdIwQYMBaAFBI1n6zB
-uaHjOv7xL7p3sghOTVntMB0GA1UdDgQWBBRiLDLb16WReucmARwbU+K2PP+CPjAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAD8UOLijF/GmDv8mf/f0lhyLAbW8kylUTYgCUJpSlOL5pbtDoy/d
-9OGqYA3uzDmQJxeaW2dzPwxOjV1IVBVFjA1yBiOpxQrLhc4vDGnVBpYfcvVzy1Dh
-0jntUoxeVGCVSTd5DX1DWqzfQcOvEP3kiPGhodlCrY1udMFkLCuleB7B
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDRjCCAq+gAwIBAgIBQjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxmMyGO18
-wxt7plFRZcGPd5GxKiCL+NJ+O/UB82qQ1+GhwlsBTSo86QNLh9KPIjs3rrARYIo0
-FqA86FPnpIiE/yWOfuQOeI3t6yvWf0XsXvcffhjW6n6sErOqhXX7voiJODZMseiM
-wQ2Md8CcE3j78i6crfbdO6xGp2xNX63VmkMCAwEAAaOCAUQwggFAMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQSNZ+swbmh4zr+8S+6
-d7IITk1Z7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgcMGA1UdHgEB/wSBuDCBtaBLMEmkRzBFMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBl
-cm1pdHRlZFN1YnRyZWUxoWYwZKRiMGAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTEwDQYJKoZIhvcNAQEFBQADgYEAp32j43pb
-BqBj+2V14kyvmo+pgQ9H/ag1zf7WG4ei+McEkF7yvHSC6nfXJA19r+q2fAnvIU4M
-TriscCGq9oE6qzd3VIQ5wx8eJp8v9SG62gxZe3n1A8gzG37TvTwBOeEgxOKBa/BS
-8MNUbMO2SJwuE2pi9fnMhCgx9JxUQvQLou0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:12:35:9F:AC:C1:B9:A1:E3:3A:FE:F1:2F:BA:77:B2:08:4E:4D:59:ED
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        74:3d:76:85:10:61:c5:e4:1e:19:16:23:27:99:ac:bf:2e:c9:
-        07:40:7b:fb:45:44:5d:c1:6e:d5:5a:e5:6d:35:d1:4e:9c:e1:
-        b7:21:0c:2a:7b:7f:27:ed:9f:f4:59:15:1c:67:1d:4b:8e:ca:
-        19:7c:a2:78:22:bf:28:67:31:5f:bf:f3:73:73:ed:c3:9c:fe:
-        2f:16:56:80:ea:ec:27:dd:7a:85:15:2c:e8:fd:c5:80:2d:ad:
-        36:ac:8f:39:5b:d9:79:ff:54:82:c6:61:37:e2:b6:07:46:8b:
-        df:2c:86:2b:69:ca:d1:c3:71:4f:3f:c7:e9:4c:c9:23:85:85:
-        19:9d
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFBI1n6zBuaHjOv7xL7p3sghOTVntMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHQ9doUQYcXkHhkWIyeZrL8uyQdAe/tFRF3BbtVa5W010U6c4bchDCp7
-fyftn/RZFRxnHUuOyhl8ongivyhnMV+/83Nz7cOc/i8WVoDq7CfdeoUVLOj9xYAt
-rTasjzlb2Xn/VILGYTfitgdGi98shitpytHDcU8/x+lMySOFhRmd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem
new file mode 100644
index 0000000000..fce83db62e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 42 21 9B 4F 53 30 54 1E E6 BC 4C 2E 7E A6 DC 7E A7 74 74 3D 
+    friendlyName: Valid DN nameConstraints Test11 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/OU=permittedSubtree2/CN=Valid DN nameConstraints EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+-----BEGIN CERTIFICATE-----
+MIID1TCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGfMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGjAYBgNVBAsTEXBlcm1pdHRl
+ZFN1YnRyZWUyMTcwNQYDVQQDEy5WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUg
+Q2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA01aMPpsarfXTbYAgFvrguR7kpQFB2n1BkbdNNhOcH46ur17thybR4gMhgKVy
+ILcpweStTS146Ezc4LjdRqKH51Lr/6QMfRF78siZfrAjbG7PDHmyX1XS1nYpdwnD
+nkK4Ajzj/CSYEzsASZ0vUt9fjEWGSBjJy2G7GAD4CENSnK9pLStCJiRrOQBNljEp
+i4USasjteKMMsmObpi2UN6i3PaypjubH0quqEaTd1T1okLsLhgZSSFQG67toDyln
+YggwV9KYiQKlBgNkGESKaQ+5scY0yGmpL41HRdehDEyRDfyhGTld8TiOkDBWI0M4
+D0UgdKsEtl266bBheQ72ggr79wIDAQABo2swaTAfBgNVHSMEGDAWgBS6nwnKkDmc
+Tnda6/sQlazTp0pdJzAdBgNVHQ4EFgQUEctmOQ3qs8HYJEuov8tpKBE0oKQwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEAymcKvWtG7XwsLtRjAAyciN0MvZNaF7nyKiPuY6YjdB+N6DDUwGEt
+N6yPWHIsTGtQ2QbAGoYivFz0uS6bGAmepNcjay+oGsL5pEGV9hPcCqL51FvFt3eg
+w6m0VoEOS6tvmQ9Xd9eKSRtyBgBwVwTdvhbw8qhnh47+F40MThIUa69/Zec1Ihem
+LcGAbdvzLOw7vAdu76gNHoECHEtAx0DntWVJqhHHD68NOtFeWCz5/582KYaAhcK3
+XVPMI8dkSN9vFkUCYW4A+GfXflQFj3IT+qfhfLhu8Xvw8yfr535h0ollM6dN3OaS
+DTwwkN/wHr0evldYdBGOiU44oD0CBxYGUw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 21 9B 4F 53 30 54 1E E6 BC 4C 2E 7E A6 DC 7E A7 74 74 3D 
+    friendlyName: Valid DN nameConstraints Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B3836AB766A567F9
+
+CSm02WNdI3uzaWtp0BoPy7mdRqQSQwfKgfkYMUO/x8sO6UL82kbm1rHujYf4exqN
+ix8b9bsX7pm6jwL65t6rev7RYnobUlN7UevjKt6qgxTqSvRh2UEmngYcdChxxi5E
+7GBYiJsClbB+FIwIuTMkxjTqH2IiawKSjKaG8uMDYa93/qh/LrkvjlVVDvocdKwQ
+sTIsqlh0151Qib8LcWbNm2yxuGXyMIb29rDn5Kxua8CWrXyJJWOvT/DA6yCBpmK9
+l1uKGUnz0QFy1ut3exLjdvfreAffGAppb/Jax7SHQevMOGPZognQViZudRkq9ryV
+Q7pW4HkuzbHOrRaBSs/gE9mdA1skcFwxTcBQAt6lfcr8r+XFhv/1QYzu6pW3jJ46
+B00O6DWLlW2eKK/Zu4RUvXBCU1rO1feYMe6yp9JXsIresIgSnBfdsGVqBh1OPINQ
+vHgP3ZHjhgH7qGir3fFEuRyA3xo7oOhp5VjdFfKJcBpanzyYycYY9NiUAH6GZsWg
+mvXjCxI69yytzlJ3ueU9Bup6oxE50vFwqnIJ7oXnBgDsKz0irOUolixEPkwmCCeI
+vYM1YD9+6chtYXeWpoNIQvXlwpjYkJWd44FfTB7BJ9TzNIAKkm5GFooRfOcMxInb
+mGL0QVX+bfSv2RA9FzKREBoNhmQ3OFp00ZKy52EENq1YlQPuIxD0ZllmFZTd1aw/
+uMqT23JNznL3W1FWoZdUSSr0BnaHrLZqvxFk4OAha4UMtsjbhEsOEQNV3XyORYnd
+jjhTi9vMVIix+VttltI792klVHfrDVbCD0ZTxf5nW1ymCax2FxHLhe7lreKuFCUE
++lve+uUHxpU7JG1XI4hjeGOTGw6YhOA5z24PMnND/N7UqWPa2LQdIxaiXYW1vVkW
+iqxFAzdE7r5xCHIYzagD6kVY1MI0sDC3wSpXIfF57L18wlak3ELeYDcWhzyFtsJs
+yMn8ExnimlyYs/HBsXQgMm7EjB8qkYhMK5HhQiiM/xJTVcmYpLQcJqt6kCs+vlII
+l50YedYvD73x+CdQ5efYfnPce9L0vgWywLB2T6qSfp8NfdRHiOk6KUop8cSgcwio
+NFH5AwG9sbgjKK40D3cdlfO2rSLoCY99z0GNiNeIYw1U+VUp6vazdQe2kKGyuYHE
+1h61rHfyFqcPEgYRyWeK6figj947UVSEypnBFiSDrvMKLD4CFMShbcwvvyVlb4P8
+RU7+JrFNbGyQrF7RnLKLaty/JYTz5z2r9bb9g1lOK2PUmXctu39iCfBAycFHGrek
+kqyIXLEt2a/XMCealugdsD90SNgzP+BWIGzRRNW+7OR486BBfdgNHv0xL6+LEU0F
+qzLCUKVUulNJ+UIQf8mjhsBB8z9U+EpM48ETP+Rp1yO6JdGTPuzQl/b/7yDeoTRN
+o6asqYCx9+7/bDwJgyU10J3KXpi/tVtOs777pKxUIR6FC0UrqQtf6bEkbEdFw+yL
+R8y8rjca283yMsn6Lyefwx1dnFc83UGMKWuYm0Y3ptDHUu6y5n+C6zKhoPctPwBu
+wK5t+8ZOw6XpYgBadRAKKCx7slNxhS82eLRE0CPJaSz8B9dIAUSXjkVGGU8dMTRq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem
deleted file mode 100644
index 320f1d446b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem
+++ /dev/null
@@ -1,165 +0,0 @@
-subject=
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMjAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMAAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAK5n11EFLCX399YnLoDu+WMSsdD5RH6rHhn9p0cp2PAWiwDuXGka
-pOpn/ZgxpgF/Ydw7ASh9/R0rJD0EfAG7rADF6j3ECZntAJmdiO7euB16HhemfpVN
-ZRiCcehJVtTK+G3vptIsyPFsdWYusjaRHdEniqEv0+rI8ZdP2RBn/pn5AgMBAAGj
-ga8wgawwHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq/9JoCS8UbVcwHQYDVR0OBBYE
-FDv0z/QxqCSlpmLnB0ps7mSrkwUoMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwQQYDVR0RAQH/BDcwNYEzVmFsaWRETm5hbWVDb25zdHJh
-aW50c1Rlc3QxNEVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUA
-A4GBAEfjsvrVypBwFe1Fa4RRq10LsqrrCLc1NPiFR0B2yliqIBq81FAJcdEDNmZq
-D8C5gctYTrk9OgXYKgTzUkO8UGNtOYhDPrz1LyBnpND5D1ggYJe+xur2EX0ilhDO
-iq9+08Vo59/dYFQlttOeyY+LJMNzWqQAxxtf3p89oTOgQfxW
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDAzCCAmygAwIBAgIBBjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAteRgCqKcIeCHmYMc
-xyzmM+fCjW6MAEl+OFQ9Q7UJ1n9YE0TuaGiSxjTkrTXwDF2JoDwMtC6FoqnvEyEk
-kAxNlM0oiLhRxM9FcNCow3VK458jtPozrIgd/7PAP+FXsqPanD2DRYj4c1gNKSl4
-U/l6HyTj+yV6ax5EkPgQDLQlJksCAwEAAaOB2DCB1TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU1a9rKA2drUhsDIIq/9JoCS8UbVcw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMjANBgkqhkiG9w0BAQUFAAOBgQANN5YtrqXFWfdpK19qY+rn50d/fYdLaOU5
-dSIAqmnB5woTCXdWF0LUADF4DkPfcWBxbE36lwBuGXBfiInH/5yLRy0Y9cZbtHSg
-QwTIf2a+38pR6QyBniftVBmBTuhO/PV+/kA8gKAZ6X4+vGMv69YjU9avYeS1o+XW
-liQdX8l7vg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:AF:6B:28:0D:9D:AD:48:6C:0C:82:2A:FF:D2:68:09:2F:14:6D:57
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:f5:73:47:0b:2b:ce:c1:5c:82:7a:07:ed:cd:ce:55:02:85:
-        34:07:7e:46:10:13:e0:94:7e:8c:27:9c:f5:52:89:55:5b:fc:
-        e9:08:32:b3:54:75:03:c0:ad:8a:b7:e3:fa:5e:73:10:90:5f:
-        26:ca:6e:1c:e2:68:e4:99:4c:06:38:3b:56:25:ce:82:a5:7a:
-        3f:0e:c5:a4:78:8b:19:d2:fc:a6:4f:f2:6d:d6:12:5f:69:03:
-        98:b8:00:c2:0d:4f:9e:47:fd:66:3e:ac:e4:fb:55:f3:4b:bf:
-        42:54:ce:46:a2:5c:fd:c4:5f:d8:61:5a:61:9b:a1:2c:af:0a:
-        a2:2e
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq
-/9JoCS8UbVcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAr/VzRwsrzsFc
-gnoH7c3OVQKFNAd+RhAT4JR+jCec9VKJVVv86Qgys1R1A8Ctirfj+l5zEJBfJspu
-HOJo5JlMBjg7ViXOgqV6Pw7FpHiLGdL8pk/ybdYSX2kDmLgAwg1Pnkf9Zj6s5PtV
-80u/QlTORqJc/cRf2GFaYZuhLK8Koi4=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem
new file mode 100644
index 0000000000..a5b3563154
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A 58 B8 8B 2C 1E F0 A3 50 1D 80 57 5A B4 9D CE 6B 94 76 59 
+    friendlyName: Valid DN nameConstraints Test14 EE
+subject=
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ey
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowADCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANL44jTyFq7QAleicaquWUZlfqoETqCeRuZqGndG
+rpYU1yDVOmaEtITWmCQ22VaIIu7+IaIeFKNyoU0ELLvkWybmC4eI/uI4pFqQgrvS
+J+lJbD5jtlLcMNAUf78gd0j3bie97KHei9ipYaZtTUD9RD2CKSdSifI472U5ytsQ
+TytctM9miZpgin2XhaqgLIdV3KnrYzXCtYLoegjE8pOTrsYKOURylSDgtJsFwa1P
+HRwFQvPhhguTUGB6kkPGCgrqoyV5PfXWGSCvkaN+LrfNIqzL2x6xKoXeY9RaTXtq
+t8J5bkv2aI/SxH6x37wA1MiU3zuF+MIlMT2LAs2e+PixXx0CAwEAAaOBrzCBrDAf
+BgNVHSMEGDAWgBSiL1iDW0yVl7fu9oe0lw7gf+CXFTAdBgNVHQ4EFgQUXy6VFzDx
+TC6AfvMa6q1deaLwOLcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZI
+AWUDAgEwATBBBgNVHREBAf8ENzA1gTNWYWxpZERObmFtZUNvbnN0cmFpbnRzVGVz
+dDE0RUVAdGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQADggEBAM30
+T0niDNwc9oxJTmAHuLnIH4LSgOfNAqPC+KqoyjyGmZbsL4bOjpv3D/nvv3cOkuQk
+49bygt+lJsDonEKKYBz4L0jnGOZjC3d8UPu80v7nUkB1yzMaZO+A05rNtxA/iA6o
+t7N0RsDosn2Fu4q+77Dddx1JYp90XfglW1pXj1gdgrwAMwrweF/fDlAMPs5h2qGH
+K7EXhJ5sSToTsEIPVAoLiwDK6yFcCGyui+7koxE0ycDHsDJk0bqRhQVJDKrg7peh
+PBbUQT2g5kNNKu8gCB3UQcyn9K9twWAizjW9DNub8L0wsyttyaXJ9k4QMyO4x+OL
+E5sd13zm4Tfjnw24VUU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A 58 B8 8B 2C 1E F0 A3 50 1D 80 57 5A B4 9D CE 6B 94 76 59 
+    friendlyName: Valid DN nameConstraints Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8EA248F19DC1F227
+
+7Wv/sIjaQUUCWAHs+it1XCJvgYdX0EpK1qXj66wXzUhTbmrHkax3xGe/VaYsmdd9
+o4lUAJUhIUrtTwayn/uZl5f6H4BY4q8baU0XonoFnPmSZ4q3QpzVMq8FV50+3hWq
+mmKD4yhcRchNRKB5tvjC2IZXW8gyQJtaeZgLKQuQSfjXMq5370lLjC1Ri9HAQzqR
+vTxJrI7ShudRoRhF7flg1tV4StDYRMxcK+38k/QoOCtkmwLJ9ASUPwCakg70dRCF
++upuRKLtVe0M/wujFU/tYAQI0+kNdCXc/1YeRUdUD4IrOk4TKi1f6pDoL9hL7Dnw
+Q6J5hh8CFKqzsIvPPNCm4Jo9D9oDktT3ERlKETWRIdvy37UE8lLXiA73JoQ1srkp
+NdLrOb3U7/IoIQSvcRbkg/KNJfgtQSCw2l4oj04ShXMRrCbmlUOEIOAVaCx74Box
+4ycUakWciuEJSIsQ1Mh/H2mh40dWZh4iZju3tk33N0YKzw9azhLUdpCPF+Y0H0sk
+rROyKWKpqxNsft/rCuZcl1I39CFzUXqxRNSbs7WlKOOuh/6qQv1Fpg1AvIT3v2Rh
+SO26RVc47oEQPEK1C2ktnNJRqhCCslm0qqoofnQolMKSfC+3eI27NuvESGkgafcW
+WFXbK5Mp6xGcjE63w5KmBZw/0DnUkmuJoj0hxawAbfxU7dackLn0z54VrnzyuDbu
+2CRzVQkVq6ptz+qQKSvOIYHIzmZaFlSr0MGXR8CJSBNhFG4By8azOmtlIKF7HGG9
+JrZSgBw0ep6I7h7MyxOUEsji4MUPn/+3S5h3UL9Wex/gqXYwboeN4Pm1Pbk03aUR
+1urrLNcmdBWMa6Sllbe+oJaneFM3Ci908cgUOQ218BgyZJYi/Dw5VJPicrcdmmbn
+LkbAW265R9VkDmemyqRSyFHdTwMnH4NBx1fkhzaTX5rli00pK4vd2AG6EUkBKKKe
+eJmoUCtWlXINj66Yl417QpuM4yPGF51Q31Bn30pZ97RZGEeJWNn7vcuIQxESM/4/
+BKsBA0CKqM1wdKz1Vi/Cjb87zTLGgeS90rHBOa+Opr06J6qzH1d7xeWTMBCMkUCs
+PpI10QWEdE/pR8/gXhtPb3Au5s2iWFmPeeAz0QlPtGNogeAMZGxOIJDCSqaXgtW2
+rTApmIF1fmLxrnSIA53YlCO0ZBq/y5LBWn635UjJ4gZtE1Ct2vzx1cCVAVreanoy
+Q/+u63XRe+cPDsNdpUpVhr1giRn9PzU92xRf/Qjh3dp80qvnYCyZrgy3Dxf2cxLh
+aSANrTIiZI416dHI/c4sszZAoqsO2uAavY0ll1q98PTIFx+gXo4Bz0pOW3xs6YA5
+eaWRFQbL/aiYzz8RepZJOv4g4LmFgX71OjSOA6zOW88yiIUfoPKLfJt7K7dGvNFR
+zl3DUieK0MoAnyfKtPLRPqtCfWjxSP0cyFYdiQp1W7Ao3QiP4sAs+bqncz/jXNcV
+iTxvp9WH8NJ6Kpf1h3AzZgXeDd9B4M/g1EHRJH/2uvbf8BzYKAMGOXYThsrdTbXp
+/cm5998qRWj0F7C9B9FFlJbK/bA5DIR8gLVusSbdLIG5kKI9oH2Aiw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem
deleted file mode 100644
index a9762440d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DN nameConstraints EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-YjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYD
-VQQDEy5WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDE4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB4Ppc8a/vNVYqFPhznRZF
-lo/ecz5fZXYIuGCaozBBsqZu+6JFjbrAbeA6FbCKH/w1WFNPPTTSvJqSqN4Lw1yG
-yeTCfJoFyUA1wbNUKONsJQgYoOLM+KIuBUpfhZKtHzLrk+NKoCz7pWo52Wy5aQ0A
-B8St+URVVzDNk8Z5+mtaYwIDAQABo2swaTAfBgNVHSMEGDAWgBQLSL4ocWpIJAo8
-4krUBSri1x417zAdBgNVHQ4EFgQUzsfJblSrNLQ6e4Gq3J4kw3O7LYQwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUF
-AAOBgQC3FQqH6qw98Em37v12rhcPtdOIRWZPs2z9dGJpRJHDBzNoWr2t5pxwnBhZ
-L7Wy8uNRTy6iTNLgDPIPP4sXYlphcnG2SLe8APJUcTE80aikRwFcht0SO+lpiUhn
-FTrjSWJELeehius13WbzhA4NKTjleW5zkvh3mTYww5msepvgrA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICyzCCAjSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDCH3OWCAvPFZXpNTKMN3DoOML+FK32+icT19l0MQXIXBqoJyw8qF2z
-xcl4ahdLxfSFpf8OF3ttKbzN5fk2/Dxue6beAMs0L1r4VUilJaUhOmTMrlYXB6UI
-QX2nzlu6lZbNrI0VFt8qM2C9CdbG+2ZQuJQQO0BtHXWJC9el4t68/QIDAQABo4G8
-MIG5MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBQL
-SL4ocWpIJAo84krUBSri1x417zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0eAQH/BDMwMaAvMC2k
-KzApMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMwDQYJ
-KoZIhvcNAQEFBQADgYEAV7W8Yarxgw2gPgl0gz1Vz7IdH6ZbzLBpsB0W+gyPTd+R
-toE/N42Efda3DIG5BoxqTj00uc9j2GF5LqBgKaEieenzkv5E6qbTrZ0F/FdX1c17
-DBpRvkchpd4FACNL+FhSq824LEKdBDOx669LmsH664nk6NSPtv04LjUxa+822aw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0B:48:BE:28:71:6A:48:24:0A:3C:E2:4A:D4:05:2A:E2:D7:1E:35:EF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c0:0c:a7:28:80:0d:2c:71:66:4d:67:82:ec:c7:30:4f:48:29:
-        fe:d4:20:82:f2:5c:e6:ef:24:8b:9f:f2:b8:c5:3b:e0:86:53:
-        f4:b5:fc:67:db:b2:1d:45:77:8a:78:47:eb:63:bb:43:b8:14:
-        c0:05:ff:ca:7b:d5:1f:fa:df:e7:7a:a5:39:e7:00:ed:4a:d9:
-        6d:fd:d1:78:a1:44:f0:71:f4:89:4c:52:d5:ef:99:5c:59:eb:
-        80:c4:5d:ed:48:2b:5a:55:0b:d1:df:4a:a5:49:69:f1:67:a2:
-        aa:ce:9d:99:9b:74:0f:ec:da:60:d9:3e:14:45:a3:6c:5b:47:
-        fa:d0
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQLSL4ocWpIJAo84krUBSri1x417zAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQDADKcogA0scWZNZ4LsxzBPSCn+1CCC8lzm7ySLn/K4xTvghlP0
-tfxn27IdRXeKeEfrY7tDuBTABf/Ke9Uf+t/neqU55wDtStlt/dF4oUTwcfSJTFLV
-75lcWeuAxF3tSCtaVQvR30qlSWnxZ6Kqzp2Zm3QP7Npg2T4URaNsW0f60A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem
new file mode 100644
index 0000000000..86209f552f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A8 70 FA C4 0E 3C B5 0E 6F 88 EC 8B 32 73 C0 03 35 7A 32 65 
+    friendlyName: Valid DN nameConstraints Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DN nameConstraints EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBnMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE3MDUGA1UEAxMuVmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCc
+FAieQeWV3r7La3dUczH3NGDXPJiaAR+Tqn6f8k320kCvHGdaBRcTKZXH4tX3ZmE6
+vFn8l8xfrX4ApA7+GPrM0MVIUJsMbw3CGjoz872d/Kgz+vS6idpGClTvihDBL3/5
+Nt3TSxejRtxyHVfrIv+zN7f4OH2dZVzdi7ygCv2Kd42XegPi0DKGCdC+ygKWxsta
+0Nti3GppDzGF8UElao99zalmEtdeLgD00v4w0kVGwmmFMn10JhKdwmT2Svu9DteY
+7jum4YaB+yK9IzA/j4Pr0I4FyOC6ZdJNdyrFAU7y5G/eTziM22YEujjzbe5P7X1G
+AUenUiC1R9eaFoHYH78CAwEAAaNrMGkwHwYDVR0jBBgwFoAUzATtaigdft5k6gCI
+Kux1Eb+lLmcwHQYDVR0OBBYEFLQCkqHPGqp0V/N8OEcO5zUqhdd4MA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQAD
+ggEBAFImhmXh6wbcMuY4ksQzwV9ci+PiOlD+x7nQddqIsuj2CtmLdphO0z+jhw/c
+AcLQiIUJEE2UT0Eow1wYT3IsGV52jV9Xv+4Po9KVIA1S8W87IFJlBhkXPvmzmSeY
+KwHVKq/4fUXpy30yvfxGEWxG3HUKHg7m895xfM2kiKb3RnmC0+FmZQayAi76WaLF
+8u17d9hZo/cLoNd66TyPuxisLiqbXe3Uzvorkbd1RYlwBZUtl+T076+XCluS5ZL4
+Fu5vN9C8+fQWjsJnB1/ifh/oiZqkSkR9K4s+0qAKGOTcrMsf7OfiybRIfkX5Mhc0
+KyfioCAyiP1/9+WcRhdt/NLYheg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A8 70 FA C4 0E 3C B5 0E 6F 88 EC 8B 32 73 C0 03 35 7A 32 65 
+    friendlyName: Valid DN nameConstraints Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E542095939441FA
+
+cdJyyhnYzLpEmG9qF6WT2BN7QvChbUTEQE1WGGnu62oYRuA2j+dMwoPlqr5tpx8g
+KN7VMXggs9kv6s3QYfIdHlI04eAa8uBN0qXafrVThnJoBmQgfEVX39HmRv7FGf4M
+JVr2aO1y3BE8xTX32w6p1u08jsOt3WCDtw7QGhjHxhtCWYfFgXMTwn+me0y2g8yE
+wnd6Xp6M8SD5Im8bilrPn5saizdiee/JI/99u2u1pVYSz00/2UmIt//x9Q2DHTSu
+wWIv4nja1ZKwGErF/KdAohIGDolhfAYxUqvaA6d74JUB/k6Q9lgVCrkvjqqBGPJo
+W9s1hyNhqi23SbpNcRBDbMcgJENJYObVFzGXNqeFTMhqIvfS1DLJi+5qdBD/d6oD
+aFfWlQxy3lHysoyVEdAp040kbTLwpxgDOY05d23MBGVy6ZxGmfKXvdWMwRM/JedL
+kYtWLz9BzLcIlG2/5uIXc4g7Q6MWlzFtN4I0Y637scar+2tKKM7UEFiZArsGlMp/
+hqTcvNrHMNr/7MgdZe4JyaqKEcwqrNR7TCPTi0B7I/LNBd19dkhucu1oWH5uvToq
+eY+Or54f8pmxzMV6DUuDVWGrJplL1uUOP0CjbjG8yPp9u/a/AFJQb5pwnEJTsHsU
+f3HWV2ZcgAuX82O/HwRYC90E6XNBomUlvcFBFKQ63tc4eYeqoNmvXmFZkjY5xn1e
+A4DsFsk/acCs9islaUvhahm2x0CO4vNJwHoMs+JtJxmjXKFnfZCXYlAzGhqeDk+i
+rcr2cMRo4HCvEu4jQOj5RWsXgWiOTidztcFB0XnSnY51hzH+jOm7ocyQoyIwpXEh
+9Bl84THm/0qBGyjYzxU9W4rOismfuaPzxEHq8hpboxzHmD2VAuiG/KBV4jZYxpL2
+j9be2uU7TFUR/MskI2une5hSm+EJxhzmdkoZy32g5XV+jNhnP7VUhgJEuGXUJ5tC
+yR1TbdY2mCdYSW7EfHDlrbjUCxFQPldaeLn6yGzijQK0A8nHONLUH/EhObfvDHzc
+EQCA4V+ha0mzL8QTQ9jVy7+Y4JSsXl1JkxR0ZLkoCENHClLqSPadklxoyfUxVfSN
+Dlga05jr18QjRr8LqsROy6lcWwJUT5eFc9EBVUkPpvSz3il3cdQTME0Ea4QmMErB
+lDw/K6htlcLRvDOZVy/9Q/uIT4KrIcitxtQK14jhm39lFzd9bOfi5q6tqPOWDg5S
+cqa8HVj+P3oVKHk11F+eW2nsgfoEl/spelBMFb8QfaSuNcMPNwjruxcqcTut1FgL
+AMyQc+EU++OBELkdlXvSotQGbY3OIT6No8vrDhm61Vs18CT05qqu08oNq3B32+XD
+b6HfupCJFlEkaLw3c9u8kZxWtUo5DCrSuWfi1ta1gZNzqtawpP3clJEyt/hvz72k
+QyEpoaifA/y6HfFL8kleKvKTJLTFdjm9b37ttFt8lh1x2GSX6G5SCHYlW6joafu1
+T0dbeXJOWSHg+xmG6xPZ9Vcia7JCvNghyv4dHyth3bjWrOLPzJOpWP9WePcbk2Tx
+/0ScABKYNKvw3+MfhoVC5CpejEhU4BODzD3F+0gmv/5TNYtzfxWjiQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem
new file mode 100644
index 0000000000..7ad405fca5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 86 B9 A7 60 ED C4 32 C4 5E A0 3C 59 AC E8 D7 DA DD 2E 00 0E 
+    friendlyName: Valid DN nameConstraints Test19 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNzA1BgNVBAMTLlZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZDEN42s2ft+DCcNTzYyJbruK++J4wlPXY
+3JUK4AuI7b55n28caZPvcvtanXRwoQBbvAp/ub04TWtx8o/8etTSciTIBQ6YN0qt
+sh2WW+zsppqt0C+c3Fc2wJJcHh9VQzdMo74pn/mqULaS2K2FQ6msHaplTXcBILHA
+g78xjSQG054NSxqV6z+AsNy1Syw57a92XbmPjeOIsA0oRaHDZfAG8QvQxvWdsh0U
+oyCAM+8IpsSuNOGBpCDViAM0pUuxzeG1WHrYxvyGnQsjjj4HqUqrCXUNWL2yHyD8
+gUv+sYtecxNG56/UowvUeK8eseqmn6BTLur8FC7JC7zeM9ROiEkFAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFEWdG+7F/+PExzA4TFvHXVSZcsC4MB0GA1UdDgQWBBRZQxHX
+4rWSiri1Ka3mWvM/NDr6GTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCDwHY5/eYX9EpSxTjNmRXVJjje
+8HJ+wB+U9OsMSk7tQb3vsR/ZrgWJXdHuSdaFYUxWDFh6Ufr0kI+AG0nn6V8Kiwka
+73XcU5u9OURprhay2gw331HAcdM4v5Hlv2TQuhFs89MrdzXJ7DJlv//cVg+RTN/9
+OqonUDT/30LUPs90p3PhCBpR5rBqVPX8lzpv849lGQ+eSsdlYd/TG8MM536ImHIj
+xnVMqB+1VlLj77W9XgrxrcdQIBFvAME/oUs2tix9cAbe0+szHinaI46VWCRdkJ/q
+ONNx6C0yX7KwAv5ksINxW7Sy9ajkliArvuq8AfaaO+aupYabnhiqlhF72KF9
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 86 B9 A7 60 ED C4 32 C4 5E A0 3C 59 AC E8 D7 DA DD 2E 00 0E 
+    friendlyName: Valid DN nameConstraints Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6EB929EC02FF13B7
+
+e+GE9EM2uqDn5QYh8nfYPqM8KhgU/2MalgZFOVQqpK6sLGBmacKGfS4YilvwSh4O
+UqSxgvLP0ew0/MDhsI+GQwBOK91GBMGIRCae75lewRxsokbAaoiGGCqJ15kWf+fj
+Xg7W66JdrmKDCJ0nm5qcZ4YB0KU8GjjF/H5BDXqrYxDc/yw4qQ8gPlh3vKQjjHdF
+4vbhH0kxFiencJ4OhQI7BN5Gz+/RsnlCULyxA8RjssMD1kY3GtxBf4ZVEiRSMujR
+0m80K/rTRaJla5s9pBnCzCNI06X5Usj+X4QAW/48O8g3qmz/uqTcQtEDGOenFwVg
+qMke6F6nTh4Ctqe4YZRyB+QB0ugKcbc2DBgRnZrTR6NNP7HkEYgdJQkFoCsc3DxZ
+pa+n8IfrSDAssDG5+ALG9YpRCrhosBmhJ0nLKPRb2Af8igyCsnFkZd8IC1Y0/zJ1
+xvx00J9CW/I9Ua93VPOgqiXZ4uJryZBAiorTpJuumYyFvrPYyz9YZkyYL8LOcFkq
+UK3OVcKLCgbTHKAEsTl/jIQgfWaPSGjwtSTwJQr+A5zJxpU5tTc1ZQ52k2qq1tOu
+eKBzTiJQh2YxQNVJruimchRCMYo1TMmo1Mvvdg04BLbyzPKpB6UCgDiaJFhwPqLb
+u/Ah+nGl0BtZ6YPRMcHvigRR4zfH6xFcZaz+DZHAh9A5FIj6T13p2o/TKzwsrgC5
+LQ+/7YU7qRtkjM4Z1gjlC6mWxWFcCCje7w9qlaSCOy7PZWGmIJ4JcGPNC5OocAos
+cK1o0cOdTop+NW3WVpJIDwvrPqgV4a0Ww4tXiKbKyrSvyarj/lK2qo+eRpi1ewDj
+vjTJWlR8j4Zjouw06qxd776TQV4ThPQKj8JgybNxTPmv4xe8SXLnG9sufwzdo+DK
+pSCJALvvrxJYgEW6nAAVkeWCMcZCoYZXSRgkPqcvOgDa1iAGgV4CsqWMmCN2PcYe
+JANcFx2fCwr8c9XLVqjjHRNHfkAir/7Q8tiInxWPF8JuREGhB5FW4oLPRN/ItRO6
+CamTiUfcsXLoMgO1EPHV06T4/R2RzDUQcloQpno7OEzJVgddvnZiqDTWGBeZ9Z7j
+H9Qx4o2LkymfPM16fZzAa4VNJsaE6jsQZol5BBuwzcrS1W+Kp9SMjG4LGCL1n5u5
+PdJuwcA3BxWl+o8q//OHYmqOtCfKSyV6UpBexs1e9+eb+dDt4Q/cx0IKqYfwoDTu
+rQIMVbZnKrNhSQ5u2kk+JWx6JZcQLGAW/5iCZJbeTGN1hKg1P+9moPsFBN8bp8Bm
+M1jY/o9qViP3RE8GsiQYfOyOFynVSw/KKG8vQf20bPvOb802MzdWbY9sNsk+f2xw
+neflXprMsA41TmnDoveszmjBhmFMj25MpeRF7bgpV3YTqxiNGW5GRywIPwFT/EKS
+5RYilsnainDh1tbBSsGA6OXqrxscqGhBIc55QXJB3NqfTkpCcmsDUsJIzVsx7rMy
+Qto2lr8JgStWolDp2Ft5CQSpT2npww3CD9JeusE4W4rq2dtQZrOQcTHrSTduaGig
+UqJv5XA1dFLfRsQILo6ofiIgQUYJFnbMbOYSC6SCCeL5LaAbFAx/4A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem
new file mode 100644
index 0000000000..73090f5bdd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: AD 0C EF DF A8 08 5E 31 FB B7 63 F8 2D 53 14 21 B6 68 20 85 
+    friendlyName: Valid DN nameConstraints Test1 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMRVH83Hm46JPU28u6W/BR3a95naRI7hTLko
+SOFjXkkjx8tjModC1M4QxWpoMZj2AF0Fd4Aykw75HS8W37wb8UjFS3SrXQ66qVwY
+h0CDz8mNOvtGSanquco3tZeMqoDe8/EXhotzwnf5F83cyp7XB7OiEQPzbplkD4jQ
+GZ5d/SF0lBUdhxilqRlXSemd1kfGop73BOGmgqkQhP+I+4ZZVwxUO5pXGzRpfGK+
+h8ZiOM/JAxpmhdaU1HC6Zf4YDqA2XpKZKQ232myfX4SObpXZ0DUOLNNDzYisj14W
+3ygeNgyIUFVp8hLPI6/BXTJqziW0TqoqCb5Joq+32zjYPwJNxcECAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUQXhCRs1OqILn4Tnf96kWwAr874YwHQYDVR0OBBYEFF3+CfUG
+qPKNIJRROjk0yUUKmZ2SMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAEzeTUMhQZChACqQef2LLNvj+BfT
+VkDB0FVyPo3Yti8bRH8ZnItB8CWkS1iBvv4Bwgp7S8MpAGrgmyBCAO93VjySw5a2
+kEU/55B39tPKMQqWOAvi7DU31mWdWemMwD3u/SuK/8pnPOANjduViBKze8rUj4u0
+tbaYLor/qh4Lxgux9Xw1K+rwKlV9xDvoRLqNMsSReCLfMjMwXkUV7CL/6XjOGACM
+XMPQkJx1SnWLerNLLi2dzO1Ly9Ikr4jTEflJ/lxdw8Fa88eLXNte+JH0OcwwwLQM
+PiSkYK4B8y0A3Psl9309+kocX+YG1ppMoXg64Nt3YQ6kZqw/07gDFODEz3M=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AD 0C EF DF A8 08 5E 31 FB B7 63 F8 2D 53 14 21 B6 68 20 85 
+    friendlyName: Valid DN nameConstraints Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,06836DC2794B1725
+
+7jb9KmEbTz6f9Rml5H8XH3LtwowJdNaQ5jJmtmCsOPGA5F17QXqRbmkcmNGYVTuT
+KhM9CJLw+dT6Y9cpJj3Z9+Ze9OG7m3Ti82TOmzHeLKLzlz4KBUV0u896VhxiImvw
+JMXP+7MOqD/j4oz4U32HBeK7R1AoG/PlREzdZOzYcKEmZ/m/PvIInCHHzxm97rYn
+2q78PQLZVXqaFdp+Xkeli4MzjnyZ9fYN2o2EdoxwGdNgOJ0ZXdScAPLH5x3dcLF4
+MDLL4I/1FvKj4+k3mY+GekZzvdAzpet7no5FVaEjoBX/GkxzWhVN+2vUhhvHZfPu
+OT6upmrrMO/m4s/6IvbEtNbUFtyPfNHdyiethdjbCz8ROa1Yxc94DzsQ4naKynoz
+AY6J7vof5Y19uGdreA7PqeVnX0iQ17Vqc3a8EM1HkiST4g8Lgki9IGFEp3hhQ9dd
+JIi+xj7Nu1Oe8Sei33yJiqubRTLerc+2Xk/IM0+ZHF1YZk1oFODQrvZAx0C/+PvH
+9MvJwpa2KxCb+utf7UsY+5fNbhpMrG1Gudzo3UNxsFw3Wyx0fn8gWeiQH/EJuRnW
+Ek/rMG6U/m1lDodZKnoO9biW/hi6I6nxwd7i8k9jBSjPFgFFGzDY2CpLGBEohv9S
+JyjQbrdjLv3RjMGnkPiRWXs42i4j9IpLrZ1yOdQ7r+kaz3ZLxzzDONjQbqFFrOL0
+nUcpBJQo8caufzdtIg9olKp4O7krveT1REuVwvAsm522GHZ25cdyEHcPQIpcvJ2T
+WKzfQjP/mz2FMBgb6EUTAlZ/lqftiewp16JQWCW5ciGNr0amWR8rcGnVtGgH8G8Z
+GqBsfeqywD5VsoNa3aNqavcFfg+CntHYEPoI2hK8KKQoXtXiTvd41KPWMFAuk6Bh
+quZMLulhPSspe1RS/h5wtrLdm432cYJIUBxPQTerBnRfESEVLu81qJiRPz6K9ZCx
+FHLWSQqxHlKbutDHp3Xa+L76XSbxRUt7Behp+IbVgXZ0aLHfJF4DXsJPJXxvrSRx
+AGQwHxeiCx+y/HgdksnALWJe/j0apT2xfPJvS0zS7oCOSLAX5UigSSPn93kGrl0q
+H/qVU118v1n0oD/jcyuCAOu7ZMIekpQgPocJB854pRVbHl0UQWkGXhv5UdfWb09i
+JJ3gwrIhaS2h4heRbXZWyla9qydsHJdktvDO+dmC78OUJi5e8zxtYuzdVVmp5cfg
+/QUdK65GYAEem1rKPVD+4kQ8SOqzT4RvYtCRhV5iG4fzfNzWG7+9khulFdhoWJ8C
+Yr+uyL6ZvWIXyrvTCFx2MXBe8kWLm35ZZoECDnm54SwPA9nZiXqhqovUK1UmVH2B
+n/yAaWnz3Vj4URFxznv0d3RxXRullVlYJrglI7n4+zS8Lthi/P5tUZYlMjwnuwy8
+/JOOxbX5UR5LQQUqO3FU4veAhhaeiHxUxF/SGX8oL6uFqa7nsBebKb4Hb41voX8N
+y2vsVWUlfB88vZsqZaZQk/59SHvWgooHtJZl1yxO5VtVuSg7ZkVlwNKNBYeUXQLJ
+gZrl0e5fpKn4EsetpubQ+ewty+h7SOnL0ygZ5xTupGXEaUlJaWucoA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem
deleted file mode 100644
index 4ac860600b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC5DCCAk2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALhZkHcTNlH9LLnLK2xDvZYiDsOUcL9iZsUfTjpcENuDJ8rsXGriZDos
-g2p5cYPr4BQ4895UOQPYJo6M7/4aUnQoc/FwnGfeBNagpCJg+nD8GQNpETK9QR06
-nSxOR4/hBD6YqE8UwAIaHejrmpeTrXankCrcei9nFiquQ0Q+rwWbAgMBAAGjgaYw
-gaMwHwYDVR0jBBgwFoAUTi6j59ndi6eCO0FKw558WSNXTlMwHQYDVR0OBBYEFPG4
-BNfdQjQcDcDbjwsrIcrQPg3UMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwOAYDVR0RBDEwL4EtRE5uYW1lQ29uc3RyYWludHNUZXN0NEVF
-QHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAF3XzP3FukeS
-uWBMveZeEBA64M3CPXE4MchDQhtqKcYGa6SlA/t5zpGyFINeThQQrLSuijVGBGr9
-39Hwl9/maACLW3hz5xtL0881tscL2+obZhmF/lGB/e0RrLyGN3Wqql0a+BhEcj/+
-sG0iaxWcpIKdJXNFCi8/rexF7NWS+onw
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem
new file mode 100644
index 0000000000..d5ae41d666
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 62 F8 08 39 E8 97 3F B0 8D 36 4A 19 DE 99 43 64 EB 04 B5 9E 
+    friendlyName: Valid DN nameConstraints Test4 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwAaxtQyCLrv/YYGDvG+VDVKwvJGevkTOK/
+nOJK5GsXCbEgAwofTRjPkMXBdn7oSucjXzlMKnmPvaKh+e/fQKaNVlicqKoSOomS
+4KpSguNxEIzWUxDuMqfDpOCSZYIVc9PdCcLwbEq8lnYttJrajQrZUTlDCoQoHENv
+W21JsXe0+fbC0zVw2MAHBVniFhssPtRso199CD/J7t0iCBI7phy2tjvWC5cfUUNv
+DObrRNF7si3GPXHPUpMe/GmcEIdvEcAE4H+rCqEWUxKkWlyVPxIoPPsiRzqG6+7l
+AiMFsssbSNQ44qe93TAr7vsm1/ZhZpL0r/LMsZmNGSidHhYSt4cCAwEAAaOBpjCB
+ozAfBgNVHSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQUCNad
+qrso0AGdiySHpj2VH7iF03AwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATA4BgNVHREEMTAvgS1ETm5hbWVDb25zdHJhaW50c1Rlc3Q0RUVA
+dGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQADggEBAMLtM5cSPVV5
+t6LSDRihYq2CRqQTpOYhfm6UB87/JqjdIdK1ANoDgNdHWw/CdzwcgbDkt8BhUNwU
+EWovi3i8MbcLbagA3/5OooQ9rvlItrRvrIYVSJ/VPWSIdV/tCeljFGeh0Azfq4O+
+qLQbvjLBJtjCrMUVjVR+sj3eb6TuobLmIXdk7rGziSNKw49nvBQfqtkCkehuesaI
+cr8NCCESNhPopoRBHWRMTilfo1WOeT9U7RAEdolH4fycsnXuq3cXTHpeu9xL0Eqf
+YCgGXJ2Y9KUktGRTzi6WJZrMkzvxsdSkVeuQ0nvJ4czWwNn12VbN//OWgek6lkhg
+QUvZYUxTdrM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 62 F8 08 39 E8 97 3F B0 8D 36 4A 19 DE 99 43 64 EB 04 B5 9E 
+    friendlyName: Valid DN nameConstraints Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,92831EC9AD2839F8
+
+9v5IipANmjPzZwsN78OanfxHiuVhNS+BKezMNg1QevK72A7GZ9qRobCRJdUvIMFw
+SxrSYyPAILjf6DnzjXzqIwuogGtshZtzr60oTJmvIge/yUzrl4SyHq7lxuuYcgsV
+9N99XJnwCU7RLH5gI+3OuziNZrMWBh3yDTonutz1qReu6qQvuHqqBzFVTe8XiM5y
+aKucgj5sfPfNESUFW9vZetT18/6ZPrHK2gZlT6IUmAGsj0URIjLaoje5ExYDQ9xi
+WmlEZMR7cPvDS/EBHcvPQzC89XQWpCGHdVj0B6OioVb0YvR/0Z3WGP9jRdZ6mWo1
+A5p+BJkqZVymexXa+TsGrvGkT+deMsJD3CA8Am6a33Xn5AU4tXasl0i1Dg0EdZQP
+VV5trbDEmkfYsoLqQqnHcM00eSWEyY6yzqs8blJAkc8jgKKd9xCbm+mM30JnhCB/
+q38vZ6w1yYsQhR0ykePFupy3jJuKKOiiZAB5mKzeMMPtZF5O8X3DNellirfxWz6b
+nhAxY/U/1W25IdZ66pTa5YGzD5LcRrZQgNWBHM3Pi97ppl/hRSuUOD9szP5oZpIA
+c/OgkZqnfX3EPrgCcbwCn93O1b8I2AWEZThHx0pJYlHTaoRCsfhChNnsSDwLPR0Y
+pq/Dm/G3AD2kHhBUuSWrEm5lNZl/2x09UfFErgBA0KiJRFvSVBfDEbIJ6FycQkWi
+qUyM1IRQe+0pZzYpbRpERH92eA674k3bIESPRyl0X707vcV8JD+xq/tAKIV8w8sQ
+IKuAY0PdJunQwwnOKpUrAYN/xQXLDBGg4Rn/YdI3o/W3eQ0Az1smF/HYIYMbSzl8
+e1IlDuhNPuUezrsFxEkwx4BmOTsyPe8sHFDBflEMI0NgyCzQrsicTy50oO6uLNUd
+n+r1XgzH/7NE1B2vpa5bJAP/qRD1ajxGjmqOtCOiLCZuCgk2igvM8TM88CB0hQ6k
+JQ8eFNoITjF5iOeESWXRVJLTc7DuforJ2DVlQS9hWhs2brg+8ha/vR0lqdAKi3+c
+fcVR62PFm0V4Vc86bJt8xiRHhWqt6Q0C2TFN6TrFGam8XOXg2hDHFShloQUV1765
+ik0x4XEzL9iAFMCaCXEckgAiL2MVkSbzGR3IjMyneVj0Ulw2f7PngodhCkXqh0qD
+zdLmlAtfLVr+G4cK6lHrP4ghoJVrqINUs9zq2SsAeTOwu6JZXKWMTLMJciduXkmx
+N8px7dTdmepHJx9DY9BTsz8l3/YDTGFmGfknXmHfPg+doF8srMGnp/0WodtCZqhi
+3svfenkv9skrrwppA86AEugJkjy24VY2T362o+pSQtMVJPO2Ezrtgs35w/ANnkW4
+0U/8H5S+FtlszRWEuAOzSfQmzWMZJrAWDgxWFiI1OMdfhjpL5Jsl71LaP913EaZQ
+NqEK8UY6WdPR0bwvkT8zS9VRNqxmfhtgEv6Jme5ukkOOqsSTPwfyooRYPZls18Ty
+u0xmL64kqPLeYn2Ij2ITzFkulfZqgzfua7MYhUNGjoI3De7v8kQqTBcYmUQfMpD8
+OXb629RFrcUZW3QYD8brGgCB+o/T0Jyh4PKm1WX/XTyc/RmC8KXWa3W7GNJxeqPh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem
deleted file mode 100644
index 7f9a94cce7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKjCCApOgAwIBAgIBPzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtF5CubXL
-7jLiEaC4u7BvRC1Z977doXE+03Y8hW6dFiuPJTcVnlMN2mSck2x6VylflhI7XVIB
-PNiZZeRcEzbCJk3AmJL2NDh/20nxHhEr3jxWLmVeyLg1SXhD6WfJKwuvd61cnQkt
-xvFXQEmlzIxBohRZv/YwermH858cZ4wH/9ECAwEAAaOCASgwggEkMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBShfMTSexMLJgKOUfag
-rNt28dFirTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgacGA1UdHgEB/wSBnDCBmaCBljBJpEcwRTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFw
-ZXJtaXR0ZWRTdWJ0cmVlMTBJpEcwRTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMjANBgkq
-hkiG9w0BAQUFAAOBgQAw7If++YRGfq6fz1Wm8RpFEbKLi3110GORteylvI+G75Hu
-d6luoo/n/arIfKwWChanGI39YZQ4zYhx00qVeQRbUUuLMjkx14XQVntKAG8sI+KE
-mWmt2cip5+XbIJonQDFQAnQWrhAGpw+ilvfv7v2f+9Q87cYLEoIOPHWstobcug==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN2 CA
------BEGIN CERTIFICATE-----
-MIIDOTCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAMMSbKt/wrsfhfsOqi60ijsWABK1LY20O0SAKCNKW2LuoK3iYZRMPRMT
-2Oym1z29akHaZ5ftLz/WGQ5JuabuVkg4Gx1xRloNkS0RQlIuRMJfLM2mzlXWH5ud
-oXHeHmwbUiYvWFbmwrx4xZbeSaePIYctisexGIa20LJ67Pd8t6OvAgMBAAGjgfsw
-gfgwHwYDVR0jBBgwFoAUoXzE0nsTCyYCjlH2oKzbdvHRYq0wHQYDVR0OBBYEFMRD
-3dYx5+B/4AavhJ+9quSyY66XMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwgYwGA1UdEQSBhDCBgaR/MH0xCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJl
-ZTIxNjA0BgNVBAMTLVZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0NTANBgkqhkiG9w0BAQUFAAOBgQCfVuaBKnayPluCi5d9KyF783Oi
-JpQn0SY2yAfXdRAH3cugsfzlo0rsjHyRPj+g5QW5yabg7uJbj11/tnQ/En7u56cj
-mnDBuLqUFrqkJY3Md+k/bCXomEjddbEGKjV8d54oD8ngld0Oy4+fBPQbNo1apc7K
-LqdooapvnR5Nm8qsWQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A1:7C:C4:D2:7B:13:0B:26:02:8E:51:F6:A0:AC:DB:76:F1:D1:62:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        61:8f:48:c3:1c:a7:3f:ae:b4:6b:c3:99:b1:72:4c:ea:6a:b7:
-        e7:93:fc:d6:ef:4b:64:a2:cd:a8:45:04:4c:b5:14:5b:60:24:
-        83:f1:36:22:75:b9:96:22:2f:48:86:bd:a9:8d:f5:9b:f0:bb:
-        c8:f4:70:13:6d:71:a3:8b:0c:a5:ea:5f:8f:42:45:b7:e0:4d:
-        ee:47:1a:39:53:3a:5a:61:3a:6b:8b:39:26:ca:38:f8:b5:c7:
-        8d:44:d3:47:7d:68:29:b9:4d:86:af:fc:26:11:da:02:07:63:
-        ff:9a:19:51:33:84:bc:a6:ee:f2:12:61:24:92:86:ae:73:41:
-        1f:b6
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFKF8xNJ7EwsmAo5R9qCs23bx0WKtMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGGPSMMcpz+utGvDmbFyTOpqt+eT/NbvS2SizahFBEy1FFtgJIPxNiJ1
-uZYiL0iGvamN9Zvwu8j0cBNtcaOLDKXqX49CRbfgTe5HGjlTOlphOmuLOSbKOPi1
-x41E00d9aCm5TYav/CYR2gIHY/+aGVEzhLym7vISYSSShq5zQR+2
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem
new file mode 100644
index 0000000000..e3faeae182
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: D8 C4 14 98 00 CA 37 5A 1D CB 67 24 B3 56 08 D3 F2 30 00 A3 
+    friendlyName: Valid DN nameConstraints Test5 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN2 CA
+-----BEGIN CERTIFICATE-----
+MIIEUTCCAzmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAOd9JgS6UfldtaDuyQBCIZeoLkR28/31qIXr
+Idzjq7FP/alv4nz8AofmEYROX26zxgu2e69X0RSGWNKW2bOTuA6V4jgNBKKg3Znz
+DjAViJ/V6NgEr6xl/uCW+71awSuiI11C6WJJ9ggxYevrUPHyt4OTM927cvjfnQhV
+raL+iKpz2t9/UUyV7xtK8T2rEThTqEeqDeKafwD3gnprACqJpndUR/OgNoUMjdzL
+dD+I2AImKlb510UTH9le4E4budK5qjDX5bX1d9txnXKsOClrQ6h5N6MNMUuMEQBQ
+soetsXWs+xg2EyRSQbsvfiGqdEdrsrKbvQcNSg2R5QUklQp69C0CAwEAAaOCAQIw
+gf8wHwYDVR0jBBgwFoAUo1fZW10Rs2D2AGuJUSuCwwlzqHswHQYDVR0OBBYEFMnZ
+gJavUispfiyQDQtHWo0RKMMEMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwgZMGA1UdEQSBizCBiKSBhTCBgjELMAkGA1UEBhMCVVMxHzAd
+BgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsTEXBlcm1pdHRl
+ZFN1YnRyZWUyMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUg
+Q2VydGlmaWNhdGUgVGVzdDUwDQYJKoZIhvcNAQELBQADggEBAH6QvBXFcVa5nqff
+tPENGZ85VSShfRVZrlseVsXlJEgRR7NEQIiXOQrjj729QVKuvp6ClImPTblzIr3B
+uNEylzfqp90bUCDReuVmQo8MXIviG8IuZFRkMYkrSH5XbUgk+MGyMjdp3Wi4WCdL
+79plNgv6YErDmbDxy2MBf0iHgFRMzcYy/irtmzOhfa4wCim0Ju9sQaPjk8a995QF
+sBhnijwIFrjkJDPiI+JV5EyTPRoE62rshD382LcPmAUvRp4QEbNBHEIh9XmREHeL
+AzWS1mu1Ge37FaR1VKmB6aB2RCpN4cmrDf3DF/Kdd5HZuDv5WdowZwqO9Q5r7juv
+MFes7mw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 C4 14 98 00 CA 37 5A 1D CB 67 24 B3 56 08 D3 F2 30 00 A3 
+    friendlyName: Valid DN nameConstraints Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9E196184353CA008
+
+BfNhaU6gpGjaXTdAJonv19FcMgf7QkwfyoVo1y2TGA27U4lYBvRPJMH2XYQq0J7H
+gKlWTNUnQbB9lApHFJ3fucTxgNAVG1+J11vCTiexibvJ/f4HZ3UQUU1lUrAb0SHO
+3vTcxw3UqBih7amYCuvbuDmClmhvP/ogZGv5ecvNDuSb0IwbTtcTDOagpnvgzuIW
+JUM3FXohCBVCY7t/ap1QY4MGhINeRVy1BffMLCuRtPBQb4lYn5jsTMlI1DLzXOdC
+7jWBU4RsoeeOfPhrnVQCcb1nlJl13aN0to2pCw4FKXotQqpR/Ci0etZRnOoIOuth
+vCcIDCyOE0RHFhV4YKr99Xr+TLp870XI+YKk9WLTaImlYBvKPcGVAgZPA6Le0ODX
+oMsbgYCbStQHqc3lJieQvEw7tqo2UYaCgPNArnRroIKSF7+9BuTaNQVqE01DZewN
+QBBEQBaH56QK9gDNOfsSIXP5/imnsTbh4eosxCsvb1OIOh9O+lMxBVJQRplOXSPc
+pfP2ox8COH/ZTeRs6w0cnHFgwXfYtH0F6ZaCA50bqaE7SF4QX2PtnIGOj9MLV2dc
+Qk5WSnt3sjghSN3xFOMZKRnhs/mNc9Vyq7c1/nct0ij5mCLSIUxGf5bS3TDl3hPU
++75QawQ0ynBqdvgvk6wM7v4CnliO9GwQip1mHYLH2yWfIgcc6A0nyhlOCECrANzn
+DW7VlDz7iWucPtXslsV7QEOT4SYg+DJQJ7KDIfw7pRc7ZwfmgJ45Nrpq7t6TEpLJ
+jRa9QqxUmpskm9KOjflxL8s720G31KH4bpjgO6b55yMLvqtb8DWeGgRG/EjFf9xW
+Ir7huGANFgHcscEa/EWhvsFFmuBnNxK0rfMBI6AGix2YPN2T8CDi4oks2ctflmYQ
+KIlf0e3mj7axcFNGBEymzSa6bDMr/sUWK1eUsKvnB8ig7FFlo8WYhYaAGEwWXwvc
+ZTsyAz62czfv53rblY9tdXhRksanrK2d5UVcOCjnsQyWvLO0Y5dnXSlXWsECD6/W
+ORRlHVqgGL0uViQDyQ8aAfRBTW96s9WMKG1QgR+w7NGL/JjBCRpOeQgI3EC4KVaP
+Zh66pYBDGq5MUCF5Mnr377/7QIah7FmcjAvBF7WXw9fvAcaxJJcw6gLQbYcEes2z
+bshbwPHcjTE8GRpCUxDh64ukAr+r2wrRT+32QLKMKJelpO0hi+yOHXA4FAJ9okEq
+Y4LNa0XjV9rY1zrk3mnugKi9PP6HdX09UdeJmV6jNp3yB8OOQg8izL0/myqEVofI
+rwk7FySMefSjbg+VdoaHCSg5lLoIhvkgquitmk4UIUoEDRLq/HVtMB3Cg130kxzw
+SwuBqCyFm7cPhVv8i5W6SH112mBMRRx7pz5GlAEvzwWUaSut4MH+xYLprx1X50j0
+IGbY+LG3Al972tv6UbAQBpsEXKOtr+lo+sAKf58ELZYjxVp3d6pze69oTj2O1iYo
+Kj5h9fNVloyLC0MVErstkDFTt62dqFhtEx9MJIbf5CqIDkOg5ofGfIt6AqJkFI1j
+wAj4dpWgCzUPHxwyWV6+yjX3sXDXaPFIT/IAsRNctj3th2TVoPUbxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem
deleted file mode 100644
index 35f40caf4b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAOdvJDDcPZf9hCISpQZ3vrpBXxzoFe0eBH7NUTsfOWAh2OGCfOak1DHU
-NApws4o7QUiHWATX1FGzJj9d32W9sROF6qqFJl94jJDinNYS2QeEMZ/T1W7u3+eP
-HZjrIYArjSRN19lgg2VuU5WpIKOXas+cOOQlh/I61dFQjHqyf1W1AgMBAAGjazBp
-MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBTohZvb
-MzEoZLMs7htkuG2eUNmvlzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABmQhcYL+rwYvVrnWH1LIbYHFhUX
-X0kvvS6SmK7Y+Ea7uDLmhDe5F1QKYmcURJt/Gwhz0xOFOsBCo3Ab4MSIScm00WvI
-3TIXXjLYF4LufXUGle7mdbWcT7SXfd0QVGWbTHDgbVc8SPHmQh3E4r2KVTacFry7
-nbzganMh05d7MTny
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem
new file mode 100644
index 0000000000..e9952d353e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D 74 75 94 8E 7A 83 E9 8A F7 73 F7 6F 4D 5A 87 33 DD 9F 04 
+    friendlyName: Valid DN nameConstraints Test6 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAM/4iyH3zhj0pIS2GVWhozQpxO7h0Rc0VYwm
+qBRe3BCR0+gLN6FyWhGksoCInhWVgjCp83tO/AV0egq6mtvYVy4/YnzNvPFuU4Ij
+E913+ZktncyEfaJYkjJ8fms83OH/Pah7DpSNVRlxQkvuq8losTpL9l5V7YqLFF+d
+JwHKyXmPFJpujAHtnoqCe3f/WwjyAXeI0M0/2b53eAzqJUmiJ6i+qyygNpPp/OAi
+vunB8NnmVAcshvzRrCWiXF+XChx80fHQclCf0QblOEW7l4pelieJd6BByYfz7Dnq
+Ji3Ep4ULtF5CSVcXyJhtB8tf4XiFAxVh/ifDW3L0SkfuGEwA6VkCAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUBtxbvscSN1mkikB0fAmdRTxKodswHQYDVR0OBBYEFJWht0b2
+Dg93oRjljC30sI++d9gXMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADApYud9pWALlHw0vcQGRTQvhNRM
+nonPTNJZa2dzI76tcsjPw0BwP08OIKv60ciSIsEQIU/lxUruRSixe7xrxktGygPk
+aaOdXnF/WQHhucPx6HKl7cs/c8zInJQKWSG3DYa3rRCtsNSo9A9J3cwY1mAhsh+S
+JbZHXu9hbFdFoLPaCHNQRod9aqpiAd0ra7SpzrQGSZMTRaWbQi1mHJ93ay/bBQI/
+1PqHZ71szX/EIM9TsHLCV1Q9oJN12xAbDI5VdhuCFdiIDRytGZYu0en48+CDZIGZ
+Bi2sSMaG3zmUU7w9fh0NuuL2YlV7C5p96QljGRtmOZh4qoBgOSbrsa3k9zc=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D 74 75 94 8E 7A 83 E9 8A F7 73 F7 6F 4D 5A 87 33 DD 9F 04 
+    friendlyName: Valid DN nameConstraints Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,997AF21B8BE5B4BA
+
+8yfzhn+GIwBC4tJMwDYhhX3ZaBFBzNQHBs1brCMjJzSQ+4yycS+AH048DHIlsx/A
+uAIme7AS2SBrfkOzAPcHTaVqj4thcbzFKWi2n5/W+XbivtYYQUJfSBFLtp2yGybU
+eizSJrPJV1afxJePlgxOdjh4JukKWTbK8GyOkC1JLEPh/sG141Y30jlExF3T8b0A
+E75yfwwRSHbK5nDwew1HtgzZMoJaP/JM2GUwxSoDDgNVBTYb/MwGmPDeZVgW8FHo
+8f2+AJk4IaoFeO6wp3/PsdPfm1kzHOrsJzK2GP+xaA94E8jwH7J3rlU2LzihJ48L
+mT3BUFxBIBhul91NKpzPhGzqlna604+Syg422PFWk80s3KruXel1ErZ8B5a8ToY0
+A6xOpEcGycWeCi7kvB+iaxtwwyE3ZbAp1HLBM6eU1RhP3lO0/bxeDRnSimOq8+vd
+bzuPznTh9SsBNsYNFxiyXW9Qhw0hHxiu+GVu/fCbg3CNzTcaPiGmMuuIXjqiQ5C+
++RsRrtEqVJBHjiSC+5uTXksB6JpstWxPWiTfStbYb35A1px0VOoMLoEZQoPorbSN
+Z0Q5KqpNmPXIgufE0HYxEvjk51hGMM2bKOuxZiNqnPuG/sbgpkRQvzSQnz2Kem+T
+g0so6vMU4BN0PBsGol+Ktomsj2ZcdOxemF/JtRyQ/wWgnNFQ2ZBAQSCBYOUvXjn7
+rHfzV+csRPs1vXgTy97cveaHDzLm93PEq4exzPXLiXK4JCRDfMyq/uJ3l5ZgJjO3
+8lcqzjWsYaKlYLr7uo/XWwst+zV+EWbPbO+XwEMXS+fkSnBbLxNXnVyJhXDf1ri0
+3RsAVBFlgBdeutl3K/VzqgHHz3JG845m8Dql9hu+zLGrhVLpZgY0CPwE5RzmNubV
+VMiIUPQpCwJ3JdhvocTrzf3PGhlh+dawE8SWqVQqGb6PKGJKCzjO7oMcTujbmDgo
+RG1i7YzRoVBJZ+p/pqtwiIeOX7K5qSgvhmvmhv9DPh+7PATAhfuQgCylt+nBhZjz
+e3TpI5MA6L1OcNQBayn6cgLzRDBcfrzGJ8ya6NaScZIUBazhGW62eCfmPcoUFN7W
+LqY2pIuqSXkdRY5HshGqiE/T1IVskwSLvdc80t190odSERZ+tg3DzhGGgYFysNp0
+URKBHKKeKOWJ7U/JPEYdfjmXwAsVPii1qpYOoQuwM8T6F4IhWfBvt7n77bc/sMEB
+m4Ax65kfJd5e3EIGRlOaPW3J764i78x25jqTHihXgSb/UoUOAoKYEifyB6aMeEb2
+0rYIC+NQ4oGzYXI/EuasyyPIrzGtcorlVFf66fDr6hc4bNlZZ7ZeKCXGVgXHXhOp
+S8snWNMeqiTXFvlE62sH3viS1DQvV4khKKeUlhjBms4/hQt4rlk/uCo2e4p6TWFP
+FFUg8ziw7kUlPf4p4n+evZuMEIROKudtvXQVsRsCWXsAo7zj40Gg47XkvDhsvINs
+T7adLxpEeKbZ5xjcvvjENWTei3vYHgEACfJ/1dayvdEaCJp+6273iipuiXDeCVNU
+yIutyGiKOGk+Qg+8hAfpcQFU7uaEI5cAesvPzOd3sbx9lxlyPu6dOw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem
deleted file mode 100644
index 7b1c148861..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem
+++ /dev/null
@@ -1,141 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DSA Parameter Inheritance EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
------BEGIN CERTIFICATE-----
-MIICMjCCAfGgAwIBAgIBATAJBgcqhkjOOAQDME8xCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbRFNBIFBhcmFtZXRlcnMg
-SW5oZXJpdGVkIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowaDEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYDVQQD
-EzRWYWxpZCBEU0EgUGFyYW1ldGVyIEluaGVyaXRhbmNlIEVFIENlcnRpZmljYXRl
-IFRlc3Q1MIGTMAkGByqGSM44BAEDgYUAAoGBAM6LNthcREHH6pqw2JQ5RbNJtGxm
-vdadsOuJvn5b0NszIYMbSpJq13bSo8hLx5uVfEvkGdc0BpoYHdax/d+0xQcq1G2b
-yKxnK+bYJbJhXuvvfEtQJXVoNRneAuD+UX5sAKja0T80w8kTA1/2K0vJMVwExuZb
-OPhYbliV11/6bvxPo2swaTAdBgNVHQ4EFgQUAHhCMlJkgBTrJroWKe1llb8qHx8w
-HwYDVR0jBBgwFoAUXSTuilUa8sbJssK/ivCySU86sxswFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJBgcqhkjOOAQDAzAAMC0CFA18iKub
-KQypNt8MvheJ9svsobpgAhUAzoneZ6mJuBahNft2JyeO/YD0xes=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIICFDCCAdOgAwIBAgIBAjAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTzELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtEU0EgUGFyYW1ldGVycyBJbmhl
-cml0ZWQgQ0EwgZIwCQYHKoZIzjgEAQOBhAACgYBnjEfaDDaBZDn4GjcL8LvUE/1n
-PUDInJLhOolUsPKXpXDQZBekp3yp6ScJZd+gpRz8BNo+3WJr8AztgVdPXSnICFkZ
-DF+NiPD/jLbodQG+EApk31d7i2xW8FPOQ4i5CZkIPJCvAejZMl3tVgLPYNIBOuMK
-K56RQfbHfN5smWMADqN8MHowHQYDVR0OBBYEFF0k7opVGvLGybLCv4rwsklPOrMb
-MB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZSE5hMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAJBgcq
-hkjOOAQDAzAAMC0CFQCoWW8xd7Yg7Dab60thCq9E7XK6KQIUbSLhvU0n9i47H9ed
-1lleyyWGItg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:24:EE:8A:55:1A:F2:C6:C9:B2:C2:BF:8A:F0:B2:49:4F:3A:B3:1B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2d:02:15:00:89:33:c4:9a:67:b6:d1:05:d2:fa:c6:db:09:
-        a9:f0:01:9c:cb:db:00:02:14:5a:f9:93:bc:2c:9d:fb:be:01:
-        4b:f1:a2:fb:1d:93:dc:98:05:f4:ab
------BEGIN X509 CRL-----
-MIHuMIGuAgEBMAkGByqGSM44BAMwTzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtEU0EgUGFyYW1ldGVycyBJbmhlcml0
-ZWQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF0k7opVGvLGybLCv4rwsklPOrMbMAoGA1UdFAQDAgEBMAkGByqGSM44BAMD
-MAAwLQIVAIkzxJpnttEF0vrG2wmp8AGcy9sAAhRa+ZO8LJ37vgFL8aL7HZPcmAX0
-qw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem
new file mode 100644
index 0000000000..7e17e1dc6b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem
@@ -0,0 +1,38 @@
+Bag Attributes
+    localKeyID: 59 F0 D4 26 E2 38 A1 F6 C1 D0 71 F1 06 FD 5C C9 1E 16 E9 6D 
+    friendlyName: Valid DSA Parameter Inheritance Test 5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DSA Parameter Inheritance EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=DSA Parameters Inherited CA
+-----BEGIN CERTIFICATE-----
+MIICOjCCAfqgAwIBAgIBATAJBgcqhkjOOAQDMFQxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSQwIgYDVQQDExtEU0EgUGFyYW1l
+dGVycyBJbmhlcml0ZWQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE9MDsGA1UEAxM0VmFsaWQgRFNBIFBhcmFtZXRlciBJbmhlcml0YW5jZSBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0NTCBkjAJBgcqhkjOOAQBA4GEAAKBgGePd1BDyXeRQ1yb
+OLiczxes0cd6mp1vxtg8Pjtuw/VNgx6/q6dq15cXOXf+I1KDj5KpTr8RU5EqJzzs
+24Rkhd0YIpKnlS+r9YlUbGUqiYgFGxcZIFPWeXtd/HDUo6EtwM/4CKMJIoCj+RIP
+85dMZNOqY3m3VXmUrihAfGMSJ1zYo2swaTAfBgNVHSMEGDAWgBRlgZ9wOoyt9kMd
+yOePVY7oS9uH4jAdBgNVHQ4EFgQUBm+vcNPtCiTeORO8G9ZsstjM7x8wFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJBgcqhkjOOAQDAy8A
+MCwCFF8V1SAET1xFJmUxuSyCcxKWdg1nAhRLvW4OnD/rkm/0u8mAPbkq84+rpg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 59 F0 D4 26 E2 38 A1 F6 C1 D0 71 F1 06 FD 5C C9 1E 16 E9 6D 
+    friendlyName: Valid DSA Parameter Inheritance Test 5 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A1A1A940AE90B3FA
+
+X9H/rdRkmXxSAG8Jna6Ip4pqa2PUCyiEbMJU7exzzJ6tx/zP4zU7se6HLZE10YbF
+D+R/mIapOCVSaf1NkZ0xc3Oki2W2E/zQ6S2uX7scHQkBanuBqkjwjY+vDZAvdOmd
+FVsbb55ezxMendKK8Udrd3K5EibzReRbwSl4lLwwGZQzwRLv3LJBWC0m55s2D3QZ
+2wzpJI8WgCMXd9sJY6+453HT/NSUmoWYACIqhJhXxkNxWFmSuoh9IlqoKUkDtw52
+bf1gF2itR8YJ5Fbjg4u7PjVRbkLjCU0BXjAB2G0WasnJr9To6bwSCsGSfGLRTaBd
+XH1uS31MgymzgO5ftqLNiCPy3bxFa5H7LK/ETAlqfnDVC/w0Za3pI9ZGGeR4AIx4
+PXbvrVBrcadyfU/MuHSJzA8b9dWN2bOn9nogf+cMewQWBXnF7Znh3re1o+ElpF7L
+E8h+YgVzMlJVLrFR0HL+1Vs/ch0FrsYW0Y9v0/2VSUnOLL8omoZZrvEOZ7Q/MZj6
+b1cQoEuoEu3rQss8fHsKgSdNG5JeqRngTFnV5zCTqIn0Dyl/bkje4s3ryQ/sMyDI
+6wMdTVMTocYvdldlnRdGNw==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem
deleted file mode 100644
index 6482e31df3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem
+++ /dev/null
@@ -1,104 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DSA Signatures EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIIDNjCCAvWgAwIBAgIBATAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQDEylWYWxpZCBEU0EgU2lnbmF0dXJl
-cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDk
-i69AjBXXPXzuA5YSaMEgBegXyp50ZUuaVJcqeDPapcVy6jSzlGhC1Rv9d/CoQp5k
-k5C2wgIxRhN6A2nMmC1WnV4jXyi/rX8P0GmVYlwaBypejHNJfv0SIo5V5VbprnIp
-locIJ9d3Q/CGuAkKGxSl5gPmRXlN6fpTX8EJvX7FwwIVAIA/5PzzTOU+yw8XCipU
-bNBnbA07AoGAZtQWiiCt/tEyn6V/p7PQ6nc/62yi5CnY2Lwh3Zr3zOW0d03f7Nqi
-jJx1Elof/mbTEcLvhEPsqYhuTLpMPzWWx2f8mb0PmSkTkU7YAq7+a69QVqovHrUq
-yO4iRyV4ayHdFD/O8BCB95YdnEG7XkSSXS7GHrjNaciPPzs+0E+iztkDgYQAAoGA
-D1MorDgvPfMRYUHDPafWevf2ATLTIXEQFNXDPk3rGaKMr54IPUEK/8yiR4J6VqGj
-/eyyi7c5tcqgGYWCm5ZoqLtrupCk4a1ltkQx0h4iL1NBT/qc+C/oLEMkFn4r2GT3
-ZPrweUgduQJtkDbM6zYP8jmrfSfs90dv3TPEfk3uJFejazBpMB0GA1UdDgQWBBSz
-M9dRogQNRPudQPESYnGwU/ZpDTAfBgNVHSMEGDAWgBR0FdUkHL1eZYgf4YsJfn/q
-GUhOYTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0PAQH/BAQDAgbAMAkG
-ByqGSM44BAMDMAAwLQIVAIynyNKZ1ECb+SGSaPMnJglzolkYAhRM/h+AuzCA19hw
-xk52oNmdtPZA6g==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem
new file mode 100644
index 0000000000..2041c76807
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem
@@ -0,0 +1,44 @@
+Bag Attributes
+    localKeyID: 65 80 CC 44 81 EE 42 CA 16 B2 6D 68 60 CE 80 83 F0 2D 6B DC 
+    friendlyName: Valid DSA Signatures Test 4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DSA Signatures EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAv+gAwIBAgIBATAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBiMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEyMDAGA1UEAxMpVmFsaWQgRFNB
+IFNpZ25hdHVyZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggG2MIIBKwYHKoZIzjgE
+ATCCAR4CgYEA5IuvQIwV1z187gOWEmjBIAXoF8qedGVLmlSXKngz2qXFcuo0s5Ro
+QtUb/XfwqEKeZJOQtsICMUYTegNpzJgtVp1eI18ov61/D9BplWJcGgcqXoxzSX79
+EiKOVeVW6a5yKZaHCCfXd0PwhrgJChsUpeYD5kV5Ten6U1/BCb1+xcMCFQCAP+T8
+80zlPssPFwoqVGzQZ2wNOwKBgGbUFoogrf7RMp+lf6ez0Op3P+tsouQp2Ni8Id2a
+98zltHdN3+zaooycdRJaH/5m0xHC74RD7KmIbky6TD81lsdn/Jm9D5kpE5FO2AKu
+/muvUFaqLx61KsjuIkcleGsh3RQ/zvAQgfeWHZxBu15Ekl0uxh64zWnIjz87PtBP
+os7ZA4GEAAKBgCwUuJ3sGoI0YbdjbhY97S8mJRwXyMJzPtX4GILw0J0vhFlgB1IQ
+RlMdNahTZDjWGvBNMV6VscdMD+PlfG1ZVyGwwc9qvny5X8RfYRb0AsmvSN6o3brj
+n5gFsnsHcRxE0fhzbHdbZFPImAVMjTaAIkKXfjIaUaiICOr3qqyhH2yBo2swaTAf
+BgNVHSMEGDAWgBSPkMaMdOh7DMhZx308W1RZYCULsTAdBgNVHQ4EFgQUnHvCTw9Y
+g/WGXCrgdm2oTR/cEDYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB
+/wQEAwIGwDAJBgcqhkjOOAQDAy8AMCwCFHm10vtlAd/b1cB5Yi/UsmQ8BtYEAhRL
+hwx1Txi7lIfyun0bpsh8km3ohA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 65 80 CC 44 81 EE 42 CA 16 B2 6D 68 60 CE 80 83 F0 2D 6B DC 
+    friendlyName: Valid DSA Signatures Test 4 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,08DE82DDFA93E00B
+
+0fvn08EoMjSFM7RzWoIpU3wJRuMFftIvR7XSeytjH7LVbK5GJviWr1+V8LkgD28s
+tdSNeKVXUN+RwVNv48Ul/60hzarASPQNXvtVz7GFDUwBlm4LkywmJhvKlu0mnmxh
+d17JQ49ypkQrshQPp5k/bDLijhLQ5mY2i/a200g1qtsq7H6qcl5dcCAtQw2/Ei+v
+cYoZFCnF3MHExaq3l0BTEHJ33Z+rjSHjUXq3u4Ivx1qESK48nUMhQt/z6vxgyvvf
+y34qU2b8iytemifLlVP7N9ZUFCZMlQwKRdDKHAPlSAptG8KEsuxG+NFtM0GyugqR
+SoAEpq24sHT+xSk5nKT7UskJ6FYKwliWOf4U30eKKz+Yq0mswstJd3A4VE1a3acK
+kwPHztRlKlhhjcGlmUgB4oGERCOegc/ZklF2NgLAc1jJQCpPQg3N7m3kMJ3VsGS9
+8/In9c2VKT+9+BEKcrR3pQCb/2TTAg6rKvCCCo4MpcTa/Xek8IPCbH6K8tsWkVnz
+t19y7EDrqOjNFqksum5r/W1zn+zOfGpSN6Fb6lK4jY5E9RzkkpHz0foCj54VWDfg
+yUH7H70BtvKPW5KZ1mrtNw==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem
deleted file mode 100644
index f15bd0771a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBEDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfR2VuZXJpemVk
-VGltZSBDUkwgbmV4dFVwZGF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEA0XVL58x4St3rim3S8J3rxCFsMxohlbSezZsM8cVML4M8JqBA2RCpciqMXQ39
-ySW9Va2Mca/dkW/VCXATp9lG6hGPI9uvz5t42IPrYc/CdCMWnMZYPxolMOUJd8rD
-fRjX+PnPtbMonefHo0LclKZkSs5hLEty2zpam33MNLS4L+0CAwEAAaN8MHowHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBSGFC5gYrSk
-iBLjiqt4F6Lu0TAaMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAPS84jJFDI
-dH5hR/XPr96LgBMhK72+PiP/6pgrKYilpao6qSJAf9vIsaWuebDcHUWFO3HcaIwl
-Ku+ejli9fwEZmMcK1l4pj5vf5y4/wYBkWTvnpT65JUGdmuFic0n4c1jEPTkRZPl0
-FVsLl9iYRwWLJH9pq9gaOLZboV3w/HplDg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime CRL nextUpdate EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH0dlbmVyaXplZFRp
-bWUgQ1JMIG5leHRVcGRhdGUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBuMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-QzBBBgNVBAMTOlZhbGlkIEdlbmVyYWxpemVkVGltZSBDUkwgbmV4dFVwZGF0ZSBF
-RSBDZXJ0aWZpY2F0ZSBUZXN0MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AJ/BW+Rh38aEJHLhyF2rFsHXLa//8UzBuAOpoiJSzFc4gk4FZMbUeMNc7JEG8d3C
-1iCI6ksf+VPWuZsGVLU8GB1Y01lFSaXPp5jmmDeILhOIhmh7/xGJOC0bftMHU2Ub
-STCDgX+yxmVEzoPNpyWc+NIOUxF4dGZcIVeFKPB6cYQlAgMBAAGjazBpMB8GA1Ud
-IwQYMBaAFBSGFC5gYrSkiBLjiqt4F6Lu0TAaMB0GA1UdDgQWBBRAXKg9gLMI1s2l
-71T3v0X4NAK8LzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA0GCSqGSIb3DQEBBQUAA4GBAJODcolMrKSSYYUM8i0NqwfexPIPQ6X+U/WU
-fh7Q4VMoPii7s2hU2MHjdWM/80GnDbNLmNqWBWqymgR+lkYvyvcMSsXr7SC7ZN7T
-PKpw3Hi2bnOFDJDKA/MGWsX+cehwuRKlxmwep3r23H0ctmF6bYpcVusN6NYXVHzt
-jU0bM66N
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:01:00 2050 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:86:14:2E:60:62:B4:A4:88:12:E3:8A:AB:78:17:A2:EE:D1:30:1A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        ca:4b:74:4e:30:1a:c3:6c:07:22:c9:4e:5b:2a:a1:2b:9c:7a:
-        82:20:53:df:a4:45:75:15:ab:eb:5a:c2:e8:f2:bf:57:f7:d0:
-        2e:b1:cc:10:56:0c:be:b2:15:72:e3:b4:c8:0f:90:fd:ce:57:
-        9c:1d:b6:cb:dc:4d:80:64:ae:49:4f:05:d8:96:1b:a7:ab:aa:
-        22:61:65:57:63:1b:7f:9c:81:f1:e5:cf:06:b1:6c:00:a1:36:
-        28:26:97:2f:ef:74:37:e1:89:7e:0f:c8:ec:df:ac:91:f2:e3:
-        f5:01:a5:27:87:dd:29:b9:35:d5:e1:99:91:a5:07:31:24:80:
-        0c:7d
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH0dlbmVyaXplZFRpbWUgQ1JM
-IG5leHRVcGRhdGUgQ0EXDTAxMDQxOTE0NTcyMFoYDzIwNTAwMTAxMTIwMTAwWqAv
-MC0wHwYDVR0jBBgwFoAUFIYULmBitKSIEuOKq3gXou7RMBowCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAykt0TjAaw2wHIslOWyqhK5x6giBT36RFdRWr61rC
-6PK/V/fQLrHMEFYMvrIVcuO0yA+Q/c5XnB22y9xNgGSuSU8F2JYbp6uqImFlV2Mb
-f5yB8eXPBrFsAKE2KCaXL+90N+GJfg/I7N+skfLj9QGlJ4fdKbk11eGZkaUHMSSA
-DH0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem
new file mode 100644
index 0000000000..921fc43d58
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F1 27 41 23 90 1D CF C0 11 84 D1 9D 51 63 3E FC FB 96 12 01 
+    friendlyName: Valid GeneralizedTime CRL nextUpdate Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime CRL nextUpdate EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=GenerizedTime CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfR2VuZXJp
+emVkVGltZSBDUkwgbmV4dFVwZGF0ZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMHMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMUMwQQYDVQQDEzpWYWxpZCBHZW5lcmFsaXplZFRpbWUgQ1JMIG5l
+eHRVcGRhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAud22oPPBDzylInEUq9CguXvnLa25adaw9FxosWhpznk+
+e4A8PL4ObpbKZ3BD4Rgw7l0ptJ9+EXx5JuJNkjjrqjhq92E0APwXSFl+ZBLLPfsC
++yPJoxRQ4NjiCNHrFl7ljDSPPKllzSJxIE0dUXpan546511kuDp5VYiLb3aJUFiZ
+qLh/1uTYqWCZ287zkgcG6rXllTbbBrhOoUhoIt7BCudz8kKr361aJ6CRpgHN/Vq8
+T5xW39XAAifUCiql6gcR/iGLekoP6Ea5xWlCejwA+a6k88boXm22LAx7QWiFUe1e
+zLHZ5Yh4rXtBamDYxOdAk1GYwYAnjBybuGWBxADWXwIDAQABo2swaTAfBgNVHSME
+GDAWgBR+KnXvDDbHS+cg2X9hSEeOEoMaLDAdBgNVHQ4EFgQU4997s71PDhzkuPqx
+jV3e2akJIdAwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATANBgkqhkiG9w0BAQsFAAOCAQEAOaHsLRHQVH5gJ+hxdHvna+IUoWjEE2F5MQbT
+bM998cWDHqN/OAggEpYV+Lihrz3l2zZ3efue0woBgBfcjr6LkPpLLR4jqn3cPtQV
+t9BgXO6fLFntkCvvnTDDFRbXRboCpivS+nS7J74tabTtbcxVjTnnRky9HQrgopz3
+hz+oGR7rFnB6fB1D/ic9BWKtwx+BODB0eK7WmUK7pLtQJaz/wimIhs8kD0X6AB9g
+XWVlBsXFMemvFglNQvtfH1uPPzQk6cZ/JDp+LvLWAMP6HK3ZVdvaAVU95DRm6gK8
+PoyWsA4vasObByzNgCtKQSxULkxjjRnbZRN5j0uRN3mjJ1fKEQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F1 27 41 23 90 1D CF C0 11 84 D1 9D 51 63 3E FC FB 96 12 01 
+    friendlyName: Valid GeneralizedTime CRL nextUpdate Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E6118688A1731D88
+
+Dd1EFLgiRKRMZTUclex4I2UHdo3uVBIINpHRPA9+uia/saAEb5j3PpvBxOKlbI9A
+akzemvAU2AQWIrMVw5+kIiSHtj/JLwEmXU3Hxn352sxA8hBHSfbO1RDV3+iXpHBy
+DXePvEo5DloF0z81dxB579mGhhlZm1jh1ILrOxJa4rLRCXbQDBbautETrp0kkVZ7
+uAzEG9PQGH/5y1mdgkcJ7g5s7Hjtj1aFbSJIY4wdBmXzps9RHHgG7is+AKPHDNA2
+hr0P1RYC4XPyRpd3Q6hXaxgS9T/UfZ11epoa81XeRwlc7JHshZw+BMeQA8sJkVZK
+tduaOOa3OpeSxfKeBEbFBRylPgP5SkmteWMmvbDsVBhgLqhDRi9M7L9e4Ty8en1L
+q6T+ffPOsESh7wEO1cHUIDT7alY/zWuqy4uKmSUOEGWjtEOUSRtDuIdZz1uy7xjz
+/iuLLZfoZg/iJCZo8Gvlw4MZwDRn7up4yi4crc5DTxlA6rF0t3GMrxdw5ofVcYhk
+tviu6dbBTAOMyMEKpUKxt6BVUzX24vqO9XuFNFD47sNz1zV4n9eleeC5xSdPpgBE
+jEDZdo17vUHg9kDzNn5mxEFWSBXk20dJCCFIgQbCubZFWj+CqYbaTCDNzBeCr0/4
+DuQqipAn0qat1PqZ9JkgaicK+i4tF9KxmOpWEOL1eWGKbSO/mmOWjjP5+8/OOQta
+jfEVNLmaeY8rdrftcTnOBBA09aP7dMX0habd73Pvhw9SGim5j5waSkLVR2G8pz51
+I0X0zHwGY/rq25EmDgqhwMTIbkrFGlruuweCXrsHAC8ZvFmD5ESplZ1fZri26ICj
+ZEkHuN1HSU/uhZ7Ln9u0cJs1htegtu3QFszdoyFKH9HRIDfZc+ia25drom+uDFgA
+f6ejKK7egCMVyME4qRKRlNOngO1OLBGgreP+VkQv985JhRcp/UgT3EV5I2qUabeS
+r+LFQg502lKogv/2cSfv8oXs5vKmSFQ1c0pGE4/m+O0FmyvlNWlJyWk4B1zu77fL
+/hp2Ovo2L5NCOsUWa2KayDJyDfUa9A777AvKEDSeqA/CLT2zuMnaGI6WiiuE8l1s
+ZoJxiPdErPFLG1axiaM5gMppwG2KG7sx68uPxImxNf3vmoQI0A6x38TJ/UM9uVKN
+Z/Ul2UCRvmX8WLMyGR2+3OJ4IcI1zHCXa3kRybqTLy9/MQc1ytclZtq7W25YomNS
+wJ7rFJB6XJmqsTgFGpvBxb/C5S0EU578m2ScQ2eYb/8rQh9cFPR09TQwzTgcKldc
+WUV/Ii3PGPqfU+YQbB1CW3oH2yd3KqO1ArE8Agwiy9Lcj1MZf1fib3NDcEW9CysV
+CU6mO5j477pEdhhh3YVex2oTy2J6sc854OpeRHjmtRmY5P1Lx8Um7zgru3aYlBiL
+9xIIvEOGYL3jJhzRk6FFEyvwd8jdzx759qFiwqpeEZig5hiki5nytjXoWc6YsRRW
+ktn+41fRoljfyoud/oudnz/R+htweMstFEakD332taJrLh54UiphVSccvZxLUKzW
+M1tSCjeKBdpcWAfZnofwMJ4EVb1HV/VNhp5Wb1ODJKJCOuMjKX+fFQKrQ7br0Q3f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem
deleted file mode 100644
index df9cce1587..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime notAfter Date EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBcN
-MDEwNDE5MTQ1NzIwWhgPMjA1MDAxMDExMjAxMDBaMGwxCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFBMD8GA1UEAxM4VmFsaWQgR2VuZXJh
-bGl6ZWRUaW1lIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuN3xhLcTamwSrg/7HDqFvodu01X/59
-oI6coV90K3bmWeFUWcw5ZNfns6jjgQE1kexWBJIFACT3kFzmEdQ0Diht+5/uEeSO
-PkOZPDfVFZRsZlKiP4F5JRag4K4+Wfrt8M1vzLcj/TRtui1jpwyXKD/Zjtsye3j8
-MayBGrcgQWbXAgMBAAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+a
-FZTHMB0GA1UdDgQWBBSikE0CsoDg9dGVN7xsWnkXPID8kzAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABG3
-77d7XM2ib5Bv0aVQKTDlDZr1fzLxv0CeJt/o6io7LL8Z9gC0ZdoeiB1nK+unnlu0
-GFMygOHAwKUkKMkkChIGFyYSEPrqQV5811YETya4JBE+Ou3GQ2oKNNL49+HP2yTm
-aWT5eiTEg86gF52K2nPXRNaNGYHgT1+Ez2HeI4pO
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem
new file mode 100644
index 0000000000..82c7ff7d50
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C8 C7 13 ED DD 20 A4 BB 2E 92 00 DB 2B 34 A3 A1 63 97 26 0F 
+    friendlyName: Valid GeneralizedTime notAfter Date Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime notAfter Date EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgFw0xMDAxMDEwODMwMDBaGA8yMDUwMDEwMTEyMDEwMFowcTELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQTA/BgNVBAMTOFZh
+bGlkIEdlbmVyYWxpemVkVGltZSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRl
+IFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JsqVzyLOC5n
+QkAT5iNLE/lsxf/3jU8ojrjoBbTYdgaUaun44lvZwesI/WEd7WbmIk4bnuLDk2pc
+VQY+UnqPJS3j4exQshmfKSwtJnfnqiCNDsujHAkHP0ETMQGbQCfz2sibFf9TFXrp
+mcIHRX8cXIFcQvcvGyKUzO6pkZXRQ5CH37tVWJCj1q8oACXaBqdC4VRKYFO0lhWs
+epDrq2xWlvF7pOEJr7MvyM2tqaYFEKVgCXomhY1qxY3tWUr9n2OIEOt71o5+671O
+Mqd4cZJREF8vpkelQxEGMMu7DR1+pGbkrxXqyYAmjDE5czfXQOLHrWKJlXsnv37L
+gSb0h6cWyQIDAQABo2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86
+yTAdBgNVHQ4EFgQUMT3myQxH68BT3YDCOy2mohpE7iAwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAcDEv
+K/j/gsTTaDIPxcb0iblmMtDBoM6sVI1hp/cpXz47WqedfVQxKpMAj+nyCepRHFw7
+tnjoWzlpDJTbzDX2RaQTyzzZ1hoef9po4LSjt+ukybp0D3bf4m47s6cat+f5XKME
+BqLI+2C9V17tBV6ZM2LbCncc/RnHXwaPCJQUdQV4QOP0+aw6/pmCfUJH0Bn/fM80
+gPxHN3yEds/Xes+JRf3dzFMcGso1IA4fx/S3DqkT+uJG75jl2cI/SUZCdw6G5Aze
+h/wfRrNGyqQYOsgKkNION7NjDmeZ5doj4Nk1MaaYZmm/Znn83fMtXuGchn26BmIO
+UNDDn9zsAsqcF4TkGQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C8 C7 13 ED DD 20 A4 BB 2E 92 00 DB 2B 34 A3 A1 63 97 26 0F 
+    friendlyName: Valid GeneralizedTime notAfter Date Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B452F5FA65D5D9EA
+
+pKSxE2vluN/rwAKlIlcx1ujNGmCSZcAUM2RCSJKtU5dfviE+5CrOI2QD5ggla6mb
+lVYfxKHwNl7g5gJ1TA4hDQZKrxW0y0g1wX/88b2sRtkHhNQVPuh3OLo7/bl2dzto
+ndLby7Cdys6NuLQNgVZsa1Ysl7yNr2cmhT5q8D+No4cHHGm51GBwj9FWOBQrFb2v
+EsmSoxOyCcunZ3Sl39M51CH/gaKtGMFfTvHs2N8dj5zdD8ncjylV0SMcO/64wH1o
+bRwfkC+zDfx6KFXd7ROuR4kEbW4tb1Je7zMEc8fz55p8rKP9dfzlEVkqGEeKLWG3
+Gqp5JkUghtvpeHr+PDS1w5RrIfNNIWjY4/AJvOh2EJCh32il0X7+eOrEGYeP8dL+
+f8JxuUBXUEAfkAxGkeqRNFTT0mpXSXcRfnNwiuHvT9fX5h5E//YKgTvRQxBQicPI
+enE3FXA+E6iv63cOGhYjbTvrLvt+GdfZVfUPX9ieUGLbg+cVhiGENub9PHrDD5n9
+v4w21qEuNDWw0EWWzuWybNY6DU0qeu6lbh8xEBxHSy3FsiDIwStqXGhs/nl+w7qx
+IaCo8aP1/zMRXGEAFH8oGYtE+EHDBvJZfuMRVlM3FqQLyomWUtX/9BHapen2/ZzY
+MlAtIlvYu6psP4WLzGaagfRPWMlrI9QIvbaDfdnvzZn4yu6wJ8Lqsc7iu+8bWB6u
+lbvvxTa/YlFuyQEizlf0UJvV9fh1Nb/Hl6GheN0BMqGYHPaAzi8bac1S48+RZya9
+8NPvbxHkrKYV0+RORm1iMaETMz5cgU4BOxBATQB6OC+zDKhf1BMaawp3C9eCm/+d
+9r+tTyfkGMpusuLzevhK5utcqRXjHbfpoazJgnNqUVQrurxG3svrZFY8WdrgRl+m
++nEpoy1Wf8kpX5iTsAdSzZTKdFSKSSLqkPEywmGGA5T/XRAWMQ5+bhkZuPegwFh+
+cc1xhNa83bSlAXhWKOj834WH/CZFa9VGc7q8FuvFXHYzwLwhgAP5h16T3ylV6l6a
+E0/GvNXkBMOK0U0vwXEgXgO7n51peg9KkQM+fMITGznk2QVFu5nB40hkmaN+QAJs
+eBt6hsTwSvL1BtYvS9EC5SqDp/8ot+yDL/HIx+aDon1KicQ1n2D8ZpKtHuRmtgD5
+gdGS5tREqiNTGnklBXsrBJPZodafcDMnwOYSa6ZCUQMo2PDMwfvyseCCI3QJHiyM
+6IuLT1ErXLc/qldNUyO41VwP5GPG6UtrxwS6XGOuK0keTF9oyVcekFjbm9qENqyL
+Yv8XV4hj92+880ZOhP9WkG2QF6X5GehzNuRP+OjDjKU3e28H+rnCkptZcsBIGX3x
+bTRA/g/8InsdGizRBzUFIoQEOKQgFwjsaqLhF0PewSBsfPZqJwyr8DlsrRKVy7Pz
+N7Q49srE3D+zxZsaF0gAKgFPTgqnqi89DPpIs+REidaEaeOTVaiRyJpwadrdLwas
+Fox66s4HpgSVH6ygWl//sK98O4ijqHX2Xbptqioc/8sWJRFqSkMGT8zpJIzREtAs
+TgEYD45Dm5L8wlZYt4oneFY50FOlJ8VEaa0n/5N/vowj0Y6Yw5tgOg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem
deleted file mode 100644
index 8e57181bd2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime notBefore Date EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBgP
-MjAwMjAxMDExMjAxMDBaFw0xMTA0MTkxNDU3MjBaMG0xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5VmFsaWQgR2VuZXJh
-bGl6ZWRUaW1lIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95eHxRXrYP2LBGJtgztiha9W1jRBa
-tkZEgkmukmElQlc+Nz/uh5pRNpJbg7b+3Mv6XKMr0qncHxRIaap0sD3MY8CQOeWi
-IHCEtT5XGFy6B6eGpqfdejjnvN4MHVdd9uBaxf0Rbo7JlxXLCT5ZrYMNbK128Toq
-qhp0MV1GpfZ1DwIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPf
-mhWUxzAdBgNVHQ4EFgQUeJSUUvGhyTgLeYzfK/SqlRZsvacwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAi
-TR2cFTtIDfG39B3eWiPgzxJebkwj3E1ZcxAxzGcYHoSScb79ueJ4ERjgskZWO7ag
-oNPHokDXVScVCIjeYTG540+aQNawBa6L+HhIMNIuzHw190nKXMOSqPmNk4vbYPwk
-32dtRrn1hIUDujUwTkW5daFxJ25HjyUfVZCMQuwXqA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem
new file mode 100644
index 0000000000..c3329e12a3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D0 8D 9B 81 92 7E FD 77 C9 D1 4D CC 59 10 C2 41 BA C9 F2 F1 
+    friendlyName: Valid GeneralizedTime notBefore Date Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime notBefore Date EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgGA8yMDAyMDEwMTEyMDEwMFoXDTMwMTIzMTA4MzAwMFowcjELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQjBABgNVBAMTOVZh
+bGlkIEdlbmVyYWxpemVkVGltZSBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0TXsIKGzxY
+iX5lX1bWQb/MZ9pouA3EQT8bxiWbQe3iWrZE5xIU4jFopRL8RXASP+lQIROJWqjT
+GtZhEaNQyB9CmNSz5w3Q/dME6LPrdiUF63klD3lY/J1cJheLov0Ql9Rshvrcjluq
+xR0aMebihrCVAbGB9fjapEf4D8xtm/l5SMvO7olLyDZKkibHgmzgZ66/ebGPrc3o
+OmxjoqvkyyH+vlRQgfv4oAVFetdVyYB8i2eJp47d2aFGTsWmn6zIoM7fy4iuu0kK
+07KGV+RGIif3sHoWXv2Uahz56Y7MGr135s/S8e80jA4KrfQpzqpN07ncyEtFGEs5
+3WeTcZi5zLsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWv
+OskwHQYDVR0OBBYEFM3r3nHYztXgRqo9a88ywemUwz7vMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAHWf
+JSZe+DwVSi+fwy98C4I5bZrrkWUX5P3ffOQkO1NrPjVURAvXqyTXbzYcf+PM5W+k
+J6XD2jJvNCRNQ2R8AIdVbG1fIfAzBR3PhEZPL9qKhi2H1q2IloF1Kw26ghxS5cAF
+cfwkOyQgNUpyFp9kKT2OE+3GM6/zf8SVy0/bFL6Rf/5yrJ273Of0+ymy2CY/irTM
+/4X7WLSkSGyPz9RHiT+LoRSel59eclRDxQKXgyToiTgGTKXbEFcilTBT6+0WCgcJ
+3Lw5qc+s12lQDFF8T903ef6C77dPOYMcxnCD2WlBInOSoqsGhn8NDf6YQYsDFCbl
+Oj2T6kRdn8YUigjmrhM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D0 8D 9B 81 92 7E FD 77 C9 D1 4D CC 59 10 C2 41 BA C9 F2 F1 
+    friendlyName: Valid GeneralizedTime notBefore Date Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9767531CE04E789
+
+YmTFYhbZiq2EbSicLy8vgHiI4r1QOxqwYVNXc6Uy/8Dakry0nY70j27xKuqmZVqX
+tY+e9L3mdvzlLLaLZ2B01uhBWtfxy16fqu87gjWfKCcQ3oJDMnjQHN/LmLOvpCfE
+bpC+xfvVZSuK+/gqfyVywcLqFYwyYG4LSnnSzIm95y6rCGGBxBvdFpsO5+QOASMF
+0e68jsWuj9CO1bUoweg4AWi/XA8mr7OCLAQimCBw6feqiU/lmTOrcVLa2ckSS4Lo
+Lp7K+6pck6prAbxwjJMT40QbniZYZ3a6zVCFY2dHo+BNv6Yr/0ud1zBBjK4gViIJ
+VhPjY1fQ686pYQTSgQAWQ5vwI4M5mN5zyyp2XISuN2vIAxJiaGaEorNArB+sEdft
+RgNNW3A51M06POwAKzfw/S7HYWj03BO7chfrCkdlJt37fFNrb84jO0HzHv3w9DpL
+evrFydUnObVKRLIKv8tJ/v5P1yeaJ5wKAT1tX69bp8fOjFKgh80JNNdPnK1t7IDu
+2dUssf5qzRoi8KGISUkLDnveg4l0+cVZFobTt4y8D01N+ks1lPqKj4PyCBuxIBKb
+XNXQXVnCPbQT+kKy5MBab9/CMpR5tHw8GNGCbFLnwB/ovbaEoov6fr/Jg0f0t4+F
+zVcpNjWlCNQxVm+Qo3Ov9yhkpI/2B1lzodFYHcUYFk+PZlPKUYZmEnyuiiL0i1YN
+R2Zj4RUvnn0m0OCP2NbWOXIzC87Euv4+3Nn91KpcRd0y9tzDtf37TW/gIEZcotLW
++7sHoqm4i39XRrsszRGIZ6qL8WrZZJhoTw4hMQ8qNJ84UfnEk9tq1LUpBQQ0uJzN
+U48Xvjyk3F+WLVcXDLyac1YOrURbD8LCixbhxXXgHHTjUEGjbuoTqLT5SjL/f3jR
+WynPTmMUxINx/Aat7EPRtjWMAKU041mciY9V4QhADEWHSzMB6B4o1VHpAA5I5x61
+y2AL/grN711ZW0OxqmO1iHVWlyZm6/g15gJP6wImCJ3EowXrTprKTrq5RBITilyp
+xOjBBdFRCdCx1foT7Br7SI3MubG9dBmxZOLbWgTfCDVcXHIu4B5dIVJ+jKkKBW9T
+LNsjzXWUkWvG568Kf/HmN1/1NmgC4/z6Kr27IvShfeygg8a+46aj2Ve0QYZOMN2o
+cGl6nVuNEWBsanFu7ysn3i+KSYvvzYgiMvtIA1Ct0yFE/p40kC/0sDdQPVTL2KNG
+skKRlEEyIBLgeS2B15NAkGyiMMOeKGPLOlEvNTcV15ylTH7ml3vCI0kVN7d0PMrF
+6W/I7MabfxcsghEWht7tHXKFKXNeqc0oukqLgRIOtVOjjdutyCQlMvsKfQ1HA4si
+1LqPOnNSLfVDWcgSxSaYPiCV51SVLQEM5jIEE8B0X716QIoIkurp/841cvu3fM6I
+wTAgwyghnaomWchW8mSxg0Du/Kk6f4De9vZevM5I8ssciB7+h7cAZGeOzIksrjkf
+oVSw5V6ZEpoZmJbqHuYvho9SD6wHud+rE3PKcsR6GMYFP71K/6hc4anDh3qmxM5J
+PBCdHMD7ZmdikNGZVGoqr59u6E+ZQIq7lqP9crLcnnt9SEKRK+2bFw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem
deleted file mode 100644
index ca7dc27428..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem
+++ /dev/null
@@ -1,116 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test22
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA1
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDIyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2H58UKDg/MSuu2itx5AvPDHHk0lMX7Bu3
-X3Vok97lKf6HAIseNFrZecQGe7RtIm3ICK1WFaq9tKE3MutSXNCcZ+CrPj0H/pzt
-jlFAlRN1jpTCSj3rVVAUpL9BCHMWrZ9qf8FVWgWI3YMWw7cgqC45VZxRYN0zyyGm
-pz4tN6pyTwIDAQABo2swaTAfBgNVHSMEGDAWgBRswRRf2Kct4IaTGVwL8Em5JVvo
-HDAdBgNVHQ4EFgQU7rkQZsqGMoKvXfmcukPIoHnHBC0wDgYDVR0PAQH/BAQDAgTw
-MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBqHSrq
-s+MMY0Cfl9rlm+QyuARye7sTvTM5fQkOs/K3US5mAMfA+ei6Prb+u7FqxUya+Y9s
-6Q0AeDutkLkdJWPbJd7B+HsQCT/fWFvYE74YOOu5DTmtII5zVS5bildOaE/xTw2z
-stQtRX9MHe2JVh7WK/CA+TghpnYDlW+IG/iXjw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem
new file mode 100644
index 0000000000..0b0792fda8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 54 4A C0 C4 81 72 39 D4 8A 4E 24 F4 0F 40 3E 74 F0 2E 17 1C 
+    friendlyName: Valid IDP with indirectCRL Test22 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test22
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqJ2kFX3rhdZpTg
+Px6TrqsUoVkZnTV1VPB30WHjhSo8PxTV7IIrMS7+Yhe9EvjERdMFUG3bGYx0zDTf
+aUxhAq4zPlgrRpAd/sqGRjWFjuB++XEUhVHdxhUe/ZaPPqtfPlWDT1Qk+HqgMvvd
+o3F8Ajl08Rr1q6rTApSkSrpCsR6Wgqthi89kexDQblsnANxIdul2qW6rrb4Y+QRr
+pxOgBQx7qHUe/Xp/6uqCNUQKQK6Yio3bQGGD5bUnLUuUBNCxi8Y/7Phc32uSyz8C
+nz1wWjRtgUybln9BPvUbC4G5FwQN4t8J22o5dl3Z3HqCDfFuUnWqmvj6UYe7hYQH
+XaY0xm0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUJfiv/K+2qRobeUvby2Qsi0uxFc0w
+HQYDVR0OBBYEFBoLIK5VtXkG9/HqwgoAXXFLiMNTMA4GA1UdDwEB/wQEAwIE8DAX
+BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAFLJoesb
+KHha5M62n9PMG3uVTq7B5c297IXuHyQ8YrB9AdMlAGnFutnGalFB/F7hZxEGc9bf
+wV8d5h5nQeHQm7UVFwe77JzW8OmG/s1w2sNVsQIA1KLww/p9QUxyOt5sJtNRpkD6
+PBTCEzB9AGyuBCOyFEJYwai4VzVemb6kKQwxhOve6zRpqDInhxLMAbfpZUh+ZqLz
+QteK/QT/55XEbVS1EX8G1cwK6hSY+PzRkapFMJhkqPuwEprDM8V+AtcZqTnh/jaa
+N7XkfPUZSx8Txf5qUcVilaaQJXzua2E8JsGofSpjzAgYYle+U4YkAdNN0AeeO3O2
+87DalX4w2xAbULc=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 54 4A C0 C4 81 72 39 D4 8A 4E 24 F4 0F 40 3E 74 F0 2E 17 1C 
+    friendlyName: Valid IDP with indirectCRL Test22 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FCFDAF609DC1BA80
+
+6F1Q05vjm3RZJ2xrIsWtkTUSHybgIdMkOmrSVn/WBbyluMoeCOgMoQRjkAHtvGB5
+HD4+MCchwd5HcxLscomcD7QCP05YNkf6aq2ItdFk6LlqeWKQ3EqF66Q8QK95N/CU
+iWhGmcZD2pS/3527McaHe1g8HRePpXEQWt2UR2DQpMgMc4TiHMPEVqrIP297EEkr
+uPrQuqCqsJh6d1h+MErI7ZRr1brMqtazPzGcD5y+XREgR53nUBE2Tgm9X/gIHHaD
+qVXLo3RiNL4fFfGmApgOrm79zRbbXd4XKemKGA+kbKicYKUMgfMSF3YMJn24qXSl
+AjoUZ8KK4MCgPLcvMgMD6eQ3n2BYeHf9b398cAy8DPIH/bLNhEds6B4Z6qFU/oPt
+VaCParF9FR0AaevuYnieNdKjmsQGGCe2+QdFCRsD5rqpJzsCAg1ZfUSdU5zq+636
+T7aizM/k3NoDf4OqkFfkjc9nOAioYjD8XWY3PwnxslXk9wS9AIMp0yloPjDZtnL8
+ewspHiOpgDHagQ4yE5ZZEivU/7K1CPxAsmtMZXs4QZx5ABiF1R8AQKdAPoL3m566
+7zDBOxUGQlUU7b6rZXeOFxr0iUMfLaR+FJ3/chS6dv2QwGrxQWSGNvcvN3J5coNX
+fCVlheskFBeBxynRAyWz8Akb5miTJks5yHR/e7WL59gLRCBaHUV3DRod2999x0Ym
+BVZ7o4mAN2a/hukaeApxlZKaAvSXyNoBGAmyRd70kKRB0ndvQQJmBAvMPYyCqYef
+rTt3l/I5Dttv4uIXtb+3lAlohVrEDHF26KrrPDmLRET80E452o3HVGLYCwUgb/Ea
+9avL/mXBiyg+4JdKsoMZ9sJ2heRja/zxyZ6Fe0eBEKt0HLQVJ2u3urfkETqPLVqQ
+ZRX/dgY96Y6OmV/3nLojs0DeZYiNoo9TbpSkcccfggkigRV+ZQRub1boGTBC9if+
+56V8EkNHfmgtL2L+S6jYP3keQBYyFeYrNzpukekB1J4Fvji+hpeJO7mn9VQMbPQB
+ow/bJLDfSmVovsii80seOztMK/By4h5N5BPkRkJxPqF/Tulq0IqhZ8Wj3XBDnGfo
+0PbBDHo1ZKwQ+DgLs8/HDMfikv+OxLtBaNUer8hXhJQAvNVGS2i7GyW8e+BulnIj
+QsiboBoFmIgy3GoCZb909VLGxQszl/g/KPskT90XuPLPlMg1FZA7I4SiN2MRp0AK
+fvao6q1ih9X1jcKinTMDzsuuzNIlN4hongKiZPc1c5gVQtoGDn56D72DS/LJ62ql
+AEXwxTl2CO0xQrIHBft5woA7uGKUOO5RCxXLcU9XK5AdgYMchrR3YROhFxR6HYid
+k6zmlUNrxRnJ2jCNnQTfMG3ghqEJaqkhmAtCkVeDzOJmI0M1RnTjs8Vk+sTT6+v1
+dIF5Qs4Ok0RoYti707GGcWFzVQCb+WkyTM/iPtnAL54fKJaegH5FQ6Bt4fq68ToG
+lqZOyp53JbCaekOIGOivpLs2KgqHQyjnJGsjhoULqIXtdryjChtaILDlCeGFdqAA
+H3NocCuJc9avDujeUgzmQ6UkuNPSJ+vQe+Dz7qmNaOOFA4CG221euA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem
deleted file mode 100644
index d069a80b26..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test24
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDI0MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfPjamOqOBJ5I2GqRFerJm5J5EGXpY0CGA
-2i3yoxIxrL4B6vuDMX7x2Zh7+JRcggTd6xwFetZeJWWLahi51RWjfa3RKfwa3/wJ
-yxCvJJfDAdr0zZE2NjXSKDWBdtYxpqvOo/8TCYIvrzKF6kQG44bZ6biAIC30T9vj
-Kezab2UgwwIDAQABo4HCMIG/MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0
-u5wBMB0GA1UdDgQWBBTmjKLn116swFbGYjGlN4lIL3ZOzTAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFQGA1UdHwRNMEswSaJHpEUwQzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQD
-Ew9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEAe+QvzalpHWA4qr6K
-kSqLzdboAOHGA4+9IYaqUm3rczXhCZrk9cJmWTX7l3grLw4NMMGYkpvy+K/ZRTo5
-7qatlnIg1IxOuR/FQjQUZa+qvhv261Dlk3dH+QlApPxEZyjwCmu9qlXuQaLRWPVM
-Q5FPPtw73O3MCtrfR0D6/mS5zoY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem
new file mode 100644
index 0000000000..158615fc6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: FB 70 4B DE 3E 97 FF EE 22 28 24 7D A2 8E 92 7E 7F F7 4A 3A 
+    friendlyName: Valid IDP with indirectCRL Test24 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test24
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANaATLttW/ZFV2eW
+ylu7TX/3e1eXb0QwgbbI+sApv69RhLxQT0hwCVU4Dm2dAEgYo5i8oOi+rTOlnYXU
+4J+v+Jfpr0IzfX7MnyYh4xnkHb7+zZtPlbOJKR+F1+gNRAyWi9vMXNr5Yce5v7OW
+hvlJdJMbGTC+24xywS8PZ0EjTIlLnsgzqEY4y760mvmdzQpw22RHXZkqD8XYjw3W
+PmjJKJ+/YhMh3I+VVr4UKW7B2f3RglOyznk0XJUFM5Pw+6XuFbA26DG/Awm4AHmw
+fTVmV5j0Wr0T4zpqcZWC7mMRs4ggY1mNDfRdH6vOj4ShyZVPhHT1FGXykS3BGp+1
+6mgMC/0CAwEAAaOBxzCBxDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWk
+ozAdBgNVHQ4EFgQUY7Pl5pwRT2IfHI3sZo8MqlHb/kkwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBZBgNVHR8EUjBQME6iTKRKMEgxCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYD
+VQQDEw9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQELBQADggEBACWXiBBJIk0S
+WXcaAbszXf9HPFRQ9ntKHreNu9ZjWlLv1gc3WVwZDyRa296+uDyAfetZrg2ViU6I
+VCpfmTRmvBfqJ6TO9qSLN9wtfkoAqUxgX4iWczOAnM7S9o3nQOHGRehAw87ub7o0
+4KbwoOENZxqTF4xNHGzw5ZtQIe6CWTMBUN4bnrQm2zt4kzXenxe68lcr3q7JrjhV
+RGh3e+jSJZsy4HuaB79OTFjHQWblxXGXzIPZfRZ/YUJbRhTPpD1ToQIdu/c8ag4h
+6ZFKeeB9pUPruCLakD0WSdCbWW/Fb1kVSLWHM9R7dAVCw7ccm6K3QfAzJK/FhwjY
+s4fPLXGaPrU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FB 70 4B DE 3E 97 FF EE 22 28 24 7D A2 8E 92 7E 7F F7 4A 3A 
+    friendlyName: Valid IDP with indirectCRL Test24 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,45333D253C999BCC
+
+enI4SCgHHLCMKR4XZhjcbC40sQHu2+JEmMmcAfXLxy9mxt8zGpzWDbTJw2j5LaA8
+3TV97t5HWKpfSdOG4Gfswp02EpdZeah5AdSE640TF5eoSv40OJUXxEpg2KhxdFGG
+iFwK9LBBiG0ppx02blIaRcBEnQI8Gweq2lGJy2xsT1IpqnpSqSltwd9GEKicG3mP
+rmdE+MClY1sOadzZeoaptABfftFtJtkKCR7M9ZDwgh0etnJr4sH2C+itxGxhmzkz
+GwT4hRlmCXMlL1n5YgKx4uHGTrwA9DOJAZ3egMmrvMvF0Ohe13D38kD7pjdbASrk
+RzsqnfvCAmZsyq97HsoL4iHO4l/s0u+xioM33ShyZawN7p+sBiZFmuKknl9NyzHx
+ZQ3ZjMiFTLm6dJ7cg7vwU0riwlY/yU0M+Rbbc0aIXkPog4YdZkeFrrrE0OnKe8qo
+eWJYd7VRsGzqQ4T3OSYaq/yJCbjtAJBZH8uaGRI+c79tg1yuIIG1kwd/8rg69+6v
+QPpcckMGcSbjliAydo6nPYABMoBuyTbF40MXS/hYTlOq39enxSqaEqO64YvDMA6w
+mDcicf3Ymasef4PFy0htwGPE5iLhLWoPpPpnuXCHZI0T4nnlwS31rTlV2CRyqwzw
+R5OWgJjYozYzJbg6IJTFohDvQzVdXvXYbt+P1Das/lJuOZ8uZE1JhL7Yurzil8BQ
+RfEXFrZWtwc9b9qfsk9THyYmPPrRt1tl+UGh65TCM09ar58T4DPbAkNsyflupYiy
+r7FILbd9GbF3dZOrvlnvr328iFaywCHG3ZtArYAz3PhypQGtZdMU15n8kL5X7Ndp
+RO7xWVG1iBywHHz3yg5EyG5WW8Ajtn6xVxP0Zj2rGBwJIbpntvHy4LOfdGpRY17P
+ScENZWiGg5qizI6SS1YYvuOenBL0VV7ciAxoWP+mJLY33XlTz5nuEbWUVw1jzka6
+GQlRJkgArBwtsaaZg98s9t9qiDIzvKvCbUbi5WLF5g9AoTlNmKC9hYRPDJhcQkNF
+CIM9YtLtjc7M7qxE1iVfn1S1S/WXxhc8KjCuAVknsRbZmrCeHVE5juyXhcUTBwNA
+hdeeQ/ofp/HoZBQontU8cljhHOp9gn/XmjuuaRCY8KPW0NrwQD12NdOzAt0cTQKY
+76+yYWup+4AOad4NaRUbc0yL68EQ6eBkof3yRWtpMTF7297C67yR2mPNTIu2Tqpn
+xRHFTt7VlOa1DzioBVqxBTY/QrPfDWqLn09llFo9UQgv8jyJiICUd0KuqBkfgzh4
+6em0H1l/Zrjj7wrzEA0ah1Gt+qo6HXTeF3Ji0P0XsRB76KWXxdvEHh3ERo8XeeL1
+RVeSQIwi3dp2Za27XPBjEqAdw36rjTnqw3S+MUiw2T8RZcXKLl70r5vOWgpxm3rS
+Br1pEJauMVQHAppg1nfkTHhFdOhHozMoiGjmqJTLa0WQDH/Es24Ai2QT/usVqiMS
+KDbFq4RrCdNPSghgl1+vK9+epdZKOh5rmHGr+XO/ir3ivPA91rMFb7PoPkrkSTpM
+XSzrD0g8Mu0EgJUKHHHa6HM09hSQYdJitUTOgKIGBGSYaRx400n8TQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem
deleted file mode 100644
index 9861f0f70b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test25
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDI1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf0B2LJSDNBUNNk9cwJtpviFO4J0nIRbuc
-O6UsC4jXoQrcgUkZOOcYIT82Yz33dg4bv6K2EXqzJwIfBGq6JGvHrAl3djShH1wO
-qasa6FN6vCnmb2Wo1+7KpwCSlDAWAYhNTcb8tGMYGiOGd4FMhEdA/y4sRqmuJEOZ
-Uw7DglXVewIDAQABo4HCMIG/MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0
-u5wBMB0GA1UdDgQWBBSQlj00h5t1ic1A+gEB0E3NRYLbqjAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFQGA1UdHwRNMEswSaJHpEUwQzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQD
-Ew9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEAHIf/ZJSSoUe0ahpi
-VXce88mnP2i2KJBuOPFVGyJHSY2wGKtm02kgghm1bSdwVzXOLwTLa223rjc+cZcD
-7lYleZJEOeEnibK+8EgTf0Z/D6VnmIsQD/HHhpkmvB69NWVETkG1VtkmEHkaNDdQ
-2WsP41gX0VujQE2K3UK1KDPPNsI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem
new file mode 100644
index 0000000000..a716c1a069
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C7 60 3C 49 21 82 1C 54 08 8E 4E 04 25 0B 12 11 F2 FF 15 09 
+    friendlyName: Valid IDP with indirectCRL Test25 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test25
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMp7IIM5L8j+PX0j
+W3jaOmFU0IZb/uqR7MK/+CPZSm3YN7HvAYvxTVC++HGP8PNZQIn6148vH+shf79U
+h9DYMPtvMpDBsDirZZYe79/9CCdO49n/1nLvt+6Q2RwtoysAT1pfXd359RPZvu78
+oGQvxnJwxH7SI8ZWhueOArm7aUTqUXbWq77bXsE47/zYBohwVNAL4lm1rNIw+nun
+Vj7og5FupDZhd6YTHlm2hMzLh1VXpX7RNGtVLouLEVLcdqQsuzbZWyTmMm7V0jk/
+ELBx2jdcrl3qpyJ8yaPw5mXbVef7YfvlCGRwOEPLY0FPU7ROfICoC9J2CFqq8Opm
+TYdehs0CAwEAAaOBxzCBxDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWk
+ozAdBgNVHQ4EFgQUtY5A4mYCw2O8gaOCAOp+ELpcBt0wDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBZBgNVHR8EUjBQME6iTKRKMEgxCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYD
+VQQDEw9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQELBQADggEBAE6t44yeRc39
+gkxrj/OJMlMhO5PM+NOQeDO9MB4TzbO2lNo08dlbz5bEmfnbFA77mthpoXcSTvkr
+HgVFncAs9qZ6V8zV8lccn5eXiuO/dFpmS42eKE0rhk4VkBSD7wSWPX3vuLXalYsU
+mtFOyExDNRqtKcGAEQMyQcvw0SuwDHWHuRXZ5uALB6WU8X/uNx/jmWjScyQFnooj
+oGhOakKKkLMciGBPF0+2VZUKbaknZmoGVI603yGRXxqlF+LdSaGsEcjfUwpqSiry
+53e6GfDspF2xH/2IQX6y2d7Jx6zH4oT46jDR/uPwVXWAdhQi4Z4S9xj4G9DpHC/F
+NeK7pE3pYSI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 60 3C 49 21 82 1C 54 08 8E 4E 04 25 0B 12 11 F2 FF 15 09 
+    friendlyName: Valid IDP with indirectCRL Test25 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1B559E6CBE8CBDB7
+
+lzuIKJjyltjw37fK8/bSCA8hm3s588px3Hqnf15Dr5982IuT0gOzDWy0NNodvkwh
+Z8TlM/LBopj8cd24FV9gqKQllGSnpMonIw+jqO8pAu2XI+WAvRUmVdLILD37ccE9
+3r5NRO0PTLoXTStn3K8BNqdNEMriTj7+8qSZ5d+RsUvnt9rD0r8mDY5RvsUcuDER
+63x6AkWEZYXdj7Dh+gLxEWZrBdZx9NDhJ4hGc0Oghh6valpbF0x8MFXFmRXfAwsJ
+0So5Nu6WpW64tfbeI1s7IQKDrT3mg+gPNTYY9P783ULstUEcLGtklFMNG7mnoTMH
+xDMSTICCFuM5I8waJdwj/pa2g9paFjG5H6gye0xRlzFSverVw7vro+IV3EPo6+1q
+33Gj5yPNM2lwSPnioOwsUeC56rQhI/gyKj8HB3yxB8TbF7NGctMfpeJIreXlehp9
+qPXPiCbBxrGRRjcerF9uvPlJAMNXxwwxBloRjVgKqDypbrGZJtpT5g/dG6HzYbUQ
+VruyoD/+Kb0MzQFajfCOLlyzVvYJleOqix9JOH5KKcgHjVH6FtHl+X24m66tCqKO
+7e+fd4NNFW4zOqN7TA5gPG4C7kGjRKs/pdRF/O45h3thhxsNpaEl5ekcLEcWaF5i
+lkUIKC2pNjU+VHHUmotWMYxbt64VGBlvaZxPZgj4HIabe3V5PBUw7UuozVh4IuIp
+4fcvqi5gxlBcuWGwii06IbcskSLPz0zKWx30IUyc2B9gSANpPxO4hv+qTace7kEj
+tImEMHpLsPwRc5wvPxodquJZInH7YcUfga832eyIG17HZsfUOkHSZpd53UIeiLgH
+U/4JziCBuT9r/Q173bXbzFSthooy/jsq9KIppNmA8w9Cn9xVPhCxdREErclMtAO1
+MCXRz2gj66tsihm0I0R4cQpuwHKDio+34pLYnis2nPlCn0gIJ6Paxddg1YBLIAmP
+TuaXfFZKFoB0qjR2by+SKcIevFdbAmYalxAknJupGMm4EMkb/Ho2r6horqKopqWK
+/DN++Om4ugAM+WELeSWZ6sP63Pvy/Twlnh1P9EZHtg/180ZgLqwbr/vGsHdRdGZW
+u0cvbOSSVMFhY5V7DC5K3Gnp6TLoteD+W7M8JHzerww79eOe17HsnIjUKsBwH/Pc
+xIpiXbzaXQsD8MEwB40E9ZwF8/35wn8ARSSiun316yhG+GNEtI8ddt0z8FbVTybF
+Sw4hbv4UC6qS4VkkarBmmUuDzLIbgm9VCisK360q3y1+M2Y9rv9ZVhHBU2/CGsuY
+0wmfXIMekp8iiiCLf/6VG1nrb7E19hxZAtBp98UHSB0Oa8gjwS1JQl+qdWSQXxQe
+uMBMCXehHiIjawp4Xg3+8c9GCt22d5op0w+CbqmR/t1/h4rYR+qf7uqCOmTyfIc6
+2MHY6ArzSRYVdg4xO8+AJFfmw0mn8uu+elsLPxtMYWuW7BFEiVTLw4HvbjOJsDWZ
+I18zW8lGQPIOzsxq2up6k14I4nhyxfWWAEAAol3HvfhDM6YYjt5zSVpspSFefYsO
+N/atLtmzNIeYfbbLaXKKwKALgcAX405wO75wDa7gw2roHXJMnATQcw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem
deleted file mode 100644
index 58a9b915a7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Long Serial Number EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhIwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBiMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxNzA1BgNVBAMTLlZhbGlkIExvbmcgU2VyaWFsIE51bWJlciBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtO
-3auJrAWhozm7l0Z1T0lT1bIb6AWcsrX5hHI03QNjnAsiR6TwhLzknLevcqY1FMOd
-3CQ0YGisyl+jQn6u0vn8gQbPvlN+HaEM3KhBED8jqLLcnspGAS6f8oi1dpWNK0fL
-NrOz4DYCp7kQVDXIBmifayg87zrHaz6X4lMhxgxJAgMBAAGjazBpMB8GA1UdIwQY
-MBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMB0GA1UdDgQWBBTJunkp/mY4QxI0f3ob
-s65e11IvhjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBAENEAZeCPJoLGi9JOR7np7MvjQtU9NWutm2iMthF
-MYTKIG9CmYoDbDGl689tIyEHOSJO576cpCvOoORWfvPNFqUGaDKjTeZ5r43Uq4kM
-G2GcseomSZC95SvZhsH5ZrLkdJLSrOe1B4RiNQV6Dx/EgDr0t/CL0bTNhh5l72LJ
-8cNi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem
new file mode 100644
index 0000000000..6b5c09b394
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BE 0A D0 4C 5E 46 41 6E A9 35 8C 37 3C 87 7E 82 78 E3 80 C1 
+    friendlyName: Valid Long Serial Number Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Long Serial Number EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhIwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5WYWxpZCBMb25nIFNlcmlhbCBO
+dW1iZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE2MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA60l+Uxo/EscQHc6uSZTNiff5wN6+vHrzNTO71TXex/ZZkPw6
+h60CNBdw5TPhvdRkYALq7mdMqTMzHntTBnHCc9BVlEOHvyo0FtrcpAplNKxSgMVB
+dlT9/9LfuToh8XtO9EoQXz0zY4857N8rol3bZb3DyG2BpIxbFwRyYYJ35DpKlach
+uJeEGxr/qyV0kb4O4WQtFUz5udNYiMc4HN8jIpFV8JkBkcJVLxbohL32Sz+k0uWD
+K+Nu5R+kPqCUxdI1q/xlexYtbeYqlfCb41mP06tpR8TF6IEFpFVEtAc4Xgf4dwXY
+EMit6jx0/vhWc2uHse2wETOElP/BPHkcQyxFVwIDAQABo2swaTAfBgNVHSMEGDAW
+gBQLY7dHrsIHMht/b+M6uOoL/9dkpDAdBgNVHQ4EFgQUfoW1hg1ZwEl3TiTkftke
+9bK/LLowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEANAtNHPUyv/1huJvEABDV7HL7a4m5e9dwt05KChqm
+I2bNZ2euvr2tmQD4+jCYpD62IYboWhNGc7mOiMe5SqbDvfI+nddwjLg7vbr61LYy
+kmTD+koMayzBsvAMvsD3GnEFZV8mujcQAfvFu7+lT/KjhJTreNwmSsF8Q8jCeC4f
+oHaoT6hnYNgpdzjMrVtDLIwDjB8L/a3XHY1LnCk7Btle3ge7huFnkRkOdPDT9u8x
+HN0tMFXZWi0MbyIyj2RZjgxpxI2vvFNRviGQfd7gcpLzoinD6USFK9f7hUXZr44H
+bCQUme32AqlJ+megWOauS3WUaE/8YA0KDLRDeskZYiAspQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BE 0A D0 4C 5E 46 41 6E A9 35 8C 37 3C 87 7E 82 78 E3 80 C1 
+    friendlyName: Valid Long Serial Number Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E6C9E4D61288FE11
+
+e+AmA7gdL7PjQ0RHgLFFf1j5Ol7nkQwTFTqP9BKrkhNN9YThLPv7AmCmhfNPqUWQ
+M78x+MUoYMr/Cj1OH2iyzER/gwXcX0smv0HQaQo8bydLXAZEpCPEo6HRvd//UPx9
+EdrRjvTwNqJwXaSsZKxj5E69gIbUANCKL/6itKRuxgJpCl9tVwC5rw4aC01rdojV
+QdF1NbNsZ+8e8dq/UHWbw/UGl4i/o+GnZ6257Q1E+enNF67EW0B01Zm4FUGI2lMa
+/LhZa3CxwWs3lTXA9pQumncClV7HjHMjOtPCOc9Pb2dhdhjBngc1wgk0ZRjnRgoS
+Us6pjQ8eMyP1U4tAR51S+cStfeL2SWiE/c33mBGwTjbrXh4HSdXGjxyfOtgVbTWt
+L0eLsDZb5kxfZ9M4UGspk/MLq9lnCbH2dYd+9PppVknhRahOpuPPuabYv+h7AjHG
+QsTdDkKbU0aXGvIVcA84rKn0rlWZbd1q4OwDPLoDSEkwuRmGqisOmOkv/BkjfLNy
+GYKBNJw+AmBX4Mv6Xx3hiX23ht+fBOqUJh1Ye5+l3DWlnpgF1tVaOKCraSeOurJV
+PxQwCbQ0JyTbyxduZ2CQznr8x3n/Gs2rbrFyEco/8YAZqFxdhs9RqMLacavfXI50
+UAY9tqHLT8M5w851ZLxpCHFKM+PMoDMZNVG3LhaH5n7NkRKQe5HdfQmmeqzbGWJS
+0Wx5KPNMbDykIjMFxYdHh6C0ftEERB0qinxQPSwPUDa16/eKqYT0EPdxCUi5QWEG
+77YoKFMLIKOSPEErLQQRlTjpVxtS+EuhGZhzxvIaaVyZf1BVEuSAdwLpixl3Avbb
+jN8p6Ww/aLfLvGkeRvHVaPPihHV5TAokkCbpdUn9ZWVRRgfwaEPrpMzZ9QXxRWsS
++yCkwrQ3sWO4UobJc0F7utfx7OdsLVG3t5LI8sLMACRvDkfkj7sIle3aSq99WYi4
+0H93dFlhlRYK5jK5bqLEeGIPFxFqAFAAxZiTLaQWrEWXPLF/J0PLDJLJd++OyNts
+r1tLJk8TM0KhV4ifFVDXiG6T2y7+hMtAYIn3vPvVzDLp5zsDYg/1OyElY2iEPbHp
+FvkfBRHJwHzBT7hE2P6kPi4tFy3MW7xCzl0jQL0aPR17qobVfre1nHPVFDmjg8RL
++kBbBtaCUTHIWUDM9Qmz3uEQwNdhsJ4T7IDYLvppAGdhblHJZjx2j9QMiQALf+Q1
+F/vSPV8ejSwHpQxXbP8qXIxYl3X8REpZJpBRSBy0HOxOVmpJvT0B8vLo1TWJ9MrK
+PA+72UtMfWlf0SzCfrF3PVR7zNhOkoZG8tkQCHazbgW+wGyPH2yLq7F4Ra+fk/OG
+T/Iyjj7GcW12Y0KJbaWTcl0UHzWnVmEiyp/2iOBdpXNRAzIWSWm4UbD+VX/SFtP4
+xbtv2PDKXi2DXQXU6QFgC1BSk1gGElN8f+JNrdwQkz4YPm4i2eS20jL5XdTGuxYw
+poqGuekkEHQvDfIX4vmQ8tZtdOx84BH/wipf/9VodeLatnrYTkt26rdUDIBqPeWE
+dkVTwIkIRPKjE8JcwInj1/uX73rPsRYMVAWbGoIsVhpbNlGzbQLCmKgBXnJa9iF2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem
deleted file mode 100644
index 16037a0097..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Long Serial Number EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIUfgECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBiMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxNzA1BgNVBAMTLlZhbGlkIExvbmcgU2VyaWFsIE51bWJlciBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMmE
-I5A7RJ2dsFgrNGpTKPbTNkMlTeSA0APdg25ehg2jBXRX32Y18+LwdacaCcVFxWIK
-z16aAT/8U/rmoP3+dPkVosnTcbJamr5D5rE2D+QWqHI+4Q0saPg91CxVTkLhxU9R
-Ck1bLkVggnQngeaqCNLIAHuP8N44+V3Pytm+HddRAgMBAAGjazBpMB8GA1UdIwQY
-MBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMB0GA1UdDgQWBBR7xbA1RfoohD3hr0Lj
-5WUT+PO6hDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBAGGq1mqUIqGhHvuMEEdcLDESbvJ2tSMigxNjqvGi
-zWc/CpxqrWchwxA3zF1/M54g1Shi2IAxIp7lfBJbh6X8o/8Dzhc7Mff3HrrqTrC9
-NUuJEFGx13X8FRoEPgCKkn/kl8fDLfTvJt/Piww6fE8s+5iiXwqaFwGJjSgz0UqW
-re5l
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem
new file mode 100644
index 0000000000..53afd0945e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B9 81 3E 90 D8 72 4A 1A 45 29 50 D0 DC 19 E1 1C 2E 29 C1 44 
+    friendlyName: Valid Long Serial Number Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Long Serial Number EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIUfgECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5WYWxpZCBMb25nIFNlcmlhbCBO
+dW1iZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE3MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvNWBkGHs4ey3i7wnEUSxL3bZ/wcxijWbLd45CdHlfcrVluMb
+reijfhtxX8DrcfzSzWjMuq+FbReq/XE9Lig3FABFCscvbqMRsbVJBuRxykVx9Xml
+xyMtUScxxhkVFsJdGS6YRyesOX/IQSdDLYt++jRQMZ9WwjCyf3rl0w+vAmwzX9kg
+bHAVJoE71zVHHz6GxlLLuJVrYawr/j6Ao9sjniUNWsR0r/JskIpfwAyOPktOopuZ
+AlsUhw/TagkfTn7PTxTGQsCYabh9NJejgMH67nFWAikqGSsObbkGYKpqf8qOtsk5
+hW8PMGBe4Ry4OBL2ITdSfuU1DZWbAsOBuSs7HwIDAQABo2swaTAfBgNVHSMEGDAW
+gBQLY7dHrsIHMht/b+M6uOoL/9dkpDAdBgNVHQ4EFgQUCkxTRT2mlM7HMRp0Z7qK
+tbsHoHcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEAqesLoIqzgv5k02gA0rW61rhlEnQcwQ3v7qcl0816
++Gn8Ozxefx/tN49JM7VlVIDDATsLynepfZzhyb/5Ag+Yq0FMaMp13QN4ZusGsNJ/
+LlbG/L7nQejig+BAYzD6MIdpPKozcaTRYGVZjZ30YYg8SVEN4nr1KTf4ExOvqAH+
+dHlw5JXln9w0GTQfHyhx0Y1rCMAyqlrffbktFJMqDuUnoWM+9YPtRfswATAAY2QO
++OfKOvuYUOvPECybeD2QDFKOHYe7gpXsjQsEuAmUpDAoxvpay6VIEeytVEh6VpYD
+3pYPFGmK/SHDFzLVMMIFyHOpwQaoCiAAgguMsVVS5Md97Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 81 3E 90 D8 72 4A 1A 45 29 50 D0 DC 19 E1 1C 2E 29 C1 44 
+    friendlyName: Valid Long Serial Number Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44A9DE28D5DB80A0
+
+qqGl9iO5jTbHmXHqEWGf7N4ADTdGCCTfYzjwsTpgw5lWTyoH5cAKkoX0zU95+Sy6
+jBmrxuRnexwbcKG/yAETafgBs8uT/cNfmviYuvrOXjMK/WphkXj4iUDpsKLNoT7W
+shW3WbwQYtPeK2vaF7nLig//b9UD80Iv9hoYO8joBgNqv12rUOiCqGJ6EQqr+gNU
+IxjPTKx6cfEqzbKu5pQEXkT2paD0G8Us6uWQOj9UyESUuYLCciivtGuEAPBsaIxN
+zI+7DDxXD/eFWAjI7Yc0ovGa+gV/AxeiHFNJi0q/bjm0+1PM44hgadbqiphZlcbd
+wyYNccsO8HIE4pepI8xD4/SYCL9BXo2ukdB1B7sBXoLM+a/Gu9p3ZVy94c0RfAST
+nsBe30h/tvomue8HoIXBWsTGZYDca7VOQAwLkObli0atxQOY3rAQW+eKc/WIyX2t
+UGf6qwWf/oHplLanqQchMV2aG905nFCNHhd2T+8fElhbgBYc4YpMQCnLtZVGvs7R
+JRAgSPekBVdj3JyN71xaMcwcuqtAcIiAzHNyFsv13CsxKPcVgBUnE6KUnkANG817
+SwidJ5tL/Lkb3iS8qaR5strMrLqZJdGHfhvZ0kuTvW6jFIPqT9qPpn3MbSW44WIi
+hOFVgSQdbsBxyEIIhlOpAW72qprgGAFHNWD77RqDmtbh1+OQadD3xDws74cObWBj
+Nb8n+9gKFeC1gErZ6EG9y5eHDQiAzB/lSHw//K+el7XDAh6UyR3o1Ob/pVmQaLqS
+VPIGMkmf+HtJUos5wETaqxJIlh9GypA09rVW5ZZSARxYdGh/evNVKRBPukGcQktq
+EUf0MCZcZGw2MH/+tdjtugnd5edGhmzesYRlDchnmSBGwiis0XYB4FuTzDSdKuD9
+S+vsb7e6x6rZFlEsA0KnAwlYNUkm7M2JzGjPs3tG4CLAKMY717wY/C3gsdo2ybR3
+bBESEa+0QHdN5ubeolPY2q4IVPes+Xg1HjPW79c2WoZ6CDGKOlC77aQ4AN4fnFNk
+AOmFFAdTNVVFsnQz5ewrd1fIr/r+rR1XbJBE8MkE8KaUAVxPpOJuwsIYa7IrBKAr
+sVaPC/LwBk+iFtUoN7dUmuu4Y6GCPTSYuxhd6B+75sv2ToK6nfIK9XDhzd5ua1s9
++7U9SjRXuSc81KfSwpy4Ct3zKcTmH2ggqjv5DbzLbI1G9Eodq2a012CDue4bie4H
+znuOAUUqM+7+un/pidIVpxCxxhCFxNShnotaP73LO6xgxkuBOCKVVphHcr4zV5k6
+z5D20cDGwk2vYdXVmI+fQ4CtwdMDm5mnc+P1GwDS5oiA8fCSq46GQDBtAyq++Lz+
+u7m+kLh7O9JNOre3iNeAGpZZrLacpd4sCaIZWi5QOmxcsbl3ojYte/c/r/J1/AT5
+ZAn6qi71xHjuuOdpMPCYOdBapbw12A9PU7VpjlY4f34B1Cdf3u1kz8D2ZVsaFlDj
+d99kDQOKFntH0XOTYMytoK1lsekRiLOsrUUMWkJO1ULtICPdjJtRk8Wl6lr5o7JG
+rA5/hsVnStNN8QDbRGPZgmFcKryroXGEAz/Kt7fPhYc7DKiK+OMmPdRIOEcM8zUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem
deleted file mode 100644
index 84006ae155..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Capitalization EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=GOOD CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dPT0QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBrMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQDA+BgNVBAMTN1ZhbGlkIE5hbWUgQ2hh
-aW5pbmcgQ2FwaXRhbGl6YXRpb24gRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAKKjNiRlU/b/0kN4KqqM8GCc/XOogauyq9LV
-K5+grKdIS9Hyb8R/YDK9ilsjzU/nYKRdOvMfUs5NYR7H1UhBJ9GMfo5ZJE7zbV6X
-COFLvi5STvmS1FIA1COnOuW0gCI37YuvoILvExZV0MlgOP+maCzYWDsffOoGujMJ
-/tdFTmufAgMBAAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+aFZTH
-MB0GA1UdDgQWBBRM7vD5b8j3gITFAx7LZDp4/fhR8DAOBgNVHQ8BAf8EBAMCBPAw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAFXVuDJL
-2xAKqFtse2QAF5GxQIa8VuJCdOuNF/KCTNQ65dWDvBRYuc1O2O0NaeN71B7vbBaR
-fLAM9acjYghtDQd22u/dErDTmKIS2IEY4Z3P1eGlLcNhpV1DsIAe6cQLgm+fY8jS
-1m63U2bt0Fs4nefPvxpkWCeLXOCr7ewDM2Uc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem
new file mode 100644
index 0000000000..c011252ed5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 66 4A 0D DB 28 1C AA 3E BB D7 DB CE 21 C6 B6 B9 5A 8F 35 EF 
+    friendlyName: Valid Name Chaining Capitalization Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Capitalization EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=GOOD CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBDTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR09PRCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMUAwPgYDVQQDEzdWYWxp
+ZCBOYW1lIENoYWluaW5nIENhcGl0YWxpemF0aW9uIEVFIENlcnRpZmljYXRlIFRl
+c3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7uBBbS4stI16Jp4v
+WGJ51twPti1iJLp+mNzQjyNaE/xC+J3w438fQvsKPEJBwl9iuTtIO8ijAGRJiCUA
+nnc7+PeJ7UvYBxE1tcggXXrE7pTJsw893bE6JHy6SxH+/yt/yRfwo+YqbZvtD+6U
+4bCsj/83FQvhWoLdh0ePfU3GiK0wkM13aD+pBNy/aMZHIOm7JjOuv4a2hbQtYWHo
+oYRYkhXfykCr37V3zwCbPsmGyVJ0MLtwLs/Q3Cqxzlp2uIoeFQR4e2H+ISfQg+Lp
+1eIqJCd2E3VJ8oKcIu2oW4soNL9mPNjKZdlwC3VLtRITcvfPH/otHuS2wcAdU+88
+DRMo5wIDAQABo2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86yTAd
+BgNVHQ4EFgQUeN6aGkOrZ3hSrA3gtRojk+AnY8IwDgYDVR0PAQH/BAQDAgTwMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAbqlb8g8M
+w5TaH8PXafNxxswC41xFgxZWx4vdQEytNeeAdFABrQf79V/CxoT+KuXr17wTstpT
+XqEF5zjsahruaSONLcUy1JetjUNW/Z7b6/p4s3NffYhf0TMqqLLatI63CCImH8Ap
+8ceCFU3m+fyIyTdIEHgsnQX67zZ1mpoFjlrTutSYXUHtfhsK9h7LCprkBOwjbjfd
+t2nf6nPx1H05oFKrFGpu2gAHHserXavCToQVsprK8jQ6r/8xHInJS76KK3fMT4Is
+iA6EiRrqGTWkPjh2hd6WaFz/zRhuLm9ODRuz3bgN9rcdxq8jYkDg8Fq6eqhnVLJe
+nwhTghrNhZqV4w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 66 4A 0D DB 28 1C AA 3E BB D7 DB CE 21 C6 B6 B9 5A 8F 35 EF 
+    friendlyName: Valid Name Chaining Capitalization Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8474ABEBEF2EE976
+
+5J1l4vly6GY042QtaorkypQYpT1DxoNh6VGLDt5ceK6iqKZKJc5AoXViAlB69xYd
+qusEHBs/WGdfXysIyThM/d4BVC91K+ZYeJZiknD/RhWLkxFfGeF36pC85Pm4ahxa
+e0Kq0VLCc6FNlPMnJV2clugdNaH3ZSr9A8luQJeU7NUHHAasfq/6DU56LUnBDPQB
+hsnnNlJZDeDF2vzZLYSKL7X0s2C8EHdB1PHWaDAnaDNLk4/3MQbopxoF8Eok50Gd
+jBUsHqo9/qEUP2Rf/W+oejs8ruW/WUBVEIeZ5Vfi+Df9obJB+r8KshRc/JH/8QRg
+9F9uAsUkNlzcCsbNTE+lUK2yY1JSYY3LAU1dUkI5W6rlJr7kASjlWsDb+ShVoBsZ
+HwXyHE0ACFSqgFVlAFCqXmoUXaGAxUsQ4bACE7sWlPtnCcCLp41JV3XobwGz6ZHm
+maY6CBPZXzc8Lcqs2uowAUxa2/jtZJdzpqAXTDks+ZHBgDOv61mvyByYWn+TT+zm
+qY8JGuTxDCUNGO5aGa2aoaZCExYo9HR8x0Pn1P7uJDtyDH1Gk4p0mHIYm4JADw3g
+x0ML+R6jROa1S+TaaYl0tpkmfX3BrZpa2RnARAxQhMuGQIS+KB7jfArgR+MofN3v
+Nq/hiRCZ6tOCuvNInKplDOzAAI9DJbVyMk5GL6KDkuqBEVWr3qhzwt6HnyRw0cVy
+AruMn7xRl3o5XXob/kAPK+WZDavj48LLMTIigObBbluOJMkVLkxqx71Hq3S+9NLA
+nIX0VSWKWjxh+wVczdYQDipX5uHppeaVP+fJSXIqEVVvcDSogPJ747F+Sxiw+KJF
+7DxL21lN4Oa2VFVPVWdYPrqnqSjw3qoVmONYB4Vb4TksHcj9wxo7DQrL4euPHtnJ
+bMWyaC2GMNJJUeW7yZN+Fr6LmhrUZiQKtjdSPNETJpZQEu9iFd9VLfZ/ukjG3MOb
+hHULOkls/rqwLgLG9gdChBf70d88xD2waZnQsTK1RSjQoyBkqvm1fJh7dgB6Lluv
+0On5y1hiRhleV7croW4T5UJxHhB210E/CrJIryaz8MbjVUrgdzlfh2aHH5c5kVJq
+E4HLoFjNIkURQnN0XcMbYJCT6HXhRtQa8vcODxrwtRLu4J/sylUv/3e5dfVeGuDd
+EBGyJ6j6qPdU8h4j8GhHtmjcT5900Mr2Fb+TOCnzQszo+SksndPQVFEmDmIBLUv7
+U62wBHpzl9NmfSGYwvYeVytHO5Ufa34U3pbxWi5IJOyopFMjIA974Hx4En5OAHgh
+qZxeB/A7yZ9PPWc2AkjNowpvCAnAYKtrJBQZMNF1WLajLWwk1CYJcbxUF4j4amGX
+NzNg3KaiBOd+usBFKLWbmaaMXPQVOijbkYkukanPxdk+hxtTykJSp7uMGhGgzQHP
+FQ2/5bfvpt3eSY1AT+NLZyaNAe30I31VSFOVBbYcGy89KTZUgay4oXGFZvpSa75l
+ro/9RNIe7cYOapB/yzgR9BtJB1r3rBpEOrs+FYV0QcaIgBwbBmJnU4Ew4kgT9kcz
+1CZ0mZTB2ysg9jXquvhFTY2n1clRUrD+IAd9Lkx7x2LGAd3ZGOPxS0l+gG1BoMSH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem
deleted file mode 100644
index 224a2cebb5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UID CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcTCCAdqgAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyt5HBgA3udSw3/TzrG90sAN/8wyl
-eDWkGAUc1kYzyzCyNNRMYjTspi391pcr4incsgjvOY3Xc6YT8ajMzFw0R+ur6hbl
-oTYcbzdNNZGzr2w66IMDMntKTpZ2PpUH4XoCvJmNc4xIohL60RqPrGofttwpyfS+
-gxXCpVjsfywnR40CAwEAAYICBSCjfDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4N
-sDzqmryH/0nqMB0GA1UdDgQWBBTSZXzCH9kXQYjs1VhEmgfiHMx4FTAOBgNVHQ8B
-Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAJZCA4IQ1YgY/8DcUafiLUKwirRsP5C7cCdMr
-0POcMDPmF5wyw0VuUGqHnAFEvc3VXjHv7KPJjlq0BPN6Zv/mWpumTOEMZNM8ik5u
-2NwuDmexmwkXHhK63MVV+iVsef6nWxx2Xf3ahbbLQgFnMIbLeNzXpIPzyFlQK0V/
-ABcwlzg=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UIDs EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=UID CA
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQTAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfVmFsaWQgVUlEcyBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA61z4
-7chYRZr2FRLh+/4cPggLdSkDgQkdFCuflGzLsN21pmtZue3b7qADRSFwnmP5wQ9L
-dOEPzufTiCt3wcPEHCaBCCN0Rr+8iWwww76h7HE0jjU9o7IHje6qAOhc7THvZS3s
-kiVb9Nt1J1/KSPM3oltTENEyjuLaXbI9XIYY/p0CAwEAAYECBSCjazBpMB8GA1Ud
-IwQYMBaAFNJlfMIf2RdBiOzVWESaB+IczHgVMB0GA1UdDgQWBBRMlbVlFGZ1ahlQ
-H8QnvM3PBG+n+DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA0GCSqGSIb3DQEBBQUAA4GBALXKf4ViSQp8LaI9MVvNFJ5b/YG4jXBpGXXp
-htEyinitf4scZy55fdtqANeG0Ph5y7633SFANNBWS+enHNQu3Nti8boG52chWIzf
-/8vANjunWkn/PVQrI6jXORTFNG+Ia/baFDbpKyjIta1g79QVXdqi7xQ9Neo6r81u
-uhx3rn/V
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UID CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D2:65:7C:C2:1F:D9:17:41:88:EC:D5:58:44:9A:07:E2:1C:CC:78:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        69:bb:bb:27:78:93:70:70:bc:06:5b:eb:d0:3a:9e:78:3a:e3:
-        dc:8a:0f:8d:77:93:e1:6a:c9:83:f5:64:f8:0c:5f:27:0b:1f:
-        a9:83:a3:c4:f3:87:ea:24:f8:79:41:a4:44:56:1b:93:78:bd:
-        e5:83:d9:60:2f:2e:d0:92:1b:41:2a:90:0c:9f:5f:90:1c:07:
-        88:98:b4:6b:cb:78:98:da:30:d2:37:d2:44:19:c7:d3:fc:9e:
-        65:89:2e:f4:77:7d:f5:9f:4b:f7:72:3f:32:d9:90:d8:52:0a:
-        dc:ce:51:81:21:f5:25:59:02:11:34:8f:52:24:ad:0c:0d:69:
-        2f:2d
------BEGIN X509 CRL-----
-MIIBMzCBnQIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQRcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU0mV8wh/ZF0GI7NVY
-RJoH4hzMeBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAabu7J3iTcHC8
-Blvr0DqeeDrj3IoPjXeT4WrJg/Vk+AxfJwsfqYOjxPOH6iT4eUGkRFYbk3i95YPZ
-YC8u0JIbQSqQDJ9fkBwHiJi0a8t4mNow0jfSRBnH0/yeZYku9Hd99Z9L93I/MtmQ
-2FIK3M5RgSH1JVkCETSPUiStDA1pLy0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem
deleted file mode 100644
index a2b8d417c1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Whitespace EE Certificate Test3
-issuer=/C=US/O=Test  Certificates/CN=Good     CA
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEb
-MBkGA1UEChMSVGVzdCAgQ2VydGlmaWNhdGVzMRQwEgYDVQQDEwtHb29kICAgICBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UEAxMzVmFsaWQgTmFt
-ZSBDaGFpbmluZyBXaGl0ZXNwYWNlIEVFIENlcnRpZmljYXRlIFRlc3QzMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnqTq65lI16x9K+4TSv4Kj5oTA79gcaQ1V
-o1Pov5lyumlF8AxDNIBczzkCmRw0G5yTUG0GK47M9jfAWj3nlYjtQY324wjwcRYX
-TqFCcPr4Aw4VdxQ58+hE/Dve+Q9KgH8XJ7KELJoiN9dCmYcTXnkW+ZNnPYGpAtf8
-2QXDyCwO5QIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWU
-xzAdBgNVHQ4EFgQU7dgiWtJswE2iwyEUO2QMiVBSZGEwDgYDVR0PAQH/BAQDAgTw
-MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBYEf4J
-9G7Vag3A4nNIKYSRK1FULS5V4XEpbh7h12s4NjEulFrxn9ZKwSbElwar9CYZIOJl
-sW77M3xjTub/6l2DwT+pBp8smD4WdcN8D9453M0nY3+0de6hU09COr7/AWVzbxzd
-UEHnXWDZu5PRgbj14UJKrqBzQiZAbMRx5b8sAw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem
new file mode 100644
index 0000000000..dffeeb76b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C5 EA CC 72 B7 CA 5D 4B 8A 21 2F E1 75 89 75 BD FF 49 9B D0 
+    friendlyName: Valid Name Chaining Whitespace Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Whitespace EE Certificate Test3
+issuer=/C=US/O=Test  Certificates 2011/CN=Good     CA
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBCzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEg
+MB4GA1UEChMXVGVzdCAgQ2VydGlmaWNhdGVzIDIwMTExFDASBgNVBAMTC0dvb2Qg
+ICAgIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowbDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExPDA6BgNVBAMT
+M1ZhbGlkIE5hbWUgQ2hhaW5pbmcgV2hpdGVzcGFjZSBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALHDyEmorSlP274u
+/18BUHzKkc9SIwgCP7PBHTOfjf6Zy5H5WVZ0iPjotyQpm8nhiZLodmJ7I14LyQaV
+gCQaZJR3gw5dKMYHotPXQcI4jptWTiiG+aNT7bZREbg5BA7jTswTLokWbcQHBSx6
+iN6QfHS1LJP0ah4ccVVpi3sqDvfzhzWsU9s/S2pFUOHM6/iHc6H9Zy/CxceTHrt9
+jw5A3KHRZ9ihMGuwZXZfZn7HHtDuVMUb23QRhBVoPo+QzCCGXb3Kxr1/qM1EiFgW
+mkieRIPGygUkFoGyH+ELQNclyI1bb9jsW4g+vr6PTYgEJofktbQB3WwCRH7ADIW6
+6fpSr/UCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskw
+HQYDVR0OBBYEFM+4igHs3RwMuk/hDgGZXsfaFTxTMA4GA1UdDwEB/wQEAwIE8DAX
+BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAD5C0FF8
+5YCkCu/hOuIAlLhMSkjdlBKlpnFriNjiKtNNPm+lEXUCnN9Iug/QrqevX1wTN7zx
+glDipUTax7bo3/z4eT/eURz5shg4swHdnDofLxRDJybSEG0hEDUgu+lvww13FHFQ
+6ZgGvgC4O5wPE1UVCQmM2EcVkcdn6sMLozzH+sg40gj/VALvh2H6VhobkV7dzI82
+cGPZhPDNjO/w4MjGTfhQjPvMGVuLjazBZxNCyfZeYDjygmIDSDLmFAdum34Vk8OL
+/lGLKLp31rM7EBYhkpu48PhPy8iUXAvR+qPlcKfbQ+k/D8rbzDE3tX/Iw/6LdhU5
+3xt3vd6uvytI5dY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C5 EA CC 72 B7 CA 5D 4B 8A 21 2F E1 75 89 75 BD FF 49 9B D0 
+    friendlyName: Valid Name Chaining Whitespace Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D3BDEACC98B28A3E
+
+Nr7q4KiLPfumYbQawi1p1XmHeWRLufp83i14WwnfoIDJ/D592JH9a6e2g78ostDW
+F/S0VMtut7GMOd+e3rzS9vKEN1/KJHuatbgpvt6aMsCxeqsQjWq90cx3XxN9GDSj
+zQ/z7yNE8DbOu3Ohs8uZnAWId94sX6pbFndkjSys3pbdhgwQ86cxNIZvXBL2PHyL
+kP4VgOOolg2gE+1jYbZhzIZxpLv2bVoTtHWqr6NlhmPzWSTrlvLOUlsh31btmGD/
+9bHp/L7WCV++S8J6bDVlkcwVgo3k9m6hoKt7m2AbV7ljztvgpJM0isZ5CDNIQD4u
+sLpPGssVIrJ+90EsrhyEAqOzSmbaL6OEvbXkAilhaaPG8fGjPjJmlSiO/rV3acxc
+wuqt6dipGUBDGzVBTopOE97zLyHgmoRH1Zh2m9JM6IZrSZpx3oYaiwBEhwXpOSD+
+edbC2Jl8h2xJls0KJbP2SfhRvkXBoKHkwDLgEUuCGhD6vXqP0zeGn3oaCe7Bk75q
+l+qIlbNh8ytLTe/ZNaj0xZ9KzuryeiYM8bFoRANsI6iYrPeI6oBo6kv1EYEKPRef
+xhuoTYrtwoRJzou7+SiHPJCDtArWJ2EJAWLIsN3ymX1gaW+Lk1mESSXntT5pKDBL
+63FxoG9hTl4G2/HGMwGmbbxNO2o/IhE4bQRSlsedadQxMnXHKq4NAjB4Jz7Dhk8N
+PhuWB9T6RnZGajwXMPYGVCzJ2ms8pnN6DE9NreZmgCoDHDE203Zh5WQqLJ0fTxy4
+ZvF/Yx0OXe0ZAgoiNpmu8lpKXTuz4nReKrXIdeWDmzeWKdyCMV3z5/+Vh62/UbUE
+hsvCczwL5W+Cial+tIc0r3zX3hpohEqT+oTUAznTRqy5dqpL6vfubZephO/XU3gI
+BLcnyGMbjmXJiAGxotXYjZsYhf8f56yOfzY0EZmjehDxNJbLh/IWh3eWhWyciNRg
++aWL+95YIJnkR5dgNj2mnveS1BdqjZ34WIziYUTrGyIZXWvx4883Ilc15acB9Ul8
+89wGIhVEY0CNFl7mrGnRSuWL5EXNCBk0lhA0LtDivO1wSwqjQ7lji1lKG6MmWJob
+cQ2YBy01ERGt1G8rOzL3V0/Pbr2Bp0zwKkWeD4Y0ebtawmVCcqny+XtrEfz3I38K
+WMqbLwEsnj3YM8KI3rM6FjfPbp3vrlRj1hclaaE89aXy9SYtdfBypJi7am7xpkou
++8Q9LRuXucorLQEVpFT3ZevXvl+hSXEfjEZG8fQ3bsrnXsoP8hB0DII5jgVkvqh0
+rwKQYFmL9yfVHnimGUneNjpnEIaiFDK5cq8KEkR6g29wEof431kVXek9nSG/UkyG
+ylh9YlxwHmbJQKRiJeFYSILWEEz0KsTD1GhXu9qsucRUAlPp6cVdpl4kA7Z/3ERj
+/Zs1f6aEQZokhdOhSZz2QnUb4xMWY6TduM9FqPrFBbjII5/4o5mOJVAPTgpDzI71
+4Bz+C2riSODikKivmeIq5OE1fYpuN/WyL380wx6HkNqpjlNTy/Y1fM302GX+4JCS
+7iBZDndYgQawpPDXz+S4eoehksUP0y7IWaLkoD6SRqh7P3GtvqtHf6V4/aawhu9D
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem
deleted file mode 100644
index 771472db84..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Whitespace EE Certificate Test4
-issuer=/C=US/O=Test Certificates   /CN=   Good CA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEd
-MBsGA1UEChMUVGVzdCBDZXJ0aWZpY2F0ZXMgICAxEzARBgNVBAMTCiAgIEdvb2Qg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBnMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNVBAMTM1ZhbGlkIE5h
-bWUgQ2hhaW5pbmcgV2hpdGVzcGFjZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtFVzL02aRX103n0ddypzMXb4EZ6au9/l
-Cf7wLoF0u6IHixT05tw1feYoDt23vnfJKOjwqqcqnshCi0k949dyrQeTAnFQXsqp
-aPj1xjdYq3ohEKTObPeGRiyinhMAEZHxTLUyIW3hmjooktV827Bg1l9wIozE3pvw
-XyRbd3rAkFECAwEAAaNrMGkwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oV
-lMcwHQYDVR0OBBYEFHeQkes2kV9nbiKaIemSfMP1WNMPMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAW5OD
-GSTMa2KPAQpLgH0nrncEH6jRAkyk6il7E2N0bz1KJP1itGDbzdrNTtMTs0rD9waM
-K3JrQGfALXvoj0+PD+Z/AbrpO3WKKuDkKOjIPt4Yyf59K36K0ZLKk6zID6ilR6Em
-0BaM9OimGTwDaij8MOU8FMuwXFgOu/wPciMU18s=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem
new file mode 100644
index 0000000000..abc0b5bde9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D 5A 26 7E 13 F6 36 79 3C 23 EA CD 54 62 D3 0B 6A 73 28 67 
+    friendlyName: Valid Name Chaining Whitespace Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Whitespace EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011   /CN=   Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMSAgIDETMBEGA1UEAxMKICAg
+R29vZCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGwxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTwwOgYDVQQD
+EzNWYWxpZCBOYW1lIENoYWluaW5nIFdoaXRlc3BhY2UgRUUgQ2VydGlmaWNhdGUg
+VGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4La/z52GYvBOP
+DFvAnfCjhivYpHlbMWtU7svc8tBER62tEOta4nC30i3dcKjgB4jKDM0F/u+OYl5Z
+4yFB30IiJm1OTj7IPf3ByvpExvPpHnVzsDHejQxAYSFIzrncOZbFmVbMy9cX7D4W
+hNQV4NAokTP6yocnUTxjyStNrQdvFvddslImXHlFUhLDSms8iW0DUbxkKoSajmBc
+tUMNb+fF8UXzCKZbrLX0Oe3Yb9DsjooJcbDWPosIx5f4JuoqBPZlAYzbfLY6n2mi
+zuITEX8Y92Frb8IHPV5BiGB6BH6zacuSPpL2wraRdgZ+RDp7LhWLEgeoEgVpKPJa
+9NkL8frjAgMBAAGjazBpMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJ
+MB0GA1UdDgQWBBSbK6wW/RUIeRut/gCL5ZdIwM6pZjAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCMYzO9
++8BMUK03i/AJRqCMqbqswHkkb9HeVjXHy+NzN7WK766jlSW/uTQ0GQSVdnU7Fsz6
+UH5gLW3U0xngEYRP29iXNVKvcowLt9QDnHFOSyIQDPby499+YulERS5kAOhjm7pt
+Yq75dLt/tNpEueSYzI9oUQzwIGpkyaVVlfmO/FJZdhpJ9MCZjzWoUhuLxXIQm+mD
+UAme2M514vtqwa8RG9xUQdO/CnXZKhAKNp+VK2zn5qt9FynWL5k1kMmxUkuqLapu
+duPbakDGRpP8vsj9QNWSmE2h0ZIZQ620VZ9121qhv9hvngL+RJcryL3aAbgQOmk3
+3eJOprz8zBsDGy4q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D 5A 26 7E 13 F6 36 79 3C 23 EA CD 54 62 D3 0B 6A 73 28 67 
+    friendlyName: Valid Name Chaining Whitespace Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4424FB8B710FB0B1
+
+s9Ot42C5xYET6pUlfi69SDT8WEn0dPhZlU8nYvNUpjhU4Oe70ZZ/oQXKrBfT+Lnl
+vV9z4M+4R5OaRNx6vZQ6fv37HodsZoAv6cCEtw+zN8l4FxCH55FbtDYgvCCqM7ek
+MOGzEK5cpKgeAk7ayU3PXC2zNKDGVNmUzZ2o4eFcxlG6ZlsqEOqddAQKA6pVlzep
+6hvycuHBaKYutrCgC2H8N5Go0Mxdg0cVi9QUUQQjtGgvpD6k99eicwk3BczNHPFa
+i+pv5exRDf1brZRlAGKiYMc6SjscRAyZmZQW09+IwFC/8+Nz9aA/Z4/hMt7hd0n4
+s4fWl/EnYVd25FH3cG0l1g0SYvi+tkHclftGMVHrkuy01oCi04Ak4qh0XTaDm2Qn
+TVLLrrBhAlRFnKWHxVqSTjT+8myfJII2W09tO/eVYS8n6lBYkT5FyN2SVy8SqV/s
+L6+cwi9ihmIXUjK0DQlDdo41g9fGTkx5SrhNje1Ztpoxymg4B3Y/OHtvnAZ6SskE
+ZqivMN3ugiszipW0akTdGx42auWkH+CZZU38UtwAz3FLUa7TaEGnA96OSBiVSn4F
+mfDg8xj3QtUTexqaQxT5ut3Eyd8s7dn/WbsItwJNRgHku9GyMmgEDNpTR0sAIXEm
+F7PDc6Qd5/7h0KGmQdA6hVMIqGBeND+2zgcyThcjF/JMdzehIC0Ga8lLdc5kYvUY
+cx/dFx4NVWvxQCmJzDvIueZl1YduE6fxugRXElTlSoVjpMNHnVOBW/ZEjVWThBkj
+asvAEBgv88lmPKC1s+scM3MNCWT8CWQyqXjtm3XLIJe3huFg2g7/NcrTicT9FvLs
+bKSOiJMsmTA4wwTyDXduaUv2PIs15fRPgjEOytm+LFb02c/5677cTfHeU2dQJctI
+Z6eSbJYk/B+2QApmyUs+yGh4El3xkEBEF04o6bkipnbceIm3LJxrPnjlSkWJURT+
+6yMB2TeJVG+DFparwjInS43EHTMstpGbf5DaW2se1ZQJPLH0w/ePtSzRI3ysPC71
+ycxIRCK3buGZG7oj+SZMcalA1IsMxxrEgM0bT+gmb1yVitrUbwCqn/o0NlK2uB2K
+TUQkElJnLyTULroBr6DjkmtbRmlogKsfOlU0IxdtEotOD7dFjw4tqXtQXmMOi7fK
+5QbCXl/ddP8PwibQUYxXtAyh9jaGfGKAo8dw0pLz9hg7XmHOfxjYtXkMEnTPKNk2
+LBBxRqLAKGeEQxErVjor7c7K3fYE2b3oRRwEyb6WDXFHdTH60gL5HpNr0YCjxb2Z
+oOeXmCjAZRm8Gyxvk5cCetjdDH94aHfk5t5HMp4roQOqnC1s1LfGloHUFiMgOX6R
+iQhbH1oYdIrhrOIUI6dwBsglmct92oiQySB5SyvLME+AZHZkVl51ckkSDfpJP30a
+iS2NxinNhmbSCuKDpwd/rqRHF0C1sZY+Xj0YC5yxa1gxOMmuJe7HYtbr8Ymlh3/L
+UkcMecNVV2VJyRBJ/2LC1gMbXRmHO6xt2hphjyf0LBO53ddh26VUWK5uSF2SNVzb
+oI5kZI0Rzhp+dmCk8mgyNqWDXkhb42kd0dfqe1AqQur92CrS9fpEzchXUL2ZwKTv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem
new file mode 100644
index 0000000000..fc4d93467f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 48 C5 C3 96 59 8B 77 F9 C6 6C 80 92 B1 82 72 D7 DA B8 9D C0 
+    friendlyName: Valid Name UIDs Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UIDs EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=UID CA
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEPMA0GA1UEAxMGVUlEIENB
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMTH1ZhbGlk
+IFVJRHMgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC+CDXTTtVJkN0JuysaGMhtKLPv9bAL5wjPaio74JOJd/yT6Ht6
+Wakzti6sGWJ+ZXZV/b06A0pjX42Ni28NhdQWVYdoePNde5WTbowdR2TOnxEAGJg0
+ztClAEBDgAI6xSk47UJ0Dw0Rfs0hJcbLNQnqAHU1UllAX9XanFDrAVMzucVxYIiA
+DF2dYc8k9qeWYp0iASwG8uNhOjV4yZK2qnP+Zbgvi7rfs9hRGFq41TcWmfgiEaPg
+olDsycWP9+3xN0VeUQWSI+a+m/WqXfn1YlID2fDdBfTAluGZo0XgLDCaFEBTykbz
+txF492qwzSjSDTRTFDOXeFtFrG7D7iw01GmFAgMBAAGBAgUgo2swaTAfBgNVHSME
+GDAWgBQQP8UEMPHYQzaFeVyMjYud7i8cqTAdBgNVHQ4EFgQUtSL+I/d8UPhnT9HV
+xez6eEtAmW0wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATANBgkqhkiG9w0BAQsFAAOCAQEAVZmul1o1onioRq7Mh7wUzGcIsXfNPryARrfO
+1+dn/QwbrfraBtW5LlUHgaqn0etd/7oy0YslTJ0eR0NvxyrJzTS+qENkN2DVlrUo
+qcwE/P+9iA0eL3oaZROmf5zqOJ6dw0DHYHiEZH6u3rAd6fG1X0gQysvaDIlxMcCt
+d6BaWAaWxn9GR/9Jwi/imjiVwgzZ5xlll2KuDBt5pv7Gl3o39KIGB/kJ4amgBA6l
+ucxz6BnG7Wp5NgTRQpGnSptptIDinQy+0deTYoi7+iCttzXf9mrETOcTJNOZA0PN
+86Y3oRXxtGlORZg9ikd6FpYqtYVw91S+v/r/yfYm10GHltaHbw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 C5 C3 96 59 8B 77 F9 C6 6C 80 92 B1 82 72 D7 DA B8 9D C0 
+    friendlyName: Valid Name UIDs Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,424E1AF928678900
+
+YwTAyp6DSje4XkbA6+7pLIXYEGioKDM/iFTS+W4bDgiGY9tGEI6Js4DC/lrmTYhQ
+By//w7eBBFF0ELFJBcCgJppFVhSEGslvCf+Uwf6IMPJ12MBCGmGrDoIQB7rlfOrQ
+yRB0QHq4tLBQBFHe6cMPxJck9hFZU1r18rwDpbZDIP/c6Gi+NBBp4jj1lWHhZ+Jr
+NogkD5lv1MLJuZKog8r84W76VdELoR9L6uWkxPC3R9EaafWW7DrMo84FqUgEAQ/l
+XcUng/IRTzXpfr60m4WcvJkbXcaE1R9SDSnt1kn2Y8MJku/s7wjT+iu2RMwEww9c
+XoLHECtPhmUBoDgTSHU98sL6tBlAaonsmrMkYsZTy8bmdmsQlCF3AdHH9sA17FOg
+mUqwyRyZzMk6A/Pnb4Y8/uLO5EaALNpxN0pEd7s6Aycuzzrj7lNgvC6lem+JHZyO
+fDcwCdgCLiIQol4xrYWyALc74fssBh1ZHxQrbAbZVC9jKk6E6akS6xxZpXcV/F9B
+R3aMxOz5oU+cZyhufHjuQelBTe+S6aPKzVfQwO9jJ7ClSD1zoRnwOkIqCMLLmK1q
+0XMSX8vX0AX7zIQfQCOpyelJ8W3lJBm2RHB6XEoDxziRJY13UaT+Vh1ToSvJgbWp
+P/gGP+0M67ZFhO5w6dvaBGEBwpJpB7TrQbpUN/X66bb9qdjPl5/V2NRe7M599LFW
+WaO+Hxyof4Y+fElpDENdxLPT06xRWYEpwsOHdgdCdFBFyy0Tpes3tm8BizQfTDbI
+13CCoCHEwoo53x8jE1IJb8LuvxzVa5Z+CldEqXzXkZY8/I784t8efJ7yeC+9kjgz
+hT/GB65rOT0+2yLJfZnaU0I6XYHvaHfuyBHy+Ah5Y+rzF8DG/aMIMo7GpEH5uCF+
+WyDouWECjzllp4+vOCEua/5+RsBjzS9R2ep63AoDlNBzieHc2FouSaBobUNXHZrz
+SuSziiuiFVLfV1iD68TRgZGclf3BUx5QaoEbyR2poH1BnY1Kf5SQVgctBjA0oROb
+a0ngVuAXnUDIAl9dVNb8CQZlXf563znQVE8QVeuPiCgboyQsN0hwDiYgxUPUAdH7
+0CUKlE44ZfTQtQLPUsvwBiPEmSkDaSg4LwstxMv0kQYjygfaAlCFxUANi1Bg15Zx
+06ns8ACHPhD+QSOCtLqrhK0CAFJqek54Oma+GmdhvBSN7L5SmZ1f3wwhge/zumE1
+OhwJD30Fcq2aoqYJG1Pa8B/dV7i8qpTthCfva/dd0LldmRfnUZRU61rr9eSJ1a63
+NNEnZBGGgMRSeIKGUX4qTi0IltuazgKZ+6JLGR74xTi5RIpQIVz8xpSO4qbE2/df
+B2woTgXGvEjiThx7lC0/elQf/Wsd6xAqF0JPFV4NfnsAYSVnUKKiuy8+Yxn34NIF
+OMd/CJw+CR/HoA7NmpWacdo2TFEnXHbiLDX7YTlU53G/KNvcao5yHhJJUJLabdhl
+9fwca4WDXb3B3rOVATjT4NI1SK2JALP3xaBfo4zmM+EZLqkaZMCZLqL9sA0C7msv
+Q6Z+PSFoHctZsyrpwnqE/uHhDb5iZSB75uLFDNVN+VUhvfCTIlG4hZNPYu0pJ5hY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem
deleted file mode 100644
index 9a22bdd53d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Negative Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTmVnYXRpdmUg
-U2VyaWFsIE51bWJlciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw5yD
-rVmP3dVETqSrKKVXvXWAnpc5K5Xh6mhHBvy/YpoERigE1MP8A/6eE3mY6OnMJVAh
-QJRWniYBrIDg5zR873cTAbn1O7MwSfs3LLxEO81iAf2k4nFFxAGtQp5AUwx0cQVK
-8oMVty8BEcAkazVA87HQgpycQySqDLmklHNqkncCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJCMpyNNS/fqobISh7nA
-0w4zWMuCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYz9xXPhMcniA6W0RG
-0A59JbhJJpAZmnLBusWQjWYIZsVit1M1OXc/zDGAP/ik3blednL+t+wbdJc1qg9m
-4bgoXS14lg+6IGMF2VWcoKkDJDIHpkVrdQc9WGNm0qqPyHGW0ggbi5VrBv1potkF
-xBtl1WkY3ZTLuI71pJ15ebGZ/A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Negative Serial Number EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=Negative Serial Number CA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgICAP8wDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlOZWdhdGl2ZSBT
-ZXJpYWwgTnVtYmVyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBOZWdhdGl2ZSBTZXJpYWwgTnVtYmVyIEVFIENlcnRpZmljYXRl
-IFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyaurbJH9ZU3CCKl1
-jedpYcQntOZVxoXqpoC11EXMnSgUPLtVfWuoClVqZaOYnkz2hX1aomA+hGT62UOh
-f1CSywco7QnAAlWwu42zT5iJabaCruBWz/PqdvWkSWzcrMfuyybPEsil8hgaN0yl
-VNXZvUwPUtfwUndR4UltFdPmJPUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUkIynI01L
-9+qhshKHucDTDjNYy4IwHQYDVR0OBBYEFB28YeqZDPts27Viz5LcntslD4A4MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
-AQEFBQADgYEAJeShrxatt7S4H209vnaUvVpExfX57AGRT2t2QVz6ztEWMt+BGBQN
-FUeSeU03d2ot+fwxxvrmUcG9ofkKIP69tTUgObSRfwC39UjKModur68cBjYqscl8
-d5fI2pAS/xXHK/+OoBBAmHgAiuMMbWhQn7ZCI0qJT/t4eHAjQlh5/SI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Negative Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:90:8C:A7:23:4D:4B:F7:EA:A1:B2:12:87:B9:C0:D3:0E:33:58:CB:82
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: -01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:55:77:de:74:f8:ae:25:02:35:ad:53:74:92:6f:89:f9:ed:
-        b3:4c:bf:a7:70:b1:0e:20:4a:c3:03:7f:a9:99:01:5b:5a:a0:
-        67:df:cd:74:08:d6:80:2d:ca:f7:c0:be:9e:68:35:d3:79:89:
-        45:a7:6e:f2:75:86:e5:28:d0:00:2c:96:14:03:96:eb:75:d0:
-        fa:a7:78:f8:50:e7:70:6b:cc:1a:9d:8a:30:1e:c5:5d:22:a9:
-        ef:dd:07:48:85:87:d6:2f:15:02:d0:07:81:2c:bf:fa:c6:ce:
-        49:03:44:08:37:f3:f3:79:b1:61:ab:c7:f9:21:29:3f:4f:cb:
-        36:c0
------BEGIN X509 CRL-----
-MIIBajCB1AIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNlcmlhbCBO
-dW1iZXIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgH/Fw0w
-MTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAH1V
-d950+K4lAjWtU3SSb4n57bNMv6dwsQ4gSsMDf6mZAVtaoGffzXQI1oAtyvfAvp5o
-NdN5iUWnbvJ1huUo0AAslhQDlut10PqnePhQ53BrzBqdijAexV0iqe/dB0iFh9Yv
-FQLQB4Esv/rGzkkDRAg38/N5sWGrx/khKT9PyzbA
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem
new file mode 100644
index 0000000000..d400051189
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D9 A6 ED 2D 15 8B 48 7E 54 27 B6 DD 2A C5 95 98 23 AE 96 57 
+    friendlyName: Valid Negative Serial Number Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Negative Serial Number EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgICAP8wDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMTGU5lZ2F0
+aXZlIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgTmVnYXRpdmUgU2VyaWFsIE51bWJlciBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDlITWnwc4a51AQx39bPSv3yXmoWwt893rOAT2TyUaW0JoL4V429nq2KK4eS73Y
+O9ANnW4wkiIFpwMs7qGErId3x9TpP4K3Fs+QP1lCQtwjYFWGJekb2QI2jYhWPd7w
+YvZbYMM+Op7pQqnH3xuL69qH8hplbGOmwO9DoU/cSmIhFNAz9s9drx4lisU8MZts
+twarz+68DGUJTDIJgbB8Tqkimc6QaZBUQvY68wa0DA6eccxqXYLT1tWTtaru9kY/
+cRvrGFxHIw8E3Tmle9/Nhd8swZOHtKa1OqE7NPPsJtF5ETYZst5vSmk5SaC3qb8b
+IONR+qfNnAi1ZuSxakz20UoFAgMBAAGjazBpMB8GA1UdIwQYMBaAFGLkLjXGD8Xo
+kdALwY3etq/aiNk/MB0GA1UdDgQWBBQAZI4d4yK6xlDmm5mNqCZUF3QxoTAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
+CwUAA4IBAQA6I7Nx7MJAujumcj5Bl3gfBGd4ALdiiuHCwiO1KoP9FTYYeDVaRHg8
+TjO6YFwmgBBQg+aSvmi2N2m+vbEvpEyWLqlLyWg9WUZCk7cyUIti2+fbrbsATEtr
+iZ4dmVu7xDOF29Imoc8hig99oHBY9UdefJtzjlBQP3Mg/jyih8XvuYPNGxVVT3dg
+WtckNTq2O6v4SG64mbkTJxhbUDdqIBnoYIZvUkOzflWkr77YV7+q5iQzNCLMnNBx
+XRrFF3wV8V8dmuCVzHblVoyoKGmQHHWHpPaDrWy25aSxTSwCLdaUMGK6KCXlHhJf
+FHcc/suYcVKUB6D78BDupzMxpauERnB5
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D9 A6 ED 2D 15 8B 48 7E 54 27 B6 DD 2A C5 95 98 23 AE 96 57 
+    friendlyName: Valid Negative Serial Number Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4B42B554B0E77C15
+
+SFJEBFQakKS7qSxbf/aksRqZ0y/tDavD0tnzn9yP6+/FswJs+d/ZXS8fHwW4Vg/M
+cCrouK4zNjbLwC0F/K6fGswfEWxjiXFP4xVOYKfx8+c10gmvaXENpBVXhWsaY3yu
+HIA6Q668DY9K3XCnjDQTuWQPi4725UHxL6/PQ04CFkndsQwJGqShGXTjSNpbAJ+U
+B+R59NW7PANP3S+CevBvHMgkKNCl5SXEJRb/HCzjzsDH/y2ScVkCpC/ImtE375US
+FerM146VBtWc76CBCNdQ19zzEvZnIz6EIdVM8oKVpzGlUd2UfCXh9R5Qu9fexpFC
+5jIpvUk3vTNQmvfyAvDlJ07vnedEgNgnrQn/cVgbcGYvNQncAFFG8N78CAivaSCy
+T1G+LSH+4zbnfWd68XXaC8NGNAMa+woMeta1ZOM+ThFFFM3Rb+8Sx7S8Mj/mNPSO
+wvDb+PIP6K67yQ3GXByHsMSfqeuIbSc2cLwBJ6lAZyqcSJhNoIJwKN0blPIkufBp
+RdJGUHjs1J/8hfp6fO9PsXdp/PzV6YJNHmHMHGlAI933kOYIPeaxPjeiu4RGsY4g
+5qR8wDK6sHr3iJ8Xb5U/vIxldDNWKp9TyGm36wagJ+qz7Q2Ro4/NYS0cmlPKUnod
+nDw7cLP7sxLDZ9/ZjaXOcXttqDiwQhV2sK30GF07Xps8lHvJ2jftwPyBVwp27jwG
+pPddZiO77Ft9numEnxSnVc0KsU4qdttIjxOkJjvgkwjiDFfu68WdHtT1UDj2arhX
+0JBAfo6l5cp7NoUVakDwhlY+/zSPU8iVFwHLl79t6Vdmrr7/6UDk2/gh6oez7ejR
+UAlnXRxQDN1jxT0jad55uZfzmk9u5WxTFRmaDDSH5zRH3PtQEl8AW5rTTmDhp3bh
+xgcqk9+FZ0fwUai85jssXX7iQiBkADe54VLoEukX6aKLZm+DVxayIduMKKDHj1Fa
+Trsz5rRarqcAc76jtC/YbSwFHzwYgAUmiJ36hpA9Lwfqv2au9TZroJzV21OY5hHl
+oki8OpywcIh5FO4rPPPgmcFMrnhEsvQTwMLAsDtqYYHLTpTM2Wv7yWz473Zsy00e
+fcHPhjdr6w1oLnbbHZJ4CBuakayrxA6snlvQ0Rke3ZjL+bystuxJHKBlGDn0ZHEb
+aqcg0razy+W6zudBiUic+PDOQCrDGZKb/adD1X14y5Xdew9hpE86zAaWzHTTN+2B
+H63PAib61sag+nFEgStFhele1iTV6sB5+jOMju/nQmRCmXbZ00Mzq5pho8f92r/l
+08YyD2mJJ7NJSnRmcURz7u9igAArY711McnpnHh8vDDmWDYvamYI65PYm9ZUm4TF
+Pmx/ym7gIn19Sxzxw37N4lF6UgMl/SHpMpSyTmH6EvwHwACRz30l3kbaAz0R11fJ
++tCNwPt7KqziDQmtDuaTB0fxo+XMZuIsuRT0uQYuXzL8rZLzqq5pwa+97Pmek4a5
+/UhW8NMSzWjeHMLUJSbScOwBegzAPsa7WC4HwxmKPX5dNBMD9ck8xdZIjm5NNWvJ
+SPyBScFhhsjcAX4BJ6D1rTpsp29TcC3AF8RPMk8sPs/ayLi+i7AU3xe7v0fcdcQx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem
deleted file mode 100644
index 88bd982c69..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBTDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UECxMeTm8gaXNzdWlu
-Z0Rpc3RyaWJ1dGlvblBvaW50IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC+7yNDGaK8AFxVWkjA1JkTRG1Ze29lXbN/99oD+Gw2q2C9yJHbDB2tcVCeM2wJ
-8pbpFvzPv6TEGbmHVkvO32/pu/fhM5cGgzsZxXvEaQi6+Kb0nasof2lHEnO5T8BO
-HGaef+bGmAPcnJWU3QPU6Ni7kv0b9HLPi9BNFdaUGU+65wIDAQABo3wwejAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQULBOPxQ4nI9HR
-Qd/fYYS5T/Ey7DEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAItv1utyf+4Z
-3pR/ExgGC7oEyQ8VZYYdil+JMtcrqExHY/zVEbgu4Cq1JTu3uC2MGAYO7BD2aVGI
-0g9Ij/ikkEZ2G2mW3Lqar9JL/57BgPyEwIlp9czHYCx4M0tewGXoBeQdmeHK6O+9
-YJS+QJZz/98L8lfp6mHuGoZid1McgVLT
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid No issuingDistributionPoint EE Certificate Test10
-issuer=/C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAsTHk5vIGlzc3VpbmdE
-aXN0cmlidXRpb25Qb2ludCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMGsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFA
-MD4GA1UEAxM3VmFsaWQgTm8gaXNzdWluZ0Rpc3RyaWJ1dGlvblBvaW50IEVFIENl
-cnRpZmljYXRlIFRlc3QxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuYMU
-46Qzp+krE4xNOAL0bJYv9lOdlPMvMyU1ObejWulK7jGlVjYtf+KtVV+/BCajxoDZ
-LTSqx7R2RSJMaVQ41OzI3aHD5rR0M/ktYNhTotwcy0tFJQ6nwub0fTsjBLPSZZ6M
-UjGg5tiHZ0c/lBKBJj7BTY61F7kTWO5M7Dgz6XkCAwEAAaOB4TCB3jAfBgNVHSME
-GDAWgBQsE4/FDicj0dFB399hhLlP8TLsMTAdBgNVHQ4EFgQUpv9aWeCQYlWo0eBZ
-Sr+FnrT5hmgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATBzBgNVHR8EbDBqMGigZqBkpGIwYDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMScwJQYDVQQLEx5ObyBpc3N1aW5nRGlzdHJpYnV0aW9u
-UG9pbnQgQ0ExDDAKBgNVBAMTA0NSTDANBgkqhkiG9w0BAQUFAAOBgQAnygifO5CB
-a6drkb7+IIxC6kXu8iPf648/puVdI4z8+u6p7gNdiaLEFmOPTQ8UDz2ih5aIHHl0
-hC5DWNF5udEHFCzGgMarH2kgkM08thSsxhe0rfAAjGVbGEQWpFWDS0+CXTEYLu2S
-A0fgLzVvlU+60EmmSDdOwNMTeKmElbD6fw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2C:13:8F:C5:0E:27:23:D1:D1:41:DF:DF:61:84:B9:4F:F1:32:EC:31
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:8e:a7:dd:16:a9:a6:c2:0d:1a:ba:ee:cc:e6:7a:59:dd:b1:
-        9b:f2:70:22:7e:c4:3a:eb:9c:95:0b:63:0c:39:df:67:b8:5e:
-        14:7c:b8:83:75:d8:de:35:fd:9d:bc:1f:2b:87:89:ae:82:85:
-        de:35:26:ab:f9:40:16:ae:6c:9e:9a:b0:b5:97:5f:c8:19:7e:
-        7e:de:96:79:0b:7d:df:5c:8d:05:a5:99:fa:b5:bc:ad:f8:af:
-        9d:7c:75:de:70:73:0e:ae:1e:08:e1:7b:36:8b:23:21:99:bc:
-        8b:6c:2d:de:90:f3:c5:df:7f:15:c1:69:89:15:a5:b5:09:21:
-        80:c4
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAsTHk5vIGlzc3VpbmdEaXN0cmli
-dXRpb25Qb2ludCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAULBOPxQ4nI9HRQd/fYYS5T/Ey7DEwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEADI6n3RappsINGrruzOZ6Wd2xm/JwIn7EOuuclQtjDDnf
-Z7heFHy4g3XY3jX9nbwfK4eJroKF3jUmq/lAFq5snpqwtZdfyBl+ft6WeQt931yN
-BaWZ+rW8rfivnXx13nBzDq4eCOF7NosjIZm8i2wt3pDzxd9/FcFpiRWltQkhgMQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem
new file mode 100644
index 0000000000..bad89bfbb6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 15 05 6F 6C 5F D9 9A 75 E4 34 10 14 6D 59 81 D2 57 30 BD A4 
+    friendlyName: Valid No issuingDistributionPoint Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid No issuingDistributionPoint EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/OU=No issuingDistributionPoint CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UECxMeTm8gaXNz
+dWluZ0Rpc3RyaWJ1dGlvblBvaW50IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExQDA+BgNVBAMTN1ZhbGlkIE5vIGlzc3VpbmdEaXN0cmlidXRpb25Q
+b2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDYnGAHOLgjYWYIB7Bwhy8gdYVPI3JzxjmJzIWNO4uPVoymvcGg
+8CbIcpBtwiMtUpGWzF6atiNmJZRBJNFbzdUnIrxPDNiNaye0dIkK84WQ6uZwM/DJ
+Uisv3AJfMbZn9F9Pla9oHg2M8jiihfcaynBmq217R02tl4fESdxKQ1Nik4PhP2ZC
+UmEFmQBOZ/uc96vO6GubmzgfliuC8sGr7Po+vPFbIMue7PWUO0RKhzy/s0ax1fsT
+wJ6MlTx5ooxGNH1oOzqK/GIILIDt5hLhaDOSNsMh04DYNn7zl8tVwoiytL6l7UCn
+frOaoHG7DiTMe+BQsxrlM6VahvL96yaNcYqVAgMBAAGjgeYwgeMwHwYDVR0jBBgw
+FoAUs8tUv2qd/J/HMQ6SDKdHa5kAnzEwHQYDVR0OBBYEFNyZy4jEXZpmtXy5hf9u
++nIIofF1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+eAYDVR0fBHEwbzBtoGugaaRnMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMScwJQYDVQQLEx5ObyBpc3N1aW5nRGlzdHJpYnV0
+aW9uUG9pbnQgQ0ExDDAKBgNVBAMTA0NSTDANBgkqhkiG9w0BAQsFAAOCAQEAKeZa
+DkaStqGWn5oALrJNBu6TN3iP1I4SQzEzchWs8DgM4EcHqvbP7erNZIRN7YUWKSWy
+Aqo4AFPWQWpWiW8oLdN0lngVBmSDD5BcEZnyAW7sjWp2m9qbaFowRg7VS0IVJ4FY
+2OOsAPefbsOuQQDiF6TRSbpNbu4VmUMjh+dYB3GXpqu1NMjv/L6u22x0AbRhwX6K
+8+DVBNDVN5/8HtW2uCtBNJepBfD67nvnpTJe8a/z43DKhsAhO1gh+ZDgzJ+7ZV48
+Z9BgV9NLRj1klaAFYKvPNWfErmFv4CH0hmr9OvD76MXebJMEfnsAXdK+92syGZUm
+R5IhOaKuIKb8Nj5Haw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 15 05 6F 6C 5F D9 9A 75 E4 34 10 14 6D 59 81 D2 57 30 BD A4 
+    friendlyName: Valid No issuingDistributionPoint Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BA6BE07396142839
+
+jnrtJ2XYc6ifyh6GqoXQYNgizHjemzQf905NGFRl9vRyGLKaUtcVBrjxwniUM4PI
+LWt+clqZ6XJNUZk816nmXp4CYZlNiCOZ8m9RH3w2uGS+BpNbPNZMiAXswxOAmlw3
+8527XorK0Bic2r9AystjMF7iOLr2EWlJHMGgFrhdGJRsxKmmcRXLM9SRvUmzBCOe
+XURrQRRDOS1K6ahWunM06UsoNIaqFNsj8kNGetBkGBIaX0nZklMGRPorxUf7EIlk
+QK1mlCZ3IZya+sZnJJe2tp5F0QJMrJeJDJzBkfnLrHl3cgG6QL96HtetMlIXCRGS
+INieUZ+wcHmaoc7odMCcnhFimi3fWMmWdx5DadkmIOyHpDwf61a9ZSTYtMV7DDpn
+RPiKr2JUfkORyApKJkt7Hl8NdjJ6a+xO/wPSAvFcS4e8+vlEQka3Sdg1jqLL9Ujm
+byYgug8eJLz5kag5tWyDa8mDwjQfqLxt6vqGToXK+fqetC8gYF69Ap5fj06453Bd
+/nWb7IRYbctBwECaRie4EU33sl/A+z+0XeOHZEt6EEEa1NkEyKbl9fEx0dM7Hxjx
+mTdR7cVhDcKa2IFNft0JQL5Tz7WfxzNKK5w0DQKX2hemURH7pqXQuWWxzmMjjBuW
+xLw2LHqXe+9d6xNzfJCWRLOiFQ3vgQGsQIkInWg7LwjlFEhmgip4PPokj9oPJyoY
+jRuy70kFDfJm91OY+EFMByHpcTSClRbn0eGiVRJbXfoFCtJBjz3ylgO4eWnIqTe1
+gAVlVXyyED6kTRk2TNQaWrEfyKcW+EnxtfEv4nsMAxSqalr8ysvnp3aIrVYd+t92
+Z9fi2XE+Liuj6D+5jZJkmiIEOVI/ZwYq9TSti6vxh8BSeV6f8T5pzzQZZiJwK3HF
+I7p6est+U+YygiFHL2mKk8pvJGylCV06YaPCeZQYuTatHXCIRlHSKXLhVnk5OIKQ
+GsK6yX3YgFnKyprz6HwYhaP/U9vzcKieVFduUsEKZjTLTJLPHeOdOOEGguPqoqyC
+Ky7JAYFdP1LAQHzEB9EL5OwM6Bd6KRqcvh638AO+//E4pNh6E6ffzmNH9sbb2Kyc
+rcTHKe0VQgxCBpwtpVUmUEYEm9p35DzbgIeTxcGtD9F8FK3I3YNobpPD+LPTLowp
+DvAJCUN0f9ABDM975WQNLlg3rlDOd6zYPrKoF09SgwF9t51auW5VokFpb3tJ/HZy
+JeR9vmzaaxTEdniUNh5NIViATsOiU6GEB+res0jUp9LY1k3AGWQyXvOVfH0hNu+6
+8xdWMnrI5HL5aJPrdW1KbJc/CA2UJZlKBgvkvNlmaE2mMb+TDpf1yjGdnfa4PbgE
+pGVO7q3UMo0YwRQ7nrnnSKKYR/o+qFD3NaqH09aOIC4DBYWLGkpyQBrAIqqpqxWR
+f63qrqCKEr5x4eSlvi8BlTeE1wEmBNYdb31w3mb6abR25HOtBRgL3jwcY0kgbT7r
+KKlMSazk8EauLfjiN78KQQEOmFtAlaTzXDTyQdlc/x7YtBoRaUxW2pUy5gA3EMG6
+TB0eX5ypHp2bT1Z6oTudUskfdas7lSGjeoOtqHN1D+8faN20Yd/GoQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem
deleted file mode 100644
index d149d03e72..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRv
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEyMDAGA1UEAxMpVmFsaWQg
-UG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALgTGZf83aaKeqRSCQeN8oi48i9I5mqVX9efN9WkjfAK
-0nLfV0GeAH/Y/LTtj99jOSIb2O1g4ayQ2SHb1v1UzTznfAyhVci9Oo7WBv5b5MMj
-+YezniLhIS7ChaLLIXfseVOQx53crjUb+/hfbyPMF4tkeKwNTVkExpxhq3Yp1MLR
-AgMBAAGjazBpMB8GA1UdIwQYMBaAFDc7iqG6jad0m8Dr1jnLIQyNo1Z9MB0GA1Ud
-DgQWBBR4R7AhWkyFIZrXxZjG6W4kxTE3YjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBAAqwYJLUYNcvDniG
-4QbRntW//ZZ/jickxsLRWl6odrI5ecwfekAm8+zhuhtPTNJE4DvDEpZQDtzyRxQF
-ajMjlWFIZ0TehZVSSLGCX+DXAMgp2YxiDjIH8KsbiFT723q1y02U1RPVFiU4Oik0
-+3Cc7V4svmKHw4Dw+GWM/WuMHwJK
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBMDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPTWFwcGluZyAx
-dG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXwTHRx8gVHWtSe1VX
-oLPFQmGX4Y0U4v535jowfMd9254hmwW4VbZzK7rrXGOAimFxGHKwa7mkPEo80MIW
-8YQC5HZs3jaXLh/xsmV1qlzwceCXooef+wu8W0pgoJ63MmY+ZJWiNK2ygRV/EVFF
-x2ii8ZGDW+SKEX2WIYI7JhmcTQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ3O4qhuo2ndJvA69Y5yyEMjaNWfTAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB
-/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/
-MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAphAVDZECciXjDiCta9HU
-ZubezLaRjcl0IaUmTlvuhUqkfGG2x1KhB6QTq7JGCmBrlxL93qhU+8sGW1k26/3p
-c3hc60bKZ5oBG96iN05oLWWF3udbqBESMO7gn1zX14s97qLtuqQAyuERy2L2uOkk
-n/emInqTFTixe284WjHR3XY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:3B:8A:A1:BA:8D:A7:74:9B:C0:EB:D6:39:CB:21:0C:8D:A3:56:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        29:63:8c:57:a4:35:bb:2c:2e:a0:1e:7e:c1:e2:0e:39:2c:83:
-        d6:5f:29:3a:03:70:63:aa:1f:42:e8:fd:3f:64:f6:8b:ad:86:
-        27:c3:a6:5d:48:9d:ef:6d:bc:be:7a:24:a9:6d:b0:4e:4d:58:
-        4f:52:c8:bf:dc:70:7c:ea:8d:5e:54:12:db:5d:62:c5:63:06:
-        2e:00:b4:d2:fa:51:6c:da:3f:41:04:36:14:ce:63:b5:46:e6:
-        7d:10:01:db:50:07:69:82:6a:34:45:0b:38:5e:f2:d5:8b:77:
-        e4:ea:6a:7f:9a:18:fa:74:ed:b4:5a:ba:68:f2:68:c4:d2:55:
-        17:9e
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRvMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUNzuK
-obqNp3SbwOvWOcshDI2jVn0wCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-KWOMV6Q1uywuoB5+weIOOSyD1l8pOgNwY6ofQuj9P2T2i62GJ8OmXUid7228vnok
-qW2wTk1YT1LIv9xwfOqNXlQS211ixWMGLgC00vpRbNo/QQQ2FM5jtUbmfRAB21AH
-aYJqNEULOF7y1Yt35Opqf5oY+nTttFq6aPJoxNJVF54=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem
deleted file mode 100644
index fb6f7653a8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem
+++ /dev/null
@@ -1,172 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0Eg
-UGFueVBvbGljeSBNYXBwaW5nIDF0bzIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBeMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRl
-IFRlc3QxMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqoi/6nU3Hb2K96/H
-+9K+tll1HEWk3nCTUyNxX51p/j2CU0KannQFFBA/eohAi2m9L5Yo8awWKb1S3Bya
-vEGNPsdIVYLlSJG9P1epb+In0KNB8zN+UZv9Zrahi/B/3SFS1qUgTV4yLI0/V2n1
-r3YmjyOxr4h+Zqs6X90lEEh4mmsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUkdfhtaSW
-CJHxonEvZtkne0qCk5owHQYDVR0OBBYEFD+Y+xstb3NLUv3ikgoUQ21QbUC7MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcN
-AQEFBQADgYEAI17tZ0uZ0tu3HpgcRcjJR6m4HmsRao6CJ+ew7HfvWfVRE3x86Deq
-VFDnp9mCv8VKw0ChV4tPFdkw+ceSsgThjSHvxZbghFC6YnG5Ymj9X/zjl4NCujCQ
-Cw37Mi1UZYryKZ7+qODmExTxKry4nIvSUvYei8wDynu54uzjbKv7Jc8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICtTCCAh6gAwIBAgIBFjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFu
-eVBvbGljeSBNYXBwaW5nIDF0bzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ANGY6UqVJ9oB3KneANaPiYS3vFaEAo7CVhPn358boVTv2/wQv8iwT9MvDcASa4Fi
-5kaob+B5k7T8qjNOtxaZJb69UDUDsAYww6r/NK5pkS1KNf7CJZW6/RQC06GsivKO
-kQoudXfGEjAMhmHNuEXS4biTlRuVUXJqLPq2yLwAJPZ1AgMBAAGjga0wgaowHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJHX4bWklgiR
-8aJxL2bZJ3tKgpOaMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAw
-JgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB
-/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBNuXYJvgOn
-wez9J/K4ZZhWpMPo/7Qso2S6BAoJh7QdTymJKxD6nDnPwetIpbQkbEtq+V30ZA+o
-6v+0cntT/I7cm9JKOXMOKn35BODzS8u5UJTDwWc/l5SA0scCSRfTT9LJambCyz+m
-C0/k+v5zw5VpFozVY4FoV4/KnwIhJPuDwg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:91:D7:E1:B5:A4:96:08:91:F1:A2:71:2F:66:D9:27:7B:4A:82:93:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:e7:b7:e3:46:cf:59:49:72:d2:0e:de:0e:f6:c3:1a:ca:34:
-        59:50:f1:2d:fb:11:31:f7:bb:b2:f7:dd:0e:fb:bd:6b:7a:7f:
-        e7:dd:02:be:6c:7b:36:1c:49:50:38:d9:85:67:97:a5:0f:84:
-        49:de:8a:d5:0b:d0:36:fc:6c:4a:82:cb:83:73:ed:1e:af:31:
-        dc:0f:6f:eb:69:18:67:b7:fb:1e:a8:1d:a5:36:84:dd:05:72:
-        52:f1:51:e1:93:6a:ff:2f:92:6b:7a:c1:67:90:0b:7f:66:0e:
-        f1:83:22:d9:52:5e:f7:58:5d:5c:7a:1b:69:84:91:da:b1:18:
-        11:c2
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFueVBv
-bGljeSBNYXBwaW5nIDF0bzIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJHX4bWklgiR8aJxL2bZJ3tKgpOaMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAJfnt+NGz1lJctIO3g72wxrKNFlQ8S37ETH3u7L3
-3Q77vWt6f+fdAr5sezYcSVA42YVnl6UPhEneitUL0Db8bEqCy4Nz7R6vMdwPb+tp
-GGe3+x6oHaU2hN0FclLxUeGTav8vkmt6wWeQC39mDvGDItlSXvdYXVx6G2mEkdqx
-GBHC
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem
new file mode 100644
index 0000000000..1dfa4e8164
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BF 28 4B 8C CE 26 A8 81 42 DA 3B E4 E0 16 5B 68 08 A3 F0 9F 
+    friendlyName: Valid Policy Mapping Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiR29vZCBz
+dWJDQSBQYW55UG9saWN5IE1hcHBpbmcgMXRvMjAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTMwMQYDVQQDEypWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC+1d+dhBTDr0hkQGmjN35m1EjSSp6klcio007bUt1XEDFrmlcLqUaXwh7h2Llm
+uQls+Tg+dLpiJNkS+rFqhiMY/8juZ0cJ8kTzzD3tF2Nn6Cjt9643MAFgpJhS2m01
+/6jf4BSbLIy4bZCpes+3X63YPn7HkypNh/praDdnsBl6FVdMVFgSVF/IugL4OQHd
+sDGFTlxLbslcKPdGGKnMWRV1M7Socp1saxeNISc7O0PxN3HZcxthxcmQIw6yYCRQ
+sGM2nbm3kqvjVDKP4A0wxirsP44bIuO+XplnSIjflFDDYmwHdwHRQj3wY9bBBmp4
+cjCNkcCanyNupu7ervRfxQT3AgMBAAGjazBpMB8GA1UdIwQYMBaAFFtzeZnjrgbT
+iqYzThR45KAdseTJMB0GA1UdDgQWBBQ3/goQT3nXcdLj9bsgs0wszyJ9qjAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEB
+CwUAA4IBAQCqSXXia8C9CKK76G4gSKmXrWLRVJ/uE6oXYEKiGRWKny3sKj1sadSF
+M4k2OfXuYCYUUvs+kZAulOeUZ02oh6WOEY9o4YH508JI5jyFeCzObQYqL4G84NyQ
+Cz96Tedck64RUvcuPw6BqyrpMqVQslCrJGY/O+2jZ5kWi3pRd72r+z/6e7OvS/N8
+F5VRU797A3vTwbbM1tjBlz0nVyezE9rdo81xP68jeKRnveQXsn1RGUSMLnT6vJbT
+KGU80YD/l6dJgBS5qhgGYYk4ZxJuHBkoBfeHuM0NcwZHfqYowccNub7q8x1fiNoj
+lo2TLCGcjka1s6RCQnucPVgfxwq1D8lC
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BF 28 4B 8C CE 26 A8 81 42 DA 3B E4 E0 16 5B 68 08 A3 F0 9F 
+    friendlyName: Valid Policy Mapping Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F840D6C78D9E33DF
+
+lqRQHkeQ/Mysa/UqRSP6CZzr6zT4MUnBJFqXXcnadQaqJhTIN8Uf8pouaLIpskdW
+ddbPI6Tif+OjWPyaMuZSjKIz58XDqPXkIlAokYlZrl/KgdVMUns0H7tZt/ywCql/
+UnNEB5N4K3bDBTKE55qEubh6iwA2EGWpo8VzwZea5kfBBsKFJVtZgAhFuYqnJyO6
+lUnNGhdFLGgmpNed11cvQoA0UKGfQvBlFwsRZyDRTq8iBcZ5fMhp3uuFybK9IluG
+RaZsMai7Sm4hif1PvsTGor3JKFmawWckiOb4sGluvWVRDkEn/2C2LY1uETJZd2Cw
+nGiuhsDf5Feu0nYw+E3p5UIs1QfFYql/jE+1+xbGzDaj2V805l4e7iQmVgjbVYBy
+tzweGtTswnMGoPkppqdRBUH2p2nbtMPcnQyRlmvD61OUWPH7WAtZwg44H+KZ3zQ2
+WlB4ewMXGcvlVN6xhoRq+bQlRmHHlWR1Kx7Uyn6Fkuzx7RnTb9waEgoVXNwd1fWc
+uh/Z9NKb7blyKDsZyf0zMkrJzXSYLTWYD9JnMpi8Z7Z5nd2fd8oRTHSpeudauUE0
+r28vrjTMEFZg8kDHX0pnA7HenZXSBhL93VOR88d6y6e52uG7fb05bhk+xD0HZcg6
++5kEtq7kfAaP6OO10EGwOQJXIY4p1xantw9yDTR6hL5JkP/byG25a7i22onEW5Si
+51Kv6dJuIHG5x1dVxpA/DsDpD1raQknyI0ZS/R1K5GAtjJ9zukagARKBrlaQ4oTp
+zpg7EKQhN8NAE0O8JDlx0WpQ58UQznPrOTl+RLjA4QeI1xRektZygH0sf44mMu1T
+M87ZNfydc3/mjvopj8Ki+AO1Z/8XaxXFCdGwSC7UKHK4+3tAUrolsuYq1mE3TVHv
+GIEuSnojFg9cy5BX5bjdNH5QawWBot/5tbYzrD+OO09uhVPWRaHTW8N4ZW7G4OVp
+eROdhI4SlE2Zgg0vBRKZBL6LTAa46ozF8IM/2kXdXkFtQ4DCd8QAA3HwfCGW3G36
+TxvaWknmvqryn9SwXqv3tAYK///bhNh+5ZqXNkethdWIcGkHRC+DEjxe4XDN1zoy
+YIzkJHq2p1+vD4Iga2Age3IVCKrHBHCLLLk9UbMv+pUas5tK4yIyAG/ND00lUgoD
+ZMDHm3Z+9swm589tg0u+JpwCiCLSg1NIAE0Uj5AnGNil4fyzC8DhjeXJtsZfEMTu
+F6TH5qnPV005k2xTACe3uSavohAY40RwCKsG+RklAfh32muUWJy8tFRHKGkop4Np
+n1ezz15Eq0DsxQo5bLUNvx+1t/dCHxffPtb9xcXM42wEwNP/EOLwmBr8VUSOBNn+
+716CO3jvXQHc56RV+NSEz26kH9k0c9B6vrzeT5RDsrP+TtLPH1hxpyiRz/DtO7X5
+XwDIXZ3Kh3vti7/pwJVGkDJ5VwvF46HsbnClND/UDgnG514++33sBWP95xXEKpQH
+KnvFxgm/10u1AywBl1yq3hE7bulSrcaAcO0Po9EkQXxT7riCAn4eUPEO/x55Jrpn
+rLWP59Ex4GTo56fMXhEctw8DkYg7NDwrTkM42wmD1CqWEbG29x4wTq17mTvyGepy
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem
deleted file mode 100644
index 2f35a62def..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIEKDCCA5GgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBeMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKlZh
-bGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMjCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAiDGZx3j4WZj3UIYQBpID5IJr0ES7lhC5FAa2
-ErfScZEz3LrPW5r859dobtF5TBB1IGznyZmZBhwl2vmDMTOAJV827Mwn19ELd+Vx
-wAtFUtNszWAw1CQdx+kH+WJka6JxXPNQGWzgn/Q+Cbrq5BStqcZTHtF1NhVX4c+/
-9RdkUesCAwEAAaOCAgswggIHMB8GA1UdIwQYMBaAFK3iChOtUm0lrM2pmKIKBGit
-cq6yMB0GA1UdDgQWBBTkwpjC2Np+iZ8a8Y6b6DTyrLrvrzAOBgNVHQ8BAf8EBAMC
-BPAwggGzBgNVHSAEggGqMIIBpjCB2AYKYIZIAWUDAgEwAzCByTCBxgYIKwYBBQUH
-AgIwgbkagbZxNzogIFRoaXMgaXMgdGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlm
-aWVyIDcgYXNzb2NpYXRlZCB3aXRoIE5JU1QtdGVzdC1wb2xpY3ktMy4gIFRoaXMg
-dXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCB3aGVuICBOSVNULXRlc3Qt
-cG9saWN5LTEgaXMgaW4gdGhlIHVzZXItY29uc3RyYWluZWQtcG9saWN5LXNldDCB
-yAYEVR0gADCBvzCBvAYIKwYBBQUHAgIwga8agaxxODogIFRoaXMgaXMgdGhlIHVz
-ZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDggYXNzb2NpYXRlZCB3aXRoIGFueVBv
-bGljeS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCB3aGVu
-IE5JU1QtdGVzdC1wb2xpY3ktMiBpcyBpbiB0aGUgdXNlci1jb25zdHJhaW5lZC1w
-b2xpY3ktc2V0MA0GCSqGSIb3DQEBBQUAA4GBACzi00c5I7zzf41Ca5Ln8KYqgDts
-W6Jh0j2NzYtm2W1us5l1tx6UsE5uygoREiVScCXanYaKtiwW5QDqMZb/Uu+izmIW
-QRefqnHnyJqXxKQx8UwS+yNaIjT+ph7SJNF/DQrNwYWtNBD1vKhcNe8MDKWjAr9J
-P7k+rI8qg8ug3og+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem
new file mode 100644
index 0000000000..495ab4e8e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem
@@ -0,0 +1,69 @@
+Bag Attributes
+    localKeyID: 49 2F EB 88 FF FF A3 77 C3 69 8C 7E 41 1E 11 B1 62 70 EB 33 
+    friendlyName: Valid Policy Mapping Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+-----BEGIN CERTIFICATE-----
+MIIFNzCCBB+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTUDEyIE1h
+cHBpbmcgMXRvMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGMx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTMw
+MQYDVQQDEypWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0
+MTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsR+um2sZ2YQ1PJDMx
+PRcsr0/O2t34DJXXvPuOJwddAxPoy89/ARwwYTkA9PXt9KgKpui/y4zFKMEbA+8H
+bZLQDzwxIxLtL8sxEarXLfvaCnmRDlw/gW0onAhdfcfxfrmlX2c2IaPulEzU14xE
+DgnBF+c2XgmRDRZcBTVrrdcHf7/pvnYU+De32CTzBJLox3TAALRveoFaHEBI79/9
+BELaRR+ar6oiKByFa3WMM8vszIr60pC1S22V6kq9Mz1EEpZo6RyfqzzbInXQYG0f
+6PS0sz5lDPHxBkNJh1LmIubJ5T4/Wz+eDaHkUYVtj4o8b5Jvab2kbOiy89E5slOf
+xsGxAgMBAAGjggILMIICBzAfBgNVHSMEGDAWgBT89I1hMzKAfH01h95fUvtp8R3B
+EjAdBgNVHQ4EFgQUH9UDtvGnSGlr19U5qGCO40QW4Q8wDgYDVR0PAQH/BAQDAgTw
+MIIBswYDVR0gBIIBqjCCAaYwgdgGCmCGSAFlAwIBMAMwgckwgcYGCCsGAQUFBwIC
+MIG5GoG2cTc6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmll
+ciA3IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTMuICBUaGlzIHVz
+ZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgd2hlbiAgTklTVC10ZXN0LXBv
+bGljeS0xIGlzIGluIHRoZSB1c2VyLWNvbnN0cmFpbmVkLXBvbGljeS1zZXQwgcgG
+BFUdIAAwgb8wgbwGCCsGAQUFBwICMIGvGoGscTg6ICBUaGlzIGlzIHRoZSB1c2Vy
+IG5vdGljZSBmcm9tIHF1YWxpZmllciA4IGFzc29jaWF0ZWQgd2l0aCBhbnlQb2xp
+Y3kuICBUaGlzIHVzZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgd2hlbiBO
+SVNULXRlc3QtcG9saWN5LTIgaXMgaW4gdGhlIHVzZXItY29uc3RyYWluZWQtcG9s
+aWN5LXNldDANBgkqhkiG9w0BAQsFAAOCAQEAfgUmAvc8LV3+9l0DE8PptL9L43/o
+bdmYSWhMK8uW7yPnOAyuntZKIT/ssu9oSHFL9dBP5HAnJWslHJqimNZAGanekms0
+uXkiqBOIEP6aMcnRKd734CgiZwnpcFzjPcVFySmBmu9/MtPOGXd4t6n8RrOewe9m
+0HEi0c5/FzdmXz4KtIrTxRSeB1MGtle5kz9ks4Jv7YVyqg62vagxSxYIYIQahYTG
+e3ilDUmdh9ws0RmJgp7PTQ/gV5qUwfWfv/tMWhNUyA/9bdCql87yhNTxokTdkmiZ
+N4ZkwYg0No52Fiue+ymxwvF5R6P36fDEP0phyjh6qv6NYxsdXwd97AfS9g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 2F EB 88 FF FF A3 77 C3 69 8C 7E 41 1E 11 B1 62 70 EB 33 
+    friendlyName: Valid Policy Mapping Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9E7A9E29418DE97
+
+pngogO5dyMFXmvYywn7YrUkWww8K5kDBvb5Qwg1Nzbqiw9uwhvLFzCnN5g4OzOtG
+0T1A4TvSLdcEiVfnF5ZMxbzG68dVZ+xFu5Gy77CenCwYP8WXsqkLvj0YSqlHvg0L
+Rwv32AfltHb+P/ZpiYktGDECxwW1EeGkmm4ZaJL59VHHxTY+aoSNbc8X0lGTsQ0n
+qVFJ4+T/al8f/gVy0wKek/YxykCW3BAigFjzTvFm4LIEZKpPZTJ2sfMJmS217gr/
+9voeF1CgxM/ZD7ZLqYLvADNgDfE9qY89y5lGd4QNUxi/AwIuat0smoS4O3+XXVk6
+XmBQAir/TMh2QnZh5njazYlmKJgQYVw+ePtLs32Sith0lGWBK2zltVR2JcfHaUmM
+j8sXdlSM3M80ttIIQLImJS46Pi9ncrqoRFMx44EIvR/Acd+931LvaCzXpxDO/NTc
+aO7M4t6o5Ru69rLOigRkzMMQNFRr4zk8cmkoFiQYBtYshB3SOMGkK8jUpuAIRrUc
+8q1hpc8jWFCFim90Q2cLA7O0jROIZcZ1tubXc+uEP38pynbveWgxU0rf/lm2p7j9
+ZL3xp7zrjuGddS13ayR6vTmC67dBqF4ErJYK/3sUGTUwMt4WTGqXrlbSbnoZtee2
+OfqMUtc7GKnQjDFCikP6V9b6lGLsbjB+cuGxNdMliE3pxDQ7k4pLMiQONkBCHOVp
+z2BMZNuiH0Ow7gbQKOvmzmnFtKLCvJ3PSL1EszbG9pIcL7mmGshae0Jk55xdfZrU
+yBuMrAKipKmsKJUEh9yRAD3ikx4XP6X7RSw0o/61EOQs9VLZgmd0DKAdWEvQNlWU
+AYiehEodiNOxxcoGHzdBj20U/J7EP5cxa0KkNGKwQsDhbAY5kBPpTAjtqAfs5yg0
+p/l39O3c7ueXczy9LgoQ0nzNY/pXtF8jvPhQ0wlzkGOecbZSTVAbmUAj0VT62Ntx
+oaUHZ0o4ybpiCV4ezi9zPv3jkKBWYeKYpCAWJmN4uA59BNLnoxaIYonoX7mmg2rO
+GFizGXIfGQfPnm7ZVCLbXnjcgRsrUKhStYWR1+/C+8Ailo9QKz2BPXYk33GgPVXj
+lxqvUGdWRiBGDRIVbBRhbOxFTHltU9JWhQ/i/OquOYs76s7oj8PWFH9UNtUymVyy
+OyBqUse9+HsveOc03EHbWJYOTpgTb4eggQJ7nY7nGl4m/Lr3e+hZWtC2J1AgV2Jp
+VVgNiq+OLek7V3J/xzmqbUDwLgNZLVUD0bD23AbinegemBn+UxyKd51EoXziqh3z
+a6/n9V1NS34O1WW4t9kxRwKhgToWD2D8wFmbnLjFQhBfRm8jSX0VxW/x5Nb1Zmqi
+9Ekjobs2AdF4EpSuz7OrJS8kj8vuSAicAPVfjGjIfUoUvN+qrS+b+S5WFggHoh3o
+8PeqZkVbRFlPqpJhTDjxf3eeuFAWbuWzv5YTa6f4JWbq6zbQBkSCfvxZq7cwGETX
+OOG1InOo7RhTIT43Ir2i4uLyUzx0Ah7C5SMDtzCpnDHEtxJRbxXMDijHJ2/m7M0w
+oC81X+tLMxpvh4UQ9fJubiqR3ON9UiAB88c5CEhr8iDKr7KYWqCP5qQ+OPOh9c3w
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem
deleted file mode 100644
index 2399b4163c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5
-IE1hcHBpbmcgMXRvMiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MF4xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEG
-A1UEAxMqVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEz
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr5cG4yqBgXjIPkt7dHP/MFNci
-pUHmbTfWoxKfaC+QY/7vElma6sMegYccM49fDN8CJSa7iF0vwS05cS1euHk2PfLF
-nJJamoTpf2iKxjqy6wemAmTH1cnEAtuhyArNadJXjvFmwV8bxyyaFW4GGnMj+yFe
-IJoTD65IuQMOLLg+xwIDAQABo2swaTAfBgNVHSMEGDAWgBQtN9I/nlnZ5r5Xovdr
-DxCCpq0D7jAdBgNVHQ4EFgQU3ZrqolFiawE0EWsHD7qUUa6V4pkwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQUFAAOB
-gQDgNwimYbq6g5crdMRHe8S69POQl1I4Qg6ZD511fwO2OUU/rmIbvqW5faGKHPMq
-Ubun6DrzamYGfx8HCa/vn46jaRVC2tTqXgiy6aWGMHv4MJl1bxS/yR8hqdTEWjG5
-GFkA7UWgU8A3MmmIUaBCs2QK5ZqTmsYuqX2inlGtBcvTrQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIEHjCCA4egAwIBAgIBNjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbUDFhbnlQb2xp
-Y3kgTWFwcGluZyAxdG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs
-qiRQp8ZU1kWOS/tvtPAlHT9dGf17useanNh/sRHafDBRsOVVlS+kMA8Ti/8uecSP
-PEMznqfzcf7wvC64FNOt2P3rD/W3oZ7MShTLQF6C5mqsh8A4T+DDgdhNG5xtOAfg
-buRxp+A4KybQ7YMzRHnb5Z6UEKCAOv1NmaQpQU6lFQIDAQABo4ICFzCCAhMwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFC030j+eWdnm
-vlei92sPEIKmrQPuMA4GA1UdDwEB/wQEAwIBBjCCAXgGA1UdIASCAW8wggFrMIG5
-BgpghkgBZQMCATABMIGqMIGnBggrBgEFBQcCAjCBmhqBl3E5OiAgVGhpcyBpcyB0
-aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgOSBhc3NvY2lhdGVkIHdpdGgg
-TklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgYmUg
-ZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBUZXN0MTMwgawGBFUd
-IAAwgaMwgaAGCCsGAQUFBwICMIGTGoGQcTEwOiAgVGhpcyBpcyB0aGUgdXNlciBu
-b3RpY2UgZnJvbSBxdWFsaWZpZXIgMTAgYXNzb2NpYXRlZCB3aXRoIGFueVBvbGlj
-eS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCBmb3IgVmFs
-aWQgUG9saWN5IE1hcHBpbmcgVGVzdDE0MCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
-DQYJKoZIhvcNAQEFBQADgYEAqZ6Cif011+oMzp6bcMsfzt9sTBgpT4l35AbTC5sm
-zp3ur8X5X2G604yKkSXe1cf0F+fZSE6zjwizb1YG0owt1eGWSxCdAlkIFRang7OG
-Z93bEKBx3ysDYCKvemx0f3shGqJVVzMBo6JP6JX7Jnn385UdwdKO2dWzVhHXsP+P
-9sY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:37:D2:3F:9E:59:D9:E6:BE:57:A2:F7:6B:0F:10:82:A6:AD:03:EE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:52:84:5c:c6:67:e1:f5:70:94:c5:af:b8:de:1f:38:dc:b0:
-        65:8a:69:80:b5:9a:f9:2f:6c:13:8e:83:5a:5b:33:01:1c:d2:
-        a9:c6:c7:09:92:cd:17:9f:bc:f4:30:d8:bf:8e:05:c0:98:d4:
-        dc:be:b5:31:80:76:30:f8:35:48:45:a5:25:2a:92:df:1d:ae:
-        4c:88:5e:34:d5:ea:39:8c:f2:e4:c7:e4:c1:35:45:3b:6f:6f:
-        f3:81:e3:2f:43:ad:ae:e3:98:3a:7e:0e:48:51:cc:a8:15:38:
-        ce:38:31:9c:36:5e:a0:eb:f5:16:e9:43:a9:5f:77:a4:bc:44:
-        c4:0b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5IE1hcHBp
-bmcgMXRvMiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAULTfSP55Z2ea+V6L3aw8QgqatA+4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAVlKEXMZn4fVwlMWvuN4fONywZYppgLWa+S9sE46DWlszARzS
-qcbHCZLNF5+89DDYv44FwJjU3L61MYB2MPg1SEWlJSqS3x2uTIheNNXqOYzy5Mfk
-wTVFO29v84HjL0OtruOYOn4OSFHMqBU4zjgxnDZeoOv1FulDqV93pLxExAs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem
new file mode 100644
index 0000000000..facfad2ce6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 01 42 F6 11 D7 E6 2A 0E C5 9E 1E 64 E1 9A 3A A8 E9 5E 83 8E 
+    friendlyName: Valid Policy Mapping Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUDFhbnlQ
+b2xpY3kgTWFwcGluZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnps/1m
+3VaOuWJUszOp+AmWnTRIwJe3yRXQ/ysvNkLsbmpqhnmrpxIMjmcttViCxNj6BQ8y
+AjVAtnVSADQBiPP0ETES+3NEW8/VghqYzGJJ9H1Oxanks1Ef8mI58uQm9EWkqTJ/
+B+UjxgqCKkHhmkikpVT/SupdPALhgRw4cta4oouQ51jqoW4rDJrRhMdlPJ5Vaiu9
+m1N9vPK3FIKHMQGV3t1x8u/8T4xsed6ZynU+05zTwnzNl9mu3mX60lfRkLeSUeMa
+p31xBaivLBPyEB04dzzGQaXdhBN5PaJfw98+xLjtK18L26+jqSf2BPfUVDitbCQx
+HyLvSWWN6qntVaUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHwIoKDKOSoT4uItB8V17
+6CVSa4YwHQYDVR0OBBYEFDxAEkPP6QrslaJxGaIDcd2mbH1QMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEB
+AErtqbfufFlEyw6M9vWlfiVDCONgimPxftB15iPZe0zL/kVsUk6URd1rcQItVKBa
+ORFqxKp+VRg3kYdzgMUeRJB242zed+QryQlZIoaLmp9JGN/rz4P1gBzIYNmTy/pw
+kKqzkUQbzIWlf/0A1wCpI9LAxgT1TRJ5gLF8r1DrAUzB8GwH/vTzNkvPi2VFng+4
+hXds41goc3F49m7lnsKD9bMVEKDwDugcHx3VfeTT4lICGLvILNLkp5noMxSHtnV6
+N/mZvnAHHf3uE/PkXDibuJkm3LscaG85A0fQtiB1UYzm/IFVFW4K0NTHeS0UzyzZ
+UHjkzxIW2sNziGzljpb8+As=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 01 42 F6 11 D7 E6 2A 0E C5 9E 1E 64 E1 9A 3A A8 E9 5E 83 8E 
+    friendlyName: Valid Policy Mapping Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,20959387204DF4AD
+
+DLyCmJEN31AHHkhdysWiXGs0yEAb6X9GIaKERbejhYuwjtVDQ4VxL2fE1h3CQ5Sf
+bZ4aGC2MQvCCqoWqyd4R+mVAnKHtNet7f4CSHMqKP+uSZ7xNYsd22KS51I1+n9mS
+2mPVFO3f6e9X/SW2IQkBrmklSYgSeiB+rT5Xcd+vKHOdegPkU/tXw6pz9ljDBeXn
+NauHimvP6431M45vP9AVePUnahDdirlJ0algSEEa1PbyrZRh12GjaHNwLkNBAYM1
+UUBHsJOX1v5fK3dQsZK3ajVKq+YiYdOnNsUOclO8B3cgecrNcRwOJw8sWrmsDmgI
+VmdxWsScQLlN7jXivJaBgp9ZLoPq7EYXjcm3kU2djT74UN+8yv06XaYkUj13tZXZ
+POj0DmlDjPpzQmZfuPbiGxzVPEynAKQiqsDeKLdRfWXLuVZaH8DBjkCPXsGbZVK0
+lvd3iVDrjAIHjWTgudbRjOoKuGiE99TaislJfPGBcKr6VlT+JsepYFst0FqhSA89
+gbbRB95BLRyLKdWuL7NdunipUPKvR6jj8LSOKcmQx5NwSwIkITBlhdnmwq+luLuN
+ySTfTp8u24Wb+mh6tU/x2tzRM3fFCYszN2yuUA65bWrj6KDr565419cKrfb6pmWt
+sCqHNNZbhOxD2X92tfNfrlq6i638Zbb3iLGP2MZ0qxvw6pAIh6SpC2GkqKdl6yM3
+z2V9yy1grmQbGdg7EpXDbQgaAMvHcwdCwVq4U4LYAG9tuUfDY826xK5RDuUqmPAp
+GMGriZSclEFOSSBgIZFX8n6NBzn1FiHGazyjXNG8X02VxPoAsiwS6lNpcGwciiwY
+2V/8Prc/1Zd7Pg2fz66DdIfPRbVLbMt8tpgsEKgx4isgpiF1oD2MHSLXRRt9ILFw
+gBTwI980UWxVMzmuwtsP6p+sVYSywX7RwDOiHr9HlArFM/SkDlv59fRgmHb/uuPp
+tFeB7RKDsIkJPKP22hAxccLAJiyhb9EjgztV1t3fKtbRol0YCe+zYH7drqbeI5vD
+xkp5M36b2FcZV0fxSFNmLJBo5Xgmoviqozs3sXbox86qg1EHcGtTs6J6J6SFu2sw
+PKAkGNLRC+ZdlZ/AWnZA+cGNgc/H3AZ9u11uXhqLx6/d6GSX6t7VIbq+MRnqYb7j
+6dy+iljT3HI2M6yi6DUU9IovVISVPLq3KGJvwMtv5VyO9EuB3fjmf6HpR5oiIl0G
+6T8R/SB5NKYRZ/bOu7ZUcGkgeMRdLlRk4o/V6xXL6ODFezl7rsgY9F/P7mItXSz2
+b0zTOLSQ62fQJIdmfTxFweh+xBX14o23buUGrp/gRVEEqXpmWMGmjx9tZ3Hpf9yu
+v+l0qA1pGCyq+8MM4Kkpn/sa+gQ2yo9IrDZEseejMTSQ9AGDY9cxWMjaeM6N89n8
+a/FNJIpiNAnqeIABdDfiyzbi9w6pp+8GNxYElF0almR3CfCbg6G3KzkjfkpRy3KD
+E2O5r6r6c7tzVwzCG1T9Q9smO6I+3EwacCAGda5hBPqYK7hv3ng5C+h1PvqNjfha
+8nbEkyRxVI8MqCubPc//0ck/8jRC69flpVaraxrc+72imo9eYIM05AhQEZDTTvj1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem
deleted file mode 100644
index 10b7912099..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5
-IE1hcHBpbmcgMXRvMiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MF4xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEG
-A1UEAxMqVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDE0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw0i1MxqkhMcbORFEu5k6Y4Q0R
-5QY60nT/GZQrbH5OZMueDjhFLTTPfxvN9VWue6NgkPLQ/NgPlm0+DDz0+4dyMi0F
-h93v/27ZAOtBk0eTVvvsCvAyD5EBqW1PWcZHX3oWyaY9AWM2JHrZv8M/toQ4CA2V
-yJOzEOf1bJBfj+SUcQIDAQABo2swaTAfBgNVHSMEGDAWgBQtN9I/nlnZ5r5Xovdr
-DxCCpq0D7jAdBgNVHQ4EFgQUBBCEgvxOOcAPi/H2IhqSJnWk9mgwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOB
-gQAg9tR9jL/eux79Ixd+MLGGfc6YC+FUqLyNErhpSQ7FiCc1jPwAFfyuPLiyBmJS
-k601bFn5fO2LKSSocHH9ezXT+x0XHajvaNlNd2w8YXKtrW5ogwty9q21c4VCuLrE
-ej5cBZPdSyp4RBkdBnjfPc2vRW6x0g3EMA03aYr0Sc712w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIEHjCCA4egAwIBAgIBNjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbUDFhbnlQb2xp
-Y3kgTWFwcGluZyAxdG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs
-qiRQp8ZU1kWOS/tvtPAlHT9dGf17useanNh/sRHafDBRsOVVlS+kMA8Ti/8uecSP
-PEMznqfzcf7wvC64FNOt2P3rD/W3oZ7MShTLQF6C5mqsh8A4T+DDgdhNG5xtOAfg
-buRxp+A4KybQ7YMzRHnb5Z6UEKCAOv1NmaQpQU6lFQIDAQABo4ICFzCCAhMwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFC030j+eWdnm
-vlei92sPEIKmrQPuMA4GA1UdDwEB/wQEAwIBBjCCAXgGA1UdIASCAW8wggFrMIG5
-BgpghkgBZQMCATABMIGqMIGnBggrBgEFBQcCAjCBmhqBl3E5OiAgVGhpcyBpcyB0
-aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgOSBhc3NvY2lhdGVkIHdpdGgg
-TklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgYmUg
-ZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBUZXN0MTMwgawGBFUd
-IAAwgaMwgaAGCCsGAQUFBwICMIGTGoGQcTEwOiAgVGhpcyBpcyB0aGUgdXNlciBu
-b3RpY2UgZnJvbSBxdWFsaWZpZXIgMTAgYXNzb2NpYXRlZCB3aXRoIGFueVBvbGlj
-eS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCBmb3IgVmFs
-aWQgUG9saWN5IE1hcHBpbmcgVGVzdDE0MCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
-DQYJKoZIhvcNAQEFBQADgYEAqZ6Cif011+oMzp6bcMsfzt9sTBgpT4l35AbTC5sm
-zp3ur8X5X2G604yKkSXe1cf0F+fZSE6zjwizb1YG0owt1eGWSxCdAlkIFRang7OG
-Z93bEKBx3ysDYCKvemx0f3shGqJVVzMBo6JP6JX7Jnn385UdwdKO2dWzVhHXsP+P
-9sY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:37:D2:3F:9E:59:D9:E6:BE:57:A2:F7:6B:0F:10:82:A6:AD:03:EE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:52:84:5c:c6:67:e1:f5:70:94:c5:af:b8:de:1f:38:dc:b0:
-        65:8a:69:80:b5:9a:f9:2f:6c:13:8e:83:5a:5b:33:01:1c:d2:
-        a9:c6:c7:09:92:cd:17:9f:bc:f4:30:d8:bf:8e:05:c0:98:d4:
-        dc:be:b5:31:80:76:30:f8:35:48:45:a5:25:2a:92:df:1d:ae:
-        4c:88:5e:34:d5:ea:39:8c:f2:e4:c7:e4:c1:35:45:3b:6f:6f:
-        f3:81:e3:2f:43:ad:ae:e3:98:3a:7e:0e:48:51:cc:a8:15:38:
-        ce:38:31:9c:36:5e:a0:eb:f5:16:e9:43:a9:5f:77:a4:bc:44:
-        c4:0b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5IE1hcHBp
-bmcgMXRvMiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAULTfSP55Z2ea+V6L3aw8QgqatA+4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAVlKEXMZn4fVwlMWvuN4fONywZYppgLWa+S9sE46DWlszARzS
-qcbHCZLNF5+89DDYv44FwJjU3L61MYB2MPg1SEWlJSqS3x2uTIheNNXqOYzy5Mfk
-wTVFO29v84HjL0OtruOYOn4OSFHMqBU4zjgxnDZeoOv1FulDqV93pLxExAs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem
new file mode 100644
index 0000000000..779f279635
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 94 4A 53 1F 7E 3A 7F 66 49 42 EB B2 E3 62 53 3C B1 5E 96 C6 
+    friendlyName: Valid Policy Mapping Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUDFhbnlQ
+b2xpY3kgTWFwcGluZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3QxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJpXBTA
+3EjsCM9UAoN4IpqwMwiEiVinUgeyznx8NNMjAkrsfSYyMGuchz7Ty/nobcdnUdnZ
+50UodPrVCuy/Cyp/8vrseLEElc2iCsXifGYGSNqxw7906l2rVOvXPQocc0Oa6eTM
+PeHQ//CnC3V209gER16XJ2u/cQshC5Hc6y8lnGf5JsMfcSuPn9QuWnsJt68YElOG
+y9UKmK6fbYHUKH2lwKRGHvCU6UyXgTGnaf50Yu+X2RPe7F7tBWYangT+W6JsgBzu
+SINOiTKjoAD4KysSn+jgFMcKQ6wLhFlb6myIFOX5c93qJ2z0pNCdBiKswpBwkxQ1
+BM4Gu6OY0EE2hGkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHwIoKDKOSoT4uItB8V17
+6CVSa4YwHQYDVR0OBBYEFP7baMrCM949EDtAPOIY3Qz4oLGuMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEB
+AK347siub9i/zLVRrZkhB/xSOaOpN/ReyvDZsgfdj9oyMHsB1J6ToViVwrx8Af2+
+V4a+ajppbH3FK8jq38FQiUqVwNT2N9MBUuBEBIdq74bvtj7saVjpuBWyPuxV0MMq
+X1zLln5p7KA1M1PNT4uB+g5D1a0MP6I8oPCSiFY6s5cDyzR+vPOXvf7/RXwi8rnT
+7hXgSU1KS5gnDt4qRS+j/eQYDQFZnkH3WIdbyupTmpFLkqAIL4FuNfBOwEJWijY4
+lvwET2SIsHPLLgtlg6lzyY+LmlJ0ABeFLxgCjPINOKj7yafvQa2G6kaAp34XU1Ms
+C0bZ/GDrvAwewPgQM54j7lM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 94 4A 53 1F 7E 3A 7F 66 49 42 EB B2 E3 62 53 3C B1 5E 96 C6 
+    friendlyName: Valid Policy Mapping Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,704650279CABB0CB
+
+ej/Ec7hBM36U5YZxPRg8gj+A0lhQSeV7ETYlsSNseojvKfFNaRvTIalKKaS3Rkaa
+tiyNNcuufNvy6ddQzN/zX5UFlHAdlNoRyLY+QM4aiuGe/8RZBBRQYwb9jdRd6qDm
+lQI0sd+dB6Bu5Du74mHQe92IvGAXyW0g08HQs1afl1KWGdULH+ONSL3ay+vSzLHW
+7N0Q27c3vR0EFY76cjoA8N/8/AfJukQtlDxAIrysqGEVFP1EqOZrU26dcKFuRY24
+k6oT2VafpewKYaLwx2lHIQPCfMFBQX5qqQ2gvwrYDi5xmFNAgGJ2vpE6NUm9H+mr
+4JVFv/coQivFVIs4yqn5AJ2iZJ2PvG8oW/HMbv2tyrlf3zj+MtH2AjAyKN5Uy0Lk
+6wLEe+AV/Yh3jRzqzwwnYZia0z/hkvV2FC77F8NK8lwANJELoPC2lkHZwOK6da3m
+lWJ1VQoQPY5J2AouOThTCV3IFm4w+7aACx7R0apX26vndOTUSuup/U6PromxLg8J
+tM+xIQZBVKP7uY8Xbh6iBN0XCTTyINrQYByoMKoO7KjzP2lN75mofejFd1mopKZJ
+1UjdHXyGonF2BWupPv5OXuNRo5d8+6pRyqubGEijv8ttWqoW+uFU7679glE9W4or
+JFnvDF9ADclR2geMDc28H1C5rlcA983Qs2jUCo7jH9QqVvcxQcV4chIWTtOiHeyl
+4tk/BSiWJAY4Fa1FhitAXLHIiarj/MkmIA3sYCnOOU7hNvzUpmSu0vz5LRqCjrF8
+quqLhFqOVags5tEYAxH+CGuBNc+oSdL/c1u8mry4lfArs2jV8XQvuJrNEtUPcZau
+u63YuHU3G42O8DQJSboszH7/AB4U5Gp8tbvqmjCaWFarDn1q8fEqXEx9TlVtqNxP
+HtWhfcDuSccRP4JpGQXT5xFI5mF6LnlD+k/cbipn6BMrtRxd86fBU2QzZHUwyikI
+TSoab5MDiS9dpyIqzkO3jfr1PYhzpWyNBSaYJkbc4QFGIyx9FNoSQV+gBw8axO/7
+airaWgrToFsgPSwDAadGWr6rC+Jt8PVvFru7LjIGqcsHdPpWuBWJqn9Q8kqlb8Rg
+AUq3P8Jifg+YbMpukK98Le5pizyxsq0S4HFgB+0ddUvx68doHYl+5OaLSt23UrtQ
+DyF+QT0YbrF0NgkIa/PZd+I4NrxotPDN4G9Pa82jJ2hRJfBkennX3PaTJ6jHIP2K
+2SKD817l2k3Ds86qRCrqEIUm28y5ghNv3orSjY6BELzt5QLE3tuavUGaqXpu7OB4
+8OfxvBAeR4qoT+DvQetzOlIFiALlfjWWNBLXGcwRxIXVGUDOTfStBha8gtPIFZXW
+Pd4Ad6MYfiAn81R5NBrdEdsMF1Zb9yCLaaz8atv6+sWMSAjp5Xaa6arVP/LRg3d1
+ZYj1orrCK3BDlRTKAAycBcQBjwUe8n/0JHO8fS1IZridmbsC7x2HTaHdzXjouvA0
+p+xouoWQz7IVUFcFz0asqvpc9+bIlYN5en2O6gomSTKdOVT4fDOT9JQPWdnPogsd
+cmuLx0noBprZ9h6wHY3oTB7dMXKzBZnkwSm31BMXCpVQlAXAFZelAnElqtfGiqJi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem
new file mode 100644
index 0000000000..5ad8e63db7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A 3E 81 47 B1 3B 3A 90 4D 6D 14 9C 50 FA B2 C5 E2 97 7A 9A 
+    friendlyName: Valid Policy Mapping Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPTWFwcGlu
+ZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMjAwBgNV
+BAMTKVZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qw4n+hgG57EB2akKG9HJw0U
+1wJcwQKfWv52eTaKNomMg19NaikNJj/iPcP1wdIjZAATRynTDN07kpReiNXkE6Re
+5QdXFp8DzsOreH70CDBHDlPpvx10awKgAU24NiT2vEyGm3vee2V+gayPV4Afl+nt
+Oh9kWODmCIJyDRG6l9j0R0fYLR3/DQT+w0AGb1He2RS2N1i6dO8hTEDImxqMPLE1
+ezZmq+nq5MvWlTAlwbREnLXgB0i1GwZaL0RY1OogQbsxThAaGPqNJRW+qioH3A+U
+qgWEheSueXoz2AZsnhDsw0hL72MvzG28BOFhqtdeRpOW3gddnnJ+peluBdgM/QID
+AQABo2swaTAfBgNVHSMEGDAWgBSZxXhpyz0zdsKZrETlsA7+ufTbxzAdBgNVHQ4E
+FgQUlaI8n8HPjmgNunyqQD8HV1jeilUwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAq72hK/CqUQUKPp93
+JCSZAQGtUruzmdRkery177NaQm/EDlhkXR0uEp2HToxIF0MJY20IMwBGR818tVEq
+b/XfO8up2yg1T2gkKCAqU+JMEctVeTD1qzk1eDXKTi0pcfDJ6LPuTHNZ9AInFCmU
+mczg+kqEGSk9Fwn/71Trzlm5oVkIsOv0CgTnoaSyp+qdSiBWYprSmwlwgrBnFMNW
+tOA/ukHDQ7IdVq5iE8lfu0j2do9FV/a1W6uHuxb+ZiEWD9HJ1kJ8a/7c6g/e3Z96
+/PuBVVJUnn8wD5Aun8yexdPAQC3ngJxEmb3a2lLlEI+FA4jRsaCBQHjKlQlZpM99
+Dy3BwA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 3E 81 47 B1 3B 3A 90 4D 6D 14 9C 50 FA B2 C5 E2 97 7A 9A 
+    friendlyName: Valid Policy Mapping Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C82746A5DC292BD1
+
+ez+wdH0Dut8Ngh7c1y1x2EJhVvIFHRbmZcVpQ9MNZHQSMIxO3qScxJc9/P8/4A1o
+iMLBBq8CLQGONQZa2W+eqf57/YqWGTIb2yNPK1yiF1K806KjHyi8oMGfB2pYX8KT
+x8p3IOH4lzFxarmiTNJze6HZzGUZp15hRcaVb4MAAlSC3Xmw2CEFWpYU4FDL8fg7
+NpdvPNOaGKgHKXQfsVqqD8MsB8jvRHINhpQ+0lUTuNbtDqlcPfvzVa+KKhoXcYGH
+lTajisATNn+Y66JpCcdkobOZ2qhAep39CigHDwltW6uUX6dKlU95Jokz91IsnnBz
+lHGfimrlMDGcN4OOLhSf0yBJrXmLLuWS3KPafF99ZXFlvklL6ophf/lhVi00T9fA
+jlCde7S/AwSlWvrXbFqAAah0EaoNs8/cX7s75Mp9iJ2J2r709F+ywxQXG/YYClf6
+Coiz7JyXm+mXWZtxfnL3JPoY1zLZp0Xq77dFfpyKfBrJUiMKUtJ0uTySYSvdLdau
+pqJWZY3TZO6718WAZOSzET5xe4mgfHrk4lGQDyCNRq3UBKYgRCcY6LqzcQLFODLr
+wHmGg/BZQ78kRow07jqL+fmKhTlWcKc/3uTuR5ZIBc9Y8P7Apnqalj7nvWrkydvQ
+JmtojF9guktjs2NLtzeCUtJkFNCLD8am8uawg79QpRFhyBzFFWVYjf65Dk6IowRf
+25qMaeUor6M9pX6i42lEsi0UgqvYMrGKSmrJ94nBbivvorHbSyXaC8RpAxEUVOhQ
+P1YlLvDx2sVsQ8UiTrKS/+KMfD/Hdj+pncTJvSpsYXHp023Tbw1JbFDZzI/aFj3a
+Z0VWQOyHe9L41NZsN8WsVtRFavlggSQSbXg2XMUKp1+x4y5LttwTx9n4uuCvVFJj
+/u2XO7zRGUezyoYxrobjoDmRNSk/tTPGG9I+TN6V0sW3m80oUQm200cmxrWSD0n2
+m8DUZmH7SRxMkqGFp5+UZA9H04efsZqSQeBu/MXweJaqrGHe+S6svdj+EusLJEj9
+6aYzzgCxw7K0gxvwKNdpR+r+IPLyuZo/rfqz6R/fiIsFFbmcn9QnLa1SiPAMJ03g
+Iuqqxj73alQxdcrSJL/V+etE8RHgK4TVO7bVrYSyGs3RvHlCLCOFuF5F+vI/IhCf
+1lefEU93G6dLnBBDCs7178CyNIkxj5OU7OdZQ2D49rUKpu5g/uEvGIPUFnO3x2HJ
+7GeoaSnv0dDXgc3HEapK8pHjPoLG4t636jkYiLwMuc5Msdg+W+wUdaLKqgbQW3CV
+HzU+E7mVA22nY3ar4iSlcjVtOxXq1A5tow7kOJzl+YErkz/6GpBtTYy5vOv5ohU0
+MbvMV0n7meFlKZlvZckkPyNmhq4PDwHi0IIxI5L+ZvZmfNLlscF1IYrF/nj0PEY9
+5KXCUNxuDbKJLcMORPZ7GYI7umwJ6YY741cqlVhBnPCVILr2YT/NsDMz2Xk8XGAQ
+gFggomds2hPgcLI2GolWaBaXXkgd9Hxfdz/t1EvrR62HK79dlqktNIIOLIx9ZO7K
+XcQbomjX3+yFeOA5Ix60GTNMRFy3U495lc6PMKTTey93/xnoOnY79T/rmKtGzH1p
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem
deleted file mode 100644
index d5af222303..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5n
-IDF0bzMgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBd
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNV
-BAMTKVZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QzMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLjaVgcxBArg5ZjazYxWoHTBcfcT/5
-qsS4WoFj+0UELOPixTqQjmJofe3JKjHSI1h9yiTTiyrDVRkKB3DPYLo8zkv7HQeJ
-sleZKw3rgNtSOKuMY/9E5Pex3Q77pOCXZES31n/xZ1BRfCHAkhA6QxSoePkp7Au0
-6R9jYczfn3FZwwIDAQABo2swaTAfBgNVHSMEGDAWgBT2LLG3KbWulX+w+DlBUy0u
-DwTjxzAdBgNVHQ4EFgQUx21mI2aVCGSW1qLGljar1+6L7JUwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwCDANBgkqhkiG9w0BAQUFAAOBgQAI
-oGNjmv/QvuGxJUK+dcyZqM4egLTHcIlgtNw5QURIbyQz+p0EkQqlEly1G1f6jZg7
-yi0vbf2ng8f39I50HeqyGHay1/H9Koq5m0K+a9GV2mi0huLFL96U7b64ELF0z371
-W/OSduqoyZhrzBnTSuNoiqmlAlV8Z+TXjVSp1HX3Ew==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5n
-IDF0bzMgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBNMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMT
-GVAxMiBNYXBwaW5nIDF0bzMgc3Vic3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAJjo4/4TekqllLI7gPzmE2OceB30SRuraEVWVdR/lmFpFTks5fKkqf96
-WjYpnJZwaqE1ZdUQxgeNsswPm4pUAhVmU9IHvqBaM+bNXFsrwBOYYhfZY3xnwcxp
-IZsvkLPuEq1vLwxpn+0zTDOpDGf9zhiTrswEUoGYBwOVqRDaToYdAgMBAAGjgbMw
-gbAwHwYDVR0jBBgwFoAUXcS6eHk0JsNyV9FZ9KPiVKcocdEwHQYDVR0OBBYEFPYs
-sbcpta6Vf7D4OUFTLS4PBOPHMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwG
-CmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
-AwIBMAQGCmCGSAFlAwIBMAgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCass0kmtqSdWX5lffBs/tSTSvnGK38REo2IwTFLHduO4cvzAyS7ProbF/J
-al8FtT9mdnl+NpwrH4KlFNu+uti47wFj9xov/kbcmp21DvZ/m8ihmStk4FG2r6Ad
-0gdmVfBYem0mOu/1r/F8deNFP/Dpd8w3KFnv3Dd9wZd/Eb5hrg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIC1TCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAx
-MiBNYXBwaW5nIDF0bzMgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AMsNrOgngQPHY/5QvmR5y8mHOJJ2T8Vjf+3/DPv5eMF+q11urxfCat4faDdtchBa
-QXOWQ2TEy6tqpR7u8UJ2wnI7phld51gAcT2I8V7swo/EM1Ga1i5bWa5G10vPmZw5
-l7QwqT/D6JkHdthcaJdQrBP9zesYPEp13RFQU9mP5451AgMBAAGjgc0wgcowHwYD
-VR0jBBgwFoAUreIKE61SbSWszamYogoEaK1yrrIwHQYDVR0OBBYEFF3Eunh5NCbD
-clfRWfSj4lSnKHHRMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFl
-AwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAIG
-CmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUDAgEwBzAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHwK+aOYJpXAoXSRQ1o82pqD++jA/uvr
-2eJoXbcch64CAdRNuCA7rQoRAx1nSUgjoLmHcTDrowQzodrVXVmCmYqXxB5XswG6
-z5Oj09NorxHxpAs7E/izElYwEXl5n0NMInD6S2r1SWOnRpGnCL8PYM3gW+xne8rJ
-CZMIMADOWvrc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:C4:BA:78:79:34:26:C3:72:57:D1:59:F4:A3:E2:54:A7:28:71:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:bb:13:8f:22:9e:5f:ae:7d:26:76:5b:6f:8d:8b:a4:37:1d:
-        fa:87:83:61:23:70:ca:f2:bd:ba:ae:72:04:3e:0a:21:70:4e:
-        01:97:4c:e3:16:d0:ef:d9:31:50:6f:5b:ff:51:10:40:73:82:
-        0f:f2:00:90:1a:bb:f8:93:68:b9:0c:15:9d:b2:c3:5b:56:73:
-        52:d3:1c:0f:75:2f:51:5b:40:3f:8b:71:42:54:33:af:55:20:
-        c8:ff:bf:ff:68:43:78:93:55:01:fb:7e:4d:db:a8:57:36:34:
-        df:a2:90:75:bb:fa:23:f3:9f:de:e4:4d:92:30:65:8c:f2:64:
-        e0:01
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5nIDF0bzMg
-c3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF3Eunh5NCbDclfRWfSj4lSnKHHRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBABW7E48inl+ufSZ2W2+Ni6Q3HfqHg2EjcMryvbqucgQ+CiFwTgGXTOMW
-0O/ZMVBvW/9REEBzgg/yAJAau/iTaLkMFZ2yw1tWc1LTHA91L1FbQD+LcUJUM69V
-IMj/v/9oQ3iTVQH7fk3bqFc2NN+ikHW7+iPzn97kTZIwZYzyZOAB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F6:2C:B1:B7:29:B5:AE:95:7F:B0:F8:39:41:53:2D:2E:0F:04:E3:C7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:b3:1a:29:36:35:76:c7:62:11:6e:e9:29:e6:83:8b:5e:bf:
-        25:ea:4d:71:56:16:50:25:92:68:a8:a2:e9:4d:09:a3:74:36:
-        e2:9b:c1:52:dd:87:0a:64:98:58:da:6a:96:e6:c4:02:90:d8:
-        cd:4c:10:71:4c:98:1d:bb:d4:8d:7d:74:f9:34:3f:98:f7:8a:
-        5e:eb:bf:7c:8f:90:2a:7b:c4:f3:29:cc:3c:62:a3:f8:08:c2:
-        0a:ae:35:92:8d:ed:c0:30:a3:f2:a1:c7:7c:a1:68:1d:b0:48:
-        4d:c1:4f:50:7f:1f:af:c6:f3:a1:d0:ad:8a:1a:78:05:84:6d:
-        d9:7e
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5nIDF0bzMg
-c3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPYssbcpta6Vf7D4OUFTLS4PBOPHMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAG+zGik2NXbHYhFu6Snmg4tevyXqTXFWFlAlkmiooulNCaN0NuKb
-wVLdhwpkmFjaapbmxAKQ2M1MEHFMmB271I19dPk0P5j3il7rv3yPkCp7xPMpzDxi
-o/gIwgquNZKN7cAwo/Khx3yhaB2wSE3BT1B/H6/G86HQrYoaeAWEbdl+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem
new file mode 100644
index 0000000000..7793d24eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A E6 3A EC 27 20 C7 C6 CC 83 BC A0 DE F1 89 9B C9 66 97 41 
+    friendlyName: Valid Policy Mapping Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUDEyIE1h
+cHBpbmcgMXRvMyBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTIwMAYDVQQDEylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBofqJQybQy
+hloY6wTFGeWWDQq79xScjYNcGS3cgblO19DDYa+gw/1/6p2iVy7NxRnZRUCGSLXi
+f5dXWOaCE1oiyUWBbd0ToHI1MAlsDmXv4LsGceJzr659aeSRNn3aq2uQ4HgezAfn
+vPKL+OqnFTyaXD8VcPwoptkSoCVjG3qO/6O8X5xSI3UJZl+Pr0KeaQZpLJVznUcc
+dGROiHNUYzt/NgkxqPxusg1yfLlv1zKTl8ggf1j5uXbp305FLVAKWFENS0InNiZl
+gbSenXwg110BwtBQjE1cSRmD5xPqrmrCDuNBz1M11vB3TCFTlJLYBcjT/kn56e+P
+P0fixAdywAECAwEAAaNrMGkwHwYDVR0jBBgwFoAUAF05Pg/lqipeLfauaCqtM5s9
+m3MwHQYDVR0OBBYEFFdyv16sxo14G5DAn5RGpP4eU7xaMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAgwDQYJKoZIhvcNAQELBQADggEBAE0+
+Wkm1qVJobS6Lj4Au2vE32CuEL8H3Oi3jvfREIRH8wyFkYrEIDNnV1yKqMaYtvnxx
+62U1tMJKwXDHYENtgregZDVl9xtFYvNj3VXXBfeWyR/hZA9bsqf5KBmTopPCrADx
+BgZuGWnUhfcFFvUYVCgyCtrwCZXDgdoOab0oFq9gR6RyUJ/MbjSSsBzqILe7sPGy
+7bbKX7zeBN71c0lwfyUqXdqw2Ar/yyqtqY5xR0Y63hBhENwc0FOqlQRqzRdxieX0
+OdrRgGDiWUdPueXm6dE1ID6raiFgkbNjDS8P9w6JITApVYU2lf+FykcXUPJVbXeG
+4fQjsbxrjEFK9aUJduM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A E6 3A EC 27 20 C7 C6 CC 83 BC A0 DE F1 89 9B C9 66 97 41 
+    friendlyName: Valid Policy Mapping Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E8F9024A549F3FA1
+
+7ChMT1T/ZW+0zg91e36RwxSOGvgXXmWJLJBbzK1gFJrdwUJOl5InaNrMZLe2Jh3K
+FYtggzWl3/9XNSELQgQNhHwNI7nc15bugP8Plh6PimoSifls5VO3ZjnEJCa9CyKq
+yh3s/lM9iGy+MgzariSUZSx5nReAyHkNaqWFhVDLbaMcdBIOY9+PZSltz5q3jF7A
+awbb638S/9I2tbHuXeE2DsJJppayYjDsbI9W3wMNmgcYzfXd6m+TCqXep5WijkDk
++L85APUy+p4erB9rgLE7USMAIbvtw81cmpFY6J6rN4EmcniUfZj7tKB/C6JLiwHp
+Qe0S0f0s96LuPqE/ITEk/LynxarFq9wpgMJ/fpIivW7yru/iAuMMW6JHs7OkDSOK
+4jAPtA+7X+EC7jnjFuGSDl8k0KEaVKi5yt/FcAO8I/NPpHJqebFEbSKa+caWkJQT
+aDOICSgx9kRtshUJzyySS93wsHCACL+fx/9A5XfUtsBvKWeJ8Aez5ijEqsmrJ5wh
+qgii2nZQX19u+lur75MAMznUswcJ5Q3MhZoLwhBw9BOSKq0FIeTNxXC05Tm+/hPv
+7yJyVPJaDAdmNBmAX3D6wpkxCrEpNBqtW8dHzLBMuBnW2+7RXvypUpF36sYyRTaD
+jglx3b6nRgnmfeLI4U0UnD/f0vfmb7+NyGognyQVUbeZzToGNR2unnBs9bJVKDyx
+FODIylSi/Pt8FrYTpZ26w2ZgLNshqh2FncCBjsVPwhEKbhL2IYiuTuhuMB8BhzA5
+1yvmgzGN2c7xVeprp8OVYEeWUWmeIHbWKywsRWWD2P2wmV9S5u8qF3Ju3rX6ylWe
+A9S3we2wiu6EEvP9uCWrHbJ4NIIB4YcforIWX6MtLaThSbYpuZrNHd1DPSBLGRu6
+qZtG6JLZ4dk4PzN4htJvEDqZw4lHiBpgovTtvF0N0YDNWWB4FnY4ZuQDucZitvyB
+y0hvM6VWBsaKLXDLeH3DwFX1hiiRv2p+PBRghxGXbfw3dwSSgXwVKtxJhj/N4xty
+lJnx521+8A0vFazzTazZLyDl0Zgfhx920cDL0WjMiSbFqB4dg4enZplUEMaXdMcg
+LMvPGsYzWUEkSyAfZTVjexhWb3L/HLxL4hWSy+nCOFGsbfNr1E1aEZVlHaDgE8GG
+0FF8eC8BcaKVkPG8u4h6NVkXJPbkAL+r58LPLQH1s3O5XqevShJ562NQ7bd33zRx
+gktQavo4Gcf4bGgm5FvugGTVCLN24h//rWBP7s9T80CnU0bxaq+5npVmzNBzSq4+
+CxHX6IUeK3wyr5PSSotljctQENzh1t6C5I1XfAGIubpK1pQnOmxIxzKG6Q3f8o+V
+OlyScauwiGXF3TVbvEJNcdopPfpZOXTiFzjv9gR3H40fNINe8SYqTfpDNao1g57J
+N3E56PuSICjuOf5fvgHFe7ksrRtKNagMGw5y3iUxZTvUGuScce+NkrwFjb/Y+wTa
+61oo/gNXMlnUSRU87iKrA8acXNWrb08KEIbiDCcIl2jmckp+IONiSGBpxmUjDsvz
+BJz/odpDNTQ5FlUZ60yIQAl3pqs/oavurzmcvet39hCxCieM5OMrqsXgt1F/1TYw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem
deleted file mode 100644
index d916bbbbbd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcg
-MXRvMjM0IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQD
-EylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu7tA0m9E4vxbGx8d41Nw9YFiUAKWV/rI
-5MXmpuTVeWZr5ELloOLZG/UdWxsbxKWX+FmF+RLDfJ4aAfomI+J/gPjv01gXT0PD
-qXqflxdcvCR8kWU08UNs5Dbks3BtWaR+rF3Zrw/gz9cg6d/fGFn48gjtn8LeQz1w
-vqAP8w3woaECAwEAAaNrMGkwHwYDVR0jBBgwFoAUrQ/vHBeBV326g+8R/4doc9Km
-G5cwHQYDVR0OBBYEFJ/3EWzpeGSBUdimPN2Zptp/EZwFMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAYwDQYJKoZIhvcNAQEFBQADgYEAmh2B
-OoSik/wvehYBZuSGtFC/NOP3yi9x6PCY/pzav9YZKgJZXeEJF78A5SVPFjP5BJcI
-c6ke+EApOv2lHbViBi7ll5xc+xSh1Ko77NOO4yrlFe8+ZiKz+kXizBsfbcKUYtKN
-KHby2pgphWXv93Xe0fIFKYeSWqoKvL3EHjc8Gtk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
------BEGIN CERTIFICATE-----
-MIIC1zCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcg
-MXRvMjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdQ
-MSBNYXBwaW5nIDF0bzIzNCBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAuxzFRezTkAVZWZReelvBKELugXp5Eq7O4Ye839Rxl3p/kBRLWiFz+bsyeeMl
-YKC2+df3mBhUm5dDtrttv+oGaGL4bquZgb6X5TNxSHDe/D+3BAyxbFn8Qfq642fP
-QvmHsQYWtT+dP5NUxFpss8ElrWi0X2UEzb5ChUalSf2Vde8CAwEAAaOBzTCByjAf
-BgNVHSMEGDAWgBTMp9HShu8hYwWY780byv/gRLPUkDAdBgNVHQ4EFgQUrQ/vHBeB
-V326g+8R/4doc9KmG5cwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2MDQwGAYKYIZIAWUDAgEw
-AgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgBZQMCATAGMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACas+sr4fsuwRW8lWjQQH9NDBg4OC
-4/j/2+haNy4neNyKBSFPg7g/HTOvalwVvR2OoEiVIdh2cLH4ELt3GVucJkB9Nimr
-nV4trKBPR9Cy/UTVzDvDS9NW7FEyTWtlVbTEU4um4rvU+7HkmY4JjaEUbqrdFcRf
-ho4KQe/QkE0wYcU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUDEgTWFwcGlu
-ZyAxdG8yMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkWaQEgKSf0
-Z8Rv+4X37UP7SJyBJFbt6QzzxNxVnCwFX+0X5rL44rsZBya1cg8TN0BvQjpF7hKW
-Ch5A0nARNvvI6cOBqQ5T2UryrVgzPb/dXebSy5e8afDUs8QqRB9dHb/m0AVC+hTd
-mwlok2dgnsm+DdpTaKbgKWi/jjlr8H5BAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMyn0dKG7yFjBZjvzRvK/+BE
-s9SQMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwWgYD
-VR0hAQH/BFAwTjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMBgGCmCGSAFlAwIB
-MAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwBDAPBgNVHRMB
-Af8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAXs0UPa8a
-gMe7mdH0Zuxlka5P2WW5U6NGJTaF88e0d2LNd0rKAIY54kVS6qWRSb4m3fD17BhB
-HYeJt1wRTxJo/oSdKxOYY/2k1BQLH6HyqsgQsOq5V1KTBJSPsCVZxvw7i0dDtw4A
-VH9jyKpEN4XcL3k1hYHJvBU1sH8g1sE6vLQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:A7:D1:D2:86:EF:21:63:05:98:EF:CD:1B:CA:FF:E0:44:B3:D4:90
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:0b:74:18:70:b6:d8:66:8a:81:70:d0:a9:21:e0:0b:b5:9d:
-        71:45:a7:fd:df:50:ee:d6:38:4e:90:ea:eb:a8:84:6b:79:0c:
-        64:6d:0a:4d:e0:36:20:6b:ec:c6:46:8f:13:13:99:18:21:e7:
-        44:60:19:de:b4:f5:ea:7e:70:4b:b7:12:b8:4a:1f:5d:9b:b3:
-        1d:cf:e4:54:5a:a1:8c:6b:ad:fd:51:f3:0c:96:c8:a6:7a:83:
-        f2:a1:dc:3a:a9:84:f6:7f:8f:8e:3f:91:ee:ae:e3:85:9c:7f:
-        44:b7:92:89:15:77:f3:b3:dc:13:fc:7e:87:0f:e0:d6:55:96:
-        ee:83
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcgMXRvMjM0
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTMp9HShu8hYwWY780byv/gRLPUkDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBFC3QYcLbYZoqBcNCpIeALtZ1xRaf931Du1jhOkOrrqIRreQxkbQpN4DYg
-a+zGRo8TE5kYIedEYBnetPXqfnBLtxK4Sh9dm7Mdz+RUWqGMa639UfMMlsimeoPy
-odw6qYT2f4+OP5HuruOFnH9Et5KJFXfzs9wT/H6HD+DWVZbugw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:0F:EF:1C:17:81:57:7D:BA:83:EF:11:FF:87:68:73:D2:A6:1B:97
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:53:2c:ad:0e:6e:e9:49:14:44:7d:de:5c:dc:4b:0e:57:35:
-        35:18:f2:d9:4b:94:c6:38:1e:4e:33:a7:7e:6c:b4:b7:d2:72:
-        46:03:28:4b:d5:ef:a3:9a:ca:16:33:03:ec:bf:cf:e9:8f:a4:
-        4a:01:c5:e1:a6:0a:b7:4d:86:ee:08:93:ee:1b:da:ad:da:d7:
-        cd:6a:da:95:eb:62:1f:13:19:30:8f:f5:33:22:fa:7b:2a:c3:
-        7f:b8:ca:67:24:4e:f6:4e:0f:be:aa:31:23:42:eb:0d:76:9b:
-        f0:64:24:95:f4:b8:62:7b:5e:14:24:fd:6f:6c:8e:82:b3:60:
-        a9:c0
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcgMXRvMjM0
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBStD+8cF4FXfbqD7xH/h2hz0qYblzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAzUyytDm7pSRREfd5c3EsOVzU1GPLZS5TGOB5OM6d+bLS30nJGAyhL
-1e+jmsoWMwPsv8/pj6RKAcXhpgq3TYbuCJPuG9qt2tfNatqV62IfExkwj/UzIvp7
-KsN/uMpnJE72Tg++qjEjQusNdpvwZCSV9Lhie14UJP1vbI6Cs2CpwA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem
new file mode 100644
index 0000000000..e559732c39
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 25 AA 50 77 49 C5 A1 C4 F0 D9 00 06 E9 3E 2A 34 06 06 02 BD 
+    friendlyName: Valid Policy Mapping Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXUDEgTWFw
+cGluZyAxdG8yMzQgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUg
+VGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmiGMLjXA2ijC5
+itMpJVXTbHXhguDwZQ2mcSY5FmZ2nPuO2JBp2lA6yUG7fCuxTKeC1mGSOej41Pz8
+zTkOGiXC/UtDy73yQhJJPHFn/ka7HzC3UlIOzRbY3nXg89sqIrO4wFLKUvrM1VkW
+FqXJw5XbDwrL/0vIhqHh7jyK64snUiP0AAm6kgR1r3aufS1/QwjozIkRGmP4Cxm/
+8Gzz5is4kfB2NuaR8xE/i8BubAM8TnAyIXX6hy99TlyyXSD2tc8dlxTskD8lt6IY
+w0NwwNTi9Rqq41ZKkLtixase00o+s345noAcI5SfLdnTKXM6zUwooJzBW/av+8C7
+YyqmOjS1AgMBAAGjazBpMB8GA1UdIwQYMBaAFAMX5ZUA/So5eK/LRvZAmGUKAu27
+MB0GA1UdDgQWBBRLgjD1Mqn9+vaGwm3k1zO/qu1RFTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATAGMA0GCSqGSIb3DQEBCwUAA4IBAQBSG/qP
+hRrenfviZJK/kxNaJzIM2ppVq3YbCxbjSApzL/tqPFEKtJuw2r7UlAY05rqzaZyE
+1sxWuvyenub6f/K9BCQRBXHO5cPOnWS142x9komCqDUP7I7F4pnptXAp8nyc8eoL
+zmsOJ8dlZv2aD//mISoFMZ69fvfIku/MAOZCTnSks1CPyT9omAfT6zdnMiDfk/kY
+lZAWFas9/pm16Z88QP8y0z/IMrri12dOLMnFyKNBy/9TXNZof/VPkkD2keJ6eQGn
+MUamXI/OIlBJXqu3AYiUDP9FQbxKxj4uTOtS1MhrZbAtTAI+3eqPKU92T8YFamCr
+A1Z483lYO5ntY6/Z
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 25 AA 50 77 49 C5 A1 C4 F0 D9 00 06 E9 3E 2A 34 06 06 02 BD 
+    friendlyName: Valid Policy Mapping Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0CE59FD1BDD6BE3F
+
+ZSsWK88M8cUm0Ar98cUKth20vjDFRCIKPWzlUnrVs+Lk7Kq5T+uRcX8BL1LEKwDj
+k81WTxyck/3tn40bzS2dIqRxDur4DWSWUzRvi7Fs6NdN+AtGL9BOvPO2vV0o4p1a
+LG9aHL4cClxgyVsBHho5tqv5CRlhFqj6Z/TBz9SqKoBMvw5qF5B4/NMDrzoZ7rxb
+NGJfJdKti3VPYE1/qfW40+j4rlqmAbtJVL+yeXQ+jdvOdZNO7vNjKMExkjkDQBFG
+tv46/TqcPToHfT8or6N6hk8Xpfz7a0Qxal7db4HwrqXyRMzzkrczucNieZTcep0c
+4hEhKj3WRxRXWhC2pdqn2xjXD9GZBGPmcDxVF1p2vQrhkTVOYRF6yAqvSPkLAlzB
+K4nK5NTQBErvy9r2Sr8KIElZjQIwpTmjOJEsCKCBXO+8GDcwViCl4px+oNGjUc3p
+oSje1Pe9BYbuIcwMuT7pE3N8ovEpra+b6wlc/WIpOLEiJwROAedubKjcg4FAM1uE
+POYIXLyCLo0a7a7cXxS2rv9dQwKfFxXIUvXFnY8K0jJqhr8WD3L9uOU0BNCsee8N
+DExbBCbPybSbo6E+BkWXPF9fhhhbmlRNY3zpF+HjN+YXUqfGoD+TjLjc5tZT8aZ3
+J/7f3j1aFKlu0mGZWqoHV6aQ2yKsShAWWt5g7Xiv0tdqCTSBxY+141wSD8K/0Lqi
+UPGOKJjbmU5rusT5S/VAxP2tsWxpaITMT/wuANu8d6Hfk9VvIggiGR4MXJMsVM6Q
+4me+GqfbNnXgqgYCiprwZRnAdhlAvyNMTJ5HkbXsLUlNKgunaLdf2fxRVevVlKOg
+4fnK0J/uLyaFfkHI7XjXhHWg8sJAkGKkeC2I8lnkyC4UcIqpI9hsJGl/1+WWPez7
+uojkeFYuURQ/jaeFb9p/SO5Zq7mqxGltPC1oE5Fvn5GlnbgYs9RqOF24yb7/30vs
+fjN0vFBiGtLM/uP1eVbdFOC6/iLgZNRUOxZTJSg3OIBoAmMY1fEUJt/h9ZcRFX+q
+ZK1HDjhhybk4SRafZZV3DuyycZf154w349NdzlrtIdUoXTIcJ0uLilYL8kJDE75s
+EZRRjnHEtJH3vrUkDEIUxWG96FXWo5Lf2r+18CW3ktGAAzGWu5JFiQ3Mny5uC++f
+rNqHPzPrD78c2huhG+TZAO3XyLf5SY3thldAneAtceknOinK6FCxifF5/ZPn2Vra
+YQyFzTbQgHctSSkccC4qHMhi8rGqxXEnCBbN+GpCSlbLWjnYLPBuW/wSVKNYpqii
+T58Ff4WK0PKIBXEu/nINzvNqaIzedpENweo+F0pkd07M8QVW2EoMKI6sfUBQcuBs
+aoHIdIR+9IEOpgLk5Q1TAAIFsuno+vkWAIFAfF8F+CSVXf5tFAdYVP15zhLL5JPm
+k3mNECnrcErMM4m5f1zNAaAwFEIPfuqcTmOGoPj+sl/YzI6ZJ/2QJ0KsAVVKugH6
+1NVWK1yzxSlOzWHZvDUV4Be0d5jmipIgWJYRW/qf6bIdYFBfE1pGohsAj5XXGheR
+wWzkUima13yr3onooRE01ArKNue68/kGZgkyVRrsm4+cflLusEPFCA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem
deleted file mode 100644
index 665a6357fa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcg
-MXRvMjM0IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQD
-EylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAg/jjf7HVRt6r4IitgA9kVxN6rVQy1OLQ
-Kelr3lLXIJbXs7XYoUx53Br5c1SDdSaaRfvhKyMl7m53baO33b+MEeB8VfWHt/on
-35CKtGtyDa/IbfzrrwwJqs0rF4H/t7Ngz1b5rrKaEjy4itjNylcyAzJC1Zjer8aJ
-iXyszL9uGc8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUrQ/vHBeBV326g+8R/4doc9Km
-G5cwHQYDVR0OBBYEFOH+LaLyiRCW05OelA2Y/97NYu1gMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAUwDQYJKoZIhvcNAQEFBQADgYEAZStF
-y/RNVE9ElY/wKLp8pdE/c4L9rucyOPSv/5zhGO4+GiiN39twvGjjMH3ziIauJpuM
-rCb8q+3s22lzkD6/BSLyRNCXM7Mx5CGWDCdHqnkdFf1Ck9ddAG3hF8FkeKjlZ2MA
-j1g2DpZezCE4srw5r+5mXw95piUHxvBxIXnBUJ0=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
------BEGIN CERTIFICATE-----
-MIIC1zCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcg
-MXRvMjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdQ
-MSBNYXBwaW5nIDF0bzIzNCBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAuxzFRezTkAVZWZReelvBKELugXp5Eq7O4Ye839Rxl3p/kBRLWiFz+bsyeeMl
-YKC2+df3mBhUm5dDtrttv+oGaGL4bquZgb6X5TNxSHDe/D+3BAyxbFn8Qfq642fP
-QvmHsQYWtT+dP5NUxFpss8ElrWi0X2UEzb5ChUalSf2Vde8CAwEAAaOBzTCByjAf
-BgNVHSMEGDAWgBTMp9HShu8hYwWY780byv/gRLPUkDAdBgNVHQ4EFgQUrQ/vHBeB
-V326g+8R/4doc9KmG5cwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2MDQwGAYKYIZIAWUDAgEw
-AgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgBZQMCATAGMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACas+sr4fsuwRW8lWjQQH9NDBg4OC
-4/j/2+haNy4neNyKBSFPg7g/HTOvalwVvR2OoEiVIdh2cLH4ELt3GVucJkB9Nimr
-nV4trKBPR9Cy/UTVzDvDS9NW7FEyTWtlVbTEU4um4rvU+7HkmY4JjaEUbqrdFcRf
-ho4KQe/QkE0wYcU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUDEgTWFwcGlu
-ZyAxdG8yMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkWaQEgKSf0
-Z8Rv+4X37UP7SJyBJFbt6QzzxNxVnCwFX+0X5rL44rsZBya1cg8TN0BvQjpF7hKW
-Ch5A0nARNvvI6cOBqQ5T2UryrVgzPb/dXebSy5e8afDUs8QqRB9dHb/m0AVC+hTd
-mwlok2dgnsm+DdpTaKbgKWi/jjlr8H5BAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMyn0dKG7yFjBZjvzRvK/+BE
-s9SQMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwWgYD
-VR0hAQH/BFAwTjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMBgGCmCGSAFlAwIB
-MAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwBDAPBgNVHRMB
-Af8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAXs0UPa8a
-gMe7mdH0Zuxlka5P2WW5U6NGJTaF88e0d2LNd0rKAIY54kVS6qWRSb4m3fD17BhB
-HYeJt1wRTxJo/oSdKxOYY/2k1BQLH6HyqsgQsOq5V1KTBJSPsCVZxvw7i0dDtw4A
-VH9jyKpEN4XcL3k1hYHJvBU1sH8g1sE6vLQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:A7:D1:D2:86:EF:21:63:05:98:EF:CD:1B:CA:FF:E0:44:B3:D4:90
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:0b:74:18:70:b6:d8:66:8a:81:70:d0:a9:21:e0:0b:b5:9d:
-        71:45:a7:fd:df:50:ee:d6:38:4e:90:ea:eb:a8:84:6b:79:0c:
-        64:6d:0a:4d:e0:36:20:6b:ec:c6:46:8f:13:13:99:18:21:e7:
-        44:60:19:de:b4:f5:ea:7e:70:4b:b7:12:b8:4a:1f:5d:9b:b3:
-        1d:cf:e4:54:5a:a1:8c:6b:ad:fd:51:f3:0c:96:c8:a6:7a:83:
-        f2:a1:dc:3a:a9:84:f6:7f:8f:8e:3f:91:ee:ae:e3:85:9c:7f:
-        44:b7:92:89:15:77:f3:b3:dc:13:fc:7e:87:0f:e0:d6:55:96:
-        ee:83
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcgMXRvMjM0
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTMp9HShu8hYwWY780byv/gRLPUkDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBFC3QYcLbYZoqBcNCpIeALtZ1xRaf931Du1jhOkOrrqIRreQxkbQpN4DYg
-a+zGRo8TE5kYIedEYBnetPXqfnBLtxK4Sh9dm7Mdz+RUWqGMa639UfMMlsimeoPy
-odw6qYT2f4+OP5HuruOFnH9Et5KJFXfzs9wT/H6HD+DWVZbugw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:0F:EF:1C:17:81:57:7D:BA:83:EF:11:FF:87:68:73:D2:A6:1B:97
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:53:2c:ad:0e:6e:e9:49:14:44:7d:de:5c:dc:4b:0e:57:35:
-        35:18:f2:d9:4b:94:c6:38:1e:4e:33:a7:7e:6c:b4:b7:d2:72:
-        46:03:28:4b:d5:ef:a3:9a:ca:16:33:03:ec:bf:cf:e9:8f:a4:
-        4a:01:c5:e1:a6:0a:b7:4d:86:ee:08:93:ee:1b:da:ad:da:d7:
-        cd:6a:da:95:eb:62:1f:13:19:30:8f:f5:33:22:fa:7b:2a:c3:
-        7f:b8:ca:67:24:4e:f6:4e:0f:be:aa:31:23:42:eb:0d:76:9b:
-        f0:64:24:95:f4:b8:62:7b:5e:14:24:fd:6f:6c:8e:82:b3:60:
-        a9:c0
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcgMXRvMjM0
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBStD+8cF4FXfbqD7xH/h2hz0qYblzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAzUyytDm7pSRREfd5c3EsOVzU1GPLZS5TGOB5OM6d+bLS30nJGAyhL
-1e+jmsoWMwPsv8/pj6RKAcXhpgq3TYbuCJPuG9qt2tfNatqV62IfExkwj/UzIvp7
-KsN/uMpnJE72Tg++qjEjQusNdpvwZCSV9Lhie14UJP1vbI6Cs2CpwA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem
new file mode 100644
index 0000000000..56e8e3d911
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DD 2E 16 E1 97 7A C6 59 34 9C 5B 00 D2 4B B6 E1 22 2A 85 97 
+    friendlyName: Valid Policy Mapping Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXUDEgTWFw
+cGluZyAxdG8yMzQgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUg
+VGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvhuKxV6OvBRjA
+hr758hKWi26IfFd2aGOgdDGd0/1i4wrW//nS3R8mVimchkGruRx1lB0KyEBYmAE0
+hmep3SPwapk2xbej0UL9WgLubmfHv5iesAqn+/gFGyNrHx9/uzp+Ua+25BUGYxBC
+bcMIIN06qMTU1dZF/nqNCPTO4uzdgH9VVnQHkI/TWLmrT8rrq44slyOebfCeXZeV
+G2LtDcubaYdJlo4NJPPE15zrXPBxL4m0pFWPHeTUcEyDwJulUjFmX/NIjUF7yyvn
+LlpLDHFFSzA4bVLOh0rI2VSy2ac1izMJx0gDnil7CykRofgkxJ9nmjclJ8pHtDVc
+TKRmps+dAgMBAAGjazBpMB8GA1UdIwQYMBaAFAMX5ZUA/So5eK/LRvZAmGUKAu27
+MB0GA1UdDgQWBBSzX9tBAp4J21F61Yw77Wz/CmsSAjAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATAFMA0GCSqGSIb3DQEBCwUAA4IBAQBpUnko
+RHAEZlhGumDpYCRzwa47JJqYthnJicarIhlRPpk6p+JkxZh1ISOfOtvfi9ApLNgf
+O+Vr2M1Pd7nWfczbWcmKaa2QqcMU7c/r+KZ/1u4kN12BMlW8TY1o0kk7bBsqjpNt
+6qAdQ+drFBIk7CxmaJuruJxSWZq6+EKy6MzeZiXUPOeujDaxqO3qixQK1iphIZMJ
+MpF8Ls+p9Y/KZ3M4HrUteKvYCY37QzApC32yZmuOojxJOm1+kEV3rzb79dA5epJL
+2nm2oLv8/C8gg7c1v4SpXUoR/d6hgLqu1jZCDFPMAN1Fv2eiWwU5sV2DcSY4bs7j
+yxy3p3hdJLiP6KQv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DD 2E 16 E1 97 7A C6 59 34 9C 5B 00 D2 4B B6 E1 22 2A 85 97 
+    friendlyName: Valid Policy Mapping Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6089FA172B6A8809
+
+QKaY7/O5JCscfC7Cp3i5pjL+h+jdtqZZ6yX5zZAA6jAwtlVb3IQba+xfyB+nGq51
+yQaN4otb//j64mydf5RuAn7MUJ/2VGwKBSOYGwe1Fmsmd2Gdzv8lkwFrG8AU5Tq2
+K43+wgYZuz9bklxLf85aLZMvtTRcKM4FRIhhJSig0i3FshbhPzZ+EqjyPlHg2+Ji
+fkDR984Iww+WRYAkifZZPFmTpBNXn4WPRJZ/GwNoLA6MkriAhQUUS4AOQ54j6i4J
+jsgylIEa5Ld1j1WYxULXsnI3x9suxMbdUKHUrjLMavJlPHcYS7tZq47DwebO9yB4
+L5XKU8wUv6kl3hVKZtsOTTSQkj0fM9F6cqOOm1Sg0aqSCc3luAAPQuy/t3h9LwAg
+vnQNnfk8AWwqLErmIhzu0FJd4bYK6XDY7IbePHu2T9rEGZZ+XGMN2Eo33XdwdDtT
+uvBM8eQVt4rAkqNO6m0uPNzBmsX0K01fMYV7dpPrFolKl2gVe+bdZjUNQTsa7Onq
+3rsLlEpdO4RP3G5aDDPHfRYPygfJYQtTj1URj0CFLw3K00oGP/hN3BsGi8Ct5io9
+FlwwCugf9dzwhxEVC7iZb1lPREa45FIHih1eHAb5WmJf6SVqRcLh8KBbnvl5Jl64
+AWayZfb31p98TO5eNPfDsgud8dLZkt0Tcbylm1QqDZAL4Z4FbOmAwzlo3BFtQlG6
+jJN3MMFEegNNzkHxScPT5CYaDHFPvc+ndfL6SCFlDOOzWDTZCbYWuLIFZF6MCxLE
+pmEnh4pVmYXOEiIJ5uNFOX9Utg5s28LGr1KQvGHbSKbT+ohctKBq59lZE/sD5LYt
+j8qceGNc/H9omoYli3b/bqJ0FZobsPi1tjz9efPNPF8zz0brQgDxVP2icJH3gKd4
+3G5Ir71YZCVnTMaI4vwzh9FzXKSmIVUry2T2s3NyzKOwOf56a7FqO8s8S4LCZNVB
+9TerDx5FLW8m1W5d29zDfDHjIYtDOliBknP+4LT8CntcC9zGJ01hZt2z+gDMgOyW
+3g5juBfEuSljwcVqs0h5v3Rm+acci3Jkn/TuVeRtngBhIZ4XApF+Cwv/8GjsI8ad
+HjGJ1EnufggTyQONstqNQeMzujDYil0OVgbNyfnBRfeSJ5oB/1mzCGwgrVVh2NsW
+N1U5WpPFOg72jhb8SD2wCvEBcgC5DiPBVpUjhHISpLBbw9+0w/GBkSg3eBcAWAh4
+ukMvgsMpZAwRah21+q3owMILGZz5Yk9ipH8c/OwKznFVky1dJvKEtet8+S+8R+kO
+exTd1ar/mU1u+I9heI9CRz1kWMUHlwKM3cAcZ2k9BTj0UICweQ8+Vf9KUEteUtWQ
+LU8z9Ssn6WCNh08/FoMZNCt3+P1NVpz9c0o/9W92GGG/0AVPkSXXLvsutQqj+YPI
+nUmTM8aXl4eQdA+8NX+DrK+LCfOyDUTnDuoZyzbrKvYzm5TxAb7jzFbXebfYMa21
+hzs0Zwl1rVTtK3TKwYTn7i57sfJ2u6F0j2k8PSc+ovk9u6S8E/WvKquCOcabHPFE
+PAXKisbusrHRrObCNBIwSZhA6b3OxoiIIq0H3JlvMknwkXb9VOffAKMbe5DNHwUm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem
deleted file mode 100644
index 252e920ac8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlBhbnlQb2xpY3kg
-TWFwcGluZyAxdG8yIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-XTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYD
-VQQDEylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2FRrJurp4yzaLVdHeMS3IAQQvUjp
-lPkcXvLpEyQnWVTBYLsXJF9YdVxJJFES2XUxVFTumNnOjc2XcgCuUDwqoUYHPv8P
-UWZuoQ8B2sg8HPNU6G5BHBbtXkzC7lKCDLRshPSgnKngxdmoIDSVDPkz2KBUhbFm
-QZIqhVHE6UPCViUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU0rpPGz5oOOaQ+MHqJa7a
-kq9DNm4wHQYDVR0OBBYEFEhKmk02sJFH9yFXTXKxqodRjaFoMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-PrcU9aDr57y1wekJ7k+ZJuhDlemNjGY7ggrZcarGL+LsRqkufpgkLpei7Cz13buA
-L/MqHFdc7H7d+GrbF4PAe2NXfcnlJJMLjS9Jw77qSb3aw9eSqYscBFhOxYWNL/Qh
-5GI9hJYugYGFzLxh1Cnl0/Pc8PoBgtaZg7H2hXmlUyQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBNTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMaUGFueVBvbGlj
-eSBNYXBwaW5nIDF0bzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPOw
-G+hWDRzfFMkg2CwlHhCBrp/3hveD/ESGWRnpEp1ATKX47bZDyerSn5/9+d2sCsja
-seeR04tpsBmS+o6bUTTy9W5G6gxE/McnS7oH1WJLYNW9e57ckYArd3i85wr+Ecoq
-IaTiDQmy4Ze+TBNA/7CaYTp8agquwDTl40VGqfs1AgMBAAGjga0wgaowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFNK6Txs+aDjmkPjB
-6iWu2pKvQzZuMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAwJgYD
-VR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB/wQF
-MAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBL624FELsxdPKY
-tcreLc/Fz0uWZ7bc3BEIeVTarTWFu536wAOO2Pf4mJdJZ5WVVSYcOJb03Zso6U0G
-h0iYeHFGkXBCrqeOGe1h3zL4ED/C0HYJmPtLcTrtlAwvYq8dq4ABvsqMAUgFrsf4
-JGqkgLsMrbXRCAsLpFver5xKAuQ67A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D2:BA:4F:1B:3E:68:38:E6:90:F8:C1:EA:25:AE:DA:92:AF:43:36:6E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:f5:f9:0e:d5:1b:b9:cc:83:35:eb:00:3d:98:52:11:89:63:
-        79:17:97:0b:9a:f5:0c:35:72:44:ab:2b:97:85:0d:c1:3f:26:
-        10:15:81:e4:78:88:59:2d:4d:2b:4a:8b:5a:58:e4:2c:82:76:
-        0f:b0:c3:45:c6:46:34:cc:38:33:da:6b:a0:79:e2:65:2a:3a:
-        54:8d:69:54:6e:77:32:c1:45:8e:63:de:09:f4:3e:9f:a5:19:
-        37:25:92:40:f1:aa:57:f2:61:69:e3:3d:e4:05:85:94:ec:29:
-        51:dd:85:6c:65:c3:83:7a:c4:f9:37:7e:c0:a0:0d:6c:86:2b:
-        47:7b
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlBhbnlQb2xpY3kgTWFwcGlu
-ZyAxdG8yIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTSuk8bPmg45pD4weolrtqSr0M2bjAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCd9fkO1Ru5zIM16wA9mFIRiWN5F5cLmvUMNXJEqyuXhQ3BPyYQ
-FYHkeIhZLU0rSotaWOQsgnYPsMNFxkY0zDgz2mugeeJlKjpUjWlUbncywUWOY94J
-9D6fpRk3JZJA8apX8mFp4z3kBYWU7ClR3YVsZcODesT5N37AoA1shitHew==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem
new file mode 100644
index 0000000000..368e85a23f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 64 C9 0F D4 50 79 97 AF 08 D3 0E 95 4D C2 BD 47 50 08 57 1E 
+    friendlyName: Valid Policy Mapping Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=PanyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMaUGFueVBv
+bGljeSBNYXBwaW5nIDF0bzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNh
+dGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+P2NyLxKH
+FxAPjW+SjKAbIRefIhK1wrsTiAqxwAXyFdd7DGr1yZgRDI01vPYyYCRCx+N4L1S9
+rDC+mmh+zyDlsM9cQOaApF6Q8yoLW203kJIb2RWaxIL3kWhpQZsVVZ/feMaFM/3/
+TlpjJlCTXyG5rBEz9jorFf4gaLzqfqROlojVWNN7ozp0aSe0hb6PrTymHOxA76u8
+ahz41lNzczNv3UgfzijurhYx93GxKvM+uzSkcz6in1HaNVI9EYb/DgeqhnOW+eNX
+lRBVxIt8Bib7ATofuBQCnPRzvC7txybCPX1KN32Ey3enhlRnFNXeGcEdEcevSVLw
+CZ6KkeB+ft+BAgMBAAGjazBpMB8GA1UdIwQYMBaAFEcDJy9DPcUv2ZKsx9J20DPG
++Xe7MB0GA1UdDgQWBBQIZAJOoXdyajkMnsi9d3w/HMoLfDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBM
+SaSdAKgMib7Hlpoooy+Du7GZe9IkYyp9XEhiugaOHtQzdD07PS4kUUjjtj/+RjAd
+JB72SZBy6TX0MZoWhz6E4Zn9XwGmxWPAs2RwIcV7ICLq9ZvnThoCk1rUNRJN2GUJ
+rKAaHnnJ8eplpFy7pe+XuSX3+BmuEsB8cY+UJML3DR3pfSP45I8hM4YP6a5C3HTd
+Lif+xigdnT5hBD7UIDXTMxfBFFufc4Ckr5ON3bRRgQKzkV3+FL57dWqBweZV8wIm
+WfW/8BXJVho3Tm7hj2m5Kl7GxuaicnVC9zjC02xSX2zWatlAC9qQ8PebqWHdNCt8
+a+IKJC+4NrcghSNUs/eR
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 C9 0F D4 50 79 97 AF 08 D3 0E 95 4D C2 BD 47 50 08 57 1E 
+    friendlyName: Valid Policy Mapping Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,875194FAA839BD5E
+
+TWaDWBhDnwciPVhYcNPoNJhJb/3AJQRnKtKsCwIcT456D+Ibf+ASOyC2h/TkC+tb
+ixNCg0qUSng9CUHqtBumy4hOQtxZqVjYni5+EtxBM+pAuc8j7gq1EAVQMNLh/JbT
+0gak/VmVhlKb3CxPWyszP5HTDezqlNZfkgUwxzryWkT/xv7abmv0kwSL5kx9WCaA
+7CvriwCr4/a+Fjey1J0QolUsf85SjwtgW2bjVC2bGdP+rG3GmM9upvLongxoDXbS
+uBjyvg3jMiM80pjXsAx7wrnd5mJxO0VGROkXjOCH0UWU9pEjSPeK8DyEr3xTfcRD
+CBJ4VHuCAR9xB37ibfx6SHSP6lqeFiT+mObiQDHhsFgx51gG2PjsUexOiRDHTYzS
+GqR81IfPVaNLKVyAxyO7Bdq/BlLJw3LKhLS6amGZJP8KLgMDC2EAnQduRcc7kxyQ
+uTGuAaxJRub2S9XXNpGmGT6JOOfdsILv+sKR/xCDetUstIX5HKcqyMG5QusWdtL0
+XD+ujNT25PRgbQ9YnvS1nKDcP/g60/xzWjR0NsPStHJTDO7TBjH6yvj69jH4XtEa
+4pKiYVeLPeOEtgq43tLM3kB3bXNZoXHXaiQBwIlokAa4JfijiltkH3jy4C9lccz2
+xV6HZQT8y8/4aCXEbxJouZ9EtoD36J+QUIrikQYFTZNZ8RAHPlzFFgrzDSb3vUlm
+DSMhWkk6AmlVCuOnKZHFXEFXHLsVov9phq4lvaBTPL3mARyaA7z2ELtTcI1Rq6rI
+/WKQVfq/q/vC1OYsRCubBFmGv7ou7yIeWtAFpFSl7mutJDiL18UIT6wBRuVyd//M
+75XeC7EVZfsl7R8cflFrYiX4FDK872wTnhPa7bFJRMq0pNBqWAnXcIJJN8ySgZ/c
+721NsMHtkFdSC2SLenMZTZw1AjClVLFoZ4Ke0LOvynxUerLP1HySYeEFpd0z1F4i
+jWOfEl52lq77Dlthn2Ax1i5Tgz35XYVjUImjCvbnafRuSzEIUfuoxITGciRSlatr
+r34layA/Ese7oHqfnDpmht0Snx3FKDNr2AOfLpEdTAqkWC2aceu9m9H5erbpu1hy
+gwbwZ4okeUc7rAzBJ3JZwVX5gou6erOsMvq3rrpM9MQut64LDe5UmiTbqk1nScNm
+25n4XJ98Za+ZJXD9S4AkaCjPiLJOVoBa3lwviBZMG8TCCJFqpf5TvRi65wQe186r
+mxP0EDsjDjvZga5tHEBXTVco4LlsQJifdvQzUlpDgH0KVfj7jt88fH4Rq8DthZ9X
+MBBwRRDQDM5xXq9mkV2s20o0OPUEVrCfxPNhavmA6IL/veIGyH/oLrNg3DrRlRpr
+LQr6vUwBdXr3IXFceKygFNHI5m6m70GwCgKEH7zVGLIhaCUwr44JVopCNWLs5LVJ
+8J2GWsRjr7VWXUF/bPhemVvml/DGysKpuDyJerCm1rQd5/Ba0mZcFi/q+uqmGbH/
+QpRje1m4JWP+UA2Mr7cLiGezv53s3iRp3ZXKDLWrKUIXEWMP6iuW30m6bHOD3n2U
+xhZh8opURdbI4cWF+7sSmRvcTUl/deNCMHBq+iolwppR9pz+wX3pLg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem
deleted file mode 100644
index 6a94017c06..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBYDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgoJkiaJk/IsZAEZFgNn
-b3YxIDAeBgoJkiaJk/IsZAEZFhB0ZXN0Y2VydGlmaWNhdGVzMREwDwYDVQQIEwhN
-YXJ5bGFuZDEMMAoGA1UEBRMDMzQ1MQswCQYDVQQuEwJDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAmPmvvNuLBaXi3cYQQzuNFOtq2aeNq1YZodT/+7SSfjl2
-uz1wsLHI7XjOGOuWrE9N0oNBrARmSYh6WrYCJj1cd8vcj+FTymvx5DWEeqPCDmxU
-EO4e+/R+utHsFmCRzrOOUEqKkiHNGoR3iyrYr5zszJRgRDwf1QiYInu0cLMsHr8C
-AwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0O
-BBYEFKAtjaBcqIIIYio2ok1SyOUsUH0rMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCXoXCIH5TuCf84dVOweSMfOdb5MzKTudOw55mU7VgDzMk7vzQIEx3jCeP0
-7h8byDM0i/okjN0Ugm4DzOwxx5lAjs/uGGhGRGBVCJIPQ4QemsX3L24YpqSQKoJj
-K+YL+sz8pdoaqX69dDAyIcZNG2i9L/WEvmacw0AnJZ+Rd06jqw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC3280 Mandatory Attribute Types EE Certificate Test7
-issuer=/C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRMwEQYKCZImiZPyLGQBGRYDZ292
-MSAwHgYKCZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczERMA8GA1UECBMITWFy
-eWxhbmQxDDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EwHhcNMDEwNDE5MTQ1NzIw
-WhcNMTEwNDE5MTQ1NzIwWjBwMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxRTBDBgNVBAMTPFZhbGlkIFJGQzMyODAgTWFuZGF0b3J5IEF0
-dHJpYnV0ZSBUeXBlcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAn3sUmVtQ1OLPODq7WXtzygEZ0tKb60KjAITF+WQQwfYO
-katDsSHQU19m7Uxi3JX3wKeIZOJLDR14VB8aGUsN6pNaKKFCB1B2pgQsjDZsCLDz
-ckA7lYdIC40Smu+8Nb2IGgncTW1Dye6r36lxhEpAU0cqXdOKkhteDDOW42tuZlMC
-AwEAAaNrMGkwHwYDVR0jBBgwFoAUoC2NoFyogghiKjaiTVLI5SxQfSswHQYDVR0O
-BBYEFHv2CemcO4grJLwWGJqNhA9NXdicMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAQAimtwbz7YQ8Pm8M
-Cg/LHjRpGXaJL82W85ioX8T7hsFsGlQbHp6uAq/Zkk44mG2ziuI5pJF/HnuAXPiF
-xHcnCfDDpHpNh7deC53/nPf9Co375lZRWlBT233KSL14GTyiBZPipzbsUvJ+7FOp
-alTeRK4fPr3lNDo9SEVo4e97i5w=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A0:2D:8D:A0:5C:A8:82:08:62:2A:36:A2:4D:52:C8:E5:2C:50:7D:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        52:d1:8a:cb:32:66:cf:87:3e:a9:ea:a2:35:90:42:18:74:4f:
-        9e:43:5d:6c:73:09:4e:ec:45:68:bf:3d:c3:1a:97:e5:83:66:
-        e0:2a:1c:84:97:8e:d2:29:2a:c6:f2:41:e8:fc:63:3c:8a:5a:
-        1a:8c:40:eb:c3:12:1d:ef:5e:70:a9:af:d9:dc:89:28:03:76:
-        ff:b6:cb:5e:e0:82:f7:ad:32:3c:60:58:3c:fe:24:3d:9f:68:
-        79:98:14:e4:0c:80:1a:f7:63:eb:5b:cd:ca:1c:69:80:93:8a:
-        26:55:e3:ac:b9:05:7e:83:64:d4:3b:11:26:bf:fd:df:5f:3f:
-        40:30
------BEGIN X509 CRL-----
-MIIBiDCB8gIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRMwEQYKCZImiZPyLGQBGRYDZ292MSAwHgYK
-CZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczERMA8GA1UECBMITWFyeWxhbmQx
-DDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFKAtjaBcqIIIYio2ok1SyOUsUH0rMAoG
-A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAFLRissyZs+HPqnqojWQQhh0T55D
-XWxzCU7sRWi/PcMal+WDZuAqHISXjtIpKsbyQej8YzyKWhqMQOvDEh3vXnCpr9nc
-iSgDdv+2y17ggvetMjxgWDz+JD2faHmYFOQMgBr3Y+tbzcocaYCTiiZV46y5BX6D
-ZNQ7ESa//d9fP0Aw
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem
new file mode 100644
index 0000000000..7961ca1f03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: E6 8E 14 0F 4F 28 27 45 1E 67 B7 AA A8 34 C2 84 FD DF E8 28 
+    friendlyName: Valid RFC3280 Mandatory Attribute Types Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC3280 Mandatory Attribute Types EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEzARBgoJkiaJk/IsZAEZ
+FgNnb3YxIDAeBgoJkiaJk/IsZAEZFhB0ZXN0Y2VydGlmaWNhdGVzMREwDwYDVQQI
+EwhNYXJ5bGFuZDEMMAoGA1UEBRMDMzQ1MQswCQYDVQQuEwJDQTAeFw0xMDAxMDEw
+ODMwMDBaFw0zMDEyMzEwODMwMDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMUUwQwYDVQQDEzxWYWxpZCBSRkMzMjgwIE1h
+bmRhdG9yeSBBdHRyaWJ1dGUgVHlwZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdZjCEq8H9mVwzW0tJkvsOuE4j
++D3LoEUE2bh5sopUAfj/IOB3xwajLwL3VX4joJQkD/D4efvZKh4pzkHnbC9s82PW
+4HbKW95X1n2s85JFrMYuPGxzD4pDQcHWeptp6NM4iP2nxj/cc3kkxcov30hnk2lq
+mmr3FNXYIJ6/D4e1AgGgZjikNwKFHqiC5b70bZW6QbUTfQ7PtsqsCb2tsLvDreXS
+lBd8pLnB4b+czEFdcgXx9vVPEJf0tWik+k2dO5EbXhEFp9TB4/oOAPz/6J5sniSO
+IkrRfwidMyUAn4/iUj9nzJ1ITJ3ffHhhOpAmEBI9S5yg8ntzwh6zKuxwp/HNAgMB
+AAGjazBpMB8GA1UdIwQYMBaAFPBRGGLvzkHHt7BndGsCvDIKM5nrMB0GA1UdDgQW
+BBQiXTJuQyIRmwrQGxx/oAX3WiwjvTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAU+rnqd3Fx/GnRGW1S
+TkL+CqF8rRHHfVoi+TbwLpbcLltQPiJSm2OzYcPaxR4Q+qbVevA0aLTHFUrKb+dJ
+yX5HIC0Mw1NgEoyMmgqBtxk6qsxawpxtSuiIrqVwC8ZSJA4x5r5OsVwm3BTu4yIG
+BecgzQPToPTzkLpy+miylicd6zUotkx1/fk9H22Noi6CqTea0leemThYEf4UdiDN
+txAI2gGY0++Pg4xS166It6G4VnNsIPF/HV684iwAO3FPGgtxPpu6chf1Z/9D9EZ/
+bVHah6PIQS41hrUKp2dr9rTX4Jbaay8hg9FT4b0Uk4hSJxaDvEO/CcqLjK3HR2lc
+CE8y
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 8E 14 0F 4F 28 27 45 1E 67 B7 AA A8 34 C2 84 FD DF E8 28 
+    friendlyName: Valid RFC3280 Mandatory Attribute Types Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BFE9C73E2F4F2252
+
+WDp/+1YSU6aYrsDVTkgfP/7jdUE4vXcwtYb8J2Y+4ToItijuV2PLyC3+LDxgdKYV
+N20avLAeuruvWUYkMXpg2KkLfH14wQ716S77yzf5zXSMItZuQhOLAIbziAct68c0
+dCrZrJs8eZ6l7cttPAgui2/8QPF68//fEs7O8SWDVm7vgKfIhacQcpcmJEq/SqFv
+Y9DSlxrXl848ATroZPI6630f2VeBbM4U3+wyS3l8Y77+vhARPJlerQExJgPauzHG
+vur2jVe6CtLHo4bmQu3uVWiVFLVeaycAVkBJVO+PayhC1WZBecuOwuhk4EBMk0Dw
+Wm23QxVUMTveXAbBvoxl+8XCq5WvKK1MywODr0twPMsEs7QzudC4kyvhir0ZTfMQ
+mt5bRtkCyzdBJyOWPmoZ8cGIT3e8yXcVoqwiWwy/i+dQ4EWAUtTeP4F7Fu1n2CGN
+i7Iu9TvYZoeU/RvBH+p1kjdiQx1YsTSxxCMstLoH0+k7WuH6vyNcnPGs1/4/3M62
+3qCPUK+C6O01Pj+wa+hxs1P24SIEN+IbwmDPEFClWk5T9Hg5MYBH2ae1a4DG3DEs
+c4JcAScAjnSInZkBEtAAjpZ0f8D/hDxW8UZ6i+vfgITMIXYqZzWaO0t8RASkTj4x
+F8NC/eC6uWTnfFvEcABDdMQ7TkRzz8QVCHLVWsMBoPpb5XmGnm2maWyD600o+hSi
+03OIEYVsQh09qFTtbnxHpUOwrdjGCQZ/a+VFee3nW8BgUSrax+/7Nv1jX7eFchoY
+5Ma6pYrvPFlD7MQITj9zEhFNy7+DmQ2kWyw0fOaozRVqLpp59jGzYx3ERzmUSxXO
+h3EPTWOxgJ4ggQlKepeRfv9jzI36XMzVcA4kk+hlngNOWkWfFyBO6ZgzlmB8vwLg
+TvHXabA7CE12DzPc0Ydput4abongqJee6I33uZ4vAJSFAY63L8lqm/j34wRSjkzH
+uo7Pw4C/essovBEIAYjgiTS3ZkVps/fO+DTvCiRJAIx9BnebASHFxBmHUyo1nu5t
+DEg9xbK06d6+/m/0S9a/dpAl/nIgXroFUgS+wQAAZ8znJ+OMCzZfyvhFmtNqOwJ/
+OdzSJ9GYXp/qJ4mbFNAzmtMxPRli/kFScaAcKfcDGEmCJOkfglgr6RT+nvYHdwYK
+briRG4GVuSdnRf2BgwCjvpDEFIc8SkWstRydiUj3F0YtcMn/qqz3ee8EUYyaDFMh
+5tfxP7nuV7NlayDIa8eAj4uOMdXHhOpF7yROZbc5fgD9r5rjs18KEu1DJUKGyKaI
+HAbm5Jpwcidw2WLG9I106RcF0tKR+1Y3ZGkK0SwAIKEu77Fadoz6O3FGy7bvx0a7
+547ZOqZXuz8GmkbxXXXdqcI2BJtgxIyXwybfdyefLwRwsWbnQhlTrDQq5xuevWzi
+1NbAToJhf7iVoyqaklPV3wQ/VJTDly27Q7KJjaFdTuGlf8pj7IEDJG6LfX5YppcJ
+Cq4u5Lu+Zsvusn+7N1BBZbNSiNCj0tR83C/muSziuTWtOY23JZvvmHQpJEMKaTyN
+aU0obz9ocoPvipKvPwbWIP67kMHHbaomLxhNmSOwvZYAnppzXXINzwrtImlcu32L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem
deleted file mode 100644
index fe5bdf3e6d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICzTCCAjagAwIBAgIBYTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGaMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAcTDEdhaXRoZXJz
-YnVyZzENMAsGA1UEKhMESm9objEKMAgGA1UEKxMBUTETMBEGA1UEQRMKRmljdGl0
-aW91czELMAkGA1UEBBMCQ0ExDDAKBgNVBCwTA0lJSTENMAsGA1UEDBMETS5ELjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1rYVbBlFi+aAvBEyC1OHaw1KoNLA
-SbwWJQU2M2R18MJ60p/Et24lC5hPnI9+Iaqa0JSHYJ0hY4qWcweJOtNcTNjAgPe/
-jxsQPIOJeI5j0ZDI79wgvj0F7KLW5QKyDbc220ew+FMR2KptqAPxv4exgICooaiL
-M8sOLdN9u/AqLosCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFK+Bn8wZLBKkY0JXV9dXGmMHX3PRMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBT6cZaPPoR2jyTsaiykedCd4fttTGC/7nzI5s6/riF
-5nxSRhoLM+h8ha+zN2df1xMZao1Ovp6RQGOPrbuPhz8qwnmYrjZ2fdvj47sj+BQY
-xIO6oUyd/DYYwI/nmq3o5bLBOxZDz3qC3AiNFfcfLPiZ2m0eotP0I78nTtDGGUDc
-Ew==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC3280 Optional Attribute Types EE Certificate Test8
-issuer=/C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
------BEGIN CERTIFICATE-----
-MIIC6zCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQHEwxHYWl0aGVyc2J1
-cmcxDTALBgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNVBEETCkZpY3RpdGlv
-dXMxCzAJBgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNVBAwTBE0uRC4wHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBvMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBCBgNVBAMTO1ZhbGlkIFJGQzMyODAg
-T3B0aW9uYWwgQXR0cmlidXRlIFR5cGVzIEVFIENlcnRpZmljYXRlIFRlc3Q4MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBi40mcnzIqaCI8xmKk/hWOkKWbQLD
-++tbFk6jZC91dhYO3PZy1cPsNYJPSz+xSdp/EQz+8TEGRabX2QloXsHxgRZGersi
-xzDg2uh1LS0/k04o+YxsAwJljkd74tub9b0PRX6MzqsUQgy7SWnPvQ6qKJ1uZ8B3
-UJYb/Jr+Jb0BDQIDAQABo2swaTAfBgNVHSMEGDAWgBSvgZ/MGSwSpGNCV1fXVxpj
-B19z0TAdBgNVHQ4EFgQU1AdzbqWGvXGozwcQ3FLKcM0NhdQwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCm
-53CaFal2YrwuX9JDOKgfEISGgoAdQjs+hoh0T9fTKMeyzfuEaajj4gKD7YViPd5Z
-SbbTywQKjzTDTP1PiLf7ti3TbOzHmPCT9sOcSMxn7ws9Q/KV4SvNjpYK8W6YPn6r
-WSMe+VuZypOlb/vWxOgHPP5IIY/4vqVjulA0tcqP5Q==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:81:9F:CC:19:2C:12:A4:63:42:57:57:D7:57:1A:63:07:5F:73:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        92:2d:88:30:eb:90:92:74:63:32:0b:b7:99:52:78:83:ef:a8:
-        8f:33:89:b8:57:ff:06:f8:f0:41:20:77:9d:be:a9:98:10:12:
-        e3:80:bb:b0:48:d2:57:93:be:3b:b8:64:f6:9a:91:05:05:df:
-        d4:97:6a:a1:c7:29:04:d3:e6:ab:63:83:99:c1:58:87:8e:ee:
-        d7:85:1b:f7:d1:8d:2f:34:c4:a8:77:c3:5d:ff:15:2b:c5:14:
-        47:f8:04:f4:c0:a1:3a:84:07:0c:a4:97:0f:02:f8:ca:07:52:
-        fe:42:29:ff:e2:9a:01:e0:ac:1f:4f:e1:15:47:6c:71:d9:da:
-        dc:02
------BEGIN X509 CRL-----
-MIIBlDCB/gIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQHEwxHYWl0aGVyc2J1cmcxDTAL
-BgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNVBEETCkZpY3RpdGlvdXMxCzAJ
-BgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNVBAwTBE0uRC4XDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFK+Bn8wZLBKkY0JX
-V9dXGmMHX3PRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAJItiDDrkJJ0
-YzILt5lSeIPvqI8zibhX/wb48EEgd52+qZgQEuOAu7BI0leTvju4ZPaakQUF39SX
-aqHHKQTT5qtjg5nBWIeO7teFG/fRjS80xKh3w13/FSvFFEf4BPTAoTqEBwyklw8C
-+MoHUv5CKf/imgHgrB9P4RVHbHHZ2twC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem
new file mode 100644
index 0000000000..fd69deb001
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 70 05 A8 EA DC D1 2B 2B 4F 88 9B CF 8A BF A5 7A B3 2F 23 06 
+    friendlyName: Valid RFC3280 Optional Attribute Types Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC3280 Optional Attribute Types EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
+-----BEGIN CERTIFICATE-----
+MIID+jCCAuKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAcTDEdhaXRo
+ZXJzYnVyZzENMAsGA1UEKhMESm9objEKMAgGA1UEKxMBUTETMBEGA1UEQRMKRmlj
+dGl0aW91czELMAkGA1UEBBMCQ0ExDDAKBgNVBCwTA0lJSTENMAsGA1UEDBMETS5E
+LjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMUQwQgYDVQQDEztWYWxp
+ZCBSRkMzMjgwIE9wdGlvbmFsIEF0dHJpYnV0ZSBUeXBlcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnWd2qWpNr5
+EB4D/X04sWYwHk2O/sNfaCRnyPOdRa04rEwDbcqICC6y40U0nyDFc0EzBcCHVqts
+Cn36EI4hpnibj2BRybDIo2Ntb2PH6z0BbQUfPY/X34yJ+k9uFEBRRL9gNyQQH+DB
+mgN/HoQ2UOiGvmdNJY9Sc5f3srgi+0TLs4W0kaeW3l1/aFImKPBXIE6Dwhqr8x0I
+i2MY1piu/TN6llFXukOkz8cZihj8hetOPNTJPcSjQ/LB+WQpfyQ2RsVlpIhy0tf1
+PpBpWrc9Jljx11MT0uHCJ6Agq/cqO9NxBWR6NN2rCRq+8JwOgBNS+5qH2hex7taN
+QpedWsWMxk0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUm25vP4qn9Oe1jDFbzplLkRx8
+fL0wHQYDVR0OBBYEFFo1tItlb/GOrVNgqo0jnqVlFChDMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACLn
+LA2yu+fl/z6CAe91RJeh1g/9ffXA81W2NjqtgRF9p3ryT0M7ZVhVd8qmN4ZbTB+O
+lTTIgspdcgCFbX3SzH6MFOHmTmIug7hsuBkR6xhs4fGbGb9MqbAbcsUhqNSC+EQ7
+35+ti62crD1Ew83xhOn8rPqCfKj8cRlac15f5w05TItgB0v4/laFMQwGGvJcvGkQ
+j8iWgV2SRug22qujOb7ZH5rTJJLWvZ6oLNasiyB+Fe6ExidWRU1YKmFNWrP1OEe4
+Hll70oWjXGLo/Ilkw8dJDe2wxLgktazED5eBsqfS8wPCTHkaaM/YAcbDmlbXvDED
+Rk8uUmjfR/dHOtIdEb0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 70 05 A8 EA DC D1 2B 2B 4F 88 9B CF 8A BF A5 7A B3 2F 23 06 
+    friendlyName: Valid RFC3280 Optional Attribute Types Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FC39EB1A890FB19C
+
+mRBIoUlt0n541CPYW0DGxjQbisdR/qik0jn4WUzTQjFUhDqZCS3jox+lVj3+2L0O
+EogtwLej0FCZbv5Wl1+cGTSRnRWsTMcrZF1vUPxbh5AyGyAkHhvkL5VeN3KvQD8n
+GyRE92RwD+UiRcmSNTnN1tzcfUF5WP+ggGsyhqoMh+8A/a7q6fKtKTqA3a0PgMtC
+G+OxoAsZnQbmV2djG8aayd8C84mZtj29qSyzevg5ubYbU4zDFHEJ75tZivxTNWe4
+rgJtTDioizLuuiLZW4lgC8qIZIto49NZxW3NGI4uNf4S9YlH6pwg/WgfP8uDt5BU
+Ya9b7isJkgpkaaB3UaAignwvmxbcK/etmEI90NNYJAo+dNX9vSJgr3tPWD4ihnW5
+t2spd3+9kLHz002tGh8nNOUVSPp/7sBgJZAdCTDBaD3Hn53zcNxjzhHyI2KRi6pd
+X5iU8Ull5ymv7xX2a7hS2nhSvluknO3FrgQboEmZi68RQ2q6TLF3zurUPpWR85iP
+J3ISxm4Np3m1SpPXWyJDc0WldWvo2Y+dqPXhg37nkXw7bkwrCmBc98qzVLGh/iRf
+W92SADj6fLeQjSDF97ts4/Qt9VOCrRBOY8hrOWuFJ34kNbMRqxpruBfRFmizdGYZ
+CzSSSwr5aZCYAe4vMFU1fRO3If2oAzF52IGSpRKmXVvDTU6djW7JMieKAqWWGaQm
+rlIZ/061su9MzGXVH5VF5Fbeooavm7ir0FaMVYhTmtdggo4F61zBY6ubtCQg/9lX
+oQjKc9XADM58zIWk+M3WMTGquaEs4ACcrx34l3RolC+B6WicQAAqq7KcSULahufG
+J8xteOpQ185qRdOVfSBQ/DfRE7cD4CXJvt68uPXn1ts4i3KjU5k//KAr6uVfWOa1
+TNXO1G9zTDiVATXU4NK194ECyVTLUVJVxAGTc4RaVkJOtq9fTn9b+5e3a5kqx25w
+Vwf+bidlEM8U8QWEWrE+ro78v+NSjTAZADR+LfsAqbRLRhlBVyCRFn7VcYDXx9M2
+N32euCqAKZCP/lrKyvk7Ag271IMy6CkTKOVCnd07oR/1LJQFQzUzOrK0oePuUEdZ
+0fm6ErCioCEzPRpq22dEwsZ24axn1AQDeZ7UA0ZId4Ll8e8XALne0LJKr+ydyrjL
+vmNPFXp49+igvesj1K+uBIkp7RsROuh5A5Fj0gq1oAtKGq6ypu36KwJOSFPl8zNn
+8twsR1yRCbgGZreA6fO8lo3lv+q3FvRWWLX10p+6OaOSi8Wh59+R1q1b/BgC2Xxy
+cwdvLjOhf5lPn9kWHyZHaTnhBRn5AgwiMZIJS0u61b0nLBefglIKYDEdIXWVTSLa
+QoG6N6SkcCcmgwEsE+PA2c3ZVFXfjhCaxdBp455cPtPiJSbdBruoNoZrxM5LFyGi
+wG29/Dz1CegDwQkPXLdliDc70ycIOJLWCeArXAcnUJY/JsowtGxk30r6Wufg3n5X
+DSlWR3fPgiTuKXOU/AhTTzxc1QX+fPpU0dyXD0veDDJBD0LVWGxYj6RO3YB28YWv
+9DgQ8hYM8awbiDz2GKg5bp63PFtPHVx94OuQ/yLVDhs00emTM0fsMA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem
deleted file mode 100644
index 0a271fcdc0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOYG
-d2HszTJIsVTazKriCUJ/ExxUo4U4HEZN9+/XVXsQVkZYIzWtyCTC3IFmSAyb9ZED
-Gu3jmF/evXpfNXmxiURUu6W0bLEpIkZiVpPpTKqoJx2EHj+wXOfe31AD0OmKidXP
-66+LVgIJLWGMr3Msbzb4T3gpKb2ynQc2/XnE3RkbAgMBAAGjgaYwgaMwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFON/hXqOojue7rgS
-HXkTqsS9LlmtMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4EVLnRlc3RjZXJ0
-aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAJjXEGmrQ1/Muud+NZwajR9x
-it/32SNVvHI+/O7bopout/RnhJudrmsdqGlcSk0KXfcXI22cJOkAYe1M39znxgba
-VitYYLxfsS+3O2pLpMgQMFCZuOJATfAQUlui+dVtPTaIam7jimms5Qam2K2SuZ/t
-eJ2J/rIDHCOrIGktQS8H
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test21
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmgblTsP6gle2uacP
-DDJPff0VnqgTN1VtCh/uqZINqMtzbfcADz7KNpqETX64spwhD8/3m9yEVpJStgPq
-o/mbcf/G2L3+zkx2t7mQLTy115q304S7KBauhK/aen56yKrHOuUv+qmOSYpqZKwi
-ZbobiLq/CMbUfYx6zaM8Bd59VBsCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBTjf4V6
-jqI7nu64Eh15E6rEvS5ZrTAdBgNVHQ4EFgQUtCANQs2V6ofUY9VPDtbRD+W3O/sw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
-LDAqgShUZXN0MjFFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
-CSqGSIb3DQEBBQUAA4GBAB1qFEM9zKmqItkLPuorp06yLsoL0xL3X+c4ym7JP034
-2kYhJ7SoZFmFbIRB6z472KWbJc17oM9LK6GOt08QBEIHhQk1pZrueBJDrCv8WmR3
-7FHwbkNcRn8DFYiV3//yjYP+bgN142Lj3O9SpuUy/a32bsupo0ykWADqwwY1ntmi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E3:7F:85:7A:8E:A2:3B:9E:EE:B8:12:1D:79:13:AA:C4:BD:2E:59:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:77:73:f7:12:e7:d7:20:9a:bd:e1:00:a8:b1:6a:7a:65:1e:
-        8e:56:c9:ca:38:33:7e:d5:37:41:c1:e7:95:a4:81:ab:9b:40:
-        31:1d:aa:6c:14:f9:19:e4:3f:85:6b:24:ff:d6:bf:cb:fd:27:
-        a9:65:35:5c:b7:6b:82:87:b7:e1:c2:4d:34:ca:42:5c:46:66:
-        45:11:d2:c0:48:0f:08:8c:b0:a7:58:66:63:9d:ae:0a:68:0a:
-        5b:5b:ee:fe:12:93:77:03:90:6e:a4:8d:32:2e:56:56:cf:1f:
-        85:b8:95:52:f7:73:78:5e:d0:04:66:2c:8c:ca:78:36:da:43:
-        10:07
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTjf4V6jqI7nu64Eh15E6rEvS5ZrTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQC0d3P3EufXIJq94QCosWp6ZR6OVsnKODN+1TdBweeVpIGrm0Ax
-HapsFPkZ5D+FayT/1r/L/SepZTVct2uCh7fhwk00ykJcRmZFEdLASA8IjLCnWGZj
-na4KaApbW+7+EpN3A5BupI0yLlZWzx+FuJVS93N4XtAEZiyMyng22kMQBw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem
new file mode 100644
index 0000000000..00a5e61442
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 23 43 2D D2 5E 36 CC 16 FD 86 12 BB D5 0E C8 08 99 18 ED 9A 
+    friendlyName: Valid RFC822 nameConstraints Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC5yv2YRIEhQf1yjI/+8BH9zoj+WkwrpoJikq3h9IAR3QF1b73DUngYZizZoxi4
+zFK3hJIaln6yaq4VLKImcJzGwf2H80nYKD+cKEo5vFiG9qnm7m6so2sUDT5YYW1w
+rGHDO3qJNlzF3R9cM4Fm/hi7UpABHwWqJ4wApX/HkPg0DQ0JXsgnCS4vr+uIgCbY
+m762QCDH8YvxEDWjj/xy/BhCVb6Rzb4wzJE9DD0+8+Zr3UVKhoPQWsNT68JFLUd4
+t8lMndnhGqQj01atU4lrq1T4bXO4USw4WUYM1Eh/9KvTfRxBlIvrWkEe5UamC1nT
+HxlrUqXfSg+69bXgh89wKqCTAgMBAAGjgaEwgZ4wHwYDVR0jBBgwFoAUyGqOsQ9L
+qqWIuKePkdvqM0ro1eIwHQYDVR0OBBYEFGYJoy8FC+jXyi0Q7O4CokLJZ2PUMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwMwYDVR0RBCww
+KoEoVGVzdDIxRUVAbWFpbHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkq
+hkiG9w0BAQsFAAOCAQEAPS+Re8+Y16TsC07sv0TLKtOFqh3WUaKg0drF7pmruJc3
+xmc9ACF5aBvAOGA/4cVaVQ6qEtA42TcqxRj4RJynb2p6Ay4DAVRYnWYeYH6rjFOH
+a3xE8zXCrUUGpnYYP27plJMDhaM/uR3NUo7Tp9MagVqv/Iv+RUUQi7Hj8vWg5J0q
+ggpJApU8GeqyPsU81Hh4ZXG9go1iQN/QH7p1uYpf4OImMTfsE6RvV1UXNX2fiANt
+1XrEyeYyCl0LEdoo/+vZmEj7XuBpVTHTdFtGDfnzzWyLg4K0J+1ZIsHXtivhnrSY
+aM5R0nE7+ziQV9S6U/zR62TrkQ66aMoxzN4SHgYD2Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 23 43 2D D2 5E 36 CC 16 FD 86 12 BB D5 0E C8 08 99 18 ED 9A 
+    friendlyName: Valid RFC822 nameConstraints Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EB8AB9A7AEE01546
+
+UZAlaUbmYe/AhCF0Q2dNOjEozcyEB8Ehh/EZCOmsO8vgEbaUT06tbiqpnOJBHdVM
+O9ke33cg54p4g88LVCQWivkEopFW39r40Zya3R6GBP5ewbr/qIIxA7IbDpUhugMe
+FARBWk/521qovA3qcp4hB5PtRIR0+aVaQNe+iEISRMrBlr/87u2rw+shuQnP/K/V
+optX+6PVMQxTiJRMCaJ6EgAF7bgU0ti/3/1r8MBUqpkMEHUCbu/v9i2YdfGWKzpD
+DgL0dw1b43R9hPOR4vP+ytBp3hltSXvqeg4o8dNkbqqqG/Gb5+X5W8de09AsuBya
+rS3xhidIq/L+EclCKCM89zVcZlbuf+wCPGw9Ob8FPIDASw3hk9RCHg/rlXoBcHZw
+uzU2mrsMV4IAwK9ydSAit42DT3FH/s6WlePt64FRc7kMJCqA83h6pNa2f+kKKUGV
+SsIfc64I+6sJWp4qN+HGTQm4dIp0U6upBkMKogwrMtB4rPmGRCxyEK6TGrVj3NJw
+P2wwyKhm9CxsCF56lkDuBcOqUGu473Pqm9ylZ6HaNF3nMShYL0f2N//5w9OPbBUH
+lFWWXj/RVTBnHjeiFKAjJFGyB4kTihC2tzwbufT+o0TV+bq/MTYjsN+9+bm/vC4M
+kVrvvXlRMVOUoVKBqTSWeSD3pTnd4FQyYivNQdss8w/8LHXCv/VTA1IjQwiBEx6q
+KKAXXCXXrN3rjaEMrpov1tEztDHn9lBX/clH4whJ+AJ3Sdcgolcuw/9dhxRFfG67
+XK8QPDnUL3YGarueoOaQloneUHTJSEEsVFaMk97S1oAfOzW0cjizWGHYQU4RRBJk
+4c2J7opvGlpci2LeGb+4ZWvJ8/qLGmLPwtmqNgNWXvRRvs8L0I9KZqbgQ2bGTSWJ
+RSx+ErLDj7qw88xF54DJuivLaREKctKzkmWTSAJq4oWh3bbeSKO4B3HnrE3YRkEK
+SfkspCCJmEhrXT9qQ2wz5v4lqO6VO5PZ1NDGIKcxRhNatjFHQ5smCaN/ek2mWIFy
+0o8sLsVojXVAYqHiBaDwjJs30MEQIliS9sUQOqQb9DPg3Tjcjl0/yLYF/WA41KyA
+SWdNIZ9uRTJeBjoANDseUNoAnWXus3aYb+ZIhgugwqwVFX5FSp6vjxXBGQaiYuz7
+tg5u5oO6BZpVfb0ITuRWaZWbbkoN+nPKoHOgY4Zd0P5RnLfJMHCrbGotmSleOcj1
+zWgZEsi0yFU/GobJUYHDQshKIG9JIchLCHK8/gtXN/rat7JIFdGDcQlYHZn9UpQS
+iC+vFmfwCkhMmNBs2PRIt6aCAeYSBSuM/IXIVhCxyGt61NkppuKcx98/7s5DglBM
+AKSxyGwiyf8Z3pQTIczcDhsjJobD37ygmdGLuOlrVBbRRbttZiPTwq2t+lJby7Zt
+3+STA22gzy3LxCWenKg0laVanUfdsAZGF0Z02JiZFInA5FlkFee9rrjaaAdWtw5j
+A3Sc9/0r/rzrpkZqJKc9KHW3DeiJhh6cNfPyRAgv0GJw3N9S6Y0Zc/jO1n3rIk+5
+wGsXZEim6V/2ejC+As58ERaKI6y71v3Kj54yUKIpvaCJkT9TmLnnpw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem
deleted file mode 100644
index a73a4af25d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPZ
-S8+5+/2AgG2N8tsByPeKGxCC5bOrNXho0b3fSjvK452P3luNUPIf46KvIBU6UYAP
-4rGMqcUdmgFD+PdXq6TMW8bWNuYRICw6c6ni5uyre5bovptoJCsmBw/IqinDoqbO
-Qyoq0YDltds+lSROlTUCA/7qOBHOdwpcjhVfYJSJAgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBQbKzZmdEuTqzFV
-h6QxqzZjbzXJMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAsOYxl05xGFDRHUO8Myp9EM/X
-ahfChzUabmgo1Tqpk+TLbxcZw+GfesxOp+jCd7jtTBJKhB0HeX1vaCVUpURbWEAt
-fuE35slQQr/c9dgwCw/JwBNdkFFT2z/73nDEN96rUK3GYs2OO8OJVMqdKb4iBUxH
-M/bZyCy4CB3+hthr4to=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test23
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+cdyq6LQoFUo5dS
-h+bsp1TvEaw5776yXg8bXkMcTO+fJGshnWYoTUk7mQwcFnYm5+dQzSLHZTh9dgR5
-5m9ZSKGfmbnSINvGuU7oo9cqEwKrCRzqj/X6MUoyaxQyDW/ft2mTXpPCGrzDaF/S
-52lsNu/rubHKKmmb4EaoVJaWHUMCAwEAAaOBljCBkzAfBgNVHSMEGDAWgBQUGys2
-ZnRLk6sxVYekMas2Y281yTAdBgNVHQ4EFgQUDEZstH+dSCRcJPrmvd6knN2jPfIw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
-ITAfgR1UZXN0MjNFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQUF
-AAOBgQB4NROaQv0DDKJDl5t44LQ0cosk4/w98WmDCkXF7RVxhFFMApnHJBOQlEPQ
-CnC/fGcChW/KnYKsDnCSAPJiq4D15SYa9EVMa1rw7wCotCVbvjfJezZrheKmMj0Z
-nxIJIutwJ6pOY3gjJRxCRNx18S1u0vhD93uN36wKM1cuWaA+8A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:1B:2B:36:66:74:4B:93:AB:31:55:87:A4:31:AB:36:63:6F:35:C9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        47:93:cd:d6:9b:31:b0:dd:6a:d8:c4:e2:5e:3a:73:cd:2b:69:
-        5c:47:1a:75:56:6b:56:1c:a4:2f:c2:66:4c:6b:a4:9a:86:53:
-        fb:26:39:3e:61:d2:14:1b:85:1e:9c:f0:1e:ac:c8:c1:73:a5:
-        c3:29:1c:c6:12:21:08:4c:4a:5a:d6:1d:21:4e:eb:7d:16:14:
-        a4:a8:18:07:2e:e9:31:ef:39:ce:f8:6e:2b:d7:09:c1:ad:be:
-        6a:c3:d8:46:24:95:12:ea:cf:2c:c6:84:50:bf:78:31:91:79:
-        35:8c:02:47:d1:11:0d:aa:55:34:22:d6:d4:a2:ac:be:b8:07:
-        60:3c
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQUGys2ZnRLk6sxVYekMas2Y281yTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQBHk83WmzGw3WrYxOJeOnPNK2lcRxp1VmtWHKQvwmZMa6SahlP7
-Jjk+YdIUG4UenPAerMjBc6XDKRzGEiEITEpa1h0hTut9FhSkqBgHLukx7znO+G4r
-1wnBrb5qw9hGJJUS6s8sxoRQv3gxkXk1jAJH0RENqlU0ItbUoqy+uAdgPA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem
new file mode 100644
index 0000000000..c15eda6bca
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 87 06 91 82 82 EA C8 C2 CF 2C 97 9F 19 BA D4 A5 3B 4A 4F 57 
+    friendlyName: Valid RFC822 nameConstraints Test23 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test23
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDH97Obgu2TXLwsB+kAldNq3ukQyHc30y36W7dtTniOxGsEMu0pAGqDCLjHvAcM
+NnebR8UQCYbwW5ooli8mhSBwbic2vrs4ox/Zm1wSePT4QlcIme4mru3mL4cDx9jK
+gaRBsa3pOtanpaT2pcK+9PK1RPJiivhLwdBdg5u8TQ50te+QJpbveTyNEP6fd2d4
+0B3ebPIGwxnAZ1OJw8V3nbH4yrGsxHebvPkTooDkTVOW3OkWG870k2m4UgQTs0bK
+Cr6nfMZLh9UHHHSqkhKPATYBUEC78qGG+dJCYmv2ufkdD5Y53WmcI7I0ox5MDBOi
+PProYl1M1eoY3Djq1G522kJpAgMBAAGjgZYwgZMwHwYDVR0jBBgwFoAUUYDN+kly
+SDztDk4Lzs4fQGUScKAwHQYDVR0OBBYEFBekOG7BL12uA/XHxR7u1gLCDUlLMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKAYDVR0RBCEw
+H4EdVGVzdDIzRUVAdGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQAD
+ggEBANk0lkglDUSef6Hd7yu/Gqplwo8xx3HVg9x/+T2pIKeK+hd+K97gt0ZEzjjw
+5ul4LabIQFLS2hpT0F1jc4tjfh4pITMW6LAUzAae2LFbHguO3nb3X7/gSP5Bm+7x
+Ppk9eZHoIDFqKKnXbzezK/GOIjnK4zr1u9xVOqFpjwjVgXdvQ1EvjydJwrwcygEX
+u9OY5AUCZ2I+cT3K10Ms+bnupLizv7HCcQuQRLBd0B55z5MtiBhwiju8qJzxoX9V
+hUmOVgSzYdLKZRPlRHzNmZoE3wi5cg+8nIZXyk/+CrZGrbN51P54RvbdDGohocln
+egEMHQLtjaba5v5XxfpHPn+wqyE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 87 06 91 82 82 EA C8 C2 CF 2C 97 9F 19 BA D4 A5 3B 4A 4F 57 
+    friendlyName: Valid RFC822 nameConstraints Test23 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82F1A219404E53A7
+
+R3BFruUHg/5j2+w+XN0/4SVJdWqtKM6U9AiTd8nmxoz99xNvQCxhyhGlcLU4Fhjn
+ED37DGduwuDNnD0xXk2KJuy5lCj0NMIbIiTTTg211ECGNet8/fYMjJ1xlnbAcdJV
+w11InQRl/hYPLkXrjQ7VJD8EiN/KdLkMRLTBVCzlHqIrwrkLWUJVXQzpMYfl9Idu
+StD0y/+dzqeGNnI2c37+bTzWwgpks3E0kor/3SxmYkl4p8bJb5TEro+24Rr/SrdW
+H08/WEtJObqdAcm6QKQXF5EQtmUk1j+2dAT6Cc5bhGpfzjE8nUbUmLzo20qv9VKs
+ff3c4f9mWBXPIF5Qvp1YYzXElHn/qiy1H0o19xSg1tiOIfqsSqnwYltyQBbrAFjZ
+WhZor+SWdUT61uwyuwOySEOS0VHKARCptex5lyPWsiyRs+pyCMd9uH64fLGg+w8U
+6qZ97C6XlfDHT19w04CrQkTSdYav8xqu2PJxKeFBmREszayXUQP33owh9bKVb3nd
+CZVPykBAZJgA5R6ajjvqHhUe3ilw2DZ+XB0QOgSf2XjK3gnpyVaygAh5nExUeCG8
+IDojFKEO7ZK6RodfWA09jeASttvwgFLhrWcNl+y5SGj+Bj3h9Ae7NrPxbDvXfID4
+JeAQ9bsAX2NdoUIJT4tt3ZLV16qoEDubDUbTeKBK/WFk7DeSBUM3TMsMpqZVhDIZ
+neKPt3W+wLQ/YywwaF/+nd2Y/g6iKFQUvK225WJBLqnww41O9EFgrJBGTJ8r2G43
+rMyjY9nHZG8Mt8gasR+0Gr60SG5ZSTv7WATFIjWacptwQYqNPG/aSivz+q+kypUV
+wq3jIJ1nD2Q6Z+JXmkJBdxrFs0OOfjpWxl6+YhPYBed4pUy2J+PtNQ5gfHcBfnZm
+1mutaMCAJeRLZ20YP7zjqUMbmPoHXqWrYOGH5fna5jjRj/ra2E+CULnlU1c6WES6
+qspypZeomFoDHA8LthhKPWQfyKZ+d3a4AbV/RWG85pEkN/Nq9dmk0We4orRi6sm9
+p87zabdO7+FacDYS8L2jLBpu7zZYUqLBIa4wkUEHKK9iuCzs4Ce6q0pX7JcQuEbX
+RkggqEXh9GpR1efuvZkr5c1CXZ9ib1mKO5fc4OctMNw0nea467biReXYXgZZ+2jZ
+Gx8zOGZS/r/DtCWu8BNdcM6flNMi/ZOcSODRGkuvQEwp/xVO8R6xAaGbR6LIzGRw
+nR7SZm/o4ua9by+Avs3A2gmfsgThOR51BOdV24y45h7JiEG8227ujkQs8RHORWu3
+gIoKZ+Q9HDfwH7v+3NaD/r9U3DzUKmcJVj/JLIIXpyMcQHUgW7o3ZzfUDqOd5igm
+dOipz8FDrjmIOz4ZvOKznC/TiPuFc4YMyjp4s3FNrhXegkHavA2OG/kIZ7IhSx0j
+ZJl9fJ+NiJwTK+OX9wQsdA3qlfV2MgvB3Sr4UFVQVeIPHcXhHSuRivzV+8cQYCNV
+PyTNVADRci2QJ7+IYZEv7gEwT2BCZTnriEEEkzxKNARlpQ/4UJY4mdP2aY+1MGaU
+YUaGIN3f80Yh2WVKR/H43lWTR2w5j5P5HU130JQ2npXCSDsSHoGz0rbGNyftAhuQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem
deleted file mode 100644
index 10308cf5ee..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMii
-1odFMCSlNLo+1reNBLAhQ3rkRllmPUUfznMkHE+tVOXNCuGNSPuCJPQNO5495PH/
-vsBZUVltMrhOpo00ibzoFrcLwaxj5Gmb8rNV/aPwDiRX8frLslhpw+QEjxMZKP8O
-bdOlItBR3dFauvxrwLz1DUUlG7aX/QoEtws/fE59AgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOq3bporCYA2Z2m1
-jdo1pYY9KXgcMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoRgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAcyB2R0h4mQZ671JhQ0r6cmPF
-iaEHtdJL+REJT8yGWiERgT/2wh65vHtCierHK8+0aJ8Wy/nJzUAWcKeGESTPVTey
-IxQg08VdFJIohXm1lvJ3hfzgHIcFPk2tXZvYSk3qYllYHt8tGCoyh4p3q4vpyTou
-HcOOTD0ogzE9KbjD3Dk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test25
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EzMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjlu9aIQ7cGou9j2L
-/SEtM4QWvsfK7siztqNkNsuSWFgr/pOI6y6+WOa6B1E+I7zZryvHOSmqtpBzPOeU
-RX19iAHjT3Rf8LeCHS75XCCtVUJJJ2+pJn8hON1vHSQGgHzD+kOPIOwj0ihYD1f9
-xUMHM6MiPsEODMVFGitWAPl6P88CAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBTqt26a
-KwmANmdptY3aNaWGPSl4HDAdBgNVHQ4EFgQU/PF5qIYkniJoxi4J3d64bj3SNwUw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
-LDAqgShUZXN0MjVFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
-CSqGSIb3DQEBBQUAA4GBAEwywYR5b8qm30lTjdBl+YvBheITfKcGdkhFRgdAZ/qg
-IfBhWHt3xf8SXXLMoEk9jhuyJ9JGSLY6psPYhDhkqswRkPhJgx5yOc2D05JI0CEU
-RSr9LZE439pCWHI/qFp5e0mvQEJthMvapGETXniDUlnihFlzS0Wv7pzlG9JbHmz+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EA:B7:6E:9A:2B:09:80:36:67:69:B5:8D:DA:35:A5:86:3D:29:78:1C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6d:0a:0a:c4:67:91:af:de:5d:89:9f:fc:df:e2:7a:7a:52:
-        3e:4d:ec:50:b9:46:83:3a:7d:2d:9b:5d:84:8b:6d:ba:bf:4b:
-        41:74:e3:3b:c1:90:73:a2:83:02:4f:e4:04:b8:b9:7a:70:7b:
-        0c:bc:59:f7:db:83:93:00:87:98:53:43:a2:71:d5:2f:d0:fe:
-        2f:c2:46:55:d5:64:54:01:90:72:4f:a2:37:dd:88:b8:3b:63:
-        24:df:d3:ed:7e:6d:da:2f:57:9b:cc:d7:96:67:48:7e:a5:b0:
-        6d:cb:c9:5e:e9:78:58:c6:be:f0:cc:b1:16:e3:4a:57:45:86:
-        90:12
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EzFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTqt26aKwmANmdptY3aNaWGPSl4HDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCMbQoKxGeRr95diZ/83+J6elI+TexQuUaDOn0tm12Ei226v0tB
-dOM7wZBzooMCT+QEuLl6cHsMvFn324OTAIeYU0OicdUv0P4vwkZV1WRUAZByT6I3
-3Yi4O2Mk39Ptfm3aL1ebzNeWZ0h+pbBty8le6XhYxr7wzLEW40pXRYaQEg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem
new file mode 100644
index 0000000000..cbd0c58a71
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 88 BB CB FD 18 80 A8 9D 52 3A 36 D5 FD A2 DF 9A 0C AF 02 29 
+    friendlyName: Valid RFC822 nameConstraints Test25 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test25
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTMwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQD14E0HjPDPTkFDMDJGgWqJtdxDgR9z+/bmgopcNwzghAjljVUrFEJ/WIiwcqty
+QonLqNdWtdXrI/0ZuAEhEohgCTIv6xqlhVmryx8w+J1N3Bg+fTlhymbihunTV7BG
+8iGjnecbPaMJ0H5Evgi1XBruq9ALU5UHsujvPcRnlJPToOe5K1RSdDK2trDPfxMV
+zapzN/pIPSnuZvjPiF1TaRI5fEd8yNYhyIoDYU+W4ZCbqOhTmBUGnKde1dNWtMhH
+fFLGWgbbTt94ZK1oHAHAojeWL/bC4WZn7xKYvf4loyiUUPvL9Z5LL7cFJfH/ww1/
+N7ZzlE2Uln8y2vJyg336IE5lAgMBAAGjgaEwgZ4wHwYDVR0jBBgwFoAUmro5Tdoh
+da/qQcM8bFHYqEWpf6MwHQYDVR0OBBYEFCSLs+Nanik16QFtO2bqOxm18KTbMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwMwYDVR0RBCww
+KoEoVGVzdDI1RUVAbWFpbHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkq
+hkiG9w0BAQsFAAOCAQEAXCL3x2CoR+4+uBv3/rjM7X1cWiSc89+ydAsWHOVgHpI2
+nnxYPijuJTyiINCNQCZ2xReOMbd4IkhnaKt81hThsHlulDhBc7j9d29RfkA3KUDj
+QpIWZaBJHhe1668ETpOw/CHBPGfmPb7GhCfL9wZxeqqTytfgBhXHVd+W+ZOlGUPk
+8Ag1yGqnl0gmKXycSTR5uAAQvzwEz9QM2ZOMWF4N7WVEZMzm1mtZyWlI0MOzEEed
+A0j4FLWEkNh+6wf/wQNpDKNSipLnRXqE78IhKqBG9cR8+PDIjexXNCSZ/FvgU0k4
+PrbtJlt1IBitxYNFyXkq5W4p9jeG9li0wTktImmm3A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 BB CB FD 18 80 A8 9D 52 3A 36 D5 FD A2 DF 9A 0C AF 02 29 
+    friendlyName: Valid RFC822 nameConstraints Test25 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E966F48CB3EA6A19
+
+qsOLayseOi+mrut/xPkTJnpBQxljMYMFBYwJyELQ9UcApYfUXk356Qurl75iUtf0
+zAX+fUA5o4E/Br7kuve26KiSdE/GfGHsaQM2PYgGMyp4paJ/Wzr5LX/9CFgRb19O
+/9+52zUGto9/QPxGXWsmVqveMLIEQaNkXzLOGtb9QANlzf+lM+IAC9UjYJFVVQQ+
+8ces3QEZ/WwjRWV6ViX+keFnhEQiYZ21rtkkP0Ofo5ddNzrySU/oF9DfvFeiuKv8
+dKLbsYmj2pP8Cw+R47k88dskVxmdv8QkfBqothHAuN7KmV1VUeVDO1FxzgWJVyYI
+WCdBzJcgNJCmNgcSMsDCZ9KG8lsjJ0Iw1CMih7WjqsxPk7UwnKiXjN/r8ac4xApi
+PckwSl6/HiBuwrQkYU56JHJTtjQ7qudIdsxrzquRmNS90Zu19H5WH1YlNLdUgxCE
+Y8lMACZTBm1NCcYlkKDXTflcskDj/+BssECjCQx8fSiH1Uao7jarbqWLRujw0yQX
+d7/qTp2B6q+ptgvNjPr3nThZiZ67Mm5SXrpMcnZmstIw/ZjKuvIA1Vap65u3YGR1
+c/wo3tY2Br3ZN+bSo/CZpwbo9r+PVdWXG1xnjMqbVhfX9ASzGMpL/vDhz7YH12az
+ER1MMAr2fj2O41mnfeFw2V50aUtj4v5CZCvdXv4+jNjkLV3VQPaNmVqT18Lvr4vg
+fC/oXKsa5FNm+5IN9Hdd+GDZgGDHuvavfVhF1BwUhlH96A/7ZUFFzIV/ztftLY4P
+tigYL2XhxIkdCLhgz+lEkK4lm6E95JXDSwsQkHw7USqm9C3ARktNLW+HdL/ccoV2
+wzoWr9WQ91TKvAToE8W0TlW2OCneQUyXxMLI06dp9OyB9e021B32prB3D2gNlc6m
+BBf6ZWGtUSts8ZfXStgwj9ZVUhHRA6Aax07EY7fiUNHsPEm1iTOsiNm9zaunL2N4
+yBiN85xoFxYqyuRJP87jXRghCr2z66gxY1ShqCWPKRm9rZxlQpjgCS0lfLl9u42W
+5Lie5fgQmIHDiXZsrV39QHisendf0MmazW7SCU0Qwb/ZMLipviDvkdzG3R4qmieY
+fEAkzhJQlG67ULT/NYWf4h06un+BywOipUYDTUBZE5M9HPhfMvso3eW40D9NhaSI
+2BG8shP1/LKn1tvUqTHsrIXCa+D0Ir5yKDxoYt8MTrowNCcF1JpOa9Not7PsSebM
+1VtvBj1rWmuSKlRxWxS26eEbhg8N9i5Wnt9i8GiysGgpxlYD3UsTFuZKpCJyt5P2
+h7y9MfXR7ePZssUwL6ioqT+m3G74ZxUD/aLx93pRweze0gkHd91qcsz5TkB4K5Hz
+l/yyGp61nDPsvBLa+1BH/a4jERlzDx6LA3BbPeciZXBPurhVx5AyRpNmwDFOx5+H
+D4sfInJEZvRKRQiz3JlonipdNic9+JTzxufcD4g3CdAOAB8R2hf4/uvTqYa0agqW
+GrNftdaPnzYt7WM5JdOUkNNwHFfE/PiziacuMz5PWdi2VNjj7VH3g3/2HVqWwRzp
+MQTGF3gePbYZdekHCSGWNe0fgaH+DYsOzR98qbK7Cr/BMurlXyQcKE59NGu2UIZA
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem
deleted file mode 100644
index 4ac8a81b17..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem
+++ /dev/null
@@ -1,264 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YnN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFowZDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xpY3kgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMtxfTwK
-0K+ya1KGbTjYgKKhZIQ/LGTa7Dspd7Z5tOgMptNRXcZxWTMotzRgl1ndDpQ6VREk
-JM/VBmbP67g0jwIe2n0QcTFkThPANsyPkdUBXahvmC0VEeIMHnflvqjN4vfK9guc
-6nG0XfBZ4/Jlx6SFvgoO6wm6XNtrMl32qwUjAgMBAAGjUjBQMB8GA1UdIwQYMBaA
-FJTXd8VxKtTTGW/0USC22qwIMuOvMB0GA1UdDgQWBBRUf4tLtvX7PjlUltzRvRgg
-phdo6DAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAnReGZHvu3NJz
-B3B+qMmyfqUmW5eMxNjHymhuRDw3NXTmT7SNUL8O/NC76haxw/5HDE7rVuvGSPl1
-qhciDJOmTF1o09zDDjDM3tlXUvqC2Natm/Xew1+Hy4hfzY90CmlUuUGpKpzQ7SYt
-mHl+zz1o+9Y1jZSK4yDs5xcPnisoUjQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGnJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-UTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSYwJAYD
-VQQDEx1yZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAvWfbIMg2LdPn/geH8Jo29/G6XSDCQm/MPINuucCdUSjA
-PBSponYKGMQNY//7KhwbVj2hQlgl8U6gw0rvIml4YaZmR3SPUXl2O0BXiiFQX0Qi
-bJ7NRaPcgrg04Fl+W19wk2Q2qGBrc1rMCDSG7ZBzwqtJssJpgkb4GSnoGr9FEKEC
-AwEAAaN8MHowHwYDVR0jBBgwFoAU8+kmmZYGhsTVonvsubClbjYNFUUwHQYDVR0O
-BBYEFKNDYb56GPOuZdF0vMDzMPzWBjqUMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCX5vf2fqbgsOCFDqP5acUsKiSiuP31Oj/Fy1e0Y1LBph3ZtxRTkqZGIUI1
-imjbT64NLWvt2MMmfeHOlEU/fSRxevhRT+yRUmfaJuw9NBepK1oxpRtJ5tu5cr7E
-WyJMT/zv3wRloA23Feldchzxg6rqsM1LybyAtXXo67sc/EUxdQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBKjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMacmVxdWlyZUV4
-cGxpY2l0UG9saWN5MTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyF
-/T/s9w6HU3LcURfJCjhjrP4PxbYbTP/c4wcq8vtx+8gb8P6jkdDvpJms19NcshfK
-DnR2b+cp6PfbAWx31AqcF2ynuU/C06PG/GQvNUhC69RziLxcHSMkThbnbN86ccr6
-d1WWb3Mxlkmtc7AhKHmORoz/Kd0b2Poi7L91o7+VAgMBAAGjgY4wgYswHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPPpJpmWBobE1aJ7
-7LmwpW42DRVFMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEKMA0GCSqGSIb3DQEB
-BQUAA4GBAC0Pv/aS8/3mmgB+R0A7UTvUGedE/M+DOOM5G8+dwZHjApQbuHYZjwQo
-Yrf6759MH9wKAYOcaJTgFJWFJuwjBJuWQuiglk8tcKmufVqHgRlCsrKtz312inHV
-NfxuGrViA3gp1Tr1fiXjG0gcgyT4QEnripDTLKvpHbOtMWZB6hSS
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSkw
-JwYDVQQDEyByZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJzdWJDQTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAqwkZLQpMq2d0v1R/PA5wl+lyQlnehOszQk2U
-0zfHPGI4vJ1TIZZXYpOjVyfodG1wdwO3RCHLzguwsbk12RVNTls+kF2Wu3LtLtMi
-GSKx/imJiKw+ARw6sqBHmrNE9L/1C/e9rb+Su1kZ6WrtOfSAG8EpySytu9zTbGJF
-1YbZT3cCAwEAAaN8MHowHwYDVR0jBBgwFoAUo0NhvnoY865l0XS8wPMw/NYGOpQw
-HQYDVR0OBBYEFG1oMf35X1L5+y7aRMLPezaZ2P8pMA4GA1UdDwEB/wQEAwIBBjAX
-BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQUFAAOBgQAbOLTRc1DEC+iOWixska5o4gEOfAPSHWymjRYit+VYE3JdjrP9
-2hbIGQSrLlK8QQ0+9VkNsfncjCydV7J6Q3c1rPNCvd6dlfAzy9DfnXADu/vZuxBs
-pJ3B4EuSv23hMHzjoNnv/iGUnzkrLGfMPPYlB9t8jrbySU1lYX8FcD6YCw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowVzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MSwwKgYDVQQDEyNyZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJzdWJzdWJDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuj3CUHlGX/JYo4Qsdmbzns192OxE
-IC1a8Yc7HhN9/IeStb9BATFCI4MyFiHofxoFG+oPzs4nRkOqmOju0VXYhfu+01j4
-LTKp2iwNleLbIe5CZ/PWasj9ixJfWeMe19fszNKvtnBmn+rCIqimOKmKPh7FIMgk
-IImKUwZ2gV41wHkCAwEAAaN8MHowHwYDVR0jBBgwFoAUbWgx/flfUvn7LtpEws97
-NpnY/ykwHQYDVR0OBBYEFJTXd8VxKtTTGW/0USC22qwIMuOvMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCQJ4CoH8d7JguvuXoxhetUWQz+kj/kW1kbW/vjxhHE
-Ux4rnRd8TUhpocdkzp9xRLF8BvZFw4HwwFbys4rENFq/VpPzIFqIW59j1bvSQzjN
-GWZp1MtaQuhSGtzwc4dfCl/1ozQVVkcjpT7n9iZ2JMYNGKLSmmuFMMLGoViVq0vo
-mw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:E9:26:99:96:06:86:C4:D5:A2:7B:EC:B9:B0:A5:6E:36:0D:15:45
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:82:73:e1:99:5d:9f:9c:27:57:43:f6:74:10:b4:76:e1:d6:
-        bf:9a:de:84:8f:9b:0e:a6:ba:9a:98:06:fa:ff:c2:a5:a4:cd:
-        5f:b9:8d:4b:e1:67:e6:b3:e3:2e:5b:ea:e4:d9:9c:06:42:c0:
-        96:81:40:e2:99:32:24:c2:7b:d1:47:2d:32:42:c9:7c:cd:09:
-        aa:c8:1b:bc:a4:d8:fe:6d:8c:52:79:d5:81:70:89:78:b1:1e:
-        11:2e:13:69:45:28:55:66:43:1d:61:40:fc:1a:78:ea:23:98:
-        44:66:df:15:8e:d1:d5:f9:82:7a:d2:2e:ad:36:8a:03:ff:04:
-        8e:09
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGnJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTz6SaZlgaGxNWie+y5sKVuNg0VRTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAMgnPhmV2fnCdXQ/Z0ELR24da/mt6Ej5sOprqamAb6/8KlpM1f
-uY1L4Wfms+MuW+rk2ZwGQsCWgUDimTIkwnvRRy0yQsl8zQmqyBu8pNj+bYxSedWB
-cIl4sR4RLhNpRShVZkMdYUD8GnjqI5hEZt8VjtHV+YJ60i6tNooD/wSOCQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:43:61:BE:7A:18:F3:AE:65:D1:74:BC:C0:F3:30:FC:D6:06:3A:94
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1e:e5:78:df:47:b6:e0:42:9d:78:6f:f5:38:37:a6:fb:e9:8b:
-        00:16:34:fe:da:ae:70:4c:b6:b2:3d:53:7c:ef:58:24:b8:87:
-        a5:c0:ca:7c:fd:aa:8d:ba:2e:76:fd:c0:9a:f3:b9:70:a8:43:
-        13:41:22:1b:51:ff:00:20:32:ae:ab:6d:44:ec:b8:7d:4e:4b:
-        d5:86:83:ea:98:64:cf:0f:dc:f5:2d:52:ee:20:98:a9:49:ad:
-        06:b6:39:4c:d5:1a:94:a5:22:4e:ad:b5:ad:14:64:49:e5:6e:
-        aa:63:9b:36:28:9f:5f:dc:c1:03:7e:7e:c2:ee:48:63:19:7a:
-        04:f4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSjQ2G+ehjzrmXRdLzA8zD81gY6lDAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAe5XjfR7bgQp14b/U4N6b76YsAFjT+2q5wTLayPVN871gk
-uIelwMp8/aqNui52/cCa87lwqEMTQSIbUf8AIDKuq21E7Lh9TkvVhoPqmGTPD9z1
-LVLuIJipSa0GtjlM1RqUpSJOrbWtFGRJ5W6qY5s2KJ9f3MEDfn7C7khjGXoE9A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6D:68:31:FD:F9:5F:52:F9:FB:2E:DA:44:C2:CF:7B:36:99:D8:FF:29
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        58:cb:cd:7e:81:ea:55:5b:85:7d:b1:7b:ae:0c:70:90:82:81:
-        aa:5f:e4:5b:99:72:8c:22:bc:2a:ae:3f:d7:0f:94:cc:02:b6:
-        0f:c3:e9:ab:c2:8b:c1:68:0f:12:ca:f0:7c:1e:31:21:7d:38:
-        5e:2c:0e:9f:af:89:48:e1:2a:1f:12:e6:2a:b6:59:98:dd:d0:
-        ba:1e:06:b1:c9:85:b8:75:f8:a9:da:e9:25:6c:e4:9c:6a:92:
-        29:d7:59:fb:f1:80:c4:4c:43:f6:79:5b:60:a7:36:cc:64:22:
-        5f:f7:d8:8e:ba:1c:a3:59:d2:fe:1d:8d:5c:40:8f:0d:2d:ee:
-        11:4d
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBRtaDH9+V9S+fsu2kTCz3s2mdj/KTAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQBYy81+gepVW4V9sXuuDHCQgoGqX+RbmXKMIrwqrj/X
-D5TMArYPw+mrwovBaA8SyvB8HjEhfTheLA6fr4lI4SofEuYqtlmY3dC6HgaxyYW4
-dfip2uklbOScapIp11n78YDETEP2eVtgpzbMZCJf99iOuhyjWdL+HY1cQI8NLe4R
-TQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:D7:77:C5:71:2A:D4:D3:19:6F:F4:51:20:B6:DA:AC:08:32:E3:AF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8e:42:22:a8:c7:94:5a:d3:72:4c:98:eb:58:30:58:63:41:cf:
-        da:f9:9e:f5:6f:3b:4e:30:17:92:8b:a8:30:bc:cb:ac:2d:94:
-        b1:62:ef:b9:69:3e:30:15:01:d4:32:ff:f4:86:c5:5d:8d:41:
-        46:39:52:a0:df:74:e5:35:c4:e6:08:06:58:94:ba:d1:7e:08:
-        e4:66:e1:65:8d:15:23:3c:e6:de:61:4e:71:5e:5d:24:03:bd:
-        52:ff:85:a9:ea:7a:63:37:e5:c0:e6:78:4a:71:45:32:18:c7:
-        7d:2b:90:16:bb:f9:35:cd:a2:ab:c3:8e:c9:db:6e:7e:62:94:
-        6b:ad
------BEGIN X509 CRL-----
-MIIBUDCBugIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YnN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-oC8wLTAfBgNVHSMEGDAWgBSU13fFcSrU0xlv9FEgttqsCDLjrzAKBgNVHRQEAwIB
-ATANBgkqhkiG9w0BAQUFAAOBgQCOQiKox5Ra03JMmOtYMFhjQc/a+Z71bztOMBeS
-i6gwvMusLZSxYu+5aT4wFQHUMv/0hsVdjUFGOVKg33TlNcTmCAZYlLrRfgjkZuFl
-jRUjPObeYU5xXl0kA71S/4Wp6npjN+XA5nhKcUUyGMd9K5AWu/k1zaKrw47J225+
-YpRrrQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem
deleted file mode 100644
index 40479f9470..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOTA3BgNVBAMTMFZhbGlkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo5atW4GH
-rxxchJEUckmfckvxY4c4sEEgPZIouuIcHeQAIjEjMhCqHNWrA7WiQLldqLSridIm
-FWVRxn9/wlv3oMMbBlf6xFLjr24zYTePsIFWBk5ZPbMBKcl7XqfeuF4jJ/vh0lj/
-Bi9W9Imt5ZvJu0EHSkQzm+NNis/Tgd4aWRUCAwEAAaNSMFAwHwYDVR0jBBgwFoAU
-PqkwZi+ntCWIhGfJrZiTFfiWzsUwHQYDVR0OBBYEFDLXXehvdjv0hNKAOrzbFme1
-lGWtMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQBmbv/fgwsL3SAO
-6F4RmXOfTQTewhDfMQDEbwUJOfg7D09LIcIupI+cYY7iqjUq+gUeiAlMlL91ITlp
-oiKGUliex+bhygei8kSfmwT+l09yz3EPxCfdjY1k88ni+TedHBkoK0p7Q/uFG4DP
-Qk7DgGZ57nrx9maK4io59a/VTPM65A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKzDYQYB3gcpzJVllE1FhnwJXEpyKjubhg5P3MDpRW9YRYSs
-W1O2TYeX633IhRRS8rsJW22Yzp4tN9M6cXqBTHB2+nwHtREHSxeSei31AnAu+2n1
-Q+XNJ9W5DLbdahLtURESEnEQSyViFMMYQjm7rxvORc/D9OIa4u+tx1ESGOGDAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFNXihi3xK2gXnA9evyu4ZpmeQxu6MB0GA1UdDgQW
-BBSVhouRNrt6b+KEFZDvRY4BJxZruDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAB/OvefFEki9VuKt6EwjvNLjvjT1581w8qKpdHgDrYthrMm3JIULpn5zaRqyQ
-KIT8uu40HzKHagNpfdHQ1HNuEQ9qwIAQvtqmtJxqIR+kdeKXw78cN+TJzqaHuZu5
-VTidhmlVHaY/50quu7qqGiIQR4bcYrb4vY+adBBgrpcvUCM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBKzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlU17
-mwFm/6Yf08lbJU8q1FquMr1IaWlav4Qh1/UUFR3cRicBZZvQNTpxTcn1jmaSj8xK
-Gm9pUmbmbJBqiDYX5p1IwR1nmsyXxnaYD3SYadHlmb2emlzu1Dg3l6eKvaNh6h3a
-F0XDS/S+GtadjpVmuWdMIiWWrEVIFfGAL2VFaeUCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU1eKGLfEraBecD16/
-K7hmmZ5DG7owDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQUwDQYJKoZIhvcNAQEF
-BQADgYEAjjGl1NeCLiMI9MFNgftmCe1ehHkE+Qr4TSJQfw9qZ5p0SRd2aOxq7km6
-ZwhF/E+wsS1CEwLRWaK7LqCmFx+XacoXjJi2XP5UjctH1tKyJx2YBhYrfzNkECJl
-u3KBUohmTd/aICG6oVE5ErcFFE/evv7LioMT94kub91V18EDgCw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANALzpI6Vb5grPqiSrzcOrNfPZ5pbbC4jjs89zo1
-RRGcMLQQt5wPHu1OKE6g2WXvikA0ompVqxKG7qeu/bTIcpm3CHowhRigOk/VJkCV
-Zyv9tdLzlWoiW2elI0uJ4BXsW8oU4sTxlx1/QlJbERwv1BwL5BQD3l02LP4vueE/
-U8HpAgMBAAGjfDB6MB8GA1UdIwQYMBaAFJWGi5E2u3pv4oQVkO9FjgEnFmu4MB0G
-A1UdDgQWBBQK52IWqA5PL7e4PyfIo6lfe0ZrpzAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAmbgnzwSut1UU/jNuzF9ZK+x79DmpTDAv12ASnAPUvZJ8RTQBxYlL
-C/B0gYZsqUnyaEoZAsrSYktMdA2qDedWGFB94d+LVbpHNoNvxQl+0qMTTLh+gO4V
-JIrQ5hj2npLdDHKNi6a91lO83NqsyuITezJ0Nuhbvf9KuApxz069EO8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALw7Jg17lRmWU52pn7qaLPiV7eLBCvpx
-S7uekBx+WtzvAVxUF+iI8whshUqsC4XzNHTs6BvS4QRwpixRMMMWwH/67kGAEADq
-lVYewPK7aMHMdDfCggIukUpy1DVR3KOc7rnVZ2tGKBbCFhAxPMXBgkketIAVJ1V4
-+3nRS/QGSxF9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFArnYhaoDk8vt7g/J8ijqV97
-RmunMB0GA1UdDgQWBBQ+qTBmL6e0JYiEZ8mtmJMV+JbOxTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEArpriBQ3ArOVFh+HujQ+8cIihYFG5ri+SairjawVwbUb4
-HatEUky9Nh9YAxGn1YGdBpintIpQU/0WljldKXxvH2yn6hMCNV5ql4hhorP2YfWL
-8+S80IboVToDPKsEdzeAxs5Xeh3BY9DgJPY9RmDgJcXqb6I+1P2+3GIxGDpF/jM=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:E2:86:2D:F1:2B:68:17:9C:0F:5E:BF:2B:B8:66:99:9E:43:1B:BA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:06:95:6e:49:2d:7e:9f:9f:7d:d6:0e:3c:b0:73:4d:2a:d8:
-        1d:86:f7:2f:61:f5:39:80:c7:b4:e6:3b:8c:90:1c:11:6c:0f:
-        fd:9b:c3:52:b9:aa:2e:bb:8e:25:b9:f6:75:b7:1a:2c:fc:45:
-        81:54:f6:49:69:e2:78:ef:25:d2:cb:1b:7e:f8:7b:96:d9:37:
-        ba:f4:66:8f:e1:e7:56:96:ef:76:bd:4c:94:0e:fd:a8:35:16:
-        d1:2a:69:28:29:96:18:8b:a5:af:04:00:bc:d9:42:ff:ea:32:
-        35:9b:3d:57:da:9e:a1:d5:e4:3e:e4:4f:4b:8f:5a:48:47:73:
-        38:5d
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFNXihi3xK2gXnA9evyu4ZpmeQxu6MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBADIGlW5JLX6fn33WDjywc00q2B2G9y9h9TmAx7TmO4yQHBFsD/2b
-w1K5qi67jiW59nW3Giz8RYFU9klp4njvJdLLG374e5bZN7r0Zo/h51aW73a9TJQO
-/ag1FtEqaSgplhiLpa8EALzZQv/qMjWbPVfanqHV5D7kT0uPWkhHczhd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:95:86:8B:91:36:BB:7A:6F:E2:84:15:90:EF:45:8E:01:27:16:6B:B8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:84:54:e4:77:a5:7d:03:3d:7c:d0:a6:ea:6b:70:82:11:10:
-        1b:9a:85:8c:ae:3d:8a:06:a3:2b:cc:a7:77:0c:be:7a:02:bc:
-        2f:13:07:ff:83:e6:f6:7a:99:1e:a1:af:12:06:c5:ce:1b:f3:
-        76:77:bc:ef:ef:a2:cb:96:36:3b:fd:b0:ce:5c:ae:30:af:9f:
-        ba:e7:16:e8:f2:66:74:82:6e:75:91:90:b1:59:a9:9e:8b:41:
-        37:42:0f:1b:a8:4e:73:31:e1:b1:53:fb:8a:3d:ee:d3:e4:77:
-        a8:f8:ea:ea:21:f5:c5:be:1d:b5:e3:79:27:de:c3:d5:45:b0:
-        87:24
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFJWGi5E2u3pv4oQVkO9FjgEnFmu4MAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHOEVOR3pX0DPXzQpuprcIIREBuahYyuPYoGoyvMp3cMvnoC
-vC8TB/+D5vZ6mR6hrxIGxc4b83Z3vO/vosuWNjv9sM5crjCvn7rnFujyZnSCbnWR
-kLFZqZ6LQTdCDxuoTnMx4bFT+4o97tPkd6j46uoh9cW+HbXjeSfew9VFsIck
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0A:E7:62:16:A8:0E:4F:2F:B7:B8:3F:27:C8:A3:A9:5F:7B:46:6B:A7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        16:15:3e:47:cd:ae:b2:4b:8b:30:d4:ee:c4:1e:2a:d5:84:bc:
-        ca:b1:2b:a9:d3:37:be:f6:11:d1:1f:60:04:41:72:df:ca:d5:
-        0b:74:5a:e8:a7:bd:32:25:cb:e8:e4:6d:c7:be:25:c3:63:9c:
-        43:66:14:4a:0e:f7:ea:e1:83:a4:bf:5e:70:7b:a3:b7:12:c9:
-        36:fc:99:85:58:0e:66:d2:a0:41:6e:a8:07:2e:f7:45:36:fe:
-        71:3e:c4:7a:88:e2:0b:c2:c9:dd:30:81:b9:44:48:2a:1d:07:
-        5a:cc:e1:49:9a:04:a6:5b:c4:6c:2a:f0:3f:8f:3b:04:ea:5d:
-        ab:70
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFArnYhaoDk8vt7g/J8ijqV97RmunMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBABYVPkfNrrJLizDU7sQeKtWEvMqxK6nTN772EdEfYARB
-ct/K1Qt0WuinvTIly+jkbce+JcNjnENmFEoO9+rhg6S/XnB7o7cSyTb8mYVYDmbS
-oEFuqAcu90U2/nE+xHqI4gvCyd0wgblESCodB1rM4UmaBKZbxGwq8D+POwTqXatw
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:A9:30:66:2F:A7:B4:25:88:84:67:C9:AD:98:93:15:F8:96:CE:C5
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0a:d7:14:66:2d:1d:2e:49:9d:35:99:54:76:ee:50:80:e2:37:
-        c3:d5:6a:64:02:f2:b2:12:d6:97:8c:a5:75:e0:a9:9e:3b:46:
-        ca:ce:31:b9:53:fe:fb:99:15:9b:7b:35:68:5c:9a:60:a0:da:
-        a9:2d:d8:1e:b8:89:61:89:01:1b:e4:40:76:fa:b9:62:cf:fe:
-        87:6c:95:9e:da:19:db:4c:bd:3e:f1:25:57:3b:d3:ab:94:7b:
-        de:5a:ff:55:63:fe:49:ad:3b:45:92:c3:ba:49:79:45:89:3d:
-        70:75:a9:53:1f:95:d6:c2:11:46:43:76:41:c0:02:49:23:d0:
-        ef:bc
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFD6pMGYvp7QliIRnya2YkxX4ls7FMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAArXFGYtHS5JnTWZVHbuUIDiN8PVamQC8rIS1peM
-pXXgqZ47RsrOMblT/vuZFZt7NWhcmmCg2qkt2B64iWGJARvkQHb6uWLP/odslZ7a
-GdtMvT7xJVc706uUe95a/1Vj/kmtO0WSw7pJeUWJPXB1qVMfldbCEUZDdkHAAkkj
-0O+8
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem
deleted file mode 100644
index 96f230af53..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALoSt6pV4IRQVJ5TV99GOGi3yhBt0wvylEs6VYZL0D677yoV
-AIY3CQWXG27SKUYB8SQ1XC+a1sO4M5Q25mdWLXIN+TUmlNJW4BzLGh6B63bGDSnK
-FG+aVvh8ZvHloIu61d5gw3FokPmBeS0NF6XVBsbJMiLn7TdWeSFqYYTw+awhAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFHdqs2T1sexRei1lhv8CGH4LSo4nMB0GA1UdDgQW
-BBQHH/BwA0diipbRgYmqAFSJ+JxtKTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEADvf91AyVaeC72JRsi71sKWf3f71NGoRSjxBnKh8VS/G0fIQElDmHHe01TZ3W
-t2zRBZROqLoG10YCxSheQdd0gE0yoqTdcc9l3kr0ZMhgfM4mRPYNL6kma3azT78F
-OqMJAUrnjjMYruGcLm7MLp3Lq2/7NjAN5q3ffuSrtwUwLHY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvEVs
-LML3To+EEs99KIoLdE98+LzQkf1wQzrLhuqlF6UH8BJvupeClmchb4TFyXh3mkhT
-/DsdlWlScKGl1KiqKyXIrb5x0AebEDEHylhNhUgn7O/zU7WyuGDE4SU0QNR2T/C0
-mOEbjV9WR06GcmbMCp1GUY7zmfThFrZP2Cfj2PMCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUd2qzZPWx7FF6LWWG
-/wIYfgtKjicwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcNAQEF
-BQADgYEAWoBbngBiHa90n2Kdb0iXazi7wmnvtPZxJ2xLA/Ubv9qPzFUwoUM/Ikm8
-6o8sI8TYNuCwwni3ZrQwCfagtNsOeUXp0O86mLIVH7jr9YS2nBtuZdXAnL3lZW5r
-VHXxf0Fnmk+Nx3Frxf7tJfZVGGLCJCabwObF9o6Bgya4GP0FL20=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMJOPDBu3Iqmav4DjiTzIKi6FmFd6HGBsW+dDPbs
-l6jZbrkDavBUtuqC5RMVJKvOyWY7GYIsUdgoSOJ2YHl38HO6nXhq3OFO8v0r0kU3
-SRPPM7vpiPYf3eMZm5Z77GT5XuGNUPSkepAfxaN1IEAqFoePT7wsGa9Zg77WcLUd
-nEw3AgMBAAGjfDB6MB8GA1UdIwQYMBaAFAcf8HADR2KKltGBiaoAVIn4nG0pMB0G
-A1UdDgQWBBSwQkkzaPMCKs1UIV3mYuFwzqUjQDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEADXoLz5MBvHFKs5z47OgavmZKJQp+vIcDSOu4QUlIZgmIWcbcI7g9
-GKG0SIg5gXZhwoH3OXx3g5miGPzOi9iFtdkZXAZPX9JHsISpHfB9VcZYTfmW1T49
-ZrnCugvmdUnDLBitS9MKHkyU7zL/ACtlXB82SFbiCS1R8bEfU4Oozf4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANk012Iq+sazBXGTgqICIE0GnFvathib
-YlOHsK/Iop6+DNGleJoAH6bqvS2ZWtkkIKE7WU3nfDUjMVp3IJyr8WDesDKvSJyg
-zy3y0e+XuMv3QtyFXxESXxHmY62UaILPgE9XMgcyAhOnVU4mQe7ScJDAcUeLgjcZ
-fQdBnGGCT/LVAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLBCSTNo8wIqzVQhXeZi4XDO
-pSNAMB0GA1UdDgQWBBRZ1+jibtd5cIJhiBzPFFLktwdJKjAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEArZnuuewqU0IgdJEU6osnzsuX6E6A4igNSK1ZYUKmhRvn
-eyfrU5kHavTwnM+h7SkVB73S2w+OqHUGin2xIu92RcWzN7NV+oLWldhnYtalSyh1
-KiuKC41mAZweQv1Mrz/+5lIQDOUOtV2JXOjaA+T/JR/qFLo0MoqC+mBxk/w5eDg=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOTA3BgNVBAMTMFZhbGlkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvs6xd2Lv
-4717eCUDGaJKN9HVbjqiBoJd9K18OP5hoJ/iyWNR7u1l+p4xbQNdi8iU8UV1hBrD
-RI2jahY2p/rgx+REkxcyhWXFc0qP5hMqbjUD9IuMyhUrwtSut0la+L/lbKuag7Ry
-pWlMe0FQUjnGev5zpdXCY4U9y2a+7jYuOOsCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-Wdfo4m7XeXCCYYgczxRS5LcHSSowHQYDVR0OBBYEFEEjHrhpuHHNWtHozi2HzhxK
-KgmLMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
-KoZIhvcNAQEFBQADgYEAVpfKjsWKyLdcOfar1+Ejc9eyGUzMXt7F1xXSqdnls/Z7
-RuG7jkY1lvUm1vHhVb2yP/OdC+rwwmx4cjxUAm0dNrE82qZNiRqgaaVO3llJD9zt
-AD5gAi0nJqUdJ7H1b3X6Jt9VGTNlc+0ZAEHnaSID1Ym2pa1433XgPPi1/YflkwE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:77:6A:B3:64:F5:B1:EC:51:7A:2D:65:86:FF:02:18:7E:0B:4A:8E:27
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:78:0f:04:94:97:f9:ad:b6:17:8e:65:dd:6d:ec:65:bb:73:
-        37:9a:1d:66:51:d7:97:b6:31:fb:62:a4:4a:21:3b:20:97:7a:
-        4d:aa:ce:d2:95:f7:36:65:77:51:e8:d5:81:0a:b7:62:af:76:
-        38:b7:77:72:2c:90:0b:8a:7c:31:58:cf:c6:1d:da:24:65:ef:
-        06:7e:d7:21:96:a1:f2:62:dc:5d:fa:10:37:01:99:7b:14:34:
-        a8:cd:47:a4:cb:5e:ff:0e:b4:58:69:1f:70:f7:3b:2e:7c:77:
-        b4:33:82:7d:18:54:da:f3:5d:dc:5f:a1:1a:96:f6:d9:0b:ca:
-        9b:a0
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHdqs2T1sexRei1lhv8CGH4LSo4nMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJ14DwSUl/mttheOZd1t7GW7czeaHWZR15e2MftipEohOyCXek2q
-ztKV9zZld1Ho1YEKt2Kvdji3d3IskAuKfDFYz8Yd2iRl7wZ+1yGWofJi3F36EDcB
-mXsUNKjNR6TLXv8OtFhpH3D3Oy58d7Qzgn0YVNrzXdxfoRqW9tkLypug
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:07:1F:F0:70:03:47:62:8A:96:D1:81:89:AA:00:54:89:F8:9C:6D:29
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:a5:df:f8:70:c7:9c:d9:f2:4e:c9:42:63:48:cc:17:87:29:
-        fb:99:c0:2a:11:8b:ce:ce:45:31:58:41:32:1c:39:ff:53:bc:
-        dc:24:df:9a:b5:10:83:8b:a3:aa:cd:3a:23:92:a7:8d:c3:56:
-        83:19:c1:ed:d8:ad:c0:56:79:fd:c0:6b:bd:e9:bb:56:e6:18:
-        1d:02:28:91:77:90:15:f2:44:51:61:81:ea:1f:92:a6:89:84:
-        cf:36:c9:e4:f2:6e:a8:01:11:82:96:fa:94:1b:fc:d7:e6:8b:
-        c0:8f:bd:87:30:8c:84:eb:84:3a:e5:21:42:d1:60:82:08:82:
-        45:2b
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFAcf8HADR2KKltGBiaoAVIn4nG0pMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAH2l3/hwx5zZ8k7JQmNIzBeHKfuZwCoRi87ORTFYQTIcOf9T
-vNwk35q1EIOLo6rNOiOSp43DVoMZwe3YrcBWef3Aa73pu1bmGB0CKJF3kBXyRFFh
-geofkqaJhM82yeTybqgBEYKW+pQb/Nfmi8CPvYcwjITrhDrlIULRYIIIgkUr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B0:42:49:33:68:F3:02:2A:CD:54:21:5D:E6:62:E1:70:CE:A5:23:40
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:8d:6b:ad:bc:a7:38:7a:12:70:e4:e6:bf:06:91:0f:ac:72:
-        f0:da:aa:50:e1:51:a1:8c:d2:d2:00:73:2a:6f:54:04:77:ee:
-        83:aa:c1:d4:32:cd:70:ca:5c:98:62:3f:a1:6c:4a:af:53:8b:
-        f9:0d:7c:50:17:90:f3:e3:93:4d:c1:3f:2b:59:f0:12:3a:d9:
-        25:5b:15:3b:71:14:bc:29:b0:2f:b7:93:c6:93:b0:c1:fa:88:
-        c8:2d:ca:fd:03:c1:ec:dd:0b:95:af:8c:d5:7a:0f:41:48:ea:
-        03:07:6f:57:2e:b3:b8:c6:3e:54:a7:9c:57:4f:27:f4:c3:9c:
-        25:5d
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFLBCSTNo8wIqzVQhXeZi4XDOpSNAMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAJWNa628pzh6EnDk5r8GkQ+scvDaqlDhUaGM0tIAcypv
-VAR37oOqwdQyzXDKXJhiP6FsSq9Ti/kNfFAXkPPjk03BPytZ8BI62SVbFTtxFLwp
-sC+3k8aTsMH6iMgtyv0DwezdC5WvjNV6D0FI6gMHb1cus7jGPlSnnFdPJ/TDnCVd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:59:D7:E8:E2:6E:D7:79:70:82:61:88:1C:CF:14:52:E4:B7:07:49:2A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b0:23:c2:ec:e2:e9:c0:87:e9:75:d3:ee:a4:c5:3b:9c:27:c4:
-        ab:b2:67:74:79:f8:5b:cd:4b:20:0b:ee:19:32:8e:8b:d2:e7:
-        67:5f:da:83:a7:31:09:08:0f:b8:64:2a:08:96:1c:78:db:13:
-        af:77:26:0f:01:3a:e1:98:d7:41:b9:e5:86:9c:b1:36:a8:92:
-        bf:6f:cf:62:13:33:3e:1e:79:02:e5:a6:8f:11:69:fb:1e:86:
-        b9:12:18:67:cf:6e:c6:1e:d8:bb:2f:a0:86:dd:66:c8:0b:71:
-        a5:68:fb:91:9e:f5:ca:58:80:7e:27:18:e0:4e:3a:34:45:23:
-        cc:c1
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFnX6OJu13lwgmGIHM8UUuS3B0kqMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBALAjwuzi6cCH6XXT7qTFO5wnxKuyZ3R5+FvNSyAL
-7hkyjovS52df2oOnMQkID7hkKgiWHHjbE693Jg8BOuGY10G55YacsTaokr9vz2IT
-Mz4eeQLlpo8RafsehrkSGGfPbsYe2LsvoIbdZsgLcaVo+5Ge9cpYgH4nGOBOOjRF
-I8zB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem
deleted file mode 100644
index 0f10912926..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBYzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMuUm9sbG92ZXIg
-ZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAoNL+uym7FlmTUpQwimiPNXt8IR0+KjdAFbDkTqLk
-zxHkpKBqAjTWzEPRqnhsBmjPfLrS8omVrcKIOBgIbOCoRU098SYWt4/2WRbHhAKF
-kauf7d7NsN4WEDXJmlqiZrJLHDihW686RcpL7luSLrlXVXT1h2dWI08VpDUNrz6P
-L/cCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYD
-VR0OBBYEFDeXpBvbNFU1D8m0TcZ+SxfopIk8MA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQUFAAOBgQDFX488L1PqURnQTZU0RgicEAHXUj3SLP3buSF/vMC1KHZd9JPnmf2e
-y1OGQ0S+B4lNX9VJEnS5f8w5bU0kcpGYQTPuFrTZvNZtN/4ZIZTLauFkEjM8sa13
-0CNwd0zMj/Dl1nQ2z8/wHLnfClEFmJHTZZ39W0jD/Lfg2hQvn43Tcg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Rollover PrintableString to UTF8String EE Cert Test10
-issuer=/C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBATANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEa
-MBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMMLlJvbGxvdmVyIGZy
-b20gUHJpbnRhYmxlU3RyaW5nIHRvIFVURjhTdHJpbmcgQ0EwHhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWjBvMQswCQYDVQQGEwJVUzEaMBgGA1UECgwRVGVz
-dCBDZXJ0aWZpY2F0ZXMxRDBCBgNVBAMMO1ZhbGlkIFJvbGxvdmVyIFByaW50YWJs
-ZVN0cmluZyB0byBVVEY4U3RyaW5nIEVFIENlcnQgVGVzdDEwMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDDncK1nAho7wt1siRGXkw0eRAeI3uztOfqSwGhT1ih
-XbW47ek9MiPqCRlX1RKOXve8quD7MM0ibzWjiroSxsaeM7gW91nwOZn8V+UfqmJF
-CikNAA17A/y9Nk+IVx8b2VB+Kjixg9HW2ZbqJiSq4Ci9Dkz2mH9sgjI0On0OSLDq
-2wIDAQABo2swaTAfBgNVHSMEGDAWgBQ3l6Qb2zRVNQ/JtE3GfksX6KSJPDAdBgNV
-HQ4EFgQUdLZDDyDir0HSFv0sejwUl8S6IxwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAcxCi0hkgCRB1w
-uurTKVDyZTQ5ttLsggNpE6uqL+mGyAk/uYcGTxNM1Wx38DDqb+yJnF6CkLRwBk2c
-mEtKFVYwX3s/h+RPe+MO4WBurdVGfxpE3df2wvyYS7WOnd7iRhRirmm8LMoGPLoY
-w40WU1JjVs4Mg8vHt4OpmiFXlrv7nQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:97:A4:1B:DB:34:55:35:0F:C9:B4:4D:C6:7E:4B:17:E8:A4:89:3C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:72:92:90:cd:32:d0:c4:99:63:47:0a:9b:95:28:27:8e:04:
-        1e:49:38:bc:54:a7:da:f7:2b:58:34:d8:bc:ad:3e:a4:fa:0f:
-        85:84:fb:49:95:3f:7f:a0:c3:fb:94:07:2a:a9:66:44:e1:10:
-        04:55:4f:dd:ba:6c:bd:f8:f9:be:0c:de:28:54:fd:cd:f4:50:
-        ac:4c:9e:01:e6:92:bf:11:cd:b6:69:5d:10:f3:3d:25:f9:1e:
-        7f:2d:d4:04:5e:4e:9e:b4:f2:10:94:1f:30:0d:27:4d:2f:6d:
-        41:4e:31:ae:20:2a:d8:90:34:32:92:d6:1c:b1:21:99:57:2e:
-        63:04
------BEGIN X509 CRL-----
-MIIBWzCBxQIBATANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMMLlJvbGxvdmVyIGZyb20gUHJp
-bnRhYmxlU3RyaW5nIHRvIFVURjhTdHJpbmcgQ0EXDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFDeXpBvbNFU1D8m0TcZ+SxfopIk8
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBACpykpDNMtDEmWNHCpuVKCeO
-BB5JOLxUp9r3K1g02LytPqT6D4WE+0mVP3+gw/uUByqpZkThEARVT926bL34+b4M
-3ihU/c30UKxMngHmkr8RzbZpXRDzPSX5Hn8t1AReTp608hCUHzANJ00vbUFOMa4g
-KtiQNDKS1hyxIZlXLmME
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem
new file mode 100644
index 0000000000..6baf543712
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 22 94 87 7E BF F6 18 F9 43 13 D1 CF 41 52 7B 3A 8F E5 AF 8E 
+    friendlyName: Valid Rollover from PrintableString to UTF8String Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Rollover PrintableString to UTF8String EE Cert Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3MDUGA1UEAwwuUm9sbG92
+ZXIgZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTAeFw0xMDAx
+MDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+DBZUZXN0IENlcnRpZmljYXRlcyAyMDExMUQwQgYDVQQDDDtWYWxpZCBSb2xsb3Zl
+ciBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBFRSBDZXJ0IFRlc3QxMDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP+zCkHFztNGKS2jaNu7j8g
+O86LJI1CRdWLEfDjiqoCvEr7LrXRQsQGW79/GqtxZN1fu9yt6eaUBvusLU25JLX2
+johJWagbI4YJdao06kQWtzxk0JRIo8uOjEhAB5cnykYAlGAaRPm5BvMSGlLuMcYw
+80TpK0MtBIoHIa0yqU2+/CWwwFsGf3OKQQGjxpYx3rqL6cC69ybFfREYm6eaC2Rj
+H3bpKBEN1P544WU1ZKsaO3bZXXXa5+ehX+eSalHdOh3KMJxRej+D4xgsi+E9oO8w
+4Rixi9Hb90oZwiO3i2zdgFCd/iwVxk9pUjVAKebqBI4Dv8wsIpF4Rq+/qd7LJxEC
+AwEAAaNrMGkwHwYDVR0jBBgwFoAUtW1PKD/Hu7GYpKml0KhbXkp0s+cwHQYDVR0O
+BBYEFCTnhF1EvGRoOoQ2I1s2vDsOw+E/MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADB62jvyJnKCkLza
+PWHwcjg5rGeRYTcD/XvxR3C9e7taMrg8JDied+IzbkItPOq80bqB+mScXHlWSk9B
+mz7fg/Af1Ip6ryhw/fISLxnvHXNWaM7hJcyGJjH1uCAmgm91EDfn7KKJXqi4CkH8
+cBJATJuohy+iUUlOru0ZoeiQGLWO0nkmw+GeIZiztXaKXKmoV+RGfLIAFEwuS33s
+GmrHob2DjHBIgAa9CcP03DOTtW0k/JH62NupGQDciY/dBj75I7eX6tjMGQn0h1vf
+up27UzRHUjBMh8NYpmnvK24LRYQMQC3TaUbaz6gsD9cNYMFiFBXa35AcDjr/Zanf
+H8YRcS0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 22 94 87 7E BF F6 18 F9 43 13 D1 CF 41 52 7B 3A 8F E5 AF 8E 
+    friendlyName: Valid Rollover from PrintableString to UTF8String Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42F368462FD41A6E
+
+J6jl0z2Xi+k0qZhkOOe3pRwWRHtAwleFoK62+A33cMjUCoUdkMgp93wUJhbUHQ6r
+zJQnl45FJIM9liljaTOeFKbcQgZx6w9ROFeqsBbEjZfOmEV30PNA0ozdK4ojfepP
+PJb9TUCCGOTOaLIovgGf7+tjqK3HR9ofvPtqMfLHnFsGMyNnWhD3+DwK0OT02gnJ
+U7tkc0xxMVJEJpLImZIHf96lI9152SxNBZjDXZeA9439DKDCifE4aSy/hiNdB1qP
+2mXAZFAl5fkLVvm0VQqpPJRzhHRmMnFjp7ACzg+rl90yZEVhW0PXpc6sRC1lKNJz
+YKWJoWmhpNJmdp6ZEhf0FkrMIo/FhGB7ZBmi/45DRV+LxsuemqtW8iKRZL9uKKAb
+9OGdLp9lzLLP5YUwklerFvtCDRDG5VpwzlDKBl+3cn7f4zXGCsVinddDuJDcx7Zk
+KOdKJ84eguNBe0Kyv3cjQEJOLVe0L1XCD+468AlR46Skb1C//gzyHFOYQMUHWB6X
+8S7dHKc9eFvgiN2EAhWwts+7g58qH+FAqgJ+mUs/ewjfIODD0fLhlNDPMyLRlKcI
+8Jl+vVezS5li/83cdNN9irnlX9Bg6CQ2SCK1ajQSfZSWRukp0y2vgFKIDlh5Ipam
+b70eqlO3qEmUbvjV9n50O4h2rex5c3194ci07A87P1jq9KiUztKaa+zorohlkJN7
+0S4YTKmb7bmiO0JeaR5XpAMPu13l1VokOXNeUNVb+5kFD+gEsGkTrwlQP3e0+hpg
+KTTzkgahhRJ4JVq5KuF7MrsEr444nFneO+TqJSY8+h/nDFU+etIuBv5B09msKxbv
+UvnvLR5gKNbMMpICsOk53Z/Bx/q/n+C/qglKQgEYKDfbYaGrg5jC3rmIzWopi7un
+LFwmppV8rgM6tWBjwTL1AmEE6LeLDVGd+pdQutq0wSjw5LMeK2YQXRZYpDFBBvhP
+DpOoSX9YFDLP+DzuIhQir3kBFFMixTpTTp4r14slmwejLk8aRoSohX3F8PxbctEJ
+qaBa8fNBGJVcYRSKzkskimbWA7Y26H0Qdfj8DXYfKRnyXsV1HBIhUqDb1Lp+q5Xn
+TaJ5ZVhTh4CME3tdgAev9LkguC+ddsP4ZEe8FXWtBIa9EbUhzqJVvbL9yXC584XQ
+BRx0SwB5SaGogL/6XJJhdBpinoT1zjwZPd0dqRQc7fC22zpJ4vkQL2KvqNkpBrWG
+rMAOKwkCPphOYItWHNx4nyr0JCrxMzrbEkWSE8aMOpkW2w+xq7iVRcwSPcltYxPs
+pfmJE16qlRjzFCsnrgdP1pJ7gqfjtgaOeV1Bwo7iD1gLKqutHx8oxzAo0NZ7ZAxt
+FmAKN4e3sk85jmOmRrfslsgX2hs4goL3VmviqVHBgPWGsiWqHu/a6Wi1x/owtmS7
+sFkb05Z7ZYtd6G6IsSENo3fTsT+m/uM2Cozj+4SBHVmTW2XUfJMrEVmQ3Ttjq09L
++a5W869ClGXL7Q+OuHmILFfhy6SIlLq1zJo5897bviyp3WvIdGdHcGBgTxFDwNnn
+aQu3o5RtAnJ9OCQp51E4RRwy6vp/HYj+ye9G33zF2efEvn5bpa/u7w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem
deleted file mode 100644
index 32e7d402c4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem
+++ /dev/null
@@ -1,130 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIChjCCAe+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMT
-Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMqEGhcWtsw26V0XQSph1+hgHUlNVe4yFus4l56oS+MKdra/qys502m3Is9s
-KPNUyWAzPUBCaj37+cC/lnojJTpZw0lyfOSeqDAfbcDMzp39U2ujHbqQ41fGTeIJ
-haOs4hUUIapsmLZ/1iETEyHFfB9ib5oSCPAMvRtDEvNwITDvAgMBAAGjfDB6MB8G
-A1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBS3rAnyZ9I5
-cWLbrRE1M5H8lPPz2jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEALE7Y6U98
-nXWJYm65/DslSMoEgBrKSB8w4Z2y+sE41dhd99EFWOwUV3UFoVk+IPgmvwpdpXcf
-n1CZdWh9MvR7lZ4cBiSRoWLz8D5okZPX1HyarXNSQwJjZv91zs3/xi78DUrOfW5f
-nE5txAvRjHP7PrMcb/gatjC2p9oKDpW6+ro=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTcwNQYDVQQDEy5WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDE5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCtryyDuHNmy8nLnEcuJZ6bwOq0A+ka/Kj0Um0Xgd1sop3boX4Rjv1q
-EpvwNZoizR25z5Cw2J3wfdrtm/CtazuoF+2O9M5/g7STTtPUDAhwiR2uRWnRKpUc
-SEQaxHFmfdaPAJI14E5BhrlRRHxHu6kNuENcF5lwuGUcxuL68jhsbQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBS3rAnyZ9I5cWLbrRE1M5H8lPPz2jAdBgNVHQ4EFgQU0BJ9
-iRt74wy57LStnAe8vRiy+8wwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBX2LLxEBd+in5MEzdLeQNWFBzY
-B9CJ1quGFFe2AfYozACv7MzAiHJj1rU0ik2bjYw3r8mUIOEBuYyi+5syyK97cV8z
-e2FFWRCkUkcOWt2b7AizbFVt0M9IEFnhTsM2nVCeSD+f3wO1IYBzINkqwMqmnejZ
-zThT0HTy6hrX/maRAQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem
deleted file mode 100644
index 4b8f08b93b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGsx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFAMD4GA1UE
-AxM3VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6DBDhDh8Fq9l
-WtOenCnLV5XS52CTXaNqy6/fxR6xw6bm0s2p2D0Br1TeO6qn9oxXMMohGo1XU/wk
-hUbde93GnnMNVlPZqTvaGvcq5OjaE9Y7r/QE+P/dSV/mXJsmIbwbba/n4KqgF6yj
-XfJ5QXz2jEVWKIAESIUdsz8i73joVw8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUq8hB
-ACbQ1UzmK1Zn7O+CxMLd8lUwHQYDVR0OBBYEFOlqW20Og/KffGodN27T80jZjAQu
-MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
-hvcNAQEFBQADgYEAaRukvyRgU3wxzMNx2864sByNAhV3ujEGeCMnBn3DLfeM5ioo
-PXYjuq2PEs6I+o55xSX1cGwCtcZHay0MGiz292T5DUrhDJoN8nhJ+yNjzsjB2kpv
-zJrDwMEv5liNVCtbsVNMDCBsje+ukkmbmVVVzpRlnmVmwrWsX58V/pX4crU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem
new file mode 100644
index 0000000000..1a0b274eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D1 24 53 94 24 5B D0 43 A2 2E 0B AD E0 FA 9C C4 A9 60 7E 0E 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQDA+BgNVBAMTN1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRBbnlQb2xpY3kg
+RUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDZ9LivETDywp+a/tfvaf8DhVHn9pKQKbNwVl8fS/Dnb9gyV5pPIalWgCr8
+GoG0PFzmXvqA5eqdyEKzVNIJJyfF1ndYOaS+xs7DHBe4bszm56a+VXus9FdMOTSN
+4h4L+D6C0hG6+ock4Y+TmXhPl+RKa2/S/NSLrXjk1pGOjLgoUVey7USRLSr0IP6R
++6E0Bto5TBPayBPUMRBUnhmmjg45nxAyHYxSsz/K9fhgpYFRfKeRafgV6Ndz83oZ
+KJx/OywOV4e77PD1l9Cgzuc1s5OyWmb1tb440r+o9+FzF0eedHGD66qHmXpyCHJy
+77ojQsHrMacGyDGXF8+QeEox1iqFAgMBAAGjazBpMB8GA1UdIwQYMBaAFIwF3N9+
+ZNtivttLUWSMambYXKOjMB0GA1UdDgQWBBTZpaDF6bfRzvZDEtdOEJNc81hQATAO
+BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
+DQEBCwUAA4IBAQAjl8+QP5Vo71I9RQDbigx5XlS6Anj0GJ/bVK/WQmZrfHs9JdHu
+FKt7x5LL9AZQ/h7mVmSd8nM2z9KUpK3INlaKV7kJSOvskw3D48KNkD673fJfMkWK
+rcznmtUVKMnkGqDKHBPfGSbXN2XEi2DsLY06Labo1mBEVigtLMxFGJ8OBIMuEtdK
+MlhTISGom3Vs6WjeOcuFwz25vv0AWAJFdv31sFXDcxVvK/vvKkVyAlLJuh0fxw58
+6avoUbtAFZW4gstzibCz+2aYvGoQSp4YatviYArYHYU0qQgYBXk4gF2UZCCJLrmz
+WHhLJIfV/K5UFty8b1PuX2PONdktVBWymOhG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D1 24 53 94 24 5B D0 43 A2 2E 0B AD E0 FA 9C C4 A9 60 7E 0E 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE86A044B76E661E
+
+PpQ0NzmkhhL7/s+PhSeiuTrZ00n1/Iqx/QU7W/mtKPiRvjq4MIWkemvB0eQWJt1O
+i/stTCta6axqIvM2Zidg7yLIC9ciT9hGf/adFuH9/o0NoartUQCBxfaHNIRo9GXa
+xjRE6W7RTqWCZbuTyqgZFiIehk7Gjm0lzvr0MBk9CN3lPKnfg5GId8W5b6yLWwcl
+10GsXFezVCVF1yQJN9n18/HwcUZYwqyMISGc8o9LIRGMJn5EU6Kii3YsuUwJnvOu
+1Bpp9L78/tmq8cXTwjT0p6dj6CshTacsjqeMgz6sYZgeAzC/Euf+O3mTv45Ah5Ti
+rD1MgvNfuRFazOKbEWyXqzGcEBnmLWI9hQa7yu3BFcYQFDYNgasiizIvMRQTfwjP
+eeG0r735DZzXf+otb80JIvTyZE77qjua6dGbrtaWON1BhV55O23flLXDTf2ov209
+j5X3G9ukMg1UopzLlxoGkevR8EBXwsNa0AT2BiC5oGdtFYDDL7EfbTkDcQIEx/Sh
+veI9CmC24OLPCsUQUJCmqiUiUx4OOubjFIYqXa0NmcwUnO16i1ry3aTa4aA0lS8F
+6zFbuXqFeSHgV4EeLzqu1eZdenl4/TlNzWl6ZGRfQUzyKVoMUUTfhmskTstLBDlK
+UJ7E/BhZ0Up1tbWfjzWjToVXluOg7Aiy5QVR1k6kl5HKkGxq1zB314loPVMjJspz
+cYYbazKOmhNLuSd2Fzg2Q1jRQGFwYtnym1Sjqr0qJ2reQrmEwsdw3kICt4uHrizX
+FKkUTrTT9+65AlVr4YvIGIf6YMC1zW7hrl8Yao0Os4np46hWZLAaCU/RxyZXtsG4
+/YGVUxT2hODR5zTDELQrWCZegx1d3BJveRWldDlU9QWJWbq+X3AzrK+ggjeoiXEp
+/ZY2hLCechvQVCSByt+8TPvge/2A7YHE0MpB9I0M72QAIGy9vAC6BrdzYkKGkR+q
+ypza4n/gS04YnMcLaa8nOo1mdXpEbPT0mCezhQek/eP6Jqzh4WX1ps8uMEk7b1tK
+NDocSlfMOLqarQaKtiwzwoDCdRSlI9/xgu2vMo58DdfV0mzZrIOmY0F0ysZ03SXB
+qRru66RpHXBB0pPkSwfHyVqBdMw7vN8+yXw4ZBXlUIHMAzmLkNMtwdNurdASPmRp
+SwDk9aVT14IryGSevPfZtnrrVMy702CwtxsBJaDfC6KPEsKpJA3qp87WEkQ12Q2s
+xhDNAr9G+v7Q1TIx0EWb8JQfplHdRIlpr54dpLYDNSm1kjCeGEP71CvqLUY69cFA
+aN2QU7+/bEbJOxMB/wG11UvPhRBw4tfH6eV4axLxO2zcVdPct7wlaTQCiUSwKFU9
+rWj4yTugF8zNfs4MVprNHtjF0dA7TEAkcq+6xMKB7elKvxyFt4FN8Ma71+HcPWjb
+pXuwQkbDbiaPuTprbA3UWs7QySRH4D9pjbVHdcSK+GTpVE4mP1lXY06dOvP6c9P+
+qitoYGCUZLVXXuqTzo7v697aV20+lz37na4bI5DcpJ5FsOWQQwIOruHVY/QJSN/Y
+YAF2a0Og5si5SWvjNQnbxr5gqEfNaiLPGnwbM05s6HPdT5crB655cA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem
deleted file mode 100644
index 2ac5275855..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCc2RpX4l2ip6DQkyPrZQ5fiP3xdhXT2e4QAznpwy2Z5q9TlYhF0sFw
-yiFNITCwI50K+JrcR/FtOMFTiGkDJdNSD6JJ9KXmV2Ub4/oFXhmdPkkW3+LyckWV
-cpDuhOBoI8E+ni0ZFTuduAa9E8yQX5PKazSSbeERNXFHIdMij7WuxwIDAQABo3Yw
-dDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU3Ymd
-Zrnid46ozhWkgrKgpMameo8wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYE
-VR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM/wnG9l6jp+
-ViHhfrgGuXyp29iH1trRzZVkRtta2Htz5cEy+DfQ1bKtALeOj+3XycvDjFBK3XFX
-Fj5Kq26Wr29hb46xdtNHFdkYvsyfD9Nmh1OvcqEkW0rmMqtr/+z3bTX+qegUtJ4Z
-vjllBLFSy/60sopz/da7BfJiG3vBvoij
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGsx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFAMD4GA1UE
-AxM3VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqkkaVxrrWKva
-xC65OTtGWaNoO/KVt03UN4EW/fxbAwU79QI6lYLlcnTOpmNlAU9HVGEvunAZ/RBl
-AtZOKSiAGjuEZPkn37sS6SnhR1ANPyNA0KTI9uXIXDKde2sGXwNSbsiQbDko3vdV
-EIfKC00+2GBB7MxARHUpZZ7kGAP4XIkCAwEAAaNrMGkwHwYDVR0jBBgwFoAU3Ymd
-Zrnid46ozhWkgrKgpMameo8wHQYDVR0OBBYEFJf4i3/rlw5BfP8DOFHqMlOM+3vU
-MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
-hvcNAQEFBQADgYEAg9u+FJzES1LZQVxwLZwZZ+9Q7q68jcUqdvzV1I0kFxESgspa
-7a+fTUyYDbMr4qZ9zrMbJDDLkwS8a9vSwZJmfLSZYGECYAuTZFTe5p6CeQyToEfF
-l+MA+CUr5ogWe2dpQQ/OmurKn/idqncuvoIpaWH7fvnpOyKcqo27Q2hUhrA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem
new file mode 100644
index 0000000000..afba6a5197
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B5 28 7F A8 5E C4 9B 0C 60 B8 88 80 70 72 A6 FF 8A 00 75 AB 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQDA+BgNVBAMTN1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRBbnlQb2xpY3kg
+RUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDSWk+BxVIg223wvs2weR2LSJ3WElVnaJjergY5PUJWIpvi3rhr36NcMtCi
+KTKwteK0gjEvuC1ViP8SDvC3F1jPx1mJUeCvLO+ykSWCHnoxo4jdtgUUFFazMkQo
+Emf8o2s8xuGab+Me1byMnlNceqPD3q7ncenZumYeleV50CBz4zrz68rdT1/iRd3C
+tSkQzXE15FBx6VVFimfY4b8Gsx/zrCOQtr7uuxwlKljVZIneyV3Oxtk8+9EuYXMk
+Yig9pZSMVMU1nscG/qoPj35p/fduse+KRpGM2N3EebJjMC4WKI731mkenI5rRSOP
+BIwiLPEi4lYgdX/DfqVBiYO2z3WXAgMBAAGjazBpMB8GA1UdIwQYMBaAFMnMP/pb
+8KHa1TcMm86YxnqJK9XrMB0GA1UdDgQWBBTlOtW6qZkT1fSqlvvdOHn/0HslbTAO
+BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
+DQEBCwUAA4IBAQAw2XcoqDcFwz7cBnYxG7mEvhoTqnGLOrxF94XpTlAN49BUYfmN
+iQF/mmWo/fA12Y5BwOBcAws7dDB0H428uhtqYBGCxuhzDkIXy3X4zvNO5P5XdrOw
+oel1+zfi4hH3FEKLQmgEjJy2PN2s+JkqZNpxP670/tpp5wwB1DLN2bEc6AARlN5t
+y/pvSd7sVBSXo6FaYO6USn4Fk/m2toWZrCjGZAZCJITWwjwLjQKo19FARC/iUNMQ
+35sIs4EiP8bL/k5HcAZVXECK49Ogr6g9lU9wY9swx5Uudw8/2OstRe4vTQFw99Da
+q6T+4P1VCKTMkXqfc7kR3vey8S1z88l6GO5M
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 28 7F A8 5E C4 9B 0C 60 B8 88 80 70 72 A6 FF 8A 00 75 AB 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6585A527E4EBD184
+
+dlpKqskl1Pm3ZL7yW6TyxKoq7GkkWTdiIJrvpIVv/49VHbwbkyYuIKOcysl6Ap9x
+0PbPEWvo30f+03azLNfeh3iqGe802aVEiZLo32zVB8I/3ZBOiNEly4w7mWVlQ5ZT
+80QOz2ZvFG73xCh2Ul2/7LDwwaiaUHWo4oj8wsTCHCKMKIU3RK83Rw0P7LmJ7n+l
+qY9TOAiuX7KoWbsRr/wd1Jf4vKtZttp7ymIq72Az8k4K4HQo8JMAgAq8hkkp0/9p
+u41a5oTK1VyvLwKip8+3pdW/BK7I9iYeIKssoLQDduIDBrw9CuGHSJj2OEeA2wvZ
+M7qa/BOJkbVhxjYEpMh29Cga3heJPImY8vvwOwFPGvykTOB+EHujN/aYVv5yt02U
+2vBidukWnB5w2zbJcq6LsBzvYx93b2N+vrXre4YQU6vcxijHOsDdNGW7pZe/osyG
+UMhLGBofkENW0YOq0Q48haOyHLIMeGToKPD5GdOQZx/UXEdIDye7VHbOPJS1ccc+
+Rf931GDa22kzmue5G/Ee+1jh9z3RilMlfbtyVod+Yd1DrIKLFoxr69vtlTWzo1uw
+HkmjqdDeXzq/VEk2CXP6QtP4S3PQJ+FltnT3F0TBe5zX0FF+wKEbEOInYUZr6kH9
+CeZfpyUEp1JYh/4vgpoRxlruVpEBIJiRMXiRVnWwlWZjfmFSoA94SXx4PuknuwcL
+qb1EuvTYwfEMhZ7qyoiJwVPbHsmG8csGh0DtL6/jkq0xCCQ2oYdrTjsUJFPzmmgl
+fLstcU4dNDuwuJoEgfNXg+PqYrPWYZ1VLFlCN4ECH8CRzXhwbd76CDVJv4PAPbNE
+FprSz5G719+1eXcaNUSG+71KAHH14liTxNdW8LAIX9AwhZ1Z014P1Hd2oYWfBUnM
+mnSE33U9QjNdItDP39HZKpp28P4XS9NSwQgJetV/rVlyausQpjE0Puc18o7NzJ94
++bJUg+2oLpMh9399VBymYD/35kRcF1mhcZlcTvu8h9741bA1RQL0D/bdgQLju7Zw
+pb9dfbNiFgFhcjP3WrYy6L/xZ5ifrmnoKE9iu6hrs4omCebowkmlY20MohRa6Dur
+ZBxIsz/Ol2VTlXwHmr+bWTSLfMcrvy0+Fxs+tyhNfhL5Upo02ODEyei+tTE4dXTn
+if7khx2N4ymjWeUEI3W4PsWoTfZGEDXJWxfezD3CQqb8m/Av5pY7v/S1+1Ad2HzK
+2wJ71D3wQpkc4Gp8l6HOvDID52HV0TI2U4028LwhR818qMDOGgEVPtvFTeTLmtvd
+0r2a/WUXJzhB1WycQREadHF1YPYA/Ds/0RSUsBv1KxS8RSk9iTvegY+HcXMsWLCu
+aKKnd9nqhLkL4jnTB16LRJ2zDCKnchdRz4ZZd2R78/nezC4J4m8JmC7FbWZYKJO4
+yCw0wxrvUzbT0iQfOpbC3gbSxAvbQwQU/a9tyMmFE0WLZgOc0879OFIm0UabZoys
+FyR9iPscWcAN2bSCdXBqVeHyVYBfBiOTDmYnybJ8wZOy5u4FiLGDpah1dUbLXkHC
+ZBlI2wJU2PRe5q4kG1unJq9p6Hhl1SEP7fq5WJtAPz87iA9dKhh+8ouGPZ+szY0f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem
deleted file mode 100644
index 0a0596b259..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem
+++ /dev/null
@@ -1,180 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitPolicyMapping EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMG8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFE
-MEIGA1UEAxM7VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBvbGljeU1hcHBpbmcg
-RUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALAZ39MGl31J7AeGVi+NMkr2Za9Sm9LwaUKnv+U+4kjo1pvbj8KegARFAYToj7LF
-KujtuYlkH9HC9PW9p0X0zlfGyLo+jYBaT28HaJodaa2AmpEz0ZxmLsEBnjVNlC/R
-+vUNa51CNV85Wv2V/FVkznQSlqdRP/89SCfIL/Rd/rLRAgMBAAGjazBpMB8GA1Ud
-IwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwVMB0GA1UdDgQWBBRFegfFmXt1cyLu
-vHj7WA8p2BokYTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATACMA0GCSqGSIb3DQEBBQUAA4GBAE1aoLRAB7FVyZHDy+jfyHRnvk2c/hNkhsYQ
-VuxpPqQnt8pCBUl9lUAwlb9W1JoR274/B4pIYmqM869ptHJJjbbNkOBdudX6462F
-v4rtoK+1egfyqLiEcmQNcGSqq7w6tBw1k9DV6t8D1BYvzh6JfN7z+BY4b8dOq5O4
-2eSGt5qS
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem
new file mode 100644
index 0000000000..bf2a529743
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 61 B9 99 CD F8 EA F6 53 12 3A FD 97 C1 1C 23 66 63 10 97 6D 
+    friendlyName: Valid Self-Issued inhibitPolicyMapping Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitPolicyMapping EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRDBCBgNVBAMTO1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRQb2xp
+Y3lNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAzlSgxeR9mZZ2DfvlsNsMlfrKR1y6GJY4fciG6sC9DoRB
+7sqa+3lG6pzDngc/9d/M9u85ukn4AMAsPZAgi5X6Q5dz9byxtr/ACLKumzRwWJ78
+7vVSNc1Fl02DimJqpaVgKtpvh74Z0Li2EUONNxVmM86vcI6+K1qVnLMWtdrSpQx5
+RcP0ak4XtVcxSFKBrTpZw7kplIenOiXBIVlO5f2yADWcpaJw299I0n++7v4vQrJt
+3HWs5aDA4if8w5UsQvfWPL6IbYhS5spCRAu2Ta8TAB+mY2k/sLyYo/1HV0khIG1Q
+5J1pFdw091TkMnOf0c+yG48BeXG230snsTTVpV8DKwIDAQABo2swaTAfBgNVHSME
+GDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaAyzAdBgNVHQ4EFgQULYSE/2xcGw+CRD5T
+hkfTUDLk/bQwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+AjANBgkqhkiG9w0BAQsFAAOCAQEARKXDv0JsjAw+svbFFVLJWn3Fan9X4ilv2XPj
+c25T2Z8dd5ydw+a/fSuZ30rowmL2YFnWeX9D3i+y542eBEQbzHkj+1oc/JFJ/34M
+trqzj39TgmrQbM1D1SOb7Y2uLRXpZu2jPUuAld2jPJvFZxCHTf3LRb1dW8F6uAs2
+SrfZdeFCA7fXoGJRO4z4cCWyROOQY2PHSrMKNAh2yWFq56qlj4iNmdv86/My8MNf
+zlciq5ApLsPhTIZiRwuAiAnDkeVUjo0u1PciJ9oQUZc2TuEqcUudjtl16zTEw59Q
+Qk9v21HXboMBS4QUaQ8WhtwL0sGOMNKSw13LgqFeW5IPswaGsA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 B9 99 CD F8 EA F6 53 12 3A FD 97 C1 1C 23 66 63 10 97 6D 
+    friendlyName: Valid Self-Issued inhibitPolicyMapping Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5122396833385692
+
+rjnACDyh31Laaa/Y+Bhg7d73sCGPBKAmBkHDMgeWMZHftHStCvjZwQIs/0BKTZoG
+jm7dq2L/Dj6IwEMr0jAVF1eIVuxkJfwMfxGWPVjA8yyaFOdATPiTjkshRLBiTQVG
+7ev3SI9icZl+D5q1vFBuIz10ngHpuPFW+HnBW6VchmT+pJC62F/RfxzoUGqwHGns
+1Zse0tyLFt88yLfFBgm+w2lFBuZ3tzOK3NxacdB9/wOk2ktzgGKw6hjyRSZdDukk
+hZEc/mTMslZ3IApu5exn6x4RbLLBQfJdjGdG8vjOHzE9f5F1QS+feDwv0v8RiKZE
+zcPMF5gS5GjGGCaq8jBsbJBC7L3h9mQib2Q/QUpXp15wznTEpWHQ/QQRd8cRZVDw
+qBllDSLaacMvZZ/1B8vGWwpxdLqj0ABDZe48QD8df+TcXMD2VOXvguPEq5n279pX
+X+cdGcNeITQq4C8dZsVE8xUHrOfEB06mN5JjUcwPnxb08vnYhmEDKWt98qBvKoxJ
+znfAgmdD3/QH2YSgW+VsK1Cs1Xj548zE6wPa7GTbUsmfeEMuVAgLIZJBlaZe6wH6
+0af8RapkwRaPfSYvc4iJKTcs6OOVPIvrILYU2NmFIFEbrfIhc5ezCoHKUVmtkVg/
+PtLOnhdTnj9v0quMCXFJ3TKxe0C4S5QbhkWOTfmZWAntVAbpk1eJ4JPp8F/859O5
+98oA/5g5c2xR1c1jADqSw2KbFrpbyHTPEETAHSL/xqzInCofh7ErknB60Tf7I2gq
+sOLlcFKEqBU9kp1zuma4VKx5MMvJmLYyO7jnUezt05TeTACgeSy49pJ3/or5SHHf
+7kQAIh+oDbmE4jz+MmIBddW3Cfw+3hCCdCM5u3Rb81wvSq/Gs3eHBxqfpDi++fjK
+9H7XhhEcapvpVmKotP0D9iBeqG4PXUWiGgt5+861A1TZe3SFnFgIc8KBsPcgOKqT
+pls/JEd78JWxSCzeHceMwWb2Te9Ej0yVoPePX4b3QDsbdgcaGTtC6RdzBYBhiOZD
+33oFxB86IkTOLVwHechMTY0RRig/BqvZNSgzsTdyvnEa/m1OnkYOwqnvq4vAYfCM
+Uvfl/j74lViRii7fPeixt0Cd9R7PJe1g3hBPw7Q4eytOKRE7Lb/rv5dkCQo0to/Q
+E3B352q4sANo8XQD5v7EnRhv2JSGqL8qzY1t+ECQhT6llVDa8T3Jb2qjwtL4VKOl
+2wEuiT0rGVcGfDppFUgE58ms7ZjdviFKzbT4yL9nsiGQPfFaZ0VmmNem92NLEHuX
+FvOP6oYcrJu9a5dNmLwWPMH28F3cJMvw6JrRmI4/KPxy1QqEUYleTtW5wvp7lfhX
+KwN5vs8NfN3vidFIluh8ILE1/BuTeJl2i9PQt5wn6v5vIuYIlut0VTsMyNI4DUG0
+oYxnPR4L1s0AXn+ONSwQ8+AnUc7hHcS8rhX4yZyioXajLqXhFzhXiK9MfeAxPhge
+gVhylvKZYlO/BMlDejXxeE9JmWuCVBHwcGSLw92D0i0vPq2HpaZal9W5+3IQfACO
+YaRu5tDk13GiqKk7cY8LVjC9rK+BNhUjVvRvz5QI63mPpglQ/gVwkg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem
deleted file mode 100644
index 8a81ff92ee..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem
+++ /dev/null
@@ -1,127 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDDqMCqoLUxLw5wCcxhD3+5J80k2C5ESu+Co4n3V3Nu2SyzcfKET0wx5QvxYm5V
-bzsntf6IudJpfXgzxHIwJ4i5v+Ycc8NYiqmCNhsW5sFRzhjQDyTWu0fEYm+tmyBv
-FavwXAcp8ptUMElDMAv/bKSD+7MDC9uHZQOmVsY0ndcNUQIDAQABo3wwejAfBgNV
-HSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUOK0lyEJa1w3p
-SvQY5iylU6RQ9EwwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAA9NjcDXXcF4
-FXkwZWIDYtowLXCpbshsU80nGx0/7QVNApSTnUq9pe0t8qAClcYZuaXgB/uYINl5
-qozAW6KR4wFaNUv6mnm+0ppWeiTnIn5O37IycPbAKVZRhauf3p/cTkZ6RZ3MJ5Q+
-fMTJscvSXtMhU+Q3Pp5PGRXlXhs1zFNp
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued pathLenConstraint EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMG0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5
-VmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDE1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb61LTuxE1l5yJ
-QVfNdf8EYvZcAa0KaD4FMFo6vn3YTkLfUAgn2P0/LUtJQmmXciZPTEU9iKaYsV+/
-ZtyT/p8r/UHfo81aRT9dIzwK4sGKK+9KWFi/rPiRQwG5IB3XiQYW/JGTIPgcXg5Y
-dUXWrtqZVN+7ddhQD1d1ttatbEqajQIDAQABo2swaTAfBgNVHSMEGDAWgBQ4rSXI
-QlrXDelK9BjmLKVTpFD0TDAdBgNVHQ4EFgQUS4ujjGGj4+FAN/SRPltJJo/KxqAw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQBh3iDLcsaywxCRTsUrSXJ+COkZOvwrPiAugkf2KeDXYcrIckKX
-n/+Q3FZeBn0qHNyvGUTLp7yei9kUto1sS0nrShwSV+dn/2zUsL6dr4F9Lfazzvsp
-rIIGkJCHbcJSnMc2b3dBhKr1Oe6MWWnV7OdTVCfjQXeDciB3MTcY1TqedA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem
new file mode 100644
index 0000000000..edbb2acba9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0A 55 CA B7 29 D8 79 D7 91 E4 AA 93 F9 D3 AF 71 37 0A 67 D4 
+    friendlyName: Valid Self-Issued pathLenConstraint Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued pathLenConstraint EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+cjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+QjBABgNVBAMTOVZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALTPBtTph0kvovSb31pRYt9egyO+d7Eq9BtlSFiZ5UyYGh5UC2FGcDP4tzkO
+5si6Vn4yZ/rwqIMNyU5bkbfludraX1b/Uc1kObROQfOgEApaE3JuZSVjXEwJsojM
+yBYCf0FErkdYAgzDE5czPhH+NE5ENiI0+cox341aVJ17bK9wK48JP5ajt378Y7Uo
+sLUG8hY6d5fOJvE9Jg2IvqCXLuSfWzJtCunT5Qlf6qASV0rrUJWdmKaqstNbqq9H
+Cj+IpQJTrwkF/8rPkAnuJcjqRbCimdpVqYLqF6EPAv29rTBZyKd1qktm5n3wjcQ4
+hWu4kEHG/KPfSC+pvk3OLa3FD5kCAwEAAaNrMGkwHwYDVR0jBBgwFoAUgOtzvk2Z
+npS9F0ta989Xd3TDX3cwHQYDVR0OBBYEFMjr2VjA7usIwlcHbZp92KG3YZu4MA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAIKqRjt2Z9NVFsBaFffuOhB65G9/ZP0VnAz3x+5EKuUn2MhbZEnK
+pMS6dDI51ot5gK7PtxyXH7DwI9Tq8BlkpU5UMspeKKwHuBe97IPsSeAFeQX2zkws
+yz7KW5QIezi7ijyNtWHilzKeK0uMh5pMAkNVoLH++8d1PYgG04EYxZlHZTedGSj2
+QjiBc2bJQ/hTQSoXjXlFK0auVmMOohKxYi6ZgWstGGDdoY+/1qe8vWBqn3e5NSLu
+oqd3L3jD6g1rjc15SEadJfdQO7xMTdgnJWqij0N4rcxo6EzqFVvt8FGUNwCdHJFT
+B1Qi4p0aWzKTaG/KcfnyuEyrAJB42RZI+LA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A 55 CA B7 29 D8 79 D7 91 E4 AA 93 F9 D3 AF 71 37 0A 67 D4 
+    friendlyName: Valid Self-Issued pathLenConstraint Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4A1C2B404665D30D
+
+uWUUPeXKS8K8I/MHrcV2NhxxM6t454hkTYt5XcYl153J87tuHDi++fxw34rb7+f+
+Pb4o5pJh2COqxjAu8pl49JdZS/UNz2+C/F80K3JvdX1Vo0X1IplqcRSGb2gAa0bC
+1pCbtuyy4Nq9SAmGN6B34lROUOEC8/vIcee4SNCMnxLW1H+RDETzT2MAjMDI2lAy
+vibpRIAbtILZguDzrvIr7I+FGzm5Vc/0vHX4B3E2qGj1EnRotNLNNY5N6kg4vSZR
+E08+L8FBgC6iLAfEDk3jpYkInzSATLn7jgS4eWIbIbEFjuT3mhBPDN21Zqh7U1tX
+qOba61l5fgdxhvreWfRjwxSiuSOnArFxJU3KaaF5hoK/4QkZsLZ7jHUQLIsIzfMd
+ro1LggW03w/X0y/Ip1ArqFbND4YjlN+cDaSy2hKNLb9SqePSwLkdy9QQBv5UMhtl
+RC8l+RtKifQCw4hGHG1+EyznGd+1kh6E6zwmv74QrFOnJmvLI+4kiCLpXTi/4x+O
+RXGvtObalCEjaht7nkwpFZfFzVxmRWae5mHMHYN01fXGwFWwHUfC+Cjocm/8EvGi
+2nmJRfYzQFnrU76dluvAU4d8xYhSfDIkHTOJHF5AAg21UR1neuqj5UgHUm2LM/R/
+T8BZJjuevVj7Fg6uH8AxkHN7vkf7rcxEY5IXUZKvG/IN956QpBDm7VcobT4TFqwL
+UtwYrM/hGza597qIT1oJqy7ah8VIYbKZTE5gmA+fI2eZkjqm4ex/HOsZKW7BzkyW
+3GEiKmU6d7dFN5XewDqjMQzBNlzD9Y5gRhrHv85WeRA82rBm2qv7+20d5SdO2lIU
+VXfggBI+KYclR6JbE+z4qPPdJ1KYH7BQmMgtE4TOGSFhX52/nCfuR4jxT78unGyX
+FByYPuiJJCG5bCXIukwoh88Yyib+o9YbUjaqQ6sfRSgwiv9QocOtwRlxXOA+kZv2
+s0fUr06cK4BSDTZ5VlHFNQJp1Ub5nWxqlseVWXFcJ0JWddlzvGewKg4Unvtl2Q/x
+MbvFF/27VY0Uw/XTHbTazNeeCn5OFFeOigyMvpxE8hpu9Hbl7pWKs+LoE1NsJjaK
+RpGRIIQcX6O3VQbgWeY8NfYRtackF1FwtgkxE/PodNhUC8YV122htf2mzKsXjQ/P
+2z9xGZi5NW/95bTAX5FKPtP6KsdOQXRwpoJjxzVdPkCncbgn3B8PEK8Wzoc7Is5O
+xhjaf0QIkkC6UD2MeFFv5yaUAi45Ivwl2TOXqNaRp2Mjb/rLhSLNCDJ8Vh6P667n
+PrQ5oMcqq914DBqYM20Cg93Pt5ZZk8GZQLywCFTulzuf92oyoxMX3CWepNxXmUYh
+uELcCywkTnwT2kCClFj+cbhFTNuFILN3CnwPs8QpIJjOPcwdnvL7Si19EqGOhUFj
+ifavYAGGKwkUfIlXwf8IuRNkads9jOqZCpALgDH0owHai3afBgKlyx8AEvxYbEV7
+bF6il6oyy8bfo2sz1ikFwF4qFBBgDw4WtiA/Wdmo1j/NfVNvIiRjs/vtu+KzicEn
+/LKj7N4Y1rlJXxEffLYBnKNO7bPbw18o1Hp6IdcPAFFjK/Qy13JzP0p6yV/ivRen
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem
deleted file mode 100644
index 86dae42c9b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBHDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZDGq53SMD
-2pj9pTu5VRCJI+Vm8LxSBkYdxD0jc4IKrbJH1NRh5XCcfeAbJaQ46UJFGEPMa92B
-GOSF60SQg5oIXBDTA/ygWIPFFbfStUt//heg1BfHUHRf14z8JL0HzXDG6xnd+2yK
-FzLzKFu1zexVpeT6nFQr0rjeslXftjJO5wIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU2nOT4PBlmX3Dv7AfJg72Fi0x
-NVkwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBBQUAA4GBAFm1ZyLmtGk/Ml/36K/q
-S3bdDJ4PWyY0OsgJBm4jiiYU7QvQ5G7cyfPW4h8EBaPOg4HSUGJJdqQQdP89e9WS
-JTFOlLoPT910pCDXbuEjILFrPh54Gv0ydO31Yc8Un/Do/qEraDgWzjNU9s/BAJKx
-zeFg0ajkR1p+VLGzDM+n2aQI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDEsgspeWC5HV95asByD3T2Xp92XyIayyvxljyNsuyivQG/zdHVuW0QqDbM9+ua
-rkOgDpqwN93uEtbRdQqq4u0MZ2GXR4k6ZduPsubfFKXBKdgvLBoSm1qhOdO1m7BC
-GYe/0e+uiTYZGfLbJCqUuDraLY/o58qeKUHln2Ex8G4wAQIDAQABo3wwejAfBgNV
-HSMEGDAWgBTac5Pg8GWZfcO/sB8mDvYWLTE1WTAdBgNVHQ4EFgQUC9dNxXZ6/vA1
-xTWKZjIu1jdIF2owDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADwD62Ebsv+1
-RcA3YIonWoTkrnKU9YGmmJf5S9ytmc6cT3phWRpY/sOl+Y0pNRvDsKJeew9ggQWD
-f77Pp+ACX2HvWwSHzclox2iCkxNyX0aNAxa9xun2zKGm2j1Ncb/D2mE9CQemmn0n
-1GxEkjg7psCUxl2FwuTTmRR9UquMxjg8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQxIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCp1Y+dMUczZ1H6dsRs9hr8yLDsu+xA1vSG+vHgAEPkfkhzItj+7N02gtua
-ye1hSXd/x5xNHOTWUK0CDY2YnHBpqmVO3nMIYmX40BbsRl8eQiEYQS7ES+URwrbW
-LHC23HLYn/R42TA1lkwp3HUa4Nu4eUEXKRMbCVfpxAE0h6brIQIDAQABo3wwejAf
-BgNVHSMEGDAWgBQL103Fdnr+8DXFNYpmMi7WN0gXajAdBgNVHQ4EFgQUYXPbCWI1
-alu4YhJII+f4K948S9swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB0eGyRF
-KEbsyDnKd8pB+6YhJjQBcdZl9AGLASF4jPmFj2iXuF7gr5rT3UTvquUeEJamAZc1
-L3pHiaPZnxbVJ8hTSD4eUF0YMDd+PzboODwLeBS/5AmWQ0O5qiohjgFTMUq3uvkf
-RWemBcsCiI1KenbGIFTJaNEWKdPrsOrocVJw
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYcGF0aExlbkNvbnN0cmFpbnQxIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCvkVm0hGNZvdPCElTss6nzgzq7tC28/UHHYKozUaenLdgSaARQnZyi
-w3O5hCVSCtOMmUog52Av5lbkjZxVhCTaWKfrBuPDE2FJSsz2RczG+89ho8676aQ9
-Y5tTt3/mECuV21fCVjRh3IU6O6gTGgPSOxmOyE/lMDXTYFYgsfF7kwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBRhc9sJYjVqW7hiEkgj5/gr3jxL2zAdBgNVHQ4EFgQUVVEA
-f8ZkXgn1BiXGzZK3mreZsTgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJNK
-lQDUQElDsFY24HDYmUDNg4Vg/CkEB2M9JfI5yZYlOKJrjzECJCY219NFeL9TcyD3
-bJY36GS1ZMz/MI9ocVTU0K5ssZqV4IkBI9hXCFlb+kw5jSgO30RoxXm+Nb0nvzUC
-s5kRJVI8Rdm4ONIstsOmX7w7LBMWrgCPBOZN6zkl
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued pathLenConstraint EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMG0x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UE
-AxM5VmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
-aWNhdGUgVGVzdDE3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNwtcQ87sc
-VaUKAcu3QxtBteOc29FtwvZtv86nDNlJ91gIoFTUq1jKdkWcExlR8lh+Ye0QfIRB
-NIDkDs7+2WB/BwJLNMpaEXDh0qETy/SW3uDN0sOX2H3ik97y0xD5ayXquEXTqgIs
-fNtXesmjTnBt3iitX1DkPwrjuJmQf+co7QIDAQABo2swaTAfBgNVHSMEGDAWgBRV
-UQB/xmReCfUGJcbNkreat5mxODAdBgNVHQ4EFgQUOloj8eT4jSRn3dhhzDfEX13r
-FrswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQA8hwBcf4CCZAko0xnD1MoTNUBfjdvDcXZB+bTB3jnbDXE5
-zSid6bUVBNo+awlLpnQw3drsAgI1G9TcgFOEslX2n4nMP4FZAxsjpyDPSA7Wdj+t
-xb8/kI5UhKZTjNYIL/LXpfWMvzhiMhTzha8PFxoGFM5hGYMXqh0kK/0zhThOEQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DA:73:93:E0:F0:65:99:7D:C3:BF:B0:1F:26:0E:F6:16:2D:31:35:59
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:8c:0a:8a:f7:34:0c:91:f2:7f:29:9a:e6:6f:dc:e6:a2:3d:
-        90:31:96:5b:53:0d:2b:cd:51:e4:d9:dc:b8:f2:4a:1d:b2:e8:
-        5e:93:60:85:16:53:48:ef:99:f5:13:20:34:84:95:88:1d:df:
-        30:94:e4:e7:71:fa:f2:eb:f8:e4:50:6c:fb:7c:e3:b7:29:e6:
-        91:b7:5e:70:f5:c0:29:ed:50:6c:4d:20:b7:79:e4:a5:63:8f:
-        ec:d7:1b:ac:9f:4a:4c:d9:44:3e:f3:17:fa:5a:f6:2f:b5:f2:
-        51:f3:b2:82:90:c7:4a:93:8b:27:7a:a8:a1:00:a8:26:3a:eb:
-        ef:4d
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAU2nOT4PBlmX3Dv7AfJg72Fi0xNVkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAtIwKivc0DJHyfyma5m/c5qI9kDGWW1MNK81R5NncuPJKHbLoXpNghRZT
-SO+Z9RMgNISViB3fMJTk53H68uv45FBs+3zjtynmkbdecPXAKe1QbE0gt3nkpWOP
-7NcbrJ9KTNlEPvMX+lr2L7XyUfOygpDHSpOLJ3qooQCoJjrr700=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:61:73:DB:09:62:35:6A:5B:B8:62:12:48:23:E7:F8:2B:DE:3C:4B:DB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a7:22:08:25:d7:e6:5b:3e:63:fa:c3:8f:f2:bd:64:39:45:75:
-        ec:4c:5f:19:85:38:ca:9c:99:03:95:9b:4a:d1:93:62:04:28:
-        bd:18:a9:79:27:31:d8:41:38:7a:c8:ae:81:5a:42:25:e8:46:
-        84:31:cf:e8:38:ad:f3:a4:3e:a8:4d:71:cc:37:18:89:14:5a:
-        5b:7f:3e:a0:ad:6f:95:7d:34:1f:3b:6f:ff:a4:a3:58:14:d7:
-        c7:58:e2:d3:bf:33:3d:bd:59:f3:7b:63:fc:57:ab:62:f3:06:
-        27:72:a7:9c:6d:0f:b4:37:12:0b:8a:02:3b:e0:47:3b:23:a0:
-        6e:3a
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUYXPbCWI1alu4YhJII+f4K948S9swCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEApyIIJdfmWz5j+sOP8r1kOUV17ExfGYU4ypyZA5WbStGTYgQovRip
-eScx2EE4esiugVpCJehGhDHP6Dit86Q+qE1xzDcYiRRaW38+oK1vlX00Hztv/6Sj
-WBTXx1ji078zPb1Z83tj/FerYvMGJ3KnnG0PtDcSC4oCO+BHOyOgbjo=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem
new file mode 100644
index 0000000000..0ea39a26fe
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E9 27 B9 05 48 33 63 E4 D4 5A C9 F7 BF E0 31 5F FC 3A 47 6F 
+    friendlyName: Valid Self-Issued pathLenConstraint Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued pathLenConstraint EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQjBABgNVBAMTOVZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJhaW50
+IEVFIENlcnRpZmljYXRlIFRlc3QxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKZ/110TQ4OpgLh88109wvt/7WJQ1YHMugQV99n4Pu3kdI1VQO4ckrNq
+m+LBgYBgZ4Z6EswBTKiEmP46zxnhjiM2j3NXU/qmWvrH/mr1z5gME2iJZgO9r9Lf
+96Bi18e+hA3D8TvaCvZWSJJRyRcGb6eMFPW2YVb4lTUetmaSlI/RW+4nUghXyww2
+SyWnugMA3lS2zg34mchaDWI1OGpDV7HlYI59pPPfdhuGmaZ++dWbtB7EcB8FtQX2
+y30Rajgn8P5J2I7/bl4Y7GLbQMZQoLlG7zjC/OCfew/EmJbzowST3P/SauI0j8xZ
+8ZLW7B6/EhdaiUBSyv1zv6WG+zl8/RcCAwEAAaNrMGkwHwYDVR0jBBgwFoAUeQOH
+Uyk6Hr7o1BjlBDSDK50Rx9YwHQYDVR0OBBYEFB7n3xAM8NB1qQnavi3TtjaSwfmT
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBABZWiiHlZ/a+B0lgBpqprSf/4g2EZOQDPmGOnIm+UhdD3ahy
+z4eVaeNlr+ksEkxeFW+VHOTsoQWEJm01WMgr3m4DJe/VJnyZP3/yKlEZ+IVj5IKD
+hfxsatOwWgETAH7vVlpjLjoH5z1PJsXWKP+Jxa1P1J0DQFA77osQHcWb6m9FUTkq
+EMSv6FYZgTULTfF0EILCP/ldsQvu6YMXeJr0R7QEQ8w1Oe7jujOq2E+kH+LA7t7b
+AxlFz9YFxyxw9ZFTvhCw7qjRijgaHSiT/V6L4uc1p3G5d6tFt6Az+rhsC/3lyYuY
+QDF9LwIhI979SrewoXdbX7LPMQJXRAxBr3eGLn8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E9 27 B9 05 48 33 63 E4 D4 5A C9 F7 BF E0 31 5F FC 3A 47 6F 
+    friendlyName: Valid Self-Issued pathLenConstraint Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4F9E55521636738A
+
+rHxtRgfl+mxRQFp2Shnwex6F1zvPQrZys8bdezcYipvnhPFKp95cQmsC4C0FV1l8
+XAHoENSowrqw+14f1WPVIEAD8kj7uGzu1K398uFUT5YAPZXRMBHVUfdQ5NJLSz4x
+NH5amRGk9ZxfQfvCxs2QxRsWRUPq2BulHbvnaI9JB5ExvyCz+XI5tK3OXNmijt8D
+qp4/byO7UP2wjKwOa/mxmb2xyKJqopq0LrL4oCPqwSJw9NMlByb6xSESBmVwX7gK
+ggVoNGoFbWVKEWKRffGzqvIVhOsOX8kGnuoJxKxyiRtblram4xz5tTK6n3+ZqfnW
+iwVpcEt4s0qwVvjUnSN3Mx4qtdc6tio0nIReBYSQVwmmF3bNYIcsrm7vf13qxN65
+zWXhGr+QHdNLXWqxrluYIGTbITUVgecOwYdt1rS1o7GWJbkqCkxvp+WrUEBNgHPa
+NG1C/ke3RPBNhxQbiZw20rxSuf6+/Gb+hZ6P7I49pRlmjudWTbowcQiGrKwIz3XJ
+j+c3e1vBKtvMJ/7h80g/Li1Rr4sVkxB4/GP/JsvlR2VsaHP3H+taXxR/L0KRuE1G
+RfWXmYig9q9wZS3MKwD+70ARWvyYYewErh/qs1hbsyUhg4ZZlJZzr1vmnwd3LTcT
+VkSd0c25Q4KZSRjb4SOtTORXBuOq26Vqk7n6aQTeckht8qyA1tT/m+iH0zhmOhCE
+7NVH69VWrU+FzJu6qBTMsKwG2st6qXOwWMKTUclybS6qZBpt8Nj6lkQMDcX1o5Lu
+wigm+ZbKmywiSIQfB6Fvy1cGB9ZWTo0z2HGY0mhZdLpdlM/NZ+5HzhQW/ISKTVdh
+mr7mnWoFmUSjjeEoUv8UVrJvpwjupnnY4VPBtgQfIDjxLii+u0K2fKwqiBzQhx8m
+5rJyFvrFtnZn7i5xqoO3rzcLlPWeSY7LPd6LuK7ucpUH1Qg2tJl+GkM64EJSQgaA
+dvIaSG3Miy8uUwKp8hHSpYZQ7fTU4afki76pkzXALVfqV6IGBtwiNF7VcHc1xl1z
+eZ4L39UrNO6DJWiHW0b/cZeL72/UxvA279pW22hV8Js+9LiGBNnIUwf+dseKhVHc
+taIM4UKQryBDM51T7d4bv+zCj7tGh7EmHjL9QciKshKoHGSmS2vxtgTNEKDfn1Yh
+cXSc5D3/ulLjn/0KylSCUPPiphZ1UfzRH7WOWKJWrBoim+zej9KApBd5RHI7mv2D
+XrbWSiaz1gb9fmjgbZf98UDn38JfG00n++QXOCvqcuAK1DW4DXX4nejXxCm4TEto
+OsekMGfIyF1nHh2Wk05JHHeO0KZyEKqJtd16BbjtLdKGg1lkK+oNVnyAW0n/sfEk
+t/B6Ibk64jQlPmij6rc9DkehMsUatXyYr7FI4ZIZ6Y6aAQlVciTXpAcLB/Anmvom
+WGKJQKMDyifu4VqjcINlv/uaQbaUWZqsZTgE/yTWzNDwodL1VnQnVeUm9Z6CT19H
+b+FgAfE9fPTCObTzigMpEqpdZK9R/0zpI5XTYUua8IrloCIcVeD7s1Jb6f6WQBol
+UmifyirkYx/hnGLkwr12fwKeCRYkp2k3oEPwKTu8l6X8zT6i8QDnYw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem
deleted file mode 100644
index 6a4851e249..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem
+++ /dev/null
@@ -1,127 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued requireExplicitPolicy EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBw
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRTBDBgNV
-BAMTPFZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoQSf
-MbaUeJHJyhveLx+voUuSWxwNEG56mZ5evCeaSjObXqfeHXkjtfpbQd04wlsSw3CO
-OP2TR4ompdtrgHYGZeSsXW6VhkWz68SG78tn8laoXw3lTMhgrYqAdk+giv71qeBZ
-DYVr+mZTxBnmhrgRiiAQi8fhl9p+Bf89nbW03icCAwEAAaNSMFAwHwYDVR0jBBgw
-FoAUE+aMwSsPZ0tMeh0OtsAhWiSZUIQwHQYDVR0OBBYEFIGUYNMP2TtFxnkarnPH
-B1oeM5PXMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQAXMz/QAcFC
-0oNUODgnlOJdP3lcECIPpmtJbhAmc3UABEXUG9ak3/kkMNENOktNt62qe1/K1c+l
-uYkAMsmUn3oOGYV9Zu77IiiChOYDH6touQtxBGtVTG9Ki/gdaPWfqZdfBs0xkGRg
-7mzJCvRrEXDgQZW0kR3C2LJ9B4f2yt2GlA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem
new file mode 100644
index 0000000000..f7b088202e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 14 25 DF F7 E9 44 A4 76 C8 32 2F 31 E0 FF 93 D7 82 55 4E 
+    friendlyName: Valid Self-Issued requireExplicitPolicy Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued requireExplicitPolicy EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMUUwQwYDVQQDEzxWYWxpZCBTZWxmLUlzc3VlZCByZXF1aXJlRXhwbGljaXRQ
+b2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDbNiXBm0YtSk/Ghd0P94U5XcIcxuUottE08ezytyJXoHrNGEdQ
+qr8VdETgymFh8mzVUeMJkcid8m4WNoWCRgLJ+79DRInPxLrJr0iN/A+KFE4JmtKr
+cshTYXlFRZ2gNdgDtkQ/zS5ZbkssumE/R4Y8RQRUeSTu2VdnRMaAb/Hey6UWvv8j
+cm79m4y7ZJ1m7Q5nykQkzrerHkdSM+9a2d7gQzWxMqPYZr54VEoKHfsWCBpH6vPt
+DfahIBmc0wkScZm3Vty6ILpYqx1dCbRSC1jz0gU7wgCq0PLVwWksfs7uO4XSSIji
+U8tD6x7fkn/KiecfEJ9a8T08CvnBB8ZPPY/XAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FO+r2tjhgDGnQxbuxHYNr+xt8mChMB0GA1UdDgQWBBS9gn/7u3AKjxkoylIClC3A
+ACjrnDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCgEHowL+jSGlcYfdQLxsHaH/Q5gbvXHZXE7VlyZfCZ
+bMB9SL6X1zZYr99nM440HkNQ8kvENLrjG9YzbDCj2ykFpfAmyHGXOa0U+LEXvXnK
+NCPXbm056EYJwHy8rE+LpFaSYD5Qcc7puf0ToqCfeAZbVaVnl18urIP5tTeTqbdg
+w84ha1R7A7vtDaJG0B+ZzhafN0ru0BBWU0POm5boPr5+s/Hm0ywIHhpAELDoQM/h
+gLyUbObTDv9w9m1d4GIREfaUMKt6vANCpxTMUSJI48JC+JyN1EqbyPncXRKWhl+l
+76t2DNnwcWV6R+firtZXTFvdWOPgCJO9JkC9uHBlXxM8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 14 25 DF F7 E9 44 A4 76 C8 32 2F 31 E0 FF 93 D7 82 55 4E 
+    friendlyName: Valid Self-Issued requireExplicitPolicy Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,91C67D9C3260E50E
+
+4TaEdXpD/8t5Fppfj+ePTCD/BH+Gle6MObc8lIkh1J8lQK+DGhu4KLfFjDJEA8by
+QrsEk0IYk5wMMHwsBRx1yYY2KYekHNBEDD4SwAtcgx4GtoFWoCUdbQzrTBMNW0C/
+f1q4vV2znxSOYwYDKXNH1DWR6aRaSxW4kHUNejjq2jqs1j8Z1NFrhTrZ6HlKiKcL
+SiSvFC5OL8YqzQlVGL1ZfB/yUU8Y9LSJa0tpAfhnf+GjvXE++QeXO+l6s/xhHpZq
+bgbScTQqwgrAhuTxO2Te/AGTMqCK10LRj0XjqzBRr6rPWz2hXOJTuytXuPOVS+1M
+NwKMoPaElvgOIWZ/xPGyY1hI0lK/+hhK3hmSoPoEQLNxLLo1Re6mTrTfNX+ZQAdc
+RHFX4p67WrI35CUDBUfhOkmuBbGHlKzf9iEQ+Cxk0UDDHhMOtrwxwhT4c96kRSCy
+c8KLigv8w30dPTtdDWZxeRUuJpVly7iaGp5kc0O78HsSCnnduUIzHicXZcZXqHOC
+hydl3pOFjIDfpd8Unn5ATne1asUYDMFo/EdwcbEfssmxMgFfk1x9HrPX1GqmyDx1
+yAWeKzZcLv241yGIoV52Ox7YpGX+HR5gNX/Eyi38dMBNFHWSdHWrKBjluIw2KBUH
+kFW0NKjFJ3ukOel29T6U/6j3a5jNd2Lh3Inpn60PLPzvMn8e2feBKTKNBxSfaOAk
+av5hH0wUpBeuu+l8bpVTGE9/5ypt7Gqa4ncOiIyKeLO4fwFTYSmpyaydWxq7T2Ei
+qmGdIdzp8Mx0Yb8ahmbsImrjOK7JRS+lCvQHGif4Wrl30apkWCsoZMfmQx+qCbua
+Y5sJF+qrJsX27oRj/ud6M13xYl+um8RRTc1JfKO4Ja5bDJ1aCyG9i/aWaoCNydn1
+Nx4lylUCdKRoJLoGOC4WO0xNDMUuecoSEBOUQMYpJvlwgq22sj6dnAb11+y72LAh
+Sg44oavW5AzUhbPDmPdGdaCX5GxtpqNJQ4l4AaJEUfRlRvRDPOmV15FpjtM8VM+W
+Q82b64SV0EF9nOw8n6tfLqcEH2MGHtjbVoHRtqGToSAY135MbqVl+DknwW91en71
+MdBFtQo9Zxpekl89OTHQ0UerE1hkd1NgGgB9G7wp/I8CW6Na/S6/s3t2bc9tDUtk
+lAGVgQjgrq24EUq7Gp4XqmrDdhWstJaO803f/10b9TXHfVFF55nRufwFUZygv5z1
+csm6L9XEEkMDroeJRVghyzLmiVcb4/LCr2n5MkBDLwbbW52ZDsJoYxBID8mgGK8U
+McfcegF+AvJBlSEGYJ2EXOTfEs8r+DIc1IcOYRk9pISm+QFGJtHAHNLeA7HCo56X
+gvoVMAvYvpFwJ84EGgpl8Xa8PgY3xhXPf9YSc29DyR67v1y8x/EYvH2U25u9hUWf
+9aDGWPcKfW2TCRLK3OG3YEISBDLSH6p5FVWBAhUogDyiq7StzjIQn0J7qdHVnFyq
+hec7EOKh8Hvtm77TG4dzfWqAaxhHDbxNu+bFh9JTcweJftu/kvWVhsajYLwGqJud
+bptwGHUYoVtIY+Af2PCRyIxYIvRRxZCpgGBjUUEIRNlwwLh7SjQGhQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem
deleted file mode 100644
index 1af71df043..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBZjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzpVbQYnufknoy1tKbCSY840pKcfP2S+jFm6OFC9hzkLFn9uiYzCV
-rCjczQI8lFfM/4p9rUApMIgp4IUAxCOEcgJuKPKmiuoTwPD9XxbmZ/uv+iaLXqF+
-QVcbDGouj0z6RMNz3KGtf0pbgg+/+/wIK4c0XOIM9wTSK0aJVqweAnECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIr9
-Qil7WXhSSvdIHHG3xHGKplfbMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAo0h6slmGQJsCsth+yeyOMK3j
-2CqJ9gEajx3fWs7x2JJ8LM4zfbFFYctGPKpXdGRBTO8Dj9lQJCr7i1IMMHTitTa/
-xpjn8E0SQgzvkB/0BnSt7DiwV0LXCdtBlLxOS2Fw9NdvbE7jsuBK2W4KDOPElhHJ
-TKQ0T3TjKv8gwxTq8mw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtI4Yuumg8WznOojgeWHVZxG23imfdB9ntiQccDxAnvywEfQv6Vlq
-HNVQ5vsVQfvfUZCad2Nbf42DHRtpmVhlxIhKBjoNu/m6xdvz/A6/kvDvrEg+7M7N
-A2ZRVI0T3Z/mMaPuLHuCzKwU20TF6NonxgZXIbATrppAqRUfSY+UQCsCAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJtc
-UbwiJzEiQJQJJf/Pg3mto4EZMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBs
-BZsxRaZk1qx3balE6qmVZd7jG6C9Gg/n+I5QfXR75ZIus+0Y6GAviBzywvJ8CDZ3
-kIOOrYolpnycedLS17Jnv4D/IDP6OwvmT6/0XvforKDQlmAk6ioJBRAwHRDYHBZg
-lj8FXyMNUS313Un0l2FXJBhfJNBqb1ZqYwWcmJ2t+w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Separate Certificate and CRL Keys EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxRjBEBgNVBAMTPVZhbGlkIFNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBD
-UkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKj1Dg4L1T9e6MNcWCCvYvg+vk54WuF5s2Dxaa0lfcclqzahyLfN
-KqLCp0jCJyvA23IGF2C7I+P4dvjwW9kq0XD7H0Vt7LIjyQIpVyHObshN6gciyIXz
-iZjgaBqf8O+P6XhjAqsNyYSipygh3bX0Gqs/Kjb8qHbw8kdUG3Oq6xTFAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFJtcUbwiJzEiQJQJJf/Pg3mto4EZMB0GA1UdDgQWBBSu
-h3HiE1+nBL/O/8Ce2FdoNLsWhzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAFL8c81C5Av+LkiNwZqrbjHV
-HFmRSvBpcRFa0WoFd8bNntXow2oh3ygbWRWt3FucJqTq6t4tys+3aNQClu/fcUSS
-IljPUyYAlgSxOTER4P9OYePEC/QtzjAGRH/5Kms56LVZa7lrOl2UpO8dkluoOADI
-hXabE5IQYEEjA26WpmmH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8A:FD:42:29:7B:59:78:52:4A:F7:48:1C:71:B7:C4:71:8A:A6:57:DB
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:7f:8e:79:fc:1e:57:0e:34:9e:bc:05:3c:28:df:90:bb:1f:
-        c7:f4:6a:a1:95:51:f1:d2:b4:1f:3a:64:41:35:b6:42:62:b7:
-        e7:14:1c:bf:0b:ed:6b:ca:f6:4c:c9:a7:48:ab:42:9e:04:9e:
-        0a:b5:f1:86:99:0f:b1:7e:6e:dd:d6:a6:b3:b1:3f:fc:79:6a:
-        bf:f0:39:3f:03:ac:69:15:b5:2f:5a:17:12:64:8b:e9:46:9f:
-        82:09:f2:09:91:90:b4:fd:56:a1:ab:04:79:a0:17:33:26:c6:
-        49:6a:96:d9:42:8b:44:a5:ed:ad:69:82:63:78:8e:e7:96:1d:
-        17:2d
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowIjAgAgECFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1Ud
-IwQYMBaAFIr9Qil7WXhSSvdIHHG3xHGKplfbMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAV/jnn8HlcONJ68BTwo35C7H8f0aqGVUfHStB86ZEE1tkJit+cU
-HL8L7WvK9kzJp0irQp4Engq18YaZD7F+bt3WprOxP/x5ar/wOT8DrGkVtS9aFxJk
-i+lGn4IJ8gmRkLT9VqGrBHmgFzMmxklqltlCi0Sl7a1pgmN4jueWHRct
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem
new file mode 100644
index 0000000000..fa610b23e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DB CD 6B E8 FD 50 E3 22 68 C0 32 BE CA F5 E8 11 AF 45 79 10 
+    friendlyName: Valid Separate Certificate and CRL Keys Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Separate Certificate and CRL Keys EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUYwRAYDVQQDEz1WYWxpZCBTZXBhcmF0ZSBDZXJ0aWZp
+Y2F0ZSBhbmQgQ1JMIEtleXMgRUUgQ2VydGlmaWNhdGUgVGVzdDE5MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6A/taBe34m/ksKOwmzFEXaF1fuBIoQM3
+AGF9NWtZ5qH16J4v/zCqL2LJz1lSeWeHcff8ScbPAgsqrdU9miaWhmdPBRATsnMc
+Y+rg45i4a4yt+phGqrG3DeGlbRW10evsqvYp+wnRKQQVh/qwa8LQqJ9ravqDdda4
+EQIuCN611MApwKbXQEPU50zGoqpTznRlmb18QV7amVwZnU3mJ0mZRjigZo9ptB4n
++msdHllGFVfaql8rqyoJ7cRONEwVdzysDWmn+Ql0dioZqMCBWK294jfeErYsU1qw
+QdXrnff0cek4mQlledqYACJtbzgapOmpy8LRlpMA4DpgcGhv2JtomQIDAQABo2sw
+aTAfBgNVHSMEGDAWgBTwZdo/Ghda3tW2SJk7FxQQ10wUpDAdBgNVHQ4EFgQU603H
+KTKwnexXe6+XcA3kjeBBjeMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEACphhULftasvd9sThocYbTMs1
+BzSI0B1HQZLU0FGd2kYg7IEfrwYBc896RhLrSdbWl80bbeqomdED1KmG9eUl56ql
+6+qPKT4RB0eBEa06mBI8mYuLMGJ4N9mMV4w/P14cTnDVnXyIymUD1de+6kuQQ9n+
+KVtoMO8wyuu9OMETMd7QMH7KbOJZTBiBkhgJmZw8VaF5kYmVVmtryhTJnBszo1z5
+WcEbbSjX00Z4dQpzkIV5jlow5bmYuMrfb1NU8/uD8B27c3Ga/NGb4q2FrmFtsQiq
+Pb8XoXSJG2bL85SPhKP4j7GwPrTM4/xRmzbWOcookD+7SZzPmxzQBQ5wa+KQKg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DB CD 6B E8 FD 50 E3 22 68 C0 32 BE CA F5 E8 11 AF 45 79 10 
+    friendlyName: Valid Separate Certificate and CRL Keys Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3959557A2AA91B03
+
+yyDCYFHN71ZDE/VtMk1lScldcqAXuESWPTDIV9jVCdmcgoKjLXh9RNx17NoAih1x
+RskbCvbUbceXQhc15g5owlAPI+O8nCsBKLOSYMZNLgHM+5hzKJOCP/as4uizSBwm
+JDVjrqZeKwKa2yzCipq3VYK4CyedDjwXytaM8k9YjFUnsroKmOyPevFlDPynm4Su
++gpnn2kHN/mmCwOslptpcCbZZHutGtqfN4I/wlsjY7vfDazsZ3VwY+QDQDqNHMoC
+myrH8ntUg1HzTAK3A/3io/xNpNDoX5OPqLJ+rofBJUMUU2iRxp97aYiU/yDEx5re
+aj+bdmmteLfWePCY8dDafo45KPCNcseiO+joYFKaqhOQMql6k1RJlTCosvF3OdSI
+5h+1ysCwgPvQ2V5NSyZwaxMjq+b7mbgE9zNsJ79eTwcfMEQA2ZbtSIr0ZOFkHMIT
+mwsdN3tz1g2YR3Nnc0Dt5n/sy7IQAVzEMZgGeRfkbuP6K/dAWnTZh/DddPSk+OOE
+03Z+8v2VtSGgnD6oP6z4Ue2+ED81jTBzK82s2qkyQjvIW8q2mMohDK8o0+IR80Ac
+WRUUL6ua5Z5NEPiY2bNfua9r8siD/x4tGvpMMHcsmPKdPvfpmpzgBxlmp5Ie1PKD
+m3ntBAVuRIs5FtxyrK/qygM9LmCspnFpttPE3VebP6QGQZmB6qIw9FyZjGDPzz8M
+dhtphJwU0/sz1DQqiK74qw8Vyfp8obLfC0Dhax1Lj9SokQCZM32Ms4C78jLB8b3n
+uT3I/bZE5UOuEowggYTAUqcj3QaL0OsNauxxYJsj0vVDpgRD+GgGG54iQDMgdKKo
+6Clav4m31pKV1D1XEOYP7pZBsJkEQPfgV8Yfj+LTR7SxrdgHoJBlly75dT+eQqQ9
+PHut2xfCjyES1dtWDS8SejXlDphuueVoyJxGXGiMeqH0QlAnSQST8cTGeGV42W15
+imlgnN88x+teNooZ8jMPnk5jHr6UO2i17UbIaIY/rIeQExSJ2KZ7MNmU/bZkrMyf
+a+Lh1Sw5GXNyRLp41hgdzI38tFaaLnQ9HvHWpJzNIUG0xuz49nJcBGJIzNR80HRh
+lBOypWLsA09M1xCqzPLT7YLv7wUGuxMl4XwQkw+buzJIZWBQwYYjUgka7PdfNtfV
+STsBaS1zx0BU0KmjacVvWoOYIgzYJJQ+WTnDcXk/dJ9VCaApxdRJKlUqBKsI8jjg
+5VvCkp1kOwYkT1gfz8dl+LwuJZJDHPLdYFM75oevECkOMJmD2gcviEdt7jXykIF5
+BNE2ZxyBJRY/mgulAEFJ9r3C8D4UArni3RRyNOwXp84Qqi4vbxta3TMAAAzoewQy
+L6Pa3JtblN+vr9zUz4DIsr4B1WXU0t7q//Vmxgu5+5Cuy0jVc5wYDMswPAHZWvbt
+Ae6txUoySmdxFfhyzpB9tatlYL8g1mzo6k86GhA+yfOJI8csRimFplk9abBoyZb/
+kh302I/4+qmrDdYJhD0+4Xyhy9BbUZA168UeW03FCx+O5PiBz+Fk4gBSJyJvjCi7
+QlHNwblChH+2rYSZp6GAV6JNwx+3RuS9kKz3EWF6eaCORRmpRTOK2yS/oCHDJ1kv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem
deleted file mode 100644
index c2940bb425..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem
+++ /dev/null
@@ -1,146 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Two CRLs CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcTCCAdqgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMD8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEUMBIGA1UEAxMLVHdvIENSTHMg
-Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANF1dMq4ulaNZm1L3KlBM9wi
-a4eu7sCry3O20zzWCttHHqG1W9UYLqqivx3HTyKvc/acTndqBtaz9HcdrETCRreu
-UjKFAa19JAnjF88BluoZ7A7TjdhsGfsa8gcLUZCN6ZkJJok2wENNh0xdsVhVlmnV
-p9rqIgYFPbZd0tvUp44xAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4N
-sDzqmryH/0nqMB0GA1UdDgQWBBQwyOlKAd5DJkEjjFNTjLNHFheOyjAOBgNVHQ8B
-Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAW8JONjczN4V2xpuIs064NZkR/ZEqwuPDedoS
-bQMZtQfK7+587JhXzGM3Hv2INUge/GRWUS6Y0Ra74Z4EU0UjKIM0PfCkokiU9cMg
-APFxIwTaaIfmrFY5FOAr0tvJXX1fwvLB2EEzFoD3m3FT5dKH3fV0l07W+rAzXGXd
-Mhqyx5o=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Two CRLs EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Two CRLs CA
------BEGIN CERTIFICATE-----
-MIICdzCCAeCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFDASBgNVBAMTC1R3byBDUkxzIENB
-MB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowVzELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSwwKgYDVQQDEyNWYWxpZCBUd28g
-Q1JMcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAiWTa6oG+nNhsn3jFI0IU5eab51kPtxwKr8QO22md2ezjZi0Si3bkH+nL
-d969Tfp3AtKQbsaNJVgYIP+GLylF1YmawBW39kLy8yuACUb9k0OlG02sW8u9SsTJ
-ifK2hvRv/2dGMe6eOR0Rpknk/8CHUgPJHyU3wSewsookv22AcdsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUMMjpSgHeQyZBI4xTU4yzRxYXjsowHQYDVR0OBBYEFBVyE7Sc
-ZE9qRg0qsIBnbUWvDEhPMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAb3ltD/JZHS9eilXbrUwx4XAfOxMl
-l62TnSCbUwvD3VvSBp6CSL9/GAcOIQvGvsbyaFCCtCfPwSDw+Ub4vONlBK5+8uGE
-ceErncuILRQcNTwK8U3olehAt6Smh7aEcGBpdeMkSSZhoBSMe0GaIzCeDKELtG5d
-3yyDUN+RlEGX0tE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Two CRLs CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:C8:E9:4A:01:DE:43:26:41:23:8C:53:53:8C:B3:47:16:17:8E:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:97:f6:38:91:3b:72:79:fe:fe:8c:3e:65:dc:61:a8:72:ef:
-        9f:73:2e:dc:16:db:92:3e:2a:dc:ba:32:f9:97:0c:6b:52:32:
-        0c:7c:8b:89:a2:82:f2:81:6f:30:10:dd:5f:e9:ec:26:c6:35:
-        c1:fa:94:79:ec:4c:9a:9a:82:ab:3f:be:9d:2a:3e:af:d8:e4:
-        8e:c3:c1:c5:08:81:25:c7:11:83:98:6e:42:89:5e:6f:d6:c7:
-        f8:d2:39:63:34:22:95:56:7f:f2:24:a1:62:18:b6:9e:ff:d4:
-        0e:30:e1:b7:2c:03:90:70:81:51:bf:74:13:3c:dc:a9:28:55:
-        98:d5
------BEGIN X509 CRL-----
-MIIBODCBogIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFDASBgNVBAMTC1R3byBDUkxzIENBFw0wMTA0
-MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBQwyOlKAd5D
-JkEjjFNTjLNHFheOyjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQCvl/Y4
-kTtyef7+jD5l3GGocu+fcy7cFtuSPircujL5lwxrUjIMfIuJooLygW8wEN1f6ewm
-xjXB+pR57EyamoKrP76dKj6v2OSOw8HFCIElxxGDmG5CiV5v1sf40jljNCKVVn/y
-JKFiGLae/9QOMOG3LAOQcIFRv3QTPNypKFWY1Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad CRL for Two CRLs CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:C8:E9:4A:01:DE:43:26:41:23:8C:53:53:8C:B3:47:16:17:8E:CA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        02:fb:a8:69:0a:aa:8c:4d:f2:07:f4:6a:6b:38:ae:da:15:1a:
-        b8:c0:8b:d2:23:96:1d:3a:fd:d4:82:0f:c5:de:56:ba:c2:59:
-        8f:9e:97:67:06:1a:d1:4b:d6:24:40:98:4b:b1:c2:85:3c:be:
-        e3:be:28:9a:3e:56:1f:98:4c:9d:68:36:a8:eb:e6:1c:d5:52:
-        de:30:49:e0:76:0b:bf:be:3e:9a:b2:18:f8:de:51:f0:f4:da:
-        59:48:c5:00:9f:47:21:32:29:d9:f0:1b:75:18:a6:6f:d1:3c:
-        56:b1:5a:e8:6f:06:ce:ce:5a:4e:97:c2:91:cf:6d:40:63:8f:
-        d5:71
------BEGIN X509 CRL-----
-MIIBaDCB0gIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF0JhZCBDUkwgZm9yIFR3byBD
-UkxzIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBARcNMDEw
-NDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAfBgNVHSMEGDAWgBQwyOlKAd5D
-JkEjjFNTjLNHFheOyjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAC+6hp
-CqqMTfIH9GprOK7aFRq4wIvSI5YdOv3Ugg/F3la6wlmPnpdnBhrRS9YkQJhLscKF
-PL7jviiaPlYfmEydaDao6+Yc1VLeMEngdgu/vj6ashj43lHw9NpZSMUAn0chMinZ
-8Bt1GKZv0TxWsVrobwbOzlpOl8KRz21AY4/VcQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem
new file mode 100644
index 0000000000..78ea3689e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: EF A7 9B F6 FC B6 01 A8 09 0E E1 C9 45 3F B5 81 87 4D AD E2 
+    friendlyName: Valid Two CRLs Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Two CRLs EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Two CRLs CA
+-----BEGIN CERTIFICATE-----
+MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEUMBIGA1UEAxMLVHdvIENS
+THMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBcMQswCQYDVQQG
+EwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMj
+VmFsaWQgVHdvIENSTHMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC5JuoqCjmcfSVCDJ8pt6rU7wGuVd2jgjVKPpZR
+P7KiYOnVr1ZicDHgZKNP9eXgEG2Dlf0ajdV1AI+elrtWRMwMwVJ40UoWrgMSJUQ6
+15hdMLfJn/3Faxn8pRsxA2JaVL3l5HVJhhvIfS9sIDFKrGuVZdHkiAoCyVfyzpTz
+3k1YzPzCkhvObpROsrsiWvMiiUCPwgdO7KYNHooSJIPffcndBuJ9m6eAsO0WOHV8
+Sim9InCMhos0/P2hQODI93sMhQ0j1I9lpzyX0niZwLMITNHGpsyhpziXUw7Z9ivj
+tccFv2AdqdU9IP1u/VRenLXWcOYf2cF+ptqPPNZdbEp9AzwJAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFBChAdaZnYDjbf3n7ndLX/FJ2TxTMB0GA1UdDgQWBBRNPB25WV8Y
+wN3ySuDwAKYpN5htvzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCZZ/gPznl6z2bhDPfAXbW3c8gv0H/B
+xe1FmlkVfbdnBecT5Sapg1d+MBZG7vvChdROJPf/5wpLlBb4VWiTEFD88LGppkXM
++ba1w6oWyNdW3GjLAb1mso5JJi/rdSmJHXYOURmFACXhsMfp4HQo4xkorqetqV4E
+Ei4suAY62RiEjFRFPx85JmfGWRkN28hYcgY9BH8MNXkTolNDVhs3YWiD1L3WgNfx
+mQcIleaVRmBpxGcpNsggwO3igVmwLUMAFauMZZMrygJxixpvlRS04jJWCO++XQTN
+zy0jT7le65xMrIY4JXS+yV2wdoQlfFmrxTY1cvOaZp/C8owx1paNfpKa
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EF A7 9B F6 FC B6 01 A8 09 0E E1 C9 45 3F B5 81 87 4D AD E2 
+    friendlyName: Valid Two CRLs Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,859B11CA69F6FEC0
+
+sQDMkeFGX2SxHHzSZ+Gztmmzn9hP+4zMq805hqIDnMtAiqU3r6ZBHZBH8wp8YXdc
+iIs9+Zdx06ympfTpoPfXHy6zsgizfKXMp/GBwYa7FC6xEBCy/Q89sfW7XDAdFcCJ
+WhhNP3DOdVbWZ2tN/9IfDD8Q1XRmO4l5j/ZflcoC5TY+dnnezYnQoVvahMBAUZre
+vUZ6afp/fOOAQhkhEFRZXrLMRv8Gjc/Vkh4eG7ecBHM1UKUrTXqxGewrXQ8qH3uX
+gs+LKU1Z4e0BfH58mHxBFF4JzPCFkj5ILV8iNMpFU/ukrt3+KuhgULPF1gxft27R
+oll5gQKf8AvTttwuPMqgByKZxDZCAWSb1xKo50XA1BH+ktauk2n8cUp7cKy1Cxt1
+oWqp0TCganu7238KWuo9YSm1Jc5CDbc0m0JTxGUI1GepHQzdQYjgEq/oSn86LgOE
+fg9hMTnFyT7fTk1SqtUvcRumjMxvZftrmp12tUET4wMMH1NT7hdpZlpWnEyScrsR
+LOfuN73X309TIk17gKkCPYg2yJoB5yfRAkYVftcKJEb2a8rzmLabldO82bHhMzUc
+HPriigU/IaBfwl0H+SxHkr0ynAjqsfH73A/W1573BVkTm3EEi6pkKiL58n9vr/GL
+Jx8RvFZdUGhKHGC70jgQ5xmL3R4VZgjgKC48eacdNdRLzuappJSphGhf5nDdgzOV
+v5hChh49uAGzn+9zJdF0EeA3gWXrhwTbW8q43YjQeKXvZWq4+F0swAcu3BQtEmtg
+CWsl03GTkEIMFOcby+V6oLETMhNZovQR8Ri79pZdDJb7isLiphBmnZyzdEMtTsP4
+upJnBBJ6BTkGrpmXjXkAc3W0LlAyOGs3AvZmKwLzRlJ3lh6nW27CsZj2Km8282bq
+xVZsVo93gCXsONQcFhEnkxPxH663tYoMg1w14ZAGGvU/WCdih+toCACKRw0IjBY2
+4heKVA7DXTFU1iB1Z+q6fBpnfcJ2BwNNky4GafAT1sEP6w8wBPdRpZlrLy33DpmU
+2t/PsHalLTCIFqAj7LOGmqWW9CIaCghLXhMaCAYAOfyU5b+xdlmZ2wmNFWQigzG0
+6GkBw7ZmxEQ0+B+8NP0ZcUVm6nx4+ZUA4BMMpmTrXThyxO8bOqa92FgjNpxvMq/x
++VdLt9tsMxoeiWHmSvyZycxsP4cwwuA5c/V6Jo1ASHYlq4jDs+SVgujLHNCxbsXc
+hmCb6Sh1vEoXXaqluBgBV4BQO7hF+pqXs2L2d6MXl4ZrJrbiLH3No2MniDwYtGJv
+GL4e7sLXkry5B536EU2zorNM7EzbRNWbGE23WbuKah7Z7yPYue2eERs/mtKJJumI
+Z0CwpkAPRUAIjkNgRuUqAJOCB2z5XWtGCwn1M0pq67As1iIySNZGr02ccmaRZJJN
+xMBWm0WWGV+HewjPOA/yAYrGQWbLj7rsjVk7zJgYnhlwwEZtLgO9TwkwOQIBM9eM
+lP+GMyaGIM3hh1jL2JFwG6NyFv0e2sLWnK/I006/vPMejk+C9XgL+8c5zicppUSC
+FqVHPGbdK/Uaoflih5bsDlpes5BXYilbniZmz8Hyk4F8/zrbW7cvtA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem
deleted file mode 100644
index b7c8ae1749..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBSDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKxL9gyE
-2WbKCoEEU+RviucDsSOeDHQfoVxci7AD0RhpGDZkMaDQhM+DUHywwIo9zUpLVeGi
-xQNu1+1bQ4SzVBT6k7vcf8ZxPOUI+8WQzMNO5H2/PGz3XGpfIw/RJrRH79ICwZlC
-6QzvSbLJhOtJTQS9kFTECA4AeBzHEN3f0igTAgMBAAGjgaYwgaMwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKwdFrpLHgtf4rxhruHZ
-ZFp5vkXWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4YVLnRlc3RjZXJ0aWZp
-Y2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAHbVqbpvjgN0GV8abRGms01xVNHT
-PtqMarG3/zQImm9xDzqUqv81kX/8DOy9I/lo3Mvp83M9B74mEEiTTnxkYEpaSouE
-fE3/VAW8dTJb35NeZcOCNWDQv3eA7bufOVO+4KjEHERlxBfEYlPEkJGSLD98SF62
-OYmmR3Cda8cKBk6p
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid URI nameConstraints EE Certificate Test34
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
------BEGIN CERTIFICATE-----
-MIICzzCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6FGlp6Xjgc5M7qIkjpaJW/ie
-OIVcl5Qn+CIdaNq7obRCyoLrqT/lyrQKTifbp29aWeS20Q9OnvNHYe0AoQulxnhx
-tId1+3BJ657gMf8FIwZ6y7C1vKus4TE6lYhBXJZtTF5lE1znoTDmaO9u+Ix2/RY4
-lH5oTdCUCHiEdcoOBvsCAwEAAaOBqjCBpzAfBgNVHSMEGDAWgBSsHRa6Sx4LX+K8
-Ya7h2WRaeb5F1jAdBgNVHQ4EFgQUnBltKBL7MT2/JrE+lLcnIG0SKgEwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA8BgNVHREENTAzhjFo
-dHRwOi8vdGVzdHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdi9pbmRleC5odG1s
-MA0GCSqGSIb3DQEBBQUAA4GBABEni3LRvD7bB0FXjsIor6I+OaDVBV6uWcVuwtmS
-gtVMwBhrnKGi/nw+7E+wJs0Sa7INnkylGFlUzOLEFV1Sa6RYjmo61i4AE32uqzlc
-lNvE/bXQh6ah0Hj/sw2u9bXRn6zgPcf+9yQRsJ+wNYuB3rP2dsxckGRMylL5bDZq
-CfQz
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AC:1D:16:BA:4B:1E:0B:5F:E2:BC:61:AE:E1:D9:64:5A:79:BE:45:D6
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        48:8d:62:fe:d7:4c:f3:06:9a:78:4d:e0:96:d6:4b:12:b3:93:
-        23:96:6d:00:b6:6b:7f:35:25:e3:94:20:1b:fe:c8:cb:3d:5c:
-        7b:e8:f3:cf:c3:db:96:d3:62:4e:b7:5b:93:05:11:c3:7f:41:
-        94:e8:75:d2:8a:67:bf:f3:b0:81:25:22:99:a3:4c:02:9f:1c:
-        87:1d:b1:20:a6:0f:b7:c8:f2:2b:e5:b2:4d:b4:e1:bc:c3:85:
-        b7:54:29:13:e8:7e:53:ed:d2:cc:a7:95:3f:71:32:5d:3a:09:
-        a1:fe:af:ba:45:14:41:1a:67:fb:8f:46:03:6a:fb:78:26:71:
-        02:1b
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSsHRa6Sx4LX+K8Ya7h2WRaeb5F1jAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBIjWL+10zzBpp4TeCW1ksSs5Mjlm0Atmt/NSXjlCAb/sjLPVx76PPP
-w9uW02JOt1uTBRHDf0GU6HXSime/87CBJSKZo0wCnxyHHbEgpg+3yPIr5bJNtOG8
-w4W3VCkT6H5T7dLMp5U/cTJdOgmh/q+6RRRBGmf7j0YDavt4JnECGw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem
new file mode 100644
index 0000000000..83475b7d41
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 64 28 A1 C6 BB 67 6E 3E AE 4E 08 E2 AA 3E 62 53 85 52 03 F7 
+    friendlyName: Valid URI nameConstraints Test34 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid URI nameConstraints EE Certificate Test34
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+-----BEGIN CERTIFICATE-----
+MIID3jCCAsagAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgVVJJIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO5F/3
+wWBzxesA5Y/T/BL4plearIiSXCj2/J6WAYteqn0mrUwJ1r2apfS0ZjNREqqiKj1c
+nPIi2mIfqanPTTIYJTfvnR4fAYYpgU+b8jGCmF1qU/G7gRuvhfAV67/NqzkvmiRl
+Nq2qWN0xS+r24fotIAtBhh/kkzmRlgK9rJceRDX0gatRtUkZwNCDA8f132Ghsznb
+REzEzxlWWp1sTi6g9PgL/rvGH2h1RrhUby291O0fUQ0uplSXPgodYZxkS52o66pZ
+3pBTdqvCc7evLZfRaxz1uuFl2IYrYXUos0iOMoTqPzo5jX29Z6A4N78G6tB0Uksq
+nzGTPg6iPwrHxVNvAgMBAAGjgaowgacwHwYDVR0jBBgwFoAU+iitQRbeKmgXyA8c
+Iz8mA94CFAIwHQYDVR0OBBYEFNZ67DHSA5qsuP96390yL1+UdqlGMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwPAYDVR0RBDUwM4YxaHR0
+cDovL3Rlc3RzZXJ2ZXIudGVzdGNlcnRpZmljYXRlcy5nb3YvaW5kZXguaHRtbDAN
+BgkqhkiG9w0BAQsFAAOCAQEAUAfALBN64JUbbsGzkZBy5SAIDD8HJCpcxlMgJ6UU
+4RkR59QygGzwquDniZQvhDJ+ZqzgkBFY/k/UFXdpPJD6baREO1H+wTz/TPhtxMv0
+5n5Ycbno9qhlIr4JFj5gTU0DcDcYke7AztSOxyT3D7/Y0cpUOipTay0BmZA9ndB9
+yGnIIALUzQ5pDttKZso5TX4Tf8c3Y8V5VqhiN/dOQnXnsanyBSsRhn6jaPTowi9s
+SjNXIw3GgiWod26Ld9eRLMljkNgA1h2nIwkqIfStvJMzWVEd/tPUj5+lF3L2EqL8
+8E9ziMi7XGb1hpCr9oBN+9TaDQF58lRFiwZO4c92bCqmJg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 28 A1 C6 BB 67 6E 3E AE 4E 08 E2 AA 3E 62 53 85 52 03 F7 
+    friendlyName: Valid URI nameConstraints Test34 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,50160F6A2AB4C12B
+
+kohSQm0k1WKhPHAE0UjYK6HN/4aIK2XHNrgcB/0imbi2nIsENeR2BAu3c3VTXTm8
+rNPxawXFu6SrqM4Q0QUvY5Iwntas8y8jPvXibLKWIR8PdtQBn0LV/xUTG3DWOUW/
+YoTHB8TrDYYLqNmIlzazOjlCU3GGanFuywep0UDSRSqPja7mFrLxmQfNySan1ucl
+5oKHvZISFQoiq35ujPdtSR9oXAkrApsI3g3EzLCXhf1o3OEToUleXdLsnIP3oO+j
+Sa2VrkhWhTrrJaud5RJYIBfrtZURg26OQhJuTjOI3FfThliHkfBqx8zP4PlDDmyK
+S+hE7IqDD2ANWqazKaAReG910vX2FdlFo82YsFF8ultSbt+WNwZHY1/76YNCSL/5
+OwVbbOdG+iaD+k9uWbln4HalwB3eS9HlSVgUQLieXluVbRUtsjevJQSWT4mvYI2z
+ut4SLttuxPL0+QvKoSfZ1I7cfCQgLo1Wxw3gHu7hhyIdSqey4HPr6YYTyvjngLmp
+j2AxQLCyfMRJFod7louYs20qnvOAxL+0UAgRSMtkRSj9s/sXw+At5Dy3W0LDjx/P
+qq08eXYImXTbG7D1SvWln0xwJlM7bItEIgdRbnXmnAThxLshAi9bKVC2OTLRj7HM
+b4rx8EvgQViQ6HQEZQAPLKHDEfLUhgk0US7Tg78AfPuY/IMY9MquXmvBMi3+ngkR
+RUeuUes0puPy4q3xSrc/Uf6nLpPYdfqN7hFOXWH8yfVs2vsM0/iVHqCM/XWm0zMc
+4Vf5qhZFaoR1XLSH5/D1jr4lDhB4r1Mh2N0y5Sps8SbH2hiSAKPrI9jTlrmH2nUt
+zlzu9kUp5KORPjV5/cf59rU4KeJb1S6deG1uBAB7vwtJhQdzr1HNURM2L66XybAZ
++orb4HCPxKPsHCUFMbOWPyhc/mOSHJAcjylAFosu/C0xqNl/gmoKzbbp7VxV9hZf
+SIJUgNu6NZLhrjFBcekEfiZDIyDLFYpJ1vTcAebJn5b+/9n9xkRjF0IbPfbDUX3t
+gvcrKcr2puANr8ZrgqjFGJJ0B7AEMZa1x3NCiMXioQXMVupvTtL4b8zmsWqD3ZYZ
+yeFYnRHlXC2M9cZNm9yTqIDtEOc6zB+dqYK0VThKP7YfDoACuFsei6EBGsY3A3n3
+V0csq9RMm8Svo3qrhR3ygDiWWyxWIwxrmoRIZgv/bUhScwfsccf1oahlvueRxfDA
+8ytIQw3SwXhLflmmqdd3AA1Ks0QZAU32JiUhKfpzzHxjad+xVLElrBMjWMoUvy/U
+rEjvQCasrTCOvf9cxt1pla1X23USVcr4q4mq+amFYXdpn67mDemqeI4bnJmOcSC9
+yic2OuWgBhU0zRytkn2oBAyg0r4RTx2Pr64BjPuuHCQ500EMFOiuTfJJiPvgb0F3
+IgLmJoHr3lwD4/bF1UPLldHkmLdVPYBgYU+Fc721zIUJJQvEi4AedOPcRzyJ+tlD
+v7FhWudV+Lt+sQl5kZ6oz7u8BzOVfcTApJUu+7dSfiTujbSnmip3gB07mvUE6kQa
+sntlWQbLfnOM+uxH+cpT7f1vmpXkv/CcJCIfd+fX+yoYk5B/0q8KKA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem
deleted file mode 100644
index c13af8a307..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBSTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCu/tVS
-XB6TUXM4bU2lQ7EKvQrGMy49TSnHlIwEVZ9UNvbSA/ChnCxPIKWiVWlqdqr0evlL
-xdLPxQe6xHuVjkvgFleY6RjA9LqD7YFFvf8AnDD6BV0kIr3itChNI2abON8Dh6IG
-+o48bCPAt9bqxCepQbrSn4mYSlcKjyn66Ev7AgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIakVWPxjKAjp6e8y2yq
-bdBaxg9aMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYYXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAXeaQUlCHmmhg1rKHYxVfKaCq
-S574GPbDh1QtQoNmVqFF+yGHse9s4hcYcv7VZB74kYKCFUShbBWl1VcmgPbJLDnc
-MDjP1B35WdH4IGAxCBLHOiuv/1AWL9EfHUdhX2ZoFpJqNty9lFkahCZ6MARJwtS2
-fBh60OItInetzMDECnE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid URI nameConstraints EE Certificate Test36
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
------BEGIN CERTIFICATE-----
-MIIC0jCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvE7GKi9cq2LoR4nDK2rqmEIH
-MsJ3m6EeWMUWwoRidb2gH7E45Oumq5skRGihWVu15Lokjua+3arteyn8MbuDj+lF
-KcEEP4VLE84+SFaA5KNgDJspoT7+UiBZRELwTxiTK9vPR5VQyTQnc/M9PkfC5rvV
-WbctYK/HJ/r68nmGAQ8CAwEAAaOBrTCBqjAfBgNVHSMEGDAWgBSGpFVj8YygI6en
-vMtsqm3QWsYPWjAdBgNVHQ4EFgQU2X6Y6CoZbpdRkA80xPGNWG1aeZ0wDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA/BgNVHREEODA2hjRo
-dHRwOi8vdGVzdHNlcnZlci5pbnZhbGlkY2VydGlmaWNhdGVzLmdvdi9pbmRleC5o
-dG1sMA0GCSqGSIb3DQEBBQUAA4GBAG2N3tYbTsRh2FgGR/eAxNmVerY5ooWKrZE/
-MkikG9U+XWgHChNL4eR92wDJVi1h5uVvSyUIF1vEFXVfVxyqG1kz1dqWcFrZHp1I
-w3WD/3qKE0ilWL+AnW7LOOTbTUDevmIwcUAvl9/QiYpexJyeQhzWJ13gh5vwkfiG
-coWXP3GU
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:86:A4:55:63:F1:8C:A0:23:A7:A7:BC:CB:6C:AA:6D:D0:5A:C6:0F:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:1d:ee:ad:1d:21:24:88:c7:70:27:82:cf:68:1d:fa:61:18:
-        da:2c:a9:9e:05:0d:b4:7e:e3:ac:49:fc:82:76:d0:6c:80:1c:
-        b3:b0:36:4c:44:da:e9:0e:aa:9a:df:66:1e:0a:80:f4:f0:0c:
-        84:02:2f:57:47:96:e1:f7:ae:e6:be:85:9e:53:e0:97:1e:9a:
-        68:7e:f2:32:8c:d7:89:1e:63:dd:3f:47:06:30:44:e3:42:ee:
-        30:c2:d6:ce:3a:46:4f:6c:8c:e2:43:c3:7e:5a:51:ce:5e:73:
-        7a:ed:f7:5a:04:a8:0d:f2:f0:67:af:e1:0e:b8:eb:9f:cd:2b:
-        24:62
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSGpFVj8YygI6envMtsqm3QWsYPWjAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBzHe6tHSEkiMdwJ4LPaB36YRjaLKmeBQ20fuOsSfyCdtBsgByzsDZM
-RNrpDqqa32YeCoD08AyEAi9XR5bh967mvoWeU+CXHppofvIyjNeJHmPdP0cGMETj
-Qu4wwtbOOkZPbIziQ8N+WlHOXnN67fdaBKgN8vBnr+EOuOufzSskYg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem
new file mode 100644
index 0000000000..c54a940b53
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 90 C8 1E B2 98 13 4E 66 81 CC A0 66 8C DC 14 EA 92 3A 08 CB 
+    friendlyName: Valid URI nameConstraints Test36 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid URI nameConstraints EE Certificate Test36
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+-----BEGIN CERTIFICATE-----
+MIID4TCCAsmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgVVJJIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMbB0+
+65ySk6fi6dtExfV1zX4fF6wQUg0um9bpkU7sssBLoEI3fNMzQTM1iwjpbQqILiRP
+0zqi/pEy8LTZZN0H3/Bvign4sGWhf45iMB5gIVR788WqOKz+vnTHjzjve8a3y2BG
+0obtbCGD03k3a1zu3EH6X6ZXQHN5AXFgwQgOkwWf0azdHUb7JO4fSFMH2hNEgOJx
+2ip+HuWZfzUzIa+as9ysh7OCjJYySAp6jxzvrQAsRcUQPd0XLuJKUM/tWXAzfqgy
+Rk5RsfcnLiBw/Z4fB1UzhN5RSGyBxqwiibLl5zeEQxDETmW7kVDN0V0khIpX7mD3
+frmvHfx1nzaSU4IdAgMBAAGjga0wgaowHwYDVR0jBBgwFoAUTeuJcd/wBAGy+nY6
+WLG6YN2M08MwHQYDVR0OBBYEFF3cy5MzmrQiP79DwPPCIj7VxjfFMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwPwYDVR0RBDgwNoY0aHR0
+cDovL3Rlc3RzZXJ2ZXIuaW52YWxpZGNlcnRpZmljYXRlcy5nb3YvaW5kZXguaHRt
+bDANBgkqhkiG9w0BAQsFAAOCAQEAXHV9C9XnmJqFiGQvsQv+Mtb3wU/lbRlv7P4+
+dVItASgqIPJwjrGAEkFjykCDUd/ozD4lIo+UxKwXAEmH53wyXLnnupluCnPYarTM
+KgWfQlBj/eO6GNEQLujg05EK7VxfFnr1jPXEaVBIacwwXNlEGVFK/j5GaOKh9kbT
+SwdMgzGI8R+k8mYoLbVcE3Q3v3zsZPjsME8OBW3d+AytEb2gWScJv/iDfCSgk3rQ
+F7NENzPMDreitDNAhxvmQL0/KGewkCStOjFHaBLQKR+ELq8TruIEuypNl8BNFQf/
+HSf5MCFAlkXUNaff+m/vEvm6j6l4WlcuY3cYA0BLG+OTnSnTCA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 90 C8 1E B2 98 13 4E 66 81 CC A0 66 8C DC 14 EA 92 3A 08 CB 
+    friendlyName: Valid URI nameConstraints Test36 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,099C68B6A471A08E
+
+nyQYist/gy/S0F8Dbw3KXCcHMxzhAM2TlY8lecSS2d+Q3hrFWrqQ7tIrwZYGzznv
+ypq6Wp8Jxkq357ceY7F9yz8UA/TDK4xQdFITeM4toUknwscbkSNHgYbMAFwpaSAC
+1dd/VyVIEUC6q7gbBYoUxCXS3tEcoIzmwSO1unB/c75ks78uY1ygyrjPu6VrnOMz
+wQDrOAdRJQhwAvw8DBqHUejxThr60UMi7OMbNlzlzud9crBdlUzAluxkgTagpihe
+9KBvPUGMAtnGmchmCQEZcNoQ4mqCLAQqcylaQl9h9bUnMrAllVteiBpePHCBTO5e
+EmfSa82yQJI32NyJMI1a3soP7fZMQzitHgGKo9Kcw2g0qAMjtV4vgB+PeavW5zpV
+uNCQ/cYbkie9NbccrkHR/iiLtOggws/Sm8ZQv3WaAtamDM0TK5uLilWWthvcD/3X
+h0RPOaBkzH+APUbTk2b4sLFqMJDmKEO0C1o0yGDsvo/0AarZCUXaw7LE0VmAV4aw
+ux68ttmqIshamV7rj4UZ/V94M1KLnxRcvGui4XdNx0sKA+so01+4XgIZEXWRR0mM
+RKGwO+zlTuSRtCgo5rDwx6rATxjq65PawAMZ48QGKXZWhfvEtGwsmCweQvH/G241
+LZKBXrl0wO5jEeGHvd5LGRjZQqP5AEnlUV7fKWb19j4HidOtDixZyhWxXDt6x5k9
+BEEKrDp3K8Uhu/+cYLtziCa/ItzGMPiBUd/m5C1zYcUqrh1eMaPh9YBbRdXR/GYh
+1g6dEXcCwjyLrYsaAjIydKwES0Q8lnbwVtC9VyQwVId/X+dp9ayU+IWPBweOFZ+Z
+bHp0oAbn5fPRzx/BwjhpHUYbmqgs3knenQDYofRiPCaV9oTvEt33iU6tm+tsOOt1
+d4Jqa8kgbX05+jxDIjwjY/v2pVqaKllJzpKWFPGlXXj74aKRrVr0kEXb2pklYp/G
+3HzPbEG0OegIFAj3qBYZujbJ9P0Fys6/Qz7p0gELWRRvAsXsKntRDBE9n2QrzGzI
+iT/r9u23pjmNv1mIT8bIArzTmlckJO7QeF776Ti27hQeZcYa4wS9m8vqAljI0LWX
+g4HvChsaS1Q4SBS1Fi1WaREDOfeuJyDBaLqa+Xc+n9StuN3bJlsx7PX5Y3fIQBD+
+ixmyMZQHaopuue/LH9BICaDHvU9h0qD1jTAs4oDr7OLzaH7bILDPsooVKMmb+EOT
+NIT85QC4sbrpVTK1UR0Mnw1D5QOCRyuQyetdG6T/bpKb2V4AjWFX5BSexhp5YAdx
+qfRkib3DKF0s//evkn92phwVoZP4lTv+phVRIU4DSSxxZST7XNsr0QzlE2lUkYTT
+AOCOeB519BHdugmAT3WwCqbOEcmnqef+WHnWWH8IplTU355MWN6odfsFDhCr/Sf/
+/7XajGPw0dq7w1M7gUpEJcQC2r29s814L3UGstU55+rfnf3tevs9ar6HcuTM2Nhm
+IjP0hHeFYaD9AN9AvyPyhYwn1sEibpz9y4UUOyK2yCe9BGVzFXl0MJn5VSX+qWSX
+7cS2hhm+v0zRqGA7u+fMaqWMnMWMl3+3Pxh/8CIhC6J/ioGHtOjz/AkWR1e0Qaii
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem
deleted file mode 100644
index f91b6dfd97..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UTF8String Case Insensitive Match CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBZDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKDBFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAwwkVVRGOFN0cmlu
-ZyBDYXNlIEluc2Vuc2l0aXZlIE1hdGNoIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCaogvEpeDhTyOkM06wjnLD1JeNedm9VZ+FpIvkkhrhGKskIHcfsNfJ
-EsrLnoSQIj5ocFyxY/76uaSgJcEhTpIj695mSBtyZThgQr07wSGTByiAmO3fR3if
-tMzWdzP9j19QXSUZjQCBNySjtuabFoqgR9OHEmVjly+67Al3yaZDEwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUNmIV
-KXylwtCEEMdeoxYn36lEE2IwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKnn
-dr5r22s30krLGaZ6Ava5zeA3jRRsq/ewoyaGn39VO/MYpqRxPdqlVqLO41PCjwTY
-VjndPhVSfFsQHxANRG4TUD7MBKeNsr3eclIvzCtIb8U9dwHngXeYNlih1ufYUDZ5
-z5oTq4R9mHUGu1Jz/uW9sisBRMbS+2wj+E/3yezC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UTF8String Case Insensitive Match EE Certificate Test11
-issuer=/C=US/O=  test certificates  /CN=utf8string case  insensitive match CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEe
-MBwGA1UECgwVICB0ZXN0IGNlcnRpZmljYXRlcyAgMS4wLAYDVQQDDCV1dGY4c3Ry
-aW5nIGNhc2UgIGluc2Vuc2l0aXZlIG1hdGNoIENBMB4XDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFowcTELMAkGA1UEBhMCVVMxGjAYBgNVBAoMEVRlc3QgQ2Vy
-dGlmaWNhdGVzMUYwRAYDVQQDDD1WYWxpZCBVVEY4U3RyaW5nIENhc2UgSW5zZW5z
-aXRpdmUgTWF0Y2ggRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDsol6bNoNnlNAy2lkPsdVM02fDVB5vmtUbTN2DiXfYxICd
-NtMW9orODpZLBLuhHD9L/N+amY5njVAJUpvbdU2cjFMwgn/YfQ/eDXrCDPG2FLaJ
-WA0nRqHFrhBVz6MgJFtpJUz3e1Owsy3U03aq9SthFb/BBFFOtAH6mXnuBjYVTQID
-AQABo2swaTAfBgNVHSMEGDAWgBQ2YhUpfKXC0IQQx16jFiffqUQTYjAdBgNVHQ4E
-FgQUxMF/9KLvn9+5ABPGIN0ZEfq0S6cwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCLnWS00RFXZcbBCM15
-7+vQE5xrZp4AH8MhcC5CCS7C5F6JkHPcXT5OnCCN+d0cmCCTgolBi+AndeXwen9O
-y/2uq63SVqP/H67rcyoxaGeqSxxZqbowZqboUMBLinSyMq/coqnGbiNjK+K7xXqR
-borsQCmKGqvst1rn2LPNKfKRCA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UTF8String Case Insensitive Match CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:36:62:15:29:7C:A5:C2:D0:84:10:C7:5E:A3:16:27:DF:A9:44:13:62
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:f5:46:0f:c0:5a:10:87:86:95:df:18:69:d7:c8:99:4c:84:
-        5f:f7:1a:e8:c7:66:27:41:73:a4:72:f6:09:66:a9:f7:cd:62:
-        22:87:dd:24:94:77:c1:38:e3:9c:cc:70:64:29:b7:d9:76:94:
-        59:d7:26:43:86:35:63:6b:0b:81:a4:1d:d4:4f:7d:87:6a:b6:
-        bc:68:34:9b:ad:d0:1c:34:3b:72:7c:7f:25:b2:19:03:a1:24:
-        ee:ef:d3:3c:a6:21:cd:79:11:70:d4:6d:5d:c6:67:14:39:17:
-        e2:23:30:76:5b:f7:b5:4e:ce:ed:3e:57:2e:58:1d:cc:ec:ed:
-        b5:52
------BEGIN X509 CRL-----
-MIIBUTCBuwIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMMJFVURjhTdHJpbmcgQ2FzZSBJ
-bnNlbnNpdGl2ZSBNYXRjaCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WqAvMC0wHwYDVR0jBBgwFoAUNmIVKXylwtCEEMdeoxYn36lEE2IwCgYDVR0UBAMC
-AQEwDQYJKoZIhvcNAQEFBQADgYEAMvVGD8BaEIeGld8YadfImUyEX/ca6MdmJ0Fz
-pHL2CWap981iIofdJJR3wTjjnMxwZCm32XaUWdcmQ4Y1Y2sLgaQd1E99h2q2vGg0
-m63QHDQ7cnx/JbIZA6Ek7u/TPKYhzXkRcNRtXcZnFDkX4iMwdlv3tU7O7T5XLlgd
-zOzttVI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem
new file mode 100644
index 0000000000..55689d442b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D7 D0 63 11 F3 B5 B2 43 11 C6 86 8F D5 31 5F 7E 92 4D 7B 10 
+    friendlyName: Valid UTF8String Case Insensitive Match Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UTF8String Case Insensitive Match EE Certificate Test11
+issuer=/C=US/O=  test certificates 2011  /CN=utf8string case  insensitive match CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEj
+MCEGA1UECgwaICB0ZXN0IGNlcnRpZmljYXRlcyAyMDExICAxLjAsBgNVBAMMJXV0
+ZjhzdHJpbmcgY2FzZSAgaW5zZW5zaXRpdmUgbWF0Y2ggQ0EwHhcNMTAwMTAxMDgz
+MDAwWhcNMzAxMjMxMDgzMDAwWjB2MQswCQYDVQQGEwJVUzEfMB0GA1UECgwWVGVz
+dCBDZXJ0aWZpY2F0ZXMgMjAxMTFGMEQGA1UEAww9VmFsaWQgVVRGOFN0cmluZyBD
+YXNlIEluc2Vuc2l0aXZlIE1hdGNoIEVFIENlcnRpZmljYXRlIFRlc3QxMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN29zJK6hFJG5nAuyoIXSLM7XSRW
+O5FCiwm1id6V5ELZnaiQN5PtY7ZzOdQ5Rymo60UCnsnp2Ylg1OYh82GfvKG7gZS0
+xRwA/3Z5veLZsYhuqm/yixO3lfbmQRb1axDgfudVwUnwdQlvXjXPf4EsIB5WIAIv
+JYryutqJNIn3VX5BeI8luQX2ynlkc1StTCeUMnXYT26X2GW71m0hn5RsSlwHayo2
+HXVULIt5ojyGoatCESTbN0kmPXKJQTwV/KmER9Ual9Zb4BKvdy0Kbs/SImNzmA3a
+VITJ/YMs6BA0OshD39ZkqvDF86aCConG69VXWF9ASOmClC/asa9AyHvDAKUCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUYN8Y0cqpUJIRFyFE0nf1aq2mvngwHQYDVR0OBBYE
+FKzudXSiTCM93NKYuEBr9McOizZqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAEv6NJ3Kqb+fORfTmqBp
+z/UIu+rdVqUmqVOc6VEG8hrOWOUjNHxb+DQHwWSM52s4ednWj4iOrERBtqI6I9+L
+Ja1yCa1i84KLowhew/iH8fgFqLnuoqiQ6SXvY/z6hBIHgOSZ5LI0yF7Zsw7R7JKc
+S4rpOI9lrXRPHPFv51Up7Z9BUNv1QOU7dlLAIwXXKvEETuYD4rM25w2Jz6ogfdXD
+Rs/B2OAm5lKTf/ZNeLtF30oyNPHPol0DvAQO25oRtrguOShdluY++kWqDXlVMetI
+y5xJ4/n3p2W3V+S56jwwok+627UoDYUqS4ulQtix30lcWi2O+UqYgFnNWJxwa+Gj
+zp0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 D0 63 11 F3 B5 B2 43 11 C6 86 8F D5 31 5F 7E 92 4D 7B 10 
+    friendlyName: Valid UTF8String Case Insensitive Match Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,58848D19CF96577A
+
+mvFg38AyE/2G/aVUlNhvdTka5AvgOAknAWqk4lP9m4oGx4V/QH39TjFGG9HHF25k
+UXLMXj/e4qbN7uwU5T+z+A/FiPBBuhjCjcK2Bm0zH9O88yh/Qklop2XQQEM9oIXI
+AJrYXoKfin8Q+AgSvZ92CfAYqIm7j5jEdQaf3o9yih2aRQTcYiM429fGM5gSY+mv
+vS/4MNJFWyME0D5aRJrwBK2lMmiQI/zSQfmZRiNOYE7z2htmkEECeGarO074gO2z
+He5RKtGc15x09AP7GzzDZOYMX7tC9PyxE0dQ0sif28Dw7bp/mZeG31geznW7kpQt
+p3scKoZ8TKOVmxnxbrHUMhXQ1nd0hVRTAr1VGtp994Na85sYe1SKpcF3WMxCJ7pq
+ttZ0g50S0zLlgjJjOPcnybDRMoNwnzZsEW6RiQdlNZY3TRoeLkNfJgtTV93jxJ+c
+8l6TO8Us5E7GjChUnN8/Oo9U89XXVKJW7MOnbxCkqlAyHxl1prOvpBecHhuuN6or
+0e/RwMxrkObCN4MPpa4+axzhTBPLDnqGJSCkF78VoQEF55QF3ZFDWztwhusM+bWL
+U7wfFjLbIZZw3vlJOu9/7Owva9Od0es1+X8+V/RVjbMFS0VxnOTjjeLEG2q3Cqll
+byesMZ2csF2BAHoCtP9mlQ2NXalDi4hSwf1RpT47KqAnaX4y1lI0lHB8Bv12UHDy
+foKLxTrZcDpHKvpxgkQRBClR2ZIUQzwpNiOtIo5c8BCyNn6FLCmXnasdZSG2ow6M
+gXlzpLoDL8g+aTI6U3Ruo0NiRmWFTljRcJOKoCf/H24F1eOCRLQOTwJs97YUD3/h
+dK2XGkGKgS9dEOon6CnCGVti8NNKBMDpiOt/PwtLB/IZf6PCUunVKlzqnyaT4twL
+dUImUev+ybVpBGQADYxQ0qWjtpGee1kUjBPOMI+UbzYogCVbAJlutQJmqYX8gvQn
+vLmo4kh2NkoS7nHyCAQb1d7qryoMYq8ODSIW78yj9il4YblajBT0N+x7KuU+K3f4
+hWIosco1WnejXmMDBYXyhzI+mEE0B5nxzio8zSFYXOe06FNiWeY6G7j2UybfA6zk
+7OLT8tEK7xk/Q23ih4wHTndaMYzPMDepEM/hdSXgGHc7O7oXEVfprHLVxVZPy+Ju
+KcLIu1t6BEEpXbrE+Ar4gcJmYQePkMs7UtOxBdTNijcN/egmGY++6V+Pg+vDjqzn
+Evr+rjq9MxtSqMntrtZJ8fLd8Dufs7O/PCAfDAj2lISrYcjx6Zbf/wOaU/+VzCu0
+tGO+ZuxTMWLxnGj4VhFdy2Mm8maayva+qMDP4SBlYsChDMjgMdXBkq+nyXdFNQyf
+a+8owuaXhRd+wpMmPy+4WKkJ35B7rlgOw2uYcKei1IkqMS0Nvl/yH5RMPjeLWxgA
++ubuZm6zXpM75sbQ9dEgwDCHadjRYktEDfVhT1Fm1FRjVGU+12FSMa9wGv/OVWN0
+xW1g3dqvXQyHQ/MuWGRfU0OHa92bu1cJ5vUPVtPOdNXwKxx8AdFlqZyJWsCd2OCb
+ST/BEi1+SBIPeV73M6movs6zFP2/e2VKvDArHThf8dVQROqPGO9Nyg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem
deleted file mode 100644
index 2857bd3c74..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UTF8String CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICczCCAdygAwIBAgIBYjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKDBFUZXN0IENlcnRpZmljYXRlczEWMBQGA1UEAwwNVVRGOFN0cmlu
-ZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwNymUjXTPLYfQm1sbyf8
-QSDxshobqw4r+yna0i1Rj3o7Lu/5vt/vqIPKH2r52EYvuFWBMNKCglyCcqidFgVx
-Z+hsUqJi79uj1DhGgqeSG1/gmyduba9sGud4J6rNhVuz1E/dX5gu81Gi8AgFQj/D
-tC+HMSrP6GKAXVbXsnWBPGkCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFNMoQWQMXH4Okw1WMKge9ihlAMr7MA4GA1Ud
-DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQAYI8NaUKFwf+db04baEtgElpS8AhzYiCP9
-H+4pn+6Bp7ZK+3WMdR5HVmHkn0wx3+eRrAO+4sViEZYS7+yJfJvQVqgeVgRWZeuE
-dzIXVT0OLIloElDfgpdZgkkM2Ucdg5Nn52Of3AnZagaFiaNqFRZmC+QYnKif09vj
-8jaUJTJbuw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UTF8String Encoded Names EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=UTF8String CA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMMDVVURjhTdHJpbmcg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBnMQswCQYDVQQGEwJV
-UzEaMBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNVBAMMM1ZhbGlkIFVU
-RjhTdHJpbmcgRW5jb2RlZCBOYW1lcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoxNfkgSuZUKuoTrCTE46w8pIE47j18Ul
-+ZyQJGplDws8AeUtIXBGxaYs6He2jxJXV6geeAi/DlFhUnNSK1Gavbey2DUkn8Av
-3U5y2+p6S4HtU1FMypUCKcboGqHME6y3rqDQSl7YY03v3wd4PPaKPqvhZtDSG7b/
-QnejyG55zHkCAwEAAaNrMGkwHwYDVR0jBBgwFoAU0yhBZAxcfg6TDVYwqB72KGUA
-yvswHQYDVR0OBBYEFFNv7Je2o4j/89zS0tw/sI8eM4dZMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAT2NW
-DkK184Mva0VGnLCXsyNVUYV9/6cBxVncmML7X/XlT3c4M7ZjSoL/J+hVyavU+1pN
-SAKfgfyZE6mVa6BOYzL5sBRcvpgJPjZMAEGZ+dwfJUsh2KQvFmEXu8xSBIss4Rgh
-o7OsvrTpSFiidbLgLQW6FeMEivGfw8AZZ2W9+s0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UTF8String CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D3:28:41:64:0C:5C:7E:0E:93:0D:56:30:A8:1E:F6:28:65:00:CA:FB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:9a:cb:dd:e8:9a:f3:02:96:35:53:29:74:69:84:1f:c9:47:
-        f5:14:71:8a:f0:32:42:64:ae:06:9a:ec:f1:2a:e1:4a:70:d7:
-        1e:11:fc:b8:f2:9b:6b:38:d6:18:37:5b:74:d7:bc:78:c7:9c:
-        b1:34:c1:76:87:4f:31:43:25:ce:95:52:23:cd:d0:38:c5:f0:
-        26:b1:13:d1:ca:2b:f1:e1:df:e1:e7:3e:6a:3e:d9:51:60:5f:
-        6a:78:b2:50:03:45:39:95:40:3d:2d:39:7b:af:97:e3:32:5f:
-        14:f8:aa:70:ac:49:6d:44:1d:ac:2c:d2:fb:a4:5c:d5:f1:d7:
-        23:5f
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMMDVVURjhTdHJpbmcgQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNMoQWQM
-XH4Okw1WMKge9ihlAMr7MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAJea
-y93omvMCljVTKXRphB/JR/UUcYrwMkJkrgaa7PEq4Upw1x4R/Ljym2s41hg3W3TX
-vHjHnLE0wXaHTzFDJc6VUiPN0DjF8CaxE9HKK/Hh3+HnPmo+2VFgX2p4slADRTmV
-QD0tOXuvl+MyXxT4qnCsSW1EHaws0vukXNXx1yNf
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem
new file mode 100644
index 0000000000..eeb1e3371a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3E CC 69 23 02 AA 68 46 BE EA 0B 63 31 0C 9F 56 C6 FC 3F 84 
+    friendlyName: Valid UTF8String Encoded Names Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UTF8String Encoded Names EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAwwNVVRGOFN0
+cmluZyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGwxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKDBZUZXN0IENlcnRpZmljYXRlcyAyMDExMTwwOgYDVQQD
+DDNWYWxpZCBVVEY4U3RyaW5nIEVuY29kZWQgTmFtZXMgRUUgQ2VydGlmaWNhdGUg
+VGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiQyHe+Qlww7JG
+F56OLnXVa6/PwDW5nMyghTVjB/9SVbOF2cOOtFS/pGw9Qbc42wajSZuKP0tEBph0
+SkZlyhpyHwcGn2UMrWolAnAGDugxr83ijb/AElL+Orzm5lxPcuVG8+D1w9EW7JOq
+I4iwhHe70XKdM5RaGRzQpQmfvGMuj6VsMUJaIv+9/5RLycevwNEZl3yiLTV6APui
+hoI8LQQc9C+YQfAzRqz+e9adZIBayMhshpAJtgZ9pdNRPiUXt/NDw4jSbHp+fABs
+3x0i5GMDGBQMI44rUVY4odIM7GcIFZ14HyLY0stkp2PsHCvmd2DBS9QbCA7rWhHu
+8gcdQ021AgMBAAGjazBpMB8GA1UdIwQYMBaAFDtnW0TyDadIfXMpjJOf1STjEmAm
+MB0GA1UdDgQWBBS4qOG97iGSGhivTSqPnNsjcsGavzAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAeayIn
+ZVW7XoaTBtQWUmvNBO3bMOq/FsCioTns6lSZp3JeTMG0yj6HmxJGNLuDNMzcfN88
+piQ7sfvNf+lcWb0gwdB2HXWTU4TcpAHUkn83Fid9og3gZv4YDh+fIQtcaL4/Yja0
+cSDiy/OYHvV3ehEuTAnMPh8Utd5UI72eFwznL+7lFdJMp6IMTa0GD5iVjkYDSOE8
+CBFv1vyFZOpiM3US56Kuo93VQdDUSXZdbHphgddospcnlW1fQ4wvMUTZpXeqcbu0
+kDqNIM10ooUbnkpa8Zsf1aOdna1p3GcFyJTdpKiellXrtc52azNxwHgPwvchG4k9
+RqHAGNJlDwsEHMB2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3E CC 69 23 02 AA 68 46 BE EA 0B 63 31 0C 9F 56 C6 FC 3F 84 
+    friendlyName: Valid UTF8String Encoded Names Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0348A1ADC6843B58
+
+CIUrRDnJzviIO4bKwrC4z7P78xkD3j0qb4EcLeCJnuPgRioje5DcQ6mc0EpsbDrB
+r9HT1B2TtIK8VjOn0Ij35TKPMCKXNWajJALwcrN/h7TwR31X9m0DGvnhxBi5oZSc
+JWdBsePDApcIxfxJ70pI69gY/yOW1I8iKUXxGtmdOJBOupTQtmEbiDw4jlPIlImc
+AJErDVFhtnLEQgczv/+/J8QeW20NyrxGxkcZjBBAQkwn9A00MuxeQ31KYYEBe+xN
+MXOmVz1JFJhQTdIooH8bEPRBOgW2PF0ZXYbL70Mj5X/QRnFnw5IL59vn7G/RylMz
+uORlOPzuldVxwnNk3eff2LK/S5KdG2f0G41T09Y3j9BmtuVCfqX50bUvneYVfVsL
+a3a5/zZc1JYGlYrSy0wqilV/5dPBR8JcEz/jXqV/BkqBOZgoySm3iBbeo8jy7Zb4
+N6uamLwmyu/ED/EFNyIqJ77ITs/AK4aOVepAcITyreRpkuxmlzJhdrKzkukfZokq
+Qy+MAXyva+gXbP7gwLeWAl1BN3GgekvhWd+DTMrAbK/9E4y3A6poNe9xS/JNUqfu
+E7bMSvzawrxk4vh1t5evsrms7SYR3JnI0nFoZfVynwifAG1ci5xafQe96Wd7XII+
+M1z+Ifm24UodrIBOB9pMzlx2hENo3f7f9DSzbLKJUHkc8voBQm+Pn+MGwNH42Aux
+TGmsNjekaboeY3kQK84KmsPzoTQ/LIKAEs51T6bss4cJxUlMK1ZqW4+lUt2hDAmz
+WXqmdaq6gRFwQxZbEH69yEul6HIYIluTVQKFR9qYZ3cipIMcjPdOq+6MZfMcNOD5
+knsGLmGa9IbLFF99ORvT/8Ul+eyCrGdJ3G0Q+4HL2Tbf9eacL56vQC2JZiN1uUR6
+R9LDOrGfy5OlCSgk+gLTm0p8BQOAiUuzRSO0uuhufa/VnP+se0Fqi+5Z/b+J+CVA
+brdbRQnadvUilAj091EjBP3meXY6OrKNmUOW3ZUfUSOLyfY6WffxxEDL3+g6zY6F
+XqprdfcL8iP18DXm+bQSCq9SCu2PWnqH1heknCvZ/rmleqty0rdtheJjzLMTaZZZ
+FEOTkaYO/enFVPJBghO0aoK1nSfIU72XKqYdI0Fs79wXGpyteZ5eedbMf5XzcJWp
+7dF3jSgfDyKAgZ9kULGBNUGRlbyQPwfZEwXxqG7BtnO0fDuu1OmAJcGvmhYaUitq
+R2bYN60a2+hWa7CLX5jLlwI6yhAKHI9B3Kav5tAma8Paj/WoOem2uCMSxMx6ZCzA
+IZ2WJSDsY9pkRLf1nCOBl0+Ym1XWIcr6k1cGFeAw8YEiUUn+N+Veek1dWrMh5bu9
+RBndLWrvlu+lWnCdaVUHHgoNt2nz+SlaHux8ODTL/TFUeLl0b/d780hVms43T+jf
+k0M78bCKpK0MYOukRkjedQfgH/WIegpFq7KK9MY+oT8iGzTjDXMLyzPqt8ha9EMK
+sm5QkYWPjrYguS70tSDxjO2rWYAvtiz0f1uTujaRSNmFxNrl8FdY0uoKh6Xtbzvb
+fnwB9bjxpPySbDK2mV8cK+8kUL4ZW+4b5dSOl+PWh7e4NCFBm4JpwQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem
deleted file mode 100644
index 7d19088eda..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem
+++ /dev/null
@@ -1,58 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Unknown Not Critical Certificate Extension EE Cert Test1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBXjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFHMEUGA1UEAxM+VmFsaWQgVW5r
-bm93biBOb3QgQ3JpdGljYWwgQ2VydGlmaWNhdGUgRXh0ZW5zaW9uIEVFIENlcnQg
-VGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKhu9MiazK4MZfZxFp8b
-EqQNtc72SyzLI8gVU6uacEHKLpo7auSD72gD77oJKNLO0wW/lJmBZrr8N6Vb10xG
-UDpyNayjEHhIQ9YGjQ0iFAzwBZdxSba417KwGoZEtWDwXDgHFcJkpdeO0cmvN/WY
-T3hTDuDubTGzkT/z3o7HLBXVAgMBAAGjfTB7MB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBT2UVRewjWmpJzpb1mXbOTeaXT6qjAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBAGCWCGSAFlAgEM
-AgQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBABs3aiPSbahf2RsQXVpA2945ngkKbfef
-RWOSqb+RmLmR3zburW1DXXzu3XSEOB8Ud75OdMvg9MIeKss1EqhEp3Bp4ltMa4+V
-xORBZ1hlK47mQAPiGsshFriTYp1nVfzHfByAFuwYZFLhjJnk2w/nyq5kyQ3AjfpQ
-XaezK4Qnje4K
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem
new file mode 100644
index 0000000000..7799da859f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EC AE 20 8D 62 05 B1 DA 8B A5 41 80 4D EE CF 8E 2B 7D 30 BF 
+    friendlyName: Valid Unknown Not Critical Certificate Extension Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Unknown Not Critical Certificate Extension EE Cert Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBXjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowdzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExRzBFBgNVBAMT
+PlZhbGlkIFVua25vd24gTm90IENyaXRpY2FsIENlcnRpZmljYXRlIEV4dGVuc2lv
+biBFRSBDZXJ0IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xR67LyBnthZAMPhZkzpYoGxHaIbC/er8Fj5AlXd619zdvMCaWmXE+d6pHByEo6+R
+VZRovpOEhiapfjZX3ZYtR0zzFXFqGZXNTlP0caKIjOGgqrSP5ZVLbPOk1j38hOHW
+BVRBUigp/ADaBQ43c+EKf761jIrgHHG2MtE9zmj1HgIa4Hbq+K5ejoangiGNPZXC
+VFeTSReh9DxC3gilregD6KPR/AQzeV2/BPBse3afXlR/i+2R256tZy0HhzMLSntU
+JyEsA2I9jqw7kfRQw749ZT6uhNi/KqFWYqtj/iIqaPF82JidKkQmevqZT0WdtIfB
++MtYDIWABmwx/bBohbsfYQIDAQABo30wezAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUTqAIoK4LHZBaMv/WHFi0k/KurlQwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAQBglghkgBZQIBDAIE
+AwIBADANBgkqhkiG9w0BAQsFAAOCAQEAEjAmvYQDnZ9h9tK0SPGVI57LiptQxKz0
+caPfRivaSLTlNQ3umZJkDSVe1+QKt9x7QchbZSK0v563XUmnGLj+9w6OWJUXsatf
+DMXgoasef6Y9HNKx8JiqUwbtJrDEXjvpqsdXE6ZMyQ4ij4C/VTAf7QD6bLpMLRmd
+lBl1NQzcr6F7fz9exV2PyWJL7E28ujxwcTauXmANKkQ9hKgrCuWuVx6o7qpqKpf/
+X1ldl9VwVLg9sO39+2J4Q+vxssFjlkggUfbz6bE78DLwMIruCIvgxbuCrMqy4cbp
+tqHqzvth5CjRBEhGBwGPqjvampYA2+ZofTyq13bMqp5Q6aCzCvjR6g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC AE 20 8D 62 05 B1 DA 8B A5 41 80 4D EE CF 8E 2B 7D 30 BF 
+    friendlyName: Valid Unknown Not Critical Certificate Extension Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4DF79075B2123655
+
+dul293n8fUdEHnuzI/oNHAfx+1qGPCJ3SDu+sZkktfOJ0FZXYtXPhc3QcA5/P8Qg
+FyitRbAWpS8+AYZxnOYyzPNyi6eT2a35VYmamkPwQMi/6ClqXpbfDsSL2ee3cihD
+h46A2/NbYYsh/SWqVR4kIBP9Nxl0ziiRiNFMdNJg859WFvi5W6GkeMxcexfFH/Dv
+ot32/PVbbA34X/al2GY7Uk79r7Gjr3o6eDVnM2u2Vst0ZcluYqWL63C6pXeA+LDP
+XpGdI9q5vTWAIaS5Z+ANeappx9yIhJ7t8MSP1gFwZ+sw3yZITVs7ojzypvn577UW
+CfqjIV7kPJ8j+85CVi2SZAoY2yf7/kjCDZJg9HV+tclMQOxY1A/eDnh6QQ4dCV/A
+c6vxAFzLGHOvSOUJHk6V+64CI/9tkCKZdXjWA4N3KK9msremwpMOl8Ruvdgm1Rwc
+gvbltkodoeztAYhGK6wXqDACbX0IaFELNbnC4H/WOr9CRrYvMCUOy6sdZtQj6dwE
+ea0x9FK7SJ/yYxWZ8TdQJhXcCKe/s0e15Pb9rUhD+xkLXfY1D7F41Csuauqvtns0
+0iQuXmJB3/v0/aYqCZvCIy8HXxga4XssLvPeZo1VQAAXOI7tB3zurunebpY1iyJN
+v11JEZbeWSIFL1kD8Faimz5k+WxoyFdVoe3Glp0yRNbINPYsy6l62qKqokRN9OEd
+kniqBTUnKbqvipyIjTiUn8Blk3M3o/0xOyIO7FmDmhnQeeRxOXX1R5cm2UFKHF5b
+WA/NTfnv61712IJDUZWLPEPqMkP+rMA9XXAcFB6LZldaIdFTi5pTB2UTWLYpdI3S
+H+N94C2FtVC4xcCZ6ZhIrw1GV0kMyrjr5V+h3bG1Kehmd4icyqQxgs5XcXuQ2JZl
+uTL3/9pEwHzW+2+Nl5LBxqNmUfwdC1ax/HXeG1iz7mT9rJEWPStzNNjHMa/+Ci1H
+K47T1Tz3xzsxPtDcpTwqep+jl00k6SL6rbxywWeyORfTUHypkqZ0iEo1CeiO3A8e
+Jjol9lW77O7S29X0P9raHNtV6lxPN5kFAOFDXf58foJ3uGBUGccD2NdCEluRSE7x
+kNM4AywtSNNKQliwuWPnGd3BoEoS/jHM97d9CwC8l5lMeMoTDIRBKeIPwiGPvxVv
+JqqgSMV9kvXhRkGhU3i+YryoaF2BdnBftZQAA5sYRdP4EorL0rO6YcmOTtgcuQ93
+VcPlK4qdv4pdl3q1Kqjwwi92kN9VNYcfY2rQTA09YScjika9sff8LM41jH60aCXR
+VoJrxcOh7mO6zBzdE55glYpvRLFChBAivY5hh5Dl9w0tyY1p0A+HpOxZUSSKPXAh
+kGpvDmjXSU/o3BzttOwoNtUPptxy5h7I/MTvvpYA4JO0hSItuxHpP5pmVYW4r+zc
+vuYZkBt3Vm9fAJzlwSZnRRLhEASGPQxepfWqlEXopcq2NX6vaRDUUrpAq9QFISDC
+eatXdD6DJ/6QhD1yf0u6cxYQU1K4yXBfgl+mq8rNCIMBvuZdJMOD52OmB5MPjK3n
+uoksn/TKZiIkZ4TNsq2IUtpkbzvpHGTrxWVpBfPNG26JLv9jAjW7OFp4qaoTtTgs
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem
deleted file mode 100644
index 8a9c75ecf4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBGTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcGA1UEAxMgYmFzaWNDb25z
-dHJhaW50cyBOb3QgQ3JpdGljYWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBANLhA0OA9wRfp95Q7/HTBd7PlWljTlLaWClrNNQ1jWPhuQJN3ww9dy42U/na
-HvOcy9yz2ANw44VJKqLn68rVvypadYoWUNUGPHgHSrhj37Dj/mNkFmw18BcEgpED
-4OIp2vJW00ZLeMt7ItsFh1pxpaHZl4WDHIWKh0BAuw7VBWhpAgMBAAGjeTB3MB8G
-A1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBTYuN8r/BQM
-rtcTVstcPg56jM+RCDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACqRpg4KhHWSs
-qfP23ZQX2hAOVVT/0AqaTcnNCQVLGE4sE16rMPQMZQ4qpb1WAPZIq6gs+P43deDu
-5M4evZgQVheRR7RqQm7/7ZXAiJ4uzAvJjWP5eYg23OyHqPvaK76reyPgde/gegWq
-Lj/0XhyySYlWDr4i138LYLsfUDy2rWw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid basicConstraints Not Critical EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIGJhc2ljQ29uc3Ry
-YWludHMgTm90IENyaXRpY2FsIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowbDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MUEwPwYDVQQDEzhWYWxpZCBiYXNpY0NvbnN0cmFpbnRzIE5vdCBDcml0aWNhbCBF
-RSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-ztwCM4KjCZAusrt0pqJODe24QkEVIKHLb4UAlOxeSbZZ4Ye5BtR5NylouUsMu8Ja
-XKoU+BxIWXmUrP7HSt2+D8HI33xczpxfXCUyYmY/ht58WkhRSur9n3XUBErcVOe1
-xoV/2CNceuS97TvupEAYDKkcK+Uv+gBZpuLyY2jF4ccCAwEAAaNrMGkwHwYDVR0j
-BBgwFoAU2LjfK/wUDK7XE1bLXD4OeozPkQgwHQYDVR0OBBYEFAL9NE678Dg8eh16
-3hZvX02XaVPoMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDQYJKoZIhvcNAQEFBQADgYEAxH3RpgHseEdMz+tdowijXMxxOgAvJ+bDmb4W
-VmA6BBlPljNwDeOJ5mu/qq2HaTbeYYkqxfGw/V0Nv5GoG4Ak0xnSFaVz8+dVEzDN
-Avks85QOwYREyw/sxlpU7uOjlWBOwfkglUJM8UU2ZpBMlJf6sn7bEf5W9w35ZUo8
-Vlf2alk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D8:B8:DF:2B:FC:14:0C:AE:D7:13:56:CB:5C:3E:0E:7A:8C:CF:91:08
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:dc:8e:45:7e:1c:6d:56:eb:08:bd:04:5c:c7:9d:21:a0:ae:
-        69:b7:35:a2:b5:31:34:85:f0:0a:92:7d:20:36:2e:32:dc:b9:
-        8c:cb:ad:39:97:35:3a:9c:d1:68:37:f0:9a:06:ad:da:42:67:
-        92:30:82:b8:52:db:c5:d5:39:d4:2f:cd:7b:ec:18:43:56:6d:
-        d7:2f:31:9c:59:48:fa:07:af:f9:fd:3a:b7:e0:b2:4b:0a:7c:
-        e9:7b:04:81:75:1f:58:a2:70:bb:30:bb:e2:14:21:0e:34:74:
-        ea:e3:41:e5:d0:c0:b4:7d:51:52:f6:7f:51:13:be:78:96:25:
-        a5:8a
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIGJhc2ljQ29uc3RyYWludHMg
-Tm90IENyaXRpY2FsIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBTYuN8r/BQMrtcTVstcPg56jM+RCDAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQCd3I5FfhxtVusIvQRcx50hoK5ptzWitTE0hfAKkn0g
-Ni4y3LmMy605lzU6nNFoN/CaBq3aQmeSMIK4UtvF1TnUL8177BhDVm3XLzGcWUj6
-B6/5/Tq34LJLCnzpewSBdR9YonC7MLviFCEONHTq40Hl0MC0fVFS9n9RE754liWl
-ig==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem
new file mode 100644
index 0000000000..ff5bcaa6d9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A1 9B 91 68 9D 3A 8F B4 87 03 A5 A4 FA C9 28 88 91 62 36 E3 
+    friendlyName: Valid basicConstraints Not Critical Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid basicConstraints Not Critical EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgYmFzaWND
+b25zdHJhaW50cyBOb3QgQ3JpdGljYWwgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBxMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTFBMD8GA1UEAxM4VmFsaWQgYmFzaWNDb25zdHJhaW50cyBOb3Qg
+Q3JpdGljYWwgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC+lPXP5KQEuLh1WekcPzNwCFWuM7cmi/FG3qRPojFw+46s
+DOSAtp94IFLaSYBGyblsOrYA97PExGbctAmt1W38kUO2MIsk272mfINEJPrdGaAL
+JjgGYcpmdOK0TgMCmVGKbUpNkPxGqeAUyWvfZbg6Cdd3QDBy9Q5ad1UxNd+EDkTc
+2vwH2C2VyqssOWfn93Rr2+klQo0F3KGClsQjwSmqvOR0gOv2f9snj0ldwPsovrZ8
+U9GxQOSYTowkGrV9o2H2+1jQYATvjAxqaanPAjXgVW3vR2gcq1VoVvN1fGYJETQa
+ZMa+JgX3AVLS97p2Ff9W4DTv7DNmH/bURXjo58gNAgMBAAGjazBpMB8GA1UdIwQY
+MBaAFAqkuTBDrEPINAITz+9V6L9wn0avMB0GA1UdDgQWBBQlrmGYIdS4j+kjLBG0
+7x6UOiFEMTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA0GCSqGSIb3DQEBCwUAA4IBAQASHVtzeHQAZSeSrZIJOSNHbe2hiGUeR3vWeod1
+aXrs8PRmqYyNdQ77ZYSfh0wVLEH9AtDPZXLBWEFcHQhJzO/hmtNsn/NYK4jGyzr6
+c/bF4sDJ1zPwkYZDJws3p9lmU55jhZrRYDd/fCYqpwo8IgWg7xR/glMMaAfMUKze
+eKttcTD50JUTlXehKX8hbMk2M+HgfQRRh9YuXFJEAJLscldY61riMQJ51/CLPZIG
+62jXV1vi2zixDY4Q4vuq2fN0alQVbx5g/yAisKi2TUWPe9+H9N04m8Xyq4FE+OsT
+YZsUiT/MiWoI8zXMqRnC5TErkFSxGq8cNqx+HBj+Lad8266A
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A1 9B 91 68 9D 3A 8F B4 87 03 A5 A4 FA C9 28 88 91 62 36 E3 
+    friendlyName: Valid basicConstraints Not Critical Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6D557D0EF72B7F65
+
+jRjR5uPELeAf9XrkOa1X1bMqKH8P9oZXbRrF4apOXvCzv6vd/mGaR5divIbAbY6c
+qh4ByJt6Kd7JTWTQpVm+518WqKCi0R2lHXLFRkvEnaCxkAiPZllnhyoNQ0mkq2ms
+ci03g97UpyZajB1uCbULbZv/kIHE4K4ma9jVLaR7mReJ72/kQ5A13YNTy9XCE+gh
+3O+21SoWzT+KRjzZX7otnuj8uLo5Vp/Wc4EJF5VxmG3XMb3p9e/LOiP/bUzrh1iS
+t9V73qZDXSm4r+KQbNYbxR/yIEgfkrjjyBENsXxgvXfdQKTTakEe6jRv474g8jHN
+JIlzjVvh7yD9aHZrbG5yMo9CSt7W5yyfzzHKpM11lgYvpJlPy03hp/DoBjXo1Hg6
+WuhlAwbk8FB9XhVWrCkqn21P7DXB5pqrFS66OCshWYP1ngNPKcEHr5wkn1xDs4mG
+EaVCio089f7MxOhXYG34TrPZWxDbWr+oWdt446IPkMmU16Sz5DxYxRW5gdJkwHRO
+T5be8cnaE+KmNVfOw3dH9aoxZL8kbIn3Vjz/73JS8nemtHA8ykLbB644U7cWqK4c
+xHxy8u5RIbrIp3DS6EaJkyTPxrPGPrHsYq5RqKoElkyjMswNUmq5VZKkGHGsYg2U
+7LY5LrZnDft3/9PCoAO6W1AOoqQT4/kOaRTJoH9PVs40yy3KOj2mlIVdPXmLIQB4
+pME71G/Uo01CWb6dlLIMRugwy5NBrnlIJaTIicK8jhh2rKd94t4TeMc4F+R2tbea
+rGflh/mlqQ+UYy/3oqBgQjZmAlJIOJMjEO43xBaSr9J0IqFKSkN7kzNpZH/CbcP/
+AVRwGGsoS50y//2XoQY1xO13nzBrN2wXjpenb9HijVSg+yqk4S3C+pN+rMD3UT3Z
+gFzbhuXxk+AaNVrURgwqwzi0UCXxTaNmMCCJsiRupZj8FvrBVQJaAOGi5HrPxoV7
+Uj7G48C5ykkFr9bBKhFyD6aP8xQp02wTXDx/l1wY8xmJnE5QZnNqGKgqfdoMoa05
+ufa4Ze5D5HvM7WZcediooYtc7a2CA1+R0bRuZ0BXtvU5gkHXvK2oSq5hcKQgDLkC
+6Xvq4TxhezhdCmbuKy8G+eHnpy7k/Y1j5ZAwN/F1jiKbqVoxJP/Q+3xskJBluwK1
+gjQ+SPMAKnDtLbhb9AlRPkl5stZeAo//OdooHepMFcrWmua+mUIrNIOzPy5KKcXs
+uQjdn7sw1a+QV6IDfVA1+Z/3KbQ7O2ULV+UrGqh7R3SYGjCXsDFoUQcMLLNYbfnm
+k3SnGM9KTGFthBeEpr7Q5QZWigKycZ+Q2VpQ4dcMcaHjQi+i934SKMw8ZsReZuRk
+IEMzQbHod7//jVM/aTkb/lFqRJ/V+IRhuLLFgPCAP8tZ6mJocsvxaMHX4kQv+f7t
+gBU6H0A0yPnhQGNkhl07pYiL/YDq8X8+wz6S5K3W6cqgURmkMrnuwd62n8lXEyZr
+5MFLLJKNj0cZPis/3zLJNXzTlKzZDPUWKoLOp9zsFoEESh5yA5Jv+21JKidULudn
+zs/fPzObcSFWjHoH49vk+qIca71IJ6cMOu2kzDYWgFLL3qBbW24t2u/AkbTo3AVe
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem
deleted file mode 100644
index e788cc4242..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb2axnNI56WnvGeocp
-atKwDsPjuFVSHeTtyX3KVU/1U+ST/Jtv0u5WPp4iitAz/ddFiiBj4cwgr9hZYd0Y
-tUyBvGAP8UjJVp55qo1hjMDYyxFRqotx6gH4F7wyfu7s08ERFrtOoT91EwbaTFwG
-go0sbSeXio43GfBdAxDi3INGdwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlii8KaatWJ9nLsfCwZc63+6I6ygwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM8E4GsQT3eKZHuyNOUIn/7ZFw/9gFX3
-QfyYv5/Qozv19LTpdKCuIJuZAO900NFkfI4m4kjaYB8CGf9Z2P2B3ctXzgdI9uJM
-KmRUnMfzzXGKx+jh+/xkwYi5kduJ2RECX0mqAcOS38OFX3ej7LQWTQ9y3oeqevcS
-aUfi6VDmnLr8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIC2jCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0EzIGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-mHdETkTcRztCRHzlSZJg4afLgOPz/cqZQIIoA4riJ/kHT00t3kf5mRx0Gz8/GWBH
-wYjUk5NlqDoDlmTby3SFHnZac7Ba/+rkiu4Jzdivp+BKAkiTKzIk9eM5KNv+rpUc
-cy3XKWPbz/ox5+OEvn2NhUfVWTe/RbJx1Nq0Mvybh2cCAwEAAaOB0zCB0DAfBgNV
-HSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4EFgQUsQ4hS7IckqgK
-M04rBolnT6FPHZ8wDgYDVR0PAQH/BAQDAgECMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATBlBgNVHR8EXjBcMFqgWKBWpFQwUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMxDTAL
-BgNVBAMTBENSTDEwDQYJKoZIhvcNAQEFBQADgYEAbIFuFqULVZjrhsyragErXnS8
-R/sgqnP5GJcPHn7p87dEkExtxEYL5N4XnDQXhWdnpc9UtAzh7qR3xnE9EvjeaU1r
-lnsdkbJNO7DxTaM5EqLxiy/Rpf+b2rBprv10A0HvPloU9JvnVNHxT/2XA6hMnCsI
-6gImM5yk9Sc/rTitZ6s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test28
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyODCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAuwCMHRZqCorqgWJ/3RJzqiuHtyGbyYxGxHWcVZTbw4GSmQtI
-F07KmEPqaz7I/wyMS0+u70yDrhQkfH1Esjmx7/srC+p4oBzZMa3/LiyDo0D63NjA
-3JjOdLwf3YRWGE+4XcPbjHsd486hkCCXw4EF7ZfnscRWgNCe6FEzHy131MkCAwEA
-AaOCAVEwggFNMB8GA1UdIwQYMBaAFJYovCmmrVifZy7HwsGXOt/uiOsoMB0GA1Ud
-DgQWBBT6Yyl3V/7WremGwNkDahqsIxegJjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlp
-bmRpcmVjdENSTCBDQTMgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwg
-Zm9yIGluZGlyZWN0Q1JMIENBM6JRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JM
-SXNzdWVyMA0GCSqGSIb3DQEBBQUAA4GBAIk5myvkEmHvyOOh3ygeeWzpz2aV6o8D
-ojAK/KS84CYsP7f64D8FU/H3JFrTXBNOoRiXpqrV5bzrHcmXgodQWTwOSL2KLzi9
-inTs+pRDbTw1oevK3GAjN5BedRZlgIyJr8d05Knp0YGYoItGYQTQXd22Dlzuoz2P
-L5I8AvoFHSAL
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:96:28:BC:29:A6:AD:58:9F:67:2E:C7:C2:C1:97:3A:DF:EE:88:EB:28
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0Z.X.V.T0R1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA31
0...U....CRL1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:65:bb:88:f2:fd:8c:76:6d:92:ae:f5:06:d5:bf:c8:ba:bb:
-        d4:98:de:83:a5:e1:7a:e9:92:96:f7:c2:ce:0c:de:7b:81:7f:
-        a0:32:c8:a4:15:a6:16:e6:51:b1:b2:e5:92:62:ef:46:d3:7c:
-        5f:37:56:47:5d:3c:12:94:a6:3e:18:59:6b:2c:9e:ac:f0:90:
-        03:23:84:b1:cd:0f:49:ff:1a:8e:67:62:35:32:68:ed:24:a2:
-        76:93:5c:b2:80:5d:bc:81:26:ab:02:c0:f4:a1:de:3a:6d:0d:
-        ae:02:66:fb:6e:72:49:59:fe:f1:2f:87:d2:bc:98:10:3e:33:
-        3d:d5
------BEGIN X509 CRL-----
-MIIBpzCCARACAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqggZgwgZUwHwYDVR0jBBgwFoAU
-lii8KaatWJ9nLsfCwZc63+6I6ygwCgYDVR0UBAMCAQEwZgYDVR0cAQH/BFwwWqBY
-oFakVDBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-GDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBMzENMAsGA1UEAxMEQ1JMMTANBgkqhkiG
-9w0BAQUFAAOBgQAVZbuI8v2Mdm2SrvUG1b/IurvUmN6DpeF66ZKW98LODN57gX+g
-MsikFaYW5lGxsuWSYu9G03xfN1ZHXTwSlKY+GFlrLJ6s8JADI4SxzQ9J/xqOZ2I1
-MmjtJKJ2k1yygF28gSarAsD0od46bQ2uAmb7bnJJWf7xL4fSvJgQPjM91Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B1:0E:21:4B:B2:1C:92:A8:0A:33:4E:2B:06:89:67:4F:A1:4F:1D:9F
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA3 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA3...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:34:87:64:55:65:a9:87:47:54:c2:2d:14:48:91:1e:ee:59:
-        f5:ed:d9:06:6d:78:b9:ff:81:8c:5c:02:f5:08:b5:22:90:75:
-        02:f2:63:62:78:25:4d:6c:2f:1f:a3:58:e2:1f:57:2b:3f:49:
-        0d:0b:bd:85:02:c5:ac:ad:9d:38:0b:13:46:2c:34:f2:9b:e5:
-        22:f5:55:cc:63:fb:c2:69:94:14:d7:e5:78:4f:17:4e:16:98:
-        65:81:cf:9d:72:20:32:78:15:0e:22:af:22:2c:21:c5:7c:db:
-        8c:31:be:ad:59:c4:81:24:e4:ec:e0:0c:40:4c:2b:95:98:dd:
-        8f:f4
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFLEOIUuyHJKoCjNOKwaJZ0+hTx2fMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM4QB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBoNIdkVWWph0dUwi0USJEe7ln17dkGbXi5/4GMXAL1
-CLUikHUC8mNieCVNbC8fo1jiH1crP0kNC72FAsWsrZ04CxNGLDTym+Ui9VXMY/vC
-aZQU1+V4TxdOFphlgc+dciAyeBUOIq8iLCHFfNuMMb6tWcSBJOTs4AxATCuVmN2P
-9A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem
new file mode 100644
index 0000000000..2d774c09bb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: 95 E2 B6 92 51 B8 EE 8C BC FC 22 3A E1 9A 20 48 77 9B 53 76 
+    friendlyName: Valid cRLIssuer Test28 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test28
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjgwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAcgXZlxz1vsqbr5dbfy/fgYWOCvNO
+Zm22LtUSHyeXR1vIpqI+W9/GpT/YipI/yDJuxCklM3GwmgJrQlm7LK57UuiWY27e
+oHKVNGEabtFfyjjOKwRD+yq+0bxdXCR8eFKLr++w5vgHaoeFrTOdV87YGPpzEW/Q
+9L9/xL1fkAo+6h+lIKkWF6oXA/SQMrbE5Svlcc4jE8I5QJiZytL7Or7KH4Szs3FQ
+ZQktcin7oYKrovcKkxBzvAAfr8uxFwPrngHGFd5Ti+hDKVUZyUwRxt1MAbebWIb1
+LpWiQI5w3wx5SEBSQRhDCuW/CqS587vBOQSGuRBcwKA2lAaRJ8wi7q6XAgMBAAGj
+ggFdMIIBWTAfBgNVHSMEGDAWgBRIk1R9xG0w/y1XRXEk30wFn0oALTAdBgNVHQ4E
+FgQUg3uZU2ZksblpyuyaAZ3YIDhwGcswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBMyBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0
+IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0EzolakVDBSMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RD
+UkwgQ0EzIGNSTElzc3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAbai0gBNwrPSxSlGN
+My40YqFlMpSuj0pV0mcRc42WWUX4L4JvXkjLQQoN8kZyguCCcOBkDl/vclb86G/y
+Ar+2wWbtwa2lZQ3VHi4X9ss/g5cXUXX7eDhsNiQmD6KMIIBn+j9GDvHqdaooDSpc
+94b/EsfCCTIoT98Ayng4ScGsezzbiDBFt+kVOZrNwwZIthISbj5H8rTrhJkFcinR
+l1i2qiKugubIptFAnGeUu4mDCvxzWSEJwK3diKK0Dq0DB5siNpUhi3KQsaYkJRKa
+qkxvm1q3H+n50eYDtDTtuEWoIUEciYOS73p1Oums5dLUZL8FiRea9ODY4T+5g6XC
+3yQwXg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 95 E2 B6 92 51 B8 EE 8C BC FC 22 3A E1 9A 20 48 77 9B 53 76 
+    friendlyName: Valid cRLIssuer Test28 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0AD86CD7DA0ECF30
+
+kK8ErkJFMMQTRPKQD3zzPgVZSIYadshEsxCXpYU26SadxrnWoCwG72vqjbZEv7ux
+9jgkhlzH5yLd++Qu9RuB7Dj8/leuBRhvh12KwxR+Ct63BVDk5+JdeUgdRXhXzNMo
+YBL7ym3HTrw+eD3Jv075tw8MoCEm2wL/Wle+mn9YZX1h40KoumKL5ESrUZAiAx8f
+orYmGySVqUfM8X7OOS+xk046YMso4tQLWGp10f1MDZcHt3X6RebgV3fdfhuMTPbe
+d0ywYfvjGV8N7M+vRHR2hwJxBkRfWawfqT9se6czEUzOt86htvviu4HMbCD0g9qy
+lLsq2lKe2s8Z9GXW+AjU1Je9yz5fNTmzJ93OB8fIod+iUD0FhriLW+ZalbKNWGQq
+n5yQBlXdxlhd06L6YlHyQLqZvav0dpm5zS94a4gGX/76DLfrL04VLgdhDrfeV8VB
+DWFdoFlGONubIuQCxolKMVTcldU2h7GI7+69u6uBe0kxHdGx20q91x7G1yA0STSi
+YFEeHR3rMR5bUtys0dR7ANeH82DHVIOBo7JV9fg3yRCZlmko99+Yw9zbFvxVn1GJ
+rk5rMZ1tl5fukWDKGHgxKD+BSHll3MpZ49u9laQ+owsBPEqoOQYzHccUrRfKcm9u
+YwT6fQBRteXCiBbvPt+MT5V2C6R+SI2CMtd6V3AQ/E1rjgq6gI8+kI5Ro0WaVsGt
+8ZWd+uAzhVLdDafVsPGmUT9SQGvC2bmPhaUHy1Hur8zm9RMKpsXkrELFHydjJoaZ
+IReLor1mpLE7WkGrUGF1hW+JmdpnYSI+OK24i52Fj5BqGUn596DyTxZLbfruMluX
+sX6AEQ85l2wQzMeyLYMigvJTokI+XX6MxbUP9iCWZjm8/Jjbghyizn7JsaLJP1y7
+oQBndyfq9BkPAdY7wSNCwj4vd5GscCtqBLR+NuJKdlCbcdRwQYTD0FgA9+4JQ+Dh
+6lBxf8ynffsiUKK1viuspfiZR38kTFUYvGKHjVnUV9+zes61qvZll/zV/NEz1zoj
+z0F405gUNExUGBsOAQMQ8oCE2KsK25QMmPJezHa5qHob4EnSRf53AQEQh67YZnFD
+NG7jAAuK3NPeQ2AMzZsWTiHiu9SBTeSsEBnYn0L5VfuAhMKHfsiTLmUODmuKxFOt
+oNSWrTegQQnkVMHeAfiq7xbCRiTAsmQAR5tUH8rBGGDtQVdUxe2RYxKdL+FXL6aX
+tY73dYWsSIltuQkHDAKgi8wrLVqyBkkSvCWYGAfjiNC3aoB2iCVazwwz9sjYi4oT
+vKE5W/+rwkE+CB8NgkJHfE8O5cJb1mbhCwG+AqAdoAlYdgBJUzdU+uzr8wzr9f/5
+DAZ3WzfFqvGTcXBaIjlPkJPgT9Gno1P3twfAh9/RCnwbl9AmySS3FJMZLp+JnQ+3
+DRcpiLVpxR+zyw7QVEPUbQKv82fV6wIv3XCUMqFDY6U2mD5JtoHFeE3bcaxXAVCk
+vSedEEHJPKPIOFTvLy964pLPvNfiWJSnupYO5bjI7SIj+9KZ9jF1cwbMIJKjtCZ2
+3n8JxVSn9pWaYVZZG+EjcXRKh7X6Ax2CfBRw9guMwm6FF6qu5p9kUUan7KumMCVh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem
deleted file mode 100644
index 4eba759d4e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem
+++ /dev/null
@@ -1,176 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb2axnNI56WnvGeocp
-atKwDsPjuFVSHeTtyX3KVU/1U+ST/Jtv0u5WPp4iitAz/ddFiiBj4cwgr9hZYd0Y
-tUyBvGAP8UjJVp55qo1hjMDYyxFRqotx6gH4F7wyfu7s08ERFrtOoT91EwbaTFwG
-go0sbSeXio43GfBdAxDi3INGdwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlii8KaatWJ9nLsfCwZc63+6I6ygwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM8E4GsQT3eKZHuyNOUIn/7ZFw/9gFX3
-QfyYv5/Qozv19LTpdKCuIJuZAO900NFkfI4m4kjaYB8CGf9Z2P2B3ctXzgdI9uJM
-KmRUnMfzzXGKx+jh+/xkwYi5kduJ2RECX0mqAcOS38OFX3ej7LQWTQ9y3oeqevcS
-aUfi6VDmnLr8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIC2jCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0EzIGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-mHdETkTcRztCRHzlSZJg4afLgOPz/cqZQIIoA4riJ/kHT00t3kf5mRx0Gz8/GWBH
-wYjUk5NlqDoDlmTby3SFHnZac7Ba/+rkiu4Jzdivp+BKAkiTKzIk9eM5KNv+rpUc
-cy3XKWPbz/ox5+OEvn2NhUfVWTe/RbJx1Nq0Mvybh2cCAwEAAaOB0zCB0DAfBgNV
-HSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4EFgQUsQ4hS7IckqgK
-M04rBolnT6FPHZ8wDgYDVR0PAQH/BAQDAgECMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATBlBgNVHR8EXjBcMFqgWKBWpFQwUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMxDTAL
-BgNVBAMTBENSTDEwDQYJKoZIhvcNAQEFBQADgYEAbIFuFqULVZjrhsyragErXnS8
-R/sgqnP5GJcPHn7p87dEkExtxEYL5N4XnDQXhWdnpc9UtAzh7qR3xnE9EvjeaU1r
-lnsdkbJNO7DxTaM5EqLxiy/Rpf+b2rBprv10A0HvPloU9JvnVNHxT/2XA6hMnCsI
-6gImM5yk9Sc/rTitZ6s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test29
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIDEDCCAnmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyOTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA3icTqNDmsima/TbMUuvjBhV59GC8zfX3Z3bbHAEH/kipg5Gu
-rREsznRezB5sZVZG9SH3vfWMkugzVFLlYsAsp5Zjon3+ZM7t/JtZJ0pg6XzqsEfZ
-/FCux1F10rMBIsaPzcLtc1At1aWoaqU4ydyam/kDzOEt7f/7WGqGY/ljZVUCAwEA
-AaOB/TCB+jAfBgNVHSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4E
-FgQU3ZhtNWI1qdWfBti5WKsMkC0xclMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATCBjgYDVR0fBIGGMIGDMIGAoCuhKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0EzolGkTzBNMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAsTGWluZGlyZWN0
-Q1JMIENBMyBjUkxJc3N1ZXIwDQYJKoZIhvcNAQEFBQADgYEAAJ+7QrDsVr4IL5DF
-k4CE+XFTE1pd3zqHZCCUSiXp4rY5FEPlsErMT9xcEUB3CiHNFLdKRdaxMxeJ0Of4
-oJV5cnM/0QdVM0HkieFFasr9Ad5CdV7ltfgzgV3fgjDr/hsBAIfcD516l2s3oN7L
-PvlIa7CLUa5f5TGAyvyKF9d1sRo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:96:28:BC:29:A6:AD:58:9F:67:2E:C7:C2:C1:97:3A:DF:EE:88:EB:28
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0Z.X.V.T0R1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA31
0...U....CRL1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:65:bb:88:f2:fd:8c:76:6d:92:ae:f5:06:d5:bf:c8:ba:bb:
-        d4:98:de:83:a5:e1:7a:e9:92:96:f7:c2:ce:0c:de:7b:81:7f:
-        a0:32:c8:a4:15:a6:16:e6:51:b1:b2:e5:92:62:ef:46:d3:7c:
-        5f:37:56:47:5d:3c:12:94:a6:3e:18:59:6b:2c:9e:ac:f0:90:
-        03:23:84:b1:cd:0f:49:ff:1a:8e:67:62:35:32:68:ed:24:a2:
-        76:93:5c:b2:80:5d:bc:81:26:ab:02:c0:f4:a1:de:3a:6d:0d:
-        ae:02:66:fb:6e:72:49:59:fe:f1:2f:87:d2:bc:98:10:3e:33:
-        3d:d5
------BEGIN X509 CRL-----
-MIIBpzCCARACAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqggZgwgZUwHwYDVR0jBBgwFoAU
-lii8KaatWJ9nLsfCwZc63+6I6ygwCgYDVR0UBAMCAQEwZgYDVR0cAQH/BFwwWqBY
-oFakVDBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-GDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBMzENMAsGA1UEAxMEQ1JMMTANBgkqhkiG
-9w0BAQUFAAOBgQAVZbuI8v2Mdm2SrvUG1b/IurvUmN6DpeF66ZKW98LODN57gX+g
-MsikFaYW5lGxsuWSYu9G03xfN1ZHXTwSlKY+GFlrLJ6s8JADI4SxzQ9J/xqOZ2I1
-MmjtJKJ2k1yygF28gSarAsD0od46bQ2uAmb7bnJJWf7xL4fSvJgQPjM91Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B1:0E:21:4B:B2:1C:92:A8:0A:33:4E:2B:06:89:67:4F:A1:4F:1D:9F
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA3 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA3...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:34:87:64:55:65:a9:87:47:54:c2:2d:14:48:91:1e:ee:59:
-        f5:ed:d9:06:6d:78:b9:ff:81:8c:5c:02:f5:08:b5:22:90:75:
-        02:f2:63:62:78:25:4d:6c:2f:1f:a3:58:e2:1f:57:2b:3f:49:
-        0d:0b:bd:85:02:c5:ac:ad:9d:38:0b:13:46:2c:34:f2:9b:e5:
-        22:f5:55:cc:63:fb:c2:69:94:14:d7:e5:78:4f:17:4e:16:98:
-        65:81:cf:9d:72:20:32:78:15:0e:22:af:22:2c:21:c5:7c:db:
-        8c:31:be:ad:59:c4:81:24:e4:ec:e0:0c:40:4c:2b:95:98:dd:
-        8f:f4
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFLEOIUuyHJKoCjNOKwaJZ0+hTx2fMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM4QB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBoNIdkVWWph0dUwi0USJEe7ln17dkGbXi5/4GMXAL1
-CLUikHUC8mNieCVNbC8fo1jiH1crP0kNC72FAsWsrZ04CxNGLDTym+Ui9VXMY/vC
-aZQU1+V4TxdOFphlgc+dciAyeBUOIq8iLCHFfNuMMb6tWcSBJOTs4AxATCuVmN2P
-9A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem
new file mode 100644
index 0000000000..a361c3ee96
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 66 79 78 DF B6 14 66 FC FA 2B B1 94 E2 E6 9E 44 45 B3 13 89 
+    friendlyName: Valid cRLIssuer Test29 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test29
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEJTCCAw2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr3eGR+sBYL85UTAHpOdf45y4rELYl
+wkiGSqJB0cDybDToAMVL08FJKdEfFC7fyOiTCRd18R/tV9iAopb0sLGPvcHDkeDP
+Nr6IBJq3rpnYOhA/iKb9+zwTNJqxAmAac43HTADC9FCaY6A5HxVO/OwfXux92WDg
+obFuNFj/axWUnERbzU6u4r4rl02Cn+nWtXqYRUn8WHRNIggdZjxNbl0ns1Ynygkv
+X7Uld32VzdSiS4h6xF0mf+IhgVBsP1yiiQLuY5xMqw70i2fSpj93Bm2w/xilKiL+
+odvCDINZiInokTGNzf67hxM01LkLlIZDNDZadNY9/TN50RpprPckGIajAgMBAAGj
+ggECMIH/MB8GA1UdIwQYMBaAFEiTVH3EbTD/LVdFcSTfTAWfSgAtMB0GA1UdDgQW
+BBT/vJxlImx2fXxtPpgGHfvzrNORyjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMIGTBgNVHR8EgYswgYgwgYWgK6EpMCcGA1UEAxMgaW5k
+aXJlY3QgQ1JMIGZvciBpbmRpcmVjdENSTCBDQTOiVqRUMFIxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSIwIAYDVQQLExlpbmRp
+cmVjdENSTCBDQTMgY1JMSXNzdWVyMA0GCSqGSIb3DQEBCwUAA4IBAQAbMog7F0ck
+BMnOTiITw0tI6o2ZuPQHvTqPIN37xQRzo2nkDAKsP3Z0bYp9l5LMhwvXB/ngYF//
+mgbfuZvM7VGhmvOAXKxRJSP/pgcMIXYmD6wxNnbd8+RSXGMV3sY3qxkgvpk4OWek
+kXrZOjJvsvEFihZpaaK+tE09+A0yjDSIws/8a9KQ8tlLRlfhOnthoUfKYuxgZVpw
+78j1wbj3hFl2q0Zbk1iIBi8gHFHiVhbpEE7a7ui1c8cNCUZmMPvm/ojEkefFRMIv
+3KX8NENvjgRlqowMz2oMQQrEtMswy7ofQ2qso0oH417rhglOY9YQPjnCKEWdYQuw
+7j1p8nTrvKa+
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 66 79 78 DF B6 14 66 FC FA 2B B1 94 E2 E6 9E 44 45 B3 13 89 
+    friendlyName: Valid cRLIssuer Test29 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8EE0D1DD985FBC8A
+
+Et6YIfjyHfadq7IW2VA8RHjauA0LFzaerIAdya8gGkq2NHxRSXUaAdaQzxK2kHJE
+P1fZvyVUlrdsm/ANhWMp8aSnRhVh0+M4EjcjBvEiui/adNzTorJROOBxcuiwdoo+
+7UerJl1jqnwU5wBRzew829uxbySILsDkhymURrCMqveq4G9AT8Izekg754zVBowq
+oblsyHLin/PIMKWOiwGBJWsdGKLlpcIp1Oi3CeCq0TrIDWaId3/iL8H1g3Rytib8
+AzmRlmUATwACWrvRo945GYD+x3taUB0Bl35l6+3K3SMHddqtRlOR/iF1JRsTHDq6
+8sYZBaiI0RtuAVTleh0gLI+zLxf/kNVNX/3eWd9RcxydMlV+w/+c2og+jiS3VNpd
+3YdgghJ+QLRQ65nq4yCwLLe9pbKgxHsKYA+0fZX8nDzj2TREcsimNyOPW8ZNt7kL
+wMJPnA6AMMcDQfDDsijxZo4vQaWRoAknd+KXZP+EeYXWJP3c6UDLXfmXMC81oG7c
+QMLvXz90OzPegb+2YbBQYE0RoyVBwq3KjmUHg/SGOOnhngEIQSXqdDsf0+khGkzw
+VlRr4cstFXmlcUoa/DIoMQKyVZh51tY919k+dhbyYok01cqIzgD9WzNKpD+Me1HN
+CE1EG9Cd8iZ7if0+LXcHui2YzYrjZOTG4WsEA0ZPzTIVSiXw2jQ4X12Trwbb95EO
+1ye0eSbh7+RGs33IkK4D5nHymEghqTh9P0c0fNq6jqv4+R5A9SLpoQ2f3RfTyg8h
+1/UpfFPdJqviOYabqenbFGbSGy/md4wHvqh2m7lqRUe0gUJrJ5FrR+oSuYFOJrZk
+wVA5Ce5bAI7ZOdtgt2s4+/p93d61JJVrk+dmBqjLsDEPbA4AZqNJf/2EUpaAVV0v
++ycWwFnsnfmbZE4NakWCP19MY/ZYzTMJgQgyKOHO8iy5GRXkU0e5Y7n19f2c136H
+hxRdP6b4Vzx+lemLcKPdFjeV2dRAebhdMr8wB4FZ1go+aYxMmlWYuhH7tKE8qbDY
+D0aoRU8r6d3DyHzai9I+gXW/yKgbs0RiVWZ1fXq1pPhYMXrqecTnxcu3mONrkDGI
+Hckutom+EshGpbRPDCN7lTJoaUZQoY8uXeCyaPiXdHLSsdXZjIWAF+9LoJsQ5/9v
+L0rhVkt+P6EMjshpvnVLpM9iqOzTJdfmJMCFZscoPcAodjDdMHvD1ZvUPkWWEmRH
+TOtSRFqhbPALKYg4f/ujqKmb9oMFrOlWQtLsGr9di4KH0WiqMMZTj3Lh+S0eb4kE
+mXB9Esu28FFBUnM1kWnAJXoyALp9Ah1HTdbEGBNgTzHS4k3+MX8fSNUm0awRrbA7
+z6equPhnEnrDpljoGlcmwTfmnHqTd+BSV74yND9dUoKZldd1LBBuOzzPvrwD7UtN
+7l1m6s5cI5DyIjI1uzDYmb8kEVwL3gd2ts/upTEZ1dBH2zEsrleSYXSoWcLYM6+d
+0Wa60QHYkRQ3/Q6a2qIEBeizYpm/APEWmN0OFVVvHIi2qvj5Mp0f4YlnZFeY8Nv0
+YrkixNgPEarGTXwAzTdYqhNQlOR1VSxWDKlxU+T9L5jHkbU1oTswPt0WuJF1A/y0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem
deleted file mode 100644
index 5fa8620800..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem
+++ /dev/null
@@ -1,143 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOomKt58EC5ZhZuQ5l
-1sHzwQGlV0aO6IxFJcWNzxERgALimki0sMEmrMvIg7vymvt/sQE/n4ivjA4Zmi7J
-AvHlOsvgWiM6Kv2pvPkoBbRuOLQz1jrvOXIQlapQc6bsv3Cp8tIpxtNdjHEagqpc
-+yL8WWtTTB89P2WOaDjUevZPSQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUrbJDVL6XeFCXxQvyNJPFyECwuScwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFWfQvCC6bO3TFmioOAPr4LLUDYbz8Za
-z26H0RgIrFnUEmrPZF7i4/iQpq6cJmWcOb3M3wI/3IlaUmydTEOBpGGazIlk7NF6
-28v19V7KsugitbLcZJXOtaqbseyfwWgFT3LLvxV8qJqKBhNR3NUJvjdBYU6KlbeE
-rZoFX9Ru0Z0G
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA4 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA4
------BEGIN CERTIFICATE-----
-MIIDWTCCAsKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0E0IGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vVQzOttxelJEVuWmMiwdG3GTEejfYhWdQmYtsSPFQ64V3B1F/SYYykFOPCVAbkZh
-PvFOhkUY0iQCBXi95lpCsWt31O2l5oIhKuzqBU6q86Ymk32qDQBvwtaHAlHRSdfn
-nPsCxWlDQdl5El4WL4/bT60xL1SdwWePNDldrtN7hf8CAwEAAaOCAVEwggFNMB8G
-A1UdIwQYMBaAFK2yQ1S+l3hQl8UL8jSTxchAsLknMB0GA1UdDgQWBBQF35wWai5Z
-gbV2xnj1OQvb/oVaYzAOBgNVHQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBD
-QTQgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0
-Q1JMIENBNKJRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JMSXNzdWVyMA0GCSqG
-SIb3DQEBBQUAA4GBAFKBu5yoQtqwA+MA/6AboLUyFrryUbT8gm6n5zVA7H5ezmO3
-apxKCgdHPEshKAN+SgO2kto0eE/4s2MF++66pMA+r8TDDmCrOfYVwMHyPVOrBKGM
-n7C+rt0ozZ32wA3d7k57IIsPT/H56TdX07oV5URZKAJ0k5iaPCBBLmF9w6BE
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test30
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA4
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEArCi7o+0oIpxvpPUN8G1Ys04I2kgIPVMldcU0tM/QiAGdPEXG
-j/Hcn9YQZVOGFuuPKge/kZ7wheOIpI91lKkeGqegSWssN1BzgiAJupENTtDlex3I
-FqatuDIln6nXgUp984F42mLPqLcXqSiAzCkJiPz24slUDhJiLWkEE0fWFrkCAwEA
-AaOCAVEwggFNMB8GA1UdIwQYMBaAFK2yQ1S+l3hQl8UL8jSTxchAsLknMB0GA1Ud
-DgQWBBQ4JkHeuoJrm1VjW/qWHf72m1Xm5TAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlp
-bmRpcmVjdENSTCBDQTQgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwg
-Zm9yIGluZGlyZWN0Q1JMIENBNKJRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JM
-SXNzdWVyMA0GCSqGSIb3DQEBBQUAA4GBAEGbnAJ6dpMVdHCjEMoVtyK7az1Sxcea
-28kAl/5TcdMNyP/DUgoweDRVQcm7sbJ3se3M0ac/+I9ce78YpS2e+83drRFYDRTg
-4DRD5RJUr6SS0F4tAwyncyaCsTn577sLWSmnkF3SKBiz6QNr83tetioIeXhAUcoI
-0tg5RoGSJkFD
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA4 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:05:DF:9C:16:6A:2E:59:81:B5:76:C6:78:F5:39:0B:DB:FE:85:5A:63
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA4 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA4...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8f:7e:a7:21:7b:8e:70:00:d3:23:a8:d7:d5:ce:87:34:44:e0:
-        ad:e2:89:f6:7e:9d:5b:2a:b7:af:57:bf:95:bf:5e:6b:f9:1c:
-        40:77:87:ea:eb:b1:ad:0c:e1:55:82:93:f0:bb:f6:e5:4c:33:
-        69:e5:41:c1:c9:6e:ae:b4:98:38:a0:1e:38:e1:20:84:d9:2d:
-        9f:2f:07:90:7e:30:7c:a1:c5:0d:c3:04:39:aa:97:b5:30:6f:
-        d9:e9:dd:78:d4:f9:49:01:69:93:da:e9:30:2e:ce:5b:89:cd:
-        5b:c7:48:31:69:bc:06:9a:6a:cc:02:2f:bd:5b:78:b4:c4:ad:
-        8b:ef
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFAXfnBZqLlmBtXbGePU5C9v+hVpjMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBNIQB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCPfqche45wANMjqNfVzoc0ROCt4on2fp1bKrevV7+V
-v15r+RxAd4fq67GtDOFVgpPwu/blTDNp5UHByW6utJg4oB444SCE2S2fLweQfjB8
-ocUNwwQ5qpe1MG/Z6d141PlJAWmT2ukwLs5bic1bx0gxabwGmmrMAi+9W3i0xK2L
-7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem
new file mode 100644
index 0000000000..8a24f94274
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: 26 4C 20 BC 2B EA 8F A8 43 6D AD 2E BB 94 60 45 BD C7 20 AA 
+    friendlyName: Valid cRLIssuer Test30 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test30
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E0MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzAwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSzooJ7m4luutdu9QJQDkbY0Il8noU
+TgbKk5RKvCLiBOKpw2OWhUQC6REPPxCUPPlt6Nesrr7HJrAMI6V7ri6BadHXO/3J
+lReya5BgAqkPlHPIUzRgf+GLV4noXkhZu7n1HuC3WIrKLlQ7DxDfOaMtCmM2uXhs
+Htou/zroTG7ed7I6git8dmcYlJb7GwerHzJWXkCN+tdamuzpP/lQjFNAkSpBUkNY
+B3NDRSppsaf3xnwKDw8IHGoprM8Jc1X4bi6Gj1RJ/kPcJZ+Wzfv7xsPvZ06Y/TE+
+vFrs3KAXFYM+F+4Mcxl0cZe97w7kU0YUXJyrG4p1dyx7y1XoMyQkc1hxAgMBAAGj
+ggFdMIIBWTAfBgNVHSMEGDAWgBQMWjLqlAEgC6iqL8kS4y5BAoLotzAdBgNVHQ4E
+FgQUpLFFtgmq4YtGXlXl0x18qEhkLMswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBNCBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0
+IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E0olakVDBSMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RD
+UkwgQ0E0IGNSTElzc3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAPkueBBT1p9JCkPfO
+5YxsM3b6bqPQ6dK4hBSqdX6+lgAkey0kGUH5kp0wyK+g7GO8GHrk+2N0S9mjSFEK
+bxdMuxho41sZp0+A12ZAw68Pwqgg0XtqY2MOSMsPOpwJSq6Fv/DC/uJVFRaD2moa
+avWgugALr2dbJ7jIsZhPmA68101nXSegz4qBeT+AZi5m4jiT75GR/qnbJV0aFDYU
+062FzWBAvrB3a7WT/0/vw8+eYmFeXi8cPouGvUttL/GHGDcVazALLK9GpRAx/2+g
+dtkvLdq5Je3HxRdIJVH8TiTZM8EHdlJ/3cDlN0qNMog9PN5q184xi2nrFzunFdhB
+4nPQoQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 26 4C 20 BC 2B EA 8F A8 43 6D AD 2E BB 94 60 45 BD C7 20 AA 
+    friendlyName: Valid cRLIssuer Test30 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE5270AE65D3B000
+
+kgUcvK3apSU+Wzb/ZnTaqVfuh2oBFN/lKVGl1LJkNNMvZXvACYqYVyriddieT00M
+WGRjmKvN1pFRM4w4WjCwr1aVZSst7AcXTjfobjVPXqoQ84e0kT3hGuqyXXkoNDei
+IgOEwRMQ9gGQpz7OrOaSm3vnRJlkkwLzN6iN3PwkDt7Bd0uVQkIcd7GhZj2nclZw
+JT0rkEn65xPhIik9djCRzWOjfQM956g7PiVUabQOWjts/HeYwkS4l9amBu3WoohD
+tEovDOM3UOg3IuX/bYoTzpOK6WHviDlDP4Qb8yqUcyxO5NUgFgCs3waU4jGn3ykD
++1pf1mmxsY+QhIAdRnnYp/UhZlxk1LDYCgy0YBvJ3U17jhGLQ8iYn6t5TigvjE+c
+I78xd8jf3RxUtzvCGy/ZJz7jeqPmHOUU0sop5VoVZrSBkVQygISMz242PLaptqja
+3Q1UqlmwPCt7xI0+PEoQXs5sjQ1eKJIlM+hWL9RXH4uu3WXECcMJKyesWBQAYW1v
+qbES8bSPAi86Po970FdbAFwgUBJGkE/U1k0bYEuZ4VIef/pxwHAzfde7zAzlUJrb
+Cm/beSNh3lFVRCj2NTpb7YToXQr90zLB9kyJGTleUzd6sX7CBlkGVrw+nje0jKxw
+IeDSEtR18FEOfzY3bKbv2aj3h9amAB9/hYEeE9I9Q5LxKFyw8b+pB75kUi0kuwx4
+u+tW/PjELoshJujhOZtXFveqenV5PYxPyE6KP88Zst/5QHWOuG1+FlTLEQy9a7Oi
+D4vq/65n9sgaH/L9miy+CpubfXXrAawvFNQJ/QDymjAp0FDsU/PxlaE0dzsAQmcH
+HV/gJEVK0EWJ85Myt/L6mdJszeOCoM0vttA8wxejia6joIs0kMX/AccEzgC1tSDu
+F6WJ6sTV0FNi6p/b7I01phRRDUY44TFa5qeiB18ZmWf5JYT3QpFcZ6Dd60OIA/+m
+Z80QDdMHZbBlMux/ZLQygD9q58QRc0uv2vP+6HXZLyEUbv9NNkz1v46hIoixT75H
+iuqOscTdsyfR9xbe7szTrDLSnjq6iN3lHL5bEtdCsBDg6GDcqt6V9iG1uE5zdzNG
+bJo+8Lvm8TBn47No6gdFyn3+DHAdrrb2HgcmxRUxGsOBScdZr6bXNkZe4iz+OvHw
+hCzAD0XCp38a2xiR2dWj8ZnyT8/TEwgOvuKLSXuY0BHZyGSJo9OCwzV+F6jgzjnE
+I9CG7O6E9vGJ54N3LPUmAEB9uHixGwuLjRTlzjyapIcHlKeW/srr/ICVnUi8c5yB
+qbU6uo+fkBEicaJC7foK3vGLye9T6qAc9S8vmOE2CTi9SeLCoSBLTaeYFURuKzSx
+EJ+c8PXcjLKkAYBgHDNKvdJf/tx/hfU2ZZIRPktvwSr/blqgyreIvdExdmCFyEwZ
+jHrrDc73mg/V+kVWbDOJmG7VG/XigY1XmyWFJG2E9eGzyhTsh0AINEGJRg84O8fM
+lGEDLJZSXAkT+LhAMF9RqK0znrnCbTH07mlf8BTDJgPlWCZVqTVqe6mRyEsAfXgX
+DEIejVs3Z9uE3uoLBSQbmBFc7G8g8BluxzeHtLgRtpXRz3FY6Z6Sl7bixHLVk+2Q
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem
deleted file mode 100644
index a1d4ca6ebd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test33
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUTCCArqgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA01gBYBQnJrrihQ7wxqFilR6zjimXk5ZbQs9BCX1n/zpBfmwn
-ezaal6qZo9BPsXH+zjp8eicI+kPZSXMUd5JgwwuHYH9+gL7EvKobEJc9WBuhBU5i
-GRSeBq9M0UltbXo5c6hbxl22rmTpqTaehigZ94dujqsPPl5g334rdtPU2IcCAwEA
-AaOCAT0wggE5MB8GA1UdIwQYMBaAFMIbPqoaTsEzihqqWUkDsWaiHPB9MB0GA1Ud
-DgQWBBR8QXrBPNUgzCMGCs9z7zs4nferRzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHNBgNVHR8EgcUwgcIwgb+gdKBypHAwbjELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9p
-bmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJl
-Y3RDUkwgQ0E2okekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBNTANBgkqhkiG9w0BAQUF
-AAOBgQCTqqePZ3xWbeWlGEO5gbYfjxlqTrTOYOFZoSMlApx3fDkAo2o89IvoGN9N
-hXQDCVtd7MS5g1v2bCGF9TjVKgPMGIJSFGp0QIRRsNdsxRi631JxUFvVz7yE3RgI
-Qjll0EqM4nEceTJaNz6SnQhSjdcOJspkqKXUA1ga7Za2rC8SSA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem
new file mode 100644
index 0000000000..830d206e9e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 0F 7D A1 ED F6 2D E3 B1 55 23 86 96 A5 E3 C4 CF 05 60 F9 7C 
+    friendlyName: Valid cRLIssuer Test33 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test33
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEajCCA1KgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzMwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9GPPNteHIdTdRRszbD/h/b+eGaWAD
+NrTjWgzTuZeXV6/D6sW9I+f6S0jcJGSvRB6kcM50+BnXqVV9fnuMgULlmpRAaGqw
+B6NqjlySxkrbuMQPOoHqp426I42grxN4OPf+qzujMMjMGAVImdnDt9MYfM2j1Sr8
+opCYbZFI5R9HXN4pmTCPkp5fox3Vp/ATCoXNtE6tux4iLzlEi+oyK0LjWYWvUHJ9
+cAAqbtzZEN5d0y41a+DFQSkckfCdR/M4lmLG2vzomt5Sft1KyYYL8OA7zxBJVcqx
+H0DcEW0kUPgcaxrBCHNyDuHMvGqe4sl4lOaXamQN5rzzgkFxmGTxeeUrAgMBAAGj
+ggFHMIIBQzAfBgNVHSMEGDAWgBQfySCNC6NsLXdPE95C9Au23ip2MTAdBgNVHQ4E
+FgQUluhzy9F5Af6JjyGhLMUYmAjLgycwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB1wYDVR0fBIHPMIHMMIHJoHmgd6R1MHMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQL
+Ew9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5k
+aXJlY3RDUkwgQ0E2okykSjBIMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqG
+SIb3DQEBCwUAA4IBAQB+9q8Ik0Z2KfZHsQDFdbZDL+EZUxMrzEj59fHD0X2KsHml
+8ZEj2YOEvnsGi5Y29B4NzVSqEnIJ7JHh9oWrCguHtLhw/x6VEy9ghE4Uhw8F36it
+KqCn9a8Djhxrj0riagy9ww/QRFV50rXuV0TuhiVBR1/A9869dx3onqOZiaVljzgr
+dk+Cxtze9rcyMrmaGvgboLlpPF9/s9JLFNc6FH3tH5PY6xGcEGfWtQeEedhJCWz8
+WPRL+kUf0aT5qX0PD7PHT9UDMzP0338QgAjI5rsjhPScQs7oSRSbKV1jkgdRMLoM
+TsUpUhQRYx5XVz36f7j9x94IWsz5PfkBqD2vH+AX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 7D A1 ED F6 2D E3 B1 55 23 86 96 A5 E3 C4 CF 05 60 F9 7C 
+    friendlyName: Valid cRLIssuer Test33 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1CB3D75D493E7769
+
+WBhqGT+RJWLGu+ESdchE6u4yA2jPGhK2rK94zXxv2OK3ZgzRdjKJszQmWS6WHXUW
+T2BnHRp2oD2JUl6uNuUeIl+NteuHCaBVjCHJiY/zd03YbiS13x9q0TwnGJzD3YjR
+C5+zw+NJiTLikVY5etDNibaf56NykaHownrqQu+LlIfLu3yL5bY1x8nkEeWnL/cY
+zBAYa64S+Vh7Wd6Q5dXEMtbpUYmAfHFG1XkjiaBL3FDtMnJOLRRBtq7z9Td3CGxe
+Za2lTFhHFRHw6KbgDmvYz6lDnP/mdP4cNIw8jMaaB3tRUPaoAoHxYr8lY9RdxQt9
+wT4AxDkCC7KAiea+im2BhX5LhdrOCoWjcTrBNJRTp7mypXwezE3Uw4/uzD/bi5CN
+UcSJ+RwWIYfLNvJid6QkmKDg81cvEP2MlxHnL9nVycO0Wx/E7eDlnpgSq6CDdTx5
+3hvUSbTvapTXN2CM6KQlbu7hbvvfkEI+hXUpQ2lpkigJQCyR4uMRsqwuoDsKgKZJ
+92s2/0KATnCrmeUIOBR7JF3H9cvJf5Rxtr6QYi9IagyYl2HhWMzYgD93RViqJ2yw
+vkDG5I1SDvusQEO6dca6FaCb24UzJKFgu+zk7+ma8cmZaYMmZs/9FZzHAQ+PgrtU
+iXDqJqen+5mWyozancFuc6wJBxksI2vmHx/1BI3Uh6i+J7iQPXvPQ/p4Ti1IS4nW
+bm3uxohjMf7KdptHVjjr7KZxDyV+i4hmyke2Sl/oCnFfSdUo44VafBJRJmEHB9W0
+ECLt8s1D96d7uDU8ib917rM4YscmH1uB+i0K+cEVpAL6/HyABQmzSVGjFRjeyTxC
+KZ/5a/dlw9Tpgh1Hp0vDWOFFS/r2zpbPqmADOxSBle7QShRGvSFz83a1/vEs1Y40
+GNl34T/0cVGyupqpFxwTkxJCamUF2A/yqDfCNJJUeLHTMljJrMPo+YaJQhBzGMuA
+EA+jxzenFkyAjo3H5DJ/6gvYch0xHv4xp/OMEeJh2T0dv4kQN0Ia9uKgZXySgMID
++Kp//xLgxUSNt62LYJSmmoQ1i8w//1y7wX/0RfgQVKZhE0lSmZukqvndOWh/Z+tj
+HorxR6YWCLvBIaME5VDMjO+GnRULTjkzC5AHqe4oR8bBhwmD1/JqfNaGp9WEd6YM
+PSzwftuf3/WF5wwhDusTPr76sItEAOuA1fBcu3zSVYCLrFyS1XBrBdnl9Vj2rNIM
+vyXF7BvX4mALaLL64L2W4YXqmw/GG8RqKyQudQXET3hDDFqIEqIA7Yx2I3mA3LDu
+EtcSEoL4II9rx91Z9+30gnexGhNbJR6sajtOEYdMGSIpNaPifhsVk5b3OP9+E6xg
+RAKU9nyb5Ta79rg4FEyk4Mj1bYNFHWacbD9NRlhHRbKkEatoLahUjSufSwrVoioK
+d00ywK6abby9YLHyBzr4wEkJhDk5Gs4VTcrD5jK8MX+WVGqfVvgKjwlbPd2D0Mgs
+Zo9maIWsYEpnm1H9kblXfdvDBbw6TfUs32vwX+7assnr0ytiUlayZWmVGxL2QOlp
+vSTqZtfArBsdQuPSOYBQO9TV20G8f1qQ9CvpR21MbSIAs2Uir4aIlg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem
deleted file mode 100644
index abd16aaee7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANRKVxWvFldCkmzvNTs41NjJct7Jt2VltlefYPwBuwPuHZveA3TbXj88
-nvKICCqBLZwlhGlAyfZTqFd4gElplVEKvfn/GSNyGGnsAHfZJOqwzyvpIPx/yg61
-ALFj1gsGSesibsgaXOhUVO0N6EVpse2azO8I7qSpXf6f6b+qpSkLAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-zo7j3tkIY9+L33KkkCzx7XzdaOcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBABBiIdpyc6pIhhnujMn4FXCBcoJtkC5Am8NB/cgPKyhVlUTnp62b
-dbt1zoUI9KJPSlwBuJduPL/Q9hJr1vKHdcFC98iANtf3s7fzzhGF22Nel/qKtlWr
-fldw2WVkIjTSeQV9gmBf3cHAV31JP5/q1rMljeZD448J9Cd46UR05jM2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem
new file mode 100644
index 0000000000..6d14a5b19d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: F6 29 DB 96 07 D3 3A 5E E1 03 C0 AC 2B 81 C4 CD 0D E2 6B E8 
+    friendlyName: Valid deltaCRL Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3QyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd1BQ7/wKjBDcP9D5j5bCNy9FutJREznSiHS
+P1ZWdbmMUNZgzwgmA9oXqX9wqbQmq/KdQj1UNao69Ih3TDu6pIhWs9tZFDXQJ5Aw
+QBTS8rxdxcTzvcWYh61gG35ZS+obi85nDBtcMH6uJ3CVzLOe1S/cneeaIlvME1dR
+qEYUizVvc827K/POXYD89i+Cv56PTvkngHaX4s9acF2Nfu+wI8mgt0VCuCt+/FUq
+9WkUEzWFwWZ9l9wtYPijG+8mD5RK8UKhVYAnLLXHh1vY6a2g7fNg0nVE2yFMGMQi
+VWK+Goj0oPwfQbbWhdyLwEdoqbilnNVdVvorTqUYNDYVL2feQQIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFPof
+pRoOE0DZ7urfHC/l3cmHSCQLMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAKPvo7tsUNQ5bI0XnuZU+EZuqi0EXzLAT1ybFYVQ
+dR8uDdi9l+HdRsKioPOoQF2wzjQ5WvvfVMQ0032aXqQ2mKZP5n3NaMYon5l4ZMZD
+tmFSBsNpKmVL5TfQNhujuuiAg3/iTviwTK3tApgdUhEioZomFv8GT1P/W4DnDpjU
+Khns6ZZS1SwE+UP5ckJBFN75J3ptYyUrialBjCitoou5dH7hUmpKL6/jwr/zTmXm
+QT+jNsNg2OaKe9BZUuE3T3vMS/ecQPkgUvosTeqVbg3Q3g53Kq9noiPrDOF0RKrp
+JHoYsWHK1AkMy0o3uYUifeVdRcYxXQvaScLwwzsp/bv6FxM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F6 29 DB 96 07 D3 3A 5E E1 03 C0 AC 2B 81 C4 CD 0D E2 6B E8 
+    friendlyName: Valid deltaCRL Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE2887BC9A995025
+
+1HjPKjN/H2UbwdN8notTrNk82KvHmYTDztz6me+cZo1iMW2K/W8go5Y8xgtQ38Nh
+Jwj+xw/+lgAjUQ8kuk5PoW+KUnbCwBS9rbQyBXZPwSlApxalnCd2cLxWYBdzHT1g
+4x45pkNw86CYpxwGijOEX+Ml6M1FY2y/X3KG27GCAOH9YW7BPvAt8zTg29cq1+Qc
+O42FSJK+06qeGrV5ElvQKK4iCi/UiGFsAHpREfiDLdD+Z/YZMa9ERPYp0eTLr/A4
+AXCSv1tABz9hJg6QT/q0FtOK0ub0498V5L/ZIYSbHxZ1Y/3ACqHQNeV5kua/80DO
+YnYyhouoiXEHAFJW0BSClK1WgNQM9Uoccvag38iM+KrymnlhQH8eJnG5rM3QI2yg
+Cm6IKuyP2fFx1Kd0qCMiaoEwkh+zWysq1yITFJhvS4NMiW3QVC17jzS5zq9Cht3D
+lQChON5wDh5fxAyb/nnfrV3T4ZbI1uz9hmJwEhoCMUp1qAUZYhQfDrBsRLA5OPdq
+8xnNx/1ol2MUlhp3bN1FpsgA9WjY/5rCD9RyXGctm/k0uz3or/C7SGZHy12e3EPa
+/2pBth17y1S2dxyoTQjN37ulolA1PIixkKgEhHqqflt1d6H+7w6g3897XzApsvi5
+QfOxS9dd2mEfoycfCIkvk/A/ovkWbV8USHFvZT3tkzVyxG58RdBsbPspWXnS52Up
+EJci07kVoihq/wQAY8j8Cd2xJ8NYuH4fL5RUGJPHBMBIQwQ/W1h6HrXvhnFbDNnk
+/6OAJfnVnHKVEyHw+wG0McybPM1KWk00BSFkRbwxMQdwunACjUEmC3Mzdktrffpc
+o3moOY6aTNF3que/YZD9B7yWhu1bhmO3t3cRw04To9dMUSdO+RLqp5vS907B0fpa
+d5J/qNafSjdWTnkzBAQzMX9yHXMuAUIgPKqM+DFyZ98JBIyDjrmhccc2Lnvy00XH
+baC6d6FoGtwaGwzEeKIEJVV0UBEBxXA+V5JML7cqFsm2Fr+6sTmpTzoOb/1SnORL
+1t0tdMSEAkOGT8DTD3LvF3jaIuxdQttwWx3h7bJpH0UD4Lkc8CUUmO8MwskOvy1y
+sgU2FEFTh9WEeQhu6AftdL7PBCHIdlbDU+p2GLOidIq/UcODVLi6+uIXyJheAnNZ
+63xyQXRYF/t9JgbkNv8pMBU5VZ36jjzweHp9cXcZEi5Kr7Wrjh5luKQJhiRHyh7P
+b8nBzJmZt+Rvkn0JJmgnO+03RFgWla6tySMQwgciHpewjVOjv8UnbNs4cvhdZE0Q
+5e/swhuc7mMHOeAiui77eyzFclBeRVKzJ01gr8c+lpHNSGb9oDDL+1hVZ6ITfE6U
+wTE+PijTDNOSaAvYfS5LFc42zIxhssj4pbSaETN0G7ANSSbBLnxb5NDmNMzoj0zL
+s2Q/mRSOcnlkagZz2C9LEr6Rf68ZhGJk6PLESfUlJJXazsm2Er7JntlIi2orEpVq
+IBZB322iKfErIg1w9M/N+Iq5OUAe/xF30U+I/WXT8NBjajYD1Pasf2gr27Q1uk8p
+Zgp2+3EGgb/AS4g5tqzVY3vMmYcKjTMv+kMq5I8ssjibMZS6d4Bp2huXpx1VJ8SM
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem
deleted file mode 100644
index 57390f882d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALJoiZyA4CHBqHesCHEPO2Me3gceR6LJTUtoEOGP877OjigufADkFCsN
-m6lEz1zn0JfUOvERm70QxsfYSjpbc3OiPi8v/hbsB0whYBVGe017Qluvyf6ZV2v/
-ItpeUd3v3rw3g3Z+pXGAgLTeDBl6RhbybuoORo2hbpq1hPkhrep7AgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-FouAPbKkYNJGEKJU0p5tKX2BhpEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBAGu61lJXt+1uZ8FoGyPdKeHvT8YKDijsbNtC8azjbqKRIz7ETsfQ
-9nax423fRWHnphLHzSUdbuIdBvWL8aDN0T9ZvNt4A+73SndqlIw7y3ULlw+r+CRs
-UBmBJJSEvo8Bh+4OJCjGoZXDzdGbQ+7TYzZn+asNvDVZE5MN8o8Tcq8r
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem
new file mode 100644
index 0000000000..b20e3975c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 93 22 59 7C 8F 4E E0 09 A4 B6 5F 3A 9A 85 15 F6 8A B5 FD 2B 
+    friendlyName: Valid deltaCRL Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q1MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJFECVVjrL4M7nLTi4W1pAi2nrpcoUfvyqYD
+PRN8qfpzIE2sdD8F+TFkPACLkiLO/ZxHg/SMlLxViLS14Psx2wsNVz8FKD3B2M4l
+7BqdRL9kb5n7AWYajmT1iBJhbiFqr6j+4wPljpRifp6mEF+Y66kqvcVOJZYo9mxK
+wtFfQ8Bfq80QXqADKzs14Zcr2WMwI6e+qxvvIEBoG9AiAXwcEaQQZaNuxBMAEWYj
+J4QKZb1ThRQvwHR+OF2WDQnFJU/igyo6r7JlC6Oole3TDeXAL+HLLc7PrAFYuKAC
+Q5V9uIAuBVsk9ZqTv3hxWlwM8UcIniTbCdaJzMk9PUnSLiIWDwIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFEll
++YhvWUeTjLvr+5XokIkUWsJaMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAHzp3LR2KfAWREjO8RVbzdP43ggy2Qi7oYZ3NsTp
+99KuQ4Z5agn0v97GgFfCq1Aym/dcoilxYT9BWD7QofsVUdHF5uUhVZ6oW63CR+rM
+6YC8WYneCzZc8MZl09I00mJCeMqWhRpQcaLGKhTLeJ5B580BSd+w+VkjiqHZr7SW
+Nft16xyOsw/jzMZQZ/bsjDcb+M/O2Gy4xUqpxp+sJNHeeY7N+/FX3OG8Z53IML3J
+SfD2Y+NUZ6UOMsTq4c7TxMFFUSmBrpg7xkiAWJl5HIwsX5dtFK33AxAbxOkXbmfC
+ESxVMsWyt1eXn/ndaiwAqyq5GXfcVyXCJJHcvdYjl8jGFrM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 22 59 7C 8F 4E E0 09 A4 B6 5F 3A 9A 85 15 F6 8A B5 FD 2B 
+    friendlyName: Valid deltaCRL Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,517C8F7B45662A8C
+
+QdbF4c6aeSXFoCFctsIsul7/4O7/znzpz6XNcnLnqZqbKPsdiWjNhtriapJyUPs6
+1VYXFHi3y1G9ySFZ1FWIbWoFkp62As8EaE7D/o3xQMBRGC3OQpAntZWdUfLmIQBI
+ImhKFY3dhJ9pmKKQ6lbfyXb2LhURTLhEeyqyhpNllppMS5Mv/iF3s/CP0BsUENwe
+5mBc1GQVhH0UC72fbIhsP741UidXoPLQKDNWQ3G5sX9X37YlmwkvzAFqFupUsZrq
+JKRYNxx1izYCzmlhWGf+3jlxtfhR0N+ULl/1RxE+cpLelPlUn82G+ct7i0mXyW8L
+nBLqEHq3IhbKa+baEJMbWM/vrQCwnJYux4NWtdTCdjqyHFcpnOSkosM3VJSi1N5A
+LePDEUhKHMfZigarxyuKLTYyVj/V4EmD3IOWbqxNOX1KUw4sb60aPEjxiPMG11q3
+x4VgIyC1v9l+oGeJflAiY/7hVoOtuyfDXO7Af6an688S/O6m7gkQ+eOs2PQSVTCl
+Nw5+eAAbaUjt53Fpy0WSS7sWQjnAHIaL0tGYwxI5wkmvorsilGWE8SJ7UXT0uUkx
+s9Oh+QVcj5oLeVexyui7ican+0Ok/mXmtMh6svET671aAmzef9VTW2yvGEsG2A0A
+c4//cd8jnfYBVkl/kdzPyGZLkbzWgMs+Ynjbco7eoO9lSX3wj2YIlPe3FRMbPRLg
+Ue69MiIKWZdiqcdYmQGO7/mqZUg5EUcFM+c93COl4tqyjaCNO7jqAsdhr8oa35H/
+Giml77rH86J/dUFL6Aw+5u7RCJQM0nKPHN6AgIedZZbw7Qgjph01S8h22Ot9DeR+
+ZSVDSi/xPfneJu7SbcUvhifdRYi1ytbMsl0saBKCesHRt0OtimqZHbazD5bKjJR+
+ceNVT6vR1E24LMvtiFLARt2c94XpzJ9iWsmHoXZ4bimPAFlAvVSKccYa9mTXjYvK
+ognt/cXnIpekOHbLt8XPRcxl/lUDT6UUtPAph0tn4/G3CkcJvGq1iAZ5TUbyzvTZ
+pE5GwCsLrFpDd5phc8yMzbQVcuFbeTyRUA3tupMJHXE5UjNtm26Fob2R3tvbZBju
+N41tv1AHl3QZSctjWM9kivZbYliZyNTuBwEQEJiL37XIsxCuDHUUGEKsAOQRPOio
+uLui6tML/ydeKYHJfj4bV/3RWbeuIEHxS24qNV3a2Qcfax+rGQZzdk5v2ijLcGzB
+U1biH5fP6A/JnYpyP0/eeqRnJE3HqP1ntRAcHWgWAiqoRD45zYm/efDr1w46N8ZO
+XN7b3R+zmpDv66spLC417jmT4E5//azPcAs5dknlxALTpSSTY5DqtEXM42nyRn0+
+LzehGCrj7NUeZkSo+FUB1bbD4UjW5jFCsLGcC2y7vo79r5uH/AV1vgGG8ugF6Iip
+dN0r4hM2EtOVMDaN1RuP3+iyslbE46T//gICRLFm2plG3nGko8BgYpGnUsNCB3b2
+pgMnkkWjpYpxpCs0SAos08KXr/LbaZcR4RwuhMK3hWHboHPPZGd1+tapzSrxNIOe
+SA25jedrzE6hDdLfJJUDH/+CmgS3X/Sc7B1hq0bngdxuNqw2XZnbRPNnYBlQ9OLl
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem
deleted file mode 100644
index 9b046d77ae..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALU8oom56GYl7ggs8WAyhZeZmMxxsN6Ikht0t6Iydxic3xNbotaUS0iz
-H0tYBYwzuCTMpM8RMBSrU4UlqIE/9V5PuY2dWiHDXVGRawMdE3i4UNzrMS0BlYDz
-zvAw77ifKwmObOm8R1CWg2VCY9xzFWqER3YRDKQTcK5LzjtxP6PZAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-unt4uPVRHtIAndMWGuDH66dedOcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBAFwV555uqsNA+ZtS8QnVH+RRp5jhYTymacP8yc7G87Hyue8xaNzA
-yj4g3Rxfthlo52FFH0ZiuOKJP4YSvX4jr/BqZyrO5eMNs+ln4gMHn+RVxBdeh4xT
-LgXbQGX8wnks92CCGWUW1vbXUSbpBW43SaT767qDIo7yTASQVQ4jtWHJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem
new file mode 100644
index 0000000000..3d0d5a7c95
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: E1 24 61 D4 80 26 C6 06 DB E3 20 10 B4 4E 3D C1 4C A6 CC 7F 
+    friendlyName: Valid deltaCRL Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBBjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzciKUI1wBFK9EwAbsgpdXjusVk7/1h6YVvqN
++ZUJbsgq/3yxRU4jeSZDcZjMXJPXsrR1hLXn1yRpVo6S9ZobQuaefENp/RiASNOf
+YBYATNAGQmWFZEX9QCogEJpWeb2dFF32sCRzYwNy3DQaBFeDcTEXVzsdvXyfS3YA
+hXdQi5gefeuZjX/7OKl9pRBdaVntD+uE/wAo2Ez8aHIFpPtaqQWocHVZBX9zvFFI
+9V6hrZWECE6ncTeZnE5zEhRsgvEQH9yP/aS/B2VsQ9lp/vLgmUJNlGM+GJGVHt2c
+3GuwDOnGf2X37P3MhtVikr3n5Kdesz6/uifl/hEUTUYuVWJNQQIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFOW2
+9kwsl3yikB+EDuhYr3oLXkCRMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAAs0oXbA8TuPF+tMxNXgkOguLJikBkt/frKilUTA
+9DmJ+F/9vjHr72Q9bpjsqKp/KHwJKctL7wYuPsAkXBEMBAXVyKksD85/1Eka6YU3
+puJJeA+Bq0bsDESrJJL8XEXD3VuOLMbOq4Ot7DA6PH7P2F6VkfYrKXJEtabhBkVV
+0KWRI5aCR94pPJKoz2up29fJawUKLXdceIVKN9rWj2+mMv2aEV8f2WX2gbNyqZUE
+35RVGyExTLdt3AIeJ0W9RvxccyIkAk3T5rdeofjhjgyI7Y9/WMBT94BhBQv3SAXN
+3hmax5SnAGqm4/Fh6jl1LZcG5Ldln7tj2DMzewoSysPbTiA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 24 61 D4 80 26 C6 06 DB E3 20 10 B4 4E 3D C1 4C A6 CC 7F 
+    friendlyName: Valid deltaCRL Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEA4934DBEE6AE93
+
+fdN9TkpMM8GT1odOJXa8TnsKePIaitXGooKLqmvKooIQ84BcTzK1jnOKea5XoqGT
+MlnNHtbl8fO3/S6n0vwUQp3+4EfKw7eWvNVpv+i/L+I3ibWlOvq5YF6ke9b2JQHK
+tVpKguGDiyqVZN8nzN5TUQgz/35tSkuMnkZa9AKqIfHjq91r2ZNtk/GX3st+k1GQ
+IJLsQpjDIToC1QVdZDFzbvRxZLVezs0+jyXgedXagiCyUoKfRAVSmcP8PPibIFrH
+3QPE1D2KmLKcJbcSAR/qJ27ajGEyNjDpUJo6xDUFiKRDYgyxD5Ect26UNI5BIxa/
+/wIcxSDMB2GS5Q6rMkWQXbhjE11/s0C6kE9FDbonrA414PdQkrHCHBj1WtyrOhFt
+1taJPjc3BU0aurMQXFpFaN5NOJciQMu8JK7zR/AeCTkXAFLNyZjZac+qfk8OY+5t
+XoSH5uuhhwZBqPPjOtWh4KqHtjitAUbZ+FLJIENFQhINQiECpSIzABc+4R7tZDDv
+m+mKj6VMo4ZxSGs0ViUNm716dqJqP2bpPi4gF7Y/Ivb6c0tuPtbY2e889WlgxHbK
+2fEXPPW/DX+cFH+gHTCSLFLR06fTENm4pDJ4K6ClEhnQP4qV//udB2PQ1PKyUZ2B
+aC8T9HgvqOszDQbDQ1DQ7HgBlwKd0Y8qqjSQWrr16dsEzbTilH9odqjsOQCpdE4o
+jk9g8O2F+85LsmrBmPn+tuBmIwnbs+M/F19wYoZpLrT9Nh0ux8c8RQvvyIOZ1cPt
+HhfTBeMEmmz/ItkWtGlcAoaMh0Bmq6X+c9n/ZF49LKEztGEhcKpdQu8R0YoFX6yb
+PNqJFXBpWOj5vJrRA2/PVcobtJE55KyOExwDKbS1b188tKJNSJwZbqRG/2ZkX5NK
+z6j+OdQkdoLkq0z0FxATy3tEjlRsqNWHC3352yg6aG8ejvtvucnnf7eSrflPSt2C
+ADYY2uw1NLJjlv8T3xqJk15erT/lRu6ycCBHi8/Pi0Uo2KAoMuh1LIQYD01ZP+nS
+3Sgl15GSwb32Ldmb2ZOkq87/zgIT9/K+Dlb3LGN4v0yzJCb6dZCqPeK0zv0QBPsa
+6VrAVOB+mSszbuDXcT9Fjt7OCT+Pq4Pk4OjVs4tCaY42dfZTBHhBw6dUHmJ/aZ1i
+axmzijm+c32uxxVdt2p7kqt64qdZ58AqgCAGzglyMcIGIQzWo6uAoir8kG2/6clh
+YYPT+5J6VSPC5UdXcSvH15SLaWDfLX7/KMetUbof1KW+/CrPM+L8CNNqdpCinVJs
+iVEY8isQPIIM6WuCANSIyvV7XkjHVqxgohmcmjuDJMdPFm8ftEcZTjCfvy1kF/yQ
+JNz+XsLDjmyRGBQ1bcIQWZR7eLXeNPERe5pPAOpLbWM1IZefGZS1PiuBAOIxK9yP
+AfsbvvVf4kKYy+Ea1XUZfMwLdOeqmAgW1WyP7oB9zlQPT5thQKyMm3Tut+ad8OqK
+cXtMRhi+U827gs/lSbwluA+2pv9dacA5vebmiaku8b5fnOpzo0AH6CcQZGvWMW9x
+kv/jqMId9ppUYu5gzs31/prBo6R9dZ7pdHQrk1XT7tyklkjklXIYHg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem
deleted file mode 100644
index 2db6c9c39f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr2MUpxzH8HIqzmAylEvng
-qJvVIxI4xzM8NSpC7P7T2R1dmFXK/19W+m5yqOagB9VxgxP9IYbI2VJ/FrbQSD/+
-afpuHA8++piSAs2e/1BoRagiln3PnQTLemPsmVy00eSLnsw6QRdC0MIZjme0/SHv
-Z6XuWPNvicDyA/Uml2pCqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUo5OrV2YmbXI6bLyDZaOa/I4MQwswDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAFnKbCQCHJI6HhnaoKJkHKk3dBK/E1DNHc3a
-u9yx3wYdmqwkoG5iKJjssQDLcbLfpjuF7jU9nKbk2gcmOIa5//lgCmUaok4WZSUA
-u8bzMnpiZyzIjjoW78RyuntCMXbZzcs7umsOKfOlDXj4wwsev4E7m5nvP2Qv7hEX
-ECR/9DaG
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA2
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANNXQWv/s3VtlajbHeAAaJZ+taow3YYnDMLz9tXUqMSOOKnoHR59ec/A
-1XsEc02zK6rj6cC8db6LqebYOUJ1kpBl3t2oEH25mVFiBhgdYiLGeezrLNiAm2vF
-dBdoOCER9Y5PshspgHG45kPR88sRxRuN+NtvOBQ+rS3ZagNzOydDAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSjk6tXZiZtcjpsvINlo5r8jgxDCzAdBgNVHQ4EFgQU
-rDZIHgyRpXqIY0zNvpsz15jbVrcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0EyMA0GCSqGSIb3
-DQEBBQUAA4GBACi9fCMcVs6WjeEeE35GgRLIbCVWQ1PbtOFwwJiaM7f/c4i1F3Kt
-A2BcHex6T21Ea9eSra37uvPdAUSc0Dc3klZS96pU6v0oZtXl07daAhbR8mKRmoPq
-tVcto5YqOd/STL2egFKzNVhfR5UZo1wycobU3FZtmFyr9DFIEKb/mFt0
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        25:e0:e6:a0:65:11:f0:81:2b:f1:ed:47:8c:1c:a4:dd:79:26:
-        78:05:22:84:96:35:60:de:7b:13:ec:70:ee:50:3d:ac:d4:9a:
-        22:fe:e3:9a:77:a4:fb:bb:86:98:21:80:3e:d3:20:85:57:b2:
-        0f:2e:bd:53:d4:7a:ac:96:02:3e:17:00:67:67:6d:16:01:9d:
-        93:cb:fc:b6:f1:c2:23:0b:e2:de:c2:02:5a:70:05:34:35:8a:
-        72:8c:cb:78:ad:62:96:86:50:5d:6c:ba:1a:bb:e5:b8:e8:5f:
-        b6:7c:33:8f:8b:aa:c6:b1:78:a7:e4:56:12:76:09:7a:db:ae:
-        f5:ff
------BEGIN X509 CRL-----
-MIIBbDCB1gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMhcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaA+MDwwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa/I4M
-QwswCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-JeDmoGUR8IEr8e1HjByk3XkmeAUihJY1YN57E+xw7lA9rNSaIv7jmnek+7uGmCGA
-PtMghVeyDy69U9R6rJYCPhcAZ2dtFgGdk8v8tvHCIwvi3sICWnAFNDWKcozLeK1i
-loZQXWy6GrvluOhftnwzj4uqxrF4p+RWEnYJetuu9f8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                2
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA2
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6a:af:6c:a0:70:12:90:02:5b:70:fd:d4:b6:8d:28:9a:51:5c:
-        fd:04:ed:47:e1:a0:5a:60:e7:41:83:23:ff:a3:e0:c6:b1:fc:
-        71:db:cb:8e:a7:20:0e:f6:9a:ae:e3:fd:61:33:a6:21:69:4f:
-        7f:7f:23:cc:33:47:45:23:bc:fc:a1:79:02:31:3f:8d:77:e7:
-        c0:9c:8d:90:ef:6a:9d:38:fe:13:b7:03:dd:ac:36:72:b5:94:
-        e5:7b:43:a8:7a:96:ce:16:bc:55:00:bd:cc:1b:a7:81:93:40:
-        f7:f6:11:bf:c6:dd:7a:ab:32:e5:be:fb:88:32:e2:06:41:9f:
-        5f:d5
------BEGIN X509 CRL-----
-MIIBtTCCAR4CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQGggYUwgYIwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa
-/I4MQwswCgYDVR0UBAMCAQIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFD
-UkwgQ0EyMA0GCSqGSIb3DQEBBQUAA4GBAGqvbKBwEpACW3D91LaNKJpRXP0E7Ufh
-oFpg50GDI/+j4Max/HHby46nIA72mq7j/WEzpiFpT39/I8wzR0UjvPyheQIxP413
-58CcjZDvap04/hO3A92sNnK1lOV7Q6h6ls4WvFUAvcwbp4GTQPf2Eb/G3XqrMuW+
-+4gy4gZBn1/V
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem
new file mode 100644
index 0000000000..a16e256c7f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 04 A5 97 42 73 3F 37 86 6D 23 09 D9 09 F6 C8 C8 E6 14 A2 57 
+    friendlyName: Valid deltaCRL Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8cN2sWESGC6fNXCLygPwdhQv9FHYDd+cFpxm
+kheAY2g4ijWFyF6OUiiGE3pgKsWnK6ggR/TGGJywRZGNHHSXxQXFE2yb9K0H9SqV
+UTMAcnj+Bfn/EwTh/TH6MZ1qK521o2sHnLclVwMmsPcXOlvStj146Qy4bJeYxfrx
+4+ElWzjxrFdYq2Bl8Dg3ttC3VN2qHBt/cgJSOYSFV0NRq9AWahuBvaZLabpwThpd
+GdgYYJoS8xbTc1CbQ2Ae3SnzPzRoDgDIa3qq/dvsvid14x19l5iikXutlOc+vP83
+h030hWFY22BcV0KpJ6JPl1G66jE8bqr1OJpiCsMaIUqS6vk2MwIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUfNj2vgNMzs+3P6EZuzOrtdeN+8QwHQYDVR0OBBYEFDVt
+isYS30aB8pp8CZs3el96Hk63MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTIwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIw
+DQYJKoZIhvcNAQELBQADggEBAHWaKCfflZoi95Z/yp1yP6w4LEJL3H529WDI2UvD
+1Fm2gkj/+VcJhv3e8jAIppl99nAv96wQSyZ+fK3MyC0z0imcgBGWDuG2R9y8CBD0
+/eEoDNuR/ohHoZep5g6tFTdyCEOiOTfw2KlQUHC5QDrGueQYSe+paIUB3U2mi0Zx
+3wKur48JUckLnnqZM5ZsuGbGJq0jndUEPsbRIEkUTD8wPSrlmGa3FZw3/Tv/o6QJ
+Dn3TRvjVTCGiCqDhvlaB3hdhOl9cxqOgC9Q8JHitr17FUcFUnZdZ8BoiyQE5/ASK
+Pu7QbuDtqRlByongR9EinSmc8KZpZOXA2WZmweq6H2sM8JE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 A5 97 42 73 3F 37 86 6D 23 09 D9 09 F6 C8 C8 E6 14 A2 57 
+    friendlyName: Valid deltaCRL Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C9E871E8056A9637
+
+TQBadg+aGhsk4Qn8qCDGGGWmW3z/Xfon1sWhWu/6mKFUmZt7ohtSIM0MIEOZ/Y8b
+8+y4xLYoMR4sj36VErleauBNy3dheara0dmqNeNLY7JdpTQKUBe2Sy/sR5r7bAEX
+qPVng+1RDHDyGHDgdY9wX42pwspeS3Cm5QL2mejc4lVGf59YK/zM8bD99PN4sbK6
+IugUVz14UvkTEghrW8c3jryUlcBRx6lbMyzUCHSQEQ2EJ1e9XdDSNvLiNAv0Fgao
+rvnlL0/9S8JHUie+W9hS33lhABf3/bjCQqBbH6PmH8lGoyRtA6J3/bA39I7pIlfA
+XeGgxbMIzrNRQDFMTcSCRJKbFoVLPLgn0uD/ugMAaWgAfuAJs6gPjc6tHe5fu1WK
+sw8xH3yO1p+I4jPeMmBLB1hUHJMo593iQSTRNKcovBHumP6G4aLHd7rNSiucUj7M
+C/RuTFMNP1xkU1o7eqbLFFAf5EjLPKH0LOiORMYKQfRALz+zhzKI72x1Wv6sFofQ
+RYea7MAsMua/4YIjzGOZ1DeYFkKEopb5kLS0/s5tFLRx9joOzl5MGm0MlIn3cNCu
+5iEc/bPGgA9Sx7Ch1T4x8EabbrNWTbpI3Ru58homQKAUJ/BZWtItEqDq1TuMPgQy
+gAQ7pEcKRHRE2sHGtLkJGmcH67ZIk8ArowMPhQHxslCsnqPEqXu45SwleJi0NIzC
+ceIr4jIhooCVXPtIUSdkdVKtM7/SJ2L1za3/sOB02FCqHRwj+hlTZ6cEg3hWd1Gr
+uJnyhriNrNyMhQY52kTJaPtLNW+3jT26yXIrUWAcsDNVCEHDBMqPzpKNQPVfazMw
+4w+o7e1M2znPICq5r8nbQMT4YLLG2K1JaZmdq7zqLRK2BWo5WQot9Vm0kOlPXTbD
+JTO2V3t3cCqErF2A5gcKj+DuOi/YJN7E2vqZrrw5xFJLZZuiqrVp/gZUWvL9qYMg
+xrGRNta1J/mpiksaosJ71vqnwC4OCpr/dFUkA3WVV+UxaoA0Zt2YIri8wRQPBCoy
+35HZg8rCynP7sckhFLHAqQI96x9djGmFFPzWWol62BVnLAWZ+904Soxs5UTPbQmh
+egm03rYTfU5Zp6ktLb3NdPeixu30i/sBzDG5CvNuchEfHI600kUV7lfzPacBtWZJ
+25C5TpbB1SxBX5tYR/H5kv8M+1dWV+GXOQ68yF20rYNydzzfrd0vYnRzZ+EhDPCK
+2YhzajyVjYeAUdJAJIhaIHAUabHCedlVkWEkDSdm1OzUSvMr9OqyLcEWwHnjYt26
+JXI+GWG0Q/mVJIeyBzbniEzFWVyYqDRYqTiYkKj10BpPF8CBwD7H5jzFlVUu8HpG
+lgLkXUY5iGfhPl3ufNBHhp6NUj4AugJ8X+lBZWFFqdCQ18QL6wPeNfGAhr48oWvz
+97EgBFZaihhesw2eSIUdzXcqZPMfRPt52kBt3J+/TLEE0z/CUpxSpyEDJs9olhSY
+7hoss5HAWV8jbmSwjHMxdEOX6hY5hGk3MnUH5vYKRAfrj8Sh+UAf1B4O5RY2h/tw
+wzoDhzpaggqOExQx3mTzQZKfP5oh4fBpsa9tzoFJ5oa6769qRrV3070BXl4izs57
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem
deleted file mode 100644
index 4d1155f29e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test1
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN6guztNoD71JstXwHeM6i0zxnyPdZOx
-ZTcQsR+TD2lCqIvhOECxI8GdbfxgHJlvh/2nKd7LKSelitE+3fWW/qKMZ/0YuVru
-PaJZ++CaJDZQma26yjruW5AcBQ0L+V9VYKLoFnGDjtlJrHGbvrv4XZByL19ikrKd
-nt241DXaNxsnAgMBAAGjgfMwgfAwHwYDVR0jBBgwFoAUnh8dUFdqhW8b+OZBXut6
-ujB+uvQwHQYDVR0OBBYEFGrgSYUMuxW8YuQDkUuM8pXH+fGIMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYQGA1UdHwR9MHsweaB3oHWk
-czBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAc
-BgNVBAsTFWRpc3RyaWJ1dGlvblBvaW50MSBDQTEmMCQGA1UEAxMdQ1JMMSBvZiBk
-aXN0cmlidXRpb25Qb2ludDEgQ0EwDQYJKoZIhvcNAQEFBQADgYEAaNonr89NlCOf
-B4CPoPAy+I/+jv8FamQoB55nhirAu/W5oZunV0iWLyajzQxSVgMpmrKaIC0cgCwx
-i6XUWy7aAkam0kQMmWzHNSrGEAvMjtYU9+jQj3ZO94LFUlSKsN6Ut1dxXNheb7ML
-YFgoWyPNz0rcb+iy6fjoyxr8fpA5H9Q=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem
new file mode 100644
index 0000000000..68449061eb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: D3 79 25 D9 3C 99 E3 68 09 68 E2 8A 42 EF 15 F4 9F DF FA 09 
+    friendlyName: Valid distributionPoint Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sPTk1SoTy03
+5AcGZcmP71y5DQKUR59LVALZKFRoNPExjKDu/1iA4xbhQF7sQPExUpOp1hmCn0Ln
+FXCS+Cal+tKFOZ2+jLs2QCWk96czfVQ2fKipq7C5CwZXMYfhiUL+RZ+cXt7KEYdH
+TTfaWbHKIBW+7DCJ/AwEqbRa7b7ozLnrprQXvjbgJTsEbWZCD3oQVHg9r+5sWgwB
+/JhcTyr3+t63ZRMT8TjXqElnu2n9cGesJgy3/KEyBJ7nV50pQQVdbVPHf/QximZd
+wCSnlnMubmC0dqCZFJQcJQhKToarEkdyNNZwaci58pJ0heZ3XDwAGhLLXrUc6MCy
+h59WPhNpkQIDAQABo4H6MIH3MB8GA1UdIwQYMBaAFBEwc72NcCiC0m/P0jftzesj
+kdvvMB0GA1UdDgQWBBSy6JFibzXDGWwqeeIz3gyphnF+vDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGLBgNVHR8EgYMwgYAwfqB8oHqk
+eDB2MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEeMBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkwx
+IG9mIGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQsFAAOCAQEAN4Nk
+5AglIPqk6oGm0F3kRKsgBJfkUR8Cm97MqjqzUzNHN9nWnQd4yihkGd00gKMVqHqw
+Cs/hm61VlHa+Y6l+cXprG+aKOQlTzircOjv8kzJRTglu72dnSeUtHZEw2Lb06B/0
+4dO/WUQcvyMzB7bQCeUFYA+JGZJbGhq6irtI9aXgfJK6vOQkOp0M8UNohCYJWVnD
+rJ1ve3lDEYm+TP+oOvGJPI6+eLgugaSQs7x+nCu1GGa7Ur1lmzLBkDpBU7/bb4zD
+58x+mEJzcnWFp62PxUnBIOVjxvHOC5hfvhL1pMwb2hJTCUz5Cll+9Ql0cimey6N5
+qyh2uI5l4i8HykXVSQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 79 25 D9 3C 99 E3 68 09 68 E2 8A 42 EF 15 F4 9F DF FA 09 
+    friendlyName: Valid distributionPoint Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B1814F2B9424DBDE
+
+C7PqZvJSPgKj6ZgWexy/L4+LvKtgmY08HSfMfhnJASIcNGuzYlHeNFx0m33jLU4a
+94hkgZkGwrRyvW8yxEnIxgnEpJAH7bmMY53k5mYRp3yWae84FL1EOjFaWPYQF9T8
+8wqfLCT1Mc4CNSo8/mINq7PRXkRckBL31fMk5vbDDOD0N5/VFySu+r2D6+qIVmBV
+rIl8Pxeox6ZTc423JuBJNOlplcFNNxOVxYkez0kpiAIWQaHHnD/ib0TNRFwCqdqm
+LM2ep6qFhQLxJXdGv+b/uKxYRQneHmUfCICsZsESAI68yuV7gINUSoG5gvuemyVN
+fi2nkG5MhQ5bAu5L8T0VhhRi3E/g1ND7QLkBt8pNIOqfUrYdT7QHZODYe+7MBBQr
+HAZ3whqebuzXsK4r5ZNphZOFOql2pebB/F6EyGExbSZ6bkmjmGqVCSZIfpOgJ0n7
+1xEXo5qOZz6PPyBAszL1vi97t82TQO1aqOcq/rXzA80sjFQopaDhAXeWd/on6O/s
+DDQYz+d+QjgTmFWeUQ+UvvpNXsq1E5WxWqsyiDzNF0ebhCzdyDDxDaYFFy2kUcAO
+Y7StHphBn5KB3ja2xf84R9eV6NN6B3jaoUnZyNTpaSdqSLjxU3Yl363NJ/O+hOgn
+c4iCsEATcq7A2881DSyRr7r8hVxv9rQu9z/D7mz7y8VuRGtABesKVsBU65Zj83aH
+JBKnBthU0FGCC9XTx+IOVATk0gDiFImub6N33KEtzEGBWNKh7Nc1DypjnOI08kBp
+PNw9bWtjRlJ4caBqfB99LLju5KGQa6wJSIzkmhBqrykoJ85RB8UEb49TZxWm8Mim
+Qm/3kZ0aiTTBkWtlZM6zy8/5oHAO8oeqC8SvKrOJ+CE0lWjBAQ0Zyp0uy6TJDeAf
+ea+yjoqvsnXH/DxfUkbTkILZVJP2pKwj38/mYfpatiHyUGDg4v7V6Rxnl1NP4gw0
+Ew6yRe0HeonLkTcEmjqlBsDCqlhU98h/nplTwCcTMWfYnFUVYqGsLDXrJajXL3Nt
+Zi/TbNAWQibB6bCedurPgauHNoRaqvsRnVJZ1DTqFuc+hBL3sWPVweHBjxBbwxs3
+K2GZmE7uL8jHUUoDcvjNrieh0ESfHxDGWwEVKckokQsUKuwdPqgNuCbGeZapce2P
+BSh8dlZkWHvoITUgTwpUU2736xR5iCEcfwTpkLN4eJtFWaTaMBiPNd6/8RKXFAt9
+cs+CK+6O2i4JV3J+hZCT3hqeNAt86lumKlm4sgn2HyecH5Xkg4EuO1Sw6LYUS7El
+XfpT2Jo+vM2hfMp/ebvTsFAOOfoD7V1o4vYfzHcD/rvqnPMyLSnM3sceKZXt70E8
+s2iQ/VxZY8GXrFlXTJa5CRof+CvkWDDjfqlZo48i2amH4qn03Eylapp2ma3MIiuD
+5KhielEG5PBYkOxonpfj8erbLU7unCtNVKFiXT1hDS/o5YDWHJSuCR8A1/7bOzuh
+OYR/DcBGhe6Es7NLWBgIwSYMLTGCv1/sukMqVERVWATgvn3SbuZ2mSxesJjN2/kk
+uvceA1UtkI59duulDW5mIv+zY+0DuYlXTnZCdNR6o4VoVZDQb7vNxzBcDDn02Wzp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem
deleted file mode 100644
index b910bfa5b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem
+++ /dev/null
@@ -1,121 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test4
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDQwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANJIkOdZRwN8UTl55iM8yHPn50dQHIq8
-HfyujAk6Jv6J99xOf9TR0MdxFPy0pQ+sqafVe30jTmqUVekQqyzewTZvJ3Q2tRoc
-POnbHancXe29FlXNO2PXHA+L7RPpFglcXQjTQTzccRCzmpv2bRO4oGEICTWg7twt
-MiPAc4q4jZbfAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUnh8dUFdqhW8b+OZBXut6
-ujB+uvQwHQYDVR0OBBYEFNbqujjf+uaNLMffRr8p+XZZJNN/MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
-BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEB
-BQUAA4GBAKzWCbFK6I9YapazUsu+6hrCf5Eafd14GQqQOhxwUQNvHdD8IxcTeQoX
-7u5YapjezA6GSz14DxHIZQRtE/cAzSIjRJjDvn3rQdrlwdNXRgjFia9Jknth311/
-GXxAPrAwlxOAuTBFplNC9mG9japtT3qz2BkM/q+MdedGRWtS++30
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem
new file mode 100644
index 0000000000..9c24c93c57
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 0F 9E 09 91 9F 0F 27 AB AD C8 5D 0D 95 BF 42 64 0F 13 D1 F4 
+    friendlyName: Valid distributionPoint Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyr8rZVD36q04
+FE0+YBnLiq3ad6FjrlscY2OK0okCydYweqD0c4RT+Pzsx4zOFl+89xzFMN4JRgzz
+W7+vnHR/rjnZMytEjN2k2ogy69ngXOgM3HzQGKCdqki9avl/Nn2vyE8+9pi8GCVj
+TRfEG2HMArmx3PP3QiRjrRmelJxSY/FLlZvTVHj2gAWYAzmBiCeYCl+qR9HxSnss
+JXA/TQb5aNgMb5L339Lk7Y7YT5mxVQ8xKMutTTpVtz3GfxEHQgo6agYxgiIa8bMV
+IkE8p0fG2ZRfYwLhwYy87F9JEIj2ym+Z/0Ooepew2niiFMqxVtQIVslUVLtL/xod
+uiktM6x3vQIDAQABo4GjMIGgMB8GA1UdIwQYMBaAFBEwc72NcCiC0m/P0jftzesj
+kdvvMB0GA1UdDgQWBBStvK477w0iNyKZRRE+EwqQgnHVjjAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDUGA1UdHwQuMCwwKqAooSYwJAYD
+VQQDEx1DUkwxIG9mIGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQsF
+AAOCAQEAlivKj2rplK0uUXRMFJD9MHMBLpL35+UHCR37N0oX9VFLiTff3cCoMfkE
+0Dt/8uJk/N6dQI8n3vIYRH9CKiOIvfHudpFNSAM6LD9rGbIsmYADib3mXE2vVhcB
++edYLI7Qcd0IWXiQYsXAmwJuZfWn/KZTwFlkUVfMDUDOwFBSDIDTmISGZwoh0EUN
+t0ZTUYFUSCliBzQcS54tJOY1gnV4P0eAr946u3Wx2sMTKbZ8wGeKNzkuMYeGYp8l
+3JNoV6p2Oa6zVi+tHf3tckTToZhykiR6LtRcpGGiOGbTIIcdcmPZaf/LUfKgIqyP
+dsaeo0Fk2JlJ6/biR2C0pYMtN/hIfg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 9E 09 91 9F 0F 27 AB AD C8 5D 0D 95 BF 42 64 0F 13 D1 F4 
+    friendlyName: Valid distributionPoint Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,02924E6CEF2362C8
+
+iZyvq7fQJC1gqwi+TzhvSaaAp7cahIAGNyaN3BK2qsuorwMELmLp5vci1FocVpqC
+nJcNKQYvDWGooz4PMDU6GihwexEWMlAoVDGTO+obq4aAjahK68CzqGzROPobnMxs
+SNL2E5geSuF1dU1pE89hadMY35n1sOQtvWqrgaUqmPDcwaCPWGEV1xMH09lJ9/WM
+mV6L6KZPX9be+pXDkhrsZ1E6VwIV/cHkdmDpnhzXuErGHMQlPJqg5j0nI7wXliuU
+XSPiDsladyNIaJAkNHKzjDON9+rsRcAYvQytZ1ANiBAGmY6QXyxlOiro3rHeS6vl
+JVYK8pM5+EhOLJci1BAAc0se2Tvl7OXZIJuBwecvEiTnwCZsgNkJxNvbms3jdbf6
+58GETQCcJO1QJGUdnylELNjZIf1+PP5xCkP/2dAGdYZoN44P5tPstSAAv4uk7a8Z
+NfRgQubt0vovK+EDAh7szn5sMysNgsYYw137qFctYzDy7Go7jDizdZzGV+2/3F/Z
+Pwh0FsLaMjsApxJo5JtuHDOvADf0D66hpzb2HlOOmZ1t6HIxAjbsb4TwV7ATLHc7
+kyo+YLvSXOMN5Ma+4FwBPcMIf8PFtUQDT0KO16JlDtA1GXrbMkRmhvHd2oqU/bYZ
+9Yd21RFaoDOHtaWTXdriMYNcuzdU4E4x7vryqNU7lgxsqLZzShjpHLscTv1mPDMw
+SEe7qQAXfZO8h/qDaPw3PqLInaSeC7QbrBBwtHKsS8kzwgCassuVtLHHGVlRz1ee
+WGuY2MIGMmuHi0bN3IAWffYaAcf9/SEe7y4e+huHepU9HWg8bMZVy/mJS6LuRSEk
+kP/FNlJlMXujsed6NFToB3nNrWF/OZhq+9BrAl6KTMQ3isfGvDmYqw1MfGs+NAwX
+TYsV7F485MHc6dHc1ekJKp1K9n9SrWeT6yL1FNt3radujiWysy4giIsCs33kIqyt
+gyX7oYeprTvqVI0ajwJbVAWI8s7vR/LzR1kwK5El94e8tmpFiuQafBkap3EPs0qE
+/NyMIyneB4Znkn8mAexcMwxQZJrwFd0nmySjUqOl1t0bwX688eW0+EnRuohS83fT
+w48gKgZNEgDdwsOgq3TG8Co03OZbQVwf/lKBFaeFYQ5ml2ZwwuZ+shocufSMQDEW
+DsbD97FodlJeEAdXRDTg7BoCDtrntMnzfXnDButUT94+gTCr30ymyyaGajVE4LNh
+6h/rgdE8qVrsl8JX+8WNsOnCFrOBBV7IoqoUn2+g8eFJrxrjzB//R5Bmk8Wp9NiC
+Er3eBcInY9ySEKaWfaDzUjSoTKm+PRz+q0Zlh5+7RSWZWqpJMX5pKRmXM26f1YCK
+KmGDhg8sCSrqBa4MMteFun3E2Q4PwRODHuprrHg7EzcAm14C4W9R096HDGr2vEV7
+X9LqEKkF42FHLVumGLmOOtHnfx091XDD7v+1zCSbJH7HfNcKfzZNgNXztwRRdT4W
+6i7b6+omPIDSUMaC+UDFI/DEGL9yzql2JKcaYPO/tKkD6Pl1+QOxjOi032W93CYn
+v+Rs1ewQxvnAXEhPTdLploM6w0GgelUvbJiYCYgc5LrLuAygaRUQSS6KhEg9rC5E
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem
deleted file mode 100644
index ef20fec499..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test5
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALIdJpgRzxOKTnCCaASeNoi7icWn2JXA
-bBhMylWHT4WIl7sKHk5BkXh5iSMq81bPtotaxeZ+Ws8HGeZfJkZi3Ea/lo6bRPIp
-XLWXT9bEppiXcWEsQjM1OYGfiqAsPqHLQYmx3QlNndM4/lkMpXScaPwVUH5y1dbF
-oPNUrRztB7TpAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFPcg5CWLrv8FdA/4HseZ3PWB0ri3MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
-BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQyIENBMA0GCSqGSIb3DQEB
-BQUAA4GBABOac3w495YGcjA+gy3vEom/LJkN4/GNBM/n4qqPQSBLDfO9llCa+Ocg
-MeRH/D/CyKU7r767Zx5WsPTRtu8hysZQF/B2QMg7wrt4iJxD2VLl1gDrWSgIFEYL
-gmkFWj4cnUEWa3yxc+WoAYbFMCp10pGsfIpttb0KqIUYHGBSBNdX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem
new file mode 100644
index 0000000000..2ce99c5cbf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E9 C5 29 E5 92 23 E7 76 AD F6 A8 06 0B 02 C1 A1 7D B3 D0 6E 
+    friendlyName: Valid distributionPoint Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocgvAWF32zRU
+CqGI+DvQpWf+IU/MzpIJw0N2yTC9n5RQqepLfHbOu+s9ZEbxs+42KxsbXktapPgO
+yd6z/2M2gxyK4lKH3a1+iAf5hoPMyiYM3/Fp+GttKrlbWyXnFMx+0l2v5U5NIFl9
+sSoS9SxpVMtCHp8n67+fwKLHmZuvqIwezeqDGs/NWsWyq169Q3IIZ+W8mXIsQr94
+1Gs7NgbQ1wItpyHsfGQlcqT93WCloAQvdLikIISCCJhH1/SGZ2sYxWw9cjxP7Qh1
+VNobUSTq45voboe/Q1ccqnpfnFCnnEdepHPSM1an91U3w5PJXSarMloiyXUFsxhq
+HZfbIcK19QIDAQABo4GjMIGgMB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBRKg0dQhxSRE2yTyIuHCUD6gvgVITAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDUGA1UdHwQuMCwwKqAooSYwJAYD
+VQQDEx1DUkwxIG9mIGRpc3RyaWJ1dGlvblBvaW50MiBDQTANBgkqhkiG9w0BAQsF
+AAOCAQEAfBLVqAitbExsjyJN00xcHbpcOUeLsGlcqODdse3hqUWBCGYVSbldGMsb
+X92XvNJuxg9eIXGRFywfr7WaWMhmUE9suOOF4amhS6PySHI+3nRTjiSuSpr6Flsm
+QBy6V8E0GhicUd7gQKjnmX/bngtuLrxDmT0J3KR90K35EDUBHMWj6xtgofMVUKGK
+DtPWB0pLklYStJgEJnbKaaOjO25yE58hxHxMwLRzs+yLJORA9m4eZa4PiGQ876oc
+hWlb5rgAhkEpCva3aQL4bU7LfHWteWHlOcL8YJxPQWReBizEk9G9A1jjRoMzHNGc
++RPY8p7JErINu/F/bY8WhuulVYdYrQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E9 C5 29 E5 92 23 E7 76 AD F6 A8 06 0B 02 C1 A1 7D B3 D0 6E 
+    friendlyName: Valid distributionPoint Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EC0796A18C4A9208
+
+cRBX4eAQ1ocSls58fvv7ns7yXjuLx027m2P5E4VUodsjirJnMrz08Rl7NvpqP3bF
+uRNmrLEHh51rzxof2/Xz70n+gsjvH18AJEprTI2jWwdGU5CRKuFndaWreR6Utnt/
+O0yGfYeYU6n8OUllg+iatMqXignwUtssC8kwmHkr0JL9u2UVWlJtTXAN3ZQcAn1n
+c/iEd/q8CsT1D66zKiNsXa6HtAtLb9KzA3w746cJCv0867BTym65VdIU7Z0dfzyE
+V6TLeKpU9u+p3D34ukjtn2APVeOMI+L8zSgs3/nbL1/jXWG7Wig30HvnEiwf+bHk
+uvu3YFZ57+U+yV2QwUx0H0PgIR0AIgqo5jyWyHsw1Y9kVWS9JdTf9CDJcdYM3Smo
+7lCZy+hemLXYODpmDGdtmeafKiCcBnkj8MMwUyE0fQdK+HhK9S1rIWv4SpVLgRjl
+62+e24ruvNm/GWtwTitLiFkuCaInIY0PmAEXKy0COGmuK12doGfvFEnCqjhSAkF2
+xdD5u1y3iIZPoD1ffUBzO9wzrC+0HnXH7lIkefKg5tQ6a6mkJYwsbPkb3v3q1jga
+uTIG1oSCng/IHJsMIvZqB0/ZXLwqiLRaNxyr6Nvoi0pQfRaEsgK39D0MyGupTPqF
+ouRJBovbzUp/Iz7duxM3gsQ/sr/qXy7pxZbDOfP6R6k0LE1pPqN5X7CJ0PJlIVam
+w7wcFN5TVBqLsdKie4JaR6w9VFK5129ZTSH52FZIRWhCTdwFBXBPahpa30NYVlXm
+vMe4912HPlK7+/yLSrrmofYaBo0esF4VD7dXtKRotGb4pBnw/aDkbtDo/NVI6Yp0
+/LMrYIdm9JQCmC0YrzobxABVYE3rjJKScjFL7uZDpoa1eiI+AMAUmapQphWnR5Bj
+GAVeURKYBqexzeXYhULGkmbMT0uqEiRPq5ciW3NjLCoNdGZD+1hXvQfACUbCpTd2
+anXjNZCOVVsQE5LC2Tq1VntW1AQ2FcHRUrXQtR9tf59AkoR/wWkK67AbjbHfrPxI
+KxTfhjYK6ENq/UuNc2PpFT6RJbM/ByVdeQZMmpsgkJRwYR4btVrmb1yHcU2dEf1g
+xdM7fGo09GALgferFuadvfq9iyNs40yjIbPD9qpq4tfNSpcaRH9gKphwtjpWUm1L
+PCRslk/LdejYd45dW8tBu0MY4NkthyNQCe+4b3cjQyBR/9WRwanoz0hzrMX321uF
+ya0bj+8wjK0aCcavT+gJIBwN/mP1FT0+UsWy0fN1u+sA4BkPtzOHfqLya6YA/gzP
+SXYZM4PhZb+643ujmkJP1SYqw10rDUq1pADP9xdpT8pkmBkCzfi35PQENzcvUngg
+sEeIY54VMr8pFfTyTUjuMNyR3lw0tVMdxMg3eIv4DvVhJ1/R2XS4O8d4xllt5X8N
+6gQGU3f7NZDlZTyIHwCxRFjRlEnTcUCaspu6N2LRqRYAS1VquoUXWQBKZQxGLsIV
+weL/ZdGTZ8Marrw/+QW0QhJaU4wO0WtQxylftd+vkyan0VAYJ/wRDZ2RS6WIVKYP
+ojVhkaeqxbJ2S9vmbMn4SrYDvAMUxbuRUP7XjXcMqpQ7Fg3R+a9vU8xIiCPWs53r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem
deleted file mode 100644
index 47a6d35e13..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem
+++ /dev/null
@@ -1,120 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test7
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJkqBgeil9P1aDGKnKT8h4pjVxykFCh
-VM/tAU8+60Q16CRQ9Bt/7EPt0Qt/mRgxeP51SDX2Sw37dE2Y6aTbGufnxaQbYQIr
-Xt4tEbUHKCx5cTIkR+rQh14970HAccLfsu8j21u+852qqsnXm1liCdwTw20NwfO/
-avIK1efcgtyvAgMBAAGjgfMwgfAwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFJFcO0xfyRIlKoio1BzAWLtkBu01MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYQGA1UdHwR9MHsweaB3oHWk
-czBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAc
-BgNVBAsTFWRpc3RyaWJ1dGlvblBvaW50MiBDQTEmMCQGA1UEAxMdQ1JMMSBvZiBk
-aXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQADgYEAOPu/fA1dLP+t
-SF2JNufkHRN+2SvhsqtuOTvh/uFByRS+H2bLFMaB2IJQwkCidQ53kf8LNb6iNRtj
-hjVosG5KpEvqx70cRcUSp15fcdMDrjz2tAgiq58Eq/8DgYa+ml+CVRBx1Y6KHsyn
-eeXXuCv+DmdYkhXefbSyXe2lUsCiuR0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem
new file mode 100644
index 0000000000..ba308d9054
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 25 9F FC 85 A2 6D 0E 82 9F 26 F7 21 2E 2A 5E CC 14 A9 F8 58 
+    friendlyName: Valid distributionPoint Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhy1vplMFbpz
+ccU9FYtMZkobOoPsE4uf0s8UoML/tgHDsnzk0hsZPzrgkDwd5a5U5rXrt83S0ZZB
+hfcr4a2vgc5n8xtUB3hBI4++M4t6W6pu4YuHdxNZxLJNxzD6JXXzs42t5dTH+Ryo
+wgcfIsTkrMgaIw7gYV9cEoIVxVnqd5AY7qBmM2vN/DsgTaV4uju+XRhXiPcdpf0B
+j6+nDFoP2jrwHvrC5t4BcPfMMUfz316kt1DWnxcRlYp1mec6D2FHnGvVmpBXKU4O
+JzsjSXirlBrpS945LYxHLPwdRDvblL2JahjUKgKHWEZYOGp/UCdK09s+ikIb6P+R
+iJpz0t9/EQIDAQABo4H6MIH3MB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBQgeJBnu2Gwake3G5H9oG+TMcj37DAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGLBgNVHR8EgYMwgYAwfqB8oHqk
+eDB2MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEeMBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQyIENBMSYwJAYDVQQDEx1DUkwx
+IG9mIGRpc3RyaWJ1dGlvblBvaW50MiBDQTANBgkqhkiG9w0BAQsFAAOCAQEAWi8g
+5HeE4pN40JTyl1xf2WD2d0Rp+EGRPBRT6JsA0Z2ajrVWJg/Dpqj12PgQqbCY6fd6
+e3DSzJgezXAOFIdaXNRWtt6bOYVEoZT80/Uszv5inEmYBWJYoJHaHClDR+I8Jxy7
+lVsuR5qsD6QPiqJYXSQMOdQapZdAZvXA8ZH67mhY6AFP+1E79WBcEwWuqY0CxH4l
+QAPiIGH0hHYiwkU2AIAQt9X6DzpgvpFQwbgrtM1LSlQAYPftilG3KV0RMV9PEBiV
+z+ojLzhK21j7upjcgJn5HKGUUTOSQ+e1FjxLYAURF1Q8+BvOPOjpYbzQlA0b0FON
+3hjOfuXfei/6htb8bg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 25 9F FC 85 A2 6D 0E 82 9F 26 F7 21 2E 2A 5E CC 14 A9 F8 58 
+    friendlyName: Valid distributionPoint Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,12D6324C6E746FA4
+
+rj3/7o3RRUBDRfJnS4bVr3DSNqpBvjuWo00w0UAAAwrs51AkZSjy31TsZ3NOclBq
+ztXMvKZfLBQ39EZFOYL0riCx+QR1/UPbS52QfypDgq2RggTPAiKIxVMgw73S3pnT
+EH6RfYv3AegwIFXpu7VCPSxe/w1t5gJZgWQD/VVZy2SYhfDniZ4d6B5IOQUd4UVi
+1Ltd9YbJfOPfBMbEmv4q8TZtTTNOgSY/K3WfAGq6M2IeyNqKTQCANUs+wuJz6+Tq
+sw/7cVt2/sm+gUrpdP+dbCdM+T21MJBHFKhIG+P0V6OPHwtq14up1k98Ls+Ax7dA
+I1o5KOXbLwDUx5PooKlI4AYYVWIoFc8CQRsMUxmOQ0b8pplIxcgDg1Fgx6s85pug
+QQ206UbqzzwewMrvD6rqEI8RaHju82b7FzyQ9xdLsXyTdxoYMwyTMNino8JLwqOI
+wrwibtbNIP7q+WPaBIFoZuPAnqrCOYBn7yf5qnmWnLM9dpVabofFvE8ZcbDfFJ+s
+gGJ1A01+rOginQSRK7qW8x/23E6DKOk/4hUASzmKK49XhLnJtt+lCt3KZ8W0NhQF
+AIuwTY/BPvAdJ3J8EB7RVC2E/8a8FuqzvDUBmDknl6iSW2clSN4QnuyRyO6hLZ+W
+zlrf8IUV04RbPPUH/QLeasnMNAjvzEgk617ShEzUZLkXTXWJD2vDLV9EYQ9IENSk
+PKjhgZ4pvlFIjVc0aR4jDG388sgMDDkw2aAEss48u3E4fatNtQHEHG0yBS6VpIPr
+GyVjuzpSkHONpGcDEjmIpcycP58kn1AFKxoPjA0PvRTPlGc/0Vfx0Kz0g39+XDTY
+bI+kbFEpwdzKKXnZ8svBmbX+y7IxYjt+iWFoiGLQBK3PsE8jXn2DfD/KNnNJECLb
+mYNnrvm/DptGtqqgMIPW1npFj3pYBlULuMPR+nXTAKkmpKMjM38X0zOuZHgGDeaU
+tWly7gfT1y1vJQRScVT0yFXGIUS+kCfI7eGN080CIbNIT/fUVZkUeVj+M8W6kdbC
+6aL3FWaxHjSQ76Il39szxq1s3EjCYltzXpEUdNTF5QHj3C4VqxM1fH+p9BmETUE0
+38NVtBPLpJ9/mKIVU5PRdsclPKTX9nVd9aijA373hWGxYY8+ZlCoLt0ICShqTGU5
+1OKfuMIenONKAl1yyMNSLWNtd5cjnUtrWUUv/MO8kN7lcvhAtF+UOGPI4Ou3+gVN
+j6hGjB0crzDtfkZvhYfnw7V31M6DAcEaJ2uIOFYCekaDQSpY9UTemAgWZroU7Ljr
+472d9hnILmAHMk5a7WQH7d7nBIoRdwaM6xV/Kek8xMR84aB8SxSe/viURAsRuAwm
+fqA4NY2ZWCzDsr8uyf3HnoGsEzU3hein3VyfCJ4JkE3XxrxQbAH08aBAuhPYezVb
+Uj0yD+X6WjxMO5HXF/MrES8Bw5ziC+Mc+SN3KyThQ7KOiBYWJsqd9UIJa/vZQAyG
+tS9jGifuG1XpbdTlrr/ZBwxrPLgEVXjm3jQaWxSm4qI+hoRGhia+pjinc4ctvyFT
+rt93DRX7l9BLKjl1XsKF1gkwR+kFRGg46gc2cA5JGVlGrrfEMjJt0wIvSzFQyWyI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem
deleted file mode 100644
index eff7ceaf28..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitAnyPolicy EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTQwMgYDVQQDEytW
-YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8K1Na64KAEx4DG90CIYdXjn9QXftZ/JmM
-hJ7HZotijcxTLAJ3Sz0718AcEoSXtaXQlkw/PDRF6WOd0BjcLM6qzWEkQTWBWyW2
-EOBRbJ8UY8XRijBsOG7ay1rZEV4bomd/6xnNG6TznXujwmBXQZDp2Voyil8OgJiv
-uf+gY0BrnQIDAQABo3MwcTAfBgNVHSMEGDAWgBSdQJhgCObI/VzR2C8L6gDsGkUG
-zzAdBgNVHQ4EFgQUutY+X7TkU+FzLalrhov3rioWEiYwDgYDVR0PAQH/BAQDAgTw
-MB8GA1UdIAQYMBYwBgYEVR0gADAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAK2mBSjdik46DSR2Cn9O53Wk3uL54jZEHmH1jLi8eD7zxOU8eE23HWch+P9w
-swVaUJ4SqZfrgpV4+IJ72AMPGXKnAEn633uoNXbe8KFErSzMe3p+fFI4iKt2tMdG
-yPprehhYqGlG4KK5IHzgqcsfYZc989GcPE+Z679GnioPK8Mk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBOzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALXCzoaXAEbX
-pgMPDk3SCu2nzrt+I18MsI4lg/0oLjQAgPsD0np8LOGHMzo3UBtfJtpV0BXCc+E+
-+Ni+ehXFWfA4BXjFc3GdUdJmn7y3F9X7XSIauTE1GSYR2+bMW/IRbmjpMDzldmRs
-WNb40N+jWAxw1h+YN61Pv0MD7Ef2ds0NAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEAMA0GCSqG
-SIb3DQEBBQUAA4GBALhhUDb9VolIM2bKpbpat4dNjGrkOmVT/HvGBl+FGwSXa7Mj
-cLgZ3WygZ9gil3l7X+wL7lM9zKpXljV5WNpX+58RclQ2kK7Yk4qcY0tpPEUn8R4/
-9yg64Nferl/2gn9W79ODU3BiBFF/GiAJJ4SiwvLWl/JnPDoQuJv67IS24+Oa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:40:98:60:08:E6:C8:FD:5C:D1:D8:2F:0B:EA:00:EC:1A:45:06:CF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        60:ab:a2:8a:e3:22:04:cb:95:4a:c5:ca:68:46:70:0a:d0:31:
-        b0:98:cc:ad:4b:23:8c:3e:fc:b4:c7:7a:93:0d:6a:31:68:c4:
-        ff:30:37:7b:5c:48:01:6d:e1:85:f7:d0:9b:73:53:ca:62:36:
-        00:5c:29:c8:af:a6:40:62:d5:f5:af:32:a9:4a:b6:a2:a7:0b:
-        cb:bb:72:2e:3e:0b:77:64:17:8d:2d:59:2f:fc:cf:2f:1f:a6:
-        77:83:9a:7c:68:b0:15:f6:5a:63:67:74:b2:3a:fa:74:b8:d3:
-        a9:70:e6:87:04:bc:4c:79:ef:c8:b4:31:70:17:ae:f3:ef:ae:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kw
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBSdQJhgCObI/VzR2C8L6gDsGkUGzzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBgq6KK4yIEy5VKxcpoRnAK0DGwmMytSyOMPvy0x3qTDWoxaMT/MDd7XEgB
-beGF99Cbc1PKYjYAXCnIr6ZAYtX1rzKpSraipwvLu3IuPgt3ZBeNLVkv/M8vH6Z3
-g5p8aLAV9lpjZ3SyOvp0uNOpcOaHBLxMee/ItDFwF67z7656Ow==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem
new file mode 100644
index 0000000000..9f14a19756
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FF 5C 76 C5 E6 D7 F8 0E C8 19 F0 BA BB F8 A1 69 CC EA 4F 11 
+    friendlyName: Valid inhibitAnyPolicy Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitAnyPolicy EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBk
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE0
+MDIGA1UEAxMrVmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvWJ2NltVcIqG8R
+Gd6aAaTkV74OHh22qqq5VisygSWOraY+e/kZzgnHexceST9oUvWxJ210DYysc8E8
+NQsMEQRhJiy0vK2Pweb2q2Uv/DPpelT9Gzx3CuEuxvUvOY7EMYqsTkWkcvCbxJ0i
+/fYxmUJgsb+tdWuggcp1DV6UR1YVZFwFuzwFR6U3NxhkSKh1Aqpeg3rvO9igxaIe
+1KWuNKXb8GsQREEKOxXdRK21wrm7TSq4uhpyTbHb2GjhtAAKb/fiOtfWjibEhANg
+Xd9kxjSYI4npbisd+yYo45gXEDoqFTtxz6YPtR7+dzgVKxOE/Xc+PtXIl/0AT60Q
+Rdqsz/MCAwEAAaNzMHEwHwYDVR0jBBgwFoAUGKCgemr/ap2FgiTNwyaF+L+KNwYw
+HQYDVR0OBBYEFM7BJgyfyIp3q6sZiSd0E+VdkSzKMA4GA1UdDwEB/wQEAwIE8DAf
+BgNVHSAEGDAWMAYGBFUdIAAwDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEAn87EWhrmPNMFRrFS2VTSXUb/3OPnx1eLB918Vo+KY5fwcDGO8WuhxFsszju0
+BShfZnrwj7/Hrc/UdmPbk6RrPq5BMsmpLMwiqpxjqqN7J5C81cXvK2f7V4UX8sVc
+OriHWK8Vt6dEk0CN6Rt2AkkUE+7LrOS92hhLU5Opzyue3ZW6JPLfuk0uER2hKt3r
+POm96ZMVxNH0QAmZUQK03IqzGr+UigLgQA78Kc7qOYqTVc9JGuwu0F+e25h0L83W
+xRYW+BjGWRUfL7Y0uwylS772ZWLNBRac2mrniZJZNIzzr92Bwt5R4w0ZR6cB+C/S
+qN7XKYDdE6V9nwrJt5Wum031lw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FF 5C 76 C5 E6 D7 F8 0E C8 19 F0 BA BB F8 A1 69 CC EA 4F 11 
+    friendlyName: Valid inhibitAnyPolicy Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1A41BC0974CE034B
+
+gj9OGMPqVjkXcx6+XB9wKtnrs6R0hPYfYyncPTCzWCD4Y8e6yw2TKIEg7nXNQZOB
+hJZyH/I1Dat1LY/lVcF4kauf7546QEwL9m0IW6chsfRJZVt/AQN85zeM6bjidDBX
+H9fK1a0zs+x9btpbqdTRpIsOakUOnB9W0FCAdc6uYxrQ+yyoUXuqvuIMa4H08h19
+qGc3q+3mIpVwvJNO55k9lv2mUxaqSTIyTxm51TtXesKBmTVRUQB+zwsLA4IQPybO
+lGmxFkUzDJo/Sj/1taeDD+Fi0lr5Tz/VssgLJpEQ+CQzENbqpinS7DHFM7GwTwQy
+BhW3Fc2Uof3SU5FSuluJxAdUZuCN2nHZws+sQ7yfqG1M3UndJI67SOE949hP+tg2
+RA5jCQwMYbmkZKiBm9c+fwpHPVglN3KUjkE9wquqJg//VDPkDLVLnTooleNQ5Trb
+5dfM1ZJQA8Yar+yXNUOygiqi6wXwYuxceiFNMlLdi7I8UF/qFo2KiLvUC2lAQ5uU
+YuhI6X2iuuIhZiJqdX4B9Yc6Ha+MojIyfrYHF1haeZogk1GFmVqZdcoIqw/k6cqy
+lkOsRNdTYCaBJYdd0BuJp5wkhsRaAY+TccKa5HFyr+iPG7uif3LlhUWyxEF29/2I
+OdcK9orPTeQIS8mydbdlyo3x3dLs8bF2Ve6O2sXjovXhYAa/Ls5zH2SyjffWhr8w
+OuvzTaeK4ZLVuB/mK67V1giyfRgsj6tJymdxydqMGbunepzK664KDXp04lgnnkfQ
+THZpcVC+/bQeH+tPSEYk5/sQZS5SzABF4ILWiropxdxf5hNnDuiKMu/PaHYO026n
+yIuasY6H5Cl7JG8494ZG43H1D9WEu7ZQkLgLALduCoHVmx/746e+Y93XDvpnzjcm
+BlWslVdKL6SoqRlgz4QuzvZIeH1z8E01wJAGMjzb3nN9UgJ6pJtcR5FZZJ2rDUX/
+/CwE0bPiJHYwClggxHlPMUCCL2fzIOS/UBO1GVa00KEE5e5mJQlAV08uEDIeIsVX
+y4yXsae/fwsQ+lwxf2jKWdePI6pJ60BLm3ees+wb/UidegKfa7Eb1MFDHQDw6Kl0
+zSui/xU1RKpI7fsmpoqDSP7rAyIyMdJCgi8vK+Hx7vYHZPMh4vBKyHX3d2rsMvvX
+vskZsm033TXG3Jm/9umq6nG83YwBKWojxO1d/PFWJgwjVh+zV3KnJuDI5yojsBfY
+hC7VCGBfH0dE+ICRU9lo+xmgtKGnphYp+DyOAgdld4/d5OJxxdY+dfIkUDgdSA8O
+yAfn0Y8UQ1gWIvyaDPA69FkmFDSnhefejj4IsMVNa8daYlMS2wzKqvMNBkD5eaxY
+yHphFOhHLU1nYN0d1msrPqc6nfXkvMZiPxs5G2Y46px4ZZQ3HUEg9RY+YfHtOyZC
+jYWxwNYr30YfzqSZjn3LWAEox9f2FEu6tjv/Wv2xkukNQTy2FwUPa1dxU3uk82tZ
+AdqQhR7JZ7o9AeHn6YimUMMf2XxAfJNZm9p6bASUzmddodqE40D5+tvcqb0ySg5o
+qIAg1/BbFcXPhdGaGrH2WfkH4WcToCo5D4diL4c6jDmbZnYDesWDB00omwMhwfl3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem
deleted file mode 100644
index c9e23ce0b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitPolicyMapping EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBjMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-ODA2BgNVBAMTL1ZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVFIENlcnRpZmlj
-YXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZweShwVjs1qka
-nqPGQOLGlctQ3TXgy/mxMNF5iCtHOwRF1KCW1OU9KloQ3r6+OfgzcZN+flBVpI3e
-jyjOMjfcTTb30YkOQneX5WBmDbG0hNh6eMeguoRuUhkdFGqXR/vCRpMZm54bw85o
-6PrFmUwLluXwBGGzX7qaD0h2mpzycQIDAQABo2swaTAfBgNVHSMEGDAWgBQXeoow
-BvbqXDZADa7Yn7+5vYLMUjAdBgNVHQ4EFgQUGa+XGGh0cFuvb54Rblg0NuJV0T4w
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG
-9w0BAQUFAAOBgQCtpBN+M2QdihGfroUS+K93c6X4n5STm0IwsSvGEpOHX2tjLKqr
-WGurbAH8XvIJEsO4wlA6NOHbFEYmSYX1otlMNDKu3vQVTDEB7RJWA04YsUuS4BNA
-B+scXAJEWbvQdkoGh5U+aOmX8yST+HWIbW6XgKQmA3qiO4LsJgdmEDB8xw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem
new file mode 100644
index 0000000000..e6fcd20b60
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A 71 70 3E F1 A6 1A 85 BD 72 DC 16 16 EE 1A 80 92 61 64 36 
+    friendlyName: Valid inhibitPolicyMapping Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitPolicyMapping EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMTgwNgYDVQQDEy9WYWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBF
+RSBDZXJ0aWZpY2F0ZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAPDRNocjMpqJS8XXEn2KeY/S7iXL8tNa1sS8X1umBKBSotfKudBZlQFXSesE
+FC0og1Zs0syETNkUA1Wi+0cs+q2B0dNQS3oEzuMhMHRWjj56QtBiTFGwUs6qRliH
+JJ+AAmcwOoMjsD64MFxOPtwAo71i1LAPbDXj9fZSPmQirI9ntOafT0RrZDVQwh0g
+Sh6aCSAh/Bht8BgTaZW4MN/bi/cqv5v8bnFuV0BOgCE3O0frFuwinSG1d69ZOHHK
+qVZ/fRfKNlxflSU0XcbtybYVgsyAoRL9Wq4m3RKsbtDeyqLa5SFTKRCMRw4ZCEIx
+F1OMaeFh7etefe+7zDRW27l+2jkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUqiaUHWQP
+fgW8XWCNB1f8cJVmbOcwHQYDVR0OBBYEFP9zakNg0xu0uUYWu6rUrwVyxJTZMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMwDQYJKoZIhvcN
+AQELBQADggEBADaelkwjWQrtrmyosROq1o2cNB2pldWpI3chT/c3cn8IpAQMMNHJ
+Ch94idy6x/bzO7R2ZXlL5VCHPJlzDpClEOv8ZGebupN3+AE73Czaxqxrxj1xiOVl
+g5imlIUt7oIjJibpLDVSH7Z2PcY9YK+/A6uaX1kll4oMtCLmoF8obFVp7alj0Hzp
+uVpVfEq3I0dRLGLJCuOg0wCoyLtjV+YGp+uXXxYWBZc3CbxE1sVJ0g8D1JYLj5eq
+uyj3Nmplo6T1c6i02z4LDtl81umgQyeH1JPijLH094G12i5L50QevtqQ6ifmFHjP
+24mHZ/b0BatgDap0gy+JOYrPj0op5HrnU7A=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 71 70 3E F1 A6 1A 85 BD 72 DC 16 16 EE 1A 80 92 61 64 36 
+    friendlyName: Valid inhibitPolicyMapping Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,345A2F34C9598F64
+
+XfvNEKO6RJq11Po3l3MB8Iv0E0gzRwfLPEJOIiKq0Dl2emB4Myp4dlFMdX6HgmSB
+Nec+QWQHsV+t2koSF2SlwNFMzMhHX8lUDjYN1pGDqodXhaqUb2lbvtmAud/O9Nth
+40jd4kXq+OGgjKmmXIOlLdjVf4DoM6k3u1TVdtL+6lEEKojO+EWxl2TWd4/0+4GU
+LS/qK802foNZk1FS+FSxMrEkoZshUWmK8qWFID5WUdM8Afi5l9LX4s1edNIzFEq4
+8f/btdMrEpYI7q/MmuMNotiH5DVDGXKd3Lj+mHeDuzjtmjC+KbDBX/SPyqJN5nav
+P+3TtTDhKvKnSdMF4+Zn1t3DzAE4gDZcHwqTOraDTAS4Pvqrc+U9AMG4STrcQ4Hs
+BCWPwX5AakSNhChcpILJOMKu/Y6MNHUXMboE/lJPCF39sM0aqUUvg/9oCjqcOHVa
+OdLhIiSJesXCjXvYszQocaSLexiIbEqszqQ/2zyjCPNFEILycRTOhQo1059+8BcH
+F2toqctHo8AdfbLFmns7xrTiV03r1tbUV1RYd5qIvqoR4IWlNobmu/xzBRyrz5A/
+otiGuTzM27FzO2Igc1IdMgN5WFM2znywlWFf2IY7vKZ+UlNCeNqHnkQ3YiokdrmH
+thKTiOTsC7CkBD67jFBFkHYBatPE0Po43K8ZFjMzLkmKcay7Pq74+N20TivWpgqW
+dxQgBWkibe/bO6UNf1va81Z2z4MtlNOkagajWaLNBTYTdRrpAUKTqgV2WejMaMti
+KULXKiEKhJ/M+74q7Med+OHkIQpQEpCuuSc7VfWsrcSIXqNj/aCxgSByci9k06c0
+K8aGxAYSFP+mr9EzoHeTo1kb79grgilaSSuwopwNoE9jfg/yMtU7oIvrnH7biqwb
+4aaLSaSqrN1HT/6ACBOIHlnmvwzQh7rSxiuWO5A+6COUDvOmyaiadifUlXMo9fcv
+M7mn6yOFzjSZ1uKXGgyh9+uATmu8Wf/zeEoJtJIrE3Fv2Ibd9FiqmRwdVyilHrYk
+8Mmdsrf1AZ5qNXYEYRSZYSX7+HRLniO9kXbbGtIrNB7bRkTdX33vQy5EQ3xKatb5
+X/6diAv0Rn56LoyNWmmj/khZnrTUbWrykzaTLvV5Hsq+ZMD+huxLCfLN/Hu8RDDk
+K2YUUGiJocv8mv2AtH5U7KNPE+tzEAB2dHTT978k+eS2Sv6wXZj+alsPOWXvKF+4
+BdWatrC8wi14KhZafV4AoRa6VMbe/e60gZ5b2DvDtJ3znYHv/UMoOOToV1OkiSDy
+n86YnswIwCNL7SEaMXlr1R9RX8Lk3GJY4Dt9btKfsFCu8esjh1FVfMQaWLaTe3fq
+9Pzmf9/Jp1/5bPby5rw2hcEmRj360Pc5J+CeloLyb5PUhjjtiEUM0/EsLBSROnVx
+AkdZRCqVvxK9vVQanxvvWeQ6ROWffSLzcPdIfyV4tP/7+Awwj8OZBgUlqPeCrTlW
+qu/3kjSo1slpe9TXGGqQKT2j4+0CvNqWtAmSUg0s807KTSq1Hn8HxPo/ETgYaMUi
+dF46SXGfZ6b/wIcroki51SDDyTKRcZujP0kwmkv2prL+TUMe/kVYHTn8h/xB5gpR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem
deleted file mode 100644
index 21d384e81c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem
+++ /dev/null
@@ -1,216 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitPolicyMapping EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBjMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxODA2BgNVBAMTL1ZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVFIENlcnRp
-ZmljYXRlIFRlc3Q0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMMwNGdAJ0
-vncWniYOninmdOvqbWTU+G3jPbZ4uJULmhWBvap0Hpq8RSJZ8wprenFgK2/epICj
-uFtJZyEtG/3A8PZ3IHYNkWv7srclGdUlotObulycoDHBn9LXI+i/CvUNGvFJldlm
-kQOxqy1Qhto5Gj7cVWa4HiEYfx+7HJPR2QIDAQABo2swaTAfBgNVHSMEGDAWgBRa
-k0vvlp6uPkMWJqQYHnmLouabITAdBgNVHQ4EFgQUFgpn09iEBzTYWYmTqi0RWeEt
-CfYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwBDANBgkq
-hkiG9w0BAQUFAAOBgQCCP6oScMpFs5Ak3jAfJkXhwpzciLdF1Mtq/SO8auu0mZ6a
-CfrKh6JL5kshzKbZFbRYqkIidQNW42Iv4et3yLhWZvSVoYkP+EAg0dMs9/Arw2C1
-pqRc5a2mgi1G182TWgEh9rMZDvYPdD+FrzZU55bLtSlt9L8o9y9vz6+dE2MrLQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIC0zCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiRgbTlXD7Tr33rE8bkM1fLhA/0RcC0
-n6UIcVb6xSELqRqVIpXK2C038i/3Ta6+eoiCdjT6kvQwsM9uMBJnB7uePzDzpkSE
-G3Php6MSbnAO+6LPrGFBJ0LNo6yXvsV3HQ1Uwh8iND8Yt37obPJ05PzfU6hSnMgV
-47YDMrmE5h+5AgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUF3qKMAb26lw2QA2u2J+/
-ub2CzFIwHQYDVR0OBBYEFFqTS++Wnq4+QxYmpBgeeYui5pshMA4GA1UdDwEB/wQE
-AwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNV
-HSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIBMAUwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQCh/ZM7m2L0OxzF6RXxeVUhY5xlTjRO0HGd
-0xOnDkOesSYfCI4gUflMo6/T9Ot67Vnb9mgzwWSEXB6g2R22/3DVR1ord/UgZFKe
-w4llbMnwRS5e3zjqLGsLeWk2ZdyjoD2vmKiFBiX+rlHvaLk+5xYcGEfOupTVqWMO
-OHuz9iinWQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:93:4B:EF:96:9E:AE:3E:43:16:26:A4:18:1E:79:8B:A2:E6:9B:21
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        64:90:80:33:7a:e3:e8:e4:66:09:4e:4d:1d:ae:cb:f4:f5:b2:
-        ea:4d:48:24:be:04:8f:39:9e:c1:da:6c:14:fa:0a:a5:be:47:
-        84:19:27:c0:3e:15:ab:18:78:71:0e:93:e7:6e:c8:05:ea:f2:
-        bd:c3:7b:fc:52:04:be:fc:b2:22:80:81:35:b3:ab:57:7b:23:
-        ca:39:66:ed:47:19:cd:1f:2c:ab:14:4a:28:5d:23:ab:24:7b:
-        e3:51:bb:78:79:05:20:25:ff:13:4f:c5:d1:2c:e1:67:b3:e4:
-        29:35:2b:1c:5e:aa:01:17:aa:49:bb:04:66:52:a3:1a:7c:0b:
-        f5:57
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFqTS++Wnq4+QxYmpBgeeYui5pshMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAGSQgDN64+jkZglOTR2uy/T1supNSCS+BI85nsHa
-bBT6CqW+R4QZJ8A+FasYeHEOk+duyAXq8r3De/xSBL78siKAgTWzq1d7I8o5Zu1H
-Gc0fLKsUSihdI6ske+NRu3h5BSAl/xNPxdEs4Wez5Ck1KxxeqgEXqkm7BGZSoxp8
-C/VX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem
new file mode 100644
index 0000000000..6e38b01882
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6D AB DC E6 32 A2 D1 1C CF 1D D4 69 DD AE 5C 0B 5D 14 96 94 
+    friendlyName: Valid inhibitPolicyMapping Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitPolicyMapping EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTgwNgYDVQQDEy9WYWxpZCBpbmhpYml0UG9saWN5TWFwcGlu
+ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKYL62yu7+fSYzmj0n3w6uGjjzv62IQV/CL9BECVjokjFNxU+tfm3Mk7
+Db7JxnHMEKR8jY4KvRmsaNSUe/3lK1VG4AFNzciYw4eDhOOLr5Kkx6EE3nbiWLiH
+eE7CDRe68kwiRf71K4sUuRtHFKzYq78O1LY2fbYQoudnVbMs7JGj02nVqBA7M9iR
+JKu6V6R/9EdSQEI7SFQEOJcnlIOkdL3Y5zYQLmXvoQ21RACpbPTrt4VFLQ9kUgdV
+IwrIdD1qunbkbNTiaIjLcy8duhKBVx1m20MFY3h1uQc7SsOedEtCX/XA6a4GUZnA
+TwBBiNePmhJUcN3P+35i8GBfin0K47kCAwEAAaNrMGkwHwYDVR0jBBgwFoAU14Bc
+E4uOQXa6CrVzceijQIB0DtEwHQYDVR0OBBYEFHcvegxzhgIyUXHqaXOrOMLRpwmi
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAQwDQYJKoZI
+hvcNAQELBQADggEBALkd6aOI5LOFb4xsYP6dSJe1DNfieEU6gmjHjphXiz1VXbau
+0j1lqcxNj7GiOEThH6C9rgQ1DQmEt1DQrj4byYgnoMOa5fUwK5r3Mw+r+2SIGbyy
+wvu6Sy1zdJ3OGymchuIfVXeaXgku/Uhf/68xSn8yw0HW9SEKe8ZDVZKTCXPPqnLW
+FbD4xjBHXywSXlRlohLRuk9Rparq2Q18Qat4TOf/M1FjdxrToK+HRSfNw3e7cHQp
+gxIvCK6mshrc9ojJ0aJRxvZEiM1W4/Twn8R+1sdWxKxeSfdz0Sl0jBHBVY/CqWKc
+5Xh4d7lLxwItJ60kyVbsrsGeRJHtY1jyMQ9T+1U=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D AB DC E6 32 A2 D1 1C CF 1D D4 69 DD AE 5C 0B 5D 14 96 94 
+    friendlyName: Valid inhibitPolicyMapping Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F3E31AEC3D5768E3
+
+9UUHfnUhE5QAbpko68+WMXCmLsSpLQ9yYiXhguUwoxnoHWxtKo55PaVJnaHlod9e
+2iy8dSot3h+LNM+GZ8I/OmpzGrEa/GMCO4QhXhwRnRcyifFy3MKFPpO4MJUf6sJ/
+1+Qj2j79kQ738etkvc7qFmJlp81/cvIOybSMoAvFwGfkABqVRXBGSM12UkL5vBg5
+n//GvEP8vJj0P/luK2OS8TSVH/pNeRN2k7u7eA4cYssb7zWyD+xUKFXlNSKoiStt
+506bbXuPDv7EjBDi0VU2Xdh8oPU0guLOh3G06Y60WbfA+rrM/fbw3J+hVply8vCx
+lI5J8YHhsReSsl76dpnocfjaXMj+K9vZX3fgDDEu+1Xwo11X1ztHXPPNPVRFgb5Q
+iY+ERzFwJykapOmOSuHAK7trCnNhGwvOgmLuBe2iNl/c3nom4hQrwIP5fxavOdjC
+6fuXN0od1V6agr22OZOM2dp0YcCVlptNIicSNHxB2YyngEmaAICtB4IdwfeTmcGD
+FS3sdRQi/BdqgiSaZtrexYDu0d7//Mujk4W8MCK9m4Z2BZDyYBEYLGcr3c7lWRyV
+cvWOz++X3Kwe3ENpZEHA6dYFgXWnBEyqAajjGamfVTi1eool6WoAYQ4ngPAX54LU
+Fm9FiQueCnWgrBIWt8BJBKThikOk9fy5gvKWSx7Lz3BipsBYf2k2jvG7tCFopIdj
+HNSfq9nEiWQ/d6W7vEdImu9geJxFBbNhmL/NQS943OL/GEESKzz/UCcJ79XhSqL9
+YO5xJe1KYwnrDstkuwTsxJfXyOCQaOCTkELTwzxz3B8gP0I7gaF/I4g98NND3Ldu
+prGNzXUkbxr/OS3jbk30wn7ro7KlEWwsN5E1Eac8Xeqxrp+2g6S+8ysSCVcmnTg/
+JZoNNCJI4my6wN39Vo4070m1hyj4JTVz/V6SFGFn6ssSgkrfNPLz+6+2lGsP/k2S
+2FByK20cjGTVktsXSm54lujU5Sb4Matlomam/hWRwgMC2emrLnkApE0XpKobBHg1
+5D0S4qBccKGaz0/zcCFvt9wCyVn2bx7GhGSNZtggw8lJmjYV6bXVF/G4hm3RLl1Y
+6XD9RvjEZxLgfPHcxYbm7hTvlw1j6kE76rAqFJMXQpQvuw+Ze37PQK/ABBo418I4
+zNDQeMw7iDlxdiLg0ylWI+6vua45cRUW1Hu2JbLfWs6/7pOLMSswrYz5I5N6gZJk
+c//BtzkJwe78Bft1bYDv4M8WpbUg3x5KvzU2K4qXPmlpcVw4L/L0VS5ADQeU1Ubh
+joUHTk4sedh0ge+lYaTI8Pj3gjsL0Ynxl9WIlDvr7ggL2kxuCZbDpyHojaPDu0cH
+4Qxp1AJos6vGAYDBH5l7Pe04as+BswfEPOeCW8YykTCT6pM16UUY9mR+ZIdZMiMU
+dMt8UbeF0qB3jyjER6ALP3K5v2Jx8GPWV52GbD9oBoFkguK2scM88EWcIEWa1sAC
+2khDcVRBsA27sVWGu+QgdEYQQFEH6oPMG0/NBE42T5FSrnFXtRH5061uEt5w3ROg
+bgT42rD4G4bP6Wsa6JCNDwTNXhIWujiTVkchvSuOGXV70y8cI+E6Hw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem
deleted file mode 100644
index 3183499812..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBHzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYa2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYlAJy
-nnvLn2glPjCkqnWzCC/bxT/ypoeW3spfvzi+AQuwM+d/bNL1ZouAnps7JPpf4VHp
-ZvSGjeCgLpCvDjnUP6tG/hkQBm8CS9vaqg/65FoI/MpSMHXmVJ9CgUjOkjHp1g47
-2AYniw5lRztaH2tCN25WqZFzar+vdhQG2ZkJNQIDAQABo3kwdzAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUzyqhpf1C4jO8MypNmHOz
-2PtVvNgwCwYDVR0PBAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKS4oBKhFhU5vxr4Z547N5er
-YrYR5JU75QnGUZjv7JYCXydlJVuvIhZptrzG/wevhz2VgNSbk/wp8Uw+ra3eqqlq
-QjVFQukh0F4GKMBaiFZ1HUEGILLIpeEq0Pn70Q8EE0H1RsweW1P30qaXZE9050m4
-7h+is62/EaaT31RpTb+G
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid keyUsage Not Critical EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical CA
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGtleVVzYWdlIE5v
-dCBDcml0aWNhbCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UE
-AxMwVmFsaWQga2V5VXNhZ2UgTm90IENyaXRpY2FsIEVFIENlcnRpZmljYXRlIFRl
-c3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQifnsA6fOmILXLNZeSJEf
-D8ON1YDI4FjDmGqG8Ob1ITgAWPfxJcWgQXqRwzn/1NXj0faYKeVA5j6VZxSCP7Dz
-D6ZCeGxjgcF1lNF2dqZh268sSsW3ZiesNQ+wG9zaF8YNWvL8iqICgMrjVqdiFbiD
-X8N15gROcCA0lPuKiqlJlwIDAQABo2swaTAfBgNVHSMEGDAWgBTPKqGl/ULiM7wz
-Kk2Yc7PY+1W82DAdBgNVHQ4EFgQUHw6xfNRi0j5jpx9vVSQlS+45UuUwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUF
-AAOBgQADtx2GVXZR3dxm4aGGrvmtdkDkj/20o+75/jzMHss7prirQQdShNtqL02F
-TL2y/PWCf6QbDQgcakwPDez60a7reZ02JKUtwKCa4VJf86gy3BDKKhm+msihYgCj
-ZzkYwS9CoF3dRup5ySq6dvAU6gVzPRJZKOf3MIM/3Vo9hUtmVg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CF:2A:A1:A5:FD:42:E2:33:BC:33:2A:4D:98:73:B3:D8:FB:55:BC:D8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        3a:4d:11:cb:3c:14:7e:17:ec:4f:14:72:47:1e:98:fe:ba:02:
-        2c:79:4d:2f:5d:e8:71:fa:35:d3:7f:26:b5:27:1b:23:c0:12:
-        8d:c5:9c:f7:e1:96:71:d5:7c:6a:e4:40:ed:7d:46:28:a1:91:
-        99:ab:75:2b:61:a5:c5:4b:d1:63:10:bb:95:bb:4c:ee:a0:8a:
-        8e:d6:65:14:3c:86:f2:11:8b:0c:4d:6a:3d:e1:a9:e6:12:28:
-        69:87:1b:eb:e4:9e:d1:45:5c:dd:2b:2f:6e:55:72:e2:69:cd:
-        88:84:b1:c5:5e:86:44:10:4f:ce:ab:a4:b3:ed:c7:03:58:84:
-        84:cc
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGtleVVzYWdlIE5vdCBDcml0
-aWNhbCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUzyqhpf1C4jO8MypNmHOz2PtVvNgwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAOk0RyzwUfhfsTxRyRx6Y/roCLHlNL13ocfo1038mtScbI8ASjcWc
-9+GWcdV8auRA7X1GKKGRmat1K2GlxUvRYxC7lbtM7qCKjtZlFDyG8hGLDE1qPeGp
-5hIoaYcb6+Se0UVc3SsvblVy4mnNiISxxV6GRBBPzquks+3HA1iEhMw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem
new file mode 100644
index 0000000000..6a4f159be3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 19 E9 F8 16 84 3B B1 8B 16 F5 45 FC D0 35 AA A6 0C 8E E4 E9 
+    friendlyName: Valid keyUsage Not Critical Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid keyUsage Not Critical EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical CA
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYa2V5VXNh
+Z2UgTm90IENyaXRpY2FsIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowaTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExOTA3BgNVBAMTMFZhbGlkIGtleVVzYWdlIE5vdCBDcml0aWNhbCBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALez
+B7zAQcz+cwTNzcRbXADc2II98d2UkCim1OerlAh4XSPePFqkPmCcuijOF1vTFsxc
+eUBcnBHO3iH6Dw6LBoJF8f4slPhGVzTtmXjD/0N1/x70ypCbNHeCv1Lxfn/M6Ufi
+bYEYqZnL4D9i6pRWU6UcjRRWfoX8zEyTdShPLhxIUovvEwStmd3ISQvgJKLEbAJc
++EEPA1k/bcXJEf3VVhmx0kjNTqWXJP+X+JfG4i1AmyhwRDbXdwND2lzPOizThff+
+4gBaxJB0cdW7wHwqrnSTQmFOB4vSkgQYFHxgBplJ2Eh1t/AyokjI9imz06VmfhFk
+kyuRvGqaxBD1W6zY+bsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUwZARStm0K8Vwfs6M
+O2JY5buXK3MwHQYDVR0OBBYEFJ46eWPPLst3JdrmpRlWguBUS9GrMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQAD
+ggEBADfZpIsEnc5hM5JwyXKi3HdQMCwHRQvGadMNqh/3A6SSIWJwU5+8WeorwD1Z
+SikyE+AXC/cOfSEksVjrCWY3ezWVF99+jaQFqgE8lcws1LlytaN6sRY7AdEoQUhQ
+r+YawAvNZgbkRRB8LvhWUWK/66N8rkVFJVahJCcfEGzQdNBryag9SQrcqYigfV+D
+Ysob5iuSOJAoGlnAtHVtOwogjfZ1ZQy//P4yJ+IbzE3u0kHMTTqUrIeB1RWqy1YQ
+QTpnFVcmuI0utFmhEDYz7w5ktTQor7cwojxc+NpA8qzvRn6hiIeqemqrYIFAzhc6
+EI38iiO0ZAhjvDBgsERMLmKUTR0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 19 E9 F8 16 84 3B B1 8B 16 F5 45 FC D0 35 AA A6 0C 8E E4 E9 
+    friendlyName: Valid keyUsage Not Critical Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5BF897CB9FF0385B
+
+P7aeEOOsC7LxvND9OuJqHbesUzf/CpLspAdxh+2XwRPZxLxbATA5FIQX7o75EyBT
+JoLMh1eBm4n7nMW9o8O0YX6u/1LpK7+T/yEl4S65xJNw/gcdXTvzYY1VSN9gCY9d
+MI2XZuLpXGNcSTnAIqE1RRGJ0aPoejR8/fIR1++qcSYUtPwKn5dzMo3JkT4NFU9J
+Ux+YuBrHLo+hk9ymZ/MBSb13Vz8sxpNJo2W/zidhrvDJRa1qmfAtSXsdu60n7O6y
+7gspxrOsFeORgJUrW9ITM5QdKBZNEgBED5IoB+fdRI0FwF5HGziEJwYujPYcldeo
+8T/1yNzo5fZ8HdINL3KJYMpFzo2EnE7ZCxhGEjtUC4UUSfPsdTi2mlNRVK2hQ+UN
+Qc30hicM57tne1Zth5ArQCYHV9wM6bOIzdERJnBD8bDlyXW2iDhTbW5BMn6wvjGi
+7zdot+zxlsed1hHdyHLkiZHxTlKHI7hoMjuwROaTNRcnARl3aiStMLYoBvk9Y9Bw
+ZFivyK/b73C+jXAs8TmBLfJYqGkgGwB/CKbSYNYpm/F1j6nP20zvwetwr5TqlNze
+v5pV2jN+ZdDlqicjmHcLspqJJrtstD/PiOOWyxT/5jUmFZsK0tgnDUysDhwdoRjO
+tdMBqf73SZ7HVFVYmY2dajBhsuieOg5aNts5vWlp9ENxkCnC+lSxPamXBQ12EDtd
+Z8QTEwPndaXoS/NZ4O+LFyuCRaB9D0V643jAaVmEb+MHii5oihPk83a/ZcH8aoLh
+GMkyn1UwVoKwERGcGvYBXZt8Tb4FtOkOwM61hVs3S0lokQ/kaLl83rygJvdsiiRu
+mah/PKWVsKujJ4P2YyXwDmDTNO7KNYZU/O5E2fRsLxFP+qAwB4GpuDDcbKuIUQyz
+gu4vFCxrWLRZC4VW8B5oYhs6JiErVhg9bwbKsToUvyC+FeoyJvxnKiE/jJ1KeH1X
+hEPhPTu54YNaE+ccHTXDp5fDJboSdz0nZ2Ktjecg3UEBVayaaw/zJzUE0oOF1fxG
+Iu01RTEH+0Qx+QPrKHfkwSiD9ZXWOY3bebstjNrWF5sm5rtHILiTU4q830dyKFxl
+KltqXgKzRHBkMFbJNVQHQ6FdZ5e56KFUw96YymDWspTklrP90xbesOPPpTKPxFeV
+XPwN44tVN5j8CZIIhf0lNVRJDGBMNuT0ffr6q7poqb48nGfkoge1g26h8Bj1L/1x
+yc0ceL2yWXiEeFoUz8XU3NEyLSJlBwTFW1lHz687CiqkwGaliNon+N7Il0wSgbRc
+iVKom2OBQAih5aJId98xVg7/jpHq2Z1I3mrwq3cTtlXy4j9eViXKSwgsDSK+G0mJ
+HPRDF4Omw3fIf65M7BcuiAs352AQnlu5wG/+10YL31l1OW3NN8TOKhor2RX8+JXP
+sMiEsJhwyBy0X3LKIlKwaQuQQwcwvvMzBY54hMocqUJtSkr0+pX5TniAIbf6/pcS
+jDdbz9dakfMNVB+TFnWd0jh6bAYLLf6jhH9034PDc2vJCThAZor6Kw04uccpktya
+3O3dOVeQpjhKfQ9nOiqVoF9XXPAHIUEuDXRFpuSAPVwbSKPr2AnOng==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem
deleted file mode 100644
index fc640e8409..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBTjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWb25seUNvbnRh
-aW5zQ0FDZXJ0cyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqP8z3Y0v
-UCVXIVXCpbr+dcdoZFi0UZQPvl77hqqVORSs9FefV5mTeuoDDfhtUYa+O6Wzh2v/
-Yzv1MzPQzePG3eho/6CLs4pzqVWZDzYTG6OXubjPvYT10WykqfaWuivcn5YxbHuA
-cRitNsBAvY1Nq/kPDtsPJz1t5+PDRVO64gsCAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPOhB0Zne+mPWavrVYaTyKzk
-VbcYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGkMUjQFfto4SQpRJ2fAeU
-qXp2dn4kt+s/ITPOIykUFaybQ6eaGRcWN4kTi7IufbSeI7lmaa4SC+bq14tfSf/w
-gJSpwu58pIbPHKN0IgB+9S8eRS8wmB4HcBflmNZz/NX6wJzwJt15ZC+gek+eZGUw
-Qck6L9wt5i1wMFyRwBmAHQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlyContainsCACerts EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWlu
-c0NBQ2VydHMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBjMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxODA2BgNVBAMT
-L1ZhbGlkIG9ubHlDb250YWluc0NBQ2VydHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEz
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCleZwZx1DWjtQUI6sccnzSSv3J
-scTabLlHXVLbXj57OzT/9XuVVLkRe6ZB95/CCO8YM/bYdtmJEwtT3S7J7jaSI1XM
-NBi9E5Uc2y6RXOEZ4dL8LFJjZYIQNbRUgg2o5rtJ55N7Hp/uA5zJYKH9wtNBXAlj
-i0eULWMWi42zHc/w1wIDAQABo3wwejAfBgNVHSMEGDAWgBTzoQdGZ3vpj1mr61WG
-k8is5FW3GDAdBgNVHQ4EFgQUQrE9JN7MpRBHp0VYS792Fg2IxOMwDgYDVR0PAQH/
-BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
-MA0GCSqGSIb3DQEBBQUAA4GBAI7d4izaGul72X3r0YD8tjwHlxMMBg7/4nO6PrJd
-+blNKJwn/eqMJdekiTWjl2E+PKS4nBCBSeFeoboUHLnQ/AHevzxnJiEUK7otOXim
-UFRLlktEMASIbfUjiJrkwmL6JxvDXlbmhJNVlXZI6bRfAxi2XXt6o+ZO0VAFlebG
-iga9
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:A1:07:46:67:7B:E9:8F:59:AB:EB:55:86:93:C8:AC:E4:55:B7:18
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        54:27:ac:fc:b5:7a:93:93:e7:f2:e9:63:f7:52:ad:20:08:4c:
-        52:08:62:e6:f6:81:71:1d:72:f4:1d:bf:db:06:52:d6:4f:8b:
-        86:68:4a:ca:01:4a:fd:b9:7e:5d:7a:df:48:67:36:9b:31:12:
-        dd:13:29:b2:8e:b6:ba:c4:20:31:57:4f:7e:c6:d1:3c:0b:e5:
-        1c:a0:c2:15:c6:09:5b:77:ca:95:37:31:7d:a8:08:4d:ae:60:
-        4f:3c:b4:ef:92:9d:f1:11:5f:a1:1b:2d:ff:e6:2e:07:88:4e:
-        2c:88:54:b8:e1:be:4e:6c:22:90:0e:37:0d:b2:8d:61:21:46:
-        36:29
------BEGIN X509 CRL-----
-MIIBVDCBvgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWluc0NBQ2Vy
-dHMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQDA+MB8GA1UdIwQY
-MBaAFPOhB0Zne+mPWavrVYaTyKzkVbcYMAoGA1UdFAQDAgEBMA8GA1UdHAEB/wQF
-MAOCAf8wDQYJKoZIhvcNAQEFBQADgYEAVCes/LV6k5Pn8ulj91KtIAhMUghi5vaB
-cR1y9B2/2wZS1k+LhmhKygFK/bl+XXrfSGc2mzES3RMpso62usQgMVdPfsbRPAvl
-HKDCFcYJW3fKlTcxfagITa5gTzy075Kd8RFfoRst/+YuB4hOLIhUuOG+TmwikA43
-DbKNYSFGNik=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem
new file mode 100644
index 0000000000..30fec0a7c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9C 29 A1 97 81 CF FA AA C3 77 FB C8 F9 3F 64 D4 2C DC C1 7D 
+    friendlyName: Valid onlyContainsCACerts Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlyContainsCACerts EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWb25seUNv
+bnRhaW5zQ0FDZXJ0cyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTgwNgYDVQQDEy9WYWxpZCBvbmx5Q29udGFpbnNDQUNlcnRzIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANX15GuX
+OGqR1Az5/3Eya+5k/mszVGRtEA4BxsovHQrt4IIP1MjoRrB6sL2Gxjps4vzA4Aw9
+S6LxUJRaw1L59qRWJcdrTMnI9Jzqc0t9WanMqb7CTvlTQN86FO9KEbmc3HO8YKnw
+OySx6uXgAA/X9+AsuJhlwXH05K0sTlqzP39PiXupl3S3pqVAPHVKpjY1hizfABQQ
+ugfMk0szqm5ZqUbtRoRsTI5pWxe12UDVN8eclHUJVPng220tUQY9vaHesjIpcrEg
+p7KBxmLsbAdnoVs3JNYGPTI4wgvAOAlFxIpTc83l8T214BD5w65oQdDYVcRo37+3
+bqRyWAuLy3qYeX8CAwEAAaN8MHowHwYDVR0jBBgwFoAUJTjDrsotdXpbTdTAA5KI
+EyLHbFQwHQYDVR0OBBYEFDtDT7cTpkfkonYlzo4kLdOETiNvMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB9jAN
+BgkqhkiG9w0BAQsFAAOCAQEAfmMUoBvJy5nZ5eICleksT7UiUJ9gyi/uxAYn1NN4
+o61FMj0lyattfHD6gyFFVHW6BrEF2vbDXKug9BWuJI+3xLOIxUsDQ+IP/0juxu9O
+iggb6f9zg1IqmX0YEC05+4MPEidRKLsZh+OYlpCtjCMj94XOFWeM8gHJIhhR17oz
+7VG68tKWMvoo8Tfo4nuYkjQ4nFwAcMKIctL641sxVzMEmDgv9x6oJs/irSqKSLSZ
+pFJrYBYiOU8/GTOL4rlOBEYL4gXW4PJs1HXft761W7Bpwd9SVJA6fogM28XuWr8c
+Gslx+k60FDk0HfYsxw3pTlSubTKp+oYiV7xQgcgtHWLkZA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9C 29 A1 97 81 CF FA AA C3 77 FB C8 F9 3F 64 D4 2C DC C1 7D 
+    friendlyName: Valid onlyContainsCACerts Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EEC5957D68BA54BA
+
+qrY9d5ZVIowhv+2U9J1l+oI/xmuDX1I/6K8ba3cDGtFuYRHp5CHen3LwiqNecqz5
+Q+b03EEk/cKfIFIRBv/iuH27N1yUEQO/zWc2ShxRpcjO6vynx0vBFp+e+2f3PAs4
+1Bqb9mfP3lct0ZznaU/nIXqfTSpFp1cYAQvHVYOr4syFVMFr0hGlXWeliQqaEdlr
+GamfWs9NkieMQCmS6OXJxTQBgu9CKE50K9J1OeVGy+qR9heSWfx0q10vR+Ic29K9
+LHYVWGtLAbgIS8NL9ugwQNnJrRVd7WNnnwTlR1R2+vhAvPiTo16FKIK5pjCVxdFi
+xuBplIVwUPksqoL4uzuQupGHwBpY/6L9SfulBfBmpc+JEARvhj18sSSuYOxBE/5k
+0u1AFc5ltaO3LggseB3yQJAlBGPzqn1t8AQjoXnvo/T0hocYApwlWwXfDI5NE0T+
+T7oyDMed+EyPfegs5Ld1HDS7B5MMsKsTeooxdomAvPjnJHK1tQsVIYRdJ53XsFo+
+0aX7ClDc3G8oK0m97gogQghYdCHAFD4ts1gewHozUUjpxig8SmJ7FPqHvcwXA74f
+iXkXUiPPENhVE4fuydzrfB7SQ+5Esbk6bPb88GHWFod9HnRVA0n5yVg47/pTB8DL
+9wz5DkN/sMYyyE0+3rmsvT5/z0+4GOinV0vWpnMAz6t9huMg2943kLQhEIRXszIp
+PQhA9ljwCFqjv7xl3nbQUP2l6nQeHN6YMzk/0tWAsLR8sbp4NLKvGWYBG4EVrxzQ
+/Oee5ubzznx0loO5QOvfheElAuyRZrWZPxeFajgT1h4UZNwORfTSWWZ4RYk+6GPB
++p8BV3GTpM80CF3O5syUik3zw1TxRgMvr/5mzGmw95Jlr941cGWTyf7OuJjCpL65
+jt7rv8uacSCbu7UQrh4gqBlP/dCUAs2QZaO4dW55eJBDOzDsxgnTqon8loaJlRQc
+mZj+BZ/H+s8N9hazexRF5RLhbcB+p4ef4+5YznMXRphTnhbNLmQh0HXxdliKHmTO
+D72PkEIFJMkkAKY3iONyRCUaYJCajlBo2TiRLMspRsmTszzqDYM5t1MixbHeXLBv
+tPNSdrjgR/jwqMKaFNAjI2EiSkkZpSX6yHwHpSj9WjSRcLPhVJwFpR+wmLDG2tHU
+aC++rFQCDU/blZCkasHZNwB23HEZuF5oVTj59V/L2z/JqptrzxpWzTMfx8xOOLJd
+cQud70en29/mfzXYAe0M2YpIoSokkMOliE0W3DblFcivo6U6oZEbC9nI3otIazZL
+brbcANPIgSPzCtvoQj0ibtqcyZ7QzabzGG2Uemraqmt5HjVbAcPncDm78TB3xdfb
+W0O0MQ8I1lj/o31pvO5Lzd4c4ae57V+gkIy285CTEKwk/BYzujQYbzRuPWjWQxqS
+tZKnRtEfQzqQmqgLeZWwg1yLns+Cl8Zikv5vixQ5V/R9jASohRFyU5DFyj0fR1rI
+EvBO5bRHUU/35ExppmVuY8eUsSwBNR/XG2dFQwLvy+Q29e1TTXsaw4wTmRCJOViL
++eAyUGnv4XKUTr7nKIF4G8tCulMLV9DWChagc1ZJVdFKhQTwN1sicQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem
deleted file mode 100644
index 580d919aa2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlySomeReasons EE Certificate Test19
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDYjCCAsugAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1Zh
-bGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBANbeMMLH+IhNKpE0W5mNqU1YnGXZjAhFNF7V
-hMVHkKyGO+6oluHVdrzxL4CoonF40mpNZdCyVA39nKEW2HV1KB2OQ2cjjOpS+n6l
-1eds3MeBCa3z1kzPbsqkkTH+hdmkHnn7gsQNElk+mALZXM/UC+kIRlHIWSmR+FvK
-+gqFZw3ZAgMBAAGjggFEMIIBQDAfBgNVHSMEGDAWgBQ/vkDx92sC+7BZwwCkWuCX
-VAjpGTAdBgNVHQ4EFgQU31n0/apTtgdLpf3g030Om2i0nuswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB1AYDVR0fBIHMMIHJMGKgXKBa
-pFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRww
-GgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIFYDBj
-oFygWqRYMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czEcMBoGA1UECxMTb25seVNvbWVSZWFzb25zIENBNDENMAsGA1UEAxMEQ1JMMoED
-B5+AMA0GCSqGSIb3DQEBBQUAA4GBACKZfydulpOlfYkHfr+kYAFm8mWYkFty5+82
-g7UQ34pUUcNlmXy2LAvyOnFBy9LJGLpfyqbaZYLyspSseZrYTfdEYRdba4FWLwEp
-iCqeyzac+D1Hr7uRFVocXyd1ZUKWhdA0gfkORdmeNO4HjY3D1+y75qjNutoqK9et
-6C9d+9jH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem
new file mode 100644
index 0000000000..c0ee2e1cda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 42 A7 D1 D9 39 66 A1 A3 50 5D 99 15 05 9A 61 3D 4C 09 43 CC 
+    friendlyName: Valid onlySomeReasons Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlySomeReasons EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA3
+-----BEGIN CERTIFICATE-----
+MIIEBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBMzAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQw
+MgYDVQQDEytWYWxpZCBvbmx5U29tZVJlYXNvbnMgRUUgQ2VydGlmaWNhdGUgVGVz
+dDE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4x8zxpPGgnBqlIWH
+sva5Yg5I7d0lcKVlJv4pTMjnEXaGboFcTOBu+ZI/ECdX1hLTA+9JLEivrZU996SW
+gWD7JCjq5ULOzD3a+fgDColZY81TP+EfcwWOP84qQHZzBj1LrNczk/nyla4s4aoA
+z3//CHmz6DEEKNlIDk80MLSagvUZo/LJ6QyKx1BecsP8pf6mDxIXpHgf9LrJ4aWz
+xRPFy+Zmoizo3BRQghRGnCTo+fWNwPOJ8nSRTEu926xMiyu2qExL75Ng2dsaMSd9
+dFlJgU86pp8oYfMsFKJal70ofB1QeqpszkAgW+FOEp6R2iabHTWxrYW5aJ7DTyjc
+0SkD4wIDAQABo4HbMIHYMB8GA1UdIwQYMBaAFC0kt5eHLO7aHL7el4Qbr6AVFr5r
+MB0GA1UdDgQWBBSCHuiLoRbi7SpBZu52PliT2MdEUTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMG0GA1UdHwRmMGQwYqBgoF6kXDBaMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoG
+A1UECxMTb25seVNvbWVSZWFzb25zIENBMzEMMAoGA1UEAxMDQ1JMMA0GCSqGSIb3
+DQEBCwUAA4IBAQBMDyLf+YjZxO+aN7TIp70Wm8qKs5gEfZQEzKBODxprp9iImKb4
+4PYrLPt3hjUFa9dIZeH/ewoeXdqjIfLwqFZfHBWsNMWXiKOa+N7k/XcTclX1LSPT
+h5HkvbhomN2rvwpUgbnUQKD4PddOfTABJtVzJJwLvY92cgu5/qxwkreeI0FwlFx4
+bnMB6AoCV8jNGlEAVMTrL4YKGVGFYSdWthfbMRvtR6OGfQ1/SLQZeD+7Tzq6dtdV
+qAuRUb9BXemkK85LIcBhvVSHJEmcGocOjKAs+VqxBJlNVcoVUoFDX17/PwInbQmO
+C35YSeFdBh6FNwbalsWkzKl5PmjH2XJCP4Zi
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 A7 D1 D9 39 66 A1 A3 50 5D 99 15 05 9A 61 3D 4C 09 43 CC 
+    friendlyName: Valid onlySomeReasons Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DC1A964E9CB7CB53
+
+XWgNPVxoNKAvoa9qvAqymT5p8IVNC09tbQVnV3TTf4ZBX/3qa/apfmQ8u/T0Vibr
+vgYMBwt9L+j4Oujyw9+o83ziUlom9Reor7KmFSO0vYJOIgxPIkHTG5+IXiRSO8N9
+W0jhMRWuHFlpQFXF8AR4+dPAa0KVCzfBGuEwksmmHTYhVboYwN1FrQwxL5Mua89N
+PCUucOWRXrARA0LqA5tTeFGHU3Ou1SIdvaGDxRYoRQjAV2uTQuiILxIPUUOCZR0j
+qE3vZNRW781EgnHF2lVrXaTIgKJXmu0owHS0e/HNTpno4r1JLEBKOdjwgbnilZOI
+c4CWnXi+6CLmLP4rw1QaV/gV+c0uVrPjCCy/1kD2dEF/D7rOfSc/Il6aR5wD6Vsk
+sl3pMpKuhX3YxDShDg6rHp3n2YPRh7x6/bPNbGB1WuXOGFC0SptulTzY1gKW45Nn
+wFHYkjmPDadLhU+5HwpzXeXhJdMHCW+z8TsTGjNIQVRFlbX4PRxWwK8n1FPl5+k6
+1pCZZjdcFXUXNzNXqMXSxd8/7ilnVqXXi1unaoqFW8Zfp8e7FR8ltAUuJL3jOjV0
+Tw7K63B5KmtcpRn/O0J/me+d15343F0QaglJpn3iakNyutyu5zzAzZS4KvBRIXJg
+QyYfm16D9p1AkNOHq7g99N7wnA15JLxqOuE+YB26LSpcRZIker5cGsAfQDWliqOB
+vX86jMET4qPcOmApPaSuRolXlBm7kWjxv9iltr/nPJi1RJOZkfBuGHJ5V+vuNpWJ
+y87y5sgCkGakoG7NASAQQYKHhdKie+//3AWaaxWqr5H3jzUEtaZ2yyqvMmMOle/K
+ePna6WyHQ8a/CQBypPGp9adWO6oUNyDIYbNbq86bw5Eor0JvSQIBWany1Xlzt3Qg
+J6cPxBe4nEktHzv9+bM0fRb6R6mHbu21MQ7JEPoF316E++PM8gC0Mt0R37dRSEvv
+Q+Yy3FNArDeqRdP3BcVsbl93zPz1Su2uyJo8h+o+YCEao48NcttOcMkU/wkSyT0y
+OXvi2YotIsAkryR0ZvXcfWkKl1kt2qBR7qOvVedWiwgeIjyytgHi9PAPqAYw+Aia
+ZlGRPaiqCIEmwu2HiJ1A5+lrW5vK6UWtwrWM3XJKjcPSW493auFURyAKdA3jvhCu
++7PEV4m7AksM+N+rjObGFbonEIqTov1cIj+S4DqnOpOvc0LEvNumIY5iZtIZrkDT
+93JQODsyGgs4mnlV7BFhWiGaEIhOV2nSANz2VQc7mN2RyUdajg4nTgCsTK0j7OVb
++aFYXlJ9KB4484n4BRJ8LOjjGpsUegvVqt2QP56YyI02Du13YPCkzIjOUA4lMWRk
+q52k69X55d8kI+EE7Sn18Veo80Idq6vA9wlYzk16hg3cyI0uEpwtbTNF5j/PG1yf
+IsMpj+KJPDx+P9PNZC7fnb5J9ok6yxy/G/GOTvLuqHUZtoYhSW4UL3aRwzs8hgTP
+n/1Yg4GETmNRQu06tgrwOIa6iyXV6ulsFnn1J3jgZlbbAXqyP2lZR5M9lQn4oPuy
+8AdX/QtJJzqjgWD0GUYWCg7l+rJa+Hqqwr2U0kz8t6mS2HTPVtutUQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem
deleted file mode 100644
index 580d919aa2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlySomeReasons EE Certificate Test19
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDYjCCAsugAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1Zh
-bGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBANbeMMLH+IhNKpE0W5mNqU1YnGXZjAhFNF7V
-hMVHkKyGO+6oluHVdrzxL4CoonF40mpNZdCyVA39nKEW2HV1KB2OQ2cjjOpS+n6l
-1eds3MeBCa3z1kzPbsqkkTH+hdmkHnn7gsQNElk+mALZXM/UC+kIRlHIWSmR+FvK
-+gqFZw3ZAgMBAAGjggFEMIIBQDAfBgNVHSMEGDAWgBQ/vkDx92sC+7BZwwCkWuCX
-VAjpGTAdBgNVHQ4EFgQU31n0/apTtgdLpf3g030Om2i0nuswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB1AYDVR0fBIHMMIHJMGKgXKBa
-pFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRww
-GgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIFYDBj
-oFygWqRYMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czEcMBoGA1UECxMTb25seVNvbWVSZWFzb25zIENBNDENMAsGA1UEAxMEQ1JMMoED
-B5+AMA0GCSqGSIb3DQEBBQUAA4GBACKZfydulpOlfYkHfr+kYAFm8mWYkFty5+82
-g7UQ34pUUcNlmXy2LAvyOnFBy9LJGLpfyqbaZYLyspSseZrYTfdEYRdba4FWLwEp
-iCqeyzac+D1Hr7uRFVocXyd1ZUKWhdA0gfkORdmeNO4HjY3D1+y75qjNutoqK9et
-6C9d+9jH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem
new file mode 100644
index 0000000000..ce783f6d22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 23 3F AC 65 5C BD B4 11 55 FA 12 15 B8 BD F4 B7 AA 63 89 68 
+    friendlyName: Valid onlySomeReasons Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlySomeReasons EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEezCCA2OgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQw
+MgYDVQQDEytWYWxpZCBvbmx5U29tZVJlYXNvbnMgRUUgQ2VydGlmaWNhdGUgVGVz
+dDE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYaYmevtVXzOSYqg
+VGMWu24TJ5L1gx1O3gTuPBCkQE5QZVa23vo3dDpL2m3SpMJ3kWJuPkIAA4eobyIk
+IYqZCsSO9y6zKfhCFOG/ynddUbglmcigcjzA4uZ8wNTXgV2shFYtxCcU/3Tbr8IT
+Q/bbX9/eMw+8vNtIZdM6MieX9/fwa5WkQJqhOYyPJJ9NfeJmwSnjd6WC5mkA9hBa
+0RqL34l8mhiARM9sO8p7uv2cTm7hKTQ133RhnWX5wwbiRB3H18pG/Ikw+2Fel0u2
+PuI4qXbevmzjL/83sf/unZt8++MeiyUVYSJf/V4yRuRW/kFAOPExJJyCoaZeNp1i
+SGa9pQIDAQABo4IBTjCCAUowHwYDVR0jBBgwFoAUvmbcHgwGO/bTiDSRUyaBDWgX
+bskwHQYDVR0OBBYEFORDdLxa0SqQZuQsnjKT0Gwdhm7KMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgd4GA1UdHwSB1jCB0zBnoGGgX6Rd
+MFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIF
+YDBooGGgX6RdMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQD
+EwRDUkwygQMHn4AwDQYJKoZIhvcNAQELBQADggEBAEp1pHXjSGjq1N6Oe2KCTqvs
+TW/SpD8ezjGgyAUwU15I2sTCRhIUeRMZPFVkNqSmDfSp+xNWa8WwXgTaUpcbN3/+
+SC7WefRmx82NMFGZ7lshpwd/LdcagG8oK8jyC8Lec73qpDeObhwo2VTWUs2KfcgE
+Q9QP0QL8xO5v2VbQovLHIu1H4vqqYYCgZ/dZ7ctiatxFEHo36PP57+gRbBGPkubg
+c7TC0UWF2z+m+LeBtSQBXyifUIhqcbWkXz0fqpf12/6BVrKsRnpICJhKjYBhpS9z
+mORlC3jZn479qEASq+HfY/T5aaWJvIhZbsRd50GZerNg6DhQfNj8bJvnBx77CSI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 23 3F AC 65 5C BD B4 11 55 FA 12 15 B8 BD F4 B7 AA 63 89 68 
+    friendlyName: Valid onlySomeReasons Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F770B6331EB6E985
+
+00hiEinPPF507CjG5k30QFMeFtpvVoaSvIV3gwKZs1fxsHhMU58Aw8ir9muU7mOI
+KoFHC2JYytoX+BQWmkvSFtqiQEuWmQNcdQmuWXz0HqbmtTSqxC7kI+rDhseetO1f
+Varfou/gU07P29NHTVArxr4cG9GxeArnsV1xT6/hChXuKFHk3Rlb1mkVDR5hojtc
+70z+t6Fpr2csBiu+s8JbI0GdUspsLTCNSJAZDhXaPbrVA2mb/F5m1+soUb8filGJ
+a7YfR6EOAL5BlO4AKJsmW9DuDz+ZUp/NbaCQMIOUUcFqhTQlez3vWp9RH6yvzbUR
+NZe7wEoj5U2JPPj8MKPJRkFVIYv/VL5BsJgjMKz1CAx/ev4SNchBjctph/WlJ/Yh
+DEhdqQv3cS6n3cwY5UVkKjBIMLT0rFDcCrPUC1PttwMv+/qj67jaLjqSkHH37m6b
+RzLgUP7iZCWT/4kzRTQ/PZ3loErNYXqgINLmk3uAQYMMGWXK2I0/O6Ib0YiAg91n
+8NbD7ii8Xi2tvBUgqmUNA4HPBxDaadeuMF9cyZgNRghgM1pFXHCMx+jY9NTFfkQz
+hEQwGmw5FlDIlJzuckUVrwKp2D+ewkThuCPl4xIEq0UG6L7ZDVhZ3dNlZzaXuhk7
+zJpcNLIbTkZEw+xaO4vYkKa7XwmGZ6L6Q0rf1DPyYscLp7P6Ym4AIlzFepb8sdjT
+NrkjDy/OpU/W9HzIT08WQv31uPtaxqthMrRyAQiqcSRqrye80/hXu3YFGjRh1QfV
+AT4gMdC/SZUrWb2YSBieE8uHW5/5PtJC8WKQFWg7Rth8noeRb/f5jU8UiqLN1YSO
+pXXPo1MA1UBNc5aXYHtsg+4uDz1osvOrKgrU3D1JRi6NNcVg6VNYwy/E4etYvDJX
+sTYvnoU1XNPMFpEFzjPNhllYZ43V7C45LgZadsdG6JMY/6/QBysiv3uvP6ckxOUq
+WHM4Q0ifWtAgAPKLLgZiol6r0R4WUihsZHawn/Dwwcj97/zxPFTroN81l393sGQJ
+oESU/RMR/ZzGBJFaV/Hn15MdNGSp2SRGCi0xaOrEfx+kOHDWJbMe9Kl9KMQMngPL
+2qLKLl0Me4fBq5xhxq4t6F21/c3a5dwpAU/mK1UKKQtQSQ0AXcZSSXlvrk0x02jf
+sOoR5+mKYCky4dxBq1DkLmpOSk/G5GxDQ6MU+UVi+6/9KQ/CEgCu/TafYtgjwGfL
+He7d7NnduXYcdLXuxFZBDRJoLNIXGzTbJWF2wIXdxLx30OV9X7HvRV4DfBSX0Yq0
+o5ohzToT3QSY60JHDnhqsvpp95FlZgfuIqdC75Nz9gK6hD5OakQ/dyGEDFrWGyuh
+5Lf3t/YC7yd8E9c6SicH/ijOnuXwdm+Xqefs5VFPNfC+PBwTjVUHFdG9peFFyjq2
+mW5T+BBCwumWvlyudUDGRWisNP/xa/ooKieP4sQgGFQADwRD+bb7V0eHP92dC4i/
+jHnRq1u8wE+ce+usn2CzZIuzOzpPdKAbG9LMJeCdGQU7L3VJ4YkEB6IqOrrfHRdD
+aO9DnZLtH6kVi0vM4UJAYt9rCw+GjQOlO//fb/rFOe/JpFBD2kPQf5VPxsNl/xIY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem
deleted file mode 100644
index b183ea4aec..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAvfifKseM6a2SLDsRFhGp/REqaFlx95O6qTUy4GtxendIFOtyadcv+Krt
-MtbMq5gpTipTi88pg9PZJgu5WNbNCBTw9a4LVmuK7vW7+qc4vKAiHMx1C36i+M/u
-xAyxABnaB/+3GuTXBVh2UaFyc0y742BlOGiJQec4j12Ympn+/D8CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEg0CFSm
-7E/ZmBQh7NRjsSNv7Xk+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBBDANBgkqhkiG9w0BAQUFAAOBgQBH
-GNn47Kmou/bb4DJqEWK0rYy18Luf89VyfaGcLrRx55hJopWTol/7VNHK/PcEcYZR
-FvrRx3+j/FmPw7KdZhr7vswlOw+Al6Izo2NpTdI71n9v0mWk0aMnagaU1/HhVCo0
-MFmjWB6hXagaUlj7PMUGxJhJDLGVxim5OsTKsDyQsA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTQxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDEkec8+m6bpWo+4WFbIZq5Ex3/ooPS1Ag0V67MSbWUopjA
-ZSFFn1jMVuyJwvVJcWhm60beqAFCWAgdUw39yw1AH1ZjF80S0i7gOs1ecJOgcJlH
-l12ROKtYyawcnvh97Riu5uNhddo7GNP8imgxuTm+KCMgA2Yje/3+s+kkJGrmmQID
-AQABo38wfTAfBgNVHSMEGDAWgBRINAhUpuxP2ZgUIezUY7Ejb+15PjAdBgNVHQ4E
-FgQUxsXdPdf7dENAydCq5aEK1oE0ihEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHXkSFfYx3eChLIW3r9jR5s+WkJP7zC2MDwTim6sqK9EEdF8u7jpSM7A
-injU005gD9O+daXiOhdTWtO6tHG5lU4F0pz1/gf6NabgsIZcCY5ihmO0sg9yFw2x
-m9ZtI0lrFDJVVMb2TTzSg2BCk/4WrjCu8lyZKeHb3/MPXrhVI6QI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTQxWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE2MDQGA1UEAxMtVmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt+goZGlfBA+Us
-3gYzg2H1q9xTS0jsUbdAWR+UyFhwlPTu9s29bJOQlgYCeMoZsW60iIbUbQjcq5Uz
-cVH3GuHEdnVZi+2PuExwKCPfJd5AlZLlHF2/rXEitua/1jfZeCG2APIo6Fo6MyRm
-DjXSMXVDa+34SxTNsxmRL5mRkAU14wIDAQABo2swaTAfBgNVHSMEGDAWgBQQleeK
-lnT5PPSbBqlJ88GaP85wHzAdBgNVHQ4EFgQUKiHe+m/ll4aKUr4X5q6GcSIkJkEw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQBg1xu2EY6shLYeKkVPx8VQMKHQwihQdDRH5Ehqsrgw5t3hALFO
-PjKZ7qdAOOWJA0Y8HmswJswQ9hYMEPkUdGLcE6ssQLySaRecEK5uW5/fWrs451uq
-5hyC55DEHEaJBbvzzBy4eftZcJrQv+QQTxhBH82+/LT02FkYqfjuUPIYSA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTQxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0E0MVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALlp+FnExwi/Gj0ZI91kqo4pmnqqOhGFj1B7
-BwwpwPKi9bTS4V7SoF/789+rQvetsKPMvlFqlJxAJDAucVf9IcHun+JONgiIUcLB
-o1x/hhXffJx5AKaTGK3lCSkXqT2ivI8QJNTTjDgv3gvwGg97WVPlbOeZEPbwMzlx
-i4oq4uHXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMbF3T3X+3RDQMnQquWhCtaBNIoR
-MB0GA1UdDgQWBBQQleeKlnT5PPSbBqlJ88GaP85wHzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAuzFHa2SgbDIRvfbqmMe+p2l0M4gJMEc3r2caaovmKgfuVyBl
-n0JdZN2rzlYFV4jZbJ0wa89PzLIDtmptUctcO0DO/P+ofx8uAATdFhL4yMmHkK9L
-XVBrdANbZSBZ+8WXKrnvsJArX0vtQax8znEaTUskMtDe6gjzZsb957dYCCU=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:48:34:08:54:A6:EC:4F:D9:98:14:21:EC:D4:63:B1:23:6F:ED:79:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:5e:e4:e2:af:00:5c:48:3a:c2:36:d1:97:10:66:06:b0:04:
-        8c:37:8b:96:01:b2:c1:bc:b5:3a:8f:b5:44:05:db:84:2a:85:
-        c1:7c:96:fd:b3:6c:1d:47:69:63:e6:a2:d5:6b:29:76:e2:72:
-        e1:4b:6a:d4:06:22:80:cb:58:0a:39:aa:47:45:a0:84:d0:9d:
-        d4:e5:00:13:71:ef:bb:3b:27:b0:e5:93:cf:b2:05:87:43:8d:
-        bc:a5:7a:50:8f:22:43:48:df:9a:e7:cc:8c:3e:54:fd:16:85:
-        3e:e9:a2:47:4f:f8:ae:94:85:32:4a:88:94:b7:c4:13:62:11:
-        6c:b8
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEg0CFSm7E/ZmBQh7NRjsSNv7Xk+MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAHpe5OKvAFxIOsI20ZcQZgawBIw3i5YBssG8tTqPtUQF24QqhcF8
-lv2zbB1HaWPmotVrKXbicuFLatQGIoDLWAo5qkdFoITQndTlABNx77s7J7Dlk8+y
-BYdDjbylelCPIkNI35rnzIw+VP0WhT7pokdP+K6UhTJKiJS3xBNiEWy4
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:C5:DD:3D:D7:FB:74:43:40:C9:D0:AA:E5:A1:0A:D6:81:34:8A:11
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:71:9b:f6:ad:39:6e:d8:be:f8:b2:87:85:75:4b:35:16:3c:
-        e7:52:48:af:e3:b1:7b:6d:1f:2e:59:59:81:af:cc:88:37:3b:
-        78:f8:4d:7a:81:e6:6e:23:50:4c:80:f2:e9:d5:cf:79:ce:e8:
-        9e:f8:c4:82:2b:6f:4a:ab:29:bd:5b:34:57:5f:31:5d:3b:a6:
-        b5:da:8f:57:4b:07:e2:5f:e3:f1:b0:8f:25:92:f2:c6:57:26:
-        9a:4e:36:d9:c9:6b:37:f3:0f:7d:81:b6:2d:6c:f7:c7:76:d7:
-        3e:29:67:8b:2e:01:9a:f8:90:2c:53:da:a6:c7:6c:b6:56:09:
-        fb:df
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTQxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBTGxd091/t0Q0DJ0KrloQrWgTSKETAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAOcZv2rTlu2L74soeFdUs1FjznUkiv47F7bR8uWVmBr8yI
-Nzt4+E16geZuI1BMgPLp1c95zuie+MSCK29Kqym9WzRXXzFdO6a12o9XSwfiX+Px
-sI8lkvLGVyaaTjbZyWs38w99gbYtbPfHdtc+KWeLLgGa+JAsU9qmx2y2Vgn73w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:10:95:E7:8A:96:74:F9:3C:F4:9B:06:A9:49:F3:C1:9A:3F:CE:70:1F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        06:af:3f:80:68:02:24:ee:c0:3f:33:5b:62:49:01:cf:ee:87:
-        f7:92:49:33:a2:b1:b0:6c:e7:23:7f:4a:8d:2a:1b:e9:31:fc:
-        04:49:76:f2:f6:92:d2:b3:32:70:50:71:9f:12:ab:03:6c:2d:
-        a7:0f:81:ef:fb:01:3e:3f:09:b8:df:e8:4e:28:c9:5d:fa:a3:
-        ef:64:db:b9:cb:8f:66:a2:b5:ba:17:f3:05:62:5c:8c:5b:75:
-        f6:7e:54:aa:30:59:0d:50:c1:23:90:c9:91:06:49:1e:bf:23:
-        de:88:c6:7a:39:0e:6e:11:cc:44:44:40:2e:08:82:65:e8:74:
-        9d:60
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTQxWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUEJXnipZ0+Tz0mwapSfPBmj/OcB8wCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABq8/gGgCJO7APzNbYkkBz+6H95JJM6KxsGznI39K
-jSob6TH8BEl28vaS0rMycFBxnxKrA2wtpw+B7/sBPj8JuN/oTijJXfqj72TbucuP
-ZqK1uhfzBWJcjFt19n5UqjBZDVDBI5DJkQZJHr8j3ojGejkObhHMRERALgiCZeh0
-nWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem
new file mode 100644
index 0000000000..79507de0d1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2D FA 1C 30 3E E6 37 A1 12 BE 07 77 3B 17 6E F8 9F 00 3A 06 
+    friendlyName: Valid pathLenConstraint Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBNDFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExNjA0BgNVBAMTLVZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANGvSnWvqPuuQwnBzwyPeG9cwJSQU/bvAAFK1V8D6Yb5dGmKu++FJuY3+qmG
+uzN3K1HFo1C/84fQ0UFNp/6H9r+9yUZ3RRSvr8A4JA0CUUv+mXfbd7+HzCqqyj0i
+RSreaFuiXaM4QAH56nrfg31qQGb1QC14tpEXlBp8YnGh2PRbbdJQf8JbxMOlhWB9
+A8+Dk0gwSVqUZ0nPDFy2OLQ3cEQTgjnihXBJqHztLtj4rQkwWbQCNIThrZ+XszkW
+6rcGygZ7ZACnuuHOG5UK6qxakReo8ZuW079tnFJCPSyPk54dHLlTrsz6LyyBQBKv
+2PzZAQcnzZWHJLoACwhOWUQ9dz8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUoe2i8zVU
+pZ+8Y+ZHalMkbEoMciwwHQYDVR0OBBYEFLdJcbHtcyweaP/yNyrJR7L7kfqpMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAJTElUFCT4pcCXUHleZsjeg3hPXNJIWYLr3/MACyrDpD7M4kb1J/
+v03VUo6r9wFgd2LE8Q9kghkRsQ1BvdGX9FijaPDMZ31kPpU1EelGutxkjU21mz6x
+lXLb4ql8QBCLDZ+N2mEQ8y/KCYpSkKJK2X5XHQ8LRn0b/QKK64UmF4uZFxKA5Ez8
+q1bescEhdWiAZBrFv5t+OhSHbRkRtLNB2fHkzkovVrhSgrG/qcsGInWTvF1RnV40
+iP7VcosKbEynP8p5LQMIjt7d4f+PocFcSIVwgcVfZdwx9MS+nAj29Ynu9vQENFHI
+xwRm/XT3hYzGswzrl5RhHyyjgAvjxwSaxfU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2D FA 1C 30 3E E6 37 A1 12 BE 07 77 3B 17 6E F8 9F 00 3A 06 
+    friendlyName: Valid pathLenConstraint Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C045A0179BFD32F2
+
+0PhVbeIHszH6dY1ZI4AbD2whyIF4mwSnK0v+/EzbQixapqiVpM5mjsogGfNjH0xA
+/LUFFI75lMUJDQSstlUiDAVLBhLadSx2K7EQe7Yh+biVi/xlqObKauYzF8IUGl76
+CNU1DNvrf3HDU4GE/7nxrYWYjBZt6upNHjaek4UoyfiJT8T3hmOhhAFYxb0lxs8Z
+SnrGzb5eFWNSvlr4gTvvbb48PLrWzKk8DeuirhV23c4n6sj7pEcY1+rNVPxNm9oU
+43sOY4IEfr+CFXxQBFUTseVkLWpLLDdkPFiIgcmVSV8vaSwnsIQ3ciBxge/wZJMU
+78OyHkkUquZV+cCKrgpgChMin1u2wn08QyPwETdpMobc+g7Ydb+eyU39kMSIPP3t
+UrFsmTTPygF11iwkSbPzToQ163O0TOmqD0BcJsWxTVjbHSTnNJ4hVie8xIAShjAa
+9U04QPBp7gb7npf4dIEIh6Yyf9AQyLqwDgSZv2VO+M9G1EMxpNflsYLU6s3V1efM
+kXk9EPA0j0piq5xMdSf+AqRLieSkIm53fFENvfz0CcauOwSQ0Trm2S6vLzIp/IYA
+ZaCqwba9QqusemG/CfKKc4oCKeF+hFk5D21d+s5XGhmWjrkaWn7PQLxNnIiuZ+5s
+CIabBUjQHWreoBPw9QOQwbJMfTJYmfldZll9KnlLlo296Qb+uWLZTbtk3/ZEQ5go
+1iJp35jEs82nI9NVazSS98CXHBUCUOlHM0caxq3irssQlLz9nbnUODlrZ3CSaW8V
+wOsYkAnN6lFImq+1LqrSVtVqtESY6aPBt8GWS9UHx2n9MfRlPBKQLUJGnOG9+ktW
+tuayerk2V86x1R8c1YEbhqU+g//l1UoAOAEOfndkb4JNAgVXAxIhU2WpJUs9EGZR
+43nYgJ+IwiHWpWmB1TMgTMU+qFo+QjVYyZkGVyO2FUY2CaD5oq1MUGS0uDkfXq34
+8yBjCCskYG+eTnktrbJ86844oAObQiour2zVcQz3oI+uivn7XJBuLP/np2RLwQow
+yyXMzJIY+WO/WkZDPmXRLNToHaK6NG9/JVP6Z5WaZSHf1qrIHzH1optKT4YVJmmQ
+ZKbkVg1vsDmvaDMEaETzw6W8UUlrEc81HIlC03qKbmWVQKj/B6vvWefhXl8HCeWA
+OIeLhLVqJL5ZSQdnMdF33uhGOvhAWkUUmCEplixC+bRWdEhFoorZLHmuoML1WQ1X
+O8P9EkAuHxNzTv/FuPl+GHC3dkQrxFi0BNBKfUXhpK3E+/UAztcDlX4FNytLv7Q7
+FLP1yJ7Em2S87yeX4dRtG2OvNR8/gRWfNoZBxd3CU4mMg1IwXCZnpk5Odz1i/obJ
+yLUdymiAjHMZ3EyAhTxofDSwmakWjP8tzcXppcMJC6ghMHDd22KtYJztt/qG691G
+k77Ygq693ub+2usd/6aBmzOQMDAzj1aqAPUzd0yM36Cm7OmgJV3ZJ5C26XBOLP00
+oAa4UklbL5erfU6qMimMMdqbmKUd4whyvx9fKSdhGhFZ0VoOrT80CyGzVnnxC3fY
+Uw7NB+13ZruVC6SYCD1R7rRUUZgu9GbYdUx0Te12rrQozXMajPFy6psTUqEFusv5
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem
deleted file mode 100644
index fb615f5434..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAvfifKseM6a2SLDsRFhGp/REqaFlx95O6qTUy4GtxendIFOtyadcv+Krt
-MtbMq5gpTipTi88pg9PZJgu5WNbNCBTw9a4LVmuK7vW7+qc4vKAiHMx1C36i+M/u
-xAyxABnaB/+3GuTXBVh2UaFyc0y742BlOGiJQec4j12Ympn+/D8CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEg0CFSm
-7E/ZmBQh7NRjsSNv7Xk+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBBDANBgkqhkiG9w0BAQUFAAOBgQBH
-GNn47Kmou/bb4DJqEWK0rYy18Luf89VyfaGcLrRx55hJopWTol/7VNHK/PcEcYZR
-FvrRx3+j/FmPw7KdZhr7vswlOw+Al6Izo2NpTdI71n9v0mWk0aMnagaU1/HhVCo0
-MFmjWB6hXagaUlj7PMUGxJhJDLGVxim5OsTKsDyQsA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTQxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDEkec8+m6bpWo+4WFbIZq5Ex3/ooPS1Ag0V67MSbWUopjA
-ZSFFn1jMVuyJwvVJcWhm60beqAFCWAgdUw39yw1AH1ZjF80S0i7gOs1ecJOgcJlH
-l12ROKtYyawcnvh97Riu5uNhddo7GNP8imgxuTm+KCMgA2Yje/3+s+kkJGrmmQID
-AQABo38wfTAfBgNVHSMEGDAWgBRINAhUpuxP2ZgUIezUY7Ejb+15PjAdBgNVHQ4E
-FgQUxsXdPdf7dENAydCq5aEK1oE0ihEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHXkSFfYx3eChLIW3r9jR5s+WkJP7zC2MDwTim6sqK9EEdF8u7jpSM7A
-injU005gD9O+daXiOhdTWtO6tHG5lU4F0pz1/gf6NabgsIZcCY5ihmO0sg9yFw2x
-m9ZtI0lrFDJVVMb2TTzSg2BCk/4WrjCu8lyZKeHb3/MPXrhVI6QI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTQxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0E0MVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALlp+FnExwi/Gj0ZI91kqo4pmnqqOhGFj1B7
-BwwpwPKi9bTS4V7SoF/789+rQvetsKPMvlFqlJxAJDAucVf9IcHun+JONgiIUcLB
-o1x/hhXffJx5AKaTGK3lCSkXqT2ivI8QJNTTjDgv3gvwGg97WVPlbOeZEPbwMzlx
-i4oq4uHXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMbF3T3X+3RDQMnQquWhCtaBNIoR
-MB0GA1UdDgQWBBQQleeKlnT5PPSbBqlJ88GaP85wHzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAuzFHa2SgbDIRvfbqmMe+p2l0M4gJMEc3r2caaovmKgfuVyBl
-n0JdZN2rzlYFV4jZbJ0wa89PzLIDtmptUctcO0DO/P+ofx8uAATdFhL4yMmHkK9L
-XVBrdANbZSBZ+8WXKrnvsJArX0vtQax8znEaTUskMtDe6gjzZsb957dYCCU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTQxWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE2MDQGA1UEAxMtVmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDE0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTcyx/sZXkB7EZ
-X9U9aJCVucbvSK3QXJ38Ej+ZM7agOIkJnMypA0BzQ43FvxbDlx67ynhH3au4nFw9
-niBIPF0hg9LKJBYQDlFhdCPd441gpnEOtT5abklFPScEoi115OUSsoA94VZwjdmz
-rxb5Scji7OZYKtBZumvQ+YxbZGKi9QIDAQABo3wwejAfBgNVHSMEGDAWgBQQleeK
-lnT5PPSbBqlJ88GaP85wHzAdBgNVHQ4EFgQUSa5vCfYgmh0xBcsnTTGEttOhtX0w
-DgYDVR0PAQH/BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABdfALk3+cW2GpEztpvr/6wgOkaJ
-ev+/WwDgW5YTiVGbLZRr+5qrxz8Log4b4Y/OYyrwh+J/gmQFP34wHEm4ReZHcfyD
-4k6Ji2dWxqLaocQVROOZ9n+vqSFC63nNE/ZDNnsUErkEQJdX7f7HMDZoDI0wryrp
-3fLY+NJlyePm6r1M
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:48:34:08:54:A6:EC:4F:D9:98:14:21:EC:D4:63:B1:23:6F:ED:79:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:5e:e4:e2:af:00:5c:48:3a:c2:36:d1:97:10:66:06:b0:04:
-        8c:37:8b:96:01:b2:c1:bc:b5:3a:8f:b5:44:05:db:84:2a:85:
-        c1:7c:96:fd:b3:6c:1d:47:69:63:e6:a2:d5:6b:29:76:e2:72:
-        e1:4b:6a:d4:06:22:80:cb:58:0a:39:aa:47:45:a0:84:d0:9d:
-        d4:e5:00:13:71:ef:bb:3b:27:b0:e5:93:cf:b2:05:87:43:8d:
-        bc:a5:7a:50:8f:22:43:48:df:9a:e7:cc:8c:3e:54:fd:16:85:
-        3e:e9:a2:47:4f:f8:ae:94:85:32:4a:88:94:b7:c4:13:62:11:
-        6c:b8
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEg0CFSm7E/ZmBQh7NRjsSNv7Xk+MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAHpe5OKvAFxIOsI20ZcQZgawBIw3i5YBssG8tTqPtUQF24QqhcF8
-lv2zbB1HaWPmotVrKXbicuFLatQGIoDLWAo5qkdFoITQndTlABNx77s7J7Dlk8+y
-BYdDjbylelCPIkNI35rnzIw+VP0WhT7pokdP+K6UhTJKiJS3xBNiEWy4
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:C5:DD:3D:D7:FB:74:43:40:C9:D0:AA:E5:A1:0A:D6:81:34:8A:11
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:71:9b:f6:ad:39:6e:d8:be:f8:b2:87:85:75:4b:35:16:3c:
-        e7:52:48:af:e3:b1:7b:6d:1f:2e:59:59:81:af:cc:88:37:3b:
-        78:f8:4d:7a:81:e6:6e:23:50:4c:80:f2:e9:d5:cf:79:ce:e8:
-        9e:f8:c4:82:2b:6f:4a:ab:29:bd:5b:34:57:5f:31:5d:3b:a6:
-        b5:da:8f:57:4b:07:e2:5f:e3:f1:b0:8f:25:92:f2:c6:57:26:
-        9a:4e:36:d9:c9:6b:37:f3:0f:7d:81:b6:2d:6c:f7:c7:76:d7:
-        3e:29:67:8b:2e:01:9a:f8:90:2c:53:da:a6:c7:6c:b6:56:09:
-        fb:df
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTQxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBTGxd091/t0Q0DJ0KrloQrWgTSKETAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAOcZv2rTlu2L74soeFdUs1FjznUkiv47F7bR8uWVmBr8yI
-Nzt4+E16geZuI1BMgPLp1c95zuie+MSCK29Kqym9WzRXXzFdO6a12o9XSwfiX+Px
-sI8lkvLGVyaaTjbZyWs38w99gbYtbPfHdtc+KWeLLgGa+JAsU9qmx2y2Vgn73w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:10:95:E7:8A:96:74:F9:3C:F4:9B:06:A9:49:F3:C1:9A:3F:CE:70:1F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        06:af:3f:80:68:02:24:ee:c0:3f:33:5b:62:49:01:cf:ee:87:
-        f7:92:49:33:a2:b1:b0:6c:e7:23:7f:4a:8d:2a:1b:e9:31:fc:
-        04:49:76:f2:f6:92:d2:b3:32:70:50:71:9f:12:ab:03:6c:2d:
-        a7:0f:81:ef:fb:01:3e:3f:09:b8:df:e8:4e:28:c9:5d:fa:a3:
-        ef:64:db:b9:cb:8f:66:a2:b5:ba:17:f3:05:62:5c:8c:5b:75:
-        f6:7e:54:aa:30:59:0d:50:c1:23:90:c9:91:06:49:1e:bf:23:
-        de:88:c6:7a:39:0e:6e:11:cc:44:44:40:2e:08:82:65:e8:74:
-        9d:60
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTQxWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUEJXnipZ0+Tz0mwapSfPBmj/OcB8wCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABq8/gGgCJO7APzNbYkkBz+6H95JJM6KxsGznI39K
-jSob6TH8BEl28vaS0rMycFBxnxKrA2wtpw+B7/sBPj8JuN/oTijJXfqj72TbucuP
-ZqK1uhfzBWJcjFt19n5UqjBZDVDBI5DJkQZJHr8j3ojGejkObhHMRERALgiCZeh0
-nWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem
new file mode 100644
index 0000000000..7271932e27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 04 A0 3D CB C0 33 CA B4 2C C2 0F CC CD 23 1F 52 D0 88 A6 34 
+    friendlyName: Valid pathLenConstraint Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBNDFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExNjA0BgNVBAMTLVZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALwvb5kYb8ZGePgV8mVn9WJWyg0Wbw6tmwPBtLDhu1M+yVu5u+mZ30leAT07
+idW26yPnA75uFMjgKbbzoccKeI9e68lm5fwUFbflcVywdvcXIRszUoqwZvZJnnqp
+FO+wjw1YDVmfbqHJ68eKUUwebgNNnMz7LS1Qf6I811JYPJLGq8dLRruoN46Uxfnr
+dtWwu09ovP1N6lkvtPRE8DZFweTE4CYr6OAzcX9EnjDxCy/E0BVhXSbUCYq1zQht
+nfHihV/+K3JLyCiOU6UmYxI9sP/A8H0L1ymMKBnV5a7dj1wKWPsonUYwEMLZqUXw
+/p2VSrJyseyovwtD5sDXlor2xT8CAwEAAaN8MHowHwYDVR0jBBgwFoAUoe2i8zVU
+pZ+8Y+ZHalMkbEoMciwwHQYDVR0OBBYEFBIalgWSiLc2La4mJ6CGCUvwDtB8MBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAVhkHa+bENPN+3xIaFGBp9icw3gtg
+wx34h2kqls0SzTxl48bBGFoDR9YGzUH0Z/ZEfrnMPKF7Q/RMU0AnUftz3aAifsms
+P6mI7pYpDnSby4nk7nlaEohfL8qozpbr8ZGX3pPmR+7/6YmdP/hcLZusaWznnxuk
+pGpMGnVdZNaoNgzlkGzUP2+02IaDYVJ+Fb1GxuyofrZZU37b8FXgm0aaEPMJzGHD
+QCpc62yTxVU/NoWHPtx0zJnDzaeooVTlJxM+bIyjksW2fdaFfpoxGkJVkSNBxiXY
+Kntn/0GBOWHqKM349yIt+KU2fkJuG19jmKdP1tgDAPTtTlpTDaqNoXqfQg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 A0 3D CB C0 33 CA B4 2C C2 0F CC CD 23 1F 52 D0 88 A6 34 
+    friendlyName: Valid pathLenConstraint Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,606028537BDECB08
+
+PiwJB9Kp7heayAFM3DNRNa7HEyB2ZzhqLkb220AWZzf74xcebBuIeDpFvd7DM/Ch
+gq7P8pnfmlfxslJj1bG9kPz2ruZ/p0ltCYIShztmVBZ4v6v6ADZy0nmaT1vdjOar
+ElxeJ3YPn+I2oFDTWNmrDHJcwR053a86XwxFYHQWXWDEfGaianVMvm6n7YOs+BmG
+oSr2qS28ddeWnmtsifbCI1jZNjcUDr4w+6cMq/SFsOXh/m063dB23JoekdSVwDt6
+k0MdmU/5ir414ek2ZWRmP2ILe/vbCReyukabxyMweUbrROQJEHF5QDQunhJ3mbQT
+XSo0IDt8nRQJP8Fq8za2xUIXo+VZZlykSvsJOeuNLgtyY/5MYBsSgIsO0IG3TxMo
+E+8bRHGy0XJhvvIJaezSiN/F+xp3ugm9133vvM51WfY6+yHw5g91JzaiIbYHx/hP
+u1TE7MlfsbXYvB2duN3Jqx0Jja306XQv2ZX8TRWvcazreYcqfQsUuTaVQt6I9enb
+6R6weCdSdpSnNdwpemZN0y7+xT48zgpm928gsoU5ioNoxdAwzV6xiecTWtZM4dAe
+u3520Mk7hdzhTx601y2GRfMH4jAU04ENhk0u1/485u7D3oT9T/QGpncSIeKJKqG0
+iQziHiaSifEHcbopsrcBUhh5bGjtvXtdjZbPYpFqNLc49sAGsWEGDK7CikYgr6dQ
+EhFkZjIFcEpqdKLC+hBzVl3xczlQ1E/Dnjst8EIvBkX0d9Du66PYp1F85LYwP3XI
+QBqJqn0TpcWVQIHeJtbbSY5yuWgYLbVHW2DL+OyA2Rxx8jlnbtDZc1RDi0BN8LGO
+E8xTI9wwFkPp3Z6fr/gFCatAdjVEj2YNM1WyLfDQO8sKHbdGpZnwqPRYNn8uvlJ0
+lNOJW3n4FkFfMP+GJBRtF4Foy0htW/88oxG5MVl10a/6JgZa/cAwQl72wpWhJY/o
+VRCoPyPiAEK/psTmcSwxpRLUE0XRNlWsSOm2KoGvnVvUiHYJZSezN9Cs/wuyPxhr
+XJeBsqwntDIpV0dhplLoAsGDpr/F4qfYp3ba4vXxFbL+WIiMWSMVeuv6pbHs0Y30
+M8288+VnuWLLRmjuEe4jVuw+RUu76CtePvXXYUd1YGLRqx0ckMIptpu9wUvLtZbr
+7THSoKuA8ImLcbA7z6zjztuPbpaj9p89NAVU0H8CV0u1coZ0pncadTNQD5tgKmeV
+TgeDKuGyyP+tz4ML73chkdCwabJMVlFxf3n6XI3ZlKtd1apJGMllcJo6SprdSgnv
+5NnPsCoaRa8No1IZVxVGfdHxOSXydogCrRVx/D3PYWrodEXdnnU+AC2Rqk80veVS
+zEkuXPISsFP445tU0SSDnligmMwEmIGeokyYZuxSsbfdbE3e2tOv5WPtRtg2DqSl
+PVn3UwBbC9otf3jO2zQCZCrp49n8c0ZJzxFmLZ1ytZa3GEKS1RlB8mdLpy4adlB5
+uHzYy9cwfwSV6R/fS0I4M9BwhimezGLEvWSIQXrXP77pvjeHC1b2RlCKm/dj+1pL
+Dx+T8CcmVM8ox4iSBCpbzTCNw6mrUysDdIJPIWLhnvtBox9Gh1PDeg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem
deleted file mode 100644
index d2ac20b505..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDow4Z8Uorsifrji6RyscEE5DKo3WRY
-S01OJEDMgd8P75udI5umL9+vwJBIoObEUAx5I5UMDxkto9pDvHrRH72cNywar2n2
-4oat6X0JzKOaEzlx0N5E8Tp7LRkF7dcVCIZUGN0qVAJvfMtVQpcbRbLhK96jqOV1
-5uh5OetDHHufAgMBAAGjazBpMB8GA1UdIwQYMBaAFCEMtQF2dtOzKqwm/KqmT/LW
-oW9LMB0GA1UdDgQWBBRscpI4Rhz3vkPw7mtg+y+hic1p2DAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBACeo
-UDJXue1qGUe8Qxos7w6eQsbzHSXsmNI+t2Hyq+CARypTIgbueoWHfe1HyPsbOrEr
-3U2waZZ8AQzwklkyFUiL4D5Jo/+0coA9hPwmyhF6J/Wa5nOmLex1ZGg3c7J+MVAL
-1qx70Ft4WEm/EWBWCqse0wlEZXsvg5WocxF/xXKC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem
new file mode 100644
index 0000000000..1a2c275658
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 20 C7 01 33 EA 16 11 B0 87 DE 1A 48 93 90 F1 6C 92 0D E6 
+    friendlyName: Valid pathLenConstraint Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Fz+73nLTNQk
+5wB39QOcOINSEMhrucw1kGkaAWyS8zQp4+EuqHs7Atb0XqZdnKldzOa4UYYbHIdv
+72IZdyL2VVo3SKrPHZNm8CTcOvYUfLDJkieF8Jq3zlubKGfAxoVg6Nxs6XUs1TXC
+zWZddqgaNi4s+NApxUFCEenTlv+LcoA4sEj4G3E1ElrqiP/iTGsMCfslVhWwXhGl
+PN7BHLICNYVW9HyKdNnDKb2kbTg3sGs0lD7BvjVBq+sXXBsjRBgNq7YlpLaVu5JE
+vnuTSUFRIUZsY/gKQr+xdS3oQegHLuej606PNbpXdngBHTQV7MYuOqf5uUGLa9/m
+VdDJsXw4nwIDAQABo2swaTAfBgNVHSMEGDAWgBSbK7JKPJDFblABySK9Y84J8Yw9
++jAdBgNVHQ4EFgQUeVtfJzYHp65HDuqh3SrnkjIrRTUwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAbrtr
+dAQUuu4yakUr42oGarOU8nJ2rEwFUelHSVXUmMN+rswPb4OrmBojrunFZs++xAkn
+L5VVoGDgyuefaquBFvXYB911Dz+1O+7McLXgRCj22fJHgEDMnUFKah3I5bFuZHnP
+RX+n12Up/9oxAHsafaTIQNhylkNbTO1N9dvnB9lqFGqNoyww45G5aFOVE55IeBhi
+KZJ8U13zQ6lcxpbUcW/SSGrfDrQfJeJmWHf1nBSeQZgSKWMBlfbWTeuyscqSBBSN
+3eZSFmyW/Ks0zj3qHGRtYi0/nFc1XpUWuzReS8DXKc6+YaAshT2jhzZctY5Ctmrv
+sCRlwOfchMmn1w7FyQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 20 C7 01 33 EA 16 11 B0 87 DE 1A 48 93 90 F1 6C 92 0D E6 
+    friendlyName: Valid pathLenConstraint Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,774AD27661212217
+
+H5pQ9/Z+mDBytoFA+PeB+lBy0p5bGjQhRvzT8LOME8QpFrMm01XF8u6wHy+KNQpv
+HB9F9ggWTnNayrIj2y4ei0/hRf/Q2lqbLn7D6D9JJZToQE/j2E7F1c7MZHgR9kJv
+1Aefeohu09PYYacXVAb22ksmV4TJy24+5pHtFWSZlv+W0g2MG85dCiuYqquq3dFJ
+pOiXESa/C9JjkYN/UCmeWrNdCsXBPWFrvi1XWSyluAE+TAVxvRBMEqUbEt31aWQt
+UWyyE6Onk8tciIm+Uzrb7zg75NTo/S7SfBlHm0gE6/TroPo+igiex4S7vXe1ig0n
+0w6vO0tXZCGIfd5yglkSNeYZD9VUhpLvZuIrIunlvOi1bJECnmqa/JPlVJbFht7i
+0nIAZEMDyngToFiOo3gdMgvZC4/B4J+IIsZ7k6OlrXhl27p6pdQ4oXkK0ivvx6E+
+kW7iATMALxcygaZJkAOjv4c3vvrz5YGyAXnDIwbeY+KyxOHVZGHvIlgRt+hoahxn
+MlzdCLAXB6Nw2Z91pF6jaw0D4EbU8NSRrORvhyItKzLdZ60CkHSyNw/MFhvTvdEZ
+cGCky3pdEdZhkZHxPFIUQkR2GsiuIy3kFJHxQAO/Z/npXUYZ6u1eD3Fat3hiqFS4
+AlrNmI0/8BKkaW1s+EFt+cucQMntL0xsTsZLaGl+TUFKbSGbJJmFkt6kRbQWKv77
+97jBlChSscWwr2UNIt5guLrT337/4/afq4Fh2LvL7pvn16Q5mRz21ajawd1wzvb+
+Zu7PtH08ZgRw/RtKGVK4hIOPXyRRegWPWIJoPfwGDUY4ApuThe7JY6yNhvn/JNVe
+w+wh49nfKgJ284DmbpLqXMn53z2dhg+tLiEwkufCcItqsy0Z10r+y3IuOnHnQawq
+yaW6rF6ZALVsZVshjzRx4b3mWs3gWcbNtn/IkR6ne0vDnXbfklpmsdNvoLy7hlgs
+f+hDQ+5gAk7FwWlH86UFAQF0KPYLRnNsaTNDCkAu7fod5PpifKS3q496kgb/L07V
+8/ZWhrKOz0DCSxo4pcuOLho4Ji8DFjOvrAB/k66caNPA9C/axnPgMU9GpIlve7G1
+68+nbbmlJn08D1qq5nzIOEnfwvB4hB6hAEochf24Hpw5Fcs1b89HnX8zf21++V0M
+yNRE7sE6VTHTaOnmDUmzuN8NtmMM79fHd5lkLkW6MAo78fj/lagnu233DZydDYGS
+KoGZXxsfZNHcDeLYiYJdQ+aV1H+vFq3nMQ2t6oAbmRYljNQd8PpNbcR2AQpeYbzp
+37D74ffjVbHlWQSI3JvxNUR2PXisT9aNG7rPooUUZMENhBf8VVDQniblEE2nW7ZU
+OYF5vAsFXhWNA9YSmcOK86V+pFwj+bcqaBnlCzNZBS4tVbN1KhCQj5y6jthkSMMP
+Aje1i/Ww61wvebKmB/XqxcvR7OfLUohYxMgIuE1goXiOltGbpJWv6YorrqWDN+mG
+PgfdGj+Kj43o2ktFNY4BTtW7KbiupromJ+7b3F/rTgo63TXMCOSoQLZv/Q53AWlF
+RSDNvA0nMB9kMv80yb8vhQevQJCdtWfLv8kFPM88AX7sQ0zspHqHD6u8y8vmCO6W
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem
deleted file mode 100644
index 4dc31c0a1d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ+d2dQ2by4x3S9c+qiAbIuZy8fID08F
-m7aovaa12yHhqJ3IzwCS1+98Gu23ZZS65gN/dW1buemmT4JpkyJ5eUPiw5HuxN2n
-2pvbRTUJWmEKu1CL4ZdhDaWZJrzu1Nh33imr4KOz+JmYCK+GoYPtgBbWVfCA92B7
-DSHq36MTczl/AgMBAAGjfDB6MB8GA1UdIwQYMBaAFCEMtQF2dtOzKqwm/KqmT/LW
-oW9LMB0GA1UdDgQWBBQOVClwok24sW5DcWf/ad9B25zw3TAOBgNVHQ8BAf8EBAMC
-AfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEAIy48NtD42z00ZliJ+YZXUEU/rjppUQ19EdKy5ECwUPNl
-/2VPgN43d5eaOB3e4YxFHG8E0PHYy8dNTZo8dlIRRUZzSswCzuJuDYpVi16vVkeO
-N6+gI9xXcd4AMBcbjpyCDuJsSlV5xyIVfgocdocT6kasvJThBiOYDfH7QOWuSfw=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem
new file mode 100644
index 0000000000..def574ea90
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9D B5 8D C4 AB C7 8A 47 ED 0B 8E 26 75 6B 5B 87 3E 5A C1 38 
+    friendlyName: Valid pathLenConstraint Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveE/VqvYMxSY
+iJYipDWVtsy+LSoYmzW01w7agtChJFU8nyyGfXETdXJXUhqOSQ3KHMNvheRWUChQ
+LUApGvj+ZDYL+ABokDzyYxMpFmPs4GtaTWrVpSKNo+3e/hgYdm6/YpV4cr3whrrS
+XAXSKoohKwcnJaXZEWFp8bCsyfo6Llp68moO4pXxey396KyGyiTHdU2AnHjx8Uvw
+EsHFM2JRG4cQPGiDyEkteKtmliJcMI/q+o79TwXCEYzXNppTAiQ6imIDSySH3iZf
+RtRMLrTtF3SbEl5tfTAji9nQd3H2kHbxbnT+4r85UGhRdkeJgvfbTcbNhbpGjnA9
+WUbG+CWdPwIDAQABo3wwejAfBgNVHSMEGDAWgBSbK7JKPJDFblABySK9Y84J8Yw9
++jAdBgNVHQ4EFgQU+6vUASuM8lSGUTbsCFGmxWglc0wwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgH2MA0GCSqG
+SIb3DQEBCwUAA4IBAQDDBgsAr0bbdHP9DpawET8C9+cNstGtLgnhqosVaNxheg4m
+8xLOfbXJG9Y6l7Kuphw8TTCOgV4bto8eQM8tyZSr6lLZ7C3ER6Jwjw8GlrNNliFP
+yPyyIGPTT/NG888eO9ALyGkCFNych1QKrIgCaTTkjCnDZ4AfUmOLBB5DPA/Ryhu7
+VLxbwE/zIKLrRb+qRozC6mgZM/om459sQcvgQUQpjCrjZYD33ZLoGVhcs8Rb0TU9
+/BA/pbqF9/0qsW5iwCq7tEm6Kz7vtVkJnLqOt7zlh14HY9QP4ddfQFbZxg0okyns
+VADqsOn9RFxkZZdFSXKvYVRnndOtJplE/WBSg46l
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D B5 8D C4 AB C7 8A 47 ED 0B 8E 26 75 6B 5B 87 3E 5A C1 38 
+    friendlyName: Valid pathLenConstraint Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DED4F5AFDB5C4F37
+
+hyQrmK1RuvLrLmXo6ZpzrGzbkHKLFmXnpt6NBBdQ/Sc38erd7XPw81AeUdnHMkPB
+ZcvtdKDLEaI1ppBTcbE9lA41PaT2eKS8wZ3V0KA1KkeJ209nxM/YGNoqSxxSuAMU
+rucC6iFp63VvMlGIGNBV+U+oBPpwB/0uz4yJ5pRhbG4JC70k4crOcGscUoVjBU6X
+v+iowvyV8LqkqOdVBpBgII/Z1QKXyukA0z4sq8sJOKbPlMzOKfLSs1IMGd1FHaxH
+FM+V0zV3IU+KBpspDgJH7wNAdIy4OLu8eGaAGlWYwvzZskzWvmY1EP6p3yZawv4b
+k56ctK2daF1p3NuVAyltAOGccDTjJv6L84O/szpgU0AlddwirDP0FsIKScSeZ2jo
+0sqcCgd245YchiAaDxb99W5XTB3ekld4Nz8q3iA6Wab0piyuyVg5+sn3E4JdVj0J
+/i/8WRIuXeuxx5m8oc4mFT5bnOkzVqCG0hL444R3gmrJbgkpk5O9YTtbPztdugPG
+wDBKaysIRa7gHLdhqO7Gg5u4w22Mn/DGDfPgmJUVIT/ibCWBK87IMv3MkORKVOjs
+0p33cv5pjQGw1ZIYjSZv2FegUqtApfglZXzjrSZ4hpPpaadb4xS0I67C3zhki2m3
+R8xQWgYlTGnLtQWOE7ZDZ5XwBd+VATpYDewNqaRTc3CMRb3NsE8biBaG/CXv3mBy
+HYmXOeR3zUeIxIK59VcPwKk9igZpda2Vev9+NX6w6EDTXWnqRsrEUWUtDb3U2oCW
+W4j5aqJMeB/fhNZmVHArtT14lRN18GwzyZT0gtNzGqPACiwMBwb0NGwONCvJkmdI
+SZXevRKYJT5ZEB0k1sq+Z/mr2wsZF0tUyqgSd6qJP9jhWqPsJdPQAUkgwPnn5QlN
+4dGc5WL/qsuUKpzogBrzb0eij5i9Sgv2APMah4+t7lDKEDphY2KTmBeHAvpvWtoa
+HkUoeWjoGKZ39ajPkiKZnYoV92KjZt0c6uNU+mvecBaM+vWqdzbr4vRoTJNEvrOH
+Y3HJejQ/0JWVMa7t39iuI97oLp2V+y7mvMIYYs+brarpHwSwxBjdzO1R5Hv7R6PJ
+VOR+g7hn+RaiLXcfmRqJ8A4M5sq5NAEHCf3Ceoir9SWIlMH61oh/vJynVqsLc4zV
+l1oZNrDdVp8+12yJluOCXXCDru59ItB1cPVLxPr2EB0oQbdzdmxiM0+B3TpnJIDk
+bLh1TETbKqAt7oVbbZK/Fn+FaATYsGyIbflCGFZ73Oi978eU2XsjrQ+GeH+nBTT1
+hOh475CVmQtdBGnHIggEgRGTUQnRuXLRJk5G3F1a7OgCdUT5+e8gsWbICDHKlDP7
+RAJvo5YA4nBP3ajxZeb/XZWgGyMC6WnspuzWqro9HZJ7YeIGsiitpa3xYNdMO8L2
++oMqcV02jsIthO8yviN8gdBhMRAXBlNEdx9kp5uN2hV5NlWHJG8WdT65lQMWl31q
+c969D7oFXo2I90zJix9UfpAxSZDeGzRy4FkNf+W7MSqY/MnOTUmvFyZCXhlk0QTX
+Kc9AEHwGAfwqgh8vz0rAfNm+Hy5lfkWHCqHs66G6EoeUYYSzt13B/A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem
deleted file mode 100644
index 3f2ffa9bf5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pre2000 UTC notBefore Date EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-NTAwMTAxMTIwMTAwWhcNMTEwNDE5MTQ1NzIwWjBpMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPjA8BgNVBAMTNVZhbGlkIHByZTIwMDAg
-VVRDIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3QzMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC1uwQ7EgYKGk7IBOZd3vdARgrWUKCEqjpfYUEG
-ZGlsC48omvxCrzR+eJj1q8TeHAsH3dAcpkbNNWCWRHblq9LbqkhpBaMquzvg541B
-TNerg9dj4vjwV0/QYdbvyLVcKBv9iLE0MCJeSLcaseO2vYmNXObSXMTf74BXNR4D
-k7uI9wIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAd
-BgNVHQ4EFgQU9EsyhAynLAz6iwskm+iASoGKdMowDgYDVR0PAQH/BAQDAgTwMBcG
-A1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCTLQM+0YBT
-3vure42KCvGYSQpheOtLtv1bLa9TT4kbo18aNRVQwTOnZLtKqKa6etoxJ70rhfO5
-x2uCELzyIkUrAbjyqMYg/0nckc4HTEys4xmbHjiyWPie/lS757sA1trwNRntBn9J
-pdkDmwEqALaRBRH6YH3ybrNMZh5h2CVqFw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem
new file mode 100644
index 0000000000..6e9f5c98f7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B7 DD F1 4D EF 58 4D BE 7E 18 5D 84 77 1A 83 8D 78 3C E6 26 
+    friendlyName: Valid pre2000 UTC notBefore Date Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pre2000 UTC notBefore Date EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw01MDAxMDExMjAxMDBaFw0zMDEyMzEwODMwMDBaMG4xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMT4wPAYDVQQDEzVWYWxp
+ZCBwcmUyMDAwIFVUQyBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0
+MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOY1i2dfQm7MR3F7FEB
+eUvqhyz0RVOJ5W9ffzQpg8puuROsdevN68qfhN/GTIHMLmeQeEv56Zsl1hRIKMqB
+hDpOvSNoaAeZUGJpAaMBzEdEE0KyVlh70u2IaKk3JYDzsWhmbN4ESXFGpmDccsfZ
+8kFZo+XTapSeFEc5ETbyVIV7HHPE54zPX9Ce67kJI0e41R5hsXUKFBA7ORycbcFh
+8c8sN3mDYhFFX8m7a2qTN6oHQ6I1fReKKOCfYDs671bbiyFCQWNl+7Ok19qUVOgQ
+L/g2HyA1YNvueh8ivNNRRwfv6RTPwhuOWF5FyOXRCTzDaS309Lb3TN9d3a3kAoEf
+HdMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYD
+VR0OBBYEFEBvkKgDjazQ6vxQ2V37VnUlYMSbMA4GA1UdDwEB/wQEAwIE8DAXBgNV
+HSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBABDntMraC1zS
+kjUQmdbhI+l1j8Is7ApNjb03/Hgq8pjDxP2VNPEy9XgXYDOHaAmt7p7jDYMwBxzV
+7TSnFIvR3kYjb5k7YhCMIQXkJJgM2QvZ8m0B5c9YJI6qktAp2sxPfzLuBg7fm4Oe
+BqQ6f2NlmLorDqhXG3QSJmXWRXMxti4rWz4mJfuWuzPdZERE9bJ118ijfksQjGfu
+pjoWizxTCt8kRMP9+RSD8Hzipuxfc2JPn16fNrXMkyBtek82L7tNo1raLueyPcEg
+Z5RpwEX/C4nlsQV3JS2viDxhcdtgcmn/A/ho7Ta4QazDqWjQywXExpEpgrp7ExFn
+hiss7AFKddQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B7 DD F1 4D EF 58 4D BE 7E 18 5D 84 77 1A 83 8D 78 3C E6 26 
+    friendlyName: Valid pre2000 UTC notBefore Date Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F9DDFF4CF96218FB
+
+sVadNk/UvBQDZbxN2NFbq9WxOo9kYW2VX4+k84wYn46Nrt7as5qaRylbQT+Bm6SY
+q0iqyirdbIHjwlAn7AxHY5fJ1aofnZntGDWZBgMWiZTIjeQ1syx1UhPu48R9kLrL
+i1fqiwMD7h+qa45uG5Z5orx2+m+fBjwIP7kAQ5z/KMqq/1e64C2yrnYIohoww9xF
+BFBPS1t+0diJ5ZqVD5p9wKMAyPI2X6fxa1J4Ra2sF7v6MVyfRWAobwOxNuyjLj+s
+miewEizU15fQRCaavhBTh1fAmo5LZjkoW+LPyOyCNp2GGLG+NmK4CVNKoiQ9NFSh
+oPKOKeDvbo6U9rLTFdSEK/NkHT0J5g62BkVLyu3JfozAViJS4vGA4hzCOtRdkvB2
+ZQpEkQTWlC8fAA3z7CeHjLi+Tedu7dzyGAU+E3WBrRC38pFkTKHATer9nuXwggxl
+myZXt6U2YoOEeH34Di0+TOaBezIyBaHDe16hg71A8zv8cqohkrHK0RUyUgz5vDqZ
+YBBKJWXNWfIPLEHwwgwjrT86VQgdywgcl4/CyxhpLntj5D04/Igwr3ITGU3mANrm
+wxU9Zo+/DaqjgcSsE2lggewkYL2/44LNpK3IT3GXpOIyljY2mIVEzFKLYFqmtXEJ
+UzKvxFptkuewmICKyguKkPbZZI85ZMpli8i/jekktjR+mHwZeuJ9XYzQ5UZF/zwD
+yMUKdUs4UVDmeLOIywmSZCK7hWnBVv2+uz9xSi8o7M//tht303QXKoIbNjDgarpv
+xp33Vnw1+cDE4mWQs6plfNtZjrSKqWGq5WqnbNgqkaVtEK+FHcxySYE2MhCyBEQL
+Hyewk31/awnzaxGWIsJnGB88S/n/K0MGsqsOJx6bokXRAVGAI0cqGOQR3Ka/ejhm
+DL0lsD2XTbGX4Yb/BU2bXdRail/CHl5+bHNdWLiiZdKWqZSgtsYk9O+sjcsAHky2
+VOuHY7qfra4koiGZraMkSJ842O+ci9Ng1kUhfFhfrnqdTgFWlss/vgNoZ2lcKAUz
+8uJO2+yQbVEENv88HcCihF8DgSv8s04MYmlzHWOQ0WKiniPd9BwjNeNiQfFaEUyv
+oWWEP84f7jh6yldRCT2UocSEpwvL+A0vnWmG0pJOWjQj+CPYym06KBSyjgI9ECez
+lYPl0oZ2yI8g9+gd9aS2yKJl6kR+Ms3sYCufXQmgJU4NV5lENA4Q6IL5Tx5KuHwm
+T2mUkLMC4qI24WqIrjzzcno/Y6jGF2PZg5W5l6bR0ZpyTzpTVntJrL02+5wCQo5V
+4pVnu3Z4ObshGRAkvVMyBBTLYo6tyFs0PwC7MiP/Y0FB4uBRxDKmTWMMhilKiH1l
+IGood9SKQnqDGf5ZmzIKzvpa9cqNXu2JzPpThjikbJFQwccakHEfV19gxwvK1Df4
+jdzRLhMd5/EUpo9Wn0iW5SMIM3PYx9fb+CSfBgM4e8S1xE7Q3tfzw6MkNFIYRTGy
+nvTcqRdsLmpmbEAq2V2foqwmAcKeMZErF9YL24LTJoXeyjkU0GtOdOA5jZQYyffw
+ZkMvxcl0LJaoensvn3IgNDaf8cqYYyBU2ABnFY43iXMtveEaazsycg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem
new file mode 100644
index 0000000000..f7981cae35
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8F 26 DA BF 2E 12 89 D5 EC 6B BD EE 9F 35 1F 66 78 EA DD 3E 
+    friendlyName: Valid requireExplicitPolicy Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMjcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3Vic3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcN
+MzAxMjMxMDgzMDAwWjBpMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0
+aWZpY2F0ZXMgMjAxMTE5MDcGA1UEAxMwVmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9s
+aWN5IEVFIENlcnRpZmljYXRlIFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsIqrLD1lrY+10wadJZYPQPQ2cChNLXuM+Aa4S1hCl3t3UlSsh5DF
+8w5S0pJXjCYhsbzJu9jWxg6twBoHfan8aSE8/syGc0jyA3ySWxNszCvYzL00PGkb
++r76G/q7F9M9owZYrfu9tgjJWM2RG/9YvDH5ymvz2fcTgeP2mLr8fdqkZ2FyGLvT
+GQFz2yu6P0+ZJ0PrL/jp6KPXAqMbAQUE8buAPVDliHyPN2gVQW74ox0IRLNnJZY6
+o4YamrGp+RmadFyJoPGeTXrHHBo7VBl78m6bEeadNBBP8J6l3hYpEvREuu6/cbLA
+hqKfCDwdhDzA/QzEhRNAGqiGBlRcvoM4oQIDAQABo1IwUDAfBgNVHSMEGDAWgBSW
+jHH8Fag7ztnE+MPQX2lxfOgASzAdBgNVHQ4EFgQUjAmT8zwTrGYzjB1+ZnT6CY6n
+OF0wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBCwUAA4IBAQBHABhR2hGz0n3X
+3P5bDWSNmMpf4R9/4Rn38thteSd+mOukGv0Mw/cXccH1squBXYbBDqlHPobbhRWn
+cfxVicf16NvVWj0vxEAfhDXpZ5Tfw+ufUCRs+ECjpZA1Gocc/uxz503iTzFFXSFM
+CE7a7Qq8vDA+MnVJgdalnVegdmu6u4dQXtmNcX7sGi/FqrbGGVmolmuo6K7LCjF4
+Fgk8IgR7G+Ks7Dd5hZg1ISu+whMonRCV4zhoSX+A4tc5UQqVlRbeJN80Xtzznl9G
+XtuZuBvpeM/VSMucSwd2RRr4r803wVsYIGBTv9KoyyPy8oF6vqlxiJOe4Iwbxf9i
+la8pgfuH
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8F 26 DA BF 2E 12 89 D5 EC 6B BD EE 9F 35 1F 66 78 EA DD 3E 
+    friendlyName: Valid requireExplicitPolicy Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8FF5F62B80CAAC69
+
+YF4ufMIHioRNMyadtg4RaIYhMfzpnA8erLIlaL0v8PWq/t0Eow0ZT66Kn9v2TWnZ
+pVmbhn+noiiT+smgpzzhUkzzxnwrPpZgS6bax3/TwZIy1i2HwUJ2a6pE9W5Z6QIC
+kDZanGGfgF2y54apDc7odbeWEeYgXDThaAKozd9dJgIaFgeisNB0kLTViZMgZVkz
+4MXCMocaYShe1TBqfwgBvDEWyeiKRgV39e1JTtgGN5iPH+biExQqw1qG7+vQKY4t
+tfPgAfgtPPog82uwD9W0KGbGhBmX5mBmfsLhZ22bkcMCfAi2kbzy2HIvt8mPx/gN
+KWgZ/JmanFzvb9ajZ/DDsH39odBIAwqF6jOmU71ujfmWgyNTjYA3Xy2eduBKLVxR
+nWIGSA+fJLqmNcKRudq9rcwZ1V7gid1c2P2W2F/NCU1Vnt2d0cOcoTh2Dgb1Il6M
+IlT/f9Wm/xEoAHKQpoC7kIgHDpTY7H879BtKKPoXn79U1ZREH3LkbkLbmo4ALLu1
+++YnvafMIogNE6ODKkPu7T6fMfmLfIRoOuPIPKbDLec+RkJaXIl0XJU6ioWm+vQ/
+QWxmyGdEpSCCp78+iBMWSuAFi4rQFvfJirYgekwFlsiLKHxZfqaOtiV7x8bI5ztt
+E2sTeOh3NtMoIbYFBjalvaElmoG2/9MHTppJc1A8cSpPqX1Bng8Nwv605PX3oNxR
+/R0N6tx7H9/8r/gdHUhuc8iV246pTwKATpGbZFfWc7fNXoLELWUtlGf8faYlA4xP
+XgVSyFCspolQNiBtR1iQ1OlIS6z5zx3fGTd3akkSB2IV8mOLtTh+8cZ+VdC/oeB8
+XDqDAg8biM/1GYfpt0YsKNZcKeYkmpTQfes4bPrPnhUCyvYJjSNc6S6+dA/MgkYB
+y7JHZ4meQA9aje0a/iWi3lh4oGvLZio4BGpiZwCF7ll06Rttmu7jD+zvDMrlA6as
+C2NeHjMPo1/l1bj6X79SM8wIHVaUCFkur/7iiVBNQn1BMDsqNtvIkUSyCI2no20W
+hdnY98NaCg9R3Enex7POxBGPFh/vzmXUYsX47nwCO/+StaG0r/1iKGA7/XwX3ptO
+i7GR1opOcBSPYK72TSzmqE3GDMxlP2ZInewvTvBAow4foSoe82yUvGu5MX7q2qnm
+/PvklKq8OJ44zVg3pXYlzBFPkWkDZG8VeiIJn9nybVKS4+7XWlCb0U3dlDP34OhA
+y0HTdwISE7oiX8XA/ku84lJebc/sSYCtLS3Z9HHOXoGSsb0wvUkFgjhBZS1Z9eZK
+7DyRAGNVS8Sm0rdvzipQAEJ8ox16zPo+jaYaeY8wZAlUWyCec4fGl0Z+EnIqd6uD
+1Df61nlUhHlovyb71hmQ+2scGrmsaQ97yWMB8hyhycRqgcVUqVNbayZaLmsPlqlp
+uero065thgat1yOkPy9jTjH0+5kkhWZqCcWhsmvi6jlzGedtYXi45iE+RQEYFFjy
++WHcxBeHaw7LdIys8gAJ1QhcQ07dHelpn+E7QXhajMSGl9FzrkwiFaQdZoEzX4xm
+19JeNXvTzqarBBZrsixr46aYtyxgqMi9MDuUWjTH4hLNW4jbvZbAxA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem
new file mode 100644
index 0000000000..bd5a6f0a6b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2B FD 3D 65 0C 9A A4 81 DA BE 36 FC 7E E3 86 9A BD E8 ED B6 
+    friendlyName: Valid requireExplicitPolicy Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xp
+Y3kgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOcG4aw+WhAULnqHANEFgfOkbpQKUodW9QaY4fNaZozY/QB3qGOa1+
+W6Mv3KoV3rEmzL7n/biP6RpjhY6MMoqD7S3sz0sbAxqeQeeY7/m0ScKlhtoiTcxy
+ArrGpsOa4clVs8F7/8y+j+H3HiawKQ6nwYzh34INcUytlLd+G6kIT2y9J7B83a0p
+HvxGVXAlVFUeUIZ1Nf75n/L0IEz91jBGHsrvvN89pGzLUPWCxh94EUeQ4uIawO4A
+JMiGozWpVrF5YU3jztG77okNVxnxAPRRs8KLOhUROkmptAAF10oBR4Jw3kQNNF2q
+eXwtCKv4naFajjV9yFoPN/wZTKDA/dhvAgMBAAGjUjBQMB8GA1UdIwQYMBaAFPpi
+ur1+Xl/fH7oHvh95N4Lc/BMoMB0GA1UdDgQWBBTT/G30XBRLcdlm6LXjOmIn6MQu
+ezAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQELBQADggEBACnxWF0ZZslNWBFt
+vPGw7c4Ui3YQRuxEk85yOkTLO9HvymgskvkQezYTGQkYThzE+8T+VoW+XcGKtqzB
+aWHeVu/S6Kq7zc7MbeHqC0vtyc3ViMFXk7Wk3gve6NBxwh92rITdtJFJ3+IAlmJe
+RHgRan6mMujqLEZFns7fs/kIOiHdhB0W+Q/33X1AKieulxOlhilH8yM6dDBn5JaC
+xVckbqTMMbeWzJU00zIz4oSNx3WvYQqyqrPVzCpVjqVFYJfFMs1FxBPNuPDovb+y
+2Y8awekxYALnFyXfToV2owUFmK2BFQ62BiG9fghvsXWYjCSdcSdkaIBNTxbCITTZ
+KFfbXh4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2B FD 3D 65 0C 9A A4 81 DA BE 36 FC 7E E3 86 9A BD E8 ED B6 
+    friendlyName: Valid requireExplicitPolicy Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,54FD30C4F1C4B89B
+
+4K/32g+JPsQ6CsA/MdKiJTgbVFKOuI4nbS5Vtvn4wwWZmAzXmExwJVINJ726d9qU
+kiMkBuIThNg95Ze/Yb5zD6qxjDjWL3PMRpOp+wHIhs1xiJgeSJ9p+vxwHZfU7uFB
+lP8hHvxrD5KmaKVk4TSGPhpIm2FuKj6XazuHjKlJH8RO5VLkYfX665Rou8tIyZKx
++yn6zKNDCIwPnwodkZFXqF330Qj1d5nvBqUmSTu0qhcuyIiMcMrgcWa3UQkBnbdK
+2hoeZDevhfU6vqJSuVE/zVsHBcLDFCOXDsx02fk0D4ivookTptEqwTaIdfxdkpj5
+Ptx0+dmQz4SpS1PABzk9I3+bgpcH4O164v6IGLtoreDDWjDCZy0PGJjHGjpiVjYK
+qH/51GHnqXFCG2b/Ra1RXTVY2MfL/QGcg12+p+ck2tjqZwOJVR1bK3B7pU2U206/
+g3KUcZH51w8HqnDJQln+/zNMr3X5kqKYoBckPgjswW5BjCOKGHj8wCFJjTGssNPE
+++iYx97uY7dQGU3tzP+hD8ERXaUovZalz01xEbXzIGfhbvYwbeqbMdqYfvzipTpe
+862Cvulp1lilH1EHCYFPTgGT712d/WEe3CLcVAlapBODPLOhtSLBu2ogLfebjHsG
+CWl7oQF4huoWU1ux0cba+gndivUIOsvILQbJrK0vXlSWH0hOME2UBWfWtQUusy3Z
+uoq0grWfrxZw6XM9wRjVtiyG+gK9fPdm75lqp1PX6TdV1bJ95OQFu7rUbT/TdU7u
+mcmas3hEsPkxgykJRJizi1cQqGPrV7FoqGbfp7uYcrIODQZvZD+24eerB9IpZkpS
+43VNK2XZxcSzs/V5GEsI36wO2dYxuo+AvqR+hfsPuRwMn06PCpdYk5n3sc0wHuXH
+39zGbNf0CuZZzzqrU5/bD3/bLQVNCqkUpBCMoarLGJASZNPUSxV+Ii/E8NLMXP/p
+LHUMx2SKXABcUNGvTsWqJsx1snwv9s0jPTI3YG9cWaYlJtJGtFT5fF+webRmkkOE
+SUx+8nK+KL8Ee4ni0Ty2wuve0o1nIjMqADXfuMjlLZs1F5L42qONMu7buBFm2EKa
+ryMYGDbuq7NrZ2fiYUnmRtuZYOXHJf66ixwqDBLGiUPvpmPd+rj6cS8rUqQpM/oT
+FPePDPV1t1jHY3YZK+36ExG/o2U8hoL+3FVqJSC9XaFSFHpEj/B1uvV7W9XBHbSI
+CWZ8vp27oGOFaXdd/6B+5aNENLuFNcA3OtWECGXmZuY6wpXKtlPKU3jpB8ByHcH0
+DFHNYoiukWdilRAfxr+1R8M8akguJc2JwYWKJm+YzTSh96GkLANnfhvFBYXf25av
+LH78qgYOSSD54CK+HBNjrD22iNcQKeX/WjZohiJvES8ok5mgslLdHguiSUpHJQwv
+N6LCWvDutfbYfM9ctlaLBvnyz0LqZaKEMFcWUKK1ZcHlF9d8bkaRLUZS2QC3Kcda
+B+pbo14k7RTqVS0e0CaWOQYtw7LuI8/81rg/Du7NubqlMOuhybiVx1hPiz74uUyY
+g0vMrGT0qlmlhfkQhj4tIyzaLmTu1giZ0QPG4QlfkL6EyWf0vbbPr1acyf6HRSyx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem
new file mode 100644
index 0000000000..e2b855de2f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 06 40 C2 10 8F 7F 28 EA F7 59 3E 00 0E 09 7E CE D3 1D 41 BC 
+    friendlyName: Valid requireExplicitPolicy Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xp
+Y3kgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDeDxXcQyw8uZzj9sUOQ/0sZRELT3exJGteTsgMGmazqaA7z6mdqc+Z
+IN/6xj0Ub61biiNXdOfGAGwd+l3mdx94E33ik+1zylEWJqyr2Ovc+JcjR/z6IbcN
+Wv6FPdMPsDTaJgERvuPm2dPYViKpRDiV4BTQ5DsrGhstJGsT/K04UiIB6ahZKN6/
+ToL9OTp+Sj+Y4DAyxl8MdmQWgJpzmo4yeDroGyA4Ui6nTMgVcK2vPDti7o3yjZVe
+rkAqf59Qf6PUtsUXl+eprAQ6gfV87Z8/3K0d/n7QnYg6KcAIUxAnwocuJOp+TqFV
+W2+G9ArW8qdpsLmZqUtj/h+STuUj30mxAgMBAAGjazBpMB8GA1UdIwQYMBaAFLXb
+BNbIIAgvWkHHeKNEidrOLmu6MB0GA1UdDgQWBBTSKJ6JK4Bv9B3Im8QAxcOiq9ML
+DTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
+SIb3DQEBCwUAA4IBAQCTBUOuvyS5e9eevtUKsjCPLpfP/Daf+43KMxHIvLUboO4B
+8KWd/245AIioGgK0vr1AoL0cvOyyYvKuSbi/j/M9WOzCCmgrzrA3mWi9IHq3gv8X
+zWag7VWx4fVbQVQrqseyAKouMZDqWp/rl++IbittXlhcHi54qZ2LgO9gydA7pXN1
+9LOpUOi0mP0wFDfDoOpiNOGJHg5SLuwQWFtEzcXrqJsjtoNigtpXeY1S0nt9u5Dt
+FQVk5FOD7S7SKIuy9QVuCDelDxFYU7zOGNq229S2yTa9dJVym24aGsrJU++XVKle
+FM2quSZqdJ90IpQS3FMQu5XIa3iLaiMNkHUZStnL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 40 C2 10 8F 7F 28 EA F7 59 3E 00 0E 09 7E CE D3 1D 41 BC 
+    friendlyName: Valid requireExplicitPolicy Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F3FA35040C7C371D
+
+dQsQbeCFwSq7SCUPBso/WtMmHv6wYyZZb/qav/OXAfwMY0QGT4PYagzG1wtNottx
+U7+5VJr8eXxiOWXOxQ2biq0zmOKYZ2OaTw9NbQn+ug256qLvFFvA3oMHLw8TmrNJ
+L7IvX8R/qrq4C9vAMx28gwrfSykAhpr2Aam2Q3FtwtZi1X7OaaMj41rX1aqWAtJF
+ju22hiYtY9NteCBmw+S4hlXfmX6MbRT6AWS4jV4hQ0x8O7EMOEGoltCqpmnpn+fD
+Bt9Igui0To54xBinjOM0M4Y3L02V967AUP6rxm5sgZQk3rDvYOlmSTVESfFGjCjn
+nYrK2VwH6wasc4vLuNqhjKg1A3m+QyWjdbPX5xG6YGizYQFBhn/0t7uikMSoEJpO
+GSD9r0C7pbRtOLB/GkMKYADpjeUe14Ri/HXiXmcuoinT3pFuml+eT33RtiiWpw61
+YpAbmr9TxHOewyWwdbkIZXE45RH+MxXNXDyKOzWrDd9GobaLJfuoHYo3cllVvYyz
+YetuCr7/DhQ8aLhhQ0HpF6/3ojS57XZUW0Nk/2uJXCg/6cXeq9NbsCnfpGGrwTUd
+TptQjQfkKx6I3046c+zNHgy5oJSC3av0jQ8wLfioPTdgK3ZIy+AOsPTdSDTZNGXt
+Fbg5pgSBDyemqb+JWq8BWRo1MXliYDFmNvS/LTV74MpC7VRtuadM1kLW9y3RDynb
+2TMmCqi3e9+w6D/kIrRrFWz3jUD8iXt/sV2WZdVClZ/qF8BCaLO6NiIGTFRDshaZ
+Ti/7ZIZvcWLRtLIWah/ZNrApuR5hvbiGV64dTUYs5ql7Zp3qq+Ohv5zf57c+dLM8
+X1AVRJdX+H8Hwvpv5aJsvqF5bCsqCF2mz66WDRyOiKyn95YJ6dh+NdnR/0S7cx7U
+ciPzpxRrLAnwheEDy5qItTHg88Cf/GYbtTBYJjbbl+xPIMtGeoyb2iEC5FrSHCEb
+D9wei6HYZaGferXGISiUyDDsSSr+71i5JDfL4td5DxQiDvoE848tY3ab6LTBKWdz
+HBTDGLvYoeTQhBVsGOfy0AFclLxNzlFF6kwyC8HuAhEQ90Yesd5cXJ6PWsFI/SHG
+WEbmKosAf4CBvzhLcoaiMrTpN1owztxlk3KE4QcYtvbWb5MFHuRBYFrc80Elti2y
+xsJIZjzwa9dRBIHP/RbM6V/qkYX2kSb4yUd6aUhEw0D8apK3fJxq1lZ/2K4KMtTD
+mmmRu/MFiAiZGgTpLcTcH0wi/FykdLDY/9rtAh3dpRP0IxRZrwJvXj85UzvoL2b4
+//aoEXaPz+Rq2Ts2/c9pZY0jOtTi1v6uk+nSedzb6qfwjPMVnDq32xh+Q500Ep/N
+hCtnoVTWt4tz+MfIcN9ieOkd0jjAHvWfFhiEEpuQTicjqhbUGdPrUJ8dgY83FVfH
+oLA2s9aA0caxBGZj3DhOzqi2X7SHsHnXL+FNW1JDfeTSWYNaPMgxPLJslH9mu205
+Owe1O57zF9FCJ7DKrMeEAF60IIVEpdQWmCPJDdsGoq70Ivbzuuix6XbFpLyA82uD
+uaFCcy9B9pb4NKvJDCKGcCofScSQmzpa09KC6FR5y5QlpfdyIEcnWllSBWNO0tXo
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem
new file mode 100644
index 0000000000..3c2359e85a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D8 B9 FB D0 30 49 8A 19 FD C0 74 0F 90 8A 3A 60 3D 35 AD D4 
+    friendlyName: Wrong CRL CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Wrong CRL CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DFdyb25nIENSTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfS
+dqU+ffbeIUKH8y141HuCwtV0pFXbQWA8l4ulBKNt/V+03/OOkoFXFId5tyu9TvZr
+ouQruhiOrWW18bWOipWJnlr/S4n0JbIdIYduhMCD/i7JIoOgtW/3bN4T+PfvL12C
+B7tvyGTi4Rl7y6LoDMMXse1VaTzS6M9MJZrpmGa/yVR3WVKzLWScqK5gqMDXzcAH
+mEo0cRnGdLmp7hHzkAiWZEZ9X0bV5K/awcjUercRC1xJpnfJXzUgOaQJp740k2rQ
+D9QPGSM4eQIUC0JvqLjINz3OmuQtkyQTqLkU+79WskiRlM7yMNbKdlvpZ5E+iqRY
+BJaqLQH5jVTW7fvWwAMCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFAwlRuCJelEHSq81r82QxHIOt6gGMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAN0iMkt88kC3W/eLpsMRtDNYwmtMUZI6TtFND
+oLdXlwhOjRjNOX0q8g6veHRiZTtdXI83P4KQYb3YYrc+L4/BpiGNV8LM3KDG4fpO
+Uqfj8zq8jxZNae+rblwXMgs1cI0DpxEdJXtFv4q74ILvWt+Wp5H2St7nJPobeOn1
+STGZoe4HGIQ62XdHfPCacLYIqejpZJD3QYBPHQlTKJKF2ifMAF0QaoWtjvOENBRQ
+r8sfmDqWlixChZpMDZMRhLHULiAS22Aoqql+yueh/G+HgVOaA/rB8iD8Csxot23M
+QM3koijndOFgzDGMhTJfwEQ96NXL+JptuocPwzKWOzLieMYYww==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 B9 FB D0 30 49 8A 19 FD C0 74 0F 90 8A 3A 60 3D 35 AD D4 
+    friendlyName: Wrong CRL CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2EDBF1518A102CDD
+
+w2sVwSRe6zlBOSZmEUVzHezqJTV6IJt9cr6psogywNect7wLX8eae53NkOFA0aji
+iECUqiuL+ae9HCCDtegAKW6zq6dGjBbvFJdMhix353Q1vDF/UD2TAOvAaXp5phOF
+Yf12f2Za+aiohtobOAvnG55ddHe4+ClxxKThiCfrZeUlX0QaAsljXIqh92IR44B1
+5OCrFq+qvMoy+/lw3MTODERXWkPJN/PIO7xU4kWc3SBSgxmmT8vw3FnDLOFfISHZ
+O1hZDna9/fI6PeLfglNq9GxtehKiRxM9V6HhqPQztDLdqCrrv5aVCb3MKEev5BZ0
+kVrDtXP1GzhpL40opYeZNq03crBBOUpRSaHRDzVv8MC7L7dI15HmPiRErsAXkxIC
+u/SmB/PX2g5MD3oxTBVm0i9ezMXB4Zlan1bko+22XHmc2RyGd9+Afef7umWvd9Gj
+k2f1i43HU7c66BqN/XJUOgqCd+ngP6OdOE2LLeUc1mkgBmpqk0FWCe5mYmPnlm50
+8E7gE/z8Gjj9hJ3pJwhgcxRhdzgl14u3kjCqjHdYWsiK1kER0mTtYk3BPAOLVJ2M
+2uYqWnJqmblA6aels7mFAI3kxw93rEFlg3nNYtbIVyfY1Z7FGensqdanF04zxQlf
+rPkmWGUJKWlZex1m67N848ywLbbL+soxbnN7UpEszA5jpdBxswjGqwwBXxcHDjYE
+g38s0MlDaIpOGyqc6XxkcKgcoTedSh+pudR4FCdWEEhnAbZhp39ctzrMe99sohq9
+qs+l6P57qm5M3sTCOpPv6erbNQzi/TkGgNM7h5ti7Vq+k3VUBBS6kY1SM6szuoJB
+ZAgzuDanR7U7L5QmallaHCQurGLOhP1R8Hf0gb00xZSUwBrpa3palPCcMysKQe9B
+nCgnfWUE7V9AKwik7IpxUzCXN4Tcsl1f/M0uRU6/b4HL6aHicbhAueZdpmOcw+9u
+fbFhE2QWlPTqwgv9W+G9nLOhAxuIe6Xu3MEe163lwYe6M35F5h9ddyDWAi+CM0kB
+yVf+CE4KVI2HY1nIpxISsKAGebSSqoOhbFr30q+RMH3lCo8Uu660fZWbswgagzh0
+NgX8fyndBgGv7sF+8fi3LXt3/71zbGX96pzdCofGsXOGG5waDeW6ZTtybjPdMciP
+qEJ72iTsVF9ToQs9ycPAg9QDv/bTpeBlRlM1dcmaJE+RtM/7ajOCeGotJ3o/Kk05
+fNAFQ/dUwUDFCncFqQC3HC6zL+iGTG/ytdJ+c1kQSR716jjsaUQ9472k7EJLL8RD
+Y4C7le3vTsqvzpNHlMVuIjSt2tZNvIMBYGV8XipwNO/OGWiDXVCq8MUy8ZiXvAMu
+nlY2lKAEz/D0OVDjdQFyUQoNmffyHMQCaGjZM0yxnKzuIXJHfJGNbW98xjW4+w4S
+3YawDimZXFGpICsqSpk2pL3G0ipEg9bzatYHCy4ynlNE51A2TMmwOAkSsgDinQf2
+Dmsf4vRCAkhpzUC5vBtvA/FvJ1B+lNS0boW5Lq0E+9xBk1x9xQqXkhBwWKWzR8Ke
+b77ZC2KfAiDb8uyp2kkjtGLg9sRlBFPUCn59ZoI04tCEOTAwdq6H8pDIOhQbcZ/L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem
new file mode 100644
index 0000000000..9795ea31e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E2 88 AA BB AF BC F2 89 B6 55 3A 08 28 EC 18 CA C4 6F 22 46 
+    friendlyName: anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBJjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGFueVBvbGljeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7o
+J91PNM3AvPFePimzLAnnv+BRwQSrqafBm/nheXXLVtOtfNSoTqBWoo5uF4rGyYHF
+MRHPORNZjZRBoxHho/SWM2J7r7hOOL+JJjMYwZhCPkxXjATXNIXIolacHxARaT9a
+XjfnPAtmAotI+91ZMaHiRup87ygHHtuD3Atpe0NNbnqbQzmpA2+bwqv8Ojou+40i
+1NHVTgVDk2mH3HQbPzh2C3p2CIrhPv8IDpxZcdkEkAaMUK+czXt3OEMnqzerKSOZ
+8UVxdjYtJoOeDg2Pq0qNqbwW3lXL6+PNH/zU63fr3Nqz5befHyTS421OlEIK8FtU
+lEQ3V2/JBQENdlugwXsCAwEAAaOBhTCBgjAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUu8neyByV50LikKKOrgNcqyRgfoUwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADARBgNVHSAE
+CjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAD11IPBOgXaljMw5AvmAXBLG
+LPx4zhX/UmT57NlW3Y/jbDb6MxglZr/YsXyUo8Nu3PkdqbO9mwfzfcmLrnuHrdSj
+ud2jlR1VEZz+7uzPDPzP89u+wjA0UYlKahHvgFTRedUZ5FhN6Y7iyP5b6Iq4Gb6A
+bhJLq59d0RXRsVOhgAWBo0xTO5s4e7vhzKHCQLHkTbD1g/HLW0ae7aFfCT30PpFP
+UhBHfwkD5tdW/8qcejbs0fpegaiVtOzwE6/Rwkuh4wDoszXQJo7yOsFyGtn7+ord
+M3PS80suV01q67BmW2M6F6oAU3agb4guzMCw/3d7F+Ow9d7Qq5CjabaW38Gb/OA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E2 88 AA BB AF BC F2 89 B6 55 3A 08 28 EC 18 CA C4 6F 22 46 
+    friendlyName: anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B1AD402C798B02CA
+
+q6/m5cQWmyel+SPbSfJcjN9tmEv9wASz4zF3aJ8nxVlNKWkeJK7AjsG9TgvMLS+j
+ZoeaQBKsTz2m1ieSfW4kyBLIc/moBFr1Et5iVwjX6Nz2kx+TPobRbzsKwj/bOorj
+QSZruWVnbSVO4FOpcl4IbiSfVHqI20zpCoLN8IIngZDUv0AmAK+KBgH8U5fDP7vQ
+oU3THgkh96ab7gt6LGvZ5HM/zZNCYgeEQsz84Ku+r/eWpWoTdqpKlZDIEcXHjO9M
+JyOMq/DylB120OVabGzKnau1S5p0EiuDlvBzWsr5ybpMJc8AbW+p7/Xu/9/dWNv5
+ZLGw7pS98h0b16MxVU/NpgF4BqRyPWo1p3o7jeApjqSBMJePzjrWseLLnZdQxVkA
+Y56NiEZjCFVVFHhmuLny2RDwFh/buFps68UahrlbBP/H0nDIQi9x6P5QYcrxP3Iz
+z6/MKNeX7IT6GiQIvhWd0LZkFG8qdtiH+S02e3+0XNCEKGprdph/dq9QU2l8dWfu
+Gf880UC03QzRVabHDe+AuTSqXRf0lOG8APGvqUqHwaaH53hcjnVD5Hb5soHmh7X6
+JAQ2u4a5IfP9EX90UJ7UJKTypIpVsK2G7HZDQap0vm0FmXQc7dMChb5qLaGpBILu
+8m6Hq0lU0fHSl3Mu/UHD+2RDvpo44B0q9tDorIKN7/FKbF9MwzkRjBLXPvg5HzAN
+A+G3K3ccnpOf5puT/wqPiDQt+oQelKZlNsENfB4lQB1Io5lE8imGSo6Keka0qxzK
+D4fLSVnKKSnpotpNV7A3QEzmB/f+glBFzvIUP7+l9dW01X/Oq9YXcOAGJpbTrJ+b
+OeBWmWeXgf1HyAAb6uHUFoaDCCQMHd3RXWqkfm3Taj0/SqC1Iz60FeVAtBITVjbj
+SzS9KGvOuZ+0PjIDQj3ufa7v1f2MjzNAml4JSihtqy2rlQo6pljD56+iXS3k9Yx/
+lC9VfHlAxOiSVGU6vKWZJMEtD/nWLOVGak+36SBcM0w5OUFfOV6dY2Z3YHwB4pBh
+HjN11pB9BjsP0vGKEkV2x7x9k685n1crRferq6BSjsbNQ46ZqPQNABAnPAYZ6eJ1
+Uo1LuyWU/tjtrdJMV9TudVHRgjljuxiADDPytPka8H3/oAG5IYPEHiaXmHnkM5ZR
+LJRPcvh93KAV/zfwcNX5V4pTYdDR5C6GnDQocsw7crawd/egicbJ7y48HjoKBwJe
+CeuTljhc4GTmuFFzN7Qpk/NryBuAcKBIxdKtkrPzq/bi+ekPGhn8AobLa025W5Me
+sJKSEgW5AGbYHTYOOEde0QhnuFK/nOTdL1LK+lhbxxFVXpdgjON36W0uMH50k0sj
+zHxTPYe3zbVmGDTKl70CabELn2X0bU1VGoO3J42b17GQMAEeeAwtBkdsnh+y8JLH
+bfbbAqq+K2Jq9h3PqSwFzBagcnS7fwyAvVu3qSwK4j6WRjwBUySpYHOxZOWdcJL9
+HQk/QAH+Dkt2Sia1A0nfX9Uu+JNE5m2wUCNEfg/Ikfr31AlyjCimwfIsMCTxXuqs
+9SVMX7yWaYZRJchF2mi0GXar6R85PYXmcMYSotQvCkkwzJDJkiV6RNvXC/yYbCwp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem
new file mode 100644
index 0000000000..2964eb58f0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 46 67 82 1C F9 18 B7 EE 5F 55 A4 59 54 20 0F EF 45 5B 86 F9 
+    friendlyName: basicConstraints Critical cA False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Critical cA False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JWJhc2ljQ29uc3RyYWludHMgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK0TuX7lUycbAgxfZnKcg+Rx2r61nSTPYw
+1lgfYLDJALaWLUioE7qIrkbpO713AYSExS2mbm+lahJiFznGgpZreL+cY6se844t
+2TG9ZU7Z/gap/UCKGu/Zllq30Mx5nuX2yQJbH9oLp8aaxIFJrE1l2bzw5oJNITf3
+h5D0ZE1s4j/cvDQ1AeIn56HSsU+FFJ+WZ9tlpOG5C8WbaRUJBDg68FEStgq63Dtd
+7zje4jykLw9FE6ecksEZ87TeoOVbxsM68jr03/wByZKDkiwM4LGgHHFyfQRgHWbd
+kMpTDhyrk0CNv7F3kQ2LOfbZP3Xt2KTXYoORYMC/kSf+rfKaAORnAgMBAAGjeTB3
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRw30Qv
+A5kcF3MY8jY8FDTQCdHy7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAEvnbglu
+cVBQ9vbuv8jUUzxvxBLqBbvwfsY6QmZGVgNKQOIkARLkguDt6PpVuB/w2uRFBRFv
+zcV1ooleAKis9t42aNamzgdDLxSQ060Z98yGeU33La7uqRX6PVzvYncwVKOPl1mu
+Hr9CEPc9EHYJF9mWYGGYXhNkrvlFpow1Jgg6zWtmWtoYfl27XoGBnuLGPqmd9Qn8
+aDWfNe4k8XgVwemq+n+r/tYGXW8P91DXk/YZCFS4x8hbx+0VvCcOXWZ2ApWGkX8j
+KHGzhl3jFqhQOSy66QljjW1qVxPjkL33l2TaGrOQXv/Ykf6r2K2bCxKGvahSAH1A
+tA53saU+pZ94JrU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 46 67 82 1C F9 18 B7 EE 5F 55 A4 59 54 20 0F EF 45 5B 86 F9 
+    friendlyName: basicConstraints Critical cA False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A907CD5776049645
+
+BlcYGd6sAmCbJz23X7IvcehLqjkzE4Z8eMNK6q0ll+nw4vD68iu7id8ErvfxwsF/
+daVJQkPCKQSQqJCq1Z98SqxxNPtxrWKhvnOd8wfHyvMX4d/8wZphEm72mZfyMylz
+uHkHMj7FpBWTgzR4S8bsEOP8asM/9gdWsAYoABXn5QnracH0aR3hbcNfyRFnFcpB
+MMpZdWL8Mk5KUVTiQWWb3ZefuZIsi2uWzJMNw77jqx+ri4MWMVCpY9GI0pFZgWRr
+Nkd3gyS/8QvKrcIszbNOliT8V8/1qbLhV9oeCdj34kuRub9JspCWhNcTe4ny9nxW
+0/0nHEzT2BAjnZbGAyzCTGkSZkJTAxpZi/mwWq+gaj4eD2aa+2UNtiazAltF7SVH
+LcZE8JjePDGMpob51RKqzxtntyP98BAgsnAS/Wsn+WRqnV2afAvFwY1bsP2tCNUB
+WP1FXwR9Ryzp8diG7VBET8kfi7npbXv9FICUYo+NMnXjApI+yXY7YXIQq6YawOhd
+tO/2bytPjHnvdnYZURPQ3dsINZWjrd5xXXI/boTXH76QUp8lgg1jx6nPBO1pjPZ8
+CELjvL3YDFLChS6DiOanOPPVTsKzDHrmlNwBkEQBG/tsCbRhQl0ZmLMd2EPdNbbQ
+EoWIqo7P4E3FlVzdwN42pug+nSD/GhPl5bzBH6F9MLMkqT3ff64RaonFu2Gi3TJv
+XMOY//4EDNrFLHnB//lALAQISmUFHgMbyU1uc48QtZ5rHPcHw9T+z71pP3I2Iy+V
+KrQwYq3BaknVpxL1YX2xUuojXSGot7vGFCbj6WS4ooeQjwDPyiFUJq6SrfFw4YmY
+HCS1pfhu5YMFtNxLmzMyn4h4CQweVkStrKtexTZHbmEKexhLZlD28YatZTZw5YdK
+qxoA+qNAx3mGISIlbl0Y1P7Vh43KkOaka36OCQFZd6tPsOK7/PCD0sk6IqScyYqz
+ZvmfDl4NrBnuYfPFtuZBdmN/fKvSlIOro30/mok8mWjhZbnsJKp6i+xqNdsSZKwX
+Q1gGXAtja33T6ZwLuZTcFkX5mb3XMfMEIiAm8xhMqYSgL+sJxDt8g/BHyryDScOm
+7Sgh62ZjlxXm6ge5YW1imS5Xroqp3pnZOQrmHZC7XJesXM1it/fSAkL3RLmShvUf
+u2jZC6ULAg6eo7PvONaidtSlHx/O8RiBMvJrOXFUcShn2CKsbc7M/u4tnRLZVVHZ
+pblGs0ID7wCUxCL3j4N3ipFaNvo3XMlfifQ8YBlInlEXp8YYlGjQX11rtC3Minf/
+vMU0qfR0ObvjgjhJ8E+jJ/kJhC1sTIVpPIdgIiVsLhoDyAauwxawz3ONlHrB491X
+5wH74clArihNz3Pj2pL6FvqRZzXtym5YbCHRcFtNs/K2HAGAyj26MiQRQ5+yPqhO
+olWZHohZTQhA7fKWh3AmhMdCiwaqmx7xRmRTwfICHKIUka6qu91Y3jQ+cMr4n7IZ
+8yrOCZjlkHww51I89agqBfCB+56v2lWwed6Sbs447Xtu4G3k7MR1PjCYt7FxccRK
+ajpKhQDxoMpig41GQ9dy6yuNTYmPCwlZSVrhpv92jMfbAE4sfh95wDGdgKu4061c
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem
new file mode 100644
index 0000000000..36d5718399
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 48 03 2A 70 2D 08 91 22 69 59 D8 1F DA F3 ED 06 D2 09 FF 7F 
+    friendlyName: basicConstraints Not Critical CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBGTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKTAnBgNVBAMT
+IGJhc2ljQ29uc3RyYWludHMgTm90IENyaXRpY2FsIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEArsQn8oF6pcm/kFywrnN3jMacD0/pU5QPugEQTz1z
+SH4R8VN/SBlsC4kBk2ue+IDyhJDXUhhq4d3Rs4hUNVv70U9GbwUw92OEie1/JFyt
+h3E6W2AJd+akHJ269MIFZ00e7MTXdRdtX1QpESnqpBL7YuvTkZhXYLRnvgy+gZtm
+lelEmXgMT2Ww8leKWmGJr0VkhYH+sGZLZKgxmFX4FeMXVcWA0k3uHIXeQT0h8gJU
+VsrdzBC1A8pvbThtIj2ZfQ4CClmDZZW4vplTC9oJJldenl5jI1s2DYzcXrn2eIH7
+edFuiwGqeUpWv/KONSHVvzHytw/CjS+3L9Wn302y/IijGwIDAQABo3kwdzAfBgNV
+HSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUCqS5MEOsQ8g0
+AhPP71Xov3CfRq8wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBSpmk+5lnnJCmJ
+CQ074FYF+IHNPqc/ZztWuOGGsY0O4ST3vIHfbpJwjCvvY7QC0glG3klEDvhOVRVB
+MYzkTscePuEI9xUSht4MoEsN9AIL0ONZ5Hi4OfKwdjm6AatSmvTyj9EWpmUzmxqP
+Uo5GkfcIty+84ExeTE1azxTi/XbJ5vzpvnhTQQCp2yp9T/+BSCovr73OlmahQWur
+tS332QG5XAPYV54uJpYPYxSfoouf2YoVfw8HJRA3qfQYoomKWQSfNVQtk2pklxIe
+zNVFpjHbIef/AZOGRYVAePoQAx3SqtA5faHlYHcy8fCr0uklwvQkitS4a8ghc6Xq
+o4g/ilaN
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 03 2A 70 2D 08 91 22 69 59 D8 1F DA F3 ED 06 D2 09 FF 7F 
+    friendlyName: basicConstraints Not Critical CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2B8F6C672C9D1209
+
+UciDWxzXIHzVsJcr9SCpIsfAYutmhoJaU6oykTzH+9YgNLuvkMo3xzvFTbD/0lG7
+rRsIV9BZchKs9PjkD5AkXaR/8BfW6rNQR166Nvyhd2Yn88xy4ng/b3vWmwmIp580
+VNKfg4uwepjQaot97RYkS7dgGp/6HAoy/LvLPz8+Vv2NZr0Ocj+2kUt6KT5LlSEC
+8HZs6SR/O4lnJfAZf9B5FwFOrDqx31wUtKADMmtn9AeJwM0LpLRhyDOkUzmBP08L
+kJAiKJ0qfKvf/eJFvJKbyeckqGhmqqGSFvHO1xHHw7xUDvTB0lskAdy+MVZd8XA+
+QA3duCYZaTcpRDqm+fcNqGZB604zlbKxscY7MvZ5RVsA7Vw5ATHhLmvOMS4H4wDt
+hq3s9hBQIAM9VOeuoGIk+BP+pKss6X57R/5XvnIaVTLsSbn6VpxbJ6migsOAq9fa
+cSqT/13w6Nlf9rzo6AfskOfBzmSgxOHCrwEkR67xuSWsVepRSCu43Ctm41UsWWLZ
+peY8WGMZdsqv88cnwgGQObPfAjKW94aaVfizhoj78gppfghvC95nw8IaViDAWTE6
+QGptRf0M2zsGtKp536IRT9tUCaGIbewc1diNovY+tNB0YINGeiQcu7Lgyu5MbzHm
+evglA4U9hmHnMyt7fWaxyauw0HHz830Bhh5qocj5CsrRMNPSXma9+g2wxV9Sjz29
+P2y0Msk+ppYkNEzVeNHfz6oXW45KXXGT6IOcgpwMKNncKaMW6ZtECE84AYeFzNcP
+YYhFylF5z1qBhYXHPJcmwjIsf4GSVzU8YuM8hlrKix1YEBqqtTDYifRIM74lmdaD
+7IyJZ/wK8yqYsze8hHt0E0poCJ9WC2vkkZvmu4zZHr80L0ARpqQ8b2UX4UIMwar0
+L/q3625fUXi+OijtpGqjM+iAAZgsg0Dv5744lZwAdn1fdMUsDnkPPtyOaP8C4id+
+JUozCXlQ5QWWAVGpwltyTUI2cSw1z3GBL/ofQVbqXznsTIie3xBAiHZKBB/QpgP2
+PNLuYhV93JVYxBUO3BgZXlwy8jbgGk5NU+EZ6yTWPF+q0o7hF7wQAIb1yfz/zGQl
+6sohXVRhZAJWzbnDQIWfZMVXsPpHDXoIXMdeufmKy6MGAbO634upVxZfpbErUg3R
+zw7kzSQ0nLkW7viUYpCPz6waXtxCMP3DZynlXmVbYrr+be53PFpg9PhgCI88VQ+g
+At9CHTMdocCZELJkEem4/VV0bjYCYv22DeALTSM6SlrSmOFWU5QLXV7Z8zs6nOwd
+f5W0kom93FolMmz6iFn09FEiRnGWGVE3n4m/9IQz2jTbHgAFsust3uKuWMeTmzy8
+iAYVv02CRt8odMFCBi/ld6vzD3mxiLucxC7RfYr+b5fhkYxqJkPW6WnfHtwlUV2w
+SSEfJlhThZG7t/ZSbMNPo/kemV8Y9jByZvbl57kpSji7ft5BbJ5J0jFblnX6aJcd
+UoXJm6t1BitRzhS/bYT0gBWp7V1UISlwflZKwZwF/P0LYAdOdJM5IgYyLFl2G/Nw
+E8ElkZwApmHGyYpDCABQsudLK9hEuItlEqNKdfsE1TB+rgCZF6xoy8ci2GR5+BNm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem
new file mode 100644
index 0000000000..668159e530
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 67 88 25 B9 3A 83 74 48 FC C0 EA AF 2C 59 06 A2 D8 7C B5 4D 
+    friendlyName: basicConstraints Not Critical cA False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical cA False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMjAwBgNVBAMT
+KWJhc2ljQ29uc3RyYWludHMgTm90IENyaXRpY2FsIGNBIEZhbHNlIENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0EwqHs6AKdSF6fQyFQ9KzZMLoAg
+o3Vjz4MudMtI8xe5SGdgQiGK1w7acKOWzVg/xRG+7Lv8osjGB9+m6MsYgXACOVt+
+2VSmsuHQ5F9UZIoaXfsCFV8J4KJYuqWYJt84PIzUoIEKHHloghRQvI4qv8SPJUSI
+LbaeRckJAzsLhRVOTGIOCPTtj/rosKpdBdHofuzdtVkSJvMu3NcN1oL6haAaDtS+
+MYAizyLnTbNYBS/NW+6hImyNLYvmXYCh4rVq0PTTEJvm9b7SQHyHyFroN3a9vxof
+2+bQq6Lpim0QBKi4rBRDeJn+zc5EZnBkEDtZXEQ808JddIboTOi4JDkKbwIDAQAB
+o3YwdDAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU
+OdCbt08pN77TsIp26mqeze9GvlgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB1uT+Y
+KoMDcmuoxjk4KoBNTWPmR8eXegKa3WfyOJxYRTqlDhmDd/N+3Ifk/QzDqXitKUEI
+BWL13NTh6ngG9AIBrRGpk5XmixKTxCP5FxGjsd5dM/So079U0+K9s90xzwOwolJi
+4Fkih0eeRu2ntqwCvLsIEOSJMH7uSOISuRjYqMAnzlP4FFXYeLOGQLtUFln/lseC
+KfD0roxZZ7W8KVWLICwGAFrw5rBnZuyoNIcCJUtH9uJ4ugid0BmYrICWLFwEU3af
+W7GJZmRfegol/5TJy14XSb6vxyp2kAPmgdDZTmLiB36xaixjsS/7AIhejzDJ3gHU
+SIxm4tAlyWAjCBXh
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 67 88 25 B9 3A 83 74 48 FC C0 EA AF 2C 59 06 A2 D8 7C B5 4D 
+    friendlyName: basicConstraints Not Critical cA False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E7A841BD9890B31
+
+7pXy++DsDBBVp7eFGwKvmWMCzl73VTqnwp2Zt+OlEshNqcbjC/t8TCWS4+zbot8J
+q4bVOdu7VieNl+MWdDK08PbZPi1rNeOY4hB0R7JftfRc7iNZJa/DPGjReFloTsxx
+Dkhdo4VBEpqQdQRq+BkCIe4IXc449f95jBIFp7blvTYixjqpUcuTDCkq90JQl/a1
+SvG73oZVLjkneF3e2km0nCQiLIrvEEwCva804ZvohyyN64C3WwRd6CXtFqKed4MO
+ju1TExPVg3sCnEF48rhHPQbqac6kSmWq100XrDyzJpvXc0idh8uq16N9zB8ESCtu
+H933fK9695cJL436LpaXBN1grXuZNL0if5wXqfUEXcTfQmrAkuD8O3abtyCxyc92
++6k3kMkzY/W5BvE4hWCboBYc5VkKd+FwxTD6hdGZ5iTN7kol1obzccxFRRRkL5tV
+0gDdWjAz84vbQYbJNrePXPSnN/xLKD+vnOl5HA1Eu11Z75XfiouiW2J4WK12HZUG
+UYI1jPKibCcoXaYZZPBI8pVyfwc2T+/CRGxp9v8gqYInh5TTbur4QB9wnhCFrNZp
+lSkUOW6I40UC/20MpNqIIipw7Jf6nKMWvN7zFojVz31bni0OySZ7np2deZfStAuM
+xXfC1plLgEXyquhXfCcnV4Od/xCbLb7e/l0NqWGGWGu3EKZnfBDrBoPmwxJ4toOB
+3ExqVP1M/gxY4TMc+YVIICYdWIhntF+hiGkmAsdGXslfLQuxXxq0E2j6xQCFfBdY
+iMehq9IyO8debl523hcP/3nAx1PMrdMXk+tRAhpbtPJmaN75YyEQlSHAJEZDA8YK
+id5jAx7pmneAzRPs2mU7XSSTysyjx5hV0g/AXIGlIHrZcjpwsvuFlwJJQZ+GEUxG
+OTLZEqFOIA+tg63Jze0rxOnegT7AZx1Nzz8YX7/WrDiGuYdM/sfHbyz8AF0cAsI6
+Uuqzydz4W2U4shwwop5/Rwh01PSiEWI6x0K9L7htFKerVvEoLzUjFldmAqmqlGIH
+GBUl2WYDLxkhMRdT7/9YZu82X1TcFoU6LsP0Iup1tRrUv6vbeqtaZDGoZ5ebHZZ7
+vSDSMInRSzbdv6nd6Yoilkd57pbEVbtqblAY2tBQ/R0Kc/FMddm6gheEh9Sd7qqv
+fbWgp0Z8gRE1R3sD8cl79DIcUBxI2XiHGideO1flAAlPogv9IGeqqH4e1DsjPewj
+s/4/9ofVx//4/TjQP/aWzFTemGzlozPWM28FfrGBtReNUQ7zUSJKzzJJ0HC0GQLN
+zhXJOklxg/wyhmD15H1xy0bqxXM38/LR7PfaJCvlIlJ5lbUaCDJqxa3LM2+2qhOm
+JKq5Bmdk8zlbQi314JuBfOy0PEyLHxpZrEn3orYqtK2MjgoOwE4IDfCWkLL2bF2+
+sYfCFZ+ApD0Ki3uL/9AhTzsPkYLAp+vH9+3FQ9NOe/hCwF99Ak4+Qo2sShSwGJQl
+IdEiKtVmN+3q+gZweTyHQeoWgSVcJY2A8BquR+Q39yYbhilgQxRt/Ivws9oeSUx8
+ga72sXk08SEIdmlkpwpvev+FIixCbk3EdmUSVOQtX3AiK06TNUTYlg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem
new file mode 100644
index 0000000000..7afdeee299
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F0 C9 87 CA 32 71 3A 6C 01 BB 33 39 C8 4F 65 31 40 08 8E D9 
+    friendlyName: deltaCRL CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBWzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1D
+K0cQkUNtDBARI1ttcSMWbaqm4Rx+gncCY62Ilp1eHN9tBFyJXN/kxEe8mxh/nl2j
+WEundquIwtjnMKXV4hU7ynC+Vg7taRu6Mu558dvGbBzkJ9LYCEFs3DgOphyY38zh
+PYa/0o7DoRoIAYopaEmCpa/fyqfUDGWps4S6FATb8rlEAK6zQHO2zirGsp5gq9F8
+mJon67WM0iJpIPSuCIkbaTRfY4glRFyokHWXQwXV63XkgNUAxQjLGwAqH1iZIOBy
+fl3t716yIcCnnimcaVrJu69GBxYrkeYTGD8w74rzGKJIHSCEZy7hOtS10G+N1zx+
+RqCKnCh3OHyc5qTyhYkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFHcYI+V2hMgUlD+C0IHqdLHgpC8zMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAjgJJapgvD6p5DPB8zpQ/ol3xmi4YS0g2ephG
+7IX/vh0H1AF7wYJz7zeYBbRUVeObLVzUgBq1iN4Gk+UxTFDFZxzIg6kfPyP+MBDB
+VIcSfQoWWWl7bKEm7R/eIlxRm1ZyvnCDc+7QYMwdH50m8KNSF9UOuJOQHGIgqJpA
+gRm1t7INMr4OP0hxeVkzw77P4hShwi9Wj3O4eDD+0xVPvxweDQdoo4oo3rx1ubWB
+CvJAFv/Iz0qZaV+2RJNFD5Seg/z/G9wtBPXaOsbaushHEejw9rsQCvj7GMuzzKVH
+qWhXC94zdUfGOz7+euMLgnJUmfEYyvQY9NgZ57+7SmTit98wEg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F0 C9 87 CA 32 71 3A 6C 01 BB 33 39 C8 4F 65 31 40 08 8E D9 
+    friendlyName: deltaCRL CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,722A4E713C2A9002
+
+BguAZJfr1dO6b5dtwQQG7QdiD2cK+57DcU8qycGo/4y0ZB3iy97keTWLx9O92LhM
+lzUeL5AM34sT+m1w2ciaKdR1GiKXA2OTC3M/3kOm75eirSAMEkUptbwuPW/0iJZA
+Oc+EsaKC4FipWi0EB1aTaeTwApM7X8WNgywUYSCMz1kL+QCRedgjSTyqRcf1xUs5
+zvKcaC5q4ofVNDppkLZMAnufFWep41hQ4pHobkh6zbcVXeF8ozy3iGcyJWVgbYOv
+f2LumH8uoPoBwk2Pi8z3PKHGx0ZwKV6+huHCMATuLLlSO2N7CwCatz7c2DUPbU+e
+26IOpykXmqxvBzyo9vlrr2yvuP4zmNod1D+JnRVtHpfBdju+0K3qHZ0ihbnHnS8D
+zdOkO6TjLVHw9OvNbZEx3oTabOiHYFIFMKyAhjUIDQHEVVZ12fhdnBNvKduCnSJz
+7ckwYBPerFkfXjYKMaXKEGPfeuI85yT60FT7LInPqcjWC+LqkfTpyrgh+qciV7X1
+IfumvbfIFAUTlHPxUu7evdGVqbl1nhXCpKA8DTyjA1QO8nl4zkaRKtoijLANXZ1I
+SXj+UL4EwTmT7nzTm5/XmcioZlJpVPC4uz6ZUaACuNXHi6172FdS3WLmlp9ZtaBs
+eYjHqzQHfFWo4l1CF6JI/Z54nr8BsUZ1m9gb7PYRiM8ylrEQiJTGLf4a0ypUyG4R
+SoC72kAzihd6iEuJRKWTymHnz5IBK8PrgnkAk7TLWoKNb/PS5ifs2wtUGvBXa0os
+FzrahyPCGF5afZ0pGhw+01aJeHHaEhfVHI9ix33OUz5vy4oM5xYNDKCLtDXzhZ6Z
+Dc7c/9GiHUgW1u7eQbV5i6igRvEqwItitPah/zbfrsNwd34swv8YyyPovihYY3GL
+w6tk+8CYb4qRkyhXRg37vBUUuPa7GjElwE5cZsqUaVpB47wSjIZVFOC9g+/C4/Ps
+SI6y+A6QatTqgZ4OmQ7JKUtYHFkESnKPl7IzRFrw054oUWVQKvdvQgY8R0yhd/2E
+qbLSyk2Db0wLmcPt59NV8nyHa7twNPMVApQigXAszEhbSxJWGIFjSN1X41654WG4
+/2FO8TYl5+mn32BdbCgYGn3kFyAeCd+aHNfa1uM93coSoupCVRA/ROTxAx8gohzO
+TM3GctWfQh3uxOakDqv8I8GG5BMvJZmAoNTrMr+kUNt3hrCr9YRKGRD922J91vL3
+yBWrgkudn09y27zjxXZBmYDF0rtXmmtJqw2GebKFdw55OLj5cETy3X5HjarVrVmG
+SBF0toq03Mpc5i8AlduIaQp8ZLFmHLpHfX2mgbuyb3EMDC2RgdfzhxdKUzirVFqc
+DaVfZ+KNVQu8gyMdvljeRJN5vnf8jUEPzNZhyJtBV/CqzJxtUa+Cl3t6JRlWToOB
+U5oNF3d0BfWAlJCWzsjqcRk2C8zP9ZXBii+AErDkUtq/ifPpea7PYUKGqszLXtE3
+vEi6QoArjHCaDwpVdXi8IHpJUl363LTqOrfg7u4BrXMi+haoQPEyK5UPqilECzwC
+lShfMH9t9sHbqIN9CW/7RfO4+frEbHEYc6fm293IClTfSE9zS638Jg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem
new file mode 100644
index 0000000000..8099fd391d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 76 86 80 FC 15 9B A5 CC CD 2F A4 CB 1A FD 4D C4 3D 88 A4 6F 
+    friendlyName: deltaCRL CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBXDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPmG
+eyqKnZwJFXM5DgR2BT3pqqs+DhJwQrNm13bDDmo5YRZtwkP04BF+AovdaABYrzG8
+SPiAnj7XrldFqIt/UJh8j87qqMvLcUU3bHIfB08mVHs+IRA1tXR6hle1gKNTvr6s
+tBeVyre3yGYJzu95wM0dENMlUfol/gB0hswUrbzfCWL4bLf86I/k6dhHcRpAanLf
+Ns/zOgR4ZjlgWfV6LV0VEYCNzPQ3d1jzgAUtHNtME6KoHeP0cn4EooDlFpwwjRCJ
+ijNmnZfyML2BZXmjKeye+vNXZ2kSRGaAOZPG1tDmdjVy6OwcxsCkv2oOXwZ7WwRA
+HOiLygA4cXym8HDOgL8CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFHzY9r4DTM7Ptz+hGbszq7XXjfvEMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAnot97/Kk3staK5cRrXT3IdCNVOvFTJgMt9oM
+Ngm/cId+NkEFpjPzpJU5H0RXabe5mqpM25W4ybfTTWgYqWvuCxTzwjhDmtDfhUwg
++U7prkEz9LgaJBa2ZZioNsrBEjSj+f/mO1e4ByruCBsY+uEpwU5eGKzySoaXX2wP
+7fWC81H6fX4/QNRnOsajadNSLbyVjOmiwz/c8rSt0ocaNTxkpe3xBh9MLSQbqJEi
+gQTB08URkciHRGBsrBk6HolAjMcghra2Z/Knry1wCcEzQkknOxzgS+IME7ehF9gP
+XmkFC8jp05ZGOfZeyKInxsivefg9QvdGOAu5IXHZvCUrFV//Sw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 86 80 FC 15 9B A5 CC CD 2F A4 CB 1A FD 4D C4 3D 88 A4 6F 
+    friendlyName: deltaCRL CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DD8F6C30E6C01617
+
+7F8RxBk5h9wR1Ib1nxlGHOH6jj5UnG02dtUGJimXtFvAzNz+E5+LbHsol7G4hRXS
+xEa/p3LbqApBKKwskJNwh8vPD/ue7hbo6Hr57jMIE+9LQRanZwg6CMIcaw4eRD8Z
+/nKpIWZgLS5ohLAlLp868ZiSohFgLGPOvgW5IvuoS4LlDyVIn30wViwJZZDxibht
+VWmxQP5BQUaUBSDsZFjwgMJC5Nl+nNBhGcrIlerkaAPXihf1MJ5bMwudjsJfzFsa
+qQILIBy0iQzlwifR/gc5TmePwEOa36GSiLdCaQAihjbhTH2Mht0EEApEYWrr1C99
+fGzIyAcLUBKOQ9Moi2pC0VlGMcB7pT1EhQAcgYfinxBbQlZcieVB8u1dVfbRdeAQ
+ipIZvD2i8fOjDSXp117eoBjH3oiOWzTXCuy5iEyE+IDBxr+FPNCJgc48CX+MfbAM
+sgxsSfVAcClo167mYYbA8O6ORr9QvZ72KWvPJZEO/pDfVTMyZZJPhNyuJR3KxYYl
+iShZfWo/rUow4I4UCRPoobBqEitIPAL/+Uwsd/AEihN76dMXjY87zqm8rRdRsrHH
+YL3Q7g0Owrs2idJahta+2sjsgx4y+4DKX6U5ttDsnOSO/pXJhKCUzFufARoMO/Xj
+mZ7SoEPP+NxGmyHPSb0OK087TyJf/E1JZOUG2GOVXj6QN4yIn951WIfYRyntj33Q
+KUR1rVljlATKkVqwWETnsTGaoSZPmZ1c0VIwA1z/MrXEYtl7Q/cTlUrr7TxCpmw7
+7Dwes0uiiLbYfWXyJ+coGq9V0r5lkkWky9SOE5c4KL185G4DYKvjldPmmDy71hPy
+Tsdj3u7XIOLb/hbrRLFV/6ufs+bY+D6hkZWz1HI5ukuwxSTTjHSkEFGNVEUFtHLO
+E0M60YjRXR7VTE0z5hzNS0Q/9bcIH7jn1z8PRmwBAR7VcgC9oq7PFc+eTWkns6FV
+48m9a3BkAimJ2rsdaBYBXn6+qizeoDeTKhSs1sN1Z02Xu6jPcYX5aTrIsLESF2ya
+SpAVaE4QZpAP+k2jl98N3oZQIZd8L/tOEPRfxuzuVNpxfu/U05W6zQnHHE7Whce4
+miTwc1VvDCwKVlnzGyYm0x/so0Nvzl3FvKVRnDm6NueOS3+BVwnZGB5gGOKMpXt9
+2Rgr/mg77Df0SltFHJf32v0iLH91ozk85pyGIgI+LHqIcYXM6IdCRqqpRHJ7cMIc
+OoAff5sxzolmfrVt/14ba4wtLiiyKAcnS8k1YvjA06tp1201Y1hv0B8v+rSsnzBn
+LsTYErElmwCSu8H7dVLiXvskOXJrlC0mMKKaT9/F0Hw6O8aQwGer8IVGnb2jB52v
+czZoYoWjze3JGEGheKOLh70dMPM8geEDeFIBtR/Z+BFsKPxOwR7O9el7GLwp5wxg
+YpBNumQoGDEGc3v3MjJ6NuDrIDJd9E0pSMfF5wAK135tDEw/briw9qa1eR6opnqX
+8PD+8Dwa0vNfbiEHu9NZWASVBHo0XkZRkQuk9h63odb2Ce8jMvdSb04Sj5hqdxtU
+vwai+mWjeOZeNlMBRsi7QIR3/EcXZqIWr2mnx+sp6+AUeSxbZqqC7g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem
new file mode 100644
index 0000000000..2b5a8de8f5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D8 F3 A4 B6 51 CC 05 39 FC 58 CE 6B 1B BF 4F 01 A8 DF F9 7A 
+    friendlyName: deltaCRL CA3 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBXTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANWk
+V4v0ntSi9RGfISHPgdqTaJJOhlOC/mr9w4/zI03WxMARD6dFCOiJDP+D1O43FEnG
+UoeoxVIwnTYlN1rvJEyjXXZCdrLJQGqV4FVNQ/EpllubGkfc2mvemabpkmYIEW6L
+FlF20TrhiHowPffKj+7y/aXAMMiEfX+kplSkI8nN2wDGfOmZzhHptIKClExnDdJ3
+09sYRAqU8sdK17gthqOUa7Q6YIcTKJD5KP4nN1HHfhZT0Yl5tXnoppjPDMtVun90
+pF7wst8Nr7nO7tiDenpKvlYRNdP57Sg7SKzFhJt5wDEzZVLEh0BQ7iqw/IJRDTXH
+tmz8QVU2hBF/6vQGu7UCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFO9j06hOsfnfYeINwwWjmBjSk5nnMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAZ3Ll6ZNSuII0b61IuWxMGImVPqF9M5u7q1W7
+dZqmMMzQCull5LmgeprRJA3jSvCBC3/kmdHsA+KNh5qtln7pOkdewhvz2kyDq/GH
+8boxSNEIi7yqPGVIRLHyp6jDrwkMrbhZOnwr06K/NwUuPMTsN7eITW/wVZSm8yUH
+TR0pDDTwCjrzYiszzbGNsJ/qTtmtroYJ2LJliKXYOhN2dP+47I0AKx5clhhofDz1
+vve9wuHgkZ17fvl1r19VXVw5r2XPSL7qNQxHECGzHNXKzJnSAaYN44py9VQ0JLgA
+gxZJZBZfmW1XzWMfusb8BxGbfy6WFx+698V9G/yas36Uv9bAJQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 F3 A4 B6 51 CC 05 39 FC 58 CE 6B 1B BF 4F 01 A8 DF F9 7A 
+    friendlyName: deltaCRL CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6732CAD4054FA1E3
+
+/iiFt7tBHNGhLMtdgr1HYBP5tXrMDI4RoC++7n3PYuKnHf5+qomyoAZwZXWashAr
+AzeB7iXoMIrMLfjKK7Ka4+syXElaZTg4gcy8A4EZjzdw9uZY/8/5fxsP6CwhVRPk
+hAAK3RWdeqnjHpDpsPNQqUxRevHHwtLLPTEOnlSjn+mmLqPW230/q0MCWpGoSk3U
+6V2EX9AY2DR1pARVCUE20F99PQs6WBov71vnLRbjg/NxtN02jw3cvRHog/lX4gJ6
+LtVU8i13I201TCJftrlz8srHOW30UGdJSI+ngcK720wzqhhsB64dtKMaYn32GQGL
+EcG4esC8J1yZ3JAp4Mw5QCgcQzLrPcLQ1S5Nn5zAhyT5KRxVqbVHQW1Mq3GZJEcW
+aISGgZYIcP3g2o4Pj+hPgLCYsrzaTur9uUCgilCHWpGD03PJ/GAqh157CxKNH7aJ
+PkjbnTwXiFm9D1tBcsL1ebkXwvto0tONG58+VII7mT+8TISIw4AyAEZkdk2MBTes
+rYinh6hiyRX39Y1sqjW+j6j/oiZdSEnT903bZ3O3WjH7ocVkUKc9wXCCt8M3j+b+
+rVSEsa0KRTc5h6sosQSx11iiH6DfzhAoHG1DqPxhlwX4HkQzYWolW9NMF1wSO/b6
+3MOTBmbkdXFDLXMcJkikUvSf4DMxAV2WUEINbPq0opKjJtoHiwWiiCBrS+luSbk8
+0iwGkynIq9+d5Ntvqo2XrQbRgrXgE/RX7q3rIloNwHWhQu/F/SoFy8VTd5u4NMes
+hRoVfW8vhDMm7K/BUy8lunNHnBUaan1XOaUZmTFD8IWWR239evo7Arolhq9nbfXi
+PZO4xIRNMJXDyEntnw3eyVZvAm5OiIqzc/wU2aoM907Kes+6N6+XSqRhdCPSAgC3
+GnL43NQIu6Drl0tHFFEv3igQF7QtzVqkemzPCufFqreuYUoLh4pitHpNHTgBY5QJ
+/pnEzzna4hVFKGFqAGw+XINqOaFgnEMQ2KD34LHXUVNJ8cy8srWUYnrl91mZm12m
+9e29Q8qucA9+edRgdBcmkA4iiNamrykzPYi8qG3/SED9GyBKBgBVWcuzEyFcYeCm
+1zCqmj64l1asn4/mxV/f8jL1Jlr8Lfbzaz+rr2ECxK82WnEgrGP3HvmoMHf2GmPv
+k+6zRYbMBqaO6EF2swDqlSVkjAykezpQ8Jiela04K85m5gP7Y8rq1ps1fU6o7bJP
+rDhjI4uUnuC084mufCLxjxyR8gcyWkloc0wcD5yQK07QFg+Lao7SqLgOwFoOTNU4
+uKbH1yj4IO+2OiBiOW1rUN05ydQ7htdmVDras3NWUQsKFZRielWxKEZ8TCKgl+Vk
+t7uybtKrShyCqLNGxniDkhQHqwD4qgJ9bPxjK+I1TdLqZggR27fPx7lGSNFNPXzQ
+lAWS4rO35hldQ3Z3ieRBwvUfGHdvZKOqgft63BslryH+ugSgpU8Be8YVK3P5QH1J
+T1uv43qkwOY+dmFi+/Sn1FXcuhUgcA6XlQLbIPIgWqiSaTH20rnYA5D71oiw1CFR
+Uq7Ls+Kgw72matjq6VTgz05KlJR3uWl+n62sogheiBfB/nSUU/LKUB7oj3qgaeBI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem
new file mode 100644
index 0000000000..2913748c22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E1 81 B3 0B 3C 20 FC 64 51 F0 57 E7 B4 DE 8B 34 2D 4C 78 9F 
+    friendlyName: deltaCRLIndicator No Base CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRLIndicator No Base CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBWjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HGRlbHRhQ1JMSW5kaWNhdG9yIE5vIEJhc2UgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDD2MDEBGlnaP19Dx4CgvQTIRIJi6rw8OvaAZgntS/WWFZt
+0BYKwbZnyXxJCbGO0HBbul9rFVv2dFZdRWMHd17HEIyv+Xma7/0w7L1CemeJQQ2j
+mpTjEkHef/G+p+Y1iBEn2vomiQV3WtyRoe1FVuOI0TNyg2JFR7SJoZU4P138Devf
+UW8po0fBAl7M/4gjXz61Q72QsM4V8vgeanQMvFaB0Qu43RYADtLMBTLuxkH0jA2m
+xodtfbpQzEnslEbkemYMw3fmuKkhbLPfqV22XaoRAohF4I5lKKpLj6alWTJjeTSb
+KvuQi3whU3rZYru06g8xCot4hK6daBJ4ibOPFZYFAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT0OHYlq6TjHMDIdYyN
+E2tjI7aKgTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACnnfaS3g5fltnq9
+bGIa6RsE9OlAFAXNxPVEdvXV4Tyj77hKexYBMwpf0NZ/pAHfsOtNJwU/5HY+vR7E
+VxPnIQsHnImP+LF/rr4I2RZCv4Y98DC/a6nSfZEqLNonxDQRlBls+jKsMbRRDxum
+YPIO7V1O6d2j6sDKW4rHal4llx/cezldhiK/6S9qEJ/+cjozQNICSA4voR0h1L5u
+ZvbGp5d+gaGQ+v6E88CcMTKDupavpvsZ6rQW6Yq6so2p5WgKU3+KdBs3MPKoDyk3
+RCCFHS4LxXLF5I4HYt3LU2SXarj26Xpo/6FhhLuzGaJ1r6jNuTGV6RUEZHSaMl4d
+anTwgW8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 81 B3 0B 3C 20 FC 64 51 F0 57 E7 B4 DE 8B 34 2D 4C 78 9F 
+    friendlyName: deltaCRLIndicator No Base CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8272274058A2EDF0
+
+S3vB0SvIHneL0yWIiPOHWfK97IA/z5l2nkIo42y8IMeG5QL18o2b842vEmSq7DC1
+D3mSg65aa9ShAwtQcftH3+Fnp4my8oEy1dJ7LkGsPQKRrgyfWN6b/AvsB3TUEAGJ
+wC8wuVy/ASLKk3zfQKJtrCNTG6aEVfcx0yD83mE2LvsBl8HmTO2OxldvcKd/hze8
+xlVk3nNPDcwwy6r6FyJzQmqd2NEIOHTeUOHiKJD7PHhjpvJhlDHuzfivuGoxVcOF
+FReOaT+psFm6V5lNNqvvQxLfxv+O6h2+nb3D0gZ6bxTvpCaS0k8plAsdySs3b3LC
+avPddOf2F2qEY/vZRwVrdjVafSXFRydTWufuEDRrhRgf5JhxiJFN8ALPb4DWmYLi
+fmYsgcFVR+GC7tafQYppZJbxcYbItVgPmCXOqq0ndoOrVZObPZlz0rrNk4VExMIG
+ewViu8cv3hreBQFWT0JvCwVXbVTdxDlzBXHluHFjdhD4ZK6Ya+j8k9X4dkhgo+CV
+QU3wUox95YQbGqcg6SWKVEffJ1p5mqsJl2KR2NHohpDA0idGUPsj/FZ0s4yFetmW
+qQfvlhxLCMLIt+AFoJp8WgXtrv6AICDAjMBUulidFjuZy1fhdsBmLyXI+gcOAM6U
+ouoqvOVd8aCnJNhXtaxi2lKeXybLPrq0mNj+jAr10/ZKxaYpHi0x+sRkA0EJ2lmI
+5GagmktdipkOA2CQk6kWeKpxO0DLCdW8VA9TPixxtvZ82WfGsNlgrNlbMdjx5yWj
+w+1xmtHM/rkU1ueTq7Xt3BW8Xc+pHOOKEvjbeEE5GpJCLik/oqUpQ9LfDl5a2AZN
+OnCY591HEFQ8Bqgom7YpOiWtz/kaCOu3KlbOhiZ+zLrFoblwBRMFUgqraMfLT4dr
+yFsLEF8G80fQ3BCtOO5oORbeUYpPijhpO3RyjNiFk7yDjetXZewbwRwE7Qce7Cwg
+nM5bwPCc+UD4ha6B8UOxG86bdY+rk1D8mhAZN7mMQpEVJStIKC/91XZjyWJT7ZLZ
+jWAATAMPKQkColoCJILlFO1Hah0Zh1JhVcn09BDyudQXIm2m4+SceD+Jtlak4+Iv
+6xsvTsiLBgCPKMcy5s+B8cIyeLOUwVLqSd3b+uv3TJF54ANxIjTfpY7isiT1IyLW
+YbFuV14X0NuVs19MoYq+yzpFpz3z4ERtDMlDPQUXqZTr27TeNeF4ALb6fr++o2ja
+/+EoPsr9D1QRWBIy3FxRCGjCX5Bd2iS+mMDyplCJ5d5RhxIFDZSbeYVPC9VuyHUt
+IHHq030V9N5SjIXOR+rKLbxbi9xyDOQJwq7Q0encqn688SOr9PqsevSFnM5Zr3BP
+vWBl1U0ChwQD40pEc8Thteg7BDoeomeD670iG/ik8xW4XMbBT2sMmzLt3JYeZAjR
+Ef9bvZHjXShnWCqgPMcYpmT5ayi6V645PncNj0z+7Dl1il7JYuSo5lz+xo6QRNSq
++kESksnEcvRgnxL3bFUHHLKCs2Q+BAeJbm2tRDU1UtGXny7k952ULVIF7D4voNIc
+i5dNyyQUXfIE31Kdw2GewjUjkXtFSUF/RrK/j9OBPR+VcdYKtt/siA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem
new file mode 100644
index 0000000000..0317457845
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: FE 53 4D 03 9D A4 5F 00 E8 DF CB 39 B4 6E 8A 0B 9F D1 D5 1F 
+    friendlyName: distributionPoint1 CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBSjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAsT
+FWRpc3RyaWJ1dGlvblBvaW50MSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMENYynQ66E+JgY1xOwEnmlpX+QdSNkLIStriNPb9+e04Yj6oIIIDPIO
+/nrtm7JkX/INHfmkYCwATYLWuSPRljutttRqCaja62DccwRV2ihZkBNV5Ptut6Ow
+Ec4Xeokk9704E2oFyZz77RFGZj2B9IY4zgJhDsFBUoNLW5f35PFFZnw7OBYug4u/
+yUAFhJD+T+nX5ULtCEKcDNelpEMqb13w79Vq6x5ppkwu/JVTeBdMqNnIFxNvt1/9
+tiyd6P7ZCRuFDKoW+qpV3jq+NhJSnfSxLeaa9AVqsZN56Ipl6JzYl2mKCUN2yGf7
+PTSiOP7a+T5vuk1fprwWvgqE2up63q0CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFBEwc72NcCiC0m/P0jftzesjkdvv
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqvE2hwsQx+hGq3knMpgC7a7u
+k3Efu3rqhzjT2cWDfNagFGwSp29BEKVlOayp+CZdUVZsqs2Ciiv9/+3aNaYMvVoa
+kSX65EJ4+f5ypA3kjEVQQjRp/2caWfoAsuyO1uI9T5bqhregHFplqvPYhLU46ZXk
+Bl+WrrqkfJX8lnGK3bLN8aPd1WvD9P/We/Rq790RGm44zZ2QtKZKL+wegrSVSOdS
+0vUV9quRfvEVIu/JzzRnxkTj7f03/Gn77RKeJux1jHlm69FKz6gWtuZ+gK6gO56t
+Fi2DvQhVBGXVU7pDDBbT+tIWZptLYGLhtDU32CDB/WmuyjPxVehmtWCdIP4/NQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FE 53 4D 03 9D A4 5F 00 E8 DF CB 39 B4 6E 8A 0B 9F D1 D5 1F 
+    friendlyName: distributionPoint1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4256DD02A40FB24D
+
+551dFf1TMYbIL2bCT/LHxhp//bPnIKHjBt8FQjSq4uhPrjfEFeAxLdPFqd1WMuPc
+0kBvaKVexP0KtLd+owsMwb3bgw5BLKDt8xOm7c5auzjJ0EDRFxBl1WyoXJTnu9wK
+uSVS2NLv4XNgRAThfOvVYXKnkNCxiL8/7RCAGrGsvsPpoGTFotdv0NZ6yWkHO6GA
+FoNb5uM+xj3hcLd9rt9sljSFrXiqWc1a6ciE6eK23Ncol4zCMW/CuWTtBrppBNy1
++toc5GRfbxi3T5uKP4UyWV6n104cvGBQzk7Gn8FSa5/dvU3bXtJLiUXQujLyeVTH
+xF+Wc+NMXNe7vF225rxiI1DTHlECiH+AvzC02jCGzFKjw46I4r7vsyRzPY/SYHmg
+4XbVIdws+0Hd4wrkHAhIc08gKJ8pAZt9ZmmUAlQAP65924Vk5TkmatHtn72LDlGW
+d4PHXKq/o2cK3KW+yFFzVkUepnEU0/hsqSQMq0504ip5dAlnn5TDft1kbNA8LojO
+W0kWVXdgrzgPvXhe8zdRXD2wRzhGc1LKOUknmAkJV7EDJSJEm4dLYIX/D4iH8NEF
+1An6Mj/FM/i42c7SNsd55IT2dJS7kxT/GgKSj4RaAZVtXItKEWbpxv9YyNOpNM33
+9uGqmW7yBfH/d+xmeN8dAWifWKjJFobwK6uJW3U4FxomcN6Y7gfbXyj4qBNt5Ja2
++fcT5A/OsiVIXFCb1qpMdoUKGnYJvbDSqFnB5OE0WvD/0DcQNKnV/maid29MkJSk
+vZJUcjw6SYT9h5tIuAXFP9DFMjaI91RLW75JWVkSOApTptdzpmsRkJHOGRBaAIKb
+6ph2VPEr6wDNy+c4nA6/b8Di7JT3bbsPUHOlNnPxpV+4bGBpzZQ1hZjAl0WqNCS9
+eZJ3Wyu4py84hTbgM8Ayewi89bUFGSBS/tM5JzVRSeZYa6PbUtm4y/+YC4PC1Lfm
+pzykFji8j7w37vv8okwnAm9mXUAkHe4Yq3wzv/vx92ad9O9+OQCwmL5VpRtPUCQ4
+IkZrveFk38Jbl7Yqg9I0zd2QRCRSZcV0tKymMknBRb7zWOFIx5asd5B4/YgSG1OU
+c+zWt0gj7aLNwcY+Li5lbkLQf+juJRl9YKR8rdIEVsLZG8HzSzxd6g1nRGWjmfS7
+oLEkb1fjb5EOEMygnJ+YR8/zWoFxJrv7fhEKgkov2GSynFAK1n136/bjVOwDHJZ7
+40FL0YjWcyXngeK6CeC2yGz+FFDt5gaYhEKKqg8w7QwIOqEE2L8GEi15LYCd5wHd
+ZDjeBlR/AxF7OIZKuR36TfyWj0uY9TiqLFhLBREe40mIE782FXO98p4NizOQOM/W
+wkTHg3Vt70bTr83vzjapsyxsbPJc1lDQ9VjJ9h9Wx4OWwG/HauhfglnFXSZJ7qjO
+KhZW+LrULpX1KtsIg4oKO2NG624VzvlAEtCpklRNpmU1DV+82BHiA8vCXsKR2Yhx
+92shJ+5fOGtic1snUYvRfvTudGaixymnXA9QYYPDTogb2CiCK43cuxVdm2MhEI2P
+hDPQGNkBc+VZpHmDXQf4Z/k7SG0WMAwEGnrmWori3iRcKxq1SyssUdNi5Z2dPZ+M
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem
new file mode 100644
index 0000000000..ee5c443897
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 63 F7 CE 8C 7E 44 8F 60 34 BE 14 C9 CB 2C 2D 6B B1 08 30 6E 
+    friendlyName: distributionPoint2 CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBSzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAsT
+FWRpc3RyaWJ1dGlvblBvaW50MiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALQ2LB7oID8p5wb57NwdfJ315YHnRlQWCCGgLmKHKDbxN15m/f0LKYgN
+kNuV3rddlwHkRwY0fsKw8o+scrykcTtFQ2bu8RKVJnkDNayoPASbNnlvFXqQKTJs
+atfy7VLN0nriHjM4GNuQ1kGsOmGi0raZK7P9VZhLEEBcKnoFamInZPX9XxyvLE6Z
+FPVKGZbUiwEdytR6TBhKkw3teOWC7NOF48pyPYT7kqmbqSiiIOziuidtwvPEiA8Z
+OtIYtrf1BC/ERRJ4Q3ar0R1Q5vamzNCCe7MKo8/vYUXD5KlJiGHWRs+ntjoQMelm
+gPjSY0piwTnvfggPhvzK4tfhmUgD0XsCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFERs7ttvf+tOSX94/s3lGKDsu2Br
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUjZ9l+vtdY4SEDuKVEXz8N5B
+p2vDWBOSoKmPSIAiz/38OoQsX5I3NWb5VTIe9MUg9+Bov6G/7Pxi79qZkSHEnCwi
+Yk5dQDzKR7B/60ImIDydTuBjv9a9H3JUH+sxjViZeGkNBoqMEBbfeKerz5MilHRl
+fWJ2ZX/Tsg36YrCHmrFcU2BoSoTJ94q1+DXlGH/UhmtrD/OzCpS/ltCSIlp5kpUL
+KDx1MnA895+Q93XWU53JBDw7ZrPWEGWvLhHPXhr7FUX0gORQO7+gbJnmelHZdpb+
+69l2hOq3mGx/55qLnyJsyblw9w3UQ3uaBBcY/kZ9KaJsgMpNBzwNmHzD9I5gSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 63 F7 CE 8C 7E 44 8F 60 34 BE 14 C9 CB 2C 2D 6B B1 08 30 6E 
+    friendlyName: distributionPoint2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,37721919A22903DA
+
+ExdsXEgw7tph+8XnTmAsVxrgBuWl/9P80m6gO9/x4wd3DNgcLxHOHim28B3ISLOA
++oZmjuUnJyglLwFxLCndy6UB7A3+0i+lmmY1nc189NJD1khO9XLcj620RRc0hyZ8
+ozdEuqGhtpvcYUiTrBqWSDdfM0WQIPu7AjlJPXJUn16z4gsRewN6Xg3T1Wz/nHwr
+KSSBowCpz8PsBUl2nCIFhgeWezDJLeCQVpK8Pn8Sgx8JY/kQliQRnVcEi+KTQhcl
+ssxjYokbgbKWkuhYaJx5eTeRl0XfhNL9Co9fKObfPsOFmsCydZ2zgkfiPEtMVpPQ
+NyjdtAlpKQFV/JnuXIfrPGed9S4DUGh0f6zqzdLXgXzQiisF9N9e62bV/dJYRlKR
+DEeQ/swqYHLgbOff11xe46jllQwS5D2QzUX5730uLrWKd4wMC0rep2ZOc8o8R1uL
+CqgyjXuSfhDtlXnMQ++vVky05V6uqiMwugYFhy+hUI2J6snvc6Bo905mjxUNQ6Ns
+lKRDWg2s+UZDWZ9vZORnlCCuw63BQaQ2ynjAyWZHD1NpWoAk9EU3qxCrfHynBnRp
+eM17njVtmW6ostxcKwmQfGlCNWOOoNSL7BZ1z3O6/UQOr/Nc+FehcYRxobJ3+u1e
+TaiBy1Sn4u1fOWPFApz/qMDAwfytdUY2sd39alxOnPcd/Q5/yc/H8HENJ7yhLfkP
+m3iy+xX3yeJ4JA7x+3STgV5pMXutUpt/YYfAow4FfNYbSAzG7bgZLk1ZYJ3cJvH7
+4UY7cipdtkc2fCI8xv4aroLuC1Cniyrt2lwtKjLgmpUS55liZ8PW5f1QhF1G7n7z
+H1wEu1JAN62gCP4Is4d7gMrG3oHIO76iFan0SvbodV1e/PQwAH26EHG/cm0jW2xw
+bSauJiOhd9mC3sHp3fs70jarXXxS6TvbRrsJDu8AUlrNiuKj7rH8CVRZCLZKJ8xw
+gxiexhvZWFXIOVI8tAdj6KXcn1fNzMXXaBiuXvX4YJr5DqBVLAuiGhOhe9HUsxoh
+TUbKaiD3MzYALA5Kd0vSTPRJfEMQNBCCXfpDmrRCWXC/M7XyZBXPC70vLO6+wm6k
+LjoapyFSManlyoQcZxYU89TNhoTq533l4Emx25IO8CU31wjU+RrZx8waYuaL+U6r
+TBY3MFV5UTPOxRNyn8QrPoFgk76Mx3wq7urGqLbr/QZVsoSf/EsmiW6k0xEGtCO3
+HInok44uBDlxomNrQ97QXRxFxz0XRySPkfFlOtF7ANciuNw/bl2Z2VhdxcpCdyTq
+P7X9zpTZJdlC1CNmmpty0z/x9IBd5bxarhuDPAd6/Lx9q07pzRU87FrxsiapiQRi
+j4GbCRgQZXTf3hsG0LCTko/DHuICWXoPGtMHX+cL0ivJfPKFEBH532uRQDetS6ca
+dZokky+lG2abugJQuUEuNh3w4fDX2Lw1KvxYaJWAFLcohqwzdqehVxhRbWolLvaO
+KAMKGkIBFZCfi+2kLLdl/HIQPeBQK7qnhYE0ZsCJLJsjUgsO9Iglwltkk44M9lM9
+iQzzyUexzGOjjUXg4BAtNOlhRk2lCW2U9jtu3qC9kgVb6AUMCSfrfA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem
new file mode 100644
index 0000000000..aab1211b54
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: B5 F5 8F 3D 5B 86 16 0C DC 95 C5 E9 12 C7 07 36 ED B5 17 39 
+    friendlyName: indirectCRL CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALuf5et3e5r6UGUkLBSZ8GWvlLJMbqav8v5qvzCH8/BkfrIBQkxZJzlFmXUmlBaj
+MssFOzcuaBsXQRi1rB+/A/0eBc7n9q/eZJAujc7us0ZxFSR3wM31dMop2Sj3GUcY
+X9D+CtastUIePibzwSvnyWpmhwATVakSmFQGw1dWY9+mJ61JMHvtI/0TAcCNxMF+
+pL2DffQB3t3s/jzu2wLK37/QGRVReH9CoOJ+EQc3VFPPuZDSj9lVEdIyUnSAZb5R
+1pYzyJgq81rFZyGjQRKyThZVM4dvWkFAMjhxBtTon5EwidSMVFSyCJEe9udmXHzp
+8BEUr/ZTitxRviBr1vOUE90CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFCX4r/yvtqkaG3lL28tkLItLsRXNMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHLWWL8D7Drl5QC41ZedYyXBDctYlWUsr
+F9S64SNyF4DQQF+H7zBFsfpmjqGEQcQ0RRQ5MX109HqA0Xj24zp5uyPTCR/0ZU7G
+DFfYtkNbLMRf0zuMY6LnYuTa89JcHYDsX62Km52Gke2j5Uv5dhuyU4HMbgnvCYrm
+iCBtdXR8+EPyTKRIpryRwBx7fveMECFNkPYOxeOO8VOpN7s9SBJW9XlMlHJgCgWC
+t0AyKSlOXfGxZOVc+CQ8Db20+66prvugWPxNh/YhDVlCq0MiqN5VeVF9dX46TthJ
+r0/md2iiQ27rUueExcJOdfBVlH0+1h+eMh5PDKpQbhxJOL9F7ozQcg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 F5 8F 3D 5B 86 16 0C DC 95 C5 E9 12 C7 07 36 ED B5 17 39 
+    friendlyName: indirectCRL CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CE6392CC967C94E
+
+mXH2KbKPjlzKd67R2q/xXneWCfc6awdN0vIHgJaeGUPx1HR3pbx1sfnCIgK9dYF8
+nf5W0MMtI0+5vB4airkiy21oE4yRiPr6ijm6/UbAc7Zbepk0Gjfhf62Cqc6mgWq4
+53U1VvNSl1fbaG5Lt/syyJ3XOo1Oi1cc8/4LSUl9o3MLPVx8rRmS26x/LqlXrArO
+COpk6++5uM7oG7g31ctPdpHrNU3CVly5xYbFyUZViexu55ret+rX8MMEWgfD+Ncx
+BobCdFAkpa+DMUbvf6xHm/a6DvmkrcBM0vZDwtfTK379qMoCZp+UrJtmaXIfBszt
+nWybwYpLIreNY1aWt3oSn1DQZkx5el/jrOMeOfScVMxbKfiyHZFvgNMDum/fy7mH
+NOIqLWQsl1CwC19qcmzqntvc7RpVVCmVfTybnrtlgbdjA2CMExDmAVD0WaES3qzw
+MhgjOsCe5KPGtnTeV9YvMJf9dVW6dR7Vb6F5STrD4pCPl25upESgDdfMB9hsKhAg
+q8uc6tlsZRuwIHreG7KdVMkhYMJPUFDTIrks2cpgLZUq8S/Zq7QrrMDUwhZ+ARAz
+hPeoQLmm6OZ2AZBfOab0/V9l5B7k1yqDw8lm2Oh9BPl0RXpcpPlrQvsZRCMQd28I
+8EH22LCNF6eB6OCRHz5Ob5y0drG5IDmG4iWWFiqcxF8BtDfN1wHgs75G9D45GUJ4
+ZCEJxl/UWOxmJtqU4NzwoZ7WTZs47TpVLKecd/a0gF0h2Jc8NFQbXuKoj8la0IGT
+DfplxWd5JVZp598/yMWP2JV7Fvx4HyqGPG3oK4hZyDCm4+BAWXcWw+jcYilwmxva
+RSScp0xtPriLecBSQaZsO+Pz0XzOrncMyPfNIZXqhOXjOY67c7fChPwDF9UV279x
+PpZififIK3R4xZHKKuOIqnxRBqKP0MxF2EI68yjdfmqDJFMZCPjgfUtEoJAC5gSI
+f9nIia/A0AWaDqtYx8XvBRS7W0OlMR2OcR/U92SLobKna8roviNhDpm4SciYRvLl
+kj5XXWFpszcrUsJ3a5sF3cvFjklJkeuyLGZIQxoMa2RQSSd3xNDKc0kn0v3w7fuP
+Cp2io3ipIEeAIQFnRg2Hszyb9cWgfXL7excsfjfIay5Mm1jRFDcopxF7xn1F5VCl
+CUnAB5wiVQtyFwtRzGfQcLkvxUmKkmrEgAVO4Co+4WE4zWhukNnVZbOxDbMAftCU
+7srkC9va6qQ7AvaRO4Q8zCi8K0k+UhSGp1qj5kutxqnZycEQ3RKGwxm0xDC35Km8
+WUX7Dx5NSEsrbaoyWxEp5RLkXnnM3oO36vIQFUpFdfzzqAV8UZYR4eHQIZmyiyXV
+nImH7N3JKJ30bcWjvqURTUEHTk//0gzjKPrCGUqVPdUPf8Sy+eXmmvWOei4gWvVH
+hlyvr1XAjHKU2LAxvCIMj41T7q/EjFVOQkBKVWAU2eciaWF2/f9M+XET1r6ijQvw
+ISORmGph2rbnydxPDolytXYn9Hjn+hqoPS2N7EvUPOPYGVn5lL5RvK668AeQRd0v
+C3zqDX64o1SQlv+5x7z+bLAkod97c9XIgBpjeZhEV25ud1gqkdkH7qT5oS9Rx1Kb
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem
new file mode 100644
index 0000000000..0e958cc03a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: AC 34 1A 99 52 64 41 C6 43 25 78 27 60 BC AE E3 D4 45 34 7C 
+    friendlyName: indirectCRL CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALbG+vkISj7NavKshMiFDWeY8m/KGblFRI+iNIivcrXR7KoyDka+l1GySD/v8g/m
+SPVWLySa30YPq7lQzK7Z1ZiIFTK4oX//86C9A739Ix1EpE5wy6N17TcN9/84VvzQ
+4F8XgfWArHxkx6iGwaKAewjqbWXrIlJAN/AEKIVdGRDKYJ8WjBsbjqOKW3gdqeXC
+NQArz2RoVW/HPAQ9UBuHm/HA6pucChQg0Etr5rgWXwVOwBz3i6SutniOau5f3LCt
+R572MrldRdQ1PyNlWu+DvYmeHkn7x8TfRdSzfqJcdZHxiaaD0rDAHL4P/VnPqoQL
+wNAkaumLXxYAobs3/eacM0ECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFIgj4bOz8mz+Mam+i2GqO5KHBaSjMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwICBDANBgkqhkiG9w0BAQsFAAOCAQEAOXdtPXpoRCu4kV9TYCqJbWIdroe9/iJE
+frHjG4IB7WvGNZG7X8frDJ6jpPPa99WsVTsARpcgIwR0dgsPzbfKi60/M0UIlIVc
+qAsqFCkxomILSXzSHgcjry5Uj4K5fKWPJYxjiFtBkL+aBu4K6/xuzFOXNokj3EA9
+dehWOrXS7rqxcs+bTEQnmg29kHrChbekChIOlD1v2dCwP65VM7G1RiqVUCeUu1uF
+JgSePo2t89Q6JupwgNmsR7rmnctEX+RmA0j2wLmEcyMEyuk5NaBDViSzmA6uKwxf
+1lrs9TRq9bHA/K7Nb0sUIxE0O+dMsXwjLDZjCLCcyJvE5ykw3okgLg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AC 34 1A 99 52 64 41 C6 43 25 78 27 60 BC AE E3 D4 45 34 7C 
+    friendlyName: indirectCRL CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D14DB604D7D17BF7
+
+hKKgFggsf49lZ9+bD89dr9Rdr59yV5eF0lBS7X1pqBL89UFMwl9FSVaQnyqcWREw
+sab3toOiYRvEHUCGM4Tu9ly121y7/KSkkEyDaDQSrW8RPrVJZ21pz+Gmr5Ryrtzp
+OfiYdCIqgxBb1mSkC9RperIEE0/42uN340sO4qDIGFZlgs8wFFq/7Ohm5XktJ7au
+iBpxEMmjG7JbAYTOdVQDnOIo/IqUzTd3DymI6YiEk/oxE9Lk3m0daHBlYWdHc8e1
+2e4rm6WUTpyuAs+XlJSi8n2x8bC432WIcH/D9w81nxqNNEsKd8glMzGUKnTb0UGD
+0+9+E9nV3i8cx+mqjgF9if+ZDGjN2Yj+u9O6mQ5BIP8BxpcpfusCGb6asv5zzK7O
+G3QvpHAK1NLF7Z73YhTjl1LHViPwrndHRtGbzK79s/d/tHFrc3i+8QaGklkwCJo1
+IijRyCqtrkTDIOzI+7iqmbZvUnecT4pL1l8JATRCOyDhV8StaimA3KU8NTEpYcJ2
+TCAOJgC5S2Q1bygCa64Rd+9+E/B+VbSMtHkaRmY9haXBbCpf1UA2Ylkxk/Wsp1zi
+k0z/W+4WeBdbEltpTBig7ofs1QpfbFAP/eItGlr8/dovLj4VRFIVFkAza+vZYbAz
+O9tikQ4ha7uxbHqFRIPo4MIy8ocwbzaNSTF8VJgo3ertjaWCM7SNkm44ERD7Ftly
+CObzXqvhltcvf1Pdeq1uISRvaekhBWe3vmEMx7mFrqucctLLkiF68YjvtzeQIszT
+Z923kYRuTE4ds/9YU7zyWAk6bTNQ0ThPZGcmnooxcCx0guNtXdXdZz+j9lmazyww
+INmSqoxtWUgnq8Yic5mgcu19pYC1aHLCgouT781T9p38Y8oBCSPBZEfV9n31xPz+
+dkv+YR9U6lR+kQAi3J2HWOaqYM/hs6SPXlGqCLCesANhlsiJoqeGvxYD9uSEqTzn
+/CvHcc/7IP2WIHZGTx7v5OPIdYB0XC41gqqBCSVadPjjwaY5ydmgPbuMgt6lVt57
+BjiGciVHJVfThITQ0rBsXZUoIWOtujqNB9rQ/Vtf9oPLjL84Tf3wPPtVlPtaLJAi
+s95rt+QkHsDil1sKky+eiq6n+dS4qI8HYvFrxDb66Dl59pWmrXxM7AMyBlKdBYB8
+Srk/LkCyRrHQYOItem/YWXAmKsvP/y3XNVAVJ4tsmrRgWomJegWizJyxlSFK7zZT
+7F76D3bPv9ss8/qZOd+z0brwWG2DIqZfofrIqPUACLIyaawDDoCoBZNHKvOTd08h
+8ANDHZbpSRG5P4U7pAGcb3fTiNYwRUq5Uui9B+VyU9Hkc3UPS0NbcDxRO7jyAeo8
+GUfuPswQDTZdCpvGfv2QfzxvEqhBMZhi6uSrxVk9cgAeW0ZIxb8Lyu4Y/wWB54iY
++nILagoiTll/ReaoMGA7ZcZriGlQi7eiUnjFtnSyKSojMuej86BNmBFjBNcbFo+N
+FFsF1MVyUN3W4AeZJvpyOpwgGylGh50F+yMDPufTfV/zeM2GcP+SncPcTN+MK1we
+lHMEzW0Qz0rgn3Aur36ZeA3O0YUl2HYG8OHXmLahNNF3FjgDdVcH2Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem
new file mode 100644
index 0000000000..a9fa78436f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 4B D8 D0 37 3B 66 F3 24 85 06 9B 66 77 2F 4E F4 EB 09 75 75 
+    friendlyName: indirectCRL CA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANiNK3lOKMs7e3En7Due5lbLp0+mhgqNt/CrFwdoc29BZ3O8NyXPeTN9giRZL+xI
+0af/FZVSa9cX7aYkDIfW1xBCENAqWharbOU6ChJEVVlbyRJnrRrsUfEKOkvg5rDA
+8/7x9Ow9/oLPBmCsBimTY3FnITv9WElB0qO2vws0rlpZve1LeNlO0Iby+w/oWwPb
+yz/v65+Ih0482EHo9Dk7Hyy7SFK03cC2shMGq7YYerpZ+HQDrmQ98J0UllLgbLoW
+0J2X7fX29IKbt3HHfITzrG5qBVmGAhvPLuRvOhTgNWX2v+cu24VlS1I054vojpzY
+l2emDjSX6dAXHJECDomk6dUCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFEiTVH3EbTD/LVdFcSTfTAWfSgAtMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABQ//a1C5EPLrPnVaIBZbc9JORtSqVNdd
+NhR2GhwFFPihKof9CvOu7F5bhBjFggPPfKzlKvHa0/V3RVMm5wpkMgNDP+sJJJbU
+CNGotpJGzxz0Qcy7oamq12rQZLLfF6+9Bhfl6v4/G+WdctDR9LBztruHFomj6WXh
+9ExtH6IVxv+byA8SDazPaVGegDHB7RB5mfScblzLYMiCE53zzA/vcaad9MsxndR+
+zPVLlvMHeCM+6+nv9u66dUqDChYO7hf6eKjbfXMLYqZkD/ODuwt1eGmNaw+JNgK7
+uR2OBjnbTpFsxlRWvr9a8LLdRv3WouHeLXPnZZNXonemz8UJxY8/bA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4B D8 D0 37 3B 66 F3 24 85 06 9B 66 77 2F 4E F4 EB 09 75 75 
+    friendlyName: indirectCRL CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,70DC1F7E38F226A1
+
+wcAcDokOxThmTTO/Lkg7H+uovoXaR9vgWtSdwk0HADNerrcXuXUJ2l1uP6avTDSb
+4Ecw/lWOb0WDZQj6CxaXZ1ZqxO74z2F7Ta3ho/oca7qJYoix6qxuzDdk04hlL6hl
+YiUMCPCP90O1FMoqR0iN/4j9sWaUv5cAtq3nYEqqI1UwcULeyPeASqCSA2Yuw7El
+44p2YEya+6GWfBz2jemDDNl5ofqZB6/McABgDxAQ39awXg+d3ClTb0tt+5Rvw1qh
+9jq4VOTEWOw3QtMq11/VmpxO1jur2ltlAU3L1Kww4lUwoR1TKndTGmrQW50cx0vW
+gEAgX6bLjbxTNJjNqORl62W70V9Wxc4tV43mKUq6IeYMQmJM5AdaDfZlSN8GyMIc
+VtpRcGCvUwfAjgby9VP6UCEOaTQhuRyGb8jsOitiImW9C7x/KgsTj9aOSvVjqd5M
+KMPfvcNPiO7uGPKtYFMt+iFdG3sm4FQ2oNUWd2nsnG/IEHrZZGmzXBJS8M1u0kEt
+6sHbs9b2j8yoCzv1tJfHMHWL71vxJ7zMgY84cxUyllFA2RZH2QEnwdUrR2r/aLP8
+hIstF6Aqd2dlEWfJ6/+EWPyiZngtneVDMY9GgqARb0+bOIe7CwusxtXrNGFV8Nu/
+Wjq3G1Xm85kXovPlb/2w+Jo1qgetPSIIV6nu5Jy3B+Qr0Iq04kwthBkusYqezdF5
+qE5D4ez1o5Kojy6NS9Gv98XXM41+qA3mK58v0PAkSMe+hmCwQPVjdLrejWcLKUte
++wFINCQGavl1KvVqHwrDyKr2OeH46FZYHy4kxK7gpUYaITwRuAhfxqoaJRegDW8X
+JILdphexoF5UtXuNba78j/EP4fBOCW4qLirh27mUBqPN/mjvwWcBxCnkkNl+nqy6
++bPk2uZV1vjC/g5lDTJHpXSsK2hjGhX14q92PmcTCSPJS8CU3vhYB+RfZdWiHaGm
+ro8+iESwTKleXQtQb23003kez7k/x/kaqDz2zRTM6QejbH/BCEw3lX/dCZqHXsO9
+B7PtuQ/vlXZKr+1OPmuAMDxC3uz3FK70WndWAc/Iz4u6MC5JUBLBRUbCKWt9qpiN
+1IqUCPK+duGy4t5zm3eR40F4gzNhQik4Fswtif3SLhH/+k2tZvdBlD+pW7wsHf1P
+UG9aVeF8nrRSOGxxm1QvUG29QE/CPmlr2dFIl7cJXUQlAGOkxyRqav57YKTgvTWq
+Bzsb+Rn2g9guN6h1eikF+LbvH3jDjOWCv5UQmQ2oWmeJMzCZ1BA9Zh29qbpgQhBm
+fcn5ymsh6LhLoOie+4YbAH1NgL4BN8GSty058VWpG4TuZ+HLaTi0N968zYWCE4nQ
+EYW1lOR8mHb7Nt/m7vLGoUsyJ4UcUeGRj0Ni/B1Do0EBkMkrL0aWZd/SkKS67TEU
+RNDUte2UXVTdUNG9O8cp3hosxeFxe+JkrH0jIMCokklGywPmRA6M3j7EmXB0bBx5
+1s5/ST2zSclDPWsogQ+WKhMsM1dyKuRPFHaKZZQd/4mvP/UZvgx89yORfTv/6HPO
+h/O5UkPJBEV9PQGWiTITDbZA7qwJXLoMm9T9iY/1xA9IFgPxyc00fYaa4/NQnKzw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem
new file mode 100644
index 0000000000..e860a06fd5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D7 67 E3 9B 4F BC FC D2 0B 68 1D B3 C0 0E 0C 8E 33 B9 11 5F 
+    friendlyName: indirectCRL CA3 cRLIssuer Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3 cRLIssuer
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIID7jCCAtagAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBMyBjUkxJc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDEEg/m18OkpbFmgcDm2jrpdH5AIAb02lmRStIbYZZu7kJ7
+WPJGEMbGezYr9zg40ALP2a8GIygEDNuw17xm6vAr0ivCYd0mPcZxZ342EsQHLvG7
+u2zsDqw5cfb7BTyn0r7yEiIV02EnKfQYWDqpdV6BoSKnDzVGBafwos3dBk+ogr1c
+2s7iDW5oHM8cypqsOD8Aa/LbMvu5S/qaGYJUF0HvDavQTKKgSq3hg7bwcGL1iI0X
+znMWbMz75XM0ZB7G1Hj+0F4yAMB5NsFw3nfSNYTks9XU2l0O+qS5uhsn8//5odLp
+84nTd6FxGMYXLIhxOE3OTlbszkGNKE7CyXpbVVDzAgMBAAGjgdgwgdUwHwYDVR0j
+BBgwFoAUSJNUfcRtMP8tV0VxJN9MBZ9KAC0wHQYDVR0OBBYEFJHROZjJ709UZYoY
+Ui18EhIKbHeNMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMC
+AQIwagYDVR0fBGMwYTBfoF2gW6RZMFcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMx
+DTALBgNVBAMTBENSTDEwDQYJKoZIhvcNAQELBQADggEBAD7jPyov+IMOSYaort2s
+i2Hn/Y+wxXnqcLw9sTsxCMQYSQTgvXLN9aG7wT0gCNGR8Xdg9GhsMDAqUjwiBto/
+RUcsA4a/8H94SmGpO5v/s9Ow1MNicSAZxn57nKIDhj2Mb4sHIxzEgEp8iclBKpYm
+Hi/J8IOQoSR5e2nZSDoEGZxadq+qZx9BQYlNCMIZ/w0YPU+Xj8Yhoz+RB6my11m5
+cCTmcrMThRIsq8m9NKeRokZnhjjrPFSAaopbVaIlI3d7vTfZ6xbqozxG3qs4fk0Y
+g/vMAD1kSMt+C/wj9SyzJfzqumVilpRozTvMunD/k8mb1kWbyij6/V9fm6gdL6eK
+nko=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 67 E3 9B 4F BC FC D2 0B 68 1D B3 C0 0E 0C 8E 33 B9 11 5F 
+    friendlyName: indirectCRL CA3 cRLIssuer Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,91F8DAFD91445923
+
+y0GoU9Up1IcqCWyZ+ELfoH4ov1/IoOK0XRRgjI2kOX0+KtCS/kEZa6mFZ0hS60sv
+ArAnokuFRr9lbbyvm/R7Fik8kQBz6BmMCuSNOL/UMPqhhjErvU+lgUqDQMVbEWTQ
+l7AYQNBtXWEm17HT1No9vCy5VpBipphr7x9OCc2Nan9ZHWV6Hzx3kTxBInnyfwYd
+uBwkoLkYXDqvrwkJiPokikc/DQBl2ksKNeWjBUbskwZ55g91qAVg8oWSUAT/picV
+aP9ZXnwYEFcWheooLRLVDyaUIRGlwiRV7KfBrIDE3ClySGdMTMmjzfRWdxk7tH/5
+qCL+pzWz5RGM+Uhvnt2sf5hWYE3aCfIQT2sLhkoiqG/j2FB3MVRl23JSnH5nqwPE
+093Suiaf3qUwCZZpgP/7+ZBftOBnvi8zRZy5RdhFotSXRQ16MNGPxRvI4eKdXcDs
+9rtn0b6NMPlDym7JjscfVgQa5bCFJeaV8gh4cEWYtFIjgN6o7n7RZIJ7ZZBi2v1W
+eMVLB50Nai+EsQr4h3plJnFu2Lh48MgAxIiy3k+xLTGTQyYxJOJa+Ms+jWSnjb47
+XzQLfrZ6NTCKpTVNaUNmbPeKPZ1cDV4RPzkZbd2Hq2gohr34NfBOBp3d0oQFCd6/
+BvD1ZTWCPe088jw+tL5QClXouBPrLTuCUKwDjCfXQLj3HWJixJR37Al2meicz4jx
+seKoygO6orVJubJPzAPF0zIDGS1m2Q5f8eT07Gmgv7XlxWlcxOtzP7epjjhlbumv
+tgRu+I4qBvLVuzVihKduISI9M9Epzxy/OxQMYkNxKt2xBgZucz5htOlH7r+HTHwT
+Xs9jBO3Vc0qsjSRuOBfIP6z4oe8OMfZmIZidYDqXqtcoHai4YYMNyUaeVqSLcfku
+QnlpGGitPFpu+7/Hp32krTd+3B1NljedRB2KWRb9fB8u7uQRoP+oxt8cO87G1XS/
+c5B4j33pvB90FSk4ljvXXWkqwKojn6d4w8URgHDsWsMJRuwrBRnguItgNL657JKx
+qjcTdOPZvFBhCPeR7zYAC1Sph+ik7qqdk9CAOMbFX8BbyFfE2GGdqNxHAiTzV8PA
+4A1Tv6dP5pAzTTf9ID/QugzKglCm3Dvib1fGr5C3aCc/CSdE0X1ba6/4X58IFI9r
+0rWwyMlPShStT9cFks3JeOPIQL/a2ShdeQCjGhdj4muSSdziUEGMikKnSEaKvk+7
+qLvoyIQVmGMx/zG00xbw3lB89sJq7o4KJUXEom2hTtf/wwhO4FYaFLwmBXup37Ob
+P8tsmWERiy2X6aWAtquFawRimb11xCWxWvBmjPVf7g+aXdxwUoevj4UZNEPuKhTL
+hIePovajLDFj2jvtbo2WBU/GHyC2jBs6C7hMCZBhpb0C12I7c28jqHwTdPtB+/ld
+fxudITxmsNQXW+/g90RQp2TuqllKjltjFmtgXT8XQR7SSsivaYhSvyUq+/qGB3Xm
+5MM75YDJjV5WNuFJtTNp2IyKb4gZ5/XDLxBJnuNJT9IFatLe9WkvdldSwJRhEyUn
+PTH5mD0oCCRr5E1Q7FpMsMSavbfN1c5zNZcMXT1Zy7OtEtyH5jAPHw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem
new file mode 100644
index 0000000000..df33028904
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 43 DB 38 3F 81 52 93 48 5F 32 F8 14 3F C8 B5 4E A4 5F C6 33 
+    friendlyName: indirectCRL CA4 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMIccFW/U1iXfJpLneZ/qS8p7kcRZMEOAl4wEwPcQNFqcceBINzwzkHMnKOsdbXI
+h/9p2I8+uzRA1zNLL7Z5jJdCskLR6KcyeK/PatB606UOKASrJssK498OHhI2GAY0
+/htTk+Gh9mKEXzh0TwpT5RMeAQmz+0rAG+InatLWzSo0js87MhMcgiBPCm8nVMw1
+31Ju6DOhGJ17zsjWCQgq4cjvniJe0oBmiZJI70c3BjfSyETOLENCkp2iV7v1VjiG
+Aqo4K4iWBlhE2tTeK4gcRdom0I+RMsUefz2TawxslTKBT75jbT0zLc6KcKuawqQi
+UTSeJ1pId5NkBsd3I4iV76kCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFAxaMuqUASALqKovyRLjLkECgui3MBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwICBDANBgkqhkiG9w0BAQsFAAOCAQEApuBvFvvvzaEhVXrF4iklYuwhN3XOAIYl
+iXtVgh7+eB3hLj0yI3vlIRe7FaiYQJyd4WXQgfFtXNnjqCbQsmHu+Z2La2INu1Z+
+GmKryMZPSlceyYlovW2LBATRf4XxzusrkKZ1ovW45wpad3w9x2Wmnyd/+xzcPCAv
+0E1GS/pstkszz46E7S2dtEab9mSHADwesx+rese6zbdqT1wLNgxVu7BIYylgCmfb
+TV2CyQCeatdtAziyLaHtqK1NFWBLDp6KnlRXyjOYg1kVUNX/qQVYcb2S+OaEFQQk
+M7c+30FSksP/pWcQ+MqpLoTpVT9dlwYX6fWxGGc2hqNW42A+7HkJXw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 43 DB 38 3F 81 52 93 48 5F 32 F8 14 3F C8 B5 4E A4 5F C6 33 
+    friendlyName: indirectCRL CA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1F861942A743C6CF
+
+wK0oBQc+fOeGBEjxMYsOZfrZgHK6lfs84YIlAm62Dm68RErR/Vb8EBc/0nxjv/hv
+VAgCQGTOqLootoFYunij2AYWZj+rUWlbl4CzmupOIpF4RU58iRZ/StQM3qBGiB4B
+xywYmjCt6A4/9x2fRRpc8mAZ1eAAkPuR/GPlxvZBjwueHkbeOw+U3ff66vLN9mpR
+ut7JmvTP13clfQsTrvyo2Ru0xJEOKhEVRm7lfV8EKviFK63jyZAIuHj3b244kgvp
+9XiI7wvn9mTkl50fAV2q+lnKbxBcSqRMM/YhDQ7uRI3vP+5SRZjyOtZEJ/lcWsOk
++15ZvXHLy5N0n8NgsmL/rNpxsyEAUZnzW3jJe22UAG/VxXldm1U5+Ks060KkWw2I
+57ZbPAUQFt9Q2IvmNmYzU6jIsOsfHILJF2PfEiu03P6OQOW7c4H6BiRtj4/nTZ02
+HLg2GYKXIRFlyoSSmla7xA6c05QKgbXkARPLNrQeF7gRs6Sbm1MBznXXieGxlR2s
+Jq5+9OlaJ0TuhUqYbZxcytx7PfSVMHt0D9n1oAc65J1ik8KcBpdmSi1B7brxUH4w
+r4yQvGDuui/uCSLzfW1RNkug1jSUI/2mBRqvJOTzqFblLXi29NEb7TzDXJ6q3qe9
+sFD7ZbbrphLCl4iawJ7tmB6+Uz3+K3w+mkLa3muZPDt5UZ6Y93qLyeQNUk2NL+x0
+7FopkCh7Tp79g4oKWZ7MFcslyWb3rrd7GuPwFC5c4+W1k1PsEtLnpaAxbNLg82Z4
+tXeDnp8HqNk8G3M++193LD4syc9GUBYFc9ToP4oaDVjyHc7RYy+SjfKyh8Ij6U34
+1Ff2uctSh5x93xEhYwh0URdwnX7OrOR8Lo8OPqmTe8qnTJ4Z5uRoMVXxhZN90bp5
+IyHmaJvw/gpNFvTT/PTXzjQYawqQQvDAVXTzOyUPgijHivH107JjT20eVGKdIuLG
+Ty59T+MPf9wamIarR2/RiMLdk266QJaKlR24p1/LSZmgu5jmP5O9S5W3k5Z4VBJU
+ZSv7Z+fw9YuN7vwNWxFf3djLV2zzp/AGc+CdTWf7hUVTs56aSqO/AYmPpq77LEMl
+HjyqNK8dh0VLJHBBlECNx15LCabpmBO2WwpH93BIogC/NE39U//MmiP989+EVZK9
+tplu+EEYVPQKJiKgaeSyAOcf+PUJJGBKggAQrqjxmoWjnN6+++p5koZGwwYQyhUj
+eT8VfphlFlE44d84ZymVsqrJirNrriDOfc8C9MDi+jKrcI4utHThXFNdDMZrNmE4
+dNjibaSn1Wi+YA6fNjvTfGRUl8taHUj75F6Nj7C/ugCKp6AWnYMEAvDBlmsgUN2J
+Eyw0eIkqM7nAqQhnxf5bgikKA3IZ6EjYoDeH6MgigtPEUg/pOEbRrfF2Lnc7F5mD
+7BqdMu/aLY/z5fELT2jADaQNaexoboslnhBUHKcVx1NwYB0nAECGKUf8b7cd4I4q
+2Cvz+j5p2GW5g8hbu+rdMvdueanM8j6j42LV2eBp5tTLyTB6a0wnlLxawqKYbcc4
+Lpbe9ngqZHoz/x+cNyCx/3YX6QeHWQobACVe6fRYtW2sumwi/Wt7Pw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem
new file mode 100644
index 0000000000..68c5c76a27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 8C CF 5B 50 6A 15 7B 2A 06 9A E0 FB 03 9D C2 ED 71 5A 7D FE 
+    friendlyName: indirectCRL CA4 cRLIssuer Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4 cRLIssuer
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E0MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBNCBjUkxJc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC9xeOutJme+85JOGzcNASVfrEKrSri/RMChEdBr6Fh8V03
+G3j8wKFbvoubSRpFn14/pqk8VyWURjeqj2knSeYd/WJI4f5k7GTo9oD9ysOIDw3u
+giAY2IqQAUhwTyP6UhpQhXNPnmHpS52lUGIe7Naq5s1UXaTc9ofg/qKRSHTOFZ6O
+xO/QwPC5upcZ26ooEV46qz4Qe0tFO9vGD0XTsSgBKwguXPlxd4Jkyd1IYh7QfBqw
+5sKmJTbn7zvbPJ5cnpkJvTyQmiriu/GnmgBmYE5WgHd9LE4iSTfFuLv3ssaT41rM
+yq5OJzi1J2/xS0g++9Za2Tzxqp/0gWVYUYfM/MUbAgMBAAGjggFdMIIBWTAfBgNV
+HSMEGDAWgBQMWjLqlAEgC6iqL8kS4y5BAoLotzAdBgNVHQ4EFgQU8wjrbbnFoBCk
+2gRF/696R68RwLkwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQE
+AwIBAjCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkGA1UEBhMCVVMxHzAd
+BgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAsTGWluZGlyZWN0
+Q1JMIENBNCBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5k
+aXJlY3RDUkwgQ0E0olakVDBSMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RDUkwgQ0E0IGNSTElz
+c3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAnk525PYwE6GN0KVKCE4B9NFybrWSSmt8
+Eh7bG1bLDfd7aBW2yjHSR0fr2KpYMW1OCB0aS7H9kOOrMYoJIW+fDWmw94oUhML/
+nvrOGmkaIuoPFKY1rI+s2NdG7taUndMw2KFGprToowQtWTs42f33NCi8PVmppXKQ
+HbAaPFl3TBJ0fk1d0dmnpqYGHJqgRSbt/qg0pUisYPhMqD4kT/4iJihkfovfeccy
+rptvHA6XoTVKREP97eCKGpK3SZ5eDoVSlT84nwlqDlRzvBgCnyRyR1eWo3lmWjox
+EmqYwJAXHfPRumgNMuC6ccAEzUMvPacD8z6fCWjR9uKUE5opGo5ffA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C CF 5B 50 6A 15 7B 2A 06 9A E0 FB 03 9D C2 ED 71 5A 7D FE 
+    friendlyName: indirectCRL CA4 cRLIssuer Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,95D33CFA36DD53E6
+
+ygCly9uXoWW4ISD+WxAepT9rBjaL7KcFLxrxD5s+xmWh5seZeVlmXsVOdebdkbdV
+AZWNWTkw8Jz+hXmRfHEkvJLZZwCUL7s05hyWgxJ9UjT0iaUQIlwJErcm6JyaFkD9
+W6g61L57oLq0rrcv1KMBjD52lwjtGN67RvesHxLeAVIndqlhl00MhbCe7cOi5oVc
+hsRjqoHQ1xVdNQkIdFzK+4nqF+Bz7Nr4oFWBk+CbjWHGL6MTf0mNtOZnrxh+O5d1
+aEomxqHtW+JyLoYLWlLtfJj9kWMJomaO/c0xX6FZ/teUk3zXRxtHcDocrCgvFiFh
+TPHkCvivcH6bTqr/WTN566pZfodJKsqZmV8/Y8BYx2ZfxWN6JxuxysELP7hPX2Jj
+1Uub5gXEw3GGpXd1OfKm42vvONd6usVbfe6gtUuH8WcBArZkNkIjGrtNA/HVUenx
+jv3HQyfOHufcBrEAUqwANXjVY11sW6ANPSBeEjnjSzFZ3BlPTdDJs0DTibbwLjAv
+IR4Jto9xra00Wo2vRNpr0yPXV168xL7pHa3opU7jlQCg0qUV+JTS/YeBfRJRzM9Z
+Le9uGl2xYZBg4IgoMLl/4czn6NmLxp1//vvC9r23e7/mqCZ2mHLtyBCcUgLkBlFl
+hkI9gR2QEI0cn7ESY9Q3cMOxb71kpXYRzbW7qKUagOkFzgQTftbxPfPQmUfLMxqP
+m9cqn5PyL5QQlDfBkm5NGsHz1Nx01bH7buBSh8HLEr912UCZ9wWfK7VMjxu2hObv
+UE/B5EMudav1PT0pj84HZBWnmEHFkbZZMGTCiC3+H5rQQIQwC5Jbk8dAGIur+yn6
+j0iNybXdtYFyzV179h+FcIYRFMVIbGhVGd5/5kBeAqDjuk3WKhwC/0rGRyTNNbki
++HdjRF51rZ5E7ZnkDCW1asgUeu/mWyyqbg/Sf/CI2SHFM2BTO4QnmBhuqUOZemgW
+1CS5Os9rKpMXh7g7xRr+H21tN6MqCUoVQi2cQfpV22VGF3OTFbayw0bMQjQO7cmO
+4ij3Q0MTG1BeAUDiFxs5ler43HmhxxMW3psyHzG4mos/IGkL2Uie54JwVjsXw9Bt
+jBIeIkeqSDCANC8s/Vs2oq8yZnFFNrHokUdO1FvJ/3ADrwpizhvzbqe1T0U84qH8
+7eJKgQbzcoZzPmlgBQmeHkb1CGsKxxTZ+Z8VoOnvOh8AgoWcan3DaShv8OJMIEaK
+++QiCN9AMVefZvWniru4ehw+hq8aFM5uCVTDIrfjsEPJ7DGmVtl64+0i+30ab06R
+LEN2O8T1dkWWmzb6Wow7srTk+seyliAvfKXWoKwpYXivK1ULls6fEXaA/stfcZ87
+ZmlokqTlqDRBYxuujuPlOMIp755FmX7AUIAVFp/HKQCS8hb72wy+ETlLhhfrO1f8
+qFi5q+DmE7WwBKm9LnSGutSrnEXYad711Dd+aFa2elXUKXBy4GSHMDDAZTMMK4vB
+f32ql1j1D/CicVB5ubg8Z+gAu3QbOe7lvTzS/9TYltb1m78zwljjQcT5W8chCuV+
+uex0J9KInh9PwHfDylm5vpNp5gdiTPpktlcGan5t7fRXaJ2qmmUSfQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem
new file mode 100644
index 0000000000..b2f82c1a97
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 27 4F 1B 00 78 11 92 48 98 B9 DD 80 D3 52 B9 CE 73 4D 3A 67 
+    friendlyName: indirectCRL CA5 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBWDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANCnFJyRRuG+54pazi6+E/5j7N/GM+HyV8HeSNEtF4lXdOxwaU3SnKYCmJNMM7MT
+lg+dkilaufu3TV0Xqb8jgXXP+GbTVHLk6bzTozhDhh842cF5nFfLZvpp63yEDFFa
+bAmlV7pJxK5mv+/SQHIchckJOOZCgrcxRulUDF4SZVhXiyowX2p55Ipuyb/Hxbea
+i03e+SKptH+WltSwtuRuI06SLx9sjJXDQ6xdkrZMogDNTicjz8A+dbHMLBoxqHDv
+rsCzTWTPVOR0y+AXu/5Skfc/qsBzsgSSR0s8TOBflnKFVQhXncKQnlUtzxWAE5Bu
+rjKEgo9Ubvuv3oHQhHDkh6UCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFIH3qr1IdVmAsM/fIxid2JNGghazMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAic63G/b+yfTHBtYeNKkZwT9RWSs30IP6
+oSNm8yx7R8kbpKGtfUxhvct0V/0Mn88yPf2vh+Q1ILHYltgyflOO4TiskFy+82Ug
++IBibEqBafQqGEF0jfzw8ziNjFxLIZbO4KKdgbCu8lpK1hE4DJZSO1Qmb2VWu1cM
+obQxILQpT70UtUThwzILRMDeOn4suF/cMLzhyry69UXwv5E7y4pe4/jJRkwFYPpW
+MOqCTs6jI9y/0fao95iwi0FQVVoAzu9T4qvAageeUcaEIM9MhI7d/lJxJhdI8UxU
+HaxFfVvarYxJ6Y566RKfhMS60QX5Y0HT1IbDPTiLNkvBJNlOMuz1rw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 4F 1B 00 78 11 92 48 98 B9 DD 80 D3 52 B9 CE 73 4D 3A 67 
+    friendlyName: indirectCRL CA5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEFF90C14C4E25A8
+
+/Uq3XhQHgdnCIUFfwm0F4VHwNuiLV46nWrchtUiDA9gtGOZWuDZWBw0Qma0b/AFK
+uzQOeXDiDL44WwntmcR/tqHT7A0Np1wk1HA+XZg1MkLPap2W10fn+R8PAguzboMX
+yjGUhhpbJ5lzdGNZ8qQd70t+K1oHdY0e7CEWkqG6/6jCzRTMn4WGez4Y0tz/TAjZ
+aV13WHuhlokWL72tGkkVvWFIW3u7ecO3Lq++zc1M67e1v3zMTy+LuKjejmQDttXn
+hvel5/F919/Kd7Pxf9e0cjNJSBeymokEiHvnckgDB/CAe+sALVMM+9neDu41kskc
+8JoZ6xN3oP55/JCcOl/oUnr4zMuZ5h812BQLl7QnBpjbwiurtrNQwnD7iYmb7RB9
+lrBjYfs+OgLIQfqVYbVAKL9DxqGil0HzYDKolNX6PSewl6KNsIvvDZDI8ylpb6iD
+nche61yNB66CR2dGDUZtn3xelGo8AqKkH8itBXssYvhC/38FYV3uLtE0NucAz+IB
+WheyC6p/6EQYg1z0Oxcn3LxS2revY8W8HC2SrhClTxrSIs5B3yTTUgzKEc/fAOtI
+GYEy0YPpBjEOxBhnicBYFfSqVk1Ky4JyOOBIGfhEm67n2UVKM9lvuGmB5o9Q5/bb
+kQv8DEWCtf3L1RZN/iR1Avm5c8gVy4aggYiuJncI7ZACmhuFbZdEgVUMg/aDzKqt
+phcL8Jjms7x9ZYZr4xSQcsJOtqt4WYySPFqk0xukytvWJEH7pa0xp35ycSo4g/U/
+1EAq9jBRzSVAe/+ufsE01Yu+S/xjPwmwS9C50ArYx5sFzk6YKYnYZ93j4DST05pA
+7nCoLDFLSKqRscLMsjEppPcudv/TJhJQmceTtLfzgat0zTkfUCALNuAhfCdai7yl
+l/HN4pUQj2JXPiXHIOneybH3Z4P/MyxNCDmncI1ha6ZYuNLqcSmIZUJz7cfovr19
+Z0lWl0OHSVPkav7m+UIYvppI5f+PFHsuz7+R/im19VEZMQ4sseswvFUYAZ98YLMO
+bgtsvo2iqUPSka7ejFo/pmwQQlFyQEd1zNXCUF1wEVqDH4kejz2TjgKCtDGvNu5V
+hQ4eeh5m2XkX3IlUMJiFle8Y5W422ekk6OzPLmVl5/iPrCVjshlekcLO/sPPvSeG
+4FT2DPk/twcEmCJ/Wg0OcGk215mspNwF6Chk/5i9BPcmdsLjT6NFygeTQYtVAOrA
+3dqoNekvGdH8FmgA6pCCbBUOBboKbNzyhE2pOsAbkbKPzrrmKbMO0516cNI4nfq1
+92S0owEUqH6++ua6Rp85ngnjm4ZFMa/CCw3lnHJN3EpeQTQ2EIDwnrJ1WAroLZ0G
+u5fBXJrl4Jj7QdKZpayd8vzrxFkOnT+PzHJYTQVWhk3bHFaPWBDheRVILa3uzFEj
+DCkGKOJwTzc40QclIeexMu1UVOjPtZZu6hdrIQqI5HEMLLXPbfZqlqQ/5YCr68FI
+XEweTp5HiZGWSd6d5o6u4lmRsRVoMCuZ41AAhMCLyCUnXUBhu/cXIi1SaySdpss6
+YdQ7GkuvZ+ZceWyVh6RaCba3eIrxo8lh1ZlJIRsX4stvwH9MkSNPSw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem
new file mode 100644
index 0000000000..6779e6d5cf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: DF 60 70 22 FD D8 66 5A D6 48 71 B5 FC 7D 66 DA 67 7E 5E 0F 
+    friendlyName: indirectCRL CA6 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBWTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANr4SdBfmvVoe7FX9vAiUwmvImwVjK+B8t83+7CNGq63EWeLcQztgu2PU0p8z3Y4
+txQrhxgEbAc8WvNnLVbPRwqsf4EXvugsVh8O7jVzLy9BTrmlGPRwk+dI5LFlCZzJ
+VzdkAUcK+Q7kjK4OfkYEBo6TVYDxgjm14NbXNVVKahJQwTllUTITtQ68dwd/IUTt
+Y1Tpnb2DorIwyTDtesMzGD4118RxyKmBwXICic5Da8Gh+laHXxiz66voVvzmed2w
+umTngY27j/VgoHkc4ZMV5S5wFfFnpZeqMCi72Przwjyq7KCkB1LYjJHcfkVBQLDd
+2LjbqvzP6CB9P0cyzZXtfHECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFB/JII0Lo2wtd08T3kL0C7beKnYxMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWH/AphxOKQid6uERppifz0XnqpaHMW45
+GKgeywO560Uxfw3qZQesXDRUigcMh4XKXtysK/ILWLiRzIGhzJ3qR+uo1g5Paymv
+76azYg5TQbKRBnqTq9w0JcrS3s82kKfVqQcR5PbmADorGFMlxaGdVMFv2ImkPKO6
+8nm+S0X/xmjdLkVu8Kvbw8za8+FQ7IoCsBNlel4NVf3Pzg2wpexF/j4ZFEhbv8D+
+1VtoLohdbsQAb42KrT87x/xTTWqN8+zbj0+b8As6LGDmjZbuIeKK9NCbh90edTQC
+o89lhuALG0+Zk5sFhoYZ9aHjLyOEUjkm2kq+SD0ipCpb+/sCRyy/MQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DF 60 70 22 FD D8 66 5A D6 48 71 B5 FC 7D 66 DA 67 7E 5E 0F 
+    friendlyName: indirectCRL CA6 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DADDB1A0700F3513
+
+zQhH+108kzz6dq73i5aD1o/KmXUZmMAn+7JDTpSPl2q2uOWD1PoOAqaAJFsB1BxQ
+QpqG5Cnl+9ogcC+rsMx1RctN4sIFd4nVi7pUzb+GIzOkLeiwfBEKkIfOCjKc3dBs
+slVvww7VECcTP64hMpumIP4805QfAm+YBVra4dvLTqXretUT/38tiEF1pax1lZPu
+SQBzE9nIRtCkmbHJS4cd/x3GecOMlUIVJeGwqkLhtwk9KasjbSDUEoj+TNJbtQh2
+amnAfXEu22q36bGyZy8sBr7inA2QIJHtzcXbkpbVjn6tIoyrvDQ6kYhtvFmWkqde
+NVWg/ef8c43bskiWxQ6+vmQvGNo9k6XUmjiv7fo+sVWxvmmS3aq2EhD4CUPozXMC
+7OqT4ZW8dZys4YGe4vYqIoaZXj2CupZlOAKxr7XC4eaN8P1ZBhgXeKBUvddAvCyy
+CeUxAfJ9paCLYyNw/MBlMbvzbz475wDSAj/qWr3YDgJCBWXYCZv11oTE6H9Au9om
+WBwjgjUzcZTXdFTOfxDNwo4qs8zbpCpASqgs2/ofsSIcIsshkZsmndg+oJsdJp/+
+G+rDaHGa4gfbGNyd4onmTMmIAUMi+BifyHTM1nfOj31ogJUKF79Wk1Wm3JWZ8P7W
+vN0a9FTC0RGdOhE/yv+uwzKwulYoAjUQdqoQQ/pYzRiNB8wwp1yqlVakBO9IGOWo
+xb+PHF9HPxbEgbhb3k6GQIQDCV4PkHOu8EW2L0CKO3arCvLpT3gVn7hcVp6fVq0o
+bRUcrtkZsZaVamF4+1LIJjHki8/X1XHsi5LRmuFMQn/NX12KHi1eYyvPHg6hnnR3
+HwIoYzXJolUmnMDxo9ql8B2J5Vtp0sgI2sz4b9cI11ozg+PUdwGL9/4V4s1Kv404
+L8vP98YE3tlrvTtUYP7YV7kZxlmXJ5PonSd2gvzOogLMMxnRNlhTUq/zX4lTmx60
+y9YnA034/L2MWAgk6rCg9lvC0NEtXQgHzIZV1TyrKMpdX2BsOU/li9P5JoFOkD3d
+jdaI9af/8+XMkePh+AVHTs7NVhvb7Dyoy5BPgCL0XwDt6RkmcKSLAoXNutXb6jLp
+K3ROyKtu/C4nkCDedNerxdrQvrKiS7FUO2+xwdhsU6vhaWw+87P9GFoI3Dr0jKvO
+ADmV4H0JKbk687DB7NVAqq8BibxdD1d4rUZvio5KOal06Tu2f/1CewA2a4mMVj9E
+GxqHDOrymDaNg5YLu/H3XDCWwC+qszsD1/2fzwGLGgZl3mJX9AJx8c/T6axbqyyP
+GIaLkxwrN9JtKO8+e97cCKUylt6riLa/0tiAPUG5RJizBi4ey677xr1L2ICExFqU
+lDY22m+ezGwrfZhi4yVIHS45KG9+pF+om1XYo4cqmAHg2QqEZeiEOsHgvNAbyQh7
+1uhPhSCUVsAlFqWZr4sJLt32Kih7KN2UqAZBGCxox+l/h8Vyy4DZwAvygMU+yYwp
+miEUhtB47LBHTFegYLdbGnPm5WYHppECneaIsqjgXC3TXqAXpEQEi5rCBIRtpqUz
+7rwjlNmY/k4TQhyY9ielim/ouA7FISvCPC1voCZYHtZf29EVvFFzf+C9uLzA/31n
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem
new file mode 100644
index 0000000000..bc04fb9c3c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9B CA 08 2F 8D 70 30 97 45 EC 2D 50 73 B4 8B A2 ED B2 53 11 
+    friendlyName: inhibitAnyPolicy0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBOzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3kwIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwm7RmKNqzNVB1upuD/XDkNQZe330VuJCvAN9qtUbmOwBCQ2Imy3G22tO
+o0g0sd0FlDusckPU2bfVW59Ya5SQXlfQq3Qu7dmr4SznXyLwjEFkJex3YFi/0RiL
+dkzC/2ZK8ikQtU3HHznh8qImo5sb+STz5esh+nqtJy8+eWf+PzIRzVtGxxThnqCX
+fwCOYcgALxcvZEyfGmZpKGjyVGNTmmLXYUHPOaMN84+sTueys3R4WaidErJQihOJ
+I0D8k2zNiP44crr8QaBPDYujleFp99ZoL0p0t9rb/i91Oha1YR4AriZOkSdZ+12f
+l4oYmUVSpiSr64wKFCFYOTybXDHr+wIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQYoKB6av9qnYWCJM3DJoX4v4o3
+BjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBADANBgkqhkiG
+9w0BAQsFAAOCAQEAYACyQ2xi2/hapopt7cI+wPFzJtn2eSzNP+lkyRkp8VbtFW6k
+35IPAUnuS+bcB92Cn0LwwSXIzMJ6Cs2su9UmKox/psMXH8UMeebjL4WtpuzqtGLX
+eFVo3Cmfdih0JICYo952u0Ugzw5LQzMMNDgtcSjlo+OP7ksOyvP9o1hKfk580cLV
+X+PiJDmqGbnP+0ERDbN4pRQvYNGNFyzBgqGpiIENgWIJwc42HTHpaG63Y/tVc30M
+3Gh3//ZomjVlWg12PLoYefV3xv2TT/uK4zb3ppeznSGso8sCYh+/p6/T6brIyqUh
+a2yA6ge9SUPKy8EVgqo96s7ofQwobF5DOJ9UBA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9B CA 08 2F 8D 70 30 97 45 EC 2D 50 73 B4 8B A2 ED B2 53 11 
+    friendlyName: inhibitAnyPolicy0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9EFEE878D3C13B53
+
+COl6N0BIwOOAKEUyflxLC9tGHBUEeuxCMytbs6J1DBteOSWocL81iJlPHCcDsgo6
+cHS0sTXbvbxC2le816uo1q0gE1OTKZtfL6HOCOYzK0lMFKAFP1aS05rccR8r+CdF
+F5vcIJ1yyAhdiqsr6LN3m2Px4COz9SoepzKxevjGoQBkU1LsAlql1cg+xUCwVapv
+nRoq++fAzF16YOLER16QSMMJm6gRRDstuu8ugrV3h4bTy46hsHmywkDxhAdaYHft
+Ao+I39Bq6+F7VoYTKq8rogA51ML3mmva0sQd+4aLFH6nm/k2QkKwxawAimy7zoKk
+6jdu0r+kCN+jXGqFtg5lRTdM2WpuHL2Hustq1t4mGQSEOWgOqW98VIKV8O5Yb6be
+xz1HaAPEYaCOOydkCQW7Gzk8nyzRmPI4zh1453kF62p3O69IKh9TkEp/Q1Op9hdn
+iA8W3BSPm8Bm+yEjFu4PDQCS7N/FjWhH4nfb0/VCZAX6KS+lAxtYTLDf5klgS8pJ
+zhYGqAH32sycSzjuvxWHxpHRs4vL2izRQzKWMYpoLaldElFAY19eKiVWND2Xma0O
+KDjdLRF4XYXoqiWAAPR4amdPiI+5uRmHcmvE/kPm3lYwBEzTt9Hg9NCsL/oJBKld
+Tann2JtXa5vzvKXlRNRoFNlcu3CRXfxsVbwh51tiN9S1DlQOMH3VO8/odhk9Ei3b
+4t+/xhKTEpz8O4i6n61Rww23+gkevgXpMOZq6pugngJQB0gDSzaGHQ4j/P84B+m2
+WrqLaqmDOgS3d1K4jzhMmPLnYCUXtXRKKVQ3sbgMsWSp5aXsHgXd9NDLXntZ1Lpa
+359MJCWMirfV+NTOPtHzfIsxsFxmahqQjB3PrkFHnlVS0zWsYR7ATSYfaSatzY3h
+B7GiJDA2B7YAmO3TTCIECCOTpOUAugA+WhxGKIH5L8y6+/ae4fgpkk+vhWcVOPyv
+ZiWfqZL9+Z6dTYTsz9uCjeA+XizCFI91XwRpBUcdW3ldxnoXIX8QJDJ2SNApkK9h
+KPeAIztz6v81ylSkSY1fYfmy7QwWqmCw6tndo2/GuGD/jz0lYfGYSYSbJ8FAXL/+
+Sxshv5E2Oqdth84tmCb275Fut8y4KrH4t2WzW8J27WzvcWHDv8jx/OaWJr8eSdQr
+Qw1o6Bd/CgcOKtY0sSk4cRM4u7llKDZ9UDS3KrVyST9Z1cHIG2kXbeKoLLOpLm5I
+x5P6TU9/t9QDaChtwKjxTs22oWiRu2ZPSggvwHfAU8zxOyDI+PTZdIdpzESWV/7S
+pi6S8y3C0ey/8l9HC6qd7khq/4jt4dtCkIcsZpN/xcNfoe2OItCb0fwGd3xQh0cg
+d7HOEEg4ZIbM4Rw+t4qy4hXj54P/++SN0h1s7PPx8oUBJsOOTDJdmRCE+vxpeAMY
+NkFlpIQd+btxiSpIpa/21qoqHbAL+LiuBph4grHHbuTXqpFyrJl9SMkQSccufHI+
+GZl1Sax8ggS7JVRbP6DlyPAJf0T89mKMnONCtn8FcEJu67SaSd6gO0AKmER4LVmf
+Ydeb6zEwdxIbgbbFfFo8vsTF9Fp1AQnKKhbqW94kKhIPB1Zbe+f9/keNS0E8OaNv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem
new file mode 100644
index 0000000000..703bf6857a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 21 4B E9 2E 8E 14 78 20 89 D8 37 06 15 99 28 E7 62 26 69 C5 
+    friendlyName: inhibitAnyPolicy1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBPDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3kxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA6zBvGZdcVEAf/5tkGFfFnBVSmugm+C88xlCv9nv6QizfRFE9unEgMgC0
+XzUOeYBfsVDD+s8vjLW6l1oYd/8dB8nj7yPL+Zp8tjANb0Pm5Q5IH7tN+a/o81Jh
+sb2bJky9jSiKxaFNhGHZ0uKsGYZn1im5XTmqAshVWF129drcizb7//FSTeAnkjpP
+Qtb0UqQljSTeuXIdDUnWSuUvJHOzlK+wJBBBlxQQU9AFXyPSejLDLHEyVEgweQ2g
+/PrEkxBpCl84BSeXw7hOyeqy8W8DCRlNH4vbi4UESM5nydgHbpi1WJg7XayRsv4L
+YtSa424ueI3H2OG/lfY+6NlBJl1PewIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTYpp4nlxHDjtQZIdcgvJztoXvy
+0zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEANF4unXV7d2qUpPtdqy72XTM8e4g9dJGOS9XA1xRPjh4flZE/
+7DPh86LuhfQALvGqlwUcjTY0ZTRq47YKUqj840+y2qyii4QYq/USs3TRqlBZVWYL
+2gKOFDCGWl3MLtlFR4kgRmMpcHRxuE5fDHNdSBR/o9Ri7/9EIOjUA5UWjCYk7ccI
+oHQ3vVkKspFSObgq23zJTsahW7s+mmxbwxDFQVyQ6K4jXOnemBodAIin7KQXSaPq
+SPUOcOFTf0430xU+HZFahy8Oqe9PdAf1yrBiMMG4W59Bly0cJsFdvEgQVDu+h1S4
+gfrQDgV76wl1nblJHH8uFYRFdYG99/Z45bjIVg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 21 4B E9 2E 8E 14 78 20 89 D8 37 06 15 99 28 E7 62 26 69 C5 
+    friendlyName: inhibitAnyPolicy1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DB75938147E4A4F2
+
+Z3WFBDKFyqbgqjWLohTujouVk1bgiFIZ7hzfwstNzrrsWOsP3ECfKkvGCwEDZjHD
+EJRKtsxjq1PSsfnF0N4z3xZtVSySPlVBh0sdfps2M4okn5Pbn3KRNk1WXJIbPmLo
+DAzBce+CT3GuMoWcaL+9NONZg1Y2T1vXrss3qOQLh9xrG+r3MGIv6MswlA6YHgdC
+gzSeWKE1KfH3YWSj4N5tPc0DoTiwyr99SuPzQLUm5jSe8a+vQavYWlKjubk7r8Hc
+fQ10jqTZBO5HeSTXgvJtzwSTPuuca4sDuIk1oHtIH4FDuj9IfcPnXiQXeko9PJ97
+NVZYpOVdM/t9GY2ueZcu3sa0UNcLuL5gHMvfufgE7g57kWHmmHBaHbHTB19ah1B+
+drjpT8k4pUnAKhzqnWh9RsfKBlTxhG+cWkJ2orK7dan9U5ksG7pWOv+u907+nsQs
+bzCCkz7a4QDJQMK4LXxMfXWA2cILlQW3ZgEz3i5PZOhfk49Q4SMeZAUIgWKhqRDt
+36Dr6H99S5kQ7ruDtlewCUTJIAwrxefBbs5+3S2IWQJs9U3/AP63+Cf0dkHDWO0P
+yvCE2eN9eOb9rDU/OxaZtBz2vpFmBLNsyArMdQJE/NDQVKiFgmCj7YSY5eGLgmNs
+vKfZ45bcex8XxOPhwvanfymzUqItCx/FJqwgsmllXSQGqAoQ0xl4dVZiBy7vpWCf
+6GbVAUgAqNE07utLyBhzHlB18/FcaK4Q7ruzNl6OdwwEbGaQbanA/eYD9SF9Ih8c
+zD2dFT7i3fWfcr7+7r/49neG4YN2A4b1pAv4m7owKGUSQQstETrVkXCdWL+ll2Fi
+IfSVgm2ymdIYn2bB2C7qYbisF90Jh21lIITufdZCn5iSV5W64rbU9OVZpflpBHUO
+aS7jalgKC+qx0pUskBs/2+PL97kYlYqof/VGOAS/6t8Ub7ux9/ZiAxSJIvwlv7Hs
+GXNtr5XKb7QeEPlWoAxlASXXtZC7X8Ftg/FWO0mnrMEXbiMLbEZNnjBDLIM/4+XC
+BW0d9JuXi1C8wgR5q2gv9Jqj3Gayp289UJq4/AgkoqD6Lg/jA59SomOcqDIMbw2t
+8v4ccuHLG4bswm0QewhLhWujNtHggOfAXI48T/eeL+S63lS1cu21tvt1QTWu6W8f
+T1HX0c1YCjEUTjYMYFWOanbJv8QijdlvavtTpryfj2ZTScggt3ec/R1J9XqcaWwT
+q0Ha7wvb/b1D0UThOfvTbGL7Cp3PUxEQNqx6g/4OjhDJ9Rv2WafBXYtGfns8bf92
+46J64XbcBO9dfraOa089cdTG0S0IUk5QlcJpAOH83bfcCv9ANFUOeCKxG5r2ra7W
+hAJW5f8zCooh/U6n3AC+TV+b09F97O9PZhyyXabHFWKlrHVU9/kXAPOvF75ASi0R
+nD8SZ6m9S4UIGl3TRPl3v/qY6Qp/0r5y3Nr9Q5puk45HwZNO7AWDutGEjWT8+QCx
+N/UbMSuP8jnAyuu1YMRBl7LFcGf6381RN1vN7VpyBJQrcrpg9o7iC0GKQKJ/Qn5H
+Vw7pjZC5h5OnCI2cCPYs+rME8OK1o2yqiHv9i+25IagJ0/Mq1dMz/4ASIeyTH1br
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..c62b540462
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 37 FF 72 28 A4 A4 54 C6 7C C4 ED 25 4E E0 46 75 40 3A 4C 2D 
+    friendlyName: inhibitAnyPolicy1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBN
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEd
+MBsGA1UEAxMUaW5oaWJpdEFueVBvbGljeTEgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDCFu0fJxTpvoal9t+mW/X3OsIz61KWZdMukGwyZ2qGnOVp
+JtzZowwep2J/vOZyyAS3eCLJ+DE5rtrCUFnlkYbD0aRM5Ov3LQv6/wVeASJ2peE1
+ktUPdTn+O2smk0gkTqrE0wQCB3VqkpoeU6MGkfVRi5cmuuX9yH9DrfNDqBt0v0qN
+k6RV1Qatllw9vMcmzPSFw5QtF+siYKvh0Y9ZxR4LpleoNgNu0WDEiGSObwOcWaqn
+kdtki0sDY2Rrh7l7P7AmNILg2SPd/U/999Eq4U9s0qDbWRm6JieFQk56kSTqzSFs
+VqNknWKkDddew/YGC3HgkMGDlZqGXjqCOdYNjylZAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFNimnieXEcOO1Bkh1yC8nO2he/LTMB0GA1UdDgQWBBRAqcjvsmE0lURsYYYC
+qQ/mQa5fxjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHYPM2xLE6+X6y4j
+OiVLbySiZbkfMcMa+/9NQGIq0PAn88BGxaX13t5xfcGnUSkRJ5cBJN8HIEOnSXi0
+8SzRDMOIlMsBfsOLWPrrw3WAmRI6kAbqAjgwYyfvVJaAXD3UotQHsBSbuE9wOo5D
+HCZmSB7GAscnCMZwjz0ZVfu9Efpldi4PmoTC0Z6URop6n4N7w4IviZlSfadQP0O+
+CTZQHt/D0HRiGgF+DiQ/4mSWgP5wBlhhUJE0pwVLCd92PfMIqsK5cSgN+ILMjlX/
+rKeu95Jro38CL9eXpEPnkECq30jAMZcBqAigQ4GN5sAw0nT9Oly+GjV1P8Bu06zg
+hTJyzDE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 FF 72 28 A4 A4 54 C6 7C C4 ED 25 4E E0 46 75 40 3A 4C 2D 
+    friendlyName: inhibitAnyPolicy1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,918EEB1F8B4EFAC7
+
+oGaJS8rWm37/xZ17HHrKZ5LitHkYuoxGmrHu0a+rruw02od9ZJcHZgC1BS0jV/Gl
+ne4SVHOa2rCyPiM1G4PKwXzK7rxRbXMuNoIv7cCS9lRUy4Nr8AiH0YkUL7+n5m1C
+ExgEe6DhLmtGoJx/M8ZHf/pDRmRuhPBu9HLrgyX251U8dCj44o9l0OJpsVQVGqvb
+Vz1yQrLyLbtB1NH86N1Y6+SVc7e1AeuOndKJ+Gt6R+G70IcYW2klwnnK6JECsaZU
+iy/SR3bT5oC78E748znrgYsFvO3BzJwr5W8qtpM0zkhOemdzUh9Dt2NfyLvOBft6
+n/IkGSvapYFz5eVU5nCSRfGBVO4+tHwUCYbt6wUD/JsJ2njfKaQyZaHhy7xxQTM8
+N0f79GCqKkBLhUNDrNc3VQYiyeYou5PXGiDOm7vkxVXR8mbroK2hBhbV1IxFUJ08
++g4pmfVhPjxFSakz5t4hkukjR+3ihaTRSqveSbRJlDIDBiBreHWphrJN5DVccN2S
+TU+TrHsFFCvuUSgKwhNWuTv0WDoIs6S0XmhL03bB76Dhvqi/9QOQAB+7Ybhw5D0J
+nxzul5/K3nM73TuEz8aRZ74u9+RWVyb66MF0Ou0iFcKvs8UDyz6TDAlRw+1UJ5n9
+o0kBi9e3OUtInP74xxSyhG3hN3lspXwaMvnY3rbEMh0RSHyY0GskA4IBY7+oeyBD
+Yvu0LLkiTE3KOySs/6t62rDIHxXLD+5VB3MiMIWvhwpqtEJNdgn/+Z7p5yEmkqFg
+ijdVdBXm+oiBIEowp7XEiQENQlt+iUhoumeLtDwFwENryAe4tKUG60ILtXpmrftW
+JFtpShfsm/PHaTLIBSgjNn/u+ZYZ16phL80NLOuhl9hO5qJi+dKVqsfInZ1qjtiz
+MmaimZHZMCNvhzTugAofPV/kO2LAA5vQBsqfi+uz9WVaQgYPCGPKnYpwewtc6yRH
+0L0s+0JHCaXxWG7w4wWEky4r080D3dyCwymkXDdfSOBoBL2vC2JvjAnpuZ5GAjw1
+66/vNVzWoRs/AsuPsi70iSMCTuvB4u4fsVBQjjNNQq5sAiN0XrrCOCDr45AW7MQB
+O1UiAnuJEDSYl0HophsHa99f5aTRQrAlfOUXMl6GpNK24IRY5JOW6fGsfe00DCLx
+lIeQIjG2ittUvZWxOBZtDg5x3fDZd6z6EV0sMqpzXnupikNUIRtu+COjeGqFJXTj
+4UDLE6+iYM4iZjL47Q0JbDrdE3FB640U14iznX1l01Z6W6pZP3XA4cYQTNniUZnn
+9/brVg7ACOrjmy1lCpUPiwR3/zdkEi4eF5VogIPrr1YL490WTamUajo+pOgOgBPo
+pXlMt2EJiABERHi4/RP73TNsCHqxnJ+ojTzzEL8Ykjc9tEdL5AXF88fE5NcWQAOH
+Rk4W7bAb22jXmSlRGzz36jaHGumCw8/0oUUp2qLm33Y3j9sJuSakPS/OdjYk+xcZ
++3GtDmW4QrskO97aS0rUFPUp2wxrnRVQQ2PzZK9EusTF+f6nq8u++JHYuoRd9ehG
+Ivpa7IOCQ6ZHSbN4lb3B6L033j1JAeaWHYeleS5jlfyJikt6f9R8Cg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem
new file mode 100644
index 0000000000..6eaff0ca8e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A EE B1 77 48 F2 22 52 86 52 94 58 C1 A5 3C 27 74 F7 A4 38 
+    friendlyName: inhibitAnyPolicy1 Self-Issued subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kxIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJJAVofrVfHs45uXKz4PgJkRHsgL1Z4e2sxf
+Y2DoqXS9SaYI6WIGl8UaUaWu2GdEw8ogTo3JUrJI3fbDBRJs+aGFvBTaTjH9QuL8
+EKXDHoMMTUpRy183wS6wbZKKHS42CxjBHR4zMmLhnCkFo7IEC2CsgxCTzUO9F8Dn
+aWQ2LuoTTjD6O8POnTLawoqcioqQzvpGY/kYItrYGq43lSA4zaxToHFWrRSqmMhT
+kjqGhAPpjemoUtPKhBfcMw5HSTP1ZWJUUZfXlH3OCuKzi7+dk//7JVzmPGSIP0RZ
+KYY1bj3XjSS0/0VlbJBG8tOhAZT2DKvzMIPpvCMDJeEW45bBNYsCAwEAAaN2MHQw
+HwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFMnMP/pb
+8KHa1TcMm86YxnqJK9XrMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEA1S7dJczr1Qzl
+zL9tXuePIeWIEW+U0V7V3IAMJEy4eo1B7v5uHSdxCf+4syTypdB6rbNUmoK1cRp1
+ChDyuQ4Yeiqj15HVD/anZ1Jo3zKnfr8KklVPEgiotUTSAV78aYJ1liCaZOBPK2n8
+voSX0antIGJLILX/FxJWijpjOERnYpD+wQSWBcSifo2XYXplE/gD/HqyaVjGl1ec
+Kh2j4bf4WS6P/QsW1h95SfOK9j7atKevgqWKY0lGePS89NoIyQHfhrXY25v4nwRM
+iGB8d1zjzlpOVskFlrvlJu9TW+qQPsA3ZLiRBQZj1CEhU1n5x0e94K7LzEKL0759
+xhV1ZzxcqA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A EE B1 77 48 F2 22 52 86 52 94 58 C1 A5 3C 27 74 F7 A4 38 
+    friendlyName: inhibitAnyPolicy1 Self-Issued subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8122364D328014CA
+
+LQtuX+3U/P3IUUgPuyr2SuBmTlllXHGcMt1y714GJXUyeyeOpyiRP9le4UcLZ5SB
+5BS4X2exCL7dFEFQ+3eE11lJe4wkXq9NVErAV0zkhBwrDt4Azs+8iyqB6b/g5HHI
+keZRFyUsCs1Iyd0hRLnlgL5klY/MznhVQTwIHA1808xOMVn4vAdM00Iz5eKXSkf0
+d9iq1l1VUHhQo0dwe125ATBRJnCrGlFJGl+gsMMYcvi2SIaH4WFtYC/CKxhNi4Fm
+gKUrie6ar7pEZm8SUbHrP8HJTWIbGxY2F3T9gkzbQGqnS0I8derDtSIHxN7hzB/u
+vZmYU6p0Z8Q/mMKby8m/yDp3i9uej19PtyGc+Ao9fpe5QnAW5CaSNluSYNxU9Ob2
+3hIIvrXtKH/Su0UyX5iwuLymKEwHAaVRUU4dTdXLp7qQ9MZJ/uazYzQb3XMxX43o
+1oWrsaksAufYgvAzIIqNyGwyYfpwQCt4ejoTL5WNcp+2m0HTXGaKmvrUmKl3gARK
+gVsOFtx9aR0LIHTaDlFZ9GFseznNahcTR5abbaMO2VaXt29Z0ZuhdVUUstw7M7PC
+OLCClRYVNYjORkML3Xot7xFcmkhYoeoodZNXU9mX7P4YcHS0HDzBFRvahDzNqc/C
+XPTS7IBgMB6qeks9+p97IzsULZcLfa2947CYnlLSRDl+MDxak16Z0b+abYoLLv9p
+qcmTZvkYZs5PjOXL1cKc8cCRcZtn6s0prCCB5vtgvFBKzr6165jjlZDF7uwUXI6W
+zmLFGepTLtUU1ew1GLjr8kdlUmGgqGMwhJzphwRVk90CXKV+yiIGe20Jq3GLhG7P
+5ABuL0GMcKD8/Wa8kcZaUAeI8KXLMHFc5QBHmlRI1lLJr+/qOgTgItijAuvuNO3G
+dBavsTIKDQxfiMuTNeLq4UUbBdSGr27DhnXl6HycBNyVuPcFNsq66ez1aX3fFKOg
+AFMGd5GTE7+eqLfRwFbM0hp2feFV49BLX3ZH4bEnRsMCF2bbZd5DQcnMvjZJjNor
+sMx9M139lg15V2SKUcXPPQu5bLP0dH8b9OyFL/UZlLtRFkftsmAlvyIxdNTnbCdH
+xwWYyY4bVyvp6pMB5jXvFeAigBdMPTSAdRp3k/yfTvsSSoucV66eJYbNI9OGrEdS
+Zff/6pvh1aC0BxOzfNn2/aR5wo85aNqgHyQ/mY0KzNikfCMXtuCCYs8+Epz/D+PS
+Jc9kUwAP5e7B9UcfL6pcE35TJrE1v3wObSEx6gVwwDhuUNg+5hHCBjHYc1T8qNaV
+B98EaeBJy0qPcLMQCidJ9E9QOq4KRj+wt2jwP2APs6befH7JIEh2udsBK9tpbE4+
+HnkdqKCvzJSgxQ2UuitYWLFJRwA+md8hvgQLDLzHShAf7k2CRAxJDkp+ZFhIhO7L
+pz7epbwqsKcU98I7DTOwBEdnnjkDByLlDnW43HruJjLmFDjnJoklSFcDXTsj6P8l
+/ydsm4wjnVXLESpWWWRwQycBoU+Y+NINIpyYvGXgPZXQd1qYdTk+9+Z4NlWrMPNV
+VnfCkJ3JMLzxH3VIN3sKYti3CxLa0ef+8l2OpoG4HPVOJcd421ggJA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem
new file mode 100644
index 0000000000..fe94f13218
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 F0 D8 A3 FD CF D9 7E 99 72 58 2B B2 4F 3A 52 1D 75 05 AE 
+    friendlyName: inhibitAnyPolicy1 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBR
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEh
+MB8GA1UEAxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0ExMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAyVwAGmULZXHVZpOzaNmYz6rXZSAplQb+QtuN41pU
+qvxd3RpiryOIZXMfSyamdM0tvo5Vfngen/IjnrYpWfPGBh8oZtUI26TXLYpaGTGv
+9bXynCNNRcLzlmufhCFvgipDcQlCB9KFBgBFX0MXSOgf4MviSOncnVm3vIvrUR9/
+xUGRmxLMb3FJyiY7MBoGAUxbsyEVA/sjn2RquDHLBu83hCnkCX0WuSwyz1rQ1KT0
+kOauGVz0Zxj+wFwpSz4jTdazBXgDEjFwqptRoivzyXz4jwldMEB75XyjIMV5yObu
+Lvore59mbwDtqsSaOsTqjXXlqW0F17DORMSaYT/CHRugGQIDAQABo3YwdDAfBgNV
+HSMEGDAWgBTYpp4nlxHDjtQZIdcgvJztoXvy0zAdBgNVHQ4EFgQUdKDVWNkrU9Ir
+sM1dccahv0OnyBUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQBnzM+7R73vitIVn6v1
+RdMLwiGv+PRyshDNyrzeAIGRmQxSto06y93imt4X1l0WuwymoO3pkRJP34x7hqwB
+PZfufX56zLc/TndMmLNRrjUgmQZV5MdADqMQwMWM8TjxLlqhKD9CAb7Su6PlsJFx
+eosv8QTJti2dBLAGrmMoqnf8om/yqBE1Ix31rwhB8WhSvYd7LkMdlJWW5Eu3IqOj
+OGbIa4lm24r/g7mSktFTrZMa9uCjaFhdMl91qmHjuMVm/8Ze0STx18SyUse0qBre
+Hizk6JC/+JHciyBn/+ioqYagRGyfCcIlqw0hSH4ebejtEt+tZHvUWN5lmjkzSVnR
+6kIb
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 F0 D8 A3 FD CF D9 7E 99 72 58 2B B2 4F 3A 52 1D 75 05 AE 
+    friendlyName: inhibitAnyPolicy1 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E4FB2A364F203A2F
+
+95C99Fi2QIM2E8JetfoTzl+R7ZX1JIjfkd3pWbBXPzXOEySE+iocCjhW1zlHeoxP
+51diy38WCmY6n0LAOwTNMVZ+819Icx3+FsTS7hbutnDrK7KyqWWG7eYNHJwQJWi8
+/iJPPU7O4gnhNjaejdFfeMvAy27WnSjXH5289l8TsCwcOMbT2sVxo9ldkMKQQr0x
+CYjaz02SFIBUPMFkBelw5kcS6GJPBPpNaK8pbeENM7dZ9R4UCtdvlkENuFwybDjW
+XMm61NmMO5yclB4hYCOBVkXmB6rzmzUTPbGiaKJER73Pkq8RqaEr8+h7erdVF9PI
+NtHgbRldyGPmS3bqDkHydEjshMw6RQo9xTrRZNDjC1eO0lUtpHB+HzBW2NBWaHpD
+E9g/4SSjiuPpnWSdJ3ChGrurHbeYcfyy9GRLSyrdaZLTj+wIMnzadCSRrfgMvPE6
++yncM3ykAsx9i5rmyU/P9qkCOCFXg0HIHDXMqJH8aKRcW7+niFcPgy2ZK+yf0nG+
+szboU3RlNjY/SIT3RhXchH9C3lq5GlDbxB6RozdmA3ddWZ6Lqhanr69MgFS75rzP
+YrjaDGOCs5rlebCOXN9TNjRYLqQNuXidEGjkrcsSPhCdRCacybSCnYM1j9hrh5EX
+m2f+6cq3OLPMeX/NzMwd3OGWyI69EIJTVuW0cP8vQ2iSTaX+0PQKb5XIegUprxQm
+ruvlHxYC3bhy4QEHXaUGrBLFCaK7xlzbQlu8tObPeLRhNi2i8F2F8n3naAAZbHVZ
+e+ryrERooWyfpciISPHWLycZI5ClJkVmyVlX6d8SR5yYqProCQeJuTAWWKZz4nm3
+aAwPkx6QjqnXQVUUESqgdDfP3PuMfJIHwvAXS4TaGL6h3C3KWdKE7HlAg7CysmLW
+joxgx5Sc/7uvH9MO1W7Si8UilCtXuFn0mMuENtIGcqVPnjiW8lpsaNQZTcM7KDHi
+f+t/WqGQvdr+PIFxofZhG2UzWgA5G9mS7oTw9HfUbz5x7kyl0GiBJYBPBkrRxNQ+
+i8glrtJMm0yzIFiOxuib9FdQukSLQfoE64uor+y93enIUTt7mHnIE6kDxYM/aZCI
+QldpT3XkvSc+gGYvkTKANjnKryLYphAIsbo5pN1dBPktXWV5qZobJZQU4W2z1nwi
+adOcL5bFE70LQMiIbnqUrIgWtTNq/8cfRD72uNXMv2f6zeiIlZxqF4VBVax228Kn
+vPxBseT3/a/K3vJid6vTFeKEiQg72TzAG/JAWDjb2THNeHk7WttfVtr+8KI/cedr
+0hchRq862PkeHwkAD0ULP7fc5SmFvn6qWpREVaaaETl/g1UlKbNA17YGm9q8o3N9
+ZW9kRGXRFMa0cJKuflwUEKJxQO7LtHVurzpfE4Zca3dG9zBpbNBek8moTWeW7SEK
+ZeDd1JmPMjGGB+X4lhtMyIgyf3g2uKpotpkwqEJ+hR8Uvk5MbX8vRFhomoQLCa2f
+H2IahW8nWJTMKcaiLwruAXfMmLx649+P592cjN6LscUcCCLeAz8CEkkWh/3mxILG
+hE8EFhQuT02s8zXAzOfxrphDKV8z5NCzdKDUJooxx8PB4DXyKz9QjSYQxtlQ4lai
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem
new file mode 100644
index 0000000000..74a91c3f79
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5B 48 A7 D1 4B 42 C2 55 95 98 67 40 A0 09 D7 6F 04 57 C4 2B 
+    friendlyName: inhibitAnyPolicy1 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBR
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEh
+MB8GA1UEAxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA1wKZbiE/ysToa9HAVzFhiFhUj8zx2fLR4Sx+Yk5p
+0N2lfDWP91hTtP6CamBOzUIRH8s14bRvcAJfwdepbzDw/SzH2gi9D3qlGA5H6Sba
+29u5CHN1fvHcHkBh2uaA0r1tGUgI5B9OG3/kGvzWN4kU5AY3zsZrsxASmbyzUtbb
+GPQGf+UFrzFVnTzSTo5bfhJI+J3KQOe6TpusxlnUsKbEMEAItF1IqIKl/9LskeD4
+Nb5Rr9BjPe73Q5mGqtd9wV0gZNMa2wpnN2mJtdpJc9E4c459Svdr0ud/Lx9CMm2t
+4TvBjaDnhemVQ5PnjTUtIWsX+bvLmLMyUpPSPmJJNfx0EQIDAQABo3YwdDAfBgNV
+HSMEGDAWgBRAqcjvsmE0lURsYYYCqQ/mQa5fxjAdBgNVHQ4EFgQUjAXc335k22K+
+20tRZIxqZthco6MwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVZuMq6323Ai0EJicg
+9wk4pPvFWNdG8kkAEr6jA6lrr/h/iKt1WbQnRRMHNMjfQa11Du0EiQpdrb+lHmb5
+PwXAcBBXJf5L6Kb59tR/bvnEbXWi4GwQeVlPMmyytl2Ry5h0GahTtCPdFL0VBD8L
+4w7GUL3KTjJp4/rOm42Dnk8/RlpYwia6Ynoup7xOKOYJR0f4ooIYmQs4eA9eMSdj
+VVVViwHZqTzshR2D9peuGRj18go3tVJj0j2rrsC4WJ1fVhlpO4UGmZZvh2MO8UJI
+U8NSOizyKZu+RvVHr0vXJJCkmShqYKTpbg4mrRGY5VjvEwSZU4wN00zZ7gNd5O/v
+vKwW
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5B 48 A7 D1 4B 42 C2 55 95 98 67 40 A0 09 D7 6F 04 57 C4 2B 
+    friendlyName: inhibitAnyPolicy1 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FAD26B357CA72C5
+
+cDt9ugky/xNhuX7W8o9Fila+e7LFBGDp+9fwWvyK9vQClwEXPBYh/uA54gML9jXl
+jF7pyn7UKQTts4nt3ziHRAdaihLTfYgdvYGc4++a2fiA8oKEuOpNGnzr0YRRat4Q
+eKiwR3fGdcRnf3+YF/CasA2n7wUGXWJK3r7GvQTQP5WhcehUqOd7eI/k9cTJuzN3
+WlVCoPh9aBwfa7Njtja8RuR4iBYf5mSPjHaJqWkvPEedAvi//W33npr2HJQ3n2nS
+HfWnahsyjhiBgIInAEpaIE8C8z2icXKsz6zR8HxuxEwMeg4ewKpQRYFosOSkYosD
+cLiMtoYXzZl6c6/az2fmjzeSBOBPAcYuOXaaXu7ySiirf2tbVKmADQEZFhqjx9Ag
+ZimsIp1FYYKWSJBAhn4doteyVsabVJocDBuR0feHHg6woUZ8cKlU4NzQjrc7ywQh
+nPrNCg9R+eC96ckJCAVHXYpnmcPzcdZE8ETobw1eC4yIvD8qNaUWRK164MiA3i0B
+u+vEz47ryQ0AkYdhKQ/9Kfcc5IWXsnBvK06XKsIEqXPgShrU7nGdM9FhySsofv7c
+e4yyqem6pT3h2Qq6KyAWmZeFPVTQibo0XzFkIS9zLtD2Qa+zpZNGPtoswLX8300H
+wfYGD3NnejCDMmTpV9iZgJYpVSYeXPTF+Xc0tsYTLN1HZDu1jen7L3+L4yIqEAce
+c/PILr8e4jTRRZzreFFb3tf9bPOY7+7a6iQ+MH0LLYzjHGNyegPeYEtup7y4fVDS
+VOlVRDGRR17a+m2whys0Z7m0OAFcl8/t/anxOgzSD5Cxr2a+DDcdNsh8tGzZGXao
+WXAyqHhulk2VdhN9JZKY585xAW1aEhGksDt0Y7whn1s9XUItFgjcfahYkbV1eflm
+r+tSoZhVfJTibUm3wdDLRS1UhjInD8fuhCXtU8+1x/0l4Z5yI/4d5f3y5DQwtt4B
+JjXYVjkHLFHJqUojPlwKYFHIJCom5U/LvAtsIVZTbmcRhSKtqwQ4sfRy6jrJuNsA
+U9ww9OYxuc68t1CY6d7isazh34zLFb9r3Sgn7NLE5xAykPJAXhoJHtb7QxG2Xr9I
+AmL9hPKDsiXVy7h3drX5f6ItYzgg7xeGjrPeZbaGJeiTzfII1E0z9TIHzgjg67QW
+fjnkEnaB9+/H7OE15ddmzexcA5CEEIdNfaQhqac6TsMsZjZySyW78/3t+UabqTpJ
+0r2mps+zySOE8Zt3NZHepP8hTKfnKyikW/NX1oG5Sec+vvVbxSACzyhts2b+AjHE
+bNGbC9qa4XMIFMqU3u0qNTR/8Qp+BMMs7DTy2aSCvln0nVdH/VCu2B5FSliHX2rg
+OsYIfkKoJlzcRx6SktcWOZWzLW3EmbxyYbC7XY2O++9u9BrrXQc7Ny3m8ThCR2Al
+eli3faY6lHbApqbO8luxAAyvaG1rqRFlxL6HyreAGQaEM7SJUAEldARzKBvpzfFu
++pdVy2NMzZLhGaB3Ij2zVezNAzuXw6rlp4tN9wSINwjkMAqaYpZYQaDBicVi/h7b
+7IYKM/cBJmP2j6miyioIFtwrVaKASeiXJ8k3kSkXpJaEbGY657dHaQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem
new file mode 100644
index 0000000000..74681c18c7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5D B6 24 15 CA F1 97 28 65 ED 33 7F 27 F8 44 EF FB 75 51 86 
+    friendlyName: inhibitAnyPolicy1 subCAIAP5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCAIAP5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBU
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEk
+MCIGA1UEAxMbaW5oaWJpdEFueVBvbGljeTEgc3ViQ0FJQVA1MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu10Q/7dllIbdDlDoQXjb6LbdUZq9K1NJUZUZ
+KxTwF+JnWroxFkmUtCYP/6sxI/yLWrD4uDuVWDx2bYZ1lGqdrBucimlvpUWAqJmu
+jrChxpNXfzSBs/9uSsp9S5Y9ZCU7+lSVoQ0FPM1i1qaVC23crOxcKyVDwnotJHPi
+eL4fU9zLnw2LZr3gcF5wn9cH1qXGYc4HKXm6MaL2P+RdtZORjBX4/zzbidsar91N
+z18nDm8ittPS5oMPDGA7Et3pSp+6IrDn/r6kuGaLYrJ89BZ2rV/jQ4krDZiSPtE+
+sjcZacvGu2P9WXv3ZY6tqo+125T1NzHPDNLiBcdnT/bLW24C9QIDAQABo4GMMIGJ
+MB8GA1UdIwQYMBaAFNimnieXEcOO1Bkh1yC8nO2he/LTMB0GA1UdDgQWBBSJBFR0
+BmCz9wBuoGGOFfu+UgIGJjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYDVR02AQH/BAMCAQUwDQYJKoZI
+hvcNAQELBQADggEBACLLLvFs4MAJ9pQg70MPbjrrz/lZnHWNu6ew1q6O7/Nug+wP
+UdwFdbKnSAkX4rXjLyu4tvqH4akkwsn4QKSIpOQlaghbHLK+WL8ITUHzQv+m2Iv4
+F02wWIIxaGYdD3bEIm3qMHRHoO4cfQz6GY2an4vjvik1a0sKM56es9XM8M+U6y3v
+qKVudZb7p9xbGMjNwnPaBIpXwXS2XJaT2X3YZBpTBlhXrpAFc886TwvS5LqEzdLX
+6WTi5NhJN0Y2yjoffRgrkQr5C+2Nd9pkcVHR+T5yQ9NTzJa3lgKfDY1ZJXTAQZjP
+vXG5L02klQs1z5rrMPmQwXhZqgi2HelFaleZXrI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5D B6 24 15 CA F1 97 28 65 ED 33 7F 27 F8 44 EF FB 75 51 86 
+    friendlyName: inhibitAnyPolicy1 subCAIAP5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2C62EF1BEE692234
+
+1pKDUi+tgaTyTBuYMwYHv4ZPmXS0i0HADwI3gEnNNkFu4Xi33MZ0fmWp0fZgoAMd
+7OjUMbFaDw30qxjxMR9iBwyieXWslpJ575lw0SgH1LBvOYhHXbfa5YmHyjMdKZsh
+SZLp4iEf6Wc0oaHmD7ZQjeSD7H3JWSdAntOrYcm183f8FIrjBWUPkgCEtntrZcFV
+Li053M6GgGFSndfl2a745iKlX65ioscCL8MhWB71yWlvqBm0p+56Im4TM8DI6pC1
+WpkqAc7rbWVQSy6NjCsk6u3m2E2Lc25vobTe3gMi4I3XSTA6MCVhLhZG6MnpaxFh
+yNW31iztQM6My1eJqiTmFjXrGSFHGG2T5E590eEmEzjfNfcYmc9Qvy9g4+awMPqU
+hOnZiocMOFfz4Wly66xqBqL7UwruOjSjSwU5VhTKjbxNsZ2umaiYFzGj8Zl1oLDu
+sKz9VJDI2oeOGBRF2aAc+8WTimis69EvQDdXyapoa2tg4x0QIzQm2e/Wa/egCwsX
+jQmnnKAbs+vEzRd68JtmzWQpwl9vXomAwQShIaWdEwfbJrXXGWRtwNvhM1N75cu8
+wM5EFkYa2787zNPWopK6eRn+FfddY9a+yrNGpke+yyn5lKTTLTT9LeGxRruexuuo
+Xg7izOryaFTAozdZF7PsghC8DnqJ8nqc85Qg6ynQD9noF5o9uiD6XIYGCGYTHAp5
+MpakmnEBMI4XnOTAOrOBUeBG4neAW5ZIDbh6wSdmQVomv4STunSBajlCX2RkaeaB
+1coGMdqLnjijz5o/1FRr2TdXemmmczEZkNLlj5SSBOADPENPJ2c01+nRf+HHCx8N
+avej9VfhulWHSCTIN3ZWMjnw+OwBPyAvpUybxfnDk453+ztV6+8JasGwqSGMc6gZ
+OwqNlpkA5gSY9Anf/DVhftG2AZ0PBTzXySyP/6qp2aWXQF7m/GHsY1/eApAS92cr
+FY5W84Yhb9QRNxfd6fMYJuoJz47Hyo4PyC50YoccjNd59M1i2myp7FVMrHW5cVVI
+7RY8kdKkKMvuLm/gv70O2yDn95PS4KzRR3Y0ldDW4SUuQm8b+AlnV8ypm3rCQWvK
+wRT/h1DrBL3pg796rcMrkgcf+ETYL6RNKPYnV/lzAxmSUlmjtltV510KUnsjxiG8
+4T/eSBx44DI/sr/ZfVUD/L7NZzJ5KFwr9UwfVW77ECh4j6sNjX3WzVdclGI/3GTz
+qE9qDUO2Y6RCo6LqXS0MNRDNzOBxEqCR1vZoxkYPdLZK4oggljvmhGDmzzXxewQ3
+CAd/BkRNzrjOZw/b/UQIy9cPSjvE53lHjHLfxn1z/EW3J2pFVcx0Zmp6kNQe5ppz
+3fZRtGnfSvb2boge2bhthzk83W3A9V3qoxdP7N43fKgwC9H6lG0f2OLVKcrHt3Bk
+dyCriKSVz5e05mp17hapYL8VMyhgirzvFNknnL2+1b+VbZnjNLHGyeUgCqpl+cuA
+jAHv0JnYa9vSGR/CQvl/V+fhMAtzp5Fnd6ja0i9uteMN2RYcIbczio08vVW6Jyf7
+J1xEDjHVywFltxb1zd4lz6rKJuKFaWtFbeThzgWHsFDKVkB5CBD7zlmfDgfGuSGJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem
new file mode 100644
index 0000000000..cda31665aa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 49 FA 41 24 8C 26 A8 F6 EC 22 DB 2C FB 19 9E FA 0A C7 E1 01 
+    friendlyName: inhibitAnyPolicy1 subsubCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subsubCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kxIHN1YnN1YkNBMjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALAa5di9sE6N1APDJcqBi166iOEyhdim
+UOR8WmLQQF+zANUCiwfgGLuTDU5DASaua8OodRLbdULKgYFqfOfFFaf1PXckA2OG
+sCJx2W9LiMihDPFke5F36LTsoQ3FQ0D+ivyr6MhzyeaKnMIQ5+lZnzd5KLTYm8UM
+FTMc3KeKwqj99doaZ2bkCF4YtdjacJwV88+7Qx2BHFYX/KKmM0V5ATMv2TAT7Hqh
+2zA316mUcmMBXau3bYheXZMxvZsgUYic+FB1RUgWIu+lRUqFw5l0RnpbUvJR5dBq
+78wtY39pQnROCm0q+/sOOWDGsaDxye4inrH6i5FX/kjJcgKDvX1GsHMCAwEAAaN2
+MHQwHwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFBF9
+wJyKdvlJM/ekgUuOMHWVO+iIMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD
+AQH/MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAs63PsCAJ
+QfGsdCQ8SSViQpUxIIHmogbN4xTMfYk880Kjepk6FEXM2q3L89XKpi2oZiNxjfvN
+YAZDSuLSVtfli9auc7RTtF+RXz5Pjs5U4htAHFz2JAf8nrAQ4sRBc7q8wwINGjRB
+FSRHQUD275u4CYLsXf7dMy/m5Pe5FjQ8EdzuStshwoCTe2cSKv4r/YGqkBiatt4i
+lsjfcs+sQDyZcQd2G9U2hGe+/uF4VXXOYq87ARie8osBUiVfDnRSdeTfTdLq8MB3
+WYR7gQlA/OiTjvgyeKPYnM7RmKKCcYy3ZdXmsMnT9s1Zaqvw2Zh6xan4sWGbQRs0
+mBDueMYtypQa3g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 FA 41 24 8C 26 A8 F6 EC 22 DB 2C FB 19 9E FA 0A C7 E1 01 
+    friendlyName: inhibitAnyPolicy1 subsubCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2D7D9604BF088637
+
+L5POqQ6HbRXYgvSKp7SaVLs/tX7tzoXcZjON4dq2tMZFtExF4gNdEduC7k5bRQPz
+sJKQ1iQivuSgDR9uyXODE8xpTRE0HBp2P1QahiO5XTdL/UNEsTfgsbrU0fI9yK4s
+wf79PNe/nu52sy7oiDTZGdycmqZdVfOs5i+KS/xfFHA4wkdpsQazzEK9fhINypou
+lZnhZp1hMO6bzlKhvY/XyW0YM4kj3Sr3cByeIka5NgvzLPw1u5AGpt/XxG/ApoZ5
+YLH17xVzk5tf5OhjyeFzh2fKaYeeHd4hBI8z+NvtSj6HhzMY/PUxxN60jLpgPxCi
+jxEwG+sGlWdr6oTCguXIyEbl5IFqGnRnazyLxpmZ3Y3T3jODLUqy9+qBh3THQKp3
+hUoH+XZikz/cvFTcJi4jKEj8roqUB2q2A1o/nz0Yw/nkwK1JmNedVPaRPvw6QJst
+Gg6+nNCwift+LFVTYFW97n8KOq7IfA7pPWkghW0uIhLHZNu5RoS7KLS3W2zWd+E8
+1oSfXaFwalJn+958OPxjcgdREMPVx629UhN5OqCWE2b5jIslOp0+AXV17tb0gBnW
+fjz3oDC32f9aY2Ljef0cJzEGazujrLsGlQM4ZAXmyQHflnVbJXqhld4XacCiCo7G
+lqtXirsLFLq72bK/3qXOX+6OpPmBcQOwDJbv0lLB37cbChzXVIjwixrb1w0XfqAh
+tLwxIEPAgWLi6dU/+A3QPtgVukHD1Jl22dgbFtrVEoCdK+IwyZIX14dOQUF7u2mQ
+90V7HtDrg9xx4Tk980yeWPfFCFEFt98B0HuPEDlY8hyhC4f61oZ8qnXS52Dnomjp
+2068Y06NDpoyAgSqZKt2O6+rX4+G3USWA2vjVDKZM4P45s0r7oMcKEGneFXT6rLs
+PENq2u5ATjWi7cQO9zdoEBw3gCeMHKACraX/8F2h/lXJhWrA3PmvBqgREYHqhpZ5
+7ozLfA83DRlNb1cEZEPdIKWCZ0Bmq/GSkcCYzWF3h+zs6Jc5J3t/KNTBZGeHGnSw
+WoiONiqKvDDFw2sK0djBfgYuHEmuabnB15jjjTGGH/LKZHA1XNrXuEYA+C6wZEiO
+5Ugu1/gmUD6LvjOwkPjp0OhOG0+KFZ859RDDKtw9grHWq02oxn19/INQqq/FnX2S
+gZpjkvCkmVzeqPhV7DBhaW9qTNDh12L6Wo0/rDzhPvERcnHcneesrudrUkpkguMr
+XJ/ILHvBEHbKEIliy+ZCrqtIunMGWmrVO/dkT8luyfag55oUMF4dlXbtGszhlU7T
+yZdN/t4fx1F9rJKw0lN47iwmLPqnFlqByb71sp19Yf3UILhFfQnW+INPv9TC5Of3
+QEof3kRTcGeVo5OMn9BjRbGtzCbQ3bgCJfpqIBQvx3+cYAbTqAdVxjtk/OCYFttt
+OKhQfB1ZZ2WTtmZ5LwFBvc20L6U7jyTVJGXOUq1RTgUcNzG/Tyd2jfOq0pYFPeyX
+9d0nuy80P8d2f9iDef+LabP5VKNTfLc270f5T1XoyFDVzeAe5EAwiTMufgvUg1XU
+l5NS6byh5faGxD0JdCEGG+s0AfUhZdGHOK6w/4aOqBpkOSUchCmEEw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem
new file mode 100644
index 0000000000..1c39167ebf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 96 DD 41 7F 4E 2D C5 8B BF 51 25 F9 03 64 06 31 E4 15 AC 7A 
+    friendlyName: inhibitAnyPolicy5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBPTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3k1IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA3UgNJ6YbK+6YWKAVLudNC4/A9551Bu01IOogUe+0F9LIv7bQPx7ovDiZ
+HA5j7bO3vR1i/VHFgMxrurBmyWXZIK5fYUIqZd5m5ZCZCXPeExOgIL9XrZw0rt6x
+4eZHWN2ygIALlicLJvLXNIymuypS01Pca90e0yumWg3yV4HXrK484mV4xAXvkKNb
+gD6wdSQ76tsMG+XnE7doGfAIXPZS8jwkwPhxNCcgmmUoHVl1aeWlJJmtTkPx6Dpq
+iysJMyA/pfWGb4f6PRMI8Mv6cN+2rfwV2Ec0v7W7KV/moSLJ7u1zqtHEceTE5F0V
+wbIsnv3b3kLV8Ey3yMQihZcLx795ZQIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTAJoHnadadfPC91Z2qUw5l+ZzL
+CjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBBTANBgkqhkiG
+9w0BAQsFAAOCAQEAhs7mMDiz1F1wTXNxIBHbOCsg3foXn4M6jK6pOzfDLo/VQG0G
+fvIexIWEJllgQ4WDg9egg+MKKbHRNjDnSZG/nDfxJzWf+uvZ/AtaU/d7CuFb6ykB
+2kYoowmyRZY8cOLFHIMgIyXlOtaelVyvrgmz5deKSBO/Tp5/ss+84UUtbwHv6RL0
+jhgau96YAShZiwvDMCDDnjszHCH0Rl+qY9SHGcuQgrAzj8wYyCcJ4PZDahDxZoxc
+gB/0yUMXG1XgLFK49LH9e18ya3aZ3St9SHa9kkm7l6zqymyR8q4EBgK5jZEXy2m/
+thrfDzQan/S/tIrqzJHovMR3/AXkI21iCTSQKQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 DD 41 7F 4E 2D C5 8B BF 51 25 F9 03 64 06 31 E4 15 AC 7A 
+    friendlyName: inhibitAnyPolicy5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,ECF26E92DF31CA59
+
+adpAekT6JeKZGiJqT7MeaI9XW8E1QAFJZ+vo7muRnCHc1lkZSOQeMc0hiywp7UPg
+Itof3x4CeN3ArulZk4Q2Bv2LQ2h9NMWmEF8T2F54CUPlrI6mXDukCj+o7fT3v87m
+ABnS2T7KnAtY+t/K7qYUwW3k7Q/iLsFrIgPWIKpH/dLYeqxGAk2oJn/iB3Nb0Y+W
+1+Q2LkTsVILQt/wNp/bLfLUPmGi27ec8DedAHv5cJUmWGmreIO0nd23dQmZg6kxe
+1VwHH+Y496CUbnNSo2M0vdf0q7DDOGAkzJnnG18VJ90bfsjE9q5jtYGWG75+IODe
+UEoGxW3MrCEo2ZVYY6Sr292WF9+kv8HjRSGwHxvWl2cxM8qmtlbAKQklDRctHfsS
+4CjGUrZh3dHbnRAVu9uJozMoFF0ojlUB/jsLeOsN0A+i9wjJ7PF+BsABm+ccLtuK
+8omjcxMhmRfYHKgTy125ZpXcbrXSt83ocGoj6rLK+ship/R743UIsuecLMrfY6Ml
+xpZmXP/sLdRH/j0Tswi0LPrvWrI+KKJuvgrSkDTUI8Rx9Um7pDaSulsQp9dXRXqH
++WmZjmlT7pjHzC5kronaW06nHMngNl9+zF9YDr1OqL7QmgLqDK3mKmtR5QOdSRfj
+Jjf2ITz863NU8zwm2h8eh1T6r30VD48UOzuiTHUcBrXc0SLH+UAvi0NzAydYmrYa
+jJlrm1QQC3XopPfhIoSx33dEIpI6Tfw69Z3Rjo6L0H/8sseZ/t36mE5905YMHCot
+fe8krSwaT3EbYrahnFk3zWgNb1ENS+7E0PnVrrPhLCz0bPiv6vI6KGDHHhXPIr8g
+G0Ouya09rmX9s4HmDyXuvvbL20kbAKOSTFaYTp08YQCdwdWLabARAGCSAjQiCMYp
+wcUXK9CpvyFcTvXv/ZJ6E9Mlsu430mO3bJFLA2Ot9TOw1BcrKSSsUBeV6joIorGU
+qn8D9nLTxarWNc6fztlzFAA/6KdWNC/yGRbNyjHBUYd0IvIpkLcsqZN4wN8W1g44
+yMgWDJwZgMsI5yXkuYCw7/nvAA1TTsNx1Vq0K/RX6sEve63YTOx4dcKmfC9MFwXm
+vZYfn+RZ0nmrdvf4IjYa64WlpCpZSUaIgCTNUOa64AqXDCYO1s7xTbxBQpogL2T/
+mdCErGgTIbP4Tt2xRPIJ9ayQynPE2+ntUoJ8iYfipBlRKW8plYSY3hrQh4Lsczrs
+/r8V5cjim1/Rb6ZVoTlUF+7uUTvNc0WGbkXgMyLQD3KP6u/AE3zNdYnmYN/Ia46D
+Ls+26jYEIY9+M/LnKUqPR7kxE7tIq2XZtxMbHQHhJQ12EOwfkPTn95X7dO3qdgzQ
+DXNkZgGfc/uMehlUkvCHKBJuiXvyTqZueaGIXjNwODdhcIbv/kRiSzI/UxswUPAm
+w4Xfu3X2HzE1/4g0UhdZFzPYexejSVvlf/NRQNcV2PBwZw7DVuIxSWgqcz9yuF5t
+QAndD1o31X6xhB6IYKBdAl0UCScvx9TcIFYYlbKuHCRbGLYkQiHRRUbtiVjkrWCS
+4edrTa8jNhG/N/nJsuS1wuzBTHahsEFc1gNEzz1Q1gsYVGbIsYuK6Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem
new file mode 100644
index 0000000000..8289750405
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 06 FA BF 4F 88 83 CF C9 20 30 63 1A 83 9D B8 58 77 2C 1F 8A 
+    friendlyName: inhibitAnyPolicy5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBQ
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEg
+MB4GA1UEAxMXaW5oaWJpdEFueVBvbGljeTUgc3ViQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC5561W3C1C2WjmuY6Gs3Vb32L4i2f87Awffxn7zLAm
+8k85fRXHKT2gR2DKwSM/mNt4q/22qcjAKAuEhv7GZ2glmOt6m4xeYUq+6Y96Qi7Q
+Vq7jwBxT+yIuo0GdCsnSVJ9ZwS4pFlLMeL0zMZQniHRYg28fcEp/DJZpjxMu55DN
+rNm7+nEwphnSxLcuNvq5WO40rKBDLKVEOOopp3Ok+bsamuVWDkucqrkTRmEis3Wq
+XXv0Jgsh64h9SCI+0bjewjlQppunKfj0upZCNTZGodWKf5qNuEcJcVQPJdT2/vfk
+m/GaTflkY7yGkc2Vr0tAJXkiS6wk1lrGKMLIzQzSbVzbAgMBAAGjgYwwgYkwHwYD
+VR0jBBgwFoAUwCaB52nWnXzwvdWdqlMOZfmcywowHQYDVR0OBBYEFGyZqbYF675w
+STZMWJoi6BSIhS/bMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYBAf8EAwIBATANBgkqhkiG9w0B
+AQsFAAOCAQEAd5CGkdrpbMYK6NXgbS03kQFxAhmgnpY6aU2j7d4RatvkkSVHp5Nf
+DzooyQ9oyz3cmfX5c73vN+Ugxqst+lc4/wjnNmiCm/bLj1pQ89wdORHKgiLU2HnL
+aTkQQOwSczl8xqhK7ATk0ZgICmMwxMxhcen90u4SJwRPp0dIGfIiBUEvnnst5Lpu
+9EaPAHYvrsXn1kYKylWEFRoGEI20TJ360COTYF6TwFR+hsfkcIYL2CewtkhqW0vc
+k83ZgqIlbI7mTScbLLjVjFbldjJ3OGspaXlWcVPAEP9T41Xj+vOKagDwBxM1gaOJ
+h8Y4uEIFS2eAY5+qzzXEnbTG4gVCEJzyTA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 FA BF 4F 88 83 CF C9 20 30 63 1A 83 9D B8 58 77 2C 1F 8A 
+    friendlyName: inhibitAnyPolicy5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8A5B334DBC670404
+
+rGsieRSVG2XvI7e4FiZ1Uglu4V6ZBCQnZQ6d69jIgX8yqtE9z0H5/DRcoAIQ3mQs
+ZhX3Qd3sElxByCnpqrKifmDpPu9u/rsau6Wxi/wmYuiq/BlLpiILCOfEQTxULbFt
+jsd6wtk+LIZCYKWLv5w6pDD61Hsv0K490eyS3sQF4wiLNkhtgj8QZE2YSF1zizwm
+747fqsHlwoTkQES7fFhJEtGDbZcUq9ntyw3HSupMYyiBnp+Mq7itCmXt9V5LCrOv
+CJqHam4kZwS8kkGIK/J4L5xKqKGJlMRQ6oDgpVa4XCWd7rgXknMYQzKgdKwR4cy5
+IkDU39b8kYmpJIfXooZxSAJSkjF03mIpVHQBbWlnjip/CrUhmxuSPFAP6c4TRDMz
+O+vzyjId6G/mdlLXVlSa8QiyCrDW4YyC8aT6Blxy18p47/1F2L0yDit1o+sGHxMg
+4PwOM976wSb7xZGBdooPlq4lpt44GQSyG/AZWoUjo2+5p9+VXZ6FMCeN46Btv5dS
+TMbBIkdJmRGosW0q2wVPX8TrIHFnGWNXNOA5uwkqIE2tNqCqgH02iDNaNG5hFOtP
+lNhJv5vJ/kDLc72qETEQMqviK7zAyos9VQCouioXH71vVxX79v8525DN+2hCQy5P
+hXol41S4YG2/gM8/R5pymndqo2Aig7XncRMqZUWtVam0uuUoQa0WnIYxcyfLEKGY
+nqixJwFqgFu0Iv2FdEwIaGo6zjNneQiRr56a1TTKd9MYvm/ZWXtQL1zuuTtD+QOD
+he+CHCZXnEJoTXSvNOc5Ieo/qoIbbXbaf33znX1ljph79N2MVd2O/auv3sU+o3CC
+GWcc1Sj/pZe23x6G5XZTOX072MMZZdIBO4W6V+qupnIIhK9MecYERA7soL1pGO9X
+8QM3iiH3qd5s3gfcS6MSq7IuOKDkHneJW3yQzFZnsopa+MPxe3O9/pEiksWH7bw7
+x6Qw0+DOXYeSrrVXbjYHJ4Qb/nTBE225zAZVdqqgnRiijE5+BLU8re7d+J9SR440
+t0c0/vp2UjkiNzq+W/uzrdaF+U2xwRbzH6SQqNCoSmWqdvtX8qLBf00SskYpILbV
+qgmdqiWROBWoefkYRHAdpysw/4hJUNsvfVkVwv5bMvirE18NpM75bzZqzQKlHNBK
+d2Cr+fsG6QyBGoIijoixMXOSDw9lO4jNwSHCNkqheLOUcEWkWIII7lNoUwCXib7M
+W40OtSkTUggMZTXDddYZ9fgBNsc9g0n0XtF5QBPEhoW/BJBisuRcL4gj+qLC/U0I
+DgzFM2cwGE18OcI7q2u/OwqvKzGXIIVGY6guy6S1tubL8QivHnfEBHEGZu20EQlr
+PGOqd5jClUngTjT6dVlRSgriTVXQXeEfMUbs9jtFHSCe9nFQONhdIeRD2Iu5SwZm
+jguWaeTkkLtKwMfeW+fE8uI/xqNN6YWQI6UHxmhPmkQIIHdkbWGu0d6s03BnSIux
+CwKXpBULLMSkd1dEkVgDERGq61TnMNvwjxkEJGY1YyxjM3YuAgl8CYHr4wrwDDUP
+oYjlx+6WRauSfFANwGAey7KhxJKNUqvIQyxm9ZWiJRmKuJ0x3oIwb1LTrh9A4Jq3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem
new file mode 100644
index 0000000000..e2da15a120
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 80 1E 9D 41 62 69 96 11 26 7F 72 85 64 AF F5 28 1F D2 26 27 
+    friendlyName: inhibitAnyPolicy5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXaW5oaWJp
+dEFueVBvbGljeTUgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBTMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEjMCEGA1UEAxMaaW5oaWJpdEFueVBvbGljeTUgc3Vic3ViQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRGX+IdLeXlu6WOO1XhgOgGqd9vt8vGh9
+kaeJkJvY+1hpPPj5UzXz125tovx5oIsnxll0/M76mJUpNz67W/qeg+FkBHa7q+ct
+oZefLzysWBF6v1SkRZckKujdjCLHw6qoxSbuOKRC3+Y/o33dkB9wCcAjxWC1SZAh
+AK7E2PkfSh5pPE9waAUQTO3CjJuUPPwffh3WFV52ahhR18RfEMJPsIFQc9b40hEl
+kz4vuZLkT4BP/HIuFIMF5uzehcUGs4DUXQ0wxQesr+0AVCcDM5R1CR9S3WaGJURM
+uCkiQ7WWefgvk2dYkAoE0f0mwMo7nXHpj0D0LFXCFSXlNS8uV0XlAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFGyZqbYF675wSTZMWJoi6BSIhS/bMB0GA1UdDgQWBBQx4T/8
+Ym6AZc2peRAAK26JWugFwzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFxP
+sWa61v5gPCuZjV4CP5aoR9c3RwnXgwb1gigoeakbWE0hKy6HdZhrcpht+pSoeHOt
+saYnIEm2lM7MOC4vzvtVMTe3vj/PTwx44yGK3IxSRYs3tWesciRAJdfJrIBxUpgO
+vabTNdI2/7gi8KckWRLCpo0aiRriU8W0TDwMD9lEEMRJ2UGgbIsmExsy8h6ylWxN
+7BAyMWoOx8EQe7Fh9b+j5t3A8XZ0Oe7LdT7NDS+UfFKFqoP21v6h7iXzusoHA3Uv
+YQjEIwuZ7dYzDIXETb7jzQvdsY2mIFIwHtqP6csVtMQVu2WugApFjwGoNV5d1DMn
+XpjK0TofQMZYNOxBEZY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 80 1E 9D 41 62 69 96 11 26 7F 72 85 64 AF F5 28 1F D2 26 27 
+    friendlyName: inhibitAnyPolicy5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18D6086D08530D26
+
+0piNmvVEM3en9DlJy6As62VsIKsH6IaGNrjEkd256Ql5UWClirgZdydhz2bs4ctI
+49fCVejnqWU6hZXZN01zKiP/h9bJNTF8336sQQHLw3RpvLJJgO5PY2ukj3ZvpN94
+t6csUEqRdy+QuR1BTMZrvDocCCSCWqBSRZmyShV2fL2eos/2hIeY0u4BtqF4fzWe
+mY6FXjI4P36Nla6G5KFIyNMzxFxp+XVZYdelglrgB9p6VLzvSSdk+K6LZHcXtopH
+JpuHf7H91npaix4L2K0GQzze0HgSg/3Ue/8ozipnNv82rhwFEViExa/88E3ddSEh
+FkaM/LNKF2mqT9m0/jm6O+682LqhJd7uh8y3u9n9t5UuCR5UhhumRvAZidpBF71q
+uPseB/ikypJQ/oJRt4jP/lJI3aPT89Oy80CxMCKAKvaV4+e5nob4bcyc51q27Fku
+WszWcOJWMvM6os9JgaCN5BYpqt7zpa148qZx0rq+ZcqC4l/n/DTEvQxVyNQNWkpp
+cualkUiz74A7hX098eQRI2Sseo6KWrV2fEcuQLIkzo/BxnsTRziiehEJYa2khhUW
+qwapQ5ulM8vU+e6vyrfJW0z/kuEoLWFkq9o6wA34eRta7hxihoUcjSmvCbJ238/i
+mg75biBtsoB/KNJsX9eLLmxbaccPH64ETuNLH8Yj9faWeOGxotv1HCPOqTL4wrQG
+Czpd67DGSspl9PVG3TXFEW8Xf0fl0NqVqx0MM8X7Suq+3svX11VXFiqUiXiMvvhi
+g+WjtmjBQ5HWbu/LuG58PIBkSzah58vmFB+XrvWRb2HyrBT8hvZRCIgUqLzr8Ufx
+vOkHtlVn091XtWqhLZBrCjoCI/U3K+TmbbePxzAB/ju47vjF9YPQRD6IKW+Z38rb
+j05timFYKLPDyOu3gaWNI865LkOxx5JgWR2rIoSALv7pln0GfGtpAHvRPdrUGoze
+Vu2jqqPCPlddQ8Pm58BSYj+GRRKANfJi5LdPnRwTnbFceHAmk71mph/DnEgHfF5O
+mBfKXdPAUr5/Fj9sMCkpH9ihl4qylXAd19NzW1oM4puD/L22d9VhXD1wTdAWu9ew
+9kdrRiPl+Ohm/ktOkjLYkDoCol4sfxuetF8pXswRi4laqPvz+kw6KMgyp61gcGBC
+M5cbpAZhH6zfDLSnYPaC+GTQdSjBWp51LZYe2ChPocOs2HPVWZ49NLVd8VCJo48e
+xFCG32GW87sGMAV6INPAQ0CQBTAE2iWWZZRk5xrqehBmcjkl1WJBBF5DJN2UeZ1+
+6buBu5Fdtc3TM9PyIoDsBjKA1ma925bARz4OGhU39YbdgJDfSEuy6ahKxwr+JgEC
+C4xINh5BjQLpXewzA6F0O3sh4V9d5/FdMIc5jCeIGVfRkRRkQQwfZbg+gKhEg1PL
+CEy7SOPuahAHFjWSK26ZF86heHB608IO/GcljN+p1fe+I8z671fp15XxlKDOW0YS
+/hkbgwvzp5XYDz6/vkjRxUACuWd9s1emp5dv5wUBg9Ly+A1ObjFK6k9Q1judD4XS
+5BC9jrNUNdlXBGvy5iTTcoio0Kq6hHp7VrSi5ujgUVCiBTKWsWk+LYaIFLxh8OMk
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem
deleted file mode 100644
index 05c743e5b5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMvuM5rrG+hunxSZwR8TVsLND7teVaTAzIxbnJv0xpVvawDeQiN1A+CIdJH8
-TUXrgcfdU+E04StBCqDRBr1+DBMt/PuBDS/I2PcKqBuP6sfkSDr/lPYkbRBI8wZ9
-87H/ke7seqh7cSVORfqg4KupdEE3i2gxONHlTT/7XV0C5aOlAgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFGbbtZTHBcSzPiuRud/IqNBNKzREMB0GA1UdDgQWBBQpIHiUjoSQ
-KUJLfKsOgyq+NVs8FTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuKZUyh6gvU8Ab5pl
-P79yddRQcx4G1navwUD3YSS7q2rnmqY2ucmHX8H1JsOhQUqvLL81fIqAkWPANAmQ
-K4NU/ZSkkjtfTcJy5oYsVXjz0MyLKOwrt52j8MLZsUW/TIf5e57kPbORC7RQhEr+
-yMDT6AY3En8iF4h8mqMhwnQnO3U=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
------BEGIN CERTIFICATE-----
-MIIChjCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UE
-AxMlaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA5paTjQbj3puhDjZ2oS+VWmYpkB1j3pR42xS6
-DZJFysWv18MFWj06Gcb3VAc4DowyPEHzYQuzdaTQASCQLSX9JskU/ohcioVwGiK5
-S80dAfcGLSVJsvMROXvlapFvgkhM/qqtvyL0ft/bTTMPPkQMqayQPNiS1j1NIOaj
-nLReO+sCAwEAAaNrMGkwHwYDVR0jBBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUw
-HQYDVR0OBBYEFFXoqY9k25OSv29Bm8cxsKCX5ASxMA4GA1UdDwEB/wQEAwIE8DAX
-BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEARqFA8zrZ
-Fv0+U+IKZbMlVa9p1ILSXSsNk+KlwRjgJRk1l3UQtw6G6NfVhKkgNvqgrj7zcfg6
-zZuuMCad33y5ysIFZ4ohuBtD19Rq5TEp+UqAqMwaewF7AajpU0h+XnLg8v1uPY0j
-a6MimyCJtGwBH9LcptLn/+La3+6ap7ji+nM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:29:20:78:94:8E:84:90:29:42:4B:7C:AB:0E:83:2A:BE:35:5B:3C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        75:3b:42:7f:44:c5:fa:ab:b2:c4:63:ac:10:89:84:e0:50:32:
-        4b:96:80:48:15:1d:19:1c:b8:49:6d:42:c3:4c:b4:bd:a0:29:
-        e0:14:56:1a:1d:df:92:90:19:27:a0:b7:f3:1b:7a:32:32:2d:
-        cd:ee:29:38:d0:75:8e:8c:51:9d:02:7f:92:a6:af:08:ef:23:
-        8e:bc:b2:a6:47:36:d1:9c:e6:dd:4b:05:55:1c:56:47:1a:40:
-        67:4b:01:bd:b4:d0:74:12:5a:97:83:20:d5:4e:a7:d2:bb:ad:
-        52:a5:ac:13:44:fc:95:1f:d9:70:fa:a2:05:fb:73:e2:9d:15:
-        61:ac
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAdTtCf0TF+quyxGOsEImE4FAyS5aASBUdGRy4SW1Cw0y0vaAp4BRW
-Gh3fkpAZJ6C38xt6MjItze4pONB1joxRnQJ/kqavCO8jjryypkc20Zzm3UsFVRxW
-RxpAZ0sBvbTQdBJal4Mg1U6n0rutUqWsE0T8lR/ZcPqiBftz4p0VYaw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem
new file mode 100644
index 0000000000..9f5f766248
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 C8 CC 60 FF 6A F8 EA DA 16 34 3D 23 A3 8E FE 01 4F CA B5 
+    friendlyName: inhibitAnyPolicy Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowXjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExLjAsBgNVBAMTJWluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVz
+dDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXXPnjv8RRkKcKkZOV
+yGORDonJuI1SMrxuX02bYLRAC/XwvLOJpDsf/xA8JLffgaFLY6qfYmBeyVrpPvTk
+wyLD5LwI3MK6sc/lTCIBidoDBodfodpzBTQIa4MJLElXJRCkwyuEVMAFNng8N4Uj
+6ZGlBUw5t0wX2dudQQaILmmKKq01ChpP0DCujvs2vcadAm/sM3mpOoVrmc5onF94
+szwB1QrNrLrPN+WlaX67dl/m/uuK4Bbvj1cWOdyAtpskVKl4uZoyTE4gyuOSRbFX
+H2jC1XMd2yhtePKFYkHjEQEITpSKy/FPeQMyw9rzFI7t2+nAqP090pB4YsLNPYgN
+cG2HAgMBAAGjazBpMB8GA1UdIwQYMBaAFHSg1VjZK1PSK7DNXXHGob9Dp8gVMB0G
+A1UdDgQWBBSgPl5tKwvtC+NPQQGd8WO1AN3BkjAOBgNVHQ8BAf8EBAMCBPAwFwYD
+VR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQDFsWjMxFvi
+8SyiT+A6KlMhtL6UINksICnrb2ozC7mouE1uge+XdzRhk6ub/x3Yrc83OxZbtZzA
+f36G5OSyKn42LPAtsqW+X98xJJR4ADEsAxUTiodITJ0O7rolRFurlCrITR/AEswp
+bGyspXbSZVpCMqr87BCRlJxklpk8Vx4JevroJBrbvqtm0s7W1RsaazNzZyA30WIA
+SYISAcXhLlJhA+XTVZVMp7U/8RQ7K8lftW17ZJ1AQGc1KTSHhzOeZeoAJCYaqBLz
+BTRFRv04CGjhGq3UCBDazX2XfBQRg4TIoTo2GE2/cpv5oOMFZuxJLESCZbbev2Df
+8JFIDAsJaKox
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 C8 CC 60 FF 6A F8 EA DA 16 34 3D 23 A3 8E FE 01 4F CA B5 
+    friendlyName: inhibitAnyPolicy Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BD2FB17770635FCC
+
+Q8wUO/8aCWrsdP73HdUypS9Qbr1TBRDIeN4SrhnumHAP+uWgvZsb6ijnu9i1rG5i
+N9VguWwUkR+b0evo7AzS94hJt89CRtWICxF9AfX/ruMUrLjPuI0OY4N96WdBSAEN
+612yy65jJfTATSXoZ7xX7he5ZZ69yX/qehTKjBJUZyybhHEcsGSjnlbOOtGL+cTy
+7Rp2NWsGK+EjdqB1JGeoZkTeA+P06f9KNdofSzqtq4Ku8+6SQMJ5mxKYK3Q3pZl6
+OKfTYBu13cS/JcvMZ3CiCIqgAfztt9mMufpfRI8CSw/vBdsp485n/g4Qcq1kWouj
+m4XWIE1zJ2D8D21KamP0zIHJrNkvaqvK/kxld8H5nKmPRd6i7yiqNJ0vDe/+zQN0
+Xts8qoszNXjGvKbt5ee63TkSVCHPLQW9FlSUK/n/jIDb9FLy36jT/JgYlT6Gq/kG
+AdPJM4855S6J1sfiIzSd+IMydFY7nHea6wbNvNDJu+8g9BYA9xP8YAWVTJU91d/P
+gtTfR2APC8oAFafVK9zumI81hR+6weED9MsYdNDSSpyx4/vfDMfjuTxqlEF1Jp0F
+57LMGViy97uQrnjn00zyBZ4RWIyFDrkmD2MAkhSkxKT6RDdMazF/nflbzEeleblb
+kNA/cSUsGt7yNaaWKxKPuOKAP0fVcvDaFnkIpajVIOIw/FTs9RtlHGt+9u0ClAki
+2r7YUDGef4qWC0N0OT0/vY4FGxOm5Z8iFfrEjsOeqR9ffXS91aZVjX6JLanLBz8y
+grY8p8QJNx0rG47XRscXPjqprslzUzkL1UPE1UfrbHz6SvCtNxXIDs9qNbmT1LqN
+ICLxp9B8Gz+PXNWquVFBSiJ/wCdy1EINS9Uga5SflTikoWbxCiUuivNgQbAq3f32
+qSwr/3DfyF4srZ9L+pt9XLhC3rF2pcYsg+msA/kY6GteB0b8tmF1SqBctjzG4bL7
+OIaT+H4WYTD3R9Pl80y8ZBd885x9xNa6hWPvoiMsjEDzJnl0PhS9XwkFKTUe+b3x
+F3Sw60idyYXqHcVDmBd7Q/U4epMIjrmhJJDd9tiYGM2cUNNSw1O7qDNwap3cD/tn
+Gy62+bCO1hXsDPq7M0Ae+8BaXO8L7FBEbuaItFDKcrwdGonqO1ypWnkN+518hyXh
+FA35sFzrSVQJuttG2Yn8qdaEmoo6E+c1WAOTzaX8ISKZ74kSa+4orhscAqlxB4wh
+o179/V5iK1lDKY8xr6i9NMD9nb1hfFfgUGmYKgP4jtihXOogplUdif9wOe6DAD1j
+h2hyWSiokPDOZK2oGyjzpJjXmG4SWI1MGCwu0FpH/Uqs+RSCu01bAvjrjyCpiK6T
+ykw4josSQ/E64cNJuhB6A/FTChR46nFHGv2PHLeI8FVj32N22pqiwC297bod57jE
++savZ4nVt5BjYdQM3iy1UMuZq5XPmFYpiIyvUWwAvPLa/N5ukxcRR5vWwB+q4oUZ
+PMW2qeM6Eg9GLsMwSvDwdaz5E3shK9FL6xzkdzkwiSdnnIQkrRLNVvLxm+UvE53U
+bOZ7n2G/I4mIspwxc2qES5SDzkegQdqVYHr6/d+lkUsX6eEZjScr7WHla5a51Eim
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem
new file mode 100644
index 0000000000..3c95cac707
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1F 48 9F 19 D8 64 D7 71 C2 59 81 7B 56 6E 72 AB 7B B2 05 E6 
+    friendlyName: inhibitPolicyMapping0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBNzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGluaGliaXRQb2xpY3lNYXBwaW5nMCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANt7nMME0N3fefF9kFthzAI8C4Y0Ul3e4aGamPxfGzSoKVgKIEXl
+yKbwGaBplcjaOjQxl6MO74pTzEcOUDHshkf1uLJh8K52pJDew36C3KrZ3cMACKrz
+LgvwigxcHTWFv7Rey0n76TupvA8HGAl663ah2QIt8I1rCqmp/7raxqQxbBJFC2Ti
+pJ8XZrHzIPnzkP/RjVgHH+2vgxypQh+/Izw9E9MOLnkXKUUE5x6rCHvbz2CHJ3L2
+QXlqaZJz7hqKIFASnaY3FPKwP+cU/bmIIImXCTjzYx5hiT0rixD/bUb+pXkcZkF5
+WTZZ0MU4VyLYTAEnBeiiX288aaDV4vUli/MCAwEAAaOBkTCBjjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUWDcmB5GEYKzu9kA+pSv8
+/5cdndswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYJKoZIhvcNAQEL
+BQADggEBAFzEkzKG6Ig8FbZ5qGL/3Ua5qibD6Ky88jtku7s2ZG6vQ/GC/5QAcWsW
+Qtz7ajxzTqZ8ffXSFsmynLiUjmtPbpvuKmgZpklXi/8dWmy2DMxxBqObnOkASL0U
+wbpv0hMTRNQZkYaNRKd3G0mSJdLCR1ZumDQfxYtSSB5I700rLZNqxLgF+XemTNqK
+NQxcVvAFOjJ3fu6a1lRPr1ahvyPgPfUGugETMoMQ95cqM0Aj5Zo0ZRUQsXS0XCtV
+D5ZD4THlPWdUcUKaF1H2vVvidJX8dGV5eA1GkJ3VFb2yAmbEHxgzfr6YgD4jjgAc
+ksRGDC7jO4eEsZYanmTqnXdR7xBFN6w=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1F 48 9F 19 D8 64 D7 71 C2 59 81 7B 56 6E 72 AB 7B B2 05 E6 
+    friendlyName: inhibitPolicyMapping0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CBB29B0088B46234
+
+V0UB4zlADJOccBOu4p4x8UvJgQxqW0WabhdIPT0Gpi5k3ou6TTVXT4pj5mb33Ov8
+n5VrB0kDC0q+oopZtZDWI+ZxgYPxQex2Skijcc60zGxNljF0UHYV3X8xAQ4os30R
+0xEE30tYCVqTJ/EA/QMZ4jl8xQFCBoUzpIeUcUXGmcf2uK2I69di0s80fX5uzvUm
+yxTsgnWuOucKm6J9bjs5Bb3LbfFq3uUGf2lVWizQj7ZKLTAVvRCO1pnc/OOo8zdG
+5h7jYDVvfHJZOv9Q3RAS4K5h56Oe7ebmR0ucNwNN0iWw6QZvuabUppCNJooZfA9d
+4y8eZ+Ocd8PNgy2VJpmy/NMsj74a7oXO1cZrmqJuajn1HBO/xYksH0334xLemaxD
+OnZNL9aNyTmyboTnmn712skBUgIWC76kdb/M/MSwFFUjElVO+i2xI0c91T+VYP5n
+3YsfMWSS1n1386lTUCYlb3YqW6SE6dLUTjB4j9UF/kLHNKjVcYFfYK2I99aXX5yg
+Kg1Ye+hgaeMB4BUKp5f2YGhpqnfTzfG/wQjCrn3ev2sJlvEYFQvRakrHVyAaELzu
+BadiEQLVfb7yV+DcFwdK9zSZf6JnBEL8HpMSTLCvgiXgB+m+j57Cly1Xcl1qbUkn
++yvyJOar9zANlqmBOD+cn8HqmJXOb51whNi9GZJCa5E0992nR5PiTYgW4/aP3ArD
+MGz+4gF1MfWLJCNaL8RoyVTCdD4ZaexAYt8MkKqirviv2mQFLYm2i5mzDCd1ZUR1
+rGVzSBwnG5v0/zFiIWF23hi4HxzhTu3H67EU9yUNhikVCNb+7JRyD78QqwGYlqIC
+oPXCEOyU2iGr5zIe+N80C88vGkq/5C+16VAq1Pp/FBuEFrcl4HM2O0FcsWvhofWK
+aKlmAY0V2Q71MRN3Pc9OrBAvKoc6U0F7ggw60GupImNORhxGbOgnoGJpNA5BO3RB
+lerEWyuOmrRhQvmpMAMKIRGmzBTos/T9h4FvM153AmJThNRdMOsgFCvREd7WN41/
+QiAXJ4F4kP3ibx3t8NeQcYgMw6Kh6PthO1mP6GVaxQLh0EBAHtubTXPOXcKfESHJ
+HxcP/UMGmwiFgQm3RNxtl7wRqfdVDwXIWdMRFjbSDJtRx1EQaMgqRSYIu7xG+5QT
+HNcH87GUBwDiGEggK4aZ7bHS/VAbnIeTJRbe59uIfdEx/Wmc/04CQ/kOranx5ER+
+7VfSn1njQ0x4JyBwwxy4zt83eaMZYHk+XJZMnkvNaxv3bdb727Lt+SQdPX3iYtO+
+4oMMsHjVR1yJ7ty85zzE6KkxavFGj5Oxy4O76bnuvx2aU6wGE0k50um3iFOkPidy
+a+PmhwFuOcvNPP/y2OM32J5nv5K9QqY+IQ/V8fZXMK2rLLYnxF0emDrlqmBwqBeB
+VM23mKyd+fFCfl0V8u6PkyrKX3emXD3GXIX12vC3gk3LGDehJl55KJTz9CG/JDGh
+pDMxymRAWaI+hyyZ7caCQ+wY5ut1h1g0a7H5gB9uoqLTTx7N6jm0jkXcoV43r3VU
+M9GxJPDmUgPzvxFi8R+ue67sTb1PshxvzJJlBKazn0kxspaR7a4TAr1gXPYspsrT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem
new file mode 100644
index 0000000000..93ca7870f9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: F5 46 C6 A0 F5 9C 18 B7 19 19 29 45 97 68 C3 F9 C2 98 5A E7 
+    friendlyName: inhibitPolicyMapping0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 CA
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dFBvbGljeU1hcHBpbmcwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nMCBzdWJDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOxx/fK0GiaWvaebSvC+tR/65oOxtOB0
+i2rlCHg++AGW0iPfXroJpby/vqElvVGZ9/L4ZC4ESfkKlcP99E5jqxNFqxNmjXbp
+ySBDusJ7cGIK+Qqd2tkfXPkE0Ov/XqQYa2hXqvZGbwPyXTjkjtaL7k/xJ42vJ4vY
+VyB3TKHWnm7VK307P6R74SvlLeTqcbNY8UtjZ7y88mfufWAKczbDq+0BCMpjFaUz
+h2gJbp7XZXrsDq3NdQ6KSsiU4YKDk2JKtPZuLxlHXl3DELKzcdTuipGtbxvTheOB
+VUfJKo24hBDWSry7ejCKwNbxMwXGovRY9FH8iHNKjEefc7W5d443rQUCAwEAAaOB
+pTCBojAfBgNVHSMEGDAWgBRYNyYHkYRgrO72QD6lK/z/lx2d2zAdBgNVHQ4EFgQU
+/7RzYlKNXJY6WpCuGry4PHmBYx4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1UdIQEB/wQcMBowGAYK
+YIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAvmTHRMpF
+Xgn5rrscWjGbzojCzy8p6s2fH1D02ULqEJtJXFbs/UIVByZaMU+s9g1yRz6NsrBY
+YJeUKc0l4OZeOmM6rHeXVD3KUBTb1dvZbc22Y4LzzRacv8p6XF+jtiTI7hnkv+7I
+AmK1y9IOIMWB0mKT/uRwzFn5GG8kYyIQuLGt/xB446nHL5M0k6kstz/aApkA5A62
+LUZs83AcF/p+NK2bY2rGFrbfoRtxFyOKrf8bwc1GmHdj/KeQT3iwJo9ilYOECY+0
+DmL8SbReR2oE6KM3Y2FTcVu2aBh2kqiFRU/DUu3Qso9hQ69920KdysFj2I4mTRWB
+Sn0cA3GqJO54Wg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 46 C6 A0 F5 9C 18 B7 19 19 29 45 97 68 C3 F9 C2 98 5A E7 
+    friendlyName: inhibitPolicyMapping0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82D2B7D8553AE8DD
+
+CT72MgD6SJk7vHWHJ2AwPkvAuujP2V/jX/2061eholo92cfOwARYretMFnqxKqBV
+1veZdKKekq5okX03iMOdOg+MJo1dKARzFeQ7e4nqUvFLRKrfjbJpd0rrga7MoRC7
+qScAxuZ5fBFkk7RpzxL/ejeaFDEII95tmS3PpoYBMRUS2NGHmDWF94onX7yzj/Qx
+ztz1v8FkGdus72gDv7ezpnED+3ENNFhLm9QXnaN56xIIxc7l2ads4QQu4M9s1nwI
+RNqn1hR0BxABF92pRoXgkrXnYMv7bLW+/5mowCb87VUddWHqM91AygUxkXtVto6Z
+jX9TXCbcTS3fv0bHdxQqNr7bna0zY6ym9z8yWRAJ/Hkf1CqNYFVFLvm05pGOtRb9
+Hk5LR+o7ZzYzK+V4e5+VfvYj5cKAARmvW51+we+p7XOO4x8iOuYGAzFHEkjrFOrI
+o8idKIfmoe2oy1JI8WCh/IddhPUM725YaGc+iOW+FtX3laAoOml1TZC0LJJZWWzT
+uP9CftRStoUxx6I+IgHUe80rTasjj4KQ23UsW42IGs5M9DlP/mHYoSlUf1nxjpGb
+rl6emEXB1SK7Dc/5DYYqn1zqWpVtZBqp3jlHTy+XpSM8HXhY9YhvCKy1BSNx0dhG
+nBzBECLJ11gvzU1r5279S+V+myOE619C83dn2CA+4bmVfddWsw+i0Y9cRIyGyyBf
+P3vzm++UOcWjiaORD65TQWGPjvUFKrE1TkZBZ0uThILEfnpUyYaH9X1l3R2Ky3yp
+p6nHQAMBGt2F7fPZDdtlB+SP2VXd/WJdvU25L8xUWmIQ/uFN7RHVemFznwJGzAYr
+ixghJ3QEG7Wj0ie6y8SVXMILUKfBYjKnMsluLi4f62jg7cePEh+u2xpdyVHBgbZT
+p8PN7Y1D1uJUb98ZekFoLq28fIKptCOSHmwyn4uM/g2DfutmONMJEWGP1HqBTcR7
+bGwlyqZYpQw2C4CJ9F/ubDHMYNhQSEZWqh6FRF2DJxveTl6fYOre3PYDAc7XCXyQ
+QZ2QIdZ2138C1PewlmP6duM7Oz2+NhxRB44B7PNc7B+F2e1oekur6mgZD25U/5pS
+y4WPdRxO55kJjFzS9LCrRWbnwMpUPE+ISqBGJ4dhjpSGAHVHEBM0JZIenpJEFVFF
+DbbWqboDKo0fvnREPbSJqKz9HQ/4SoxOPdlRxQtYGkb0wdZoygYttkVnaqaKsCIG
+Rgqh7sWlPCzIh8/HkTI2YlX9yXETINvx2QVBeMZspTwSRy22SbbuIdPgWspVMCZu
+J8z32IxMgxZvpx1prS0jcJGh69GLbnGMXg0u4jo/ruhuY0MNflWbCHX/YOVbylSW
+a9cWCplrb/SwmDDJ1HOgx/UylRGQ9HDvxnNRIW5ic+Wdehd2dSoya2SZLSGw6BXf
+5RRIBk2Cxac/ooi6rYU65S+ZC3iMBEa2L+KIPEEgjxOdBfZwJ+N6pSWZ/nZ+jzO9
+Qv6DvFZhs7sD2cI/M69TmaUBM++l0cofj3WUdMWLevgVc0AAnQL/83bZ62fpBnGt
+MDOEMDBQrCRxlCuV3yxHu7zivWx2DuUBqfQMy4dyG0ieMlKLLjx1W/K9fVcfFCJd
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem
new file mode 100644
index 0000000000..77eeeee458
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CE D9 A8 C3 E5 4D 04 D4 32 B4 01 5B 7B 14 D1 B1 01 05 C0 8B 
+    friendlyName: inhibitPolicyMapping1 P12 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIBODANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HGluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD1I5zxceMZorGyjg1wIoa8bfGeT1qfHYrEVfYDrHwug5k4
+S1cwzlE+S2+1a4izALDGq9AwRgmnu3e+sD0D+D0jN2dKQN9xChH+u/IAI5Mtbw7h
+ds2yHU90cqNFbkEk5JyvBdGLvJZ4BVc/VuJaxdDIh3xUADnpk2wXjPGJSol4Sjdc
+pb7m4/YaDl0dAc+r3r5U1Wz5BNqI0A3JvezPJxTYnBQN0JvEkuSOg0TfmAUFqEqB
+o/mCz1/h9Lycz0qwqOWgyVQvvfIpD5YtZF1Bek9JISleu2pEaiRkulVCK9TP26Wh
+ZSE/vJAhnbX52Unpz/Kp3jlUwU/DDbM7KW9bRCgNAgMBAAGjgZ8wgZwwHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFE1nfo3dORmv6Cbe
+DgE0eLF1ENqkMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBIGA1Ud
+JAEB/wQIMAaAAQCBAQEwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
+AwIBMAIwDQYJKoZIhvcNAQELBQADggEBACsyNZjgHZskZHR1CLfKK/Ny/xYRo8ln
+NaSzPGFEcmltgkUFAEKmjnzITOIg1kyPeOh9BVLbtjzuXVJ83+2Y1MBzqDTmrGFg
+F62PRAXKkH54QyT00xP0TbmMQ7DEIRAf4Dam+mT8tezBbJgr9zjSTQdh2R0JxeI9
+J4GgBMuASTMF7NDDtl72adRo9xzJu9FFucSKUsTkYjm2muUStfZH0ULJoDEm0MlJ
+CEZWukj49JOznvVgWtUaHv50/oRB2Cgl94NIcs9lAsctA/cw4i2pQhede94SUjFK
+pa5ZeQWQ8rV9MpXFEZ9qRhekJ+ckfqSvPWUcZIW4wve16E/hR83Fre4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CE D9 A8 C3 E5 4D 04 D4 32 B4 01 5B 7B 14 D1 B1 01 05 C0 8B 
+    friendlyName: inhibitPolicyMapping1 P12 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0F886ED54A0FC007
+
+ytyfPeZDySSt3olbkPdTmNLg+X1d7aEmZGh3LYg3lVGnYCZOc9sx8F7ArZWZM8wZ
+2CEV/As9Dfkzr9+hzdc5he1sW/9X1tEQu2E66kdNLlrMwOwaOqNRBXB6NMszOuHM
+HSzmqps45w3YUZZivfQEO6QN7wNuYOSLFEs/Yl9KujHIu8V3UHwb+ZK4Sfcj/uu/
+uOyy9Nkbinue+VDnKK8u8apU5njiPFreIBz1FPII/GiQuF4SmOiSuMiuWRPacGUE
+LCvXs1AdRWUjayEeiLDRg2l8gIbtazT7Fd0zWS9rat/x/UlrwGNzAyDNmHklGguP
+oz8chgm+CVgIRbf+XXPLbvBuKDVflJFJnoTtwBu1AaqeviAej0ETGe0tqMKZJjZF
+oMM0HVZkuhbf8y4uxQIX1J+yF7DyYZWkWYADVWi1uyve1G5yXRlDaEw0hdUjUeAe
+H1UBHjrKIfIHlWdpbrwa7o848zi8Fx+eR0QKnyPLFrsawIUjXJu8K2fWmQ4RCXyG
+6+NDPOH5m8ywH7CtQoFTAK4C6tctT7FxNiqbWIP6MUM2g3GwmZy/EoVA2AHKxySf
+b5NIqZE7SoGJHRdoBZCZG7WGQtXXWK53IyQ5BuNiPy7vsylzevM8grWNmrBcDzi8
+u53mEvgPthWtkdxD5Ap4e8SFMhI9k6ypcSc3TmBj7WMj60nP86xBGQq4hApnBHZE
+kQAbNlNgzPFfw5Ap1tx1BifqJmb0r5hMnziPVkEEBpmOuuwXsDnxG7bmAomOz89K
+3DHe2WdIselXkNzJZJHV1z7z4eIGrlT915t9C4Yf7RE6xS9xi5flJ5BtBKIk8DcS
+GfHgO950E0nwQIX97cAbcNOQsi0dHUwr7Hm2958q+uBpVc1hDFAeO1mBrZdXLBpO
+uLh9/k5i+IpqHq04DSBGQUDyaXIsWbTzio+Xi1QnJ3CP612pp3XD7XcOML12WQEg
+zGm2VJbs3jQ8DQT0J2hQBKD6qFA30ERtoLE+yEGV6PzuXqaEk33sirBNPGk2qK5O
+LqfxpwBQ5+75dZxe9oGY3porG31yNiFMcTOWYbXw9Xa7+HcjEPJULSetXH3aqIcM
+P4kat+UriWyV60UuvUO+dRa/g0Nu50wISgxC46qbNn1c3M3FTLNwj8CkK+abs2YQ
+0cDmqJ07Lewrt4GtQCA3xij6dpzZOZmiASdFKP0bJqiL7cbtd+GDgg2ssLt9I7wl
+DcsIZH8AfY7M2eUc/ukF1UnJa1g00N/WbPAvlgl4kXHmtnuFUeOk8g4FHSmfphZc
+/8OI9iGk/djAhqrp210DAstsYK5K+d7Ua1sthh4kOX9vNfVsuLI7KmFvQYcabmL1
+oWPTIP1zr64UpVD3LD2lzzYoH55zRSmF9rlY99JZTkDGWxT2d4fD+yWUwQK05hXj
+XnNZW+gPyKXvR44lMYIwoAVJdOzZfDqSiIpJKfw9VbAmB9e1vNxAgigTJlvoxH+u
+UXIR2DCBN2JwDfwJyBsNkfz0OIKuqW4xUszOiT/zH0Z34Vbxecym3HR08VqdFyU0
+IXYJ7XazX37vkh0AKeD+AyhCyek2HBFKBzDfWwknofj/UtyWyUM+NVBUuf5Qp0mS
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem
new file mode 100644
index 0000000000..ac4e8e3abb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C1 5C 04 71 D0 64 37 F9 10 8C 2B D4 F4 F0 91 B5 51 B9 B4 54 
+    friendlyName: inhibitPolicyMapping1 P12 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+-----BEGIN CERTIFICATE-----
+MIID9jCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9pbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/QrlXBwBH0gps8hquY5
+TPS3Pl3nIpIi+sth4IelwQSoZHaegDK1qWdnTQjv/lJ596J3TXGnzqNuvGddznYj
+/GR71RLDV78euoXdw2VKFfE6UwC8R7qPvA+1VmkGwY4t93AvlWMvZNoevz9bnWvC
+coByRgFDino7JTHz9rqxeAumf1hU4XnwMXqbr/am/INJrbGSLqWFawaF2YZwnvCb
+4/ykemKyYf7CSaQ85WsuAMwUU2UdSVqsW2n4ATqYQWs1KUOOYFMVVHBZu4v44Q4L
+BYk8fBa15ly4LoiJeqjKpttt8oyNktCEhxN/j+5zHKgIVYKYzd0lz6u0isRrifee
+bQIDAQABo4HNMIHKMB8GA1UdIwQYMBaAFE1nfo3dORmv6CbeDgE0eLF1ENqkMB0G
+A1UdDgQWBBSqJpQdZA9+BbxdYI0HV/xwlWZs5zAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUD
+AgEwAjBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYK
+YIZIAWUDAgEwAgYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQsFAAOCAQEAaYLtBvHj
+nfmFJ0JXZk9449d+fjF+N+jz0xgBn+8jeIDUJwYd1KBIjhMd3/ILnnRWwt8pNwXF
+HeBs7GEoFuqFmycVd+aP+1KO6noitwU2os8h1yFzvTgJYN/MUaTYUqQRiwYIy3Ol
+ZXQhYHCf1+7qjfNkQ3yqY9YCh3rRDMliVtfACkV844ijTOyUXP/RXvpYkIzMW0jb
+rFtIo5pJ68EfpJV4DA6yA9raBAyuxTXxStnkfzwte4pTwXivLzp/5mDe+myBXAzv
+7WThsPpxuc4yL+KItZPS7HebwOSqDRuOMyGi5Cqn7zquvphTfi/poJQimamBCrfS
+DJ62v3/CviEAZA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 5C 04 71 D0 64 37 F9 10 8C 2B D4 F4 F0 91 B5 51 B9 B4 54 
+    friendlyName: inhibitPolicyMapping1 P12 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1DB575107DC6C9D8
+
+yEB2NyCU+noUIZfPaBM7XYczCsK9oAh3RcSRXRX0Krt0Mc4MvQFKDNA+RsnAKDkf
+Nl7FdltTfIfNp3OtOLwqakOagMJBBUqIeDm1+MZtQRcP4OYHV1UKF6Z7bdl9RjfL
+21eeM+hJIJ7avSfUbuhzAFDLoGGAfBJT+n0rsDXIV72EFdeyGmPSXsispSQcHjcF
+GCn9T324r6rnbaTlP2a7tPAsbMSyeq485DTAsKA0TVn/JLXMiNOY2ihEpOFc80TF
+g5LGJhm4klLc+QQykYb5jxBXSmw6T4Z6fqqt5ry+v+JClWg3ohRJGrXpsH8mnGtt
+x5Fqmp0NI2dxHbfYMzq7L5TERirgGcMfH4/DtYUKv/ntBWECckHp+HrJWGCf6T6L
+f6dU8qv/HPRDND1X20SIRPt9kUksfGnr3tA4AtCHtRaJh18bOqYI7BFzMJBMU3Hf
+gQQkRk1xzrF6EgTsN6q6utyNJ+dkP6jLzYKDhajSYnvViJvi/UED6vx7kfPyMo/A
+AZSG7G1ptJ5sTeY/c6gBD5BQ8XhW9BII7aVIPHMJJUFt72/G/NtClpR06AhIs9pt
+z7yL9UzPf8px3KBkqCQGrvJmbTn+KFxQlguLUyUxzhz6QyVF/QRysBsL5SdkbEnm
+G6eVHRdRjIUD8hGujH4YWu6B2U8yYfbmLAmJoRY2qNyrVaSDEUJ9alo5Nx9t/lXU
+PyVXHTmHh+Fbh7+ASGUd28j29xvnFAq4GNxcJghIqI3DwJLvvDCNt9NATYQDidzR
+8uPSuVEwM1C8OHX9pry/wcmlgf8Y/LOBEkESKKlRDzhmMtQOeuhaviLL49WkC/9O
+g5LmnMim6kRd+Pzk5JmypbbYKOmwIBPEqV8IMSYvO4KhgY2Y7dYDUJEgSbToOvGl
++TLJmS+hK+PsnEVmVlWMu+2d8biw3LZBzOudw1jHj/2Xp9SASBC4vLkap5VM/2qr
+z2p8EnlziMEdLFqwfCjtRM+xd3sCwXXr3HiztyblPJqs/HlVHK3amkKkSfSSDMP/
+7KO+kNewL7TkVO7nl0UeYIMGGtxPwcjFchn6FZq34IyzT+hOB5opACFaajZRY426
+vAgP4Dkahwr3u60n0nCcazVROD5FS0ccooopyiUEZwnB4V++nRsKgToe6WyndoVv
+oWkeaJtr6wGvLb/P+mwShdDvAm52jBQ4Sp5gEH7/b/sGRXaH7uJd/BChD8dY0JAY
+2E+lVni8d+PteKCSbjItFC4vD2eOsCIaYEO1SuxOjfIRAfVAiLa7or4FMRgv084b
+FOQyF5jrh4OL0al9osB90wAdJHWYZgNImJJLw9GiWqGWNf1RKrTgnL5mEcpLJY0l
+JXpIPJh52/H1FJpC9AQ9IDsW3ewjkGQR1k/uXdNmNePRHC2bCJFIJuA6e/J5hypu
+qanrlcQe5kUyFl7C9Tb3yT3g5yJWEloKGjkaTH5zBECi4/jqT3pWWxm9Fj2g4iTS
+5iz80saAAcF8Nj1TnFjiCoW7ZegIvM1pRaB+ISpXaUp3+zxYm+1RTJ+Novqz8UqJ
+ff4QNdQ5/vtY6WEs8e5LDhbPG5zbQo2hEONTeq8tn3pvh0xlDSoBSy91m0Jd3Q6F
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem
new file mode 100644
index 0000000000..012f19d8c8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: F9 BE CB 0D B5 0B 0D 95 48 69 CB B0 2C 42 85 20 A1 0B 67 09 
+    friendlyName: inhibitPolicyMapping1 P12 subCAIPM5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCAIPM5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFwxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSwwKgYDVQQDEyNpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YkNB
+SVBNNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0cg66AzOSJwdQr
+Hj5jFNh8E1lyBSK6cIPyB102DVKLKmj4C4QpzcXk8/15iEOEVks/j397JUsyqlEp
+ayfdGo1BNHq1oi/o0BfHcsybXcHmhRYieL3xUGcl4+9dNs2086nT5ZuOVR4grVlp
+S429Rmdtny6k/mpAc/alvPmsgahUsSFFh8LoOgqPriVgFV/ifGBk9ig8CQwxccWB
+JIvv8tFImPOxtaTE9a1bPV6hZbDzTIRxIz8c2FHtjPnI5eWsmhBpQ5/TFC+I7RJ+
+2nJbgS9jo1J39J6Ll04WQVWREQ5nH/XwdmorkPJbURNL7XosTV9WaDhodZOkcPbk
+Czvf0X8CAwEAAaOBnDCBmTAfBgNVHSMEGDAWgBRNZ36N3TkZr+gm3g4BNHixdRDa
+pDAdBgNVHQ4EFgQUHQTPdicHjyI7wvSCLu7m3ROAe1MwDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4EBBTAlBgNVHSAEHjAcMAwG
+CmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAPh/d
+V6FSzVZTO6s0ttZjFxM+5Yyi8gU+O74rUPUwoCo1zHQHS/ElM7nzk2SMUyW6/aoG
+W3xNGijWrYMEBb/LosEjPbB9Hqct4pt6ahT0oE62FUI1J1LBkxa0CfCouLzoN/dr
+SBLlsMtrYuDriGmr4GIF4MZAp0DgSFP9QcHuIWhfQRMJxNBmNT/nFbhJ6uxJiLoY
+qaklau2l2aeEIa63d1PSwlVeyPYOdDFivB7i705e3mPL+har6GNQxpKVoeoljJv3
+SJjAzw3TfDezPKALmsHtk7qD6O23r4+j8q/8cQqfB83/aL262oSN4Ov8vNvlHV1B
+0BXgLEcrIP1K4LpS+w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F9 BE CB 0D B5 0B 0D 95 48 69 CB B0 2C 42 85 20 A1 0B 67 09 
+    friendlyName: inhibitPolicyMapping1 P12 subCAIPM5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7C82229E00AE2D0F
+
+3DC2eXeyxL9Jevjc7678BxcxtMRxaQS28VRbbDZm22mudJsNIiavCQ6X1qkw1S7J
+OH5t5lTKqq6mJIsiHipkHcjwJYZZzQ+ZtYCwQuXx5UB6DZ61OLCDDNXHx4y5Id4a
+Nnb5O2CtoxKAzKKft37xIBwDMmQT6ZL2X+WTjvznJVxOSAH2uMF/SnOUcDBiIpDK
+eUnlie6mfs5CY14o1J0bETX+/XTq/05P27VkGFOFp4E0Kp/fnHhRWtGmLollEmut
+JcPh8ckEwKmljdydbklYDSv47gpW3Sd9dgwYZkqqprlPizlAXJT34Fp9X9+xOr4e
+1QM1/ZLQl4vMNWEXwtMaBtXTqMk2Na61pt5AAyDwRibGCnPrCIS2bd28L8R5689O
+SlIdzdW0SqIFul6MEfNgi7Rxv3ZXyeQ8rgN2fII32N5agRws87rl0IDDqUFD6KDS
+Pz/5AG2h/ypBcdcy6AowwqzyHxVOLvMt0A0kQPMjYkF3P3DZ2SVhrThqmD4o/MZr
+XPbRF+L9syVaggRkED98il18mZCPzIoVE3ZMW9B5pAnzkju7X5qcuKDfka8p+i4a
+vOOyNnMt02Ci+bTmqWGIQ4nICHuf6YzNZmn1EtKxyyrY2xlIA9hZWL3Gn0qbqNMf
+okGXR0Xk6PyOXjyOt92do1ikS/N+MvTCghLzhz2QD+jSteQwrAoHarAcDZlC+nqu
+Owode5ybICY+n80FoSLw7TjtBsyso25K+hMgyzUiLrU+hEniDrhitPDpKK9tEQJJ
+HyISS5kWqZR7Ec/qKzhTqj2gb6upSQyx23kQWslI46/YJB3gF0Z+1GUjjgLLxwVo
+HPjbyyV71B7dMTyB93JXggaltwm3SOr0KqUg4+FFmgJfOFIANDX7oZEhcA4kyvaL
+q3Edqsq1G46Wi6U9i49iNCliAeM7N9LI3sQsDPQafTO1pjJ49UmvNdgUQxORZPD+
+ZYJt3I1w4ZDlWNl7F6xADOKtIjbz47bkJhuFNFnbyqXMQcq2JvC9qO+RaB3Hoe9U
+d8A5gtvHcFxTVqC51KzMRdhH/XV8iNh2snWrAEqHeiDrRfGQdth7wXO0FXEmaFk9
+LVXiaUYkQcWfaMV7/vI1WiTmAcbCXLqolIykhQaZXECUWzj/kqyf1nhMo2jY4plr
+G7YN8r4RFeHiyV4V490bxf95kyY72Xs70x8YDc0NPPgaO+ayPab6DJ7G32PaDsks
+A4XR/Rm/f+IwsgJk0EwsaJ48Q8nlSad/aFGmLGDGa8blbA/1bzHUAetglBtRlsN7
+5B+Cpc/J8BPU991a3OOafJ/Izknw23OSlX4yPuruH/S4h07vI52GWNXXkRYj3+x2
+qNjg6sXLbTopHeEVGhTrEzfrQnmm+E/fFLyeqCicqAHV72IKlpjwFqjiW6Rpv/Yi
+8NCN5cho7dQPAQKbUzSTj75cK++IL+4gre3U+7sXMOFQhUxNQElzZNR1g8R33Rz2
+XYnmYQk8d9sFJyQCcURZEn1lI+nfOtDXSb69z++VzYd9VpCdq8nnCmjQIRwoEtH0
+USRzbDmU5OuAnM/cL+2kCl4+NDRcHraXZeKNQG6jnXettVattRyOag==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem
new file mode 100644
index 0000000000..cad13d9146
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EF 94 73 18 7D A3 06 B3 51 5D F9 7E 0F 97 5A 1F 10 20 44 7A 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+-----BEGIN CERTIFICATE-----
+MIID4jCCAsqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41RBZsVSZtw5
+b13HlMhvwmwd6KG/vDnbeZnxFMOvUE8T75Dz/1P0SCSkix1T+G1FdanOupx+Nv2X
++qo0xHV/tdme0V1AEbx3Rbt4fFJM8OZed/YpoRiHrl/yojesRZv0hk0GO4lOBgxH
+ouKj0vXbTIOFj/3oD1q89GVUpkShTUMRQzL64NKhqiPP2hkQIP0O3heR89nqggM1
+/1oyC9Eu3ShvcUtdNLD1MVdPxIQJ3ytC9x6i5wFJVyFF/H7YuREKDzeXt4Tb0ESr
+Lq79pDFTOiU64au28ClxKNgOZMTn+vKKuKdxOdqkbQn8jQyws1YjPPoilWxoC0aB
+Ev32rnqHXQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFKomlB1kD34FvF1gjQdX/HCV
+ZmznMB0GA1UdDgQWBBTXgFwTi45BdroKtXNx6KNAgHQO0TAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYK
+YIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIB
+MAUwDQYJKoZIhvcNAQELBQADggEBAFMmz8KB5cr40DimQ006k+qjMH3kjROwVMfG
+CFQ6dBQawNlZDTw+1QTFc8AYH7kBFGY0UpjFZOVBcraW+FmVFEekGN7a4EQ9Gqxf
+/+xgUSbQF4PpH6G7jqCPPJhmZX7i1ByEx0/FD++2QAd6aOETOGshp5o7dy5SHSvC
+BWwmb6XTcP1+gJggvVdQFpRSdt6l+7+3YveSOhhfw+z+LvLWwjqAhuBdvvON9qqc
+uWTkj7U1wszl5QqbPJcbvDRLEkIccnDnVDBRm8rY5lN5S8G2nODVQXG+58/0nytL
+6yiE26xchmmFEWVzIwWfCUbBtOM4bYtGgj2Os3O8RRBzNprZEtE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EF 94 73 18 7D A3 06 B3 51 5D F9 7E 0F 97 5A 1F 10 20 44 7A 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,17F51FE552D7C4D2
+
+0ZrGdJuzBt1+mvHSivLi3QA7Hc0rDIbrLOlqI7LmAfw/zSDEl/dB8Xa4ebaGmhqn
+t2MJoOz4sbqO5nKRJxKDgcipk6aSvWgIIjfc2yWlWCyFcSoGSdWm/uovfQiyWQg1
+uk4jOJrhM6DaaOq/x0HXxaHa1Y9Yw6DHdAZUXG/5Dh+SGIoz/yzKW3J1kRgM49Qy
+4zamlPa62lXvkyXGLCzxGV+9gPOq0TbDh9y98a3v9rGpu6GaNQv/GXvvqT3dIQJm
+VJ6KFt8IS02GR1jbOm1zdt0PITJTBqlutnXCySN6dPYrPVPAR7PR4Nh0CjTQLuam
+kwBk59Nkujau/srfVYLZW4sMM3PGAinHKysSvEKCdqp1qovpoEqTsE57Dh1bg/F0
+A8lDXHErmoPbDTKJdQTLhI6NQ3MQ3hpzUw85Qi2qz2QLtBfYk1PvYK31/SmbqW6Q
+bs6aW6eyxEJFEj/z5Drd+ctLkMeifpKXuoS2eci3BLBJkBMHCSNDTwJXBLCt6uK0
+yAcsDhzIV54iKeTI6fCSo5sGKr56x2GsQa/q9M2+2O8Vj8aUcsivezWdWo3Y7xqc
+cfUZqrqql9Wa9RqpEk6ZK+zG2M7y+sob8S6DYxqfWGsCl26gedxphYbO5gbDUko/
+fuigh+G4z2rryKAHznTYo57vcNgUeDVxMxHMbD4ZG4aumg6810ZmPNz3YQuzJ943
+CZflKcb4GTgGZMTGuv6eDPgeorGyrd1Vs8Z76m6bRzOk/ZOPISFpwG/MIC0XgGcG
+GYRoEwBVyZBnHMxvPbgfKJ2ua9u1ap6+RMOq9S4G/bjzlPkBH96PTR6oUk39RpMr
+Gk11HPtzxT9Pi1M48sb/tf/pQzNAMG5bTszzcxJPadX9tJXHKHToWJUN4nv4apea
+vNLzT+cGRIKs68ebhHGQJR06QG2KS4l73BSy+VvsaLGcBGqcFMu5ikajJ40hDCQv
+pGDrcaPUyuc2TR8jcIqTIIGpoi6/mny4r3zh2a4WeEWvzXL8WQkpe8N1TmzK/CLc
+iKGJs/Y3gfmpSsEHcthAnXsSoHRQZ1lYfFpjKsaS7aoqTDCS2zPKfiwQSFY6K4fS
++EXk6vDFxuhUzFYSw7os7PPQ5rXIjLakiE6uW1R9duQQl4amjzQy40YUzCoLD2RF
+K2UztPhZriiCmwEGW+e9V6o7x0mhnCGrlZILjb/An8XrGVBkBsgR5ZGab5vTdDuP
+40qIyUMwQZqiET28TnD4+3sv6zmbwp4+J7RSCvBuFsCfiVOmjzBqQeff/GUj4fYn
+vQVej3QET2g/xgmdU8tuRiV7dxBrNMkql4Si6ZKMhrVzphQyvzqNajj24L8IuBSr
+SiIA/U8H1V4kEzgQT0cbIFuRCIlpOWJbLTunKF22U2gHyHGTqtNdmRk9Bv+f87Bw
+0rvUQmBTkgQhbAHFc6Tlujd9Xfc+c9Lgo6iWeC35CIAPw1oL7aRiiyMt5TQk98rN
+qluKybCi6vD9GXWhiNXgRNux/k/3b2zAdS5Hdw6J0ZokLbEMwoEKo1lv30VTXI2M
+UXm91dkANflEU+NPIf6IJWVdgmjmFmYjG3RAUpfva/kAiQoi/jqGTO2Csr9WUsia
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem
new file mode 100644
index 0000000000..c7f4852e9c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 29 F8 58 E9 54 9C 19 A2 91 CA 1A 99 99 62 A8 45 12 30 F0 BF 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCAIPM5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCAIPM5
+-----BEGIN CERTIFICATE-----
+MIID6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMjaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQUlQTTUwHhcNMTAwMTAxMDgzMDAwWhcN
+MzAxMjMxMDgzMDAwWjBfMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0
+aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMmaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAx
+MiBzdWJzdWJDQUlQTTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM
+GmJ2x7yrfem6iySdHRgqYcT8hBb6YP7cMPaItRkU4vE1//h9uAPociee8y44Jb48
+/sLrI+JP6fMT1HkxaKMix9R7PfZyh0wGB2QAfEHcpm9nMLuMamcHLi0O7Mk7vsml
+Hxuc5mO9lt2XQ8f87NgZ8hpke8uCdGUvhydGR6q0GBfJd301D50GxUjbgxtuKAO4
+KNF24bW/sXBGEFG/ryOVZjrdkKSMl20HCID7pj8Sc1rHPjX5o9ykRW1XlhsMvQIA
+a4RzOh0BXm+zYKZbtJCtZrgCOEW6pdqEdoSU+ZybrE6jtn4Hl4FBLb68J+FjfiZa
+pRXmT/r6vGKQGx7zVMFJAgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUHQTPdicHjyI7
+wvSCLu7m3ROAe1MwHQYDVR0OBBYEFBKHGzVn8LyhoDa6FagpGe0am1twMA4GA1Ud
+DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MCUGA1UdIAQeMBwwDAYKYIZIAWUD
+AgEwATAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAJEtvIEyehDWiKJvojD656dbF
+3VkkvFiovYk9B0du4rrq1+fHr5KW5uhKO5G+0gnQAmb2s2DQMWDooC/w9UOzuagw
+kD6Y2GswGG749QOEEOoYBcuU4AgmBQjp8jZ8b5WznQHKDlk0ZtBtO61Urmd5GJ3u
+Nv690xew+zeYqXRWtR7Mjr+vOUU911TgfTF2zkUoY6UGw43qCz9krpJmoQ8Ky9Bt
+cOYXgSHBOm3EtA+KMIo/mmmiu0zxhvBJTKWhAsRpejosqargDUpmbOzj8pw2tcJC
+4K8mBvz6OFo0TEqoDx5LOZkBD4u8EGjSU3gc2Ou6RUL453iKyMN5ID0bRYFn/w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 29 F8 58 E9 54 9C 19 A2 91 CA 1A 99 99 62 A8 45 12 30 F0 BF 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCAIPM5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E8743AD5173FBF7
+
+uGt4kG3TLNuXx7oW+Ytfnfn3K2K4Hl4GjgtqiUbrjv2v4S5/j0p3keJi7OC5O+06
+J2QGG1vrdvvPZVOEtejv2fmEIClvxmTLJWWbQMIx6VxzhI69Qp0gNDvFbMS0T4W5
+C0aPO+tDSFT6HYl0kZA5hNRcCm1+ls5peps8yScgYQVUx5IUoFEYXaPMqD/0nNBD
+4sid+aKL2AsTStQ+9Yht3BNtN38JSFe6oabPNrUU6dJ4JzU7Zu0U11FB3HmdwiO6
+GP3G+vx9YT2bXtbBZAKx2aCnHtv6JWyWQCr7XtpsId9BEmjQdurqQmUoylgzQoFY
+VA/WR4efK9SaTt44FXjLwHdnyMwGX68uf/kQNKUxh/iQhjTNY1uB57VImpCkseu3
+CIJ3+/eL3gQ3UnwvXgLe4+z7oCnvuS7fttmgn3ryCyvXx8oe9jNckUnuVOf/6+T/
+yyxyVA6N6feLux7wBcyrzkFCbEUuLAVI+6XsQ33ctHyBXjhyUZJYW8N/4kOdzX78
+PDEIHQNUtKAUFX1EPRcXeyleCvS+mO6yPQOdVaxqb66wLr2iBoIgZ2WGt+KAmA/K
+wzNZTjIWexl7A+yO/GcCIz1ZK67kwghgCUwFSwCXLzhcy05rj5NTcW5qhXiKkTac
+Q7hIaJuHm/4cQG0XeyaqAkfRjjhsJFVBR0Eto32s9qOMTf0SFRrzGR5UNQgXM4df
+T5w9qEPp/emthhgyrc7gll9asT8sY4jW2nO2kNXIXRZhkwbe3mqdfmeBOauFtH4D
+cmsw3lx88thcfLe8gpYvwHUjfnZ6dVeZTPQfuiSfdffEJkBILVR4VZGanJYpwH4z
+yBM2tsmESHBC9VcDi6SNYQXDJctSFJ6m1XokUTH7DQgFLLqDZ1+XyJZEPvSWCdkO
+QNQttez0xH72eohaq7E+q2oFtAIGEmrF29q+mzcTQwna8sTN6I5M6J7q9yE6AHgd
+y9sVbllmj+pwDZHJfqsjf8xZsKIgxB17DAwfVk7t+1emJHL1V1QWXw12hgjx752+
+4R92j2euAHCX3gt/Ua9Xzr+la5agV6axb1PnzWrMbqluYygtQ17yg8qo1g2x8ByS
+f0Rhmq7dX3ekT1jkbE7+JMYeUHejlQufss9im/SKHYJpDAJSXdH60qD5YNPIof9+
+HSEdS9qUAUmDTz/v9RrjvOjBYOrqMfyBrmDJkJ/Cj7A0jxo6thJ1Ojqequtdc+Eb
+Xui8wl6pPbPLnYRUbduzLPOh1G1drzJLkzLpHPsK6RQ7SQ1zrZ/H1GqN29q6H8bW
+Hig2GWmBxAsq1DkHS7EHmshdYPEQzV0875VBG26dtIuob1lNLrYC/UkCieDS29GS
+cpQmcSiCZpI0YsJge4dZsuHQrdSMd7n4GRxHxycpbeVeJOCvlbdmZv/A+nesjFHz
+7/5tUxFa4fAC2lXc1JFPlPHTYcnj/otz3XxfMfBb8YJfrypVGjbkolHTTRQ47kSW
+gATt+rys1HckOsgUOe1+PrvlkhHFpvTlyTppZNPo+Jt5/ofMKgttoFN87xqwf4Eq
+D+KCBH1oHeZf8/bJqIzqLpUomgyJ0jM6le1Qsgpe3TOR11ekjf6m5Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem
new file mode 100644
index 0000000000..01c7e6c429
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F5 3E 9F AA 0C 16 6F 7B FF 9B 61 7C EA 2E ED 6E E8 2F 01 AA 
+    friendlyName: inhibitPolicyMapping1 P1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBOjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANNzchiVXFu3PN6VHXl37Lfl6CWd/nzabFywiheAyXJQhKpR
+ijrhHUNfWUFZpy0s9LcXQCibTwAXHTvNm7bEsIxP7bZzBIxyJXkrNMO/OAm1xGo9
+JeMfADrtJWXuLzLyLs4OZsmcjMConJwClu5OoHRu5PzFM5UPg+dLdl8P832Ug9ol
+Cmp+R1Dh2euZgbuiLkdLNdy8COfNFYDHAm8GoqueauaPUMWMH4G4GVTkKsvB6zoB
+yV5HN37kek/vaLbtm3RjCu4Wp5/kmjbHMZZqq3/8m8FGZykna9s3vVEcTPDS1A5h
+hkzKi7qaqirbvBFzU8LLtf8kgSGo+aABvGTU3OECAwEAAaOBkTCBjjAfBgNVHSME
+GDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUvradvSl/GqHZi+Gk
+gGiDKK1K8AEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATAPBgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQEwDQYJKoZIhvcN
+AQELBQADggEBABSJW2Z9XMCKoB6BKyAvE0tkrFt8XNnIHpUZDJPUKA75KgTSXXk0
+Z+/4YjCsbY3N4V2vYWIBRbQDzVt+ux0E/flUUiD7cXdutJ9/EJgzZurplxbtwX6A
+dauSywWwlpMrk/l60ICN3yTfQSauljnrsTcKe9TqYptyGgSxxrEPXXvQ/gx8mKhI
+Y3PERCuZb2WYzbYQ8cyJe7Q3HYLFuEWgTN6g2ZfCRcu4XMBsmu8sT6rNL0U4OOU6
+ZFXZC0EejThj5NvNPYzmn1ROfgZvPYrNAHJjQXcCaMBN6odbLkAKYmGaKRMkCUPQ
+BS+EhzDfuGxj2JFbH5mkVGfpoLeXvS34kfM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 3E 9F AA 0C 16 6F 7B FF 9B 61 7C EA 2E ED 6E E8 2F 01 AA 
+    friendlyName: inhibitPolicyMapping1 P1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,02F3C17E34F9B24E
+
+SG8hQk9fVXTK4pfHRIV1+txw6uiHgpCzu21ObNqKL+mJlQh6qDsZKRcAGMlCBZH2
+k7lZkvPLBQNU9k0DZWPVy395+vmg72Iz5J2YuPa8S6DoC41CLgcIsAtZmFEOz/4d
+/VkaE+kUWVEFCgEu1gd6+dziqEp8nVdiRxAzjDSzvxn+gS8p8XT11vQDw1izKbvg
+Q6r/qre3c0FERgJHoHz6+T6Up3+YQ+ZuDIeYXGuhSsnM2EbF7twB6zzWxZM9OOWs
+EbE7V9IgWTrpImtJfrWqZXZjVSAH/pxQ/zI/23y9cpRr9qiNhmv02yqKSUJHYIys
+oPfmG557/fas7N8/2kqrm9BSd83IeQQVgL1GEYhU8Ji1RYm9aftDed6O+HTVzree
+SDWrggUjQrFisgBasXlLanakJm4ALN4hQJiFGbixZ8eN71ZKh4+J5QzMn5QSUgkY
+8e6rW/Udjq7+vgPVcX0++UziJgQV4YZMd1Z5WCUy5SXdcqM0flK/0l2nF0VGFywz
+ShT2PJltiX/b6iZlu5HKd2hti5R2VVgl5RneL1QxENmdploSk5aPCgvd1iX/ZUOv
+l2LmFEiwFStXI8oRk95wCOmmTvvWl91PzYw6SwurMQZF2SRr4CMeIwxaZRJRPImi
+TPbYPicxkJ1p3wKWMs/Ph+rxAupWiYBkCR1qlpMt6dndc9ZT5+yj1G2KWIrkw3nq
+/LS+YpO0ZRKfZSSQlY9cwlc580Vm/aVPmhL1gc/I5puQHIcvQ6Z/1JY8SQTN+t2I
+7IjhwohoismKcp2kddPxDo/mbFakSnIJ+XC/fkPeE19Z+R1zM00i6YyjOLIHbybg
+l9qlDjRRrKSKjiMJacFo+X49HHmX6A+OX5Kr032GQDDSawpkPHGZk+Qx7Jvm5rMN
+Jjr7EgbKO8ejJOXVHNkCMEsX1QAKC2ltYjMK5pkSoAL9otXGwnuvHi/9UvzWhd6l
+yj3b4REJ+fXpNW96QbfLZAFUY2bi30Ov+yDWPLXkcR2LZaEkJrTPuliBDAMCOGk1
+w+SvnJozmiEfOf9FSD3vnjN6y2goQ9FRhA+6NyaUpp2QrOzbaWvGH2MIH4ESHkvZ
+t+5IedePPbMynKdS4CXVVBX6aT/SRwDPuF0RIxOmcEl9ZB1zLT1D86Od/24UPlRI
+HkWslMjNZEQoNfGJBczu9AZqZ+rS3zStlewxl1drwcDg4FuInySgMsdyM9CQInDI
+j2ehA/i8O//LsJPRfVBT2GwGtl2m288If04hTUg3oLHse9p6C2ZWejN+U4/8xz/r
+Sb6ckHVZ8Tl7gelC1/CRYxbvyO9ac3+LJ+IZSHvPDHfImvIa9AEcACFDWGyPxmgE
+90xK7NkZRyKRKGzfB53n0jcYL5oReezNggtHVwrhDmTUHJurR8R6cB9jAmQiTQG1
+uBxR2HoLpRGovkEy7/kNAzo+3YCUVeRx+qfeVV14SYU+957KF1PZ9hLkPN+G9MY3
+6EnaGyU+w5Z5tUc6u/eT9eGlUXz6nlvSXXZJeT8FmAsiIpwI0GR9DvbU9LCBm9+Q
+QSiKrsRG3exdQwj5NLEpdkv0tasTH5hI5euev5inA1+umbfcd2kW0A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..4c966d02aa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 08 C8 4E C2 6E DA D1 4E 27 3A 4F 14 21 DD 04 D6 FC A4 4E EF 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4hFAK6xYrGnE8mqLy4jasyD6TX
+qUwILdx9MxRmFng2VFoARl8eHjGWt48XdOqiGyALQ68aW6WIk+AZV4YAFWXlSdBy
+QWTCTE0tM0b2kJmxNIqbzNMBdzRcP4yPHaLXSPt3AYZgeHuG/zGBDSiCsOwXZiFB
+sl0o8u5wTeqzpSMEPa5Zs0cN4f77npYpcOsAo3r5WezL6r/nx+oj6BaA/qI/M90Q
+xGzA0RkG9p7uJUjemkx1g7aQaUMvsnXDyXOdpzAslQBy191evT+sQ4D5pabR8yFq
+vtIfkeQItwj49zXso9CZppXohWRC/HlNw98aq1bcVWhMwLkm28lR9Fn+KesCAwEA
+AaN8MHowHwYDVR0jBBgwFoAUvradvSl/GqHZi+GkgGiDKK1K8AEwHQYDVR0OBBYE
+FJfMQl7X+BVEi7OXUZLdbAE7IRjYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEAKPe/EX44EHfBWAevfNDVzkd1uf4IuCyftrKHY18e+ikOZOw8KXzz4SzcHus9
+d/TB0z9iPL04fREfVICqExRqoH0rcMxxJ8td4eohoEKVeUc/1WrnH8KvdeOTj1vW
+npG3Fm3M0FHoLZFWQpbFKEUowu5FY5GgGPnnudUzxCP2A+6oXxDAhFVkzZVAailF
+tDrPT0BSk9O1/v5DCmfVsAlFYwzXRzddRmjiiLh5Tb6Acd2uJgi1bjQCYiNbZx5E
+gcgDjHuYzL2JBihShFLtFzdz9OtyRwOrsgMvuKR1erW7G9OvXjDpLfXXnFsXeH5r
+5D3Y/TMQa7VJlW08+WlEYc0wcg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 08 C8 4E C2 6E DA D1 4E 27 3A 4F 14 21 DD 04 D6 FC A4 4E EF 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BC6242706B8E877B
+
+ln7ielJePx49yvzKHZOgOTsJd6dUPCs8qtjyKZCyuHD5sjdJOwkekNrKj1+K2Kcu
+dv1MdFeUyu9VjApXC9P3BXcnloAvMcHWauwyRxi84fD5MmxNeWUWN/JfD2EG8gw5
+Cnm3NdY0eXVOHtXfrCb+eUEoWdaJ7rulGwIxsBejZwUFabHEyqfbygk6laslXZqa
+95dWydtTC3cv1YKYG1xFP7O4B7lv9QMD0/+Xmxye2Gzok1yZFDkc64PxVZZybvvZ
+G3e7ExI3/Zwe1wqkEk8S5C/B87pijHUio1C6dQ8vGQjrXBTyO2n18g+L9lBJQKZf
+gmCt+ojycntWhSa5e8o3sAD2q6EN4brEBOLvK2SIhLmGOYzGTR4vOnBkrGqtux6w
+u/am+SPBvemRwsAcCIj3cAZeOwZUYtXhOKs/ArGsnnCAIaRgL8T79g++Ur5BwC1z
+547BEij0VSDY3RJChpuG1U2NoTqMNTOLZqa1/n6ti1qpZL2VLZgW/By4MHNPv7TZ
+6WsLQREyOkM2PNaxtBQ8sXTbPKcRg4hUJ+rO+65DeNPGtugfQh68MPHMj+uBp93+
+4MqtVbBS3XLS+XH+f+O3YIFAXkYybYUjxHxWAahARtWGBAHHE54ImgiCw+c8NOc/
+uXDGFGxXGA/LUf+2/QKUv/qtEzc4x0JzNpKbUCq1pFCcWMSm/LeK1QOs4QB8WKcS
+7ELBeywrQtM8TT/lfgN61KKCAwknjUPutrJGZxH0snTHOUCopc1lVOQeJr+w4NdU
+ahM6Md3pJCu8G904oiNN+2Xm3EHKFnfv+gR9J2FWnB20hVL8dZ3sgqexQ6WAVnc2
+1Zx8IFVEw0XO2AW6AZC/Msjyqw7JISIC8v9j73qoN9bSy4aE22gpcg/IA/WPaPOp
+XA14+xjxBL6A5UcrDFukCp1QeKYrJ4AXeNq/UvDhdQW7BlHOBrg5tWxFArqWA4DN
+DV0nnXDArggg0aZbChbLW/YGD4R+6vjqGoI14TA3rnND+r9gZmSbYB+GiNpYO8j4
+dXWNwI/SJAv4SNsir7AXlXwpjVtTjUN4o+sh2X2IhV+3K7jhwHoM+A3ygLYCaAA7
+sM8EiLkvkKzFzDftnAcnW5Mj3PPRbZ3Acsh8e1/yiqwkO9Ovz37kOFN4RHRJzs5l
+opYMn8zSk/qkJs2vzYcAgDbWKrX4LwBpAlNGjWE8MbAmxUAAgbXts3lclIVGVa3h
+1UKR0ty6x/qKZt2u7vlBU4Hf3civBxDR9+H3qU46yD546UGLg9XNNtr/IpwBaJzL
+1WxD60Hx74KUnfeyLDGSLADyF7lPsFGVrDFKJfDMolVHxn3is048VH61hrAmPLBr
+IASbeiv29ULIEEHLg3hmpctcNlWvMy/BwKFy98NUZ6Zz7w4qvh7amjnpC/A1jXi6
+KGKXIygZLt4UbVnVgrc2nfxJ6r9U8g0CsK/Ddb6v3LBfkmjbSEnBCbJlZxmLNmXF
+f23oNRN8LXmNwUnB/OlXsujC1KVsWxigE5kMAGIrHK9Y0lpGaIZpML9hyCb/2P43
+iDRxEpPct/0im+mueQCfWb5gGSmO3hlORawuAM5RKcZquHWQuptzNiR3JgJUkyRw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..184d03f9ec
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 09 CA 0D FF 17 A8 97 A3 CE 61 0D 28 9A F7 B2 3A DC DE B0 CD 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIBAzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu1zv/j9hUO9KsCMtIO
+6fmdTyGxvmTo1iBnDYkOMkunYTqq5hxL6QRQbAdpgTYLDF6TpPEl8WwYd4icjMH2
+jv/Ddrf1U4ep7S3cHeXJv0i40BR8f+UOGHv9XCQCZPWV9Czw3tlLsDBPq6epG1Mx
+U+/LOdd74z79dTHmNqCKLjO6fGogYqSin2H34OVAABxTSjdoWYFe+myN0RDgsO4v
+y8UZb+ciM1aPw4Q0pkPI1tBkJVQlFdVbVawrOkzSLUisQtfbJObFMTwKaFS2JYr0
+GWbBBhH1IS4dVh4vktIQLNMCpjkTLvoFVO9KH9VKnZzW4UrBcvqbW7zrkKfr2eD4
+pB0CAwEAAaOBpTCBojAfBgNVHSMEGDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaAyzAd
+BgNVHQ4EFgQUWblsZOrzrpbqtlFcJY87z+31kw4wDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB
+/wQcMBowGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOC
+AQEATJR8hHpUS/Em9JJ75jdfOIOlmBAgjtQjqMjH0rZm/h/X0whS/3ElXS9qS/3s
+OuhFKeYAaSa+2nvKvqHVmeHRSAOAKZHz5AZ7vCSikh+KR2FxMp5WM2cqrwj7q+cq
+d6fHaRrSbZfPQDMu/rBm6j2wYLb3RvzuuMFpEkSgbbqSNFVAmZrLfBsP20yy8NLz
+HXwInqwU4lI/02ekuywzm+ZRdvDPQWt7RxomC8KWHR94tCsFtltZsM6r+20WKD94
+7+XJP6fp8KeLFQkDlSI3EEaBGjVJwGFrrJ3GH0AkB2u9iw0+G1IwGdTwn4P7tu8L
+UYwi7y/iSXXcEQaIQAdXEPHVnw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 09 CA 0D FF 17 A8 97 A3 CE 61 0D 28 9A F7 B2 3A DC DE B0 CD 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4FB634241EBDE81A
+
+KKVyMfvbouesNkPhg2EiIhzc3jKkvZ+wiW8qoggxoO2k4Ec6ojnWI6KU8oIrFSqH
+tFN9d1EwQ9xe/U4JSDJNEKcABDZVITx9a0RvB8KGBy+c9Ffnk6gjbNWu8f/msB+e
+2GDqjNt4cE+Yn7Md80AJ6HVO/iHbrSJAaQvggZJMKbjuPqQSUbcX6kbWA0DylCED
+14Eoju8yYkgza0LM/TZqlW/1i2qXRfQeGWIJ2hns/9OD2diNjxRoXtzTd8P/VV+h
+2RAIdqj+ePWcZxrzSARa0aH/owkc/z3Tucw8IoUOHB9+ONrbHKGGz/8gggAP1uMS
+Mbdb+xCsESEUn5fIsSKglrzLmZTlLtn36MdIrrg4DVQOzqFgr7PeJLvsFk8LMA2k
+xWo6c5RyUlaKI/+iyVX+OIUVW5gONFQzmitQ90tKbcqiMhaXP25vjWnLZH+Y997D
+kc1myhBVNb9mQVL4E0D9MvDYMb3AqzwY6262gDDomV7QkHcVZk3cwjmCAy/zbKVF
+mWQ/VGlhX4bGTWVjBwIEmUqCh6mNfsG7rnel8VciQPM/aS6vR59X53x7feYCgXh/
+AJ2Sp7OMXEYVn073G5S+nYuyeipYka+HxjE3l+4H5G9XGs2VSVU7kW0AegzpwB6o
+XE8aZilMv5d66BGL6tLaHT00qPd97FqmmAwCaEBWIHS5RtnD9OSaOWmPxhS9DZw+
+uoDqxpmfLa8uoubZ0InqaRVS2sdYwnxyXc3dHaZgb6wvCpb/leqYKLYSUXn1unfO
+Duut4K2US/LTdaQo4Ezw9PFv7BwnllBcYJ77NsM4t7PAfyl0Swa+xwyLD4fzVr4c
+M/CVi8r4+DjIS46kbTWt0cbVB568FKaoekvixo3bhwNDx0i6RKZLy2SqNWaFM713
+xS6JgHV9BNPaSvtDszQViKglfqBDZgX5gyv18bnLgFmGbP2r9YxbiakcxZYiGrv1
+qqJx27671hc2QR5Alaysk8LImwXSYKe8NFqP4Dz39ZcvnAMrHtpeJQaby0VZpAJ4
+u0dNtO5hXv6D0aIl7cETYtDi02hp2oeIA9yfXDv64Cdw0hgS0YmPKleu1BlT+6+F
+lsTdq8Z+xCXji+45Dioz9wApozpJBrSEQ/qcrVykbNxxEml3dfVyptOsVZ7A+3xi
+kZ4zer3GR+ZZLxD1tW7UCzqrkQg40+F93Nj0kKRGT8DcixHgv64IWXtUB7U6O50W
+x5DnmkR96YMC3Vn9MQrICferdTrvpMTo+umjxDwxgXKh8+2G/2/eXbER8wTb8PZZ
+CECT9ahjVrUz4uCrl1fnZeYB4WVGlprgCkHWADw5KwQeyMbBma15jj8lV81vRnlZ
+Qk7DT/2kIURXa1R9JswyWD1UII2GlHkiE4qjLAz/koBNRpZwdwiHBbJixlwIm4t8
+C9UTC7VwFASKmmqIfLf0dm8MMg0AgswCLIf6WayS5PexHdQWlRfHYlSUnGsxkj2K
+3UfsycwJmgDHjt/8xCOBbsFoPAER4LR8A00UdTkJhvM393ziMjT0YBEkDa/7e15X
+JiEvN0KKCLya53NGtTfBQrwPRSId0dzsBu93lX1GwKvFd6VPQuiNxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem
new file mode 100644
index 0000000000..13b4d54815
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 32 E2 73 0D 8C B7 F4 8B 84 42 B1 A2 EE AA F6 00 7B 9B 98 56 
+    friendlyName: inhibitPolicyMapping1 P1 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO2x9/hMwh7GCDcxZx8y0j/4
+Ls1Qow36ywaMPWliQ8ql4neUmZciT5WfoY2u27nmkFA5HiBDGt8NMEd1dJAaEHFn
+luDroslPlbh+1dEhl744TWroaGCXETaFHFNY3jPzo3XVU/Q+Yiy2ftK0ZzSVaHz3
+Oqv52scuXm5hgFHSrt39qoJXGErlZ9S+x7t2fFnfAeO6q7evYgJQsF7yJdbNQCfs
+YnBfz2vFvnPwIXGEmf8aNrO7qgcPg1J7AlKZ6+3pYEL4bLuwUmtxcZyfT5kKKxbD
+Gwg/iHov9K/5X28xnuBHpTmuRWVoDgB3kgBxLF/ZxXXO9Y1Iv6k+e3uAsZpVLfEC
+AwEAAaOBpTCBojAfBgNVHSMEGDAWgBSXzEJe1/gVRIuzl1GS3WwBOyEY2DAdBgNV
+HQ4EFgQU880HP4Mw08cCYtrmymwBpbG2gMswDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1UdIQEB/wQc
+MBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEA
+WYy0yUE7kUeVqhHdNJdc55+y5LP9BKcz/sa8l3aqo7RjKOmj2cygt9B7E4DRJT2S
+uot9Gp/rHVPv0cknQ/3SDBwYtHCSKV3bB4eQp5nCiMpWaAWXamUTNqpY9qEOJImA
+Ctg7bNL/t46eGOWhixz1wUMDMGGkS+rIzf+UJqHOBAUdkEjP8ouUWBTlNsQrwFxc
+x1u1GiuxWPzIAIjOV1xtUPSLig7Sv5uQccmf0vHh2KkMtO+1dCoTbV30QLWvbVwz
+wzi1DzPMvAWqTVXwFQrYev5mUh4XJ7wMXHp5WW49qmdamQeIKImxzIsgHaVlKl2K
+eFX6REWaJ3Sv+U7KJ1eaqw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 32 E2 73 0D 8C B7 F4 8B 84 42 B1 A2 EE AA F6 00 7B 9B 98 56 
+    friendlyName: inhibitPolicyMapping1 P1 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A94BA885B97FE142
+
+S1SX/VDCk4XNa9nge/MhmELKwJVJVtvawCipA0EfJ1mAgTlP8uyazqM8M2h/5WsX
+Elc/V1NoepmdEHr7xbj6SpeEZXEyVlNWeC/OZEohSDK5us4U0BxrYFWe2d6jlXTl
+8vLtT+N4PAZ7OazRk2QRZASxaLMWbVU8vLSKGSjKYbKVTuuVv6mz+6GkIj5/4Ys0
+7Vmhvx4ujwY0dwRdps9SgAPTp3E+VIn8Eu3D27A92pBCvD17wFjSTg1YosF4KVDH
+SEiqWfCfoXtcxbCXHl/6PIcK8/GTFQoeOD3uJiU0f9+2KcDT8zAV43IpodANHF5k
+FAewzywN3svc5TYfaXipQ0L8eAerQ6qRH+naWkVqNrZN5xFCWfhnpQOboKz52EWq
+lCIbQlpIiOqi6os/TotmCYbhyOrpt69VMKu0LzlWcq8Ohv8ZJdulfiTB5yCT3q+d
+1pT3wS0vZRbb8lw3Mf+hpa/L64KWX2heRX/m2mX8b6y194/oCXUX9FT9VZBFsFip
+w3sO1AyuwNmAPkivzAq7C4BhJ2lJT/cGbXi4L6DV8+JFIp/+DBUoZg+GzYk+Rdeq
+2p3x0M325ZkY4XGSuj2t9irpZ5wyh5gQKC0xqyr57QuzvEGoG+/hYVUInJGBu0BC
+YUdN0wX7HViHp2YkiF8btWLGx/6OXdVK78ZqQ+w1bGlB3ikP+bSAkDLMCBDY3GQ2
+x+rLoKmkr0ULnfYPRZ/CrvqO3bg/9Rn8rEfaeMgUpCWCX2mNfs7I2sFoKiqrw58B
+eMn3SceY9uB7ZOeH2s4nL4NoD1Od9e/oPylbceZZQUbcVRCOh6vmGbU6jCxT965a
+DEBsaIr0SnszSIEyUWU5+1W3jqeoNHwoNtiVvV7roiylebdfzoZjXUcpwpbcuiug
+/RnyAF5AVYnQrZnHEmuEoZrJWxjArUCGMxBqvVU6uk/O2DarYCheEohOB/J8FnV4
+bZoBo5+ftiP727oohqWyZQVH4rOCTy+EEeoZJ/FqeiOFAyj27/EBFvSdauG8p9+t
+mubRCfZmZ3qb0JQgKwGZNE+siGwqAP3a2vwwuSNGxoV9arF+rdlPd83zhf5fI000
+yWwtibohYrfPNzl/Zjlt3NoFJO07i0Lk/n4zp555eKHLw23NLz7WrPrA2L9Te0P2
+YQl5K5afFPek689IawcqEEpYCxhPwSukjAeUB+mdgCadkons5Ks4/bErEH6UVwGd
+S60zF4w6C3hzS2xYg3s7eJ+ek3QK5c+8AORW1T2xXi9xGzLnYbwdEZEorbElRcxr
+EbtTtf7Kf/r57Is3sr8Rgyatw2LBOjSOJKKhaYE1jMpJjqYz4xhGkwv/EG6+Xiac
+eSC+ZvfDEGgdr3hFBJfgGnWfEAUtuc2viglGMEQqkQYenV2Dk40hCrJoT5FIFcIm
+lw4LXHTj/T/eZ6c9Ki6YDLvChNTQ8hbIDe730u9tBcPk956sz1wElXFmAlpX/0tU
+ZKrsugFmJxQLSkU2aZk6kTXTI/55Yi5bmKiW64ew1h6E158AlweWSXeOaByOxYGc
+VcEmetuUsth/gAA8n3xk9mKEEGUex6tz/WFp0Ykuaiy/KZwFFcuPzg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem
new file mode 100644
index 0000000000..8f89619aad
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D6 93 BB E0 99 D1 0C 29 79 23 51 46 9B C8 BB DB CD 5E B0 88 
+    friendlyName: inhibitPolicyMapping1 P1 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowWjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJz
+dWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJrQ5z0bfU+HR+h
+7+Rok9J7y4aPRd50OEgl+SGnwBLodQ1xgyZUhJgSbIeaLCw5uYUWJedxh1TQM4Fg
+RZD5VIMFpFjIu4xg0mRXm+YomjBkF2eGCtpgjRjbO9rbjVxj01oQmtE+595P4OFb
+zXKXkb9ilbFvz2zVKJ+1aTENKJd9jB9STsNz5NTKVRUSr6WF+gn8HJofrpsQdZVO
+qQOk6GAB4FK1/0TyNmywGXWkEbM1WJeejSnHuNX1gBRjlCorwOKP5M/T5mT1KZUP
+x4Fhk826XPKMxGvC4xKNfpjlmgHGH7LpsSbLv+4UE0aGVPcKbkwx9b7W5Ot5x2c9
+urn9WnsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaA
+yzAdBgNVHQ4EFgQUPkV0oovS8VaMRgFmeHAkxiLBA54wDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1Ud
+IQEB/wQcMBowGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsF
+AAOCAQEAdfivFridTE3XIZBYeomP2Heqj4tX3TiDbCSCOiIs/608QnZS7a0e1/yl
+yPWexV2WMAOv9HvdaQ3HtejZpBPvc0Gmu1M45vCdjQC/4/MWbtKVl3buBecRcWZi
+z9sfajKhlZzXISyOp9GjWfH6OYtPypj1xMvqIj4NSEu+RWyavJzcVIZtVWiUBGQc
+zR3jxgTs6CzWMbXFe/dHrDzdBbtLk6Z647Co19Cg07I4OP21gQB7nombxlv/EHbb
+BajVkd+APg6NNDCV+JgSU3XXQpTGiSx0J6P+39FrRPfTJcdUIIfSUoxuTDVy4Uzj
++66fxMiAaaII4phA6fBlCj2mWvBr/g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 93 BB E0 99 D1 0C 29 79 23 51 46 9B C8 BB DB CD 5E B0 88 
+    friendlyName: inhibitPolicyMapping1 P1 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E84DEAA45F984BE5
+
+GSWxcCybzSiHHOwi5aT1pJBsDZd0IebePQLoR+4gFHov2csP2F0zMjhrDx24Clcp
+8s/byesoyeSWgn7yr6liCI3iNzs9r6fq3soV9tQNJgomToj8wj+oUX9DHHaE5db0
+Q9hLUCTZR9PxdSCu6vgk9U1+VnsGTpv4uWSOUFWI24ldTyTn7zoGSki7LvUvZViQ
+hc1vtILHMTFjSQKri+G2ivUn9TA6igrCn314jSLJwhoO2N/7JCDEng0rqZ8ny8pp
+JqwAphYo8HMR9St6sYsL+78Yk9fb6d38XaVtxUYLTyzdeHIRAuK40ww3DqckjVB8
+5JZ9yq2d0F52QUZNO0Xdt3MCjFi4V7ihl+g324gQeopgyQVd11h6AO7TvCpadb7g
+E9/zn87b4JOwaTzLN6JGMVguuuN6k7u1MWqKzfbZXV7NKDUjK7yZFPghHuWBPieM
+n6zEVOIFHW9LyuU44Q/RTpJNoLyAjs5DNB+DG6O4zq8TZvIi4M1tikgGUDsSowXm
+5Dsm3n5+KkMFj7Y7rG2ldncLOUkr4XdNzXB3S95NC2Hp4vAfcwFnz158fO28gPHm
+jPdupJw0BqpRILLXbVmt1smeZT3Btb1QhCqVt+gZqhrNgpxf8RZZ1DCAKs8/l6MH
+jpoX8LKIrOrZowH9ToHN/8nt6ZVrGVsDG4QNP6Z6fUNV0NKz5X4w6swB5ma2Hw7v
+PADh8ZaPRDi68dmvDbvlvj1xJWanE3BD9UM2GhY4fZXGiyRgLsK32jgjWcY/nm67
+z9IYK8pkN/hQYXz6WkFD3UfxYDnVL6JJ2K3RJW1Mt1pJFfaoBGi8pnWA0cnz4Dgk
+lUypqvrp1TaXtu5F6nz5DPA9sP9OfBLr8y6A3mAJTWxyeknSmFkWeIH5BIwzMo3P
+F/Zycxtj7bGUxOyC5jn1z0BFYYxOFs7WxQusQj84slRPu+3GYhIR8EQ2nf2lGIMR
+NnkzwbsxeFTkyfGzA8cmASIsn9EqDeK9h4DbtB3l1zCQzXsTQPi7mqlsOxu3doxl
+UKbMHAM0B4TodOSIKZCyQ0UXau/jr4ruZ9Usz6fknYg0ELSOxACK0Gnhk0UmJH0N
+uUOWCz97o6e3NFdbOwMIChD++T7uGlIK5zKKi0Ti8/Tyc7KIzI9zlYmilypyuDHE
+geTgP1A4mulJBRYRjHV03Fge5RQr7wjuK9u+tUWSadiR5D+qSmHh35+slaiHEsnn
+kDKisnWI60GSHhxx18bUoRFMIUfPqLwQZOL5uD3ruMSCf33ynQYws7icAlI17IFN
+53aevB9sSuLPp48+3YOlR5kd2BD/bARvOudGKCaDVwLKhe1n7opjysG7S6xduIBe
++6DQwte1SaKp+rAjRDErEl3sg0mLXAvpf1WYqyTO6BQbrRiTUaUzepSiIgYJ0SEE
+U3de2hcTzqPM75Iw+7mhWB2TY1M/zYzIHkh0WwvcDTj+x5oT5NEtCtEUxDe6Yuz1
+1qRVcw35whQsHW22Gs0mdQ4/L+1obmfTVgRM2U+VsqHfpccklrwgHl70aTbG1ozO
+v9SXcBVZqPvBdrWmtRXq4SnFH4a2gyq1LArJw0hbUADFAa56pze1QN/fN67mtjyQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem
new file mode 100644
index 0000000000..92576c4e23
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3B 9F D2 7B CA D1 78 89 5D A9 07 5B 66 0E 1D AC 61 F9 27 A7 
+    friendlyName: inhibitPolicyMapping5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBOTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGluaGliaXRQb2xpY3lNYXBwaW5nNSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANZnJDHPYGmDlhnjbX2Wd8iDOcwP3hJI6nYposXyUdQsXnA2DQ/c
+hTL5jI1smsPgXdS1H+s53Ii5n5PoaaaXR3uRpgyf+T82oDL2NcWlUhvPwPee/Oba
+mum7VeXYik1Itp3qDV5GJQlRLgpu8JN1Zx8v8CjvPUbgQxgcXpHh3tfSR+YEywzd
+N+CbKRqflBhroXmwZQS0YMU+lF+qbfcVna0PoNjisg+LVT/uOvrskOVibfa746r4
+HouY3g/mCBVJVb8+4YobezK7ixryFmUpiO1p9F8onRuB7a00ZBhtIHnT68+QU50v
+iPWAzoBcsLPflYLR4BTClJ69xaFlNbGh+EcCAwEAAaOBkTCBjjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU24AHuWIsxcP980PiZlEl
+u9v0HM0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQUwDQYJKoZIhvcNAQEL
+BQADggEBACAu1zkxR7sFDb4Yd7WMY2PuHviiAZVkYql/+rS9nTHFxSstRbaCaiUO
+NhjeAVbZVGNqlbvW58W6OU+qXtv8+5U5rzJjAAMbLMklsrJnjyyntaxXZerbdh0P
+RpIv4DP2mAmSCDH9qR6sJ43iHpvFO14CQNUofbfS1TYIw8u+NQGz3UwCfmMrQAqY
+/teK8hMdEd7D1QUwRKBSi8icsPQiAdlVB7JCzSASaqIn/sB1nCwe/sYCAUdydfmO
+AMQGyFymSavQq8WH9QnLn49/0yKnrJxgVexq2a56XDDiQnxPsVuXYr8uuNGPH5j+
+XlwnsW2fsDoZawTjXr5DCStBmx0tnQI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3B 9F D2 7B CA D1 78 89 5D A9 07 5B 66 0E 1D AC 61 F9 27 A7 
+    friendlyName: inhibitPolicyMapping5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,681F6DA8CA9F5D21
+
+5kiDnMKFXJy+I106E5Qn3QOH9eFCaaYnlqNwRt1ijG26AfhzhTlvt8xaJhH3f+AL
+mQCKwrndrXbfFMAYkyX5sinWOtMrVEgOi4WrUu1ScKWhChe5V/GvdOA3zNmImG88
+jPat/pQ5lTHcSkX/NhQFwdt6IVBm9kL2gg9hR0aP7hC0t+XQP7s5IgZXvvTCk2q+
+CAE63hV/FwVexXoCmGxS3DBMEjAl1aUOXw3nmMvF+I4FPQShXUXTiRbtmPzdFSu8
+d8MojxGYBs1Yv3yDTTdtdA9G7YwNCwvqHCivMK0+Iuv7nHfB10ObKKQRw7IGSL04
+7A6mv9fBhWa4jarUpottoXwBe3NYjyEgqAshC3TPrbVJClnBGt1GRQ/m4B7oGh7v
+2DzLz6grkvcMjnEfTs9E4qawhwgMQBoP/NJ8YwXgqsGcBeDd4PDIWxSaNqkhtQdV
+j1NNZm2d0QoBc6mvFdDCYFWX7ch4r5NEZ6mryntZ5+pR+/Aw0YxXqiVtjIM4n6YA
+KZ5H50iikxwViZn4wnKOgoil7Xc3EwWvcJt+LBAhUGWgJB141UY/TKx14QFDh9co
+MPXrxkcpogVNCgYLXnmubicm0HPPR0ORYU3zG+dDaEPad23cWAwh6NNegModbEHS
+GFlDLHjLxQHAWY7XpLsLti90wBauyhE4zNUQzXTZc+0JrSYm5HE+pOBb9EWjjBJ5
+a0Wk2hHpRvz25Mk41g12qWg4RnmnW86u/6LjhXKy8kCbil2A3JXTRJE/JmjPWTzk
+2t5FpUq/Bcbl0WT076ROvMpk/n3SI7s1kW6tlw8olCzKBiDaN07PXcN5YtYzmZ8y
+W5ySTvj2W8O1VseYYDPt9B7V5xM3YtsqF59VZMmBQgDpoiniVb6rCxanEE5uJdMW
+aAextRiZE4wqzTbqh0Gjip94RADi7om1enxtu+X0mxfAC3JdVSYdI49+f2n57RvA
+sxzFMDEe4jSkFctAy8pjY/6fZN7m0Bpkpzy8g417rm2zFexND1bZONb/y6avXluL
+r426EEbORglcCaGjiakh9XHMQcjwlPhDPFjvI4JRLEheEu32KbNT6d8DGbYDK5K2
+934PMAkGr7Lw4C7ofdTbWGZRy6IWe8S2RjD90C/nPgNcLTPIkLAT6qVL6NvMHck5
+v3hivjsRaJp1lXUJn05+Goj9CVRwarg2JGU6jGAhkeyFrLLIMh9MWqI8rpuuP58d
+YIUCp99iSszr2gEIs+RPUavpbSJQknMI+ZtDv9vWv8cgk7ldJxNHvEFUldx8OKNO
+9e+lwy3ub0gLx7FNtcb33Do7ZN+NYLP3UwKXNmUADCuBeBmf0XBQEypzu9vPxPEx
+2CBm0Knii5ZdPS+hZ75uxkfktoQvC+z+pSuQqopYCd4Tk9ryrn7h2FdUm3nB7HYx
+bEdZpfhZiBXPkFZLAmLXuvQQbkS4eJ0Pq+y19hU6nSNOM+6plu6pcm9C6nb1HP6J
+m6KrTbH+mP5DUtsUvvdXOHu1IZ/8MRc5kvh/2VQdTPXyfJ9X5HtJHxna4YtKqBRW
+rrLEawQXeBcsuO7W1D4uYTtxGmsLWFf8OWLmMgCv0j/cLxm4tEpj8tJ20E6cyXLs
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem
new file mode 100644
index 0000000000..c989d48344
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 11 16 78 91 AC BD FD 5D AC 0D 8E BD 30 FE F9 C8 AB BF CA 4E 
+    friendlyName: inhibitPolicyMapping5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALWNoV9OB/sGpzCATKUhLi110SMZVvGR
+btEnF/hkxaUlmi0foAiK1RMgUSmdHLYhKLogfjVJZhvSLut+OECEtKZTYV2RkNVm
+4igcfjs8aVhuo2z9lHZgqIkRpb/TPWkL6IgHVfLle352+zTscC6SVksC9J/o347y
+WE46efxyYYSGqUg8eXqodBd9ReFqYUKMZG/6Zrk1YbSYWOkdhTLEbvtmgN1ZsRvZ
+ImIZEAHaA2fKQKhwWeZax75qOeKRnzi0ZJCK4BFUkY5tviNclyNxbDCdOEyyrY74
+5wTjSkImxYEArgn41i++i05U/Fo6c5BAtiEQJZwoOfFPUXZ6ri5kZ+sCAwEAAaOB
+jjCBizAfBgNVHSMEGDAWgBTbgAe5YizFw/3zQ+JmUSW72/QczTAdBgNVHQ4EFgQU
+2OxtvrdvyhNjyifMnFuiaTa28mgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOBAQEw
+DQYJKoZIhvcNAQELBQADggEBAEGWmRimtoryrWPMHFnL2kvI/vwMcVxQno5UzWGQ
+FnqgqRgKpgNeeNJmzTugZVPWfK36cPehUYPAZJjtcUB2zBaEEoFghvtZgQPWR/M5
+/amPSIHzt+mW3sXdJZ/lgkeA6nNanW/9AV3bWlYCfWgOdHiHym7hpKsk7UwHQYob
+ynVgkL4oxSV+KglhXYGab20YiWNW6KPC0C9PCyu3PEG21WYsrFGNi5aOOlnTTW8z
+A39i8vqZ023pgOkShxYBOvUdisg15xmSq+SzJZf5s1QyWd3kX5FRAsAOHWJzglvQ
+yqeQX3fItsth1c7iJojcVhz8A0yuXICe1knhgg72TEqj/3Q=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 11 16 78 91 AC BD FD 5D AC 0D 8E BD 30 FE F9 C8 AB BF CA 4E 
+    friendlyName: inhibitPolicyMapping5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5C3B5407440E3D9A
+
+g9QcHW7o0MyolWOLsAc2kQawYPcI/YOzbWz77ax4i2OTc7F0bA8iCDy8WLMakxzl
+b2lxhhXcKJxAcqKO8bEcZjYhUIWO5F/651/BSHtCfuq3ojyRvc1vq5f2mMDE9bhz
+odKNUFbcF14i8gpjLP8RloC4BkQDKEubAsyaZD43gu3t/2V3KCOP0ARAWcuDKhUZ
+6HXkcevegjsxpzoKg6w0Bj1+f2clJ8iE4gRdJ9Szkbg0YsgJYrR0DCk1xMMHZRPU
+RbLcehx1Gt4WjwqCl40NF/cylMlda/6OpS152ht9N44NAWRIP34MdXFJXNmQFcNr
+pIPRi+uyEbYBJ2YWXPMmv8oJyl7wnIpa9sCILNbi8aJwgCvck1ALNmo9GiDqZNC8
+L6+gedGdxB2qIwPiPTgX2KO9dgBLNDQftfa+TR4nJi2T2NUdatSnufU+HzMAvyEI
+DZFt07zfxaEHoF5pNvKsHC3P9Y1hdme5GJlKzORvy0ssH2cCuiCrKHrYlGYgvXQC
+UpSvho46u60+qsvP9Q4af0Ys3bIM1BD9/soCMGFZSkIHENXr8y8nzLUmQmwrJypB
+GEXtbJiGtpG95SATza5/rE98UaUSJdG9EbngQlxAagP7HZySNrnoMgTobGplxFAo
+fMHv1oKlBGvnk2J3vHItI3GSODuvEEJPNVDYVyw8fS9tqFk2H+fhV8KoN57W0Job
+cGqxJ3m8IKp8yF3i341gRhJSbynNK8qz5YBwVBreVw2kWz/mZuUIRDyWRxZOwZlG
+OaJ7F6xFkt/fZK0+6RUQDWW8/Vk7HiKC7Okcvq5qkBqIne9+JIXhJr+MXMF2K/wb
+aEypoO2E0Vu+F7ivu9j/iGOTj4K/U+5YaZI8rPSql84UInPdCnK2QfgsWHOEbsGj
+D0bNfejcUfcqT+LcUPiwm+jBlPwcT34dv+58+vd+/I8pOlNOsq4TEW9UVHcHPgHX
+BSW7Ntu4B2/s8nNYwxcfmpx7me0EhZhHBoaazi5+J/3dRSdC33tf604tuwjjzVOG
+FSy4SFNGEvh/lp94KA3rfsr/hBzBBNJ5FvpYSH4/Q+fCyN/MVeSo7m145yXBnwS+
+P1C85coy4cT0M2/kw8svJgeW9Z930No/RDmUbBN7UmgzLJt4bsXRv+f/WQvNp3Wo
+PVo0i8fLrKP79bv7Nf8L6GUAIf9DeQ4mPHnKPr2Qq0Uvyjxbnj+DFT6w62+o2q0t
+QUNH2ScJwxNUKWyvqvdOkEk0IxzZSjPZefPmdtfmfezZ8avOCaF1GbrZBLYrIqZq
+Tovw48Lit4f5dSrvDH1HXKyBiq3Wgmn1drUpgHYWJOlQB+yBy1E5RFa5aU1OLyeo
+3xvnZjgS+A/o5HV4O5OVDQ6HCGiAekKwiNlVkQLIJLjFWO4kXWM4nyIONPKiY6B8
+YHGdfOL05k63aHYOqomikXv+uldYKI5eqJzjqHfbn1Z7dugsFZRNV2jAtd9L+w9S
+kGc+mtS9Utt9vh/rL49gviDkXXl+mjQ+RCrFZVgGRsNY/O78bBei3sfGdnMc7sUj
+hEsxMy8tQZIeJAnHn3tFd+QXbqdhIoaJ8aH0rvZajVKXLRS6u4JTfD6gQgHccyTp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem
new file mode 100644
index 0000000000..2e129523c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5E 5D 55 A4 B6 8E A0 01 78 DF EA 47 3A 67 B4 15 B6 6D 37 76 
+    friendlyName: inhibitPolicyMapping5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJzdWJDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORACl2TAi2vRGNZ0z25HHDq
+63G0jwwUOBpMU1tGZM3EA6E6CZ1Od8tAsWfeW9sUj8K2m+t5ncmshD0xjUeLl9JV
+CkJ7XsYI384YKQPdN96Wh+eNlbWRGi/DfmSiKwebVWOKVio7zMfv4rLdFEDYSUO2
+62AJ9tOBc8lUEfqZiN+VD/AAfKXWfoyW2J8pJ0AhX77P9DAuzMiZKvE63yI0lodh
+u9RKMVUPzLXq7FBY9xHexBFYGvGAtmuVfCfqNMR9Fu+loYqwb6KAAXnXh/DRq2TA
+VveMGaMxuoCk4TPlkrraHiFitJgXnFuIsD19YQ1iyX28c6W3pfFjca1/MQUOAGsC
+AwEAAaN8MHowHwYDVR0jBBgwFoAU2OxtvrdvyhNjyifMnFuiaTa28mgwHQYDVR0O
+BBYEFDWn1OFLdE5VqHG0Qn8y/gQayQG4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAQEArfD53rmonDxsB7VLzP6pscDyvmqoQGKb8BgjxfuNC5AJflfBbbtlCeMP
+cBIfFtyc0nECkfaO/tS6ZbzHyU7Oe69+jVOufQ0gdPJBITLCD3uhGXUgmTQdckXd
+a2YU7ua8NZI040Vr7inevt8DjgBwfXEtUlObMCGO4OYtUBOXhQ9yW5KRkOBoYMks
+PSwthYFiw92gkagk/jHwfB16VNIs9u/n0/848m4BzF7wNp7S5iG7yq/+fFT0WfoJ
+rI/TZJTmIyWTJfhGwaV59ira0PrzzJuji4w62TpBAC/iKbeUqtLdRHBFgur8ccBK
+VzdvksHDozhB+yWvQZNwqjIGoKb6Ow==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5E 5D 55 A4 B6 8E A0 01 78 DF EA 47 3A 67 B4 15 B6 6D 37 76 
+    friendlyName: inhibitPolicyMapping5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4FF971D4AA6603EF
+
+he4gc1l86KKIErt8Ps3L1JurH41LCz1bBIPjK+eCvpCAD0ClyHveZ6Xt2kWFaBX3
+dMLH7sFDO/MMLqpn70L6BopBF5fD3edX/Uc3/L4BR79x9LGT0QE1WS9V4djt8Bqk
+INPEZaESnQTdckGsg9riICTuF9vujUTmrGieaUzxJLIdrAhmtU/VjjcduSzb7vMq
+DVl2aPtY+/iWDhO5HtGIAPMvB8zZnEsU8UbMvW+ST4CafjudAw28fYT+bMUzr+Y0
+3evVK+Lya3dc3Pd82LNDo+Vp3KSEGwsX9H077nBBR1LWz4HvYblTojYyd0U9Hz1w
+ReIbjJ6GzRH1Ro+FmWnMQPbRfUqmfbNwLY5keRzDHijiUmBTIyFepY8LfCfviaHz
+W0morw8u3s0HmsH8apVXsye8l4to30O0pwscGXT6G1pzdbB6EplYSZHP3VRuRVHq
+0rfAnmnbG1pNKc3ooLPoEFqfHVxzIazbe0D8a4q6iGvQGRUjFz9rlWefbazNeyPr
+caA27WSVy3bzqNB1MfIQo4BQcAEo1mOyBZW7vZCQ/GTPzEaDi56F4PatLskaX8vq
+nfCF+JUJj78+mTddZnV6Dc6AnW78ISJvS37i9FEkCg+PqTyUMlCwjkSh0fmi1vWm
+MYV0TOz31juOhowNZo67IDpVJJhsX08zFUdSbz/xDC8WUMmOANPYJGP2kAbQU7XV
+lC26rtO9XBPEc2TR6qpiU6HdUNmnT4tBdN5rvYy5QhQvwzcYhVGeAy8gsKhpbzJ8
+OdMz5e5c+V+dvkVlEWOniXmTZKKqXF2MBnTw/lI+uGijgwfTkHX+YlGpgU8cKNIC
+KOnilFBINIfa2+AmwntSBgUqmYsPQCJGvt/AS8tBezDewkzOneDtP9qfh1nbNNJM
+Mj5UGgVnWSqff7kf78lQZJbltM89KZI4Xi5ffHwMTqi//NKUFTyNx0GjMp0P0iIC
+XJGT8TX/QtL0lsRubvghNfYF/HJRxl8QchpK37bVqUs8v6fB3i7gzwkUdDRiK6Ai
+1nUXpH0I2KAhRkfw25uh+r7AQF2JTxnihbSkkxUqM1DkPBvVUa4QpciurGGp76ZX
+9Cg81hYcUPyv0PnIKfJaLIULMStvcFZ2qCgPn0LL+Nfbi+hxI2qFTLmZCCXXTM3g
+ZC1m/jkhocea3U/EHVtCBM3FtsmaoZ1jwbG8lg7sMYelGDo1hLHVxSg27v32yGim
+ULM4bVqYf3LTIrJ/iC3E19F+5aGuzyhqL95Yl0nA9s6oeG/SY7dB/Obb/ImvYE8H
+GiQ89sYM2Ykp6UzUH9cKjNnJZnfbYlhwBMwEFKNLSYNmob0iPBax5yFTiNukjRpu
+nZxb+840bYvogExlP4eUM1j3O2gvGlPUpH5lAf1015gY4SbJexkXGBW4hEDLxt/8
+DK/usv88NUYbuJMDn6QPslJWk6cv1knMRyLpM8m8bBqs3nUAkUtdiINU+eMqQknl
+GEMkCY57d9DY0OQuOQjH9ATvu4+e2Dbnr9EsBWxqgJK7EVWD6MRck28H9YybOZCx
+7Rh9EsJU72T7x+bWSMcXBqu+EMTlqlkIv0lP3jNxSYiX8OnoF6lLJhsRC8QxPaWj
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem
new file mode 100644
index 0000000000..68ca7de65b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B5 80 27 32 7A 83 85 E2 00 12 C2 75 75 1E 49 05 85 C4 A6 F1 
+    friendlyName: inhibitPolicyMapping5 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowWjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJzdWJz
+dWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMOUe51QDDF4LIT8
+dNI7U7D9/Co97Ayr2DWC3r1XLTRuFPRFy87WgdMLZKMwQFFyUlExeXtmH3k3hiBf
+xQxkMe/RpmMzJsg2tR5ATvPvatP2yPAp9mdMCqn4KyWkMM7t7hKubm8n3V2FV+eZ
+VCM6Q+wCrxjzLpx/BnALMkk/+tNg0mCF5xQoTi20AKZZVapwN/jUM8bEn4LDP9bg
+jfvpZcP/J/IWRvQSRDBN7+62JT5DsnjJaXOD2a3ZgI/7shdoCOJJSBI1qJrSPkca
+IwozCjheu1icHr+34/uLXkYFuIAs0my0IJx7y43RrWNA0JTJ/WNYB+humZHP30eR
+bguXAbECAwEAAaOBpTCBojAfBgNVHSMEGDAWgBQ1p9ThS3ROVahxtEJ/Mv4EGskB
+uDAdBgNVHQ4EFgQUrmPL1+LDceP0zm78NfSb0k0+3BcwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1Ud
+IQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsF
+AAOCAQEAhxkEhZca1jstqu4SQv4NukDbw8Z3DdN15kwxZzgNfij8622UR4YqHu6/
+dv+c0ANrgLR99MpRbvjimg4SnYj1Dlok4QJZN04jvvv0q6N3Tyvwf+S4LmaOyrXr
+N542+uqYrOAS5UNAPF4ZxkT5L9OdxKQ5qqRNN5GxyxbPszvVA89/rFy3fHC+2OHz
+eLgaSl/i0MIUhx+iCop1C+Svvt11DE3pBqRQly6A+MEtL9NjHVuJ/I6RxySHpbj2
+46+yJv6k/OuWjVrAlhiDuUjwFHPVVnvHk1plcXLv77EnhxL8Yb2tNF7tM/0aG7s8
+w5Idxl3AuA/XWMrmoLvQFlcYLm42Zg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 80 27 32 7A 83 85 E2 00 12 C2 75 75 1E 49 05 85 C4 A6 F1 
+    friendlyName: inhibitPolicyMapping5 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,218DC09D15ADE49B
+
+WuH8KvV+CZLuBDAte4hOz4eQwjEmyt40Lb0OrP3fCY9E8TC/BzMl/nkg9VgqHnH4
+n1Xa+DGyGHZVLoW41u/Z9WB0AEC3+4pcvKnBt13uKMBRgBS/X3PGLTA3alTxxxqm
+6fZ0EQrEiz1idvhNfsYzRDXbtMYGK7Lmqltpm9i4tl3elakClIPPNEQqFyB8sfdj
+rx3ahk3nf9cUhXS4Ch3mnPfJyj20WCUboXqToX7OmsozE+hlhmIwSrpCj57MaDGc
+bcKUgMG0xzPnCiouFuqD8G2I0PxE1/5xx5DKcfqDJ3QFmBYBCXpv4AfFLDWtTOmh
+ZdNNU7irbB2e2/NL439unk2DfrTjcQtEXKOgs8JhOQtaKWBU8HsI4HcCWr69l0NP
+3O/7muG0o/Kr/4YAUaPkHce7BFMYnPQEqTTWxOpjQxGbVHYdjaYxEBfRC9iebU7/
+XLNUoKZMWDk69i1qPnT0GEDgZD1y4wGoKebJ77jRQQ7INtB3h/jQW8Ps9mLzHm3x
+u396hVNxrJ0C2chftRQ7HgmiEJqdI0hz5o0WAm9ojSDMeTLRiRk4a1Zmx6NsmoSF
+gfbcrMnOLr3oIeehD4Zq+HKy3sRsF45u9qvMtyh8tT6bNiml76ocKP3bvDgBwCMy
+PG1m4j1XesyuxkGsCC50zJDEdxRq6uFikuH/yJBRK1EX+qtkuavKQKnP1bWebhaU
+wsPvhfsa9h+rwNhOZ1ec8P6TfEXCqufoMIYWGhmFbzsHOpTyMZ+BQRorJkFkQ8Y0
+gJU3Lv8fCow/nJVlcV6oZKXoFhbPcETa5fVYmEFkX3sMcK9i+a0TpSorE7MnMAd1
+f/bGlcDy2tgOg7yqPK8OL3G4oNyzZWyPgRo6OsKU3Fnq8s0GI/JMMovcYt+mU6Qc
+bkIKNo4NbDQKGhujSTSjl6JpcTkC3mzCW0l5yLp/ke0Qoc55co+i2cPDBCOCQx2p
+0CcwsOAgfy9sgRA111zSiH2aTjH/S4hYiK5jshs3DAg60fTjg6l4zkB4fK0kS4F5
+dqr0xrXbGnL+ILSBuCwU3IABFc6gkD6qPzKB9nrFv0dEzXtcXYLOs2sNREGwgxre
+BfQhVA7msHQ+2YaiaQnE9HlvqWRntkJzBi0cND6slN5gnVEqX0vV5lQz6orTwtdM
+vv/CQCIXhbKj6P3RQmIP0s3/foTLXOQBmJoQE4Yo2Nynzb5gXMJCpInAA7lOMOqT
+ZGmMVKqB3n17VaBcrRyb48UobibzXUCWhharDCLznN6cYQuryh05Go5ugMMadxbS
+5I8TKpaivEbhNjUkbU/4HF0RgGdquxVEJSHMGSpyPnNTXqnG4U/tceRGkemsm+Dd
+oFmk2HHH2esUFuMWFXAcevGZznOtgzCz9utLr6Xb6RWZMEHf0aHItCZfkTtVEfVm
+YlyZG+xBL57cKbXZDXIlBNxldTEoKjUdQ8ICCusW64bLe4fHRKoJfOm9NSv2fZDh
+YpUKEkhaYuU3nhOJBil8wMPS8PgyoG7nDXxR7YHwNdePzUMXD5TJX9rRISuww/KT
+kGRVn8hewI/ihNvvtxVfFDGuKFfRz491jWbM78ZjT4r7hXlfVBC9u16zIbp+8+Sq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem
new file mode 100644
index 0000000000..dc15ee8ff0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C0 3D 50 4D 1A 36 70 FC C3 00 C9 60 6E DF 9E CA ED 35 E4 08 
+    friendlyName: keyUsage Critical cRLSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Critical cRLSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKzApBgNVBAMT
+ImtleVVzYWdlIENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDVXFpJZrrfE3RhnognaEW5+Af+QIHZD5UHsNHJ
+5+52dskADZ27OVATF0lxfJFCsvqg+xF0CwUnPGAAvicTqbn5s6VfivsitBKgJtYv
+7mQHmnA/atFcsstwIM4a0ElZktPr3uBoVxfxJPve11Pkzn54JOO7iWMMqvbCnUM2
+rL+CDR+0mVStkYCxLbUDYIBHvjBua2K2h6zffk+UDf1cBiOJjBKLdQN3gJDKvgBz
+P4icVr3SOKy7CeZssY9qDvfs1VIXbFdHDNqAQJqIDrmdYFaWQ9Frg9SYdJ4nCNyN
+7eQs78izC8jF9EjR7NAIHD9l+PeznskhJ8hfHOQ/gIiccfPrAgMBAAGjfDB6MB8G
+A1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTCymn1tK8T
+LfSc8hFVyyows9JaSTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBADmfRFtG
+DU7X1eSxvzMRLpmjMY7rtbEUvSMJXB4kTt9/QsKPucJhG90897xCca8i8R2nBjl6
+Wt9YorVQIXg1usooaLj0d1/MWgRl51Tf6rWRlpbaG3sYuU9lfu/b1TPHLdh+iihD
+OrJRrv2VhNyurI61IbwgOUfnc/185PdIhWMyFMiIg+S7k+U6MM0b0m8tfAwQMS7W
+qVKV/DZdutJFDNPqWUNW9KsVPQreAs0BHfeH1U3Sj5y3678pOOW/oWeQECv3hptF
+xIeE8gCSz8ckM75AJnqa3bI4Qfc8Z7h2KYbqg4uh5Lvy5sjT6EmzOFhZfxPkkYuZ
+v7kVKEHrXEIv20Q=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C0 3D 50 4D 1A 36 70 FC C3 00 C9 60 6E DF 9E CA ED 35 E4 08 
+    friendlyName: keyUsage Critical cRLSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,68D6DA85EB17E2DD
+
+jED0gB+zQ9Xhyoqoj23i4u/lRZGmWxP1UhmzX2uP0dW4TknSr1V4SlNrAR+WSiTl
+7sHP5JUNIt/l8GM+xXQ7fbOdoOLsbkpOauHh0ftQKbVmEJvRojwTlBrlvfVESYIP
+iWhfAbI1Dsz35dzX6czqFq8K8OReA8BGpd95Ix/FGBWKcoAnjKISQy2N1hMea6RF
+zGXFUWtccI2jfB5QIuIwrHIsWCqPKT1iwEw1TzMt4zhppRGv4svN+176Lx81g40o
+M6Dg8qNpLx+OfKzY962zMB7kCXAxHbnZITKlx8U1cF+60QujGwBg6arROgEwOKSU
+PU2m112MuHckdEhI+7VbcQKjwskggYgP9UsqOrBt4WJxGNWm9uMFM1XkEyxmU3ut
+NiyCX4mjPUpqfY4Z2JkOlVu0TgrP+f041a1V5MxCD8UtdN62hV9V2fYjKRNaGt8E
+wZpc6/GRv9ZK6pVPDML8B3OrrCCMLjg84L7OCfuduxV1oK1YXok/Z3nralfIVdNu
+O6ORaXhXPCwNx3mj+MbNCCzMQmmLPBX/g/p6z5kVC+67HVzAp/tMiQ9p8RiLqPoS
+W1fEBnpDMgtqzwlSnGtCMKCIkto8jHi7zdk3eCjwX+dt/eaq6oYzQYHjEv5LatZM
+UD/UUtKG8MYyuVt3niiV7C4LFO861gPgydr9R7ZffnLKKre2mTzFOcpD95b2jbvz
+GrjrU5MNvZIBnet6kYVFyElB34eEO33emV/2z8L5pp3QpFtx7WldhhAH03cUUZsJ
+B8t3Jhz9KabKDl9mcFH0x98VgNN8ZPNsIMYtz1tQ+J3J1JAbh5X3R88bXJRonYiW
++itRoTtrJ8xDWgV79LzhJTo5AqE8h2C/AvIsFynUhiJk9eMioX4BHaqj+RroS8x7
+VrqyQHQf0fOg33f3xy+xWPDablqGohj/e/YMwHXZmovp1Wbwrg0J0sfsyDPwGeVS
+5Jy38ohdFLawlXm4WT5a9VVKEJkRVrAfDbFpYOMwLnJJHNp9b1WyWHDlfP751yYa
++wFC6idLnYy2r4STVOiawg+HaDH0syWvatcfRj7LRi1rG+eUBY1jALjRoSCKIDxX
+yQhjCBRIXk7Cuq72a07fwRj3WJ24E+nzp8L3E+YkuraMUmTsgI5+NIpYItNv9gNd
+Bcgu7L13BR/jyG/WdZwg2JIgkOnyHAVNPXC7oYmsSpuCOGFrYpG7jI/NtZB4NL/o
+IEmbHrw62lbE6vPxcwf3KPkzOLJurxyZ5IuFhzKX3A2HjoOrlYuKXUs6qhioSzly
+B4QSdUNuUbhOBGRNqaneWLjQBGSoijLpGNdzWjz0EOjDqSrTSvCc6Q4OoFByiK9O
+YSLjgOOhJ2lHj3TIEYkvVlN28Dna9L25VVsE0i+Yq8xvZG8wzlqg6QqWnLZnE6OY
+zrYX1CCGUnMSSpkqPVvWhqtMJQWcNBxeHIfQ7ixjMwmJn5f/mJ/mQ3Pjm6sjHNig
+nwmD4dWSGVbZxmturc3Q81oLt/f3M6os2/9Ds9oAHGrLslubcfbVnicLGwdRAAj0
+hH3oG5sFsR1E5z/F6YQUun0czkaQb5caUYiVIskia5ibA0WRkg72dmj827xrVtLy
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem
new file mode 100644
index 0000000000..e98f314654
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 54 DD F3 A2 70 30 02 61 F3 F7 32 AA 21 08 32 1D A2 C4 14 F5 
+    friendlyName: keyUsage Critical keyCertSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Critical keyCertSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JmtleVVzYWdlIENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshkDAkc1NgsehY25cyVzSEjWwYU6t95G
+/bdkWf9DwvSkBxz42UAB0DfeBaHlbsgyVPjecL2N2bBpu4Jn9T03xEaMfcZXsyI+
+Be6psiAHVoVI9yTqESpjDgwWC6qE+g6PcQq1pYxsGzWlcBm+nxxpb0biMg0pTgcD
+KUtkK3UeoUJ15K3nDEekwLkLFwuBBFGzfOFCp9PImJh432RT/zzy47GGF9GNNDPa
+7iAZDmKadTAQ2RFy91qvUWsMxTdQ5wR7mzYRQwjzJG/3QBUKaSl5jEX+U7wzI20b
+OAHMdiEfsDNKXlvbIWloxcmVHLrVnzyFXgoB4ZYUydsAZoqW4RUaIQIDAQABo3ww
+ejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUNFUL
+Z/wcsdzCcgoU8GPp1JvwY/kwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQBe
+d4ZoblyGZ2/KmDlPWpOb1UDgc8l4fTwKDuDOch2en3qqX22Lbfpc3XWB+cOvcneu
+TvU3GCC2udrSk867vxd6LsiUPdfieO58b0au8+myabu+ICeOeWtug/++HvHiZYPg
+dJI39eSmMC5iaiSUkcdyNdH6IwkB3WTlfFwQo62T+zC044ajD/1nH1F8yNx6bJPb
+nCcphNbufW7lN/3B7bpiz4EKajIkvBk5ZP8b6amkDO4fGQvEgbZGhNo2TwDPJh+i
+97WnDFkCgOETr6GTgfXj+BfABCKduqpl4H/cUG0zt4QI4SMsuUvqTVoHTUc+XNMW
+kaLapuUYQMDC/P0XLwPk
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 54 DD F3 A2 70 30 02 61 F3 F7 32 AA 21 08 32 1D A2 C4 14 F5 
+    friendlyName: keyUsage Critical keyCertSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D4AC773554F54CB8
+
+wx/O0W+iaLKhCpmZrFqQGu1feMI1jBRW6etpY9miXcSUorYfyiSYplNgTKNmcBF4
+MQTC7zLeAx+0HUWrPKETjYxPz8m0W0wBHBr64+CPo+DU/xxalgxpb4v0faz+Imuj
+Mm4gIHKikWHIHdonnFWpAAYAibIKg2suXJ8xDrMzHERzRKX5BdyJIHcpt6c7CLaQ
+6VgPQ/07N+ooNHis5ZrXtOink7DAAFS4EvY2fb7Fqm09eBRVe/vVtQQYSINpruWq
+W7SO6GJihr+hVtKo0PoHYvlsrlxZgYegxtiI+UjmJssLWj0p0fGvmgnQlf8UtuLL
+lV5kMSxGBqcJREWNWfYnrz6rACYoxmnG0DkUpGFTVeNfgF12WRZr1AQxSXo+xPeQ
+99zwXTYQ4hr6mB3ur6o+wAQXIRhuahfMNdVUvCL6Lnuaon70opw/8u0CffAwxCsC
+dFRXIe1Kmp2Ms637fLimoQCuOJ9OHM/wNf5MUyPBA9V9K7tidvqH4kCrgdm7P1vy
++ZLtvJ96V0uWqniKBRdqekzCN46v07Ss6GFL6fBDnbGCCCHPZo/nMtHWnXc0TM0h
+3AzYtsFtpaaEUBXmY/fuVOLEm8JELkByV0+08U4lktu+PcAg0rWDn+x/dNrSYcNz
+HWHpet/Jbsxk3JV6p9Be45wug4IEiouGHVUVE+q0wv/jbEebQlYk8qNATCvl8oo1
+xgpluvYW8+mrDTVskuuewb5Mj1AiwINUdLS4ZCDO1zwi6qyCGPvGSovUylBLI1m+
+wlD1yCBBfgwJUi7DpKh1K3ut0/bmU0CWRq76U/eWdLP76hsLIyuSZoMpeezaplwA
+AjoLme7da8yYjwzvXN5D5p4JigIhau+yOydpB+1EZyQAf//ROiHQ4mn3sofFPryp
+WPOY9B1j7vEQQcCowH7t33BbVMnacoYApYs3fJJrKBdfdcjFK2nkVbEUDg1BuWtw
+qfFpvS1ElW7C75lEOxx/r5ZJVI9v/r5sDB8zgszyhj9DEcpSbq5EApDW9AWJiH9y
+JKNBgh7KhotLPi3ADnp3Gzd4vA+h+ylCyGxZMEaY4gt5QrXViw3ndXe7BIzffT+g
+wOLyYY0hFIl4XPdD2iuho8iUov2MwX95SoWo+WZMH5NcPvbG9Z5Qf4/DMvcpQILZ
+hW1H5rDikiZ9kBLpIfXrWktDyvgP1p4Ng8LbZshK4Jw6rtLF6Bo1bB27gF98+lCo
+cORPVMi5eSL6IF8ZkkxS7Qos4CC9SpFS+8DIHbM1PibOwD1C6A2KoIS55c/kYUye
+XZwjqmHO1g7DBP6/qVRaSw4Dkcr0NqDbt1cp8+w+yKQnmqzgf2zKx09fbufdjnDL
+/hU+FAm10YKGozDbWA5oTZ57sy9K8rA38p9ECrz4OeEVnaG/MeCnqfpsWUyvpHUo
+XA9/mzjaUAfktQP+wGgRdv6Ir2stOIEgkkYo57T54sCDnELyzECo+6FadHUxqNL0
+pQ8zSuIH+Wb8PdVlkFtKXE0cL0laahBzMFSZQVj27UQCnVNBdFFy/Kv4aoCyWL+K
+FVRMY3kJ40sTh8SWeFwO0aLd8ycV28AapkWqyKJau3zbNQNWQkR43A8KeTsNf28Z
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem
new file mode 100644
index 0000000000..b2b35d95ba
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: FD 63 0E 7B 2B E9 83 FA A2 27 54 7A B1 AB 67 0F C4 76 56 D6 
+    friendlyName: keyUsage Not Critical CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGtleVVzYWdlIE5vdCBDcml0aWNhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAK/akbKDSU+jyQyKaVyIOSz1eF/8IBeTVffB6t4DDAzrnRLvfKPO
+QaKZb2v5iqF1M2bBoKaIdSfcI5At/JXFHJD7H4EGHkT9sWMV3Qyhw9peIr7We90R
+S30KHCOsXU4UYx0Cqgg9A1coxkMo+lopBwaQMXdxSRSLshfGuNKrjCcttOxF/GXm
+hpz8kMPBLUKj9OFFudTylI2DD46FxcwgJ0JnBPOll+fpLPYVhBAM9Y5uHjcanl6x
+5U3Vu2ENZ+v8wAXqFFkl/ySMO8oXidy+2ifYjxPJsvAC/A7BID2NG7y6F90+tHOS
+7I4pUA2dwp3ju6p5yj3o4zSX/cQDvuHj99ECAwEAAaN5MHcwHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFMGQEUrZtCvFcH7OjDtiWOW7
+lytzMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MAsG
+A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAHJthW7o9tlSkPicbKxW3xOHN
+vcod5xj4RNcMFpz3AZe1KDPm8vSO0P20uzUo94BcwKGOhf1Ecp+8r9Y7O/dpyIz0
+FZRa5JKW4NA0LlAuhsD5f4gLpRbY4Nr0SS0w3k8ycSU3uxpPCiD92tvih3GAPne+
+d79uPxmFSOVwgiPa6uLz0nnlAwgbMl9NiLpdzsLnbIi1saapuoEwMNWF4VXd4DDO
+MfOh1tHOwbyfmJuQF7rl7dGkhQN0e6AHJUsNigI3i4wHf1GvfnpXrzUoz8QzmUWf
+QQCza3OcdC2UUN905ztpH/+1bgtUJE/alfclVJZEHaWIhIPg+5//Op74d3oK4Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FD 63 0E 7B 2B E9 83 FA A2 27 54 7A B1 AB 67 0F C4 76 56 D6 
+    friendlyName: keyUsage Not Critical CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D9768CAB2007E4A2
+
+1izcemhgrYgp7NpmBfYrToOfortvPJIK3wSduRy+LeP1g3o4vgRXKzX4i4k9LBbL
+2OFdtFGAvON/btC4oSlTeNVIdDHv8/Oakf66HHUlw9tu1LhFwWcFXDQ9Jyf/Pb9K
+H9vk53fBoDl7PZUNPDsGigMAI2cfo7GClbAEMzIFhaCbvjApDW4YhtoMDPy4P7gI
+hOsymmIvP7TttV5vfO6raFHPLzem3M6+XubToouHRUlc1m1nX3DMiotXRMEO4ioW
+uX1QqNb9xEngnKA4ADTrYvM7R6QoQ9claXHqieLzgc8iNzpMj5vSkVbOCOCVMxoj
+Sk5oJMGI/jE4jsX1VHKFbBfEMntF6aeuoCrGsuZWPidopuxZ9nBGgLQVCzs9QOaq
+z6f06Udjg0C/nM5/iE9DfL3RAylTrRrXV+tL/N6AZde/7KxJByUo8SndvcqIgrIh
++1NZsVdFhp/xybqfalUXz2WxzDkrj9B4+GRZn7/Ci+cVRRXBuifnZwm6FlLBMsKq
+rz1EgMSkX/0JmE9C2qe7ls/Gpx3W/ahNLbDLiiqhUXFIvTUqpnww9Ozrwwq0OcIx
+5qjT2LyZvxZ6BP8hm2ux/CQtteyyAvLlMF6b4GqEyjJWXav46oDcmmvobe97Wa3V
+JHVw+TCpLWypYZlUPHyW661s33ewWs167lIlCWlFkKCUtzW4Bp/E1xZ1Et+/xzdm
+PhVqWWyoWVIQXwi3K/OWojc9ZGyIFHybROl+sqeWIpUXnsN0pa3vCigWMTxqeA7V
+EHyQ28rC5EF+IreW3RE6vI0ZGtmSeKxf7UonX2HBiOYPHxfgHFRpcIqJmE/p2Mi+
+IIx3q/q3+N1mGtLrk2QBzJNUyGWD118Y3XrWv8gsj9GF+9J9NBTBfNgyxaxrdPcH
+6tmSrOF6Buz34jlQdxsn7wN/kjTtNVwBxHtaVc6KzrP1e6IY+5m9FfpLY6z0kLtY
+ZczKMr/fjubH3RoC/dR9H0v7vFyd8syzfIXLW92SMqdwh+LLRBfHUZa6tfe8cVf9
+E9dybAbTVS+Gctq5mS5pYHSWyZDq5t7JrvBVBjh2Dt6D/0BnQhIqnQRwNpbSoeNc
+dgcKs+HhptRG8Mtr8VA4JgZTTYf7h2rVJHp5ilYvvIj9K29ftgRHj+iAKlKCpdzJ
+K82kWNI++/nT/xX9lbtSEp9Z2slB7j5FPseHNvaDoFh/dIDGbuYsteVu/pBnPX/O
+jtcOd6Tu9lzjrHSx9AANpxDui+VQRfdGJBg/nCof6RQ6JJI0KD73gOJFYEPcrU+i
+zoZR/3m8Rb6maz8xL8qwJerOefYaMGvBidqcBPxl4TVs17JzEfyCyLwUM9gOXuBb
+VNiI1tFxs/Sai4U3dhv5y/DrMSJ52/viPzz5UHh/38Og1b3pQWc4xCJgAesSvbCi
+McxKCksGErozuzopNPJXv59s3wxkHcGY7SQ8S7HqUz+nR715Ho92mWuvDitPm09g
+DEUFgD1ZHB1CYjJ6jOiq4hEGFKBUyP56Zwz1060/JHsEjnYMhUJ9FQkhZJOaPEa6
+7DNbXkish0R+ClDkI1CIWfe/t/m+Po4c3WJASPs5F1ivDGvCXDN5/g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem
new file mode 100644
index 0000000000..59924e049e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FA 8E E9 9B FF 45 C8 61 CF 71 C0 90 04 96 CE 07 1A 60 C0 ED 
+    friendlyName: keyUsage Not Critical cRLSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical cRLSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JmtleVVzYWdlIE5vdCBDcml0aWNhbCBjUkxTaWduIEZhbHNlIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ajkrGWOSxFEG9vuWGeWpRVcosWQyfZP
+JV13VfTNb+3Q6Ke5L218dww1FtrmP99ZBbbX8VTaLT9Hl36zdCNhXfNDjpj92N4F
+rM93HPFrMLewZnfq1d3zWvtPN6UYNKyRozFsys72YmIswHZb83uAltVNKZNaoIhx
+9oDLf6BudU9MYynVUnOskvWbJbbi2SqjNW7dHP7boiDi5Uy+IdyiKvkyTHnaH3OC
+gjmQ3lWXpg+2unulTZabYaR4twj1hFh2XgZF946GAg2sy8ux4g9lKR7+HL1BNC5Z
+PBzKHqMPZu8+RCUA+gHUeh5xwRFBg7wq1Gs5FXY0BB86bDdjJrDrLQIDAQABo3kw
+dzAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU+X5S
+oHlmBAhECGV5EA7dkOZD8dgwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQBXNr7R
+CtJ7NH6ne9HBNzkCWsG3bwfaR3tD9hQNR5w5fyX0LKwBhnX8oH6dAHe+YHZ5oRlF
+yOeAZ5tjD3XR1WGFJCEHWQ3VmHOVtHLoc5YNgUZcn9xO7KLWiLsRPm6Nyd7AETZd
+/2EQUcHecRR6tnTKZJLeZzddzGnb9ThWvdYO8VaY7ipNp/fL+odZx98P8yiwni9f
+gspeW+GDi8xD6U16qXGYLJ76y1gkSYs4IZCx1Pqn/MJTsx42cHfrRLaomVzOGraa
+tjeiql/jUOb6IWX84tabge5xp3nMD1xfCFaGTaLMPiWtEhgFqZEzONP8R7d+15gr
+tWm1TYtrpHu3POhY
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FA 8E E9 9B FF 45 C8 61 CF 71 C0 90 04 96 CE 07 1A 60 C0 ED 
+    friendlyName: keyUsage Not Critical cRLSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,275F2E3AD2EEA049
+
+7YvBHx8+E+Vhw/nPOVU0cqQG86t08FlQJoYzqbih+EMvmOnuARkLo85UqgsMhPLR
+KFIgv3WiVIUc+DYSaP0PbC85Zkq3Lctl0hNDyUbtozMh8bCXVqNnVLIdPlmN4FDx
+JofVamca1/TAAhZrVymSk9XRCQg3tt+7LwgRS2fCtTmFIPkyVMrgo1vV64x2Y+1y
+hBJyXfSvXI/v0aAZbqz+Fho4TlaxPtuBpT8HiBhcIEIk6Abx1Jsgl5/PD2fsnrK1
+zzTKw7vMLKsvfUpt7aapVmjv3CpZEEgJtYlGxYyTGD1HbBSR0XXdU9YTSQAGXDL1
+sc2pXRuMKS/mMAP8CtLYyBQTmCk6w6ySceiIDx01QYrOWANwX2upsnyR65NBDSj2
+EQH2Z9Os+Uslbd/MMLZT67VgCLXkrNBKWSklrt63YdRivCUNtMM8N92+7boSxExx
+vo/ngvhO1vULPN6y231dS7X/wqMgJyyBBVCjtlaVSqD1pDiF9u1KUJze+olqvEdQ
+9alOna/FisedtjE8HuntfIiH0TGujtcC6bbVLYs6Lhuk/tiq3ud4j47UuArGovD0
+qV5JqIcxMxyh9cI7CGx3TWUTMrllCfKT8DuxFlWV6eOER1gtk8AFOhwNgCX12iUt
+ZXleKaBgi6ckVip/lvkBQjg8UZuy2aYK7MFCn0jKo1anaSOZ/VcT9nnv62z6jzZn
+heG8IUUKvLotuTEO8+2fgb/Gw2v/ZYCviqAmI+GLuVCHd3b+g8j4wylNV0jFq1Gq
+sLswif5RHUgAW+UaYm+UJkWA4uKGEWf2LEsMk1qJ+Gbiv3nWB0r8e+qYqWZtdJvd
+5U3wOjgH76BQgQewqRPRQ44WXXY+Mz+RntPmq2i3oBfoFCRAP3mSjQJK1z6e+xl2
+h91yAn0vhp9QdwUb5f01kYH7Wz12IuhCxVApMRal1PKq7afNxHUMaG67XyfTsvCr
+GhBFmO5uFV6s2S+cAve8vdG9f11Iq4X2zX8GwPY2rtjjg013gsnyhcQcfDbGIf3D
+21l9Wln1aqQa6ryUM5Q7cjrOJTB0S2xb9ItP/Ma7bufNmeiqo36U5pe2m55XHTG0
+KvQVjW3y9LiEFlISWsKjLIwYOHFcWRhBJlzFHhf4iuHolufqZMmg696MqauCEF6q
+RtKDFAbkT6pDE8OuuvYh6vPjwDsse5nYBGezjXGWHHI9cSXQE8RGI8QAAwHidpUK
+mIp7xCpmMcCOKEp89eErF+5DW41fqg1QVnZ0Y6AJcQcpkO6iAgb/ci8dfD+t0s6N
+GycmWKe/SiWPlfBwFNuzw7A6HxsUS48Mxq7CEYfYv990SAQrLWwIgUxELcEd8ftT
+YOtdwnji3VgbGEvMmtNVr0Ve3+ilK4h/AjidZ+YzAuFEdwYjtAHuVr0fREoX4q2T
+gj79ZlaEnNXWaDcVX8LiqTAlWBCd9nFDv/EEgheptEkfY2/M7jvlMSokRXWibZZ1
+48xPg4duUcChEGssmnzebdzNrTvLPgjNeRfQfc5XcgSzJecCrBBpLobMGyjrMeH7
+oV7vV96ll3wpvAqvP/GGkcgBX0TNRTntH1L0u0AQMiCvXL7jMxNr35c3la8elJfc
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem
new file mode 100644
index 0000000000..7ebcb97e2b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 27 CC 92 74 D5 0F 97 23 CA 48 E6 84 97 53 DF 65 EF 38 B1 CF 
+    friendlyName: keyUsage Not Critical keyCertSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical keyCertSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDnDCCAoSgAwIBAgIBHjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMzAxBgNVBAMT
+KmtleVVzYWdlIE5vdCBDcml0aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuW25Rdl1a11hIRQCfJWGwgZNpJ
+8Bxjnvmd+5HmQB2uTgWTPpIs9xfWCuOqqCD/jVSS97nyBQQtp6I3dQvU7Ssmkz80
+7y25FvrdcklcYjFKeKra/Di2suavIb3nlf5H1hRIzIejKqFxIDjT4QOi+kNdArr/
+cJM1nrZEhnNErXJ8qDpcb8k4fzbmodDbV/g1zvqY/vmh4iYv5qiw3PFRR94e613H
+gatzeOgFdu7EpTGAbNp0cGnsjvSuFb/XjY9EAtQoQiRmiiXbBnmoDIqOM7lktYJ4
+6Aly5kGXqXS3ZkkWERHRepN4B9rA8C2bppjGxQ13TKHFqeQfOgkvpGi7rVECAwEA
+AaN5MHcwHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYE
+FLIl0igw0FVobky1wkjzypsV8kBFMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEA
+LFhwyCZWomHkwIVAZ8k+3AqH8bVC/JcN/8St1fY/0BCt6pLeFOWLLXpflPlvvNA5
+SZbJLDfE3VOOYrYqwJEnmy979I1527wPGcj5O+jcDg2AWBpMt1qPPafftSGQxx7t
+UEWw8ZQvsEAab3Cof4p1/DXCJKOpx4zsXrz/OFBkSx+Gq6v7n+Pb+4g+IojVaxnx
+UO8xUAaQzjxv4yVfQQw3fzfrY6a99UBUOwuIPcQ+AKv80uU3aqgtvkoOWqs7R96h
+rnEWe9qZj2hCg9Fpwz1hyg2cXpkBfL5Kki5zUTaNhad+6iv6p+tXxx7W8qs7Fti7
+ziEwUI8u1HYLbCGCGFsuhw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 CC 92 74 D5 0F 97 23 CA 48 E6 84 97 53 DF 65 EF 38 B1 CF 
+    friendlyName: keyUsage Not Critical keyCertSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E1F05EEEC619010F
+
+74pwj8kKEJA3mS8C+eIEtuVZs2lGNc9hKvK/LXlUSnQuYgtfmOIch2rXgNZMtQE8
+LhPfxUrNGG+30b0kkrhdwTBiM2+I/OsoPG9qXZMEHtDhqpGAZhnj+FKRB7VQnt5m
+jP81Y/dgWTHct4TsJPdSIRVOm5rbParIijUmnQ5nAH8HUEExbbd3fzLEEnZVZDus
+rulTbJaSiUhKHBU+oQtZ9AGl1uCzr+uU4o5ihltA31vMjRfqxdnpET7+31WI/1M+
+8hUjXCb3kE/zxexffXiIlujiQBrPomd61L48rZiEvN+kKHbp0DJvaxyNvupzbFii
+wNCkOxfQzRUTvGDKuvFsLjAnwoKkBDX3Mn2qbUELK0l6q0598srvnO03NEZoLm5a
+Saz/qvF0M3jAChxzjd8qqmJ8JffWmO9DLCPpYDVT2NG68QSu5hbREle/VZtwVMqD
+IYw4iqyfTwwP6HN/20VsQPxId0Dy+Pjo46bmF9NUHDtSIYIQngkE3EHyzfLI5Fm1
+YHQy5uZNclrhu5mQaYgqfQLmeTpx6BqcIq+pmw92hHzxFslHIv/wFSeEd0zkTPPv
+DL8LIp7kairNy4TBO0/LjLZJOutBZ3afiKWD3HjU0MwDhvgiFUtmdA3Ok5t0c+Og
+vF3y1pM3oMEF3QJg28eiyX6ZtoMYh+fKjSNN2PjKfQ2H3z67FcsgaAg5Suxa8SCi
+Px0d8O130D5uBlwsRkq8kBY/bohC2d/2rjVRedGyGsNAJqER8Kyez+3OmnOnOBV0
+l67hw1rbzOO2MEz8dh6yfrqo7rHSuJFD5yl8G/u91ljkH3STgJaZSx0XzS9mdIpw
+z03lIgymSCRJEOiTeAVgHpBqJtCT6/efKbU0jkeJHozXgCD0QY7xK1MRgTr69ojW
+Tpb0OibL6NyDm5gMq6Hwq/ISjsi0FsGHBg2q0yBY+tepErZH+XMxav7Hb9hcuYU9
+YzhzCTK9HHwk6xGZWvXcpTpxyeSkDjw3+IPV9Zc6bfOHNJg/znebpoEosbrnHQAt
+k1xHvqTfnA4MJZWqhaM9okrP3LK+9V3fJKPQ161aFjBbM9suO25unR+cuBfWV/R4
+FV/fyrA2zpXZcG5gC3HP/Y8Nt2DbIkZ7aTcSKTky3p2puMlxDiBkD6fgHgjj808t
+SYepDYGqaVmJKX8dxGKHyjKfYsdwYuspSKLNl9oFSYmgdUfygeeDGXmqOuGmSovD
+q6iONPyKOH6p+oSazEJ2ZuP6nIAcSoaz6ueGlTATdDYm075K/fmNhEvqNds3CE7A
+XOn2wDlrxv4VMdDFpTazNpTGEo8O9rYUtgVTy5LPWmENFtCvI8CL63qcjAQon2jM
+yFcTgT9YqJpcabBFb87HunyG16Zbb/30PWh2c5UECDLzEkKSZVTg1D2cEcuD7IDV
+8Fu0GZPotOFDM84x/4dQPD4+wjHxqfPXmUNXIpt5sWSj/55uyS1uhEik6pznotoc
+ge+Yps3psIFb6AVr+vTBFx5FvRvILIb4iCyL/kgAs5bfSnlMdmSFN39wLUBZOaR+
+JLprx8Bo9qH25Wc6mmNPQjReGTgQOVIdsIkBaTpqqXEfZj6O+KJXIQ0gTGmAs/sv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem
new file mode 100644
index 0000000000..433445f937
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 2D 55 C2 E9 01 A6 15 D3 50 78 02 A6 EE F4 DC C3 F6 64 CE 86 
+    friendlyName: nameConstraints DN1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID7TCCAtWgAwIBAgIBPjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIFZChS4W10eHwp3smMrXyTluiMJTrq0f8LEx4D63qlvrjNngGxCHt
+BOlFbIH3uKwK24yKHywpFK38bHLyDf+2LoaEYox32sfyeqneYurTGJ4sZ1T/fsZk
+lG/n5fkMlvIU0iu4eOkshyEEtvUGpvdSEg4a7TiadjmsAZkJkgBHV0h9VYaRYvgY
+BnDsTd8MrzKo0bNnpMgiUGtGJB9lB0DmhO51IelaxiyaJUVIsKUZfpA1NPjSboLi
+NLgKhP8El/AlBY3BG190xJ3a5xDIhDq5SRTJ16554PIIwzfE7nvY+9TpwfkYvVKL
+zCOTyrA6VnFwTLKc8sLYKFfmKNEboLafAgMBAAGjgd0wgdowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFEF4QkbNTqiC5+E53/epFsAK
+/O+GMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zBeBgNVHR4BAf8EVDBSoFAwTqRMMEoxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQsFAAOCAQEAaRFMK70B7a7bqMhucX7K
+3AnChP1D8T/CFQUnOWeC/yKAcHbplQf3uWzL52ZJIoKLJaT7dnCuLxx9St/m5aCI
+MKZuIda+85I2WisV4brJJWyZlgLauA0WLZuEswqB0viCZG0vgtWTm9uN6O8Lqua3
+fnM/0WQtcmMMNs3NWN+FTX6SHIu5Z/DuUZWSF0H76jjheSJG2wXn0TJk8RRJ7mn5
+dnDEoDFUpePO0qaOjl1KGov28zz2QGIr7Nq+S0Z3Gk1Z2O3DlgYMeYtqkiMPKZ4Y
+sPDZIABuaSYI1o0ZoFnpLgiWVWbBJDO3w5x6eIS/CueS8hKfX0h7+dIcgQhABleo
+2w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2D 55 C2 E9 01 A6 15 D3 50 78 02 A6 EE F4 DC C3 F6 64 CE 86 
+    friendlyName: nameConstraints DN1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,898DAD8985686C96
+
+QaviycojHWt2k7YjmdYJV70orCk2E8JuW1arD99JAJ5AsLFVi4NjaOuB6HVp9NmV
+ye44weLxzeeU5ngFz6cyJKSeEP5nGdAbcA0ROYPHBcj9oEfXOiVV7cf7LeGyDtaT
+hrl9+fOgepJm0CyQy0cuV8UqYwrd1ebjSNtq+Em2HWs6e0mYxhNJw04xR0zlPNAU
+XYHLzKQuad8bdQsylfk1/+bYVHHtPh3gdXhz9g+lvpJ7zl5Zo9i0kS9X1ov2EriH
+BwrF7owBLgf5J3LJ0xxoIiYFmartTg3JncO6V72hBtDWLQv1sDdsOmBW6kM+x2Xh
+TgRHjvFk5LgHEpRoz8ureAGMOCELGMmYYF4qdnvgq9YM69LEooX1YMmSpLBpa91+
+ZaZJbHrJqLFUU6kBV6aKyEmhSnP19zQCJln3b6R/+PZFRVuagoO0Ybk1byBPegF7
+mxZXhnD+mO9d/H4+YEnuOZC5npuHo5UnLcm6h8eyKvs8c/dceF1fsVZQfm8n7Drj
+/Oid1cjLVPvkN+absGqPkFzWQybVuNOpA1BjBVUUx/jc7EBmEPs8FDqGNJi7hMqT
+Gj1rDU8m+JvkBskfVmEFJeIa38jzooKkcGONl/HeTldgpN0Hn598kvwAqgT5tOaJ
+L/sm1L67ETCtw3SXWO3XJdT7EnQZ4E3Te/Khq9Hu25eTX1pgKt4hRnTZGmuNY3PM
+oS7hwJY7YuLJtDX6R4f5+6E9v9pYGXPZpcMA0UKpXwcMtCHm7UYE92UyOlzkNxUs
+bLzmUbqkoX+/hYvoIZlmXeCZSaL9rO75anyjFZ5AZqj7lUCZGD04NHcJUlmmRzfV
+PozdDQLb/8xwrnCamRFAgJ4G4l4RqlAr7oBxuJOAqOn/aTz+5pzQG8BlSf5NYL9s
+8wRIFNY/YDw533+ZJMb+62j+BXzRM4uSiwZiAM5Wgea6E/wJhDu7vjmrZZOw5QXg
+pdab6gfFiZ6T5DKGDHVkJRsjqwIo3aINelzPT4PROAWft+UNH2jMiyMc4vk69JC4
+Gx0fX6DcXeSLZUEo+h3Df8GgJM8sUMu5uQllRhagjEgbjj9kZefhbf8HCM9msfd0
+ytju6wODE2laIjDYPaYnSqOoqJVDKhdxBrHTfQTUJ3yWUoxEByr1X3UrfAJqxd2U
+CZhe1vnA6QzNN1TfxgpU8zqsPZtblyCbhw4QOHjVhbfzljwHV2usgEdqyw9gH8Y6
+z0v0cg8SqVBJo9uE2uPsZzdAS2OrHyf6EPAjSCi5cjzihb5zzSeD56nhaTzFbs5f
+qXD5LEVAJzkjntNLBarTa5pEaOw75jrGn0YOBnYhlTEGNXzFxayidG70axn259lx
+Fz9KGBStShdoybnnW2++OOmX/SbafNQJYKrLtndQK6uaR7r2EWsORkP+HHJOPTE6
+m+h2BIuk8ow4BfjgtQ9/nrgOB73kdE0ajMwu6W+eaq99AkZLb5ms3B8HU/mjZiuS
+3RMdcqrG7GDUy91iYAFjKgh9yNxkx/imLFm329cQbRPaf2wV90784fKkAOYD27UA
+DZzx+qKCCiN6qB5h4ZVzqg7YxJyfOyVkDeKCeDkncZpqyaG59I4PopolUAaNABGi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..a7940386f2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CB 29 94 11 6F 10 9A A5 D1 7E 8D 1A EB 0A C6 82 D6 C3 B9 DE 
+    friendlyName: nameConstraints DN1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+ME8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR8wHQYDVQQDExZuYW1lQ29uc3RyYWludHMgRE4xIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAyiKAFzYtdvEdciQ58kyp4foxdHez0Ho0jlCiy8aV
+7EdOkOe6I+BAIve44XQywvh4JqZ2xEkYhAFuVhZTpe419Fojtut1pS5p1MiP87y2
+eJ8jRJFMJ/O+UwCRwgt4G0whBAO10BT8ETwD7wkl5XbF5Q9cj3oB3ESyQC4klN5y
+L5lcnyMUqZ8e/fmiJD/M4siYIAUqJzfYpPgExDfxCc8Y5GolybvhVlngHn3mqa/l
+qjfkIjqVbB9qSEbS+vyrZp4+HFKeTxCNMri1UeRYIhm30XIEFVD/c8Z/e8FqykQH
+ZyBeEpwb5caoS8+sPcQ9DN2afMEHfVCZfXyL4P3Gj3MANQIDAQABo3wwejAfBgNV
+HSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQURZ0b7sX/48TH
+MDhMW8ddVJlywLgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC0BCN3q3RD
+IGoq2eKsryXDduFqAJca6+jKE4re+Kmy7PK4f0C57r6za/KQTw3fDgAKPi6DctN7
+BoXiEL4nDtNE29OuuMPMQmpyZZ5MF7H8ZgRrzYW3OMbu48lzwcBIZ3eCPY4rL6uM
+OaBRw7TXMmFVnxsusN+SB0o/FXIslyKijV5ZACP1Bf0OotzZnsiWEkGKP2H/iDxs
++rxLVYTyowtKi4EmA7M2a+2LmGvndpB7u0KghWDL+sKjVa4PK2r/9AiulLL+FJbY
+x0Tal47siI1yC2P4XXj/8z5o8jrYqJFY8QNAl7PO2vNzo6CqXF1QypNAVeDYYCcG
+ysMMqgXsj7XQ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CB 29 94 11 6F 10 9A A5 D1 7E 8D 1A EB 0A C6 82 D6 C3 B9 DE 
+    friendlyName: nameConstraints DN1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CD8C7B701770883
+
+8mw1OmIgu9bYNpdKlNOkfCqyRaTWDwE8zFYM2nzVrvKLVDEnmbQCCQdPWHa0Ny4d
+6DLcYN6Pu4TGFYUN8Xfql/BfagEfKlMD9zen3AAMhRO+hfP/CP1GoadjI0pG0Qnc
+whn6th06VS6PR1mlKhsR915J07m6+IjJUdA2KsmK6yxC3iY/liZiIZaeosOsYR8h
+ROrJ8kGOBPUVhhPbMC2t4QHO5xM6bon3T1Ng+b7UUCH/N7tkvI89wXyrR9nJmkU9
+T5Xb53cf1XC+WU5OmnjuZXGBmnlPTHu55zUNBsFVuiD2F1QLBLUNelGox/MS5BQt
+Nh9ca7140ntp4cU7NFl7CI2hjqRPyMCmwCgpcoCZmqo6G3hXk/3uF7H+/nYEK+bV
+0+lhRuitBdktjwhY82GXnSu4SUUtjsQv+6gXaT5qu2jaJ+i6MNbJie9myqh1Yqid
+bZ4pbO5VEyIcd2eVpAvTohbXYT4iBO656nOhQwzNxvEPAkILFGSwQlETReJlI1eL
+QEBb7xld6v0e/EMH7U7eLQaf3YXK7c3dtAwlEanE6whS7CQVajZD1BeecQ+rQI5n
+UNcm8TZnNm8koJiplSVC7GvTUEJHPV2L9AkIvnG8zEtvuLlUWlCRZnaxGfkwsreP
+U8BS5y9CBSlBtAdYMaLV3kWtDXIx+pXdY3m38T29F0A0+kSCc2vEakZ/XTPWVkQt
+hPz0EU6OAdvEppwsgmQGzAOiz/tLeNg38MBvhZI+gOIKa7tMV42egmm+nlK2xeWU
+j0OmcIBaws1u+x5DT/8NhuoycWJFxH6zjCBupa29HBc34+irHXzs4rYYK8eUZbrJ
+vdUiPMOvmXEfsEyOU6tDeJvpWRjmUAcqmdlx1ccZu/7i9vRxbq0v+X00T/W8iujJ
+yGNbhbPeGoB4cKUSdXpnQznjnajyUSI4GUNkT4He9Fzt2PpgJQn4jLj5r9crlp2i
+f/U+ldZ3vWuqVhZf9XDTPyG+0/xuWq3LcoPxvOkn5kx9N4KXoiGciJiDuaJSdKLu
+sv2Z+qGOyMydYlOr4O47jX9/rKdO2MyayMLg1WbPi1/d8dFDDfmEJEu2b9AeAm+N
+ONudAw8ZJdgfTVGvTiu/O629V95UgJ3iMZu0hNetai/Ned6og/ixxoh/AILDyVSk
+EMEGHcanWMbQ4YlYbsabhnBZaKJMkoTp2DomzN4n/DiP3QMiAnKfUtcytSQngW04
+IT5S9mupP5UVsv7Kg/AWVUXnBdCWJLl48GUnCCPUH4IlMyoz34AOne8K1TvEZ4SM
+qB6FdY+ixm4jfevDEzj6ldu9tpWlxBL49w8l5Tbnzh0IjakdZG9K24nDYf+2uhWc
+6h/3XS+xs+Hf/8bXO0cb2jVldf7178j/cx6MwA86/cBU6N4YTjc9WnPPixceiDG1
+SXbqEavWw9LUo99hb8FeLg1yYOQ0ElVJMCQO73Z2Jfx9QOwjQoepNvQ3CGHpUmym
+NpRPfQ/uFhvfuGWktgAtz9f++LKqCadSGKYw9QDGYyysXfFcSw6GLF+GLoVOQGpU
+F9H+/6jMZrKik1zd6Lq3YVTXpM1to0tUzV2mZj+aAg2A6trIGkiNFEWbkrAAQ6Qi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem
new file mode 100644
index 0000000000..fe77c2244b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: C6 87 C7 50 18 D4 BB 30 CF 04 B7 F6 50 45 7B 61 30 41 E4 B3 
+    friendlyName: nameConstraints DN1 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIBBTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCnk6DcIUFQfwdRiYfWRy4EZs8bttqWQv2K4Jtx+hcVARrTeyf3hXCnRZBclltV
+x7k2TZQcO6kekgMsxEZJikWB22yP4V+DPt/84pZJa9w+KIcunpXz1ssAfAGav2V8
+XgJHzxhd7UPLi3TAhlRR7n6WfeALE3al9cITYH8FPUDYOREbhLGMKpedvZN6sZPd
+gPVHztiKu9uOODKJAC/uuaz6/arV+3i/tBTEIDCSUWT55Hru7lbuWURShmLgzwCn
+rhnnH/j/5JzPX2/TQtIJFAPVJW6zf2AAPLBf2KgwfHRb6f6FqVDjH2KZUa1Vxt6b
+TUq2xWzJ+sZIqqNU67w5RirpAgMBAAGjgfkwgfYwHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFOE4DhQYFENczudLYscawZL2ZoLqMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zB6BgNVHR4BAf8EcDBuoGwwaqRoMGYxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRT
+dWJ0cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIwDQYJKoZIhvcNAQEL
+BQADggEBABBmPe0Z8HrHPHka4JG5rGDs26rfKj2lIb74k3MJsuytdIUeqbFdCrH7
+dEjwAs+UvRgDDRFVWpWpHG32lk4hacMLHTV1zcl6gcdsOubVXfgodDLaZnTMtV93
+NV+cGJohowpkmbERLZDtM0/LXJWFbl+BAALPuJ91QwKdEKkImTBY63U1A4BKbmTd
+WtHnLgJjYC0Z53N761u7cwfpvxL2IQDKmFNHQI6dMkdTxSv5TOzPrN8A0jr63hg4
+D/QBm1Am0fddg+SNx34qbGpGgBorp5pPzowDCQWTJU3qbaJ7wTYmcWIE9uoDmaJq
+TaS/SCkPfhwzOPyKNt7KnKIn/acNHOw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C6 87 C7 50 18 D4 BB 30 CF 04 B7 F6 50 45 7B 61 30 41 E4 B3 
+    friendlyName: nameConstraints DN1 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,878F62637E80B8C2
+
+SV/ST1+kWuzYixZC8kPSiVyzK1EkiPKBCf2L4QZfVVwIKTyP28lr9axgdCAwe6Kj
+R3HvZNoXePm8ksVi+Y/PyiU7cqwROMw7AW5RBdw+ujh4m/5OD1ZS1OyR3JpbnR8j
+ggYzIvwuTXr3tiVS/4ZroMYCMoBqrm1ODkm+qdXap22HZLpK3MBsCHTJ034iRdlU
+ZJK/p3aDS7ZrMJfn8u/PEYd9UiH2JuOx3hlrsJ+8yWayQ14X7FrC8bbPQ22OK5k1
+lYh4WHqyBe4aYu+cicgLax3Q+yLgWe6k3L1i2gfjQE0YVy2rU7YfXDIQNd6E32pE
+zVqeTIiQc1wmGrcCx8kTJTWKw5nIOyDDTq8BxDd6tLZwVEgczhtxF6l2y1Rck8QF
+KLlysLKd3DD9sIf8b25wxQ23QJlf5xKlP5qpkQYFqr6ygh95TFvs5MAVegA/Vh3m
+siRB1KwzaZnwnQKAmh9Nyti/Aa1xzFEqAge2JH4F/XukFiUfsGPsOBaH2DjsU1I2
+Ovc0brxyYfTxMrNjC2D2r7ukkvpryGAxRMgt0Jk9Hc1VFoqhpxvHc7Tf3KK5h7K1
+pG4u4T6lrAIpJKqLW+NgVXTeDNrWUs6ut2yoYang6wPSunudN/nAKwFJTNBnE1Oa
+pfzmmqsuYUowLY3NPfLBW1mltbE8WrL3M7SbugD3/Z6z9dwuICljwRcZlRKlzf8G
+swX6ZlVB2DJ6JSf+Uyr33tofCewgAGF8g/nFK/tDG2r1PdPavDGf7lA9BWUUD0MA
+WujLOa9+xn5IF+xu/9SNz1mAyptLRWmeimPzYvx0v7Yq14VcfFxNV2roH1hLH89l
+y0AFkZdKZzIzQ8Hgz3xzRAJKJCyeUVH0PRm76Uijxcw/7ZwjRTuEkuISmz+BlNEc
+sIgHnuAi4zZFp5blGglMpxCzx7dSngvXV4bcoA+iP3sCADo/no4/wG5ZNbBpRqd8
+BmQwpaQgpcFceV0EIvkG7p1zUZg/AD42Acu8lCSY16V06yiaGUMLNIYfdicCr1/K
+7jm9yhpsIvMQEmUmKA980rR0PjoQ35KKf2BUYDU5cBTNwWiZe/1CG3IRXkzDNwN0
+nPyj2/LW0bGhnzTvUGmcy5VfXIbDMKLr9FeKaEJ6696hkq7meEzbVHcN/SqdbaZ/
+dpXc5f6pP+Zu96c7hMt2w1P1J0tEqI1qa5nhFXJm04h6RlNSOesQEbSGIklnRSfx
+/z1jeUjVD9QKqaHQ8qKJcnj5i2GSOmmgZenxd4cjfG3sNwUU/W+6XUhmZBZKSg9e
+G0u9jeAeHGcuno3z+dayE5A1p0w7RpEloDp+401lTtDmbmqTqCQYuc4fhMjrfsqJ
+anro3XJC3G5R9mAcTxqVE4E6po0/JSYmoielNfmygL3pRa1BUtvjIkFubDnt/XAh
+9qExwWUiRZMaTYhoaSksrvIV+C87ZMwDr2XQwb8LU/CrwNsfOrAKdpQxVb+IxFRd
+7NGKnaGcW6UkbKzW75UeeK2AvDyF4eDWWbVsQxfll4AgzWKXVWeVY7O4GXaBgo4s
+Xby/2ufPFX9DBac+g9uSLHlKlba67C3ZVtfblRy99wcYOXjcR/lUcjlZ5ON24S4a
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem
new file mode 100644
index 0000000000..64ebdc93dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 1A 1A 6D 42 92 3A B9 8C 84 27 B9 AD F9 B3 53 39 28 3C 4E 3A 
+    friendlyName: nameConstraints DN1 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDYfm94+1UckIWrnwOecmHcjFD/KNLTJI62cn3LBu7L+B1RsbKRqB/a8NDKnSjd
+8LaqxYztPgbS9ll+67sq/Y9DTSGTep0wFJwJS2n+wBTu88BhOMwMX6JjyCFSM9a6
+1nzfk7X+mRGpcSyeqVABl173PxPFfyV2HSagyqLtwc/8uouKrdhcTFgTzsyqOBzp
+f4+OTB7XuXt8hYdgCfNlPbX2g8kH2Db4Lx7OcrJgP9Ybb2pQZQ7TiBRiK0EJa/WH
+hA96xmvR9Sq7lXnsk09f3lnP3KPeoPfd1wN2rRJ3aMl63dAbfBEdzX7T7Z3RJz6N
+bdndTYyo4SKwmO8kknp28pfFAgMBAAGjgd0wgdowHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFKIvWINbTJWXt+72h7SXDuB/4JcVMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zBeBgNVHR4BAf8EVDBSoFAwTqRMMEoxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRT
+dWJ0cmVlMjANBgkqhkiG9w0BAQsFAAOCAQEAwEwa9JZVYlDzDjZFQxuAlxD/pw1x
+by1ylmOBJnq4eUoS2fwEm75O7lQKQmgvLnWtvy3vnrocTKFTv4jSYldVGqT/Un5N
+aopCuIiH44Lr7z/daBQuSPsWPvtRK04DrNXG7BRj6bubn+DdjTsNT+V7HaFwBm9O
+8QFm7V2T7NmeElnxcasfNrk96eHgqMyOt/nEuvklmA5pJbcmqOootaIkaPfLlvlC
+eE4BlzmDApxSsQzHGHX7W3l8Ulow9BjylZtRRPZ2uM91kGattzhMF6t2dZr+ey2C
+BHze/rS2PoFqCFYyRyTWchqXnifv5dqV775zO8AadT36bE3vsRzKogXLfQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 1A 6D 42 92 3A B9 8C 84 27 B9 AD F9 B3 53 39 28 3C 4E 3A 
+    friendlyName: nameConstraints DN1 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4269A2ECDCE2090C
+
++Qhp38Vagkg2P/lTyPzuTW/h59JEkrNByCVkqduIDtNYw4buUpCfJFM5HE51KH5J
+VeznQs/fFq8CHfCwNCNWuNzxORfdChC3B/yzAZ8/orcc64FCFu3+b2FTmnylZmL9
+aDSITryOjY65OC2g50LsZDmFIGEIDgh+z8s66/1wa1MtIJNHHPZK2ZQeXLsHbG4D
+n5ppN895s7tpvnSTiAB9UacY1lVw0Lni1COPWJo0I+83r+T48bCZ0S0Fl1nGyiiW
+/RveZURedIGL9j0bmsFeS/Ytj8begiSOCCvch2ASkWiH8FCPWoU8mWSYG8AzhVJs
+wqApVKZlLywEXrBzdMKY+8VCYXluvLV574I+sQXe9+C2Lz/MsL3i+4mNzKld/NFq
+SZCKFBiLAGcc10sN1j488eIWubUokR1FyYnRRnh2R6XYzrfHNOiO+EVvPHIVISJi
+MmytIIR0H6gQwgm9BcWTORI7P1ZFUawghBcyuD+/YnwZw+zt8iaoITvJH668d8o7
+r1v9VmJMB9UqKkiG/CmtMtV3mn68QzuTR/DEEBmDM/OI99Cc+2o3h36fvJe+szsX
+LPknnU1vaE/5KA+skvdHL36gFZ7b8nM//UZGtcMSkPxa6utv1azrLBgYjuc6wOtu
+nDr2tzovOIDVNj0zdl8+OvSy6yNXnRiq4cQMZQwMT2X8nmeBAUPmapZYW+4nhyc/
+SZr8G4dV8YBySbM8a4KIpLC8ziyDL7LGdOdCteUudB2RmFRSy9FL0ZJZgqWfDYxR
+CbZ3DMk3QI7vl09iAiOJKhwCvk+iycBI5Oa59UNs/YlQWI1I0U58Mgp3NQa6Ug++
+9+GgTM34nFn/VBBdH3VkHh4UL3QFhjGvMgTFmgt5f5tDsXV0oFbOEjBUS7hozXvZ
+sTMKJgcrxxKT8vRvBkjlaF2ypP5jiZwkx/7mrbe2trlJb1et0Azg55/B9wxcsYXD
+RKgADxISTvWykWIr28PMdWaDCGLfqx+RXNc+vEPXZiIKMWL5VGJ7m4gWXtoNOXFO
+nGGos3gbk0wNWhEENsSia9Gs6MQVngjz+6O8wirpVGBWm2oWazDf9M/nTZ10cfIB
+SVgMJpt9IUWVZHHyXwrp/vV5cyv9xoScWifMrAuVhhUYjEpuJhUgJeZwlfk/BULs
+iPCxdonnsT0GndyE/BvPNrIxzKOoLH0SIyjnw1shomGVtaf6yNMwSXJ9vCoSos8F
+X1zkIFPCCTW09lJZaa649XE5oDyWyhNh5qb3PQXkFGLy041lWhdMI7yHPcIL4qfv
+GuKbUsfv6u+PQ/PN94dHh4zO/V4WJCsEul1BpGlWPWQCcFE+e1k4j2pLhH38N+QH
+o9nUmSR6oM+Xy9erc/VXzwdwa595q4EgrUhBdcAsUzIS9NeyT6r+VrJgs+ZHFpT1
+QxTZXtizI12BJ+rsMgvVTEnp52/ve2R89NEFQ5arJWd8oOlG2LY9WO12QrmMqB+U
+odRqoXsHqBMJzd9rONGNgqYKnDWAKH6yjMWgYBlR6o4/8g2LaECt8F+tptPjTogu
+smXuFPCz9LAawfCVdJQojHp0ZkFwYZ8g9MgInrwQ1DPXKe6yeXS0ztYepn4Slgf4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem
new file mode 100644
index 0000000000..7e7e3070f1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EA 66 BC 04 84 6C 50 5E 6E 12 E6 29 D7 74 24 BD CB AB F9 41 
+    friendlyName: nameConstraints DN1 subCA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIID3zCCAsegAwIBAgIBCjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDELVS/5i1Vg6yF6gHTSfiiT9ULjd1sFFXz2fXI53H0P6d4KAs6CS1swI52BA/X
+H2sg3RRnFq6bkwYtkGdUBBLEoIjduP2ntNzeUH5Z+Wma9XiGXSmpG4W9rkpxYB80
+6B0H6sJ0wkSqWjcCLxsAO0E3xDlkSZIxLkSTeXv0KuHwKC/iqQk1yrjIrw05qhWQ
+JcCQRWHyovQsIomY3TXKrCzZGdlVzX0wBiu/p4uzgo41Fg5OCElt0ic6D7Ds8dsN
+DHANWBy8Soo6OMdgtH37U35HS7r/YQRKuxqRrmrv5yRuVnEYHz2oBA2Qdzemb8or
+KeV89jjvkZOqhw4RYQBDlKyXAgMBAAGjgaUwgaIwHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFCdJ5ATZRfpsmJRs/O0NwyRSbVVEMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRpZmljYXRlcy5nb3Yw
+DQYJKoZIhvcNAQELBQADggEBABeREf5wmcEhE5n7e3p8axLkSf8m+dzgp4ibNJz3
+L/AHhHQOSWVpz6w/4qerFs+ZpQPkt6SdPYmsyGSQaw3hEYZ4mKP1wYIRoBNN9iy2
+TaZsjZKMPdqoDUoQnBBXdYOOaLgOFfYaCD2AJRGbZlOqTwPZHHFrATZJrOfaXfqf
+Op+6XMfwflnRs9wt+2E6URRam/o9/i95MCysxE8FIUcFAzxr81UzOyWXysKCN2aw
+QxbWkWOlrjnA4+oTghMtR3ajzL8F9ryk5PYwDxpXinoGuTNbAfA/y2At09Y8v773
+CwAw83sKoZfejzc0m/+7+fNhJuaG4J4C02v2XlafWYAvY3k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA 66 BC 04 84 6C 50 5E 6E 12 E6 29 D7 74 24 BD CB AB F9 41 
+    friendlyName: nameConstraints DN1 subCA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F8DB07284B0B15D9
+
+cX38pViubeCOwGjRlyZQuL7cMJNmDlNuxonZF0Em1JtKZI8u6wHOBd1fU9Auo4vt
+vfdQ2H0Nzn9zOt5bQ9ZNlAGyYKbyZStriCo/Zf7gxL1mvXQyOZoGHKYSG86HxAuC
+qtQPYyeAvwzOlXgAtHF3x4drhFJto0Zk5jwvYmT/Oe6wOQ/UCFhxBomFnHNz75tR
+yOky54EhM9dX0JFcnECnkJhzJDUmVfAA5fHKtYFgbBXMeTIXe2KScTofsWuPGn5m
+MfAOaOpb0L+mUlFnRQEKFtawADyAjEAu7hvS/8twCF7vofBwfrl3+l2BB1f1NNde
+XTWEFLSpMCGMUaHat9tVQumyjEzh6THPq+Th1NJ0ZfsH2JY511aRcXrJH9GMD9QS
+iHlc54H9Zp7gqYSbC56Zj1kV5Fq4DeSMNbDlYAOFjQriRq6j6gv63jlim/taMA4f
+pamugPEn13SW3TtN8UkFO41jZ4G8LUKDnsA1PJOVe3uzTd/4HVNBurXuqU6667C+
+E/+4OqonJGggY1W8FC1Y/P5qw4KcrlVFKZ+tnhoAJ7zMXFUvZkru+Es6/zsIIuHZ
+BTW/Ki5sBLG0BjgxBGfFiYvXOHyA12GFSEKnZJ79dLsianlQW6PXLdaMRMoAQtUl
+ojO/WUXzTfwfcT9X+HmBByKVXVbgFDQOLmI0kCO8jQ5p9KRDnKAQwaYGFnza0/Kl
+J7SGMMXruPzjkuAFt6GJY3Bght8Oft/sAM1mRxu6hpNVlonoKMxR6h3/vLqlQ98I
+HsglCKhJsUUwoKNSFfeYmUBDoHKD+n73V/WZAwIBC4uOdKy5RqRKmmddK2boEu4a
+7l0z5DEgpsKQiM9d78h1juE/obZAc/VKetGmE9aYTuWXLVwHbsmarkC7osY0Kft5
+Kk4BZoJWzf35yd+vlMKOaRrI1+XyHMXKpPDlOTwXwkLQ/mLPKbLfJZ/UjSiQv+aK
+dfMgcb+Gf06RjZxG8WM9mLApTF8xgna/G7UlZ2o/oggl2FFmDgtiwvK6pcNfbR5C
+hOKnDLFsFM36RhIow7jWE2OaJ6BF086O/o8iuhY5t7+Bdle35TrviqE3P726r3+C
+Q83JWKpNT2rP/BlPqyi8mBF7BuLttCgJ/xU4s5EW6a8hfB0M2kQMhFkSqw0oOeZa
+fJgdWL2jGS4O0+sK2Mb1/s26AC7ZFYKEpjzkeRl71/iNXB+vNlPoZoLvcYs7g4EP
+0ruDraCADs1+3rgmXeTzUPj3KAIUQwMk64YEosnj+oAF8ub7BNV0wtg0lUj1LIIf
+wc134En4br1fZkB6OsOWUgHwiwTajkUs1oA4ZnnJo1xqpnx20145L5val9CMluus
+stJlbZPZEAWVZezN6nKYeCD2EelGPMd9TYTy7DA/yH9qtEUb4z+FrMZVH8kPBSzV
+b5wyq1UDxDugGwUASVtueVUwnRB32gWoNAYLtO5sSdD0IPh/769yDKLQh3dw4wt/
+vufSZ6+dfaCsBGwir06luI0wA9DJRqSML4Sd5p0RKtxsZWzFo9uFPmLjQ0/w0AFk
+wIBOx9lcG+9MYWrz4T1Pizk5oMkr4xeD9W1iqL54NGJcohEEOPHvr2ng4UF81t9Z
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem
new file mode 100644
index 0000000000..4cfd25d98e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 19 EF D6 CB D3 A7 5E 0C 9F 01 8D 1F 2F 91 09 CF 97 82 BC A0 
+    friendlyName: nameConstraints DN2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIBPzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC+uNFCmZxvCnJAo+o7l2d8518z7l5vjF/XBRG+Tdve0kCfVGy5A60A
+SlhV9UvADeYGeYaUdz3Rz9XFRYWClMFY320x0AFalq4154wBCqF4TkQnYBjyNqa0
+vLgVgSDidP2GaO8m/sNLn1fGgEjXJ4Dia+MzTgYPJJrD9nuAbEJdrfaQhGutvPAi
+MY8kOGUxQuVipV2OoY0N1mcdrJSHDD6nLeDF+U7Sac+dGFv5ip6Di8n5cLliSXjF
+cBlLx9LepOF0qYI7iUsHyjql/Zk1SQ6tQziobs/So3sXQOAI4tOfQFfNCoo3XVjh
+GU8ya1aLaJ2m1nWIw2bLXcMigGGF4EUxAgMBAAGjggEyMIIBLjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUo1fZW10Rs2D2AGuJUSuC
+wwlzqHswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIGxBgNVHR4BAf8EgaYwgaOggaAwTqRMMEoxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQL
+ExFwZXJtaXR0ZWRTdWJ0cmVlMTBOpEwwSjELMAkGA1UEBhMCVVMxHzAdBgNVBAoT
+FlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
+ZWUyMA0GCSqGSIb3DQEBCwUAA4IBAQCXLrE60g7rdRWgaKYMWCgs6s0i25R+9SIl
+U4UNeepOEONu8pSbj6uUrtGdqPNTZ7HIXzYQ1mPAvz2gGM/KIfumIcZn+A6ZEwEi
+9UdHPF29GwEv4hU3BZ/QTxORGe5JxgJY5be7PCVyIr5vMf7RQFKX0W72Se+SK2MI
+vPosq6Iufv9L0rdURTq5QKfPXwq8WbnDlDzwar0puc4yYrqsmxvBfDN+9Z/z7gM2
+5uoL6hd0D1U/Vo07NNky2i7giYKrUkOBEW/kVXWIgM86ydsQAOsyiIepJTW3b1Hm
+gxUGkn20eEftf/QXo6gFD/o0l5dRXSu72Kh8UdkcJO4alD93qB04
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 19 EF D6 CB D3 A7 5E 0C 9F 01 8D 1F 2F 91 09 CF 97 82 BC A0 
+    friendlyName: nameConstraints DN2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16772D615E954514
+
+JOX8UzOOHGy8yxYErM12TGYDaSXLNt5LzZ6s2avjGWygxrEFG0ffQIwpLFpUy0iN
+ytHlkT9b95kizmN8egDUFKPfnkNJgbZ+8x9bfSWMp2MWnIypcxRdeijPj4Sfhcdt
++oHEQ4XPxlRgvh97yu8mNg48BMvPC5nSsd8oasjIxKra5y/U5B65H6knfKqqkCjn
+ylOoagitE2XZE4ScZ6EoXHsGTgPwHjQT/k76WDibP72i+0I2lcBUHZkyBU71iqRR
+q3KLydGQKKl72J7ATCY/jPVCojhRjaW6Mlg/UGJZCJWQC8NI5CRUWt+8y4d7i+rp
+98yJVogfVlVqIC7DIdst3w9MjNVMGIcEn4T2grg19NrHZs2LaespWP0IsB4Z/BZ6
+4GHFg6wRkEBY1b79wZX9ykO34CbPr0jIfHC21p8/Iyy1NuGHIhS0EhkBffDl8qgj
+HJch+e+XolU62jZmo1cwUSkZjGEH3v+Ev6dxw+sVug16x1H7bccE0bREqEIrB3nR
+r5UDUu9GQNI4Yr1C7yJ1WLYetUOga4n4Vbky1pk+31xgjzOgT2xztgfNMN+WMMMG
+rbsFXxLLGblgd4YEaqpSyCJnkjdWjFLL5tOVa8BxWMyKCl/ulum+SZjHWH1zZtSP
+q8A9l9nuJ9xhDfrvbQiX8MJOkvMhaAFCqeULZszpIk9pe6ym5ULGKBCVycFcsByX
++wWrsOt49fOrs2SrwMCh4R+5tNJmBwrOZCqQKCtv2BL0T+14dJ7BIwCgFlx5y5n7
+gC7IyHS6olm+MSsFFtv9q70CmeUC6FEnoNxjD/HW19XPsYUAMJ57a+DMrZDQfo/w
+0zC6DgzNk9saC8rauIxA9o7pII+ap44tkwrrT1nJ3GCYBsjmB8kvWCwwBmWpVc1J
+kjbu4xP2JBFv8Eb1OFL0tz3unduddqDHVUC3QFEBZGxAjGDdspnSUA5/FUo0or9v
+f4QeDyuQ6npppqmkA0N6d/cKkR0EmACo7siD7JSxOJ/XwIqrKurDf32MOxlOZUlj
+EuXx3PJGH9CrUQGaAAIeRBxNePsUr+lu5Hdg4eFWLU1JFy59OGLplzZo/mwd+2Tp
+gJ7LYFAyTUQd2XDGtVt+1eKWHVNTs5RUx9bysVu7A9d7lrKlk5AnklryQoLrsrKW
+RN8ne3JL/ZAE+CZE63QuRr7bigx58msb9qcoqnJHlEl6tdygHn5k9iOBLelO0Pur
+uNwYl+oUeyGaXOPck8ijIJ+arTZDVcVJ18/ArcmE8EMyh3wzZswxDem+XY744we8
+8MquD8vzL8c9HUidDlCD2rhefmkorLf9S0hH7xOu2ESfUNFJ6ubEeSeQ14L8/YfA
+omNkTlALanYMird55b5/RnEPRYsTFSqh1+rJBdEFUCSDKnlq2GoIR+UcoKzy1X87
+CLc9rKYCXHAQ1WiHKa2/56fq2ltge9VA6PRAqCtJ0tI2tRtfu8FLzNos+OK+plAf
+ZxPkqYd2FzZNqeff2nkNm8FHPRVDqKeRmsMpitFUV80L/yv4n749uiSjgJylDliL
+v7ANl0pAvWzifi5f9qwm6GiQi4m9CM2Mwiy9d8NKiIkvqStHm/nJYCfiYLY40tqV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem
new file mode 100644
index 0000000000..c6f95236a1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 18 16 77 27 41 21 D7 CA 9D 33 9F BF A6 19 A4 01 81 35 09 B4 
+    friendlyName: nameConstraints DN3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID7DCCAtSgAwIBAgIBQDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDGcxuyIPM2Ih2s0FbK8O1gDt0zWIuExMS6mU7Sy+BgUCD9qstR/BNv
+8YYUtepUZyztqonXiNY1STW4FjumzN3+izaIH+9Ji6sLrc3F7U+G/N0mzungENbI
+HzE8xMOzNiChVZOXQuU8S6OhYn9gQBRm/xCJlwPSaymBQz2b6j/hwQJjzQG/pwWb
+hYhDU64Lf4kDJ0MENkc8wlcyUj2dHEfc9jq49W/5FcG7Gyhb8XUGQAasV8mnc+Aj
+hKwliqg8HA6Um8yXpRuKBv1pSvq5ZwnE0oWSntnHKjcQHvRkn8JCIE0JYaLwwx7Y
+ZSCWux3o/bGAEE7uZdS354a4MUzK6PqbAgMBAAGjgdwwgdkwHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFAbcW77HEjdZpIpAdHwJnUU8
+SqHbMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zBdBgNVHR4BAf8EUzBRoU8wTaRLMEkxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRkwFwYDVQQLExBleGNs
+dWRlZFN1YnRyZWUxMA0GCSqGSIb3DQEBCwUAA4IBAQCATlxJGDbeYJueWqOhiixA
+PfOIc2ZXmtoWkeJv2l8Eyoy3LubjUgrpZA62jOvj+0irrrC+Vd32gO8pQ7NYBwpm
+gBqRgbCKhPH7U1Igblj2twEZozkMC0BO8YLfzXngKOIb7BJuuhG8KCMVPVtu9/Xd
+Abov5aS8tJh0cKfi3d/eu8XpYsPtPQkwodpKSHHXFZTJlYocJkVGdDIO7cb/WfPj
+pVDkpZdRiX37Rlk7CBH+YddypFZhEnGm9e1bgKmF2xgB0MXMfWndev7XSO7m+KkP
+h4yxFJk8XE+erQQQGxWc1RMEsXTppijRrrpqirF5vDFseW9U8C+VE0VtFxFkxlqn
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 18 16 77 27 41 21 D7 CA 9D 33 9F BF A6 19 A4 01 81 35 09 B4 
+    friendlyName: nameConstraints DN3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6542BAA527CA1F84
+
+VnqjOjWVB6/8sl4/GjdA4vPe5EjTlxeppx2VkllUZHklNGNqpKbgrKSKKceNOngj
+GotRlpezuNh7kC2LlJgxf7pHimRGAMBEvbk5v/BkYjINVzHN82CUYfxswJclu8uY
+Sqw+5qBWEkfpHYfXLM9SK5DIgIcWzXGWs1ZHeriBF7LzqDUbcNC+V2OmN+tTGTt1
+1W1rPHhVsPqKn9iAHMhzqPAOtZafOKNZKcT6wNXjMhstmNARsv/z8o1kFTTjJdVI
+hnM2ve0XYcZVGW0oaoKGcv0IFsYTtay/2KMA4pr2deC8L5d8pPgXbihw6DWzSnD4
++VT2ehJ2vGAdZp0wfZyjFhoIeaeM1QMuoFdcHqzNJZHm34PSzHsuV4D7xiPZ789M
+ArnY1lVuNrwSRvSb4vnbc32Me/MqzCoYCcvt88uZC3Pymr9TbhcvbJRCGUsrA/EC
+nJjTJaVOhtnurdA6peIPN4yyXVBlG4sq8r/tdDPOMODmTT5UWo8lI0fuI1RtSnT6
+OfFGGgMlwMgn0jMhxN7M2rjX+14ieVlNI+fI7wqoPMpP9x1clj8fZxL0RZZSToZ+
+0RKIFGPh6LqC0P6rUwImPAas3GAKiSH1WibfQELcht41qapYQrlcWtwVbe6c72A2
+9L6vINSHTkeRjSLa2M4u2rm6CJOzCCtz6t6v3AQpkdFa5MlmpFTyDN7hn5VmAXMX
+HTiq4Wp9uhQ3Y6w3XEX9ubVriEzBQEch/gx1gYcOkHGF2KB/uyu1rwk62KaxUNcZ
+fx9/uD2scPQq3qseo7XM3+9LMXsUxxnEeoWnLKHWO+fBbloVYduhHNZEi/r9QZ+U
+1HX6cd3LeiCrS5gVZ/GJZ7g7qJzKoEk9C7qt5Yon6+AXsE1l1GETlfg45Jg70lyN
+lJXGuAjFmRTdW4ijf/CPmqZQe9WWUe+3VowhwmBL1Yv5xiph8kfvy3KxpIdN6qOM
+05bQ+hSOSVQad9SWXr9fYi3o0JXMfAyptrydnG6W5KHitvHNx3rnY5PW+G+3qPdF
+fCiaPOioPwfVSKTs+pcrUqq98C/7wL7m8PJ5I+MmNegajlo43j7n9CKLlbl1NdnH
+RlNUI18+J4bVH0xX839jo9hil6ZIJjvs8BEElLzy3yxLN3+vBNdX9zuvu4TL5+7h
+zU9HNceug4VDq+25AoqTWFHbD4Mi56EAD4JIt+ShGvVoJAo25vZo14pasRmbINzt
+Pm0HvxYQcoDNdtif0sSxNZTQbUdCaojyve207XgRVGFkOyJeOsJbwxCWehOxN77f
+aPJgTDeB4sqEX8//12AGRlAUTHG1VsXzvHgmLJjQsZFAZD3mlqB3BnYzwRmH1x0/
+K48OtW2N6W+Nh3UhIy/FMXngLBbZk65wBFmXqoSwjC/Jk/Jyok9EVRkoaqTb/zgR
+ev2llY82U9J+hcmUoMN2Adylt7Ts4b3m1XJiO+vW432L8s1jjPaHLWnw+OolqAel
+iGRQ5rBJaD9Y4W02P1erYIRgOeIBvKaii212yGKMMTTwU35c0o/cKaXrr93tHgph
+YL1BEknREHg3KkmRSd8U8YKe8eAOzHHidQ9G4pmUSbo1hgds+t+yMgVMWzcXKvVP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem
new file mode 100644
index 0000000000..ecb84d4733
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 75 A5 AD 55 D0 4F DA A7 4F BE 76 2D EC 06 C0 2B 78 4C 04 91 
+    friendlyName: nameConstraints DN3 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIID+jCCAuKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4zIHN1YkNBMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAPnsQIGHFaqj7j4q4DsZNAUSd/1bjxVoJE+G
+wqa4MeAzBStBHuQAiUJ5PzxiTWtiUklQWrTqssx5qEAjUh3xE/muB4b3N/+v/A++
+oeolkUcbaCGqRUr8pQA6aYQNZJr3XON/6VOrLVwkKiOMAO6Ur8BZ2S08I2r+38aG
+b23AUyGQB3sFkn4TmC5eMSsY6SXBvr9bqsXJiT2DuORbB9sk8Cy07nOI37rO13el
+/51naQOf6/3S7HYYBemL6pIVynu8fdhmzZ9l6CHy787KDMOs+QJINoa1qW754QwB
+wLIINtubz1wMrgs/DWpx4BwSidD+L1bGOmTaFrT63lHb25NswAsCAwEAAaOB3DCB
+2TAfBgNVHSMEGDAWgBQG3Fu+xxI3WaSKQHR8CZ1FPEqh2zAdBgNVHQ4EFgQUgLzH
+LveOGn/xOHv0Nevd6VjGPFAwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MF0GA1UdHgEB/wRTMFGhTzBNpEsw
+STELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+GTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQELBQADggEBAHCI
+IAnj/BU0M/5JGSoDrSkxi44+RGnAKP/18kgU9hGMgm7GBqJ8rb1azbS8l6u6GW3d
+qPyisyXvr2ZBL3L08mgkHEJgRh81KQ4pGID6RGghB/DYWfpyxetMuGjQnkD4eHJQ
+RriILKNU1JIUEdF/uQSucYCnR9tF2SKvRhSMvQipNKTpHfQ+utig7wIYvFkmc9Rn
+4kyoAxjoj6IwdqiFBtMoePG5R9xk3nQZsjTP5WFS+OyNc/xYLMXh/eQ15C+BC4og
+1FGFlcLSCI7tvgKYXk/kpWwv4F2pxsvjBLgZq6IsNbCTBNxxNp+QOID61Xkb1U73
+cjSJjvAqxW/yqlz97bY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 75 A5 AD 55 D0 4F DA A7 4F BE 76 2D EC 06 C0 2B 78 4C 04 91 
+    friendlyName: nameConstraints DN3 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E34ADD6471D8898A
+
+7sPFSxXBOmlBeDtJ1BQOCt+i8p/KMgAfLm2Tc5EFeRYNfZgZ2xZ64v2rb43aa/BG
+4HQgzPhHcnfrTb3nS+HAzq4Kl6Mczsp6HKlH5i3MFncAjBIbQbaRBaSOhSX+lw3L
+AV0t0CV9vsUlolls4ahGQbwx6JrsQI16+2O6WZnjnerWx3oOdVoNVudc79LJvj9U
+n6t3+1LO2VBwg0sO7tTzO22h9ugLtDccdtF1XGog80mrUXxGQH+ccMwE61h4By8q
+5+XBnZ7h8trq1hmgp2c/QHuGGzbk0m6txz9B1gtO+X/hCI67uYB/P7meg3OTyeRQ
+ppCrbRiU9xUb0r/umlCFGOwKP7YN/V8LAMNDuOYb06z2SSypkoD9op4twtQhXkur
+1BIbSdmfmSJmBQljEVZop9XMMfwIeZMwRL4C3qUH8iO71rFTotbhdapqTc+4htPZ
+0M2ebzFCF67H/PXtTkk2g6tb4o5qmnc7oaYGtuKgds75kJlxvgxJtzvMiy5xu5iE
+zKzM5qmLb3kScb7gdte6mOuyrFW5Hm5KHmCsD1mpkoEJckxM+TEmPspcfn4n26es
+uIj6FAVL7qxNTgunjbl6amWv0V4fFyL+d7Fc9uQTJ6nms2pKxzSIym1R2aZnCZ0x
+EfkMDlmp3ebv8gnWG5svqtt1BT5laTuQEFK3CXtizWwJLHGbTAdZqngR/EmamnP2
+d6XXEbNp1ZmgHDFv+2aWhv2djy0dqZkLAQnwseYR8SD/LF9A5NfhRePExqwDBWPL
+De/Lm8U5PjgjfAWlYnIA9Wnt4p6Sc85/q+agl6UKYvMdcgvfPr8R5fVJNStleMd+
+2IOwbc4nqpgATB5jziwhryxqiZ58DjlnLVc+0sZeJq4ptGTVIEzF65UHF7zU84yZ
+NSMyaa5NJkAW4Uzwv5a6VrQvigBIlBg1BYfSxqhFdLrbaHADFmcqMJQ7mvIME+qh
+sWHLrreFAZCs/IbuWl6WtdBfVl9AAu0z4mtZQAvg2v0XesPKuqN9KWFTnK02qa/8
+gs7j1ojjrSvPTyzYXPJmZk8HP+wbYBrTmDFJtPqLEJVv7GUg39rgiP2mnvwptmBy
+Wk85arNyHpqR4H/Q7X7kC5KB2APuUwQOGXr2TR4vgHzYf6O8pQt9bEMlwshEYm2S
+LXYKPodDQQtMvK0oarZS/FgnFGr4p87u/+ojhd7oB1WsEjVR33hQnC4W3QWSbDSC
+d+ftoHr18A16f0VFdPWfIZbT8cA/CM9u0a03FGL96tNKFPs3irhuLDxmld73Ai45
+5Xvs5xQxF17471ipPc0fW3esbEatNECqAZr8RkoGzmsWNR4w25LNR3D7KhGRYJ7h
+DA18eKlK8jtxhKc1+kb59DgbaN2LpRS+lpNS2BqrAWKCkQT1RMGlPl0ODJZYHut5
+fiDXY5LCEHBE31I5LbqlrRsyRJ31cW2r/O6GlX1XPnaiOZCRi/WtOyRfzkOnjdm9
+Zf3IZV8t5IMSp9x7cYHSzh62pveR0XF8RV31VylB7QXhcwtGRHlgYncryXZs/2yi
+oXxYDTCQcN4OIhX03OpzINOW3VKkT5XXhwxYCfgALCNid3+Q0qPjVmlMUQFNvxyB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem
new file mode 100644
index 0000000000..89021b4c0b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 39 9B 1B 2E 69 1E D8 FD 4E 2F 56 36 CC 48 46 B9 A9 28 E2 45 
+    friendlyName: nameConstraints DN3 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIID3zCCAsegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4zIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMTpZN/9lfu5qnSxBzxNYREzs0oW+EkQC6dV
+6lTASGBtvdK2rJyFeuhlKeGsmRrF/f/oLbGHodn8POv/vhGA5MFUty6gyOQ86oEh
+p/J5XbjMtVd/MGk+oc+d0gvrvN/SdqLpSE1u0hTkavMfEd44PlnNVmnT5ksN1Lcz
+yA8QLBuG6hsxEQygs5m8lFLgftMdFRUI0/OKOVp0MVwCB+LqWqUKRsv3jgH5DAcP
+ZyQ5Auf6gkH74uxQKDsSTIuz0PRmeNDTaNExT7DXysaafv3Xat8/dvARlcqlICdb
+UrCgJ8ccpEqlcdelfwEqts7i1oWDOj2F2qct28YSpmi+4eWmacMCAwEAAaOBwTCB
+vjAfBgNVHSMEGDAWgBQG3Fu+xxI3WaSKQHR8CZ1FPEqh2zAdBgNVHQ4EFgQUzATt
+aigdft5k6gCIKux1Eb+lLmcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MEIGA1UdHgEB/wQ4MDagNDAypDAw
+LjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEw
+DQYJKoZIhvcNAQELBQADggEBAJLF4j1s6nKBt1jK6gDyUmQurPyPtSxoGKv4Ji2G
+ChM5qgFvkqj14oEhcGA0I3mjl0uCmGbUkMtrzDbTwmTAzs1CE0NmpMkAbsde/6Vk
+L5biHGP0HlnZwJ+79ol5ljpCLKnRETUnrh/t6Wwmkxar4K5bfDFG55jF8WFEG05y
+k1B69jPLilyHaepHYd1rw+eqE9x1me2ESMJ40bv2mX5Yx0QgSaeKsr1RbuqiNwhs
+LQ0HrQkQ9TsUfVL4g4KmAd+HaSV3lupWX8v9lhUJkajtVwf/cjRmQCOCb8vUHhoH
+6KvWIoq7MiyydVHykCp4rL8NRhwCFoHGdGIMdRQhvXlMtR4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 39 9B 1B 2E 69 1E D8 FD 4E 2F 56 36 CC 48 46 B9 A9 28 E2 45 
+    friendlyName: nameConstraints DN3 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C709F657F16DDFAE
+
+18YCCI5fJ4xN2TQNJMyjsBslG2Dsx7ImeNdQ0STmo4wuz0KwnLuVUrmUNayFm18H
+GJHdq3CP32bfubTBz6rYYNd3bFOQCzrOZAOI10GkgXnJ6nBw/VtL3yt2bDew0nV+
+FBxnkcUIH+ur2IAGhvqNO6P/QOyKkmkBksGGWIHNM304AimG1Xf03zoQNUVjX09F
+syvCqPNGncJ9rWHkk1ayOF8MzW/hNbAyJq6Ny5yssx7coJHluVsqm7763++d8UwN
+AmdmUJKSQvr23vUMd6yG/Es7T88VmE6DP7a2cL1yPpT8tHWmWAot+cxKMYXWMkof
+cZCirDHo4z6r5DLBrnPjxJ46JT+wc5i4fFMyV4eFJEOZVJRxgvrIrb6wjV3BvQVw
+lXml2H7j1p+NG5GeVw2IW9VNkQOY4yjuwaC0wNuujWBZ5LHqZqyOm4Cg6i3tROfE
+1j58h7Xau4X0FIkWaVpsVhmrrs8wL9ukLbib81QbQDqggNGh2p9/oNdm++8egH2W
+odPLm7BPVX4Ch3ZqZycrE0DfLbOrSj6w+xywziRfEspk62fsWW6TtobGP6Kgp4zK
+uZvCOqwOcWe7qN6tgPcTIb3lroFyD4TqliSHWYdSE7y6S54T4qQ9YYs674Mxxgwt
+sY0FATKPv/gCeTnc+UoYjLNFVGlXrRVGNvTGRl/G8j9TKc/YaA0IQnuynxPB23b+
+Nq+exmYLJcQefdSgZufN7BXPRT5J1TDzeGIyFGx3MpflrXaisMMGwpR1gtq8lz8U
+ve+LQzcZgYjjUIv4gHnttzBkujWb8YVIs+fz7+nyTZee7dWgfizng8atdyRK1MvC
+aRf2cWczBsljeFuJ9MXqjFMxr3tVsSXhvC1K71gAu61VY3IcUSje5nqIyiOV/Ltk
+so/+fEjuz0AW0Ooz9+a01LtfYJ1cZXmZg/c/MPYB/iAatOpBzwXLMw219hsKDWRn
+FOzC52TixrBwAI4OIL8PIFUm4LgaT2yTyaUWmiVLqRckRP9CCjdvldzLb+4MpOdN
+Id80/uRUqti6+BsYUO3YM1rqDU6mJqB57iOCD7wLOwm7nhIufEIxxsbpTIVt2cn2
+8gqEol3HdbEDV+F8aAH20LmMwLVDAabG2CfwuP11zr34QrfrmgvIGNGC1nA5gVt6
+0NGJ27WNFRdalQIsNomS9tcSZMaibxGavpIL+IGzprB0b9sTbKnQv5vF86OzZcZ/
+yN196/A+8lC5/BY5Tg4L0VPj1skcUDKCWEBBvmeCtJHRaI0dsvYHsQTSz1upS6qG
+aE13waI3Zy4fWXYSw3bTSKSDFYBsn+g6l4d6lwipP1/fIzzj5sRM1sGF3/g4kVld
+AvR8eUB6cgB1a31Kg8wSfXoYEtw17+vO3rM8ilfcUWwjkJ2gs52Fzt0Dpv5/rwpx
+IlsjRiDYDfiMTwq+svo07GHTrkkehM5YkXplbfNeCPDdLQAAH8SWnki3TsjXkgGq
+Zz/lVyOUwOGQDJ65LTuGrq29LiRBlvSjbTGRGruM+Mzp04Z3lIeJ26CJHW4YSopM
+oGye70jk6SeM1SrMAR5CIjwq/6Eh0lYAiowu+/couAvE4tscUvhEpp/lm9ODzYEj
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem
new file mode 100644
index 0000000000..ff079ae27c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: DC C8 39 E9 6C 68 80 7D B3 B1 0E 2F DC 53 7F 33 42 1F 94 2A 
+    friendlyName: nameConstraints DN4 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBQTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDErlH+siiNuSte+3eQGs7cT2LBjfndbDv/SSKvazHDGHl3jg/m8OF5
+650gFQ/vi4HVN8IXfICMNpWL7XKTvpwyFydsPi5DiabbrdL5lQqugKDxVt4o0AJ0
+IcEzji7w0syAaJoCXmX8inM4NVwDKuwk+3PYFBygOPn3C690tVHVq6Y8eesqsPam
+d33HZNpq26KLEkIFvGQPHO7q2jPGgvXH6X2njhewKzy1iorJgH8fYA3b6XtdqLZF
+OstCkz8l/iNTBab+jQSB4bdwuaA03QaCaUp6VB8nvZT1Bleh+4I1j86wGw74W132
+A5iGpedSFqOV1vFhVKg3bCz9ZkJZVtorAgMBAAGjggEwMIIBLDAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUbEk2rS5YiRI2UUE7VFIm
+JADTynUwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIGvBgNVHR4BAf8EgaQwgaGhgZ4wTaRLMEkxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRkwFwYDVQQL
+ExBleGNsdWRlZFN1YnRyZWUxME2kSzBJMQswCQYDVQQGEwJVUzEfMB0GA1UEChMW
+VGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVl
+MjANBgkqhkiG9w0BAQsFAAOCAQEAbbKErwqLymnsshF9fWoJ7Q34GSpXkfvnqLsM
+pak8iy/VCfntv9pPMFhpvAT6F4wuoGN4wXhyQed2ZuSNZlu18fSIiU9aymr0eyJR
+XuNHHGjVe+5NDfNkHWVX6sQoH+fLUTQy7SmXK5zFrXynE4GJRTzq3oFTTdnI8HGS
+f3YE3wpv0miYrKV/YUz/Sn3v/FV9jqhUU+uMqeOE6o03FX+6wXuZ4FWD6vhbLBpg
+2GG3bjZ+ZQAShn10yvZmkWFyvwGinzcqKwI2aotX4eKGTfE1Mx8eFoRVO/1Iiu53
+HvrXVQtKgyQkEqYm8py+fJbg7PZ2z+2bn4b+5F0TPI2sJJ2ihw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DC C8 39 E9 6C 68 80 7D B3 B1 0E 2F DC 53 7F 33 42 1F 94 2A 
+    friendlyName: nameConstraints DN4 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3A4F6CA0E0C61E15
+
+cAWOiLGDU9eGOBuNBTTGZfIHH0FPppsWGrGXqNdf3z8RmbG0+Rl+gBsravN5abeI
+q/zaRtr0juFIexQinQKNtTQepVgwOiphhpwq/J7qFnssszz2ozZCZlDmz6nT5msz
+upbgor44Kby6RgUlIul7ZTAX5vlxT+yCtkA0ojB9UCpAct6Vx5afTTdRdfeoeuEX
+d2//Pv+UvM2GVRU/Ov8O6yofSkVCM2cE9VR+LKj24aA7D9l9qD1BeA0t//S/Kt+k
+u2VxH5db4e+Ayld8tC/LapNmS/Aucw1SrJ715Z8HHlA0hgFqZnRSJEk/e6x03EJn
+Qud1lnVJcp3S1EOZ164zftcairA6224YseKhXZ2Hk/iuczFgMMIxbTJ5gqLSaLmv
+yx7JbX6HjLZ0NtfG0//KKdFnKpBPhs3HrdYPROBp73gkXnNn5Cl0YQEILeSVUpLf
+xc9GNY9OikSITV9ELWPgAmlbS+6/HI/9ep/CmlL9b96wcCjLHM2UUwYzqSnUnn1J
+wNpNWIKBWZepHpIJTLLKVmv0B5SMgdkVyvpG3YL7OetDG0GiAlbZae134jfvRq7p
+yj0i8nboCeKVLVxwvSKku47zQWi25cO1gaAyfnCJ3ODPuVXndrnfT9rb6g94qPF5
+7jCfffTOAEL9qPKUrqXI0B7WU39SwYsYaH9GJpuMVsl98JVxbxyX3AlDmoECHYrI
+TbbmePE7iojxNj9JpJhuJSJwdK3HhGlA9mVQt8alx6M+G474f+cmdcxtu6AmV3en
+cKlYFke4/be5BgTq1zga0o4N/pom1b8nBhX1tvMqhaEA4hAf+GzYJ6gFJ3SbMbgQ
+mCEvjtzx8zmjBtiaJX2xXfMYJ2lyWUrdv04EUQmU/hEoAFLE9tUt/YrDD4DLAOE5
+1L9QlWi5Su/2HwHbA5sSstDsbn/WSvuGYTpFU1pa3ugoWiG47+lzc4DZTsUC3yBY
++A+v1yxRKmtb8B4+vE4Du1umzPmLdEVtVFs1csjT4dHTLt2ky/bRmRCD/YReJKSf
+s656ZBMF9cqViVeCNIiMICorENMMw0nSb78m6kOt+pVhaHJ2Eq5VIY4emRIsIgpM
+FbBDEl1NXY32de3rki1tbLTwcsZK/ffLcyWB5pHFRSahQYVbcVYG1jeLX+Ecyo3/
+lNgFOY3xp9as81NfGztiCG0bs90LxJNIF6r4MxWmjLZb1SQvtv8YIuC9Yt08EjO0
+S7EwT5EzHqnmSnWeYZS8jKUbEmC3qHSDTqVWG6++2FA0M9ZQ4GKvKglwZde9MhEN
+6W8B8Y7PZeNKaY51l8zAAvqQJuQVVnAOx4NTsPMS55oRd20tNOgOy0DrEpC4eqVH
+gwKU4WWftri/ys9C9gLZNxA7GFNTmJn7X1R8EANO79PLi9wteal+surNbHpeofQ9
+4tr+04p019LjZLeuEwRq9BvVoIOZ30X0lkURts3azLpyOQx83DJqFb3chS8OV0d7
+SsahxX1+dngcrtaS1kyP5X9AQ8qYLRAKP4ObMeBV7+5X0IVxnUjpQIvuEPiXibFT
+pm4AVXB5qxnuXiJ4fUXAOW1tmJTYwwthygNQvE4nVEDVfafT8fyauQLWhK+tQvNu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem
new file mode 100644
index 0000000000..7e1053a5dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: C1 C8 31 03 AE BC F1 B4 A9 00 C7 99 75 9F 42 89 9F 96 C9 2A 
+    friendlyName: nameConstraints DN5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEXzCCA0egAwIBAgIBQjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDuAvtcHk5Gye8SvdckoKSvZLwTjNb95iDOOSpUaijVx5NcCubuosIX
+n6Hcxc4FI+z3vjoMQr0SdSiATv2QUFvYDkvAXKuZGrWE80oB693w6ljI1iVsT9BK
+O8VBdSRFtUaH5fZWUds8Ed6G8TEcybyp/Fi301rGBtcS3Ci4s2eooruWt1EbZUjx
+XhxebXGD6xeGgifVtVvZTUySNJNMLxlBAKw4zYX4ZbB0SO0sSMB1fq/OaDvRvBZu
+mxJOBCzC7TUl4rhfi8PWaC9gdrsAgIl3pMt0A9nLVE76HL1L5kJnoZDfwFav+/ix
+3Rc/PIQ7hqTe+LK4MJ/QW0lZRYesXHrdAgMBAAGjggFOMIIBSjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUup8JypA5nE53Wuv7EJWs
+06dKXScwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIHNBgNVHR4BAf8EgcIwgb+gUDBOpEwwSjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsT
+EXBlcm1pdHRlZFN1YnRyZWUxoWswaaRnMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
+cmVlMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQsFAAOC
+AQEAAPGe7Q+EIK4mWtMfDbJlcdLNvAPB8lvaDyM5Tb8cnsDALQfDywVfxhFgNcP9
+yPE/NPEo6icOToJKE5wv6/jA3eEs1CPK1HdadnKLMzp2xwcUo6ztMHiPeyGe0amO
+HbqUj5dfo8CeNkFsbOcSaCgN9FQl8cQ8/nld3pvX+/tacajBrKWBvLocVTnVSGWx
+1TGsB9JkuQtm2Tvr45+7FwzViuu8roIBtFpNMoWLSDU+SG5BB+BaKPT1bA+N79sk
+EPGld961zpkq4+53ZsUaaC+WVoXSRaafXitou4cFojEglrhqW5MkmaPDpmBVZ+ke
+w786OZvGQ3aNK/RAKRQ7fl4y6w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 C8 31 03 AE BC F1 B4 A9 00 C7 99 75 9F 42 89 9F 96 C9 2A 
+    friendlyName: nameConstraints DN5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5ED7185F5A78AF01
+
+CmjYjyReYVctbc3Ag8DVeaTnHIWk/GAWikjYoyNjtSwt/4mya32qr7nsjoQbXORG
+ETInKRBRp8XI/i6laLA9pjBHrRCdnLQK074TNqaaOahvIe5NtjutwMpwO15W1FJn
+2oUqyoIqAOcljLz69S1VijEVIOB6e0Jh8ocY8DKBWwYgscmLlGXaHS4VeAGpRpZs
+XRjv14N5OpzctaUoJKNyCvbbXrQYf4hBfxxDfYmIoiau4jigS9oPKfvtge82TmpS
+kphZMEGJ6NtRvQS50ug69y1thWhwHGZZw4gBqyspvgwiYIpg/ABWFqUBzoybBqm4
+EoV/3vJf9Ivig8yarlUCIc0Wf5PYq/T/NdYIk2LRdsL3Cw9coMi23rqwDp1AYjUB
+POzs2+LJXduckqb4yRwICMSrGkIc0R0DhjlLKRru8ca7DdA+qOw0vMCw1F+zYJBb
+6Nggy00egJWwnkvBEvPZfQSsD7kyElrDchsAkgzLsVI0Lbr72z0b+zuNmpyTTynB
+II3oV2u5Wlo4MiCGzqeEZLTWv/HYtuD5603r+EgAgBm+sjkKKVahkBYlmX4BiPoD
+VWet31kqCpgfrriN4I64OD6fqFoxooc7JbYVwNeZY6+OQZBuL3o3jC4bOFXpjEJe
+VaOGQNd2yHq3K6MaiJemmcuQtUt59RNCxWEav0yhHYvltXkyjtSdWhCy2g73MJ6H
+y20lbiRlykliQbxFqtXDUBauHVddNblIByjdNziHCVbQskaX6nUv5nMHCBzc0REo
+/Y1F3gPernpRUYPI1SbUa8oTwU1qpAq86TZtAL8/ceQfyZfytUya1uUtDoSlbo9T
+BnjgA5H+aG3/BaPw/eacTFr7KPmxM81wDhkTzbxnRWLxKPDWuR/ofoeJIt2pCME3
+oACdANURd5uJy3sxUrEe14n7uJ5DN1O93m47vaVSCXaYfhpW/H6GvBaUbu5ghHqp
+zfbmTm7kNbWuL/lag9PjU56MazmJAx9XozsCZKDQgHvYAkYZmc7sU9xDcokfRtNp
+EAKfwMIQt36DYXzkgho75DpIggKYIKCqPgCYwWsEBVO3ci8iwW8/3OkFM5k493FA
+KRtEX2go9oZW0uBWLmVjhVOPJ2ZxGzoy0rzPFt4znyPKa4aSIrGhCf+xequgXeV0
+1G5TGcEV/MurHCItd2WNXIo5NvRq0vDqH9Ufgxjj6lzhLY77Ld7L2HSTudjgC2jA
+iKauatpfcdwKz9wAZFLDsL1TY6nFPh36fR5wgEfvpeM3q+Y682gtLCYKsmhSSMo2
+s3j61X0Q4rOBE6u+0k5dXmNyHI/BbuDf46Li3tahW/tcyZFx9y4JCgzB4+1uN6DJ
+qndgMC/wtakkDHv35mYtNnoWSOKxryvOA7ElJMtXX1ucUDHetBEvqN5I3cH9q2HA
+SbB3Bqw+40qcTbj3p7nfhYZs1kJQohcd0IPanyhuNVobaUFAePk1JjyFtZ7OLVL2
+7e9pH5jNrZypp/BIMJcGE+edSu2yQxdLAn3iZ0qWXz5y2zXwcm6V2rw3W57427oS
+LsyEiN2L3H8iuQWJMVBcSpYv3050ezySpPoqqkmpGE/EmqI7vjm0wA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem
new file mode 100644
index 0000000000..7497d63215
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8C 78 65 B4 6C 7F 97 CF B2 14 61 5B BC D6 BD 30 33 90 B5 0E 
+    friendlyName: nameConstraints DNS1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBRjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBETlMxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxyZIOtzAZ9n+6Fp6UAqnUpZYqyvCKSvTt0W1Ww2idbDJFczQcqX9
+lQDy/v+NoGkpQbjqZdrATmomnujiL4AQVpl01V1XJPLySeVOqToqhbzifoy+RBYq
+sXewuEDBpy2FGMaFz3JIK8mbK/qQOBFOG8fzzv9gNIH02AQpdC+J6Df3TB0utyiK
+PjHHGFWifSswFqCHGG7geXeE+Ep+iqIm4MKKtRIG5DeHiqugcHii+HpaXFASVkIr
+Eo1FmWLDE6Ww8m62Si8WQSkPfkcEMGn8s9MXI8L0DT5OlkIVvSs6Fdd24gJJlPC4
+lrF5g4P6/UPHFvyphDptCkqpbkBKQEBXUQIDAQABo4GlMIGiMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSxqhfw48/M0qeJpoMH3f9u
+2gfjSTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqAYMBaCFHRlc3RjZXJ0aWZpY2F0
+ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQA2cwKSvsy7ORVz5Al8eYcC1Y81FdYA
+ioDGnr+x+6/I+pskqBFox+5QHN/ccd/xOeFjK1tQCq7WTaEiFWme4DmatuFAMtcD
+LG3Xng+yfEeXswsT2L+e79o/Cg1G1D86V+YArRRTGBvIpzNu0owpW8AhJ3us9P31
+e6ZRcL3kwuyx/nKODVoTupVE+YJwzLqtMKtF7EOfp9zQK+jSfTUbrmq0y2gqfv5V
+5wVjI3Wj/7N1T5cKfPTnRyAoSZRSmZTVVRZgz7wEZSalMLlrCKv9UrTP00WX2n/J
+33mL/1KX/Tf0EwaOMfjWj2otCksNZTU5QoMmtVxBhYd01nTV/bKejbUE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 78 65 B4 6C 7F 97 CF B2 14 61 5B BC D6 BD 30 33 90 B5 0E 
+    friendlyName: nameConstraints DNS1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEAB6091DBB1685F
+
+tFtb22ury3hDBFcRIRlEJcVLvemmfIIoQqRMmVNJnlYUFMFi+Nl+PEPpr01S8BGc
+1qLYMgpFBp83bTkr1qsGbBG2O1G0vHAdqMWdxXJDsXGRIq5pi438eEknryrOQRjC
+D+81ZHY6H0seg9JzrBFoQZtGZfjZ3icTQRR7sXC88DNPr9YLiDdRUQB/NICr+UP/
+e2xlabFAEi2NmdoosbV2qKrd2DBlz+Ko1DCnEl/H0/lwZhP5AkYDcCYpnAM4PPu7
+XbT8rNwx/ioD/WaM4zdFTs7eFaSOY6nvWGNvE3B05ChQ1GGUd/poZUwty44kVvKA
+puUpNpuxLDH5TvhTQyHuwo8cLix41g2EDWMkMJCZGXP4yufk0SFpRwmZb0HZasyB
+hwAq9lF0bphdE51InIbxFjhFhsBLfR5x1eOjr0hFXbZ6mSywHcriyDs2FhYVi9Kj
+taTM9Z/z6JbgX3lAQ3JKvx19URBQatcwrHxCRYt2M5jxHgLx2FCF1NmVjIuNSYMJ
+c8aZX4j3yL+/ccNT26+7W02XFTrgCSp9I6tOlMmVlwEhdmlYh7zhxiqB0p4SMQNY
+yrGBjEm/24m+rxw0usJwuvRGSBNXEIPAB2Zj2ndiIdUuht1u4+vEJ+juaFigxISb
+wKPbPEdZ8dG65FFSBbRLVilFpnfk8uhCZ4LsV7HZBWQHryuLqj+XuEbZVc8skv5a
+yvHzN1anzLC6ucHBCtW449Hh8N8wL34VY0BJrtoTr5Zf09MToYZsdoDT8l66Y0/a
+ahoW0pWYNiksntlh2pyme4FNMtr06bmaVjRavphtkWygi3y+yCpJS3D0yrqcDymn
+mljhP/9oxAqNhOzgPV905XSqVCkJ9jIbQy9Cix5smdhGs4h9xajUC81XtfOZcXF/
+WFFe0Wf1Hh+HgHTQzcILui27NeN+PBzHmcOyYpvTzQQgLtAuhXLQDGp07sTzKzvm
+u2Rl9wNBw14V96hkuCUGtiZxrYzQra7Jxyvry0yJ7iCe4awCbnw6G83EPmvEJzg+
+HjjTJYhxnvJLNnYEte3bXLiDlU+8I6Q5MsDEenfueAj5bpHCbGGA686r0n8ds0in
+9IQ58pwKnjTjZGh2M2QtUcH/Azz7rQL/drYAazISbnRhTB54/MDomxwmnTiLg9p7
+de+VU6bu8m9GXgQV2pfkdpIOO0j5dmHcRHL6G0v7vAkiSa0lD8jMc21MmloVhTrH
+w9KdTLCq2Bf3xehjxQAJaVzwZf1B4/TOnMa6cakBSMxoEyFekgfIld3wbrNRxbo3
+1jfzMkFKMM+SGpjjLZJUDtXzCzTcOurMl1R9APZXT20Udegm4obiBs7+TIDc0PyB
+e3MqdfqAEtinY6dzPodB9t3mFzjY4rV5Grks+twpWBA0GSe8P6qe+TEwW/Sbh3rx
+QD/mTnLWpol/CxLYxs/ibHudO5W0WTY3yRZj53OMM/5ZRlODbRBjUEIbgy4Nz6sY
+7sjTDRNexYfr2OhsvEDQi8/9AbSpttbQM4ATrd7ZvRNQiBpkSUtGpQPYVE2HAw6d
+tgZ6oV/HYpkkw5Re0wRc6pdJWWa1p9TpxHoGkW546C0eUIEGy+ZvLQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem
new file mode 100644
index 0000000000..fd19a35879
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6B D4 F0 64 35 65 71 B0 A8 FE 96 51 2C 71 66 B1 4A A0 60 4B 
+    friendlyName: nameConstraints DNS2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBETlMyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAvfi8NX1OP0jd2b3bSoIyMixV6E+/kY/Uax1VRBts6UW2lx2CYk5e
+aF9/9jR3lx24bit3RHNHk7LcaX5Wkr1YE5ROpyxEwhEOGWnK7GcM1MlFvpO9Bj6n
+39wr3aB9MOHSOS1ihfY99mY7UINyWNoXzkUD//ivf3Guwuf7lVfvjXwotgcs1ig5
+2wSTK0sFONYdCtZMcrslFgBOhm9qZ8fGlOSVAoxKq5Fhpx0omn3DYInXNjHPHwJc
+wj7D+8FBY71FHDG7oaeyhaU/kYiQTMAxoUd7XDibLf7KUQ38EiVpLshCNNFTZb9A
+56l+03RieJzxNd3OmIULd6AFLNZ1aMOjVQIDAQABo4GoMIGlMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRGSJxCCY5dU3DYFh7gwckY
+FTUKBjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wKQYDVR0eAQH/BB8wHaEbMBmCF2ludmFsaWRjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQCGjj236wEfbWpLjM5irGBHsc0w
+RdmtOLh4Wht2TlaaJOErYwY4HWankOeTjQdJh2fxlOwWewcjplngI24XuY1i52GC
+HL3H3CbiXJJKiyNZQyTfUtWaaP9Avp9psb4J9WcqfKBMMl+j3M3Fw2vLFXSRvC7u
+bXnaLNAnsMdJoLYdqcuqfG36aGOlouxf5+ATj8nS/EoOjIDS1LjPCCLVMSSURNYP
+2royVDt7AH2TzxOT5c0+5nvrx5bs2GOO/77oiLXqu0FJfXsJSOSOrFZ0EvwTOPg6
+5jH4zO0aOlP/p1bkpYpVyHh3syyeKTxqdn+TTZl/SoiSLpk5CxK+eFBlQ7ad
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B D4 F0 64 35 65 71 B0 A8 FE 96 51 2C 71 66 B1 4A A0 60 4B 
+    friendlyName: nameConstraints DNS2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A15577E096374231
+
+jIAioNMYij8iqXwg0fQl2sfAXBkwiLnCOc8mh2szeTBwkaF0EQku5ZKkBUu3dTAH
+yZ0LyB3/t1ZwZ4qUsOfatq5neI86FXw10Khf9JfFl3XI9Cynp6PdJjYIgZaP2S9G
+n0kVB8q7nXhBIsRWvH/0mvKWUSAaQYAkiPYNtlvo4LXjb9Y2m5QdaIY4Vo6WtD4d
+nwn6HNhR4TGhEMkI2MpeHq+tqhKx7PTjvFqKmon5x9i9lDI2XxvaHvQ6j9WNq4Yf
+Kjtn0UVxmkNEadQ0mfXChYY7cxK8mWNk1yj4OvxZNX8vHhtWxJlXKOL2E+xaVXfm
+N3lrSAH2n8u1biTjVqlpaMEgc1yBLc7wYYlmZv3n0y1lnb/HBTAoudJn4q2kVZtG
+5h9/aEuY1F/b0eJGu4E2zqAY2UMUX5Trjn6pKHbKfSrwxrIGGEbgy0COeJ2R6zfa
+WH5hQLk70p+8Xb8fkVc0oiAu3Vk0M9INVPF1ICirsPJGpRoz3XmNRhbqKxaSwAxd
+4lM8yiHcM3m4Mkymek5D+xPiOuq6JjJ3+WZS/TidXfDkoa7AILgj3N8Ns0KOba1L
+D2woUPRJVDXvYcXsT+KWQdr02JJilJajEB+8RzPZFVAzUDqbwmyDDu0oNrhBqeou
+ej/Q1O5q8AkIF9cqFJLDdI/7DqFVehb+4mAsTOg24CF78K6g6QUUHZDnDYUBx6fy
+GMJX2eXXp3MzvDH1cYpXqOPwbL+dOTzCyRrNMjWbuMozdG0fErjyk78abozUYe2v
+SUMnoUKyPCwYia7dFl0/mJggrbbe/pnhLt3wOSYPcQMD7yt2TKSjIgMlP4zAfZZd
+iJZymqxvBJm3Ce55EuKapWKxtFZbk/uehT8NelmpJZrnIQOSfXLjG+bcRM0BZ1s5
+spb8HK9ZdyjR/3C8lSYbho/uufPntlpcVAYGyn1onvV2+NH9fHMgakynyJJpCFwl
+KQhkkAkpJil0TBPdfUHuFIUBdfjbD53CWoUxiHIfcKR+GcWF4sArJmviHfhyxGxI
+sM5Lu7e5xzfJkrpgHj5raRsi/b1y9PAOXwRv7HM7lP50VA1ZuCaP8NU8gyarvF2V
+DDGkiO4CnUBFY6xFs2VdFRj1dm+chKQW96iRCwuC/WiUTVX0FTtkmldvSOJ1k4/i
+kvjpqNSwFDs1jDkn/jyk11gAEr8Mg1VQS960NJmDB6P/viJBuAFcGJVgF9F/AESz
+xGLisvRZ/OJsng8j7qrTecYcwTRj5/7/QMoBy2Cj31GvzxsUC/dHUXFzjfWeqdAz
+Xw7teLHqzrPYU7VD76rGWTD5HJPuaiCaioSslewcrfx3wC+aEBfywvr4zQkPHPIh
+tplHJPdJoxme7FwUTXu3LgpkPp7EiggpqS31vecKy7YmnLq3smpNtBpHGjQC0XeQ
+x55nuXEz5RWmLql7nfYq/D7zWNk7OFa1iZ33cWNTB72HoLKR6FSPZvKOfX03GbwL
+QwOQQRIJqDwgTH8pC8gqJdfxrvSd1E6UsvUeXU0bhP6zbtFDBdOA+ZEDqg0VXtWX
+9eDgZ6zFwQz7l0PZtUABd2FmPFtEXonDvg/QVOBXs6vdXefi/vAnLAKL5TjuyyPI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem
new file mode 100644
index 0000000000..ae4b69b5da
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1B F5 F5 63 8A A0 64 77 D3 A3 99 D9 D7 4B 03 39 AA 14 80 E1 
+    friendlyName: nameConstraints RFC822 CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBQzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq9vbr9mMpG3/bg2XQGmxlZSEqeJpOnQUuEoS4cicFxpCaKMK
+OrGLlpwTrGhR/NGHOEzUO7qLWyTaA2wthe0ohZIsxjvGKK3yMvmnFNriMBt+md8i
+PAR0ysFhBmMyIpwdJs1N2jBnOANPW0KFOtrFgncHnEOajo8l0jpGBaLA3ryhdwB6
+h/L/A8bNbqJL4E3foEk2AsOzdt1LoRUaA9gcXCo9EqQ29a+598f7NvRME09teL9n
+iJEzHy9Dwxy//II6FnlmjnvGdUmm/2Z71UbzkpiqjD0w0/jBXcDAlwTF9EfL71rF
+wDCRfZppGRUKLqMNTohHKYI4ilkD/oP75a1EKwIDAQABo4GmMIGjMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTIao6xD0uqpYi4p4+R
+2+ozSujV4jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJwYDVR0eAQH/BB0wG6AZMBeBFS50ZXN0Y2VydGlm
+aWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAcAR6YeKZpZPVB0ICn2GTD2Q1
+FlSS7paAINYzC59z6h8ynJFGp40/67SrFz7IBzBp5E2InzQ35dBXINNsxcG+xzgE
+2PmPZXzInzI5MCJS4XpX6bY94yUTslpoAiVJxwISZ4Gbfd9M73evvcxymSVNAPEO
+AX/6eO2ilazokSR9D3zQVOe5lxPshorlX/WlF9LvCOrS0UcEhHoDrfAM6KhojUN9
+K5l6Fv1NXwb/8cAbFyC2BMmwmec6OL2oBDJCxoLrAWVaPh7+YZadnLw/w930IIdT
+U4C90QPUgdFJWZv13TePZ2WEMtxsev82AU4PjeUS+l7c2FLW0zavMoaPhjPnaQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1B F5 F5 63 8A A0 64 77 D3 A3 99 D9 D7 4B 03 39 AA 14 80 E1 
+    friendlyName: nameConstraints RFC822 CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4562102D253EBFD9
+
+j6TVJONwSX4g9azgAS6muR8BK+257UC91asDs9mFLvVUlCLTQH1ZTwDuyPXTdIHz
+/3tPysrfI/1Bq/IwNkFHEEbDEVSmK32PfrXN4E9dEjaI+jgmSap4ZPTXnVyzpO1x
+LyKAglqacYYv5HX0S38mnCHAKKeTvJ00POvwTqrPb+lxQAFf3LcBpopL8BtD5Wma
+qmJO1EcqCVFU9ceo1FoOhWNsPDrpf2qZPpfQ6v6fkpqZWedQUC6mfDdIhThjQTD/
+tOIKuo1s6zHz2ZLKmpYKDAYJ6zeeIsrn+j1/3KyMfW/DTuPmdDDeCmGwOuQdja5e
+sSL2Ij+Qk5IlgLX0OkkXJizuYdIqs13Isk8rK9oZqPhqWeoIvBcXYt9GpYo5CnJ7
+1Vov39567Ycc2xKtdv9d+VayHUWhwtvRT6Cmm0HQj+ktcQJsAM4H978ptMhlxV4c
+FoyAn5q01CMg1uRMZRPiXGHSLwy7bOYUamwIpomzhmRzeUl1GTRI98atsIMvhGPc
+SEt5mmTvYfaTQXcFBF0MWc3h5MUOGRYs8O1jjeLd6rg/pZUFWDZUqzmElq9Kc9TG
+m/0r0DqFI4FxvyTI+1830DUt0H7BzbjOO/lJS8lu4XUoVcz9sSoAc3U1n8yyXzMV
+vHNHcHSGNsabfE7ouRwWn0ttjOseicZDsu5RVAcw/1XehRScdfZxNNyVhU7BGrgS
+UqEnPxqQYPb0fqpiiRVn+RqD6wDdaaroirU54HPPq0OAxhosGlE5PVc9ZIYcBrFI
+fO0anVuQYwK4HnWVDbp0+0jfv6GHKiskFRmQ31MWZ7CrIEfyAoG7+JusdttDTf6o
+BBDR1EVfBGGRX2J30hMqbRXwvuJ4TpWDsGiH3dnkdjA3txhnYTV1C0p6dIbiBRdN
+3ncwNaLRbjjnv03+taiZuFrY/JYetsrpht4woE/W/s0fQ0uBUq+xeCNqqNlrcvNg
+j22o6JKyitDWbCAeu4SnULN5RHAZPALYITeAhU4o7SLWNzFlzIen+JpbzKzOnRBw
+cXa1DuJxkj9BXMapjGoFkFrIkfgLPjO8I37wFgk4REWpBMlMfZ2PYPJZkl3v/uLZ
+nLOWoEWqclPMjuA6Dtb4rti09+pMGN11j7oKRC5W15LcIjrSdj1NKl8mJIivlEHg
+646IoS4yPsNI2kthdx3YaMfRUYXqGOxom0KYXcj8hlVVofN7/3kGN/xhC0+QA58/
+CQ3XahUOpemqcMTEUbDA/8S56MruzlhD0Nq/oxYR3Pm9J8NnJ6jH0b6RZ2zmDp9s
+YZuOIoiTRBfkdljrsK5Nw7ixnsTVuNi94wBnxWjHsSjzpx9sIZhhi7NUheVN4WaJ
+CyK0j3qqOIZgbp0y4cLyZCKBZ2fTvDuqQznnyiPIT7Nf4zeD91i0b0J0gcq/y8Ff
+Vo/HkyQOIkwGdkE80G/eu8dYJ8IOnO8ty2DwLzihfQHYHZHLFcbJkUBcNsE1jcTj
+vYw496/wQjpsW635mUKmKkXMQakO7oJ1L5AaoyCLbs7Qn1NqELqsehbhtrv6vPhd
+AGNWK+KPBuC75HyAczdAiEkiUlofaNSHzzENaeaix9L74/oLJseU3A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem
new file mode 100644
index 0000000000..23e4ec0233
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 79 01 06 78 95 60 C3 39 42 82 32 7F 03 4F 38 6E 44 48 BE 0E 
+    friendlyName: nameConstraints RFC822 CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0EyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA5WbcU+FNFY3n/eJc1k45UKjs2clgZI0HMujImijlExY8DG9c
+FZQuOX7g1eCaHXFeS7HSVMrfKLO9tOSUfYUCido4TA7xhl7Y5l5BrKkn1ZgEgGFf
+Z6lZqqb5C6+qd3cUzNPbOXd1HzZJNcV47uZ1NusoqMyXKEpRQUW3t+V6dp3E8JFz
+VCLmRPXtqY5JpZemmJD5VWe5tj89OnPk6S/HLKUeNcYiA7rcpZR83TJHmO6tjF47
+Bb/hgxLNRYToTn+Z69e9VJ3WZM/t9fJxRUWwEgyBGW48kQjYmGvBNzrlMdCq1ncy
+Z6JoBk7UY6qky21uhaO5sknZajTFPTj+M4YNeQIDAQABo4GlMIGiMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRRgM36SXJIPO0OTgvO
+zh9AZRJwoDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqAYMBaBFHRlc3RjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQAk9GOd+egKHy41DnTObsmqsc3w
+KSvj1SVn17Hda1gq3tLXUcNqp0g7kP/YNXRx8XXxU9heUCOTR7JLVO5AMVS32Qid
+J5u3q2D7dBgHN5Nyv7YsUOI+AcVysLMTlUu6iGnwCSsdtL5aJtSq8gAKZE+HJZwl
+iR73kSPGr4J1MKBiZvcVa6L5LKg88FQiSdOPJwyPurvn4t/K27u9jW0/SYg1qeM2
+/iKSyzsf9bM97aYqqE3P7DPHRZeXTZKLCaMNKAmZ2iWtsyc3aNTn2RyXg6RBUoY3
+d8um+8xE71cKdDjNwdJrsPwFhbripzJ+eE7bWV8v5e5E1dN3AzJU31wG1+vn
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 79 01 06 78 95 60 C3 39 42 82 32 7F 03 4F 38 6E 44 48 BE 0E 
+    friendlyName: nameConstraints RFC822 CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1EE3FCFC2932F1DA
+
+Nwl6UqvLB41/40EviSaPBJ8mdUgi923wEyqY3hmfKVBnM7M8gt7ULVKOj59+TAe7
+dTZh0Wx9JUIWJ3fEVInkvMWWFMteB/B+KkwjmVWL81Gfe8CqqyssYk61GJI7M7kR
+gCD3DLKia6VlbuB5UM040fpuNMsgqe4oLnonRFY0i5ruqOjrDkctRpweZGT99RSn
+PIeu4/qnAwkcxsBwGh/GjahmUfAA6neemCeb0hxVTrpYQSGkyAwxuI9/D49ok7DB
+5QoW0ZzJhS3EUv4sbILLNOZsY5b+7RRVzMUeXXWRbgyNo4BeYK9by53hbZhtVUZi
+i3+NHdMBJLlP/nujcycu1ETsgwU6BUoZncguhUdymtdErQgw/8AUKQ+K6TsrbBco
+47nHuDRF6mEwHbI/r/BPW+CxvtjG39TG8jMgO2BQYChP4jYklchfd0zU1fTIEzvh
+YmUxIyEB9uY1xYgtrn+lgTQY6+5fs5L+Rp7HBu/bITW/QQ0XFdn+z7Q4BTm9hXUy
+23yPH9XofEcsj3UlFI+PCeSTqu4lRf28iip9xf+AsOq6U8fzrj1LNI6x+VpRmYpc
+WxKoIEvNUwNFRgsVxxW/d7La+URmF7cwLcgoUDH8Xc/Ytc0TsL0fcWJFKW/NJYTI
+YZqnDLY/pe3q6tw1ZM+x+y+L3dHuF8Fs14VxEklzhJabP+M9/p28F+N7Nh2dl9h6
+X6mES3LU9g3T72Fr9MEuD3+SVMz85kFAgiVsmulZ0NPrL0MG6QMxGoy2BOCAqzb1
+WpRmLeC4A5jWKPZT2Eu7spKMgQTQytItn4EwByZcUx3RkGIkUf659Mz6ABALWLN+
+Fppu9S9yZtaBY3C02eVO6idMvYoGVYo/spKFMYErRllXSlyoMPMPNbwginUcrAyX
+tSiWSRCFopdzfFsyO7C2rKb7PU+KauCERlEVGY9tq24w+zckElTWJuZhN57dlaRd
+6zPu6wC+OgHdYvYqeWOsh0gipFV4lpPQz96IfQuVIGfOoBlYfxQTCkwh/W8GFvoi
+L6kwGEj9zgHTMy6JQstvdFHjEKppFfaE9gkSrB+Q0oQsUX9UQJ40CVKvDKV0Di0/
+CHiZ6G5C3Y3Kq6I2na9GdYxVWXSIDY9CWtq7Sh8i3x9wllG2dzQYHx+C87+WkL1S
+Xyrsq8dF0UO8dJbdocZ9udbEYdUatoz8Zz07xLKY/DInK12YRIKW1r6/5xjlIndI
+FMvHhG+pRTAtc3Pt777aSF5JVGvci0nlZU1EzEF/LEl+Osvr8zMk+SXXJXnr0DHW
+cc58wbVttJQm6sXbTiqDeDif9JUdNKMpGosSt+8NB8Hw0YUoaQo35jNgcdG4/0IH
+kbS1wQCRhrxa0388ksok9HwwSIKKWikE/p7Rfu4abWM1pmVNh5OP7y6pW7hxKmxE
+rQcrlJYWssNkYX43xOvjM4vfPmY8cEftUukIgj/kltDSh5n8gh//dETcaAEPmOG9
+o/uO0cOnOxcOm8f3mciYra6EhI+3Rd4a4tvnw60ahf60a0QAxKGIjzuU3XNCZDfO
+GwmAxEYS0jGyWgHGUusS24mpOnF+Czzk5vJohVV2ask4E3gjwnhLeA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem
new file mode 100644
index 0000000000..9f11d4a80f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1E 15 21 B2 0B A6 60 0A EC AA 86 B2 28 08 08 72 A3 5E 03 C7 
+    friendlyName: nameConstraints RFC822 CA3 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0EzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArHS+/nwL4IEPwwXe4efteEWKpq1uL3iDHm61D3Jb/GQKFWoJ
+lNz1VElMoVCqYG++hdGHbQB7teD/59MXxojFdcisSIAA3pTBBDj8c0GFzucAzagw
+1IPN3NDjoHJcY1eRg+bKpwrROXxWHsIPnkULSJ++BkMarinmfuN1TjdtKT+Bv6yH
+vaCgPxck63Uz+lVHuVyA5feLp6NEn9ocaATeo9JanbiZEPLm3NVYMqt2yzSMy2UR
+MJ4dyD14P2L8dTgjaDD22BwpjiLc7gSCrLgTOut25JtYIqreqMn0HWQTbkg3MAg0
+S6UTRnFVUR1vfHRleGrqMU1BU4VQRFan8T7HHQIDAQABo4GlMIGiMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSaujlN2iF1r+pBwzxs
+UdioRal/ozAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqEYMBaBFHRlc3RjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBhd8WP6gnAMqbdGdka9QLQ9t2x
+Xx9zp6vdHGl4oJVmDw2opfpAXwhRc3mQ2MsY7KDfmCNvw3ry6EFEndGdinzfWNE3
+4arjKO+uVFiZCD5O4smVklvpI4xFUZOOxClcJFa/tqicdLNF6tA+reP46djPfuUB
+W9c2XDBNipVjX4w3f1i4LKTH+imhmF0L3hoHfvwyM26RW/j503HvUHPmX6MeSBjP
+HqPfDUgwxtaKbcG/FC7IgCnaKQmcawjIgkWVVz77aue9UW01mJum1dW+7vuZ1gE7
+S3waoAlURTU97IgWymX6FtYnHrX/MiQhexsapFHxXxs06l/up/7k/2m89vKX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1E 15 21 B2 0B A6 60 0A EC AA 86 B2 28 08 08 72 A3 5E 03 C7 
+    friendlyName: nameConstraints RFC822 CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DF5454DFFEE3D139
+
+fgaLOif4JvdvfGzmaGKV+JlZcgSGCD3R3Mbif9uhcUdACJmocBGRAviF8aafiPIZ
+D9eLMdv7OQ5VgoYLrEmVYakElfHySpthi3bvC+W8rKRSJO3rxA6pGDfrotjm/Uor
+0Rghx/0jlsl/MmELEQd8Oj2RFPezRqLN60Tu9Dp/WfMCcdZOjZ0QEb7TUUmpsInr
+vtrVoD5hZjL6ViG70pz5r7sRcuTVJiRMgF2d5E3xD1tl3tfJEYXrX7btJ1pbVolY
+/YxCOm0nCLPe2eoqIhI+n3Rw+6hz6n6Onhfql99C4vHGh+uVeim4xh46GjQAEDIw
+/GLHXOz6r6qmOOnH+ekNteSi63e+VB8w6KqcwW1Zm58OC5jMGbr7tVxQ6CmaUxkH
+Oh2RVfE02+1PbCGYFFv5fZK6WfTuAofsCmLd4ii4iLsBWw8V/ZOV/UFj1e43v8hY
+VJq1RXOolElBKhsBW98D0pfLhdOJgNeVY5NcpA7Rx9+KkEZbXzcxQk1pCOSKp84L
+g+T71aH3IPgLWy8ZiZPwObns6YuA+hj/JXFAQFF1c3KGp1rZYh/vqml/EI+M9BLp
+BT4nuVzVPSRsBakAo2fYy74W6doXTvGYRpBYliwPTkQaL/0Ldowi9oV6R/+jGNc3
+fZEdmn53dEvtieeDstrhH3TJFJdNTAgN54gJB/vpsHX+rKqqS+iY7YH+C5S376PR
+NvqI+nkSrFsKpNkY71zYPKEkOOgUHCuKOzRAIo3kabJQ72lJm+v4e9kQLoK8J3zb
+D70snDXeDJpep4pxD56DylV1lZrk9lI3KXaERTFfrbkUfpwo1+Ksicgw14kYRTwu
+WrEUzDNAJ/O8laWnyhIremZEyCbRsyx3MsMmsI3hxat4/CT09lZGTshGGjrw7wXc
+PW0Nnb1XyS/lHyEm9ajL/wpe+wjdWky4FDG4qCJRFZebdX+l3aqRvVF9t0Wo0eL0
+cFk4fmhh19hxVnrmwma5sXFjmP/vIMziESzh1ZIjTPYBj6DxRdYcsWBTzUf+d0iQ
+eLy7n8UDTHHdHJxzz3mKMDYz+ZlA5ypnxFauCPVJUqYepg8iZFRNq+TzFXs05DTf
+zx3rJpoK2xlZVjG3LTb29kltjur+eBUSfaj9UTKV176VPxBTkczV3X/37y2Tbomh
+JLcsNhKGQaBRm7SnRC4yj65TLenqUM9/CbQi4VM1zGBrFl87tVzEkutklqFdSthM
+RyttFYevmLni624DUPemwad/r1K3O4QiJt130SC1gyb9egQZvrnlpqD4cdPjUU6G
+ExMkZ/SfU0m0k9U6ry62OFwbysdXAQE+BtQAgkd1ud34jtFg4faWTD0N34zs9H2H
+88pVFq+xt/fTy7eOGd2PgtwsJMdAMoipLvXTj4823bxu+TXVpFQGmhC9WxTNzk6L
+K+9M5GlEgVU7D9A9k7etFm+DDb5+1KXl/bzoZ+Rofm9q3JpH8L0oljhC8iFupWcw
+y0vT9Pj3D3HtaQbTj8B+mYygbXtpWyIdmN5M6JOuau6QzY8KrPq4qwP850Uvr8rL
+DN1srseTKVJp/5OveRKvJB90KS9kO9A4pXibLwzZvz2Uo5LFbCa1ZQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem
new file mode 100644
index 0000000000..7e45b075d6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8C 4C 2D 13 2B 41 D1 D9 6B 6B 8F 83 97 64 93 DA 30 BC 1F 39 
+    friendlyName: nameConstraints URI1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIBSDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBVUkkxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAp+cs3as6ObnbAg5IEkmXsD/XLGICGl6qVcEKB6eMA0ILAsGdMHRq
+ybgY25GUQ+o6RfvTHdD40N6Cqjk5vu9+7aAVjrJ0pdUyqHmK6u6TVcRt+xjonlEp
+o8bpkqqgV4i7m51qfLP6+KEh2SKUDBwOZ8/jlYIZeKzVXqk2GZx8+VmWWncDz/D7
+v262km2IiYoZM+1VAUixGhoi6ImPeDBE1u7qoxvvBEDKJJ4sj/5+i4yAgr+JNIUL
+vr8DaT17SkwRZquWT18yu2qP2KycneKysWm30A6AmAALhFBNX1ljDeLT5U1wBCST
+DRP5U4zH+XvAUUEeMyDYMc92a0hjYwE4swIDAQABo4GmMIGjMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT6KK1BFt4qaBfIDxwjPyYD
+3gIUAjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wJwYDVR0eAQH/BB0wG6AZMBeGFS50ZXN0Y2VydGlmaWNh
+dGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAW+m6tH95z9aBJUxdo/dsjRTdVgxP
+LGVODxeqpW8IvEEjoYBWgHT5M+g4WYnzeSjiPvrq1NerYU0DOI2/hb7aoBBq+7MJ
+2q6BK06ddUTawRhLh4Rfnc36epefkZLKtQuFBKA7xaqWLlRQa/jMoZ27hKI5b1qr
+aKR+iP1rKPd1epIL4nwqQgAd6z1bJrV8c2V8py7TWE7/b6wuZVR4aKtFMp2fIN0e
+o8U1K35YVtmuVw3TJsTlFn/DuZ4R4Tl6GqkdUUvlKXNuY/nMobgfruTG6nvmaLyy
+FHtDoamjegjbIx/N1dibXZLf5n32iBXyHHDk7L3ubrarUrutmaHgEEiFZg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 4C 2D 13 2B 41 D1 D9 6B 6B 8F 83 97 64 93 DA 30 BC 1F 39 
+    friendlyName: nameConstraints URI1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EAA221B768070C24
+
+AcR2xSZpFUEn4OVUqagNlFl1w3gYszI5vzBwRIlRqUGD3fXehH3TJMOky0qQvTiG
+g4Yh2hWxJsTSRs59w8UIXbZo2Qv7bYpbqudtuSmF+L2c4uip4M2Rliquol9ydIp1
+ulueKTatotnG25t8Tc1Nu9+udbR8znKvCwzBhrPx6hQ7CO/QXrvYML31UZvBNVkh
+Sj24mTYe2f+glY+1YZAM5LANA14qu0CLXGm00ImKKGs8FspriRENtfQRglxdZ5kk
+7cigX3lNPJOKVnjiAxwGC6FUTDkvTAYxkKaMVbF6bKpnPG5jiTpys41shKi5+oXl
+3VXpSYVRwAiKHikmkEPC9dCKkHAh3PBw/SQeAtY7TZgkH2+yoIiqDkXIA8k4fsBe
+fRZGJyty4RgtfQ0E880klW6H2j/E9g/Gv/aS1PVluassyZwP3UoWXBsAe1DsRP/O
+6XrTvWvpGkrinsYFZVGzw/778gkF4stMUcefHqt0HF9FDbHrtZI8fnAqTHiCxfHq
+9cpfj2WXTxYqIIB+il6r69fJX2RWzJsJ3Nny5mK1h5rx7qib7ReicWV4VZh8Sn+r
+FErwsp9yoPoPj3PUaP00kh+BcP2k0er52cwrTTRV6jiyMdXqGl9uT+HV1feE7o6O
+utZxwYaMo4a1nGDpVtszihym0p3aBEqlYoucUDpzpbV6x1dYrE2irmizIn9z1iEx
+JZbB5Sxl2s8BGic6GkvjsmC4EJbI1pxO2kPqL61zdFAsmPtdwt0fcM9ZJCStpWBP
+cb2j5JCDjgIJbwHd9dafXq/iavGJ2bE/rXr8ivY6Zp9OdbZUoXh28/2CX+dIBHaO
++F68q+PjhEdqBEC6488+xBv2c99cUjIslAfq1iZVJw8wBMo3OcxVZSRcSjCASjIA
+YlmMl1PAOgYCHQxv43oQqwp8ibN8UrvV/2QPS5PEUOG+sBaNrMnV34zGqH0DvCvS
+V/ILflsKx1e3sRgI94Sj79OMtYPJeyhZjKI09zoNNU4qV94LFrpixo58KXpUESl+
+rsmiIY8Xp2tL95t05mXxG7AZWkvlkwkiPrDnxp0N0cBSGItb0YeZT1LuYzjhVh7f
+en8XoBJYbDmCuRfQzQIsXJ39Z2VYdRBO+mVdooPJIsFMCAaIEHKmRlsTjvIEMHDE
+mmT+KY4CKilnbiyrMxPuL/ayV0xDAzpQgR+uGboo0baN3ly5RF9VgckVCX3k8r3B
+/F7/zPCOSF8t+MsL/loq5n+g6BQp3csU6kySXcOlg2JQMkR91lsBXlm5npurd4Hx
+e9cfwlqYFYdTxZvh8Mnft+o1djE+76hAeGzos3H7qtalbxYgEK/Xm2i/U4hjg0uM
+Gx2VfPlEjqs+Pk5oicOy+GoB4sWz+f/bjQaSsscWPGfolIL9ZFKw5/nU50rJeUYp
+8APSX7qc/1JfIz/sZMOGCBwv6R3MgAG4JU7E7Wrbgyt1ha/8BTsGDZvYcKA87Ap/
+w7Z6S8KgVGtYbGkr2o0okRmv0XTmjbG6+hs5ki8GAtv4BMLIBNZWgeNWG34f5cov
+ZCJuJD5DzRWbijW+2k88nCqNd4hLaadtBxdMmha4PxNx7uREdyaG9Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem
new file mode 100644
index 0000000000..9551a095cc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 34 6A 77 38 F8 A9 89 7D 1E 91 15 51 CE F5 FD 08 26 79 5F 2C 
+    friendlyName: nameConstraints URI2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBSTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBVUkkyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAvl+AJxWs1WMO+mjRtv79nQQIKiD4ZerSA3/ELaH8hFiF7zjMQ5iE
+LbNmILHWH5vqaHVmiDRbxuoe5fcWO5B0YB1A/dFY88kGTjB/TSgt+CBGdF7Lmy+O
++JwL5EGiIerDfte2+OpsUDXmwvSa5pP69kS88il7WuZcbJZgcAJ2dH7s4c0oQ4RZ
+pKZitazyeruYlq8ISw0tMyWUhQyIBtnpaRn4FGRpZhwdn3MzpBsMXEBfETqDaIT/
+Js/NHI9p0BldLlXxjTci5DO3JD+5eEwzjmXepIER/xKNuTEgK2ZpULY8JyJxG8Ep
+lenySFLq129D/VbDVJjp5PAj1wJKLL6OLwIDAQABo4GoMIGlMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRN64lx3/AEAbL6djpYsbpg
+3YzTwzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wKQYDVR0eAQH/BB8wHaEbMBmGF2ludmFsaWRjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBmrQhlvkrzTPT4BYr4agHBUoLL
+n444+NPFOwy4rQOIOY0k++Fpvn+jjpIzrHMor9afu2rMHJDhlcNia+a03Ov1cLwe
+9fmf3gR1V5AuSjTJiLEN7IWADuIVcAPbAgg34e9Qb27pfVOnZ2JmPHkxiVMlGtA4
+1AZXwDD70gZU3iaIQKVPmMbLyBZHv8c3XtMkZ0JstPgr1WJ/Vl/Xu2fmQgJOc5tC
+z5fPPQteE5Uas/6COzeAL/VRAqfysO9jh7T7xfs62bbqxGcQise6bLxqKnpd5KWW
+BX1dDMZrBsEziR4j6wczx0fhfEPH0VPileMDN1o/V9YO9RFo1Y4+0YUi8C6P
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 34 6A 77 38 F8 A9 89 7D 1E 91 15 51 CE F5 FD 08 26 79 5F 2C 
+    friendlyName: nameConstraints URI2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,25879DBF4FEEFEB1
+
+eHanMm5BAI/xfO6HNob2KxFkcHyofBJ6fc7p8IsUbs8SEG9DYxT08dnwASuTWdlf
+gwukEKujaIY5O6nyx1zQOLsg/0XT4HMCvkpGJ80DfJWg69q2mYnwOaC9IiQgsA/q
+nxwuoN8rrfFpaOlUEFStuUAnc/FynEPZ92IHYuBxMebGhQgrkTtygMiRuqln3QhV
+a3HrpSsUkNxSi3olwAZqGBX176AhCkPt8ufE2PwV2uwgDUrfgouAq6HOeXqjNLBg
+Nz5TJ5EC+tAD0wRf4xVW0D34BOZaH3YkIcTXhmkMTl8uNnug8fkw7SqIM1FyI3hf
+NAXSluu7uOCnmMEeKOop0DFE0j/Bx7yBOYIdYVE6b2ZHEs44NIknMlkadhUogZfi
+7m/K2gqDXhfSYI93PTvJnRsz2C2v/F60V+KFRjo0eGEPEQ3n1al2q8Uk2k+vNOb1
+MVNb9NhIhTnkDnOBLtdvJso0qPCqAiWqhTlDYaVdyfI/j0wTArlLwKth/UPCTY9J
+PbOrErNib4k9q8fCj108AvfBIMrjdzGKsY8xR2CMLZTcqIwa4ISliEIH40RXix/K
+UFuA4O7RIVlCdRpVEBsTRebvTIzFfCQEj15VETu0eEI6A6g4i9AIm7chM1FXuf4n
+VBQWM5ftK5DOWBORtib2mFnLEfma7nYwsWRJXvkVdr7p5WXUZ9fYyleCu4Zxt003
+rTLWKA2o3Lud1WDsy3VabIjrLgyU/RxqlRkAG/QHfIud1D4Y9Ed14GWe12gr5+oU
+/2PwwDMgNp3NG4+9SgJeD0RBu6fcjui2GBc/AdTw7Ax6wnNzG2kmlFPwU/cPrQb3
+f6zWJeYIXM2ST1kq2VGnBglNZ/cAxMRfLGwTzECW/16FLCI7ej2R1+CDYzd+jTNb
+9NJcSJ3om0ojHnbQgeqOl4UQI3uJsOs+Vy/aL5kqISCibg5RrWGXZ8bAoijDVFk9
+jskfgzIQpM6RnH5KnUUlh6mXC/Yn2ju9lTKpfFqp0yIWM24U5dpCXJVmIrN8PMaH
+bZ4z1boHN/rB9GU0A7qdF6D/oj4XttRYpytDiGPPi+6lLXgu2MYy9kFrvxUp3xZY
+QfQ8d4ScJA6PXGOC3mA1PWoeF9SWedJgIsEwXYakbVaEOjahcoosTKFYoy0SFErG
+E7N4iJ20PvwTzKP3otMT3KtTem3hQlBxJxoZ4+w1dL7u4wgtSiGC//7C8QYipxK2
+Ch+HT6yvjkBdrH6L4xY/wOTsxRHUO0NuEsWruLHv/UjJHyaYbBRnBHiUC2jtDzlg
+hRWHI2NQNb/l508z8OO8bTqrKoGJnl/rUUAzCVCdv4tP4yRaIRUwmmYRJnDETaBW
+03XP1os4JfMuGr4nHzHePKSbd+FFa/QntVyYcRO26x97k+QCaQrzTB6ae7LHtfvU
+Kbtlme3iCkp3yccsKWwKTcYoZr6QvfCotfGeu4pjZ5vMGUq+bFR4xBCBb9twv2UI
+FN9qAKHEllpeo8OVyn7fFamswkHbVhPOSkUyDe6QKfFeP1u5omjiO+tUmQTVsM0x
+eMXJnxNAy5cUQNYBHOlmmSgVq79/itkUXdgaTDgnDkVt5f7OCw2a4w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem
new file mode 100644
index 0000000000..e388968e95
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C7 C7 6E 53 32 81 C8 66 3A 1B 7C F5 61 20 4D 39 22 A0 57 6C 
+    friendlyName: onlyContainsAttributeCerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsAttributeCerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBTzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJjAkBgNVBAMT
+HW9ubHlDb250YWluc0F0dHJpYnV0ZUNlcnRzIENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA2E6R2OJ/GnvIKN2P902pDmSDe39PiEWDdyTU0wZaUg7f
+3B+NWwz6zfuPP1VS+w3ZIpzMQN+KfsTQUUKvK98jvHRRUAZbwoM8RToVFkjoAsG8
+vpdnzPS9rSTKOkeaJRg2XqR5Yvh21aqfxi0EPszcBn2B80UugX32bLv3znE9Asoh
+jbP6HSonsmWBlAAz7XNlb1C/Q2Zp54fCeXyAbCy436TudkQ6z5gcUOlvqYvt3QUW
+xX1SKU08YDM4dkQD1w59iGiI9T4PUyiDxAVoJrGlv81nUYchOdClRuCjV8a8/aSr
+dnrEnxUxX0jZ3trXidjsPhzo9rYIPe/lZ9HUQzJwcQIDAQABo3wwejAfBgNVHSME
+GDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUTQf+9i28tRkaUE3f
+mQR6bTNwkE4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAXvMeOuZFCENp0
+hdymDJLOWK5FAjdilDU8h8K8Eu6kDQ/rKGEZKd39i8hDmz0/utfFge7VHSwh4LVt
+VAM1tJrdAQDu1aApKTkIZyb+ShFX427DjFcDMBZjZ0Rvz9/qiGdFd59moGIqao/c
+P7wKwLp9DCZBAa3ydLzYe71cX+7u11vbzvKNFfjy4PQ7VkjE9Hu9w4O2d18mD4Av
+KwEotwc7loNCrE6JEjTURcmrvJhuOgEIsLzVzMEuwaWeqiIPeIYHl/q1TMixRfkc
+UWDab7wLgb2TPZMtnVGFCp+cClK7R76iEXIMoofiuQb/uR/Qpm2ODQTlbQQFH+xf
+y7cXNz+M
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 C7 6E 53 32 81 C8 66 3A 1B 7C F5 61 20 4D 39 22 A0 57 6C 
+    friendlyName: onlyContainsAttributeCerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18B964FED0F9EE04
+
+r/nlBrK0lqS6TYiBdSIkthWXfj14ZE+eh/2ojzM5aopppXI0SjeuiKX47dyNNCR4
+cVGE+4wYkptAhQb855I5JIin0I+VTSYAcFev5b5HH/3P9HxMxyAWBemVzpTQ9ZUU
+0icFn/0baLg168yZXLMlEBzC7RmqHzlsY23VyrTdr6LsQBlyx4G+gf3tql4i9nn7
+rgnc/5O03VkwCzWLkBAKlb6vsWD4tdQ4umAGSvW1bWXixjWH/6rh4kA27bMBc3bZ
+Sd6nDnDUgfBkNsU35GcjUu+7XB/YkD94mIkWvfjOyY0IYduoiA++dW1PcJwvk9pA
+JgGf13uQGpsMEl96T2LajrN2HraghZBJ1kUmpJrSUjYrpRBhAqbBq73FQD+zLqy/
+sT4sHeiRldz1ciCAb2i6znTNIlcNXPmYHVD/bQCi6HbQgY7Cus/kEjim/UCoTwZe
+wmU1ZwfAL0d4AHTIwsa2cysBQ8bh2VUOestRkO+O6Nd7bArJC0VRJTm+D7gQ3M9w
+9WqRgDYnxxN+ADYTmuMjf9Va9J3G1Fw0NF7RDh2VoF9rIy3evex9noqVCJ3JDRf6
+fYNryHfxlunIPTyiwA15tMU8Aoe7JNwEw+kwIDLQWJIz/7rHK1FvrgYBQZpwY/9n
+ytzEa56G0jwmYu2away2R/mulTbg35jlbY+NEj6FhmtJEGvm9doItm1XM3ON8wAI
+FGParpoLWYEye0GrSDP+odREDQs4QhOyexzeV8A2H97gnA4iqWaFSPBty5wrxGBc
+f3W9xT4Q7ljpSMjSZDS6mW+XLwqJEaBx+T51ktY9d9sRG44aaWNsV33L4yNBty84
+H8XpJ8NAizP0nh/lBroXT1TgYCSnB1v5glZI3cN+jcj6mBG5n8wF+pjmQRx1ionJ
+lkI2Qojo/VOJc2tBmxzKKK9URB/h3xX6t89t8NXP+NEJg45iD9i/ydp3Ir7UIuIN
+HEt88tlPEDTUSTDI/eKGmPzx1OYTOea0Bd1CbhB8buoPk4bRB6hnpyQgCNNOSoDP
+NEWQoOpb5qS83RGH6iYjxIK5IMrNL+Bny5gH3D6cAaxNv4vR3kB3UAgInMYO9CHs
+acSwr09cpj3nezQeOE3eGBpNyfjD/mQ9Qnhc9Z8uL4gm1QewWEe4C3TqkH3wQvTr
+A/OjOMNSjLYuf10fXFoLM030T5K9kZMv5gAz8lw6GDrt06plRwmWGzrSKbEj+tg0
+o/B+H/83wtqJeMCqozcHzfuW6lbhkq9DsSgIYIhRf2bI4Ez5j3zQyyF4RWkyKkwn
+BcXbu0aEE09Eh2fU+cGqJ9GhhEMa1gSyiu+g12SF2ptQQE3pw67UCoe9ebQcjcfC
+jggwIwqHJHOBpnnkBoekFxgOtOhfcHf/hxHCk478t6mEEgMa4BIFTgy1MgwKhxYC
+Ohi4SDbnQze4jGwj57DYRklS137TgpE5yQUg0IfW2aQWzvGsPA90bD6QtcDE7MoX
+QLUf9fwQ1ldHLG2VPdvxQpGvwH7fAb+I69WrW+j7pWhGwe7yQM1zsS9ybK3URE6a
+yNjOhaKokZlqKdTpavZL/0G4Ot/plQXQORse/9eFBHRjdz0UwswvWj0dtMi+HuWV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem
new file mode 100644
index 0000000000..db908bd78b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 4D 54 91 D4 15 C9 D3 01 C0 7E BF A5 79 11 88 F6 DD AE AC 35 
+    friendlyName: onlyContainsCACerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBTjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm9ubHlDb250YWluc0NBQ2VydHMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIrJf/IZIHMiENvbg/xopK+2CNAY1l42W2B4uRzfJzk31C8sQYmVG5
+RFSJ70xt6k7QeuJ63lAO5vVdtAZkZ5W0WfXQHUPtS+TjWYphpRKbuiFUGg2sDgrm
+Ij8ZbID4BS0vogcN6pGMnbgm8wScYcPbp4MPs5cDWGVjAFfLt3Vn30WfjEofHkjF
+1duATD/nlruAO9OpFJngrA11/YmrAnKd92qj4cDkKBeyUGBkOXVEgNTcJEMz179v
+MzNjyZv/piWMwImQ0BscPG91lEx5tCPaUiXx0zO1EEaCiHNK1MQVx2rhUKiA+pQ3
+XS+M5GNRe8S+P0CnQT1SxQHRRidk7B7fAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQlOMOuyi11eltN1MADkogTIsds
+VDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEIiy9eAyhl49VpASQAeX4i4
++gNwgDWHolSxkb6bovr2YBxB/PTLWE4c3zMadsxC4REO3ojaE3bP7dfwvnXXFPUG
+UBZef9rieo3ie0z6SqZxEUieJb2PgKAF6vya3aAnx2WLx2TmMb7iACmLZOFXdDp5
+V+WC+vaNDPtRSu+MX2ttvELFXgLBNoeTmRhWc1kcbR5biO7UB8e+IddvBTiUVy/4
+v6N8QxK9AmqV1apq6Gsx7qeyp5I3biO44ikMMvA+xjz4iFwikphlYEupmauD8mjF
+Pc5rK2DtI+n/lI891EoeW7eyq1pO1vmHTZxkOxwy+E226Yz4FB884EQpsb6cf9k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4D 54 91 D4 15 C9 D3 01 C0 7E BF A5 79 11 88 F6 DD AE AC 35 
+    friendlyName: onlyContainsCACerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CD4982F558369A72
+
+yZvCqPFld3fSUveakYCsMgQXmpcS/+wqjWD5GQTtpyjSPLIQHFbd4Pig6eo+5JwK
+l4M01evK1t4ho4OlmtnnKfdcv7GCZFW/89DbrGBa4t5EiFKiPC1RGUt+Jp5R9HOT
+a2JjT4tB/10OFDm3zHbVRCzmrPJDWmuz/QkWrHOSSUx15tAPFiADpcIudYd+Hp9z
+T+o/Ee0LeyjF5f7tEkkcOcuwPV2IZoTCPbOHbf1K9YChDg5ZymFK3Ow/KOeraUCZ
+Jgiw9a58DsGqH+Bf/HTwBXkI56iQOD7Ttsld0dle3BhKNhpP5UxP7bS5LTlpDuwN
+0Jt7G2CtxG9rJaegKWtjh/0LWLrfQ0wiFk8Xcj4WX8nBk4ROeBAhUguTxGJhGR6R
+U6ILFw6ugCGuVqNY4hrLZ78qi75M0v30B3f3k0V+Zz8VtnxrbjCsHL8DAIrl5myM
+AnnfazkHAG90QGgMjVtb2A7g7GM/ZfTHjlXrFJlV/dx8JD5++3qzY7Tm9Xs/vnOC
+RUYy9OalBv8j6fUe5Q20w/HThw0TmoWVBHZ8TQE8uOA6lKbR7R9i/VNjLdZg018R
+7mejo4izqlvYDDH9o8h4Td1mBz+2eqS0aZ/RXAl1KpWPy8vkuDyxOJYYqbbJFhWl
++sCa5Z+v2A+tTGilDZx8qvEEq7ydcn7spOiKe7PNxMtH8YgWGIn5Y4Vi5sLQCQwy
+7h40dDz1GFxLXB4fRJ1GNSMl4TqdJs40esGBqR7xtXLjUFqni3JqFPLCzST532F3
+MkcshUQDPh7ZrfGkwj7MFCTrzXVzAVU5e/Rc4lHdw1xkIiNQkmTOv6aqzAqKMiOa
+sevdM1s594nF9kFp9Pkj7yWTFMosjWtQ2LlUL1X5d4NEeazn1d3sTz9fX5y5R6Ro
+07igIvPu3HnB4M/4KV6hNb630meufYFCD/pL1BZsFF3GkJakMMgtTYVH8ORkUZIj
+fk70vIt+T5u56QVcvMacamdjgFOyQ/UslEMa/1mjTZtDbxNQLMnLBGkIvCYUyPaM
+c/SSpGQ5+aGqpNzoj73whUW5TW6s2SmBuanVOHTuF0UJYb6A+h5zUuqT1U2OH80U
+8Q5a3Iwquz0f68zCFAedD+rymuTk6TKaew4SY3HFHcynifJlv0HJEtbIWgMF6ziR
+1DcQE1KMGywLvUfl6NAKmtXas/JBB1LyGVmZTfRVvBQ56Yvx5+EesUtBGN2sz6y+
+NsWXoJ76jTi+2xdapEevLG40OE/vW5P1kJuWhMJOftA8qCcpYVa68RkmLXIyONJK
+IKbaIKMJUmkx2GJt22UFvMz95Xi9GTq98p2Q2jcW+vRpWx9LiuA0CSQFauJ5J9CA
+P9Mg5b+PpZXm5v0cPlVhKH4b6oHgbwxPW7Z6wPsMwk73gkGupNSXcYrZvUOuKFHA
+yeWGSeh/oHv6X4XdFhn0GGNzwAWVfg1efRx1l3NNFucOTLz1Oyxnz81UQXs/O+I7
+FFfXpuj6vUXfC1KV/fm7KeIERLzOl2T8J3+iG+KIFzOUBajk0N2Hnor9pKBSNCPh
+fO8CjSwvQfARkk8DyuP2pTKIXS+p9+1cvtwvEPxb4WoO5G725mjbTg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem
new file mode 100644
index 0000000000..d85ce17b3b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5B EC 82 0D F3 65 F7 4C 10 0A B7 E2 2D 35 79 98 E0 75 52 C4 
+    friendlyName: onlyContainsUserCerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsUserCerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBTTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GG9ubHlDb250YWluc1VzZXJDZXJ0cyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKlNvTBCtZzuTltV3uYU3mQnxuNHBt+V6caK4kDpfW55LCuWYynT
+DuRhO3QyFs07Kwmp9x7wPJKscsFPWMdskNhF35bGpe+rofIo2vmNEGzC+uFXKEnf
+D/1Uz2c02Q7TKua9YwP56F7b9kOAYHB74K9RfWZZ41HdFRNLrY+uS3imHnkKHqNN
+Ad7V7eAUB06hNgpDpt1AMyAfJ/T8u9r1Rnq0NY4myhHOWFJ/Igl6aSzHDQPE8zeM
+5piM3am2Je4sO96a3SsDL7kgMICtt6DOjXCnewKgzt/k8YUMS6//SsDg3px/8XqX
+SN/qA0dFmrRI4iwn20sg3bKAQbNKQroHguUCAwEAAaN8MHowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFJ28AKncAc3+HZaIfbWeT5ne
+JNIFMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkPJByrONlwIFohW4Gmj2
+QZqLaHtT7vUb6sW4pd04EXBy4/8OmAz6giT3NEyMlnSaTlqSRHRLEXZb7RyuNBRy
+ixm1bvDI4nnHpVFhC2CU+5yORzXkXlfDiDl6KAK31CLxxuBeguHbelZJ8u8ERtpA
+9qn/FKm343FlUHVIje/7a2uo8KV3EZT+4V1oPVi3CpkyDIpMypnY6UmQPyuqstxn
+BVgfijZAx68HFb09yMAlL/cOONQfWHFp1igINJEiqE6j8fIlJBiqo1tZpmh6UHEx
+Zky3pmHgczfIlBlaQetjITOxignJAEbU1Wd3mBFgiJIAbNeJtqZNNNKM88zokJoj
+Gw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5B EC 82 0D F3 65 F7 4C 10 0A B7 E2 2D 35 79 98 E0 75 52 C4 
+    friendlyName: onlyContainsUserCerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,05240ECEEDFAB262
+
+CIcl1VuzngTwNxm/PxWb+EnUj6m6zKj4SDkKR31SKSRPg8GY+uG82CKI9TqyZoNg
+pcAkXBt/hTOs1WyoqXrH8F+DsL4HVayMtT4qvXOz9x/8Dl2/phiNcBo9a1eMHHiL
+d3XV/pD0lDhp4OKrfovaQyINBZnjSTBIka4zMaEaiBIuiZJwrDK8m7K1Wy9qy/xM
+lHRWyTzuoMqoF8NERwDYSlK9P4/Kn4FmwjV+mcsGcXvivhOkCMmKxyOo8ryt+bSv
+gy/4USC3InOKCj7REA1MTAudUkPaG746f8irStL2BTLqJx7mjy3uNQ1l5QNcIHQo
+49jkxBr8E38Pwe982OcziEUAjuiRA2dzp+qz7P935G/pkvaf2htqCPj9ZoZj5Cce
+tL75XITV63gsklIJABxEzednnaa3qMTd4hZWrx+LW+c2+h8vj/w+ScxYsGLDFEvU
+Yw3lZixspWZfnqCltUX+p4/ZcK1RgD8jvQWLhGUGAuzxg3c3mGa5vyh4ZM6YP2Nt
+cuaClNBSuqU2utEFwf875GlEJnOIFbUZDg3dchZAsF9DjhC7x5jp7XfRjRsLZjPu
+tYqtJD5GCsmevLCL6VNO4fGYc/AH724QU8LeYsvFcqupAIs34cLa6JRRDn+tU+j2
+SBICRzfF36+jLPUTPEckXnfXrkTNheEfOscB3UisoR9h9LH5AjpAkMZofGPt+rO4
+0OhfeVUNTQVu8qLbInIehWbi68uOGvEDSFqqDwvpYG8a93o3ovXLFwzpbb9fFnaN
+2M1R6TN1h1ApFPNqcNApm0Mo3QTXhpkMoIM6Ik4FU9/4qQZ2rEMjB1yom3VImp13
+UPpxDo1OKcI/oyRwV1+MYUhpV5tXnVw/REUY9aQ/9+Xgm2wQ9xA9iqUh3nLt59HQ
+2Iu6TYzs8EFC5pmMPXhZ+K9vRNq9aeXVnhZp1Y0t3BkWE25Axu3vNiyLKkLIIwwr
+882S6qHcEsqYhvzR6FFmu0f7Hn1B/IkZ2ytIWNilRhtHgyHRIoucr5Lj1l2u/NO1
+jdlb1Xqyq6V4APCtL8h84DmMUv20aLTnYVjGWRsnNwpKs2GAiDyEr3DeiNg2fPyk
+XDDZcLOEKmXLLoAJoPPyH3eK52IrDeqV1NT/SR384+ri2r7NM+wMmI9QZbVBO4cS
+iQjU0IUrjlnxmmPRQB1eccbtZnnzzujmc0JHEfmWK7VUmd4VSjsN5EJyGxN3G8rc
+ccOYYasV9XeDxOf4yAHsSIXWeIIgz0gqj+CrPcOwj0er8pSl6ya+V/ajBRPZ5XKb
+Q7gBTwoktm4fKo8MRT+BNnAcOf0llh2Wtyu3Etji32hU3DsoNN0i7TaQo+nwhAY5
+UGUp6V/bAGmiyC6ZL2d6jfJJtQIXEN0RPfKXxm6Wog+/IepJh8NSZY+6DHTrXJOC
+aGM8WYdnWskbw1xWCf+jRRqpwPzitlcqB7yG9Ut6Pu45WUAUsRsgKnX/QzAzRXa+
+8VhCsYppYDmGjD4o9T37IiNOKyKQ1Nazy80yBmhqMPCCvxSGd9/grNnTzUkcMYHH
+X6QdSRCa2SOTyUl7Vwg3eCJPqugZWgoLG+k05bNWKZfljjbit95ZFQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem
new file mode 100644
index 0000000000..acc2db9ec7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 21 E8 8C AC 8D F8 F3 96 78 B3 9B 03 AD 1A B9 BC C4 27 68 AB 
+    friendlyName: onlySomeReasons CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E29ubHlTb21lUmVhc29ucyBDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDNCh+UU1u7RaINmvHQNlENRQ4u0my6Kk5jTprQKZym5xXcNnnlCdv/1h+J
+1ZRhcgkRl70/RucD7c7q+WLV1N7sDTOk7a6d6ICoXLak9piG4OBC5y+IR+L5vO/k
+qCewR3ORPup7RrjsrEPuqlJa9yi1H55BhzLRRqPvcsumsIzHdXN6BwT7a0eCHqCM
+5a2mh0NT6CKEbQrMMEtDiKdItUYDPsIPcquxIrP5uoF2uuERI3U1p5UXE3owxecC
+kvQz+dMGz7QQACKT2cNYhZiuZVtYfUrAvdQ/E6LOhlV3eRqdPYsFZHU5ijz75blc
+VYMUBFPpqp5o9tddcGPFs5YS2oyXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRQaNEJQSeH5wpOt3hW+xeO7gQHcTAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAqealoCILXGegRsrAUZ+zTqnaVC
+6DXA11OnQhUkpMvCWG3HLfNjEUxMUohu73U4akR8ByHKgZlY79YaZEpViC4ipDFu
+w/Xs+NW3L6g5p6sCCaqAa3YODnZLET6SOWjxxgBhmoydDr9V1J/DfQyBV3NNypS0
+UN0njf9GXMrkJ05eA7F1JXpAbnhHxWL9iqmj32jaXj/WEbiRriOq/puGvLDnLYw5
+1/DwmKYrIfXI1erTIjVvMz8XOrqvsfbTdaHtbQjGRoL8dT56/2OX7cfp6lP+Yeup
+Nwt/eHp3sUXspAWHgJWy7faNJPYyNJriNuYDqJ7Hwa3mT29ymBK5nPOBmNQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 21 E8 8C AC 8D F8 F3 96 78 B3 9B 03 AD 1A B9 BC C4 27 68 AB 
+    friendlyName: onlySomeReasons CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3304EF028C8F37CF
+
+NHfxWzbgnnGAfj7B+tA4sHmQz1GYEAMeQGti7fyiIKAfQnihapXoQGld0qD6J7YI
+ASbY2A8j4z15TEtlYgNoqdPOOfsTqIJofXuYTnmWkKHhALUbMR3tnN6jNXNwEgen
+t12yv4tVjG7Qv2LVH0FZgAAMpa72HsvnK1keiO1e4th/QUIeLAnm2zyABfgRTSnt
+HumfEfeuMquGvSG8zQjAnLLqhrTngeMxm2so0eVn+WcohUb45HTGa/dhPsUJmFWS
+fyGyXiQ2faOb0AMkC3IYZGHymBiJU7ZVkvim2uft92ZDwl5NylpOGVbbbgSZ4rmy
+g+ABrIvOpr27QyxXMx9bBCGff1VyHTZt0B32pNuUjpnxpbq5SYJrUqPgvCYk+OYu
+YQlnzlrQyDTrYsvdWukZvEGNFrxsqlwJecdj5OOYkmNvOnu24xfFLjh26PYdUrJc
+/LM0S/qFLaffF2koWN2vv7Bt1Mhl8xnCMd+vjMR7NYO6VYcBH5Fr52P+KViiQXuj
+iz7ej0OyR6MsKEDqFokSS9r3k9VI2fHNFvAGie3paEaMFcZrZc5gIraOcZHcAsei
+pjf4IDFAs3cfzo3QJ4AxPYKdp3CwlizAgvAferGd1JmihtgJenJwsw6ODd2wat7X
+a5ae+Ax8mS5M7r5GZYFMtq1gc5sLG2zOkuSBMCxrmUdr+Bn8vDR2o8YaGE7TsBg3
+K/CpiTV6JThEWLaZOwUoE2njT68IgcS3FhkHWL0hMBhTROuAB+xwzg7paBtMbpya
+4UjP71tiAGnpKI+ICr+h1ZDCd/nxnlCVlYR8Iw3wIHzpUB64v+8vN7WifK21sJXV
+sh78kbAPYHatOAOhApEY83Zg9jWfwLmOIF87uLA6CLZ13DC5F5i01pELEqNaIDkk
+kgXOOCaDXzakDiedJa4PXc35cRLD7svTCY2S7F2e6sd9zdM2cvqNp2t9coS/v3LR
+nxcC4YFkinvH6kxhy+gClucw5DIKp/YZAiz6nxqqzyww8tFITAYew2BQMxLkfThS
+1qcONAvcNffr5v9vpz8eSDNEfsBnBnUZmTJgcFEOimeixkclEQsJmSSpHYN1242K
++8fLfTY4WwkmwAMVAW/rY0AdIZvUgjimQlX81qOxn5lqc7UdaxkcBwkT7SxuZzMg
+X0ee+Je3+Jewh0zlrmz9fkQPfEzzb6AEiw6VSQHRDwDz5HTH/YaaEdor9WkCE6eA
+uwjeu3KVMOY/AiLLoBrCacpYUVpi6ZeQwFENHY5JBs2GQ+aTT/Xp8CoChx6K3eyS
+QbVJA1dL2CzAZyO65hU3KRqYQli+XScj7RSNoI2OrmP7v7Eaxvp+6dK6g2e7C8XS
+HR9Z/hyWPBTKs58rHKU/jxOM+hn2XQGgbvzg4msuh8IaI3K30WDcKyg6FIS6pDw7
+HjWeh2AcnaoMosYTdrNA+czzk/LrMbRZl1Mc5PMPKgAGhy9jvH/7iM4nisQEQ9pP
+BTklbVQAycz5xJb5fPowoHgi2uba1PwxT3ITdoAOxebqHyqa4RFjSZ3q/71oCv/e
+sn819PGt3yVT5etC0lcoXDhQ0cUCpoZypLuHBm1aY4ePwMUKWKDh1w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem
new file mode 100644
index 0000000000..75bdd78cde
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 62 D0 F0 21 17 A2 D8 EA 5D 5C 7C 5A FC 05 E1 98 F1 2C E2 4E 
+    friendlyName: onlySomeReasons CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E29ubHlTb21lUmVhc29ucyBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDGAUE6VKx4EWe/9m53te/ZpcBa1Ipmkzzo7oqB0EQo+XV2rtBbKo+aCclV
+3Wz9fZ174ydCxbIuOWkIOHfy09Xn9mBOy8u5xehgFRv58p28VIaHjsLqW1rKimdj
+4VYIlXggNjWaRv+RU8fthz2N08yC/0qEYKGl/n4JGax7/T/EGBIUXGWMLhJsNuBA
+77fpt6kzo/CIbm3Ad4y1P7CvKIQpDRERlgz46qtBi0vI7X2pu2L0URYArkUYXwkH
+pmszmcovcpgZYEkszrk1qwoF3Mr2ETJoTQpyeYVDV5hj/5KcN1D5z5tN0pCabJS2
+NH0W+WDo9j7eVthnD6mTeWY3fQEFAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRgY9/SI6Qp1kGkrMqGeZimZQFIrjAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHGDsZYn3ZAIZ2H7xe+cnSisch5E
+jFuol+JqPT9CW/cTbC/HKcUBN5KEq7gIvTm/r7+Rc7kK+9I1dxxf9ZLxSBgfuNfw
+xUj1sn1h2/HLiQj/4kFB8wtFCTWhur28AELLqiNuMKyGKtJUXqKy6LGcfKaiUVEZ
+g1MH+DfVpST2FBGyoI/vdPyTt9wUABwUkPH20j7ff+u17V3BR3TwCs1tAkY89PNO
+YAcc51fMDEDl/9smo38DoiCl/SKWxYaDXuDvTdDcDsitsOKrolL+9dIToBes5l7B
+vl+soT0Xw+IQ+xptAUfchKxsuGL1DkWOsluGdSDdGhTOA7Hfm+szyR6HlS4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 62 D0 F0 21 17 A2 D8 EA 5D 5C 7C 5A FC 05 E1 98 F1 2C E2 4E 
+    friendlyName: onlySomeReasons CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FDA79368BE51B572
+
+oKekLSBkqx6Uyjl8yElaf4zGCrOxoudKNxYh06k0k/lA1UWK9sAxF7/3oZidtS3h
+yS7UK8LOo4YPKkX1v4huKryx18H/TynyMP9fzVxtekkVrunzT2L922LhLvvxdXPg
+QgNUHyjZp/SYijbJCOgBRRwnuBonMfFQOgrOKTyVvW6h1Grd6kvgEVAYl6F6AQxG
+lEbDT0i0GwPO50qUciJJYTz+rGq0KsRW1b3PmOz7t38jOlRGXWZynSJ/SeHWKDDz
+oAAn3Xb+ct7aUXgA5saSTiCrfhbx9L96t6d6oARtHu7ewfq4vWbPlArir1iqwCkG
+p5xmPrduODLyYLEyN4+uHs++xGXkigRObRsVRPgH2H94h4Fhqg87qqOMD6+Q+yN6
+caU0fWywK9Ac5A5wuxJ7IdtGx05L6RmVGSIE5o5PMRLz4380+5cyJcAmKnTmjZbo
+7iRIz2Lkp+Axq0WyOt5sDraXEvgbs2BH3sA72JClj6YVC0IPJVFaTgwT7WLwSrSS
+KeXREsTm3mLOM++egUA8GNBGDDWvtsuHTYcmNH8m4kodWWocycvRm6mGU/Y7rq+S
+23n4hvMcxqpLk/yratJe76ij86rua1a05bxNJ92ITBpLAPVS4WBMEmv0UmllURDZ
+zShSIbQBbcEcWJ6AFkJ3E+oIIns1Ml17X4u+TzM/nCF56zGgVLz2zKRCtyTfMQ65
+Fv8xzHZ5h1Nu829er53WGSR27FIB+nFFghiZ7eQvm7tb7ggUrw8JxZoUXi2oRSWk
+btc6jC7iOA+8AMi/yR8p0HN8KliCL7PrKbyJOuspotxC7jIhzwcGRlKqfZ+RtaPs
+HXH1kM8vI0kCByL++HCNw5DQZZcwscQN0RsDxmN4AY7tnOTBwhTEGRjtG0eYw2Nm
+6Q6qveTg2pQeIlRcpqj5Gsp6T+OJ0OXO0qPM9YmOI3/934OizU0ZZfLQ6/2JM8Pg
+nEDuOyxI6vrIVjP1nxm22mC6dHU0Dc50bpw72omR/oMmLV/GzhSl/0quLqEvwG1u
+BgHLstIv820Cu2PCD3UGxiiczZeIYB9ERKDtRAywlBnqnqze1+6ZMPhGcYFyaW2w
+VI3e6XshIfztVX8vIyqxDKlahMFuBvplwPQuhnE+ELZi6maO3s6/wgoLdSQ+IiAP
+6xk6Iuk3K6SMG2kW/hs3RBumT2VrYBssiVwQIO0zcF5cExlt43iAu+duels7sgek
+AilygrSHgIb+ieEvsbwJrRkG5insPtcLF9R84KX0AZwLx3T8j/yeSupJ+3LaDHrZ
+bMCKr2sa02MWcpS6aa8YZOkQkGNn1Cm98/5ImFLSZ/DxYH20Ul/k1FqC/wMfGe/Q
+lNXpIS56L1owxpSsEPFrHJ3N4ihdGMkxO/kZeJvwyNehKa1pLvAtlChveYz6uqiH
+pZ5iy2frX2bAOT2U2fNEn0Wn1Lioa7My+OMawFlxWk2SQRmLxOs+I3jaXeMymzV7
+/ihD1ara71iekkG+NI/zpcQYmrDT+3DZcqG5m+r4gQ0wjf2blVuzBIx2JIO8abYu
++drPop9nCT9WkSjoGSMIrUYxxDQrMCp35T3EidPy4agVNBgP5xRb1g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem
new file mode 100644
index 0000000000..a5308f022e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 05 95 13 A5 8C 32 3F 73 16 26 CF B6 25 46 FA 14 26 76 29 AE 
+    friendlyName: onlySomeReasons CA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAsT
+E29ubHlTb21lUmVhc29ucyBDQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDW7KN86+AxdC+M9zUVhx3zrIzYb14p5bROLn0oVLrX2CrAzM0BJwy9Eyfs
+Kjz+C+hNSom6zZauHScCcW7Dq2pwYodhJYGccs+iFTppwtqOodXhiDEs7XiLM2tz
+Y4HTqJMH1XRgDZQemCedZaeQvqjj5kwycktkiVKfyHVsGIKYbt8Fz9QGNebCGhvx
+iwQ6pvMfOynEhCObgwyCU6FQxEn2ZHo3uZooJbxYnMiThFjdKzUyvBfsXaeawmDc
+vXwCBHYy7VFs8NikWYcek78Jt+6uoQ726NA0QgXz2PXL8Tsh3TJ6JqLXU27rxJOR
+Ih4lDtnYuZAuiWGi6T8hB3f8+DFNAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQtJLeXhyzu2hy+3peEG6+gFRa+azAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFZ01abRiJllD1coQl+tPkFpIrX2
+/6vIvljOU6K15UFRovO3Hct4Z3hGszZxUtyI4ipGq/aLVHbjvW6Jd/CgCnZ76kSD
+px55iLVFepfaxksJjWWbE1Oe72foLiHztJ6tOzXT9E0NxXPxrZFlhP9gCN8tUak8
+wS7URFOorHCxznZMxZ+ADM6g77D3zBf5BxH5iNdxD6Caaz7ez6yPaA6APMY9tsiA
+jF7pW6F9ETMZVug9be6PpzNHxsWBjE6wkpl7qSCF13o2zvcsXzs5TkCjPQWk16sq
+f9Uvt+oEl/4OoyIQ3kS47aedWc3mL855YqCz5S7fwRWyhKSTIC0mFCaWyeA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 05 95 13 A5 8C 32 3F 73 16 26 CF B6 25 46 FA 14 26 76 29 AE 
+    friendlyName: onlySomeReasons CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B40F3C8577730807
+
+eISBvf614CKAGf9IwjMT68YoFuH4XXc2DV6P0M8yFhaKfZMZpIE0aEt15buADWk3
+PSTOMOiJ/V8Zi1EKHDl4XOnua4WfDwVX+Tia75uSwOjka5UxE0bqLOqekCw0hUXt
+HTV7YRuOd+uln1wnSxuGeRxyhOjPJ5rcdBrULgtPNqAJU/LGrGXIc7S9Cb+i4/tk
+oVPRjNl3NWr3RKMSRebw0P4Fw6q/kVUqLAfPg1aC0kAvLCkV6NjpiSD7xuaHuWOm
+qIvfezo4PtAZciNs6Fco0OEv0PTrfKrLV2l+tP6tDYitbxneaqWRKEzxFaX02jIQ
+q5sTF4if2ybg3cOAus89G9ihAZUIpQLWe5GLIMmw6TeaDUlUSRejhOmuetww9IGM
+vkgbtogQ4FylYt7RJyj5WeGH/7Q0GqTDxBzAlOLJTkq8jknN/HU2gW0PZS+CMzyd
+e7vgOhF2jNRw20JzLyuDAIWh0crmCKohhmeHbJ5MxvURiTLFEZaHCVCgdSYfaOvs
+lSmehPn2YVsHi03o1ERkcCkkNVI9R1WueGJnbbRCgcNdViWfxcqw+kle9Hq8AcHF
+gkuG2DzK7nPCFFUyQfJkjXSdkjnWTt/dG1U644/aslAubENl+zS3QabYmYpfQPc8
+9IIRW/+n2Mo43HNk0erF56Jsg/Av42gCaYeMIJhf4j6HEimjI4jaZvzSObkK+FAH
+kkt4XAvUaS76qNXpHFvtW3NiiVQDrfOIhyYcMFHjVtlMPDp8ttKozAMrc9tdVUZj
+gB4Pj+cO1T4QYGNIwyRwwOGm4XWsBD0qFVcxtgx+JyCsSPRXTYlw8GisaXqK8J9u
+TWDKYm1RBydNp4weVnJAPjLF4c2D2VXxnqXkwkhL37iehj3ZHFKKhiCL+w3ennjD
+sqr333ak/So853kAk+VV8EazMzxIB3bdr8Ok3lDy3mXBOkPhOR2nc7oDPPV2K4m4
+ECebBMUN/4FZu1zLU2nWizLVcIP7sfV85zCqWh5EzmB03w+4+zg2e0zXk7wKo+wr
+/Fwm1cO152aRe++B2VQaPdRL8bAFy+zqguwwJFJqDkK99xdL6NQAe71F+3r3MM6C
+RdV6b8GS1axdHgQz8FrnaUDhBeMjq2fTqaM+xHwaprmdGN9nYbnCYNFi0zdxoGSE
+7OtVGwT/ZczfUKiiWxBL8dXbdL9erFpEJanlIA/4oYXurB99wsjvrXArTfgYJc9v
+lF9DI/z/JYjM60MCLhaFYH/3WxQFD84/wQam1QHgOpZN5IZj1jOH8AXunJejYWnM
+6DCmfsWr4yODxjSg47+TAr3DnWHPjl29bQ52/DAM4qoVQKzLr8OWIlKo2djTMXr4
+IZOqFPb63gHo5zGKav5cRrSwT42k7OZf/UuBJNiqN/eJPrIC0wqWrH26TAr/8sw/
+leI1tGWFUH44CBhtOeRz8fcnXqAWJdPjtYsCXf713HirRs4W2WpNgraV+WL3aIg9
+zx20bPGaqd8zPE4rJ0vWqXyio9lVJrNcVB+93RD6Znyi+0VGZZKA25lmY+VdvW+/
+JpB2t/8kBzWFnyIR1XJ6A72PSZh4YrUm4QLYvHYenVbNH4aHCstJMnKHWJ7MzwLh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem
new file mode 100644
index 0000000000..c9936c65e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 64 DB F5 91 85 C6 DB AC 2F DA D8 B6 1C 80 69 1B E3 95 A0 9E 
+    friendlyName: onlySomeReasons CA4 Cert
+subject=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAsT
+E29ubHlTb21lUmVhc29ucyBDQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcUg1THz/u9oqguGuyVJRqpN2fztvDrzvEDldGjzRN+M27cnJSU+AkGwYI
+/orIzQOrI585VB/WEuofYlKna3bw2ARokg+swgs/hK9w030zgx2idKC3mNghUgJG
+EjBfzLDS4j46eFJX2pTginCtrriiga0tvuLDrJG0+deeAT6eBEbxEYNEsc2cPE39
+1yUhT6Q3kX/kF480jStykRMxKlms4y3SlyBKkbQ/DVYyY9/TLyDc4l1QpUQ+f22L
+R+dYJ9SRQoO/xFG9Vukpo2Yl6D13di9JgdKdNj1LPc6yG0zwneOgVwliS515MUQ/
+BKOwnnh4/0oboM6wXw/TtxoVy3uNAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBS+ZtweDAY79tOINJFTJoENaBduyTAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAuptMQ+7SNcCu0O5GBSXdrWUsKH
+lRusRE/IVoNjuhfjJthO4WLtAs9HEzz1OOqcksxTEm1XNG4CqTAoubmFQJ3eNm1n
+jAZTPqO1GZtrkd7CTtdJqDcM9OYF9Qp1HYTXxcz4Sm/ySPiJV9tj19ZKG/phx1Ib
+bLxtrN7i+Sn2Ym3yI+G4JeJoaVCcuhLawEaxj8oCoqNPpt0/gNvizwEmt/5yssmX
+qguxcvQvSW73Cs3nrTG7/vqRQz1gKMwBwGfZh8gR8ce+2gZguwAvykE2E4b/AL3G
+5nrfM4sMmlnxIVTbuyvO4MdefvBM/Q5wARuwkSXg64eWfefbvhQgx0TBQ+4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 DB F5 91 85 C6 DB AC 2F DA D8 B6 1C 80 69 1B E3 95 A0 9E 
+    friendlyName: onlySomeReasons CA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3877C7AFF63F6D80
+
+y2SpiSz0QuZ0CzWgn9UD/m2tAiQ4UYh29P/VdmsLrL7zy8bbG6CaTDbbzV7e51ny
+xVPqSNKD9hrRv2Lsv6FFTHuU7IWxzSuz2alDWDUnXP1KFrgS85+PvBkLaJKTb39p
+KavK3TaQWCIYqYXU1APK7nLhpeem9nIeEv5GoToyD7v0FZR6JuLAPXtk9aJfTy0m
+cChwCRw2CzjHu2h4IqACpO8Kkhk+zH2pOd23OhERiTXOqMYhVmbmU4B2cpOjHIf4
+3HjGhIQjz3UWTBX3Jq++5VOkZJT2RrFaTwVGwd5nl8LlgkDEeKQyfGWzRykfvTn/
+oOAjANYNDur3ONBmy9o6sMsfOt/76n8gLbkXshhf/obSoD6hw4thSs5++fPANaf9
+/q+FDfx8eOsP0nVvV6mEDOFL6DYf40BnSkegdnfnbs5VRZGm0wb8y+JPWCy9Zs/4
+eEhJbRQZ1BncIIfSDcUchxdGaJMxh9zETjhLHvIQKdFgm8s/UNZv8wExng0DOV3W
+m+Ptv4ZvBqtjj4l56wAf669HQHpZEUNhgC4mQjfvWsYU66NRYPYlZNFs4Ys7QAwq
+/a5rCbpv0Gcjxum4wo2CFmuroFEXYecWndmoeV8EK5q28xS6pfFW3XSbAJXRsu3n
+IKdnmvywoyKZ/RQGpDffSLGXvTbwdiogHQ3PWtQQfkruJJKuBKw3U5Oh+6hkEdU8
+kJpXDAZRYU3gYEpCkIDPfR8VTZfiaHaw0yToba28gZhhM2h3BQqE7Nhh3c5kH5Xl
+ZzKmL3JfGMjrYwQ+iUpNdgBCrSIdQUAta38g38payjra8YbGX3DqPDi5CSkHXG3H
+zFvWS/MN3oGJoNKXQmUrAcWg3Nu2xzZN29gCPkx/+2eK+KZIZ6CzGuOul151k3hs
+2Fps7jDPfZejwpKKKLV3mhRp6lnSAqL7rTS1Z5y0mnzJpkqwLeGtytm24cgd37Y2
+6vtxFOKsqA3YHc6rNgk+sZlupT0f5/oyxE3Hy1qbnK4THXsCEEmOQFNY5lD5A6vc
+Jyl6g8Tlf22NAGL5QU9/aIrWIIV55FBVDBnk162gS2XFExLurgolcG0R9dEa82sF
+urX86Nio4m/QGELxIEqDReJ6QeCidE+yFQnm/gGDAjnT73aaN0oxTX+zA75MECqE
+iOYBdC87jBIJE/33LwxuOLDIOk7IPL/JJsQg6ZWJ6rTAlPYiqGldn97/+zFXOqC/
+H7HS/aWMnU4kWDbClKTWB4THUfNdrfuBhf64sAEvQpqW2d0AgeZyHFS1Esc3m276
+n3wDmJdQLSoiUEtlQ008n7uREl1aJhS1Yp3DxzqFrcqFytINvaXPgt8RU16HPyqB
+huYY9K4t83QQJ41GaEYLCOYfgdMTjWEavTWozlak3GF+APWK3e+hWf7+5NmIO5rr
+E2hic8Mjc8rODbhCddsbPdWZXPnE0h+LpSgG1Km4flT3Z8bNPbd2TWaGKCrYtGwo
+8PiC/86+aVLVaviT1lDegnNmUMVAhXI6tDAfJiUnqYToelS3KnNYRt/itRBp2EQl
+iaACuUMPxYH7u/VLVDp9kenwPJNWQCvl13a9vUKjEp959xGBTB7PeA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem
new file mode 100644
index 0000000000..9ad542d1a6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 03 50 A1 43 9B A2 1C D2 AC 84 CC 7B BF D3 C5 45 18 93 E7 68 
+    friendlyName: pathLenConstraint0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBGjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50MCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMi803q1skF3rlRLLe9UJy2uHFEYjwqmpOnvDT+3GAFrYFYjS4u7307M
+pOxI7vPwlpRMURsQY4k8IGlNmXgHJLTphFdARhmPWskpfAfC/7mnNrYqvOCixnG4
+1EYhnCrKN7Uhni/l6AHT0cLp3HmnNXFq0YSWVpWOZ5yx7KpUld75+MqUQixEieXc
+PunjGC6MjHJQFrko5igrcGu/PcETu9ao2CQZdqnYb17ftxSiSPRUtwilTLEikINo
+tzklWM6HEO+aQyXi+Ib5UVfmYuUYZCEA5xZk5c1Q8oYd3EAvbP2EHQL1cPo+etR8
+K5IZ3zpu7rt1sD8Lw4JSFVNejDoZrl0CAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFJsrsko8kMVuUAHJIr1jzgnxjD36
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAQMor5mePNE4lGLLT0vop
+fvEOCEJSav9+ufqqnH7BrMWQ7QzXH1pHdA/IgPAXXTRVWv2U83srUxERw6aAyuSW
+DJ2g9iW1ti3fqLM0X+jDLrCkjIpyeG+9R+uvEG48FTVEYrWr0yeI73K235XmZh+0
+vht6STnnrNNX+ZUS12wEPOes/TskflyZXcOcodC97gr+veazS8ghL5RPXKyIkBLn
+jRsarcwDyN8KQbSlsUtvv9nowqVzptishiTXHZRnKMWMr91gqVnRkhjoXPsRGsq1
+ytueK4tqUCRnBwrBp+nfg3UyWHfh+Nj6XG+VYkjAXUVytqZdX2rMFTh7qwGMH/zz
+jA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 03 50 A1 43 9B A2 1C D2 AC 84 CC 7B BF D3 C5 45 18 93 E7 68 
+    friendlyName: pathLenConstraint0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CD6E26377E7D236
+
+aqLPrf3wLKBxZiScg0dbhdX3K6sZ0ydp8rKlEonxU1efiG7eVWAmvgUTbXGt7yuU
+eqd2XvnN/voC3vAxlZbo/RrYRvpWG00MYaYBn7Saus+huZpmozXzjnMuVFwSYARf
+ZmYRsHuNANm6fzulndJZuPwu80p0H/bjKd5jKOrluHd2cap1LuiqYqpnjvcjxZaC
+Vpqnc4jrvprb46ygz0w+9Tpgc3XodIYjpG+DFNN7IDuh/cMZ5d0tz7NaYqWDIDzr
+b08A6+vR6Z23LNV6LNUhjQCefR7VVMjMDt6MxW57KZ8BWMIXikJ0ThmM2eL2nDd6
+a9ARzkATU7/nOiJoux2cRSjJ1H/faTVrMvhwhbVYCwTVSpRt41UO7Xxh0njzgxH/
+BMpCzSlsGFRivgCS/ok4udMWOPJwO71RW6ORCtdt7ZePw7hQS4dq0OYER9EHD1++
+wR1VVdHXu4FIyB96tPp0WLlSIA1uFkffGpOWp17b6NFR9X8KxPyf8G/mdAy3dp5s
+7dFEsbPFPw11eJliOSmasASxI1HpFN9Aw++lVaG+fl+hzBMRYhsYPpheysQz6IY6
+nMy3B8C25dw76ax2wcWM76BvhAw+ty1WbnjPKly2ScS8j8WFwWVNC1jEDDAJCV8x
+XDK4ci/1ijJ3QmxHQaqbi1vWhB8q+6lrM2OOr4eVgei1CKfSmoo2BAYeh6aw7MdN
+JiMTaI8xrp43urbKWwIwXxf+YkL2x8LElutZ9lPONmmtGPjYLUvpM8AIkLnCdQEc
+4hbhtuApw9K5idWxkD4Sn+wYlJubRrPluFLFkXhhnqPYn5ieHGbca+LrZeyjoaad
+HJ7KNjzqJnD2fqiLnIziu9oOYTUULZxHhoiXRvGo0r0S+46qLoKjxDuNzy0XL/tB
+uVr0yPQk5AGBSHa4HdOov881kzgyyTdYDd4JTHXnfOCwmdhqxkd2hx5F67yPEZb4
+nCOrUrU09MVwnlYpuPzgSSCefv0eGZP2ZXLA5j+OnRAODBxxRQe0rneowRInAIQ2
+a809IvmOX/4+vGSQ9jaOhogvRi6Mlpm2acrPlsZqizDlnGH2DAtk/OED36Hpo1xW
+gBE8gynqzEVXkc+23R/wF1ks0vgVkye2qtA7yBPCLDdYMKvjpWE8XEOtTLss5YX4
+mBQPdpJ38lCTRTojk63MtX3sQCaD2M5Kvr6bCgauEErIcxif40e5Qr7Re02eoWtb
+DnfsxNObcshEOzDoJQFcdYwQFiwPOZAZyeVUtxTauKWcR/vJ3kDr/GImixfqpaMG
+oCJEGN3dWY5L2tCb4D5QI7OdPQEDd+TfTcMGa1k+jYMv4c60TY15EQSk9m/0WXlz
+/s5TG2ZfVRUbUaBFEMQFJxgGRiYVEdoxVmUWSjNfLNFQd9x2rJ/gmxuTgaXed5U1
+tQcF+YygxikpPcoz9Ou5Ghkq2YxIkNVGW6nsySdEC2BXk/iZTlss59xrCJ72UkoV
+fMkex7R6Tv7vLJhwNdqIy+N6p8MU3TOQcsHAQRFR8/hdNznIGPlJWKtAjpWfbNso
+HiMygoAYBZ08af/78SJWzw/9Kv70oAWj+uXR5G32Uv+59g1jeorU+cYZzXNaXVDa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem
new file mode 100644
index 0000000000..0f11d26320
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 FA A1 FD BB D0 38 25 D5 CE 7E 25 2F 1A 24 FA EA 0E 44 1C 
+    friendlyName: pathLenConstraint0 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+TjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+HjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50MCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK6/MMP+APou9dhuFL2cxOt7900Egk7KHnsv5qHiDiRd
+yxJk39iF3O2SK7dy1ChKhZtlI7sMznTFD6NrnR9/wAdj8sabFleXM7RMXGCNbKD9
+q0fDqn2pTxJ7oCk7BLjcdvR/coWmAWZo+oC6F/cdZuHAvNI5HILlOF/EbAw1UeNo
+XXfeay8Mjf54mnKGbZLeAMqwpy1Dq0KwnLhMpd54eAPaWeipqPhlAQ/Uc43sVlLK
+xAR+DD1dGh64vr84GTqtF5vWJ2vW3dC8bMiXqVsOyXHJQyFRNBO1f4QedlYiBby+
+MpxTjvjnRZle19hecvhW3ZxBKspQoOc2NveKAdKEPNkCAwEAAaN8MHowHwYDVR0j
+BBgwFoAUmyuySjyQxW5QAckivWPOCfGMPfowHQYDVR0OBBYEFIDrc75NmZ6UvRdL
+WvfPV3d0w193MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFT0uTP1wQtXV
+2vfQ7uNjYgTZOtIy6yAKUZKbDssGtwZodj4sAMOqIK4Cc0unzCifaPFPfPS1qDUW
+d7PGUrKDp81rISzOr2XqNZGaMXrdskfDzghTXdwPfpFtxmEPg+ewamuI8zcRTfOj
+sxUB/afnqSBUqkRu5BB7iBE6Vd8Ig97SScxXpudBB/jsm2zf9Hhr4U+cUUQGJpUM
+tVi+MpRRhF5F5Ak9gf/FG6u9D5tawpY7y8nekPGbJqpFV0xJnCp/C0qaJbbTwU/L
+lL5QLVBpLCfdEevwI/CTEUXmLJC46mLDhN3mcCBK0fL1Vjj3k9NRpS67i3/m9ZzT
+ggRxSu4nuA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 FA A1 FD BB D0 38 25 D5 CE 7E 25 2F 1A 24 FA EA 0E 44 1C 
+    friendlyName: pathLenConstraint0 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1421CCDA5CA29971
+
+VWBNKnl2soYLiPxDTW4GmlkAyLjZvpqYCq7grCWlVY0xPUiwuZVuQ2xArH1S01pA
+a1IY4ehUoUPrDxWxHo5MkdwyJqzmzpepR4/PebL1+/ZjwKZiyTATToIxylMxkl8/
+SWqdVOdfu7H7BriS6M2+nkpgJzndq9/LqHFj6DATy6jjg3Q+D4uaShLYTP6vXSA2
+j8eHHdLeT9E22ELwyVG3uXvS9T1Foyh6Kzgd2QIYhoQ/XCzcyuKH5kRrWNGWgWcA
+EgDFnZJu1ZrnNmC6vziAUqteNbo7FbUQi65G/X3JcHVBcCdGP3co1rD1uTOAKfBk
+R2bu78wlfOe1W0JripVuT8DdcPuyYZs/qrLep3NzpQUI//4Cdroc7pAlDRp9e9Ib
+D5+Y5BeJQ4TA9ViElixpfn6UIgsx8Lo/0P1sWEysEKQLHIQk3NuhZbhfcZ9ZmVq+
+/fQzbZUp18n7IhbmLRMet6LMb6ogBC4fh61xETxJtk7yIz0incApyD9yixB8KIAY
+dCcCdtqMdbnJRQ7IX4SsGBXkEuCLcpSg6zvrXQ4SQTlWgFETh6d1gziPo9YvYjDd
+Cp6lxtsmDCUV5PzgZTPZ+9O+FmJVhhgRENwFKr+Yh/ieS7YG6yuq0KmZbODthK/e
+guFNm+0UGOdPHhpe/V512JozwZcWBP3hQaXXlWW0QBms8rYUsxyNLUrAM03PlcOA
+KuF0S/6HpIpMvljeEdbPXcGRXY/d9yxZnUtJrc8IBdUVX9BnDOpLGpc8Qpx0stQa
+hvdOH1zOjQdmexDdDcWt7rpyW5Z89cRzHX4gMeeMKPuw+EjaMwUHFH+9m9CSytDD
+oG9xpo3Z8K+TGOIdYpGelGvceP/sUVVKOlfDCoNbBbdFXWLl87ZXP0a4iUmrUqz2
+4UOpFcN0Th2awG09f4Wwbzh0vNs0JK7SBWuTfBcphb2j0FZQ5S9WdUK6qzu76GIP
+XzLCymwCN9a1XyqGrESgiPpRHHLGaMBmMmSVaY2TKoQnsziiuxgh3dlWl53teXFC
+2fY3VI9CyK8zxfUs+0+INdwl52SXzoEyv5CmCDEH0EDoJKxiGVI/qp3sdRknpkxf
+MEsQazANA9sO1rfQbFQnHZuTGyiQunpXlZc+t4hjExdsgWF/RX6122je9BjGoy4Z
+O9s6gx8iJWvqoFaah+04s8b1cYjlCrHHInoXBJzH2wNDZ8HQpqz5XVHTJ9TAkHrm
+6Ocrl5QqKQf7KCuDmQWUMvkt3EioY03Rbbls8hLrF4N23YZqEWpBbPKeAM/TqdeM
+PhUraFZ2aBFxqrA62rEwWFEDBk9f4TuGMRFHPMP4JbL864ZsbyFDhXKJ5I+AIjva
+PWOwohY1PTs2POcNHrmY60MyhqSf1dpU5WCw6YSdiv//MNo57Tzbb7NBQsE6pwAQ
+HjOsNVDz2mz+xtZ1XFv92JjJwJ/f2BwuVQUs3tp8h2LoXxBlr4h6o13/e2rQ8P/j
+yF058yj/1hZp/KrgCEXtdGozT9yTP6Nnn2yXiyZHq5hq5pB8lNbLe2tBIj38bu72
+5Fi3nOks0UiE5o62V5lsZfwa3rMZT8ycm4Cvsd3qnk6iL/bXefNkQC0pAgHwSV/G
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem
new file mode 100644
index 0000000000..72edd2a808
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 44 1A 7D C3 32 FD A5 01 4A DA 78 67 8F 3F CA 59 F1 0A 63 4C 
+    friendlyName: pathLenConstraint0 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50MCBzdWJDQTIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDDwju2MX5clm28dBSlbJqozQEyqSyU2XEBKhVc
+YhHCnnW4Mhqtx3HEFzG72XX5tAuLhjtpQjwYhoz1Q/vHdZrzG5/rtbthbeWrVbFa
+pr+NS1CJqJWMFYfCITCOkWn4BoAzga7reEAsMGZzOsczR3RhtckeYQTfFj21H+pe
+zCcJ0DESZpBW8QAPvRm9fryCl81O3aYAV+bhz5ssnL3hhNtn5Ll1ZDVALkOXtOqC
+sJEkDQNJTaXROuRqUCs4dr/uLHVlOVbhlv+oND5n2ASTcgeyOra4PO24ZqKnmGUJ
+8QSDeMVZ+pauI6mF3MRWouEGQfQVdvXE4jJFueTa/EvvOsG5AgMBAAGjfDB6MB8G
+A1UdIwQYMBaAFIDrc75NmZ6UvRdLWvfPV3d0w193MB0GA1UdDgQWBBTGCSob+7jp
+PmhgeseXzrNYUXt23jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJZghcKY
+Ek73C7WdWGwfUEVjvhM0L/R5LGNzvHur2Oo3Z3Yw3/J68QNKqtge2W9gMl3xQ3iv
+T2wu8Llxq3rDtMAuVKM29n9UK+rxL6GTb9/n5tgdE9UVQhzKaNvvR1pzTGmqne3V
+xHMi7bf3aC/1GVs051DMqPi99tFUCe761r+gvwQShcDVXRHKtK0bidx7BSKdiG3n
+1b+EbF6w0/xmPpIpP5L1XFJBfnpclNr57zopBNjsr5yuZ8FM17L7jynSlvbJozlS
+EXMUORtLZr9e49iI0vRU8+FqwMEpMsFdHY8fTnBkO1x/01O3x5RRBeYf3Jekmoq7
+q0KsUdvxjpd/KeE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 44 1A 7D C3 32 FD A5 01 4A DA 78 67 8F 3F CA 59 F1 0A 63 4C 
+    friendlyName: pathLenConstraint0 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,87AF19A419801435
+
+sHg4lcYFIK6ljU4K8tQmlG33G88gpy57yfEjbmWdg5SuiM/1LzjaQHHxHsFxBRP/
+8U6tYoAIGKaMLFRbu09YozlQDaqBNilJe3cqcdgM6Hk64vNQqoqnHqC+fEmSxTMh
+SYKPOXHbLOrNg21kBtZQih49UN4NbwJUtrEEvhI7nT1VCyFER5d+eYuDuEzg/n83
+3FTeasFmgSDQ5bBq/oajGi6RY8UCRKs1M3Dtz1mcy+vrM0drj3KCAvHcuAU3iHEp
+eqSC0ZREJc2U7Cx/jChkjLaqggLCXjlYTkB3Ejpgb1wa1syEfraQNwbp8Ru2RnL1
+rR9MTzme0mZouDfs2AVRvqjWTMIcled98P3CZ6m0+r8n4YHfYWY4BZxKmKqVERua
+4eO6bP8cQKX008B5AKl6REnODiWSeXFmZNpenvjriZoAncCozwjXbDWg4x7GFO5H
+UFT6aGLat/pX+BhdjzRFFWikAMRjL+cuYCfhkWCCKRW3hbgeT0K/W6+e3h9IRONi
+bJ5gp2hyW3T+OgzBsldZgnVSMfDoc7dOVzH7Sdo5S/MMb5RCe6EX/oVcUwO4E5eA
+b2s24kOech8QpvDSgVVqt889RqyYeALlzjHKKshSMs+ydSx0ukv1rG3Oisjgfqj+
+liDZCfwaDZy1V1FZvBdqZsQEs1cWxb39JwzoShC+W1DQwLOoQyesXz4xFbgSMK9J
+vYue3oj1wMxiGyUhf8KYIu3UYCKuOqnFBoLCxOmhI8GABloGfa5/aLMjd5JWBIn7
+JB4l+NbD+Umj0ZGISH4/et4P1x/j6wpljzAzIb6QaDHjqMOe09owdH5m1hZ4/ybQ
+T84P1qsUKKw2GDR/+e5CVcoYioSkJsmQDYNT9Q2s+gGBQg55G4JgK7CCEYsBCrNr
+sFYg3dJJIOqqRucwB9Ghf2UijPbj0O1SH0z7tpCuw2QQmjk3UMkWxslJQE7oi1Nf
+ApEhiNhGxNbr6TRYXBd8Ao8O4ZZcbgWnHVRWW9IXNYBX4VWsJMDjRnC9rWnyLakd
+xSoH2Au0/F14hrTm9uELPOwm4sshm/tpoGj1UfK/eG9WPFN6aHOJMqNmmOyH9Oj+
+YziswpuHRa6s3fAsawCjBfAZ8K51QLIXWmjMMWLpoYjaiP2kSwJmvvidRb50DKUN
+gMH9ssDZTLSNf2gKFgt7AClZv/u509VX7DBrC9aXecLzfOekLJraFpxw4tUioszG
+Xp5+ePIvD0PCw/poO9e0IJmzncvvBYmFIJM2m0GsD3QitwPF4aqWnViLiMfFE4Sw
+UP7vY9gOD/mv0qnpfUx5aBl5ZXlMsOJjOq0MKpp22OtpEAO+2UtKPHdhHAm6e1mm
+jy9fvzyFUtOwHL2T6m1bcAMKJ8cpow+y3S8/tyl3rFSE0H2NTdb4NIVqbqsVoHxS
+J7VS/6QY6Pw/8sEcuAXa6U23LFeJKNgVlzXU+46gs1DEOJBhtxmOjTSoAugmhWk1
+q58AUccS401V5a+LkjE/+ZguKw+v4YkfuNPh5upXVC1CEwTlEWRY7COIClftb3mU
+qci5/P5LSl9lI5hY8SZzUD+Oiur8QfYKTGdhqnwHVVz2ZWOSNh1YyQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem
new file mode 100644
index 0000000000..af09d14be4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6D 4C B5 58 FC DB 0B 9C 62 4A B0 DE 51 50 5B AF B5 3D 69 46 
+    friendlyName: pathLenConstraint0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+ITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MCBzdWJDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAK30/E10HSTUTxTe/EMYjXq+P+oyGA3ZxAEz6OhM
+uPKZnp0OGu7/kIPVhWkfbEa9J4wKrbbMmk3gqx/fvbo6/ZhWDkFq/fjLvjkCC8F7
+CFwXrLxGAoGd4EvdGIUyZ5zUeIRZYWYjlC8J32dDAQvbGx9/8j9lOG/3Vm0cHXz7
+kF6B9mHp7OHEm4URyAKM1Bn2QCbsRCqkOFxWLh6XbREdKFYWFRExN9dL9rwOZ3u1
+psGCpvAjXq9dw7vvmrSqJAPku2N+qx9NUysonIUNKLf3q3ynLLK91S5C8KeXoGWS
+ujGRF1gnvTNlPcEf8ESRg53XokYZ7FIrxPCmhtNwnAAV0a0CAwEAAaN8MHowHwYD
+VR0jBBgwFoAUmyuySjyQxW5QAckivWPOCfGMPfowHQYDVR0OBBYEFBRiZxB90jfF
+cgbQ3n+1Fh3Ko3NeMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEALpjmzN+R
+TIzv5jQAMokgflELINf1b8eTeG3Fz9CvOZ68dGJIMr0Qigr2epEQ4/KW9mHXUgGn
+8GwXvnraoLiq6/LyFEW6PE9yl4lpotlxLmMnoEDDno5rfLWgKC2uygKXJrwCMAxE
+6pNO66V6Qi4nWwXpHBwnbeAVp137LuKp+Fw+SwmcqSFFIScifwSCS5kFokqPUM9l
+sYJZg2bUDj8cMGKYx/erl/LEZOT56lIcZBg0v5ablxB8XrDA1nx3QDONqd6qBjzU
+FFUqgJpu2CwiZLZ77VRfjuF889mp8SHnwi5tPglVZFBJ4t+72LfjXgM32a7rCwrE
+O1uFD6QiGDQAQw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D 4C B5 58 FC DB 0B 9C 62 4A B0 DE 51 50 5B AF B5 3D 69 46 
+    friendlyName: pathLenConstraint0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,15EE4B43B0C84AC2
+
+nTud/GUep/vRr505cfJlU526WLJu6J37DfIdlQF8X6jpVWfjSxLh9GHtQtgSRFHQ
+hKqyI9CLiDVCZnJc26doAWBtbH3ZD43gp9vXb1cUzapt+fUQqUD1FyLweerMZlvJ
+1bMNQRMMPIw3YExnGgVFPMiFMzjZVs1frihsma9VrdOtx6F5VV+77RQjVM3Aqrjm
+TBAPpnPV+P9DsSkgb35dlqAePDnyRnQqHXnldoNdHFkTUVdlCp/uDtz4pKGgxlLu
+6H96vTu5yVgKGZBB7/kpqWNo7r9D1xVIo/V1RUzmf2KlIlSu8NYAb3r0Yw+A+CvI
+svrCYbs042YrN43tjx6/MnCarsERrExDlyeHTi2+0KAT8mrFlMIzsQ4IUGiWm9aa
+tbhgc3QUEMbfgxwQk4t7pGd5fi8+ylAsklnw9d3o7hlsCMEfhTEThB+6o6ICO0OI
+yOEQyvB+hDgs5eOekGx4xB21qzbGUc6JmjauWeQ4KOMO/YUceE57jNakoqCRkNZ3
++KCghHuNeUAkM8Z4DKpO5Xkh3PtJ8sg6Cy5qRUq6iMuhcjrqpRAsuI8QuNmSmgW/
+lSQZTqfR80iA6HJTtEYsQnTe1HVSAKvv6WYBAzU96ubCuD2MqZYP7kN+ObeoCbbD
+Peoz7yM3TKoM1KRUW13QslczXjIkecVgZlzWBRdTZMBdttMzvTsIp8TTRHEjc3zu
+qqwyMcWkkmHXko86NpStuSbiZV85/urDaAAOL/chWf9XLCo9CSo6XHsVtLC8W8js
+dFxURzelKqFg3pXYvhTE+6oHd1oTVPDy5DJyfkhf4thMrF+egAq+efdPTTRB17dQ
+eQiO7gxWeKLuKwg8jUQH1hTTKxHnjraAW8hhi9Qg3wM/5EbzFoVKjTvOoI2rlhyt
+FbJaZPD+gnr8uDjYouVxb+3lBnh3wiBlFmWtElG33kWup0MLJc/j1bgGsjOQkZY2
+smfzEJh0m9i5zrZXe6xX3copT6ZfeTB0Q3rHt8MEwMqTWO45i9HQVpmm/t2u7tcN
++hsyncQgWKN6N8r8De0wZD6PK3BDmau8nhoRnJS5MKsVZasFWK8+uRxYZiLtr+jS
+H8NNnahUEzovQtJzRh7B7XzvRrsbnH8UxmJmilHosg6L8hIouu3/Sb8X2zKmdsVQ
+hVq9+Hu8KsNQtJde5GccM07oJhRlkT1a/fJLgh+pV6eFLHCqt1Gww7VFoIVShpoF
+rGVIohlWG/CDlAWZZ8MNmjjr0K/T9P2Ya91PdL8Xvj5rctW0/qMsNJa4jlazn0cm
+Cg2DMccqrpJiQ9wirQBAiCouA7KugS7zNoXVKkKnCNEuJoRQqNjU9yOcaczk35sd
+lsh8IqeJ5BHVyyrpK/th0KQJMeNGMBLz4N5H/dXlsIe8nRcKWPUPmKL5Cf0saomI
+CKn8V3Q1nl12y0dV9RvHSnmu8BEWPEJYNZ0oGXeJgi4sA8iCRuxv/wpbFUiRQPuO
+kWrpmmN9HpoX2kl2eNaf6kotG0AWxefGf7y9xLSyC1UTBJa43D3zeC6fghmj+sAm
+//PCJ5yIJUgDHRoElFOXwq1B6gDuuzNODQCqBmiMSDycW42xyUsWWQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem
new file mode 100644
index 0000000000..a64bf26029
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C7 30 CB A8 FA DC B7 67 60 53 20 1F 28 36 2B E7 04 95 C3 6D 
+    friendlyName: pathLenConstraint1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50MSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMPMeBPiR7BFGHpvlxWNf9ogcUB61rzOlXR3ZzeDZsb+hslxASASvWVB
+nCbMGwoQyYVuCOLiWkTaZRxg+Xf7ZrdZUqu1MBNISS6xpjNsgk8SoDwRJtN/TZFo
+E2LpE90VAJRv0KBFrwT0CTAD24xCLF3y2zBLPX+lcjySi5HPshDckNHnARdxZ1B9
+m05bm4mDIqicBxFLqz33UZv9zNQ9E7UPike4HEdJ4vcio5eUtx0WPdeLXVw/zXfG
+qgDdRpSsEZPrSC7WkWigblGL+/5v3XpjuUL52ecX4egBKY18lL/Mi/7IGOrWE1/q
+4ucPM5lj2DVmGJ2PC8vWXyMdqjy27lMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFPPkcWD/FxTejSaFM34c/MFHZ/rB
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsFAAOCAQEANk4qiCIoQEqCO3v/6FaO
+StfIEVgimKiuVHCxSdRdvU/53ullYEWRonqoGRGh4LLj+oJO+JgWYmstphMNPgQ6
+edML21rMH8HYOsj/VuT1akNeyuXT9vwIusPP1UMSkmYu2YehIFzJijxZ0jitX8Xh
+qfkip9xpgQi/R9e8Ad1prvQyhZvFvxkNTXwU/V2oZvvAcBZhsH3dZteTLc5dl18K
+4wRO2kcU6NBww3W6JtvHIFHKvwihyUpZckc5CrmvAkNopP6DCF3nUW8V3OBrN0gr
+7g8Vrt7Tx0OkWNUyJ/uInPrpCYh4IrXAyd94UT5L3H1lj+tNYY+NdWeOhkYafjSr
+2A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 30 CB A8 FA DC B7 67 60 53 20 1F 28 36 2B E7 04 95 C3 6D 
+    friendlyName: pathLenConstraint1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D09272A74C47A74F
+
+DU7n1+ZEMoTsX/iwSlvxElwPwswXLovRkKzF4XsqmkL7bIsFrDARDmCHOUhV6dJ4
+xl1hG0q4szx5kMnuJclVJNvwkBQxUwGMknNZM7oQxWkEj5xCeet8zhgdU0xuWQ6S
+rIfJ1H6QeNoLNSkEucwT+GCrhXrDtghzb5SZ5t7u6ozjJlUP+h+bKGGCA2J9Qr1S
+AfOqreZRFKxacvxoX4WFtLl4TGYdEi4Gb1Ou1BhT/OCEf8spfABJGZ+fmJq75TA6
+Gb97t204J5zdNOIxCVX+61K2l5YLyTLsj3yqehVoIkGd4CAAYy6Ua7wKARFdSIrR
+r/J0/32wQMG01/u/bz65CSiXWXWGLW0o8EPxZs18dYT7jk3KuLKkD5qDLYFnfL+e
+cnMDLt769aLZY8W/3sZkmuLLpE28ZN43+mtXKNl7APFkeIjsAmUt26zXKPTPGc1Y
+bAU85TKL5okI5opfNWAB4B36RkBBvB5RXv95KfkhTNj56w+su25l65vUwMouzOud
+Rw1csly0gLtOhovlo8r6Wd+qumhPFPDjTycttLKPsn5fJLtepKBOKe0XjS21AKjH
+8R2RMnSXyLSqlNr2UZaz3yPrtAmpW5L6o45Z2fRb/UKvez520EiH1+WEn/coLtdv
+70/+2npE4FDQBrYzSfjAYMTxfOJNV0BVLIl3TIKq4jeoyQC/ie9iFw8WKsvj325X
+cbl+4/W/K4KkqAYwt1BYcWL8UQiAZH33Ku0vxRNFKHodnx6ftby3p70IHB82fR9w
+wWvtaqYC5um+yrZsgFoGn+bqEGWuPuZAKkpITjKz270iPRLf4/HK1josL7fvuj3L
+3sP+SUrrLWcW+ZIFiISEz9i0SzAoRGefpom9XOEdssRNktq7nJj2fD1iTlOFGjF5
+AgaODEOFGFVD7DeIcdwqWo1axy3OMdjFl1gqzh6tZQIf4/0XyvHyrVHRSRJ3yTFP
+C1VyuunQOHaoYD60/ywFs65hTE1J46+/0RptUhyja8d4z8noquN0RCMX0gruFy0j
+tvB+FhWRAOiNLc0R3pwP3cDdc+mF3qIaJuRBIHIOirMrUGms44pDs7qAbeJ3QTiI
+o5v+vHbJbUFj0XoJIyuz9EhCs62j3NLz596XRQGUuX+lwM1duYxyz5ZA1/rrbHqs
+PF7OonEbFXeLwv3rr21iIEtA+jBYFoArDHtLolVamKDiHjJAP0HyzZ4ic+yqOLLy
+Yp2YfGRA619qm24MV5dwqxw17aVufAI144prkxo4Mxzr9Xluv+OLwQqfJ11weOh5
+Jm+IzH631NcSfiLNbrNTs8hr03p3fY6idAAM7fFha3zrfu6Pwx2OKOjn++G4uEM2
+zDjHsqx4pLoY1qYnPLyu2S0cTmXijsx8ce7T543EuPv3dify0aiN10Wm0FRB3wiV
+/m78qUydrkm6HQ4pp9OwxiAE0Z6xS7I9dxHhrkfpofyyqQWzvfjW96CMHXWHCJb2
+ME9TrGw4iYdvs6V9bfeA73nZfrGT1mY677wfBx7oKDjXD/pDu6zxfVpz87+UJQDm
+Y3I5KEi+6dnvq6CqbJ1F2S8w9JrWlmnSghv+T2oIIquvc9vBEuQBemYA8Wqwe2+M
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..fbda7aaa06
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 82 3B 7A 08 18 4D A2 78 C9 62 2B A1 FC D8 D9 6E 6D D1 F5 2C 
+    friendlyName: pathLenConstraint1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+TjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+HjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50MSBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALt/+8RsBtPmiqfzvoksZfA2tnzXWqaI9We0vP+zCNAn
+g3iq7xtccZB1wczjSs90P07TGNAo0kgzvRW4Cr1H66e8lpd7pj4TJtkW1lnaKQAF
+DGvF3fhGFgfDUPhTeHfEpaeJ2IPB8WfuDfaCvUkmSXkLo18Q0CTzW6GHr6Cc35iH
+3njaGcppyCgxRI4Dxn8I3civKNhjV0I/x5A/KXBh+Zz6eDRZaQABZqHaPwo8Y6hm
+KaXyAp8HhiEphaGS709jloFQAbS82FZEtUVD9Arrd3a2+cSXfhCgBV79sOX0tTYK
+Wzmk9kRWiRD9TZFSepIKlwsployk2rD+V48YyQ2wg1ECAwEAAaN8MHowHwYDVR0j
+BBgwFoAU8+RxYP8XFN6NJoUzfhz8wUdn+sEwHQYDVR0OBBYEFDS9ZOOfjm6YJQDb
+ZTauNAiV650HMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATw49Gv/qJNHn
+DrsMkLN8NPb3Yk99ATawO+03jybiYqsrr2w+r2aJdRHC2dRoAZEpkQRceaSI1LpX
+gESU9z5kNpVYCC/kRtqmWPPGd7/zYfzRG5shGVtPkqDjyhc7J0PJdTqWKafDosVq
+rOhNJmpRr/u7wrD/oQHxHcjqXpcKW1BoZdJyCd74jQG/89gG7PoUcz1WYFSwnOh5
+uU2zMFbp5w1b7eXBRBZ5604dFrbCATLbdqSXDTYvCuoRGknWHbM2eSFcwlddEvKu
+Q26ZnAEbSmtoGCZhC1tQ9ymT0IxgFr/kEA+TbE8PwPbeVExckBmYVYSZ0YbOaDbv
+KzHycDsvVQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 82 3B 7A 08 18 4D A2 78 C9 62 2B A1 FC D8 D9 6E 6D D1 F5 2C 
+    friendlyName: pathLenConstraint1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CDF89CDD9EF4A5FC
+
+OVoq/PNs0UiHCs9KO5YOv3dquxzP6vCfMGDWmwAjvSIIOqmFipriTd4TNwPzr0m5
+GpxIOAGwWCrehvOfURdf+54joX8MnEeBWT4RgR4qvX/whNU4Z1NRm8+lNd/YIy81
+IqKDgdIW3r3x0HqIY+edk/90zvGo8a11T525oefzpcKnvm3D0KJYfXhAms7PAfPt
+zPQ1tZoNTMVX7oee+k+MSmISCKY/ohumJafQ0TjFzH0bq8nZx1YdncyS5mpY7TOp
+By1zh7VaVpAXXGRLK5Sl0YLcOTgobr/dR1G9Mqqma5e7rauZxq928ZDWJ7rsoDr/
+Q63vB3YQBio8sODpBXo18Kehk7lmhUlCeLIOQAefar9gxY+sV/ZD9HeLzdb45RVJ
+qxu5F83LGbdn0Vq/vrxMbEB7C13qT3GShUrxUz7VsVfVeNevMlb11Q93+5mnfv70
+gHH9Q8OfmvRBqLuiWdxtDKJoOIZ2sM7sCoFRf6kisNybNChZDP/vNGdM+L+ErJHD
+ftMCiQTy87xDdP11C8lQN27Bu6rRAZG9qUFbmhyUhiE7CUftjmsXGquCGnSHD38p
+yPrazytt43xF4sq8JMZBYspY0rkbzagaM52p1eOWFDHK1vOpC8ZuQJKHQG0ev/PQ
+f5fYa5BqRLPm9KbZfYKFUYEmHtMUTe7Pki8SKxjX8YVw5atl5aoudYmd03Egkr0a
+7BflAySllNviGoR5qn6lKNRdvNwL+TlKAh7UjQBmHMOBsllsSJETdqLQ03v1T619
++Fv5qMjqiNTEktG3jNYwgXKg4asuu6xHYSQJQHmIHb1qJhhgnelFFg9+cAEA6JxC
+7cv8Odybhol0gOV8oQjGY2yLeuYLHPYkPDXXyj9MUC/iAHxJk8cvUwZDQ1dK416+
+sN1kwnX5Hcxge+EWyTgCt3Da0+VIJo9bI2t2UB0T/Q5Z46ZR5y4dMnMYErZkTdGo
+MXUPL6BOY3SdhF/ppkZkteExWytpSOnHSugi1GspgaJMX+23v/hqMJLT3IBlITRT
+1atH1NEqFFvctTqKsOgK8gG7VDVlDnmoE3GElL/qeoGFYB5SOltprQpoH08P/jw/
+1dUxoEEzr5jzRONL5uGf1bVnckCdouTyf+auaZ+ugZOXG75xHfHn15PspuTG4DuU
+Qz9jRVoZt0BIfpdlcANVNZr+eiTToAsfkfrfc/hF7JSnMAtU7kwRVIGPaS7p0Yb+
+PPTroeukMU0jvY6Xxcwhb3QKIlOq4HCIb+awL7A32fCxT9D4t6+fpM3dUbPKV/PI
+o9PoKPMX/UC/xCNQ+1AeSEXVQBGdMMJReDW+bpmZX4Lcpd3DZ6ejtOTND1KH7AYn
+lGx265A6sPN+nTAtfcJVhNiTv+6VyO/j3vePvANhY4wImCHVxeLS44UYvO63lpsw
+l54B/OlU6ip/gz25ZtYI22IEyDWKPBMIhytC+cnKQ2VSGi4QAR1+0D/G58WTU9qt
+SD/GkJQY2LzntMTdDyfKpx3FzlInI2yb6fjV/pvDOetza+lrD1CaDMOh3DBBMrZv
+Hvm3dC1znnwalxZsjArQrvFEcFVMif/NLtwVcJ2xOCRSay2U3gv6Y3qUgogVMXZx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..1e7b38fc27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A3 3E 09 15 BB 01 BE 01 A8 8C 89 EC 20 3F E6 4A 66 E1 D4 82 
+    friendlyName: pathLenConstraint1 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MSBzdWJDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKZG3pTPn+SJPMjCLTMtG2fYzkP+dDAXVAVI
+l3fw5wsUeCwNjyYOa0sWOGp2q6QrBgGhVUMi/IAw0y7YzE1BWOyf0zAxVKSjTNvi
+zm2sYeC7eH5J+Yf7c179F0SLa3GwuDf9z18z8gSa/mtqszclsDK7SqRQ+wC3cer/
+XHZ0KfiAhON7XLkhuFoInS1SlvYmy+KCSJ6898kqWLhx4KG5kty77HvnB4uUeCCK
+zhaIaTTK91r/R1LCGpeU6L6TB7O4wi+SI+tkmyIqy6MUOG7wEEgza8ACGOT6cEVF
+GcJyX7dzo0BJ9J+WcSdsK/Ugh9WIqyCSNA20sHFVOYq+qOWuanECAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5ZmWtcd9VUKtgY7HJfYYzaydkHkwHQYDVR0OBBYEFHkDh1Mp
+Oh6+6NQY5QQ0gyudEcfWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACZ+k
+jPBCnY1vtT62m30fHrzOBlIhF7BxGFRLElq+cz1caazoP1UwvI2U/NKzjtdjYIQU
+5KI1G99HmxQE1P3Lao0GK7SMi7PrfZke+ULWCa1/NviZgj1wZIecK+o930xlXemo
+xLYT5kyDEQTaKXLEmwWVZA4YZZybcrDrGYzjcYmhVVRId10zAHqos+Md2E8OHa1Y
+q1i0lpS/3DjkHhWmOOv99c4Bs5TwmW6IRNjYYdnPpL69XyeIaVheU2KXIxVxrdhp
+hLn4CRDQ6SeZl4zb3WzrBKLWcLJm4JM/OTGRb0LsV6Qba0StWp0995lGi+tqySuU
+slTcCndmiCcZady6vw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A3 3E 09 15 BB 01 BE 01 A8 8C 89 EC 20 3F E6 4A 66 E1 D4 82 
+    friendlyName: pathLenConstraint1 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,50330B0885B8FD2D
+
+8Np7zgICHrdZR90w/givtroizFxRrkLepi5D6HGrPNhkl4sqTmwLLhgl0pQO7Y8P
+3XboKQhlKzmKT43bjxoVtY9IxDRgJvMvAc0Tt4Uw/16iYK2mv5M//8VxiKbwRbqy
+NeVYYPG7O8pGWO6FRAmjZ/J1pLxfRHzFbNZipFyl/Kt2/MhNL9JTrPETodC30/Nx
+Lxx7Hz1gBGXfOBXEUVq1ON7kBoIHeAEgG8jVrfgF1sH7APB9SLwNDEO7TMtGM33B
+0D3s3umJN4fWoSE73bQp+9o2L3wkPYGRjxInWEYrrkClWINvRwIiLsueIuzbdn8Y
+TqSsllbJyZ+VbjoVOiwrG4Ax0p00HLfYhibuXJqWAlV3WvCBTe3zTiuLiMqnf62u
+QeJhrRQ+3enJA0lTeFMX6fUm8T5nkvFcSulBhFAm3Q7JjYbg0fDmA7uXpDKQIIZv
+XDBxzX3QMH5KGHm2uAHx+1eLEpOJ5Tj5vCB3h91s0mMFpOyCAkBatiaKYgDo3AVr
+F2e78b2N9NQoDxMZUSN2310Pd2tIiCQJFdWwBZRS/LBv5sbgtsU45YYITRKH5Wxk
+sY5WqiCmijHHtVZq9rmbJJNbst9TV452bMsUKk9gbDvPOX/OeycXrlrDzEz/wlTi
+Y1t2X5ZbZTbfofMm+bw660Hrl/f3QvH2QLcL7FAu9bLcw8ToeSRcuNK/1HTKbmuP
+BW+gWRdiAlVUFUH3DnjMw2KvUVMDSqx5Z2i2YuoG7uLxY9E1PLMhA1eM8bzvFKCz
+elwyJg6/EsGioURgxdRg34PGTADUEIUxgtEbr0P8LjCQzYOxNtFV/8VbhbIJAqqy
+I5eKqkfIeRisoP7D/zCpcr5zUtzaMBr3XwrgNVzwgiedX4ytMidAJau2DGtDcqFK
+8khO235lVEf/1E0g35it+o/cVo1JCpAFQXvTjaGfN+9OCkSh9CIlF4X3Kq9njydv
+5Gt5uHkIOxnJ5v4n0HILLVmriO5hP7IG3LuhL+T3CRc7FhIfi24aZSj//kIUQxcO
+DDE0fyaGsaemmH85kkIkhVZx+TDBT3cROKG7CPc+tyzqhrZdga/O0+9hSKczs+K8
+KqAcbSTsp5PNCvxHEqWyBqUOnGdsZHb2qbnfOULa0908SKyBT7Kus76qATNY7DcA
+M5G5/dOQkD2oMkl0kHOl5LO+ByTZbOGikkyKvn4/B8GEOmj+5NIr4fs8T8e/8VH8
+Tker6YzzpLNoNvaok3WTkeQR8CnO1mzhqh3kgejOttaa1Tfv9+Ho28veIIXxJOYM
+WPdRbYVWUuZCuncl1wcn0ZZN2N+a1T9a+0d+OTZ/Fw+g5pED0YgZk/9NP6Lek3WZ
+y+HWHrrLBOPPUI6jddMQfUgk4j0OmIhgf0edgRkiTze/ZlRsi7a9JzYug/Q3BD8S
+jlyb1SzItMP1JVnqFFuBxChbUGgWFvEB0Bljq3o0n62ADNkk3VEYzmV57O1h6iFO
+SS5veeD/e5/IUq5v7VeLRa70MJ3HxygAQAvzWtimWlBiyR0navwXrdJsDNP8+To6
+CnYiJxqPh20m2lO18bES+b555yUPzgO2xvyZ9ZIjynvYelFg0CxXmjyHoidVV96v
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem
new file mode 100644
index 0000000000..8c4fee3e5e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 C2 92 B2 42 06 35 4F A2 74 24 F4 E2 ED ED 1C 35 42 2B AD 
+    friendlyName: pathLenConstraint1 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+ITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MSBzdWJDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL4T7DpvoO/ymsui7e6SJaKtxNET+dImelMFK7Ao
+PzGGaXiDHKbPPV82MQVEICaeDZ+CWe8+tCRGEttlf3xFplzOg7glM0itFpGWhe88
+OtUwj4hLG6TBqu1W2dJU3B+JghpHO67brDoO+AQxt2juJIknR2AwYwgr0MoylA8h
+TjSVd6aLsQfaRLdjGLEzbev7Ktj1LkRbykGx0FeoGiEbj/fW1Nl3RJGS9aeiQnPL
+FoxjNAQ9vDOMB+xEzLEVYZAHvXVvtYGxAHywrPYZbAvrmm2fty3sLN0g//uJvbOZ
+2EbL601Qu1MAp7yFhDFl7YcsQxQORkfx3gO/noeud5np1KsCAwEAAaN8MHowHwYD
+VR0jBBgwFoAUNL1k45+ObpglANtlNq40CJXrnQcwHQYDVR0OBBYEFOWZlrXHfVVC
+rYGOxyX2GM2snZB5MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAS0A82n0i
+4CFz8P1KHyyPaO4QK8v834S0An0Nx2G/zEcQM2SVYDjVKbls7mNN3KxtaMmv1fS0
+kfdPzYAvu7asEHTRaM2854OI+zBIOZw0l90/4cCxdf2eUCphmgKehy9CZ3BHEqVE
+iPJM3+/XAxlU2WuGWblNiHOFHKl5rXlkGSBscu4OV5NHay75q5nC/LVaMdugWSAe
+xOOHiLnV+H3Z+rx95aa5/uMn1TL+N+QY++cC/ug/vxlfOEeFhCWc8VhuqzGNtFlW
+Z1FR01Q6Rxs8xRnyOzZs57dTdSA1bDu1TnZYelrn7N5x+RlYixJA6M9fM/kweeDa
+WlQQJJGrznvK8g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 C2 92 B2 42 06 35 4F A2 74 24 F4 E2 ED ED 1C 35 42 2B AD 
+    friendlyName: pathLenConstraint1 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,720A13E00C693308
+
+iDD+bcmeaPqbuEEMzH04sORtTsOUqI+Khjd33vJEZxmP9yClJfYf9nmM1dOuUNCm
+Xtb854TzIsssbKbWdGfE6OrRjS+ivHRH6c+5SOYL1lVwbT9Nr30NNf1fUJYF6Ogq
+c+yeE5utte7a2xB3mhy0/VqsNogsiLqDte7auh0MIGFg0dACe7227UEDqLqKUPGW
+oLfc02cCdMDxuo7m5AxyDQIokcNRE7wiaX9cR1ReeyyY9oy7F5qWUYqA6jkhQNJZ
+sW3mscZWkWWtCuhiVY+r/tKqIGf0T/+s1PdBUlcK7cTVgECJygoC+LrYYSQuJ+Lp
+A4vtaXegDxgzNtXX2wCMESRIipTdXHhUJboKT/Z5O3y7WsLCb4YL8RZ/61y1qNAa
+a/177gG+iz/Cb3jOxYHZt16O4qvhQu1RVs1N7oexIcF9TIkZs5Z5IotwLRQb5aLH
+23lZ6TUkHBgyOLNvkGwmJBJQfFWL/dfST92ak02jnKTtkXm5ypEpg/Gn+ZpNSauP
+IIzBPoUgyWn3RCq4F9zYl7yU9tkOh8+JVq2pJSJ75RMd3hhoH2ivSS1zDsc5cPBg
+IFbq1Dg2T1BlzWQ1VhVePsEf8Al49lVcRTMa5TzrTH9wzpWZypxrmjr9PM9vKWvL
+9ukZrz/KgBGo9uLvo/sDMD9GdRjAJ4t8ACUHGdtC0ZGvnZjKAGNxyxNkEt5BqgQr
+3MkltlVZyQDIvr8XFMwlmbFzQI7H7XW8QQljkdRhYOHrcsbxlvo1o+PrSkb4XeUJ
+Mbu9NnS7ale2a2+YYDQfhoGuaaw1IrtQnsiW7Y1i2Pm8vDEtyRWFg9QvUD8mzLkR
+STL3thk5P2+q1/NlBI524aJ0A6vqpSCYFy677gbSkDaD+golnd8PZJe6s4bY8NnI
+wggSN71/7hWoAIvb+IW+zHQQ/i7KEg7NZ6y2DZfVTqCK81QJn5a2CNesGqEsxyD/
+6KkQ2mbZFoN92eAqwaqL40oNbrkp4BRqFKYhE0mEJHgjhlDQbglSrm8r4+HC2Cla
+oSQqlzGWSEvNHdY1lmhCd5qwcFB0T0dAbw0c3kr7tGwrnG53rdbvV9KrkpHfn+VO
+T+GpllfqWqlgsVSxv912c80rmGtTi4kTbQmF31hEgmIjVhtT+0Af1Ajf8vi5zrA1
+rWUAEfxmCPEgCkzBZKM5hZdOybAT1vMiLR7jft3MUxVPNmjnVOxBhFX0vo4t4bq0
+hXLRPdOVh84NfjXMu+hRf3XX81ltQHPBPNxoOtDWcPJwvGpyxucQYIYVbEpNW7AI
+MMR5AeMZkRzk9U0JYt9H8GMJhXSK3N3+Ijwul0cqS6b8nuWKpUjMWOiJkC7MiOdf
+UTJVN32LRfIz/LvYC7iI4lzSdBzSRWa3Tlxf2IGGEYWTPEnyAcH7/2E2nM0c80UT
+ElvBbX/KFyPow8yVG2JP6uS7P+hSWE6NRBlbet7x7+uG34mI/jIdNK7gYhKOAt7o
+XMNh7YizvwwKTYNs6cYZnUSYEvGySAm1NUZCTD6tc6N9UGIvF5QhsGYEmzacNqdw
+NMMf/Kbeko+TJUG0K+a8UJRGDOo7XhOq/fQTOqbYqKB9roxDBfp1GA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem
new file mode 100644
index 0000000000..e5e01a2385
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C3 6D BC BC AA 5F C1 9C E6 3E 47 A9 CD E7 BF 45 52 1E 95 35 
+    friendlyName: pathLenConstraint6 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50NiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMhrG5ilLNK2JnW0V+GiT392lCKM4vUjPjAOxrg0mdIfK2AI1D9pgYUN
+h5jXFarP18NT65fkskd/NPPSbEePcEzi0ZjOBqnaUFS+tA425QiWkqdld/q+r4H/
+1ZF/f6Cz6CrguSUDNPT1a0cmv1t7dlLnae1UTP9HiVBLNCTfabBaTN95vzM3dyVR
+mcGYkT+ahiEgXDLYXuoWjqHjkz5Y8yd3+3TQ2IsyrmSN0NJCj4P/fC5sdpzFRDoB
+FYCXsCL0gXVUsvfzn/ds1BUqxcHw6O4UUadhBj+Khuleq0forX+77bxFhUnZkGo5
+iO+EZhvr6t32d7IG/MKfXt5nb25jypMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFK+8ha7+TK7hjZcjiMilsWALuk7Y
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMJCr70MBeik9uEqE4f27
+dR2O/kNaoqIOtzn+Y4PIzJGRspeGRjhkl4E+wafiPgHeyYCWIlO/R2E4BmI/ZNeD
+xQCHbIVzPDHeSI7DD6F9N/atZ/b3L3J4VnfU8gFdNq1wsGqf1hxHcvdpLXLTU0LX
+2j+th4jY/ogHv4kz3SHT7un1ktxQk2Rhb1u4PSBbQ6lI9oP4Jnda0jtakb1ZqhdZ
+8N/sJvsfEQuqxss/jp+j70dmIGH/bDJfxU1oG0xdyi1xP2qjqdrWHI/mEVlygfXi
+oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B
+CA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C3 6D BC BC AA 5F C1 9C E6 3E 47 A9 CD E7 BF 45 52 1E 95 35 
+    friendlyName: pathLenConstraint6 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EB5F15F1B77A7EC6
+
+7I6S5ZvKPebxjsls94StH/51kmz2SIlFmdbnTSupmGJW+PpIWv6zZ7+TOXNp10+h
+YJsKVf8w33aezcZpoK48S96gL79Ws9rrk/dvbOIYOJedyVOrXNoAtKUO9SUH3wvo
+OVxNVVCMNoEtQRbv3IGGR+gM4zD6RCiIrYmjOAdI/yGh21iF8Ztd7TC0kG7vGdU/
+86H0rySvmouByxGiOY2ri5D6DZh+oU0KPVgc//efbA6ntDSQuhCTeTSYB9frRz6q
+H97ZEUNCcQdXMETx7KTpbrd6+OaQo1CpMOkfm7ve5ILSyAjIqmq3QBBTyyCKIlQy
+OAb7DCLF3X8zg3tv8wlmtogAEswE90KsSTXJTNSnkjH0X6/5jG0IJnqh9SMSWubo
+AKzuJq/xuW1hBupwdsPZG7sGTIYLWSDST7IGkDwV3mKFr0LzwB3ytTfl3M1fmu+n
+VxWv9WqojPhC2qHcV4R1Wbr/ZymlG/rtocfQWOsLEmp3kJizyWsFtNClym4lpi1k
+t7PKSWTrOFnhCjM1KLIkmH5uUl9mompsBL0ex7ztfgFSad6M0rQDNuaM7MEcDLd0
+eCM5qPoTcLwVJ0Mz65v4bntjv+NjTJIkCjxJiGJ5qjDikcEdqe/Ii9dy7EvCS1na
+juXXU/WmVr9+XFWKaUrV6yq1ZvuQSbNhttyXB4Y4ywZNUTaXVoeNseg2RHc2M/h7
+tmHxyrAZNCd7hP1OFZ8wGVUfCa6r6206Ifa281NMaaGKcjma3x1GYBubuhujrXFC
+Gn9PRDRlYDfkGQ47j2SxDQMoFHuq34vs46HpvITyg1v7WO9N0rRj1iWlk7fUr6jQ
+VCxO1x7HkfrEBcea8eRiwkxHnb0uPawemuDjei6axlkQkbefNgzSBeJR69XmiY6h
+vDeMHzsfCwL8wUVPowXOHCTsZ1l2GrJxClBWDMperBclmFS6GSnumamG6cSCV68f
+Fq6PR3jIRjeaZ6DsSTrMNawnWSFYgfiPbPaEmLJWjwiI+w3m9xUAlCquswVGcmbp
+L0vxByLO7onm8ZgzlsYtGI6zttmbOo1okiMrCQbNrcf6gJ+ujrh9phpOHezrhs7t
+Qut5bWCWlwMXvXhtGfZAZP0r53CVEtjVvRocOc5vQFbQlQgtyd89zpvKFmYfSsgC
+XPb0KTIBJuR/Y5ZcK1I7AVXmtomg5Zls36V+eUylWG0DPGqysYABKxfl6XP8qG+B
+jZ28rpEt2NF26wcN/fBpSK0fPQaPZwU95C531jsXxPbrF+eqt742aaXQFG/Vk7O+
+iHdm/wo1uK4tm6JlOMU7qv0UtuqBzTKnr9TBVcaBwSQiPI9xIOlKmmarfbdZ7uFE
+4E4r0qhVH5Q8tNBmUN2O+0zUlfj0jyz4AWYOF5JjLPecBMWJOq4dAAnm8xBBx8ED
+6b9vIgl7t0T1zQplTUO0r9VyUZQuIT0bP4mPu6cnbkaVUP+LgaaemK/3cj0fFf+W
+i8G5CgcRLzGk4B6VF92veMYk3Fhci+ASUjQaT4yAOSx+heSUQeiYBfG0vCa/f/E8
+IUfkTdYNY/todp9wNRzaDh4Wn1F3CiJR9CMzLiccNSe9uZ5TPszMcg+pFMQXVyIt
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem
new file mode 100644
index 0000000000..5c2b861a06
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C0 70 34 C0 9A 8D 1D 2E 2D D7 48 F4 47 47 6E 89 FC 22 A0 28 
+    friendlyName: pathLenConstraint6 subCA0 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA0
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTAwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDpgGQKv6ZtxqisbQnblDFKz1kj4LQRZTaRi6ly
+jkFMlb1h8OE3Q2m2uQd/HnayH57gKKvjvo5mdYe9AxjZtQKlnfvLvnEckt/2jx8f
+PnD1owh9WnFxPfKk5KXFe07v2S6PnDJB9KeD5gGrGGDBPFtnN81rJ6CgFuDmO1TY
+WPJVlZm+xK1OCPP5iPUT5DiyE6ouVLlHO6IONz4XgeMfjEa9J4Y3n5V2J0w4pUzV
+P/YZ+afXQY8r/Gh3Vyx0oKqdlYjDd60Ui8iw0SMd8DDyTaa9wW4LGDolYOjB7yna
+gW//Sxd/MZVwmcKmq03ZAlEIs4ew/+fBPYqMox4SFI7AWwzXAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBTPdnaDc5Ak
+x42jbWd861LA1NTtSDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBAEB/
+WsEKvQHARpddOd3k4ozzpgZ882UmNgb+9ILrMLhXnJUn6JWfSj2jSSmhDmiNqu3b
+lmzVVDBvVQqufpSIUK7/GB35AELTgoeOtepDANoRA1LJDJWc0gUbtKvgtfvAPPVu
+19CzmZrYLalyS+DMF6MWB8WfSrhtqdCKH7ndwNqBhW47mwO8OHAmpnGfCcvAbvMi
+UzrW7IoONO8dyPmUyLiscuiYzceI5S/ht3LbS/xHQeqFPslESirnsMrLKIFewqVv
+TG7ODfcxBGAT40Sa02WABO3qPzcVnDPqBuzWHXM7Z02JXOkzZqcjH9bYpmRhz1vU
+ZmqzIuGDS7/JLvKJekw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C0 70 34 C0 9A 8D 1D 2E 2D D7 48 F4 47 47 6E 89 FC 22 A0 28 
+    friendlyName: pathLenConstraint6 subCA0 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FCFFF93C60567CEF
+
+jrP4Qz7OJDNU/aoROu+niRWYXpZyOPiye9vSxV8i4mTdagBX+O5ZG8Q+R24W3zkJ
+yKL1JVawZfxBbc0XgUhgan4TkI8664PxUIknFLvN86GT3O29USdOBHzCcrHVY8p+
+rzmc7gcZP5+jiSbQVHUhFfU9iqR2V/yN3xOX/mbTEsKT7/6lxgpdSiVaPxy3uWpU
+Sbj8FBGNPrgIotykbO0/itKLiJXiJchX6pFwzBXteqaouSqJ889u684/eW7rT2fC
+Z7r0ELGAVrc8TjbxPBzrH0eE8uXB3tNwYUz5ClLjJNJikyuZ6ZOKHaSSGCcGoVsA
+aghgsi9xiOMHjd/+jsOF+ZUvqLMfRc628e8ZGN8d6xuI6DwtKrXwTM2URZG4dFPJ
+Iy/2es+y3GaLFZZq006h1U7Ch7qmXdadNZXyrM/UzWDk0ZjfkfeBSswbpdjQkTnO
+pUFaWTRo29/BBZdyPk51OsGorv2P1AJxSwieMHUDbV7lV9gfwQtZWWQL2Axx+1TX
+CSYa8/fCdiODwt1lZZO7SW6nOvz/izTfTNixBhdiePNZcUPh0YwedBZ4A8Pt1LML
+WdPplOFc+IIzEhywJ2E3qJDfPEpX6URdzho4fultjyF/pDCIOO3KMSNVwQ8JOSsj
+AHRenjepoKMoHtCiIt5y4Uy01FbAHOMc8y7SGjhb76rEhv0Tnkm7NamnV7n7jG77
+Pl+2DDMpVLBIvMEddUTtZOihP1HJ1m3cWiy4fbM7M/t1sUO4sM58bz2iHVXnPRCc
+V93UP8A6XnTgB06SMeih+nYBkXZ5xoOYwH5u5dznr5+nOiAPXE6y6Cd4kOFKVSW/
+74jQTurdT1locsjLHbiEEDziy+0ECZXHeOv776bnffDVSREa2xtywhV/fXDQFdxr
+QxXMlx9OSz0MqDeXEwXXRbaWTWnYbhygPWHoAx/dTHJVOWEpj1SkjBAZXcZRC42i
+/AMLDjTw2/o1BssojTvEiedCdNx/Nw8lCQlog+NM4cu76ROgkZMN5od5KzIZMIr0
+TJQFvcNuLmW+Io2b3t0pzhtarMtfR76ThPILyec98ngWy4ckqydDVaKq1eeidh9Y
+UjYw9ZMJGghKQ0Y8xxOKR74pVOcmiiYM8lrsfLE3S2xCIpy49tL4W2S0JxaE6YUa
+Bt1OZLwZleQtA0Ppj2Zw2P2NR7LAyhGE0wAUxI6mGxhllpHaRfG8zX35g4a4TotO
+PeFoD1pAwjkIMSl/3365Uj7+imYRAmkliWtDfpQr6kd2RIjyA+rGire3AswsS0Z9
+a5fDpAPUtRwnrGa25b6cl/FejkBzD6/61bxoKzaiKWjKJmcgIGw8pqaW/AqHSxNI
+cHQk3pyTrmRJFnaIgX7oYIOd3N6fehNtX63uGNGK+n8Dnftht6ap+SbEzx3pWAz4
+c4tHllQiE1AH9IWKgq1VHn4/vtzjZldBqHq3MPb4XOQotK1ukhnX1aacPQaOYVHH
+x+Xle3A3Pa+TgSjav/jxJ/EqWt08AGU6/R/gKoUS51gwVY5KM3/1xMCHJBU6tGqn
+gwfrIMYybRxJQCTZpsRbMQLS2SXYS4eHF+g37wOBao5lBqQxfBs9pYK3bzhP40PT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem
new file mode 100644
index 0000000000..07cb933bfa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 46 BC E8 E1 06 A9 4F FD C8 F5 F2 A0 EC E7 60 57 02 F9 A1 07 
+    friendlyName: pathLenConstraint6 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDbl//xWkNw59SbDnUPP4oLjGtR0lPZ9ro0Y6WB
++VU5bQttT1STRTs4rE0dsO7uxCe4rgElYiE3RWkOX3NpjDoCjhAsZQw+qTR+RYBq
+rXSoNY80g6yKD+hw8Og99RL00sf0/vYlP0VYG38+cMILpZerHyIjyn04miEb3KA/
+VDh3iacw0W38bDi4vWkKM+vyzTu1bmwTK3e74GaeDQKoZFEP5dGFleHaEjf3TobK
+mXvEVAl2OmJcm64caInLsn5ZorVxYYizcsnwtIaAVP03UFq00tHIRzthDUe/Q+qP
+FXYesalAOV+65HnlVk3xVuhxc1/MtoUtMuaK13E0nl2h0CeBAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBQ8mpWek15W
+YulbOJBsmjpuktv3CzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQELBQADggEBAAEB
+tPnuRM2E44XP0QrA5YQhDrvV7pzhdEmo+7ZeaAlb4I6r5jAHpCcBjuI39tihVxqF
+ERPPrK1ZLjIt3q9ZIeih02rmWde/qqDgIGQJATl9pY2VpWX6kTu6vuZKw8eA9in2
+PB6y5lHGnMcb8oSyvAA2gH81HxQtS0SmILOPDr8LFJ+cmw3Wv6E8T8lDYCQyb/oN
+KCHGIY+Je3W9e+BPVyRLk9B7SbQC8dFC0zC/tkL6EImHXCP4vH5B0B2WysD7Yjav
+6KKJgWLa7l15/ZxcxuX17E5GZG3Vl9fIZf0qfaR6nZAMXPNLOQTSR2tS8ponmk3K
+7xxdRXaFL4msvMY7iP8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 46 BC E8 E1 06 A9 4F FD C8 F5 F2 A0 EC E7 60 57 02 F9 A1 07 
+    friendlyName: pathLenConstraint6 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E3277D8DC8428604
+
+1KOZwzQYMSXVc4ZjSJQMkMqAYHNDlWmkrbChYpOwoiTKHo656wCmfUmj21fJVylW
+ntsQic7srUpTZ8JJEmZBwEnBsZs/bSITXjlzXCFR+nkxwlXi5FXiF+ujDLzRZqhk
+udKZZZskmo7v47u6Su1qDyYHM6SK5+jbxr92fUL+PngbUSpmQn5wYzn/Hwoc4CKF
+2DBXUBNUDN/xxsV/PhvArgEXNGpEnjIs0hC02OiElTHdvG+Fix59RM2Z8qQhTCYg
+HgaVBNhlASh2PFMMiwTzuREoXJgq6GA/kUtU+1cf4jUyENoXRzObx++3ON+BQQ+w
+iNMOcFnVQ+LjwDZKzPDGaq7bGzVFPZT8c1hiqFQ0MutWUqkcxeQp+L4wUF4ysVZA
+4Yx/f2M3fr+4K33qW6w3Y/PKMxPU+32m9bJLKaV/d1a2gixNys7pCKj7kx+STFO7
+J7E/Qptcmth90p1tTZtJ+DId7Hl+SMJDsKRR073Cv4qsu/gQsBeHicOpb13k/1Sa
+pPZLcswriUEG2apABluHBWiOQiU4eWcyqshSTd8XkZs2GyBDXHJrjpFG9KuGQo9/
+n3lmp93p7wWuJjW3JZhvL9bTDsMXFvdV+80OeL+5cKvX8BHmSmeJC4nwV3P5mJeM
+tO8jxYb/6dnq5SKikWK05UzvYvgoYWex/IWfucY5qTEjBkDYWKjbQjJC1mc6iyXO
+L/UUQ+v4A+ukxSjpcZ9oX5j+z3YPm1E/7Fy3gvljRM+QRNuYkfZeqZpxBkx1GDKZ
+lSBkRBG2seXugWyyX0mpuqA1piN4dNik5IoXk2I7RzwrE/b8RBlSWsREtQbNON3Z
+Ab2X/qc+TRpHYLcTHaeQxlCoIXx+3JFcuhug/XViWTN+EG9qfFwy3Fn2wtuhYdqT
+GJO+1Ffuv5FxBFJovHSCHw6nB0qDAYYNEEgm+12IY6zptZ0QA6WhKsLIkbvwAwJV
+wJ0MJ2AWxh+AOg/E8Vqktowo+s/mAmuZHW+CR1OWT/HTJqPXhm5UI07lOmlErjaD
+sr79iX4aPdF5rNAO54FWXt5MHXKzI5shefZc2Av2qJUsVBs/yLES7LS9zwtiEeBn
+7d8pr1GaU8zEWOUJpr5IobmkXU/gNOutBpAhgxrfdyn67WMsaNvXazBMQB1QPkzx
+hME5TOzSNHoqaJXH1PdbrR4a+1Cu47SBn9/orFjhV1YK+R3A7psN0McyaSFO6AgP
+1TOsJ8m0p9VxO0Ld5Io0e6FaG5pZKf2mnJqiC3n6F3fIyX7vjSab4D7eV4q6SGZx
+6AvhXzmhk9y38QqI+EwVXvF9L7qWOKmiCFaUnLa4PrXb4gvTml+I3mljB8y1frUI
+82D0hHwXxmcgV/PWkKUv4HnP5vXE1wpCjkSruHgBius9/ukXARUW1UgPsjMEMpHB
+0Hr6mcJ8KYtNvvnGEIwkNRepTEINuS9ZkUdE9d7Y9C5lgPSQ+hrnZ0WzpUmKKSuc
+QDRpPpGGSTOnvsuaDrJJVlSkvuo0gIkqLABF828UBwiWkQyRR7QuhvHgaK0qNTeZ
+Z8t6jxxaL1cX+Y2mDOC/3yioad+tHhCKczHNCMox2QB4/fgtzFaqZ9YqP1Dc7uju
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem
new file mode 100644
index 0000000000..eca3bf0452
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 20 3F 1E 27 F5 D5 D8 B2 21 57 38 DA 36 07 E2 57 F8 6F 10 1F 
+    friendlyName: pathLenConstraint6 subCA4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA4
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTQwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDRaciiXPE9CRnZszi4MJScusSJJBpnJRox4Dpn
+VJKE86q6HuEUtOzhllVlfQtaSGxhyWD8q8HpeGW7F2lqcblT0VbPyTPDF2DiPt6B
+yGYw2J9IMmkmdJ3RiXxouq336e1FTJoPCsgwHiK1bne2i4d6L5TFen8p6IFL2XR/
+lQyug93gOPysThsY14A2JJTNAISkJFtfEiHABPlsMtzST5OkazCJiIkGZw7+pId+
+jkWMoOc1C4nVTUEJJbyUVYTLEetaJVxU+3tVDr1vmTHXdYu4v6rWpX3IcmEMTM9m
+4HOqO1c92SWna0WvJLsPRm1y2/H+hhaGgvp83VrdXh/fdHrDAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBRJhdtL+xFj
+2ZkCKLQLep4TF1oVdzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQQwDQYJKoZIhvcNAQELBQADggEBAJBm
+SQWFZgiXsoHVxU/Di8Vz/JG2sTHLr58iyp38gcp+7oM/SrRqdtFe3KoaRb1LBHhK
+Kwssx+5ukA/ZYIrKRTwv7IFUgdeQgsQDbNtAyxMkKwv2QFrtx1zaS0397wqZRGL2
+c4ph2EI7F0IzOmzuXuj3leZTiAA1z7m+WopfmN7RxPmFT/8ZouNCUnMxryjqEzm0
+k2vUuGzd7MLEGHlW2UVR4R/hfSOUTUBcUgC/F/aB07nCJ3Gon8ztvzRIAo7IQ1Vt
+okYWRHbFapAq5NsEn/Z/AxDGh9kJuSIx8/mz4hcdiKvfbQTztUPBVrq1RmF++rHR
+fwzHkZ48GGyTH5QbV8Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 20 3F 1E 27 F5 D5 D8 B2 21 57 38 DA 36 07 E2 57 F8 6F 10 1F 
+    friendlyName: pathLenConstraint6 subCA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B1DBE38CC5F027
+
+xmAK7t4VqSNBgcZrMibK2lTme0BW6e65ASOjylAXAH4yMvgJGjEHRxj62gMZHHCp
+Cn/w4/PE2MfyZg4Ac9d0W+t3+8o0fJsa5rjfdSHWjZvK0hjx/0PgUplV9hqMYQ1K
+pOEZzAFPDiLb8t383RTUCKhsE0EyIxjcKdqFackk0s3RulEN5O9ehj/70IYbO9XA
+726FgHA3S1dZsxekTkrpTmC1T6Nxw4tWYWR+2x5Vx2BesQIsBvQF41nB55y+l0MG
+tYA4lFJ/qSlMqT0nYBEOghRHt7hyT4Rz4DOC5AZXwlZ5JUsjgzAHEr3FE0cT/4kT
+rISxP7L7pL8L9Vusnm39bxrCiKNLFcqGrBhEi/lLzHQ9WMXc/i1GQicaqDLKlLkA
+gDZ4rBUMFuJThvfAteSLLPsYVWcGN4NMq/CRXj6+EgaGGuUy22rt9H4/n7O/xPsU
+kTleCyIGrgJozT01/OqSCisOXb362Ho+BcC4cxXI5mL9y2qzhlsO6KBjl76v6QK1
+Q2KH9qzvNwWXAWlQ93MLwAZ92W+z9vXr27qc/EPzrFObPrIjHVLJFs94FsgVXCSv
++Gf/vXQRWURnH95hmhIibseKJ5l/yyhIeUB9zyB+cg0ZZdkKJnNavNeSGWHm6TP3
+jnT4761Pg1DjyJN2Ce5Gh86P1KyaGhmxP3+RwZqGo1vRMqk9qEebAfmC5WqDBMVn
+pbQ2XT6dQUXmr7vsW8XCBi8ojlf4pS41Oq2ZMY/l+6FYYFw5KSz3IW7Rcjyj+FmE
+P0lOCIskE6UrcXrX/AtvJKWjgfDu9NUVENDV0ZXJ9xKqrWRD9PRIDEUeXc5YiZjJ
+v/i3iWcHeFK5Y35daW9T7QkTOivTmEsuE/ncR8ZrM76nYhcvb/Euo+CZ1kW42sUT
+c6Q+cVBm0BY2I8VTvxEAWTbytTvIV39xPg9eOqqNWomvDkocvZ5D9pe16YRMYhy/
+XIl+jdJ9qnmzGmLmVP1xWzN6CJx9i61JSBTdm6HZqr1EaTcVY0xz/6R1PsBJ/veP
+3vDMimT2Z0UkcmwrlWFsIzc/2JNNrmAgzLqUz8aED8EI5DsH2ixoWBxIyu8OY5I6
+o5Xk+AtaGFH79ktdVmCk9Bx8JlH3ngi3QvkV3pnLsFt7xm5NL8f983eMIEcW3xTG
+3MFpLXRMfIrX9IZJFeEEBiJQufxgkbeIblulY6Il8YFKvUyBK2rTjF/RV2NWL89X
+zx0pBV7IMk+eav0T4dIKHyCEn719lRawJujBdqfHIFR9XqQeriLNmvl1fwIAq9aV
+E4xKR9BlvkXd4MyFQWWGomI8aIHyHfb0DDQtlD8DTL3EZx11P1ihAiXWgtHjJv2t
+WQqxSsJrT7K4ZsuzZxvC3RBzCx1+w7rzoBjr+shgoKQa+DgQCIvYqx9yHenTfLJU
+b0mLn/NCc6V+NRvA8ismPZbXOFGi5edxmBRm9/AlLJwPrYv3nL+F5k74qWkhLDrG
+863JD1YNIvue1voJGK+RRXetZHPTK2BQW+N5dTn1ZQIGPM/pGMCXYiLjwABv4riQ
+Q+ayr702yMuJiDGDywb4PsNkpeiEvZWdEefGwbRj56EHzIhwqd/GB4goGWo+v0ve
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem
new file mode 100644
index 0000000000..062578b2b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2F BE 8A 79 66 E8 F2 34 7F 81 93 45 80 67 28 47 99 3C 8D 41 
+    friendlyName: pathLenConstraint6 subsubCA00 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA0
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBMDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0EwMDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPzK+3Yt88gKSZVYm3rqWATIKudK
+erzo6+8OfKXCeLhqdyl7YQSXA49uFUCP3j41d6D51ntK6ngrxNY0HzGIO76aGbqB
+u1XCDdNUQGdL6j2IKBL1b3wWfbkFP7jQ4t57SKbtRVrJQUclQnPngCglKy9VSVME
+xpO9FfmPMJi9UV+zZ2VXD/6wfe6WG+bwkGDh935dJXi/pRJEYcT9ldL38He+fTmu
+pFatw7Z/qroGStY03BhsbNs5hGPk84ttMgf+HUcNWEKPrLmRzY0nmfAL3oRtfjNY
++V8N5BhcBHIXoiReaSUi68mkt7K//FzIOMa5F4tsyuiiElFMYebEV5M1pGcCAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUz3Z2g3OQJMeNo21nfOtSwNTU7UgwHQYDVR0OBBYE
+FLq54oj31FkliuMp30+gBjjdcXSCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsF
+AAOCAQEAQoo7imYucTJXFumY1aMqG9EQSloP/zLPTdL6XFi1tUFCebI/pNhDIHOO
+svVDSnenCEL2pf5V7obvFKBCb+IyaOQLC1JqV66Cti25xcyyVDKm0Bewd+ZydXYS
+YxhGkPEzqPCPJ0z3Z46vI2ObJU/+s37+u6EUSfX+V7uKcrQhR+9DwfL+x/5b+TKg
+l1kKIxaAw8hZGwOaAUdUTayCHPaxpGUFXqgfR52D2+fqIDFd59CwksvCUXx76qqW
+5JOBQu7UMyTMZsv+ZWg++JcSjKd9/FMBGtmPRnu+HB4+XQ+I5f6lSi62FUQQQ3JX
+MWTHU+R74FntihrR4lAAl5Qwh3N9pg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2F BE 8A 79 66 E8 F2 34 7F 81 93 45 80 67 28 47 99 3C 8D 41 
+    friendlyName: pathLenConstraint6 subsubCA00 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4CF27B968169FE88
+
+1iw0oCkMr96HSqViN8KaY6SHsCNqFr/nlf7hWf9vRZ8pZPvxPaNyadQ9WPvJPFXa
+06rCaV9RV2cMMpejdkMYL+E8odYSBjYHE3u310YQWJdJLt72AO16TxTyjV/ZsFxD
+aCxGh5vW/kWIa1BD6mgWAUXPJQWihGmxqWitxXvNYb4RlltH5nCoSHHWR6lqD347
+aRANohrFqFp4488o7NbvzupGF6bPTK0CrRSFTpShq/Jmd3exwXOcJ9u9hL3/CPvt
+ybShcNvvSLO0m5uoP6j6ijP8AeQKivIdxt119AksjByDr9mclOdJM+B9Gia35iDN
+H7GcCbOeNYCacDDRJuSdJn22M+TXXVbpeexKV8hFUqLEpXmd+7kX7c/6zXqzIPLV
+T8Ko5nvxQ90POPWoIcNWGHq8CJEtA5ty8jiUorFze4hghtomdEPyG5HaLWEchLnV
+/FS8n8z8EABqpnXbDEp4Q2hMY+Nco9L6L+5cxI/pcylsMG5c5wpquf81Ff6IKEo8
+syTkdj07zsvih3gwxvDzlGff3s3cUi1L1BlBvl6n9mdhjbVH9P/TVJNhgXxTmjAH
+8eTi9rzVzzzGUOttMhjwsSinwd+qHIklT66tamIFlWqFPJLUUjw42uz5MxnpJkOS
+1AuJKVQo7XTljpVK4BnA4h/xIaoWH0gM0f+qhHLaqSe9rbU2dNNCciyDDi20AUBQ
+Y4Otk4mq45R77A2zYwZdsljahxeaRp6xZHboQ5W+sosHecAZ2+UDe19slmddn9rC
+eQLJt9Jf7uGLhimWep+X1Bn4vCdvdZeRZW8dKhu9NvlWOj79OzQjbxNLOQ3CiRZz
+fMtDnnKreXe2bYe42zop8FR9Kfri4dQVsTkkVtK+vtz3PVWHctJHQP59otqhDCK0
+pDp5XGKMcyDQ5pTXGJ6H6DAO5RqO6v/ZK0YD56cr6W1XGZHfibF5UI1AgXO6dfIj
+c9Al6gWaoLXdxDXjT36e/EJQydMyNBKRlFJ8uC87F8binvPwYkOzu8PxQ3DSMZ/V
+e45x7II+wmxyAvthLXPWBwbTZUUK1pnPxR8VKWdjuzvxqvZSfchsXTjyxhBwANtr
+gRIMiQofwbQFPosUu+3MGYJ3tjdH923RXY51/OJClnirerCk8LVX8aECWFbMtc82
+E7I4KrqZmex1ja3xzwfTn5bHoy5RssAQDCzvk0M7ia+C3IObK1j8WbXlJBwj0BL0
+lpWZOnYcvLQWXkvxg2D3DuQYUQKDGon79rrsOyXgWuaDSIXDzjE2BiM0VRXskHst
+vpGm9JwEpVpe/0kRvxiLpeG4cHwSWtA4U8cHkuucWuxrxZ85OMu5fnIJ+v29KcmK
+AGn1hEas0hBDIevBLEPtT+Z7NsCwUQn4sgE7foPwrcPHSWu6NlsSarAxAJReJZhi
+ktVGbV7QtSCm9QQeql0BpoCaWHaP5yeljfcIqQNX5ndzVOf4f2eMtl2G3lZXR5Wb
+v+OoxHZZxYwiSkBlmCffXgYTEeuzM2sDdEIuz4YtDyAN8SVc2ZpF7jwGFzY3uKQW
+Eobo7WjIsJ8RUKHp2nUNbi4pWgPmawaPIZW+KXsEKl5b2yATVZ1vWhRaOdqXyvOa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem
new file mode 100644
index 0000000000..c0453fc232
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D8 2E E7 D9 03 4B 28 64 6A 5F 09 89 7D E4 9B 4D F6 2C E9 4C 
+    friendlyName: pathLenConstraint6 subsubCA11 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA11
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0ExMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuN/uaJp/PshJKQyBN2TWolI/yk
+GtUvS8cQoBUZUR7ahtG31S8sD48vf3s5ggkb3JfkLOQuwxwzfiYRZxVLxHyNbQEY
+TUrZIoPj0+SqdDb9JCXkuCU94akI1d0xqf7M7MO0CHVZ3fcOp9qNTwm/gBdnep+x
+pMh+g6nn73ufozCGzrnLaQp3wzWK/D4V6WjuDQMgnEjlAhxs2euUsg13HbElCSqf
+r8Mx8bbhHdvzV5yMPVTH8mXYt/xv8YCN/ek78q+i1VI4yUw2AdB1IMwvXDnYNQJb
+fi5ucRIthUmBwPlf7zaEHjAsNieSQL8+SdI6vOA4WUH2tNHIIvTHn5GqItECAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUPJqVnpNeVmLpWziQbJo6bpLb9wswHQYDVR0OBBYE
+FNOmRV4CnWcWfZSAD3O5hMZbtTG+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsF
+AAOCAQEAT4bn1Lcr9UM45OpPECn9R4qREuYB4mAdo/NHNvnXQWoe/g3ao5y1R0OZ
+t5aAw5Ri3ghemIraBIadgiWEpbYR1MVoR6Vx+yTLH1nq5yGKoLJ+fsEPmNwTc94O
+Lhdu94B/gB/sy1vfq+/lnmScXMqWjE5+0kEE6BhNEJm5ep4r31/nv0oijTwLEWXn
+VnAF/NmOWgm7+hOMVkzXTqJVY/Ep1r7QJHa65hB2+UhkzuNryOK/57CBZQbO8+qM
+GVEymCQ858dkmH8JSpScryYdXQZb74Owx0z+zB/yiy2arubmocOwtBJIVpAv9DeV
+HyK/COG7N0jwe98VneVl/KstdYTrDQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 2E E7 D9 03 4B 28 64 6A 5F 09 89 7D E4 9B 4D F6 2C E9 4C 
+    friendlyName: pathLenConstraint6 subsubCA11 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5DA38B49F7680467
+
+vCNi7mFrSPZxDYmL8Qfjvy7bxyx0TkWqZO0nWdNAxKnSDjsXS5+D8awQ/ZNmj74N
++SLBFJE2pB7fp6uT4Z2WXHIbG61bARd3qmkXkXBtMhFU1nOy7rJ4iALsvJAqbKJg
+VBosdvZDMlHT64eOqfucVJVpPtJoKKGim3d496c8iUgWsYQVLpu5h+ifTfuRO+/l
+ARIbpprGsjjhKkUiAe44AuG3z7WZqe4jy7iVTqew2GBULUUkkYOAtYGRnDf5/SjY
+dfxTHAh/uvNSg82aacIqD8JO6eKX3c0uFSyAA4Oty/4Hr39R4F5cfXQMgnPmhAQg
+UdMBIlsa79eWU/2D6AxlkgmfmnF0VgGJRSkfiBvQ7nJX+AlQ8amZ+oCt7mGRyOEk
+BjwzwLufkj6xof6V/o/ZM1McqOTGhLNL9zz9+Qq6WNJhIznniNEUKNOxCJZnHk9D
++k3eoIACfXXCjMVSxndpjZ3l+xM+nY3ei8jXdLp7vYoaWs1UtXT7U+L6qyE+LVhx
+mh7DyCkkX9IfKQqcZWgTN4Bm6KHN8OLu8l8hv4McTfylwK2JB7S3YZrrx9Kc0R0y
+itw+l1zwAUvck9aZ4AOO2vqA+HErBQBKtpNBoB7DMjrwc/22tJd5HmKDPAqqtuqb
+NZhkYD2dnFvb07fV3t7DfpIs4cdewtoebvikGX8oHJTx0tv40BkAPRPtf3VcnShh
+gRRatGDcRrs+TFVHdY7r0JFh+TWkHStVrv4UyzlGAwQ7lVnt0r6zaGRZSB2CZ3jA
+u30RVtvnu2aEMg824rdHpEtfW+dKgE8l0L0jjRMEb8UYsUjYxKT+10C52RN2FpwW
+PjSI8VZeJHK2LlFNbtDO7cUNK4hrRY1Ic3qU3jkm+bBVutrbe+SQjswH0F2435j/
+slO8LTxRqY8VZ4ueEa8Ofp3TdWLG7CTq0NF2UlEqBldB+Hg5GP5JzAX3IjSoTgyn
+aUO+rcygsfWKh4cBaHo8Le7aJjFlLLcvXMIsOqGvnIzG3tMlmvK58qDIlo/2ilLR
+3DwC/nXBKTfelDyO4wgNiQvc4gCsLQ6a1CizT2ulTmBmQUbFk5m6mYJF0tkyZAX9
+mMMxKrCYjU6PvY+OEiAN1W4UpVJE8Pr6MFBD11Z/H7NCGATJS71xWqYR8LVuaF1g
+YZvf9vZL3YleBNmrlLxr68v2Z/Inco0lrMpyFws4JDYOHjuD1TJQKpjAmxxQXj/W
+MtjeDffrEKHudhA5jRrOP8ZB8hdWlox/iuu087mnJW8yWtIRvyNEusE2wvNtiMYk
+QBUuqaHSIagr3QtkQ+o3EesfzkDFl5oz8Z7ZWZ9n2vF510HwJKmqb40lgsEyywjT
+qbaVyHhySxHikPcO8cxHlpQKiBCHHdAZprq32qnk46q/n9rb3p+nMjZSWIF9/YwS
+QD38G1NyFgm0q269P9oQ2BGbILhCpblwYAflavrDqDdE4KvZGKaR00RJpC6diDeM
+h1xCBBz5Fwp6NOZ/e0jGHns71pZ/NboGSHkieQle30nw2o06brwrDTTXW5shIKaR
+jcmzH0wgsMNVORkM4p3Taq42UVugMjkTuXCMI3AygOYNn8a9Ib8sXLpivkLW8UCF
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem
new file mode 100644
index 0000000000..dee3db33b0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A 6A 29 59 4D 9D 4D C2 33 FD DB 17 CD 49 47 F8 72 2C 92 CC 
+    friendlyName: pathLenConstraint6 subsubCA41 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA41
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA4
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0E0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhwD2w1qEqflNfYtpGLRSNwCAoE
+N7//EbgaFJKP4OGaerEZ41IHT4G8x0QOsx2RMRd6gXL9zNMmKhjoCL4Nv2mXksGt
+crt9dSJE2MaUIQFj/cdJv+WNwoQW8amBjeMSNL7BgB8y71fnO8srWabp6vkIgDr9
+tY0qmHZ1CLxB848d8C14NbaNGMeWJzI8ri2rXD/0sC/0LtWgg624DjmZWgxb7B8J
+w1ERSKznjFQ4vv9imV7vJ1GZ2r5V6nBPFnmtK2r2yqAeNReHE3U2syb9lpFyOsjh
+qTjVQdKUk5N+NAZpCipVuymCdvWcJY3C8FVmjxefqv/cJBu3Kxi7Bf6f1iMCAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUSYXbS/sRY9mZAii0C3qeExdaFXcwHQYDVR0OBBYE
+FERapgfP9vPIx0bvZKH1W8E/grxXMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsF
+AAOCAQEAtz+rkTNDpvnMjCDzmvVltiLfHURT3X/GipGokbedY89ANtS1dRmNFyDS
+I1Dh17v8HsW2GR40FCIP4ImbxvPrUAQIASOVUR7iLKwSj99RwK8+Tfd9cUBx5cdA
+nXm+KGqJ04sBKilEM6kGhA+vxZU8OJ7hck3rFVxNiIvGTZmYPlSLLQqv0X3LcWG9
+XArnZEKfNH6Ph0LCOzlPsLI3iQ5rHluq3liWMD21LBEftUdpJ0DqzEiWEFHL8PuD
+AtiGA+cOA0DTakpwjLnd2q1wM0S7HLVaYGSv6HErM594IUZQfWAyyyTpl3CERtH+
+mlou5h4IgFeitqocNlVfoAX5CzZsvQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A 6A 29 59 4D 9D 4D C2 33 FD DB 17 CD 49 47 F8 72 2C 92 CC 
+    friendlyName: pathLenConstraint6 subsubCA41 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3E4218EFB3A645FB
+
+SlNl29wyvuhel9ar2aDtOEG+incCnQscatPX8whutk0o0/uhViDsxZqw1VrZPGYU
+VuYuplolpGLts9Ac42qpFO9C6TAMzBuuqvfkVVESrHrULSDooUaMmahSu2aptfEC
+7d1QFSh57X8UsnHmhpcyGHdVeu3ZU3gbRwg0ThIpMPTeA0Z/yjmXrBbe15o3d5hP
+y16cbMPfMQJ25lfmmLoe/belsqWBEVRcfcW1ZlUxEYcvocNgrN4sEI6XfWZw5CYc
+5005r3onPF01xPYDqhmGvDShwIpI1b2Xxd5RbAkTCS0e/QrDUDUt+jlYfWZN/osd
+QdMj6lFRGGoJkEhMjAOGza+ixuGjf4WlqjtWPItCrqtz8f0rixqQWFsU/xuqaqRR
++q0Bgw6H2sSGennKeyPuv6ONnKWbPZgOEdqNMmLp3rWY23g3RhHonHeB267YVCOX
+8FoPOJlBq2EpTefwUe9pwm94awWRMPhGeDDhpKubVkVPe0E9ghFkf264X1pkxAsy
+0LTatlTsXh4Hv8MexaaNZ87EQDat8Ehw6Z/LMNQVkrmQNyYa/LE9mEBMs7PEIvBp
+mGjlCo3aLzS7JSUB7QJwYS4KlkxyTIA36AS+YYEsTEvclYvdEVY8r/4NNHOV0Y+q
+eZLfm+KdseMBdfphUOjUj4dOM7vnqsgprwbLOD4lLQn104GCHt3FebphJ6Sd0PqV
+czd6ZPETM6U1/TFkxqqe1dhsHUA03hKCGFyKg8/mUjJyPajUtJmAOG0BYgJB58ZS
+QMNiQu+3qIJyimlGoUAKStS8zlfV4u1ZXx9Qd7eds1SGNX7ekgeL9XqN57lV9g93
+YKYx+s1izCMltq/IgLiBCow1PTcEcQhgqHADKaL44603I5cDKFp7DEeQ9Csq/4K8
+Vd57EAV8a/UEKLGpKnYTTBtG4StCbtpfZM1Z9YFrsXwLNslkPDIpeizkE/Es8IR3
+komhXk1qp0rH+0sZyohArLmdNrONyDAGOT1N3EVzeMKylKDsLZ3MSIneWx2CUQm1
+nB3yU0JFuiCrszmvP3ToBQLn6b8w0Hz7OIvgmRVUj/KiRoiS3QdgR696ijHjrVxA
+03HJER2tkGfxPG09va/cAzEGnotBOf7njyagxtMLho9UcNKRphHB8IXZE4KjO1Ci
+a1WKU0DVO0BxB0xyvaxBTa7DZe4nUNcABUB1NiHBda7V+44gpQ6QNjciCtEAaVPR
+YL4txJHYkQW3QoV5HY5B1O6XDODW9TNg+D5NLio326JU9rpOZuHQSgvHnrHKSN+q
+iAuE3Kv4TZL5uq35Z0HnhZSNaps12iGmtNJggCPe6cXvak5G+Gbww74L6/Pbx/RF
+Tzyo+q5Q6C4lrAZPwxc0uFFR40HdAvG8FI3eSP2AvDMjb9BjNKFGV6POnErNZjwP
+2IO8hmiEPZqD5X2W39KZmf9p9BT/mby4VtMTNHXCa2lDLVbQStaTTAS7JvTZK9sj
+h60ij3HmDnrn/oNb+Tj27RPP6WwfRwEG9Q6ckQUR4IxcTQtZJueY2NhAYzZECVsP
+fkqROcAMAgsglc+qIhmK+GRcXT8SH1RVC1MMOiIzYiamZI+I82Fonw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem
new file mode 100644
index 0000000000..d03f8732ea
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 94 18 7E AC 6F 72 8F FA 6B 91 D7 BB 94 C4 27 3B 68 12 30 
+    friendlyName: pathLenConstraint6 subsubsubCA11X Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA11
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBaMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExlbkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNB
+MTFYMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo0UoNFGT352ywLD
+aKdwbykOrdmbb2i9KA1jFcqybAsbFggHUWmqEbSwqgepPtbWwmQBcMXHr5jGwgpl
+WL+3XK+e37NR3CwhhHu+ab/wQ+YQhzx2X9OmDiUqEd8trpLst7xhB2MbBDmh6F8P
+uKqc5bYgweh2rG9btTF3pNZCpAoB++xBfmWFgZ4smWnNh56Q8StmJRUbNyxSb48V
+NT+HD0WolgMTJiGy95UzAJreX7+vD93LtqgV7qQfB5IEo7QUe0L6bKBDnl0mKubv
+wFWMBjMBvkj8Vn+MBPpPbmt5K2xQcNNBoCCwziXkutnpt1bpOiBX3vfxaNQj5M0S
+rkdlwQIDAQABo3wwejAfBgNVHSMEGDAWgBTTpkVeAp1nFn2UgA9zuYTGW7UxvjAd
+BgNVHQ4EFgQUg9q4tcadyIsIfIs/7RpyJeKvG+owDgYDVR0PAQH/BAQDAgEGMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBNi63ktdmqOjJ86RiHJKt46kPz3m6rDrPF3cVUh+gYeW6bYTKa
+2PbBbdPF90ENIZosUsg3dD1J7C+HR9oKqnG1YnghfKwhMej9z/PH+/GfepK+RADi
+b6Op6J1+zC1JCP2oLLMPcD/KKqptle5URd4u0tWM+tKodVijSkeKq6CfHtHErBcX
+uh0L8Q8PR3SWWmvYqfqDr0LGzl1D8hQp6EPUaQdxYFyNgiwcOz8p5pF70+ExnPMO
+Zw7nlBHN7QqtIegieCdwl/DJQCtfvxXYVGs2CW4af9p0ttM5lIDNXuoMRUd1rWTR
+vE63/I9pL52qh/9aX8GhBGuj4kP4E8OxgFo6
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 94 18 7E AC 6F 72 8F FA 6B 91 D7 BB 94 C4 27 3B 68 12 30 
+    friendlyName: pathLenConstraint6 subsubsubCA11X Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,29E796E9158D0510
+
+rDtlnUNJqhCzyBZzrrQewQV/EZsv1x+tz86nXJDeXXBd3S2RqS2q9geIgsYerXZZ
+tWoMBgt5AKVOpkfFmfbTmVxYz6IlFDsi/hnjgwgucKwFCmc7V5M6endSuPO856/Y
+xA09QeKqcEAzgopW7mnavPoScfIpk4NYOpeiRDTvHTX2nMQbA69WMBka+FGqYV2l
+nW2bhEGSggl5A35R+iAj2AXXsDBy6x52ySYZ5VehnRq6T4lNxd4Wzk7TeHyYCpsr
+EpA6Ao451LawmLhbQS//H0D4L7b3Pn7XsA/d15UlMfqkvhuMLTcd7k3xH0MOxGZm
+0d9toet8DwrQ/v2WzIwsX++/e6jfKlZGa2RPZXvr5icF5JI/LSl3lNtI/GPQQNpy
+ZMOw5G21n9+2jUoOxDH+jA215JUDIwdRWf3KxsGMsMz1ROWG3QZWFYO/F7xb5FH1
+w4V7oqoJP0N6K84mShIzi3mm8e39BUGjLPGMoRGTeD37RRuQCmHv7avZ8SEKJh2R
+btaJhe0wD++34DTHFbz3Ea4qu2jgdf0VQF5TV/cIAVIlEbzBVvTWBBxdo7luypBe
+yTt0BG9+tE7A/UAy/Q7IXnobwZ4PfR52RVWLOTy/EpRSfbxC2TmXWFfrEs91Evb1
+b1rHIxWKRfK0wvdte0C6Wsy9WcFlqxDhwsYXMfAs0/Wa6/P3yLloRxUL/eus8N8W
+2pvF4hHTjq2VlytC6JW3heKY4SFtu87HgWw/5tnP28jRQPmpuvYsukoFFOjsq30I
+z9lmP5iRKHhMSnXOzBxW+XkW4J0gUeJ67zWJQK4QK4w4fgRm4DmO/GNGvltg9870
+HzkHrHx7j1EqUG3mxKB0A7cH55YfE/MO+4mTANnFjajTKoOBT8soI/9UZ9zy2C2C
+66c5a/L8nY1/D7rqSGLmAFaXiY5V6JrhqNG7Dslmj1gtS3TKian9JJ9OS5dvNrxF
+9Of1YAbea5dagQAfbAfG/FbStcdJiy0H1UEdQGynQLbLWOVFIoTztvehgLrOqssY
+vr4lds/EQK1rW5yaj7hIgDiFAAs0vmXC0kXmf4KtFHrESsEcKHh1dQOwpA70FsaC
+fa4eAKt+Uk6SP+WrbAuZNF101tmI++kbp9oYKR3xRjnMaSQEoAUv5xgtZmyIRHoK
+UtbBeoMhQRyuwmr52lv8f0Ztp6OKJBnk+lc+BZ+w/ydYm/s2UyAUMHdjQiAa4l6D
+ga0E1I634UvkrV3MpLvGt6Q2N8wffbAunMtlzZ8Mlp0mOlR1r0Nywplostseph/l
+QXp2GvZ3yvvPJ3wXbseXr9IGQiZEVi2j6qLECT1IJKMB/IUBAApLdbYA/wTRkVL1
+uV2PATkHIp7rVllX8mUtl5SO3tvqe9hzLZpI8Q8fUzOPRXGpNzYqW/HBPMLuEyhw
+fgZb1/wkchOd0d20CL9iQVkEyuJvNhjO6gbsm7dB0marreyQHP7Ho0TXMedBtByf
+oJRe7Did6d17H8d0/RYfm++nCeqlNMvS2nt+4T3trCC5T3m8jTrNGSamp3MgH7qc
+5L0OFqoDnBOYvZMnUFkPkjPy0XPRH9qXTxwEHSzaVMXmychMr5odvq1dQDBnKMub
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem
new file mode 100644
index 0000000000..2e2402c8bc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 84 F0 F2 97 13 11 CE 64 6E 27 A4 E0 AD A4 7C 01 48 5C CC 1C 
+    friendlyName: pathLenConstraint6 subsubsubCA41X Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA41
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBNDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBaMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExlbkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNB
+NDFYMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hM3qC08TT0qiiB1
+AXVRGB8La1zcPFASpIZ0T1pRmbvQVay8/l8gAcVytv6KVDgpjXjXXMjjJMuAZQm6
+ilT+eC3WrLSzBWUQDzAXTARzERVE3u4woJnBdpcyo4ZlTRGijwzYfbVlrdTNRnX1
+ET0R9BLIK4qxRYdJvlDXoCQQFb1/58RMs9jK7lxHetuVt1ieeWF/fLRPZ2Qbf/qm
+MpepaATXRf4Nue57jA3FyUAbvgVg2XnhRRdAEnsM90YRZHOD+XbB4Lhz2Pk6hNDM
+xfl70rGpDXIOh9UmIYZZ2yegRx/rKDI+3wFAtcGYek4trQGg/1HoTbaKszhIgb1s
+uJ0EUQIDAQABo3wwejAfBgNVHSMEGDAWgBREWqYHz/bzyMdG72Sh9VvBP4K8VzAd
+BgNVHQ4EFgQUoe2i8zVUpZ+8Y+ZHalMkbEoMciwwDgYDVR0PAQH/BAQDAgEGMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBM/xztTxc6ooWAmhUfwjeTeHYxZFBCB81yMwM/agD4C3gTf+vl
+P1CnTaXFV2aoOYDiXCkA3oL4DViFQKHcuIh6ag5pKlxB38KCH5l87W+xb4NuuyhC
+/sYzP6PsQr43jiWtzbGRgQ8SFwN/+jX4MQnJE660ab09hgm3LmIkWCa3202nbwvR
+rL0ILpgkzQs+IgbJY9EAE2cGiapoZ8mjKBq4EwZG6xqjqp8LO2Al8Koa1ofFwnoz
+sYCgl+oyiP2lTkdMpg9p3gmmqWRnv0qWvfjwxnpH470rFWxL1u5nG1MM/Y2GLi5o
++poL/laW4KNTZOgEnijxlvBJiLfhb/mymaMZ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 84 F0 F2 97 13 11 CE 64 6E 27 A4 E0 AD A4 7C 01 48 5C CC 1C 
+    friendlyName: pathLenConstraint6 subsubsubCA41X Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FE4FAA573336C14
+
+GLa99+FOa9l+sPDWoFbyBrbX/TtHNYIleUwj/cWNxb7jQU07+yk7mBUld0Bz5Rsf
+VuANrtMFAKMVIP6G4U7lDO33F89oDESmpm/NBcXorVklfaRoYAEpGmpFmPpYinUH
+L4zhMODI04VO6RbDLAUIKDrnjObW3Kz+u4It+0qE6cPWF6a2C0w2Qtnl+TX9yd4g
+vHrQUcXbNJ7FJIxPCVM6oVtEFA/YCaTxp2YIjls+6mM8raJAAeXr7mgTSRcMf0xl
+GHhq94Srx2LEN4U7x4vAzeGVcgt4Fc6Wl7S3GejQCJVCSlaqh1n5LObFL24hHW+W
+MNo4BF4Ie5+GvT8bNryXTfz6WS1/I5WpRBjncoJglKXLhKFkOyS+l+4hmh+RRN4H
+4GEgBQ0UjlNxRmycU9kS63A4rs2EJCpeaQkZbubrOyWQ21NmBmeGPAno+J8TfSUb
+UsHvS0DIbsQVc629/ROE+Mp+qkzNIITzgogT/GXbJMLj/ECJM6gZ46SXbUpoH/Zn
+F8QoqMm/nzY8jiF8HS/CmVi0fwd2zyqH5I8Igz5JN1i2Toq1AKJ1dhpJTij5vm2C
+m3EpwATFkjPD2WDrDlcCfvVwlGY2GJG3VHTvlF6E3+bkpZoqQ/LY4+xBj2DvxuQ6
+bQiSL0rcw7xvibsjdxTj0VRg1RBkGnZoUqEpA1uAbehFTLI1EkttvIDPWjtflfwY
+5d6c9HsAo4Ikcwwb897sPQ7SMK9OaXjg7v3D4QFMIMQVCN81xA149l8++SS2Az9T
+nxMswJ+pZp/+Gvs0D9bfAbN9dICVCkAlE4PUAPbvwt3Tb49hG7prCgs7pwedBa3b
+20f7PMEJ99WaOvZ+Dc0aFttyuS7hc2vuYdlG2Ah0QK8INk6cJI385ghp8mthdl7N
+nwGmMKux5y1rmB0JTRiKjYbVILiL0LwvU+leK2kiJSwjdBgmg1ucDDL69D+4/P76
+T+pmxcyyNqfqy2no1p5aELuOU1XMbeC5AnISqsBa9Gjuw6ApaapHZ0Q/KEXxPeRY
+lgJ307CUK9EGQOviLnFB5htGLMVYBbqPT8kp5m4gmTTD20baM4bjnHoR0vdTfzv4
+IgkMPGgsdEtyEcvAcEKK5uH6gWHcAe9DeOtBe6w2FMRNdsTytqa3oABb9wVK8/ZG
+wpP4EHh3NDm3NPHt5K2DSD8aUrXYnt0Yvt4KTSrytZ4ayFLz14WNXnKIGD1WqSJC
+8/3Gs5vs1m86sKo6qLyybI5Jxm04DZ4KiNxj4t9XN102D6wnJVEzDWXPLUqc3bio
+Ln2pncIaCX+5ACS/ETYiTHoxNzGXM1QdyCkBBeDKk31x1A2HF1KehYzAXltxvkzt
+1BzTEYx/lXSu+UJpoNw0l9c1dO+qQrEdCqVEEGc1MCmgY/aQgtX6Z0EguFvz8VwR
+UyWkXxwvndy/iFMhSSDc9ZbsBKGpXE5wdn6VcnSfhziOOB7/vtSgzaXSoWM7UZED
+xfbAp0/k0Sqwwk65cN4E2PUXKNuKtaMfh94QXnrhn/eYRjFmzZhfkiDkuBLN7f56
+MdevaFdEL6rFfOlFGI5LIISK1Nv+rWC/x1rZwVvRjcftRiKjD0tAdQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..71c924fa42
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6C D5 39 2E C2 D9 A8 61 5A 18 1A 13 BD D1 E2 C2 E7 60 8F 88 
+    friendlyName: pre2000 CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pre2000 CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBDzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXByZTIwMDAgQ1JMIG5leHRVcGRhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDJaKW914d9ICbgb9i5WTu9xNEgITtuLfHFOh1uuDHXbo48416O
+1x7Bcws68LzNGyZiWIvs9kokWB0vVNdKt76kJvMTOMZcPFH0o4dfYo5JUaBeSU8Y
++Nfjxlql6PKOYiTruu4reYLgxf1BaGCtH+GjYqYOYC3He8gqiD0xuAEFb2a2Fdo8
+m5eryPTYEHC81LjmDZPDRksJmsUXsCa63AKQaqEvnrXxT9MLGflkFilXCL66yFhJ
+19k0lucJo8oZQt4PIMS7TF3fPFYdk58c5eQc3TUwjm93ZYgvSNEOeISC6EE7avb7
+0DASh70CX1iy+uNX+gcGp6aoZ799UaqAFv0hAgMBAAGjfDB6MB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQeqEecYYBoKLFCmimM5igD
+KZIDzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJCSqna4iaOkoMr5x0YW
+TxgORJXV2/YMYG+loli/0m7bCp2A5WLp6YGifWXvdcxjcNwVnXZsT6RYJ3eGp7RJ
+oKiRncTMjrAhAVsVjgdy5U7uP7lEfAQfZ2nzMOzT8TVk7sjGmWXmm8OaiWxLoQll
+4eOdKsBLIJLweWdV7AZ0cpGCPwnXRq8mh4mabsAEl0cB85ZGydb3D+q9zv92HIHi
+LJm/mVEbn6EQV6f+XW7JKYjTJJ0nFeZb5j/0JFPy5+4lo+KXHXV+DkEIdMMPG66U
+99Co7Xtye7IkjOzXFLbRYbQJ+lALkq0BqAPCC2RCbZz8ZLaVoIjJU0XyuQ3O0YMY
+5Qo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6C D5 39 2E C2 D9 A8 61 5A 18 1A 13 BD D1 E2 C2 E7 60 8F 88 
+    friendlyName: pre2000 CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,48E785EC915176B0
+
+DvAWSul3RAjkEh00T/mI2uZoXGmFZ8KMSIpciqidBfizZNHtVCWpelmHH2bdq5c3
+LAyWePUZzeWglaag/cWzykPwgH0sPgeXPLwr/BtoAOPRgITVr1k1vHhShI7gjWuk
+Ya+3bMVvOF67fyeYNz19YjoSQ+fGMMCo/KyxYNPfth/w6F/kVoqqXrSt1k3na6AP
+HM7sELceaQzGl6JYZs4Q+1IRsA4sXpMO1FvxSem08vfjsrpHBhQvjcXPBP2GQpy4
+TANNZVVeed7uimomklEdJrsjqRtmvjGB4maaARVBBvLywouZqWPQXqjUr71kDTM0
+z6OfunsRH11DabCjwFaOkb1n5WYaVGETz+8BygIdHbhzzlkdtxIkKc9fUUlvcK+p
+YBxPbfn6u4tuOkhzauUTMMCzJXe3FWn0Q+3Ff7WAfnK44xD1eImGr39zjfDA1KVA
+YVpg6geqCZCX3pHRiygMWRVRiTu14fnlbvw2Tx25Irx6cJd/XvFVMOtAJzhKCEr4
+mPKENqhW734k45qISYegeeuL12sJGLyemHHPSrRLZxD1sbrFwJ6jO6rP2ph4At9b
+DmDaVPRZpHJUxW/XHN0UOIsbycDVdsxWz+QGYDaBbwNGyWBGj3Fe5CkeeQdIn4VK
+IJ5pixAvnBz8paPcN17u0jLf8gw4VkVxV9dQxKREFg+1A51M1ywWoPoj+FcLnx5X
+5LlCpw7r4j00dsEP/86VjhAffMP7j+DiIofRsrHiJKoHjY/tw+5JAzeD/mkiFEcy
+klr0N5nMdqq1EeoczljpNcS67eUx1s0VlVca4PSdkFI4Y/6AH0sHY3q8Alsnm7II
+zNqur3/XuwZgKcI6pYJrKrr076bU5GjSrjFDjkRcZODpTwfHMoWScOsof+15eLz2
+WbecSJE2l3pbB12x2UY/p9w73TAs+DO8DbHe9ARZ3P8TijFqm7M1olrbXwjmTMRY
+m2QLJ39muPsRNP3GpiXCuuCmb+tiq1zuhdUwVmckRf5uJCxqKIriKnqtPxL6qCS7
+1XGxSC98NthFXkQFxIiZHEs/TzrCqzhxE3kPR0k2A6AfgvHAcSOGGxGN87dtQbW9
+BnIJTwpmiT9CNJMeNGMFTKdEP3paZL21EFiwtu45TFWrlsOf1WVd4KoWmBmiIstp
+sb6KhWUx2konms1RoC0wtWv/JxXSptymCmqDyB7NhHe9YHz3YpCrfsqKw4JrOatO
+nkFVr2oyK0nC/2mbsugRJ2TjEv2ctXEKmPJ0tCVH3ZlK/qxsd8wu+AKdpThZtb7/
+deHf+LSgfimjzBk9/MnUYU61Y4InMv/cChfQwQdooJPT/sxPLcQYl5SEolNzaK4z
+rDa/HpTk0bbaK13RiZ1OR0tP2KfgKrIxKWdsH3WGSarxF7HTKsDQzdgZusIVuJDi
+NtQPhrOLIr1N181jF8Wj/dLr5FY8fGWwomQCgkIF0OAfnN/bzWHufifdb6nc0F+u
+UH/ah86lrkgoUxFiQjbyK1QKyW2gNJFmV0Uuk5aQWvnlK8Yn0Gg8cJ/EFTzl89pS
+LrofVKQT1YJJaH45PapT1E+DP9z42TZscvIivLwxjIJLZXdZJxMqat1mMYzXaIqU
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem
new file mode 100644
index 0000000000..4aaf206169
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 27 CD 61 20 C9 48 37 C4 8E 4B 48 31 C5 51 74 67 43 00 1E D3 
+    friendlyName: requireExplicitPolicy0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTAgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC9H7tvssdc/wduqx16T+W82qMWJRF190U8Ojp8YtO11D+dXuos
+YwW1s2g6HC9GuoMCVkS7H3VOx4D0T+oY/Gdt2vVKWFALPXlPkXYvcetrZeBucc+8
+oQHdgUeMKpFwagazoOeBZRbEKuz32amMQajto6RsdOKn8G/tCfvPWSiu+e9Wpr1A
+F8/F49mxKRrHo/8sLnHZEBYA4NIVy/KuXThzkYmfU1nfVejYjNPDC8rV67MtDvJX
+Q4KkbASnlX9zzaQuJbT8AeUeDMnYKbss9VcWTuukIk45PMAJvF9tnK3vlzPZcoI1
+wL8Xznd7XpwGDCjt9sjcfFG+P9gnnpe+oH3RAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLns37pSIri4vmr3ohLV
+JyDWZwQ1MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEAMA0GCSqGSIb3DQEBCwUA
+A4IBAQBW5W0it/x9piqf4Ontkmv47v7kAheDZ3zVTavuaSyTR3X8zZjq2MRZ/GP1
+ukAIbYmtVA8ButPfrz98zK+JvgWhijro0lulYoB1weRwEVCCskRw1puGCwLcO5HH
+esqtSf25opakP+8orfdJ5oz3MNgIbV2eLrV8UBoIwqUlh9nJur1dLYY0EVWaLtl0
+vG3ZCzoJUdoQfidcBukQ1vs94fSeo86PUSmc3ly9R7e9bqmlYx3W8+UWWnNzj45c
+7kho7OxSoyZhcIP30Brq567uvhWftpHTThNdgsXLEMZ0sAtYz3RRTwJR926fij54
+sXrppFJp8OTTFV9u++k/u3qmGQJq
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 CD 61 20 C9 48 37 C4 8E 4B 48 31 C5 51 74 67 43 00 1E D3 
+    friendlyName: requireExplicitPolicy0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B129C23003C7DEB1
+
+DLhdq7VdbAjB0rZaaal3iA/ic6EcNiB3hXhnWinigTmeRLec8mtYZqiOkTDs3kSP
+g81WHfr+06hC8T3112FjVg4XhMjQIL6TnyP8WExWOZlbfNgaQtn1O/6/uPVPywi9
+gx0hipVnTLhfiTjD2HdvKs7nNxvwcGvHSMp1DQIZj4JVPA39RNVW5KncOCybA5tu
+1Up7+3lPfpO6it0+i/eib1QOU5hIIN+O0zPy7eiyxMWKFv0brqGKWeExB5gIc2BH
+Zlad8DWnYscxGOMUqM0OELBIDqH5Mgpsml689VzUae5AqfGLTHW60H0HY6owpiKF
+Kq2e8SfKWuGf+4hwnaMlHH31JQwO1vIJrF3tLdpcgZSicCC4sTKl45oc1lZXgYHA
+WdH8LhsHIZdcA68eEDJxHFxtD3Jvh2mtOyWwxTCv1PK6X69q+orzf6qjhbX1k1sl
+gNYudB3rJZLgQOkOX8jlyrFf88VFUgrE4Ti6Lr5JBG/nbrs3mpEkvgx4/cq6RVJP
+pi7gFY8+E+HXa0vn9qMSTgMq1uIWixHxRhTs4PPH2cn8D6qCnz5a1WFmlCWlznw9
+2wsGyhgjsUcUjjJEhXNBvdPDaqu3pon5wyT5wPng5UdX9eDhwi5ZMSjIeSbybdWh
+MXPPla0lsYS5/edG+rU8A/LS0dRuAM55b4qZ2uKMXA5H4pzMuIp9i70BPHiTtlTo
+QMzaK3xpfHWZOfbONyWN70tdyhDJI4YrtO1mpknBOJuHjxMhe67NYaxpS3FMwXuK
+sXfPmbCy5N5NxKuJG0rwFaHmqUDu/u1UQlr+6OQggZQ4mwKUENGGR72c1onFa6j9
+X90NTKsx1XnH9ho7wXLPp8q5I+wyfRkcGTREw6t0X7ZNE6wtUv983lZ+KK7I+8XF
+ggQkh/wZphlm01qx4XTnOSvjexgxDHHfFDO0APaonZsZ99pnfLadMhO5GN9YKMcY
+4jTQ8B9pty58CvJuSXxNRwnOwDpJSxQA6Z+SS5rn5GZELvXFea1h6dzVy6LNcYnn
+DqQayNbw94GF2YLTchYKCM50/BiT90wcR2qRJYgwKshWK2YrVyxgn4PDme5CST5p
+CfUiKfGlL77pojauzjeAttytFYhwocN9Ubc/X9FVVycrqUQjsviC4pZigGt5eeQq
+us7QaBsdcUStGa+rJnhAZ3uu3cWflYi5X/i3Rct/BlJBcTWTYLzKznZphStEn4OI
+Z5kObIqCLZEq52TZ7Bho90dX7c6efB+J81GyVY56D8LKJqI1IDcXAnrdHLrgv+eH
+BmyOBx9iS7XdNqUUfW//zvDd7OkbPclOntmU162JEBWXVPhODjg2uI9tAAnd+Fd6
+zIPqXFA4iD4yfawNGvucY5R9xuGiwV263GfDZg6ZYomSjfRXhyix/n9y5tDSIyeY
+IcyhHqK3ceu6LK0c1p/ChE+O3tyV/l9zLKjKC8/rD9ISbsGoMYm5dmHwsxRFi8aG
+ZxhXrMVzJuB5yqHLyLoVZ+JV0vXmQwh0amT//fpY13ymo9QUNl3aWVdV921QsI3J
+0dO1LjL4NVhysOaGu+IwJqk6EbDGMg9OAHlM1ZbNAunJfNKOEQCnbTd34p0ot8fp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem
new file mode 100644
index 0000000000..5758443d07
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 98 9F E7 16 BC 53 67 43 9F 00 66 8E 0C 12 67 DC D8 B6 BC 91 
+    friendlyName: requireExplicitPolicy0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kJr6U09z+r8aR+1RvhIAo+D0AF2
+do7gCMyAhzT3z+LRHAdHqeOwpsUaTBcREVV2MsCoWAk2gsG6mkXzrpKWWboFM+0x
+V2HmWjDSb44HNYEwcnSQ8uW2eIZ/B2ZUEdnkODBvIToPEbvfubccCBz+zerRuShN
+yB/m6m/Hgx65/ZmLLlja62OdP8/Txk+q+NudnkgkWIFaoqF6PxPyZDf5rS6wFybi
+B2E3xETVhRSAVuKqJXiTIl+xQnc68/HaF00Oj6Ul2v3Xmy8pLdA+z+BMBLEgso88
+4CQCCw9DKWExeWOGTOGcsXGF2Ccxo+HjIpDtuy+NiyKBrCySjJWTMebUAwIDAQAB
+o3wwejAfBgNVHSMEGDAWgBS57N+6UiK4uL5q96IS1Scg1mcENTAdBgNVHQ4EFgQU
+vmJ4/Tu9bpwLM/I7MqpBCPPliVowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQC1SY78Ivlxwfun6e4Ru6ZfZbq41Jdn9WDMSO2BpepubxaXSDmGv0lGuvTDKAJK
+qNLUZ5GfGJP6inTx6iOxSPsn94vVT3YnlQNB3m2BW80MAL4G1Y+2IGid+DziABjl
+uuihKKe9gSbu5alh39RolvCP/PuUmXX53SJvn6rcM2ImnP80F73lccJno+on/zX8
+SvLqoGBA7jUO6XUJRN9ZweY7jpjQmJkRbArIHf8XUaEHDzFnn9job0siFYBfSbyE
+zDGOqpesAx/2enD3AHGdCQAfN6j68bojseeY+o2R/qKAyW6Q3tgloj33bo9xq4ku
+qNvqfPmXIIdT6aO4zpTrjJgy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 98 9F E7 16 BC 53 67 43 9F 00 66 8E 0C 12 67 DC D8 B6 BC 91 
+    friendlyName: requireExplicitPolicy0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E7F5CD2A1E296188
+
+KCkDHzpCNib6KzyDil7+gKgxF4KnWDa3lOxEe+4gG5IFZ/Fl/agCSqAKg0efdIM8
+kCJrR5968l03QXhdk/WHMymOgpwVTope+eYpx9093fXQRfy4p15q5YDxH2Sufwbg
+kIbE5HR0RlWnOjHHG413ihmEMSxPM9uQK3UhrTHAss4Z3mDDgRMYjip04o9fCmiG
+ib9bJmp9uqCHraygD//Hnk2juKOI+/mjWLaEmOu8L6CCCjNdrk3bfwBxtgfgZOa2
+MBumLB7uSSA1tirzo5yulo/l6n2sCtdrL5AqYAhxIgPITGKTNwp31fcUScWYP6uO
+cbDYKzIbU0Z2GhVhCeQ4bP72uUYxPHDEVzwLKCUTL7QhddT4tmf1ZWqz9PGvjX48
+1C+9Hr7tdeqevewhbwn2nj/i7WhCBFFQCAcQJhMufro3PbM8SOxilCnl7ggp0WPH
+W3KJ+u55+mO8m0GsfaYmwpJW5bPliTlWhY+4XLDdYtK7bF5NfOng0sPmi/IjFo+0
+QauvRVgK7mZWGXjSVzsy0x6AYQqC7PfST6auoA3llSx6iteqwHnJBAgaJ6m4GyGW
+p1KMiyo41WCPS8EftRdD5sOQLNY3j7hGXZQV6XQRRBUeonpjwYdm8dtRlE9GNT8A
+B/Hjlm+qOdPRahMKT/vgRggFEXKwxRPYVrE5fJZvNxZ0pDTDJqIAN1yizduYrVbA
+PUUvAQzuYeAkZuYpTs4iZkfOy/fO4ZQLIWIs/OS9AW9EZU3y5qR0sK8hEimwgTPu
+karhYKs7PGy9Ni4n9Q2yFio/+RGgPGauH7FZZQiveuWG3tXLSMczNjEdOqgs+LPR
+ATwbbLuqA+btrqLt3Zru9ZPMsDEEUz88x6kvJ26IoArVelPOGBKeJoIIZZrDVdJv
+UUhJeXyRWhdD9duRY4z1JPKVYte2zsU8OQZZ7U60L3zVNXJict3BKtljSnzotqRc
+27ICOQWdrs0KVox3seJJte98xuzJ3KqBYFS9d9wO5oA2mcJYG4iG7v23XQvtnBnz
+EFNa8RdjsIzKqimqECedUfOAnU2EfYFx0YgGUTC9XnPkv++tAPuOgEql6cgleg4S
+qzaQYzEuaXp6PBjHkFfd/b9xMrXD/JeLBLlPY/qaxtJIZsIC1BFpeT0qz1uy8wBQ
+XwrerC/xM8pMJ0J+EOmf0B8XXeWZdM+3LMzlxRG79LXFjlCQEQak75ViWx6wXftK
+ZpCaG9q9oQq0Qnd7f7k40wT4Qou8B2QSVqwYKdxra/PVAUdR4xBnZ9jD0LYNpcAM
+9EN1Uo8G4tQl2nn0u/s2Sk4QpeCKgtz7R9q3pxRFNsQYgQTtVim+Eq0AhIjRz7Pe
+g2R30Kb0Yl3PhDS4Gpn8dlQZ0CP6nq4YDYb9APLbAK6vU7McsQbXDIr3MfuPReMc
+Ayfov+WSeGWy+XnMrLmWRpyuoJB7+89U79crqfMdC6T4alanOyB6Rqxprg9tuGUF
+cyHh+FOgRlRbXfdiAhPeBOVAdHAb22hC28PNMQKh6RBZhW3ygijuUQA0d7iEpwuQ
+woZOLc9S3/8B3kkc+wOxkWYNGVwSLzTu3VgbUm1LBG2LQSu5w5c70SBQee5Rbpd9
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem
new file mode 100644
index 0000000000..29620a143b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 86 5E 78 BF 57 E4 3C A7 B5 99 E0 8E 3F E6 8C 6F AC B8 55 E9 
+    friendlyName: requireExplicitPolicy0 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2JoTDyKgPYRFw7WI1x0
+qDLxFwPdMWrqDNPO3IXgWvoxaJs9TTJ0Du0yU4WBqNRR6waqPeRLtXi95RVg60CG
+EEbY4j8nTVNGj0VUnDfF/ey1ZrIPpLh2HWE0UGAfYPX26sZ2Z+gN4A9KE7kRBgf0
+GfwwebdVRJq4yCncvmMqAevllCUonA45cn3W+wC9n5Ono4ooD4PJFJ8KRALImUXc
+xHFtvL4GEsCEHHXFrEGle18aQiApb1aFVl1USk59ILLs/IuFdf1J/pztbA9HGEsa
+w0yrlN2fXK/ZPZhyD/Bs5Wy8uH85iduCRgmRa/XENqccN7AxVp1NeE8OxW3rjEQ6
+VQIDAQABo3wwejAfBgNVHSMEGDAWgBS+Ynj9O71unAsz8jsyqkEI8+WJWjAdBgNV
+HQ4EFgQU69iXen96IzUZ5M+XJCcizGenVkkwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQCVCnP34O7DI0X1maCMTT7+hJ1cLO2LvC5MlQK8q/V/BjKFc6G8VcCy
+SMRFEwgoMIctfF9lWLqFFGlAJPB1U6T1w80eFb3GCB9vLILx5rAZ0Zib963MzFZB
+/hxhpnmwAQLc08zmjtHQQKNiTOWKCriBfPvAMGbdWNej/rwnDSj9YpBBEYE9Z4AV
+EFUS6DTBCj4QHP4Sej0y3V/MJot1F18U7Q3UCGicrrTnQrtP9g+r2dfRruaNeoxc
+T6YmhEvBrdCwoAlBFpBZr0HAI4+iTMB4Qt007Tc9WG/zH3cdkKH5YsqRGIr37Ruq
+DG/m3mjqG+3WkRuj1ExY0LYkxxiMdCVR
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 86 5E 78 BF 57 E4 3C A7 B5 99 E0 8E 3F E6 8C 6F AC B8 55 E9 
+    friendlyName: requireExplicitPolicy0 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,88080B693CA4CBCB
+
+eWTD85vvMoWI33pUfTY+58uSpi+fs7jkDxVrKD7mOW3rzPCep8h/lVv0neP0RNoh
+5lvzFkT/2V4HTzDneJfmE1ZUqThAQaqtZxWqkpPgzrVbD+bZvcCzzOb81ib3ERo2
+Zb79MoEPcvzNhSnX4K3A49/4qivghfBbp9NB8OGHJ/FKbjsWYPkQiqYU4JmxYL0d
+OrpfwAdWX1S5r/monH0E1Uv6ip5NHpr0kHzwfQxsD+pgubqnH200+wY3bRyrnDhv
+J4R5IjqzEup5xXGTBhN9rYoVF95cLn94YRkHxfE8kSmLew84IkG9REL8fiqbwr/S
+LD9+SK1DJpp5CBYVevA6lVQrW7bvFclbvOPQhJjxTTNBnOoUbaX96JMDNTH4mB3c
+C8blqAIqo5En//ZRD/PsjhTqQ4eUj437h9z5ePO7Itvqh+7HY80zHb4ShlhQxc0l
+PSxGk1aGtD8WscSfV+8EaEHiDF0DHyYVC5ZW8iBgmXHVuuVk40//ha7VSbH9SlJM
+lb4ZrhwHjAOvbiuNxp2O1iX7n1IVP2NycgUcO0YM33tQ4/ejsZd1QEjxeliTIUhC
+V+7bdXggH0KzJdvpDPyleKSELSwZMpd0fz1bNq4abDmwDlKlpoaBrO7+03VsVv+a
+HZYe96W7MNK/AnQm5ylm1wAP4NHkJjWARWENDS/24lGvUbVzYcdxttnxf0SLUiAO
+nvMCv8cnibQ4wXeY+CLivELdvtsusIKZ++d2MgWp4aNJgIdJygpNZQW69/xqQLre
+ldlkxQio8hYtTCY1MUifMag4uBUzxW9iiJuV2PD7Gu1TVV4xd/bGChZVMa9P+nHo
+u2eiY4pVtNhe9wr5I7nM+SwF6ivtBEH5KwC8H4tDT3nX5fH0+AuvlsfbWeRg7W1k
+cxs6ZMOR9bd9B2J7zUHptQNGP1suly0tMb/KbhM6igjSgnovVGBcdzpK6i6JrLzc
+TlQKg61SQMinRXZgkNYazV+vnkUIYv/rLUoQDlFMAlaijIyN6w5ksaE7KfonjAmx
+OHh2vonCSy2W4gErFY7zNeBVH/fE+JddAWJeoAr1+EzS580V4PhZ9R4LydRfv9o5
+eihAWj1aLUCeCdBNB1MazghBFNt38PbOy+hpzvFC6bG+PGPQAnxisHplO6q+P6co
+xknLYNqA6iFw7mUeCii9hHtj+FAF/cNmNClrK7SAmgA0W8TehLeoOKGoo0dA6/Xu
+DXZV0TDlbt2A8avuYP65daX+b9ghys8m2ETU6x+avlmuPZ5YSq269+y3/ePSwpQ7
+jBfVBRN5+aEM3cR7W4Mn/20PVVpt4gAIYrEAIPiz7sISsWZSLSu8IzCK8jcY8DlY
+L5O/QPZ2LFBJ1EliR32EXl7ubtwqa4VnEf9uoWnyooznyO7qydjPHJU1vTh1wz4T
+gUd4RNCGd7FW/pxS/F8RlItZvvQk5uVKvX6LjrxuHese3dW9JGSe9EUqxozhKRz1
+yudyxVG1rynKxPndL8bSkDikAfPrB/7tg5bzOrF2sAwxS61mkKc3Zd8TBoeOt34F
+L7GgwbWU9mWs/bw8l53HDVuAn2Fsf85xrPdyBRLXzNpMRfAmqs/zgutKLupZJtUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem
new file mode 100644
index 0000000000..9360d1dc11
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D2 01 8C 12 28 A9 C4 AC A2 4B A9 B5 EF DE C4 07 DC AB 48 2F 
+    friendlyName: requireExplicitPolicy0 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4d8UvN3QmBtB
+KQJSFClF134Wrv+NsPbS8dsXxeWIPKizD+8yDP53Rwdwr8k7q+Q2f3jZdXWovp/Z
+RILL+woH9SRbSNRpyDPtbrukl3hPaUO9UCtpeCqPETb5/zfJuw8JIqSG9Ab+atqa
+97bG7XzBTThsSNkfckHoDAc8i0U1HngPuLx9elndglmKtlfgKGqTagXLaWJbo0WM
+phT8BOBrmBohhIr7K+t08MyC72vCLZXD4dTkV/+fFuhHdKOP7XHNejLOdy8QVbC7
+kuSTPuCjI7a5EjtpSVwpXvpaooHdFIeOCiPjJg4xBP1NNJuqKG9Bkc+P+dMjdz+i
+JH4ybXFsIwIDAQABo3wwejAfBgNVHSMEGDAWgBTr2Jd6f3ojNRnkz5ckJyLMZ6dW
+STAdBgNVHQ4EFgQUtdsE1sggCC9aQcd4o0SJ2s4ua7owDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQA7RXTh5JOGumpqPXnJxJTJ0T99+mGke4EtCkyzmb1KvyKD
+gId0UwrUjENlGX20Jqt7/PhBcYS4xgx1kpQcRf/WJ8pzQbSH7SD7EFxySJ4d4zaj
+Zu9ITjJCEWw8qlWRP9lbQ5Hucs+X+W1kFSlWM3GgV3qcysDnNlcBoJfpNC6wehFy
+aSIBDY+SgT51bDZp/ANdKUSIjX1HUV6uRzCPQZYKkNAD4hS3X6as37Ap5WerP8Lf
+rZKkEtbFFB5TSJif31LTsxb5sYc2AtBjOBKvemBGzdmtjOs6MNRXvRdi/wwK3wJ5
+Y/y6tuaxlJtlUngvx7HLQxlZOvySQrq84uKZ3F7C
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D2 01 8C 12 28 A9 C4 AC A2 4B A9 B5 EF DE C4 07 DC AB 48 2F 
+    friendlyName: requireExplicitPolicy0 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F15CFEF31278A507
+
+aSZOe2dyS84zymKL3agADP47XYRnv5CrbiUhwyzE3k/blUEkzTp0VTOwulg8G6pK
+m6Ol1rgp8BpvnIcfvo9u+YhKYd2ziHhNjnOSzaGTAPRq+6s1cdRiH4dhrtzZpOR2
+AKcbk7XiH/uWSR4GLZUjWqGPU6nAd5OvrfVrBF9OiBpz1j/qx1Fy9O6J77DIy6/x
+jeJiH57KLV/RMJzyFELfLF/y1PfjPfxq2ojSAimn1XZKR44McELtn+KBdFEJo/5Q
+K5bPJy2lPdFfLyArqGmvOMyKUpirb04hTEEt20yoTJpIZhBcstyWNszwkiF9vso6
+Zxz6eTchgsiqaIHfKe0ezRDMX8cW1pdB5+2pW9QxUsUn3izIbIq5+KEl5oj+qZcV
+wNN2aX1NKs8eoT1lr4bOTAUaikJyoU4Z0wnUH7AjvW8ynA8jXvi2BC7921JM+6d/
+yzh3nblCQSKsuz6iJv6oWI0CHycc/69bjhsKt1aBdC2t5WFLwWdvhaPlUEBmJm22
+b1Ftez4eQ4w8531g/JA4oWK+Jgyb+Ys8ZJKJHe3NpjjOmCj95oWr7L7ZyUjrIh/I
+Q0Mq9NNrHb5XQSB/by82gNjaE4pBiOOxWBy+CaHgvh8THkZ1UGrPMTUKyY/BPNCT
+tlxj8E88z3kkQzfxqf95JE7JocUEmVou2x3RGKmooOg6KydAxqQFquGeFeb0eigY
+q7Asce2+XB+ilUTOaa8gQXXHDWyzhcDdfWlgmaAC9kZ/uzhEqonuoG0nyfE8V3ZL
+Zzn3j0cc2/LUA0CO4y+01zXxoakIAWBfsI514BH0Atg9l7CDFCPgy5moZmpopDD0
+6EKlAUF15KZiW4x4kLyVm7U8Yjkg+Q86HBqCb2rgas6YJiRbDMv2aQQl/33j/4cS
+TWPaDMmdmHMc4jZjGqmEVlkXQUgBdRoeC0SUVX+fIWrnKpZURJZfb9V7i8Q6VeFF
+TJfaAYz2ML5vQ782ZIKA3HfckgAxX7KaesfH05Q6VlahDv1mpJFNN4ZOmiZ7+0vw
+g+8AYmENCKS7MVuX+YFpIbZXDvYFpX7gYIpNa4ADE8VZLtngQyfOtIzBdgPOXUoJ
+M3JXJDkxWVHEfOLjnOklQK8HrfHOQFxU9Hd+KvYDRbIzsph/LPhYf9LcQ7cj8Mq0
+05nyb0DyNG+ZHe8wHBjiuevUxlG+LMJgqF37XucZmtocixcsl18aHq7Gifqto1iY
+dLPnmDezdlmVvz+Hoasj6qodEmN/A39fa2uDeG+9jTDddpbc+Cjz5ZNLLFQKEKAU
+LW08Ya0ZNV8njHdlB+3MmDzfDwBG4lBEj3Jm3Q9OMV9zoH2HNaUqnTOEXGz1EMGP
+4lGIVt+CKaX0SydSN2jVONPeLOq4R1F4DB8W7mcydJC2EvgUxdtd5m8yst+f8D1/
+46031OVwuLWP0KgIPX0Kmz2Jmm/V69grXG9J4OkZQYv/KfsWjdczalw1IzWU2nae
+Yqdl2fgz1jb7mJaeE7PtG8Oc50ewlzMbCQS0dCXqKv00mntEcc3pjIiYmIl+oVBq
+t+uzCkILkO35WQIEX9oebIQYS4CYyPZrx2IVr+VDVGUBFAF+fyT5tA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem
new file mode 100644
index 0000000000..20f0472cb5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CD 39 F6 C7 73 B2 91 15 EA 44 84 98 D5 1B 56 9F 77 1F 34 73 
+    friendlyName: requireExplicitPolicy10 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBKjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+GnJlcXVpcmVFeHBsaWNpdFBvbGljeTEwIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA89pNhXn+jUxGpeJ1/h+iAlDoB5GdV8Do9wWsj8xwV6wx8QAi
+7MLPxjS9/zzCmmdvv9sa/tPZFYObbUaY8VDtQoksQKtW57OZgyAJTbUj1vV6VPDB
+U55xFOWaI/pesiO1+q1Xzxs5mZKVqChXQMIxzEYbN1opf+48tvsK4cOPLx/QQuEL
+E0q8nnoL8ePohm+8rTEtsWevzHz+PEywncSG+xu3SXC62gBm0Ij6v4178/CyTOho
+m2wXU7KAowokvvRx8ZqI2WS9Arir278fHzCsdjYeBCnybJyES+ldKZ5tvANLh8am
+C8loUhtoBW/HvAWFzOyEgucWqMmH0dUSiDLe1QIDAQABo4GOMIGLMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQZ80wE0V/VgEfz+DQs
+EYHkmM9rnzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4ABCjANBgkqhkiG9w0BAQsF
+AAOCAQEAi0krrdtrtcdh6y64lMi0WeCP4QILh7uXhceEtxyafJAKi0D/t2vQ55oN
+rAP+ZnIT0jOBBOE0cE6kyIcSa82rvNvjLR6fPqEhyXtE2i5dZbJBw847jP91UyBZ
+4QaA4jzJh/cz41U0GRv1dPf0SF/9WcsWKZnqumbZZ/NG7Zu1QJrF1+GU17rOWFUy
+CndBlxka3QVJSTzLxhXwbw52YiXvLJQm7mwF9OTuDU2ffZ5WKuOSA7rXumKNUAqD
+d/U6lvBwChFlr8sAqbXHcxh4ZqboOaTDxvBQ9rLrjKtcuA9N7udGFjZr/nEwqH+t
+vJgmuFX0Tkh9gH9AZax/zOWZivL0nQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD 39 F6 C7 73 B2 91 15 EA 44 84 98 D5 1B 56 9F 77 1F 34 73 
+    friendlyName: requireExplicitPolicy10 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,64795C6B19211323
+
+27uUJ0FOOfIALApWq8b2aNDRoTK8tCfjZSpwRDwoeHpZZNFUw7ckVRtatn09aXu+
+oGWnIkC+WmCIlJH8CxN4VID99OVp95xVk8o2sutEfMO5chpNlaIZ+G0RBltQWWzQ
+sB3up5YEQMBMNYyqD5IdtakFjfa6MSB1LW0tGDmIPu15TBP9ZhxFxDLSfUzvCBco
+Mx4WKP6Cp+sTS5Vw914guOWQTl3nFVAmkv0QbGPjuhw0sR3mXAQw2H9iqf7nlW/l
+D0UTo/vRyIyqy6ri9gkLPGEFIVuOtT3gzZNv1n1mUX3JKtgBan3bvpiCuATbDke3
++p6ZSkkX219fNW6AtezPSBn+YNs796XGLOR7Z4ZwgqigekjBiNZ0T46NOqUr8XsE
++dHW9I67PnaJasb33muOfS7wNIB/RfPTkoCHgUaXqkp3BvQFivadNcOz2oNRGddo
+voRlDfrKrkbcsZTtvStn1nXz7211X31DiQr/Cct2RDeziy6m1DGMH0m6vF9TYmCV
+vH1Fvb3xbViLR1khQeJPiWUrAQG5nHPcm66RKwL1IdKdtTq8WzJyhu+FFGLncn/z
+yIm29dDg6XsLhyEAQMLj6GyVBsR6obMsSovYHP06uNGIpmIeBr/qlO7RZXZTJpn4
+kHJc2/aESWLzqJPQtV1RSgRlp1XJl8+8s9n8VuvcNBpVIoAGXf39mL3ysYQZGjuu
+Tk4I+WhI3XgcHm9mFf1D6ySjjT3TdDtRZucKAUv7RjpyINaJ2y8Qu6rOEuczx+ql
+hdW2cC06zlM/OmFgQaLxcrTyOLetZMLqPVbuf/ZXAKMRsjaIm9NUUA5+QQIYIu+Q
+MgRQ4l78Z9xWSdDiU1+FNsgzwCxSsZYe3mbLXQSxdGUG4WcElpMXL2w9m1DZNSp2
++3cl83yhI34OxzHgKLzP4vh2NliN7TBKGa7rCEgZbR6pjayZ4GCibDReqn/48Upg
+WR0amOzV7ZO4YemHgkL2LDLcNKW031F7DsOHubXql7j/G4gUcbRYrA+k6oX/rLa/
+YOv50xHKzFE9l7nqsbZXCt9jOmTudlTtDda64XSUN1J8dudgOcuQMa0QbVAoQVIY
+9P1wChyUXmcZNpyioRN0/Rk6JsCaCkFapokbG1b1ICy+y817rRlXOqJ3veNlwOmC
+axVUv0smGvxmTlLirfju3/sFFzdqNE44FNwU2pTFcZdekLLeuIXGvtg1gm8kXwIo
+UElpPiUSNDpGYLWW/P7qPYLIejh/sOtPbczL90+lf2YIZcD2QiYdCNWNc5xdFczi
+4ymcYtDrGT9kNjE+Um3vB8Km0aiEAQ6YTRli30dBSNJY/6TUh/EoZyA2rKFkRfuL
+XoKGpkG4PXs1byNppR7QkbTJ8VDCI63pfNBclvmjLQGqcdMkXXTJPJxWxGovMqDI
+fBncN2+x1q2HdmyqdP10PjOdA/C6Eps8c7nNzTxFON8gBNOKIDaFVFyQlfPIim0/
+dI9Xic5lC39LhCtobtUZsmx52O7guVGTLKwUL/NBE09lF0Sn3DEfiok9xFbuDpU7
+sFGe9FVHjxb4Bn/nv7S3HruEVVormpsDvAU12Z42Co0ubvVlWaDxyEl7G5+0WzCA
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem
new file mode 100644
index 0000000000..e8ff4b5f51
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7F 03 2F 98 50 19 5C A8 C7 F2 F2 19 50 D2 16 FE DF E0 33 E2 
+    friendlyName: requireExplicitPolicy10 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 CA
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMacmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBWMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTEmMCQGA1UEAxMdcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3ViQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVX0CKln4yztxPjF30FSL1KXKy
+G+0mCyGvYaITtuY6wIxSEY5/gx5llypjWstkFJK6Y5K+2aeHzPzcrsxd2jg3mG54
+WOEpdDgnOyx9CPA8BjWVmZxcnzLzikSF66IoniwImkpBSpK+vzouO/aiC2kEDvLH
+5ywmwtHhW5fYUT8maw7pzJEbE1ZcQivDNxrXL0feO6neRGhNds53tC8WDFSgtZNK
+kNsPT+S6FLMzs0dfLFbg21WHjJ9MaG2kjH1yuKI0KmXJ+RbM3/vngJPmIzILx8pL
++o4mRCSmIYDW24WREsYahWvismJ+Yn+xYxUSjYrAqw8XTTWFy+pBDJooCFYpAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFBnzTATRX9WAR/P4NCwRgeSYz2ufMB0GA1UdDgQW
+BBRuGKZhJA9o2y4GEZYmN6/JeClWBjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAOkcAeSy758gjhUGHr83+uAMg7509xvYFSmyTvic9b4TEjUTddYplwZ4zHK+
+jRSLsOzh83ZD76uVcGn12a3FbFj7GmYC3o3409ciWWefaSZ0zxFsNmvHB4Y3kt8e
+Emjzkck/LLNri5SGKVlPdYEBWQiCvxdK/jN6YAWpbIASPSbNNiSDUYLXNFWhaRVs
+8+RgaEHwyYW71IHOZ+qWhnjmtYQUL6uglCLcIGmMzkxXIgUo70utC5DbTtUYVDZ6
+glLca7VUQnES1G0oA85/nokRVd1TxbKOeBJoyxRf5IjRbW6OIgLxUYjFmxF5MB0p
+7LHjIkT/5vZy/lERobzh44QI0/s=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7F 03 2F 98 50 19 5C A8 C7 F2 F2 19 50 D2 16 FE DF E0 33 E2 
+    friendlyName: requireExplicitPolicy10 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FF976BA627CFB6F9
+
+0UQf1na5hpAkAVpjFPiBq2fUfi5cEFRrrVtGslQSCfbP6S71v5rxbS3cuwXqIdM9
++au606Cs3NweNOeHIBe3npnk5kXrkP8NBDb9AaC3k5H+aHZ9GKYPFY1EaNya9LnO
+VHko7h7pgn4QaGrHC3BmqjyJIKFaTesLWzNhb9G9MUlIIZs++PufrnHNPB9mWhI6
+Fvs1l5vrZhVdi0sWSplqoE34Hth5Vng3ArDAaQKOa94WNI5F95eEokq7SUQIF+s+
+udHW/VsS4WEnPAVyPhsUdpb9+ofSh6FND7Lr0+vbd7tFzxHuksWZazbK57n1x9oA
+BrC1CN/1XfN+pliNCLF2jEE+gBktUaEBVjCNHpCv6K9fRySCKVrPTKhMr4/fMYEJ
+Pm2HuLtq9umiqJ/Y/ix/OeEllCDrmRlg6l+nniWnC1RlUb433hnpP1l/wBf6zPPj
+qbMYZBzK3mRDhZlcAtOhm23OyUN4WiSslBGIn/auSe+Z1K5J+zYfVyZ9/yMzS2US
+unCOxCMHCQ92vAakzpZmNTNn/8S/orXuHottrHhSHMv9zMoP0hieJZHy9AkoFEeJ
+WGH/CioyY3NImdO3RxiOhIkM0zQpVUXYpgrzl32cJOGkINIs9GxRApqDo3pGH4R7
+gW+5/kfxX9EPDKfZYHOoeV7+tqiatzjPrMJ8ZsGk9OL3xtU+cQ2EbQtIJCoMXc/g
+m4pRPmjiD64FOfcE1UHnSh/Sfvq9Wb13mn1Y/niC1q9SSnwWw9glJVLpJNPlC8SE
+OOAkhnoOzlHqbChpWtiFzls6ExJFmFdZuZdrICJp1812lgwcxlvLO/9MLrV5edE0
+vB3SRDfh8W9DR4yZ98ZFd/QpRI/Yb2QzORKzpoSXQ+U/n/uFuL+OhRBiyW9TZ2vg
+dnJ+9wy6JnITNdFTuL7m5iv7tXRV650bJ/sMXsIzyhz7WAoNL5BxpJO5g1Vdwoft
+A4vBPRlvkFurspLWwEcyLrIM7Foj3hXV1eQbp4W7fKGDSFlvESVF5tLtURoVWN05
+HHXX1tbwJel7zNmCrjNIxw0QIZsG8SyFGtOHgTzK+oeR8KJ3B5hTBgnOd10RVJZE
+M8Uj1IU43RwaTnpQttw4DP/rMeQe/yXTTw6SdvrQW50YDMO6MGGK1C92OqiTBPRV
+qtvlsROpUEITUCbNP22QeYQw145t5pYu96JE7S7EHvFpr+m+KmAO17lpbUIBX40u
+Pkh9sOdKBWkm5skIQi36qx5lPDLkcYvBosadJs0z83qNlfnEJtEm6g0MYmU1rcwy
+X8UJMBmQZAOIAaX7y0EX3eBFAqs77FE7dnIiJDKXAxVbErzC+4JEHTYvdw4VIMor
+yMJDtVDJuVk9MG5lWkIX+942TVWJc297USYQpr9fxvgEPlgrOzeOyCOIfx1hJ7JV
+HJmlHSqxat+2WQPBQPh4sMX8OcndsJjkejKgY2Igdix5K48TFlD683lZPVeIOgAD
+ILaJbcO0/9j+q0EjjT8MItt4tQiN3pHvfqAy8nGXaXeolZyo4TANVfAUXswLSO0Q
+9YY1BO1wAI5LT5mWtF8+4u/oyYlqSnIo09hgVjBfdN0JedACD3l16Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem
new file mode 100644
index 0000000000..33f695db43
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 90 84 34 25 35 EA 8F 80 07 75 7D 36 0E 18 D0 93 C2 5B 9C 12 
+    friendlyName: requireExplicitPolicy10 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBZMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEpMCcGA1UEAxMgcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3Vic3Vi
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Q6OlKYYO7GHk++9w
+xG8Uaa1vROnO94XkBCXxGvbcoEk9vLTPMrU5LDNeb2b5jsqFUnyr2VspNrqVjsft
+SWn35sbByY9KvOvxtVe9CKKbQsnr/xdn8eAbWz160y1yzfTgKgug36awApr+Br3v
+LKAr4+pRyFoFA/rOODTgCvAAw7kWqSo1u41x3tr2trxhX5LysQQu4ZAmuUgK0FW/
+GVElVC3XqkJEj7f87CAJ1UJvJbkmX3fwg2ZLbH2v4UihwVj1rwOmRUz5mrxVM6Qv
+CkcBmP+gxXStOpWpb+xJbrB8ja6XEZ9E1mZvn7z0tVd/MMp2j/FvPAvIX5eK0jE/
+rVixAgMBAAGjfDB6MB8GA1UdIwQYMBaAFG4YpmEkD2jbLgYRliY3r8l4KVYGMB0G
+A1UdDgQWBBRYUE8O8v5yJKTQdz+glix3tSToITAOBgNVHQ8BAf8EBAMCAQYwFwYD
+VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+AQELBQADggEBAM5UH8wRhIjUneCRQvs9o+G2dyjZ2vTOe2Fh7KyY48tnVB0WBn+l
+Z+oSat2PcoEqGLeHb0xeiOdTStG+CIMBsKtEURm+6wm/O9McFDyu/zWAENdgqZfY
+wQa91xLPw/mZ+p73SGqrRpFiOcmStaIax7ip6yB9smU9eIWvqJnRvWN69UvhIhjy
+xarGYM3vUNC4uuhoZuzerUoZ+X4S1l84a0erkbGmH3bLLG/6xtS9jyIrfTN0kkPu
+631e1/HICHgVyGzFxhzKU2wDlkLtWqGk71ZqxJB/hZ0GS9BaFk2k5LS/Jc/r1vjo
+UBK1VkO0Un06qiXfa0JDsXFrWiMtycqBFzE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 90 84 34 25 35 EA 8F 80 07 75 7D 36 0E 18 D0 93 C2 5B 9C 12 
+    friendlyName: requireExplicitPolicy10 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6C56B0A995D09FC8
+
+kNCwDBBX24zs8XyFyKqns0+HqPKcmOUOwb5Eckka6gqCUpI5q1bp+STZaPYBahb+
+q+H9DChmRG9O4eV+T3pmCfY8lSFqv/5X0tBm1KG/7UQHCeK93PJ/+OudrI+9xqsJ
+L46yjdnNHPxRJUflnUmxSf6RAVoxcZ5B8aCW0arXcJpbKPG7vg8noBAGLL9L+Dz3
+RoxF7h/6Uie28oH5sk5KAueItE6lF1kHfBo6gE5G3Y2UDapYbSmXU2Af2lFnZ7zN
+GIlTyapnH0arnWUzMB1QgVWof5sbi4cmt+std8kSpR1olfFEV9+BopVNvspHwDhI
+GdUhN78Oxd3FjHI+RK0oo3rVwfvfN5Zz5/wsL8P6QmCzSS4BWTbL5nMRqUT1ZxhW
+kGRmSn7K43ybGuViWrzZRHxdkx4Uf3/u235dOz9cZqL7UbE6Uz30TWBtDlJNUhkY
+t9iZnlmoz+uQPJVcXoFGQycV49MRddF3dFCQ15Mr4C8xSbU66HBSF8CcO5p8ne30
+k78BPgCTeLeUkO9P0j2W6rYxrAwt4Dcse5bfPlaYZsPsdj2TdludOMJedbLm9ppb
+27UgLmu/IGety7KVbn9zFQKjzoN0acsA0ENdP9wdfpyplhfZ3F0J22RJV/pmrYug
+mmUqPqkmKmN6KWl4N+ZBdOsfwMmMdou+YJ9+kZBOk1uC/3cL9LwL/X33ILanM5pn
+nvJr8cy/lMhcadLM3wiHqtiroKf+Ui+nHrZQ6v7ZAtqQEvTOvLC8G7tYPTdUz1yE
+jKsqs6JrwKHq/cQruumxXj8+xipJ+IncB0AxrAtI1zMcbXosT+tuyXmK76SLX42j
+MDsLysr3N1mkfVm/kiaRVmcRijyaUf9lHM/tLHVhbO0GIuPyYsAKjTJmUIXnx20H
+Zqe/T22MV51ptzZZcr5CRjihJITQpVUjAw8pQKijktT7OEIPSvbvq/fnZX/foruL
+9rXVrACb4LSf8sdJTn7eP3xZVElfbCBosJpm1etjLwKdiIzmcPfuVXsnsfKiuyS1
+PchTcVE7duodcQnUAOhWkpZtlrX+4ZuPFUCWrsebNWgBavEuhKhfdjKsfjXS6Pr6
+u+qTgPa3xVPAhKW1cxiW+smBBnJNPApZ1bqmN5u5dfrUOhoL/sjuuc3bUVA0BkTg
+H6uatshkBRXXaRtx6AvnJ8aECOBvbK90Wl1EbszszVpAEsU2MNhbX3eQiRz1TBtE
+shKnGphVNCbtbS7Ll6xwL74gwxDSOIIGs7ggdpPNmMKfo9SmQPWw137Q4EjpNyAV
+NZXTMmF8P4PJ3K8OCNZ7v9PqnEQ3rJjp7TADD4j2KX63Mnv8fIlE/okm1Wt5Tdvo
+zX6uCkLCb79M3atbpVRZocR1SddJmpLQ8hKKPrPK3lq8MLzTpp6xjnWVK17Hsgub
+UGvsfca+VlDbYmqKvdj1lyIroSaBxN7WLh5QzMILt+IeAF4ihl4Q1xEeRE1NVdN+
+CGB4pC6J+aWpZC20c6lG7O7OcOQGAM6HK/aiAgaaSmxLhu/NjGle4uKhTfGuodgH
+8ytggkks3SzupnDRSWCmaQ0rSFWPSL2rPJbBwoWjRIMTurgQRmFkNg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem
new file mode 100644
index 0000000000..21160f2bac
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D B0 50 D7 39 16 46 7D 10 06 9A 1A A0 D1 28 D0 03 48 F2 CD 
+    friendlyName: requireExplicitPolicy10 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBcMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEsMCoGA1UEAxMjcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3Vi
+c3Vic3ViQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DO8cedU6
+MF/8P1YnCcHKe47mA/BD/ZjRJFTpgEelXmhIk/9qcx5i+jYsQFPOIWPo/V1WacZA
+4Z3WIdP57sw21CZTPX1JfaoygAlcaueoi2UPH2LlvnHGpOGfZpqtI/6y1Kfs77Rc
+bsIMkW8zRPXY2DOhRaYEOzf7ueXiNFx9SDLolxyZPEJiGeFX3+WrDXjZVH5wnCgV
+6t3l+88ZsLQ0WRgbi1gocOBxOtrR50JkNHoOFwUNlqPibJvBkLYrlIOvJiPlqXXj
+y5lgxMCyeSH79AJ9Q/UdMbJdC8HNmXgWxXuK+vInnaOJkjmQFY9MVMq35jIdSaZD
+69D5hOWuBO0RAgMBAAGjfDB6MB8GA1UdIwQYMBaAFFhQTw7y/nIkpNB3P6CWLHe1
+JOghMB0GA1UdDgQWBBSWjHH8Fag7ztnE+MPQX2lxfOgASzAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACl0/KFW/P2mCzjLyGB/zUARmsAFdR0zvWjnKfdDAjg9
+5Tf6At3kqcgTWt7qiKf58NK1S4BqcOQvYnYP3YeSmBEirMgtgJQ0FGR7R0FgoYhy
+DY3tWak94nuM+tuucWqtQuyB6zGOh8Stc7uYkspb2tCCyQQ+pc/V2S6ggC0QuAE0
++yfuJEGlCyoR83ASr3aImoGcZdZ61aqK7bz0+DTDGJdbteBbSJ6WJsH6z8AFQ+yA
+vmEXwQisnsufWYDtwuskwxoAGL+iTVYj1gtveU9O4zzh03hqOT6owGdjryX6VH9L
+dJFtQ7bn8rR5fuuT9Oui1EgnwoKAtDEIpVQGvCEtLuU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D B0 50 D7 39 16 46 7D 10 06 9A 1A A0 D1 28 D0 03 48 F2 CD 
+    friendlyName: requireExplicitPolicy10 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2693B4FF0C23B6DC
+
+oT4nC1SPE3hkJ36qls3FUIwwT4t8CIQm+If2oVjwqUWPk0nOCtoDdsI/0D4bwA5p
+oqeE8cm2qpBSeM+1LLxMvSKgDPavwnaIQ0slnQTIWlFZQcviUAby/wbvZf56UkeM
+AqoFsa3rk2KEhxlmlJ9yp/hi2OFz0yIWEeaH5AAKkoTxDAu68+xVI1ofZb81umY5
+7RMogXmKSN1/Ztl1lCtfhP1HYyJo07SluO4EiK0H7zfJR6Tj40npOzAhFWMI7ZN1
+7QlshDkoMBha6nLUuLlgapwIfzW1aaBohAVPrbT8e5+5KbZYa7jyU95YXbWjEDkS
+j5KSUsOCUw0Pfr5c8hCTzYTrpiQQdQsp5+kIUYIAfGM4M7h7gmYL5qbmS45ND/mr
+zivlJs64hRZpuiHrdoW7IC7SVSh13DOM8QW/j9Mod321fV8TMZLTRDUfDmFJcPA0
+bXc6Y+i3izPA6DtDfHuKhv/uVIUjNOkY3OtenVi382qY6svpiDk8zFZfffdFao0F
+edB16GPNI1UpxD9UgE723g9KNA5239HUJhf+vAXEZcUHog7FYkjGPVgAVObinrjP
+iVuk4lBN44K2bhK+adDjn7SkmxpmlzmY3E+4ZBLQl1w4yZqjsKGQeBE4FfIu5g3H
+Doo57oUAX8l/5UGETFpSXdrXdxfwRb6B802ApcDqs/mbgTXfdK2B+kM61mUbquBf
+wO5gbf4YR1MTpRJg2mnwSPRDUlnZzl5BmzjzlZEy+37NOXI8VnD0SROLbOGh8XoK
+9Aq3QTaLJVAzR93Mav08oFVH/FszP+hoec44YAOHZnyq0sbUzeOwi8+T2A75BHYV
+QZRYxb2PNU0J52IjTygI0RRFiY4/0qZF2t3OMJJt8+Vhk0oVQ357YpqrNZBam+iW
+AXjis54A65AsZYwP8oqi0yYhrmqIYUcJYm4fFbW2gB/QAzUu0tifgqQCE+xruBc0
+cYj7BJUJy2i4Sv6paN0/vvj5U5GnyGEBCsIOBsThOsVKRdeyOZZX988AtjUWR+Xr
+4qty4xwpd/AcJFadTILLMLujigIoeW72qvlkl8DxgJi7mJc9C+0yLvMsRQNFAlAK
+NBYyDUm6wE+BrjA1nTmTYYQJxVuGdo7ESUQx836jMnptXIPpuuPQCyHi+T691msU
+IjrEq1Dn6VT3oMnNLuT/Lfq2QRatrSDWAPPjfp9hDH5FvbqyJD+GoVc5r8M2/MF4
+WV/vhSiaQpwZD1ZgG/XNRhutHb1LSGIGPYbQFbDqZ+1tpa3UXzU1zPJDAirumFZs
+/CsyXmpnXJgdgd5E1CxqCq3yfYpz8a/YgRlGNMDtf9cMQI6qLhiKDarVpdlhhVjI
+lbHINMEakBsgO3+L2CyJRhpDYvoq+BuFYtTL01hcHeoBDGTLQF4eM571FE5Eoxc2
+KJwBtzUIU/tIfEBVO5qxBbK2vad+s7fz0/lLWX8mkkg9SNHuaNYImt2uoBBQVJ31
++agpG+th4eB9t5uL6h54Ivbgishld/zc7mKrzwX4cYYYWkBZZtFTBKCPF4AKzvY8
+in+tAV3EKlz5mXB1ztJ/ezbR6ALAOdyDSO9EhTdaOmpTuT6NjCtFTzF3QYwnRDMz
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem
new file mode 100644
index 0000000000..c49f2da69f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 D9 76 B0 0C BF 65 C0 63 6B 78 35 10 9A 4F 3E DF E4 75 7A 
+    friendlyName: requireExplicitPolicy2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCzxfi584eF82tOhWkMbV/3OVpGrWH1czuMyaq0z0aPeRgBRrIB
+EIvQpq+7Bn9NttfyrXjsyJOt47rtyV0yBGkEyBt/UmCehaLuEROLemMB4uzcKLLS
+fo/dcHd8MZV4MUn6ESPWny0PJADb4akSbhWS6H5LA9j6qeMc211nfgy5LBjJiqNL
+6pEdyFfiW59UjL3E180/pm5ktxiUbQAjqs39vr5TEUrcnXIGEwD1wNyia7HovdoL
+2dvSb7CbOw26Gv5EKLPKfBTBGM79JUnMFG7kWXLUAhGbosCI0bLsZO4ox7q0hy3M
+NMOkxv/4yOqu4g4lg4ldmfxj5xSV4QooFSrzAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFDap2fuqOC+g90w72YWd
+mhWjLanHMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAECMA0GCSqGSIb3DQEBCwUA
+A4IBAQAe0P0wi2luJkXyOChUK4ruG45cD6IIep+GwGXYtnsq2fAXIWe1c8XCQTyi
+1TrQBK+AiM/AREdH2ZVSA+V44zgmPIXIiVa1teBPXbuvM7GQzOaUU5Dv8SMCjRzH
+ThsV5bkvTw5V29Pk8vbIFNMzSFeWfoatv4RB0a5ahW153q4CgDOUyJoMOcRGRi9L
+xDToUwTICmz4eNcMA04n0U94wnqZiNhcLEdfyX95ZspOAs3E2YGBr/Wi0slN9+6Y
+CpdaYY6UzK9azt1q4t9p4PTfbYDxi6hPksgMEoFfUtskikrdD5dPYcG42IzCTOks
+Jx1qxicm25mJ7TuNhtQKBeQ3FeXT
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 D9 76 B0 0C BF 65 C0 63 6B 78 35 10 9A 4F 3E DF E4 75 7A 
+    friendlyName: requireExplicitPolicy2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E86F4CFC334DAFA5
+
+V9wxv4XRXhnFgR/nCrVP+HQGB2ZpnxDLDRCCi1wCGQT4HevR1zx1lhmckqN1q5SK
+en/+8HITNNLpC60zczhO2l3aAnR4WzIGn+VSPAP1kAx03DvconRyX/ZTenSs5Vti
+1CApBPJZb8+bQdbX7GEtLxVeZ7OCKPdHBYfXFVB/0jcQgUJSxhO60/YJk/q+/WO0
+gjq5geu7h+gUi1XcVN1YaHkwhDndtlDfRSoYp7ZhnfUfODqnfzapw7zEmmcXLZt7
+xii7UpeERZ5BE73mEn0yEEyLsnDVOvfokVAwu0zkTsKrJMqLZ5k2spHYSU8LJi3s
+Jw/Jfrw9GiCQm8GSqD46SsBdl9DqBjucBqhKDZv9sUUANc8a+y/e2kNINAtezwrV
+dCVaXptVYiaAfl9oJKtAiBDQRJ1Mp/4aFpguEttX847RyXjusUpQXrjtnph6byvp
+33QDP2Dgvg2juft4/qxYm2dDN9jXUxAMy0Ym0ZjG/Uv0Z9EUx0BAzF3j9u9ztAcJ
+TA4bNSvI6xA3hgoQsd9rGZQUFgP5nNAXLQUCSPaFUY1OdZUNsnzFMvQvKG22uOyd
+DhMSAlXfpaxQ8KmqX9ekgzYSBWwlCLCMHUTCAKQFybg5bFvsQQNjTkqAAgRt9lLF
+zlb5Z0+bsSjlNyHNQ2QumI4gnL29b2Ep60/tPH2hWBuiFXOnnJUfvCDrrZl+2JLi
+mVtz7qucLGiEtLdX8wXoJDKh+AgidbyhQ9H+G98sDx6GN2z6bUKZbeIIXOSoiWbY
+iOMusN8/rTjpW1p7tNMZd/NZ7iJWcVlz8HAEkxGmqZVePkZe4diWsGy4mx7WDDZG
+5XPuDHVu+4jwFBU8OFqc9qhQzox7OdCEFfNxzo8TCjJ6zLePS98esVwbKjJy8F6y
+Znm2bilT7PVNN53N6gHeV4jZ213/KxuD6r2IamqOo0itst16DSvGxZ+nf0kJzJuL
+I7c9rME0OvBr8KgFP00ad4ZIO65ss0SEJH3+qSGgMsAdWemZ592uF09GeE2/WqcK
+n/tza3e5Yckeudopu5U9Icl+wvFwC6Wy2cgrXLdb/PB/txLGqlLShGocSTtNPRJ5
+Bi/MmYET9kJoKyyKuD/vW6C71KyXRj6KpD3f8wiVQUGRU5TPkLn+8m4AwcRldM8v
+4pKw4Lr44jJum/jg1ELHzaK8vCYr2E6JSgPOWxar7+KOPqi8VnfaoTdsEhpbpcJn
+yhWQ3z3vanG0dmJ5ROVde6X93bJVPMmvFIyW05fxpUSA/7/de19UZ/HoAEkq4wik
+VRwaJ8JOgTpp2Z8W9Ma1lbPEXtaHvbA/MH/83blD7Y87BLJhxgTcMPdU2edRX/HG
+W27yIRsJ3F8YFeb8iKTmO8BKgx9vfT8MlY7aPJr2pE1FrVdT6tnj6c+BU9hogXlD
+Gg8V5wNq7baQuVsHbIlv8QRTlDf+mxajj/BJO0P/HmM6VHezcYfpXtC1ozvOZ82b
+bsbpA+5t/BWgxOXgV66GX4Nf40K2u+kIUQapdDJgG1VdB5KfLKzu3GAlJBbdXK2o
+YQR+srJaV3OSpcEeam5JJ3ydZcZt21IqO3J8tPF9EnOcrA4pHfIn8Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem
new file mode 100644
index 0000000000..e0a2b37a9e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 50 09 24 5A 39 5F AF 37 8A E1 C8 59 95 20 B7 99 FA 59 1A 2F 
+    friendlyName: requireExplicitPolicy2 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSIwIAYDVQQDExlyZXF1aXJlRXhwbGljaXRQb2xpY3kyIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ByQjiOjxE+oZnilZmG+qagOo289Fp+X
+R9raC3r0WvOV/DiAIO2m+PMkq71mXXR3jc/gIL8QqIzS75W0XToccyVOnY6uQSlN
+avFElfBmhxMnYNC/kcP/cpne4iABELM3csuIRUz06nFXTsSkQSHa9sfc3jin75dB
+5JFHF+WzVBbZLa0mUMweVJ0g6ukWYoyEqrRSME19jw3X+VKkQxqOBR4BEiKLLVHZ
+0DWzomRmvC/YOa6QxlHGlXO6myPBCVt6xqpzBNsBLhjKb9aTsxgRir8Wyo46FGpi
+OBGfB8ebefFEQuwx/Y3TLZEUyaAvd7MO85ftuvp8weAVUIw0Ks+d2wIDAQABo3ww
+ejAfBgNVHSMEGDAWgBQ2qdn7qjgvoPdMO9mFnZoVoy2pxzAdBgNVHQ4EFgQU76va
+2OGAMadDFu7Edg2v7G3yYKEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAM
+H2gKVmtNkx9bL0dvtkEPs+89dAzNW36hrK3NTIIDfe1JjA/u5W2mMHORYJIDgvWS
+viva+NsPYDNsLiF/okUX/B+d+zUYBweRDG2t1QQzQGuwArb/y07eKTm2VZfHuvR8
+UJhP/BeqW8ftZ4NU2P1nGwvTRaENGvih7aPxJWZAyqlcQrE0Je0iFM8V3tJfC9DH
+9xRDUTADrgsaWMajbEea+cFAhcY7E4YuZM94DKEvXIVjIMM5ifOGm9ySnf5LAsVd
+3ER6jg90zfW1wjqC68nPWpHOfglWoJ7QzCxp6IqGkVE3tFoVIJKz8d34bKBoyh9R
+xPdQHkHs3XLydaxFC8kf
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 50 09 24 5A 39 5F AF 37 8A E1 C8 59 95 20 B7 99 FA 59 1A 2F 
+    friendlyName: requireExplicitPolicy2 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5F6F0A015308F197
+
+R+0cQyPBxUuYCKNFCmE/mdgtm8g2QoIr2dFN5WwmwjVkmrL5IG9BLMzedJ21/O5/
+KiMwKshJ3o39CmU0KSC7rMgmrCB1jV0CYz04i9/j4Zn9o3cvZxgILOLEvRY25JUB
+Ak/lcb1hWTuBP0Jlpq33KYjupkR6Ss13kgOc893SFFWJPRvMjyjulwzY+wC+fsHW
+OrK1SeMioG9SpxQayF8Y3o3KitoBfomozW1PTGZn+xtoFvIUSpToiPu7/3rKdAMc
+OmNjbAaPOmEyhJmPvwTb1SIP5UHrNwkzeN/WknZWUjPbGonvsu49dlvLwWhvsRM+
+rEadTY8XTxMQ123QJMmd8CkYzyvAbkTTySDrlH+7px0rxZ359e5FqBqMG1KtfWXo
+HshiEf3ok1DxDdTdbTyfKxc/7DpFjmC83+3aL7Yba1PwgNvpeJCEmGkSaNN/mBlV
+0K+zBva/l25ftLpdm4FJbU5heB3l8Js11sxhiik9XKQUrLEdVQznG8a8t+yaZpHI
+XHqia2c3GsFcilESXgcKhRunyuutzRh6VASgLO82u3oaMhdPXqAuUHO9ZjNTlS5i
+IQJJBU4QmhB8rtu4lsSgB9Y1OhK7Ijza+fvJJ6/KMcBP19IMuK7uhMtdk+1q0qRW
+HAhCx5iiVB3JKikPOzQHeJFbdIa+0YOBVWh+ttxpQZD34KZxIdqJe5NOQPuVRZyn
+HBN8U2ibEsbKgI62a1nI6hOC/OFOsxiXqc2BO+p4ySw1KO4hoGNupvYMe3lmVSki
+ki1pDo5esrf+XzXYQeAQ047Ml6wnzddmeG24FMoOhZsVKhpKezds3Jclf1LbemS8
+hR8b92HL6UncI7NmSIOFV/HlVTxjxAP9ZdEGImUoDTuF5eT0V6Wf0uMqVGPdiFLH
+NJ8929bAaFL2m4rbkkjjEPZPotvjsSYj6T41m4VwFqhwIHbKCVWf2Zxd4/pTjVAD
+xSsrfQnNVvfn+Prixkn8qZmLNeK6CS0fkBVSYikHm+m4eqOeWXsMw5KTHsUW3XVq
+R9pbFpQXKqxFjCsToQFMKdYjRAFxsQ2JHs99dyeB4GstmAsDgOY+QCViRgT3IQEJ
+jgbRTr7DuDPbBa6nkGuEsSV5D0MSG1DehbT0GrCL4UrrE3B6BJKB3uLTEpg4i+1M
+g2et4bSkuzCgT31IRpm9iNGhjqWospJJ7o7DYsRD/b49vax3J3Mv7CsdWWnrSt4m
+AQbWmZg6TJkG0yJ2dt3AFdY4stAiL4MKRBMsVETTI2cyIuNMZlo9zX4T/yv6xFeR
+rzqddvh7NY6AQQcqn1aRSA3OJqs6cD+CV07QJEjoi9g3XQ9f1gkGMivdTz5I470U
+LW8R9LR9dbeCYuTHHGweKvecz5+Tj9EOXXOw2uRedZrbxgh6jA68PGzzP3E3ZgZT
+XiLtOSwa9xSWCDE39OUX1DJ9RqBjW6Q0SxZ53fYhvAiWGin2U3WZZyqh8kH+Ef+0
+KU9/YcQ2EpexC0wXe41CUVSugVf1vwlz6RJtWjL9+f/V2TH/v5K9NtgVn3BPiEB0
+z+xeDbM+yGS0Z9X1AuTdDgFw2R2L2iq2S+DgImr+eruI+stbSIJONQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..fec9b57fa7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 30 5D 56 DB 11 7A D6 A5 0F F5 EB 7B 4E DA 45 A6 4C C7 57 B9 
+    friendlyName: requireExplicitPolicy2 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kyIHN1YkNBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnzSUphT/R8NNpeCrM75XZbe
+zrzFry7FcZWWHSFkNKZPyzKJiHyA4uWR2tIz4HaoNR31abyitlqnK8raWcRobhY/
+v1YcatsWBl84DXeUijt7Lo8FsgFYgJtXdQMTTZM09lrY3YA1daUUxjEVWxogoFVK
+mfAz1lLiAlMEeyzWCGpKS/RGY3f0AKZNLFFqcaK7bvWOcg8MJezmWGd++937utjZ
+tQDLzQ6m4I9pkrOQgwyIL0BTetwyLG3wMZRP7nhU4p4BRoSDfMiVQ8Q+wWKWIl1+
+EvRdNnM9L8TJYtBYvFDxPNIHlqi2OKi8burXeGaHD8MkuQ3/XvaCCoFLz465LQID
+AQABo3wwejAfBgNVHSMEGDAWgBQgd/5MMI3is1Edj7D3HH8dg5gORzAdBgNVHQ4E
+FgQUSQpnYVZHjdJZl68iZjBRd1Cq3KIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQB0287v2B91j3aqGz6VvjWX9dV1aXfrJ/agTXML2eCFfDpdZHSJBfF1eEWp
+EyRV5B4drAJJUOFQk2A576yH2wY26c2CatdTtepyvfiNa9j5KlxF0eJDuU7RjIpS
+X9aV0yLZVWj+zDxNZcWnTZiw5UmEURQWm1UvNe4n/DZqP+Pl90VhHmQujpDNRzsb
+zKmGbTwGtJ1T9oEIsP++cRW+cp3MXY+31gYghwsEgIL974tnuHSSL/NTM1lEu6VF
+A/45TkZKj1ZlQPYZmG1AoT1JeAoXoWDEoqYpXNZoQAD5fveEtunwPb3Ndy9GRvuV
+r2lfVmqh7AmOZMnyQvkxHohQ3cY3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 30 5D 56 DB 11 7A D6 A5 0F F5 EB 7B 4E DA 45 A6 4C C7 57 B9 
+    friendlyName: requireExplicitPolicy2 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9583C403C5D25EFD
+
+EREj7CrK6SseZexovZgTkHUnzLQSOpZDOFjRjEpWDDHiyVUM/qimEuynGfTKWJHA
+EfcKL8nYgOeaIbGijpyf/B4DDPxiKSiizgqLLLpxxNN+uFfLixDmRkAw8wI480MM
+kZWYLgFdBAl1DOzrUVu2IfGpNnt/mX+je+Ku7iYpK5rNwuZnISr0rAHW/PNu+YOS
+wPrRb5l/eZ4E18cx+UhLBjnMq4qbFAEFXz3PEchTswPCeC/tyojmFo84Y9/zCRxa
+NRfgTmIsehRy25/L3bmlaES6z4ijIbXDfiv4dLIFN1tMGY/0b9HLS6RCyZcKHCA0
+DHqY3RySA5JJCXdrD+jKBYv5sfiqUg/26VtpbXUlluZltBeDKGx2/vmf5oHow1cg
+QgazwqAINUKVLeuLEslShbJCHWnnNnbBpSwG2sOaZYx4v6GiJR8WhMW4CM/oiEye
+Z7DF92bAEvNtOIGsn8TzoSBRZecsPverv72i8eVq0HWYJ0kLR9VNqCuqOuHQL87Z
+e6SlNBf7LqiN2dQeszSWKOb5szPwk3U4nzo5X1vAt+v3ebQV9uFyQ4uTNSGe5hno
+0vn8LXbaFOLakBDUmMNdCqhyWFq7vioApSI6TDCToNgByaf4v/biljb/l+L6af7u
+MU3CVc8De43gpM9G/g1czfNDG1glXLYhXjfNmuXnPsBDWvjq1XEBIAsjbq8hyHk9
+AQNej5fRipr0hRbojxc2AO0dGNdZ9jtzsYI6MeIAaSsE6I6jP/7tNYTpjCAtfnGL
+BH1AZseIpID0D97ZCbZK+p14a8LyhW8ncoYgB6zWrVP30mJ2Vbn+ACUCRRgAKQ3w
+t0u9suM0CuJeYnUKhyIGZVXzuxgafDdXn4j6gscyz+JVlxjbuRD49xX2Ser3DKex
+D2xcH9UG2gLxZKWPsuSuXTbIh54dWEYpNBauamKKXhE6vKCwzn6Kr11lQwbmnpmB
+1ZV4McCg9NVg+5kQEL0iVdYX42KivG6PZxlyVm6dAmcPG/QgZzBA+ujQpJ6QnSR2
+oP6URm6GE4NKqf9tbV69tY4mrmnemwCS2sugNe4ZFM3O7FwiMnWG0XcKYwIHKdjx
+iLLCboJo6gObaDLEqU73PSalhzcjzxRjG8p0vDwLNfX7nUy6rqzqxzMxhkksv7tH
+d+4O3R70DxBpHGJnHnRyRfOKoKr2Rvm3gCNizRr5TP+zbnJ13nZrVcTg4V6K0jhC
+BSnlwcpKgHwnvnKBnPYOsBNBSWKrID2yPMercwtnwGvpWQutCpg+TXlmeXZY9iON
+W05GHDuSekNpiI033MYdXVP6WvH56mdQ35B2FemcDiBevmsQkfwT3r1BF3fWx3/h
+0sddZe/mDm7Z/HZF5QLe5iqg49hRH2Z2MypjDMdjb//o7VqbcvFuwS0VL+s3m4Vd
+lV/iUWiBXheIMLkavxBRk5I80C/DZzKc6prYPXE0GW0bNLnAbTxAd8zPd1k9xF9q
+iLn9LZ/o7b0U7+HjzB/vs2SwAstYWsD48S53XixyJXUwfwOtb5ozct8sFt1L/G2W
+jAiQjrCDiwmxGHiiEU97A/tFn1x/u/bpE7Z+5ThE35r9qN0js5HNKw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem
new file mode 100644
index 0000000000..a1e3a855d4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EC 05 DA CE C4 05 55 DA 18 AF ED 65 5B AD 27 AD F3 70 32 48 
+    friendlyName: requireExplicitPolicy2 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kyIHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi+sFt/pVAsHLB0tfOfQJAKTDdVo
+krxRAE9Ykhw2mJympAhm/yEB/Yokq/oDim+KjRlJ9LQpem0qOjCTM+ApZ4ClsvcC
+apqvHDKpU2kBXlLyAFPRz0WaKGUlvNUheBkiQOJEUMulXF4VtsNFZloCc5fTKLOK
+62UIdnPMWPEsU0/T6Wp03yT4mKF4mV7cxcBRDwYOhb73wCwP9sE/5DshU4uaX0vr
+Zv7MKr5DLkq+TxCDrOGi4nRdplw1TOog46OIc7XuE2nd/Oez4tgbE44tACRfvdZz
+oQToxX6mw09d50dlIy7Sg+5U8U1M3T74tQ91LPH9WUQ3qfR/0BGVXMOAXQIDAQAB
+o3wwejAfBgNVHSMEGDAWgBTvq9rY4YAxp0MW7sR2Da/sbfJgoTAdBgNVHQ4EFgQU
+IHf+TDCN4rNRHY+w9xx/HYOYDkcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQCqda8jpBRM00PZxYoWbSe1nLb62jNqZ1D2b/wMEKgBqueQhV/AsqCsqSKoGpKy
+9J1ZYcUfRH941kdMAf9zRq/jtuECva0ZkblFq33mx3a+5/7PNesOU9YglAtEL0lJ
+mXtpzaO3tPO4gyODSU2eWdjBgbmndDugp/m/t51SdcR8fhiRkaLIERnybXt4S/FH
+7CdzrJjoLGmVZzigQa1de/6MIyumAXxJfxPmlqxomS+uDzGys+CGMVJf/hJnZJ4m
+QH1THJUNfJFyx2VvNqQqj6bllO79tcWwAIwizPr46qO7ZmwRAVs2HhQgEQn9uIti
+fR/NRcbd6E2c2L+TYxNYfZ9r
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC 05 DA CE C4 05 55 DA 18 AF ED 65 5B AD 27 AD F3 70 32 48 
+    friendlyName: requireExplicitPolicy2 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1130C927FC646156
+
+XqOtLmXfDRiiFtiBAzARvlaAekMHrJTlP+xc/AhfhYcnvfF4SC3fhVH0L7XKWojM
+NOxsPM02iSFHL6mB9uP4QuWjuSvlMnfXyN3REcvo4XyFEhsqwaiAfR3dGQP7f+cK
+vBKC7ZG2MxIB8oekMmW0j5nuthru1W1PeqMSiGY5OMx/FT8JA8GOZop0+PZM3IgH
+aUpScMbAocXHRRjXFyhGPWLQ9eQlOucaF+QRXS6ULRej38Jxfo97dxQiQPQ2ZjYQ
+NL1XMwA50fQOo6UTHFSNNcnP3tr70hyIUtzXCHiIyLPhUxp93v3dYYgUgZCgZgfk
+NcM8xdI3NPsACYstUa9Mezp6cfpsr6yYS/7Pwvo8F9Rf1yHiTRiMjQDfEQgNatl5
+xm2lSiiLaVdGRAv7Gwt4Ie2R5X50cUJfnNL4ILWgPCVEMQGMLp8FTiBEIgngMY32
++VOfCV0f+ObQTOQDyvVr7R4zk9PMg+N1I9d7JqGWjEJpghpelXstPWkDzwqADI/9
+V4UUQf5e6oBuVTxlANgHU5lRJzgNyr9lAc0FQrGFm+3bGMQKHUWXHUcx/BpYpLYB
+99YhlZz2nUyuHxOOikHJN/1FpPx7Gz1REAAtDItjjKqrrDKE7Q03srN3w14BuIFf
+uTv6uO7sGzNpUPNrTUt7OBaRFColXu1d4HPNG0Js14uB3zttiUumt1ENC8OHC8JL
+O6+shmmKQkzRTiIq0r3gf9GL+MyHAb+fMiphiZKBai/OyT14ACy6wUD2fsKciP5a
+mscAYUVBp8w1ZR4dSDfEkAhlQmHWGzD/KtN3ZrqqzOGmThkg/Spoou7PtaWhROI9
+mxk7R5JJ18LvDoTsttzmPQf62t3BPR05ZBb0YtSG50vvDVqPyg9vM+Z77CvjO2ux
+pC2QhAxWLrjuX3I5V52Pp83ZDi18XU7FDlmRYzNTyADrk2fXlD//IT3xhTyXnxKg
+UgP7JqJemHR1rc+aB27bmDq/NmpOX+J/C1WfSaxTS8OgN5RXSFGqoNyFLZLEFooJ
+Er99nQma8rAbVNfFQdoJ1XVJNlyZNczGpYeB8OqShNvu3xkSKW6LgaB335fSKeq1
+W83us0s43j37HrcwDgCgZgTvEoJb2l/Y8fp7lLFxDMbUIPSKTRCeshhzGq0abN59
+iPRtzZk3MmIC3gJoEhPwlstA3hsWCrkZ+lAgNCMONW5eWOpiRV9pWU813u+B10b7
+7XSwIdAwCa3jVcSm67KlaRvYT9DMfEMvA865+piw7S96yrcibfuBg9LhSAThvNkX
+TBpBwqLmNiPW1oxYDTGBpAcX7Vf6ddbF6MXAkQaxdls4LaU9C315MYCfg3eBG3P4
+poU4hO1ID1821jm5Br4f/rD8n7bhMDak87cicVj5aEaSpSQJl1Tgn1EUcxuyxLRA
+XArZCO/StfNYWfkfoFx5p8sJatVYJd7DepYfnxfscjzgvLPe+3+d4o6dHDgGjCoC
+aGGea+4EG5WTpFCTf1MyAtCIp0uJXuM82M2ngKoTzKI/GfpEHlvhIRRNGSZ2aD1q
+hrEb68K4WIUNAwirrSi4lD9VV58HRzWkRTiumlCOl/nObKnHKKxkGg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem
new file mode 100644
index 0000000000..205fccc01b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 76 13 15 FE 85 60 E8 F3 40 70 45 EE 9F 1B D3 30 EE AE D0 B6 
+    friendlyName: requireExplicitPolicy4 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDa+CVdJxQ/ByNBR6ZlsIM3/EsZlaS2iCQA2SxIP6w0Tc+v/+Ug
+BcDBblSufESFEfbhmqzWITxUx4mourvl8nTWSvcUBXZITg/+9RKUNUAVvzCEEY6L
+Yk1bCGInOwFe1QRA6q9bGfufN6mwbvwAYML1I6Cp9El/zpNWO5F3XTaIpJ6hWyXo
+/FZ09MLMHhrAZKi5diInbH6pm8PYPtbAxA1GqjFmFQkp/idJ11sz0yL3Owbt3NRC
+UwvYXdwGnpBkuXuDUEx6ImGT66AI9gSgVqXm1+hc78sElrlFR7JTNaaeulEAcIrO
+XaijURKvc95snwvOI6Fcm3rMPq++hBB/P8uvAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFM3R3MzUMWMHLF02sQ+N
+nnW+S15jMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEEMA0GCSqGSIb3DQEBCwUA
+A4IBAQAZdX7f0d/4NVR4jF1aslqeBmT4OLiV8GNLZjho/mBmhHqP97LU2aRMaAgs
+xwbdMyffJY5yEGe/x+LEOD/+j1Zf5FOqwKXO3AesQqcrOVf94oAxc9qkMnbU5T3Y
+S8DFSbvUqcPncCQ09UmdL+kcFg4t42WYige5MybEf6rI8bYaQuCn3R/Bj9QyKtvI
+UOKYgJZS3aIEnwnU46I6Fi6c48r0KsFswpq1XLs2g9qnGYAQ0QTy3bZRoJHGUEWm
+q3IlUK4FjgTfMWhicKyfm9HHc5mlM1TCLLAndyzhI7NSOS4SfRGUiSgrGydwkC9s
+4MNoiNImgrIYopZynkesWA5z8HPy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 13 15 FE 85 60 E8 F3 40 70 45 EE 9F 1B D3 30 EE AE D0 B6 
+    friendlyName: requireExplicitPolicy4 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C15598C80817A5F
+
+NpAhMhqmAOIWvRGz2mYGfKhdfOFuVqXgkySM4ZqcgB2OqmWm6JrWtZck4xAeATHj
+h2zxjtFKP4cMtNN/nVR3vFhZmNjUl0rvG3FJHgj7tl2RIKM8SlzLzu8zqO6/pViy
+n/qPBR4aLI0zJGfGy3JEvBhlFFFCE1tFnGBMJ88gEH2L/YxTwM2UVoYmhMpvDLb9
+c1NluB64jzipvAAQqiN+kIcMf8wizkHeomOCqRXnlcxnjvkg1121ShQrNaSYMLDv
+BRiXEJGu0PjuUO7F1zse3YDQQV4D72tcse3PCIyno/WEzbbtWzKvkfUSqSiv+Iu7
+ixeCjkP4zVa88k0dK8NwtqykyP19HYmX+e5hZpRT/reAv+1F49NcA8fhpCpfBje/
+7f+VyRdDKJBjy+OirubY0qUtrrelDLm+AAAsv8d1GUcmxKXOwb7Jua4UoS/L4Ke9
+LUTQpLm2NVrTSwmu3FGsJn8vI2fDtNXcecjXrPLzJzb1kZjkpCbOeYt9JkVCKDpS
+VKLexAd26B3PHVZZEOnxO+uSiUW+WbTx/RNSXB0AmUnMlMfCZeE+S6utLawi5eZ1
+uxMQ3T0cTuVajpX0d4bGbp68XaAJEd4Nf5vFyR1H8lLQX+Yu4KUKHG9EVxLFdOK9
+ivJQocoUDN2M2y9HkYe8hhEwHHYkNTw9/SfvCCaTQdhTt8gA3IhvtSsOQkdS4eYw
+dW3gqeIPIPlto+J61ytQCXRXc8AdUibQttBRLuHZ96T3sy8/6H+gCtAMvsRgnOgz
+Zs5XeryV/Ytvicpg8L4KwV4tQh6nqGdr+NlvgICU76I89Hb3O9T/cuSdxrclUEM2
+G1ZOIBENj/N1CKxy4VorUJk7VKz8NPimX+/8q+BIz+I7c+GQQGh5tXRXpSBp9TeZ
+erWCMMyiT7vEkhhD55UHqyM1ixHbGTgWJ4lW2X8Do7hhAkl6/HRF9/VnjGp4V4yP
+N/qHw5V6FvQuiXnfD6nj+QbdjcE2WiShELa97qlgcEC3X8d6OAkOhDxI3hKrg8EW
+s943TTEZ0nig82W0BQQZHyN8vm6JXT3wr3aiyyRAHHxsBftsVl3rnHK1lGPHr8du
+r95hDIKZVBSpCoYLXmESKhZLtSRo4c8LwHIPOS5rpqylCU2K1tODTAeZiu2bORr9
+430oyeaXepYO2KyMxopc4PUnGbJPFVagwzAIFw9myCKspEWqajgK5kzAwSwZnRGZ
+P4S+vTRuPdnDLFfjDI0hgcFrmRvY6eziE0gZSCTpVzxejkhTskxbJ5mj//v7zU5f
+pLPId7bF1MzG8PiKJD+24SWB3+fNxKXiydrFwg/tE9cGnz1zfnPl8vtuZrzs3icW
+q79e35TAMjCaO+ESabG6jO+ij3flbAL/8Sfe4WnwOSEGA1qaMWvxg/BZy/beq9tv
+XhMEPZ41Mf7YEQ05znBzmQbfAweahZvVDOgX2g2Fdaeh3XN67rUdbTY3my8IM9u5
+klEpRpIlezBI4hr+Dz9pbCAjdhge/2TlGwEFgDW6GhYsVuxIAxqW9Pa6tMyrDSMP
+Squ9KjE5fwCB3SWAZ3fT/aHBS5bRqSvmBxVRQ9R0jbwtze3arZQlXsti4uEI6QdC
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem
new file mode 100644
index 0000000000..c2b269e675
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4E 1F 7B 4B BA AE 8B 49 80 2C 39 93 E1 8F 5B AF 2D 62 FF 72 
+    friendlyName: requireExplicitPolicy4 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjxAmVGJK/Tf1KXchcBFfOGvTNaC
+PIrRtPoMudTQVaWVULbVkDlQlNs7U0HIhB5ojybvUweKYpmqMExSMVei4/KJwiYO
+kvtLLlKL35LF0+lgv33qbmlhhE7GDg6XGc1edcu+Lfnn53F2/bpldSSwv040roH7
+82NN5xqk8hP2iyChsb9eKFJolXo1opl/J7123xcUEgOQ1DEDTe1EKRGpcwguMk9w
+OWz5X3fkZ7fd0WccqjaxX/e6mkNhTnnjHil7N/33FSOpO8gWeLBdy3hbidPWuBVj
+Z6zQ3R4M308V8my5PpPjhkLuPoU6hRgqPXEQZa5CZTXWCnEvAGYmJsV4ewIDAQAB
+o3wwejAfBgNVHSMEGDAWgBTN0dzM1DFjByxdNrEPjZ51vkteYzAdBgNVHQ4EFgQU
+fe8OlBe79qeX5tgiSENIrLPuuo0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQBo1F5VotF+zBRk3lISLB+TwDbHkOnTeZP1CANWsThk/l5sx48F8cdhp4oqyzKc
+aP/SjDt8a46clnd+jHN+WpaQComRwFNZFjytb4HRciU2QgC9ic4+L/xMG95pOQk2
+ZAdzpa7SF5Nf8aR07Th3Z6gfSrMsN3KRurRTMWozjLaGXiOrrKEKARVf/AbytnKG
+SVjB06e95i4k4/ge9lGKGPH1VajbpyZ96ujzVk3AB/hAY6q93nlOiSNATWa1HV6m
+j29A6upj7f5E+SVd86Ms9TRT63Br/a6595avK+At2T57FaiuSHoPC+hMfq8hkLfQ
+a3itQvRuWRzIOtSe6ei7vY7Q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4E 1F 7B 4B BA AE 8B 49 80 2C 39 93 E1 8F 5B AF 2D 62 FF 72 
+    friendlyName: requireExplicitPolicy4 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,441A86E99DA66C24
+
+3DOENkQtTbWRVz0EvGti2L5itNsvLfjAHh0FVmh7w24U+QHFre1aIagAGa3ciN1+
+yUgTyvtYRZ9haynn+o2vPLLD2I67PNDHpdODhOEP6+PN6PhN8oCy64ENyr8wEukf
+vBKOFLWKoe/3Dg1aR0po1dtbCFTZ2QajMfac8D+VJdkpXNS/5SOlkDFHVe9HKXXt
+t51zqKrIUHEsaUtq9dPjlddSQ7KWoPQhhhiMeRmP4u3mxPOs/287nQawKtFRdOcd
+mH+CuPTEnaCMcEQU/xBXEt4jpVk8mpuA9o8xs3aq2K47EqRiQ1ZYNfqVkIkxcFDz
+1rhtSuHobTo3vjn+poduD/e0kKBv+SBvUxS8s3Kr12+5P1Ye+Z5FtODxERxQDml5
+e9/IbtX/YRWZLqBpWwx6VNrvumXOC0YMf8lnCPSOegh2R2mhLXlMMVcYIbZplB+Q
+581eClEcNEurPEXgsK8NVtgfRsIBOxvZsE7xBpvnFP3MkuLpuUaHIHAoKrrlXxJE
+Th5AbnI4Ql7+ElRmtk0UTWp7aeH2y+4c50g7Pd4E7eKMxjg68bW+02WWxo1I9kEc
+6ZXgZPmZqKe/2pTmiFTSbCLIa1xiOXvpo4/abNi3o5QegdJadQ1v+GBIZ/cn+cIV
+gDiLpvKn8WzMQ5qircV7ZxPs76fZ8ABP55iNLkKolczemKG9ZuTJ4/uPiNfis82J
+geMdvEUPSd9atxb3pLb3UgU3ugCr46v/7lS4qpHpDwe9NVQbiHSG7sEttvnsjbb6
+r6J54tb7IbbErin8nqwjBTGq0YH02iFBUGViobE7m/F2aFhaQe6DsNXC661lkuda
+G1EG4zOEbFICnyAIXC7fkRakWIO5pzEjI+ycEciCGb2WDWYX4amjJBuoM+0lEVRt
+hcc0zIigiUiKpqQvn98WtiolKqhsLzny3qx/+jMF20Hf9cDXwSDA6y+MNzq961C9
+ivBuLHTIYM7c+qZQRbH6FZfG4qmqu4/ezl1eEFmyJ2rRZYFKJaC/zWYOb0o7K4Mn
+EfzmUsgLgrZ1NRLDyvdEkVdUtoR2Gbc/tUN44M25c0EzkHwWZ7DelSYlgvOcG2vP
+p2mvmp4F9Pdj4q4pdylGrf0cMIKPSVzaenk5dOeAQvADN2zfs9lPW7ilGTe/Cj8g
+b6g/88A2KDl/M2N3Zyre/IYkd3n4KHNMto9vJa1DHMKd8Mm6QaQohuWrCGPe/tMr
+nNivL6F48dZeVspGfUS07005Gl9T6OEmcysYpOGvRPSNNWjz7t2jr1xmfmvaP5xo
+zX8Hu0n6QmJswj8Z9B4Ziu1k4CEhK9rzHT5b4pdYs2vatB9dwM6WeF9uLQkdrrHt
++sJ1YY4nZVLGrxgWkyayNrqRwX5m1WHSQnFIoEy0vcFHOU6O+awtgVGNGAy3G1dK
+7jJTAEGZL4wnTDD/TujFbBxQlR7wP/wG6fGzNLpioXlvuYtgNvYFJjZnk4Ra+zUT
+it5GeAEZFPq75wILOf4kPw5ZUyYDfpqGZwc02OIDm5l/Y6dY/XNmc3MW8fjvZBEk
+ydvxuIPdLSifOFrp2wptM2ylb+qAiWXTT/SJErwlQoH/ioEloZdG5erkes9gjWxf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem
new file mode 100644
index 0000000000..2c73cf5845
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 12 49 30 42 4B 01 FF B3 CB E8 D7 13 77 9B 35 75 9B DD E4 63 
+    friendlyName: requireExplicitPolicy4 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAym9lfJRPXHcjzvJ5Yn3L
+WJQBzdL3kReoVmfz0fUk92PgyUtnYRyQZhOA4M3yd2/gui4ZSN/OdmhrCCmIzxE7
+lqjxZk9wSZhdrNCC1dJRuZ8b/nu4Mu/zKUyj4OtbvsB2kxHLgDDVvD610+rqgpRX
+INlRP03qpClgCRku72wF/cuxMYqtW8Ev5KJB5SV6PTCMe3IWkHb0H9Lc3Ux/fVgG
+HW91o6bUrLbrqLkECrlz0l2pZ7DOuZgVQA2YRovfkajqmHJRzJpDa2dqgtXmIugL
+lMdyeLG+Tv2mefGxnCotgiJoFJRg0rcooSt8sWYDOvyaFTZY/EIh4QbT+5i3bg78
+JwIDAQABo3wwejAfBgNVHSMEGDAWgBR97w6UF7v2p5fm2CJIQ0iss+66jTAdBgNV
+HQ4EFgQUqerm056wCZev5/4eLhAyoRBnTIYwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQCqlr/tZaeY+Dfdr/JgHFg18fXEloYEoGqI8wbh5Uft00CMiLHIzQGl
+sfDKHup2ZXSTC9IIbEHIw7ZVdztkvHEuuPBSny9GQv4KaB0adliyVaa3q8oYmqBJ
+lgBoNi9Jz236otqmfuIuB/hjogNOnJJMzn+HYYgGdIWKiJj4pJ8CSesb/yx17Vf7
+XgnyPxMeD9IZeoPfdGn/7tBM4Mp8TgnEFlaOujydYEj04+EjO9wQ5jompT+Z4xlJ
+X5/mFZ1qhkxNzG2i4+aaRW13RW52bOzn29mYVBQ0YA8KIsWPZKqbTFDG9jEmdHZN
+as/9IXJP7bOcwuGUljRq8n9O/M11poPx
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 12 49 30 42 4B 01 FF B3 CB E8 D7 13 77 9B 35 75 9B DD E4 63 
+    friendlyName: requireExplicitPolicy4 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,97027569E6B790BD
+
+Bq+FJaPlWoIvgpF9FW8QuzakNqq7a6RN4MNuGrH18o0kF4ZCx4kDaWnb9ipdwGYc
+R/nq6JpfJoOApizstVbizEax4XO0tAXiVtcLF5t0oCpXM0d36Z7RYuaCsl1am+MM
+eH/wvc052q6w3hembPUrjRXjSsXg2WLlObiand85Ej4VMro1es1Som5ZYpKNfmqB
+oBHcaLu/OsKu0bbQUdB1xCt8D3PyaMvkrYsHhyUvZwZY0xveQ2iu/QD43clI6xWI
+wXR1PnNswoEEyeyg8b0IewcWOwlwicTijJDvg4HWXaVrNQbkipu/H6BDiBvVYD/+
+9E7+vX4O8NDlw8KensBBPkcquIJSgKntiZW7BUaChCPi9EarHqXx0xV+6FTdzEVI
+35OGJLGPpQuXRqoldgBIG4aq9VckX9FX9qIJ31UibLxqqiNUrw5CPY5MrXalVF4n
+Yn2jpoi+OfIZhyuq23yAXF0br3d9nRsmEyo+8RdyravS8O13JIC+LlHSsRWfTYCi
+JKVWRJdpFtyiz79IpjYihZydMp10YWKH1HzqFsBXH6GZnK8LDtl/tdaHehrEZ73T
+1xiF3xgiMiobcHneavULTMqcCN3PJnVPyikVUO1esr7QSgM5DzwboX1ZlXTkEto/
+wE2XyeoUH2ASAouc/13v1q+7VzMYCvEGs5I/tZo6zH1YXh8nhpQzEBNpik0tnbub
+SGRmg4OVs/JyRXpXCW0ssklgGzn8iZOxxH8L/MO49q8i0ldtGN80i0UM1H5zgSTh
+nJmHCOf81gbZ+W9imu3fiDeNlIjp4XNRg87og/tR2ayOQv0C+j9GIcettK+oIjQC
+4BTRwLZ90+eqnpNUwMVilVqfmlXziqzeu5R0JUMG5bxg9SEjWA4nKa/7c5L9vXL/
+oSIWjc1xYR3TYT7hOg66RUYXsY1kM5jci0qoJc4doavOZlsxO9M25a1GcNuydqXd
+D7I3fxd6mqXvjhCrNFayMTjueTY0MP5ofqHEhqjBfjbE/jAyLj4u7zZGcK4o5BD0
+ML5VuEhnEQZeQBGH3HupNNj3RxXscVgPbqxpQ4o/c4NBRSpsZGFcKEwVREdvSeQM
+2MaEzuIkXOwv411Z1XlMoPetcvVxJS/JM2qqo85TVi4ysT9zKp/oj2mapZI+Ub/C
+B6l10Pjfg/eJExdqQiJoGK3imaim7hmQ0fLP7D9EM9e2pA1pltKTUBygltrOR4ju
+u5jHhwE3AINBfqeeKXCzyFWIH6j84a+51FhTVbHOe4KDoWZ0NdrcqNwHAQ5J1JvI
+ngDjBP16mVC5DsRBTJakywmAscfmWDvtiIXEzRv+ECB5MbX2fIaOhT9Is5HMkdM5
+NcurxeEmrENZaqfOGJRvsKu8UkAyATTA6TPUadlWgr/k37LffqBaUCfmAzlme+aE
+I4E5e50aWRzDdLY2de59aDTKVEGPh0IExSC8yIPVkkS39AwIzh4wrF7PNsBPvIh9
+W2RjUT0vjeKz3ZTMK6/zN7mVYbJbRUkE44qcxcxzqywnDfxybSxL93YFa25BXpPf
+/3IiBBCJOaRhK8IPodjWFqYvgDc+zGnIKdHN2ghJsXJa4iDpJt7vUA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem
new file mode 100644
index 0000000000..c550e7b521
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 60 B7 89 A6 42 4A 53 8A 9A 48 EB 64 61 75 5A E3 F8 A9 C3 C6 
+    friendlyName: requireExplicitPolicy4 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QXTxL+owEKq
+PE3XYLeNLP6gbjf+741GuoCI9gb39kj0UpkLpXi1lrJ7gupEhUX7E9eo7HCCJ8ox
+xuxAa/SgsU3DMLy4pEo1H4PuuhItPyqBzJxmj2urreCjMmU1WI3HiAjIIW1wrj19
+Po50djXz6fMFhOZhohpg5EPK6XP8KqjEkKQS+bcXM49z/LtTQabfZTOYiwtZn7fc
+dUjyGtLSCM+jnYqRgFRLjlDJw5SnVDc6X32DdskN53VPZDwEZEZZ+48gFr7kbj2A
+TZ9Z32MGBt2iLEWCsxuZ5cntdFlECaCtgUiyibp5FpjJv+WyXsudJrDMP5ef0duP
+tLn2sVw0awIDAQABo3wwejAfBgNVHSMEGDAWgBSp6ubTnrAJl6/n/h4uEDKhEGdM
+hjAdBgNVHQ4EFgQUFLvRJvSegTyLDhLP2XsVsizcoyEwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQB4TRzPo/4HW8xacmWqsKY1hsa0yI99p9BoMHCdomXGM1Cf
+6lU+wBWpRbwS2Vldrk6CqHpSUQ0iw1q/+WB4dc3qpTL46HzxhpahZ6t34fWUFB6g
+04fL2oaRc8MNj0+dYG9FXo3X9ViBPJAP1A9o2XbuvBGAFjIIIL6TUxp66wfKv3c3
+DxF6IThaOB0Xi/eHNGwKnyYAvdoJvx382YwOJP+0vADzr1a2kcCJdqh5fmYbyKUW
+a57SRGJU2eAmHcoZbF4d6ypMuT6J/wzDyJ+0bB6AAugoffI/bsTcBbQwLaYMXbPz
+Dhd0Xl7qLcwA8aVcrK2oBmacpLhjThEizNRm7y0s
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 B7 89 A6 42 4A 53 8A 9A 48 EB 64 61 75 5A E3 F8 A9 C3 C6 
+    friendlyName: requireExplicitPolicy4 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,315A515BD08456D9
+
+vRPKQr7EMWKvcFnl6KxRsQ3CX70buoRNpRxqnMmKucStq/cB0XJV3ECd81C5bIuR
+d80Pt0aL7b2vFzfRI9F2chU28l7Vazb0DGvdObiIII6RZ88oachBgu/bvoaxnp7a
+SBDf2uQyC/dTb31hDBwWDHTKcMVzUeBmfAwUvbV+pgrspcF5mCl3Lxo8QjkD7pcL
+h9GrQIizDmdfjzVlBG80lpBy4Km1K6F2CfrwnsLJRnthn2Eu0BlBrfnvgcp8FayU
+ThiLrGwh/dYiA1KQ+Z+YeuQdSx/Y6VbEFVENSBINfFKHkfshGvAMhHPo/9LqNOKX
+n8GNm4kexNoLW5H2g1zdUrJiROBWsja5Cn04Huxs4qlS5w+f1XD+GlyC5yxIEz7A
+H6WGhr2lh/dSXWFdf20FMzsPPCis7WXzf9H9gFnCmBuUC+WNOAQBNQgyuvJvqT5H
+ets4FchES3/L//5rXTJIdfZVKYukDzQ1HJmRfwXAML3gbiLZ1iWlFrbJ9BbTWen2
+ePhcsA/SAJd9V23lELjNNvGF+EFGX4ZOXutpCSnL1kQHu22qvuk3v4/gCMxsFhhU
+7rY1UnYMNarRIy+xFMGZFy1MLZVa0Hp4oTh52QWX1SJFeqO/nPafDxVgWRy03FNp
+3G4eu+zlNCR/TvasfjvN/OS/+Tj/d0DszkXU+Ts4Y4bG23s2tB16zFheuGc4NZFq
+u9V7h5xJjnsV6QG5Q6yFKIEFuQPTejtuA5S4R34Qb9AnWNwOnSW70+edcBtuu+um
+FT0Sd756TzcjNu9MducD9wH/85K66JvVtAlk1K4+lwgrLefh58W0P6wBxRCqZYgk
+y91a25Qbm0CNK75HD9Mzyobh/qKtI6G1ndalDkV/Ywt97NOpM11w1glTaDndxKzI
+2ztnDilVNuU3XNqvyQy5LR8i9MY9LXMvykrX/OBaBUMDcZgvl2IUoLInp72Q0UXj
+sEN7mYJUHo1oHtn23PTHyxkxvBeM6YXK2/MS+XwFtYMy/q9Aa1G7tnI+rzg0l2V9
+kSo0uYcY10ouVtJ/K4aXieXHBZAsIMvaWAJcUyPuiu4HOLlOGV5ts2T1TfLJtae6
+A6TRr88tz2NSNxY56gmGRFsA03Ohsur4c4oIULGAqlXVxdJOQ9bK5j1AsptBIgma
+QTEcEa8bU/92PFLrvJJR395QJUNWHPftJv5qRUNZKfAxFztnOeES2CIIg3XKaGFB
+6Xl5fblxAG1rxyempFXsMG2hqPLGLDDYdhQl9+VeMw/60rktW0xAq3Npj9RGLyF9
+PxWs+8u0KleoPwOJ2RHW1DH5L4pdctxJjWbgZbmKGs90IFVJgo3Uq21BG3wJrDG2
+174ao+cRB49X14E1EOvn8hP0g40issb5RtSGXQc72EMEGBHSoXEIv2Yr+F2kPNoa
+KY2aPjx+7IexAVrzzFxQf+kJdEact2M5WvAUJS+MOqFy7AMrh370R/nbXLvQPhi+
+qRpkrDrPsbumucq2KL3KgHJiCkN/aidtxXsHIzPA94R6PZtZBYYkJn6/tLPYJCT7
+WSy1Gi3yucjVQ6bU9VdomKOdpUsSkqmEwruZCXLxJnGgXDug9SYOktrKjsgh6xCX
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem
new file mode 100644
index 0000000000..d88c3d3458
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 72 C1 9A 00 CA 10 4A 11 5E BB 32 35 93 46 DC FD 06 0D 91 2D 
+    friendlyName: requireExplicitPolicy5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDX64Yh0H261J0Gvd60y3m9dHEszgHONN7g8YYFETXH88aiScj9
+G2p07n7WfwfAh0Mziuz0j0fibq4vSjAgGbxS9G3WY0+oxJAAIo4wfIAkP8BTG94A
+qU1vFvGtl+Njol97tA3gxaaryyxwzzGIucLSCpH1pJwrVSuvh9FxxfCi8FMJ2P1E
+cQHZoXTXuZQCzmY/uKODbDN2uDzokbG1eIitBuAx0936wxKzz6Yjd6IaVnR94AJR
+gyL+QDk5Qly1I5blX99HL9svBtNRmUgeNZxMjnLfuXBkIKnSqrj9yJnKisQR0ci7
+ZxDtbJ3FEXfuDo9vehdmevDyAmG/qWJ63MkFAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLuRg6uurt5c2ODykDxc
++p8u4TloMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEFMA0GCSqGSIb3DQEBCwUA
+A4IBAQB4lgz3iN00AQ0XVL/Erti7xs7ENs/mzyiw3GLJgLVXpmVIgJe1hVSFNuEU
+QV5WpTfTn+pxLW2ydjkj/mkbgyoVGpAMZlGYGgN2WzE2vcDBJVOlayZK95245k9p
+ZZhdRhraZtaOS12+T3k+JVCxqGrKgLbVwl7Njs/WkXv01ApW0zzNi31sgnxHBNH4
+i/uB0OYmf47PwuUAv3DJQbVZhetCgbZ5xZ0cSCqh6IKjvAJw//A3/r01kurrYVdP
+aXRe6FAlZdZ+gWeWofmS1kL770TveBE34vKyFI6CIz2nC8gbEmisNmelNJz77/Tm
+v33K8gJxQbwn+0htOdqICEIfMz7p
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 72 C1 9A 00 CA 10 4A 11 5E BB 32 35 93 46 DC FD 06 0D 91 2D 
+    friendlyName: requireExplicitPolicy5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A16FBB865455B80
+
+3tq2f75lU9TDEotyu0EMMvOmSPwb3vh70ZmqjMsfbXTfVovU3Bdz6IvTy1prmfKj
+moQ1akOTCg/hhxXf6XN+4Ik7rG9KJrH+40AfbGBCE01MHHaDplbepCp/iWq8Lo/j
+PlsJgoEmS5x/WUfae20Rh89WCCk2MFK4q4rEkimwo3sywuqsVuW/OEsAr5S/XVFO
+bJs8sUoOR89jl69wp0ZS7gI7G0kzYGpgi7UDPG5yziAfZLM8+vya2QTXFBK0QXDB
+SmPSRI2xlPE6L612YfXAADFQ/FQQfyB5FySzyCTVv3tFv+YMPrH7pEB5ZJdVQSIk
+fZSf13f9kXA0Nr4iESTW6BzdSeF7QzjPHOGtE7tye5YfPgV429BlU2iJgGzjmD+O
+E7j3987Ds0IuIcMbyMxbKZuSIa9E85G6NRZvBmUzhG9JxXz417/bBA4ULSyHzXUh
+j+hIvpIM9hX5MT00kaUcYpy+3W9ENw38ydK+Qy1AxQFHwoPDnBOaGkt44F1PXEPE
+RVFZAqRxtP6NNP961lDy5CHSh5WzO/PtMIxVYqHL+/OqpqBbz84Y5gPET6XMRhPc
+h8tCiMv6aoWiO2sWxzHMLx7sLx6nnNTBHSSKfJGkIyfiCUZKAayz8q/OAgYKZnI9
+dnQjC/PkXsqspamFkjsXClSjGuntQbQ4UpnKS8bxBIJG2b0qwu2rTVlqvXNLbyZg
+5tcJDJHazc1IycFZPYNr0IttDfKxFgyHZhdEQS+l6svlOTrj44NXrJWl0RuavoaC
++Gs3uffcsbflwd9w9cxeHSuYBNhO2LLIk9cBf0DAlM5pUNqJysFy8tCGSjqSHwIo
+oPRjltHsOUy8sGPQl84SU/Rd26ANbpWHox/y+3ZuUpm620BVmuGbS4c+PT2F15K2
+xZr3POVB4Trt3zPYeY6NQRiXnqcYzzOj0Br1XWwb34P/O9toyAh8CM46pjE3Blaj
+UvGxINMRy2YjJ6X+1i2DOeKUZZWILk1MPVYli7u8WNzQV8CJYHxH1s+Zg/L10sAf
+y7fMQ4a9V1FRY1xLM7H3JwchrZivzI9IZIhcybG948BLSN45nBFH4SskK38KKW1j
+qj2r1feNLcI04OyhAU2OxGIPkooszQfKZyu20u+OJY7YaqMKwQ33BjkIjBMq7YL5
+1wA+pRjGqr3jEzVhWbCQdhnhk5YQkL2FAG0SGfMh2XzVHj0Nt9OKEI/a4Ufrq85D
+ssR4Q3VyRAvw/0bhnEsBLqeEieXB17EkuNB43g2kanjwRWDYA2dBu1YDeQ5svvJQ
+fpId9pzXY5Zg+5upmRW+uRwtLRIdHkjdHGJUYzyceligAiXPHk/lWykiV+/yf93c
+PecHKjBVdDuPJROaZmazkag5amv1PP6/0MYpmVdwfMfSuHieToY2/csEpkkN1qX9
+xVFtL+2VZw36GLugmCY2uah8SYS94E5BbeBOqRbMsrgyT1sA3fGLgH8kF9b/B3E+
+G8caclyITJV/1Bu7y7ZpM6Se0RpJjl2EMBvriUhz9XjrxVnUcYSVFz9w6GIeE+z6
+fil5fwP716grZagpEa6Aby2AniEoezd40crCPkcaaD3T+6XrgaOxahsZJ/BQoCM/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem
new file mode 100644
index 0000000000..eadabaf0e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A0 0E 9B 7F 7D 52 91 00 EA B2 0F CB 6A 42 50 0B 6B 0E 30 A0 
+    friendlyName: requireExplicitPolicy5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yRFiPxcDa4VcjEIMjPxx2RaYWn2
+HDOXqGxX6L5+pD8PLaXGLExhaTdwWNy+/yDaUUHij4pdFl/SQsmwtpEvfBD1vXis
+2MZIsIGy4DWYqni8J6H2M7ofoafKyS4J5xkBh/Z9eBH85BmlPfJBSVVrR4zjlDQ1
+B74tQTVWvznfpaZQomyr4Z4pzITkLANvEGvunIXckuIerkxjsjx0XzXt4W7h5aIt
+b9Ow3W5wDh3qRwWgPgA9JkUQR+F5ZAZaqeZESGe72rTPir748IOqRKaoZPPh3IpH
+IZLbh3hdAknoGNUg39s1EzAG6CR6S4rOFYqJIBmpnreR0AIm7XmziOwu7QIDAQAB
+o3wwejAfBgNVHSMEGDAWgBS7kYOrrq7eXNjg8pA8XPqfLuE5aDAdBgNVHQ4EFgQU
+N9O/3txQx6/IiuiSsMRIYfA6BAEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQDGFqeMi0qNekHCj90wnNUgVkw3kwGyufgAbqV4VvFswdL8UwRZ+FAD32d4Hvqc
+UYvrjN5TeoL3zW8p7czvq2bB8gDVgxxGT41v+OXd0uT+T34kArsJbi1nxA8GiZ9n
+xU+XLWNp3up5wZB92F2I9J1W6psSxdPH4aBNrW/mgpckhimz5gWAOHIXiU2pB9R7
+JsnRJ0VxcAtCXRWqeHqgcpeDl5cA0ImOVupvLOiF4o7JJ/+KfAlMD11Wvp8dcebi
+S+1+mH9eod7daIN/fB39tMi+aTELILUvN8rmOz1COjN+lyVpZCbmSCo8wncNcT0B
+NEdgddMknERZ9SRajlmnbyTv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A0 0E 9B 7F 7D 52 91 00 EA B2 0F CB 6A 42 50 0B 6B 0E 30 A0 
+    friendlyName: requireExplicitPolicy5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4386478E7A1A6DF0
+
+w8wdVsuYUFkdjd3NS19wckCjlmHS4FtkNbzN8g54ryAPmjtE65HMDb7bIWV97L2A
+iYlIUIAjKQBb1Bya6cqzOkNUNWtxzvWEjlzM0m4ErAW1rCLTZmqguuqk4Hf0N1yl
+veR8mqfHk9EN/LN+j+68N2oXz5E7kcdiylkwGKImbNaZCGLJPiK+SWK/akBkl7HA
+QblxnSpuxSJ2iAr8Y/nYfplPOJBGM7APYjh3aCD0YcNyO6t1F5BDHP1DXsKmdkRJ
+y7PpMMy+qYIk+4XosI/TSl1ikTuQvU1cnAfyQgrYiKAyFXO6M3e5dzBVuq/dz9MQ
+CDQCvHM70D8QB7GrUdj7XsHQwPGWUGN1kFpUyHmwlqAxArX/sOode1DJnX/qOFTt
+rltOQ7bAJIly2EvMGmiSie2Xhm0sBeatu+jyPZ+HfFRi6CwO4mkL5cjzXX2esfFU
+/LXmXNcCNxby4jpqlJRdhwN2dpLueqj4md1y7UM/pPTH7sXz3cKM5lDkVRpRuqm3
+zPN3ttgJ2R3hzjbASdzk2HECSmhTCbwjw4qUFEM2O6XOmVLvwtsHB7u3IFYQE6S7
+5F9K9tBiyU/J6FMncJERJOtfkT7fZa1LUUSJWUqAYGY8KONsWs7tE6LZ6CX6dxjq
+oXr/B64pMHnEPGhk/44bK5qDv1zi4r2vP3YOyV/owN3hEZNCUU9PRK21MIBXs1hb
++XynsWhRWUU8W1CF60fyWl4ZNvmJTocdKsPNOIM/KDUfzfFRFF9FgyPi9BsuxB1L
+2VRLcwhPVm9+SfDOarPgu4Uhfb7MdqH1cIitrUve4EHZHBZbQzwfuOhiMa8ADStU
+uaijfAVczRjp9ZOJIK295Rc191SzNifbaFsIrDIKG+z3B8JVmgM3jVZR4ypZXYe+
+znvMNSOTCDKvnHUztUXX6/ZSY3fBYQZrBhblQ8Y8wT15vFs/M7+Bqv1v5YNT+rit
+nd9wZvyx+6fIdAPd/ejpBNzdDLSuLRBs79CIpLxOtxUn2WBtN/FsQPIqLUNdYWJZ
+vNgJvpFJx1aMlEzV8OIjt8acWDSdcy/nAVGuLX9Pw3BP9wuyIfo6c0RcYMWKBI4h
+ANIrEFEg7FVhxzNJOuJWrJEM772gpPp+SOdvDMd5czWpyx9ENozb1KpRiL+9oqKf
+IoSOHEfGzcrpFSY/RhkqGgaNVVcurDtHjAJmxiYxOCqW9jj//54HlQKNkJBN1y/w
+1ZCBPPGF0jDagJduq/4QnCRPAfQwowPd5DrKLnNphyQAd76115WLQxjRyk0IA58+
+i+6Cg676+kuwAJNmafijoho0cx2Q8jq6H0jFKJHX8aijQp8htE84YwnJKPWGz9kz
+go2LOkRzQ4YtVBAGJPFbAm59PKMBAMoqPXcUVFX7fcYiuikUOzksMLSfA1OMQuad
+385aOMHWLRZYu0GhBoxffzJo5nXWiYJuK+FO47ArP25bC8bx2Qp6nhgCtc9hXHlB
+WOvJO4RdFzOivlHCs4jcsNpK9l10D3INCGTFVLFokV53S3QtEGqCrwBoEJwiE9zd
+8kvwplXC1h1zgGlqZ2bzu0/ttMaZjJrfI+AyWi50viVJIaTbHKkn1F7m4WF9fC2T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem
new file mode 100644
index 0000000000..6446c7c306
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 F5 E6 7A C7 14 1F EC 35 0F 9E 6D 11 C4 79 E0 67 E7 CB 2C 
+    friendlyName: requireExplicitPolicy5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5osj0pPsQd7VtPH2r3xk
+y+cCCrZpVCpWv79iVHsYL+FvNRoJcoAp4YRn5TVxL0tcaQ9GVUEG+mh8JPyr222D
+PGnPiPKTNYyurrIouh70B1C6uCdQ5tYQiE9HS7WEvu9mPti4qVWcIurhfKHsvYAu
+qzY+4UNrno9Qz9kjr4tYr+RXxHcby2TLXlvEKzgG79XmtvDW70tfiQhkQBEHSw04
+j+dnUlhPRBtyYrXoAkDETKYK+CIso8/0PyDlZNqu8fJib6P1UVlCnsQ556r7cY4L
+bjU4T49L36Y24wb6/5gKFBQxhvt9gsGUtNM6IUPtSh8MbiRXgHXmZFf/1niMiVXW
+VQIDAQABo3wwejAfBgNVHSMEGDAWgBQ307/e3FDHr8iK6JKwxEhh8DoEATAdBgNV
+HQ4EFgQU+IIvef+0fggC21uvMp3kNWG1bBswDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQA3toFMuFLrY/uxv2tTf2qtmCp5JJPfPdZYDmGVMEYlRJqX4IUSq4Ua
+/YxDTGvdP74edOEmxgi4cDDY6Y1l0lgPT5qZ4J/uXhuVAull3UPnZYe+TIFf+VEA
+ZKoC3JOf8A8+gFE+/0Fso7eLvI7C3YlL8BIQjWkfVylfXcf6wTk136XlMv9tKt23
+lrVqqs3WHBu7jBHYw6+hUF8iv+1DRbLD3zVmrr3MJb2+Cm32DFvxujt6vAVuo0wP
+bYUV3vF0QIGBgGbUmB4inAgmHYSiUmYzvkg7g8MF2pAthk20eK9lvLPo7PS468l2
+kguCoyCmqySucoSul6rNQ/qiDhOu9ucf
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 F5 E6 7A C7 14 1F EC 35 0F 9E 6D 11 C4 79 E0 67 E7 CB 2C 
+    friendlyName: requireExplicitPolicy5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C03C65F9F917F617
+
+BhZR+T0kYvoZX7Vc6PetT5t9L+RQuJhBBIBR8DNT1nLfR9kO8QewffwyLukoUaPP
+PQzf2BS+V9k0NHHDq8j68uLg7S89+hgwULvRsmAFIgjWAHDwheF7chbbjY/BQzjW
+S1SH9zcJ9TnvlCrfROFxGuRCuiVsr6WIVQ27r6U0egm9FcIh1pR2NEtVG0vFahch
+UIAgNW/0hS2Jp0XfTtGrmduQCPGlVtp13XcR6mM1MVl3j2nczRtjnR7xZFwnEO4J
+J1QvXcyL15Y+MmUuUSLTylWMH8oijZvf0iN6mlhYcG2LiKt1c3PMHziaRlwQuyhM
+lj+iT7ujeGfDgsslklCKRjlWtC5a+5Wb5FM0NAeg7gCzC8eUUwULv9N75IzNJ5CU
+fc9tQ0aZh0BI0BeqPiCm6llxAgtPzEPSunx5atvPm3zG+2V71ic3MdGSKExutPqn
+jLzTdchCXff5lVcq/GeV8P8z3d0YUHQwZk4bpPkJlalHf+85TV0Ta/pdBNPng4b6
+MmLVdhVz2I3nurmt3Ogq7r36fqDoZxA9F3eacCePu52xtcQEizK322HJ9H/gP9zM
+qr25/idjWnrMJ+UP+BI44/AsXa9ohQ6Uv2+nenfsn2Eqyneb3nEHe67AED8dj/Lr
+lKdjV2Tz26Goe6aGuJueybGzSy6v1nt03vpHQmnQituCcZOQHiKYXDu5xfTQA29S
++G5BFjRCtlK/YWUredYe2rJRA3xPMAoFYZHB2VF+8rkDA9VyFCJ5yJVPaqtD/5gl
+Dk0OQ9dUEkuNQcs0PlmMc9ioB5jGjedgmfKxOt82RVhrui2qR888hrilpG+hTqBF
+YwcUqXBAmuJF8uOHTSYq5OUOGJwXpjjnpKDAHNFzC+MROTqqMb2azY4Nbgts3b1p
+xaXEIhBkZGlxwJBPrgQA0LBTDUL15s4bVBchwzvLxCQzoGlRrrR1AoV1VjLV95XO
+L8ADI9pShQuMbLj8LlK8X9edhgqzz41GgICXFodOlhbRs7kO6uHgPRwfIE8jEtgW
+B0sxXp0jUwgou8X3OOUcRw1T1oIbYemPLPRYR2lEE5OF0k8Auep3HUVOKcXBj1Sg
+AC9kUhoAtToU8l+MyrLGTVvC3sZzLUGJXl34PJ4SeKdddZGu3TmoOwZxk3u4jAT4
+dmz/bR/airM8W/zt2pkfBvRuA9Gfmi6+FzvatKSF8TlpxfuH3lcq9fLMZnJwvhMv
+kYFP25oWIZYQ9zcCUtjXKVdNRmc99cG4y6htXthVZayLfqDEg7I2MeS9s+JLIYtt
+uzzQRerb2O8sGcYPJxpprNLlU/WGH6ia0qhycB7vop62OyL/DhGiX4nA58bTyS5V
+GSzMAN1AUapVZVG0Ew2nhUlV45kN8iINKJl3o0PE7bcdBw3uyiOei0E6PLesu9ps
+G/bzx+5by8J+RppS2ZmEGFhBQNi2Ck41Rgf4W0dOdQMCy3m5euiq5v54XLaE4r0M
++vR3WSrMEgqo+8kTa8Jp8V+cru5s6meMc5v0M7OXG5iFy7aGgsomUlgUqeic3M8s
+0OLyeR7Q/NKfDrR8fOfd9t40SjPGbZIYjikT22gVa7WRXJsXqzICB2gX8b5qvx/+
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem
new file mode 100644
index 0000000000..fb8f1310a8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 61 DC 13 73 F6 5F 7B DB 78 16 A5 9C 55 36 83 A9 75 58 01 C9 
+    friendlyName: requireExplicitPolicy5 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTf1ewQJZhIh
+4PmJ+VD3TwcCt2e4mPpSH4n3WMFIhLPk4cLQr67l4TjzZChg5ok1rhb8RrOXjf6L
+bL21MMx9nppk2WFfysWeYCz0qvuYH0UAUi2xze716rwNDotvndDSV9bykKjGOws4
+PTDvwBNKdIcPwqFxPdbqtGOSVNxOMwvQ0HIjIekLxizD549oZnT0SX7YX7aeagCb
+DJQ2U8MPbUltLSdyu/efhftZcE9PwhG9ubvu1Vo8J9kJkzN1BxXW7Ea9OLvYl9Ce
+157zMYPTgetX3HBUUyrKmhoymSOoSeq9rRBZaORbO2Xhaf8txOk6yQuBatNMfdNv
+R9umR8B+MwIDAQABo3wwejAfBgNVHSMEGDAWgBT4gi95/7R+CALbW68yneQ1YbVs
+GzAdBgNVHQ4EFgQU+mK6vX5eX98fuge+H3k3gtz8EygwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQCPwnR8ERgKeZGYVBAdVSA3u8LTaxB1TTGBFNoTM2IzFMI5
+xxmGkXSBnQUPLiGNAOSYuiz4TqzSZYkQvOYQVCowClplOKfi7jZfIBsU+EJOaX6u
+ofcsrBmdY3hkA3MohlkWTwJY6J9O4OloQqBKwdFDTGnbeCk+ec8NVpBR2He9Nn97
+XT3XrmDvRJUYH4Fi5mM27HIIo434Ncjm27KkEy8t4Ks+SXSMHBOtS4BgKivdgSBM
+TWJbYv8vHbWBnQhFGbz6WD9yenm5ho4ejZFcIYGq9fJugU7j1NNo1CB7KIfCZW/E
+Xog1n/lLdDgziJj3sYx6l2zR95MtzcdRRKlnyE3j
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 DC 13 73 F6 5F 7B DB 78 16 A5 9C 55 36 83 A9 75 58 01 C9 
+    friendlyName: requireExplicitPolicy5 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DA968D2A17EE20BF
+
+D0KUSvUxhPDCKA4G4wCv6FeOhZkwjMrxzYFpszxFEAlst7NmouwjIN3OPfHmt0IV
+G9e8/urZwBffHkHTVT/VYDur2dGoq5UF0/qbAcBq62p0RsSkyIOcGBf9TZfO6aRR
+VtVYdt1wyBTxLOLoqZxH2oP6KilW2dI8+Ca1DCQRJ1taeISCyvwIOG3eKf+DvNmp
+c5/jc+gq/lVQxGBLoeJrttJ6mydwmjOeMzG2f6OOpTwWladjkZaIdoFFnOGPk4Ms
+jyWtDa5GFhIOAqBqtg38Uy719NEZKDDuJXC1IXFwPBRg7+gXY27GLgAdqgw5yunG
+Jsl/zPYkxUFECVaQ/ZbHbw1DzVTMUqRuwPrFMeSu4/ejHefLNbNdH56e4coovolw
+vE/92QRYa3VDILfNpLYMFeLW2LwmM5AtUNAfnc0MJetpbtWaqDR8gkZ6RXQMLUlg
+t9js5ByTtYnjVK4jEdYWDTKlZEfK3wzhet5jSxJ0vpN4N4xoQtedeEyUvLTf9WX3
+O7p55GM4hlt+9istCVR8b1MGrEYD/89y8cG0Vw7+RYet3THk4yukiffkmL0ymsWp
+EAnXiDtJf4dCVUe9j0DL7Vr3blk4oefrkgaEb0V3TiptJQDKtZqOGwOtEozcxMkX
+x8ep5Sx7xBVCOSqX0bo+5J8MbSib1UmMC9d4ifi/BN4PuJSQ548nSPzlXQDaxKl/
+QoJakS0ZrVyzz9YNQ+LCorAx7V9JqqjhDDYIAZF66lGB1AYy5gMTGmpw/hM2Bzsy
+DUt61k30JTnWS4KeWCES+w/BawXVlk/1EK0D7iWVjnqd9NZBtdjKrHLxm8o84QFK
+Z2xkJ6o8hunJ5JaF8wuSmacCb4757W92vt0Qoo9ShTYAIAq3Oj1LCF4zNl0lQOzl
+yCX+3uv7B/VU66S7HAd9JgyiGXBgNCyFVCP3TerpOZjX1ErhkYlE46NAWzhTyYed
+E99Oka4lN5yJuq7uTiZR2dh18HkseQMmj1mnXYEIQSrDmKDmJI3Yfim3XFmj6sZC
+3i754W+LJLkBEqUSxLtRix/FWR+N5/MkQtTl7VP/Q6tPOj1MYhpV6I/v7glwKQjh
+hbkVPA+BdkVbiDWO856JPXmOAyXns2ZYbhZD3JPGrXP0+dLB59Qz4fYr7aO6cHm/
+jJOFOMkccee18HVyvJp2JUy9ji/VneV3Co40mjAfQcrFfb/4nBgKhaX8igZCpFtj
+q61bpizO560T8++zdAwUY6jdvdF6XT+t7dLHF4NB37RsfwfBxTSNQucJDrcysYxD
+svZn54Bhm0ictsuKMvXNj3hzfUWDlhI7kN/bInbeml3Q+wEwvcUvLjA8bWsS8W7G
+rmBnqj37zelEDUPf3ir3U321nOfNxNoyGTvuRbIlstno7kARlq42hnOaSVHOpynX
+/u1cxQhj8aChKf67nF2dVORVjNduTq+wy+dpT3nEp+CFtOrHpRKm6s41g6Fgkg0d
+9Ssanah1cxfEB3u1eUGQ1/fOiv7EJYTHNP84ukKlbHGMC9MU5hjD14zfrl2cs1Lz
+4E6CUePJvHXC2AF6aqfereUuzPyNFZG7crpMZqvv8QEL+817TPHCCg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem
new file mode 100644
index 0000000000..fbc3e78c67
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E3 D0 9E DA 0A 42 63 D5 D0 EE D9 43 E9 1B 60 4B F0 4C B4 C4 
+    friendlyName: requireExplicitPolicy7 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCpVKpHFxYwg5kq0aETF4qFIYC1k132i1tnGPJFaE8s4vgtocrS
+wVS8gZ+IUAcAobfNjTFJqLkg+Dir5O+DrUmbd6+DIrw0EJL/O57bC94jTI01Cl6w
+O1sVnY9ni5yFDZGQiE9iMBaJQ3UBrGMSu3pT4lgV0FzEet70qnE2T8irAWid+7+W
+9cK/RatZKF7F/QjgfYO1giZs0S0bFt+j4jK7ZQPbYbnLR93hZziy0di4qnr9U2vs
+ekYlvwNcsjL7H1SqtCo6bwxL7jXn0GTpZz2O5Pv7J5xe69nW+9uULcCmYgASUJ2u
+exqWd2b15Eb/6qnnoPYPojIwmyuCjG6hVhj3AgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGwxlwE1IN7bNeUKaVhZ
+iGTMIc5KMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEHMA0GCSqGSIb3DQEBCwUA
+A4IBAQB0FCmLk1xVqT7ECIhn+PfIXXQ312OWKRKqZurBCs8fMa8zq67GVBFi2HEo
++TwXaN0u3G5q3esDk+20ontt7cxaTx416Lnd1i+6+daK3ieIbvsX2yE/f6zxmRwg
+J4B5UTFm9yrhJHHn8JSyNKNFe33fFHWcUM0MuRfRNK5O7tawg6HlILr/hbPvO0Ls
+FbbJZyAzCHBqL0x9GS7pyFNJub3Y6BjYMLIvUNKbSaciw/rYLWEuV1uVyD3mC++4
+a2MeiCdQfFDki/xaHElme7qkiQeEDaUXCjCQ5m2Bhl3SMo5g/8SVDs1l/012UfsH
+uT4wf2kqJcmh8a5OSvuczLgsCqFm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E3 D0 9E DA 0A 42 63 D5 D0 EE D9 43 E9 1B 60 4B F0 4C B4 C4 
+    friendlyName: requireExplicitPolicy7 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8DCB8DA039F9C4A8
+
+5gssmzUJAH5iKUaEWRw5pmlzaGZcN8Y3QLoTNDmiylmnRI5djN+PTc7R4vULMK0u
+9apffAlkJYqJPaAHeBcn6KkhJs/GYzT8GKn6tvMIKdLoC44Rs5YLz97wy6QGwnqK
+ws9rg6m9qvOHi2VQjVD9c+fox/9loZBaNBXF81XyvPeQ/rghSNrQTM7OXEeL1bto
+7EKBeX9CR7Q5X/DGq3+JGLpX4sFXdZBuIko7jli8eXGfl3nms1P9O62Wm/1bW28y
+f8Ku4MHm4a5yQg+foK3lKiuYQOCleyGu/0KC8f7h00jv7vGKRQKD2/vtBMbCCDmR
+tXKU6dE29q9gZxCsw/EUOJWDk4wsn3UOV9OMBwTa0zd7JtDDiLUyMyo05u8rSzHL
+FdVQr2URgCHZpoWdLx6Fiyw9OY5LKyuGunlC5PJBuzHKzCTgBTArfvpckoJRx5Ly
+fXhpL5I3wiURk6han4kiezf0oih9quxwK1hxy3jESuH8dpOXzzrH0uMbnn/BL7Rp
+hqgbuyFYluRHcLcaz0q3pzrkp/FFzDUXhqx8om7pny85U/U7JFU+kYAWWKb0LA+z
+or60GZ7YRl/P5cxkC4x18w9ltpbmweggKZmtc9oqTz9DvtTPjDhHvNYubdqJ8uZt
+NBqxLPciXzBZDfaw0zFCzZgShbqPQfTtUHSZ7ab6v/V5eFCzajGqQ9YE1MsMGZQX
+fIOt2XtllXuBkbMhwtYDNIo2quKpD63rhlXcmH+XBuMJdCa965lYaB4BxCFmpTmu
+tfF4RK/PCuuJYZIuZ0/gxH3PMQAF6agDdsT7r6eXb4IXgTJlVzb93Lt2/hR65ivg
+aliJOsyMkMZb2lbgGuGp/kZFMSdE1dpzeIDG3LiJjZ3GdFfCZA1rQ4HmppCQg/UK
+Z5j00OjagCElQnmVf3h4NDO5ipacVGBr1F0V4qegVbd76fi2i7vtCrMbK+bvrE9a
+FvzJMN7Gts+pWpHv395nk4lZYu0Uok09B6P0xe7ep777T9ckJCzg8KCkDPNCkgBZ
+1+WEVg9eKaPsM4tzWJ6h3cZOpuIMOqznyp/TzthKI3RqLmacEQiEr3PeAWRHemck
+0S6TvoT046ePKDdcmb5EEc4FrDsGG99+LquEzKZtumhxhB2mUHANl9YIf6iuqWpC
+eb5JJKJIz29cz1pPc3hpZ0XjQJsraqewbli0z7M4WOnDBktvGDz3x74qs+n5nOpq
+CQ1I/T6OQ6wj1h+31C4bUQfIuWH3oYQELGGNjLT4nZ5RXL4Ym2LSsSoKclYYatl8
+9wGTJFRxcotR9RK4yDfYfEwLECYgapPIrvX6NfZb0D2e78lV4/kyBi9xn93Qvr8v
+gOpEDiZOiA3legMirlfGVaVCtDu1jZ/bwPXjV89r4akjjV01IL2ysqDpHW1WvKph
+beOg2R+2OlsNas9+9b1nKWrcsvwHFsmuvD93C6BAjIc8Tn/St4DVLd4O1fRZ5b4x
+NiE96G2cJUm1lRwIQjNENV1U9BoxZji1sPDlyKKykuhkoL/c73M8bhl66foyNkWB
+TLrtUA+9pCsRt+8hpx5DtNCKWege6jzV10Iimbi53UmptUBuauqJWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem
new file mode 100644
index 0000000000..5e563a8c22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 72 F0 52 A1 91 20 D4 08 52 B6 2D 98 EF F0 34 51 2B 4C 33 
+    friendlyName: requireExplicitPolicy7 subCARE2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subCARE2
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 CA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k3IHN1YkNBUkUyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNCCh87bZLO+YSdMLvfXHSR9
+pno7RfOAsEKaiPo2ievBaYHZUI1eXBOi10V3Klm+WZ7kGRKXr3ZjCxBJ0eAbUav9
+htXPdQprkjHS6+PfehpUiZvoe8JM1SaEIk6ZJ6hZbWQ9fL7xsCy7M2t1mPnFuN2i
+23TbHRIOmkxCD9NJgDqejNCN9O3lqjr+na978Irf3ZrSK9GZ9LnopXBcg70DcTMg
+TcuCHfPuvRyciClvMAFUaUvMH8POVFa6yDriD/ArHXfc4FLTFaLMN57lah8ft0uN
++Ec1tvqnSg7mDcHN8jdyj8Tu3sjh23QHCyvlKJUjk2FwLzmaDvhn8KIS9pPVBwID
+AQABo4GOMIGLMB8GA1UdIwQYMBaAFGwxlwE1IN7bNeUKaVhZiGTMIc5KMB0GA1Ud
+DgQWBBTnXCWOfqpMd4N7w+pp1seiNOE0WTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUw
+A4ABAjANBgkqhkiG9w0BAQsFAAOCAQEAohBJ68sra6KMs8u+uyx1e8HRXv4rsIM9
+vc4H+OfqE3OxVBT/xX9QFx3QtBAKr6x0BKRZAxQwYi4bCZilSUDbuE/WF/fv21k4
+fVF4R2W9uvo8pKwizRr5/cPEq/N7tWtv1YhilcD1ET/k2RoEIUtgsOres7iQ1DLo
+O1t3u69jgi0UCEymRrzr/JPW9nLSkNYvr+M3noFfsYxeNb81l2Ma89tOdZ4dixNc
+tsYCgQ7DP6IEDdCpUxY9iEjnZHYGW84jIvGNQ+ASlx9R3WNuQm8QThxbdkAJhDLG
+PhoYnJE7zsZXFhvQGh8KWxPCN5F04yl6mEAGE09OU9fv3qOqzLlgQg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 72 F0 52 A1 91 20 D4 08 52 B6 2D 98 EF F0 34 51 2B 4C 33 
+    friendlyName: requireExplicitPolicy7 subCARE2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F19325DAABEC41E8
+
+92uaRXF4JM9Xmi4dnmlD1QuJMcjLvnIm8xAtEko1OhxzgQ6VL0gwSSr/iMPXBlai
+4+TQdxxeFdIuuqpQMLbgn5VRUDwdN6SzkOHUniprKg+y6w5y0bRewWt/X3uUGIOa
++snj54weqp4mBHG1xAA+2+gtMUvflPwdeY65oDDk1meMYQosY1hM5P9CdgAI59RC
+Hgnc7DuC9PLmaYRQiRTx9BczFmNGXgXfMS5p0rRHD6S/U1S+T1IgRZ6nTo7rt1b4
+JqJefEGntINg4nAClAkf1HtBRVU0diZeJr7DbPfqesLtjSDJRBujd8E07W7DQkZ3
+ZcYOqcchArUpvW6zZsu4hdQbe/jdn8GqIZsdhVL2/Gx0q7VJvtkE6yzlq0/LqBj3
+bJ/0zqG4Kplbkt2p6Sc+QrzjtLU+qOtC0fvSPJF4L2Vjoxw0MNPR9Xa+BgC9T7oY
+2VH8NYnAKpUe5Jqnr1tGi+9IxXs5kBKIi2IdOzfAgiG9BwdMi/PMkk2ciyvGqxaZ
+w1lrGyKWI1hHUWPz6dnEUIoJdTyykqAgVtiMzy6bn0lUID0Y/bOySjz1D5sTBUd4
+sW/MHiu6rX108EDv2Aeu+vOGWWzIehu6t0CWLu35C2AsXnCF+Eswyz18hL7PGo55
+NmO60l8GcWW/ToKyPqaD9O5sOt8KO6yPnOWC3JMFzac44xfAHOD5YXJaW57y0QsT
+59wGEsSnYUEROmRgTGPHfjVpqiQTS6BWcaI8a0SRZedGl4sSLv9np9iTP7KeC6hc
+hhNnnZj2RHK2miYbn0RX6ent/F1k32F5Fqk4vVIBeECaiesh5O+K965H5ai0eGzg
+E5kj3j7J7vi+42eJeib8eKMtvrwl/FUeH6H6g9rTWfeuCHoj1s8khxDGHKBeek53
+cTS+uKdeE1MagCJMYWINu3DKGDHBqqjKZUW9SdqmpXag+xUlG5Jr/Ka1mQJZw6Zq
+Al6tczN3uKzEtEd+yKCAvdxco+kwzcM6mlfIgmidlb0Yzm9kYPhNGCYjr7+daeUm
+fzkBmTsVOsRUqBiZf6NCI944cFsXw04r6i3zXVmv8qtYLaWN3kc3FvjxPne3AGeO
+E2fHK8HFHBvtaChebJ1SoW2gIlxY7goRJdLz9Cq2LoYt/eMNZhlCv7ma/vG1/Ri6
+WdLo/rO8Sw45b2yblskNzVJM9Qkk1IYhPLa4rT+l/DYDpxteAiU9SaruXRdNT6An
+/xipbwF75qscet72Z3c0QA0wGZC7kEz8zCVqtVHSlj9LTyZPWcEIjbQ2ExYYffIo
+jrkBXk3w8ip4aX6iPti5RTIk0CdTQLxbizL/UWtqv58LzChwh5Ee5jPh4CUkkRGm
+feWL6E1dOTpSAbG/tcPczfDg/TQWpsvPi58IwXHIYhTeEDOmuhJBTwtZTfxcRYDg
+AfYH0lAdtF+pYITwueyZyGKFYUQs6qocX9tLcLl+LL4XvJcXibYjytCE1lqJewCT
+f2IfCzfv3h6QxwDKLs/vgjT1tceU6S1Awu6gS7agHekhU44yfF4+LUT8uVE9nFp4
+VUnVMnoe2x/Ps0skruwXaBusvPkZCUQDmzIJFV3NlnxVZ8vHbFkWeQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem
new file mode 100644
index 0000000000..107aa9cf80
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E2 B0 02 FB 6C B9 1C 13 89 78 2F 51 A9 ED 16 BE A4 B3 6A 0E 
+    friendlyName: requireExplicitPolicy7 subsubCARE2RE4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubCARE2RE4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subCARE2
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJDQVJFMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMF4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMS4wLAYDVQQDEyVyZXF1aXJlRXhwbGljaXRQb2xpY3k3IHN1YnN1
+YkNBUkUyUkU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKLzquG1
+Wxpg7dOJrrPXsuwroWJcJ9q4XcofFyo8PWBu3Yt4H4H8rEtQATDnOcorYd93IcJx
+ycuxyZwa+PQEGZOBZYAtxyicombbYGR70wJ1Njxsa1oHKe7wFGd6YdMB1xbFjNqx
+w1umyI4zvGR8WpfA0sEUilIF/sZCcErVTk7fDNi/KT3BLyyDmQ8sHFhQqxL9i9FA
+tHLHaZ4zyH0HgXGgUEqblgw+wsWWRQVP5AW12UaALGLn4ZijThUihW5H4Khx7pcv
+Xq8oZsLjbWa8wR1NNfeZxyd5qAyEYKf69/53vKjDlcDCaZSuM+Av3r1x56+VpuTo
+37CuXylUcS/vewIDAQABo4GOMIGLMB8GA1UdIwQYMBaAFOdcJY5+qkx3g3vD6mnW
+x6I04TRZMB0GA1UdDgQWBBRu/40Ii2b+m6V7+2QzZeoDlUiUmDAOBgNVHQ8BAf8E
+BAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8w
+DwYDVR0kAQH/BAUwA4ABBDANBgkqhkiG9w0BAQsFAAOCAQEABhL0Q/1K3/hsd6Od
+6TGkaumY47BYBh86RHtxAoGKXecsotYO1kdJXLQsQOkEpLp/g5Tj0WL2YqX5tgS1
+r8fkcfAL1+Mm7vq6UEBd0S/wLZndMJ/Xjvzpal/o6iujqIEkWZZa70hYRcN+Q/OQ
+azhPsDKAm4I48xaRKOorCVq0PAjBwRia8MucOcoymmiQW8/wQWS3fMRj1gh3DERE
+Y/6TLeib5pyH1KYXE7W7dA76K9SzX7TlDOFd3xybch1UxTrz2I9cqbjQdDjJMEYU
+W8tFdCcIk1/dr2faOuWvKkOw+AQRKciVrPTRcb/GKKlnNhc+YRx3KBBs6D2kjM/O
+hsObrg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E2 B0 02 FB 6C B9 1C 13 89 78 2F 51 A9 ED 16 BE A4 B3 6A 0E 
+    friendlyName: requireExplicitPolicy7 subsubCARE2RE4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7F1D317ACFCCFD84
+
+ys8urfxzgQMfQRVnSzGp7480kJ6DI5PMZTdtIKUnX7l6KG2KUmRfvoAfSI1sMA49
+bPqMSxaS9OrC2BTRsVGsi8oQxbnFm32v9IeaTNQCYQ4ntMoMV/xbGYhIEH4H3Hg4
+9Krnc0upc0ktHWMyaRct6RGzvn3hwXdkb+yaw6mB7hHy5/6uMNgs65ZWhiXY+gHR
+UAQjYv6tgvjwHXR0TlzOWM30Veh5Zz2BY4xBT+wFxFBCSfy+6tZLOa0dnxkPhbMS
+QYFfUq7JemrCQiDpMsNRrTBJFsUb4YN7JVPtvPhi/mHFHiA1g6kEnsvaTRoHkuoQ
+9TQeVyUVuK1JU0aHO2Wur2KatczZOqcSfDQQz57/i4OHNGEfZGqGEZ6YXZlrQSEd
+iMGP+vKPBOgJiYZQH6CItZ2ziFtJYNjAZJszaa+1asNWZCQJrBWdZ5ZQ9Gm9gnV6
+22tSZfqkRKFXCsknjWl6NOywldf4cRwq+zqr4EeVlj4eNm3NoIJvjpCKHGYYJ8mi
+HJl49utHBBrZtSWAFYjV4Xfl6/kCH1Nkl87ijBwHFiqNdJYxj9y2Q5edJBJ5U6dZ
+K2zBdZY0vF5OJeWo451ztXVi4JmX9/LlDiekY/28XlQd1gIANweYYrDciIeODFdJ
+yASNxZD6yOSIegmQ3c8xJxzHKivG9VPJCYSsKGhAxZcwHR2fw/UnDZA5lkRfLyDA
+iMurrYmZhvcpBpZS8fHVqGFzSV7RTnf/bU6M2Z+9Nv65tSwwyTJ/P2QP3hrYKqje
+w6qSLeqoZvExnHvaLIvGLii/Sq46euX8bcVFi4d8KDv8iKzKGIl/uPp0ktgjWLuR
+zdGpEn6PcNeoUOqTpiepyYd3sIZSn4GKDSccJ/xNUlpEjim9+5Lg8dHdCadDAzGJ
+QrCzXFlWg+rNWe4kdM3P4SA1OjF3+kISDcSRRZjTBaNQm6p/pcxKnueMiGegpfAH
+8JGGkT8MVodWO6I/fh18QgtJO+aVfPFFWLz8i6PHsqO+9sZUhSur8wrWtN2xbyC4
+cUWn6RUkhtg0U8Ys5fyxnOUpSFuBxkOU3F5HWzE1kaId8E/6ry4V6oaOMdQLmduM
+Ms5XIZ8r4/jQH+vN+4BTIkSQqR01tPTQm7pWv6t1c4hMWLP68GOVywFqtuSFXJKj
+i7AFnk91X72fSa5qxp7ZsgvuDIXeOxnw+QviC8/5Ha3r2GQhAjew3+6VEa4yZqmM
+yHu+qleFKw/6pARSNBl9+QZusN9R+cTZgYr9Bg5F4dEhlsfAoyVlzq3Ev/euGNOW
+XdI1vwv6Bi4ocH5+3i//kOUXjxke2WpA3Z/svjvWfIJwkEFoF8cxK3iKmuqXawyG
+MgM86gwVX1YohPVda2vAzAe54W4hpypDhDCkjdjLjXSJvhX/ysEiW1hjSK6ZJ6+o
+HAKkCTrF1R336WbmUvwYw7bglaYP7qyw3F8m9l2kQJYmr8TFYZOmN8NyKbofu+AN
+Xl4tVZbN5uLSDaFWQzTpzWv+QCxGAscGMCRH1TpcS+BI8OLX1pj425CFVD80tX3D
+zMSkgX+FyT/weVFd0KGvPYflZJBzayq9RvCrOj5cMYkNoKUNnlP5TA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem
new file mode 100644
index 0000000000..3066bd2314
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 76 13 A6 B2 AF 61 63 68 21 A1 77 C6 7D D8 5F 8A ED C7 E4 2E 
+    friendlyName: requireExplicitPolicy7 subsubsubCARE2RE4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubsubCARE2RE4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubCARE2RE4
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJzdWJDQVJFMlJFNDAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMGExCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMTEwLwYDVQQDEyhyZXF1aXJlRXhwbGljaXRQb2xpY3k3
+IHN1YnN1YnN1YkNBUkUyUkU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAu6hakMgtlNCA+rCJWAL8vGJ9le47WEg+7fAOpHBMAZvLGYiufTGL9z082H6l
+XMYJZl9vt/04HghPEbFeWfF/S8ahz6A7kpuSB/i4trfzkyCYqi+5YDozDw3+JzVS
+C9h77p59euEO4LVxlJwxLeDIXh2idbYmMs6hBqyktdRv4qZbqgtAyascshbclgs7
+5YJWYtkDp59/MWooX/Af8VNTnCUGrgCtk7dagQd1eGilyo0NpM6XDQ6eYdkqQJhI
+zyvGo5SWSAmkIrX0fRoyocwD3ibn+OUN5pVDZplzYA/PPL4kq0BBFt8C8RddSZIs
+1YM+hnhSdB8mRfs/Yl/xWpIwhwIDAQABo3wwejAfBgNVHSMEGDAWgBRu/40Ii2b+
+m6V7+2QzZeoDlUiUmDAdBgNVHQ4EFgQUeyxRYTEVrawsa6m+OzsYGpKqf0QwDgYD
+VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCcmQxvc23zsZ5WsaG6itcxVmsRDeKF
+WjkeTATCwuac7OTFciIJ2ts2sMDnT5yupQFxNn03VhBejR+caA2RlIKkV31tQDu+
+34kvGxD6fLcjAf9tfUbzjfEyZEPAfrlSiXVDLVPa0BFw/mO3gjCNNlLs8/RoFhsZ
+alMVnfklprdGkaGldVuqDDHPbiX2xy2WE4XoWKSqD/PXBifml/K8Ktfz6FezN8fH
+DIz0zc7JXnu8mI3TeWFSvcK+lIBVfmm3sarVDGVR83/RY+ev2kPP2PzKL2vJpBqD
+cRKPCxQiGmMw7IaDw8o/mGzapGd+W+zIgL0G/cvtbIKayoe7fwk9iHOm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 13 A6 B2 AF 61 63 68 21 A1 77 C6 7D D8 5F 8A ED C7 E4 2E 
+    friendlyName: requireExplicitPolicy7 subsubsubCARE2RE4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1735F91368816CAC
+
+0mzm+tlczyDGO8QkYpl3YWMMMLYz4/Om3I+rNNgb4u4g/M67gew0RaNd6+jIXQ+d
+MFRV3Vd2pRjH8IsHXIO0Y9pS2A2cBqOEPOlNX/vAk4HO+bHIHbx757gznY1S8op1
+hmMx9RE+5yAOra1naPr2vrH+/b25qRFYvgClGbD2xSct9+N3nltNLvMxkS/mh0Mj
+nxb23GRGXuD2tldzeJ2ufqPj0OqJzjpqzx+LJikLwsjHDTzZ9TTX5x071eIWr9TO
+HNC4Rj72OaLoYSsODONoTzX++lB+RFiqccyzl4sFlh2a6v4LDV1FCpGLoYzm+OxH
+zUu0z3B6nOSXoVWSIpHKrTE7f/ffeVPfjQRy6SNb9KRh6OXqjundOJAY9RQ850LN
+u2LcJQzyxvAkkhTPQUcRHqib+xwoxZSc2PZGpdBG6+UmXCjHcTpYS1FzHM5WnN2W
+JrMsOworZjAAvyopPIdv9ByM2AS9oMSTglv6jcujXkUpeDFnfs9Knt0ATMXaHhpi
+EXKP4b6I7JeSdTGk9suH60FUY2y13DjZFFT16tcQ7SIHilh8pQMxLrSToOGCfsAa
+R/dlyj3gQYMgf8qyvGSdpchiGdAuNtg6akhoFKnXmzEupoq5kY0ZKLZwulofDLfx
+IwQVwDz5RXBhDJUmr/TLZrhyLUIkC7E1ZoCocQDlmojrw2Q0mfOCJkenxja8YA3I
+IVvnakET52T8oXwDl94bhLN85/1Dtvj9CJkIrUKF37Eyidy3/SoCsL+ufI6e7Fnk
+jeaupw4oTsYlr1CtHUVAHRnfncc9BIducVqG1QomACmschc1Ivkd+8Ok61lIxXRt
+/7xiPV3+HeUKSZs7R4kDrRWa6LiLfXfXC9Vf/FxBzPVMnPOd9e1L634SZ8OcHIbS
+Q7JAaX+jXBs1+Rf1n0LKTYKVFKsWgAtkB0dug7mpEz7lqqKQi4LYEr9KMXZIbSif
+NEtdDs3eXUtZjLLnMQgioEqWCZLE5YHkZD1KJj9XQ6g6XRHWYVMpZWy3/480YTsH
+Vaw7UPJ3s0yCF7OUVxgjOdBQr4J90G+WOncTEPXknQDjS9/5FYYE5kOpeIpOsm05
+D73aLiHei+MWDO2WWOU9w1jzwusPEDU+wL3E9nmz1zS3io0esp3daVW8G1sBQiCm
+F7aodgrb6EWIzmWOEPP42pWsJoZtogNbjo2u41H2mCfoeVpRj6YOvc1OiG/gVS9B
+1GmJmZGkGh/y7Hos0bSab+ZZNx16NDEHE5j3JI8ziFzo1zBELHPMYEZK8tRTFS3z
+gHWm8s5ib94xykonXG6jDU1fRLi8ZZHPpLg7yfiFHs9yBLlecfCnh9f9mmEKRpgj
+PHFnWdbZZZfRZC+TSQDIDhCvjbBj+jB3We3nLluSjEUmWrAJN/sGRcJ6+rK55ErA
+jMq4ApfYmx6z6Gw8vONatiwDqZE7BKxlR5k69BazG+aB54vugMusggdAeBO2het1
+orUaD36pfIf3jCXgzn9ycVuQaTq4KECZStGqhfOhj1DB33/1Tnmf9ZX3m0mwx3VW
+79QavvERR/m4iHiudSeJgP7IDZCO2VLtPQH6aKDfyaIfmWYkE9bp6g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index b11e4d092a..a91dcfa029 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -23,8 +23,8 @@
 %% Note: This directive should only be used in test suites.
 -compile(export_all).
 
--include_lib("common_test/include/ct.hrl").
--include_lib("test_server/include/test_server_line.hrl").
+%%-include_lib("common_test/include/ct.hrl").
+-include_lib("test_server/include/test_server.hrl").
 
 -include_lib("public_key/include/public_key.hrl").
 
@@ -107,7 +107,7 @@ all() ->
      {group, ssh_public_key_decode_encode},
      encrypt_decrypt,
      {group, sign_verify},
-     pkix, pkix_path_validation, deprecated].
+     pkix, pkix_path_validation].
 
 groups() -> 
     [{pem_decode_encode, [], [dsa_pem, rsa_pem, encrypted_pem,
@@ -699,27 +699,6 @@ pkix_path_validation(Config) when is_list(Config) ->
 							      VerifyFunAndState1}]),
     ok.
 
-%%--------------------------------------------------------------------
-deprecated(doc) -> 
-    ["Check deprecated functions."];
-deprecated(suite) -> 
-    [];
-deprecated(Config) when is_list(Config) -> 
-    Datadir = ?config(data_dir, Config),
-    {ok, [DsaKey = {'DSAPrivateKey', _DsaKey, _}]} =
-	public_key:pem_to_der(filename:join(Datadir, "dsa.pem")), 
-    {ok, [RsaKey = {'RSAPrivateKey', _RsaKey,_}]} =
-	public_key:pem_to_der(filename:join(Datadir, "client_key.pem")),
-    {ok, [ProtectedRsaKey = {'RSAPrivateKey', _ProtectedRsaKey,_}]} =
-	public_key:pem_to_der(filename:join(Datadir, "rsa.pem")),
-
-    {ok, #'DSAPrivateKey'{}} = public_key:decode_private_key(DsaKey),
-    {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(RsaKey),
-    {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey, "abcd1234"),
-    ok.
-
-%%--------------------------------------------------------------------
-
 check_entry_type(#'DSAPrivateKey'{}, 'DSAPrivateKey') ->
     true;
 check_entry_type(#'RSAPrivateKey'{}, 'RSAPrivateKey') ->
diff --git a/lib/public_key/vsn.mk b/lib/public_key/vsn.mk
index 66ac78a65d..d8f811bf25 100644
--- a/lib/public_key/vsn.mk
+++ b/lib/public_key/vsn.mk
@@ -1 +1 @@
-PUBLIC_KEY_VSN = 0.13
+PUBLIC_KEY_VSN = 0.14
diff --git a/lib/reltool/doc/src/make.dep b/lib/reltool/doc/src/make.dep
deleted file mode 100644
index 59e77e8162..0000000000
--- a/lib/reltool/doc/src/make.dep
+++ /dev/null
@@ -1,20 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex part.tex ref_man.tex reltool.tex \
-		reltool_examples.tex reltool_intro.tex reltool_usage.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/reltool/doc/src/notes.xml b/lib/reltool/doc/src/notes.xml
index 5304b996a4..cf2cf7f7bc 100644
--- a/lib/reltool/doc/src/notes.xml
+++ b/lib/reltool/doc/src/notes.xml
@@ -37,7 +37,23 @@
     thus constitutes one section in this document. The title of each
     section is the version number of Reltool.</p>
 
-  <section><title>Reltool 0.5.7</title>
+  <section><title>Reltool 0.5.7.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Added recommendation about <c>RootDir</c> parameter to
+	    <c>reltool:eval_target_spec/3</c>.</p>
+          <p>
+	    Own Id: OTP-9742</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Reltool 0.5.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/reltool/doc/src/reltool.xml b/lib/reltool/doc/src/reltool.xml
index 31e15e34e7..60e886e8f5 100644
--- a/lib/reltool/doc/src/reltool.xml
+++ b/lib/reltool/doc/src/reltool.xml
@@ -558,7 +558,17 @@ target_spec()       = [target_spec()]
       <c>true</c> there is no need to install the target system with
       <c>reltool:install/2</c> before it can be started. In that case
       the file tree containing the target system can be moved without
-      re-installation.</p></desc>
+      re-installation.</p>
+
+      <p>In most cases, the <c>RootDir</c> parameter should be set to
+      the same as the <c>root_dir</c> configuration parameter used in
+      the call to <c>reltool:get_target_spec/1</c>
+      (or <c>code:root_dir()</c> if the configuration parameter is not
+      set). In some cases it might be useful to evaluate the same
+      target specification towards different root directories. This
+      should, however, be used with great care as it requires
+      equivalent file structures under all roots.</p>
+      </desc>
     </func>
 
     <func>
@@ -640,7 +650,7 @@ target_spec()       = [target_spec()]
     </func>
 
     <func>
-      <name>get_target_spec(Server) -> {ok, targetSpec} | {error, Reason}</name>
+      <name>get_target_spec(Server) -> {ok, TargetSpec} | {error, Reason}</name>
       <fsummary>Return a specification of the target system</fsummary>
       <type>
         <v>Server     = server()</v>
diff --git a/lib/reltool/vsn.mk b/lib/reltool/vsn.mk
index 751f9bb6db..3869284ee7 100644
--- a/lib/reltool/vsn.mk
+++ b/lib/reltool/vsn.mk
@@ -1 +1 @@
-RELTOOL_VSN = 0.5.7
+RELTOOL_VSN = 0.5.7.1
diff --git a/lib/runtime_tools/c_src/Makefile.in b/lib/runtime_tools/c_src/Makefile.in
index 840de39f07..3d9a7ed69d 100644
--- a/lib/runtime_tools/c_src/Makefile.in
+++ b/lib/runtime_tools/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -89,42 +89,31 @@ endif
 # Targets
 # ----------------------------------------------------
 
-debug opt: $(OBJDIR) $(BINDIR) $(SOLIBS)
+_create_dirs := $(shell mkdir -p $(OBJDIR) $(LIBDIR))
 
-$(OBJDIR):
-	-@mkdir -p $(OBJDIR)
-
-$(BINDIR):
-	-@mkdir -p $(BINDIR)
+debug opt: $(SOLIBS)
 
 $(OBJDIR)/%.o: %.c
-	$(INSTALL_DIR) $(OBJDIR)
 	$(CC) -c -o $@ $(ALL_CFLAGS) $<
 
 $(LIBDIR)/trace_ip_drv.so: $(TRACE_IP_DRV_OBJS)
-	$(INSTALL_DIR) $(LIBDIR)
 	$(LD) $(LDFLAGS) -o $@ $^ -lc $(LIBS)
 
 $(LIBDIR)/trace_file_drv.so: $(TRACE_FILE_DRV_OBJS)
-	$(INSTALL_DIR) $(LIBDIR)
 	$(LD) $(LDFLAGS) -o $@ $^ -lc $(LIBS)
 
 $(LIBDIR)/trace_ip_drv.dll: $(TRACE_IP_DRV_OBJS)
-	$(INSTALL_DIR) $(LIBDIR)
 	$(LD) $(LDFLAGS) -o $@ $^ $(LIBS)
 $(LIBDIR)/trace_file_drv.dll: $(TRACE_FILE_DRV_OBJS)
-	$(INSTALL_DIR) $(LIBDIR)
 	$(LD) $(LDFLAGS) -o $@ $^ $(LIBS)
 #
 # VxWorks is simply to different from Unix in this sense.
 # Here are the inference rules for VxWorks
 #
 $(LIBDIR)/trace_ip_drv.eld: $(TRACE_IP_DRV_OBJS)
-	$(INSTALL_DIR) $(LIBDIR)
 	$(LD) $(LDFLAGS) -o $@ $^ 
 
 $(LIBDIR)/trace_file_drv.eld: $(TRACE_FILE_DRV_OBJS)
-	$(INSTALL_DIR) $(LIBDIR)
 	$(LD) $(LDFLAGS) -o $@ $^ 
 
 clean:
diff --git a/lib/runtime_tools/c_src/trace_file_drv.c b/lib/runtime_tools/c_src/trace_file_drv.c
index 668f6f4af3..08bace80ef 100644
--- a/lib/runtime_tools/c_src/trace_file_drv.c
+++ b/lib/runtime_tools/c_src/trace_file_drv.c
@@ -21,6 +21,9 @@
  * Purpose: Send trace messages to a file.
  */
 
+#ifdef __WIN32__
+#include <windows.h>
+#endif
 #ifdef HAVE_CONFIG_H
 #  include "config.h"
 #endif
@@ -31,7 +34,6 @@
 #ifdef __WIN32__
 #  include <io.h>
 #  define write _write
-#  define open _open
 #  define close _close
 #  define unlink _unlink
 #else
@@ -40,11 +42,6 @@
 #include <errno.h>
 #include <sys/types.h>
 #include <fcntl.h>
-#ifdef VXWORKS
-#  include "reclaim.h"
-#endif
-
-
 
 /*
  * Deduce MAXPATHLEN, which is the one to use in this file, 
@@ -176,11 +173,13 @@ static TraceFileData *first_data;
 */
 static ErlDrvData trace_file_start(ErlDrvPort port, char *buff);
 static void trace_file_stop(ErlDrvData handle);
-static void trace_file_output(ErlDrvData handle, char *buff, int bufflen);
+static void trace_file_output(ErlDrvData handle, char *buff,
+			      ErlDrvSizeT bufflen);
 static void trace_file_finish(void);
-static int trace_file_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size);
+static ErlDrvSSizeT trace_file_control(ErlDrvData handle,
+				      unsigned int command, 
+				      char* buff, ErlDrvSizeT count, 
+				      char** res, ErlDrvSizeT res_size);
 static void trace_file_timeout(ErlDrvData handle);
 
 /*
@@ -194,6 +193,12 @@ static int my_flush(TraceFileData *data);
 static void put_be(unsigned n, unsigned char *s);
 static void close_unlink_port(TraceFileData *data); 
 static int wrap_file(TraceFileData *data);
+#ifdef __WIN32__
+static int win_open(char *path, int flags, int mask);
+#define open win_open
+#else
+ErlDrvEntry *driver_init(void);
+#endif
 
 /*
 ** The driver struct
@@ -212,7 +217,18 @@ ErlDrvEntry trace_file_driver_entry = {
     NULL,                  /* void * that is not used (BC) */
     trace_file_control,    /* F_PTR control, port_control callback */
     trace_file_timeout,    /* F_PTR timeout, driver_set_timer callback */
-    NULL                   /* F_PTR outputv, reserved */
+    NULL,                  /* F_PTR outputv, reserved */
+    NULL, /* ready_async */
+    NULL, /* flush */
+    NULL, /* call */
+    NULL, /* event */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 /*
@@ -241,6 +257,7 @@ static ErlDrvData trace_file_start(ErlDrvPort port, char *buff)
     int n, w;
     static const char name[] = "trace_file_drv";
 
+
 #ifdef HARDDEBUG
     fprintf(stderr,"hello (%s)\r\n", buff);
 #endif
@@ -347,17 +364,18 @@ static void trace_file_stop(ErlDrvData handle)
 /*
 ** Data sent from erlang to port.
 */
-static void trace_file_output(ErlDrvData handle, char *buff, int bufflen)
+static void trace_file_output(ErlDrvData handle, char *buff,
+			      ErlDrvSizeT bufflen)
 {
     int heavy = 0;
     TraceFileData *data = (TraceFileData *) handle;
     unsigned char b[5] = "";
     put_be((unsigned) bufflen, b + 1);
-    switch (my_write(data, b, sizeof(b))) {
+    switch (my_write(data, (unsigned char *) b, sizeof(b))) {
     case 1:
 	heavy = !0;
     case 0:
-	switch (my_write(data, buff, bufflen)) {
+	switch (my_write(data, (unsigned char *) buff, bufflen)) {
 	case 1:
 	    heavy = !0;
 	case 0:
@@ -391,9 +409,10 @@ static void trace_file_output(ErlDrvData handle, char *buff, int bufflen)
 /*
 ** Control message from erlang, we handle $f, which is flush.
 */
-static int trace_file_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size)
+static ErlDrvSSizeT trace_file_control(ErlDrvData handle,
+				       unsigned int command, 
+				       char* buff, ErlDrvSizeT count, 
+				       char** res, ErlDrvSizeT res_size)
 {
     if (command == 'f') {
 	TraceFileData *data = (TraceFileData *) handle;
@@ -636,3 +655,40 @@ static int wrap_file(TraceFileData *data) {
     return 0;
 }
 
+#ifdef __WIN32__
+static int win_open(char *path, int flags, int mask)
+{
+  DWORD access = 0;
+  DWORD creation = 0;
+  HANDLE fd;
+  int ret;
+  if (flags & O_WRONLY) {
+    access =  GENERIC_WRITE;
+  } else if (flags & O_RDONLY) {
+    access = GENERIC_READ;
+  } else {
+    access = (GENERIC_READ | GENERIC_WRITE);
+  } 
+  
+  if (flags & O_CREAT) {
+    creation |= CREATE_ALWAYS;
+  }  else {
+     creation |= OPEN_ALWAYS;
+  }
+
+  fd = CreateFileA(path, access,  
+		   FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
+		   NULL, creation, FILE_ATTRIBUTE_NORMAL, NULL);
+  if (fd == INVALID_HANDLE_VALUE) {
+    
+    return -1;
+  }
+  
+  if ((ret = _open_osfhandle((intptr_t)fd, (flags & O_RDONLY) ? O_RDONLY : 0))
+      < 0) {
+    CloseHandle(fd);
+  }
+
+  return ret;
+}
+#endif
diff --git a/lib/runtime_tools/c_src/trace_ip_drv.c b/lib/runtime_tools/c_src/trace_ip_drv.c
index d2ed1a294b..7ae6c1b329 100644
--- a/lib/runtime_tools/c_src/trace_ip_drv.c
+++ b/lib/runtime_tools/c_src/trace_ip_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1999-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1999-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -185,7 +185,8 @@ static TraceIpData *first_data;
 */
 static ErlDrvData trace_ip_start(ErlDrvPort port, char *buff);
 static void trace_ip_stop(ErlDrvData handle);
-static void trace_ip_output(ErlDrvData handle, char *buff, int bufflen);
+static void trace_ip_output(ErlDrvData handle, char *buff,
+			    ErlDrvSizeT bufflen);
 #ifdef __WIN32__
 static void trace_ip_event(ErlDrvData handle, ErlDrvEvent event);
 #endif
@@ -193,9 +194,10 @@ static void trace_ip_ready_input(ErlDrvData handle, ErlDrvEvent fd);
 static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd);
 static void trace_ip_finish(void); /* No arguments, despite what might be stated
 				     in any documentation */
-static int trace_ip_control(ErlDrvData handle, unsigned int command, 
-			    char* buff, int count, 
-			    char** res, int res_size);
+static ErlDrvSSizeT trace_ip_control(ErlDrvData handle,
+				     unsigned int command, 
+				     char* buff, ErlDrvSizeT count, 
+				     char** res, ErlDrvSizeT res_size);
 
 /*
 ** Internal routines
@@ -210,11 +212,11 @@ static TraceIpData *lookup_data_by_port(int portno);
 static int set_nonblocking(SOCKET sock);
 static TraceIpMessage *make_buffer(int datasiz, unsigned char op, 
 				   unsigned number);
-static void enque_message(TraceIpData *data, unsigned char *buff, int bufflen,
+static void enque_message(TraceIpData *data, char *buff, int bufflen,
 			  int byteswritten);
 static void clean_que(TraceIpData *data);
 static void close_client(TraceIpData *data);
-static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen);
+static int trywrite(TraceIpData *data, char *buff, int bufflen);
 static SOCKET my_accept(SOCKET sock);
 static void close_unlink_port(TraceIpData *data);
 enum MySelectOp { SELECT_ON, SELECT_OFF, SELECT_CLOSE };
@@ -382,7 +384,7 @@ static void trace_ip_stop(ErlDrvData handle)
 /*
 ** Data sent from erlang to port.
 */
-static void trace_ip_output(ErlDrvData handle, char *buff, int bufflen)
+static void trace_ip_output(ErlDrvData handle, char *buff, ErlDrvSizeT bufflen)
 {
     TraceIpData *data = (TraceIpData *) handle;
     if (data->flags & FLAG_LISTEN_PORT) {
@@ -516,7 +518,7 @@ static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd)
     tim = data->que[data->questart];
     towrite = tim->siz - tim->written;
     while((res = write_until_done(data->fd, 
-				  tim->bin + tim->written, towrite)) 
+				  (char *)tim->bin + tim->written, towrite))
 	  == towrite) {
 	driver_free(tim);
 	data->que[data->questart] = NULL;
@@ -548,9 +550,10 @@ static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd)
 /*
 ** Control message from erlang, we handle $p, which is get_listen_port.
 */
-static int trace_ip_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size)
+static ErlDrvSSizeT trace_ip_control(ErlDrvData handle,
+				     unsigned int command, 
+				     char* buff, ErlDrvSizeT count, 
+				     char** res, ErlDrvSizeT res_size)
 {
     register void *void_ptr; /* Soft type cast */
 
@@ -558,7 +561,7 @@ static int trace_ip_control(ErlDrvData handle, unsigned int command,
 	TraceIpData *data = (TraceIpData *) handle;
 	ErlDrvBinary *b = my_alloc_binary(3);
 	b->orig_bytes[0] = '\0'; /* OK */
-	put_be16(data->listen_portno, &(b->orig_bytes[1]));
+	put_be16(data->listen_portno, (unsigned char *)&(b->orig_bytes[1]));
 	*res = void_ptr = b;
 	return 0;
     } 
@@ -693,7 +696,7 @@ static TraceIpMessage *make_buffer(int datasiz, unsigned char op,
 ** Add message to que, discarding in a politically correct way...
 ** The FLAG_DROP_OLDEST is currently ingored...
 */
-static void enque_message(TraceIpData *data, unsigned char *buff, int bufflen,
+static void enque_message(TraceIpData *data, char *buff, int bufflen,
 			  int byteswritten)
 {
     int diff = data->questop - data->questart;
@@ -760,13 +763,13 @@ static void close_client(TraceIpData *data)
 ** Try to write a message from erlang directly (only called when que is empty 
 ** and client is connected)
 */
-static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen)
+static int trywrite(TraceIpData *data, char *buff, int bufflen)
 {
-    unsigned char op[5];
+    char op[5];
     int res;
 
     op[0] = OP_BINARY;
-    put_be32(bufflen, op + 1);
+    put_be32(bufflen, (unsigned char *)op + 1);
 
     if ((res = write_until_done(data->fd, op, 5)) < 0) {
 	close_client(data);
@@ -790,7 +793,11 @@ static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen)
 static SOCKET my_accept(SOCKET sock)
 {
     struct sockaddr_in sin;
-    int sin_size = sizeof(sin);
+#ifdef HAVE_SOCKLEN_T
+    socklen_t sin_size = sizeof(sin);
+#else
+    int sin_size = (int) sizeof(sin);
+#endif
 
     return accept(sock, (struct sockaddr *) &sin, &sin_size);
 }
diff --git a/lib/runtime_tools/doc/src/dbg.xml b/lib/runtime_tools/doc/src/dbg.xml
index f26789fa21..c7c5cd4ff0 100644
--- a/lib/runtime_tools/doc/src/dbg.xml
+++ b/lib/runtime_tools/doc/src/dbg.xml
@@ -316,7 +316,8 @@ Error: fun containing local erlang function calls ('is_atomm' called in guard) c
         <v>Module = atom() | '_'</v>
         <v>Function = atom() | '_'</v>
         <v>Arity = integer() |'_'</v>
-        <v>MatchSpec = integer() | atom() | [] | match_spec()</v>
+        <v>MatchSpec = integer() | Built-inAlias | [] | match_spec()</v>
+	<v>Built-inAlias = x | c | cx</v>
         <v>MatchDesc = [MatchInfo]</v>
         <v>MatchInfo = {saved, integer()} | MatchNum</v>
         <v>MatchNum = {matched, node(), integer()} | {matched, node(), 0, RPCError}</v>
@@ -349,8 +350,9 @@ Error: fun containing local erlang function calls ('is_atomm' called in guard) c
           if the MatchSpec is other
           than []. The integer <c>N</c> may then be used in
           subsequent calls to this function and will stand as an
-          "alias" for the given expression. There are also built-in
-          aliases named with atoms (see also <c>ltp/0</c> below).</p>
+          "alias" for the given expression. There are also a couple of
+	  built-in aliases for common expressions, see <c>ltp/0</c> below 
+	  for details.</p>
         <p>If an error is returned, it can be due to errors in
           compilation of the match specification. Such errors are
           presented as a list of tuples <c>{error, string()}</c> where
@@ -528,6 +530,21 @@ Error: fun containing local erlang function calls ('is_atomm' called in guard) c
         <p>Match specifications used can be saved in a file (if a
           read-write file system is present) for use in later
           debugging sessions, see <c>wtp/1</c> and <c>rtp/1</c></p>
+	<p>There are three built-in trace patterns:
+	  <c>exception_trace</c>, <c>caller_trace</c> 
+	  and <c>caller_exception_trace</c> (or <c>x</c>, <c>c</c> and 
+	  <c>cx</c> respectively). 
+	  Exception trace sets a trace which will show function names, 
+	  parameters, return values and exceptions thrown from functions. 
+	  Caller traces display function names, parameters and information 
+	  about which function called it. An example using a built-in alias:</p>
+	  <pre>
+(x@y)4> <input>dbg:tp(lists,sort,cx).</input>
+{ok,[{matched,nonode@nohost,2},{saved,cx}]}
+(x@y)4> <input>lists:sort([2,1]).</input>
+(&lt;0.32.0&gt;) call lists:sort([2,1]) ({erl_eval,do_apply,5})
+(&lt;0.32.0&gt;) returned from lists:sort/1 -> [1,2]
+[1,2]</pre>
       </desc>
     </func>
     <func>
diff --git a/lib/runtime_tools/doc/src/make.dep b/lib/runtime_tools/doc/src/make.dep
deleted file mode 100644
index 85eae88adf..0000000000
--- a/lib/runtime_tools/doc/src/make.dep
+++ /dev/null
@@ -1,20 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex dbg.tex erts_alloc_config.tex refman.tex \
-		runtime_tools_app.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: refman.xml
-
diff --git a/lib/runtime_tools/doc/src/notes.xml b/lib/runtime_tools/doc/src/notes.xml
index 0bb76e1ea4..ccf11bf0fe 100644
--- a/lib/runtime_tools/doc/src/notes.xml
+++ b/lib/runtime_tools/doc/src/notes.xml
@@ -31,6 +31,56 @@
   <p>This document describes the changes made to the Runtime_Tools
     application.</p>
 
+<section><title>Runtime_Tools 1.8.7</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Earlier dbg:stop only did erlang:trace_delivered and did
+	    not flush the trace file driver. Therefore there could
+	    still be trace messages that were delivered to the driver
+	    (guaranteed by erlang:trace_delivered) but not yet
+	    written to the file when dbg:stop returned. Flushing is
+	    now added on each node before the dbg process terminates.</p>
+          <p>
+	    Own Id: OTP-9651</p>
+        </item>
+        <item>
+          <p>
+	    File handles created by the trace_file_drv driver was
+	    inherited to child processes. This is now corrected.</p>
+          <p>
+	    Own Id: OTP-9658</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Two new built-in trace pattern aliases have been added:
+	    caller_trace (c) and caller_exception_trace (cx). See the
+	    dbg:ltp/0 documentation for more info.</p>
+          <p>
+	    Own Id: OTP-9458</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Runtime_Tools 1.8.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/runtime_tools/src/Makefile b/lib/runtime_tools/src/Makefile
index 4f831f3dd8..946409b262 100644
--- a/lib/runtime_tools/src/Makefile
+++ b/lib/runtime_tools/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -46,7 +46,8 @@ MODULES= \
 	runtime_tools_sup \
 	dbg \
 	percept_profile \
-	observer_backend
+	observer_backend \
+	ttb_autostart
 HRL_FILES= ../include/observer_backend.hrl
 
 ERL_FILES= $(MODULES:%=%.erl)
diff --git a/lib/runtime_tools/src/dbg.erl b/lib/runtime_tools/src/dbg.erl
index 56283f4d3d..385047ee73 100644
--- a/lib/runtime_tools/src/dbg.erl
+++ b/lib/runtime_tools/src/dbg.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -32,7 +32,7 @@
 -export([fun2ms/1]).
 
 %% Local exports
--export([erlang_trace/3,get_info/0]).
+-export([erlang_trace/3,get_info/0,deliver_and_flush/1]).
 
 %% Debug exports
 -export([wrap_presort/2, wrap_sort/2, wrap_postsort/1, wrap_sortfix/2,
@@ -348,17 +348,16 @@ trace_port_control(Operation) ->
     trace_port_control(node(), Operation).
 
 trace_port_control(Node, flush) ->
-    Ref = erlang:trace_delivered(all),
-    receive
-	{trace_delivered,all,Ref} -> ok
-    end,
-    case trace_port_control(Node, $f, "") of
-	{ok, [0]} ->
-	    ok;
-	{ok, _} ->
-	    {error, not_supported_by_trace_driver};
-	Other ->
-	    Other
+    case get_tracer(Node) of
+	{ok, Port} when is_port(Port) ->
+	    case catch rpc:call(Node,?MODULE,deliver_and_flush,[Port]) of
+		[0] ->
+		    ok;
+		_ ->
+		    {error, not_supported_by_trace_driver}
+	    end;
+	_ ->
+	    {error, no_trace_driver}
     end;
 trace_port_control(Node,get_listen_port) ->
     case trace_port_control(Node,$p, "") of
@@ -378,7 +377,14 @@ trace_port_control(Node, Command, Arg) ->
 	    {error, no_trace_driver}
     end.
     
-
+%% A bit more than just flush - it also makes sure all trace messages
+%% are delivered first, before flushing the driver.
+deliver_and_flush(Port) ->
+    Ref = erlang:trace_delivered(all),
+    receive
+	{trace_delivered,all,Ref} -> ok
+    end,
+    erlang:port_control(Port, $f, "").
 					   
 
 trace_port(file, {Filename, wrap, Tail}) ->
@@ -684,18 +690,12 @@ loop({C,T}=SurviveLinks, Table) ->
 	    %% tracing on the node it removes from the list of active trace nodes,
 	    %% we will call erlang:trace_delivered/1 on ALL nodes that we have
 	    %% connections to.
-	    Delivered = fun() ->
-				Ref = erlang:trace_delivered(all),
-				receive
-				    {trace_delivered,all,Ref} -> ok
-				end
-			end,
-	    catch rpc:multicall(nodes(), erlang, apply, [Delivered,[]]),
-	    Ref = erlang:trace_delivered(all),
-	    receive
-		{trace_delivered,all,Ref} ->
-		    exit(done)
-	    end;
+	    %% If it is a file trace driver, we will also flush the port.
+	    lists:foreach(fun({Node,{_Relay,Port}}) ->
+				  rpc:call(Node,?MODULE,deliver_and_flush,[Port])
+			  end,
+			  get()),
+	    exit(done);
 	{From, {link_to, Pid}} -> 	    
 	    case (catch link(Pid)) of
 		{'EXIT', Reason} ->
@@ -1449,6 +1449,19 @@ new_pattern_table() ->
     ets:insert(PT, 
 	       {exception_trace, 
 		term_to_binary(x)}),
+    ets:insert(PT,
+	       {c,
+		term_to_binary([{'_',[],[{message,{caller}}]}])}),
+    ets:insert(PT,
+	       {caller_trace,
+		term_to_binary(c)}),
+    ets:insert(PT,
+	       {cx,
+		term_to_binary([{'_',[],[{exception_trace},
+					 {message,{caller}}]}])}),
+    ets:insert(PT,
+	       {caller_exception_trace,
+		term_to_binary(cx)}),
     PT.
 
 
diff --git a/lib/runtime_tools/src/erts_alloc_config.erl b/lib/runtime_tools/src/erts_alloc_config.erl
index 0bcb202fd8..284e88d4a7 100644
--- a/lib/runtime_tools/src/erts_alloc_config.erl
+++ b/lib/runtime_tools/src/erts_alloc_config.erl
@@ -1,6 +1,7 @@
+%%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -16,6 +17,7 @@
 %% The Initial Developer of the Original Code is Ericsson AB.
 %% 
 %% %CopyrightEnd%
+%%
 
 %%%-------------------------------------------------------------------
 %%% File    : erts_alloc_config.erl
@@ -71,6 +73,7 @@
 	A == binary_alloc;
 	A == std_alloc;
 	A == ets_alloc;
+	A == fix_alloc;
 	A == eheap_alloc;
 	A == ll_alloc;
 	A == sl_alloc;
@@ -94,6 +97,7 @@
 	[{binary_alloc, 131072},
 	 {std_alloc, 131072},
 	 {ets_alloc, 131072},
+	 {fix_alloc, 131072},
 	 {eheap_alloc, 524288},
 	 {ll_alloc, 2097152},
 	 {sl_alloc, 131072},
@@ -104,6 +108,7 @@
 	[{binary_alloc, 10},
 	 {std_alloc, 10},
 	 {ets_alloc, 10},
+	 {fix_alloc, 10},
 	 {eheap_alloc, 10},
 	 {ll_alloc, 0},
 	 {sl_alloc, 10},
@@ -438,9 +443,6 @@ conf_alloc(#conf{format_to = FTO} = Conf, #alloc{name = A} = Alc) ->
     chk_xnote(Conf, Alc).
 
 chk_xnote(#conf{format_to = FTO},
-	  #alloc{name = fix_alloc}) ->
-    fcp(FTO, "Cannot be configured.");
-chk_xnote(#conf{format_to = FTO},
 	  #alloc{name = sys_alloc}) ->
     fcp(FTO, "Cannot be configured. Default malloc implementation used.");
 chk_xnote(#conf{format_to = FTO},
@@ -470,7 +472,7 @@ au_conf_alloc(#conf{format_to = FTO} = Conf,
 	_ ->
 	    fc(FTO, "~p instances used.",
 	       [Insts]),
-	    format(FTO, " +M~ct ~p~n", [alloc_char(A), Insts])
+	    format(FTO, " +M~ct true~n", [alloc_char(A)])
     end,	    
     mmbcs(Conf, Alc),
     smbcs_lmbcs_mmmbc(Conf, Alc),
diff --git a/lib/runtime_tools/src/inviso_rt.erl b/lib/runtime_tools/src/inviso_rt.erl
index ac7ac2a584..b162f5b045 100644
--- a/lib/runtime_tools/src/inviso_rt.erl
+++ b/lib/runtime_tools/src/inviso_rt.erl
@@ -2359,8 +2359,8 @@ list_wrapset(Prefix,Suffix) ->
 
 list_wrapset_2([File|Rest],RegExp) ->
     Length=length(File),
-    case regexp:first_match(File,RegExp) of
-	{match,1,Length} ->                  % This is a member of the set.
+    case re:run(File,RegExp) of
+	{match,[{0,Length}]} ->                  % This is a member of the set.
 	    [File|list_wrapset_2(Rest,RegExp)];
 	_ ->
 	    list_wrapset_2(Rest,RegExp)
diff --git a/lib/runtime_tools/src/inviso_rt_lib.erl b/lib/runtime_tools/src/inviso_rt_lib.erl
index 2c6964e53e..5dfe14068a 100644
--- a/lib/runtime_tools/src/inviso_rt_lib.erl
+++ b/lib/runtime_tools/src/inviso_rt_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -197,15 +197,15 @@ match_modules(RegExpDir,RegExpMod,Actions) ->
 handle_expand_regexp_2([{Mod,Path}|Rest],RegExpDir,RegExpMod,Result) ->
     ModStr=atom_to_list(Mod),
     ModLen=length(ModStr),
-    case regexp:first_match(ModStr,RegExpMod) of
-	{match,1,ModLen} ->                  % Ok, The regexp matches the module.
+    case re:run(ModStr,RegExpMod) of
+	{match,[{0,ModLen}]} ->                  % Ok, The regexp matches the module.
 	    if
 		is_list(RegExpDir),is_atom(Path) -> % Preloaded or covercompiled...
 		    handle_expand_regexp_2(Rest,RegExpDir,RegExpMod,Result);
 		is_list(RegExpDir),is_list(Path) -> % Dir reg-exp is used!
 		    PathOnly=filename:dirname(Path), % Must remove beam-file name.
-		    case regexp:first_match(PathOnly,RegExpDir) of
-			{match,_,_} ->       % Did find a match, that is enough!
+		    case re:run(PathOnly,RegExpDir,[{capture,none}]) of
+			match ->             % Did find a match, that is enough!
 			    handle_expand_regexp_2(Rest,RegExpDir,RegExpMod,[Mod|Result]);
 			_ ->                 % Either error or nomatch.
 			    handle_expand_regexp_2(Rest,RegExpDir,RegExpMod,Result)
@@ -233,8 +233,8 @@ handle_expand_regexp_3([Path|Rest],RegExpDir,RegExpMod,AllLoaded,Result) ->
 		    volumerelative ->        % Only on Windows!?
 			filename:absname(Path)
 		end,
-	    case regexp:first_match(AbsPath,RegExpDir) of
-		{match,_,_} ->               % Ok, the directory is allowed.
+	    case re:run(AbsPath,RegExpDir,[{capture,none}]) of
+		match ->                     % Ok, the directory is allowed.
 		    NewResult=handle_expand_regexp_3_1(Path,RegExpMod,AllLoaded,Result),
 		    handle_expand_regexp_3(Rest,RegExpDir,RegExpMod,AllLoaded,NewResult);
 		_ ->                         % This directory does not qualify.
@@ -262,8 +262,8 @@ handle_expand_regexp_3_2([File|Rest],RegExpMod,AllLoaded,Result) ->
 	    case {lists:keysearch(Mod,1,AllLoaded),lists:member(Mod,Result)} of
 		{false,false} ->             % This module is not tried before.
 		    ModLen=length(ModStr),
-		    case regexp:first_match(ModStr,RegExpMod) of
-			{match,1,ModLen} ->  % This module satisfies the regexp.
+		    case re:run(ModStr,RegExpMod) of
+			{match,[{0,ModLen}]} ->  % This module satisfies the regexp.
 			    handle_expand_regexp_3_2(Rest,RegExpMod,AllLoaded,[Mod|Result]);
 			_ ->                 % Error or not perfect match.
 			    handle_expand_regexp_3_2(Rest,RegExpMod,AllLoaded,Result)
diff --git a/lib/runtime_tools/src/observer_backend.erl b/lib/runtime_tools/src/observer_backend.erl
index 0f428de07a..2f8ffbcdb6 100644
--- a/lib/runtime_tools/src/observer_backend.erl
+++ b/lib/runtime_tools/src/observer_backend.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,9 @@
 %% General
 -export([vsn/0]).
 
+%% observer stuff
+-export([sys_info/0, get_table/3, get_table_list/2]).
+
 %% etop stuff
 -export([etop_collect/1]).
 -include("observer_backend.hrl").
@@ -31,6 +34,7 @@
 	 ttb_write_binary/2,
 	 ttb_stop/1,
 	 ttb_fetch/2,
+         ttb_resume_trace/0,
 	 ttb_get_filenames/1]).
 -define(CHUNKSIZE,8191). % 8 kbytes - 1 byte
 
@@ -41,7 +45,158 @@ vsn() ->
 	Error -> Error
     end.
 
+%%
+%% observer backend
+%%
+sys_info() ->
+    {{_,Input},{_,Output}} = erlang:statistics(io),
+    [{process_count, erlang:system_info(process_count)},
+     {process_limit, erlang:system_info(process_limit)},
+     {uptime, element(1, erlang:statistics(wall_clock))},
+     {run_queue, erlang:statistics(run_queue)},
+     {io_input, Input},
+     {io_output,  Output},
+     {logical_processors, erlang:system_info(logical_processors)},
+     {logical_processors_available, erlang:system_info(logical_processors_available)},
+     {logical_processors_online, erlang:system_info(logical_processors_online)},
+
+     {otp_release, erlang:system_info(otp_release)},
+     {version, erlang:system_info(version)},
+     {system_architecture, erlang:system_info(system_architecture)},
+     {kernel_poll, erlang:system_info(kernel_poll)},
+     {smp_support, erlang:system_info(smp_support)},
+     {threads, erlang:system_info(threads)},
+     {thread_pool_size, erlang:system_info(thread_pool_size)},
+     {wordsize_internal, erlang:system_info({wordsize, internal})},
+     {wordsize_external, erlang:system_info({wordsize, external})} |
+     erlang:memory()
+    ].
+
+get_table(Parent, Table, Module) ->
+    spawn(fun() ->
+		  link(Parent),
+		  get_table2(Parent, Table, Module)
+	  end).
+
+get_table2(Parent, Table, Type) ->
+    Size = case Type of
+	       ets -> ets:info(Table, size);
+	       mnesia -> mnesia:table_info(Table, size)
+	   end,
+    case Size > 0 of
+	false ->
+	    Parent ! {self(), '$end_of_table'},
+	    normal;
+	true when Type =:= ets ->
+	    Mem = ets:info(Table, memory),
+	    Average = Mem div Size,
+	    NoElements = max(10, 20000 div Average),
+	    get_ets_loop(Parent, ets:match(Table, '$1', NoElements));
+	true ->
+	    Mem = mnesia:table_info(Table, memory),
+	    Average = Mem div Size,
+	    NoElements = max(10, 20000 div Average),
+	    Ms = [{'$1', [], ['$1']}],
+	    Get = fun() ->
+			  get_mnesia_loop(Parent, mnesia:select(Table, Ms, NoElements, read))
+		  end,
+	    %% Not a transaction, we don't want to grab locks when inspecting the table
+	    mnesia:async_dirty(Get)
+    end.
 
+get_ets_loop(Parent, '$end_of_table') ->
+    Parent ! {self(), '$end_of_table'};
+get_ets_loop(Parent, {Match, Cont}) ->
+    Parent ! {self(), Match},
+    get_ets_loop(Parent, ets:match(Cont)).
+
+get_mnesia_loop(Parent, '$end_of_table') ->
+    Parent ! {self(), '$end_of_table'};
+get_mnesia_loop(Parent, {Match, Cont}) ->
+    Parent ! {self(), Match},
+    get_mnesia_loop(Parent, mnesia:select(Cont)).
+
+get_table_list(ets, Opts) ->
+    HideUnread = proplists:get_value(unread_hidden, Opts, true),
+    HideSys = proplists:get_value(sys_hidden, Opts, true),
+    Info = fun(Id, Acc) ->
+		   try
+		       TabId = case ets:info(Id, named_table) of
+				   true -> ignore;
+				   false -> Id
+			       end,
+		       Name = ets:info(Id, name),
+		       Protection = ets:info(Id, protection),
+		       ignore(HideUnread andalso Protection == private, unreadable),
+		       Owner = ets:info(Id, owner),
+		       RegName = case catch process_info(Owner, registered_name) of
+				     [] -> ignore;
+				     {registered_name, ProcName} -> ProcName
+				 end,
+		       ignore(HideSys andalso ordsets:is_element(RegName, sys_processes()), system_tab),
+		       ignore(HideSys andalso ordsets:is_element(Name, sys_tables()), system_tab),
+		       ignore((RegName == mnesia_monitor)
+			      andalso Name /= schema
+			      andalso is_atom((catch mnesia:table_info(Name, where_to_read))), mnesia_tab),
+		       Memory = ets:info(Id, memory) * erlang:system_info(wordsize),
+		       Tab = [{name,Name},
+			      {id,TabId},
+			      {protection,Protection},
+			      {owner,Owner},
+			      {size,ets:info(Id, size)},
+			      {reg_name,RegName},
+			      {type,ets:info(Id, type)},
+			      {keypos,ets:info(Id, keypos)},
+			      {heir,ets:info(Id, heir)},
+			      {memory,Memory},
+			      {compressed,ets:info(Id, compressed)},
+			      {fixed,ets:info(Id, fixed)}
+			     ],
+		       [Tab|Acc]
+		   catch _:_What ->
+			   %% io:format("Skipped ~p: ~p ~n",[Id, _What]),
+			   Acc
+		   end
+	   end,
+    lists:foldl(Info, [], ets:all());
+
+get_table_list(mnesia, Opts) ->
+    HideSys = proplists:get_value(sys_hidden, Opts, true),
+    Owner = ets:info(schema, owner),
+    Owner /= undefined orelse
+	throw({error, "Mnesia is not running on: " ++ atom_to_list(node())}),
+    {registered_name, RegName} = process_info(Owner, registered_name),
+    Info = fun(Id, Acc) ->
+		   try
+		       Name = Id,
+		       ignore(HideSys andalso ordsets:is_element(Name, mnesia_tables()), system_tab),
+		       ignore(Name =:= schema, mnesia_tab),
+		       Storage = mnesia:table_info(Id, storage_type),
+		       Tab0 = [{name,Name},
+			       {owner,Owner},
+			       {size,mnesia:table_info(Id, size)},
+			       {reg_name,RegName},
+			       {type,mnesia:table_info(Id, type)},
+			       {keypos,2},
+			       {memory,mnesia:table_info(Id, memory) * erlang:system_info(wordsize)},
+			       {storage,Storage},
+			       {index,mnesia:table_info(Id, index)}
+			      ],
+		       Tab = if Storage == disc_only_copies ->
+				     [{fixed, dets:info(Id, safe_fixed)}|Tab0];
+				(Storage == ram_copies) orelse
+				(Storage == disc_copies) ->
+				     [{fixed, ets:info(Id, fixed)},
+				      {compressed, ets:info(Id, compressed)}|Tab0];
+				true -> Tab0
+			     end,
+		       [Tab|Acc]
+		   catch _:_What ->
+			   %% io:format("Skipped ~p: ~p ~p ~n",[Id, _What, erlang:get_stacktrace()]),
+			   Acc
+		   end
+	   end,
+    lists:foldl(Info, [], mnesia:system_info(tables)).
 
 %%
 %% etop backend
@@ -92,16 +247,22 @@ etop_collect([], Acc) -> Acc.
 %%
 %% ttb backend
 %%
-ttb_init_node(MetaFile,PI,Traci) ->
+ttb_init_node(MetaFile_0,PI,Traci) ->
     if
-	is_list(MetaFile);
-	is_atom(MetaFile) ->
+	is_list(MetaFile_0);
+	is_atom(MetaFile_0) ->
+	    {ok, Cwd} = file:get_cwd(),
+	    MetaFile = filename:join(Cwd, MetaFile_0),
 	    file:delete(MetaFile);
 	true -> 				% {local,_,_}
-	    ok
+	    MetaFile = MetaFile_0
+    end,
+    case proplists:get_value(resume, Traci) of
+        {true, _} -> (autostart_module()):write_config(Traci);
+        _    -> ok
     end,
     Self = self(),
-    MetaPid = spawn(fun() -> ttb_meta_tracer(MetaFile,PI,Self) end),
+    MetaPid = spawn(fun() -> ttb_meta_tracer(MetaFile,PI,Self,Traci) end),
     receive {MetaPid,started} -> ok end,
     MetaPid ! {metadata,Traci},
     case PI of
@@ -111,13 +272,14 @@ ttb_init_node(MetaFile,PI,Traci) ->
 	false ->
 	    ok
     end,
-    {ok,MetaPid}.
+    {ok,MetaFile,MetaPid}.
 
 ttb_write_trace_info(MetaPid,Key,What) ->
     MetaPid ! {metadata,Key,What},
     ok.
 
-ttb_meta_tracer(MetaFile,PI,Parent) ->
+ttb_meta_tracer(MetaFile,PI,Parent,SessionData) ->
+    erlang:monitor(process, proplists:get_value(ttb_control, SessionData)),
     case PI of
 	true ->
 	    ReturnMS = [{'_',[],[{return_trace}]}],
@@ -130,22 +292,29 @@ ttb_meta_tracer(MetaFile,PI,Parent) ->
 	    ok
     end,
     Parent ! {self(),started},
-    ttb_meta_tracer_loop(MetaFile,PI,dict:new()).
+    case proplists:get_value(overload_check, SessionData) of
+        {Ms, M, F} ->
+            catch M:F(init),
+            erlang:send_after(Ms, self(), overload_check);
+        _ ->
+            ok
+    end,
+    ttb_meta_tracer_loop(MetaFile,PI,dict:new(),SessionData).
 
-ttb_meta_tracer_loop(MetaFile,PI,Acc) ->
+ttb_meta_tracer_loop(MetaFile,PI,Acc,State) ->
     receive
 	{trace_ts,_,call,{erlang,register,[Name,Pid]},_} ->
 	    ttb_store_meta({pid,{Pid,Name}},MetaFile),
-	    ttb_meta_tracer_loop(MetaFile,PI,Acc);
+	    ttb_meta_tracer_loop(MetaFile,PI,Acc,State);
 	{trace_ts,_,call,{global,register_name,[Name,Pid]},_} ->
 	    ttb_store_meta({pid,{Pid,{global,Name}}},MetaFile),
-	    ttb_meta_tracer_loop(MetaFile,PI,Acc);
+	    ttb_meta_tracer_loop(MetaFile,PI,Acc,State);
 	{trace_ts,CallingPid,call,{erlang,spawn_opt,[{M,F,Args,_}]},_} ->
 	    MFA = {M,F,length(Args)},
 	    NewAcc = dict:update(CallingPid,
 				 fun(Old) -> [MFA|Old] end, [MFA], 
 				 Acc),
-	    ttb_meta_tracer_loop(MetaFile,PI,NewAcc);
+	    ttb_meta_tracer_loop(MetaFile,PI,NewAcc,State);
 	{trace_ts,CallingPid,return_from,{erlang,spawn_opt,_Arity},Ret,_} ->
 	    case Ret of
 		{NewPid,_Mref} when is_pid(NewPid) -> ok;
@@ -158,14 +327,14 @@ ttb_meta_tracer_loop(MetaFile,PI,Acc) ->
 				    T 
 			    end,
 			    Acc),
-	    ttb_meta_tracer_loop(MetaFile,PI,NewAcc);
+	    ttb_meta_tracer_loop(MetaFile,PI,NewAcc,State);
 	{trace_ts,CallingPid,call,{erlang,Spawn,[M,F,Args]},_} 
 	when Spawn==spawn;Spawn==spawn_link ->
 	    MFA = {M,F,length(Args)},
 	    NewAcc = dict:update(CallingPid,
 				 fun(Old) -> [MFA|Old] end, [MFA], 
 				 Acc),
-	    ttb_meta_tracer_loop(MetaFile,PI,NewAcc);
+	    ttb_meta_tracer_loop(MetaFile,PI,NewAcc,State);
 
 	{trace_ts,CallingPid,return_from,{erlang,Spawn,_Arity},NewPid,_} 
 	when Spawn==spawn;Spawn==spawn_link ->
@@ -176,28 +345,53 @@ ttb_meta_tracer_loop(MetaFile,PI,Acc) ->
 				    T
 			    end,
 			    Acc),
-	    ttb_meta_tracer_loop(MetaFile,PI,NewAcc);
+	    ttb_meta_tracer_loop(MetaFile,PI,NewAcc,State);
 
 	{metadata,Data} when is_list(Data) ->
 	    ttb_store_meta(Data,MetaFile),
-	    ttb_meta_tracer_loop(MetaFile,PI,Acc);
+	    ttb_meta_tracer_loop(MetaFile,PI,Acc,State);
 
 	{metadata,Key,Fun} when is_function(Fun) ->
 	    ttb_store_meta([{Key,Fun()}],MetaFile),
-	    ttb_meta_tracer_loop(MetaFile,PI,Acc);
+	    ttb_meta_tracer_loop(MetaFile,PI,Acc,State);
 
 	{metadata,Key,What} ->
 	    ttb_store_meta([{Key,What}],MetaFile),
-	    ttb_meta_tracer_loop(MetaFile,PI,Acc);
-
-	stop when PI=:=true ->
-	    erlang:trace_pattern({erlang,spawn,3},false,[meta]),
+	    ttb_meta_tracer_loop(MetaFile,PI,Acc,State);
+        overload_check ->
+            {Ms, M, F} = proplists:get_value(overload_check, State),
+            case catch M:F(check) of
+                true ->
+                    erlang:trace(all, false, [all]),
+                    ControlPid = proplists:get_value(ttb_control, State),
+                    ControlPid ! {node_overloaded, node()},
+                    catch M:F(stop),
+                    ttb_meta_tracer_loop(MetaFile,PI,Acc,lists:keydelete(overload_check, 1, State));
+                _ ->
+                    erlang:send_after(Ms, self(), overload_check),
+                    ttb_meta_tracer_loop(MetaFile,PI,Acc, State)
+            end;
+     {'DOWN', _, _, _, _} ->
+            stop_seq_trace(),
+            self() ! stop,
+            ttb_meta_tracer_loop(MetaFile,PI,Acc, State);
+     stop when PI=:=true ->
+            try_stop_resume(State),
+            try_stop_overload_check(State),
+            erlang:trace_pattern({erlang,spawn,3},false,[meta]),
 	    erlang:trace_pattern({erlang,spawn_link,3},false,[meta]),
 	    erlang:trace_pattern({erlang,spawn_opt,1},false,[meta]),
 	    erlang:trace_pattern({erlang,register,2},false,[meta]),
 	    erlang:trace_pattern({global,register_name,2},false,[meta]);
 	stop ->
-	    ok
+            try_stop_resume(State),
+            try_stop_overload_check(State)
+    end.
+
+try_stop_overload_check(State) ->
+    case proplists:get_value(overload, State) of
+        undefined -> ok;
+        {_, M, F} -> catch M:F(stop)
     end.
 
 pnames() ->
@@ -222,6 +416,40 @@ pinfo(P,Globals) ->
 	undefined -> [] % the process has terminated
     end.
 
+autostart_module() ->
+    element(2, application:get_env(runtime_tools, ttb_autostart_module)).
+
+try_stop_resume(State) ->
+    case proplists:get_value(resume, State) of
+        true -> (autostart_module()):delete_config();
+        _    -> ok
+    end.
+
+ttb_resume_trace() ->
+    case (autostart_module()):read_config() of
+        {error, _} ->
+            ok;
+        {ok, Data} ->
+            Pid = proplists:get_value(ttb_control, Data),
+            {_, Timeout} = proplists:get_value(resume, Data),
+            case rpc:call(node(Pid), erlang, whereis, [ttb]) of
+                Pid ->
+                    Pid ! {noderesumed, node(), self()},
+                    wait_for_fetch_ready(Timeout);
+                _ ->
+                    ok
+            end,
+            (autostart_module()):delete_config(),
+            ok
+    end.
+
+wait_for_fetch_ready(Timeout) ->
+    receive
+        trace_resumed ->
+            ok
+    after Timeout ->
+            ok
+    end.
 
 ttb_store_meta(Data,{local,MetaFile,Port}) when is_list(Data) ->
     ttb_send_to_port(Port,MetaFile,Data);
@@ -273,6 +501,9 @@ ttb_stop(MetaPid) ->
     %% returns, and then the Port (in {local,MetaFile,Port})
     %% cannot be accessed any more.
     receive {'DOWN', Ref, process, MetaPid, _Info} -> ok end,
+    stop_seq_trace().
+
+stop_seq_trace() ->
     seq_trace:reset_trace(),
     seq_trace:set_system_tracer(false).
 
@@ -287,7 +518,7 @@ ttb_fetch(MetaFile,{Port,Host}) ->
 
 send_files({Sock,Host},[File|Files]) ->
     {ok,Fd} = file:open(File,[raw,read,binary]),
-    gen_tcp:send(Sock,<<1,(list_to_binary(File))/binary>>),
+    gen_tcp:send(Sock,<<1,(list_to_binary(filename:basename(File)))/binary>>),
     send_chunks(Sock,Fd),
     file:delete(File),
     send_files({Sock,Host},Files);
@@ -318,3 +549,62 @@ match_filenames(Dir,MetaFile,[H|T],Files) ->
     end;
 match_filenames(_Dir,_MetaFile,[],Files) ->
     Files.
+
+
+%%%%%%%%%%%%%%%%%
+
+sys_tables() ->
+    [ac_tab,  asn1,
+     cdv_dump_index_table,  cdv_menu_table,  cdv_decode_heap_table,
+     cell_id,  cell_pos,  clist,
+     cover_internal_data_table,   cover_collected_remote_data_table, cover_binary_code_table,
+     code, code_names,  cookies,
+     corba_policy,  corba_policy_associations,
+     dets, dets_owners, dets_registry,
+     disk_log_names, disk_log_pids,
+     eprof,  erl_atom_cache, erl_epmd_nodes,
+     etop_accum_tab,  etop_tr,
+     ets_coverage_data,
+     file_io_servers,
+     gs_mapping, gs_names,  gstk_db,
+     gstk_grid_cellid, gstk_grid_cellpos, gstk_grid_id,
+     httpd,
+     id,
+     ign_req_index, ign_requests,
+     index,
+     inet_cache, inet_db, inet_hosts,
+     'InitialReferences',
+     int_db,
+     interpreter_includedirs_macros,
+     ir_WstringDef,
+     lmcounter,  locks,
+						%     mnesia_decision,
+     mnesia_gvar, mnesia_stats,
+						%     mnesia_transient_decision,
+     pg2_table,
+     queue,
+     schema,
+     shell_records,
+     snmp_agent_table, snmp_local_db2, snmp_mib_data, snmp_note_store, snmp_symbolic_ets,
+     tkFun, tkLink, tkPriv,
+     ttb, ttb_history_table,
+     udp_fds, udp_pids
+    ].
+
+sys_processes() ->
+    [auth, code_server, global_name_server, inet_db,
+     mnesia_recover, net_kernel, timer_server, wxe_master].
+
+mnesia_tables() ->
+    [ir_AliasDef, ir_ArrayDef, ir_AttributeDef, ir_ConstantDef,
+     ir_Contained, ir_Container, ir_EnumDef, ir_ExceptionDef,
+     ir_IDLType, ir_IRObject, ir_InterfaceDef, ir_ModuleDef,
+     ir_ORB, ir_OperationDef, ir_PrimitiveDef, ir_Repository,
+     ir_SequenceDef, ir_StringDef, ir_StructDef, ir_TypedefDef,
+     ir_UnionDef, logTable, logTransferTable, mesh_meas,
+     mesh_type, mnesia_clist, orber_CosNaming,
+     orber_objkeys, user
+    ].
+
+ignore(true, Reason) -> throw(Reason);
+ignore(_,_ ) -> ok.
diff --git a/lib/runtime_tools/src/runtime_tools.app.src b/lib/runtime_tools/src/runtime_tools.app.src
index e6dc7a21d4..76fd998530 100644
--- a/lib/runtime_tools/src/runtime_tools.app.src
+++ b/lib/runtime_tools/src/runtime_tools.app.src
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,7 +22,8 @@
     {modules,      [dbg,observer_backend,percept_profile,
 		    inviso_rt,inviso_rt_lib,inviso_rt_meta,
 		    inviso_as_lib,inviso_autostart,inviso_autostart_server,
-		    runtime_tools,runtime_tools_sup,erts_alloc_config]},
+		    runtime_tools,runtime_tools_sup,erts_alloc_config,
+		    ttb_autostart]},
     {registered,   [runtime_tools_sup,inviso_rt,inviso_rt_meta]},
     {applications, [kernel, stdlib]},
 %    {env,          [{inviso_autostart_mod,your_own_autostart_module}]},
diff --git a/lib/runtime_tools/src/runtime_tools_sup.erl b/lib/runtime_tools/src/runtime_tools_sup.erl
index 1a872c355d..913719c449 100644
--- a/lib/runtime_tools/src/runtime_tools_sup.erl
+++ b/lib/runtime_tools/src/runtime_tools_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2006-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -38,6 +38,8 @@
 init(AutoModArgs) ->
     Flags = {one_for_one, 0, 3600},
     Children = [{inviso_rt, {inviso_rt, start_link_auto, [AutoModArgs]}, 
-		 temporary, 3000, worker, [inviso_rt]}],
+		 temporary, 3000, worker, [inviso_rt]},
+                {ttb_autostart, {ttb_autostart, start_link, []},
+                 temporary, 3000, worker, [ttb_autostart]}],
     {ok, {Flags, Children}}.
 %% -----------------------------------------------------------------------------
diff --git a/lib/runtime_tools/src/ttb_autostart.erl b/lib/runtime_tools/src/ttb_autostart.erl
new file mode 100644
index 0000000000..4c6971c119
--- /dev/null
+++ b/lib/runtime_tools/src/ttb_autostart.erl
@@ -0,0 +1,55 @@
+%%%-------------------------------------------------------------------
+%%% File    : ttb_autostart.erl
+%%% Author  : Bartłomiej Puzoń <[email protected]>
+%%% Description : This supervisor is used to resume ttb tracing
+%%% Users are able to provide custom restart modules for *_config, as
+%%% file:write/read/delete may not be possible on diskless nodes.
+%%%
+%%% Created : 31 Jul 2010 by <[email protected]>
+%%%-------------------------------------------------------------------
+-module(ttb_autostart).
+
+-behaviour(gen_server).
+
+%% API
+-export([start_link/0,
+         read_config/0,
+         write_config/1,
+         delete_config/0]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+         terminate/2, code_change/3]).
+
+-define(DEF_AUTOSTART_MODULE, ?MODULE).
+-define(AUTOSTART_FILENAME, "ttb_autostart.bin").
+
+start_link() ->
+    gen_server:start_link(?MODULE, no_args, []).
+
+delete_config() ->
+    file:delete(?AUTOSTART_FILENAME).
+
+read_config() ->
+    case file:read_file(?AUTOSTART_FILENAME) of
+        {ok, Data} -> {ok, binary_to_term(Data)};
+        Error      -> Error
+    end.
+
+write_config(Data) ->
+    file:write_file(?AUTOSTART_FILENAME, term_to_binary(Data)).
+
+init(no_args) ->
+    case application:get_env(runtime_tools, ttb_autostart_module) of
+        {ok, _} ->  ok;
+        undefined -> application:set_env(runtime_tools, ttb_autostart_module, ?DEF_AUTOSTART_MODULE)
+    end,
+    observer_backend:ttb_resume_trace(),
+    %%As the process is not needed any more, it will shut itself down
+    {ok, no_args, 10000}.
+
+handle_call(_,_,_)       -> {noreply, no_args}.
+handle_cast(_,_)         -> {noreply, no_args}.
+handle_info(timeout,_)   -> {stop, normal, no_args}.
+terminate(_,_)           -> ok.
+code_change(_,_,_)       -> {ok, no_args}.
diff --git a/lib/runtime_tools/test/inviso_SUITE.erl b/lib/runtime_tools/test/inviso_SUITE.erl
index 3ae8d34dd6..758867cf45 100644
--- a/lib/runtime_tools/test/inviso_SUITE.erl
+++ b/lib/runtime_tools/test/inviso_SUITE.erl
@@ -1380,9 +1380,10 @@ fetch_log_dist_trace_2(Config) ->
     io:format("~p~n",[NodeResults]),
     CheckFun=fun({N,{complete,[{trace_log,FileResults1},{ti_log,[{ok,TiFile}]}]}}) ->
 		     Fun2=fun({ok,File}) ->
-				  {match,1,_}=
-				      regexp:first_match(File,
-							 "^"++"p1"++Name++atom_to_list(N)),
+				  match=
+				      re:run(File,
+					     "^"++"p1"++Name++atom_to_list(N),
+					     [{capture,none}]),
 				  true;
 			     (_) ->
 				  false
@@ -1425,8 +1426,8 @@ fetch_log_dist_trace_3(Config) ->
     CheckFun=fun({N,{ok,[{trace_log,PrivDir2,[F1,F2]},{ti_log,PrivDir2,[F3]}]}})->
 		     PrivDir2=PrivDir,
 		     RegExp="^"++Name++atom_to_list(N)++"[0-9]+"++"\.log",
-		     {match,1,_}=regexp:first_match(F1,RegExp),
-		     {match,1,_}=regexp:first_match(F2,RegExp),
+		     match=re:run(F1,RegExp,[{capture,none}]),
+		     match=re:run(F2,RegExp,[{capture,none}]),
 		     F3=Name++"_ti_"++atom_to_list(N)++".ti",
 		     true;
 		(_) ->
@@ -1439,9 +1440,10 @@ fetch_log_dist_trace_3(Config) ->
 io:format("~p~n",[NodeResults2]),
     CheckFun2=fun({N,{complete,[{trace_log,FileResults1},{ti_log,[{ok,TiFile}]}]}}) ->
 		     Fun2=fun({ok,File}) ->
-				  {match,1,_}=
-				      regexp:first_match(File,
-							 "^"++"p1"++Name++atom_to_list(N)),
+				  match=
+				      re:run(File,
+					     "^"++"p1"++Name++atom_to_list(N),
+					    [{capture,none}]),
 				  true;
 			     (_) ->
 				  false
@@ -2649,8 +2651,8 @@ check_on_nodes([],_,_,_,_) ->
 how_many_files_regexp([],_,N) ->
     {ok,N};
 how_many_files_regexp([FName|Rest],RegExp,N) ->
-    case regexp:first_match(FName,RegExp) of
-	{match,1,_} ->
+    case re:run(FName,RegExp,[{capture,none}]) of
+	match ->
 	    how_many_files_regexp(Rest,RegExp,N+1);
 	nomatch ->
 	    how_many_files_regexp(Rest,RegExp,N);
diff --git a/lib/runtime_tools/vsn.mk b/lib/runtime_tools/vsn.mk
index 0bcd261861..3fbc1b3379 100644
--- a/lib/runtime_tools/vsn.mk
+++ b/lib/runtime_tools/vsn.mk
@@ -1 +1 @@
-RUNTIME_TOOLS_VSN = 1.8.6
+RUNTIME_TOOLS_VSN = 1.8.7
diff --git a/lib/sasl/doc/src/appup.xml b/lib/sasl/doc/src/appup.xml
index 89bcf23b5e..770b7c2492 100644
--- a/lib/sasl/doc/src/appup.xml
+++ b/lib/sasl/doc/src/appup.xml
@@ -319,12 +319,37 @@ point_of_no_return
     <pre>
 restart_new_emulator
     </pre>
-    <p>Shuts down the current emulator and starts a ne one. All
-      processes are terminated gracefully. The new release must still
-      be made permanent when the new emulator is up and running.
-      Otherwise, the old emulator is started in case of a emulator
-      restart. This instruction should be used when a new emulator is
-      introduced, or if a complete reboot of the system should be done.</p>
+    <p>This instruction is used when erts, kernel, stdlib or sasl is
+      upgraded. It shuts down the current emulator and starts a new
+      one. All processes are terminated gracefully, and the new
+      version of erts, kernel, stdlib and sasl are used when the
+      emulator restarts. Only one <c>restart_new_emulator</c>
+      instruction is allowed in the relup, and it shall be placed
+      first. <seealso marker="systools#make_relup/3">systools:make_relup3,4</seealso>
+      will ensure this when the relup is generated. The rest of the
+      relup script is executed after the restart as a part of the boot
+      script.</p>
+    <p>An info report will be written when the upgrade is
+      completed. To programatically find out if the upgrade is
+      complete,
+      call <seealso marker="release_handler#which_releases/0">
+      release_handler:which_releases</seealso> and check if the
+      expected release has status <c>current</c>.</p>
+    <p>The new release must still be made permanent after the upgrade
+      is completed. Otherwise, the old emulator is started in case of
+      an emulator restart.</p>
+    <pre>
+restart_emulator
+    </pre>
+    <p>This instruction is similar to <c>restart_new_emulator</c>,
+      except it shall be placed at the end of the relup script. It is
+      not related to an upgrade of the emulator or the core
+      applications, but can be used by any application when a complete
+      reboot of the system is reqiured.  When generating the
+      relup, <seealso marker="systools#make_relup/3">systools:make_relup/3,4</seealso>
+      ensures that there is only one <c>restart_emulator</c>
+      instruction and that it is the last instruction of the
+      relup.</p>
   </section>
 
   <section>
diff --git a/lib/sasl/doc/src/make.dep b/lib/sasl/doc/src/make.dep
deleted file mode 100644
index 4843b7934a..0000000000
--- a/lib/sasl/doc/src/make.dep
+++ /dev/null
@@ -1,22 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: alarm_handler.tex appup.tex book.tex error_logging.tex \
-		overload.tex part.tex rb.tex ref_man.tex rel.tex \
-		release_handler.tex relup.tex sasl_app.tex \
-		sasl_intro.tex script.tex systools.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/sasl/doc/src/notes.xml b/lib/sasl/doc/src/notes.xml
index 01cdc4b29e..2f22a8ec43 100644
--- a/lib/sasl/doc/src/notes.xml
+++ b/lib/sasl/doc/src/notes.xml
@@ -30,6 +30,71 @@
   </header>
   <p>This document describes the changes made to the SASL application.</p>
 
+<section><title>SASL 2.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix the mechanism for upgrading emulator.</p>
+          <p>
+	    The appup files for kernel, stdlib and sasl do now
+	    recognize two major releases back and include a
+	    'restart_new_emulator' instruction. </p>
+          <p>
+	    Appup files can include regular expressions for matching
+	    earlier releases.</p>
+          <p>
+	    The mechanism for upgrading the emulator is changed so
+	    'restart_new_emulator' will be the first instruction
+	    executed. The rest of the upgrade instruction will be
+	    executed after the emulator restart.</p>
+          <p>
+	    A new upgrade instruction 'restart_emulator' is added for
+	    the case where the emulator shall be restarted after all
+	    other upgrade instructions.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9438</p>
+        </item>
+        <item>
+          <p>
+	    Add release_handler:which_releases/1</p>
+          <p>
+	    This is an extension to which_releases that allows a user
+	    to specify the status of the releases they wish to be
+	    returned. For instance it allows for quickly determining
+	    which release is 'permanent' without the need of parsing
+	    the entire release list. (Thanks to Joe Williams)</p>
+          <p>
+	    Own Id: OTP-9717</p>
+        </item>
+        <item>
+          <p>
+	    Add copy of rel file in releases/Vsn in release tar file</p>
+          <p>
+	    systool:make_tar stores the rel file in the releases
+	    directory. When unpacking with
+	    release_handler:unpack_release, the file is automatically
+	    moved to releases/Vsn/. If, however, the tar file is
+	    unpacked manually, the rel file might not be moved, and
+	    the next release unpacked might overwrite the rel file.
+	    To overcome this, systools:make_tar now stores a copy of
+	    the rel file in releases/Vsn/ directly and it is not
+	    longer necessary to move the file after unpacking.</p>
+          <p>
+	    The reason for keeping the file in the releases directory
+	    also is that is needs to be extracted separately before
+	    the release version (Vsn) is known.</p>
+          <p>
+	    Own Id: OTP-9746</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SASL 2.1.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/sasl/doc/src/rb.xml b/lib/sasl/doc/src/rb.xml
index f35ceb5777..3da825878e 100644
--- a/lib/sasl/doc/src/rb.xml
+++ b/lib/sasl/doc/src/rb.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -123,7 +123,9 @@
       <fsummary>List all reports</fsummary>
       <type>
         <v>Type = type()</v>
-        <v>type() = crash_report | supervisor_report | error | progress</v>
+        <v>type() = error | error_report | info_msg | info_report |
+        warning_msg | warning_report | crash_report |
+        supervisor_report | progress</v>
       </type>
       <desc>
         <p>This function lists all reports loaded in the
diff --git a/lib/sasl/doc/src/release_handler.xml b/lib/sasl/doc/src/release_handler.xml
index 5ac0dc1acc..e3438ede41 100644
--- a/lib/sasl/doc/src/release_handler.xml
+++ b/lib/sasl/doc/src/release_handler.xml
@@ -64,10 +64,10 @@
       downgraded to the specified version by evaluating the instructions
       in <c>relup</c>. An installed release can be made
       <em>permanent</em>. There can only be one permanent release in
-      the system, and this is the release that is used if the system is
-      restarted. An installed release, except the permanent one, can be
-      <em>removed</em>. When a release is removed, all files that
-      belong to that release only are deleted.</p>
+      the system, and this is the release that is used if the system
+      is restarted. An installed release, except the permanent one,
+      can be <em>removed</em>. When a release is removed, all files
+      that belong to that release only are deleted.</p>
     <p>Each version of the release has a status. The status can be
       <c>unpacked</c>, <c>current</c>, <c>permanent</c>, or <c>old</c>.
       There is always one latest release which either has status
@@ -107,16 +107,17 @@ old        reboot_old            permanent
       restarted. This is taken care of automatically if Erlang is
       started as an embedded system. Read about this in <em>Embedded System</em>. In this case, the system configuration file
       <c>sys.config</c> is mandatory.</p>
-    <p>A new release may restart the system. Which program to use is
-      specified by the SASL configuration parameter <c>start_prg</c>
-      which defaults to <c>$ROOT/bin/start</c>.</p>
+    <p>The installation of a new release may restart the system. Which
+      program to use is specified by the SASL configuration
+      parameter <c>start_prg</c> which defaults
+      to <c>$ROOT/bin/start</c>.</p>
     <p>The emulator restart on Windows NT expects that the system is
       started using the <c>erlsrv</c> program (as a service).
       Furthermore the release handler expects that the service is named 
       <em>NodeName</em>_<em>Release</em>, where <em>NodeName</em> is
       the first part of the Erlang nodename (up to, but not including
-      the "@") and <em>Release</em> is the current release of
-      the application. The release handler furthermore expects that a
+      the "@") and <em>Release</em> is the current version of
+      the release. The release handler furthermore expects that a
       program like <c>start_erl.exe</c> is specified as "machine" to
       <c>erlsrv</c>. During upgrading with restart, a new service will
       be registered and started. The new service will be set to
@@ -238,7 +239,7 @@ old        reboot_old            permanent
     </func>
     <func>
       <name>install_release(Vsn) -> {ok, OtherVsn, Descr} | {error, Reason}</name>
-      <name>install_release(Vsn, [Opt]) -> {ok, OtherVsn, Descr} | {error, Reason}</name>
+      <name>install_release(Vsn, [Opt]) -> {ok, OtherVsn, Descr} | {continue_after_restart, OtherVsn, Descr} | {error, Reason}</name>
       <fsummary>Install a release in the system.</fsummary>
       <type>
         <v>Vsn = OtherVsn = string()</v>
@@ -248,7 +249,8 @@ old        reboot_old            permanent
         <v>&nbsp;Timeout = default | infinity | int()>0</v>
         <v>&nbsp;Bool = boolean()</v>
         <v>Descr = term()</v>
-        <v>Reason = {illegal_option, Opt} | {already_installed, Vsn} | {change_appl_data, term()} | term()</v>
+        <v>Reason = {illegal_option, Opt} | {already_installed, Vsn} | {change_appl_data, term()} | {missing_base_app, OtherVsn, App} | {could_not_create_hybrid_boot, term()} | term()</v>
+	<v>App = atom()</v>
       </type>
       <desc>
         <p>Installs the specified version <c>Vsn</c> of the release.
@@ -268,6 +270,15 @@ old        reboot_old            permanent
           <c>OtherVsn</c> and <c>Descr</c> are the version
           (<c>UpFromVsn</c> or <c>Vsn</c>) and description
           (<c>Descr1</c> or <c>Descr2</c>) as specified in the script.</p>
+	  <p>If <c>{continue_after_restart,OtherVsn,Descr}</c> is
+	  returned, it means that the emulator will be restarted
+	  before the upgrade instructions are executed. This will
+	  happen if the emulator or any of the applications kernel,
+	  stdlib or sasl are updated. The new version of the emulator
+	  and these core applications will execute after the restart,
+	  but for all other applications the old versions will be
+	  started and the upgrade will be performed as normal by
+	  executing the upgrade instructions.</p>
         <p>If a recoverable error occurs, the function returns
           <c>{error,Reason}</c> and the original application
           specifications are restored. If a non-recoverable error
@@ -325,6 +336,18 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
 	  upgrade, but it will allow checks and purge to be executed
 	  in the background before the real upgrade is started.</p>
 	</note>
+	<note>
+	  <p>When upgrading the emulator from a version older than OTP
+	  R15, there will be an attempt to load new application beam
+	  code into the old emulator. In some cases, the new beam
+	  format can not be read by the old emulator, and so the code
+	  loading will fail and terminate the complete upgrade. To
+	  overcome this problem, the new application code should be
+	  compiled with the old emulator. See <seealso
+	  marker="doc/design_principles:appup_cookbook">Design
+	  Principles</seealso> for more information about emulator
+	  upgrade from pre OTP R15 versions.</p>
+	</note>
       </desc>
     </func>
     <func>
@@ -431,6 +454,18 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
         <p>Returns all releases known to the release handler.</p>
       </desc>
     </func>
+    <func>
+      <name>which_releases(Status) -> [{Name, Vsn, Apps, Status}]</name>
+      <fsummary>Return all known releases of a specific status</fsummary>
+      <type>
+        <v>Name = Vsn = string()</v>
+        <v>Apps = ["App-Vsn"]</v>
+        <v>Status = unpacked | current | permanent | old</v>
+      </type>
+      <desc>
+        <p>Returns all releases known to the release handler of a specific status.</p>
+      </desc>
+    </func>
   </funcs>
 
   <section>
@@ -442,7 +477,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
       and evaluated exactly in the same way as <c>release_handler</c>
       does.</p>
     <warning>
-      <p>These function is primarily intended for simplified testing of
+      <p>These functions are primarily intended for simplified testing
         of <c>.appup</c> files. They are not run within the context of
         the <c>release_handler</c> process. They must therefore
         <em>not</em> be used together with calls to
@@ -450,7 +485,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
         <c>release_handler</c> to end up in an inconsistent state.</p>
       <p>No persistent information is updated, why these functions can
         be used on any Erlang node, embedded or not. Also, using these
-        functions does not effect which code will be loaded in case of
+        functions does not affect which code will be loaded in case of
         a reboot.</p>
       <p>If the upgrade or downgrade fails, the application may end up
         in an inconsistent state.</p>
@@ -458,7 +493,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
   </section>
   <funcs>
     <func>
-      <name>upgrade_app(App, Dir) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>upgrade_app(App, Dir) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Upgrade to a new application version</fsummary>
       <type>
         <v>App = atom()</v>
@@ -487,14 +522,21 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           does.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when finding or evaluating the script.</p>
+	<p>If the <c>restart_new_emulator</c> instruction is found in
+	  the script, <c>upgrade_app/2</c> will return
+	  <c>{error,restart_new_emulator}</c>. The reason for this is
+	  that this instruction requires that a new version of the
+	  emulator is started before the rest of the upgrade
+	  instructions can be executed, and this can only be done by
+          <c>install_release/1,2</c>.</p>
       </desc>
     </func>
     <func>
       <name>downgrade_app(App, Dir) -></name>
-      <name>downgrade_app(App, OldVsn, Dir) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>downgrade_app(App, OldVsn, Dir) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Downgrade to a previous application version</fsummary>
       <type>
         <v>App = atom()</v>
@@ -528,7 +570,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           does.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when finding or evaluating the script.</p>
       </desc>
@@ -604,7 +646,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
       </desc>
     </func>
     <func>
-      <name>eval_appup_script(App, ToVsn, ToDir, Script) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>eval_appup_script(App, ToVsn, ToDir, Script) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Evaluate an application upgrade or downgrade script</fsummary>
       <type>
         <v>App = atom()</v>
@@ -617,8 +659,8 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
       <desc>
         <p>Evaluates an application upgrade or downgrade script
           <c>Script</c>, the result from calling
-          <seealso marker="#upgrade_app/2">upgrade_app/2</seealso> or
-          <seealso marker="#downgrade_app/3">downgrade_app/2,3</seealso>,
+          <seealso marker="#upgrade_app/2">upgrade_script/2</seealso> or
+          <seealso marker="#downgrade_app/3">downgrade_script/3</seealso>,
           exactly in the same way as
           <seealso marker="#install_release/1">install_release/1,2</seealso>
           does.</p>
@@ -629,9 +671,16 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           <c>.appup</c> files should be located under <c>Dir/ebin</c>.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when evaluating the script.</p>
+	<p>If the <c>restart_new_emulator</c> instruction is found in
+	  the script, <c>eval_appup_script/4</c> will return
+	  <c>{error,restart_new_emulator}</c>. The reason for this is
+	  that this instruction requires that a new version of the
+	  emulator is started before the rest of the upgrade
+	  instructions can be executed, and this can only be done by
+          <c>install_release/1,2</c>.</p>
       </desc>
     </func>
   </funcs>
diff --git a/lib/sasl/doc/src/systools.xml b/lib/sasl/doc/src/systools.xml
index 8c1c327d74..84fed0a25f 100644
--- a/lib/sasl/doc/src/systools.xml
+++ b/lib/sasl/doc/src/systools.xml
@@ -111,6 +111,11 @@
           low-level instruction to restart the emulator is appended to
           the relup scripts. This ensures that a complete reboot of
           the system is done when the system is upgraded or downgraded.</p>
+	<p>If an upgrade includes a change from an emulator earlier
+	  than OTP R15 to OTP R15 or later, the warning
+	  <c>pre_R15_emulator_upgrade</c> is issued. See <seealso
+	  marker="doc/design_principles:appup_cookbook">Design
+	  Principles</seealso> for more information about this.</p>
         <p>By default, errors and warnings are printed to tty and
           the function returns <c>ok</c> or <c>error</c>. If the option
           <c>silent</c> is provided, the function instead returns
@@ -133,8 +138,9 @@
       <fsummary>Generate a boot script <c>.script/.boot</c>.</fsummary>
       <type>
         <v>Name = string()</v>
-        <v>Opt = src_tests | {path,[Dir]} | local | {variables,[Var]} | exref | {exref,[App]}]
-	| silent | {outdir,Dir} | warnings_as_errors</v>
+        <v>Opt = src_tests | {path,[Dir]} | local | {variables,[Var]} | exref |
+	  {exref,[App]}] | silent | {outdir,Dir} | no_warn_sasl |
+	  warnings_as_errors</v>
         <v>&nbsp;Dir = string()</v>
         <v>&nbsp;Var = {VarName,Prefix}</v>
         <v>&nbsp;&nbsp;VarName = Prefix = string()</v>
@@ -190,6 +196,14 @@
         <p>The applications are sorted according to the dependencies
           between the applications. Where there are no dependencies,
           the order in the <c>.rel</c> file is kept.</p>
+	<p>The function will fail if the mandatory
+	  applications <c>kernel</c> and <c>stdlib</c> are not
+	  included in the <c>.rel</c> file and have start
+	  type <c>permanent</c> (default).</p>
+	<p>If <c>sasl</c> is not included as an application in
+	  the <c>.rel</c> file, a warning is emitted because such a
+	  release can not be used in an upgrade. To turn off this
+	  warning, add the option <c>no_warn_sasl</c>.</p>
         <p>All files are searched for in the current path. It is
           assumed that the <c>.app</c> and <c>.beam</c> files for an
           application is located in the same directory. The <c>.erl</c>
@@ -220,7 +234,7 @@
         <p>Example: If the option <c>{variables,[{"TEST","lib"}]}</c> is
           supplied, and <c>myapp.app</c> is found in
           <c>lib/myapp/ebin</c>, then the path to this application in
-          the boot script will be <c>$TEST/myapp-1/ebin"</c>. If
+          the boot script will be <c>"$TEST/myapp-1/ebin"</c>. If
           <c>myapp.app</c> is found in <c>lib/test</c>, then the path
           will be <c>$TEST/test/myapp-1/ebin</c>.</p>
         <p>The checks performed before the boot script is generated can
diff --git a/lib/sasl/examples/src/target_system.erl b/lib/sasl/examples/src/target_system.erl
index 0e1e0b2324..ffc0fcf443 100644
--- a/lib/sasl/examples/src/target_system.erl
+++ b/lib/sasl/examples/src/target_system.erl
@@ -16,6 +16,7 @@
 %%
 %% %CopyrightEnd%
 %%
+%module
 -module(target_system).
 -export([create/1, create/2, install/2]).
 
@@ -130,14 +131,14 @@ install(RelFileName, RootDir) ->
     [ErlVsn, _RelVsn| _] = string:tokens(StartErlData, " \n"),
     ErtsBinDir = filename:join([RootDir, "erts-" ++ ErlVsn, "bin"]),
     BinDir = filename:join([RootDir, "bin"]),
-    io:fwrite("Substituting in erl.src, start.src and start_erl.src to\n"
+    io:fwrite("Substituting in erl.src, start.src and start_erl.src to "
               "form erl, start and start_erl ...\n"),
     subst_src_scripts(["erl", "start", "start_erl"], ErtsBinDir, BinDir, 
                       [{"FINAL_ROOTDIR", RootDir}, {"EMU", "beam"}],
                       [preserve]),
     io:fwrite("Creating the RELEASES file ...\n"),
-    create_RELEASES(RootDir, 
-                    filename:join([RootDir, "releases", RelFileName])).
+    create_RELEASES(RootDir, filename:join([RootDir, "releases",
+					    filename:basename(RelFileName)])).
 
 %% LOCALS 
 
@@ -257,3 +258,4 @@ remove_all_files(Dir, Files) ->
                                   file:delete(FilePath)
                           end
                   end, Files).
+%module
diff --git a/lib/sasl/src/release_handler.erl b/lib/sasl/src/release_handler.erl
index bc08f94dff..522c7b496b 100644
--- a/lib/sasl/src/release_handler.erl
+++ b/lib/sasl/src/release_handler.erl
@@ -26,8 +26,9 @@
 	 create_RELEASES/1, create_RELEASES/2, create_RELEASES/4,
 	 unpack_release/1,
 	 check_install_release/1, check_install_release/2,
-	 install_release/1, install_release/2, remove_release/1,
-	 which_releases/0, make_permanent/1, reboot_old_release/1,
+	 install_release/1, install_release/2, new_emulator_upgrade/2,
+	 remove_release/1, which_releases/0, which_releases/1,
+	 make_permanent/1, reboot_old_release/1,
 	 set_unpacked/2, set_removed/1, install_file/2]).
 -export([upgrade_app/2, downgrade_app/2, downgrade_app/3,
 	 upgrade_script/2, downgrade_script/3,
@@ -40,7 +41,7 @@
 %% Internal exports, a client release_handler may call this functions.
 -export([do_write_release/3, do_copy_file/2, do_copy_files/2,
 	 do_copy_files/1, do_rename_files/1, do_remove_files/1,
-	 do_write_file/2, do_ensure_RELEASES/1]).
+	 remove_file/1, do_write_file/2, do_ensure_RELEASES/1]).
 
 -record(state, {unpurged = [],
 		root,
@@ -61,10 +62,11 @@
 %%             remove                -
 %% current     make_permanent        permanent
 %%             install other         old
+%%             restart node          unpacked
 %%             remove                -
 %% permanent   make other permanent  old
 %%             install               permanent
-%% old         reboot                permanen
+%% old         reboot_old            permanent
 %%             install               current
 %%             remove                -
 %%-----------------------------------------------------------------
@@ -74,6 +76,14 @@
 -define(timeout, 10000).
 
 %%-----------------------------------------------------------------
+%% The version set on the temporary release that will be used when the
+%% emulator is upgraded.
+-define(tmp_vsn(__BaseVsn__), "__new_emulator__"++__BaseVsn__).
+
+
+
+
+%%-----------------------------------------------------------------
 %% Assumes the following file structure:
 %% root --- lib --- Appl-Vsn1 --- <src>
 %%       |       |             |- ebin
@@ -183,11 +193,15 @@ check_check_install_options([],Purge) ->
 %%-----------------------------------------------------------------
 %% Purpose: Executes the relup script for the specified version.
 %%          The release must be unpacked.
-%% Returns: {ok, FromVsn, Descr} | {error, Reason}
+%% Returns: {ok, FromVsn, Descr} |
+%%          {continue_after_restart, FromVsn, Descr} |
+%%          {error, Reason}
 %%          Reason = {already_installed, Vsn} |
 %%                   {bad_relup_file, RelFile} |
 %%                   {no_such_release, Vsn} |
 %%                   {no_such_from_vsn, Vsn} |
+%%                   {could_not_create_hybrid_boot,Why} |
+%%                   {missing_base_app,Vsn,App} |
 %%                   {illegal_option, Opt}} |
 %%                   exit_reason()
 %%-----------------------------------------------------------------
@@ -230,6 +244,21 @@ check_timeout(Int) when is_integer(Int), Int > 0 -> true;
 check_timeout(_Else) -> false.
 
 %%-----------------------------------------------------------------
+%% Purpose: Called by boot script after emulator is restarted due to
+%%          new erts version.
+%% Returns: Same as install_release/2
+%%          If this crashes, the emulator restart will fail
+%%          (since the function is called from the boot script)
+%%          and there will be a rollback.
+%%-----------------------------------------------------------------
+new_emulator_upgrade(Vsn, Opts) ->
+    Result = call({install_release, Vsn, reboot, Opts}),
+    error_logger:info_msg(
+      "~p:install_release(~p,~p) completed after node restart "
+      "with new emulator version~nResult: ~p~n",[?MODULE,Vsn,Opts,Result]),
+    Result.
+
+%%-----------------------------------------------------------------
 %% Purpose: Makes the specified release version be the one that is
 %%          used when the system starts (or restarts).
 %%          The release must be installed (not unpacked).
@@ -305,6 +334,14 @@ which_releases() ->
     call(which_releases).
 
 %%-----------------------------------------------------------------
+%% Returns: [{Name, Vsn, [LibName], Status}]
+%%          Status = unpacked | current | permanent | old
+%%-----------------------------------------------------------------
+which_releases(Status) ->
+    Releases = which_releases(),
+    get_releases_with_status(Releases, Status, []).
+
+%%-----------------------------------------------------------------
 %% check_script(Script, LibDirs) -> ok | {error, Reason}
 %%-----------------------------------------------------------------
 check_script(Script, LibDirs) ->
@@ -313,7 +350,7 @@ check_script(Script, LibDirs) ->
 %%-----------------------------------------------------------------
 %% eval_script(Script, Apps, LibDirs, NewLibs, Opts) ->
 %%                                             {ok, UnPurged} |
-%%                                             restart_new_emulator |
+%%                                             restart_emulator |
 %%                                             {error, Error}
 %%                                             {'EXIT', Reason}
 %% If sync_nodes is present, the calling process must have called
@@ -350,7 +387,7 @@ create_RELEASES(Root, RelDir, RelFile, LibDirs) ->
 
 %%-----------------------------------------------------------------
 %% Func: upgrade_app(App, Dir) -> {ok, Unpurged}
-%%                              | restart_new_emulator
+%%                              | restart_emulator
 %%                              | {error, Error}
 %% Types:
 %%   App = atom()
@@ -370,7 +407,7 @@ upgrade_app(App, NewDir) ->
 %%-----------------------------------------------------------------
 %% Func: downgrade_app(App, Dir)
 %%       downgrade_app(App, Vsn, Dir) -> {ok, Unpurged}
-%%                                     | restart_new_emulator
+%%                                     | restart_emulator
 %%                                     | {error, Error}
 %% Types:
 %%   App = atom()
@@ -578,7 +615,7 @@ handle_call({check_install_release, Vsn, Purge}, _From, S) ->
 handle_call({install_release, Vsn, ErrorAction, Opts}, From, S) ->
     NS = resend_sync_nodes(S),
     case catch do_install_release(S, Vsn, Opts) of
-	{ok, NewReleases, CurrentVsn, Descr} -> 
+	{ok, NewReleases, [], CurrentVsn, Descr} ->
 	    {reply, {ok, CurrentVsn, Descr}, NS#state{releases=NewReleases}};
 	{ok, NewReleases, Unpurged, CurrentVsn, Descr} ->
 	    Timer =
@@ -593,10 +630,14 @@ handle_call({install_release, Vsn, ErrorAction, Opts}, From, S) ->
 	    {reply, {ok, CurrentVsn, Descr}, NewS};
 	{error, Reason}   ->
 	    {reply, {error, Reason}, NS}; 
-	{restart_new_emulator, CurrentVsn, Descr} ->
+	{restart_emulator, CurrentVsn, Descr} ->
 	    gen_server:reply(From, {ok, CurrentVsn, Descr}),
 	    init:reboot(),
 	    {noreply, NS};
+	{restart_new_emulator, CurrentVsn, Descr} ->
+	    gen_server:reply(From, {continue_after_restart, CurrentVsn, Descr}),
+	    init:reboot(),
+	    {noreply, NS};
 	{'EXIT', Reason} ->
 	    io:format("release_handler:"
 		      "install_release(Vsn=~p Opts=~p) failed, "
@@ -801,8 +842,13 @@ do_unpack_release(Root, RelDir, ReleaseName, Releases) ->
     extract_tar(Root, Tar),
     NewReleases = [Release#release{status = unpacked} | Releases],
     write_releases(RelDir, NewReleases, false),
+
+    %% Keeping this for backwards compatibility reasons with older
+    %% systools:make_tar, where there is no copy of the .rel file in
+    %% the releases/<vsn> dir. See OTP-9746.
     Dir = filename:join([RelDir, Vsn]),
     copy_file(RelFile, Dir, false),
+
     {ok, NewReleases, Vsn}.
 
 %% Note that this function is not executed by a client
@@ -941,7 +987,38 @@ do_install_release(#state{start_prg = StartPrg,
 	{value, Release} ->
 	    LatestRelease = get_latest_release(Releases),
 	    case get_rh_script(LatestRelease, Release, RelDir, Masters) of
+		{ok, {_CurrentVsn, _Descr, [restart_new_emulator|_Script]}}
+		  when Static == true ->
+		    throw(static_emulator);
+		{ok, {CurrentVsn, Descr, [restart_new_emulator|_Script]}} ->
+		    %% This will only happen if the upgrade includes
+		    %% an emulator upgrade (and it is not a downgrade)
+		    %% - then the new emulator must be started before
+		    %% new code can be loaded.
+		    %% Create a temporary release which includes new
+		    %% emulator, kernel, stdlib and sasl - and old
+		    %% versions of other applications.
+		    {TmpVsn,TmpRelease} =
+			new_emulator_make_tmp_release(LatestRelease,Release,
+						      RelDir,Opts,Masters),
+		    NReleases = [TmpRelease|Releases],
+
+		    %% Then uppgrade to the temporary release.
+		    %% The rest of the upgrade will continue after the restart
+		    prepare_restart_new_emulator(StartPrg, RootDir,
+						 RelDir, TmpVsn, TmpRelease,
+						 NReleases, Masters),
+		    {restart_new_emulator, CurrentVsn, Descr};
 		{ok, {CurrentVsn, Descr, Script}} ->
+		    %% In case there has been an emulator upgrade,
+		    %% remove the temporary release
+		    NReleases =
+			new_emulator_rm_tmp_release(
+			  LatestRelease#release.vsn,
+			  LatestRelease#release.erts_vsn,
+			  Vsn,RelDir,Releases,Masters),
+
+		    %% Then execute the relup script
 		    mon_nodes(true),
 		    EnvBefore = application_controller:prep_config_change(),
 		    Apps = change_appl_data(RelDir, Release, Masters),
@@ -949,31 +1026,19 @@ do_install_release(#state{start_prg = StartPrg,
 		    NewLibs = get_new_libs(LatestRelease#release.libs,
 					   Release#release.libs),
 		    case eval_script(Script, Apps, LibDirs, NewLibs, Opts) of
-			{ok, []} ->
-			    application_controller:config_change(EnvBefore),
-			    mon_nodes(false),
-			    NewReleases = set_status(Vsn, current, Releases),
-			    {ok, NewReleases, CurrentVsn, Descr};
 			{ok, Unpurged} ->
 			    application_controller:config_change(EnvBefore),
 			    mon_nodes(false),
-			    NewReleases = set_status(Vsn, current, Releases),
-			    {ok, NewReleases, Unpurged, CurrentVsn, Descr};
-			restart_new_emulator when Static == true ->
+			    NReleases1 = set_status(Vsn, current, NReleases),
+			    {ok, NReleases1, Unpurged, CurrentVsn, Descr};
+			restart_emulator when Static == true ->
 			    throw(static_emulator);
-			restart_new_emulator ->
+			restart_emulator ->
 			    mon_nodes(false),
-			    {value, PermanentRelease} = 
-				lists:keysearch(permanent, #release.status,
-						Releases), 
-			    NReleases = set_status(Vsn, current, Releases),
-			    NReleases2 = set_status(Vsn,tmp_current,NReleases),
-			    write_releases(RelDir, NReleases2, Masters),
 			    prepare_restart_new_emulator(StartPrg, RootDir,
-							 RelDir, Release,
-							 PermanentRelease, 
-							 Masters),
-			    {restart_new_emulator, CurrentVsn, Descr};
+							 RelDir, Vsn, Release,
+							 NReleases, Masters),
+			    {restart_emulator, CurrentVsn, Descr};
 			Else ->
 			    application_controller:config_change(EnvBefore),
 			    mon_nodes(false),
@@ -986,6 +1051,158 @@ do_install_release(#state{start_prg = StartPrg,
 	    {error, {no_such_release, Vsn}}
     end.
 
+new_emulator_make_tmp_release(CurrentRelease,ToRelease,RelDir,Opts,Masters) ->
+    CurrentVsn = CurrentRelease#release.vsn,
+    ToVsn = ToRelease#release.vsn,
+    TmpVsn = ?tmp_vsn(CurrentVsn),
+    case get_base_libs(ToRelease#release.libs) of
+	{ok,{Kernel,Stdlib,Sasl}=BaseLibs,_} ->
+	    case get_base_libs(ToRelease#release.libs) of
+		{ok,_,RestLibs} ->
+		    TmpErtsVsn = ToRelease#release.erts_vsn,
+		    TmpLibs = [Kernel,Stdlib,Sasl|RestLibs],
+		    TmpRelease = CurrentRelease#release{vsn=TmpVsn,
+							erts_vsn=TmpErtsVsn,
+							libs = TmpLibs,
+							status = unpacked},
+		    new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,
+						  BaseLibs,RelDir,Opts,Masters),
+		    new_emulator_make_hybrid_config(CurrentVsn,ToVsn,TmpVsn,
+						    RelDir,Masters),
+		    {TmpVsn,TmpRelease};
+		{error,{missing,Missing}} ->
+		    throw({error,{missing_base_app,CurrentVsn,Missing}})
+	    end;
+	{error,{missing,Missing}} ->
+	    throw({error,{missing_base_app,ToVsn,Missing}})
+    end.
+
+%% Get kernel, stdlib and sasl libs,
+%% and also return the rest of the libs as a list.
+%% Return error if any of kernel, stdlib or sasl does not exist.
+get_base_libs(Libs) ->
+    get_base_libs(Libs,undefined,undefined,undefined,[]).
+get_base_libs([{kernel,_,_}=Kernel|Libs],undefined,Stdlib,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([{stdlib,_,_}=Stdlib|Libs],Kernel,undefined,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([{sasl,_,_}=Sasl|Libs],Kernel,Stdlib,undefined,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([Lib|Libs],Kernel,Stdlib,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,[Lib|Rest]);
+get_base_libs([],undefined,_Stdlib,_Sasl,_Rest) ->
+    {error,{missing,kernel}};
+get_base_libs([],_Kernel,undefined,_Sasl,_Rest) ->
+    {error,{missing,stdlib}};
+get_base_libs([],_Kernel,_Stdlib,undefined,_Rest) ->
+    {error,{missing,sasl}};
+get_base_libs([],Kernel,Stdlib,Sasl,Rest) ->
+    {ok,{Kernel,Stdlib,Sasl},lists:reverse(Rest)}.
+
+new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,BaseLibs,RelDir,Opts,Masters) ->
+    FromBootFile = filename:join([RelDir,CurrentVsn,"start.boot"]),
+    ToBootFile = filename:join([RelDir,ToVsn,"start.boot"]),
+    TmpBootFile = filename:join([RelDir,TmpVsn,"start.boot"]),
+    ensure_dir(TmpBootFile,Masters),
+    Args = [ToVsn,Opts],
+    {ok,FromBoot} = read_file(FromBootFile,Masters),
+    {ok,ToBoot} = read_file(ToBootFile,Masters),
+    {{_,_,KernelPath},{_,_,SaslPath},{_,_,StdlibPath}} = BaseLibs,
+    Paths = {filename:join(KernelPath,"ebin"),
+	     filename:join(StdlibPath,"ebin"),
+	     filename:join(SaslPath,"ebin")},
+    case systools_make:make_hybrid_boot(TmpVsn,FromBoot,ToBoot,Paths,Args) of
+	{ok,TmpBoot} ->
+	    write_file(TmpBootFile,TmpBoot,Masters);
+	{error,Reason} ->
+	    throw({error,{could_not_create_hybrid_boot,Reason}})
+    end.
+
+new_emulator_make_hybrid_config(CurrentVsn,ToVsn,TmpVsn,RelDir,Masters) ->
+    FromFile = filename:join([RelDir,CurrentVsn,"sys.config"]),
+    ToFile = filename:join([RelDir,ToVsn,"sys.config"]),
+    TmpFile = filename:join([RelDir,TmpVsn,"sys.config"]),
+
+    FromConfig =
+	case consult(FromFile,Masters) of
+	    {ok,[FC]} ->
+		FC;
+	    {error,Error1} ->
+		io:format("Warning: ~p can not read ~p: ~p~n",
+			  [?MODULE,FromFile,Error1]),
+		[]
+	end,
+
+    [Kernel,Stdlib,Sasl] =
+	case consult(ToFile,Masters) of
+	    {ok,[ToConfig]} ->
+		[lists:keyfind(App,1,ToConfig) || App <- [kernel,stdlib,sasl]];
+	    {error,Error2} ->
+		io:format("Warning: ~p can not read ~p: ~p~n",
+			  [?MODULE,ToFile,Error2]),
+		[false,false,false]
+	end,
+
+    Config1 = replace_config(kernel,FromConfig,Kernel),
+    Config2 = replace_config(stdlib,Config1,Stdlib),
+    Config3 = replace_config(sasl,Config2,Sasl),
+
+    ConfigStr = io_lib:format("~p.~n",[Config3]),
+    write_file(TmpFile,ConfigStr,Masters).
+
+%% Take the configuration for application App from the new config and
+%% insert in the old config.
+%% If no entry exists in the new config, then delete the entry (if it exists)
+%% from the old config.
+%% If entry exists in the new config, but not in the old config, then
+%% add the entry.
+replace_config(App,Config,false) ->
+    lists:keydelete(App,1,Config);
+replace_config(App,Config,AppConfig) ->
+    lists:keystore(App,1,Config,AppConfig).
+
+%% Remove all files related to the temporary release
+new_emulator_rm_tmp_release(?tmp_vsn(_)=TmpVsn,EVsn,NewVsn,
+			    RelDir,Releases,Masters) ->
+    case os:type() of
+	{win32, nt} ->
+	    rename_tmp_service(EVsn,TmpVsn,NewVsn);
+	_ ->
+	    ok
+    end,
+    remove_dir(filename:join(RelDir,TmpVsn),Masters),
+    lists:keydelete(TmpVsn,#release.vsn,Releases);
+new_emulator_rm_tmp_release(_,_,_,_,Releases,_) ->
+    Releases.
+
+%% Rename the tempoarary service (for erts ugprade) to the real ToVsn
+rename_tmp_service(EVsn,TmpVsn,NewVsn) ->
+    FromName = hd(string:tokens(atom_to_list(node()),"@")) ++ "_" ++ TmpVsn,
+    ToName = hd(string:tokens(atom_to_list(node()),"@")) ++ "_" ++ NewVsn,
+    case erlsrv:get_service(EVsn,ToName) of
+	{error, _Error} ->
+	    ok;
+	_Data ->
+	    erlsrv:remove_service(ToName)
+    end,
+    rename_service(EVsn,FromName,ToName).
+
+
+%% Rename a service and check that it succeeded
+rename_service(EVsn,FromName,ToName) ->
+    case erlsrv:rename_service(EVsn,FromName,ToName) of
+	{ok,_} ->
+	    case erlsrv:get_service(EVsn,ToName) of
+		{error,Error1} ->
+		    throw({error,Error1});
+		_Data2 ->
+		    ok
+	    end;
+	Error2 ->
+	    throw({error,{service_rename_failed, Error2}})
+    end.
+
+
 %%% This code chunk updates the services in one of two ways,
 %%% Either the emulator is restarted, in which case the old service
 %%% is to be removed and the new enabled, or the emulator is NOT restarted
@@ -1002,26 +1219,16 @@ do_make_services_permanent(PermanentVsn,Vsn, PermanentEVsn, EVsn) ->
 	    %% rename.
 	    case os:getenv("ERLSRV_SERVICE_NAME") == PermName of
 		true ->
-		    case erlsrv:rename_service(EVsn,PermName,Name) of
-			{ok,_} ->
-			    case erlsrv:get_service(EVsn,Name) of
-				{error,Error2} ->
-				    throw({error,Error2});
-				_Data2 ->
-				    %% The interfaces for doing this are
-				    %% NOT published and may be subject to
-				    %% change. Do NOT do this anywhere else!
-
-				    os:putenv("ERLSRV_SERVICE_NAME", Name),
-
-				    %% Restart heart port program, this 
-				    %% function is only to be used here.
-				    heart:cycle(),
-				    ok
-			    end;
-			Error3 ->
-			    throw({error,{service_rename_failed, Error3}})
-		    end;
+		    rename_service(EVsn,PermName,Name),
+		    %% The interfaces for doing this are
+		    %% NOT published and may be subject to
+		    %% change. Do NOT do this anywhere else!
+
+		    os:putenv("ERLSRV_SERVICE_NAME", Name),
+
+		    %% Restart heart port program, this
+		    %% function is only to be used here.
+		    heart:cycle();
 		false ->
 		    throw({error,service_name_missmatch})
 	    end;
@@ -1260,21 +1467,31 @@ do_set_removed(RelDir, Vsn, Releases, Masters) ->
 %% corresponding relup instructions, we check if it's possible to
 %% downgrade from CurrentVsn to ToVsn.
 %%-----------------------------------------------------------------
+get_rh_script(#release{vsn = ?tmp_vsn(CurrentVsn)},
+	      #release{vsn = ToVsn},
+	      RelDir,
+	      Masters) ->
+    {ok,{Vsn,Descr,[restart_new_emulator|Script]}} =
+	do_get_rh_script(CurrentVsn,ToVsn,RelDir,Masters),
+    {ok,{Vsn,Descr,Script}};
 get_rh_script(#release{vsn = CurrentVsn},
-	      #release{vsn = Vsn},
+	      #release{vsn = ToVsn},
 	      RelDir,
 	      Masters) ->
-    Relup = filename:join([RelDir, Vsn, "relup"]),
-    case try_upgrade(Vsn, CurrentVsn, Relup, Masters) of
+    do_get_rh_script(CurrentVsn,ToVsn,RelDir,Masters).
+
+do_get_rh_script(CurrentVsn, ToVsn, RelDir, Masters) ->
+    Relup = filename:join([RelDir, ToVsn, "relup"]),
+    case try_upgrade(ToVsn, CurrentVsn, Relup, Masters) of
 	{ok, RhScript} ->
 	    {ok, RhScript};
 	_ ->
 	    Relup2 = filename:join([RelDir, CurrentVsn,"relup"]),
-	    case try_downgrade(Vsn, CurrentVsn, Relup2, Masters) of
+	    case try_downgrade(ToVsn, CurrentVsn, Relup2, Masters) of
 		{ok, RhScript} ->
 		    {ok, RhScript};
 		_ ->
-		    throw({error, {no_matching_relup, Vsn, CurrentVsn}})
+		    throw({error, {no_matching_relup, ToVsn, CurrentVsn}})
 	    end
     end.
 
@@ -1487,6 +1704,15 @@ prepare_restart_nt(#release{erts_vsn = EVsn, vsn = Vsn},
 %% restart is performed by calling init:reboot() higher up.
 %%-----------------------------------------------------------------
 prepare_restart_new_emulator(StartPrg, RootDir, RelDir,
+			     Vsn, Release, Releases, Masters) ->
+    {value, PRelease} = lists:keysearch(permanent, #release.status,Releases),
+    NReleases1 = set_status(Vsn, current, Releases),
+    NReleases2 = set_status(Vsn,tmp_current,NReleases1),
+    write_releases(RelDir, NReleases2, Masters),
+    prepare_restart_new_emulator(StartPrg, RootDir, RelDir,
+				 Release, PRelease, Masters).
+
+prepare_restart_new_emulator(StartPrg, RootDir, RelDir,
 			     Release, PRelease, Masters) ->
     #release{erts_vsn = EVsn, vsn = Vsn} = Release,
     Data = EVsn ++ " " ++ Vsn,
@@ -1512,19 +1738,10 @@ check_start_prg({do_check, StartPrg}, Masters) ->
 check_start_prg({_, StartPrg}, _) ->
     StartPrg.
 
-write_new_start_erl(Data, RelDir, false) ->
-    DataFile = filename:join([RelDir, "new_start_erl.data"]),
-    case do_write_file(DataFile, Data) of
-	ok    -> DataFile;
-	Error -> throw(Error)
-    end;
 write_new_start_erl(Data, RelDir, Masters) ->
     DataFile = filename:join([RelDir, "new_start_erl.data"]),
-    case at_all_masters(Masters, ?MODULE, do_write_file,
-			[DataFile, Data]) of
-	ok    -> DataFile;
-	Error -> throw(Error)
-    end.
+    write_file(DataFile, Data, Masters),
+    DataFile.
 
 %%-----------------------------------------------------------------
 %% When a new emulator shall be restarted, the current release
@@ -1538,27 +1755,41 @@ write_new_start_erl(Data, RelDir, Masters) ->
 %% If the release is made permanent, this is written to disk.
 %%-----------------------------------------------------------------
 transform_release(ReleaseDir, Releases, Masters) ->
-    F = fun(Release) when Release#release.status == tmp_current ->
-		Release#release{status = unpacked};
-	   (Release) -> Release
-	end,
-    case lists:map(F, Releases) of
-	Releases ->
-	    Releases;
-	DReleases ->
+    case init:script_id() of
+	{Name, ?tmp_vsn(_)=TmpVsn} ->
+	    %% This is was a reboot due to a new emulator version. The
+	    %% current release is a temporary internal release, which
+	    %% must be removed. It is the "real new release" that is
+	    %% set to unpacked on disk and current in memory.
+	    DReleases = lists:keydelete(TmpVsn,#release.vsn,Releases),
 	    write_releases(ReleaseDir, DReleases, Masters),
-	    F1 = fun(Release) when Release#release.status == tmp_current ->
-			 case init:script_id() of
-			     {_Name, Vsn} when Release#release.vsn == Vsn ->
-				 Release#release{status = current};
-			     _ ->
-				 Release#release{status = unpacked}
-			 end;
-		    (Release) -> Release
-		 end,
-	    lists:map(F1, Releases)
+	    set_current({Name,TmpVsn},Releases);
+	ScriptId ->
+	    F = fun(Release) when Release#release.status == tmp_current ->
+			Release#release{status = unpacked};
+		   (Release) -> Release
+		end,
+	    case lists:map(F, Releases) of
+		Releases ->
+		    Releases;
+		DReleases ->
+		    write_releases(ReleaseDir, DReleases, Masters),
+		    set_current(ScriptId, Releases)
+	    end
     end.
 
+set_current(ScriptId, Releases) ->
+    F1 = fun(Release) when Release#release.status == tmp_current ->
+		 case ScriptId of
+		     {_Name,Vsn} when Release#release.vsn == Vsn ->
+			 Release#release{status = current};
+		     _ ->
+			 Release#release{status = unpacked}
+		 end;
+	    (Release) -> Release
+	 end,
+    lists:map(F1, Releases).
+
 %%-----------------------------------------------------------------
 %% Functions handling files, RELEASES, start_erl.data etc.
 %% This functions consider if the release_handler is a client and
@@ -1617,12 +1848,25 @@ extract_tar(Root, Tar) ->
 	    throw({error, {cannot_extract_file, Name, Reason}})
     end.
 
-write_releases(Dir, NewReleases, false) ->
+write_releases(Dir, Releases, Masters) ->
+    %% We must never write 'current' to disk, since this will confuse
+    %% us after a node restart - since we would then have a permanent
+    %% release running, but state set to current for a non-running
+    %% release.
+    NewReleases = lists:zf(fun(Release) when Release#release.status == current ->
+				   {true, Release#release{status = unpacked}};
+			      (_) ->
+				   true
+			   end, Releases),
+    write_releases_1(Dir, NewReleases, Masters).
+
+
+write_releases_1(Dir, NewReleases, false) ->
     case do_write_release(Dir, "RELEASES", NewReleases) of
 	ok    -> ok;
 	Error -> throw(Error)
     end;
-write_releases(Dir, NewReleases, Masters) ->
+write_releases_1(Dir, NewReleases, Masters) ->
     all_masters(Masters),
     write_releases_m(Dir, NewReleases, Masters).
 
@@ -1844,6 +2088,37 @@ read_file(File, false) ->
 read_file(File, Masters) ->
     read_master(Masters, File).
 
+write_file(File, Data, false) ->
+    case file:write_file(File, Data) of
+	ok    -> ok;
+	Error -> throw(Error)
+    end;
+write_file(File, Data, Masters) ->
+    case at_all_masters(Masters, file, write_file, [File, Data]) of
+	ok    -> ok;
+	Error -> throw(Error)
+    end.
+
+ensure_dir(File, false) ->
+    case filelib:ensure_dir(File) of
+	ok -> ok;
+	Error -> throw(Error)
+    end;
+ensure_dir(File, Masters) ->
+    case at_all_masters(Masters,filelib,ensure_dir,[File]) of
+	ok -> ok;
+	Error -> throw(Error)
+    end.
+
+remove_dir(Dir, false) ->
+    remove_file(Dir);
+remove_dir(Dir, Masters) ->
+    case at_all_masters(Masters,?MODULE,remove_file,[Dir]) of
+	ok -> ok;
+	Error -> throw(Error)
+    end.
+
+
 %% Ignore status of each delete !
 remove_files(Master, Files, Masters) ->
     takewhile(Master, Masters, ?MODULE, do_remove_files, [Files]).
@@ -2010,3 +2285,14 @@ get_new_libs([{App,Vsn,_LibDir}|CurrentLibs], NewLibs) ->
     end;
 get_new_libs([],_) ->
     [].
+
+%%-----------------------------------------------------------------
+%% Return a list of releases witch a specific status
+%%-----------------------------------------------------------------
+get_releases_with_status([], _, Acc) ->
+    Acc;
+get_releases_with_status([ {_, _, _, ReleaseStatus } = Head | Tail],
+                         Status, Acc) when ReleaseStatus == Status ->
+    get_releases_with_status(Tail, Status, [Head | Acc]);
+get_releases_with_status([_ | Tail], Status, Acc) ->
+    get_releases_with_status(Tail, Status, Acc).
diff --git a/lib/sasl/src/release_handler_1.erl b/lib/sasl/src/release_handler_1.erl
index 8d0baf3ab1..93d12cf609 100644
--- a/lib/sasl/src/release_handler_1.erl
+++ b/lib/sasl/src/release_handler_1.erl
@@ -47,26 +47,38 @@
 %%%-----------------------------------------------------------------
 %%% This is a low-level release handler.
 %%%-----------------------------------------------------------------
+check_script([restart_new_emulator|Script], LibDirs) ->
+    %% There is no need to check for old processes, since the node
+    %% will be restarted before anything else happens.
+    do_check_script(Script, LibDirs, []);
 check_script(Script, LibDirs) ->
     case catch check_old_processes(Script,soft_purge) of
 	{ok, PurgeMods} ->
-	    {Before, _After} = split_instructions(Script),
-	    case catch lists:foldl(fun(Instruction, EvalState1) ->
-					   eval(Instruction, EvalState1)
-				   end,
-				   #eval_state{libdirs = LibDirs},
-				   Before) of
-		EvalState2 when is_record(EvalState2, eval_state) ->
-		    {ok,PurgeMods};
-		{error, Error} ->
-		    {error, Error};
-		Other ->
-		    {error, Other}
-	    end;
+	    do_check_script(Script, LibDirs, PurgeMods);
 	{error, Mod} ->
 	    {error, {old_processes, Mod}}
     end.
 
+do_check_script(Script, LibDirs, PurgeMods) ->
+    {Before, After} = split_instructions(Script),
+    case catch lists:foldl(fun(Instruction, EvalState1) ->
+				   eval(Instruction, EvalState1)
+			   end,
+			   #eval_state{libdirs = LibDirs},
+			   Before) of
+	       EvalState2 when is_record(EvalState2, eval_state) ->
+		 case catch syntax_check_script(After) of
+		     ok ->
+			 {ok,PurgeMods};
+		     Other ->
+			 {error,Other}
+		 end;
+	       {error, Error} ->
+		 {error, Error};
+	       Other ->
+		 {error, Other}
+	 end.
+
 %% eval_script/1 - For testing only - no apps added, just testing instructions
 eval_script(Script) ->
     eval_script(Script, [], [], [], []).
@@ -83,22 +95,30 @@ eval_script(Script, Apps, LibDirs, NewLibs, Opts) ->
 					       newlibs = NewLibs,
 					       opts = Opts},
 				   Before) of
-		EvalState2 when is_record(EvalState2, eval_state) ->
-		    case catch lists:foldl(fun(Instruction, EvalState3) ->
-						   eval(Instruction, EvalState3)
-					   end,
-					   EvalState2,
-					   After) of
-			EvalState4 when is_record(EvalState4, eval_state) ->
-			    {ok, EvalState4#eval_state.unpurged};
-			restart_new_emulator ->
-			    restart_new_emulator;
-			Error ->
-			    {'EXIT', Error}
-		    end;
-		{error, Error} -> {error, Error};
-		Other -> {error, Other}
-	    end;
+		       EvalState2 when is_record(EvalState2, eval_state) ->
+			 case catch syntax_check_script(After) of
+			     ok ->
+				 case catch lists:foldl(
+					      fun(Instruction, EvalState3) ->
+						      eval(Instruction,
+							   EvalState3)
+					      end,
+					      EvalState2,
+					      After) of
+				     EvalState4
+				       when is_record(EvalState4, eval_state) ->
+					 {ok, EvalState4#eval_state.unpurged};
+				     restart_emulator ->
+					 restart_emulator;
+				     Error ->
+					 {'EXIT', Error}
+				 end;
+			     Other ->
+				 {error,Other}
+			 end;
+		       {error, Error} -> {error, Error};
+		       Other -> {error, Other}
+		 end;
 	{error, Mod} ->
 	    {error, {old_processes, Mod}}
     end.
@@ -174,6 +194,42 @@ do_check_old_code(Mod,Procs) ->
     [Mod].
 
 
+%% Check the last part of the script, i.e. the part after point_of_no_return.
+%% More or less a syntax check in case the script was handwritten.
+syntax_check_script([point_of_no_return | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{load, {_,_,_}} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{remove, {_,_,_}} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{purge, _} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{suspend, _} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{resume, _} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{code_change, _} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{code_change, _, _} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{stop, _} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{start, _} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{sync_nodes, _, {_,_,_}} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{sync_nodes, _, _} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([{apply, {_,_,_}} | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([restart_emulator | Script]) ->
+    syntax_check_script(Script);
+syntax_check_script([Illegal | _Script]) ->
+    throw({illegal_instruction_after_point_of_no_return,Illegal});
+syntax_check_script([]) ->
+    ok.
+
+
 %%-----------------------------------------------------------------
 %% An unpurged module is a module for which there exist an old
 %% version of the code.  This should only be the case if there are
@@ -243,7 +299,7 @@ do_check_old_code(Mod,Procs) ->
 %%    must also exectue the same line.  Waits for all these nodes to get
 %%    to this line.
 %% point_of_no_return
-%% restart_new_emulator
+%% restart_emulator
 %% {stop_application, Appl}     - Impl with apply
 %% {unload_application, Appl}   - Impl with {remove..}
 %% {load_application, Appl}     - Impl with {load..}
@@ -402,6 +458,8 @@ eval({sync_nodes, Id, Nodes}, EvalState) ->
 eval({apply, {M, F, A}}, EvalState) ->
     apply(M, F, A),
     EvalState;
+eval(restart_emulator, _EvalState) ->
+    throw(restart_emulator);
 eval(restart_new_emulator, _EvalState) ->
     throw(restart_new_emulator).
 
@@ -447,15 +505,20 @@ resume(Pids) ->
 
 change_code(Pids, Mod, Vsn, Extra, Timeout) ->
     Fun = fun(Pid) -> 
-		  case Timeout of
-		      default ->
-			  ok = sys:change_code(Pid, Mod, Vsn, Extra);
-		      _Else ->
-			  ok = sys:change_code(Pid, Mod, Vsn, Extra, Timeout)
+		  case sys_change_code(Pid, Mod, Vsn, Extra, Timeout) of
+		      ok ->
+			  ok;
+		      {error,Reason} ->
+			  throw({code_change_failed,Pid,Mod,Vsn,Reason})
 		  end
 	  end,
     lists:foreach(Fun, Pids).
 
+sys_change_code(Pid, Mod, Vsn, Extra, default) ->
+    sys:change_code(Pid, Mod, Vsn, Extra);
+sys_change_code(Pid, Mod, Vsn, Extra, Timeout) ->
+    sys:change_code(Pid, Mod, Vsn, Extra, Timeout).
+
 stop(Mod, Procs) ->
     lists:zf(fun({undefined, _Name, _Pid, _Mods}) ->
 		     false;
diff --git a/lib/sasl/src/sasl.appup.src b/lib/sasl/src/sasl.appup.src
index 64c653a4e5..ce4aa1f8f8 100644
--- a/lib/sasl/src/sasl.appup.src
+++ b/lib/sasl/src/sasl.appup.src
@@ -1,25 +1,27 @@
-%%
+%% -*- erlang -*-
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
-%% %CopyrightEnd%
 %%
-
+%% %CopyrightEnd%
 {"%VSN%",
- [{"2.1.4", [{load_module, release_handler},
-	     {load_module, systools_relup}]}],
- [{"2.1.4", [{load_module, release_handler},
-	     {load_module, systools_relup}]}]
+ %% Up from - max two major revisions back
+ [{<<"2\\.2(\\.[0-9]+)*">>,[restart_new_emulator]},         %% R15
+  {<<"2\\.1\\.10(\\.[0-9]+)*">>,[restart_new_emulator]},    %% R14B04 (and later?)
+  {<<"2\\.1\\.[6-9](\\.[0-9]+)*">>,[restart_new_emulator]}],%% R13B-R14B03
+ %% Down to - max two major revisions back
+ [{<<"2\\.2(\\.[0-9]+)*">>,[restart_new_emulator]},         %% R15
+  {<<"2\\.1\\.10(\\.[0-9]+)*">>,[restart_new_emulator]},    %% R14B04 (and later?)
+  {<<"2\\.1\\.[6-9](\\.[0-9]+)*">>,[restart_new_emulator]}] %% R13B-R14B03
 }.
diff --git a/lib/sasl/src/systools_make.erl b/lib/sasl/src/systools_make.erl
index 7f400f5cce..12ba2a5476 100644
--- a/lib/sasl/src/systools_make.erl
+++ b/lib/sasl/src/systools_make.erl
@@ -31,6 +31,8 @@
 
 -export([read_application/4]).
 
+-export([make_hybrid_boot/5]).
+
 -import(lists, [filter/2, keysort/2, keysearch/3, map/2, reverse/1,
 		append/1, foldl/3,  member/2, foreach/2]).
 
@@ -56,6 +58,7 @@
 %%              {variables,[{Name,AbsString}]}
 %%              {machine, jam | beam | vee}
 %%              exref | {exref, [AppName]}
+%%              no_warn_sasl
 %%-----------------------------------------------------------------
 
 make_script(RelName) when is_list(RelName) ->
@@ -86,7 +89,8 @@ make_script(RelName, Output, Flags) when is_list(RelName),
 	    Path  = make_set(Path1 ++ code:get_path()),
 	    ModTestP = {member(src_tests, Flags),xref_p(Flags)},
 	    case get_release(RelName, Path, ModTestP, machine(Flags)) of
-		{ok, Release, Appls, Warnings} ->
+		{ok, Release, Appls, Warnings0} ->
+		    Warnings = wsasl(Flags, Warnings0),
 		    case systools_lib:werror(Flags, Warnings) of
 			true ->
 			    return(ok,Warnings,Flags);
@@ -110,7 +114,13 @@ make_script(RelName, _Output, Flags) when is_list(Flags) ->
 make_script(RelName, _Output, Flags) ->
     badarg(Flags,[RelName, Flags]).
 
-%% Inlined.
+
+wsasl(Options, Warnings) ->
+    case lists:member(no_warn_sasl,Options) of
+	true -> lists:delete({warning,missing_sasl},Warnings);
+	false -> Warnings
+    end.
+
 badarg(BadArg, Args) ->
     erlang:error({badarg,BadArg}, Args).
 
@@ -162,6 +172,118 @@ return({error,Mod,Error},_,Flags) ->
 	    error
     end.
 
+
+%%-----------------------------------------------------------------
+%% Make hybrid boot file for upgrading emulator. The resulting boot
+%% file is a combination of the two input files, where kernel, stdlib
+%% and sasl versions are taken from the second file (the boot file of
+%% the new release), and all other application versions from the first
+%% file (the boot file of the old release).
+%%
+%% The most important thing that can fail here is that the input boot
+%% files do not contain all three base applications - kernel, stdlib
+%% and sasl.
+%%
+%% TmpVsn = string(),
+%% Paths = {KernelPath,StdlibPath,SaslPath}
+%% Returns {ok,Boot} | {error,Reason}
+%% Boot1 = Boot2 = Boot = binary()
+%% Reason = {app_not_found,App} | {app_not_replaced,App}
+%% App = kernel | stdlib | sasl
+make_hybrid_boot(TmpVsn, Boot1, Boot2, Paths, Args) ->
+    catch do_make_hybrid_boot(TmpVsn, Boot1, Boot2, Paths, Args).
+do_make_hybrid_boot(TmpVsn, Boot1, Boot2, Paths, Args) ->
+    {script,{_RelName1,_RelVsn1},Script1} = binary_to_term(Boot1),
+    {script,{RelName2,_RelVsn2},Script2} = binary_to_term(Boot2),
+    MatchPaths = get_regexp_path(Paths),
+    NewScript1 = replace_paths(Script1,MatchPaths),
+    {Kernel,Stdlib,Sasl} = get_apps(Script2,undefined,undefined,undefined),
+    NewScript2 = replace_apps(NewScript1,Kernel,Stdlib,Sasl),
+    NewScript3 = add_apply_upgrade(NewScript2,Args),
+    Boot = term_to_binary({script,{RelName2,TmpVsn},NewScript3}),
+    {ok,Boot}.
+
+%% For each app, compile a regexp that can be used for finding its path
+get_regexp_path({KernelPath,StdlibPath,SaslPath}) ->
+    {ok,KernelMP} = re:compile("kernel-[0-9\.]+",[unicode]),
+    {ok,StdlibMP} = re:compile("stdlib-[0-9\.]+",[unicode]),
+    {ok,SaslMP} = re:compile("sasl-[0-9\.]+",[unicode]),
+    [{KernelMP,KernelPath},{StdlibMP,StdlibPath},{SaslMP,SaslPath}].
+
+%% For each path in the script, check if it matches any of the MPs
+%% found above, and if so replace it with the correct new path.
+replace_paths([{path,Path}|Script],MatchPaths) ->
+    [{path,replace_path(Path,MatchPaths)}|replace_paths(Script,MatchPaths)];
+replace_paths([Stuff|Script],MatchPaths) ->
+    [Stuff|replace_paths(Script,MatchPaths)];
+replace_paths([],_) ->
+    [].
+
+replace_path([Path|Paths],MatchPaths) ->
+    [do_replace_path(Path,MatchPaths)|replace_path(Paths,MatchPaths)];
+replace_path([],_) ->
+    [].
+
+do_replace_path(Path,[{MP,ReplacePath}|MatchPaths]) ->
+    case re:run(Path,MP,[{capture,none}]) of
+	nomatch -> do_replace_path(Path,MatchPaths);
+	match -> ReplacePath
+    end;
+do_replace_path(Path,[]) ->
+    Path.
+
+%% Return the entries for loading the three base applications
+get_apps([{kernelProcess,application_controller,
+	   {application_controller,start,[{application,kernel,_}]}}=Kernel|
+	  Script],_,Stdlib,Sasl) ->
+    get_apps(Script,Kernel,Stdlib,Sasl);
+get_apps([{apply,{application,load,[{application,stdlib,_}]}}=Stdlib|Script],
+	 Kernel,_,Sasl) ->
+    get_apps(Script,Kernel,Stdlib,Sasl);
+get_apps([{apply,{application,load,[{application,sasl,_}]}}=Sasl|_Script],
+	 Kernel,Stdlib,_) ->
+    {Kernel,Stdlib,Sasl};
+get_apps([_|Script],Kernel,Stdlib,Sasl) ->
+    get_apps(Script,Kernel,Stdlib,Sasl);
+get_apps([],undefined,_,_) ->
+    throw({error,{app_not_found,kernel}});
+get_apps([],_,undefined,_) ->
+    throw({error,{app_not_found,stdlib}});
+get_apps([],_,_,undefined) ->
+    throw({error,{app_not_found,sasl}}).
+
+
+%% Replace the entries for loading the base applications
+replace_apps([{kernelProcess,application_controller,
+	       {application_controller,start,[{application,kernel,_}]}}|
+	      Script],Kernel,Stdlib,Sasl) ->
+    [Kernel|replace_apps(Script,undefined,Stdlib,Sasl)];
+replace_apps([{apply,{application,load,[{application,stdlib,_}]}}|Script],
+	     Kernel,Stdlib,Sasl) ->
+    [Stdlib|replace_apps(Script,Kernel,undefined,Sasl)];
+replace_apps([{apply,{application,load,[{application,sasl,_}]}}|Script],
+	     _Kernel,_Stdlib,Sasl) ->
+    [Sasl|Script];
+replace_apps([Stuff|Script],Kernel,Stdlib,Sasl) ->
+    [Stuff|replace_apps(Script,Kernel,Stdlib,Sasl)];
+replace_apps([],undefined,undefined,_) ->
+    throw({error,{app_not_replaced,sasl}});
+replace_apps([],undefined,_,_) ->
+    throw({error,{app_not_replaced,stdlib}});
+replace_apps([],_,_,_) ->
+    throw({error,{app_not_replaced,kernel}}).
+
+
+%% Finally add an apply of release_handler:new_emulator_upgrade - which will
+%% complete the execution of the upgrade script (relup).
+add_apply_upgrade(Script,Args) ->
+    [{progress, started} | RevScript] = lists:reverse(Script),
+    lists:reverse([{progress,started},
+		   {apply,{release_handler,new_emulator_upgrade,Args}} |
+		   RevScript]).
+
+
+
 %%-----------------------------------------------------------------
 %% Create a release package from a release file.
 %% Options is a list of {path, Path} | silent |
@@ -250,13 +372,13 @@ get_release(File, Path, ModTestP, Machine) ->
     end.
 	
 get_release1(File, Path, ModTestP, Machine) ->
-    {ok, Release} = read_release(File, Path),
+    {ok, Release, Warnings1} = read_release(File, Path),
     {ok, Appls0} = collect_applications(Release, Path),
     {ok, Appls1} = check_applications(Appls0),
     {ok, Appls2} = sort_included_applications(Appls1, Release), % OTP-4121
-    {ok, Warnings} = check_modules(Appls2, Path, ModTestP, Machine),
+    {ok, Warnings2} = check_modules(Appls2, Path, ModTestP, Machine),
     {ok, Appls} = sort_appls(Appls2),
-    {ok, Release, Appls, Warnings}.
+    {ok, Release, Appls, Warnings1 ++ Warnings2}.
 
 %%______________________________________________________________________
 %% read_release(File, Path) -> {ok, #release} | throw({error, What})
@@ -271,11 +393,12 @@ read_release(File, Path) ->
 
 check_rel(Release) ->
     case catch check_rel1(Release) of
-	{ok, {Name,Vsn,Evsn,Appl,Incl}} ->
+	{ok, {Name,Vsn,Evsn,Appl,Incl}, Ws} ->
 	    {ok, #release{name=Name, vsn=Vsn,
 			  erts_vsn=Evsn,
 			  applications=Appl,
-			  incl_apps=Incl}};
+			  incl_apps=Incl},
+	    Ws};
 	{error, Error} ->
 	    throw({error,?MODULE,Error});
 	Error ->
@@ -286,8 +409,8 @@ check_rel1({release,{Name,Vsn},{erts,EVsn},Appl}) when is_list(Appl) ->
     check_name(Name),
     check_vsn(Vsn),
     check_evsn(EVsn),
-    {Appls,Incls} = check_appl(Appl),
-    {ok, {Name,Vsn,EVsn,Appls,Incls}};
+    {{Appls,Incls},Ws} = check_appl(Appl),
+    {ok, {Name,Vsn,EVsn,Appls,Incls},Ws};
 check_rel1(_) ->
     {error, badly_formatted_release}.
 
@@ -340,25 +463,35 @@ check_appl(Appl) ->
 		end,
 		Appl) of
 	[] ->
-	    mandatory_applications(Appl),
-	    split_app_incl(Appl);
+	    {ApplsNoIncls,Incls} = split_app_incl(Appl),
+	    {ok,Ws} = mandatory_applications(ApplsNoIncls,undefined,
+					     undefined,undefined),
+	    {{ApplsNoIncls,Incls},Ws};
 	Illegal ->
 	    throw({error, {illegal_applications,Illegal}})
     end.
 
-mandatory_applications(Appl) ->
-    AppNames = map(fun(AppT) -> element(1, AppT) end,
-		   Appl),
-    Mand = mandatory_applications(),
-    case filter(fun(X) -> member(X, AppNames) end, Mand) of
-	Mand ->
-	    ok;
-	_ ->
-	    throw({error, {missing_mandatory_app, Mand}})
-    end.
-
-mandatory_applications() ->
-    [kernel, stdlib].
+mandatory_applications([{kernel,_,Type}|Apps],undefined,Stdlib,Sasl) ->
+    mandatory_applications(Apps,Type,Stdlib,Sasl);
+mandatory_applications([{stdlib,_,Type}|Apps],Kernel,undefined,Sasl) ->
+    mandatory_applications(Apps,Kernel,Type,Sasl);
+mandatory_applications([{sasl,_,Type}|Apps],Kernel,Stdlib,undefined) ->
+    mandatory_applications(Apps,Kernel,Stdlib,Type);
+mandatory_applications([_|Apps],Kernel,Stdlib,Sasl) ->
+    mandatory_applications(Apps,Kernel,Stdlib,Sasl);
+mandatory_applications([],Type,_,_) when Type=/=permanent ->
+    error_mandatory_application(kernel,Type);
+mandatory_applications([],_,Type,_) when Type=/=permanent ->
+    error_mandatory_application(sasl,Type);
+mandatory_applications([],_,_,undefined) ->
+    {ok, [{warning,missing_sasl}]};
+mandatory_applications([],_,_,_) ->
+    {ok,[]}.
+
+error_mandatory_application(App,undefined) ->
+    throw({error, {missing_mandatory_app, App}});
+error_mandatory_application(App,Type) ->
+    throw({error, {mandatory_app, App, Type}}).
 
 split_app_incl(Appl) -> split_app_incl(Appl, [], []).
 
@@ -1510,8 +1643,19 @@ add_system_files(Tar, RelName, Release, Path1) ->
     SVsn = Release#release.vsn,
     RelName0 = filename:basename(RelName),
 
+    RelVsnDir = filename:join("releases", SVsn),
+
+    %% OTP-9746: store rel file in releases/<vsn>
+    %% Adding rel file to
+    %% 1) releases directory - so it can be easily extracted
+    %%    separately (see release_handler:unpack_release)
+    %% 2) releases/<vsn> - so the file must not be explicitly moved
+    %%    after unpack.
     add_to_tar(Tar, RelName ++ ".rel",
 	       filename:join("releases", RelName0 ++ ".rel")),
+    add_to_tar(Tar, RelName ++ ".rel",
+	       filename:join(RelVsnDir, RelName0 ++ ".rel")),
+
 
     %% OTP-6226 Look for the system files not only in cwd
     %% --
@@ -1527,26 +1671,27 @@ add_system_files(Tar, RelName, Release, Path1) ->
 		   [RelDir, "."|Path1]
 	   end,
 
-    ToDir = filename:join("releases", SVsn),
     case lookup_file(RelName0 ++ ".boot", Path) of
 	false ->
 	    throw({error, {tar_error,{add, RelName0++".boot",enoent}}});
 	Boot ->
-	    add_to_tar(Tar, Boot, filename:join(ToDir, "start.boot"))
+	    add_to_tar(Tar, Boot, filename:join(RelVsnDir, "start.boot"))
     end,
 
     case lookup_file("relup", Path) of
 	false ->
 	    ignore;
 	Relup ->
-	    add_to_tar(Tar, Relup, filename:join(ToDir, "relup"))
+	    check_relup(Relup),
+	    add_to_tar(Tar, Relup, filename:join(RelVsnDir, "relup"))
     end,
 
     case lookup_file("sys.config", Path) of
 	false ->
 	    ignore;
 	Sys ->
-	    add_to_tar(Tar, Sys, filename:join(ToDir, "sys.config"))
+	    check_sys_config(Sys),
+	    add_to_tar(Tar, Sys, filename:join(RelVsnDir, "sys.config"))
     end,
     
     ok.
@@ -1562,6 +1707,44 @@ lookup_file(Name, [Dir|Path]) ->
 lookup_file(_Name, []) ->
     false.
 
+%% Check that relup can be parsed and has expected format
+check_relup(File) ->
+    case file:consult(File) of
+	{ok,[{Vsn,UpFrom,DownTo}]} when is_list(Vsn), is_integer(hd(Vsn)),
+					is_list(UpFrom), is_list(DownTo) ->
+	    ok;
+	{ok,_} ->
+	    throw({error,{tar_error,{add,"relup",[invalid_format]}}});
+	Other ->
+	    throw({error,{tar_error,{add,"relup",[Other]}}})
+    end.
+
+%% Check that sys.config can be parsed and has expected format
+check_sys_config(File) ->
+    case file:consult(File) of
+	{ok,[SysConfig]} ->
+	    case lists:all(fun({App,KeyVals}) when is_atom(App),
+						   is_list(KeyVals)->
+				   true;
+			      (OtherConfig) when is_list(OtherConfig),
+						 is_integer(hd(OtherConfig)) ->
+				   true;
+			      (_) ->
+				   false
+			   end,
+			   SysConfig) of
+		true ->
+		    ok;
+		false ->
+		    throw({error,{tar_error,
+				  {add,"sys.config",[invalid_format]}}})
+	    end;
+	{ok,_} ->
+	    throw({error,{tar_error,{add,"sys.config",[invalid_format]}}});
+	Other ->
+	    throw({error,{tar_error,{add,"sys.config",[Other]}}})
+    end.
+
 %%______________________________________________________________________
 %% Add either a application located under a variable dir or all other
 %% applications to a tar file.
@@ -1850,90 +2033,67 @@ get_flag(_,_)         -> false.
 
 %% Check Options for make_script
 check_args_script(Args) ->
-    cas(Args,
-	{undef, undef, undef, undef, undef, undef, undef, undef,
-	 undef, []}).
+    cas(Args, []).
 
-cas([], {_Path,_Sil,_Loc,_Test,_Var,_Mach,_Xref,_XrefApps,_Werror, X}) ->
+cas([], X) ->
     X;
 %%% path ---------------------------------------------------------------
-cas([{path, P} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) when is_list(P) ->
+cas([{path, P} | Args], X) when is_list(P) ->
     case check_path(P) of
 	ok ->
-	    cas(Args, {P, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X++[{path,P}]})
+	    cas(Args, X++[{path,P}])
     end;
 %%% silent -------------------------------------------------------------
-cas([silent | Args], {Path, _Sil, Loc, Test, Var, Mach, Xref,
-		      XrefApps, Werror, X}) ->
-    cas(Args, {Path, silent, Loc, Test, Var, Mach, Xref, XrefApps,
-	       Werror, X});
+cas([silent | Args], X) ->
+    cas(Args, X);
 %%% local --------------------------------------------------------------
-cas([local | Args], {Path, Sil, _Loc, Test, Var, Mach, Xref,
-		     XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, local, Test, Var, Mach, Xref, XrefApps,
-	       Werror, X});
+cas([local | Args], X) ->
+    cas(Args, X);
 %%% src_tests -------------------------------------------------------
-cas([src_tests | Args], {Path, Sil, Loc, _Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) ->
-    cas(Args,
-	{Path, Sil, Loc, src_tests, Var, Mach, Xref, Werror, XrefApps,X});
+cas([src_tests | Args], X) ->
+    cas(Args, X);
 %%% variables ----------------------------------------------------------
-cas([{variables, V} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			      XrefApps, Werror, X}) when is_list(V) ->
+cas([{variables, V} | Args], X) when is_list(V) ->
     case check_vars(V) of
 	ok ->
-	    cas(Args,
-		{Path, Sil, Loc, Test, V, Mach, Xref, XrefApps, Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X++[{variables, V}]})
+	    cas(Args, X++[{variables, V}])
     end;
 %%% machine ------------------------------------------------------------
-cas([{machine, M} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			    XrefApps, Werror, X}) when is_atom(M) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([{machine, M} | Args], X) when is_atom(M) ->
+    cas(Args, X);
 %%% exref --------------------------------------------------------------
-cas([exref | Args], {Path, Sil, Loc, Test, Var, Mach, _Xref,
-		     XrefApps, Werror, X})  ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, exref, XrefApps, Werror, X});
+cas([exref | Args], X)  ->
+    cas(Args, X);
 %%% exref Apps ---------------------------------------------------------
-cas([{exref, Apps} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			     XrefApps, Werror, X}) when is_list(Apps) ->
+cas([{exref, Apps} | Args], X) when is_list(Apps) ->
     case check_apps(Apps) of 
 	ok ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, 
-		       Xref, Apps, Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, 
-		       Xref, XrefApps, Werror, X++[{exref, Apps}]})
+	    cas(Args, X++[{exref, Apps}])
     end;
 %%% outdir Dir ---------------------------------------------------------
-cas([{outdir, Dir} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			     XrefApps, Werror, X}) when is_list(Dir) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([{outdir, Dir} | Args], X) when is_list(Dir) ->
+    cas(Args, X);
 %%% otp_build (secret, not documented) ---------------------------------
-cas([otp_build | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([otp_build | Args], X) ->
+    cas(Args, X);
+%%% warnings_as_errors -------------------------------------------------
+cas([warnings_as_errors | Args], X) ->
+    cas(Args, X);
+%%% no_warn_sasl -------------------------------------------------------
+cas([no_warn_sasl | Args], X) ->
+    cas(Args, X);
 %%% no_module_tests (kept for backwards compatibility, but ignored) ----
-cas([no_module_tests | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			       XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
-%%% warnings_as_errors (kept for backwards compatibility, but ignored) ----
-cas([warnings_as_errors | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-				  XrefApps, _Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-	       warnings_as_errors, X});
+cas([no_module_tests | Args], X) ->
+    cas(Args, X);
 %%% ERROR --------------------------------------------------------------
-cas([Y | Args], {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		 Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror,
-	       X++[Y]}).
+cas([Y | Args], X) ->
+    cas(Args, X++[Y]).
 
 
 
@@ -2072,9 +2232,12 @@ format_error({missing_parameter,Par}) ->
 format_error({illegal_applications,Names}) ->
     io_lib:format("Illegal applications in the release file: ~p~n",
 		  [Names]);
-format_error({missing_mandatory_app,Names}) ->
-    io_lib:format("Mandatory applications (~p) must be specified in the release file~n",
-		  [Names]);
+format_error({missing_mandatory_app,Name}) ->
+    io_lib:format("Mandatory application ~p must be specified in the release file~n",
+		  [Name]);
+format_error({mandatory_app,Name,Type}) ->
+    io_lib:format("Mandatory application ~p must be of type 'permanent' in the release file. Is '~p'.~n",
+		  [Name,Type]);
 format_error({duplicate_register,Dups}) ->
     io_lib:format("Duplicated register names: ~n~s",
 		  [map(fun({{Reg,App1,_,_},{Reg,App2,_,_}}) ->
@@ -2198,5 +2361,9 @@ form_warn(Prefix, {exref_undef, Undef}) ->
 			      [Prefix,M,F,A])
 	end,
     map(F, Undef);
+form_warn(Prefix, missing_sasl) ->
+    io_lib:format("~s: Missing application sasl. "
+		  "Can not upgrade with this release~n",
+		  [Prefix]);
 form_warn(Prefix, What) ->
     io_lib:format("~s ~p~n", [Prefix,What]).
diff --git a/lib/sasl/src/systools_rc.erl b/lib/sasl/src/systools_rc.erl
index daadb79967..c16f6aa845 100644
--- a/lib/sasl/src/systools_rc.erl
+++ b/lib/sasl/src/systools_rc.erl
@@ -54,6 +54,7 @@
 %% {sync_nodes, Id, Nodes}
 %% {apply, {M, F, A}}
 %% restart_new_emulator
+%% restart_emulator
 %%-----------------------------------------------------------------
 
 %% High-level instructions that contain dependencies
@@ -144,7 +145,10 @@ translate_merged_script(Mode, Script, Appls, PreAppls) ->
     {Before2, After2} = translate_dependent_instrs(Mode, Before1, After1, 
 						  Appls),
     Before3 = merge_load_object_code(Before2),
-    NewScript = Before3 ++ [point_of_no_return | After2],
+
+    {Before4,After4} = sort_emulator_restart(Mode,Before3,After2),
+    NewScript = Before4 ++ [point_of_no_return | After4],
+
     check_syntax(NewScript),
     {ok, NewScript}.
 
@@ -699,6 +703,39 @@ mlo([{load_object_code, {Lib, LibVsn, Mods}} | T]) ->
 mlo([]) -> [].
 
 %%-----------------------------------------------------------------
+%% RESTART EMULATOR
+%% -----------------------------------------------------------------
+%% -----------------------------------------------------------------
+%% Check if there are any 'restart_new_emulator' instructions (i.e. if
+%% the emulator or core application version is changed). If so, this
+%% must be done first for upgrade and last for downgrade.
+%% Check if there are any 'restart_emulator' instructions, if so
+%% remove all and place one the end.
+%% -----------------------------------------------------------------
+sort_emulator_restart(Mode,Before,After) ->
+    {Before1,After1} =
+	case filter_out(restart_new_emulator, After) of
+	    After ->
+		{Before,After};
+	    A1 when Mode==up ->
+		{[restart_new_emulator|Before],A1};
+	    A1 when Mode==dn ->
+		{Before,A1++[restart_emulator]}
+	end,
+    After2 =
+	case filter_out(restart_emulator, After1) of
+	    After1 ->
+		After1;
+	    A2 ->
+		A2++[restart_emulator]
+	end,
+    {Before1,After2}.
+
+
+filter_out(What,List) ->
+    lists:filter(fun(X) when X=:=What -> false; (_) -> true end, List).
+
+%%-----------------------------------------------------------------
 %% SYNTAX CHECK
 %%-----------------------------------------------------------------
 %%-----------------------------------------------------------------
@@ -817,6 +854,7 @@ check_op({apply, {M, F, A}}) ->
     check_func(F),
     check_args(A);
 check_op(restart_new_emulator) -> ok;
+check_op(restart_emulator) -> ok;
 check_op(X) -> throw({error, {bad_instruction, X}}).
 
 check_mod(Mod) when is_atom(Mod) -> ok;
diff --git a/lib/sasl/src/systools_relup.erl b/lib/sasl/src/systools_relup.erl
index 6d9e922900..7fb623bb85 100644
--- a/lib/sasl/src/systools_relup.erl
+++ b/lib/sasl/src/systools_relup.erl
@@ -112,6 +112,11 @@
 -export([mk_relup/3, mk_relup/4, format_error/1, format_warning/1]).
 -include("systools.hrl").
 
+-define(R15_SASL_VSN,"2.2").
+
+%% For test purposes only - used by kernel, stdlib and sasl tests
+-export([appup_search_for_version/2]).
+
 %%-----------------------------------------------------------------
 %% mk_relup(TopRelFile, BaseUpRelDcs, BaseDnRelDcs)
 %% mk_relup(TopRelFile, BaseUpRelDcs, BaseDnRelDcs, Opts) -> Ret
@@ -200,7 +205,13 @@ do_mk_relup(TopRelFile, BaseUpRelDcs, BaseDnRelDcs, Path, Opts) ->
 	%% TopRel = #release
 	%% NameVsnApps = [{{Name, Vsn}, #application}]
 	{ok, TopRel, NameVsnApps, Ws0} ->
-	    %%
+	    case lists:member({warning,missing_sasl},Ws0) of
+		true ->
+		    throw({error,?MODULE,{missing_sasl,TopRel}});
+		false ->
+		    ok
+	    end,
+
 	    %% TopApps = [#application]
 	    TopApps = lists:map(fun({_, App}) -> App end, NameVsnApps),
 
@@ -247,7 +258,21 @@ foreach_baserel_up(TopRel, TopApps, [BaseRelDc|BaseRelDcs], Path, Opts,
 	       Ws, Acc) ->
     BaseRelFile = extract_filename(BaseRelDc),
 
-    {ok, BaseRel} = systools_make:read_release(BaseRelFile, Path),
+    {BaseRel, {BaseNameVsns, BaseApps}, Ws0} =
+	case systools_make:get_release(BaseRelFile, Path) of
+	    {ok, BR, NameVsnApps, Warns} ->
+		case lists:member({warning,missing_sasl},Warns) of
+		    true ->
+			throw({error,?MODULE,{missing_sasl,BR}});
+		    false ->
+			%% NameVsnApps = [{{Name,Vsn},#application}]
+			%% Gives two lists - [{Name,Vsn}] and [#application]
+			{BR,lists:unzip(NameVsnApps),Warns}
+		end;
+	    Other1 ->
+		throw(Other1)
+	end,
+
 
     %%
     %% BaseRel = #release
@@ -257,29 +282,23 @@ foreach_baserel_up(TopRel, TopApps, [BaseRelDc|BaseRelDcs], Path, Opts,
     %% application, one for each added applications, and one for
     %% each removed applications.
     %%
-    {RUs1, Ws1} = collect_appup_scripts(up, TopApps, BaseRel, Ws, []),
+    {RUs1, Ws1} = collect_appup_scripts(up, TopApps, BaseRel, Ws0++Ws, []),
 
     {RUs2, Ws2} = create_add_app_scripts(BaseRel, TopRel, RUs1, Ws1),
 
     {RUs3, Ws3} = create_remove_app_scripts(BaseRel, TopRel, RUs2, Ws2),
 
-    {RUs4, Ws4} = 
-	check_for_emulator_restart(TopRel, BaseRel, RUs3, Ws3, Opts),
-
-    BaseApps =
-	case systools_make:get_release(BaseRelFile, Path) of
-	    {ok, _, NameVsnApps, _Warns} ->
-		lists:map(fun({_,App}) -> App end, NameVsnApps);
-	    Other1 ->
-		throw(Other1)
-	end,
+    {RUs4, Ws4} = check_for_emulator_restart(TopRel, BaseRel, RUs3, Ws3, Opts),
 
     case systools_rc:translate_scripts(up, RUs4, TopApps, BaseApps) of
-	{ok, RUs} ->
+	{ok, RUs5} ->
+
+	    {RUs, Ws5} = fix_r15_sasl_upgrade(RUs5,Ws4,BaseNameVsns),
+
 	    VDR = {BaseRel#release.vsn,
 		   extract_description(BaseRelDc), RUs},
 	    foreach_baserel_up(TopRel, TopApps, BaseRelDcs, Path, 
-			       Opts, Ws4, [VDR| Acc]);
+			       Opts, Ws5, [VDR| Acc]);
 	XXX ->
 	    throw(XXX)
     end;
@@ -294,42 +313,41 @@ foreach_baserel_dn(TopRel, TopApps, [BaseRelDc|BaseRelDcs], Path, Opts,
 	       Ws, Acc) ->
     BaseRelFile = extract_filename(BaseRelDc),
 
-    {ok, BaseRel} = systools_make:read_release(BaseRelFile, Path),
-
-    %% BaseRel = #release
-
-    %% RUs = (release upgrade scripts)
-    %%
-    {RUs1, Ws1} = collect_appup_scripts(dn, TopApps, BaseRel, Ws, []),
-
-    {BaseApps, Ws2} =
+    {BaseRel, BaseApps, Ws0} =
 	case systools_make:get_release(BaseRelFile, Path) of
 	    %%
 	    %% NameVsnApps = [{{Name, Vsn}, #application}]
-	    {ok, _, NameVsnApps, Warns} ->
-		%%
-		%% NApps = [#application]
-		NApps = lists:map(fun({_,App}) -> App end, NameVsnApps),
-		{NApps, Warns ++ Ws1};
+	    {ok, BR, NameVsnApps, Warns} ->
+		case lists:member({warning,missing_sasl},Warns) of
+		    true ->
+			throw({error,?MODULE,{missing_sasl,BR}});
+		    false ->
+			%% NApps = [#application]
+			NApps = lists:map(fun({_,App}) -> App end, NameVsnApps),
+			{BR, NApps, Warns}
+		end;
 	    Other ->
 		throw(Other)
 	end,
 
-    RUs2 = RUs1,
+    %% BaseRel = #release
+
+    %% RUs = (release upgrade scripts)
+    %%
+    {RUs1, Ws1} = collect_appup_scripts(dn, TopApps, BaseRel, Ws0++Ws, []),
 
-    {RUs3, Ws3} = create_add_app_scripts(TopRel, BaseRel, RUs2, Ws2),
+    {RUs2, Ws2} = create_add_app_scripts(TopRel, BaseRel, RUs1, Ws1),
 
-    {RUs4, Ws4} = create_remove_app_scripts(TopRel, BaseRel, RUs3, Ws3),
+    {RUs3, Ws3} = create_remove_app_scripts(TopRel, BaseRel, RUs2, Ws2),
 
-    {RUs5, Ws5} = check_for_emulator_restart(TopRel, BaseRel,
-					     RUs4, Ws4, Opts),
+    {RUs4, Ws4} = check_for_emulator_restart(TopRel, BaseRel, RUs3, Ws3, Opts),
 
-    case systools_rc:translate_scripts(dn, RUs5, BaseApps, TopApps) of
+    case systools_rc:translate_scripts(dn, RUs4, BaseApps, TopApps) of
 	{ok, RUs} ->
 	    VDR = {BaseRel#release.vsn,
 		   extract_description(BaseRelDc), RUs},
 	    foreach_baserel_dn(TopRel, TopApps, BaseRelDcs, Path, 
-			       Opts, Ws5, [VDR| Acc]);
+			       Opts, Ws4, [VDR| Acc]);
 	XXX -> 
 	    throw(XXX)
     end;
@@ -343,14 +361,42 @@ foreach_baserel_dn( _, _, [], _, _, Ws, Acc) ->
 %%
 check_for_emulator_restart(#release{erts_vsn = Vsn1, name = N1}, 
                            #release{erts_vsn = Vsn2, name = N2}, RUs, Ws, 
-                           _Opts) when Vsn1 /= Vsn2 ->
-    {RUs++[[restart_new_emulator]], [{erts_vsn_changed, {N1, N2}} | Ws]};
+                           Opts) when Vsn1 /= Vsn2 ->
+    %% Automatically insert a restart_new_emulator instruction when
+    %% erts version is changed. Also allow extra restart at the end of
+    %% the upgrade if restart_emulator option is given.
+    NewRUs = [[restart_new_emulator]|RUs],
+    NewWs = [{erts_vsn_changed, {{N1,Vsn1}, {N2,Vsn2}}} | Ws],
+    check_for_restart_emulator_opt(NewRUs, NewWs, Opts);
 check_for_emulator_restart(_, _, RUs, Ws, Opts) ->
+    check_for_restart_emulator_opt(RUs, Ws, Opts).
+
+check_for_restart_emulator_opt(RUs, Ws, Opts) ->
     case get_opt(restart_emulator, Opts) of
-	true -> {RUs++[[restart_new_emulator]], Ws};
+	true -> {RUs++[[restart_emulator]], Ws};
 	_ -> {RUs, Ws}
     end.
 
+
+%% Special handling of the upgrade from pre R15 to post R15. In R15,
+%% upgrade of the emulator was improved by moving the restart of the
+%% emulator before the rest of the upgrade instructions. However, it
+%% can only work if the release_handler is already upgraded to a post
+%% R15 version. If not, the upgrade instructions must be backwards
+%% compatible - i.e. restart_new_emulator will be the last
+%% instruction, executed after all code loading, code_change etc.
+fix_r15_sasl_upgrade([restart_new_emulator | RestRUs]=RUs, Ws, BaseApps) ->
+    case lists:keyfind(sasl,1,BaseApps) of
+	{sasl,Vsn} when Vsn < ?R15_SASL_VSN ->
+	    {lists:delete(restart_emulator,RestRUs) ++ [restart_new_emulator],
+	     [pre_R15_emulator_upgrade|Ws]};
+	_ ->
+	    {RUs,Ws}
+    end;
+fix_r15_sasl_upgrade(RUs, Ws, _BaseApps) ->
+    {RUs,Ws}.
+
+
 %% collect_appup_scripts(Mode, TopApps, BaseRel, Ws, RUs) -> {NRUs, NWs}
 %% Mode = up | dn
 %% TopApps = [#application]
@@ -440,13 +486,32 @@ get_script_from_appup(Mode, TopApp, BaseVsn, Ws, RUs) ->
 		  %% XXX Why is this a warning only?
 		  [{bad_vsn, {TopVsn, TopApp#application.vsn}}| Ws]
 	  end,
-    case lists:keysearch(BaseVsn, 1, VsnRUs) of
-	{value, {_, RU}} ->
+    case appup_search_for_version(BaseVsn, VsnRUs) of
+	{ok, RU} ->
 	    {RUs ++ [RU], Ws1};
-	_ ->
+	error ->
 	    throw({error, ?MODULE, {no_relup, FName, TopApp, BaseVsn}})
     end.
 
+appup_search_for_version(BaseVsn, VsnRUs) ->
+    appup_search_for_version(BaseVsn, length(BaseVsn), VsnRUs).
+
+appup_search_for_version(BaseVsn,_,[{BaseVsn,RU}|_]) ->
+    {ok,RU};
+appup_search_for_version(BaseVsn,Size,[{Vsn,RU}|VsnRUs]) when is_binary(Vsn) ->
+    case re:run(BaseVsn,Vsn,[unicode,{capture,first,index}]) of
+	{match,[{0,Size}]} ->
+	    {ok, RU};
+	_ ->
+	    appup_search_for_version(BaseVsn,Size,VsnRUs)
+    end;
+appup_search_for_version(BaseVsn,Size,[_|VsnRUs]) ->
+    appup_search_for_version(BaseVsn,Size,VsnRUs);
+appup_search_for_version(_,_,[]) ->
+    error.
+
+
+
 
 %% Primitives for the "lists of release names" that we upgrade from
 %% and to.
@@ -543,7 +608,9 @@ format_error({no_relup, File, App, Vsn}) ->
 		  "in file ~p~n",
 		  [App#application.name, App#application.vsn, 
 		   App#application.name, Vsn, File]);
-
+format_error({missing_sasl,Release}) ->
+    io_lib:format("No sasl application in release ~p, ~p. Can not be upgraded.",
+		  [Release#release.name, Release#release.vsn]);
 format_error(Error) ->
     io:format("~p~n", [Error]).
 
diff --git a/lib/sasl/test/Makefile b/lib/sasl/test/Makefile
index 65be134462..91a8c42484 100644
--- a/lib/sasl/test/Makefile
+++ b/lib/sasl/test/Makefile
@@ -36,6 +36,8 @@ MODULES= \
 
 ERL_FILES= $(MODULES:%=%.erl)
 
+HRL_FILES= test_lib.hrl
+
 TARGET_FILES= $(MODULES:%=$(EBIN)/%.$(EMULATOR))
 INSTALL_PROGS= $(TARGET_FILES)
 
@@ -84,7 +86,7 @@ release_spec: opt
 
 release_tests_spec: make_emakefile
 	$(INSTALL_DIR) $(RELSYSDIR)
-	$(INSTALL_DATA) $(ERL_FILES) $(RELSYSDIR)
+	$(INSTALL_DATA) $(ERL_FILES) $(HRL_FILES) $(RELSYSDIR)
 	$(INSTALL_DATA) sasl.spec sasl.cover $(EMAKEFILE) $(RELSYSDIR)
 	chmod -R u+w $(RELSYSDIR)
 	@tar cfh - *_SUITE_data | (cd $(RELSYSDIR); tar xf -)
diff --git a/lib/sasl/test/alarm_handler_SUITE.erl b/lib/sasl/test/alarm_handler_SUITE.erl
index a98e8c9c67..a4064ef27a 100644
--- a/lib/sasl/test/alarm_handler_SUITE.erl
+++ b/lib/sasl/test/alarm_handler_SUITE.erl
@@ -18,7 +18,7 @@
 %%
 -module(alarm_handler_SUITE).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 
 %%-----------------------------------------------------------------
 %% We will add an own alarm handler in order to verify that the
@@ -56,34 +56,32 @@ end_per_group(_GroupName, Config) ->
 
 %%-----------------------------------------------------------------
 
-set_alarm(suite) -> [];
 set_alarm(Config) when is_list(Config) ->
-    ?line gen_event:add_handler(alarm_handler, ?MODULE, self()),
+    gen_event:add_handler(alarm_handler, ?MODULE, self()),
     Alarm1 = {alarm1, "this is the alarm"},
     Alarm2 = {"alarm2", this_is_the_alarm},
     Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
-    ?line ok = alarm_handler:set_alarm(Alarm1),
+    ok = alarm_handler:set_alarm(Alarm1),
     reported(set_alarm, Alarm1),
-    ?line ok = alarm_handler:set_alarm(Alarm2),
+    ok = alarm_handler:set_alarm(Alarm2),
     reported(set_alarm, Alarm2),
-    ?line ok = alarm_handler:set_alarm(Alarm3),
+    ok = alarm_handler:set_alarm(Alarm3),
     reported(set_alarm, Alarm3),
 
-    ?line [Alarm3,Alarm2,Alarm1] = alarm_handler:get_alarms(),
+    [Alarm3,Alarm2,Alarm1] = alarm_handler:get_alarms(),
     alarm_handler:clear_alarm(alarm1),
     alarm_handler:clear_alarm("alarm2"),
     alarm_handler:clear_alarm({alarm3}),
-    ?line [] = alarm_handler:get_alarms(),
+    [] = alarm_handler:get_alarms(),
 
     test_server:messages_get(),
-    ?line my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
+    my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
     ok.
 
 %%-----------------------------------------------------------------
 
-clear_alarm(suite) -> [];
 clear_alarm(Config) when is_list(Config) ->
-    ?line gen_event:add_handler(alarm_handler, ?MODULE, self()),
+    gen_event:add_handler(alarm_handler, ?MODULE, self()),
     Alarm1 = {alarm1, "this is the alarm"},
     Alarm2 = {"alarm2", this_is_the_alarm},
     Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
@@ -92,44 +90,42 @@ clear_alarm(Config) when is_list(Config) ->
     alarm_handler:set_alarm(Alarm3),
     test_server:messages_get(),
 
-    ?line ok = alarm_handler:clear_alarm(alarm1),
+    ok = alarm_handler:clear_alarm(alarm1),
     reported(clear_alarm, alarm1),
-    ?line ok = alarm_handler:clear_alarm("alarm2"),
+    ok = alarm_handler:clear_alarm("alarm2"),
     reported(clear_alarm, "alarm2"),
-    ?line ok = alarm_handler:clear_alarm({alarm3}),
+    ok = alarm_handler:clear_alarm({alarm3}),
     reported(clear_alarm, {alarm3}),
-    ?line [] = alarm_handler:get_alarms(),
+    [] = alarm_handler:get_alarms(),
 
-    ?line my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
+    my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
     ok.
 
 %%-----------------------------------------------------------------
 
-swap(suite) -> [];
 swap(Config) when is_list(Config) ->
-    ?line Alarm1 = {alarm1, "this is the alarm"},
-    ?line Alarm2 = {"alarm2", this_is_the_alarm},
-    ?line Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
-    ?line alarm_handler:set_alarm(Alarm1),
-    ?line alarm_handler:set_alarm(Alarm2),
-    ?line alarm_handler:set_alarm(Alarm3),
-
-    ?line foo,
+    Alarm1 = {alarm1, "this is the alarm"},
+    Alarm2 = {"alarm2", this_is_the_alarm},
+    Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
+    alarm_handler:set_alarm(Alarm1),
+    alarm_handler:set_alarm(Alarm2),
+    alarm_handler:set_alarm(Alarm3),
+
     case gen_event:which_handlers(alarm_handler) of
 	[alarm_handler] ->
-	    ?line ok = gen_event:swap_handler(alarm_handler,
-					      {alarm_handler, swap},
-					      {?MODULE, self()}),
-	    ?line [?MODULE] = gen_event:which_handlers(alarm_handler),
+	    ok = gen_event:swap_handler(alarm_handler,
+					{alarm_handler, swap},
+					{?MODULE, self()}),
+	    [?MODULE] = gen_event:which_handlers(alarm_handler),
 	    Alarms = [Alarm3, Alarm2, Alarm1],
 	    reported(swap_alarms, Alarms),
 
 	    %% get_alarms is only valid with the default handler installed.
-	    ?line {error, _} = alarm_handler:get_alarms(),
+	    {error, _} = alarm_handler:get_alarms(),
 
-	    ?line my_yes = gen_event:delete_handler(alarm_handler,
-						    ?MODULE, []),
-	    ?line gen_event:add_handler(alarm_handler, alarm_handler, []),
+	    my_yes = gen_event:delete_handler(alarm_handler,
+					      ?MODULE, []),
+	    gen_event:add_handler(alarm_handler, alarm_handler, []),
 	    ok;
 	_ ->
 	    alarm_handler:clear_alarm(alarm1),
diff --git a/lib/sasl/test/installer.erl b/lib/sasl/test/installer.erl
index f5ceab0dc4..6942ec21ea 100644
--- a/lib/sasl/test/installer.erl
+++ b/lib/sasl/test/installer.erl
@@ -19,20 +19,33 @@
 
 -module(installer).
 
+-include("test_lib.hrl").
+
 %%-compile(export_all).
 -export([install_1/2]).
 -export([install_2/1]).
 -export([install_3/2]).
--export([install_3a/1]).
+-export([install_6a/1]).
 -export([install_4/1]).
 -export([install_5/1]).
 -export([install_5a/1]).
 -export([install_6/1]).
 -export([install_7/1]).
+-export([install_7a/1]).
 -export([install_8/1]).
+-export([install_8a/1]).
 -export([install_9/1]).
 -export([install_10/1]).
 -export([install_11/1]).
+-export([install_12/1]).
+-export([install_13/1]).
+-export([install_14/1]).
+-export([upgrade_restart_1/2]).
+-export([upgrade_restart_1a/1]).
+-export([upgrade_restart_2/1]).
+-export([upgrade_restart_2a/1]).
+-export([upgrade_restart_2b/1]).
+-export([upgrade_restart_3/1]).
 -export([client1_1/4]).
 -export([client2/3]).
 -export([stop/1]).
@@ -46,28 +59,35 @@
 -define(fail(Term), exit({?MODULE, ?LINE, Term})).
 -define(fail_line(Line,Term), exit({?MODULE, Line, Term})).
 
--define(check_release(Vsn,Status,Apps),
-	check_release(TestNode,node(),Vsn,Status,Apps,?LINE)).
--define(check_release_client(Node,Vsn,Status,Apps),
-	check_release(TestNode,Node,Vsn,Status,Apps,?LINE)).
+-define(check_release_states(States),
+	check_release_states(TestNode,node(),States,?LINE)).
+-define(check_release_states_client(Node,States),
+	check_release_states(TestNode,Node,States,?LINE)).
+
+-define(check_release_lib(Vsn,Apps),
+	check_release_lib(TestNode,node(),Vsn,Apps,?LINE)).
+-define(check_release_lib_client(Node,Vsn,Apps),
+	check_release_lib(TestNode,Node,Vsn,Apps,?LINE)).
 
 -define(check_running_app(App,Vsn),
 	check_running_app(TestNode,node(),App,Vsn,?LINE)).
 -define(check_running_app_client(Node,App,Vsn),
 	check_running_app(TestNode,Node,App,Vsn,?LINE)).
 
+-define(check_disallowed_calls,check_disallowed_calls(TestNode,?LINE)).
+
 
 install_1(TestNode,PrivDir) ->
     ?print([TestNode]),
     ?print(["install_1 start"]),
+    ?check_release_states([permanent]),
 
     % Unpack and install P1H
     {ok, "P1H"} = unpack_release(PrivDir,"rel1"),
-    ?print(["unpack_release P1H ok"]),
-    ?check_release("P1H",unpacked,["a-1.0"]),
+    ?check_release_states([permanent,unpacked]),
+    ?check_release_lib("P1H",["a-1.0"]),
     {ok,"P1G",[new_appl]} = release_handler:install_release("P1H"),
-    ?print(["install_release P1H ok"]),
-    ?check_release("P1H",current,["a-1.0"]),
+    ?check_release_states([permanent,current]),
     ?check_running_app(a,"1.0"),
     X = a:a(),
     ?print(["X", X]),
@@ -81,173 +101,351 @@ install_2(TestNode) ->
     ?print(["install_2 start"]),
 
     % Check that P1H is still unpacked, install it and make_permanent
-    ?check_release("P1H",unpacked,["a-1.0"]),
-    ?print(["install_2 P1H unpacked"]),
+    ?check_release_states([permanent,unpacked]),
     {ok,"P1G",[new_appl]} = release_handler:install_release("P1H"),
     ?print(["install_2 install_release ok"]),
-    ?check_release("P1H",current,["a-1.0"]),
+    ?check_release_states([permanent,current]),
+    ?check_running_app(a,"1.0"),
+    ok = release_handler:make_permanent("P1H"),
+    ?print(["install_2 make permanent P1H ok"]),
+    ?check_release_states([old,permanent]),
     ?check_running_app(a,"1.0"),
-    ok = release_handler:make_permanent("P1H").
+    ok.
     % release_handler_SUITE will reboot this node now!
 
 install_3(TestNode,PrivDir) ->
     ?print(["install_3 start"]),
 
     % Check that P1H is permanent
-    ?check_release("P1H",permanent,["a-1.0"]),
+    ?check_release_states([old,permanent]),
+    ?check_running_app(a,"1.0"),
     X = a:a(),
     {key2, val2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
 
     % Unpack and install P1I
     {ok, "P1I"} = unpack_release(PrivDir,"rel2"),
-    ?print(["install_3 unpack_release P1I ok"]),
-    ?check_release("P1I",unpacked,["a-1.1"]),
+    ?check_release_states([old,permanent,unpacked]),
+    ?check_release_lib("P1I",["a-1.1"]),
     {ok,"P1H",[{extra, gott}]} = release_handler:check_install_release("P1I"),
+    ?print(["install_3 check_install_release P1I ok"]),
     {error,_} = release_handler:check_install_release("P1J"),
+    ?print(["install_3 check_install_release P1J fails - ok"]),
     {ok,"P1H",[{extra, gott}]} = release_handler:install_release("P1I"),
-    ?print(["install_3 install_release P1I ok"]),
-    ?check_release("P1I",current,["a-1.1"]),
+    ?check_release_states([old,permanent,current]),
     ?check_running_app(a,"1.1"),
     X2 = a:a(),
     {key2, newval2} = lists:keyfind(key2, 1, X2),
     {key1, val1} = lists:keyfind(key1, 1, X2),
     {ok, bval} = a:b(),
+    ?print(["install_3 env ok"]),
 
-    % Unpack and install P2A
+    % Unpack P2A
     {ok, "P2A"} = unpack_release(PrivDir,"rel3"),
-    ?print(["install_3 unpack_release P2A ok"]),
-    ?check_release("P2A",unpacked,["a-1.1"]),
+    ?check_release_states([old,permanent,current,unpacked]),
+    ?check_release_lib("P2A",["a-1.1"]),
     {ok, "P1I", [new_emu]} = release_handler:check_install_release("P2A"),
     ?print(["install_3 check_install_release P2A ok"]),
-    ok = release_handler:make_permanent("P1I"),
-    ?print(["install_3 make_permanent P1I ok"]),
-    ?check_release("P1I",permanent,["a-1.1"]),
     ok.
+    % release_handler_SUITE will reboot this node now!
+
+install_4(TestNode) ->
+    ?print(["install_4 start"]),
 
-install_3a(TestNode) ->
-    {ok, "P1I", [new_emu]} = release_handler:install_release("P2A"),
+    %% Check that P1H is the one that is used
+    ?check_release_states([old,permanent,unpacked,unpacked]),
+    ?check_running_app(a,"1.0"),
+
+    %% Install P2A
+    {continue_after_restart, "P1H", [new_emu,new_appl]} =
+	release_handler:install_release("P2A"),
     %% Node is rebooted by the release_handler:install_release
     %% (init:reboot) because P2A includes a new erts vsn and the relup
     %% file contains a 'restart_new_emulator' instruction.
-    ?print(["install_3 P2A installed"]),
+    ?print(["install_4 P2A installed"]),
     ok.
 
 
+install_5(TestNode) ->
+    ?print(["install_5 start"]),
 
-install_4(TestNode) ->
-    ?print(["install_4 start"]),
+    %% Check that the upgrade was done via a temporary release due to
+    %% new emulator version.
+    {"SASL-test","__new_emulator__P1H"} = init:script_id(),
+
+    %% Check that P2A is in use.
+    ?check_release_states([old,permanent,unpacked,current]),
+    ?check_running_app(a,"1.1"),
+    X = a:a(),
+    {key2, newval2} = lists:keyfind(key2, 1, X),
+    {key1, val1} = lists:keyfind(key1, 1, X),
+    {ok, bval} = a:b(),
+    ?print(["install_5 check env ok"]),
+    ok.
+
+install_5a(TestNode) ->
+    ?print(["install_5a start"]),
+
+    %% Install P1I (this will be a downgrade)
+    {ok, "P1I", [old_emu]} = release_handler:install_release("P1I"),
+    %% Node is rebooted by the release_handler:install_release
+    %% (init:reboot) because P2A includes a new erts vsn and the relup
+    %% file contains a 'restart_new_emulator' instruction.
+    ?print(["install_5a P1I installed"]),
+    ok.
+
+install_6(TestNode) ->
+    ?print(["install_6 start"]),
+
+    %% Check that P1I is used
+    ?check_release_states([old,permanent,current,old]),
+    ?check_running_app(a,"1.1"),
+
+    %% Make P1I permanent
+    ok = release_handler:make_permanent("P1I"),
+    ?check_release_states([old,old,permanent,old]),
+    ?check_running_app(a,"1.1"),
+    ok.
+
+install_6a(TestNode) ->
+    %% Install P2A
+    {continue_after_restart, "P1I", [new_emu]} =
+	release_handler:install_release("P2A"),
+    %% Node is rebooted by the release_handler:install_release
+    %% (init:reboot) because P2A includes a new erts vsn and the relup
+    %% file contains a 'restart_new_emulator' instruction.
+    ?print(["install_6a P2A installed"]),
+    ok.
+
+install_7(TestNode) ->
+    ?print(["install_7 start"]),
+
+    %% Check that the upgrade was done via a temporary release due to
+    %% new emulator version.
+    {"SASL-test","__new_emulator__P1I"} = init:script_id(),
 
     % Check that P2A is in use.
-    ?check_release("P2A",current,["a-1.1"]),
+    ?check_release_states([old,old,permanent,current]),
     ?check_running_app(a,"1.1"),
     X = a:a(),
     {key2, newval2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
     {ok, bval} = a:b(),
+    ?print(["install_7 check env ok"]),
     ok.
-    % release_handler_SUITE will reboot this node now!
 
-install_5(TestNode) ->
-    ?print(["install_5 start"]),
+install_7a(TestNode) ->
+    %% Install P1H (this will be a downgrade)
+    {ok, "P1H", [old_emu,old_appl]} = release_handler:install_release("P1H"),
+    %% Node is rebooted by the release_handler:install_release
+    %% (init:reboot) because P2A includes a new erts vsn and the relup
+    %% file contains a 'restart_new_emulator' instruction.
+    ?print(["install_7a P1H installed"]),
+    ok.
 
-    % Check that P1I is used
-    {ok, "P1I", [new_emu]} = release_handler:check_install_release("P2A"),
+install_8(TestNode) ->
+    ?print(["install_8 start"]),
+
+    %% Check that P1H is used
+    ?check_release_states([old,current,permanent,old]),
+    ?check_running_app(a,"1.0"),
+    {ok,"P1H",[new_emu,new_appl]} = release_handler:check_install_release("P2A"),
+    ?print(["install_8 check_install_release P2A ok"]),
+
+    %% Install P1I and check that it is permanent
+    {ok,"P1H",[{extra, gott}]} = release_handler:install_release("P1I"),
+    ?check_release_states([old,old,permanent,old]),
+    ?check_running_app(a,"1.1"),
     ok.
 
-install_5a(TestNode) ->
+install_8a(TestNode) ->
     % Install P2A again
-    {ok, "P1I", [new_emu]} = release_handler:install_release("P2A"),
+    {continue_after_restart, "P1I", [new_emu]} =
+	release_handler:install_release("P2A"),
     %% Node is rebooted by the release_handler:install_release
     %% (init:reboot) because P2A includes a new erts vsn and the relup
     %% file contains a 'restart_new_emulator' instruction.
-    ?print(["install_5 P2A installed"]),
+    ?print(["install_8a P2A installed"]),
     ok.
 
-install_6(TestNode) ->
-    ?print(["install_6 start"]),
+install_9(TestNode) ->
+    ?print(["install_9 start"]),
+
+    %% Check that the upgrade was done via a temporary release due to
+    %% new emulator version.
+    {"SASL-test","__new_emulator__P1I"} = init:script_id(),
 
     % Check that P2A is used
-    ?check_release("P2A",current,["a-1.1"]),
+    ?check_release_states([old,old,permanent,current]),
     ?check_running_app(a,"1.1"),
     X = a:a(),
     {key2, newval2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
     {ok, bval} = a:b(),
-    ok = release_handler:make_permanent("P2A").
+    ?print(["install_9 check env ok"]),
+    ok = release_handler:make_permanent("P2A"),
+    ?check_release_states([old,old,old,permanent]),
+    ?check_running_app(a,"1.1"),
+    ok.
     % release_handler_SUITE will reboot this node now!
 
 
-install_7(TestNode) ->
-    ?print(["install_7 start"]),
+install_10(TestNode) ->
+    ?print(["install_10 start"]),
 
     % Check that P2A is used
-    ?check_release("P2A",permanent,["a-1.1"]),
+    ?check_release_states([old,old,old,permanent]),
+    ?check_running_app(a,"1.1"),
 
     % Install old P1H
     ok = release_handler:reboot_old_release("P1H"),
+    ?print(["install_10 reboot_old ok"]),
     ok.
 
-install_8(TestNode) ->
-    ?print(["install_8 start"]),
+
+install_11(TestNode) ->
+    ?print(["install_11 start"]),
 
     % Check that P1H is permanent
-    ?check_release("P1H",permanent,["a-1.0"]),
+    ?check_release_states([old,permanent,old,old]),
+    ?check_running_app(a,"1.0"),
     X = a:a(),
     {key2, val2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
+    ?print(["install_11 check env ok"]),
 
     %% Remove P1I and P2A and check that a-1.1 and erts-<latest> are removed
     ok = release_handler:remove_release("P2A"),
+    ?check_release_states([old,permanent,old]),
     ok = release_handler:remove_release("P1I"),
+    ?check_release_states([old,permanent]),
     {ok, Libs} = file:list_dir(code:lib_dir()),
     {_,_,StdlibVsn} = lists:keyfind(stdlib,1,application:which_applications()),
     true = lists:member("stdlib-"++StdlibVsn, Libs),
     true = lists:member("a-1.0", Libs),
     false = lists:member("a-1.1", Libs),
     {ok, Dirs} = file:list_dir(code:root_dir()),
-    ["erts-4.4"] = lists:filter(fun(Dir) -> lists:prefix("erts-",Dir) end, Dirs),
+    ErtsDir = "erts-"++?ertsvsn,
+    [ErtsDir] = lists:filter(fun(Dir) -> lists:prefix("erts-",Dir) end, Dirs),
+    ?print(["install_11 file checks ok"]),
     ok.
     % release_handler_SUITE will reboot this node now!
 
-install_9(TestNode) ->
-    ?print(["install_9 start"]),
+install_12(TestNode) ->
+    ?print(["install_12 start"]),
 
     % Check that P1H is permanent
-    ?check_release("P1H",permanent,["a-1.0"]),
+    ?check_release_states([old,permanent]),
+    ?check_running_app(a,"1.0"),
     X = a:a(),
     {key2, val2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
+    ?print(["install_12 check env ok"]),
 
     % Install old P1G
     ok = release_handler:reboot_old_release("P1G"),
+    ?print(["install_12 reboot_old ok"]),
     ok.
 
-install_10(TestNode) ->
-    ?print(["install_10 start"]),
+install_13(TestNode) ->
+    ?print(["install_13 start"]),
 
     % Check that P1G is permanent
-    ?check_release("P1G",permanent,[]),
-    ?check_release("P1H",old,["a-1.0"]),
+    ?check_release_states([permanent,old]),
+    false = lists:keysearch(a,1,application:loaded_applications()),
+    ?print(["install_13 no a application found - ok"]),
 
     %% Remove P1H and check that both versions of application a is removed
     ok = release_handler:remove_release("P1H"),
+    ?check_release_states([permanent]),
     {ok, Libs} = file:list_dir(code:lib_dir()),
     {_,_,StdlibVsn} = lists:keyfind(stdlib,1,application:which_applications()),
     true = lists:member("stdlib-"++StdlibVsn, Libs),
     false = lists:member("a-1.0", Libs),
     false = lists:member("a-1.1", Libs),
+    ?print(["install_13 file checks ok"]),
     ok.
     % release_handler_SUITE will reboot this node now!
 
-install_11(TestNode) ->
-    ?print(["install_11 start"]),
+install_14(TestNode) ->
+    ?print(["install_14 start"]),
 
     % Check that P1G is permanent
-    ?check_release("P1G",permanent,[]),
+    ?check_release_states([permanent]),
+    false = lists:keysearch(a,1,application:loaded_applications()),
+    ?print(["install_13 no a application found - ok"]),
     ok.
 
 
+%%%-----------------------------------------------------------------
+%%% Ths test checks that an upgrade which both upgrades to a new
+%%% emulator version, and had a restart_emulator option to
+%%% systools:make_relup will be restarted twice on upgrade.
+%%% (On downgrade it will happen only once.)
+upgrade_restart_1(TestNode,PrivDir) ->
+    ?print([TestNode]),
+    ?print(["upgrade_restart_1 start"]),
+    ?check_release_states([permanent]),
+
+    {ok, "P2B"} = unpack_release(PrivDir,"rel4"),
+    ?check_release_states([permanent,unpacked]),
+    ?check_release_lib("P2B",["a-1.1"]),
+    ok.
+
+upgrade_restart_1a(TestNode) ->
+    ?print(["upgrade_restart_1a start"]),
+
+    {continue_after_restart,"P1G",[new_emu,add_appl]} =
+	release_handler:install_release("P2B"),
+    ?print(["upgrade_restart_1a P2B installed"]),
+    ok.
+
+upgrade_restart_2(TestNode) ->
+    ?print(["upgrade_restart_2 start"]),
+
+    %% Check that the node has been restarted once more after the tmp release
+    case init:script_id() of
+	{"SASL-test","P2B"} ->
+	    upgrade_restart_2a(TestNode);
+	{"SASL-test","__new_emulator__P1G"} ->
+	    %% catched the node too early - give it another try
+	    {wait,whereis(init)}
+    end.
+
+upgrade_restart_2a(TestNode) ->
+    ?print(["upgrade_restart_2a start"]),
+
+    %% This time we must be there, else something is definitely wrong
+    {"SASL-test","P2B"} = init:script_id(),
+
+    ?check_release_states([permanent,current]),
+    ?check_running_app(a,"1.1"),
+
+    ok = release_handler:make_permanent("P2B"),
+    ?check_release_states([old,permanent]),
+
+    ok.
+
+upgrade_restart_2b(TestNode) ->
+    ?print(["upgrade_restart_2b start"]),
+
+    {ok,"P1G",[old_emu,rm_appl]} = release_handler:install_release("P1G"),
+    ?print(["upgrade_restart_2b P1G installed"]),
+    ok.
+
+upgrade_restart_3(TestNode) ->
+    ?print(["upgrade_restart_3 start"]),
+
+    %% Ideally we should test that the node has only been restarted
+    %% once... but that's not so easy. Let's just check that P1G is running.
+    ?check_release_states([current,permanent]),
+    false = lists:keysearch(a,1,application:loaded_applications()),
+    ?print(["upgrade_restart_3 no a application found - ok"]),
+
+    ok.
+
+
+
 
 %%-----------------------------------------------------------------
 %% This test starts a client node which uses this node as master
@@ -272,6 +470,8 @@ client1_1(TestNode,PrivDir,MasterDir,ClientSname) ->
     Node = start_client(TestNode,client1,ClientSname),
     trace_disallowed_calls(Node),
 
+    ?check_release_states_client(Node,[permanent]),
+
     %% Check env var for SASL on client node
     SaslEnv = rpc:call(Node, application, get_all_env, [sasl]),
     ?print([{client1_1,sasl_env},SaslEnv]),
@@ -300,13 +500,14 @@ client1_1(TestNode,PrivDir,MasterDir,ClientSname) ->
     %% as default. But it is given here in order to force hitting the
     %% release_handler:check_path function so it can be checked that
     %% it does not use file:read_file_info on the client node, see
-    %% trace_disallowed_calls/1 and check_disallowed_calls/0 below.
+    %% trace_disallowed_calls/1 and check_disallowed_calls/2 below.
     %% (OTP-9142)
     {ok, "P1H"} = rpc:call(Node, release_handler, set_unpacked,
 			   [filename:join(P1HDir, "rel1.rel"),
 			    [{a,"1.0",filename:join(MasterDir,lib)}]]),
     
-    ?check_release_client(Node,"P1H",unpacked,["a-1.0"]),
+    ?check_release_states_client(Node,[permanent,unpacked]),
+    ?check_release_lib_client(Node,"P1H",["a-1.0"]),
     
     ok = rpc:call(Node, release_handler, install_file,
 		  ["P1H", filename:join(P1HDir, "start.boot")]),
@@ -323,13 +524,16 @@ client1_1(TestNode,PrivDir,MasterDir,ClientSname) ->
     {ok,"P1G",[new_appl]} = 
 	rpc:call(Node, release_handler, install_release, ["P1H"]),
 
+    ?check_release_states_client(Node,[permanent,current]),
+    ?check_running_app_client(Node,a,"1.0"),
+
     Apps = rpc:call(Node, application, which_applications, []),
     {a,"A  CXC 138 11","1.0"} = lists:keyfind(a, 1, Apps),
     X = rpc:call(Node, a, a, []),
     {key2, val2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
 
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
@@ -339,17 +543,17 @@ client1_2(TestNode,PrivDir,Node) ->
     ?print(["client1_2 start"]),
 
     %% Check that P1H is still unpacked, install it and make_permanent
-    ?check_release_client(Node,"P1H",unpacked,["a-1.0"]),
+    ?check_release_states_client(Node,[permanent,unpacked]),
 
     {ok,"P1G",[new_appl]} = 
 	rpc:call(Node, release_handler, install_release, ["P1H"]),
-    ?check_release_client(Node,"P1H",current,["a-1.0"]),
+    ?check_release_states_client(Node,[permanent,current]),
     ?check_running_app_client(Node,a,"1.0"),
 
     ok = rpc:call(Node, release_handler, make_permanent, ["P1H"]),
-    ?check_release_client(Node,"P1H",permanent,["a-1.0"]),
+    ?check_release_states_client(Node,[old,permanent]),
 
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
@@ -359,10 +563,8 @@ client1_3(TestNode,PrivDir,Node) ->
     ?print(["client1_3 start"]),
 
     %% Check that P1H is permanent
-    ?check_release_client(Node,"P1H",permanent,["a-1.0"]),
-    X = rpc:call(Node, a, a, []),
-    {key2, val2} = lists:keyfind(key2, 1, X),
-    {key1, val1} = lists:keyfind(key1, 1, X),
+    ?check_release_states_client(Node,[old,permanent]),
+    ?check_running_app_client(Node,a,"1.0"),
 
     %% Unpack P1I on master
     {ok, "P1I"} = unpack_release(PrivDir,"rel2"),
@@ -374,7 +576,8 @@ client1_3(TestNode,PrivDir,Node) ->
     {ok, "P1I"} = rpc:call(Node, release_handler, set_unpacked,
 			   [filename:join(P1IDir, "rel2.rel"),[]]),
 
-    ?check_release_client(Node,"P1I",unpacked,["a-1.1"]),
+    ?check_release_states_client(Node,[old,permanent,unpacked]),
+    ?check_release_lib_client(Node,"P1I",["a-1.1"]),
 
     ok = rpc:call(Node, release_handler, install_file,
                   ["P1I", filename:join(P1IDir, "start.boot")]),
@@ -389,6 +592,7 @@ client1_3(TestNode,PrivDir,Node) ->
     {ok,"P1H",[{extra, gott}]} =
         rpc:call(Node, release_handler, install_release, ["P1I"]),
 
+    ?check_release_states_client(Node,[old,permanent,current]),
     ?check_running_app_client(Node,a,"1.1"),
     X2 = rpc:call(Node, a, a, []),
     {key2, newval2} = lists:keyfind(key2, 1, X2),
@@ -404,6 +608,9 @@ client1_3(TestNode,PrivDir,Node) ->
         rpc:call(Node, release_handler, set_unpacked,
                  [filename:join(P2ADir, "rel3.rel"),[]]),
 
+    ?check_release_states_client(Node,[old,permanent,current,unpacked]),
+    ?check_release_lib_client(Node,"P2A",["a-1.1"]),
+
     ok = rpc:call(Node, release_handler, install_file,
                   ["P2A", filename:join(P2ADir, "start.boot")]),
     ok = rpc:call(Node, release_handler, install_file,
@@ -413,66 +620,136 @@ client1_3(TestNode,PrivDir,Node) ->
 
     {ok, "P1I", [new_emu]} = 
 	rpc:call(Node, release_handler, check_install_release, ["P2A"]),
+
+    %% Reboot from P1H
+    ?check_disallowed_calls,
+    reboot(TestNode,Node),
+    trace_disallowed_calls(Node),
+
+    client1_4(TestNode,Node).
+
+client1_4(TestNode,Node) ->
+    ?print(["client1_4 start"]),
+
+    %% check that P1H is used
+    ?check_release_states_client(Node,[old,permanent,unpacked,unpacked]),
+
+    %% since the install_release below reboot the node...
+    ?check_disallowed_calls,
+    cover_client(TestNode,Node,stop_cover),
+
+    {continue_after_restart, "P1H", [new_emu,new_appl]} =
+	rpc:call(Node, release_handler, install_release, ["P2A"]),
+    %% Reboots the client !
+
+    check_reboot(TestNode,Node),
+    trace_disallowed_calls(Node),
+
+    client1_5(TestNode,Node).
+
+client1_5(TestNode,Node) ->
+    ?print(["client1_5 start"]),
+
+    %% Check that P2A is in use.
+    ?check_release_states_client(Node,[old,permanent,unpacked,current]),
+    ?check_running_app_client(Node,a,"1.1"),
+    X = rpc:call(Node, a, a, []),
+    {key2, newval2} = lists:keyfind(key2, 1, X),
+    {key1, val1} = lists:keyfind(key1, 1, X),
+    {ok, bval} = rpc:call(Node, a, b, []),
+
+    %% since the install_release below reboot the node...
+    ?check_disallowed_calls,
+    cover_client(TestNode,Node,stop_cover),
+
+    {ok,"P1I",[old_emu]} =
+        rpc:call(Node, release_handler, install_release, ["P1I"]),
+
+    check_reboot(TestNode,Node),
+    trace_disallowed_calls(Node),
+
+    client1_6(TestNode,Node).
+
+client1_6(TestNode,Node) ->
+    ?print(["client1_6 start"]),
+
+    ?check_release_states_client(Node,[old,permanent,current,old]),
+    ?check_running_app_client(Node,a,"1.1"),
+
     ok = rpc:call(Node, release_handler, make_permanent, ["P1I"]),
-    ?check_release_client(Node,"P1I",permanent,["a-1.1"]),
+    ?check_release_states_client(Node,[old,old,permanent,old]),
 
     %% since the install_release below reboot the node...
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     cover_client(TestNode,Node,stop_cover), 
 
-    {ok, "P1I", [new_emu]} = 
+    {continue_after_restart, "P1I", [new_emu]} =
 	rpc:call(Node, release_handler, install_release, ["P2A"]),
     %% Reboots the client !
 
     check_reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
-    client1_4(TestNode,Node).
+    client1_7(TestNode,Node).
 
-client1_4(TestNode,Node) ->
-    ?print(["client1_4 start"]),
+client1_7(TestNode,Node) ->
+    ?print(["client1_7 start"]),
 
     %% Check that P2A is in use.
-    ?check_release_client(Node,"P2A",current,["a-1.1"]),
+    ?check_release_states_client(Node,[old,old,permanent,current]),
     ?check_running_app_client(Node,a,"1.1"),
     X = rpc:call(Node, a, a, []),
     {key2, newval2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
     {ok, bval} = rpc:call(Node, a, b, []),
 
-    %% Reboot from P1I
-    check_disallowed_calls(),
-    reboot(TestNode,Node),
+    %% since the install_release below reboot the node...
+    ?check_disallowed_calls,
+    cover_client(TestNode,Node,stop_cover),
+
+    {ok,"P1H",[old_emu,old_appl]} =
+        rpc:call(Node, release_handler, install_release, ["P1H"]),
+
+    check_reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
-    client1_5(TestNode,Node).
+    client1_8(TestNode,Node).
 
-client1_5(TestNode,Node) ->
-    ?print(["client1_5 start"]),
+client1_8(TestNode,Node) ->
+    ?print(["client1_8 start"]),
 
-    %% Check that P1I is used
-    {ok, "P1I", [new_emu]} = 
+    %% Check that P1H is used
+    ?check_release_states_client(Node,[old,current,permanent,old]),
+    ?check_running_app_client(Node,a,"1.0"),
+    {ok, "P1H", [new_emu,new_appl]} =
 	rpc:call(Node, release_handler, check_install_release, ["P2A"]),
 
+
+    {ok,"P1H",[{extra, gott}]} =
+        rpc:call(Node, release_handler, install_release, ["P1I"]),
+    ?check_release_states_client(Node,[old,old,permanent,old]),
+    ?check_running_app_client(Node,a,"1.1"),
+
+
     %% since the install_release below will reboot the node...
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     cover_client(TestNode,Node,stop_cover),
 
     %% Install P2A again
-    {ok, "P1I", [new_emu]} = 
+    {continue_after_restart, "P1I", [new_emu]} =
 	rpc:call(Node, release_handler, install_release, ["P2A"]),
 
     %% We are rebooted again.
     check_reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
-    client1_6(TestNode,Node).
+    client1_9(TestNode,Node).
 
-client1_6(TestNode,Node) ->
-    ?print(["client1_6 start"]),
+client1_9(TestNode,Node) ->
+    ?print(["client1_9 start"]),
 
     %% Check that P2A is used
-    ?check_release_client(Node,"P2A",current,["a-1.1"]),
+    ?check_release_states_client(Node,[old,old,permanent,current]),
     ?check_running_app_client(Node,a,"1.1"),
     X = rpc:call(Node, a, a, []),
     {key2, newval2} = lists:keyfind(key2, 1, X),
@@ -481,22 +758,23 @@ client1_6(TestNode,Node) ->
 
     %% Make P2A permanent
     ok = rpc:call(Node, release_handler, make_permanent, ["P2A"]),
+    ?check_release_states_client(Node,[old,old,old,permanent]),
 
     %% Reboot from P2A
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
-    client1_7(TestNode,Node).
+    client1_10(TestNode,Node).
 
-client1_7(TestNode,Node) ->
-    ?print(["client1_7 start"]),
+client1_10(TestNode,Node) ->
+    ?print(["client1_10 start"]),
 
     %% Check that P2A is used
-    ?check_release_client(Node,"P2A",permanent,["a-1.1"]),
+    ?check_release_states_client(Node,[old,old,old,permanent]),
 
     %% since the reboot_old_release below will reboot the node
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     cover_client(TestNode,Node,stop_cover),
 
     %% Install old P1H
@@ -505,41 +783,45 @@ client1_7(TestNode,Node) ->
     check_reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
-    client1_8(TestNode,Node).
+    client1_11(TestNode,Node).
 
-client1_8(TestNode,Node) ->
-    ?print(["client1_8 start"]),
+client1_11(TestNode,Node) ->
+    ?print(["client1_11 start"]),
 
     %% Check that P1H is permanent
-    ?check_release_client(Node,"P1H",permanent,["a-1.0"]),
+    ?check_release_states_client(Node,[old,permanent,old,old]),
+    ?check_running_app_client(Node,a,"1.0"),
     X = rpc:call(Node, a, a, []),
     {key2, val2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
 
-    %% Remove P1I and P2I from client
+    %% Remove P1I and P2A from client
     ok = rpc:call(Node, release_handler, set_removed, ["P2A"]),
+    ?check_release_states_client(Node,[old,permanent,old]),
     ok = rpc:call(Node, release_handler, set_removed, ["P1I"]),
+    ?check_release_states_client(Node,[old,permanent]),
 
-    check_disallowed_calls(),
-    reboot(TestNode,Node),
-    trace_disallowed_calls(Node),
-
-    client1_9(TestNode,Node).
-
-client1_9(TestNode,Node) ->
-    ?print(["client1_9 start"]),
-
-    %% Check that P2A and P1I does not exists and that PiH is permanent.
+    %% Check that P2A and P1I does not exists
     Rels = rpc:call(Node, release_handler, which_releases, []),
     false = lists:keysearch("P2A", 2, Rels),
     false = lists:keysearch("P1I", 2, Rels),
-    ?check_release_client(Node,"P1H",permanent,["a-1.0"]),
     X = rpc:call(Node, a, a, []),
     {key2, val2} = lists:keyfind(key2, 1, X),
     {key1, val1} = lists:keyfind(key1, 1, X),
 
+    ?check_disallowed_calls,
+    reboot(TestNode,Node),
+    trace_disallowed_calls(Node),
+
+    client1_12(TestNode,Node).
+
+client1_12(TestNode,Node) ->
+    ?print(["client1_12 start"]),
+
+    ?check_release_states_client(Node,[old,permanent]),
+
     %% since the reboot_old_release below will reboot the node
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     cover_client(TestNode,Node,stop_cover),
 
     %% Install old P1G
@@ -548,33 +830,34 @@ client1_9(TestNode,Node) ->
     check_reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
-    client1_10(TestNode,Node).
+    client1_13(TestNode,Node).
 
-client1_10(TestNode,Node) ->
-    ?print(["client1_10 start"]),
+client1_13(TestNode,Node) ->
+    ?print(["client1_13 start"]),
 
     %% Check that P1G is permanent
-    ?check_release_client(Node,"P1G",permanent,[]),
-    ?check_release_client(Node,"P1H",old,["a-1.0"]),
+    ?check_release_states_client(Node,[permanent,old]),
     {error,client_node} = rpc:call(Node,release_handler,remove_release,["P1H"]),
     ok = rpc:call(Node, release_handler, set_removed, ["P1H"]),
+    ?check_release_states_client(Node,[permanent]),
 
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     reboot(TestNode,Node),
     trace_disallowed_calls(Node),
 
-    client1_11(TestNode,Node).
+    client1_14(TestNode,Node).
 
-client1_11(TestNode,Node) ->
-    ?print(["client1_11 start"]),
+client1_14(TestNode,Node) ->
+    ?print(["client1_14 start"]),
 
     %% Check that P1G is permanent
-    ?check_release_client(Node,"P1G",permanent,[]),
+    ?check_release_states_client(Node,[permanent]),
 
-    check_disallowed_calls(),
+    ?check_disallowed_calls,
     stop_client(TestNode,Node),  %% TEST IS OK !!
     net_kernel:monitor_nodes(false),
 
+    %% Remove releases from master
     ok = release_handler:remove_release("P2A"),
     ok = release_handler:remove_release("P1I"),
     ok = release_handler:remove_release("P1H"),
@@ -595,9 +878,10 @@ trace_disallowed_calls(Node) ->
     rpc:call(Node,dbg,p,[all,call]),
     rpc:call(Node,dbg,tp,[file,[{'_',[],[{message,{caller}}]}]]).
 
-check_disallowed_calls() ->
+check_disallowed_calls(TestNode,Line) ->
     receive
 	Trace when element(1,Trace)==trace ->
+	    ?print_line(Line,["Disallowed function called",Trace]),
 	    exit({disallowed_function_call,Trace})
     after 0 ->
 	    ok
@@ -628,7 +912,7 @@ start_client_unix(TestNode,Sname,Node) ->
 start_client_win32(TestNode,Client,ClientSname) ->
     Name = atom_to_list(ClientSname) ++ "_P1G",
     RootDir = code:root_dir(),
-    ErtsBinDir = filename:join(RootDir,"erts-4.4/bin"),
+    ErtsBinDir = filename:join([RootDir,"erts-"++?ertsvsn,"bin"]),
 
     {ClientArgs,RelClientDir} = rh_test_lib:get_client_args(Client,ClientSname,
 							    RootDir),
@@ -729,8 +1013,10 @@ client2(TestNode,PrivDir,ClientSname) ->
 	    ok
     end,
 
+    %% Unpack P1H on master
     {ok, "P1H"} = unpack_release(PrivDir,"rel1"),
 
+    %% Try to set P1H unpacked on client
     Root = code:root_dir(),
     {error,{bad_masters,[Master2]}} =
 	rpc:call(Node, release_handler, set_unpacked,
@@ -755,15 +1041,17 @@ stop(Now) ->
 
 unpack_p1h(TestNode,PrivDir) ->
     {ok, "P1H"} = unpack_release(PrivDir,"rel1"), 
-    ?check_release("P1H",unpacked,["a-1.0"]),
+    ?check_release_states([permanent,unpacked]),
+    ?check_release_lib("P1H",["a-1.0"]),
     ok.
 
 permanent_p1h(TestNode) ->
-    ?check_release("P1H",unpacked,["a-1.0"]),
+    ?check_release_states([permanent,unpacked]),
+    ?check_release_lib("P1H",["a-1.0"]),
     {ok,"P1G",[new_appl]} = release_handler:install_release("P1H"),
-    ?check_release("P1H",current,["a-1.0"]),
+    ?check_release_states([permanent,current]),
     ok = release_handler:make_permanent("P1H"),
-    ?check_release("P1H",permanent,["a-1.0"]),
+    ?check_release_states([old,permanent]),
     ok.
 
 
@@ -779,24 +1067,38 @@ registered_loop(_Name) ->
             exit(killed)
     end.
 
-check_release(TestNode,Node,Vsn,Status,Apps,Line) ->
+%% Checks that the list of states for all releases (sorted on vsn)
+%% equals the input States
+check_release_states(TestNode,Node,States,Line) ->
+    case rpc:call(Node,release_handler,which_releases,[]) of
+	{badrpc,_}=Error ->
+	    ?fail_line(Line,{check_release_states,Node,States,Error});
+	Rels ->
+	    ?print_line(Line,["check_release_states:", Rels]),
+	    States = [Status || {_,_,_,Status} <- lists:keysort(2,Rels)],
+	    ok
+    end.
+
+%% Check that the given release (Vsn) sees the correct vsn of App.
+check_release_lib(TestNode,Node,Vsn,Apps,Line) ->
     case rpc:call(Node,release_handler,which_releases,[]) of
 	{badrpc,_}=Error ->
-	    ?fail_line(Line,{check_release,Node,Vsn,Status,Error});
+	    ?fail_line(Line,{check_release_lib,Node,Vsn,Apps,Error});
 	Rels ->
-	    ?print_line(Line,["check_release:", Rels]),
-	    {"SASL-test", Vsn, Libs, Status} = lists:keyfind(Vsn, 2, Rels),
+	    ?print_line(Line,["check_release_lib:", Rels]),
+	    {"SASL-test", Vsn, Libs, _Status} = lists:keyfind(Vsn, 2, Rels),
 	    true = lists:all(fun(App) -> lists:member(App,Libs) end,Apps),
 	    ok
     end.
 
+%% Check that the given Vsn of App is executed
 check_running_app(TestNode,Node,App,Vsn,Line) ->
     case rpc:call(Node,application,which_applications,[]) of
 	{badrpc,_}=Error ->
 	    ?fail_line(Line,{check_running_app,Node,App,Vsn,Error});
 	Apps ->
 	    ?print_line(Line,["check_running_app:", Apps]),
-	    {App, _, Vsn} = lists:keyfind(a, 1, Apps),
+	    {App, _, Vsn} = lists:keyfind(App, 1, Apps),
 	    ok
     end.
 
diff --git a/lib/sasl/test/overload_SUITE.erl b/lib/sasl/test/overload_SUITE.erl
index 92b1aaed6e..e7f180b2ea 100644
--- a/lib/sasl/test/overload_SUITE.erl
+++ b/lib/sasl/test/overload_SUITE.erl
@@ -18,14 +18,13 @@
 %%
 
 -module(overload_SUITE).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 
 -compile(export_all).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 all() -> [info, set_config_data, set_env_vars, request, timeout].
-all(suite) -> all().
 
 init_per_testcase(_Case,Config) ->
     restart_sasl(),
@@ -38,37 +37,34 @@ end_per_testcase(Case,Config) ->
     ok.
 
 %%%-----------------------------------------------------------------
-info(suite) -> [];
 info(_Config) ->
-    ?line Info = overload:get_overload_info(),
-    ?line [{total_intensity,0.0},
-	   {accept_intensity,0.0},
-	   {max_intensity,0.8},
-	   {weight,0.1},
-	   {total_requests,0},
-	   {accepted_requests,0}] = Info.
+    Info = overload:get_overload_info(),
+    [{total_intensity,0.0},
+     {accept_intensity,0.0},
+     {max_intensity,0.8},
+     {weight,0.1},
+     {total_requests,0},
+     {accepted_requests,0}] = Info.
 
 %%%-----------------------------------------------------------------
-set_config_data(suite) -> [];
 set_config_data(_Config) ->
-    ?line InfoDefault = overload:get_overload_info(),
-    ?line ok = check_info(0.8,0.1,InfoDefault),
-    ?line ok = overload:set_config_data(0.5,0.4),
-    ?line Info1 = overload:get_overload_info(),
-    ?line ok = check_info(0.5,0.4,Info1),
+    InfoDefault = overload:get_overload_info(),
+    ok = check_info(0.8,0.1,InfoDefault),
+    ok = overload:set_config_data(0.5,0.4),
+    Info1 = overload:get_overload_info(),
+    ok = check_info(0.5,0.4,Info1),
     ok.
 
 %%%-----------------------------------------------------------------
-set_env_vars(suite) -> [];
 set_env_vars(_Config) ->
-    ?line InfoDefault = overload:get_overload_info(),
-    ?line ok = check_info(0.8,0.1,InfoDefault),
-    ?line ok = application:set_env(sasl,overload_max_intensity,0.5),
-    ?line ok = application:set_env(sasl,overload_weight,0.4),
-    ?line ok = application:stop(sasl),
-    ?line ok = application:start(sasl),
-    ?line Info1 = overload:get_overload_info(),
-    ?line ok = check_info(0.5,0.4,Info1),
+    InfoDefault = overload:get_overload_info(),
+    ok = check_info(0.8,0.1,InfoDefault),
+    ok = application:set_env(sasl,overload_max_intensity,0.5),
+    ok = application:set_env(sasl,overload_weight,0.4),
+    ok = application:stop(sasl),
+    ok = application:start(sasl),
+    Info1 = overload:get_overload_info(),
+    ok = check_info(0.5,0.4,Info1),
     ok.
 set_env_vars(cleanup,_Config) ->
     application:unset_env(sasl,overload_max_intensity),
@@ -76,63 +72,61 @@ set_env_vars(cleanup,_Config) ->
     ok.
 
 %%%-----------------------------------------------------------------
-request(suite) -> [];
 request(_Config) ->
     %% Find number of request that can be done with default settings
     %% and no delay
-    ?line overload:set_config_data(0.8, 0.1),
-    ?line NDefault = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NDefault: ~p",[NDefault]),
- 
+    overload:set_config_data(0.8, 0.1),
+    NDefault = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NDefault: ~p",[NDefault]),
+
     %% Check that the number of requests increases when max_intensity
     %% increases
-    ?line overload:set_config_data(2, 0.1),
-    ?line NLargeMI = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeMI: ~p",[NLargeMI]),
-    ?line true = NLargeMI > NDefault,
+    overload:set_config_data(2, 0.1),
+    NLargeMI = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NLargeMI: ~p",[NLargeMI]),
+    true = NLargeMI > NDefault,
 
     %% Check that the number of requests decreases when weight
     %% increases
-    ?line overload:set_config_data(0.8, 1),
-    ?line NLargeWeight = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeWeight: ~p",[NLargeWeight]),
-    ?line true = NLargeWeight < NDefault,
+    overload:set_config_data(0.8, 1),
+    NLargeWeight = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NLargeWeight: ~p",[NLargeWeight]),
+    true = NLargeWeight < NDefault,
 
     %% Check that number of requests increases when delay between
     %% requests increases.
     %% (Keeping same config and comparing to large weight in order to
     %% minimize the time needed for this case.)
-    ?line overload:set_config_data(0.8, 1),
-    ?line NLargeTime = do_many_requests(500),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeTime: ~p",[NLargeTime]),
-    ?line true = NLargeTime > NLargeWeight,
+    overload:set_config_data(0.8, 1),
+    NLargeTime = do_many_requests(500),
+    restart_sasl(),
+    ?t:format("NLargeTime: ~p",[NLargeTime]),
+    true = NLargeTime > NLargeWeight,
     ok.
 
 %%%-----------------------------------------------------------------
-timeout(suite) -> [];
 timeout(_Config) ->
-    ?line overload:set_config_data(0.8, 1),
-    ?line _N = do_many_requests(0),
-    
+    overload:set_config_data(0.8, 1),
+    _N = do_many_requests(0),
+
     %% Check that the overload alarm is raised
-    ?line [{overload,_}] = alarm_handler:get_alarms(),
+    [{overload,_}] = alarm_handler:get_alarms(),
 
     %% Fake a clear timeout in overload.erl and check that, since it
     %% came very soon after the overload situation, the alarm is not
     %% cleared
-    ?line overload ! timeout,
-    ?line timer:sleep(1000),
-    ?line [{overload,_}] = alarm_handler:get_alarms(),
+    overload ! timeout,
+    timer:sleep(1000),
+    [{overload,_}] = alarm_handler:get_alarms(),
 
     %% A bit later, try again and check that this time the alarm is
     %% cleared
-    ?line overload ! timeout,
-    ?line timer:sleep(1000),
-    ?line [] = alarm_handler:get_alarms(),
+    overload ! timeout,
+    timer:sleep(1000),
+    [] = alarm_handler:get_alarms(),
 
     ok.
 
@@ -171,5 +165,3 @@ check_info(MI,W,Info) ->
 	{{_,MI},{_,W}} -> ok;
 	_ -> ?t:fail({unexpected_info,MI,W,Info})
     end.
-    
-
diff --git a/lib/sasl/test/rb_SUITE.erl b/lib/sasl/test/rb_SUITE.erl
index b53c382609..35a4eb7e7b 100644
--- a/lib/sasl/test/rb_SUITE.erl
+++ b/lib/sasl/test/rb_SUITE.erl
@@ -18,7 +18,8 @@
 %%
 
 -module(rb_SUITE).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
+
 
 -compile(export_all).
 
@@ -45,19 +46,10 @@ groups() ->
 				     ]}].
 
 
-all(suite) -> 
-    no_group_cases() ++
-	[{conf, 
-	  install_mf_h, 
-	  element(3,lists:keyfind(running_error_logger,1,groups())), 
-	  remove_mf_h}
-	].
-
-
 init_per_suite(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line RbDir = filename:join(PrivDir,rb),
-    ?line ok = file:make_dir(RbDir),
+    PrivDir = ?config(priv_dir,Config),
+    RbDir = filename:join(PrivDir,rb),
+    ok = file:make_dir(RbDir),
     NewConfig = [{rb_dir,RbDir}|Config],
     reset_sasl(NewConfig),
     NewConfig.
@@ -66,10 +58,18 @@ end_per_suite(_Config) ->
     ok.
 
 init_per_group(running_error_logger,Config) ->
-    install_mf_h(Config).
+    %% Install log_mf_h
+    RbDir = ?config(rb_dir,Config),
+    ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
+    ok = application:set_env(sasl,error_logger_mf_maxbytes,5000),
+    ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
+    restart_sasl(),
+    Config.
 
 end_per_group(running_error_logger,Config) ->
-    remove_mf_h(Config).
+    %% Remove log_mf_h???
+    ok.
+
 
 init_per_testcase(_Case,Config) ->
     case whereis(?SUP) of
@@ -92,187 +92,152 @@ end_per_testcase(Case,Config) ->
 
 
 %%%-----------------------------------------------------------------
+%%% Test cases
 
-help() -> help(suite).
-help(suite) -> [];
 help(_Config) ->
-    ?line Help = capture(fun() -> rb:h() end),
-    ?line "Report Browser Tool - usage" = hd(Help),
-    ?line "rb:stop            - stop the rb_server" = lists:last(Help),
+    Help = capture(fun() -> rb:h() end),
+    "Report Browser Tool - usage" = hd(Help),
+    "rb:stop            - stop the rb_server" = lists:last(Help),
     ok.
 
-
-start_error_stop() -> start_error_stop(suite).
-start_error_stop(suite) -> [];
+%% Test that all three sasl env vars must be set for a successful start of rb
+%% Then stop rb.
 start_error_stop(Config) ->
-    ?line RbDir = ?config(rb_dir,Config),
-
-    ?line {error,{"cannot locate report directory",_}} = rb:start(),
-
-
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,"invaliddir"),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxbytes,1000),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
-    ?line restart_sasl(),
-    ?line {error,{"cannot read the index file",_}} = rb:start(),
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
-    ?line restart_sasl(),
-    ?line {ok,_} = rb:start(),
-
-    ?line ok = rb:stop(),
-    ok.
+    RbDir = ?config(rb_dir,Config),
 
+    {error,{"cannot locate report directory",_}} = rb:start(),
 
-%% start_opts(suite) -> [];
-%% start_opts(Config) ->
-%%     PrivDir = ?config(priv_dir,Config),
-%%     RbDir = filename:join(PrivDir,rb_opts),
-%%     ok = file:make_dir(RbDir),
-       
 
-install_mf_h(Config) ->
-    ?line RbDir = ?config(rb_dir,Config),
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxbytes,5000),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
-    ?line restart_sasl(),
-    Config.
+    ok = application:set_env(sasl,error_logger_mf_dir,"invaliddir"),
+    ok = application:set_env(sasl,error_logger_mf_maxbytes,1000),
+    ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
+    restart_sasl(),
+    {error,{"cannot read the index file",_}} = rb:start(),
+    ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
+    restart_sasl(),
+    {ok,_} = rb:start(),
 
-remove_mf_h(_Config) ->
+    ok = rb:stop(),
     ok.
 
-
-
-show() -> show(suite).
-show(suite) -> [];
 show(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
     %% Show all reports
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
     %% Show by number
-    ?line [{_,First}] = check_report(fun() -> rb:show(1) end,OutFile),
-    ?line {1,First} = lists:keyfind(1,1,All),    
+    [{_,First}] = check_report(fun() -> rb:show(1) end,OutFile),
+    {1,First} = lists:keyfind(1,1,All),
 
     %% Show by type
-    ?line [{_,CR}] = check_report(fun() -> rb:show(crash_report) end,OutFile),
-    ?line true = contains(CR,"rb_test_crash"),
-    ?line [{_,EC},{_,EM}] = check_report(fun() -> rb:show(error) end,OutFile),
-    ?line true = contains(EC,"rb_test_crash"),
-    ?line true = contains(EM,"rb_test_error_msg"),
-    ?line [{_,ER}] = check_report(fun() -> rb:show(error_report) end,OutFile),
-    ?line true = contains(ER,"rb_test_error"),
-    ?line [{_,IR}] = check_report(fun() -> rb:show(info_report) end,OutFile),
-    ?line true = contains(IR,"rb_test_info"),
-    ?line [{_,IM}] = check_report(fun() -> rb:show(info_msg) end,OutFile),
-    ?line true = contains(IM,"rb_test_info_msg"),
-    ?line [_|_] = check_report(fun() -> rb:show(progress) end,OutFile),
-    ?line [{_,SR}] = check_report(fun() -> rb:show(supervisor_report) end,
-				   OutFile),
-    ?line true = contains(SR,"child_terminated"),
-    ?line true = contains(SR,"{rb_SUITE,rb_test_crash}"),
+    [{_,CR}] = check_report(fun() -> rb:show(crash_report) end,OutFile),
+    true = contains(CR,"rb_test_crash"),
+    [{_,EC},{_,EM}] = check_report(fun() -> rb:show(error) end,OutFile),
+    true = contains(EC,"rb_test_crash"),
+    true = contains(EM,"rb_test_error_msg"),
+    [{_,ER}] = check_report(fun() -> rb:show(error_report) end,OutFile),
+    true = contains(ER,"rb_test_error"),
+    [{_,IR}] = check_report(fun() -> rb:show(info_report) end,OutFile),
+    true = contains(IR,"rb_test_info"),
+    [{_,IM}] = check_report(fun() -> rb:show(info_msg) end,OutFile),
+    true = contains(IM,"rb_test_info_msg"),
+    [_|_] = check_report(fun() -> rb:show(progress) end,OutFile),
+    [{_,SR}] = check_report(fun() -> rb:show(supervisor_report) end,
+			    OutFile),
+    true = contains(SR,"child_terminated"),
+    true = contains(SR,"{rb_SUITE,rb_test_crash}"),
 
     ok.
 
-list() -> list(suite).
-list(suite) -> [];
 list(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
-
-    ?line All = capture(fun() -> rb:list() end),
-    ?line [{crash_report,[_]=CR},
-	   {error,[_,_]=EM},
-	   {error_report,[_]=ER},
-	   {info_msg,[_]=IM},
-	   {info_report,[_]=IR},
-	   {progress,[_|_]=P},
-	   {supervisor_report,[_]=SR}] = sort_list(All),
-
-    ?line [{crash_report,CR}] = 
+    ok = start_rb(OutFile),
+
+    All = capture(fun() -> rb:list() end),
+    [{crash_report,[_]=CR},
+     {error,[_,_]=EM},
+     {error_report,[_]=ER},
+     {info_msg,[_]=IM},
+     {info_report,[_]=IR},
+     {progress,[_|_]=P},
+     {supervisor_report,[_]=SR}] = sort_list(All),
+
+    [{crash_report,CR}] =
 	sort_list(capture(fun() -> rb:list(crash_report) end)),
-    ?line [{error,EM}] = 
+    [{error,EM}] =
 	sort_list(capture(fun() -> rb:list(error) end)),
-    ?line [{error_report,ER}] = 
+    [{error_report,ER}] =
 	sort_list(capture(fun() -> rb:list(error_report) end)),
-    ?line [{info_msg,IM}] = 
+    [{info_msg,IM}] =
 	sort_list(capture(fun() -> rb:list(info_msg) end)),
-    ?line [{info_report,IR}] = 
+    [{info_report,IR}] =
 	sort_list(capture(fun() -> rb:list(info_report) end)),
-    ?line [{progress,P}] = 
+    [{progress,P}] =
 	sort_list(capture(fun() -> rb:list(progress) end)),
-    ?line [{supervisor_report,SR}] = 
+    [{supervisor_report,SR}] =
 	sort_list(capture(fun() -> rb:list(supervisor_report) end)),
-    
-    ok.
 
+    ok.
 
-grep() -> grep(suite).
-grep(suite) -> [];
 grep(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
-
-    ?line [{_,S},
-	   {_,CR},
-	   {_,EC},
-	   {_,IM},
-	   {_,IR},
-	   {_,EM},
-	   {_,ER}]= check_report(fun() -> rb:grep("rb_test_") end,OutFile),
-    ?line true = contains(S, "rb_test_crash"),
-    ?line true = contains(CR, "rb_test_crash"),
-    ?line true = contains(EC, "rb_test_crash"),
-    ?line true = contains(IM, "rb_test_info_msg"),
-    ?line true = contains(IR, "rb_test_info"),
-    ?line true = contains(EM, "rb_test_error_msg"),
-    ?line true = contains(ER, "rb_test_error"),
+    ok = start_rb(OutFile),
+
+    [{_,S},
+     {_,CR},
+     {_,EC},
+     {_,IM},
+     {_,IR},
+     {_,EM},
+     {_,ER}]= check_report(fun() -> rb:grep("rb_test_") end,OutFile),
+    true = contains(S, "rb_test_crash"),
+    true = contains(CR, "rb_test_crash"),
+    true = contains(EC, "rb_test_crash"),
+    true = contains(IM, "rb_test_info_msg"),
+    true = contains(IR, "rb_test_info"),
+    true = contains(EM, "rb_test_error_msg"),
+    true = contains(ER, "rb_test_error"),
     ok.
 
-
-filter_filter() -> filter_filter(suite).
-filter_filter(suite) -> [];
 filter_filter(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
-    ?line ER = [_] = rb_filter([{rb_SUITE,rb_test_error}],OutFile),
-    ?line [] = rb_filter([{rb_SUITE,rb_test}],OutFile),
-    ?line _E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
-    ?line AllButER = rb_filter([{rb_SUITE,rb_test_error,no}],OutFile),
+    ER = [_] = rb_filter([{rb_SUITE,rb_test_error}],OutFile),
+    [] = rb_filter([{rb_SUITE,rb_test}],OutFile),
+    _E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
+    AllButER = rb_filter([{rb_SUITE,rb_test_error,no}],OutFile),
 
     {_,AllRep} = lists:unzip(All),
     {_,ERRep} = lists:unzip(ER),
     {_,AllButERRep} = lists:unzip(AllButER),
-    ?line AllButERRep = AllRep -- ERRep,
+    AllButERRep = AllRep -- ERRep,
 
     ok.
 
-filter_date() -> filter_date(suite).
-filter_date(suite) -> [];
 filter_date(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
 
     %% Insert some reports in the error log and start rb
@@ -280,35 +245,33 @@ filter_date(Config) ->
     Between1 = calendar:local_time(),
     timer:sleep(1000),
     Between2 = calendar:local_time(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
     Before = calendar:gregorian_seconds_to_datetime(
-	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
+	       calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
     After = calendar:gregorian_seconds_to_datetime(
 	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) + 1),
 
-    ?line All = rb_filter([],{Before,from},OutFile),
-    ?line All = rb_filter([],{After,to},OutFile),
-    ?line [] = rb_filter([],{Before,to},OutFile),
-    ?line [] = rb_filter([],{After,from},OutFile),
-    ?line All = rb_filter([],{Before,After},OutFile),
+    All = rb_filter([],{Before,from},OutFile),
+    All = rb_filter([],{After,to},OutFile),
+    [] = rb_filter([],{Before,to},OutFile),
+    [] = rb_filter([],{After,from},OutFile),
+    All = rb_filter([],{Before,After},OutFile),
 
     %%?t:format("~p~n",[All]),
-    ?line AllButLast = [{N-1,R} || {N,R} <- tl(All)],
-    ?line AllButLast = rb_filter([],{Before,Between1},OutFile),
+    AllButLast = [{N-1,R} || {N,R} <- tl(All)],
+    AllButLast = rb_filter([],{Before,Between1},OutFile),
 
-    ?line Last = hd(All),
-    ?line [Last] = rb_filter([],{Between2,After},OutFile),
+    Last = hd(All),
+    [Last] = rb_filter([],{Between2,After},OutFile),
 
     ok.
 
-filter_filter_and_date() -> filter_filter_and_date(suite).
-filter_filter_and_date(suite) -> [];
 filter_filter_and_date(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
 
     %% Insert some reports in the error log and start rb
@@ -316,102 +279,96 @@ filter_filter_and_date(Config) ->
     Between1 = calendar:local_time(),
     timer:sleep(1000),
     Between2 = calendar:local_time(),
-    ?line error_logger:error_report([{rb_SUITE,rb_test_filter}]),    
-    ?line ok = start_rb(OutFile),
+    error_logger:error_report([{rb_SUITE,rb_test_filter}]),
+    ok = start_rb(OutFile),
 
     Before = calendar:gregorian_seconds_to_datetime(
-	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
+	       calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
     After = calendar:gregorian_seconds_to_datetime(
 	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) + 1),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
-    ?line Last = hd(All),
+    All = check_report(fun() -> rb:show() end,OutFile),
+    Last = hd(All),
 
-    ?line [_,_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,After},OutFile),
-    ?line [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,Between1},OutFile),
-    ?line [_] = rb_filter([{rb_SUITE,"rb_test",re}],{Between2,After},OutFile),
-    ?line [_] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,After},OutFile),
-    ?line [] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,Between1},OutFile),
-    ?line [Last] = rb_filter([{rb_SUITE,rb_test_filter,no}],{Between2,After},OutFile),
-    ?line {_,Str} = Last,
-    ?line false = contains(Str,"rb_test_filter"),
+    [_,_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,After},OutFile),
+    [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,Between1},OutFile),
+    [_] = rb_filter([{rb_SUITE,"rb_test",re}],{Between2,After},OutFile),
+    [_] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,After},OutFile),
+    [] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,Between1},OutFile),
+    [Last] = rb_filter([{rb_SUITE,rb_test_filter,no}],{Between2,After},OutFile),
+    {_,Str} = Last,
+    false = contains(Str,"rb_test_filter"),
 
     ok.
 
 
-filter_re_no() -> filter_re_no(suite).
-filter_re_no(suite) -> [];
 filter_re_no(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
-    ?line E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
-    ?line AllButE = rb_filter([{rb_SUITE,"rb_test",re,no}],OutFile),
+    E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
+    AllButE = rb_filter([{rb_SUITE,"rb_test",re,no}],OutFile),
 
     {_,AllRep} = lists:unzip(All),
     {_,ERep} = lists:unzip(E),
     {_,AllButERep} = lists:unzip(AllButE),
-    ?line AllButERep = AllRep -- ERep,
+    AllButERep = AllRep -- ERep,
 
     ok.
 
 
-rescan() -> rescan(suite).
-rescan(suite) -> [];
 rescan(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+
     %% Start rb
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
     %% Insert one more report and check that the list is longer. Note
     %% that there might be two more reports, since the progress report
     %% from starting rb_server might not be included before the rescan.
-    ?line AllBefore = capture(fun() -> rb:list() end),
-    ?line error_logger:error_report([{rb_SUITE,rb_test_rescan}]),
-    ?line ok = rb:rescan(),
-    ?line AllAfter = capture(fun() -> rb:list() end),
-    ?line Diff = length(AllAfter) - length(AllBefore),
-    ?line true = (Diff >= 1),
+    AllBefore = capture(fun() -> rb:list() end),
+    error_logger:error_report([{rb_SUITE,rb_test_rescan}]),
+    ok = rb:rescan(),
+    AllAfter = capture(fun() -> rb:list() end),
+    Diff = length(AllAfter) - length(AllBefore),
+    true = (Diff >= 1),
 
     ok.
 
 
-start_stop_log() -> start_stop_log(suite).
-start_stop_log(suite) -> [];
 start_stop_log(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    ?line ok = file:write_file(OutFile,[]),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    ok = file:write_file(OutFile,[]),
 
     %% Start rb and check that show is printed to standard_io
-    ?line ok = start_rb(),
-    ?line StdioResult = [_|_] = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),
-    
+    ok = start_rb(),
+    StdioResult = [_|_] = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
+
     %% Start log and check that show is printed to log and not to standad_io
-    ?line ok = rb:start_log(OutFile),
-    ?line [] = capture(fun() -> rb:show(1) end),
-    ?line {ok,Bin} = file:read_file(OutFile),
-    ?line true = (Bin =/= <<>>),
+    ok = rb:start_log(OutFile),
+    [] = capture(fun() -> rb:show(1) end),
+    {ok,Bin} = file:read_file(OutFile),
+    true = (Bin =/= <<>>),
 
     %% Stop log and check that show is printed to standard_io and not to log
-    ?line ok = rb:stop_log(),
-    ?line ok = file:write_file(OutFile,[]),
-    ?line StdioResult = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),
+    ok = rb:stop_log(),
+    ok = file:write_file(OutFile,[]),
+    StdioResult = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
 
     %% Test that standard_io is used if log file can not be opened
-    ?line ok = rb:start_log(filename:join(nonexistingdir,"newfile.txt")),
-    ?line StdioResult = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),    
+    ok = rb:start_log(filename:join(nonexistingdir,"newfile.txt")),
+    StdioResult = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
 
     ok.
 
@@ -435,7 +392,7 @@ empty_error_logs(Config) ->
     catch delete_content(?config(rb_dir, Config)),
     ok = application:start(sasl),
     wait_for_sasl().
-    
+
 wait_for_sasl() ->
     wait_for_sasl(50).
 wait_for_sasl(0) ->
@@ -448,7 +405,7 @@ wait_for_sasl(N) ->
 	    timer:sleep(100),
 	    wait_for_sasl(N-1)
     end.
-    
+
 start_rb(OutFile) ->
     do_start_rb([{start_log,OutFile}]).
 start_rb() ->
@@ -482,20 +439,20 @@ delete_content(Dir) ->
 		  Files).
 
 init_error_logs() ->        
-    ?line error_logger:error_report([{rb_SUITE,rb_test_error}]),
-    ?line error_logger:error_msg("rb_test_error_msg"),
-    ?line error_logger:info_report([{rb_SUITE,rb_test_info}]),
-    ?line error_logger:info_msg("rb_test_info_msg"),
-    ?line _Pid = start(),
-    ?line Ref = erlang:monitor(process,?MODULE),
-    ?line gen_server:cast(?MODULE,crash),
-    ?line receive {'DOWN',Ref,process,_,{rb_SUITE,rb_test_crash}} -> ok 
-	  after 2000 -> 
-		  ?t:format("Got: ~p~n",[process_info(self(),messages)]),
-		  ?t:fail("rb_SUITE server never died")
-	  end,
-    ?line erlang:demonitor(Ref),
-    ?line wait_for_server(),
+    error_logger:error_report([{rb_SUITE,rb_test_error}]),
+    error_logger:error_msg("rb_test_error_msg"),
+    error_logger:info_report([{rb_SUITE,rb_test_info}]),
+    error_logger:info_msg("rb_test_info_msg"),
+    _Pid = start(),
+    Ref = erlang:monitor(process,?MODULE),
+    gen_server:cast(?MODULE,crash),
+    receive {'DOWN',Ref,process,_,{rb_SUITE,rb_test_crash}} -> ok
+    after 2000 ->
+	    ?t:format("Got: ~p~n",[process_info(self(),messages)]),
+	    ?t:fail("rb_SUITE server never died")
+    end,
+    erlang:demonitor(Ref),
+    wait_for_server(),
     ok.
 
 wait_for_server() ->
diff --git a/lib/sasl/test/release_handler_SUITE.erl b/lib/sasl/test/release_handler_SUITE.erl
index af2183bfff..ac616dab72 100644
--- a/lib/sasl/test/release_handler_SUITE.erl
+++ b/lib/sasl/test/release_handler_SUITE.erl
@@ -19,6 +19,7 @@
 -module(release_handler_SUITE).
 
 -include_lib("common_test/include/ct.hrl").
+-include("test_lib.hrl").
 
 -compile(export_all).
 
@@ -30,6 +31,7 @@ suite() ->
     [{ct_hooks, [ts_install_cth]}].
 
 init_per_suite(Config) ->
+    init_priv_dir(Config),
     application:start(sasl),
     Config.
 
@@ -58,7 +60,10 @@ cases() ->
     [otp_2740, otp_2760, otp_5761, otp_9402, otp_9417,
      otp_9395_check_old_code, otp_9395_check_and_purge,
      otp_9395_update_many_mods, otp_9395_rm_many_mods,
-     instructions, eval_appup, supervisor_which_children_timeout].
+     instructions, eval_appup, eval_appup_with_restart,
+     supervisor_which_children_timeout,
+     release_handler_which_releases, install_release_syntax_check,
+     upgrade_supervisor, upgrade_supervisor_fail].
 
 groups() ->
     [{release,[],
@@ -69,6 +74,7 @@ groups() ->
      {release_single,[],
       [
        upgrade,
+       upgrade_restart,
        client1,
        client2
       ]},
@@ -82,7 +88,7 @@ groups() ->
 init_per_group(release, Config) ->
     Dog = ?t:timetrap(?default_timeout),
     P1gInstall = filename:join(priv_dir(Config),p1g_install),
-    ok = do_create_p1g(Config,P1gInstall),
+    ok = create_p1g(Config,P1gInstall),
     ok = create_p1h(Config),
     ?t:timetrap_cancel(Dog);
 
@@ -95,6 +101,7 @@ init_per_group(release_single, Config) ->
     %% Create some more releases to upgrade to
     ok = create_p1i(Config),
     ok = create_p2a(Config),
+    ok = create_p2b(Config),
 
     ?t:timetrap_cancel(Dog);
 
@@ -155,7 +162,7 @@ end_per_group(release, Config) ->
 	{win32,_} -> delete_all_services();
 	_ -> ok
     end,
-    delete_release(Config),
+    clean_priv_dir(Config,true),
     ?t:timetrap_cancel(Dog),
     Config;
 end_per_group(_GroupName, Config) ->
@@ -191,7 +198,10 @@ end_per_testcase(Case, Config) ->
 	    FailDir = filename:join(SaveDir,lists:concat(["failed-",Case])),
 	    ok = filelib:ensure_dir(filename:join(FailDir,"*")),
 
-	    LogDirs = filelib:wildcard(filename:join([PrivDir,"*",log])),
+	    LogDirs =
+		filelib:wildcard(filename:join([PrivDir,"*",log])) ++
+		filelib:wildcard(filename:join([PrivDir,"*",clients,
+						type1,"*",log])),
 
 	    lists:foreach(
 	      fun(LogDir) ->
@@ -236,7 +246,7 @@ break(Config) ->
 	?t:break(priv_dir(Config)),
 	ok.
 
-%% Test upgrade and downgrade of erts
+%% Test upgrade and downgrade of erts and other apps on embedded node
 upgrade(Conf) when is_list(Conf) ->
     reg_print_proc(), %% starts a printer process on test_server node
     ?t:format("upgrade ~p~n",[reg_print_proc]),
@@ -259,54 +269,75 @@ upgrade(Conf) when is_list(Conf) ->
     stop_cover(TestNode),
     reboot_and_wait(TestNode,"install_2",[a]),
 
-    %% check that P1H is permanent, unpack and install P1I, unpack and install P2A
-    TestNodeInit1 = rpc:call(TestNode,erlang,whereis,[init]),
+    %% check that P1H is permanent, unpack and install P1I, unpack P2A
     ok = rpc_inst(TestNode, install_3, [PrivDir]),
     stop_cover(TestNode),
-    ok = rpc_inst(TestNode, install_3a, []),
-    wait_nodes_up([{TestNode,TestNodeInit1}],"install_3",[a]),
+    reboot_and_wait(TestNode,"install_3",[a]),
 
-    %% check that P2A is used, reboot from P1I
-    ok = rpc_inst(TestNode, install_4, []),
+    %% check that P1H is used, install P2A
+    TestNodeInit1 = rpc:call(TestNode,erlang,whereis,[init]),
     stop_cover(TestNode),
-    reboot_and_wait(TestNode,"install_4",[a]),
+    ok = rpc_inst(TestNode, install_4, []),
+    wait_nodes_up([{TestNode,TestNodeInit1}],"install_4",[a]),
 
-    %% check that P1I, reinstall P2A
+    %% check that P2A is used, then downgrade to P1I
     TestNodeInit2 = rpc:call(TestNode,erlang,whereis,[init]),
     ok = rpc_inst(TestNode, install_5, []),
     stop_cover(TestNode),
     ok = rpc_inst(TestNode, install_5a, []),
     wait_nodes_up([{TestNode,TestNodeInit2}],"install_5",[a]),
 
-    %% check that P2A is used, make P2A permanent
+    %% Check that P1I is used, then make P1I permanent and install P2A
+    TestNodeInit3 = rpc:call(TestNode,erlang,whereis,[init]),
     ok = rpc_inst(TestNode, install_6, []),
     stop_cover(TestNode),
-    reboot_and_wait(TestNode,"install_6",[a]),
+    ok = rpc_inst(TestNode, install_6a, []),
+    wait_nodes_up([{TestNode,TestNodeInit3}],"install_6",[a]),
 
-    %% check that P2A is permanent, install old P1H
-    TestNodeInit3 = rpc:call(TestNode,erlang,whereis,[init]),
-    stop_cover(TestNode),
+    %% check that P2A is used, then downgrade to P1H
+    TestNodeInit4 = rpc:call(TestNode,erlang,whereis,[init]),
     ok = rpc_inst(TestNode, install_7, []),
-    wait_nodes_up([{TestNode,TestNodeInit3}],"install_7",[a]),
+    stop_cover(TestNode),
+    ok = rpc_inst(TestNode, install_7a, []),
+    wait_nodes_up([{TestNode,TestNodeInit4}],"install_7",[a]),
 
-    %% check that P1H is permanent, remove P1I and P2A
+    %% check that P1H is used, then install P1I and check that it is permanent
+    %% then reinstall P2A
+    TestNodeInit5 = rpc:call(TestNode,erlang,whereis,[init]),
     ok = rpc_inst(TestNode, install_8, []),
     stop_cover(TestNode),
-    reboot_and_wait(TestNode,"install_8",[a]),
+    ok = rpc_inst(TestNode, install_8a, []),
+    wait_nodes_up([{TestNode,TestNodeInit5}],"install_8",[a]),
+
+    %% check that P2A is used, make P2A permanent
+    ok = rpc_inst(TestNode, install_9, []),
+    stop_cover(TestNode),
+    reboot_and_wait(TestNode,"install_9",[a]),
+
+    %% check that P2A is permanent, reboot to old P1H
+    TestNodeInit6 = rpc:call(TestNode,erlang,whereis,[init]),
+    stop_cover(TestNode),
+    ok = rpc_inst(TestNode, install_10, []),
+    wait_nodes_up([{TestNode,TestNodeInit6}],"install_10",[a]),
+
+    %% check that P1H is permanent, remove P1I and P2A
+    ok = rpc_inst(TestNode, install_11, []),
+    stop_cover(TestNode),
+    reboot_and_wait(TestNode,"install_11",[a]),
 
     %% check that P1H is permanent, reboot old P1G
-    TestNodeInit4 = rpc:call(TestNode,erlang,whereis,[init]),
+    TestNodeInit7 = rpc:call(TestNode,erlang,whereis,[init]),
     stop_cover(TestNode),
-    ok = rpc_inst(TestNode, install_9, []),
-    wait_nodes_up([{TestNode,TestNodeInit4}],"install_9"),
+    ok = rpc_inst(TestNode, install_12, []),
+    wait_nodes_up([{TestNode,TestNodeInit7}],"install_12"),
 
     %% check that P1G is permanent, remove P1H
-    ok = rpc_inst(TestNode, install_10, []),
+    ok = rpc_inst(TestNode, install_13, []),
     stop_cover(TestNode),
-    reboot_and_wait(TestNode,"install_10"),
+    reboot_and_wait(TestNode,"install_13"),
 
     %% check that P1G is permanent
-    ok = rpc_inst(TestNode, install_11, []),
+    ok = rpc_inst(TestNode, install_14, []),
 
     ok.
 
@@ -323,6 +354,54 @@ reboot_and_wait(Node,Tag,Apps) ->
     wait_nodes_up([{Node,InitPid}],Tag,Apps).
 
 
+%% Test upgrade and downgrade of erts in combination with the
+%% restart_emulator option to systools:make_relup. For upgrade, this
+%% should cause one restart before the upgrade code, and one
+%% after. For downgrade, there will be one restart only - at the end.
+upgrade_restart(Conf) when is_list(Conf) ->
+    reg_print_proc(), %% starts a printer process on test_server node
+    ?t:format("upgrade_restart ~p~n",[reg_print_proc]),
+    PrivDir = priv_dir(Conf),
+    Sname = tc_sname(Conf), % nodename for use in this testcase
+
+    %% Copy the P1G release to a directory for use in this testcase
+    ok = copy_installed(Conf,p1g_install,[Sname]),
+
+    %% start the test node
+    [TestNode] = start_nodes(Conf,[Sname],"upgrade_restart start"),
+
+    %% unpack and install P2B
+    TestNodeInit1 = rpc:call(TestNode,erlang,whereis,[init]),
+    ok = rpc_inst(TestNode, upgrade_restart_1, [PrivDir]),
+    stop_cover(TestNode),
+    ok = rpc_inst(TestNode, upgrade_restart_1a, []),
+    wait_nodes_up([{TestNode,TestNodeInit1}],"upgrade_restart_1",[a]),
+
+    %% install P1G
+    case rpc_inst(TestNode, upgrade_restart_2, []) of
+	ok ->
+	    ok;
+	{wait,TestNodeInit2a} ->
+	    %% We catched the node too early - it was supposed to
+	    %% restart twice, so let's wait for one more restart.
+	    wait_nodes_up([{TestNode,TestNodeInit2a}],"upgrade_restart_2a",[]),
+	    ok = rpc_inst(TestNode, upgrade_restart_2a, [])
+    end,
+    TestNodeInit2 = rpc:call(TestNode,erlang,whereis,[init]),
+    stop_cover(TestNode),
+    ok = rpc_inst(TestNode, upgrade_restart_2b, []),
+    wait_nodes_up([{TestNode,TestNodeInit2}],"upgrade_restart_2b",[]),
+
+    %% Check that P1G is going again
+    ok = rpc_inst(TestNode, upgrade_restart_3, []),
+
+    ok.
+
+upgrade_restart(cleanup,Config) ->
+    TestNode = tc_full_node_name(Config),
+    ok = stop_nodes([TestNode]).
+
+
 %% Test upgrade and downgrade of erts, diskless
 client1(Conf) when is_list(Conf) ->
     reg_print_proc(), %% starts a printer process on test_server node
@@ -542,9 +621,51 @@ supervisor_which_children_timeout(Conf) ->
 
     ok.
 
-supervisor_which_children_timeout(cleanup, Conf) ->
+supervisor_which_children_timeout(cleanup, _Conf) ->
     stop_node(node_name(supervisor_which_children_timeout)).
 
+
+%% Test that check_install_release will fail for illegal relup
+%% instructions, even after point of no return.
+install_release_syntax_check(Conf) when is_list(Conf) ->
+
+    S1 = [point_of_no_return, illegal_instruction],
+    {error,{illegal_instruction_after_point_of_no_return,illegal_instruction}} =
+	release_handler_1:check_script(S1,[]),
+
+    S2 = [point_of_no_return,restart_new_emulator],
+    {error,{illegal_instruction_after_point_of_no_return,restart_new_emulator}} =
+	release_handler_1:check_script(S2,[]),
+
+    ok.
+
+
+%%-----------------------------------------------------------------
+%% release_handler:which_releases/0 and 1 test
+%%-----------------------------------------------------------------
+release_handler_which_releases(Conf) ->
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"release_handler_which_releases"),
+    DataDir = ?config(data_dir,Conf),
+    LibDir = filename:join([DataDir,release_handler_timeouts]),
+
+    Rel1 = create_and_install_fake_first_release(Dir,[{dummy,"0.1",LibDir}]),
+
+    {ok, Node} = t_start_node(release_handler_which_releases, Rel1, []),
+    Releases0 = rpc:call(Node, release_handler, which_releases, []),
+    Releases1 = rpc:call(Node, release_handler, which_releases, [permanent]),
+    Releases2 = rpc:call(Node, release_handler, which_releases, [old]),
+
+    1 = length(Releases0),
+    1 = length(Releases1),
+    0 = length(Releases2),
+
+    ?t:format("release_handler:which_releases/0: ~p~n", [Releases0]),
+    ?t:format("release_handler:which_releases/1: ~p~n", [Releases1]),
+    ?t:format("release_handler:which_releases/1: ~p~n", [Releases2]),
+
+    ok.
+
 %%-----------------------------------------------------------------
 %% Ticket: OTP-2740
 %% Slogan: vsn not numeric doesn't work so good in release_handling
@@ -1085,6 +1206,109 @@ otp_9395_rm_many_mods(cleanup,_Conf) ->
     stop_node(node_name(otp_9395_rm_many_mods)).
 
 
+upgrade_supervisor(Conf) when is_list(Conf) ->
+    %% Set some paths
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"upgrade_supervisor"),
+    LibDir = filename:join(?config(data_dir, Conf), "lib"),
+
+    %% Create the releases
+    Lib1 = [{a,"1.0",LibDir}],
+    Lib2 = [{a,"9.0",LibDir}],
+    Rel1 = create_and_install_fake_first_release(Dir,Lib1),
+    Rel2 = create_fake_upgrade_release(Dir,"2",Lib2,{[Rel1],[Rel1],[LibDir]}),
+    Rel1Dir = filename:dirname(Rel1),
+    Rel2Dir = filename:dirname(Rel2),
+
+    %% Start a slave node
+    {ok, Node} = t_start_node(upgrade_supervisor, Rel1,
+			      filename:join(Rel1Dir,"sys.config")),
+
+    %% Check path
+    Dir1 = filename:join([LibDir, "a-1.0"]),
+    Dir1 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam1 = filename:join([Dir1,ebin,"a_sup.beam"]),
+    ASupBeam1 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Install second release, with no changed modules
+    {ok, RelVsn2} = rpc:call(Node, release_handler, set_unpacked,
+			     [Rel2++".rel", Lib2]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "relup")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "start.boot")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "sys.config")]),
+
+    {ok, _RelVsn1, []} =
+	rpc:call(Node, release_handler, install_release, [RelVsn2]),
+
+    %% Check that libdir is changed
+    Dir2 = filename:join([LibDir, "a-9.0"]),
+    Dir2 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam2 = filename:join([Dir2,ebin,"a_sup.beam"]),
+    ASupBeam2 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Check that the restart strategy and child spec is updated
+    {status, _, {module, _}, [_, _, _, _, [_,_,{data,[{"State",State}]}]]} =
+	rpc:call(Node,sys,get_status,[a_sup]),
+    {state,_,RestartStrategy,[Child],_,_,_,_,_,_} = State,
+    one_for_all = RestartStrategy, % changed from one_for_one
+    {child,_,_,_,_,brutal_kill,_,_} = Child, % changed from timeout 2000
+
+    ok.
+
+%% Check that if the supervisor fails, then the upgrade is rolled back
+%% and an ok error message is returned
+upgrade_supervisor_fail(Conf) when is_list(Conf) ->
+    %% Set some paths
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"upgrade_supervisor_fail"),
+    LibDir = filename:join(?config(data_dir, Conf), "lib"),
+
+    %% Create the releases
+    Lib1 = [{a,"1.0",LibDir}],
+    Lib2 = [{a,"9.1",LibDir}],
+    Rel1 = create_and_install_fake_first_release(Dir,Lib1),
+    Rel2 = create_fake_upgrade_release(Dir,"2",Lib2,{[Rel1],[Rel1],[LibDir]}),
+    Rel1Dir = filename:dirname(Rel1),
+    Rel2Dir = filename:dirname(Rel2),
+
+    %% Start a slave node
+    {ok, Node} = t_start_node(upgrade_supervisor_fail, Rel1,
+			      filename:join(Rel1Dir,"sys.config")),
+
+    %% Check path
+    Dir1 = filename:join([LibDir, "a-1.0"]),
+    Dir1 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam1 = filename:join([Dir1,ebin,"a_sup.beam"]),
+    ASupBeam1 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Install second release, with no changed modules
+    {ok, RelVsn2} = rpc:call(Node, release_handler, set_unpacked,
+			     [Rel2++".rel", Lib2]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "relup")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "start.boot")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "sys.config")]),
+    ok = net_kernel:monitor_nodes(true),
+
+    {error,{code_change_failed,_Pid,a_sup,_Vsn,
+	    {error,{invalid_shutdown,brutal_kil}}}} =
+	rpc:call(Node, release_handler, install_release, [RelVsn2]),
+
+    %% Check that the upgrade is terminated - normally this would mean
+    %% rollback, but since this testcase is very simplified the node
+    %% is not started with heart supervision and will therefore not be
+    %% restarted. So we just check that the node goes down.
+    receive {nodedown,Node} -> ok
+    after 10000 -> ct:fail(failed_upgrade_never_restarted_node)
+    end,
+
+    ok.
+
 
 %% Test upgrade and downgrade of applications
 eval_appup(Conf) when is_list(Conf) ->
@@ -1107,6 +1331,12 @@ eval_appup(Conf) when is_list(Conf) ->
     App11Dir = code:lib_dir(app1),
     ok = gen_server:call(harry, error),
 
+    %% Read appup script
+    {ok,"2.0",UpScript} = release_handler:upgrade_script(app1,App12Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_}] = UpScript,
+
     %% Upgrade to app1-2.0
     {ok, []} = release_handler:upgrade_app(app1, App12Dir),
     App12Dir = code:lib_dir(app1),
@@ -1117,6 +1347,12 @@ eval_appup(Conf) when is_list(Conf) ->
     %% (see myrel/lib2/app1-2.0/ebin/app1.app)
     [{var,val2}] = ets:lookup(otp_6162, var),
 
+    %% Read appup script
+    {ok,DnScript} = release_handler:downgrade_script(app1,"1.0",App11Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_}] = DnScript,
+
     %% Downgrade to app1-1.0
     {ok, []} = release_handler:downgrade_app(app1,"1.0",App11Dir),
     App11Dir = code:lib_dir(app1),
@@ -1134,6 +1370,85 @@ eval_appup(Conf) when is_list(Conf) ->
     ok.
 
 
+%% Test upgrade and downgrade of applications when appup contains
+%% restart_emulator and restart_new_emulator instructions
+eval_appup_with_restart(Conf) when is_list(Conf) ->
+
+    %% Set some paths
+    RelDir = filename:join(?config(data_dir, Conf), "app1_app2"),
+    App11Dir = filename:join([RelDir, "lib1", "app1-1.0"]),
+    App13Dir = filename:join([RelDir, "lib3", "app1-3.0"]), %restart_emulator
+    App14Dir = filename:join([RelDir, "lib4", "app1-4.0"]), %restart_new_emulator
+    EbinDir1 = filename:join(App11Dir, "ebin"),
+    EbinDir3 = filename:join(App13Dir, "ebin"),
+    EbinDir4 = filename:join(App14Dir, "ebin"),
+
+    %% Start app1-1.0
+    code:add_patha(EbinDir1),
+    ok = application:start(app1),
+    App11Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,"3.0",UpScript3} = release_handler:upgrade_script(app1,App13Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_},
+     restart_emulator] = UpScript3,
+
+    %% Upgrade to app1-3.0 - restart_emulator
+    restart_emulator = release_handler:upgrade_app(app1, App13Dir),
+    App13Dir = code:lib_dir(app1),
+
+    %% Fake full upgrade to 3.0
+    {ok,AppSpec} = file:consult(filename:join([App13Dir,"ebin","app1.app"])),
+    application_controller:change_application_data(AppSpec,[]),
+
+    %% Read appup script
+    {ok,"4.0",UpScript4} = release_handler:upgrade_script(app1,App14Dir),
+    [restart_new_emulator,point_of_no_return] = UpScript4,
+
+    %% Try pgrade to app1-4.0 - restart_new_emulator
+    {error,restart_new_emulator} = release_handler:upgrade_app(app1, App14Dir),
+    App13Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,DnScript1} = release_handler:downgrade_script(app1,"1.0",App11Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_},
+     restart_emulator] = DnScript1,
+
+    %% Still running 3.0 - downgrade to app1-1.0 - restart_emulator
+    restart_emulator = release_handler:downgrade_app(app1,"1.0",App11Dir),
+    App11Dir = code:lib_dir(app1),
+
+    ok = application:stop(app1),
+    ok = application:unload(app1),
+    true = code:del_path(EbinDir1),
+
+    %% Start again as version 4.0
+    code:add_patha(EbinDir4),
+    ok = application:start(app1),
+    App14Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,DnScript3} = release_handler:downgrade_script(app1,"3.0",App13Dir),
+    [point_of_no_return,restart_emulator] = DnScript3,
+
+    %% Downgrade to app1-3.0 - restart_new_emulator
+    restart_emulator = release_handler:downgrade_app(app1,"3.0",App13Dir),
+    App13Dir = code:lib_dir(app1),
+
+    ok = application:stop(app1),
+    ok = application:unload(app1),
+
+    true = code:del_path(EbinDir3),
+    false = code:del_path(EbinDir1),
+    false = code:del_path(EbinDir4),
+
+    ok.
+
+
 %% Test the example/target_system.erl module
 target_system(Conf) when is_list(Conf) ->
     PrivDir = priv_dir(Conf),
@@ -1147,11 +1462,10 @@ target_system(Conf) when is_list(Conf) ->
 
 
     %% Create the .rel file
-    ErtsVsn = erlang:system_info(version),
     RelName = filename:join(TargetCreateDir,"ts-1.0"),
     RelFile = RelName++".rel",
     RelVsn = "R1A",
-    create_rel_file(RelFile,RelName,RelVsn,ErtsVsn,[{a, "1.0"}]),
+    create_rel_file(RelFile,RelName,RelVsn,current,[{a, "1.0"}]),
 
     %% Build the target_system module
     ExamplesEbin = filename:join([code:lib_dir(sasl),examples,ebin]),
@@ -1179,11 +1493,13 @@ target_system(Conf) when is_list(Conf) ->
     code:del_path(TSPath),
 
     %% Check that all files exist in installation
-    true = filelib:is_dir(filename:join(TargetInstallDir,"erts-"++ErtsVsn)),
+    ErtsDir = app_dir(erts,current),
+    true = filelib:is_dir(filename:join(TargetInstallDir,ErtsDir)),
     LibDir = filename:join(TargetInstallDir,lib),
-    {ok,KernelVsn} = application:get_key(kernel,vsn),
-    {ok,StdlibVsn} = application:get_key(stdlib,vsn),
-    {ok,SaslVsn} = application:get_key(sasl,vsn),
+    KernelVsn = vsn(kernel,current),
+    StdlibVsn = vsn(stdlib,current),
+    SaslVsn = vsn(sasl,current),
+    RelFileBasename = filename:basename(RelFile),
     true = filelib:is_dir(filename:join(LibDir,"kernel-"++KernelVsn)),
     true = filelib:is_dir(filename:join(LibDir,"stdlib-"++StdlibVsn)),
     true = filelib:is_dir(filename:join(LibDir,"sasl-"++SaslVsn)),
@@ -1191,10 +1507,10 @@ target_system(Conf) when is_list(Conf) ->
     RelDir = filename:join(TargetInstallDir,releases),
     true = filelib:is_regular(filename:join(RelDir,"RELEASES")),
     true = filelib:is_regular(filename:join(RelDir,"start_erl.data")),
-    true = filelib:is_regular(filename:join(RelDir,
-						  filename:basename(RelFile))),
+    true = filelib:is_regular(filename:join(RelDir,RelFileBasename)),
     true = filelib:is_dir(filename:join(RelDir,RelVsn)),
     true = filelib:is_regular(filename:join([RelDir,RelVsn,"start.boot"])),
+    true = filelib:is_regular(filename:join([RelDir,RelVsn,RelFileBasename])),
     BinDir = filename:join(TargetInstallDir,bin),
     true = filelib:is_regular(filename:join(BinDir,"start.boot")),
     true = filelib:is_regular(filename:join(BinDir,erl)),
@@ -1205,6 +1521,7 @@ target_system(Conf) when is_list(Conf) ->
     true = filelib:is_regular(filename:join(BinDir,to_erl)),
 
     %% Check content of files
+    ErtsVsn = vsn(erts,current),
     {ok,SED} = file:read_file(filename:join(RelDir,"start_erl.data")),
     [ErtsVsn,RelVsn] = string:tokens(binary_to_list(SED),"\s\n"),
     ok.
@@ -1456,7 +1773,7 @@ copy_client(Conf,Master,Sname,Client) ->
     ok.
 
 
-delete_release(Conf) ->
+clean_priv_dir(Conf,Save) ->
     PrivDir = priv_dir(Conf),
 
     {ok, OrigWd} = file:get_cwd(),
@@ -1466,7 +1783,7 @@ delete_release(Conf) ->
     {ok, Dirs} = file:list_dir(PrivDir),
     ?t:format("========  deleting  ~p~n",[Dirs]),
 
-    ok = delete_release_os(Dirs--["save"]),
+    ok = clean_dirs_os(Dirs,Save),
     {ok,Remaining} = file:list_dir(PrivDir),
     ?t:format("========  remaining  ~p~n",[Remaining]),
 
@@ -1474,7 +1791,7 @@ delete_release(Conf) ->
 	[] ->
 	    ok;
 	_ ->
-	    delete_release_os(Remaining),
+	    clean_dirs_os(Remaining,Save),
 	    Remaining2 = file:list_dir(PrivDir),
 	    ?t:format("========  remaining after second try ~p~n",[Remaining2])
     end,
@@ -1483,22 +1800,22 @@ delete_release(Conf) ->
     ok.
 
 
-delete_release_os(Dirs) ->
+clean_dirs_os(Dirs,Save) ->
     case os:type() of
 	{unix, _} ->
-	    delete_release_unix(Dirs);
+	    clean_dirs_unix(Dirs,Save);
 	{win32, _} ->
-	    delete_release_win32(Dirs);
+	    clean_dirs_win32(Dirs,Save);
 	Os ->
 	    test_server:fail({error, {not_yet_implemented_os, Os}})
     end.
 
 
-delete_release_unix([]) ->
+clean_dirs_unix([],_) ->
     ok;
-delete_release_unix(["save"|Dirs]) ->
-    delete_release_unix(Dirs);
-delete_release_unix([Dir|Dirs]) ->
+clean_dirs_unix(["save"|Dirs],Save) when Save ->
+    clean_dirs_unix(Dirs,Save);
+clean_dirs_unix([Dir|Dirs],Save) ->
     Rm = string:concat("rm -rf ", Dir),
     ?t:format("============== COMMAND ~p~n",[Rm]),
     case file:list_dir(Dir) of
@@ -1515,13 +1832,13 @@ delete_release_unix([Dir|Dirs]) ->
 		  ?t:format("------- ls -al  ~p~n",[os:cmd("ls -al " ++ Dir)])
 	  end,
 
-    delete_release_unix(Dirs).
+    clean_dirs_unix(Dirs,Save).
 
-delete_release_win32([]) ->
+clean_dirs_win32([],_) ->
     ok;
-delete_release_win32(["save"|Dirs]) ->
-    delete_release_win32(Dirs);
-delete_release_win32([Dir|Dirs]) ->
+clean_dirs_win32(["save"|Dirs],Save) when Save ->
+    clean_dirs_win32(Dirs,Save);
+clean_dirs_win32([Dir|Dirs],Save) ->
     Rm =
        case filelib:is_dir(Dir) of
           true ->
@@ -1531,7 +1848,7 @@ delete_release_win32([Dir|Dirs]) ->
        end,
     ?t:format("============== COMMAND ~p~n",[Rm]),
     [] = os:cmd(Rm),
-    delete_release_win32(Dirs).
+    clean_dirs_win32(Dirs,Save).
 
 
 node_name(Sname) when is_atom(Sname) ->
@@ -1657,9 +1974,17 @@ priv_dir(Conf) ->
 %%    filename:absname(?config(priv_dir, Conf)). % Get rid of trailing slash
     %% Due to problem with long paths on windows => creating a new
     %% priv_dir under data_dir
+    filename:absname(filename:join(?config(data_dir, Conf),priv_dir)).
+
+init_priv_dir(Conf) ->
     Dir = filename:absname(filename:join(?config(data_dir, Conf),priv_dir)),
-    filelib:ensure_dir(filename:join(Dir,"*")),
-    Dir.
+    case filelib:is_dir(Dir) of
+	true ->
+	    clean_priv_dir(Conf,false);
+	false ->
+	    ok
+    end,
+    filelib:ensure_dir(filename:join(Dir,"*")).
 
 latest_version(Dir) ->
     List = filelib:wildcard(Dir ++ "*"),
@@ -1694,14 +2019,22 @@ stop_print_proc() ->
 
 %% Create the first target release, vsn P1G. This release is used for
 %% all test cases in {group,release}
-create_p1g(Conf,Sname) ->
-    do_create_p1g(Conf,filename:join(priv_dir(Conf),Sname)).
-
-do_create_p1g(Conf,TargetDir) ->
-    PrivDir = priv_dir(Conf),
+create_p1g(Conf,TargetDir) ->
     DataDir = ?config(data_dir,Conf),
-    ErtsVsn = "4.4",
-    ErtsDir = "erts-"++ErtsVsn,
+    PrivDir = priv_dir(Conf),
+    ErtsDir = app_dir(erts,old),
+    KernelDir = app_dir(kernel,old),
+    StdlibDir = app_dir(stdlib,old),
+
+    %% Fake earlier version of kernel and stdlib
+    SystemLib = system_lib(PrivDir),
+    ok = filelib:ensure_dir(filename:join(SystemLib,"*")),
+    KernelLib = code:lib_dir(kernel),
+    StdlibLib = code:lib_dir(stdlib),
+    ok = copy_tree(Conf,KernelLib,KernelDir,SystemLib),
+    ok = copy_tree(Conf,StdlibLib,StdlibDir,SystemLib),
+    fix_version(SystemLib,kernel),
+    fix_version(SystemLib,stdlib),
 
     %% Create dirs
     BinDir = filename:join(TargetDir,bin),
@@ -1745,17 +2078,15 @@ do_create_p1g(Conf,TargetDir) ->
     RelFileName = filename:join(RelDir,RelName),
     RelFile = RelFileName ++ ".rel",
     ok = filelib:ensure_dir(RelFile),
-    LibPath = filename:join([DataDir,lib,"*",ebin]),
 
-    TarFile = create_basic_release(Conf, RelFile, RelVsn, {ErtsVsn,false},
-				   LibPath, [], [], [], []),
+    TarFile = create_basic_release(Conf,RelFile,RelVsn,{old,false}),
 
     %% Extract tar file in target directory (i.e. same directory as erts etc.)
     ok = erl_tar:extract(TarFile, [{cwd, TargetDir}, compressed]),
 
     %% Create start_erl.data
     StartErlDataFile = filename:join([ReleasesDir, "start_erl.data"]),
-    StartErlData = io_lib:fwrite("~s ~s~n", [ErtsVsn, RelVsn]),
+    StartErlData = io_lib:fwrite("~s ~s~n", [vsn(erts,old), RelVsn]),
     ok = file:write_file(StartErlDataFile, StartErlData),
 
     %% Create RELEASES
@@ -1763,60 +2094,98 @@ do_create_p1g(Conf,TargetDir) ->
 
     ok.
 
+fix_version(SystemLib,App) ->
+    FromVsn = vsn(App,current),
+    ToVsn = vsn(App,old),
+    Rootname = filename:join([SystemLib,app_dir(App,old),ebin,atom_to_list(App)]),
+
+    AppFile = Rootname ++ ".app",
+    {ok,OrigApp} = file:read_file(AppFile),
+    ok = file:write_file(AppFile,re:replace(OrigApp,FromVsn,ToVsn,
+					    [{return,binary}])),
+    AppupFile = Rootname ++ ".appup",
+    {ok,OrigAppup} = file:read_file(AppupFile),
+    ok = file:write_file(AppupFile,re:replace(OrigAppup,FromVsn,ToVsn,
+					      [{return,binary}])).
+
+
 %% Create version P1H - which is P1G + a-1.0
 %% Must have run create_p1g first!!
 create_p1h(Conf) ->
-    create_upgrade_release(Conf,"rel1","P1H",{"4.4",false},[{a,"1.0"}],
-			   [{a,[{key2,val2}]}],{"rel0",[new_appl]}).
+    create_upgrade_release(Conf,"rel1","P1H",{old,false},[{a,"1.0"}],
+			   [{a,[{key2,val2}]}],[{"rel0",[new_appl]}]).
 
 %% Create version P1I - which is P1H, but with application a upgraded to a-1.1
 %% Must have run create_p1h first!!
 create_p1i(Conf) ->
-    create_upgrade_release(Conf,"rel2","P1I",{"4.4",false},[{a,"1.1"}],
+    create_upgrade_release(Conf,"rel2","P1I",{old,false},[{a,"1.1"}],
 			   [{a,[{key2,newval2}]}],
-			   {"rel1",[{extra,gott}]}).
+			   [{"rel1",[{extra,gott}]}]).
 
 %% Create version P2A - which is P1I, but with erts-<latest>
 %% Must have run create_p1i first!!
 create_p2a(Conf) ->
-    ErtsVsn = erlang:system_info(version),
-    create_upgrade_release(Conf,"rel3","P2A",{ErtsVsn,code:root_dir()},
+    create_upgrade_release(Conf,"rel3","P2A",{current,code:root_dir()},
 			   [{a,"1.1"}],[{a,[{key2,newval2}]}],
-			   {"rel2",[new_emu]}).
+			   [{"rel1",[new_emu,new_appl]},{"rel2",[new_emu]}],
+			   [{"rel1",[old_emu,old_appl]},{"rel2",[old_emu]}]).
+
+%% Create version P2B - which is P2A, but with relup containing an
+%% extra reboot.
+%% Can be upgraded to from P1G - so must have run create_p1g first!!
+create_p2b(Conf) ->
+    create_upgrade_release(Conf,"rel4","P2B",{current,code:root_dir()},
+			   [{a,"1.1"}],[{a,[{key2,newval2}]}],
+			   [{"rel0",[new_emu,add_appl]}],
+			   [{"rel0",[old_emu,rm_appl]}],
+			   [restart_emulator]).
 
 %% Create a release tar package which can be installed on top of P1G
-create_upgrade_release(Conf,RelName,RelVsn,Erts,Apps,Config,{UpFromName,Descr}) ->
+create_upgrade_release(Conf,RelName,RelVsn,Erts,Apps,Config,UpFrom) ->
+    create_upgrade_release(Conf,RelName,RelVsn,Erts,Apps,Config,UpFrom,[]).
+create_upgrade_release(Conf,RelName,RelVsn,Erts,Apps,Config,UpFrom,DownTo) ->
+    create_upgrade_release(Conf,RelName,RelVsn,Erts,Apps,Config,UpFrom,DownTo,[]).
+create_upgrade_release(Conf,RelName,RelVsn,Erts,Apps,Config,UpFrom0,DownTo0,RelupOpts) ->
     PrivDir = priv_dir(Conf),
-    DataDir = ?config(data_dir,Conf),
-
     RelDir = filename:join(PrivDir,RelName),
     RelFileName = filename:join(RelDir,RelName),
     RelFile = RelFileName ++ ".rel",
     ok = filelib:ensure_dir(RelFile),
-    LibPath = filename:join([DataDir,lib,"*",ebin]),
 
-    UpFrom = [{filename:join([PrivDir,UpFromName,UpFromName]),Descr}],
+    UpFrom = [{filename:join([PrivDir,UpFromName,UpFromName]),Descr} ||
+		 {UpFromName,Descr} <- UpFrom0],
+    DownTo = [{filename:join([PrivDir,DownToName,DownToName]),Descr} ||
+		 {DownToName,Descr} <- DownTo0],
 
-    create_basic_release(Conf, RelFile, RelVsn, Erts, LibPath,
-			 Apps, Config, UpFrom, []),
+    create_basic_release(Conf,RelFile,RelVsn,Erts,Apps,Config,
+			 UpFrom,DownTo,RelupOpts),
     ok.
 
 %% Create .rel, .script, .boot, sys.config and tar
-create_basic_release(Conf, RelFile,RelVsn,{ErtsVsn,ErtsDir},LibPath,ExtraApps,Config,UpFrom,DownTo) ->
+create_basic_release(Conf,RelFile,RelVsn,{Erts,ErtsDir}) ->
+    create_basic_release(Conf, RelFile,RelVsn,{Erts,ErtsDir},[],[],[],[],[]).
+create_basic_release(Conf,RelFile,RelVsn,{Erts,ErtsDir},ExtraApps,Config,UpFrom,DownTo,RelupOpts) ->
+    DataDir = ?config(data_dir,Conf),
+    PrivDir = priv_dir(Conf),
+    SystemLib = system_lib(PrivDir),
+    LibPath = [filename:join([SystemLib,"*",ebin]),
+	       filename:join([DataDir,lib,"*",ebin])],
+
     RelDir = filename:dirname(RelFile),
     RelFileName = filename:rootname(RelFile),
 
     %% Create .rel file
-    create_installer_rel_file(RelFile,RelVsn,ErtsVsn,ExtraApps),
+    create_installer_rel_file(RelFile,RelVsn,Erts,ExtraApps),
 
     %% Generate .script and .boot
     ok = systools:make_script(RelFileName,
-			      [{path,[LibPath]},
+			      [{path,LibPath},
 			       {outdir,RelDir}]),
 
     %% Generate relup
-    ok = systools:make_relup(RelFileName,UpFrom,DownTo,[{path,[LibPath]},
-							      {outdir,RelDir}]),
+    ok = systools:make_relup(RelFileName,UpFrom,DownTo,[{path,LibPath},
+							{outdir,RelDir} |
+							RelupOpts]),
 
     %% Create sys.config
     ok = write_term_file(filename:join(RelDir,"sys.config"),Config),
@@ -1824,7 +2193,7 @@ create_basic_release(Conf, RelFile,RelVsn,{ErtsVsn,ErtsDir},LibPath,ExtraApps,Co
 
     %% Create tar file (i.e. collect all lib/app-*/* and system files)
     ok = systools:make_tar(RelFileName,
-			   [{path,[LibPath]},
+			   [{path,LibPath},
 			    {outdir,RelDir} |
 			    case ErtsDir of
 				false -> [];
@@ -1841,18 +2210,19 @@ create_basic_release(Conf, RelFile,RelVsn,{ErtsVsn,ErtsDir},LibPath,ExtraApps,Co
     TarFileName.
 
 %% Create a .rel file
-create_installer_rel_file(RelFile,RelVsn,ErtsVsn,ExtraApps) ->
-    create_rel_file(RelFile,"SASL-test",RelVsn,ErtsVsn,
+create_installer_rel_file(RelFile,RelVsn,Erts,ExtraApps) ->
+    create_rel_file(RelFile,"SASL-test",RelVsn,Erts,
 		    [{installer,"1.0"}|ExtraApps]).
 
-create_rel_file(RelFile,RelName,RelVsn,ErtsVsn,ExtraApps) ->
-    {ok,KernelVsn} = application:get_key(kernel,vsn),
-    {ok,StdlibVsn} = application:get_key(stdlib,vsn),
-    {ok,SaslVsn} = application:get_key(sasl,vsn),
+create_rel_file(RelFile,RelName,RelVsn,Erts,ExtraApps) ->
+    ErtsVsn = vsn(erts,Erts),
+    KernelVsn = vsn(kernel,Erts),
+    StdlibVsn = vsn(stdlib,Erts),
+    SaslVsn = vsn(sasl,current),
     application:load(tools),
-    {ok,ToolsVsn} = application:get_key(tools,vsn),
+    ToolsVsn = vsn(tools,current),
     application:load(runtime_tools),
-    {ok,RuntimeToolsVsn} = application:get_key(runtime_tools,vsn),
+    RuntimeToolsVsn = vsn(runtime_tools,current),
     
     RelFileContent = {release,
 		      {RelName, RelVsn},
@@ -2033,7 +2403,7 @@ start_node_unix(Sname,NodeDir) ->
 
 start_node_win32(Sname,NodeDir) ->
     Name = atom_to_list(Sname) ++ "_P1G",
-    ErtsBinDir = filename:join(NodeDir,"erts-4.4/bin"),
+    ErtsBinDir = filename:join([NodeDir,app_dir(erts,old),"bin"]),
 
     StartErlArgs = rh_test_lib:get_start_erl_args(NodeDir),
     ServiceArgs = rh_test_lib:get_service_args(NodeDir, Sname, StartErlArgs),
@@ -2158,7 +2528,6 @@ create_fake_release(Dir,RelName,RelVsn,AppDirs) ->
     RelDir = filename:join(Dir,"rel_" ++ RelVsn),
     Rel = filename:join([RelDir,"rel_" ++ RelVsn]),
     ok = filelib:ensure_dir(Rel),
-    ErtsVsn = erlang:system_info(version),
 
     {Apps,Paths} = 
 	lists:foldl(fun({App,Vsn,Lib},{As,Ps}) ->
@@ -2168,7 +2537,7 @@ create_fake_release(Dir,RelName,RelVsn,AppDirs) ->
 		    {[],[]},
 		    AppDirs),
 
-    create_rel_file(Rel++".rel",RelName,RelVsn,ErtsVsn,Apps),
+    create_rel_file(Rel++".rel",RelName,RelVsn,current,Apps),
     
     %% Generate boot scripts
     ok = systools:make_script(Rel,[local,
@@ -2217,3 +2586,16 @@ modify_tar_win32(Conf, TarFileName) ->
     [ok = erl_tar:add(T,filename:join(TmpDir,F),F,[]) || F <- Fs],
     ok = erl_tar:close(T),
     ok.
+
+app_dir(App,Vsn) ->
+    atom_to_list(App) ++ "-" ++ vsn(App,Vsn).
+vsn(erts,old) -> ?ertsvsn;
+vsn(kernel,old) -> ?kernelvsn;
+vsn(stdlib,old) -> ?stdlibvsn;
+vsn(erts,current) -> erlang:system_info(version);
+vsn(App,current) ->
+    {ok,Vsn} = application:get_key(App,vsn),
+    Vsn.
+
+system_lib(PrivDir) ->
+    filename:join(PrivDir,"system_lib").
diff --git a/lib/sasl/test/release_handler_SUITE_data/Makefile.src b/lib/sasl/test/release_handler_SUITE_data/Makefile.src
index edb446413d..55d20aa8b6 100644
--- a/lib/sasl/test/release_handler_SUITE_data/Makefile.src
+++ b/lib/sasl/test/release_handler_SUITE_data/Makefile.src
@@ -5,6 +5,10 @@ P2B= \
      P2B/a-2.0/ebin/a_sup.@EMULATOR@
 
 LIB= \
+     lib/a-9.1/ebin/a.@EMULATOR@ \
+     lib/a-9.1/ebin/a_sup.@EMULATOR@ \
+     lib/a-9.0/ebin/a.@EMULATOR@ \
+     lib/a-9.0/ebin/a_sup.@EMULATOR@ \
      lib/a-1.2/ebin/a.@EMULATOR@ \
      lib/a-1.2/ebin/a_sup.@EMULATOR@ \
      lib/a-1.1/ebin/a.@EMULATOR@ \
@@ -50,7 +54,13 @@ APP= \
      app1_app2/lib2/app1-2.0/ebin/app1.@EMULATOR@ \
      app1_app2/lib2/app2-1.0/ebin/app2_sup.@EMULATOR@ \
      app1_app2/lib2/app2-1.0/ebin/app2_server.@EMULATOR@ \
-     app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@
+     app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1_sup.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1_server.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1_sup.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1_server.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1.@EMULATOR@
 
 OTP2740=  \
      otp_2740/vsn_atom.@EMULATOR@ \
@@ -95,6 +105,17 @@ lib/a-1.2/ebin/a.@EMULATOR@: lib/a-1.2/src/a.erl
 lib/a-1.2/ebin/a_sup.@EMULATOR@: lib/a-1.2/src/a_sup.erl
 	erlc $(EFLAGS) -olib/a-1.2/ebin lib/a-1.2/src/a_sup.erl
 
+lib/a-9.0/ebin/a.@EMULATOR@: lib/a-9.0/src/a.erl
+	erlc $(EFLAGS) -olib/a-9.0/ebin lib/a-9.0/src/a.erl
+lib/a-9.0/ebin/a_sup.@EMULATOR@: lib/a-9.0/src/a_sup.erl
+	erlc $(EFLAGS) -olib/a-9.0/ebin lib/a-9.0/src/a_sup.erl
+
+lib/a-9.1/ebin/a.@EMULATOR@: lib/a-9.1/src/a.erl
+	erlc $(EFLAGS) -olib/a-9.1/ebin lib/a-9.1/src/a.erl
+lib/a-9.1/ebin/a_sup.@EMULATOR@: lib/a-9.1/src/a_sup.erl
+	erlc $(EFLAGS) -olib/a-9.1/ebin lib/a-9.1/src/a_sup.erl
+
+
 lib/b-1.0/ebin/b_server.@EMULATOR@: lib/b-1.0/src/b_server.erl
 	erlc $(EFLAGS) -olib/b-1.0/ebin lib/b-1.0/src/b_server.erl
 lib/b-1.0/ebin/b_lib.@EMULATOR@: lib/b-1.0/src/b_lib.erl
@@ -183,6 +204,22 @@ app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@: app1_app2/lib2/app2-1.0/src/app2.e
 	erlc $(EFLAGS) -oapp1_app2/lib2/app2-1.0/ebin app1_app2/lib2/app2-1.0/src/app2.erl
 
 
+app1_app2/lib3/app1-3.0/ebin/app1_sup.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1_sup.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1_sup.erl
+app1_app2/lib3/app1-3.0/ebin/app1_server.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1_server.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1_server.erl
+app1_app2/lib3/app1-3.0/ebin/app1.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1.erl
+
+
+app1_app2/lib4/app1-4.0/ebin/app1_sup.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1_sup.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1_sup.erl
+app1_app2/lib4/app1-4.0/ebin/app1_server.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1_server.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1_server.erl
+app1_app2/lib4/app1-4.0/ebin/app1.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1.erl
+
+
 otp_2740/vsn_atom.@EMULATOR@: otp_2740/vsn_atom.erl
 	erlc $(EFLAGS) -ootp_2740 otp_2740/vsn_atom.erl
 otp_2740/vsn_list.@EMULATOR@: otp_2740/vsn_list.erl
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app
new file mode 100644
index 0000000000..4adc0540c4
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app
@@ -0,0 +1,9 @@
+{application, app1,
+ [{description, "very simple example application"},
+  {id, "app1"},
+  {vsn, "3.0"},
+  {modules, [app1, app1_sup, app1_server]},
+  {registered, [harry]},
+  {applications, [kernel, stdlib, sasl]},
+  {env, [{var,val2}]},
+  {mod, {app1, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup
new file mode 100644
index 0000000000..a5cdfe9fcc
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup
@@ -0,0 +1,4 @@
+{"3.0",
+ [{"1.0", [{load_module, app1_server},restart_emulator]}],
+ [{"1.0", [{load_module, app1_server},restart_emulator]}]
+}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl
new file mode 100644
index 0000000000..f123c8f470
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl
@@ -0,0 +1,22 @@
+-module(app1).
+
+-behaviour(application).
+
+%% Application callbacks
+-export([start/2, stop/1]).
+-export([config_change/3]).
+
+start(_Type, _StartArgs) ->
+    case app1_sup:start_link() of
+	{ok, Pid} ->
+	    {ok, Pid};
+	Error ->
+	    Error
+    end.
+
+stop(_State) ->
+    ok.
+
+config_change(Changed, _New, _Removed) ->
+    catch ets:insert(otp_6162, hd(Changed)),
+    ok.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl
new file mode 100644
index 0000000000..660d095ebf
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl
@@ -0,0 +1,35 @@
+-module(app1_server).
+
+-behaviour(gen_server).
+
+%% API
+-export([start_link/0]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+start_link() ->
+    gen_server:start_link({local, harry}, ?MODULE, [], []).
+
+init([]) ->
+    {ok, []}.
+
+handle_call(error, _From, State) ->
+    Reply = error,
+    {reply, Reply, State};
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl
new file mode 100644
index 0000000000..e6ad9b6967
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl
@@ -0,0 +1,17 @@
+-module(app1_sup).
+
+-behaviour(supervisor).
+
+%% API
+-export([start_link/0]).
+
+%% Supervisor callbacks
+-export([init/1]).
+
+start_link() ->
+    supervisor:start_link(?MODULE, []).
+
+init([]) ->
+    AChild = {harry,{app1_server,start_link,[]},
+	      permanent,2000,worker,[app1_server]},
+    {ok,{{one_for_all,0,1}, [AChild]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app
new file mode 100644
index 0000000000..243bc21f02
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app
@@ -0,0 +1,9 @@
+{application, app1,
+ [{description, "very simple example application"},
+  {id, "app1"},
+  {vsn, "4.0"},
+  {modules, [app1, app1_sup, app1_server]},
+  {registered, [harry]},
+  {applications, [kernel, stdlib, sasl]},
+  {env, [{var,val2}]},
+  {mod, {app1, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup
new file mode 100644
index 0000000000..72535c8b34
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup
@@ -0,0 +1,4 @@
+{"4.0",
+ [{"3.0", [restart_new_emulator]}],
+ [{"3.0", [restart_new_emulator]}]
+}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl
new file mode 100644
index 0000000000..f123c8f470
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl
@@ -0,0 +1,22 @@
+-module(app1).
+
+-behaviour(application).
+
+%% Application callbacks
+-export([start/2, stop/1]).
+-export([config_change/3]).
+
+start(_Type, _StartArgs) ->
+    case app1_sup:start_link() of
+	{ok, Pid} ->
+	    {ok, Pid};
+	Error ->
+	    Error
+    end.
+
+stop(_State) ->
+    ok.
+
+config_change(Changed, _New, _Removed) ->
+    catch ets:insert(otp_6162, hd(Changed)),
+    ok.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl
new file mode 100644
index 0000000000..660d095ebf
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl
@@ -0,0 +1,35 @@
+-module(app1_server).
+
+-behaviour(gen_server).
+
+%% API
+-export([start_link/0]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+start_link() ->
+    gen_server:start_link({local, harry}, ?MODULE, [], []).
+
+init([]) ->
+    {ok, []}.
+
+handle_call(error, _From, State) ->
+    Reply = error,
+    {reply, Reply, State};
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl
new file mode 100644
index 0000000000..e6ad9b6967
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl
@@ -0,0 +1,17 @@
+-module(app1_sup).
+
+-behaviour(supervisor).
+
+%% API
+-export([start_link/0]).
+
+%% Supervisor callbacks
+-export([init/1]).
+
+start_link() ->
+    supervisor:start_link(?MODULE, []).
+
+init([]) ->
+    AChild = {harry,{app1_server,start_link,[]},
+	      permanent,2000,worker,[app1_server]},
+    {ok,{{one_for_all,0,1}, [AChild]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/heart_restart.bat b/lib/sasl/test/release_handler_SUITE_data/heart_restart.bat
index ede1ad4ff3..ede1ad4ff3 100755..100644
--- a/lib/sasl/test/release_handler_SUITE_data/heart_restart.bat
+++ b/lib/sasl/test/release_handler_SUITE_data/heart_restart.bat
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/README b/lib/sasl/test/release_handler_SUITE_data/lib/README
index 639a4ca0fb..ffb8c5120b 100644
--- a/lib/sasl/test/release_handler_SUITE_data/lib/README
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/README
@@ -8,6 +8,14 @@ a-1.2:
 can be upgraded to from a-1.1.
 No module have changed, but priv dir is added including one 'file'
 
+a-9.0:
+can be upgrade to from a-1.0
+Changes a_sup correctly - to test successful upgrade of supervisor
+
+a-9.1:
+can be upgrade to from a-1.0
+Changes a_sup faulty - to test failing upgrade of supervisor
+
 b-1.0:
 start version, includes b_lib and b_server
 
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-1.1/ebin/a.appup b/lib/sasl/test/release_handler_SUITE_data/lib/a-1.1/ebin/a.appup
index 05db4cb541..6ef67b869e 100644
--- a/lib/sasl/test/release_handler_SUITE_data/lib/a-1.1/ebin/a.appup
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-1.1/ebin/a.appup
@@ -1,3 +1,3 @@
 {"1.1",
  [{"1.0",[{update,a,{advanced,extra_par}}]}],
- []}.
+ [{"1.0",[{update,a,{advanced,extra_par}}]}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-1.1/src/a.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-1.1/src/a.erl
index c082ad5339..1050e53f35 100644
--- a/lib/sasl/test/release_handler_SUITE_data/lib/a-1.1/src/a.erl
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-1.1/src/a.erl
@@ -51,4 +51,6 @@ terminate(_Reason, _State) ->
     ok.
 
 code_change(1, Extra, State) ->
-    {ok, {state, bval}}.
+    {ok, {state, bval}};
+code_change({down,1},Extra,State) ->
+    {ok, state}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app
new file mode 100644
index 0000000000..aa436d3e8c
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app
@@ -0,0 +1,8 @@
+{application, a,
+	     [{description, "A  CXC 138 11"},
+              {vsn, "9.0"},
+	      {modules, [a, a_sup]},
+	      {registered, [a_sup]},
+	      {applications, [kernel, stdlib]},
+	      {env, [{key1, val1}]},
+	      {mod, {a_sup, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup
new file mode 100644
index 0000000000..c4071d57a3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup
@@ -0,0 +1,3 @@
+{"9.0",
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}],
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl
new file mode 100644
index 0000000000..1050e53f35
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl
@@ -0,0 +1,56 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a).
+
+
+-behaviour(gen_server).
+
+%% External exports
+-export([start_link/0, a/0, b/0]).
+%% Internal exports
+-export([init/1, handle_call/3, handle_info/2, terminate/2, code_change/3]).
+
+start_link() -> gen_server:start_link({local, aa}, a, [], []).
+
+a() -> gen_server:call(aa, a).
+b() -> gen_server:call(aa, b).
+
+%%-----------------------------------------------------------------
+%% Callback functions from gen_server
+%%-----------------------------------------------------------------
+init([]) ->
+    process_flag(trap_exit, true),
+    {ok, {state, bval}}.
+
+handle_call(a, _From, State) ->
+    X = application:get_all_env(a),
+    {reply, X, State};
+
+handle_call(b, _From, State) ->
+    {reply, {ok, element(2, State)}, State}.
+
+handle_info(_, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(1, Extra, State) ->
+    {ok, {state, bval}};
+code_change({down,1},Extra,State) ->
+    {ok, state}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl
new file mode 100644
index 0000000000..ae1d080f58
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl
@@ -0,0 +1,37 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a_sup).
+
+
+-behaviour(supervisor).
+
+%% External exports
+-export([start/2]).
+
+%% Internal exports
+-export([init/1]).
+
+start(_, _) ->
+    supervisor:start_link({local, a_sup}, a_sup, []).
+
+init([]) ->
+    SupFlags = {one_for_all, 4, 3600},
+    Config = {a,
+	      {a, start_link, []},
+	      permanent, brutal_kill, worker, [a]},
+    {ok, {SupFlags, [Config]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app
new file mode 100644
index 0000000000..5b467ec4e8
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app
@@ -0,0 +1,8 @@
+{application, a,
+	     [{description, "A  CXC 138 11"},
+              {vsn, "9.1"},
+	      {modules, [a, a_sup]},
+	      {registered, [a_sup]},
+	      {applications, [kernel, stdlib]},
+	      {env, [{key1, val1}]},
+	      {mod, {a_sup, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup
new file mode 100644
index 0000000000..efeb7f1fe3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup
@@ -0,0 +1,3 @@
+{"9.1",
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}],
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl
new file mode 100644
index 0000000000..1050e53f35
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl
@@ -0,0 +1,56 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a).
+
+
+-behaviour(gen_server).
+
+%% External exports
+-export([start_link/0, a/0, b/0]).
+%% Internal exports
+-export([init/1, handle_call/3, handle_info/2, terminate/2, code_change/3]).
+
+start_link() -> gen_server:start_link({local, aa}, a, [], []).
+
+a() -> gen_server:call(aa, a).
+b() -> gen_server:call(aa, b).
+
+%%-----------------------------------------------------------------
+%% Callback functions from gen_server
+%%-----------------------------------------------------------------
+init([]) ->
+    process_flag(trap_exit, true),
+    {ok, {state, bval}}.
+
+handle_call(a, _From, State) ->
+    X = application:get_all_env(a),
+    {reply, X, State};
+
+handle_call(b, _From, State) ->
+    {reply, {ok, element(2, State)}, State}.
+
+handle_info(_, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(1, Extra, State) ->
+    {ok, {state, bval}};
+code_change({down,1},Extra,State) ->
+    {ok, state}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl
new file mode 100644
index 0000000000..b0597dc5c3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl
@@ -0,0 +1,37 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a_sup).
+
+
+-behaviour(supervisor).
+
+%% External exports
+-export([start/2]).
+
+%% Internal exports
+-export([init/1]).
+
+start(_, _) ->
+    supervisor:start_link({local, a_sup}, a_sup, []).
+
+init([]) ->
+    SupFlags = {one_for_all, 4, 3600},
+    Config = {a,
+	      {a, start_link, []},
+	      permanent, brutal_kil, worker, [a]},
+    {ok, {SupFlags, [Config]}}.
diff --git a/lib/sasl/test/sasl_SUITE.erl b/lib/sasl/test/sasl_SUITE.erl
index 454095db6a..b6eaf41323 100644
--- a/lib/sasl/test/sasl_SUITE.erl
+++ b/lib/sasl/test/sasl_SUITE.erl
@@ -20,20 +20,21 @@
 -include_lib("common_test/include/ct.hrl").
 
 
-% Default timetrap timeout (set in init_per_testcase).
+%% Default timetrap timeout (set in init_per_testcase).
 -define(default_timeout, ?t:minutes(1)).
 -define(application, sasl).
 
-% Test server specific exports
+%% Test server specific exports
 -export([all/0,groups/0,init_per_group/2,end_per_group/2]).
 -export([init_per_testcase/2, end_per_testcase/2]).
 
-% Test cases must be exported.
+%% Test cases must be exported.
 -export([app_test/1,
+	 appup_test/1,
 	 log_mf_h_env/1]).
 
 all() -> 
-    [app_test, log_mf_h_env].
+    [app_test, appup_test, log_mf_h_env].
 
 groups() -> 
     [].
@@ -46,7 +47,7 @@ end_per_group(_GroupName, Config) ->
 
 
 init_per_testcase(_Case, Config) ->
-    ?line Dog=test_server:timetrap(?default_timeout),
+    Dog=test_server:timetrap(?default_timeout),
     [{watchdog, Dog}|Config].
 end_per_testcase(_Case, Config) ->
     Dog=?config(watchdog, Config),
@@ -54,9 +55,105 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 app_test(Config) when is_list(Config) ->
-    ?line ?t:app_test(sasl, allow),
+    ?t:app_test(sasl, allow),
     ok.
 
+%% Test that appup allows upgrade from/downgrade to a maximum of two
+%% major releases back.
+appup_test(_Config) ->
+    application:load(sasl),
+    {sasl,_,SaslVsn} = lists:keyfind(sasl,1,application:loaded_applications()),
+    Ebin = filename:join(code:lib_dir(sasl),ebin),
+    {ok,[{SaslVsn,UpFrom,DownTo}=Appup]} =
+	file:consult(filename:join(Ebin,"sasl.appup")),
+    ct:log("~p~n",[Appup]),
+    {OkVsns,NokVsns} = create_test_vsns(SaslVsn),
+    check_appup(OkVsns,UpFrom,{ok,[restart_new_emulator]}),
+    check_appup(OkVsns,DownTo,{ok,[restart_new_emulator]}),
+    check_appup(NokVsns,UpFrom,error),
+    check_appup(NokVsns,DownTo,error),
+    ok.
+
+
+%% For sasl, the versions up to R14B03 were not according to the rule
+%% used for other core applications - i.e. to change the second number
+%% at major releases, the third at maintenance releases and the fourth
+%% for patches - therefore test versions up to and including R16 are
+%% hardcoded.
+%% (All versions below are not necessarily existing.)
+-define(r12_vsns,["2.1.5"]).
+-define(r13_vsns,["2.1.6","2.1.7.1","2.1.9","2.1.9.1.2"]).
+-define(r14_vsns,["2.1.9.2","2.1.9.2.20","2.1.9.4","2.1.10"]).
+-define(r15_major,"2.2").
+-define(r16_major,"2.3").
+-define(r17_major,"2.4").
+create_test_vsns(?r15_major ++ Rest) ->
+    R15Vsns =
+	case string:tokens(Rest,".") of
+	    [] -> [];
+	    ["1"] -> [?r15_major];
+	    _ -> [?r15_major,?r15_major++".1"]
+	end,
+    OkVsns = ?r13_vsns ++ ?r14_vsns ++ R15Vsns,
+    NokVsns = ?r12_vsns ++ [?r15_major++",1", ?r16_major],
+    {OkVsns,NokVsns};
+create_test_vsns(?r16_major ++ Rest) ->
+    R16Vsns =
+	case string:tokens(Rest,".") of
+	    [] -> [];
+	    ["1"] -> [?r16_major];
+	    _ -> [?r16_major,?r16_major++".1"]
+	end,
+    OkVsns = ?r14_vsns ++ [?r15_major, ?r15_major ++ ".1.4"] ++ R16Vsns,
+    NokVsns = ?r13_vsns ++ [?r16_major++",1", ?r17_major],
+    {OkVsns,NokVsns};
+%% Normal erts case - i.e. for versions that comply to the erts standard
+create_test_vsns(Current) ->
+    [XStr,YStr|Rest] = string:tokens(Current,"."),
+    X = list_to_integer(XStr),
+    Y = list_to_integer(YStr),
+    SecondMajor = vsn(X,Y-2),
+    SecondMinor = SecondMajor ++ ".1.3",
+    FirstMajor = vsn(X,Y-1),
+    FirstMinor = FirstMajor ++ ".57",
+    ThisMajor = vsn(X,Y),
+    This =
+	case Rest of
+	    [] ->
+		[];
+	    ["1"] ->
+		[ThisMajor];
+	    _ ->
+		ThisMinor = ThisMajor ++ ".1",
+		[ThisMajor,ThisMinor]
+	end,
+    OkVsns = This ++ [FirstMajor, FirstMinor, SecondMajor, SecondMinor],
+
+    ThirdMajor = vsn(X,Y-3),
+    ThirdMinor = ThirdMajor ++ ".10.12",
+    Illegal = ThisMajor ++ ",1",
+    Newer1Major = vsn(X,Y+1),
+    Newer1Minor = Newer1Major ++ ".1",
+    Newer2Major = ThisMajor ++ "1",
+    NokVsns = [ThirdMajor,ThirdMinor,
+	       Illegal,
+	       Newer1Major,Newer1Minor,
+	       Newer2Major],
+    {OkVsns,NokVsns}.
+
+vsn(X,Y) ->
+    integer_to_list(X) ++ "." ++ integer_to_list(Y).
+
+check_appup([Vsn|Vsns],Instrs,Expected) ->
+    case systools_relup:appup_search_for_version(Vsn, Instrs) of
+	Expected -> check_appup(Vsns,Instrs,Expected);
+	Other -> ct:fail({unexpected_result_for_vsn,Vsn,Other})
+    end;
+check_appup([],_,_) ->
+    ok.
+
+
+
 %% OTP-9185 - fail sasl start if some but not all log_mf_h env vars
 %% are given.
 log_mf_h_env(Config) ->
diff --git a/lib/sasl/test/systools_SUITE.erl b/lib/sasl/test/systools_SUITE.erl
index e352247d44..4cf7364d74 100644
--- a/lib/sasl/test/systools_SUITE.erl
+++ b/lib/sasl/test/systools_SUITE.erl
@@ -28,9 +28,9 @@
 
 -module(systools_SUITE).
 
-%-define(debug, true).
+%%-define(debug, true).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -define(format(S, A), ok).
 -define(datadir, ?config(data_dir, Config)).
 -define(privdir, ?config(priv_dir, Config)).
@@ -40,19 +40,22 @@
 
 -export([all/0,suite/0,groups/0,init_per_group/2,end_per_group/2]).
 
--export([ script_options/1, normal_script/1, no_mod_vsn_script/1,
-	  wildcard_script/1, variable_script/1,
-	  abnormal_script/1, src_tests_script/1, crazy_script/1,
-	  warn_shadow_script/1,
-	  included_script/1, included_override_script/1,
-	  included_fail_script/1, included_bug_script/1, exref_script/1]).
--export([ tar_options/1, normal_tar/1, no_mod_vsn_tar/1, variable_tar/1,
-	  src_tests_tar/1, shadow_tar/1, var_tar/1,
-	  exref_tar/1, link_tar/1, otp_9507/1]).
--export([ normal_relup/1, abnormal_relup/1, no_appup_relup/1,
-	  bad_appup_relup/1, app_start_type_relup/1, otp_3065/1]).
--export([
-	 otp_6226/1]).
+-export([script_options/1, normal_script/1, no_mod_vsn_script/1,
+	 wildcard_script/1, variable_script/1, no_sasl_script/1,
+	 abnormal_script/1, src_tests_script/1, crazy_script/1,
+	 included_script/1, included_override_script/1,
+	 included_fail_script/1, included_bug_script/1, exref_script/1,
+	 otp_3065_circular_dependenies/1]).
+-export([tar_options/1, normal_tar/1, no_mod_vsn_tar/1, system_files_tar/1,
+	 system_files_tar/2, invalid_system_files_tar/1,
+	 invalid_system_files_tar/2, variable_tar/1,
+	 src_tests_tar/1, var_tar/1, exref_tar/1, link_tar/1,
+	 otp_9507_path_ebin/1]).
+-export([normal_relup/1, restart_relup/1, abnormal_relup/1, no_sasl_relup/1,
+	 no_appup_relup/1, bad_appup_relup/1, app_start_type_relup/1,
+	 regexp_relup/1]).
+-export([normal_hybrid/1,hybrid_no_old_sasl/1,hybrid_no_new_sasl/1]).
+-export([otp_6226_outdir/1]).
 -export([init_per_suite/1, end_per_suite/1, 
 	 init_per_testcase/2, end_per_testcase/2]).
 
@@ -67,25 +70,27 @@ suite() ->
     [{ct_hooks, [ts_install_cth]}].
 
 all() -> 
-    [{group, script}, {group, tar}, {group, relup},
-     {group, tickets}].
+    [{group, script}, {group, tar}, {group, relup}, {group, hybrid},
+     {group, options}].
 
 groups() -> 
     [{script, [],
       [script_options, normal_script, no_mod_vsn_script,
        wildcard_script, variable_script, abnormal_script,
-       src_tests_script, crazy_script, warn_shadow_script,
+       no_sasl_script, src_tests_script, crazy_script,
        included_script, included_override_script,
        included_fail_script, included_bug_script, exref_script,
-       otp_3065]},
+       otp_3065_circular_dependenies]},
      {tar, [],
-      [tar_options, normal_tar, no_mod_vsn_tar, variable_tar,
-       src_tests_tar, shadow_tar, var_tar,
-       exref_tar, link_tar, otp_9507]},
+      [tar_options, normal_tar, no_mod_vsn_tar, system_files_tar,
+       invalid_system_files_tar, variable_tar,
+       src_tests_tar, var_tar, exref_tar, link_tar, otp_9507_path_ebin]},
      {relup, [],
-      [normal_relup, abnormal_relup, no_appup_relup,
-       bad_appup_relup, app_start_type_relup]},
-     {tickets, [], [otp_6226]}].
+      [normal_relup, restart_relup, abnormal_relup, no_sasl_relup,
+       no_appup_relup, bad_appup_relup, app_start_type_relup, regexp_relup
+      ]},
+     {hybrid, [], [normal_hybrid,hybrid_no_old_sasl,hybrid_no_new_sasl]},
+     {options, [], [otp_6226_outdir]}].
 
 init_per_group(_GroupName, Config) ->
     Config.
@@ -100,17 +105,17 @@ init_per_suite(Config) when is_list(Config) ->
     %% Make of copy of the data directory.
     DataDir = ?datadir,
     PrivDir = ?privdir,
-    ?line CopyDir = fname(PrivDir, "datacopy"),
-    ?line TarFile = fname(PrivDir, "datacopy.tgz"),
-    ?line {ok, Tar} = erl_tar:open(TarFile, [write, compressed]),
-    ?line ok = erl_tar:add(Tar, DataDir, CopyDir, [compressed]),
-    ?line ok = erl_tar:close(Tar),
-    ?line ok = erl_tar:extract(TarFile, [compressed]),
-    ?line ok = file:delete(TarFile),
+    CopyDir = fname(PrivDir, "datacopy"),
+    TarFile = fname(PrivDir, "datacopy.tgz"),
+    {ok, Tar} = erl_tar:open(TarFile, [write, compressed]),
+    ok = erl_tar:add(Tar, DataDir, CopyDir, [compressed]),
+    ok = erl_tar:close(Tar),
+    ok = erl_tar:extract(TarFile, [compressed]),
+    ok = file:delete(TarFile),
 
     %% Compile source files in the copy directory.
-    ?line Sources = filelib:wildcard(fname([CopyDir,'*','*','*','*','*.erl'])),
-    ?line lists:foreach(fun compile_source/1, Sources),
+    Sources = filelib:wildcard(fname([CopyDir,'*','*','*','*','*.erl'])),
+    lists:foreach(fun compile_source/1, Sources),
 
     %% To use in end_per_testcase
     Path = code:get_path(),
@@ -141,10 +146,13 @@ init_per_testcase(link_tar, Config) ->
 	{win32, _} -> {skip, "Skip on windows"}
     end;
 init_per_testcase(_Case, Config) ->
-    ?line Dog = test_server:timetrap(?default_timeout),
+    Dog = test_server:timetrap(?default_timeout),
     [{watchdog, Dog}|Config].
 
-end_per_testcase(_Case, Config) ->
+end_per_testcase(Case, Config) ->
+    try apply(?MODULE,Case,[cleanup,Config])
+    catch error:undef -> ok
+    end,
     Dog=?config(watchdog, Config),
     test_server:timetrap_cancel(Dog),
     case {?config(path,Config),?config(cwd,Config)} of
@@ -172,502 +180,468 @@ end_per_testcase(_Case, Config) ->
 %%
 
 
-%% make_script
-%%
-script_options(suite) -> [];
-script_options(doc) ->
-    ["Check illegal script options."];
+%% make_script: Check illegal script options
 script_options(Config) when is_list(Config) ->
-    ?line {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
-       (catch systools:make_script("release", [{path,["Path",12,"Another"]}])),
-    ?line {'EXIT',{{badarg,[sillent]}, _}} =
+    {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
+	(catch systools:make_script("release", [{path,["Path",12,"Another"]}])),
+    {'EXIT',{{badarg,[sillent]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},sillent])),
-    ?line {'EXIT',{{badarg,[locall]}, _}} =
+    {'EXIT',{{badarg,[locall]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},locall])),
-    ?line {'EXIT',{{badarg,[src_testsxx]}, _}} =
+    {'EXIT',{{badarg,[src_testsxx]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path"]},src_testsxx])),
-    ?line {'EXIT',{{badarg,[{variables, {"TEST", "/home/lib"}}]}, _}} =
+    {'EXIT',{{badarg,[{variables, {"TEST", "/home/lib"}}]}, _}} =
 	(catch systools:make_script("release",
 				    [{variables, {"TEST", "/home/lib"}}])),
-    ?line {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
+    {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
 	(catch systools:make_script("release",
 				    [{variables, [{a, b}, {"a", "b"}]}])),
-    ?line {'EXIT',{{badarg,[exreff]}, _}} =
+    {'EXIT',{{badarg,[exreff]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},exreff])),
-    ?line {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
+    {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
 	(catch systools:make_script("release", [{exref,["appl"]}])),
-    ?line {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
+    {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
 	(catch systools:make_script("release", [{machine,"appl"}])),
     ok.
 
 
-%% make_script
-%%
-normal_script(suite) -> [];
-normal_script(doc) ->
-    ["Check that make_script handles normal case."];
+%% make_script: Check that normal case
 normal_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
 
-    ?line true = code:add_patha(P1),
-    ?line true = code:add_patha(P2),
+    true = code:add_patha(P1),
+    true = code:add_patha(P2),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(filename:basename(LatestName)),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = systools:make_script(filename:basename(LatestName)),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Check the same but w. silent flag
-    ?line {ok, _, []} = systools:make_script(LatestName, [silent]),
+    {ok, _, []} = systools:make_script(LatestName, [silent]),
 
     %% Use the local option
-    ?line ok = systools:make_script(LatestName, [local]),
-    ?line ok = check_script_path(LatestName),
+    ok = systools:make_script(LatestName, [local]),
+    ok = check_script_path(LatestName),
 
     %% use the path option
-    ?line code:set_path(PSAVE),			% Restore path
+    code:set_path(PSAVE),			% Restore path
     %% Mess up std path:
-    ?line true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
-    ?line true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
+    true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
+    true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
 
-    ?line error = systools:make_script(LatestName),	%should fail
-    ?line ok = systools:make_script(LatestName,[{path, [P1, P2]}]),
+    error = systools:make_script(LatestName),	%should fail
+    ok = systools:make_script(LatestName,[{path, [P1, P2]}]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 
-%% make_script
-%%
-no_mod_vsn_script(suite) -> [];
-no_mod_vsn_script(doc) ->
-    ["Check that make_script handles normal case.",
-     "Modules specified without version in .app file (db-3.1)."
-     "Note that this is now the normal way - i.e. systools now "
-     "ignores the module versions in the .app file."];
+%% make_script:
+%% Modules specified without version in .app file (db-3.1).
+%% Note that this is now the normal way - i.e. systools now ignores
+%% the module versions in the .app file.
 no_mod_vsn_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
+    {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P1 = fname([LibDir, 'db-3.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P1 = fname([LibDir, 'db-3.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
 
-    ?line true = code:add_patha(P1),
-    ?line true = code:add_patha(P2),
+    true = code:add_patha(P1),
+    true = code:add_patha(P2),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(filename:basename(LatestName)),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = systools:make_script(filename:basename(LatestName)),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Check the same but w. silent flag
-    ?line {ok, _, []} = systools:make_script(LatestName, [silent]),
+    {ok, _, []} = systools:make_script(LatestName, [silent]),
 
     %% Use the local option
-    ?line ok = systools:make_script(LatestName, [local]),
-    ?line ok = check_script_path(LatestName),
+    ok = systools:make_script(LatestName, [local]),
+    ok = check_script_path(LatestName),
 
     %% use the path option
-    ?line code:set_path(PSAVE),			% Restore path
+    code:set_path(PSAVE),			% Restore path
     %% Mess up std path:
-    ?line true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
-    ?line true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
+    true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
+    true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
 
-    ?line error = systools:make_script(LatestName),	%should fail
-    ?line ok = systools:make_script(LatestName,
-				    [{path, [P1, P2]}]),
+    error = systools:make_script(LatestName),	%should fail
+    ok = systools:make_script(LatestName,
+			      [{path, [P1, P2]}]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 
-%% make_script
-%%
-wildcard_script(suite) -> [];
-wildcard_script(doc) ->
-    ["Check that make_script handles wildcards in path."];
+%% make_script: Check that make_script handles wildcards in path.
 wildcard_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line WildDir = fname([LibDir, '*', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    WildDir = fname([LibDir, '*', ebin]),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line error = systools:make_script(filename:basename(LatestName)),
+    error = systools:make_script(filename:basename(LatestName)),
 
-    ?line ok = systools:make_script(LatestName,
-				    [{path, [WildDir]}]),
+    ok = systools:make_script(LatestName,
+			      [{path, [WildDir]}]),
 
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-variable_script(suite) -> [];
-variable_script(doc) ->
-    ["Add own installation dependent variable in script."];
+%% make_script: Add own installation dependent variable in script.
 variable_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(LatestName,
-				    [{path, P},
-				     {variables, [{"TEST", LibDir}]}]),
+    ok = systools:make_script(LatestName,
+			      [{path, P},
+			       {variables, [{"TEST", LibDir}]}]),
 
     %% Check variables
-    ?line ok = check_var_script_file([fname(['$TEST', 'db-2.1', ebin]),
-				      fname(['$TEST', 'fe-3.1', ebin])],
-				     P,
-				     LatestName),
+    ok = check_var_script_file([fname(['$TEST', 'db-2.1', ebin]),
+				fname(['$TEST', 'fe-3.1', ebin])],
+			       P,
+			       LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-abnormal_script(suite) -> [];
-abnormal_script(doc) ->
-    ["Abnormal cases."];
+%% make_script: Abnormal cases.
 abnormal_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
+    DataDir = filename:absname(?copydir),
 
-    ?line ok = file:set_cwd(LatestDir),
-    ?line LibDir = fname([DataDir, d_bad_app_vsn, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    ok = file:set_cwd(LatestDir),
+    LibDir = fname([DataDir, d_bad_app_vsn, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
     %% Check wrong app vsn
-    ?line error = systools:make_script(LatestName, [{path, P}]),
-    ?line {error,
-	   systools_make,
-	   [{error_reading, {db, {no_valid_version,
-				  {{"should be","2.1"},
-				   {"found file", _, "2.0"}}}}}]} =
+    error = systools:make_script(LatestName, [{path, P}]),
+    {error,
+     systools_make,
+     [{error_reading, {db, {no_valid_version,
+			    {{"should be","2.1"},
+			     {"found file", _, "2.0"}}}}}]} =
 	systools:make_script(LatestName, [silent, {path, P}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-src_tests_script(suite) -> [];
-src_tests_script(doc) ->
-    ["Do not check date of object file or that source code can be found."];
+%% make_script: Create script without sasl appl. Check warning.
+no_sasl_script(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest1_no_sasl,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    {ok, _ , [{warning,missing_sasl}]} =
+	systools:make_script(LatestName,[{path, P},silent]),
+
+    {ok, _ , []} =
+	systools:make_script(LatestName,[{path, P},silent, no_warn_sasl]),
+
+    ok = file:set_cwd(OldDir),
+    ok.
+
+
+%% make_script: Do not check date of object file or that source code
+%% can be found.
 src_tests_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
-    ?line BootFile = LatestName ++ ".boot",
+    {LatestDir, LatestName} = create_script(latest,Config),
+    BootFile = LatestName ++ ".boot",
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_missing_src, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_missing_src, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
     N = [P1, P2],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Manipulate the modification date of a beam file so it seems
     %% older than its .erl file
-    ?line Erl = filename:join([P1,"..","src","db1.erl"]),
-    ?line {ok, FileInfo=#file_info{mtime={{Y,M,D},T}}} = file:read_file_info(Erl),
-    ?line Beam = filename:join(P1,"db1.beam"),
-    ?line ok=file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
+    Erl = filename:join([P1,"..","src","db1.erl"]),
+    {ok, FileInfo=#file_info{mtime={{Y,M,D},T}}} = file:read_file_info(Erl),
+    Beam = filename:join(P1,"db1.beam"),
+    ok=file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
 
     %% Remove a .erl file
-    ?line Erl2 = filename:join([P1,"..","src","db2.erl"]),
-    ?line file:delete(Erl2),
+    Erl2 = filename:join([P1,"..","src","db2.erl"]),
+    file:delete(Erl2),
 
     %% Then make script
 
     %% .boot file should not exist
-    ?line ok = file:delete(BootFile),
-    ?line false = filelib:is_regular(BootFile),
+    ok = file:delete(BootFile),
+    false = filelib:is_regular(BootFile),
     %% With warnings_as_errors and src_tests option, an error should be issued
-    ?line error =
+    error =
 	systools:make_script(LatestName, [silent, {path, N}, src_tests,
 					  warnings_as_errors]),
-    ?line error =
+    error =
 	systools:make_script(LatestName, [{path, N}, src_tests,
 					  warnings_as_errors]),
 
     %% due to warnings_as_errors .boot file should still not exist
-    ?line false = filelib:is_regular(BootFile),
+    false = filelib:is_regular(BootFile),
 
     %% Two warnings should be issued when src_tests is given
     %% 1. old object code for db1.beam
     %% 2. missing source code for db2.beam
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_script(LatestName, [silent, {path, N}, src_tests]),
 
     %% .boot file should exist now
-    ?line true = filelib:is_regular(BootFile),
+    true = filelib:is_regular(BootFile),
 
     %% Without the src_tests option, no warning should be issued
-    ?line {ok, _, []} =
+    {ok, _, []} =
 	systools:make_script(LatestName, [silent, {path, N}]),
 
     %% Check that the old no_module_tests option (from the time when
     %% it was default to do the src_test) is ignored
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_script(LatestName, [silent,
 					  {path, N},
 					  no_module_tests,
 					  src_tests]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),
     ok.
 
-%% make_script
-%%
-warn_shadow_script(suite) -> [];
-warn_shadow_script(doc) ->
-    ["Check that jam file out of date warning doesn't",
-     "shadow bad module version error."];
-warn_shadow_script(Config) when is_list(Config) ->
-    %% This test has been removed since the 'vsn' attribute is
-    %% not used any more, starting with R6. No warning
-    %% 'obj_out_of_date' seemed to be generated.
-    true.
-
-
-%% make_script
-%%
-crazy_script(suite) -> [];
-crazy_script(doc) ->
-    ["Do the crazy cases."];
+%% make_script: Do the crazy cases.
 crazy_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest, Config),
+    {LatestDir, LatestName} = create_script(latest, Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Run with bad path
-    ?line error = systools:make_script(LatestName),
-    ?line {error, _, [{error_reading, _}, {error_reading, _}]} =
+    error = systools:make_script(LatestName),
+    {error, _, [{error_reading, _}, {error_reading, _}]} =
 	systools:make_script(LatestName, [silent]),
 
     %% Run with .rel file lacking kernel
-    ?line {LatestDir2, LatestName2} = create_script(latest_nokernel, Config),
-    ?line ok = file:set_cwd(LatestDir2),
+    {LatestDir2, LatestName2} = create_script(latest_nokernel, Config),
+    ok = file:set_cwd(LatestDir2),
 
-    ?line error = systools:make_script(LatestName2),
-    ?line {error, _, {missing_mandatory_app,[kernel,stdlib]}} =
+    error = systools:make_script(LatestName2),
+    {error, _, {missing_mandatory_app,kernel}} =
 	systools:make_script(LatestName2, [silent,{path,P}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    %% Run with .rel file with non-permanent kernel
+    {LatestDir3, LatestName3} = create_script(latest_kernel_start_type, Config),
+    ok = file:set_cwd(LatestDir3),
+
+    error = systools:make_script(LatestName3),
+    {error, _, {mandatory_app,kernel,load}} =
+	systools:make_script(LatestName3, [silent,{path,P}]),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_script(suite) -> [];
-included_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "for applications with included applications."];
+%% make_script: Check that make_script handles generation of script
+%% for applications with included applications.
 included_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc1, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t1, t2, t3, t5, t4, t6],
-				    [t1, t3, t6]),
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc1, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t1, t2, t3, t5, t4, t6],
+			      [t1, t3, t6]),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_override_script(suite) -> [];
-included_override_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "for applications with included applications which are override by",
-     "the .rel file."];
+%% make_script: Check that make_script handles generation of script
+%% for applications with included applications which are override by
+%% the .rel file.
 included_override_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc2, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t1, t2, t3, t4, t6, t5],
-				    [t1, t3, t6, t5]),
-
-    ?line {_, LatestName1} = create_include_files(inc3, Config),
-    ?line ok = systools:make_script(LatestName1),
-    ?line ok = check_include_script(LatestName1,
-				    [t3, t5, t4, t6, t1, t2],
-				    [t3, t6, t1, t2]),
-
-    ?line {_, LatestName2} = create_include_files(inc4, Config),
-    ?line ok = systools:make_script(LatestName2),
-    ?line ok = check_include_script(LatestName2,
-				    [t3, t4, t6, t5, t1, t2],
-				    [t3, t6, t5, t1, t2]),
-
-    ?line {_, LatestName3} = create_include_files(inc5, Config),
-    ?line ok = systools:make_script(LatestName3),
-    ?line ok = check_include_script(LatestName3,
-				    [t3, t4, t6, t1, t2],
-				    [t3, t6, t1, t2]),
-
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc2, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t1, t2, t3, t4, t6, t5],
+			      [t1, t3, t6, t5]),
+
+    {_, LatestName1} = create_include_files(inc3, Config),
+    ok = systools:make_script(LatestName1),
+    ok = check_include_script(LatestName1,
+			      [t3, t5, t4, t6, t1, t2],
+			      [t3, t6, t1, t2]),
+
+    {_, LatestName2} = create_include_files(inc4, Config),
+    ok = systools:make_script(LatestName2),
+    ok = check_include_script(LatestName2,
+			      [t3, t4, t6, t5, t1, t2],
+			      [t3, t6, t5, t1, t2]),
+
+    {_, LatestName3} = create_include_files(inc5, Config),
+    ok = systools:make_script(LatestName3),
+    ok = check_include_script(LatestName3,
+			      [t3, t4, t6, t1, t2],
+			      [t3, t6, t1, t2]),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_fail_script(suite) -> [];
-included_fail_script(doc) ->
-    ["Check that make_script handles errors then generating",
-     "script with included applications."];
+%% make_script: Check that make_script handles errors then generating
+%% script with included applications.
 included_fail_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc6, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line {error, _, {undefined_applications,[t2]}} =
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc6, Config),
+    ok = file:set_cwd(LatestDir),
+    {error, _, {undefined_applications,[t2]}} =
 	systools:make_script(LatestName, [silent]),
 
-    ?line {_, LatestName1} = create_include_files(inc7, Config),
-    ?line {error, _, {duplicate_include,[{{t5,t7,_,_},{t5,t6,_,_}}]}} =
+    {_, LatestName1} = create_include_files(inc7, Config),
+    {error, _, {duplicate_include,[{{t5,t7,_,_},{t5,t6,_,_}}]}} =
 	systools:make_script(LatestName1, [silent]),
 
-    ?line {_, LatestName3} = create_include_files(inc9, Config),
-    ?line {error, _, {circular_dependencies,[{t10,_},{t8,_}]}} =
+    {_, LatestName3} = create_include_files(inc9, Config),
+    {error, _, {circular_dependencies,[{t10,_},{t8,_}]}} =
 	systools:make_script(LatestName3, [silent]),
 
-    ?line {_, LatestName4} = create_include_files(inc10, Config),
-    ?line {error, _, [{error_reading,{t9,{override_include,[t7]}}}]} =
+    {_, LatestName4} = create_include_files(inc10, Config),
+    {error, _, [{error_reading,{t9,{override_include,[t7]}}}]} =
 	systools:make_script(LatestName4, [silent]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_bug_script(suite) -> [];
-included_bug_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "with difficult dependency for included applications."];
+%% make_script: Check that make_script handles generation of script
+%% with difficult dependency for included applications.
 included_bug_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc11, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t13, t11, t12],
-				    [t11, t12]),
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc11, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t13, t11, t12],
+			      [t11, t12]),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-otp_3065(suite) -> [];
-otp_3065(doc) ->
-    ["Circular dependencies in systools:make_script()."];
-otp_3065(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(otp_3065, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [aa12, chAts, chTraffic],
-				    [chTraffic]),
-    ?line ok = file:set_cwd(OldDir),
+%% make_script: Circular dependencies in systools:make_script().
+otp_3065_circular_dependenies(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} =
+	create_include_files(otp_3065_circular_dependenies, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [aa12, chAts, chTraffic],
+			      [chTraffic]),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-exref_script(suite) -> [];
-exref_script(doc) ->
-    ["Check that make_script exref option works."];
+%% make_script: Check that make_script exref option works.
 exref_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [{path,P}, silent]),
+    {ok, _, _} = systools:make_script(LatestName, [{path,P}, silent]),
 
     %% Complete exref
-    ?line {ok, _, W1} = 
+    {ok, _, W1} =
 	systools:make_script(LatestName, [exref, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W1),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(with_db1, W1),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Only exref the db application.
-    ?line {ok, _, W2} =
+    {ok, _, W2} =
 	systools:make_script(LatestName, [{exref,[db]}, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W2),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(with_db1, W2),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Only exref the fe application.
-    ?line {ok, _, W3} =
+    {ok, _, W3} =
 	systools:make_script(LatestName, [{exref,[fe]}, {path,P}, silent]),
-    ?line check_exref_warnings(without_db1, W3),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(without_db1, W3),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% exref the db and stdlib applications.
-    ?line {ok, _, W4} =
+    {ok, _, W4} =
 	systools:make_script(LatestName, [{exref,[db,stdlib]}, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W4),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    check_exref_warnings(with_db1, W4),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 check_exref_warnings(with_db1, W) ->
@@ -697,11 +671,11 @@ filter({ok, W}) ->
     {ok, filter(W)};
 filter(L) ->
     lists:filter(fun%({hipe_consttab,_,_}) -> false;
-		    ({int,_,_}) -> false;
-		    ({i,_,_}) -> false;
-		    ({crypto,_,_}) -> false;
-		    (_) -> true
-		 end,
+		     ({int,_,_}) -> false;
+		     ({i,_,_}) -> false;
+		     ({crypto,_,_}) -> false;
+		     (_) -> true
+		end,
 		 L).
 
 get_exref1(T, [{warning, {T, Value}}|_]) -> {ok, Value};
@@ -721,197 +695,268 @@ no_hipe({ok, Value}) ->
 	    {ok, Value}
     end.
 
-%% tar_options
-%%
-tar_options(suite) -> [];
-tar_options(doc) ->
-    ["Check illegal tar options."];
+%% tar_options: Check illegal tar options.
 tar_options(Config) when is_list(Config) ->
-    ?line {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
+    {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
 	(catch systools:make_tar("release", [{path,["Path",12,"Another"]}])),
-    ?line {'EXIT',{{badarg,[sillent]}, _}} =
+    {'EXIT',{{badarg,[sillent]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path","Another"]},sillent])),
-    ?line {'EXIT',{{badarg,[{dirs,["dirs"]}]}, _}} =
+    {'EXIT',{{badarg,[{dirs,["dirs"]}]}, _}} =
 	(catch systools:make_tar("release", [{dirs, ["dirs"]}])),
-    ?line {'EXIT',{{badarg,[{erts, illegal}]}, _}} =
+    {'EXIT',{{badarg,[{erts, illegal}]}, _}} =
 	(catch systools:make_tar("release", [{erts, illegal}])),
-    ?line {'EXIT',{{badarg,[src_testsxx]}, _}} =
+    {'EXIT',{{badarg,[src_testsxx]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path"]},src_testsxx])),
-    ?line {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
+    {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
 	(catch systools:make_tar("release",
 				 [{variables, [{a, b}, {"a", "b"}]}])),
-    ?line {'EXIT',{{badarg,[{var_tar, illegal}]}, _}} =
+    {'EXIT',{{badarg,[{var_tar, illegal}]}, _}} =
 	(catch systools:make_tar("release", [{var_tar, illegal}])),
-    ?line {'EXIT',{{badarg,[exreff]}, _}} =
+    {'EXIT',{{badarg,[exreff]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path","Another"]},exreff])),
-    ?line {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
+    {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
 	(catch systools:make_tar("release", [{exref,["appl"]}])),
-    ?line {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
+    {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
 	(catch systools:make_tar("release", [{machine,"appl"}])),
     ok.
 
 
-%% normal_tar
-%%
-normal_tar(suite) -> [];
-normal_tar(doc) ->
-    ["Check normal case"];
+%% make_tar: Check normal case
 normal_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
-    ?line ok = systools:make_tar(LatestName, [{path, P}]),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
-    ?line {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% no_mod_vsn_tar
-%%
-no_mod_vsn_tar(suite) -> [];
-no_mod_vsn_tar(doc) ->
-    ["Check normal case",
-     "Modules specified without version in .app file (db-3.1)."
-     "Note that this is now the normal way - i.e. systools now "
-     "ignores the module versions in the .app file."];
+%% make_tar: Modules specified without version in .app file (db-3.1).
+%% Note that this is now the normal way - i.e. systools now ignores
+%% the module versions in the .app file.
 no_mod_vsn_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
+    {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-3.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-3.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
-    ?line ok = systools:make_tar(LatestName, [{path, P}]),
-    ?line ok = check_tar(fname([lib,'db-3.1',ebin,'db.app']), LatestName),
-    ?line {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname([lib,'db-3.1',ebin,'db.app']), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% variable_tar
-%%
-variable_tar(suite) -> [];
-variable_tar(doc) ->
-    ["Use variable and create separate tar (included in generated tar)."];
+
+%% make_tar: Check that relup or sys.config are included if they exist
+system_files_tar(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    %% Add dummy relup and sys.config
+    ok = file:write_file("sys.config","[].\n"),
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname(["releases","LATEST","sys.config"]), LatestName),
+    ok = check_tar(fname(["releases","LATEST","relup"]), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname(["releases","LATEST","sys.config"]), LatestName),
+    ok = check_tar(fname(["releases","LATEST","relup"]), LatestName),
+
+    ok = file:set_cwd(OldDir),
+
+    ok.
+
+system_files_tar(cleanup,Config) ->
+    Dir = ?privdir,
+    file:delete(filename:join(Dir,"sys.config")),
+    file:delete(filename:join(Dir,"relup")),
+    ok.
+
+
+%% make_tar: Check that make_tar fails if relup or sys.config exist
+%% but do not have valid content
+invalid_system_files_tar(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+
+    %% Add dummy relup and sys.config - faulty sys.config
+    ok = file:write_file("sys.config","[]\n"), %!!! syntax error - missing '.'
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"sys.config",[{error,_}]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty sys.config
+    ok = file:write_file("sys.config","[x,y].\n"), %!!! faulty format
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"sys.config",[invalid_format]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty relup
+    ok = file:write_file("sys.config","[]\n"),
+    ok = file:write_file("relup","{\"LATEST\"\n"), %!!! syntax error - truncated
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"relup",[{error,_}]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty relup
+    ok = file:write_file("sys.config","[]\n"),
+    ok = file:write_file("relup","[].\n"), %!!! faulty format
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"relup",[invalid_format]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    ok = file:set_cwd(OldDir),
+
+    ok.
+
+invalid_system_files_tar(cleanup,Config) ->
+    Dir = ?privdir,
+    file:delete(filename:join(Dir,"sys.config")),
+    file:delete(filename:join(Dir,"relup")),
+    ok.
+
+
+%% make_tar: Use variable and create separate tar (included in generated tar).
 variable_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName,
-					    [silent,
-					     {path, P},
-					     {variables,[{"TEST", LibDir}]}]),
+    {ok, _, _} = systools:make_script(LatestName,
+				      [silent,
+				       {path, P},
+				       {variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {variables,[{"TEST", LibDir}]}]),
-    ?line ok = check_var_tar("TEST", LatestName),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{variables,[{"TEST", LibDir}]}]),
+    ok = check_var_tar("TEST", LatestName),
 
-    ?line {ok, _, _} = systools:make_tar(LatestName,
-					 [{path, P}, silent,
-					  {variables,[{"TEST", LibDir}]}]),
-    ?line ok = check_var_tar("TEST", LatestName),
+    {ok, _, _} = systools:make_tar(LatestName,
+				   [{path, P}, silent,
+				    {variables,[{"TEST", LibDir}]}]),
+    ok = check_var_tar("TEST", LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% link_tar
-%%
-link_tar(suite) -> [];
-link_tar(doc) ->
-    ["Check that symlinks in applications are handled correctly"];
+%% make_tar: Check that symlinks in applications are handled correctly.
 link_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_links, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_links, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
     %% Make some links
-    ?line Db1Erl = fname(['db-2.1',src,'db1.erl']),
-    ?line NormalDb1Erl = fname([DataDir,d_normal,lib,Db1Erl]),
-    ?line LinkDb1Erl = fname([LibDir, Db1Erl]),
-    ?line ok = file:make_symlink(NormalDb1Erl, LinkDb1Erl),
-    ?line Db1Beam = fname(['db-2.1',ebin,'db1.beam']),
-    ?line NormalDb1Beam = fname([DataDir,d_normal,lib,Db1Beam]),
-    ?line LinkDb1Beam = fname([LibDir, Db1Beam]),
-    ?line ok = file:make_symlink(NormalDb1Beam, LinkDb1Beam),
-    ?line FeApp = fname(['fe-3.1',ebin,'fe.app']),
-    ?line NormalFeApp = fname([DataDir,d_normal,lib,FeApp]),
-    ?line LinkFeApp = fname([LibDir, FeApp]),
-    ?line ok = file:make_symlink(NormalFeApp, LinkFeApp),
-    
+    Db1Erl = fname(['db-2.1',src,'db1.erl']),
+    NormalDb1Erl = fname([DataDir,d_normal,lib,Db1Erl]),
+    LinkDb1Erl = fname([LibDir, Db1Erl]),
+    ok = file:make_symlink(NormalDb1Erl, LinkDb1Erl),
+    Db1Beam = fname(['db-2.1',ebin,'db1.beam']),
+    NormalDb1Beam = fname([DataDir,d_normal,lib,Db1Beam]),
+    LinkDb1Beam = fname([LibDir, Db1Beam]),
+    ok = file:make_symlink(NormalDb1Beam, LinkDb1Beam),
+    FeApp = fname(['fe-3.1',ebin,'fe.app']),
+    NormalFeApp = fname([DataDir,d_normal,lib,FeApp]),
+    LinkFeApp = fname([LibDir, FeApp]),
+    ok = file:make_symlink(NormalFeApp, LinkFeApp),
+
     %% Create the tar and check that the linked files are included as
     %% regular files
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{path, P},silent]),
-
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar_regular(?privdir,
-				 [fname([lib,FeApp]),
-				  fname([lib,Db1Beam])],
-				 LatestName),
-    
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
-						       {dirs, [src]}]),
-    ?line ok = check_tar_regular(?privdir,
-				 [fname([lib,FeApp]),
-				  fname([lib,Db1Beam]),
-				  fname([lib,Db1Erl])],
-				 LatestName),
-
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(LatestDir),
+
+    {ok,_,[]} = systools:make_script(LatestName, [{path, P},silent]),
+
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar_regular(?privdir,
+			   [fname([lib,FeApp]),
+			    fname([lib,Db1Beam])],
+			   LatestName),
+
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
+						 {dirs, [src]}]),
+    ok = check_tar_regular(?privdir,
+			   [fname([lib,FeApp]),
+			    fname([lib,Db1Beam]),
+			    fname([lib,Db1Erl])],
+			   LatestName),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% src_tests_tar
-%%
-src_tests_tar(suite) -> [];
-src_tests_tar(doc) ->
-    ["Do not check date of object file or that source code can be found."];
+%% make_tar: Do not check date of object file or that source code can be found.
 src_tests_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_missing_src, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_missing_src, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
     P = [P1, P2],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Manipulate the modification date of a beam file so it seems
     %% older than the .erl file
@@ -921,282 +966,308 @@ src_tests_tar(Config) when is_list(Config) ->
     ok = file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
 
     %% Remove a .erl file
-    ?line Erl2 = filename:join([P1,"..","src","db2.erl"]),
-    ?line file:delete(Erl2),
+    Erl2 = filename:join([P1,"..","src","db2.erl"]),
+    file:delete(Erl2),
 
-    ?line ok = systools:make_script(LatestName, [{path, P}]),
+    ok = systools:make_script(LatestName, [{path, P}]),
 
     %% Then make tar - two warnings should be issued when
     %% src_tests is given
     %% 1. old object code for db1.beam
     %% 2. missing source code for db2.beam
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-    		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_tar(LatestName, [{path, P}, silent,
 				       {dirs, [src]},
 				       src_tests]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
     %% Without the src_tests option, no warning should be issued
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
-						       {dirs, [src]}]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
+						 {dirs, [src]}]),
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
     %% Check that the old no_module_tests option (from the time when
     %% it was default to do the src_test) is ignored
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-    		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_tar(LatestName, [{path, P}, silent,
 				       {dirs, [src]},
 				       no_module_tests,
 				       src_tests]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
-
-    ?line ok = file:set_cwd(OldDir),
-    ok.
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
-%% shadow_tar
-%%
-shadow_tar(suite) -> [];
-shadow_tar(doc) ->
-    ["Check that jam file out of date warning doesn't",
-     "shadow bad module version error."];
-shadow_tar(Config) when is_list(Config) ->
-    % This test has been commented out since the 'vsn' attribute is not used
-    % any more, starting with R6. No warning 'obj_out_of_date' seemed to be
-    % generated.
-    true;
-shadow_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
-
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
-
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, 'd_bad_mod+warn', lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
-
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line {error, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line {error, _, _} = systools:make_tar(LatestName, [{path, P}, silent,
-							 {dirs, [src]}]),
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% var_tar
-%%
-var_tar(suite) -> [];
-var_tar(doc) ->
-    ["Check that make_tar handles generation and placement of tar",
-     "files for variables outside the main tar file.",
-     "Test the {var_tar, include | ownfile | omit} option."];
+%% make_tar: Check that make_tar handles generation and placement of
+%% tar files for variables outside the main tar file.
+%% Test the {var_tar, include | ownfile | omit} optio.
 var_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName,
-					    [silent,
-					     {path, P},
-					     {variables,[{"TEST", LibDir}]}]),
+    {ok, _, _} = systools:make_script(LatestName,
+				      [silent,
+				       {path, P},
+				       {variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, ownfile},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, ownfile},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line true = exists_tar_file("TEST"), %% Also removes the file !
-    ?line {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
+    true = exists_tar_file("TEST"), %% Also removes the file !
+    {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, omit},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, omit},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
-    ?line false = exists_tar_file("TEST"),
+    {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
+    false = exists_tar_file("TEST"),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, include},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, include},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = check_var_tar("TEST", LatestName),
-    ?line false = exists_tar_file("TEST"),
+    ok = check_var_tar("TEST", LatestName),
+    false = exists_tar_file("TEST"),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),
     ok.
 
 
-%% exref_tar
-%%
-exref_tar(suite) -> [];
-exref_tar(doc) ->
-    ["Check exref option."];
+%% make_tar: Check exref option.
 exref_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
 
     %% Complete exref
-    ?line {ok, _, W1} =
+    {ok, _, W1} =
 	systools:make_tar(LatestName, [exref, {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W1),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    check_exref_warnings(with_db1, W1),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
 
     %% Only exref the db application.
-    ?line {ok, _, W2} =
+    {ok, _, W2} =
 	systools:make_tar(LatestName, [{exref, [db]}, {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W2),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    check_exref_warnings(with_db1, W2),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
     %% Only exref the fe application.
-    ?line {ok, _, W3} =
+    {ok, _, W3} =
 	systools:make_tar(LatestName, [{exref, [fe]}, {path, P}, silent]),
-    ?line check_exref_warnings(without_db1, W3),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    check_exref_warnings(without_db1, W3),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
 
     %% exref the db and stdlib applications.
-    ?line {ok, _, W4} =
+    {ok, _, W4} =
 	systools:make_tar(LatestName, [{exref, [db, stdlib]},
 				       {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W4),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    check_exref_warnings(with_db1, W4),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
 
-%% otp_9507
-%%
-otp_9507(suite) -> [];
-otp_9507(doc) ->
-    ["make_tar failed when path given as just 'ebin'."];
-otp_9507(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+%% make_tar: OTP-9507 - make_tar failed when path given as just 'ebin'.
+otp_9507_path_ebin(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest_small,Config),
+    {LatestDir, LatestName} = create_script(latest_small,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line FeDir = fname([LibDir, 'fe-3.1']),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    FeDir = fname([LibDir, 'fe-3.1']),
 
-    ?line ok = file:set_cwd(FeDir),
+    ok = file:set_cwd(FeDir),
 
     RelName = fname([LatestDir,LatestName]),
 
-    ?line P1 = ["./ebin",
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin])],
-    ?line {ok, _, _} = systools:make_script(RelName, [silent, {path, P1}]),
-    ?line ok = systools:make_tar(RelName, [{path, P1}]),
-    ?line Content1 = tar_contents(RelName),
+    P1 = ["./ebin",
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    {ok, _, _} = systools:make_script(RelName, [silent, {path, P1}]),
+    ok = systools:make_tar(RelName, [{path, P1}]),
+    Content1 = tar_contents(RelName),
 
-    ?line P2 = ["ebin",
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin])],
+    P2 = ["ebin",
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
 
     %% Tickets solves the following line - it used to fail with
     %% {function_clause,[{filename,join,[[]]},...}
-    ?line ok = systools:make_tar(RelName, [{path, P2}]),
-    ?line Content2 = tar_contents(RelName),
+    ok = systools:make_tar(RelName, [{path, P2}]),
+    Content2 = tar_contents(RelName),
     true = (Content1 == Content2),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
 
     ok.
 
 
-%% The relup stuff.
-%%
-%%
-
-
-%% make_relup
-%%
-normal_relup(suite) -> [];
-normal_relup(doc) ->
-    ["Check normal case"];
+%% make_relup: Check normal case
 normal_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest1,Config),
-    ?line {_LatestDir2,LatestName2} = create_script(latest2,Config),
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {_LatestDir2,LatestName2} = create_script(latest2,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
-
-    %% OTP-2561: Check that the option 'restart_emulator' generates a
-    %% "restart_new_emulator" instruction.
-    ?line {ok, _ , _, []} =
-         systools:make_relup(LatestName, [LatestName1], [LatestName1],
-			     [{path, P},restart_emulator,silent]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
-    ?line ok = check_restart_emulator(),
+    ok = file:set_cwd(LatestDir),
 
     %% This is the ultra normal case
-    ?line ok = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-				   [{path, P}]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
-    ?line {ok, _, _, []} =
+    ok = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			     [{path, P}]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    {ok, _, _, []} =
 	systools:make_relup(LatestName, [LatestName1], [LatestName1],
 			    [{path, P}, silent]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
 
     %% file should not be written if warnings_as_errors is enabled.
     %% delete before running tests.
-    ?line ok = file:delete("relup"),
+    ok = file:delete("relup"),
 
     %% Check that warnings are treated as errors
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, warnings_as_errors]),
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, silent, warnings_as_errors]),
 
     %% relup file should not exist
-    ?line false = filelib:is_regular("relup"),
+    false = filelib:is_regular("relup"),
 
     %% Check that warnings get through
-    ?line ok = systools:make_relup(LatestName, [LatestName2], [LatestName1],
-				   [{path, P}]),
-    ?line ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
-    ?line {ok, _, _, [{erts_vsn_changed, _}]} =
+    ok = systools:make_relup(LatestName, [LatestName2], [LatestName1],
+			     [{path, P}]),
+    ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
+    {ok, _, _, [pre_R15_emulator_upgrade,{erts_vsn_changed, _}]} =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, silent]),
-    ?line ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
+    ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
 
     %% relup file should exist now
-    ?line true = filelib:is_regular("relup"),
+    true = filelib:is_regular("relup"),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
+    ok.
+
+
+%% make_relup: Test relup which includes emulator restart.
+restart_relup(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {_LatestDir0CurrErts,LatestName0CurrErts} =
+	create_script(latest0_current_erts,Config),
+    {_CurrentAllDir,CurrentAllName} = create_script(current_all,Config),
+    {_CurrentAllFutErtsDir,CurrentAllFutErtsName} =
+	create_script(current_all_future_erts,Config),
+    {_CurrentAllFutSaslDir,CurrentAllFutSaslName} =
+	create_script(current_all_future_sasl,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin]),
+	 fname([DataDir, lib, 'sasl-9.9', ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    %% OTP-2561: Check that the option 'restart_emulator' generates a
+    %% "restart_emulator" instruction.
+    {ok, _ , _, []} =
+	systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			    [{path, P},restart_emulator,silent]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    ok = check_restart_emulator(),
+
+
+    %% Pre-R15 to Post-R15 upgrade
+    {ok, _ , _, Ws} =
+	systools:make_relup(LatestName0CurrErts,
+			    [LatestName1],
+			    [LatestName1],
+			    [{path, P},silent]),
+    ok = check_relup([{db,"2.1"}], [{db, "1.0"}]),
+    ok = check_pre_to_post_r15_restart_emulator(),
+    ok = check_pre_to_post_r15_warnings(Ws),
+
+
+    %% Check that new sasl version generates a restart_new_emulator
+    %% instruction
+    {ok, _ , _, []} =
+	systools:make_relup(CurrentAllFutSaslName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator_diff_coreapp(),
+
+
+    %% Check that new erts version generates a restart_new_emulator
+    %% instruction, if FromSaslVsn >= R15SaslVsn
+    %% (One erts_vsn_changed warning for upgrade and one for downgrade)
+    {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
+	systools:make_relup(CurrentAllFutErtsName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator_diff_coreapp(),
+
+
+    %% Check that new erts version generates a restart_new_emulator
+    %% instruction, and can be combined with restart_emulator opt.
+    %% (One erts_vsn_changed warning for upgrade and one for downgrade)
+    {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
+	systools:make_relup(CurrentAllFutErtsName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},restart_emulator,silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator(),
+    ok = check_restart_emulator_diff_coreapp(),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
 
@@ -1216,295 +1287,558 @@ check_relup(UpVsnL, DnVsnL) ->
 	       [{App, Vsn} || {load_object_code,{App,Vsn,_}} <- Dn]),
     ok.
 
+check_relup_up_only(UpVsnL) ->
+    {ok, [{_V1, [{_, _, Up}], []}]} = file:consult(relup),
+    [] = foldl(fun(X, Acc) ->
+		       true = lists:member(X, Acc),
+		       lists:delete(X, Acc) end,
+	       UpVsnL,
+	       [{App, Vsn} || {load_object_code,{App,Vsn,_}} <- Up]),
+    ok.
+
 check_restart_emulator() ->
     {ok, [{_V1, [{_, _, Up}], [{_, _, Dn}]}]} = file:consult(relup),
+    restart_emulator = lists:last(Up),
+    restart_emulator = lists:last(Dn),
+    ok.
+
+check_restart_emulator_up_only() ->
+    {ok, [{_V1, [{_, _, Up}], []}]} = file:consult(relup),
+    restart_emulator = lists:last(Up),
+    ok.
+
+check_restart_emulator_diff_coreapp() ->
+    {ok, [{_V1, [{_, _, Up}], [{_, _, Dn}]}]} = file:consult(relup),
+    [restart_new_emulator|_] = Up,
+    restart_emulator = lists:last(Dn),
+    ok.
+
+check_pre_to_post_r15_restart_emulator() ->
+    {ok, [{_V1, [{_, _, Up}], [{_, _, Dn}]}]} = file:consult(relup),
     restart_new_emulator = lists:last(Up),
-    restart_new_emulator = lists:last(Dn),
+    restart_emulator = lists:last(Dn),
     ok.
 
-%% make_relup
-%%
-no_appup_relup(suite) -> [];
-no_appup_relup(doc) ->
-    ["Check that appup files may be missing, but only if we don't need them."];
+check_pre_to_post_r15_warnings(Ws) ->
+    true = lists:member(pre_R15_emulator_upgrade,Ws),
+    ok.
+
+%% make_relup: Check that appup files may be missing, but only if we
+%% don't need them.
 no_appup_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest_small,Config),
-    ?line {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest_small1,Config),
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest_small1,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line P1 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin])],
+    DataDir = filename:absname(?copydir),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Check that appup might be missing
-    ?line ok =
+    P1 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    ok =
 	systools:make_relup(LatestName, [LatestName], [], [{path, P1}]),
-    ?line {ok,_, _, []} =
+    {ok,_, _, []} =
 	systools:make_relup(LatestName, [LatestName], [],
 			    [silent, {path, P1}]),
 
     %% Check that appup might NOT be missing when we need it
-    ?line error =
-	systools:make_relup(LatestName, [LatestName0], [], [{path, P1}]),
-    ?line {error,_,{file_problem, {_,{error,{open,_,_}}}}} =
+    P2 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    error =
+	systools:make_relup(LatestName, [LatestName0], [], [{path, P2}]),
+    {error,_,{file_problem, {_,{error,{open,_,_}}}}} =
 	systools:make_relup(LatestName, [], [LatestName0],
-			    [silent, {path, P1}]),
+			    [silent, {path, P2}]),
 
     %% Check that appups missing vsn traps
-    ?line P2 = [fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin])],
-
-    ?line error =
-	systools:make_relup(LatestName0, [LatestName1], [], [{path, P2}]),
-    ?line {error,_,{no_relup, _, _, _}} =
+    P3 = [fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, d_no_appup, lib, 'fe-500.18.7', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+
+    error =
+	systools:make_relup(LatestName0, [LatestName1], [], [{path, P3}]),
+    {error,_,{no_relup, _, _, _}} =
 	systools:make_relup(LatestName0, [], [LatestName1],
-			    [silent, {path, P2}]),
+			    [silent, {path, P3}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_relup
-%%
-bad_appup_relup(suite) -> [];
-bad_appup_relup(doc) ->
-    ["Check that badly written appup files are detected"];
+%% make_relup: Check that badly written appup files are detected.
 bad_appup_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest_small,Config),
-    ?line {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line N2 = [fname([DataDir, d_bad_appup, lib, 'fe-3.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin])],
+    DataDir = filename:absname(?copydir),
+    N2 = [fname([DataDir, d_bad_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, d_bad_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Check that bad appup is trapped
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName0], [], [{path, N2}]),
-    ?line {error,_,{file_problem, {_, {error, {parse,_, _}}}}} =
+    {error,_,{file_problem, {_, {error, {parse,_, _}}}}} =
 	systools:make_relup(LatestName, [], [LatestName0],
 			    [silent, {path, N2}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_relup
-%%
-abnormal_relup(suite) -> [];
-abnormal_relup(doc) ->
-    ["Check some abnormal cases"];
+%% make_relup: Check some abnormal cases.
 abnormal_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
 
     %% Check wrong app vsn
-    ?line DataDir = filename:absname(?copydir),
-    ?line P = [fname([DataDir, d_bad_app_vsn, lib, 'db-2.1', ebin]),
-	       fname([DataDir, d_bad_app_vsn, lib, 'fe-3.1', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin])],
-    
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line error = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-				      [{path, P}]),
-    ?line R0 = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-			      [silent, {path, P}]),
-    ?line {error,systools_make,
-	     [{error_reading,{db,{no_valid_version,
-				  {{"should be","2.1"},
-				   {"found file", _, "2.0"}}}}}]} = R0,
-    ?line ok = file:set_cwd(OldDir),
+    DataDir = filename:absname(?copydir),
+    P = [fname([DataDir, d_bad_app_vsn, lib, 'db-2.1', ebin]),
+	 fname([DataDir, d_bad_app_vsn, lib, 'fe-3.1', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    error = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+				[{path, P}]),
+    R0 = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			     [silent, {path, P}]),
+    {error,systools_make,
+     [{error_reading,{db,{no_valid_version,
+			  {{"should be","2.1"},
+			   {"found file", _, "2.0"}}}}}]} = R0,
+    ok = file:set_cwd(OldDir),
+    ok.
+
+
+%% make_relup: Check relup can not be created is sasl is not in rel file.
+no_sasl_relup(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1_no_sasl,Config),
+    {_Dir2,Name2} = create_script(latest1,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(Dir1),
+
+    error = systools:make_relup(Name2, [Name1], [Name1], [{path, P}]),
+    R1 = systools:make_relup(Name2, [Name1], [Name1],[silent, {path, P}]),
+    {error,systools_relup,{missing_sasl,_}} = R1,
+
+    error = systools:make_relup(Name1, [Name2], [Name2], [{path, P}]),
+    R2 = systools:make_relup(Name1, [Name2], [Name2],[silent, {path, P}]),
+    {error,systools_relup,{missing_sasl,_}} = R2,
+
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% Check that application start type is used in relup
-app_start_type_relup(suite) ->
-    [];
-app_start_type_relup(doc) ->
-    ["Release upgrade file with various application start types"];
+%% make_relup: Check that application start type is used in relup
 app_start_type_relup(Config) when is_list(Config) ->
-    ?line PrivDir = ?config(priv_dir, Config),
-    ?line {Dir1,Name1} = create_script(latest_app_start_type1,Config),
-    ?line {Dir2,Name2} = create_script(latest_app_start_type2,Config),
-    ?line Release1 = filename:join(Dir1,Name1),
-    ?line Release2 = filename:join(Dir2,Name2),
-
-    ?line {ok, Release2Relup, systools_relup, []} = systools:make_relup(Release2, [Release1], [Release1], [{outdir, PrivDir}, silent]),
-    ?line {"2", [{"1",[], UpInstructions}], [{"1",[], DownInstructions}]} = Release2Relup,
+    PrivDir = ?config(priv_dir, Config),
+    {Dir1,Name1} = create_script(latest_app_start_type1,Config),
+    {Dir2,Name2} = create_script(latest_app_start_type2,Config),
+    Release1 = filename:join(Dir1,Name1),
+    Release2 = filename:join(Dir2,Name2),
+
+    {ok, Release2Relup, systools_relup, []} = systools:make_relup(Release2, [Release1], [Release1], [{outdir, PrivDir}, silent]),
+    {"LATEST_APP_START_TYPE2",
+     [{"LATEST_APP_START_TYPE1",[], UpInstructions}],
+     [{"LATEST_APP_START_TYPE1",[], DownInstructions}]} = Release2Relup,
     %% ?t:format("Up: ~p",[UpInstructions]),
     %% ?t:format("Dn: ~p",[DownInstructions]),
-    ?line [{load_object_code, {mnesia, _, _}},
-           {load_object_code, {sasl, _, _}},
-           {load_object_code, {webtool, _, _}},
-           {load_object_code, {snmp, _, _}},
-           {load_object_code, {xmerl, _, _}},
-           point_of_no_return
-           | UpInstructionsT] = UpInstructions,
-    ?line true = lists:member({apply,{application,start,[mnesia,permanent]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,start,[sasl,transient]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,start,[webtool,temporary]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,load,[snmp]}}, UpInstructionsT),
-    ?line false = lists:any(fun({apply,{application,_,[xmerl|_]}}) -> true; (_) -> false end, UpInstructionsT),
-    ?line [point_of_no_return | DownInstructionsT] = DownInstructions,
-    ?line true = lists:member({apply,{application,stop,[mnesia]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[sasl]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[webtool]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[snmp]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[xmerl]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[mnesia]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[sasl]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[webtool]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[snmp]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[xmerl]}}, DownInstructionsT),
+    [{load_object_code, {mnesia, _, _}},
+     {load_object_code, {runtime_tools, _, _}},
+     {load_object_code, {webtool, _, _}},
+     {load_object_code, {snmp, _, _}},
+     {load_object_code, {xmerl, _, _}},
+     point_of_no_return
+     | UpInstructionsT] = UpInstructions,
+    true = lists:member({apply,{application,start,[mnesia,permanent]}}, UpInstructionsT),
+    true = lists:member({apply,{application,start,[runtime_tools,transient]}}, UpInstructionsT),
+    true = lists:member({apply,{application,start,[webtool,temporary]}}, UpInstructionsT),
+    true = lists:member({apply,{application,load,[snmp]}}, UpInstructionsT),
+    false = lists:any(fun({apply,{application,_,[xmerl|_]}}) -> true; (_) -> false end, UpInstructionsT),
+    [point_of_no_return | DownInstructionsT] = DownInstructions,
+    true = lists:member({apply,{application,stop,[mnesia]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[runtime_tools]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[webtool]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[snmp]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[xmerl]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[mnesia]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[runtime_tools]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[webtool]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[snmp]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[xmerl]}}, DownInstructionsT),
     ok.
 
 
-otp_6226(suite) ->
-    [];
-otp_6226(doc) ->
-    ["{outdir,Dir} option for systools:make_script()"];
-otp_6226(Config) when is_list(Config) ->
+%% make_relup: Check that regexp can be used in .appup for UpFromVsn
+%% and DownToVsn.
+regexp_relup(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest_small2,Config),
+
+    DataDir = filename:absname(?copydir),
+    P = [fname([DataDir, d_regexp_appup, lib, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    %% Upgrade fe 2.1 -> 3.1, and downgrade 2.1 -> 3.1
+    %% Shall match the first entry if fe-3.1 appup.
+    {ok, _, _, []} =
+	systools:make_relup(LatestName, [LatestName0], [LatestName0],
+			    [{path, P}, silent]),
+    ok = check_relup([{fe, "3.1"}], [{fe, "2.1"}]),
+
+    %% Upgrade fe 2.1.1 -> 3.1
+    %% Shall match the second entry in fe-3.1 appup. Have added a
+    %% restart_emulator instruction there to distinguish it from
+    %% the first entry...
+    {ok, _, _, []} =
+	systools:make_relup(LatestName, [LatestName1], [], [{path, P}, silent]),
+    ok = check_relup_up_only([{fe, "3.1"}]),
+    ok = check_restart_emulator_up_only(),
+
+    %% Attempt downgrade fe 3.1 -> 2.1.1
+    %% Shall not match any entry!!
+    {error,systools_relup,{no_relup,_,_,_}} =
+	systools:make_relup(LatestName, [], [LatestName1], [{path, P}, silent]),
+
+    ok = file:set_cwd(OldDir),
+
+    ok.
+
+
+%% make_hybrid_boot: Normal case.
+%% For upgrade of erts - create a boot file which is a hybrid between
+%% old and new release - i.e. starts erts, kernel, stdlib, sasl from
+%% new release, all other apps from old release.
+normal_hybrid(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1,Config),
+    {_Dir2,Name2} = create_script(current_all,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(Dir1),
+
+    {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
+    {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+
+    ok = file:set_cwd(OldDir),
+
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {ok,Hybrid} = systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
+						 BasePaths, [dummy,args]),
+
+    {script,{"Test release","tmp_vsn"},Script} = binary_to_term(Hybrid),
+    ct:log("~p.~n",[Script]),
+
+    %% Check that all paths to base apps are replaced by paths from BaseLib
+    Boot1Str = io_lib:format("~p~n",[binary_to_term(Boot1)]),
+    HybridStr = io_lib:format("~p~n",[binary_to_term(Hybrid)]),
+    ReOpts = [global,{capture,first,list},unicode],
+    {match,OldKernelMatch} = re:run(Boot1Str,"kernel-[0-9\.]+",ReOpts),
+    {match,OldStdlibMatch} = re:run(Boot1Str,"stdlib-[0-9\.]+",ReOpts),
+    {match,OldSaslMatch} = re:run(Boot1Str,"sasl-[0-9\.]+",ReOpts),
+
+    nomatch = re:run(HybridStr,"kernel-[0-9\.]+",ReOpts),
+    nomatch = re:run(HybridStr,"stdlib-[0-9\.]+",ReOpts),
+    nomatch = re:run(HybridStr,"sasl-[0-9\.]+",ReOpts),
+    {match,NewKernelMatch} = re:run(HybridStr,"testkernelpath",ReOpts),
+    {match,NewStdlibMatch} = re:run(HybridStr,"teststdlibpath",ReOpts),
+    {match,NewSaslMatch} = re:run(HybridStr,"testsaslpath",ReOpts),
+
+    NewKernelN = length(NewKernelMatch),
+    NewKernelN = length(OldKernelMatch),
+    NewStdlibN = length(NewStdlibMatch),
+    NewStdlibN = length(OldStdlibMatch),
+    NewSaslN = length(NewSaslMatch),
+    NewSaslN = length(OldSaslMatch),
+
+    %% Check that application load instruction has correct versions
+    Apps = application:loaded_applications(),
+    {_,_,KernelVsn} = lists:keyfind(kernel,1,Apps),
+    {_,_,StdlibVsn} = lists:keyfind(stdlib,1,Apps),
+    {_,_,SaslVsn} = lists:keyfind(sasl,1,Apps),
+
+    [KernelInfo] = [I || {kernelProcess,application_controller,
+			  {application_controller,start,
+			   [{application,kernel,I}]}} <- Script],
+    [StdlibInfo] = [I || {apply,
+			  {application,load,
+			   [{application,stdlib,I}]}} <- Script],
+    [SaslInfo] = [I || {apply,
+			{application,load,
+			 [{application,sasl,I}]}} <- Script],
+
+    {vsn,KernelVsn} = lists:keyfind(vsn,1,KernelInfo),
+    {vsn,StdlibVsn} = lists:keyfind(vsn,1,StdlibInfo),
+    {vsn,SaslVsn} = lists:keyfind(vsn,1,SaslInfo),
+
+    %% Check that new_emulator_upgrade call is added
+    [_,{apply,{release_handler,new_emulator_upgrade,[dummy,args]}}|_] =
+	lists:reverse(Script),
+
+    %% Check that db-1.0 and fe-3.1 are used (i.e. vsns from old release)
+    %% And that fe is in there (it exists in old rel but not in new)
+    {match,DbMatch} = re:run(HybridStr,"db-[0-9\.]+",ReOpts),
+    {match,[_|_]=FeMatch} = re:run(HybridStr,"fe-[0-9\.]+",ReOpts),
+    true = lists:all(fun(["db-1.0"]) -> true;
+			(_)  -> false
+		     end,
+		     DbMatch),
+    true = lists:all(fun(["fe-3.1"]) -> true;
+			(_)  -> false
+		     end,
+		     FeMatch),
+
+    %% Check that script has same length as old script, plus one (the
+    %% new_emulator_upgrade apply)
+    {_,_,Old} = binary_to_term(Boot1),
+    OldLength = length(Old),
+    NewLength = length(Script),
+    NewLength = OldLength + 1,
+
+    ok.
+
+%% make_hybrid_boot: No sasl in from-release.
+%% Check that systools_make:make_hybrid_boot fails with a meaningful
+%% error message if the FromBoot does not include the sasl
+%% application.
+hybrid_no_old_sasl(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1_no_sasl,Config),
+    {_Dir2,Name2} = create_script(current_all,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(Dir1),
+
+    {ok, _ , [{warning,missing_sasl}]} =
+	systools:make_script(Name1,[{path, P},silent]),
+    {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {error,{app_not_replaced,sasl}} =
+	systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
+				       BasePaths,[dummy,args]),
+
+    ok = file:set_cwd(OldDir),
+    ok.
+
+
+%% make_hybrid_boot: No sasl in to-release.
+%% Check that systools_make:make_hybrid_boot fails with a meaningful
+%% error message if the ToBoot does not include the sasl
+%% application.
+hybrid_no_new_sasl(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1,Config),
+    {_Dir2,Name2} = create_script(current_all_no_sasl,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(Dir1),
+
+    {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
+    {ok, _ , [{warning,missing_sasl}]} =
+	systools:make_script(Name2,[{path, P},silent]),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {error,{app_not_found,sasl}} =
+	systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
+				       BasePaths,[dummy,args]),
+
+    ok = file:set_cwd(OldDir),
+    ok.
+
+
+
+%% options: {outdir,Dir} option
+otp_6226_outdir(Config) when is_list(Config) ->
     PrivDir = ?privdir,
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest0,Config),
+    {_LatestDir, LatestName1} = create_script(latest1,Config),
 
-    ?line {LatestDir, LatestName} = create_script(latest0,Config),
-    ?line {_LatestDir, LatestName1} = create_script(latest1,Config),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'db-1.0', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'db-1.0', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin])],
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = file:set_cwd(LatestDir),
 
- 
     %% Create an outdir1 directory
-    ?line ok = file:make_dir("outdir1"),
+    ok = file:make_dir("outdir1"),
 
     %% ==== Now test systools:make_script ====
     %% a) badarg
-    ?line {'EXIT', {{badarg,[{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg,[{outdir,outdir1}]}, _}} =
 	(catch systools:make_script(LatestName, [{outdir,outdir1},
 						 {path,P},silent])),
 
     %% b) absolute path
     Outdir1 = filename:join(PrivDir, "outdir1"),
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{outdir,Outdir1},
-							{path,P},silent]),
-    ?line Script1 = filename:join(Outdir1, LatestName ++ ".script"),
-    ?line Boot1 = filename:join(Outdir1, LatestName ++ ".boot"),
-    ?line true = filelib:is_file(Script1),
-    ?line true = filelib:is_file(Boot1),
-    ?line ok = file:delete(Script1),
-    ?line ok = file:delete(Boot1),
+    {ok,_,[]} = systools:make_script(LatestName, [{outdir,Outdir1},
+						  {path,P},silent]),
+    Script1 = filename:join(Outdir1, LatestName ++ ".script"),
+    Boot1 = filename:join(Outdir1, LatestName ++ ".boot"),
+    true = filelib:is_file(Script1),
+    true = filelib:is_file(Boot1),
+    ok = file:delete(Script1),
+    ok = file:delete(Boot1),
 
     %% c) relative path
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{outdir,"./outdir1"},
-							{path,P},silent]),
-    ?line true = filelib:is_file(Script1),
-    ?line true = filelib:is_file(Boot1),
-    ?line ok = file:delete(Script1),
-    ?line ok = file:delete(Boot1),
+    {ok,_,[]} = systools:make_script(LatestName, [{outdir,"./outdir1"},
+						  {path,P},silent]),
+    true = filelib:is_file(Script1),
+    true = filelib:is_file(Boot1),
+    ok = file:delete(Script1),
+    ok = file:delete(Boot1),
 
     %% d) absolute but incorrect path
-    ?line Outdir2 = filename:join(PrivDir, "outdir2"),
-    ?line Script2 = filename:join(Outdir2, LatestName ++ ".script"),
-    ?line {error,_,{open,Script2,_}} = 
+    Outdir2 = filename:join(PrivDir, "outdir2"),
+    Script2 = filename:join(Outdir2, LatestName ++ ".script"),
+    {error,_,{open,Script2,_}} =
 	systools:make_script(LatestName, [{outdir,Outdir2},{path,P},silent]),
 
     %% e) relative but incorrect path
-    ?line {error,_,{open,_,_}} = 
+    {error,_,{open,_,_}} =
 	systools:make_script(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
 
     %% f) with .rel in another directory than cwd
-    ?line ok = file:set_cwd(Outdir1),
-    ?line {ok,_,[]} = systools:make_script(filename:join(PrivDir, LatestName),
-					   [{outdir,"."},{path,P},silent]),
-    ?line true = filelib:is_file(LatestName ++ ".script"),
-    ?line true = filelib:is_file(LatestName ++ ".boot"),
-    ?line ok = file:delete(LatestName ++ ".script"),
-    ?line ok = file:delete(LatestName ++ ".boot"),
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(Outdir1),
+    {ok,_,[]} = systools:make_script(filename:join(PrivDir, LatestName),
+				     [{outdir,"."},{path,P},silent]),
+    true = filelib:is_file(LatestName ++ ".script"),
+    true = filelib:is_file(LatestName ++ ".boot"),
+    ok = file:delete(LatestName ++ ".script"),
+    ok = file:delete(LatestName ++ ".boot"),
+    ok = file:set_cwd(LatestDir),
 
     %% ==== Now test systools:make_tar =====
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{path,P},silent]),
+    {ok,_,[]} = systools:make_script(LatestName, [{path,P},silent]),
     %% a) badarg
-    ?line {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
     	(catch systools:make_tar(LatestName,[{outdir,outdir1},{path,P},silent])),
 
     %% b) absolute path
-    ?line {ok,_,[]} = systools:make_tar(LatestName, [{outdir,Outdir1}, 
-						     {path,P},silent]),
-    ?line Tar1 = filename:join(Outdir1,LatestName++".tar.gz"),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:delete(Tar1),
+    {ok,_,[]} = systools:make_tar(LatestName, [{outdir,Outdir1},
+					       {path,P},silent]),
+    Tar1 = filename:join(Outdir1,LatestName++".tar.gz"),
+    true = filelib:is_file(Tar1),
+    ok = file:delete(Tar1),
 
     %% c) relative path
-    ?line {ok,_,[]} = systools:make_tar(LatestName, [{outdir,"./outdir1"},
-						     {path,P},silent]),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:delete(Tar1),
+    {ok,_,[]} = systools:make_tar(LatestName, [{outdir,"./outdir1"},
+					       {path,P},silent]),
+    true = filelib:is_file(Tar1),
+    ok = file:delete(Tar1),
 
     %% d) absolute but incorrect path
-    ?line Tar2 = filename:join(Outdir2,LatestName++".tar.gz"),
-    ?line {error,_,{tar_error,{open,Tar2,{Tar2,enoent}}}} = 
+    Tar2 = filename:join(Outdir2,LatestName++".tar.gz"),
+    {error,_,{tar_error,{open,Tar2,{Tar2,enoent}}}} =
 	systools:make_tar(LatestName, [{outdir,Outdir2},{path,P},silent]),
-    
+
     %% e) relative but incorrect path
-    ?line {error,_,{tar_error,{open,_,_}}} = 
-	   systools:make_tar(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
+    {error,_,{tar_error,{open,_,_}}} =
+	systools:make_tar(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
 
     %% f) with .rel in another directory than cwd
-    ?line ok = file:set_cwd(Outdir1),
-    ?line {ok,_,[]} = systools:make_tar(filename:join(PrivDir, LatestName),
-					[{outdir,"."},{path,P},silent]),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(Outdir1),
+    {ok,_,[]} = systools:make_tar(filename:join(PrivDir, LatestName),
+				  [{outdir,"."},{path,P},silent]),
+    true = filelib:is_file(Tar1),
+    ok = file:set_cwd(LatestDir),
 
     %% ===== Now test systools:make_relup =====
     %% a) badarg
-    ?line {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
     	(catch systools:make_relup(LatestName,[LatestName1],[LatestName1],
     				   [{outdir,outdir1}, 
 				    {path,P},silent])),
 
     %% b) absolute path
     Relup = filename:join(Outdir1, "relup"),
-    ?line {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
-					    [{outdir,Outdir1},
-					     {path,P},silent]),
-    ?line true = filelib:is_file(Relup),
-    ?line ok = file:delete(Relup),
-    
+    {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
+				      [{outdir,Outdir1},
+				       {path,P},silent]),
+    true = filelib:is_file(Relup),
+    ok = file:delete(Relup),
+
     %% c) relative path
-    ?line {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
-					    [{outdir,"./outdir1"},
-					     {path,P},silent]),
-    ?line true = filelib:is_file(Relup),
-    ?line ok = file:delete(Relup),
-    
+    {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
+				      [{outdir,"./outdir1"},
+				       {path,P},silent]),
+    true = filelib:is_file(Relup),
+    ok = file:delete(Relup),
+
     %% d) absolute but incorrect path
-    ?line {error,_,{file_problem,{"relup",enoent}}} = 
+    {error,_,{file_problem,{"relup",enoent}}} =
 	systools:make_relup(LatestName,[LatestName1],[LatestName1],
 			    [{outdir,Outdir2},{path,P},silent]),
-    
+
     %% e) relative but incorrect path
-    ?line {error,_,{file_problem,{"relup",enoent}}} = 
+    {error,_,{file_problem,{"relup",enoent}}} =
 	systools:make_relup(LatestName,[LatestName1],[LatestName1],
 			    [{outdir,"./outdir2"},{path,P},silent]),
 
@@ -1513,7 +1847,7 @@ otp_6226(Config) when is_list(Config) ->
     %%    cwd, not in the same directory as the .rel file --
 
     %% Change back to previous working directory
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
@@ -1536,7 +1870,7 @@ check_var_script_file(VarDirs, NoExistDirs, RelName) ->
     AllPaths = lists:append(lists:map(fun({path, P}) -> P;
 					 (_)         -> []
 				      end,
-				  ListOfThings)),
+				      ListOfThings)),
     case lists:filter(fun(VarDir) -> lists:member(VarDir, AllPaths) end,
 		      VarDirs) of
 	VarDirs ->
@@ -1561,7 +1895,7 @@ check_include_script(RelName, ExpectedLoad, ExpectedStart) ->
 	[App || {apply,{application,load,[{application,App,_}]}} <- ListOfThings,
 		App=/=kernel,
 		App=/=stdlib],
-    
+
     if ActualLoad =:= ExpectedLoad -> ok;
        true -> test_server:fail({bad_load_order, ActualLoad, ExpectedLoad})
     end,
@@ -1636,7 +1970,7 @@ check_tar_regular(PrivDir, Files, RelName) ->
 	NotThere ->
 	    {error,{erroneous_tar_file,tar_name(RelName),NotThere}}
     end.
-	    
+
 delete_tree(Dir) ->
     case filelib:is_dir(Dir) of
 	true ->
@@ -1656,532 +1990,465 @@ tar_name(Name) ->
     Name ++ ".tar.gz".
 
 create_script(latest,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, latest),
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 3\", \"LATEST\"}, \n"
-		    " {erts, \"4.4\"}, \n"
-		    " [{kernel, \"~s\"}, {stdlib, \"~s\"}, \n"
-		    "  {db, \"2.1\"}, {fe, \"3.1\"}]}.\n",
-		    [KernelVer,StdlibVer]),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps(current) ++ [{db,"2.1"},{fe,"3.1"}],
+    do_create_script(latest,Config,"4.4",Apps);
 create_script(latest_no_mod_vsn,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, latest),
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 3\", \"LATESTNOMOD\"}, \n"
-		    " {erts, \"4.4\"}, \n"
-		    " [{kernel, \"~s\"}, {stdlib, \"~s\"}, \n"
-		    "  {db, \"3.1\"}, {fe, \"3.1\"}]}.\n",
-		    [KernelVer,StdlibVer]),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps(current) ++ [{db,"3.1"},{fe,"3.1"}],
+    do_create_script(latest_no_mod_vsn,Config,"4.4",Apps);
 create_script(latest0,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, 'latest-1'),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 2\", \"LATEST0\"}, \n"
-		    " {erts, \"4.4\"}, \n"
-		    " [{kernel, \"1.0\"}, {stdlib, \"1.0\"}, \n"
-		    "  {db, \"2.1\"}, {fe, \"3.1\"}]}.\n",
-		    []),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps("1.0") ++ [{db,"2.1"},{fe,"3.1"}],
+    do_create_script(latest0,Config,"4.4",Apps);
+create_script(latest0_current_erts,Config) ->
+    Apps = core_apps("1.0") ++ [{db,"2.1"},{fe,"3.1"}],
+    do_create_script(latest0_current_erts,Config,current,Apps);
 create_script(latest1,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, latest),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 2\", \"LATEST1\"}, \n"
-		    " {erts, \"4.4\"}, \n"
-		    " [{kernel, \"1.0\"}, {stdlib, \"1.0\"}, \n"
-		    "  {db, \"1.0\"}, {fe, \"3.1\"}]}.\n",
-		    []),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps("1.0") ++ [{db,"1.0"},{fe,"3.1"}],
+    do_create_script(latest1,Config,"4.4",Apps);
+create_script(latest1_no_sasl,Config) ->
+    Apps = [{kernel,"1.0"},{stdlib,"1.0"},{db,"1.0"},{fe,"3.1"}],
+    do_create_script(latest1_no_sasl,Config,"4.4",Apps);
 create_script(latest2,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, 'latest-2'),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 1\", \"LATEST2\"}, \n"
-		    " {erts, \"4.3\"}, \n"
-		    " [{kernel, \"1.0\"}, {stdlib, \"1.0\"}, \n"
-		    "  {db, \"1.0\"}, {fe, \"2.1\"}]}.\n",
-		    []),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps("1.0") ++ [{db,"1.0"},{fe,"2.1"}],
+    do_create_script(latest2,Config,"4.3",Apps);
 create_script(latest_small,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, 'latest-small'),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 2\", \"LATEST_SMALL\"}, \n"
-		    " {erts, \"4.4\"}, \n"
-		    " [{kernel, \"1.0\"}, {stdlib, \"1.0\"}, \n"
-		    "  {fe, \"3.1\"}]}.\n",
-		    []),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps("1.0") ++ [{fe,"3.1"}],
+    do_create_script(latest_small,Config,"4.4",Apps);
 create_script(latest_small0,Config) ->		%Differs in fe vsn
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, 'latest-small0'),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 2\", \"LATEST_SMALL0\"}, \n"
-		    " {erts, \"4.4\"}, \n"
-		    " [{kernel, \"1.0\"}, {stdlib, \"1.0\"}, \n"
-		    "  {fe, \"2.1\"}]}.\n",
-		    []),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps("1.0") ++ [{fe,"2.1"}],
+    do_create_script(latest_small0,Config,"4.4",Apps);
 create_script(latest_small1,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, 'latest-small1'),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 2\", \"LATEST_SMALL1\"}, \n"
-		    " {erts, \"4.4\"}, \n"
-		    " [{kernel, \"1.0\"}, {stdlib, \"1.0\"}, \n"
-		    "  {fe, \"500.18.7\"}]}.\n",
-		    []),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps("1.0") ++ [{fe,"500.18.7"}],
+    do_create_script(latest_small1,Config,"4.4",Apps);
+create_script(latest_small2,Config) ->
+    Apps = core_apps("1.0") ++ [{fe,"2.1.1"}],
+    do_create_script(latest_small2,Config,"4.4",Apps);
 create_script(latest_nokernel,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, 'latest-nokernel'),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line io:format(Fd,
-		    "{release, {\"Test release 3\", \"LATEST_NOKERNEL\"}, \n"
-		    " {erts, \"4.4\"}, \n"
-		    " [{db, \"2.1\"}, {fe, \"3.1\"}]}.\n",
-		    []),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = [{db,"2.1"},{fe,"3.1"}],
+    do_create_script(latest_nokernel,Config,"4.4",Apps);
+create_script(latest_kernel_start_type,Config) ->
+    Apps = [{kernel,"1.0",load},{db,"2.1"},{fe,"3.1"}],
+    do_create_script(latest_kernel_start_type,Config,"4.4",Apps);
 create_script(latest_app_start_type1,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, latest_app_start_type1),
-    ?line ErtsVer = erlang:system_info(version),
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line RelfileContent = 
-	{release,{"Test release", "1"},
-	 {erts,ErtsVer},
-	 [{kernel,KernelVer},
-	  {stdlib,StdlibVer}]},
-    ?line io:format(Fd,"~p.~n",[RelfileContent]),
-    ?line ok = file:close(Fd),
-    {filename:dirname(Name), filename:basename(Name)};
+    Apps = core_apps(current),
+    do_create_script(latest_app_start_type1,Config,current,Apps);
 create_script(latest_app_start_type2,Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, latest_app_start_type2),
-    ?line ErtsVer = erlang:system_info(version),
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
-    ?line OtherApps = [{mnesia,permanent},
-		       {sasl,transient},
-		       {webtool,temporary},
-		       {snmp,load},
-		       {xmerl,none}],
-    ?line lists:foreach(fun({App,_}) -> application:load(App) end,
-			OtherApps),
-    ?line Loaded = application:loaded_applications(),
-    ?line OtherAppsRel = 
-	lists:map(fun({App,StartType}) -> 
-			  {_,_,Ver} = lists:keyfind(App,1,Loaded),
-			  {App,Ver,StartType}
-		  end,
-		  OtherApps),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line RelfileContent = 
-	{release,{"Test release", "2"},
-	 {erts,ErtsVer},
-	 [{kernel,KernelVer},
-	  {stdlib,StdlibVer} | OtherAppsRel]},
-    ?line io:format(Fd,"~p.~n",[RelfileContent]),
-    ?line ok = file:close(Fd),
+    OtherApps = [{mnesia,current,permanent},
+		 {runtime_tools,current,transient},
+		 {webtool,current,temporary},
+		 {snmp,current,load},
+		 {xmerl,current,none}],
+    Apps = core_apps(current) ++ OtherApps,
+    do_create_script(latest_app_start_type2,Config,current,Apps);
+create_script(current_all_no_sasl,Config) ->
+    Apps = [{kernel,current},{stdlib,current},{db,"2.1"},{fe,"3.1"}],
+    do_create_script(current_all_no_sasl,Config,current,Apps);
+create_script(current_all,Config) ->
+    Apps = core_apps(current) ++ [{db,"2.1"}],
+    do_create_script(current_all,Config,current,Apps);
+create_script(current_all_future_erts,Config) ->
+    Apps = core_apps(current) ++ [{db,"2.1"},{fe,"3.1"}],
+    do_create_script(current_all_future_erts,Config,"99.99",Apps);
+create_script(current_all_future_sasl,Config) ->
+    Apps = [{kernel,current},{stdlib,current},{sasl,"9.9"},{db,"2.1"},{fe,"3.1"}],
+    do_create_script(current_all_future_sasl,Config,current,Apps).
+
+
+do_create_script(Id,Config,ErtsVsn,AppVsns) ->
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, Id),
+    {ok,Fd} = file:open(Name++".rel",write),
+    RelfileContent =
+	{release,{"Test release", string:to_upper(atom_to_list(Id))},
+	 {erts,erts_vsn(ErtsVsn)},
+	 app_vsns(AppVsns)},
+    io:format(Fd,"~p.~n",[RelfileContent]),
+    ok = file:close(Fd),
     {filename:dirname(Name), filename:basename(Name)}.
 
+core_apps(Vsn) ->
+    [{App,Vsn} || App <- [kernel,stdlib,sasl]].
+
+app_vsns(AppVsns) ->
+    [{App,app_vsn(App,Vsn)} || {App,Vsn} <- AppVsns] ++
+	[{App,app_vsn(App,Vsn),Type} || {App,Vsn,Type} <- AppVsns].
+app_vsn(App,current) ->
+    application:load(App),
+    {ok,Vsn} = application:get_key(App,vsn),
+    Vsn;
+app_vsn(_App,Vsn) ->
+    Vsn.
+
+erts_vsn(current) -> erlang:system_info(version);
+erts_vsn(Vsn) -> Vsn.
+
+
 create_include_files(inc1, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc1),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc1),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc2, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc2),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc2),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t6 does not include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc3, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc3),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc3),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does not include t2 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc4, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc4),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc4),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does not include t2 !
     %% t6 does not include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc5, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc5),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc5),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t6 does not include t5 !
     %% exclude t5.
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc6, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc6),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc6),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does include non existing t2 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc7, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc7),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc7),
     create_apps(PrivDir),
     create_app(t7, PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t7 and t6 does include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t7, \"1.0\"}, {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t7, \"1.0\"}, {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc8, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc8),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc8),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t8 uses t9 and t10 includes t9 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc9, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc9),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc9),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t8 uses t9, t9 uses t10 and t10 includes t8 ==> circular !!
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\", [t8]}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\", [t8]}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc10, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc10),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc10),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t9 tries to include not specified (in .app file) application !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\", [t7]}, {t10, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\", [t7]}, {t10, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc11, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc11),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc11),
     create_apps2(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t11, \"1.0\"}, \n"
-          "  {t12, \"1.0\"}, \n"
-          "  {t13, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t11, \"1.0\"}, \n"
+	"  {t12, \"1.0\"}, \n"
+	"  {t13, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
-create_include_files(otp_3065, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, otp_3065),
+create_include_files(otp_3065_circular_dependenies, Config) ->
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, otp_3065_circular_dependenies),
     create_apps_3065(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {chAts, \"1.0\"}, {aa12, \"1.0\"}, \n"
-          "  {chTraffic, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {chAts, \"1.0\"}, {aa12, \"1.0\"}, \n"
+	"  {chTraffic, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)}.
 
 create_apps(Dir) ->
     T1 = "{application, t1,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [kernel, stdlib]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [kernel, stdlib]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't1.app'), list_to_binary(T1)),
 
     T2 = "{application, t2,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t1]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t1]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't2.app'), list_to_binary(T2)),
 
     T3 = "{application, t3,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t2]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t2]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't3.app'), list_to_binary(T3)),
 
     T4 = "{application, t4,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t3]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t3]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't4.app'), list_to_binary(T4)),
 
     T5 = "{application, t5,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t3]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t3]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't5.app'), list_to_binary(T5)),
 
     T6 = "{application, t6,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t4, t5]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t4, t5]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't6.app'), list_to_binary(T6)).
 
 create_app(t7, Dir) ->
     T7 = "{application, t7,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t5]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t5]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't7.app'), list_to_binary(T7)).
 
 create_circular_apps(Dir) ->
     T8 = "{application, t8,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t9]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t9]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't8.app'), list_to_binary(T8)),
 
     T9 = "{application, t9,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t10]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t10]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't9.app'), list_to_binary(T9)),
 
     T10 = "{application, t10,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t8, t9]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t8, t9]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't10.app'), list_to_binary(T10)).
 
 create_apps2(Dir) ->
     T11 = "{application, t11,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t13]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t13]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't11.app'), list_to_binary(T11)),
 
     T12 = "{application, t12,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t11]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t11]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't12.app'), list_to_binary(T12)),
 
     T13 = "{application, t13,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't13.app'), list_to_binary(T13)).
 
 
 
 create_apps_3065(Dir) ->
     T11 = "{application, chTraffic,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [chAts]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [chAts]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'chTraffic.app'), list_to_binary(T11)),
 
     T12 = "{application, chAts,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [aa12]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [aa12]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'chAts.app'), list_to_binary(T12)),
 
     T13 = "{application, aa12,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [chAts]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [chAts]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'aa12.app'), list_to_binary(T13)).
 
 fname(N) ->
diff --git a/lib/sasl/test/systools_SUITE_data/d_bad_appup/lib/fe-2.1/ebin/fe.app b/lib/sasl/test/systools_SUITE_data/d_bad_appup/lib/fe-2.1/ebin/fe.app
new file mode 100644
index 0000000000..3cb0b0c2cf
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/d_bad_appup/lib/fe-2.1/ebin/fe.app
@@ -0,0 +1,7 @@
+{application, fe,
+ [{description, "ERICSSON NR FOR FE"},
+  {vsn, "2.1"},
+  {modules, [{fe1, "1.0"}, {fe2, "1.0"}, {fe3, "2.0"}]},
+  {registered, []},
+  {applications, []},
+  {mod, {fe1, []}}]}.
diff --git a/lib/sasl/test/systools_SUITE_data/d_no_appup/lib/fe-500.18.7/ebin/fe.app b/lib/sasl/test/systools_SUITE_data/d_no_appup/lib/fe-500.18.7/ebin/fe.app
new file mode 100644
index 0000000000..3a5c0ddd9b
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/d_no_appup/lib/fe-500.18.7/ebin/fe.app
@@ -0,0 +1,7 @@
+{application, fe,
+ [{description, "ERICSSON NR FOR FE"},
+  {vsn, "500.18.7"},
+  {modules, [{fe1, "1.0"}, {fe2, "1.0"}, {fe3, "2.0"}]},
+  {registered, []},
+  {applications, []},
+  {mod, {fe1, []}}]}.
diff --git a/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-2.1.1/ebin/fe.app b/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-2.1.1/ebin/fe.app
new file mode 100644
index 0000000000..c7ba1dfe91
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-2.1.1/ebin/fe.app
@@ -0,0 +1,8 @@
+{application, fe,
+   [{description, "ERICSSON NR FOR FE"},
+    {vsn, "2.1.1"},
+    {modules, [{fe1, "1.0"}, {fe2, "1.0"}, {fe3, "2.0"}]},
+    {registered, []},
+    {applications, []},
+    {env, []},
+    {start, {fe2, start, []}}]}.
diff --git a/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-2.1/ebin/fe.app b/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-2.1/ebin/fe.app
new file mode 100644
index 0000000000..47ea248720
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-2.1/ebin/fe.app
@@ -0,0 +1,8 @@
+{application, fe,
+   [{description, "ERICSSON NR FOR FE"},
+    {vsn, "2.1"},
+    {modules, [{fe1, "1.0"}, {fe2, "1.0"}, {fe3, "2.0"}]},
+    {registered, []},
+    {applications, []},
+    {env, []},
+    {start, {fe2, start, []}}]}.
diff --git a/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-3.1/ebin/fe.app b/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-3.1/ebin/fe.app
new file mode 100644
index 0000000000..0696e2494c
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-3.1/ebin/fe.app
@@ -0,0 +1,7 @@
+{application, fe,
+ [{description, "ERICSSON NR FOR FE"},
+  {vsn, "3.1"},
+  {modules, [{fe1, "1.0"}, {fe2, "1.0"}, {fe3, "2.0"}]},
+  {registered, []},
+  {applications, []},
+  {mod, {fe1, []}}]}.
diff --git a/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-3.1/ebin/fe.appup b/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-3.1/ebin/fe.appup
new file mode 100644
index 0000000000..6b99c47e53
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/d_regexp_appup/lib/fe-3.1/ebin/fe.appup
@@ -0,0 +1,28 @@
+%% -*- erlang -*-
+%% Release upgrade script for fe (front end)
+%%
+
+{
+  "3.1",
+  %% Upgrade from:
+  [
+   {<<"2\\.[0-9]+">>, % matches 2.X in full length and 2.X.Y... only partly
+    [{update, fe1, soft, soft_purge, soft_purge, []},
+     {update, fe2, soft, soft_purge, soft_purge, [fe1]},
+     {update, fe3, {advanced, extra}, soft_purge, soft_purge, [fe1, fe2]}
+    ]},
+   {<<"2(\\.[0-9]+)+">>, % matches 2.X.Y... in full length
+    [{update, fe1, soft, soft_purge, soft_purge, []},
+     {update, fe2, soft, soft_purge, soft_purge, [fe1]},
+     {update, fe3, {advanced, extra}, soft_purge, soft_purge,[fe1, fe2]},
+     restart_emulator]}
+  ],
+
+  %% Downgrade to:
+  [
+   {<<"2\\.[0-9]+">>, % matches 2.X in full length and 2.X.Y... only partly
+    [{update, fe2, soft, soft_purge, soft_purge, []},
+     {update, fe3, {advanced, extra}, soft_purge, soft_purge, [fe2]}
+    ]}
+  ]
+}.
diff --git a/lib/sasl/test/systools_SUITE_data/lib/sasl-9.9/ebin/sasl.app b/lib/sasl/test/systools_SUITE_data/lib/sasl-9.9/ebin/sasl.app
new file mode 100644
index 0000000000..3bcc1a4619
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/lib/sasl-9.9/ebin/sasl.app
@@ -0,0 +1,6 @@
+{application, sasl,
+ [{description, "FAKE FUTURE SASL"},
+  {vsn, "9.9"},
+  {modules, []},
+  {registered, []},
+  {applications, []}]}.
diff --git a/lib/sasl/test/systools_SUITE_data/lib/sasl-9.9/ebin/sasl.appup b/lib/sasl/test/systools_SUITE_data/lib/sasl-9.9/ebin/sasl.appup
new file mode 100644
index 0000000000..cff0c69b6e
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/lib/sasl-9.9/ebin/sasl.appup
@@ -0,0 +1,12 @@
+%%
+%% Fake release upgrade script for sasl
+%%
+
+{
+ "9.9",
+ [{<<".+">>,[restart_new_emulator]}
+ ],
+
+ [{<<".+">>,[restart_new_emulator]}
+ ]
+}.
diff --git a/lib/sasl/test/systools_SUITE_data/lib/sasl/ebin/sasl.app b/lib/sasl/test/systools_SUITE_data/lib/sasl/ebin/sasl.app
new file mode 100644
index 0000000000..aaeb37fa4d
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/lib/sasl/ebin/sasl.app
@@ -0,0 +1,6 @@
+{application, sasl,
+ [{description, "FAKE SASL"},
+  {vsn, "1.0"},
+  {modules, []},
+  {registered, []},
+  {applications, []}]}.
diff --git a/lib/sasl/test/systools_SUITE_data/lib/sasl/ebin/sasl.appup b/lib/sasl/test/systools_SUITE_data/lib/sasl/ebin/sasl.appup
new file mode 100644
index 0000000000..796a1e7368
--- /dev/null
+++ b/lib/sasl/test/systools_SUITE_data/lib/sasl/ebin/sasl.appup
@@ -0,0 +1,12 @@
+%%
+%% Fake release upgrade script for sasl
+%%
+
+{
+ "1.0",
+ [
+ ],
+
+ [
+ ]
+}.
diff --git a/lib/sasl/test/systools_rc_SUITE.erl b/lib/sasl/test/systools_rc_SUITE.erl
index bb93f38fa7..bd4aa9e7a7 100644
--- a/lib/sasl/test/systools_rc_SUITE.erl
+++ b/lib/sasl/test/systools_rc_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -18,17 +18,18 @@
 %%
 -module(systools_rc_SUITE).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -include_lib("sasl/src/systools.hrl").
 -export([all/0,groups/0,init_per_group/2,end_per_group/2, 
-	 syntax_check/1, translate/1, translate_app/1]).
+	 syntax_check/1, translate/1, translate_app/1,
+	 translate_emulator_restarts/1]).
 
 %%-----------------------------------------------------------------
 %% erl -compile systools_rc_SUITE @i ../src/ @i ../../test_server/include/
 %% c(systools_rc_SUITE, [{i, "../src"}, {i, "../../test_server/include"}]).
 %%-----------------------------------------------------------------
 all() -> 
-    [syntax_check, translate, translate_app].
+    [syntax_check, translate, translate_app, translate_emulator_restarts].
 
 groups() -> 
     [].
@@ -40,7 +41,6 @@ end_per_group(_GroupName, Config) ->
     Config.
 
 
-syntax_check(suite) -> [];
 syntax_check(Config) when is_list(Config) ->
     PreApps =
 	[#application{name = test,
@@ -68,8 +68,8 @@ syntax_check(Config) when is_list(Config) ->
 	  {update, baz, 5000, soft, brutal_purge, brutal_purge, []},
 	  {add_module, new_mod},
 	  {remove_application, snmp}
-	  ],
-    ?line {ok, _} = systools_rc:translate_scripts([S1], Apps, PreApps),
+	 ],
+    {ok, _} = systools_rc:translate_scripts([S1], Apps, PreApps),
     S2 = [
 	  {apply, {m, f, [a]}},
 	  {load_object_code, {tst, "1.0", [new_mod]}},
@@ -87,42 +87,42 @@ syntax_check(Config) when is_list(Config) ->
 	  {sync_nodes, id1, {m, f, [a]}},
 	  {sync_nodes, id2, [cp1, cp2]},
 	  {apply, {m,f,[a]}},
-	  restart_new_emulator
-	  ],
-    ?line {ok, _} = systools_rc:translate_scripts([S2], Apps, []),
+	  restart_new_emulator,
+	  restart_emulator
+	 ],
+    {ok, _} = systools_rc:translate_scripts([S2], Apps, []),
     S3 = [{apply, {m, f, a}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S3], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S3], Apps, []),
     S3_1 = [{apply, {m, 3, a}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S3_1], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S3_1], Apps, []),
     S4 = [{apply, {m, f}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S4], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S4], Apps, []),
     S5 = [{load_object_code, hej}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S5], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S5], Apps, []),
     S6 = [{load_object_code, {342, "1.0", [foo]}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S6], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S6], Apps, []),
     S7 = [{load_object_code, {tets, "1.0", foo}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S7], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S7], Apps, []),
     S8 = [{suspend, [m1]}, point_of_no_return],
-    ?line {error, _, _} = systools_rc:translate_scripts([S8], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S8], Apps, []),
     S9 = [{update, ba, {advanced, extra}, brutal_purge, brutal_purge, []}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S9], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S9], Apps, []),
     S10 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, [baz]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S10], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S10], Apps, []),
     S11 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S11], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S11], Apps, []),
     S12 = [{update, bar, advanced, brutal_purge, brutal_purge, []}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S12], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S12], Apps, []),
     S13 = [{update, bar, {advanced, extra}, rutal_purge, brutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S13], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S13], Apps, []),
     S14 = [{update, bar, {advanced, extra}, brutal_purge, rutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S14], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S14], Apps, []),
     S15 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, ba}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S15], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S15], Apps, []),
     S16 = [{code_change, [module]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S16], Apps, []),
-    ?line ok.
+    {error, _, _} = systools_rc:translate_scripts([S16], Apps, []),
+    ok.
 
-translate(suite) -> [];
 translate(Config) when is_list(Config) ->
     Apps =
 	[#application{name = test,
@@ -134,170 +134,170 @@ translate(Config) when is_list(Config) ->
 		      mod = {sasl, []}}],
     %% Simple translation (1)
     Up1 = [{update, foo, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]}] = X1,
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X1,
 
     %% Simple translation (2)
     Up2 = [{update, foo, {advanced, extra}, soft_purge, soft_purge, []}],
-    ?line {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, up, [{foo, extra}]},
-	   {resume,[foo]}] = X2,
-
-    ?line {ok, X22} = systools_rc:translate_scripts(dn,[Up2], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {code_change, down, [{foo, extra}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]}] = X22,
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, up, [{foo, extra}]},
+     {resume,[foo]}] = X2,
+
+    {ok, X22} = systools_rc:translate_scripts(dn,[Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {code_change, down, [{foo, extra}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X22,
 
     Up2a = [{update, foo, static, default, {advanced,extra},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X2a} = systools_rc:translate_scripts([Up2a], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, up, [{foo, extra}]},
-	   {resume,[foo]}] = X2a,
-
-    ?line {ok, X22a} = systools_rc:translate_scripts(dn,[Up2a], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, down, [{foo, extra}]},
-	   {resume,[foo]}] = X22a,
+    {ok, X2a} = systools_rc:translate_scripts([Up2a], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, up, [{foo, extra}]},
+     {resume,[foo]}] = X2a,
+
+    {ok, X22a} = systools_rc:translate_scripts(dn,[Up2a], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, down, [{foo, extra}]},
+     {resume,[foo]}] = X22a,
 
     %% Simple dependency (1)
     Up3 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X31} = systools_rc:translate_scripts([Up3], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X31,
-    ?line {ok, X32} = systools_rc:translate_scripts(dn,[Up3], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X32,
+    {ok, X31} = systools_rc:translate_scripts([Up3], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X31,
+    {ok, X32} = systools_rc:translate_scripts(dn,[Up3], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X32,
 
     Up3a = [{update, foo, static, default, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, static, default, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X3a1} = systools_rc:translate_scripts([Up3a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo, bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X3a1,
-    ?line {ok, X3a2} = systools_rc:translate_scripts(dn,[Up3a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X3a2,
+    {ok, X3a1} = systools_rc:translate_scripts([Up3a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo, bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X3a1,
+    {ok, X3a2} = systools_rc:translate_scripts(dn,[Up3a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X3a2,
 
     %%  Simple dependency (2)
     Up4 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, {advanced, []}, soft_purge, soft_purge, []}],
-    ?line {ok, X4} = systools_rc:translate_scripts(up,[Up4], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4,
-
-    ?line {ok, X42} = systools_rc:translate_scripts(dn,[Up4], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X42,
+    {ok, X4} = systools_rc:translate_scripts(up,[Up4], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4,
+
+    {ok, X42} = systools_rc:translate_scripts(dn,[Up4], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X42,
 
     Up4a = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, static, infinity, {advanced, []},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X4a} = systools_rc:translate_scripts(up,[Up4a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4a,
-
-    ?line {ok, X42a} = systools_rc:translate_scripts(dn,[Up4a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X42a,
+    {ok, X4a} = systools_rc:translate_scripts(up,[Up4a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4a,
+
+    {ok, X42a} = systools_rc:translate_scripts(dn,[Up4a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{bar,[]}]},
+     {resume,[bar,foo]}] = X42a,
 
     Up4b = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, dynamic, infinity, {advanced, []},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X4b} = systools_rc:translate_scripts(up,[Up4b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4b,
-
-    ?line {ok, X42b} = systools_rc:translate_scripts(dn,[Up4b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X42b,
+    {ok, X4b} = systools_rc:translate_scripts(up,[Up4b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4b,
+
+    {ok, X42b} = systools_rc:translate_scripts(dn,[Up4b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X42b,
 
     %% More complex dependency
     Up5 = [{update, foo, soft, soft_purge, soft_purge, [bar, baz]},
 	   {update, bar, {advanced, []}, soft_purge, soft_purge, []},
 	   {update, baz, {advanced, baz}, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,baz,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz},{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5,
-
-    ?line {ok, X52} = systools_rc:translate_scripts(dn,[Up5], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,baz,bar]},
-	   {code_change,down,[{baz,baz},{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,baz,foo]}] = X52,
+    {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[foo,baz,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz},{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5,
+
+    {ok, X52} = systools_rc:translate_scripts(dn,[Up5], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[foo,baz,bar]},
+     {code_change,down,[{baz,baz},{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,baz,foo]}] = X52,
 
     Up5a = [{update, foo, dynamic, infinity, soft, soft_purge,
 	     soft_purge, [bar, baz]},
@@ -305,26 +305,26 @@ translate(Config) when is_list(Config) ->
 	     soft_purge, []},
 	    {update, baz, dynamic, default, {advanced, baz}, soft_purge,
 	     soft_purge, [bar]}],
-    ?line {ok, X5a} = systools_rc:translate_scripts([Up5a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz}, {bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5a,
-
-    ?line {ok, X52a} = systools_rc:translate_scripts(dn,[Up5a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {code_change,down,[{baz,baz}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X52a,
+    {ok, X5a} = systools_rc:translate_scripts([Up5a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz}, {bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5a,
+
+    {ok, X52a} = systools_rc:translate_scripts(dn,[Up5a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {code_change,down,[{baz,baz}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X52a,
 
     Up5b = [{update, foo, dynamic, infinity, soft, soft_purge,
 	     soft_purge, [bar, baz]},
@@ -332,65 +332,65 @@ translate(Config) when is_list(Config) ->
 	     soft_purge, []},
 	    {update, baz, static, default, {advanced, baz}, soft_purge,
 	     soft_purge, [bar]}],
-    ?line {ok, X5b} = systools_rc:translate_scripts([Up5b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz},{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5b,
-
-    ?line {ok, X52b} = systools_rc:translate_scripts(dn,[Up5b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{baz,baz}]},
-	   {resume,[bar,baz,foo]}] = X52b,
+    {ok, X5b} = systools_rc:translate_scripts([Up5b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz},{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5b,
+
+    {ok, X52b} = systools_rc:translate_scripts(dn,[Up5b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{baz,baz}]},
+     {resume,[bar,baz,foo]}] = X52b,
 
     %% Simple circular dependency (1)
     Up6 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, soft, soft_purge, soft_purge, [foo]}],
-    ?line {ok, X61} = systools_rc:translate_scripts([Up6], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X61,
-    ?line {ok, X62} = systools_rc:translate_scripts(dn,[Up6], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X62,
+    {ok, X61} = systools_rc:translate_scripts([Up6], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X61,
+    {ok, X62} = systools_rc:translate_scripts(dn,[Up6], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X62,
 
     %% Simple circular dependency (2)
     Up7 = [{update, foo, soft, soft_purge, soft_purge, [bar, baz]},
 	   {update, bar, soft, soft_purge, soft_purge, [foo]},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X71} = systools_rc:translate_scripts([Up7], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar,baz]},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[baz, bar, foo]}] = X71,
-    ?line {ok, X72} = systools_rc:translate_scripts(dn,[Up7], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar,baz]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {resume,[baz,bar,foo]}] = X72,
+    {ok, X71} = systools_rc:translate_scripts([Up7], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {suspend,[foo,bar,baz]},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[baz, bar, foo]}] = X71,
+    {ok, X72} = systools_rc:translate_scripts(dn,[Up7], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {suspend,[foo,bar,baz]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {resume,[baz,bar,foo]}] = X72,
 
     %% Complex circular dependencies, check only order
     %%
@@ -400,20 +400,20 @@ translate(Config) when is_list(Config) ->
 	   {update, z, soft, soft_purge, soft_purge, [x]},
 	   {update, bar, soft, soft_purge, soft_purge, [baz]},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X8} = systools_rc:translate_scripts([Up8], Apps, []),
-    ?line {value, {suspend, Order}} = lists:keysearch(suspend, 1, X8),
-    ?line Rest = case lists:reverse(Order) of
-		     [bar, baz | R] -> R;
-		     [baz, bar | R] -> R
-		 end,
-    ?line case Rest of
-	      [y, z, x, foo] -> ok;
-	      [y, x, z, foo] -> ok;
-	      [foo, y, z, x] -> ok;
-	      [foo, y, x, z] -> ok;
-	      [y, foo, z, x] -> ok;
-	      [y, foo, x, z] -> ok
-	  end,
+    {ok, X8} = systools_rc:translate_scripts([Up8], Apps, []),
+    {value, {suspend, Order}} = lists:keysearch(suspend, 1, X8),
+    Rest = case lists:reverse(Order) of
+	       [bar, baz | R] -> R;
+	       [baz, bar | R] -> R
+	   end,
+    case Rest of
+	[y, z, x, foo] -> ok;
+	[y, x, z, foo] -> ok;
+	[foo, y, z, x] -> ok;
+	[foo, y, x, z] -> ok;
+	[y, foo, z, x] -> ok;
+	[y, foo, x, z] -> ok
+    end,
 
     %% Check that order among other instructions isn't changed
     Up9 = [{update, foo, soft, soft_purge, soft_purge, [baz]},
@@ -428,13 +428,12 @@ translate(Config) when is_list(Config) ->
 	   {apply, {m, f, [5]}},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]},
 	   {apply, {m, f, [6]}}],
-    ?line {ok, X9} = systools_rc:translate_scripts([Up9], Apps, []),
+    {ok, X9} = systools_rc:translate_scripts([Up9], Apps, []),
     Other2 = [X || {apply, {m, f, [X]}} <- X9],
-    ?line [1,2,3,4,5,6] = lists:sort(Other2),
-    ?line ok.
+    [1,2,3,4,5,6] = lists:sort(Other2),
+    ok.
 
 
-translate_app(suite) -> [];
 translate_app(Config) when is_list(Config) ->
     PreApps =
 	[#application{name = test,
@@ -459,30 +458,112 @@ translate_app(Config) when is_list(Config) ->
     %% Simple translation (1)
     Up1 = [{add_module, foo},
 	   {add_module, bar}],
-    ?line {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {load,{foo,brutal_purge,brutal_purge}},
-	   {load,{bar,brutal_purge,brutal_purge}}] = X1,
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {load,{foo,brutal_purge,brutal_purge}},
+     {load,{bar,brutal_purge,brutal_purge}}] = X1,
 
     %% Simple translation (2)
     Up2 = [{add_application, test}],
-    ?line {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
-io:format("X2=~p~n", [X2]),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {load,{foo,brutal_purge,brutal_purge}},
-	   {load,{bar,brutal_purge,brutal_purge}},
-	   {load,{baz,brutal_purge,brutal_purge}},
-	   {apply,{application,start,[test,permanent]}}] = X2,
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    io:format("X2=~p~n", [X2]),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {load,{foo,brutal_purge,brutal_purge}},
+     {load,{bar,brutal_purge,brutal_purge}},
+     {load,{baz,brutal_purge,brutal_purge}},
+     {apply,{application,start,[test,permanent]}}] = X2,
 
     %% Simple translation (3)
     Up3 = [{remove_application, pelle}],
-    ?line {ok, X3} = systools_rc:translate_scripts([Up3], Apps, PreApps),
-    ?line [point_of_no_return,
-	   {apply,{application,stop,[pelle]}},
-	   {remove,{pelle,brutal_purge,brutal_purge}},
-	   {remove,{kalle,brutal_purge,brutal_purge}},
-	   {purge,[pelle,kalle]},
-	   {apply,{application,unload,[pelle]}}] = X3,
-    ?line ok.
+    {ok, X3} = systools_rc:translate_scripts([Up3], Apps, PreApps),
+    [point_of_no_return,
+     {apply,{application,stop,[pelle]}},
+     {remove,{pelle,brutal_purge,brutal_purge}},
+     {remove,{kalle,brutal_purge,brutal_purge}},
+     {purge,[pelle,kalle]},
+     {apply,{application,unload,[pelle]}}] = X3,
+    ok.
+
+
+translate_emulator_restarts(_Config) ->
+    Apps =
+	[#application{name = test,
+		      description = "TEST",
+		      vsn = "1.0",
+		      modules = [{foo,1},{bar,1},{baz,1}],
+		      regs = [],
+		      mod = {sasl, []}},
+	 #application{name = test,
+		      description = "TEST2",
+		      vsn = "1.0",
+		      modules = [{x,1},{y,1},{z,1}],
+		      regs = [],
+		      mod = {sasl, []}}],
+    %% restart_new_emulator
+    Up1 = [{update, foo, soft, soft_purge, soft_purge, []},restart_new_emulator],
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X1,
+
+    %% restart_emulator
+    Up2 = [{update, foo, soft, soft_purge, soft_purge, []},restart_emulator],
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     restart_emulator] = X2,
+
+    %% restart_emulator + restart_new_emulator
+    Up3 = [{update, foo, soft, soft_purge, soft_purge, []},
+	   restart_emulator,
+	   restart_new_emulator],
+    {ok, X3} = systools_rc:translate_scripts([Up3], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     restart_emulator] = X3,
+
+    %% restart_emulator + restart_new_emulator
+    Up4a = [{update, foo, soft, soft_purge, soft_purge, []},
+	    restart_emulator,
+	    restart_new_emulator],
+    Up4b = [restart_new_emulator,
+	    {update, x, soft, soft_purge, soft_purge, []},
+	    restart_emulator,
+	    restart_emulator],
+    {ok, X4} = systools_rc:translate_scripts([Up4a,Up4b], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo,x]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     {suspend,[x]},
+     {load,{x,soft_purge,soft_purge}},
+     {resume,[x]},
+     restart_emulator] = X4,
+
+    %% only restart_new_emulator
+    Up5 = [restart_new_emulator],
+    {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
+    [restart_new_emulator,
+     point_of_no_return] = X5,
+
+    %% only restart_emulator
+    Up6 = [restart_emulator],
+    {ok, X6} = systools_rc:translate_scripts([Up6], Apps, []),
+    [point_of_no_return,
+     restart_emulator] = X6,
+
+    ok.
diff --git a/lib/sasl/test/test_lib.hrl b/lib/sasl/test/test_lib.hrl
new file mode 100644
index 0000000000..eeef721647
--- /dev/null
+++ b/lib/sasl/test/test_lib.hrl
@@ -0,0 +1,3 @@
+-define(ertsvsn,"4.4").
+-define(kernelvsn,"2.14.3").
+-define(stdlibvsn,"1.17.3").
diff --git a/lib/sasl/vsn.mk b/lib/sasl/vsn.mk
index 2db134af48..23694f1399 100644
--- a/lib/sasl/vsn.mk
+++ b/lib/sasl/vsn.mk
@@ -1 +1 @@
-SASL_VSN = 2.1.10
+SASL_VSN = 2.2
diff --git a/lib/snmp/doc/src/Makefile b/lib/snmp/doc/src/Makefile
index aa9431477c..8645886590 100644
--- a/lib/snmp/doc/src/Makefile
+++ b/lib/snmp/doc/src/Makefile
@@ -28,14 +28,6 @@ VSN = $(SNMP_VSN)
 APPLICATION=snmp
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -88,40 +80,10 @@ MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 MAN6_FILES = $(XML_REF6_FILES:%_app.xml=$(MAN6DIR)/%.6)
 MAN7_FILES = $(MIB_FILES:$(MIBSDIR)/%.mib=$(MAN7DIR)/%.7)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = \
-	$(XML_REF1_FILES:%.xml=%.tex) \
-	$(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_REF6_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_PART_FILES = $(XML_PART_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = snmp-$(VSN).pdf
-TOP_PS_FILE  = snmp-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	@echo "building $(TOP_PDF_FILE)"
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	@echo "building $(TOP_PS_FILE)"
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-TOP_HTML_FILES = $(INDEX_TARGET) 
-
-endif 
-
 INDEX_FILE   = index.html
 INDEX_SRC    = $(INDEX_FILE).src
 INDEX_TARGET = $(DOCDIR)/$(INDEX_FILE)
@@ -141,8 +103,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif			# Copy them to ../html
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 ldocs: local_docs $(INDEX_TARGET)
@@ -157,47 +117,6 @@ html2: html $(INDEX_TARGET)
 clean clean_docs: clean_html clean_man clean_pdf
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) $(TOP_HTML_FILES) gifs 
-
-html2: gifs $(TOP_HTML_FILES) $(HTML_FILES) $(HTML_REF1_FILES) $(HTML_REF3_FILES) $(HTML_REF6_FILES) $(HTML_CHAP_FILES) 
-
-clean: clean_tex clean_html clean_man clean_docs
-
-
-clean_tex:
-	@echo "cleaning tex:"
-	rm -f $(TEX_FILES_USERS_GUIDE) 
-	rm -f $(TEX_FILES_REF_MAN) 
-	rm -f $(TEX_PART_FILES) 
-	rm -f $(TEX_FILES_BOOK)
-
-clean_docs: 
-	@echo "cleaning docs:"
-	rm -f $(TOP_PDF_FILE) 
-	rm -f $(TOP_PS_FILE)
-	rm -f core $(LATEX_CLEAN)
-
-
-$(HTML_PART_FILES): notes.xml
-
-endif
-
 $(INDEX_TARGET): $(INDEX_SRC) ../../vsn.mk	# Create top make file 
 	sed -e 's;%VSN%;$(VSN);' $< > $@	# inserting version number
 
@@ -246,12 +165,10 @@ $(MAN7DIR)/%.7: $(MIBSDIR)/%.mib
 
 $(MAN1DIR)/snmpc.1: snmpc_cmd.xml
 	date=`date +"%B %e %Y"`; \
-        xsltproc --output "$@" --stringparam company "Ericsson AB" --stringparam docgen "$(DOCGEN)" --stringparam gendate "$$date" --stringparam appname "$(APPLICATION)" --stringparam appver "$(VSN)" --xinclude -path $(DOCGEN)/priv/docbuilder_dtd  -path $(DOCGEN)/priv/dtd_man_entities $(DOCGEN)/priv/xsl/db_man.xsl $<
+        xsltproc --output "$@" --stringparam company "Ericsson AB" --stringparam docgen "$(DOCGEN)" --stringparam gendate "$$date" --stringparam appname "$(APPLICATION)" --stringparam appver "$(VSN)" --xinclude -path $(DOCGEN)/priv/dtd  -path $(DOCGEN)/priv/dtd_man_entities $(DOCGEN)/priv/xsl/db_man.xsl $<
 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -268,55 +185,13 @@ release_docs_spec: docs
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man7
 	$(INSTALL_DATA) $(MAN7DIR)/* $(RELEASE_PATH)/man/man7
 
-else
-
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man1
-	$(INSTALL_DATA) $(MAN1_FILES) $(RELEASE_PATH)/man/man1
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man6
-	$(INSTALL_DATA) $(MAN6_FILES) $(RELEASE_PATH)/man/man6
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man7
-	$(INSTALL_DATA) $(MAN7_FILES) $(RELEASE_PATH)/man/man7
-	$(INSTALL_DATA) $(TOP_HTML_FILES) \
-		$(RELSYSDIR)/doc
-endif
-endif
-
-endif 
-
 release_spec:
 
-ifdef DOCSUPPORT
 info: info_xml info_man info_html
 	@echo "MAN1DIR: $(MAN1DIR)"
 	@echo "MAN3DIR: $(MAN3DIR)"
 	@echo "MAN6DIR: $(MAN6DIR)"
 	@echo "MAN7DIR: $(MAN7DIR)"
-else
-info: info_xml info_man info_html info_tex
-	@echo "DVI2PS        = $(DVI2PS)"
-	@echo "DVIPS_FLAGS   = $(DVIPS_FLAGS)"
-	@echo ""
-	@echo "DISTILL       = $(DISTILL)"
-	@echo "DISTILL_FLAGS = $(DISTILL_FLAGS)"
-endif
 
 info_man: 
 	@echo "man files:"
@@ -362,14 +237,3 @@ info_html:
 	@echo "HTML_REF3_FILES = $(HTML_REF3_FILES)"
 	@echo "HTML_REF6_FILES = $(HTML_REF6_FILES)"
 	@echo "HTML_CHAP_FILES = $(HTML_CHAP_FILES)"
-
-info_tex: 
-	@echo "tex files:"
-	@echo "TEX_FILES_USERS_GUIDE = $(TEX_FILES_USERS_GUIDE)"
-	@echo "TEX_FILES_REF_MAN     = $(TEX_FILES_REF_MAN)"
-	@echo "TEX_PART_FILES        = $(TEX_PART_FILES)"
-	@echo "TEX_FILES_BOOK        = $(TEX_FILES_BOOK)"
-
-ifndef DOCSUPPORT
-include depend.mk
-endif
diff --git a/lib/snmp/doc/src/depend.mk b/lib/snmp/doc/src/depend.mk
deleted file mode 100644
index 20a523dd8c..0000000000
--- a/lib/snmp/doc/src/depend.mk
+++ /dev/null
@@ -1,83 +0,0 @@
-#-*-makefile-*-   ; force emacs to enter makefile-mode
-
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 2004-2011. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-
-$(HTMLDIR)/part_notes.html: \
-	part_notes_history.xml \
-	part_notes.xml \
-	notes_history.xml \
-	notes.xml
-
-$(HTMLDIR)/part.html: \
-	part.xml \
-	snmp_intro.xml \
-	snmp_agent_funct_descr.xml \
-	snmp_manager_funct_descr.xml \
-	snmp_mib_compiler.xml \
-	snmp_config.xml \
-	snmp_agent_config_files.xml \
-	snmp_manager_config_files.xml \
-	snmp_impl_example_agent.xml \
-	snmp_impl_example_manager.xml \
-	snmp_instr_functions.xml \
-	snmp_def_instr_functions.xml \
-	snmp_agent_netif.xml \
-	snmp_manager_netif.xml \
-	snmp_audit_trail_log.xml \
-	snmp_advanced_agent.xml \
-	snmp_app_a.xml \
-	snmp_app_b.xml
-
-$(HTMLDIR)/ref_man.html: \
-	ref_man.xml \
-	snmp_app.xml \
-	snmp.xml \
-	snmpc.xml \
-	snmpc_cmd.xml \
-	snmpa.xml \
-	snmpa_conf.xml \
-	snmpa_discovery_handler.xml \
-	snmpa_error_report.xml \
-	snmpa_error.xml \
-	snmpa_error_io.xml \
-	snmpa_error_logger.xml \
-	snmpa_local_db.xml \
-	snmpa_mpd.xml \
-	snmpa_network_interface.xml \
-	snmpa_network_interface_filter.xml \
-	snmpa_notification_delivery_info_receiver.xml \
-	snmpa_notification_filter.xml \
-	snmpa_supervisor.xml \
-	snmp_community_mib.xml \
-	snmp_framework_mib.xml \
-	snmp_generic.xml \
-	snmp_index.xml \
-	snmp_notification_mib.xml \
-	snmp_pdus.xml \
-	snmp_standard_mib.xml \
-	snmp_target_mib.xml \
-	snmp_user_based_sm_mib.xml \
-	snmp_view_based_acm_mib.xml \
-	snmpm.xml \
-	snmpm_conf.xml \
-	snmpm_mpd.xml \
-	snmpm_network_interface.xml \
-	snmpm_network_interface_filter.xml \
-	snmpm_user.xml
-
-
diff --git a/lib/snmp/doc/src/make.dep b/lib/snmp/doc/src/make.dep
deleted file mode 100644
index 223e197f25..0000000000
--- a/lib/snmp/doc/src/make.dep
+++ /dev/null
@@ -1,77 +0,0 @@
-#-*-makefile-*-   ; force emacs to enter makefile-mode
-
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 1999-2011. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex part.tex ref_man.tex snmp.tex snmp_advanced_agent.tex \
-		snmp_agent_config_files.tex snmp_agent_funct_descr.tex \
-		snmp_agent_netif.tex snmp_app.tex snmp_app_a.tex \
-		snmp_app_b.tex snmp_audit_trail_log.tex \
-		snmp_community_mib.tex \
-		snmp_config.tex snmp_def_instr_functions.tex \
-		snmp_framework_mib.tex snmp_generic.tex \
-		snmp_impl_example_agent.tex \
-		snmp_impl_example_manager.tex snmp_index.tex \
-		snmp_instr_functions.tex snmp_intro.tex \
-		snmp_manager_config_files.tex \
-		snmp_manager_funct_descr.tex snmp_manager_netif.tex \
-		snmp_mib_compiler.tex snmp_notification_mib.tex \
-		snmp_pdus.tex snmp_standard_mib.tex snmp_target_mib.tex \
-		snmp_user_based_sm_mib.tex snmp_view_based_acm_mib.tex \
-		snmpa.tex snmpa_conf.tex snmpa_error.tex snmpa_error_io.tex \
-		snmpa_error_logger.tex snmpa_error_report.tex \
-		snmpa_local_db.tex snmpa_mpd.tex \
-		snmpa_discovery_handler.tex \
-		snmpa_network_interface.tex \
-		snmpa_network_interface_filter.tex \
-		snmpa_notification_delivery_info_receiver.tex \
-		snmpa_notification_filter.tex \
-		snmpa_supervisor.tex \
-		snmpc.tex snmpc_cmd.tex snmpm.tex snmpm_conf.tex snmpm_mpd.tex \
-		snmpm_network_interface.tex snmpm_network_interface_filter.tex \
-		snmpm_user.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: MIB_mechanism.ps snmp-um-1-image-1.ps snmp-um-1-image-2.ps \
-		snmp-um-1-image-3.ps
-
-book.dvi: snmp_agent_netif_1.ps
-
-book.dvi: getnext1.ps getnext2.ps getnext3.ps getnext4.ps
-
-book.dvi: snmp_manager_netif_1.ps
-
diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml
index 3a129a9c07..942d943c3c 100644
--- a/lib/snmp/doc/src/notes.xml
+++ b/lib/snmp/doc/src/notes.xml
@@ -32,6 +32,7 @@
     <file>notes.xml</file>
   </header>
 
+
   <section>
     <title>SNMP Development Toolkit 4.21.6</title>
     <p>Version 4.21.6 supports code replacement in runtime from/to
diff --git a/lib/snmp/mibs/Makefile.in b/lib/snmp/mibs/Makefile.in
index 3af74eca75..993a67c6f2 100644
--- a/lib/snmp/mibs/Makefile.in
+++ b/lib/snmp/mibs/Makefile.in
@@ -41,8 +41,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/snmp-$(VSN)
 # ----------------------------------------------------
 
 # NOTE: 
-# 1) Order is important; some MIBs include others
-# 2) The OTP-REG mib actually belongs to another
+#    The OTP-REG mib actually belongs to another
 #    application (otp_mibs), and is exported by this
 #    app. But since that app is built later, we have 
 #    to built it here in order to be able to build 
@@ -148,6 +147,35 @@ $(ERL_TOP)/lib/snmp/bin/snmp-v2tov1: $(ERL_TOP)/lib/snmp/bin/snmp-v2tov1.src
 $(SNMP_BIN_TARGET_DIR)/OTP-REG.bin:	$(ERL_TOP)/lib/$(OTP_MIBDIR)/mibs/OTP-REG.mib
 	$(ERLC) -pa $(SNMP_TOOLKIT)/ebin -I $(SNMP_TOOLKIT)/priv/mibs $(SNMP_FLAGS) -o $(SNMP_BIN_TARGET_DIR) $<
 
+# To support parallel make, we'll need explicit dependencies
+# to ensure that an imported MIB has been compiled when it's needed.
+
+$(SNMP_BIN_TARGET_DIR)/STANDARD-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/RFC1213-MIB.bin
+
+$(SNMP_BIN_TARGET_DIR)/SNMP-TARGET-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/SNMP-FRAMEWORK-MIB.bin
+
+$(SNMP_BIN_TARGET_DIR)/SNMP-NOTIFICATION-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/SNMP-FRAMEWORK-MIB.bin \
+	$(SNMP_BIN_TARGET_DIR)/SNMP-TARGET-MIB.bin
+
+$(SNMP_BIN_TARGET_DIR)/SNMP-COMMUNITY-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/SNMP-FRAMEWORK-MIB.bin \
+	$(SNMP_BIN_TARGET_DIR)/SNMP-TARGET-MIB.bin
+
+$(SNMP_BIN_TARGET_DIR)/SNMP-USER-BASED-SM-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/SNMP-FRAMEWORK-MIB.bin
+
+$(SNMP_BIN_TARGET_DIR)/SNMP-VIEW-BASED-ACM-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/SNMP-FRAMEWORK-MIB.bin
+
+$(SNMP_BIN_TARGET_DIR)/SNMP-USM-AES-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/SNMP-FRAMEWORK-MIB.bin
+
+$(SNMP_BIN_TARGET_DIR)/OTP-SNMPEA-MIB.bin: \
+	$(SNMP_BIN_TARGET_DIR)/OTP-REG.bin
+
 clean:
 	rm -f $(TARGET_FILES)
 
@@ -185,7 +213,7 @@ info:
 	@echo "VSN         = $(VSN)"
 	@echo "RELSYSDIR   = $(RELSYSDIR)"
 
-v1/%.mib.v1: %.mib
+v1/%.mib.v1: %.mib $(ERL_TOP)/lib/snmp/bin/snmp-v2tov1
 	$(ERL_TOP)/lib/snmp/bin/snmp-v2tov1 -o $@ $<
 
 
diff --git a/lib/snmp/src/agent/snmpa_local_db.erl b/lib/snmp/src/agent/snmpa_local_db.erl
index df01091d53..5b04c70054 100644
--- a/lib/snmp/src/agent/snmpa_local_db.erl
+++ b/lib/snmp/src/agent/snmpa_local_db.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/snmp/src/agent/snmpa_set_lib.erl b/lib/snmp/src/agent/snmpa_set_lib.erl
index 9f355855b4..f5218d5409 100644
--- a/lib/snmp/src/agent/snmpa_set_lib.erl
+++ b/lib/snmp/src/agent/snmpa_set_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -368,47 +368,44 @@ make_value_a_correct_value(Value, ASN1Type, Mfa) ->
   
 dbg_apply(M,F,A) ->
     case maybe_verbose_apply(M, F, A) of
-	%% <Future proofing>
-	%% As of R15 we get extra info containing, 
-	%% among other things, line numbers.
-	{'EXIT', {undef, [{M, F, A, _} | _]}} ->
-	    {'EXIT', {hook_undef, {M, F, A}}};
-	{'EXIT', {function_clause, [{M, F, A, _} | _]}} ->
-	    {'EXIT', {hook_function_clause, {M, F, A}}};
-
-	%% This is really overkill, but just to be on the safe side...
-	{'EXIT', {undef, {M, F, A, _}}} ->
-	    {'EXIT', {hook_undef, {M, F, A}}};
-	{'EXIT', {function_clause, {M, F, A, _}}} ->
-	    {'EXIT', {hook_function_clause, {M, F, A}}};
-	%% </Future proofing>
-
-
-	%% Old format format for compatibility
-	{'EXIT', {undef, [{M, F, A} | _]}} ->
-	    {'EXIT', {hook_undef, {M, F, A}}};
-	{'EXIT', {function_clause, [{M, F, A} | _]}} ->
-	    {'EXIT', {hook_function_clause, {M, F, A}}};
-
-	% XYZ: Older format for compatibility
-	{'EXIT', {undef, {M, F, A}}} ->
-	    {'EXIT', {hook_undef, {M, F, A}}};
-	{'EXIT', {function_clause, {M, F, A}}} ->
-	    {'EXIT', {hook_function_clause, {M, F, A}}};
-
-	Result ->
-	    Result
+        %% <Future proofing>
+        %% As of R15 we get extra info containing, 
+        %% among other things, line numbers.
+        {'EXIT', {undef, [{M, F, A, _} | _]}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, [{M, F, A, _} | _]}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+        %% This is really overkill, but just to be on the safe side...
+        {'EXIT', {undef, {M, F, A, _}}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, {M, F, A, _}}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+        %% </Future proofing>
+
+        %% Old format format for compatibility
+        {'EXIT', {undef, [{M, F, A} | _]}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, [{M, F, A} | _]}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+						% XYZ: Older format for compatibility
+        {'EXIT', {undef, {M, F, A}}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, {M, F, A}}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+        Result ->
+            Result
     end.
 
-
 maybe_verbose_apply(M, F, A) ->
     case get(verbosity) of
-	false ->
-	    (catch apply(M,F,A));
-	_ ->
-	    ?vlog("~n   apply: ~w,~w,~p~n", [M,F,A]),
-	    Res = (catch apply(M,F,A)),
-	    ?vlog("~n   returned: ~p", [Res]),
-	    Res
+        false ->
+            (catch apply(M,F,A));
+        _ ->
+            ?vlog("~n   apply: ~w,~w,~p~n", [M,F,A]),
+            Res = (catch apply(M,F,A)),
+            ?vlog("~n   returned: ~p", [Res]),
+            Res
     end.
-
diff --git a/lib/snmp/src/compile/snmpc.src b/lib/snmp/src/compile/snmpc.src
index 9d1af42764..6eb95be35e 100644
--- a/lib/snmp/src/compile/snmpc.src
+++ b/lib/snmp/src/compile/snmpc.src
@@ -404,13 +404,12 @@ e(Reason) ->
 otp_release() ->
     system_info(otp_release, string).
 
-
 system_info(Tag, Type) ->
     case (catch erlang:system_info(Tag)) of
-	{'EXIT', _} ->
-	    "-";
-	Info when is_list(Info) andalso (Type =:= string) ->
-	    Info;
-	Info ->
-	    lists:flatten(io_lib:format("~w", [Info]))
+        {'EXIT', _} ->
+            "-";
+        Info when is_list(Info) andalso (Type =:= string) ->
+            Info;
+        Info ->
+            lists:flatten(io_lib:format("~w", [Info]))
     end.
diff --git a/lib/snmp/src/misc/snmp_note_store.erl b/lib/snmp/src/misc/snmp_note_store.erl
index 23fccf8a5f..608fdcd9ca 100644
--- a/lib/snmp/src/misc/snmp_note_store.erl
+++ b/lib/snmp/src/misc/snmp_note_store.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/snmp/test/Makefile b/lib/snmp/test/Makefile
index 5530805bc1..78ffb1c255 100644
--- a/lib/snmp/test/Makefile
+++ b/lib/snmp/test/Makefile
@@ -220,6 +220,10 @@ appup: make
             $(MAYBE_ESTOP)
 
 
+$(SNMP_BIN_TARGET_DIR)/Klas4.bin: $(SNMP_BIN_TARGET_DIR)/Klas3.bin
+
+$(SNMP_BIN_TARGET_DIR)/SA-MIB.bin: $(SNMP_BIN_TARGET_DIR)/OLD-SNMPEA-MIB.bin
+
 # ----------------------------------------------------
 # Release Target
 # ---------------------------------------------------- 
diff --git a/lib/snmp/test/snmp_manager_user_old.erl b/lib/snmp/test/snmp_manager_user_old.erl
index edffc80dd4..6280cef51f 100755..100644
--- a/lib/snmp/test/snmp_manager_user_old.erl
+++ b/lib/snmp/test/snmp_manager_user_old.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/doc/src/Makefile b/lib/ssh/doc/src/Makefile
index c4d8d9901c..125dcf8775 100644
--- a/lib/ssh/doc/src/Makefile
+++ b/lib/ssh/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2010. All Rights Reserved.
+# Copyright Ericsson AB 2004-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -29,15 +29,6 @@ VSN=$(SSH_VSN)
 APPLICATION=ssh
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-
-ifndef DOCSUPPORT
-include make.dep
-endif 
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -76,33 +67,10 @@ EXTRA_FILES = \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = $(APPLICATION)-$(VSN).pdf
-TOP_PS_FILE  = $(APPLICATION)-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif 
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -115,8 +83,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -131,32 +97,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES)
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ *xmls_output *xmls_errs $(LATEX_CLEAN) 
-
-endif
-
 man: $(MAN3_FILES)
 
 
@@ -168,8 +108,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -179,28 +117,5 @@ release_docs_spec: docs
 	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-endif
-endif
-
-endif
 
 release_spec:
diff --git a/lib/ssh/doc/src/make.dep b/lib/ssh/doc/src/make.dep
deleted file mode 100644
index cfe2f9617b..0000000000
--- a/lib/ssh/doc/src/make.dep
+++ /dev/null
@@ -1,19 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex ref_man.tex ssh.tex ssh_channel.tex \
-                ssh_connection.tex ssh_sftp.tex ssh_sftpd.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index 6fc4fdc43d..c6c634212f 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -29,6 +29,32 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Ssh 2.0.9</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Ssh behaviours now use the new directive "-callback".
+	    Parameters will be further specified in a later version
+	    of ssh.</p>
+          <p>
+	    Own Id: OTP-9796</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Ssh 2.0.8</title>
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssh/src/DSS.asn1 b/lib/ssh/src/DSS.asn1
index 77aca3808b..77aca3808b 100755..100644
--- a/lib/ssh/src/DSS.asn1
+++ b/lib/ssh/src/DSS.asn1
diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile
index 42880fa80b..da31d87369 100644
--- a/lib/ssh/src/Makefile
+++ b/lib/ssh/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2010. All Rights Reserved.
+# Copyright Ericsson AB 2004-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -127,13 +127,10 @@ $(APP_TARGET): $(APP_SRC) ../vsn.mk
 $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
 	sed -e 's;%VSN%;$(VSN);' $< > $@
 
-%.hrl: %.asn1
-	erlc $(ASN_FLAGS) $<
+%.erl %.hrl: %.asn1
+	$(ERLC) $(ASN_FLAGS) $<
 
-DSS.hrl DSS.erl: DSS.asn1
-PKCS-1.hrl PKCS-1.erl: PKCS-1.asn1
-
-$(EBIN)/ssh_file.$(EMULATOR): $(ASN_HRLS)
+$(EBIN)/ssh_file.$(EMULATOR) $(EBIN)/ssh_rsa.$(EMULATOR): $(ASN_HRLS)
 
 docs:
 
diff --git a/lib/ssh/src/PKCS-1.asn1 b/lib/ssh/src/PKCS-1.asn1
index e7d6b18c63..e7d6b18c63 100755..100644
--- a/lib/ssh/src/PKCS-1.asn1
+++ b/lib/ssh/src/PKCS-1.asn1
diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src
index 150b7d86dd..21a0582c06 100644
--- a/lib/ssh/src/ssh.appup.src
+++ b/lib/ssh/src/ssh.appup.src
@@ -18,7 +18,9 @@
 %%
 
 {"%VSN%",	
- [
+ [		
+  {"2.0.8", [{load_module, ssh_sftpd_file_api, soft_purge, soft_purge, []},
+             {load_module, ssh_channel, soft_purge, soft_purge, []}]},
   {"2.0.7", [{load_module, ssh_sftp, soft_purge, soft_purge, []}]},
   {"2.0.6", [{load_module, ssh_userreg, soft_purge, soft_purge, []},
              {load_module, ssh_sftp, soft_purge, soft_purge, []}]},
@@ -27,6 +29,8 @@
              {load_module, ssh_connection_handler, soft_purge, soft_purge, [ssh_userreg]}]}
  ],
  [
+  {"2.0.8", [{load_module, ssh_sftpd_file_api, soft_purge, soft_purge, []},
+             {load_module, ssh_channel, soft_purge, soft_purge, []}]},	
   {"2.0.7", [{load_module, ssh_sftp, soft_purge, soft_purge, []}]},
   {"2.0.6", [{load_module, ssh_userreg, soft_purge, soft_purge, []},
              {load_module, ssh_sftp, soft_purge, soft_purge, []}]},
diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl
index 3f0a06575c..3f0a06575c 100755..100644
--- a/lib/ssh/src/ssh_bits.erl
+++ b/lib/ssh/src/ssh_bits.erl
diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl
index dcb2d69290..7b600ed8b2 100644
--- a/lib/ssh/src/ssh_channel.erl
+++ b/lib/ssh/src/ssh_channel.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,10 +23,23 @@
 
 -include("ssh_connect.hrl").
 
+%%% Optional callbacks handle_call/3, handle_cast/2, handle_msg/2,
+%%% code_change/3
+%% Should be further specified later
+-callback init(Options::list()) ->
+    {ok, State::term()} | {ok, State::term(), Timeout::timeout()} | 
+    {stop, Reason ::term()}. 
+
+-callback terminate(term(), term()) -> term().
+
+-callback handle_ssh_msg({ssh_cm, ConnectionRef::term(), SshMsg::term()}, 
+ 			 State::term()) -> {ok, State::term()} | 
+ 					   {stop, ChannelId::integer(), 
+ 					    State::term()}.
 -behaviour(gen_server).
 
 %%% API
--export([behaviour_info/1, start/4, start/5, start_link/4, start_link/5, call/2, call/3,
+-export([start/4, start/5, start_link/4, start_link/5, call/2, call/3,
 	 cast/2, reply/2, enter_loop/1]).
 
 %% gen_server callbacks
@@ -50,17 +63,6 @@
 %% API
 %%====================================================================
 
-%%% Optionel callbacks handle_call/3, handle_cast/2, handle_msg/2,
-%%% code_change/3
-behaviour_info(callbacks) ->
-    [
-     {init, 1}, 
-     {terminate, 2}, 
-     {handle_ssh_msg, 2},
-     {handle_msg, 2}
-     ].
-
-
 call(ChannelPid, Msg) ->
     call(ChannelPid, Msg, infinity).
 
diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl
index 34d4ff8fc1..e06c9ea211 100755..100644
--- a/lib/ssh/src/ssh_connect.hrl
+++ b/lib/ssh/src/ssh_connect.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_dsa.erl b/lib/ssh/src/ssh_dsa.erl
index 1b9a396f0c..cb2632beac 100755..100644
--- a/lib/ssh/src/ssh_dsa.erl
+++ b/lib/ssh/src/ssh_dsa.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl
index 12180f56bb..12180f56bb 100755..100644
--- a/lib/ssh/src/ssh_file.erl
+++ b/lib/ssh/src/ssh_file.erl
diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl
index 915fd63e4f..1dbd097423 100755..100644
--- a/lib/ssh/src/ssh_io.erl
+++ b/lib/ssh/src/ssh_io.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_math.erl b/lib/ssh/src/ssh_math.erl
index 510eb16aa6..4aa385b18d 100755..100644
--- a/lib/ssh/src/ssh_math.erl
+++ b/lib/ssh/src/ssh_math.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_rsa.erl b/lib/ssh/src/ssh_rsa.erl
index 91b8285b2e..77c411b09f 100755..100644
--- a/lib/ssh/src/ssh_rsa.erl
+++ b/lib/ssh/src/ssh_rsa.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl
index f000558100..f000558100 100755..100644
--- a/lib/ssh/src/ssh_sftp.erl
+++ b/lib/ssh/src/ssh_sftp.erl
diff --git a/lib/ssh/src/ssh_sftpd_file_api.erl b/lib/ssh/src/ssh_sftpd_file_api.erl
index 176aa98194..38371f809d 100644
--- a/lib/ssh/src/ssh_sftpd_file_api.erl
+++ b/lib/ssh/src/ssh_sftpd_file_api.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,27 +21,41 @@
 
 -module(ssh_sftpd_file_api).
 
--export([behaviour_info/1]).
+%% To be further specified later
+-callback close(IoDevice::term(), State::term()) -> 
+    ok | {error, Reason::term()}.
+-callback delete(Path::term(), State::term()) ->
+     ok | {error, Reason::term()}.
+-callback del_dir(Path::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback get_cwd(State::term()) ->
+    {ok, Dir::term()} | {error, Reason::term()}.
+-callback is_dir(AbsPath::term(), State::term()) ->
+    boolean().
+-callback list_dir(AbsPath::term(), State::term()) ->
+    {ok, Filenames::term()} | {error, Reason::term()}.
+-callback make_dir(Dir::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback make_symlink(Path2::term(), Path::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback open(Path::term(), Flags::term(), State::term()) ->
+    {ok, IoDevice::term()} | {error, Reason::term()}.
+-callback position(IoDevice::term(), Offs::term(), State::term()) ->
+    {ok, NewPosition::term()} | {error, Reason::term()}.
+-callback read(IoDevice::term(), Len::term(), State::term()) ->
+    {ok, Data::term()} | eof | {error, Reason::term()}.
+-callback read_link(Path::term(), State::term()) ->
+    {ok, FileName::term()} | {error, Reason::term()}.
+-callback read_link_info(Path::term(), State::term()) ->
+    {ok, FileInfo::term()} | {error, Reason::term()}.
+-callback read_file_info(Path::term(), State::term()) ->
+    {ok, FileInfo::term()} | {error, Reason::term()}.
+-callback rename(Path::term(), Path2::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback write(IoDevice::term(), Data::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback write_file_info(Path::term(),Info::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+
+
 
-behaviour_info(callbacks) ->
-    [
-     {close, 2}, 
-     {delete, 2}, 
-     {del_dir, 2}, 
-     {get_cwd, 1}, 
-     {is_dir, 2}, 
-     {list_dir, 2}, 
-     {make_dir, 2}, 
-     {make_symlink, 3}, 
-     {open, 3}, 
-     {position, 3}, 
-     {read, 3},
-     {read_file_info, 2}, 
-     {read_link, 2}, 
-     {read_link_info, 2}, 
-     {rename, 3},
-     {write, 3}, 
-     {write_file_info, 3}
-    ];
-behaviour_info(_) ->
-    undefined.
diff --git a/lib/ssh/src/ssh_userauth.hrl b/lib/ssh/src/ssh_userauth.hrl
index 8eb2d46ed1..7c38719d92 100755..100644
--- a/lib/ssh/src/ssh_userauth.hrl
+++ b/lib/ssh/src/ssh_userauth.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_xfer.hrl b/lib/ssh/src/ssh_xfer.hrl
index 4a4f1a4291..c13950eb6e 100755..100644
--- a/lib/ssh/src/ssh_xfer.hrl
+++ b/lib/ssh/src/ssh_xfer.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl
index 5ea0d98980..73b60057cc 100644
--- a/lib/ssh/test/ssh_basic_SUITE.erl
+++ b/lib/ssh/test/ssh_basic_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,9 +41,20 @@
 init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
-	    Dir = ?config(priv_dir, Config),
-	    {ok, _} =  ssh_test_lib:get_id_keys(Dir),
-	    ssh_test_lib:make_dsa_files(Config),
+	    DataDir = ?config(data_dir, Config),
+	    UserDir = ?config(priv_dir, Config),
+	    ssh_test_lib:copyfile(DataDir, UserDir, "id_rsa"), 
+	    ssh_test_lib:copyfile(DataDir, UserDir, "id_dsa"),
+	    RSAFile = filename:join(DataDir, "id_rsa.pub"),
+	    DSAFile = filename:join(DataDir, "id_dsa.pub"),
+	    {ok, Ssh1} = file:read_file(RSAFile),
+	    {ok, Ssh2} = file:read_file(DSAFile),
+	    [{RSA, _}] = public_key:ssh_decode(Ssh1,public_key), 
+	    [{DSA, _}] = public_key:ssh_decode(Ssh2,public_key), 
+	    AuthKeys = public_key:ssh_encode([{RSA, [{comment, "Test"}]}, 
+					      {DSA,[{comment, "Test"}]}], auth_keys),
+	    AuthKeysFile = filename:join(UserDir, "authorized_keys"),
+	    file:write_file(AuthKeysFile, AuthKeys),
 	    Config;
 	_Else ->
 	    {skip, "Crypto could not be started!"}
@@ -56,9 +67,7 @@ init_per_suite(Config) ->
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
 end_per_suite(Config) ->
-    Dir = ?config(priv_dir, Config),
     crypto:stop(),
-    ssh_test_lib:remove_id_keys(Dir),
     ok.
 
 %%--------------------------------------------------------------------
@@ -75,7 +84,6 @@ end_per_suite(Config) ->
 %% Description: Initialization before each test case
 %%--------------------------------------------------------------------
 init_per_testcase(_TestCase, Config) ->
-    ssh_test_lib:known_hosts(backup),
     ssh:start(),
     Config.
 
@@ -87,9 +95,16 @@ init_per_testcase(_TestCase, Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after each test case
 %%--------------------------------------------------------------------
-end_per_testcase(_TestCase, _Config) ->
+
+end_per_testcase(TestCase, Config) when TestCase == server_password_option;
+					TestCase == server_userpassword_option ->
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey),
+    file:del_dir(UserDir),
+    end_per_testcase(Config);
+end_per_testcase(_TestCase, Config) ->
+    end_per_testcase(Config).
+end_per_testcase(Config) ->    
     ssh:stop(),
-    ssh_test_lib:known_hosts(restore),
     ok.
 
 %%--------------------------------------------------------------------
@@ -101,9 +116,8 @@ end_per_testcase(_TestCase, _Config) ->
 %% Description: Returns a list of all test cases in this test suite
 %%--------------------------------------------------------------------
 all() -> 
-    [exec, exec_compressed, shell, daemon_already_started,
-     server_password_option, server_userpassword_option,
-     known_hosts].
+    [exec, exec_compressed, shell, daemon_already_started, 
+     server_password_option, server_userpassword_option, known_hosts].
 
 groups() -> 
     [].
@@ -136,10 +150,14 @@ exec(suite) ->
 exec(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     SystemDir = ?config(data_dir, Config),
+    UserDir = ?config(priv_dir, Config),
+    
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					     {user_dir, UserDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
     ConnectionRef =
 	ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+					  {user_dir, UserDir},
 					  {user_interaction, false}]),
     {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity),
     success = ssh_connection:exec(ConnectionRef, ChannelId0,
@@ -178,12 +196,15 @@ exec_compressed(suite) ->
 exec_compressed(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     SystemDir = ?config(data_dir, Config),
-    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    UserDir = ?config(priv_dir, Config),
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir},
 					     {compression, zlib},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
     
     ConnectionRef =
 	ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+					  {user_dir, UserDir},
 					  {user_interaction, false}]),
     {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity),
     success = ssh_connection:exec(ConnectionRef, ChannelId,
@@ -209,12 +230,14 @@ shell(suite) ->
 shell(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     SystemDir = ?config(data_dir, Config),
-    {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    UserDir = ?config(priv_dir, Config),
+
+    {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir},
 					       {failfun, fun ssh_test_lib:failfun/2}]),
     test_server:sleep(500),
 
     IO = ssh_test_lib:start_io_server(),
-    Shell = ssh_test_lib:start_shell(Port, IO),
+    Shell = ssh_test_lib:start_shell(Port, IO, UserDir),
     receive
 	ErlShellStart ->
 	    test_server:format("Erlang shell start: ~p~n", [ErlShellStart])
@@ -291,8 +314,9 @@ server_password_option(doc) ->
 server_password_option(suite) ->
     [];
 server_password_option(Config) when is_list(Config) ->
-    UserDir = ?config(data_dir, Config), % to make sure we don't use
-    SysDir = ?config(data_dir, Config),	 % public-key-auth
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = ?config(data_dir, Config),	 
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
 					     {password, "morot"}]),
 
@@ -321,8 +345,9 @@ server_userpassword_option(doc) ->
 server_userpassword_option(suite) ->
     [];
 server_userpassword_option(Config) when is_list(Config) ->
-    UserDir = ?config(data_dir, Config),  % to make sure we don't use
-    SysDir = ?config(data_dir, Config),	  % public-key-auth
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = ?config(data_dir, Config),	  
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
 					     {user_passwords, [{"vego", "morot"}]}]),
 
@@ -361,10 +386,10 @@ known_hosts(doc) ->
 known_hosts(suite) ->
     [];
 known_hosts(Config) when is_list(Config) ->
-    SystemDir = ?config(data_dir, Config),
+    DataDir = ?config(data_dir, Config),
     UserDir = ?config(priv_dir, Config),
-
-    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    
+    {Pid, Host, Port} = ssh_test_lib:daemon([{user_dir, UserDir},{system_dir, DataDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
 
     KnownHosts = filename:join(UserDir, "known_hosts"),
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_dsa b/lib/ssh/test/ssh_basic_SUITE_data/id_dsa
new file mode 100644
index 0000000000..d306f8b26e
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/id_dsa
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ
+APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod
+/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP
+kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW
+JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD
+OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt
++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e
+uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX
+Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE
+ZU8w8Q+H7z0j+a+70x2iAw==
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_dsa.pub b/lib/ssh/test/ssh_basic_SUITE_data/id_dsa.pub
new file mode 100644
index 0000000000..9406116777
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/id_dsa.pub
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAN+LZ+VJNlmh/BPjJBPQ2KRf8sY1PtQ94H9cRZ7/Gi8RgISV9pAA8WLFe8SBfCiiOZnmSJBErMszf3AE/SM8REtudld844PQ8OfDSFoyHt0PtcpUyh38SKBWAd/+oF0zYzzLPWz+tEXufVSktLKnOIqOTMKbsmhJDbNtYg92YEhfAAAAFQDID5Ka+0qtzu7B3W/A+tNQ0Y6BMQAAAIAw5DEN8HYV3yi7Pob3p/9Q7NEwj8p2/yRhgpYkgZj6lFiss/JjNR4nOfBmt44mCtzMBf6W4ecoVYnYOeTkLJ5eTrtayvukn/gwEwM4p4hLRLyqhIE3z4qunv1+AD7JLch+puQku0u7gQFoJfiYpAhfj76Tjh3hTmVzym372GUQjwAAAIEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+euEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AXCy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34= Dsa
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_rsa b/lib/ssh/test/ssh_basic_SUITE_data/id_rsa
new file mode 100644
index 0000000000..79968bdd7d
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/id_rsa
@@ -0,0 +1,16 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337
+zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB
+6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB
+AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW
+NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++
+udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW
+WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt
+n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5
+sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY
++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt
+64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB
+m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT
+tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR
+-----END RSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_rsa.pub b/lib/ssh/test/ssh_basic_SUITE_data/id_rsa.pub
new file mode 100644
index 0000000000..95bce6bc61
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== ingela@dain
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..d306f8b26e
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ
+APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod
+/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP
+kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW
+JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD
+OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt
++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e
+uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX
+Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE
+ZU8w8Q+H7z0j+a+70x2iAw==
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key
new file mode 100644
index 0000000000..79968bdd7d
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key
@@ -0,0 +1,16 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337
+zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB
+6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB
+AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW
+NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++
+udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW
+WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt
+n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5
+sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY
++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt
+64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB
+m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT
+tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR
+-----END RSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl
index c96b6de3ea..a9a568ced6 100644
--- a/lib/ssh/test/ssh_sftp_SUITE.erl
+++ b/lib/ssh/test/ssh_sftp_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -50,7 +50,6 @@ init_per_suite(Config) ->
 	{ok,ok} ->
 	    Dir = ?config(priv_dir, Config),
 	    {ok, _} = ssh_test_lib:get_id_keys(Dir),
-	    ssh_test_lib:make_dsa_files(Config),
 	    Config;
 	{ok,_} ->
 	    {skip,"Could not start ssh!"};
@@ -94,13 +93,14 @@ init_per_testcase(_Case, Config) ->
     SysDir =  ?config(data_dir, Config),
     Host = ssh_test_lib:hostname(),
 
+    %% Run test against openssh server if available
     Sftp = case (catch ssh_sftp:start_channel(Host,
 					      [{user_dir, Dir},
 					       {user_interaction, false},
 					       {silently_accept_hosts, true}])) of
 	       {ok, ChannelPid, Connection} ->
 		   {ChannelPid, Connection};
-	       _Error ->
+	       _Error -> %% Start own sftp server
 		   {_Sftpd, _Host, _Port} = 
 		       ssh_test_lib:daemon(Host, ?SFPD_PORT,
 					   [{system_dir, SysDir},
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa b/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa
deleted file mode 100644
index 7e3f885f5d..0000000000
--- a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDLKYTdRnGzphcN+pF8UuI3sYB7rxZUHbOT87K3vh8XOLkDOsS3
-8VREtNS8Wb3uYXsRtyDoUvrLIDnyllOfJSDupWLr4ibckUZd/nhFAaC6WryVmH6k
-GlQLLp9KU+vcn2DwYeo14gbwHYDB3pmv4CWAlnO1m/BkX4aLz1zC314OkQIBIwKB
-gD/Z2UzboBPjvhpWEHeHw3CW3zzQoJ4X9pw2peH57IOkHOPCA0/A3/hWFvleCH4e
-owWRU3w3ViKVGYbBh/7RJ5rllN+ENUmVn536srJTxLKUtvb5jRGj3W6EWgAGHSUB
-hm83Kt9Lb5hprL7dPrNGvSseBm/LQSfBQ4vUUyiVRKGPAkEA/rPxWoLdBBP+FZtE
-fGzz9izPM6Fe6o8ZGNZIlRBProOhgEvvIqdgzQWObgLVVrw+M/YApPpiYS3PEmWj
-b2b+jwJBAMwyYeL6coKTl8swDu8HvLnshgUFJFTtHhOTXsKtXQNI1b24xhUrB3Sb
-X8fmoByyRNRpOfvg4Jdqi3Z6KfIcsN8CQQDEfC83McBw3DkJWoVKCugVrYnmACSm
-USH9N5cT6AL0VupNB2C0VTwL37cEaJXyc/V4ipLIaWHV8CNl9qKmZWVJAkEAurG4
-lQI8zyfbPW3EgsU+1d+QeZ5NGnJkpC73jWtNudwxIn0M4CdXRgpmMxwAGjyWs5No
-Nr75OfsDKn5SPHIAywJAKrtONlOizgDiG3EvAXZlwFtOb+HkQ7lrFwczrQu9m7yi
-brSAcnTrLKI6CrR33b/QJLvb9C/HTEZojFABGq8M7A==
------END RSA PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub b/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub
deleted file mode 100644
index 77f57de4af..0000000000
--- a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyymE3UZxs6YXDfqRfFLiN7GAe68WVB2zk/Oyt74fFzi5AzrEt/FURLTUvFm97mF7Ebcg6FL6yyA58pZTnyUg7qVi6+Im3JFGXf54RQGgulq8lZh+pBpUCy6fSlPr3J9g8GHqNeIG8B2Awd6Zr+AlgJZztZvwZF+Gi89cwt9eDpE= jakob@balin
diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl
index bfe54a3e75..0873348be0 100644
--- a/lib/ssh/test/ssh_sftpd_SUITE.erl
+++ b/lib/ssh/test/ssh_sftpd_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -53,16 +53,15 @@
 %% variable, but should NOT alter/remove any existing entries.
 %%--------------------------------------------------------------------
 init_per_suite(Config) ->
-    case {catch ssh:stop(),catch crypto:start()} of
-	{ok,ok} ->
-	    ssh_test_lib:make_dsa_files(Config),
+    case (catch crypto:start()) of
+	ok ->
+	    ssh:start(),
+	    DataDir = ?config(data_dir, Config),
+	    UserDir = ?config(priv_dir, Config),
+	    ssh_test_lib:setup_dsa(UserDir, DataDir),
 	    Config;
-	{ok,_} ->
-	    {skip,"Could not start ssh!"};
-	{_,ok} ->
-	    {skip,"Could not start crypto!"};
-	{_,_} ->
-	    {skip,"Could not start crypto and ssh!"}
+	_ ->
+	    {skip,"Could not start ssh!"}
     end.
 
 %%--------------------------------------------------------------------
@@ -71,7 +70,10 @@ init_per_suite(Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
-end_per_suite(_Config) ->
+end_per_suite(Config) ->
+    UserDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(UserDir),
+    ssh:stop(),
     crypto:stop(),
     ok.
 
diff --git a/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
index 2209af05d5..c63ad7de73 100644
--- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -48,13 +48,14 @@ init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
 	    DataDir = ?config(data_dir, Config),
+	    UserDir = ?config(priv_dir, Config),
 	    FileAlt = filename:join(DataDir, "ssh_sftpd_file_alt.erl"),
 	    c:c(FileAlt),
 	    FileName = filename:join(DataDir, "test.txt"),
 	    {ok, FileInfo} = file:read_file_info(FileName),
 	    ok = file:write_file_info(FileName,
 				      FileInfo#file_info{mode = 8#400}),
-	    ssh_test_lib:make_dsa_files(Config),
+	    ssh_test_lib:setup_dsa(DataDir, UserDir),
 	    Config;
 	_Else ->
 	    {skip,"Could not start ssh!"}
@@ -66,7 +67,9 @@ init_per_suite(Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
-end_per_suite(_Config) ->
+end_per_suite(Config) ->
+    UserDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(UserDir),
     crypto:stop(),
     ok.
 
@@ -85,7 +88,7 @@ end_per_suite(_Config) ->
 %%--------------------------------------------------------------------
 init_per_testcase(TestCase, Config) ->
     ssh:start(),
-    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
 
     Options =
 	case atom_to_list(TestCase) of
@@ -95,8 +98,7 @@ init_per_testcase(TestCase, Config) ->
 					       ssh_sftpd_file_alt}]),
 		[{user_passwords,[{?USER, ?PASSWD}]},
 		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		 {system_dir, PrivDir},
 		 {subsystems, [Spec]}];
 	    "root_dir" ->
 		Privdir = ?config(priv_dir, Config),
@@ -105,23 +107,20 @@ init_per_testcase(TestCase, Config) ->
 		Spec = ssh_sftpd:subsystem_spec([{root,Root}]),
 		[{user_passwords,[{?USER, ?PASSWD}]},
 		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		 {system_dir, PrivDir},
 		 {subsystems, [Spec]}];
 	    "list_dir_limited" ->
 		Spec =
 		    ssh_sftpd:subsystem_spec([{max_files,1}]),
 		[{user_passwords,[{?USER, ?PASSWD}]},
 		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		 {system_dir, PrivDir},
 		 {subsystems, [Spec]}];
 
 	    _ ->
 		[{user_passwords,[{?USER, ?PASSWD}]},
 		 {pwdfun, fun(_,_) -> true end},
-		 {user_dir, DataDir},
-		 {system_dir, DataDir}]
+		 {system_dir, PrivDir}]
 	end,
 
     {Sftpd, Host, _Port} = ssh_test_lib:daemon(any, ?SSHD_PORT, Options),
@@ -131,8 +130,7 @@ init_per_testcase(TestCase, Config) ->
 			       [{silently_accept_hosts, true},
 				{user, ?USER}, {password, ?PASSWD}, 
 				{pwdfun, fun(_,_) -> true end},
-				{system_dir, DataDir},
-				{user_dir, DataDir},
+				{user_dir, PrivDir},
 				{timeout, 30000}]),
     TmpConfig = lists:keydelete(sftp, 1, Config),
     NewConfig = lists:keydelete(sftpd, 1, TmpConfig),
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl
index 425fae22c1..f4e95f9bfb 100644
--- a/lib/ssh/test/ssh_test_lib.erl
+++ b/lib/ssh/test/ssh_test_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -68,15 +68,11 @@ daemon(Host, Port, Options) ->
 	    Error
     end.
 
+start_shell(Port, IOServer, UserDir) ->
+    spawn_link(?MODULE, init_shell, [Port, IOServer, [{user_dir, UserDir}]]).
 
-
-
-start_shell(Port, IOServer) ->
-    spawn_link(?MODULE, init_shell, [Port, IOServer]).
-
-init_shell(Port, IOServer) ->
+init_shell(Port, IOServer, UserDir) ->
     Host = hostname(),
-    UserDir = get_user_dir(),
     Options = [{user_interaction, false}, {silently_accept_hosts,
 					   true}] ++ UserDir,
     group_leader(IOServer, self()),
@@ -139,12 +135,18 @@ reply(TestCase, Result) ->
 receive_exec_result(Msg) ->
     test_server:format("Expect data! ~p", [Msg]),
     receive
+	{ssh_cm,_,{data,_,1, Data}} ->
+	    test_server:format("StdErr: ~p~n", [Data]),
+	    receive_exec_result(Msg);
 	Msg ->
 	    test_server:format("1: Collected data ~p", [Msg]),
 	    expected;
 	Other ->
+	    test_server:format("Other ~p", [Other]),
 	    {unexpected_msg, Other}
     end.
+
+
 receive_exec_end(ConnectionRef, ChannelId) ->
     Eof = {ssh_cm, ConnectionRef, {eof, ChannelId}},
     ExitStatus = {ssh_cm, ConnectionRef, {exit_status, ChannelId, 0}},
@@ -198,9 +200,16 @@ remove_id_keys(Dir) ->
     file:delete(filename:join(Dir, "id_rsa")),
     file:delete(filename:join(Dir, "id_dsa")).
 
-copyfile(SrcDir, DstDir, Fn) ->
-    file:copy(filename:join(SrcDir, Fn),
-	      filename:join(DstDir, Fn)).
+copyfile(SrcDir, DstDir, FileName) ->
+    Dest = filename:join(DstDir, FileName),
+    Result = file:copy(filename:join(SrcDir, FileName), Dest),
+    {ok, Pem} = file:read_file(Dest),
+    case public_key:pem_decode(Pem) of
+	[{_,_, not_encrypted}] ->
+	    Result;
+	_ ->
+	   {error, "Has pass phrase can not be used by automated test case"} 
+    end.
 
 failfun(_User, {authmethod,none}) ->
     ok;
@@ -222,39 +231,11 @@ known_hosts(BR) ->
 	    file:rename(B, KnownHosts)
     end.
 
-
-get_user_dir() ->
-    case os:type() of
-	{win32, _} ->
-	    [{user_dir, filename:join([os:getenv("HOME"), ".ssh"])}];
-	_ ->
-	    []
-    end.
-
-
-make_dsa_cert_files(Config) ->    
-    make_dsa_cert_files("", Config).
-
-make_dsa_cert_files(RoleStr, Config) ->    
-    
-    CaInfo = {CaCert, _} = make_cert([{key, dsa}]),
-    {Cert, CertKey} = make_cert([{key, dsa}, {issuer, CaInfo}]),
-    CaCertFile = filename:join([?config(data_dir, Config), 
- 				RoleStr, "dsa_cacerts.pem"]),
-    CertFile = filename:join([?config(data_dir, Config), 
- 			      RoleStr, "dsa_cert.pem"]),
-    KeyFile = filename:join([?config(data_dir, Config), 
-			     RoleStr, "dsa_key.pem"]),
-    
-    der_to_pem(CaCertFile, [{'Certificate', CaCert, not_encrypted}]),
-    der_to_pem(CertFile, [{'Certificate', Cert, not_encrypted}]),
-    der_to_pem(KeyFile, [CertKey]),
-    {CaCertFile, CertFile, KeyFile}.
-
-make_dsa_files(Config) ->
-    make_dsa_files(Config, rfc4716_public_key).
-make_dsa_files(Config, Type) ->
-    {DSA, EncodedKey} = ssh_test_lib:gen_dsa(128, 20),
+setup_dsa(DataDir, UserDir) ->
+    ssh_test_lib:copyfile(DataDir, UserDir, "ssh_host_dsa_key"),
+    ssh_test_lib:copyfile(DataDir, UserDir, "ssh_host_dsa_key.pub"),
+    {ok, Pem} = file:read_file(filename:join(UserDir, "ssh_host_dsa_key")),
+    DSA = public_key:pem_entry_decode(hd(public_key:pem_decode(Pem))),
     PKey = DSA#'DSAPrivateKey'.y,
     P = DSA#'DSAPrivateKey'.p,
     Q = DSA#'DSAPrivateKey'.q,
@@ -263,422 +244,13 @@ make_dsa_files(Config, Type) ->
     {ok, Hostname} = inet:gethostname(),
     {ok, {A, B, C, D}} = inet:getaddr(Hostname, inet),
     IP = lists:concat([A, ".", B, ".", C, ".", D]),
-    Attributes = [], % Could be [{comment,"user@" ++ Hostname}],
     HostNames = [{hostnames,[IP, IP]}],
-    PublicKey = [{{PKey, Dss}, Attributes}],
     KnownHosts = [{{PKey, Dss}, HostNames}],
-
     KnownHostsEnc = public_key:ssh_encode(KnownHosts, known_hosts),
-    KnownHosts = public_key:ssh_decode(KnownHostsEnc, known_hosts),
-
-    PublicKeyEnc = public_key:ssh_encode(PublicKey, Type),
-%    PublicKey = public_key:ssh_decode(PublicKeyEnc, Type),
-
-    SystemTmpDir = ?config(data_dir, Config),
-    filelib:ensure_dir(SystemTmpDir),
-    file:make_dir(SystemTmpDir),
-    
-    DSAFile = filename:join(SystemTmpDir, "ssh_host_dsa_key.pub"),
-    file:delete(DSAFile),
-    
-    DSAPrivateFile  = filename:join(SystemTmpDir, "ssh_host_dsa_key"),
-    file:delete(DSAPrivateFile),
-
-    KHFile = filename:join(SystemTmpDir, "known_hosts"),
-    file:delete(KHFile),
-    
-    PemBin = public_key:pem_encode([EncodedKey]),
-
-    file:write_file(DSAFile, PublicKeyEnc),
-    file:write_file(KHFile, KnownHostsEnc),
-    file:write_file(DSAPrivateFile, PemBin),
-    ok.
-
-%%--------------------------------------------------------------------
-%% Create and return a der encoded certificate
-%%   Option                                         Default
-%%   -------------------------------------------------------
-%%   digest                                         sha1
-%%   validity                                       {date(), date() + week()}
-%%   version                                        3
-%%   subject                                        [] list of the following content
-%%      {name,  Name}
-%%      {email, Email} 
-%%      {city,  City}
-%%      {state, State}
-%%      {org, Org}
-%%      {org_unit, OrgUnit}
-%%      {country, Country} 
-%%      {serial, Serial}
-%%      {title, Title}
-%%      {dnQualifer, DnQ}
-%%   issuer = {Issuer, IssuerKey}                   true (i.e. a ca cert is created) 
-%%                                                  (obs IssuerKey migth be {Key, Password}
-%%   key = KeyFile|KeyBin|rsa|dsa                   Subject PublicKey rsa or dsa generates key
-%%   
-%%
-%%   (OBS: The generated keys are for testing only)
-%% make_cert([{::atom(), ::term()}]) -> {Cert::binary(), Key::binary()}
-%%--------------------------------------------------------------------
-make_cert(Opts) ->
-    SubjectPrivateKey = get_key(Opts),
-    {TBSCert, IssuerKey} = make_tbs(SubjectPrivateKey, Opts),
-    Cert = public_key:pkix_sign(TBSCert, IssuerKey),
-    true = verify_signature(Cert, IssuerKey, undef), %% verify that the keys where ok
-    {Cert, encode_key(SubjectPrivateKey)}.
-
-%%--------------------------------------------------------------------
-%% Writes cert files in Dir with FileName and FileName ++ Suffix
-%% write_cert(::string(), ::string(), {Cert,Key}) -> ok
-%%--------------------------------------------------------------------
-write_cert(Dir, FileName, Suffix, {Cert, Key = {_,_,not_encrypted}}) when is_binary(Cert) ->
-    ok = der_to_pem(filename:join(Dir, FileName),
-			       [{'Certificate', Cert, not_encrypted}]),
-    ok = der_to_pem(filename:join(Dir, FileName ++ Suffix), [Key]).
-
-%%--------------------------------------------------------------------
-%% Creates a rsa key (OBS: for testing only)
-%%   the size are in bytes
-%% gen_rsa(::integer()) -> {::atom(), ::binary(), ::opaque()}
-%%--------------------------------------------------------------------
-gen_rsa(Size) when is_integer(Size) ->
-    Key = gen_rsa2(Size),
-    {Key, encode_key(Key)}.
-
-%%--------------------------------------------------------------------
-%% Creates a dsa key (OBS: for testing only)
-%%   the sizes are in bytes
-%% gen_dsa(::integer()) -> {::atom(), ::binary(), ::opaque()}
-%%--------------------------------------------------------------------
-gen_dsa(LSize,NSize) when is_integer(LSize), is_integer(NSize) ->
-    Key = gen_dsa2(LSize, NSize),
-    {Key, encode_key(Key)}.
-
-%%--------------------------------------------------------------------
-%% Verifies cert signatures
-%% verify_signature(::binary(), ::tuple()) -> ::boolean()
-%%--------------------------------------------------------------------
-verify_signature(DerEncodedCert, DerKey, _KeyParams) ->
-    Key = decode_key(DerKey),
-    case Key of 
-	#'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} ->
-	    public_key:pkix_verify(DerEncodedCert, 
-				   #'RSAPublicKey'{modulus=Mod, publicExponent=Exp});
-	#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y} ->
-	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}})
-    end.
-
-%%%%%%%%%%%%%%%%%%%%%%%%% Implementation %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-get_key(Opts) ->
-    case proplists:get_value(key, Opts) of
-	undefined -> make_key(rsa, Opts);
-	rsa ->       make_key(rsa, Opts);
-	dsa ->       make_key(dsa, Opts);
-	Key ->
-	    Password = proplists:get_value(password, Opts, no_passwd),
-	    decode_key(Key, Password)
-    end.
-
-decode_key({Key, Pw}) ->
-    decode_key(Key, Pw);
-decode_key(Key) ->
-    decode_key(Key, no_passwd).
-    
-
-decode_key(#'RSAPublicKey'{} = Key,_) ->
-    Key;
-decode_key(#'RSAPrivateKey'{} = Key,_) ->
-    Key;
-decode_key(#'DSAPrivateKey'{} = Key,_) ->
-    Key;
-decode_key(PemEntry = {_,_,_}, Pw) ->
-    public_key:pem_entry_decode(PemEntry, Pw);
-decode_key(PemBin, Pw) ->
-    [KeyInfo] = public_key:pem_decode(PemBin),
-    decode_key(KeyInfo, Pw).
-
-encode_key(Key = #'RSAPrivateKey'{}) ->
-    {ok, Der} = 'OTP-PUB-KEY':encode('RSAPrivateKey', Key),
-    {'RSAPrivateKey', list_to_binary(Der), not_encrypted};   
-encode_key(Key = #'DSAPrivateKey'{}) ->
-    {ok, Der} = 'OTP-PUB-KEY':encode('DSAPrivateKey', Key),
-    {'DSAPrivateKey', list_to_binary(Der), not_encrypted}.
-
-make_tbs(SubjectKey, Opts) ->    
-    Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
-
-    IssuerProp = proplists:get_value(issuer, Opts, true),
-    {Issuer, IssuerKey}  = issuer(IssuerProp, Opts, SubjectKey),
-
-    {Algo, Parameters} = sign_algorithm(IssuerKey, Opts),
-    
-    SignAlgo = #'SignatureAlgorithm'{algorithm  = Algo,
-				     parameters = Parameters},    
-    Subject = case IssuerProp of
-		  true -> %% Is a Root Ca
-		      Issuer;
-		  _ ->
-		      subject(proplists:get_value(subject, Opts),false)
-	      end,
-
-    {#'OTPTBSCertificate'{serialNumber = trunc(random:uniform()*100000000)*10000 + 1,
-			  signature    = SignAlgo,
-			  issuer       = Issuer,
-			  validity     = validity(Opts),
-			  subject      = Subject,
-			  subjectPublicKeyInfo = publickey(SubjectKey),
-			  version      = Version,
-			  extensions   = extensions(Opts)
-			 }, IssuerKey}.
-
-issuer(true, Opts, SubjectKey) ->
-    %% Self signed
-    {subject(proplists:get_value(subject, Opts), true), SubjectKey};
-issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
-    {issuer_der(Issuer), decode_key(IssuerKey)};
-issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
-    {issuer_der(Cert), decode_key(IssuerKey)}.
-
-issuer_der(Issuer) ->
-    Decoded = public_key:pkix_decode_cert(Issuer, otp),
-    #'OTPCertificate'{tbsCertificate=Tbs} = Decoded,
-    #'OTPTBSCertificate'{subject=Subject} = Tbs,
-    Subject.
-
-subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
-    Opts = [{email, User ++ "@erlang.org"},
-	    {name, User},
-	    {city, "Stockholm"},
-	    {country, "SE"},
-	    {org, "erlang"},
-	    {org_unit, "testing dep"}],
-    subject(Opts);
-subject(Opts, _) ->
-    subject(Opts).
-
-subject(SubjectOpts) when is_list(SubjectOpts) ->
-    Encode = fun(Opt) ->
-		     {Type,Value} = subject_enc(Opt),
-		     [#'AttributeTypeAndValue'{type=Type, value=Value}]
-	     end,
-    {rdnSequence, [Encode(Opt) || Opt <- SubjectOpts]}.
-
-%% Fill in the blanks
-subject_enc({name,  Name}) ->       {?'id-at-commonName', {printableString, Name}};
-subject_enc({email, Email}) ->      {?'id-emailAddress', Email};
-subject_enc({city,  City}) ->       {?'id-at-localityName', {printableString, City}};
-subject_enc({state, State}) ->      {?'id-at-stateOrProvinceName', {printableString, State}};
-subject_enc({org, Org}) ->          {?'id-at-organizationName', {printableString, Org}};
-subject_enc({org_unit, OrgUnit}) -> {?'id-at-organizationalUnitName', {printableString, OrgUnit}};
-subject_enc({country, Country}) ->  {?'id-at-countryName', Country};
-subject_enc({serial, Serial}) ->    {?'id-at-serialNumber', Serial};
-subject_enc({title, Title}) ->      {?'id-at-title', {printableString, Title}};
-subject_enc({dnQualifer, DnQ}) ->   {?'id-at-dnQualifier', DnQ};
-subject_enc(Other) ->               Other.
-
-
-extensions(Opts) ->
-    case proplists:get_value(extensions, Opts, []) of
-	false -> 
-	    asn1_NOVALUE;
-	Exts  -> 
-	    lists:flatten([extension(Ext) || Ext <- default_extensions(Exts)])
-    end.
-
-default_extensions(Exts) ->
-    Def = [{key_usage,undefined}, 
-	   {subject_altname, undefined},
-	   {issuer_altname, undefined},
-	   {basic_constraints, default},
-	   {name_constraints, undefined},
-	   {policy_constraints, undefined},
-	   {ext_key_usage, undefined},
-	   {inhibit_any, undefined},
-	   {auth_key_id, undefined},
-	   {subject_key_id, undefined},
-	   {policy_mapping, undefined}],
-    Filter = fun({Key, _}, D) -> lists:keydelete(Key, 1, D) end,
-    Exts ++ lists:foldl(Filter, Def, Exts).
-       	
-extension({_, undefined}) -> [];
-extension({basic_constraints, Data}) ->
-    case Data of
-	default ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = #'BasicConstraints'{cA=true},
-			 critical=true};
-	false -> 
-	    [];
-	Len when is_integer(Len) ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = #'BasicConstraints'{cA=true, pathLenConstraint=Len},
-			 critical=true};
-	_ ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = Data}
-    end;
-extension({Id, Data, Critical}) ->
-    #'Extension'{extnID = Id, extnValue = Data, critical = Critical}.
-
-
-publickey(#'RSAPrivateKey'{modulus=N, publicExponent=E}) ->
-    Public = #'RSAPublicKey'{modulus=N, publicExponent=E},
-    Algo = #'PublicKeyAlgorithm'{algorithm= ?rsaEncryption, parameters='NULL'},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo,
-			       subjectPublicKey = Public};
-publickey(#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y}) ->
-    Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-dsa', 
-				 parameters={params, #'Dss-Parms'{p=P, q=Q, g=G}}},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y}.
-
-validity(Opts) ->
-    DefFrom0 = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())-1),
-    DefTo0   = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())+7),
-    {DefFrom, DefTo} = proplists:get_value(validity, Opts, {DefFrom0, DefTo0}),
-    Format = fun({Y,M,D}) -> lists:flatten(io_lib:format("~w~2..0w~2..0w000000Z",[Y,M,D])) end,
-    #'Validity'{notBefore={generalTime, Format(DefFrom)},
-		notAfter ={generalTime, Format(DefTo)}}.
-
-sign_algorithm(#'RSAPrivateKey'{}, Opts) ->
-    Type = case proplists:get_value(digest, Opts, sha1) of
-	       sha1 ->   ?'sha1WithRSAEncryption';
-	       sha512 -> ?'sha512WithRSAEncryption';
-	       sha384 -> ?'sha384WithRSAEncryption';
-	       sha256 -> ?'sha256WithRSAEncryption';
-	       md5    -> ?'md5WithRSAEncryption';
-	       md2    -> ?'md2WithRSAEncryption'
-	   end,
-    {Type, 'NULL'};
-sign_algorithm(#'DSAPrivateKey'{p=P, q=Q, g=G}, _Opts) ->
-    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}}.
-
-make_key(rsa, _Opts) ->
-    %% (OBS: for testing only)
-    gen_rsa2(64);
-make_key(dsa, _Opts) ->
-    gen_dsa2(128, 20).  %% Bytes i.e. {1024, 160} 
-    
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% RSA key generation  (OBS: for testing only)
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
--define(SMALL_PRIMES, [65537,97,89,83,79,73,71,67,61,59,53,
-		       47,43,41,37,31,29,23,19,17,13,11,7,5,3]).
-
-gen_rsa2(Size) ->
-    P = prime(Size),
-    Q = prime(Size),
-    N = P*Q,
-    Tot = (P - 1) * (Q - 1),
-    [E|_] = lists:dropwhile(fun(Candidate) -> (Tot rem Candidate) == 0 end, ?SMALL_PRIMES),
-    {D1,D2} = extended_gcd(E, Tot),
-    D = erlang:max(D1,D2),
-    case D < E of
-	true ->
-	    gen_rsa2(Size);
-	false ->
-	    {Co1,Co2} = extended_gcd(Q, P),
-	    Co = erlang:max(Co1,Co2),
-	    #'RSAPrivateKey'{version = 'two-prime',
-			     modulus = N,
-			     publicExponent  = E,
-			     privateExponent = D, 
-			     prime1 = P, 
-			     prime2 = Q, 
-			     exponent1 = D rem (P-1), 
-			     exponent2 = D rem (Q-1), 
-			     coefficient = Co
-			    }
-    end.
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% DSA key generation  (OBS: for testing only)
-%% See http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
-%% and the fips_186-3.pdf
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-gen_dsa2(LSize, NSize) ->
-    Q  = prime(NSize),  %% Choose N-bit prime Q
-    X0 = prime(LSize),
-    P0 = prime((LSize div 2) +1),
-    
-    %% Choose L-bit prime modulus P such that p-1 is a multiple of q.
-    case dsa_search(X0 div (2*Q*P0), P0, Q, 1000) of
-	error -> 
-	    gen_dsa2(LSize, NSize);
-	P ->	    
-	    G = crypto:mod_exp(2, (P-1) div Q, P), % Choose G a number whose multiplicative order modulo p is q.
-	    %%                 such that This may be done by setting g = h^(p-1)/q mod p, commonly h=2 is used.
-	    
-	    X = prime(20),               %% Choose x by some random method, where 0 < x < q.
-	    Y = crypto:mod_exp(G, X, P), %% Calculate y = g^x mod p.
-	    
-	    #'DSAPrivateKey'{version=0, p=P, q=Q, g=G, y=Y, x=X}
-    end.
-    
-%% See fips_186-3.pdf
-dsa_search(T, P0, Q, Iter) when Iter > 0 ->
-    P = 2*T*Q*P0 + 1,
-    case is_prime(crypto:mpint(P), 50) of
-	true -> P;
-	false -> dsa_search(T+1, P0, Q, Iter-1)
-    end;
-dsa_search(_,_,_,_) -> 
-    error.
-
-
-%%%%%%% Crypto Math %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-prime(ByteSize) ->
-    Rand = odd_rand(ByteSize),
-    crypto:erlint(prime_odd(Rand, 0)).
-
-prime_odd(Rand, N) ->
-    case is_prime(Rand, 50) of
-	true -> 
-	    Rand;
-	false -> 
-	    NotPrime = crypto:erlint(Rand),
-	    prime_odd(crypto:mpint(NotPrime+2), N+1)
-    end.
-
-%% see http://en.wikipedia.org/wiki/Fermat_primality_test
-is_prime(_, 0) -> true;
-is_prime(Candidate, Test) -> 
-    CoPrime = odd_rand(<<0,0,0,4, 10000:32>>, Candidate),
-    case crypto:mod_exp(CoPrime, Candidate, Candidate) of
-	CoPrime -> is_prime(Candidate, Test-1);
-	_       -> false
-    end.
-
-odd_rand(Size) ->
-    Min = 1 bsl (Size*8-1),
-    Max = (1 bsl (Size*8))-1,
-    odd_rand(crypto:mpint(Min), crypto:mpint(Max)).
-
-odd_rand(Min,Max) ->
-    Rand = <<Sz:32, _/binary>> = crypto:rand_uniform(Min,Max),
-    BitSkip = (Sz+4)*8-1,
-    case Rand of
-	Odd  = <<_:BitSkip,  1:1>> -> Odd;
-	Even = <<_:BitSkip,  0:1>> -> 
-	    crypto:mpint(crypto:erlint(Even)+1)
-    end.
-
-extended_gcd(A, B) ->
-    case A rem B of
-	0 ->
-	    {0, 1};
-	N ->
-	    {X, Y} = extended_gcd(B, N),
-	    {Y, X-Y*(A div B)}
-    end.
-
-pem_to_der(File) ->
-    {ok, PemBin} = file:read_file(File),
-    public_key:pem_decode(PemBin).
+    KHFile = filename:join(UserDir, "known_hosts"),
+    file:write_file(KHFile, KnownHostsEnc).
 
-der_to_pem(File, Entries) ->
-    PemBin = public_key:pem_encode(Entries),
-    file:write_file(File, PemBin).
+clean_dsa(UserDir) ->
+    file:delete(filename:join(UserDir,  "ssh_host_dsa_key")),
+    file:delete(filename:join(UserDir,  "ssh_host_dsa_key.pub")),
+    file:delete(filename:join(UserDir,  "known_hosts")).
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl
index f959d50484..53d04620c5 100644
--- a/lib/ssh/test/ssh_to_openssh_SUITE.erl
+++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -42,8 +42,12 @@
 init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
-	    ssh_test_lib:make_dsa_files(Config),
-	    Config;
+	    case gen_tcp:connect("localhost", 22, []) of
+		{error,econnrefused} ->
+		    {skip,"No openssh deamon"};
+		_ ->
+		    Config
+	    end;
 	_Else ->
 	    {skip,"Could not start crypto!"}
     end.
@@ -100,26 +104,43 @@ all() ->
 	false -> 
 	    {skip, "openSSH not installed on host"};
 	_ ->
-	    [erlang_shell_client_openssh_server,
-	     erlang_client_openssh_server_exec,
-	     erlang_client_openssh_server_exec_compressed,
-	     erlang_server_openssh_client_exec,
-	     erlang_server_openssh_client_exec_compressed,
-	     erlang_client_openssh_server_setenv,
-	     erlang_client_openssh_server_publickey_rsa,
-	     erlang_client_openssh_server_publickey_dsa,
-	     erlang_server_openssh_client_pulic_key_dsa,
-	     erlang_client_openssh_server_password]
+	    [{group, erlang_client},
+	     {group, erlang_server}
+	     ]
     end.
 
 groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-	Config.
+    [{erlang_client, [], [erlang_shell_client_openssh_server,
+			  erlang_client_openssh_server_exec,
+			  erlang_client_openssh_server_exec_compressed,
+			  erlang_client_openssh_server_setenv,
+			  erlang_client_openssh_server_publickey_rsa,
+			  erlang_client_openssh_server_publickey_dsa,
+			  erlang_client_openssh_server_password]},
+     {erlang_server, [], [erlang_server_openssh_client_exec,
+			  erlang_server_openssh_client_exec_compressed,
+			  erlang_server_openssh_client_pulic_key_dsa,
+			  erlang_client_openssh_server_password]}
+    ].
+
+init_per_group(erlang_server, Config) ->
+    DataDir = ?config(data_dir, Config),
+    UserDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_dsa(DataDir, UserDir),
+    Config;
+init_per_group(_, Config) ->
+    Dir = ?config(priv_dir, Config),
+    {ok, _} = ssh_test_lib:get_id_keys(Dir),
+    Config.
 
-end_per_group(_GroupName, Config) ->
-	Config.
+end_per_group(erlang_server, Config) ->
+    UserDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(UserDir),
+    Config;
+end_per_group(_, Config) ->
+    Dir = ?config(priv_dir, Config),
+    ssh_test_lib:remove_id_keys(Dir),
+    Config.
 
 %% TEST cases starts here.
 %%--------------------------------------------------------------------
@@ -131,8 +152,9 @@ erlang_shell_client_openssh_server(suite) ->
 
 erlang_shell_client_openssh_server(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
+    UserDir = ?config(priv_dir, Config),
     IO = ssh_test_lib:start_io_server(),
-    Shell = ssh_test_lib:start_shell(?SSH_DEFAULT_PORT, IO),
+    Shell = ssh_test_lib:start_shell(?SSH_DEFAULT_PORT, IO, UserDir),
     IO ! {input, self(), "echo Hej\n"},
     receive_hej(),
     IO ! {input, self(), "exit\n"},
@@ -228,7 +250,7 @@ erlang_server_openssh_client_exec(suite) ->
     [];
 
 erlang_server_openssh_client_exec(Config) when is_list(Config) ->
-    SystemDir = ?config(data_dir, Config),
+    SystemDir = ?config(priv_dir, Config),
     
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
@@ -257,7 +279,7 @@ erlang_server_openssh_client_exec_compressed(suite) ->
     [];
 
 erlang_server_openssh_client_exec_compressed(Config) when is_list(Config) ->
-    SystemDir = ?config(data_dir, Config),
+    SystemDir = ?config(priv_dir, Config),
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {compression, zlib},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
@@ -346,7 +368,9 @@ erlang_client_openssh_server_publickey_rsa(Config) when is_list(Config) ->
 	    ok = ssh:close(ConnectionRef),
 	    ok = file:delete(filename:join(UserDir, "id_rsa"));
 	{error, enoent} ->
-	    {skip, "no ~/.ssh/id_rsa"}
+	    {skip, "no ~/.ssh/id_rsa"};
+       	{error, Reason} ->
+	    {skip, Reason}
     end.
 
 %%--------------------------------------------------------------------
@@ -372,7 +396,9 @@ erlang_client_openssh_server_publickey_dsa(Config) when is_list(Config) ->
 	    ok = ssh:close(ConnectionRef),
 	    ok = file:delete(filename:join(UserDir, "id_dsa"));
 	{error, enoent} ->
-	    {skip, "no ~/.ssh/id_dsa"}
+	    {skip, "no ~/.ssh/id_dsa"};
+	{error, Reason} ->
+	    {skip, Reason}
     end.
 
 %%--------------------------------------------------------------------
@@ -383,7 +409,7 @@ erlang_server_openssh_client_pulic_key_dsa(suite) ->
     [];
 
 erlang_server_openssh_client_pulic_key_dsa(Config) when is_list(Config) ->
-    SystemDir = ?config(data_dir, Config),
+    SystemDir = ?config(priv_dir, Config),
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {public_key_alg, ssh_dsa},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk
index fe2b915d17..42f860d6ae 100644
--- a/lib/ssh/vsn.mk
+++ b/lib/ssh/vsn.mk
@@ -1,5 +1,5 @@
 #-*-makefile-*-   ; force emacs to enter makefile-mode
 
-SSH_VSN = 2.0.8
+SSH_VSN = 2.0.9
 APP_VSN    = "ssh-$(SSH_VSN)"
 
diff --git a/lib/ssl/Makefile b/lib/ssl/Makefile
index daad7dc3e6..a7a95004a6 100644
--- a/lib/ssl/Makefile
+++ b/lib/ssl/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk
 # Macros
 #
 
-SUB_DIRECTORIES = src c_src doc/src examples/certs examples/src
+SUB_DIRECTORIES = src  doc/src examples/certs examples/src
 
 include vsn.mk
 VSN = $(SSL_VSN)
diff --git a/lib/ssl/c_src/Makefile b/lib/ssl/c_src/Makefile
deleted file mode 100644
index 52d9140153..0000000000
--- a/lib/ssl/c_src/Makefile
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-#
-
-#
-
-#
-# Invoke with GNU make or clearmake -C gnu.
-#
-
-include $(ERL_TOP)/make/run_make.mk
diff --git a/lib/ssl/c_src/Makefile.dist b/lib/ssl/c_src/Makefile.dist
deleted file mode 100644
index 2468468921..0000000000
--- a/lib/ssl/c_src/Makefile.dist
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-#
-
-# Makefile for SSL on Unix
-# 
-# Placed in obj directory. 
-#
-CC = gcc
-	
-BINDIR = %BINDIR%
-LIBS = %LIBS%
-SSL_LIBDIR = %SSL_LIBDIR% 
-OBJS = %OBJS%
-
-$(BINDIR)/ssl_esock: $(OBJS)
-	$(CC) -L$(SSL_LIBDIR) -Wl,-R$(SSL_LIBDIR) -o $@ $^ \
-		$(LIBS) -lssl -lcrypto
diff --git a/lib/ssl/c_src/Makefile.in b/lib/ssl/c_src/Makefile.in
deleted file mode 100644
index 6e413e7e8e..0000000000
--- a/lib/ssl/c_src/Makefile.in
+++ /dev/null
@@ -1,215 +0,0 @@
-#
-# %CopyrightBegin%
-#
-# Copyright Ericsson AB 1999-2011. All Rights Reserved.
-#
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-#
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-#
-# %CopyrightEnd%
-#
-
-#
-# Makefile only for Unix and Win32/Cygwin.
-# 
-
-include $(ERL_TOP)/make/target.mk
-include $(ERL_TOP)/make/$(TARGET)/otp.mk
-# ----------------------------------------------------
-# SSL locations and include options from configure
-# ----------------------------------------------------
-SSL_LIBDIR = @SSL_LIBDIR@
-SSL_INCLUDE = @SSL_INCLUDE@
-SSL_CRYPTO_LIBNAME = @SSL_CRYPTO_LIBNAME@
-SSL_SSL_LIBNAME = @SSL_SSL_LIBNAME@
-
-# ----------------------------------------------------
-# Application version
-# ----------------------------------------------------
-include ../vsn.mk
-VSN=$(SSL_VSN)
-
-# ----------------------------------------------------
-# Commands 
-# ----------------------------------------------------
-CC = @CC@
-LD = @LD@
-SHELL = /bin/sh
-LIBS = @LIBS@
-PLAIN_CFLAGS = @CFLAGS@
-
-# ----------------------------------------------------
-# Includes and libs
-# ----------------------------------------------------
-
-ALL_CFLAGS = @WFLAGS@ @CFLAGS@ @DEFS@ $(TYPE_FLAGS)
-TARGET = @host@
-
-ifeq ($(TYPE),debug)
-TYPEMARKER = .debug
-TYPE_FLAGS = -g -DDEBUG @DEBUG_FLAGS@
-else
-TYPEMARKER =
-TYPE_FLAGS = -O2
-endif
-
-PRIVDIR = ../priv
-BINDIR = $(PRIVDIR)/bin/$(TARGET)
-OBJDIR = $(PRIVDIR)/obj/$(TARGET)
-
-# ----------------------------------------------------
-# File suffixes
-# ----------------------------------------------------
-exe = @EXEEXT@
-obj = .@OBJEXT@
-
-# ----------------------------------------------------
-# Release directory specification
-# ----------------------------------------------------
-RELSYSDIR = $(RELEASE_PATH)/lib/ssl-$(VSN)
-
-# ----------------------------------------------------
-# Common Macros
-# ----------------------------------------------------
-OBJS = 	$(OBJDIR)/esock$(obj) \
-	$(OBJDIR)/debuglog$(obj) \
-	$(OBJDIR)/esock_poll$(obj) \
-	$(OBJDIR)/esock_osio$(obj) \
-	$(OBJDIR)/esock_utils$(obj) \
-	$(OBJDIR)/esock_posix_str$(obj) \
-	$(OBJDIR)/esock_openssl$(obj)
-
-PORT_PROGRAM = $(BINDIR)/ssl_esock$(exe)
-
-SKIP_BUILDING_BINARIES := false
-
-# Try to be BC for R10
-ifeq ($(findstring @SSL_,@SSL_DYNAMIC_ONLY@),@SSL_)
-DYNAMIC_CRYPTO_LIB=yes
-else
-DYNAMIC_CRYPTO_LIB=@SSL_DYNAMIC_ONLY@
-endif
-
-
-ifeq ($(DYNAMIC_CRYPTO_LIB),yes)
-
-ifneq ($(findstring win32,$(TARGET)),win32)
-SSL_MAKEFILE = $(OBJDIR)/Makefile
-else
-SSL_MAKEFILE =
-endif
-
-CC_R_FLAG=@CFLAG_RUNTIME_LIBRARY_PATH@
-
-ifeq ($(findstring @,$(CC_R_FLAG)),@)
-# Old erts configure used which hasn't replaced @CFLAG_RUNTIME_LIBRARY_PATH@;
-# we try our best here instead...
-
-ifeq ($(findstring darwin,$(TARGET)),darwin)	# darwin: no flag
-CC_R_FLAG =
-else
-ifeq ($(findstring osf,$(TARGET)),osf)		# osf1: -Wl,-rpath,
-CC_R_FLAG = -Wl,-rpath,
-else						# Default: -Wl,-R
-CC_R_FLAG = -Wl,-R
-endif
-endif
-endif
-
-ifeq ($(strip $(CC_R_FLAG)),)
-CC_R_OPT =
-else
-CC_R_OPT = $(CC_R_FLAG)$(SSL_LIBDIR)
-endif
-
-SSL_CC_RUNTIME_LIBRARY_PATH=@SSL_CC_RUNTIME_LIBRARY_PATH@
-# Sigh...
-ifeq ($(findstring @,$(SSL_CC_RUNTIME_LIBRARY_PATH)),@)
-SSL_CC_RUNTIME_LIBRARY_PATH = $(CC_R_OPT)
-endif
-
-SSL_LINK_LIB=-L$(SSL_LIBDIR) -l$(SSL_SSL_LIBNAME) -l$(SSL_CRYPTO_LIBNAME)
-else 
-# not dynamic crypto lib (default from R11B-5)
-NEED_KERBEROS=@SSL_LINK_WITH_KERBEROS@
-NEED_ZLIB=@SSL_LINK_WITH_ZLIB@
-SSL_MAKEFILE =
-CC_R_OPT =
-SSL_CC_RUNTIME_LIBRARY_PATH=
-SSL_LINK_LIB = $(SSL_LIBDIR)/lib$(SSL_SSL_LIBNAME).a $(SSL_LIBDIR)/lib$(SSL_CRYPTO_LIBNAME).a 
-ifeq ($(NEED_KERBEROS),yes)
-SSL_LINK_LIB += @STATIC_KERBEROS_LIBS@
-endif
-ifeq ($(NEED_ZLIB),yes)
-SSL_LINK_LIB += @STATIC_ZLIB_LIBS@
-endif
-endif
-
-# ----------------------------------------------------
-# Targets
-# ----------------------------------------------------
-
-debug opt: $(OBJDIR) $(BINDIR) $(OBJS) $(PORT_PROGRAM) $(SSL_MAKEFILE)
-
-$(OBJDIR):
-	-@mkdir -p $(OBJDIR)
-
-$(BINDIR):
-	-@mkdir -p $(BINDIR)
-
-$(OBJDIR)/esock_openssl$(obj):	esock_openssl.c
-	$(CC) -c -o $@ $(ALL_CFLAGS) $(SSL_INCLUDE) $<
-
-$(OBJDIR)/%$(obj): %.c
-	$(CC) -c -o $@ $(ALL_CFLAGS) $<
-
-# Unix
-$(BINDIR)/ssl_esock: $(OBJS)
-	$(CC) $(PLAIN_CFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SSL_CC_RUNTIME_LIBRARY_PATH) $(SSL_LINK_LIB)
-
-# Win32/Cygwin
-$(BINDIR)/ssl_esock.exe: $(OBJS)
-	$(LD) $(SSL_CC_RUNTIME_LIBRARY_PATH) -L$(SSL_LIBDIR) -o $@ $^ -lwsock32 -l$(SSL_CRYPTO_LIBNAME) -l$(SSL_SSL_LIBNAME)
-
-# Unix only, and only when linking statically
-$(SSL_MAKEFILE):
-	sed 	-e "s;%BINDIR%;../../bin/$(TARGET);" \
-		-e "s;%SSL_LIBDIR%;$(SSL_LIBDIR);" \
-		-e "s;%OBJS;$(OBJS);" \
-		-e "s;%LIBS%;$(LIBS);" ./Makefile.dist \
-		> $(OBJDIR)/Makefile
-
-
-clean:
-	rm -f $(PORT_PROGRAM) $(OBJS) core *~ $(SSL_MAKEFILE)
-
-docs:
-
-# ----------------------------------------------------
-# Release Target
-# ---------------------------------------------------- 
-include $(ERL_TOP)/make/otp_release_targets.mk
-
-release_spec: opt
-	$(INSTALL_DIR) $(RELSYSDIR)/priv/bin
-	$(INSTALL_PROGRAM) $(PORT_PROGRAM) $(RELSYSDIR)/priv/bin
-ifneq ($(SSL_MAKEFILE),)
-	$(INSTALL_DIR) $(RELSYSDIR)/priv/obj
-	$(INSTALL_DATA) $(OBJS) $(RELSYSDIR)/priv/obj
-	sed 	-e "s;%BINDIR%;../bin;" \
-		-e "s;%SSL_LIBDIR%;$(SSL_LIBDIR);" \
-		-e "s;%OBJS;$(OBJS);" \
-		-e "s;%LIBS%;$(LIBS);" ./Makefile.dist \
-		> $(RELSYSDIR)/priv/obj/Makefile
-endif
-
-release_docs_spec:
-
diff --git a/lib/ssl/c_src/Makefile.win32 b/lib/ssl/c_src/Makefile.win32
deleted file mode 100644
index 668cd2a28d..0000000000
--- a/lib/ssl/c_src/Makefile.win32
+++ /dev/null
@@ -1,147 +0,0 @@
-#
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-#
-
-#
-# SSL - Makefile for Windows NT
-#
-# It is assumed that the following environment variables have been set:
-#
-# INCLUDE       X:\MSDEV\INCLUDE
-# LIB           X:\MSDEV\LIB
-#
-# so that standard include files, and the socket library can be found.
-#
-# When ssl_esock.exe is run, the PATH environment variable must contain
-# the name of a directory that contains ssleay32.dll and libeay32.dll,
-# and windows socket dll.
-#
-
-# Roots
-!ifndef OPENSSL_ROOT
-!	error "Makefile.win32: ssl: OPENSSL_ROOT not set"
-!endif
-
-TARGET = win32
-
-BINDIR = ..\priv\bin\$(TARGET)
-OBJDIR = ..\priv\obj\$(TARGET)
-
-!if !exist($(BINDIR)) 
-!	if [mkdir $(BINDIR)]
-!	error "SSL: cannot create BINDIR"
-!	endif
-!endif
-
-!if !exist($(OBJDIR))
-!	if [mkdir $(OBJDIR)]
-!	error "SSL: cannot create OBJDIR"
-!	endif
-!endif
-
-# Includes
-#
-OPENSSL_INCLUDE = $(OPENSSL_ROOT)\inc32
-
-INCLUDES = /I. /I$(OPENSSL_INCLUDE)
-
-# Libraries
-#
-OPENSSL_LIBDIR = $(OPENSSL_ROOT)\out32dll
-OPENSSL_LIBS = \
-	$(OPENSSL_LIBDIR)\ssleay32.lib \
-	$(OPENSSL_LIBDIR)\libeay32.lib 
-
-!ifdef ESOCK_WINSOCK2
-WINSOCK_LIB = ws2_32.lib 
-DEFS = -DESOCK_WINSOCK2
-!else
-WINSOCK_LIB = wsock32.lib
-!endif	
-
-# Compiler options
-# 
-# NOTE: Size of fd_set is set in esock_winsock.h but can be overridden
-# with a -D option here.
-#
-OPTS = /MDd /G5 /Ox /O2 /Ob2 /Z7
-DEFS = -D__WIN32__ -DWIN32 $(DEFS)
-CFLAGS = $(INCLUDES) /nologo $(OPTS) $(DEFS)
-
-# Object files
-#
-SSL_BASE_OBJS = \
-	$(OBJDIR)\esock.obj \
-	$(OBJDIR)\debuglog.obj \
-	$(OBJDIR)\esock_poll$(obj) \
-	$(OBJDIR)\esock_osio.obj \
-	$(OBJDIR)\esock_utils.obj \
-	$(OBJDIR)\esock_posix_str.obj
-
-OPENSSL_OBJS = \
-	$(OBJDIR)\esock_openssl.obj
-
-#
-# Targets
-#
-
-all:	$(SSL_BASE_OBJS) $(OPENSSL_OBJS) $(BINDIR)\ssl_esock.exe
-
-clean: 
-	del $(BINDIR)\*.exe
-	del $(OBJDIR)\*.obj
-
-# Inference rule .c.obj:
-#
-{.}.c{$(OBJDIR)}.obj:
-	$(CC) $(CFLAGS) /c /Fo$@ $(*B).c
-
-# Binary
-#
-$(BINDIR)\ssl_esock.exe:	$(SSL_BASE_OBJS) $(OPENSSL_OBJS)
-	$(CC) /nologo  $(SSL_BASE_OBJS) $(OPENSSL_OBJS) $(OPENSSL_LIBS) \
-		$(WINSOCK_LIB) /Fe$(BINDIR)\ssl_esock.exe
-
-
-
-# Dependencies
-#
-$(OBJDIR)\esock.o:	esock.h debuglog.h esock_ssl.h esock_osio.h \
-			esock_utils.h esock_winsock.h
-$(OBJDIR)\debuglog.o:	debuglog.h esock_ssl.h esock_utils.h
-$(OBJDIR)\esock_osio.o:	esock_osio.h esock.h debuglog.h esock_utils.h \
-			esock_winsock.h
-$(OBJDIR)\esock_utils.o:	esock_utils.h
-$(OBJDIR)\esock_posix_str.o:	esock_posix_str.h esock_winsock.h
-
-$(OBJDIR)\esock_openssl.o: 	esock.h esock_ssl.h debuglog.h esock_utils.h \
-		                $(OPENSSL_INCLUDE)\crypto.h \
-		                $(OPENSSL_INCLUDE)\ssl.h \
-				$(OPENSSL_INCLUDE)\err.h
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/lib/ssl/c_src/Makefile.win32.dist b/lib/ssl/c_src/Makefile.win32.dist
deleted file mode 100644
index 8510c44e08..0000000000
--- a/lib/ssl/c_src/Makefile.win32.dist
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# %CopyrightBegin%
-# 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
-# 
-# The contents of this file are subject to the Erlang Public License,
-# Version 1.1, (the "License"); you may not use this file except in
-# compliance with the License. You should have received a copy of the
-# Erlang Public License along with this software. If not, it can be
-# retrieved online at http://www.erlang.org/.
-# 
-# Software distributed under the License is distributed on an "AS IS"
-# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-# the License for the specific language governing rights and limitations
-# under the License.
-# 
-# %CopyrightEnd%
-#
-	
-# Makefile.win32.dist for SSL
-# 
-# To be placed in obj directory. 
-#
-
-CC = cl
-
-BINDIR = %BINDIR%
-
-OPENSSL_LIBS = \
-	$(BINDIR)\ssleay32.lib \
-	$(BINDIR)\libeay32.lib 
-
-WINSOCK_LIB = ws2_32.lib 
-
-SSL_BASE_OBJS = esock.obj debuglog.obj esock_osio.obj esock_utils.obj \
-	        esock_posix_str.obj
-
-OPENSSL_OBJS = esock_openssl.obj
-
-$(BINDIR)\ssl_esock.exe:	$(SSL_BASE_OBJS) $(OPENSSL_OBJS)
-	$(CC) /nologo  $(SSL_BASE_OBJS) $(OPENSSL_OBJS) $(OPENSSL_LIBS) \
-		$(WINSOCK_LIB) /Fe$(BINDIR)\ssl_esock.exe
-
-
-
diff --git a/lib/ssl/c_src/debuglog.c b/lib/ssl/c_src/debuglog.c
deleted file mode 100644
index e2e55df4b2..0000000000
--- a/lib/ssl/c_src/debuglog.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*<copyright>
- * <year>1999-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-/*
- * Purpose: Various routines for debug printouts and logs.
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include <ctype.h>
-#include <time.h>
-#include "debuglog.h"
-#include "esock_utils.h"
-
-#ifndef __WIN32__
-static char tr_format_buf[256];
-static char *tr_format(const char *format);
-static int vfprintclistf(FILE *fp, const char *format, va_list args);
-#endif
-
-int debug = 0;
-int debugmsg = 0;
-FILE *ssllogfp = NULL;
-FILE *__locallogfp = NULL;
-
-void open_ssllog(char *path)
-{
-    ssllogfp = openlog(path);
-}
-
-void close_ssllog(void)
-{
-    if (ssllogfp)
-	closelog(ssllogfp);
-}
-
-FILE *openlog(char *s)
-{
-    FILE *fp;
-    time_t t = time(NULL);
-
-    if ((fp = fopen(s, "a"))) {
-	setbuf(fp, NULL);
-	fprintf(fp, "===== Opened [%s] %s", s, ctime(&t));
-    }
-    return fp;
-}
-
-void closelog(FILE *fp)
-{
-    time_t t = time(NULL);
-
-    if (fp) {
-	fprintf(fp, "Closed %s", ctime(&t));
-	fclose(fp);
-    }
-}
-
-int __debugprintf(const char *format, ...)
-{
-    va_list args;
-    int ret;
-#ifndef __WIN32__
-    char *newformat;
-
-    va_start(args, format);
-    newformat = tr_format(format);
-    ret = vfprintf(stderr, newformat, args);
-    if (newformat != format && newformat != tr_format_buf)
-	esock_free(newformat);
-#else
-    va_start(args, format);
-    ret = vfprintf(stderr, format, args);
-#endif
-    va_end(args);
-    if (ssllogfp) { 
-        va_start(args, format);
-	vfprintf(ssllogfp, format, args);
-        va_end(args);
-    }
-    return ret;
-}
-
-int __debugprintclistf(const char *format, ...)
-{
-    va_list args;
-    int ret;
-#ifndef __WIN32__
-    char *newformat;
-
-    va_start(args, format);
-    newformat = tr_format(format);
-    ret = vfprintclistf(stderr, newformat, args);
-    if (newformat != format && newformat != tr_format_buf)
-	esock_free(newformat);
-#else
-    va_start(args, format);
-    ret = vfprintclistf(stderr, format, args);
-#endif
-    if (ssllogfp) 
-	vfprintclistf(ssllogfp, format, args);
-    va_end(args);
-    return ret;
-}
-
-int __debuglogf(const char *format, ...)
-{
-    va_list args;
-    int ret;
-
-    va_start(args, format);
-    ret = vfprintf(__locallogfp, format, args);
-    va_end(args);
-    return ret;
-}
-
-#ifndef __WIN32__
-
-/* Insert `\r' before each `\n' i format */
-static char *tr_format(const char *format)
-{
-    char *newformat, *s, *t;
-    int len;
-
-    len = strlen(format);
-    if ((newformat = (len > 127) ? esock_malloc(len) : tr_format_buf)) {
-	for (s = (char *)format, t = newformat; *s; *t++ = *s++)
-	    if (*s == '\n') 
-		*t++ = '\r';
-	*t = '\0';
-    } else
-	newformat = (char *)format;
-    return newformat;
-}
-
-#endif
-
-/* This function is for printing arrays of characters with formats
- * %FPa or %FPb, where F and P are the ordinary specifiers for 
- * field width and precision, respectively. 
- * 
- * The conversion specifier `a' implies hex-string output, while 
- * the `b' specifier provides character output (for non-printable
- * characters a `.' is written.
- *
- * The F specifier contains the width for each character. The 
- * P specifier tells how many characters to print.
- *
- * Example: Suppose we have a function myprintf(char *format, ...)
- * that calls our vfprintclistf(), and that
- *
- * char buf[] = "h\r\n";
- * len = 3;
- *
- * Then 
- *
- * myprintf("%.2b", buf)         prints     "h."
- * myprintf("%2.3b", buf)        prints     "h . . "
- * myprintf("%3.*a", len, buf)   prints     "68 0d 0a"
- *  
- */
-
-static int vfprintclistf(FILE *fp, const char *format, va_list args)
-{
-
-    int i, len, width, prec, written = 0;
-    char *s, *prevs, *fstart;
-    unsigned char *buf;
-
-    if (!format || !*format)
-	return 0;
-    
-    /* %{[0-9]*|\*}{.{[0-9]*|\*}{a|b} */
-
-    prevs = (char *)format;	/* format is const */
-    s = strchr(format, '%');
-    while (s && *s) {
-	if (s - prevs > 0)
-	    written += fprintf(fp, "%.*s", s - prevs, prevs);
-	width = prec = 0;
-	fstart = s;
-	s++;
-	if (*s != '%') {	/* otherwise it is not a format */
-	    if (*s == '*') {	/* width in arg */
-		s++;
-		width = va_arg(args, int);
-	    } else if ((len = strspn(s, "0123456789"))) { /* const width */
-		width = atoi(s);
-		s += len;
-	    } else 
-		width = 0;
-	    if (*s == '.') {	/* precision specified */
-		s++;
-		if (*s == '*') { /* precision in arg */
-		    s++;
-		    prec = va_arg(args, int);
-		} else if ((len = strspn(s, "0123456789"))) { /* const prec */
-		    prec = atoi(s);
-		    s += len;
-		} else		/* no precision value, defaults to zero */
-		    prec = 0;
-	    }  else
-		prec = 0;	/* no precision defaults to zero */
-	    if (*s == 'a' || *s == 'b') { /* only valid specifiers */
-		buf = va_arg(args, unsigned char *);
-		if (*s == 'a') {
-		    for (i = 0; i < prec; i++) 
-			written += fprintf(fp, "%*.2x", width, buf[i]);
-		}else if (*s == 'b') {
-		    for (i = 0; i < prec; i++) {
-			if (isprint(buf[i]))
-			    written += fprintf(fp, "%*c", width, buf[i]);
-			else
-			    written += fprintf(fp, "%*c", width, '.');
-		    }
-		}
-	    } else {
-		fprintf(stderr, "fprintclistf: format \"%s\" invalid.\n", 
-			format);
-		va_end(args);
-		return written;
-	    }
-	}
-	s++;
-	/* Now s points to the next character after the format */
-	prevs = s;
-	s = strchr(s, '%');
-    }
-    if (format + strlen(format) + 1 - prevs > 0)
-	written += fprintf(fp, "%s", prevs);
-    return written;
-}
-
diff --git a/lib/ssl/c_src/debuglog.h b/lib/ssl/c_src/debuglog.h
deleted file mode 100644
index 5699e6b495..0000000000
--- a/lib/ssl/c_src/debuglog.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*<copyright>
- * <year>1998-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-/*
- * Purpose:  Debug functions and macros.
- *
- */
-
-#ifndef __DEBUGLOG_H_
-#define __DEBUGLOG_H_
-
-#include <stdio.h>
-#include "esock_ssl.h"
-
-#define DEBUGF(x)  if (debug) __debugprintf x;
-#define DEBUGMSGF(x)  if (debugmsg) __debugprintclistf x;
-#define LOGF(fp, x) if (fp) { __locallogfp = fp; __debuglogf x; }
-#define SSLDEBUGF()  if (debug) { esock_ssl_print_errors_fp(stderr); \
-    if (ssllogfp) esock_ssl_print_errors_fp(ssllogfp); }
-
-int  debug;
-int  debugmsg;
-FILE *ssllogfp;
-FILE *__locallogfp;
-
-void open_ssllog(char *path);
-void close_ssllog(void);
-FILE *openlog(char *);
-void closelog(FILE *);
-int __debugprintf(const char *, ...);
-int __debugprintclistf(const char *, ...);
-int __debuglogf(const char *, ...);
-
-#endif
diff --git a/lib/ssl/c_src/esock.c b/lib/ssl/c_src/esock.c
deleted file mode 100644
index 78d08f7c29..0000000000
--- a/lib/ssl/c_src/esock.c
+++ /dev/null
@@ -1,1904 +0,0 @@
-/*<copyright>
- * <year>1999-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-
-/*
- * Purpose:  Implementation of Secure Socket Layer (SSL).
- *
- * This is an "SSL proxy" for Erlang in the form of a port
- * program. 
- *
- * The implementation has borrowed somewhat from the original
- * implementation of `socket' by Claes Wikstr�m, and the former
- * implementation of `ssl_socket' by Helen Ariyan.
- *
- * All I/O is now non-blocking. 
- *
- * When a connection (cp) is in the state JOINED we have the following
- * picture:
- *
- *            proxy->fd                          fd
- *               |                               |
- *  proxy->eof   |  -------->  wq  ----------->  |   bp 
- *               |                               |
- *  Erlang       |                               |   SSL
- *               |                               |
- *  proxy->bp    |  <------ proxy->wq ---------  |   eof
- *               |                               |
- * 
- * We read from Erlang (proxy->fd) and write to SSL (fd); and read from 
- * SSL (fd) and write to Erlang (proxy->fd).  
- *
- * The variables bp (broken pipe) and eof (end of file) take the
- * values 0 and 1.
- *
- * What has been read and cannot be immediately written is put in a
- * write queue (wq). A wq is emptied before reads are continued, which
- * means that at most one chunk that is read can be in a wq.
- *
- * The proxy-to-ssl part of a cp is valid iff 
- *
- *         !bp && (wq.len > 0 || !proxy->eof).
- *
- * The ssl-to-proxy part of a cp is valid iff 
- *
- *         !proxy->bp && (proxy->wq.len > 0 || !eof). 
- *
- * The connection is valid if any of the above parts are valid, i.e.
- * invalid if both parts are invalid.
- *
- * Every SELECT_TIMEOUT second we try to write to those file
- * descriptors that have non-empty wq's (the only way to detect that a
- * far end has gone away is to write to it).
- *
- * STATE TRANSITIONS
- *
- * Below (*) means that the corresponding file descriptor is published
- * (i.e. kwown outside this port program) when the state is entered,
- * and thus cannot be closed without synchronization with the
- * ssl_server.
- *
- * Listen:
- *
- * STATE_NONE ---> (*) PASSIVE_LISTENING <---> ACTIVE_LISTENING
- *
- * Accept:
- *
- * STATE_NONE ---> SSL_ACCEPT ---> (*) CONNECTED ---> JOINED ---> 
- *  ---> SSL_SHUTDOWN ---> DEFUNCT
- *
- * Connect:
- *
- * STATE_NONE ---> (*) WAIT_CONNECT ---> SSL_CONNECT ---> CONNECTED ---> 
- *  ---> JOINED ---> SSL_SHUTDOWN ---> DEFUNCT
- * 
- * In states where file descriptors has been published, and where
- * something goes wrong, the state of the connection is set to
- * DEFUNCT. A connection in such a state can only be closed by a CLOSE
- * message from Erlang (a reception of such a message is registered in
- * cp->closed). The possible states are: WAIT_CONNECT, SSL_CONNECT,
- * CONNECTED, JOINED, and SSL_SHUTDOWN.
- *
- * A connection in state SSL_ACCEPT can be closed and removed without
- * synchronization.
- *
- */
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#ifdef __WIN32__
-#include "esock_winsock.h"
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <time.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <errno.h>
-
-#ifdef __WIN32__
-#include <process.h>
-#else
-#include <unistd.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <sys/time.h>
-#include <netdb.h>
-#include <arpa/inet.h>
-#include <fcntl.h>
-#endif
-
-#ifndef INADDR_NONE
-#define INADDR_NONE 0xffffffff  /* Should be in <netinet/in.h>.  */
-#endif
-
-#include "esock.h"
-#include "debuglog.h"
-#include "esock_utils.h"
-#include "esock_ssl.h"
-#include "esock_osio.h"
-#include "esock_posix_str.h"
-#include "esock_poll.h"
-
-#define MAJOR_VERSION   2
-#define MINOR_VERSION   0
-#define MAXREPLYBUF	256
-#define RWBUFLEN	(32*1024)
-#define IS_CLIENT       0
-#define IS_SERVER       1
-#define SELECT_TIMEOUT  2	/* seconds */
-
-#define psx_errstr()	esock_posix_str(sock_errno())
-#define ssl_errstr()	esock_ssl_errstr
-
-#define PROXY_TO_SSL_VALID(cp) (!(cp)->bp && \
-				((cp)->wq.len > 0 || !(cp)->proxy->eof))
-
-#define SSL_TO_PROXY_VALID(cp) (!(cp)->proxy->bp && \
-				((cp)->proxy->wq.len > 0 || !(cp)->eof))
-
-#define JOINED_STATE_INVALID(cp) (!(PROXY_TO_SSL_VALID(cp)) && \
-				!(SSL_TO_PROXY_VALID(cp)))
-static int loop(void);
-static int set_poll_conns(Connection *cp, EsockPoll *ep, int verbose);
-static Connection *next_polled_conn(Connection *cp, Connection **cpnext,
-				    EsockPoll *ep, int set_wq_fds);
-
-static void leave_joined_state(Connection *cp);
-static void do_shutdown(Connection *cp);
-static void close_and_remove_connection(Connection *cp);
-static int reply(int cmd, char *fmt, ...);
-static int input(char *fmt, ...);
-static int put_pars(unsigned char *buf, char *fmt, va_list args);
-static int get_pars(unsigned char *buf, char *fmt, va_list args);
-static FD do_connect(char *lipstring, int lport, char *fipstring, int fport);
-static FD do_listen(char *ipstring, int lport, int backlog, int *aport);
-static FD do_accept(FD listensock, struct sockaddr *saddr, int *len);
-static void print_connections(void);
-static void dump_connections(void);
-static int check_num_sock_fds(FD fd); 
-static void safe_close(FD fd);
-static Connection *new_connection(int state, FD fd);
-static Connection *get_connection(FD fd);
-static void remove_connection(Connection *conn);
-static Proxy *get_proxy_by_peerport(int port);
-static Proxy *new_proxy(FD fd);
-static void remove_proxy(Proxy *proxy);
-static void ensure_write_queue(WriteQueue *wq, int size);
-static void clean_up(void);
-
-static Connection  *connections = NULL;
-static int num_sock_fds;	/* On UNIX all file descriptors */
-static Proxy *proxies = NULL;
-static int proxy_listensock = INVALID_FD;
-static int proxy_listenport = 0;
-static int proxy_backlog = 128;
-static int proxysock_last_err = 0;
-static int proxysock_err_cnt = 0;
-static char rwbuf[RWBUFLEN];
-static unsigned char *ebuf = NULL; /* Set by read_ctrl() */
-
-static char *connstr[] = {
-    "STATE_NONE", 
-    "ACTIVE_LISTENING",
-    "PASSIVE_LISTENING",
-    "CONNECTED",
-    "WAIT_CONNECT",
-    "SSL_CONNECT",
-    "SSL_ACCEPT",
-    "TRANSPORT_ACCEPT",
-    "JOINED",
-    "SSL_SHUTDOWN",
-    "DEFUNCT"
-};
-
-static char *originstr[] = {
-    "listen",
-    "accept",
-    "connect"
-};
-
-int main(int argc, char **argv) 
-{
-    char *logfile = NULL;
-    int i;
-    esock_version *vsn;
-    char *ciphers; 
-#ifdef __WIN32__
-    int pid;
-    WORD version;
-    WSADATA wsa_data;
-
-    set_binary_mode();
-    setvbuf(stderr, NULL, _IONBF, 0);
-    /* Two sockets for the stdin socket pipe (local thread). */
-    num_sock_fds = 2;		
-#else
-    pid_t pid;
-    num_sock_fds = 3;		/* 0, 1, 2 */
-#endif
-
-    pid = getpid();
-    i = 1;
-    while (i < argc) {
-	if (strcmp(argv[i], "-d") == 0) {
-	    debug = 1;
-	    i++;
-	} else if (strcmp(argv[i], "-dm") == 0) {
-	    debugmsg = 1;
-	    i++;
-	} else if (strcmp(argv[i], "-pp") == 0) {
-	    i++;
-	    proxy_listenport = atoi(argv[i]);
-	    i++;
-	} else if (strcmp(argv[i], "-pb") == 0) {
-	    i++;
-	    proxy_backlog = atoi(argv[i]);
-	    i++;
-	} else if (strcmp(argv[i], "-pv") == 0) {
-	    i++;
-	    protocol_version = atoi(argv[i]);
-	    i++;
-	} else if (strcmp(argv[i], "-dd") == 0) {
-	    i++;
-	    logfile = esock_malloc(strlen(argv[i]) + 64);
-	    sprintf(logfile, "%s/ssl_esock.%d.log", argv[i], (int)pid);
-	    i++;
-	} else if (strcmp(argv[i], "-ersa") == 0) {
-	    ephemeral_rsa = 1;
-	    i++;
-	} else if (strcmp(argv[i], "-edh") == 0) {
-	    ephemeral_dh = 1;
-	    i++;
-	}
-    }
-    if (debug || debugmsg) {
-	DEBUGF(("Starting ssl_esock\n"));
-	if (logfile) {
-	    open_ssllog(logfile);
-#ifndef __WIN32__
-	    num_sock_fds++;
-#endif
-	}
-	atexit(close_ssllog);
-	DEBUGF(("pid = %d\n", getpid()));
-    }
-    if (esock_ssl_init() < 0) {
-	fprintf(stderr, "esock: Could not do esock_ssl_init\n");
-	exit(EXIT_FAILURE);
-    }
-
-    atexit(esock_ssl_finish);
-
-#ifdef __WIN32__
-    /* Start Windows' sockets */
-    version = MAKEWORD(MAJOR_VERSION, MINOR_VERSION);
-    if (WSAStartup(version, &wsa_data) != 0) {
-	fprintf(stderr, "esock: Could not start up Windows' sockets\n");
-	exit(EXIT_FAILURE);
-    }
-    atexit((void (*)(void))WSACleanup);
-    if (LOBYTE(wsa_data.wVersion) < MAJOR_VERSION ||
-	(LOBYTE(wsa_data.wVersion) == MAJOR_VERSION && 
-	 HIBYTE(wsa_data.wVersion) < MINOR_VERSION)) {
-	fprintf(stderr, "esock: Windows socket version error. "
-		"Requested version:"
-		"%d.%d, version found: %d.%d\n", MAJOR_VERSION, 
-		MINOR_VERSION, LOBYTE(wsa_data.wVersion), 
-		HIBYTE(wsa_data.wVersion));
-	exit(EXIT_FAILURE);
-    }
-    DEBUGF(("Using Windows socket version: %d.%d\n", 
-	   LOBYTE(wsa_data.wVersion), HIBYTE(wsa_data.wVersion)));
-    DEBUGF(("Maximum number of sockets available: %d\n", 
-	    wsa_data.iMaxSockets));
- 
-    if (esock_osio_init() < 0) {
-	fprintf(stderr, "esock: Could not init osio\n");
-	exit(EXIT_FAILURE);
-    }
-    atexit(esock_osio_finish);
-#endif
-
-    /* Create the local proxy listen socket and set it to non-blocking */
-    proxy_listensock = do_listen("127.0.0.1", proxy_listenport, 
-				 proxy_backlog, &proxy_listenport);
-    if (proxy_listensock == INVALID_FD) {
-	fprintf(stderr, "esock: Cannot create local listen socket\n");
-	exit(EXIT_FAILURE);
-    }
-    SET_NONBLOCKING(proxy_listensock);
-    DEBUGF(("Local proxy listen socket: fd = %d, port = %d\n", 
-	   proxy_listensock, proxy_listenport));
-
-    vsn = esock_ssl_version();
-    ciphers = esock_ssl_ciphers();
-
-    /* Report: port number of the local proxy listen socket, the native
-     * os pid, the compile and lib versions of the ssl library, and 
-     * the list of available ciphers. */
-    reply(ESOCK_PROXY_PORT_REP, "24sss", proxy_listenport, (int)pid, 
-	  vsn->compile_version, vsn->lib_version, ciphers);
-
-    atexit(clean_up);
-
-    loop();
-
-    if (logfile) 
-	esock_free(logfile);
-    exit(EXIT_SUCCESS);
-}
-
-
-/*
- * Local functions
- *
- */
-
-static int loop(void)
-{
-    EsockPoll pollfd;
-    FD fd, msgsock, listensock, connectsock, proxysock;
-    int cc, wc, fport, lport, pport, length, backlog, intref, op;
-    int value;
-    char *lipstring, *fipstring;
-    char *flags;
-    char *protocol_vsn, *cipher;
-    unsigned char *cert, *bin;
-    int certlen, binlen;
-    struct sockaddr_in iserv_addr;
-    int sret = 1;
-    Connection *cp, *cpnext, *newcp;
-    Proxy *pp;
-    time_t last_time = 0, now = 0;
-    int set_wq_fds;
-
-    esock_poll_init(&pollfd);
-
-    while(1) {
-	esock_poll_zero(&pollfd);
-	esock_poll_fd_set_read(&pollfd, proxy_listensock);
-	esock_poll_fd_set_read(&pollfd, local_read_fd);
-
-	set_wq_fds = 0;
-
-	if (sret)		/* sret == 1 the first time. */
-	    DEBUGF(("==========LOOP=============\n"));
-
-	cc = set_poll_conns(connections, &pollfd, sret) + 1;
-
-	if (sret) {
-	    print_connections();
-	    DEBUGF(("Before poll/select: %d descriptor%s (total %d)\n",
-		    cc, (cc == 1) ? "" : "s", num_sock_fds));
-	}
-
-	sret = esock_poll(&pollfd, SELECT_TIMEOUT);
-	if (sret < 0) {
-	    DEBUGF(("select/poll error: %s\n", psx_errstr()));
-	    continue;
-	}
-	
-	time(&now);
-	if (now >= last_time + SELECT_TIMEOUT) {
-	    set_wq_fds = 1;
-	    last_time = now;
-	}
-	/*
-	 * First accept as many connections as possible on the
-	 * proxy listen socket. We record the peer port, which
-	 * is later used as a reference for joining a proxy 
-	 * connection with a network connection.
-	 */
-
-	if (esock_poll_fd_isset_read(&pollfd, proxy_listensock)) {
-	    while (1) {
-		length = sizeof(iserv_addr);
-		proxysock = do_accept(proxy_listensock, 
-				      (struct sockaddr *)&iserv_addr, 
-				      (int*)&length);
-		if(proxysock == INVALID_FD) {
-		    if (sock_errno() != ERRNO_BLOCK) {
-			/* We can here for example get the error
-			 * EMFILE, i.e. no more file descriptors
-			 * available, but we do not have any specific
-			 * connection to report the error to.  We
-			 * increment the error counter and saves the
-			 * last err.  
-			 */
-			proxysock_err_cnt++;
-			proxysock_last_err = sock_errno();
-			DEBUGF(("accept error (proxy_listensock): %s\n", 
-				psx_errstr()));
-		    }
-		    break;
-		} else {
-		    /* Get peer port number */
-/* 		    length = sizeof(iserv_addr); */
-/* 		    if (getpeername(proxysock, (struct sockaddr *)&iserv_addr,  */
-/* 				    &length) < 0) { */
-/* 			DEBUGF(("Can't get peername of proxy socket")); */
-/* 			safe_close(proxysock); */
-/* 		    } else { */
-			/* Add to pending proxy connections */
-			SET_NONBLOCKING(proxysock);
-			pp = new_proxy(proxysock);
-			pp->peer_port = ntohs(iserv_addr.sin_port);
-			DEBUGF(("-----------------------------------\n"));
-			DEBUGF(("[PROXY_LISTEN_SOCK] conn accepted: "
-				"proxyfd = %d, "
-			       "peer port = %d\n", proxysock, pp->peer_port));
-/* 		    } */
-		}
-	    }
-	}
-
-	/* 
-	 * Read control messages from Erlang
-	 */
-	if (esock_poll_fd_isset_read(&pollfd, local_read_fd)) {  
-	    cc = read_ctrl(&ebuf);
-	    if ( cc < 0 ) {
-		DEBUGF(("Read loop -1 or 0\n"));
-		return -1;
-	    } else if (cc == 0) {  /* not eof  */
-		DEBUGF(("GOT empty string \n"));
-
-	    } else {
-
-		switch((int)*ebuf) {
-
-		case ESOCK_SET_SEED_CMD:
-		    /* 
-		     * ebuf = {cmd(1), binary(N) }
-		     */
-		    input("b", &binlen, &bin);
-		    DEBUGF(("[SET_SEED_CMD]\n"));
-		    esock_ssl_seed(bin, binlen);
-		    /* no reply */
-		    break;
-
-		case ESOCK_GETPEERNAME_CMD:
-		    /* 
-		     * ebuf = {cmd(1), fd(4)}
-		     */
-		    input("4", &fd);
-		    DEBUGF(("[GETPEERNAME_CMD] fd = %d\n", fd)); 
-		    cp = get_connection(fd);
-		    length = sizeof(iserv_addr);
-		    if (!cp) {
-			sock_set_errno(ERRNO_NOTSOCK);
-			reply(ESOCK_GETPEERNAME_ERR, "4s", fd, psx_errstr());
-		    } else if (getpeername(fd, 
-					   (struct sockaddr *) &iserv_addr, 
-					   &length) < 0) {
-			reply(ESOCK_GETPEERNAME_ERR, "4s", fd, psx_errstr());
-		    } else {
-			/*
-			 * reply  = {cmd(1), fd(4), port(2), 
-			 * 	    ipstring(N), 0(1)}
-			 */
-			reply(ESOCK_GETPEERNAME_REP, "42s", fd, 
-			      ntohs(iserv_addr.sin_port), 
-			      inet_ntoa(iserv_addr.sin_addr));
-		    }
-		    break;
-
-		case ESOCK_GETSOCKNAME_CMD:
-		    /* 
-		     * ebuf = {cmd(1), fd(4)}
-		     */
-		    input("4", &fd);
-		    DEBUGF(("[GETSOCKNAME_CMD] fd = %d\n", fd)); 
-		    cp = get_connection(fd);
-		    length = sizeof(iserv_addr);
-		    if (!cp) {
-			sock_set_errno(ERRNO_NOTSOCK);
-			reply(ESOCK_GETSOCKNAME_ERR, "4s", fd, psx_errstr());
-		    } else if (getsockname(fd, 
-					   (struct sockaddr *)&iserv_addr, 
-					   &length) < 0) {
-			reply(ESOCK_GETSOCKNAME_ERR, "4s", fd, psx_errstr());
-		    } else {
-			/*
-			 * reply  = {cmd(1), fd(4), port(2), 
-			 * 	    ipstring(N), 0(1)}
-			 */
-			reply(ESOCK_GETSOCKNAME_REP, "42s", fd, 
-			      ntohs(iserv_addr.sin_port),
-			      inet_ntoa(iserv_addr.sin_addr));
-		    }
-		    break;
-
-		case ESOCK_GETCONNINFO_CMD:
-		    /* 
-		     * ebuf = {cmd(1), fd(4)}
-		     */
-		    input("4", &fd);
-		    DEBUGF(("[GETCONNINFO_CMD] fd = %d\n", fd)); 
-		    cp = get_connection(fd);
-		    if (!cp) {
-			sock_set_errno(ERRNO_NOTSOCK);
-			reply(ESOCK_GETCONNINFO_ERR, "4s", fd, psx_errstr());
-		    } else {
-			if (esock_ssl_getprotocol_version(cp,
-							  &protocol_vsn) < 0)
-			    reply(ESOCK_GETCONNINFO_ERR, "4s", fd, psx_errstr());
-			else if (esock_ssl_getcipher(cp, &cipher) < 0)
-			    reply(ESOCK_GETCONNINFO_ERR, "4s", fd, psx_errstr());
-			else
-			/*
-			 * reply  = {cmd(1), fd(4), protocol(N), 0(1),
-			 * 	    cipher(N), 0(1)}
-			 */
-			    reply(ESOCK_GETCONNINFO_REP, "4ss", fd, 
-				  protocol_vsn, cipher);
-		    }
-		    break;
-
-		case ESOCK_GETPEERCERT_CMD:
-		    /* 
-		     * ebuf = {cmd(1), fd(4)}
-		     */
-		    input("4", &fd);
-		    DEBUGF(("[GETPEERCERT_CMD] fd = %d\n", fd)); 
-		    cp = get_connection(fd);
-		    if (!cp) {
-			sock_set_errno(ERRNO_NOTSOCK);
-			reply(ESOCK_GETPEERCERT_ERR, "4s", fd, psx_errstr());
-		    } else {
-			if ((certlen = esock_ssl_getpeercert(cp, &cert)) < 0)
-			    reply(ESOCK_GETPEERCERT_ERR, "4s", fd, psx_errstr());
-			else {
-			    /*
-			     * reply  = {cmd(1), fd(4), certlen(4), cert(N)}
-			     */
-			    reply(ESOCK_GETPEERCERT_REP, "4b", fd, 
-				  certlen, cert);
-			    esock_free(cert);
-			}
-		    }
-		    break;
-
-		case ESOCK_CONNECT_CMD:
-		    /* 
-		     * ebuf = {cmd(1), intref(4), 
-		     * 	       lport(2), lipstring(N), 0(1),  -- local
-		     *         fport(2), fipstring(N), 0(1),  -- foreign
-		     * 	       flags(N), 0(1)}
-		     */
-		    input("42s2ss", &intref, &lport, &lipstring, 
-			  &fport, &fipstring, &flags);
-		    DEBUGF(("[CONNECT_CMD] intref = %d, "
-			    "lipstring = %s lport = %d, "
-			    "fipstring = %s fport = %d, "
-			    "flags = %s\n", intref, lipstring, lport,
-			    fipstring, fport, flags));
-		    connectsock = do_connect(lipstring, lport, 
-					     fipstring, fport);
-		    if(connectsock == INVALID_FD) {
-			reply(ESOCK_CONNECT_SYNC_ERR, "4s", intref, psx_errstr());
-			break;
-		    }
-		    DEBUGF(("  fd = %d\n", connectsock));
-		    cp = new_connection(ESOCK_WAIT_CONNECT, connectsock);
-		    cp->origin = ORIG_CONNECT;
-		    length = strlen(flags);
-		    cp->flags = esock_malloc(length + 1);
-		    strcpy(cp->flags, flags);
-		    DEBUGF(("-> WAIT_CONNECT fd = %d\n", connectsock));
-		    /* Publish connectsock */
-		    reply(ESOCK_CONNECT_WAIT_REP, "44", intref, connectsock);
-		    break;
-		    
-		case ESOCK_TERMINATE_CMD:
-		    /* 
-		     * ebuf = {cmd(1)}
-		     */
-		    exit(EXIT_SUCCESS);
-		    break;
-
-		case ESOCK_CLOSE_CMD:
-		    /* 
-		     * ebuf = {cmd(1), fd(4)}
-		     */
-		    input("4", &fd);
-		    if ((cp = get_connection(fd))) {
-			DEBUGF(("%s[CLOSE_CMD]: fd = %d\n", 
-				connstr[cp->state], fd));
-			if (cp->proxy)
-			    cp->proxy->bp = 1;
-			switch (cp->state) {
-			case ESOCK_JOINED:
-			    cp->close = 1;
-			    if (JOINED_STATE_INVALID(cp))
-				leave_joined_state(cp);
-			    break;
-			case ESOCK_SSL_SHUTDOWN:
-			    cp->close = 1;
-			    DEBUGF(("  close flag set\n"));
-			    break;
-			default:
-			    DEBUGF(("-> (removal)\n"));
-			    close_and_remove_connection(cp);
-			}
-		    } else 
-			DEBUGF(("[CLOSE_CMD]: ERROR: fd = %d not found\n", fd));
-		    break;
-
-		case ESOCK_SET_SOCKOPT_CMD:
-		    /* 
-		     * ebuf = {cmd(1), fd(4), op(1), on(1)}
-		     */
-		    input("411", &fd, &op, &value);
-		    switch(op) {
-		    case ESOCK_SET_TCP_NODELAY:
-			if(setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, 
-				      (void *)&value, sizeof(value)) < 0) {
-			    DEBUGF(("Error: setsockopt TCP_NODELAY\n"));
-			    reply(ESOCK_IOCTL_ERR, "4s", fd, psx_errstr());
-			} else {
-			    reply(ESOCK_IOCTL_OK, "4", fd);
-			}
-			break;
-		    default:
-			DEBUGF(("Error: set_sock_opt - Not implemented\n"));
-			sock_set_errno(ERRNO_OPNOTSUPP);
-			reply(ESOCK_IOCTL_ERR, "4", fd, psx_errstr());
-			break;
-		    }
-		    break;
-
-		case ESOCK_LISTEN_CMD:
-		    /* 
-		     * ebuf = {cmd(1), intref(4), lport(2), ipstring(N), 0(1),
-		     * 	       backlog(2), flags(N), 0(1)}
-		     */
-		    input("42s2s", &intref, &lport, &lipstring, &backlog,
-			  &flags);
-		    DEBUGF(("[LISTEN_CMD] intref = %d, port = %d, "
-			   "ipstring = %s, backlog = %d, flags = %s\n", 
-			   intref, lport, lipstring, backlog, flags));
-		    
-		    listensock = do_listen(lipstring, lport, backlog, &lport);
-		    if(listensock == INVALID_FD) {
-			reply(ESOCK_LISTEN_SYNC_ERR, "4s", intref, psx_errstr());
-			break;
-		    }
-		    cp = new_connection(ESOCK_PASSIVE_LISTENING, listensock);
-		    /* Flags may be an empty string */
-		    length = strlen(flags);
-		    cp->flags = esock_malloc(length + 1);
-		    strcpy(cp->flags, flags);
-
-		    cp->origin = ORIG_LISTEN;
-		    if (esock_ssl_listen_init(cp) < 0) {
-			DEBUGF(("esock_ssl_listen_init() failed.\n"));
-			reply(ESOCK_LISTEN_SYNC_ERR, "4s", intref, 
-			      ssl_errstr());
-			close_and_remove_connection(cp);
-			break;
-		    }
-		    DEBUGF(("-> PASSIVE_LISTENING (fd = %d)\n", listensock));
-		    /* Publish listensock */
-		    reply(ESOCK_LISTEN_REP, "442", intref, listensock,
-			  ntohs(iserv_addr.sin_port));
-		    break;
-
-		case ESOCK_TRANSPORT_ACCEPT_CMD:
-		    /* 
-		     * ebuf =  { op(1), fd(4), flags(N), 0(1)} 
-		     */
-		    input("4s", &fd, &flags);
-		    DEBUGF(("[TRANSPORT_ACCEPT_CMD] listenfd = %d, flags = %s\n", fd, 
-			   flags));
-		    cp = get_connection(fd);
-		    if (cp) {
-			 /* We store the flags in the listen socket's 
-			  * connection, and overwrite previous flags.
-			  */
-			if ((length = strlen(flags)) > 0) {
-			    if (cp->flags)
-				cp->flags = esock_realloc(cp->flags, 
-							  length + 1);
-			    else
-				cp->flags = esock_malloc(length + 1);
-			    strcpy(cp->flags, flags);
-			}
-			if (cp->flags && cp->flags[0] != '\0') {
-			    cp->acceptors++;
-			    cp->state = ESOCK_ACTIVE_LISTENING; 
-			    DEBUGF(("-> ACTIVE_LISTENING\n"));
-			    break;
-			}
-			DEBUGF(("ERROR: flags empty\n"));
-		    }
-		    reply(ESOCK_TRANSPORT_ACCEPT_ERR, "4s", fd, "ebadf");
-		    break;
-
-		case ESOCK_SSL_ACCEPT_CMD:
-		    input("4s", &fd, &flags);
-		    DEBUGF(("[SSL_ACCEPT_CMD] fd = %d, flags = %s\n", fd, flags));
-		    cp = get_connection(fd);
-		    if (cp)
-			cp->state = ESOCK_SSL_ACCEPT;
-		    //reply(ESOCK_SSL_ACCEPT_REP, "4", fd);
-		    break;
-
-		case ESOCK_NOACCEPT_CMD:
-		    /* 
-		     * ebuf = {cmd(1), fd(4)}
-		     */
-		    input("4", &fd);
-		    DEBUGF(("[NOACCEPT_CMD] listenfd = %d\n", fd));
-		    cp = get_connection(fd);
-		    if (cp && (--cp->acceptors <= 0)) {
-			cp->acceptors = 0;
-			cp->state = ESOCK_PASSIVE_LISTENING;
-			esock_poll_clear_event(&pollfd, fd);
-			DEBUGF(("-> PASSIVE_LISTENING\n"));
-		    }
-		    break;
-
-		case ESOCK_PROXY_JOIN_CMD:
-		    /*
-		     * ebuf = {cmd(1), fd(4), portnum(2)}
-		     *
-		     * fd      - file descriptor of a connection in state
-		     *           CONNECTED
-		     * portnum - port number of the Erlang proxy peer 
-		     */
-		    input("42", &fd, &pport);
-		    cp = get_connection(fd);
-		    pp = get_proxy_by_peerport(pport);
-		    if (cp && cp->state == ESOCK_CONNECTED && pp) {
-			DEBUGF(("CONNECTED[PROXY_JOIN_CMD] fd = %d "
-				"portnum = %d\n", fd, pport));
-			cp->proxy = pp;
-			pp->conn = cp;
-			reply(ESOCK_PROXY_JOIN_REP, "4", fd);
-			cp->state = ESOCK_JOINED;
-			DEBUGF(("-> JOINED\n"));
-			break;
-		    }
-		    if (!cp) {
-			DEBUGF(("[PROXY_JOIN_CMD] ERROR: No connection "
-				"having fd = %d\n", fd));
-			reply(ESOCK_PROXY_JOIN_ERR, "4s", fd, "ebadsocket");
-		    } else if (cp->state != ESOCK_CONNECTED) {
-			DEBUGF(("%s[PROXY_JOIN_CMD] ERROR: Bad state: "
-			       "fd = %d\n", connstr[cp->state], cp->fd));
-			reply(ESOCK_PROXY_JOIN_ERR, "4s", fd, "ebadstate");
-		    } else {
-			DEBUGF(("ERROR: No proxy: fd = %d, pport = %d\n",
-			       fd, pport));
-			if (proxysock_err_cnt > 0) {
-			    proxysock_err_cnt--;
-			    reply(ESOCK_PROXY_JOIN_ERR, "4s", fd, 
-				  esock_posix_str(proxysock_last_err));
-			} else {
-			    reply(ESOCK_PROXY_JOIN_ERR, "4s", fd, 
-				  "enoproxysocket");
-			}
-			cp->state = ESOCK_DEFUNCT;
-		    }
-		    break;
-
-		case ESOCK_DUMP_STATE_CMD:
-		    dump_connections();
-		  break;
- 
-                case ESOCK_SET_DEBUG_CMD:
-                  /* 
-                   * ebuf = {cmd(1), debug(1)}
-                   */
-                  input("1", &debug);
-                  break;
-		  
-		case ESOCK_SET_DEBUGMSG_CMD:
-                  /* 
-                   * ebuf = {cmd(1), debugmsg(1)}
-                   */
-                  input("1", &debugmsg);
-                  break;
-		  
-		default:
-		    fprintf(stderr, "esock: default value in loop %c\n", 
-			    *ebuf);
-		    exit(EXIT_FAILURE);
-		    break;
-		}
-	    }
-	}
-
-	/* Go through all connections that have their file descriptors
-           set. */
-
-	/* Note: We may remove the current connection (cp). Thus we
-	 * must be careful not to read cp->next after cp has been
-	 * removed.  */
-	for (cp = next_polled_conn(connections, &cpnext, &pollfd, set_wq_fds); 
-	     cp != NULL; 
-	     cp = next_polled_conn(cpnext, &cpnext, &pollfd, set_wq_fds)
-	     ) {
-
-	    switch(cp->state) {
-
-	    case ESOCK_PASSIVE_LISTENING:
-		DEBUGF(("-----------------------------------\n"));
-		fprintf(stderr, "esock: Got connect request while PASSIVE\n");
-		exit(EXIT_FAILURE);
-		break;
-		
-	    case ESOCK_ACTIVE_LISTENING:
-		/* new connect from network */
-		DEBUGF(("-----------------------------------\n"));
-		DEBUGF(("ACTIVE_LISTENING - trying to accept on %d\n", 
-		       cp->fd));
-		length = sizeof(iserv_addr);
-		msgsock = do_accept(cp->fd, (struct sockaddr*)&iserv_addr, 
-				    (int*)&length);
-		if(msgsock == INVALID_FD)  {
-		    DEBUGF(("accept error: %s\n", psx_errstr()));
-		    reply(ESOCK_TRANSPORT_ACCEPT_ERR, "4s", cp->fd, psx_errstr());
-		    break;
-		}
-		SET_NONBLOCKING(msgsock);
-		if (--cp->acceptors <= 0) {
-		    cp->acceptors = 0;
-		    cp->state = ESOCK_PASSIVE_LISTENING;
-		    DEBUGF(("-> PASSIVE_LISTENING\n"));
-		}
-		DEBUGF(("server accepted connection on fd %d\n", msgsock));
-		newcp = new_connection(ESOCK_TRANSPORT_ACCEPT, msgsock);
-		newcp->origin = ORIG_ACCEPT;
-		reply(ESOCK_TRANSPORT_ACCEPT_REP, "44", cp->fd, msgsock);
-		newcp->listen_fd = cp->fd; /* Needed for ESOCK_ACCEPT_ERR  */
-		length = strlen(cp->flags);
-		/* XXX new flags are not needed */
-		newcp->flags = esock_malloc(length + 1);
-		strcpy(newcp->flags, cp->flags); /* XXX Why? */
-		if (esock_ssl_accept_init(newcp, cp->opaque) < 0) {
-		    cp->errstr = ssl_errstr();
-		    break;
-		}
-		newcp->ssl_want = ESOCK_SSL_WANT_READ;
-		break;
-
-	    case ESOCK_SSL_ACCEPT:
-		/* SSL accept handshake. msgsock is *not* published yet. */
-		msgsock = cp->fd;
-		DEBUGF(("-----------------------------------\n"));
-		DEBUGF(("SSL_ACCEPT fd = %d\n", msgsock));
-		if (cp->errstr != NULL) { /* this means we got an error in ssl_accept_init */
-		    /* N.B.: The *listen fd* is reported. */
-		    reply(ESOCK_SSL_ACCEPT_ERR, "4s", msgsock, cp->errstr);
-		    close_and_remove_connection(cp);
-		    break;
-		}
-		if (esock_ssl_accept(cp) < 0) {
-		    if (sock_errno() != ERRNO_BLOCK) {
-			/* Handshake failed. */
-			reply(ESOCK_SSL_ACCEPT_ERR, "4s", msgsock,
-			      ssl_errstr());
-			DEBUGF(("ERROR: handshake: %s\n", ssl_errstr()));
-			close_and_remove_connection(cp);
-		    }
-		} else {
-		    /* SSL handshake successful: publish */
-		    reply(ESOCK_SSL_ACCEPT_REP, "4", msgsock);
-		    DEBUGF(("-> CONNECTED\n"));
-		    DEBUGF((" Session was %sreused.\n", 
-			    (esock_ssl_session_reused(cp)) ? "" : "NOT "));
-		    cp->state = ESOCK_CONNECTED;
-		}
-		break;
-
-	    case ESOCK_CONNECTED:
-		/* Should not happen. We do not read or write until
-		   the connection is in state JOINED. */
-		DEBUGF(("-----------------------------------\n"));
-		DEBUGF(("CONNECTED: Error: should not happen. fd = %d\n", 
-			cp->fd));
-		break;
-
-	    case ESOCK_JOINED:
-		/* 
-		 * Reading from Proxy, writing to SSL 
-		 */
-		if (esock_poll_fd_isset_write(&pollfd, cp->fd)) {
-		    /* If there is a write queue, write to ssl only */
-		    if (cp->wq.len > 0) { 
-			/* The write retry semantics of SSL_write in
-			 * the OpenSSL package is strange. Partial
-			 * writes never occur, only complete writes or
-			 * failures.  A failure, however, still
-			 * consumes all data written, although not all
-			 * encrypted data could be written to the
-			 * underlying socket. To retry a write we have
-			 * to provide the same buf and length as in
-			 * the original call, in our case rwbuf and
-			 * the original buffer length. Hence the
-			 * strange memcpy(). Note that wq.offset will
-			 * always be zero when we use OpenSSL.  
-			 */
-			DEBUGF(("-----------------------------------\n"));
-			DEBUGF(("JOINED: writing to ssl "
-				"fd = %d, from write queue only, wc = %d\n", 
-				cp->fd, cp->wq.len - cp->wq.offset));
-			memcpy(rwbuf, cp->wq.buf, cp->wq.len - cp->wq.offset);
-
-			/* esock_ssl_write sets cp->eof, cp->bp when return
-			 * value is zero */
-			wc = esock_ssl_write(cp, rwbuf, 
-					     cp->wq.len - cp->wq.offset);
-			if (wc < 0) {
-			    if (sock_errno() != ERRNO_BLOCK) {
-				/* Assume broken SSL pipe */
-				DEBUGF(("broken SSL pipe\n"));
-				cp->bp = 1;
-				shutdown(cp->proxy->fd, SHUTDOWN_READ);
-				cp->proxy->eof = 1;
-				if (JOINED_STATE_INVALID(cp)) {
-				    leave_joined_state(cp);
-				    break;
-				}
-			    }
-			} else if (wc == 0) {
-			    /* SSL broken pipe */
-			    DEBUGF(("broken SSL pipe\n"));
-			    cp->bp = 1;
-			    shutdown(cp->proxy->fd, SHUTDOWN_READ);
-			    cp->proxy->eof = 1;
-			    if (JOINED_STATE_INVALID(cp)) {
-				leave_joined_state(cp);
-				break;
-			    }
-			} else {
-			    cp->wq.offset += wc;
-			    if (cp->wq.offset == cp->wq.len)
-				cp->wq.len = 0;
-			}
-		    }
-		} else if (esock_poll_fd_isset_read(&pollfd, cp->proxy->fd)) {
-		    /* Read from proxy and write to SSL */
-		    DEBUGF(("-----------------------------------\n"));
-		    DEBUGF(("JOINED: reading from proxy, "
-			   "proxyfd = %d\n", cp->proxy->fd));
-		    cc = sock_read(cp->proxy->fd, rwbuf, RWBUFLEN); 
-		    DEBUGF(("read from proxyfd = %d, cc = %d\n", 
-			   cp->proxy->fd, cc));
-		    if (cc > 0) {
-			/* esock_ssl_write sets cp->eof, cp->bp when return
-			 * value is zero */
-			wc = esock_ssl_write(cp, rwbuf, cc);
-			if (wc < 0) {
-			    if (sock_errno() != ERRNO_BLOCK) {
-				/* Assume broken pipe */
-				DEBUGF(("broken SSL pipe\n"));
-				cp->bp = 1;
-				shutdown(cp->proxy->fd, SHUTDOWN_READ);
-				cp->proxy->eof = 1;
-				if (JOINED_STATE_INVALID(cp)) {
-				    leave_joined_state(cp);
-				    break;
-				}
-			    } else {
-				/* add to write queue */
-				DEBUGF(("adding all to write queue "
-					"%d bytes\n", cc));
-				ensure_write_queue(&cp->wq, cc);
-				memcpy(cp->wq.buf, rwbuf, cc);
-				cp->wq.len = cc;
-				cp->wq.offset = 0;
-			    }
-			} else if (wc == 0) {
-				/* Broken SSL pipe */
-				DEBUGF(("broken SSL pipe\n"));
-				cp->bp = 1;
-				shutdown(cp->proxy->fd, SHUTDOWN_READ);
-				cp->proxy->eof = 1;
-				if (JOINED_STATE_INVALID(cp)) {
-				    leave_joined_state(cp);
-				    break;
-				}
-			} else if (wc < cc) {
-			    /* add remainder to write queue */
-			    DEBUGF(("adding remainder to write queue "
-				    "%d bytes\n", cc - wc));
-			    ensure_write_queue(&cp->wq, cc - wc);
-			    memcpy(cp->wq.buf, rwbuf + wc, cc - wc);
-			    cp->wq.len = cc - wc;
-			    cp->wq.offset = 0;
-			} 
-		    } else {
-			/* EOF proxy or error */
-		       DEBUGF(("proxy eof or error %d\n", errno));
-			cp->proxy->eof = 1;
-			if (cp->wq.len == 0) {
-			    esock_ssl_shutdown(cp);
-			    cp->bp = 1;
-			}
-			if (JOINED_STATE_INVALID(cp)) {
-			    leave_joined_state(cp);
-			    break;
-			}
-		    }
-		}
-		/* 
-		 * Reading from SSL, writing to proxy 
-		 */
-		if (esock_poll_fd_isset_write(&pollfd, cp->proxy->fd)) {
-		    /* If there is a write queue, write to proxy only */
-		    if (cp->proxy->wq.len > 0) {
-			DEBUGF(("-----------------------------------\n"));
-			DEBUGF(("JOINED: writing to proxyfd = %d, "
-				"from write queue only, wc = %d\n", 
-				cp->proxy->fd, cp->proxy->wq.len - 
-				cp->proxy->wq.offset));
-			wc = sock_write(cp->proxy->fd, cp->proxy->wq.buf + 
-					cp->proxy->wq.offset,
-					cp->proxy->wq.len - 
-					cp->proxy->wq.offset);
-			if (wc < 0) {
-			    if (sock_errno() != ERRNO_BLOCK) {
-				/* Assume broken pipe */
-				DEBUGF(("broken proxy pipe\n"));
-				cp->proxy->bp = 1;
-				/* There is no SSL shutdown for read */
-				cp->eof = 1;
-				if (JOINED_STATE_INVALID(cp)) {
-				    leave_joined_state(cp);
-				    break;
-				}
-			    }
-			} else {
-			    cp->proxy->wq.offset += wc;
-			    if (cp->proxy->wq.offset == cp->proxy->wq.len)
-				cp->proxy->wq.len = 0;
-			}
-		    }
-		} else if (esock_poll_fd_isset_read(&pollfd, cp->fd)) {
-		    /* Read from SSL and write to proxy */
-		    DEBUGF(("-----------------------------------\n"));
-		    DEBUGF(("JOINED: read from ssl fd = %d\n",
-			   cp->fd));
-		    cc = esock_ssl_read(cp, rwbuf, RWBUFLEN);
-		    DEBUGF(("read from fd = %d, cc = %d\n", cp->fd, cc));
-		    if (cc > 0) {
-			wc = sock_write(cp->proxy->fd, rwbuf, cc);
-			if (wc < 0) {
-			    if (sock_errno() != ERRNO_BLOCK) {
-				DEBUGF(("broken proxy pipe\n"));
-				/* Assume broken pipe */
-				cp->proxy->bp = 1;
-				/* There is no SSL shutdown for read */
-				cp->eof = 1;
-				if (JOINED_STATE_INVALID(cp)) {
-				    leave_joined_state(cp);
-				    break;
-				}
-			    } else {
-				/* add all to write queue */
-				DEBUGF(("adding to write queue %d bytes\n", 
-					cc));
-				ensure_write_queue(&cp->proxy->wq, cc);
-				memcpy(cp->proxy->wq.buf, rwbuf, cc);
-				cp->proxy->wq.len = cc;
-				cp->proxy->wq.offset = 0;
-			    }
-			} else if (wc < cc) {
-			    /* add to write queue */
-			    DEBUGF(("adding to write queue %d bytes\n",
-				    cc - wc));
-			    ensure_write_queue(&cp->proxy->wq, cc - wc);
-			    memcpy(cp->proxy->wq.buf, rwbuf + wc, cc - wc);
-			    cp->proxy->wq.len = cc - wc;
-			    cp->proxy->wq.offset = 0;
-			} 
-		    } else if (cc == 0) {
-			/* SSL eof */
-			DEBUGF(("SSL eof\n"));
-			cp->eof = 1;
-			if (cp->proxy->wq.len == 0) {
-			    shutdown(cp->proxy->fd, SHUTDOWN_WRITE);
-			    cp->proxy->bp = 1;
-			}
-			if (JOINED_STATE_INVALID(cp)) {
-			    leave_joined_state(cp);
-			    break;
-			}
-		    } else {
-			/* This may very well happen when reading from SSL. */
-			DEBUGF(("NOTE: readmask set, cc < 0,  fd = %d, "
-				"is ok\n", cp->fd));
-		    }
-		}
-		break;
-
-	    case ESOCK_SSL_SHUTDOWN:
-		DEBUGF(("-----------------------------------\n"));
-		DEBUGF(("SSL_SHUTDOWN: fd = %d\n", cp->fd));
-		do_shutdown(cp);
-		break;
-
-	    case ESOCK_DEFUNCT:
-		DEBUGF(("-----------------------------------\n"));
-		DEBUGF(("DEFUNCT: ERROR: should not happen. fd = %d\n", 
-			cp->fd));
-		break;
-
-	    case ESOCK_WAIT_CONNECT:
-		/* New connection shows up */
-		connectsock = cp->fd;/* Is published */
-		DEBUGF(("-----------------------------------\n"));
-		DEBUGF(("WAIT_CONNECT fd = %d\n", connectsock));
-
-		/* If the connection did succeed it's possible to
-		 * fetch the peer name (UNIX); or failure shows in
-		 * exceptmask (WIN32). Sorry for the mess below, but
-		 * we have to have balanced paren's in #ifdefs in
-		 * order not to confuse Emacs' indentation.  */
-		length = sizeof(iserv_addr);
-		if (
-#ifdef __WIN32__
-		    esock_poll_fd_isset_exception(&pollfd, connectsock)
-#else
-		    getpeername(connectsock, (struct sockaddr *)&iserv_addr, 
-				&length) < 0
-#endif
-		    ) {
-		    sock_set_errno(ERRNO_CONNREFUSED);
-		    DEBUGF(("connect error: %s\n", psx_errstr()));
-		    reply(ESOCK_CONNECT_ERR, "4s", connectsock, psx_errstr());
-		    cp->state = ESOCK_DEFUNCT;
-		    break;
-		}
-		if (esock_ssl_connect_init(cp) < 0) {
-		    DEBUGF(("esock_ssl_connect_init() failed\n"));
-		    reply(ESOCK_CONNECT_ERR, "4s", connectsock, ssl_errstr());
-		    cp->state = ESOCK_DEFUNCT;
-		    break;
-		}
-		DEBUGF(("-> SSL_CONNECT\n"));
-		cp->state = ESOCK_SSL_CONNECT;
-		cp->ssl_want = ESOCK_SSL_WANT_WRITE;
-		break;
-
-	    case ESOCK_SSL_CONNECT:
-		/* SSL connect handshake. connectsock is published. */
-		connectsock = cp->fd;
-		DEBUGF(("-----------------------------------\n"));
-		DEBUGF(("SSL_CONNECT fd = %d\n", connectsock));
-		if (esock_ssl_connect(cp) < 0) {
-		    if (sock_errno() != ERRNO_BLOCK) {
-			/* Handshake failed */
-			DEBUGF(("ERROR: handshake: %s\n", ssl_errstr()));
-			reply(ESOCK_CONNECT_ERR, "4s", connectsock,
-			      ssl_errstr());
-			cp->state = ESOCK_DEFUNCT;
-		    }
-		} else {
-		    /* SSL connect handshake successful */
-		    DEBUGF(("-> CONNECTED\n"));
-		    reply(ESOCK_CONNECT_REP, "4", connectsock);
-		    cp->state = ESOCK_CONNECTED;
-		}
-		break;
-
-	    default:
-		DEBUGF(("ERROR: Connection in unknown state.\n"));
-	    }
-	}
-   }
-}
-
-static int set_poll_conns(Connection *cp, EsockPoll *ep, int verbose)
-{
-    int i = 0;
-    
-    if (verbose)
-	DEBUGF(("MASKS SET FOR FD: "));
-    while (cp) {
-	switch (cp->state) {
-	case ESOCK_ACTIVE_LISTENING:
-	    if (verbose)
-		DEBUGF(("%d (read) ", cp->fd));
-	    esock_poll_fd_set_read(ep, cp->fd);
-	    break;
-	case ESOCK_WAIT_CONNECT:
-	    if (verbose)
-		DEBUGF(("%d (write) ", cp->fd));
-	    esock_poll_fd_set_write(ep, cp->fd);
-#ifdef __WIN32__
-	    esock_poll_fd_set_exception(ep, cp->fd); /* Failure shows in exceptions */
-#endif
-	    break;
-	case ESOCK_SSL_CONNECT:
-	case ESOCK_SSL_ACCEPT:
-	    if (cp->ssl_want == ESOCK_SSL_WANT_READ) {
-		if (verbose)
-		    DEBUGF(("%d (read) ", cp->fd));
-		esock_poll_fd_set_read(ep, cp->fd);
-	    } else if (cp->ssl_want == ESOCK_SSL_WANT_WRITE) {
-		if (verbose)
-		    DEBUGF(("%d (write) ", cp->fd));
-		esock_poll_fd_set_write(ep, cp->fd);
-	    }
-	    break;
-	case ESOCK_JOINED:
-	    if (!cp->bp) {
-		if (cp->wq.len) {
-		    if (verbose)
-			DEBUGF(("%d (write) ", cp->fd));
-		    esock_poll_fd_set_write(ep, cp->fd);
-		} else if (!cp->proxy->eof) {
-		    if (verbose)
-			DEBUGF(("%d (read) ", cp->proxy->fd));
-		    esock_poll_fd_set_read(ep, cp->proxy->fd);
-		}
-	    }
-	    if (!cp->proxy->bp) {
-		if (cp->proxy->wq.len) {
-		    if (verbose)
-			DEBUGF(("%d (write) ", cp->proxy->fd));
-		    esock_poll_fd_set_write(ep, cp->proxy->fd);
-		} else if (!cp->eof) {
-		    if (verbose)
-			DEBUGF(("%d (read) ", cp->fd));
-		    esock_poll_fd_set_read(ep, cp->fd);
-		}
-	    }
-	    break;
-	case ESOCK_SSL_SHUTDOWN:
-	    if (cp->ssl_want == ESOCK_SSL_WANT_READ) {
-		if (verbose)
-		    DEBUGF(("%d (read) ", cp->fd));
-		esock_poll_fd_set_read(ep, cp->fd);
-	    } else if (cp->ssl_want == ESOCK_SSL_WANT_WRITE) {
-		if (verbose)
-		    DEBUGF(("%d (write) ", cp->fd));
-		esock_poll_fd_set_write(ep, cp->fd);
-	    }
-	    break;
-	default:
-	    break;
-	}
-	i++;
-	cp = cp->next;
-    }
-    if (verbose)
-	DEBUGF(("\n"));
-    return i;
-}
-
-
-static Connection *next_polled_conn(Connection *cp, Connection **cpnext,
-				    EsockPoll *ep, int set_wq_fds)
-{
-    while(cp) {
-	if (esock_poll_fd_isset_read(ep, cp->fd) ||
-	    (cp->proxy && esock_poll_fd_isset_read(ep, cp->proxy->fd)) ||
-	    (esock_poll_fd_isset_write(ep, cp->fd)) ||
-	    (cp->proxy && esock_poll_fd_isset_write(ep, cp->proxy->fd))
-#ifdef __WIN32__
-	    || esock_poll_fd_isset_exception(ep, cp->fd) /* Connect failure in WIN32 */
-#endif
-	    || (set_wq_fds && (cp->wq.len || 
-			       (cp->proxy && cp->proxy->wq.len)))
-	    || cp->errstr != NULL) {
-	    *cpnext = cp->next;
-	    return cp;
-	}
-	cp = cp->next;
-    }
-    *cpnext = NULL;
-    return NULL;
-}
-
-static void leave_joined_state(Connection *cp)
-{
-    shutdown(cp->proxy->fd, SHUTDOWN_ALL);
-    if (((cp->bp || cp->eof) && cp->clean) ||
-	(!cp->bp && !cp->eof)) {
-	DEBUGF(("-> SSL_SHUTDOWN\n"));
-	cp->state = ESOCK_SSL_SHUTDOWN;
-	cp->ssl_want = ESOCK_SSL_WANT_WRITE;
-	do_shutdown(cp);
-    } else if (cp->close) {
-	DEBUGF(("-> (removal)\n"));
-	close_and_remove_connection(cp);
-    } else {
-	DEBUGF(("-> DEFUNCT\n"));
-	cp->state = ESOCK_DEFUNCT;
-    }
-}
-
-/* We are always in state SHUTDOWN here */
-static void do_shutdown(Connection *cp)
-{
-    int ret;
-
-    ret = esock_ssl_shutdown(cp); 
-    if (ret < 0) {
-	if (sock_errno() == ERRNO_BLOCK) {
-	    return;
-	} else {
-	    /* Something is wrong -- close and remove or move to DEFUNCT */
-	    DEBUGF(("Error in SSL shutdown\n"));
-	    if (cp->close) {
-		DEBUGF(("-> (removal)\n"));
-		close_and_remove_connection(cp);
-	    } else {
-		DEBUGF(("-> DEFUNCT\n"));
-		cp->state = ESOCK_DEFUNCT;
-	    }
-	}
-    } else if (ret == 0) {
-	/* `close_notify' has been sent. Wait for reception of
-           same. */
-	return; 
-    } else if (ret == 1) {
-	/* `close_notify' has been sent, and received. */
-	if (cp->close) {
-	    DEBUGF(("-> (removal)\n"));
-	    close_and_remove_connection(cp);
-	} else {
-	    DEBUGF(("-> DEFUNCT\n"));
-	    cp->state = ESOCK_DEFUNCT;
-	}
-    }
-}
-
-static void close_and_remove_connection(Connection *cp)
-{
-    safe_close(cp->fd);
-    remove_connection(cp);
-}
-
-static int reply(int cmd, char *fmt, ...)
-{
-    static unsigned char replybuf[MAXREPLYBUF];
-    unsigned char *buf = replybuf;
-    va_list args;
-    int len;
-
-    va_start(args, fmt);
-    len = put_pars(NULL, fmt, args);
-    va_end(args);
-    len++;
-    if (len > sizeof(replybuf))
-	buf = esock_malloc(len);
-
-    PUT_INT8(cmd, buf);
-    va_start(args, fmt);
-    (void) put_pars(buf + 1, fmt, args);
-    va_end(args);
-    write_ctrl(buf, len);
-    if (buf != replybuf)
-	esock_free(buf);
-    return len;
-}
-
-static int input(char *fmt, ...)
-{
-    va_list args;
-    int len;
-
-    va_start(args, fmt);
-    len = get_pars(ebuf + 1, fmt, args);
-    va_end(args);
-    return len + 1;
-}
-
-static int put_pars(unsigned char *buf, char *fmt, va_list args)
-{
-    char *s, *str, *bin;
-    int val, len, pos = 0;
-
-    s = fmt;
-    while (*s) {
-	switch (*s) {
-	case '1':
-	    val = va_arg(args, int);
-	    if (buf)
-		PUT_INT8(val, buf + pos);
-	    pos++;
-	    break;
-	case '2':
-	    val = va_arg(args, int);
-	    if (buf)
-		PUT_INT16(val, buf + pos);
-	    pos += 2;
-	    break;
-	case '4':
-	    val = va_arg(args, int);
-	    if (buf)
-		PUT_INT32(val, buf + pos);
-	    pos += 4;
-	    break;
-	case 's':		/* string */
-	    str = va_arg(args, char *);
-	    if (buf)
-		strcpy((char *)(buf + pos), str);
-	    pos += strlen(str) + 1;
-	    break;
-	case 'b':		/* binary */
-	    len = va_arg(args, int);
-	    if (buf)
-		PUT_INT32(len, buf + pos);
-	    pos += 4;
-	    bin = va_arg(args, char *);
-	    if (buf)
-		memcpy(buf + pos, bin, len);
-	    pos += len;
-	    break;
-	default:
-	    fprintf(stderr, "esock: Invalid format character: %c\n", *s);
-	    exit(EXIT_FAILURE);
-	    break;
-	}
-	s++;
-    }
-    return pos;
-}
-
-
-static int get_pars(unsigned char *buf, char *fmt, va_list args)
-{
-    int *ip;
-    char *s, **strp, **bin;
-    int pos = 0;
-
-    s = fmt;
-    while (*s) {
-	switch (*s) {
-	case '1':
-	    ip = va_arg(args, int *);
-	    *ip = GET_INT8(buf + pos);
-	    pos++;
-	    break;
-	case '2':
-	    ip = va_arg(args, int *);
-	    *ip = GET_INT16(buf + pos);
-	    pos += 2;
-	    break;
-	case '4':
-	    ip = va_arg(args, int *);
-	    *ip = GET_INT32(buf + pos);
-	    pos += 4;
-	    break;
-	case 's':
-	    strp = va_arg(args, char **);
-	    *strp = (char *)(buf + pos);
-	    pos += strlen(*strp) + 1;
-	    break;
-	case 'b':
-	    ip = va_arg(args, int *);
-	    *ip = GET_INT32(buf + pos);
-	    pos += 4;
-	    bin = va_arg(args, char **);
-	    *bin = (char *)(buf + pos);
-	    pos += *ip;
-	    break;
-	default:
-	    fprintf(stderr, "esock: Invalid format character: %c\n", *s);
-	    exit(EXIT_FAILURE);
-	    break;
-	}
-	s++;
-    }
-    return pos;
-}
-
-static FD do_connect(char *lipstring, int lport, char *fipstring, int fport)
-{
-    struct sockaddr_in sock_addr;
-    long inaddr;
-    FD fd;
-   
-    if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_FD) {
-	DEBUGF(("Error calling socket()\n"));
-	return fd;
-    }
-    if (check_num_sock_fds(fd) < 0) 
-	return INVALID_FD;
-    DEBUGF(("  fd = %d\n", fd));
-
-    /* local */
-    if ((inaddr = inet_addr(lipstring)) == INADDR_NONE) {
-	DEBUGF(("Error in inet_addr(): lipstring = %s\n", lipstring));
-	safe_close(fd);
-	sock_set_errno(ERRNO_ADDRNOTAVAIL);
-	return INVALID_FD;
-    }
-    memset(&sock_addr, 0, sizeof(sock_addr));
-    sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = inaddr;
-    sock_addr.sin_port = htons(lport);
-    if(bind(fd, (struct sockaddr*) &sock_addr, sizeof(sock_addr)) < 0) {
-	DEBUGF(("Error in bind()\n"));
-	safe_close(fd);
-	/* XXX Set error code for bind error */
-	return INVALID_FD;
-    }
-
-    /* foreign */
-    if ((inaddr = inet_addr(fipstring)) == INADDR_NONE) {
-	DEBUGF(("Error in inet_addr(): fipstring = %s\n", fipstring));
-	safe_close(fd);
-	sock_set_errno(ERRNO_ADDRNOTAVAIL);
-	return INVALID_FD;
-    }
-    memset(&sock_addr, 0, sizeof(sock_addr));
-    sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = inaddr;
-    sock_addr.sin_port = htons(fport);
-
-    SET_NONBLOCKING(fd);
-
-    if(connect(fd, (struct sockaddr*)&sock_addr, sizeof(sock_addr)) < 0) {
-	if (sock_errno() != ERRNO_PROGRESS && /* UNIX */
-	    sock_errno() != ERRNO_BLOCK) { /* WIN32 */
-	    DEBUGF(("Error in connect()\n"));
-	    safe_close(fd);
-	    return INVALID_FD;
-	}
-    }
-    return fd;
-}
-
-static FD do_listen(char *ipstring, int lport, int backlog, int *aport)
-{
-    static int one = 1;		/* Type must be int, not long */
-    struct sockaddr_in sock_addr;
-    long inaddr;
-    int length;
-    FD fd;
-    
-    if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_FD) {
-	DEBUGF(("Error calling socket()\n"));
-	return fd;
-    }
-    if (check_num_sock_fds(fd) < 0) 
-	return INVALID_FD;
-    DEBUGF(("  fd = %d\n", fd));
-    if ((inaddr = inet_addr(ipstring)) == INADDR_NONE) {
-	DEBUGF(("Error in inet_addr(): ipstring = %s\n", ipstring));
-	safe_close(fd);
-	sock_set_errno(ERRNO_ADDRNOTAVAIL);
-	return INVALID_FD;
-    }
-    memset(&sock_addr, 0, sizeof(sock_addr));
-    sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = inaddr;
-    sock_addr.sin_port = htons(lport);
-
-    setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
-
-    if(bind(fd, (struct sockaddr*) &sock_addr, sizeof(sock_addr)) < 0) {
-	DEBUGF(("Error in bind()\n"));
-	safe_close(fd);
-	return INVALID_FD;
-    }
-    if (listen(fd, backlog) < 0) {
-	DEBUGF(("Error in listen()\n"));
-	safe_close(fd);
-	return INVALID_FD;
-    }
-    /* find out assigned local port number */
-    length = sizeof(sock_addr);
-    if (getsockname(fd, (struct sockaddr *)&sock_addr, &length) < 0) {
-	DEBUGF(("Error in getsockname()\n"));
-	safe_close(fd);
-	return INVALID_FD;
-    }
-    if (aport)
-	*aport = ntohs(sock_addr.sin_port);
-    return fd;
-}
-
-static FD do_accept(FD listensock, struct sockaddr *saddr, int *len)
-{
-    FD fd;
-
-    if ((fd = accept(listensock, saddr, len)) == INVALID_FD) {
-	DEBUGF(("Error calling accept()\n"));
-	return fd;
-    }
-    if (check_num_sock_fds(fd) < 0) 
-	return INVALID_FD;
-    return fd;
-}
-
-static Connection *new_connection(int state, FD fd)
-{
-    Connection *cp;
-    
-    if (!(cp = esock_malloc(sizeof(Connection))))
-	return NULL;
-    cp->state = state;
-    cp->acceptors = 0;
-    cp->fd = fd;
-    cp->listen_fd = INVALID_FD;
-    cp->proxy = NULL;
-    cp->opaque = NULL;
-    cp->ssl_want = 0;
-    cp->eof = 0;
-    cp->bp = 0;
-    cp->clean = 0;		/* XXX Used? */
-    cp->close = 0;
-    cp->origin = -1;
-    cp->flags = NULL;
-    cp->logfp = NULL;
-    cp->wq.size = 0;
-    cp->wq.buf = NULL;
-    cp->wq.len = 0;
-    cp->wq.offset = 0;
-    cp->next = connections;
-    cp->errstr = NULL;
-    connections = cp;
-    return cp;
-}
-
-
-static void print_connections(void)
-{
-    if (debug) {
-	Connection *cp = connections;
-	DEBUGF(("CONNECTIONS:\n"));
-	while (cp) {
-	    if (cp->state == ESOCK_JOINED) {
-		DEBUGF((" - %s [%8p] (origin = %s)\n"
-			"       (fd = %d, eof = %d, wq = %d, bp = %d)\n"
-			"       (proxyfd = %d, eof = %d, wq = %d, bp = %d)\n", 
-		       connstr[cp->state], cp, originstr[cp->origin],
-			cp->fd, cp->eof, cp->wq.len, cp->bp,
-			cp->proxy->fd, cp->proxy->eof, cp->proxy->wq.len, 
-			cp->proxy->bp));
-	    } else if (cp->state == ESOCK_ACTIVE_LISTENING) {
-		DEBUGF((" - %s [%8p] (fd = %d, acceptors = %d)\n", 
-		       connstr[cp->state], cp, cp->fd, cp->acceptors));
-	    } else {
- 		DEBUGF((" - %s [%8p] (fd = %d)\n", connstr[cp->state], cp, 
-		       cp->fd));
-	    }
-	    cp= cp->next;
-	}
-    }
-}
-
-static void dump_connections(void)
-{
-    Connection *cp = connections;
-    Proxy      *pp = proxies;
-    time_t t = time(NULL);
-    int length = 0;
-    struct sockaddr_in iserv_addr;
-
-    __debugprintf("CONNECTIONS %s", ctime(&t));
-    while (cp) {
-	if (cp->state == ESOCK_JOINED) {
-	    __debugprintf(" - %s [%8p] (origin = %s)\n"
-			  "       (fd = %d, eof = %d, wq = %d, bp = %d), close = %d\n"
-			  "       (proxyfd = %d, eof = %d, wq = %d, bp = %d)\n", 
-			  connstr[cp->state], cp, originstr[cp->origin],
-			  cp->fd, cp->eof, cp->wq.len, cp->bp, cp->close,
-			  cp->proxy->fd, cp->proxy->eof, cp->proxy->wq.len, 
-			  cp->proxy->bp);
-	} else if (cp->state == ESOCK_ACTIVE_LISTENING) {
-	    __debugprintf(" - %s [%8p] (fd = %d, acceptors = %d)\n", 
-			  connstr[cp->state], cp, cp->fd, cp->acceptors);
-	} else {
-	    __debugprintf(" - %s [%8p] (fd = %d)\n", connstr[cp->state], cp, 
-			  cp->fd);
-	}
-	length = sizeof(iserv_addr);
-	if ((cp->state == ESOCK_ACTIVE_LISTENING) ||
-	    (cp->state == ESOCK_PASSIVE_LISTENING)) {
-	    getsockname(cp->fd, (struct sockaddr *) &iserv_addr, &length);
-	    __debugprintf("       (ip = %s, port = %d)\n",
-			  inet_ntoa(iserv_addr.sin_addr),
-			  ntohs(iserv_addr.sin_port));
-	}
-	else {
-	    getsockname(cp->fd, (struct sockaddr *) &iserv_addr, &length);
-	    __debugprintf("       (local_ip = %s, local_port = %d)\n",
-			  inet_ntoa(iserv_addr.sin_addr),
-			  ntohs(iserv_addr.sin_port));
-	    length = sizeof(iserv_addr);
-	    getpeername(cp->fd, (struct sockaddr *) &iserv_addr, &length);
-	    __debugprintf("       (remote_ip = %s, remote_port = %d)\n",
-			  inet_ntoa(iserv_addr.sin_addr),
-			  ntohs(iserv_addr.sin_port));
-	}
-	cp=cp->next;
-    }
-  
-    __debugprintf("PROXIES\n");
-    while (pp) {
-	__debugprintf(" - fd = %d [%8p] (external_fd = %d, peer_port = %d,"
-		      " eof = %d)\n", pp->fd, pp, pp->conn->fd, pp->peer_port,
-		      pp->eof);
-    
-	pp= pp->next;
-    }
-}
-
-static Connection *get_connection(FD fd)
-{
-    Connection *cp = connections;
-    
-    while(cp) {
-	if(cp->fd == fd)
-	    return cp;
-	cp = cp->next;
-    }
-    return NULL;
-}
-
-/* 
- * Remove a connection from the list of connection, close the proxy
- * socket and free all resources. The main socket (fd) is *not* 
- * closed here, because the closing of that socket has to be synchronized
- * with the Erlang process controlling this port program.
- */
-static void remove_connection(Connection *conn)
-{
-    Connection **prev = &connections;
-    Connection *cp = connections; 
-    
-    while (cp) {
-	if(cp == conn) {
-	    DEBUGF(("remove_connection: fd = %d\n", cp->fd));
-	    esock_ssl_free(cp);	/* frees cp->opaque only */
-	    esock_free(cp->flags);
-	    closelog(cp->logfp); /* XXX num_sock_fds */
-	    esock_free(cp->wq.buf);
-	    if (cp->proxy) {
-		safe_close(cp->proxy->fd);
-		remove_proxy(cp->proxy);
-	    }
-	    *prev = cp->next;
-	    esock_free(cp);
-	    return;
-	}
-	prev = &cp->next;
-	cp = cp->next;
-    }
-}
-
-static Proxy *get_proxy_by_peerport(int port)
-{
-    Proxy *p = proxies;
-
-    while(p) {
-	if (p->peer_port == port)
-	    return p;
-	p = p->next;
-    }
-    return NULL;
-}
-
-static Proxy *new_proxy(FD fd)
-{
-    Proxy *p;
-
-    if (!(p = esock_malloc(sizeof(Proxy))))
-	return NULL;
-
-    p->fd = fd;
-    p->peer_port = -1;
-    p->eof = 0;
-    p->bp = 0;
-    p->conn = NULL;
-    p->wq.size = 0;
-    p->wq.buf = NULL;
-    p->wq.len = 0;
-    p->wq.offset = 0;
-    p->next = proxies;
-    proxies = p;
-    return p;
-}
-
-static void remove_proxy(Proxy *proxy)
-{
-    Proxy *p = proxies, **pp = &proxies;
-
-    while(p) {
-	if (p == proxy) {
-	    DEBUGF(("remove_proxyfd = %d\n", p->fd));
-	    esock_free(p->wq.buf);
-	    *pp = p->next;
-	    esock_free(p);
-	    return;
-	}
-	pp = &p->next;
-	p = p->next;
-    }
-}
-
-static int check_num_sock_fds(FD fd) 
-{
-    num_sock_fds++;		/* fd is valid */
-#ifdef USE_SELECT
-    if (num_sock_fds > FD_SETSIZE) {
-	num_sock_fds--;
-	sock_set_errno(ERRNO_MFILE);
-	safe_close(fd);
-	return -1;
-    }
-#endif
-    return 0;
-}
-
-static void safe_close(FD fd)
-{
-    int err;
-
-    err = sock_errno();
-    DEBUGF(("safe_close fd = %d\n", fd));
-    if (sock_close(fd) < 0) {
-	DEBUGF(("safe_close failed\n"));
-    } else {
-	num_sock_fds--;
-    }
-    sock_set_errno(err);
-}
-
-static void clean_up(void)
-{
-    Connection *cp, *cpnext;
-    Proxy *pp, *ppnext;
-
-    cp = connections;
-    while (cp) {
-	safe_close(cp->fd);
-	cpnext = cp->next;
-	remove_connection(cp);
-	cp = cpnext;
-    }
-    
-    pp = proxies;
-    while (pp) {
-	safe_close(pp->fd);
-	ppnext = pp->next;
-	remove_proxy(pp);
-	pp = ppnext;
-    }
-}
-
-static void ensure_write_queue(WriteQueue *wq, int size)
-{
-    if (wq->size < size) {
-	wq->buf = esock_realloc(wq->buf, size);
-	wq->size = size;
-    }
-}
-
-
-
-
-
-
-
diff --git a/lib/ssl/c_src/esock.h b/lib/ssl/c_src/esock.h
deleted file mode 100644
index 16c9faa530..0000000000
--- a/lib/ssl/c_src/esock.h
+++ /dev/null
@@ -1,273 +0,0 @@
-/*<copyright>
- * <year>1999-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-/*
- * Purpose:  Implementation of Secure Socket Layer (SSL).
- *
- */
-
-#ifndef ESOCK_H
-#define ESOCK_H
-
-#ifdef __WIN32__
-#include "esock_winsock.h"
-#endif
-#include <stdio.h>
-
-#ifdef __WIN32__
-#define INVALID_FD			INVALID_SOCKET
-
-#define sock_read(fd, buf, len)		recv((fd), (buf), (len), 0)
-#define sock_write(fd, buf, len)	send((fd), (buf), (len), 0)
-#define sock_close(fd)			closesocket(fd)
-#define sock_errno()			WSAGetLastError()
-#define sock_set_errno(err)		WSASetLastError(err)
-
-#define ERRNO_NONE			0
-#define ERRNO_BLOCK			WSAEWOULDBLOCK
-#define ERRNO_CONNREFUSED		WSAECONNREFUSED
-#define ERRNO_PROGRESS			WSAEINPROGRESS
-#define ERRNO_PROTONOSUPPORT		WSAEPROTONOSUPPORT
-#define ERRNO_INVAL			WSAEINVAL
-#define ERRNO_ADDRNOTAVAIL		WSAEADDRNOTAVAIL
-#define ERRNO_NOTSOCK			WSAENOTSOCK
-#define ERRNO_OPNOTSUPP			WSAEOPNOTSUPP
-#define ERRNO_MFILE			WSAEMFILE
-#define SET_BLOCKING(fd)	    do { \
-    					unsigned long zeroval = 0; \
-    					ioctlsocket((fd), FIONBIO, &zeroval); \
-				       } while (0)
-#define SET_NONBLOCKING(fd)	    do { \
-    					unsigned long oneval = 1; \
-    					ioctlsocket((fd), FIONBIO, &oneval); \
-				       } while (0)
-#else
-#define INVALID_FD			(-1)
-
-#define sock_read(fd, buf, len)		read((fd), (buf), (len))
-#define sock_write(fd, buf, len)	write((fd), (buf), (len))
-#define sock_close(fd)			close(fd)
-#define sock_errno()			errno
-#define sock_set_errno(err)		do {errno = (err);} while(0)
-
-#define ERRNO_NONE			0
-#define ERRNO_BLOCK			EAGAIN
-#define ERRNO_CONNREFUSED		ECONNREFUSED
-#define ERRNO_PROGRESS			EINPROGRESS
-#define ERRNO_PROTONOSUPPORT		EPROTONOSUPPORT
-#define ERRNO_INVAL			EINVAL
-#define ERRNO_ADDRNOTAVAIL		EADDRNOTAVAIL
-#define ERRNO_NOTSOCK			ENOTSOCK
-#define ERRNO_OPNOTSUPP			EOPNOTSUPP
-#define ERRNO_MFILE			EMFILE
-#define SET_BLOCKING(fd)        	fcntl((fd), F_SETFL, \
-                                      	fcntl((fd), F_GETFL, 0) & ~O_NONBLOCK)
-#define SET_NONBLOCKING(fd)     	fcntl((fd), F_SETFL, \
-                                      	fcntl((fd), F_GETFL, 0) | O_NONBLOCK)
-#endif
-
-#define GET_INT8(s)    ((s)[0])
-#define GET_INT16(s)   (((s)[0] << 8) | (s)[1])
-#define GET_INT32(s)   (((s)[0] << 24) | ((s)[1] << 16) | \
-			((s)[2] << 8) | (s)[3])
-
-#define PUT_INT8(x, s)  do { (s)[0] = x; } while(0)
-#define PUT_INT16(x, s) do { (s)[0] = ((x) >> 8) & 0xff; \
-			     (s)[1] = ((x) & 0xff); } while(0)
-#define PUT_INT32(x, s) do { (s)[0] = ((x) >> 24) & 0xff; \
-			     (s)[1] = ((x) >> 16) & 0xff; \
-			     (s)[2] = ((x) >> 8) & 0xff; \
-			     (s)[3] = (x) & 0xff; } while(0)
-
-/* type for Connections */
-#define ESOCK_STATE_NONE	0
-#define ESOCK_ACTIVE_LISTENING 	1
-#define ESOCK_PASSIVE_LISTENING 2
-#define ESOCK_CONNECTED		3
-#define ESOCK_WAIT_CONNECT	4
-#define ESOCK_SSL_CONNECT	5
-#define ESOCK_SSL_ACCEPT	6
-#define ESOCK_TRANSPORT_ACCEPT  7
-#define ESOCK_JOINED		8
-#define ESOCK_SSL_SHUTDOWN	9
-#define ESOCK_DEFUNCT	       10
-
-#ifdef __WIN32__
-    typedef SOCKET FD;
-#else
-    typedef int FD;
-#endif
-
-/* For the shutdown(fd, how) call */
-#ifdef __WIN32__
-#define SHUTDOWN_READ  SD_RECEIVE
-#define SHUTDOWN_WRITE SD_SEND
-#define SHUTDOWN_ALL   SD_BOTH
-#else
-#define SHUTDOWN_READ  0
-#define SHUTDOWN_WRITE 1
-#define SHUTDOWN_ALL   2
-#endif
-
-#define ORIG_LISTEN  0
-#define ORIG_ACCEPT  1
-#define ORIG_CONNECT 2
- 
-typedef struct {
-    int size;			/* Total size of buf */
-    unsigned char *buf;
-    int len;			/* Current number of bytes in buf */
-    int offset;			/* Bytes already written  */
-} WriteQueue;
-
-typedef struct _proxy Proxy;
-
-typedef struct Connection {
-    FD fd;
-    FD listen_fd;		/* Needed for async listen error */
-    unsigned char state;
-    int acceptors;		/* Count acceptors for listen socket */
-    Proxy *proxy;
-    void *opaque;		/* Any suitable ssl structure */
-    int ssl_want;		/* read/write flags */
-    int eof;			/* end of file (read) */
-    int bp;			/* broken pipe (write) */
-    int clean;			/* Clean SSL shutdown initiated */
-    int close;			/* Close if set */
-    int origin;			/* listen, accept or connect */
-    int encrypted;		/* 1 = SSL encrypted, 0 = normal, unencrypted tcp */
-    char *flags;		/* ssl parameters */
-    FILE *logfp;		/* connection log file (not used) */
-    WriteQueue wq;
-    struct Connection* next;
-    const char* errstr; 	/* only used to report errors from ssl_accept_init in SSL_ACCEPT */
-} Connection;
-
-struct _proxy {
-    FD fd;
-    int peer_port;
-    int eof;			/* end of file (read) */
-    int bp;			/* broken pipe (write) */
-    Connection *conn;
-    WriteQueue wq;
-    Proxy *next;
-};
-
-/* Commands, replies, and error responses */
-
-#define ESOCK_CONNECT_CMD	1
-#define ESOCK_CONNECT_WAIT_REP	2
-#define ESOCK_CONNECT_REP	3
-#define ESOCK_CONNECT_ERR	4
-
-#define ESOCK_TERMINATE_CMD	5
-#define ESOCK_CLOSE_CMD	        6
-
-#define ESOCK_LISTEN_CMD	7
-#define ESOCK_LISTEN_REP	8
-#define ESOCK_LISTEN_ERR	9
-
-#define ESOCK_TRANSPORT_ACCEPT_CMD 10
-#define ESOCK_NOACCEPT_CMD      11
-#define ESOCK_TRANSPORT_ACCEPT_REP 12
-#define ESOCK_TRANSPORT_ACCEPT_ERR 13
-
-#define ESOCK_FROMNET_CLOSE_REP 14
-
-#define ESOCK_CONNECT_SYNC_ERR	15
-#define ESOCK_LISTEN_SYNC_ERR	16
-
-#define ESOCK_PROXY_PORT_REP    23
-#define ESOCK_PROXY_JOIN_CMD	24
-#define ESOCK_PROXY_JOIN_REP	25
-#define ESOCK_PROXY_JOIN_ERR	26
-
-#define ESOCK_SET_SOCKOPT_CMD   27
-#define ESOCK_IOCTL_OK          28
-#define ESOCK_IOCTL_ERR		29
-
-#define ESOCK_GETPEERNAME_CMD   30
-#define ESOCK_GETPEERNAME_REP   31
-#define ESOCK_GETPEERNAME_ERR   32
-
-#define ESOCK_GETSOCKNAME_CMD   33
-#define ESOCK_GETSOCKNAME_REP   34
-#define ESOCK_GETSOCKNAME_ERR   35
-
-#define ESOCK_GETPEERCERT_CMD   36
-#define ESOCK_GETPEERCERT_REP   37
-#define ESOCK_GETPEERCERT_ERR   38
-
-#define ESOCK_GETVERSION_CMD    39
-#define ESOCK_GETVERSION_REP    40
-
-#define ESOCK_SET_SEED_CMD      41
-
-#define ESOCK_GETCONNINFO_CMD   42
-#define ESOCK_GETCONNINFO_REP   43
-#define ESOCK_GETCONNINFO_ERR   44
-
-#define ESOCK_SSL_ACCEPT_CMD     45
-#define ESOCK_SSL_ACCEPT_REP     46
-#define ESOCK_SSL_ACCEPT_ERR     47
-
-#define ESOCK_DUMP_STATE_CMD      48
-#define ESOCK_SET_DEBUG_CMD       49
-#define ESOCK_SET_DEBUGMSG_CMD    50
-
-
-/* Option codes  for ESOCK_SET_SOCKOPT_CMD */
-#define ESOCK_SET_TCP_NODELAY	1
-
-/* SSL want to read or write */
-#define ESOCK_SSL_WANT_READ	1
-#define ESOCK_SSL_WANT_WRITE	2
-
-/* Protocol version according to ssl_server */
-#define ESOCK_SSLv2		1
-#define ESOCK_SSLv3		2
-#define ESOCK_TLSv1		4
-
-
-#endif
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/lib/ssl/c_src/esock_openssl.c b/lib/ssl/c_src/esock_openssl.c
deleted file mode 100644
index 0bc42958f0..0000000000
--- a/lib/ssl/c_src/esock_openssl.c
+++ /dev/null
@@ -1,1213 +0,0 @@
-/*<copyright>
- * <year>1999-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-/*
- * Purpose: Adaptions for the OpenSSL package.
- *
- * This file implements the functions defined in esock_ssl.h for
- * the OpenSSL package. 
- *
- * The following holds true for non-blockling I/O:
- *
- *   Function		Return values
- *   -------- 		-------------
- *   SSL_accept()       success: 1, failure: =<0
- *   SSL_connect()      success: 1, failure: =<0
- *   SSL_read()         success: >0, eof: 0, failure: <0 
- *   SSL_write()	success: > 0, failure: =<0 
- *   SSL_shutdown()	success: 1, not finished: 0
- *
- * If the return value of any of the above functions is `ret' and the
- * ssl connection is `ssl', the call
- *
- * 	ssl_error = SSL_get_error(ssl, ret);
- *
- * returns one of the following eight values:
- *
- *   SSL_ERROR_NONE			ret > 0
- *   SSL_ERROR_ZERO_RETURN		ret = 0
- *   SSL_ERROR_WANT_READ		ret < 0 and ssl wants to read
- *   SSL_ERROR_WANT_WRITE		ret < 0 and ssl wants to write
- *   SSL_ERROR_SYSCALL			ret < 0  or ret = 0
- *   SSL_ERROR_SSL			if there was an ssl internal error
- *   SSL_ERROR_WANT_X509_LOOKUP		ret < 0 and ssl wants x509 lookup 
- *   SSL_ERROR_WANT_CONNECT		ret < 0 and ssl wants connect
- *
- * It is the case that SSL_read() sometimes returns -1, even when the 
- * underlying file descriptor is ready for reading.
- * 
- * Also, sometimes we may have SSL_ERROR_SSL in SSL_accept() and SSL_connect()
- * when a retry should be done.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifndef __WIN32__
-# include <fcntl.h>
-# include <unistd.h>
-#endif
-
-#include "esock.h"
-#include "esock_ssl.h"
-#include "debuglog.h"
-#include "esock_utils.h"
-#include "esock_posix_str.h"
-
-#include <openssl/crypto.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-int ephemeral_rsa = 0;
-int ephemeral_dh = 0;		/* XXX Not used yet */
-int protocol_version = 0;
-
-char *esock_ssl_errstr = "";
-
-#define FLAGSBUFSIZE		512
-#define X509BUFSIZE		256
-#define DEFAULT_VERIFY_DEPTH	1
-
-#define SET_WANT(cp, ssl_error) \
-    switch((ssl_error)) { \
-    case SSL_ERROR_WANT_READ: \
-	(cp)->ssl_want = ESOCK_SSL_WANT_READ; \
-	break; \
-    case SSL_ERROR_WANT_WRITE: \
-	(cp)->ssl_want = ESOCK_SSL_WANT_WRITE; \
-	break; \
-    default: \
-    (cp)->ssl_want = 0; \
-	break; \
-    }
-
-#define RESET_ERRSTR() \
-    esock_ssl_errstr = "";
-
-#define MAYBE_SET_ERRSTR(s) \
-    if (!esock_ssl_errstr[0]) \
-	esock_ssl_errstr = (s);
-
-typedef struct {
-    int code;
-    char *text;
-} err_entry;
-
-typedef struct {
-    SSL_CTX *ctx;
-    char *passwd;
-    int verify_depth;
-} callback_data;
-
-static char *ssl_error_str(int error);
-static void end_ssl_call(int ret, Connection *cp, int ssl_error);
-static void check_shutdown(Connection *cp);
-static int set_ssl_parameters(Connection *cp, SSL_CTX *ctx);
-static int verify_callback(int ok, X509_STORE_CTX *ctx);
-static int passwd_callback(char *buf, int num, int rwflag, void *userdata);
-static void info_callback(const SSL *ssl, int where, int ret);
-static void callback_data_free(void *parent, void *ptr, 
-			       CRYPTO_EX_DATA *ad, 
-			       int idx, long arg1, void *argp);
-static RSA *tmp_rsa_callback(SSL *ssl, int is_export, int keylen);
-static void restrict_protocols(SSL_CTX *ctx);
-
-static err_entry errs[] = {    
-    {SSL_ERROR_NONE, "SSL_ERROR_NONE"},
-    {SSL_ERROR_ZERO_RETURN, "SSL_ERROR_ZERO_RETURN"}, 
-    {SSL_ERROR_WANT_READ, "SSL_ERROR_WANT_READ"}, 
-    {SSL_ERROR_WANT_WRITE, "SSL_ERROR_WANT_WRITE"}, 
-    {SSL_ERROR_SYSCALL, "SSL_ERROR_SYSCALL"},
-    {SSL_ERROR_SSL, "SSL_ERROR_SSL"},
-    {SSL_ERROR_WANT_X509_LOOKUP, "SSL_ERROR_WANT_X509_LOOKUP"},
-    {SSL_ERROR_WANT_CONNECT, "SSL_ERROR_WANT_CONNECT"}
-};
-
-static SSL_METHOD *method;	/* for listen and connect init */
-static char x509_buf[X509BUFSIZE]; /* for verify_callback */
-static int callback_data_index = -1; /* for ctx ex_data */
-static unsigned char randvec[1024]; /* XXX */
-
-#if defined(__WIN32__) || OPEN_MAX > 256
-# define FOPEN_WORKAROUND(var, expr) var = (expr)
-# define VOID_FOPEN_WORKAROUND(expr) expr
-#else
-/*
- * This is an ugly workaround. On Solaris, fopen() will return NULL if
- * it gets a file descriptor > 255. To avoid that, we'll make sure that
- * there is always one low-numbered file descriptor available when
- * fopen() is called.
- */
-static int reserved_fd;		/* Reserve a low-numbered file descriptor */
-# define USE_FOPEN_WORKAROUND 1
-
-# define FOPEN_WORKAROUND(var, expr)		\
-do {						\
-   close(reserved_fd);				\
-   var = (expr);				\
-   reserved_fd = open("/dev/null", O_RDONLY);	\
-} while (0)
-
-# define VOID_FOPEN_WORKAROUND(expr)		\
-do {						\
-   close(reserved_fd);				\
-   expr;					\
-   reserved_fd = open("/dev/null", O_RDONLY);	\
-} while (0)
-#endif
-
-esock_version *esock_ssl_version(void)
-{
-    static esock_version vsn;
-
-    vsn.compile_version = OPENSSL_VERSION_TEXT;
-    vsn.lib_version = SSLeay_version(SSLEAY_VERSION);
-    return &vsn;
-}
-
-char *esock_ssl_ciphers(void)
-{
-    SSL_CTX *ctx;
-    SSL *ssl;
-    char *ciphers;
-    const char *cp;
-    int i = 0, used = 0, len, incr = 1024;
-
-    if (!(ctx = SSL_CTX_new(method)))
-	return NULL;
-    restrict_protocols(ctx);
-    if (!(ssl = SSL_new(ctx))) {
-	SSL_CTX_free(ctx);
-	return NULL;
-    }
-
-    ciphers = esock_malloc(incr);
-    len = incr;
-    *ciphers = '\0';
-
-    while (1) {
-	if (!(cp = SSL_get_cipher_list(ssl, i)))
-	    break;
-	if (i > 0) {
-	    if (used == len) {
-		len += incr;
-		ciphers = esock_realloc(ciphers, len); 
-	    }
-	    strcat(ciphers, ":");
-	    used++;
-	}
-	if (strlen(cp) + used >= len) {
-	    len += incr;
-	    ciphers = esock_realloc(ciphers, len); 
-	}
-	strcat(ciphers, cp);
-	used += strlen(cp);
-	i++;
-    }
-    SSL_free(ssl);
-    SSL_CTX_free(ctx);
-    return ciphers;
-}
-
-void  esock_ssl_seed(void *buf, int len) 
-{
-    RAND_seed(buf, len);
-
-    /* XXX Maybe we should call RAND_status() and check if we have got
-     * enough randomness. 
-     */
-}
-
-int esock_ssl_init(void)
-{
-    method = SSLv23_method();	/* SSLv2, SSLv3 and TLSv1, may be restricted
-				 in listen and connect */
-    SSL_load_error_strings();
-    SSL_library_init();
-    esock_ssl_seed(randvec, sizeof(randvec));
-    callback_data_index = SSL_CTX_get_ex_new_index(0, "callback_data", 
-						 NULL, NULL, 
-						 callback_data_free);
-#ifdef USE_FOPEN_WORKAROUND
-    reserved_fd = open("/dev/null", O_RDONLY);
-    DEBUGF(("init: reserved_fd=%d\r\n", reserved_fd));
-#endif
-    return 0;
-}
-
-
-void esock_ssl_finish(void)
-{
-    /* Nothing */
-}
-
-
-void esock_ssl_free(Connection *cp)
-{
-    SSL *ssl = cp->opaque;
-    SSL_CTX *ctx;
-
-    if (ssl) {
-	ctx = SSL_get_SSL_CTX(ssl);
-	SSL_free(ssl);
-	if (cp->origin != ORIG_ACCEPT)
-	    SSL_CTX_free(ctx);
-	cp->opaque = NULL;
-    }
-}
-
-
-/*
- * Print SSL specific errors.
- */
-void esock_ssl_print_errors_fp(FILE *fp)
-{
-    ERR_print_errors_fp(fp);
-}
-
-
-int esock_ssl_accept_init(Connection *cp, void *listenssl)
-{
-    SSL_CTX *listenctx;
-    SSL *ssl;
-
-    RESET_ERRSTR();
-    MAYBE_SET_ERRSTR("esslacceptinit");
-
-    if(!listenssl) {
-	DEBUGF(("esock_ssl_accept_init: listenssl null\n"));
-	return -1;
-    }
-    if (!(listenctx = SSL_get_SSL_CTX(listenssl))) {
-	DEBUGF(("esock_ssl_accept_init: SSL_get_SSL_CTX\n"));
-	return -1;
-    }
-    if (!(ssl = cp->opaque = SSL_new(listenctx))) {
-	DEBUGF(("esock_ssl_accept_init: SSL_new(listenctx)\n"));
-	return -1;
-    }
-    SSL_set_fd(ssl, cp->fd);
-    return 0;
-
-}
-
-
-int esock_ssl_connect_init(Connection *cp)
-{
-    SSL_CTX *ctx;
-    SSL *ssl;
-
-    RESET_ERRSTR();
-    MAYBE_SET_ERRSTR("esslconnectinit");
-
-    if (!(ctx = SSL_CTX_new(method)))
-	return -1;
-    if (set_ssl_parameters(cp, ctx) < 0) {
-	SSL_CTX_free(ctx);
-	return -1;
-    }
-    restrict_protocols(ctx);
-    if (!(ssl = cp->opaque = SSL_new(ctx))) {
-	SSL_CTX_free(ctx);
-	return -1;
-    }
-    SSL_set_fd(ssl, cp->fd);
-    return 0;
-}
-
-
-int esock_ssl_listen_init(Connection *cp)
-{
-    SSL_CTX *ctx;
-    SSL *ssl;
-
-    RESET_ERRSTR();
-    MAYBE_SET_ERRSTR("essllisteninit");
-
-    if (!(ctx = SSL_CTX_new(method)))
-	return -1;
-    if (set_ssl_parameters(cp, ctx) < 0) {
-	SSL_CTX_free(ctx);
-	return -1;
-    }
-    restrict_protocols(ctx);
-
-    /* The allocation of ctx is for setting ssl parameters, so that
-     * accepts can inherit them. We allocate ssl to be able to
-     * refer to it via cp->opaque, but will not be used otherwise.
-     */
-    if (!(ssl = cp->opaque = SSL_new(ctx))) {
-	SSL_CTX_free(ctx);
-	return -1;
-    }
-    /* Set callback for temporary ephemeral RSA key generation.
-    * Note: for servers only. */
-    SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_callback);
-    return 0;
-}
-
-/* 
- * esock_ssl_accept(Connection *cp)
- *
- */
-int esock_ssl_accept(Connection *cp)
-{
-    int ret, ssl_error;
-    SSL *ssl = cp->opaque;
-
-    RESET_ERRSTR();
-
-    DEBUGF(("esock_ssl_accept: calling SSL_accept fd = %d\n"
-	    "  state before: %s\n", cp->fd, SSL_state_string(ssl)));
-    ret = SSL_accept(ssl);
-    DEBUGF(("  sock_errno %d errno %d \n", sock_errno(), errno));
-    ssl_error = SSL_get_error(ssl, ret);
-    DEBUGF(("  SSL_accept = %d\n"
-	    "  ssl_error: %s\n"
-	    "  state after: %s\n", 
-	    ret, ssl_error_str(ssl_error), SSL_state_string(ssl)));
-    DEBUGF(("    ret %d os error %s\n", ret, strerror(errno)));
-    if (ret > 0)
-	return ret;
-    else if (ret == 0) {
-	const char* f; int l; unsigned int e;
-	while ((e = ERR_get_error_line(&f, &l))) {
-	    DEBUGF(("    error %s:%d  %s\n", f, l, ssl_error_str(e)));
-	}
-	/* permanent accept error */
-	sock_set_errno(ERRNO_NONE);
-	MAYBE_SET_ERRSTR("esslaccept");
-	return -1;
-    }
-    end_ssl_call(ret, cp, ssl_error);
-    return ret;
-}
-
-/* 
- * esock_ssl_connect(Connection *cp)
- *
- */
-int esock_ssl_connect(Connection *cp)
-{
-    int ret, ssl_error;
-    SSL *ssl = cp->opaque;
-
-    RESET_ERRSTR();
-
-    DEBUGF(("esock_ssl_connect: calling SSL_connect fd = %d\n"
-	    "  state before: %s\n", cp->fd, SSL_state_string(ssl)));
-    ret = SSL_connect(ssl);
-    ssl_error = SSL_get_error(ssl, ret);
-    DEBUGF(("  SSL_connect() = %d\n"
-	    "  ssl_error: %s\n"
-	    "  state after: %s\n", 
-	    ret, ssl_error_str(ssl_error), SSL_state_string(ssl)));
-    if (ret > 0)
-	return ret;
-    else if (ret == 0) {
-	/* permanent connect error */
-	sock_set_errno(ERRNO_NONE);
-	MAYBE_SET_ERRSTR("esslconnect");
-	return -1;
-    }
-    end_ssl_call(ret, cp, ssl_error);
-    return ret;
-}
-
-
-int esock_ssl_session_reused(Connection *cp)
-{
-    SSL *ssl = cp->opaque;
-
-    return SSL_session_reused(ssl);
-}
-
-
-/* esock_ssl_read(Connection *cp, char *buf, int len)
- *
- * Read at most `len' chars into `buf'. Returns number of chars
- * read ( > 0), or 0 at EOF, or -1 on error. Sets cp->eof, cp->bp if
- * appropriate. 
- */
-
-int esock_ssl_read(Connection *cp, char *buf, int len)
-{
-    int ret, ssl_error;
-    SSL *ssl = cp->opaque;
-
-    RESET_ERRSTR();
-    DEBUGF(("esock_ssl_read: calling SSL_read fd = %d\n"
-	    "  state before: %s\n", cp->fd, SSL_state_string(ssl)));
-
-    ret = SSL_read(ssl, buf, len);
-    ssl_error = SSL_get_error(ssl, ret);
-
-    DEBUGF(("  SSL_read = %d\n"
-	    "  ssl_error: %s\n"
-	    "  state after: %s\n", 
-	    ret, ssl_error_str(ssl_error), SSL_state_string(ssl)));
-
-    if (ssl_error == SSL_ERROR_NONE) {
-	DEBUGMSGF(("message (hex) : [%3.*a]\n", ret, buf));
-	DEBUGMSGF(("message (char): [%3.*b]\n", ret, buf));
-    }
-    if (ret > 0)
-	return ret;
-    if (ret == 0) {
-	check_shutdown(cp);
-	return ret;
-    } 
-    end_ssl_call(ret, cp, ssl_error);
-    return ret;
-}
-
-/* 
- * esock_ssl_write(Connection *cp, char *buf, int len)
- *
- * Writes at most `len' chars from `buf'. Returns number of chars
- * written, or -1 on error.
- */
-int esock_ssl_write(Connection *cp, char *buf, int len)
-{
-    int ret, ssl_error;
-    SSL *ssl = cp->opaque;
-
-    RESET_ERRSTR();
-    DEBUGF(("esock_ssl_write: calling SSL_write fd = %d\n"
-	    "  state before: %s\n", cp->fd, SSL_state_string(ssl)));
-    ret = SSL_write(ssl, buf, len);
-    ssl_error = SSL_get_error(ssl, ret);
-    DEBUGF(("  SSL_write = %d\n"
-	    "  ssl_error: %s\n"
-	    "  state after: %s\n", 
-	    ret, ssl_error_str(ssl_error), SSL_state_string(ssl)));
-    if (ssl_error == SSL_ERROR_NONE) {
-	DEBUGMSGF(("message (hex) : [%3.*a]\n", ret, buf));
-	DEBUGMSGF(("message (char): [%3.*b]\n", ret, buf));
-    }
-    if (ret > 0)
-	return ret;
-    if (ret == 0) {
-	check_shutdown(cp);
-	return ret;
-    } 
-    end_ssl_call(ret, cp, ssl_error);
-    return ret;
-}
-
-
-int esock_ssl_shutdown(Connection *cp)
-{
-    int ret, ssl_error;
-    SSL *ssl = cp->opaque;
-
-    RESET_ERRSTR();
-    DEBUGF(("esock_ssl_shutdown: calling SSL_shutdown fd = %d\n"
-    "  state before: %s\n",  cp->fd, SSL_state_string(ssl)));
-    ret = SSL_shutdown(ssl);
-    ssl_error = SSL_get_error(ssl, ret);
-    DEBUGF(("  SSL_shutdown = %d\n"
-	    "  ssl_error: %s\n"
-	    "  state after: %s\n",
-	    ret, ssl_error_str(ssl_error), SSL_state_string(ssl)));
-    if (ret >= 0) {
-	check_shutdown(cp);
-	return ret;
-    }
-    end_ssl_call(ret, cp, ssl_error);
-    return ret;
-}
-
-
-/* Returns total number of bytes in DER encoded cert pointed to by
- * *buf, which is allocated by this function, unless return < 0.  
- * XXX X509_free ??
- */
-int esock_ssl_getpeercert(Connection *cp, unsigned char **buf)
-{
-    int len;
-    SSL *ssl = cp->opaque;
-    X509 *x509;
-    unsigned char *tmp;
-
-    RESET_ERRSTR();
-    if((x509 = SSL_get_peer_certificate(ssl)) == NULL) {
-	MAYBE_SET_ERRSTR("enopeercert"); /* XXX doc */
-	return -1;
-    }
-    
-    if ((len = i2d_X509(x509, NULL)) <= 0) {
-	MAYBE_SET_ERRSTR("epeercert");
-	return -1;
-    }
-
-    tmp = *buf = esock_malloc(len);
-
-    /* We must use a temporary value here, since i2d_X509(X509 *x,
-     * unsigned char **out) increments *out.  
-     */
-    if (i2d_X509(x509, &tmp) < 0) {
-	esock_free(tmp);
-	MAYBE_SET_ERRSTR("epeercert");
-	return -1;
-    }
-    return len;
-}
-
-/* Returns total number of bytes in chain of certs. Each cert begins
- * with a 4-bytes length. The last cert is ended with 4-bytes of
- * zeros. The result is returned in *buf, which is allocated unless
- * the return value is < 0.  
- * XXX X509_free ? sk_X509_free ? 
- * XXX X509_free is reference counting.
- */
-int esock_ssl_getpeercertchain(Connection *cp, unsigned char **buf)
-{
-    SSL *ssl = cp->opaque;
-    STACK_OF(X509) *x509_stack;
-    X509 *x509;
-    int num, i, totlen, pos, *der_len;
-    unsigned char *vbuf;
-
-    RESET_ERRSTR();
-    if((x509_stack = SSL_get_peer_cert_chain(ssl)) == NULL) {
-	MAYBE_SET_ERRSTR("enopeercertchain"); /* XXX doc */
-	return -1;
-    }
-    
-    num = sk_X509_num(x509_stack);
-    der_len = esock_malloc(num * sizeof(int));
-    totlen = 0;
-
-    for (i = 0; i < num; i++) {
-	x509 = sk_X509_value(x509_stack, i);
-	totlen += 4;
-	if ((der_len[i] = i2d_X509(x509, NULL)) < 0) {
-	    MAYBE_SET_ERRSTR("epeercertchain");
-	    esock_free(der_len);
-	    return -1;
-	}
-	totlen += der_len[i];
-    }
-    totlen += 4;
-
-    vbuf = *buf = esock_malloc(totlen);
-    pos = 0;
-
-    for (i = 0; i < num; i++) {
-	x509 = sk_X509_value(x509_stack, i);
-	PUT_INT32(der_len[i], vbuf);
-	vbuf += 4;
-	/* Note: i2d_X509 increments vbuf */
-	if (i2d_X509(x509, &vbuf) < 0) {
-	    MAYBE_SET_ERRSTR("epeercertchain");
-	    esock_free(*buf);
-	    esock_free(der_len);
-	    return -1;
-	}
-    }
-    esock_free(der_len);
-    return totlen;
-}
-
-
-int esock_ssl_getprotocol_version(Connection *cp, char **buf)
-{
-    SSL *ssl = cp->opaque;
-
-    RESET_ERRSTR();
-    if (!ssl) {
-	MAYBE_SET_ERRSTR("enoent");
-	return -1;
-    }
-    *buf = (char *) SSL_get_version(ssl);
-
-    return 0;
-}
-
-
-int esock_ssl_getcipher(Connection *cp, char **buf)
-{
-    SSL *ssl = cp->opaque;
-
-    RESET_ERRSTR();
-    if (!ssl) {
-	MAYBE_SET_ERRSTR("enoent");
-	return -1;
-    }
-    *buf = (char *) SSL_get_cipher(ssl);
-
-    return 0;
-}
-
-/* Local functions */
-
-static char *ssl_error_str(int ssl_error)
-{
-    int i;
-    static char buf[128];
-
-    for (i = 0; i < sizeof(errs)/sizeof(err_entry); i ++) {
-	if (ssl_error == errs[i].code)
-	    return errs[i].text;
-    }
-    sprintf(buf, "esock_openssl: SSL_error unknown: %d", ssl_error);
-    return buf;
-}
-
-void end_ssl_call(int ret, Connection *cp, int ssl_error)
-{
-    SET_WANT(cp, ssl_error);
-    switch (ssl_error) {
-    case SSL_ERROR_SYSCALL:
-	/* Typically sock_errno() is equal to ERRNO_BLOCK */
-	MAYBE_SET_ERRSTR(esock_posix_str(sock_errno()));
-	break;
-    case SSL_ERROR_SSL:
-	sock_set_errno(ERRNO_NONE);
-	MAYBE_SET_ERRSTR("esslerrssl");
-	break;
-    case SSL_ERROR_WANT_X509_LOOKUP:
-	SSLDEBUGF();
-	sock_set_errno(ERRNO_NONE);
-	MAYBE_SET_ERRSTR("ex509lookup");
-	break;
-    case SSL_ERROR_WANT_CONNECT:
-	SSLDEBUGF();
-	sock_set_errno(ERRNO_NONE);
-	MAYBE_SET_ERRSTR("ewantconnect");
-	break;
-    default:
-	break;
-    }
-}
-
-void check_shutdown(Connection *cp) 
-{
-    int sd_mode;
-    SSL *ssl = cp->opaque;
-
-    sd_mode = SSL_get_shutdown(ssl);
-    if (sd_mode & SSL_RECEIVED_SHUTDOWN)
-	cp->eof = 1;
-    if (sd_mode & SSL_SENT_SHUTDOWN) {
-	DEBUGF(("check_shutdown SSL_SENT_SHUTDOWN\n"));
-	cp->bp = 1;
-    }
-}
-
-/* 
- * set_ssl_parameters
- *
- * Set ssl parameters from connection structure. Only called for
- * listen and connect. 
- *
- * Note: The -cacertdir option is not documented.
- */
-static int set_ssl_parameters(Connection *cp, SSL_CTX *ctx)
-{
-    char *cacertfile = NULL, *cacertdir = NULL, *certfile = NULL;
-    char *keyfile = NULL, *ciphers = NULL, *password = NULL;
-    int verify = 0, verify_depth = DEFAULT_VERIFY_DEPTH, verify_mode;
-    int i, argc;
-    char **argv;
-    callback_data *cb_data;
-
-    RESET_ERRSTR();
-
-    argc = esock_build_argv(cp->flags, &argv);
-
-    DEBUGF(("Argv:\n"));
-    for (i = 0; i < argc; i++) {
-	DEBUGF(("%d:  %s\n", i, argv[i]));
-    }
-
-    for (i = 0; i < argc; i++) {
-	if (strcmp(argv[i], "-verify") == 0) {
-	    verify = atoi(argv[++i]);
-	} else if (strcmp(argv[i], "-depth") == 0) {
-	    verify_depth = atoi(argv[++i]);
-	} else if (strcmp(argv[i], "-log") == 0) {
-	    /* XXX  ignored: logging per connection not supported */
-	    i++;
-	} else if (strcmp(argv[i], "-certfile") == 0) {
-	    certfile = argv[++i];
-	} else if (strcmp(argv[i], "-keyfile") == 0) {
-	    keyfile = argv[++i];
-	} else if (strcmp(argv[i], "-password") == 0) {
-	    password = argv[++i];
-	} else if (strcmp(argv[i], "-cacertfile") == 0) {
-	    cacertfile = argv[++i];
-	} else if (strcmp(argv[i], "-cacertdir") == 0) {
-	    cacertdir = argv[++i];
-	} else if (strcmp(argv[i], "-d") == 0) {
-	    /* XXX  ignored: debug per connection not supported */
-	    i++;
-	} else if (strcmp(argv[i], "-ciphers") == 0) {
-	    ciphers = argv[++i];
-	} else {
-	    /* XXX Error: now ignored */
-	}
-    }
-    DEBUGF(("set_ssl_parameters: all arguments read\n"));
-
-    if (cp->origin == ORIG_LISTEN && !certfile) {
-	DEBUGF(("ERROR: Server must have certificate\n"));
-	MAYBE_SET_ERRSTR("enoservercert");
-	goto err_end;
-    }
-
-    /* Define callback data */
-    /* XXX Check for NULL */
-    cb_data = esock_malloc(sizeof(callback_data));
-    cb_data->ctx = ctx;
-    if (password) {
-	cb_data->passwd = esock_malloc(strlen(password) + 1);
-	strcpy(cb_data->passwd, password);
-    } else
-	cb_data->passwd = NULL;
-    cb_data->verify_depth = verify_depth;
-    SSL_CTX_set_ex_data(ctx, callback_data_index, cb_data);
-
-    /* password callback */
-    SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
-    SSL_CTX_set_default_passwd_cb_userdata(ctx, cb_data);
-
-    /* Set location for "trusted" certificates */
-    if (cacertfile || cacertdir) {
-	int res;
-	DEBUGF(("set_ssl_parameters: SSL_CTX_load_verify_locations\n"));
-	FOPEN_WORKAROUND(res, SSL_CTX_load_verify_locations(ctx, cacertfile,
-							    cacertdir));
-	if (!res) {
-	    DEBUGF(("ERROR: Cannot load verify locations\n"));
-	    MAYBE_SET_ERRSTR("ecacertfile");
-	    goto err_end;
-	}
-    } else {
-	int res;
-	DEBUGF(("set_ssl_parameters: SSL_CTX_set_default_verify_paths\n"));
-	FOPEN_WORKAROUND(res, SSL_CTX_set_default_verify_paths(ctx));
-	if (!res) {
-	    DEBUGF(("ERROR: Cannot set default verify paths\n"));
-	    MAYBE_SET_ERRSTR("ecacertfile");
-	    goto err_end;
-	}
-    }
-
-    /* For a server the following sets the list of CA distinguished
-     * names that it sends to its client when it requests the
-     * certificate from the client.  
-     * XXX The names of certs in cacertdir ignored.  
-     */
-    if (cp->origin == ORIG_LISTEN && cacertfile) {
-	DEBUGF(("set_ssl_parameters: SSL_CTX_set_client_CA_list\n"));
-	VOID_FOPEN_WORKAROUND(SSL_CTX_set_client_CA_list(ctx,
-			           SSL_load_client_CA_file(cacertfile)));
-	if (!SSL_CTX_get_client_CA_list(ctx)) {
-	    DEBUGF(("ERROR: Cannot set client CA list\n"));
-	    MAYBE_SET_ERRSTR("ecacertfile");
-	    goto err_end;
-	}
-    }
-
-    /* Use certificate file if key file has not been set. */
-    if (!keyfile)
-	keyfile = certfile;
-
-    if (certfile) {
-	int res;
-	DEBUGF(("set_ssl_parameters: SSL_CTX_use_certificate_file\n"));
-	FOPEN_WORKAROUND(res, SSL_CTX_use_certificate_file(ctx, certfile,
-							   SSL_FILETYPE_PEM));
-	if (res <= 0) {
-	    DEBUGF(("ERROR: Cannot set certificate file\n"));
-	    MAYBE_SET_ERRSTR("ecertfile");
-	    goto err_end;
-	}
-    }
-    if (keyfile) { 
-	int res;
-	DEBUGF(("set_ssl_parameters: SSL_CTX_use_PrivateKey_file\n"));
-	FOPEN_WORKAROUND(res, SSL_CTX_use_PrivateKey_file(ctx, keyfile, 
-					SSL_FILETYPE_PEM));
-	if (res <= 0) {
-	    DEBUGF(("ERROR: Cannot set private key file\n"));
-	    MAYBE_SET_ERRSTR("ekeyfile");
-	    goto err_end;
-	}
-    }
-    if(certfile && keyfile) {
-	DEBUGF(("set_ssl_parameters: SSL_CTX_check_private_key\n"));
-	if (!SSL_CTX_check_private_key(ctx)) {
-	    DEBUGF(("ERROR: Private key does not match the certificate\n")); 
-	    MAYBE_SET_ERRSTR("ekeymismatch");
-	    goto err_end;
-	}
-    }    
-
-    /* Ciphers */
-    if (ciphers) {
-	DEBUGF(("set_ssl_parameters: SSL_CTX_set_cipher_list\n"));
-	if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
-	    DEBUGF(("ERROR: Cannot set cipher list\n"));
-	    MAYBE_SET_ERRSTR("ecipher");
-	    goto err_end;
-	}
-    }
-
-    /* Verify depth */
-    DEBUGF(("set_ssl_parameters: SSL_CTX_set_verify_depth (depth = %d)\n", 
-	    verify_depth)); 
-    SSL_CTX_set_verify_depth(ctx, verify_depth);
-
-    /* Verify mode and callback */
-    /* XXX Why precisely these modes? */
-    switch (verify) {
-    case 0:
-	verify_mode = SSL_VERIFY_NONE;
-	break;
-    case 1:
-	verify_mode = SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
-	break;
-    case 2:
-	verify_mode = SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE|
-	    SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-	break;
-    default:
-	verify_mode = SSL_VERIFY_NONE;
-    }
-    DEBUGF(("set_ssl_parameters: SSL_CTX_set_verify (verify = %d)\n", 
-	    verify)); 
-    SSL_CTX_set_verify(ctx, verify_mode, verify_callback);
-
-    /* Session id context. Should be an option really. */
-    if (cp->origin == ORIG_LISTEN) {
-	unsigned char *sid = "Erlang/OTP/ssl";
-	SSL_CTX_set_session_id_context(ctx, sid, strlen(sid));
-    }
-
-    /* info callback */
-    if (debug) 
-	SSL_CTX_set_info_callback(ctx, info_callback);
-
-    DEBUGF(("set_ssl_parameters: done\n"));
-    /* Free arg list */
-    for (i = 0; argv[i]; i++)
-	esock_free(argv[i]);
-    esock_free(argv);
-    return 0;
-
- err_end:
-    DEBUGF(("set_ssl_parameters: error\n"));
-    /* Free arg list */
-    for (i = 0; argv[i]; i++)
-	esock_free(argv[i]);
-    esock_free(argv);
-    return -1;
-}
-
-/* Call back functions */
-
-static int verify_callback(int ok, X509_STORE_CTX *x509_ctx)
-{
-    X509 *cert;
-    int cert_err, depth;
-    SSL *ssl;
-    SSL_CTX *ctx;
-    callback_data *cb_data;
-
-    cert = X509_STORE_CTX_get_current_cert(x509_ctx);
-    cert_err = X509_STORE_CTX_get_error(x509_ctx);
-    depth = X509_STORE_CTX_get_error_depth(x509_ctx);
-
-    ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 
-				     SSL_get_ex_data_X509_STORE_CTX_idx());
-    ctx = SSL_get_SSL_CTX(ssl);
-    cb_data = SSL_CTX_get_ex_data(ctx, callback_data_index);
-
-    X509_NAME_oneline(X509_get_subject_name(cert), x509_buf, sizeof(x509_buf));
-    DEBUGF(("  +vfy: depth = %d\n", depth));
-    DEBUGF(("        subject = %s\n", x509_buf));
-    X509_NAME_oneline(X509_get_issuer_name(cert),  x509_buf, sizeof(x509_buf));
-    DEBUGF(("        issuer = %s\n", x509_buf));
-
-    if (!ok) {
-	DEBUGF(("  +vfy: error = %d [%s]\n", cert_err,
-		X509_verify_cert_error_string(cert_err)));
-	if (depth >= cb_data->verify_depth) 
-	    ok = 1;
-    }
-
-    switch (cert_err) {
-    case X509_V_OK:
-    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-	ok = 1;
-	break;
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-	MAYBE_SET_ERRSTR("enoissuercert");
-	break;
-    case X509_V_ERR_CERT_HAS_EXPIRED:
-	MAYBE_SET_ERRSTR("epeercertexpired");
-	break;
-    case X509_V_ERR_CERT_NOT_YET_VALID:
-    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-	MAYBE_SET_ERRSTR("epeercertinvalid");
-	break;
-    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-	MAYBE_SET_ERRSTR("eselfsignedcert");
-	break;
-    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-	MAYBE_SET_ERRSTR("echaintoolong");
-	break;
-    default:
-	MAYBE_SET_ERRSTR("epeercert");
-	break;
-    }
-    DEBUGF(("  +vfy: return = %d\n",ok));
-    return ok;
-}
-
-static int passwd_callback(char *buf, int num, int rwflag, void *userdata)
-{
-    callback_data *cb_data = userdata;
-    int len;
-
-    if (cb_data && cb_data->passwd) {
-	DEBUGF(("  +passwd: %s\n", cb_data->passwd));
-	strncpy(buf, cb_data->passwd, num);
-	len = strlen(cb_data->passwd);
-	return len;
-    }
-    DEBUGF(("  +passwd: ERROR: No password set.\n"));
-    return 0;
-}
-
-static void info_callback(const SSL *ssl, int where, int ret)
-{
-    char *str;
-
-    if (where & SSL_CB_LOOP) {
-	DEBUGF(("  info: %s\n",SSL_state_string_long(ssl)));
-    } else if (where & SSL_CB_ALERT) {
-	str = (where & SSL_CB_READ) ? "read" : "write";
-	DEBUGF(("  info: SSL3 alert %s:%s:%s\n", str, 
-		SSL_alert_type_string_long(ret),
-		SSL_alert_desc_string_long(ret)));
-    } else if (where & SSL_CB_EXIT) {
-	if (ret == 0) {
-	    DEBUGF(("  info: failed in %s\n", SSL_state_string_long(ssl)));
-	} else if (ret < 0) {
-	    DEBUGF(("  info: error in %s\n", SSL_state_string_long(ssl)));
-	}
-    }
-}
-
-/* This function is called whenever an SSL_CTX *ctx structure is
- * freed. 
-*/
-static void callback_data_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, 
-			       int idx, long arg1, void *argp)
-{
-    callback_data *cb_data = ptr;
-    
-    if (cb_data) {
-	if (cb_data->passwd) 
-	    esock_free(cb_data->passwd);
-	esock_free(cb_data);
-    }
-}
-
-static RSA *tmp_rsa_callback(SSL *ssl, int is_export, int keylen)
-{
-    static RSA *rsa512 = NULL;
-    static RSA *rsa1024 = NULL;
-
-    switch (keylen) {
-    case 512:
-	if (!rsa512)
-	    rsa512 = RSA_generate_key(keylen, RSA_F4, NULL, NULL);
-	return rsa512;
-	break;
-    case 1024:
-	if (!rsa1024)
-	    rsa1024 = RSA_generate_key(keylen, RSA_F4, NULL, NULL);
-	return rsa1024;
-	break;
-    default:
-	if (rsa1024)
-	    return rsa1024;
-	if (rsa512)
-	    return rsa512;
-	rsa512 = RSA_generate_key(keylen, RSA_F4, NULL, NULL);
-	return rsa512;
-    }
-}
-
-/* Restrict protocols (SSLv2, SSLv3, TLSv1) */
-static void restrict_protocols(SSL_CTX *ctx)
-{
-    long options = 0;
-
-    if (protocol_version) {
-	if ((protocol_version & ESOCK_SSLv2) == 0) 
-	    options |= SSL_OP_NO_SSLv2;
-	if ((protocol_version & ESOCK_SSLv3) == 0) 
-	    options |= SSL_OP_NO_SSLv3;
-	if ((protocol_version & ESOCK_TLSv1) == 0) 
-	    options |= SSL_OP_NO_TLSv1;
-	SSL_CTX_set_options(ctx, options);
-    }
-}
-
-
-static unsigned char randvec [] = {
-    181, 177, 237, 240, 107, 24, 43, 148, 
-    105, 4, 248, 13, 199, 255, 23, 58, 
-    71, 181, 57, 151, 156, 25, 165, 7, 
-    73, 80, 80, 231, 70, 110, 96, 162, 
-    24, 205, 178, 178, 67, 122, 210, 180, 
-    92, 6, 156, 182, 84, 159, 85, 6, 
-    175, 66, 165, 167, 137, 34, 179, 237, 
-    77, 90, 87, 185, 21, 106, 92, 115, 
-    137, 65, 233, 42, 164, 153, 208, 133, 
-    160, 172, 129, 202, 46, 220, 98, 66, 
-    115, 66, 46, 28, 226, 200, 140, 145, 
-    207, 194, 58, 71, 56, 203, 113, 34, 
-    221, 116, 63, 114, 188, 210, 45, 238, 
-    200, 123, 35, 150, 2, 78, 160, 22, 
-    226, 167, 162, 10, 182, 75, 109, 97, 
-    86, 252, 93, 125, 117, 214, 220, 37, 
-    105, 160, 56, 158, 97, 57, 22, 14, 
-    73, 169, 111, 190, 222, 176, 14, 82, 
-    111, 42, 87, 90, 136, 236, 22, 209, 
-    156, 207, 40, 251, 88, 141, 51, 211, 
-    31, 158, 153, 91, 119, 83, 255, 60, 
-    55, 94, 5, 115, 119, 210, 224, 185, 
-    163, 163, 5, 3, 197, 106, 110, 206, 
-    109, 132, 50, 190, 177, 133, 175, 129, 
-    225, 161, 156, 244, 77, 150, 99, 38, 
-    17, 111, 46, 230, 152, 64, 50, 164, 
-    19, 78, 3, 164, 169, 175, 104, 97, 
-    103, 158, 91, 168, 186, 191, 73, 88, 
-    118, 112, 41, 188, 219, 0, 198, 209, 
-    206, 7, 5, 169, 127, 180, 80, 74, 
-    124, 4, 4, 108, 197, 67, 204, 29, 
-    101, 95, 174, 147, 64, 163, 89, 160, 
-    10, 5, 56, 134, 209, 69, 209, 55, 
-    214, 136, 45, 212, 113, 85, 159, 133, 
-    141, 249, 75, 40, 175, 91, 142, 13, 
-    179, 179, 51, 0, 136, 63, 148, 175, 
-    103, 162, 8, 214, 4, 24, 59, 71, 
-    9, 185, 48, 127, 159, 165, 8, 8, 
-    135, 151, 92, 214, 132, 151, 204, 169, 
-    24, 112, 229, 59, 236, 81, 238, 64, 
-    150, 196, 97, 213, 140, 159, 20, 24, 
-    79, 210, 191, 53, 130, 33, 157, 87, 
-    16, 180, 175, 217, 56, 123, 115, 196, 
-    130, 6, 155, 37, 220, 80, 232, 129, 
-    240, 57, 199, 249, 196, 152, 28, 111, 
-    124, 192, 59, 46, 29, 21, 178, 51, 
-    156, 17, 248, 61, 254, 80, 201, 131, 
-    203, 59, 227, 191, 71, 121, 134, 181, 
-    55, 79, 130, 225, 246, 36, 179, 224, 
-    189, 243, 200, 75, 73, 41, 251, 41, 
-    71, 251, 78, 146, 99, 101, 104, 69, 
-    18, 122, 65, 24, 232, 84, 246, 242, 
-    209, 18, 241, 114, 3, 65, 177, 99, 
-    49, 99, 215, 59, 9, 175, 195, 11, 
-    25, 46, 43, 120, 109, 179, 159, 250, 
-    239, 246, 135, 78, 2, 238, 214, 237, 
-    64, 170, 50, 44, 68, 67, 111, 232, 
-    225, 230, 224, 124, 76, 32, 52, 158, 
-    151, 54, 184, 135, 122, 66, 211, 215, 
-    121, 90, 124, 158, 55, 73, 116, 137, 
-    240, 15, 38, 31, 183, 86, 93, 49, 
-    148, 184, 125, 250, 155, 216, 84, 246, 
-    27, 172, 141, 54, 80, 158, 227, 254, 
-    189, 164, 238, 229, 68, 26, 231, 11, 
-    198, 222, 15, 141, 98, 8, 124, 219, 
-    60, 125, 170, 213, 114, 24, 189, 65, 
-    80, 186, 71, 126, 223, 153, 20, 141, 
-    110, 73, 173, 218, 214, 63, 205, 177, 
-    132, 115, 184, 28, 122, 232, 210, 72, 
-    237, 41, 93, 17, 152, 95, 242, 138, 
-    79, 98, 47, 197, 36, 17, 137, 230, 
-    15, 73, 193, 1, 181, 123, 0, 186, 
-    185, 135, 142, 200, 139, 78, 57, 145, 
-    191, 32, 98, 250, 113, 188, 71, 32, 
-    205, 81, 219, 99, 60, 87, 42, 95, 
-    249, 252, 121, 125, 246, 230, 74, 162, 
-    73, 59, 179, 142, 178, 47, 163, 161, 
-    236, 14, 123, 219, 18, 6, 102, 140, 
-    215, 210, 76, 9, 119, 147, 252, 63, 
-    13, 51, 161, 172, 180, 116, 212, 129, 
-    116, 237, 38, 64, 213, 222, 35, 14, 
-    183, 237, 78, 204, 250, 250, 5, 41, 
-    142, 5, 207, 154, 65, 183, 108, 82, 
-    1, 43, 149, 233, 89, 195, 25, 233, 
-    4, 34, 19, 122, 16, 58, 121, 5, 
-    118, 168, 22, 213, 49, 226, 163, 169, 
-    21, 78, 179, 232, 125, 216, 198, 147, 
-    245, 196, 199, 138, 185, 167, 179, 82, 
-    175, 53, 6, 162, 5, 141, 180, 212, 
-    95, 201, 234, 169, 111, 175, 138, 197, 
-    177, 246, 154, 41, 185, 201, 134, 187, 
-    88, 99, 231, 23, 190, 36, 72, 174, 
-    244, 185, 205, 50, 230, 226, 210, 119, 
-    175, 107, 109, 244, 12, 122, 84, 51, 
-    146, 95, 68, 74, 76, 212, 221, 103, 
-    244, 71, 63, 133, 149, 233, 48, 3, 
-    176, 168, 6, 98, 88, 226, 120, 190, 
-    205, 249, 38, 157, 205, 148, 250, 203, 
-    147, 62, 195, 229, 219, 109, 177, 119, 
-    120, 43, 165, 99, 253, 210, 180, 32, 
-    227, 180, 174, 64, 156, 139, 251, 53, 
-    205, 132, 210, 208, 3, 199, 115, 64, 
-    59, 27, 249, 164, 224, 191, 124, 241, 
-    142, 10, 19, 120, 227, 46, 174, 231, 
-    48, 65, 41, 56, 51, 38, 185, 95, 
-    250, 182, 100, 40, 196, 124, 173, 119, 
-    162, 148, 170, 34, 51, 68, 175, 60, 
-    242, 201, 225, 34, 146, 157, 159, 0, 
-    144, 148, 82, 72, 149, 53, 201, 10, 
-    248, 206, 154, 126, 33, 153, 56, 48, 
-    5, 90, 194, 22, 251, 173, 211, 202, 
-    203, 253, 112, 147, 188, 200, 142, 206, 
-    206, 175, 233, 76, 93, 104, 125, 41, 
-    64, 145, 202, 53, 130, 251, 23, 90, 
-    28, 199, 13, 128, 185, 154, 53, 194, 
-    195, 55, 80, 56, 151, 216, 195, 138, 
-    7, 170, 143, 236, 74, 141, 229, 174, 
-    32, 165, 131, 68, 174, 104, 35, 143, 
-    183, 41, 80, 191, 120, 79, 166, 240, 
-    123, 55, 60, 2, 128, 56, 4, 199, 
-    122, 85, 90, 76, 246, 29, 13, 6, 
-    126, 229, 14, 203, 244, 73, 121, 42, 
-    169, 35, 44, 202, 18, 69, 153, 120, 
-    141, 77, 124, 191, 215, 18, 115, 187, 
-    108, 246, 135, 151, 225, 192, 50, 89, 
-    128, 45, 39, 253, 149, 234, 203, 84, 
-    51, 174, 15, 237, 17, 57, 76, 81, 
-    39, 107, 40, 36, 22, 52, 92, 39};
diff --git a/lib/ssl/c_src/esock_osio.c b/lib/ssl/c_src/esock_osio.c
deleted file mode 100644
index 41c5271c16..0000000000
--- a/lib/ssl/c_src/esock_osio.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/*<copyright>
- * <year>1999-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-/*
- * Purpose:  Std filedescriptors, break handler
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef __WIN32__
-#include "esock_winsock.h"
-#include <process.h>
-#include <io.h>
-#include <fcntl.h>
-#else
-#include <unistd.h>
-#include <signal.h>  
-#endif 
-
-#include "esock.h"
-#include "debuglog.h"
-#include "esock_utils.h"
-#include "esock_osio.h"
-
-#ifdef __WIN32__
-#define write	_write
-#define read	_read
-#define LOCALHOSTADDR	"127.0.0.1"
-#define LOCBUFSIZE      1024
-#endif
-
-#define PACKET_SIZE	4
-#define EBUFSIZE	256
-
-FD local_read_fd = 0;
-
-static int inc_rbuf(int size);
-static void free_rbuf(void);
-static int read_fill(unsigned char *buf, int len);
-#ifdef __WIN32__
-static int create_local_thread(void);
-static DWORD WINAPI local_thread(LPVOID lpvParam);
-static BOOL WINAPI signal_handler(DWORD ctrl);
-#endif
-
-static unsigned char *rbuf = NULL;
-static int rbuf_malloced = 0;
-#ifdef __WIN32__
-static unsigned long one = 1, zero = 0;
-static int local_portno;
-static char *local_buf;
-#endif
-
-int set_break_handler(void) 
-{
-#ifndef __WIN32__
-    struct sigaction act;
-
-    /* Ignore SIGPIPE signal */
-    sigemptyset(&act.sa_mask);
-    act.sa_flags = 0;
-    act.sa_handler = SIG_IGN;
-    sigaction(SIGPIPE, &act, NULL);
-    return 0;
-#else 
-    SetConsoleCtrlHandler(signal_handler, TRUE);
-    return 0;
-#endif
-}
-
-
-#ifdef __WIN32__
-
-int set_binary_mode(void)
-{
-    _setmode(0, _O_BINARY);
-    _setmode(1, _O_BINARY);
-    return 0;
-}
-
-int esock_osio_init(void)
-{
-    return create_local_thread();
-}
-
-void esock_osio_finish(void)
-{
-    sock_close(local_read_fd);
-}
-
-#endif
-
-int read_ctrl(unsigned char **ebufp)
-{
-    int tbh, cc;
-    unsigned char *mbuf;
-
-    if (inc_rbuf(EBUFSIZE) < 0) {
-	fprintf(stderr, "read_ctrl: cannot alloc rbuf\n");
-	return -1;
-    }
-    cc = read_fill(rbuf, PACKET_SIZE);
-    if (cc < 0) {
-	free_rbuf();
-	return -1;
-    }
-    if (cc == 0) {
-	free_rbuf();
-	return -1;		/* XXX 0 ?? */
-    }
-    tbh = GET_INT32(rbuf);
-
-    if (tbh > rbuf_malloced - 4) {
-	if (inc_rbuf(tbh + 4) < 0)
-	    return -1;
-    }
-    
-    mbuf = rbuf + PACKET_SIZE;
-    cc = read_fill(mbuf, tbh);
-    DEBUGF(("-----------------------------------\n"));
-    DEBUGF(("read_ctrl: cc = %d\n", cc));
-    if(cc > 0) {
-	DEBUGMSGF(("message (hex) : [%3.*a]\n", cc, mbuf));
-	DEBUGMSGF(("message (char): [%3.*b]\n", cc, mbuf));
-    }
-    *ebufp = mbuf;
-    return cc;
-}
-
-int write_ctrl(unsigned char *buf, int len)
-{
-    unsigned char lb[4];
-
-    PUT_INT32(len, lb);
-    DEBUGF(("write_ctrl: len = %d\n", len));
-    DEBUGMSGF(("message (hex) : [%3.*a] [%3.*a]\n", PACKET_SIZE, lb, 
-	       len, buf));
-    DEBUGMSGF(("message (char): [%3.*b] [%3.*b]\n", PACKET_SIZE, lb, 
-	       len, buf));
-
-    if (write(1, lb, PACKET_SIZE) != PACKET_SIZE) { /* XXX */
-	fprintf(stderr, "write_ctrl: Bad write \n");
-	return -1;
-    }
-    if (write(1, buf, len) != len) { /* XXX */
-	fprintf(stderr, "write_ctrl: Bad write \n");
-	return -1;
-    }
-    return len;
-}
-
-
-/* 
- * Local functions
- *
- */
-
-static int inc_rbuf(int size)
-{
-    unsigned char *nbuf;
-
-    if (rbuf_malloced >= size)
-	return 0;
-    if (rbuf != NULL)		
-	nbuf = esock_realloc(rbuf, size);
-    else
-	nbuf = esock_malloc(size);
-    if(nbuf != NULL) {
-	rbuf = nbuf;
-	rbuf_malloced = size;
-	return 0;
-    }
-    return -1;
-}
-
-static void free_rbuf(void) 
-{
-    if (rbuf != NULL) {
-	esock_free(rbuf);
-	rbuf = NULL;
-	rbuf_malloced = 0;
-    }
-}
-
-/* Fill buffer, return buffer length, 0 for EOF, < 0 for error. */
-
-static int read_fill(unsigned char *buf, int len)
-{
-    int i, got = 0;
-  
-    do {
-	if ((i = sock_read(local_read_fd, buf+got, len-got)) <= 0)
-	    return i;
-	got += i;
-    } while (got < len);
-    return len;
-}
-
-
-#ifdef __WIN32__
-
-/* 
- * This routine creates a local thread, which reads from standard input
- * and writes to a socket. 
- */
-
-static int create_local_thread(void)
-{
-    struct sockaddr_in iserv_addr;
-    SOCKET tmpsock;
-    int length;
-    unsigned threadaddr;
-
-    local_buf = esock_malloc(LOCBUFSIZE);
-    if ((tmpsock = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) {
- 	fprintf(stderr, "create_local_thread could not create socket.\n");
-	return -1;
-    }
-    memset(&iserv_addr, 0, sizeof(iserv_addr));
-    iserv_addr.sin_family = AF_INET;
-    iserv_addr.sin_addr.s_addr = inet_addr(LOCALHOSTADDR);
-    iserv_addr.sin_port = htons(0); /* Have any port */
-
-    if (bind(tmpsock, (struct sockaddr *) &iserv_addr, 
-	     sizeof(iserv_addr)) < 0) {
-	fprintf(stderr, "create_local_thread could not bind.\n");
-	closesocket(tmpsock);
-	return -1;
-    }
-    listen(tmpsock, 1);
-    length = sizeof(iserv_addr);
-    if (getsockname(tmpsock, (struct sockaddr *) &iserv_addr, &length) < 0) {
-	fprintf(stderr, "create_local_thread could not getsockname.\n");
-	closesocket(tmpsock);
-	return -1;
-    }
-    local_portno = ntohs(iserv_addr.sin_port);
-
-    if (_beginthreadex(NULL, 0, local_thread, NULL, 0, &threadaddr) == 0) {
-	fprintf(stderr, "create_local_thread could not _beginthreadex().\n");
-	closesocket(tmpsock);
-	return -1;
-    }
-    local_read_fd = accept(tmpsock, (struct sockaddr *) NULL, (int *) NULL);
-    if (local_read_fd == INVALID_FD) {
-	fprintf(stderr, "create_local_thread could not accept.\n");
-	closesocket(tmpsock);
-	return -1;
-    }
-    closesocket(tmpsock);
-    return 0;
-}
-
-static DWORD WINAPI local_thread(LPVOID lpvParam)
-{
-    SOCKET sock;
-    struct hostent *host;
-    char hostname[64];
-    struct sockaddr_in iserv_addr;
-    unsigned long addr;
-    int len;
-    HANDLE thread;
-
-    sock = socket(AF_INET, SOCK_STREAM, 0);
-    memset(&iserv_addr, 0, sizeof(struct sockaddr_in));
-    iserv_addr.sin_family = AF_INET;
-    iserv_addr.sin_addr.s_addr = inet_addr(LOCALHOSTADDR);
-    iserv_addr.sin_port = htons(local_portno);
-    if(connect(sock, (struct sockaddr*)&iserv_addr, sizeof iserv_addr) == 
-       SOCKET_ERROR) {
-	fprintf(stderr, "local_thread thread could not connect\n");
-	closesocket(sock);
-	return 0;
-    }
-    setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &one, sizeof(one));
-
-    /* read from 0 and write to sock */
-    while (1) {
-	if ((len = read(0, local_buf, LOCBUFSIZE)) <= 0) {
-	    closesocket(sock);
-	    close(0);
-	    return 0;
-	}
-	if (send(sock, local_buf, len, 0) != len ) {
-	    closesocket(sock);
-	    close(0);
-	    return 0;
-	}
-    }
-    return 0;
-}
-
-/* Signal handler */
-
-static BOOL WINAPI signal_handler(DWORD ctrl)
-{
-    switch (ctrl) {
-    case CTRL_C_EVENT:
-    case CTRL_BREAK_EVENT:
-	break;
-    case CTRL_LOGOFF_EVENT:
-	if (!getenv("ERLSRV_SERVICE_NAME"))
-	    return FALSE;
-	break;
-    default:
-	exit(1);
-    }
-    return TRUE;
-}
-
-#endif
diff --git a/lib/ssl/c_src/esock_osio.h b/lib/ssl/c_src/esock_osio.h
deleted file mode 100644
index 8742c3b05b..0000000000
--- a/lib/ssl/c_src/esock_osio.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- *  %CopyrightBegin%
- *  
- *  Copyright Ericsson AB 1999-2009. All Rights Reserved.
- *  
- *  The contents of this file are subject to the Erlang Public License,
- *  Version 1.1, (the "License"); you may not use this file except in
- *  compliance with the License. You should have received a copy of the
- *  Erlang Public License along with this software. If not, it can be
- *  retrieved online at http://www.erlang.org/.
- *  
- *  Software distributed under the License is distributed on an "AS IS"
- *  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- *  the License for the specific language governing rights and limitations
- *  under the License.
- *  
- *  %CopyrightEnd%
- */
-
-#ifndef ESOCK_OSIO_H
-#define ESOCK_OSIO_H
-
-extern FD local_read_fd;
-
-#ifdef __WIN32__
-int set_binary_mode(void);
-int esock_osio_init(void);
-void esock_osio_finish(void);
-#endif
-int set_break_handler(void);
-int read_ctrl(unsigned char **ebufp);
-int write_ctrl(unsigned char *buf, int len);
-
-#endif
diff --git a/lib/ssl/c_src/esock_poll.c b/lib/ssl/c_src/esock_poll.c
deleted file mode 100644
index e982eba881..0000000000
--- a/lib/ssl/c_src/esock_poll.c
+++ /dev/null
@@ -1,222 +0,0 @@
-/*<copyright>
- * <year>2005-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-
-/*
- * Purpose: Hide poll() and select() behind an API so that we
- * can use either one.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#ifdef __WIN32__
-#include "esock_winsock.h"
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <time.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <errno.h>
-
-#ifdef __WIN32__
-#include <process.h>
-#else
-#include <unistd.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <sys/time.h>
-#include <netdb.h>
-#include <arpa/inet.h>
-#include <fcntl.h>
-#endif
-
-#include "esock.h"
-#include "esock_ssl.h"
-#include "esock_utils.h"
-#include "esock_poll.h"
-#include "debuglog.h"
-
-#if !defined(USE_SELECT)
-
-/* At least on FreeBSD, we need POLLRDNORM for normal files, not POLLIN. */
-/* Whether this is a bug in FreeBSD, I don't know. */
-#ifdef POLLRDNORM
-#define POLL_INPUT	(POLLIN | POLLRDNORM)
-#else
-#define POLL_INPUT	POLLIN
-#endif
-
-static void poll_fd_set(EsockPoll *ep, FD fd, short events)
-{
-    int i, j;
-    int prev_num_fds = ep->num_fds;
-
-    if (ep->num_fds <= fd) {
-	ep->num_fds = fd + 64;
-	ep->fd_to_poll = (int *) esock_realloc(ep->fd_to_poll,
-					       ep->num_fds*sizeof(int));
-	for (j = prev_num_fds; j < ep->num_fds; j++)
-	    ep->fd_to_poll[j] = -1;
-    }
-    i = ep->fd_to_poll[fd];
-    if (i > 0 && i < ep->active && ep->fds[i].fd == fd) {
-	/* Already present in poll array */
-	ep->fds[i].events |= events;
-    } else {
-	/* Append to poll array */
-	if (ep->active >= ep->allocated) {
-	    ep->allocated *= 2;
-	    ep->fds = (struct pollfd *)
-		esock_realloc(ep->fds, ep->allocated*sizeof(struct pollfd));
-	}
-	ep->fd_to_poll[fd] = ep->active;
-	ep->fds[ep->active].fd = fd;
-	ep->fds[ep->active].events = events;
-	ep->fds[ep->active].revents = 0;
-	ep->active++;
-    }
-}
-
-static int poll_is_set(EsockPoll *ep, FD fd, short mask)
-{
-    if (fd >= ep->num_fds) {
-	return 0;
-    } else {
-	int i = ep->fd_to_poll[fd];
-	return 0 <= i && i < ep->active && ep->fds[i].fd == fd &&
-	    (ep->fds[i].revents & mask) != 0;
-    }
-}
-
-#endif
-
-void esock_poll_init(EsockPoll *ep)
-{
-#ifdef USE_SELECT
-    /* Nothing to do here */
-#else
-    ep->allocated = 2;
-    ep->fds = (struct pollfd *) esock_malloc(ep->allocated*sizeof(struct pollfd));
-    ep->num_fds = 1;
-    ep->fd_to_poll = esock_malloc(ep->num_fds*sizeof(int));
-#endif    
-}
-
-void esock_poll_zero(EsockPoll *ep)
-{
-#ifdef USE_SELECT
-    FD_ZERO(&ep->readmask);
-    FD_ZERO(&ep->writemask);
-    FD_ZERO(&ep->exceptmask);
-#else
-    int i;
-
-    for (i = 0; i < ep->num_fds; i++)
-	ep->fd_to_poll[i] = -1;
-    ep->active = 0;
-#endif    
-}
-
-void esock_poll_fd_set_read(EsockPoll *ep, FD fd)
-{
-#ifdef USE_SELECT
-    FD_SET(fd, &ep->readmask);
-#else
-    poll_fd_set(ep, fd, POLL_INPUT);
-#endif    
-}
-
-void esock_poll_fd_set_write(EsockPoll *ep, FD fd)
-{
-#ifdef USE_SELECT
-    FD_SET(fd, &ep->writemask);
-#else
-    poll_fd_set(ep, fd, POLLOUT);
-#endif    
-}
-
-int esock_poll_fd_isset_read(EsockPoll *ep, FD fd)
-{
-#ifdef USE_SELECT
-    return FD_ISSET(fd, &ep->readmask);
-#else
-    return poll_is_set(ep, fd, (POLL_INPUT|POLLHUP|POLLERR|POLLNVAL));
-#endif    
-}
-
-int esock_poll_fd_isset_write(EsockPoll *ep, FD fd)
-{
-#ifdef USE_SELECT
-    return FD_ISSET(fd, &ep->writemask);
-#else
-    return poll_is_set(ep, fd, (POLLOUT|POLLHUP|POLLERR|POLLNVAL));
-#endif    
-}
-
-#ifdef __WIN32__
-void esock_poll_fd_set_exception(EsockPoll *ep, FD fd)
-{
-    FD_SET(fd, &ep->exceptmask);
-}
-
-int esock_poll_fd_isset_exception(EsockPoll *ep, FD fd)
-{
-    return FD_ISSET(fd, &ep->exceptmask);
-}
-#endif
-
-int esock_poll(EsockPoll *ep, int seconds)
-{
-    int sret;
-
-#ifdef USE_SELECT
-    struct timeval tv;
-
-    tv.tv_sec = seconds;
-    tv.tv_usec = 0;
-    sret = select(FD_SETSIZE, &ep->readmask, &ep->writemask, &ep->exceptmask, &tv);
-    if (sret == 0) {
-	FD_ZERO(&ep->readmask);
-	FD_ZERO(&ep->writemask);
-	FD_ZERO(&ep->exceptmask);
-    }
-#else
-    sret = poll(ep->fds, ep->active, 1000*seconds);
-#endif
-    return sret;
-}
-
-void esock_poll_clear_event(EsockPoll* ep, FD fd)
-{
-#ifdef USE_SELECT
-    FD_CLR(fd, &ep->readmask);
-    FD_CLR(fd, &ep->writemask);
-    FD_CLR(fd, &ep->exceptmask);
-#else
-    int i = ep->fd_to_poll[fd];
-    if (i > 0 && ep->fds[i].fd == fd)
-	ep->fds[i].revents = 0;
-#endif
-}
diff --git a/lib/ssl/c_src/esock_poll.h b/lib/ssl/c_src/esock_poll.h
deleted file mode 100644
index 639976dfa9..0000000000
--- a/lib/ssl/c_src/esock_poll.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*<copyright>
- * <year>2005-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-#ifndef ESOCK_POLL_SELECT_H
-#define ESOCK_POLL_SELECT_H
-
-#if !defined(USE_SELECT)
-#include <poll.h>
-#endif
-
-typedef struct esock_poll {
-#ifdef USE_SELECT
-    fd_set readmask;
-    fd_set writemask;
-    fd_set exceptmask;
-#else
-    int* fd_to_poll;		/* Map from fd to index into poll
-				 * descriptor array.
-				 */
-    int num_fds;		/* Number of entries in fd_to_poll. */
-    struct pollfd* fds;		/* Array of poll descriptors. */
-    int allocated;		/* Allocated number of fds. */
-    int active;			/* Active number of fds */
-#endif
-} EsockPoll;
-
-void esock_poll_init(EsockPoll *ep);
-void esock_poll_zero(EsockPoll *ep);
-
-void esock_poll_fd_set_read(EsockPoll *ep, FD fd);
-void esock_poll_fd_set_write(EsockPoll *ep, FD fd);
-
-void esock_poll_clear_event(EsockPoll *ep, FD fd);
-
-int esock_poll_fd_isset_read(EsockPoll *ep, FD fd);
-int esock_poll_fd_isset_write(EsockPoll *ep, FD fd);
-
-#ifdef __WIN32__
-void esock_poll_fd_set_exception(EsockPoll *ep, FD fd);
-int esock_poll_fd_isset_exception(EsockPoll *ep, FD fd);
-#endif
-
-int esock_poll(EsockPoll *ep, int seconds);
-#endif
diff --git a/lib/ssl/c_src/esock_posix_str.c b/lib/ssl/c_src/esock_posix_str.c
deleted file mode 100644
index 31062baaaf..0000000000
--- a/lib/ssl/c_src/esock_posix_str.c
+++ /dev/null
@@ -1,642 +0,0 @@
-/*
- * %ExternalCopyright%
- */
-
-/* 
- * Original: tclPosixStr.c --
- *
- *	This file contains procedures that generate strings
- *	corresponding to various POSIX-related codes, such
- *	as errno and signals.
- *
- * Copyright (c) 1991-1994 The Regents of the University of California.
- * Copyright (c) 1994-1996 Sun Microsystems, Inc.
- *
- * See the file "license.terms" for information on usage and redistribution
- * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
- *
- * SCCS: @(#) tclPosixStr.c 1.32 96/10/10 10:09:42
- */
-
-/* Copy of erl_posix_str.c */
-
-#ifdef __WIN32__
-#include "esock_winsock.h"
-#endif
-
-#include <stdio.h>
-#include <errno.h>
-#include "esock_posix_str.h"
-
-/*
- *----------------------------------------------------------------------
- *
- * esock_posix_str --
- *
- *	Return a textual identifier for the given errno value.
- *
- * Results:
- *	This procedure returns a machine-readable textual identifier
- *	that corresponds to the current errno value (e.g. "eperm").
- *	The identifier is the same as the #define name in errno.h,
- *	except that it is in lowercase.
- *
- *----------------------------------------------------------------------
- */
-
-static char errstrbuf[32];
-
-char *esock_posix_str(int error)
-{
-    switch (error) {
-#ifdef E2BIG
-    case E2BIG: return "e2big";
-#endif
-#ifdef EACCES
-    case EACCES: return "eacces";
-#endif
-#ifdef EADDRINUSE
-    case EADDRINUSE: return "eaddrinuse";
-#endif
-#ifdef EADDRNOTAVAIL
-    case EADDRNOTAVAIL: return "eaddrnotavail";
-#endif
-#ifdef EADV
-    case EADV: return "eadv";
-#endif
-#ifdef EAFNOSUPPORT
-    case EAFNOSUPPORT: return "eafnosupport";
-#endif
-#ifdef EAGAIN
-    case EAGAIN: return "eagain";
-#endif
-#ifdef EALIGN
-    case EALIGN: return "ealign";
-#endif
-#if defined(EALREADY) && (!defined(EBUSY) || (EALREADY != EBUSY ))
-    case EALREADY: return "ealready";
-#endif
-#ifdef EBADE
-    case EBADE: return "ebade";
-#endif
-#ifdef EBADF
-    case EBADF: return "ebadf";
-#endif
-#ifdef EBADFD
-    case EBADFD: return "ebadfd";
-#endif
-#ifdef EBADMSG
-    case EBADMSG: return "ebadmsg";
-#endif
-#ifdef EBADR
-    case EBADR: return "ebadr";
-#endif
-#ifdef EBADRPC
-    case EBADRPC: return "ebadrpc";
-#endif
-#ifdef EBADRQC
-    case EBADRQC: return "ebadrqc";
-#endif
-#ifdef EBADSLT
-    case EBADSLT: return "ebadslt";
-#endif
-#ifdef EBFONT
-    case EBFONT: return "ebfont";
-#endif
-#ifdef EBUSY
-    case EBUSY: return "ebusy";
-#endif
-#ifdef ECHILD
-    case ECHILD: return "echild";
-#endif
-#ifdef ECHRNG
-    case ECHRNG: return "echrng";
-#endif
-#ifdef ECOMM
-    case ECOMM: return "ecomm";
-#endif
-#ifdef ECONNABORTED
-    case ECONNABORTED: return "econnaborted";
-#endif
-#ifdef ECONNREFUSED
-    case ECONNREFUSED: return "econnrefused";
-#endif
-#ifdef ECONNRESET
-    case ECONNRESET: return "econnreset";
-#endif
-#if defined(EDEADLK) && (!defined(EWOULDBLOCK) || (EDEADLK != EWOULDBLOCK))
-    case EDEADLK: return "edeadlk";
-#endif
-#if defined(EDEADLOCK) && (!defined(EDEADLK) || (EDEADLOCK != EDEADLK))
-    case EDEADLOCK: return "edeadlock";
-#endif
-#ifdef EDESTADDRREQ
-    case EDESTADDRREQ: return "edestaddrreq";
-#endif
-#ifdef EDIRTY
-    case EDIRTY: return "edirty";
-#endif
-#ifdef EDOM
-    case EDOM: return "edom";
-#endif
-#ifdef EDOTDOT
-    case EDOTDOT: return "edotdot";
-#endif
-#ifdef EDQUOT
-    case EDQUOT: return "edquot";
-#endif
-#ifdef EDUPPKG
-    case EDUPPKG: return "eduppkg";
-#endif
-#ifdef EEXIST
-    case EEXIST: return "eexist";
-#endif
-#ifdef EFAULT
-    case EFAULT: return "efault";
-#endif
-#ifdef EFBIG
-    case EFBIG: return "efbig";
-#endif
-#ifdef EHOSTDOWN
-    case EHOSTDOWN: return "ehostdown";
-#endif
-#ifdef EHOSTUNREACH
-    case EHOSTUNREACH: return "ehostunreach";
-#endif
-#if defined(EIDRM) && (!defined(EINPROGRESS) || (EIDRM != EINPROGRESS))
-    case EIDRM: return "eidrm";
-#endif
-#ifdef EINIT
-    case EINIT: return "einit";
-#endif
-#ifdef EINPROGRESS
-    case EINPROGRESS: return "einprogress";
-#endif
-#ifdef EINTR
-    case EINTR: return "eintr";
-#endif
-#ifdef EINVAL
-    case EINVAL: return "einval";
-#endif
-#ifdef EIO
-    case EIO: return "eio";
-#endif
-#ifdef EISCONN
-    case EISCONN: return "eisconn";
-#endif
-#ifdef EISDIR
-    case EISDIR: return "eisdir";
-#endif
-#ifdef EISNAME
-    case EISNAM: return "eisnam";
-#endif
-#ifdef ELBIN
-    case ELBIN: return "elbin";
-#endif
-#ifdef EL2HLT
-    case EL2HLT: return "el2hlt";
-#endif
-#ifdef EL2NSYNC
-    case EL2NSYNC: return "el2nsync";
-#endif
-#ifdef EL3HLT
-    case EL3HLT: return "el3hlt";
-#endif
-#ifdef EL3RST
-    case EL3RST: return "el3rst";
-#endif
-#ifdef ELIBACC
-    case ELIBACC: return "elibacc";
-#endif
-#ifdef ELIBBAD
-    case ELIBBAD: return "elibbad";
-#endif
-#ifdef ELIBEXEC
-    case ELIBEXEC: return "elibexec";
-#endif
-#ifdef ELIBMAX
-    case ELIBMAX: return "elibmax";
-#endif
-#ifdef ELIBSCN
-    case ELIBSCN: return "elibscn";
-#endif
-#ifdef ELNRNG
-    case ELNRNG: return "elnrng";
-#endif
-#if defined(ELOOP) && (!defined(ENOENT) || (ELOOP != ENOENT))
-    case ELOOP: return "eloop";
-#endif
-#ifdef EMFILE
-    case EMFILE: return "emfile";
-#endif
-#ifdef EMLINK
-    case EMLINK: return "emlink";
-#endif
-#ifdef EMSGSIZE
-    case EMSGSIZE: return "emsgsize";
-#endif
-#ifdef EMULTIHOP
-    case EMULTIHOP: return "emultihop";
-#endif
-#ifdef ENAMETOOLONG
-    case ENAMETOOLONG: return "enametoolong";
-#endif
-#ifdef ENAVAIL
-    case ENAVAIL: return "enavail";
-#endif
-#ifdef ENET
-    case ENET: return "enet";
-#endif
-#ifdef ENETDOWN
-    case ENETDOWN: return "enetdown";
-#endif
-#ifdef ENETRESET
-    case ENETRESET: return "enetreset";
-#endif
-#ifdef ENETUNREACH
-    case ENETUNREACH: return "enetunreach";
-#endif
-#ifdef ENFILE
-    case ENFILE: return "enfile";
-#endif
-#ifdef ENOANO
-    case ENOANO: return "enoano";
-#endif
-#if defined(ENOBUFS) && (!defined(ENOSR) || (ENOBUFS != ENOSR))
-    case ENOBUFS: return "enobufs";
-#endif
-#ifdef ENOCSI
-    case ENOCSI: return "enocsi";
-#endif
-#if defined(ENODATA) && (!defined(ECONNREFUSED) || (ENODATA != ECONNREFUSED))
-    case ENODATA: return "enodata";
-#endif
-#ifdef ENODEV
-    case ENODEV: return "enodev";
-#endif
-#ifdef ENOENT
-    case ENOENT: return "enoent";
-#endif
-#ifdef ENOEXEC
-    case ENOEXEC: return "enoexec";
-#endif
-#ifdef ENOLCK
-    case ENOLCK: return "enolck";
-#endif
-#ifdef ENOLINK
-    case ENOLINK: return "enolink";
-#endif
-#ifdef ENOMEM
-    case ENOMEM: return "enomem";
-#endif
-#ifdef ENOMSG
-    case ENOMSG: return "enomsg";
-#endif
-#ifdef ENONET
-    case ENONET: return "enonet";
-#endif
-#ifdef ENOPKG
-    case ENOPKG: return "enopkg";
-#endif
-#ifdef ENOPROTOOPT
-    case ENOPROTOOPT: return "enoprotoopt";
-#endif
-#ifdef ENOSPC
-    case ENOSPC: return "enospc";
-#endif
-#if defined(ENOSR) && (!defined(ENAMETOOLONG) || (ENAMETOOLONG != ENOSR))
-    case ENOSR: return "enosr";
-#endif
-#if defined(ENOSTR) && (!defined(ENOTTY) || (ENOTTY != ENOSTR))
-    case ENOSTR: return "enostr";
-#endif
-#ifdef ENOSYM
-    case ENOSYM: return "enosym";
-#endif
-#ifdef ENOSYS
-    case ENOSYS: return "enosys";
-#endif
-#ifdef ENOTBLK
-    case ENOTBLK: return "enotblk";
-#endif
-#ifdef ENOTCONN
-    case ENOTCONN: return "enotconn";
-#endif
-#ifdef ENOTDIR
-    case ENOTDIR: return "enotdir";
-#endif
-#if defined(ENOTEMPTY) && (!defined(EEXIST) || (ENOTEMPTY != EEXIST))
-    case ENOTEMPTY: return "enotempty";
-#endif
-#ifdef ENOTNAM
-    case ENOTNAM: return "enotnam";
-#endif
-#ifdef ENOTSOCK
-    case ENOTSOCK: return "enotsock";
-#endif
-#ifdef ENOTSUP
-    case ENOTSUP: return "enotsup";
-#endif
-#ifdef ENOTTY
-    case ENOTTY: return "enotty";
-#endif
-#ifdef ENOTUNIQ
-    case ENOTUNIQ: return "enotuniq";
-#endif
-#ifdef ENXIO
-    case ENXIO: return "enxio";
-#endif
-#if defined(EOPNOTSUPP) && (!defined(ENOTSUP) || EOPNOTSUPP != ENOTSUP)
-    case EOPNOTSUPP: return "eopnotsupp";
-#endif
-#ifdef EPERM
-    case EPERM: return "eperm";
-#endif
-#if defined(EPFNOSUPPORT) && (!defined(ENOLCK) || (ENOLCK != EPFNOSUPPORT))
-    case EPFNOSUPPORT: return "epfnosupport";
-#endif
-#ifdef EPIPE
-    case EPIPE: return "epipe";
-#endif
-#ifdef EPROCLIM
-    case EPROCLIM: return "eproclim";
-#endif
-#ifdef EPROCUNAVAIL
-    case EPROCUNAVAIL: return "eprocunavail";
-#endif
-#ifdef EPROGMISMATCH
-    case EPROGMISMATCH: return "eprogmismatch";
-#endif
-#ifdef EPROGUNAVAIL
-    case EPROGUNAVAIL: return "eprogunavail";
-#endif
-#ifdef EPROTO
-    case EPROTO: return "eproto";
-#endif
-#ifdef EPROTONOSUPPORT
-    case EPROTONOSUPPORT: return "eprotonosupport";
-#endif
-#ifdef EPROTOTYPE
-    case EPROTOTYPE: return "eprototype";
-#endif
-#ifdef ERANGE
-    case ERANGE: return "erange";
-#endif
-#if defined(EREFUSED) && (!defined(ECONNREFUSED) || (EREFUSED != ECONNREFUSED))
-    case EREFUSED: return "erefused";
-#endif
-#ifdef EREMCHG
-    case EREMCHG: return "eremchg";
-#endif
-#ifdef EREMDEV
-    case EREMDEV: return "eremdev";
-#endif
-#ifdef EREMOTE
-    case EREMOTE: return "eremote";
-#endif
-#ifdef EREMOTEIO
-    case EREMOTEIO: return "eremoteio";
-#endif
-#ifdef EREMOTERELEASE
-    case EREMOTERELEASE: return "eremoterelease";
-#endif
-#ifdef EROFS
-    case EROFS: return "erofs";
-#endif
-#ifdef ERPCMISMATCH
-    case ERPCMISMATCH: return "erpcmismatch";
-#endif
-#ifdef ERREMOTE
-    case ERREMOTE: return "erremote";
-#endif
-#ifdef ESHUTDOWN
-    case ESHUTDOWN: return "eshutdown";
-#endif
-#ifdef ESOCKTNOSUPPORT
-    case ESOCKTNOSUPPORT: return "esocktnosupport";
-#endif
-#ifdef ESPIPE
-    case ESPIPE: return "espipe";
-#endif
-#ifdef ESRCH
-    case ESRCH: return "esrch";
-#endif
-#ifdef ESRMNT
-    case ESRMNT: return "esrmnt";
-#endif
-#ifdef ESTALE
-    case ESTALE: return "estale";
-#endif
-#ifdef ESUCCESS
-    case ESUCCESS: return "esuccess";
-#endif
-#if defined(ETIME) && (!defined(ELOOP) || (ETIME != ELOOP))
-    case ETIME: return "etime";
-#endif
-#if defined(ETIMEDOUT) && (!defined(ENOSTR) || (ETIMEDOUT != ENOSTR))
-    case ETIMEDOUT: return "etimedout";
-#endif
-#ifdef ETOOMANYREFS
-    case ETOOMANYREFS: return "etoomanyrefs";
-#endif
-#ifdef ETXTBSY
-    case ETXTBSY: return "etxtbsy";
-#endif
-#ifdef EUCLEAN
-    case EUCLEAN: return "euclean";
-#endif
-#ifdef EUNATCH
-    case EUNATCH: return "eunatch";
-#endif
-#ifdef EUSERS
-    case EUSERS: return "eusers";
-#endif
-#ifdef EVERSION
-    case EVERSION: return "eversion";
-#endif
-#if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
-    case EWOULDBLOCK: return "ewouldblock";
-#endif
-#ifdef EXDEV
-    case EXDEV: return "exdev";
-#endif
-#ifdef EXFULL
-    case EXFULL: return "exfull";
-#endif
-#ifdef WSAEINTR
-    case WSAEINTR: return "eintr";
-#endif
-#ifdef WSAEBADF
-    case WSAEBADF: return "ebadf";
-#endif
-#ifdef WSAEACCES
-    case WSAEACCES: return "eacces";
-#endif
-#ifdef WSAEFAULT
-    case WSAEFAULT: return "efault";
-#endif
-#ifdef WSAEINVAL
-    case WSAEINVAL: return "einval";
-#endif
-#ifdef WSAEMFILE
-    case WSAEMFILE: return "emfile";
-#endif
-#ifdef WSAEWOULDBLOCK  
-    case WSAEWOULDBLOCK: return "ewouldblock";
-#endif
-#ifdef WSAEINPROGRESS  
-    case WSAEINPROGRESS: return "einprogress";
-#endif
-#ifdef WSAEALREADY     
-    case WSAEALREADY: return "ealready";
-#endif
-#ifdef WSAENOTSOCK     
-    case WSAENOTSOCK: return "enotsock";
-#endif
-#ifdef WSAEDESTADDRREQ 
-    case WSAEDESTADDRREQ: return "edestaddrreq";
-#endif
-#ifdef WSAEMSGSIZE     
-    case WSAEMSGSIZE: return "emsgsize";
-#endif
-#ifdef WSAEPROTOTYPE   
-    case WSAEPROTOTYPE: return "eprototype";
-#endif
-#ifdef WSAENOPROTOOPT  
-    case WSAENOPROTOOPT: return "enoprotoopt";
-#endif
-#ifdef WSAEPROTONOSUPPORT
-    case WSAEPROTONOSUPPORT: return "eprotonosupport";
-#endif
-#ifdef WSAESOCKTNOSUPPORT
-    case WSAESOCKTNOSUPPORT: return "esocktnosupport";
-#endif
-#ifdef WSAEOPNOTSUPP   
-    case WSAEOPNOTSUPP: return "eopnotsupp";
-#endif
-#ifdef WSAEPFNOSUPPORT 
-    case WSAEPFNOSUPPORT: return "epfnosupport";
-#endif
-#ifdef WSAEAFNOSUPPORT 
-    case WSAEAFNOSUPPORT: return "eafnosupport";
-#endif
-#ifdef WSAEADDRINUSE   
-    case WSAEADDRINUSE: return "eaddrinuse";
-#endif
-#ifdef WSAEADDRNOTAVAIL
-    case WSAEADDRNOTAVAIL: return "eaddrnotavail";
-#endif
-#ifdef WSAENETDOWN    
-    case WSAENETDOWN: return "enetdown";
-#endif
-#ifdef WSAENETUNREACH 
-    case WSAENETUNREACH: return "enetunreach";
-#endif
-#ifdef WSAENETRESET   
-    case WSAENETRESET: return "enetreset";
-#endif
-#ifdef WSAECONNABORTED
-    case WSAECONNABORTED: return "econnaborted";
-#endif
-#ifdef WSAECONNRESET  
-    case WSAECONNRESET: return "econnreset";
-#endif
-#ifdef WSAENOBUFS     
-    case WSAENOBUFS: return "enobufs";
-#endif
-#ifdef WSAEISCONN     
-    case WSAEISCONN: return "eisconn";
-#endif
-#ifdef WSAENOTCONN    
-    case WSAENOTCONN: return "enotconn";
-#endif
-#ifdef WSAESHUTDOWN   
-    case WSAESHUTDOWN: return "eshutdown";
-#endif
-#ifdef WSAETOOMANYREFS
-    case WSAETOOMANYREFS: return "etoomanyrefs";
-#endif
-#ifdef WSAETIMEDOUT   
-    case WSAETIMEDOUT: return "etimedout";
-#endif
-#ifdef WSAECONNREFUSED
-    case WSAECONNREFUSED: return "econnrefused";
-#endif
-#ifdef WSAELOOP
-    case WSAELOOP: return "eloop";
-#endif
-#ifdef WSAENAMETOOLONG
-    case WSAENAMETOOLONG: return "enametoolong";
-#endif
-#ifdef WSAEHOSTDOWN
-    case WSAEHOSTDOWN: return "ehostdown";
-#endif
-#ifdef WSAEHOSTUNREACH
-    case WSAEHOSTUNREACH: return "ehostunreach";
-#endif
-#ifdef WSAENOTEMPTY
-    case WSAENOTEMPTY: return "enotempty";
-#endif
-#ifdef WSAEPROCLIM
-    case WSAEPROCLIM: return "eproclim";
-#endif
-#ifdef WSAEUSERS
-    case WSAEUSERS: return "eusers";
-#endif
-#ifdef WSAEDQUOT
-    case WSAEDQUOT: return "edquot";
-#endif
-#ifdef WSAESTALE
-    case WSAESTALE: return "estale";
-#endif
-#ifdef WSAEREMOTE
-    case WSAEREMOTE: return "eremote";
-#endif
-#ifdef WSASYSNOTREADY
-    case WSASYSNOTREADY: return "sysnotready";
-#endif
-#ifdef WSAVERNOTSUPPORTED
-    case WSAVERNOTSUPPORTED: return "vernotsupported";
-#endif
-#ifdef WSANOTINITIALISED
-    case WSANOTINITIALISED: return "notinitialised";
-#endif
-#ifdef WSAEDISCON
-    case WSAEDISCON: return "ediscon";
-#endif
-#ifdef WSAENOMORE
-    case WSAENOMORE: return "enomore";
-#endif
-#ifdef WSAECANCELLED
-    case WSAECANCELLED: return "ecancelled";
-#endif
-#ifdef WSAEINVALIDPROCTABLE
-    case WSAEINVALIDPROCTABLE: return "einvalidproctable";
-#endif
-#ifdef WSAEINVALIDPROVIDER
-    case WSAEINVALIDPROVIDER: return "einvalidprovider";
-#endif
-#ifdef WSAEPROVIDERFAILEDINIT
-    case WSAEPROVIDERFAILEDINIT: return "eproviderfailedinit";
-#endif
-#ifdef WSASYSCALLFAILURE
-    case WSASYSCALLFAILURE: return "syscallfailure";
-#endif
-#ifdef WSASERVICE_NOT_FOUND
-    case WSASERVICE_NOT_FOUND: return "service_not_found";
-#endif
-#ifdef WSATYPE_NOT_FOUND
-    case WSATYPE_NOT_FOUND: return "type_not_found";
-#endif
-#ifdef WSA_E_NO_MORE
-    case WSA_E_NO_MORE: return "e_no_more";
-#endif
-#ifdef WSA_E_CANCELLED
-    case WSA_E_CANCELLED: return "e_cancelled";
-#endif
-    default:
-	sprintf(errstrbuf, "unknown:%d", error); 
-	return errstrbuf;
-    }
-}
-
diff --git a/lib/ssl/c_src/esock_posix_str.h b/lib/ssl/c_src/esock_posix_str.h
deleted file mode 100644
index 53916c888a..0000000000
--- a/lib/ssl/c_src/esock_posix_str.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- *  %CopyrightBegin%
- *  
- *  Copyright Ericsson AB 1999-2009. All Rights Reserved.
- *  
- *  The contents of this file are subject to the Erlang Public License,
- *  Version 1.1, (the "License"); you may not use this file except in
- *  compliance with the License. You should have received a copy of the
- *  Erlang Public License along with this software. If not, it can be
- *  retrieved online at http://www.erlang.org/.
- *  
- *  Software distributed under the License is distributed on an "AS IS"
- *  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- *  the License for the specific language governing rights and limitations
- *  under the License.
- *  
- *  %CopyrightEnd%
- */
-
-/* esock_posix_str.h */
-
-#ifndef ESOCK_POSIX_STR_H
-#define ESOCK_POSIX_STR_H
-
-char *esock_posix_str(int error);
-
-#endif
-
diff --git a/lib/ssl/c_src/esock_ssl.h b/lib/ssl/c_src/esock_ssl.h
deleted file mode 100644
index 535e9a6491..0000000000
--- a/lib/ssl/c_src/esock_ssl.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/*<copyright>
- * <year>1999-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-/*
- * Purpose: Header file for adaptions to various SSL packages.
- */
-
-#ifndef ESOCK_SSL_H
-#define ESOCK_SSL_H
-
-#include <sys/types.h>
-#include <stdio.h>
-#include "esock.h"
-
-typedef struct {
-    const char *compile_version;/* version of OpenSSL when compiling esock */
-    const char *lib_version;	/* version of OpenSSL in library */
-} esock_version;
-
-/* Variables to be set by certain functions (see below) */
-char *esock_ssl_errstr;
-
-/* Ephemeral RSA and DH */
-int ephemeral_rsa, ephemeral_dh;
-
-/* Protocol version (sslv2, sslv3, tlsv1) */
-int protocol_version;
-
-/* version info */
-esock_version *esock_ssl_version(void);
-
-/* ciphers info */
-char *esock_ssl_ciphers(void);
-
-/* seeding */
-void esock_ssl_seed(void *buf, int len);
-
-/* Initialization and finalization of SSL */
-
-int esock_ssl_init(void);
-void esock_ssl_finish(void);
-
-/* Freeing of SSL resources for a connection */
-
-void esock_ssl_free(Connection *cp);
-
-/* Print error diagnostics to a file pointer */
-
-void esock_ssl_print_errors_fp(FILE *fp);
-
-/* All functions below have to return >= 0 on success, and < 0 on 
- * failure. 
- * 
- * If the return indicates a failure (return value < 0) and the failure
- * is temporary the error context (sock_errno()/sock_set_errno()) must
- * be set to ERRNO_BLOCK. 
- *
- * If the failure is permanent, the error context must be set to something
- * else than ERRNO_BLOCK, and `esock_ssl_errstr' must be set to point to
- * short diagnostic string describing the error.
- */
-
-int esock_ssl_accept_init(Connection *cp, void *listenssl);
-int esock_ssl_connect_init(Connection *cp);
-int esock_ssl_listen_init(Connection *cp);
-
-/* All functions below may involve non-blocking I/O with a temporary
- * failure.  Hence they have to have the error context set to
- * ERRNO_BLOCK, or else have esock_ssl_errstr set to point to a
- * diagnostic string, in case the return value is < 0. If the return
- * value is 0, cp->eof and cp->bp are set, if appropritate.
- */
-
-int esock_ssl_accept(Connection *cp);
-int esock_ssl_connect(Connection *cp);
-
-int esock_ssl_read(Connection *cp, char *buf, int len);
-int esock_ssl_write(Connection *cp, char *buf, int len);
-
-int esock_ssl_shutdown(Connection *cp);
-
-/* Peer certificate */
-
-int esock_ssl_getpeercert(Connection *cp, unsigned char **buf);
-int esock_ssl_getpeercertchain(Connection *cp, unsigned char **buf);
-
-/* Sessions */
-int esock_ssl_session_reused(Connection *cp);
-
-/* Protocol version and cipher of established connection */
-int esock_ssl_getprotocol_version(Connection *cp, char **buf);
-int esock_ssl_getcipher(Connection *cp, char **buf);
-
-#endif
diff --git a/lib/ssl/c_src/esock_utils.c b/lib/ssl/c_src/esock_utils.c
deleted file mode 100644
index 0098a4f5f6..0000000000
--- a/lib/ssl/c_src/esock_utils.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- *  %CopyrightBegin%
- *  
- *  Copyright Ericsson AB 1999-2009. All Rights Reserved.
- *  
- *  The contents of this file are subject to the Erlang Public License,
- *  Version 1.1, (the "License"); you may not use this file except in
- *  compliance with the License. You should have received a copy of the
- *  Erlang Public License along with this software. If not, it can be
- *  retrieved online at http://www.erlang.org/.
- *  
- *  Software distributed under the License is distributed on an "AS IS"
- *  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- *  the License for the specific language governing rights and limitations
- *  under the License.
- *  
- *  %CopyrightEnd%
- */
-
-/*
- * Purpose: Safe memory allocation and other utilities.
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "esock_utils.h"
-
-static char *strtok_quote(char *s1, const char *s2);
-
-
-void *esock_malloc(size_t size)
-{
-    void *p;
-
-    p = malloc(size);
-    if (!p) {
-	fprintf(stderr, "esock_malloc: cannot alloc %d bytes\n", size);
-	exit(EXIT_FAILURE);
-    }
-    return p;
-}
-
-void *esock_realloc(void *p, size_t size)
-{
-    void *np;
-
-    np = realloc(p, size);
-    if (!np) {
-	fprintf(stderr, "esock_realloc: cannot realloc %d bytes\n", size);
-	exit(EXIT_FAILURE);
-    }
-    return np;
-}
-
-void esock_free(void *p)
-{
-    free(p);
-}
-
-/* Builds an argv array from cmd. Spaces and tabs within double quotes
- * are not considered delimiters. Double quotes are removed.
- * 
- * The return value is argc, and the pointer to char ** is set. argc 
- * is non-negative, argv[0], ..., argv[argc - 1] are pointers to
- * strings, and argv[argc] == NULL.  All argv[0], ..., argv[argc - 1]
- * must be freed by the user, and also the argv pointer itself. 
- *
- * Example: cmd = abc"/program files/"olle nisse, results in 
- * argv[0] = abc/program files/olle, argv[1] = nisse, argc = 2.
- *
- */
-int esock_build_argv(char *cmd, char ***argvp)
-{
-    int argvsize = 10, argc = 0;
-    char *args, *tokp, *argp;
-    char **argv;
-
-    argv = esock_malloc(argvsize * sizeof(char *));
-    args = esock_malloc(strlen(cmd) + 1);
-    strcpy(args, cmd);
-    tokp = strtok_quote(args, " \t");
-    while (tokp != NULL) {
-	if (argc + 1 >= argvsize) {
-	    argvsize += 10;
-	    argv = esock_realloc(argv, argvsize * sizeof(char *));
-	}
-	argp = esock_malloc(strlen(tokp) + 1);
-	strcpy(argp, tokp);
-	argv[argc++] = argp;
-	tokp = strtok_quote(NULL, " \t");
-    }
-    esock_free(args);
-    argv[argc] = NULL;
-    *argvp = argv;
-    return argc;
-}
-
-/* strtok_quote
- * Works as strtok, but characters within pairs of double quotes are not 
- * considered as delimiters. Quotes are removed.
- */
-static char *strtok_quote(char *s1, const char *s2)
-{
-    static char *last;
-    char *s, *t, *u;
-
-    s = (s1) ? s1 : last;
-    if (!s) 
-	return last = NULL;
-
-    while (*s != '"' && *s != '\0' && strchr(s2, *s))
-	s++;
-    t = s;
-
-    while (1) {
-	if (*t == '"') {
-	    t++;
-	    while (*t != '"' && *t != '\0')
-		t++;
-	    if (*t == '\0') {
-		last = NULL;
-		goto end;
-	    }
-	    t++;
-	}
-	while(*t != '"' && *t != '\0' && !strchr(s2, *t))
-	    t++;
-	if (*t == '\0') {
-	    last = NULL;
-	    goto end;
-	} else if (*t != '"') {
-	    *t = '\0';
-	    last = t + 1;
-	    goto end;
-	}
-    }
-end:
-    /* Remove quotes */
-    u = t = s;
-    while (*u) {
-	if (*u == '"')
-	    u++;
-	else 
-	    *t++ = *u++;
-    }
-    *t = '\0';
-    return s;
-}
-
diff --git a/lib/ssl/c_src/esock_utils.h b/lib/ssl/c_src/esock_utils.h
deleted file mode 100644
index 99ed6c23e3..0000000000
--- a/lib/ssl/c_src/esock_utils.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- *  %CopyrightBegin%
- *  
- *  Copyright Ericsson AB 1999-2009. All Rights Reserved.
- *  
- *  The contents of this file are subject to the Erlang Public License,
- *  Version 1.1, (the "License"); you may not use this file except in
- *  compliance with the License. You should have received a copy of the
- *  Erlang Public License along with this software. If not, it can be
- *  retrieved online at http://www.erlang.org/.
- *  
- *  Software distributed under the License is distributed on an "AS IS"
- *  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- *  the License for the specific language governing rights and limitations
- *  under the License.
- *  
- *  %CopyrightEnd%
- */
-
-#ifndef ESOCK_UTILS_H
-#define ESOCK_UTILS_H
-
-#include <stdlib.h>
-
-void *esock_malloc(size_t size);
-void *esock_realloc(void *p, size_t size);
-void esock_free(void *p);
-int esock_build_argv(char *cmd, char ***argvp);
-
-#endif
-
-
diff --git a/lib/ssl/c_src/esock_winsock.h b/lib/ssl/c_src/esock_winsock.h
deleted file mode 100644
index 069782a18d..0000000000
--- a/lib/ssl/c_src/esock_winsock.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*<copyright>
- * <year>2003-2008</year>
- * <holder>Ericsson AB, All Rights Reserved</holder>
- *</copyright>
- *<legalnotice>
- * The contents of this file are subject to the Erlang Public License,
- * Version 1.1, (the "License"); you may not use this file except in
- * compliance with the License. You should have received a copy of the
- * Erlang Public License along with this software. If not, it can be
- * retrieved online at http://www.erlang.org/.
- *
- * Software distributed under the License is distributed on an "AS IS"
- * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
- * the License for the specific language governing rights and limitations
- * under the License.
- *
- * The Initial Developer of the Original Code is Ericsson AB.
- *</legalnotice>
- */
-/*
- * Purpose:  Control winsock version and setting of FD_SETSIZE.
- *
- */
-
-/* Maybe set FD_SETSIZE */
-
-#ifdef ESOCK_WINSOCK2
-#include <winsock2.h>
-#else
-#include <winsock.h>
-/* These are defined in winsock2.h but not in winsock.h */
-#define SD_RECEIVE      0x00
-#define SD_SEND         0x01
-#define SD_BOTH         0x02
-#endif
-
diff --git a/lib/ssl/doc/src/Makefile b/lib/ssl/doc/src/Makefile
index 3119d37af0..5d808d6727 100644
--- a/lib/ssl/doc/src/Makefile
+++ b/lib/ssl/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -37,7 +37,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
 # Target Specs
 # ----------------------------------------------------
 XML_APPLICATION_FILES = refman.xml
-XML_REF3_FILES = ssl.xml old_ssl.xml ssl_session_cache_api.xml
+XML_REF3_FILES = ssl.xml ssl_session_cache_api.xml
 XML_REF6_FILES = ssl_app.xml
 
 XML_PART_FILES = release_notes.xml usersguide.xml
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 5df2632149..1e1fe0d119 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,7 +30,101 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section><title>SSL 4.1.6</title>
+  <section><title>SSL 5.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Invalidation handling of sessions could cause the
+	    time_stamp field in the session record to be set to
+	    undefined crashing the session clean up process. This did
+	    not affect the connections but would result in that the
+	    session table would grow.</p>
+          <p>
+	    Own Id: OTP-9696 Aux Id: seq11947 </p>
+        </item>
+        <item>
+          <p>
+	    Changed code to use ets:foldl and throw instead of
+	    ets:next traversal, avoiding the need to explicitly call
+	    ets:safe_fixtable. It was possible to get a badarg-crash
+	    under special circumstances.</p>
+          <p>
+	    Own Id: OTP-9703 Aux Id: seq11947 </p>
+        </item>
+        <item>
+          <p>
+	    Send ssl_closed notification to active ssl user when a
+	    tcp error occurs.</p>
+          <p>
+	    Own Id: OTP-9734 Aux Id: seq11946 </p>
+        </item>
+        <item>
+          <p>
+	    If a passive receive was ongoing during a renegotiation
+	    the process evaluating ssl:recv could be left hanging for
+	    ever.</p>
+          <p>
+	    Own Id: OTP-9744</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Support for the old ssl implementation is dropped and the
+	    code is removed.</p>
+          <p>
+	    Own Id: OTP-7048</p>
+        </item>
+        <item>
+          <p>
+	    The erlang distribution can now be run over the new ssl
+	    implementation. All options can currently not be set but
+	    it is enough to replace to old ssl implementation.</p>
+          <p>
+	    Own Id: OTP-7053</p>
+        </item>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+          <p>
+	    Implements a CBC timing attack counter measure. Thanks to
+	    Andreas Schultz for providing the patch.</p>
+          <p>
+	    Own Id: OTP-9683</p>
+        </item>
+        <item>
+          <p>
+	    Mitigates an SSL/TLS Computational DoS attack by
+	    disallowing the client to renegotiate many times in a row
+	    in a short time interval, thanks to Tuncer Ayaz for
+	    alerting us about this.</p>
+          <p>
+	    Own Id: OTP-9739</p>
+        </item>
+        <item>
+          <p>
+	    Implements the 1/n-1 splitting countermeasure to the
+	    Rizzo Duong BEAST attack, affects SSL 3.0 and TLS 1.0.
+	    Thanks to Tuncer Ayaz for alerting us about this.</p>
+          <p>
+	    Own Id: OTP-9750</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.1.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssl/doc/src/old_ssl.xml b/lib/ssl/doc/src/old_ssl.xml
deleted file mode 100644
index 0d2e1afdbd..0000000000
--- a/lib/ssl/doc/src/old_ssl.xml
+++ /dev/null
@@ -1,709 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE erlref SYSTEM "erlref.dtd">
-
-<erlref>
-  <header>
-    <copyright>
-      <year>1999</year><year>2010</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-
-    </legalnotice>
-
-    <title>ssl</title>
-    <prepared>Peter H&ouml;gfeldt</prepared>
-    <responsible>Peter H&ouml;gfeldt</responsible>
-    <docno></docno>
-    <approved>Peter H&ouml;gfeldt</approved>
-    <checked></checked>
-    <date>2003-03-25</date>
-    <rev>D</rev>
-    <file>old_ssl.xml</file>
-  </header>
-  <module>old_ssl</module>
-  <modulesummary>Interface Functions for Secure Socket Layer</modulesummary>
-  <description>
-    <p>This module contains interface functions to the Secure Socket Layer.</p>
-  </description>
-
-  <section>
-    <title>General</title>
-
-    <p>This manual page describes functions that are defined
-      in the ssl module and represents the old ssl implementation
-      that coexists with the new one until it has been
-      totally phased out. </p>
-
-   <p>The old implementation can be
-      accessed by providing the option {ssl_imp, old} to the
-      ssl:connect and ssl:listen functions.</p>
-      
-    <p>The reader is advised to also read the <c>ssl(6)</c> manual page
-      describing the SSL application.
-      </p>
-    <warning>
-      <p>It is strongly advised to seed the random generator after
-        the ssl application has been started (see <c>seed/1</c>
-        below), and before any connections are established. Although
-        the port program interfacing to the ssl libraries does a
-        "random" seeding of its own in order to make everything work
-        properly, that seeding is by no means random for the world
-        since it has a constant value which is known to everyone
-        reading the source code of the port program.</p>
-    </warning>
-  </section>
-
-  <section>
-    <title>Common data types</title>
-    <p>The following datatypes are used in the functions below:
-      </p>
-    <list type="bulleted">
-      <item>
-        <p><c>options() = [option()]</c></p>
-      </item>
-      <item>
-        <p><c>option() = socketoption() | ssloption()</c></p>
-      </item>
-      <item>
-        <p><c>socketoption() = {mode, list} | {mode, binary} |  binary | {packet, packettype()} | {header, integer()} | {nodelay, boolean()} | {active, activetype()} |  {backlog, integer()} | {ip, ipaddress()} | {port, integer()}</c></p>
-      </item>
-      <item>
-        <p><c>ssloption() = {verify, code()} | {depth, depth()} |  {certfile, path()} | {keyfile, path()} | {password, string()} | {cacertfile, path()} | {ciphers, string()}</c></p>
-      </item>
-      <item>
-        <p><c>packettype()</c>  (see inet(3))</p>
-      </item>
-      <item>
-        <p><c>activetype()</c>  (see inet(3))</p>
-      </item>
-      <item>
-        <p><c>reason() = atom() | {atom(), string()}</c></p>
-      </item>
-      <item>
-        <p><c>bytes() = [byte()]</c></p>
-      </item>
-      <item>
-        <p><c>string() = [byte()]</c></p>
-      </item>
-      <item>
-        <p><c>byte() = 0 | 1 | 2 | ... | 255</c></p>
-      </item>
-      <item>
-        <p><c>code() = 0 | 1 | 2</c></p>
-      </item>
-      <item>
-        <p><c>depth() = byte()</c></p>
-      </item>
-      <item>
-        <p><c>address() = hostname() | ipstring() | ipaddress()</c></p>
-      </item>
-      <item>
-        <p><c>ipaddress() = ipstring() | iptuple()</c></p>
-      </item>
-      <item>
-        <p><c>hostname() = string()</c></p>
-      </item>
-      <item>
-        <p><c>ipstring() = string()</c></p>
-      </item>
-      <item>
-        <p><c>iptuple() = {byte(), byte(), byte(), byte()}</c></p>
-      </item>
-      <item>
-        <p><c>sslsocket()</c></p>
-      </item>
-      <item>
-        <p><c>protocol() = sslv2 | sslv3 | tlsv1</c></p>
-      </item>
-      <item>
-        <p><c></c></p>
-      </item>
-    </list>
-    <p>The socket option <c>{backlog, integer()}</c> is for
-      <c>listen/2</c> only, and the option <c>{port, integer()}</c>
-      is for <c>connect/3/4</c> only. 
-      </p>
-    <p>The following socket options are set by default: <c>{mode, list}</c>, <c>{packet, 0}</c>, <c>{header, 0}</c>, <c>{nodelay, false}</c>, <c>{active, true}</c>, <c>{backlog, 5}</c>,
-      <c>{ip, {0,0,0,0}}</c>, and <c>{port, 0}</c>.
-      </p>
-    <p>Note that the options <c>{mode, binary}</c> and <c>binary</c>
-      are equivalent. Similarly <c>{mode, list}</c> and the absence of
-      option <c>binary</c> are equivalent. 
-      </p>
-    <p>The ssl options are for setting specific SSL parameters as follows:
-      </p>
-    <list type="bulleted">
-      <item>
-        <p><c>{verify, code()}</c> Specifies type of verification:
-          0 = do not verify peer; 1 = verify peer, 2 = verify peer,
-          fail if no peer certificate.  The default value is 0.
-          </p>
-      </item>
-      <item>
-        <p><c>{depth, depth()}</c> Specifies the maximum
-          verification depth, i.e. how far in a chain of certificates
-          the verification process can proceed before the verification
-          is considered to fail. 
-          </p>
-        <p>Peer certificate = 0, CA certificate = 1, higher level CA
-          certificate = 2, etc.  The value 2 thus means that a chain
-          can at most contain peer cert, CA cert, next CA cert, and an
-          additional CA cert.
-          </p>
-        <p>The default value is 1.
-          </p>
-      </item>
-      <item>
-        <p><c>{certfile, path()}</c> Path to a file containing the
-          user's certificate.
-          chain of PEM encoded certificates.</p>
-      </item>
-      <item>
-        <p><c>{keyfile, path()}</c> Path to file containing user's
-          private PEM encoded key.</p>
-      </item>
-      <item>
-        <p><c>{password, string()}</c> String containing the user's
-          password. Only used if the private keyfile is password protected.</p>
-      </item>
-      <item>
-        <p><c>{cacertfile, path()}</c> Path to file containing PEM encoded
-          CA certificates (trusted certificates used for verifying a peer
-          certificate).</p>
-      </item>
-      <item>
-        <p><c>{ciphers, string()}</c> String of ciphers as a colon
-          separated list of ciphers. The function <c>ciphers/0</c> can
-          be used to find all available ciphers.</p>
-      </item>
-    </list>
-    <p>The type <c>sslsocket()</c> is opaque to the user.
-      </p>
-    <p>The owner of a socket is the one that created it by a call to
-      <c>transport_accept/[1,2]</c>,  <c>connect/[3,4]</c>,
-      or <c>listen/2</c>.
-      </p>
-    <p>When a socket is in active mode (the default), data from the
-      socket is delivered to the owner of the socket in the form of
-      messages:
-      </p>
-    <list type="bulleted">
-      <item>
-        <p><c>{ssl, Socket, Data}</c></p>
-      </item>
-      <item>
-        <p><c>{ssl_closed, Socket}</c></p>
-      </item>
-      <item>
-        <p><c>{ssl_error, Socket, Reason}</c></p>
-      </item>
-    </list>
-    <p>A <c>Timeout</c> argument specifies a timeout in milliseconds. The 
-      default value for a <c>Timeout</c> argument is <c>infinity</c>.
-      </p>
-    <p>Functions listed below may return the value <c>{error, closed}</c>, which only indicates that the SSL socket is
-      considered closed for the operation in question. It is for
-      instance possible to have <c>{error, closed}</c> returned from
-      an call to <c>send/2</c>, and a subsequent call to <c>recv/3</c>
-      returning <c>{ok, Data}</c>.
-      </p>
-    <p>Hence a return value of <c>{error, closed}</c> must not be
-      interpreted as if the socket was completely closed. On the
-      contrary, in order to free all resources occupied by an SSL
-      socket, <c>close/1</c> must be called, or else the process owning
-      the socket has to terminate.
-      </p>
-    <p>For each SSL socket there is an Erlang process representing the
-      socket.  When a socket is opened, that process links to the
-      calling client process.  Implementations that want to detect
-      abnormal exits from the socket process by receiving <c>{'EXIT', Pid, Reason}</c> messages, should use the function <c>pid/1</c>
-      to retrieve the process identifier from the socket, in order to
-      be able to match exit messages properly.</p>
-  </section>
-  <funcs>
-    <func>
-      <name>ciphers() -> {ok, string()} | {error, enotstarted}</name>
-      <fsummary>Get supported ciphers.</fsummary>
-      <desc>
-        <p>Returns a string consisting of colon separated cipher
-          designations that are supported by the current SSL library
-          implementation.
-          </p>
-        <p>The SSL application has to be started to return the string
-          of ciphers.</p>
-      </desc>
-    </func>
-    <func>
-      <name>close(Socket) -> ok | {error, Reason}</name>
-      <fsummary>Close a socket returned by <c>transport_accept/[1,2]</c>, <c>connect/3/4</c>, or <c>listen/2</c>.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-      </type>
-      <desc>
-	<p>Closes a socket returned by <c>transport_accept/[1,2]</c>,
-	<c>connect/[3,4]</c>, or <c>listen/2</c></p>
-      </desc>
-    </func>
-    <func>
-      <name>connect(Address, Port, Options) -> {ok, Socket} | {error, Reason}</name>
-      <name>connect(Address, Port, Options, Timeout) -> {ok, Socket} | {error, Reason}</name>
-      <fsummary>Connect to <c>Port</c>at <c>Address</c>.</fsummary>
-      <type>
-        <v>Address = address()</v>
-        <v>Port = integer()</v>
-        <v>Options = [connect_option()]</v>
-        <v>connect_option() = {mode, list} | {mode, binary} | binary | {packet, packettype()} | {header, integer()} | {nodelay, boolean()} | {active, activetype()} | {ip, ipaddress()} | {port, integer()} | {verify, code()} | {depth, depth()} | {certfile, path()} | {keyfile, path()} | {password, string()} | {cacertfile, path()} | {ciphers, string()}</v>
-        <v>Timeout = integer()</v>
-        <v>Socket = sslsocket()</v>
-      </type>
-      <desc>
-        <p>Connects to <c>Port</c> at <c>Address</c>. If the optional 
-          <c>Timeout</c> argument is specified, and a connection could not
-          be established within the given time, <c>{error, timeout}</c> is
-          returned. The default value for <c>Timeout</c> is <c>infinity</c>.
-          </p>
-        <p>The <c>ip</c> and <c>port</c> options are for binding to a 
-          particular <em>local</em> address and port, respectively.</p>
-      </desc>
-    </func>
-    <func>
-      <name>connection_info(Socket) -> {ok, {Protocol, Cipher}} | {error, Reason}</name>
-      <fsummary>Get current protocol version and cipher.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>Protocol = protocol()</v>
-        <v>Cipher = string()</v>
-      </type>
-      <desc>
-        <p>Gets the chosen protocol version and cipher for an established
-          connection (accepted och connected). </p>
-      </desc>
-    </func>
-    <func>
-      <name>controlling_process(Socket, NewOwner) -> ok | {error, Reason}</name>
-      <fsummary>Assign a new controlling process to the socket.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>NewOwner = pid()</v>
-      </type>
-      <desc>
-        <p>Assigns a new controlling process to <c>Socket</c>. A controlling
-          process is the owner of a socket, and receives all messages from
-          the socket.</p>
-      </desc>
-    </func>
-    <func>
-      <name>format_error(ErrorCode) -> string()</name>
-      <fsummary>Return an error string.</fsummary>
-      <type>
-        <v>ErrorCode = term()</v>
-      </type>
-      <desc>
-        <p>Returns a diagnostic string describing an error.</p>
-      </desc>
-    </func>
-    <func>
-      <name>getopts(Socket, OptionsTags) -> {ok, Options} | {error, Reason}</name>
-      <fsummary>Get options set for socket</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>OptionTags = [optiontag()]()</v>
-      </type>
-      <desc>
-        <p>Returns the options the tags of which are <c>OptionTags</c> for
-          for the socket <c>Socket</c>. </p>
-      </desc>
-    </func>
-    <func>
-      <name>listen(Port, Options) -> {ok, ListenSocket} | {error, Reason}</name>
-      <fsummary>Set up a socket to listen on a port on the local host.</fsummary>
-      <type>
-        <v>Port = integer()</v>
-        <v>Options = [listen_option()]</v>
-        <v>listen_option() = {mode, list} | {mode, binary} | binary | {packet, packettype()} | {header, integer()} | {active, activetype()} | {backlog, integer()} | {ip, ipaddress()} | {verify, code()} | {depth, depth()} | {certfile, path()} | {keyfile, path()} | {password, string()} | {cacertfile, path()} | {ciphers, string()}</v>
-        <v>ListenSocket = sslsocket()</v>
-      </type>
-      <desc>
-        <p>Sets up a socket to listen on port <c>Port</c> at the local host.
-          If <c>Port</c> is zero, <c>listen/2</c> picks an available port
-          number (use <c>port/1</c> to retrieve it).
-          </p>
-        <p>The listen queue size defaults to 5. If a different value is 
-          wanted, the option <c>{backlog, Size}</c> should be added to the 
-          list of options.
-          </p>
-        <p>An empty <c>Options</c> list is considered an error, and
-          <c>{error, enooptions}</c> is returned.
-          </p>
-        <p>The returned <c>ListenSocket</c> can only be used in calls to 
-          <c>transport_accept/[1,2]</c>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>peercert(Socket) -> {ok, Cert} |  {error, Reason}</name>
-      <fsummary>Return the peer certificate.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>Cert = binary()()</v>
-        <v>Subject = term()()</v>
-      </type>
-      <desc>
-	<p>Returns the DER encoded peer certificate, the certificate can be decoded with
-	  <c>public_key:pkix_decode_cert/2</c>.
-	</p>
-      </desc>
-    </func>
-    <func>
-      <name>peername(Socket) -> {ok, {Address, Port}} | {error, Reason}</name>
-      <fsummary>Return peer address and port.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>Address = ipaddress()</v>
-        <v>Port = integer()</v>
-      </type>
-      <desc>
-        <p>Returns the address and port number of the peer.</p>
-      </desc>
-    </func>
-    <func>
-      <name>pid(Socket) -> pid()</name>
-      <fsummary>Return the pid of the socket process.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-      </type>
-      <desc>
-        <p>Returns the pid of the socket process. The returned pid should
-          only be used for receiving exit messages.</p>
-      </desc>
-    </func>
-    <func>
-      <name>recv(Socket, Length) -> {ok, Data} | {error, Reason}</name>
-      <name>recv(Socket, Length, Timeout) -> {ok, Data} | {error, Reason}</name>
-      <fsummary>Receive data on socket.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>Length = integer() >= 0</v>
-        <v>Timeout = integer()</v>
-        <v>Data = bytes() | binary()</v>
-      </type>
-      <desc>
-        <p>Receives data on socket <c>Socket</c> when the socket is in
-          passive mode, i.e. when the option <c>{active, false}</c>
-          has been specified.
-          </p>
-        <p>A notable return value is <c>{error, closed}</c> which
-          indicates that the socket is closed.
-          </p>
-        <p>A positive value of the <c>Length</c> argument is only
-          valid when the socket is in raw mode (option <c>{packet, 0}</c> is set, and the option <c>binary</c> is <em>not</em>
-          set); otherwise it should be set to 0, whence all available
-          bytes are returned.
-          </p>
-        <p>If the optional <c>Timeout</c> parameter is specified, and
-          no data was available within the given time, <c>{error, timeout}</c> is returned. The default value for
-          <c>Timeout</c> is <c>infinity</c>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>seed(Data) -> ok | {error, Reason}</name>
-      <fsummary>Seed the ssl random generator.</fsummary>
-      <type>
-        <v>Data = iolist() | binary()</v>
-      </type>
-      <desc>
-        <p>Seeds the ssl random generator.
-          </p>
-        <p>It is strongly advised to seed the random generator after
-          the ssl application has been started, and before any
-          connections are established. Although the port program
-          interfacing to the OpenSSL libraries does a "random" seeding
-          of its own in order to make everything work properly, that
-          seeding is by no means random for the world since it has a 
-          constant value which is known to everyone reading the source
-          code of the seeding. 
-          </p>
-        <p>A notable return value is <c>{error, edata}}</c> indicating that
-          <c>Data</c> was not a binary nor an iolist.</p>
-      </desc>
-    </func>
-    <func>
-      <name>send(Socket, Data) -> ok | {error, Reason}</name>
-      <fsummary>Write data to a socket.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>Data = iolist() | binary()</v>
-      </type>
-      <desc>
-        <p>Writes <c>Data</c> to <c>Socket</c>. </p>
-        <p>A notable return value is <c>{error, closed}</c> indicating that
-          the socket is closed.</p>
-      </desc>
-    </func>
-    <func>
-      <name>setopts(Socket, Options) -> ok | {error, Reason}</name>
-      <fsummary>Set socket options.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>Options = [socketoption]()</v>
-      </type>
-      <desc>
-        <p>Sets options according to <c>Options</c> for the socket 
-          <c>Socket</c>. </p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_accept(Socket) -> ok | {error, Reason}</name>
-      <name>ssl_accept(Socket, Timeout) -> ok | {error, Reason}</name>
-      <fsummary>Perform server-side SSL handshake and key exchange</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>Timeout = integer()</v>
-        <v>Reason = atom()</v>
-      </type>
-      <desc>
-        <p>The <c>ssl_accept</c> function establish the SSL connection
-          on the server side. It should be called directly after
-          <c>transport_accept</c>, in the spawned server-loop.</p>
-        <p>Note that the ssl connection is not complete until <c>ssl_accept</c>
-          has returned <c>true</c>, and if an error is returned, the socket
-          is unavailable and for instance <c>close/1</c> will crash.</p>
-      </desc>
-    </func>
-    <func>
-      <name>sockname(Socket) -> {ok, {Address, Port}} | {error, Reason}</name>
-      <fsummary>Return the local address and port.</fsummary>
-      <type>
-        <v>Socket = sslsocket()</v>
-        <v>Address = ipaddress()</v>
-        <v>Port = integer()</v>
-      </type>
-      <desc>
-        <p>Returns the local address and port number of the socket
-          <c>Socket</c>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>transport_accept(Socket) -> {ok, NewSocket} | {error, Reason}</name>
-      <name>transport_accept(Socket, Timeout) -> {ok, NewSocket} | {error, Reason}</name>
-      <fsummary>Accept an incoming connection and prepare for <c>ssl_accept</c></fsummary>
-      <type>
-        <v>Socket = NewSocket = sslsocket()</v>
-        <v>Timeout = integer()</v>
-        <v>Reason = atom()</v>
-      </type>
-      <desc>
-        <p>Accepts an incoming connection request on a listen socket.
-          <c>ListenSocket</c> must be a socket returned from <c>listen/2</c>.
-          The socket returned should be passed to <c>ssl_accept</c> to
-          complete ssl handshaking and establishing the connection.</p>
-        <warning>
-          <p>The socket returned can only be used with <c>ssl_accept</c>,
-            no traffic can be sent or received before that call.</p>
-        </warning>
-        <p>The accepted socket inherits the options set for <c>ListenSocket</c>
-          in <c>listen/2</c>.</p>
-        <p>The default value for <c>Timeout</c> is <c>infinity</c>. If 
-          <c>Timeout</c> is specified, and no connection is accepted within
-          the given time, <c>{error, timeout}</c> is returned.</p>
-      </desc>
-    </func>
-    <func>
-      <name>version() -> {ok, {SSLVsn, CompVsn, LibVsn}}</name>
-      <fsummary>Return the version of SSL.</fsummary>
-      <type>
-        <v>SSLVsn = CompVsn = LibVsn = string()()</v>
-      </type>
-      <desc>
-        <p>Returns the SSL application version (<c>SSLVsn</c>), the library
-          version used when compiling the SSL application port program
-          (<c>CompVsn</c>), and the actual library version used when
-          dynamically linking in runtime (<c>LibVsn</c>).
-          </p>
-        <p>If the SSL application has not been started, <c>CompVsn</c> and
-          <c>LibVsn</c> are empty strings.
-          </p>
-      </desc>
-    </func>
-  </funcs>
-
-  <section>
-    <title>ERRORS</title>
-    <p>The possible error reasons and the corresponding diagnostic strings 
-      returned by <c>format_error/1</c> are either the same as those defined
-      in the <c>inet(3)</c> reference manual, or as follows:
-      </p>
-    <taglist>
-      <tag><c>closed</c></tag>
-      <item>
-        <p>Connection closed for the operation in question.
-          </p>
-      </item>
-      <tag><c>ebadsocket</c></tag>
-      <item>
-        <p>Connection not found (internal error).
-          </p>
-      </item>
-      <tag><c>ebadstate</c></tag>
-      <item>
-        <p>Connection not in connect state (internal error).
-          </p>
-      </item>
-      <tag><c>ebrokertype</c></tag>
-      <item>
-        <p>Wrong broker type (internal error).
-          </p>
-      </item>
-      <tag><c>ecacertfile</c></tag>
-      <item>
-        <p>Own CA certificate file is invalid.
-          </p>
-      </item>
-      <tag><c>ecertfile</c></tag>
-      <item>
-        <p>Own certificate file is invalid.
-          </p>
-      </item>
-      <tag><c>echaintoolong</c></tag>
-      <item>
-        <p>The chain of certificates provided by peer is too long.
-          </p>
-      </item>
-      <tag><c>ecipher</c></tag>
-      <item>
-        <p>Own list of specified ciphers is invalid.
-          </p>
-      </item>
-      <tag><c>ekeyfile</c></tag>
-      <item>
-        <p>Own private key file is invalid.
-          </p>
-      </item>
-      <tag><c>ekeymismatch</c></tag>
-      <item>
-        <p>Own private key does not match own certificate.
-          </p>
-      </item>
-      <tag><c>enoissuercert</c></tag>
-      <item>
-        <p>Cannot find certificate of issuer of certificate provided
-          by peer.
-          </p>
-      </item>
-      <tag><c>enoservercert</c></tag>
-      <item>
-        <p>Attempt to do accept without having set own certificate.
-          </p>
-      </item>
-      <tag><c>enotlistener</c></tag>
-      <item>
-        <p>Attempt to accept on a non-listening socket.
-          </p>
-      </item>
-      <tag><c>enoproxysocket</c></tag>
-      <item>
-        <p>No proxy socket found (internal error).
-          </p>
-      </item>
-      <tag><c>enooptions</c></tag>
-      <item>
-        <p>The list of options is empty.
-          </p>
-      </item>
-      <tag><c>enotstarted</c></tag>
-      <item>
-        <p>The SSL application has not been started.
-          </p>
-      </item>
-      <tag><c>eoptions</c></tag>
-      <item>
-        <p>Invalid list of options.
-          </p>
-      </item>
-      <tag><c>epeercert</c></tag>
-      <item>
-        <p>Certificate provided by peer is in error.
-          </p>
-      </item>
-      <tag><c>epeercertexpired</c></tag>
-      <item>
-        <p>Certificate provided by peer has expired.
-          </p>
-      </item>
-      <tag><c>epeercertinvalid</c></tag>
-      <item>
-        <p>Certificate provided by peer is invalid.
-          </p>
-      </item>
-      <tag><c>eselfsignedcert</c></tag>
-      <item>
-        <p>Certificate provided by peer is self signed.
-          </p>
-      </item>
-      <tag><c>esslaccept</c></tag>
-      <item>
-        <p>Server SSL handshake procedure between client and server failed.
-          </p>
-      </item>
-      <tag><c>esslconnect</c></tag>
-      <item>
-        <p>Client SSL handshake procedure between client and server failed.
-          </p>
-      </item>
-      <tag><c>esslerrssl</c></tag>
-      <item>
-        <p>SSL protocol failure. Typically because of a fatal alert 
-          from peer.
-          </p>
-      </item>
-      <tag><c>ewantconnect</c></tag>
-      <item>
-        <p>Protocol wants to connect, which is not supported in
-          this version of the SSL application.
-          </p>
-      </item>
-      <tag><c>ex509lookup</c></tag>
-      <item>
-        <p>Protocol wants X.509 lookup, which is not supported in
-          this version of the SSL application.
-          </p>
-      </item>
-      <tag><c>{badcall, Call}</c></tag>
-      <item>
-        <p>Call not recognized for current mode (active or passive) and
-          state of socket.
-          </p>
-      </item>
-      <tag><c>{badcast, Cast}</c></tag>
-      <item>
-        <p>Call not recognized for current mode (active or passive) and
-          state of socket. 
-          </p>
-      </item>
-      <tag><c>{badinfo, Info}</c></tag>
-      <item>
-        <p>Call not recognized for current mode (active or passive) and
-          state of socket.
-          </p>
-      </item>
-    </taglist>
-  </section>
-
-  <section>
-    <title>SEE ALSO</title>
-    <p>gen_tcp(3), inet(3) public_key(3) </p>
-  </section>
-  
-</erlref>
-
-
diff --git a/lib/ssl/doc/src/refman.xml b/lib/ssl/doc/src/refman.xml
index 68f84660f3..011819e82b 100644
--- a/lib/ssl/doc/src/refman.xml
+++ b/lib/ssl/doc/src/refman.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE application SYSTEM "application.dtd">
 
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>1999</year><year>2010</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -45,7 +45,6 @@
   </description>
   <xi:include href="ssl_app.xml"/>
   <xi:include href="ssl.xml"/>
-  <xi:include href="old_ssl.xml"/>
   <xi:include href="ssl_session_cache_api.xml"/>
 </application>
 
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 47991ca477..50268ae206 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -71,7 +71,8 @@
       {fail_if_no_peer_cert, boolean()}
       {depth, integer()} |
       {cert, der_encoded()}| {certfile, path()} |
-      {key, der_encoded()} | {keyfile, path()} | {password, string()} |
+      {key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}} |
+      {keyfile, path()} | {password, string()} |
       {cacerts, [der_encoded()]} | {cacertfile, path()} |
       |{dh, der_encoded()} | {dhfile, path()} | {ciphers, ciphers()} |
       {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} | {reuse_session, fun()} 
@@ -121,8 +122,6 @@
    <p> <c>hash() = md5 | sha
     </c></p>
 
-    <p><c>ssl_imp() = new | old - default is new.</c></p>
-    
   </section>
 
   <section>
@@ -141,7 +140,7 @@
       <tag>{certfile, path()}</tag>
       <item>Path to a file containing the user's certificate.</item>
       
-      <tag>{key, der_encoded()}</tag>
+      <tag>{key, {'RSAPrivateKey'| 'DSAPrivateKey' | 'PrivateKeyInfo', der_encoded()}}</tag>
       <item> The DER encoded users private key. If this option
       is supplied it will override the keyfile option.</item>
       
@@ -177,9 +176,9 @@
       by the peer also.
       </item>
 
-      <tag>{ssl_imp, ssl_imp()}</tag>
-      <item>Specify which ssl implementation you want to use. Defaults to
-      new.
+      <tag>{ssl_imp, new | old}</tag>
+      <item>No longer has any meaning as the old implementation has
+      been removed, it will be ignored.
       </item>
 
       <tag>{secure_renegotiate, boolean()}</tag>
diff --git a/lib/ssl/doc/src/ssl_distribution.xml b/lib/ssl/doc/src/ssl_distribution.xml
index 7bcc12eb5f..4ae4ead3ee 100644
--- a/lib/ssl/doc/src/ssl_distribution.xml
+++ b/lib/ssl/doc/src/ssl_distribution.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2000</year><year>2010</year>
+      <year>2000</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -33,36 +33,32 @@
   </header>
   <p>This chapter describes how the Erlang distribution can use 
     SSL to get additional verification and security.
-
-    <note><p>Note this
-    documentation is written for the old ssl implementation and
-    will be updated for the new one once this functionality is
-    supported by the new implementation.</p></note>
   </p>
 
   <section>
     <title>Introduction</title>
     <p>The Erlang distribution can in theory use almost any connection
       based protocol as bearer. A module that implements the protocol
-      specific parts of connection setup is however needed. The
+      specific parts of the connection setup is however needed. The
       default distribution module is <c>inet_tcp_dist</c> which is
       included in the Kernel application. When starting an
       Erlang node distributed, <c>net_kernel</c> uses this module to
       setup listen ports and connections. </p>
-    <p>In the SSL application there is an additional distribution
-      module, <c>inet_ssl_dist</c> which can be used as an
+
+      <p>In the SSL application there is an additional distribution
+      module, <c>inet_tls_dist</c> which can be used as an
       alternative. All distribution connections will be using SSL and
       all participating Erlang nodes in a distributed system must use
       this distribution module.</p>
-    <p>The security depends on how the connections are set up, one can
-      use key files or certificates to just get a encrypted
-      connection. One can also make the SSL package verify the
-      certificates of other nodes to get additional security. 
-      Cookies are however always used as they can be used to
-      differentiate between two different Erlang networks.</p>
+
+      <p>The security level depends on the parameters provided to the
+      SSL connection setup. Erlang node cookies are however always
+      used, as they can be used to differentiate between two different
+      Erlang networks.</p>
     <p>Setting up Erlang distribution over SSL involves some simple but
       necessary steps:</p>
-    <list type="bulleted">
+
+      <list type="bulleted">
       <item>Building boot scripts including the SSL application</item>
       <item>Specifying the distribution module for net_kernel</item>
       <item>Specifying security options and other SSL options</item>
@@ -77,122 +73,135 @@
       SASL application. Refer to the SASL documentations
       for more information on systools. This is only an example of
       what can be done.</p>
-    <p>The simplest boot script possible includes only the Kernel
+
+      <p>The simplest boot script possible includes only the Kernel
       and STDLIB applications. Such a script is located in the
       Erlang distributions bin directory. The source for the script
       can be found under the Erlang installation top directory under
-      <c><![CDATA[releases/<OTP version>start_clean.rel]]></c>. Copy that
+      <c><![CDATA[releases/<OTP version>/start_clean.rel]]></c>. Copy that
       script to another location (and preferably another name) 
-      and add the SSL application with its current version number
+      and add the applications crypto, public_key and SSL with their current version numbers
       after the STDLIB application.</p>
     <p>An example .rel file with SSL added may look like this:</p>
+
     <code type="none">
-{release, {"OTP  APN 181 01","P7A"}, {erts, "5.0"},
- [{kernel,"2.5"},
-  {stdlib,"1.8.1"},
-  {ssl,"2.2.1"}]}.    </code>
-    <p>Note that the version numbers surely will differ in your system.
-      Whenever one of the applications included in the script is
-      upgraded, the script has to be changed.</p>
-    <p>Assuming the above .rel file is stored in a file
-      <c>start_ssl.rel</c> in the current directory, a boot script 
-      can be built like this:</p>
-    <code type="none">
-1> systools:make_script("start_ssl",[]).    </code>
-    <p>There will now be a file <c>start_ssl.boot</c> in the current
-      directory. To test the boot script, start Erlang with the
-      <c>-boot</c> command line parameter specifying this boot script
-      (with its full path but without the <c>.boot</c> suffix), in
-      Unix it could look like this:</p>
-    <p></p>
-    <code type="none"><![CDATA[
+      {release, {"OTP  APN 181 01","R15A"}, {erts, "5.9"},
+      [{kernel,"2.15"},
+      {stdlib,"1.18"},
+      {crypto, "2.0.3"},
+      {public_key, "0.12"},
+      {ssl, "5.0"}
+      ]}.
+   </code>
+
+   <p>Note that the version numbers surely will differ in your system.
+   Whenever one of the applications included in the script is
+   upgraded, the script has to be changed.</p>
+   <p>Assuming the above .rel file is stored in a file
+   <c>start_ssl.rel</c> in the current directory, a boot script
+   can be built like this:</p>
+
+   <code type="none">
+   1> systools:make_script("start_ssl",[]).    </code>
+
+   <p>There will now be a file <c>start_ssl.boot</c> in the current
+   directory. To test the boot script, start Erlang with the
+   <c>-boot</c> command line parameter specifying this boot script
+   (with its full path but without the <c>.boot</c> suffix), in
+   Unix it could look like this:</p>
+   <p></p>
+
+   <code type="none"><![CDATA[
 $ erl -boot /home/me/ssl/start_ssl
 Erlang (BEAM) emulator version 5.0
  
 Eshell V5.0  (abort with ^G)
-1> whereis(ssl_server).
-<0.32.0>    ]]></code>
+1> whereis(ssl_manager).
+<0.41.0>    ]]></code>
     <p>The <c>whereis</c> function call verifies that the SSL
       application is really started.</p>
-    <p>As an alternative to building a bootscript, one can explicitly
-      add the path to the ssl <c>ebin</c> directory on the command
+
+      <p>As an alternative to building a bootscript, one can explicitly
+      add the path to the SSL <c>ebin</c> directory on the command
       line. This is done with the command line option <c>-pa</c>. This
-      works as the ssl application really need not be started for the
-      distribution to come up, a primitive version of the ssl server
-      is started by the distribution module itself, so as long as the
-      primitive code server can reach the code, the distribution will
+      works as the SSL application does not need to be started for the
+      distribution to come up, as a clone of the SSL application is
+      hooked into the kernel application, so as long as the
+      SSL applications code can be reached, the distribution will
       start. The <c>-pa</c> method is only recommended for testing
       purposes.</p>
+
+      <note><p>Note that the clone of the SSL application is necessary to
+      enable the use of the SSL code in such an early bootstage as
+      needed to setup the distribution, however this will make it
+      impossible to soft upgrade the SSL application.</p></note>
   </section>
 
   <section>
     <title>Specifying distribution module for net_kernel</title>
-    <p>The distribution module for SSL is named <c>inet_ssl_dist</c>
-      and is specified on the command line whit the <c>-proto_dist</c>
+    <p>The distribution module for SSL is named <c>inet_tls_dist</c>
+      and is specified on the command line with the <c>-proto_dist</c>
       option. The argument to <c>-proto_dist</c> should be the module
       name without the <c>_dist</c> suffix, so this distribution
-      module is specified with <c>-proto_dist inet_ssl</c> on the
+      module is specified with <c>-proto_dist inet_tls</c> on the
       command line.</p>
     <p></p>
+
     <p>Extending the command line from above gives us the following:</p>
     <code type="none">
-$ erl -boot /home/me/ssl/start_ssl -proto_dist inet_ssl    </code>
-    <p>For the distribution to actually be started, we need to give
-      the emulator a name as well:</p>
+$ erl -boot /home/me/ssl/start_ssl -proto_dist inet_tls    </code>
+
+<p>For the distribution to actually be started, we need to give
+the emulator a name as well:</p>
     <code type="none">
-$ erl -boot /home/me/ssl/start_ssl -proto_dist inet_ssl -sname ssl_test
+$ erl -boot /home/me/ssl/start_ssl -proto_dist inet_tls -sname ssl_test
 Erlang (BEAM) emulator version 5.0 [source]
  
 Eshell V5.0  (abort with ^G)
 (ssl_test@myhost)1>     </code>
     <p>Note however that a node started in this way will refuse to talk
-      to other nodes, as no certificates or key files are supplied
+      to other nodes, as no ssl parameters are supplied
       (see below).</p>
-    <p>When the SSL distribution starts, the OTP system is in its
-      early boot stage, why neither <c>application</c> nor <c>code</c>
-      are usable. As SSL needs to start a port program in this early
-      stage, it tries to determine the path to that program from the
-      primitive code loaders code path. If this fails, one need to
-      specify the directory where the port program resides. This can
-      be done either with an environment variable 
-      <c>ERL_SSL_PORTPROGRAM_DIR</c> or with the command line option
-      <c>-ssl_portprogram_dir</c>. The value should be the directory
-      where the <c>ssl_esock</c> port program is located. Note that
-      this option is never needed in a normal Erlang installation.</p>
   </section>
 
   <section>
-    <title>Specifying security options and other SSL options</title>
-    <p>For SSL to work, you either need certificate files or a
-      key file. Certificate files can be specified both when working as
-      client and as server (connecting or accepting). </p>
-    <p></p>
+    <title>Specifying SSL options</title> <p>For SSL to work, at least
+    a public key and certificate needs to be specified for the server
+    side.  In the following example the PEM-files consists of two
+    entries the servers certificate and its private key.</p>
+
     <p>On the <c>erl</c> command line one can specify options that the
-      ssl distribution will add when creation a socket. It is
-      mandatory to specify at least a key file or client and server
-      certificates. One can specify any <em>SSL option</em> on the
-      command line, but must not specify any socket options (like
-      packet size and such). The SSL options are listed in the
-      Reference Manual. The only difference between the
-      options in the reference manual and the ones that can be
-      specified to the distribution on the command line is that
-      <c>certfile</c> can (and usually needs to) be specified as
-      <c>client_certfile</c> and <c>server_certfile</c>. The
-      <c>client_certfile</c> is used when the distribution initiates a
-      connection to another node and the <c>server_certfile</c> is used
-      when accepting a connection from a remote node. </p>
-    <p>The command line argument for specifying the SSL options is named 
-      <c>-ssl_dist_opt</c> and should be followed by an even number of
-      SSL options/option values. The <c>-ssl_dist_opt</c> argument can
-      be repeated any number of times.</p>
-    <p>An example command line would now look something like this
+    SSL distribution will add when creating a socket.</p>
+
+    <p>One can specify the simpler SSL options certfile, keyfile,
+    password, cacertfile, verify, reuse_sessions,
+    secure_renegotiate, depth, hibernate_after and ciphers (use old
+    string format) by adding the prefix server_ or client_ to the
+    option name. The server can also take the options dhfile and
+    fail_if_no_peer_cert (also prefixed).
+    <c>client_</c>-prfixed options are used when the distribution initiates a
+    connection to another node and the <c>server_</c>-prefixed options are used
+    when accepting a connection from a remote node. </p>
+
+    <p> More complex options such as verify_fun are not available at
+    the moment but a mechanism to handle such options may be added in
+    a future release. </p>
+
+    <p> Raw socket options such as packet and size must not be specified on
+    the command line</p>.
+
+    <p>The command line argument for specifying the SSL options is named
+    <c>-ssl_dist_opt</c> and should be followed by pairs of
+    SSL options and their values. The <c>-ssl_dist_opt</c> argument can
+    be repeated any number of times.</p>
+
+      <p>An example command line would now look something like this
       (line breaks in the command are for readability, 
       they should not be there when typed):</p>
     <code type="none">
-$ erl -boot /home/me/ssl/start_ssl -proto_dist inet_ssl 
-  -ssl_dist_opt client_certfile "/home/me/ssl/erlclient.pem" 
+$ erl -boot /home/me/ssl/start_ssl -proto_dist inet_tls
   -ssl_dist_opt server_certfile "/home/me/ssl/erlserver.pem" 
-  -ssl_dist_opt verify 1 depth 1     
+  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true
   -sname ssl_test
 Erlang (BEAM) emulator version 5.0 [source]
  
@@ -211,12 +220,11 @@ Eshell V5.0  (abort with ^G)
       subsequent invocations of Erlang.</p>
     <p></p>
     <p>In a Unix (Bourne) shell it could look like this (line breaks for
-      readability):</p>
+      readability, they should not be there when typed):</p>
     <code type="none">
-$ ERL_FLAGS="-boot \\"/home/me/ssl/start_ssl\\" -proto_dist inet_ssl 
-  -ssl_dist_opt client_certfile \\"/home/me/ssl/erlclient.pem\\" 
-  -ssl_dist_opt server_certfile \\"/home/me/ssl/erlserver.pem\\" 
-  -ssl_dist_opt verify 1 -ssl_dist_opt depth 1"
+$ ERL_FLAGS="-boot /home/me/ssl/start_ssl -proto_dist inet_tls
+  -ssl_dist_opt server_certfile /home/me/ssl/erlserver.pem
+  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
 $ export ERL_FLAGS
 $ erl -sname ssl_test
 Erlang (BEAM) emulator version 5.0 [source]
@@ -227,15 +235,12 @@ Eshell V5.0  (abort with ^G)
  {progname,["erl "]},
  {sname,["ssl_test"]},
  {boot,["/home/me/ssl/start_ssl"]},
- {proto_dist,["inet_ssl"]},
- {ssl_dist_opt,["client_certfile","/home/me/ssl/erlclient.pem"]},
+ {proto_dist,["inet_tls"]},
  {ssl_dist_opt,["server_certfile","/home/me/ssl/erlserver.pem"]},
- {ssl_dist_opt,["verify","1"]},
- {ssl_dist_opt,["depth","1"]},
+ {ssl_dist_opt,["server_secure_renegotiate","true",
+                "client_secure_renegotiate","true"]
  {home,["/home/me"]}]    </code>
     <p>The <c>init:get_arguments()</c> call verifies that the correct
       arguments are supplied to the emulator. </p>
   </section>
 </chapter>
-
-
diff --git a/lib/ssl/doc/src/ssl_protocol.xml b/lib/ssl/doc/src/ssl_protocol.xml
index ff6c769f6c..17268a634d 100644
--- a/lib/ssl/doc/src/ssl_protocol.xml
+++ b/lib/ssl/doc/src/ssl_protocol.xml
@@ -25,18 +25,18 @@
     <file>ssl_protocol.xml</file>
   </header>
   
-  <p>The erlang ssl application currently supports SSL 3.0 and TLS 1.0
+  <p>The erlang SSL application currently supports SSL 3.0 and TLS 1.0
   RFC 2246, and will in the future also support later versions of TLS.
   SSL 2.0 is not supported.
   </p>
 
-  <p>By default erlang ssl is run over the TCP/IP protocol even
+  <p>By default erlang SSL is run over the TCP/IP protocol even
   though you could plug in any other reliable transport protocol
   with the same API as gen_tcp.</p>
   
   <p>If a client and server wants to use an upgrade mechanism, such as
-  defined by RFC2817, to upgrade a regular TCP/IP connection to an ssl
-  connection the erlang ssl API supports this. This can be useful for
+  defined by RFC2817, to upgrade a regular TCP/IP connection to an SSL
+  connection the erlang SSL API supports this. This can be useful for
   things such as supporting HTTP and HTTPS on the same port and
   implementing virtual hosting.
   </p>
@@ -131,7 +131,7 @@
      connections. Sessions are used to avoid the expensive negotiation
      of new security parameters for each connection."</p>
 
-     <p>Session data is by default kept by the ssl application in a
+     <p>Session data is by default kept by the SSL application in a
      memory storage hence session data will be lost at application
      restart or takeover. Users may define their own callback module
      to handle session data storage if persistent data storage is
@@ -140,8 +140,8 @@
      possible to configure the amount of time the session data should be
      saved.</p>
 
-     <p>Ssl clients will by default try to reuse an available session,
-     ssl servers will by default agree to reuse sessions when clients
+     <p>SSL clients will by default try to reuse an available session,
+     SSL servers will by default agree to reuse sessions when clients
      ask to do so.</p>
 
    </section>
diff --git a/lib/ssl/src/Makefile b/lib/ssl/src/Makefile
index 7514ad2aa2..dc69b53b28 100644
--- a/lib/ssl/src/Makefile
+++ b/lib/ssl/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -41,12 +41,9 @@ MODULES= \
 	ssl \
 	ssl_alert \
 	ssl_app \
-	ssl_broker \
-	ssl_broker_sup \
-	ssl_server \
+	ssl_dist_sup\
 	ssl_sup \
-	ssl_prim \
-	inet_ssl_dist \
+	inet_tls_dist \
 	ssl_certificate\
 	ssl_certificate_db\
 	ssl_cipher \
@@ -62,9 +59,10 @@ MODULES= \
 	ssl_ssl2 \
 	ssl_ssl3 \
 	ssl_tls1 \
+	ssl_tls_dist_proxy
 
 INTERNAL_HRL_FILES = \
-	 ssl_int.hrl ssl_broker_int.hrl ssl_debug.hrl \
+	 ssl_debug.hrl \
 	 ssl_alert.hrl ssl_cipher.hrl ssl_handshake.hrl ssl_internal.hrl \
 	 ssl_record.hrl
 
diff --git a/lib/ssl/src/inet_ssl_dist.erl b/lib/ssl/src/inet_ssl_dist.erl
deleted file mode 100644
index 6c0fbc0618..0000000000
--- a/lib/ssl/src/inet_ssl_dist.erl
+++ /dev/null
@@ -1,456 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(inet_ssl_dist).
-
-%% Handles the connection setup phase with other Erlang nodes.
-
--export([childspecs/0, listen/1, accept/1, accept_connection/5,
-	 setup/5, close/1, select/1, is_node_name/1]).
-
-%% internal exports
-
--export([accept_loop/2,do_accept/6,do_setup/6, getstat/1,tick/1]).
-
--import(error_logger,[error_msg/2]).
-
--include("net_address.hrl").
-
-
-
--define(to_port(Socket, Data, Opts),
-	case ssl_prim:send(Socket, Data, Opts) of
-	    {error, closed} ->
-		self() ! {ssl_closed, Socket},
-	        {error, closed};
-	    R ->
-	        R
-        end).
-
-
--include("dist.hrl").
--include("dist_util.hrl").
-
-%% -------------------------------------------------------------
-%% This function should return a valid childspec, so that 
-%% the primitive ssl_server gets supervised
-%% -------------------------------------------------------------
-childspecs() ->
-    {ok, [{ssl_server_prim,{ssl_server, start_link_prim, []},
-	  permanent, 2000, worker, [ssl_server]}]}.
-
-
-%% ------------------------------------------------------------
-%%  Select this protocol based on node name
-%%  select(Node) => Bool
-%% ------------------------------------------------------------
-
-select(Node) ->
-    case split_node(atom_to_list(Node), $@, []) of
-	[_,_Host] -> true;
-	_ -> false
-    end.
-
-%% ------------------------------------------------------------
-%% Create the listen socket, i.e. the port that this erlang
-%% node is accessible through.
-%% ------------------------------------------------------------
-
-listen(Name) ->
-    case ssl_prim:listen(0, [{active, false}, {packet,4}] ++ 
-			 get_ssl_options(server)) of
-	{ok, Socket} ->
-	    TcpAddress = get_tcp_address(Socket),
-	    {_,Port} = TcpAddress#net_address.address,
-	    {ok, Creation} = erl_epmd:register_node(Name, Port),
-	    {ok, {Socket, TcpAddress, Creation}};
-	Error ->
-	    Error
-    end.
-
-%% ------------------------------------------------------------
-%% Accepts new connection attempts from other Erlang nodes.
-%% ------------------------------------------------------------
-
-accept(Listen) ->
-    spawn_link(?MODULE, accept_loop, [self(), Listen]).
-
-accept_loop(Kernel, Listen) ->
-    process_flag(priority, max),
-    case ssl_prim:accept(Listen) of
-	{ok, Socket} ->
-	    Kernel ! {accept,self(),Socket,inet,ssl},
-	    controller(Kernel, Socket),
-	    accept_loop(Kernel, Listen);
-	Error ->
-	    exit(Error)
-    end.
-
-controller(Kernel, Socket) ->
-    receive
-	{Kernel, controller, Pid} ->
-	    flush_controller(Pid, Socket),
-	    ssl_prim:controlling_process(Socket, Pid),
-	    flush_controller(Pid, Socket),
-	    Pid ! {self(), controller};
-	{Kernel, unsupported_protocol} ->
-	    exit(unsupported_protocol)
-    end.
-
-flush_controller(Pid, Socket) ->
-    receive
-	{ssl, Socket, Data} ->
-	    Pid ! {ssl, Socket, Data},
-	    flush_controller(Pid, Socket);
-	{ssl_closed, Socket} ->
-	    Pid ! {ssl_closed, Socket},
-	    flush_controller(Pid, Socket)
-    after 0 ->
-	    ok
-    end.
-
-%% ------------------------------------------------------------
-%% Accepts a new connection attempt from another Erlang node.
-%% Performs the handshake with the other side.
-%% ------------------------------------------------------------
-
-accept_connection(AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
-    spawn_link(?MODULE, do_accept,
-	       [self(), AcceptPid, Socket, MyNode,
-		Allowed, SetupTime]).
-
-%% Suppress dialyzer warning, we do not really care about old ssl code
-%% as we intend to remove it.
--spec(do_accept(_,_,_,_,_,_) -> no_return()).
-do_accept(Kernel, AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
-    process_flag(priority, max),
-    receive
-	{AcceptPid, controller} ->
-	    Timer = dist_util:start_timer(SetupTime),
-	    case check_ip(Socket) of
-		true ->
-		    HSData = #hs_data{
-		      kernel_pid = Kernel,
-		      this_node = MyNode,
-		      socket = Socket,
-		      timer = Timer,
-		      this_flags = 0,
-		      allowed = Allowed,
-		      f_send = fun(S,D) -> ssl_prim:send(S,D) end,
-		      f_recv = fun(S,N,T) -> ssl_prim:recv(S,N,T) 
-			       end,
-		      f_setopts_pre_nodeup = 
-		      fun(S) ->
-			      ssl_prim:setopts(S, 
-					       [{active, false}])
-		      end,
-		      f_setopts_post_nodeup = 
-		      fun(S) ->
-			      ssl_prim:setopts(S, 
-					       [{deliver, port},
-						{active, true}])
-		      end,
-		      f_getll = fun(S) ->
-					ssl_prim:getll(S)
-				end,
-		      f_address = fun get_remote_id/2,
-		      mf_tick = fun ?MODULE:tick/1,
-		      mf_getstat = fun ?MODULE:getstat/1
-		     },
-		    dist_util:handshake_other_started(HSData);
-		{false,IP} ->
-		    error_msg("** Connection attempt from "
-			      "disallowed IP ~w ** ~n", [IP]),
-		    ?shutdown(no_node)
-	    end
-    end.
-
-%% ------------------------------------------------------------
-%% Get remote information about a Socket.
-%% ------------------------------------------------------------
-
-get_remote_id(Socket, Node) ->
-    {ok, Address} = ssl_prim:peername(Socket),
-    [_, Host] = split_node(atom_to_list(Node), $@, []),
-    #net_address {
-		  address = Address,
-		  host = Host,
-		  protocol = ssl,
-		  family = inet }.
-
-%% ------------------------------------------------------------
-%% Setup a new connection to another Erlang node.
-%% Performs the handshake with the other side.
-%% ------------------------------------------------------------
-
-setup(Node, Type, MyNode, LongOrShortNames,SetupTime) ->
-    spawn_link(?MODULE, do_setup, [self(),
-				   Node,
-				   Type,
-				   MyNode,
-				   LongOrShortNames,
-				   SetupTime]).
-
-%% Suppress dialyzer warning, we do not really care about old ssl code
-%% as we intend to remove it.
--spec(do_setup(_,_,_,_,_,_) -> no_return()).
-do_setup(Kernel, Node, Type, MyNode, LongOrShortNames,SetupTime) ->
-    process_flag(priority, max),
-    ?trace("~p~n",[{inet_ssl_dist,self(),setup,Node}]),
-    [Name, Address] = splitnode(Node, LongOrShortNames),
-    case inet:getaddr(Address, inet) of
-	{ok, Ip} ->
-	    Timer = dist_util:start_timer(SetupTime),
-	    case erl_epmd:port_please(Name, Ip) of
-		{port, TcpPort, Version} ->
-		    ?trace("port_please(~p) -> version ~p~n", 
-			   [Node,Version]),
-		    dist_util:reset_timer(Timer),
-		    case ssl_prim:connect(Ip, TcpPort, 
-					  [{active, false}, 
-					   {packet,4}] ++ 
-					  get_ssl_options(client)) of
-			{ok, Socket} ->
-			    HSData = #hs_data{
-			      kernel_pid = Kernel,
-			      other_node = Node,
-			      this_node = MyNode,
-			      socket = Socket,
-			      timer = Timer,
-			      this_flags = 0,
-			      other_version = Version,
-			      f_send = fun(S,D) -> 
-					       ssl_prim:send(S,D) 
-				       end,
-			      f_recv = fun(S,N,T) -> 
-					       ssl_prim:recv(S,N,T) 
-				       end,
-			      f_setopts_pre_nodeup = 
-			      fun(S) ->
-				      ssl_prim:setopts
-					(S, 
-					 [{active, false}])
-			      end,
-			      f_setopts_post_nodeup = 
-			      fun(S) ->
-				      ssl_prim:setopts
-					(S, 
-					 [{deliver, port},{active, true}])
-			      end,
-			      f_getll = fun(S) ->
-						ssl_prim:getll(S)
-					end,
-			      f_address = 
-			      fun(_,_) ->
-				      #net_address {
-				   address = {Ip,TcpPort},
-				   host = Address,
-				   protocol = ssl,
-				   family = inet}
-			      end,
-			      mf_tick = fun ?MODULE:tick/1,
-			      mf_getstat = fun ?MODULE:getstat/1,
-			      request_type = Type
-			     },
-			    dist_util:handshake_we_started(HSData);
-			_ ->
-			    %% Other Node may have closed since 
-			    %% port_please !
-			    ?trace("other node (~p) "
-				   "closed since port_please.~n", 
-				   [Node]),
-			    ?shutdown(Node)
-		    end;
-		_ ->
-		    ?trace("port_please (~p) "
-			   "failed.~n", [Node]),
-		    ?shutdown(Node)
-	    end;
-	_Other ->
-	    ?trace("inet_getaddr(~p) "
-		   "failed (~p).~n", [Node,Other]),
-	    ?shutdown(Node)
-    end.
-
-%%
-%% Close a socket.
-%%
-close(Socket) ->
-    ssl_prim:close(Socket).
-
-
-%% If Node is illegal terminate the connection setup!!
-splitnode(Node, LongOrShortNames) ->
-    case split_node(atom_to_list(Node), $@, []) of
-	[Name|Tail] when Tail =/= [] ->
-	    Host = lists:append(Tail),
-	    case split_node(Host, $., []) of
-		[_] when LongOrShortNames == longnames ->
-		    error_msg("** System running to use "
-			      "fully qualified "
-			      "hostnames **~n"
-			      "** Hostname ~s is illegal **~n",
-			      [Host]),
-		    ?shutdown(Node);
-		[_, _ | _] when LongOrShortNames == shortnames ->
-		    error_msg("** System NOT running to use fully qualified "
-			      "hostnames **~n"
-			      "** Hostname ~s is illegal **~n",
-			      [Host]),
-		    ?shutdown(Node);
-		_ ->
-		    [Name, Host]
-	    end;
-	[_] ->
-	    error_msg("** Nodename ~p illegal, no '@' character **~n",
-		      [Node]),
-	    ?shutdown(Node);
-	_ ->
-	    error_msg("** Nodename ~p illegal **~n", [Node]),
-	    ?shutdown(Node)
-    end.
-
-split_node([Chr|T], Chr, Ack) -> [lists:reverse(Ack)|split_node(T, Chr, [])];
-split_node([H|T], Chr, Ack)   -> split_node(T, Chr, [H|Ack]);
-split_node([], _, Ack)        -> [lists:reverse(Ack)].
-
-%% ------------------------------------------------------------
-%% Fetch local information about a Socket.
-%% ------------------------------------------------------------
-get_tcp_address(Socket) ->
-    {ok, Address} = ssl_prim:sockname(Socket),
-    {ok, Host} = inet:gethostname(),
-    #net_address {
-		  address = Address,
-		  host = Host,
-		  protocol = ssl,
-		  family = inet
-		 }.
-
-%% ------------------------------------------------------------
-%% Do only accept new connection attempts from nodes at our
-%% own LAN, if the check_ip environment parameter is true.
-%% ------------------------------------------------------------
-check_ip(Socket) ->
-    case application:get_env(check_ip) of
-	{ok, true} ->
-	    case get_ifs(Socket) of
-		{ok, IFs, IP} ->
-		    check_ip(IFs, IP);
-		_ ->
-		    ?shutdown(no_node)
-	    end;
-	_ ->
-	    true
-    end.
-
-get_ifs(Socket) ->
-    case ssl_prim:peername(Socket) of
-	{ok, {IP, _}} ->
-	    case ssl_prim:getif(Socket) of
-		{ok, IFs} -> {ok, IFs, IP};
-		Error     -> Error
-	    end;
-	Error ->
-	    Error
-    end.
-
-check_ip([{OwnIP, _, Netmask}|IFs], PeerIP) ->
-    case {mask(Netmask, PeerIP), mask(Netmask, OwnIP)} of
-	{M, M} -> true;
-	_      -> check_ip(IFs, PeerIP)
-    end;
-check_ip([], PeerIP) ->
-    {false, PeerIP}.
-    
-mask({M1,M2,M3,M4}, {IP1,IP2,IP3,IP4}) ->
-    {M1 band IP1,
-     M2 band IP2,
-     M3 band IP3,
-     M4 band IP4}.
-
-is_node_name(Node) when is_atom(Node) ->
-    case split_node(atom_to_list(Node), $@, []) of
-	[_, _Host] -> true;
-	_ -> false
-    end;
-is_node_name(_Node) ->
-    false.
-tick(Sock) ->
-    ?to_port(Sock,[],[force]).
-getstat(Socket) ->
-    case ssl_prim:getstat(Socket, [recv_cnt, send_cnt, send_pend]) of
-	{ok, Stat} ->
-	    split_stat(Stat,0,0,0);
-	Error ->
-	    Error
-    end.
-
-split_stat([{recv_cnt, R}|Stat], _, W, P) ->
-    split_stat(Stat, R, W, P);
-split_stat([{send_cnt, W}|Stat], R, _, P) ->
-    split_stat(Stat, R, W, P);
-split_stat([{send_pend, P}|Stat], R, W, _) ->
-    split_stat(Stat, R, W, P);
-split_stat([], R, W, P) ->
-    {ok, R, W, P}.
-
-
-get_ssl_options(Type) ->
-    case init:get_argument(ssl_dist_opt) of
-	{ok, Args} ->
-	    ssl_options(Type, Args);
-	_ ->
-	    []
-    end.
-
-ssl_options(_,[]) ->
-    [];
-ssl_options(server, [["server_certfile", Value]|T]) ->
-    [{certfile, Value} | ssl_options(server,T)];
-ssl_options(client, [["client_certfile", Value]|T]) ->
-    [{certfile, Value} | ssl_options(client,T)];
-ssl_options(server, [["server_cacertfile", Value]|T]) ->
-    [{cacertfile, Value} | ssl_options(server,T)];
-ssl_options(server, [["server_keyfile", Value]|T]) ->
-    [{keyfile, Value} | ssl_options(server,T)];
-ssl_options(Type, [["client_certfile", _Value]|T]) ->
-    ssl_options(Type,T);
-ssl_options(Type, [["server_certfile", _Value]|T]) ->
-    ssl_options(Type,T);
-ssl_options(Type, [[Item, Value]|T]) ->
-    [{atomize(Item),fixup(Value)} | ssl_options(Type,T)];
-ssl_options(Type, [[Item,Value |T1]|T2]) ->
-    ssl_options(atomize(Type),[[Item,Value],T1|T2]);
-ssl_options(_,_) ->
-    exit(malformed_ssl_dist_opt).
-    
-fixup(Value) ->
-    case catch list_to_integer(Value) of
-	{'EXIT',_} ->
-	    Value;
-	Int ->
-	    Int
-    end.
-
-atomize(List) when is_list(List) ->
-    list_to_atom(List);
-atomize(Atom) when is_atom(Atom) ->
-    Atom.
diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
new file mode 100644
index 0000000000..115527aae0
--- /dev/null
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -0,0 +1,275 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+-module(inet_tls_dist).
+
+-export([childspecs/0, listen/1, accept/1, accept_connection/5,
+	 setup/5, close/1, select/1, is_node_name/1]).
+
+-include_lib("kernel/include/net_address.hrl").
+-include_lib("kernel/include/dist.hrl").
+-include_lib("kernel/include/dist_util.hrl").
+
+childspecs() ->
+    {ok, [{ssl_dist_sup,{ssl_dist_sup, start_link, []},
+	   permanent, 2000, worker, [ssl_dist_sup]}]}.
+
+select(Node) ->
+    case split_node(atom_to_list(Node), $@, []) of
+	[_,_Host] -> 
+	    true;
+	_ -> 
+	    false
+    end.
+
+is_node_name(Node) when is_atom(Node) ->
+    select(Node);
+is_node_name(_) ->
+    false.
+
+listen(Name) ->
+    ssl_tls_dist_proxy:listen(Name).
+
+accept(Listen) ->
+    ssl_tls_dist_proxy:accept(Listen).
+
+accept_connection(AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
+    Kernel = self(),
+    spawn_link(fun() -> do_accept(Kernel, AcceptPid, Socket, 
+				  MyNode, Allowed, SetupTime) end).
+
+setup(Node, Type, MyNode, LongOrShortNames,SetupTime) ->
+    Kernel = self(),
+    spawn(fun() -> do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) end).
+		   
+do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
+    [Name, Address] = splitnode(Node, LongOrShortNames),
+    case inet:getaddr(Address, inet) of
+	{ok, Ip} ->
+	    Timer = dist_util:start_timer(SetupTime),
+	    case erl_epmd:port_please(Name, Ip) of
+		{port, TcpPort, Version} ->
+		    ?trace("port_please(~p) -> version ~p~n", 
+			   [Node,Version]),
+		    dist_util:reset_timer(Timer),
+		    case ssl_tls_dist_proxy:connect(Ip, TcpPort) of
+			{ok, Socket} ->
+			    HSData = connect_hs_data(Kernel, Node, MyNode, Socket, 
+						     Timer, Version, Ip, TcpPort, Address,
+						     Type),
+			    dist_util:handshake_we_started(HSData);
+			_ ->
+			    %% Other Node may have closed since 
+			    %% port_please !
+			    ?trace("other node (~p) "
+				   "closed since port_please.~n", 
+				   [Node]),
+			    ?shutdown(Node)
+		    end;
+		_ ->
+		    ?trace("port_please (~p) "
+			   "failed.~n", [Node]),
+		    ?shutdown(Node)
+	    end;
+	_Other ->
+	    ?trace("inet_getaddr(~p) "
+		   "failed (~p).~n", [Node,Other]),
+	    ?shutdown(Node)
+    end.
+
+close(Socket) ->
+    try
+	erlang:error(foo)
+    catch _:_ ->
+	    io:format("close called ~p ~p~n",[Socket, erlang:get_stacktrace()])
+    end,
+    gen_tcp:close(Socket),
+    ok.
+
+do_accept(Kernel, AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
+    process_flag(priority, max),
+    receive
+	{AcceptPid, controller} ->
+	    Timer = dist_util:start_timer(SetupTime),
+	    case check_ip(Socket) of
+		true ->
+		    HSData = accept_hs_data(Kernel, MyNode, Socket, Timer, Allowed),
+		    dist_util:handshake_other_started(HSData);
+		{false,IP} ->
+		    error_logger:error_msg("** Connection attempt from "
+					   "disallowed IP ~w ** ~n", [IP]),
+		    ?shutdown(no_node)
+	    end
+    end.
+%% ------------------------------------------------------------
+%% Do only accept new connection attempts from nodes at our
+%% own LAN, if the check_ip environment parameter is true.
+%% ------------------------------------------------------------
+check_ip(Socket) ->
+    case application:get_env(check_ip) of
+	{ok, true} ->
+	    case get_ifs(Socket) of
+		{ok, IFs, IP} ->
+		    check_ip(IFs, IP);
+		_ ->
+		    ?shutdown(no_node)
+	    end;
+	_ ->
+	    true
+    end.
+
+get_ifs(Socket) ->
+    case inet:peername(Socket) of
+	{ok, {IP, _}} ->
+	    case inet:getif(Socket) of
+		{ok, IFs} -> {ok, IFs, IP};
+		Error     -> Error
+	    end;
+	Error ->
+	    Error
+    end.
+
+check_ip([{OwnIP, _, Netmask}|IFs], PeerIP) ->
+    case {mask(Netmask, PeerIP), mask(Netmask, OwnIP)} of
+	{M, M} -> true;
+	_      -> check_ip(IFs, PeerIP)
+    end;
+check_ip([], PeerIP) ->
+    {false, PeerIP}.
+
+mask({M1,M2,M3,M4}, {IP1,IP2,IP3,IP4}) ->
+    {M1 band IP1,
+     M2 band IP2,
+     M3 band IP3,
+     M4 band IP4};
+
+mask({M1,M2,M3,M4, M5, M6, M7, M8}, {IP1,IP2,IP3,IP4, IP5, IP6, IP7, IP8}) ->
+    {M1 band IP1,
+     M2 band IP2,
+     M3 band IP3,
+     M4 band IP4,
+     M5 band IP5,
+     M6 band IP6,
+     M7 band IP7,
+     M8 band IP8}.
+
+
+%% If Node is illegal terminate the connection setup!!
+splitnode(Node, LongOrShortNames) ->
+    case split_node(atom_to_list(Node), $@, []) of
+	[Name|Tail] when Tail =/= [] ->
+	    Host = lists:append(Tail),
+	    check_node(Name, Node, Host, LongOrShortNames);
+	[_] ->
+	    error_logger:error_msg("** Nodename ~p illegal, no '@' character **~n",
+		      [Node]),
+	    ?shutdown(Node);
+	_ ->
+	    error_logger:error_msg("** Nodename ~p illegal **~n", [Node]),
+	    ?shutdown(Node)
+    end.
+
+check_node(Name, Node, Host, LongOrShortNames) ->
+    case split_node(Host, $., []) of
+	[_] when LongOrShortNames == longnames ->
+	    error_logger:error_msg("** System running to use "
+		      "fully qualified "
+		      "hostnames **~n"
+		      "** Hostname ~s is illegal **~n",
+		      [Host]),
+	    ?shutdown(Node);
+	[_, _ | _] when LongOrShortNames == shortnames ->
+	    error_logger:error_msg("** System NOT running to use fully qualified "
+			      "hostnames **~n"
+		      "** Hostname ~s is illegal **~n",
+		      [Host]),
+	    ?shutdown(Node);
+	_ ->
+	    [Name, Host]
+    end.
+
+split_node([Chr|T], Chr, Ack) -> 
+    [lists:reverse(Ack)|split_node(T, Chr, [])];
+split_node([H|T], Chr, Ack) -> 
+    split_node(T, Chr, [H|Ack]);
+split_node([], _, Ack) -> 
+    [lists:reverse(Ack)].
+
+connect_hs_data(Kernel, Node, MyNode, Socket, Timer, Version, Ip, TcpPort, Address, Type) ->
+    common_hs_data(Kernel, MyNode, Socket, Timer, 
+		   #hs_data{other_node = Node,
+			    other_version = Version,
+			    f_address = 
+				fun(_,_) ->
+					#net_address{address = {Ip,TcpPort},
+						     host = Address,
+						     protocol = proxy,
+						     family = inet}
+				end,
+			    request_type = Type
+			   }).
+
+accept_hs_data(Kernel, MyNode, Socket, Timer, Allowed) ->
+    common_hs_data(Kernel, MyNode, Socket, Timer, #hs_data{
+					     allowed = Allowed,
+					     f_address = fun(S, N) -> 
+								 ssl_tls_dist_proxy:get_remote_id(S, N)
+							 end
+					    }).
+
+common_hs_data(Kernel, MyNode, Socket, Timer, HsData) ->
+    HsData#hs_data{
+      kernel_pid = Kernel,
+      this_node = MyNode,
+      socket = Socket,
+      timer = Timer,
+      this_flags = 0,
+      f_send = 
+	  fun(S,D) -> 
+		  gen_tcp:send(S,D) 
+	  end,
+      f_recv = 
+	  fun(S,N,T) -> 
+		  gen_tcp:recv(S,N,T) 
+	  end,
+      f_setopts_pre_nodeup = 
+	  fun(S) ->
+		  inet:setopts(S, [{active, false}, {packet, 4}])
+	  end,
+		   f_setopts_post_nodeup = 
+	  fun(S) -> 
+		  inet:setopts(S, [{deliver, port},{active, true}])
+	  end,
+      f_getll = 
+	  fun(S) -> 
+		  inet:getll(S) 
+	  end,
+      mf_tick = 
+	  fun(S) -> 
+		  gen_tcp:send(S, <<>>)
+	  end,
+      mf_getstat = 
+	  fun(S) ->
+		  {ok, Stats} = inet:getstat(S, [recv_cnt, send_cnt, send_pend]),
+		  R = proplists:get_value(recv_cnt, Stats, 0),
+		  W = proplists:get_value(send_cnt, Stats, 0),
+		  P = proplists:get_value(send_pend, Stats, 0),
+		  {ok, R,W,P}
+	  end}.
diff --git a/lib/ssl/src/ssl.app.src b/lib/ssl/src/ssl.app.src
index b9716786e6..13d5eaf4d7 100644
--- a/lib/ssl/src/ssl.app.src
+++ b/lib/ssl/src/ssl.app.src
@@ -4,11 +4,9 @@
     {modules, [ssl,
 	       ssl_app,
 	       ssl_sup,
-	       ssl_server,
-	       ssl_broker,
-	       ssl_broker_sup,
-	       ssl_prim,
-	       inet_ssl_dist,
+	       inet_tls_dist,
+	       ssl_tls_dist_proxy,
+	       ssl_dist_sup,
 	       ssl_tls1,
 	       ssl_ssl3,
 	       ssl_ssl2,
@@ -26,7 +24,7 @@
 	       ssl_certificate,
 	       ssl_alert
 	       ]},
-    {registered, [ssl_sup, ssl_server, ssl_broker_sup]},
+    {registered, [ssl_sup, ssl_manager]},
     {applications, [crypto, public_key, kernel, stdlib]},
     {env, []},
     {mod, {ssl_app, []}}]}.
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index 29674f30da..1b07e76d6a 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,6 +1,7 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
+  {"4.1.6", [{restart_application, ssl}]},
   {"4.1.5", [{restart_application, ssl}]},
   {"4.1.4", [{restart_application, ssl}]},
   {"4.1.3", [{restart_application, ssl}]},
@@ -10,6 +11,7 @@
   {"4.0.1", [{restart_application, ssl}]}
  ], 
  [
+  {"4.1.6", [{restart_application, ssl}]},
   {"4.1.5", [{restart_application, ssl}]},
   {"4.1.4", [{restart_application, ssl}]},
   {"4.1.3", [{restart_application, ssl}]},
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index d1ec0c141e..d0693445e0 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -25,18 +25,15 @@
 
 -export([start/0, start/1, stop/0, transport_accept/1,
 	 transport_accept/2, ssl_accept/1, ssl_accept/2, ssl_accept/3,
-	 ciphers/0, cipher_suites/0, cipher_suites/1, close/1, shutdown/2,
+	 cipher_suites/0, cipher_suites/1, close/1, shutdown/2,
 	 connect/3, connect/2, connect/4, connection_info/1,
-	 controlling_process/2, listen/2, pid/1, peername/1, recv/2, recv/3,
-	 send/2, getopts/2, setopts/2, seed/1, sockname/1, peercert/1,
-	 peercert/2, version/0, versions/0, session_info/1, format_error/1,
+	 controlling_process/2, listen/2, pid/1, peername/1, peercert/1,
+	 recv/2, recv/3, send/2, getopts/2, setopts/2, sockname/1,
+	 versions/0, session_info/1, format_error/1,
 	 renegotiate/1]).
 
-%% Should be deprecated as soon as old ssl is removed
-%%-deprecated({pid, 1, next_major_release}).
--deprecated({peercert, 2, next_major_release}).
+-deprecated({pid, 1, next_major_release}).
 
--include("ssl_int.hrl").
 -include("ssl_internal.hrl").
 -include("ssl_record.hrl").
 -include("ssl_cipher.hrl").
@@ -134,20 +131,13 @@ connect(Socket, SslOptions0, Timeout) when is_port(Socket) ->
 connect(Host, Port, Options) ->
     connect(Host, Port, Options, infinity).
 
-connect(Host, Port, Options0, Timeout) ->
-    case proplists:get_value(ssl_imp, Options0, new) of
-        new ->
-            new_connect(Host, Port, Options0, Timeout);
-        old ->
-	    %% Allow the option reuseaddr to be present
-	    %% so that new and old ssl can be run by the same
-	    %% code, however the option will be ignored by old ssl
-	    %% that hardcodes reuseaddr to true in its portprogram.
-	    Options1 = proplists:delete(reuseaddr, Options0),
-	    Options  = proplists:delete(ssl_imp, Options1),
-            old_connect(Host, Port, Options, Timeout);
-	Value ->
-	    {error, {eoptions, {ssl_imp, Value}}}
+connect(Host, Port, Options, Timeout) ->
+    try handle_options(Options, client) of
+	{ok, Config} ->
+	    do_connect(Host,Port,Config,Timeout)
+    catch
+	throw:Error ->
+	    Error
     end.
 
 %%--------------------------------------------------------------------
@@ -159,21 +149,19 @@ connect(Host, Port, Options0, Timeout) ->
 listen(_Port, []) ->
     {error, enooptions};
 listen(Port, Options0) ->
-    case proplists:get_value(ssl_imp, Options0, new) of
-	new ->
-	    new_listen(Port, Options0);
-	old ->
-	    %% Allow the option reuseaddr to be present
-	    %% so that new and old ssl can be run by the same
-	    %% code, however the option will be ignored by old ssl
-	    %% that hardcodes reuseaddr to true in its portprogram.
-	    Options1 = proplists:delete(reuseaddr, Options0),
-	    Options  = proplists:delete(ssl_imp, Options1),
-	    old_listen(Port, Options);
-	Value ->
-	    {error, {eoptions, {ssl_imp, Value}}}
+    try
+	{ok, Config} = handle_options(Options0, server),
+	#config{cb={CbModule, _, _, _},inet_user=Options} = Config,
+	case CbModule:listen(Port, Options) of
+	    {ok, ListenSocket} ->
+		{ok, #sslsocket{pid = {ListenSocket, Config}, fd = new_ssl}};
+	    Err = {error, _} ->
+		Err
+	end
+    catch
+	Error = {error, _} ->
+	    Error
     end.
-
 %%--------------------------------------------------------------------
 -spec transport_accept(#sslsocket{}) -> {ok, #sslsocket{}} |
 					{error, reason()}.
@@ -185,8 +173,7 @@ listen(Port, Options0) ->
 transport_accept(ListenSocket) ->
     transport_accept(ListenSocket, infinity).
 
-transport_accept(#sslsocket{pid = {ListenSocket, #config{cb=CbInfo, ssl=SslOpts}},
-                            fd = new_ssl}, Timeout) ->
+transport_accept(#sslsocket{pid = {ListenSocket, #config{cb=CbInfo, ssl=SslOpts}}}, Timeout) ->
     
     %% The setopt could have been invoked on the listen socket
     %% and options should be inherited.
@@ -208,12 +195,7 @@ transport_accept(#sslsocket{pid = {ListenSocket, #config{cb=CbInfo, ssl=SslOpts}
 	    end;
 	{error, Reason} ->
 	    {error, Reason}
-    end;
-
-transport_accept(#sslsocket{} = ListenSocket, Timeout) ->
-    ensure_old_ssl_started(),
-    {ok, Pid} = ssl_broker:start_broker(acceptor),
-    ssl_broker:transport_accept(Pid, ListenSocket, Timeout).
+    end.
 
 %%--------------------------------------------------------------------
 -spec ssl_accept(#sslsocket{}) -> ok | {error, reason()}.
@@ -227,16 +209,11 @@ transport_accept(#sslsocket{} = ListenSocket, Timeout) ->
 ssl_accept(ListenSocket) ->
     ssl_accept(ListenSocket, infinity).
 
-ssl_accept(#sslsocket{fd = new_ssl} = Socket, Timeout) ->
+ssl_accept(#sslsocket{} = Socket, Timeout) ->
     ssl_connection:handshake(Socket, Timeout);
     
 ssl_accept(ListenSocket, SslOptions)  when is_port(ListenSocket) -> 
-    ssl_accept(ListenSocket, SslOptions, infinity);
-
-%% Old ssl
-ssl_accept(#sslsocket{} = Socket, Timeout)  ->
-    ensure_old_ssl_started(),
-    ssl_broker:ssl_accept(Socket, Timeout).
+    ssl_accept(ListenSocket, SslOptions, infinity).
 
 ssl_accept(Socket, SslOptions, Timeout) when is_port(Socket) -> 
     EmulatedOptions = emulated_options(),
@@ -257,25 +234,18 @@ ssl_accept(Socket, SslOptions, Timeout) when is_port(Socket) ->
 %%
 %% Description: Close an ssl connection
 %%--------------------------------------------------------------------  
-close(#sslsocket{pid = {ListenSocket, #config{cb={CbMod,_, _, _}}}, fd = new_ssl}) ->
+close(#sslsocket{pid = {ListenSocket, #config{cb={CbMod,_, _, _}}}}) ->
     CbMod:close(ListenSocket);
-close(#sslsocket{pid = Pid, fd = new_ssl}) ->
-    ssl_connection:close(Pid);
-close(Socket = #sslsocket{}) ->
-    ensure_old_ssl_started(),
-    ssl_broker:close(Socket).
+close(#sslsocket{pid = Pid}) ->
+    ssl_connection:close(Pid).
 
 %%--------------------------------------------------------------------
 -spec send(#sslsocket{}, iodata()) -> ok | {error, reason()}.
 %% 
 %% Description: Sends data over the ssl connection
 %%--------------------------------------------------------------------
-send(#sslsocket{pid = Pid, fd = new_ssl}, Data) ->
-    ssl_connection:send(Pid, Data);
-
-send(#sslsocket{} = Socket, Data) -> 
-    ensure_old_ssl_started(),
-    ssl_broker:send(Socket, Data).
+send(#sslsocket{pid = Pid}, Data) ->
+    ssl_connection:send(Pid, Data).
 
 %%--------------------------------------------------------------------
 -spec recv(#sslsocket{}, integer()) -> {ok, binary()| list()} | {error, reason()}.
@@ -286,11 +256,7 @@ send(#sslsocket{} = Socket, Data) ->
 recv(Socket, Length) ->
     recv(Socket, Length, infinity).
 recv(#sslsocket{pid = Pid, fd = new_ssl}, Length, Timeout) ->
-    ssl_connection:recv(Pid, Length, Timeout);
-
-recv(Socket = #sslsocket{}, Length, Timeout) ->
-    ensure_old_ssl_started(),
-    ssl_broker:recv(Socket, Length, Timeout).
+    ssl_connection:recv(Pid, Length, Timeout).
 
 %%--------------------------------------------------------------------
 -spec controlling_process(#sslsocket{}, pid()) -> ok | {error, reason()}.
@@ -298,13 +264,8 @@ recv(Socket = #sslsocket{}, Length, Timeout) ->
 %% Description: Changes process that receives the messages when active = true
 %% or once. 
 %%--------------------------------------------------------------------
-controlling_process(#sslsocket{pid = Pid, fd = new_ssl}, NewOwner) 
-  when is_pid(Pid) ->
-    ssl_connection:new_user(Pid, NewOwner);
-
-controlling_process(Socket, NewOwner) when is_pid(NewOwner) ->
-    ensure_old_ssl_started(),
-    ssl_broker:controlling_process(Socket, NewOwner).
+controlling_process(#sslsocket{pid = Pid}, NewOwner) when is_pid(Pid) ->
+    ssl_connection:new_user(Pid, NewOwner).
 
 %%--------------------------------------------------------------------
 -spec connection_info(#sslsocket{}) -> 	{ok, {tls_atom_version(), erl_cipher_suite()}} | 
@@ -312,82 +273,31 @@ controlling_process(Socket, NewOwner) when is_pid(NewOwner) ->
 %%
 %% Description: Returns ssl protocol and cipher used for the connection
 %%--------------------------------------------------------------------
-connection_info(#sslsocket{pid = Pid, fd = new_ssl}) ->
-    ssl_connection:info(Pid);
+connection_info(#sslsocket{pid = Pid}) ->
+    ssl_connection:info(Pid).
 
-connection_info(#sslsocket{} = Socket) -> 
-    ensure_old_ssl_started(),
-    ssl_broker:connection_info(Socket).
+%%--------------------------------------------------------------------
+-spec peername(#sslsocket{}) -> {ok, {inet:ip_address(), inet:port_number()}} | {error, reason()}.
+%%
+%% Description: same as inet:peername/1.
+%%--------------------------------------------------------------------
+peername(#sslsocket{pid = Pid}) ->
+    ssl_connection:peername(Pid).
 
 %%--------------------------------------------------------------------
--spec peercert(#sslsocket{}) ->{ok, der_cert()} | {error, reason()}.
+-spec peercert(#sslsocket{}) ->{ok, DerCert::binary()} | {error, reason()}.
 %%
 %% Description: Returns the peercert.
 %%--------------------------------------------------------------------
-peercert(Socket) ->
-    peercert(Socket, []).
-
-peercert(#sslsocket{pid = Pid, fd = new_ssl}, Opts) ->
+peercert(#sslsocket{pid = Pid}) ->
     case ssl_connection:peer_certificate(Pid) of
 	{ok, undefined} ->
 	    {error, no_peercert};
-        {ok, BinCert} ->
-	    decode_peercert(BinCert, Opts);
-        {error, Reason}  ->
-            {error, Reason}
-    end;
-
-peercert(#sslsocket{} = Socket, Opts) ->
-    ensure_old_ssl_started(),
-    case ssl_broker:peercert(Socket) of
-        {ok, Bin} ->
-	    decode_peercert(Bin, Opts);
-        {error, Reason}  ->
-            {error, Reason}
-    end.
-
-
-decode_peercert(BinCert, Opts) ->
-    PKOpts = [case Opt of ssl -> otp; pkix -> plain end || 
-		 Opt <- Opts, Opt =:= ssl orelse Opt =:= pkix],
-    case PKOpts of
-	[Opt] ->
-	    select_part(Opt, public_key:pkix_decode_cert(BinCert, Opt), Opts);
-	[] ->
-	    {ok, BinCert}
-    end.
-
-select_part(otp, Cert, Opts) ->
-    case lists:member(subject, Opts) of 
-	true ->
-	    TBS = Cert#'OTPCertificate'.tbsCertificate,
-	    {ok, TBS#'OTPTBSCertificate'.subject};
-	false ->
-	    {ok, Cert}
-    end;
-
-select_part(plain, Cert, Opts) ->
-    case lists:member(subject, Opts) of 
-	true ->
-	    TBS = Cert#'Certificate'.tbsCertificate,
-	    {ok,  TBS#'TBSCertificate'.subject};
-	false ->
-	    {ok, Cert}
+        Result ->
+	    Result
     end.
 
 %%--------------------------------------------------------------------
--spec peername(#sslsocket{}) -> {ok, {inet:ip_address(), inet:port_number()}} | {error, reason()}.
-%%
-%% Description: same as inet:peername/1.
-%%--------------------------------------------------------------------
-peername(#sslsocket{fd = new_ssl, pid = Pid}) ->
-    ssl_connection:peername(Pid);
-
-peername(#sslsocket{} = Socket) ->
-    ensure_old_ssl_started(),
-    ssl_broker:peername(Socket).
-
-%%--------------------------------------------------------------------
 -spec cipher_suites() -> [erl_cipher_suite()].
 -spec cipher_suites(erlang | openssl) -> [erl_cipher_suite()] | [string()].
 			   
@@ -410,9 +320,9 @@ cipher_suites(openssl) ->
 %% 
 %% Description: Gets options
 %%--------------------------------------------------------------------
-getopts(#sslsocket{fd = new_ssl, pid = Pid}, OptionTags) when is_pid(Pid), is_list(OptionTags) ->
+getopts(#sslsocket{pid = Pid}, OptionTags) when is_pid(Pid), is_list(OptionTags) ->
     ssl_connection:get_opts(Pid, OptionTags);
-getopts(#sslsocket{fd = new_ssl, pid = {ListenSocket, _}}, OptionTags) when is_list(OptionTags) ->
+getopts(#sslsocket{pid = {ListenSocket, _}}, OptionTags) when is_list(OptionTags) ->
     try inet:getopts(ListenSocket, OptionTags) of
 	{ok, _} = Result ->
 	    Result;
@@ -422,18 +332,15 @@ getopts(#sslsocket{fd = new_ssl, pid = {ListenSocket, _}}, OptionTags) when is_l
 	_:_ ->
 	    {error, {eoptions, {inet_options, OptionTags}}}
     end;
-getopts(#sslsocket{fd = new_ssl}, OptionTags) ->
-    {error, {eoptions, {inet_options, OptionTags}}};
-getopts(#sslsocket{} = Socket, OptionTags) ->
-    ensure_old_ssl_started(),
-    ssl_broker:getopts(Socket, OptionTags).
+getopts(#sslsocket{}, OptionTags) ->
+    {error, {eoptions, {inet_options, OptionTags}}}.
 
 %%--------------------------------------------------------------------
 -spec setopts(#sslsocket{},  [gen_tcp:option()]) -> ok | {error, reason()}.
 %% 
 %% Description: Sets options
 %%--------------------------------------------------------------------
-setopts(#sslsocket{fd = new_ssl, pid = Pid}, Options0) when is_pid(Pid), is_list(Options0)  ->
+setopts(#sslsocket{pid = Pid}, Options0) when is_pid(Pid), is_list(Options0)  ->
     try proplists:expand([{binary, [{mode, binary}]},
 			  {list, [{mode, list}]}], Options0) of
 	Options ->
@@ -443,7 +350,7 @@ setopts(#sslsocket{fd = new_ssl, pid = Pid}, Options0) when is_pid(Pid), is_list
 	    {error, {eoptions, {not_a_proplist, Options0}}}
     end;
 
-setopts(#sslsocket{fd = new_ssl, pid = {ListenSocket, _}}, Options) when is_list(Options) ->
+setopts(#sslsocket{pid = {ListenSocket, _}}, Options) when is_list(Options) ->
     try inet:setopts(ListenSocket, Options) of
 	ok ->
 	    ok;
@@ -453,20 +360,17 @@ setopts(#sslsocket{fd = new_ssl, pid = {ListenSocket, _}}, Options) when is_list
 	_:Error ->
 	    {error, {eoptions, {inet_options, Options, Error}}}
     end;
-setopts(#sslsocket{fd = new_ssl}, Options) ->
-    {error, {eoptions,{not_a_proplist, Options}}};
-setopts(#sslsocket{} = Socket, Options) ->
-    ensure_old_ssl_started(),
-    ssl_broker:setopts(Socket, Options).
+setopts(#sslsocket{}, Options) ->
+    {error, {eoptions,{not_a_proplist, Options}}}.
 
 %%---------------------------------------------------------------
 -spec shutdown(#sslsocket{}, read | write | read_write) ->  ok | {error, reason()}.
 %%		      
 %% Description: Same as gen_tcp:shutdown/2
 %%--------------------------------------------------------------------
-shutdown(#sslsocket{pid = {ListenSocket, #config{cb={CbMod,_, _, _}}}, fd = new_ssl}, How) ->
+shutdown(#sslsocket{pid = {ListenSocket, #config{cb={CbMod,_, _, _}}}}, How) ->
     CbMod:shutdown(ListenSocket, How);
-shutdown(#sslsocket{pid = Pid, fd = new_ssl}, How) ->
+shutdown(#sslsocket{pid = Pid}, How) ->
     ssl_connection:shutdown(Pid, How).
 
 %%--------------------------------------------------------------------
@@ -474,25 +378,11 @@ shutdown(#sslsocket{pid = Pid, fd = new_ssl}, How) ->
 %%		     
 %% Description: Same as inet:sockname/1
 %%--------------------------------------------------------------------
-sockname(#sslsocket{fd = new_ssl, pid = {ListenSocket, _}}) ->
+sockname(#sslsocket{pid = {ListenSocket, _}}) ->
     inet:sockname(ListenSocket);
 
-sockname(#sslsocket{fd = new_ssl, pid = Pid}) ->
-    ssl_connection:sockname(Pid);
-
-sockname(#sslsocket{} = Socket) ->
-    ensure_old_ssl_started(),
-    ssl_broker:sockname(Socket).
-
-%%---------------------------------------------------------------
--spec seed(term()) ->term().
-%% 
-%% Description: Only used by old ssl.
-%%--------------------------------------------------------------------
-%% TODO: crypto:seed ?
-seed(Data) ->
-    ensure_old_ssl_started(),
-    ssl_server:seed(Data).
+sockname(#sslsocket{pid = Pid}) ->
+    ssl_connection:sockname(Pid).
 
 %%---------------------------------------------------------------
 -spec session_info(#sslsocket{}) -> {ok, list()} | {error, reason()}.
@@ -548,63 +438,6 @@ format_error(esslconnect) ->
 format_error({eoptions, Options}) ->
     lists:flatten(io_lib:format("Error in options list: ~p~n", [Options]));
 
-%%%%%%%%%%%%  START OLD SSL format_error %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-format_error(ebadsocket) ->
-    "Connection not found (internal error).";
-format_error(ebadstate) ->
-    "Connection not in connect state (internal error).";
-format_error(ebrokertype) ->
-    "Wrong broker type (internal error).";
-format_error(echaintoolong) ->
-    "The chain of certificates provided by peer is too long.";
-format_error(ecipher) ->
-    "Own list of specified ciphers is invalid.";
-format_error(ekeymismatch) ->
-    "Own private key does not match own certificate.";
-format_error(enoissuercert) ->
-    "Cannot find certificate of issuer of certificate provided by peer.";
-format_error(enoservercert) ->
-    "Attempt to do accept without having set own certificate.";
-format_error(enotlistener) ->
-    "Attempt to accept on a non-listening socket.";
-format_error(enoproxysocket) ->
-    "No proxy socket found (internal error or max number of file "
-        "descriptors exceeded).";
-format_error(enooptions) ->
-    "List of options is empty.";
-format_error(enotstarted) ->
-    "The SSL application has not been started.";
-format_error(eoptions) ->
-    "Invalid list of options.";
-format_error(epeercert) ->
-    "Certificate provided by peer is in error.";
-format_error(epeercertexpired) ->
-    "Certificate provided by peer has expired.";
-format_error(epeercertinvalid) ->
-    "Certificate provided by peer is invalid.";
-format_error(eselfsignedcert) ->
-    "Certificate provided by peer is self signed.";
-format_error(esslerrssl) ->
-    "SSL protocol failure. Typically because of a fatal alert from peer.";
-format_error(ewantconnect) ->
-    "Protocol wants to connect, which is not supported in this "
-        "version of the SSL application.";
-format_error(ex509lookup) ->
-    "Protocol wants X.509 lookup, which is not supported in this "
-        "version of the SSL application.";
-format_error({badcall, _Call}) ->
-    "Call not recognized for current mode (active or passive) and state "
-        "of socket.";
-format_error({badcast, _Cast}) ->
-    "Call not recognized for current mode (active or passive) and state "
-        "of socket.";
-
-format_error({badinfo, _Info}) ->
-    "Call not recognized for current mode (active or passive) and state "
-        "of socket.";
-
-%%%%%%%%%%%%%%%%%% END OLD SSL format_error %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
 format_error(Error) ->
     case (catch inet:format_error(Error)) of
         "unkknown POSIX" ++ _ ->
@@ -618,16 +451,7 @@ format_error(Error) ->
 %%%--------------------------------------------------------------
 %%% Internal functions
 %%%--------------------------------------------------------------------
-new_connect(Address, Port, Options, Timeout) when is_list(Options) ->
-    try handle_options(Options, client) of
-	{ok, Config} ->
-	    do_new_connect(Address,Port,Config,Timeout)
-    catch 
-	throw:Error ->
-	    Error
-    end.
-
-do_new_connect(Address, Port,
+do_connect(Address, Port,
 	       #config{cb=CbInfo, inet_user=UserOpts, ssl=SslOpts,
 		       emulated=EmOpts,inet_ssl=SocketOpts},
 	       Timeout) ->
@@ -647,35 +471,9 @@ do_new_connect(Address, Port,
 	    {error, {eoptions, {inet_options, UserOpts}}}
     end.
 
-old_connect(Address, Port, Options, Timeout) ->
-    ensure_old_ssl_started(),
-    {ok, Pid} = ssl_broker:start_broker(connector),
-    ssl_broker:connect(Pid, Address, Port, Options, Timeout).
-
-new_listen(Port, Options0) ->
-    try 
-	{ok, Config} = handle_options(Options0, server),
-	#config{cb={CbModule, _, _, _},inet_user=Options} = Config,
-	case CbModule:listen(Port, Options) of
-	    {ok, ListenSocket} ->
-		{ok, #sslsocket{pid = {ListenSocket, Config}, fd = new_ssl}};
-	    Err = {error, _} ->
-		Err
-	end
-    catch 
-	Error = {error, _} ->
-	    Error
-    end.
-	    
-old_listen(Port, Options) ->
-    ensure_old_ssl_started(),
-    {ok, Pid} = ssl_broker:start_broker(listener),
-    ssl_broker:listen(Pid, Port, Options).
-
 handle_options(Opts0, _Role) ->
     Opts = proplists:expand([{binary, [{mode, binary}]},
 			     {list, [{mode, list}]}], Opts0),
-    
     ReuseSessionFun = fun(_, _, _, _) -> true end,
 
     DefaultVerifyNoneFun =
@@ -742,7 +540,8 @@ handle_options(Opts0, _Role) ->
       secure_renegotiate = handle_option(secure_renegotiate, Opts, false),
       renegotiate_at = handle_option(renegotiate_at, Opts, ?DEFAULT_RENEGOTIATE_AT),
       debug      = handle_option(debug, Opts, []),
-      hibernate_after = handle_option(hibernate_after, Opts, undefined)
+      hibernate_after = handle_option(hibernate_after, Opts, undefined),
+      erl_dist = handle_option(erl_dist, Opts, false)
      },
 
     CbInfo  = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),    
@@ -751,7 +550,7 @@ handle_options(Opts0, _Role) ->
 		  depth, cert, certfile, key, keyfile,
 		  password, cacerts, cacertfile, dh, dhfile, ciphers,
 		  debug, reuse_session, reuse_sessions, ssl_imp,
-		  cb_info, renegotiate_at, secure_renegotiate, hibernate_after],
+		  cb_info, renegotiate_at, secure_renegotiate, hibernate_after, erl_dist],
     
     SockOpts = lists:foldl(fun(Key, PropList) -> 
 				   proplists:delete(Key, PropList)
@@ -768,8 +567,6 @@ handle_option(OptionName, Opts, Default) ->
 
 validate_option(versions, Versions)  ->
     validate_versions(Versions, Versions);
-validate_option(ssl_imp, Value) when Value == new; Value == old ->
-    Value;
 validate_option(verify, Value) 
   when Value == verify_none; Value == verify_peer ->
     Value;
@@ -811,8 +608,11 @@ validate_option(certfile, Value) when Value == undefined; is_list(Value) ->
 validate_option(key, undefined) ->
     undefined;
 validate_option(key, {KeyType, Value}) when is_binary(Value),
-					    KeyType == rsa;
-					    KeyType == dsa ->
+					    KeyType == rsa; %% Backwards compatibility
+					    KeyType == dsa; %% Backwards compatibility
+					    KeyType == 'RSAPrivateKey';
+					    KeyType == 'DSAPrivateKey';
+					    KeyType == 'PrivateKeyInfo' ->
     {KeyType, Value};
 validate_option(keyfile, Value) when is_list(Value) ->
     Value;
@@ -862,6 +662,9 @@ validate_option(hibernate_after, undefined) ->
     undefined;
 validate_option(hibernate_after, Value) when is_integer(Value), Value >= 0 ->
     Value;
+validate_option(erl_dist,Value) when Value == true; 
+				     Value == false ->
+    Value;
 validate_option(Opt, Value) ->
     throw({error, {eoptions, {Opt, Value}}}).
     
@@ -909,7 +712,6 @@ emulated_options() ->
 
 internal_inet_values() ->
     [{packet_size,0},{packet, 0},{header, 0},{active, false},{mode,binary}].
-    %%[{packet, ssl},{header, 0},{active, false},{mode,binary}].
 
 socket_options(InetValues) ->
     #socket_options{
@@ -970,47 +772,14 @@ cipher_suites(Version, Ciphers0)  ->
 
 no_format(Error) ->    
     lists:flatten(io_lib:format("No format string for error: \"~p\" available.", [Error])).
-
-%% Start old ssl port program if needed.
-ensure_old_ssl_started() ->
-    case whereis(ssl_server) of
-	undefined ->
-	    (catch supervisor:start_child(ssl_sup, 
-				   {ssl_server, {ssl_server, start_link, []},
-				    permanent, 2000, worker, [ssl_server]}));
-	_ ->
-	    ok
-    end.
-
-%%%%%%%%%%%%%%%% Deprecated %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-ciphers() -> 
-    ensure_old_ssl_started(),
-    case (catch ssl_server:ciphers()) of
-        {'EXIT', _} ->
-            {error, enotstarted};
-        Res = {ok, _}  ->
-            Res
-    end.
-
-version() -> 
-    ensure_old_ssl_started(),
-    SSLVsn = ?VSN,
-    {CompVsn, LibVsn} = case (catch ssl_server:version()) of
-                            {'EXIT', _} ->
-                                {"", ""};
-                            {ok, Vsns}  ->
-                                Vsns
-                        end,
-    {ok, {SSLVsn, CompVsn, LibVsn}}.
-
                                 
 %% Only used to remove exit messages from old ssl
 %% First is a nonsense clause to provide some
 %% backward compatibility for orber that uses this
 %% function in a none recommended way, but will
 %% work correctly if a valid pid is returned.
+%% Deprcated to be removed in r16
 pid(#sslsocket{fd = new_ssl}) ->
-    whereis(ssl_connection_sup);
+     whereis(ssl_connection_sup);
 pid(#sslsocket{pid = Pid}) ->
-    Pid.
+     Pid.
diff --git a/lib/ssl/src/ssl_app.erl b/lib/ssl/src/ssl_app.erl
index c9f81726b9..0c475a6d01 100644
--- a/lib/ssl/src/ssl_app.erl
+++ b/lib/ssl/src/ssl_app.erl
@@ -27,16 +27,9 @@
 
 -export([start/2, stop/1]).
 
-%%--------------------------------------------------------------------
--spec start(normal | {takeover, node()} | {failover, node()}, list()) -> 
-		   ignore | {ok, pid()} | {error, term()}.
-%%--------------------------------------------------------------------
 start(_Type, _StartArgs) ->
     ssl_sup:start_link().
 
-%--------------------------------------------------------------------
--spec stop(term())-> ok.
-%%-------------------------------------------------------------------- 
 stop(_State) ->
     ok.
 
diff --git a/lib/ssl/src/ssl_broker.erl b/lib/ssl/src/ssl_broker.erl
deleted file mode 100644
index 7ef88baf2b..0000000000
--- a/lib/ssl/src/ssl_broker.erl
+++ /dev/null
@@ -1,1188 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-
-%%% Purpose : SSL broker
-
--module(ssl_broker).
--behaviour(gen_server).
-
-%% This module implements brokers for ssl. A broker is either a connector, 
-%% an acceptor, or a listener. All brokers are children to ssl_broker_sup,
-%% to which they are linked. Each broker is also linked to ssl_server, and
-%% to its client.
-%%
-%% The purpose of the broker is to set up SSL connections through calls to
-%% ssl_server and gen_tcp. All control information goes to the server,
-%% while all data is exchanged directly between gen_tcp and the port program
-%% of the ssl_server.
-%%
-%% A broker is created by a call to start_broker/3 (do *not* use start_link/4
-%% - it is for ssl_broker_sup to call that one), and then call listen/3, 
-%% accept/4, or connect/5. 
-%%
-%% The following table shows all functions dependency on status, active 
-%% mode etc.
-%%
-%% Permitted status transitions: 
-%%
-%%		nil	->	open 
-%%		open	->	closing | closed (termination)
-%%		closing	->	closed (termination)
-%%
-%% We are rather sloppy about nil, and consider open/closing == !closed,
-%% open/closing/closed === any  etc.
-%%
-%%
-%%	function/	 valid			mode		new
-%%	message		 status					state
-%%								
-%%	calls							
-%%	-----							
-%%	recv		 open			passive		ditto
-%%	send		 open			any		ditto
-%%	transport_accept nil			any		open
-%%      ssl_accept       nil                    any             open
-%%	connect		 nil			any		open
-%%	listen		 nil			any		open
-%%	peername	 open/closing		any		ditto
-%%	setopts		 open/closing		any		ditto
-%%	getopts		 open/closing		any		ditto
-%%	sockname	 open/closing		any		ditto
-%%	peercert	 open/closing		any		ditto
-%%	inhibit		 any			any		ditto
-%%	release		 any			any		ditto
-%%	close		 any			any		closed (1)
-%%
-%%	info							
-%%	----							
-%%	tcp		 open			active		ditto
-%%	tcp_closed	 open | closing		active		closing
-%%	tcp_error	 open | closing		active		closing
-%%
-%%	(1) We just terminate.
-%%
-%% TODO
-%%
-%% XXX Timeouts are not checked (integer or infinity).
-%%
-%% XXX The collector thing is not gen_server compliant.
-%%
-%% NOTE: There are three different "modes": (a) passive or active mode,
-%% specified as {active, bool()}, and (b) list or binary mode, specified 
-%% as {mode, list | binary}, and (c) encrypted or clear mode
-%%
-
--include("ssl_int.hrl").
-
-%% External exports 
-
--export([start_broker/1, start_broker/2, start_link/3,
-	 transport_accept/3, ssl_accept/2,
-	 close/1, connect/5, connection_info/1, controlling_process/2,
-	 listen/3, recv/3, send/2, getopts/2, getopts/3, setopts/2,
-	 sockname/1, peername/1, peercert/1]).
-
--export([listen_prim/5, connect_prim/8,
-	 transport_accept_prim/5, ssl_accept_prim/6]).
-
-%% Internal exports 
-
--export([init/1, handle_call/3, handle_cast/2, handle_info/2,
-	 code_change/3, terminate/2, collector_init/1]).
-
--include("ssl_broker_int.hrl").
-
-%% start_broker(Type) -> {ok, Pid} | {error, Reason}
-%% start_broker(Type, GenOpts) -> {ok, Pid} | {error, Reason}
-%%            Type = accept | connect | listen
-%%            GenOpts = /standard gen_server options/
-%%
-%% This is the function to be called from the interface module ssl.erl.
-%% Links to the caller.
-%%
-start_broker(Type) ->
-    start_broker(Type, []).
-
-start_broker(Type, GenOpts) ->
-    case lists:member(Type, [listener, acceptor, connector]) of
-	true ->
-	    case supervisor:start_child(ssl_broker_sup, 
-					[self(), Type, GenOpts]) of
-		{ok, Pid} ->
-		    link(Pid),
-		    {ok, Pid};
-		{error, Reason} ->
-		    {error, Reason}
-	    end;
-	false  ->
-	    {error, ebrokertype}
-    end.
-
-%% start_link(Client, Type, GenOpts) -> {ok, Pid} | {error, Reason}
-%%	      
-%%	Type = accept | connect | listen
-%%	GenOpts = /standard gen_server options/
-%%
-%% This function is called by ssl_broker_sup and must *not* be called
-%% from an interface module (ssl.erl).
-
-start_link(Client, Type, GenOpts) ->
-    gen_server:start_link(?MODULE, [Client, Type], GenOpts).
-
-
-%% accept(Pid, ListenSocket, Timeout) -> {ok, Socket} | {error, Reason}
-%%  
-%% Types:   Pid = pid() of acceptor
-%%          ListenSocket = Socket = sslsocket()
-%% 	    Timeout = timeout()
-%%
-%% accept(Pid, ListenSocket, Timeout) 
-%%   when is_pid(Pid), is_record(ListenSocket, sslsocket) ->
-%%     Req = {accept, self(), ListenSocket, Timeout},
-%%     gen_server:call(Pid, Req, infinity).
-
-%% transport_accept(Pid, ListenSocket, Timeout) -> {ok, Socket} | 
-%% 						   {error, Reason}
-%%  
-%% Types:   Pid = pid() of acceptor
-%%          ListenSocket = Socket = sslsocket()
-%% 	    Timeout = timeout()
-%%
-transport_accept(Pid, #sslsocket{} = ListenSocket, Timeout) when is_pid(Pid) ->
-     Req = {transport_accept, self(), ListenSocket, Timeout},
-     gen_server:call(Pid, Req, infinity).
-
-%% ssl_accept(Pid, Socket, Timeout) -> {ok, Socket} | {error, Reason}
-%%
-%% Types:   Pid = pid() of acceptor
-%%          ListenSocket = Socket = sslsocket()
-%% 	    Timeout = timeout()
-%%
-ssl_accept(#sslsocket{pid = Pid} = Socket, Timeout) ->
-    Req = {ssl_accept, self(), Socket, Timeout},
-    gen_server:call(Pid, Req, infinity).
-
-%% close(Socket) -> ok | {error, Reason}
-%%  
-%% Types:   Socket = sslsocket() | pid()
-%%
-close(#sslsocket{pid = Pid}) ->
-    close(Pid);
-close(Pid) when is_pid(Pid) ->
-    gen_server:call(Pid, {close, self()}, infinity).
-
-%% connect(Pid, Address, Port, Opts, Timeout) -> {ok, Socket} | {error, Reason}
-%%  
-%% Types:   Pid = pid() of connector
-%%          Address  = string() | {byte(), byte(), byte(), byte()}
-%%          Port = int()
-%%          Opts = options()
-%% 	    Timeout = timeout()
-%%          Socket = sslsocket()
-%%
-connect(Pid, Address, Port, Opts, Timeout) when is_pid(Pid), is_list(Opts) ->
-    case are_connect_opts(Opts) of
-	true ->
-	    Req = {connect, self(), Address, Port, Opts, Timeout},
-	    gen_server:call(Pid, Req, infinity);
-	false  ->
-	    {error, eoptions}
-    end.
-
-%%
-%% connection_info(Socket) -> {ok, {Protocol, Cipher} | {error, Reason}
-%%
-connection_info(#sslsocket{pid = Pid}) ->
-    Req = {connection_info, self()},
-    gen_server:call(Pid, Req, infinity).
-
-%% controlling_process(Socket, NewOwner) -> ok | {error, Reason}
-
-controlling_process(#sslsocket{pid = Pid}, NewOwner) when is_pid(NewOwner) ->
-    case gen_server:call(Pid, {inhibit_msgs, self()}, infinity) of
-	ok ->
-	    transfer_messages(Pid, NewOwner),
-	    gen_server:call(Pid, {release_msgs, self(), NewOwner}, infinity);
-	Error ->
-	    Error
-    end.
-
-%% listen(Pid, Port, Opts) -> {ok, ListenSocket} | {error, Reason}
-%%  
-%% Types:   Pid = pid() of listener
-%%          Port = int()
-%%          Opts = options()
-%%          ListenSocket = sslsocket()
-%%
-listen(Pid, Port, Opts) when is_pid(Pid) ->
-    case are_listen_opts(Opts) of
-	true ->
-	    Req = {listen, self(), Port, Opts}, 
-	    gen_server:call(Pid, Req, infinity);
-	false  ->
-	    {error, eoptions}
-    end.
-
-
-%%
-%% peername(Socket) -> {ok, {Address, Port}} | {error, Reason}
-%%
-peername(#sslsocket{pid = Pid}) ->
-    Req = {peername, self()},
-    gen_server:call(Pid, Req, infinity).
-
-
-%% recv(Socket, Length, Timeout) -> {ok, Data} | {error, Reason}
-%%
-%% Types:   Socket = sslsocket()
-%%          Length = Timeout = integer()
-%%          Data = bytes() | binary()
-%%
-recv(#sslsocket{pid = Pid}, Length, Timeout) ->
-    Req = {recv, self(), Length, Timeout}, 
-    gen_server:call(Pid, Req, infinity).
-
-
-%% send(Socket, Data) -> ok | {error, Reason}
-%%  
-%% Types:   Socket = sslsocket()
-%%
-send(#sslsocket{pid = Pid}, Data) ->
-    gen_server:call(Pid, {send, self(), Data}, infinity).
-
-
-%% getopts(Socket, OptTags) -> {ok, Opts} | {error, einval}
-%%  
-%% Types:	Pid = pid() of broker
-%%  		Timeout = timeout()
-%%		OptTags = option_tags()
-%%		Opts = options()
-%%
-getopts(Socket, OptTags) ->
-    getopts(Socket, OptTags, infinity).
-
-getopts(#sslsocket{pid = Pid}, OptTags, Timeout) when is_list(OptTags) ->
-    Req = {getopts, self(), OptTags}, 
-    gen_server:call(Pid, Req, Timeout).
-
-
-%%
-%% setopts(Socket, Opts) -> ok | {error, Reason}
-%%
-setopts(#sslsocket{pid = Pid}, Opts) ->
-    Req = {setopts, self(), Opts},
-    gen_server:call(Pid, Req, infinity).
-
-%%
-%% sockname(Socket) -> {ok, {Address, Port}} | {error, Reason}
-%%
-sockname(#sslsocket{pid = Pid}) ->
-    Req = {sockname, self()},
-    gen_server:call(Pid, Req, infinity).
-
-
-%%
-%% peercert(Socket) -> {ok, Cert} | {error, Reason}
-%%
-peercert(#sslsocket{pid = Pid}) ->
-    Req = {peercert, self()},
-    gen_server:call(Pid, Req, infinity).
-
-%%
-%%  INIT
-%%
-
-%% init
-%%
-init([Client, Type]) ->
-    process_flag(trap_exit, true),
-    link(Client),
-    Debug = case application:get_env(ssl, edebug) of
-		{ok, true} -> 
-		    true;
-		_ ->
-		    case application:get_env(ssl, debug) of
-			{ok, true} ->
-			    true;
-			_  ->
-			    os:getenv("ERL_SSL_DEBUG") =/= false
-		    end
-	    end,
-    Server = whereis(ssl_server),
-    if 
-	is_pid(Server) ->
-	    link(Server),
-	    debug1(Debug, Type, "in start, client = ~w", [Client]),
-	    {ok, #st{brokertype = Type, server = Server, client = Client,
-		     collector = Client, debug = Debug}};
-	true  ->
-	    {stop, no_ssl_server}
-    end.
-
-
-%%
-%% HANDLE CALL
-%%
-
-%% recv - passive mode
-%%
-handle_call({recv, Client, Length, Timeout}, _From,
-	    #st{active = false, proxysock = Proxysock, status = Status} = St) ->
-    debug(St, "recv: client = ~w~n", [Client]),
-    if 
-	Status =/= open ->
- 	    {reply, {error, closed}, St};
-	true ->
-	    case gen_tcp:recv(Proxysock, Length, Timeout) of
-		{ok, Data} ->
-		    {reply, {ok, Data}, St};
-		{error, timeout} ->
-		    {reply, {error, timeout}, St};
-		{error, Reason} ->
-		    {reply, {error, Reason}, St#st{status = closing}}
-	    end
-    end;
-
-%% send
-%% 
-handle_call({send, Client, Data}, _From, St) ->
-    debug(St, "send: client = ~w~n", [Client]),
-    if 
-	St#st.status =/= open ->
- 	    {reply, {error, closed}, St};
-	true ->
-	    case gen_tcp:send(St#st.proxysock, Data) of
-		ok ->
-		    {reply, ok, St};
-		{error, _Reason} ->
-		    {reply, {error, closed}, St#st{status = closing}}
-	    end
-    end;
-
-%% transport_accept 
-%% 
-%% Client = pid of client 
-%% ListenSocket = sslsocket()
-%%
-handle_call({transport_accept, Client, ListenSocket, Timeout}, _From, St) ->
-    debug(St, "transport_accept: client = ~w, listensocket = ~w~n", 
-	  [Client, ListenSocket]),
-    case getopts(ListenSocket, tcp_listen_opt_tags(), ?DEF_TIMEOUT) of 
-	{ok, LOpts} ->
-	    case transport_accept_prim(
-		   ssl_server, ListenSocket#sslsocket.fd, LOpts, Timeout, St) of
-		{ok, ThisSocket, NSt} ->
-		    {reply, {ok, ThisSocket}, NSt};
-		{error, Reason, St} ->
-		    What = what(Reason),
-		    {stop, normal, {error, What}, St}
-	    end;
-	{error, Reason} ->
-	    What = what(Reason),
-	    {stop, normal, {error, What}, St}
-    end;
-
-%% ssl_accept 
-%% 
-%% Client = pid of client 
-%% ListenSocket = sslsocket()
-%%
-handle_call({ssl_accept, Client, Socket, Timeout}, _From, St) ->
-    debug(St, "ssl_accept: client = ~w, socket = ~w~n", [Client, Socket]),
-    case ssl_accept_prim(ssl_server, gen_tcp, Client, St#st.opts, Timeout, St#st{thissock=Socket}) of
-	{ok, Socket, NSt} ->
-	    {reply, ok, NSt};
-	{error, Reason, St} ->
-	    What = what(Reason),
-	    {stop, normal, {error, What}, St}
-    end;
-
-%% connect
-%%
-%% Client = client pid
-%% Address = hostname | ipstring | IP
-%% Port = integer()
-%% Opts = options()
-%%
-handle_call({connect, Client, Address, Port, Opts, Timeout}, _From, St) ->
-    debug(St, "connect: client = ~w, address = ~p, port = ~w~n",
-	  [Client, Address, Port]),
-    case connect_prim(ssl_server, gen_tcp, Client, Address, Port, Opts, 
-		      Timeout, St) of
-	{ok, Res, NSt} ->
-	    {reply, {ok, Res}, NSt};
-	{error, Reason, NSt} ->
-	    What = what(Reason),
-	    {stop, normal, {error, What}, NSt}
-    end;
-
-%% connection_info
-%%
-handle_call({connection_info, Client}, _From, St) ->
-    debug(St, "connection_info: client = ~w~n", [Client]),
-    Reply = ssl_server:connection_info(St#st.fd),
-    {reply, Reply, St};
-
-%% close from client
-%%
-handle_call({close, Client}, _From, St) ->
-    debug(St, "close: client = ~w~n", [Client]),
-    %% Terminate
-    {stop, normal, ok, St#st{status = closed}};
-
-%% listen
-%% 
-%% Client = pid of client
-%% Port = int()
-%% Opts = options()
-%%
-handle_call({listen, Client, Port, Opts}, _From, St) ->
-    debug(St, "listen: client = ~w, port = ~w~n",
-	  [Client, Port]),
-    case listen_prim(ssl_server, Client, Port, Opts, St) of
-	{ok, Res, NSt} ->
-	    {reply, {ok, Res}, NSt};
-	{error, Reason, NSt} ->
-	    What = what(Reason),
-	    {stop, normal, {error, What}, NSt}
-    end;
-
-%% peername
-%%
-handle_call({peername, Client}, _From, St) ->
-    debug(St, "peername: client = ~w~n", [Client]),
-    Reply = case ssl_server:peername(St#st.fd) of
-		{ok, {Address, Port}} ->
-		    {ok, At} = inet_parse:ipv4_address(Address),
-		    {ok, {At, Port}};
-		Error ->
-		    Error
-	    end,
-    {reply, Reply, St};
-
-%% setopts
-%%
-handle_call({setopts, Client, Opts0}, _From, St0) ->
-    debug(St0, "setopts: client = ~w~n", [Client]),
-    OptsOK = case St0#st.brokertype of
-		 listener ->
-		     are_opts(fun is_tcp_listen_opt/1, Opts0);
-		 acceptor ->
-		     are_opts(fun is_tcp_accept_opt/1, Opts0);
-		 connector ->
-		     are_opts(fun is_tcp_connect_opt/1, Opts0)
-	     end,
-    if 
-	OptsOK =:= false ->
-	    {reply, {error, eoptions}, St0};
-	true ->
-	    Opts1 = lists:keydelete(nodelay, 1, Opts0),
-	    case inet:setopts(St0#st.proxysock, Opts1) of
-		ok ->
-		    Opts2 = replace_opts(Opts1, St0#st.opts),
-		    Active = get_active(Opts2),
-		    St2 = St0#st{opts = Opts2, 
-				 active = Active},
-		    case get_nodelay(Opts0) of
-			empty ->
-			    {reply, ok, St2};
-			Bool ->
-			    case setnodelay(ssl_server, St0, Bool) of
-				ok ->
-				    Opts3 = replace_opts([{nodelay, Bool}],
-							 Opts2),
-				    St3 = St0#st{opts = Opts3, 
-						 active = Active},
-				    {reply, ok, St3};
-				{error, Reason} ->
-				    {reply, {error, Reason}, St2}
-			    end
-		    end;
-		{error, Reason} ->
-		    {reply, {error, Reason}, St0}
-	    end
-    end;
-
-%% sockname
-%%
-handle_call({sockname, Client}, _From, St) ->
-    debug(St, "sockname: client = ~w~n", [Client]),
-    Reply = case ssl_server:sockname(St#st.fd) of
-		{ok, {Address, Port}} ->
-		    {ok, At} = inet_parse:ipv4_address(Address),
-		    {ok, {At, Port}};
-		Error ->
-		    Error
-	    end,
-    {reply, Reply, St};
-
-%% peercert
-%%
-handle_call({peercert, Client}, _From, St) ->
-    debug(St, "peercert: client = ~w~n", [Client]),
-    Reply = ssl_server:peercert(St#st.fd),
-    {reply, Reply, St};
-
-%% inhibit msgs
-%%
-handle_call({inhibit_msgs, Client}, _From, #st{client = Client} = St) ->
-    debug(St, "inhibit_msgs: client = ~w~n", [Client]),
-    {ok, Collector} = start_collector(),
-    {reply, ok, St#st{collector = Collector}};
-
-%% release msgs
-%%
-handle_call({release_msgs, Client, NewClient}, _From,
-	    #st{client = Client, collector = Collector} = St) ->
-    debug(St, "release_msgs: client = ~w~n", [Client]),
-    unlink(Client),
-    link(NewClient),
-    release_collector(Collector, NewClient),
-    NSt = St#st{client = NewClient, collector = NewClient},
-    {reply, ok, NSt};
-
-%% getopts
-%%
-handle_call({getopts, Client, OptTags}, _From, St) ->
-    debug(St, "getopts: client = ~w~n", [Client]),
-    Reply = case are_opt_tags(St#st.brokertype, OptTags) of
-		true ->
-		    {ok, extract_opts(OptTags, St#st.opts)};
-		_ ->
-		    {error, einval}
-	    end,
-    {reply, Reply, St};
-
-%% bad call
-%%
-handle_call(Request, _From, St) ->
-    debug(St, "++++ ssl_broker: bad call: ~w~n", [Request]),
-    {reply, {error, {badcall, Request}}, St}.
-
-%%
-%% HANDLE CAST
-%%
-
-handle_cast(Request, St) ->
-    debug(St, "++++ ssl_broker: bad cast: ~w~n", [Request]),
-    {stop, {error, {badcast, Request}}, St}.
-
-%% 
-%% HANDLE INFO
-%%
-
-%% tcp - active mode
-%%
-%% The collector is different from client only during change of
-%% controlling process.
-%%
-handle_info({tcp, Socket, Data},
-	    #st{active = Active, collector = Collector, status = open,
-		proxysock = Socket, thissock = Thissock} = St) 
-  when Active =/= false ->
-    debug(St, "tcp: socket = ~w~n", [Socket]),
-    Msg = {ssl, Thissock, Data},
-    Collector ! Msg,
-    if
-	Active =:= once -> 
-	    {noreply, St#st{active = false}};
-	true -> 
-	    {noreply, St}
-    end;
-
-%% tcp_closed - from proxy socket, active mode
-%%
-%%
-handle_info({tcp_closed, Socket},
-	    #st{active = Active, collector = Collector,
-		proxysock = Socket, thissock = Thissock} = St) 
-  when Active =/= false ->
-    debug(St, "tcp_closed: socket = ~w~n", [Socket]),
-    Msg = {ssl_closed, Thissock},
-    Collector ! Msg,
-    if
-	Active =:= once -> 
-	    {noreply, St#st{status = closing, active = false}};
-	true ->
-	    {noreply, St#st{status = closing}}
-    end;
-
-%% tcp_error - from proxy socket, active mode
-%%
-%%
-handle_info({tcp_error, Socket, Reason},
-	    #st{active = Active, collector = Collector,
-		proxysock = Socket} = St) 
-  when Active =/= false ->
-    debug(St, "tcp_error: socket = ~w, reason = ~w~n", [Socket, Reason]),
-    Msg = {ssl_error, Socket, Reason},
-    Collector ! Msg,
-    if
-	Active =:= once -> 
-	    {noreply, St#st{status = closing, active = false}};
-	true ->
-	    {noreply, St#st{status = closing}}
-    end;
-
-%% EXIT - from client
-%% 
-%%
-handle_info({'EXIT', Client, Reason}, #st{client = Client} = St) ->
-    debug(St, "exit client: client = ~w, reason = ~w~n", [Client, Reason]),
-    {stop, normal, St#st{status = closed}};	% do not make noise
-
-%% EXIT - from server
-%%
-%%
-handle_info({'EXIT', Server, Reason}, #st{server = Server} = St) ->
-    debug(St, "exit server: reason = ~w~n", [Reason]),
-    {stop, Reason, St};
-
-%% handle info catch all
-%%
-handle_info(Info, St) ->
-    debug(St, " bad info: ~w~n", [Info]),
-    {stop, {error, {badinfo, Info}}, St}.
-
-
-%% terminate
-%%
-%% 
-terminate(Reason, St) ->
-    debug(St, "in terminate reason: ~w, state: ~w~n", [Reason, St]),
-    ok.
-
-%% code_change
-%%
-%%
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-%%
-%% Primitive interface
-%%
-listen_prim(ServerName, Client, Port, Opts, St) ->
-    LOpts = get_tcp_listen_opts(Opts),
-    SSLOpts = get_ssl_opts(Opts),
-    FlagStr =mk_ssl_optstr(SSLOpts),
-    BackLog = get_backlog(LOpts),
-    IP = get_ip(LOpts),
-    case ssl_server:listen_prim(ServerName, IP, Port, FlagStr, BackLog) of
-	{ok, ListenFd, _Port0} ->
-	    ThisSocket = #sslsocket{fd = ListenFd, pid = self()},
-	    StOpts = add_default_tcp_listen_opts(LOpts) ++
-		add_default_ssl_opts(SSLOpts),
-	    NSt = St#st{fd = ListenFd, 
-			active = get_active(LOpts), % irrelevant for listen
-			opts = StOpts,
-			thissock = ThisSocket, 
-			status = open},
-	    debug(St, "listen: ok: client = ~w, listenfd = ~w~n", 
-		  [Client, ListenFd]),
-	    {ok, ThisSocket, NSt};
-	{error, Reason} ->
-	    {error, Reason, St}
-    end.
-
-connect_prim(ServerName, TcpModule, Client, FAddress, FPort, Opts, 
-	     Timeout, St) ->
-    COpts = get_tcp_connect_opts(Opts),
-    SSLOpts = get_ssl_opts(Opts),
-    FlagStr = mk_ssl_optstr(SSLOpts),
-    case inet:getaddr(FAddress, inet) of
-	{ok, FIP} ->
-	    %% Timeout is gen_server timeout - hence catch
-	    LIP = get_ip(COpts),
-	    LPort = get_port(COpts),
-	    case (catch ssl_server:connect_prim(ServerName, 
-						LIP, LPort, FIP, FPort, 
-						FlagStr, Timeout)) of
-		{ok, Fd, ProxyPort} ->
-		    case connect_proxy(ServerName, TcpModule, Fd, 
-				       ProxyPort, COpts, Timeout) of
-			{ok, Socket} ->
-			    ThisSocket = #sslsocket{fd = Fd, pid = self()}, 
-			    StOpts = add_default_tcp_connect_opts(COpts) ++
-				add_default_ssl_opts(SSLOpts),
-			    NSt = St#st{fd = Fd, 
-					active = get_active(COpts),
-					opts = StOpts,
-					thissock = ThisSocket, 
-					proxysock = Socket, 
-					status = open},
-			    case get_nodelay(COpts) of
-				true -> setnodelay(ServerName, NSt, true);
-				_ -> ok
-			    end,
-			    debug(St, "connect: ok: client = ~w, fd = ~w~n",
-				  [Client, Fd]),
-			    {ok, ThisSocket, NSt};
-			{error, Reason} ->
-			    {error, Reason, St}
-		    end;
-		{'EXIT', Reason} ->
-		    {error, Reason, St};
-		{error, Reason} ->
-		    {error, Reason, St}
-	    end;
-	{error, Reason} ->
-	    {error, Reason, St}
-    end.
-
-transport_accept_prim(ServerName, ListenFd, LOpts, Timeout, St) -> 
-    AOpts = get_tcp_accept_opts(LOpts),
-    FlagStr = "",
-    %% Timeout is gen_server timeout - hence catch.
-    case (catch ssl_server:transport_accept_prim(ServerName, ListenFd,
-						 FlagStr, Timeout)) of 
-	{ok, Fd, ProxyPort} ->
-	    ThisSocket = #sslsocket{fd = Fd, pid = self()}, 
-	    NSt = St#st{fd = Fd, 
-			active = get_active(AOpts),
-			opts = AOpts,
-			thissock = ThisSocket,
-			proxyport = ProxyPort,
-			encrypted = false},
-	    debug(St, "transport_accept: ok: fd = ~w~n", [Fd]),
-	    {ok, ThisSocket, NSt};
-	{'EXIT', Reason} ->
-	    debug(St, "transport_accept: EXIT: Reason = ~w~n", [Reason]),
-	    {error, Reason, St};
-	{error, Reason} ->
-	    debug(St, "transport_accept: error: Reason = ~w~n", [Reason]),
-	    {error, Reason, St}
-    end.
-
-ssl_accept_prim(ServerName, TcpModule, Client, LOpts, Timeout, St) -> 
-    FlagStr = [],
-    SSLOpts = [],
-    AOpts = get_tcp_accept_opts(LOpts),
-    %% Timeout is gen_server timeout - hence catch.
-    debug(St, "ssl_accept_prim: self() ~w Client ~w~n", [self(), Client]),
-    Socket = St#st.thissock,
-    Fd = Socket#sslsocket.fd,
-    A = (catch ssl_server:ssl_accept_prim(ServerName, Fd, FlagStr, Timeout)),
-    debug(St, "ssl_accept_prim: ~w~n", [A]),
-    case A of 
-	ok ->
-	    B = connect_proxy(ServerName, TcpModule, Fd, 
-			       St#st.proxyport, AOpts, Timeout),
-	    debug(St, "ssl_accept_prim: connect_proxy ~w~n", [B]),
-	    case B of
-		{ok, Socket2} ->
-		    StOpts = add_default_tcp_accept_opts(AOpts) ++
-			add_default_ssl_opts(SSLOpts),
-		    NSt = St#st{opts = StOpts,
-				proxysock = Socket2,
-				encrypted = true,
-				status = open},
-		    case get_nodelay(AOpts) of
-			true -> setnodelay(ServerName, NSt, true);
-			_ -> ok
-		    end,
-		    debug(St, "transport_accept: ok: client = ~w, fd = ~w~n",
-			  [Client, Fd]),
-		    {ok, St#st.thissock, NSt};
-		{error, Reason} ->
-		    {error, Reason, St}
-	    end;
-	{'EXIT', Reason} ->
-	    {error, Reason, St};
-	{error, Reason} ->
-	    {error, Reason, St}
-    end.
-
-
-%%
-%% LOCAL FUNCTIONS
-%%
-
-%% 
-%% connect_proxy(Fd, ProxyPort, TOpts, Timeout) -> {ok, Socket} | 
-%%						   {error, Reason}
-%%
-connect_proxy(ServerName, TcpModule, Fd, ProxyPort, TOpts, Timeout) ->
-    case TcpModule:connect({127, 0, 0, 1}, ProxyPort, TOpts, Timeout) of
-	{ok, Socket} ->
-	    {ok, Port} = inet:port(Socket),
-	    A = ssl_server:proxy_join_prim(ServerName, Fd, Port),
-	    case A of
-		ok ->
-		    {ok, Socket};
-		Error ->
-		    Error
-	    end;
-	Error ->
-	    Error
-    end.
-
-
-setnodelay(ServerName, St, Bool) ->
-    case ssl_server:setnodelay_prim(ServerName, St#st.fd, Bool) of
-	ok ->
-	    case inet:setopts(St#st.proxysock, [{nodelay, Bool}]) of
-		ok ->
-		    ok;
-		{error, Reason} ->
-		    {error, Reason}
-	    end;
-	{error, Reason} ->
-	    {error, Reason}
-    end.
-
-%%
-%% start_collector()
-%%
-%% A collector is a little process that keeps messages during change of
-%% controlling process. 
-%% XXX This is not gen_server compliant :-(.
-%%
-start_collector() ->
-    Pid = spawn_link(?MODULE, collector_init, [self()]),
-    {ok, Pid}.
-
-%%
-%% release_collector(Collector, NewOwner)
-%%
-release_collector(Collector, NewOwner) ->
-    Collector ! {release, self(), NewOwner},
-    receive
-	%% Reap collector
-	{'EXIT', Collector, normal} ->
-	    ok
-    end.
-
-%%
-%% collector_init(Broker) -> void()
-%%
-collector_init(Broker) ->
-    receive
-	{release, Broker, NewOwner} ->
-	    transfer_messages(Broker, NewOwner)
-    end.
-
-%% 
-%% transfer_messages(Pid, NewOwner) -> void()
-%%
-transfer_messages(Pid, NewOwner) ->    
-    receive
-	{ssl, Sock, Data} ->
-	    NewOwner ! {ssl, Sock, Data},
-	    transfer_messages(Pid, NewOwner);
-	{ssl_closed, Sock} ->
-	    NewOwner ! {ssl_closed, Sock},
-	    transfer_messages(Pid, NewOwner);
-	{ssl_error, Sock, Reason} ->
-	    NewOwner ! {ssl_error, Sock, Reason},
-	    transfer_messages(Pid, NewOwner)
-    after 0 ->
-	    ok
-    end.
-
-%%
-%% debug(St, Format, Args) -> void() - printouts
-%%
-debug(St, Format, Args) ->
-    debug1(St#st.debug, St#st.brokertype, Format, Args).
-
-debug1(true, Type, Format0, Args) ->
-    {_MS, S, MiS} = erlang:now(),
-    Secs = S rem 100, 
-    MiSecs = MiS div 1000,
-    Format = "++++ ~3..0w:~3..0w ssl_broker (~w)[~w]: " ++ Format0, 
-    io:format(Format, [Secs, MiSecs, self(), Type| Args]);
-debug1(_, _, _, _) ->
-    ok.
-
-%%
-%% what(Reason) -> What
-%% 
-what(Reason) when is_atom(Reason) ->
-    Reason;
-what({'EXIT', Reason}) ->
-    what(Reason);
-what({What, _Where}) when is_atom(What) ->
-    What;
-what(Reason) ->
-    Reason.
-
-
-%%
-%% OPTIONS
-%%
-%% Note that `accept' has no options when invoked, but get all its options
-%% by inheritance from `listen'. 
-%%
-
-are_opt_tags(listener, OptTags) ->
-    is_subset(OptTags, listen_opt_tags());
-are_opt_tags(acceptor, OptTags) ->
-    is_subset(OptTags, accept_opt_tags());
-are_opt_tags(connector, OptTags) ->
-    is_subset(OptTags, connect_opt_tags()).
-
-listen_opt_tags() ->				
-    tcp_listen_opt_tags() ++ ssl_opt_tags().
-
-accept_opt_tags() ->
-    tcp_gen_opt_tags().
-
-connect_opt_tags() ->
-    tcp_gen_opt_tags() ++ ssl_opt_tags().
-
-tcp_listen_opt_tags() ->				
-    tcp_gen_opt_tags() ++ tcp_listen_only_opt_tags().
-
-tcp_gen_opt_tags() ->
-    %% All except `reuseaddr' and `deliver'.	
-    [nodelay, active, packet, mode, header].	
-
-tcp_listen_only_opt_tags() ->
-    [ip, backlog].
-
-ssl_opt_tags() ->
-    %% XXX Should remove cachetimeout.
-    [verify, depth, certfile, password, cacertfile, ciphers, cachetimeout].
-
-%% Options
-
-%%
-%% are_*_opts(Opts) -> boolean()
-%%
-are_connect_opts(Opts) ->
-    are_opts(fun is_connect_opt/1, Opts).
-
-are_listen_opts(Opts) ->
-    are_opts(fun is_listen_opt/1, Opts).
-
-are_opts(F, Opts) ->
-    lists:all(F, transform_opts(Opts)).
-
-%%
-%% get_*_opts(Opts) -> Value
-%%
-get_tcp_accept_opts(Opts) ->
-    [O || O <- transform_opts(Opts), is_tcp_accept_opt(O)].
-
-get_tcp_connect_opts(Opts) ->
-    [O || O <- transform_opts(Opts), is_tcp_connect_opt(O)].
-
-get_tcp_listen_opts(Opts) ->
-    [O || O <- transform_opts(Opts), is_tcp_listen_opt(O)].
-
-get_ssl_opts(Opts) ->
-    [O || O <- transform_opts(Opts), is_ssl_opt(O)].
-
-get_active(Opts) ->
-    get_tagged_opt(active, Opts, true).
-
-get_backlog(Opts) ->
-    get_tagged_opt(backlog, Opts, ?DEF_BACKLOG).
-
-get_ip(Opts) ->
-    get_tagged_opt(ip, Opts, {0, 0, 0, 0}).
-
-get_port(Opts) ->
-    get_tagged_opt(port, Opts, 0).
-
-get_nodelay(Opts) ->
-    get_tagged_opt(nodelay, Opts, empty).
-
-%%
-%% add_default_*_opts(Opts) -> NOpts
-%%
-
-add_default_tcp_accept_opts(Opts) ->
-    add_default_opts(Opts, default_tcp_accept_opts()).
-
-add_default_tcp_connect_opts(Opts) ->
-    add_default_opts(Opts, default_tcp_connect_opts()).
-
-add_default_tcp_listen_opts(Opts) ->
-    add_default_opts(Opts, default_tcp_listen_opts()).
-
-add_default_ssl_opts(Opts) ->
-    add_default_opts(Opts, default_ssl_opts()).
-
-add_default_opts(Opts, DefOpts) ->
-    TOpts = transform_opts(Opts),
-    TOpts ++ [DP || {DTag, _DVal} = DP <- DefOpts,
-		    not lists:keymember(DTag, 1, TOpts)].
-
-default_tcp_accept_opts() ->
-    [O || O <- default_opts(), is_tcp_accept_opt(O)].
-
-default_tcp_connect_opts() ->
-    [O || O <- default_opts(), is_tcp_connect_opt(O)].
-
-default_tcp_listen_opts() ->
-    [O || O <- default_opts(), is_tcp_listen_opt(O)].
-
-default_ssl_opts() ->
-    [O || O <- default_opts(), is_ssl_opt(O)].
-
-default_opts() ->
-    [{mode, list}, {packet, 0}, {nodelay, false}, {active, true},
-     {backlog, ?DEF_BACKLOG}, {ip, {0, 0, 0, 0}},
-     {verify, 0}, {depth, 1}].
-
-
-%% Transform from old to new options, and also from old gen_tcp
-%% options to new ones. All returned options are tagged options.
-%%
-transform_opts(Opts) ->
-    lists:flatmap(fun transform_opt/1, Opts).
-
-transform_opt(binary) -> 	[{mode, binary}];
-transform_opt(list) -> 		[{mode, list}];
-transform_opt({packet, raw}) ->	[{packet, 0}];
-transform_opt(raw) -> 		[];
-transform_opt(Opt) -> 		[Opt].
-
-%% NOTE: The is_*_opt/1 functions must be applied on transformed options
-%% only.
-
-is_connect_opt(Opt) ->
-    is_tcp_connect_opt(Opt) or is_ssl_opt(Opt).
-
-is_listen_opt(Opt) ->
-    is_tcp_listen_opt(Opt) or is_ssl_opt(Opt).
-
-is_tcp_accept_opt(Opt) ->
-    is_tcp_gen_opt(Opt).
-
-is_tcp_connect_opt(Opt) ->
-    is_tcp_gen_opt(Opt) or is_tcp_connect_only_opt(Opt).
-
-is_tcp_listen_opt(Opt) ->
-    is_tcp_gen_opt(Opt) or is_tcp_listen_only_opt(Opt).
-
-%% General options supported by gen_tcp: All except `reuseaddr' and
-%% `deliver'.
-is_tcp_gen_opt({mode, list}) -> true;
-is_tcp_gen_opt({mode, binary}) -> true;
-is_tcp_gen_opt({header, Sz}) when is_integer(Sz), 0 =< Sz -> true; 
-is_tcp_gen_opt({packet, Sz}) when is_integer(Sz), 0 =< Sz, Sz =< 4-> true;
-is_tcp_gen_opt({packet, sunrm}) -> true;
-is_tcp_gen_opt({packet, asn1}) -> true;
-is_tcp_gen_opt({packet, cdr}) -> true;
-is_tcp_gen_opt({packet, fcgi}) -> true;
-is_tcp_gen_opt({packet, line}) -> true;
-is_tcp_gen_opt({packet, tpkt}) -> true;
-is_tcp_gen_opt({packet, http}) -> true;
-is_tcp_gen_opt({packet, httph}) -> true;
-is_tcp_gen_opt({nodelay, true}) -> true;
-is_tcp_gen_opt({nodelay, false}) -> true;
-is_tcp_gen_opt({active, true}) -> true;
-is_tcp_gen_opt({active, false}) -> true;
-is_tcp_gen_opt({active, once}) -> true;
-is_tcp_gen_opt({keepalive, true}) -> true;
-is_tcp_gen_opt({keepalive, false}) -> true;
-is_tcp_gen_opt({ip, Addr}) -> is_ip_address(Addr);
-is_tcp_gen_opt(_Opt) -> false.
-
-is_tcp_listen_only_opt({backlog, Size}) when is_integer(Size), 0 =< Size -> 
-    true;
-is_tcp_listen_only_opt({reuseaddr, Bool}) when is_boolean(Bool) ->
-    true;
-is_tcp_listen_only_opt(_Opt) -> false.
-
-is_tcp_connect_only_opt({port, Port}) when is_integer(Port), 0 =< Port -> true;
-is_tcp_connect_only_opt(_Opt) -> false.
-
-%% SSL options
-
-is_ssl_opt({verify, Code}) when 0 =< Code, Code =< 2 -> true;
-is_ssl_opt({depth, Depth}) when 0 =< Depth -> true;
-is_ssl_opt({certfile, String}) -> is_string(String);
-is_ssl_opt({keyfile, String}) -> is_string(String);
-is_ssl_opt({password, String}) -> is_string(String);
-is_ssl_opt({cacertfile, String}) -> is_string(String);
-is_ssl_opt({ciphers, String}) -> is_string(String);
-is_ssl_opt({cachetimeout, Timeout}) when Timeout >= 0 -> true;
-is_ssl_opt(_Opt) -> false.
-
-%% Various types
-is_string(String) when is_list(String) ->
-    lists:all(fun (C) when is_integer(C), 0 =< C, C =< 255 -> true; 
-		  (_C) -> false end, 
-	      String);
-is_string(_) ->
-    false.
-
-is_ip_address(Addr) when tuple_size(Addr) =:= 4 ->
-    is_string(tuple_to_list(Addr));
-is_ip_address(Addr) when is_list(Addr) ->
-    is_string(Addr);
-is_ip_address(_) ->
-    false.
-
-get_tagged_opt(Tag, Opts, Default) ->
-    case lists:keysearch(Tag, 1, Opts) of
-	{value, {_, Value}} ->
-	    Value;
-	_Other ->
-	    Default
-    end.
-
-%%
-%%  mk_ssl_optstr(Opts) -> string()
-%%
-%%  Makes a "command line" string of SSL options
-%%
-mk_ssl_optstr(Opts) ->
-    lists:flatten([mk_one_ssl_optstr(O) || O <- Opts]).
-
-mk_one_ssl_optstr({verify, Code}) ->
-    [" -verify ", integer_to_list(Code)];
-mk_one_ssl_optstr({depth, Depth}) ->
-    [" -depth ", integer_to_list(Depth)];
-mk_one_ssl_optstr({certfile, String}) -> 
-    [" -certfile ", String];
-mk_one_ssl_optstr({keyfile, String}) -> 
-    [" -keyfile ", String];
-mk_one_ssl_optstr({password, String}) -> 
-    [" -password ", String];
-mk_one_ssl_optstr({cacertfile, String}) ->
-    [" -cacertfile ", String];
-mk_one_ssl_optstr({ciphers, String}) -> 
-    [" -ciphers ", String];
-mk_one_ssl_optstr({cachetimeout, Timeout}) ->
-    [" -cachetimeout ", integer_to_list(Timeout)];
-mk_one_ssl_optstr(_) ->
-    "".
-
-extract_opts(OptTags, Opts) ->
-    [O || O = {Tag,_} <- Opts, lists:member(Tag, OptTags)].
-
-replace_opts(NOpts, Opts) ->
-    lists:foldl(fun({Key, Val}, Acc) -> 
-			lists:keyreplace(Key, 1, Acc, {Key, Val});
-		   %% XXX Check. Patch from Chandrashekhar Mullaparthi.
-		   (binary, Acc) ->
-			lists:keyreplace(mode, 1, Acc, {mode, binary})
-		end,
-		Opts, NOpts).
-
-%% Misc
-
-is_subset(A, B) ->
-    [] =:= A -- B.
diff --git a/lib/ssl/src/ssl_broker_int.hrl b/lib/ssl/src/ssl_broker_int.hrl
deleted file mode 100644
index b791485725..0000000000
--- a/lib/ssl/src/ssl_broker_int.hrl
+++ /dev/null
@@ -1,38 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2000-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-
-%%
-
-%% Purpose: record definitions shared between ssl_prim.erl and ssl_broker.erl
-
--record(st, {brokertype = nil,	% connector | listener | acceptor
-	     server = nil, 	% pid of ssl_server
-	     client = nil, 	% client pid
-	     collector = nil, 	% client pid, or collector during change of 
-	     			% controlling process
-	     fd = nil, 		% fd of "external" socket in port program
-	     active = true, 	% true | false | once
-	     opts = [], 	% options
-	     thissock = nil,    % this sslsocket
-	     proxysock = nil, 	% local proxy socket within Erlang
-	     proxyport = nil,   % local port for proxy within Erlang
-	     status = nil,	% open | closing | closed 
-	     encrypted = false, %
-	     debug = false	%
-	    }).
diff --git a/lib/ssl/src/ssl_broker_sup.erl b/lib/ssl/src/ssl_broker_sup.erl
deleted file mode 100644
index 6d56a5fcf6..0000000000
--- a/lib/ssl/src/ssl_broker_sup.erl
+++ /dev/null
@@ -1,46 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-
-%%
-
-%%% Purpose : Supervisor for brokers
-
--module(ssl_broker_sup).
-
--behaviour(supervisor).
-
--export([start_link/0]).
-
-%% supervisor callbacks
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ssl_broker_sup}, ssl_broker_sup,
-			  []).
-
-init([]) ->
-    {ok, {{simple_one_for_one, 10, 3600}, 
-	  [{ssl_broker,
-	    {ssl_broker, start_link, []},
-	    temporary,
-	    100,
-	    worker,
-	    [ssl_broker]}
-	  ]}}.
-
diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 422ea6404b..61876e1158 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -66,7 +66,7 @@ trusted_cert_and_path(CertChain, CertDbHandle, CertDbRef) ->
 		    {ok, IssuerId} ->
 			{other, IssuerId};
 		    {error, issuer_not_found} ->
-			case find_issuer(OtpCert, no_candidate, CertDbHandle) of
+			case find_issuer(OtpCert, CertDbHandle) of
 			    {ok, IssuerId} ->
 				{other, IssuerId};
 			    Other ->
@@ -193,7 +193,7 @@ certificate_chain(OtpCert, _Cert, CertDbHandle, CertsDbRef, Chain) ->
 	{_, true = SelfSigned} ->
 	    certificate_chain(CertDbHandle, CertsDbRef, Chain, ignore, ignore, SelfSigned);
 	{{error, issuer_not_found}, SelfSigned} ->
-	    case find_issuer(OtpCert, no_candidate, CertDbHandle) of
+	    case find_issuer(OtpCert, CertDbHandle) of
 		{ok, {SerialNr, Issuer}} ->
 		    certificate_chain(CertDbHandle, CertsDbRef, Chain,
 				      SerialNr, Issuer, SelfSigned);
@@ -227,17 +227,24 @@ certificate_chain(CertDbHandle, CertsDbRef, Chain, SerialNr, Issuer, _SelfSigned
 	    {ok, lists:reverse(Chain)}		      
     end.
 
-find_issuer(OtpCert, PrevCandidateKey, CertDbHandle) ->
-    case ssl_manager:issuer_candidate(PrevCandidateKey, CertDbHandle) of
- 	no_more_candidates ->
- 	    {error, issuer_not_found};
- 	{Key, {_Cert, ErlCertCandidate}} ->
-	    case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of
-		true ->
-		    public_key:pkix_issuer_id(ErlCertCandidate, self);
-		false ->
-		    find_issuer(OtpCert, Key, CertDbHandle)
-	    end
+find_issuer(OtpCert, CertDbHandle) ->
+    IsIssuerFun = fun({_Key, {_Der, #'OTPCertificate'{} = ErlCertCandidate}}, Acc) ->
+			  case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of
+			      true ->
+				  throw(public_key:pkix_issuer_id(ErlCertCandidate, self));
+			      false ->
+				  Acc
+			  end;
+		     (_, Acc) ->
+			  Acc
+		  end,
+
+    try ssl_certificate_db:foldl(IsIssuerFun, issuer_not_found, CertDbHandle) of
+	issuer_not_found ->
+	    {error, issuer_not_found}
+    catch 
+	{ok, _IssuerId} = Return ->
+	    Return
     end.
 
 is_valid_extkey_usage(KeyUse, client) ->
diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl
index 0560a02110..cb2473576a 100644
--- a/lib/ssl/src/ssl_certificate_db.erl
+++ b/lib/ssl/src/ssl_certificate_db.erl
@@ -26,7 +26,7 @@
 -include_lib("public_key/include/public_key.hrl").
 
 -export([create/0, remove/1, add_trusted_certs/3, 
-	 remove_trusted_certs/2, lookup_trusted_cert/4, issuer_candidate/2,
+	 remove_trusted_certs/2, lookup_trusted_cert/4, foldl/3, 
 	 lookup_cached_certs/2, cache_pem_file/4, uncache_pem_file/2, lookup/2]).
 
 -type time()      :: {non_neg_integer(), non_neg_integer(), non_neg_integer()}.
@@ -127,8 +127,6 @@ uncache_pem_file(File, [_CertsDb, _FileToRefDb, PidToFileDb]) ->
 			  exit(Pid, shutdown)
 		  end, Pids).
 
-
-
 %%--------------------------------------------------------------------
 -spec remove_trusted_certs(pid(), [db_handle()]) -> term().
 				  
@@ -161,37 +159,6 @@ remove_trusted_certs(Pid, [CertsDb, FileToRefDb, PidToFileDb]) ->
     end.
 
 %%--------------------------------------------------------------------
--spec issuer_candidate(no_candidate | cert_key() | {file, term()}, term()) ->
-			      {cert_key(),{der_cert(), #'OTPCertificate'{}}} | no_more_candidates.
-%%
-%% Description: If a certificat does not define its issuer through
-%%              the extension 'ce-authorityKeyIdentifier' we can
-%%              try to find the issuer in the database over known
-%%              certificates. 
-%%--------------------------------------------------------------------
-issuer_candidate(no_candidate, Db) ->
-    case ets:first(Db) of
- 	'$end_of_table' ->
- 	    no_more_candidates;
-	{file, _} = Key ->
-	    issuer_candidate(Key, Db);
- 	Key ->
-	    [Cert] = lookup(Key, Db),
- 	    {Key, Cert}
-    end;
-
-issuer_candidate(PrevCandidateKey, Db) ->
-    case ets:next(Db, PrevCandidateKey) of
- 	'$end_of_table' ->
- 	    no_more_candidates;
-	{file, _} = Key ->
-	    issuer_candidate(Key, Db);
- 	Key ->
-	    [Cert] = lookup(Key, Db),
- 	    {Key, Cert}
-    end.
-
-%%--------------------------------------------------------------------
 -spec lookup(term(), db_handle()) -> term() | undefined.
 %%
 %% Description: Looks up an element in a certificat <Db>.
@@ -206,7 +173,18 @@ lookup(Key, Db) ->
 		   end,
 	    [Pick(Data) || Data <- Contents]
     end.
-
+%%--------------------------------------------------------------------
+-spec foldl(fun(), term(), db_handle()) -> term().
+%%
+%% Description: Calls Fun(Elem, AccIn) on successive elements of the
+%% cache, starting with AccIn == Acc0. Fun/2 must return a new
+%% accumulator which is passed to the next call. The function returns
+%% the final value of the accumulator. Acc0 is returned if the certifate
+%% db is empty.
+%%--------------------------------------------------------------------
+foldl(Fun, Acc0, Cache) ->
+    ets:foldl(Fun, Acc0, Cache).
+  
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 72f02a4362..d43d312be8 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -154,18 +154,23 @@ decipher(?AES, HashSz, CipherState, Fragment, Version) ->
 
 block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0, 
 	       HashSz, Fragment, Version) ->
-    try Fun(Key, IV, Fragment) of
-	Text ->
-	    GBC = generic_block_cipher_from_bin(Text, HashSz),
-	    case is_correct_padding(GBC, Version) of
-		true ->
-		    Content = GBC#generic_block_cipher.content,
-		    Mac = GBC#generic_block_cipher.mac,
-		    CipherState1 = CipherState0#cipher_state{iv=next_iv(Fragment, IV)},
-		    {Content, Mac, CipherState1};
-		false ->
-		    ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC)
-	    end
+    try 
+	Text = Fun(Key, IV, Fragment),
+	GBC = generic_block_cipher_from_bin(Text, HashSz),
+	Content = GBC#generic_block_cipher.content,
+	Mac = GBC#generic_block_cipher.mac,
+	CipherState1 = CipherState0#cipher_state{iv=next_iv(Fragment, IV)},
+	case is_correct_padding(GBC, Version) of
+	    true ->
+		{Content, Mac, CipherState1};
+	    false ->
+		%% decryption failed or invalid padding,
+		%% intentionally break Content to make
+		%% sure a packet with invalid padding
+		%% but otherwise correct data will fail
+		%% the MAC test later
+		{<<16#F0, Content/binary>>, Mac, CipherState1}
+	end
     catch
 	_:_ ->
 	    %% This is a DECRYPTION_FAILED but
@@ -500,14 +505,38 @@ hash_size(md5) ->
 hash_size(sha) ->
     20.
 
+%% RFC 5246: 6.2.3.2.  CBC Block Cipher
+%%
+%%   Implementation note: Canvel et al. [CBCTIME] have demonstrated a
+%%   timing attack on CBC padding based on the time required to compute
+%%   the MAC.  In order to defend against this attack, implementations
+%%   MUST ensure that record processing time is essentially the same
+%%   whether or not the padding is correct.  In general, the best way to
+%%   do this is to compute the MAC even if the padding is incorrect, and
+%%   only then reject the packet.  For instance, if the pad appears to be
+%%   incorrect, the implementation might assume a zero-length pad and then
+%%   compute the MAC.  This leaves a small timing channel, since MAC
+%%   performance depends to some extent on the size of the data fragment,
+%%   but it is not believed to be large enough to be exploitable, due to
+%%   the large block size of existing MACs and the small size of the
+%%   timing signal.
+%%
+%% implementation note:
+%%   We return the original (possibly invalid) PadLength in any case.
+%%   An invalid PadLength will be caught by is_correct_padding/2
+%%
 generic_block_cipher_from_bin(T, HashSize) ->
     Sz1 = byte_size(T) - 1,
-    <<_:Sz1/binary, ?BYTE(PadLength)>> = T,
+    <<_:Sz1/binary, ?BYTE(PadLength0)>> = T,
+    PadLength = if
+		    PadLength0 >= Sz1 -> 0;
+		    true -> PadLength0
+		end,
     CompressedLength = byte_size(T) - PadLength - 1 - HashSize,
     <<Content:CompressedLength/binary, Mac:HashSize/binary,
-     Padding:PadLength/binary, ?BYTE(PadLength)>> = T,
+     Padding:PadLength/binary, ?BYTE(PadLength0)>> = T,
     #generic_block_cipher{content=Content, mac=Mac,
-			  padding=Padding, padding_length=PadLength}.
+			  padding=Padding, padding_length=PadLength0}.
 
 generic_stream_cipher_from_bin(T, HashSz) ->
     Sz = byte_size(T),
@@ -516,17 +545,18 @@ generic_stream_cipher_from_bin(T, HashSz) ->
     #generic_stream_cipher{content=Content,
 			   mac=Mac}.
 
-is_correct_padding(_, {3, 0}) ->
-    true; 
-%% For interoperability reasons we do not check the padding in TLS 1.0 as it
-%% is not strictly required and breaks interopability with for instance 
-%% Google. 
-is_correct_padding(_, {3, 1}) ->
-    true; 
+%% For interoperability reasons we do not check the padding content in
+%% SSL 3.0 and TLS 1.0 as it is not strictly required and breaks
+%% interopability with for instance Google. 
+is_correct_padding(#generic_block_cipher{padding_length = Len,
+										 padding = Padding}, {3, N})
+  when N == 0; N == 1 ->
+    Len == byte_size(Padding); 
 %% Padding must be check in TLS 1.1 and after  
-is_correct_padding(#generic_block_cipher{padding_length = Len, padding = Padding}, _) ->
-    list_to_binary(lists:duplicate(Len, Len))  == Padding.
-
+is_correct_padding(#generic_block_cipher{padding_length = Len,
+										 padding = Padding}, _) ->
+    Len == byte_size(Padding) andalso
+		list_to_binary(lists:duplicate(Len, Len)) == Padding.
 										      
 get_padding(Length, BlockSize) ->
     get_padding_aux(BlockSize, Length rem BlockSize).
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index cec81d551b..28dd0c85d0 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -34,7 +34,6 @@
 -include("ssl_record.hrl").
 -include("ssl_cipher.hrl"). 
 -include("ssl_internal.hrl").
--include("ssl_int.hrl").
 -include_lib("public_key/include/public_key.hrl"). 
 
 %% Internal application API
@@ -88,15 +87,17 @@
           bytes_to_read,       % integer(), # bytes to read in passive mode
           user_data_buffer,    % binary()
 	  log_alert,           % boolean() 
-	  renegotiation,        % {boolean(), From | internal | peer}
-	  recv_during_renegotiation,  %boolean() 
-	  send_queue,           % queue()
-	  terminated = false   %
+	  renegotiation,       % {boolean(), From | internal | peer}
+	  recv_from,           %
+	  send_queue,          % queue()
+	  terminated = false,  %
+	  allow_renegotiate = true
 	 }).
 
 -define(DEFAULT_DIFFIE_HELLMAN_PARAMS, 
-	#'DHParameter'{prime = ?DEFAULT_DIFFIE_HELLMAN_PRIME, 
+	#'DHParameter'{prime = ?DEFAULT_DIFFIE_HELLMAN_PRIME,
 		       base = ?DEFAULT_DIFFIE_HELLMAN_GENERATOR}).
+-define(WAIT_TO_ALLOW_RENEGOTIATION, 12000).
 
 -type state_name()           :: hello | abbreviated | certify | cipher | connection.
 -type gen_fsm_state_return() :: {next_state, state_name(), #state{}} |
@@ -292,10 +293,6 @@ start_link(Role, Host, Port, Socket, Options, User, CbInfo) ->
 %% gen_fsm callbacks
 %%====================================================================
 %%--------------------------------------------------------------------
--spec init(list()) -> {ok, state_name(), #state{}, timeout()} | {stop, term()}.
-%% Possible return values not used now.
-%%			  | {ok, state_name(), #state{}} |
-%%			  ignore  
 %% Description:Whenever a gen_fsm is started using gen_fsm:start/[3,4] or
 %% gen_fsm:start_link/3,4, this function is called by the new process to 
 %% initialize. 
@@ -304,12 +301,13 @@ init([Role, Host, Port, Socket, {SSLOpts0, _} = Options,
       User, CbInfo]) ->
     State0 = initial_state(Role, Host, Port, Socket, Options, User, CbInfo),
     Hashes0 = ssl_handshake:init_hashes(),    
-
+    TimeStamp = calendar:datetime_to_gregorian_seconds({date(), time()}),
     try ssl_init(SSLOpts0, Role) of
 	{ok, Ref, CertDbHandle, CacheHandle, OwnCert, Key, DHParams} ->
 	    Session = State0#state.session,
 	    State = State0#state{tls_handshake_hashes = Hashes0,
-				 session = Session#session{own_certificate = OwnCert},
+				 session = Session#session{own_certificate = OwnCert,
+							   time_stamp = TimeStamp},
 				 cert_db_ref = Ref,
 				 cert_db = CertDbHandle,
 				 session_cache = CacheHandle,
@@ -322,8 +320,6 @@ init([Role, Host, Port, Socket, {SSLOpts0, _} = Options,
     end.
    
 %%--------------------------------------------------------------------
-%% -spec state_name(event(), #state{}) -> gen_fsm_state_return()
-%%
 %% Description:There should be one instance of this function for each
 %% possible state name. Whenever a gen_fsm receives an event sent
 %% using gen_fsm:send_event/2, the instance of this function with the
@@ -352,19 +348,18 @@ hello(start, #state{host = Host, port = Port, role = client,
     State1 = State0#state{connection_states = CS2,
 			 negotiated_version = Version, %% Requested version
 			  session =
-			      Session0#session{session_id = Hello#client_hello.session_id,
-					       is_resumable = false},
+			      Session0#session{session_id = Hello#client_hello.session_id},
 			  tls_handshake_hashes = Hashes1},
     {Record, State} = next_record(State1),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(start, #state{role = server} = State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(#hello_request{}, #state{role = client} = State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(#server_hello{cipher_suite = CipherSuite,
 		    compression_method = Compression} = Hello,
@@ -427,7 +422,7 @@ hello(Msg, State) ->
 %%--------------------------------------------------------------------
 abbreviated(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(abbreviated, hello, Record, State);
 
 abbreviated(#finished{verify_data = Data} = Finished,
 	    #state{role = server,
@@ -480,7 +475,7 @@ abbreviated(Msg, State) ->
 %%--------------------------------------------------------------------
 certify(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(certify, hello, Record, State);
 
 certify(#certificate{asn1_certificates = []}, 
 	#state{role = server, negotiated_version = Version,
@@ -488,7 +483,7 @@ certify(#certificate{asn1_certificates = []},
 					  fail_if_no_peer_cert = true}} = 
 	State) ->
     Alert =  ?ALERT_REC(?FATAL,?HANDSHAKE_FAILURE),
-    handle_own_alert(Alert, Version, certify_certificate, State),
+    handle_own_alert(Alert, Version, certify, State),
     {stop, normal, State};
 
 certify(#certificate{asn1_certificates = []}, 
@@ -497,7 +492,7 @@ certify(#certificate{asn1_certificates = []},
 					  fail_if_no_peer_cert = false}} = 
 	State0) ->
     {Record, State} = next_record(State0#state{client_certificate_requested = false}),
-    next_state(certify, Record, State);
+    next_state(certify, certify, Record, State);
 
 certify(#certificate{} = Cert, 
         #state{negotiated_version = Version,
@@ -512,7 +507,7 @@ certify(#certificate{} = Cert,
 	    handle_peer_cert(PeerCert, PublicKeyInfo, 
 			     State#state{client_certificate_requested = false});
 	#alert{} = Alert ->
-            handle_own_alert(Alert, Version, certify_certificate, State),
+            handle_own_alert(Alert, Version, certify, State),
             {stop, normal, State}
     end;
 
@@ -523,10 +518,9 @@ certify(#server_key_exchange{} = KeyExchangeMsg,
     case handle_server_key(KeyExchangeMsg, State0) of
 	#state{} = State1 ->
 	    {Record, State} = next_record(State1),
-	    next_state(certify, Record, State);
+	    next_state(certify, certify, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify_server_keyexchange, 
-			     State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0}
     end;
 
@@ -536,7 +530,7 @@ certify(#server_key_exchange{} = Msg,
 
 certify(#certificate_request{}, State0) ->
     {Record, State} = next_record(State0#state{client_certificate_requested = true}),
-    next_state(certify, Record, State);
+    next_state(certify, certify, Record, State);
 
 %% Master secret was determined with help of server-key exchange msg
 certify(#server_hello_done{},
@@ -551,8 +545,7 @@ certify(#server_hello_done{},
 	    State = State0#state{connection_states = ConnectionStates1},
 	    client_certify_and_key_exchange(State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_server_hello_done, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -571,8 +564,7 @@ certify(#server_hello_done{},
 				  session = Session},
 	    client_certify_and_key_exchange(State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_server_hello_done, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -589,7 +581,7 @@ certify(#client_key_exchange{exchange_keys = Keys},
 	certify_client_key_exchange(ssl_handshake:decode_client_key(Keys, KeyAlg, Version), State)
     catch 
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify_client_key_exchange, State),
+	    handle_own_alert(Alert, Version, certify, State),
 	    {stop, normal, State}
     end;
 
@@ -612,10 +604,9 @@ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS
 	    State1 = State0#state{connection_states = ConnectionStates,
 				  session = Session},
 	    {Record, State} = next_record(State1),
-	    next_state(cipher, Record, State);
+	    next_state(certify, cipher, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version,
-			     certify_client_key_exchange, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -627,10 +618,9 @@ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPubl
     case dh_master_secret(crypto:mpint(P), crypto:mpint(G), ClientPublicDhKey, ServerDhPrivateKey, State0) of
 	#state{} = State1 ->
 	    {Record, State} = next_record(State1),
-	    next_state(cipher, Record, State);
+	    next_state(certify, cipher, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_client_key_exchange, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end.
 
@@ -640,7 +630,7 @@ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPubl
 %%--------------------------------------------------------------------
 cipher(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(cipher, hello, Record, State);
 
 cipher(#certificate_verify{signature = Signature}, 
        #state{role = server, 
@@ -653,7 +643,7 @@ cipher(#certificate_verify{signature = Signature},
 					  Version, MasterSecret, Hashes) of
 	valid ->
 	    {Record, State} = next_record(State0),
-	    next_state(cipher, Record, State);
+	    next_state(cipher, cipher, Record, State);
 	#alert{} = Alert ->
 	    handle_own_alert(Alert, Version, cipher, State0), 
 	    {stop, normal, State0}
@@ -706,20 +696,32 @@ connection(#hello_request{}, #state{host = Host, port = Port,
     {Record, State} = next_record(State0#state{connection_states =  
 					       ConnectionStates1,
 					       tls_handshake_hashes = Hashes1}),
-    next_state(hello, Record, State);
-connection(#client_hello{} = Hello, #state{role = server} = State) ->
-    hello(Hello, State);
-
+    next_state(connection, hello, Record, State);
+connection(#client_hello{} = Hello, #state{role = server, allow_renegotiate = true} = State) ->
+    %% Mitigate Computational DoS attack
+    %% http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
+    %% http://www.thc.org/thc-ssl-dos/ Rather than disabling client
+    %% initiated renegotiation we will disallow many client initiated
+    %% renegotiations immediately after each other.
+    erlang:send_after(?WAIT_TO_ALLOW_RENEGOTIATION, self(), allow_renegotiate),
+    hello(Hello, State#state{allow_renegotiate = false});
+
+connection(#client_hello{}, #state{role = server, allow_renegotiate = false,
+				   connection_states = ConnectionStates0,
+				   socket = Socket, transport_cb = Transport,
+				   negotiated_version = Version} = State0) ->
+    Alert = ?ALERT_REC(?WARNING, ?NO_RENEGOTIATION),
+    {BinMsg, ConnectionStates} =
+	encode_alert(Alert, Version, ConnectionStates0),
+    Transport:send(Socket, BinMsg),
+    next_state_connection(connection, State0#state{connection_states = ConnectionStates});
+  
 connection(timeout, State) ->
     {next_state, connection, State, hibernate};
 
 connection(Msg, State) ->
     handle_unexpected_message(Msg, connection, State).
 %%--------------------------------------------------------------------
--spec handle_event(term(), state_name(), #state{}) -> term().
-%% As it is not currently used gen_fsm_state_return() makes
-%% dialyzer unhappy!
-%%
 %% Description: Whenever a gen_fsm receives an event sent using
 %% gen_fsm:send_all_state_event/2, this function is called to handle
 %% the event. Not currently used!
@@ -728,47 +730,16 @@ handle_event(_Event, StateName, State) ->
     {next_state, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec handle_sync_event(term(), from(), state_name(), #state{}) -> 
-			       gen_fsm_state_return() |  
-			       {reply, reply(), state_name(), #state{}} |
-			       {reply, reply(), state_name(), #state{}, timeout()} |
-			       {stop, reason(), reply(), #state{}}.
-%%
 %% Description: Whenever a gen_fsm receives an event sent using
 %% gen_fsm:sync_send_all_state_event/2,3, this function is called to handle
 %% the event.
 %%--------------------------------------------------------------------
-handle_sync_event({application_data, Data0}, From, connection, 
-		  #state{socket = Socket,
-			 negotiated_version = Version,
-			 transport_cb = Transport,
-			 connection_states = ConnectionStates0,
-			 send_queue = SendQueue,
-			 socket_options = SockOpts,
-			 ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}} 
-		  = State) ->
+handle_sync_event({application_data, Data}, From, connection, State) ->
     %% We should look into having a worker process to do this to 
     %% parallize send and receive decoding and not block the receiver
     %% if sending is overloading the socket.
     try
-	Data = encode_packet(Data0, SockOpts),
-	case encode_data(Data, Version, ConnectionStates0, RenegotiateAt) of
-	    {Msgs, [], ConnectionStates} ->
-		Result = Transport:send(Socket, Msgs),
-		{reply, Result,
-		 connection, State#state{connection_states = ConnectionStates},
-                 get_timeout(State)};
-	    {Msgs, RestData, ConnectionStates} ->
-		if 
-		    Msgs =/= [] ->
-			Transport:send(Socket, Msgs);
-		    true ->
-			ok
-		end,
-		renegotiate(State#state{connection_states = ConnectionStates,
-					send_queue = queue:in_r({From, RestData}, SendQueue),
-					renegotiation = {true, internal}})
-	end
+	write_application_data(Data, From, State)
     catch throw:Error ->
 	    {reply, Error, connection, State, get_timeout(State)}
     end;
@@ -825,14 +796,12 @@ handle_sync_event({shutdown, How0}, _, StateName,
     end;
     
 handle_sync_event({recv, N}, From, connection = StateName, State0) ->
-    passive_receive(State0#state{bytes_to_read = N, from = From}, StateName);
+    passive_receive(State0#state{bytes_to_read = N, recv_from = From}, StateName);
 
 %% Doing renegotiate wait with handling request until renegotiate is
-%% finished. Will be handled by next_state_connection/2.
+%% finished. Will be handled by next_state_is_connection/2.
 handle_sync_event({recv, N}, From, StateName, State) ->
-    {next_state, StateName,
-     State#state{bytes_to_read = N, from = From,
-                 recv_during_renegotiation = true},
+    {next_state, StateName, State#state{bytes_to_read = N, recv_from = From},
      get_timeout(State)};
 
 handle_sync_event({new_user, User}, _From, StateName, 
@@ -870,7 +839,7 @@ handle_sync_event({set_opts, Opts0}, _From, StateName,
 	Buffer =:= <<>>, Opts1#socket_options.active =:= false ->
             %% Need data, set active once
 	    {Record, State2} = next_record_if_active(State1),
-	    case next_state(StateName, Record, State2) of
+	    case next_state(StateName, StateName, Record, State2) of
 		{next_state, StateName, State, Timeout} ->
 		    {reply, Reply, StateName, State, Timeout};
 		{stop, Reason, State} ->
@@ -880,11 +849,11 @@ handle_sync_event({set_opts, Opts0}, _From, StateName,
             %% Active once already set 
 	    {reply, Reply, StateName, State1, get_timeout(State1)};
 	true ->
-	    case application_data(<<>>, State1) of
+	    case read_application_data(<<>>, State1) of
 		Stop = {stop,_,_} ->
 		    Stop;
 		{Record, State2} ->
-		    case next_state(StateName, Record, State2) of
+		    case next_state(StateName, StateName, Record, State2) of
 			{next_state, StateName, State, Timeout} ->
 			    {reply, Reply, StateName, State, Timeout};
 			{stop, Reason, State} ->
@@ -920,11 +889,6 @@ handle_sync_event(peer_certificate, _, StateName,
     {reply, {ok, Cert}, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec handle_info(msg(),state_name(), #state{}) -> 
-			 {next_state, state_name(), #state{}}|
-			 {next_state, state_name(), #state{}, timeout()} |
-			 {stop, reason(), #state{}}.
-%%
 %% Description: This function is called by a gen_fsm when it receives any
 %% other message than a synchronous or asynchronous event
 %% (or a system message).
@@ -932,22 +896,18 @@ handle_sync_event(peer_certificate, _, StateName,
 
 %% raw data from TCP, unpack records
 handle_info({Protocol, _, Data}, StateName,
-            #state{data_tag = Protocol,
-		   negotiated_version = Version} = State0) ->
+            #state{data_tag = Protocol} = State0) ->
     case next_tls_record(Data, State0) of
 	{Record, State} ->
-	    next_state(StateName, Record, State);
+	    next_state(StateName, StateName, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, StateName, State0), 
+	    handle_normal_shutdown(Alert, StateName, State0), 
 	    {stop, normal, State0}
     end;
 
-handle_info({CloseTag, Socket}, _StateName,
+handle_info({CloseTag, Socket}, StateName,
             #state{socket = Socket, close_tag = CloseTag,
-		   negotiated_version = Version,
-		   socket_options = Opts,
-		   user_application = {_Mon,Pid}, from = From, 
-		   role = Role} = State) ->
+		   negotiated_version = Version} = State) ->
     %% Note that as of TLS 1.1,
     %% failure to properly close a connection no longer requires that a
     %% session not be resumed.  This is a change from TLS 1.0 to conform
@@ -962,8 +922,7 @@ handle_info({CloseTag, Socket}, _StateName,
 	    %%invalidate_session(Role, Host, Port, Session)
 	    ok
     end,
-    alert_user(Opts#socket_options.active, Pid, From,
-	       ?ALERT_REC(?WARNING, ?CLOSE_NOTIFY), Role),
+    handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
     {stop, normal, State};
 
 handle_info({ErrorTag, Socket, econnaborted}, StateName,  
@@ -972,26 +931,26 @@ handle_info({ErrorTag, Socket, econnaborted}, StateName,
     alert_user(User, ?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE), Role),
     {stop, normal, State};
 
-handle_info({ErrorTag, Socket, Reason}, _,  
-	    #state{socket = Socket, from = User, 
-		   role = Role, error_tag = ErrorTag} = State)  ->
+handle_info({ErrorTag, Socket, Reason}, StateName, #state{socket = Socket,
+							  error_tag = ErrorTag} = State)  ->
     Report = io_lib:format("SSL: Socket error: ~p ~n", [Reason]),
     error_logger:info_report(Report),
-    alert_user(User,  ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role),
+    handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
     {stop, normal, State};
 
 handle_info({'DOWN', MonitorRef, _, _, _}, _, 
 	    State = #state{user_application={MonitorRef,_Pid}}) ->
     {stop, normal, State};   
 
+handle_info(allow_renegotiate, StateName, State) ->
+    {next_state, StateName, State#state{allow_renegotiate = true}, get_timeout(State)};
+    
 handle_info(Msg, StateName, State) ->
     Report = io_lib:format("SSL: Got unexpected info: ~p ~n", [Msg]),
     error_logger:info_report(Report),
     {next_state, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec terminate(reason(), state_name(), #state{}) -> term().
-%%
 %% Description:This function is called by a gen_fsm when it is about
 %% to terminate. It should be the opposite of Module:init/1 and do any
 %% necessary cleaning up. When it returns, the gen_fsm terminates with
@@ -1022,8 +981,6 @@ terminate(Reason, _StateName, #state{transport_cb = Transport,
     Transport:close(Socket).
 
 %%--------------------------------------------------------------------
--spec code_change(term(), state_name(), #state{}, list()) -> {ok, state_name(), #state{}}.
-%%			 
 %% code_change(OldVsn, StateName, State, Extra) -> {ok, StateName, NewState}
 %% Description: Convert process state when code is changed
 %%--------------------------------------------------------------------
@@ -1033,7 +990,8 @@ code_change(_OldVsn, StateName, State, _Extra) ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
-start_fsm(Role, Host, Port, Socket, Opts,  User, {CbModule, _,_, _} = CbInfo, 
+start_fsm(Role, Host, Port, Socket, {#ssl_options{erl_dist = false},_} = Opts,
+	  User, {CbModule, _,_, _} = CbInfo, 
 	  Timeout) -> 
     try 
 	{ok, Pid} = ssl_connection_sup:start_child([Role, Host, Port, Socket, 
@@ -1044,9 +1002,26 @@ start_fsm(Role, Host, Port, Socket, Opts,  User, {CbModule, _,_, _} = CbInfo,
     catch
 	error:{badmatch, {error, _} = Error} ->
 	    Error
+    end;
+
+start_fsm(Role, Host, Port, Socket, {#ssl_options{erl_dist = true},_} = Opts,
+	  User, {CbModule, _,_, _} = CbInfo, 
+	  Timeout) -> 
+    try 
+	{ok, Pid} = ssl_connection_sup:start_child_dist([Role, Host, Port, Socket, 
+							 Opts, User, CbInfo]), 
+	{ok, SslSocket} = socket_control(Socket, Pid, CbModule),
+	ok = handshake(SslSocket, Timeout),
+	{ok, SslSocket} 
+    catch
+	error:{badmatch, {error, _} = Error} ->
+	    Error
     end.
 
 ssl_init(SslOpts, Role) ->
+    
+    init_manager_name(SslOpts#ssl_options.erl_dist),
+
     {ok, CertDbRef, CertDbHandle, CacheHandle, OwnCert} = init_certificates(SslOpts, Role),
     PrivateKey =
 	init_private_key(CertDbHandle, SslOpts#ssl_options.key, SslOpts#ssl_options.keyfile,
@@ -1054,6 +1029,10 @@ ssl_init(SslOpts, Role) ->
     DHParams = init_diffie_hellman(CertDbHandle, SslOpts#ssl_options.dh, SslOpts#ssl_options.dhfile, Role),
     {ok, CertDbRef, CertDbHandle, CacheHandle, OwnCert, PrivateKey, DHParams}.
 
+init_manager_name(false) ->
+    put(ssl_manager, ssl_manager);
+init_manager_name(true) ->
+    put(ssl_manager, ssl_manager_dist).
 
 init_certificates(#ssl_options{cacerts = CaCerts,
 			       cacertfile = CACertFile,
@@ -1105,18 +1084,38 @@ init_private_key(DbHandle, undefined, KeyFile, Password, _) ->
 	{ok, List} = ssl_manager:cache_pem_file(KeyFile, DbHandle),
 	[PemEntry] = [PemEntry || PemEntry = {PKey, _ , _} <- List,
 				  PKey =:= 'RSAPrivateKey' orelse
-				      PKey =:= 'DSAPrivateKey'],
-	public_key:pem_entry_decode(PemEntry, Password)
+				      PKey =:= 'DSAPrivateKey' orelse
+				      PKey =:= 'PrivateKeyInfo'
+		     ],
+	private_key(public_key:pem_entry_decode(PemEntry, Password))
     catch 
 	Error:Reason ->
 	    handle_file_error(?LINE, Error, Reason, KeyFile, ekeyfile,
 			      erlang:get_stacktrace()) 
     end;
 
+%% First two clauses are for backwards compatibility
 init_private_key(_,{rsa, PrivateKey}, _, _,_) ->
-    public_key:der_decode('RSAPrivateKey', PrivateKey);
+    init_private_key('RSAPrivateKey', PrivateKey);
 init_private_key(_,{dsa, PrivateKey},_,_,_) ->
-    public_key:der_decode('DSAPrivateKey', PrivateKey).
+    init_private_key('DSAPrivateKey', PrivateKey);
+init_private_key(_,{Asn1Type, PrivateKey},_,_,_) ->
+    private_key(init_private_key(Asn1Type, PrivateKey)).
+
+init_private_key(Asn1Type, PrivateKey) ->
+    public_key:der_decode(Asn1Type, PrivateKey).
+
+private_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'rsaEncryption'},
+			     privateKey = Key}) ->
+    public_key:der_decode('RSAPrivateKey', iolist_to_binary(Key));
+
+private_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa'},
+			     privateKey = Key}) ->
+    public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key));
+private_key(Key) ->
+    Key.
 
 -spec(handle_file_error(_,_,_,_,_,_) -> no_return()).
 handle_file_error(Line, Error, {badmatch, Reason}, File, Throw, Stack) ->
@@ -1177,7 +1176,7 @@ handle_peer_cert(PeerCert, PublicKeyInfo,
 			 Session#session{peer_certificate = PeerCert},
 			 public_key_info = PublicKeyInfo},
     {Record, State} = next_record(State1),
-    next_state(certify, Record, State).
+    next_state(certify, certify, Record, State).
 
 certify_client(#state{client_certificate_requested = true, role = client,
                       connection_states = ConnectionStates0,
@@ -1219,8 +1218,7 @@ verify_client_cert(#state{client_certificate_requested = true, role = client,
 	ignore ->
 	    State;
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify, State)
-	    
+	    throw(Alert)	    
     end;
 verify_client_cert(#state{client_certificate_requested = false} = State) ->
     State.
@@ -1252,7 +1250,7 @@ do_server_hello(Type, #state{negotiated_version = Version,
 					  ConnectionStates,
 					  tls_handshake_hashes = Hashes},
 		    {Record, State} = next_record(State3),
-		    next_state(abbreviated, Record, State);
+		    next_state(hello, abbreviated, Record, State);
 		#alert{} = Alert ->
 		    handle_own_alert(Alert, Version, hello, State1), 
 		    {stop, normal, State1}
@@ -1272,7 +1270,7 @@ new_server_hello(#server_hello{cipher_suite = CipherSuite,
 				 cipher_suite = CipherSuite,
 				 compression_method = Compression},
 	    {Record, State} = next_record(State2#state{session = Session}),
-	    next_state(certify, Record, State)
+	    next_state(hello, certify, Record, State)
     catch        
         #alert{} = Alert ->  
 	    handle_own_alert(Alert, Version, hello, State0),
@@ -1284,7 +1282,7 @@ handle_new_session(NewId, CipherSuite, Compression, #state{session = Session0} =
 			       cipher_suite = CipherSuite,
 			       compression_method = Compression}, 
     {Record, State} = next_record(State0#state{session = Session}),
-    next_state(certify, Record, State).
+    next_state(hello, certify, Record, State).
 
 handle_resumed_session(SessId, #state{connection_states = ConnectionStates0,
 				      negotiated_version = Version,
@@ -1299,7 +1297,7 @@ handle_resumed_session(SessId, #state{connection_states = ConnectionStates0,
 		next_record(State0#state{
 			      connection_states = ConnectionStates1,
 			      session = Session}),
-	    next_state(abbreviated, Record, State);
+	    next_state(hello, abbreviated, Record, State);
 	#alert{} = Alert ->
 	    handle_own_alert(Alert, Version, hello, State0), 
 	    {stop, normal, State0}
@@ -1316,10 +1314,10 @@ client_certify_and_key_exchange(#state{negotiated_version = Version} =
 				 client_certificate_requested = false,
 				 tls_handshake_hashes = Hashes},
 	    {Record, State} = next_record(State2),
-	    next_state(cipher, Record, State)
+	    next_state(certify, cipher, Record, State)
     catch        
-        #alert{} = Alert ->  
-	    handle_own_alert(Alert, Version, client_certify_and_key_exchange, State0),
+        throw:#alert{} = Alert ->  
+	    handle_own_alert(Alert, Version, certify, State0),
             {stop, normal, State0}
     end.
 
@@ -1630,15 +1628,12 @@ encode_packet(Data, #socket_options{packet=Packet}) ->
     end.
 
 encode_size_packet(Bin, Size, Max) ->
-    Len = byte_size(Bin),
+    Len = erlang:byte_size(Bin),
     case Len > Max of
 	true  -> throw({error, {badarg, {packet_to_large, Len, Max}}});
 	false -> <<Len:Size, Bin/binary>>
     end.
 
-encode_data(Data, Version, ConnectionStates, RenegotiateAt) ->
-    ssl_record:encode_data(Data, Version, ConnectionStates, RenegotiateAt).
-
 decode_alerts(Bin) ->
     decode_alerts(Bin, []).
 
@@ -1652,20 +1647,20 @@ passive_receive(State0 = #state{user_data_buffer = Buffer}, StateName) ->
     case Buffer of
 	<<>> ->
 	    {Record, State} = next_record(State0),
-	    next_state(StateName, Record, State);
+	    next_state(StateName, StateName, Record, State);
 	_ ->
-	    case application_data(<<>>, State0) of
+	    case read_application_data(<<>>, State0) of
 		Stop = {stop, _, _} ->
 		    Stop;
 		{Record, State} ->
-		    next_state(StateName, Record, State)
+		    next_state(StateName, StateName, Record, State)
 	    end
     end.
 
-application_data(Data, #state{user_application = {_Mon, Pid},
+read_application_data(Data, #state{user_application = {_Mon, Pid},
                               socket_options = SOpts,
                               bytes_to_read = BytesToRead,
-                              from = From,
+                              recv_from = From,
                               user_data_buffer = Buffer0} = State0) ->
     Buffer1 = if 
 		  Buffer0 =:= <<>> -> Data;
@@ -1676,7 +1671,7 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 	{ok, ClientData, Buffer} -> % Send data
 	    SocketOpt = deliver_app_data(SOpts, ClientData, Pid, From),
 	    State = State0#state{user_data_buffer = Buffer,
-				 from = undefined,
+				 recv_from = undefined,
 				 bytes_to_read = 0,
 				 socket_options = SocketOpt 
 				},
@@ -1686,7 +1681,7 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 		    %% Active and empty, get more data
 		    next_record_if_active(State);
 	 	true -> %% We have more data
- 		    application_data(<<>>, State)
+ 		    read_application_data(<<>>, State)
 	    end;
 	{more, Buffer} -> % no reply, we need more data
 	    next_record(State0#state{user_data_buffer = Buffer});
@@ -1695,6 +1690,39 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 	    {stop, normal, State0}
     end.
 
+write_application_data(Data0, From, #state{socket = Socket,
+					   negotiated_version = Version,
+					   transport_cb = Transport,
+					   connection_states = ConnectionStates0,
+					   send_queue = SendQueue,
+					   socket_options = SockOpts,
+					   ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}} = State) ->
+    Data = encode_packet(Data0, SockOpts),
+    
+    case time_to_renegotiate(Data, ConnectionStates0, RenegotiateAt) of
+	true ->
+	    renegotiate(State#state{send_queue = queue:in_r({From, Data}, SendQueue),
+				    renegotiation = {true, internal}});
+	false ->
+	    {Msgs, ConnectionStates} = ssl_record:encode_data(Data, Version, ConnectionStates0),
+	    Result = Transport:send(Socket, Msgs),
+	    {reply, Result,
+	     connection, State#state{connection_states = ConnectionStates}, get_timeout(State)}
+    end.
+
+time_to_renegotiate(_Data, #connection_states{current_write = 
+						    #connection_state{sequence_number = Num}}, RenegotiateAt) ->
+    
+    %% We could do test:
+    %% is_time_to_renegotiate((erlang:byte_size(_Data) div ?MAX_PLAIN_TEXT_LENGTH) + 1, RenegotiateAt),
+    %% but we chose to have a some what lower renegotiateAt and a much cheaper test 
+    is_time_to_renegotiate(Num, RenegotiateAt).
+
+is_time_to_renegotiate(N, M) when N < M->
+    false;
+is_time_to_renegotiate(_,_) ->
+    true.
+
 %% Picks ClientData 
 get_data(_, _, <<>>) ->
     {more, <<>>};
@@ -1796,6 +1824,10 @@ header(N, Binary) ->
 
 send_or_reply(false, _Pid, From, Data) when From =/= undefined ->
     gen_fsm:reply(From, Data);
+%% Can happen when handling own alert or tcp error/close and there is
+%% no outstanding gen_fsm sync events
+send_or_reply(false, no_pid, _, _) ->
+    ok;
 send_or_reply(_, Pid, _From, Data) ->
     send_user(Pid, Data).
 
@@ -1820,18 +1852,18 @@ handle_tls_handshake(Handle, StateName, #state{tls_packets = [Packet | Packets]}
 	    Stop
     end.
 
-next_state(_, #alert{} = Alert, #state{negotiated_version = Version} = State) ->
-    handle_own_alert(Alert, Version, decipher_error, State),
+next_state(Current,_, #alert{} = Alert, #state{negotiated_version = Version} = State) ->
+    handle_own_alert(Alert, Version, Current, State),
     {stop, normal, State};
 
-next_state(Next, no_record, State) ->
+next_state(_,Next, no_record, State) ->
     {next_state, Next, State, get_timeout(State)};
 
-next_state(Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, State) ->
+next_state(_,Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, State) ->
     Alerts = decode_alerts(EncAlerts),
     handle_alerts(Alerts,  {next_state, Next, State, get_timeout(State)});
 
-next_state(StateName, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
+next_state(Current, Next, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
 	   State0 = #state{tls_handshake_buffer = Buf0, negotiated_version = Version}) ->
     Handle = 
    	fun({#hello_request{} = Packet, _}, {next_state, connection = SName, State}) ->
@@ -1857,30 +1889,30 @@ next_state(StateName, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
     try
 	{Packets, Buf} = ssl_handshake:get_tls_handshake(Data,Buf0),
 	State = State0#state{tls_packets = Packets, tls_handshake_buffer = Buf},
-	handle_tls_handshake(Handle, StateName, State)
+	handle_tls_handshake(Handle, Next, State)
     catch throw:#alert{} = Alert ->
-   	    handle_own_alert(Alert, Version, StateName, State0), 
+   	    handle_own_alert(Alert, Version, Current, State0), 
    	    {stop, normal, State0}
     end;
 
-next_state(StateName, #ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, State0) ->
-    case application_data(Data, State0) of
+next_state(_, StateName, #ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, State0) ->
+    case read_application_data(Data, State0) of
 	Stop = {stop,_,_} ->
    	    Stop;
 	{Record, State} ->
-   	    next_state(StateName, Record, State)
+   	    next_state(StateName, StateName, Record, State)
     end;
-next_state(StateName, #ssl_tls{type = ?CHANGE_CIPHER_SPEC, fragment = <<1>>} = 
+next_state(Current, Next, #ssl_tls{type = ?CHANGE_CIPHER_SPEC, fragment = <<1>>} = 
  	   _ChangeCipher, 
  	   #state{connection_states = ConnectionStates0} = State0) ->
     ConnectionStates1 =
  	ssl_record:activate_pending_connection_state(ConnectionStates0, read),
     {Record, State} = next_record(State0#state{connection_states = ConnectionStates1}),
-    next_state(StateName, Record, State);
-next_state(StateName, #ssl_tls{type = _Unknown}, State0) ->
+    next_state(Current, Next, Record, State);
+next_state(Current, Next, #ssl_tls{type = _Unknown}, State0) ->
     %% Ignore unknown type 
     {Record, State} = next_record(State0),
-    next_state(StateName, Record, State).
+    next_state(Current, Next, Record, State).
 
 next_tls_record(Data, #state{tls_record_buffer = Buf0,
 		       tls_cipher_texts = CT0} = State0) ->
@@ -1919,63 +1951,49 @@ next_state_connection(StateName, #state{send_queue = Queue0,
 					negotiated_version = Version,
 					socket = Socket,
 					transport_cb = Transport,
-					connection_states = ConnectionStates0,
-					ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}
+					connection_states = ConnectionStates0
 				       } = State) ->     
-    %% Send queued up data
+    %% Send queued up data that was queued while renegotiating
     case queue:out(Queue0) of
 	{{value, {From, Data}}, Queue} ->
-	    case encode_data(Data, Version, ConnectionStates0, RenegotiateAt) of
-		{Msgs, [], ConnectionStates} ->
-		    Result = Transport:send(Socket, Msgs),
-		    gen_fsm:reply(From, Result),
-		    next_state_connection(StateName,
-					  State#state{connection_states = ConnectionStates,
-						      send_queue = Queue});
-		%% This is unlikely to happen. User configuration of the 
-		%% undocumented test option renegotiation_at can make it more likely.
-		{Msgs, RestData, ConnectionStates} ->
-		    if 
-			Msgs =/= [] -> 
-			    Transport:send(Socket, Msgs);
-			true ->
-			    ok
-		    end,
-		    renegotiate(State#state{connection_states = ConnectionStates,
-					    send_queue = queue:in_r({From, RestData}, Queue),
-					    renegotiation = {true, internal}})
-	    end;
+	    {Msgs, ConnectionStates} = 
+		ssl_record:encode_data(Data, Version, ConnectionStates0),
+	    Result = Transport:send(Socket, Msgs),
+	    gen_fsm:reply(From, Result),
+	    next_state_connection(StateName,
+				  State#state{connection_states = ConnectionStates,
+						      send_queue = Queue});		
 	{empty, Queue0} ->
-	    next_state_is_connection(State)
+	    next_state_is_connection(StateName, State)
     end.
 
 %% In next_state_is_connection/1: clear tls_handshake_hashes,
 %% premaster_secret and public_key_info (only needed during handshake)
 %% to reduce memory foot print of a connection.
-next_state_is_connection(State = 
-		      #state{recv_during_renegotiation = true, socket_options = 
-			     #socket_options{active = false}})  -> 
-    passive_receive(State#state{recv_during_renegotiation = false,
-				premaster_secret = undefined,
+next_state_is_connection(_, State = 
+		      #state{recv_from = From,
+			     socket_options =
+			     #socket_options{active = false}}) when From =/= undefined ->
+    passive_receive(State#state{premaster_secret = undefined,
 				public_key_info = undefined,
 				tls_handshake_hashes = {<<>>, <<>>}}, connection);
 
-next_state_is_connection(State0) ->
+next_state_is_connection(StateName, State0) ->
     {Record, State} = next_record_if_active(State0),
-    next_state(connection, Record, State#state{premaster_secret = undefined,
+    next_state(StateName, connection, Record, State#state{premaster_secret = undefined,
 					       public_key_info = undefined,
 					       tls_handshake_hashes = {<<>>, <<>>}}).
 
-register_session(_, _, _, #session{is_resumable = true} = Session) ->
-    Session; %% Already registered
-register_session(client, Host, Port, Session0) ->
+register_session(client, Host, Port, #session{is_resumable = new} = Session0) ->
     Session = Session0#session{is_resumable = true},
     ssl_manager:register_session(Host, Port, Session),
     Session;
-register_session(server, _, Port, Session0) ->
+register_session(server, _, Port, #session{is_resumable = new} = Session0) ->
     Session = Session0#session{is_resumable = true},
     ssl_manager:register_session(Port, Session),
-    Session.
+    Session;
+register_session(_, _, _, Session) ->
+    Session. %% Already registered
 
 invalidate_session(client, Host, Port, Session) ->
     ssl_manager:invalidate_session(Host, Port, Session);
@@ -1999,7 +2017,7 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
 	   %% We do not want to save the password in the state so that
 	   %% could be written in the clear into error logs.
 	   ssl_options = SSLOptions#ssl_options{password = undefined},	   
-	   session = #session{is_resumable = false},
+	   session = #session{is_resumable = new},
 	   transport_cb = CbModule,
 	   data_tag = DataTag,
 	   close_tag = CloseTag,
@@ -2018,7 +2036,7 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
 	   log_alert = true,
 	   session_cache_cb = SessionCacheCb,
 	   renegotiation = {false, first},
-	   recv_during_renegotiation = false,
+	   recv_from = undefined,
 	   send_queue = queue:new()
 	  }.
 
@@ -2131,16 +2149,14 @@ handle_alert(#alert{level = ?FATAL} = Alert, StateName,
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert, 
-	     StateName, #state{from = From, role = Role,  
-			       user_application = {_Mon, Pid}, socket_options = Opts} = State) -> 
-    alert_user(StateName, Opts, Pid, From, Alert, Role),
+	     StateName, State) -> 
+    handle_normal_shutdown(Alert, StateName, State),
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
-	     #state{log_alert = Log, renegotiation = {true, internal}, from = From,
-		    role = Role} = State) ->
+	     #state{log_alert = Log, renegotiation = {true, internal}} = State) ->
     log_alert(Log, StateName, Alert),
-    alert_user(From, Alert, Role),
+    handle_normal_shutdown(Alert, StateName, State),
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
@@ -2148,13 +2164,13 @@ handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert,
     log_alert(Log, StateName, Alert),
     gen_fsm:reply(From, {error, renegotiation_rejected}),
     {Record, State} = next_record(State0),
-    next_state(connection, Record, State);
+    next_state(StateName, connection, Record, State);
 
 handle_alert(#alert{level = ?WARNING, description = ?USER_CANCELED} = Alert, StateName, 
 	     #state{log_alert = Log} = State0) ->
     log_alert(Log, StateName, Alert),
     {Record, State} = next_record(State0),
-    next_state(StateName, Record, State).
+    next_state(StateName, StateName, Record, State).
 
 alert_user(connection, Opts, Pid, From, Alert, Role) ->
     alert_user(Opts#socket_options.active, Pid, From, Alert, Role);
@@ -2186,13 +2202,11 @@ log_alert(true, Info, Alert) ->
 log_alert(false, _, _) ->
     ok.
 
-handle_own_alert(Alert, Version, Info, 
+handle_own_alert(Alert, Version, StateName, 
 		 #state{transport_cb = Transport,
 			socket = Socket,
-			from = User,
-			role = Role,
 			connection_states = ConnectionStates,
-			log_alert = Log}) ->
+			log_alert = Log} = State) ->
     try %% Try to tell the other side
 	{BinMsg, _} =
 	encode_alert(Alert, Version, ConnectionStates),
@@ -2202,12 +2216,20 @@ handle_own_alert(Alert, Version, Info,
 	    ignore
     end,
     try %% Try to tell the local user
-	log_alert(Log, Info, Alert),
-	alert_user(User, Alert, Role)
+	log_alert(Log, StateName, Alert),
+	handle_normal_shutdown(Alert,StateName, State)
     catch _:_ ->
 	    ok
     end.
 
+handle_normal_shutdown(Alert, _, #state{from = User, role = Role, renegotiation = {false, first}}) ->
+    alert_user(User, Alert, Role);
+
+handle_normal_shutdown(Alert, StateName, #state{socket_options = Opts,
+						user_application = {_Mon, Pid},
+						from = User, role = Role}) ->
+    alert_user(StateName, Opts, Pid, User, Alert, Role).
+
 handle_unexpected_message(Msg, Info, #state{negotiated_version = Version} = State) ->
     Alert =  ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE),
     handle_own_alert(Alert, Version, {Info, Msg}, State),
@@ -2220,7 +2242,7 @@ make_premaster_secret(_, _) ->
     undefined.
 
 mpint_binary(Binary)  ->
-    Size = byte_size(Binary),
+    Size = erlang:byte_size(Binary),
     <<?UINT32(Size), Binary/binary>>.
 
 
@@ -2257,7 +2279,7 @@ renegotiate(#state{role = server,
     {Record, State} = next_record(State0#state{connection_states = 
 					       ConnectionStates,
 					       tls_handshake_hashes = Hs0}),
-    next_state(hello, Record, State).
+    next_state(connection, hello, Record, State#state{allow_renegotiate = true}).
 
 notify_senders(SendQueue) -> 
     lists:foreach(fun({From, _}) ->
diff --git a/lib/ssl/src/ssl_connection_sup.erl b/lib/ssl/src/ssl_connection_sup.erl
index e9328d5f7c..78cfda5e63 100644
--- a/lib/ssl/src/ssl_connection_sup.erl
+++ b/lib/ssl/src/ssl_connection_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,8 +26,8 @@
 -behaviour(supervisor).
 
 %% API
--export([start_link/0]).
--export([start_child/1]).
+-export([start_link/0, start_link_dist/0]).
+-export([start_child/1, start_child_dist/1]).
 
 %% Supervisor callback
 -export([init/1]).
@@ -38,9 +38,15 @@
 start_link() ->
     supervisor:start_link({local, ?MODULE}, ?MODULE, []).
 
+start_link_dist() ->
+    supervisor:start_link({local, ssl_connection_sup_dist}, ?MODULE, []).
+
 start_child(Args) ->
     supervisor:start_child(?MODULE, Args).
     
+start_child_dist(Args) ->
+    supervisor:start_child(ssl_connection_sup_dist, Args).
+    
 %%%=========================================================================
 %%%  Supervisor callback
 %%%=========================================================================
diff --git a/lib/ssl/src/ssl_dist_sup.erl b/lib/ssl/src/ssl_dist_sup.erl
new file mode 100644
index 0000000000..9d9afb7707
--- /dev/null
+++ b/lib/ssl/src/ssl_dist_sup.erl
@@ -0,0 +1,83 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+
+-module(ssl_dist_sup).
+
+-behaviour(supervisor).
+
+%% API
+-export([start_link/0]).
+
+%% Supervisor callback
+-export([init/1]).
+
+%%%=========================================================================
+%%%  API
+%%%=========================================================================
+
+-spec start_link() -> {ok, pid()} | ignore | {error, term()}.
+			
+start_link() ->
+    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
+
+%%%=========================================================================
+%%%  Supervisor callback
+%%%=========================================================================
+
+init([]) ->    
+    SessionCertManager = session_and_cert_manager_child_spec(),
+    ConnetionManager = connection_manager_child_spec(),
+    ProxyServer = proxy_server_child_spec(),
+
+    {ok, {{one_for_all, 10, 3600}, [SessionCertManager, ConnetionManager,
+				    ProxyServer]}}.
+
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
+session_and_cert_manager_child_spec() ->
+    Opts = ssl_sup:manager_opts(),
+    Name = ssl_manager_dist,  
+    StartFunc = {ssl_manager, start_link_dist, [Opts]},
+    Restart = permanent, 
+    Shutdown = 4000,
+    Modules = [ssl_manager],
+    Type = worker,
+    {Name, StartFunc, Restart, Shutdown, Type, Modules}.
+
+connection_manager_child_spec() ->
+    Name = ssl_connection_dist,  
+    StartFunc = {ssl_connection_sup, start_link_dist, []},
+    Restart = permanent, 
+    Shutdown = 4000,
+    Modules = [ssl_connection],
+    Type = supervisor,
+    {Name, StartFunc, Restart, Shutdown, Type, Modules}.
+
+proxy_server_child_spec() ->
+    Name = ssl_tls_dist_proxy,  
+    StartFunc = {ssl_tls_dist_proxy, start_link, []},
+    Restart = permanent, 
+    Shutdown = 4000,
+    Modules = [ssl_tls_dist_proxy],
+    Type = worker,
+    {Name, StartFunc, Restart, Shutdown, Type, Modules}.
+
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index f873a6a913..371f475c85 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -447,7 +447,7 @@ server_hello_done() ->
 -spec encode_handshake(tls_handshake(), tls_version()) -> iolist().
 %%     
 %% Description: Encode a handshake packet to binary
-%%--------------------------------------------------------------------
+%%--------------------------------------------------------------------x
 encode_handshake(Package, Version) ->
     {MsgType, Bin} = enc_hs(Package, Version),
     Len = byte_size(Bin),
@@ -1092,18 +1092,12 @@ certificate_authorities(CertDbHandle, CertDbRef) ->
     list_to_binary([Enc(Cert) || {_, Cert} <- Authorities]).
 
 certificate_authorities_from_db(CertDbHandle, CertDbRef) ->
-    certificate_authorities_from_db(CertDbHandle, CertDbRef, no_candidate, []).
-
-certificate_authorities_from_db(CertDbHandle,CertDbRef, PrevKey, Acc) ->
-    case ssl_manager:issuer_candidate(PrevKey, CertDbHandle) of
-	no_more_candidates ->
-	    lists:reverse(Acc);
-	{{CertDbRef, _, _} = Key, Cert} ->
-	    certificate_authorities_from_db(CertDbHandle, CertDbRef, Key, [Cert|Acc]);
-	{Key, _Cert} ->
-	    %% skip certs not from this ssl connection
-	    certificate_authorities_from_db(CertDbHandle, CertDbRef, Key, Acc)
-    end.
+    ConnectionCerts = fun({{Ref, _, _}, Cert}, Acc) when Ref  == CertDbRef ->
+			      [Cert | Acc];
+			 (_, Acc) ->
+			      Acc
+		      end,	
+    ssl_certificate_db:foldl(ConnectionCerts, [], CertDbHandle).
 
 digitally_signed(Hash, #'RSAPrivateKey'{} = Key) ->
     public_key:encrypt_private(Hash, Key,
diff --git a/lib/ssl/src/ssl_int.hrl b/lib/ssl/src/ssl_int.hrl
deleted file mode 100644
index 3686deffce..0000000000
--- a/lib/ssl/src/ssl_int.hrl
+++ /dev/null
@@ -1,99 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-
-%%
-
-%% op codes commands are in capital and reply codes in lower case 
-
--define(CONNECT,	1).
--define(CONNECT_WAIT,	2).
--define(CONNECT_REP,	3).
--define(CONNECT_ERR,	4).
-
--define(TERMINATE,	5).
--define(CLOSE,		6).
-
--define(LISTEN,		7).
--define(LISTEN_REP,	8).
--define(LISTEN_ERR,	9).
-
--define(TRANSPORT_ACCEPT, 10).
--define(NOACCEPT,	11).
--define(TRANSPORT_ACCEPT_REP, 12).
--define(TRANSPORT_ACCEPT_ERR, 13).
-
--define(FROMNET_CLOSE,	14).
-
--define(CONNECT_SYNC_ERR, 15).
--define(LISTEN_SYNC_ERR, 16).
-
--define(PROXY_PORT,	23).
--define(PROXY_JOIN,	24).
--define(PROXY_JOIN_REP,	25).
--define(PROXY_JOIN_ERR,	26).
-
--define(SET_SOCK_OPT,	27).
--define(IOCTL_OK,	28).
--define(IOCTL_ERR,	29).
-
--define(GETPEERNAME,	30).
--define(GETPEERNAME_REP, 31).
--define(GETPEERNAME_ERR, 32).
-
--define(GETSOCKNAME,	33).
--define(GETSOCKNAME_REP, 34).
--define(GETSOCKNAME_ERR, 35).
-
--define(GETPEERCERT,	36).
--define(GETPEERCERT_REP, 37).
--define(GETPEERCERT_ERR, 38).
-
--define(GETVERSION, 39).
--define(GETVERSION_REP, 40).
-
--define(SET_SEED, 41).
-
--define(GETCONNINFO, 42).
--define(GETCONNINFO_REP, 43).
--define(GETCONNINFO_ERR, 44).
-
--define(SSL_ACCEPT, 45).
--define(SSL_ACCEPT_REP, 46).
--define(SSL_ACCEPT_ERR, 47).
-
--define(DUMP_CMD,       48).
--define(DEBUG_CMD,      49).
--define(DEBUGMSG_CMD,   50).
-
-%% --------------
-
--define(SSLv2, 1).
--define(SSLv3, 2).
--define(TLSv1, 4).
-
-
-%% Set socket options codes  'SET_SOCK_OPT' 
--define(SET_TCP_NODELAY, 1).
-
--define(DEF_BACKLOG, 128).
-
--define(DEF_TIMEOUT, 10000).
-
--record(sslsocket, { fd = nil, pid = nil}).
-
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 6bf1edc452..18cfcdcd68 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -24,6 +24,9 @@
 
 -include_lib("public_key/include/public_key.hrl"). 
 
+%% Looks like it does for backwards compatibility reasons
+-record(sslsocket, {fd = nil, pid = nil}).
+
 -type reason()            :: term().
 -type reply()             :: term().
 -type msg()               :: term().
@@ -98,10 +101,12 @@
 	  renegotiate_at,
 	  secure_renegotiate,
 	  debug,
-	  hibernate_after % undefined if not hibernating,
+	  hibernate_after,% undefined if not hibernating,
                           % or number of ms of inactivity
 			  % after which ssl_connection will
                           % go into hibernation
+	  %% This option should only be set to true by inet_tls_dist
+	  erl_dist = false 
 	  }).
 
 -record(socket_options,
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 725a085d1f..6389ff03f5 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -27,10 +27,10 @@
 -include("ssl_internal.hrl").
 
 %% Internal application API
--export([start_link/1, 
+-export([start_link/1, start_link_dist/1,
 	 connection_init/2, cache_pem_file/2,
-	 lookup_trusted_cert/4, issuer_candidate/2, client_session_id/4,
-	 server_session_id/4,
+	 lookup_trusted_cert/4,
+	 client_session_id/4, server_session_id/4,
 	 register_session/2, register_session/3, invalidate_session/2,
 	 invalidate_session/3]).
 
@@ -51,7 +51,7 @@
 	  session_lifetime,
 	  certificate_db,
 	  session_validation_timer,
-	  last_delay_timer %% Keep for testing purposes
+	  last_delay_timer  = {undefined, undefined}%% Keep for testing purposes
 	 }).
 
 -define('24H_in_msec', 8640000).
@@ -66,10 +66,20 @@
 %%--------------------------------------------------------------------
 -spec start_link(list()) -> {ok, pid()} | ignore | {error, term()}.
 %%
-%% Description: Starts the server
+%% Description: Starts the ssl manager that takes care of sessions
+%% and certificate caching.
 %%--------------------------------------------------------------------
 start_link(Opts) ->
-    gen_server:start_link({local, ?MODULE}, ?MODULE, [Opts], []).
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [?MODULE, Opts], []).
+
+%%--------------------------------------------------------------------
+-spec start_link_dist(list()) -> {ok, pid()} | ignore | {error, term()}.
+%%
+%% Description: Starts a special instance of the ssl manager to
+%% be used by the erlang distribution. Note disables soft upgrade!
+%%--------------------------------------------------------------------
+start_link_dist(Opts) ->
+    gen_server:start_link({local, ssl_manager_dist}, ?MODULE, [ssl_manager_dist, Opts], []).
 
 %%--------------------------------------------------------------------
 -spec connection_init(string()| {der, list()}, client | server) ->
@@ -102,16 +112,7 @@ cache_pem_file(File, DbHandle) ->
 %% --------------------------------------------------------------------
 lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer) ->
     ssl_certificate_db:lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer).
-%%--------------------------------------------------------------------
--spec issuer_candidate(cert_key() | no_candidate, term()) ->
-			      {cert_key(),
-			       {der_cert(),
-				#'OTPCertificate'{}}} | no_more_candidates.
-%%
-%% Description: Return next issuer candidate.
-%%--------------------------------------------------------------------
-issuer_candidate(PrevCandidateKey, DbHandle) ->
-    ssl_certificate_db:issuer_candidate(PrevCandidateKey, DbHandle).
+
 %%--------------------------------------------------------------------
 -spec client_session_id(host(), inet:port_number(), #ssl_options{},
 			der_cert() | undefined) -> session_id().
@@ -166,7 +167,8 @@ invalidate_session(Port, Session) ->
 %%
 %% Description: Initiates the server
 %%--------------------------------------------------------------------
-init([Opts]) ->
+init([Name, Opts]) ->
+    put(ssl_manager, Name),
     process_flag(trap_exit, true),
     CacheCb = proplists:get_value(session_cb, Opts, ssl_session_cache),
     SessionLifeTime =  
@@ -267,25 +269,16 @@ handle_cast({register_session, Port, Session},
     CacheCb:update(Cache, {Port, NewSession#session.session_id}, NewSession),
     {noreply, State};
 
-%%% When a session is invalidated we need to wait a while before deleting
-%%% it as there might be pending connections that rightfully needs to look
-%%% up the session data but new connections should not get to use this session.
 handle_cast({invalidate_session, Host, Port,
 	     #session{session_id = ID} = Session},
 	    #state{session_cache = Cache,
 		   session_cache_cb = CacheCb} = State) ->
-    CacheCb:update(Cache, {{Host, Port}, ID}, Session#session{is_resumable = false}),
-    TRef =
-	erlang:send_after(delay_time(), self(), {delayed_clean_session, {{Host, Port}, ID}}),
-    {noreply, State#state{last_delay_timer = TRef}};
+    invalidate_session(Cache, CacheCb, {{Host, Port}, ID}, Session, State);
 
 handle_cast({invalidate_session, Port, #session{session_id = ID} = Session},
 	    #state{session_cache = Cache,
 		   session_cache_cb = CacheCb} = State) ->
-    CacheCb:update(Cache, {Port, ID}, Session#session{is_resumable = false}),
-    TRef =
-	erlang:send_after(delay_time(), self(), {delayed_clean_session, {Port, ID}}),
-    {noreply, State#state{last_delay_timer = TRef}};
+    invalidate_session(Cache, CacheCb, {Port, ID}, Session, State);
 
 handle_cast({recache_pem, File, LastWrite, Pid, From},
 	    #state{certificate_db = [_, FileToRefDb, _]} = State0) ->
@@ -309,7 +302,7 @@ handle_cast({recache_pem, File, LastWrite, Pid, From},
 %%				      {stop, reason(), #state{}}.
 %%
 %% Description: Handling all non call/cast messages
-%%-------------------------------------------------------------------- 
+%%-------------------------------------------------------------------
 handle_info(validate_sessions, #state{session_cache_cb = CacheCb,
 				      session_cache = Cache,
 				      session_lifetime = LifeTime
@@ -376,10 +369,10 @@ code_change(_OldVsn, State, _Extra) ->
 %%% Internal functions
 %%--------------------------------------------------------------------
 call(Msg) ->
-    gen_server:call(?MODULE, {Msg, self()}, infinity).
+    gen_server:call(get(ssl_manager), {Msg, self()}, infinity).
 
 cast(Msg) ->
-    gen_server:cast(?MODULE, Msg).
+    gen_server:cast(get(ssl_manager), Msg).
  
 validate_session(Host, Port, Session, LifeTime) ->
     case ssl_session:valid_session(Session, LifeTime) of
@@ -399,9 +392,10 @@ validate_session(Port, Session, LifeTime) ->
 		    
 start_session_validator(Cache, CacheCb, LifeTime) ->
     spawn_link(?MODULE, init_session_validator, 
-	       [[Cache, CacheCb, LifeTime]]).
+	       [[get(ssl_manager), Cache, CacheCb, LifeTime]]).
 
-init_session_validator([Cache, CacheCb, LifeTime]) ->
+init_session_validator([SslManagerName, Cache, CacheCb, LifeTime]) ->
+    put(ssl_manager, SslManagerName),
     CacheCb:foldl(fun session_validation/2,
 		  LifeTime, Cache).
 
@@ -432,3 +426,25 @@ delay_time() ->
 	_ ->
 	   ?CLEAN_SESSION_DB
     end.
+
+invalidate_session(Cache, CacheCb, Key, Session, #state{last_delay_timer = LastTimer} = State) ->
+    case CacheCb:lookup(Cache, Key) of
+	undefined -> %% Session is already invalidated
+	    {noreply, State};
+	#session{is_resumable = new} ->
+	    CacheCb:delete(Cache, Key),
+	    {noreply, State};
+	_ ->
+	    %% When a registered session is invalidated we need to wait a while before deleting
+	    %% it as there might be pending connections that rightfully needs to look
+	    %% up the session data but new connections should not get to use this session.
+	    CacheCb:update(Cache, Key, Session#session{is_resumable = false}),
+	    TRef =
+		erlang:send_after(delay_time(), self(), {delayed_clean_session, Key}),
+	    {noreply, State#state{last_delay_timer = last_delay_timer(Key, TRef, LastTimer)}}
+    end.
+
+last_delay_timer({{_,_},_}, TRef, {LastServer, _}) ->
+    {LastServer, TRef};
+last_delay_timer({_,_}, TRef, {_, LastClient}) ->
+    {TRef, LastClient}.
diff --git a/lib/ssl/src/ssl_prim.erl b/lib/ssl/src/ssl_prim.erl
deleted file mode 100644
index e3140a89d1..0000000000
--- a/lib/ssl/src/ssl_prim.erl
+++ /dev/null
@@ -1,173 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2000-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-
-%%
-
-%% Purpose: Primitive interface to SSL, without broker process (used by 
-%% SSL distribution).
-
--module(ssl_prim).
-
--export([listen/2, connect/3, accept/1, close/1, send/2, send/3, recv/2, recv/3,
-	 getll/1, getstat/2, setopts/2, controlling_process/2, peername/1,
-	 sockname/1, getif/1]).
-
--include("ssl_int.hrl").
--include("ssl_broker_int.hrl").
-
-%-define(filter(Call), filter((catch Call))).
--define(filter(Call), filter(Call)).
-
-listen(Port, Opts) ->
-    St = newstate(listener),
-    ?filter(ssl_broker:listen_prim(ssl_server_prim, self(), Port, nonactive(Opts), St)).
-
-connect(Address, Port, Opts) ->
-    St = newstate(connector),
-    ?filter(ssl_broker:connect_prim(ssl_server_prim, inet_tcp, self(), Address, 
-				    Port, nonactive(Opts), infinity, St)).
-
-accept(#st{} = ListenSt0) ->
-    case transport_accept(ListenSt0) of
-	{ok, ListenSt1} ->
-	    ssl_accept(ListenSt0, ListenSt1);
-	Error ->
-	    Error
-    end.
-
-transport_accept(#st{opts = ListenOpts, thissock = ListenSocket}) ->
-    NewSt = newstate(acceptor),
-    ListenFd = ListenSocket#sslsocket.fd,
-    ?filter(ssl_broker:transport_accept_prim(ssl_server_prim, ListenFd,
-					     ListenOpts, infinity, NewSt)).
-
-ssl_accept(#st{opts = LOpts}, ListenSt1) ->
-    ?filter(ssl_broker:ssl_accept_prim(ssl_server_prim, gen_tcp, self(),
-				       LOpts, infinity, ListenSt1)).
-
-close(#st{fd = Fd}) when is_integer(Fd) ->
-    ssl_server:close_prim(ssl_server_prim, Fd),
-    ok;
-close(_) ->
-    ok.
-
-send(St, Data) ->
-    send(St, Data, []).
-
-send(#st{proxysock = Proxysock, status = open}, Data, Opts) ->
-    case inet_tcp:send(Proxysock, Data, Opts) of
-	ok ->
-	    ok;
-	{error, _} ->
-	    {error, closed}
-    end;
-send(#st{}, _Data, _Opts) ->
-    {error, closed}.
-
-recv(St, Length) ->
-    recv(St, Length, infinity).
-
-recv(#st{proxysock = Proxysock, status = open}, Length, Tmo) ->
-    inet_tcp:recv(Proxysock, Length, Tmo);
-recv(#st{}, _Length, _Tmo) ->
-    {error, closed}.
-
-getll(#st{proxysock = Proxysock, status = open})  ->
-    inet:getll(Proxysock);
-getll(#st{}) ->
-    {error, closed}.
-
-getstat(#st{proxysock = Proxysock, status = open}, Opts) ->
-    inet:getstat(Proxysock, Opts);
-getstat(#st{}, _Opts) ->
-    {error, closed}.
-
-setopts(#st{proxysock = Proxysock, status = open}, Opts) ->
-    case remove_supported(Opts) of
-	[] ->
-	    inet:setopts(Proxysock, Opts);
-	_ ->
-	    {error, enotsup}
-    end;
-setopts(#st{}, _Opts) ->
-    {error, closed}.
-
-
-controlling_process(#st{proxysock = Proxysock, status = open}, Pid)
-  when is_pid(Pid) ->
-    inet_tcp:controlling_process(Proxysock, Pid);
-controlling_process(#st{}, Pid) when is_pid(Pid) ->
-    {error, closed}.
-
-peername(#st{fd = Fd, status = open}) ->
-    case ssl_server:peername_prim(ssl_server_prim, Fd) of
-	{ok, {Address, Port}} ->
-	    {ok, At} = inet_parse:ipv4_address(Address),
-	    {ok, {At, Port}};
-	Error ->
-	    Error
-    end;
-peername(#st{}) ->
-    {error, closed}.
-
-sockname(#st{fd = Fd, status = open}) ->
-    case ssl_server:sockname_prim(ssl_server_prim, Fd) of
-	{ok, {Address, Port}} ->
-	    {ok, At} = inet_parse:ipv4_address(Address),
-	    {ok, {At, Port}};
-	Error ->
-	    Error
-    end;
-sockname(#st{}) ->
-    {error, closed}.
-
-getif(#st{proxysock = Proxysock, status = open}) ->
-    inet:getif(Proxysock);
-getif(#st{}) ->
-    {error, closed}.
-
-remove_supported([{active, _}|T]) ->
-    remove_supported(T);
-remove_supported([{packet,_}|T]) ->
-    remove_supported(T);
-remove_supported([{deliver,_}|T]) ->
-    remove_supported(T);
-remove_supported([H|T]) ->
-    [H | remove_supported(T)];
-remove_supported([]) ->
-    [].
-
-filter(Result) ->
-    case Result of
-	{ok, _Sock,St} ->
-	    {ok, St};
-        {error, Reason, _St} ->
-	    {error,Reason}
-    end.
-
-nonactive([{active,_}|T]) ->
-    nonactive(T);
-nonactive([H|T]) ->
-    [H | nonactive(T)];
-nonactive([]) ->
-    [{active, false}].
-
-newstate(Type) ->
-   #st{brokertype = Type, server = whereis(ssl_server_prim),
-       client = undefined, collector = undefined, debug = false}. 
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index 72091fdd5f..830026c825 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -48,7 +48,7 @@
 
 %% Encoding records
 -export([encode_handshake/3, encode_alert_record/3,
-	 encode_change_cipher_spec/2, encode_data/4]).
+	 encode_change_cipher_spec/2, encode_data/3]).
 
 %% Decoding
 -export([decode_cipher_text/2]).
@@ -503,36 +503,18 @@ decode_cipher_text(CipherText, ConnnectionStates0) ->
 	   Alert
    end.
 %%--------------------------------------------------------------------
--spec encode_data(iolist(), tls_version(), #connection_states{}, integer()) ->
-			 {iolist(), iolist(), #connection_states{}}.
+-spec encode_data(binary(), tls_version(), #connection_states{}) ->
+			 {iolist(), #connection_states{}}.
 %%
 %% Description: Encodes data to send on the ssl-socket.
 %%--------------------------------------------------------------------
-encode_data(Frag, Version, ConnectionStates, RenegotiateAt)
-  when byte_size(Frag) < (?MAX_PLAIN_TEXT_LENGTH - 2048) ->
-    case encode_plain_text(?APPLICATION_DATA,Version,Frag,ConnectionStates, RenegotiateAt) of
-	{renegotiate, Data} ->
-	    {[], Data, ConnectionStates};
-	{Msg, CS} ->
-	    {Msg, [], CS}
-    end;
-
-encode_data(Frag, Version, ConnectionStates, RenegotiateAt) when is_binary(Frag) ->
-    Data = split_bin(Frag, ?MAX_PLAIN_TEXT_LENGTH - 2048),
-    encode_data(Data, Version, ConnectionStates, RenegotiateAt);
-
-encode_data(Data, Version, ConnectionStates0, RenegotiateAt) when is_list(Data) ->
-    {ConnectionStates, EncodedMsg, NotEncdedData} =
-        lists:foldl(fun(B, {CS0, Encoded, Rest}) ->
-			    case encode_plain_text(?APPLICATION_DATA,
-						   Version, B, CS0, RenegotiateAt) of
-				{renegotiate, NotEnc} ->
-				    {CS0, Encoded, [NotEnc | Rest]};
-				{Enc, CS1} ->
-				    {CS1, [Enc | Encoded], Rest}
-			    end
-		    end, {ConnectionStates0, [], []}, Data),
-    {lists:reverse(EncodedMsg), lists:reverse(NotEncdedData), ConnectionStates}.
+encode_data(Frag, Version,
+	    #connection_states{current_write = #connection_state{
+				 security_parameters =
+				     #security_parameters{bulk_cipher_algorithm = BCA}}} =
+		ConnectionStates) ->
+    Data = split_bin(Frag, ?MAX_PLAIN_TEXT_LENGTH, Version, BCA),
+    encode_iolist(?APPLICATION_DATA, Data, Version, ConnectionStates).
 
 %%--------------------------------------------------------------------
 -spec encode_handshake(iolist(), tls_version(), #connection_states{}) ->
@@ -566,6 +548,14 @@ encode_change_cipher_spec(Version, ConnectionStates) ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
+encode_iolist(Type, Data, Version, ConnectionStates0) ->
+    {ConnectionStates, EncodedMsg} =
+        lists:foldl(fun(Text, {CS0, Encoded}) ->
+			    {Enc, CS1} = encode_plain_text(Type, Version, Text, CS0),
+			    {CS1, [Enc | Encoded]}
+		    end, {ConnectionStates0, []}, Data),
+    {lists:reverse(EncodedMsg), ConnectionStates}.
+
 highest_protocol_version() ->
     highest_protocol_version(supported_protocol_versions()).
 
@@ -602,29 +592,23 @@ record_protocol_role(client) ->
 record_protocol_role(server) ->
     ?SERVER.
 
-split_bin(Bin, ChunkSize) ->
-    split_bin(Bin, ChunkSize, []).
+%% 1/n-1 splitting countermeasure Rizzo/Duong-Beast, RC4 chiphers are not vulnerable to this attack.
+split_bin(<<FirstByte:8, Rest/binary>>, ChunkSize, Version, BCA) when BCA =/= ?RC4 andalso ({3, 1} == Version orelse
+											    {3, 0} == Version) ->
+    do_split_bin(Rest, ChunkSize, [[FirstByte]]);
+split_bin(Bin, ChunkSize, _, _) ->
+    do_split_bin(Bin, ChunkSize, []).
 
-split_bin(<<>>, _, Acc) ->
+do_split_bin(<<>>, _, Acc) ->
     lists:reverse(Acc);
-split_bin(Bin, ChunkSize, Acc) ->
+do_split_bin(Bin, ChunkSize, Acc) ->
     case Bin of
         <<Chunk:ChunkSize/binary, Rest/binary>> ->
-            split_bin(Rest, ChunkSize, [Chunk | Acc]);
+            do_split_bin(Rest, ChunkSize, [Chunk | Acc]);
         _ ->
             lists:reverse(Acc, [Bin])
     end.
 
-encode_plain_text(Type, Version, Data, ConnectionStates, RenegotiateAt) ->
-    #connection_states{current_write = 
-		       #connection_state{sequence_number = Num}} = ConnectionStates,
-    case renegotiate(Num, RenegotiateAt) of
-	false ->
-	    encode_plain_text(Type, Version, Data, ConnectionStates);
-	true ->
-	    {renegotiate, Data}
-    end.
-
 encode_plain_text(Type, Version, Data, ConnectionStates) ->
     #connection_states{current_write=#connection_state{
 			 compression_state=CompS0,
@@ -637,11 +621,6 @@ encode_plain_text(Type, Version, Data, ConnectionStates) ->
     CTBin = encode_tls_cipher_text(Type, Version, CipherText),
     {CTBin, ConnectionStates#connection_states{current_write = CS2}}.
 
-renegotiate(N, M) when N < M->
-    false;
-renegotiate(_,_) ->
-    true.
-
 encode_tls_cipher_text(Type, {MajVer, MinVer}, Fragment) ->
     Length = erlang:iolist_size(Fragment),
     [<<?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer), ?UINT16(Length)>>, Fragment].
diff --git a/lib/ssl/src/ssl_record.hrl b/lib/ssl/src/ssl_record.hrl
index 5fb0070b91..282d642138 100644
--- a/lib/ssl/src/ssl_record.hrl
+++ b/lib/ssl/src/ssl_record.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -70,9 +70,10 @@
 -define(MAX_SEQENCE_NUMBER, 18446744073709552000). %% math:pow(2, 64) - 1 = 1.8446744073709552e19
 %% Sequence numbers can not wrap so when max is about to be reached we should renegotiate.
 %% We will renegotiate a little before so that there will be sequence numbers left
-%% for the rehandshake and a little data. 
--define(MARGIN, 100).
--define(DEFAULT_RENEGOTIATE_AT, ?MAX_SEQENCE_NUMBER - ?MARGIN).
+%% for the rehandshake and a little data. Currently we decided to renegotiate a little more
+%% often as we can have a cheaper test to check if it is time to renegotiate. It will still
+%% be fairly seldom. 
+-define(DEFAULT_RENEGOTIATE_AT, 268435456). %% math:pow(2, 28) 
 
 %% ConnectionEnd
 -define(SERVER, 0).
diff --git a/lib/ssl/src/ssl_server.erl b/lib/ssl/src/ssl_server.erl
deleted file mode 100644
index b66e20a397..0000000000
--- a/lib/ssl/src/ssl_server.erl
+++ /dev/null
@@ -1,1378 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-
-%%
-
-%%% Purpose : SSL server
-
-%%
-%% TODO
-%%
-%% XXX The ip option in listen is not general enough. It is assumed
-%%     to be a tuple, which is not always the case.
-
--module(ssl_server).
--behaviour(gen_server).
-
-%% External exports 
--export([start_link/0]).  
-
--export([transport_accept/2, transport_accept/3, ssl_accept/2, ssl_accept/3,
-	 ciphers/0, connect/5, connect/6,
-	 connection_info/1, close/1, listen/3, listen/4, peercert/1,
-	 peername/1, proxy_join/2, seed/1, setnodelay/2, sockname/1,
-	 version/0]).
-
--export([start_link_prim/0]).
--export([ssl_accept_prim/4, transport_accept_prim/4,
-	 connect_prim/7, close_prim/2, 
-	 listen_prim/5, proxy_join_prim/3, peername_prim/2, setnodelay_prim/3, 
-	 sockname_prim/2]).
-
--export([dump/0, dump/1]).
--export([enable_debug/0, disable_debug/0, set_debug/1]).
--export([enable_debugmsg/0, disable_debugmsg/0, set_debugmsg/1]).
-
-%% gen_server callbacks
--export([init/1, handle_call/3, handle_cast/2, handle_info/2, 
-	 code_change/3, terminate/2]).
-
--include("ssl_int.hrl").
-
--record(st, {
-	  port = [],			% port() of port program
-	  progpid = [],			% OS pid of port program
-	  debug = false,		% debug printout flag
-	  cons = [], 			% All brokers except pending accepts
-	  paccepts = [], 		% Pending accept brokers
-	  proxylsport = [], 		% proxy listen socket port
-	  intref = 0,			% internal reference counter
-	  compvsn = "",			% ssl compile library version
-	  libvsn = "",			% ssl library version
-	  ciphers = []			% available ciphers
-	 }).
-
-
-%% In all functions below IP is a four tuple, e.g. {192, 236, 52, 7}. 
-%% Port, Fd and ListenFd are integers; Flags is a string of characters.
-%%
-%% The prefixes F and L mean foreign and local, respectively. 
-%% Example: FIP (IP address for foreign end).
-
-%%
-%% start_link() -> {ok, Pid} | {error, Reason}
-%%
-start_link() ->
-    gen_server:start_link({local, ssl_server}, ssl_server, [], []).
-
-start_link_prim() ->
-    gen_server:start_link({local, ssl_server_prim}, ssl_server, [], []).
-
-%%
-%% transport_accept(ListenFd, Flags) -> {ok, Fd, ProxyLLPort} |
-%%			      {error, Reason}
-%%
-transport_accept(ListenFd, Flags) ->
-    transport_accept(ListenFd, Flags, infinity).
-transport_accept(ListenFd, Flags, Timeout) ->
-    transport_accept_prim(ssl_server,ListenFd, Flags, Timeout).
-
-transport_accept_prim(ServerName, ListenFd, Flags, Timeout) ->
-    Req = {transport_accept, self(), ListenFd, Flags}, 
-    gen_server:call(ServerName, Req, Timeout).
-
-%%
-%% ssl_accept(ListenFd, Flags) -> {ok, Fd, ProxyLLPort} |
-%%			      {error, Reason}
-%%
-ssl_accept(ListenFd, Flags) ->
-    ssl_accept(ListenFd, Flags, infinity).
-ssl_accept(ListenFd, Flags, Timeout) ->
-    ssl_accept_prim(ssl_server, ListenFd, Flags, Timeout).
-
-ssl_accept_prim(ServerName, Fd, Flags, Timeout) ->
-    Req = {ssl_accept, Fd, Flags}, 
-    gen_server:call(ServerName, Req, Timeout).
-
-%%
-%% ciphers() -> {ok, Ciphers} 
-%%
-ciphers() ->
-    gen_server:call(ssl_server, ciphers, infinity).
-
-%%
-%% close(Fd) -> ok
-%%
-close(Fd) -> 
-    close_prim(ssl_server, Fd).
-close_prim(ServerName, Fd) -> 
-    gen_server:call(ServerName, {close, self(), Fd}, infinity),
-    ok.
-
-%%
-%% connect(LIP, LPort, FIP, FPort, Flags) -> {ok, Fd, ProxyLFPort} |
-%%					 {error, Reason}
-%%
-connect(LIP, LPort, FIP, FPort, Flags) ->
-    connect(LIP, LPort, FIP, FPort, Flags, infinity).
-connect(LIP, LPort, FIP, FPort, Flags, Timeout) ->
-    connect_prim(ssl_server, LIP, LPort, FIP, FPort, Flags, Timeout).
-
-connect_prim(ServerName, LIP, LPort, FIP, FPort, Flags, Timeout) ->
-    Req = {connect, self(), LIP, LPort, FIP, FPort, Flags},
-    gen_server:call(ServerName, Req, Timeout).
-
-%%
-%% connection_info(Fd) -> {ok, {Protocol, Cipher}} | {error, Reason}
-%%
-connection_info(Fd) ->
-    Req = {connection_info, self(), Fd},
-    gen_server:call(ssl_server, Req, infinity).
-  
-%%
-%% listen(IP, LPort, Flags), 
-%% listen(IP, LPort, Flags, BackLog) -> {ok, ListenFd, LPort0} | 
-%%                                    {error, Reason}
-%%
-listen(IP, LPort, Flags) ->
-    listen(IP, LPort, Flags, ?DEF_BACKLOG).
-listen(IP, LPort, Flags, BackLog) ->
-    listen_prim(ssl_server, IP, LPort, Flags, BackLog).
-listen_prim(ServerName, IP, LPort, Flags, BackLog) ->
-    Req = {listen, self(), IP, LPort, Flags, BackLog},
-    gen_server:call(ServerName, Req, infinity).
-
-%%
-%% peercert(Fd) -> {ok, Cert} | {error, Reason}
-%%
-peercert(Fd) ->
-    Req = {peercert, self(), Fd},
-    gen_server:call(ssl_server, Req, infinity).
-
-%%
-%% peername(Fd) -> {ok, {Address, Port}} | {error, Reason}
-%%
-peername(Fd) ->
-    peername_prim(ssl_server, Fd).
-peername_prim(ServerName, Fd) ->
-    Req = {peername, self(), Fd},
-    gen_server:call(ServerName, Req, infinity).
-
-%%
-%% proxy_join(Fd, LPort) -> ok | {error, Reason}
-%%
-proxy_join(Fd, LPort) ->
-    proxy_join_prim(ssl_server, Fd, LPort).
-proxy_join_prim(ServerName, Fd, LPort) ->
-    Req = {proxy_join, self(), Fd, LPort},
-    gen_server:call(ServerName, Req, infinity).
-
-%%
-%%  seed(Data)
-%%
-seed(Data) ->
-    Req = {seed, Data},
-    gen_server:call(ssl_server, Req, infinity).
-    
-%%
-%%  set_nodelay(Fd, Boolean)
-%%
-setnodelay(Fd, Boolean) ->
-    setnodelay_prim(ssl_server, Fd, Boolean).
-setnodelay_prim(ServerName, Fd, Boolean) ->
-    Req = {setnodelay, self(), Fd, Boolean},
-    gen_server:call(ServerName, Req, infinity).
-    
-%%
-%% sockname(Fd) -> {ok, {Address, Port}} | {error, Reason}
-%%
-sockname(Fd) ->
-    sockname_prim(ssl_server, Fd).
-sockname_prim(ServerName, Fd) ->
-    Req = {sockname, self(), Fd},
-    gen_server:call(ServerName, Req, infinity).
-
-%%
-%% version() -> {ok, {CompVsn, LibVsn}} 
-%%
-version() ->
-    gen_server:call(ssl_server, version, infinity).
-
-
-enable_debug() ->
-    set_debug(true).
-
-disable_debug() ->
-    set_debug(false).
-
-set_debug(Bool) ->
-    set_debug(Bool, infinity).
-
-set_debug(Bool, Timeout) when is_boolean(Bool) ->
-    Req = {set_debug, Bool, self()},
-    gen_server:call(ssl_server, Req, Timeout).
-                
-enable_debugmsg() ->
-    set_debugmsg(true).
-
-disable_debugmsg() ->
-    set_debugmsg(false).
-
-set_debugmsg(Bool) ->
-    set_debugmsg(Bool, infinity).
-
-set_debugmsg(Bool, Timeout) when is_boolean(Bool) ->
-    Req = {set_debugmsg, Bool, self()},
-    gen_server:call(ssl_server, Req, Timeout).
-
-dump() ->
-    dump(infinity).
-
-dump(Timeout) ->
-    Req = {dump, self()}, 
-    gen_server:call(ssl_server, Req, Timeout).
-
-%%
-%% init
-%%
-init([]) ->
-    Debug = case application:get_env(ssl, edebug) of
-		{ok, true} -> 
-		    true;
-		_ ->
-		    case application:get_env(ssl, debug) of
-			{ok, true} ->
-			    true;
-			_  ->
-			    os:getenv("ERL_SSL_DEBUG") =/= false
-		    end
-	    end,
-    ProgDir = 
-	case init:get_argument(ssl_portprogram_dir) of
-	    {ok, [[D]]} ->
-		D;
-	    _ ->
-		find_priv_bin()
-	end,
-    {Program, Flags} = mk_cmd_line("ssl_esock"),
-    Cmd = filename:join(ProgDir, Program) ++ " " ++ Flags,
-    debug1(Debug, " start, Cmd =  ~s~n", [Cmd]), 
-    case (catch open_port({spawn, Cmd}, [binary, {packet, 4}])) of
-	Port when is_port(Port) ->
-	    process_flag(trap_exit, true), 
-	    receive 
-		{Port, {data, Bin}} ->
-		    {ProxyLLPort, ProgPid, CompVsn, LibVsn, Ciphers} = 
-			decode_msg(Bin, [int16, int32, string, string, 
-					 string]), 
-		    debug1(Debug, "port program pid = ~w~n", 
-			   [ProgPid]), 
-		    {ok, #st{port = Port, 
-			     proxylsport = ProxyLLPort,
-			     progpid = ProgPid, 
-			     debug = Debug, 
-			     compvsn = CompVsn, 
-			     libvsn = LibVsn,
-			     ciphers = Ciphers}};
-		{'EXIT', Port, Reason} ->
-		    {stop, Reason}
-	    end;
-	{'EXIT', Reason} ->
-	    {stop, Reason}
-    end.
-
-%%
-%% transport_accept
-%%
-handle_call({transport_accept, Broker, ListenFd, Flags}, From, St) ->
-    debug(St, "transport_accept: broker = ~w, listenfd = ~w~n", 
-	  [Broker, ListenFd]),
-    case get_by_fd(ListenFd, St#st.cons) of
-	{ok, {ListenFd, _, _}} ->
-	    send_cmd(St#st.port, ?TRANSPORT_ACCEPT, [int32(ListenFd), Flags, 0]),
-	    PAccepts = add({ListenFd, Broker, From}, St#st.paccepts),
-	    %%
-	    %% We reply when we get TRANSPORT_ACCEPT_REP or ASYNC_ACCEPT_ERR
-	    %% 
-	    {noreply, St#st{paccepts = PAccepts}};
-	_Other ->
-	    {reply, {error, ebadf}, St}
-    end;
-
-%%
-%% ssl_accept
-%%
-handle_call({ssl_accept, Fd, Flags}, From, St) ->
-    case replace_from_by_fd(Fd, St#st.cons, From) of
-	{ok, _, Cons} = _Rep ->
-	    send_cmd(St#st.port, ?SSL_ACCEPT, [int32(Fd), Flags, 0]),
-	    %% We reply when we get SSL_ACCEPT_REP or ASYNC_ACCEPT_ERR
-	    {noreply, St#st{cons = Cons}};
-	_Other ->
-	    {reply, {error, ebadf}, St}
-    end;
-
-%%
-%% version
-%%
-handle_call(ciphers, From, St) ->
-    debug(St, "ciphers: from = ~w~n", [From]),
-    {reply, {ok, St#st.ciphers}, St};
-
-%%
-%% connect
-%%
-handle_call({connect, Broker, LIP, LPort, FIP, FPort, Flags}, From, St) ->
-    debug(St, "connect: broker = ~w, ip = ~w, "
-	  "sport = ~w~n", [Broker, FIP, FPort]),
-    Port = St#st.port,
-    LIPStr = ip_to_string(LIP),
-    FIPStr = ip_to_string(FIP),
-    IntRef = new_intref(St),
-    send_cmd(Port, ?CONNECT, [int32(IntRef),
-			      int16(LPort), LIPStr, 0,
-			      int16(FPort), FIPStr, 0,
-			      Flags, 0]),
-    Cons = add({{intref, IntRef}, Broker, From}, St#st.cons),
-    %% We reply when we have got CONNECT_SYNC_ERR, or CONNECT_WAIT 
-    %% and CONNECT_REP, or CONNECT_ERR.
-    {noreply, St#st{cons = Cons, intref = IntRef}};
-
-%%
-%% connection_info
-%%
-handle_call({connection_info, Broker, Fd}, From, St) ->
-    debug(St, "connection_info: broker = ~w, fd = ~w~n",
-	  [Broker, Fd]),
-    case replace_from_by_fd(Fd, St#st.cons, From) of
-	{ok, _, Cons} ->
-	    send_cmd(St#st.port, ?GETCONNINFO, [int32(Fd)]),
-	    %% We reply when we get GETCONNINFO_REP or GETCONNINFO_ERR.
-	    {noreply, St#st{cons = Cons}};
-	_Other ->
-	    {reply, {error, ebadf}, St}
-    end;
-
-%%
-%% close
-%%
-handle_call({close, Broker, Fd}, _From, St) ->
-    debug(St, "close: broker = ~w, fd = ~w~n",
-	  [Broker, Fd]),
-    #st{port = Port, cons = Cons0, paccepts = PAccepts0} = St,
-    case delete_by_fd(Fd, Cons0) of
-	%% Must match Broker pid; fd may be reused already.
-	{ok, {Fd, Broker, _}, Cons} ->
-	    send_cmd(Port, ?CLOSE, int32(Fd)),
-	    %% If Fd is a listen socket fd, there might be pending
-	    %% accepts for that fd.
-	    case delete_all_by_fd(Fd, PAccepts0) of
-		{ok, DelAccepts, RemAccepts} ->
-		    %% Reply {error, closed} to all pending accepts
-		    lists:foreach(fun({_, _, AccFrom}) ->
-					  gen_server:reply(AccFrom,
-							   {error, closed})
-				  end, DelAccepts),
-		    {reply, ok,
-		     St#st{cons = Cons, paccepts = RemAccepts}};
-		_ ->
-		    {reply, ok, St#st{cons = Cons}}
-	    end;
-	_ ->
-	    {reply, ok, St}
-    end;
-
-%%
-%% listen
-%%
-handle_call({listen, Broker, IP, LPort, Flags, BackLog}, From, St) ->
-    debug(St, "listen: broker = ~w, IP = ~w, "
-	  "sport = ~w~n", [Broker, IP, LPort]),
-    Port = St#st.port,
-    IPStr = ip_to_string(IP),
-    IntRef = new_intref(St),
-    send_cmd(Port, ?LISTEN, [int32(IntRef), int16(LPort), IPStr, 0,
-			     int16(BackLog), Flags, 0]),
-    Cons = add({{intref, IntRef}, Broker, From}, St#st.cons),
-    %% We reply when we have got LISTEN_REP.
-    {noreply, St#st{cons = Cons, intref = IntRef}};
-
-%%
-%% peercert
-%%
-handle_call({peercert, Broker, Fd}, From, St) ->
-    debug(St, "peercert: broker = ~w, fd = ~w~n",
-	  [Broker, Fd]),
-    case replace_from_by_fd(Fd, St#st.cons, From) of 
-	{ok, _, Cons} ->
-	    send_cmd(St#st.port, ?GETPEERCERT, [int32(Fd)]),
-	    %% We reply when we get GETPEERCERT_REP or GETPEERCERT_ERR.
-	    {noreply, St#st{cons = Cons}};
-	_Other ->
-	    {reply, {error, ebadf}, St}
-    end;
-
-
-%%
-%% peername
-%%
-handle_call({peername, Broker, Fd}, From, St) ->
-    debug(St, "peername: broker = ~w, fd = ~w~n",
-	  [Broker, Fd]),
-    case replace_from_by_fd(Fd, St#st.cons, From) of 
-	{ok, _, Cons} ->
-	    send_cmd(St#st.port, ?GETPEERNAME, [int32(Fd)]),
-	    %% We reply when we get GETPEERNAME_REP or GETPEERNAME_ERR.
-	    {noreply, St#st{cons = Cons}};
-	_Other ->
-	    {reply, {error, ebadf}, St}
-    end;
-
-%%
-%% proxy join
-%%
-handle_call({proxy_join, Broker, Fd, LPort}, From, St) ->
-    debug(St, "proxy_join: broker = ~w, fd = ~w, "
-	  "sport = ~w~n", [Broker, Fd, LPort]),
-    case replace_from_by_fd(Fd, St#st.cons, From) of 
-	{ok, _, Cons} ->
-	    send_cmd(St#st.port, ?PROXY_JOIN, [int32(Fd), 
-						     int16(LPort)]), 
-	    %% We reply when we get PROXY_JOIN_REP, or PROXY_JOIN_ERR.
-	    {noreply, St#st{cons = Cons}};
-	_Other ->
-	    {reply, {error, ebadf}, St}
-    end;
-
-%%
-%% seed
-%%
-handle_call({seed, Data}, _From, St) when is_binary(Data) ->
-    send_cmd(St#st.port, ?SET_SEED, [int32(byte_size(Data)), Data]),
-    {reply, ok, St};
-
-handle_call({seed, Data}, From, St) ->
-    case catch list_to_binary(Data) of
-	{'EXIT', _} ->
-	    {reply, {error, edata}, St};
-	Bin  ->
-	    handle_call({seed, Bin}, From, St)
-    end;
-
-%%
-%% setnodelay
-%%
-handle_call({setnodelay, Broker, Fd, Boolean}, From, St) ->
-    debug(St, "setnodelay: broker = ~w, fd = ~w, "
-	  "boolean = ~w~n", [Broker, Fd, Boolean]),
-    case replace_from_by_fd(Fd, St#st.cons, From) of 
-	{ok, _, Cons} ->
-	    Val = if Boolean == true -> 1; true -> 0 end,
-	    send_cmd(St#st.port, ?SET_SOCK_OPT, 
-		     [int32(Fd), ?SET_TCP_NODELAY, Val]),
-	    %% We reply when we get IOCTL_OK or IOCTL_ERR.
-	    {noreply, St#st{cons = Cons}};
-	_Other ->
-	    {reply, {error, ebadf}, St}
-    end;
-
-%%
-%% sockname
-%%
-handle_call({sockname, Broker, Fd}, From, St) ->
-    debug(St, "sockname: broker = ~w, fd = ~w~n",
-	  [Broker, Fd]),
-    case replace_from_by_fd(Fd, St#st.cons, From) of 
-	{ok, _, Cons} ->
-	    send_cmd(St#st.port, ?GETSOCKNAME, [int32(Fd)]),
-	    %% We reply when we get GETSOCKNAME_REP or GETSOCKNAME_ERR.
-	    {noreply, St#st{cons = Cons}};
-	_Other ->
-	    {reply, {error, ebadf}, St}
-    end;
-
-%%
-%% version
-%%
-handle_call(version, From, St) ->
-    debug(St, "version: from = ~w~n", [From]),
-    {reply, {ok, {St#st.compvsn, St#st.libvsn}}, St};
-
-%%
-%% dump
-%%
-handle_call({dump, Broker}, _From, St) ->
-    debug(St, "dump: broker = ~w", [Broker]),
-    Port = St#st.port,
-    send_cmd(Port, ?DUMP_CMD, []),
-    {reply, ok, St};
-
-%%
-%% set_debug
-%%
-handle_call({set_debug, Bool, Broker}, _From, St) ->
-    debug(St, "set_debug: broker = ~w", [Broker]),
-   Value = case Bool of 
-                true ->
-                    1;
-                false ->
-                    0
-            end,
-    Port = St#st.port,
-    send_cmd(Port, ?DEBUG_CMD, [Value]),
-    {reply, ok, St};
-
-%%
-%% set_debugmsg
-%%
-handle_call({set_debugmsg, Bool, Broker}, _From, St) ->
-    debug(St, "set_debugmsg: broker = ~w", [Broker]),
-    Value = case Bool of 
-                true ->
-                    1;
-                false ->
-                    0
-            end,
-    Port = St#st.port,
-    send_cmd(Port, ?DEBUGMSG_CMD, [Value]),
-    {reply, ok, St};
-
-handle_call(Request, _From, St) ->
-    debug(St, "unexpected call: ~w~n", [Request]),
-    Reply = {error, {badcall, Request}},
-    {reply, Reply, St}.
-
-%%
-%% handle_cast(Msg, St)
-%%
-
-
-handle_cast(Msg, St) ->
-    debug(St, "unexpected cast: ~w~n", [Msg]),
-    {noreply, St}.
-
-%%
-%% handle_info(Info, St)
-%%
-
-%% Data from port
-%%
-handle_info({Port, {data, Bin}},
-	    #st{cons = StCons, paccepts = Paccepts,
-		port = Port, proxylsport = Proxylsport} = St) 
-  when is_binary(Bin) ->
-    %% io:format("++++ ssl_server got from port: ~w~n", [Bin]),
-    <<OpCode:8, _/binary>> = Bin,
-    case OpCode of
-	%%
-	%% transport_accept
-	%%
-	?TRANSPORT_ACCEPT_ERR when byte_size(Bin) >= 5 ->
-	    {ListenFd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "transport_accept_err: listenfd = ~w, "
-		  "reason = ~w~n", [ListenFd, Reason]),
-	    case delete_last_by_fd(ListenFd, Paccepts) of
-		{ok, {_, _, From}, PAccepts} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{paccepts = PAccepts}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	?TRANSPORT_ACCEPT_REP when byte_size(Bin) >= 9 ->
-	    {ListenFd, Fd} = decode_msg(Bin, [int32, int32]),
-	    debug(St, "transport_accept_rep: listenfd = ~w, "
-		  "fd = ~w~n", [ListenFd, Fd]),
-	    case delete_last_by_fd(ListenFd, Paccepts) of
-		{ok, {_, Broker, From}, PAccepts} ->
-		    Reply = {ok, Fd, Proxylsport},
-		    gen_server:reply(From, Reply),
-		    debug(St, "transport_accept_rep: From = ~w\n", [From]),
-		    Cons = add({Fd, Broker, From}, StCons),
-		    {noreply, St#st{cons = Cons, paccepts = PAccepts}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	
-	%%
-	%% ssl_accept
-	%%
-	?SSL_ACCEPT_ERR when byte_size(Bin) >= 5 ->
-	    {Fd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "ssl_accept_err: listenfd = ~w, "
-		  "reason = ~w~n", [Fd, Reason]),
-	    %% JC: remove this?
-	    case delete_last_by_fd(Fd, StCons) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	?SSL_ACCEPT_REP when byte_size(Bin) >= 5 ->
-	    Fd = decode_msg(Bin, [int32]),
-	    debug(St, "ssl_accept_rep: Fd = ~w\n", [Fd]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, ok),
-		    {noreply, St#st{cons = Cons}};
-		_ ->
-		    {noreply, St}
-	    end;
-
-	%%
-	%% connect
-	%%
-	?CONNECT_SYNC_ERR when byte_size(Bin) >= 5 ->
-	    {IntRef, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "connect_sync_err: intref = ~w, "
-		  "reason = ~w~n", [IntRef, Reason]),
-	    case delete_by_intref(IntRef, StCons) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    {noreply, St}
-	    end;
-	?CONNECT_WAIT when byte_size(Bin) >= 9 ->  
-	    {IntRef, Fd} = decode_msg(Bin, [int32, int32]),
-	    debug(St, "connect_wait: intref = ~w, "
-		  "fd = ~w~n", [IntRef, Fd]),
-	    case replace_fd_by_intref(IntRef, StCons, Fd) of
-		{ok, _, Cons} ->
-		    %% We reply when we get CONNECT_REP or CONNECT_ERR
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% We have a new Fd which must be closed
-		    send_cmd(Port, ?CLOSE, int32(Fd)),
-		    {noreply, St}
-	    end;
-	?CONNECT_REP when byte_size(Bin) >= 5 ->  
-	    %% after CONNECT_WAIT
-	    Fd = decode_msg(Bin, [int32]),
-	    debug(St, "connect_rep: fd = ~w~n", [Fd]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {ok, Fd, Proxylsport}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    {noreply, St}
-	    end;
-	?CONNECT_ERR when byte_size(Bin) >= 5 ->
-	    {Fd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "connect_err: fd = ~w, "
-		  "reason = ~w~n", [Fd, Reason]),
-	    case delete_by_fd(Fd, StCons) of
-		{ok, {_, _, From}, Cons} ->
-		    %% Fd not yet published - hence close ourselves
-		    send_cmd(Port, ?CLOSE, int32(Fd)),
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-
-	%%
-	%% connection_info
-	%%
-	?GETCONNINFO_REP when byte_size(Bin) >= 5 ->
-	    {Fd, Protocol, Cipher} = decode_msg(Bin, [int32, string, string]),
-	    debug(St, "connection_info_rep: fd = ~w, "
-		  "protcol = ~p, ip = ~p~n", [Fd, Protocol, Cipher]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {ok, {protocol_name(Protocol),
-						 Cipher}}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	?GETCONNINFO_ERR when byte_size(Bin) >= 5 ->
-	    {Fd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "connection_info_err: fd = ~w, "
-		  "reason = ~w~n", [Fd, Reason]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-
-	%%
-	%% listen
-	%%
-	?LISTEN_SYNC_ERR when byte_size(Bin) >= 5 ->
-	    {IntRef, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "listen_sync_err: intref = ~w, "
-		  "reason = ~w~n", [IntRef, Reason]),
-	    case delete_by_intref(IntRef, StCons) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    {noreply, St}
-	    end;
-	?LISTEN_REP when byte_size(Bin) >= 11 ->  
-	    {IntRef, ListenFd, LPort} = decode_msg(Bin, [int32, int32, int16]),
-	    debug(St, "listen_rep: intref = ~w, "
-		  "listenfd = ~w, sport = ~w~n", [IntRef, ListenFd, LPort]),
-	    case replace_fd_from_by_intref(IntRef, StCons, ListenFd, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {ok, ListenFd, LPort}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% ListenFd has to be closed.
-		    send_cmd(Port, ?CLOSE, int32(ListenFd)),
-		    {noreply, St}
-	    end;
-
-	%%
-	%% proxy join
-	%%
-	?PROXY_JOIN_REP when byte_size(Bin) >= 5 -> 
-	    Fd = decode_msg(Bin, [int32]),
-	    debug(St, "proxy_join_rep: fd = ~w~n",
-		  [Fd]),
-	    case get_by_fd(Fd, StCons) of
-		{ok, {_, _, From}} ->
-		    gen_server:reply(From, ok),
-		    {noreply, St};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	?PROXY_JOIN_ERR when byte_size(Bin) >= 5 -> 
-	    {Fd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "proxy_join_rep: fd = ~w, "
-		  "reason = ~w~n", [Fd, Reason]),
-	    case delete_by_fd(Fd, StCons) of
-		{ok, {_, _, From}, Cons} ->
-		    case Reason of
-			enoproxysocket ->	
-			    send_cmd(Port, ?CLOSE, int32(Fd));
-			_ ->
-			    ok
-			    %% Must not close Fd since it is published
-		    end,
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-
-	%%
-	%% peername
-	%%
-	?GETPEERNAME_REP when byte_size(Bin) >= 5 ->
-	    {Fd, LPort, IPString} = decode_msg(Bin, [int32, int16, string]),
-	    debug(St, "getpeername_rep: fd = ~w, "
-		  "sport = ~w, ip = ~p~n", [Fd, LPort, IPString]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {ok, {IPString, LPort}}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	?GETPEERNAME_ERR when byte_size(Bin) >= 5 ->
-	    {Fd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "getpeername_err: fd = ~w, "
-		  "reason = ~w~n", [Fd, Reason]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-
-	%%
-	%% ioctl
-	%%
-	?IOCTL_OK when byte_size(Bin) >= 5 ->
-	    Fd = decode_msg(Bin, [int32]),
-	    debug(St, "ioctl_ok: fd = ~w~n",
-		  [Fd]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, ok),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	?IOCTL_ERR when byte_size(Bin) >= 5 ->
-	    {Fd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "ioctl_err: fd = ~w, "
-		  "reason = ~w~n", [Fd, Reason]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-
-	%%
-	%% sockname
-	%%
-	?GETSOCKNAME_REP when byte_size(Bin) >= 5 ->
-	    {Fd, LPort, IPString} = decode_msg(Bin, [int32, int16, string]),
-	    debug(St, "getsockname_rep: fd = ~w, "
-		  "sport = ~w, ip = ~p~n", [Fd, LPort, IPString]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {ok, {IPString, LPort}}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	?GETSOCKNAME_ERR when byte_size(Bin) >= 5 ->
-	    {Fd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "getsockname_err: fd = ~w, "
-		  "reason = ~w~n", [Fd, Reason]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-
-	%%
-	%% peercert
-	%%
-	?GETPEERCERT_REP when byte_size(Bin) >= 5 ->
-	    {Fd, Cert} = decode_msg(Bin, [int32, bin]),
-	    debug(St, "getpeercert_rep: fd = ~w~n", [Fd]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {ok, Cert}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end;
-	?GETPEERCERT_ERR when byte_size(Bin) >= 5 ->
-	    {Fd, Reason} = decode_msg(Bin, [int32, atom]),
-	    debug(St, "getpeercert_err: fd = ~w, reason = ~w~n", 
-		  [Fd, Reason]),
-	    case replace_from_by_fd(Fd, StCons, []) of
-		{ok, {_, _, From}, Cons} ->
-		    gen_server:reply(From, {error, Reason}),
-		    {noreply, St#st{cons = Cons}};
-		_Other ->
-		    %% Already closed
-		    {noreply, St}
-	    end
-    end;
-
-%%
-%% EXIT
-%%
-handle_info({'EXIT', Pid, Reason}, St) when is_pid(Pid) ->
-    debug(St, "exit pid = ~w, "
-	  "reason = ~w~n", [Pid, Reason]),
-    case delete_by_pid(Pid, St#st.cons) of
-	{ok, {{intref, _}, Pid, _}, Cons} ->
-	    {noreply, St#st{cons = Cons}};
-	{ok, {Fd, Pid, _}, Cons} ->
-	    send_cmd(St#st.port, ?CLOSE, int32(Fd)), 
-	    %% If Fd is a listen socket fd, there might be pending
-	    %% accepts for that fd.
-	    case delete_all_by_fd(Fd, St#st.paccepts) of
-		{ok, DelAccepts, RemAccepts} ->
-		    %% Reply {error, closed} to all pending accepts.
-		    lists:foreach(fun({_, _, From}) ->
-					  gen_server:reply(From, 
-							   {error, closed}) 
-				  end, DelAccepts),
-		    {noreply, 
-		     St#st{cons = Cons, paccepts = RemAccepts}};
-		_ ->
-		    {noreply, St#st{cons = Cons}}
-	    end;
-	_ ->
-	    case delete_by_pid(Pid, St#st.paccepts) of
-		{ok, {ListenFd, _, _}, PAccepts} ->
-		    %% decrement ref count in port program
-		    send_cmd(St#st.port, ?NOACCEPT, int32(ListenFd)),
-		    {noreply, St#st{paccepts = PAccepts}};
-		_ ->
-		    {noreply, St}
-	    end
-    end;
-
-%%
-%% 'badsig' means bad message to port. Port program is unaffected.
-%%
-handle_info({'EXIT', Port, badsig}, #st{port = Port} = St) ->
-    debug(St, "badsig!!!~n", []),
-    {noreply, St};
-
-handle_info({'EXIT', Port, Reason}, #st{port = Port} = St) ->
-    {stop, Reason, St};
-
-handle_info(Info, St) ->
-    debug(St, "unexpected info: ~w~n", [Info]),
-    {noreply, St}.
-
-%%
-%% terminate(Reason, St) -> any
-%%
-terminate(_Reason, _St) ->
-    ok.
-
-%% 
-%% code_change(OldVsn, St, Extra) -> {ok, NSt}
-%%
-code_change(_OldVsn, St, _Extra) ->
-    {ok, St}.
-
-%%%----------------------------------------------------------------------
-%%% Internal functions
-%%%----------------------------------------------------------------------
-
-%%
-%% Send binary command to sock
-%%
-send_cmd(Port, Cmd, Args) ->
-    Port ! {self(), {command, [Cmd| Args]}}.
-
-%%
-%% add(Descr, Cons) -> NCons
-%%
-add(D, L) -> 
-    [D| L].
-
-%%
-%% get_by_fd(Fd, Cons) -> {ok, Descr} | not_found
-%%
-get_by_fd(Fd, Cons) ->
-    get_by_pos(Fd, 1, Cons).
-
-%%
-%% delete_by_fd(Fd, Cons) -> {ok, OldDesc, NewCons} | not_found.
-%%
-delete_by_fd(Fd, Cons) ->
-    delete_by_pos(Fd, 1, Cons).
-
-%%
-%% delete_all_by_fd(Fd, Cons) -> {ok, DelCons, RemCons} | not_found.
-%%
-delete_all_by_fd(Fd, Cons) ->
-    delete_all_by_pos(Fd, 1, Cons).
-
-%%
-%% delete_by_intref(IntRef, Cons) -> {ok, OldDesc, NewCons} | not_found.
-%%
-delete_by_intref(IntRef, Cons) ->
-    delete_by_pos({intref, IntRef}, 1, Cons).
-
-%%
-%% delete_by_pid(Pid, Cons) -> {ok, OldDesc, NewCons} | not_found.
-%%
-delete_by_pid(Pid, Cons) ->
-    delete_by_pos(Pid, 2, Cons).
-
-%%
-%% delete_last_by_fd(Fd, Cons) -> {ok, OldDesc, NCons} | not_found
-%%
-delete_last_by_fd(Fd, Cons) ->
-    case dlbf(Fd, Cons) of 
-	{X, L} ->
-	    {ok, X, L};
-	_Other  ->
-	    not_found
-    end.
-
-dlbf(Fd, [H]) -> 
-    last_elem(Fd, H, []);
-dlbf(Fd, [H|T]) ->
-    case dlbf(Fd, T) of
-	{X, L} -> 
-	    {X, [H|L]};
-	L -> 
-	    last_elem(Fd, H, L)
-    end;
-dlbf(_Fd, []) ->  
-    [].
-
-last_elem(Fd, H, L) when element(1, H) == Fd ->
-    {H, L};
-last_elem(_, H, L) ->
-    [H|L].
-
-
-%%
-%% replace_from_by_fd(Fd, Cons, From) -> {ok, OldDesc, NewList} | not_found
-%%
-replace_from_by_fd(Fd, Cons, From) ->
-    replace_posn_by_pos(Fd, 1, Cons, [{From, 3}]).
-
-%%
-%% replace_fd_by_intref(IntRef, Cons, Fd) -> {ok, OldDesc, NewList} | not_f.
-%%
-replace_fd_by_intref(IntRef, Cons, Fd) ->
-    replace_posn_by_pos({intref, IntRef}, 1, Cons, [{Fd, 1}]).
-
-%%
-%% replace_fd_from_by_intref(IntRef, Cons, NFd, From) -> 
-%%					{ok, OldDesc, NewList} |  not_found
-%%
-replace_fd_from_by_intref(IntRef, Cons, NFd, From) ->
-    replace_posn_by_pos({intref, IntRef}, 1, Cons, [{NFd, 1}, {From, 3}]).
-
-
-%%
-%% All *_by_pos functions
-%%
-
-get_by_pos(Key, Pos, [H|_]) when element(Pos, H) == Key -> 
-    {ok, H};
-get_by_pos(Key, Pos, [_|T]) -> 
-    get_by_pos(Key, Pos, T);
-get_by_pos(_, _, []) -> 
-    not_found.
-
-delete_by_pos(Key, Pos, Cons) ->
-    case delete_by_pos1(Key, Pos, {not_found, Cons}) of
-	{not_found, _} ->
-	    not_found;
-	{ODesc, NCons} ->
-	    {ok, ODesc, NCons}
-    end.
-delete_by_pos1(Key, Pos, {_R, [H|T]}) when element(Pos, H) == Key ->
-    {H, T};
-delete_by_pos1(Key, Pos, {R, [H|T]}) ->
-    {R0, T0} = delete_by_pos1(Key, Pos, {R, T}),
-    {R0, [H| T0]};
-delete_by_pos1(_, _, {R, []}) ->
-    {R, []}.
-
-delete_all_by_pos(Key, Pos, Cons) ->
-    case lists:foldl(fun(H, {Ds, Rs}) when element(Pos, H) == Key ->
-			     {[H|Ds], Rs};
-			(H, {Ds, Rs}) ->
-			     {Ds, [H|Rs]} 
-		     end, {[], []}, Cons) of
-	{[], _} ->
-	    not_found;
-	{DelCons, RemCons} ->
-	    {ok, DelCons, RemCons}
-    end.
-
-replace_posn_by_pos(Key, Pos, Cons, Repls) ->
-    replace_posn_by_pos1(Key, Pos, Cons, Repls, []).
-
-replace_posn_by_pos1(Key, Pos, [H0| T], Repls, Acc)
-  when element(Pos, H0) =:= Key ->
-    H = lists:foldl(fun({Val, VPos}, Tuple) -> 
-			    setelement(VPos, Tuple, Val) 
-		    end, H0, Repls), 
-    {ok, H0, lists:reverse(Acc, [H| T])};
-replace_posn_by_pos1(Key, Pos, [H|T], Repls, Acc) ->
-    replace_posn_by_pos1(Key, Pos, T, Repls, [H| Acc]);
-replace_posn_by_pos1(_, _, [], _, _) ->
-    not_found.
-
-%%
-%% Binary/integer conversions
-%%
-int16(I) ->
-    %%[(I bsr 8) band 255, I band 255].
-    <<I:16>>.
-
-int32(I) -> 
-    %%     [(I bsr 24) band 255,
-    %%      (I bsr 16) band 255,
-    %%      (I bsr  8) band 255,
-    %%      I band 255].
-    <<I:32>>.
-
-%% decode_msg(Bin, Format) -> Tuple | integer() | atom() | string() | 
-%%				list of binaries()
-%%
-%% Decode message from binary
-%% Format = [spec()]
-%% spec() = int16 | int32 | string | atom | bin | bins
-%%
-%% Notice:  The first byte (op code) of the binary message is removed.
-%% Notice:  bins returns a *list* of binaries. 
-%%  
-decode_msg(<<_, Bin/binary>>, Format) ->
-    Dec = dec(Format, Bin),
-    case Dec of
-	[Dec1] -> Dec1;
-	_  -> list_to_tuple(Dec)
-    end.
-
-dec([], _) ->
-    [];
-dec([int16| F], <<N:16, Bin/binary>>) ->
-    [N| dec(F, Bin)];
-dec([int32| F], <<N:32, Bin/binary>>) ->
-    [N| dec(F, Bin)];
-dec([string| F], Bin0) ->
-    {Cs, Bin1} = dec_string(Bin0),
-    [Cs| dec(F, Bin1)];
-dec([atom|F], Bin0) ->
-    {Cs, Bin1} = dec_string(Bin0),
-    [list_to_atom(Cs)| dec(F, Bin1)];
-
-dec([bin|F], Bin) ->
-    {Bin1, Bin2} = dec_bin(Bin),
-    [Bin1| dec(F, Bin2)].
-
-%% NOTE: This clause is not actually used yet.
-%% dec([bins|F], <<N:32, Bin0/binary>>) ->
-%%     {Bins, Bin1} = dec_bins(N, Bin0),
-%%     [Bins| dec(F, Bin1)].
-
-dec_string(Bin) ->
-    dec_string(Bin, []).
-
-dec_string(<<0, Bin/binary>>, RCs) ->
-    {lists:reverse(RCs), Bin};
-dec_string(<<C, Bin/binary>>, RCs) ->
-    dec_string(Bin, [C| RCs]).
-
-dec_bin(<<L:32, Bin0/binary>>) ->
-    <<Bin1:L/binary, Bin2/binary>> = Bin0,
-    {Bin1, Bin2}.
-
-%% dec_bins(N, Bin) ->
-%%     dec_bins(N, Bin, []).
-
-%% dec_bins(0, Bin, Acc) ->
-%%     {lists:reverse(Acc), Bin};
-%% dec_bins(N, Bin0, Acc) when N > 0 ->
-%%     {Bin1, Bin2} = dec_bin(Bin0),
-%%     dec_bins(N - 1, Bin2, [Bin1| Acc]).
-
-%%
-%% new_intref
-%%
-new_intref(St) ->
-    (St#st.intref + 1) band 16#ffffffff.
-
-%%
-%% {Program, Flags} = mk_cmd_line(DefaultProgram)
-%%
-mk_cmd_line(Default) ->
-    {port_program(Default), 
-     lists:flatten([debug_flag(), " ", debug_port_flag(), " ",
-		    debugdir_flag(), " ", 
-		    msgdebug_flag(), " ", proxylsport_flag(), " ", 
-		    proxybacklog_flag(), " ", ephemeral_rsa_flag(), " ",
-		    ephemeral_dh_flag(), " ",
-		    protocol_version_flag(), " "])}.
-
-port_program(Default) ->
-    case application:get_env(ssl, port_program) of
-	{ok, Program} when is_list(Program) ->
-	    Program;
-	_Other ->
-	    Default
-    end.
-
-%%
-%% As this server may be started by the distribution, it is not safe to assume 
-%% a working code server, neither a working file server.
-%% I try to utilize the most primitive interfaces available to determine
-%% the directory of the port_program.
-%%
-find_priv_bin() ->
-    PrivDir = case (catch code:priv_dir(ssl)) of
-		  {'EXIT', _} ->
-		      %% Code server probably not startet yet
-		      {ok, P} = erl_prim_loader:get_path(),
-		      ModuleFile = atom_to_list(?MODULE) ++ extension(),
-		      Pd = (catch lists:foldl
-			    (fun(X,Acc) ->
-				     M = filename:join([X, ModuleFile]),
-				     %% The file server probably not started
-				     %% either, has to use raw interface.
-				     case file:raw_read_file_info(M) of 
-					 {ok,_} -> 
-					     %% Found our own module in the
-					     %% path, lets bail out with
-					     %% the priv_dir of this directory
-					     Y = filename:split(X),
-					     throw(filename:join
-						   (lists:sublist
-						    (Y,length(Y) - 1) 
-						    ++ ["priv"])); 
-					 _ -> 
-					     Acc 
-				     end 
-			     end,
-			     false,P)),
-		      case Pd of
-			  false ->
-			      exit(ssl_priv_dir_indeterminate);
-			  _ ->
-			      Pd
-		      end;
-		  Dir ->
-		      Dir
-	      end,
-    filename:join([PrivDir, "bin"]).
-
-extension() ->
-    %% erlang:info(machine) returns machine name as text in all uppercase
-    "." ++ string:to_lower(erlang:system_info(machine)).
-
-debug_flag() ->
-    case os:getenv("ERL_SSL_DEBUG") of
-	false ->
-	    get_env(debug, "-d");
-	_ ->
-	    "-d"
-    end.
-
-debug_port_flag() ->
-    case os:getenv("ERL_SSL_DEBUGPORT") of
-	false ->
-	    get_env(debug, "-d");
-	_ ->
-	    "-d"
-    end.
-
-msgdebug_flag() ->
-    case os:getenv("ERL_SSL_MSGDEBUG") of
-	false ->
-	    get_env(msgdebug, "-dm");
-	_  ->
-	    "-dm"
-    end.
-
-proxylsport_flag() ->
-    case application:get_env(ssl, proxylsport) of
-	{ok, PortNum} ->
-	    "-pp " ++ integer_to_list(PortNum);
-	_Other ->
-	    ""
-    end.
-
-proxybacklog_flag() ->
-    case application:get_env(ssl, proxylsbacklog) of
-	{ok, Size} ->
-	    "-pb " ++ integer_to_list(Size);
-	_Other ->
-	    ""
-    end.
-
-debugdir_flag() ->
-    case os:getenv("ERL_SSL_DEBUG") of
-	false ->
-	    case application:get_env(ssl, debugdir) of
-		{ok, Dir} when is_list(Dir) ->
-		    "-dd " ++ Dir;
-		_Other ->
-		    ""
-	    end;
-	_  ->
-	    "-dd ./"
-    end.
-    
-ephemeral_rsa_flag() ->
-    case application:get_env(ssl, ephemeral_rsa) of
-	{ok, true} ->
-	    "-ersa ";
-	_Other ->
-	    ""
-    end.
-
-ephemeral_dh_flag() ->
-    case application:get_env(ssl, ephemeral_dh) of
-	{ok, true} ->
-	    "-edh ";
-	_Other ->
-	    ""
-    end.
-
-protocol_version_flag() ->
-    case application:get_env(ssl, protocol_version) of
-	{ok, []} ->
-	    "";
-	{ok, Vsns} when is_list(Vsns) ->
-	    case transform_vsns(Vsns) of
-		N when (N > 0) ->
-		    "-pv " ++ integer_to_list(N);
-		_ ->
-		    ""
-	    end;
-	_Other ->
-	    ""
-    end.
-
-transform_vsns(Vsns) ->
-    transform_vsns(Vsns, 0).
-
-transform_vsns([sslv2| Vsns], I) ->
-    transform_vsns(Vsns, I bor ?SSLv2);
-transform_vsns([sslv3| Vsns], I) ->
-    transform_vsns(Vsns, I bor ?SSLv3);
-transform_vsns([tlsv1| Vsns], I) ->
-    transform_vsns(Vsns, I bor ?TLSv1);
-transform_vsns([_ | Vsns], I) ->
-    transform_vsns(Vsns, I);
-transform_vsns([], I) ->
-    I.
-
-protocol_name("SSLv2") -> sslv2;
-protocol_name("SSLv3") -> sslv3;
-protocol_name("TLSv1") -> tlsv1.
-
-get_env(Key, Val) ->
-    case application:get_env(ssl, Key) of
-	{ok, true} ->
-	    Val;
-	_Other ->
-	    ""
-    end.
-
-ip_to_string({A,B,C,D}) ->
-    [integer_to_list(A),$.,integer_to_list(B),$.,
-     integer_to_list(C),$.,integer_to_list(D)].
-
-debug(St, Format, Args) ->
-    debug1(St#st.debug, Format, Args).
-
-debug1(true, Format0, Args) ->
-    {_MS, S, MiS} = erlang:now(),
-    Secs = S rem 100, 
-    MiSecs = MiS div 1000,
-    Format = "++++ ~3..0w:~3..0w ssl_server (~w): " ++ Format0, 
-    io:format(Format, [Secs, MiSecs, self()| Args]);
-debug1(_, _, _) ->
-    ok.
diff --git a/lib/ssl/src/ssl_session.erl b/lib/ssl/src/ssl_session.erl
index bf738649f6..df5d7e0146 100644
--- a/lib/ssl/src/ssl_session.erl
+++ b/lib/ssl/src/ssl_session.erl
@@ -103,9 +103,9 @@ select_session([], _, _) ->
 
 select_session(Sessions, #ssl_options{ciphers = Ciphers,
 				      reuse_sessions = ReuseSession}, OwnCert) ->
-    IsResumable = 
- 	fun(Session) -> 
- 		ReuseSession andalso (Session#session.is_resumable) andalso  
+    IsResumable =
+	fun(Session) ->
+		ReuseSession andalso resumable(Session#session.is_resumable) andalso
  		    lists:member(Session#session.cipher_suite, Ciphers)
 		    andalso (OwnCert == Session#session.own_certificate)
  	end,
@@ -147,10 +147,10 @@ is_resumable(SuggestedSessionId, Port, ReuseEnabled, ReuseFun, Cache,
 	#session{cipher_suite = CipherSuite,
 		 own_certificate = SessionOwnCert,
 		 compression_method = Compression,
-		 is_resumable = Is_resumable,
+		 is_resumable = IsResumable,
 		 peer_certificate = PeerCert} = Session ->
 	    ReuseEnabled 
-		andalso Is_resumable  
+		andalso resumable(IsResumable)
 		andalso (OwnCert == SessionOwnCert)
 		andalso valid_session(Session, SecondLifeTime) 
 		andalso ReuseFun(SuggestedSessionId, PeerCert, 
@@ -158,3 +158,8 @@ is_resumable(SuggestedSessionId, Port, ReuseEnabled, ReuseFun, Cache,
 	undefined ->
 	    false
     end.
+
+resumable(new) ->
+    false;
+resumable(IsResumable) ->
+    IsResumable.
diff --git a/lib/ssl/src/ssl_session_cache.erl b/lib/ssl/src/ssl_session_cache.erl
index 93969f628f..f9bbf905e1 100644
--- a/lib/ssl/src/ssl_session_cache.erl
+++ b/lib/ssl/src/ssl_session_cache.erl
@@ -28,27 +28,19 @@
 -export([init/1, terminate/1, lookup/2, update/3, delete/2, foldl/3, 
 	 select_session/2]). 
 
--type key() :: {{host(), inet:port_number()}, session_id()} |  {inet:port_number(), session_id()}.
-
 %%--------------------------------------------------------------------
--spec init(list()) -> db_handle(). %% Returns reference to the cache (opaque)
-%%
 %% Description: Return table reference. Called by ssl_manager process. 
 %%--------------------------------------------------------------------
 init(_) ->
     ets:new(cache_name(), [set, protected]).
 
 %%--------------------------------------------------------------------
--spec terminate(db_handle()) -> any().
-%%
 %% Description: Handles cache table at termination of ssl manager. 
 %%--------------------------------------------------------------------
 terminate(Cache) ->
     ets:delete(Cache).
 
 %%--------------------------------------------------------------------
--spec lookup(db_handle(), key()) -> #session{} | undefined.
-%%
 %% Description: Looks up a cach entry. Should be callable from any
 %% process.
 %%--------------------------------------------------------------------
@@ -61,8 +53,6 @@ lookup(Cache, Key) ->
     end.
 
 %%--------------------------------------------------------------------
--spec update(db_handle(), key(), #session{}) -> any().
-%%
 %% Description: Caches a new session or updates a already cached one.
 %% Will only be called from the ssl_manager process.
 %%--------------------------------------------------------------------
@@ -70,8 +60,6 @@ update(Cache, Key, Session) ->
     ets:insert(Cache, {Key, Session}).
 
 %%--------------------------------------------------------------------
--spec delete(db_handle(), key()) -> any().
-%%
 %% Description: Delets a cache entry.
 %% Will only be called from the ssl_manager process.
 %%--------------------------------------------------------------------
@@ -79,8 +67,6 @@ delete(Cache, Key) ->
     ets:delete(Cache, Key).
 
 %%--------------------------------------------------------------------
--spec foldl(fun(), term(), db_handle()) -> term().
-%%
 %% Description: Calls Fun(Elem, AccIn) on successive elements of the
 %% cache, starting with AccIn == Acc0. Fun/2 must return a new
 %% accumulator which is passed to the next call. The function returns
@@ -91,8 +77,6 @@ foldl(Fun, Acc0, Cache) ->
     ets:foldl(Fun, Acc0, Cache).
   
 %%--------------------------------------------------------------------
--spec select_session(db_handle(), {host(), inet:port_number()} | inet:port_number()) -> [#session{}].
-%%
 %% Description: Selects a session that could be reused. Should be callable
 %% from any process.
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_session_cache_api.erl b/lib/ssl/src/ssl_session_cache_api.erl
index f8416bf327..f2b22b0f1b 100644
--- a/lib/ssl/src/ssl_session_cache_api.erl
+++ b/lib/ssl/src/ssl_session_cache_api.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,18 +20,15 @@
 %%
 
 -module(ssl_session_cache_api).
+-include("ssl_handshake.hrl").
+-include("ssl_internal.hrl").
 
--export([behaviour_info/1]).
+-type key() :: {{host(), inet:port_number()}, session_id()} |  {inet:port_number(), session_id()}.
 
-behaviour_info(callbacks) ->
-    [
-     {init, 1}, 
-     {terminate, 1}, 
-     {lookup, 2}, 
-     {update, 3}, 
-     {delete, 2}, 
-     {foldl, 3},
-     {select_session, 2}
-    ];
-behaviour_info(_) ->
-    undefined.
+-callback init(list()) -> db_handle().
+-callback terminate(db_handle()) -> any().
+-callback lookup(db_handle(), key()) -> #session{} | undefined.
+-callback update(db_handle(), key(), #session{}) -> any().
+-callback delete(db_handle(), key()) -> any().
+-callback foldl(fun(), term(), db_handle()) -> term().
+-callback select_session(db_handle(), {host(), inet:port_number()} | inet:port_number()) -> [#session{}].
diff --git a/lib/ssl/src/ssl_sup.erl b/lib/ssl/src/ssl_sup.erl
index 316ed8a4e9..59039a6e0a 100644
--- a/lib/ssl/src/ssl_sup.erl
+++ b/lib/ssl/src/ssl_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1998-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,7 +24,7 @@
 -behaviour(supervisor).
 
 %% API
--export([start_link/0]).
+-export([start_link/0, manager_opts/0]).
 
 %% Supervisor callback
 -export([init/1]).
@@ -41,7 +41,6 @@ start_link() ->
 %%%=========================================================================
 %%%  Supervisor callback
 %%%=========================================================================
--spec init([]) -> {ok,  {SupFlags :: tuple(),  [ChildSpec :: tuple()]}}.
 
 init([]) ->    
     %% OLD ssl - moved start to ssl.erl only if old
@@ -51,17 +50,32 @@ init([]) ->
 
     %% Does not start any port programs so it does matter
     %% so much if it is not used!
-    Child2 = {ssl_broker_sup, {ssl_broker_sup, start_link, []},
-	      permanent, 2000, supervisor, [ssl_broker_sup]},
+    %% Child2 = {ssl_broker_sup, {ssl_broker_sup, start_link, []},
+    %% 	      permanent, 2000, supervisor, [ssl_broker_sup]},
 
 
     %% New ssl
     SessionCertManager = session_and_cert_manager_child_spec(),
     ConnetionManager = connection_manager_child_spec(),
 
-    {ok, {{one_for_all, 10, 3600}, [Child2, SessionCertManager,
-				    ConnetionManager]}}.
+    {ok, {{one_for_all, 10, 3600}, [SessionCertManager, ConnetionManager]}}.
 
+
+manager_opts() ->
+    CbOpts = case application:get_env(ssl, session_cb) of
+		 {ok, Cb} when is_atom(Cb) ->
+		     InitArgs = session_cb_init_args(),
+		     [{session_cb, Cb}, {session_cb_init_args, InitArgs}];
+		 _  ->
+		     []
+	     end,
+    case application:get_env(ssl, session_lifetime) of
+	{ok, Time} when is_integer(Time) ->
+	    [{session_lifetime, Time}| CbOpts];
+	_  ->
+	    CbOpts
+    end.
+    
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -86,21 +100,6 @@ connection_manager_child_spec() ->
     {Name, StartFunc, Restart, Shutdown, Type, Modules}.
 
 
-manager_opts() ->
-    CbOpts = case application:get_env(ssl, session_cb) of
-		 {ok, Cb} when is_atom(Cb) ->
-		     InitArgs = session_cb_init_args(),
-		     [{session_cb, Cb}, {session_cb_init_args, InitArgs}];
-		 _  ->
-		     []
-	     end,
-    case application:get_env(ssl, session_lifetime) of
-	{ok, Time} when is_integer(Time) ->
-	    [{session_lifetime, Time}| CbOpts];
-	_  ->
-	    CbOpts
-    end.
-    
 session_cb_init_args() ->
     case application:get_env(ssl, session_cb_init_args) of
 	{ok, Args} when is_list(Args) ->
diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl
new file mode 100644
index 0000000000..d63eada571
--- /dev/null
+++ b/lib/ssl/src/ssl_tls_dist_proxy.erl
@@ -0,0 +1,325 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(ssl_tls_dist_proxy).
+
+
+-export([listen/1, accept/1, connect/2, get_remote_id/2]).
+-export([init/1, start_link/0, handle_call/3, handle_cast/2, handle_info/2, 
+	 terminate/2, code_change/3, ssl_options/2]).
+
+-include_lib("kernel/include/net_address.hrl").
+
+-record(state, 
+	{listen,
+	 accept_loop
+	}).
+
+-define(PPRE, 4).
+-define(PPOST, 4).
+
+
+%%====================================================================
+%% Internal application API
+%%====================================================================
+
+listen(Name) ->
+    gen_server:call(?MODULE, {listen, Name}, infinity). 
+
+accept(Listen) ->
+    gen_server:call(?MODULE, {accept, Listen}, infinity).
+
+connect(Ip, Port) ->
+    gen_server:call(?MODULE, {connect, Ip, Port}, infinity).
+
+get_remote_id(Socket, Node) ->
+    gen_server:call(?MODULE, {get_remote_id, {Socket,Node}}, infinity).
+
+%%====================================================================
+%% gen_server callbacks
+%%====================================================================
+
+start_link() ->
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+init([]) ->
+    process_flag(priority, max),
+    {ok, #state{}}.
+
+handle_call({listen, Name}, _From, State) ->
+    case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of
+	{ok, Socket} ->
+	    {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]),
+	    TcpAddress = get_tcp_address(Socket),
+	    WorldTcpAddress = get_tcp_address(World),
+	    {_,Port} = WorldTcpAddress#net_address.address,
+	    {ok, Creation} = erl_epmd:register_node(Name, Port),
+	    {reply, {ok, {Socket, TcpAddress, Creation}},
+	     State#state{listen={Socket, World}}};
+	Error ->
+	    {reply, Error, State}
+    end;
+
+handle_call({accept, Listen}, {From, _}, State = #state{listen={_, World}}) ->
+    Self = self(),
+    ErtsPid = spawn_link(fun() -> accept_loop(Self, erts, Listen, From) end),
+    WorldPid = spawn_link(fun() -> accept_loop(Self, world, World, Listen) end),
+    {reply, ErtsPid, State#state{accept_loop={ErtsPid, WorldPid}}};
+
+handle_call({connect, Ip, Port}, {From, _}, State) ->
+    Me = self(),
+    Pid = spawn_link(fun() -> setup_proxy(Ip, Port, Me) end),
+    receive 
+	{Pid, go_ahead, LPort} -> 
+	    Res = {ok, Socket} = try_connect(LPort),
+	    ok = gen_tcp:controlling_process(Socket, From),
+	    flush_old_controller(From, Socket),
+	    {reply, Res, State};
+	{Pid, Error} ->
+	    {reply, Error, State}
+    end;
+
+handle_call({get_remote_id, {Socket,_Node}}, _From, State) ->
+    Address = get_tcp_address(Socket),
+    {reply, Address, State};
+
+handle_call(_What, _From, State) ->
+    {reply, ok, State}.
+
+handle_cast(_What, State) ->
+    {noreply, State}.
+
+handle_info(_What, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _St) ->
+    ok.
+
+code_change(_OldVsn, St, _Extra) ->
+    {ok, St}.
+
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
+get_tcp_address(Socket) ->
+    {ok, Address} = inet:sockname(Socket),
+    {ok, Host} = inet:gethostname(),
+    #net_address{
+		  address = Address,
+		  host = Host,
+		  protocol = proxy,
+		  family = inet
+		}.
+
+accept_loop(Proxy, erts = Type, Listen, Extra) ->
+    process_flag(priority, max),
+    case gen_tcp:accept(Listen) of
+		{ok, Socket} ->
+		    Extra ! {accept,self(),Socket,inet,proxy},
+		    receive 
+			{_Kernel, controller, Pid} ->
+			    ok = gen_tcp:controlling_process(Socket, Pid),
+			    flush_old_controller(Pid, Socket),
+			    Pid ! {self(), controller};
+			{_Kernel, unsupported_protocol} ->
+			    exit(unsupported_protocol)
+		    end;
+		Error ->
+	    exit(Error)
+    end,
+    accept_loop(Proxy, Type, Listen, Extra);
+
+accept_loop(Proxy, world = Type, Listen, Extra) ->
+    process_flag(priority, max),
+    case gen_tcp:accept(Listen) of
+	{ok, Socket} ->
+	    Opts = get_ssl_options(server),
+	    case ssl:ssl_accept(Socket, Opts) of
+		{ok, SslSocket} ->
+		    PairHandler =
+			spawn_link(fun() ->
+					   setup_connection(SslSocket, Extra)
+				   end),
+		    ok = ssl:controlling_process(SslSocket, PairHandler),
+		    flush_old_controller(PairHandler, SslSocket);
+		_ ->
+		    gen_tcp:close(Socket)
+	    end;
+	Error ->
+	    exit(Error)
+    end,
+    accept_loop(Proxy, Type, Listen, Extra).
+
+try_connect(Port) ->
+    case gen_tcp:connect({127,0,0,1}, Port, [{active, false}, {packet,?PPRE}]) of
+	R = {ok, _S} ->
+	    R;
+	{error, _R} ->
+	    try_connect(Port)
+    end.
+
+setup_proxy(Ip, Port, Parent) ->
+    process_flag(trap_exit, true),
+    Opts = get_ssl_options(client),
+    case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of
+	{ok, World} ->
+	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,?PPRE}]),
+	    #net_address{address={_,LPort}} = get_tcp_address(ErtsL),
+	    Parent ! {self(), go_ahead, LPort},
+	    case gen_tcp:accept(ErtsL) of
+		{ok, Erts} ->
+		    %% gen_tcp:close(ErtsL),
+		    loop_conn_setup(World, Erts);
+		Err ->
+		    Parent ! {self(), Err}
+	    end;
+	Err ->
+	    Parent ! {self(), Err}
+    end.
+
+setup_connection(World, ErtsListen) ->
+    process_flag(trap_exit, true),
+    TcpAddress = get_tcp_address(ErtsListen),
+    {_Addr,Port} = TcpAddress#net_address.address,
+    {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,?PPRE}]),
+    ssl:setopts(World, [{active,true}, {packet,?PPRE}]),
+    loop_conn_setup(World, Erts).
+
+loop_conn_setup(World, Erts) ->
+    receive 
+	{ssl, World, Data = <<$a, _/binary>>} ->
+	    gen_tcp:send(Erts, Data),
+	    ssl:setopts(World, [{packet,?PPOST}]),
+	    inet:setopts(Erts, [{packet,?PPOST}]),
+	    loop_conn(World, Erts);
+	{tcp, Erts, Data = <<$a, _/binary>>} ->
+	    ssl:send(World, Data),
+	    ssl:setopts(World, [{packet,?PPOST}]),
+	    inet:setopts(Erts, [{packet,?PPOST}]),
+	    loop_conn(World, Erts);
+	{ssl, World, Data = <<_, _/binary>>} ->
+	    gen_tcp:send(Erts, Data),
+	    loop_conn_setup(World, Erts);
+	{tcp, Erts, Data = <<_, _/binary>>} ->
+	    ssl:send(World, Data),
+	    loop_conn_setup(World, Erts);
+	{ssl, World, Data} ->
+	    gen_tcp:send(Erts, Data),
+	    loop_conn_setup(World, Erts);
+	{tcp, Erts, Data} ->
+	    ssl:send(World, Data),
+	    loop_conn_setup(World, Erts)
+    end.
+
+loop_conn(World, Erts) ->
+    receive 
+	{ssl, World, Data} ->
+	    gen_tcp:send(Erts, Data),
+	    loop_conn(World, Erts);
+	{tcp, Erts, Data} ->
+	    ssl:send(World, Data),
+	    loop_conn(World, Erts);
+	{tcp_closed, Erts} ->
+	    ssl:close(World);
+	{ssl_closed,  World} ->
+	    gen_tcp:close(Erts)
+	end.
+
+get_ssl_options(Type) ->
+    case init:get_argument(ssl_dist_opt) of
+	{ok, Args} ->
+	    [{erl_dist, true} | ssl_options(Type, lists:append(Args))];
+	_ ->
+	    [{erl_dist, true}]
+    end.
+
+ssl_options(_,[]) ->
+    [];
+ssl_options(server, ["client_" ++ _, _Value |T]) ->
+     ssl_options(server,T);
+ssl_options(client, ["server_" ++ _, _Value|T]) ->
+    ssl_options(client,T);
+ssl_options(server, ["server_certfile", Value|T]) ->
+    [{certfile, Value} | ssl_options(server,T)];
+ssl_options(client, ["client_certfile", Value | T]) ->
+    [{certfile, Value} | ssl_options(client,T)];
+ssl_options(server, ["server_cacertfile", Value|T]) ->
+    [{cacertfile, Value} | ssl_options(server,T)];
+ssl_options(client, ["client_cacertfile", Value|T]) ->
+     [{cacertfile, Value} | ssl_options(client,T)];
+ssl_options(server, ["server_keyfile", Value|T]) ->
+    [{keyfile, Value} | ssl_options(server,T)];
+ssl_options(client, ["client_keyfile", Value|T]) ->
+    [{keyfile, Value} | ssl_options(client,T)];
+ssl_options(server, ["server_password", Value|T]) ->
+    [{password, Value} | ssl_options(server,T)];
+ssl_options(client, ["client_password", Value|T]) ->
+    [{password, Value} | ssl_options(client,T)];
+ssl_options(server, ["server_verify", Value|T]) ->
+    [{verify, atomize(Value)} | ssl_options(server,T)];
+ssl_options(client, ["client_verify", Value|T]) ->
+     [{verify, atomize(Value)} | ssl_options(client,T)];
+ssl_options(server, ["server_reuse_sessions", Value|T]) ->
+    [{reuse_sessions, atomize(Value)} | ssl_options(server,T)];
+ssl_options(client, ["client_reuse_sessions", Value|T]) ->
+    [{reuse_sessions, atomize(Value)} | ssl_options(client,T)];
+ssl_options(server, ["server_secure_renegotiate", Value|T]) ->
+    [{secure_renegotiate, atomize(Value)} | ssl_options(server,T)];
+ssl_options(client, ["client_secure_renegotiate", Value|T]) ->
+    [{secure_renegotiate, atomize(Value)} | ssl_options(client,T)];
+ssl_options(server, ["server_depth", Value|T]) ->
+    [{depth, list_to_integer(Value)} | ssl_options(server,T)];
+ssl_options(client, ["client_depth", Value|T]) ->
+    [{depth, list_to_integer(Value)} | ssl_options(client,T)];
+ssl_options(server, ["server_hibernate_after", Value|T]) ->
+    [{hibernate_after, list_to_integer(Value)} | ssl_options(server,T)];
+ssl_options(client, ["client_hibernate_after", Value|T]) ->
+    [{hibernate_after, list_to_integer(Value)} | ssl_options(client,T)];
+ssl_options(server, ["server_ciphers", Value|T]) ->
+     [{ciphers, Value} | ssl_options(server,T)];
+ssl_options(client, ["client_ciphers", Value|T]) ->
+    [{ciphers, Value} | ssl_options(client,T)];
+ssl_options(server, ["server_dhfile", Value|T]) ->
+     [{dhfile, Value} | ssl_options(server,T)];
+ssl_options(server, ["server_fail_if_no_peer_cert", Value|T]) ->
+    [{fail_if_no_peer_cert, atomize(Value)} | ssl_options(server,T)];
+ssl_options(_,_) ->
+    exit(malformed_ssl_dist_opt).
+
+atomize(List) when is_list(List) ->
+    list_to_atom(List);
+atomize(Atom) when is_atom(Atom) ->
+    Atom.
+
+flush_old_controller(Pid, Socket) ->
+    receive
+	{tcp, Socket, Data} ->
+	    Pid ! {tcp, Socket, Data},
+	    flush_old_controller(Pid, Socket);
+	{tcp_closed, Socket} ->
+	    Pid ! {tcp_closed, Socket},
+	    flush_old_controller(Pid, Socket);
+	{ssl, Socket, Data} ->
+	    Pid ! {ssl, Socket, Data},
+	    flush_old_controller(Pid, Socket);
+	{ssl_closed, Socket} ->
+	    Pid ! {ssl_closed, Socket},
+	    flush_old_controller(Pid, Socket)
+    after 0 ->
+	    ok
+    end.
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile
index 922abea41b..6b1da63d08 100644
--- a/lib/ssl/test/Makefile
+++ b/lib/ssl/test/Makefile
@@ -39,32 +39,24 @@ MODULES = \
 	ssl_basic_SUITE \
 	ssl_handshake_SUITE \
 	ssl_packet_SUITE \
+	ssl_cipher_SUITE \
 	ssl_payload_SUITE \
 	ssl_to_openssl_SUITE \
 	ssl_session_cache_SUITE	\
-	ssl_test_MACHINE \
-	old_ssl_active_SUITE \
-	old_ssl_active_once_SUITE \
-	old_ssl_passive_SUITE \
-	old_ssl_verify_SUITE \
-	old_ssl_peer_cert_SUITE \
-	old_ssl_misc_SUITE \
-	old_ssl_protocol_SUITE \
-	old_transport_accept_SUITE \
-	old_ssl_dist_SUITE \
+	ssl_dist_SUITE \
 	make_certs\
 	erl_make_certs
 
 
 ERL_FILES = $(MODULES:%=%.erl)
 
-HRL_FILES = ssl_test_MACHINE.hrl 
+HRL_FILES =
 
 HRL_FILES_SRC = \
-	ssl_int.hrl \
 	ssl_internal.hrl\
 	ssl_alert.hrl \
 	ssl_handshake.hrl \
+	ssl_cipher.hrl \
 	ssl_record.hrl
 
 HRL_FILES_INC = 
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index 8b01ca3ad4..254aa6d2f9 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) ->
 issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
     {issuer_der(Issuer), decode_key(IssuerKey)};
 issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
     {issuer_der(Cert), decode_key(IssuerKey)}.
 
 issuer_der(Issuer) ->
@@ -185,7 +185,7 @@ issuer_der(Issuer) ->
     Subject.
 
 subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
+    User = if IsRootCA -> "RootCA"; true -> user() end,
     Opts = [{email, User ++ "@erlang.org"},
 	    {name, User},
 	    {city, "Stockholm"},
@@ -196,6 +196,14 @@ subject(undefined, IsRootCA) ->
 subject(Opts, _) ->
     subject(Opts).
 
+user() ->
+    case os:getenv("USER") of
+	false ->
+	    "test_user";
+	User ->
+	    User
+    end.
+
 subject(SubjectOpts) when is_list(SubjectOpts) ->
     Encode = fun(Opt) ->
 		     {Type,Value} = subject_enc(Opt),
diff --git a/lib/ssl/test/old_ssl_active_SUITE.erl b/lib/ssl/test/old_ssl_active_SUITE.erl
deleted file mode 100644
index 52ff0bcc5d..0000000000
--- a/lib/ssl/test/old_ssl_active_SUITE.erl
+++ /dev/null
@@ -1,395 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_active_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2,
-	 init_per_testcase/2,
-	 end_per_testcase/2,
-	 cinit_return_chkclose/1,
-	 sinit_return_chkclose/1,
-	 cinit_big_return_chkclose/1,
-	 sinit_big_return_chkclose/1,
-	 cinit_big_echo_chkclose/1,
-	 cinit_huge_echo_chkclose/1,
-	 sinit_big_echo_chkclose/1,
-	 cinit_few_echo_chkclose/1,
-	 cinit_many_echo_chkclose/1,
-	 cinit_cnocert/1
-	]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
-			   test_server_only/6]).
-
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(MANYCONNS, ssl_test_MACHINE:many_conns()).
-
-init_per_testcase(_Case, Config) ->
-    WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
-    [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
-    WatchDog = ?config(watchdog, Config),
-    test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [cinit_return_chkclose, sinit_return_chkclose,
-     cinit_big_return_chkclose, sinit_big_return_chkclose,
-     cinit_big_echo_chkclose, cinit_huge_echo_chkclose,
-     sinit_big_echo_chkclose, cinit_few_echo_chkclose,
-     cinit_many_echo_chkclose, cinit_cnocert].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-init_per_suite(doc) ->
-    "Want to se what Config contains, and record the number of available "
-	"file descriptors";
-init_per_suite(suite) ->
-    [];
-init_per_suite(Config) ->
-    io:format("Config: ~p~n", [Config]),
-    case os:type() of
-	{unix, _} ->
-	    ?line io:format("Max fd value: ~s", [os:cmd("ulimit -n")]);
-	_ ->
-	    ok
-    end, 
-    %% XXX Also record: Erlang/SSL version, version of OpenSSL, 
-    %% operating system, version of OTP, Erts, kernel and stdlib. 
-
-    %% Check if SSL exists. If this case fails, all other cases are skipped
-    case catch crypto:start() of
-	ok ->
-	    application:start(public_key),
-	    case ssl:start() of
-		ok -> ssl:stop();
-		{error, {already_started, _}} -> ssl:stop();
-		Error -> ?t:fail({failed_starting_ssl,Error})
-	    end,
-	    Config;
-	_Else ->
-	    {skip,"Could not start crypto!"}
-    end.
-
-end_per_suite(doc) ->
-    "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
-    [];
-end_per_suite(Config) ->
-    crypto:stop(),
-    Config.
-
-cinit_return_chkclose(doc) ->
-    "Client sends 1000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-cinit_return_chkclose(suite) ->
-    [];
-cinit_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-sinit_return_chkclose(doc) ->
-    "Server sends 1000 bytes to client, that receives them, sends them "
-	"back, and closes. Server waits for close. Both have certs.";
-sinit_return_chkclose(suite) ->
-    [];
-sinit_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, [{ssl_imp, old}|SsslOpts]},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize},
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, [{ssl_imp, old}|CsslOpts]},
-	     {connect, {Host, LPort}},
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-cinit_big_return_chkclose(doc) ->
-    "Client sends 50000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-cinit_big_return_chkclose(suite) ->
-    [];
-cinit_big_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-sinit_big_return_chkclose(doc) ->
-    "Server sends 50000 bytes to client, that receives them, sends them "
-	"back, and closes. Server waits for close. Both have certs.";
-sinit_big_return_chkclose(suite) ->
-    [];
-sinit_big_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-cinit_big_echo_chkclose(doc) ->
-    "Client sends 50000 bytes to server, that echoes them back "
-	"and closes. Client waits for close. Both have certs.";
-cinit_big_echo_chkclose(suite) ->
-    [];
-cinit_big_echo_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {echo, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-cinit_huge_echo_chkclose(doc) ->
-    "Client sends 500000 bytes to server, that echoes them back "
-	"and closes. Client waits for close. Both have certs.";
-cinit_huge_echo_chkclose(suite) ->
-    [];
-cinit_huge_echo_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 500000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {echo, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-sinit_big_echo_chkclose(doc) ->
-    "Server sends 50000 bytes to client, that echoes them back "
-	"and closes. Server waits for close. Both have certs.";
-sinit_big_echo_chkclose(suite) ->
-    [];
-sinit_big_echo_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {echo, DataSize},
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-
-%% This case is repeated several times.
-
-cinit_few_echo_chkclose(X) -> cinit_many_echo_chkclose(X, 7).
-
-cinit_many_echo_chkclose(X) -> cinit_many_echo_chkclose(X, ?MANYCONNS).
-
-cinit_many_echo_chkclose(doc, _NConns) ->
-    "N client sends 10000 bytes to server, that echoes them back "
-	"and closes. Clients wait for close. All have certs.";
-cinit_many_echo_chkclose(suite, _NConns) ->
-    [];
-cinit_many_echo_chkclose(Config, NConns) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 10000, LPort = 3456,
-    Timeout = 80000,
-
-    io:format("~w connections", [NConns]),
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {echo, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-
-cinit_cnocert(doc) ->
-    "Client sends 1000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Client has no cert, "
-	"but server has.";
-cinit_cnocert(suite) ->
-    [];
-cinit_cnocert(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3457,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {_CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE, 
-			    Config).
-
-
diff --git a/lib/ssl/test/old_ssl_active_once_SUITE.erl b/lib/ssl/test/old_ssl_active_once_SUITE.erl
deleted file mode 100644
index c7beadb301..0000000000
--- a/lib/ssl/test/old_ssl_active_once_SUITE.erl
+++ /dev/null
@@ -1,417 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_active_once_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2,
-	 init_per_testcase/2,
-	 end_per_testcase/2,
-	 server_accept_timeout/1,
-	 cinit_return_chkclose/1,
-	 sinit_return_chkclose/1,
-	 cinit_big_return_chkclose/1,
-	 sinit_big_return_chkclose/1,
-	 cinit_big_echo_chkclose/1,
-	 cinit_huge_echo_chkclose/1,
-	 sinit_big_echo_chkclose/1,
-	 cinit_few_echo_chkclose/1,
-	 cinit_many_echo_chkclose/1,
-	 cinit_cnocert/1
-	]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
-			   test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(MANYCONNS, ssl_test_MACHINE:many_conns()).
-
-init_per_testcase(_Case, Config) ->
-    WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
-    [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
-    WatchDog = ?config(watchdog, Config),
-    test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [server_accept_timeout, cinit_return_chkclose,
-     sinit_return_chkclose, cinit_big_return_chkclose,
-     sinit_big_return_chkclose, cinit_big_echo_chkclose,
-     cinit_huge_echo_chkclose, sinit_big_echo_chkclose,
-     cinit_few_echo_chkclose, cinit_many_echo_chkclose,
-     cinit_cnocert].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-init_per_suite(doc) ->
-    "Want to se what Config contains.";
-init_per_suite(suite) ->
-    [];
-init_per_suite(Config) ->
-    io:format("Config: ~p~n", [Config]),
-
-    %% Check if SSL exists. If this case fails, all other cases are skipped
-    case catch crypto:start() of
-	ok ->
-	    application:start(public_key),
-	    case ssl:start() of
-		ok -> ssl:stop();
-		{error, {already_started, _}} -> ssl:stop();
-		Error -> ?t:fail({failed_starting_ssl,Error})
-	    end,
-	    Config;
-	_Else ->
-	    {skip,"Could not start crypto"}
-    end.
-
-end_per_suite(doc) ->
-    "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
-    [];
-end_per_suite(Config) ->
-    crypto:stop(),
-    Config.
-
-server_accept_timeout(doc) ->
-    "Server has one pending accept with timeout. Checks that return "
-	"value is {error, timeout}.";
-server_accept_timeout(suite) ->
-    [];
-server_accept_timeout(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    LPort = 3456,
-    Timeout = 40000, NConns = 1,
-    AccTimeout = 3000,
-
-    ?line {ok, {_, SsslOpts}} = mk_ssl_cert_opts(Config),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, AccTimeout}, 
-	     accept_timeout],
-    ?line test_server_only(NConns, LCmds, ACmds, Timeout, ?MODULE,
-			   Config).
-
-cinit_return_chkclose(doc) ->
-    "Client sends 1000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-cinit_return_chkclose(suite) ->
-    [];
-cinit_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout},
-	     {sockopts, [{active, once}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-sinit_return_chkclose(doc) ->
-    "Server sends 1000 bytes to client, that receives them, sends them "
-	"back, and closes. Server waits for close. Both have certs.";
-sinit_return_chkclose(suite) ->
-    [];
-sinit_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, once}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-cinit_big_return_chkclose(doc) ->
-    "Client sends 50000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-cinit_big_return_chkclose(suite) ->
-    [];
-cinit_big_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    %% Set {active, false} so that accept is passive to begin with. 
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},	
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {sockopts, [{active, once}]},	% {active, once} here.
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, once}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-sinit_big_return_chkclose(doc) ->
-    "Server sends 50000 bytes to client, that receives them, sends them "
-	"back, and closes. Server waits for close. Both have certs.";
-sinit_big_return_chkclose(suite) ->
-    [];
-sinit_big_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, once}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-cinit_big_echo_chkclose(doc) ->
-    "Client sends 50000 bytes to server, that echoes them back "
-	"and closes. Client waits for close. Both have certs.";
-cinit_big_echo_chkclose(suite) ->
-    [];
-cinit_big_echo_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {echo, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, once}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-cinit_huge_echo_chkclose(doc) ->
-    "Client sends 500000 bytes to server, that echoes them back "
-	"and closes. Client waits for close. Both have certs.";
-cinit_huge_echo_chkclose(suite) ->
-    [];
-cinit_huge_echo_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 500000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {echo, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, once}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-sinit_big_echo_chkclose(doc) ->
-    "Server sends 50000 bytes to client, that echoes them back "
-	"and closes. Server waits for close. Both have certs.";
-sinit_big_echo_chkclose(suite) ->
-    [];
-sinit_big_echo_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, once}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {echo, DataSize},
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-cinit_few_echo_chkclose(X) -> cinit_many_echo_chkclose(X, 7).
-
-cinit_many_echo_chkclose(X) -> cinit_many_echo_chkclose(X, ?MANYCONNS).
-
-cinit_many_echo_chkclose(doc, _NConns) ->
-    "client send 10000 bytes to server, that echoes them back "
-	"and closes. Clients wait for close. All have certs.";
-cinit_many_echo_chkclose(suite, _NConns) ->
-    [];
-cinit_many_echo_chkclose(Config, NConns) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 10000, LPort = 3456,
-    Timeout = 80000,
-
-    io:format("~w connections", [NConns]),
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {echo, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, once}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-cinit_cnocert(doc) ->
-    "Client sends 1000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Client has no cert, "
-	"but server has.";
-cinit_cnocert(suite) ->
-    [];
-cinit_cnocert(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3457,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {_CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, once}]},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-
diff --git a/lib/ssl/test/old_ssl_dist_SUITE.erl b/lib/ssl/test/old_ssl_dist_SUITE.erl
deleted file mode 100644
index 4544fb616a..0000000000
--- a/lib/ssl/test/old_ssl_dist_SUITE.erl
+++ /dev/null
@@ -1,617 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-
-
-%%%-------------------------------------------------------------------
-%%% File    : ssl_dist_SUITE.erl
-%%% Author  : Rickard Green
-%%% Description : Test that the Erlang distribution works over ssl.
-%%%
-%%% Created : 15 Nov 2007 by Rickard Green
-%%%-------------------------------------------------------------------
--module(old_ssl_dist_SUITE).
-
--include_lib("test_server/include/test_server.hrl").
-
--define(DEFAULT_TIMETRAP_SECS, 240).
-
--define(AWAIT_SLL_NODE_UP_TIMEOUT, 30000).
-
--export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2]).
--export([init_per_suite/1,
-	 end_per_suite/1,
-	 init_per_testcase/2,
-	 end_per_testcase/2]).
--export([cnct2tstsrvr/1]).
-
--export([basic/1]).
-
--record(node_handle, {connection_handler, socket, name, nodename}).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [basic].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-init_per_suite(Config) ->
-    try crypto:start() of
-	ok ->
-	    add_ssl_opts_config(Config)
-    catch _:_ ->
-	    {skip, "Crypto did not start"}
-    end.
-
-end_per_suite(Config) ->
-    application:stop(crypto),
-    Config.
-
-init_per_testcase(Case, Config) when list(Config) ->
-    Dog = ?t:timetrap(?t:seconds(?DEFAULT_TIMETRAP_SECS)),
-    [{watchdog, Dog},{testcase, Case}|Config].
-
-end_per_testcase(_Case, Config) when list(Config) ->
-    Dog = ?config(watchdog, Config),
-    ?t:timetrap_cancel(Dog),
-    ok.
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%                                                                       %%
-%% Testcases                                                             %%
-%%                                                                       %%
-
-basic(doc) ->
-    ["Test that two nodes can connect via ssl distribution"];
-basic(suite) ->
-    [];
-basic(Config) when is_list(Config) ->
-    ?line NH1 = start_ssl_node(Config),
-    ?line Node1 = NH1#node_handle.nodename,
-    ?line NH2 = start_ssl_node(Config),
-    ?line Node2 = NH2#node_handle.nodename,
-
-    ?line pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
-
-    ?line [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
-    ?line [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
-
-    %% The test_server node has the same cookie as the ssl nodes
-    %% but it should not be able to communicate with the ssl nodes
-    %% via the erlang distribution.
-    ?line pang = net_adm:ping(Node1),
-    ?line pang = net_adm:ping(Node2),
-
-
-    %%
-    %% Check that we are able to communicate over the erlang
-    %% distribution between the ssl nodes.
-    %%
-    ?line Ref = make_ref(),
-    ?line spawn(fun () ->
-			apply_on_ssl_node(
-			  NH1,
-			  fun () -> 
-				  tstsrvr_format("Hi from ~p!~n",
-						 [node()]),
-				  send_to_tstcntrl({Ref, self()}),
-				  receive
-				      {From, ping} ->
-					  From ! {self(), pong}
-				  end
-			  end)
-		end),
-    ?line receive
-	      {Ref, SslPid} ->
-		  ?line ok = apply_on_ssl_node(
-			       NH2,
-			       fun () ->
-				       tstsrvr_format("Hi from ~p!~n",
-						      [node()]),
-				       SslPid ! {self(), ping},
-				       receive
-					   {SslPid, pong} ->
-					       ok
-				       end
-			       end)
-	  end,
-
-    ?line stop_ssl_node(NH1),
-    ?line stop_ssl_node(NH2),
-    ?line success(Config).
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%                                                                       %%
-%% Internal functions                                                    %%
-%%                                                                       %%
-
-%%
-%% ssl_node side api
-%%
-
-tstsrvr_format(Fmt, ArgList) ->
-    send_to_tstsrvr({format, Fmt, ArgList}).
-
-send_to_tstcntrl(Message) ->
-    send_to_tstsrvr({message, Message}).
-
-
-%%
-%% test_server side api
-%%
-
-apply_on_ssl_node(Node, M, F, A) when atom(M), atom(F), list(A) ->
-    Ref = make_ref(),
-    send_to_ssl_node(Node, {apply, self(), Ref, M, F, A}),
-    receive
-	{Ref, Result} ->
-	    Result
-    end.
-
-apply_on_ssl_node(Node, Fun) when is_function(Fun, 0) ->
-    Ref = make_ref(),
-    send_to_ssl_node(Node, {apply, self(), Ref, Fun}),
-    receive
-	{Ref, Result} ->
-	    Result
-    end.
-
-stop_ssl_node(#node_handle{connection_handler = Handler,
-			   socket = Socket,
-			   name = Name}) ->
-    ?t:format("Trying to stop ssl node ~s.~n", [Name]),
-    Mon = erlang:monitor(process, Handler),
-    unlink(Handler),
-    case gen_tcp:send(Socket, term_to_binary(stop)) of
-	ok ->
-	    receive
-		{'DOWN', Mon, process, Handler, Reason} ->
-		    case Reason of
-			normal -> ok;
-			_ -> exit(Reason)
-		    end
-	    end;
-	Error ->
-	    erlang:demonitor(Mon, [flush]),
-	    exit(Error)
-    end.
-
-start_ssl_node(Config) ->
-    start_ssl_node(Config, "").
-
-start_ssl_node(Config, XArgs) ->
-    Name = mk_node_name(Config),
-    SSL = ?config(ssl_opts, Config),
-    SSLDistOpts = setup_dist_opts(Name, ?config(priv_dir, Config)),
-    start_ssl_node_raw(Name, SSL ++ " " ++ SSLDistOpts ++ XArgs).
-
-start_ssl_node_raw(Name, Args) ->
-    {ok, LSock} = gen_tcp:listen(0,
-				 [binary, {packet, 4}, {active, false}]),
-    {ok, ListenPort} = inet:port(LSock),
-    CmdLine = mk_node_cmdline(ListenPort, Name, Args),
-    ?t:format("Attempting to start ssl node ~s: ~s~n", [Name, CmdLine]),
-    case open_port({spawn, CmdLine}, []) of
-	Port when port(Port) ->
-	    unlink(Port),
-	    erlang:port_close(Port),
-	    case await_ssl_node_up(Name, LSock) of
-		#node_handle{} = NodeHandle ->
-		    ?t:format("Ssl node ~s started.~n", [Name]),
-		    NodeName = list_to_atom(Name ++ "@" ++ host_name()),
-		    NodeHandle#node_handle{nodename = NodeName};
-		Error ->
-		    exit({failed_to_start_node, Name, Error})
-	    end;
-	Error ->
-	    exit({failed_to_start_node, Name, Error})
-    end.
-
-%%
-%% command line creation
-%%
-
-host_name() ->
-    [$@ | Host] = lists:dropwhile(fun ($@) -> false; (_) -> true end,
-				  atom_to_list(node())),
-    Host.
-
-mk_node_name(Config) ->
-    {A, B, C} = erlang:now(),
-    Case = ?config(testcase, Config),
-    atom_to_list(?MODULE)
-	++ "_"
-	++ atom_to_list(Case)
-	++ "_"
-	++ integer_to_list(A)
-	++ "-"
-	++ integer_to_list(B)
-	++ "-"
-	++ integer_to_list(C).
-
-mk_node_cmdline(ListenPort, Name, Args) ->
-    Static = "-detached -noinput",
-    Pa = filename:dirname(code:which(?MODULE)),
-    Prog = case catch init:get_argument(progname) of
-	       {ok,[[P]]} -> P;
-	       _ -> exit(no_progname_argument_found)
-	   end,
-    NameSw = case net_kernel:longnames() of
-		 false -> "-sname ";
-		 _ -> "-name "
-	     end,
-    {ok, Pwd} = file:get_cwd(),
-    Prog ++ " "
-	++ Static ++ " "
-	++ NameSw ++ " " ++ Name ++ " "
-	++ "-pa " ++ Pa ++ " " 
- 	++ "-run application start crypto -run application start public_key "
-	++ "-run " ++ atom_to_list(?MODULE) ++ " cnct2tstsrvr "
-	++ host_name() ++ " "
-	++ integer_to_list(ListenPort) ++ " "
-	++ Args ++ " "
-	++ "-env ERL_CRASH_DUMP " ++ Pwd ++ "/erl_crash_dump." ++ Name ++ " "
-	++ "-setcookie " ++ atom_to_list(erlang:get_cookie()).
-
-%%
-%% Connection handler test_server side
-%%
-
-await_ssl_node_up(Name, LSock) ->
-    case gen_tcp:accept(LSock, ?AWAIT_SLL_NODE_UP_TIMEOUT) of
-	timeout ->
-	    gen_tcp:close(LSock),
-	    ?t:format("Timeout waiting for ssl node ~s to come up~n",
-		      [Name]),
-	    timeout;
-	{ok, Socket} ->
-	    gen_tcp:close(LSock),
-	    case gen_tcp:recv(Socket, 0) of
-		{ok, Bin} ->
-		    check_ssl_node_up(Socket, Name, Bin);
-		{error, closed} ->
-		    gen_tcp:close(Socket),
-		    exit({lost_connection_with_ssl_node_before_up, Name})
-	    end;
-	{error, Error} ->
-	    gen_tcp:close(LSock),
-	    exit({accept_failed, Error})
-    end.
-
-check_ssl_node_up(Socket, Name, Bin) ->
-    case catch binary_to_term(Bin) of
-	{'EXIT', _} ->
-	    gen_tcp:close(Socket),
-	    exit({bad_data_received_from_ssl_node, Name, Bin});
-	{ssl_node_up, NodeName} ->
-	    case list_to_atom(Name++"@"++host_name()) of
-		NodeName ->
-		    Parent = self(),
-		    Go = make_ref(),
-		    %% Spawn connection handler on test server side
-		    Pid = spawn_link(
-			    fun () ->
-				    receive Go -> ok end,
-				    tstsrvr_con_loop(Name, Socket, Parent)
-			    end),
-		    ok = gen_tcp:controlling_process(Socket, Pid),
-		    Pid ! Go,
-		    #node_handle{connection_handler = Pid,
-				 socket = Socket,
-				 name = Name};
-		_ ->
-		    exit({unexpected_ssl_node_connected, NodeName})
-	    end;
-	Msg ->
-	    exit({unexpected_msg_instead_of_ssl_node_up, Name, Msg})
-    end.
-
-send_to_ssl_node(#node_handle{connection_handler = Hndlr}, Term) ->
-    Hndlr ! {relay_to_ssl_node, term_to_binary(Term)},
-    ok.
-
-tstsrvr_con_loop(Name, Socket, Parent) ->
-    inet:setopts(Socket,[{active,once}]),
-    receive
-	{relay_to_ssl_node, Data} when is_binary(Data) ->
-	    case gen_tcp:send(Socket, Data) of
-		ok ->
-		    ok;
-		_Error ->
-		    gen_tcp:close(Socket),
-		    exit({failed_to_relay_data_to_ssl_node, Name, Data})
-	    end;
-	{tcp, Socket, Bin} ->
-	    case catch binary_to_term(Bin) of
-		{'EXIT', _} ->
-		    gen_tcp:close(Socket),
-		    exit({bad_data_received_from_ssl_node, Name, Bin});
-		{format, FmtStr, ArgList} ->
-		    ?t:format(FmtStr, ArgList);
-		{message, Msg} ->
-		    Parent ! Msg;
-		{apply_res, To, Ref, Res} ->
-		    To ! {Ref, Res};
-		bye ->
-		    ?t:format("Ssl node ~s stopped.~n", [Name]),
-		    gen_tcp:close(Socket),
-		    exit(normal);
-		Unknown ->
-		    exit({unexpected_message_from_ssl_node, Name, Unknown})
-	    end;
-	{tcp_closed, Socket} ->
-	    gen_tcp:close(Socket),
-	    exit({lost_connection_with_ssl_node, Name})
-    end,
-    tstsrvr_con_loop(Name, Socket, Parent).
-
-%%
-%% Connection handler ssl_node side
-%%
-
-% cnct2tstsrvr() is called via command line arg -run ...
-cnct2tstsrvr([Host, Port]) when list(Host), list(Port) ->
-    %% Spawn connection handler on ssl node side
-    ConnHandler
-	= spawn(fun () ->
-			case catch gen_tcp:connect(Host,
-						   list_to_integer(Port),
-						   [binary,
-						    {packet, 4},
-						    {active, false}]) of
-			    {ok, Socket} ->
-				notify_ssl_node_up(Socket),
-				ets:new(test_server_info,
-					[set,
-					 public,
-					 named_table,
-					 {keypos, 1}]),
-				ets:insert(test_server_info,
-					   {test_server_handler, self()}),
-				ssl_node_con_loop(Socket);
-			    _Error ->
-				halt("Failed to connect to test server")
-			end
-		end),
-    spawn(fun () ->
-		  Mon = erlang:monitor(process, ConnHandler),
-		  receive
-		      {'DOWN', Mon, process, ConnHandler, Reason} ->
-			  receive after 1000 -> ok end,
-			  halt("test server connection handler terminated: "
-			       ++
-			       lists:flatten(io_lib:format("~p", [Reason])))
-		  end
-	  end).
-
-notify_ssl_node_up(Socket) ->
-    case catch gen_tcp:send(Socket,
-			    term_to_binary({ssl_node_up, node()})) of
-	ok -> ok;
-	_ -> halt("Failed to notify test server that I'm up")
-    end.
-
-send_to_tstsrvr(Term) ->
-    case catch ets:lookup_element(test_server_info, test_server_handler, 2) of
-	Hndlr when pid(Hndlr) ->
-	    Hndlr ! {relay_to_test_server, term_to_binary(Term)}, ok;
-	_ ->
-	    receive after 200 -> ok end,
-	    send_to_tstsrvr(Term)
-    end.
-
-ssl_node_con_loop(Socket) ->
-    inet:setopts(Socket,[{active,once}]),
-    receive
-	{relay_to_test_server, Data} when is_binary(Data) ->
-	    case gen_tcp:send(Socket, Data) of
-		ok ->
-		    ok;
-		_Error ->
-		    gen_tcp:close(Socket),
-		    halt("Failed to relay data to test server")
-	    end;
-	{tcp, Socket, Bin} ->
-	    case catch binary_to_term(Bin) of
-		{'EXIT', _} ->
-		    gen_tcp:close(Socket),
-		    halt("test server sent me bad data");
-		{apply, From, Ref, M, F, A} ->
-		    spawn_link(
-		      fun () ->
-			      send_to_tstsrvr({apply_res,
-					       From,
-					       Ref,
-					       (catch apply(M, F, A))})
-			  end);
-		{apply, From, Ref, Fun} ->
-		    spawn_link(fun () ->
-				       send_to_tstsrvr({apply_res,
-							From,
-							Ref,
-							(catch Fun())})
-			       end);
-		stop ->
-		    gen_tcp:send(Socket, term_to_binary(bye)),
-		    gen_tcp:close(Socket),
-		    init:stop(),
-		    receive after infinity -> ok end;
-		_Unknown ->
-		    halt("test server sent me an unexpected message")
-	    end;
-	{tcp_closed, Socket} ->
-	    halt("Lost connection to test server")
-    end,
-    ssl_node_con_loop(Socket).
-
-%%
-%% Setup ssl dist info
-%%
-
-rand_bin(N) ->
-    rand_bin(N, []).
-
-rand_bin(0, Acc) ->
-    Acc;
-rand_bin(N, Acc) ->
-    rand_bin(N-1, [random:uniform(256)-1|Acc]).
-
-make_randfile(Dir) ->
-    {ok, IoDev} = file:open(filename:join([Dir, "RAND"]), [write]),
-    {A, B, C} = erlang:now(),
-    random:seed(A, B, C),
-    ok = file:write(IoDev, rand_bin(1024)),
-    file:close(IoDev).
-
-append_files(FileNames, ResultFileName) ->
-    {ok, ResultFile} = file:open(ResultFileName, [write]),
-    do_append_files(FileNames, ResultFile).
-
-do_append_files([], RF) ->
-    ok = file:close(RF);
-do_append_files([F|Fs], RF) ->
-    {ok, Data} = file:read_file(F),
-    ok = file:write(RF, Data),
-    do_append_files(Fs, RF).
-			    
-setup_dist_opts(Name, PrivDir) ->
-    NodeDir = filename:join([PrivDir, Name]),
-    RGenDir = filename:join([NodeDir, "rand_gen"]),
-    ok = file:make_dir(NodeDir),
-    ok = file:make_dir(RGenDir),
-    make_randfile(RGenDir),
-    make_certs:all(RGenDir, NodeDir),
-    SDir = filename:join([NodeDir, "server"]),
-    SC = filename:join([SDir, "cert.pem"]),
-    SK = filename:join([SDir, "key.pem"]),
-    SKC = filename:join([SDir, "keycert.pem"]),
-    append_files([SK, SC], SKC),
-    CDir = filename:join([NodeDir, "client"]),
-    CC = filename:join([CDir, "cert.pem"]),
-    CK = filename:join([CDir, "key.pem"]),
-    CKC = filename:join([CDir, "keycert.pem"]),
-    append_files([CK, CC], CKC),
-    "-proto_dist inet_ssl "
-	++ "-ssl_dist_opt server_certfile " ++ SKC ++ " "
-	++ "-ssl_dist_opt client_certfile " ++ CKC ++ " "
-.%	++ "-ssl_dist_opt verify 1 depth 1".
-
-%%
-%% Start scripts etc...
-%%
-
-add_ssl_opts_config(Config) ->
-    %%
-    %% Start with boot scripts if on an installed system; otherwise,
-    %% just point out ssl ebin with -pa.
-    %%
-    try
-	Dir = ?config(priv_dir, Config),
-	LibDir = code:lib_dir(),
-	Apps = application:which_applications(),
-	{value, {stdlib, _, STDL_VSN}} = lists:keysearch(stdlib, 1, Apps),
-	{value, {kernel, _, KRNL_VSN}} = lists:keysearch(kernel, 1, Apps),
-	StdlDir = filename:join([LibDir, "stdlib-" ++ STDL_VSN]),
-	KrnlDir = filename:join([LibDir, "kernel-" ++ KRNL_VSN]),
-	{ok, _} = file:read_file_info(StdlDir),
-	{ok, _} = file:read_file_info(KrnlDir),
-	SSL_VSN = vsn(ssl),
-	VSN_CRYPTO = vsn(crypto),
-	VSN_PKEY = vsn(public_key),
-	
-	SslDir = filename:join([LibDir, "ssl-" ++ SSL_VSN]),
-	{ok, _} = file:read_file_info(SslDir),
-	%% We are using an installed otp system, create the boot script.
-	Script = filename:join(Dir, atom_to_list(?MODULE)),
-	{ok, RelFile} = file:open(Script ++ ".rel", [write]),
-        io:format(RelFile,
-		  "{release, ~n"
-		  " {\"SSL distribution test release\", \"~s\"},~n"
-		  " {erts, \"~s\"},~n"
-		  " [{kernel, \"~s\"},~n"
-		  "  {stdlib, \"~s\"},~n"
-		  "  {crypto, \"~s\"},~n"
-		  "  {public_key, \"~s\"},~n"
-		  "  {ssl, \"~s\"}]}.~n",
-		  [case catch erlang:system_info(otp_release) of
-		       {'EXIT', _} -> "R11B";
-		       Rel -> Rel
-		   end,
-		   erlang:system_info(version),
-		   KRNL_VSN,
-		   STDL_VSN,
-		   VSN_CRYPTO,
-		   VSN_PKEY,
-		   SSL_VSN]),
-	ok = file:close(RelFile),
-	ok = systools:make_script(Script, []),
-	[{ssl_opts, "-boot " ++ Script} | Config]
-    catch
-	_:_ ->
-	    [{ssl_opts, "-pa " ++ filename:dirname(code:which(ssl))}
-	     | add_comment_config(
-		 "Bootscript wasn't used since the test wasn't run on an "
-		 "installed OTP system.",
-		 Config)]
-    end.
-
-%%
-%% Add common comments to config
-%%
-
-add_comment_config(Comment, []) ->
-    [{comment, Comment}];
-add_comment_config(Comment, [{comment, OldComment} | Cs]) ->
-    [{comment, Comment ++ " " ++ OldComment} | Cs];
-add_comment_config(Comment, [C|Cs]) ->
-    [C|add_comment_config(Comment, Cs)].
-
-%%
-%% Call when test case success
-%%
-
-success(Config) ->
-    case lists:keysearch(comment, 1, Config) of
-	{value, {comment, _} = Res} -> Res;
-	_ -> ok
-    end.
-
-vsn(App) ->
-    application:start(App),
-    try
-	{value,
-	 {ssl,
-	  _,
-	  VSN}} = lists:keysearch(App,
-				  1,
-				  application:which_applications()),
-	VSN
-     after
-	 application:stop(ssl)
-     end.
diff --git a/lib/ssl/test/old_ssl_misc_SUITE.erl b/lib/ssl/test/old_ssl_misc_SUITE.erl
deleted file mode 100644
index ea03e83867..0000000000
--- a/lib/ssl/test/old_ssl_misc_SUITE.erl
+++ /dev/null
@@ -1,117 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_misc_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2,
-	 init_per_testcase/2,
-	 end_per_testcase/2,
-	 seed/1,
-	 app/1
-	]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
-			   test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(MANYCONNS, 5).
-
-init_per_testcase(_Case, Config) ->
-    WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
-    [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
-    WatchDog = ?config(watchdog, Config),
-    test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [seed, app].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-init_per_suite(doc) ->
-    "Want to se what Config contains.";
-init_per_suite(suite) ->
-    [];
-init_per_suite(Config) ->
-    io:format("Config: ~p~n", [Config]),
-
-    %% Check if SSL exists. If this case fails, all other cases are skipped
-    case catch crypto:start() of
-	ok ->
-	    application:start(public_key),
-	    case ssl:start() of
-		ok -> ssl:stop();
-		{error, {already_started, _}} -> ssl:stop();
-		Error -> ?t:fail({failed_starting_ssl,Error})
-	    end,
-	    Config;
-	_Else ->
-	    {skip,"Could not start crypto!"}
-    end.
-
-end_per_suite(doc) ->
-    "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
-    [];
-end_per_suite(Config) ->
-    crypto:stop(),
-    Config.
-
-seed(doc) ->
-    "Test that ssl:seed/1 works.";
-seed(suite) ->
-    [];
-seed(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {_, SsslOpts}} = mk_ssl_cert_opts(Config),
-
-    LCmds = [{seed, "tjosan"},
-	     {sockopts, [{backlog, NConns}, {active, once}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ?line test_server_only(NConns, LCmds, [], Timeout, ?MODULE,
-			   Config).
-
-app(doc) ->
-    "Test that the ssl app file is ok";
-app(suite) ->
-    [];
-app(Config) when list(Config) ->
-    ?line ok = test_server:app_test(ssl).
-
-
diff --git a/lib/ssl/test/old_ssl_passive_SUITE.erl b/lib/ssl/test/old_ssl_passive_SUITE.erl
deleted file mode 100644
index 7b54fe876a..0000000000
--- a/lib/ssl/test/old_ssl_passive_SUITE.erl
+++ /dev/null
@@ -1,382 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_passive_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, 
-	 end_per_suite/1, init_per_group/2,end_per_group/2,
-	 init_per_testcase/2,
-	 end_per_testcase/2,
-	 server_accept_timeout/1,
-	 cinit_return_chkclose/1,
-	 sinit_return_chkclose/1,
-	 cinit_big_return_chkclose/1,
-	 sinit_big_return_chkclose/1,
-	 cinit_big_echo_chkclose/1,
-	 sinit_big_echo_chkclose/1,
-	 cinit_few_echo_chkclose/1,
-	 cinit_many_echo_chkclose/1,
-	 cinit_cnocert/1
-	 ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
-			   test_server_only/6]).
-
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(MANYCONNS, ssl_test_MACHINE:many_conns()).
-
-init_per_testcase(_Case, Config) ->
-    WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
-    [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
-    WatchDog = ?config(watchdog, Config),
-    test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [server_accept_timeout, cinit_return_chkclose,
-     sinit_return_chkclose, cinit_big_return_chkclose,
-     sinit_big_return_chkclose, cinit_big_echo_chkclose,
-     sinit_big_echo_chkclose, cinit_few_echo_chkclose,
-     cinit_many_echo_chkclose, cinit_cnocert].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-init_per_suite(doc) ->
-    "Want to se what Config contains.";
-init_per_suite(suite) ->
-    [];
-init_per_suite(Config) ->
-    io:format("Config: ~p~n", [Config]),
-
-    %% Check if SSL exists. If this case fails, all other cases are skipped
-    case catch crypto:start() of
-	ok ->
-	    application:start(public_key),
-	    case ssl:start() of
-		ok -> ssl:stop();
-		{error, {already_started, _}} -> ssl:stop();
-		Error -> ?t:fail({failed_starting_ssl,Error})
-	    end,
-	    Config;
-	_Else ->
-	    {skip,"Could not start crypto"}
-    end.
-
-end_per_suite(doc) ->
-    "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
-    [];
-end_per_suite(Config) ->
-    crypto:stop(),
-    Config.
-
-server_accept_timeout(doc) ->
-    "Server has one pending accept with timeout. Checks that return "
-	"value is {error, timeout}.";
-server_accept_timeout(suite) ->
-    [];
-server_accept_timeout(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    LPort = 3456,
-    Timeout = 40000, NConns = 1,
-    AccTimeout = 3000,
-
-    ?line {ok, {_, SsslOpts}} = mk_ssl_cert_opts(Config),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, AccTimeout}, 
-	     accept_timeout],
-    ?line test_server_only(NConns, LCmds, ACmds, Timeout, ?MODULE, Config).
-
-cinit_return_chkclose(doc) ->
-    "Client sends 1000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-cinit_return_chkclose(suite) ->
-    [];
-cinit_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout},
-	     {sockopts, [{active, false}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-sinit_return_chkclose(doc) ->
-    "Server sends 1000 bytes to client, that receives them, sends them "
-	"back, and closes. Server waits for close. Both have certs.";
-sinit_return_chkclose(suite) ->
-    [];
-sinit_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, false}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-cinit_big_return_chkclose(doc) ->
-    "Client sends 50000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-cinit_big_return_chkclose(suite) ->
-    [];
-cinit_big_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, false}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-sinit_big_return_chkclose(doc) ->
-    "Server sends 50000 bytes to client, that receives them, sends them "
-	"back, and closes. Server waits for close. Both have certs.";
-sinit_big_return_chkclose(suite) ->
-    [];
-sinit_big_return_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, false}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-cinit_big_echo_chkclose(doc) ->
-    "Client sends 50000 bytes to server, that echoes them back "
-	"and closes. Client waits for close. Both have certs.";
-cinit_big_echo_chkclose(suite) ->
-    [];
-cinit_big_echo_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {echo, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, false}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-sinit_big_echo_chkclose(doc) ->
-    "Server sends 50000 bytes to client, that echoes them back "
-	"and closes. Server waits for close. Both have certs.";
-sinit_big_echo_chkclose(suite) ->
-    [];
-sinit_big_echo_chkclose(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 50000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, false}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {echo, DataSize},
-	     close],
-
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-
-cinit_few_echo_chkclose(X) -> cinit_many_echo_chkclose(X, 7).
-
-cinit_many_echo_chkclose(X) -> cinit_many_echo_chkclose(X, ?MANYCONNS).
-
-cinit_many_echo_chkclose(doc, _NConns) ->
-    "clients send 10000 bytes to server, that echoes them back "
-	"and closes. Clients wait for close. All have certs.";
-cinit_many_echo_chkclose(suite, _NConns) ->
-    [];
-cinit_many_echo_chkclose(Config, NConns) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 10000, LPort = 3456,
-    Timeout = 80000,
-
-    io:format("~w connections", [NConns]),
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {echo, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, false}]},
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
-cinit_cnocert(doc) ->
-    "Client sends 1000 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Client has no cert, "
-	"but server has.";
-cinit_cnocert(suite) ->
-    [];
-cinit_cnocert(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3457,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {_CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize}, {send, DataSize}, 
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sockopts, [{active, false}]},
-	     {connect, {Host, LPort}},
-	     {send, DataSize}, {recv, DataSize}, 
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
-			    Config).
-
diff --git a/lib/ssl/test/old_ssl_peer_cert_SUITE.erl b/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
deleted file mode 100644
index ee19bad175..0000000000
--- a/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
+++ /dev/null
@@ -1,191 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_peer_cert_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2,
-	 init_per_testcase/2,
-	 end_per_testcase/2,
-	 cinit_plain/1,
-	 cinit_both_verify/1,
-	 cinit_cnocert/1
-	 ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
-			   test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
-
-init_per_testcase(_Case, Config) ->
-    WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
-    [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
-    WatchDog = ?config(watchdog, Config),
-    test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [cinit_plain, cinit_both_verify, cinit_cnocert].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-init_per_suite(doc) ->
-    "Want to se what Config contains.";
-init_per_suite(suite) ->
-    [];
-init_per_suite(Config) ->
-    io:format("Config: ~p~n", [Config]),
-
-    %% Check if SSL exists. If this case fails, all other cases are skipped
-    case catch crypto:start() of
-	ok ->
-	    application:start(public_key),
-	    case ssl:start() of
-		ok -> ssl:stop();
-		{error, {already_started, _}} -> ssl:stop();
-		Error -> ?t:fail({failed_starting_ssl,Error})
-	    end,
-	    Config;
-	_Else ->
-	    {skip,"Could not start crypto"}
-    end.
-
-end_per_suite(doc) ->
-    "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
-    [];
-end_per_suite(Config) ->
-    crypto:stop(),
-    Config.
-
-cinit_plain(doc) ->
-    "Server closes after accept, Client waits for close. Both have certs "
-	"but both use the defaults for verify and depth, but still tries "
-	"to retreive each others certificates.";
-cinit_plain(suite) ->
-    [];
-cinit_plain(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     nopeercert,
-	     {recv, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     peercert,
-	     {send, DataSize},
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, 
-			    ?MODULE, Config).
-
-cinit_both_verify(doc) ->
-    "Server closes after accept, Client waits for close. Both have certs "
-	"and both verify each other.";
-cinit_both_verify(suite) ->
-    [];
-cinit_both_verify(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts0, SsslOpts0}} = mk_ssl_cert_opts(Config),
-    ?line CsslOpts = [{verify, 2}, {depth, 2} | CsslOpts0],
-    ?line SsslOpts = [{verify, 2}, {depth, 3} | SsslOpts0],
-
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     peercert,
-	     {recv, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     peercert,
-	     {send, DataSize},
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, 
-			    ?MODULE, Config).
-
-cinit_cnocert(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close.";
-cinit_cnocert(suite) ->
-    [];
-cinit_cnocert(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3457,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {_, SsslOpts0}} = mk_ssl_cert_opts(Config),
-    ?line SsslOpts = [{verify, 0}, {depth, 2} | SsslOpts0],
-
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {connect, {Host, LPort}},
-	     peercert,
-	     {send, DataSize},
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
-			    ?MODULE, Config).
-
-
diff --git a/lib/ssl/test/old_ssl_protocol_SUITE.erl b/lib/ssl/test/old_ssl_protocol_SUITE.erl
deleted file mode 100644
index 9b9937c210..0000000000
--- a/lib/ssl/test/old_ssl_protocol_SUITE.erl
+++ /dev/null
@@ -1,185 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_protocol_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2, 
-	 init_per_testcase/2, end_per_testcase/2, 
-	 sslv2/1, sslv3/1, tlsv1/1, sslv2_sslv3/1,
-	 sslv2_tlsv1/1, sslv3_tlsv1/1, sslv2_sslv3_tlsv1/1]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
-			   test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
-
-init_per_testcase(_Case, Config) ->
-    WatchDog = test_server:timetrap(?DEFAULT_TIMEOUT),
-    [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
-    WatchDog = ?config(watchdog, Config),
-    test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [sslv2, sslv3, tlsv1, sslv2_sslv3, sslv2_tlsv1,
-     sslv3_tlsv1, sslv2_sslv3_tlsv1].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-init_per_suite(doc) ->
-    "Want to se what Config contains.";
-init_per_suite(suite) ->
-    [];
-init_per_suite(Config) ->
-    io:format("Config: ~p~n", [Config]),
-
-    %% Check if SSL exists. If this case fails, all other cases are skipped
-    case catch crypto:start() of
-	ok ->
-	    application:start(public_key),
-	    case ssl:start() of
-		ok -> ssl:stop();
-		{error, {already_started, _}} -> ssl:stop();
-		Error -> ?t:fail({failed_starting_ssl,Error})
-	    end,
-	    Config;
-	_Else ->
-	    {skip,"Could not start crypto"}
-    end.
-
-end_per_suite(doc) ->
-    "This test case has no other purpose than closing the conf case.";
-end_per_suite(suite) ->
-    [];
-end_per_suite(Config) ->
-    crypto:stop(),
-    Config.
-
-%%%%%
-
-sslv2(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close. "
-	"Client and server choose SSLv2."; 
-sslv2(suite) ->
-    [];
-sslv2(Config) when list(Config) ->
-    do_run_test(Config, [sslv2]).
-
-sslv3(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close. "
-	"Client and server choose SSLv3."; 
-sslv3(suite) ->
-    [];
-sslv3(Config) when list(Config) ->
-    do_run_test(Config, [sslv3]).
-
-tlsv1(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close. "
-	"Client and server choose TLSv1."; 
-tlsv1(suite) ->
-    [];
-tlsv1(Config) when list(Config) ->
-    do_run_test(Config, [tlsv1]).
-
-sslv2_sslv3(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close. "
-	"Client and server choose between SSLv2 and SSLv3."; 
-sslv2_sslv3(suite) ->
-    [];
-sslv2_sslv3(Config) when list(Config) ->
-    do_run_test(Config, [sslv2, sslv3]).
-
-sslv2_tlsv1(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close. "
-	"Client and server choose between SSLv2 and TLSv1."; 
-sslv2_tlsv1(suite) ->
-    [];
-sslv2_tlsv1(Config) when list(Config) ->
-    do_run_test(Config, [sslv2, tlsv1]).
-
-sslv3_tlsv1(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close. "
-	"Client and server choose between SSLv3 and TLSv1."; 
-sslv3_tlsv1(suite) ->
-    [];
-sslv3_tlsv1(Config) when list(Config) ->
-    do_run_test(Config, [sslv3, tlsv1]).
-
-sslv2_sslv3_tlsv1(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close. "
-	"Client and server choose between SSLv2, SSLv3, and TLSv1."; 
-sslv2_sslv3_tlsv1(suite) ->
-    [];
-sslv2_sslv3_tlsv1(Config) when list(Config) ->
-    do_run_test(Config, [sslv2, sslv3, tlsv1]).
-
-%%%%
-
-do_run_test(Config0, Protocols) ->
-    process_flag(trap_exit, true),
-    LPort = 3456,
-    Timeout = 40000, NConns = 1,
-    DataSize = 10,
-
-    ?line {ok, {_, SsslOpts0}} = mk_ssl_cert_opts(Config0),
-    ?line SsslOpts = [{verify, 0}, {depth, 2} | SsslOpts0],
-
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     connection_info,
-	     {recv, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {connect, {Host, LPort}},
-	     connection_info,
-	     {send, DataSize},
-	     await_close],
-    Config1 = [{env, [{protocol_version, Protocols}]} | Config0],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
-			    ?MODULE, Config1).
-
-
diff --git a/lib/ssl/test/old_ssl_verify_SUITE.erl b/lib/ssl/test/old_ssl_verify_SUITE.erl
deleted file mode 100644
index 4c11ea6850..0000000000
--- a/lib/ssl/test/old_ssl_verify_SUITE.erl
+++ /dev/null
@@ -1,153 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_verify_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2,
-	 init_per_testcase/2,
-	 end_per_testcase/2,
-	 cinit_both_verify/1,
-	 cinit_cnocert/1
-	 ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
-			   test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
-
-init_per_testcase(_Case, Config) ->
-    WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
-    [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
-    WatchDog = ?config(watchdog, Config),
-    test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [cinit_both_verify, cinit_cnocert].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-init_per_suite(doc) ->
-    "Want to se what Config contains.";
-init_per_suite(suite) ->
-    [];
-init_per_suite(Config) ->
-    io:format("Config: ~p~n", [Config]),
-
-    %% Check if SSL exists. If this case fails, all other cases are skipped
-    case catch crypto:start() of
-	ok ->
-	    application:start(public_key),
-	    case ssl:start() of
-		ok -> ssl:stop();
-		{error, {already_started, _}} -> ssl:stop();
-		Error -> ?t:fail({failed_starting_ssl,Error})
-	    end,
-	    Config;
-	_Else ->
-	    {skip,"Could not start crypto"}
-    end.
-
-end_per_suite(doc) ->
-    "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
-    [];
-end_per_suite(Config) ->
-    crypto:stop(),
-    Config.
-
-cinit_both_verify(doc) ->
-    "Server closes after accept, Client waits for close. Both have certs "
-	"and both verify each other.";
-cinit_both_verify(suite) ->
-    [];
-cinit_both_verify(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3456,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {CsslOpts0, SsslOpts0}} = mk_ssl_cert_opts(Config),
-    ?line CsslOpts = [{verify, 2}, {depth, 2} | CsslOpts0],
-    ?line SsslOpts = [{verify, 2}, {depth, 3} | SsslOpts0],
-
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {sslopts, CsslOpts},
-	     {connect, {Host, LPort}},
-	     {send, DataSize},
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, 
-			    ?MODULE, Config).
-
-cinit_cnocert(doc) ->
-    "Client has no cert. Nor the client, nor the server is verifying its "
-	"peer. Server closes, client waits for close.";
-cinit_cnocert(suite) ->
-    [];
-cinit_cnocert(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    DataSize = 1000, LPort = 3457,
-    Timeout = 40000, NConns = 1,
-
-    ?line {ok, {_, SsslOpts0}} = mk_ssl_cert_opts(Config),
-    ?line SsslOpts = [{verify, 0}, {depth, 2} | SsslOpts0],
-
-    ?line {ok, Host} = inet:gethostname(),
-
-    LCmds = [{sockopts, [{backlog, NConns}]},
-	     {sslopts, SsslOpts},
-	     {listen, LPort}, 
-	     wait_sync,
-	     lclose],
-    ACmds = [{timeout, Timeout}, 
-	     accept,
-	     {recv, DataSize},
-	     close],
-    CCmds = [{timeout, Timeout}, 
-	     {connect, {Host, LPort}},
-	     {send, DataSize},
-	     await_close],
-    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
-			    ?MODULE, Config).
-
-
diff --git a/lib/ssl/test/old_transport_accept_SUITE.erl b/lib/ssl/test/old_transport_accept_SUITE.erl
deleted file mode 100644
index 6f0c8e456b..0000000000
--- a/lib/ssl/test/old_transport_accept_SUITE.erl
+++ /dev/null
@@ -1,258 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_transport_accept_SUITE).
--include_lib("common_test/include/ct.hrl").
--include("test_server_line.hrl").
-
-%% Default timetrap timeout (set in init_per_testcase).
--define(default_timeout, ?t:minutes(1)).
--define(application, ssh).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2,
-	 init_per_testcase/2,
-	 end_per_testcase/2,
-	 config/1,
-	 echo_once/1,
-	 echo_twice/1,
-	 close_before_ssl_accept/1,
-	 server/5,
-	 tolerant_server/5,
-	 client/5
-	]).
-
-init_per_testcase(_Case, Config) ->
-    WatchDog = ssl_test_lib:timetrap(?default_timeout),
-    [{watchdog, WatchDog}, {protomod, gen_tcp}, {serialize_accept, true}| 
-     Config].
-
-end_per_testcase(_Case, Config) ->
-    WatchDog = ?config(watchdog, Config),
-    test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [config, echo_once, echo_twice, close_before_ssl_accept].
-
-groups() -> 
-    [].
-
-init_per_suite(Config) ->
-    try crypto:start() of
-	ok ->
-	    Config
-    catch _:_ ->
-	    {skip, "Crypto did not start"}
-    end.
-
-end_per_suite(_Config) ->
-    application:stop(crypto),
-    ok.
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-config(doc) ->
-    "Want to se what Config contains.";
-config(suite) ->
-    [];
-config(Config) ->
-    io:format("Config: ~p~n", [Config]),
-    ok.
-
-echo_once(doc) ->
-    "Client sends 256 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-echo_once(suite) ->
-    [];
-echo_once(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    LPort = 3456,
-    {ok, Host} = inet:gethostname(),
-    {ok, {COpts, SOpts}} = ssl_test_MACHINE:mk_ssl_cert_opts(Config),
-    N = 1,
-    Msg = lists:seq(0, 255),
-    Self = self(),
-    Params = "-pa " ++ filename:dirname(code:which(?MODULE)),
-    Node = start_node(server, Params),
-    CNode = start_node(client, Params),
-    Server = spawn_link(Node, ?MODULE, server, [Self, LPort, SOpts, Msg, N]),
-    Client = spawn_link(Node, ?MODULE, client, [Host, LPort, COpts, Msg, N]),
-    ok = receive
-	     {Server, listening} ->
-		 Client ! {Server, listening},
-		 ok;
-	     E ->
-		 io:format("bad receive (1) ~p\n", [E]),
-		 E
-	 end,
-    receive
-	{Server, done} ->
-	    ok
-    end,
-    test_server:stop_node(Node),
-    test_server:stop_node(CNode).
-
-close_before_ssl_accept(doc) ->
-    "Client sends 256 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-close_before_ssl_accept(suite) ->
-    [];
-close_before_ssl_accept(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    LPort = 3456,
-    {ok, Host} = inet:gethostname(),
-    {ok, {COpts, SOpts}} = ssl_test_MACHINE:mk_ssl_cert_opts(Config),
-    Msg = lists:seq(0, 255),
-    Self = self(),
-    Params = "-pa " ++ filename:dirname(code:which(?MODULE)),
-    Node = start_node(server, Params),
-    CNode = start_node(client, Params),
-    Server = spawn_link(Node, ?MODULE, tolerant_server,
-			[Self, LPort, SOpts, Msg, 2]),
-    Client = spawn_link(Node, ?MODULE, client,
-			[Host, LPort, COpts, Msg, 1]),
-    ok = receive
-	     {Server, listening} ->
-		 {ok, S} = gen_tcp:connect(Host, LPort, []),
-		 gen_tcp:close(S),
-		 Client ! {Server, listening},
-		 ok;
-	     E ->
-		 io:format("bad receive (1) ~p\n", [E]),
-		 E
-	 end,
-    receive
-	{Server, done} ->
-	    ok
-    end,
-    test_server:stop_node(Node),
-    test_server:stop_node(CNode).
-
-client(Host, LPort, COpts, Msg, N) ->
-    ok = receive
-	     {_Server, listening} ->
-		 ok;
-	     E ->
-		 io:format("bad receive (2) ~p\n", [E]),
-		 E
-	 end,
-    Opts = COpts ++ [{packet, raw}, {active, false}],
-    app(),
-    lists:foreach(fun(_) ->
-			  {ok, S} = ssl:connect(Host, LPort, Opts),
-			  ssl:send(S, Msg),
-			  {ok, Msg} = ssl:recv(S, length(Msg)),
-			  ssl:close(S)
-		  end, lists:seq(1, N)).
-
-echo_twice(doc) ->
-    "Two clients sends 256 bytes to server, that receives them, sends them "
-	"back, and closes. Client waits for close. Both have certs.";
-echo_twice(suite) ->
-    [];
-echo_twice(Config) when list(Config) ->
-    process_flag(trap_exit, true),
-    LPort = 3456,
-    {ok, Host} = inet:gethostname(),
-    {ok, {COpts, SOpts}} = ssl_test_MACHINE:mk_ssl_cert_opts(Config),
-    N = 2,
-    Msg = lists:seq(0, 255),
-    Self = self(),
-    Params = "-pa " ++ filename:dirname(code:which(?MODULE)),
-    Node = start_node(server, Params),
-    CNode = start_node(client, Params),
-    Server = spawn_link(Node, ?MODULE, server,
-			[Self, LPort, SOpts, Msg, N]),
-    Client = spawn_link(Node, ?MODULE, client,
-			[Host, LPort, COpts, Msg, N]),
-    ok = receive
-	     {Server, listening} ->
-		 Client ! {Server, listening},
-		 ok;
-	     E ->
-		 io:format("bad receive (3) ~p\n", [E]),
-		 E
-	 end,
-    receive
-	{Server, done} ->
-	    ok
-    end,
-    test_server:stop_node(Node),
-    test_server:stop_node(CNode).
-
-server(Client, Port, SOpts, Msg, N) ->
-    app(),
-    process_flag(trap_exit, true),
-    Opts = SOpts ++ [{packet, raw}, {active, false}],
-    {ok, LSock} = ssl:listen(Port, Opts),
-    Client ! {self(), listening},
-    server_loop(Client, LSock, Msg, N).
-
-server_loop(Client, _, _, 0) ->
-    Client ! {self(), done};
-server_loop(Client, LSock, Msg, N) ->
-    {ok, S} = ssl:transport_accept(LSock),
-    ok = ssl:ssl_accept(S),
-    %% P = ssl:controlling_process(S, Proxy),
-    {ok, Msg} = ssl:recv(S, length(Msg)),
-    ok = ssl:send(S, Msg),
-    ok = ssl:close(S),
-    server_loop(Client, LSock, Msg, N-1).
-
-tolerant_server(Client, Port, SOpts, Msg, N) ->
-    app(),
-    process_flag(trap_exit, true),
-    Opts = SOpts ++ [{packet, raw}, {active, false}],
-    {ok, LSock} = ssl:listen(Port, Opts),
-    Client ! {self(), listening},
-    tolerant_server_loop(Client, LSock, Msg, N).
-
-tolerant_server_loop(Client, _, _, 0) ->
-    Client ! {self(), done};
-tolerant_server_loop(Client, LSock, Msg, N) ->
-    {ok, S} = ssl:transport_accept(LSock),
-    case ssl:ssl_accept(S) of
-	ok ->
-	    %% P = ssl:controlling_process(S, Proxy),
-	    {ok, Msg} = ssl:recv(S, length(Msg)),
-	    ok = ssl:send(S, Msg),
-	    ok = ssl:close(S);
-	E ->
-	    io:format("ssl_accept error: ~p\n", [E])
-    end,
-    tolerant_server_loop(Client, LSock, Msg, N-1).
-
-app() ->
-    crypto:start(),
-    application:start(public_key),
-    ssl:start().
-
-start_node(Kind, Params) ->
-    S = atom_to_list(?MODULE)++"_" ++ atom_to_list(Kind),
-    {ok, Node} = test_server:start_node(list_to_atom(S), slave, [{args, Params}]),
-    Node.
-
diff --git a/lib/ssl/test/ssl.cover b/lib/ssl/test/ssl.cover
index 60774cc0f1..6b13e07a37 100644
--- a/lib/ssl/test/ssl.cover
+++ b/lib/ssl/test/ssl.cover
@@ -1,21 +1,4 @@
 {incl_app,ssl,details}.
 
-{excl_mods, ssl, [ssl_pkix_oid,
-		  'PKIX1Algorithms88', 
-		  'PKIX1Explicit88',
-		  'PKIX1Implicit88',
-		  'PKIXAttributeCertificate',
-		  'SSL-PKIX',
-		  ssl_pem,
-		  ssl_pkix,
-		  ssl_base64,
-		  ssl_broker,
-		  ssl_broker_int,
-		  ssl_broker_sup,
-		  ssl_debug,
-		  ssl_server,		
-		  ssl_prim,
-		  inet_ssl_dist,
-		  'OTP-PKIX'	
-		]}.
+{excl_mods, ssl, [ssl_debug]}.
 
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 8da1d947d3..527263363c 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -28,7 +28,6 @@
 -include_lib("public_key/include/public_key.hrl").
 
 -include("ssl_alert.hrl").
--include("ssl_int.hrl").
 -include("ssl_internal.hrl").
 -include("ssl_record.hrl").
 
@@ -37,6 +36,7 @@
 -define(LONG_TIMEOUT, 600000).
 -define(EXPIRE, 10).
 -define(SLEEP, 500).
+-define(RENEGOTIATION_DISABLE_TIME, 12000).
 
 %% Test server callback functions
 %%--------------------------------------------------------------------
@@ -207,8 +207,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 all() -> 
     [app, alerts, connection_info, protocol_versions,
      empty_protocol_versions, controlling_process,
-     controller_dies, client_closes_socket, peercert,
-     connect_dist, peername, sockname, socket_options,
+     controller_dies, client_closes_socket,
+     connect_dist, peername, peercert, sockname, socket_options,
      invalid_inet_get_option, invalid_inet_get_option_not_list,
      invalid_inet_get_option_improper_list,
      invalid_inet_set_option, invalid_inet_set_option_not_list,
@@ -257,7 +257,9 @@ all() ->
      %%different_ca_peer_sign,
      no_reuses_session_server_restart_new_cert,
      no_reuses_session_server_restart_new_cert_file, reuseaddr,
-     hibernate, connect_twice
+     hibernate, connect_twice, renegotiate_dos_mitigate_active,
+     renegotiate_dos_mitigate_passive,
+     tcp_error_propagation_in_active_mode, rizzo, no_rizzo_rc4
     ].
 
 groups() -> 
@@ -394,8 +396,8 @@ controlling_process(Config) when is_list(Config) ->
     ClientOpts = ?config(client_opts, Config),
     ServerOpts = ?config(server_opts, Config),
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-    ClientMsg = "Hello server",
-    ServerMsg = "Hello client",
+    ClientMsg = "Server hello",
+    ServerMsg = "Client hello",
    
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
@@ -416,11 +418,15 @@ controlling_process(Config) when is_list(Config) ->
 		       [self(), Client, Server]),
     
     receive 
+	{ssl, _, "S"} ->
+	    receive_s_rizzo_duong_beast();
 	{ssl, _, ServerMsg} ->
 	    receive 
 		{ssl, _, ClientMsg} ->
 		    ok
 	    end;
+	{ssl, _, "C"} ->
+	    receive_c_rizzo_duong_beast();
 	{ssl, _, ClientMsg} ->
 	      receive 
 		  {ssl, _, ServerMsg} ->
@@ -441,6 +447,28 @@ controlling_process_result(Socket, Pid, Msg) ->
     ssl:send(Socket, Msg),
     no_result_msg.
 
+receive_s_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "erver hello"} ->
+	    receive 
+		{ssl, _, "C"} ->
+		    receive
+			{ssl, _, "lient hello"} ->
+			    ok
+		    end
+	    end
+    end.
+receive_c_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "lient hello"} ->
+	    receive
+		{ssl, _, "S"} ->
+		    receive
+			{ssl, _, "erver hello"} ->
+			    ok
+		    end
+	    end
+    end.
 %%--------------------------------------------------------------------
 controller_dies(doc) -> 
     ["Test that the socket is closed after controlling process dies"];
@@ -584,50 +612,6 @@ client_closes_socket(Config) when is_list(Config) ->
     ssl_test_lib:check_result(Server, {error,closed}).
 
 %%--------------------------------------------------------------------
-
-peercert(doc) -> 
-    [""];
-
-peercert(suite) -> 
-    [];
-
-peercert(Config) when is_list(Config) -> 
-    ClientOpts = ?config(client_opts, Config),
-    ServerOpts = ?config(server_opts, Config),
-    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-    
-    Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0}, 
-					{from, self()}, 
-			   {mfa, {?MODULE, peercert_result, []}},
-			   {options, ServerOpts}]),
-    Port = ssl_test_lib:inet_port(Server),
-    Client = ssl_test_lib:start_client([{node, ServerNode}, {port, Port}, 
-					{host, Hostname},
-			   {from, self()}, 
-			   {mfa, {?MODULE, peercert_result, []}},
-			   {options, ClientOpts}]),
-    
-    CertFile = proplists:get_value(certfile, ServerOpts),
-    [{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
-    ErlCert = public_key:pkix_decode_cert(BinCert, otp),
-       
-    ServerMsg = {{error, no_peercert}, {error, no_peercert}},
-    ClientMsg = {{ok, BinCert}, {ok, ErlCert}},
-    
-    test_server:format("Testcase ~p, Client ~p  Server ~p ~n", 
-		       [self(), Client, Server]),
-    
-    ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
-    
-    ssl_test_lib:close(Server),
-    ssl_test_lib:close(Client).
-
-peercert_result(Socket) ->
-    Result1 = ssl:peercert(Socket),
-    Result2 = ssl:peercert(Socket, [ssl]), 
-    {Result1, Result2}.
-
-%%--------------------------------------------------------------------
 connect_dist(doc) -> 
     ["Test a simple connect as is used by distribution"];
 
@@ -708,6 +692,44 @@ peername_result(S) ->
     ssl:peername(S).
 
 %%--------------------------------------------------------------------
+peercert(doc) ->
+    [""];
+peercert(suite) ->
+    [];
+peercert(Config) when is_list(Config) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
+					{from, self()},
+			   {mfa, {?MODULE, peercert_result, []}},
+			   {options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+    Client = ssl_test_lib:start_client([{node, ServerNode}, {port, Port},
+					{host, Hostname},
+			   {from, self()},
+			   {mfa, {?MODULE, peercert_result, []}},
+			   {options, ClientOpts}]),
+
+    CertFile = proplists:get_value(certfile, ServerOpts),
+    [{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
+
+    ServerMsg = {error, no_peercert},
+    ClientMsg = {ok, BinCert},
+
+    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
+		       [self(), Client, Server]),
+
+    ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
+
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+peercert_result(Socket) ->
+    ssl:peercert(Socket).
+
+%%--------------------------------------------------------------------
 sockname(doc) -> 
     ["Test API function sockname/1"];
 
@@ -1238,6 +1260,11 @@ upgrade_result(Socket) ->
     %% Make sure binary is inherited from tcp socket and that we do
     %% not get the list default!
     receive 
+	{ssl, _, <<"H">>} ->
+	    receive 
+		{ssl, _, <<"ello world">>} ->
+		    ok
+	    end;
 	{ssl, _, <<"Hello world">>}  ->
 	    ok
     end.
@@ -1528,7 +1555,6 @@ eoptions(Config) when is_list(Config) ->
 	    end,
 
     TestOpts = [{versions, [sslv2, sslv3]}, 
-		{ssl_imp, cool},
 		{verify, 4}, 
 		{verify_fun, function},
 		{fail_if_no_peer_cert, 0}, 
@@ -1540,14 +1566,14 @@ eoptions(Config) when is_list(Config) ->
 		{cacertfile, ""}, 
 		{dhfile,'dh.pem' },
 		{ciphers, [{foo, bar, sha, ignore}]},
-		{reuse_session, foo}, 
-		{reuse_sessions, 0}, 
+		{reuse_session, foo},
+		{reuse_sessions, 0},
 		{renegotiate_at, "10"},
-		{debug, 1}, 
+		{debug, 1},
 		{mode, depech},
-		{packet, 8.0}, 
-		{packet_size, "2"}, 
-		{header, a}, 
+		{packet, 8.0},
+		{packet_size, "2"},
+		{header, a},
 		{active, trice},
 		{key, 'key.pem' }],
 
@@ -2321,8 +2347,8 @@ server_verify_client_once_passive(Config) when is_list(Config) ->
 					{options, [{active, false} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
@@ -2348,7 +2374,7 @@ server_verify_client_once_active(Config) when is_list(Config) ->
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
 					{mfa, {?MODULE, send_recv_result_active, []}},
-					{options, [{active, once}, {verify, verify_peer},
+					{options, [{active, true}, {verify, verify_peer},
 						   {verify_client_once, true}
 						   | ServerOpts]}]),
     Port  = ssl_test_lib:inet_port(Server),
@@ -2359,8 +2385,8 @@ server_verify_client_once_active(Config) when is_list(Config) ->
 					 {options, [{active, true} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
@@ -2397,8 +2423,8 @@ server_verify_client_once_active_once(Config) when is_list(Config) ->
 					{options, [{active, once} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					 {host, Hostname},
 					 {from, self()},
@@ -2600,7 +2626,7 @@ client_renegotiate(Config) when is_list(Config) ->
 				   {options, ServerOpts}]),
     Port = ssl_test_lib:inet_port(Server),
  
-    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 					{host, Hostname},
 					{from, self()}, 
 					{mfa, {?MODULE, 
@@ -2732,17 +2758,28 @@ client_no_wrap_sequence_number(Config) when is_list(Config) ->
 				   {options, ServerOpts}]),
     Port = ssl_test_lib:inet_port(Server),
  
+    Version = ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()),
+
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
 					{mfa, {ssl_test_lib, 
-					       trigger_renegotiate, [[ErlData, N+2]]}},
+					       trigger_renegotiate, [[ErlData, treashold(N, Version)]]}},
 					{options, [{reuse_sessions, false},
 						   {renegotiate_at, N} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Client, ok), 
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
+
+ %% First two clauses handles 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+treashold(N, {3,0}) ->
+    (N div 2) + 1;
+treashold(N, {3,1}) ->
+    (N div 2) + 1;
+treashold(N, _) ->
+    N + 1.
+    
 %%--------------------------------------------------------------------
 server_no_wrap_sequence_number(doc) -> 
     ["Test that erlang server will renegotiate session when",  
@@ -2792,7 +2829,7 @@ extended_key_usage_verify_peer(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"), 
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2854,7 +2891,7 @@ extended_key_usage_verify_none(Config) when is_list(Config) ->
 
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2916,7 +2953,7 @@ no_authority_key_identifier(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     CertFile = proplists:get_value(certfile, ServerOpts),
     NewCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2974,7 +3011,7 @@ invalid_signature_server(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "server/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/invalid_cert.pem"),
@@ -2996,8 +3033,8 @@ invalid_signature_server(Config) when is_list(Config) ->
 					      {from, self()}, 
 					      {options, [{verify, verify_peer} | ClientOpts]}]),
     
-    ssl_test_lib:check_result(Server, {error, "bad certificate"}, 
-			      Client, {error,"bad certificate"}).
+    tcp_delivery_workaround(Server, {error, "bad certificate"},
+			    Client, {error,"bad certificate"}).
     
 %%--------------------------------------------------------------------
 
@@ -3014,7 +3051,7 @@ invalid_signature_client(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "client/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ClientCertFile = proplists:get_value(certfile, ClientOpts),
     NewClientCertFile = filename:join(PrivDir, "client/invalid_cert.pem"),
@@ -3042,41 +3079,47 @@ invalid_signature_client(Config) when is_list(Config) ->
 tcp_delivery_workaround(Server, ServerMsg, Client, ClientMsg) ->
     receive 
 	{Server, ServerMsg} ->
-	    receive 
-		{Client, ClientMsg} ->
-		    ok;
-		{Client, {error,closed}} ->
-		    test_server:format("client got close");
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    client_msg(Client, ClientMsg);
 	{Client, ClientMsg} ->
-	    receive 
-		{Server, ServerMsg} ->
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    server_msg(Server, ServerMsg);
        	{Client, {error,closed}} ->
-	    receive 
-		{Server, ServerMsg} ->
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    server_msg(Server, ServerMsg);
 	{Server, {error,closed}} ->
-	    receive 
-		{Client, ClientMsg} ->
-		    ok;
-		{Client, {error,closed}} ->
-		    test_server:format("client got close"),
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    client_msg(Client, ClientMsg);
+	{Client, {error, esslconnect}} ->
+	    server_msg(Server, ServerMsg);
+	{Server, {error, esslaccept}} ->
+	    client_msg(Client, ClientMsg)
+    end.
+
+client_msg(Client, ClientMsg) ->
+    receive
+	{Client, ClientMsg} ->
+	    ok;
+	{Client, {error,closed}} ->
+	    test_server:format("client got close"),
+	    ok;
+	{Client, {error, esslconnect}} ->
+	    test_server:format("client got econnaborted"),
+	    ok;
 	Unexpected ->
 	    test_server:fail(Unexpected)
     end.
+
+server_msg(Server, ServerMsg) ->
+    receive
+	{Server, ServerMsg} ->
+	    ok;
+	{Server, {error,closed}} ->
+	    test_server:format("server got close"),
+	    ok;
+	{Server, {error, esslaccept}} ->
+	    test_server:format("server got econnaborted"),
+	    ok;
+	Unexpected ->
+	    test_server:fail(Unexpected)
+    end.
+
 %%--------------------------------------------------------------------
 cert_expired(doc) -> 
     ["Test server with invalid signature"];
@@ -3091,7 +3134,7 @@ cert_expired(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/expired_cert.pem"),
@@ -3366,14 +3409,14 @@ der_input_opts(Opts) ->
     Keyfile = proplists:get_value(keyfile, Opts),
     Dhfile = proplists:get_value(dhfile, Opts),
     [{_, Cert, _}] = ssl_test_lib:pem_to_der(Certfile),
-    [{_, Key, _}]  = ssl_test_lib:pem_to_der(Keyfile),
+    [{Asn1Type, Key, _}]  = ssl_test_lib:pem_to_der(Keyfile),
     [{_, DHParams, _}]  = ssl_test_lib:pem_to_der(Dhfile),
     CaCerts =
 	lists:map(fun(Entry) ->
 			  {_, CaCert, _} = Entry,
 			  CaCert
 		  end, ssl_test_lib:pem_to_der(CaCertsfile)),
-    {Cert, {rsa, Key}, CaCerts, DHParams}.
+    {Cert, {Asn1Type, Key}, CaCerts, DHParams}.
 
 %%--------------------------------------------------------------------
 %% different_ca_peer_sign(doc) ->
@@ -3596,14 +3639,13 @@ hibernate(Config) ->
 					{from, self()},
 					{mfa, {?MODULE, send_recv_result_active, []}},
 					{options, [{hibernate_after, 1000}|ClientOpts]}]),
-
-    { current_function, { _M, _F, _A } } =
+    {current_function, _} =
         process_info(Pid, current_function),
 
     timer:sleep(1100),
 
-    { current_function, { erlang, hibernate, 3} } =
-        process_info(Pid, current_function),
+    {current_function, {erlang, hibernate, 3}} =
+	process_info(Pid, current_function),
 
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
@@ -3655,6 +3697,166 @@ connect_twice(Config) when is_list(Config) ->
     ssl_test_lib:close(Client),
     ssl_test_lib:close(Client1).
 
+%%--------------------------------------------------------------------
+renegotiate_dos_mitigate_active(doc) ->
+    ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
+    "immediately after each other"];
+
+renegotiate_dos_mitigate_active(suite) ->
+    [];
+
+renegotiate_dos_mitigate_active(Config) when is_list(Config) ->
+    ServerOpts = ?config(server_opts, Config),
+    ClientOpts = ?config(client_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server =
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+				   {from, self()},
+				   {mfa, {?MODULE, send_recv_result_active, []}},
+				   {options, [ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+					{from, self()},
+					{mfa, {?MODULE,
+					       renegotiate_immediately, []}},
+					{options, ClientOpts}]),
+
+    ssl_test_lib:check_result(Client, ok, Server, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+renegotiate_dos_mitigate_passive(doc) ->
+    ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
+    "immediately after each other"];
+
+renegotiate_dos_mitigate_passive(suite) ->
+    [];
+
+renegotiate_dos_mitigate_passive(Config) when is_list(Config) ->
+    ServerOpts = ?config(server_opts, Config),
+    ClientOpts = ?config(client_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server =
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+				   {from, self()},
+				   {mfa, {?MODULE, send_recv_result, []}},
+				   {options, [{active, false} | ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+ 
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+					{from, self()}, 
+					{mfa, {?MODULE, 
+					       renegotiate_immediately, []}},
+					{options, ClientOpts}]),
+    
+    ssl_test_lib:check_result(Client, ok, Server, ok), 
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+tcp_error_propagation_in_active_mode(doc) ->
+    ["Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"];
+tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server  = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					  {from, self()},
+					  {mfa, {ssl_test_lib, no_result, []}},
+					  {options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+    {Client, #sslsocket{pid=Pid} = SslSocket} = ssl_test_lib:start_client([return_socket,
+							       {node, ClientNode}, {port, Port},
+							       {host, Hostname},
+							       {from, self()},
+							       {mfa, {?MODULE, receive_msg, []}},
+							       {options, ClientOpts}]),
+
+    {status, _, _, StatusInfo} = sys:get_status(Pid),
+    [_, _,_, _, Prop] = StatusInfo,
+    State = ssl_test_lib:state(Prop),
+    Socket = element(10, State),
+
+    %% Fake tcp error
+    Pid ! {tcp_error, Socket, etimedout},
+
+    ssl_test_lib:check_result(Client, {ssl_closed, SslSocket}).
+%%--------------------------------------------------------------------
+
+rizzo(doc) -> ["Test that there is a 1/n-1-split for non RC4 in 'TLS < 1.1' as it is
+    vunrable to Rizzo/Dungon attack"];
+
+rizzo(Config) when is_list(Config) ->
+    Ciphers  = [X || X ={_,Y,_} <- ssl:cipher_suites(), Y  =/= rc4_128],
+    run_send_recv_rizzo(Ciphers, Config, sslv3,
+			 {?MODULE, send_recv_result_active_rizzo, []}),
+    run_send_recv_rizzo(Ciphers, Config, tlsv1,
+			 {?MODULE, send_recv_result_active_rizzo, []}).
+
+no_rizzo_rc4(doc) -> 
+    ["Test that there is no 1/n-1-split for RC4 as it is not vunrable to Rizzo/Dungon attack"];
+
+no_rizzo_rc4(Config) when is_list(Config) ->
+    Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(),Y == rc4_128],
+    run_send_recv_rizzo(Ciphers, Config, sslv3,
+			{?MODULE, send_recv_result_active_no_rizzo, []}),
+    run_send_recv_rizzo(Ciphers, Config, tlsv1,
+			{?MODULE, send_recv_result_active_no_rizzo, []}).
+
+run_send_recv_rizzo(Ciphers, Config, Version, Mfa) ->
+    Result =  lists:map(fun(Cipher) -> 
+				rizzo_test(Cipher, Config, Version, Mfa) end,
+			Ciphers),
+    case lists:flatten(Result) of
+	[] ->
+	    ok;
+	Error ->
+	    test_server:format("Cipher suite errors: ~p~n", [Error]),
+	    test_server:fail(cipher_suite_failed_see_test_case_log) 
+    end.
+
+rizzo_test(Cipher, Config, Version, Mfa) ->
+   {ClientOpts, ServerOpts} = client_server_opts(Cipher, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+			   {mfa, Mfa},
+			   {options, [{active, true}, {ciphers, [Cipher]},
+				       {versions, [Version]}
+				      | ServerOpts]}]),
+    Port  = ssl_test_lib:inet_port(Server),
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					{host, Hostname},
+			   {from, self()}, 
+			   {mfa, Mfa},
+			   {options, [{active, true} | ClientOpts]}]),
+    
+    Result = ssl_test_lib:check_result(Server, ok, Client, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client),
+    case Result of
+	ok ->
+	    [];
+	Error ->
+	    [{Cipher, Error}]
+    end.
+
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == rsa orelse KeyAlgo == dhe_rsa ->
+    {?config(client_opts, Config),
+     ?config(server_opts, Config)};   
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
+    {?config(client_dsa_opts, Config),
+     ?config(server_dsa_opts, Config)}.
 
 %%--------------------------------------------------------------------
 %%% Internal functions
@@ -3667,6 +3869,28 @@ send_recv_result(Socket) ->
 send_recv_result_active(Socket) ->
     ssl:send(Socket, "Hello world"),
     receive 
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end;
+	{ssl, Socket, "Hello world"} ->
+	    ok
+    end.
+
+send_recv_result_active_rizzo(Socket) ->
+    ssl:send(Socket, "Hello world"),
+    receive 
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end
+    end.
+
+send_recv_result_active_no_rizzo(Socket) ->
+    ssl:send(Socket, "Hello world"),
+    receive 
 	{ssl, Socket, "Hello world"} ->
 	    ok
     end.
@@ -3674,6 +3898,12 @@ send_recv_result_active(Socket) ->
 send_recv_result_active_once(Socket) ->
     ssl:send(Socket, "Hello world"),
     receive 
+	{ssl, Socket, "H"} ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end;
 	{ssl, Socket, "Hello world"} ->
 	    ok
     end.
@@ -3698,6 +3928,25 @@ renegotiate_reuse_session(Socket, Data) ->
     test_server:sleep(?SLEEP),
     renegotiate(Socket, Data).
 
+renegotiate_immediately(Socket) ->
+    receive 
+	{ssl, Socket, "Hello world"} ->
+	    ok;
+	%% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end
+    end,
+    ok = ssl:renegotiate(Socket),  
+    {error, renegotiation_rejected} = ssl:renegotiate(Socket),
+    test_server:sleep(?RENEGOTIATION_DISABLE_TIME +1),
+    ok = ssl:renegotiate(Socket),
+    test_server:format("Renegotiated again"),
+    ssl:send(Socket, "Hello world"),
+    ok.
+    
 new_config(PrivDir, ServerOpts0) ->
     CaCertFile = proplists:get_value(cacertfile, ServerOpts0),
     CertFile = proplists:get_value(certfile, ServerOpts0),
@@ -3871,8 +4120,17 @@ erlang_ssl_receive(Socket, Data) ->
 	{ssl, Socket, Data} ->
 	    io:format("Received ~p~n",[Data]),
 	    ok;
+	{ssl, Socket, Byte} when length(Byte) == 1 ->  %% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+	    io:format("Received ~p~n",[Byte]),
+	    erlang_ssl_receive(Socket, tl(Data));
 	Other ->
 	    test_server:fail({unexpected_message, Other})
     after ?SLEEP * 3 ->
 	    test_server:fail({did_not_get, Data})
     end.
+
+receive_msg(_) ->
+    receive
+	Msg ->
+	   Msg
+    end.
diff --git a/lib/ssl/test/ssl_cipher_SUITE.erl b/lib/ssl/test/ssl_cipher_SUITE.erl
new file mode 100644
index 0000000000..99bc21e820
--- /dev/null
+++ b/lib/ssl/test/ssl_cipher_SUITE.erl
@@ -0,0 +1,163 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(ssl_cipher_SUITE).
+
+%% Note: This directive should only be used in test suites.
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+-include("ssl_internal.hrl").
+-include("ssl_record.hrl").
+-include("ssl_cipher.hrl").
+
+-define(TIMEOUT, 600000).
+
+%% Test server callback functions
+%%--------------------------------------------------------------------
+%% Function: init_per_suite(Config) -> Config
+%% Config - [tuple()]
+%%   A list of key/value pairs, holding the test case configuration.
+%% Description: Initialization before the whole suite
+%%
+%% Note: This function is free to add any key/value pairs to the Config
+%% variable, but should NOT alter/remove any existing entries.
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    try crypto:start() of
+	ok ->
+	    Config
+    catch _:_  ->
+	    {skip, "Crypto did not start"}
+    end.
+%%--------------------------------------------------------------------
+%% Function: end_per_suite(Config) -> _
+%% Config - [tuple()]
+%%   A list of key/value pairs, holding the test case configuration.
+%% Description: Cleanup after the whole suite
+%%--------------------------------------------------------------------
+end_per_suite(_Config) ->
+    ssl:stop(),
+    application:stop(crypto).
+
+%%--------------------------------------------------------------------
+%% Function: init_per_testcase(TestCase, Config) -> Config
+%% Case - atom()
+%%   Name of the test case that is about to be run.
+%% Config - [tuple()]
+%%   A list of key/value pairs, holding the test case configuration.
+%%
+%% Description: Initialization before each test case
+%%
+%% Note: This function is free to add any key/value pairs to the Config
+%% variable, but should NOT alter/remove any existing entries.
+%% Description: Initialization before each test case
+%%--------------------------------------------------------------------
+init_per_testcase(_TestCase, Config0) ->
+    Config = lists:keydelete(watchdog, 1, Config0),
+    Dog = ssl_test_lib:timetrap(?TIMEOUT),
+    [{watchdog, Dog} | Config].
+
+%%--------------------------------------------------------------------
+%% Function: end_per_testcase(TestCase, Config) -> _
+%% Case - atom()
+%%   Name of the test case that is about to be run.
+%% Config - [tuple()]
+%%   A list of key/value pairs, holding the test case configuration.
+%% Description: Cleanup after each test case
+%%--------------------------------------------------------------------
+end_per_testcase(_TestCase, Config) ->
+    Dog = ?config(watchdog, Config),
+    case Dog of 
+	undefined ->
+	    ok;
+	_ ->
+	    test_server:timetrap_cancel(Dog)
+    end.
+
+%%--------------------------------------------------------------------
+%% Function: all(Clause) -> TestCases
+%% Clause - atom() - suite | doc
+%% TestCases - [Case] 
+%% Case - atom()
+%%   Name of a test case.
+%% Description: Returns a list of all test cases in this test suite
+%%--------------------------------------------------------------------
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [aes_decipher_good, aes_decipher_fail].
+
+groups() -> 
+    [].
+
+init_per_group(_GroupName, Config) ->
+    Config.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+
+%% Test cases starts here.
+%%--------------------------------------------------------------------
+aes_decipher_good(doc) -> 
+    ["Decipher a known cryptotext."];
+
+aes_decipher_good(suite) -> 
+    [];
+
+aes_decipher_good(Config) when is_list(Config) ->
+    HashSz = 32,
+    CipherState = #cipher_state{iv = <<59,201,85,117,188,206,224,136,5,109,46,70,104,79,4,9>>,
+				key = <<72,196,247,97,62,213,222,109,210,204,217,186,172,184,197,148>>},
+    Fragment = <<220,193,179,139,171,33,143,245,202,47,123,251,13,232,114,8,
+		 190,162,74,31,186,227,119,155,94,74,119,79,169,193,240,160,
+		 198,181,81,19,98,162,213,228,74,224,253,168,156,59,195,122,
+		 108,101,107,242,20,15,169,150,163,107,101,94,93,104,241,165>>,
+    Version = {3,3},
+    Content = <<183,139,16,132,10,209,67,86,168,100,61,217,145,57,36,56,72,69,76,76,79,10>>,
+    Mac = <<71,136,212,107,223,200,70,232,127,116,148,205,232,35,158,113,237,174,15,217,192,168,35,8,6,107,107,233,25,174,90,111>>,
+    {Content, Mac, _} = ssl_cipher:decipher(?AES, HashSz, CipherState, Fragment, Version),
+    ok.
+
+%%--------------------------------------------------------------------
+
+aes_decipher_fail(doc) -> 
+    ["Decipher a known cryptotext."];
+
+aes_decipher_fail(suite) -> 
+    [];
+
+%% same as above, last byte of key replaced
+aes_decipher_fail(Config) when is_list(Config) ->
+    HashSz = 32,
+    CipherState = #cipher_state{iv = <<59,201,85,117,188,206,224,136,5,109,46,70,104,79,4,9>>,
+				key = <<72,196,247,97,62,213,222,109,210,204,217,186,172,184,197,254>>},
+    Fragment = <<220,193,179,139,171,33,143,245,202,47,123,251,13,232,114,8,
+		 190,162,74,31,186,227,119,155,94,74,119,79,169,193,240,160,
+		 198,181,81,19,98,162,213,228,74,224,253,168,156,59,195,122,
+		 108,101,107,242,20,15,169,150,163,107,101,94,93,104,241,165>>,
+    Version = {3,3},
+    {Content, Mac, _} = ssl_cipher:decipher(?AES, HashSz, CipherState, Fragment, Version),
+    32 = byte_size(Content),
+    32 = byte_size(Mac),
+    ok.
+
+%%--------------------------------------------------------------------
diff --git a/lib/ssl/test/ssl_dist_SUITE.erl b/lib/ssl/test/ssl_dist_SUITE.erl
new file mode 100644
index 0000000000..8fe55ee7a4
--- /dev/null
+++ b/lib/ssl/test/ssl_dist_SUITE.erl
@@ -0,0 +1,766 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(ssl_dist_SUITE).
+
+-include_lib("test_server/include/test_server.hrl").
+
+%% Note: This directive should only be used in test suites.
+-compile(export_all).
+
+-define(DEFAULT_TIMETRAP_SECS, 240).
+
+-define(AWAIT_SLL_NODE_UP_TIMEOUT, 30000).
+
+-record(node_handle,
+	{connection_handler,
+	 socket,
+	 name,
+	 nodename}
+       ).
+
+%% Test server callback functions
+suite() ->
+    [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+    [basic, payload, plain_options, plain_verify_options].
+
+groups() ->
+    [].
+
+init_per_group(_GroupName, Config) ->
+    Config.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+init_per_suite(Config0) ->
+    try crypto:start() of
+	ok ->
+	    case test_server:is_cover() of
+		false ->
+		    Config = add_ssl_opts_config(Config0),
+		    setup_certs(Config),
+		    Config;
+		true ->
+		    {skip, "Can not be covered"}
+	    end
+    catch _:_ ->
+	    {skip, "Crypto did not start"}
+    end.
+
+end_per_suite(Config) ->
+    application:stop(crypto),
+    Config.
+
+init_per_testcase(plain_verify_options = Case, Config) when is_list(Config) ->
+    SslFlags = setup_dist_opts([{many_verify_opts, true} | Config]),
+    Flags = case os:getenv("ERL_FLAGS") of
+		false ->
+		    os:putenv("ERL_FLAGS", SslFlags),
+		    "";
+		OldFlags ->
+		    os:putenv("ERL_FLAGS", OldFlags ++ "" ++ SslFlags),
+		    OldFlags
+    end,
+    common_init(Case, [{old_flags, Flags} | Config]);
+
+init_per_testcase(Case, Config) when is_list(Config) ->
+    common_init(Case, Config).
+
+common_init(Case, Config) ->
+    Dog = ?t:timetrap(?t:seconds(?DEFAULT_TIMETRAP_SECS)),
+    [{watchdog, Dog},{testcase, Case}|Config].
+
+end_per_testcase(Case, Config) when is_list(Config) ->
+    Flags = proplists:get_value(old_flags, Config),
+    os:putenv("ERL_FLAGS", Flags),
+    common_end(Case, Config).
+
+common_end(_, Config) ->
+    Dog = ?config(watchdog, Config),
+    ?t:timetrap_cancel(Dog),
+    ok.
+%%--------------------------------------------------------------------
+%% Test cases starts here.
+%%--------------------------------------------------------------------
+basic(doc) ->
+    ["Test that two nodes can connect via ssl distribution"];
+basic(Config) when is_list(Config) ->
+    NH1 = start_ssl_node(Config),
+    Node1 = NH1#node_handle.nodename,
+    NH2 = start_ssl_node(Config),
+    Node2 = NH2#node_handle.nodename,
+
+    pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
+
+    [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
+    [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
+
+    %% The test_server node has the same cookie as the ssl nodes
+    %% but it should not be able to communicate with the ssl nodes
+    %% via the erlang distribution.
+    pang = net_adm:ping(Node1),
+    pang = net_adm:ping(Node2),
+
+    %%
+    %% Check that we are able to communicate over the erlang
+    %% distribution between the ssl nodes.
+    %%
+    Ref = make_ref(),
+    spawn(fun () ->
+		  apply_on_ssl_node(
+		    NH1,
+		    fun () ->
+			    tstsrvr_format("Hi from ~p!~n", [node()]),
+			    send_to_tstcntrl({Ref, self()}),
+			    receive
+				{From, ping} ->
+				    tstsrvr_format("Received ping ~p!~n", [node()]),
+				    From ! {self(), pong}
+			    end
+		    end)
+	  end),
+     receive
+	 {Ref, SslPid} ->
+	     ok = apply_on_ssl_node(
+		    NH2,
+		    fun () ->
+			    tstsrvr_format("Hi from ~p!~n", [node()]),
+			    SslPid ! {self(), ping},
+			    receive
+				{SslPid, pong} ->
+				    ok
+			    end
+		    end)
+     end,
+    stop_ssl_node(NH1),
+    stop_ssl_node(NH2),
+    success(Config).
+
+%%--------------------------------------------------------------------
+payload(doc) ->
+    ["Test that send a lot of data between the ssl distributed noes"];
+payload(Config) when is_list(Config) ->
+    NH1 = start_ssl_node(Config),
+    Node1 = NH1#node_handle.nodename,
+    NH2 = start_ssl_node(Config),
+    Node2 = NH2#node_handle.nodename,
+
+    pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
+
+    [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
+    [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
+
+    Ref = make_ref(),
+    spawn(fun () ->
+		  apply_on_ssl_node(
+		    NH1,
+		    fun () ->
+			    send_to_tstcntrl({Ref, self()}),
+			    receive
+				{From, Msg} ->
+				    From ! {self(), Msg}
+			    end
+		    end)
+	  end),
+     receive
+	 {Ref, SslPid} ->
+	     ok = apply_on_ssl_node(
+		    NH2,
+		    fun () ->
+			    Msg = crypto:rand_bytes(100000),
+			    SslPid ! {self(), Msg},
+			    receive
+				{SslPid, Msg} ->
+				    ok
+			    end
+		    end)
+     end,
+    stop_ssl_node(NH1),
+    stop_ssl_node(NH2),
+    success(Config).
+%%--------------------------------------------------------------------
+plain_options(doc) ->
+    ["Test specifying additional options"];
+plain_options(Config) when is_list(Config) ->
+    DistOpts = "-ssl_dist_opt server_secure_renegotiate true "
+	"client_secure_renegotiate true "
+	"server_reuse_sessions true client_reuse_sessions true  "
+	"client_verify verify_none server_verify verify_none "
+	"server_depth 1 client_depth 1 "
+	"server_hibernate_after 500 client_hibernate_after 500",
+
+    NH1 = start_ssl_node([{additional_dist_opts, DistOpts} | Config]),
+    Node1 = NH1#node_handle.nodename,
+    NH2 = start_ssl_node([{additional_dist_opts, DistOpts} | Config]),
+    Node2 = NH2#node_handle.nodename,
+
+    pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
+
+    [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
+    [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
+
+    stop_ssl_node(NH1),
+    stop_ssl_node(NH2),
+    success(Config).
+%%--------------------------------------------------------------------
+plain_verify_options(doc) ->
+    ["Test specifying additional options"];
+plain_verify_options(Config) when is_list(Config) ->
+    DistOpts = "-ssl_dist_opt server_secure_renegotiate true "
+	"client_secure_renegotiate true "
+	"server_reuse_sessions true client_reuse_sessions true  "
+	"server_hibernate_after 500 client_hibernate_after 500",
+
+    NH1 = start_ssl_node([{additional_dist_opts, DistOpts} | Config]),
+    Node1 = NH1#node_handle.nodename,
+    NH2 = start_ssl_node([{additional_dist_opts, DistOpts} | Config]),
+    Node2 = NH2#node_handle.nodename,
+
+    pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
+
+    [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
+    [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
+
+    stop_ssl_node(NH1),
+    stop_ssl_node(NH2),
+    success(Config).
+
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
+
+%% ssl_node side api
+%%
+
+tstsrvr_format(Fmt, ArgList) ->
+    send_to_tstsrvr({format, Fmt, ArgList}).
+
+send_to_tstcntrl(Message) ->
+    send_to_tstsrvr({message, Message}).
+
+
+%%
+%% test_server side api
+%%
+
+apply_on_ssl_node(Node, M, F, A) when is_atom(M), is_atom(F), is_list(A) ->
+    Ref = make_ref(),
+    send_to_ssl_node(Node, {apply, self(), Ref, M, F, A}),
+    receive
+	{Ref, Result} ->
+	    Result
+    end.
+
+apply_on_ssl_node(Node, Fun) when is_function(Fun, 0) ->
+    Ref = make_ref(),
+    send_to_ssl_node(Node, {apply, self(), Ref, Fun}),
+    receive
+	{Ref, Result} ->
+	    Result
+    end.
+
+stop_ssl_node(#node_handle{connection_handler = Handler,
+			   socket = Socket,
+			   name = Name}) ->
+    ?t:format("Trying to stop ssl node ~s.~n", [Name]),
+    Mon = erlang:monitor(process, Handler),
+    unlink(Handler),
+    case gen_tcp:send(Socket, term_to_binary(stop)) of
+	ok ->
+	    receive
+		{'DOWN', Mon, process, Handler, Reason} ->
+		    case Reason of
+			normal -> ok;
+			_ -> exit(Reason)
+		    end
+	    end;
+	Error ->
+	    erlang:demonitor(Mon, [flush]),
+	    exit(Error)
+    end.
+
+start_ssl_node(Config) ->
+    start_ssl_node(Config, "").
+
+start_ssl_node(Config, XArgs) ->
+    Name = mk_node_name(Config),
+    SSL = ?config(ssl_opts, Config),
+    SSLDistOpts = setup_dist_opts(Config),
+    start_ssl_node_raw(Name, SSL ++ " " ++ SSLDistOpts ++ XArgs).
+
+start_ssl_node_raw(Name, Args) ->
+    {ok, LSock} = gen_tcp:listen(0,
+				 [binary, {packet, 4}, {active, false}]),
+    {ok, ListenPort} = inet:port(LSock),
+    CmdLine = mk_node_cmdline(ListenPort, Name, Args),
+    ?t:format("Attempting to start ssl node ~s: ~s~n", [Name, CmdLine]),
+    case open_port({spawn, CmdLine}, []) of
+	Port when is_port(Port) ->
+	    unlink(Port),
+	    erlang:port_close(Port),
+	    case await_ssl_node_up(Name, LSock) of
+		#node_handle{} = NodeHandle ->
+		    ?t:format("Ssl node ~s started.~n", [Name]),
+		    NodeName = list_to_atom(Name ++ "@" ++ host_name()),
+		    NodeHandle#node_handle{nodename = NodeName};
+		Error ->
+		    exit({failed_to_start_node, Name, Error})
+	    end;
+	Error ->
+	    exit({failed_to_start_node, Name, Error})
+    end.
+
+%%
+%% command line creation
+%%
+
+host_name() ->
+    [$@ | Host] = lists:dropwhile(fun ($@) -> false; (_) -> true end,
+				  atom_to_list(node())),
+    Host.
+
+mk_node_name(Config) ->
+    {A, B, C} = erlang:now(),
+    Case = ?config(testcase, Config),
+    atom_to_list(?MODULE)
+	++ "_"
+	++ atom_to_list(Case)
+	++ "_"
+	++ integer_to_list(A)
+	++ "-"
+	++ integer_to_list(B)
+	++ "-"
+	++ integer_to_list(C).
+
+mk_node_cmdline(ListenPort, Name, Args) ->
+    Static = "-detached -noinput",
+    Pa = filename:dirname(code:which(?MODULE)),
+    Prog = case catch init:get_argument(progname) of
+	       {ok,[[P]]} -> P;
+	       _ -> exit(no_progname_argument_found)
+	   end,
+    NameSw = case net_kernel:longnames() of
+		 false -> "-sname ";
+		 _ -> "-name "
+	     end,
+    {ok, Pwd} = file:get_cwd(),
+    Prog ++ " "
+	++ Static ++ " "
+	++ NameSw ++ " " ++ Name ++ " "
+	++ "-pa " ++ Pa ++ " "
+	++ "-run application start crypto -run application start public_key "
+	++ "-run " ++ atom_to_list(?MODULE) ++ " cnct2tstsrvr "
+	++ host_name() ++ " "
+	++ integer_to_list(ListenPort) ++ " "
+	++ Args ++ " "
+	++ "-env ERL_CRASH_DUMP " ++ Pwd ++ "/erl_crash_dump." ++ Name ++ " "
+	++ "-setcookie " ++ atom_to_list(erlang:get_cookie()).
+
+%%
+%% Connection handler test_server side
+%%
+
+await_ssl_node_up(Name, LSock) ->
+    case gen_tcp:accept(LSock, ?AWAIT_SLL_NODE_UP_TIMEOUT) of
+	timeout ->
+	    gen_tcp:close(LSock),
+	    ?t:format("Timeout waiting for ssl node ~s to come up~n",
+		      [Name]),
+	    timeout;
+	{ok, Socket} ->
+	    gen_tcp:close(LSock),
+	    case gen_tcp:recv(Socket, 0) of
+		{ok, Bin} ->
+		    check_ssl_node_up(Socket, Name, Bin);
+		{error, closed} ->
+		    gen_tcp:close(Socket),
+		    exit({lost_connection_with_ssl_node_before_up, Name})
+	    end;
+	{error, Error} ->
+	    gen_tcp:close(LSock),
+	    exit({accept_failed, Error})
+    end.
+
+check_ssl_node_up(Socket, Name, Bin) ->
+    case catch binary_to_term(Bin) of
+	{'EXIT', _} ->
+	    gen_tcp:close(Socket),
+	    exit({bad_data_received_from_ssl_node, Name, Bin});
+	{ssl_node_up, NodeName} ->
+	    case list_to_atom(Name++"@"++host_name()) of
+		NodeName ->
+		    Parent = self(),
+		    Go = make_ref(),
+		    %% Spawn connection handler on test server side
+		    Pid = spawn_link(
+			    fun () ->
+				    receive Go -> ok end,
+				    tstsrvr_con_loop(Name, Socket, Parent)
+			    end),
+		    ok = gen_tcp:controlling_process(Socket, Pid),
+		    Pid ! Go,
+		    #node_handle{connection_handler = Pid,
+				 socket = Socket,
+				 name = Name};
+		_ ->
+		    exit({unexpected_ssl_node_connected, NodeName})
+	    end;
+	Msg ->
+	    exit({unexpected_msg_instead_of_ssl_node_up, Name, Msg})
+    end.
+
+send_to_ssl_node(#node_handle{connection_handler = Hndlr}, Term) ->
+    Hndlr ! {relay_to_ssl_node, term_to_binary(Term)},
+    ok.
+
+tstsrvr_con_loop(Name, Socket, Parent) ->
+    inet:setopts(Socket,[{active,once}]),
+    receive
+	{relay_to_ssl_node, Data} when is_binary(Data) ->
+	    case gen_tcp:send(Socket, Data) of
+		ok ->
+		    ok;
+		_Error ->
+		    gen_tcp:close(Socket),
+		    exit({failed_to_relay_data_to_ssl_node, Name, Data})
+	    end;
+	{tcp, Socket, Bin} ->
+	    case catch binary_to_term(Bin) of
+		{'EXIT', _} ->
+		    gen_tcp:close(Socket),
+		    exit({bad_data_received_from_ssl_node, Name, Bin});
+		{format, FmtStr, ArgList} ->
+		    ?t:format(FmtStr, ArgList);
+		{message, Msg} ->
+		    ?t:format("Got message ~p", [Msg]),
+		    Parent ! Msg;
+		{apply_res, To, Ref, Res} ->
+		    To ! {Ref, Res};
+		bye ->
+		    ?t:format("Ssl node ~s stopped.~n", [Name]),
+		    gen_tcp:close(Socket),
+		    exit(normal);
+		Unknown ->
+		    exit({unexpected_message_from_ssl_node, Name, Unknown})
+	    end;
+	{tcp_closed, Socket} ->
+	    gen_tcp:close(Socket),
+	    exit({lost_connection_with_ssl_node, Name})
+    end,
+    tstsrvr_con_loop(Name, Socket, Parent).
+
+%%
+%% Connection handler ssl_node side
+%%
+
+% cnct2tstsrvr() is called via command line arg -run ...
+cnct2tstsrvr([Host, Port]) when is_list(Host), is_list(Port) ->
+    %% Spawn connection handler on ssl node side
+    ConnHandler
+	= spawn(fun () ->
+			case catch gen_tcp:connect(Host,
+						   list_to_integer(Port),
+						   [binary,
+						    {packet, 4},
+						    {active, false}]) of
+			    {ok, Socket} ->
+				notify_ssl_node_up(Socket),
+				ets:new(test_server_info,
+					[set,
+					 public,
+					 named_table,
+					 {keypos, 1}]),
+				ets:insert(test_server_info,
+					   {test_server_handler, self()}),
+				ssl_node_con_loop(Socket);
+			    Error ->
+				halt("Failed to connect to test server " ++
+					 lists:flatten(io_lib:format("Host:~p ~n Port:~p~n Error:~p~n",
+								     [Host, Port, Error])))
+			end
+		end),
+    spawn(fun () ->
+		  Mon = erlang:monitor(process, ConnHandler),
+		  receive
+		      {'DOWN', Mon, process, ConnHandler, Reason} ->
+			  receive after 1000 -> ok end,
+			  halt("test server connection handler terminated: " ++
+				   lists:flatten(io_lib:format("~p", [Reason])))
+		  end
+	  end).
+
+notify_ssl_node_up(Socket) ->
+    case catch gen_tcp:send(Socket,
+			    term_to_binary({ssl_node_up, node()})) of
+	ok -> ok;
+	_ -> halt("Failed to notify test server that I'm up")
+    end.
+
+send_to_tstsrvr(Term) ->
+    case catch ets:lookup_element(test_server_info, test_server_handler, 2) of
+	Hndlr when is_pid(Hndlr) ->
+	    Hndlr ! {relay_to_test_server, term_to_binary(Term)}, ok;
+	_ ->
+	    receive after 200 -> ok end,
+	    send_to_tstsrvr(Term)
+    end.
+
+ssl_node_con_loop(Socket) ->
+    inet:setopts(Socket,[{active,once}]),
+    receive
+	{relay_to_test_server, Data} when is_binary(Data) ->
+	    case gen_tcp:send(Socket, Data) of
+		ok ->
+		    ok;
+		_Error ->
+		    gen_tcp:close(Socket),
+		    halt("Failed to relay data to test server")
+	    end;
+	{tcp, Socket, Bin} ->
+	    case catch binary_to_term(Bin) of
+		{'EXIT', _} ->
+		    gen_tcp:close(Socket),
+		    halt("test server sent me bad data");
+		{apply, From, Ref, M, F, A} ->
+		    spawn_link(
+		      fun () ->
+			      send_to_tstsrvr({apply_res,
+					       From,
+					       Ref,
+					       (catch apply(M, F, A))})
+			  end);
+		{apply, From, Ref, Fun} ->
+		    spawn_link(fun () ->
+				       send_to_tstsrvr({apply_res,
+							From,
+							Ref,
+							(catch Fun())})
+			       end);
+		stop ->
+		    gen_tcp:send(Socket, term_to_binary(bye)),
+		    gen_tcp:close(Socket),
+		    init:stop(),
+		    receive after infinity -> ok end;
+		_Unknown ->
+		    halt("test server sent me an unexpected message")
+	    end;
+	{tcp_closed, Socket} ->
+	    halt("Lost connection to test server")
+    end,
+    ssl_node_con_loop(Socket).
+
+%%
+%% Setup ssl dist info
+%%
+
+rand_bin(N) ->
+    rand_bin(N, []).
+
+rand_bin(0, Acc) ->
+    Acc;
+rand_bin(N, Acc) ->
+    rand_bin(N-1, [random:uniform(256)-1|Acc]).
+
+make_randfile(Dir) ->
+    {ok, IoDev} = file:open(filename:join([Dir, "RAND"]), [write]),
+    {A, B, C} = erlang:now(),
+    random:seed(A, B, C),
+    ok = file:write(IoDev, rand_bin(1024)),
+    file:close(IoDev).
+
+append_files(FileNames, ResultFileName) ->
+    {ok, ResultFile} = file:open(ResultFileName, [write]),
+    do_append_files(FileNames, ResultFile).
+
+do_append_files([], RF) ->
+    ok = file:close(RF);
+do_append_files([F|Fs], RF) ->
+    {ok, Data} = file:read_file(F),
+    ok = file:write(RF, Data),
+    do_append_files(Fs, RF).
+
+setup_certs(Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    NodeDir = filename:join([PrivDir, "Certs"]),
+    RGenDir = filename:join([NodeDir, "rand_gen"]),
+    ok = file:make_dir(NodeDir),
+    ok = file:make_dir(RGenDir),
+    make_randfile(RGenDir),
+    make_certs:all(RGenDir, NodeDir),
+    SDir = filename:join([NodeDir, "server"]),
+    SC = filename:join([SDir, "cert.pem"]),
+    SK = filename:join([SDir, "key.pem"]),
+    SKC = filename:join([SDir, "keycert.pem"]),
+    append_files([SK, SC], SKC),
+    CDir = filename:join([NodeDir, "client"]),
+    CC = filename:join([CDir, "cert.pem"]),
+    CK = filename:join([CDir, "key.pem"]),
+    CKC = filename:join([CDir, "keycert.pem"]),
+    append_files([CK, CC], CKC).
+
+setup_dist_opts(Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    DataDir = ?config(data_dir, Config),
+    Dhfile = filename:join([DataDir, "dHParam.pem"]),
+    NodeDir = filename:join([PrivDir, "Certs"]),
+    SDir = filename:join([NodeDir, "server"]),
+    CDir = filename:join([NodeDir, "client"]),
+    SC = filename:join([SDir, "cert.pem"]),
+    SK = filename:join([SDir, "key.pem"]),
+    SKC = filename:join([SDir, "keycert.pem"]),
+    SCA = filename:join([CDir, "cacerts.pem"]),
+    CC = filename:join([CDir, "cert.pem"]),
+    CK = filename:join([CDir, "key.pem"]),
+    CKC = filename:join([CDir, "keycert.pem"]),
+    CCA = filename:join([SDir, "cacerts.pem"]),
+
+    DistOpts = case  proplists:get_value(many_verify_opts, Config, false) of
+		   false ->
+		       "-proto_dist inet_tls "
+			   ++ "-ssl_dist_opt server_certfile " ++ SKC ++ " "
+			   ++ "-ssl_dist_opt client_certfile " ++ CKC ++ " ";
+		   true ->
+		       case os:type() of
+			   {win32, _} ->
+			       "-proto_dist inet_tls "
+				   ++ "-ssl_dist_opt server_certfile " ++ SKC ++ " "
+				   ++ "-ssl_dist_opt server_cacertfile " ++ SCA ++ " "
+				   ++ "-ssl_dist_opt server_verify verify_peer "
+				   ++ "-ssl_dist_opt server_fail_if_no_peer_cert true "
+				   ++ "-ssl_dist_opt server_ciphers DHE-RSA-AES256-SHA\:DHE-RSA-AES128-SHA "
+				   ++ "-ssl_dist_opt server_dhfile " ++ Dhfile ++ " "
+				   ++ "-ssl_dist_opt client_certfile " ++ CKC ++ " "
+				   ++ "-ssl_dist_opt client_cacertfile " ++ CCA ++ " "
+				   ++ "-ssl_dist_opt client_verify verify_peer "
+				   ++ "-ssl_dist_opt client_ciphers DHE-RSA-AES256-SHA\:DHE-RSA-AES128-SHA ";
+			   _ ->
+			       "-proto_dist inet_tls "
+				   ++ "-ssl_dist_opt server_certfile " ++ SC ++ " "
+				   ++ "-ssl_dist_opt server_keyfile " ++ SK ++ " "
+				   ++ "-ssl_dist_opt server_cacertfile " ++ SCA ++ " "
+				   ++ "-ssl_dist_opt server_verify verify_peer "
+				   ++ "-ssl_dist_opt server_fail_if_no_peer_cert true "
+				   ++ "-ssl_dist_opt server_ciphers DHE-RSA-AES256-SHA\:DHE-RSA-AES128-SHA "
+				   ++ "-ssl_dist_opt server_dhfile " ++ Dhfile ++ " "
+				   ++ "-ssl_dist_opt client_certfile " ++ CC ++ " "
+				   ++ "-ssl_dist_opt client_keyfile " ++ CK ++ " "
+				   ++ "-ssl_dist_opt client_cacertfile " ++ CCA ++ " "
+				   ++ "-ssl_dist_opt client_verify verify_peer "
+				   ++ "-ssl_dist_opt client_ciphers DHE-RSA-AES256-SHA\:DHE-RSA-AES128-SHA "
+		       end
+	       end,
+    MoreOpts = proplists:get_value(additional_dist_opts, Config, []),
+    DistOpts ++ MoreOpts.
+
+%%
+%% Start scripts etc...
+%%
+
+add_ssl_opts_config(Config) ->
+    %%
+    %% Start with boot scripts if on an installed system; otherwise,
+    %% just point out ssl ebin with -pa.
+    %%
+    try
+	Dir = ?config(priv_dir, Config),
+	LibDir = code:lib_dir(),
+	Apps = application:which_applications(),
+	{value, {stdlib, _, STDL_VSN}} = lists:keysearch(stdlib, 1, Apps),
+	{value, {kernel, _, KRNL_VSN}} = lists:keysearch(kernel, 1, Apps),
+	StdlDir = filename:join([LibDir, "stdlib-" ++ STDL_VSN]),
+	KrnlDir = filename:join([LibDir, "kernel-" ++ KRNL_VSN]),
+	{ok, _} = file:read_file_info(StdlDir),
+	{ok, _} = file:read_file_info(KrnlDir),
+	SSL_VSN = vsn(ssl),
+	VSN_CRYPTO = vsn(crypto),
+	VSN_PKEY = vsn(public_key),
+
+	SslDir = filename:join([LibDir, "ssl-" ++ SSL_VSN]),
+	{ok, _} = file:read_file_info(SslDir),
+	%% We are using an installed otp system, create the boot script.
+	Script = filename:join(Dir, atom_to_list(?MODULE)),
+	{ok, RelFile} = file:open(Script ++ ".rel", [write]),
+        io:format(RelFile,
+		  "{release, ~n"
+		  " {\"SSL distribution test release\", \"~s\"},~n"
+		  " {erts, \"~s\"},~n"
+		  " [{kernel, \"~s\"},~n"
+		  "  {stdlib, \"~s\"},~n"
+		  "  {crypto, \"~s\"},~n"
+		  "  {public_key, \"~s\"},~n"
+		  "  {ssl, \"~s\"}]}.~n",
+		  [case catch erlang:system_info(otp_release) of
+		       {'EXIT', _} -> "R11B";
+		       Rel -> Rel
+		   end,
+		   erlang:system_info(version),
+		   KRNL_VSN,
+		   STDL_VSN,
+		   VSN_CRYPTO,
+		   VSN_PKEY,
+		   SSL_VSN]),
+	ok = file:close(RelFile),
+	ok = systools:make_script(Script, []),
+	[{ssl_opts, "-boot " ++ Script} | Config]
+    catch
+	_:_ ->
+	    [{ssl_opts, "-pa " ++ filename:dirname(code:which(ssl))}
+	     | add_comment_config(
+		 "Bootscript wasn't used since the test wasn't run on an "
+		 "installed OTP system.",
+		 Config)]
+    end.
+
+%%
+%% Add common comments to config
+%%
+
+add_comment_config(Comment, []) ->
+    [{comment, Comment}];
+add_comment_config(Comment, [{comment, OldComment} | Cs]) ->
+    [{comment, Comment ++ " " ++ OldComment} | Cs];
+add_comment_config(Comment, [C|Cs]) ->
+    [C|add_comment_config(Comment, Cs)].
+
+%%
+%% Call when test case success
+%%
+
+success(Config) ->
+    case lists:keysearch(comment, 1, Config) of
+	{value, {comment, _} = Res} -> Res;
+	_ -> ok
+    end.
+
+vsn(App) ->
+    application:start(App),
+    try
+	{value,
+	 {ssl,
+	  _,
+	  VSN}} = lists:keysearch(App,
+				  1,
+				  application:which_applications()),
+	VSN
+     after
+	 application:stop(ssl)
+     end.
diff --git a/lib/ssl/test/ssl_dist_SUITE_data/dHParam.pem b/lib/ssl/test/ssl_dist_SUITE_data/dHParam.pem
new file mode 100644
index 0000000000..feb581da30
--- /dev/null
+++ b/lib/ssl/test/ssl_dist_SUITE_data/dHParam.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAMY5VmCZ22ZEy/KO8kjt94PH7ZtSG0Z0zitlMlvd4VsNkDzXsVeu+wkH
+FGDC3h3vgv6iwXGCbmrSOVk/FPZbzLhwZ8aLnkUFOBbOvVvb1JptQwOt8mf+eScG
+M2gGBktheQV5Nf1IrzOctG7VGt+neiqb/Y86uYCcDdL+M8++0qnLAgEC
+-----END DH PARAMETERS-----
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 9d2599b778..4b74f57a60 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -158,14 +158,24 @@ all() ->
      packet_asn1_decode, packet_asn1_decode_list,
      packet_tpkt_decode, packet_tpkt_decode_list,
      packet_sunrm_decode, packet_sunrm_decode_list,
-     header_decode_one_byte, header_decode_two_bytes,
-     header_decode_two_bytes_one_sent,
-     header_decode_two_bytes_two_sent].
+     {group, header}
+    ].
 
 groups() -> 
-    [].
+    [{header, [], [ header_decode_one_byte,  
+		    header_decode_two_bytes, 
+		    header_decode_two_bytes_one_sent,
+		    header_decode_two_bytes_two_sent]}].
+
+init_per_group(header, Config) ->
+    case ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()) of
+	{3, N} when N < 2 ->
+	    {skip, ""};
+	_ ->
+	    Config
+    end;
 
-init_per_group(_GroupName, Config) ->
+init_per_group(_, Config) ->
     Config.
 
 end_per_group(_GroupName, Config) ->
@@ -2626,6 +2636,13 @@ active_once_raw(_, _, 0, _) ->
     ok;
 active_once_raw(Socket, Data, N, Acc) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, _} ->
+		    ssl:setopts(Socket, [{active, once}]),
+		    active_once_raw(Socket, Data, N-1, [])
+	    end;
 	{ssl, Socket, Data} ->
 	    ssl:setopts(Socket, [{active, once}]),
 	    active_once_raw(Socket, Data, N-1, []);
@@ -2648,7 +2665,14 @@ active_once_packet(Socket,_, 0) ->
 	    {other, Other, ssl:session_info(Socket), 0}
     end;
 active_once_packet(Socket, Data, N) ->
-    receive 
+    receive 	
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, _} ->
+		    ssl:setopts(Socket, [{active, once}]),
+		    active_once_packet(Socket, Data, N-1)
+	    end;
 	{ssl, Socket, Data} ->
 	    ok
     end,
@@ -2662,6 +2686,11 @@ active_raw(_Socket, _, 0, _) ->
     ok;
 active_raw(Socket, Data, N, Acc) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    receive
+		{ssl, Socket, _} ->
+		    active_raw(Socket, Data, N -1)
+	    end;
 	{ssl, Socket, Data} ->
 	    active_raw(Socket, Data, N-1, []);
 	{ssl, Socket, Other} ->
@@ -2682,6 +2711,11 @@ active_packet(Socket, _, 0) ->
     end;
 active_packet(Socket, Data, N) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    receive
+		{ssl, Socket, _} ->
+		    active_packet(Socket, Data, N -1)
+		end;
 	{ssl, Socket, Data} ->
 	    active_packet(Socket, Data, N -1);
 	Other ->
diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl
index 5ea45018e6..491aa893c2 100644
--- a/lib/ssl/test/ssl_session_cache_SUITE.erl
+++ b/lib/ssl/test/ssl_session_cache_SUITE.erl
@@ -210,7 +210,7 @@ session_cleanup(Config)when is_list(Config) ->
 
     {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
     [_, _,_, _, Prop] = StatusInfo,
-    State = state(Prop),
+    State = ssl_test_lib:state(Prop),
     Cache = element(2, State),
     SessionTimer = element(6, State),
 
@@ -225,11 +225,12 @@ session_cleanup(Config)when is_list(Config) ->
     check_timer(SessionTimer),
     test_server:sleep(?DELAY *2),  %% Delay time + some extra time
 
-    DelayTimer = get_delay_timer(),
+    {ServerDelayTimer, ClientDelayTimer} = get_delay_timers(),
 
-    check_timer(DelayTimer),
+    check_timer(ServerDelayTimer),
+    check_timer(ClientDelayTimer),
 
-    test_server:sleep(?SLEEP),  %% Make sure clean has had to run
+    test_server:sleep(?SLEEP),  %% Make sure clean has had time to run
 
     undefined = ssl_session_cache:lookup(Cache, {{Hostname, Port}, Id}),
     undefined = ssl_session_cache:lookup(Cache, {Port, Id}),
@@ -238,31 +239,34 @@ session_cleanup(Config)when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
-state([{data,[{"State", State}]} | _]) ->
-    State;
-state([_ | Rest]) ->
-    state(Rest).
-
 check_timer(Timer) ->
     case erlang:read_timer(Timer) of
 	false ->
 	    {status, _, _, _} = sys:get_status(whereis(ssl_manager)),
+	    timer:sleep(?SLEEP),
+	    {status, _, _, _} = sys:get_status(whereis(ssl_manager)),
 	    ok;
 	Int ->
 	    test_server:sleep(Int),
 	    check_timer(Timer)
     end.
 
-get_delay_timer() ->
+get_delay_timers() ->
     {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
     [_, _,_, _, Prop] = StatusInfo,
-    State = state(Prop),
+    State = ssl_test_lib:state(Prop),
     case element(7, State) of
-	undefined ->
+	{undefined, undefined} ->
+	    test_server:sleep(?SLEEP),
+	    get_delay_timers();
+	{undefined, _} ->
+	    test_server:sleep(?SLEEP),
+	    get_delay_timers();
+	{_, undefined} ->
 	    test_server:sleep(?SLEEP),
-	    get_delay_timer();
-	DelayTimer ->
-	    DelayTimer
+	    get_delay_timers();
+	DelayTimers ->
+	    DelayTimers
     end.
 %%--------------------------------------------------------------------
 session_cache_process_list(doc) ->
diff --git a/lib/ssl/test/ssl_test_MACHINE.erl b/lib/ssl/test/ssl_test_MACHINE.erl
deleted file mode 100644
index e0ffa15d80..0000000000
--- a/lib/ssl/test/ssl_test_MACHINE.erl
+++ /dev/null
@@ -1,940 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(ssl_test_MACHINE).
-
--export([many_conns/0, mk_ssl_cert_opts/1, test_one_listener/7, 
-	 test_server_only/6]).
-
--export([process_init/3, do_start/1]).
-
-
--include("test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(WAIT_TIMEOUT, 10000).
--define(CLOSE_WAIT, 1000).
-
-%%
-%% many_conns() -> ManyConnections
-%%
-%% Choose a suitable number of "many connections" depending on platform
-%% and current limit for file descriptors.
-%%
-many_conns() ->
-    case os:type() of
-	{unix,_} -> many_conns_1();
-	_ -> 10
-    end.
-
-many_conns_1() ->
-    N0 = os:cmd("ulimit -n"),
-    N1 = lists:reverse(N0),
-    N2 = lists:dropwhile(fun($\r) -> true;
-			    ($\n) -> true;
-			    (_) -> false
-			 end, N1),
-    N = list_to_integer(lists:reverse(N2)),
-    lists:min([(N - 10) div 2, 501]).
-	
-%%
-%% mk_ssl_cert_opts(Config) -> {ok, {COpts, SOpts}}
-%%
-%% 
-mk_ssl_cert_opts(_Config) ->
-    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
-    COpts = [{ssl_imp, old},
-	     {cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
-	     {certfile, filename:join([Dir, "client", "cert.pem"])}, 
-	     {keyfile, filename:join([Dir, "client", "key.pem"])}], 
-    SOpts = [{ssl_imp, old},
-	     {cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
-	     {certfile, filename:join([Dir, "server", "cert.pem"])}, 
-	     {keyfile, filename:join([Dir, "server", "key.pem"])}], 
-    {ok, {COpts, SOpts}}.
-
-%%
-%% Cmds:
-%%		{protomod, gen_tcp | ssl}             		default = ssl
-%%		{serialize_accept, true | false}  	default = false
-%%		{timeout, Timeout}
-%%		{sockopts, Opts}
-%%		{sslopts, Opts}
-%%		{protocols, Protocols}  [sslv2|sslv3|tlsv1]
-%%		{listen, Port}
-%%		{lsock, LSock}		listen socket for acceptor
-%%		peercert
-%%		accept
-%%		{connect, {Host, Port}}
-%%		{recv, N}
-%%		{send, N}
-%%		{echo, N}		async echo back
-%%		close			close connection socket
-%%		{close, Time}		wait time and then close socket
-%%		lclose			close listen socket
-%%		await_close		wait for close
-%%		wait_sync		listener's wait for sync from parent
-%%		connection_info		
-%%		{exit, Reason}		exit
-%%
-%%
-%% We cannot have more than `backlog' acceptors at the same time.
-%%
-
-
-%%
-%% test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, Suite, Config)
-%%
-%% Creates one client and one server node, and runs one listener on
-%% the server node (according to LCmds), and creates NConns acceptors
-%% on the server node, and the same number of connectors on the client
-%% node. The acceptors and and connectors execute according to ACmds
-%% and CCmds, respectively.
-%%
-%% It is a good idea to have the backlog size in LCmds set to
-%% be at least as large as NConns.
-%%
-test_one_listener(NConns, LCmds0, ACmds0, CCmds0, Timeout, Suite, Config) ->
-    ProtoMod = get_protomod(Config), 
-    SerializeAccept = get_serialize_accept(Config), 
-    ?line {ok, {CNode, SNode}} = start_client_server_nodes(Suite),
-    case ProtoMod of
-	ssl -> 
-	    ?line ok = start_ssl([CNode, SNode], Config);
-	gen_tcp ->
-	    ok
-    end, 
-    LCmds = [{protomod, ProtoMod}| LCmds0], 
-    ACmds = [{protomod, ProtoMod}, {serialize_accept, SerializeAccept}| 
-	     ACmds0], 
-    CCmds = [{protomod, ProtoMod}| CCmds0], 
-
-    ?line {ok, Listener} = start_process(SNode, self(), LCmds, listener),
-    ?line {ok, LSock} = wait_lsock(Listener, ?WAIT_TIMEOUT),
-    ?line {ok, Accs0} = start_processes(NConns, SNode, self(), 
-				       [{lsock, LSock}| ACmds], acceptor),
-    Accs = case ProtoMod of 
-	       gen_tcp ->
-		   [Acc1| Accs1] = Accs0,
-		   Acc1 ! {continue_accept, self()},
-		   Accs1;
-	       ssl  ->
-		   Accs0
-	   end,
-    ?line {ok, Conns} = start_processes(NConns, CNode, self(), 
-					CCmds, connector),
-    ?line case wait_ack(Accs, Accs0 ++ Conns, Timeout) of
-	      ok ->
-		  ?line sync([Listener]),
-		  ?line wait_ack([], [Listener], ?WAIT_TIMEOUT);
-	      {error, Reason} ->
-		  ?line stop_node(SNode),
-		  ?line stop_node(CNode),
-		  exit(Reason)
-	  end,
-    ?line stop_node(SNode),
-    ?line stop_node(CNode),
-    ok.
-
-%%
-%% test_server_only(NConns, LCmds, ACmds, Timeout, Suite, Config)
-%%
-%% Creates only one server node, and runs one listener on
-%% the server node (according to LCmds), and creates NConns acceptors
-%% on the server node. The acceptors execute according to ACmds.
-%% There are no connectors.
-%%
-test_server_only(NConns, LCmds0, ACmds0, Timeout, Suite, Config) ->
-    ProtoMod = get_protomod(Config), 
-    ?line {ok, SNode} = start_server_node(Suite),
-    case ProtoMod of
-	ssl -> 
-	    ?line ok = start_ssl([SNode], Config);
-	gen_tcp ->
-	    ok
-    end, 
-    LCmds = [{protomod, ProtoMod}| LCmds0], 
-    ACmds = [{protomod, ProtoMod}| ACmds0], 
-    ?line {ok, Listener} = start_process(SNode, self(), LCmds, listener),
-    ?line {ok, LSock} = wait_lsock(Listener, ?WAIT_TIMEOUT),
-    ?line {ok, Accs0} = start_processes(NConns, SNode, self(), 
-				       [{lsock, LSock}| ACmds], acceptor),
-    Accs = case ProtoMod of 
-	       gen_tcp ->
-		   [Acc1| Accs1] = Accs0,
-		   Acc1 ! {continue_accept, self()},
-		   Accs1;
-	       ssl  ->
-		   Accs0
-	   end,
-    ?line case wait_ack(Accs, Accs0, Timeout) of
-	      ok ->
-		  ?line sync([Listener]),
-		  ?line wait_ack([], [Listener], ?WAIT_TIMEOUT);
-	      {error, Reason} ->
-		  ?line stop_node(SNode),
-		  exit(Reason)
-	  end,
-    ?line stop_node(SNode),
-    ok.
-
-%%
-%% start_client_server_nodes(Suite) -> {ok, {CNode, SNode}}
-%%
-start_client_server_nodes(Suite) ->
-    {ok, CNode} = start_client_node(Suite),
-    {ok, SNode} = start_server_node(Suite),
-    {ok, {CNode, SNode}}.
-
-start_client_node(Suite) ->
-    start_node(lists:concat([Suite, "_client"])).
-
-start_server_node(Suite) ->
-    start_node(lists:concat([Suite, "_server"])).
-
-%%
-%% start_ssl(Nodes, Config)
-%%
-start_ssl(Nodes, Config) -> 
-    Env0 = lists:flatten([Env00 || {env, Env00} <- Config]),
-    Env1 = case os:getenv("SSL_DEBUG") of
-	       false ->
-		   [];
-	       _ ->
-		   Dir = ?config(priv_dir, Config),
-		   [{debug, true}, {debugdir, Dir}]
-	   end,
-    Env = Env0 ++ Env1,
-    lists:foreach(
-      fun(Node) -> rpc:call(Node, ?MODULE, do_start, [Env]) end, Nodes),
-    ok.
-
-do_start(Env) ->
-    application:start(crypto),
-    application:start(public_key),
-    application:load(ssl),
-    lists:foreach(
-      fun({Par, Val}) -> application:set_env(ssl, Par, Val) end, Env),
-    application:start(ssl).
-
-    
-%%
-%% start_node(Name) -> {ok, Node}
-%% start_node(Name, ExtraParams) -> {ok, Node}
-%%
-start_node(Name) ->
-    start_node(Name, []).
-start_node(Name, ExtraParams) ->
-    Params = "-pa " ++ filename:dirname(code:which(?MODULE)) ++ " " ++
-	ExtraParams,
-    test_server:start_node(Name, slave, [{args, Params}]).
-
-stop_node(Node) ->
-    test_server:stop_node(Node).
-
-%%
-%% start_processes(N, Node, Parent, Cmds, Type) -> {ok, Pids}
-%%
-start_processes(M, Node, Parent, Cmds, Type) ->
-    start_processes1(0, M, Node, Parent, Cmds, Type, []).
-start_processes1(M, M, _, _, _, _, Pids) ->
-    {ok, lists:reverse(Pids)};
-start_processes1(N, M, Node, Parent, Cmds, Type, Pids) ->
-    {ok, Pid} = start_process(Node, Parent, Cmds, {Type, N + 1}),
-    start_processes1(N + 1, M, Node, Parent, Cmds, Type, [Pid| Pids]).
-
-%%
-%% start_process(Node, Parent, Cmds, Type) -> {ok, Pid}
-%%
-start_process(Node, Parent, Cmds0, Type) ->
-    Cmds = case os:type() of 
-	       {win32, _} ->
-		   lists:map(fun(close) -> {close, ?CLOSE_WAIT};
-				(Term) -> Term end, Cmds0);
-	       _ ->
-		   Cmds0
-	   end,
-    Pid = spawn_link(Node, ?MODULE, process_init, [Parent, Cmds, Type]),
-    {ok, Pid}.
-
-process_init(Parent, Cmds, Type) ->
-    ?debug("#### ~w start~n", [{Type, self()}]),
-    pre_main_loop(Cmds, #st{parent = Parent, type = Type}).
-
-%%
-%% pre_main_loop
-%%
-pre_main_loop([], St) ->
-    ?debug("#### ~w end~n", [{St#st.type, self()}]),
-    main_loop([], St);
-pre_main_loop(Cmds, St) ->
-    ?debug("#### ~w -> ~w~n", 
-	   [{St#st.type, self(), St#st.sock, St#st.port, 
-	     St#st.peer, St#st.active}, hd(Cmds)]),
-    main_loop(Cmds, St).
-    
-%%
-%% main_loop(Cmds, St)
-%%
-main_loop([{protomod, ProtoMod}| Cmds], St) ->
-    pre_main_loop(Cmds, St#st{protomod = ProtoMod});
-
-main_loop([{serialize_accept, Bool}| Cmds], St) ->
-    pre_main_loop(Cmds, St#st{serialize_accept = Bool});
-
-main_loop([{sockopts, Opts}| Cmds], St) ->
-    pre_main_loop(Cmds, St#st{sockopts = Opts});
-
-main_loop([{sslopts, Opts}| Cmds], St) ->
-    pre_main_loop(Cmds, St#st{sslopts = Opts});
-
-main_loop([{protocols, Protocols}| Cmds], St) ->
-    pre_main_loop(Cmds, St#st{protocols = Protocols});
-
-main_loop([{timeout, T}| Cmds], St) ->
-    pre_main_loop(Cmds, St#st{timeout = T});
-
-main_loop([{lsock, LSock}| Cmds], St) ->
-    pre_main_loop(Cmds, St#st{lsock = LSock});
-
-main_loop([{seed, Data}| Cmds], St) ->
-    case ssl:seed("tjosan") of
-	ok ->
-	    pre_main_loop(Cmds, St);
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in seed: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([{listen, Port}| Cmds], St) ->
-    case listen(St, Port) of    
-	{ok, LSock} ->
-	    ack_lsock(St#st.parent, LSock),
-	    NSt = get_active(St#st{port = Port, sock = LSock, lsock = LSock}),
-	    pre_main_loop(Cmds, St);
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in listen: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([accept| Cmds], St) ->
-    case St#st.serialize_accept of
-	true ->
-	    Parent = St#st.parent, 
-	    receive 
-		{continue_accept, Parent} ->
-		    ok
-	    end;
-	false ->
-	    ok
-    end,
-    case accept(St) of
-	{ok, Sock, Port, Peer} ->
-	    case St#st.serialize_accept of
-		true ->
-		    St#st.parent ! {one_accept_done, self()};
-		false ->
-		    ok
-	    end,
-	    NSt = get_active(St#st{sock = Sock, port = Port, peer = Peer}),
-	    pre_main_loop(Cmds, NSt);
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in accept: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-	
-main_loop([accept_timeout| Cmds], St) ->
-    case accept(St) of
-	{error, timeout} ->
-	    pre_main_loop(Cmds, St);
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in accept_timeout: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-	
-
-main_loop([{connect, {Host, Port}}| Cmds], St) ->
-    case connect(St, Host, Port) of
-	{ok, Sock, LPort, Peer} ->
-	    NSt = get_active(St#st{sock = Sock, port = LPort, peer = Peer}),
-	    pre_main_loop(Cmds, NSt);
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in connect: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([connection_info| Cmds], St) ->
-    case connection_info(St) of
-	{ok, ProtoInfo} ->
-	    io:fwrite("Got connection_info:~n~p~n", [ProtoInfo]),
-	    pre_main_loop(Cmds, St);
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in connection_info: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([peercert| Cmds], St) ->
-    case peercert(St) of
-	{ok, Cert} ->
-	    io:fwrite("Got cert:~n~p~n", [Cert]),
-	    pre_main_loop(Cmds, St);
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in peercert: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([nopeercert| Cmds], St) ->
-    case peercert(St) of
-	{error, Reason} ->
-	    io:fwrite("Got no cert as expected. reason:~n~p~n", [Reason]),
-	    pre_main_loop(Cmds, St);
-	{ok, Cert} ->
-	    ?error("#### ~w(~w) in peercert: error: got cert: ~p~n", 
-		   [St#st.type, self(), Cert]),
-	    exit(peercert)
-    end;
-
-main_loop([{recv, N}| Cmds], St) ->
-    recv_loop([{recv, N}| Cmds], fun recv/1, St); % Returns to main_loop/2.
-
-main_loop([{send, N}| Cmds], St) ->
-    Msg = mk_msg(N),
-    case send(St, Msg) of 
-	ok ->
-	    pre_main_loop(Cmds, St);
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in send: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([{echo, N}| Cmds], St) ->
-    recv_loop([{echo, N}| Cmds], fun echo/1, St); % Returns to main_loop/2.
-
-main_loop([{close, WaitTime}| Cmds], St) ->
-    wait(WaitTime),
-    pre_main_loop([close| Cmds], St);
-
-main_loop([close| Cmds], St) ->
-    case close(St) of
-	ok ->
-	    pre_main_loop(Cmds, St#st{sock = nil});
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in close: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([lclose| Cmds], St) ->
-    case lclose(St) of
-	ok ->
-	    pre_main_loop(Cmds, St#st{lsock = nil});
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in lclose: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([await_close| Cmds], St) ->
-    case await_close(St) of
-	ok ->
-	    pre_main_loop(Cmds, St#st{sock = nil});
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in await_close: error: ~w~n", 
-		   [St#st.type, self(), Reason]),
-	    exit(Reason)
-    end;
-
-main_loop([wait_sync| Cmds], St) ->
-    wait_sync(St),
-    pre_main_loop(Cmds, St);
-
-main_loop({exit, Reason}, _St) ->
-    exit(Reason);
-
-main_loop([], _St) ->
-    ok.
-
-%%
-%% recv_loop(Cmds, F, St)
-%%
-%% F = recv/1 | echo/1
-%%
-recv_loop([{_Tag, 0}| Cmds], _, St) ->
-    pre_main_loop(Cmds, St);
-recv_loop([{_Tag, N}| _Cmds], _, St) when N < 0 ->
-    ?error("#### ~w(~w) in recv_loop: error: too much: ~w~n", 
-	   [St#st.type, self(), N]),
-    exit(toomuch);                               % XXX or {error, Reason}?
-recv_loop([{Tag, N}| Cmds], F, St) ->
-    case F(St) of
-	{ok, Len} ->
-	    NSt = St#st{active = new_active(St#st.active)},
-	    if
-		Len == N ->
-		    pre_main_loop(Cmds, NSt);
-		true ->
-		    ?debug("#### ~w -> ~w~n", 
-			   [{NSt#st.type, self(), NSt#st.sock, NSt#st.port, 
-			     NSt#st.peer, NSt#st.active}, {Tag, N - Len}]),
-		    recv_loop([{Tag, N - Len}| Cmds], F, NSt)
-	    end;
-	{error, Reason} ->
-	    ?error("#### ~w(~w) in recv_loop: error: ~w, ~w bytes remain~n", 
-		   [St#st.type, self(), Reason, N]),
-	    exit(Reason)
-    end.
-
-new_active(once) ->
-    false;
-new_active(A) ->
-    A.
-
-get_active(St) ->
-    A = case proplists:get_value(active, St#st.sockopts, undefined) of
-	    undefined ->
-		Mod = case St#st.protomod of
-			  ssl ->
-			      ssl;
-			  gen_tcp ->
-			      inet
-		      end, 
-		{ok, [{active, Ax}]} = Mod:getopts(St#st.sock, [active]),
-		Ax;
-	    Ay ->
-		Ay
-	end,
-    ?debug("#### ~w(~w) get_active: ~p\n", [St#st.type, self(), A]),
-    St#st{active = A}.
-
-
-%%
-%% SOCKET FUNCTIONS
-%%
-
-%%
-%% ssl
-%%
-
-%%
-%% listen(St, LPort) -> {ok, LSock} | {error, Reason}
-%%
-listen(St, LPort) ->
-    case St#st.protomod of
-	ssl ->
-	    ssl:listen(LPort, [{ssl_imp, old} | St#st.sockopts ++ St#st.sslopts]);
-	gen_tcp ->
-	    gen_tcp:listen(LPort, St#st.sockopts)
-    end.
-
-%%
-%% accept(St) -> {ok, Sock} | {error, Reason}
-%%
-accept(St) ->
-    case St#st.protomod of
-	ssl ->
-	    case ssl:transport_accept(St#st.lsock, St#st.timeout) of
-		{ok, Sock} ->
-		    case ssl:ssl_accept(Sock, St#st.timeout) of			
-			ok ->
-			    {ok, Port} = ssl:sockname(Sock),
-			    {ok, Peer} = ssl:peername(Sock),
-			    {ok, Sock, Port, Peer};
-			Other  ->
-			    Other
-		    end;
-		Other  ->
-		    Other
-	    end;
-	gen_tcp ->
-	    case gen_tcp:accept(St#st.lsock, St#st.timeout) of
-		{ok, Sock} ->
-		    {ok, Port} = inet:port(Sock),
-		    {ok, Peer} = inet:peername(Sock),
-		    {ok, Sock, Port, Peer};
-		Other  ->
-		    Other
-	    end
-    end.
-
-%%
-%% connect(St, Host, Port) -> {ok, Sock} | {error, Reason}
-%%
-connect(St, Host, Port) ->
-    
-    case St#st.protomod of
-	ssl ->
-	    case ssl:connect(Host, Port, 
-			     [{ssl_imp, old} | St#st.sockopts ++ St#st.sslopts], 
-			     St#st.timeout) of
-		{ok, Sock} ->
-		    {ok, LPort} = ssl:sockname(Sock),
-		    {ok, Peer} = ssl:peername(Sock),
-		    {ok, Sock, LPort, Peer};
-		Other  ->
-		    Other
-	    end;
-	gen_tcp ->
-	    case gen_tcp:connect(Host, Port, St#st.sockopts, St#st.timeout) of
-		{ok, Sock} ->
-		    {ok, LPort} = inet:port(Sock),
-		    {ok, Peer} = inet:peername(Sock),
-		    {ok, Sock, LPort, Peer};
-		Other  ->
-		    Other
-	    end
-    end.
-
-%%
-%% peercert(St) -> {ok, Cert} | {error, Reason}
-%%
-peercert(St) ->
-    case St#st.protomod of
-	ssl ->
-	    ssl:peercert(St#st.sock, [ssl]);
-	gen_tcp  ->
-	    {ok, <<>>}
-    end.
-
-%%
-%% connection_info(St) -> {ok, ProtoInfo} | {error, Reason}
-%%
-connection_info(St) ->
-    case St#st.protomod of
-	ssl ->
-	    case ssl:connection_info(St#st.sock) of
-		Res = {ok, {Proto, _}} ->
-		    case St#st.protocols of
-			[] ->
-			    Res;
-			Protocols ->
-			    case lists:member(Proto, Protocols) of
-				true ->
-				    Res;
-				false ->
-				    {error, Proto}
-			    end
-		    end;
-		Error ->
-		    Error
-	    end;
-	gen_tcp  ->
-	    {ok, <<>>}
-    end.
-
-%%
-%% close(St) -> ok | {error, Reason}
-%%
-
-close(St) ->
-    Mod = St#st.protomod,
-    case St#st.sock of
-	nil ->
-	    ok;
-	_ ->
-	    Mod:close(St#st.sock)
-    end.
-
-%%
-%% lclose(St) -> ok | {error, Reason}
-%%
-lclose(St) ->
-    Mod = St#st.protomod,
-    case St#st.lsock of
-	nil ->
-	    ok;
-	_ ->
-	    Mod:close(St#st.lsock)
-    end.
-
-%%
-%% recv(St) = {ok, Len} | {error, Reason}
-%%
-recv(St) ->
-    case do_recv(St) of
-	{ok, Msg} ->
-	    {ok, length(Msg)};
-	{error, Reason} ->
-	    {error, Reason}
-    end.
-
-do_recv(St) when St#st.active == false ->
-    %% First check that we do *not* have any ssl/gen_tcp messages in the
-    %% message queue, then call the receive function.
-    Sock = St#st.sock,
-    case St#st.protomod of
-	ssl ->
-	    receive 
-		M = {ssl, Sock, _Msg} ->
-		    {error, {unexpected_messagex, M}};
-		M = {ssl_closed, Sock} ->
-		    {error, {unexpected_message, M}};
-		M = {ssl_error, Sock, _Reason} ->
-		    {error, {unexpected_message, M}}
-	    after 0 ->
-		    ssl:recv(St#st.sock, 0, St#st.timeout)
-	    end;
-	gen_tcp  ->
-	    receive 
-		M = {tcp, Sock, _Msg} ->
-		    {error, {unexpected_message, M}};
-		M = {tcp_closed, Sock} ->
-		    {error, {unexpected_message, M}};
-		M = {tcp_error, Sock, _Reason} ->
-		    {error, {unexpected_message, M}}
-	    after 0 ->
-		    gen_tcp:recv(St#st.sock, 0, St#st.timeout)
-	    end
-    end;
-do_recv(St) ->
-    Sock = St#st.sock,
-    Timeout = St#st.timeout,
-    case St#st.protomod of
-	ssl ->
-	    receive 
-		{ssl, Sock, Msg} ->
-		    {ok, Msg};
-		{ssl_closed, Sock} ->
-		    {error, closed};
-		{ssl_error, Sock, Reason} ->
-		    {error, Reason}
-	    after Timeout ->
-		    {error, timeout}
-	    end;
-	gen_tcp  ->
-	    receive 
-		{tcp, Sock, Msg} ->
-		    {ok, Msg};
-		{tcp_closed, Sock} ->
-		    {error, closed};
-		{tcp_error, Sock, Reason} ->
-		    {error, Reason}
-	    after Timeout ->
-		    {error, timeout}
-	    end
-    end.
-
-%%
-%% echo(St) = {ok, Len} | {error, Reason}
-%%
-echo(St) ->
-    Sock = St#st.sock,
-    case do_recv(St) of
-	{ok, Msg} ->
-	    Mod = St#st.protomod, 
-	    case Mod:send(Sock, Msg) of
-		ok ->
-		    {ok, length(Msg)};
-		{error, Reason} ->
-		    {error, Reason}
-	    end;
-	{error, Reason} ->
-	    {error, Reason}
-    end.
-
-%%
-%% send(St, Msg) -> ok | {error, Reason}
-%%
-send(St, Msg) ->
-    Mod = St#st.protomod,
-    Mod:send(St#st.sock, Msg).
-
-%%
-%% await_close(St) -> ok | {error, Reason}
-%%
-await_close(St) when St#st.active == false ->
-    %% First check that we do *not* have any ssl/gen_tcp messages in the
-    %% message queue, then call the receive function.
-    Sock = St#st.sock,
-    Res = case St#st.protomod of
-	      ssl ->
-		  receive 
-		      M = {ssl, Sock, _Msg0} ->
-			  {error, {unexpected_message, M}};
-		      M = {ssl_closed, Sock} ->
-			  {error, {unexpected_message, M}};
-		      M = {ssl_error, Sock, _Reason} ->
-			  {error, {unexpected_message, M}}
-		  after 0 ->
-			  ok
-		  end;
-	      gen_tcp  ->
-		  receive 
-		      M = {tcp, Sock, _Msg0} ->
-			  {error, {unexpected_message, M}};
-		      M = {tcp_closed, Sock} ->
-			  {error, {unexpected_message, M}};
-		      M = {tcp_error, Sock, _Reason} ->
-			  {error, {unexpected_message, M}}
-		  after 0 ->
-			  ok
-		  end
-	  end,
-    case Res of
-	ok ->
-	    Mod = St#st.protomod, 
-	    case Mod:recv(St#st.sock, 0, St#st.timeout) of
-		{ok, _Msg} ->
-		    {error, toomuch};
-		{error, _} ->
-		    ok
-	    end;
-	_  ->
-	    Res
-    end;
-await_close(St) ->
-    Sock = St#st.sock,
-    Timeout = St#st.timeout,
-    case St#st.protomod of 
-	ssl ->
-	    receive 
-		{ssl, Sock, _Msg} ->
-		    {error, toomuch};
-		{ssl_closed, Sock} ->
-		    ok;
-		{ssl_error, Sock, Reason} ->
-		    {error, Reason}
-	    after Timeout ->
-		    {error, timeout}
-	    end;
-	gen_tcp  ->
-	    receive 
-		{tcp, Sock, _Msg} ->
-		    {error, toomuch};
-		{tcp_closed, Sock} ->
-		    ok;
-		{tcp_error, Sock, Reason} ->
-		    {error, Reason}
-	    after Timeout ->
-		    {error, timeout}
-	    end
-    end.
-
-
-%%
-%% HELP FUNCTIONS
-%%
-
-wait_ack(_, [], _) ->
-    ok;
-wait_ack(AccPids0, Pids, Timeout) ->
-    ?debug("#### CONTROLLER: waiting for ~w~n", [Pids]),
-    receive
-	{one_accept_done, Pid} ->
-	    case lists:delete(Pid, AccPids0) of
-		[] ->
-		    wait_ack([], Pids, Timeout);
-		[AccPid| AccPids1] ->
-		    AccPid ! {continue_accept, self()},
-		    wait_ack(AccPids1, Pids, Timeout)
-	    end;
-	{'EXIT', Pid, normal} ->
-	    wait_ack(AccPids0, lists:delete(Pid, Pids), Timeout);
-	{'EXIT', Pid, Reason} ->
-	    ?error("#### CONTROLLER got abnormal exit: ~w, ~w~n", 
-		   [Pid, Reason]),
-	    {error, Reason}
-    after Timeout ->
-	    ?error("#### CONTROLLER exiting because of timeout = ~w~n", 
-		   [Timeout]),
-	    {error, Timeout}
-    end.
-
-
-%%
-%% ack_lsock(Pid, LSock)
-%%
-ack_lsock(Pid, LSock) ->
-    Pid ! {lsock, self(), LSock}.
-
-wait_lsock(Pid, Timeout) ->
-    receive
-	{lsock, Pid, LSock} ->
-	    {ok, LSock}
-    after Timeout ->
-	    exit(timeout)
-    end.
-
-%%
-%% sync(Pids)
-%%
-sync(Pids) ->
-    lists:foreach(fun (Pid) -> Pid ! {self(), sync} end, Pids).
-
-%%
-%% wait_sync(St)
-%%
-wait_sync(St) ->
-    Pid = St#st.parent, 
-    receive
-	{Pid, sync} ->
-	    ok
-    end.
-
-%% 
-%% wait(Time)
-%%
-wait(Time) ->
-    receive
-    after Time ->
-	    ok
-    end.
-
-%%
-%% mk_msg(Size)
-%%
-mk_msg(Size) ->
-    mk_msg(0, Size, []).
-
-mk_msg(_, 0, Acc) ->
-    Acc;
-mk_msg(Pos, Size, Acc) ->
-    C = (((Pos + Size) rem 256) - 1) band 255,
-    mk_msg(Pos, Size - 1, [C| Acc]).
-
-%%
-%% get_protomod(Config)
-%%
-get_protomod(Config) ->
-    case lists:keysearch(protomod, 1, Config) of
-	{value, {_, ProtoMod}} ->
-	    ProtoMod;
-	false  ->
-	    ssl
-    end.
-
-%%
-%% get_serialize_accept(Config)
-%%
-get_serialize_accept(Config) ->
-    case lists:keysearch(serialize_accept, 1, Config) of
-	{value, {_, Val}} ->
-	    Val;
-	false  ->
-	    false
-    end.
-
diff --git a/lib/ssl/test/ssl_test_MACHINE.hrl b/lib/ssl/test/ssl_test_MACHINE.hrl
deleted file mode 100644
index e78b33f505..0000000000
--- a/lib/ssl/test/ssl_test_MACHINE.hrl
+++ /dev/null
@@ -1,39 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--record(st, {protomod = ssl, 
-	     serialize_accept = false,
-	     parent = nil,
-	     type = nil,
-	     active = nil,
-	     port = 0,
-	     peer = nil,
-	     lsock = nil,
-	     sock = nil,
-	     timeout = infinity,
-	     sockopts = [],
-	     sslopts = [],
-	     protocols = []}).
-
-%%-define(debug(X, Y), io:format(X, Y)).
--define(debug(X, Y), ok).
--define(error(X, Y), io:format(X, Y)).
-
--define(DEFAULT_TIMEOUT, 240000).
-
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index b7916b96eb..fa8a1826f2 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -22,6 +22,7 @@
 
 -include("test_server.hrl").
 -include("test_server_line.hrl").
+-include_lib("public_key/include/public_key.hrl").
 
 %% Note: This directive should only be used in test suites.
 -compile(export_all).
@@ -661,6 +662,9 @@ cipher_result(Socket, Result) ->
     %% to properly test "cipher state" handling
     ssl:send(Socket, "Hello\n"),
     receive 
+	{ssl, Socket, "H"} ->
+	    ssl:send(Socket, " world\n"),
+	    receive_rizzo_duong_beast();
 	{ssl, Socket, "Hello\n"} ->
 	    ssl:send(Socket, " world\n"),
 	    receive
@@ -673,3 +677,34 @@ cipher_result(Socket, Result) ->
 
 session_info_result(Socket) ->
     ssl:session_info(Socket).
+
+
+public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?rsaEncryption},
+			     privateKey = Key}) ->
+    public_key:der_decode('RSAPrivateKey', iolist_to_binary(Key));
+
+public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa'},
+			     privateKey = Key}) ->
+    public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key));
+public_key(Key) ->
+    Key.
+receive_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "ello\n"} ->
+	    receive 
+		{ssl, _, " "} ->
+		    receive
+			{ssl, _, "world\n"} ->
+			    ok
+		    end
+	    end
+    end.
+
+state([{data,[{"State", State}]} | _]) ->
+    State;
+state([{data,[{"StateData", State}]} | _]) ->
+    State;
+state([_ | Rest]) ->
+    state(Rest).
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 64a6a9eaf8..f04ab9af50 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -109,6 +109,9 @@ special_init(TestCase, Config)
        TestCase == erlang_server_openssl_client_no_wrap_sequence_number ->
     check_sane_openssl_renegotaite(Config);
 
+special_init(ssl2_erlang_server_openssl_client, Config) ->
+    check_sane_openssl_sslv2(Config);
+
 special_init(_, Config) ->
     Config.
     
@@ -168,7 +171,8 @@ all() ->
      tls1_erlang_server_openssl_client_client_cert,
      tls1_erlang_server_erlang_client_client_cert,
      ciphers_rsa_signed_certs, ciphers_dsa_signed_certs,
-     erlang_client_bad_openssl_server, expired_session,
+     erlang_client_bad_openssl_server,
+     expired_session,
      ssl2_erlang_server_openssl_client].
 
 groups() -> 
@@ -222,7 +226,6 @@ erlang_client_openssl_server(Config) when is_list(Config) ->
   
     %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
-
     ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
     ok.
@@ -256,9 +259,9 @@ erlang_server_openssl_client(Config) when is_list(Config) ->
     port_command(OpenSslPort, Data),
     
     ssl_test_lib:check_result(Server, ok),
-    
-    ssl_test_lib:close(Server),
 
+    %% Clean close down!   Server needs to be closed first !!
+    ssl_test_lib:close(Server),
     close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
@@ -306,7 +309,6 @@ tls1_erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
    
     %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
-
     ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
     ok.
@@ -346,8 +348,8 @@ tls1_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
     
     ssl_test_lib:check_result(Server, ok),
     
+    %% Clean close down!   Server needs to be closed first !!
     ssl_test_lib:close(Server),
-
     close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
@@ -395,7 +397,6 @@ ssl3_erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
    
     %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
-
     ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
     ok.
@@ -435,8 +436,8 @@ ssl3_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
     
     ssl_test_lib:check_result(Server, ok),
     
+    %% Clean close down!   Server needs to be closed first !!
     ssl_test_lib:close(Server),
-
     close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
@@ -475,8 +476,8 @@ erlang_server_openssl_client_reuse_session(Config) when is_list(Config) ->
     
     ssl_test_lib:check_result(Server, ok),
     
+    %% Clean close down!   Server needs to be closed first !!
     ssl_test_lib:close(Server),
-
     close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
@@ -525,7 +526,6 @@ erlang_client_openssl_server_renegotiate(Config) when is_list(Config) ->
    
     %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
-
     ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
     ok.
@@ -574,7 +574,6 @@ erlang_client_openssl_server_no_wrap_sequence_number(Config) when is_list(Config
 
     %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
-
     ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
     ok.
@@ -615,8 +614,8 @@ erlang_server_openssl_client_no_wrap_sequence_number(Config) when is_list(Config
     
     ssl_test_lib:check_result(Server, ok),
     
+    %% Clean close down!   Server needs to be closed first !!
     ssl_test_lib:close(Server),
-
     close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
@@ -663,7 +662,6 @@ erlang_client_openssl_server_no_server_ca_cert(Config) when is_list(Config) ->
 
     %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
-
     ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
     ok.
@@ -674,6 +672,7 @@ ssl3_erlang_client_openssl_server(doc) ->
 ssl3_erlang_client_openssl_server(suite) ->
     [];
 ssl3_erlang_client_openssl_server(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
     ServerOpts = ?config(server_opts, Config),  
     ClientOpts = ?config(client_opts, Config),  
 
@@ -700,11 +699,11 @@ ssl3_erlang_client_openssl_server(Config) when is_list(Config) ->
 					{options, 
 					 [{versions, [sslv3]} | ClientOpts]}]),
     ssl_test_lib:check_result(Client, ok),
-    
-    ssl_test_lib:close(Client),
-    %% Clean close down!
+
+    %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
-    test_server:sleep(?SLEEP),
+    ssl_test_lib:close(Client),
+    process_flag(trap_exit, false),
     ok.
 
 %%--------------------------------------------------------------------
@@ -714,6 +713,7 @@ ssl3_erlang_server_openssl_client(doc) ->
 ssl3_erlang_server_openssl_client(suite) ->
     [];
 ssl3_erlang_server_openssl_client(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
     ServerOpts = ?config(server_opts, Config),  
     
     {_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -734,10 +734,10 @@ ssl3_erlang_server_openssl_client(Config) when is_list(Config) ->
     OpenSslPort =  open_port({spawn, Cmd}, [stderr_to_stdout]), 
 
     ssl_test_lib:check_result(Server, ok),
-    
-    close_port(OpenSslPort), %% openssl server first
+    %% Clean close down!   Server needs to be closed first !!
     ssl_test_lib:close(Server),
-    test_server:sleep(?SLEEP),
+    close_port(OpenSslPort),
+    process_flag(trap_exit, false),
     ok.
 
 %%--------------------------------------------------------------------
@@ -779,7 +779,7 @@ ssl3_erlang_client_openssl_server_client_cert(Config) when is_list(Config) ->
     
     ssl_test_lib:check_result(Client, ok),
   
-    %% Clean close down!
+    %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort), 
     ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
@@ -824,9 +824,9 @@ ssl3_erlang_server_openssl_client_client_cert(Config) when is_list(Config) ->
     
     ssl_test_lib:check_result(Server, ok),
     
-    close_port(OpenSslPort), %% openssl server first
+    %% Clean close down!   Server needs to be closed first !!
+    close_port(OpenSslPort),
     ssl_test_lib:close(Server),
-    %% Clean close down!
     process_flag(trap_exit, false),
     ok.
 
@@ -849,7 +849,9 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
 					{mfa, {?MODULE, 
-					       erlang_ssl_receive, [Data]}},
+					       erlang_ssl_receive, 
+					       %% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+					       [Data]}},
 					{options, 
 					 [{verify , verify_peer} 
 					  | ServerOpts]}]),
@@ -858,6 +860,7 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
+					%% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
 					{mfa, {ssl, send, [Data]}},
 					{options, 
 					 [{versions, [sslv3]} | ClientOpts]}]),
@@ -869,6 +872,7 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     process_flag(trap_exit, false),
     ok.
 
+
 %%--------------------------------------------------------------------
 
 tls1_erlang_client_openssl_server(doc) ->
@@ -907,10 +911,10 @@ tls1_erlang_client_openssl_server(Config) when is_list(Config) ->
 					 [{versions, [tlsv1]} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Client, ok),
-    
-    ssl_test_lib:close(Client),
-    %% Clean close down!
+
+    %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
+    ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
     ok.
 
@@ -943,9 +947,9 @@ tls1_erlang_server_openssl_client(Config) when is_list(Config) ->
      
     ssl_test_lib:check_result(Server, ok),
     
-    %% Clean close down!
-    close_port(OpenSslPort),
+    %% Clean close down!   Server needs to be closed first !!
     ssl_test_lib:close(Server),
+    close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
 
@@ -989,7 +993,7 @@ tls1_erlang_client_openssl_server_client_cert(Config) when is_list(Config) ->
     
     ssl_test_lib:check_result(Client, ok),
   
-    %% Clean close down!
+    %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
     ssl_test_lib:close(Client),
     process_flag(trap_exit, false),
@@ -1034,9 +1038,9 @@ tls1_erlang_server_openssl_client_client_cert(Config) when is_list(Config) ->
     
     ssl_test_lib:check_result(Server, ok),
     
-    %% Clean close down!
-    close_port(OpenSslPort),
+    %% Clean close down!   Server needs to be closed first !!
     ssl_test_lib:close(Server),
+    close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
 
@@ -1071,9 +1075,7 @@ tls1_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
 					 [{versions, [tlsv1]} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client, ok),
-    
     ssl_test_lib:close(Server),
-    %% Clean close down!
     process_flag(trap_exit, false),
     ok.
 %%--------------------------------------------------------------------
@@ -1136,7 +1138,7 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
     CertFile = proplists:get_value(certfile, ServerOpts),
     KeyFile = proplists:get_value(keyfile, ServerOpts),
    
-    Cmd = "openssl s_server -accept " ++ integer_to_list(Port)  ++ 
+    Cmd = "openssl s_server -accept " ++ integer_to_list(Port)  ++  version_flag(Version) ++
 	" -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
 
     test_server:format("openssl cmd: ~p~n", [Cmd]),
@@ -1171,8 +1173,8 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
     
     Result = ssl_test_lib:wait_for_result(Client, ok),    
 
+    %% Clean close down!   Server needs to be closed first !!
     close_port(OpenSslPort),
-    %% Clean close down!
     ssl_test_lib:close(Client),
     
     Return = case Result of
@@ -1184,6 +1186,12 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
     process_flag(trap_exit, false),
     Return.
 
+
+version_flag(tlsv1) ->
+    " -tls1 ";
+version_flag(sslv3) ->
+    " -ssl3 ".
+
 %%--------------------------------------------------------------------
 erlang_client_bad_openssl_server(doc) ->
     [""];
@@ -1199,26 +1207,26 @@ erlang_client_bad_openssl_server(Config) when is_list(Config) ->
     Port = ssl_test_lib:inet_port(node()),
     CertFile = proplists:get_value(certfile, ServerOpts),
     KeyFile = proplists:get_value(keyfile, ServerOpts),
-   
+
     Cmd = "openssl s_server -accept " ++ integer_to_list(Port)  ++ 
-	" -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "", 
-    
+ 	" -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
+
     test_server:format("openssl cmd: ~p~n", [Cmd]),
 
     OpensslPort =  open_port({spawn, Cmd}, [stderr_to_stdout]), 
-
+    
     wait_for_openssl_server(),
     
     Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
-					{host, Hostname},
-					{from, self()}, 
-					{mfa, {?MODULE, server_sent_garbage, []}},
-					{options, 
-					 [{versions, [tlsv1]} | ClientOpts]}]),
+					 {host, Hostname},
+					 {from, self()}, 
+ 					{mfa, {?MODULE, server_sent_garbage, []}},
+					 {options,
+					  [{versions, [tlsv1]} | ClientOpts]}]),
     
     %% Send garbage
     port_command(OpensslPort, ?OPENSSL_GARBAGE),
-    
+
     test_server:sleep(?SLEEP),
 
     Client0 ! server_sent_garbage,
@@ -1228,17 +1236,16 @@ erlang_client_bad_openssl_server(Config) when is_list(Config) ->
     ssl_test_lib:close(Client0),
     
     %% Make sure openssl does not hang and leave zombie process
-    Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
-					 {host, Hostname},
-					 {from, self()}, 
-					 {mfa, {ssl_test_lib, no_result_msg, []}},
-					 {options, 
-					  [{versions, [tlsv1]} | ClientOpts]}]),
-    
-    ssl_test_lib:close(Client1),
-    
-    %% Clean close down!
+    Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ 					 {host, Hostname},
+ 					 {from, self()},
+ 					 {mfa, {ssl_test_lib, no_result_msg, []}},
+ 					 {options,
+ 					  [{versions, [tlsv1]} | ClientOpts]}]),
+
+    %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
+    ssl_test_lib:close(Client1),
     process_flag(trap_exit, false),
     ok.
 
@@ -1297,6 +1304,7 @@ expired_session(Config) when is_list(Config) ->
 				   {mfa, {ssl_test_lib, no_result, []}},
 				   {from, self()},  {options, ClientOpts}]),  
 
+    %% Clean close down!   Server needs to be closed first !!
     close_port(OpensslPort),
     ssl_test_lib:close(Client2),
     process_flag(trap_exit, false).
@@ -1329,8 +1337,8 @@ ssl2_erlang_server_openssl_client(Config) when is_list(Config) ->
     
     ssl_test_lib:check_result(Server, {error,"protocol version"}),
     
+    %% Clean close down!   Server needs to be closed first !!
     ssl_test_lib:close(Server),
-
     close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
@@ -1346,6 +1354,8 @@ erlang_ssl_receive(Socket, Data) ->
 	    %% open_ssl server sometimes hangs waiting in blocking read
 	    ssl:send(Socket, "Got it"), 
 	    ok;
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    erlang_ssl_receive(Socket, tl(Data));
 	{Port, {data,Debug}} when is_port(Port) ->
 	    io:format("openssl ~s~n",[Debug]),
 	    erlang_ssl_receive(Socket,Data);
@@ -1433,3 +1443,11 @@ check_sane_openssl_renegotaite(Config) ->
 	_ ->
 	    Config
     end.
+
+check_sane_openssl_sslv2(Config) ->
+    case os:cmd("openssl version") of
+	"OpenSSL 1.0.0e" ++ _ ->
+	    {skip, "Known option bug"};
+	_ ->
+	    Config
+    end.
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 8286201df4..2255798f1d 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 4.1.6
+SSL_VSN = 5.0
diff --git a/lib/stdlib/doc/src/Makefile b/lib/stdlib/doc/src/Makefile
index 16e0a86e3b..6c92756ae7 100644
--- a/lib/stdlib/doc/src/Makefile
+++ b/lib/stdlib/doc/src/Makefile
@@ -83,7 +83,6 @@ XML_REF3_FILES = \
 	queue.xml \
 	random.xml \
 	re.xml \
-	regexp.xml \
 	sets.xml \
 	shell.xml \
 	shell_default.xml \
diff --git a/lib/stdlib/doc/src/filename.xml b/lib/stdlib/doc/src/filename.xml
index bc3a616d39..9296319b83 100644
--- a/lib/stdlib/doc/src/filename.xml
+++ b/lib/stdlib/doc/src/filename.xml
@@ -295,6 +295,12 @@
         <p>Finds the source filename and compiler options for a module.
           The result can be fed to <c>compile:file/2</c> in order to
           compile the file again.</p>
+
+	<warning><p>We don't recommend using this function. If possible,
+	use <seealso marker="beam_lib">beam_lib(3)</seealso> to extract
+	the abstract code format from the BEAM file and compile that
+	instead.</p></warning>
+
         <p>The <c><anno>Beam</anno></c> argument, which can be a string or an atom,
           specifies either the module name or the path to the source
           code, with or without the <c>".erl"</c> extension. In either
diff --git a/lib/stdlib/doc/src/gen_event.xml b/lib/stdlib/doc/src/gen_event.xml
index 24bcb419fe..79a0c8ad89 100644
--- a/lib/stdlib/doc/src/gen_event.xml
+++ b/lib/stdlib/doc/src/gen_event.xml
@@ -195,12 +195,13 @@ gen_event:stop             ----->  Module:terminate/2
           handlers using the same callback module.</p>
         <p><c>Args</c> is an arbitrary term which is passed as the argument
           to <c>Module:init/1</c>.</p>
-        <p>If <c>Module:init/1</c> returns a correct value, the event
-          manager adds the event handler and this function returns
+        <p>If <c>Module:init/1</c> returns a correct value indicating
+          successful completion, the event manager adds the event
+          handler and this function returns
           <c>ok</c>. If <c>Module:init/1</c> fails with <c>Reason</c> or
-          returns an unexpected value <c>Term</c>, the event handler is
+          returns <c>{error,Reason}</c>, the event handler is
           ignored and this function returns <c>{'EXIT',Reason}</c> or
-          <c>Term</c>, respectively.</p>
+          <c>{error,Reason}</c>, respectively.</p>
       </desc>
     </func>
     <func>
@@ -448,12 +449,13 @@ gen_event:stop             ----->  Module:terminate/2
   </section>
   <funcs>
     <func>
-      <name>Module:init(InitArgs) -> {ok,State} | {ok,State,hibernate}</name>
+      <name>Module:init(InitArgs) -> {ok,State} | {ok,State,hibernate} | {error,Reason}</name>
       <fsummary>Initialize an event handler.</fsummary>
       <type>
         <v>InitArgs = Args | {Args,Term}</v>
         <v>&nbsp;Args = Term = term()</v>
         <v>State = term()</v>
+	<v>Reason = term()</v>
       </type>
       <desc>
         <p>Whenever a new event handler is added to an event manager,
@@ -470,8 +472,9 @@ gen_event:stop             ----->  Module:terminate/2
           the argument provided in the function call/return tuple and
           <c>Term</c> is the result of terminating the old event handler,
           see <c>gen_event:swap_handler/3</c>.</p>
-        <p>The function should return <c>{ok,State}</c> or <c>{ok,State, hibernate}</c>
-	  where <c>State</c> is the initial internal state of the event handler.</p>
+        <p>If successful, the function should return <c>{ok,State}</c>
+	  or <c>{ok,State,hibernate}</c> where <c>State</c> is the
+	  initial internal state of the event handler.</p>
 	<p>If <c>{ok,State,hibernate}</c> is returned, the event
 	  manager will go into hibernation (by calling <seealso
 	  marker="proc_lib#hibernate/3">proc_lib:hibernate/3</seealso>),
diff --git a/lib/stdlib/doc/src/gen_server.xml b/lib/stdlib/doc/src/gen_server.xml
index 1045766e01..edeb7dff91 100644
--- a/lib/stdlib/doc/src/gen_server.xml
+++ b/lib/stdlib/doc/src/gen_server.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -570,13 +570,14 @@ gen_server:abcast     -----> Module:handle_cast/2
       </desc>
     </func>
     <func>
-      <name>Module:code_change(OldVsn, State, Extra) -> {ok, NewState}</name>
+      <name>Module:code_change(OldVsn, State, Extra) -> {ok, NewState} | {error, Reason}</name>
       <fsummary>Update the internal state during upgrade/downgrade.</fsummary>
       <type>
         <v>OldVsn = Vsn | {down, Vsn}</v>
         <v>&nbsp;&nbsp;Vsn = term()</v>
         <v>State = NewState = term()</v>
         <v>Extra = term()</v>
+	<v>Reason = term()</v>
       </type>
       <desc>
         <p>This function is called by a gen_server when it should
@@ -595,7 +596,10 @@ gen_server:abcast     -----> Module:handle_cast/2
         <p><c>State</c> is the internal state of the gen_server.</p>
         <p><c>Extra</c> is passed as-is from the <c>{advanced,Extra}</c>
           part of the update instruction.</p>
-        <p>The function should return the updated internal state.</p>
+        <p>If successful, the function shall return the updated
+          internal state.</p>
+	<p>If the function returns <c>{error,Reason}</c>, the ongoing
+	  upgrade will fail and roll back to the old release.</p>
       </desc>
     </func>
     <func>
diff --git a/lib/stdlib/doc/src/io.xml b/lib/stdlib/doc/src/io.xml
index 667d758e29..e6d262466c 100644
--- a/lib/stdlib/doc/src/io.xml
+++ b/lib/stdlib/doc/src/io.xml
@@ -70,7 +70,7 @@
       <desc>
         <p>Either <c>standard_io</c>, <c>standard_error</c>, a
           registered name, or a pid handling IO protocols (returned from
-            <seealso marker="file#open/2">file:open/2</seealso>).</p>
+            <seealso marker="kernel:file#open/2">file:open/2</seealso>).</p>
       </desc>
     </datatype>
     <datatype>
diff --git a/lib/stdlib/doc/src/io_protocol.xml b/lib/stdlib/doc/src/io_protocol.xml
index 3e8ab1affc..0ff3d5c1ee 100644
--- a/lib/stdlib/doc/src/io_protocol.xml
+++ b/lib/stdlib/doc/src/io_protocol.xml
@@ -50,10 +50,10 @@ current I/O-protocol.</p>
 and execution time efficiency has triggered extensions to the protocol
 over the years, making the protocol larger and somewhat less easy to
 implement than the original. It can certainly be argumented that the
-current protocol is to complex, but this text describes how it looks
+current protocol is too complex, but this text describes how it looks
 today, not how it should have looked.</p>
 
-<p>The basic ideas from the original protocol still holds. The io_server
+<p>The basic ideas from the original protocol still hold. The io_server
 and client communicate with one single, rather simplistic protocol and
 no server state is ever present in the client. Any io_server can be
 used together with any client code and client code need not be aware
@@ -62,7 +62,7 @@ of the actual device the io_server communicates with.</p>
 <section>
 <title>Protocol basics</title>
 
-<p>As described in Roberts paper, servers and clients communicate using
+<p>As described in Robert's paper, servers and clients communicate using
 io_request/io_reply tuples as follows:</p>
 
 <p><em>{io_request, From, ReplyAs, Request}</em><br/>
@@ -103,7 +103,7 @@ Reply part.</p>
 <em>{put_chars, Encoding, Module, Function, Args}</em>
 </p>
 <list type="bulleted">
-<item>Encoding is either 'latin1' or 'unicode', meaning that the
+<item>Encoding is either 'unicode' or 'latin1', meaning that the
   characters are (in case of binaries) encoded as either UTF-8 or
   iso-latin-1 (pure bytes). A well behaved io_server should also
   return error if list elements contain integers > 255 when the
@@ -116,13 +116,13 @@ Reply part.</p>
   produces. Note that byte-oriented data is simplest sent using latin1
   Encoding</item>
 
-<item>Characters are the data to be put on the device. If encoding is
-  latin1, this is an iolist(). If encoding is unicode, this is an
+<item>Characters are the data to be put on the device. If Encoding is
+  latin1, this is an iolist(). If Encoding is unicode, this is an
   Erlang standard mixed unicode list (one integer in a list per
   character, characters in binaries represented as UTF-8).</item>
 
 <item>Module, Function, Args denotes a function which will be called to
-  produce the data (like io_lib:format), Args is a list of arguments
+  produce the data (like io_lib:format). Args is a list of arguments
   to the function. The function should produce data in the given
   Encoding. The io_server should call the function as apply(Mod, Func,
   Args) and will put the returned data on the device as if it was sent
@@ -164,7 +164,7 @@ latin1, Module, Function, Args} respectively. </p>
 <list type="bulleted">
 <item>Encoding denotes how data is to be sent back to the client and
   what data is sent to the function denoted by
-  Module/Function/Arity. If the function supplied returns data as a
+  Module/Function/ExtraArgs. If the function supplied returns data as a
   list, the data is converted to this encoding. If however the
   function supplied returns data in some other format, no conversion
   can be done and it's up to the client supplied function to return
@@ -179,7 +179,7 @@ latin1, Module, Function, Args} respectively. </p>
 <item>Prompt is a list of characters (not mixed, no binaries) or an atom()
   to be output as a prompt for input on the device. The Prompt is
   often ignored by the io_server and a Prompt set to '' should always
-  be ignored (and result in nothing being written to the device). </item>
+  be ignored (and result in nothing being written to the device).</item>
 
 <item><p>Module, Function, ExtraArgs denotes a function and arguments to
   determine when enough data is written. The function should take two
@@ -550,7 +550,7 @@ request({get_line, Encoding, _Prompt}, State) -&gt;
 </code>
 
 <p>Here we have cheated a little by more or less only implementing
-get_until and using internal helpers to implement get__chars and
+get_until and using internal helpers to implement get_chars and
 get_line. In production code, this might be to inefficient, but that
 of course depends on the frequency of the different requests. Before
 we start actually implementing the functions put_chars/2 and
@@ -618,7 +618,7 @@ encounter an error or the list is exhausted. The last return value is
 sent back to the client (it's first returned to the main loop and then
 sent back by the function io_reply).</p>
 
-<p>The getopt and setopt requests is also simple to handle, we just
+<p>The getopt and setopt requests are also simple to handle, we just
 change or read our state record:</p>
 
 <code>
diff --git a/lib/stdlib/doc/src/lists.xml b/lib/stdlib/doc/src/lists.xml
index 6f3ed7af98..7042c84437 100644
--- a/lib/stdlib/doc/src/lists.xml
+++ b/lib/stdlib/doc/src/lists.xml
@@ -240,7 +240,7 @@ flatmap(Fun, List1) ->
     <func>
       <name name="keydelete" arity="3"/>
       <fsummary>Delete an element from a list of tuples</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Returns a copy of <c><anno>TupleList1</anno></c> where the first
           occurrence of a tuple whose <c><anno>N</anno></c>th element compares equal to
@@ -266,7 +266,7 @@ flatmap(Fun, List1) ->
     <func>
       <name name="keymap" arity="3"/>
       <fsummary>Map a function over a list of tuples</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Returns a list of tuples where, for each tuple in
           <c><anno>TupleList1</anno></c>, the <c><anno>N</anno></c>th element <c><anno>Term1</anno></c> of the tuple
@@ -298,7 +298,7 @@ flatmap(Fun, List1) ->
     <func>
       <name name="keymerge" arity="3"/>
       <fsummary>Merge two key-sorted lists of tuples</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Returns the sorted list formed by merging <c><anno>TupleList1</anno></c>
           and <c><anno>TupleList2</anno></c>. The merge is performed on
@@ -312,7 +312,7 @@ flatmap(Fun, List1) ->
     <func>
       <name name="keyreplace" arity="4"/>
       <fsummary>Replace an element in a list of tuples</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Returns a copy of <c><anno>TupleList1</anno></c> where the first
           occurrence of a <c>T</c> tuple whose <c><anno>N</anno></c>th element
@@ -342,7 +342,7 @@ flatmap(Fun, List1) ->
     <func>
       <name name="keysort" arity="2"/>
       <fsummary>Sort a list of tuples</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Returns a list containing the sorted elements of the list
           <c><anno>TupleList1</anno></c>. Sorting is performed on the <c><anno>N</anno></c>th
@@ -352,7 +352,7 @@ flatmap(Fun, List1) ->
     <func>
       <name name="keystore" arity="4"/>
       <fsummary>Store an element in a list of tuples</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Returns a copy of <c><anno>TupleList1</anno></c> where the first
           occurrence of a tuple <c>T</c> whose <c><anno>N</anno></c>th element
@@ -366,7 +366,7 @@ flatmap(Fun, List1) ->
     <func>
       <name name="keytake" arity="3"/>
       <fsummary>Extract an element from a list of tuples</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Searches the list of tuples <c><anno>TupleList1</anno></c> for a tuple
           whose <c><anno>N</anno></c>th element compares equal to <c><anno>Key</anno></c>.
@@ -500,7 +500,7 @@ flatmap(Fun, List1) ->
     <func>
       <name name="nth" arity="2"/>
       <fsummary>Return the Nth element of a list</fsummary>
-      <type_desc variable="N">1..length(List)</type_desc>
+      <type_desc variable="N">1..length(<anno>List</anno>)</type_desc>
       <desc>
         <p>Returns the <c><anno>N</anno></c>th element of <c><anno>List</anno></c>. For example:</p>
         <pre>
@@ -511,7 +511,7 @@ c</pre>
     <func>
       <name name="nthtail" arity="2"/>
       <fsummary>Return the Nth tail of a list</fsummary>
-      <type_desc variable="N">0..length(List)</type_desc>
+      <type_desc variable="N">0..length(<anno>List</anno>)</type_desc>
       <desc>
         <p>Returns the <c><anno>N</anno></c>th tail of <c><anno>List</anno></c>, that is, the sublist of
           <c><anno>List</anno></c> starting at <c><anno>N</anno>+1</c> and continuing up to
@@ -630,7 +630,7 @@ length(lists:seq(From, To, Incr)) == (To-From+Incr) div Incr</code>
     <func>
       <name name="split" arity="2"/>
       <fsummary>Split a list into two lists</fsummary>
-      <type_desc variable="N">0..length(List1)</type_desc>
+      <type_desc variable="N">0..length(<anno>List1</anno>)</type_desc>
       <desc>
         <p>Splits <c><anno>List1</anno></c> into <c><anno>List2</anno></c> and <c><anno>List3</anno></c>.
           <c><anno>List2</anno></c> contains the first <c><anno>N</anno></c> elements and
@@ -670,7 +670,7 @@ splitwith(Pred, List) ->
     <func>
       <name name="sublist" arity="3"/>
       <fsummary>Return a sub-list starting at a given position and with a given number of elements</fsummary>
-      <type_desc variable="Start">1..(length(List1)+1)</type_desc>
+      <type_desc variable="Start">1..(length(<anno>List1</anno>)+1)</type_desc>
       <desc>
         <p>Returns the sub-list of <c><anno>List1</anno></c> starting at <c><anno>Start</anno></c>
           and with (max) <c><anno>Len</anno></c> elements. It is not an error for
@@ -732,7 +732,7 @@ splitwith(Pred, List) ->
     <func>
       <name name="ukeymerge" arity="3"/>
       <fsummary>Merge two key-sorted lists of tuples, removing duplicates</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Returns the sorted list formed by merging <c><anno>TupleList1</anno></c>
           and <c><anno>TupleList2</anno></c>. The merge is performed on the
@@ -746,7 +746,7 @@ splitwith(Pred, List) ->
     <func>
       <name name="ukeysort" arity="2"/>
       <fsummary>Sort a list of tuples, removing duplicates</fsummary>
-      <type_desc variable="N">1..tuple_size(Tuple)</type_desc>
+      <type_desc variable="N">1..tuple_size(<anno>Tuple</anno>)</type_desc>
       <desc>
         <p>Returns a list containing the sorted elements of the list
           <c><anno>TupleList1</anno></c> where all but the first tuple of the
diff --git a/lib/stdlib/doc/src/make.dep b/lib/stdlib/doc/src/make.dep
deleted file mode 100644
index 48ee6209ef..0000000000
--- a/lib/stdlib/doc/src/make.dep
+++ /dev/null
@@ -1,40 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: array.tex base64.tex beam_lib.tex book.tex \
-		c.tex calendar.tex dets.tex dict.tex digraph.tex \
-		digraph_utils.tex epp.tex erl_eval.tex erl_expand_records.tex \
-		erl_id_trans.tex erl_internal.tex erl_lint.tex \
-		erl_parse.tex erl_pp.tex erl_scan.tex erl_tar.tex \
-		ets.tex file_sorter.tex filelib.tex filename.tex \
-		gb_sets.tex gb_trees.tex gen_event.tex gen_fsm.tex \
-		gen_server.tex io.tex io_lib.tex io_protocol.tex \
-		lib.tex lists.tex log_mf_h.tex math.tex ms_transform.tex \
-		orddict.tex ordsets.tex part.tex pg.tex pool.tex \
-		proc_lib.tex proplists.tex qlc.tex queue.tex \
-		random.tex re.tex ref_man.tex regexp.tex sets.tex \
-		shell.tex shell_default.tex slave.tex sofs.tex \
-		stdlib_app.tex string.tex supervisor.tex supervisor_bridge.tex \
-		sys.tex timer.tex unicode.tex unicode_usage.tex \
-		win32reg.tex zip.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: ushell1.ps
-
diff --git a/lib/stdlib/doc/src/notes.xml b/lib/stdlib/doc/src/notes.xml
index d9c220b996..42a26ee44a 100644
--- a/lib/stdlib/doc/src/notes.xml
+++ b/lib/stdlib/doc/src/notes.xml
@@ -30,6 +30,297 @@
   </header>
   <p>This document describes the changes made to the STDLIB application.</p>
 
+<section><title>STDLIB 1.18</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Improved algorithm in module <c>random</c>. Avoid seed
+	    values that are even divisors of the primes and by that
+	    prevent getting sub-seeds that are stuck on zero. Worst
+	    case was random:seed(0,0,0) that produced a series of
+	    only zeros. This is an incompatible change in the sense
+	    that applications that relies on reproducing a specific
+	    series for a given seed will fail. The pseudo random
+	    output is still deterministic but different compared to
+	    earlier versions.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-8713</p>
+        </item>
+        <item>
+	    <p> Calls to <c>global:whereis_name/1</c> have been
+	    substituted for calls to
+	    <c>global:safe_whereis_name/1</c> since the latter is not
+	    safe at all.</p>
+	    <p>The reason for not doing this earlier is that setting
+	    a global lock masked out a bug concerning the restart of
+	    supervised children. The bug has now been fixed by a
+	    modification of <c>global:whereis_name/1</c>. (Thanks to
+	    Ulf Wiger for code contribution.)</p>
+	    <p>A minor race conditions in <c>gen_fsm:start*</c> has
+	    been fixed: if one of these functions returned <c>{error,
+	    Reason}</c> or ignore, the name could still be registered
+	    (either locally or in <c>global</c>. (This is the same
+	    modification as was done for gen_server in OTP-7669.)</p>
+	    <p>The undocumented function
+	    <c>global:safe_whereis_name/1</c> has been removed. </p>
+          <p>
+	    Own Id: OTP-9212 Aux Id: seq7117, OTP-4174 </p>
+        </item>
+        <item>
+          <p>
+	    If a child of a supervisor terminates with reason
+	    {shutdown,Term} it is now handled by the supervisor as if
+	    the reason was 'shutdown'. </p>
+          <p>
+	    For children with restart type 'permanent', this implies
+	    no change. For children with restart type 'transient',
+	    the child will no longer be restarted and no supervisor
+	    report will be written. For children with restart type
+	    'temporary', no supervisor report will be written.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9222</p>
+        </item>
+        <item>
+          <p>
+	    Minor improvement of documentation regarding supervisor
+	    restart strategy for temporary and transient child
+	    processes.</p>
+          <p>
+	    Own Id: OTP-9381</p>
+        </item>
+        <item>
+	    <p>A Dets table with sufficiently large buckets could not
+	    always be repaired. This bug has been fixed. </p> <p>The
+	    format of Dets files has been modified. When downgrading
+	    tables created with the new system will be repaired.
+	    Otherwise the modification should not be noticeable. </p>
+          <p>
+	    Own Id: OTP-9607</p>
+        </item>
+        <item>
+	    <p> A few contracts in the <c>lists</c> module have been
+	    corrected. </p>
+          <p>
+	    Own Id: OTP-9616</p>
+        </item>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+	    <p> If a Dets table had been properly closed but the
+	    space management data could not been read, it was not
+	    possible to repair the file. This bug has been fixed.
+	    </p>
+          <p>
+	    Own Id: OTP-9622</p>
+        </item>
+        <item>
+          <p>
+	    The Unicode noncharacter code points 16#FFFE and 16#FFFE
+	    were not allowed to be encoded or decoded using the
+	    <c>unicode</c> module or bit syntax. That was
+	    inconsistent with the other noncharacters 16#FDD0 to
+	    16#FDEF that could be encoded/decoded. To resolve the
+	    inconsistency, 16#FFFE and 16#FFFE can now be encoded and
+	    decoded. (Thanks to Alisdair Sullivan.)</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9624</p>
+        </item>
+        <item>
+          <p>
+	    Make epp search directory of current file first when
+	    including another file This completes a partial fix in
+	    R11 that only worked for include_lib(). (Thanks to
+	    Richard Carlsson)</p>
+          <p>
+	    Own Id: OTP-9645</p>
+        </item>
+        <item>
+          <p>
+	    ms_transform: Fix incorrect `variable shadowed' warnings</p>
+          <p>
+	    This patch removes incorrect passing of variable bindings
+	    from one function clause to another. (Thanks to Haitao
+	    Li)</p>
+          <p>
+	    Own Id: OTP-9646</p>
+        </item>
+        <item>
+          <p>
+	    Explicitly kill dynamic children in supervisors</p>
+          <p>
+	    According to the supervisor's documentation: "Important
+	    note on simple-one-for-one supervisors: The dynamically
+	    created child processes of a simple-one-for-one
+	    supervisor are not explicitly killed, regardless of
+	    shutdown strategy, but are expected to terminate when the
+	    supervisor does (that is, when an exit signal from the
+	    parent process is received)."</p>
+          <p>
+	    All is fine as long as we stop simple_one_for_one
+	    supervisor manually. Dynamic children catch the exit
+	    signal from the supervisor and leave. But, if this
+	    happens when we stop an application, after the top
+	    supervisor has stopped, the application master kills all
+	    remaining processes associated to this application. So,
+	    dynamic children that trap exit signals can be killed
+	    during their cleanup (here we mean inside terminate/2).
+	    This is unpredictable and highly time-dependent.</p>
+          <p>
+	    In this commit, supervisor module is patched to
+	    explicitly terminate dynamic children accordingly to the
+	    shutdown strategy.</p>
+          <p>
+	    NOTE: Order in which dynamic children are stopped is not
+	    defined. In fact, this is "almost" done at the same time.</p>
+          <p>
+	    Stack errors when dynamic children are stopped</p>
+          <p>
+	    Because a simple_one_for_one supervisor can have many
+	    workers, we stack errors during its shutdown to report
+	    only one message for each encountered error type. Instead
+	    of reporting the child's pid, we use the number of
+	    concerned children. (Thanks to Christopher Faulet)</p>
+          <p>
+	    Own Id: OTP-9647</p>
+        </item>
+        <item>
+          <p>
+	    Allow an infinite timeout to shutdown worker processes</p>
+          <p>
+	    Now, in child specification, the shutdown value can also
+	    be set to infinity for worker children. This restriction
+	    was removed because this is not always possible to
+	    predict the shutdown time for a worker. This is highly
+	    application-dependent. Add a warning to docs about
+	    workers' shutdown strategy (Thanks to Christopher Faulet)</p>
+          <p>
+	    Own Id: OTP-9648</p>
+        </item>
+        <item>
+          <p>
+	    A badarg would sometimes occur in supervisor when
+	    printing error reports and the child pid was undefined.
+	    This has been corrected.</p>
+          <p>
+	    Own Id: OTP-9669</p>
+        </item>
+        <item>
+          <p>
+	    Fix re:split spec not to accept option 'global'(Thanks to
+	    Shunichi Shinohara)</p>
+          <p>
+	    Own Id: OTP-9691</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Fix a few tests that used to fail on the HiPE
+	    platform. </p>
+          <p>
+	    Own Id: OTP-9637</p>
+        </item>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+        <item>
+          <p>
+	    The deprecated '<c>regexp</c>' module has been removed.
+	    Use the '<c>re</c>' module instead.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9737</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>STDLIB 1.17.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/stdlib/doc/src/random.xml b/lib/stdlib/doc/src/random.xml
index 93affc3191..1b8fa44883 100644
--- a/lib/stdlib/doc/src/random.xml
+++ b/lib/stdlib/doc/src/random.xml
@@ -136,6 +136,11 @@
       <c>random_seed</c> to remember the current seed.</p>
     <p>If a process calls <c>uniform/0</c> or <c>uniform/1</c> without
       setting a seed first, <c>seed/0</c> is called automatically.</p>
+    <p>The implementation changed in R15. Upgrading to R15 will break
+      applications that expect a specific output for a given seed. The output
+      is still deterministic number series, but different compared to releases
+      older than R15. The seed <c>{0,0,0}</c> will for example no longer
+      produce a flawed series of only zeros.</p>
   </section>
 </erlref>
 
diff --git a/lib/stdlib/doc/src/re.xml b/lib/stdlib/doc/src/re.xml
index 18867cfb68..6d5336796c 100644
--- a/lib/stdlib/doc/src/re.xml
+++ b/lib/stdlib/doc/src/re.xml
@@ -41,8 +41,7 @@
     strings and binaries.</p>
 
     <p>The regular expression syntax and semantics resemble that of
-    Perl. This library replaces the deprecated pure-Erlang regexp
-    library; it has a richer syntax, more options and is faster.</p>
+    Perl.</p>
 
     <p>The library's matching algorithms are currently based on the
     PCRE library, but not all of the PCRE library is interfaced and
diff --git a/lib/stdlib/doc/src/ref_man.xml b/lib/stdlib/doc/src/ref_man.xml
index 85aae6151d..0f277f6c5e 100644
--- a/lib/stdlib/doc/src/ref_man.xml
+++ b/lib/stdlib/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -80,7 +80,6 @@
   <xi:include href="queue.xml"/>
   <xi:include href="random.xml"/>
   <xi:include href="re.xml"/>
-  <xi:include href="regexp.xml"/>
   <xi:include href="sets.xml"/>
   <xi:include href="shell.xml"/>
   <xi:include href="shell_default.xml"/>
diff --git a/lib/stdlib/doc/src/regexp.xml b/lib/stdlib/doc/src/regexp.xml
deleted file mode 100644
index 35d8e1c3f8..0000000000
--- a/lib/stdlib/doc/src/regexp.xml
+++ /dev/null
@@ -1,381 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE erlref SYSTEM "erlref.dtd">
-
-<erlref>
-  <header>
-    <copyright>
-      <year>1996</year><year>2011</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>regexp</title>
-    <prepared>Robert Virding</prepared>
-    <responsible>Bjarne Dacker</responsible>
-    <docno>1</docno>
-    <approved>Bjarne D&auml;cker</approved>
-    <checked></checked>
-    <date>96-09-28</date>
-    <rev>A</rev>
-    <file>regexp.sgml</file>
-  </header>
-  <module>regexp</module>
-  <modulesummary>Regular Expression Functions for Strings</modulesummary>
-  <description>
-    <note><p>This module has been obsoleted by the
-    <seealso marker="re">re</seealso> module and will be removed in a future
-    release.</p></note>
-    <p>This module contains functions for regular expression
-      matching and substitution.</p>
-  </description>
-  <datatypes>
-    <datatype>
-      <name name="errordesc"></name>
-    </datatype>
-    <datatype>
-      <name name="regexp"></name>
-      <desc><p>Internal representation of a regular expression.</p></desc>
-    </datatype>
-  </datatypes>
-  <funcs>
-    <func>
-      <name name="match" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds the first, longest match of the regular expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>. This function searches for the longest possible match and returns the first one found if there are several expressions of the same length. It returns as follows:</p>
-        <taglist>
-          <tag><c>{match,<anno>Start</anno>,<anno>Length</anno>}</c></tag>
-          <item>
-            <p>if the match succeeded. <c><anno>Start</anno></c> is the starting
-              position of the match, and <c><anno>Length</anno></c> is the length of
-              the matching string.</p>
-          </item>
-          <tag><c>nomatch</c></tag>
-          <item>
-            <p>if there were no matching characters.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="first_match" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds the first match of the regular expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>. This call is
-          usually faster than <c>match</c> and it is also a useful way to ascertain that a match exists. It returns as follows:</p>
-        <taglist>
-          <tag><c>{match,<anno>Start</anno>,<anno>Length</anno>}</c></tag>
-          <item>
-            <p>if the match succeeded. <c><anno>Start</anno></c> is the starting
-              position of the match and <c><anno>Length</anno></c> is the length of
-              the matching string.</p>
-          </item>
-          <tag><c>nomatch</c></tag>
-          <item>
-            <p>if there were no matching characters.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="matches" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds all non-overlapping matches of the
-          expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>.
-          It returns as follows:</p>
-        <taglist>
-          <tag><c>{match, <anno>Matches</anno>}</c></tag>
-          <item>
-            <p>if the regular expression was correct.
-              The list will be empty if there was no match. Each element in the list looks like <c>{<anno>Start</anno>, <anno>Length</anno>}</c>, where <c><anno>Start</anno></c> is the starting position of the match, and <c><anno>Length</anno></c> is the length of the matching string.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="sub" arity="3"/>
-      <fsummary>Substitute the first occurrence of a regular expression</fsummary>
-      <desc>
-        <p>Substitutes the first occurrence of a substring matching <c><anno>RegExp</anno></c> in <c><anno>String</anno></c> with the string <c><anno>New</anno></c>. A <c><![CDATA[&]]></c> in the string <c><anno>New</anno></c> is replaced by the matched substring of <c><anno>String</anno></c>.  <c><![CDATA[\&]]></c> puts a literal <c><![CDATA[&]]></c> into the replacement string. It returns as follows:</p>
-        <taglist>
-          <tag><c>{ok,<anno>NewString</anno>,<anno>RepCount</anno>}</c></tag>
-          <item>
-            <p>if <c><anno>RegExp</anno></c> is correct. <c><anno>RepCount</anno></c> is the number of replacements which have been made
-              (this will be either 0 or 1).</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="gsub" arity="3"/>
-      <fsummary>Substitute all occurrences of a regular expression</fsummary>
-      <desc>
-        <p>The same as <c>sub</c>, except that all non-overlapping
-          occurrences of a substring matching
-          <c><anno>RegExp</anno></c> in <c><anno>String</anno></c> are replaced by the string <c><anno>New</anno></c>. It returns:</p>
-        <taglist>
-          <tag><c>{ok,<anno>NewString</anno>,<anno>RepCount</anno>}</c></tag>
-          <item>
-            <p>if <c><anno>RegExp</anno></c> is correct. <c><anno>RepCount</anno></c> is the number of replacements which have been made.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="split" arity="2"/>
-      <fsummary>Split a string into fields</fsummary>
-      <desc>
-        <p><c><anno>String</anno></c> is split into fields (sub-strings) by the
-          regular expression <c><anno>RegExp</anno></c>.</p>
-        <p>If the separator expression is <c>" "</c> (a single space),
-          then the fields are separated by blanks and/or tabs and
-          leading and trailing blanks and tabs are discarded. For all
-          other values of the separator, leading and trailing blanks
-          and tabs are not discarded. It returns:</p>
-        <taglist>
-          <tag><c>{ok, <anno>FieldList</anno>}</c></tag>
-          <item>
-            <p>to indicate that the string has been split up into the fields of
-              <c><anno>FieldList</anno></c>.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="sh_to_awk" arity="1"/>
-      <fsummary>Convert an <c>sh</c>regular expression into an <c>AWK</c>one</fsummary>
-      <desc>
-        <p>Converts the <c>sh</c> type regular expression
-          <c><anno>ShRegExp</anno></c> into a full <c>AWK</c> regular
-          expression. Returns the converted regular expression
-          string. <c>sh</c> expressions are used in the shell for
-          matching file names and have the following special
-          characters:</p>
-        <taglist>
-          <tag><c>*</c></tag>
-          <item>
-            <p>matches any string including the null string.</p>
-          </item>
-          <tag><c>?</c></tag>
-          <item>
-            <p>matches any single character.</p>
-          </item>
-          <tag><c>[...]</c></tag>
-          <item>
-            <p>matches any of the enclosed characters. Character
-              ranges are specified by a pair of characters separated
-              by a <c>-</c>. If the first character after <c>[</c> is a
-              <c>!</c>, then any character not enclosed is matched.</p>
-          </item>
-        </taglist>
-        <p>It may sometimes be more practical to use <c>sh</c> type
-          expansions as they are simpler and easier to use, even though they are not as powerful.</p>
-      </desc>
-    </func>
-    <func>
-      <name name="parse" arity="1"/>
-      <fsummary>Parse a regular expression</fsummary>
-      <desc>
-        <p>Parses the regular expression <c><anno>RegExp</anno></c> and builds the
-          internal representation used in the other regular expression
-          functions. Such representations can be used in all of the
-          other functions instead of a regular expression string. This
-          is more efficient when the same regular expression is used
-          in many strings. It returns:</p>
-        <taglist>
-          <tag><c>{ok, <anno>RE</anno>}</c></tag>
-          <item>
-            <p>if <c>RegExp</c> is correct and <c><anno>RE</anno></c> is the internal representation.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="format_error" arity="1"/>
-      <fsummary>Format an error descriptor</fsummary>
-      <desc>
-        <p>Returns a string which describes the error <c><anno>ErrorDescriptor</anno></c>
-          returned when there is an error in a regular expression.</p>
-      </desc>
-    </func>
-  </funcs>
-
-  <section>
-    <title>Regular Expressions</title>
-    <p>The regular expressions allowed here is a subset of the set found
-      in <c>egrep</c> and in the <c>AWK</c> programming language, as
-      defined in the book, <c>The AWK Programming Language, by A. V. Aho, B. W. Kernighan, P. J. Weinberger</c>. They are
-      composed of the following characters:</p>
-    <taglist>
-      <tag>c</tag>
-      <item>
-        <p>matches the non-metacharacter <c>c</c>.</p>
-      </item>
-      <tag>\c</tag>
-      <item>
-        <p>matches the escape sequence or literal character <c>c</c>.</p>
-      </item>
-      <tag>.</tag>
-      <item>
-        <p>matches any character.</p>
-      </item>
-      <tag>^</tag>
-      <item>
-        <p>matches the beginning of a string.</p>
-      </item>
-      <tag>$</tag>
-      <item>
-        <p>matches the end of a string.</p>
-      </item>
-      <tag>[abc...]</tag>
-      <item>
-        <p>character class, which matches any of the characters
-          <c>abc...</c> Character ranges are specified by a pair of
-          characters separated by a <c>-</c>.</p>
-      </item>
-      <tag>[^abc...]</tag>
-      <item>
-        <p>negated character class, which matches any character except
-          <c>abc...</c>.</p>
-      </item>
-      <tag>r1 | r2</tag>
-      <item>
-        <p>alternation. It matches either <c>r1</c> or <c>r2</c>.</p>
-      </item>
-      <tag>r1r2</tag>
-      <item>
-        <p>concatenation. It matches <c>r1</c> and then <c>r2</c>.</p>
-      </item>
-      <tag>r+</tag>
-      <item>
-        <p>matches one or more <c>r</c>s.</p>
-      </item>
-      <tag>r*</tag>
-      <item>
-        <p>matches zero or more <c>r</c>s.</p>
-      </item>
-      <tag>r?</tag>
-      <item>
-        <p>matches zero or one <c>r</c>s.</p>
-      </item>
-      <tag>(r)</tag>
-      <item>
-        <p>grouping. It matches <c>r</c>.</p>
-      </item>
-    </taglist>
-    <p>The escape sequences allowed are the same as for Erlang
-      strings:</p>
-    <taglist>
-      <tag><c>\b</c></tag>
-      <item>
-        <p>backspace</p>
-      </item>
-      <tag><c>\f</c></tag>
-      <item>
-        <p>form feed </p>
-      </item>
-      <tag><c>\n</c></tag>
-      <item>
-        <p>newline (line feed) </p>
-      </item>
-      <tag><c>\r</c></tag>
-      <item>
-        <p>carriage return </p>
-      </item>
-      <tag><c>\t</c></tag>
-      <item>
-        <p>tab </p>
-      </item>
-      <tag><c>\e</c></tag>
-      <item>
-        <p>escape </p>
-      </item>
-      <tag><c>\v</c></tag>
-      <item>
-        <p>vertical tab </p>
-      </item>
-      <tag><c>\s</c></tag>
-      <item>
-        <p>space </p>
-      </item>
-      <tag><c>\d</c></tag>
-      <item>
-        <p>delete </p>
-      </item>
-      <tag><c>\ddd</c></tag>
-      <item>
-        <p>the octal value ddd </p>
-      </item>
-      <tag><c>\xhh</c></tag>
-      <item>
-        <p>The hexadecimal value <c>hh</c>.</p>
-      </item>
-      <tag><c>\x{h...}</c></tag>
-      <item>
-        <p>The hexadecimal value <c>h...</c>.</p>
-      </item>
-      <tag><c>\c</c></tag>
-      <item>
-        <p>any other character literally, for example <c>\\</c> for backslash,
-          <c>\"</c> for ")</p>
-      </item>
-    </taglist>
-    <p>To make these functions easier to use, in combination with the
-      function <c>io:get_line</c> which terminates the input line with
-      a new line, the <c>$</c> characters also matches a string ending
-      with <c>"...\n"</c>. The following examples
-      define Erlang data types:</p>
-    <pre>
-Atoms     [a-z][0-9a-zA-Z_]*
-
-Variables [A-Z_][0-9a-zA-Z_]*
-
-Floats    (\+|-)?[0-9]+\.[0-9]+((E|e)(\+|-)?[0-9]+)?</pre>
-    <p>Regular expressions are written as Erlang strings when used with the functions in this module. This means that any <c>\</c> or <c>"</c> characters in a regular expression
-      string must be written with <c>\</c> as they are also escape characters for the string. For example, the regular expression string for Erlang floats is:
-      <c>"(\\+|-)?[0-9]+\\.[0-9]+((E|e)(\\+|-)?[0-9]+)?"</c>.</p>
-    <p>It is not really necessary to have the escape sequences as part of the regular expression syntax as they can always be generated directly in the string. They are included for completeness and can they can also be useful when generating regular expressions, or when they are entered other than with Erlang strings.</p>
-  </section>
-</erlref>
-
diff --git a/lib/stdlib/doc/src/specs.xml b/lib/stdlib/doc/src/specs.xml
index 98338b5ec2..49c60529d2 100644
--- a/lib/stdlib/doc/src/specs.xml
+++ b/lib/stdlib/doc/src/specs.xml
@@ -46,7 +46,6 @@
   <xi:include href="../specs/specs_queue.xml"/>
   <xi:include href="../specs/specs_random.xml"/>
   <xi:include href="../specs/specs_re.xml"/>
-  <xi:include href="../specs/specs_regexp.xml"/>
   <xi:include href="../specs/specs_sets.xml"/>
   <xi:include href="../specs/specs_shell.xml"/>
   <xi:include href="../specs/specs_shell_default.xml"/>
diff --git a/lib/stdlib/doc/src/supervisor.xml b/lib/stdlib/doc/src/supervisor.xml
index ec607d6e4c..33a7f5bb6a 100644
--- a/lib/stdlib/doc/src/supervisor.xml
+++ b/lib/stdlib/doc/src/supervisor.xml
@@ -93,6 +93,10 @@
           instead the child specification identifier is used,
           <c>terminate_child/2</c> will return
           <c>{error,simple_one_for_one}</c>.</p>
+        <p>Because a <c>simple_one_for_one</c> supervisor could have many
+        children, it shuts them all down at same time. So, order in which they
+        are stopped is not defined. For the same reason, it could have an
+        overhead with regards to the <c>Shutdown</c> strategy.</p>
       </item>
     </list>
     <p>To prevent a supervisor from getting into an infinite loop of
@@ -123,25 +127,18 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
         <p><c>StartFunc</c> defines the function call used to start
           the child process. It should be a module-function-arguments
           tuple <c>{M,F,A}</c> used as <c>apply(M,F,A)</c>.</p>
-        <p>          <br></br>
-</p>
         <p>The start function <em>must create and link to</em> the child
           process, and should return <c>{ok,Child}</c> or
           <c>{ok,Child,Info}</c> where <c>Child</c> is the pid of
           the child process and <c>Info</c> an arbitrary term which is
           ignored by the supervisor.</p>
-        <p>          <br></br>
-</p>
         <p>The start function can also return <c>ignore</c> if the child
           process for some reason cannot be started, in which case
-          the child specification will be kept by the supervisor but
-          the non-existing child process will be ignored.</p>
-        <p>          <br></br>
-</p>
+          the child specification will be kept by the supervisor
+	  (unless it is a temporary child) but the non-existing child
+	  process will be ignored.</p>
         <p>If something goes wrong, the function may also return an
           error tuple <c>{error,Error}</c>.</p>
-        <p>          <br></br>
-</p>
         <p>Note that the <c>start_link</c> functions of the different
           behaviour modules fulfill the above requirements.</p>
       </item>
@@ -154,7 +151,7 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
           death causes the temporary process to be terminated) and a
           <c>transient</c> child process should be restarted only if
           it terminates abnormally, i.e. with another exit reason
-          than <c>normal</c>.</p>
+          than <c>normal</c>, <c>shutdown</c> or <c>{shutdown,Term}</c>.</p>
       </item>
       <item>
         <p><c>Shutdown</c> defines how a child process should be
@@ -169,7 +166,15 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
           <c>exit(Child,kill)</c>.</p>
         <p>If the child process is another supervisor, <c>Shutdown</c>
           should be set to <c>infinity</c> to give the subtree ample
-          time to shutdown.</p>
+          time to shutdown. It is also allowed to set it to <c>infinity</c>,
+          if the child process is a worker.</p>
+        <warning>
+          <p>Be careful by setting the <c>Shutdown</c> strategy to
+          <c>infinity</c> when the child process is a worker. Because, in this
+          situation, the termination of the supervision tree depends on the
+          child process, it must be implemented in a safe way and its cleanup
+          procedure must always return.</p>
+        </warning>
         <p><em>Important note on simple-one-for-one supervisors:</em>
           The dynamically created child processes of a
           simple-one-for-one supervisor are not explicitly killed,
@@ -343,14 +348,23 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
       <desc>
         <p>Tells the supervisor <c><anno>SupRef</anno></c> to terminate the given
           child.</p>
+
         <p>If the supervisor is not <c>simple_one_for_one</c>,
-          <c><anno>Id</anno></c> must be the child specification identifier. The
-          process, if there is one, is terminated but the child
-          specification is kept by the supervisor. The child process
-          may later be restarted by the supervisor. The child process
-          can also be restarted explicitly by calling
+          <c><anno>Id</anno></c> must be the child specification
+          identifier. The process, if there is one, is terminated and,
+          unless it is a temporary child, the child specification is
+          kept by the supervisor. The child process may later be
+          restarted by the supervisor. The child process can also be
+          restarted explicitly by calling
           <c>restart_child/2</c>. Use <c>delete_child/2</c> to remove
           the child specification.</p>
+
+	<p>If the child is temporary, the child specification is deleted as
+	  soon as the process terminates. This means
+	  that <c>delete_child/2</c> has no meaning
+	  and <c>restart_child/2</c> can not be used for these
+	  children.</p>
+
         <p>If the supervisor is <c>simple_one_for_one</c>, <c><anno>Id</anno></c>
           must be the child process' <c>pid()</c>. I the specified
           process is alive, but is not a child of the given
@@ -387,26 +401,34 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
       <name name="restart_child" arity="2"/>
       <fsummary>Restart a terminated child process belonging to a supervisor.</fsummary>
       <desc>
-        <p>Tells the supervisor <c><anno>SupRef</anno></c> to restart a child process
-          corresponding to the child specification identified by
-          <c><anno>Id</anno></c>. The child specification must exist and
-          the corresponding child process must not be running.</p>
-        <p>See <seealso marker="#SupRef"><c>start_child/2</c></seealso> for a description of
-          <c>SupRef</c>.</p>
-        <p>If the child specification identified by <c><anno>Id</anno></c> does not
-          exist, the function returns <c>{error,not_found}</c>. If
-          the child specification exists but the corresponding process
-          is already running, the function returns
+        <p>Tells the supervisor <c><anno>SupRef</anno></c> to restart
+          a child process corresponding to the child specification
+          identified by <c><anno>Id</anno></c>. The child
+          specification must exist and the corresponding child process
+          must not be running.</p>
+	<p>Note that for temporary children, the child specification
+	  is automatically deleted when the child terminates, and thus
+	  it is not possible to restart such children.</p>
+        <p>See <seealso marker="#SupRef"><c>start_child/2</c></seealso>
+          for a description of <c>SupRef</c>.</p>
+        <p>If the child specification identified
+          by <c><anno>Id</anno></c> does not exist, the function
+          returns <c>{error,not_found}</c>. If the child specification
+          exists but the corresponding process is already running, the
+          function returns
           <c>{error,running}</c>.</p>
-        <p>If the child process start function returns <c>{ok,<anno>Child</anno>}</c>
-          or <c>{ok,<anno>Child</anno>,<anno>Info</anno>}</c>, the pid is added to the supervisor
-          and the function returns the same value.</p>
+        <p>If the child process start function
+          returns <c>{ok,<anno>Child</anno>}</c>
+          or <c>{ok,<anno>Child</anno>,<anno>Info</anno>}</c>, the pid
+          is added to the supervisor and the function returns the same
+          value.</p>
         <p>If the child process start function returns <c>ignore</c>,
           the pid remains set to <c>undefined</c> and the function
           returns <c>{ok,undefined}</c>.</p>
-        <p>If the child process start function returns an error tuple or
-          an erroneous value, or if it fails, the function returns
-          <c>{error,<anno>Error</anno>}</c> where <c><anno>Error</anno></c> is a term containing
+        <p>If the child process start function returns an error tuple
+          or an erroneous value, or if it fails, the function returns
+          <c>{error,<anno>Error</anno>}</c>
+          where <c><anno>Error</anno></c> is a term containing
           information about the error.</p>
       </desc>
     </func>
diff --git a/lib/stdlib/doc/src/unicode.xml b/lib/stdlib/doc/src/unicode.xml
index d02763f75c..1001ebbae4 100644
--- a/lib/stdlib/doc/src/unicode.xml
+++ b/lib/stdlib/doc/src/unicode.xml
@@ -203,8 +203,7 @@
 	     <item>greater than <c>16#10FFFF</c>
 	     (the maximum unicode character),</item>
 	     <item>in the range <c>16#D800</c> to <c>16#DFFF</c>
-	     (invalid unicode range)</item>
-	     <item>or equal to 16#FFFE or 16#FFFF (non characters)</item>
+	       (invalid range reserved for UTF-16 surrogate pairs)</item>
 	   </list>
 	   is found.
 	   </item>
diff --git a/lib/stdlib/doc/src/unicode_usage.xml b/lib/stdlib/doc/src/unicode_usage.xml
index 0fa7de0a5c..a7e010a05f 100644
--- a/lib/stdlib/doc/src/unicode_usage.xml
+++ b/lib/stdlib/doc/src/unicode_usage.xml
@@ -59,7 +59,7 @@
 <title>Standard Unicode representation in Erlang</title>
 <p>In Erlang, strings are actually lists of integers. A string is defined to be encoded in the ISO-latin-1 (ISO8859-1) character set, which is, codepoint by codepoint, a sub-range of the Unicode character set.</p>
 <p>The standard list encoding for strings is therefore easily extendible to cope with the whole Unicode range: A Unicode string in Erlang is simply a list containing integers, each integer being a valid Unicode codepoint and representing one character in the Unicode character set.</p>
-<p>Regular Erlang strings in ISO-latin-1 are a subset of there Unicode strings.</p>
+<p>Regular Erlang strings in ISO-latin-1 are a subset of their Unicode strings.</p>
 
 <p>Binaries on the other hand are more troublesome. For performance reasons, programs often store textual data in binaries instead of lists, mainly because they are more compact (one byte per character instead of two words per character, as is the case with lists). Using erlang:list_to_binary/1, an regular Erlang string can be converted into a binary, effectively using the ISO-latin-1 encoding in the binary - one byte per character. This is very convenient for those regular Erlang strings, but cannot be done for Unicode lists.</p>
 <p>As the UTF-8 encoding is widely spread and provides the most compact storage, it is selected as the standard encoding of Unicode characters in binaries for Erlang.</p>
diff --git a/lib/stdlib/examples/erl_id_trans.erl b/lib/stdlib/examples/erl_id_trans.erl
index b63acdd40a..72e41d6473 100644
--- a/lib/stdlib/examples/erl_id_trans.erl
+++ b/lib/stdlib/examples/erl_id_trans.erl
@@ -419,7 +419,14 @@ expr({'fun',Line,Body}) ->
 	    {'fun',Line,{clauses,Cs1}};
 	{function,F,A} ->
 	    {'fun',Line,{function,F,A}};
-	{function,M,F,A} ->			%R10B-6: fun M:F/A.
+	{function,M,F,A} when is_atom(M), is_atom(F), is_integer(A) ->
+	    %% R10B-6: fun M:F/A. (Backward compatibility)
+	    {'fun',Line,{function,M,F,A}};
+	{function,M0,F0,A0} ->
+	    %% R15: fun M:F/A with variables.
+	    M = expr(M0),
+	    F = expr(F0),
+	    A = expr(A0),
 	    {'fun',Line,{function,M,F,A}}
     end;
 expr({call,Line,F0,As0}) ->
diff --git a/lib/stdlib/src/Makefile b/lib/stdlib/src/Makefile
index 600303d7e1..90e239b00f 100644
--- a/lib/stdlib/src/Makefile
+++ b/lib/stdlib/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -105,7 +105,6 @@ MODULES= \
 	qlc_pt \
 	queue \
 	random \
-	regexp \
 	sets \
 	shell \
 	shell_default \
diff --git a/lib/stdlib/src/beam_lib.erl b/lib/stdlib/src/beam_lib.erl
index fdfbb2e998..e9a5e6831e 100644
--- a/lib/stdlib/src/beam_lib.erl
+++ b/lib/stdlib/src/beam_lib.erl
@@ -224,7 +224,7 @@ version(File) ->
       MD5 :: binary().
 
 md5(File) ->
-    case catch read_significant_chunks(File) of
+    case catch read_significant_chunks(File, md5_chunks()) of
 	{ok, {Module, Chunks0}} ->
 	    Chunks = filter_funtab(Chunks0),
 	    {ok, {Module, erlang:md5([C || {_Id, C} <- Chunks])}};
@@ -395,7 +395,7 @@ strip_fils(Files) ->
 
 %% -> {ok, {Mod, FileName}} | {ok, {Mod, binary()}} | throw(Error)
 strip_file(File) ->
-    {ok, {Mod, Chunks}} = read_significant_chunks(File),
+    {ok, {Mod, Chunks}} = read_significant_chunks(File, significant_chunks()),
     {ok, Stripped0} = build_module(Chunks),
     Stripped = compress(Stripped0),
     case File of
@@ -453,8 +453,8 @@ is_useless_chunk("CInf") -> true;
 is_useless_chunk(_) -> false.
 
 %% -> {ok, {Module, Chunks}} | throw(Error)
-read_significant_chunks(File) ->
-    case read_chunk_data(File, significant_chunks(), [allow_missing_chunks]) of
+read_significant_chunks(File, ChunkList) ->
+    case read_chunk_data(File, ChunkList, [allow_missing_chunks]) of
 	{ok, {Module, Chunks0}} ->
 	    Mandatory = mandatory_chunks(),
 	    Chunks = filter_significant_chunks(Chunks0, Mandatory, File, Module),
@@ -835,12 +835,15 @@ file_error(FileName, {error, Reason}) ->
 error(Reason) ->
     throw({error, ?MODULE, Reason}).
 
-
-%% The following chunks are significant when calculating the MD5 for a module,
-%% and also the modules that must be retained when stripping a file.
-%% They are listed in the order that they should be MD5:ed.
+%% The following chunks must be kept when stripping a BEAM file.
 
 significant_chunks() ->
+    ["Line" | md5_chunks()].
+
+%% The following chunks are significant when calculating the MD5
+%% for a module. They are listed in the order that they should be MD5:ed.
+
+md5_chunks() ->
     ["Atom", "Code", "StrT", "ImpT", "ExpT", "FunT", "LitT"].
 
 %% The following chunks are mandatory in every Beam file.
diff --git a/lib/stdlib/src/c.erl b/lib/stdlib/src/c.erl
index febfdd6285..a920921a5e 100644
--- a/lib/stdlib/src/c.erl
+++ b/lib/stdlib/src/c.erl
@@ -797,7 +797,7 @@ appcall(App, M, F, Args) ->
     catch
 	error:undef ->
 	    case erlang:get_stacktrace() of
-		[{M,F,Args}|_] ->
+		[{M,F,Args,_}|_] ->
 		    Arity = length(Args),
 		    io:format("Call to ~w:~w/~w in application ~w failed.\n",
 			      [M,F,Arity,App]);
diff --git a/lib/stdlib/src/dets.erl b/lib/stdlib/src/dets.erl
index fa0641ffd9..c0f9ce34b0 100644
--- a/lib/stdlib/src/dets.erl
+++ b/lib/stdlib/src/dets.erl
@@ -1754,17 +1754,6 @@ system_code_change(State, _Module, _OldVsn, _Extra) ->
 %%% Internal functions
 %%%----------------------------------------------------------------------
 
-constants(FH, FileName) ->
-    Version = FH#fileheader.version,
-    if 
-        Version =< 8 ->
-            dets_v8:constants();
-        Version =:= 9 ->
-            dets_v9:constants();
-        true ->
-            throw({error, {not_a_dets_file, FileName}})
-    end.
-
 %% -> {ok, Fd, fileheader()} | throw(Error)
 read_file_header(FileName, Access, RamFile) ->
     BF = if
@@ -1842,7 +1831,11 @@ do_bchunk_init(Head, Tab) ->
 		    {H2, {error, old_version}};
 		Parms ->
                     L = dets_utils:all_allocated(H2),
-                    C0 = #dets_cont{no_objs = default, bin = <<>>, alloc = L},
+                    Bin = if
+                              L =:= <<>> -> eof;
+                              true -> <<>>
+                          end,
+                    C0 = #dets_cont{no_objs = default, bin = Bin, alloc = L},
 		    BinParms = term_to_binary(Parms),
 		    {H2, {C0#dets_cont{tab = Tab, proc = self(),what = bchunk},
                           [BinParms]}}
@@ -2475,10 +2468,23 @@ fopen2(Fname, Tab) ->
 	    %% Fd is not always closed upon error, but exit is soon called.
 	    {ok, Fd, FH} = read_file_header(Fname, Acc, Ram),
             Mod = FH#fileheader.mod,
-	    case Mod:check_file_header(FH, Fd) of
-		{error, not_closed} ->
-		    io:format(user,"dets: file ~p not properly closed, "
-			      "repairing ...~n", [Fname]),
+            Do = case Mod:check_file_header(FH, Fd) of
+                     {ok, Head1, ExtraInfo} ->
+                         Head2 = Head1#head{filename = Fname},
+                         try {ok, Mod:init_freelist(Head2, ExtraInfo)}
+                         catch
+                             throw:_ ->
+                                 {repair, " has bad free lists, repairing ..."}
+                         end;
+                     {error, not_closed} ->
+                         M = " not properly closed, repairing ...",
+                         {repair, M};
+                     Else ->
+                         Else
+                 end,
+            case Do of
+		{repair, Mess} ->
+                    io:format(user, "dets: file ~p~s~n", [Fname, Mess]),
                     Version = default,
                     case fsck(Fd, Tab, Fname, FH, default, default, Version) of
                         ok ->
@@ -2486,9 +2492,9 @@ fopen2(Fname, Tab) ->
                         Error ->
                             throw(Error)
                     end;
-		{ok, Head, ExtraInfo} ->
+		{ok, Head} ->
 		    open_final(Head, Fname, Acc, Ram, ?DEFAULT_CACHE, 
-			       Tab, ExtraInfo, false);
+			       Tab, false);
 		{error, Reason} ->
 		    throw({error, {Reason, Fname}})
 	    end;
@@ -2520,12 +2526,13 @@ fopen_existing_file(Tab, OpenArgs) ->
     V9 = (Version =:= 9) or (Version =:= default),
     MinF = (MinSlots =:= default) or (MinSlots =:= FH#fileheader.min_no_slots),
     MaxF = (MaxSlots =:= default) or (MaxSlots =:= FH#fileheader.max_no_slots),
-    Do = case (FH#fileheader.mod):check_file_header(FH, Fd) of
+    Mod = (FH#fileheader.mod),
+    Wh = case Mod:check_file_header(FH, Fd) of
 	     {ok, Head, true} when Rep =:= force, Acc =:= read_write,
 				   FH#fileheader.version =:= 9,
 				   FH#fileheader.no_colls =/= undefined,
 				   MinF, MaxF, V9 ->
-		 {compact, Head};
+		 {compact, Head, true};
              {ok, _Head, _Extra} when Rep =:= force, Acc =:= read ->
                  throw({error, {access_mode, Fname}});
 	     {ok, Head, need_compacting} when Acc =:= read ->
@@ -2555,6 +2562,17 @@ fopen_existing_file(Tab, OpenArgs) ->
 	     {error, Reason} ->
 		 throw({error, {Reason, Fname}})
 	 end,
+    Do = case Wh of
+             {Tag, Hd, Extra} when Tag =:= final; Tag =:= compact ->
+                 Hd1 = Hd#head{filename = Fname},
+                 try {Tag, Mod:init_freelist(Hd1, Extra)}
+                 catch
+                     throw:_ ->
+                         {repair, " has bad free lists, repairing ..."}
+                 end;
+             Else ->
+                 Else
+         end,
     case Do of
 	_ when FH#fileheader.type =/= Type ->
 	    throw({error, {type_mismatch, Fname}});
@@ -2563,8 +2581,7 @@ fopen_existing_file(Tab, OpenArgs) ->
 	{compact, SourceHead} ->
 	    io:format(user, "dets: file ~p is now compacted ...~n", [Fname]),
 	    {ok, NewSourceHead} = open_final(SourceHead, Fname, read, false,
-					     ?DEFAULT_CACHE, Tab, true,
-                                             Debug),
+					     ?DEFAULT_CACHE, Tab, Debug),
 	    case catch compact(NewSourceHead) of
 		ok ->
 		    erlang:garbage_collect(),
@@ -2584,9 +2601,9 @@ fopen_existing_file(Tab, OpenArgs) ->
 		      Version, OpenArgs);
 	_ when FH#fileheader.version =/= Version, Version =/= default ->
 	    throw({error, {version_mismatch, Fname}});
-	{final, H, EI} ->
+	{final, H} ->
 	    H1 = H#head{auto_save = Auto},
-	    open_final(H1, Fname, Acc, Ram, CacheSz, Tab, EI, Debug)
+	    open_final(H1, Fname, Acc, Ram, CacheSz, Tab, Debug)
     end.
 
 do_repair(Fd, Tab, Fname, FH, MinSlots, MaxSlots, Version, OpenArgs) ->
@@ -2600,19 +2617,16 @@ do_repair(Fd, Tab, Fname, FH, MinSlots, MaxSlots, Version, OpenArgs) ->
     end.
 
 %% -> {ok, head()} | throw(Error)
-open_final(Head, Fname, Acc, Ram, CacheSz, Tab, ExtraInfo, Debug) ->
+open_final(Head, Fname, Acc, Ram, CacheSz, Tab, Debug) ->
     Head1 = Head#head{access = Acc,
 		      ram_file = Ram,
 		      filename = Fname,
 		      name = Tab,
 		      cache = dets_utils:new_cache(CacheSz)},
     init_disk_map(Head1#head.version, Tab, Debug),
-    Mod = Head#head.mod,
-    Mod:cache_segps(Head1#head.fptr, Fname, Head1#head.next),
-    Ftab = Mod:init_freelist(Head1, ExtraInfo),
+    (Head1#head.mod):cache_segps(Head1#head.fptr, Fname, Head1#head.next),
     check_growth(Head1),
-    NewHead = Head1#head{freelists = Ftab},
-    {ok, NewHead}.
+    {ok, Head1}.
 
 %% -> {ok, head()} | throw(Error)
 fopen_init_file(Tab, OpenArgs) ->
@@ -3139,8 +3153,12 @@ init_scan(Head, NoObjs) ->
     check_safe_fixtable(Head),
     FreeLists = dets_utils:get_freelists(Head),
     Base = Head#head.base,
-    {From, To} = dets_utils:find_next_allocated(FreeLists, Base, Base),
-    #dets_cont{no_objs = NoObjs, bin = <<>>, alloc = {From, To, <<>>}}.
+    case dets_utils:find_next_allocated(FreeLists, Base, Base) of
+        {From, To} ->
+            #dets_cont{no_objs = NoObjs, bin = <<>>, alloc = {From,To,<<>>}};
+        none ->
+            #dets_cont{no_objs = NoObjs, bin = eof, alloc = <<>>}
+    end.
 
 check_safe_fixtable(Head) ->
     case (Head#head.fixed =:= false) andalso 
@@ -3241,18 +3259,20 @@ view(FileName) ->
     case catch read_file_header(FileName, read, false) of
         {ok, Fd, FH} ->
 	    Mod = FH#fileheader.mod,
-	    case Mod:check_file_header(FH, Fd) of
-		{ok, H0, ExtraInfo} ->
-		    Ftab = Mod:init_freelist(H0, ExtraInfo),
-		    {_Bump, Base} = constants(FH, FileName),
-		    H = H0#head{freelists=Ftab, base = Base},
-		    v_free_list(H),
-		    Mod:v_segments(H),
-		    file:close(Fd);
-		X ->
-		    file:close(Fd),
-		    X
-	    end;
+            try Mod:check_file_header(FH, Fd) of
+                {ok, H0, ExtraInfo} ->
+                    Mod = FH#fileheader.mod,
+                    case Mod:check_file_header(FH, Fd) of
+                        {ok, H0, ExtraInfo} ->
+                            H = Mod:init_freelist(H0, ExtraInfo),
+                            v_free_list(H),
+                            Mod:v_segments(H),
+                            ok;
+                        X ->
+                            X
+                    end
+            after file:close(Fd)
+            end;
 	X -> 
 	    X
     end.
diff --git a/lib/stdlib/src/dets.hrl b/lib/stdlib/src/dets.hrl
index fbffc9d008..a3f99357a2 100644
--- a/lib/stdlib/src/dets.hrl
+++ b/lib/stdlib/src/dets.hrl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -92,6 +92,7 @@
 %% Info extracted from the file header.
 -record(fileheader, {
 	  freelist,
+          fl_base,
 	  cookie,
 	  closed_properly,
 	  type,
diff --git a/lib/stdlib/src/dets_v8.erl b/lib/stdlib/src/dets_v8.erl
index cdd38d5604..3e962a1c8b 100644
--- a/lib/stdlib/src/dets_v8.erl
+++ b/lib/stdlib/src/dets_v8.erl
@@ -21,7 +21,7 @@
 %% Dets files, implementation part. This module handles versions up to
 %% and including 8(c). To be called from dets.erl only.
 
--export([constants/0, mark_dirty/1, read_file_header/2,
+-export([mark_dirty/1, read_file_header/2,
          check_file_header/2, do_perform_save/1, initiate_file/11,
          init_freelist/2, fsck_input/4,
          bulk_input/3, output_objs/4, write_cache/1, may_grow/3,
@@ -196,10 +196,6 @@
 %%-define(DEBUGF(X,Y), io:format(X, Y)).
 -define(DEBUGF(X,Y), void).
 
-%% {Bump}
-constants() ->
-    {?BUMP, ?BASE}.
-
 %% -> ok | throw({NewHead,Error})
 mark_dirty(Head) ->
     Dirty = [{?CLOSED_PROPERLY_POS, <<?NOT_PROPERLY_CLOSED:32>>}],
@@ -308,8 +304,9 @@ init_freelist(Head, {convert_freelist,_Version}) ->
     Pos = Head#head.freelists_p,
     case catch prterm(Head, Pos, ?OHDSZ) of
 	{0, _Sz, Term}  ->
-	    FreeList = lists:reverse(Term),
-	    dets_utils:init_slots_from_old_file(FreeList, Ftab);
+	    FreeList1 = lists:reverse(Term),
+            FreeList = dets_utils:init_slots_from_old_file(FreeList1, Ftab),
+            Head#head{freelists = FreeList, base = ?BASE};
 	_ ->
 	    throw({error, {bad_freelists, Head#head.filename}})
     end;
@@ -318,7 +315,7 @@ init_freelist(Head, _) ->
     Pos = Head#head.freelists_p,
     case catch prterm(Head, Pos, ?OHDSZ) of
 	{0, _Sz, Term}  ->
-	    Term;
+            Head#head{freelists = Term, base = ?BASE};
 	_ ->
 	    throw({error, {bad_freelists, Head#head.filename}})
     end.
@@ -331,6 +328,7 @@ read_file_header(Fd, FileName) ->
     {ok, EOF} = dets_utils:position_close(Fd, FileName, eof),
     {ok, <<FileSize:32>>} = dets_utils:pread_close(Fd, FileName, EOF-4, 4),
     FH = #fileheader{freelist = Freelist,
+                     fl_base = ?BASE,
 		     cookie = Cookie,
 		     closed_properly = CP,
 		     type = dets_utils:code_to_type(Type2),
@@ -413,7 +411,7 @@ check_file_header(FH, Fd) ->
 	      version = ?FILE_FORMAT_VERSION,
 	      mod = ?MODULE,
 	      bump = ?BUMP,
-	      base = ?BASE},
+	      base = FH#fileheader.fl_base},
 	    {ok, H, ExtraInfo};
 	Error ->
 	    Error
diff --git a/lib/stdlib/src/dets_v9.erl b/lib/stdlib/src/dets_v9.erl
index 132af01f79..f577b4410f 100644
--- a/lib/stdlib/src/dets_v9.erl
+++ b/lib/stdlib/src/dets_v9.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 %% Dets files, implementation part. This module handles version 9.
 %% To be called from dets.erl only.
 
--export([constants/0, mark_dirty/1, read_file_header/2,
+-export([mark_dirty/1, read_file_header/2,
          check_file_header/2, do_perform_save/1, initiate_file/11,
          prep_table_copy/9, init_freelist/2, fsck_input/4,
          bulk_input/3, output_objs/4, bchunk_init/2,
@@ -70,6 +70,17 @@
 %%    16     MD5-sum for the 44 plus 112 bytes before the MD5-sum.
 %%           (FreelistsPointer, Cookie and ClosedProperly are not digested.)
 %%    128    Reserved for future versions. Initially zeros.
+%%           Version 9(d), introduced in R15A, has instead:
+%%    112    28 counters for the buddy system sizes (as for 9(b)).
+%%    16     MD5-sum for the 44 plus 112 bytes before the MD5-sum.
+%%           (FreelistsPointer, Cookie and ClosedProperly are not digested.)
+%%    4      Base of the buddy system.
+%%           0 (zero) if the base is equal to ?BASE. Compatible with R14B.
+%%           File size at the end of the file is RealFileSize - Base.
+%%           The reason for modifying file size is that when a file created
+%%           by R15 is read by R14 a repair takes place immediately, which
+%%           is acceptable when downgrading.
+%%    124    Reserved for future versions. Initially zeros.
 %%  ---
 %%  ------------------ end of file header
 %%    4*256  SegmentArray Pointers.
@@ -86,7 +97,7 @@
 %%  -----------------------------
 %%    ???    Free lists
 %%  -----------------------------
-%%    4      File size, in bytes. 
+%%    4      File size, in bytes. See 9(d) obove.
 
 %%  Before we can find an object we must find the slot where the
 %%  object resides. Each slot is a (possibly empty) list (or chain) of
@@ -177,14 +188,14 @@
 %%% File header
 %%%
 
--define(RESERVED, 128).        % Reserved for future use.
+-define(RESERVED, 124).        % Reserved for future use.
 
 -define(COLL_CNTRS, (28*4)).     % Counters for the buddy system.
 -define(MD5SZ, 16).
+-define(FL_BASE, 4).
 
--define(HEADSZ, 
-        56+?COLL_CNTRS+?MD5SZ). % The size of the file header, in bytes,
-                                % not including the reserved part.
+-define(HEADSZ, 56+?COLL_CNTRS  % The size of the file header, in bytes,
+            +?MD5SZ+?FL_BASE).  % not including the reserved part.
 -define(HEADEND, (?HEADSZ+?RESERVED)). 
                                % End of header and reserved area.
 -define(SEGSZ, 512).           % Size of a segment, in words. SZOBJP*SEGSZP.
@@ -270,10 +281,6 @@
 %%-define(DEBUGF(X,Y), io:format(X, Y)).
 -define(DEBUGF(X,Y), void).
 
-%% {Bump}
-constants() ->
-    {?BUMP, ?BASE}.
-
 %% -> ok | throw({NewHead,Error})
 mark_dirty(Head) ->
     Dirty = [{?CLOSED_PROPERLY_POS, <<?NOT_PROPERLY_CLOSED:32>>}],
@@ -356,7 +363,7 @@ init_file(Fd, Tab, Fname, Type, Kp, MinSlots, MaxSlots, Ram, CacheSz,
       cache = dets_utils:new_cache(CacheSz),
       version = ?FILE_FORMAT_VERSION,
       bump = ?BUMP,
-      base = ?BASE,
+      base = ?BASE, % to be overwritten
       mod = ?MODULE
      },
 
@@ -378,13 +385,20 @@ init_file(Fd, Tab, Fname, Type, Kp, MinSlots, MaxSlots, Ram, CacheSz,
     {Head1, Ws1} = init_parts(Head0, 0, no_parts(Next), Zero, []),
     NoSegs = no_segs(Next),
 
-    {Head, WsI, WsP} = init_segments(Head1, 0, NoSegs, Zero, [], []),
+    {Head2, WsI, WsP} = init_segments(Head1, 0, NoSegs, Zero, [], []),
     Ws2 = if
 	      DoInitSegments -> WsP ++ WsI;
 	      true -> WsP
 	 end,
     dets_utils:pwrite(Fd, Fname, [W0 | lists:append(Ws1) ++ Ws2]),
-    true = hash_invars(Head),
+    true = hash_invars(Head2),
+    %% The allocations that have been made so far (parts, segments)
+    %% are permanent; the table will never shrink. Therefore the base
+    %% of the Buddy system can be set to the first free object.
+    %% This is used in allocate_all(), see below.
+    {_, Where, _} = dets_utils:alloc(Head2, ?BUMP),
+    NewFtab = dets_utils:init_alloc(Where),
+    Head = Head2#head{freelists = NewFtab, base = Where},
     {ok, Head}.
 
 %% Returns a power of two not less than 256.
@@ -451,8 +465,9 @@ read_file_header(Fd, FileName) ->
       Version:32,    M:32,       Next:32,       Kp:32,
       NoObjects:32,  NoKeys:32,  MinNoSlots:32, MaxNoSlots:32,
       HashMethod:32, N:32, NoCollsB:?COLL_CNTRS/binary, 
-      MD5:?MD5SZ/binary>> = Bin,
-    <<_:12/binary,MD5DigestedPart:(?HEADSZ-?MD5SZ-12)/binary,_/binary>> = Bin,
+      MD5:?MD5SZ/binary, FlBase:32>> = Bin,
+    <<_:12/binary,MD5DigestedPart:(?HEADSZ-?MD5SZ-?FL_BASE-12)/binary,
+      _/binary>> = Bin,
     {ok, EOF} = dets_utils:position_close(Fd, FileName, eof),
     {ok, <<FileSize:32>>} = dets_utils:pread_close(Fd, FileName, EOF-4, 4),
     {CL, <<>>} = lists:foldl(fun(LSz, {Acc,<<NN:32,R/binary>>}) -> 
@@ -468,8 +483,12 @@ read_file_header(Fd, FileName) ->
 	    true ->
 		lists:reverse(CL)
 	end,
-			     
+    Base = case FlBase of
+               0 -> ?BASE;
+               _ -> FlBase
+           end,
     FH = #fileheader{freelist = FreeList,
+                     fl_base = Base,
 		     cookie = Cookie,
 		     closed_properly = CP,
 		     type = dets_utils:code_to_type(Type2),
@@ -486,7 +505,7 @@ read_file_header(Fd, FileName) ->
                      read_md5 = MD5,
                      has_md5 = <<0:?MD5SZ/unit:8>> =/= MD5,
                      md5 = erlang:md5(MD5DigestedPart),
-		     trailer = FileSize,
+		     trailer = FileSize + FlBase,
 		     eof = EOF,
 		     n = N,
 		     mod = ?MODULE},
@@ -544,7 +563,7 @@ check_file_header(FH, Fd) ->
 	      version = ?FILE_FORMAT_VERSION,
 	      mod = ?MODULE,
 	      bump = ?BUMP,
-	      base = ?BASE},
+	      base = FH#fileheader.fl_base},
 	    {ok, H, ExtraInfo};
 	Error ->
 	    Error
@@ -1185,41 +1204,25 @@ write_loop(Head, BytesToWrite, Bin) ->
     write_loop(Head, BytesToWrite, SmallBin).
 
 %% By allocating bigger objects before smaller ones, holes in the
-%% buddy system memory map are avoided. Unfortunately, the segments
-%% are always allocated first, so if there are objects bigger than a
-%% segment, there is a hole to handle. (Haven't considered placing the
-%% segments among other objects of the same size.)
+%% buddy system memory map are avoided.
 allocate_all_objects(Head, SizeT) ->
     DTL = lists:reverse(lists:keysort(1, ets:tab2list(SizeT))),
     MaxSz = element(1, hd(DTL)),
-    SegSize = ?ACTUAL_SEG_SIZE,
-    {Head1, HSz, HN, HA} = alloc_hole(MaxSz, Head, SegSize),
-    {Head2, NL} = allocate_all(Head1, DTL, []),
+    {Head1, NL} = allocate_all(Head, DTL, []),
     %% Find the position that will be the end of the file by allocating
     %% a minimal object.
-    {_Head, EndOfFile, _} = dets_utils:alloc(Head2, ?BUMP),
-    Head3 = free_hole(Head2, HSz, HN, HA),
-    NewHead = Head3#head{maxobjsize = max_objsize(Head3#head.no_collections)},
+    {_Head, EndOfFile, _} = dets_utils:alloc(Head1, ?BUMP),
+    NewHead = Head1#head{maxobjsize = max_objsize(Head1#head.no_collections)},
     {NewHead, NL, MaxSz, EndOfFile}.
 
-alloc_hole(LSize, Head, SegSz) when ?POW(LSize-1) > SegSz ->
-    Size = ?POW(LSize-1),
-    {_, SegAddr, _} = dets_utils:alloc(Head, adjsz(SegSz)),
-    {_, Addr, _} = dets_utils:alloc(Head, adjsz(Size)),
-    N = (Addr - SegAddr) div SegSz,
-    Head1 = dets_utils:alloc_many(Head, SegSz, N, SegAddr),
-    {Head1, SegSz, N, SegAddr};
-alloc_hole(_MaxSz, Head, _SegSz) ->
-    {Head, 0, 0, 0}.
-
-free_hole(Head, _Size, 0, _Addr) ->
-    Head;
-free_hole(Head, Size, N, Addr) ->
-    {Head1, _} = dets_utils:free(Head, Addr, adjsz(Size)),
-    free_hole(Head1, Size, N-1, Addr+Size).
-
 %% One (temporary) file for each buddy size, write all objects of that
 %% size to the file.
+%%
+%% Before R15 a "hole" was needed before the first bucket if the size
+%% of the biggest bucket was greater than the size of a segment. The
+%% hole proved to be a problem with almost full tables with huge
+%% buckets. Since R15 the hole is no longer needed due to the fact
+%% that the base of the Buddy system is flexible.
 allocate_all(Head, [{?FSCK_SEGMENT,_,Data,_}], L) ->
     %% And one file for the segments...
     %% Note that space for the array parts and the segments has
@@ -1593,23 +1596,28 @@ do_perform_save(H) ->
     H1 = H#head{freelists_p = FreeListsPointer},
     {FLW, FLSize} = free_lists_to_file(H1),
     FileSize = FreeListsPointer + FLSize + 4,
-    ok = dets_utils:write(H1, [FLW | <<FileSize:32>>]),
+    AdjustedFileSize = case H#head.base of
+                           ?BASE -> FileSize;
+                           Base -> FileSize - Base
+                       end,
+    ok = dets_utils:write(H1, [FLW | <<AdjustedFileSize:32>>]),
     FileHeader = file_header(H1, FreeListsPointer, ?CLOSED_PROPERLY),
     case dets_utils:debug_mode() of
         true -> 
-            TmpHead = H1#head{freelists = init_freelist(H1, true), 
-                              fixed = false},
+            TmpHead0 = init_freelist(H1#head{fixed = false}, true),
+            TmpHead = TmpHead0#head{base = H1#head.base},
             case 
                 catch dets_utils:all_allocated_as_list(TmpHead)
                       =:= dets_utils:all_allocated_as_list(H1)
-                of
+            of
                 true -> 
                     dets_utils:pwrite(H1, [{0, FileHeader}]);
                 _ -> 
+                    throw(
                     dets_utils:corrupt_reason(H1, {failed_to_save_free_lists,
                                                    FreeListsPointer,
                                                    TmpHead#head.freelists,
-                                                   H1#head.freelists})
+                                                   H1#head.freelists}))
             end;
         false ->
             dets_utils:pwrite(H1, [{0, FileHeader}])
@@ -1648,7 +1656,11 @@ file_header(Head, FreeListsPointer, ClosedProperly, NoColls) ->
               true -> erlang:md5(DigH);
               false -> <<0:?MD5SZ/unit:8>>
           end,
-    [H1, DigH, MD5 | <<0:?RESERVED/unit:8>>].
+    Base = case Head#head.base of
+               ?BASE -> <<0:32>>;
+               FlBase -> <<FlBase:32>>
+           end,
+    [H1, DigH, MD5, Base | <<0:?RESERVED/unit:8>>].
 
 %% Going through some trouble to avoid creating one single binary for
 %% the free lists. If the free lists are huge, binary_to_term and
@@ -1695,8 +1707,8 @@ free_lists_from_file(H, Pos) ->
     case catch bin_to_tree([], H, start, FL, -1, []) of
 	{'EXIT', _} ->
 	    throw({error, {bad_freelists, H#head.filename}});
-	Reply ->
-	    Reply
+        Ftab ->
+            H#head{freelists = Ftab, base = ?BASE}
     end.
 
 bin_to_tree(Bin, H, LastPos, Ftab, A0, L) ->
diff --git a/lib/stdlib/src/epp.erl b/lib/stdlib/src/epp.erl
index d804c1dee5..ccc14610d7 100644
--- a/lib/stdlib/src/epp.erl
+++ b/lib/stdlib/src/epp.erl
@@ -267,8 +267,10 @@ init_server(Pid, Name, File, AtLocation, Path, Pdm, Pre) ->
     case user_predef(Pdm, Ms0) of
 	{ok,Ms1} ->
 	    epp_reply(Pid, {ok,self()}),
+            %% ensure directory of current source file is first in path
+            Path1 = [filename:dirname(Name) | Path],
 	    St = #epp{file=File, location=AtLocation, delta=0, name=Name,
-                      name2=Name, path=Path, macs=Ms1, pre_opened = Pre},
+                      name2=Name, path=Path1, macs=Ms1, pre_opened = Pre},
 	    From = wait_request(St),
 	    enter_file_reply(From, Name, AtLocation, AtLocation),
 	    wait_req_scan(St);
@@ -360,18 +362,18 @@ wait_req_skip(St, Sis) ->
     From = wait_request(St),
     skip_toks(From, St, Sis).
 
-%% enter_file(Path, FileName, IncludeToken, From, EppState)
+%% enter_file(FileName, IncludeToken, From, EppState)
 %% leave_file(From, EppState)
 %%  Handle entering and leaving included files. Notify caller when the
 %%  current file is changed. Note it is an error to exit a file if we are
 %%  in a conditional. These functions never return.
 
-enter_file(_Path, _NewName, Inc, From, St)
+enter_file(_NewName, Inc, From, St)
   when length(St#epp.sstk) >= 8 ->
     epp_reply(From, {error,{abs_loc(Inc),epp,{depth,"include"}}}),
     wait_req_scan(St);
-enter_file(Path, NewName, Inc, From, St) ->
-    case file:path_open(Path, NewName, [read]) of
+enter_file(NewName, Inc, From, St) ->
+    case file:path_open(St#epp.path, NewName, [read]) of
 	{ok,NewF,Pname} ->
             Loc = start_loc(St#epp.location),
 	    wait_req_scan(enter_file2(NewF, Pname, From, St, Loc));
@@ -384,13 +386,16 @@ enter_file(Path, NewName, Inc, From, St) ->
 %%  Set epp to use this file and "enter" it.
 
 enter_file2(NewF, Pname, From, St, AtLocation) ->
-    enter_file2(NewF, Pname, From, St, AtLocation, []).
-
-enter_file2(NewF, Pname, From, St, AtLocation, ExtraPath) ->
     Loc = start_loc(AtLocation),
     enter_file_reply(From, Pname, Loc, AtLocation),
     Ms = dict:store({atom,'FILE'}, {none,[{string,Loc,Pname}]}, St#epp.macs),
-    Path = St#epp.path ++ ExtraPath,
+    %% update the head of the include path to be the directory of the new
+    %% source file, so that an included file can always include other files
+    %% relative to its current location (this is also how C does it); note
+    %% that the directory of the parent source file (the previous head of
+    %% the path) must be dropped, otherwise the path used within the current
+    %% file will depend on the order of file inclusions in the parent files
+    Path = [filename:dirname(Pname) | tl(St#epp.path)],
     #epp{file=NewF,location=Loc,name=Pname,delta=0,
          sstk=[St|St#epp.sstk],path=Path,macs=Ms}.
 
@@ -655,7 +660,7 @@ scan_undef(_Toks, Undef, From, St) ->
 scan_include([{'(',_Llp},{string,_Lf,NewName0},{')',_Lrp},{dot,_Ld}], Inc,
 	     From, St) ->
     NewName = expand_var(NewName0),
-    enter_file(St#epp.path, NewName, Inc, From, St);
+    enter_file(NewName, Inc, From, St);
 scan_include(_Toks, Inc, From, St) ->
     epp_reply(From, {error,{abs_loc(Inc),epp,{bad,include}}}),
     wait_req_scan(St).
@@ -684,12 +689,11 @@ scan_include_lib([{'(',_Llp},{string,_Lf,NewName0},{')',_Lrp},{dot,_Ld}],
 	{error,_E1} ->
 	    case catch find_lib_dir(NewName) of
 		{LibDir, Rest} when is_list(LibDir) ->
-		    LibName = filename:join([LibDir | Rest]),
+		    LibName = fname_join([LibDir | Rest]),
 		    case file:open(LibName, [read]) of
 			{ok,NewF} ->
-			    ExtraPath = [filename:dirname(LibName)],
 			    wait_req_scan(enter_file2(NewF, LibName, From,
-                                                      St, Loc, ExtraPath));
+                                                      St, Loc));
 			{error,_E2} ->
 			    epp_reply(From,
 				      {error,{abs_loc(Inc),epp,
@@ -1154,7 +1158,12 @@ expand_var1(NewName) ->
     [[$$ | Var] | Rest] = filename:split(NewName),
     Value = os:getenv(Var),
     true = Value =/= false,
-    {ok, filename:join([Value | Rest])}.
+    {ok, fname_join([Value | Rest])}.
+
+fname_join(["." | [_|_]=Rest]) ->
+    fname_join(Rest);
+fname_join(Components) ->
+    filename:join(Components).
 
 %% The line only. (Other tokens may have the column and text as well...)
 loc_attr(Line) when is_integer(Line) ->
diff --git a/lib/stdlib/src/erl_eval.erl b/lib/stdlib/src/erl_eval.erl
index 515ea2ebb7..bf3c7b3504 100644
--- a/lib/stdlib/src/erl_eval.erl
+++ b/lib/stdlib/src/erl_eval.erl
@@ -256,7 +256,8 @@ expr({'receive',_,Cs}, Bs, Lf, Ef, RBs) ->
 expr({'receive',_, Cs, E, TB}, Bs0, Lf, Ef, RBs) ->
     {value,T,Bs} = expr(E, Bs0, Lf, Ef, none),
     receive_clauses(T, Cs, {TB,Bs}, Bs0, Lf, Ef, [], RBs);
-expr({'fun',_Line,{function,Mod,Name,Arity}}, Bs, _Lf, _Ef, RBs) ->
+expr({'fun',_Line,{function,Mod0,Name0,Arity0}}, Bs0, Lf, Ef, RBs) ->
+    {[Mod,Name,Arity],Bs} = expr_list([Mod0,Name0,Arity0], Bs0, Lf, Ef),
     F = erlang:make_fun(Mod, Name, Arity),
     ret_expr(F, Bs, RBs);    
 expr({'fun',_Line,{function,Name,Arity}}, _Bs0, _Lf, _Ef, _RBs) -> % R8
@@ -340,7 +341,7 @@ expr({call,_,{remote,_,Mod,Func},As0}, Bs0, Lf, Ef, RBs) ->
         true ->
             bif(F, As, Bs3, Ef, RBs);
         false ->
-            do_apply({M,F}, As, Bs3, Ef, RBs)
+            do_apply(M, F, As, Bs3, Ef, RBs)
     end;
 expr({call,_,{atom,_,Func},As0}, Bs0, Lf, Ef, RBs) ->
     case erl_internal:bif(Func, length(As0)) of
@@ -498,11 +499,11 @@ local_func2({eval,F,As,Bs}, RBs) -> % This reply is not documented.
 bif(apply, [erlang,apply,As], Bs, Ef, RBs) ->
     bif(apply, As, Bs, Ef, RBs);
 bif(apply, [M,F,As], Bs, Ef, RBs) ->
-    do_apply({M,F}, As, Bs, Ef, RBs);
+    do_apply(M, F, As, Bs, Ef, RBs);
 bif(apply, [F,As], Bs, Ef, RBs) ->
     do_apply(F, As, Bs, Ef, RBs);
 bif(Name, As, Bs, Ef, RBs) ->
-    do_apply({erlang,Name}, As, Bs, Ef, RBs).
+    do_apply(erlang, Name, As, Bs, Ef, RBs).
 
 %% do_apply(MF, Arguments, Bindings, ExternalFuncHandler, RBs) ->
 %%	{value,Value,Bindings} | Value when
@@ -562,6 +563,19 @@ do_apply(Func, As, Bs0, Ef, RBs) ->
             ret_expr(F(Func, As), Bs0, RBs)
     end.
 
+do_apply(Mod, Func, As, Bs0, Ef, RBs) ->
+    case Ef of
+        none when RBs =:= value ->
+            %% Make tail recursive calls when possible.
+            apply(Mod, Func, As);
+        none ->
+            ret_expr(apply(Mod, Func, As), Bs0, RBs);
+        {value,F} when RBs =:= value ->
+            F({Mod,Func}, As);
+        {value,F} ->
+            ret_expr(F({Mod,Func}, As), Bs0, RBs)
+    end.
+
 %% eval_lc(Expr, [Qualifier], Bindings, LocalFunctionHandler, 
 %%         ExternalFuncHandler, RetBindings) ->
 %%	{value,Value,Bindings} | Value
@@ -621,7 +635,7 @@ eval_generate(Term, _P, _Bs0, _Lf, _Ef, _CompFun, _Acc) ->
     erlang:raise(error, {bad_generator,Term}, stacktrace()).
 
 eval_b_generate(<<_/bitstring>>=Bin, P, Bs0, Lf, Ef, CompFun, Acc) ->
-    Mfun = fun(L, R, Bs) -> match1(L, R, Bs, Bs0) end,
+    Mfun = match_fun(Bs0),
     Efun = fun(Exp, Bs) -> expr(Exp, Bs, Lf, Ef, none) end,
     case eval_bits:bin_gen(P, Bin, new_bindings(), Bs0, Mfun, Efun) of
 	{match, Rest, Bs1} ->
@@ -730,10 +744,10 @@ expr_list([], Vs, _, Bs, _Lf, _Ef) ->
     {reverse(Vs),Bs}.
 
 eval_op(Op, Arg1, Arg2, Bs, Ef, RBs) ->
-    do_apply({erlang,Op}, [Arg1,Arg2], Bs, Ef, RBs).
+    do_apply(erlang, Op, [Arg1,Arg2], Bs, Ef, RBs).
 
 eval_op(Op, Arg, Bs, Ef, RBs) ->
-    do_apply({erlang,Op}, [Arg], Bs, Ef, RBs).
+    do_apply(erlang, Op, [Arg], Bs, Ef, RBs).
 
 %% if_clauses(Clauses, Bindings, LocalFuncHandler, ExtFuncHandler, RBs)
 
@@ -919,8 +933,9 @@ guard0([], _Bs, _Lf, _Ef) -> true.
 
 guard_test({call,L,{atom,Ln,F},As0}, Bs0, Lf, Ef) ->
     TT = type_test(F),
-    guard_test({call,L,{tuple,Ln,[{atom,Ln,erlang},{atom,Ln,TT}]},As0},
-               Bs0, Lf, Ef);
+    G = {call,L,{atom,Ln,TT},As0},
+    try {value,true,_} = expr(G, Bs0, Lf, Ef, none)
+    catch error:_ -> {value,false,Bs0} end;
 guard_test({call,L,{remote,_Lr,{atom,_Lm,erlang},{atom,_Lf,_F}=T},As0}, 
            Bs0, Lf, Ef) ->
     guard_test({call,L,T,As0}, Bs0, Lf, Ef);
@@ -1024,7 +1039,7 @@ match1({tuple,_,_}, _, _Bs, _BBs) ->
     throw(nomatch);
 match1({bin, _, Fs}, <<_/bitstring>>=B, Bs0, BBs) ->
     eval_bits:match_bits(Fs, B, Bs0, BBs,
-			 fun(L, R, Bs) -> match1(L, R, Bs, BBs) end,
+			 match_fun(BBs),
 			 fun(E, Bs) -> expr(E, Bs, none, none, none) end);
 match1({bin,_,_}, _, _Bs, _BBs) ->
     throw(nomatch);
@@ -1053,6 +1068,12 @@ match1({op,Line,Op,L,R}, Term, Bs, BBs) ->
 match1(_, _, _Bs, _BBs) ->
     throw(invalid).
 
+match_fun(BBs) ->
+    fun(match, {L,R,Bs}) -> match1(L, R, Bs, BBs);
+       (binding, {Name,Bs}) -> binding(Name, Bs);
+       (add_binding, {Name,Val,Bs}) -> add_binding(Name, Val, Bs)
+    end.
+
 match_tuple([E|Es], Tuple, I, Bs0, BBs) ->
     {match,Bs} = match1(E, element(I, Tuple), Bs0, BBs),
     match_tuple(Es, Tuple, I+1, Bs, BBs);
diff --git a/lib/stdlib/src/erl_expand_records.erl b/lib/stdlib/src/erl_expand_records.erl
index 20fd247cea..1c69a131f9 100644
--- a/lib/stdlib/src/erl_expand_records.erl
+++ b/lib/stdlib/src/erl_expand_records.erl
@@ -452,8 +452,10 @@ conj([], _E) ->
 conj([{{Name,_Rp},L,R,Sz} | AL], E) ->
     NL = neg_line(L),
     T1 = {op,NL,'orelse',
-          {call,NL,{atom,NL,is_record},[R,{atom,NL,Name},{integer,NL,Sz}]},
-          {atom,NL,fail}},
+          {call,NL,
+	   {remote,NL,{atom,NL,erlang},{atom,NL,is_record}},
+	   [R,{atom,NL,Name},{integer,NL,Sz}]},
+	  {atom,NL,fail}},
     T2 = case conj(AL, none) of
         empty -> T1;
         C -> {op,NL,'and',C,T1}
@@ -581,7 +583,9 @@ strict_get_record_field(Line, R, {atom,_,F}=Index, Name, St0) ->
             ExpRp = erl_lint:modify_line(ExpR, fun(_L) -> 0 end),
             RA = {{Name,ExpRp},Line,ExpR,length(Fs)+1},
             St2 = St1#exprec{strict_ra = [RA | St1#exprec.strict_ra]},
-            {{call,Line,{atom,Line,element},[I,ExpR]},St2}
+            {{call,Line,
+	      {remote,Line,{atom,Line,erlang},{atom,Line,element}},
+	      [I,ExpR]},St2}
     end.
 
 record_pattern(I, I, Var, Sz, Line, Acc) ->
@@ -593,7 +597,9 @@ record_pattern(_, _, _, _, _, Acc) -> reverse(Acc).
 sloppy_get_record_field(Line, R, Index, Name, St) ->
     Fs = record_fields(Name, St),
     I = index_expr(Line, Index, Name, Fs),
-    expr({call,Line,{atom,Line,element},[I,R]}, St).
+    expr({call,Line,
+	  {remote,Line,{atom,Line,erlang},{atom,Line,element}},
+	  [I,R]}, St).
 
 strict_record_tests([strict_record_tests | _]) -> true;
 strict_record_tests([no_strict_record_tests | _]) -> false;
@@ -710,7 +716,8 @@ record_setel(R, Name, Fs, Us0) ->
     {'case',Lr,R,
      [{clause,Lr,[{tuple,Lr,[{atom,Lr,Name} | Wildcards]}],[],
        [foldr(fun ({I,Lf,Val}, Acc) ->
-                      {call,Lf,{atom,Lf,setelement},[I,Acc,Val]} end,
+                      {call,Lf,{remote,Lf,{atom,Lf,erlang},
+				{atom,Lf,setelement}},[I,Acc,Val]} end,
               R, Us)]},
       {clause,NLr,[{var,NLr,'_'}],[],
        [call_error(NLr, {tuple,NLr,[{atom,NLr,badrecord},{atom,NLr,Name}]})]}]}.
diff --git a/lib/stdlib/src/erl_internal.erl b/lib/stdlib/src/erl_internal.erl
index 3073fc0fb5..cd3b531d10 100644
--- a/lib/stdlib/src/erl_internal.erl
+++ b/lib/stdlib/src/erl_internal.erl
@@ -264,7 +264,6 @@ bif(bitstring_to_list, 1) -> true;
 bif(byte_size, 1) -> true;
 bif(check_old_code, 1) -> true;
 bif(check_process_code, 2) -> true;
-bif(concat_binary, 1) -> true;
 bif(date, 0) -> true;
 bif(delete_module, 1) -> true;
 bif(demonitor, 1) -> true;
@@ -406,7 +405,6 @@ old_bif(bit_size, 1) -> true;
 old_bif(bitstring_to_list, 1) -> true;
 old_bif(byte_size, 1) -> true;
 old_bif(check_process_code, 2) -> true;
-old_bif(concat_binary, 1) -> true;
 old_bif(date, 0) -> true;
 old_bif(delete_module, 1) -> true;
 old_bif(disconnect_node, 1) -> true;
diff --git a/lib/stdlib/src/erl_lint.erl b/lib/stdlib/src/erl_lint.erl
index dd0b9bc2ab..cfbcf54d95 100644
--- a/lib/stdlib/src/erl_lint.erl
+++ b/lib/stdlib/src/erl_lint.erl
@@ -123,6 +123,7 @@ value_option(Flag, Default, On, OnVal, Off, OffVal, Opts) ->
                called= [] :: [{fa(),line()}],		%Called functions
                usage = #usage{}		:: #usage{},
 	       specs = dict:new()	:: dict(),	%Type specifications
+	       callbacks = dict:new()   :: dict(),      %Callback types
 	       types = dict:new()	:: dict(),	%Type definitions
 	       exp_types=gb_sets:empty():: gb_set()	%Exported types
               }).
@@ -310,8 +311,6 @@ format_error({conflicting_behaviours,{Name,Arity},B,FirstL,FirstB}) ->
 format_error({undefined_behaviour_func, {Func,Arity}, Behaviour}) ->
     io_lib:format("undefined callback function ~w/~w (behaviour '~w')",
 		  [Func,Arity,Behaviour]);
-format_error({undefined_behaviour_func, {Func,Arity,_Spec}, Behaviour}) ->
-    format_error({undefined_behaviour_func, {Func,Arity}, Behaviour});
 format_error({undefined_behaviour,Behaviour}) ->
     io_lib:format("behaviour ~w undefined", [Behaviour]);
 format_error({undefined_behaviour_callbacks,Behaviour}) ->
@@ -320,6 +319,9 @@ format_error({undefined_behaviour_callbacks,Behaviour}) ->
 format_error({ill_defined_behaviour_callbacks,Behaviour}) ->
     io_lib:format("behaviour ~w callback functions erroneously defined",
 		  [Behaviour]);
+format_error({behaviour_info, {_M,F,A}}) ->
+    io_lib:format("cannot define callback attibute for ~w/~w when "
+                  "behaviour_info is defined",[F,A]);
 %% --- types and specs ---
 format_error({singleton_typevar, Name}) ->
     io_lib:format("type variable ~w is only used once (is unbound)", [Name]);
@@ -348,12 +350,16 @@ format_error({type_syntax, Constr}) ->
     io_lib:format("bad ~w type", [Constr]);
 format_error({redefine_spec, {M, F, A}}) ->
     io_lib:format("spec for ~w:~w/~w already defined", [M, F, A]);
+format_error({redefine_callback, {M, F, A}}) ->
+    io_lib:format("callback ~w:~w/~w already defined", [M, F, A]);
 format_error({spec_fun_undefined, {M, F, A}}) ->
     io_lib:format("spec for undefined function ~w:~w/~w", [M, F, A]);
 format_error({missing_spec, {F,A}}) ->
     io_lib:format("missing specification for function ~w/~w", [F, A]);
 format_error(spec_wrong_arity) ->
     "spec has the wrong arity";
+format_error(callback_wrong_arity) ->
+    "callback has the wrong arity";
 format_error({imported_predefined_type, Name}) ->
     io_lib:format("referring to built-in type ~w as a remote type; "
 		  "please take out the module name", [Name]);
@@ -747,6 +753,8 @@ attribute_state({attribute,L,opaque,{TypeName,TypeDef,Args}}, St) ->
     type_def(opaque, L, TypeName, TypeDef, Args, St);
 attribute_state({attribute,L,spec,{Fun,Types}}, St) ->
     spec_decl(L, Fun, Types, St);
+attribute_state({attribute,L,callback,{Fun,Types}}, St) ->
+    callback_decl(L, Fun, Types, St);
 attribute_state({attribute,L,on_load,Val}, St) ->
     on_load(L, Val, St);
 attribute_state({attribute,_L,_Other,_Val}, St) -> % Ignore others
@@ -840,7 +848,8 @@ post_traversal_check(Forms, St0) ->
     StB = check_unused_types(Forms, StA),
     StC = check_untyped_records(Forms, StB),
     StD = check_on_load(StC),
-    check_unused_records(Forms, StD).
+    StE = check_unused_records(Forms, StD),
+    check_callback_information(StE).
 
 %% check_behaviour(State0) -> State
 %% Check that the behaviour attribute is valid.
@@ -1139,6 +1148,23 @@ check_unused_records(Forms, St0) ->
             St0
     end.
 
+check_callback_information(#lint{callbacks = Callbacks,
+				 defined = Defined} = State) ->
+    case gb_sets:is_member({behaviour_info,1}, Defined) of
+	false -> State;
+	true ->
+	    case dict:size(Callbacks) of
+		0 -> State;
+		_ ->
+		    CallbacksList = dict:to_list(Callbacks),
+		    FoldL =
+			fun({Fa,Line},St) ->
+				add_error(Line, {behaviour_info, Fa}, St)
+			end,
+		    lists:foldl(FoldL, State, CallbacksList)
+	    end
+    end.
+
 %% For storing the import list we use the orddict module.
 %% We know an empty set is [].
 
@@ -1778,12 +1804,19 @@ guard_test(G, Vt, St0) ->
 %% Specially handle record type test here.
 guard_test2({call,Line,{atom,Lr,record},[E,A]}, Vt, St0) ->
     gexpr({call,Line,{atom,Lr,is_record},[E,A]}, Vt, St0);
-guard_test2({call,_Line,{atom,_La,F},As}=G, Vt, St0) ->
+guard_test2({call,Line,{atom,_La,F},As}=G, Vt, St0) ->
     {Asvt,St1} = gexpr_list(As, Vt, St0),       %Always check this.
     A = length(As),
     case erl_internal:type_test(F, A) of
-        true when F =/= is_record -> {Asvt,St1};
-        _ -> gexpr(G, Vt, St0)
+        true when F =/= is_record, A =/= 2 ->
+	    case no_guard_bif_clash(St1, {F,A}) of
+		false ->
+		    {Asvt,add_error(Line, {illegal_guard_local_call,{F,A}}, St1)};
+		true ->
+		    {Asvt,St1}
+	    end;
+	_ ->
+	    gexpr(G, Vt, St0)
     end;
 guard_test2(G, Vt, St) ->
     %% Everything else is a guard expression.
@@ -1839,9 +1872,15 @@ gexpr({call,Line,{atom,_Lr,is_record},[E,R]}, Vt, St0) ->
 gexpr({call,Line,{remote,_Lr,{atom,_Lm,erlang},{atom,Lf,is_record}},[E,A]},
       Vt, St0) ->
     gexpr({call,Line,{atom,Lf,is_record},[E,A]}, Vt, St0);
-gexpr({call,_Line,{atom,_Lr,is_record},[E,{atom,_,_Name},{integer,_,_}]},
+gexpr({call,Line,{atom,_Lr,is_record},[E0,{atom,_,_Name},{integer,_,_}]},
       Vt, St0) ->
-    gexpr(E, Vt, St0);
+    {E,St1} = gexpr(E0, Vt, St0),
+    case no_guard_bif_clash(St0, {is_record,3}) of
+	true ->
+	    {E,St1};
+	false ->
+	    {E,add_error(Line, {illegal_guard_local_call,{is_record,3}}, St1)}
+    end;
 gexpr({call,Line,{atom,_Lr,is_record},[_,_,_]=Asvt0}, Vt, St0) ->
     {Asvt,St1} = gexpr_list(Asvt0, Vt, St0),
     {Asvt,add_error(Line, illegal_guard_expr, St1)};
@@ -2101,8 +2140,13 @@ expr({'fun',Line,Body}, Vt, St) ->
                 true -> {[],St};
                 false -> {[],call_function(Line, F, A, St)}
             end;
-	{function,_M,_F,_A} ->
-	    {[],St}
+	{function,M,F,A} when is_atom(M), is_atom(F), is_integer(A) ->
+	    %% Compatibility with pre-R15 abstract format.
+	    {[],St};
+	{function,M,F,A} ->
+	    %% New in R15.
+	    {Bvt, St1} = expr_list([M,F,A], Vt, St),
+	    {vtupdate(Bvt, Vt),St1}
     end;
 expr({call,_Line,{atom,_Lr,is_record},[E,{atom,Ln,Name}]}, Vt, St0) ->
     {Rvt,St1} = expr(E, Vt, St0),
@@ -2736,12 +2780,6 @@ default_types() ->
 		{var, 1}],
     dict:from_list([{T, -1} || T <- DefTypes]).
 
-%% R12B-5
-is_newly_introduced_builtin_type({module, 0}) -> true;
-is_newly_introduced_builtin_type({node, 0}) -> true;
-is_newly_introduced_builtin_type({nonempty_string, 0}) -> true;
-is_newly_introduced_builtin_type({term, 0}) -> true;
-is_newly_introduced_builtin_type({timeout, 0}) -> true;
 %% R13
 is_newly_introduced_builtin_type({arity, 0}) -> true;
 is_newly_introduced_builtin_type({array, 0}) -> true; % opaque
@@ -2770,6 +2808,20 @@ spec_decl(Line, MFA0, TypeSpecs, St0 = #lint{specs = Specs, module = Mod}) ->
 	false -> check_specs(TypeSpecs, Arity, St1)
     end.
 
+%% callback_decl(Line, Fun, Types, State) -> State.
+
+callback_decl(Line, MFA0, TypeSpecs,
+	      St0 = #lint{callbacks = Callbacks, module = Mod}) ->
+    MFA = case MFA0 of
+	      {F, Arity} -> {Mod, F, Arity};
+	      {_M, _F, Arity} -> MFA0
+	  end,
+    St1 = St0#lint{callbacks = dict:store(MFA, Line, Callbacks)},
+    case dict:is_key(MFA, Callbacks) of
+	true -> add_error(Line, {redefine_callback, MFA}, St1);
+	false -> check_specs(TypeSpecs, Arity, St1)
+    end.
+
 check_specs([FunType|Left], Arity, St0) ->
     {FunType1, CTypes} =
 	case FunType of
@@ -3275,6 +3327,8 @@ modify_line1({attribute,L,record,{Name,Fields}}, Mf) ->
     {attribute,Mf(L),record,{Name,modify_line1(Fields, Mf)}};
 modify_line1({attribute,L,spec,{Fun,Types}}, Mf) ->
     {attribute,Mf(L),spec,{Fun,modify_line1(Types, Mf)}};
+modify_line1({attribute,L,callback,{Fun,Types}}, Mf) ->
+    {attribute,Mf(L),callback,{Fun,modify_line1(Types, Mf)}};
 modify_line1({attribute,L,type,{TypeName,TypeDef,Args}}, Mf) ->
     {attribute,Mf(L),type,{TypeName,modify_line1(TypeDef, Mf),
 			   modify_line1(Args, Mf)}};
diff --git a/lib/stdlib/src/erl_parse.yrl b/lib/stdlib/src/erl_parse.yrl
index bd5d65a1e1..928c10f7f2 100644
--- a/lib/stdlib/src/erl_parse.yrl
+++ b/lib/stdlib/src/erl_parse.yrl
@@ -35,7 +35,7 @@ tuple
 %struct
 record_expr record_tuple record_field record_fields
 if_expr if_clause if_clauses case_expr cr_clause cr_clauses receive_expr
-fun_expr fun_clause fun_clauses
+fun_expr fun_clause fun_clauses atom_or_var integer_or_var
 try_expr try_catch try_clause try_clauses query_expr
 function_call argument_list
 exprs guard
@@ -62,7 +62,7 @@ char integer float atom string var
 '==' '/=' '=<' '<' '>=' '>' '=:=' '=/=' '<='
 '<<' '>>'
 '!' '=' '::' '..' '...'
-'spec' % helper
+'spec' 'callback' % helper
 dot.
 
 Expect 2.
@@ -77,6 +77,7 @@ attribute -> '-' atom attr_val               : build_attribute('$2', '$3').
 attribute -> '-' atom typed_attr_val         : build_typed_attribute('$2','$3').
 attribute -> '-' atom '(' typed_attr_val ')' : build_typed_attribute('$2','$4').
 attribute -> '-' 'spec' type_spec            : build_type_spec('$2', '$3').
+attribute -> '-' 'callback' type_spec        : build_type_spec('$2', '$3').
 
 type_spec -> spec_fun type_sigs : {'$1', '$2'}.
 type_spec -> '(' spec_fun type_sigs ')' : {'$2', '$3'}.
@@ -394,11 +395,17 @@ receive_expr -> 'receive' cr_clauses 'after' expr clause_body 'end' :
 
 fun_expr -> 'fun' atom '/' integer :
 	{'fun',?line('$1'),{function,element(3, '$2'),element(3, '$4')}}.
-fun_expr -> 'fun' atom ':' atom '/' integer :
-	{'fun',?line('$1'),{function,element(3, '$2'),element(3, '$4'),element(3,'$6')}}.
+fun_expr -> 'fun' atom_or_var ':' atom_or_var '/' integer_or_var :
+	{'fun',?line('$1'),{function,'$2','$4','$6'}}.
 fun_expr -> 'fun' fun_clauses 'end' :
 	build_fun(?line('$1'), '$2').
 
+atom_or_var -> atom : '$1'.
+atom_or_var -> var : '$1'.
+
+integer_or_var -> integer : '$1'.
+integer_or_var -> var : '$1'.
+
 fun_clauses -> fun_clause : ['$1'].
 fun_clauses -> fun_clause ';' fun_clauses : ['$1' | '$3'].
 
@@ -549,6 +556,8 @@ Erlang code.
       ErrorInfo :: error_info().
 parse_form([{'-',L1},{atom,L2,spec}|Tokens]) ->
     parse([{'-',L1},{'spec',L2}|Tokens]);
+parse_form([{'-',L1},{atom,L2,callback}|Tokens]) ->
+    parse([{'-',L1},{'callback',L2}|Tokens]);
 parse_form(Tokens) ->
     parse(Tokens).
 
@@ -603,7 +612,8 @@ build_typed_attribute({atom,La,Attr},_) ->
         _      -> ret_err(La, "bad attribute")
     end.
 
-build_type_spec({spec,La}, {SpecFun, TypeSpecs}) ->
+build_type_spec({Kind,La}, {SpecFun, TypeSpecs})
+  when (Kind =:= spec) or (Kind =:= callback) ->
     NewSpecFun =
 	case SpecFun of
 	    {atom, _, Fun} ->
@@ -617,7 +627,7 @@ build_type_spec({spec,La}, {SpecFun, TypeSpecs}) ->
 		%% Old style spec. Allow this for now.
 		{Mod,Fun,Arity}
 	    end,
-    {attribute,La,spec,{NewSpecFun, TypeSpecs}}.
+    {attribute,La,Kind,{NewSpecFun, TypeSpecs}}.
 
 find_arity_from_specs([Spec|_]) ->
     %% Use the first spec to find the arity. If all are not the same,
diff --git a/lib/stdlib/src/erl_pp.erl b/lib/stdlib/src/erl_pp.erl
index 7dc19f2e9b..6b5aa951cf 100644
--- a/lib/stdlib/src/erl_pp.erl
+++ b/lib/stdlib/src/erl_pp.erl
@@ -457,8 +457,16 @@ lexpr({'fun',_,{function,F,A}}, _Prec, _Hook) ->
     leaf(format("fun ~w/~w", [F,A]));
 lexpr({'fun',_,{function,F,A},Extra}, _Prec, _Hook) ->
     {force_nl,fun_info(Extra),leaf(format("fun ~w/~w", [F,A]))};
-lexpr({'fun',_,{function,M,F,A}}, _Prec, _Hook) ->
+lexpr({'fun',_,{function,M,F,A}}, _Prec, _Hook)
+  when is_atom(M), is_atom(F), is_integer(A) ->
+    %% For backward compatibility with pre-R15 abstract format.
     leaf(format("fun ~w:~w/~w", [M,F,A]));
+lexpr({'fun',_,{function,M,F,A}}, _Prec, Hook) ->
+    %% New format in R15.
+    NameItem = lexpr(M, Hook),
+    CallItem = lexpr(F, Hook),
+    ArityItem = lexpr(A, Hook),
+    ["fun ",NameItem,$:,CallItem,$/,ArityItem];
 lexpr({'fun',_,{clauses,Cs}}, _Prec, Hook) ->
     {list,[{first,'fun',fun_clauses(Cs, Hook)},'end']};
 lexpr({'fun',_,{clauses,Cs},Extra}, _Prec, Hook) ->
diff --git a/lib/stdlib/src/error_logger_file_h.erl b/lib/stdlib/src/error_logger_file_h.erl
index ee4f0b3a51..08f1873803 100644
--- a/lib/stdlib/src/error_logger_file_h.erl
+++ b/lib/stdlib/src/error_logger_file_h.erl
@@ -104,7 +104,7 @@ code_change(_OldVsn, State, _Extra) ->
 %%% ------------------------------------------------------
 
 tag_event(Event) ->    
-    {erlang:localtime(), Event}.
+    {erlang:universaltime(), Event}.
 
 write_events(Fd, Events) -> write_events1(Fd, lists:reverse(Events)).
 
@@ -169,23 +169,18 @@ write_event(_, _) ->
 
 maybe_utc(Time) ->
     UTC = case application:get_env(sasl, utc_log) of
-              {ok, Val} ->
-                  Val;
+              {ok, Val} -> Val;
               undefined ->
                   %% Backwards compatible:
                   case application:get_env(stdlib, utc_log) of
-                      {ok, Val} ->
-                          Val;
-                      undefined ->
-                          false
+                      {ok, Val} -> Val;
+                      undefined -> false
                   end
           end,
-    if
-        UTC =:= true ->
-            {utc, calendar:local_time_to_universal_time(Time)};
-        true -> 
-            Time
-    end.
+    maybe_utc(Time, UTC).
+
+maybe_utc(Time, true) -> {utc, Time};
+maybe_utc(Time, _) -> {local, calendar:universal_time_to_local_time(Time)}.
 
 format_report(Rep) when is_list(Rep) ->
     case string_p(Rep) of
@@ -238,7 +233,7 @@ write_time(Time) -> write_time(Time, "ERROR REPORT").
 write_time({utc,{{Y,Mo,D},{H,Mi,S}}}, Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s UTC ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]);
-write_time({{Y,Mo,D},{H,Mi,S}}, Type) ->
+write_time({local, {{Y,Mo,D},{H,Mi,S}}}, Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]).
 
diff --git a/lib/stdlib/src/error_logger_tty_h.erl b/lib/stdlib/src/error_logger_tty_h.erl
index 435e57aa0e..48e069a407 100644
--- a/lib/stdlib/src/error_logger_tty_h.erl
+++ b/lib/stdlib/src/error_logger_tty_h.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -34,10 +34,12 @@
 	 handle_event/2, handle_call/2, handle_info/2,
 	 terminate/2, code_change/3]).
 
+-export([write_event/2]).
+
 %% This one is used when we takeover from the simple error_logger.
 init({[], {error_logger, Buf}}) ->
     User = set_group_leader(),
-    write_events(Buf),
+    write_events(Buf,io),
     {ok, {User, error_logger}};
 %% This one is used if someone took over from us, and now wants to
 %% go back.
@@ -52,7 +54,7 @@ init([]) ->
 handle_event({_Type, GL, _Msg}, State) when node(GL) =/= node() ->
     {ok, State};
 handle_event(Event, State) ->
-    write_event(tag_event(Event)),
+    write_event(tag_event(Event),io),
     {ok, State}.
 
 handle_info({'EXIT', User, _Reason}, {User, PrevHandler}) ->
@@ -64,10 +66,10 @@ handle_info({'EXIT', User, _Reason}, {User, PrevHandler}) ->
 	     PrevHandler, go_back}
     end;
 handle_info({emulator, GL, Chars}, State) when node(GL) == node() ->
-    write_event(tag_event({emulator, GL, Chars})),
+    write_event(tag_event({emulator, GL, Chars}),io),
     {ok, State};
 handle_info({emulator, noproc, Chars}, State) ->
-    write_event(tag_event({emulator, noproc, Chars})),
+    write_event(tag_event({emulator, noproc, Chars}),io),
     {ok, State};
 handle_info(_, State) ->
     {ok, State}.
@@ -95,91 +97,87 @@ set_group_leader() ->
     end.
 
 tag_event(Event) ->    
-    {erlang:localtime(), Event}.
+    {erlang:universaltime(), Event}.
 
-write_events(Events) -> write_events1(lists:reverse(Events)).
+write_events(Events,IOMod) -> write_events1(lists:reverse(Events),IOMod).
 
-write_events1([Event|Es]) ->
-    write_event(Event),
-    write_events1(Es);
-write_events1([]) ->
+write_events1([Event|Es],IOMod) ->
+    write_event(Event,IOMod),
+    write_events1(Es,IOMod);
+write_events1([],_IOMod) ->
     ok.
 
-write_event({Time, {error, _GL, {Pid, Format, Args}}}) ->
+write_event({Time, {error, _GL, {Pid, Format, Args}}},IOMod) ->
     T = write_time(maybe_utc(Time)),
     case catch io_lib:format(add_node(Format,Pid), Args) of
 	S when is_list(S) ->
-	    format(T ++ S);
+	    format(IOMod, T ++ S);
 	_ ->
 	    F = add_node("ERROR: ~p - ~p~n", Pid),
-	    format(T ++ F, [Format,Args])
+	    format(IOMod, T ++ F, [Format,Args])
     end;
-write_event({Time, {emulator, _GL, Chars}}) ->
+write_event({Time, {emulator, _GL, Chars}},IOMod) ->
     T = write_time(maybe_utc(Time)),
     case catch io_lib:format(Chars, []) of
 	S when is_list(S) ->
-	    format(T ++ S);
+	    format(IOMod, T ++ S);
 	_ ->
-	    format(T ++ "ERROR: ~p ~n", [Chars])
+	    format(IOMod, T ++ "ERROR: ~p ~n", [Chars])
     end;
-write_event({Time, {info, _GL, {Pid, Info, _}}}) ->
+write_event({Time, {info, _GL, {Pid, Info, _}}},IOMod) ->
     T = write_time(maybe_utc(Time)),
-    format(T ++ add_node("~p~n",Pid),[Info]);
-write_event({Time, {error_report, _GL, {Pid, std_error, Rep}}}) ->
+    format(IOMod, T ++ add_node("~p~n",Pid),[Info]);
+write_event({Time, {error_report, _GL, {Pid, std_error, Rep}}},IOMod) ->
     T = write_time(maybe_utc(Time)),
     S = format_report(Rep),
-    format(T ++ S ++ add_node("", Pid));
-write_event({Time, {info_report, _GL, {Pid, std_info, Rep}}}) ->
+    format(IOMod, T ++ S ++ add_node("", Pid));
+write_event({Time, {info_report, _GL, {Pid, std_info, Rep}}},IOMod) ->
     T = write_time(maybe_utc(Time), "INFO REPORT"),
     S = format_report(Rep),
-    format(T ++ S ++ add_node("", Pid));
-write_event({Time, {info_msg, _GL, {Pid, Format, Args}}}) ->
+    format(IOMod, T ++ S ++ add_node("", Pid));
+write_event({Time, {info_msg, _GL, {Pid, Format, Args}}},IOMod) ->
     T = write_time(maybe_utc(Time), "INFO REPORT"),
     case catch io_lib:format(add_node(Format,Pid), Args) of
 	S when is_list(S) ->
-	    format(T ++ S);
+	    format(IOMod, T ++ S);
 	_ ->
 	    F = add_node("ERROR: ~p - ~p~n", Pid),
-	    format(T ++ F, [Format,Args])
+	    format(IOMod, T ++ F, [Format,Args])
     end;
-write_event({Time, {warning_report, _GL, {Pid, std_warning, Rep}}}) ->
+write_event({Time, {warning_report, _GL, {Pid, std_warning, Rep}}},IOMod) ->
     T = write_time(maybe_utc(Time), "WARNING REPORT"),
     S = format_report(Rep),
-    format(T ++ S ++ add_node("", Pid));
-write_event({Time, {warning_msg, _GL, {Pid, Format, Args}}}) ->
+    format(IOMod, T ++ S ++ add_node("", Pid));
+write_event({Time, {warning_msg, _GL, {Pid, Format, Args}}},IOMod) ->
     T = write_time(maybe_utc(Time), "WARNING REPORT"),
     case catch io_lib:format(add_node(Format,Pid), Args) of
 	S when is_list(S) ->
-	    format(T ++ S);
+	    format(IOMod, T ++ S);
 	_ ->
 	    F = add_node("ERROR: ~p - ~p~n", Pid),
-	    format(T ++ F, [Format,Args])
+	    format(IOMod, T ++ F, [Format,Args])
     end;
-write_event({_Time, _Error}) ->
+write_event({_Time, _Error},_IOMod) ->
     ok.
 
 maybe_utc(Time) ->
     UTC = case application:get_env(sasl, utc_log) of
-              {ok, Val} ->
-                  Val;
+              {ok, Val} -> Val;
               undefined ->
                   %% Backwards compatible:
                   case application:get_env(stdlib, utc_log) of
-                      {ok, Val} ->
-                          Val;
-                      undefined ->
-                          false
+                      {ok, Val} -> Val;
+                      undefined -> false
                   end
           end,
-    if
-        UTC =:= true ->
-            {utc, calendar:local_time_to_universal_time(Time)};
-        true -> 
-            Time
-    end.
+    maybe_utc(Time, UTC).
+
+maybe_utc(Time, true) -> {utc, Time};
+maybe_utc(Time, _) -> {local, calendar:universal_time_to_local_time(Time)}.
 
-format(String)       -> io:format(user, String, []).
-format(String, Args) -> io:format(user, String, Args).
+format(IOMod, String)       -> format(IOMod, String, []).
+format(io_lib, String, Args) -> io_lib:format(String, Args);
+format(io, String, Args) -> io:format(user, String, Args).
 
 format_report(Rep) when is_list(Rep) ->
     case string_p(Rep) of
@@ -231,7 +229,7 @@ write_time(Time) -> write_time(Time, "ERROR REPORT").
 write_time({utc,{{Y,Mo,D},{H,Mi,S}}},Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s UTC ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]);
-write_time({{Y,Mo,D},{H,Mi,S}},Type) ->
+write_time({local, {{Y,Mo,D},{H,Mi,S}}},Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]).
 
diff --git a/lib/stdlib/src/escript.erl b/lib/stdlib/src/escript.erl
index cd1bacd2f5..ad49d89908 100644
--- a/lib/stdlib/src/escript.erl
+++ b/lib/stdlib/src/escript.erl
@@ -866,7 +866,7 @@ hidden_apply(App, M, F, Args) ->
     catch
 	error:undef ->
 	    case erlang:get_stacktrace() of
-		[{M,F,Args} | _] ->
+		[{M,F,Args,_} | _] ->
 		    Arity = length(Args),
 		    Text = io_lib:format("Call to ~w:~w/~w in application ~w failed.\n",
 					 [M, F, Arity, App]),
diff --git a/lib/stdlib/src/eval_bits.erl b/lib/stdlib/src/eval_bits.erl
index 1ffa6ea328..f40904df1c 100644
--- a/lib/stdlib/src/eval_bits.erl
+++ b/lib/stdlib/src/eval_bits.erl
@@ -31,8 +31,9 @@
 %% @type evalfun(). A closure which evaluates an expression given an
 %% environment
 %%
-%% @type matchfun(). A closure which performs a match given a value, a
-%% pattern and an environment
+%% @type matchfun(). A closure which depending on its first argument
+%% can perform a match (given a value, a pattern and an environment),
+%% lookup a variable in the bindings, or add a new binding
 %%
 %% @type field(). Represents a field in a "bin".
 
@@ -144,7 +145,8 @@ eval_exp_field(Val, Size, Unit, binary, _, _) ->
 bin_gen({bin,_,Fs}, Bin, Bs0, BBs0, Mfun, Efun) ->
     bin_gen(Fs, Bin, Bs0, BBs0, Mfun, Efun, true).
 
-bin_gen([F|Fs], Bin, Bs0, BBs0, Mfun, Efun, Flag) ->
+bin_gen([F|Fs], Bin, Bs0, BBs0, Mfun, Efun, Flag)
+  when is_function(Mfun, 2), is_function(Efun, 2) ->
     case bin_gen_field(F, Bin, Bs0, BBs0, Mfun, Efun) of
         {match,Bs,BBs,Rest} ->
             bin_gen(Fs, Rest, Bs, BBs, Mfun, Efun, Flag);
@@ -175,14 +177,14 @@ bin_gen_field({bin_element,Line,VE,Size0,Options0},
     {Size1, [Type,{unit,Unit},Sign,Endian]} = 
         make_bit_type(Line, Size0, Options0),
     V = erl_eval:partial_eval(VE),
-    match_check_size(Size1, BBs0),
+    match_check_size(Mfun, Size1, BBs0),
     {value, Size, _BBs} = Efun(Size1, BBs0),
     case catch get_value(Bin, Type, Size, Unit, Sign, Endian) of
         {Val,<<_/bitstring>>=Rest} ->
             NewV = coerce_to_float(V, Type),
-            case catch Mfun(NewV, Val, Bs0) of
+            case catch Mfun(match, {NewV,Val,Bs0}) of
                 {match,Bs} ->
-                    BBs = add_bin_binding(NewV, Bs, BBs0),
+                    BBs = add_bin_binding(Mfun, NewV, Bs, BBs0),
                     {match,Bs,BBs,Rest};
                 _ ->
                     {nomatch,Rest}
@@ -205,7 +207,8 @@ bin_gen_field({bin_element,Line,VE,Size0,Options0},
 match_bits(Fs, Bin, Bs0, BBs, Mfun, Efun, _) ->
     match_bits(Fs, Bin, Bs0, BBs, Mfun, Efun).
 
-match_bits(Fs, Bin, Bs0, BBs, Mfun, Efun) ->
+match_bits(Fs, Bin, Bs0, BBs, Mfun, Efun)
+  when is_function(Mfun, 2), is_function(Efun, 2) ->
     case catch match_bits_1(Fs, Bin, Bs0, BBs, Mfun, Efun) of
         {match,Bs} -> {match,Bs};
         invalid -> throw(invalid);
@@ -230,12 +233,12 @@ match_field_1({bin_element,Line,VE,Size0,Options0},
         make_bit_type(Line, Size0, Options0),
     V = erl_eval:partial_eval(VE),
     Size2 = erl_eval:partial_eval(Size1),
-    match_check_size(Size2, BBs0),
+    match_check_size(Mfun, Size2, BBs0),
     {value, Size, _BBs} = Efun(Size2, BBs0),
     {Val,Rest} = get_value(Bin, Type, Size, Unit, Sign, Endian),
     NewV = coerce_to_float(V, Type),
-    {match,Bs} = Mfun(NewV, Val, Bs0),
-    BBs = add_bin_binding(NewV, Bs, BBs0),
+    {match,Bs} = Mfun(match, {NewV,Val,Bs0}),
+    BBs = add_bin_binding(Mfun, NewV, Bs, BBs0),
     {Bs,BBs,Rest}.
 
 %% Almost identical to the one in sys_pre_expand.
@@ -249,12 +252,12 @@ coerce_to_float({integer,L,I}=E, float) ->
 coerce_to_float(E, _Type) -> 
     E.
 
-add_bin_binding({var,_,'_'}, _Bs, BBs) ->
+add_bin_binding(_, {var,_,'_'}, _Bs, BBs) ->
     BBs;
-add_bin_binding({var,_,Name}, Bs, BBs) ->
-    {value,Value} = erl_eval:binding(Name, Bs),
-    erl_eval:add_binding(Name, Value, BBs);
-add_bin_binding(_, _Bs, BBs) ->
+add_bin_binding(Mfun, {var,_,Name}, Bs, BBs) ->
+    {value,Value} = Mfun(binding, {Name,Bs}),
+    Mfun(add_binding, {Name,Value,BBs});
+add_bin_binding(_, _, _Bs, BBs) ->
     BBs.
 
 get_value(Bin, integer, Size, Unit, Sign, Endian) ->
@@ -327,20 +330,20 @@ make_bit_type(_Line, Size, Type0) -> %Size evaluates to an integer or 'all'
         {error,Reason} -> error(Reason)
     end.
 
-match_check_size({var,_,V}, Bs) -> 
-    case erl_eval:binding(V, Bs) of
+match_check_size(Mfun, {var,_,V}, Bs) ->
+    case Mfun(binding, {V,Bs}) of
         {value,_} -> ok;
 	unbound -> throw(invalid) % or, rather, error({unbound,V})
     end;
-match_check_size({atom,_,all}, _Bs) ->
+match_check_size(_, {atom,_,all}, _Bs) ->
     ok;
-match_check_size({atom,_,undefined}, _Bs) ->
+match_check_size(_, {atom,_,undefined}, _Bs) ->
     ok;
-match_check_size({integer,_,_}, _Bs) ->
+match_check_size(_, {integer,_,_}, _Bs) ->
     ok;
-match_check_size({value,_,_}, _Bs) ->
+match_check_size(_, {value,_,_}, _Bs) ->
     ok;	%From the debugger.
-match_check_size(_, _Bs) -> 
+match_check_size(_, _, _Bs) ->
     throw(invalid).
 
 %% error(Reason) -> exception thrown
diff --git a/lib/stdlib/src/filename.erl b/lib/stdlib/src/filename.erl
index 1cb9e4a25e..dbfcbea4f7 100644
--- a/lib/stdlib/src/filename.erl
+++ b/lib/stdlib/src/filename.erl
@@ -147,9 +147,10 @@ basename(Name) when is_binary(Name) ->
     end;
     
 basename(Name0) ->
-    Name = flatten(Name0),
+    Name1 = flatten(Name0),
     {DirSep2, DrvSep} = separators(),
-    basename1(skip_prefix(Name, DrvSep), [], DirSep2).
+    Name = skip_prefix(Name1, DrvSep),
+    basename1(Name, Name, DirSep2).
 
 win_basenameb(<<Letter,$:,Rest/binary>>) when ?IS_DRIVELETTER(Letter) ->
     basenameb(Rest,[<<"/">>,<<"\\">>]);
@@ -167,16 +168,18 @@ basenameb(Bin,Sep) ->
     
 
 
-basename1([$/|[]], Tail, DirSep2) ->
-    basename1([], Tail, DirSep2);
+basename1([$/], Tail0, _DirSep2) ->
+    %% End of filename -- must get rid of trailing directory separator.
+    [_|Tail] = lists:reverse(Tail0),
+    lists:reverse(Tail);
 basename1([$/|Rest], _Tail, DirSep2) ->
-    basename1(Rest, [], DirSep2);
+    basename1(Rest, Rest, DirSep2);
 basename1([DirSep2|Rest], Tail, DirSep2) when is_integer(DirSep2) ->
     basename1([$/|Rest], Tail, DirSep2);
 basename1([Char|Rest], Tail, DirSep2) when is_integer(Char) ->
-    basename1(Rest, [Char|Tail], DirSep2);
+    basename1(Rest, Tail, DirSep2);
 basename1([], Tail, _DirSep2) ->
-    lists:reverse(Tail).
+    Tail.
 
 skip_prefix(Name, false) ->
     Name;
@@ -369,8 +372,8 @@ extension(Name0) ->
     Name = flatten(Name0),
     extension(Name, [], major_os_type()).
 
-extension([$.|Rest], _Result, OsType) ->
-    extension(Rest, [$.], OsType);
+extension([$.|Rest]=Result, _Result, OsType) ->
+    extension(Rest, Result, OsType);
 extension([Char|Rest], [], OsType) when is_integer(Char) ->
     extension(Rest, [], OsType);
 extension([$/|Rest], _Result, OsType) ->
@@ -378,9 +381,9 @@ extension([$/|Rest], _Result, OsType) ->
 extension([$\\|Rest], _Result, win32) ->
     extension(Rest, [], win32);
 extension([Char|Rest], Result, OsType) when is_integer(Char) ->
-    extension(Rest, [Char|Result], OsType);
+    extension(Rest, Result, OsType);
 extension([], Result, _OsType) ->
-    lists:reverse(Result).
+    Result.
 
 %% Joins a list of filenames with directory separators.
 
@@ -833,16 +836,18 @@ try_file(undefined, ObjFilename, Mod, Rules) ->
 	Error -> Error
     end;
 try_file(Src, _ObjFilename, Mod, _Rules) ->
-    List = Mod:module_info(compile),
-    {options, Options} = lists:keyfind(options, 1, List),
+    List = case Mod:module_info(compile) of
+	       none -> [];
+	       List0 -> List0
+	   end,
+    Options = proplists:get_value(options, List, []),
     {ok, Cwd} = file:get_cwd(),
     AbsPath = make_abs_path(Cwd, Src),
     {AbsPath, filter_options(dirname(AbsPath), Options, [])}.
 
 %% Filters the options.
 %%
-%% 1) Remove options that have no effect on the generated code,
-%%    such as report and verbose.
+%% 1) Only keep options that have any effect on code generation.
 %%
 %% 2) The paths found in {i, Path} and {outdir, Path} are converted
 %%    to absolute paths.  When doing this, it is assumed that relatives
@@ -854,14 +859,10 @@ filter_options(Base, [{outdir, Path}|Rest], Result) ->
     filter_options(Base, Rest, [{outdir, make_abs_path(Base, Path)}|Result]);
 filter_options(Base, [{i, Path}|Rest], Result) ->
     filter_options(Base, Rest, [{i, make_abs_path(Base, Path)}|Result]);
-filter_options(Base, [Option|Rest], Result) when Option =:= trace ->
-    filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Option|Rest], Result) when Option =:= export_all ->
     filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Option|Rest], Result) when Option =:= binary ->
     filter_options(Base, Rest, [Option|Result]);
-filter_options(Base, [Option|Rest], Result) when Option =:= fast ->
-    filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Tuple|Rest], Result) when element(1, Tuple) =:= d ->
     filter_options(Base, Rest, [Tuple|Result]);
 filter_options(Base, [Tuple|Rest], Result)
@@ -875,12 +876,7 @@ filter_options(_Base, [], Result) ->
 %% Gets the source file given path of object code and module name.
 
 get_source_file(Obj, Mod, Rules) ->
-    case catch Mod:module_info(source_file) of
-	{'EXIT', _Reason} ->
-	    source_by_rules(dirname(Obj), packages:last(Mod), Rules);
-	File ->
-	    {ok, File}
-    end.
+    source_by_rules(dirname(Obj), packages:last(Mod), Rules).
 
 source_by_rules(Dir, Base, [{From, To}|Rest]) ->
     case try_rule(Dir, Base, From, To) of
diff --git a/lib/stdlib/src/gen.erl b/lib/stdlib/src/gen.erl
index 574146b1cd..5d803091b6 100644
--- a/lib/stdlib/src/gen.erl
+++ b/lib/stdlib/src/gen.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -273,7 +273,7 @@ reply({To, Tag}, Reply) ->
 %%%-----------------------------------------------------------------
 %%%  Misc. functions.
 %%%-----------------------------------------------------------------
-where({global, Name}) -> global:safe_whereis_name(Name);
+where({global, Name}) -> global:whereis_name(Name);
 where({local, Name})  -> whereis(Name).
 
 name_register({local, Name} = LN) ->
diff --git a/lib/stdlib/src/gen_event.erl b/lib/stdlib/src/gen_event.erl
index 1c4a73680b..3317b30e5c 100644
--- a/lib/stdlib/src/gen_event.erl
+++ b/lib/stdlib/src/gen_event.erl
@@ -36,8 +36,6 @@
 	 add_handler/3, add_sup_handler/3, delete_handler/3, swap_handler/3,
 	 swap_sup_handler/3, which_handlers/1, call/3, call/4, wake_hib/4]).
 
--export([behaviour_info/1]).
-
 -export([init_it/6,
 	 system_continue/3,
 	 system_terminate/4,
@@ -60,14 +58,6 @@
 %%%  API
 %%%=========================================================================
 
--spec behaviour_info(atom()) -> 'undefined' | [{atom(), arity()}].
-
-behaviour_info(callbacks) ->
-    [{init,1},{handle_event,2},{handle_call,2},{handle_info,2},
-     {terminate,2},{code_change,3}];
-behaviour_info(_Other) ->
-    undefined.
-
 %% gen_event:start(Handler) -> {ok, Pid} | {error, What}
 %%   gen_event:add_handler(Handler, Mod, Args) -> ok | Other
 %%      gen_event:notify(Handler, Event) -> ok
@@ -78,41 +68,37 @@ behaviour_info(_Other) ->
 %%   gen_event:which_handler(Handler) -> [Mod]
 %% gen_event:stop(Handler) -> ok 
 
-
-%% handlers must export
-%% Mod:init(Args) -> {ok, State} | Other
-%% Mod:handle_event(Event, State) -> 
-%%    {ok, State'} | remove_handler | {swap_handler,Args1,State1,Mod2,Args2}
-%% Mod:handle_info(Info, State) ->
-%%    {ok, State'} | remove_handler | {swap_handler,Args1,State1,Mod2,Args2}
-%% Mod:handle_call(Query, State) -> 
-%%    {ok, Reply, State'} | {remove_handler, Reply} | 
-%%    {swap_handler, Reply, Args1,State1,Mod2,Args2}
-%% Mod:terminate(Args, State) -> Val
-
-
-%% add_handler(H, Mod, Args) -> ok | Other
-%%    Mod:init(Args) -> {ok, State} | Other
-
-%% delete_handler(H, Mod, Args) -> Val
-%%    Mod:terminate(Args, State) -> Val
-
-%% notify(H, Event) 
-%%    Mod:handle_event(Event, State) ->
-%%         {ok, State1}
-%%         remove_handler
-%%               Mod:terminate(remove_handler, State) is called
-%%               the return value is ignored
-%%         {swap_handler, Args1, State1, Mod2, Args2}
-%%               State2 = Mod:terminate(Args1, State1) is called
-%%               the return value is chained into the new module and
-%%               Mod2:init({Args2, State2}) is called
-%%         Other
-%%               Mod:terminate({error, Other}, State) is called
-%%               The return value is ignored
-%% call(H, Mod, Query) -> Val
-%% call(H, Mod, Query, Timeout) -> Val
-%%      Mod:handle_call(Query, State) -> as above
+-callback init(InitArgs :: term()) ->
+    {ok, State :: term()} |
+    {ok, State :: term(), hibernate} |
+    {error, Reason :: term()}.
+-callback handle_event(Event :: term(), State :: term()) ->
+    {ok, NewState :: term()} |
+    {ok, NewState :: term(), hibernate} |
+    {swap_handler, Args1 :: term(), NewState :: term(),
+     Handler2 :: (atom() | {atom(), Id :: term()}), Args2 :: term()} |
+    remove_handler.
+-callback handle_call(Request :: term(), State :: term()) ->
+    {ok, Reply :: term(), NewState :: term()} |
+    {ok, Reply :: term(), NewState :: term(), hibernate} |
+    {swap_handler, Reply :: term(), Args1 :: term(), NewState :: term(),
+     Handler2 :: (atom() | {atom(), Id :: term()}), Args2 :: term()} |
+    {remove_handler, Reply :: term()}.
+-callback handle_info(Info :: term(), State :: term()) ->
+    {ok, NewState :: term()} |
+    {ok, NewState :: term(), hibernate} |
+    {swap_handler, Args1 :: term(), NewState :: term(),
+     Handler2 :: (atom() | {atom(), Id :: term()}), Args2 :: term()} |
+    remove_handler.
+-callback terminate(Args :: (term() | {stop, Reason :: term()} |
+                             stop | remove_handler |
+                             {error, {'EXIT', Reason :: term()}} |
+                             {error, term()}),
+                    State :: term()) ->
+    term().
+-callback code_change(OldVsn :: (term() | {down, term()}),
+                      State :: term(), Extra :: term()) ->
+    {ok, NewState :: term()}.
 
 %%---------------------------------------------------------------------------
 
@@ -667,16 +653,16 @@ report_error(_Handler, {swapped,_,_}, _, _, _)      -> ok;
 report_error(Handler, Reason, State, LastIn, SName) ->
     Reason1 = 
 	case Reason of
-	    {'EXIT',{undef,[{M,F,A}|MFAs]}} ->
+	    {'EXIT',{undef,[{M,F,A,L}|MFAs]}} ->
 		case code:is_loaded(M) of
 		    false ->
-			{'module could not be loaded',[{M,F,A}|MFAs]};
+			{'module could not be loaded',[{M,F,A,L}|MFAs]};
 		    _ ->
 			case erlang:function_exported(M, F, length(A)) of
 			    true ->
-				{undef,[{M,F,A}|MFAs]};
+				{undef,[{M,F,A,L}|MFAs]};
 			    false ->
-				{'function not exported',[{M,F,A}|MFAs]}
+				{'function not exported',[{M,F,A,L}|MFAs]}
 			end
 		end;
 	    {'EXIT',Why} ->
diff --git a/lib/stdlib/src/gen_fsm.erl b/lib/stdlib/src/gen_fsm.erl
index f2f1365d3d..57734a075c 100644
--- a/lib/stdlib/src/gen_fsm.erl
+++ b/lib/stdlib/src/gen_fsm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -113,8 +113,6 @@
 	 start_timer/2,send_event_after/2,cancel_timer/1,
 	 enter_loop/4, enter_loop/5, enter_loop/6, wake_hib/6]).
 
--export([behaviour_info/1]).
-
 %% Internal exports
 -export([init_it/6,
 	 system_continue/3,
@@ -128,13 +126,38 @@
 %%% Interface functions.
 %%% ---------------------------------------------------
 
--spec behaviour_info(atom()) -> 'undefined' | [{atom(), arity()}].
-
-behaviour_info(callbacks) ->
-    [{init,1},{handle_event,3},{handle_sync_event,4},{handle_info,3},
-     {terminate,3},{code_change,4}];
-behaviour_info(_Other) ->
-    undefined.
+-callback init(Args :: term()) ->
+    {ok, StateName :: atom(), StateData :: term()} |
+    {ok, StateName :: atom(), StateData :: term(), timeout() | hibernate} |
+    {stop, Reason :: term()} | ignore.
+-callback handle_event(Event :: term(), StateName :: atom(),
+                       StateData :: term()) ->
+    {next_state, NextStateName :: atom(), NewStateData :: term()} |
+    {next_state, NextStateName :: atom(), NewStateData :: term(),
+     timeout() | hibernate} |
+    {stop, Reason :: term(), NewStateData :: term()}.
+-callback handle_sync_event(Event :: term(), From :: {pid(), Tag :: term()},
+                            StateName :: atom(), StateData :: term()) ->
+    {reply, Reply :: term(), NextStateName :: atom(), NewStateData :: term()} |
+    {reply, Reply :: term(), NextStateName :: atom(), NewStateData :: term(),
+     timeout() | hibernate} |
+    {next_state, NextStateName :: atom(), NewStateData :: term()} |
+    {next_state, NextStateName :: atom(), NewStateData :: term(),
+     timeout() | hibernate} |
+    {stop, Reason :: term(), Reply :: term(), NewStateData :: term()} |
+    {stop, Reason :: term(), NewStateData :: term()}.
+-callback handle_info(Info :: term(), StateName :: atom(),
+                      StateData :: term()) ->
+    {next_state, NextStateName :: atom(), NewStateData :: term()} |
+    {next_state, NextStateName :: atom(), NewStateData :: term(),
+     timeout() | hibernate} |
+    {stop, Reason :: normal | term(), NewStateData :: term()}.
+-callback terminate(Reason :: normal | shutdown | {shutdown, term()}
+		    | term(), StateName :: atom(), StateData :: term()) ->
+    term().
+-callback code_change(OldVsn :: term() | {down, term()}, StateName :: atom(),
+		      StateData :: term(), Extra :: term()) ->
+    {ok, NextStateName :: atom(), NewStateData :: term()}.
 
 %%% ---------------------------------------------------
 %%% Starts a generic state machine.
@@ -273,7 +296,7 @@ get_proc_name({local, Name}) ->
 	    exit(process_not_registered)
     end;
 get_proc_name({global, Name}) ->
-    case global:safe_whereis_name(Name) of
+    case global:whereis_name(Name) of
 	undefined ->
 	    exit(process_not_registered_globally);
 	Pid when Pid =:= self() ->
@@ -295,7 +318,7 @@ get_parent() ->
 name_to_pid(Name) ->
     case whereis(Name) of
 	undefined ->
-	    case global:safe_whereis_name(Name) of
+	    case global:whereis_name(Name) of
 		undefined ->
 		    exit(could_not_find_registerd_name);
 		Pid ->
@@ -325,12 +348,15 @@ init_it(Starter, Parent, Name0, Mod, Args, Options) ->
 	    proc_lib:init_ack(Starter, {ok, self()}), 	    
 	    loop(Parent, Name, StateName, StateData, Mod, Timeout, Debug);
 	{stop, Reason} ->
+	    unregister_name(Name0),
 	    proc_lib:init_ack(Starter, {error, Reason}),
 	    exit(Reason);
 	ignore ->
+	    unregister_name(Name0),
 	    proc_lib:init_ack(Starter, ignore),
 	    exit(normal);
 	{'EXIT', Reason} ->
+	    unregister_name(Name0),
 	    proc_lib:init_ack(Starter, {error, Reason}),
 	    exit(Reason);
 	Else ->
@@ -343,6 +369,13 @@ name({local,Name}) -> Name;
 name({global,Name}) -> Name;
 name(Pid) when is_pid(Pid) -> Pid.
 
+unregister_name({local,Name}) ->
+    _ = (catch unregister(Name));
+unregister_name({global,Name}) ->
+    _ = global:unregister_name(Name);
+unregister_name(Pid) when is_pid(Pid) ->
+    Pid.
+
 %%-----------------------------------------------------------------
 %% The MAIN loop
 %%-----------------------------------------------------------------
@@ -561,16 +594,16 @@ terminate(Reason, Name, Msg, Mod, StateName, StateData, Debug) ->
 error_info(Reason, Name, Msg, StateName, StateData, Debug) ->
     Reason1 = 
 	case Reason of
-	    {undef,[{M,F,A}|MFAs]} ->
+	    {undef,[{M,F,A,L}|MFAs]} ->
 		case code:is_loaded(M) of
 		    false ->
-			{'module could not be loaded',[{M,F,A}|MFAs]};
+			{'module could not be loaded',[{M,F,A,L}|MFAs]};
 		    _ ->
 			case erlang:function_exported(M, F, length(A)) of
 			    true ->
 				Reason;
 			    false ->
-				{'function not exported',[{M,F,A}|MFAs]}
+				{'function not exported',[{M,F,A,L}|MFAs]}
 			end
 		end;
 	    _ ->
diff --git a/lib/stdlib/src/gen_server.erl b/lib/stdlib/src/gen_server.erl
index 09d94a9c40..af07bc988a 100644
--- a/lib/stdlib/src/gen_server.erl
+++ b/lib/stdlib/src/gen_server.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,8 +94,6 @@
 	 multi_call/2, multi_call/3, multi_call/4,
 	 enter_loop/3, enter_loop/4, enter_loop/5, wake_hib/5]).
 
--export([behaviour_info/1]).
-
 %% System exports
 -export([system_continue/3,
 	 system_terminate/4,
@@ -111,13 +109,32 @@
 %%%  API
 %%%=========================================================================
 
--spec behaviour_info(atom()) -> 'undefined' | [{atom(), arity()}].
-
-behaviour_info(callbacks) ->
-    [{init,1},{handle_call,3},{handle_cast,2},{handle_info,2},
-     {terminate,2},{code_change,3}];
-behaviour_info(_Other) ->
-    undefined.
+-callback init(Args :: term()) ->
+    {ok, State :: term()} | {ok, State :: term(), timeout() | hibernate} |
+    {stop, Reason :: term()} | ignore.
+-callback handle_call(Request :: term(), From :: {pid(), Tag :: term()},
+                      State :: term()) ->
+    {reply, Reply :: term(), NewState :: term()} |
+    {reply, Reply :: term(), NewState :: term(), timeout() | hibernate} |
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), Reply :: term(), NewState :: term()} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_cast(Request :: term(), State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_info(Info :: timeout() | term(), State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback terminate(Reason :: (normal | shutdown | {shutdown, term()} |
+                               term()),
+                    State :: term()) ->
+    term().
+-callback code_change(OldVsn :: (term() | {down, term()}), State :: term(),
+                      Extra :: term()) ->
+    {ok, NewState :: term()} | {error, Reason :: term()}.
 
 %%%  -----------------------------------------------------------------
 %%% Starts a generic server.
@@ -729,16 +746,16 @@ error_info(_Reason, application_controller, _Msg, _State, _Debug) ->
 error_info(Reason, Name, Msg, State, Debug) ->
     Reason1 = 
 	case Reason of
-	    {undef,[{M,F,A}|MFAs]} ->
+	    {undef,[{M,F,A,L}|MFAs]} ->
 		case code:is_loaded(M) of
 		    false ->
-			{'module could not be loaded',[{M,F,A}|MFAs]};
+			{'module could not be loaded',[{M,F,A,L}|MFAs]};
 		    _ ->
 			case erlang:function_exported(M, F, length(A)) of
 			    true ->
 				Reason;
 			    false ->
-				{'function not exported',[{M,F,A}|MFAs]}
+				{'function not exported',[{M,F,A,L}|MFAs]}
 			end
 		end;
 	    _ ->
@@ -803,7 +820,7 @@ get_proc_name({local, Name}) ->
 	    exit(process_not_registered)
     end;    
 get_proc_name({global, Name}) ->
-    case global:safe_whereis_name(Name) of
+    case global:whereis_name(Name) of
 	undefined ->
 	    exit(process_not_registered_globally);
 	Pid when Pid =:= self() ->
@@ -825,7 +842,7 @@ get_parent() ->
 name_to_pid(Name) ->
     case whereis(Name) of
 	undefined ->
-	    case global:safe_whereis_name(Name) of
+	    case global:whereis_name(Name) of
 		undefined ->
 		    exit(could_not_find_registerd_name);
 		Pid ->
diff --git a/lib/stdlib/src/lib.erl b/lib/stdlib/src/lib.erl
index c303ae60b5..314fd60903 100644
--- a/lib/stdlib/src/lib.erl
+++ b/lib/stdlib/src/lib.erl
@@ -173,12 +173,12 @@ format_fun(Fun) when is_function(Fun) ->
 
 analyze_exception(error, Term, Stack) ->
     case {is_stacktrace(Stack), Stack, Term} of
-        {true, [{_M,_F,As}=MFA|MFAs], function_clause} when is_list(As) -> 
-            {Term,[MFA],MFAs};
-        {true, [{shell,F,A}], function_clause} when is_integer(A) ->
+        {true, [{_,_,As,_}=MFAL|MFAs], function_clause} when is_list(As) ->
+            {Term,[MFAL],MFAs};
+        {true, [{shell,F,A,_}], function_clause} when is_integer(A) ->
             {Term, [{F,A}], []};
-        {true, [{_M,_F,_AorAs}=MFA|MFAs], undef} ->
-            {Term,[MFA],MFAs};
+        {true, [{_,_,_,_}=MFAL|MFAs], undef} ->
+            {Term,[MFAL],MFAs};
 	{true, _, _} ->
 	    {Term,[],Stack};
 	{false, _, _} ->
@@ -194,9 +194,11 @@ analyze_exception(_Class, Term, Stack) ->
 
 is_stacktrace([]) ->
     true;
-is_stacktrace([{M,F,A}|Fs]) when is_atom(M), is_atom(F), is_integer(A) ->
+is_stacktrace([{M,F,A,I}|Fs])
+  when is_atom(M), is_atom(F), is_integer(A), is_list(I) ->
     is_stacktrace(Fs);
-is_stacktrace([{M,F,As}|Fs]) when is_atom(M), is_atom(F), length(As) >= 0 ->
+is_stacktrace([{M,F,As,I}|Fs])
+  when is_atom(M), is_atom(F), length(As) >= 0, is_list(I) ->
     is_stacktrace(Fs);
 is_stacktrace(_) ->
     false.
@@ -225,9 +227,9 @@ explain_reason(function_clause, error, [{F,A}], _PF, _S) ->
     %% Shell commands
     FAs = io_lib:fwrite(<<"~w/~w">>, [F, A]),
     [<<"no function clause matching call to ">> | FAs];
-explain_reason(function_clause, error=Cl, [{M,F,As}], PF, S) ->
+explain_reason(function_clause, error=Cl, [{M,F,As,Loc}], PF, S) ->
     Str = <<"no function clause matching ">>,
-    format_errstr_call(Str, Cl, {M,F}, As, PF, S);
+    [format_errstr_call(Str, Cl, {M,F}, As, PF, S),$\s|location(Loc)];
 explain_reason(if_clause, error, [], _PF, _S) ->
     <<"no true branch found when evaluating an if expression">>;
 explain_reason(noproc, error, [], _PF, _S) ->
@@ -242,11 +244,11 @@ explain_reason({try_clause,V}, error=Cl, [], PF, S) ->
     %% "there is no try clause with a true guard sequence and a
     %% pattern matching..."
     format_value(V, <<"no try clause matching ">>, Cl, PF, S);
-explain_reason(undef, error, [{M,F,A}], _PF, _S) ->
+explain_reason(undef, error, [{M,F,A,_}], _PF, _S) ->
     %% Only the arity is displayed, not the arguments, if there are any.
     io_lib:fwrite(<<"undefined function ~s">>, 
                   [mfa_to_string(M, F, n_args(A))]);
-explain_reason({shell_undef,F,A}, error, [], _PF, _S) ->
+explain_reason({shell_undef,F,A,_}, error, [], _PF, _S) ->
     %% Give nicer reports for undefined shell functions
     %% (but not when the user actively calls shell_default:F(...)).
     io_lib:fwrite(<<"undefined shell command ~s/~w">>, [F, n_args(A)]);
@@ -292,17 +294,19 @@ argss(I) ->
     io_lib:fwrite(<<"~w arguments">>, [I]).
 
 format_stacktrace1(S0, Stack0, PF, SF) ->
-    Stack1 = lists:dropwhile(fun({M,F,A}) -> SF(M, F, A)
+    Stack1 = lists:dropwhile(fun({M,F,A,_}) -> SF(M, F, A)
                              end, lists:reverse(Stack0)),
     S = ["  " | S0],
     Stack = lists:reverse(Stack1),
     format_stacktrace2(S, Stack, 1, PF).
 
-format_stacktrace2(S, [{M,F,A}|Fs], N, PF) when is_integer(A) ->
-    [io_lib:fwrite(<<"~s~s ~s">>, 
-                   [sep(N, S), origin(N, M, F, A), mfa_to_string(M, F, A)])
+format_stacktrace2(S, [{M,F,A,L}|Fs], N, PF) when is_integer(A) ->
+    [io_lib:fwrite(<<"~s~s ~s ~s">>,
+                   [sep(N, S), origin(N, M, F, A),
+		    mfa_to_string(M, F, A),
+		    location(L)])
      | format_stacktrace2(S, Fs, N + 1, PF)];
-format_stacktrace2(S, [{M,F,As}|Fs], N, PF) when is_list(As) ->
+format_stacktrace2(S, [{M,F,As,_}|Fs], N, PF) when is_list(As) ->
     A = length(As),
     CalledAs = [S,<<"   called as ">>],
     C = format_call("", CalledAs, {M,F}, As, PF),
@@ -313,6 +317,16 @@ format_stacktrace2(S, [{M,F,As}|Fs], N, PF) when is_list(As) ->
 format_stacktrace2(_S, [], _N, _PF) ->
     "".
 
+location(L) ->
+    File = proplists:get_value(file, L),
+    Line = proplists:get_value(line, L),
+    if
+	File =/= undefined, Line =/= undefined ->
+	    io_lib:format("(~s, line ~w)", [File, Line]);
+	true ->
+	    ""
+    end.
+
 sep(1, S) -> S;
 sep(_, S) -> [$\n | S].
 
diff --git a/lib/stdlib/src/lists.erl b/lib/stdlib/src/lists.erl
index bba46e4cb6..e73c087753 100644
--- a/lib/stdlib/src/lists.erl
+++ b/lib/stdlib/src/lists.erl
@@ -628,9 +628,10 @@ keydelete3(_, _, []) -> [].
 -spec keyreplace(Key, N, TupleList1, NewTuple) -> TupleList2 when
       Key :: term(),
       N :: pos_integer(),
-      TupleList1 :: [tuple()],
-      TupleList2 :: [tuple()],
-      NewTuple :: tuple().
+      TupleList1 :: [Tuple],
+      TupleList2 :: [Tuple],
+      NewTuple :: Tuple,
+      Tuple :: tuple().
 
 keyreplace(K, N, L, New) when is_integer(N), N > 0, is_tuple(New) ->
     keyreplace3(K, N, L, New).
@@ -660,9 +661,10 @@ keytake(_K, _N, [], _L) -> false.
 -spec keystore(Key, N, TupleList1, NewTuple) -> TupleList2 when
       Key :: term(),
       N :: pos_integer(),
-      TupleList1 :: [tuple()],
-      TupleList2 :: [tuple(), ...],
-      NewTuple :: tuple().
+      TupleList1 :: [Tuple],
+      TupleList2 :: [Tuple, ...],
+      NewTuple :: Tuple,
+      Tuple :: tuple().
 
 keystore(K, N, L, New) when is_integer(N), N > 0, is_tuple(New) ->
     keystore2(K, N, L, New).
@@ -740,8 +742,9 @@ keysort_1(_I, X, _EX, [], R) ->
       TupleList1 :: [T1],
       TupleList2 :: [T2],
       TupleList3 :: [(T1 | T2)],
-      T1 :: tuple(),
-      T2 :: tuple().
+      T1 :: Tuple,
+      T2 :: Tuple,
+      Tuple :: tuple().
 
 keymerge(Index, T1, L2) when is_integer(Index), Index > 0 -> 
     case L2 of
@@ -842,8 +845,9 @@ ukeysort_1(_I, X, _EX, []) ->
       TupleList1 :: [T1],
       TupleList2 :: [T2],
       TupleList3 :: [(T1 | T2)],
-      T1 :: tuple(),
-      T2 :: tuple().
+      T1 :: Tuple,
+      T2 :: Tuple,
+      Tuple :: tuple().
 
 ukeymerge(Index, L1, T2) when is_integer(Index), Index > 0 ->
     case L1 of
@@ -873,8 +877,9 @@ rukeymerge(Index, T1, L2) when is_integer(Index), Index > 0 ->
 -spec keymap(Fun, N, TupleList1) -> TupleList2 when
       Fun :: fun((Term1 :: term()) -> Term2 :: term()),
       N :: pos_integer(),
-      TupleList1 :: [tuple()],
-      TupleList2 :: [tuple()].
+      TupleList1 :: [Tuple],
+      TupleList2 :: [Tuple],
+      Tuple :: tuple().
 
 keymap(Fun, Index, [Tup|Tail]) ->
    [setelement(Index, Tup, Fun(element(Index, Tup)))|keymap(Fun, Index, Tail)];
diff --git a/lib/stdlib/src/ms_transform.erl b/lib/stdlib/src/ms_transform.erl
index 48e22e53fa..63b397f3a5 100644
--- a/lib/stdlib/src/ms_transform.erl
+++ b/lib/stdlib/src/ms_transform.erl
@@ -333,17 +333,18 @@ form({function,Line,Name0,Arity0,Clauses0}) ->
 form(AnyOther) ->
     AnyOther.
 function(Name, Arity, Clauses0) ->
-    {Clauses1,_} = clauses(Clauses0,gb_sets:new()),
+    Clauses1 = clauses(Clauses0),
     {Name,Arity,Clauses1}.
-clauses([C0|Cs],Bound) ->
-    {C1,Bound1} = clause(C0,Bound),
-    {C2,Bound2} = clauses(Cs,Bound1),
-    {[C1|C2],Bound2};
-clauses([],Bound) -> {[],Bound}.
+clauses([C0|Cs]) ->
+    C1 = clause(C0,gb_sets:new()),
+    C2 = clauses(Cs),
+    [C1|C2];
+clauses([]) -> [].
+
 clause({clause,Line,H0,G0,B0},Bound) ->
     {H1,Bound1} = copy(H0,Bound),
-    {B1,Bound2} = copy(B0,Bound1),
-    {{clause,Line,H1,G0,B1},Bound2}.
+    {B1,_Bound2} = copy(B0,Bound1),
+    {clause,Line,H1,G0,B1}.
 
 copy({call,Line,{remote,_Line2,{atom,_Line3,ets},{atom,_Line4,fun2ms}},
       As0},Bound) ->
diff --git a/lib/stdlib/src/otp_internal.erl b/lib/stdlib/src/otp_internal.erl
index 5129ba5074..7bacc05ff2 100644
--- a/lib/stdlib/src/otp_internal.erl
+++ b/lib/stdlib/src/otp_internal.erl
@@ -41,37 +41,12 @@ obsolete(Module, Name, Arity) ->
 	    no
     end.
 
-obsolete_1(init, get_flag, 1) ->
-    {removed, {init, get_argument, 1}, "R12B"};
-obsolete_1(init, get_flags, 0) ->
-    {removed, {init, get_arguments, 0}, "R12B"};
-obsolete_1(init, get_args, 0) ->
-    {removed, {init, get_plain_arguments, 0}, "R12B"};
-obsolete_1(unix, cmd, 1) ->
-    {removed, {os,cmd,1}, "R9B"};
-
 obsolete_1(net, _, _) ->
     {deprecated, "module 'net' obsolete; use 'net_adm'"};
 
 obsolete_1(erl_internal, builtins, 0) ->
     {deprecated, {erl_internal, bif, 2}};
 
-obsolete_1(string, re_sh_to_awk, 1) ->
-    {removed, {regexp, sh_to_awk, 1}, "R12B"};
-obsolete_1(string, re_parse, 1) ->
-    {removed, {regexp, parse, 1}, "R12B"};
-obsolete_1(string, re_match, 2) ->
-    {removed, {regexp, match, 2}, "R12B"};
-obsolete_1(string, re_sub, 3) ->
-    {removed, {regexp, sub, 3}, "R12B"};
-obsolete_1(string, re_gsub, 3) ->
-    {removed, {regexp, gsub, 3}, "R12B"};
-obsolete_1(string, re_split, 2) ->
-    {removed, {regexp, split, 2}, "R12B"};
-
-obsolete_1(string, index, 2) ->
-    {removed, {string, str, 2}, "R12B"};
-
 obsolete_1(erl_eval, seq, 2) ->
     {deprecated, {erl_eval, exprs, 2}};
 obsolete_1(erl_eval, seq, 3) ->
@@ -81,99 +56,9 @@ obsolete_1(erl_eval, arg_list, 2) ->
 obsolete_1(erl_eval, arg_list, 3) ->
     {deprecated, {erl_eval, expr_list, 3}};
 
-obsolete_1(erl_pp, seq, 1) ->
-    {removed, {erl_pp, exprs, 1}, "R12B"};
-obsolete_1(erl_pp, seq, 2) ->
-    {removed, {erl_pp, exprs, 2}, "R12B"};
-
-obsolete_1(io, scan_erl_seq, 1) ->
-    {removed, {io, scan_erl_exprs, 1}, "R12B"};
-obsolete_1(io, scan_erl_seq, 2) ->
-    {removed, {io, scan_erl_exprs, 2}, "R12B"};
-obsolete_1(io, scan_erl_seq, 3) ->
-    {removed, {io, scan_erl_exprs, 3}, "R12B"};
-obsolete_1(io, parse_erl_seq, 1) ->
-    {removed, {io, parse_erl_exprs, 1}, "R12B"};
-obsolete_1(io, parse_erl_seq, 2) ->
-    {removed, {io, parse_erl_exprs, 2}, "R12B"};
-obsolete_1(io, parse_erl_seq, 3) ->
-    {removed, {io, parse_erl_exprs, 3}, "R12B"};
-obsolete_1(io, parse_exprs, 2) ->
-    {removed, {io, parse_erl_exprs, 2}, "R12B"};
-
-obsolete_1(io_lib, scan, 1) ->
-    {removed, {erl_scan, string, 1}, "R12B"};
-obsolete_1(io_lib, scan, 2) ->
-    {removed, {erl_scan, string, 2}, "R12B"};
-obsolete_1(io_lib, scan, 3) ->
-    {removed, {erl_scan, tokens, 3}, "R12B"};
-obsolete_1(io_lib, reserved_word, 1) ->
-    {removed, {erl_scan, reserved_word, 1}, "R12B"};
-
-obsolete_1(lists, keymap, 4) ->
-    {removed, {lists, keymap, 3}, "R12B"};
-obsolete_1(lists, all, 3) ->
-    {removed, {lists, all, 2}, "R12B"};
-obsolete_1(lists, any, 3) ->
-    {removed, {lists, any, 2}, "R12B"};
-obsolete_1(lists, map, 3) ->
-    {removed, {lists, map, 2}, "R12B"};
-obsolete_1(lists, flatmap, 3) ->
-    {removed, {lists, flatmap, 2}, "R12B"};
-obsolete_1(lists, foldl, 4) ->
-    {removed, {lists, foldl, 3}, "R12B"};
-obsolete_1(lists, foldr, 4) ->
-    {removed, {lists, foldr, 3}, "R12B"};
-obsolete_1(lists, mapfoldl, 4) ->
-    {removed, {lists, mapfoldl, 3}, "R12B"};
-obsolete_1(lists, mapfoldr, 4) ->
-    {removed, {lists, mapfoldr, 3}, "R12B"};
-obsolete_1(lists, filter, 3) ->
-    {removed, {lists, filter, 2}, "R12B"};
-obsolete_1(lists, foreach, 3) ->
-    {removed, {lists, foreach, 2}, "R12B"};
-obsolete_1(lists, zf, 3) ->
-    {removed, {lists, zf, 2}, "R12B"};
-
-obsolete_1(ets, fixtable, 2) ->
-    {removed, {ets, safe_fixtable, 2}, "R12B"};
-
-obsolete_1(erlang, old_binary_to_term, 1) ->
-    {removed, {erlang, binary_to_term, 1}, "R12B"};
-obsolete_1(erlang, info, 1) ->
-    {removed, {erlang, system_info, 1}, "R12B"};
 obsolete_1(erlang, hash, 2) ->
     {deprecated, {erlang, phash2, 2}};
 
-obsolete_1(file, file_info, 1) ->
-    {removed, {file, read_file_info, 1}, "R12B"};
-
-obsolete_1(dict, dict_to_list, 1) ->
-    {removed, {dict,to_list,1}, "R12B"};
-obsolete_1(dict, list_to_dict, 1) ->
-    {removed, {dict,from_list,1}, "R12B"};
-obsolete_1(orddict, dict_to_list, 1) ->
-    {removed, {orddict,to_list,1}, "R12B"};
-obsolete_1(orddict, list_to_dict, 1) ->
-    {removed, {orddict,from_list,1}, "R12B"};
-
-obsolete_1(sets, new_set, 0) ->
-    {removed, {sets, new, 0}, "R12B"};
-obsolete_1(sets, set_to_list, 1) ->
-    {removed, {sets, to_list, 1}, "R12B"};
-obsolete_1(sets, list_to_set, 1) ->
-    {removed, {sets, from_list, 1}, "R12B"};
-obsolete_1(sets, subset, 2) ->
-    {removed, {sets, is_subset, 2}, "R12B"};
-obsolete_1(ordsets, new_set, 0) ->
-    {removed, {ordsets, new, 0}, "R12B"};
-obsolete_1(ordsets, set_to_list, 1) ->
-    {removed, {ordsets, to_list, 1}, "R12B"};
-obsolete_1(ordsets, list_to_set, 1) ->
-    {removed, {ordsets, from_list, 1}, "R12B"};
-obsolete_1(ordsets, subset, 2) ->
-    {removed, {ordsets, is_subset, 2}, "R12B"};
-
 obsolete_1(calendar, local_time_to_universal_time, 1) ->
     {deprecated, {calendar, local_time_to_universal_time_dst, 1}};
 
@@ -302,17 +187,6 @@ obsolete_1(auth, node_cookie, 1) ->
 obsolete_1(auth, node_cookie, 2) ->
     {deprecated, "Deprecated; use erlang:set_cookie/2 and net_adm:ping/1 instead"};
 
-%% Added in R11B-5.
-obsolete_1(http_base_64, _, _) ->
-    {removed, "The http_base_64 module was removed in R12B; use the base64 module instead"};
-obsolete_1(httpd_util, encode_base64, 1) ->
-    {removed, "Removed in R12B; use one of the encode functions in the base64 module instead"};
-obsolete_1(httpd_util, decode_base64, 1) ->
-    {removed, "Removed in R12B; use one of the decode functions in the base64 module instead"};
-obsolete_1(httpd_util, to_upper, 1) ->
-    {removed, {string, to_upper, 1}, "R12B"};
-obsolete_1(httpd_util, to_lower, 1) ->
-    {removed, {string, to_lower, 1}, "R12B"};
 obsolete_1(erlang, is_constant, 1) ->
     {removed, "Removed in R13B"};
 
@@ -330,22 +204,22 @@ obsolete_1(erlang, fault, 2) ->
 obsolete_1(file, rawopen, 2) ->
     {removed, "deprecated (will be removed in R13B); use file:open/2 with the raw option"};
 
-obsolete_1(http, request, 1) 	      -> {deprecated,{httpc,request,1},"R15B"};
-obsolete_1(http, request, 2) 	      -> {deprecated,{httpc,request,2},"R15B"};
-obsolete_1(http, request, 4) 	      -> {deprecated,{httpc,request,4},"R15B"};
-obsolete_1(http, request, 5) 	      -> {deprecated,{httpc,request,5},"R15B"};
-obsolete_1(http, cancel_request, 1)   -> {deprecated,{httpc,cancel_request,1},"R15B"};
-obsolete_1(http, cancel_request, 2)   -> {deprecated,{httpc,cancel_request,2},"R15B"};
-obsolete_1(http, set_option, 2)       -> {deprecated,{httpc,set_option,2},"R15B"};
-obsolete_1(http, set_option, 3)       -> {deprecated,{httpc,set_option,3},"R15B"};
-obsolete_1(http, set_options, 1)      -> {deprecated,{httpc,set_options,1},"R15B"};
-obsolete_1(http, set_options, 2)      -> {deprecated,{httpc,set_options,2},"R15B"};
-obsolete_1(http, verify_cookies, 2)   -> {deprecated,{httpc,verify_cookies,2},"R15B"};
-obsolete_1(http, verify_cookies, 3)   -> {deprecated,{httpc,verify_cookies,3},"R15B"};
-obsolete_1(http, cookie_header, 1)    -> {deprecated,{httpc,cookie_header,1},"R15B"};
-obsolete_1(http, cookie_header, 2)    -> {deprecated,{httpc,cookie_header,2},"R15B"};
-obsolete_1(http, stream_next, 1)      -> {deprecated,{httpc,stream_next,1},"R15B"};
-obsolete_1(http, default_profile, 0)  -> {deprecated,{httpc,default_profile,0},"R15B"};
+obsolete_1(http, request, 1) 	      -> {removed,{httpc,request,1},"R15B"};
+obsolete_1(http, request, 2) 	      -> {removed,{httpc,request,2},"R15B"};
+obsolete_1(http, request, 4) 	      -> {removed,{httpc,request,4},"R15B"};
+obsolete_1(http, request, 5) 	      -> {removed,{httpc,request,5},"R15B"};
+obsolete_1(http, cancel_request, 1)   -> {removed,{httpc,cancel_request,1},"R15B"};
+obsolete_1(http, cancel_request, 2)   -> {removed,{httpc,cancel_request,2},"R15B"};
+obsolete_1(http, set_option, 2)       -> {removed,{httpc,set_option,2},"R15B"};
+obsolete_1(http, set_option, 3)       -> {removed,{httpc,set_option,3},"R15B"};
+obsolete_1(http, set_options, 1)      -> {removed,{httpc,set_options,1},"R15B"};
+obsolete_1(http, set_options, 2)      -> {removed,{httpc,set_options,2},"R15B"};
+obsolete_1(http, verify_cookies, 2)   -> {removed,{httpc,store_cookies,2},"R15B"};
+obsolete_1(http, verify_cookies, 3)   -> {removed,{httpc,store_cookies,3},"R15B"};
+obsolete_1(http, cookie_header, 1)    -> {removed,{httpc,cookie_header,1},"R15B"};
+obsolete_1(http, cookie_header, 2)    -> {removed,{httpc,cookie_header,2},"R15B"};
+obsolete_1(http, stream_next, 1)      -> {removed,{httpc,stream_next,1},"R15B"};
+obsolete_1(http, default_profile, 0)  -> {removed,{httpc,default_profile,0},"R15B"};
 
 obsolete_1(httpd, start, 0) 	      -> {removed,{inets,start,[2,3]},"R14B"};
 obsolete_1(httpd, start, 1) 	      -> {removed,{inets,start,[2,3]},"R14B"};
@@ -431,7 +305,7 @@ obsolete_1(ssh_sshd, stop, 1) ->
 
 %% Added in R13A.
 obsolete_1(regexp, _, _) ->
-    {deprecated, "the regexp module is deprecated (will be removed in R15A); use the re module instead"};
+    {removed, "removed in R15; use the re module instead"};
 
 obsolete_1(lists, flat_length, 1) ->
     {removed,{lists,flatlength,1},"R14"};
@@ -449,7 +323,7 @@ obsolete_1(ssl_pkix, decode_cert, A) when A =:= 1; A =:= 2 ->
 
 %% Added in R13B04.
 obsolete_1(erlang, concat_binary, 1) ->
-    {deprecated,{erlang,list_to_binary,1},"R15B"};
+    {removed,{erlang,list_to_binary,1},"R15B"};
 
 %% Added in R14A.
 obsolete_1(ssl, peercert, 2) ->
@@ -469,6 +343,13 @@ obsolete_1(docb_transform, _, _) ->
 obsolete_1(docb_xml_check, _, _) ->
     {deprecated,"the DocBuilder application is deprecated (will be removed in R15B)"};
 
+%% Added in R15B
+obsolete_1(asn1rt, F, _) when F == load_driver; F == unload_driver ->
+    {deprecated,"deprecated (will be removed in R16A); has no effect as drivers are no longer used."};
+obsolete_1(ssl, pid, 1) ->
+    {deprecated,"deprecated (will be removed in R17); is no longer needed"};
+obsolete_1(inviso, _, _) ->
+    {deprecated,"the inviso application has been deprecated and will be removed in R16"};
 obsolete_1(_, _, _) ->
     no.
 
diff --git a/lib/stdlib/src/qlc.erl b/lib/stdlib/src/qlc.erl
index 5ca04ff023..2b691e6abf 100644
--- a/lib/stdlib/src/qlc.erl
+++ b/lib/stdlib/src/qlc.erl
@@ -123,7 +123,7 @@
 
 -record(setup, {parent}).
 
--define(THROWN_ERROR, {?MODULE, throw_error, _}).
+-define(THROWN_ERROR, {?MODULE, throw_error, _, _}).
 
 -export_type([query_handle/0]).
 
@@ -1272,7 +1272,10 @@ abstr_term(Fun, Line) when is_function(Fun) ->
             case erlang:fun_info(Fun, type) of
                 {type, external} ->
                     {module, Module} = erlang:fun_info(Fun, module),
-                    {'fun', Line, {function,Module,Name,Arity}};
+                    {'fun', Line, {function,
+				   {atom,Line,Module},
+				   {atom,Line,Name},
+				   {integer,Line,Arity}}};
                 {type, local} ->
                     {'fun', Line, {function,Name,Arity}}
             end
@@ -3701,7 +3704,8 @@ lookup_join(F1, C1, LuF, C2, Rev) ->
 maybe_error_logger(allowed, _) ->
     ok;
 maybe_error_logger(Name, Why) ->
-    [_, _, {?MODULE,maybe_error_logger,_} | Stacktrace] = expand_stacktrace(),
+    [_, _, {?MODULE,maybe_error_logger,_,_} | Stacktrace] =
+	expand_stacktrace(),
     Trimmer = fun(M, _F, _A) -> M =:= erl_eval end,
     Formater = fun(Term, I) -> io_lib:print(Term, I, 80, -1) end,
     X = lib:format_stacktrace(1, Stacktrace, Trimmer, Formater),
@@ -3720,7 +3724,7 @@ expand_stacktrace() ->
 expand_stacktrace(D) ->
     _ = erlang:system_flag(backtrace_depth, D),
     {'EXIT', {foo, Stacktrace}} = (catch erlang:error(foo)),
-    L = lists:takewhile(fun({M,_,_}) -> M =/= ?MODULE 
+    L = lists:takewhile(fun({M,_,_,_}) -> M =/= ?MODULE
                         end, lists:reverse(Stacktrace)),
     if
         length(L) < 3 andalso length(Stacktrace) =:= D ->
diff --git a/lib/stdlib/src/random.erl b/lib/stdlib/src/random.erl
index dbb524cc74..d7b51a151c 100644
--- a/lib/stdlib/src/random.erl
+++ b/lib/stdlib/src/random.erl
@@ -26,6 +26,10 @@
 -export([seed/0, seed/1, seed/3, uniform/0, uniform/1,
 	 uniform_s/1, uniform_s/2, seed0/0]).
 
+-define(PRIME1, 30269).
+-define(PRIME2, 30307).
+-define(PRIME3, 30323).
+
 %%-----------------------------------------------------------------------
 %% The type of the state
 
@@ -44,7 +48,11 @@ seed0() ->
 -spec seed() -> ran().
 
 seed() ->
-    reseed(seed0()).
+    case seed_put(seed0()) of
+	undefined -> seed0();
+	{_,_,_} = Tuple -> Tuple
+    end.	
+
 
 %% seed({A1, A2, A3}) 
 %%  Seed random number generation 
@@ -66,17 +74,15 @@ seed({A1, A2, A3}) ->
       A3 :: integer().
 
 seed(A1, A2, A3) ->
-    put(random_seed, 
-	{abs(A1) rem 30269, abs(A2) rem 30307, abs(A3) rem 30323}).
+    seed_put({(abs(A1) rem (?PRIME1-1)) + 1,   % Avoid seed numbers that are
+	      (abs(A2) rem (?PRIME2-1)) + 1,   % even divisors of the
+	      (abs(A3) rem (?PRIME3-1)) + 1}). % corresponding primes.
 
 
--spec reseed(ran()) -> ran().
-
-reseed({A1, A2, A3}) ->
-    case seed(A1, A2, A3) of
-	undefined -> seed0();
-	{_,_,_} = Tuple -> Tuple
-    end.	
+-spec seed_put(ran()) -> 'undefined' | ran().
+     
+seed_put(Seed) ->
+    put(random_seed, Seed).
 
 %% uniform()
 %%  Returns a random float between 0 and 1.
@@ -88,11 +94,11 @@ uniform() ->
 		       undefined -> seed0();
 		       Tuple -> Tuple
 		   end,
-    B1 = (A1*171) rem 30269,
-    B2 = (A2*172) rem 30307,
-    B3 = (A3*170) rem 30323,
+    B1 = (A1*171) rem ?PRIME1,
+    B2 = (A2*172) rem ?PRIME2,
+    B3 = (A3*170) rem ?PRIME3,
     put(random_seed, {B1,B2,B3}),
-    R = A1/30269 + A2/30307 + A3/30323,
+    R = B1/?PRIME1 + B2/?PRIME2 + B3/?PRIME3,
     R - trunc(R).
 
 %% uniform(N) -> I
@@ -116,10 +122,10 @@ uniform(N) when is_integer(N), N >= 1 ->
       State1 :: ran().
 
 uniform_s({A1, A2, A3}) ->
-    B1 = (A1*171) rem 30269,
-    B2 = (A2*172) rem 30307,
-    B3 = (A3*170) rem 30323,
-    R = A1/30269 + A2/30307 + A3/30323,
+    B1 = (A1*171) rem ?PRIME1,
+    B2 = (A2*172) rem ?PRIME2,
+    B3 = (A3*170) rem ?PRIME3,
+    R = B1/?PRIME1 + B2/?PRIME2 + B3/?PRIME3,
     {R - trunc(R), {B1,B2,B3}}.
 
 %% uniform_s(N, State) -> {I, NewState}
diff --git a/lib/stdlib/src/re.erl b/lib/stdlib/src/re.erl
index e08258a535..246d535943 100644
--- a/lib/stdlib/src/re.erl
+++ b/lib/stdlib/src/re.erl
@@ -48,7 +48,7 @@ split(Subject,RE) ->
       Subject :: iodata() | unicode:charlist(),
       RE :: mp() | iodata() | unicode:charlist(),
       Options :: [ Option ],
-      Option :: anchored | global | notbol | noteol | notempty
+      Option :: anchored | notbol | noteol | notempty
               | {offset, non_neg_integer()} | {newline, nl_spec()}
               | bsr_anycrlf | bsr_unicode | {return, ReturnType}
               | {parts, NumParts} | group | trim | CompileOpt,
@@ -573,10 +573,10 @@ ucompile(RE,Options) ->
 	re:compile(unicode:characters_to_binary(RE,unicode),Options)
     catch
 	error:AnyError ->
-	    {'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+	    {'EXIT',{new_stacktrace,[{Mod,_,L,Loc}|Rest]}} =
 		(catch erlang:error(new_stacktrace,
 				    [RE,Options])),
-	    erlang:raise(error,AnyError,[{Mod,compile,L}|Rest])
+	    erlang:raise(error,AnyError,[{Mod,compile,L,Loc}|Rest])
     end.
 	
 
@@ -585,10 +585,10 @@ urun(Subject,RE,Options) ->
 	urun2(Subject,RE,Options)
     catch
 	error:AnyError ->
-	    {'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+	    {'EXIT',{new_stacktrace,[{Mod,_,L,Loc}|Rest]}} =
 		(catch erlang:error(new_stacktrace,
 				    [Subject,RE,Options])),
-	    erlang:raise(error,AnyError,[{Mod,run,L}|Rest])
+	    erlang:raise(error,AnyError,[{Mod,run,L,Loc}|Rest])
     end.
 
 urun2(Subject0,RE0,Options0) ->
@@ -625,20 +625,20 @@ grun(Subject,RE,{Options,NeedClean}) ->
 	grun2(Subject,RE,{Options,NeedClean})
     catch
 	error:AnyError ->
-	    {'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+	    {'EXIT',{new_stacktrace,[{Mod,_,L,Loc}|Rest]}} =
 		(catch erlang:error(new_stacktrace,
 				    [Subject,RE,Options])),
-	    erlang:raise(error,AnyError,[{Mod,run,L}|Rest])
+	    erlang:raise(error,AnyError,[{Mod,run,L,Loc}|Rest])
     end;
 grun(Subject,RE,{Options,NeedClean,OrigRE}) ->
     try
 	grun2(Subject,RE,{Options,NeedClean})
     catch
 	error:AnyError ->
-	    {'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+	    {'EXIT',{new_stacktrace,[{Mod,_,L,Loc}|Rest]}} =
 		(catch erlang:error(new_stacktrace,
 				    [Subject,OrigRE,Options])),
-	    erlang:raise(error,AnyError,[{Mod,run,L}|Rest])
+	    erlang:raise(error,AnyError,[{Mod,run,L,Loc}|Rest])
     end.
 
 grun2(Subject,RE,{Options,NeedClean}) ->
diff --git a/lib/stdlib/src/regexp.erl b/lib/stdlib/src/regexp.erl
deleted file mode 100644
index 65f9ca247d..0000000000
--- a/lib/stdlib/src/regexp.erl
+++ /dev/null
@@ -1,557 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(regexp).
-
-%% This entire module is deprecated and will be removed in a future
-%% release. Use the 're' module instead.
-%%
-%% This module provides a basic set of regular expression functions
-%% for strings. The functions provided are taken from AWK.
-%%
-%% Note that we interpret the syntax tree of a regular expression
-%% directly instead of converting it to an NFA and then interpreting
-%% that. This method seems to go significantly faster.
-
--export([sh_to_awk/1,parse/1,format_error/1,match/2,first_match/2,matches/2]).
--export([sub/3,gsub/3,split/2]).
-
--deprecated([sh_to_awk/1,parse/1,format_error/1,match/2,first_match/2,matches/2]).
--deprecated([sub/3,gsub/3,split/2]).
-
--import(string, [substr/2,substr/3]).
--import(lists, [reverse/1]).
-
--type errordesc() :: term().
--opaque regexp() :: term().
-
-%% -type matchres() = {match,Start,Length} | nomatch | {error,E}.
-%% -type subres() = {ok,RepString,RepCount} | {error,E}.
-%% -type splitres() = {ok,[SubString]} | {error,E}.
-
-%%-compile([export_all]).
-
-%% This is the regular expression grammar used. It is equivalent to the
-%% one used in AWK, except that we allow ^ $ to be used anywhere and fail
-%% in the matching.
-%%
-%% reg -> reg1 : '$1'.
-%% reg1 -> reg1 "|" reg2 : {'or','$1','$2'}.
-%% reg1 -> reg2 : '$1'.
-%% reg2 -> reg2 reg3 : {concat,'$1','$2'}.
-%% reg2 -> reg3 : '$1'.
-%% reg3 -> reg3 "*" : {kclosure,'$1'}.
-%% reg3 -> reg3 "+" : {pclosure,'$1'}.
-%% reg3 -> reg3 "?" : {optional,'$1'}.
-%% reg3 -> reg4 : '$1'.
-%% reg4 -> "(" reg ")" : '$2'.
-%% reg4 -> "\\" char : '$2'.
-%% reg4 -> "^" : bos.
-%% reg4 -> "$" : eos.
-%% reg4 -> "." : char.
-%% reg4 -> "[" class "]" : {char_class,char_class('$2')}
-%% reg4 -> "[" "^" class "]" : {comp_class,char_class('$3')}
-%% reg4 -> "\"" chars "\"" : char_string('$2')
-%% reg4 -> char : '$1'.
-%% reg4 -> empty : epsilon.
-%%  The grammar of the current regular expressions. The actual parser
-%%  is a recursive descent implementation of the grammar.
-
-reg(S) -> reg1(S).
-
-%% reg1 -> reg2 reg1'
-%% reg1' -> "|" reg2
-%% reg1' -> empty
-
-reg1(S0) ->
-    {L,S1} = reg2(S0),
-    reg1p(S1, L).
-
-reg1p([$||S0], L) ->
-    {R,S1} = reg2(S0),
-    reg1p(S1, {'or',L,R});
-reg1p(S, L) -> {L,S}.
-
-%% reg2 -> reg3 reg2'
-%% reg2' -> reg3
-%% reg2' -> empty
-
-reg2(S0) ->
-    {L,S1} = reg3(S0),
-    reg2p(S1, L).
-
-reg2p([C|S0], L) when C =/= $|, C =/= $) ->
-    {R,S1} = reg3([C|S0]),
-    reg2p(S1, {concat,L,R});
-reg2p(S, L) -> {L,S}.
-
-%% reg3 -> reg4 reg3'
-%% reg3' -> "*" reg3'
-%% reg3' -> "+" reg3'
-%% reg3' -> "?" reg3'
-%% reg3' -> empty
-
-reg3(S0) ->
-    {L,S1} = reg4(S0),
-    reg3p(S1, L).
-
-reg3p([$*|S], L) -> reg3p(S, {kclosure,L});
-reg3p([$+|S], L) -> reg3p(S, {pclosure,L});
-reg3p([$?|S], L) -> reg3p(S, {optional,L});
-reg3p(S, L) -> {L,S}.
-
--define(HEX(C), C >= $0 andalso C =< $9 orelse 
-                C >= $A andalso C =< $F orelse 
-                C >= $a andalso C =< $f).
-
-reg4([$(|S0]) ->
-    case reg(S0) of
-	{R,[$)|S1]} -> {R,S1};
-	{_R,_S} -> throw({error,{unterminated,"("}})
-    end;
-reg4([$\\,O1,O2,O3|S]) when
-  O1 >= $0, O1 =< $7, O2 >= $0, O2 =< $7, O3 >= $0, O3 =< $7 ->
-    {(O1*8 + O2)*8 + O3 - 73*$0,S};
-reg4([$\\,$x,H1,H2|S]) when ?HEX(H1), ?HEX(H2) ->
-    {erlang:list_to_integer([H1,H2], 16),S};
-reg4([$\\,$x,${|S]) ->
-    hex(S, []);
-reg4([$\\,$x|_]) ->
-    throw({error,{illegal,[$x]}});
-reg4([$\\,C|S]) -> {escape_char(C),S};
-reg4([$\\]) -> throw({error,{unterminated,"\\"}});
-reg4([$^|S]) -> {bos,S};
-reg4([$$|S]) -> {eos,S};
-reg4([$.|S]) -> {{comp_class,"\n"},S};
-reg4("[^" ++ S0) ->
-    case char_class(S0) of
-	{Cc,[$]|S1]} -> {{comp_class,Cc},S1};
-	{_Cc,_S} -> throw({error,{unterminated,"["}})
-    end;
-reg4([$[|S0]) ->
-    case char_class(S0) of
-	{Cc,[$]|S1]} -> {{char_class,Cc},S1};
-	{_Cc,_S1} -> throw({error,{unterminated,"["}})
-    end;
-%reg4([$"|S0]) ->
-%    case char_string(S0) of
-%	{St,[$"|S1]} -> {St,S1};
-%	{St,S1} -> throw({error,{unterminated,"\""}})
-%    end;
-reg4([C|S]) when C =/= $*, C =/= $+, C =/= $?, C =/= $] -> {C,S};
-reg4([C|_S]) -> throw({error,{illegal,[C]}});
-reg4([]) -> {epsilon,[]}.
-
-hex([C|Cs], L) when ?HEX(C) ->
-    hex(Cs, [C|L]);
-hex([$}|S], L) ->
-    case catch erlang:list_to_integer(lists:reverse(L), 16) of
-        V when V =< 16#FF ->
-            {V,S};
-        _ ->
-            throw({error,{illegal,[$}]}})
-    end;
-hex(_S, _) ->
-    throw({error,{unterminated,"\\x{"}}).
-
-escape_char($n) -> $\n;				%\n = LF
-escape_char($r) -> $\r;				%\r = CR
-escape_char($t) -> $\t;				%\t = TAB
-escape_char($v) -> $\v;				%\v = VT
-escape_char($b) -> $\b;				%\b = BS
-escape_char($f) -> $\f;				%\f = FF
-escape_char($e) -> $\e;				%\e = ESC
-escape_char($s) -> $\s;				%\s = SPACE
-escape_char($d) -> $\d;				%\d = DEL
-escape_char(C) -> C.
-
-char_class([$]|S]) -> char_class(S, [$]]);
-char_class(S) -> char_class(S, []).
-
-char($\\, [O1,O2,O3|S]) when
-  O1 >= $0, O1 =< $7, O2 >= $0, O2 =< $7, O3 >= $0, O3 =< $7 ->
-    {(O1*8 + O2)*8 + O3 - 73*$0,S};
-char($\\, [$x,H1,H2|S]) when ?HEX(H1), ?HEX(H2) ->
-    {erlang:list_to_integer([H1,H2], 16),S};
-char($\\,[$x,${|S]) ->
-    hex(S, []);
-char($\\,[$x|_]) ->
-    throw({error,{illegal,[$x]}});
-char($\\, [C|S]) -> {escape_char(C),S};
-char(C, S) -> {C,S}.
-
-char_class([C1|S0], Cc) when C1 =/= $] ->
-    case char(C1, S0) of
-	{Cf,[$-,C2|S1]} when C2 =/= $] ->
-	    case char(C2, S1) of
-		{Cl,S2} when Cf < Cl -> char_class(S2, [{Cf,Cl}|Cc]); 
-		{Cl,_S2} -> throw({error,{char_class,[Cf,$-,Cl]}})
-	    end;
-	{C,S1} -> char_class(S1, [C|Cc])
-    end;
-char_class(S, Cc) -> {Cc,S}.
-
-%char_string([C|S]) when C =/= $" -> char_string(S, C);
-%char_string(S) -> {epsilon,S}.
-
-%char_string([C|S0], L) when C =/= $" ->
-%    char_string(S0, {concat,L,C});
-%char_string(S, L) -> {L,S}.
-
-%% -deftype re_app_res() = {match,RestPos,Rest} | nomatch.
-
-%% re_apply(String, StartPos, RegExp) -> re_app_res().
-%%
-%%  Apply the (parse of the) regular expression RegExp to String.  If
-%%  there is a match return the position of the remaining string and
-%%  the string if else return 'nomatch'. BestMatch specifies if we want
-%%  the longest match, or just a match.
-%%
-%%  StartPos should be the real start position as it is used to decide
-%%  if we ae at the beginning of the string.
-%%
-%%  Pass two functions to re_apply_or so it can decide, on the basis
-%%  of BestMatch, whether to just any take any match or try both to
-%%  find the longest. This is slower but saves duplicatng code.
-
-re_apply(S, St, RE) -> re_apply(RE, [], S, St).
-
-re_apply(epsilon, More, S, P) ->		%This always matches
-    re_apply_more(More, S, P);
-re_apply({'or',RE1,RE2}, More, S, P) ->
-    re_apply_or(re_apply(RE1, More, S, P),
-		re_apply(RE2, More, S, P));
-re_apply({concat,RE1,RE2}, More, S0, P) ->
-    re_apply(RE1, [RE2|More], S0, P);
-re_apply({kclosure,CE}, More, S, P) ->
-    %% Be careful with the recursion, explicitly do one call before
-    %% looping.
-    re_apply_or(re_apply_more(More, S, P),
-		re_apply(CE, [{kclosure,CE}|More], S, P));
-re_apply({pclosure,CE}, More, S, P) ->
-    re_apply(CE, [{kclosure,CE}|More], S, P);
-re_apply({optional,CE}, More, S, P) ->
-    re_apply_or(re_apply_more(More, S, P),
-		re_apply(CE, More, S, P));
-re_apply(bos, More, S, 1) -> re_apply_more(More, S, 1);
-re_apply(eos, More, [$\n|S], P) -> re_apply_more(More, S, P);
-re_apply(eos, More, [], P) -> re_apply_more(More, [], P);
-re_apply({char_class,Cc}, More, [C|S], P) ->
-    case in_char_class(C, Cc) of
-	true -> re_apply_more(More, S, P+1);
-	false -> nomatch
-    end;
-re_apply({comp_class,Cc}, More, [C|S], P) ->
-    case in_char_class(C, Cc) of
-	true -> nomatch;
-	false -> re_apply_more(More, S, P+1)
-    end;
-re_apply(C, More, [C|S], P) when is_integer(C) ->
-    re_apply_more(More, S, P+1);
-re_apply(_RE, _More, _S, _P) -> nomatch.
-
-%% re_apply_more([RegExp], String, Length) -> re_app_res().
-
-re_apply_more([RE|More], S, P) -> re_apply(RE, More, S, P);
-re_apply_more([], S, P) -> {match,P,S}.
-
-%% in_char_class(Char, Class) -> bool().
-
-in_char_class(C, [{C1,C2}|_Cc]) when C >= C1, C =< C2 -> true;
-in_char_class(C, [C|_Cc]) -> true;
-in_char_class(C, [_|Cc]) -> in_char_class(C, Cc);
-in_char_class(_C, []) -> false.
-
-%% re_apply_or(Match1, Match2) -> re_app_res().
-%%  If we want the best match then choose the longest match, else just
-%%  choose one by trying sequentially.
-
-re_apply_or({match,P1,S1},   {match,P2,_S2}) when P1 >= P2 -> {match,P1,S1};
-re_apply_or({match,_P1,_S1}, {match,P2,S2}) -> {match,P2,S2};
-re_apply_or(nomatch, R2) -> R2;
-re_apply_or(R1, nomatch) -> R1.
-
-%% sh_to_awk(ShellRegExp)
-%%  Convert a sh style regexp into a full AWK one. The main difficulty is
-%%  getting character sets right as the conventions are different.
-
--spec sh_to_awk(ShRegExp) -> AwkRegExp when
-      ShRegExp :: string(),
-      AwkRegExp :: string().
-
-sh_to_awk(Sh) -> "^(" ++ sh_to_awk_1(Sh).	%Fix the beginning
-
-sh_to_awk_1([$*|Sh]) ->				%This matches any string
-    ".*" ++ sh_to_awk_1(Sh);
-sh_to_awk_1([$?|Sh]) ->				%This matches any character
-    [$.|sh_to_awk_1(Sh)];
-sh_to_awk_1([$[,$^,$]|Sh]) ->			%This takes careful handling
-    "\\^" ++ sh_to_awk_1(Sh);
-sh_to_awk_1("[^" ++ Sh) -> [$[|sh_to_awk_2(Sh, true)];
-sh_to_awk_1("[!" ++ Sh) -> "[^" ++ sh_to_awk_2(Sh, false);
-sh_to_awk_1([$[|Sh]) -> [$[|sh_to_awk_2(Sh, false)];
-sh_to_awk_1([C|Sh]) ->
-    %% Unspecialise everything else which is not an escape character.
-    case special_char(C) of
-	true -> [$\\,C|sh_to_awk_1(Sh)];
-	false -> [C|sh_to_awk_1(Sh)]
-    end;
-sh_to_awk_1([]) -> ")$".			%Fix the end
-
-sh_to_awk_2([$]|Sh], UpArrow) -> [$]|sh_to_awk_3(Sh, UpArrow)];
-sh_to_awk_2(Sh, UpArrow) -> sh_to_awk_3(Sh, UpArrow).
-
-sh_to_awk_3([$]|Sh], true) -> "^]" ++ sh_to_awk_1(Sh);
-sh_to_awk_3([$]|Sh], false) -> [$]|sh_to_awk_1(Sh)];
-sh_to_awk_3([C|Sh], UpArrow) -> [C|sh_to_awk_3(Sh, UpArrow)];
-sh_to_awk_3([], true) -> [$^|sh_to_awk_1([])];
-sh_to_awk_3([], false) -> sh_to_awk_1([]).
-
-%% -type special_char(char()) -> bool().
-%%  Test if a character is a special character.
-
-special_char($|) -> true;
-special_char($*) -> true;
-special_char($+) -> true;
-special_char($?) -> true;
-special_char($() -> true;
-special_char($)) -> true;
-special_char($\\) -> true;
-special_char($^) -> true;
-special_char($$) -> true;
-special_char($.) -> true;
-special_char($[) -> true;
-special_char($]) -> true;
-special_char($") -> true;
-special_char(_C) -> false.
-
-%% parse(RegExp) -> {ok,RE} | {error,E}.
-%%  Parse the regexp described in the string RegExp.
-
--spec parse(RegExp) -> ParseRes when
-      RegExp :: string(),
-      ParseRes :: {ok, RE} | {error, Error},
-      RE :: regexp(),
-      Error :: errordesc().
-
-parse(S) ->
-    case catch reg(S) of
-	{R,[]} -> {ok,R};
-	{_R,[C|_]} -> {error,{illegal,[C]}};
-	{error,E} -> {error,E}
-    end.
-
-%% format_error(Error) -> String.
-
--spec format_error(ErrorDescriptor) -> Chars when
-      ErrorDescriptor :: errordesc(),
-      Chars :: io_lib:chars().
-
-format_error({illegal,What}) -> ["illegal character `",What,"'"];
-format_error({unterminated,What}) -> ["unterminated `",What,"'"];
-format_error({char_class,What}) ->
-    ["illegal character class ",io_lib:write_string(What)].
-
-%% -type match(String, RegExp) -> matchres().
-%%  Find the longest match of RegExp in String.
-
--spec match(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Start, Length} | nomatch | {error, Error},
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-match(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> match(S, RE);
-	{error,E} -> {error,E}
-    end;
-match(S, RE) ->
-    case match(RE, S, 1, 0, -1) of
-	{Start,Len} when Len >= 0 ->
-	    {match,Start,Len};
-	{_Start,_Len} -> nomatch
-    end.
-
-match(RE, S, St, Pos, L) ->
-    case first_match(RE, S, St) of
-	{St1,L1} ->
-	    Nst = St1 + 1,
-	    if L1 > L -> match(RE, lists:nthtail(Nst-St, S), Nst, St1, L1);
-	       true -> match(RE, lists:nthtail(Nst-St, S), Nst, Pos, L)
-	    end;
-	nomatch -> {Pos,L}
-    end.
-
-%% -type first_match(String, RegExp) -> matchres().
-%%  Find the first match of RegExp in String.
-
--spec first_match(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Start, Length} | nomatch | {error, Error},
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-first_match(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> first_match(S, RE);
-	{error,E} -> {error,E}
-    end;
-first_match(S, RE) ->
-    case first_match(RE, S, 1) of
-	{Start,Len} when Len >= 0 ->
-	    {match,Start,Len};
-	nomatch -> nomatch
-    end.
-
-first_match(RE, S, St) when S =/= [] ->
-    case re_apply(S, St, RE) of
-	{match,P,_Rest} -> {St,P-St};
-	nomatch -> first_match(RE, tl(S), St+1)
-    end;
-first_match(_RE, [], _St) -> nomatch.
-
-%% -type matches(String, RegExp) -> {match,[{Start,Length}]} | {error,E}.
-%%  Return the all the non-overlapping matches of RegExp in String.
-
--spec matches(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Matches} | {error, Error},
-      Matches :: [{Start, Length}],
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-matches(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> matches(S, RE);
-	{error,E} -> {error,E}
-    end;
-matches(S, RE) ->
-    {match,matches(S, RE, 1)}.
-
-matches(S, RE, St) ->
-    case first_match(RE, S, St) of
-	{St1,0} -> [{St1,0}|matches(substr(S, St1+2-St), RE, St1+1)];
-	{St1,L1} -> [{St1,L1}|matches(substr(S, St1+L1+1-St), RE, St1+L1)];
-	nomatch -> []
-    end.
-
-%% -type sub(String, RegExp, Replace) -> subsres().
-%%  Substitute the first match of the regular expression RegExp with
-%%  the string Replace in String. Accept pre-parsed regular
-%%  expressions.
-
--spec sub(String, RegExp, New) -> SubRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      New :: string(),
-      NewString :: string(),
-      SubRes :: {ok, NewString, RepCount} | {error, Error},
-      RepCount :: 0 | 1,
-      Error :: errordesc().
-
-sub(String, RegExp, Rep) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> sub(String, RE, Rep);
-	{error,E} -> {error,E}
-    end;
-sub(String, RE, Rep) ->
-    Ss = sub_match(String, RE, 1),
-    {ok,sub_repl(Ss, Rep, String, 1),length(Ss)}.
-
-sub_match(S, RE, St) ->
-    case first_match(RE, S, St) of
-	{St1,L1} -> [{St1,L1}];
-	nomatch -> []
-    end.
-
-sub_repl([{St,L}|Ss], Rep, S, Pos) ->
-    Rs = sub_repl(Ss, Rep, S, St+L),
-    substr(S, Pos, St-Pos) ++ sub_repl(Rep, substr(S, St, L), Rs);
-sub_repl([], _Rep, S, Pos) -> substr(S, Pos).
-
-sub_repl([$&|Rep], M, Rest) -> M ++ sub_repl(Rep, M, Rest);
-sub_repl("\\&" ++ Rep, M, Rest) -> [$&|sub_repl(Rep, M, Rest)];
-sub_repl([C|Rep], M, Rest) -> [C|sub_repl(Rep, M, Rest)];
-sub_repl([], _M, Rest) -> Rest.
-
-%% -type gsub(String, RegExp, Replace) -> subres().
-%%  Substitute every match of the regular expression RegExp with the
-%%  string New in String. Accept pre-parsed regular expressions.
-
--spec gsub(String, RegExp, New) -> SubRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      New :: string(),
-      NewString :: string(),
-      SubRes :: {ok, NewString, RepCount} | {error, Error},
-      RepCount :: non_neg_integer(),
-      Error :: errordesc().
-
-gsub(String, RegExp, Rep) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> gsub(String, RE, Rep);
-	{error,E} -> {error,E}
-    end;
-gsub(String, RE, Rep) ->
-    Ss = matches(String, RE, 1),
-    {ok,sub_repl(Ss, Rep, String, 1),length(Ss)}.
-
-%% -type split(String, RegExp) -> splitres().
-%%  Split a string into substrings where the RegExp describes the
-%%  field seperator. The RegExp " " is specially treated.
-
--spec split(String, RegExp) -> SplitRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      SplitRes :: {ok, FieldList} | {error, Error},
-      FieldList :: [string()],
-      Error :: errordesc().
-
-split(String, " ") ->				%This is really special
-    {ok,RE} = parse("[ \t]+"),
-    case split_apply(String, RE, true) of
-	[[]|Ss] -> {ok,Ss};
-	Ss -> {ok,Ss}
-    end;
-split(String, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> {ok,split_apply(String, RE, false)};
-	{error,E} -> {error,E}
-    end;
-split(String, RE) -> {ok,split_apply(String, RE, false)}.
-
-split_apply(S, RE, Trim) -> split_apply(S, 1, RE, Trim, []).
-
-split_apply([], _P, _RE, true, []) -> [];
-split_apply([], _P, _RE, _T, Sub) -> [reverse(Sub)];
-split_apply(S, P, RE, T, Sub) ->
-    case re_apply(S, P, RE) of
-	{match,P,_Rest} ->
-	    split_apply(tl(S), P+1, RE, T, [hd(S)|Sub]);
-	{match,P1,Rest} ->
-	    [reverse(Sub)|split_apply(Rest, P1, RE, T, [])];
-	nomatch ->
-	    split_apply(tl(S), P+1, RE, T, [hd(S)|Sub])
-    end.
diff --git a/lib/stdlib/src/shell.erl b/lib/stdlib/src/shell.erl
index e3e23e09bc..dc450f0ee6 100644
--- a/lib/stdlib/src/shell.erl
+++ b/lib/stdlib/src/shell.erl
@@ -1065,9 +1065,10 @@ local_func(F, As0, Bs0, _Shell, _RT, Lf, Ef) when is_atom(F) ->
     non_builtin_local_func(F,As,Bs).
 
 non_builtin_local_func(F,As,Bs) ->
-    case erlang:function_exported(user_default, F, length(As)) of
+    Arity = length(As),
+    case erlang:function_exported(user_default, F, Arity) of
 	true ->
-            {eval,{user_default,F},As,Bs};
+            {eval,erlang:make_fun(user_default, F, Arity),As,Bs};
 	false ->
 	    shell_default(F,As,Bs)
     end.
@@ -1079,7 +1080,7 @@ shell_default(F,As,Bs) ->
 	{module, _} ->
 	    case erlang:function_exported(M,F,A) of
 		true ->
-		    {eval,{M,F},As,Bs};		    
+		    {eval,erlang:make_fun(M, F, A),As,Bs};
 		false ->
 		    shell_undef(F,A)
 	    end;
@@ -1088,7 +1089,7 @@ shell_default(F,As,Bs) ->
     end.
 
 shell_undef(F,A) ->
-    erlang:error({shell_undef,F,A}).
+    erlang:error({shell_undef,F,A,[]}).
 
 local_func_handler(Shell, RT, Ef) ->
     H = fun(Lf) -> 
diff --git a/lib/stdlib/src/stdlib.app.src b/lib/stdlib/src/stdlib.app.src
index 9d15f01683..a30685e830 100644
--- a/lib/stdlib/src/stdlib.app.src
+++ b/lib/stdlib/src/stdlib.app.src
@@ -2,7 +2,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -85,7 +85,6 @@
 	     queue,
 	     random,
 	     re,
-	     regexp,
 	     sets,
 	     shell,
 	     shell_default,
diff --git a/lib/stdlib/src/stdlib.appup.src b/lib/stdlib/src/stdlib.appup.src
index 54a63833e6..94e81188b5 100644
--- a/lib/stdlib/src/stdlib.appup.src
+++ b/lib/stdlib/src/stdlib.appup.src
@@ -1 +1,27 @@
-{"%VSN%",[],[]}.
+%% -*- erlang -*-
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+{"%VSN%",
+ %% Up from - max two major revisions back
+ [{<<"1\\.18(\\.[0-9]+)*">>,[restart_new_emulator]}, %% R15
+  {<<"1\\.17(\\.[0-9]+)*">>,[restart_new_emulator]}, %% R14
+  {<<"1\\.16(\\.[0-9]+)*">>,[restart_new_emulator]}],%% R13
+ %% Down to - max two major revisions back
+ [{<<"1\\.18(\\.[0-9]+)*">>,[restart_new_emulator]}, %% R15
+  {<<"1\\.17(\\.[0-9]+)*">>,[restart_new_emulator]}, %% R14
+  {<<"1\\.16(\\.[0-9]+)*">>,[restart_new_emulator]}] %% R13
+}.
diff --git a/lib/stdlib/src/supervisor.erl b/lib/stdlib/src/supervisor.erl
index dc31647eb5..ac5b078c29 100644
--- a/lib/stdlib/src/supervisor.erl
+++ b/lib/stdlib/src/supervisor.erl
@@ -27,8 +27,6 @@
 	 which_children/1, count_children/1,
 	 check_childspecs/1]).
 
--export([behaviour_info/1]).
-
 %% Internal exports
 -export([init/1, handle_call/3, handle_info/2, terminate/2, code_change/3]).
 -export([handle_cast/2]).
@@ -39,7 +37,7 @@
 
 %%--------------------------------------------------------------------------
 
--type child()    :: pid() | 'undefined'.
+-type child()    :: 'undefined' | pid() | [pid()].
 -type child_id() :: term().
 -type mfargs()   :: {M :: module(), F :: atom(), A :: [term()] | undefined}.
 -type modules()  :: [module()] | 'dynamic'.
@@ -90,14 +88,12 @@
 
 -define(is_simple(State), State#state.strategy =:= simple_one_for_one).
 
-%%--------------------------------------------------------------------------
-
--spec behaviour_info(atom()) -> 'undefined' | [{atom(), arity()}].
-
-behaviour_info(callbacks) ->
-    [{init,1}];
-behaviour_info(_Other) ->
-    undefined.
+-callback init(Args :: term()) ->
+    {ok, {{RestartStrategy :: strategy(),
+           MaxR            :: non_neg_integer(),
+           MaxT            :: non_neg_integer()},
+           [ChildSpec :: child_spec()]}}
+    | ignore.
 
 %%% ---------------------------------------------------
 %%% This is a general process supervisor built upon gen_server.erl.
@@ -274,6 +270,8 @@ start_children(Children, SupName) -> start_children(Children, [], SupName).
 
 start_children([Child|Chs], NChildren, SupName) ->
     case do_start_child(SupName, Child) of
+	{ok, undefined} when Child#child.restart_type =:= temporary ->
+	    start_children(Chs, NChildren, SupName);
 	{ok, Pid} ->
 	    start_children(Chs, [Child#child{pid = Pid}|NChildren], SupName);
 	{ok, Pid, _Extra} ->
@@ -329,6 +327,8 @@ handle_call({start_child, EArgs}, _From, State) when ?is_simple(State) ->
     #child{mfargs = {M, F, A}} = Child,
     Args = A ++ EArgs,
     case do_start_child_i(M, F, Args) of
+	{ok, undefined} when Child#child.restart_type =:= temporary ->
+	    {reply, {ok, undefined}, State};
 	{ok, Pid} ->
 	    NState = save_dynamic_child(Child#child.restart_type, Pid, Args, State),
 	    {reply, {ok, Pid}, NState};
@@ -519,9 +519,12 @@ handle_info(Msg, State) ->
 %%
 -spec terminate(term(), state()) -> 'ok'.
 
+terminate(_Reason, #state{children=[Child]} = State) when ?is_simple(State) ->
+    terminate_dynamic_children(Child, dynamics_db(Child#child.restart_type,
+                                                  State#state.dynamics),
+                               State#state.name);
 terminate(_Reason, State) ->
-    terminate_children(State#state.children, State#state.name),
-    ok.
+    terminate_children(State#state.children, State#state.name).
 
 %%
 %% Change code for the supervisor.
@@ -612,12 +615,12 @@ handle_start_child(Child, State) ->
     case get_child(Child#child.name, State) of
 	false ->
 	    case do_start_child(State#state.name, Child) of
+		{ok, undefined} when Child#child.restart_type =:= temporary ->
+		    {{ok, undefined}, State};
 		{ok, Pid} ->
-		    {{ok, Pid},
-		     save_child(Child#child{pid = Pid}, State)};
+		    {{ok, Pid}, save_child(Child#child{pid = Pid}, State)};
 		{ok, Pid, Extra} ->
-		    {{ok, Pid, Extra},
-		     save_child(Child#child{pid = Pid}, State)};
+		    {{ok, Pid, Extra}, save_child(Child#child{pid = Pid}, State)};
 		{error, What} ->
 		    {{error, {What, Child}}, State}
 	    end;
@@ -661,6 +664,9 @@ do_restart(_, normal, Child, State) ->
 do_restart(_, shutdown, Child, State) ->
     NState = state_del_child(Child, State),
     {ok, NState};
+do_restart(_, {shutdown, _Term}, Child, State) ->
+    NState = state_del_child(Child, State),
+    {ok, NState};
 do_restart(transient, Reason, Child, State) ->
     report_error(child_terminated, Reason, Child, State#state.name),
     restart(Child, State);
@@ -831,8 +837,109 @@ monitor_child(Pid) ->
 	    %% that will be handled in shutdown/2. 
 	    ok   
     end.
-    
-   
+
+
+%%-----------------------------------------------------------------
+%% Func: terminate_dynamic_children/3
+%% Args: Child    = child_rec()
+%%       Dynamics = ?DICT() | ?SET()
+%%       SupName  = {local, atom()} | {global, atom()} | {pid(),Mod}
+%% Returns: ok
+%%
+%%
+%% Shutdown all dynamic children. This happens when the supervisor is
+%% stopped. Because the supervisor can have millions of dynamic children, we
+%% can have an significative overhead here.
+%%-----------------------------------------------------------------
+terminate_dynamic_children(Child, Dynamics, SupName) ->
+    {Pids, EStack0} = monitor_dynamic_children(Child, Dynamics),
+    Sz = ?SETS:size(Pids),
+    EStack = case Child#child.shutdown of
+                 brutal_kill ->
+                     ?SETS:fold(fun(P, _) -> exit(P, kill) end, ok, Pids),
+                     wait_dynamic_children(Child, Pids, Sz, undefined, EStack0);
+                 infinity ->
+                     ?SETS:fold(fun(P, _) -> exit(P, shutdown) end, ok, Pids),
+                     wait_dynamic_children(Child, Pids, Sz, undefined, EStack0);
+                 Time ->
+                     ?SETS:fold(fun(P, _) -> exit(P, shutdown) end, ok, Pids),
+                     TRef = erlang:start_timer(Time, self(), kill),
+                     wait_dynamic_children(Child, Pids, Sz, TRef, EStack0)
+             end,
+    %% Unrool stacked errors and report them
+    ?DICT:fold(fun(Reason, Ls, _) ->
+                       report_error(shutdown_error, Reason,
+                                    Child#child{pid=Ls}, SupName)
+               end, ok, EStack).
+
+
+monitor_dynamic_children(#child{restart_type=temporary}, Dynamics) ->
+    ?SETS:fold(fun(P, {Pids, EStack}) ->
+                       case monitor_child(P) of
+                           ok ->
+                               {?SETS:add_element(P, Pids), EStack};
+                           {error, normal} ->
+                               {Pids, EStack};
+                           {error, Reason} ->
+                               {Pids, ?DICT:append(Reason, P, EStack)}
+                       end
+               end, {?SETS:new(), ?DICT:new()}, Dynamics);
+monitor_dynamic_children(#child{restart_type=RType}, Dynamics) ->
+    ?DICT:fold(fun(P, _, {Pids, EStack}) ->
+                       case monitor_child(P) of
+                           ok ->
+                               {?SETS:add_element(P, Pids), EStack};
+                           {error, normal} when RType =/= permanent ->
+                               {Pids, EStack};
+                           {error, Reason} ->
+                               {Pids, ?DICT:append(Reason, P, EStack)}
+                       end
+               end, {?SETS:new(), ?DICT:new()}, Dynamics).
+
+
+wait_dynamic_children(_Child, _Pids, 0, undefined, EStack) ->
+    EStack;
+wait_dynamic_children(_Child, _Pids, 0, TRef, EStack) ->
+	%% If the timer has expired before its cancellation, we must empty the
+	%% mail-box of the 'timeout'-message.
+    erlang:cancel_timer(TRef),
+    receive
+        {timeout, TRef, kill} ->
+            EStack
+    after 0 ->
+            EStack
+    end;
+wait_dynamic_children(#child{shutdown=brutal_kill} = Child, Pids, Sz,
+                      TRef, EStack) ->
+    receive
+        {'DOWN', _MRef, process, Pid, killed} ->
+            wait_dynamic_children(Child, ?SETS:del_element(Pid, Pids), Sz-1,
+                                  TRef, EStack);
+
+        {'DOWN', _MRef, process, Pid, Reason} ->
+            wait_dynamic_children(Child, ?SETS:del_element(Pid, Pids), Sz-1,
+                                  TRef, ?DICT:append(Reason, Pid, EStack))
+    end;
+wait_dynamic_children(#child{restart_type=RType} = Child, Pids, Sz,
+                      TRef, EStack) ->
+    receive
+        {'DOWN', _MRef, process, Pid, shutdown} ->
+            wait_dynamic_children(Child, ?SETS:del_element(Pid, Pids), Sz-1,
+                                  TRef, EStack);
+
+        {'DOWN', _MRef, process, Pid, normal} when RType =/= permanent ->
+            wait_dynamic_children(Child, ?SETS:del_element(Pid, Pids), Sz-1,
+                                  TRef, EStack);
+
+        {'DOWN', _MRef, process, Pid, Reason} ->
+            wait_dynamic_children(Child, ?SETS:del_element(Pid, Pids), Sz-1,
+                                  TRef, ?DICT:append(Reason, Pid, EStack));
+
+        {timeout, TRef, kill} ->
+            ?SETS:fold(fun(P, _) -> exit(P, kill) end, ok, Pids),
+            wait_dynamic_children(Child, Pids, Sz-1, undefined, EStack)
+    end.
+
 %%-----------------------------------------------------------------
 %% Child/State manipulating functions.
 %%-----------------------------------------------------------------
@@ -1054,7 +1161,7 @@ validRestartType(RestartType) -> throw({invalid_restart_type, RestartType}).
 
 validShutdown(Shutdown, _) 
   when is_integer(Shutdown), Shutdown > 0 -> true;
-validShutdown(infinity, supervisor)    -> true;
+validShutdown(infinity, _)             -> true;
 validShutdown(brutal_kill, _)          -> true;
 validShutdown(Shutdown, _)             -> throw({invalid_shutdown, Shutdown}).
 
@@ -1135,6 +1242,13 @@ report_error(Error, Reason, Child, SupName) ->
     error_logger:error_report(supervisor_report, ErrorMsg).
 
 
+extract_child(Child) when is_list(Child#child.pid) ->
+    [{nb_children, length(Child#child.pid)},
+     {name, Child#child.name},
+     {mfargs, Child#child.mfargs},
+     {restart_type, Child#child.restart_type},
+     {shutdown, Child#child.shutdown},
+     {child_type, Child#child.child_type}];
 extract_child(Child) ->
     [{pid, Child#child.pid},
      {name, Child#child.name},
diff --git a/lib/stdlib/src/supervisor_bridge.erl b/lib/stdlib/src/supervisor_bridge.erl
index 555cb5a66f..e8405ab9a4 100644
--- a/lib/stdlib/src/supervisor_bridge.erl
+++ b/lib/stdlib/src/supervisor_bridge.erl
@@ -22,15 +22,14 @@
 
 %% External exports
 -export([start_link/2, start_link/3]).
--export([behaviour_info/1]).
 %% Internal exports
 -export([init/1, handle_call/3, handle_cast/2, handle_info/2, terminate/2]).
 -export([code_change/3]).
 
-behaviour_info(callbacks) ->
-    [{init,1},{terminate,2}];
-behaviour_info(_Other) ->
-    undefined.
+-callback init(Args :: term()) ->
+    {ok, Pid :: pid(), State :: term()} | ignore | {error, Error :: term()}.
+-callback terminate(Reason :: (shutdown | term()), State :: term()) ->
+    Ignored :: term().
 
 %%%-----------------------------------------------------------------
 %%% This is a rewrite of supervisor_bridge from BS.3.
diff --git a/lib/stdlib/src/unicode.erl b/lib/stdlib/src/unicode.erl
index a5d9965ca2..e9b90befe6 100644
--- a/lib/stdlib/src/unicode.erl
+++ b/lib/stdlib/src/unicode.erl
@@ -73,7 +73,7 @@ characters_to_list_int(ML, Encoding) ->
 			   _ ->
 			       badarg
 		       end,
-	    {'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+	    {'EXIT',{new_stacktrace,[{Mod,_,L,_}|Rest]}} =
 		(catch erlang:error(new_stacktrace,
 				    [ML,Encoding])),
 	    erlang:raise(error,TheError,[{Mod,characters_to_list,L}|Rest])
@@ -109,7 +109,7 @@ characters_to_binary(ML) ->
 			   _ ->
 			       badarg
 		       end,
-	    {'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+	    {'EXIT',{new_stacktrace,[{Mod,_,L,_}|Rest]}} =
 		(catch erlang:error(new_stacktrace,
 				    [ML])),
 	    erlang:raise(error,TheError,[{Mod,characters_to_binary,L}|Rest])
@@ -127,7 +127,7 @@ characters_to_binary_int(ML,InEncoding) ->
 			   _ ->
 			       badarg
 		       end,
-	    {'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+	    {'EXIT',{new_stacktrace,[{Mod,_,L,_}|Rest]}} =
 		(catch erlang:error(new_stacktrace,
 				    [ML,InEncoding])),
 	    erlang:raise(error,TheError,[{Mod,characters_to_binary,L}|Rest])
@@ -159,7 +159,7 @@ characters_to_binary(ML, latin1, Uni) when is_binary(ML) and ((Uni =:= utf8) or
 				       _ ->
 					   badarg
 				   end,
-			{'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+			{'EXIT',{new_stacktrace,[{Mod,_,L,_}|Rest]}} =
 			    (catch erlang:error(new_stacktrace,
 						[ML,latin1,Uni])),
 			erlang:raise(error,TheError,
@@ -181,7 +181,7 @@ characters_to_binary(ML,Uni,latin1) when is_binary(ML) and ((Uni =:= utf8) or
 				       _ ->
 					   badarg
 				   end,
-			{'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+			{'EXIT',{new_stacktrace,[{Mod,_,L,_}|Rest]}} =
 			    (catch erlang:error(new_stacktrace,
 						[ML,Uni,latin1])),
 			erlang:raise(error,TheError,
@@ -200,7 +200,7 @@ characters_to_binary(ML, InEncoding, OutEncoding) ->
 			   _ ->
 			       badarg
 		       end,
-	    {'EXIT',{new_stacktrace,[{Mod,_,L}|Rest]}} = 
+	    {'EXIT',{new_stacktrace,[{Mod,_,L,_}|Rest]}} =
 		(catch erlang:error(new_stacktrace,
 				    [ML,InEncoding,OutEncoding])),
 	    erlang:raise(error,TheError,[{Mod,characters_to_binary,L}|Rest])
diff --git a/lib/stdlib/test/Makefile b/lib/stdlib/test/Makefile
index 5502c69fa5..aa6a660c34 100644
--- a/lib/stdlib/test/Makefile
+++ b/lib/stdlib/test/Makefile
@@ -65,6 +65,7 @@ MODULES= \
 	stdlib_SUITE \
 	string_SUITE \
 	supervisor_1 \
+	supervisor_2 \
 	naughty_child \
 	shell_SUITE \
 	supervisor_SUITE \
diff --git a/lib/stdlib/test/beam_lib_SUITE.erl b/lib/stdlib/test/beam_lib_SUITE.erl
index 27520a5c88..5df19ca7f1 100644
--- a/lib/stdlib/test/beam_lib_SUITE.erl
+++ b/lib/stdlib/test/beam_lib_SUITE.erl
@@ -181,7 +181,8 @@ error(Conf) when is_list(Conf) ->
     ?line verify(not_a_beam_file, beam_lib:info(<<"short">>)),
 
     ?line {Binary1, _} = split_binary(Binary, byte_size(Binary)-10),
-    ?line verify(chunk_too_big, beam_lib:chunks(Binary1, ["Abst"])),
+    LastChunk = last_chunk(Binary),
+    ?line verify(chunk_too_big, beam_lib:chunks(Binary1, [LastChunk])),
     ?line Chunks = chunk_info(Binary),
     ?line {value, {_, AbstractStart, _}} = lists:keysearch("Abst", 1, Chunks),
     ?line {Binary2, _} = split_binary(Binary, AbstractStart),
@@ -205,6 +206,12 @@ error(Conf) when is_list(Conf) ->
     ?line file:delete(ACopy),
     ok.
 
+last_chunk(Bin) ->
+    L = beam_lib:info(Bin),
+    {chunks,Chunks} = lists:keyfind(chunks, 1, L),
+    {Last,_,_} = lists:last(Chunks),
+    Last.
+
 do_error(BeamFile, ACopy) ->
     % evil tests
     ?line Chunks = chunk_info(BeamFile),
@@ -330,6 +337,7 @@ strip(Conf) when is_list(Conf) ->
     ?line {Source2D1, BeamFile2D1} = make_beam(PrivDir, simple2, concat),
     ?line {Source3D1, BeamFile3D1} = make_beam(PrivDir, make_fun, make_fun),
     ?line {Source4D1, BeamFile4D1} = make_beam(PrivDir, constant, constant),
+    ?line {Source5D1, BeamFile5D1} = make_beam(PrivDir, lines, lines),
 
     ?line NoOfTables = length(ets:all()),
     ?line P0 = pps(),
@@ -360,13 +368,25 @@ strip(Conf) when is_list(Conf) ->
     ?line {module, make_fun} = code:load_abs(filename:rootname(BeamFile3D1)),
     ?line {module, constant} = code:load_abs(filename:rootname(BeamFile4D1)),
 
+    %% check that line number information is still present after stripping
+    ?line {module, lines} = code:load_abs(filename:rootname(BeamFile5D1)),
+    ?line {'EXIT',{badarith,[{lines,t,1,Info}|_]}} =
+	(catch lines:t(atom)),
+    ?line true = code:delete(lines),
+    ?line false = code:purge(lines),
+    ?line {ok, {lines,BeamFile5D1}} = beam_lib:strip(BeamFile5D1),
+    ?line {module, lines} = code:load_abs(filename:rootname(BeamFile5D1)),
+    ?line {'EXIT',{badarith,[{lines,t,1,Info}|_]}} =
+	(catch lines:t(atom)),
+
     ?line true = (P0 == pps()),
     ?line NoOfTables = length(ets:all()),
 
     ?line delete_files([SourceD1, BeamFileD1, 
 			Source2D1, BeamFile2D1, 
 			Source3D1, BeamFile3D1,
-			Source4D1, BeamFile4D1]),
+			Source4D1, BeamFile4D1,
+			Source5D1, BeamFile5D1]),
     ok.
 
 
@@ -783,6 +803,12 @@ simple_file(File, Module, constant2) ->
 			"t(A) -> "
 			"    {a,b,[2,3],x,y}. "]),
     ok = file:write_file(File, B);
+simple_file(File, Module, lines) ->
+    B = list_to_binary(["-module(", atom_to_list(Module), ").\n"
+			"-export([t/1]).\n"
+			"t(A) ->\n"
+			"    A+1.\n"]),
+    ok = file:write_file(File, B);
 simple_file(File, Module, F) ->
     B = list_to_binary(["-module(", atom_to_list(Module), "). "
 			"-export([t/0]). "
diff --git a/lib/stdlib/test/binary_module_SUITE.erl b/lib/stdlib/test/binary_module_SUITE.erl
index 8fb63f33bd..bac59a3107 100644
--- a/lib/stdlib/test/binary_module_SUITE.erl
+++ b/lib/stdlib/test/binary_module_SUITE.erl
@@ -20,7 +20,7 @@
 
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2, 
-	 interesting/1,random_ref_comp/1,random_ref_sr_comp/1,
+	 interesting/1,scope_return/1,random_ref_comp/1,random_ref_sr_comp/1,
 	 random_ref_fla_comp/1,parts/1, bin_to_list/1, list_to_bin/1,
 	 copy/1, referenced/1,guard/1,encode_decode/1,badargs/1,longest_common_trap/1]).
 
@@ -67,7 +67,7 @@ end_per_testcase(_Case, Config) ->
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [interesting, random_ref_fla_comp, random_ref_sr_comp,
+    [scope_return,interesting, random_ref_fla_comp, random_ref_sr_comp,
      random_ref_comp, parts, bin_to_list, list_to_bin, copy,
      referenced, guard, encode_decode, badargs,
      longest_common_trap].
@@ -379,6 +379,20 @@ subj() ->
   Subject.
 
 
+scope_return(doc) ->
+    ["Test correct return values for scopes (OTP-9701)."];
+scope_return(Config) when is_list(Config) ->
+    N=10000,
+    Bin=binary:copy(<<"a">>,N),
+    scope_loop(Bin,0,N).
+
+scope_loop(_,N,N) ->
+    ok;
+scope_loop(Bin,N,M) ->
+    ?line {N,1} = binary:match(Bin,<<"a">>,[{scope,{N,1}}]),
+    ?line {N,1} = binary:match(Bin,[<<"a">>,<<"b">>],[{scope,{N,1}}]),
+    scope_loop(Bin,N+1,M).
+
 interesting(doc) ->
     ["Try some interesting patterns"];
 interesting(Config) when is_list(Config) ->
diff --git a/lib/stdlib/test/dets_SUITE.erl b/lib/stdlib/test/dets_SUITE.erl
index 22a9d4a7ff..6f77cff2b9 100644
--- a/lib/stdlib/test/dets_SUITE.erl
+++ b/lib/stdlib/test/dets_SUITE.erl
@@ -34,6 +34,8 @@
 -define(datadir(Conf), ?config(data_dir, Conf)).
 -endif.
 
+-compile(r13). % OTP-9607
+
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2, 
 	 not_run/1, newly_started/1, basic_v8/1, basic_v9/1,
@@ -53,7 +55,7 @@
          simultaneous_open/1, insert_new/1, repair_continuation/1,
          otp_5487/1, otp_6206/1, otp_6359/1, otp_4738/1, otp_7146/1,
          otp_8070/1, otp_8856/1, otp_8898/1, otp_8899/1, otp_8903/1,
-         otp_8923/1, otp_9282/1]).
+         otp_8923/1, otp_9282/1, otp_9607/1]).
 
 -export([dets_dirty_loop/0]).
 
@@ -112,7 +114,7 @@ all() ->
 	     many_clients, otp_4906, otp_5402, simultaneous_open,
 	     insert_new, repair_continuation, otp_5487, otp_6206,
 	     otp_6359, otp_4738, otp_7146, otp_8070, otp_8856, otp_8898,
-	     otp_8899, otp_8903, otp_8923, otp_9282]
+	     otp_8899, otp_8903, otp_8923, otp_9282, otp_9607]
     end.
 
 groups() -> 
@@ -554,7 +556,11 @@ dets_dirty_loop() ->
 	{From, [write, Name, Value]} ->
 	    Ret = dets:insert(Name, Value),
 	    From ! {self(), Ret},
-	    dets_dirty_loop()
+	    dets_dirty_loop();
+        {From, [close, Name]} ->
+            Ret = dets:close(Name),
+            From ! {self(), Ret},
+            dets_dirty_loop()
     end.
 
 
@@ -1568,8 +1574,10 @@ repair(Config, V) ->
     ?line FileSize = dets:info(TabRef, memory),
     ?line ok = dets:close(TabRef),
     crash(Fname, FileSize+20),
-    ?line {error, {bad_freelists, Fname}} = 
+    %% Used to return bad_freelists, but that changed in OTP-9622
+    ?line {ok, TabRef} =
 	dets:open_file(TabRef, [{file,Fname},{version,V}]),
+    ?line ok = dets:close(TabRef),
     ?line file:delete(Fname),
 
     %% File not closed, opening with read and read_write access tried.
@@ -1857,10 +1865,10 @@ fixtable(Config, Version) when is_list(Config) ->
     ?line {ok, _} = dets:open_file(T, Args),
 
     %% badarg
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} =
-	(catch dets:safe_fixtable(no_table,true)),
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[T,undefined]}|_]}} =
-	(catch dets:safe_fixtable(T,undefined)),
+    ?line check_badarg(catch dets:safe_fixtable(no_table,true),
+		       dets, safe_fixtable, [no_table,true]),
+    ?line check_badarg(catch dets:safe_fixtable(T,undefined),
+		       dets, safe_fixtable, [T,undefined]),
 
     %% The table is not allowed to grow while the elements are inserted:
 
@@ -1940,22 +1948,22 @@ match(Config, Version) ->
 
     %% match, badarg
     MSpec = [{'_',[],['$_']}],
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} = 
-	(catch dets:match(no_table, '_')),
-    ?line {'EXIT', {badarg, [{dets,match,[T,'_',not_a_number]}|_]}} = 
-	(catch dets:match(T, '_', not_a_number)),
+    ?line check_badarg(catch dets:match(no_table, '_'),
+		       dets, safe_fixtable, [no_table,true]),
+    ?line check_badarg(catch dets:match(T, '_', not_a_number),
+		       dets, match, [T,'_',not_a_number]),
     ?line {EC1, _} = dets:select(T, MSpec, 1),
-    ?line {'EXIT', {badarg, [{dets,match,[EC1]}|_]}} = 
-	(catch dets:match(EC1)),
+    ?line check_badarg(catch dets:match(EC1),
+		       dets, match, [EC1]),
 
     %% match_object, badarg
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} = 
-	(catch dets:match_object(no_table, '_')),
-    ?line {'EXIT', {badarg, [{dets,match_object,[T,'_',not_a_number]}|_]}} = 
-	(catch dets:match_object(T, '_', not_a_number)),
+    ?line check_badarg(catch dets:match_object(no_table, '_'),
+		       dets, safe_fixtable, [no_table,true]),
+    ?line check_badarg(catch dets:match_object(T, '_', not_a_number),
+		       dets, match_object, [T,'_',not_a_number]),
     ?line {EC2, _} = dets:select(T, MSpec, 1),
-    ?line {'EXIT', {badarg, [{dets,match_object,[EC2]}|_]}} = 
-	(catch dets:match_object(EC2)),
+    ?line check_badarg(catch dets:match_object(EC2),
+		       dets, match_object, [EC2]),
 
     dets:safe_fixtable(T, true),
     ?line {[_, _], C1} = dets:match_object(T, '_', 2),
@@ -2118,17 +2126,17 @@ select(Config, Version) ->
 
     %% badarg
     MSpec = [{'_',[],['$_']}],
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} = 
-	(catch dets:select(no_table, MSpec)),
-    ?line {'EXIT', {badarg, [{dets,select,[T,<<17>>]}|_]}} = 
-	(catch dets:select(T, <<17>>)),
-    ?line {'EXIT', {badarg, [{dets,select,[T,[]]}|_]}} = 
-	(catch dets:select(T, [])),
-    ?line {'EXIT', {badarg, [{dets,select,[T,MSpec,not_a_number]}|_]}} = 
-	(catch dets:select(T, MSpec, not_a_number)),
+    ?line check_badarg(catch dets:select(no_table, MSpec),
+		       dets, safe_fixtable, [no_table,true]),
+    ?line check_badarg(catch dets:select(T, <<17>>),
+		       dets, select, [T,<<17>>]),
+    ?line check_badarg(catch dets:select(T, []),
+		       dets, select, [T,[]]),
+    ?line check_badarg(catch dets:select(T, MSpec, not_a_number),
+		       dets, select, [T,MSpec,not_a_number]),
     ?line {EC, _} = dets:match(T, '_', 1),
-    ?line {'EXIT', {badarg, [{dets,select,[EC]}|_]}} = 
-	(catch dets:select(EC)),
+    ?line check_badarg(catch dets:select(EC),
+		       dets, select, [EC]),
 
     AllSpec = [{'_',[],['$_']}],
 
@@ -2210,8 +2218,8 @@ update_counter(Config) when is_list(Config) ->
     ?line file:delete(Fname),
     P0 = pps(),
 
-    ?line {'EXIT', {badarg, [{dets,update_counter,[no_table,1,1]}|_]}} = 
-	(catch dets:update_counter(no_table, 1, 1)),
+    ?line check_badarg(catch dets:update_counter(no_table, 1, 1),
+		       dets, update_counter, [no_table,1,1]),
 
     Args = [{file,Fname},{keypos,2}],
     ?line {ok, _} = dets:open_file(T, [{type,set} | Args]),
@@ -2254,66 +2262,66 @@ badarg(Config) when is_list(Config) ->
     %% badargs are tested in match, select and fixtable too.
 
     %% open
-    ?line {'EXIT', {badarg, [{dets,open_file,[{a,tuple},[]]}|_]}} = 
-	(catch dets:open_file({a,tuple},[])),
-    ?line {'EXIT', {badarg, [{dets,open_file,[{a,tuple}]}|_]}} = 
-	(catch dets:open_file({a,tuple})),
-    ?line {'EXIT', {badarg, [{dets,open_file,[file,[foo]]}|_]}} = 
-	(catch dets:open_file(file,[foo])),
-    ?line {'EXIT', {badarg,[{dets,open_file,[{hej,san},[{type,set}|3]]}|_]}} =
-	(catch dets:open_file({hej,san},[{type,set}|3])),
+    ?line check_badarg(catch dets:open_file({a,tuple},[]),
+		       dets, open_file, [{a,tuple},[]]),
+    ?line check_badarg(catch dets:open_file({a,tuple}),
+		       dets, open_file,[{a,tuple}]),
+    ?line check_badarg(catch dets:open_file(file,[foo]),
+		       dets, open_file, [file,[foo]]),
+    ?line check_badarg(catch dets:open_file({hej,san},[{type,set}|3]),
+		       dets, open_file, [{hej,san},[{type,set}|3]]),
 
     %% insert
-    ?line {'EXIT', {badarg, [{dets,insert,[no_table,{1,2}]}|_]}} = 
-	(catch dets:insert(no_table, {1,2})),
-    ?line {'EXIT', {badarg, [{dets,insert,[no_table,[{1,2}]]}|_]}} = 
-	(catch dets:insert(no_table, [{1,2}])),
-    ?line {'EXIT', {badarg, [{dets,insert,[T,{1,2}]}|_]}} = 
-	(catch dets:insert(T, {1,2})),
-    ?line {'EXIT', {badarg, [{dets,insert,[T,[{1,2}]]}|_]}} = 
-	(catch dets:insert(T, [{1,2}])),
-    ?line {'EXIT', {badarg, [{dets,insert,[T,[{1,2,3}|3]]}|_]}} = 
-	      (catch dets:insert(T, [{1,2,3} | 3])),
+    ?line check_badarg(catch dets:insert(no_table, {1,2}),
+		       dets, insert, [no_table,{1,2}]),
+    ?line check_badarg(catch dets:insert(no_table, [{1,2}]),
+		       dets, insert, [no_table,[{1,2}]]),
+    ?line check_badarg(catch dets:insert(T, {1,2}),
+		       dets, insert, [T,{1,2}]),
+    ?line check_badarg(catch dets:insert(T, [{1,2}]),
+		       dets, insert, [T,[{1,2}]]),
+    ?line check_badarg(catch dets:insert(T, [{1,2,3} | 3]),
+		       dets, insert, [T,[{1,2,3}|3]]),
 
     %% lookup{_keys}
-    ?line {'EXIT', {badarg, [{dets,lookup_keys,[badarg,[]]}|_]}} = 
-	(catch dets:lookup_keys(T, [])),
-    ?line {'EXIT', {badarg, [{dets,lookup,[no_table,1]}|_]}} = 
-	(catch dets:lookup(no_table, 1)),
-    ?line {'EXIT', {badarg, [{dets,lookup_keys,[T,[1|2]]}|_]}} = 
-	(catch dets:lookup_keys(T, [1 | 2])),
+    ?line check_badarg(catch dets:lookup_keys(T, []),
+		       dets, lookup_keys, [badarg,[]]),
+    ?line check_badarg(catch dets:lookup(no_table, 1),
+		       dets, lookup, [no_table,1]),
+    ?line check_badarg(catch dets:lookup_keys(T, [1 | 2]),
+		       dets, lookup_keys, [T,[1|2]]),
 
     %% member
-    ?line {'EXIT', {badarg, [{dets,member,[no_table,1]}|_]}} = 
-	(catch dets:member(no_table, 1)),
+    ?line check_badarg(catch dets:member(no_table, 1),
+		       dets, member, [no_table,1]),
 
     %% sync
-    ?line {'EXIT', {badarg, [{dets,sync,[no_table]}|_]}} = 
-	(catch dets:sync(no_table)),
+    ?line check_badarg(catch dets:sync(no_table),
+		       dets, sync, [no_table]),
 
     %% delete{_keys}
-    ?line {'EXIT', {badarg, [{dets,delete,[no_table,1]}|_]}} = 
-	(catch dets:delete(no_table, 1)),
+    ?line check_badarg(catch dets:delete(no_table, 1),
+		       dets, delete, [no_table,1]),
 
     %% delete_object
-    ?line {'EXIT', {badarg, [{dets,delete_object,[no_table,{1,2,3}]}|_]}} = 
-	(catch dets:delete_object(no_table, {1,2,3})),
-    ?line {'EXIT', {badarg, [{dets,delete_object,[T,{1,2}]}|_]}} = 
-	(catch dets:delete_object(T, {1,2})),
-    ?line {'EXIT', {badarg, [{dets,delete_object,[no_table,[{1,2,3}]]}|_]}} = 
-	(catch dets:delete_object(no_table, [{1,2,3}])),
-    ?line {'EXIT', {badarg, [{dets,delete_object,[T,[{1,2}]]}|_]}} = 
-	(catch dets:delete_object(T, [{1,2}])),
-    ?line {'EXIT', {badarg, [{dets,delete_object,[T,[{1,2,3}|3]]}|_]}} = 
-	(catch dets:delete_object(T, [{1,2,3} | 3])),
+    ?line check_badarg(catch dets:delete_object(no_table, {1,2,3}),
+		       dets, delete_object, [no_table,{1,2,3}]),
+    ?line check_badarg(catch dets:delete_object(T, {1,2}),
+		       dets, delete_object, [T,{1,2}]),
+    ?line check_badarg(catch dets:delete_object(no_table, [{1,2,3}]),
+		       dets, delete_object, [no_table,[{1,2,3}]]),
+    ?line check_badarg(catch dets:delete_object(T, [{1,2}]),
+		       dets, delete_object, [T,[{1,2}]]),
+    ?line check_badarg(catch dets:delete_object(T, [{1,2,3} | 3]),
+		       dets, delete_object, [T,[{1,2,3}|3]]),
 
     %% first,next,slot
-    ?line {'EXIT', {badarg, [{dets,first,[no_table]}|_]}} =
-	(catch dets:first(no_table)),
-    ?line {'EXIT', {badarg, [{dets,next,[no_table,1]}|_]}} =
-	(catch dets:next(no_table, 1)),
-    ?line {'EXIT', {badarg, [{dets,slot,[no_table,0]}|_]}} =
-	(catch dets:slot(no_table, 0)),
+    ?line check_badarg(catch dets:first(no_table),
+		       dets, first, [no_table]),
+    ?line check_badarg(catch dets:next(no_table, 1),
+		       dets, next, [no_table,1]),
+    ?line check_badarg(catch dets:slot(no_table, 0),
+		       dets, slot, [no_table,0]),
 
     %% info
     ?line undefined = dets:info(no_table),
@@ -2321,27 +2329,27 @@ badarg(Config) when is_list(Config) ->
     ?line undefined = dets:info(T, foo),
 
     %% match_delete
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} = 
-	(catch dets:match_delete(no_table, '_')),
+    ?line check_badarg(catch dets:match_delete(no_table, '_'),
+		       dets, safe_fixtable, [no_table,true]),
 
     %% delete_all_objects
-    ?line {'EXIT', {badarg, [{dets,delete_all_objects,[no_table]}|_]}} = 
-	(catch dets:delete_all_objects(no_table)),
+    ?line check_badarg(catch dets:delete_all_objects(no_table),
+		       dets, delete_all_objects, [no_table]),
 
     %% select_delete
     MSpec = [{'_',[],['$_']}],
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} = 
-	(catch dets:select_delete(no_table, MSpec)),
-    ?line {'EXIT', {badarg, [{dets,select_delete,[T, <<17>>]}|_]}} = 
-	(catch dets:select_delete(T, <<17>>)),
+    ?line check_badarg(catch dets:select_delete(no_table, MSpec),
+		       dets, safe_fixtable, [no_table,true]),
+    ?line check_badarg(catch dets:select_delete(T, <<17>>),
+		       dets, select_delete, [T, <<17>>]),
 
     %% traverse, fold
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} = 
-	(catch dets:traverse(no_table, fun(_) -> continue end)),
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} = 
-	(catch dets:foldl(fun(_, A) -> A end, [], no_table)),
-    ?line {'EXIT', {badarg, [{dets,safe_fixtable,[no_table,true]}|_]}} = 
-	(catch dets:foldr(fun(_, A) -> A end, [], no_table)),
+    ?line check_badarg(catch dets:traverse(no_table, fun(_) -> continue end),
+		       dets, safe_fixtable, [no_table,true]),
+    ?line check_badarg(catch dets:foldl(fun(_, A) -> A end, [], no_table),
+		       dets, safe_fixtable, [no_table,true]),
+    ?line check_badarg(catch dets:foldr(fun(_, A) -> A end, [], no_table),
+		       dets, safe_fixtable, [no_table,true]),
 
     %% close
     ?line ok = dets:close(T),
@@ -2349,15 +2357,16 @@ badarg(Config) when is_list(Config) ->
     ?line {error, not_owner} = dets:close(T),
 
     %% init_table
-    ?line {'EXIT', {badarg,[{dets,init_table,[no_table,_,[]]}|_]}} =
-	(catch dets:init_table(no_table, fun(X) -> X end)),
-    ?line {'EXIT', {badarg,[{dets,init_table,[no_table,_,[]]}|_]}} =
-	(catch dets:init_table(no_table, fun(X) -> X end, [])),
+    IF = fun(X) -> X end,
+    ?line check_badarg(catch dets:init_table(no_table, IF),
+		       dets, init_table, [no_table,IF,[]]),
+    ?line check_badarg(catch dets:init_table(no_table, IF, []),
+		       dets, init_table, [no_table,IF,[]]),
 
     %% from_ets
     Ets = ets:new(ets,[]),
-    ?line {'EXIT', {badarg,[{dets,from_ets,[no_table,_]}|_]}} =
-	(catch dets:from_ets(no_table, Ets)),
+    ?line check_badarg(catch dets:from_ets(no_table, Ets),
+		       dets, from_ets, [no_table,Ets]),
     ets:delete(Ets),
 
     ?line {ok, T} = dets:open_file(T, Args),
@@ -3879,10 +3888,91 @@ some_calls(Tab, Config) ->
     ?line ok = dets:close(T),
     file:delete(File).
 
+otp_9607(doc) ->
+    ["OTP-9607. Test downgrading the slightly changed format."];
+otp_9607(suite) ->
+    [];
+otp_9607(Config) when is_list(Config) ->
+    %% Note: the bug is about almost full tables. The fix of that
+    %% problem is *not* tested here.
+    Version = r13b,
+    case ?t:is_release_available(atom_to_list(Version)) of
+        true ->
+            T = otp_9607,
+            File = filename(T, Config),
+            Key = a,
+            Value = 1,
+            Args = [{file,File}],
+            ?line {ok, T} = dets:open_file(T, Args),
+            ?line ok = dets:insert(T, {Key, Value}),
+            ?line ok = dets:close(T),
+
+            ?line Call = fun(P, A) ->
+                                 P ! {self(), A},
+                                 receive
+                                     {P, Ans} ->
+                                         Ans
+                                 after 5000 ->
+                                         exit(other_process_dead)
+                                 end
+                         end,
+            %% Create a file on the modified format, read the file
+            %% with an emulator that doesn't know about the modified
+            %% format.
+            ?line {ok, Node} = start_node_rel(Version, Version, slave),
+            ?line Pid = rpc:call(Node, erlang, spawn,
+                                 [?MODULE, dets_dirty_loop, []]),
+            ?line {error,{needs_repair, File}} =
+                Call(Pid, [open, T, Args++[{repair,false}]]),
+            io:format("Expect repair:~n"),
+            ?line {ok, T} = Call(Pid, [open, T, Args]),
+            ?line [{Key,Value}] = Call(Pid, [read, T, Key]),
+            ?line ok = Call(Pid, [close, T]),
+            file:delete(File),
+
+            %% Create a file on the unmodified format. Modify the file
+            %% using an emulator that must not turn the file into the
+            %% modified format. Read the file and make sure it is not
+            %% repaired.
+            ?line {ok, T} = Call(Pid, [open, T, Args]),
+            ?line ok = Call(Pid, [write, T, {Key,Value}]),
+            ?line [{Key,Value}] = Call(Pid, [read, T, Key]),
+            ?line ok = Call(Pid, [close, T]),
+
+            Key2 = b,
+            Value2 = 2,
+
+            ?line {ok, T} = dets:open_file(T, Args),
+            ?line [{Key,Value}] = dets:lookup(T, Key),
+            ?line ok = dets:insert(T, {Key2,Value2}),
+            ?line ok = dets:close(T),
+
+            ?line {ok, T} = Call(Pid, [open, T, Args++[{repair,false}]]),
+            ?line [{Key2,Value2}] = Call(Pid, [read, T, Key2]),
+            ?line ok = Call(Pid, [close, T]),
+
+            ?t:stop_node(Node),
+            file:delete(File),
+            ok;
+        false ->
+	    {skipped, "No support for old node"}
+    end.
+
+
+
 %%
 %% Parts common to several test cases
 %% 
 
+start_node_rel(Name, Rel, How) ->
+    Release = [{release, atom_to_list(Rel)}],
+    ?line Pa = filename:dirname(code:which(?MODULE)),
+    ?line test_server:start_node(Name, How,
+                                 [{args,
+                                   " -kernel net_setuptime 100 "
+                                   " -pa " ++ Pa},
+                                  {erl, Release}]).
+
 crash(File, Where) ->
     crash(File, Where, 10).
 
@@ -4268,6 +4358,11 @@ bad_object({error,{{bad_object,_}, FileName}}, FileName) ->
 bad_object({error,{{{bad_object,_,_},_,_,_}, FileName}}, FileName) ->
     ok. % Debug.
 
+check_badarg({'EXIT', {badarg, [{M,F,Args,_} | _]}}, M, F, Args) ->
+    true;
+check_badarg({'EXIT', {badarg, [{M,F,A,_} | _]}}, M, F, Args)  ->
+    true = test_server:is_native(M) andalso length(Args) =:= A.
+
 check_pps(P0) ->
     case pps() of
         P0 ->
diff --git a/lib/stdlib/test/epp_SUITE.erl b/lib/stdlib/test/epp_SUITE.erl
index 57f3f4eddb..f79414db49 100644
--- a/lib/stdlib/test/epp_SUITE.erl
+++ b/lib/stdlib/test/epp_SUITE.erl
@@ -20,7 +20,7 @@
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2]).
 
--export([rec_1/1, predef_mac/1,
+-export([rec_1/1, include_local/1, predef_mac/1,
 	 upcase_mac_1/1, upcase_mac_2/1,
 	 variable_1/1, otp_4870/1, otp_4871/1, otp_5362/1,
          pmod/1, not_circular/1, skip_header/1, otp_6277/1, otp_7702/1,
@@ -63,7 +63,7 @@ end_per_testcase(_, Config) ->
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [rec_1, {group, upcase_mac}, predef_mac,
+    [rec_1, {group, upcase_mac}, include_local, predef_mac,
      {group, variable}, otp_4870, otp_4871, otp_5362, pmod,
      not_circular, skip_header, otp_6277, otp_7702, otp_8130,
      overload_mac, otp_8388, otp_8470, otp_8503, otp_8562,
@@ -97,6 +97,22 @@ rec_1(Config) when is_list(Config) ->
     ?line check_errors(List),
     ok.
 
+include_local(doc) ->
+    [];
+include_local(suite) ->
+    [];
+include_local(Config) when is_list(Config) ->
+    ?line DataDir = ?config(data_dir, Config),
+    ?line File = filename:join(DataDir, "include_local.erl"),
+    %% include_local.erl includes include/foo.hrl which
+    %% includes bar.hrl (also in include/) without requiring
+    %% any additional include path, and overriding any file
+    %% of the same name that the path points to
+    ?line {ok, List} = epp:parse_file(File, [DataDir], []),
+    ?line {value, {attribute,_,a,{true,true}}} =
+	lists:keysearch(a,3,List),
+    ok.
+
 %%% Here is a little reimplementation of epp:parse_file, which times out
 %%% after 4 seconds if the epp server doesn't respond. If we use the
 %%% regular epp:parse_file, the test case will time out, and then epp
@@ -234,16 +250,23 @@ otp_4871(Config) when is_list(Config) ->
     %% so there are some sanity checks before killing.
     ?line {ok,Epp} = epp:open(File, []),
     timer:sleep(1),
-    ?line {current_function,{epp,_,_}} = process_info(Epp, current_function),
+    ?line true = current_module(Epp, epp),
     ?line {monitored_by,[Io]} = process_info(Epp, monitored_by),
-    ?line {current_function,{file_io_server,_,_}} =
-	process_info(Io, current_function),
+    ?line true = current_module(Io, file_io_server),
     ?line exit(Io, emulate_crash),
     timer:sleep(1),
     ?line {error,{_Line,epp,cannot_parse}} = otp_4871_parse_file(Epp),
     ?line epp:close(Epp),
     ok.
 
+current_module(Pid, Mod) ->
+    case process_info(Pid, current_function) of
+        {current_function, undefined} ->
+            true = test_server:is_native(Mod);
+        {current_function, {Mod, _, _}} ->
+            true
+    end.
+
 otp_4871_parse_file(Epp) ->
     case epp:parse_erl_form(Epp) of
 	{ok,_} -> otp_4871_parse_file(Epp);
diff --git a/lib/stdlib/test/epp_SUITE_data/bar.hrl b/lib/stdlib/test/epp_SUITE_data/bar.hrl
new file mode 100644
index 0000000000..01c527d549
--- /dev/null
+++ b/lib/stdlib/test/epp_SUITE_data/bar.hrl
@@ -0,0 +1,4 @@
+%% should not be included from include/foo.hrl even though the
+%% include path points here - include/bar.hrl overrides it
+
+-define(BAR_HRL, false).
diff --git a/lib/stdlib/test/epp_SUITE_data/include/bar.hrl b/lib/stdlib/test/epp_SUITE_data/include/bar.hrl
new file mode 100644
index 0000000000..038d3c900e
--- /dev/null
+++ b/lib/stdlib/test/epp_SUITE_data/include/bar.hrl
@@ -0,0 +1,3 @@
+%% included from foo.hrl in same directory
+
+-define(BAR_HRL, true).
diff --git a/lib/stdlib/test/epp_SUITE_data/include/foo.hrl b/lib/stdlib/test/epp_SUITE_data/include/foo.hrl
new file mode 100644
index 0000000000..a6dfa3d18a
--- /dev/null
+++ b/lib/stdlib/test/epp_SUITE_data/include/foo.hrl
@@ -0,0 +1,4 @@
+%% includes bar.hrl in same directory
+
+-define(FOO_HRL, true).
+-include("bar.hrl").
diff --git a/lib/stdlib/test/epp_SUITE_data/include_local.erl b/lib/stdlib/test/epp_SUITE_data/include_local.erl
new file mode 100644
index 0000000000..c8e155a064
--- /dev/null
+++ b/lib/stdlib/test/epp_SUITE_data/include_local.erl
@@ -0,0 +1,6 @@
+
+-module(include_local).
+
+-include("include/foo.hrl").
+
+-a({?FOO_HRL, ?BAR_HRL}).
diff --git a/lib/stdlib/test/erl_eval_SUITE.erl b/lib/stdlib/test/erl_eval_SUITE.erl
index 784c7cb86e..369d8b224e 100644
--- a/lib/stdlib/test/erl_eval_SUITE.erl
+++ b/lib/stdlib/test/erl_eval_SUITE.erl
@@ -1036,6 +1036,12 @@ funs(Config) when is_list(Config) ->
         lists:usort([run_many_args(SAs) || SAs <- many_args(MaxArgs)]),
     ?line {'EXIT',{{argument_limit,_},_}} = 
         (catch run_many_args(many_args1(MaxArgs+1))),
+
+    ?line check(fun() -> M = lists, F = fun M:reverse/1,
+			 [1,2] = F([2,1]), ok end,
+		"begin M = lists, F = fun M:reverse/1,"
+		" [1,2] = F([2,1]), ok end.",
+		ok),
     ok.
 
 run_many_args({S, As}) ->
diff --git a/lib/stdlib/test/erl_expand_records_SUITE.erl b/lib/stdlib/test/erl_expand_records_SUITE.erl
index f8c1ad783c..8b162cfda0 100644
--- a/lib/stdlib/test/erl_expand_records_SUITE.erl
+++ b/lib/stdlib/test/erl_expand_records_SUITE.erl
@@ -178,6 +178,9 @@ expr(Config) when is_list(Config) ->
                  true ->
                      not_ok
              end.
+
+         is_record(_, _, _) ->
+             error(wrong_is_record).
       ">>
       ],
 
@@ -366,6 +369,8 @@ strict(Config) when is_list(Config) ->
                  end
              catch error:_ -> ok
              end.
+         element(_, _) ->
+             error(wrong_element).
       ">>
       ],
     ?line run(Config, Ts1, [strict_record_tests]),
@@ -380,6 +385,8 @@ strict(Config) when is_list(Config) ->
              case foo of
                  _ when A#r2.a =:= 1 -> ok
              end.
+         element(_, _) ->
+             error(wrong_element).
       ">>
       ],
     ?line run(Config, Ts2, [no_strict_record_tests]),
@@ -415,6 +422,11 @@ update(Config) when is_list(Config) ->
          t2() ->
              R0 = #r{},
              #r{_ = R0#r{a = ok}}.
+
+         %% Implicit calls to setelement/3 must go to the BIF,
+         %% not to this function.
+         setelement(_, _, _) ->
+             erlang:error(wrong_setelement_called).
       ">>
       ],
     ?line run(Config, Ts),
diff --git a/lib/stdlib/test/erl_lint_SUITE.erl b/lib/stdlib/test/erl_lint_SUITE.erl
index 9041adbe5c..4e93f056ad 100644
--- a/lib/stdlib/test/erl_lint_SUITE.erl
+++ b/lib/stdlib/test/erl_lint_SUITE.erl
@@ -2631,7 +2631,35 @@ bif_clash(Config) when is_list(Config) ->
                  binary_part(A,B,C).
              ">>,
 	   [warn_unused_import],
-	   {warnings,[{2,erl_lint,{redefine_bif_import,{binary_part,3}}}]}}
+	   {warnings,[{2,erl_lint,{redefine_bif_import,{binary_part,3}}}]}},
+	  %% Don't accept call to a guard BIF if there is a local definition
+	  %% or an import with the same name. Note: is_record/2 is an
+	  %% exception, since it is more of syntatic sugar than a real BIF.
+	  {clash21,
+           <<"-export([is_list/1]).
+              -import(x, [is_tuple/1]).
+              -record(r, {a,b}).
+              x(T) when is_tuple(T) -> ok;
+              x(T) when is_list(T) -> ok.
+              y(T) when is_tuple(T) =:= true -> ok;
+              y(T) when is_list(T) =:= true -> ok;
+              y(T) when is_record(T, r, 3) -> ok;
+              y(T) when is_record(T, r, 3) =:= true -> ok;
+              y(T) when is_record(T, r) =:= true -> ok.
+              is_list(_) ->
+                ok.
+              is_record(_, _) ->
+                ok.
+              is_record(_, _, _) ->
+                ok.
+             ">>,
+	   [{no_auto_import,[{is_tuple,1}]}],
+	   {errors,[{4,erl_lint,{illegal_guard_local_call,{is_tuple,1}}},
+		    {5,erl_lint,{illegal_guard_local_call,{is_list,1}}},
+		    {6,erl_lint,{illegal_guard_local_call,{is_tuple,1}}},
+		    {7,erl_lint,{illegal_guard_local_call,{is_list,1}}},
+		    {8,erl_lint,{illegal_guard_local_call,{is_record,3}}},
+		    {9,erl_lint,{illegal_guard_local_call,{is_record,3}}}],[]}}
 	 ],
 
     ?line [] = run(Config, Ts),
diff --git a/lib/stdlib/test/erl_pp_SUITE.erl b/lib/stdlib/test/erl_pp_SUITE.erl
index 280c95b1aa..64853ca078 100644
--- a/lib/stdlib/test/erl_pp_SUITE.erl
+++ b/lib/stdlib/test/erl_pp_SUITE.erl
@@ -116,7 +116,6 @@ func(Config) when is_list(Config) ->
           {func_3,
            <<"t() -> fun t/0.">>},
           {func_4,
-           %% Has already been expanded away in sys_pre_expand.
            <<"t() -> fun modul:foo/3.">>},
           {func_5, % 'when' is moved down one line
            <<"tkjlksjflksdjflsdjlk()
@@ -127,7 +126,9 @@ func(Config) when is_list(Config) ->
            <<"t() ->
                   (fun() ->
                            true
-                   end)().">>}
+                   end)().">>},
+	  {func_7,
+           <<"t(M, F, A) -> fun M:F/A.">>}
           ],
     ?line compile(Config, Ts),
     ok.
diff --git a/lib/stdlib/test/ets_SUITE.erl b/lib/stdlib/test/ets_SUITE.erl
index 57df963ae2..101828fdef 100644
--- a/lib/stdlib/test/ets_SUITE.erl
+++ b/lib/stdlib/test/ets_SUITE.erl
@@ -176,6 +176,7 @@ groups() ->
        meta_newdel_unnamed, meta_newdel_named]}].
 
 init_per_suite(Config) ->
+    erts_debug:set_internal_state(available_internal_state, true),
     Config.
 
 end_per_suite(_Config) ->
@@ -304,7 +305,6 @@ t_match_spec_run(Config) when is_list(Config) ->
 		      end,
 		  repeat_for_permutations(F, N_MS)
 	  end,
-
     test_terms(Fun, skip_refc_check),
 
     ?line verify_etsmem(EtsMem).
@@ -324,7 +324,7 @@ t_match_spec_run_test(List, MS, Result) ->
 
     %% Check that tracing agree
     Self = self(),
-    {Tracee, MonRef} = spawn_monitor(fun() -> ms_tracee(Self, List) end),
+    {Tracee, MonRef} = my_spawn_monitor(fun() -> ms_tracee(Self, List) end),
     receive {Tracee, ready} -> ok end,
 
     MST = lists:map(fun(Clause) -> ms_clause_ets_to_trace(Clause) end, MS),
@@ -585,7 +585,6 @@ select_fail_do(Opts) ->
 memory(doc) -> ["Whitebox test of ets:info(X,memory)"];
 memory(suite) -> [];
 memory(Config) when is_list(Config) ->
-    ?line erts_debug:set_internal_state(available_internal_state, true),
     ?line ok = chk_normal_tab_struct_size(),
     repeat_for_opts(memory_do,[compressed]),
     ?line catch erts_debug:set_internal_state(available_internal_state, false).
@@ -795,21 +794,26 @@ t_ets_dets(Config, Opts) ->
     ?line true = ets:from_dets(ETab,DTab),
     ?line 3000 = ets:info(ETab,size),
     ?line ets:delete(ETab),
-    ?line {'EXIT',{badarg,[{ets,to_dets,[ETab,DTab]}|_]}} =
-	(catch ets:to_dets(ETab,DTab)),
-    ?line {'EXIT',{badarg,[{ets,from_dets,[ETab,DTab]}|_]}} =
-	(catch ets:from_dets(ETab,DTab)),
+    ?line check_badarg(catch ets:to_dets(ETab,DTab),
+		       ets, to_dets, [ETab,DTab]),
+    ?line check_badarg(catch ets:from_dets(ETab,DTab),
+		       ets, from_dets, [ETab,DTab]),
     ?line ETab2 = ets_new(x,Opts),
     ?line filltabint(ETab2,3000),
     ?line dets:close(DTab),
-    ?line {'EXIT',{badarg,[{ets,to_dets,[ETab2,DTab]}|_]}} =
-	(catch ets:to_dets(ETab2,DTab)),
-    ?line {'EXIT',{badarg,[{ets,from_dets,[ETab2,DTab]}|_]}} =
-	(catch ets:from_dets(ETab2,DTab)),
+    ?line check_badarg(catch ets:to_dets(ETab2,DTab),
+		       ets, to_dets, [ETab2,DTab]),
+    ?line check_badarg(catch ets:from_dets(ETab2,DTab),
+		       ets, from_dets, [ETab2,DTab]),
     ?line ets:delete(ETab2),
     ?line (catch file:delete(Fname)),
     ok.
 
+check_badarg({'EXIT', {badarg, [{M,F,Args,_} | _]}}, M, F, Args) ->
+    true;
+check_badarg({'EXIT', {badarg, [{M,F,A,_} | _]}}, M, F, Args)  ->
+    true = test_server:is_native(M) andalso length(Args) =:= A.
+
 t_delete_all_objects(doc) ->
     ["Test ets:delete_all_objects/1"];
 t_delete_all_objects(suite) ->
@@ -1942,7 +1946,7 @@ evil_update_counter(Config) when is_list(Config) ->
 evil_update_counter_do(Opts) ->
     ?line EtsMem = etsmem(),
     ?line process_flag(trap_exit, true),
-    ?line Pids = [spawn_link(fun() -> evil_counter(I,Opts) end)  || I <- lists:seq(1, 40)],
+    ?line Pids = [my_spawn_link(fun() -> evil_counter(I,Opts) end)  || I <- lists:seq(1, 40)],
     ?line wait_for_all(gb_sets:from_list(Pids)),
     ?line verify_etsmem(EtsMem),
     ok.
@@ -2148,24 +2152,24 @@ heir_do(Opts) ->
 			Combos),    			
 			 
     %% No heir
-    {Founder1,MrefF1} = spawn_monitor(fun()->heir_founder(Master,foo_data,Opts)end),
+    {Founder1,MrefF1} = my_spawn_monitor(fun()->heir_founder(Master,foo_data,Opts)end),
     Founder1 ! {go, none},
     ?line {"No heir",Founder1} = receive_any(),
     ?line {'DOWN', MrefF1, process, Founder1, normal} = receive_any(),
     ?line undefined = ets:info(foo),
 
     %% An already dead heir
-    {Heir2,MrefH2} = spawn_monitor(fun()->die end),
+    {Heir2,MrefH2} = my_spawn_monitor(fun()->die end),
     ?line {'DOWN', MrefH2, process, Heir2, normal} = receive_any(),
-    {Founder2,MrefF2} = spawn_monitor(fun()->heir_founder(Master,foo_data,Opts)end),
+    {Founder2,MrefF2} = my_spawn_monitor(fun()->heir_founder(Master,foo_data,Opts)end),
     Founder2 ! {go, Heir2},
     ?line {"No heir",Founder2} = receive_any(),
     ?line {'DOWN', MrefF2, process, Founder2, normal} = receive_any(),
     ?line undefined = ets:info(foo),
 
     %% When heir dies before founder
-    {Founder3,MrefF3} = spawn_monitor(fun()->heir_founder(Master,"The dying heir",Opts)end),
-    {Heir3,MrefH3} = spawn_monitor(fun()->heir_heir(Founder3)end),
+    {Founder3,MrefF3} = my_spawn_monitor(fun()->heir_founder(Master,"The dying heir",Opts)end),
+    {Heir3,MrefH3} = my_spawn_monitor(fun()->heir_heir(Founder3)end),
     Founder3 ! {go, Heir3},
     ?line {'DOWN', MrefH3, process, Heir3, normal} = receive_any(),
     Founder3 ! die_please,
@@ -2173,14 +2177,12 @@ heir_do(Opts) ->
     ?line undefined = ets:info(foo),
 
     %% When heir dies and pid reused before founder dies
-    erts_debug:set_internal_state(available_internal_state,true),
     NextPidIx = erts_debug:get_internal_state(next_pid),
-    {Founder4,MrefF4} = spawn_monitor(fun()->heir_founder(Master,"The dying heir",Opts)end),
-    {Heir4,MrefH4} = spawn_monitor(fun()->heir_heir(Founder4)end),
+    {Founder4,MrefF4} = my_spawn_monitor(fun()->heir_founder(Master,"The dying heir",Opts)end),
+    {Heir4,MrefH4} = my_spawn_monitor(fun()->heir_heir(Founder4)end),
     Founder4 ! {go, Heir4},
     ?line {'DOWN', MrefH4, process, Heir4, normal} = receive_any(),
     erts_debug:set_internal_state(next_pid, NextPidIx),
-    erts_debug:set_internal_state(available_internal_state,false),
     {Heir4,MrefH4_B} = spawn_monitor_with_pid(Heir4, 
 					      fun()-> ?line die_please = receive_any() end),
     Founder4 ! die_please,
@@ -2256,9 +2258,9 @@ heir_heir(Founder, Mode) ->
 heir_1(HeirData,Mode,Opts) ->
     io:format("test with heir_data = ~p\n", [HeirData]),
     Master = self(),
-    ?line Founder = spawn_link(fun() -> heir_founder(Master,HeirData,Opts) end),
+    ?line Founder = my_spawn_link(fun() -> heir_founder(Master,HeirData,Opts) end),
     io:format("founder spawned = ~p\n", [Founder]),
-    ?line {Heir,Mref} = spawn_monitor(fun() -> heir_heir(Founder,Mode) end),
+    ?line {Heir,Mref} = my_spawn_monitor(fun() -> heir_heir(Founder,Mode) end),
     io:format("heir spawned = ~p\n", [{Heir,Mref}]),
     ?line Founder ! {go, Heir},
     ?line {'DOWN', Mref, process, Heir, normal} = receive_any().
@@ -2275,7 +2277,7 @@ give_away_do(Opts) ->
     Parent = self(),
 
     %% Give and then give back
-    ?line {Receiver,Mref} = spawn_monitor(fun()-> give_away_receiver(T,Parent) end),
+    ?line {Receiver,Mref} = my_spawn_monitor(fun()-> give_away_receiver(T,Parent) end),
     ?line give_me = receive_any(),
     ?line true = ets:give_away(T,Receiver,here_you_are),
     ?line {'EXIT',{badarg,_}} = (catch ets:lookup(T,key)),
@@ -2286,7 +2288,7 @@ give_away_do(Opts) ->
 
     %% Give and then let receiver keep it
     ?line true = ets:insert(T,{key,1}),
-    ?line {Receiver3,Mref3} = spawn_monitor(fun()-> give_away_receiver(T,Parent) end),
+    ?line {Receiver3,Mref3} = my_spawn_monitor(fun()-> give_away_receiver(T,Parent) end),
     ?line give_me = receive_any(),
     ?line true = ets:give_away(T,Receiver3,here_you_are),
     ?line {'EXIT',{badarg,_}} = (catch ets:lookup(T,key)),
@@ -2298,7 +2300,7 @@ give_away_do(Opts) ->
     ?line T2 = ets_new(foo,[private | Opts]),
     ?line true = ets:insert(T2,{key,1}),
     ?line ets:setopts(T2,{heir,self(),"Som en gummiboll..."}),
-    ?line {Receiver2,Mref2} = spawn_monitor(fun()-> give_away_receiver(T2,Parent) end),
+    ?line {Receiver2,Mref2} = my_spawn_monitor(fun()-> give_away_receiver(T2,Parent) end),
     ?line give_me = receive_any(),
     ?line true = ets:give_away(T2,Receiver2,here_you_are),
     ?line {'EXIT',{badarg,_}} = (catch ets:lookup(T2,key)),
@@ -2313,12 +2315,12 @@ give_away_do(Opts) ->
     ?line {'EXIT',{badarg,_}} = (catch ets:give_away(T2,"not a pid","To wrong type")),
 
     ?line true = ets:delete(T2),
-    ?line {ReceiverNeg,MrefNeg} = spawn_monitor(fun()-> give_away_receiver(T2,Parent) end),
+    ?line {ReceiverNeg,MrefNeg} = my_spawn_monitor(fun()-> give_away_receiver(T2,Parent) end),
     ?line give_me = receive_any(),
     ?line {'EXIT',{badarg,_}} = (catch ets:give_away(T2,ReceiverNeg,"A deleted table")),
 
     ?line T3 = ets_new(foo,[public | Opts]),
-    spawn_link(fun()-> {'EXIT',{badarg,_}} = (catch ets:give_away(T3,ReceiverNeg,"From non owner")),
+    my_spawn_link(fun()-> {'EXIT',{badarg,_}} = (catch ets:give_away(T3,ReceiverNeg,"From non owner")),
 		       Parent ! done
 	       end),
     ?line done = receive_any(),
@@ -2354,7 +2356,7 @@ setopts_do(Opts) ->
     Self = self(),
     ?line T = ets_new(foo,[named_table, private | Opts]),
     ?line none = ets:info(T,heir),
-    Heir = spawn_link(fun()->heir_heir(Self) end),
+    Heir = my_spawn_link(fun()->heir_heir(Self) end),
     ?line ets:setopts(T,{heir,Heir,"Data"}),
     ?line Heir = ets:info(T,heir),
     ?line ets:setopts(T,{heir,self(),"Data"}),
@@ -2383,6 +2385,8 @@ setopts_do(Opts) ->
     ?line {'EXIT',{badarg,_}} = (catch ets:setopts(T,{protection,private,false})),
     ?line {'EXIT',{badarg,_}} = (catch ets:setopts(T,protection)),
     ?line ets:delete(T),
+    unlink(Heir),
+    exit(Heir, bang),
     ok.
 
 bad_table(doc) -> ["All kinds of operations with bad table argument"];
@@ -2405,14 +2409,14 @@ bad_table(Config) when is_list(Config) ->
 
 bad_table_do(Opts, DummyFile) ->
     Parent = self(),    
-    {Pid,Mref} = spawn_opt(fun()-> ets_new(priv,[private,named_table | Opts]),
-				   Priv = ets_new(priv,[private | Opts]),
-				   ets_new(prot,[protected,named_table | Opts]),
-				   Prot = ets_new(prot,[protected | Opts]),
-				   Parent ! {self(),Priv,Prot},
-				   die_please = receive_any()
-			   end,
-			   [link, monitor]),
+    {Pid,Mref} = my_spawn_opt(fun()-> ets_new(priv,[private,named_table | Opts]),
+				      Priv = ets_new(priv,[private | Opts]),
+				      ets_new(prot,[protected,named_table | Opts]),
+				      Prot = ets_new(prot,[protected | Opts]),
+				      Parent ! {self(),Priv,Prot},
+				      die_please = receive_any()
+			      end,
+			      [link, monitor]),
     {Pid,Priv,Prot} = receive_any(),
     MatchSpec = {{key,'_'}, [], ['$$']},
     Fun = fun(X,_) -> X end,
@@ -2652,7 +2656,7 @@ maybe_sort(L) when is_list(L) ->
 %maybe_sort({'EXIT',{Reason, [{Module, Function, _}|_]}}) ->
 %    {'EXIT',{Reason, [{Module, Function, '_'}]}};
 maybe_sort({'EXIT',{Reason, List}}) when is_list(List) ->
-    {'EXIT',{Reason, lists:map(fun({Module, Function, _}) ->
+    {'EXIT',{Reason, lists:map(fun({Module, Function, _, _}) ->
 				       {Module, Function, '_'}
 			       end,
 			       List)}};
@@ -3258,7 +3262,7 @@ delete_large_named_table_1(Name, Flags, Data, Fix) ->
 	    ?line lists:foreach(fun({K,_}) -> ets:delete(Tab, K) end, Data)
     end,
     Parent = self(),
-    Pid = spawn_link(fun() ->
+    Pid = my_spawn_link(fun() ->
 			     receive
 				 {trace,Parent,call,_} ->
 				     ets_new(Name, [named_table])
@@ -3620,7 +3624,7 @@ cycle(Tab, L) ->
     ets:insert(Tab,list_to_tuple(L)),
     cycle(Tab, tl(L)++[hd(L)]).
 
-dynamic_go() -> spawn_link(fun dynamic_init/0).
+dynamic_go() -> my_spawn_link(fun dynamic_init/0).
 
 dynamic_init() -> [dyn_lookup(?MODULE) || _ <- lists:seq(1, 10)].
 
@@ -3847,7 +3851,7 @@ safe_fixtable_do(Opts) ->
     Self = self(),
     ?line {{_,_,_},[{Self,1}]} = ets:info(Tab,safe_fixed),
     %% Test that an unjustified 'unfix' is a no-op.
-    {Pid,MRef} = spawn_monitor(fun() -> true = ets:safe_fixtable(Tab,false) end),
+    {Pid,MRef} = my_spawn_monitor(fun() -> true = ets:safe_fixtable(Tab,false) end),
     {'DOWN', MRef, process, Pid, normal} = receive M -> M end,
     ?line true = ets:info(Tab,fixed),
     ?line {{_,_,_},[{Self,1}]} = ets:info(Tab,safe_fixed),
@@ -4251,7 +4255,7 @@ do_heavy_concurrent(Opts) ->
     ?line ok = fill_tab2(Tab, 0, Size),
     ?line Procs = lists:map(
 		    fun (N) ->
-			    spawn_link(
+			    my_spawn_link(
 			      fun () ->
 				      do_heavy_concurrent_proc(Tab, Size, N)
 			      end)
@@ -4855,12 +4859,7 @@ otp_7665_act(Tab,Min,Max,DelNr) ->
 %% Whitebox testing of meta name table hashing.
 meta_wb(Config) when is_list(Config) ->
     ?line EtsMem = etsmem(),
-    ?line erts_debug:set_internal_state(available_internal_state, true),
-    try
-	repeat_for_opts(meta_wb_do)
-    after
-	erts_debug:set_internal_state(available_internal_state, false)
-    end,
+    repeat_for_opts(meta_wb_do),
     ?line verify_etsmem(EtsMem).
 
 
@@ -4929,12 +4928,15 @@ colliding_names(Name) ->
 
 grow_shrink(Config) when is_list(Config) ->
     ?line EtsMem = etsmem(),
-    grow_shrink_0(lists:seq(3071, 5000), EtsMem).
+    ?line grow_shrink_0(lists:seq(3071, 5000), EtsMem),
+    ?line verify_etsmem(EtsMem).
 
 grow_shrink_0([N|Ns], EtsMem) ->
     ?line grow_shrink_1(N, [set]),
     ?line grow_shrink_1(N, [ordered_set]),
-    ?line verify_etsmem(EtsMem),
+    %% Verifying ets-memory here takes too long time, since
+    %% lock-free allocators were introduced...
+    %% ?line verify_etsmem(EtsMem),
     grow_shrink_0(Ns, EtsMem);
 grow_shrink_0([], _) -> ok.
 
@@ -4981,13 +4983,13 @@ grow_pseudo_deleted_do(Type) ->
     ?line Left = ets:info(T,size),
     ?line Mult = get_kept_objects(T),
     filltabstr(T,Mult),
-    spawn_opt(fun()-> ?line true = ets:info(T,fixed),
-		       Self ! start,
-		       io:format("Starting to filltabstr... ~p\n",[now()]),
-		       filltabstr(T,Mult,Mult+10000),
-		       io:format("Done with filltabstr. ~p\n",[now()]),
-		       Self ! done 
-	       end, [link, {scheduler,2}]),
+    my_spawn_opt(fun()-> ?line true = ets:info(T,fixed),
+			 Self ! start,
+			 io:format("Starting to filltabstr... ~p\n",[now()]),
+			 filltabstr(T,Mult,Mult+10000),
+			 io:format("Done with filltabstr. ~p\n",[now()]),
+			 Self ! done 
+		 end, [link, {scheduler,2}]),
     ?line start = receive_any(),
     io:format("Unfixing table...~p nitems=~p\n",[now(),ets:info(T,size)]),
     ?line true = ets:safe_fixtable(T,false),
@@ -5021,13 +5023,13 @@ shrink_pseudo_deleted_do(Type) ->
 				     [true]}]),    
     ?line Half = ets:info(T,size),
     ?line Half = get_kept_objects(T),
-    spawn_opt(fun()-> ?line true = ets:info(T,fixed),
-		      Self ! start,
-		      io:format("Starting to delete... ~p\n",[now()]),
-		      del_one_by_one_set(T,1,Half+1),
-		      io:format("Done with delete. ~p\n",[now()]),
-		      Self ! done 
-	      end, [link, {scheduler,2}]),
+    my_spawn_opt(fun()-> ?line true = ets:info(T,fixed),
+			 Self ! start,
+			 io:format("Starting to delete... ~p\n",[now()]),
+			 del_one_by_one_set(T,1,Half+1),
+			 io:format("Done with delete. ~p\n",[now()]),
+			 Self ! done 
+		 end, [link, {scheduler,2}]),
     ?line start = receive_any(),
     io:format("Unfixing table...~p nitems=~p\n",[now(),ets:info(T,size)]),
     ?line true = ets:safe_fixtable(T,false),
@@ -5184,24 +5186,24 @@ smp_unfix_fix_do() ->
     ?line Deleted = get_kept_objects(T),
     
     {Child, Mref} = 
-	spawn_opt(fun()-> ?line true = ets:info(T,fixed),
-			  Parent ! start,
-			  io:format("Child waiting for table to be unfixed... now=~p mem=~p\n",
-				    [now(),ets:info(T,memory)]),
-			  repeat_while(fun()-> ets:info(T,fixed) end),
-			  io:format("Table unfixed. Child Fixating! now=~p mem=~p\n",
-				    [now(),ets:info(T,memory)]),    
-			  ?line true = ets:safe_fixtable(T,true),
-			  repeat_while(fun(Key) when Key =< NumOfObjs -> 
-					       ets:delete(T,Key), {true,Key+1};
-					  (Key) -> {false,Key}
-				       end,
-				       Deleted),
-			  ?line 0 = ets:info(T,size),
-			  ?line true = get_kept_objects(T) >= Left,		      
-			  ?line done = receive_any()
-		  end, 
-		  [link, monitor, {scheduler,2}]),
+      my_spawn_opt(fun()-> ?line true = ets:info(T,fixed),
+			   Parent ! start,
+			   io:format("Child waiting for table to be unfixed... now=~p mem=~p\n",
+				     [now(),ets:info(T,memory)]),
+			   repeat_while(fun()-> ets:info(T,fixed) end),
+			   io:format("Table unfixed. Child Fixating! now=~p mem=~p\n",
+				     [now(),ets:info(T,memory)]),    
+			   ?line true = ets:safe_fixtable(T,true),
+			   repeat_while(fun(Key) when Key =< NumOfObjs -> 
+						ets:delete(T,Key), {true,Key+1};
+					   (Key) -> {false,Key}
+					end,
+					Deleted),
+			   ?line 0 = ets:info(T,size),
+			   ?line true = get_kept_objects(T) >= Left,		      
+			   ?line done = receive_any()
+		   end, 
+		   [link, monitor, {scheduler,2}]),
     
     ?line start = receive_any(),        
     ?line true = ets:info(T,fixed),
@@ -5232,11 +5234,11 @@ otp_8166_do(WC) ->
     Deleted = NumOfObjs div 2,
     filltabint(T,NumOfObjs),
     {ReaderPid, ReaderMref} = 
- 	spawn_opt(fun()-> otp_8166_reader(T,NumOfObjs) end, 
- 		  [link, monitor, {scheduler,2}]),
+ 	my_spawn_opt(fun()-> otp_8166_reader(T,NumOfObjs) end, 
+		     [link, monitor, {scheduler,2}]),
     {ZombieCrPid, ZombieCrMref} = 
- 	spawn_opt(fun()-> otp_8166_zombie_creator(T,Deleted) end, 
- 		  [link, monitor, {scheduler,3}]),
+ 	my_spawn_opt(fun()-> otp_8166_zombie_creator(T,Deleted) end, 
+		     [link, monitor, {scheduler,3}]),
 
     repeat(fun() -> ZombieCrPid ! {loop, self()},
 		    zombies_created = receive_any(),
@@ -5496,7 +5498,7 @@ run_workers_do(InitF,ExecF,FiniF,Laps, Exclude) ->
     io:format("smp starting ~p workers\n",[NumOfProcs]),
     Seeds = [{ProcN,random:uniform(9999)} || ProcN <- lists:seq(1,NumOfProcs)],
     Parent = self(),
-    Pids = [spawn_link(fun()-> worker(Seed,InitF,ExecF,FiniF,Laps,Parent,NumOfProcs) end)
+    Pids = [my_spawn_link(fun()-> worker(Seed,InitF,ExecF,FiniF,Laps,Parent,NumOfProcs) end)
 	    || Seed <- Seeds],
     case Laps of
 	infinite -> Pids;
@@ -5545,31 +5547,30 @@ my_tab_to_list(_Ts,'$end_of_table', Acc) -> lists:reverse(Acc);
 my_tab_to_list(Ts,Key, Acc) ->
     my_tab_to_list(Ts,ets:next(Ts,Key),[ets:lookup(Ts, Key)| Acc]).
 
-wait_for_all_schedulers_online_to_execute() ->
-    PMs = lists:map(fun (Sched) ->
-			    spawn_opt(fun () -> ok end,
-				      [monitor, {scheduler, Sched}])
-		    end,
-		    lists:seq(1,erlang:system_info(schedulers_online))),
-    lists:foreach(fun ({P, M}) ->
-			  receive
-			      {'DOWN', M, process, P, _} -> ok
-			  end
-		  end,
-		  PMs),
-    ok.
+
+wait_for_memory_deallocations() ->
+    try
+	erts_debug:set_internal_state(wait, deallocations)
+    catch
+	error:undef ->
+	    erts_debug:set_internal_state(available_internal_state, true),
+	    wait_for_memory_deallocations()
+    end.
+	    
 
 etsmem() ->
-    %% Wait until it is guaranteed that all already scheduled
-    %% deallocations of DbTable structures have completed.
-    wait_for_all_schedulers_online_to_execute(),
+    wait_for_memory_deallocations(),
 
     AllTabs = lists:map(fun(T) -> {T,ets:info(T,name),ets:info(T,size),
 				   ets:info(T,memory),ets:info(T,type)} 
 			end, ets:all()),
+
+    EtsAllocInfo = erlang:system_info({allocator,ets_alloc}),
+    ErlangMemoryEts = try erlang:memory(ets) catch error:notsup -> notsup end,
+
     Mem =
-    {try erlang:memory(ets) catch error:notsup -> notsup end,
-     case erlang:system_info({allocator,ets_alloc}) of
+    {ErlangMemoryEts,
+     case EtsAllocInfo of
 	 false -> undefined;
 	 MemInfo ->
 	     CS = lists:foldl(
@@ -5646,6 +5647,8 @@ spawn_logger(Procs) ->
 					      true -> exit(Proc, kill);
 					      _ -> ok
 					  end,
+					  erlang:display({"Waiting for 'DOWN' from", Proc,
+							  process_info(Proc), pid_status(Proc)}),
 					  receive
 					      {'DOWN', Mon, _, _, _} ->
 						  ok
@@ -5656,6 +5659,15 @@ spawn_logger(Procs) ->
 	    spawn_logger([From])
     end.
 
+pid_status(Pid) ->
+    try
+	erts_debug:get_internal_state({process_status, Pid})
+    catch
+	error:undef ->
+	    erts_debug:set_internal_state(available_internal_state, true),
+	    pid_status(Pid)
+    end. 
+
 start_spawn_logger() ->
     case whereis(ets_test_spawn_logger) of
 	Pid when is_pid(Pid) -> true;
@@ -5681,7 +5693,7 @@ wait_for_test_procs(Kill) ->
     ets_test_spawn_logger ! {sync_test_procs, Kill, self()},
     receive test_procs_synced -> ok end.
 
-log_test_proc(Proc) ->
+log_test_proc(Proc) when is_pid(Proc) ->
     ets_test_spawn_logger ! {new_test_proc, Proc},
     Proc.
 
@@ -5693,9 +5705,17 @@ my_spawn_link(Fun) -> log_test_proc(spawn_link(Fun)).
 my_spawn_link(M,F,A) -> log_test_proc(spawn_link(M,F,A)).
 %%my_spawn_link(N,M,F,A) -> log_test_proc(spawn_link(N,M,F,A)).
 
-my_spawn_opt(Fun,Opts) -> log_test_proc(spawn_opt(Fun,Opts)).
-%%my_spawn_opt(M,F,A,Opts) -> log_test_proc(spawn_opt(M,F,A,Opts)).
-%%my_spawn_opt(N,M,F,A,Opts) -> log_test_proc(spawn_opt(N,M,F,A,Opts)).
+my_spawn_opt(Fun,Opts) ->
+    case spawn_opt(Fun,Opts) of
+	Pid when is_pid(Pid) -> log_test_proc(Pid);
+	{Pid, _} = Res when is_pid(Pid) -> log_test_proc(Pid), Res
+    end.
+
+my_spawn_monitor(Fun) ->
+    Res = spawn_monitor(Fun),
+    {Pid, _} = Res,
+    log_test_proc(Pid),
+    Res.
 
 repeat(_Fun, 0) ->
     ok;
@@ -5758,11 +5778,11 @@ spawn_monitor_with_pid(Pid, Fun, N, M) when N > M*10 ->
     spawn_monitor_with_pid(Pid, Fun, N, M*10);
 spawn_monitor_with_pid(Pid, Fun, N, M) ->
     ?line false = is_process_alive(Pid),
-    case spawn(fun()-> case self() of
-			  Pid -> Fun();
-			  _ -> die
-		       end
-	       end) of
+    case my_spawn(fun()-> case self() of
+			      Pid -> Fun();
+			      _ -> die
+			  end
+		  end) of
 	Pid ->	    
 	    {Pid, erlang:monitor(process, Pid)};
 	Other ->
diff --git a/lib/stdlib/test/filelib_SUITE.erl b/lib/stdlib/test/filelib_SUITE.erl
index 3010f5e760..1de639a166 100644
--- a/lib/stdlib/test/filelib_SUITE.erl
+++ b/lib/stdlib/test/filelib_SUITE.erl
@@ -97,11 +97,12 @@ wildcard_errors(Config) when is_list(Config) ->
 
 wcc(Wc, Error) ->
     {'EXIT',{{badpattern,Error},
-	     [{filelib,compile_wildcard,1}|_]}} = (catch filelib:compile_wildcard(Wc)),
+	     [{filelib,compile_wildcard,1,_}|_]}} =
+	(catch filelib:compile_wildcard(Wc)),
     {'EXIT',{{badpattern,Error},
-	     [{filelib,wildcard,1}|_]}} = (catch filelib:wildcard(Wc)),
+	     [{filelib,wildcard,1,_}|_]}} = (catch filelib:wildcard(Wc)),
     {'EXIT',{{badpattern,Error},
-	     [{filelib,wildcard,2}|_]}} = (catch filelib:wildcard(Wc, ".")).
+	     [{filelib,wildcard,2,_}|_]}} = (catch filelib:wildcard(Wc, ".")).
 
 do_wildcard_1(Dir, Wcf0) ->
     do_wildcard_2(Dir, Wcf0),
diff --git a/lib/stdlib/test/filename_SUITE.erl b/lib/stdlib/test/filename_SUITE.erl
index 70b0d413dc..4cfa589660 100644
--- a/lib/stdlib/test/filename_SUITE.erl
+++ b/lib/stdlib/test/filename_SUITE.erl
@@ -483,6 +483,22 @@ find_src(Config) when is_list(Config) ->
     
     %% Try to find the source for a preloaded module.
     ?line {error,{preloaded,init}} = filename:find_src(init),
+
+    %% Make sure that find_src works for a slim BEAM file.
+    OldPath = code:get_path(),
+    try
+	PrivDir = ?config(priv_dir, Config),
+	code:add_patha(PrivDir),
+	Src = "simple",
+	SrcPath = filename:join(PrivDir, Src) ++ ".erl",
+	SrcContents = "-module(simple).\n",
+	ok = file:write_file(SrcPath, SrcContents),
+	{ok,simple} = compile:file(SrcPath, [slim,{outdir,PrivDir}]),
+	BeamPath = filename:join(PrivDir, Src),
+	{BeamPath,[]} = filename:find_src(simple)
+    after
+	code:set_path(OldPath)
+    end,
     ok.
 
 %%
diff --git a/lib/stdlib/test/gen_server_SUITE.erl b/lib/stdlib/test/gen_server_SUITE.erl
index a614d6595d..7fb8d54f2d 100644
--- a/lib/stdlib/test/gen_server_SUITE.erl
+++ b/lib/stdlib/test/gen_server_SUITE.erl
@@ -694,7 +694,7 @@ multicall_down(Config) when is_list(Config) ->
     %% We use 'global' as a gen_server to call.
     ?line {Good, Bad} = gen_server:multi_call([Name, node()],
 					      global_name_server,
-					      {whereis, gurkburk},
+					      info,
 					      3000),
     io:format("good = ~p, bad = ~p~n", [Good, Bad]),
     ?line [Name] = Bad,
diff --git a/lib/stdlib/test/ms_transform_SUITE.erl b/lib/stdlib/test/ms_transform_SUITE.erl
index 4e5df12798..c9688354b1 100644
--- a/lib/stdlib/test/ms_transform_SUITE.erl
+++ b/lib/stdlib/test/ms_transform_SUITE.erl
@@ -39,6 +39,7 @@
 -export([float_1_function/1]).
 -export([action_function/1]).
 -export([warnings/1]).
+-export([no_warnings/1]).
 -export([init_per_testcase/2, end_per_testcase/2]).
 
 init_per_testcase(_Func, Config) ->
@@ -55,7 +56,7 @@ all() ->
     [from_shell, basic_ets, basic_dbg, records,
      record_index, multipass, bitsyntax, record_defaults,
      andalso_orelse, float_1_function, action_function,
-     warnings, top_match, old_guards, autoimported,
+     warnings, no_warnings, top_match, old_guards, autoimported,
      semicolon].
 
 groups() -> 
@@ -155,6 +156,34 @@ warnings(Config) when is_list(Config) ->
 	compile_ww(Prog7),
     ok.
 
+no_warnings(suite) ->
+    [];
+no_warnings(doc) ->
+    ["Check that variables bound in other function clauses don't generate "
+     "warning"];
+no_warnings(Config) when is_list(Config) ->
+    ?line setup(Config),
+    Prog = <<"tmp(X) when X > 100 ->\n",
+	     "   Y=X,\n"
+	     "   Y;\n"
+	     "tmp(X) ->\n"
+	     "   ets:fun2ms(fun(Y) ->\n"
+	     "                  {X, 3*Y}\n"
+	     "              end)">>,
+    ?line [] = compile_no_ww(Prog),
+
+    Prog2 = <<"tmp(X) when X > 100 ->\n",
+	     "   Y=X,\n"
+	     "   Y;\n"
+	     "tmp(X) when X < 200 ->\n"
+	     "   ok;\n"
+	     "tmp(X) ->\n"
+	     "   ets:fun2ms(fun(Y) ->\n"
+	     "                  {X, 3*Y}\n"
+	     "              end)">>,
+    ?line [] = compile_no_ww(Prog2),
+    ok.
+
 andalso_orelse(suite) ->
     [];
 andalso_orelse(doc) ->
@@ -842,6 +871,20 @@ compile_ww(Records,Expr) ->
 					       nowarn_unused_record]),
     Wlist.
 
+compile_no_ww(Expr) ->
+    Prog = <<
+	"-module(tmp).\n",
+    "-include_lib(\"stdlib/include/ms_transform.hrl\").\n",
+    "-export([tmp/1]).\n\n",
+    Expr/binary,".\n">>,
+    FN=temp_name(),
+    file:write_file(FN,Prog),
+    {ok,Forms} = epp:parse_file(FN,"",""),
+    {ok,tmp,_Bin,Wlist} = compile:forms(Forms,[return_warnings,
+					       nowarn_unused_vars,
+					       nowarn_unused_record]),
+    Wlist.
+
 do_eval(String) ->
     {done,{ok,T,_},[]} = erl_scan:tokens(
 			   [],
diff --git a/lib/stdlib/test/proc_lib_SUITE.erl b/lib/stdlib/test/proc_lib_SUITE.erl
index 1565aa9bba..c95089117c 100644
--- a/lib/stdlib/test/proc_lib_SUITE.erl
+++ b/lib/stdlib/test/proc_lib_SUITE.erl
@@ -328,7 +328,7 @@ otp_6345(doc) ->
     ["'monitor' spawn_opt option"];
 otp_6345(Config) when is_list(Config) ->
     Opts = [link,monitor],
-    {'EXIT', {badarg,[{proc_lib,check_for_monitor,_}|_Stack]}} =
+    {'EXIT', {badarg,[{proc_lib,check_for_monitor,_,_}|_Stack]}} =
 	(catch proc_lib:start(?MODULE, otp_6345_init, [self()],
 			      1000, Opts)),
     ok.
diff --git a/lib/stdlib/test/qlc_SUITE.erl b/lib/stdlib/test/qlc_SUITE.erl
index 98eeaee118..50a76cdfb5 100644
--- a/lib/stdlib/test/qlc_SUITE.erl
+++ b/lib/stdlib/test/qlc_SUITE.erl
@@ -20,7 +20,6 @@
 %%% Purpose:Test Suite for the 'qlc' module.
 %%%-----------------------------------------------------------------
 -module(qlc_SUITE).
--compile(r12).
 
 -define(QLC, qlc).
 -define(QLCs, "qlc").
@@ -6118,6 +6117,7 @@ otp_6964(Config) when is_list(Config) ->
                       qlc:e(Q, [{max_list_size,64*1024},{tmpdir_usage,Use}])
               end,
           D = erlang:system_flag(backtrace_depth, 0),
+      try
           20000 = length(F(allowed)),
           ErrReply = F(not_allowed),
           {error, qlc, {tmpdir_usage,joining}} = ErrReply,
@@ -6129,8 +6129,10 @@ otp_6964(Config) when is_list(Config) ->
           20000 = length(F(info_msg)),
           {info, joining} = qlc_SUITE:read_error_logger(),
           20000 = length(F(error_msg)),
-          {error, joining} = qlc_SUITE:read_error_logger(),
-          _ = erlang:system_flag(backtrace_depth, D),
+          {error, joining} = qlc_SUITE:read_error_logger()
+      after
+          _ = erlang:system_flag(backtrace_depth, D)
+      end,
           qlc_SUITE:uninstall_error_logger()">>],
     ?line run(Config, T1),
 
@@ -6632,7 +6634,7 @@ otp_7232(Config) when is_list(Config) ->
              {call,_,
                {remote,_,{atom,_,qlc},{atom,_,sort}},
                [{cons,_,
-                      {'fun',_,{function,math,sqrt,_}},
+                      {'fun',_,{function,{atom,_,math},{atom,_,sqrt},_}},
                       {cons,_,
                             {string,_,\"<0.4.1>\"}, % could use list_to_pid..
                             {cons,_,{string,_,\"#Ref<\"++_},{nil,_}}}},
@@ -7399,70 +7401,37 @@ backward(doc) ->
     "OTP-6674. Join info and extra constants.";
 backward(suite) -> [];
 backward(Config) when is_list(Config) ->
-    case try_old_join_info(Config) of
-        ok ->
-            ok;
-        Reply ->
-            Reply
-    end.
-
--ifdef(debug).
-try_old_join_info(_Config) ->
+    try_old_join_info(Config),
     ok.
--else.
+
 try_old_join_info(Config) ->
-    case ?t:is_release_available("r12b") of
-        true ->
-            %% Check join info for handlers of extra constants. Start R12B-0.
-            ?line {ok, R12} = start_node_rel(r12, r12b, slave),
-            File  = filename("handle.erl", Config),
-            ?line file:write_file(File, 
-                <<"-module(handle).\n"
-                  "-export([create_handle/0, lookup_handle/0]).\n"
-                  "-include_lib(\"stdlib/include/qlc.hrl\").\n"
-                  "create_handle() ->\n"
-                  "  H1 = qlc:sort([{192.0,1,a},{192.0,2,b},{192.0,3,c}]),\n"
-                  "  qlc:q([{X, Y} || {B,X,_} <- H1,\n"
-                  "                   B =:= 192.0,\n"
-                  "                   {Y} <- [{0},{1},{2}],\n"
-                  "                   X == Y]).\n",
-                  "\n",
-                  "lookup_handle() ->\n"
-                  "  E = qlc_SUITE:table([{1,a},{2,b},{3,c}], 1, [1]),\n"
-                  "  qlc:q([{X, Y} || {X,_} <- E,\n"
-                  "                   {Y} <- [{0},{1},{2}],\n"
-                  "                   X =:= Y]).\n">>),
-            ?line {ok, handle} = rpc:call(R12, compile, file,
-                                          [File, [{outdir,?privdir}]]),
-            ?line {module, handle} = rpc:call(R12, code, load_abs,
-                                              [filename:rootname(File)]),
-            ?line H = rpc:call(R12, handle, create_handle, []),
-            ?line {module, handle} = code:load_abs(filename:rootname(File)),
-            ?line {block,0,
-                     [{match,_,_,
-                       {call,_,_,
-                        [{lc,_,_,
-                          [_,
-                           {op,_,'=:=',
-                            {float,_,192.0},
-                            {call,_,{atom,_,element},[{integer,_,1},_]}}]}]}},
-                      _,_,
-                      {call,_,_,
-                       [{lc,_,_,
-                         [_,
-                          {op,_,'=:=',{var,_,'B'},{float,_,192.0}},
-                          {op,_,'==',{var,_,'X'},{var,_,'Y'}}]}]}]} 
-                    = qlc:info(H,{format,abstract_code}),
-            ?line [{1,1},{2,2}] = qlc:e(H),
-            ?line H2 = rpc:call(R12, handle, lookup_handle, []),
-            ?line {qlc,_,[{generate,_,{qlc,_,_,[{join,lookup}]}},_],[]} =
-                qlc:info(H2, {format,debug}),
-            ?line [{1,1},{2,2}] = qlc:e(H2),
-            stop_node(R12);
-	false ->
-	    ?line {skipped, "No support for old node"}
-    end.
--endif.
+    %% Check join info for handlers of extra constants.
+    File = filename:join(?datadir, "join_info_compat.erl"),
+    M = join_info_compat,
+    {ok, M} = compile:file(File, [{outdir, ?datadir}]),
+    {module, M} = code:load_abs(filename:rootname(File)),
+    H = M:create_handle(),
+    {block,0,
+     [{match,_,_,
+       {call,_,_,
+        [{lc,_,_,
+          [_,
+           {op,_,'=:=',
+            {float,_,192.0},
+            {call,_,{atom,_,element},[{integer,_,1},_]}}]}]}},
+      _,_,
+      {call,_,_,
+       [{lc,_,_,
+         [_,
+          {op,_,'=:=',{var,_,'B'},{float,_,192.0}},
+          {op,_,'==',{var,_,'X'},{var,_,'Y'}}]}]}]}
+        = qlc:info(H,{format,abstract_code}),
+    [{1,1},{2,2}] = qlc:e(H),
+
+    H2 = M:lookup_handle(),
+    {qlc,_,[{generate,_,{qlc,_,_,[{join,lookup}]}},_],[]} =
+        qlc:info(H2, {format,debug}),
+    [{1,1},{2,2}] = qlc:e(H2).
 
 forward(doc) ->
     "";
@@ -8127,27 +8096,6 @@ fail(Source) ->
 
 %% Copied from global_SUITE.erl.
 
-start_node_rel(Name, Rel, How) ->
-    {Release, Compat} = case Rel of
-                            this ->
-                                {[this], "+R8"};
-                            Rel when is_atom(Rel) ->
-                                {[{release, atom_to_list(Rel)}], ""};
-                            RelList ->
-			       {RelList, ""}
-		       end,
-    ?line Pa = filename:dirname(code:which(?MODULE)),
-    ?line Res = test_server:start_node(Name, How, 
-                                       [{args,
-                                         Compat ++ 
-                                         " -kernel net_setuptime 100 "
-                                         " -pa " ++ Pa},
-                                        {erl, Release}]),
-    Res.
-
-stop_node(Node) ->
-    ?line ?t:stop_node(Node).
-
 install_error_logger() ->
     error_logger:add_report_handler(?MODULE, self()).
 
diff --git a/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl b/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl
new file mode 100644
index 0000000000..e0db132c47
--- /dev/null
+++ b/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl
@@ -0,0 +1,1771 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(join_info_compat).
+
+-compile(export_all).
+
+create_handle() ->
+    H1 = qlc:sort([{192.0,1,a},{192.0,2,b},{192.0,3,c}]),
+    qlc:q({qlc_lc,
+           % fun-info: {23,109048965,'-create_handle/0-fun-23-'}
+           fun() ->
+                  {qlc_v1,
+                   % fun-info: {2,105724313,'-create_handle/0-fun-2-'}
+                   fun(S01_0_1, RL01_0_1, Go01_0_1) ->
+                          Fun1_0_1 =
+                              % fun-info: {1,131900588,'-create_handle/0-fun-1-'}
+                              fun(0, RL1_0_1, _, _, _, _, _, _, _)
+                                     when is_list(RL1_0_1) ->
+                                     lists:reverse(RL1_0_1);
+                                 (0, _, _, _, _, _, _, _, _) ->
+                                     [];
+                                 (1,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1)
+                                     when is_list(RL1_0_1) ->
+                                     Fun1_0_1(element(1, Go1_0_1),
+                                              [{X1,Y1}|RL1_0_1],
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (1,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     [{X1,Y1}|
+                                      % fun-info: {0,27702789,'-create_handle/0-fun-0-'}
+                                      fun() ->
+                                             Fun1_0_1(element(1,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                      end];
+                                 (2,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  _,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(3,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              element(4, Go1_0_1),
+                                              B1,
+                                              X1);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [{B1,X1,_}|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(3, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              B1,
+                                              X1);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [_|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(3,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              [],
+                                              []);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(2, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              [],
+                                              [],
+                                              []);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  _,
+                                  _) ->
+                                     case C1_1_1() of
+                                         [{B1,X1,_}|C1_0_1] ->
+                                             Fun1_0_1(element(3,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(3,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      [],
+                                                      []);
+                                         [] ->
+                                             Fun1_0_1(element(2,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end;
+                                 (4,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     if
+                                         B1 =:= 192.0 ->
+                                             Fun1_0_1(element(6,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         true ->
+                                             Fun1_0_1(element(5,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                     end;
+                                 (5,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  _,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(6,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              element(9, Go1_0_1),
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [{Y1}|C1_0_1],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(element(8, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_0_1,
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [_|C1_0_1],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(6,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_0_1,
+                                              [],
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(element(7, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              [],
+                                              [],
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     case C1_3_1() of
+                                         [{Y1}|C1_0_1] ->
+                                             Fun1_0_1(element(8,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_0_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(6,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_0_1,
+                                                      [],
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         [] ->
+                                             Fun1_0_1(element(7,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      [],
+                                                      [],
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end;
+                                 (7,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     if
+                                         X1 == Y1 ->
+                                             Fun1_0_1(element(11,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         true ->
+                                             Fun1_0_1(element(10,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                     end;
+                                 (8,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  _,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(9,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              element(14, Go1_0_1),
+                                              B1,
+                                              X1);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [[{B1,X1,_}|{Y1}]|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(13, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              B1,
+                                              X1);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [_|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(9,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              [],
+                                              C1_0_1,
+                                              [],
+                                              []);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(12, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              [],
+                                              [],
+                                              [],
+                                              []);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  C1_1_1,
+                                  _,
+                                  _) ->
+                                     case C1_1_1() of
+                                         [[{B1,X1,_}|{Y1}]|C1_0_1] ->
+                                             Fun1_0_1(element(13,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(9,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      [],
+                                                      C1_0_1,
+                                                      [],
+                                                      []);
+                                         [] ->
+                                             Fun1_0_1(element(12,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      [],
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end
+                              end,
+                          Fun1_0_1(S01_0_1,
+                                   RL01_0_1,
+                                   Fun1_0_1,
+                                   Go01_0_1,
+                                   [],
+                                   [],
+                                   [],
+                                   [],
+                                   [])
+                   end,
+                   % fun-info: {3,41816426,'-create_handle/0-fun-3-'}
+                   fun() ->
+                          {<<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $<:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $::8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $9:8/integer-unit:1-unsigned-big,
+                             $\r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\023:8/integer-unit:1-unsigned-big,
+                             $\210:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\232:8/integer-unit:1-unsigned-big,
+                             $\226:8/integer-unit:1-unsigned-big,
+                             $\223:8/integer-unit:1-unsigned-big,
+                             $\237:8/integer-unit:1-unsigned-big,
+                             $X:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\235:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $g:8/integer-unit:1-unsigned-big,
+                             $i:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\200:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $R:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\r:8/integer-unit:1-unsigned-big,
+                             $\214:8/integer-unit:1-unsigned-big,
+                             $\030:8/integer-unit:1-unsigned-big,
+                             $@:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\017:8/integer-unit:1-unsigned-big,
+                             $=:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $t:8/integer-unit:1-unsigned-big,
+                             $u:8/integer-unit:1-unsigned-big,
+                             $p:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $v:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $*:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $R:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\031:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $\t:8/integer-unit:1-unsigned-big,
+                             $\216:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\202:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $D:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $f:8/integer-unit:1-unsigned-big,
+                             $\220:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $s:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $b:8/integer-unit:1-unsigned-big,
+                             $Q:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $W:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\023:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\002:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $\027:8/integer-unit:1-unsigned-big,
+                             $\237:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\007:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\021:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $\224:8/integer-unit:1-unsigned-big,
+                             $\217:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\002:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\203:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big>>}
+                   end,
+                   [{1,
+                     2,
+                     2,
+                     {gen,
+                      % fun-info: {4,131674517,'-create_handle/0-fun-4-'}
+                      fun() ->
+                             H1
+                      end}},
+                    {2,5,4,fil},
+                    {3,
+                     7,
+                     5,
+                     {gen,
+                      % fun-info: {5,108000324,'-create_handle/0-fun-5-'}
+                      fun() ->
+                             [{0},{1},{2}]
+                      end}},
+                    {4,10,7,fil},
+                    {5,
+                     12,
+                     8,
+                     {gen,
+                      {join,
+                       '==',
+                       1,
+                       3,
+                       % fun-info: {9,59718458,'-create_handle/0-fun-9-'}
+                       fun(H1_0_1) ->
+                              F1_0_1 =
+                                  % fun-info: {7,779460,'-create_handle/0-fun-7-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F1_0_1, [O1_0_1|C1_0_1]) ->
+                                         case O1_0_1 of
+                                             {_,_,_}
+                                                 when
+                                                     192.0
+                                                     =:=
+                                                     element(1, O1_0_1) ->
+                                                 [O1_0_1|
+                                                  % fun-info: {6,23729943,'-create_handle/0-fun-6-'}
+                                                  fun() ->
+                                                         F1_0_1(F1_0_1,
+                                                                C1_0_1)
+                                                  end];
+                                             _ ->
+                                                 F1_0_1(F1_0_1, C1_0_1)
+                                         end;
+                                     (F1_0_1, C1_0_1)
+                                         when is_function(C1_0_1) ->
+                                         F1_0_1(F1_0_1, C1_0_1());
+                                     (_, C1_0_1) ->
+                                         C1_0_1
+                                  end,
+                              % fun-info: {8,43652904,'-create_handle/0-fun-8-'}
+                              fun() ->
+                                     F1_0_1(F1_0_1, H1_0_1)
+                              end
+                       end,
+                       % fun-info: {13,102310144,'-create_handle/0-fun-13-'}
+                       fun(H1_0_1) ->
+                              F1_0_1 =
+                                  % fun-info: {11,74362432,'-create_handle/0-fun-11-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F1_0_1, [O1_0_1|C1_0_1]) ->
+                                         case O1_0_1 of
+                                             {_} ->
+                                                 [O1_0_1|
+                                                  % fun-info: {10,23729943,'-create_handle/0-fun-10-'}
+                                                  fun() ->
+                                                         F1_0_1(F1_0_1,
+                                                                C1_0_1)
+                                                  end];
+                                             _ ->
+                                                 F1_0_1(F1_0_1, C1_0_1)
+                                         end;
+                                     (F1_0_1, C1_0_1)
+                                         when is_function(C1_0_1) ->
+                                         F1_0_1(F1_0_1, C1_0_1());
+                                     (_, C1_0_1) ->
+                                         C1_0_1
+                                  end,
+                              % fun-info: {12,43652904,'-create_handle/0-fun-12-'}
+                              fun() ->
+                                     F1_0_1(F1_0_1, H1_0_1)
+                              end
+                       end,
+                       % fun-info: {14,17838355,'-create_handle/0-fun-14-'}
+                       fun() ->
+                              {[{1,[192.0]}],[],[]}
+                       end}}}],
+                   % fun-info: {22,31304647,'-create_handle/0-fun-22-'}
+                   fun(join) ->
+                          {[[{1,"\002"},{3,"\001"}]],[]};
+                      (size) ->
+                          % fun-info: {15,31963143,'-create_handle/0-fun-15-'}
+                          fun(0) ->
+                                 2;
+                             (1) ->
+                                 3;
+                             (3) ->
+                                 1;
+                             (_) ->
+                                 undefined
+                          end;
+                      (template) ->
+                          % fun-info: {16,113413274,'-create_handle/0-fun-16-'}
+                          fun({1,2}, '=:=') ->
+                                 "\001";
+                             ({1,2}, '==') ->
+                                 "\001\002";
+                             ({3,1}, '=:=') ->
+                                 "\002";
+                             ({3,1}, '==') ->
+                                 "\001\002";
+                             (_, _) ->
+                                 []
+                          end;
+                      (constants) ->
+                          % fun-info: {18,52148739,'-create_handle/0-fun-18-'}
+                          fun(1) ->
+                                 % fun-info: {17,5864387,'-create_handle/0-fun-17-'}
+                                 fun(1) ->
+                                        {values,[192.0],{some,[2]}};
+                                    (_) ->
+                                        false
+                                 end;
+                             (_) ->
+                                 no_column_fun
+                          end;
+                      (n_leading_constant_columns) ->
+                          % fun-info: {19,82183172,'-create_handle/0-fun-19-'}
+                          fun(1) ->
+                                 1;
+                             (_) ->
+                                 0
+                          end;
+                      (constant_columns) ->
+                          % fun-info: {20,80910005,'-create_handle/0-fun-20-'}
+                          fun(1) ->
+                                 "\001";
+                             (_) ->
+                                 []
+                          end;
+                      (match_specs) ->
+                          % fun-info: {21,91764346,'-create_handle/0-fun-21-'}
+                          fun(1) ->
+                                 {[{{'$1','$2','_'},
+                                    [{'=:=','$1',192.0}],
+                                    ['$_']}],
+                                  "\002"};
+                             (_) ->
+                                 undefined
+                          end;
+                      (_) ->
+                          undefined
+                   end}
+           end,
+           undefined}).
+
+lookup_handle() ->
+    E = qlc_SUITE:table([{1,a},{2,b},{3,c}], 1, [1]),
+    qlc:q({qlc_lc,
+           % fun-info: {46,120768015,'-lookup_handle/0-fun-22-'}
+           fun() ->
+                  {qlc_v1,
+                   % fun-info: {26,82970908,'-lookup_handle/0-fun-2-'}
+                   fun(S02_0_1, RL02_0_1, Go02_0_1) ->
+                          Fun2_0_1 =
+                              % fun-info: {25,75235357,'-lookup_handle/0-fun-1-'}
+                              fun(0, RL2_0_1, _, _, _, _, _, _)
+                                     when is_list(RL2_0_1) ->
+                                     lists:reverse(RL2_0_1);
+                                 (0, _, _, _, _, _, _, _) ->
+                                     [];
+                                 (1,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2)
+                                     when is_list(RL2_0_1) ->
+                                     Fun2_0_1(element(1, Go2_0_1),
+                                              [{X2,Y2}|RL2_0_1],
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (1,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     [{X2,Y2}|
+                                      % fun-info: {24,124255471,'-lookup_handle/0-fun-0-'}
+                                      fun() ->
+                                             Fun2_0_1(element(1,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2)
+                                      end];
+                                 (2,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  _,
+                                  X2) ->
+                                     Fun2_0_1(3,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              element(4, Go2_0_1),
+                                              X2);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [{X2,_}|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(element(3, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              X2);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [_|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(3,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              []);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [],
+                                  _) ->
+                                     Fun2_0_1(element(2, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              [],
+                                              []);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  _) ->
+                                     case C2_1_1() of
+                                         [{X2,_}|C2_0_1] ->
+                                             Fun2_0_1(element(3,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(3,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      []);
+                                         [] ->
+                                             Fun2_0_1(element(2,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      [],
+                                                      []);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end;
+                                 (4,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  _,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(5,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              element(7, Go2_0_1),
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [{Y2}|C2_0_1],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(element(6, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_0_1,
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [_|C2_0_1],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(5,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_0_1,
+                                              [],
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(element(5, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              [],
+                                              [],
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     case C2_2_1() of
+                                         [{Y2}|C2_0_1] ->
+                                             Fun2_0_1(element(6,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_0_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(5,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_0_1,
+                                                      [],
+                                                      C2_1_1,
+                                                      X2);
+                                         [] ->
+                                             Fun2_0_1(element(5,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      [],
+                                                      [],
+                                                      C2_1_1,
+                                                      X2);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end;
+                                 (6,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     if
+                                         X2 =:= Y2 ->
+                                             Fun2_0_1(element(9,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2);
+                                         true ->
+                                             Fun2_0_1(element(8,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2)
+                                     end;
+                                 (7,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  _,
+                                  X2) ->
+                                     Fun2_0_1(8,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              element(12, Go2_0_1),
+                                              X2);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [[{X2,_}|{Y2}]|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(element(11, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              X2);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [_|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(8,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              [],
+                                              C2_0_1,
+                                              []);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [],
+                                  _) ->
+                                     Fun2_0_1(element(10, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              [],
+                                              [],
+                                              []);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  C2_1_1,
+                                  _) ->
+                                     case C2_1_1() of
+                                         [[{X2,_}|{Y2}]|C2_0_1] ->
+                                             Fun2_0_1(element(11,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(8,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      [],
+                                                      C2_0_1,
+                                                      []);
+                                         [] ->
+                                             Fun2_0_1(element(10,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end
+                              end,
+                          Fun2_0_1(S02_0_1,
+                                   RL02_0_1,
+                                   Fun2_0_1,
+                                   Go02_0_1,
+                                   [],
+                                   [],
+                                   [],
+                                   [])
+                   end,
+                   % fun-info: {27,111349661,'-lookup_handle/0-fun-3-'}
+                   fun() ->
+                          {<<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\206:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $t:8/integer-unit:1-unsigned-big,
+                             $u:8/integer-unit:1-unsigned-big,
+                             $p:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $v:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\t:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\\:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\202:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $D:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $&:8/integer-unit:1-unsigned-big,
+                             $\220:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $s:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $b:8/integer-unit:1-unsigned-big,
+                             $Q:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $\v:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\020:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $5:8/integer-unit:1-unsigned-big,
+                             $#:8/integer-unit:1-unsigned-big,
+                             $\\:8/integer-unit:1-unsigned-big,
+                             $^:8/integer-unit:1-unsigned-big,
+                             $\b:8/integer-unit:1-unsigned-big,
+                             $(:8/integer-unit:1-unsigned-big,
+                             $\037:8/integer-unit:1-unsigned-big,
+                             $\231:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\031:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big>>}
+                   end,
+                   [{1,
+                     2,
+                     2,
+                     {gen,
+                      % fun-info: {28,75197307,'-lookup_handle/0-fun-4-'}
+                      fun() ->
+                             E
+                      end}},
+                    {2,
+                     5,
+                     4,
+                     {gen,
+                      % fun-info: {29,86826511,'-lookup_handle/0-fun-5-'}
+                      fun() ->
+                             [{0},{1},{2}]
+                      end}},
+                    {3,8,6,fil},
+                    {4,
+                     10,
+                     7,
+                     {gen,
+                      {join,
+                       '==',
+                       1,
+                       2,
+                       % fun-info: {33,129609919,'-lookup_handle/0-fun-9-'}
+                       fun(H2_0_1) ->
+                              F2_0_1 =
+                                  % fun-info: {31,45768082,'-lookup_handle/0-fun-7-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F2_0_1, [O2_0_1|C2_0_1]) ->
+                                         case O2_0_1 of
+                                             {_,_} ->
+                                                 [O2_0_1|
+                                                  % fun-info: {30,28136696,'-lookup_handle/0-fun-6-'}
+                                                  fun() ->
+                                                         F2_0_1(F2_0_1,
+                                                                C2_0_1)
+                                                  end];
+                                             _ ->
+                                                 F2_0_1(F2_0_1, C2_0_1)
+                                         end;
+                                     (F2_0_1, C2_0_1)
+                                         when is_function(C2_0_1) ->
+                                         F2_0_1(F2_0_1, C2_0_1());
+                                     (_, C2_0_1) ->
+                                         C2_0_1
+                                  end,
+                              % fun-info: {32,48059625,'-lookup_handle/0-fun-8-'}
+                              fun() ->
+                                     F2_0_1(F2_0_1, H2_0_1)
+                              end
+                       end,
+                       % fun-info: {37,63676968,'-lookup_handle/0-fun-13-'}
+                       fun(H2_0_1) ->
+                              F2_0_1 =
+                                  % fun-info: {35,129320532,'-lookup_handle/0-fun-11-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F2_0_1, [O2_0_1|C2_0_1]) ->
+                                         case O2_0_1 of
+                                             {_} ->
+                                                 [O2_0_1|
+                                                  % fun-info: {34,28136696,'-lookup_handle/0-fun-10-'}
+                                                  fun() ->
+                                                         F2_0_1(F2_0_1,
+                                                                C2_0_1)
+                                                  end];
+                                             _ ->
+                                                 F2_0_1(F2_0_1, C2_0_1)
+                                         end;
+                                     (F2_0_1, C2_0_1)
+                                         when is_function(C2_0_1) ->
+                                         F2_0_1(F2_0_1, C2_0_1());
+                                     (_, C2_0_1) ->
+                                         C2_0_1
+                                  end,
+                              % fun-info: {36,48059625,'-lookup_handle/0-fun-12-'}
+                              fun() ->
+                                     F2_0_1(F2_0_1, H2_0_1)
+                              end
+                       end,
+                       % fun-info: {38,3236543,'-lookup_handle/0-fun-14-'}
+                       fun() ->
+                              {[],[],[]}
+                       end}}}],
+                   % fun-info: {45,56361026,'-lookup_handle/0-fun-21-'}
+                   fun(join) ->
+                          [[{1,"\001"},{2,"\001"}]];
+                      (size) ->
+                          % fun-info: {39,40607542,'-lookup_handle/0-fun-15-'}
+                          fun(0) ->
+                                 2;
+                             (1) ->
+                                 2;
+                             (2) ->
+                                 1;
+                             (_) ->
+                                 undefined
+                          end;
+                      (template) ->
+                          % fun-info: {40,34907048,'-lookup_handle/0-fun-16-'}
+                          fun({1,1}, _) ->
+                                 "\001\002";
+                             ({2,1}, _) ->
+                                 "\001\002";
+                             (_, _) ->
+                                 []
+                          end;
+                      (constants) ->
+                          % fun-info: {41,11686091,'-lookup_handle/0-fun-17-'}
+                          fun(_) ->
+                                 no_column_fun
+                          end;
+                      (n_leading_constant_columns) ->
+                          % fun-info: {42,21492441,'-lookup_handle/0-fun-18-'}
+                          fun(_) ->
+                                 0
+                          end;
+                      (constant_columns) ->
+                          % fun-info: {43,55297177,'-lookup_handle/0-fun-19-'}
+                          fun(_) ->
+                                 []
+                          end;
+                      (match_specs) ->
+                          % fun-info: {44,55081557,'-lookup_handle/0-fun-20-'}
+                          fun(_) ->
+                                 undefined
+                          end;
+                      (_) ->
+                          undefined
+                   end}
+           end,
+           undefined}).
diff --git a/lib/stdlib/test/re_SUITE.erl b/lib/stdlib/test/re_SUITE.erl
index c4817c0d38..3b2e637c84 100644
--- a/lib/stdlib/test/re_SUITE.erl
+++ b/lib/stdlib/test/re_SUITE.erl
@@ -454,115 +454,115 @@ error_handling(Config) when is_list(Config) ->
     % The malformed precomiled RE is detected after 
     % the trap to re:grun from grun, in the grun function clause
     % that handles precompiled expressions
-    ?line {'EXIT',{badarg,[{re,run,["apa",{1,2,3,4},[global]]},
-			   {?MODULE, error_handling,1} | _]}} = 
+    ?line {'EXIT',{badarg,[{re,run,["apa",{1,2,3,4},[global]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:run("apa",{1,2,3,4},[global])),
     % An invalid capture list will also cause a badarg late, 
     % but with a non pre compiled RE, the exception should be thrown by the
     % grun function clause that handles RE's compiled implicitly by
     % the run/3 BIF before trapping.
-    ?line {'EXIT',{badarg,[{re,run,["apa","p",[{capture,[1,{a}]},global]]},
-			   {?MODULE, error_handling,1} | _]}} = 
+    ?line {'EXIT',{badarg,[{re,run,["apa","p",[{capture,[1,{a}]},global]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:run("apa","p",[{capture,[1,{a}]},global])),
     % And so the case of a precompiled expression together with
     % a compile-option (binary and list subject):
     ?line {ok,RE} = re:compile("(p)"),
     ?line {match,[[{1,1},{1,1}]]} = re:run(<<"apa">>,RE,[global]),
     ?line {match,[[{1,1},{1,1}]]} = re:run("apa",RE,[global]),
-    {'EXIT',{badarg,[{re,run,
-                     [<<"apa">>,
-                      {re_pattern,1,0,_},
-                      [global,unicode]]},
-		     {?MODULE, error_handling,1} | _]}} =
+    ?line {'EXIT',{badarg,[{re,run,
+			    [<<"apa">>,
+			     {re_pattern,1,0,_},
+			     [global,unicode]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:run(<<"apa">>,RE,[global,unicode])),
-    {'EXIT',{badarg,[{re,run,
-                     ["apa",
-                      {re_pattern,1,0,_},
-                      [global,unicode]]},
-		     {?MODULE, error_handling,1} | _]}} =
+    ?line {'EXIT',{badarg,[{re,run,
+			    ["apa",
+			     {re_pattern,1,0,_},
+			     [global,unicode]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:run("apa",RE,[global,unicode])),
     ?line {'EXIT',{badarg,_}} = (catch re:run("apa","(p",[])),
     ?line {'EXIT',{badarg,_}} = (catch re:run("apa","(p",[global])),
     % The replace errors:
-    ?line {'EXIT',{badarg,[{re,replace,["apa",{1,2,3,4},"X",[]]},
-			   {?MODULE, error_handling,1} | _]}} =
+    ?line {'EXIT',{badarg,[{re,replace,["apa",{1,2,3,4},"X",[]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:replace("apa",{1,2,3,4},"X",[])),
-    ?line {'EXIT',{badarg,[{re,replace,["apa",{1,2,3,4},"X",[global]]},
-			   {?MODULE, error_handling,1} | _]}} =
+    ?line {'EXIT',{badarg,[{re,replace,["apa",{1,2,3,4},"X",[global]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:replace("apa",{1,2,3,4},"X",[global])),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa",
 			     {re_pattern,1,0,_},
 			     "X",
-			     [unicode]]},
-			   {?MODULE, error_handling,1} | _]}} =
+			     [unicode]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:replace("apa",RE,"X",[unicode])),
     ?line <<"aXa">> = iolist_to_binary(re:replace("apa","p","X",[])),
     ?line {'EXIT',{badarg,[{re,replace,
-			    ["apa","p","X",[{capture,all,binary}]]},
-			   {?MODULE, error_handling,1} | _]}} =
+			    ["apa","p","X",[{capture,all,binary}]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{capture,all,binary}]))),
     ?line {'EXIT',{badarg,[{re,replace,
-			    ["apa","p","X",[{capture,all}]]},
-			   {?MODULE, error_handling,1} | _]}} =
+			    ["apa","p","X",[{capture,all}]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{capture,all}]))),
     ?line {'EXIT',{badarg,[{re,replace,
-			    ["apa","p","X",[{return,banana}]]},
-			   {?MODULE, error_handling,1} | _]}} =
+			    ["apa","p","X",[{return,banana}]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{return,banana}]))),
     ?line {'EXIT',{badarg,_}} = (catch re:replace("apa","(p","X",[])),
     % Badarg, not compile error.
     ?line {'EXIT',{badarg,[{re,replace,
-			    ["apa","(p","X",[{return,banana}]]},
-			   {?MODULE, error_handling,1} | _]}} =
+			    ["apa","(p","X",[{return,banana}]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","(p","X",
 					  [{return,banana}]))),
     % And the split errors:
     ?line [<<"a">>,<<"a">>] = (catch re:split("apa","p",[])),
     ?line [<<"a">>,<<"p">>,<<"a">>] = (catch re:split("apa",RE,[])),
-    ?line {'EXIT',{badarg,[{re,split,["apa","p",[global]]},
-			   {?MODULE, error_handling,1} | _]}} = 
+    ?line {'EXIT',{badarg,[{re,split,["apa","p",[global]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:split("apa","p",[global])),
-    ?line {'EXIT',{badarg,[{re,split,["apa","p",[{capture,all}]]},
-			   {?MODULE, error_handling,1} | _]}} = 
+    ?line {'EXIT',{badarg,[{re,split,["apa","p",[{capture,all}]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:split("apa","p",[{capture,all}])),
-    ?line {'EXIT',{badarg,[{re,split,["apa","p",[{capture,all,binary}]]},
-			   {?MODULE, error_handling,1} | _]}} = 
+    ?line {'EXIT',{badarg,[{re,split,["apa","p",[{capture,all,binary}]],_},
+			   {?MODULE, error_handling,1,_} | _]}} =
 	(catch re:split("apa","p",[{capture,all,binary}])),
-    ?line {'EXIT',{badarg,[{re,split,["apa",{1,2,3,4},[]]},
-			   {?MODULE, error_handling,1} | _]}} =
+    ?line {'EXIT',{badarg,[{re,split,["apa",{1,2,3,4},[]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:split("apa",{1,2,3,4})),
-    ?line {'EXIT',{badarg,[{re,split,["apa",{1,2,3,4},[]]},
-			   {?MODULE, error_handling,1} | _]}} =
+    ?line {'EXIT',{badarg,[{re,split,["apa",{1,2,3,4},[]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:split("apa",{1,2,3,4},[])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
-			     [unicode]]},
-			   {?MODULE, error_handling,1} | _]}} =
+			     [unicode]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:split("apa",RE,[unicode])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
-			     [{return,banana}]]},
-			   {?MODULE, error_handling,1} | _]}} =
+			     [{return,banana}]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:split("apa",RE,[{return,banana}])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
-			     [banana]]},
-			   {?MODULE, error_handling,1} | _]}} =
+			     [banana]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:split("apa",RE,[banana])),
     ?line {'EXIT',{badarg,_}} = (catch re:split("apa","(p")),
     %Exception on bad argument, not compilation error
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     "(p",
-			     [banana]]},
-			   {?MODULE, error_handling,1} | _]}} = 
+			     [banana]],_},
+			   {?MODULE,error_handling,1,_} | _]}} =
 	(catch re:split("apa","(p",[banana])),
     ?t:timetrap_cancel(Dog),
     ok.
diff --git a/lib/stdlib/test/shell_SUITE.erl b/lib/stdlib/test/shell_SUITE.erl
index 8273377ba1..b6019b86f0 100644
--- a/lib/stdlib/test/shell_SUITE.erl
+++ b/lib/stdlib/test/shell_SUITE.erl
@@ -2388,12 +2388,12 @@ otp_6554(Config) when is_list(Config) ->
         comm_err(<<"V = lists:seq(1, 20), case V of a -> ok end.">>),
     ?line "exception error: no function clause matching" = 
         comm_err(<<"fun(P) when is_pid(P) -> true end(a).">>),
-    ?line "exception error: {function_clause,[{erl_eval,do_apply,[unproper|list]}"++_ =
+    ?line "exception error: {function_clause," =
         comm_err(<<"erlang:error(function_clause, [unproper | list]).">>),
     ?line "exception error: function_clause" =
         comm_err(<<"erlang:error(function_clause, 4).">>),
     %% Cheating:
-    ?line "exception error: no function clause matching erl_eval:do_apply(4)" = 
+    ?line "exception error: no function clause matching erl_eval:do_apply(4)" ++ _ = 
         comm_err(<<"erlang:error(function_clause, [4]).">>),
     ?line "exception error: no function clause matching" ++ _ = 
         comm_err(<<"fun(a, b, c, d) -> foo end"
@@ -2406,7 +2406,7 @@ otp_6554(Config) when is_list(Config) ->
         comm_err(<<"fun(P, q) when is_pid(P) -> true end(a, b).">>),
     ?line "exception error: no function clause matching lists:reverse(" ++ _ = 
         comm_err(<<"F=fun() -> hello end, lists:reverse(F).">>),
-    ?line "exception error: no function clause matching lists:reverse(34)" = 
+    ?line "exception error: no function clause matching lists:reverse(34) (lists.erl, line " ++ _ = 
         comm_err(<<"lists:reverse(34).">>),
     ?line "exception error: no true branch found when evaluating an if expression" = 
         comm_err(<<"if length([a,b]) > 17 -> a end.">>),
diff --git a/lib/stdlib/test/sofs_SUITE.erl b/lib/stdlib/test/sofs_SUITE.erl
index d6f88a655e..73b282149a 100644
--- a/lib/stdlib/test/sofs_SUITE.erl
+++ b/lib/stdlib/test/sofs_SUITE.erl
@@ -1879,11 +1879,11 @@ digraph(Conf) when is_list(Conf) ->
 
     ?line {'EXIT', {badarg, _}} = 
         (catch family_to_digraph(set([a]))),
-    ?line {'EXIT', {badarg, [{sofs,family_to_digraph,[_,_]}|_]}} =
+    ?line {'EXIT', {badarg, [{sofs,family_to_digraph,[_,_],_}|_]}} =
         (catch family_to_digraph(set([a]), [foo])),
-    ?line {'EXIT', {badarg, [{sofs,family_to_digraph,[_,_]}|_]}} =
+    ?line {'EXIT', {badarg, [{sofs,family_to_digraph,[_,_],_}|_]}} =
         (catch family_to_digraph(F, [foo])),
-    ?line {'EXIT', {cyclic, [{sofs,family_to_digraph,[_,_]}|_]}} =
+    ?line {'EXIT', {cyclic, [{sofs,family_to_digraph,[_,_],_}|_]}} =
         (catch family_to_digraph(family([{a,[a]}]),[acyclic])),
 
     ?line G1 = family_to_digraph(E),
diff --git a/lib/stdlib/test/stdlib_SUITE.erl b/lib/stdlib/test/stdlib_SUITE.erl
index 0cca030b3d..8a2cb5ea6b 100644
--- a/lib/stdlib/test/stdlib_SUITE.erl
+++ b/lib/stdlib/test/stdlib_SUITE.erl
@@ -33,8 +33,7 @@
 -export([init_per_testcase/2, end_per_testcase/2]).
 
 % Test cases must be exported.
--export([app_test/1]).
--define(cases, [app_test]).
+-export([app_test/1, appup_test/1]).
 
 %%
 %% all/1
@@ -42,7 +41,7 @@
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [app_test].
+    [app_test, appup_test].
 
 groups() -> 
     [].
@@ -79,3 +78,61 @@ app_test(Config) when is_list(Config) ->
     ?t:app_test(stdlib),
     ok.
 
+%% Test that appup allows upgrade from/downgrade to a maximum of two
+%% major releases back.
+appup_test(_Config) ->
+    application:load(stdlib),
+    {_,_,Vsn} = lists:keyfind(stdlib,1,application:loaded_applications()),
+    AppupFile = filename:join([code:lib_dir(stdlib),ebin,"stdlib.appup"]),
+    {ok,[{Vsn,UpFrom,DownTo}=AppupScript]} = file:consult(AppupFile),
+    ct:log("~p~n",[AppupScript]),
+    {OkVsns,NokVsns} = create_test_vsns(Vsn),
+    check_appup(OkVsns,UpFrom,{ok,[restart_new_emulator]}),
+    check_appup(OkVsns,DownTo,{ok,[restart_new_emulator]}),
+    check_appup(NokVsns,UpFrom,error),
+    check_appup(NokVsns,DownTo,error),
+    ok.
+
+create_test_vsns(Current) ->
+    [XStr,YStr|Rest] = string:tokens(Current,"."),
+    X = list_to_integer(XStr),
+    Y = list_to_integer(YStr),
+    SecondMajor = vsn(X,Y-2),
+    SecondMinor = SecondMajor ++ ".1.3",
+    FirstMajor = vsn(X,Y-1),
+    FirstMinor = FirstMajor ++ ".57",
+    ThisMajor = vsn(X,Y),
+    This =
+	case Rest of
+	    [] ->
+		[];
+	    ["1"] ->
+		[ThisMajor];
+	    _ ->
+		ThisMinor = ThisMajor ++ ".1",
+		[ThisMajor,ThisMinor]
+	end,
+    OkVsns = This ++ [FirstMajor, FirstMinor, SecondMajor, SecondMinor],
+
+    ThirdMajor = vsn(X,Y-3),
+    ThirdMinor = ThirdMajor ++ ".10.12",
+    Illegal = ThisMajor ++ ",1",
+    Newer1Major = vsn(X,Y+1),
+    Newer1Minor = Newer1Major ++ ".1",
+    Newer2Major = ThisMajor ++ "1",
+    NokVsns = [ThirdMajor,ThirdMinor,
+	       Illegal,
+	       Newer1Major,Newer1Minor,
+	       Newer2Major],
+    {OkVsns,NokVsns}.
+
+vsn(X,Y) ->
+    integer_to_list(X) ++ "." ++ integer_to_list(Y).
+
+check_appup([Vsn|Vsns],Instrs,Expected) ->
+    case systools_relup:appup_search_for_version(Vsn, Instrs) of
+	Expected -> check_appup(Vsns,Instrs,Expected);
+	Other -> ct:fail({unexpected_result_for_vsn,Vsn,Other})
+    end;
+check_appup([],_,_) ->
+    ok.
diff --git a/lib/stdlib/test/supervisor_1.erl b/lib/stdlib/test/supervisor_1.erl
index 3198be0fed..777a48e38b 100644
--- a/lib/stdlib/test/supervisor_1.erl
+++ b/lib/stdlib/test/supervisor_1.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -62,6 +62,12 @@ handle_info(die, State) ->
 handle_info(stop, State) ->
     {stop, normal, State};
 
+handle_info({'EXIT',_,shutdown}, State) ->
+    {stop, shutdown, State};
+
+handle_info({'EXIT',_,{shutdown,Term}}, State) ->
+    {stop, {shutdown,Term}, State};
+
 handle_info({sleep, Time}, State) ->
     io:format("FOO: ~p~n", [Time]),
     timer:sleep(Time),
diff --git a/lib/stdlib/test/supervisor_2.erl b/lib/stdlib/test/supervisor_2.erl
new file mode 100644
index 0000000000..60d037f4e0
--- /dev/null
+++ b/lib/stdlib/test/supervisor_2.erl
@@ -0,0 +1,42 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%% Description: Simulates the behaviour that a child process may have.
+%% Is used by the supervisor_SUITE test suite.
+-module(supervisor_2).
+
+-export([start_child/1, init/1]).
+
+-export([handle_call/3, handle_info/2, terminate/2]).
+
+start_child(Time) when is_integer(Time), Time > 0 ->
+    gen_server:start_link(?MODULE, Time, []).
+
+init(Time) ->
+    process_flag(trap_exit, true),
+    {ok, Time}.
+
+handle_call(Req, _From, State) ->
+    {reply, Req, State}.
+
+handle_info(_, State) ->
+    {noreply, State}.
+
+terminate(_Reason, Time) ->
+    timer:sleep(Time),
+    ok.
diff --git a/lib/stdlib/test/supervisor_SUITE.erl b/lib/stdlib/test/supervisor_SUITE.erl
index b48450c151..71b76c093f 100644
--- a/lib/stdlib/test/supervisor_SUITE.erl
+++ b/lib/stdlib/test/supervisor_SUITE.erl
@@ -29,18 +29,23 @@
 	 end_per_testcase/2]).
 
 %% Internal export
--export([init/1, terminate_all_children/1]).
+-export([init/1, terminate_all_children/1,
+         middle9212/0, gen_server9212/0, handle_info/2]).
 
 %% API tests
 -export([ sup_start_normal/1, sup_start_ignore_init/1, 
-	  sup_start_ignore_child/1, sup_start_error_return/1,
-	  sup_start_fail/1, sup_stop_infinity/1,
+	  sup_start_ignore_child/1, sup_start_ignore_temporary_child/1,
+	  sup_start_ignore_temporary_child_start_child/1,
+	  sup_start_ignore_temporary_child_start_child_simple/1,
+	  sup_start_error_return/1, sup_start_fail/1, sup_stop_infinity/1,
 	  sup_stop_timeout/1, sup_stop_brutal_kill/1, child_adm/1,
 	  child_adm_simple/1, child_specs/1, extra_return/1]).
 
 %% Tests concept permanent, transient and temporary 
 -export([ permanent_normal/1, transient_normal/1,
 	  temporary_normal/1,
+	  permanent_shutdown/1, transient_shutdown/1,
+	  temporary_shutdown/1,
 	  permanent_abnormal/1, transient_abnormal/1,
 	  temporary_abnormal/1, temporary_bystander/1]).
 
@@ -50,13 +55,14 @@
 	  one_for_all_escalation/1,
 	  simple_one_for_one/1, simple_one_for_one_escalation/1,
 	  rest_for_one/1, rest_for_one_escalation/1,
-	  simple_one_for_one_extra/1]).
+	  simple_one_for_one_extra/1, simple_one_for_one_shutdown/1]).
 
 %% Misc tests
 -export([child_unlink/1, tree/1, count_children_memory/1,
 	 do_not_save_start_parameters_for_temporary_children/1,
 	 do_not_save_child_specs_for_temporary_children/1,
-	 simple_one_for_one_scale_many_temporary_children/1]).
+	 simple_one_for_one_scale_many_temporary_children/1,
+         simple_global_supervisor/1]).
 
 %%-------------------------------------------------------------------------
 
@@ -71,21 +77,27 @@ all() ->
      {group, restart_simple_one_for_one},
      {group, restart_rest_for_one},
      {group, normal_termination},
+     {group, shutdown_termination},
      {group, abnormal_termination}, child_unlink, tree,
      count_children_memory, do_not_save_start_parameters_for_temporary_children,
      do_not_save_child_specs_for_temporary_children,
-     simple_one_for_one_scale_many_temporary_children, temporary_bystander].
+     simple_one_for_one_scale_many_temporary_children, temporary_bystander,
+     simple_global_supervisor].
 
 groups() -> 
     [{sup_start, [],
       [sup_start_normal, sup_start_ignore_init,
-       sup_start_ignore_child, sup_start_error_return,
-       sup_start_fail]},
+       sup_start_ignore_child, sup_start_ignore_temporary_child,
+       sup_start_ignore_temporary_child_start_child,
+       sup_start_ignore_temporary_child_start_child_simple,
+       sup_start_error_return, sup_start_fail]},
      {sup_stop, [],
       [sup_stop_infinity, sup_stop_timeout,
        sup_stop_brutal_kill]},
      {normal_termination, [],
       [permanent_normal, transient_normal, temporary_normal]},
+     {shutdown_termination, [],
+      [permanent_shutdown, transient_shutdown, temporary_shutdown]},
      {abnormal_termination, [],
       [permanent_abnormal, transient_abnormal,
        temporary_abnormal]},
@@ -94,8 +106,8 @@ groups() ->
      {restart_one_for_all, [],
       [one_for_all, one_for_all_escalation]},
      {restart_simple_one_for_one, [],
-      [simple_one_for_one, simple_one_for_one_extra,
-       simple_one_for_one_escalation]},
+      [simple_one_for_one, simple_one_for_one_shutdown,
+       simple_one_for_one_extra, simple_one_for_one_escalation]},
      {restart_rest_for_one, [],
       [rest_for_one, rest_for_one_escalation]}].
 
@@ -115,7 +127,9 @@ end_per_group(_GroupName, Config) ->
 
 init_per_testcase(count_children_memory, Config) ->
     try erlang:memory() of
-	_ -> Config
+	_ ->
+	    erts_debug:set_internal_state(available_internal_state, true),
+	    Config
     catch error:notsup ->
 	    {skip, "+Meamin used during test; erlang:memory/1 not available"}
     end;
@@ -123,6 +137,9 @@ init_per_testcase(_Case, Config) ->
     erlang:display(_Case),
     Config.
 
+end_per_testcase(count_children_memory, _Config) ->
+    catch erts_debug:set_internal_state(available_internal_state, false),
+    ok;
 end_per_testcase(_Case, _Config) ->
     ok.
 
@@ -145,29 +162,23 @@ get_child_counts(Supervisor) ->
 
 %%-------------------------------------------------------------------------
 %% Test cases starts here.
-%%-------------------------------------------------------------------------
-sup_start_normal(doc) ->
-    ["Tests that the supervisor process starts correctly and that it "
-     "can be terminated gracefully."];
-sup_start_normal(suite) -> [];
+%% -------------------------------------------------------------------------
+%% Tests that the supervisor process starts correctly and that it can
+%% be terminated gracefully.
 sup_start_normal(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     terminate(Pid, shutdown).
 
 %%-------------------------------------------------------------------------
-sup_start_ignore_init(doc) ->
-    ["Tests what happens if init-callback returns ignore"];
-sup_start_ignore_init(suite) -> [];
+%% Tests what happens if init-callback returns ignore.
 sup_start_ignore_init(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ignore = start_link(ignore),
     check_exit_reason(normal).
 
 %%-------------------------------------------------------------------------
-sup_start_ignore_child(doc) ->
-    ["Tests what happens if init-callback returns ignore"];
-sup_start_ignore_child(suite) -> [];
+%% Tests what happens if init-callback returns ignore.
 sup_start_ignore_child(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -184,30 +195,75 @@ sup_start_ignore_child(Config) when is_list(Config) ->
     [2,1,0,2] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-sup_start_error_return(doc) ->
-    ["Tests what happens if init-callback returns a invalid value"];
-sup_start_error_return(suite) -> [];
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when ChildSpec is returned directly from supervisor
+%% init callback.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    Child2 = {child2, {supervisor_1, start_child, []}, temporary,
+	      1000, worker, []},
+    {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, [Child1,Child2]}}),
+
+    [{child2, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    true = is_pid(CPid2),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when child is started with start_child/2.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child_start_child(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, []}}),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    Child2 = {child2, {supervisor_1, start_child, []}, temporary,
+	      1000, worker, []},
+
+    {ok, undefined} = supervisor:start_child(sup_test, Child1),
+    {ok, CPid2} = supervisor:start_child(sup_test, Child2),
+
+    [{child2, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when child is started with start_child/2, and the
+%% supervisor is simple_one_for_one.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child_start_child_simple(Config)
+  when is_list(Config) ->
+    process_flag(trap_exit, true),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    {ok, _Pid}  = start_link({ok, {{simple_one_for_one, 2, 3600}, [Child1]}}),
+
+    {ok, undefined} = supervisor:start_child(sup_test, []),
+    {ok, CPid2} = supervisor:start_child(sup_test, []),
+
+    [{undefined, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if init-callback returns a invalid value.
 sup_start_error_return(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {error, Term} = start_link(invalid),
     check_exit_reason(Term).
 
 %%-------------------------------------------------------------------------
-sup_start_fail(doc) ->
-    ["Tests what happens if init-callback fails"];
-sup_start_fail(suite) -> [];
+%% Tests what happens if init-callback fails.
 sup_start_fail(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {error, Term} = start_link(fail),
     check_exit_reason(Term).
 
 %%-------------------------------------------------------------------------
-
-sup_stop_infinity(doc) ->
-    ["See sup_stop/1 when Shutdown = infinity, this walue is only allowed "
-     "for children of type supervisor"];
-sup_stop_infinity(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = infinity, this walue is allowed for
+%% children of type supervisor _AND_ worker.
 sup_stop_infinity(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -216,19 +272,16 @@ sup_stop_infinity(Config) when is_list(Config) ->
     Child2 = {child2, {supervisor_1, start_child, []}, permanent,
 	      infinity, worker, []},
     {ok, CPid1} = supervisor:start_child(sup_test, Child1),
+    {ok, CPid2} = supervisor:start_child(sup_test, Child2),
     link(CPid1),
-    {error, {invalid_shutdown,infinity}} =
-	supervisor:start_child(sup_test, Child2),
+    link(CPid2),
 
     terminate(Pid, shutdown),
-    check_exit_reason(CPid1, shutdown).
+    check_exit_reason(CPid1, shutdown),
+    check_exit_reason(CPid2, shutdown).
 
 %%-------------------------------------------------------------------------
-
-sup_stop_timeout(doc) ->
-    ["See sup_stop/1 when Shutdown = 1000"];
-sup_stop_timeout(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = 1000
 sup_stop_timeout(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -250,10 +303,7 @@ sup_stop_timeout(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-sup_stop_brutal_kill(doc) ->
-    ["See sup_stop/1 when Shutdown = brutal_kill"];
-sup_stop_brutal_kill(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = brutal_kill
 sup_stop_brutal_kill(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -272,14 +322,10 @@ sup_stop_brutal_kill(Config) when is_list(Config) ->
     check_exit_reason(CPid2, killed).
 
 %%-------------------------------------------------------------------------
-extra_return(doc) -> 
-    ["The start function provided to start a child may " 
-     "return {ok, Pid} or {ok, Pid, Info}, if it returns "
-     "the later check that the supervisor ignores the Info, "
-     "and includes it unchanged in return from start_child/2 "
-     "and restart_child/2"];
-extra_return(suite) -> [];
-
+%% The start function provided to start a child may return {ok, Pid}
+%% or {ok, Pid, Info}, if it returns the latter check that the
+%% supervisor ignores the Info, and includes it unchanged in return
+%% from start_child/2 and restart_child/2.
 extra_return(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child1, {supervisor_1, start_child, [extra_return]}, 
@@ -319,12 +365,10 @@ extra_return(Config) when is_list(Config) ->
 
     ok.
 %%-------------------------------------------------------------------------
-child_adm(doc)->
-    ["Test API functions start_child/2, terminate_child/2, delete_child/2 "
-     "restart_child/2, which_children/1, count_children/1. Only correct "
-     "childspecs are used, handling of incorrect childspecs is tested in "
-     "child_specs/1"];
-child_adm(suite) -> [];
+%% Test API functions start_child/2, terminate_child/2, delete_child/2
+%% restart_child/2, which_children/1, count_children/1. Only correct
+%% childspecs are used, handling of incorrect childspecs is tested in
+%% child_specs/1.
 child_adm(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -388,11 +432,9 @@ child_adm(Config) when is_list(Config) ->
 	= (catch supervisor:count_children(foo)),
     ok.
 %%-------------------------------------------------------------------------
-child_adm_simple(doc) ->
-    ["The API functions terminate_child/2, delete_child/2 "
-     "restart_child/2 are not valid for a simple_one_for_one supervisor "
-     "check that the correct error message is returned."];
-child_adm_simple(suite) -> [];
+%% The API functions terminate_child/2, delete_child/2 restart_child/2
+%% are not valid for a simple_one_for_one supervisor check that the
+%% correct error message is returned.
 child_adm_simple(Config) when is_list(Config) ->
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
 	     worker, []},
@@ -440,9 +482,7 @@ child_adm_simple(Config) when is_list(Config) ->
     ok.
 
 %%-------------------------------------------------------------------------
-child_specs(doc) ->
-    ["Tests child specs, invalid formats should be rejected."];
-child_specs(suite) -> [];
+%% Tests child specs, invalid formats should be rejected.
 child_specs(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, _Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -453,9 +493,8 @@ child_specs(Config) when is_list(Config) ->
     B2 = {child, {m,f,[a]}, prmanent, 1000, worker, []}, 
     B3 = {child, {m,f,[a]}, permanent, -10, worker, []},
     B4 = {child, {m,f,[a]}, permanent, 10, wrker, []},
-    B5 = {child, {m,f,[a]}, permanent, infinity, worker, []},
-    B6 = {child, {m,f,[a]}, permanent, 1000, worker, dy},
-    B7 = {child, {m,f,[a]}, permanent, 1000, worker, [1,2,3]},
+    B5 = {child, {m,f,[a]}, permanent, 1000, worker, dy},
+    B6 = {child, {m,f,[a]}, permanent, 1000, worker, [1,2,3]},
 
     %% Correct child specs!
     %% <Modules> (last parameter in a child spec) can be [] as we do 
@@ -464,6 +503,7 @@ child_specs(Config) when is_list(Config) ->
     C2 = {child, {m,f,[a]}, permanent, 1000, supervisor, []},
     C3 = {child, {m,f,[a]}, temporary, 1000, worker, dynamic},
     C4 = {child, {m,f,[a]}, transient, 1000, worker, [m]},
+    C5 = {child, {m,f,[a]}, permanent, infinity, worker, [m]},
 
     {error, {invalid_mfa,mfa}} = supervisor:start_child(sup_test, B1),
     {error, {invalid_restart_type, prmanent}} =
@@ -472,9 +512,8 @@ child_specs(Config) when is_list(Config) ->
 	= supervisor:start_child(sup_test, B3),
     {error, {invalid_child_type,wrker}}
 	= supervisor:start_child(sup_test, B4),
-    {error, _} = supervisor:start_child(sup_test, B5),
     {error, {invalid_modules,dy}}
-	= supervisor:start_child(sup_test, B6),
+	= supervisor:start_child(sup_test, B5),
 
     {error, {invalid_mfa,mfa}} = supervisor:check_childspecs([B1]),
     {error, {invalid_restart_type,prmanent}} =
@@ -482,21 +521,19 @@ child_specs(Config) when is_list(Config) ->
     {error, {invalid_shutdown,-10}} = supervisor:check_childspecs([B3]),
     {error, {invalid_child_type,wrker}}
 	= supervisor:check_childspecs([B4]),
-    {error, _} = supervisor:check_childspecs([B5]),
-    {error, {invalid_modules,dy}} = supervisor:check_childspecs([B6]),
+    {error, {invalid_modules,dy}} = supervisor:check_childspecs([B5]),
     {error, {invalid_module, 1}} =
-	supervisor:check_childspecs([B7]),
+	supervisor:check_childspecs([B6]),
 
     ok = supervisor:check_childspecs([C1]),
     ok = supervisor:check_childspecs([C2]),
     ok = supervisor:check_childspecs([C3]),
     ok = supervisor:check_childspecs([C4]),
+    ok = supervisor:check_childspecs([C5]),
     ok.
 
 %%-------------------------------------------------------------------------
-permanent_normal(doc) ->
-    ["A permanent child should always be restarted"];
-permanent_normal(suite) -> [];
+%% A permanent child should always be restarted.
 permanent_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -516,10 +553,8 @@ permanent_normal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-transient_normal(doc) ->
-    ["A transient child should not be restarted if it exits with " 
-     "reason normal"];
-transient_normal(suite) -> [];
+%% A transient child should not be restarted if it exits with reason
+%% normal.
 transient_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
@@ -533,9 +568,7 @@ transient_normal(Config) when is_list(Config) ->
     [1,0,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_normal(doc) ->
-    ["A temporary process should never be restarted"];
-temporary_normal(suite) -> [];
+%% A temporary process should never be restarted.
 temporary_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
@@ -549,9 +582,82 @@ temporary_normal(Config) when is_list(Config) ->
     [0,0,0,0] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-permanent_abnormal(doc) ->
-    ["A permanent child should always be restarted"];
-permanent_abnormal(suite) -> [];
+%% A permanent child should always be restarted.
+permanent_shutdown(Config) when is_list(Config) ->
+    {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
+    Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
+	      worker, []},
+
+    {ok, CPid1} = supervisor:start_child(sup_test, Child1),
+
+    terminate(SupPid, CPid1, child1, shutdown),
+
+    [{child1, CPid2 ,worker,[]}] = supervisor:which_children(sup_test),
+    case is_pid(CPid2) of
+	true ->
+	    ok;
+	false ->
+	    test_server:fail({permanent_child_not_restarted, Child1})
+    end,
+    [1,1,0,1] = get_child_counts(sup_test),
+
+    terminate(SupPid, CPid2, child1, {shutdown, some_info}),
+
+    [{child1, CPid3 ,worker,[]}] = supervisor:which_children(sup_test),
+    case is_pid(CPid3) of
+	true ->
+	    ok;
+	false ->
+	    test_server:fail({permanent_child_not_restarted, Child1})
+    end,
+
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% A transient child should not be restarted if it exits with reason
+%% shutdown or {shutdown,Term}.
+transient_shutdown(Config) when is_list(Config) ->
+    {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
+    Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
+	      worker, []},
+
+    {ok, CPid1} = supervisor:start_child(sup_test, Child1),
+
+    terminate(SupPid, CPid1, child1, shutdown),
+
+    [{child1,undefined,worker,[]}] = supervisor:which_children(sup_test),
+    [1,0,0,1] = get_child_counts(sup_test),
+
+    {ok, CPid2} = supervisor:restart_child(sup_test, child1),
+
+    terminate(SupPid, CPid2, child1, {shutdown, some_info}),
+
+    [{child1,undefined,worker,[]}] = supervisor:which_children(sup_test),
+    [1,0,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% A temporary process should never be restarted.
+temporary_shutdown(Config) when is_list(Config) ->
+    {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
+    Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
+	      worker, []},
+
+    {ok, CPid1} = supervisor:start_child(sup_test, Child1),
+
+    terminate(SupPid, CPid1, child1, shutdown),
+
+    [] = supervisor:which_children(sup_test),
+    [0,0,0,0] = get_child_counts(sup_test),
+
+    {ok, CPid2} = supervisor:start_child(sup_test, Child1),
+
+    terminate(SupPid, CPid2, child1, {shutdown, some_info}),
+
+    [] = supervisor:which_children(sup_test),
+    [0,0,0,0] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% A permanent child should always be restarted.
 permanent_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -570,10 +676,7 @@ permanent_abnormal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-transient_abnormal(doc) ->
-    ["A transient child should be restarted if it exits with " 
-     "reason abnormal"];
-transient_abnormal(suite) -> [];
+%% A transient child should be restarted if it exits with reason abnormal.
 transient_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
@@ -592,9 +695,7 @@ transient_abnormal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_abnormal(doc) ->
-    ["A temporary process should never be restarted"];
-temporary_abnormal(suite) -> [];
+%% A temporary process should never be restarted.
 temporary_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
@@ -607,11 +708,9 @@ temporary_abnormal(Config) when is_list(Config) ->
     [0,0,0,0] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_bystander(doc) ->
-    ["A temporary process killed as part of a rest_for_one or one_for_all "
-     "restart strategy should not be restarted given its args are not "
-     " saved. Otherwise the supervisor hits its limit and crashes."];
-temporary_bystander(suite) -> [];
+%% A temporary process killed as part of a rest_for_one or one_for_all
+%% restart strategy should not be restarted given its args are not
+%% saved. Otherwise the supervisor hits its limit and crashes.
 temporary_bystander(_Config) ->
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 100,
 	      worker, []},
@@ -638,9 +737,7 @@ temporary_bystander(_Config) ->
     [{child1, _, _, _}] = supervisor:which_children(SupPid2).
 
 %%-------------------------------------------------------------------------
-one_for_one(doc) ->
-    ["Test the one_for_one base case."];
-one_for_one(suite) -> [];
+%% Test the one_for_one base case.
 one_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -670,9 +767,7 @@ one_for_one(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-one_for_one_escalation(doc) ->
-    ["Test restart escalation on a one_for_one supervisor."];
-one_for_one_escalation(suite) -> [];
+%% Test restart escalation on a one_for_one supervisor.
 one_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -692,9 +787,7 @@ one_for_one_escalation(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-one_for_all(doc) ->
-    ["Test the one_for_all base case."];
-one_for_all(suite) -> [];
+%% Test the one_for_all base case.
 one_for_all(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -730,9 +823,7 @@ one_for_all(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-one_for_all_escalation(doc) -> 
-    ["Test restart escalation on a one_for_all supervisor."];
-one_for_all_escalation(suite) -> [];
+%% Test restart escalation on a one_for_all supervisor.
 one_for_all_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -751,9 +842,7 @@ one_for_all_escalation(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-simple_one_for_one(doc) ->
-    ["Test the simple_one_for_one base case."];
-simple_one_for_one(suite) -> [];
+%% Test the simple_one_for_one base case.
 simple_one_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
@@ -782,11 +871,39 @@ simple_one_for_one(Config) when is_list(Config) ->
     terminate(SupPid, Pid4, Id4, abnormal),
     check_exit([SupPid]).
 
+
+%%-------------------------------------------------------------------------
+%% Test simple_one_for_one children shutdown accordingly to the
+%% supervisor's shutdown strategy.
+simple_one_for_one_shutdown(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    ShutdownTime = 1000,
+    Child = {child, {supervisor_2, start_child, []},
+             permanent, 2*ShutdownTime, worker, []},
+    {ok, SupPid} = start_link({ok, {{simple_one_for_one, 2, 3600}, [Child]}}),
+
+    %% Will be gracefully shutdown
+    {ok, _CPid1} = supervisor:start_child(sup_test, [ShutdownTime]),
+    {ok, _CPid2} = supervisor:start_child(sup_test, [ShutdownTime]),
+
+    %% Will be killed after 2*ShutdownTime milliseconds
+    {ok, _CPid3} = supervisor:start_child(sup_test, [5*ShutdownTime]),
+
+    {T, ok} = timer:tc(fun terminate/2, [SupPid, shutdown]),
+    if T < 1000*ShutdownTime ->
+            %% Because supervisor's children wait before exiting, it can't
+            %% terminate quickly
+            test_server:fail({shutdown_too_short, T});
+       T >= 1000*5*ShutdownTime ->
+            test_server:fail({shutdown_too_long, T});
+       true ->
+            check_exit([SupPid])
+    end.
+
+
 %%-------------------------------------------------------------------------
-simple_one_for_one_extra(doc) -> 
-    ["Tests automatic restart of children " 
-     "who's start function return extra info."];
-simple_one_for_one_extra(suite) -> [];
+%% Tests automatic restart of children who's start function return
+%% extra info.
 simple_one_for_one_extra(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, [extra_info]}, 
@@ -811,9 +928,7 @@ simple_one_for_one_extra(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-simple_one_for_one_escalation(doc) ->
-    ["Test restart escalation on a simple_one_for_one supervisor."];
-simple_one_for_one_escalation(suite) -> [];
+%% Test restart escalation on a simple_one_for_one supervisor.
 simple_one_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
@@ -828,9 +943,7 @@ simple_one_for_one_escalation(Config) when is_list(Config) ->
     check_exit([SupPid, CPid2]).
 
 %%-------------------------------------------------------------------------
-rest_for_one(doc) ->
-    ["Test the rest_for_one base case."];
-rest_for_one(suite) -> [];
+%% Test the rest_for_one base case.
 rest_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -878,9 +991,7 @@ rest_for_one(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-rest_for_one_escalation(doc) ->
-    ["Test restart escalation on a rest_for_one supervisor."];
-rest_for_one_escalation(suite) -> [];
+%% Test restart escalation on a rest_for_one supervisor.
 rest_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -897,11 +1008,8 @@ rest_for_one_escalation(Config) when is_list(Config) ->
     check_exit([CPid2, SupPid]).
 
 %%-------------------------------------------------------------------------
-child_unlink(doc)->
-    ["Test that the supervisor does not hang forever if "
-     "the child unliks and then is terminated by the supervisor."];
-child_unlink(suite) ->
-    [];
+%% Test that the supervisor does not hang forever if the child unliks
+%% and then is terminated by the supervisor.
 child_unlink(Config) when is_list(Config) ->
 
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -926,10 +1034,7 @@ child_unlink(Config) when is_list(Config) ->
 	    test_server:fail(supervisor_hangs)
     end.
 %%-------------------------------------------------------------------------
-tree(doc) ->
-    ["Test a basic supervison tree."];
-tree(suite) ->
-    [];
+%% Test a basic supervison tree.
 tree(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -1005,11 +1110,9 @@ tree(Config) when is_list(Config) ->
 
     [] = supervisor:which_children(NewSup2),
     [0,0,0,0] = get_child_counts(NewSup2).
+
 %%-------------------------------------------------------------------------
-count_children_memory(doc) ->
-    ["Test that count_children does not eat memory."];
-count_children_memory(suite) ->
-    [];
+%% Test that count_children does not eat memory.
 count_children_memory(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, temporary, 1000,
@@ -1018,25 +1121,25 @@ count_children_memory(Config) when is_list(Config) ->
     [supervisor:start_child(sup_test, []) || _Ignore <- lists:seq(1,1000)],
 
     garbage_collect(),
-    _Size1 = erlang:memory(processes_used),
+    _Size1 = proc_memory(),
     Children = supervisor:which_children(sup_test),
-    _Size2 = erlang:memory(processes_used),
+    _Size2 = proc_memory(),
     ChildCount = get_child_counts(sup_test),
-    _Size3 = erlang:memory(processes_used),
+    _Size3 = proc_memory(),
 
     [supervisor:start_child(sup_test, []) || _Ignore2 <- lists:seq(1,1000)],
 
     garbage_collect(),
     Children2 = supervisor:which_children(sup_test),
-    Size4 = erlang:memory(processes_used),
+    Size4 = proc_memory(),
     ChildCount2 = get_child_counts(sup_test),
-    Size5 = erlang:memory(processes_used),
+    Size5 = proc_memory(),
 
     garbage_collect(),
     Children3 = supervisor:which_children(sup_test),
-    Size6 = erlang:memory(processes_used),
+    Size6 = proc_memory(),
     ChildCount3 = get_child_counts(sup_test),
-    Size7 = erlang:memory(processes_used),
+    Size7 = proc_memory(),
 
     1000 = length(Children),
     [1,1000,0,1000] = ChildCount,
@@ -1051,24 +1154,25 @@ count_children_memory(Config) when is_list(Config) ->
     case (Size5 =< Size4) of
 	true -> ok;
 	false ->
-	    test_server:fail({count_children, used_more_memory})
+	    test_server:fail({count_children, used_more_memory,Size4,Size5})
     end,
     case Size7 =< Size6 of
 	true -> ok;
 	false ->
-	    test_server:fail({count_children, used_more_memory})
+	    test_server:fail({count_children, used_more_memory,Size6,Size7})
     end,
 
     [terminate(SupPid, Pid, child, kill) || {undefined, Pid, worker, _Modules} <- Children3],
     [1,0,0,0] = get_child_counts(sup_test).
 
+proc_memory() ->
+    erts_debug:set_internal_state(wait, deallocations),
+    erlang:memory(processes_used).
+
 %%-------------------------------------------------------------------------
-do_not_save_start_parameters_for_temporary_children(doc) ->
-    ["Temporary children shall not be restarted so they should not "
-     "save start parameters, as it potentially can "
-     "take up a huge amount of memory for no purpose."];
-do_not_save_start_parameters_for_temporary_children(suite) ->
-    [];
+%% Temporary children shall not be restarted so they should not save
+%% start parameters, as it potentially can take up a huge amount of
+%% memory for no purpose.
 do_not_save_start_parameters_for_temporary_children(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     dont_save_start_parameters_for_temporary_children(one_for_all),
@@ -1090,11 +1194,8 @@ child_spec({Name, MFA, RestartType, Shutdown, Type, Modules}, N) ->
     {NewName, MFA, RestartType, Shutdown, Type, Modules}.
 
 %%-------------------------------------------------------------------------
-do_not_save_child_specs_for_temporary_children(doc) ->
-    ["Temporary children shall not be restarted so supervisors should "
-     "not save their spec when they terminate"];
-do_not_save_child_specs_for_temporary_children(suite) ->
-    [];
+%% Temporary children shall not be restarted so supervisors should not
+%% save their spec when they terminate.
 do_not_save_child_specs_for_temporary_children(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     dont_save_child_specs_for_temporary_children(one_for_all, kill),
@@ -1243,13 +1344,18 @@ simple_one_for_one_scale_many_temporary_children(_Config) ->
 	     end || _<- lists:seq(1,10000)],
     {T2,done} = timer:tc(?MODULE,terminate_all_children,[C2]),
     
-    Scaling = T2 div T1,
-    if Scaling > 20 ->
-	    %% The scaling shoul be linear (i.e.10, really), but we
-	    %% give some extra here to avoid failing the test
-	    %% unecessarily.
-	    ?t:fail({bad_scaling,Scaling});
+    if T1 > 0 ->
+	    Scaling = T2 div T1,
+	    if Scaling > 20 ->
+		    %% The scaling shoul be linear (i.e.10, really), but we
+		    %% give some extra here to avoid failing the test
+		    %% unecessarily.
+		    ?t:fail({bad_scaling,Scaling});
+	       true ->
+		    ok
+	    end;
        true ->
+	    %% Means T2 div T1 -> infinity
 	    ok
     end.
     
@@ -1261,6 +1367,92 @@ terminate_all_children([]) ->
     done.
 
 
+%%-------------------------------------------------------------------------
+%% OTP-9212. Restart of global supervisor.
+simple_global_supervisor(_Config) ->
+    kill_supervisor(),
+    kill_worker(),
+    exit_worker(),
+    restart_worker(),
+    ok.
+
+kill_supervisor() ->
+    {Top, Sup2_1, Server_1} = start9212(),
+
+    %% Killing a supervisor isn't really supported, but try it anyway...
+    exit(Sup2_1, kill),
+    timer:sleep(200),
+    Sup2_2 = global:whereis_name(sup2),
+    Server_2 = global:whereis_name(server),
+    true = is_pid(Sup2_2),
+    true = is_pid(Server_2),
+    true = Sup2_1 =/= Sup2_2,
+    true = Server_1 =/= Server_2,
+
+    stop9212(Top).
+
+handle_info({fail, With, After}, _State) ->
+    timer:sleep(After),
+    erlang:error(With).
+
+kill_worker() ->
+    {Top, _Sup2, Server_1} = start9212(),
+    exit(Server_1, kill),
+    timer:sleep(200),
+    Server_2 = global:whereis_name(server),
+    true = is_pid(Server_2),
+    true = Server_1 =/= Server_2,
+    stop9212(Top).
+
+exit_worker() ->
+    %% Very much the same as kill_worker().
+    {Top, _Sup2, Server_1} = start9212(),
+    Server_1 ! {fail, normal, 0},
+    timer:sleep(200),
+    Server_2 = global:whereis_name(server),
+    true = is_pid(Server_2),
+    true = Server_1 =/= Server_2,
+    stop9212(Top).
+
+restart_worker() ->
+    {Top, _Sup2, Server_1} = start9212(),
+    ok = supervisor:terminate_child({global, sup2}, child),
+    {ok, _Child} = supervisor:restart_child({global, sup2}, child),
+    Server_2 = global:whereis_name(server),
+    true = is_pid(Server_2),
+    true = Server_1 =/= Server_2,
+    stop9212(Top).
+
+start9212() ->
+    Middle = {middle,{?MODULE,middle9212,[]}, permanent,2000,supervisor,[]},
+    InitResult = {ok, {{one_for_all,3,60}, [Middle]}},
+    {ok, TopPid} = start_link(InitResult),
+
+    Sup2 = global:whereis_name(sup2),
+    Server = global:whereis_name(server),
+    true = is_pid(Sup2),
+    true = is_pid(Server),
+    {TopPid, Sup2, Server}.
+
+stop9212(Top) ->
+    Old = process_flag(trap_exit, true),
+    exit(Top, kill),
+    timer:sleep(200),
+    undefined = global:whereis_name(sup2),
+    undefined = global:whereis_name(server),
+    check_exit([Top]),
+    _ = process_flag(trap_exit, Old),
+    ok.
+
+middle9212() ->
+    Child = {child, {?MODULE,gen_server9212,[]},permanent, 2000, worker, []},
+    InitResult = {ok, {{one_for_all,3,60}, [Child]}},
+    supervisor:start_link({global,sup2}, ?MODULE, InitResult).
+
+gen_server9212() ->
+    InitResult = {ok, []},
+    gen_server:start_link({global,server}, ?MODULE, InitResult, []).
+
 
 %%-------------------------------------------------------------------------
 terminate(Pid, Reason) when Reason =/= supervisor ->
@@ -1282,6 +1474,13 @@ terminate(_, ChildPid, _, shutdown) ->
 	{'DOWN', Ref, process, ChildPid, shutdown} ->
 	    ok
     end;
+terminate(_, ChildPid, _, {shutdown, Term}) ->
+    Ref = erlang:monitor(process, ChildPid),
+    exit(ChildPid, {shutdown, Term}),
+    receive
+	{'DOWN', Ref, process, ChildPid, {shutdown, Term}} ->
+	    ok
+    end;
 terminate(_, ChildPid, _, normal) ->
     Ref = erlang:monitor(process, ChildPid),
     ChildPid ! stop,
diff --git a/lib/stdlib/test/supervisor_bridge_SUITE.erl b/lib/stdlib/test/supervisor_bridge_SUITE.erl
index c4d696564d..b3056ff41a 100644
--- a/lib/stdlib/test/supervisor_bridge_SUITE.erl
+++ b/lib/stdlib/test/supervisor_bridge_SUITE.erl
@@ -19,8 +19,9 @@
 -module(supervisor_bridge_SUITE).
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2,starting/1,
-	 mini_terminate/1,mini_die/1,badstart/1]).
--export([client/1,init/1,internal_loop_init/1,terminate/2]).
+	 mini_terminate/1,mini_die/1,badstart/1,
+         simple_global_supervisor/1]).
+-export([client/1,init/1,internal_loop_init/1,terminate/2,server9212/0]).
 
 -include_lib("test_server/include/test_server.hrl").
 -define(bridge_name,supervisor_bridge_SUITE_server).
@@ -31,7 +32,7 @@
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [starting, mini_terminate, mini_die, badstart].
+    [starting, mini_terminate, mini_die, badstart, simple_global_supervisor].
 
 groups() -> 
     [].
@@ -138,7 +139,9 @@ init(3) ->
     receive
 	{InternalPid,init_done} ->
 	    {ok,InternalPid,self()}
-    end.
+    end;
+init({4,Result}) ->
+    Result.
 
 internal_loop_init(Parent) ->
     register(?work_bridge_name, self()),
@@ -160,7 +163,9 @@ terminate(Reason,{Parent,Worker}) ->
     io:format("Terminating bridge...\n"),
     exit(Worker,kill),
     Parent ! {dying,Reason},
-    anything.
+    anything;
+terminate(_Reason, _State) ->
+    any.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -197,3 +202,30 @@ badstart(Config) when is_list(Config) ->
     ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% OTP-9212. Restart of global supervisor.
+
+simple_global_supervisor(suite) -> [];
+simple_global_supervisor(doc) -> "Globally registered supervisor.";
+simple_global_supervisor(Config) when is_list(Config) ->
+    ?line Dog = test_server:timetrap({seconds,10}),
+
+    Child = {child, {?MODULE,server9212,[]}, permanent, 2000, worker, []},
+    InitResult = {ok, {{one_for_all,3,60}, [Child]}},
+    {ok, Sup} =
+        supervisor:start_link({local,bridge9212}, ?MODULE, {4,InitResult}),
+
+    BN_1 = global:whereis_name(?bridge_name),
+    ?line exit(BN_1, kill),
+    timer:sleep(200),
+    BN_2 = global:whereis_name(?bridge_name),
+    ?line true = is_pid(BN_2),
+    ?line true = BN_1 =/= BN_2,
+
+    ?line process_flag(trap_exit, true),
+    exit(Sup, kill),
+    ?line receive {'EXIT', Sup, killed} -> ok end,
+    ?line test_server:timetrap_cancel(Dog),
+    ok.
+
+server9212() ->
+    supervisor_bridge:start_link({global,?bridge_name}, ?MODULE, 3).
diff --git a/lib/stdlib/test/tar_SUITE.erl b/lib/stdlib/test/tar_SUITE.erl
index 9ad3936928..5bc34e35af 100644
--- a/lib/stdlib/test/tar_SUITE.erl
+++ b/lib/stdlib/test/tar_SUITE.erl
@@ -533,7 +533,7 @@ symlinks(Config) when is_list(Config) ->
     ?line ok = file:make_dir(Dir),
     ?line ABadSymlink = filename:join(Dir, "bad_symlink"),
     ?line PointsTo = "/a/definitely/non_existing/path",
-    ?line Res = case file:make_symlink("/a/definitely/non_existing/path", ABadSymlink) of
+    ?line Res = case make_symlink("/a/definitely/non_existing/path", ABadSymlink) of
 		    {error, enotsup} ->
 			{skip, "Symbolic links not supported on this platform"};
 		    ok ->
@@ -544,7 +544,30 @@ symlinks(Config) when is_list(Config) ->
     %% Clean up.
     ?line delete_files([Dir]),
     Res.
-    
+
+make_symlink(Path, Link) ->
+    case os:type() of
+	{win32,_} ->
+	    %% Symlinks on Windows have two problems:
+	    %%   1) file:read_link_info/1 cannot read out the target
+	    %%      of the symlink if the target does not exist.
+	    %%      That is possible (but not easy) to fix in the
+	    %%      efile driver.
+	    %%
+	    %%   2) Symlinks to files and directories are different
+	    %%      creatures. If the target is not existing, the
+	    %%      symlink will be created to be of the file-pointing
+	    %%      type. That can be partially worked around in erl_tar
+	    %%      by creating all symlinks when the end of the tar
+	    %%      file has been reached.
+	    %%
+	    %% But for now, pretend that there are no symlinks on
+	    %% Windows.
+	    {error, enotsup};
+	_ ->
+	    file:make_symlink(Path, Link)
+    end.
+	  
 symlinks(Dir, BadSymlink, PointsTo) ->
     ?line Tar = filename:join(Dir, "symlink.tar"),
     ?line DerefTar = filename:join(Dir, "dereference.tar"),
@@ -743,9 +766,9 @@ run_in_short_tempdir(Config, Fun) ->
     %% We need a base directory with a much shorter pathname than
     %% priv_dir. We KNOW that priv_dir is located four levels below
     %% the directory that common_test puts the ct_run.* directories
-    %% in. That fact is not documented, but an usually reliable source
+    %% in. That fact is not documented, but a usually reliable source
     %% assured me that the directory structure is unlikely to change
-    %% in future versions of common_test because of backward
+    %% in future versions of common_test because of backwards
     %% compatibility (tools developed by users of common_test depend
     %% on the current directory layout).
     Base = lists:foldl(fun(_, D) ->
diff --git a/lib/stdlib/test/unicode_SUITE.erl b/lib/stdlib/test/unicode_SUITE.erl
index 9aa800209d..4055af2741 100644
--- a/lib/stdlib/test/unicode_SUITE.erl
+++ b/lib/stdlib/test/unicode_SUITE.erl
@@ -322,7 +322,7 @@ roundtrips(Config) when is_list(Config) ->
 ex_roundtrips(Config) when is_list(Config) ->
     ?line L1 = ranges(0, 16#D800 - 1, 
 		      erlang:system_info(context_reductions) * 11),
-    ?line L2 = ranges(16#DFFF + 1, 16#FFFE - 1, 
+    ?line L2 = ranges(16#DFFF + 1, 16#10000 - 1,
 		      erlang:system_info(context_reductions) * 11),
     %?line L3 = ranges(16#FFFF + 1, 16#10FFFF, 
     %		      erlang:system_info(context_reductions) * 11),
@@ -569,7 +569,6 @@ utf16_illegal_sequences_bif(Config) when is_list(Config) ->
 ex_utf16_illegal_sequences_bif(Config) when is_list(Config) ->
     ?line utf16_fail_range_bif_simple(16#10FFFF+1, 16#10FFFF+512), %Too large.
     ?line utf16_fail_range_bif(16#D800, 16#DFFF),		%Reserved for UTF-16.
-    ?line utf16_fail_range_bif(16#FFFE, 16#FFFF),		%Non-characters.
 
     ?line lonely_hi_surrogate_bif(16#D800, 16#DBFF,incomplete),
     ?line lonely_hi_surrogate_bif(16#DC00, 16#DFFF,error),
@@ -644,7 +643,6 @@ utf8_illegal_sequences_bif(Config) when is_list(Config) ->
 ex_utf8_illegal_sequences_bif(Config) when is_list(Config) ->
     ?line fail_range_bif(16#10FFFF+1, 16#10FFFF+512), %Too large.
     ?line fail_range_bif(16#D800, 16#DFFF),		%Reserved for UTF-16.
-    ?line fail_range_bif(16#FFFE, 16#FFFF),		%Reserved (BOM).
 
     %% Illegal first character.
     ?line [fail_bif(<<I,16#8F,16#8F,16#8F>>,unicode) || I <- lists:seq(16#80, 16#BF)],
diff --git a/lib/stdlib/vsn.mk b/lib/stdlib/vsn.mk
index 9d4ed17774..694d39ce9c 100644
--- a/lib/stdlib/vsn.mk
+++ b/lib/stdlib/vsn.mk
@@ -1 +1 @@
-STDLIB_VSN = 1.17.5
+STDLIB_VSN = 1.18.1
diff --git a/lib/syntax_tools/doc/Makefile b/lib/syntax_tools/doc/Makefile
index 6afd16f669..d9981de880 100644
--- a/lib/syntax_tools/doc/Makefile
+++ b/lib/syntax_tools/doc/Makefile
@@ -78,12 +78,3 @@ release_docs_spec: docs
 
 
 release_spec:
-
-
-
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-#-include make.dep
-
-
diff --git a/lib/syntax_tools/doc/src/make.dep b/lib/syntax_tools/doc/src/make.dep
deleted file mode 100644
index acc76857bb..0000000000
--- a/lib/syntax_tools/doc/src/make.dep
+++ /dev/null
@@ -1,22 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex chapter.tex epp_dodger.tex erl_comment_scan.tex \
-		erl_prettypr.tex erl_recomment.tex erl_syntax.tex \
-		erl_syntax_lib.tex erl_tidy.tex igor.tex part.tex \
-		prettypr.tex ref_man.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/syntax_tools/doc/src/notes.xml b/lib/syntax_tools/doc/src/notes.xml
index 5948f7ada3..b9ac587043 100644
--- a/lib/syntax_tools/doc/src/notes.xml
+++ b/lib/syntax_tools/doc/src/notes.xml
@@ -31,6 +31,38 @@
   <p>This document describes the changes made to the Syntax_Tools
     application.</p>
 
+<section><title>Syntax_Tools 1.6.7.2</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Syntax_Tools 1.6.7.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/syntax_tools/src/Makefile b/lib/syntax_tools/src/Makefile
index 50369e633e..bac138e95a 100644
--- a/lib/syntax_tools/src/Makefile
+++ b/lib/syntax_tools/src/Makefile
@@ -26,7 +26,7 @@ EBIN = ../ebin
 ifeq ($(NATIVE_LIBS_ENABLED),yes)
 ERL_COMPILE_FLAGS += +native
 endif
-ERL_COMPILE_FLAGS += +warn_unused_vars +nowarn_shadow_vars +warn_unused_import +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_unused_vars +nowarn_shadow_vars +warn_unused_import # +warn_missing_spec +warn_untyped_record
 
 SOURCES=erl_syntax.erl erl_prettypr.erl erl_syntax_lib.erl	\
 	erl_comment_scan.erl erl_recomment.erl erl_tidy.erl	\
diff --git a/lib/syntax_tools/src/erl_syntax.erl b/lib/syntax_tools/src/erl_syntax.erl
index 9df5f26454..32fd3722d6 100644
--- a/lib/syntax_tools/src/erl_syntax.erl
+++ b/lib/syntax_tools/src/erl_syntax.erl
@@ -6093,11 +6093,17 @@ implicit_fun_name(Node) ->
 	{'fun', Pos, {function, Atom, Arity}} ->
 	    arity_qualifier(set_pos(atom(Atom), Pos),
 			    set_pos(integer(Arity), Pos));
-	{'fun', Pos, {function, Module, Atom, Arity}} ->
+	{'fun', Pos, {function, Module, Atom, Arity}}
+	  when is_atom(Module), is_atom(Atom), is_integer(Arity) ->
+	    %% Backward compatibility with pre-R15 abstract format.
 	    module_qualifier(set_pos(atom(Module), Pos),
 			     arity_qualifier(
 			       set_pos(atom(Atom), Pos),
 			       set_pos(integer(Arity), Pos)));
+	{'fun', _Pos, {function, Module, Atom, Arity}} ->
+	    %% New in R15: fun M:F/A.
+	    %% XXX: Perhaps set position for this as well?
+	    module_qualifier(Module, arity_qualifier(Atom, Arity));
 	Node1 ->
 	    data(Node1)
     end.
diff --git a/lib/syntax_tools/src/erl_tidy.erl b/lib/syntax_tools/src/erl_tidy.erl
index 1cfdc7234a..09efc9c392 100644
--- a/lib/syntax_tools/src/erl_tidy.erl
+++ b/lib/syntax_tools/src/erl_tidy.erl
@@ -103,7 +103,7 @@ dir(Dir) ->
 %%   <dt>{regexp, string()}</dt>
 %%
 %%       <dd>The value denotes a regular expression (see module
-%%       `regexp').  Tidying will only be applied to those
+%%       `re').  Tidying will only be applied to those
 %%       regular files whose names match this pattern. The default
 %%       value is `".*\\.erl$"', which matches normal
 %%       Erlang source file names.</dd>
@@ -124,7 +124,7 @@ dir(Dir) ->
 %%
 %% See the function {@link file/2} for further options.
 %%
-%% @see //stdlib/regexp
+%% @see //stdlib/re
 %% @see file/2
 
 -record(dir, {follow_links = false :: boolean(),
diff --git a/lib/syntax_tools/vsn.mk b/lib/syntax_tools/vsn.mk
index cc7ea944f9..962492befd 100644
--- a/lib/syntax_tools/vsn.mk
+++ b/lib/syntax_tools/vsn.mk
@@ -1 +1 @@
-SYNTAX_TOOLS_VSN = 1.6.7.1
+SYNTAX_TOOLS_VSN = 1.6.7.2
diff --git a/lib/test_server/doc/src/Makefile b/lib/test_server/doc/src/Makefile
index c7ba415e5b..b32f3d3c59 100644
--- a/lib/test_server/doc/src/Makefile
+++ b/lib/test_server/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2002-2010. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -133,9 +133,3 @@ release_docs_spec: docs
 release_spec:
 
 release_tests_spec:
-
-# ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-include make.dep
diff --git a/lib/test_server/doc/src/make.dep b/lib/test_server/doc/src/make.dep
deleted file mode 100644
index ee9100bd08..0000000000
--- a/lib/test_server/doc/src/make.dep
+++ /dev/null
@@ -1,24 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: basics_chapter.tex book.tex example_chapter.tex \
-		part.tex ref_man.tex run_test_chapter.tex \
-		test_server_app.tex test_server_ctrl.tex \
-		test_server.tex test_spec_chapter.tex \
-		write_framework_chapter.tex \
-		write_test_chapter.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/test_server/doc/src/notes.xml b/lib/test_server/doc/src/notes.xml
index beeff55ffe..d90ad2c4ed 100644
--- a/lib/test_server/doc/src/notes.xml
+++ b/lib/test_server/doc/src/notes.xml
@@ -32,6 +32,49 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Test_Server 3.5</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    The test case group info function has been implemented in
+	    Common Test. Before execution of a test case group, a
+	    call is now made to <c>TestSuite:group(GroupName)</c>.
+	    The function returns a list of test properties, e.g. to
+	    specify timetrap values, require configuration data, etc
+	    (analogue to the test suite- and test case info
+	    function). The scope of the properties set by
+	    <c>group(GroupName)</c> is all test cases and sub-groups
+	    of group <c>GroupName</c>.</p>
+          <p>
+	    Own Id: OTP-9235</p>
+        </item>
+        <item>
+          <p>
+	    The look of the HTML log files generated by Common Test
+	    and Test Server has been improved (and made easier to
+	    customize) by means of a CSS file.</p>
+          <p>
+	    Own Id: OTP-9706</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Known Bugs and Problems</title>
+      <list>
+        <item>
+          <p>
+	    Fix problems in CT/TS due to line numbers in exceptions.</p>
+          <p>
+	    Own Id: OTP-9203</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Test_Server 3.4.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/test_server/doc/src/test_server.xml b/lib/test_server/doc/src/test_server.xml
index 78bb922cc5..5bfa42c36f 100644
--- a/lib/test_server/doc/src/test_server.xml
+++ b/lib/test_server/doc/src/test_server.xml
@@ -203,7 +203,7 @@
     <func>
       <name>format(Format) -> ok</name>
       <name>format(Format, Args)</name>
-      <name>format(Pri,Format)</name>
+      <name>format(Pri, Format)</name>
       <name>format(Pri, Format, Args)</name>
       <fsummary></fsummary>
       <type>
diff --git a/lib/test_server/include/test_server.hrl b/lib/test_server/include/test_server.hrl
index 4b96d84ace..36e7e1f83d 100644
--- a/lib/test_server/include/test_server.hrl
+++ b/lib/test_server/include/test_server.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,11 +20,10 @@
 -ifdef(line_trace).
 -line_trace(true).
 -define(line,
-	put(test_server_loc,{?MODULE,?LINE}),
 	io:format(lists:concat([?MODULE,",",integer_to_list(?LINE),": ~p"]),
 		  [erlang:now()]),).
 -else.
--define(line,put(test_server_loc,{?MODULE,?LINE}),).
+-define(line,).
 -endif.
 -define(t,test_server).
 -define(config,test_server:lookup_config).
diff --git a/lib/test_server/include/test_server_line.hrl b/lib/test_server/include/test_server_line.hrl
index 60ef860883..3c309d3ee5 100644
--- a/lib/test_server/include/test_server_line.hrl
+++ b/lib/test_server/include/test_server_line.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2004-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -16,5 +16,4 @@
 %% 
 %% %CopyrightEnd%
 %%
--compile({parse_transform,test_server_line}).
 
diff --git a/lib/test_server/src/Makefile b/lib/test_server/src/Makefile
index 63a585d526..4bc51873c2 100644
--- a/lib/test_server/src/Makefile
+++ b/lib/test_server/src/Makefile
@@ -43,7 +43,6 @@ MODULES= test_server_ctrl \
 	 test_server_node \
 	 test_server \
 	 test_server_sup \
-	 test_server_line \
 	 test_server_h \
 	 erl2html2 \
 	 vxworks_client
diff --git a/lib/test_server/src/config.guess b/lib/test_server/src/config.guess
index 6f1eeddfcc..38a833903b 120000..100755
--- a/lib/test_server/src/config.guess
+++ b/lib/test_server/src/config.guess
@@ -1 +1,1519 @@
-../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/test_server/src/config.sub b/lib/test_server/src/config.sub
index 47a0f10138..f43233b104 120000..100755
--- a/lib/test_server/src/config.sub
+++ b/lib/test_server/src/config.sub
@@ -1 +1,1630 @@
-../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/test_server/src/erl2html2.erl b/lib/test_server/src/erl2html2.erl
index c94d4627f9..6891e87e48 100644
--- a/lib/test_server/src/erl2html2.erl
+++ b/lib/test_server/src/erl2html2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -32,32 +32,34 @@
 %--------------------------------------------------------------------
 
 -module(erl2html2).
--export([convert/2]).
+-export([convert/2, convert/3]).
 
 convert([], _Dest) ->   % Fake clause.
     ok;
 convert(File, Dest) ->
+    %% The generated code uses the BGCOLOR attribute in the
+    %% BODY tag, which wasn't valid until HTML 3.2.  Also,
+    %% good HTML should either override all colour attributes
+    %% or none of them -- *never* just a few.
+    %%
+    %% FIXME: The colours should *really* be set with
+    %% stylesheets...
+    Header = ["<!DOCTYPE HTML PUBLIC "
+	      "\"-//W3C//DTD HTML 3.2 Final//EN\">\n"
+	      "<!-- autogenerated by '"++atom_to_list(?MODULE)++"'. -->\n"
+	      "<html>\n"
+	      "<head><title>", File, "</title></head>\n\n"
+	      "<body bgcolor=\"white\" text=\"black\""
+	      " link=\"blue\" vlink=\"purple\" alink=\"red\">\n"],
+    convert(File, Dest, Header).
+    
+convert(File, Dest, Header) ->
     case file:read_file(File) of
 	{ok, Bin} ->
 	    Code=binary_to_list(Bin),
 	    statistics(runtime),
-	    %% The generated code uses the BGCOLOR attribute in the
-	    %% BODY tag, which wasn't valid until HTML 3.2.  Also,
-	    %% good HTML should either override all colour attributes
-	    %% or none of them -- *never* just a few.
-	    %%
-	    %% FIXME: The colours should *really* be set with
-	    %% stylesheets...
-	    Html0 
-		= ["<!DOCTYPE HTML PUBLIC "
-		   "\"-//W3C//DTD HTML 3.2 Final//EN\">\n"
-		   "<!-- autogenerated by '"++atom_to_list(?MODULE)++"'. -->\n"
-		   "<html>\n"
-		   "<head><title>", File, "</title></head>\n\n"
-		   "<body bgcolor=\"white\" text=\"black\""
-		   " link=\"blue\" vlink=\"purple\" alink=\"red\">\n"],
 	    {Html1, Lines} = root(Code, [], 1),
-	    Html = [Html0, 
+	    Html = [Header,
 		    "<pre>\n", Html1, "</pre>\n", 
 		    footer(Lines),"</body>\n</html>\n"],
 	    file:write_file(Dest, Html);
@@ -173,10 +175,11 @@ linenum(Line) ->
 	end, 
     [A,Pred,integer_to_list(Line),":"].
 
-footer(Lines) ->
-    {_, Time} = statistics(runtime),
-%    io:format("Converted ~p lines in ~.2f Seconds.~n",
-%	      [Lines, Time/1000]),
-    S = "<i>The transformation of this file (~p lines) took ~.2f seconds</i>",
-    F = lists:flatten(io_lib:format(S, [Lines, Time/1000])),
-    ["<hr size=1>",F,"<br>\n"].
+footer(_Lines) ->
+    "".
+%%    {_, Time} = statistics(runtime),
+%%    io:format("Converted ~p lines in ~.2f Seconds.~n",
+%%	      [Lines, Time/1000]),
+%%    S = "<i>The transformation of this file (~p lines) took ~.2f seconds</i>",
+%%    F = lists:flatten(io_lib:format(S, [Lines, Time/1000])),
+%%    ["<hr size=1>",F,"<br>\n"].
diff --git a/lib/test_server/src/install-sh b/lib/test_server/src/install-sh
index a859cade7f..a5897de6ea 120000..100755
--- a/lib/test_server/src/install-sh
+++ b/lib/test_server/src/install-sh
@@ -1 +1,519 @@
-../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/test_server/src/test_server.app.src b/lib/test_server/src/test_server.app.src
index af2d4dc2cb..faf7db835e 100644
--- a/lib/test_server/src/test_server.app.src
+++ b/lib/test_server/src/test_server.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,7 +24,6 @@
 	     test_server_ctrl,
 	     test_server,
 	     test_server_h,
-	     test_server_line,
 	     test_server_node,
 	     test_server_sup
 	    ]},
diff --git a/lib/test_server/src/test_server.erl b/lib/test_server/src/test_server.erl
index 244207e140..51754cb3b4 100644
--- a/lib/test_server/src/test_server.erl
+++ b/lib/test_server/src/test_server.erl
@@ -36,7 +36,8 @@
 -export([capture_start/0,capture_stop/0,capture_get/0]).
 -export([messages_get/0]).
 -export([hours/1,minutes/1,seconds/1,sleep/1,adjusted_sleep/1,timecall/3]).
--export([timetrap_scale_factor/0,timetrap/1,timetrap_cancel/1,timetrap_cancel/0]).
+-export([timetrap_scale_factor/0,timetrap/1,get_timetrap_info/0,
+	 timetrap_cancel/1,timetrap_cancel/0]).
 -export([m_out_of_n/3,do_times/4,do_times/2]).
 -export([call_crash/3,call_crash/4,call_crash/5]).
 -export([temp_name/1]).
@@ -611,6 +612,7 @@ do_run_test_case_apply(Mod, Func, Args, Name, RunInit, TimetrapData) ->
     print(minor, "Test case started with:\n~s:~s(~p)\n", [Mod,Func,Args2Print]),
     print(minor, "Current directory is ~p\n", [Cwd]),
     print_timestamp(minor,"Started at "),
+    print(minor, "", [], internal_raw),
     TCCallback = get(test_server_testcase_callback),
     LogOpts = get(test_server_logopts),
     Ref = make_ref(),
@@ -768,7 +770,6 @@ run_test_case_msgloop(Ref, Pid, CaptureStdout, Terminate, Comment, CurrConf) ->
 			    run_test_case_msgloop(Ref,Pid,CaptureStdout,Terminate,
 						  Comment,undefined);
 			Loc1 ->
-			    {Mod,Func} = get_mf(Loc1),
 			    %% call end_per_testcase on a separate process,
 			    %% only so that the user has a chance to clean up
 			    %% after init_per_testcase, even after a timetrap timeout
@@ -784,6 +785,7 @@ run_test_case_msgloop(Ref, Pid, CaptureStdout, Terminate, Comment, CurrConf) ->
 							  TVal),
 					{EndConfPid,{Mod,Func},Conf};
 				    _ ->
+					{Mod,Func} = get_mf(Loc1),
 					%% The framework functions mustn't execute on this
 					%% group leader process or io will cause deadlock,
 					%% so we spawn a dedicated process for the operation
@@ -821,7 +823,6 @@ run_test_case_msgloop(Ref, Pid, CaptureStdout, Terminate, Comment, CurrConf) ->
 			    run_test_case_msgloop(Ref,Pid,CaptureStdout,Terminate,
 						  Comment,undefined);
 			Loc1 ->
-			    {Mod,Func} = get_mf(Loc1),
 			    %% call end_per_testcase on a separate process, only so
 			    %% that the user has a chance to clean up after init_per_testcase,
 			    %% even after abortion
@@ -839,6 +840,7 @@ run_test_case_msgloop(Ref, Pid, CaptureStdout, Terminate, Comment, CurrConf) ->
 							  TVal),
 					{EndConfPid,{Mod,Func},Conf};
 				    _ ->
+					{Mod,Func} = get_mf(Loc1),
 					spawn_fw_call(Mod,Func,CurrConf,Pid,ErrorMsg,
 						      Loc1,self(),Comment),
 					undefined
@@ -1006,8 +1008,11 @@ spawn_fw_call(Mod,{end_per_testcase,Func},EndConf,Pid,
 		end,
 		%% if end_per_testcase fails a warning should be
 		%% printed as comment
-		Comment1 = if Comment == "" -> "";
-			      true -> Comment ++ "<br>"
+		Comment1 = if Comment == "" -> 
+				   "";
+			      true -> 
+				   Comment ++ test_server_ctrl:xhtml("<br>",
+								     "<br />")
 			   end,
 		%% finished, report back
 		SendTo ! {self(),fw_notify_done,
@@ -1135,7 +1140,7 @@ run_test_case_eval(Mod, Func, Args0, Name, Ref, RunInit,
 	    {auto_skip,Reason} ->
 		Where = {Mod,Func},
 		NewResult = do_end_tc_call(Mod,Func, Where, {{skip,Reason},Args0},
-					   {skip,{fw_auto_skip,Reason}}),
+					   {skip,Reason}),
 		{{0,NewResult},Where,[]}
 	end,
     exit({Ref,Time,Value,Loc,Opts}).
@@ -1253,11 +1258,15 @@ run_test_case_eval1(Mod, Func, Args, Name, RunInit, TCCallback) ->
     end.
 
 do_end_tc_call(M,F, Loc, Res, Return) ->
+    IsSuite = case lists:reverse(atom_to_list(M)) of
+		  [$E,$T,$I,$U,$S,$_|_]  -> true;
+		  _ -> false
+	      end,
     FwMod = os:getenv("TEST_SERVER_FRAMEWORK"),
     {Mod,Func} =
 	if FwMod == M ; FwMod == "undefined"; FwMod == false ->
 		{M,F};
-	   is_list(Loc) and (length(Loc)>1) ->
+	   (not IsSuite) and is_list(Loc) and (length(Loc)>1) ->
 		%% If failure in other module (M) than suite, try locate
 		%% suite name in Loc list and call end_tc with Suite:TestCase
 		%% instead of M:F.
@@ -1388,57 +1397,62 @@ init_per_testcase(Mod, Func, Args) ->
 	false -> code:load_file(Mod);
 	_ -> ok
     end,
-    %% init_per_testcase defined, returns new configuration
-    case erlang:function_exported(Mod,init_per_testcase,2) of
+    case erlang:function_exported(Mod, init_per_testcase, 2) of
 	true ->
-	    case catch my_apply(Mod, init_per_testcase, [Func|Args]) of
-		{'$test_server_ok',{Skip,Reason}} when Skip==skip;
-						       Skip==skipped ->
-		    {skip,Reason};
-		{'$test_server_ok',Res={skip_and_save,_,_}} ->
-		    Res;
-		{'$test_server_ok',NewConf} when is_list(NewConf) ->
-		    case lists:filter(fun(T) when is_tuple(T) -> false;
-					 (_) -> true end, NewConf) of
-			[] ->
-			    {ok,NewConf};
-			Bad ->
-			    group_leader() ! {printout,12,
-					      "ERROR! init_per_testcase has returned "
-					      "bad elements in Config: ~p\n",[Bad]},
-			    {skip,{failed,{Mod,init_per_testcase,bad_return}}}
-		    end;
-		{'$test_server_ok',Res={fail,_Reason}} ->
-		    Res;
-		{'$test_server_ok',_Other} ->
-		    group_leader() ! {printout,12,
-				      "ERROR! init_per_testcase did not return "
-				      "a Config list.\n",[]},
-		    {skip,{failed,{Mod,init_per_testcase,bad_return}}};
-		{'EXIT',Reason} ->
-		    Line = get_loc(),
-		    FormattedLoc = test_server_sup:format_loc(mod_loc(Line)),
-		    group_leader() ! {printout,12,
-				      "ERROR! init_per_testcase crashed!\n"
-				      "\tLocation: ~s\n\tReason: ~p\n",
-				      [FormattedLoc,Reason]},
-		    {skip,{failed,{Mod,init_per_testcase,Reason}}};
-		Other ->
-		    Line = get_loc(),
-		    FormattedLoc = test_server_sup:format_loc(mod_loc(Line)),
-		    group_leader() ! {printout,12,
-				      "ERROR! init_per_testcase thrown!\n"
-				      "\tLocation: ~s\n\tReason: ~p\n",
-				      [FormattedLoc, Other]},
-		    {skip,{failed,{Mod,init_per_testcase,Other}}}
-	    end;
+	    do_init_per_testcase(Mod, [Func|Args]);
 	false ->
-%% Optional init_per_testcase not defined
-%% keep quiet.
+	    %% Optional init_per_testcase is not defined -- keep quiet.
 	    [Config] = Args,
 	    {ok, Config}
     end.
 
+do_init_per_testcase(Mod, Args) ->
+    try	apply(Mod, init_per_testcase, Args) of
+	{Skip,Reason} when Skip =:= skip; Skip =:= skipped ->
+	    {skip,Reason};
+	{skip_and_save,_,_}=Res ->
+	    Res;
+	NewConf when is_list(NewConf) ->
+	    case lists:filter(fun(T) when is_tuple(T) -> false;
+				 (_) -> true end, NewConf) of
+		[] ->
+		    {ok,NewConf};
+		Bad ->
+		    group_leader() ! {printout,12,
+				      "ERROR! init_per_testcase has returned "
+				      "bad elements in Config: ~p\n",[Bad]},
+		    {skip,{failed,{Mod,init_per_testcase,bad_return}}}
+	    end;
+	{fail,_Reason}=Res ->
+	    Res;
+	_Other ->
+	    group_leader() ! {printout,12,
+			      "ERROR! init_per_testcase did not return "
+			      "a Config list.\n",[]},
+	    {skip,{failed,{Mod,init_per_testcase,bad_return}}}
+    catch
+	throw:Other ->
+	    set_loc(erlang:get_stacktrace()),
+	    Line = get_loc(),
+	    FormattedLoc = test_server_sup:format_loc(mod_loc(Line)),
+	    group_leader() ! {printout,12,
+			      "ERROR! init_per_testcase thrown!\n"
+			      "\tLocation: ~s\n\tReason: ~p\n",
+			      [FormattedLoc, Other]},
+	    {skip,{failed,{Mod,init_per_testcase,Other}}};
+	_:Reason0 ->
+	    Stk = erlang:get_stacktrace(),
+	    Reason = {Reason0,Stk},
+	    set_loc(Stk),
+	    Line = get_loc(),
+	    FormattedLoc = test_server_sup:format_loc(mod_loc(Line)),
+	    group_leader() ! {printout,12,
+			      "ERROR! init_per_testcase crashed!\n"
+			      "\tLocation: ~s\n\tReason: ~p\n",
+			      [FormattedLoc,Reason]},
+	    {skip,{failed,{Mod,init_per_testcase,Reason}}}
+    end.
+
 end_per_testcase(Mod, Func, Conf) ->
     case erlang:function_exported(Mod,end_per_testcase,2) of
 	true ->
@@ -1456,65 +1470,92 @@ end_per_testcase(Mod, Func, Conf) ->
 do_end_per_testcase(Mod,EndFunc,Func,Conf) ->
     put(test_server_init_or_end_conf,{EndFunc,Func}),
     put(test_server_loc, {Mod,{EndFunc,Func}}),
-    case catch my_apply(Mod, EndFunc, [Func,Conf]) of
-	{'$test_server_ok',SaveCfg={save_config,_}} ->
+    try Mod:EndFunc(Func, Conf) of
+	{save_config,_}=SaveCfg ->
 	    SaveCfg;
-	{'$test_server_ok',{fail,_}=Fail} ->
+	{fail,_}=Fail ->
 	    Fail;
-	{'$test_server_ok',_} ->
-	    ok;
-	{'EXIT',Reason} = Why ->
+	_ ->
+	    ok
+    catch
+	throw:Other ->
 	    Comment0 = case read_comment() of
 			   ""  -> "";
-			   Cmt -> Cmt ++ "<br>"
+			   Cmt -> Cmt ++ test_server_ctrl:xhtml("<br>",
+								"<br />")
 		       end,
+	    set_loc(erlang:get_stacktrace()),
 	    comment(io_lib:format("~s<font color=\"red\">"
-				  "WARNING: ~w crashed!"
+				  "WARNING: ~w thrown!"
 				  "</font>\n",[Comment0,EndFunc])),
 	    group_leader() ! {printout,12,
-			      "WARNING: ~w crashed!\n"
+			      "WARNING: ~w thrown!\n"
 			      "Reason: ~p\n"
 			      "Line: ~s\n",
-			      [EndFunc, Reason,
+			      [EndFunc, Other,
 			       test_server_sup:format_loc(
 				 mod_loc(get_loc()))]},
-	    {failed,{Mod,end_per_testcase,Why}};
-	Other ->
+	    {failed,{Mod,end_per_testcase,Other}};
+	  Class:Reason ->
+	    Stk = erlang:get_stacktrace(),
+	    set_loc(Stk),
+	    Why = case Class of
+		      exit -> {'EXIT',Reason};
+		      error -> {'EXIT',{Reason,Stk}}
+		  end,
 	    Comment0 = case read_comment() of
 			   ""  -> "";
-			   Cmt -> Cmt ++ "<br>"
+			   Cmt -> Cmt ++ test_server_ctrl:xhtml("<br>",
+								"<br />")
 		       end,
 	    comment(io_lib:format("~s<font color=\"red\">"
-				  "WARNING: ~w thrown!"
+				  "WARNING: ~w crashed!"
 				  "</font>\n",[Comment0,EndFunc])),
 	    group_leader() ! {printout,12,
-			      "WARNING: ~w thrown!\n"
+			      "WARNING: ~w crashed!\n"
 			      "Reason: ~p\n"
 			      "Line: ~s\n",
-			      [EndFunc, Other,
+			      [EndFunc, Reason,
 			       test_server_sup:format_loc(
 				 mod_loc(get_loc()))]},
-	    {failed,{Mod,end_per_testcase,Other}}
+	    {failed,{Mod,end_per_testcase,Why}}
     end.
 
 get_loc() ->
-    case catch test_server_line:get_lines() of
-	[] ->
-	    get(test_server_loc);
-	{'EXIT',_} ->
-	    get(test_server_loc);
-	Loc ->
-	    Loc
-    end.
+    get(test_server_loc).
 
 get_loc(Pid) ->
-    {dictionary,Dict} = process_info(Pid, dictionary),
-    lists:foreach(fun({Key,Val}) -> put(Key,Val) end,Dict),
+    [{current_stacktrace,Stk0},{dictionary,Dict}] =
+	process_info(Pid, [current_stacktrace,dictionary]),
+    lists:foreach(fun({Key,Val}) -> put(Key, Val) end, Dict),
+    Stk = [rewrite_loc_item(Loc) || Loc <- Stk0],
+    case get(test_server_loc) of
+	undefined -> put(test_server_loc, Stk);
+	_ -> ok
+    end,
     get_loc().
 
-get_mf([{M,F,_}|_]) -> {M,F};
-get_mf([{M,F}|_])   -> {M,F};
-get_mf(_)           -> {undefined,undefined}.
+%% find the latest known Suite:Testcase
+get_mf(MFs) ->
+    get_mf(MFs, {undefined,undefined}).
+
+get_mf([MF|MFs], _Found) when is_tuple(MF) ->
+    ModFunc = {Mod,_} = case MF of
+			    {M,F,_} -> {M,F};
+			    MF -> MF
+			end,
+    case is_suite(Mod) of
+	true -> ModFunc;
+	false -> get_mf(MFs, ModFunc)
+    end;
+get_mf(_, Found) ->
+    Found.
+
+is_suite(Mod) ->
+    case lists:reverse(atom_to_list(Mod)) of
+	"ETIUS" ++ _ -> true;
+	_ -> false
+    end.
 
 mod_loc(Loc) ->
     %% handle diff line num versions
@@ -1544,7 +1585,7 @@ fw_error_notify(Mod, Func, Args, Error, Loc) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% print(Detail,Format,Args) -> ok
+%% print(Detail,Format,Args,Printer) -> ok
 %% Detail = integer()
 %% Format = string()
 %% Args = [term()]
@@ -1555,6 +1596,9 @@ fw_error_notify(Mod, Func, Args, Error, Loc) ->
 print(Detail,Format,Args) ->
     local_or_remote_apply({test_server_ctrl,print,[Detail,Format,Args]}).
 
+print(Detail,Format,Args,Printer) ->
+    local_or_remote_apply({test_server_ctrl,print,[Detail,Format,Args,Printer]}).
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% print_timsteamp(Detail,Leader) -> ok
 %%
@@ -1587,16 +1631,22 @@ lookup_config(Key,Config) ->
 %% timer:tc/3
 ts_tc(M, F, A) ->
     Before = erlang:now(),
-    Val = (catch my_apply(M, F, A)),
+    Result = try
+		 apply(M, F, A)
+	     catch
+		 Type:Reason ->
+		     Stk = erlang:get_stacktrace(),
+		     set_loc(Stk),
+		     case Type of
+			 throw ->
+			     {failed,{thrown,Reason}};
+			 error ->
+			     {'EXIT',{Reason,Stk}};
+			 exit ->
+			     {'EXIT',Reason}
+		     end
+	     end,
     After = erlang:now(),
-    Result = case Val of
-		 {'$test_server_ok', R} ->
-		     R; % test case ok
-		 {'EXIT',_Reason} = R ->
-		     R; % test case crashed
-		 Other ->
-		     {failed, {thrown,Other}} % test case was thrown
-	  end,
     Elapsed =
 	(element(1,After)*1000000000000
 	 +element(2,After)*1000000+element(3,After)) -
@@ -1604,8 +1654,12 @@ ts_tc(M, F, A) ->
 	 +element(2,Before)*1000000+element(3,Before)),
     {Elapsed, Result}.
 
-my_apply(M, F, A) ->
-    {'$test_server_ok',apply(M, F, A)}.
+set_loc(Stk) ->
+    Loc = [rewrite_loc_item(I) || {_,_,_,_}=I <- Stk],
+    put(test_server_loc, Loc).
+
+rewrite_loc_item({M,F,_,Loc}) ->
+    {M,F,proplists:get_value(line, Loc, 0)}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -1768,7 +1822,16 @@ adjusted_sleep(MSecs) ->
 %% to read when using this function, rather than exit directly.
 fail(Reason) ->
     comment(cast_to_list(Reason)),
-    exit({suite_failed,Reason}).
+    try
+	exit({suite_failed,Reason})
+    catch
+	Class:R ->
+	    case erlang:get_stacktrace() of
+		[{?MODULE,fail,1,_}|Stk] -> ok;
+		Stk -> ok
+	    end,
+	    erlang:raise(Class, R, Stk)
+    end.
 
 cast_to_list(X) when is_list(X) -> X;
 cast_to_list(X) when is_atom(X) -> atom_to_list(X);
@@ -1782,7 +1845,16 @@ cast_to_list(X) -> lists:flatten(io_lib:format("~p", [X])).
 %% Immediately calls exit. Included because test suites are easier
 %% to read when using this function, rather than exit directly.
 fail() ->
-    exit(suite_failed).
+    try
+	exit(suite_failed)
+    catch
+	Class:R ->
+	    case erlang:get_stacktrace() of
+		[{?MODULE,fail,0,_}|Stk] -> ok;
+		Stk -> ok
+	    end,
+	    erlang:raise(Class, R, Stk)
+    end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% break(Comment) -> ok
@@ -1792,7 +1864,9 @@ fail() ->
 break(Comment) ->
     case erase(test_server_timetraps) of
 	undefined -> ok;
-	List -> lists:foreach(fun({Ref,_}) -> timetrap_cancel(Ref) end, List)
+	List -> lists:foreach(fun({Ref,_,_}) -> 
+				      timetrap_cancel(Ref)
+			      end, List)
     end,
     io:format(user,
 	      "\n\n\n--- SEMIAUTOMATIC TESTING ---"
@@ -1881,8 +1955,8 @@ timetrap1(Timeout, Scale) ->
     TCPid = self(),
     Ref = spawn_link(test_server_sup,timetrap,[Timeout,Scale,TCPid]),
     case get(test_server_timetraps) of
-	undefined -> put(test_server_timetraps,[{Ref,TCPid}]);
-	List -> put(test_server_timetraps,[{Ref,TCPid}|List])
+	undefined -> put(test_server_timetraps,[{Ref,TCPid,{Timeout,Scale}}]);
+	List -> put(test_server_timetraps,[{Ref,TCPid,{Timeout,Scale}}|List])
     end,
     Ref.
 
@@ -1993,7 +2067,7 @@ timetrap_cancel(infinity) ->
 timetrap_cancel(Handle) ->
     case get(test_server_timetraps) of
 	undefined -> ok;
-	[{Handle,_}] -> erase(test_server_timetraps);
+	[{Handle,_,_}] -> erase(test_server_timetraps);
 	Timers -> put(test_server_timetraps,
 		      lists:keydelete(Handle, 1, Timers))
     end,
@@ -2009,13 +2083,30 @@ timetrap_cancel() ->
 	    ok;
 	Timers ->
 	    case lists:keysearch(self(), 2, Timers) of
-		{value,{Handle,_}} ->
+		{value,{Handle,_,_}} ->
 		    timetrap_cancel(Handle);
 		_ ->
 		    ok
 	    end
     end.
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% get_timetrap_info() -> {Timeout,Scale} | undefined
+%%
+%% Read timetrap info for current test case
+get_timetrap_info() ->
+    case get(test_server_timetraps) of
+	undefined ->
+	    undefined;
+	Timers ->
+	    case lists:keysearch(self(), 2, Timers) of
+		{value,{_,_,Info}} ->
+		    Info;
+		_ ->
+		    undefined
+	    end
+    end.
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% hours(N) -> Milliseconds
 %% minutes(N) -> Milliseconds
diff --git a/lib/test_server/src/test_server_ctrl.erl b/lib/test_server/src/test_server_ctrl.erl
index 4fad86d16d..3432b3bc8e 100644
--- a/lib/test_server/src/test_server_ctrl.erl
+++ b/lib/test_server/src/test_server_ctrl.erl
@@ -171,7 +171,7 @@
 -export([kill_slavenodes/0]).
 
 %%% TEST_SERVER INTERFACE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--export([output/2, print/2, print/3, print_timestamp/2]).
+-export([output/2, print/2, print/3, print/4, print_timestamp/2]).
 -export([start_node/3, stop_node/1, wait_for_node/1, is_release_available/1]).
 -export([format/1, format/2, format/3, to_string/1]).
 -export([get_target_info/0]).
@@ -187,6 +187,7 @@
 -export([handle_call/3, handle_cast/2, handle_info/2]).
 -export([do_test_cases/4]).
 -export([do_spec/2, do_spec_list/2]).
+-export([xhtml/2]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -214,6 +215,9 @@
 			  X == auto_skip -> skipped;
 			  true -> X end).
 
+-define(auto_skip_color, "#FFA64D").
+-define(user_skip_color, "#FF8000").
+
 -record(state,{jobs=[],levels={1,19,10},
 	       multiply_timetraps=1,scale_timetraps=true,
 	       finish=false,
@@ -1668,7 +1672,7 @@ do_test_cases(TopCases, SkipCases,
 do_test_cases(TopCases, SkipCases,
 	      Config, TimetrapData) when is_list(TopCases),
 					 is_tuple(TimetrapData) ->
-    start_log_file(),
+    {ok,TestDir} = start_log_file(),
     FwMod =
 	case os:getenv("TEST_SERVER_FRAMEWORK") of
 	    FW when FW =:= false; FW =:= "undefined" -> ?MODULE;
@@ -1692,60 +1696,86 @@ do_test_cases(TopCases, SkipCases,
 		  [print_if_known(N, {", ~w test cases",[N]},
 				  {" (with repeated test cases)",[]})]),
 	    Test = get(test_server_name),
-	    test_server_sup:framework_call(report, [tests_start,{Test,N}]),
+	    TestName = 	if is_list(Test) -> 
+				lists:flatten(io_lib:format("~s", [Test]));
+			   true ->
+				lists:flatten(io_lib:format("~p", [Test]))
+			end,			  
+	    TestDescr = "Test " ++ TestName ++ " results",
 
-	    Header =
-		case test_server_sup:framework_call(overview_html_header, [Test], "") of
-		    ""  ->
-			TestName = lists:flatten(io_lib:format("~p", [Test])),
-			["<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n",
-			 "<!-- autogenerated by '", atom_to_list(?MODULE), "'. -->\n",
-			 "<html>\n",
-			 "<head><title>Test ", TestName, " results</title>\n",
-			 "<meta http-equiv=\"cache-control\" content=\"no-cache\">\n",
-			 "</head>\n",
-			 "<body bgcolor=\"white\" text=\"black\" ",
-			 "link=\"blue\" vlink=\"purple\" alink=\"red\">",
-			 "<h2>Results from test ", TestName, "</h2>\n"];
-		    Html ->
-			["<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n",
-			 "<!-- autogenerated by '", atom_to_list(?MODULE), "'. -->\n" | Html]
+	    test_server_sup:framework_call(report, [tests_start,{Test,N}]),
+	    {Header,Footer} =
+		case test_server_sup:framework_call(get_html_wrapper, 
+						    [TestDescr,true,TestDir], "") of
+		    Empty when (Empty == "") ; (element(2,Empty) == "")  ->
+			put(basic_html, true),
+			{["<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n",
+			  "<!-- autogenerated by '", atom_to_list(?MODULE), "'. -->\n",
+			  "<html>\n",
+			  "<head><title>", TestDescr, "</title>\n",
+			  "<meta http-equiv=\"cache-control\" content=\"no-cache\">\n",
+			  "</head>\n",
+			  "<body bgcolor=\"white\" text=\"black\" ",
+			  "link=\"blue\" vlink=\"purple\" alink=\"red\">",
+			  "<h2>Results for test ", TestName, "</h2>\n"],
+			 "\n</body>\n</html>\n"};
+		    {basic_html,Html0,Html1} ->
+			put(basic_html, true),
+			{Html0++["<h1>Results for <i>",TestName,"</i></h1>\n"],
+			 Html1};
+		    {xhtml,Html0,Html1} ->
+			put(basic_html, false),
+			{Html0++["<h1>Results for <i>",TestName,"</i></h1>\n"],
+			 Html1}
 		end,
-	    print(html, Header, []),
-	    print_timestamp(html, "Test started at "),
 
-	    print(html, "<p>Host:<br>\n"),
+	    print(html, Header),
+
+	    print(html, xhtml("<p>", "<h4>")),
+	    print_timestamp(html, "Test started at "),
+	    print(html, xhtml("</p>", "</h4>")),
+	    
+	    print(html, xhtml("\n<p><b>Host info:</b><br>\n",
+			      "\n<p><b>Host info:</b><br />\n")),
 	    print_who(test_server_sup:hoststr(), test_server_sup:get_username()),
-	    print(html, "<br>Used Erlang ~s in <tt>~s</tt>.\n",
+	    print(html, xhtml("<br>Used Erlang v~s in <tt>~s</tt></p>\n",
+			      "<br />Used Erlang v~s in \"~s\"</p>\n"),
 		  [erlang:system_info(version), code:root_dir()]),
-
+	    
 	    if FwMod == ?MODULE ->
-		    print(html, "<p>Target:<br>\n"),
+		    print(html, xhtml("\n<p><b>Target Info:</b><br>\n",
+				      "\n<p><b>Target Info:</b><br />\n")),
 		    print_who(TI#target_info.host, TI#target_info.username),
-		    print(html, "<br>Used Erlang ~s in <tt>~s</tt>.\n",
+		    print(html, xhtml("<br>Used Erlang v~s in <tt>~s</tt></p>\n",
+				      "<br />Used Erlang v~s in \"~s\"</p>\n"),
 			  [TI#target_info.version, TI#target_info.root_dir]);
-		true ->
+	       true ->
 		    case test_server_sup:framework_call(target_info, []) of
 			TargetInfo when is_list(TargetInfo),
 			                length(TargetInfo) > 0 ->
-			    print(html, "<p>Target:<br>\n"),
-			    print(html, "~s\n", [TargetInfo]);
+			    print(html, xhtml("\n<p><b>Target info:</b><br>\n",
+					      "\n<p><b>Target info:</b><br />\n")),
+			    print(html, "~s</p>\n", [TargetInfo]);
 			_ ->
 			    ok
 		    end
 	    end,
-
+	    
 	    print(html,
-		  "<p><a href=\"~s\">Full textual log</a>\n"
-		  "<br><a href=\"~s\">Coverage log</a>\n",
+		  "<p><ul>\n"
+		  "<li><a href=\"~s\">Full textual log</a></li>\n"
+		  "<li><a href=\"~s\">Coverage log</a></li>\n</ul></p>\n",
 		  [?suitelog_name,?coverlog_name]),
-	    print(html,"<p>~s"
-		  "<p>\n"
-		  "<table bgcolor=\"white\" border=\"3\" cellpadding=\"5\">"
-		  "<tr><th>Num</th><th>Module</th><th>Case</th><th>Log</th>"
-		  "<th>Time</th><th>Result</th><th>Comment</th></tr>\n",
-		  [print_if_known(N, {"Suite contains ~p test cases.\n",[N]},
+	    print(html,
+		  "<p>~s</p>\n" ++
+		   xhtml("<table bgcolor=\"white\" border=\"3\" cellpadding=\"5\">",
+			 "<table>") ++
+		   "<tr><th>Num</th><th>Module</th><th>Case</th><th>Log</th>"
+		   "<th>Time</th><th>Result</th><th>Comment</th></tr>\n",
+		  [print_if_known(N, {"<i>Executing <b>~p</b> test cases...</i>\n",[N]},
 				  {"",[]})]),
+	    print(html, xhtml("<br>", "<br />")),
+
 	    print(major, "=cases         ~p", [get(test_server_cases)]),
 	    print(major, "=user          ~s", [TI#target_info.username]),
 	    print(major, "=host          ~s", [TI#target_info.host]),
@@ -1764,6 +1794,9 @@ do_test_cases(TopCases, SkipCases,
 	    print(major, "=otp_release   ~s", [TI#target_info.otp_release]),
 	    print(major, "=started       ~s",
 		   [lists:flatten(timestamp_get(""))]),
+
+	    put(test_server_html_footer, Footer),
+
 	    run_test_cases(TestSpec, Config, TimetrapData)
     end;
 
@@ -1773,7 +1806,7 @@ do_test_cases(TopCase, SkipCases, Config, TimetrapSpec) ->
 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% start_log_file() -> ok | exit({Error,Reason})
+%% start_log_file() -> {ok,TestDirName} | exit({Error,Reason})
 %% Stem = string()
 %%
 %% Creates the log directories, the major log file and the html log file.
@@ -1793,18 +1826,27 @@ start_log_file() ->
 	    exit({cant_create_log_dir,{MkDirError,Dir}})
     end,
     TestDir = timestamp_filename_get(filename:join(Dir, "run.")),
-    case file:make_dir(TestDir) of
-	ok ->
-	    ok;
-	MkDirError2 ->
-	    exit({cant_create_log_dir,{MkDirError2,TestDir}})
-    end,
-
-    ok = file:write_file(filename:join(Dir, ?last_file), TestDir ++ "\n"),
-    ok = file:write_file(?last_file, TestDir ++ "\n"),
-
-    put(test_server_log_dir_base,TestDir),
-    MajorName = filename:join(TestDir, ?suitelog_name),
+    TestDir1 =
+	case file:make_dir(TestDir) of
+	    ok ->
+		TestDir;
+	    {error,eexist} ->
+		timer:sleep(1000),
+		%% we need min 1 second between timestamps unfortunately
+		TestDirX = timestamp_filename_get(filename:join(Dir, "run.")),
+		case file:make_dir(TestDirX) of
+		    ok ->
+			TestDirX;
+		    MkDirError2 ->
+			exit({cant_create_log_dir,{MkDirError2,TestDirX}})
+		end;
+	    MkDirError2 ->
+		exit({cant_create_log_dir,{MkDirError2,TestDir}})
+	end,
+    ok = file:write_file(filename:join(Dir, ?last_file), TestDir1 ++ "\n"),
+    ok = file:write_file(?last_file, TestDir1 ++ "\n"),
+    put(test_server_log_dir_base,TestDir1),
+    MajorName = filename:join(TestDir1, ?suitelog_name),
     HtmlName = MajorName ++ ?html_ext,
     {ok,Major} = file:open(MajorName, [write]),
     {ok,Html}  = file:open(HtmlName,  [write]),
@@ -1817,14 +1859,14 @@ start_log_file() ->
     make_html_link(LinkName ++ ?html_ext, HtmlName,
 		   filename:basename(Dir)),
 
-    PrivDir = filename:join(TestDir, ?priv_dir),
+    PrivDir = filename:join(TestDir1, ?priv_dir),
     ok = file:make_dir(PrivDir),
     put(test_server_priv_dir,PrivDir++"/"),
     print_timestamp(13,"Suite started at "),
 
-    LogInfo = [{topdir,Dir},{rundir,lists:flatten(TestDir)}],
+    LogInfo = [{topdir,Dir},{rundir,lists:flatten(TestDir1)}],
     test_server_sup:framework_call(report, [loginfo,LogInfo]),
-    ok.
+    {ok,TestDir1}.
 
 make_html_link(LinkName, Target, Explanation) ->
     %% if possible use a relative reference to Target.
@@ -1881,16 +1923,32 @@ start_minor_log_file1(Mod, Func, LogDir, AbsName) ->
     {ok,Fd} = file:open(AbsName, [write]),
     Lev = get(test_server_minor_level)+1000, %% far down in the minor levels
     put(test_server_minor_fd, Fd),
-    io:fwrite(Fd,
-	      "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n"
-	      "<!-- autogenerated by '"++atom_to_list(?MODULE)++"'. -->\n"
-	      "<html>\n"
-	      "<head><title>"++cast_to_list(Mod)++"</title>\n"
-	      "<meta http-equiv=\"cache-control\" content=\"no-cache\">\n"
-	      "</head>\n"
-	      "<body bgcolor=\"white\" text=\"black\""
-	      " link=\"blue\" vlink=\"purple\" alink=\"red\">\n",
-	      []),
+    
+    TestDescr = io_lib:format("Test ~p:~p result", [Mod,Func]),
+    {Header,Footer} =
+	case test_server_sup:framework_call(get_html_wrapper, 
+					    [TestDescr,false,
+					     filename:dirname(AbsName)], "") of
+	    Empty when (Empty == "") ; (element(2,Empty) == "")  ->
+		put(basic_html, true),
+		{["<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n",
+		 "<!-- autogenerated by '", atom_to_list(?MODULE), "'. -->\n",
+		 "<html>\n",
+		 "<head><title>", TestDescr, "</title>\n",
+		 "<meta http-equiv=\"cache-control\" content=\"no-cache\">\n",
+		 "</head>\n",
+		 "<body bgcolor=\"white\" text=\"black\" ",
+		 "link=\"blue\" vlink=\"purple\" alink=\"red\">\n"],
+		 "\n</body>\n</html>\n"};
+	    {basic_html,Html0,Html1} ->
+		put(basic_html, true),
+		{Html0,Html1};
+	    {xhtml,Html0,Html1} ->
+		put(basic_html, false),
+		{Html0,Html1}
+	end,
+    put(test_server_minor_footer, Footer),
+    io:fwrite(Fd, Header, []),
 
     SrcListing = downcase(cast_to_list(Mod)) ++ ?src_listing_ext,
     case {filelib:is_file(filename:join(LogDir, SrcListing)),
@@ -1913,7 +1971,8 @@ start_minor_log_file1(Mod, Func, LogDir, AbsName) ->
 
 stop_minor_log_file() ->
     Fd = get(test_server_minor_fd),
-    io:fwrite(Fd, "</pre>\n</body>\n</html>\n", []),
+    Footer = get(test_server_minor_footer),
+    io:fwrite(Fd, "</pre>\n" ++ Footer, []),
     file:close(Fd),
     put(test_server_minor_fd, undefined).
 
@@ -1992,12 +2051,29 @@ html_convert_modules([]) -> ok.
 %% Convert source code to HTML if possible and needed.
 html_possibly_convert(Src, SrcInfo, Dest) ->
     case file:read_file_info(Dest) of
-	{error,_Reason} ->			% no dest file
-	    erl2html2:convert(Src, Dest);
-	{ok,DestInfo} when DestInfo#file_info.mtime < SrcInfo#file_info.mtime ->
-	    erl2html2:convert(Src, Dest);
-	{ok,_DestInfo} ->
-	    ok					% dest file up to date
+	{ok,DestInfo} when DestInfo#file_info.mtime >= SrcInfo#file_info.mtime ->
+	    ok;					% dest file up to date
+	_ ->
+	    OutDir = get(test_server_log_dir_base),
+	    Header =
+		case test_server_sup:framework_call(get_html_wrapper, 
+						    ["Module "++Src,false,
+						     OutDir], "") of
+		    Empty when (Empty == "") ; (element(2,Empty) == "")  ->
+			["<!DOCTYPE HTML PUBLIC",
+			 "\"-//W3C//DTD HTML 3.2 Final//EN\">\n",
+			 "<!-- autogenerated by 'erl2html2' -->\n",
+			 "<html>\n",
+			 "<head><title>Module ", Src, "</title>\n",
+			 "<meta http-equiv=\"cache-control\" ",
+			 "content=\"no-cache\">\n",
+			 "</head>\n",
+			 "<body bgcolor=\"white\" text=\"black\" ",
+			 "link=\"blue\" vlink=\"purple\" alink=\"red\">\n"];
+		    {_,Html,_} ->
+			Html
+		end,
+	    erl2html2:convert(Src, Dest, Header)
     end.
 
 %% Copy all HTML files in InDir to OutDir.
@@ -2658,23 +2734,32 @@ run_test_cases_loop([{conf,Ref,Props,{Mod,Func}}|_Cases]=Cs0,
 				      "(configuration case ~w)", [What]);
 			   (_) -> ok
 			end,
-
     CfgProps = if StartConf ->
 		       if Shuffle == undefined ->
 			       [{tc_group_properties,Props}];
 			  true ->
-			       [{tc_group_properties,[Shuffle|delete_shuffle(Props)]}]
+			       [{tc_group_properties,
+				 [Shuffle|delete_shuffle(Props)]}]
 		       end;
 		  not StartConf ->
 		       {TcOk,TcSkip,TcFail} = get_tc_results(Status1),
 		       [{tc_group_properties,get_props(Mode0)},
-			{tc_group_result,[{ok,TcOk},{skipped,TcSkip},{failed,TcFail}]}]
+			{tc_group_result,[{ok,TcOk},
+					  {skipped,TcSkip},
+					  {failed,TcFail}]}]
 	       end,
-    ActualCfg =
-	update_config(hd(Config), [{priv_dir,get(test_server_priv_dir)},
-				   {data_dir,get_data_dir(Mod)}] ++ CfgProps),
+    TSDirs = [{priv_dir,get(test_server_priv_dir)},{data_dir,get_data_dir(Mod)}],
+    ActualCfg = 
+	if not StartConf ->
+		update_config(hd(Config), TSDirs ++ CfgProps);
+	   true ->
+		GroupPath = lists:flatmap(fun({_Ref,[],_T}) -> [];
+					     ({_Ref,GrProps,_T}) -> [GrProps]
+					  end, Mode0),
+		update_config(hd(Config), 
+			      TSDirs ++ [{tc_group_path,GroupPath} | CfgProps])
+	end,	   
     CurrMode = curr_mode(Ref, Mode0, Mode),
-
     ConfCaseResult = run_test_case(Ref, 0, Mod, Func, [ActualCfg], skip_init, target,
 				   TimetrapData, CurrMode),
 
@@ -3153,8 +3238,8 @@ skip_case(Type, Ref, CaseNum, Case, Comment, SendSync, Mode) ->
 
 skip_case1(Type, CaseNum, Mod, Func, Comment, Mode) ->
     {{Col0,Col1},_} = get_font_style((CaseNum > 0), Mode),
-    ResultCol = if Type == auto -> "#ffcc99";
-		   Type == user -> "#ff9933"
+    ResultCol = if Type == auto -> ?auto_skip_color;
+		   Type == user -> ?user_skip_color
 		end,
 
     Comment1 = reason_to_string(Comment),
@@ -3163,9 +3248,9 @@ skip_case1(Type, CaseNum, Mod, Func, Comment, Mode) ->
     print(major, "=started         ~s", [lists:flatten(timestamp_get(""))]),
     print(major, "=result          skipped: ~s", [Comment1]),
     print(2,"*** Skipping test case #~w ~p ***", [CaseNum,{Mod,Func}]),
+    TR = xhtml("<tr valign=\"top\">", ["<tr class=\"",odd_or_even(),"\">"]),
     print(html,
-	  "<tr valign=top>"
-	  "<td>" ++ Col0 ++ "~s" ++ Col1 ++ "</td>"
+	  TR ++ "<td>" ++ Col0 ++ "~s" ++ Col1 ++ "</td>"
 	  "<td>" ++ Col0 ++ "~p" ++ Col1 ++ "</td>"
 	  "<td>" ++ Col0 ++ "~p" ++ Col1 ++ "</td>"
 	  "<td>" ++ Col0 ++ "< >" ++ Col1 ++ "</td>"
@@ -3558,25 +3643,29 @@ run_test_case1(Ref, Num, Mod, Func, Args, RunInit, Where,
 	host ->
 	    ok
     end,
-    test_server_sup:framework_call(report, [tc_start,{?pl2a(Mod),Func}]),
     print(major, "=case          ~p:~p", [Mod, Func]),
     MinorName = start_minor_log_file(Mod, Func),
-    print(minor, "<a name=top></a>", []),
+    print(minor, "<a name=\"top\"></a>", [], internal_raw),
     MinorBase = filename:basename(MinorName),
     print(major, "=logfile       ~s", [filename:basename(MinorName)]),
+
+    Args1 = [[{tc_logfile,MinorName} | proplists:delete(tc_logfile,hd(Args))]],
+    test_server_sup:framework_call(report, [tc_start,{{?pl2a(Mod),Func},MinorName}]),
+
     print_props((RunInit==skip_init), get_props(Mode)),
     print(major, "=started       ~s", [lists:flatten(timestamp_get(""))]),
     {{Col0,Col1},Style} = get_font_style((RunInit==run_init), Mode),
-    print(html,	  "<tr valign=top><td>" ++ Col0 ++ "~s" ++ Col1 ++ "</td>"
-		  "<td>" ++ Col0 ++ "~p" ++ Col1 ++ "</td>"
-		  "<td><a href=\"~s\">~p</a></td>"
-		  "<td><a href=\"~s#top\"><</a> <a href=\"~s#end\">></a></td>",
-		  [num2str(Num),Mod,MinorBase,Func,MinorBase,MinorBase]),
+    TR = xhtml("<tr valign=\"top\">", ["<tr class=\"",odd_or_even(),"\">"]),
+    print(html,	TR ++ "<td>" ++ Col0 ++ "~s" ++ Col1 ++ "</td>"
+	  "<td>" ++ Col0 ++ "~p" ++ Col1 ++ "</td>"
+	  "<td><a href=\"~s\">~p</a></td>"
+	  "<td><a href=\"~s#top\"><</a> <a href=\"~s#end\">></a></td>",
+	  [num2str(Num),Mod,MinorBase,Func,MinorBase,MinorBase]),
 
     do_if_parallel(Main, ok, fun erlang:yield/0),
     %% run the test case
     {Result,DetectedFail,ProcsBefore,ProcsAfter} =
-	run_test_case_apply(Num, Mod, Func, Args, get_name(Mode),
+	run_test_case_apply(Num, Mod, Func, Args1, get_name(Mode),
 			    RunInit, Where, TimetrapData),
     {Time,RetVal,Loc,Opts,Comment} =
 	case Result of
@@ -3584,7 +3673,8 @@ run_test_case1(Ref, Num, Mod, Func, Args, RunInit, Where,
 	    {died,DReason,DLoc,DCmt} -> {died,DReason,DLoc,[],DCmt}
 	end,
 
-    print(minor, "<a name=end></a>", []),
+    print(minor, "<a name=\"end\"></a>", [], internal_raw),
+    print(minor, "\n", [], internal_raw),
     print_timestamp(minor, "Ended at "),
     print(major, "=ended         ~s", [lists:flatten(timestamp_get(""))]),
 
@@ -3838,9 +3928,10 @@ check_new_crash_dumps(Where) ->
 
 progress(skip, CaseNum, Mod, Func, Loc, Reason, Time,
 	 Comment, {St0,St1}) ->
-    {Reason1,{Color,Ret}} = if_auto_skip(Reason,
-					 fun() -> {"#ffcc99",auto_skip} end,
-					 fun() -> {"#ff9933",skip} end),
+    {Reason1,{Color,Ret}} = 
+	if_auto_skip(Reason,
+		     fun() -> {?auto_skip_color,auto_skip} end,
+		     fun() -> {?user_skip_color,skip} end),
     print(major, "=result        skipped", []),
     print(1, "*** SKIPPED *** ~s",
 	  [get_info_str(Func, CaseNum, get(test_server_cases))]),
@@ -3857,7 +3948,7 @@ progress(skip, CaseNum, Mod, Func, Loc, Reason, Time,
 	end,
     Comment1 = case Comment of
 		   "" -> "";
-		   _ -> "<br>(" ++ to_string(Comment) ++ ")"
+		   _ -> xhtml("<br>(","<br />(") ++ to_string(Comment) ++ ")"
 	       end,
     print(html,
 	  "<td>" ++ St0 ++ "~.3fs" ++ St1 ++ "</td>"
@@ -3882,8 +3973,8 @@ progress(failed, CaseNum, Mod, Func, Loc, timetrap_timeout, T,
     Comment =
 	case Comment0 of
 	    "" -> "<font color=\"red\">" ++ ErrorReason ++ "</font>";
-	    _ -> "<font color=\"red\">" ++ ErrorReason ++ "</font><br>" ++
-                 to_string(Comment0)
+	    _ -> "<font color=\"red\">" ++ ErrorReason ++ 
+		 xhtml("</font><br>","</font><br />") ++ to_string(Comment0)
 	end,
     print(html,
 	  "<td>" ++ St0 ++ "~.3fs" ++ St1 ++ "</td>"
@@ -3908,8 +3999,8 @@ progress(failed, CaseNum, Mod, Func, Loc, {testcase_aborted,Reason}, _T,
     Comment =
 	case Comment0 of
 	    "" -> "<font color=\"red\">" ++ ErrorReason ++ "</font>";
-	    _ -> "<font color=\"red\">" ++ ErrorReason ++ "</font><br>" ++
-                 to_string(Comment0)
+	    _ -> "<font color=\"red\">" ++ ErrorReason ++ 
+		 xhtml("</font><br>","</font><br />") ++ to_string(Comment0)
 	end,
     print(html,
 	  "<td>" ++ St0 ++ "died" ++ St1 ++ "</td>"
@@ -3943,7 +4034,8 @@ progress(failed, CaseNum, Mod, Func, unknown, Reason, Time,
     Comment =
 	case Comment0 of
 	    "" -> "<font color=\"red\">" ++ ErrorReason2 ++ "</font>";
-	    _ -> "<font color=\"red\">" ++ ErrorReason2 ++ "</font><br>" ++
+	    _ -> "<font color=\"red\">" ++ ErrorReason2 ++ 
+		 xhtml("</font><br>","</font><br />") ++
 		 to_string(Comment0)
 	end,
     print(html,
@@ -3953,7 +4045,7 @@ progress(failed, CaseNum, Mod, Func, unknown, Reason, Time,
 	  [TimeStr,Comment]),
     print(minor, "=== location ~s", [unknown]),
     {FStr,FormattedReason} = format_exception(Reason),
-    print(minor, "=== reason = "++FStr, [FormattedReason]),
+    print(minor, "=== reason = " ++ FStr, [FormattedReason]),
     failed;
 
 progress(failed, CaseNum, Mod, Func, Loc, Reason, Time,
@@ -3969,7 +4061,7 @@ progress(failed, CaseNum, Mod, Func, Loc, Reason, Time,
     Comment =
 	case Comment0 of
 	    "" -> "";
-	    _ -> "<br>" ++ to_string(Comment0)
+	    _ -> xhtml("<br>","<br />") ++ to_string(Comment0)
 	end,
     FormatLastLoc = test_server_sup:format_loc(get_last_loc(Loc)),
     print(html,
@@ -3980,7 +4072,7 @@ progress(failed, CaseNum, Mod, Func, Loc, Reason, Time,
     FormatLoc = test_server_sup:format_loc(Loc),
     print(minor, "=== location ~s", [FormatLoc]),
     {FStr,FormattedReason} = format_exception(Reason),
-    print(minor, "=== reason = "++FStr, [FormattedReason]),
+    print(minor, "=== reason = " ++ FStr, [FormattedReason]),
     failed;
 
 progress(ok, _CaseNum, Mod, Func, _Loc, RetVal, Time,
@@ -3999,7 +4091,7 @@ progress(ok, _CaseNum, Mod, Func, _Loc, RetVal, Time,
 	    _ ->
 		print(major, "=result        ok", []),
 		case Comment0 of
-		    "" -> "";
+		    "" -> "<td></td>";
 		    _ -> "<td>" ++ to_string(Comment0) ++ "</td>"
 		end
 	end,
@@ -4349,7 +4441,13 @@ output({html,Msg}, _Sender) ->
 		    %% We are writing to a seekable file.  Finalise so
 		    %% we get complete valid (and viewable) HTML code.
 		    %% Then rewind to overwrite the finalising code.
-		    io:put_chars(Fd, "\n</table>\n</body>\n</html>\n"),
+		    io:put_chars(Fd, "\n</table>\n"),
+		    case get(test_server_html_footer) of
+			undefined ->
+			    io:put_chars(Fd, "</body>\n</html>\n");
+			Footer ->
+			    io:put_chars(Fd, Footer)
+		    end,
 		    file:position(Fd, Pos);
 		{error, epipe} ->
 		    %% The file is not seekable.  We cannot erase what
@@ -4394,6 +4492,28 @@ output_to_fd(Fd, Msg, _Sender) ->
     end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% xhtml(BasicHtml, XHtml) -> BasicHtml | XHtml
+%%
+xhtml(HTML, XHTML) ->
+    case get(basic_html) of
+	true -> HTML;
+	_ -> XHTML
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% odd_or_even() -> "odd" | "even"
+%%
+odd_or_even() ->
+    case get(odd_or_even) of
+	even ->
+	    put(odd_or_even, odd),
+	    "even";
+	_ ->
+	    put(odd_or_even, even),
+	    "odd"
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% timestamp_filename_get(Leader) -> string()
 %% Leader = string()
 %%
@@ -5499,9 +5619,10 @@ write_default_cross_coverlog(TestDir) ->
 	file:open(filename:join(TestDir,?cross_coverlog_name), [write]),
     write_coverlog_header(CrossCoverLog),
     io:fwrite(CrossCoverLog,
-	      "No cross cover modules exist for this application,<br>"
-	      "or cross cover analysis is not completed.\n"
-	      "</body></html>\n", []),
+	      ["No cross cover modules exist for this application,",
+	       xhtml("<br>","<br />"),
+	       "or cross cover analysis is not completed.\n"
+	       "</body></html>\n"], []),
     file:close(CrossCoverLog).
 
 write_cover_result_table(CoverLog,Coverage) ->
diff --git a/lib/test_server/src/test_server_line.erl b/lib/test_server/src/test_server_line.erl
deleted file mode 100644
index 848a9c23dd..0000000000
--- a/lib/test_server/src/test_server_line.erl
+++ /dev/null
@@ -1,387 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
--module(test_server_line).
-
-%% User interface
--export([get_lines/0]).
--export([clear/0]).
-
-%% Parse transform functions
--export([parse_transform/2]).
--export(['$test_server_line'/3]).
--export(['$test_server_lineQ'/3]).
--export([trace_line/3]).
-
--define(TEST_SERVER_LINE_SIZE, 10).
-%-define(STORAGE_FUNCTION, '$test_server_line').
--define(STORAGE_FUNCTION, '$test_server_lineQ').
-
--include("test_server.hrl").
-
--record(vars, {module,                      % atom() Module name
-	       function,                    % atom() Function name
-	       arity,                       % int()  Function arity
-	       lines,                       % [int()]  seen lines
-	       is_guard=false,              % boolean()
-	       no_lines=[],                 % [{atom(),integer()}] 
-					    %    Functions to exclude
-	       line_trace=false
-	      }).
-
-
-
-
-%% Process dictionary littering variant
-%%
-
-'$test_server_line'(Mod, Func, Line) ->
-    {Prev,Next} = 
-	case get('$test_server_line') of
-	    I when is_integer(I) ->
-		if  1 =< I, I < ?TEST_SERVER_LINE_SIZE -> {I,I+1};
-		    true -> {?TEST_SERVER_LINE_SIZE,1}
-		end;
-	    _ -> {?TEST_SERVER_LINE_SIZE,1}
-	end,
-    PrevTag = {'$test_server_line',Prev},
-    case get(PrevTag) of
-	{Mod,Func,_} -> put(PrevTag, {Mod,Func,Line});
-	_ -> 
-	    put({'$test_server_line',Next}, {Mod,Func,Line}),
-	    put('$test_server_line', Next)
-    end, ok.
-
-test_server_line_get() ->
-    case get('$test_server_line') of
-	I when is_integer(I), 1 =< I, I =< ?TEST_SERVER_LINE_SIZE ->
-	    test_server_line_get_1(?TEST_SERVER_LINE_SIZE, I, []);
-	_ -> []
-    end.
-
-test_server_line_get_1(0, _I, R) ->
-    R;
-test_server_line_get_1(Cnt, I, R) ->
-    J = if  I < ?TEST_SERVER_LINE_SIZE -> I+1;
-	    true -> 1 end,
-    case get({'$test_server_line',J}) of
-	undefined -> 
-	    %% Less than ?TEST_SERVER_LINE_SIZE number of lines stored
-	    %% Start from line 1 and stop at actutual number of lines
-	    case get({'$test_server_line',1}) of 
-		undefined -> R; % no lines at all stored
-		E -> test_server_line_get_1(I-1,1,[E|R])
-	    end;
-	E -> 
-	    test_server_line_get_1(Cnt-1, J, [E|R])
-    end.
-
-test_server_line_clear() ->
-    Is = lists:seq(1,?TEST_SERVER_LINE_SIZE),
-    lists:foreach(fun (I) -> erase({'$test_server_line',I}) end, Is),
-    erase('$test_server_line'),
-    ok.
-
-
-%% Queue variant, uses just one process dictionary entry
-%%
-
-'$test_server_lineQ'(Mod, Func, Line) ->		
-    case get('$test_server_lineQ') of
-	{I,Q} when is_integer(I), 1 =< I, I =< ?TEST_SERVER_LINE_SIZE -> 
-	    case queue:head(Q) of
-		{Mod,Func,_} ->
-		    %% Replace queue head
-		    put('$test_server_lineQ',
-			{I,queue:cons({Mod,Func,Line}, queue:tail(Q))});
-		_ when I < ?TEST_SERVER_LINE_SIZE ->
-		    put('$test_server_lineQ',
-			{I+1,queue:cons({Mod,Func,Line}, Q)});
-		_ -> 
-		    %% Waste last in queue
-		    put('$test_server_lineQ',
-			{I,queue:cons({Mod,Func,Line}, queue:lait(Q))})
-	    end;
-	_ -> 
-	    Q = queue:new(),
-	    put('$test_server_lineQ', {1,queue:cons({Mod,Func,Line}, Q)})
-    end, ok.
-
-%test_server_lineQ_get() ->
-%    case get('$test_server_lineQ') of
-%	{I,Q} when integer(I), 1 =< I, I =< ?TEST_SERVER_LINE_SIZE -> 
-%	    queue:to_list(Q);
-%	_ -> []
-%    end.
-
-test_server_lineQ_clear() ->
-    erase('$test_server_lineQ'),
-    ok.
-
-
-%% Get line - check if queue or dictionary is used, then get the lines
-%%
-
-get_lines() ->
-    case get('$test_server_lineQ') of
-	{I,Q} when is_integer(I), 1 =< I, I =< ?TEST_SERVER_LINE_SIZE -> 
-	    queue:to_list(Q);
-	_ -> 
-	    test_server_line_get()
-    end.
-	
-%% Clear all dictionary entries
-%%
-clear() ->
-    test_server_line_clear(),
-    test_server_lineQ_clear().
-
-
-trace_line(Mod,Func,Line) ->
-    io:format(lists:concat([Mod,":",Func,",",integer_to_list(Line),": ~p"]),
-	      [erlang:now()]).
-
-
-%%%=================================================================
-%%%========= ****   PARSE TRANSFORM    **** ========================
-%%%=================================================================
-parse_transform(Forms, _Options) ->
-    transform(Forms, _Options).
-
-%% forms(Fs) -> lists:map(fun (F) -> form(F) end, Fs).
-
-transform(Forms, _Options)->
-    Vars0 = #vars{},
-    {ok, MungedForms, _Vars} = transform(Forms, [], Vars0),
-    MungedForms.
-    
-
-transform([Form|Forms], MungedForms, Vars) ->
-    case munge(Form, Vars) of
-	ignore ->
-	    transform(Forms, MungedForms, Vars);
-	{MungedForm, Vars2} ->
-	    transform(Forms, [MungedForm|MungedForms], Vars2)
-    end;
-transform([], MungedForms, Vars) ->
-    {ok, lists:reverse(MungedForms), Vars}.
-
-%% This code traverses the abstract code, stored as the abstract_code
-%% chunk in the BEAM file, as described in absform(3) for Erlang/OTP R8B
-%% (Vsn=abstract_v2).
-%% The abstract format after preprocessing differs slightly from the abstract
-%% format given eg using epp:parse_form, this has been noted in comments.
-munge(Form={attribute,_,module,Module}, Vars) ->
-    Vars2 = Vars#vars{module=Module},
-    {Form, Vars2};
-
-munge(Form={attribute,_,no_lines,Funcs}, Vars) ->
-    Vars2 = Vars#vars{no_lines=Funcs},
-    {Form, Vars2};
-
-munge(Form={attribute,_,line_trace,_}, Vars) ->
-    Vars2 = Vars#vars{line_trace=true},
-    {Form, Vars2};
-
-munge({function,0,module_info,_Arity,_Clauses}, _Vars) ->
-    ignore; % module_info will be added again when the forms are recompiled
-munge(Form = {function,Line,Function,Arity,Clauses}, Vars) ->
-    case lists:member({Function,Arity},Vars#vars.no_lines) of
-	true ->
-	    %% Line numbers in this function shall not be stored
-	    {Form,Vars};
-	false ->
-	    Vars2 = Vars#vars{function=Function,
-			      arity=Arity,
-			      lines=[]},
-	    {MungedClauses, Vars3} = munge_clauses(Clauses, Vars2, []),
-	    {{function,Line,Function,Arity,MungedClauses}, Vars3}
-    end;
-munge(Form, Vars) -> % attributes
-    {Form, Vars}.
-
-munge_clauses([{clause,Line,Pattern,Guards,Body}|Clauses], Vars, MClauses) ->
-    {MungedGuards, _Vars} = munge_exprs(Guards, Vars#vars{is_guard=true},[]),
-    {MungedBody, Vars2} = munge_body(Body, Vars, []),
-    munge_clauses(Clauses, Vars2,
-		  [{clause,Line,Pattern,MungedGuards,MungedBody}|
-		   MClauses]);
-munge_clauses([], Vars, MungedClauses) -> 
-    {lists:reverse(MungedClauses), Vars}.
-
-munge_body([Expr|Body], Vars, MungedBody) ->
-    %% Here is the place to add a call to storage function!
-    Line = element(2, Expr),
-    Lines = Vars#vars.lines,
-    case lists:member(Line,Lines) of
-	true -> % already a bump at this line!
-	    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-	    munge_body(Body, Vars2, [MungedExpr|MungedBody]);
-	false ->
-	    Bump = {call, 0, {remote,0,
-			      {atom,0,?MODULE},
-			      {atom,0,?STORAGE_FUNCTION}},
-		    [{atom,0,Vars#vars.module},
-		     {atom, 0, Vars#vars.function},
-		     {integer, 0, Line}]},
-	    Lines2 = [Line|Lines],
-	    
-	    {MungedExpr, Vars2} = munge_expr(Expr, Vars#vars{lines=Lines2}),
-	    MungedBody2 = 
-		if Vars#vars.line_trace ->
-			LineTrace = {call, 0, {remote,0,
-					       {atom,0,?MODULE},
-					       {atom,0,trace_line}},
-				     [{atom,0,Vars#vars.module},
-				      {atom, 0, Vars#vars.function},
-				      {integer, 0, Line}]},
-			[MungedExpr,LineTrace,Bump|MungedBody];
-		   true ->
-			[MungedExpr,Bump|MungedBody]
-		end,
-	    munge_body(Body, Vars2, MungedBody2)
-    end;
-munge_body([], Vars, MungedBody) ->
-    {lists:reverse(MungedBody), Vars}.
-
-munge_expr({match,Line,ExprL,ExprR}, Vars) ->
-    {MungedExprL, Vars2} = munge_expr(ExprL, Vars),
-    {MungedExprR, Vars3} = munge_expr(ExprR, Vars2),
-    {{match,Line,MungedExprL,MungedExprR}, Vars3};
-munge_expr({tuple,Line,Exprs}, Vars) ->
-    {MungedExprs, Vars2} = munge_exprs(Exprs, Vars, []),
-    {{tuple,Line,MungedExprs}, Vars2};
-munge_expr({record,Line,Expr,Exprs}, Vars) ->
-    %% Only for Vsn=raw_abstract_v1
-    {MungedExprName, Vars2} = munge_expr(Expr, Vars),
-    {MungedExprFields, Vars3} = munge_exprs(Exprs, Vars2, []),
-    {{record,Line,MungedExprName,MungedExprFields}, Vars3};
-munge_expr({record_field,Line,ExprL,ExprR}, Vars) ->
-    %% Only for Vsn=raw_abstract_v1
-    {MungedExprL, Vars2} = munge_expr(ExprL, Vars),
-    {MungedExprR, Vars3} = munge_expr(ExprR, Vars2),
-    {{record_field,Line,MungedExprL,MungedExprR}, Vars3};
-munge_expr({cons,Line,ExprH,ExprT}, Vars) ->
-    {MungedExprH, Vars2} = munge_expr(ExprH, Vars),
-    {MungedExprT, Vars3} = munge_expr(ExprT, Vars2),
-    {{cons,Line,MungedExprH,MungedExprT}, Vars3};
-munge_expr({op,Line,Op,ExprL,ExprR}, Vars) ->
-    {MungedExprL, Vars2} = munge_expr(ExprL, Vars),
-    {MungedExprR, Vars3} = munge_expr(ExprR, Vars2),
-    {{op,Line,Op,MungedExprL,MungedExprR}, Vars3};
-munge_expr({op,Line,Op,Expr}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {{op,Line,Op,MungedExpr}, Vars2};
-munge_expr({'catch',Line,Expr}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {{'catch',Line,MungedExpr}, Vars2};
-munge_expr({call,Line1,{remote,Line2,ExprM,ExprF},Exprs},
-	   Vars) when Vars#vars.is_guard==false->
-    {MungedExprM, Vars2} = munge_expr(ExprM, Vars),
-    {MungedExprF, Vars3} = munge_expr(ExprF, Vars2),
-    {MungedExprs, Vars4} = munge_exprs(Exprs, Vars3, []),
-    {{call,Line1,{remote,Line2,MungedExprM,MungedExprF},MungedExprs}, Vars4};
-munge_expr({call,Line1,{remote,_Line2,_ExprM,ExprF},Exprs},
-	   Vars) when Vars#vars.is_guard==true ->
-    %% Difference in abstract format after preprocessing: BIF calls in guards
-    %% are translated to {remote,...} (which is not allowed as source form)
-    %% NOT NECESSARY FOR Vsn=raw_abstract_v1
-    munge_expr({call,Line1,ExprF,Exprs}, Vars);
-munge_expr({call,Line,Expr,Exprs}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {MungedExprs, Vars3} = munge_exprs(Exprs, Vars2, []),
-    {{call,Line,MungedExpr,MungedExprs}, Vars3};
-munge_expr({lc,Line,Expr,LC}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {MungedLC, Vars3} = munge_lc(LC, Vars2, []),
-    {{lc,Line,MungedExpr,MungedLC}, Vars3};
-munge_expr({block,Line,Body}, Vars) ->
-    {MungedBody, Vars2} = munge_body(Body, Vars, []),
-    {{block,Line,MungedBody}, Vars2};
-munge_expr({'if',Line,Clauses}, Vars) -> 
-    {MungedClauses,Vars2} = munge_clauses(Clauses, Vars, []),
-    {{'if',Line,MungedClauses}, Vars2};
-munge_expr({'case',Line,Expr,Clauses}, Vars) ->
-    {MungedExpr,Vars2} = munge_expr(Expr,Vars),
-    {MungedClauses,Vars3} = munge_clauses(Clauses, Vars2, []),
-    {{'case',Line,MungedExpr,MungedClauses}, Vars3};
-munge_expr({'receive',Line,Clauses}, Vars) -> 
-    {MungedClauses,Vars2} = munge_clauses(Clauses, Vars, []),
-    {{'receive',Line,MungedClauses}, Vars2};
-munge_expr({'receive',Line,Clauses,Expr,Body}, Vars) ->
-    {MungedClauses,Vars2} = munge_clauses(Clauses, Vars, []),
-    {MungedExpr, Vars3} = munge_expr(Expr, Vars2),
-    {MungedBody, Vars4} = munge_body(Body, Vars3, []),
-    {{'receive',Line,MungedClauses,MungedExpr,MungedBody}, Vars4};
-munge_expr({'try',Line,Exprs,Clauses,CatchClauses,After}, Vars) ->
-    {MungedExprs, Vars1} = munge_exprs(Exprs, Vars, []),
-    {MungedClauses, Vars2} = munge_clauses(Clauses, Vars1, []),
-    {MungedCatchClauses, Vars3} = munge_clauses(CatchClauses, Vars2, []),
-    {MungedAfter, Vars4} = munge_body(After, Vars3, []),
-    {{'try',Line,MungedExprs,MungedClauses,MungedCatchClauses,MungedAfter}, 
-     Vars4};
-%% Difference in abstract format after preprocessing: Funs get an extra
-%% element Extra.
-%% NOT NECESSARY FOR Vsn=raw_abstract_v1
-munge_expr({'fun',Line,{function,Name,Arity},_Extra}, Vars) ->
-    {{'fun',Line,{function,Name,Arity}}, Vars};
-munge_expr({'fun',Line,{clauses,Clauses},_Extra}, Vars) ->
-    {MungedClauses,Vars2}=munge_clauses(Clauses, Vars, []),
-    {{'fun',Line,{clauses,MungedClauses}}, Vars2};
-munge_expr({'fun',Line,{clauses,Clauses}}, Vars) ->
-    %% Only for Vsn=raw_abstract_v1
-    {MungedClauses,Vars2}=munge_clauses(Clauses, Vars, []),
-    {{'fun',Line,{clauses,MungedClauses}}, Vars2};
-munge_expr({bc,Line,Expr,LC}, Vars) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    {MungedLC, Vars3} = munge_lc(LC, Vars2, []),
-    {{bc,Line,MungedExpr,MungedLC}, Vars3};
-munge_expr(Form, Vars) -> % var|char|integer|float|string|atom|nil|bin|eof
-    {Form, Vars}.
-
-munge_exprs([Expr|Exprs], Vars, MungedExprs) when Vars#vars.is_guard==true,
-						  is_list(Expr) ->
-    {MungedExpr, _Vars} = munge_exprs(Expr, Vars, []),
-    munge_exprs(Exprs, Vars, [MungedExpr|MungedExprs]);
-munge_exprs([Expr|Exprs], Vars, MungedExprs) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    munge_exprs(Exprs, Vars2, [MungedExpr|MungedExprs]);
-munge_exprs([], Vars, MungedExprs) ->
-    {lists:reverse(MungedExprs), Vars}.
-
-munge_lc([{generate,Line,Pattern,Expr}|LC], Vars, MungedLC) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    munge_lc(LC, Vars2, [{generate,Line,Pattern,MungedExpr}|MungedLC]);
-munge_lc([{b_generate,Line,Pattern,Expr}|LC], Vars, MungedLC) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    munge_lc(LC, Vars2, [{b_generate,Line,Pattern,MungedExpr}|MungedLC]);
-munge_lc([Expr|LC], Vars, MungedLC) ->
-    {MungedExpr, Vars2} = munge_expr(Expr, Vars),
-    munge_lc(LC, Vars2, [MungedExpr|MungedLC]);
-munge_lc([], Vars, MungedLC) ->
-    {lists:reverse(MungedLC), Vars}.
-
-
-
-
-
-
-
-
-
-
diff --git a/lib/test_server/src/test_server_sup.erl b/lib/test_server/src/test_server_sup.erl
index 77d364d5cb..875f45eea6 100644
--- a/lib/test_server/src/test_server_sup.erl
+++ b/lib/test_server/src/test_server_sup.erl
@@ -51,18 +51,19 @@ timetrap(Timeout0, Scale, Pid) ->
     Timeout = if not Scale -> Timeout0;
 		 true -> test_server:timetrap_scale_factor() * Timeout0
 	      end,
+    TruncTO = trunc(Timeout),
     receive
-    after trunc(Timeout) ->
-	    Line = test_server:get_loc(Pid),
+    after TruncTO ->
+	    MFLs = test_server:get_loc(Pid),
 	    Mon = erlang:monitor(process, Pid),
 	    Trap = 
 		case get(test_server_init_or_end_conf) of
 		    undefined ->
-			{timetrap_timeout,trunc(Timeout),Line};
+			{timetrap_timeout,TruncTO,MFLs};
 		    InitOrEnd ->
-			{timetrap_timeout,trunc(Timeout),Line,InitOrEnd}
+			{timetrap_timeout,TruncTO,MFLs,InitOrEnd}
 		end,
-	    exit(Pid,Trap),
+	    exit(Pid, Trap),
 	    receive
 		{'DOWN', Mon, process, Pid, _} ->
 		    ok
diff --git a/lib/test_server/src/ts_erl_config.erl b/lib/test_server/src/ts_erl_config.erl
index 3b41f90d55..5585e8ccd3 100644
--- a/lib/test_server/src/ts_erl_config.erl
+++ b/lib/test_server/src/ts_erl_config.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/test/test_server_SUITE_data/Makefile.src b/lib/test_server/test/test_server_SUITE_data/Makefile.src
index d5af919eec..332b855df6 100644
--- a/lib/test_server/test/test_server_SUITE_data/Makefile.src
+++ b/lib/test_server/test/test_server_SUITE_data/Makefile.src
@@ -1,2 +1,7 @@
 all:
-	erlc *.erl
\ No newline at end of file
+	erlc test_server_SUITE.erl
+	erlc test_server_parallel01_SUITE.erl
+	erlc test_server_conf01_SUITE.erl
+	erlc test_server_shuffle01_SUITE.erl
+	erlc test_server_conf02_SUITE.erl
+	erlc test_server_skip_SUITE.erl
\ No newline at end of file
diff --git a/lib/test_server/vsn.mk b/lib/test_server/vsn.mk
index 563c1b6db6..88e3856cf4 100644
--- a/lib/test_server/vsn.mk
+++ b/lib/test_server/vsn.mk
@@ -1,2 +1 @@
-TEST_SERVER_VSN = 3.4.5
-
+TEST_SERVER_VSN = 3.5
diff --git a/lib/toolbar/doc/src/make.dep b/lib/toolbar/doc/src/make.dep
deleted file mode 100644
index d93ff2a315..0000000000
--- a/lib/toolbar/doc/src/make.dep
+++ /dev/null
@@ -1,26 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex part.tex ref_man.tex toolbar.tex \
-		toolbar_chapter.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: bar.ps create_tool.ps
-
diff --git a/lib/toolbar/doc/src/notes.xml b/lib/toolbar/doc/src/notes.xml
index ffca2c5fbf..ac6ad533fc 100644
--- a/lib/toolbar/doc/src/notes.xml
+++ b/lib/toolbar/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2009</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the Toolbar
     application.</p>
 
+<section><title>Toolbar 1.4.2.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Toolbar 1.4.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/toolbar/vsn.mk b/lib/toolbar/vsn.mk
index 105303d785..b2b0764877 100644
--- a/lib/toolbar/vsn.mk
+++ b/lib/toolbar/vsn.mk
@@ -1,4 +1,4 @@
-TOOLBAR_VSN = 1.4.2
+TOOLBAR_VSN = 1.4.2.1
 
 
 
diff --git a/lib/tools/c_src/Makefile.in b/lib/tools/c_src/Makefile.in
index 65a7f5f424..b8c4aed6e2 100644
--- a/lib/tools/c_src/Makefile.in
+++ b/lib/tools/c_src/Makefile.in
@@ -1,26 +1,27 @@
-# ``The contents of this file are subject to the Erlang Public License,
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2009-2012. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
 # compliance with the License. You should have received a copy of the
 # Erlang Public License along with this software. If not, it can be
-# retrieved via the world wide web at http://www.erlang.org/.
-# 
+# retrieved online at http://www.erlang.org/.
+#
 # Software distributed under the License is distributed on an "AS IS"
 # basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 # the License for the specific language governing rights and limitations
 # under the License.
-# 
-# The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-# Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
-# AB. All Rights Reserved.''
-# 
-#     $Id$
+#
+# %CopyrightEnd%
 #
 
 include $(ERL_TOP)/make/target.mk
 include $(ERL_TOP)/erts/include/internal/$(TARGET)/ethread.mk
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
-USING_VC=@MIXED_CYGWIN_VC@
+USING_VC=@MIXED_VC@
 
 CC=@CC@
 LD=@LD@
@@ -138,13 +139,17 @@ EMEM_LIBS =	$(LIBS) \
 
 EMEM_OBJS = $(addprefix $(EMEM_OBJ_DIR)/,$(notdir $(EMEM_SRCS:.c=.o)))
 
+ERTS_LIB = $(ERL_TOP/erts/lib_src/obj/$(TARGET)/$(TYPE)/MADE
+
 #
 # Misc targets
 #
 
-all: $(CREATE_DIRS) erts_lib $(PROGS) $(DRIVERS)
+_create_dirs := $(shell mkdir -p $(CREATE_DIRS))
 
-erts_lib:
+all: $(PROGS) $(DRIVERS)
+
+$(ERTS_LIB):
 	cd $(ERL_TOP)/erts/lib_src && $(MAKE) $(TYPE)
 
 
@@ -158,13 +163,6 @@ clean:
 .PHONY: all erts_lib docs clean
 
 #
-# Make dir targets
-#
-
-$(CREATE_DIRS):
-	$(MKDIR) -p $@
-
-#
 # Object targets
 #
 
@@ -179,7 +177,7 @@ $(EMEM_OBJ_DIR)/%.o: %.c
 # Program targets
 #
 
-$(BIN_DIR)/emem$(TYPEMARKER)@EXEEXT@: $(EMEM_OBJS)
+$(BIN_DIR)/emem$(TYPEMARKER)@EXEEXT@: $(EMEM_OBJS) $(ERTS_LIB)
 	$(PRE_LD) $(LD) $(EMEM_LDFLAGS) -o $@ $(EMEM_OBJS) $(EMEM_LIBS)
 
 #
diff --git a/lib/tools/c_src/erl_memory.c b/lib/tools/c_src/erl_memory.c
index 872d55e789..5239176d03 100644
--- a/lib/tools/c_src/erl_memory.c
+++ b/lib/tools/c_src/erl_memory.c
@@ -1224,7 +1224,7 @@ print_main_footer(em_state *state)
 
     switch (state->info.stop_reason) {
     case EMTP_STOP:
-	p += sprintf(p, stop_str);
+	p += sprintf(p, "%s", stop_str);
 	break;
     case EMTP_EXIT:
 	p += sprintf(p, exit_str, state->info.exit_status);
@@ -2339,7 +2339,7 @@ usage(char *sw, char *error)
     if (error)
 	exit(1);
     else {
-	char *help_str =
+	fprintf(filep, 
 	    "\n"
 	    "  []        - switch is allowed any number of times\n"
 	    "  {}        - switch is allowed at most one time\n"
@@ -2370,8 +2370,7 @@ usage(char *sw, char *error)
 	    "  " SW_CHAR "o        - display operation count values\n"
 	    "  " SW_CHAR "p <P>    - set listen port to <P>\n"
 	    "  " SW_CHAR "t        - display info about total values\n"
-	    "  " SW_CHAR "v        - verbose output\n";
-	fprintf(filep, help_str);
+	    "  " SW_CHAR "v        - verbose output\n");
 	exit(0);
     }
 
diff --git a/lib/tools/doc/src/eprof.xml b/lib/tools/doc/src/eprof.xml
index 6d68c90768..8b614d8860 100644
--- a/lib/tools/doc/src/eprof.xml
+++ b/lib/tools/doc/src/eprof.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -147,7 +147,7 @@
       </type>
       <desc>
         <p>This function ensures that the results displayed by
-          <c>analyse/0</c> and <c>total_analyse/0</c> are printed both to
+			<c>analyze/0,1,2</c> are printed both to
           the file <c>File</c> and the screen.</p>
       </desc>
     </func>
diff --git a/lib/tools/doc/src/make.dep b/lib/tools/doc/src/make.dep
deleted file mode 100644
index 11fa090d6f..0000000000
--- a/lib/tools/doc/src/make.dep
+++ /dev/null
@@ -1,33 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex cover.tex cover_chapter.tex cprof.tex \
-		cprof_chapter.tex eprof.tex erlang_mode.tex \
-		erlang_mode_chapter.tex fprof.tex fprof_chapter.tex \
-		instrument.tex make.tex part.tex ref_man.tex \
-		tags.tex xref.tex xref_chapter.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-cprof.tex: ../../../../system/doc/definitions/term.defs
-
-xref.tex: ../../../../system/doc/definitions/term.defs
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: venn1.ps venn2.ps
-
diff --git a/lib/tools/doc/src/notes.xml b/lib/tools/doc/src/notes.xml
index 17506fb6e2..e24e1c5977 100644
--- a/lib/tools/doc/src/notes.xml
+++ b/lib/tools/doc/src/notes.xml
@@ -30,6 +30,85 @@
   </header>
   <p>This document describes the changes made to the Tools application.</p>
 
+<section><title>Tools 2.6.6.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p>Update system profiling principles to reflect eprof
+	    performance improvements.</p>
+          <p>
+	    Own Id: OTP-9656</p>
+        </item>
+        <item>
+          <p>
+	    [cover] fix leftover {'DOWN', ..} msg in callers queue</p>
+          <p>
+	    After stopping cover with cover:stop() there could still
+	    be a {'DOWN',...} leftover message in the calling
+	    process's message queue. This unexpected leftover could
+	    be eliminated if erlang:demonitor/2 with option flush
+	    would be used in certain points</p>
+          <p>
+	    Own Id: OTP-9694</p>
+        </item>
+        <item>
+          <p>
+	    Add deps as erlang-flymake include directory.</p>
+          <p>
+	    Update erlang-flymake to recognize the "deps" folder as
+	    an include directory. This makes erlang-flymake
+	    compatible with the rebar dependency management tool's
+	    default folder structure, which puts included
+	    dependencies in "deps".(Thanks to Kevin Albrecht)</p>
+          <p>
+	    Own Id: OTP-9791</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Tools 2.6.6.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/tools/emacs/erlang-flymake.el b/lib/tools/emacs/erlang-flymake.el
index bc368e9454..2e447b55de 100644
--- a/lib/tools/emacs/erlang-flymake.el
+++ b/lib/tools/emacs/erlang-flymake.el
@@ -60,7 +60,8 @@ check on newline and when there are no changes)."
   (list (concat (erlang-flymake-get-app-dir) "ebin")))
 
 (defun erlang-flymake-get-include-dirs ()
-  (list (concat (erlang-flymake-get-app-dir) "include")))
+  (list (concat (erlang-flymake-get-app-dir) "include")
+        (concat (erlang-flymake-get-app-dir) "deps")))
 
 (defun erlang-flymake-get-app-dir ()
   (let ((src-path (file-name-directory (buffer-file-name))))
diff --git a/lib/tools/src/cover.erl b/lib/tools/src/cover.erl
index fb9744d759..e21bd1b88c 100644
--- a/lib/tools/src/cover.erl
+++ b/lib/tools/src/cover.erl
@@ -522,7 +522,7 @@ call(Request) ->
 		    {?SERVER,Reply} -> 
 			Reply
 		end,
-	    erlang:demonitor(Ref),
+	    erlang:demonitor(Ref, [flush]),
 	    Return
     end.
 
@@ -545,7 +545,7 @@ remote_call(Node,Request) ->
 		    {?SERVER,Reply} -> 
 			Reply
 		end,
-	    erlang:demonitor(Ref),
+	    erlang:demonitor(Ref, [flush]),
 	    Return
     end.
     
diff --git a/lib/tools/src/fprof.erl b/lib/tools/src/fprof.erl
index 155965a65a..8165a6c13a 100644
--- a/lib/tools/src/fprof.erl
+++ b/lib/tools/src/fprof.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -87,8 +87,10 @@ dbg(_, _, _) ->
 
 
 
-apply({M, F} = Function, Args) 
+apply({M, F}, Args) 
   when is_atom(M), is_atom(F), is_list(Args) ->
+    Arity = length(Args),
+    Function = fun M:F/Arity,
     apply_1(Function, Args, []);
 apply(Fun, Args) 
   when is_function(Fun), is_list(Args) ->
@@ -98,8 +100,10 @@ apply(A, B) ->
 
 apply(M, F, Args) when is_atom(M), is_atom(F), is_list(Args) ->
     apply_1({M, F}, Args, []);
-apply({M, F} = Function, Args, Options) 
+apply({M, F}, Args, Options) 
   when is_atom(M), is_atom(F), is_list(Args), is_list(Options) ->
+    Arity = length(Args),
+    Function = fun M:F/Arity,
     apply_1(Function, Args, Options);
 apply(Fun, Args, Options) 
   when is_function(Fun), is_list(Args), is_list(Options) ->
@@ -109,7 +113,9 @@ apply(A, B, C) ->
 
 apply(Module, Function, Args, Options) 
   when is_atom(Module), is_atom(Function), is_list(Args), is_list(Options) ->
-    apply_1({Module, Function}, Args, Options);
+    Arity = length(Args),
+    Fun = fun Module:Function/Arity,
+    apply_1(Fun, Args, Options);
 apply(A, B, C, D) ->
     erlang:error(badarg, [A, B, C, D]).
 
diff --git a/lib/tools/src/xref_compiler.erl b/lib/tools/src/xref_compiler.erl
index 1445e135be..22312c6754 100644
--- a/lib/tools/src/xref_compiler.erl
+++ b/lib/tools/src/xref_compiler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -736,8 +736,11 @@ find_nodes(Tuple, I, T) when is_tuple(Tuple) ->
 	  end,
     {NL, NI, T1} = foldl(Fun, {[], I, T}, L),
     Tag = case Tag0 of
-	      _ when is_function(Tag0) -> Tag0;
-	      _ when is_atom(Tag0) -> {sofs, Tag0}
+	      _ when is_function(Tag0) ->
+		  Tag0;
+	      _ when is_atom(Tag0) ->
+		  Arity = length(NL),
+		  fun sofs:Tag0/Arity
 	  end,
     find_node({apply, Tag, NL}, NI, T1).
 
diff --git a/lib/tools/src/xref_reader.erl b/lib/tools/src/xref_reader.erl
index d22f0df164..92f0c45c7b 100644
--- a/lib/tools/src/xref_reader.erl
+++ b/lib/tools/src/xref_reader.erl
@@ -158,15 +158,20 @@ expr({'try',_Line,Es,Scs,Ccs,As}, S) ->
     S2 = clauses(Scs, S1),
     S3 = clauses(Ccs, S2),
     expr(As, S3);
-expr({call, Line,
-      {remote, _, {atom,_,erlang}, {atom,_,make_fun}},
-      [{atom,_,Mod}, {atom,_,Fun}, {integer,_,Arity}]}, S) ->
-    %% Added in R10B-6. M:F/A.
-    expr({'fun', Line, {function, Mod, Fun, Arity}}, S);
-expr({'fun', Line, {function, Mod, Name, Arity}}, S) ->
-    %% Added in R10B-6. M:F/A.
+expr({'fun', Line, {function, {atom,_,Mod},
+		    {atom,_,Name},
+		    {integer,_,Arity}}}, S) ->
+    %% New format in R15. M:F/A (literals).
     As = lists:duplicate(Arity, {atom, Line, foo}),
     external_call(Mod, Name, As, Line, false, S);
+expr({'fun', Line, {function, Mod, Name, {integer,_,Arity}}}, S) ->
+    %% New format in R15. M:F/A (one or more variables).
+    As = lists:duplicate(Arity, {atom, Line, foo}),
+    external_call(erlang, apply, [Mod, Name, list2term(As)], Line, true, S);
+expr({'fun', Line, {function, Mod, Name, _Arity}}, S) ->
+    %% New format in R15. M:F/A (one or more variables).
+    As = {var, Line, '_'},
+    external_call(erlang, apply, [Mod, Name, As], Line, true, S);
 expr({'fun', Line, {function, Name, Arity}, _Extra}, S) ->
     %% Added in R8.
     handle_call(local, S#xrefr.module, Name, Arity, Line, S);
@@ -286,10 +291,10 @@ check_funarg(W, ArgsList, Line, S) ->
     expr(ArgsList, S1).
 
 funarg({'fun', _, _Clauses, _Extra}, _S) -> true;
-funarg({var, _, Var}, S) -> member(Var, S#xrefr.funvars);
-funarg({call,_,{remote,_,{atom,_,erlang},{atom,_,make_fun}},_MFA}, _S) ->
-    %% R10B-6. M:F/A.
+funarg({'fun', _, {function,_,_,_}}, _S) ->
+    %% New abstract format for fun M:F/A in R15.
     true;
+funarg({var, _, Var}, S) -> member(Var, S#xrefr.funvars);
 funarg(_, _S) -> false.
 
 fun_args(apply2, [FunArg, Args]) -> {FunArg, Args};
diff --git a/lib/tools/test/cover_SUITE.erl b/lib/tools/test/cover_SUITE.erl
index fe7f92de78..576d7e261c 100644
--- a/lib/tools/test/cover_SUITE.erl
+++ b/lib/tools/test/cover_SUITE.erl
@@ -130,13 +130,20 @@ compile(Config) when is_list(Config) ->
     ?line {ok,_} = compile:file(x),
     ?line {ok,_} = compile:file("d/y",[debug_info,{outdir,"d"},report]),
     ?line Key = "A Krypto Key",
-    ?line {ok,_} = compile:file(crypt, [debug_info,{debug_info_key,Key},report]),
+    CryptoWorks = crypto_works(),
+    case CryptoWorks of
+	false ->
+	    {ok,_} = compile:file(crypt, [debug_info,report]),
+	    {ok,crypt} = cover:compile_beam("crypt.beam");
+	true ->
+	    {ok,_} = compile:file(crypt, [{debug_info_key,Key},report]),
+	    {error,{encrypted_abstract_code,_}} =
+		cover:compile_beam("crypt.beam"),
+	    ok = beam_lib:crypto_key_fun(simple_crypto_fun(Key)),
+	    {ok,crypt} = cover:compile_beam("crypt.beam")
+    end,
     ?line {ok,v} = cover:compile_beam(v),
     ?line {ok,w} = cover:compile_beam("w.beam"),
-    ?line {error,{encrypted_abstract_code,_}} =
-	cover:compile_beam("crypt.beam"),
-    ?line ok = beam_lib:crypto_key_fun(simple_crypto_fun(Key)),
-    ?line {ok,crypt} = cover:compile_beam("crypt.beam"),
     ?line {error,{no_abstract_code,"./x.beam"}} = cover:compile_beam(x),
     ?line {error,{already_cover_compiled,no_beam_found,a}}=cover:compile_beam(a),
     ?line {error,non_existing} = cover:compile_beam(z),
@@ -148,6 +155,15 @@ compile(Config) when is_list(Config) ->
     ?line Files = lsfiles(),
     ?line remove(files(Files, ".beam")).
 
+crypto_works() ->
+    try crypto:start() of
+	{error,{already_started,crypto}} -> true;
+	ok -> true
+    catch
+	error:_ ->
+	    false
+    end.
+
 simple_crypto_fun(Key) ->
     fun(init) -> ok;
        ({debug_info, des3_cbc, crypt, _}) -> Key
@@ -583,21 +599,14 @@ otp_6115_1(Config) ->
     %% called -- running cover compiled code when there is no cover
     %% server and thus no ets tables to bump counters in, makes no
     %% sense.
-    ?line Pid1 = f1:start_fail(),
-
-    %% If f1 is cover compiled, a process P is started with a
-    %% reference to the fun created in start_ok/0, and
-    %% cover:stop() is called, then P should survive.
-    %% This is because (the fun held by) P always references the current
-    %% version of the module, and is thus not affected by the cover
-    %% compiled version being unloaded.
-    ?line Pid2 = f1:start_ok(),
+    Pid1 = f1:start_a(),
+    Pid2 = f1:start_b(),
 
     %% Now stop cover
     ?line cover:stop(),
     
-    %% Ensure that f1 is loaded (and not cover compiled), that Pid1
-    %% is dead and Pid2 is alive, but with no reference to old code
+    %% Ensure that f1 is loaded (and not cover compiled), and that
+    %% both Pid1 and Pid2 are dead.
     case code:which(f1) of
 	Beam when is_list(Beam) ->
 	    ok;
@@ -608,19 +617,15 @@ otp_6115_1(Config) ->
 	undefined ->
 	    ok;
 	_PI1 ->
-	    RefToOldP = erlang:check_process_code(Pid1, f1),
-	    ?line ?t:fail({"Pid1 still alive", RefToOldP})
+	    RefToOldP1 = erlang:check_process_code(Pid1, f1),
+	    ?t:fail({"Pid1 still alive", RefToOldP1})
     end,
     case process_info(Pid2) of
-	PI2 when is_list(PI2) ->
-	    case erlang:check_process_code(Pid2, f2) of
-		false ->
-		    ok;
-		true ->
-		    ?line ?t:fail("Pid2 has ref to old code")
-	    end;
 	undefined ->
-	    ?line ?t:fail("Pid2 has died")
+	    ok;
+	_PI2 ->
+	    RefToOldP2 = erlang:check_process_code(Pid1, f2),
+	    ?t:fail({"Pid2 still alive", RefToOldP2})
     end,
 
     ?line file:set_cwd(CWD),
diff --git a/lib/tools/test/cover_SUITE_data/otp_6115/f1.erl b/lib/tools/test/cover_SUITE_data/otp_6115/f1.erl
index b659e5d818..5399b33f19 100644
--- a/lib/tools/test/cover_SUITE_data/otp_6115/f1.erl
+++ b/lib/tools/test/cover_SUITE_data/otp_6115/f1.erl
@@ -1,12 +1,13 @@
 -module(f1).
--export([start_fail/0, start_ok/0]).
+-export([start_a/0, start_b/0]).
 
-start_fail() ->
+start_a() ->
     f2:start(fun() -> 
-		     io:format("this does not work\n",[]) 
+		     ok
 	     end).
 
-start_ok() ->
+start_b() ->
     f2:start(fun fun1/0).
+
 fun1() ->
-    io:format("this works\n",[]).
+    ok.
diff --git a/lib/tools/test/eprof_SUITE.erl b/lib/tools/test/eprof_SUITE.erl
index ecdbc5ce57..3283fa571f 100644
--- a/lib/tools/test/eprof_SUITE.erl
+++ b/lib/tools/test/eprof_SUITE.erl
@@ -183,8 +183,14 @@ eed(Config) when is_list(Config) ->
     ?line ok = eprof:log("eprof_SUITE_logfile"),
     ?line stopped = eprof:stop(),
     ?line ?t:timetrap_cancel(TTrap),
-    S = lists:flatten(io_lib:format("~p times slower", [10*(T3-T2)/(T2-T1)])),
-    {comment,S}.
+    try
+	S = lists:flatten(io_lib:format("~p times slower",
+					[10*(T3-T2)/(T2-T1)])),
+	{comment,S}
+    catch
+	error:badarith ->
+	    {comment,"No time elapsed. Bad clock? Fast computer?"}
+    end.
 
 ensure_eprof_stopped() ->
     Pid = whereis(eprof),
diff --git a/lib/tools/test/eprof_SUITE_data/ed.script b/lib/tools/test/eprof_SUITE_data/ed.script
index 94531a9e98..fe1625bc50 100644
--- a/lib/tools/test/eprof_SUITE_data/ed.script
+++ b/lib/tools/test/eprof_SUITE_data/ed.script
@@ -1,5 +1,7 @@
 H
 r eed.erl
+1,$s/Created :/Skapad  :/p
+/^cmd_line/,/^file/-1p
 g/^[a-z][a-zA-Z_]*\(/i\
 %%% -------------------------------------------------------------\
 %%% A stupid function header.\
diff --git a/lib/tools/test/eprof_SUITE_data/eed.erl b/lib/tools/test/eprof_SUITE_data/eed.erl
index 0175abdd0e..520c5f3dd1 100644
--- a/lib/tools/test/eprof_SUITE_data/eed.erl
+++ b/lib/tools/test/eprof_SUITE_data/eed.erl
@@ -10,6 +10,8 @@
 
 -export([edit/0, edit/1, file/1, cmd_line/1]).
 
+-compile({no_auto_import,[error/1]}).
+
 -record(state, {dot = 0,			% Line number of dot.
 		upto_dot = [],			% Lines up to dot (reversed).
 		after_dot = [],			% Lines after dot.
@@ -60,7 +62,7 @@ loop(St0) ->
 	    ok;
 	{error, Reason} ->
 	    loop(print_error(Reason, St1));
-	St2 when record(St2, state) ->
+	St2 when is_record(St2, state) ->
 	    loop(St2)
     end.
 
@@ -68,7 +70,7 @@ command(Cmd, St) ->
     case parse_command(Cmd, St) of
 	quit ->
 	    quit;
-	St1 when function(St1#state.print) ->
+	St1 when is_function(St1#state.print) ->
 	    if
 		St1#state.dot /= 0 ->
 		    print_current(St1);
@@ -76,7 +78,7 @@ command(Cmd, St) ->
 		    ok
 	    end,
 	    St1#state{print=false};
-	St1 when record(St1, state) ->
+	St1 when is_record(St1, state) ->
 	    St1
     end.
 
@@ -103,13 +105,13 @@ get_input([C|Rest], St, Result) ->
 get_line1(Io, Prompt, Result) ->
     get_line2(Io, io:get_line(Io, Prompt), Result).
 
-get_line2(Io, eof, []) ->
+get_line2(_Io, eof, []) ->
     eof;
-get_line2(Io, eof, Result) ->
+get_line2(_Io, eof, Result) ->
     lists:reverse(Result);
 get_line2(Io, [$\\, $\n], Result) ->
     get_line1(Io, '', [$\n|Result]);
-get_line2(Io, [$\n], Result) ->
+get_line2(_Io, [$\n], Result) ->
     lists:reverse(Result, [$\n]);
 get_line2(Io, [C|Rest], Result) ->
     get_line2(Io, Rest, [C|Result]).
@@ -193,7 +195,7 @@ get_one1([$+|Rest], Sum, St) ->
     get_one2({ok, 1, Rest}, 1, Sum, St);
 get_one1([$-|Rest], Sum, St) ->
     get_one2({ok, 1, Rest}, -1, Sum, St);
-get_one1(Cmd, false, St) ->
+get_one1(_Cmd, false, _St) ->
     false;
 get_one1(Cmd, Sum, St) ->
     {ok, Sum, Cmd, St}.
@@ -222,13 +224,13 @@ get_address([$', Mark|Rest], St) when $a =< Mark, Mark =< $z ->
 	false ->
 	    {ok, 0, Rest, St}
     end;
-get_address([$'|Rest], State) ->
+get_address([$'|_Rest], _State) ->
     error(bad_mark);
 get_address([$/|Rest], State) ->
     scan_forward($/, Rest, State);
-get_address([$?|Rest], State) ->
+get_address([$?|_Rest], _State) ->
     error(not_implemented);
-get_address(Cmd, St) ->
+get_address(_Cmd, _St) ->
     false.
 
 scan_forward(End, Patt0, State) ->
@@ -238,8 +240,8 @@ scan_forward(End, Patt0, State) ->
     scan_forward1(Dot+1, After, NewState, Rest).
 
 scan_forward1(Linenum, [Line|Rest], State, RestCmd) ->
-    case regexp:first_match(Line#line.contents, State#state.pattern) of
-	{match, _, _} ->
+    case re:run(Line#line.contents, State#state.pattern, [{capture, none}]) of
+	match ->
 	    {ok, Linenum, RestCmd, State};
 	nomatch ->
 	    scan_forward1(Linenum+1, Rest, State, RestCmd)
@@ -254,13 +256,14 @@ scan_forward1(_, [], State, RestCmd) ->
 	    Other
     end.
 
-scan_forward2(0, [], State, RestCmd) ->
+scan_forward2(0, [], _State, _RestCmd) ->
     false;
 scan_forward2(Linenum, [Line|Rest], State, RestCmd) ->
     case scan_forward2(Linenum-1, Rest, State, RestCmd) of
 	false ->
-	    case regexp:first_match(Line#line.contents, State#state.pattern) of
-		{match, _, _} ->
+	    case re:run(Line#line.contents, State#state.pattern,
+			[{capture, none}]) of
+		match ->
 		    {ok, Linenum, RestCmd, State};
 		nomatch ->
 		    false
@@ -296,7 +299,7 @@ parse_cmd_char($t, Cont) -> Cont(fun transpose_command/3, 2, dot);
 parse_cmd_char($u, Cont) -> Cont(fun undo_command/3, 0, none);
 parse_cmd_char($v, Cont) -> Cont(fun vglobal_command/3, 2, all);
 parse_cmd_char($w, Cont) -> Cont(fun write_command/3, 2, all);
-parse_cmd_char(_, Cont)  -> error(bad_command).
+parse_cmd_char(_, _Cont)  -> error(bad_command).
 
 execute_command(Fun, NumLines, Def, State, Nums, Rest) ->
     Lines = check_lines(NumLines, Def, Nums, State),
@@ -380,7 +383,7 @@ change_command(Rest, Lines, St0) ->
 
 %% (.,.)d - delete lines
 
-delete_command(Rest, [0, Last], St) ->
+delete_command(_Rest, [0, _Last], _St) ->
     error(bad_linenum);
 delete_command(Rest, [First, Last], St0) ->
     St1 = check_trailing_p(Rest, save_for_undo(St0)),
@@ -396,7 +399,7 @@ delete(Left, St0) ->
 
 %% e file - replace buffer with new file
 
-enter_command(Name, [], St) when St#state.modified == true ->
+enter_command(_Name, [], St) when St#state.modified == true ->
     error(buffer_modified);
 enter_command(Name, [], St0) ->
     enter_always_command(Name, [], St0).
@@ -439,7 +442,7 @@ mark(Sense, [First, Last], St0) ->
     St1 = move_to(Last, St0),
     mark1(Sense, First-1, St1).
 
-mark1(Sense, First, St) when St#state.dot == First ->
+mark1(_Sense, First, St) when St#state.dot == First ->
     St;
 mark1(Sense, First, St) ->
     [Line|Prev] = St#state.upto_dot,
@@ -507,16 +510,16 @@ help_always_command([], [], St) ->
 
 %% (.)i - insert text
 
-insert_command(Rest, [0], State) ->
+insert_command(_Rest, [0], _State) ->
     error(bad_linenum);
 insert_command(Rest, [Line], State) ->
     append_command(Rest, [Line-1], State).
 
 %% (.)kx - mark line
 
-mark_command(_, [0], St) ->
+mark_command(_, [0], _St) ->
     error(bad_linenum);
-mark_command([Mark|Rest], [Line], St) when $a =< Mark, Mark =< $z ->
+mark_command([Mark|_Rest], [_Line], _St) when $a =< Mark, Mark =< $z ->
     error(not_implemented);
 mark_command(_, _, _) ->
     error(bad_mark).
@@ -528,12 +531,12 @@ list_command(Rest, Lines, St) ->
 
 %% (.,.)m - move lines
 
-move_command(Cmd, [First, Last], St) ->
+move_command(_Cmd, [_First, _Last], _St) ->
     error(not_implemented).
 
 %% (.,.)t - copy lines
 
-transpose_command(Cmd, [First, Last], St) ->
+transpose_command(_Cmd, [_First, _Last], _St) ->
     error(not_implemented).
 
 %% (.,.)n - print lines with line numbers
@@ -604,39 +607,41 @@ read(After, Name, St0) ->
 
 subst_command(_, [0, _], _) ->
     error(bad_linenum);
-subst_command([$ |Cmd0], [First, Last], St0) ->
+subst_command([$ |_Cmd0], [_First, _Last], _St0) ->
     error(bad_delimiter);
-subst_command([$\n|Cmd0], [First, Last], St0) ->
+subst_command([$\n|_Cmd0], [_First, _Last], _St0) ->
     error(bad_delimiter);
 subst_command([Sep|Cmd0], [First, Last], St0) ->
     St1 = save_for_undo(St0),
     {ok, Cmd1, St2} = get_pattern(Sep, Cmd0, St1),
     {ok, Replacement, Cmd2} = get_replacement(Sep, Cmd1),
-    {ok, Sub, Cmd3} = subst_check_gflag(Cmd2),
+    {ok, Opts, Cmd3} = subst_check_gflag(Cmd2),
     St3 = check_trailing_p(Cmd3, St2),
-    subst_command(Last-First+1, Sub, Replacement, move_to(First-1, St3), nomatch);
+    subst_command(Last-First+1, Opts, Replacement,
+		  move_to(First-1, St3), nomatch);
 subst_command([], _, _) ->
     error(bad_delimiter).
     
 subst_command(0, _, _, _, nomatch) ->
     error(nomatch);
-subst_command(0, _, _, _, StLast) when record(StLast, state) ->
+subst_command(0, _, _, _, StLast) when is_record(StLast, state) ->
     StLast;
-subst_command(Left, Sub, Repl, St0, LastMatch) ->
+subst_command(Left, Opts, Repl, St0, LastMatch) ->
     St1 = next_line(St0),
     [Line|_] = St1#state.upto_dot,
-    case regexp:Sub(Line#line.contents, St1#state.pattern, Repl) of
-	{ok, _, 0} ->
-	    subst_command(Left-1, Sub, Repl, St1, LastMatch);
-	{ok, NewContents, _} ->
+    Contents = Line#line.contents,
+    case re:replace(Contents, St1#state.pattern, Repl, Opts) of
+	Contents ->
+	    subst_command(Left-1, Opts, Repl, St1, LastMatch);
+	NewContents ->
 	    %% XXX This doesn't work with marks.
 	    St2 = delete_current_line(St1),
 	    St3 = insert_line(NewContents, St2),
-	    subst_command(Left-1, Sub, Repl, St3, St3)
+	    subst_command(Left-1, Opts, Repl, St3, St3)
     end.
 
-subst_check_gflag([$g|Cmd]) -> {ok, gsub, Cmd};
-subst_check_gflag(Cmd)      -> {ok, sub, Cmd}.
+subst_check_gflag([$g|Cmd]) -> {ok, [global,{return,list}], Cmd};
+subst_check_gflag(Cmd)      -> {ok, [{return,list}], Cmd}.
 
 %% u - undo
 
@@ -649,7 +654,7 @@ undo_command(_, _, _) ->
 
 %% (1,$)w - write buffer to file
 
-write_command(Cmd, [First, Last], St) ->
+write_command(_Cmd, [_First, _Last], _St) ->
     error(not_implemented).
     
 
@@ -721,7 +726,7 @@ get_pattern(End, Cmd, State) ->
 get_pattern(End, [End|Rest], State, []) when State#state.pattern /= undefined ->
     {ok, Rest, State};
 get_pattern(End, [End|Rest], State, Result) ->
-    case regexp:parse(lists:reverse(Result)) of
+    case re:compile(lists:reverse(Result)) of
 	{error, _} ->
 	    error(bad_pattern);
 	{ok, Re} ->
@@ -754,7 +759,7 @@ check_trailing_p([$p], St) ->
     St#state{print=fun(Line, _) -> io:put_chars(Line) end};
 check_trailing_p([], State) ->
     State;
-check_trailing_p(Other, State) ->
+check_trailing_p(_Other, _State) ->
     error(garbage_after_command).
 
 error(Reason) ->
@@ -765,9 +770,9 @@ match(State) when State#state.dot == 0 ->
 match(State) ->
     [Line|_] = State#state.upto_dot,
     Re = State#state.pattern,
-    case regexp:first_match(Line#line.contents, Re) of
-	{match, _, _} -> true;
-	nomatch       -> false
+    case re:run(Line#line.contents, Re, [{capture, none}]) of
+	match   -> true;
+	nomatch -> false
     end.
 
 skip_blanks([$ |Rest]) ->
diff --git a/lib/tools/test/lcnt_SUITE.erl b/lib/tools/test/lcnt_SUITE.erl
index f2afa60e33..1bee6021ab 100644
--- a/lib/tools/test/lcnt_SUITE.erl
+++ b/lib/tools/test/lcnt_SUITE.erl
@@ -34,7 +34,7 @@
 	]).
 
 %% Default timetrap timeout (set in init_per_testcase)
--define(default_timeout, ?t:minutes(2)).
+-define(default_timeout, ?t:minutes(4)).
 
 init_per_suite(Config) when is_list(Config) ->
     Config.
@@ -49,6 +49,7 @@ init_per_testcase(_Case, Config) ->
 end_per_testcase(_Case, Config) ->
     Dog = ?config(watchdog, Config),
     ?t:timetrap_cancel(Dog),
+    catch lcnt:stop(),
     ok.
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
diff --git a/lib/tools/test/xref_SUITE.erl b/lib/tools/test/xref_SUITE.erl
index 2f83ab4995..e0876381ca 100644
--- a/lib/tools/test/xref_SUITE.erl
+++ b/lib/tools/test/xref_SUITE.erl
@@ -46,7 +46,8 @@
 -export([
 	 add/1, default/1, info/1, lib/1, read/1, read2/1, remove/1,
 	 replace/1, update/1, deprecated/1, trycatch/1,
-         abstract_modules/1, fun_mfa/1, qlc/1]).
+         abstract_modules/1, fun_mfa/1, fun_mfa_r14/1,
+	 fun_mfa_vars/1, qlc/1]).
 
 -export([
 	 analyze/1, basic/1, md/1, q/1, variables/1, unused_locals/1]).
@@ -82,7 +83,7 @@ groups() ->
      {files, [],
       [add, default, info, lib, read, read2, remove, replace,
        update, deprecated, trycatch, abstract_modules, fun_mfa,
-       qlc]},
+       fun_mfa_r14, fun_mfa_vars, qlc]},
      {analyses, [],
       [analyze, basic, md, q, variables, unused_locals]},
      {misc, [], [format_error, otp_7423, otp_7831]}].
@@ -1771,6 +1772,88 @@ fun_mfa(Conf) when is_list(Conf) ->
     ?line ok = file:delete(Beam),
     ok.
 
+%% Same as the previous test case, except that we use a BEAM file
+%% that was compiled by an R14 compiler to test backward compatibility.
+fun_mfa_r14(Conf) when is_list(Conf) ->
+    Dir = ?config(data_dir, Conf),
+    MFile = fname(Dir, "fun_mfa_r14"),
+
+    A = fun_mfa_r14,
+    {ok, _} = xref:start(s),
+    {ok, A} = xref:add_module(s, MFile, {warnings,false}),
+    {ok, [{{{A,t,0},{'$M_EXPR','$F_EXPR',0}},[7]},
+	  {{{A,t,0},{A,t,0}},[6]},
+	  {{{A,t1,0},{'$M_EXPR','$F_EXPR',0}},[11]},
+	  {{{A,t1,0},{A,t,0}},[10]},
+	  {{{A,t2,0},{A,t,0}},[14]},
+	  {{{A,t3,0},{A,t3,0}},[17]}]} =
+        xref:q(s, "(Lin) E"),
+
+    ok = check_state(s),
+    xref:stop(s),
+
+    ok.
+
+%% fun M:F/A with varibles.
+fun_mfa_vars(Conf) when is_list(Conf) ->
+    Dir = ?copydir,
+    File = fname(Dir, "fun_mfa_vars.erl"),
+    MFile = fname(Dir, "fun_mfa_vars"),
+    Beam = fname(Dir, "fun_mfa_vars.beam"),
+    Test = <<"-module(fun_mfa_vars).
+
+              -export([t/1, t1/1, t2/3]).
+
+              t(Mod) ->
+                  F = fun Mod:bar/2,
+                  (F)(a, b).
+
+              t1(Name) ->
+                  F = fun ?MODULE:Name/1,
+                  (F)(a).
+
+              t2(Mod, Name, Arity) ->
+                  F = fun Mod:Name/Arity,
+                  (F)(a).
+
+              t3(Arity) ->
+                  F = fun ?MODULE:t/Arity,
+                  (F)(1, 2, 3).
+
+              t4(Mod, Name) ->
+                  F = fun Mod:Name/3,
+                  (F)(a, b, c).
+
+              t5(Mod, Arity) ->
+                  F = fun Mod:t/Arity,
+                  (F)().
+             ">>,
+
+    ok = file:write_file(File, Test),
+    A = fun_mfa_vars,
+    {ok, A} = compile:file(File, [report,debug_info,{outdir,Dir}]),
+    {ok, _} = xref:start(s),
+    {ok, A} = xref:add_module(s, MFile, {warnings,false}),
+    {ok, [{{{A,t,1},{'$M_EXPR','$F_EXPR',2}},[7]},
+	  {{{A,t,1},{'$M_EXPR',bar,2}},[6]},
+	  {{{A,t1,1},{'$M_EXPR','$F_EXPR',1}},[11]},
+	  {{{A,t1,1},{A,'$F_EXPR',1}},[10]},
+	  {{{A,t2,3},{'$M_EXPR','$F_EXPR',-1}},[14]},
+	  {{{A,t2,3},{'$M_EXPR','$F_EXPR',1}},[15]},
+	  {{{A,t3,1},{'$M_EXPR','$F_EXPR',3}},[19]},
+	  {{{A,t3,1},{fun_mfa_vars,t,-1}},[18]},
+	  {{{A,t4,2},{'$M_EXPR','$F_EXPR',3}},[22,23]},
+	  {{{A,t5,2},{'$M_EXPR','$F_EXPR',0}},[27]},
+	  {{{A,t5,2},{'$M_EXPR',t,-1}},[26]}]} =
+	xref:q(s, "(Lin) E"),
+
+    ok = check_state(s),
+    xref:stop(s),
+
+    ok = file:delete(File),
+    ok = file:delete(Beam),
+    ok.
+
 qlc(suite) -> [];
 qlc(doc) -> ["OTP-5195: A bug fix when using qlc:q/1,2."];
 qlc(Conf) when is_list(Conf) ->
diff --git a/lib/tools/test/xref_SUITE_data/fun_mfa_r14.beam b/lib/tools/test/xref_SUITE_data/fun_mfa_r14.beam
new file mode 100644
index 0000000000..4645525690
--- /dev/null
+++ b/lib/tools/test/xref_SUITE_data/fun_mfa_r14.beam
diff --git a/lib/tools/test/xref_SUITE_data/fun_mfa_r14.erl b/lib/tools/test/xref_SUITE_data/fun_mfa_r14.erl
new file mode 100644
index 0000000000..293bd83a8b
--- /dev/null
+++ b/lib/tools/test/xref_SUITE_data/fun_mfa_r14.erl
@@ -0,0 +1,18 @@
+-module(fun_mfa_r14).
+
+-export([t/0, t1/0, t2/0, t3/0]).
+
+t() ->
+    F = fun ?MODULE:t/0,
+    (F)().
+
+t1() ->
+    F = fun t/0,
+    (F)().
+
+t2() ->
+    fun ?MODULE:t/0().
+
+t3() ->
+    fun t3/0().
+             
diff --git a/lib/tools/vsn.mk b/lib/tools/vsn.mk
index 2d63a33554..269d3d7773 100644
--- a/lib/tools/vsn.mk
+++ b/lib/tools/vsn.mk
@@ -1 +1 @@
-TOOLS_VSN = 2.6.6.5
+TOOLS_VSN = 2.6.6.6
diff --git a/lib/tv/doc/src/Makefile b/lib/tv/doc/src/Makefile
index f30e0307a9..21478d0931 100644
--- a/lib/tv/doc/src/Makefile
+++ b/lib/tv/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -26,14 +26,6 @@ VSN=$(TV_VSN)
 APPLICATION=tv
 
 # ----------------------------------------------------
-# Include dependency
-# ----------------------------------------------------
-
-ifndef DOCSUPPORT
-include make.dep
-endif
-
-# ----------------------------------------------------
 # Release directory specification
 # ----------------------------------------------------
 RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -89,32 +81,10 @@ EXTRA_FILES = \
 
 MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
 
-ifdef DOCSUPPORT
-
 HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
 
 TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
 
-else
-
-TEX_FILES_BOOK = \
-	$(BOOK_FILES:%.xml=%.tex)
-TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
-	$(XML_APPLICATION_FILES:%.xml=%.tex)
-TEX_FILES_USERS_GUIDE = \
-	$(XML_CHAPTER_FILES:%.xml=%.tex)
-
-TOP_PDF_FILE = tv-$(VSN).pdf
-TOP_PS_FILE  = tv-$(VSN).ps
-
-$(TOP_PDF_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
-
-$(TOP_PS_FILE): book.dvi ../../vsn.mk
-	$(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
-
-endif
-
 # ----------------------------------------------------
 # FLAGS 
 # ----------------------------------------------------
@@ -127,8 +97,6 @@ DVIPS_FLAGS +=
 $(HTMLDIR)/%.gif: %.gif
 	$(INSTALL_DATA) $< $@
 
-ifdef DOCSUPPORT
-
 docs: pdf html man
 
 $(TOP_PDF_FILE): $(XML_FILES)
@@ -144,31 +112,6 @@ clean clean_docs:
 	rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
 	rm -f errs core *~ 
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-docs: pdf
-else
-ifeq ($(DOCTYPE),ps)
-docs: ps
-else
-docs: html gifs man
-endif
-endif
-
-pdf: $(TOP_PDF_FILE)
-
-ps: $(TOP_PS_FILE)
-
-html: $(HTML_FILES) gifs
-
-clean clean_docs clean_tex:
-	rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
-	rm -f $(HTML_FILES) $(MAN3_FILES)
-	rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
-	rm -f errs core *~ $(LATEX_CLEAN) 
-endif
-
 man: $(MAN3_FILES)
 
 gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
@@ -181,8 +124,6 @@ debug opt:
 # ---------------------------------------------------- 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
-ifdef DOCSUPPORT
-
 release_docs_spec: docs
 	$(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
 	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
@@ -193,29 +134,5 @@ release_docs_spec: docs
 	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
 	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
 
-else
-
-ifeq ($(DOCTYPE),pdf)
-release_docs_spec: pdf
-	$(INSTALL_DIR) $(RELEASE_PATH)/pdf
-	$(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
-else
-ifeq ($(DOCTYPE),ps)
-release_docs_spec: ps
-	$(INSTALL_DIR) $(RELEASE_PATH)/ps
-	$(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
-else
-release_docs_spec: docs
-	$(INSTALL_DIR) $(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
-		$(RELSYSDIR)/doc/html
-	$(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
-	$(INSTALL_DIR) $(RELEASE_PATH)/man/man3
-	$(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
-endif
-endif
-
-endif
-
 release_spec:
 
diff --git a/lib/tv/doc/src/make.dep b/lib/tv/doc/src/make.dep
deleted file mode 100644
index 8437e320c6..0000000000
--- a/lib/tv/doc/src/make.dep
+++ /dev/null
@@ -1,32 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex part.tex ref_man.tex table_visualizer_chapter.tex \
-		tv.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-# ----------------------------------------------------
-# Pictures that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: info_window.ps set_poll_int.ps tv_create_table.ps \
-		tv_record_editor_mnesia.ps tv_row_marked.ps \
-		tv_row_marked_popup.ps tv_search_result.ps \
-		tv_search_window.ps tv_start.ps tv_start_mnesia.ps \
-		tv_start_other_node.ps tv_start_pid_sorted.ps \
-		tv_start_system.ps tv_start_system_unreadable.ps \
-		tv_table_browser.ps tv_table_browser_updated.ps
-
diff --git a/lib/tv/doc/src/notes.xml b/lib/tv/doc/src/notes.xml
index 77a6a43d51..97c99e6202 100644
--- a/lib/tv/doc/src/notes.xml
+++ b/lib/tv/doc/src/notes.xml
@@ -30,6 +30,21 @@
   </header>
   <p>This document describes the changes made to the TV application.</p>
 
+<section><title>TV 2.1.4.8</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>TV 2.1.4.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/tv/src/tv_db_search.erl b/lib/tv/src/tv_db_search.erl
index edd3c188e2..7bf5c4c048 100644
--- a/lib/tv/src/tv_db_search.erl
+++ b/lib/tv/src/tv_db_search.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -244,10 +244,10 @@ get_entry_text() ->
 
 
 string_to_regexp(Str) ->
-    case regexp:parse(Str) of
+    case re:compile(Str) of
 	{ok, RegExp} ->
 	    {ok, RegExp};
-	_Error ->
+	{error, _Error} ->
 	    case get(error_msg_mode) of
 		normal ->
 		    {error, {not_a_regexp, "Please enter a regular expression!"}};
@@ -410,33 +410,11 @@ search_for_regexp(Pattern, Elem, ListAsStr) ->
 		lists:flatten(tv_io_lib:write(Elem))
 	end,
 
-    case regexp:first_match(ListToSearch, Pattern) of
-	{match, _, _} ->
+    case re:run(ListToSearch, Pattern, [{capture,none}]) of
+	match ->
 	    found;
-	_Other ->
+	nomatch ->
 	    not_found
-	    %% The code below shall be used instead if it is desired to 
-	    %% compare each *element* in the tuples to the regular expression,
-	    %% i.e., treat each element as a new line/string.
-	    %% The difference is most easily explained through an example:
-	    %% If we treat each tuple as a new line/string, the regular expression
-	    %% "^{win" will match the string "{win, 1, 2, 3}", but not the string 
-	    %% "{1, {win,2}}".
-	    %% If we treat each element as a new line/string, the RE "^{win" will match
-	    %% both strings above.
-    
-	    %% SearchList = tuple_to_list(Elem),
-	    %% case lists:dropwhile(
-	    %%	   fun(H) ->
-	    %%		   nomatch == regexp:first_match(lists:flatten(io_lib:write(H)), 
-	    %%						 Pattern)
-	    %%	   end,
-	    %%	   SearchList) of
-	    %%	[] ->
-	    %%	    not_found;
-	    %%	_AnyList ->
-	    %%	    found
-	    %% end
     end.
 
 
diff --git a/lib/tv/src/tv_main.erl b/lib/tv/src/tv_main.erl
index 2f743c2397..36cf92bee3 100644
--- a/lib/tv/src/tv_main.erl
+++ b/lib/tv/src/tv_main.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -312,7 +312,7 @@ analyze_error(Cause, Node, Table) ->
             handle_error(mnesia_not_started, Node, Table);
         {badrpc, {'EXIT', {aborted, {node_not_running,_ErrNode}}}} ->
             handle_error(mnesia_not_started, Node, Table);
-	{'EXIT', {undef, {mnesia,_Fcn,_Args}}} ->
+	{'EXIT', {undef, {mnesia,_Fcn,_Args,_}}} ->
 	    handle_error(mnesia_not_started, Node, Table);
 
         {'EXIT', Reason} ->
diff --git a/lib/tv/src/tv_mnesia_rpc.erl b/lib/tv/src/tv_mnesia_rpc.erl
index a2385714ec..b2434fcdd3 100644
--- a/lib/tv/src/tv_mnesia_rpc.erl
+++ b/lib/tv/src/tv_mnesia_rpc.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -87,6 +87,8 @@ chk(Result) ->
 	    throw(mnesia_not_started);
 	{badrpc, _Reason} ->
 	    throw(mnesia_not_started);
+	{'EXIT', {undef, {mnesia,_Fcn,_Args,_}}} ->
+	    throw(mnesia_not_started);
 	{'EXIT', {undef, {mnesia,_Fcn,_Args}}} ->
 	    throw(mnesia_not_started);
 	
diff --git a/lib/tv/vsn.mk b/lib/tv/vsn.mk
index 43e3d2ebce..756aae2096 100644
--- a/lib/tv/vsn.mk
+++ b/lib/tv/vsn.mk
@@ -1 +1 @@
-TV_VSN = 2.1.4.7
+TV_VSN = 2.1.4.8
diff --git a/lib/typer/src/typer.erl b/lib/typer/src/typer.erl
index f2a70f49b7..6392f5765f 100644
--- a/lib/typer/src/typer.erl
+++ b/lib/typer/src/typer.erl
@@ -119,9 +119,9 @@ extract(#analysis{macros = Macros,
 	      {ok, RecDict} ->
 		Mod = list_to_atom(filename:basename(File, ".erl")),
 		case dialyzer_utils:get_spec_info(Mod, AbstractCode, RecDict) of
-		  {ok, SpecDict} ->
+		  {ok, SpecDict, CbDict} ->
 		    CS1 = dialyzer_codeserver:store_temp_records(Mod, RecDict, CS),
-		    dialyzer_codeserver:store_temp_contracts(Mod, SpecDict, CS1);
+		    dialyzer_codeserver:store_temp_contracts(Mod, SpecDict, CbDict, CS1);
 		  {error, Reason} -> compile_error([Reason])
 		end;
 	      {error, Reason} -> compile_error([Reason])
@@ -682,10 +682,10 @@ analyze_result(show_succ, Args, Analysis) ->
 analyze_result(no_spec, Args, Analysis) ->
   {Args, Analysis#analysis{no_spec = true}};
 analyze_result({pa, Dir}, Args, Analysis) ->
-  code:add_patha(Dir),
+  true = code:add_patha(Dir),
   {Args, Analysis};
 analyze_result({pz, Dir}, Args, Analysis) ->
-  code:add_pathz(Dir),
+  true = code:add_pathz(Dir),
   {Args, Analysis}.
 
 %%--------------------------------------------------------------------
@@ -873,16 +873,16 @@ collect_one_file_info(File, Analysis) ->
 	      Mod = cerl:concrete(cerl:module_name(Core)),
 	      case dialyzer_utils:get_spec_info(Mod, AbstractCode, Records) of
 		{error, Reason} -> compile_error([Reason]);
-		{ok, SpecInfo} ->
+		{ok, SpecInfo, CbInfo} ->
                   ExpTypes = get_exported_types_from_core(Core),
-		  analyze_core_tree(Core, Records, SpecInfo, ExpTypes,
-                                    Analysis, File)
+		  analyze_core_tree(Core, Records, SpecInfo, CbInfo,
+				    ExpTypes, Analysis, File)
 	      end
 	  end
       end
   end.
 
-analyze_core_tree(Core, Records, SpecInfo, ExpTypes, Analysis, File) ->
+analyze_core_tree(Core, Records, SpecInfo, CbInfo, ExpTypes, Analysis, File) ->
   Module = cerl:concrete(cerl:module_name(Core)),
   TmpTree = cerl:from_records(Core),
   CS1 = Analysis#analysis.codeserver,
@@ -894,7 +894,8 @@ analyze_core_tree(Core, Records, SpecInfo, ExpTypes, Analysis, File) ->
   CS5 =
     case Analysis#analysis.no_spec of
       true -> CS4;
-      false -> dialyzer_codeserver:store_temp_contracts(Module, SpecInfo, CS4)
+      false ->
+	dialyzer_codeserver:store_temp_contracts(Module, SpecInfo, CbInfo, CS4)
     end,
   OldExpTypes = dialyzer_codeserver:get_temp_exported_types(CS5),
   MergedExpTypes = sets:union(ExpTypes, OldExpTypes),
diff --git a/lib/typer/vsn.mk b/lib/typer/vsn.mk
index 9e73aed286..85a7c01424 100644
--- a/lib/typer/vsn.mk
+++ b/lib/typer/vsn.mk
@@ -1 +1 @@
-TYPER_VSN = 0.9.2
+TYPER_VSN = 0.9.3
diff --git a/lib/webtool/doc/src/make.dep b/lib/webtool/doc/src/make.dep
deleted file mode 100644
index 87526b3f73..0000000000
--- a/lib/webtool/doc/src/make.dep
+++ /dev/null
@@ -1,20 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex part.tex ref_man.tex start_webtool.tex \
-		webtool.tex webtool_chapter.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
diff --git a/lib/webtool/doc/src/notes.xml b/lib/webtool/doc/src/notes.xml
index c58a440937..a56fdd7b6f 100644
--- a/lib/webtool/doc/src/notes.xml
+++ b/lib/webtool/doc/src/notes.xml
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the Webtool
     application.</p>
 
+<section><title>WebTool 0.8.9.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>WebTool 0.8.9</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/webtool/vsn.mk b/lib/webtool/vsn.mk
index 2643be866e..690f9a22cf 100644
--- a/lib/webtool/vsn.mk
+++ b/lib/webtool/vsn.mk
@@ -1 +1 @@
-WEBTOOL_VSN=0.8.9
+WEBTOOL_VSN=0.8.9.1
diff --git a/lib/wx/Makefile b/lib/wx/Makefile
index 0bc89e08ad..9a75b2e36e 100644
--- a/lib/wx/Makefile
+++ b/lib/wx/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+# Copyright Ericsson AB 2008-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -18,12 +18,19 @@
 #
 
 include ./vsn.mk
-include ./config.mk
-SUBDIRS = src 
-ifeq ($(CAN_BUILD_DRIVER), true) 
-SUBDIRS += c_src 
-endif 
-SUBDIRS += examples doc/src
+
+ifdef TERTIARY_BOOTSTRAP
+ INSIDE_ERLSRC = true
+ SUBDIRS = src
+else # Normal build
+ include ./config.mk
+ SUBDIRS = src
+ ifeq ($(CAN_BUILD_DRIVER), true)
+ SUBDIRS += c_src
+ endif
+ SUBDIRS += examples doc/src
+endif #TERTIARY_BOOTSTRAP
+
 CLEANDIRS = $(SUBDIRS) api_gen
 
 ifeq ($(INSIDE_ERLSRC),true)
@@ -32,6 +39,7 @@ ifeq ($(INSIDE_ERLSRC),true)
 # Default Subdir Targets
 # ----------------------------------------------------
 SUB_DIRECTORIES=$(SUBDIRS)
+
 include $(ERL_TOP)/make/otp_subdir.mk
 else 
 # we are building standalone wxErlang
diff --git a/lib/wx/aclocal.m4 b/lib/wx/aclocal.m4
new file mode 100644
index 0000000000..339a15a2bb
--- /dev/null
+++ b/lib/wx/aclocal.m4
@@ -0,0 +1,1766 @@
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/wx/api_gen/gl_gen_c.erl b/lib/wx/api_gen/gl_gen_c.erl
index 0f5cb0e1f4..be2c5cf2bf 100644
--- a/lib/wx/api_gen/gl_gen_c.erl
+++ b/lib/wx/api_gen/gl_gen_c.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -238,7 +238,7 @@ decode_arg(P=#arg{name=Name,type=#type{size=BSz,name=Type,single={list,TSz}}},A0
     {P, A};
 decode_arg(P=#arg{name=Name,type=#type{name=Type,base=guard_int}},A0) ->
     A = align(4,A0),
-    w(" ~s *~s = (~s *) * (int *) bp; bp += 4;~n", [Type,Name,Type]),
+    w(" ~s *~s = (~s *) (ErlDrvSInt) * (int *) bp; bp += 4;~n", [Type,Name,Type]),
     {P, A};
 decode_arg(P=#arg{name=Name,type=#type{name=Type,base=string,single=true}},A0) ->
     w(" ~s *~s = (~s *) bp;~n", [Type,Name,Type]),
diff --git a/lib/wx/api_gen/wx_doxygen.conf b/lib/wx/api_gen/wx_doxygen.conf
index df150fd154..829702cbbf 100644
--- a/lib/wx/api_gen/wx_doxygen.conf
+++ b/lib/wx/api_gen/wx_doxygen.conf
@@ -251,6 +251,7 @@ PREDEFINED             = \
   wxUSE_DATAOBJ=1 \
   wxUSE_SLIDER=1 \
   wxUSE_CLIPBOARD=1 \
+  wxUSE_SYSTEM_OPTIONS=1 \
   wxABI_VERSION=20809 \
   __WXGTK24__=1 \
   __WXGTK20__=1 \
diff --git a/lib/wx/api_gen/wx_extra/wxEvtHandler.erl b/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
index c6810eb32c..080ebfa49f 100644
--- a/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
+++ b/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
@@ -76,7 +76,7 @@ parse_opts([{callback,Fun}|R], Opts) when is_function(Fun) ->
     %% Check Fun Arity?
     parse_opts(R, Opts#evh{cb=Fun});
 parse_opts([callback|R], Opts) ->
-    parse_opts(R, Opts#evh{cb=1});
+    parse_opts(R, Opts#evh{cb=self()});
 parse_opts([{userData, UserData}|R],Opts) ->
     parse_opts(R, Opts#evh{userdata=UserData});
 parse_opts([{skip, Skip}|R],Opts) when is_boolean(Skip) ->
diff --git a/lib/wx/api_gen/wx_gen_cpp.erl b/lib/wx/api_gen/wx_gen_cpp.erl
index 4632fdbffe..1b4c32db24 100644
--- a/lib/wx/api_gen/wx_gen_cpp.erl
+++ b/lib/wx/api_gen/wx_gen_cpp.erl
@@ -1034,6 +1034,7 @@ gen_macros() ->
     w("#include <wx/html/htmlwin.h>~n"),
     w("#include <wx/html/htmlcell.h>~n"),
     w("#include <wx/filename.h>~n"),
+    w("#include <wx/sysopt.h>~n"),
 
     w("~n~n", []),
     w("#ifndef wxICON_DEFAULT_BITMAP_TYPE~n",[]),
diff --git a/lib/wx/api_gen/wx_gen_erl.erl b/lib/wx/api_gen/wx_gen_erl.erl
index e882ae87ca..5d73d93ead 100644
--- a/lib/wx/api_gen/wx_gen_erl.erl
+++ b/lib/wx/api_gen/wx_gen_erl.erl
@@ -830,7 +830,7 @@ doc_arg_type3(#type{base={comp,_,Tup}}) ->
     Doc = fun({int,V}) -> V ++ "::integer()";
 	     ({double,V}) -> V ++ "::float()"
 	  end,
-    "{" ++ args(Doc, ",", Tup) ++ "}";
+    "{" ++ args(Doc, ", ", Tup) ++ "}";
 doc_arg_type3(T) -> ?error({unknown_type,T}).
 
 doc_return_types(T, Ps) ->
@@ -839,9 +839,9 @@ doc_return_types2(void, []) ->    "ok";
 doc_return_types2(void, [#param{type=T}]) ->     doc_arg_type2(T);
 doc_return_types2(T, []) ->                      doc_arg_type2(T);
 doc_return_types2(void, Ps) ->
-    "{" ++ args(fun doc_arg_type/1,",",Ps) ++ "}";
+    "{" ++ args(fun doc_arg_type/1,", ",Ps) ++ "}";
 doc_return_types2(T, Ps) ->
-    "{" ++ doc_arg_type2(T) ++ "," ++ args(fun doc_arg_type/1,",",Ps) ++ "}".
+    "{" ++ doc_arg_type2(T) ++ ", " ++ args(fun doc_arg_type/1,", ",Ps) ++ "}".
 
 break(xhtml) -> "<br />";
 break(_) ->     "".
diff --git a/lib/wx/api_gen/wxapi.conf b/lib/wx/api_gen/wxapi.conf
index 8ee4451057..ff618faf04 100644
--- a/lib/wx/api_gen/wxapi.conf
+++ b/lib/wx/api_gen/wxapi.conf
@@ -1755,6 +1755,9 @@
   'GetColour','GetFont','GetMetric','GetScreenType'
  ]}.
 
+{class, wxSystemOptions, object, [],
+ ['GetOption', 'GetOptionInt', 'HasOption', 'IsFalse', 'SetOption']}.
+
 {class, wxAuiNotebookEvent, wxNotifyEvent, 
  [{acc, [{old_selection, "GetOldSelection()"},
 	 {selection, "GetSelection()"},
diff --git a/lib/wx/c_src/Makefile.in b/lib/wx/c_src/Makefile.in
index 69418f62ef..d40ce88e99 100644
--- a/lib/wx/c_src/Makefile.in
+++ b/lib/wx/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+# Copyright Ericsson AB 2008-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -31,6 +31,8 @@ override TYPE=opt
 endif
 
 SO_EXT    = @SO_EXT@
+OBJC_CC=@OBJC_CC@
+OBJC_CFLAGS=@OBJC_CFLAGS@
 
 GENERAL     = wxe_driver wxe_ps_init wxe_impl wxePrintout wxe_return wxe_gl
 GENERAL_H   = wxe_driver.h wxe_impl.h wxe_return.h
@@ -116,6 +118,7 @@ endif
 GL_LIBS         = @GL_LIBS@
 
 CC_O		= $(CC) -c $(CFLAGS) $(WX_CFLAGS) $(COMMON_CFLAGS)
+OBJC_CC_O	= $(OBJC_CC) -c $(CFLAGS) $(OBJC_CFLAGS) $(WX_CFLAGS) $(COMMON_CFLAGS)
 CPP_O		= $(CPP) -c $(CXX_FLAGS) $(WX_CXX_FLAGS)  $(COMMON_CFLAGS) 
 
 # Targets
@@ -152,6 +155,10 @@ $(SYS_TYPE)/%.o: %.c
 	mkdir -p $(SYS_TYPE)
 	$(CC_O) $< -o $@
 
+$(SYS_TYPE)/wxe_ps_init.o: wxe_ps_init.c 
+	mkdir -p $(SYS_TYPE)
+	$(OBJC_CC_O) $< -o $@
+
 $(SYS_TYPE)/%.o: gen/%.cpp 
 	mkdir -p $(SYS_TYPE)
 	$(CPP_O) $< -o $@
diff --git a/lib/wx/c_src/egl_impl.cpp b/lib/wx/c_src/egl_impl.cpp
index 6d873abc44..1379f07523 100644
--- a/lib/wx/c_src/egl_impl.cpp
+++ b/lib/wx/c_src/egl_impl.cpp
@@ -70,8 +70,8 @@ typedef char DL_CHAR;
 #  define OPENGL_LIB "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib"
 #  define OPENGLU_LIB "/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib"
 # else
-#  define OPENGL_LIB "libGL.so"
-#  define OPENGLU_LIB "libGLU.so"
+#  define OPENGL_LIB "libGL.so.1"
+#  define OPENGLU_LIB "libGLU.so.1"
 # endif
 #endif
 extern "C" {
@@ -121,7 +121,7 @@ int load_gl_functions() {
 	}
       }
     }
-    dlclose(LIBhandle);
+    // dlclose(LIBhandle);
     // fprintf(stderr, "OPENGL library is loaded\r\n");
   } else {
     fprintf(stderr, "Could NOT load OpenGL library: %s\r\n", DLName);
@@ -150,7 +150,7 @@ int load_gl_functions() {
 	}
       }
     }
-    dlclose(LIBhandle);
+    // dlclose(LIBhandle);
     // fprintf(stderr, "GLU library is loaded\r\n");
   } else {
     fprintf(stderr, "Could NOT load OpenGL GLU library: %s\r\n", DLName);
@@ -195,7 +195,7 @@ egl_ogla_error(GLenum errorCode)
   // msg.Printf(wxT("Tesselation error:  %d: "), (int)errorCode);
   // msg += wxString::FromAscii((char *) err);
   // send_msg("error", &msg);
-  fprintf(stderr, "Tesselation error: %d\r\n", (int) errorCode);
+  fprintf(stderr, "Tesselation error: %d: %s\r\n", (int) errorCode, err);
 }
 
 void CALLBACK
@@ -250,7 +250,7 @@ int erl_tess_impl(char* buff, ErlDrvPort port, ErlDrvTermData caller)
   int *vertices;
   int num_vertices;
   GLdouble *n;
-  int n_pos, AP, res;
+  int n_pos, AP;
 
   num_vertices = * (int *) buff; buff += 8; /* Align */
   n = (double *) buff; buff += 8*3;
@@ -293,7 +293,7 @@ int erl_tess_impl(char* buff, ErlDrvPort port, ErlDrvTermData caller)
   rt[AP++] = ERL_DRV_TUPLE; rt[AP++] = 2; // Return tuple {list, Bin}
   rt[AP++] = ERL_DRV_TUPLE; rt[AP++] = 2; // Result tuple
 
-  res = driver_send_term(port,caller,rt,AP);
+  driver_send_term(port,caller,rt,AP);
   /* fprintf(stderr, "List %d: %d %d %d \r\n",  */
   /* 	  res, */
   /* 	  n_pos,  */
diff --git a/lib/wx/c_src/gen/gl_funcs.cpp b/lib/wx/c_src/gen/gl_funcs.cpp
index 30542a0f02..fa1476dba5 100644
--- a/lib/wx/c_src/gen/gl_funcs.cpp
+++ b/lib/wx/c_src/gen/gl_funcs.cpp
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2008-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2008-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -395,7 +395,7 @@ case 5043: { // glBitmap
  GLfloat *yorig = (GLfloat *) bp; bp += 4;
  GLfloat *xmove = (GLfloat *) bp; bp += 4;
  GLfloat *ymove = (GLfloat *) bp; bp += 4;
- GLubyte *bitmap = (GLubyte *) * (int *) bp; bp += 4;
+ GLubyte *bitmap = (GLubyte *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglBitmap(*width,*height,*xorig,*yorig,*xmove,*ymove,bitmap);
 }; break;
 case 5044: { // glBitmap
@@ -538,7 +538,7 @@ case 5073: { // glColorPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorPointer(*size,*type,*stride,pointer);
 }; break;
 case 5074: { // glColorPointer
@@ -646,7 +646,7 @@ case 5090: { // glDrawElements
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawElements(*mode,*count,*type,indices);
 }; break;
 case 5091: { // glDrawElements
@@ -661,7 +661,7 @@ case 5092: { // glDrawPixels
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawPixels(*width,*height,*format,*type,pixels);
 }; break;
 case 5093: { // glDrawPixels
@@ -678,7 +678,7 @@ case 5094: { // glEdgeFlagv
 }; break;
 case 5095: { // glEdgeFlagPointer
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglEdgeFlagPointer(*stride,pointer);
 }; break;
 case 5096: { // glEdgeFlagPointer
@@ -1265,7 +1265,7 @@ case 5149: { // glIndexMask
 case 5150: { // glIndexPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglIndexPointer(*type,*stride,pointer);
 }; break;
 case 5151: { // glIndexPointer
@@ -1300,7 +1300,7 @@ case 5157: { // glInitNames
 case 5158: { // glInterleavedArrays
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglInterleavedArrays(*format,*stride,pointer);
 }; break;
 case 5159: { // glInterleavedArrays
@@ -1561,7 +1561,7 @@ case 5199: { // glNormal3sv
 case 5200: { // glNormalPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglNormalPointer(*type,*stride,pointer);
 }; break;
 case 5201: { // glNormalPointer
@@ -1933,7 +1933,7 @@ case 5274: { // glTexCoordPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexCoordPointer(*size,*type,*stride,pointer);
 }; break;
 case 5275: { // glTexCoordPointer
@@ -2016,7 +2016,7 @@ case 5286: { // glTexImage1D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage1D(*target,*level,*internalformat,*width,*border,*format,*type,pixels);
 }; break;
 case 5287: { // glTexImage1D
@@ -2039,7 +2039,7 @@ case 5288: { // glTexImage2D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage2D(*target,*level,*internalformat,*width,*height,*border,*format,*type,pixels);
 }; break;
 case 5289: { // glTexImage2D
@@ -2087,7 +2087,7 @@ case 5294: { // glTexSubImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage1D(*target,*level,*xoffset,*width,*format,*type,pixels);
 }; break;
 case 5295: { // glTexSubImage1D
@@ -2109,7 +2109,7 @@ case 5296: { // glTexSubImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage2D(*target,*level,*xoffset,*yoffset,*width,*height,*format,*type,pixels);
 }; break;
 case 5297: { // glTexSubImage2D
@@ -2188,7 +2188,7 @@ case 5312: { // glVertexPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexPointer(*size,*type,*stride,pointer);
 }; break;
 case 5313: { // glVertexPointer
@@ -2222,7 +2222,7 @@ case 5317: { // glDrawRangeElements
  GLuint *end = (GLuint *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawRangeElements(*mode,*start,*end,*count,*type,indices);
 }; break;
 case 5318: { // glDrawRangeElements
@@ -2244,7 +2244,7 @@ case 5319: { // glTexImage3D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage3D(*target,*level,*internalformat,*width,*height,*depth,*border,*format,*type,pixels);
 }; break;
 case 5320: { // glTexImage3D
@@ -2271,7 +2271,7 @@ case 5321: { // glTexSubImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage3D(*target,*level,*xoffset,*yoffset,*zoffset,*width,*height,*depth,*format,*type,pixels);
 }; break;
 case 5322: { // glTexSubImage3D
@@ -2306,7 +2306,7 @@ case 5324: { // glColorTable
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *table = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *table = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorTable(*target,*internalformat,*width,*format,*type,table);
 }; break;
 case 5325: { // glColorTable
@@ -2389,7 +2389,7 @@ case 5332: { // glColorSubTable
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorSubTable(*target,*start,*count,*format,*type,data);
 }; break;
 case 5333: { // glColorSubTable
@@ -2415,7 +2415,7 @@ case 5335: { // glConvolutionFilter1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *image = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *image = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglConvolutionFilter1D(*target,*internalformat,*width,*format,*type,image);
 }; break;
 case 5336: { // glConvolutionFilter1D
@@ -2434,7 +2434,7 @@ case 5337: { // glConvolutionFilter2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *image = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *image = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglConvolutionFilter2D(*target,*internalformat,*width,*height,*format,*type,image);
 }; break;
 case 5338: { // glConvolutionFilter2D
@@ -2530,8 +2530,8 @@ case 5346: { // glSeparableFilter2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *row = (GLvoid *) * (int *) bp; bp += 4;
- GLvoid *column = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *row = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
+ GLvoid *column = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglSeparableFilter2D(*target,*internalformat,*width,*height,*format,*type,row,column);
 }; break;
 case 5347: { // glSeparableFilter2D
@@ -2666,7 +2666,7 @@ case 5360: { // glCompressedTexImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage3D(*target,*level,*internalformat,*width,*height,*depth,*border,*imageSize,data);
 }; break;
 case 5361: { // glCompressedTexImage3D
@@ -2689,7 +2689,7 @@ case 5362: { // glCompressedTexImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage2D(*target,*level,*internalformat,*width,*height,*border,*imageSize,data);
 }; break;
 case 5363: { // glCompressedTexImage2D
@@ -2710,7 +2710,7 @@ case 5364: { // glCompressedTexImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage1D(*target,*level,*internalformat,*width,*border,*imageSize,data);
 }; break;
 case 5365: { // glCompressedTexImage1D
@@ -2734,7 +2734,7 @@ case 5366: { // glCompressedTexSubImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage3D(*target,*level,*xoffset,*yoffset,*zoffset,*width,*height,*depth,*format,*imageSize,data);
 }; break;
 case 5367: { // glCompressedTexSubImage3D
@@ -2760,7 +2760,7 @@ case 5368: { // glCompressedTexSubImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage2D(*target,*level,*xoffset,*yoffset,*width,*height,*format,*imageSize,data);
 }; break;
 case 5369: { // glCompressedTexSubImage2D
@@ -2782,7 +2782,7 @@ case 5370: { // glCompressedTexSubImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage1D(*target,*level,*xoffset,*width,*format,*imageSize,data);
 }; break;
 case 5371: { // glCompressedTexSubImage1D
@@ -2958,7 +2958,7 @@ case 5401: { // glFogCoorddv
 case 5402: { // glFogCoordPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglFogCoordPointer(*type,*stride,pointer);
 }; break;
 case 5403: { // glFogCoordPointer
@@ -3003,7 +3003,7 @@ case 5412: { // glSecondaryColorPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglSecondaryColorPointer(*size,*type,*stride,pointer);
 }; break;
 case 5413: { // glSecondaryColorPointer
@@ -3156,7 +3156,7 @@ case 5434: { // glBufferData
  GLenum *target = (GLenum *) bp; bp += 4;
  bp += 4;
  GLsizeiptr size = (GLsizeiptr) * (GLuint64EXT *) bp; bp += 8;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLenum *usage = (GLenum *) bp; bp += 4;
  weglBufferData(*target,size,data,*usage);
 }; break;
@@ -3173,7 +3173,7 @@ case 5436: { // glBufferSubData
  bp += 4;
  GLintptr offset = (GLintptr) * (GLuint64EXT *) bp; bp += 8;
  GLsizeiptr size = (GLsizeiptr) * (GLuint64EXT *) bp; bp += 8;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglBufferSubData(*target,offset,size,data);
 }; break;
 case 5437: { // glBufferSubData
@@ -3833,7 +3833,7 @@ case 5518: { // glVertexAttribPointer
  GLboolean *normalized = (GLboolean *) bp; bp += 1;
  bp += 3;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribPointer(*index,*size,*type,*normalized,*stride,pointer);
 }; break;
 case 5519: { // glVertexAttribPointer
@@ -4051,7 +4051,7 @@ case 5541: { // glVertexAttribIPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribIPointer(*index,*size,*type,*stride,pointer);
 }; break;
 case 5542: { // glVertexAttribIPointer
@@ -4345,7 +4345,7 @@ case 5578: { // glDrawElementsInstanced
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLsizei *primcount = (GLsizei *) bp; bp += 4;
  weglDrawElementsInstanced(*mode,*count,*type,indices,*primcount);
 }; break;
@@ -5341,7 +5341,7 @@ case 5683: { // glDrawElementsBaseVertex
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawElementsBaseVertex(*mode,*count,*type,indices,*basevertex);
 }; break;
@@ -5359,7 +5359,7 @@ case 5685: { // glDrawRangeElementsBaseVertex
  GLuint *end = (GLuint *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawRangeElementsBaseVertex(*mode,*start,*end,*count,*type,indices,*basevertex);
 }; break;
@@ -5377,7 +5377,7 @@ case 5687: { // glDrawElementsInstancedBaseVertex
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLsizei *primcount = (GLsizei *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawElementsInstancedBaseVertex(*mode,*count,*type,indices,*primcount,*basevertex);
@@ -5772,7 +5772,7 @@ case 5725: { // glGetQueryObjectui64v
 }; break;
 case 5726: { // glDrawArraysIndirect
  GLenum *mode = (GLenum *) bp; bp += 4;
- GLvoid *indirect = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indirect = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawArraysIndirect(*mode,indirect);
 }; break;
 case 5727: { // glDrawArraysIndirect
@@ -5783,7 +5783,7 @@ case 5727: { // glDrawArraysIndirect
 case 5728: { // glDrawElementsIndirect
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indirect = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indirect = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawElementsIndirect(*mode,*type,indirect);
 }; break;
 case 5729: { // glDrawElementsIndirect
@@ -6718,7 +6718,7 @@ case 5840: { // glVertexAttribLPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribLPointer(*index,*size,*type,*stride,pointer);
 }; break;
 case 5841: { // glVertexAttribLPointer
diff --git a/lib/wx/c_src/gen/wxe_events.cpp b/lib/wx/c_src/gen/wxe_events.cpp
index b9769318af..cda98bfc3f 100644
--- a/lib/wx/c_src/gen/wxe_events.cpp
+++ b/lib/wx/c_src/gen/wxe_events.cpp
@@ -266,41 +266,41 @@ void initEventTable()
    {wxEVT_COMMAND_SPLITTER_DOUBLECLICKED, 218, "command_splitter_doubleclicked"},
    {wxEVT_COMMAND_SPLITTER_UNSPLIT, 218, "command_splitter_unsplit"},
    {wxEVT_COMMAND_HTML_LINK_CLICKED, 220, "command_html_link_clicked"},
-   {wxEVT_COMMAND_AUINOTEBOOK_PAGE_CLOSE, 222, "command_auinotebook_page_close"},
-   {wxEVT_COMMAND_AUINOTEBOOK_PAGE_CHANGED, 222, "command_auinotebook_page_changed"},
-   {wxEVT_COMMAND_AUINOTEBOOK_PAGE_CHANGING, 222, "command_auinotebook_page_changing"},
-   {wxEVT_COMMAND_AUINOTEBOOK_BUTTON, 222, "command_auinotebook_button"},
-   {wxEVT_COMMAND_AUINOTEBOOK_BEGIN_DRAG, 222, "command_auinotebook_begin_drag"},
-   {wxEVT_COMMAND_AUINOTEBOOK_END_DRAG, 222, "command_auinotebook_end_drag"},
-   {wxEVT_COMMAND_AUINOTEBOOK_DRAG_MOTION, 222, "command_auinotebook_drag_motion"},
-   {wxEVT_COMMAND_AUINOTEBOOK_ALLOW_DND, 222, "command_auinotebook_allow_dnd"},
+   {wxEVT_COMMAND_AUINOTEBOOK_PAGE_CLOSE, 223, "command_auinotebook_page_close"},
+   {wxEVT_COMMAND_AUINOTEBOOK_PAGE_CHANGED, 223, "command_auinotebook_page_changed"},
+   {wxEVT_COMMAND_AUINOTEBOOK_PAGE_CHANGING, 223, "command_auinotebook_page_changing"},
+   {wxEVT_COMMAND_AUINOTEBOOK_BUTTON, 223, "command_auinotebook_button"},
+   {wxEVT_COMMAND_AUINOTEBOOK_BEGIN_DRAG, 223, "command_auinotebook_begin_drag"},
+   {wxEVT_COMMAND_AUINOTEBOOK_END_DRAG, 223, "command_auinotebook_end_drag"},
+   {wxEVT_COMMAND_AUINOTEBOOK_DRAG_MOTION, 223, "command_auinotebook_drag_motion"},
+   {wxEVT_COMMAND_AUINOTEBOOK_ALLOW_DND, 223, "command_auinotebook_allow_dnd"},
 #if wxCHECK_VERSION(2,8,5)
-   {wxEVT_COMMAND_AUINOTEBOOK_TAB_MIDDLE_DOWN, 222, "command_auinotebook_tab_middle_down"},
+   {wxEVT_COMMAND_AUINOTEBOOK_TAB_MIDDLE_DOWN, 223, "command_auinotebook_tab_middle_down"},
 #endif
 #if wxCHECK_VERSION(2,8,5)
-   {wxEVT_COMMAND_AUINOTEBOOK_TAB_MIDDLE_UP, 222, "command_auinotebook_tab_middle_up"},
+   {wxEVT_COMMAND_AUINOTEBOOK_TAB_MIDDLE_UP, 223, "command_auinotebook_tab_middle_up"},
 #endif
 #if wxCHECK_VERSION(2,8,5)
-   {wxEVT_COMMAND_AUINOTEBOOK_TAB_RIGHT_DOWN, 222, "command_auinotebook_tab_right_down"},
+   {wxEVT_COMMAND_AUINOTEBOOK_TAB_RIGHT_DOWN, 223, "command_auinotebook_tab_right_down"},
 #endif
 #if wxCHECK_VERSION(2,8,5)
-   {wxEVT_COMMAND_AUINOTEBOOK_TAB_RIGHT_UP, 222, "command_auinotebook_tab_right_up"},
+   {wxEVT_COMMAND_AUINOTEBOOK_TAB_RIGHT_UP, 223, "command_auinotebook_tab_right_up"},
 #endif
 #if wxCHECK_VERSION(2,8,5)
-   {wxEVT_COMMAND_AUINOTEBOOK_PAGE_CLOSED, 222, "command_auinotebook_page_closed"},
+   {wxEVT_COMMAND_AUINOTEBOOK_PAGE_CLOSED, 223, "command_auinotebook_page_closed"},
 #endif
 #if wxCHECK_VERSION(2,8,5)
-   {wxEVT_COMMAND_AUINOTEBOOK_DRAG_DONE, 222, "command_auinotebook_drag_done"},
+   {wxEVT_COMMAND_AUINOTEBOOK_DRAG_DONE, 223, "command_auinotebook_drag_done"},
 #endif
 #if wxCHECK_VERSION(2,8,5)
-   {wxEVT_COMMAND_AUINOTEBOOK_BG_DCLICK, 222, "command_auinotebook_bg_dclick"},
+   {wxEVT_COMMAND_AUINOTEBOOK_BG_DCLICK, 223, "command_auinotebook_bg_dclick"},
 #endif
-   {wxEVT_AUI_PANE_BUTTON, 223, "aui_pane_button"},
-   {wxEVT_AUI_PANE_CLOSE, 223, "aui_pane_close"},
-   {wxEVT_AUI_PANE_MAXIMIZE, 223, "aui_pane_maximize"},
-   {wxEVT_AUI_PANE_RESTORE, 223, "aui_pane_restore"},
-   {wxEVT_AUI_RENDER, 223, "aui_render"},
-   {wxEVT_AUI_FIND_MANAGER, 223, "aui_find_manager"},
+   {wxEVT_AUI_PANE_BUTTON, 224, "aui_pane_button"},
+   {wxEVT_AUI_PANE_CLOSE, 224, "aui_pane_close"},
+   {wxEVT_AUI_PANE_MAXIMIZE, 224, "aui_pane_maximize"},
+   {wxEVT_AUI_PANE_RESTORE, 224, "aui_pane_restore"},
+   {wxEVT_AUI_RENDER, 224, "aui_render"},
+   {wxEVT_AUI_FIND_MANAGER, 224, "aui_find_manager"},
    {-1, 0, }
   };
   for(int i=0; event_types[i].ev_type != -1; i++) {
@@ -778,7 +778,7 @@ case 220: {// wxHtmlLinkEvent
     rt.addTupleCount(3);
   break;
 }
-case 222: {// wxAuiNotebookEvent
+case 223: {// wxAuiNotebookEvent
  wxAuiNotebookEvent * ev = (wxAuiNotebookEvent *) event;
  wxAuiNotebook * GetDragSource = ev->GetDragSource();
     evClass = (char*)"wxAuiNotebookEvent";
@@ -790,7 +790,7 @@ case 222: {// wxAuiNotebookEvent
     rt.addTupleCount(5);
   break;
 }
-case 223: {// wxAuiManagerEvent
+case 224: {// wxAuiManagerEvent
  wxAuiManagerEvent * ev = (wxAuiManagerEvent *) event;
  wxAuiManager * GetManager = ev->GetManager();
  wxAuiPaneInfo * GetPane = ev->GetPane();
diff --git a/lib/wx/c_src/gen/wxe_funcs.cpp b/lib/wx/c_src/gen/wxe_funcs.cpp
index afef2990b4..f456bd3287 100644
--- a/lib/wx/c_src/gen/wxe_funcs.cpp
+++ b/lib/wx/c_src/gen/wxe_funcs.cpp
@@ -31160,6 +31160,56 @@ case wxSystemSettings_GetScreenType: { // wxSystemSettings::GetScreenType
  rt.addInt(Result);
  break;
 }
+case wxSystemOptions_GetOption: { // wxSystemOptions::GetOption
+ int * nameLen = (int *) bp; bp += 4;
+ wxString name = wxString(bp, wxConvUTF8);
+ bp += *nameLen+((8-((4+ *nameLen) & 7)) & 7);
+ wxString Result = wxSystemOptions::GetOption(name);
+ rt.add(Result);
+ break;
+}
+case wxSystemOptions_GetOptionInt: { // wxSystemOptions::GetOptionInt
+ int * nameLen = (int *) bp; bp += 4;
+ wxString name = wxString(bp, wxConvUTF8);
+ bp += *nameLen+((8-((4+ *nameLen) & 7)) & 7);
+ int Result = wxSystemOptions::GetOptionInt(name);
+ rt.addInt(Result);
+ break;
+}
+case wxSystemOptions_HasOption: { // wxSystemOptions::HasOption
+ int * nameLen = (int *) bp; bp += 4;
+ wxString name = wxString(bp, wxConvUTF8);
+ bp += *nameLen+((8-((4+ *nameLen) & 7)) & 7);
+ bool Result = wxSystemOptions::HasOption(name);
+ rt.addBool(Result);
+ break;
+}
+case wxSystemOptions_IsFalse: { // wxSystemOptions::IsFalse
+ int * nameLen = (int *) bp; bp += 4;
+ wxString name = wxString(bp, wxConvUTF8);
+ bp += *nameLen+((8-((4+ *nameLen) & 7)) & 7);
+ bool Result = wxSystemOptions::IsFalse(name);
+ rt.addBool(Result);
+ break;
+}
+case wxSystemOptions_SetOption_2_1: { // wxSystemOptions::SetOption
+ int * nameLen = (int *) bp; bp += 4;
+ wxString name = wxString(bp, wxConvUTF8);
+ bp += *nameLen+((8-((4+ *nameLen) & 7)) & 7);
+ int * valueLen = (int *) bp; bp += 4;
+ wxString value = wxString(bp, wxConvUTF8);
+ bp += *valueLen+((8-((4+ *valueLen) & 7)) & 7);
+ wxSystemOptions::SetOption(name,value);
+ break;
+}
+case wxSystemOptions_SetOption_2_0: { // wxSystemOptions::SetOption
+ int * nameLen = (int *) bp; bp += 4;
+ wxString name = wxString(bp, wxConvUTF8);
+ bp += *nameLen+((8-((4+ *nameLen) & 7)) & 7);
+ int * value = (int *) bp; bp += 4;
+ wxSystemOptions::SetOption(name,(int) *value);
+ break;
+}
 case wxAuiNotebookEvent_SetSelection: { // wxAuiNotebookEvent::SetSelection
  wxAuiNotebookEvent *This = (wxAuiNotebookEvent *) getPtr(bp,memenv); bp += 4;
  int * s = (int *) bp; bp += 4;
@@ -31294,7 +31344,7 @@ case wxAuiManagerEvent_CanVeto: { // wxAuiManagerEvent::CanVeto
 }
 case wxLogNull_new: { // wxLogNull::wxLogNull
  wxLogNull * Result = new wxLogNull();
- newPtr((void *) Result, 224, memenv);
+ newPtr((void *) Result, 225, memenv);
  rt.addRef(getRef((void *)Result,memenv), "wxLogNull");
  break;
 }
@@ -31347,7 +31397,7 @@ void WxeApp::delete_object(void *ptr, wxeRefData *refd) {
   case 212: /* delete (wxFileDataObject *) ptr;These objects must be deleted by owner object */ break;
   case 213: /* delete (wxTextDataObject *) ptr;These objects must be deleted by owner object */ break;
   case 214: /* delete (wxBitmapDataObject *) ptr;These objects must be deleted by owner object */ break;
-  case 224: delete (wxLogNull *) ptr; break;
+  case 225: delete (wxLogNull *) ptr; break;
   default: delete (wxObject *) ptr;
 }}
 
diff --git a/lib/wx/c_src/gen/wxe_macros.h b/lib/wx/c_src/gen/wxe_macros.h
index be0481564f..ddc7c0155f 100644
--- a/lib/wx/c_src/gen/wxe_macros.h
+++ b/lib/wx/c_src/gen/wxe_macros.h
@@ -60,6 +60,7 @@
 #include <wx/html/htmlwin.h>
 #include <wx/html/htmlcell.h>
 #include <wx/filename.h>
+#include <wx/sysopt.h>
 
 
 #ifndef wxICON_DEFAULT_BITMAP_TYPE
@@ -3318,25 +3319,31 @@
 #define wxSystemSettings_GetFont 3489
 #define wxSystemSettings_GetMetric 3490
 #define wxSystemSettings_GetScreenType 3491
-#define wxAuiNotebookEvent_SetSelection 3492
-#define wxAuiNotebookEvent_GetSelection 3493
-#define wxAuiNotebookEvent_SetOldSelection 3494
-#define wxAuiNotebookEvent_GetOldSelection 3495
-#define wxAuiNotebookEvent_SetDragSource 3496
-#define wxAuiNotebookEvent_GetDragSource 3497
-#define wxAuiManagerEvent_SetManager 3498
-#define wxAuiManagerEvent_GetManager 3499
-#define wxAuiManagerEvent_SetPane 3500
-#define wxAuiManagerEvent_GetPane 3501
-#define wxAuiManagerEvent_SetButton 3502
-#define wxAuiManagerEvent_GetButton 3503
-#define wxAuiManagerEvent_SetDC 3504
-#define wxAuiManagerEvent_GetDC 3505
-#define wxAuiManagerEvent_Veto 3506
-#define wxAuiManagerEvent_GetVeto 3507
-#define wxAuiManagerEvent_SetCanVeto 3508
-#define wxAuiManagerEvent_CanVeto 3509
-#define wxLogNull_new 3510
-#define wxLogNull_destroy 3511
+#define wxSystemOptions_GetOption 3492
+#define wxSystemOptions_GetOptionInt 3493
+#define wxSystemOptions_HasOption 3494
+#define wxSystemOptions_IsFalse 3495
+#define wxSystemOptions_SetOption_2_1 3496
+#define wxSystemOptions_SetOption_2_0 3497
+#define wxAuiNotebookEvent_SetSelection 3498
+#define wxAuiNotebookEvent_GetSelection 3499
+#define wxAuiNotebookEvent_SetOldSelection 3500
+#define wxAuiNotebookEvent_GetOldSelection 3501
+#define wxAuiNotebookEvent_SetDragSource 3502
+#define wxAuiNotebookEvent_GetDragSource 3503
+#define wxAuiManagerEvent_SetManager 3504
+#define wxAuiManagerEvent_GetManager 3505
+#define wxAuiManagerEvent_SetPane 3506
+#define wxAuiManagerEvent_GetPane 3507
+#define wxAuiManagerEvent_SetButton 3508
+#define wxAuiManagerEvent_GetButton 3509
+#define wxAuiManagerEvent_SetDC 3510
+#define wxAuiManagerEvent_GetDC 3511
+#define wxAuiManagerEvent_Veto 3512
+#define wxAuiManagerEvent_GetVeto 3513
+#define wxAuiManagerEvent_SetCanVeto 3514
+#define wxAuiManagerEvent_CanVeto 3515
+#define wxLogNull_new 3516
+#define wxLogNull_destroy 3517
 
 
diff --git a/lib/wx/c_src/wxe_driver.c b/lib/wx/c_src/wxe_driver.c
index 2404b13cc3..d1ed252ec0 100644
--- a/lib/wx/c_src/wxe_driver.c
+++ b/lib/wx/c_src/wxe_driver.c
@@ -40,9 +40,14 @@ static ErlDrvData wxe_driver_start(ErlDrvPort port, char *buff);
 static int  wxe_driver_load(void);
 static void wxe_driver_stop(ErlDrvData handle);
 static void wxe_driver_unload(void);
-static int  wxe_driver_control(ErlDrvData handle, unsigned int command,  
- 			       char* buf, int count, char** res, int res_size); 
-static int wxe_driver_call(ErlDrvData drv_data, unsigned int command, char *buf, int len, char **rbuf, int rlen, unsigned int *flags);
+static ErlDrvSSizeT wxe_driver_control(ErlDrvData handle,
+				       unsigned int command,  
+				       char* buf, ErlDrvSizeT count,
+				       char** res, ErlDrvSizeT res_size); 
+static ErlDrvSSizeT wxe_driver_call(ErlDrvData drv_data, unsigned int command,
+				    char *buf, ErlDrvSizeT len,
+				    char **rbuf, ErlDrvSizeT rlen,
+				    unsigned int *flags);
 
 static void standard_outputv(ErlDrvData drv_data, ErlIOVec *ev);
 static void wxe_process_died(ErlDrvData drv_data, ErlDrvMonitor *monitor);
@@ -151,17 +156,20 @@ wxe_driver_unload(void)
    wxe_master = NULL;
 }
 
-static int
+static ErlDrvSSizeT
 wxe_driver_control(ErlDrvData handle, unsigned op,
-		   char* buf, int count, char** res, int res_size)
+		   char* buf, ErlDrvSizeT count,
+		   char** res, ErlDrvSizeT res_size)
 {
    wxe_data *sd = ((wxe_data *)handle);
    push_command(op,buf,count,sd);
    return 0;
 }
 
-static int wxe_driver_call(ErlDrvData handle, unsigned int command, 
-			   char *buf, int len, char **res, int rlen, unsigned int *flags)
+static ErlDrvSSizeT
+wxe_driver_call(ErlDrvData handle, unsigned int command, 
+		char *buf, ErlDrvSizeT len,
+		char **res, ErlDrvSizeT rlen, unsigned int *flags)
 {
    wxe_data *sd = ((wxe_data *)handle);
    if(command == WXE_DEBUG_DRIVER) {
diff --git a/lib/wx/c_src/wxe_impl.cpp b/lib/wx/c_src/wxe_impl.cpp
index e430fbc7a2..69fcd4e362 100644
--- a/lib/wx/c_src/wxe_impl.cpp
+++ b/lib/wx/c_src/wxe_impl.cpp
@@ -331,9 +331,9 @@ void handle_event_callback(ErlDrvPort port, ErlDrvTermData process)
   driver_monitor_process(port, process, &monitor);
   // Should we be able to handle commands when recursing? probably
   erl_drv_mutex_lock(wxe_batch_locker_m);
-  // fprintf(stderr, "\r\nCB EV Start ");fflush(stderr);
+  //fprintf(stderr, "\r\nCB EV Start %lu \r\n", process);fflush(stderr);
   app->dispatch_cb(wxe_batch, wxe_batch_cb_saved, process);
-  // fprintf(stderr, ".. done \r\n");fflush(stderr);
+  //fprintf(stderr, "CB EV done %lu \r\n", process);fflush(stderr);
   wxe_batch_caller = 0;
   erl_drv_mutex_unlock(wxe_batch_locker_m);
   driver_demonitor_process(port, &monitor);
@@ -430,8 +430,9 @@ void WxeApp::dispatch_cb(wxList * batch, wxList * temp, ErlDrvTermData process)
 	  wxeCommand *event = (wxeCommand *)node->GetData();
 	  wxeMemEnv *memenv = getMemEnv(event->port);
 	  batch->Erase(node);
+	  // fprintf(stderr, "  Ev %d %lu\r\n", event->op, event->caller);
 	  if(event->caller == process ||  // Callbacks from CB process only
-	     event->op == WXE_CB_START || // Recursive event callback allow
+	     event->op == WXE_CB_START || // Event callback start change process
 	     // Allow connect_cb during CB i.e. msg from wxe_server.
 	     (memenv && event->caller == memenv->owner))
 	    {
@@ -453,6 +454,7 @@ void WxeApp::dispatch_cb(wxList * batch, wxList * temp, ErlDrvTermData process)
 		break;
 	      default:
 		erl_drv_mutex_unlock(wxe_batch_locker_m);
+		size_t start=temp->GetCount();
 		if(event->op < OPENGL_START) {
 		  // fprintf(stderr, "  cb %d \r\n", event->op);
 		  wxe_dispatch(*event);
@@ -460,9 +462,23 @@ void WxeApp::dispatch_cb(wxList * batch, wxList * temp, ErlDrvTermData process)
 		  gl_dispatch(event->op,event->buffer,event->caller,event->bin);
 		}
 		erl_drv_mutex_lock(wxe_batch_locker_m);
-		break;
+		if(temp->GetCount() > start) {
+		  // We have recursed dispatch_cb and messages for this
+		  // callback may be saved on temp list move them
+		  // to orig list
+		  for(wxList::compatibility_iterator node = temp->Item(start);
+		      node;
+		      node = node->GetNext()) {
+		    wxeCommand *ev = (wxeCommand *)node->GetData();
+		    if(ev->caller == process) {
+		      batch->Append(ev);
+		      temp->Erase(node);
+		    }
+		  }
+		}
 		if(callback_returned)
 		  return;
+		break;
 	      }
 	      delete event;
 	    } else {
diff --git a/lib/wx/configure.in b/lib/wx/configure.in
index f7128db23a..b27e114a3d 100755
--- a/lib/wx/configure.in
+++ b/lib/wx/configure.in
@@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script. -*-m4-*-
 
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 2008-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 2008-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -67,55 +67,14 @@ AC_PROG_RANLIB
 AC_PROG_CPP
 
 AC_MSG_NOTICE(Building for [$host_os])
-MIXED_CYGWIN=no
 WXERL_CAN_BUILD_DRIVER=true
 
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" != x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-Owx"		
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
-AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_MINGW=yes
-		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_MINGW=no
-fi
-AC_SUBST(MIXED_CYGWIN_MINGW)
+LM_WINDOWS_ENVIRONMENT
 
-AC_MSG_CHECKING(if we mix cygwin with any native compiler)
-if test "X$MIXED_CYGWIN" = "Xyes" ; then
-	AC_MSG_RESULT([yes])	
-else
-	AC_MSG_RESULT([no])
+if test  X"$MIXED_CYGWIN_VC" == X"yes" -o X"$MIXED_MSYS_VC" == X"yes"; then
+   CFLAGS="-Owx"
 fi
 
-AC_SUBST(MIXED_CYGWIN)
-
-
 ## Check that we are in 32 bits mode on darwin 
 ## (wxWidgets require that it currently uses 32-bits Carbon)
 ## Otherwise skip building wxErlang
@@ -138,10 +97,65 @@ esac
 
 PTHR_CFLAGS="-D_THREAD_SAFE -D_REENTRANT"
 
+OBJC_CC=$CC
+OBJC_CFLAGS=""
+
 dnl NOTE: CPPFLAGS will be included in CFLAGS at the end
 case $host_os in
     darwin*)
-        C_ONLY_FLAGS="-ObjC"
+	AC_MSG_CHECKING([if compiler accepts -ObjC])
+	saved_CFLAGS=$CFLAGS
+  	CFLAGS="$CFLAGS -ObjC"
+  	AC_TRY_COMPILE([],[;], accept_objc_flag=true, accept_objc_flag=false)
+  	if test "X$accept_objc_flag" = "Xtrue"; then
+	   AC_MSG_RESULT([yes])
+           C_ONLY_FLAGS="-ObjC"
+	else
+	   dnl We are probebly trying to build with a non-Apple gcc,
+	   dnl which is good as long as we do not try to build Cocoa
+	   dnl code. We need an Apple compiler for just that (Objective C)
+	   AC_MSG_RESULT([no])
+	   AC_MSG_CHECKING([for a Cocoa compliant Objective C compiler])
+	   SEARCHFOR=""
+	   save_IFS=$IFS
+	   IFS=:
+	   set $PATH
+	   IFS=$save_IFS
+	   while test X"$1" != X""; do
+	       dnl Add all possible paths to a real apple gcc
+	       SEARCHFOR="$1/gcc-apple-4.2 $SEARCHFOR"
+	       shift
+	   done
+	   dnl Add LLVM compilers, they will work in this case
+	   SEARCHFOR="/usr/bin/clang /usr/bin/gcc $SEARCHFOR"	
+	   APPLE_CC=""
+	   dnl SEARCHFOR is reversed, so we want to find the last existing
+	   dnl executable in the list
+	   for x in $SEARCHFOR; do
+	       if test -x $x; then
+	       	  APPLE_CC=$x
+	       fi
+	   done	
+	   if test X$APPLE_CC = X; then
+	      AC_MSG_RESULT([no])
+	      dnl Complete failure, we cannot build Cocoa code
+	      if test X"$WX_BUILDING_INSIDE_ERLSRC" != X"true" ; then
+		AC_MSG_ERROR([Can not find compiler to compile Cocoa applications])
+	      else
+		echo "Can not find compiler to compile Cocoa applications" > ./CONF_INFO
+		WXERL_CAN_BUILD_DRIVER=false
+		AC_MSG_WARN([Can not find compiler to compile Cocoa applications])
+	      fi
+	      WXERL_CAN_BUILD_DRIVER=false
+	   else
+	      dnl We think we found an Apple compiler and will add 
+	      dnl Apple specific options
+	      AC_MSG_RESULT($APPLE_CC)
+	      OBJC_CC=$APPLE_CC
+	      OBJC_CFLAGS="-ObjC"
+	   fi
+  	fi
+  	CFLAGS=$saved_CFLAGS
 	CPPFLAGS="$CPPFLAGS -D_MACOSX $PTHR_CFLAGS"
 	;;
     mingw32)
@@ -159,10 +173,16 @@ case $host_os in
 	;;
 esac
 
+AC_SUBST(OBJC_CC)
+AC_SUBST(OBJC_CFLAGS)
+
 case $host_os in
     darwin*)
-	CFLAGS="-no-cpp-precomp $CFLAGS"
 	LDFLAGS="-bundle -flat_namespace -undefined warning -fPIC $LDFLAGS"
+	# Check sizof_void_p as future will hold 64bit MacOS wx
+	if test $ac_cv_sizeof_void_p = 4; then
+	    LDFLAGS="-m32 $LDFLAGS"
+	fi		   
 	GL_LIBS="-framework OpenGL"
 	;;
     win32)
@@ -287,7 +307,7 @@ dnl
 if test "$cross_compiling" = "yes"; then
     echo "Cross compilation of the wx driver is not supported yet, wx will NOT be usable" > ./CONF_INFO
     WXERL_CAN_BUILD_DRIVER=false
-elif test X"$MIXED_CYGWIN_VC" != X"yes" ; then
+elif test  X"$MIXED_CYGWIN_VC" == X"no" -a X"$MIXED_MSYS_VC" == X"no"; then
     m4_include(wxwin.m4)
 
     AM_OPTIONS_WXCONFIG
@@ -357,7 +377,11 @@ define(wx_warn_text,[
 else
     AC_MSG_CHECKING(for wxWidgets in standard locations)
 		  
-    CWXWIN_CONFIG=`cygpath $wx_config_name 2>/dev/null`
+    if test "x$MIXED_MSYS" = "xyes"; then
+        CWXWIN_CONFIG=`win2msys_path.sh $wx_config_name 2>/dev/null`
+    else
+	CWXWIN_CONFIG=`cygpath $wx_config_name 2>/dev/null`
+    fi
     CWXWIN1=`dirname $CWXWIN_CONFIG 2>/dev/null`
     CWXWIN2=`dirname $CWXWIN1 2>/dev/null`
 
@@ -365,10 +389,24 @@ else
        PROGRAMFILES=c:/Program Files
     fi
 
-    CWXWIN_PROG=`cygpath -d "$PROGRAMFILES" | cygpath -f - 2>/dev/null`
+    
+    if test "x$MIXED_MSYS" = "xyes"; then
+        CWXWIN_PROG=`win2msys_path.sh "$PROGRAMFILES" 2>/dev/null`
+    else
+	CWXWIN_PROG=`cygpath -d "$PROGRAMFILES" | cygpath -f - 2>/dev/null`
+    fi
     CWXWIN3=$CWXWIN_PROG/wxWidgets-2.8
     CWXWIN4=$CWXWIN_PROG/wxMSW-2.8
     CWX_DOCUMENTED="/opt/local/pgm/wxMSW-2.8.* /opt/local/pgm/wxWidgets-2.8.*"
+    case $ac_cv_sizeof_void_p in
+    	 8)
+		CWX_DOCUMENTED="/opt/local64/pgm/wxMSW-2.8.* /opt/local64/pgm/wxWidgets-2.8.* $CWX_DOCUMENTED"
+		;;
+         *)
+		true
+		;;
+    esac	
+			
     CWXPATH="$CWXWIN1 $CWXWIN2 $CWX_DOCUMENTED $CWXWIN3.* $CWXWIN4.*"
 
     for dir in $CWXPATH; do
@@ -377,11 +415,11 @@ else
 	    WXINCLUDE_PLAIN=$dir/include
 	    WXINCLUDE_CONTRIB=$dir/contrib/include
 	    WX_CFLAGS="-EHsc -D_UNICODE -DUNICODE -I$WXINCLUDE_MSVC -I$WXINCLUDE_PLAIN -I$WXINCLUDE_CONTRIB -D__WXMSW__"
-	    WX_CXXFLAGS=$WX_CFLAGS
+	    WX_CXXFLAGS="-TP $WX_CFLAGS"
 	    WX_LIBDIR=$dir/lib/vc_lib
 	    WX_RESCOMP="rc.sh -I$WXINCLUDE_PLAIN -D __WIN32__"
 	    RC_FILE_TYPE=res
-	    for lib in $WX_LIBDIR/wxbase*.lib; do
+	    for lib in $WX_LIBDIR/wxbase*.lib $WX_LIBDIR2/wxbase*.lib; do
 		maybe=`echo $lib | egrep 'wxbase[[0-9]]*u\.lib'`
 		if test '!' -z "$maybe"; then
 		   corelib_number=`echo $maybe | sed 's,.*\([[0-9]].\)u\.lib,\1,'`
@@ -515,7 +553,7 @@ AC_CHECK_HEADERS([wx/stc/stc.h],
         [],
     	[WXERL_CAN_BUILD_DRIVER=false
 	 echo "wxWidgets don't have wxStyledTextControl (stc.h), wx will NOT be useable" > ./CONF_INFO
-     	 AC_MSG_WARN([Can not find wx/stc/stc.h])      
+     	 AC_MSG_WARN([Can not find wx/stc/stc.h $CXXFLAGS])      
      	],
 	[#ifdef WIN32
 	 # include <windows.h>
diff --git a/lib/wx/doc/src/Makefile b/lib/wx/doc/src/Makefile
index c8eb6174c4..03e9f1e1bb 100644
--- a/lib/wx/doc/src/Makefile
+++ b/lib/wx/doc/src/Makefile
@@ -22,7 +22,7 @@
 # ----------------------------------------------------
 include ../../vsn.mk
 include ../../config.mk
-APPLICATION=wxErlang
+APPLICATION=wx
 
 ErlMods         = wx.erl wx_object.erl
 
diff --git a/lib/wx/doc/src/make.dep b/lib/wx/doc/src/make.dep
deleted file mode 100644
index 91001be438..0000000000
--- a/lib/wx/doc/src/make.dep
+++ /dev/null
@@ -1,13 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex chapter.tex part.tex
-
diff --git a/lib/wx/doc/src/notes.xml b/lib/wx/doc/src/notes.xml
index 7bd8d18592..4a94227a55 100644
--- a/lib/wx/doc/src/notes.xml
+++ b/lib/wx/doc/src/notes.xml
@@ -31,6 +31,37 @@
   <p>This document describes the changes made to the wxErlang
     application.</p>
 
+<section><title>Wx 0.99.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fixed a deadlock in the driver, which could happen if a
+	    callback caused another callback to be invoked.</p>
+          <p>
+	    Own Id: OTP-9725</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Implemented wxSystemOptions.</p>
+          <p>
+	    Load Opengl from libGL.so.1 instead libGL.so to work
+	    around linux problems.</p>
+          <p>
+	    Own Id: OTP-9702</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Wx 0.99</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/wx/examples/demo/Makefile b/lib/wx/examples/demo/Makefile
index 98d7c6a130..3f054ec75f 100755..100644
--- a/lib/wx/examples/demo/Makefile
+++ b/lib/wx/examples/demo/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -80,7 +80,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
 
 docs: 
 
-release_spec: 
+release_spec: opt
 	$(INSTALL_DIR) $(EXRELSYSDIR)
 	$(INSTALL_DATA) $(TESTSRC)  $(EXRELSYSDIR)
 	$(INSTALL_DATA) $(TESTTARGETS) $(EXRELSYSDIR)
diff --git a/lib/wx/examples/demo/demo.erl b/lib/wx/examples/demo/demo.erl
index 59c20e09fb..61e71af021 100644
--- a/lib/wx/examples/demo/demo.erl
+++ b/lib/wx/examples/demo/demo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -27,7 +27,7 @@
 -behaviour(wx_object).
 -export([start/0, start/1, start_link/0, start_link/1, format/3, 
 	 init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 
 -record(state, {win, demo, example, selector, log, code}).
@@ -189,6 +189,10 @@ handle_call(Msg, _From, State) ->
     io:format("Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{event=#wxCommand{type=command_listbox_selected, cmdString=Ex}}, 
 	     State = #state{demo={_,DemoSz}, example=Example, code=Code}) ->
diff --git a/lib/wx/examples/demo/ex_aui.erl b/lib/wx/examples/demo/ex_aui.erl
index 6adfd970fc..50f077638d 100644
--- a/lib/wx/examples/demo/ex_aui.erl
+++ b/lib/wx/examples/demo/ex_aui.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include("../../include/wx.hrl").
 
@@ -92,6 +92,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{obj = Notebook,
 		 event = #wxCommand{type = command_button_clicked}},
diff --git a/lib/wx/examples/demo/ex_button.erl b/lib/wx/examples/demo/ex_button.erl
index 28c8273cb9..0dd0363933 100644
--- a/lib/wx/examples/demo/ex_button.erl
+++ b/lib/wx/examples/demo/ex_button.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,7 +26,7 @@
 
 -behaviour(wx_object).
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state, 
 	{
@@ -153,6 +153,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_canvas.erl b/lib/wx/examples/demo/ex_canvas.erl
index 844c7eddf3..1ec4760f40 100644
--- a/lib/wx/examples/demo/ex_canvas.erl
+++ b/lib/wx/examples/demo/ex_canvas.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2, handle_sync_event/3]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -144,6 +144,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_canvas_paint.erl b/lib/wx/examples/demo/ex_canvas_paint.erl
index 38d6b62f1d..9bc083766a 100644
--- a/lib/wx/examples/demo/ex_canvas_paint.erl
+++ b/lib/wx/examples/demo/ex_canvas_paint.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2, handle_sync_event/3]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -211,6 +211,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_choices.erl b/lib/wx/examples/demo/ex_choices.erl
index 75f8d22493..2e456ae249 100644
--- a/lib/wx/examples/demo/ex_choices.erl
+++ b/lib/wx/examples/demo/ex_choices.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -147,6 +147,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error,nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_cursor.erl b/lib/wx/examples/demo/ex_cursor.erl
index 322bdcbb6c..c1a558541b 100644
--- a/lib/wx/examples/demo/ex_cursor.erl
+++ b/lib/wx/examples/demo/ex_cursor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -135,6 +135,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_dialogs.erl b/lib/wx/examples/demo/ex_dialogs.erl
index 020e9eeb14..b39344f8b1 100644
--- a/lib/wx/examples/demo/ex_dialogs.erl
+++ b/lib/wx/examples/demo/ex_dialogs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -153,6 +153,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_frame_utils.erl b/lib/wx/examples/demo/ex_frame_utils.erl
index 3064c9f3b7..a90642b355 100644
--- a/lib/wx/examples/demo/ex_frame_utils.erl
+++ b/lib/wx/examples/demo/ex_frame_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -102,6 +102,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_gauge.erl b/lib/wx/examples/demo/ex_gauge.erl
index d30c3fea58..ffc667ff05 100644
--- a/lib/wx/examples/demo/ex_gauge.erl
+++ b/lib/wx/examples/demo/ex_gauge.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,7 +23,7 @@
 -include_lib("wx/include/wx.hrl").
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(gauge, {obj,
 		value,
@@ -118,6 +118,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{id = ?ID_START_STOP,
 		 event = #wxCommand{type = command_togglebutton_clicked,
diff --git a/lib/wx/examples/demo/ex_gl.erl b/lib/wx/examples/demo/ex_gl.erl
index 53f1eda847..72dad2cf9d 100644
--- a/lib/wx/examples/demo/ex_gl.erl
+++ b/lib/wx/examples/demo/ex_gl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([init/1, code_change/3, handle_info/2, handle_event/2,
-	 handle_call/3, terminate/2,
+	 handle_call/3, handle_cast/2, terminate/2,
 	 start/1]).
 
 -include_lib("wx/include/wx.hrl"). 
@@ -118,6 +118,10 @@ handle_call(Msg, _From, State) ->
     io:format("Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/demo/ex_graphicsContext.erl b/lib/wx/examples/demo/ex_graphicsContext.erl
index bcd7a75be0..c356500d99 100644
--- a/lib/wx/examples/demo/ex_graphicsContext.erl
+++ b/lib/wx/examples/demo/ex_graphicsContext.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,7 +26,7 @@
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
 	 handle_info/2, handle_call/3,
-	 handle_event/2, handle_sync_event/3]).
+handle_cast/2, 	 handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -98,6 +98,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_grid.erl b/lib/wx/examples/demo/ex_grid.erl
index 2169c818ff..d1a9952ab2 100644
--- a/lib/wx/examples/demo/ex_grid.erl
+++ b/lib/wx/examples/demo/ex_grid.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -81,6 +81,10 @@ handle_info(_Msg, State) ->
 handle_call(_Msg, _From, State) ->
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_htmlWindow.erl b/lib/wx/examples/demo/ex_htmlWindow.erl
index b864cd10b2..564c790e48 100644
--- a/lib/wx/examples/demo/ex_htmlWindow.erl
+++ b/lib/wx/examples/demo/ex_htmlWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include("../../include/wx.hrl").
 
@@ -81,6 +81,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_listCtrl.erl b/lib/wx/examples/demo/ex_listCtrl.erl
index 3faec4e229..13096dfa52 100644
--- a/lib/wx/examples/demo/ex_listCtrl.erl
+++ b/lib/wx/examples/demo/ex_listCtrl.erl
@@ -23,7 +23,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state,
 	{
@@ -147,6 +147,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_notebook.erl b/lib/wx/examples/demo/ex_notebook.erl
index 2e16ccfffa..fc38fdae08 100644
--- a/lib/wx/examples/demo/ex_notebook.erl
+++ b/lib/wx/examples/demo/ex_notebook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,7 +23,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state, 
 	{
@@ -133,6 +133,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_pickers.erl b/lib/wx/examples/demo/ex_pickers.erl
index 892c5b449d..8013a5ba32 100644
--- a/lib/wx/examples/demo/ex_pickers.erl
+++ b/lib/wx/examples/demo/ex_pickers.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -124,6 +124,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_popupMenu.erl b/lib/wx/examples/demo/ex_popupMenu.erl
index 8774dbef7b..d6778c5dc5 100644
--- a/lib/wx/examples/demo/ex_popupMenu.erl
+++ b/lib/wx/examples/demo/ex_popupMenu.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -90,6 +90,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_radioBox.erl b/lib/wx/examples/demo/ex_radioBox.erl
index 8211aec4a2..ab7685f41f 100644
--- a/lib/wx/examples/demo/ex_radioBox.erl
+++ b/lib/wx/examples/demo/ex_radioBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -107,6 +107,9 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
 
 code_change(_, _, State) ->
     {stop, ignore, State}.
diff --git a/lib/wx/examples/demo/ex_sashWindow.erl b/lib/wx/examples/demo/ex_sashWindow.erl
index dd05f4e45f..d8a8958f28 100644
--- a/lib/wx/examples/demo/ex_sashWindow.erl
+++ b/lib/wx/examples/demo/ex_sashWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -116,6 +116,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_sizers.erl b/lib/wx/examples/demo/ex_sizers.erl
index 2cc6efd503..7b9e8eb37f 100644
--- a/lib/wx/examples/demo/ex_sizers.erl
+++ b/lib/wx/examples/demo/ex_sizers.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -101,6 +101,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_slider.erl b/lib/wx/examples/demo/ex_slider.erl
index 7b669d96f6..612543ff26 100644
--- a/lib/wx/examples/demo/ex_slider.erl
+++ b/lib/wx/examples/demo/ex_slider.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -101,6 +101,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error, nyi},State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_splitterWindow.erl b/lib/wx/examples/demo/ex_splitterWindow.erl
index c135f298fa..4f25b73293 100644
--- a/lib/wx/examples/demo/ex_splitterWindow.erl
+++ b/lib/wx/examples/demo/ex_splitterWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -90,6 +90,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_static.erl b/lib/wx/examples/demo/ex_static.erl
index 67061520c4..013bd5ac35 100644
--- a/lib/wx/examples/demo/ex_static.erl
+++ b/lib/wx/examples/demo/ex_static.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -105,6 +105,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_textCtrl.erl b/lib/wx/examples/demo/ex_textCtrl.erl
index 95837c7c4c..d82884f30b 100644
--- a/lib/wx/examples/demo/ex_textCtrl.erl
+++ b/lib/wx/examples/demo/ex_textCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -92,6 +92,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error,nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_treeCtrl.erl b/lib/wx/examples/demo/ex_treeCtrl.erl
index fa40795393..611904500a 100644
--- a/lib/wx/examples/demo/ex_treeCtrl.erl
+++ b/lib/wx/examples/demo/ex_treeCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -109,6 +109,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/simple/Makefile b/lib/wx/examples/simple/Makefile
index 41f0b46eb1..295e739202 100644
--- a/lib/wx/examples/simple/Makefile
+++ b/lib/wx/examples/simple/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -51,7 +51,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
 
 docs: 
 
-release_spec: 
+release_spec: opt
 	$(INSTALL_DIR) $(EXRELSYSDIR)
 	$(INSTALL_DATA) $(TESTSRC) $(EXRELSYSDIR)
 	$(INSTALL_DATA) copy.xpm sample.xpm $(TESTTARGETS) $(EXRELSYSDIR)
diff --git a/lib/wx/examples/simple/hello.erl b/lib/wx/examples/simple/hello.erl
index dc845ddfbb..02af1b501f 100755..100644
--- a/lib/wx/examples/simple/hello.erl
+++ b/lib/wx/examples/simple/hello.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/menu.erl b/lib/wx/examples/simple/menu.erl
index d573fcf13a..0025a0b027 100755..100644
--- a/lib/wx/examples/simple/menu.erl
+++ b/lib/wx/examples/simple/menu.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/minimal.erl b/lib/wx/examples/simple/minimal.erl
index dca4adc643..bdff66e217 100755..100644
--- a/lib/wx/examples/simple/minimal.erl
+++ b/lib/wx/examples/simple/minimal.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/sample.xpm b/lib/wx/examples/simple/sample.xpm
index 3263b15f8a..3263b15f8a 100755..100644
--- a/lib/wx/examples/simple/sample.xpm
+++ b/lib/wx/examples/simple/sample.xpm
diff --git a/lib/wx/examples/sudoku/Makefile b/lib/wx/examples/sudoku/Makefile
index b86c654fdd..a7cbf85e03 100755..100644
--- a/lib/wx/examples/sudoku/Makefile
+++ b/lib/wx/examples/sudoku/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -51,7 +51,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
 
 docs: 
 
-release_spec: 
+release_spec: opt
 	$(INSTALL_DIR) $(EXRELSYSDIR)
 	$(INSTALL_DATA) $(TESTSRC) sudoku.hrl $(EXRELSYSDIR)
 	$(INSTALL_DATA) $(TESTTARGETS) $(EXRELSYSDIR)
diff --git a/lib/wx/examples/sudoku/sudoku.erl b/lib/wx/examples/sudoku/sudoku.erl
index 01caeb9524..6749fec30a 100755..100644
--- a/lib/wx/examples/sudoku/sudoku.erl
+++ b/lib/wx/examples/sudoku/sudoku.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku.hrl b/lib/wx/examples/sudoku/sudoku.hrl
index 775b563bdc..6bb2eefd07 100755..100644
--- a/lib/wx/examples/sudoku/sudoku.hrl
+++ b/lib/wx/examples/sudoku/sudoku.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku_board.erl b/lib/wx/examples/sudoku/sudoku_board.erl
index 756837582f..4b26ff97da 100755..100644
--- a/lib/wx/examples/sudoku/sudoku_board.erl
+++ b/lib/wx/examples/sudoku/sudoku_board.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -30,7 +30,7 @@
 	 draw/3, 
 	 %% Callbacks
 	 init/1, handle_sync_event/3, 
-	 handle_event/2, handle_info/2, handle_call/3, 
+	 handle_event/2, handle_info/2, handle_call/3, handle_cast/2,
 	 code_change/3, terminate/2]).
 
 -include("sudoku.hrl").
@@ -209,6 +209,10 @@ handle_call({draw, DC, Size},_From, S) ->
     redraw(DC,Size,S),
     {reply, ok, S}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/sudoku/sudoku_game.erl b/lib/wx/examples/sudoku/sudoku_game.erl
index 470aee0e3b..ec705918b3 100755..100644
--- a/lib/wx/examples/sudoku/sudoku_game.erl
+++ b/lib/wx/examples/sudoku/sudoku_game.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku_gui.erl b/lib/wx/examples/sudoku/sudoku_gui.erl
index 4aaecfe086..3d0c95ffa7 100755..100644
--- a/lib/wx/examples/sudoku/sudoku_gui.erl
+++ b/lib/wx/examples/sudoku/sudoku_gui.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,7 +24,7 @@
 %%%-------------------------------------------------------------------
 -module(sudoku_gui).
 
--export([init/1, handle_info/2, handle_call/3, handle_event/2, 
+-export([init/1, handle_info/2, handle_call/3, handle_cast/2, handle_event/2,
 	 terminate/2, code_change/3]).
 
 -compile(export_all).
@@ -230,6 +230,10 @@ handle_event(Msg,S) ->
 handle_call(What, _From, State) ->
     {stop, {call, What}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/xrc/Makefile b/lib/wx/examples/xrc/Makefile
index 1dfaae9689..79d86ac1b9 100755..100644
--- a/lib/wx/examples/xrc/Makefile
+++ b/lib/wx/examples/xrc/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -28,7 +28,8 @@ TESTMODS = xrc
 TESTTARGETS = $(TESTMODS:%=%.beam)
 TESTSRC = $(TESTMODS:%=%.erl)
 
-RESOURCEFILES = appicon.ico basicdlg.xpm custclas.xpm fileopen.gif menu.xrc \
+RESOURCEFILES = \
+	appicon.ico basicdlg.xpm custclas.xpm fileopen.gif menu.xrc \
 	resource.xrc uncenter.xpm  variable.xrc appicon.xpm basicdlg.xrc \
 	custclas.xrc filesave.gif platform.xpm stop.xpm uncenter.xrc \
 	artprov.xpm controls.xpm derivdlg.xpm frame.xrc platform.xrc \
@@ -59,7 +60,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
 
 docs: 
 
-release_spec: 
+release_spec: opt
 	$(INSTALL_DIR) $(EXRELSYSDIR)
 	$(INSTALL_DATA) $(TESTSRC) $(EXRELSYSDIR)
 	$(INSTALL_DATA) $(TESTTARGETS) $(EXRELSYSDIR)
diff --git a/lib/wx/include/wx.hrl b/lib/wx/include/wx.hrl
index 8659b71985..029b9a88df 100644
--- a/lib/wx/include/wx.hrl
+++ b/lib/wx/include/wx.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -36,12 +36,12 @@
 %% Callback event: {@link wxNavigationKeyEvent}
 -record(wxNavigationKey,{type, flags,focus}).
 
-%% @type wxSash() = #wxSash{type=wxEventType(),edge=WxSashEdgePosition,dragRect={X::integer(),Y::integer(),W::integer(),H::integer()},dragStatus=WxSashDragStatus}.
+%% @type wxSash() = #wxSash{type=wxEventType(),edge=WxSashEdgePosition,dragRect={X::integer(), Y::integer(), W::integer(), H::integer()},dragStatus=WxSashDragStatus}.
 %% <dl><dt>EventType:</dt> <dd><em>sash_dragged</em></dd></dl>
 %% Callback event: {@link wxSashEvent}
 -record(wxSash,{type, edge,dragRect,dragStatus}).
 
-%% @type wxList() = #wxList{type=wxEventType(),code=integer(),oldItemIndex=integer(),itemIndex=integer(),col=integer(),pointDrag={X::integer(),Y::integer()}}.
+%% @type wxList() = #wxList{type=wxEventType(),code=integer(),oldItemIndex=integer(),itemIndex=integer(),col=integer(),pointDrag={X::integer(), Y::integer()}}.
 %% <dl><dt>EventType:</dt> <dd><em>command_list_begin_drag</em>, <em>command_list_begin_rdrag</em>, <em>command_list_begin_label_edit</em>, <em>command_list_end_label_edit</em>, <em>command_list_delete_item</em>, <em>command_list_delete_all_items</em>, <em>command_list_key_down</em>, <em>command_list_insert_item</em>, <em>command_list_col_click</em>, <em>command_list_col_right_click</em>, <em>command_list_col_begin_drag</em>, <em>command_list_col_dragging</em>, <em>command_list_col_end_drag</em>, <em>command_list_item_selected</em>, <em>command_list_item_deselected</em>, <em>command_list_item_right_click</em>, <em>command_list_item_middle_click</em>, <em>command_list_item_activated</em>, <em>command_list_item_focused</em>, <em>command_list_cache_hint</em></dd></dl>
 %% Callback event: {@link wxListEvent}
 -record(wxList,{type, code,oldItemIndex,itemIndex,col,pointDrag}).
@@ -186,7 +186,7 @@
 %% Callback event: {@link wxUpdateUIEvent}
 -record(wxUpdateUI, {type}).
 
-%% @type wxSize() = #wxSize{type=wxEventType(),size={W::integer(),H::integer()},rect={X::integer(),Y::integer(),W::integer(),H::integer()}}.
+%% @type wxSize() = #wxSize{type=wxEventType(),size={W::integer(), H::integer()},rect={X::integer(), Y::integer(), W::integer(), H::integer()}}.
 %% <dl><dt>EventType:</dt> <dd><em>size</em></dd></dl>
 %% Callback event: {@link wxSizeEvent}
 -record(wxSize,{type, size,rect}).
@@ -261,7 +261,7 @@
 %% Callback event: {@link wxColourPickerEvent}
 -record(wxColourPicker,{type, colour}).
 
-%% @type wxTree() = #wxTree{type=wxEventType(),item=integer(),itemOld=integer(),pointDrag={X::integer(),Y::integer()}}.
+%% @type wxTree() = #wxTree{type=wxEventType(),item=integer(),itemOld=integer(),pointDrag={X::integer(), Y::integer()}}.
 %% <dl><dt>EventType:</dt> <dd><em>command_tree_begin_drag</em>, <em>command_tree_begin_rdrag</em>, <em>command_tree_begin_label_edit</em>, <em>command_tree_end_label_edit</em>, <em>command_tree_delete_item</em>, <em>command_tree_get_info</em>, <em>command_tree_set_info</em>, <em>command_tree_item_expanded</em>, <em>command_tree_item_expanding</em>, <em>command_tree_item_collapsed</em>, <em>command_tree_item_collapsing</em>, <em>command_tree_sel_changed</em>, <em>command_tree_sel_changing</em>, <em>command_tree_key_down</em>, <em>command_tree_item_activated</em>, <em>command_tree_item_right_click</em>, <em>command_tree_item_middle_click</em>, <em>command_tree_end_drag</em>, <em>command_tree_state_image_click</em>, <em>command_tree_item_gettooltip</em>, <em>command_tree_item_menu</em></dd></dl>
 %% Callback event: {@link wxTreeEvent}
 -record(wxTree,{type, item,itemOld,pointDrag}).
diff --git a/lib/wx/src/Makefile b/lib/wx/src/Makefile
index 46bc06271c..4e5971de03 100644
--- a/lib/wx/src/Makefile
+++ b/lib/wx/src/Makefile
@@ -18,7 +18,15 @@
 #
 
 include ../vsn.mk
-include ../config.mk
+ifdef TERTIARY_BOOTSTRAP
+ VSN = $(WX_VSN)
+ INSIDE_ERLSRC = true
+ include $(ERL_TOP)/make/target.mk
+ include $(ERL_TOP)/make/$(TARGET)/otp.mk
+ RELSYSDIR = $(RELEASE_PATH)/lib/wx-$(VSN)
+else # Normal build
+ include ../config.mk
+endif
 
 ESRC = .
 EGEN = gen
@@ -65,7 +73,11 @@ APPUP_SRC    = $(APPUP_FILE).src
 APPUP_TARGET = $(EBIN)/$(APPUP_FILE)
 
 # Targets
-debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET)
+ifdef TERTIARY_BOOTSTRAP
+ opt: $(EBIN)/wx_object.beam
+else
+ debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET)
+endif
 
 clean:  
 	rm -f $(TARGET_FILES) 
diff --git a/lib/wx/src/gen/wxArtProvider.erl b/lib/wx/src/gen/wxArtProvider.erl
index 7a45b0d79d..1955bd2e29 100644
--- a/lib/wx/src/gen/wxArtProvider.erl
+++ b/lib/wx/src/gen/wxArtProvider.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -39,7 +39,7 @@ getBitmap(Id)
   getBitmap(Id, []).
 
 %% @spec (Id::string(), [Option]) -> wxBitmap:wxBitmap()
-%% Option = {client, string()} | {size, {W::integer(),H::integer()}}
+%% Option = {client, string()} | {size, {W::integer(), H::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxartprovider.html#wxartprovidergetbitmap">external documentation</a>.
 getBitmap(Id, Options)
  when is_list(Id),is_list(Options) ->
@@ -58,7 +58,7 @@ getIcon(Id)
   getIcon(Id, []).
 
 %% @spec (Id::string(), [Option]) -> wxIcon:wxIcon()
-%% Option = {client, string()} | {size, {W::integer(),H::integer()}}
+%% Option = {client, string()} | {size, {W::integer(), H::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxartprovider.html#wxartprovidergeticon">external documentation</a>.
 getIcon(Id, Options)
  when is_list(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxAuiManager.erl b/lib/wx/src/gen/wxAuiManager.erl
index ad0af6652d..893867cec1 100644
--- a/lib/wx/src/gen/wxAuiManager.erl
+++ b/lib/wx/src/gen/wxAuiManager.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -91,7 +91,7 @@ addPane(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef},#wx_
   wxe_util:call(?wxAuiManager_AddPane_2_1,
   <<ThisRef:32/?UI,WindowRef:32/?UI,Pane_infoRef:32/?UI>>).
 
-%% @spec (This::wxAuiManager(), Window::wxWindow:wxWindow(), Pane_info::wxAuiPaneInfo:wxAuiPaneInfo(), Drop_pos::{X::integer(),Y::integer()}) -> bool()
+%% @spec (This::wxAuiManager(), Window::wxWindow:wxWindow(), Pane_info::wxAuiPaneInfo:wxAuiPaneInfo(), Drop_pos::{X::integer(), Y::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauimanager.html#wxauimanageraddpane">external documentation</a>.
 addPane(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef},#wx_ref{type=Pane_infoT,ref=Pane_infoRef},{Drop_posX,Drop_posY})
  when is_integer(Drop_posX),is_integer(Drop_posY) ->
@@ -123,7 +123,7 @@ getArtProvider(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxAuiManager_GetArtProvider,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxAuiManager()) -> {Width_pct::float(),Height_pct::float()}
+%% @spec (This::wxAuiManager()) -> {Width_pct::float(), Height_pct::float()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauimanager.html#wxauimanagergetdocksizeconstraint">external documentation</a>.
 getDockSizeConstraint(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxAuiManager),
@@ -275,7 +275,7 @@ setManagedWindow(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=Managed_wndT,ref=M
   wxe_util:cast(?wxAuiManager_SetManagedWindow,
   <<ThisRef:32/?UI,Managed_wndRef:32/?UI>>).
 
-%% @spec (This::wxAuiManager(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok
+%% @spec (This::wxAuiManager(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauimanager.html#wxauimanagershowhint">external documentation</a>.
 showHint(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
diff --git a/lib/wx/src/gen/wxAuiNotebook.erl b/lib/wx/src/gen/wxAuiNotebook.erl
index 5d486aeaa2..5862bb26c7 100644
--- a/lib/wx/src/gen/wxAuiNotebook.erl
+++ b/lib/wx/src/gen/wxAuiNotebook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -92,7 +92,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxAuiNotebook()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauinotebook.html#wxauinotebookwxauinotebook">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -134,7 +134,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxAuiNotebook(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauinotebook.html#wxauinotebookcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -289,7 +289,7 @@ setTabCtrlHeight(#wx_ref{type=ThisT,ref=ThisRef},Height)
   wxe_util:cast(?wxAuiNotebook_SetTabCtrlHeight,
   <<ThisRef:32/?UI,Height:32/?UI>>).
 
-%% @spec (This::wxAuiNotebook(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxAuiNotebook(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauinotebook.html#wxauinotebooksetuniformbitmapsize">external documentation</a>.
 setUniformBitmapSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxAuiPaneInfo.erl b/lib/wx/src/gen/wxAuiPaneInfo.erl
index 7b1401b069..b15f91c675 100644
--- a/lib/wx/src/gen/wxAuiPaneInfo.erl
+++ b/lib/wx/src/gen/wxAuiPaneInfo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -60,7 +60,7 @@ new(#wx_ref{type=CT,ref=CRef}) ->
   wxe_util:construct(?wxAuiPaneInfo_new_1,
   <<CRef:32/?UI>>).
 
-%% @spec (This::wxAuiPaneInfo(), Size::{W::integer(),H::integer()}) -> wxAuiPaneInfo()
+%% @spec (This::wxAuiPaneInfo(), Size::{W::integer(), H::integer()}) -> wxAuiPaneInfo()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauipaneinfo.html#wxauipaneinfobestsize">external documentation</a>.
 bestSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -250,7 +250,7 @@ floatable(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:call(?wxAuiPaneInfo_Floatable,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxAuiPaneInfo(), Pos::{X::integer(),Y::integer()}) -> wxAuiPaneInfo()
+%% @spec (This::wxAuiPaneInfo(), Pos::{X::integer(), Y::integer()}) -> wxAuiPaneInfo()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauipaneinfo.html#wxauipaneinfofloatingposition">external documentation</a>.
 floatingPosition(#wx_ref{type=ThisT,ref=ThisRef},{PosX,PosY})
  when is_integer(PosX),is_integer(PosY) ->
@@ -266,7 +266,7 @@ floatingPosition(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
   wxe_util:call(?wxAuiPaneInfo_FloatingPosition_2,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI>>).
 
-%% @spec (This::wxAuiPaneInfo(), Size::{W::integer(),H::integer()}) -> wxAuiPaneInfo()
+%% @spec (This::wxAuiPaneInfo(), Size::{W::integer(), H::integer()}) -> wxAuiPaneInfo()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauipaneinfo.html#wxauipaneinfofloatingsize">external documentation</a>.
 floatingSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -513,7 +513,7 @@ leftDockable(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:call(?wxAuiPaneInfo_LeftDockable,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxAuiPaneInfo(), Size::{W::integer(),H::integer()}) -> wxAuiPaneInfo()
+%% @spec (This::wxAuiPaneInfo(), Size::{W::integer(), H::integer()}) -> wxAuiPaneInfo()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauipaneinfo.html#wxauipaneinfomaxsize">external documentation</a>.
 maxSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -547,7 +547,7 @@ maximizeButton(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:call(?wxAuiPaneInfo_MaximizeButton,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxAuiPaneInfo(), Size::{W::integer(),H::integer()}) -> wxAuiPaneInfo()
+%% @spec (This::wxAuiPaneInfo(), Size::{W::integer(), H::integer()}) -> wxAuiPaneInfo()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxauipaneinfo.html#wxauipaneinfominsize">external documentation</a>.
 minSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxBitmap.erl b/lib/wx/src/gen/wxBitmap.erl
index 53c57e4393..bd2f83c6eb 100644
--- a/lib/wx/src/gen/wxBitmap.erl
+++ b/lib/wx/src/gen/wxBitmap.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -194,7 +194,7 @@ getWidth(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxBitmap_GetWidth,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxBitmap(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> wxBitmap()
+%% @spec (This::wxBitmap(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> wxBitmap()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbitmap.html#wxbitmapgetsubbitmap">external documentation</a>.
 getSubBitmap(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
diff --git a/lib/wx/src/gen/wxBitmapButton.erl b/lib/wx/src/gen/wxBitmapButton.erl
index 0c187bf1c1..d2353466e7 100644
--- a/lib/wx/src/gen/wxBitmapButton.erl
+++ b/lib/wx/src/gen/wxBitmapButton.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -92,7 +92,7 @@ new(Parent,Id,Bitmap)
   new(Parent,Id,Bitmap, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Bitmap::wxBitmap:wxBitmap(), [Option]) -> wxBitmapButton()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbitmapbutton.html#wxbitmapbuttonwxbitmapbutton">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,#wx_ref{type=BitmapT,ref=BitmapRef}, Options)
  when is_integer(Id),is_list(Options) ->
@@ -114,7 +114,7 @@ create(This,Parent,Id,Bitmap)
   create(This,Parent,Id,Bitmap, []).
 
 %% @spec (This::wxBitmapButton(), Parent::wxWindow:wxWindow(), Id::integer(), Bitmap::wxBitmap:wxBitmap(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbitmapbutton.html#wxbitmapbuttoncreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,#wx_ref{type=BitmapT,ref=BitmapRef}, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxBufferedDC.erl b/lib/wx/src/gen/wxBufferedDC.erl
index 6e341a8552..9096f95612 100644
--- a/lib/wx/src/gen/wxBufferedDC.erl
+++ b/lib/wx/src/gen/wxBufferedDC.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -74,7 +74,7 @@ new(Dc)
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbuffereddc.html#wxbuffereddcwxbuffereddc">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% new(Dc::wxDC:wxDC(), Area::{W::integer(),H::integer()}) -> new(Dc,Area, []) </c></p>
+%% new(Dc::wxDC:wxDC(), Area::{W::integer(), H::integer()}) -> new(Dc,Area, []) </c></p>
 %% <p><c>
 %% new(Dc::wxDC:wxDC(), [Option]) -> wxBufferedDC() </c>
 %%<br /> Option = {buffer, wxBitmap:wxBitmap()} | {style, integer()}
@@ -93,7 +93,7 @@ new(#wx_ref{type=DcT,ref=DcRef}, Options)
   wxe_util:construct(?wxBufferedDC_new_2,
   <<DcRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (Dc::wxDC:wxDC(), Area::{W::integer(),H::integer()}, [Option]) -> wxBufferedDC()
+%% @spec (Dc::wxDC:wxDC(), Area::{W::integer(), H::integer()}, [Option]) -> wxBufferedDC()
 %% Option = {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbuffereddc.html#wxbuffereddcwxbuffereddc">external documentation</a>.
 new(#wx_ref{type=DcT,ref=DcRef},{AreaW,AreaH}, Options)
@@ -115,7 +115,7 @@ init(This,Dc)
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbuffereddc.html#wxbuffereddcinit">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% init(This::wxBufferedDC(), Dc::wxDC:wxDC(), Area::{W::integer(),H::integer()}) -> init(This,Dc,Area, []) </c></p>
+%% init(This::wxBufferedDC(), Dc::wxDC:wxDC(), Area::{W::integer(), H::integer()}) -> init(This,Dc,Area, []) </c></p>
 %% <p><c>
 %% init(This::wxBufferedDC(), Dc::wxDC:wxDC(), [Option]) -> ok </c>
 %%<br /> Option = {buffer, wxBitmap:wxBitmap()} | {style, integer()}
@@ -135,7 +135,7 @@ init(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=DcT,ref=DcRef}, Options)
   wxe_util:cast(?wxBufferedDC_Init_2,
   <<ThisRef:32/?UI,DcRef:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxBufferedDC(), Dc::wxDC:wxDC(), Area::{W::integer(),H::integer()}, [Option]) -> ok
+%% @spec (This::wxBufferedDC(), Dc::wxDC:wxDC(), Area::{W::integer(), H::integer()}, [Option]) -> ok
 %% Option = {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbuffereddc.html#wxbuffereddcinit">external documentation</a>.
 init(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=DcT,ref=DcRef},{AreaW,AreaH}, Options)
diff --git a/lib/wx/src/gen/wxButton.erl b/lib/wx/src/gen/wxButton.erl
index c0e21a5657..a75c45c5a3 100644
--- a/lib/wx/src/gen/wxButton.erl
+++ b/lib/wx/src/gen/wxButton.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxButton()
-%% Option = {label, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {label, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbutton.html#wxbuttonwxbutton">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -111,7 +111,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxButton(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {label, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {label, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbutton.html#wxbuttoncreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -127,7 +127,7 @@ create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, O
   wxe_util:call(?wxButton_Create,
   <<ThisRef:32/?UI,ParentRef:32/?UI,Id:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec () -> {W::integer(),H::integer()}
+%% @spec () -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxbutton.html#wxbuttongetdefaultsize">external documentation</a>.
 getDefaultSize() ->
   wxe_util:call(?wxButton_GetDefaultSize,
diff --git a/lib/wx/src/gen/wxCalendarCtrl.erl b/lib/wx/src/gen/wxCalendarCtrl.erl
index 8ad4d5954b..1bb4ecb1fa 100644
--- a/lib/wx/src/gen/wxCalendarCtrl.erl
+++ b/lib/wx/src/gen/wxCalendarCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,7 +93,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxCalendarCtrl()
-%% Option = {date, wx:datetime()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {date, wx:datetime()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcalendarctrl.html#wxcalendarctrlwxcalendarctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -114,7 +114,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxCalendarCtrl(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {date, wx:datetime()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {date, wx:datetime()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcalendarctrl.html#wxcalendarctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -297,7 +297,7 @@ resetAttr(#wx_ref{type=ThisT,ref=ThisRef},Day)
   wxe_util:cast(?wxCalendarCtrl_ResetAttr,
   <<ThisRef:32/?UI,Day:32/?UI>>).
 
-%% @spec (This::wxCalendarCtrl(), Pos::{X::integer(),Y::integer()}) -> {WxCalendarHitTestResult,Date::wx:datetime(),Wd::WeekDay}
+%% @spec (This::wxCalendarCtrl(), Pos::{X::integer(), Y::integer()}) -> {WxCalendarHitTestResult, Date::wx:datetime(), Wd::WeekDay}
 %% WxCalendarHitTestResult = integer()
 %% WeekDay = integer()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcalendarctrl.html#wxcalendarctrlhittest">external documentation</a>.
diff --git a/lib/wx/src/gen/wxCaret.erl b/lib/wx/src/gen/wxCaret.erl
index 3e1a3d544c..cbd868f388 100644
--- a/lib/wx/src/gen/wxCaret.erl
+++ b/lib/wx/src/gen/wxCaret.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -34,7 +34,7 @@
 %% @hidden
 parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
 
-%% @spec (Window::wxWindow:wxWindow(), Size::{W::integer(),H::integer()}) -> wxCaret()
+%% @spec (Window::wxWindow:wxWindow(), Size::{W::integer(), H::integer()}) -> wxCaret()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcaret.html#wxcaretwxcaret">external documentation</a>.
 new(#wx_ref{type=WindowT,ref=WindowRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -50,7 +50,7 @@ new(#wx_ref{type=WindowT,ref=WindowRef},Width,Height)
   wxe_util:construct(?wxCaret_new_3,
   <<WindowRef:32/?UI,Width:32/?UI,Height:32/?UI>>).
 
-%% @spec (This::wxCaret(), Window::wxWindow:wxWindow(), Size::{W::integer(),H::integer()}) -> bool()
+%% @spec (This::wxCaret(), Window::wxWindow:wxWindow(), Size::{W::integer(), H::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcaret.html#wxcaretcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -74,14 +74,14 @@ getBlinkTime() ->
   wxe_util:call(?wxCaret_GetBlinkTime,
   <<>>).
 
-%% @spec (This::wxCaret()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxCaret()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcaret.html#wxcaretgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxCaret),
   wxe_util:call(?wxCaret_GetPosition,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxCaret()) -> {W::integer(),H::integer()}
+%% @spec (This::wxCaret()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcaret.html#wxcaretgetsize">external documentation</a>.
 getSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxCaret),
@@ -116,7 +116,7 @@ isVisible(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxCaret_IsVisible,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxCaret(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxCaret(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcaret.html#wxcaretmove">external documentation</a>.
 move(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -139,7 +139,7 @@ setBlinkTime(Milliseconds)
   wxe_util:cast(?wxCaret_SetBlinkTime,
   <<Milliseconds:32/?UI>>).
 
-%% @spec (This::wxCaret(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxCaret(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcaret.html#wxcaretsetsize">external documentation</a>.
 setSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxCheckBox.erl b/lib/wx/src/gen/wxCheckBox.erl
index c484483379..19f01645c1 100644
--- a/lib/wx/src/gen/wxCheckBox.erl
+++ b/lib/wx/src/gen/wxCheckBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -90,7 +90,7 @@ new(Parent,Id,Label)
   new(Parent,Id,Label, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> wxCheckBox()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcheckbox.html#wxcheckboxwxcheckbox">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
@@ -112,7 +112,7 @@ create(This,Parent,Id,Label)
   create(This,Parent,Id,Label, []).
 
 %% @spec (This::wxCheckBox(), Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcheckbox.html#wxcheckboxcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxCheckListBox.erl b/lib/wx/src/gen/wxCheckListBox.erl
index c692997311..a1a07e1eec 100644
--- a/lib/wx/src/gen/wxCheckListBox.erl
+++ b/lib/wx/src/gen/wxCheckListBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -96,7 +96,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxCheckListBox()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {choices, [[string()]]} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {choices, [[string()]]} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxchecklistbox.html#wxchecklistboxwxchecklistbox">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxChoice.erl b/lib/wx/src/gen/wxChoice.erl
index eaf2f0352f..fa967d8487 100644
--- a/lib/wx/src/gen/wxChoice.erl
+++ b/lib/wx/src/gen/wxChoice.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxChoice()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {choices, [[string()]]} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {choices, [[string()]]} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxchoice.html#wxchoicewxchoice">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -109,13 +109,13 @@ new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
   wxe_util:construct(?wxChoice_new_3,
   <<ParentRef:32/?UI,Id:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxChoice(), Parent::wxWindow:wxWindow(), Id::integer(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]]) -> bool()
+%% @spec (This::wxChoice(), Parent::wxWindow:wxWindow(), Id::integer(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]]) -> bool()
 %% @equiv create(This,Parent,Id,Pos,Size,Choices, [])
 create(This,Parent,Id,Pos={PosX,PosY},Size={SizeW,SizeH},Choices)
  when is_record(This, wx_ref),is_record(Parent, wx_ref),is_integer(Id),is_integer(PosX),is_integer(PosY),is_integer(SizeW),is_integer(SizeH),is_list(Choices) ->
   create(This,Parent,Id,Pos,Size,Choices, []).
 
-%% @spec (This::wxChoice(), Parent::wxWindow:wxWindow(), Id::integer(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]], [Option]) -> bool()
+%% @spec (This::wxChoice(), Parent::wxWindow:wxWindow(), Id::integer(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]], [Option]) -> bool()
 %% Option = {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxchoice.html#wxchoicecreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,{PosX,PosY},{SizeW,SizeH},Choices, Options)
diff --git a/lib/wx/src/gen/wxChoicebook.erl b/lib/wx/src/gen/wxChoicebook.erl
index b724d0cad2..f37457f0ed 100644
--- a/lib/wx/src/gen/wxChoicebook.erl
+++ b/lib/wx/src/gen/wxChoicebook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,7 +93,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxChoicebook()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxchoicebook.html#wxchoicebookwxchoicebook">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -160,7 +160,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxChoicebook(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxchoicebook.html#wxchoicebookcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -249,7 +249,7 @@ getSelection(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxChoicebook_GetSelection,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxChoicebook(), Pt::{X::integer(),Y::integer()}) -> {integer(),Flags::integer()}
+%% @spec (This::wxChoicebook(), Pt::{X::integer(), Y::integer()}) -> {integer(), Flags::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxchoicebook.html#wxchoicebookhittest">external documentation</a>.
 hitTest(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -286,7 +286,7 @@ setImageList(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ImageListT,ref=ImageLi
   wxe_util:cast(?wxChoicebook_SetImageList,
   <<ThisRef:32/?UI,ImageListRef:32/?UI>>).
 
-%% @spec (This::wxChoicebook(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxChoicebook(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxchoicebook.html#wxchoicebooksetpagesize">external documentation</a>.
 setPageSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxColourPickerCtrl.erl b/lib/wx/src/gen/wxColourPickerCtrl.erl
index 4f0816e1fd..60776925b9 100644
--- a/lib/wx/src/gen/wxColourPickerCtrl.erl
+++ b/lib/wx/src/gen/wxColourPickerCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxColourPickerCtrl()
-%% Option = {col, wx:colour()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {col, wx:colour()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcolourpickerctrl.html#wxcolourpickerctrlwxcolourpickerctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -116,7 +116,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxColourPickerCtrl(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {col, wx:colour()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {col, wx:colour()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcolourpickerctrl.html#wxcolourpickerctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxComboBox.erl b/lib/wx/src/gen/wxComboBox.erl
index 061e886734..f743df4e93 100644
--- a/lib/wx/src/gen/wxComboBox.erl
+++ b/lib/wx/src/gen/wxComboBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -96,7 +96,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxComboBox()
-%% Option = {value, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {choices, [[string()]]} | {style, integer()} | {validator, wx:wx()}
+%% Option = {value, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {choices, [[string()]]} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcombobox.html#wxcomboboxwxcombobox">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -112,13 +112,13 @@ new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
   wxe_util:construct(?wxComboBox_new_3,
   <<ParentRef:32/?UI,Id:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxComboBox(), Parent::wxWindow:wxWindow(), Id::integer(), Value::string(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]]) -> bool()
+%% @spec (This::wxComboBox(), Parent::wxWindow:wxWindow(), Id::integer(), Value::string(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]]) -> bool()
 %% @equiv create(This,Parent,Id,Value,Pos,Size,Choices, [])
 create(This,Parent,Id,Value,Pos={PosX,PosY},Size={SizeW,SizeH},Choices)
  when is_record(This, wx_ref),is_record(Parent, wx_ref),is_integer(Id),is_list(Value),is_integer(PosX),is_integer(PosY),is_integer(SizeW),is_integer(SizeH),is_list(Choices) ->
   create(This,Parent,Id,Value,Pos,Size,Choices, []).
 
-%% @spec (This::wxComboBox(), Parent::wxWindow:wxWindow(), Id::integer(), Value::string(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]], [Option]) -> bool()
+%% @spec (This::wxComboBox(), Parent::wxWindow:wxWindow(), Id::integer(), Value::string(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]], [Option]) -> bool()
 %% Option = {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcombobox.html#wxcomboboxcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Value,{PosX,PosY},{SizeW,SizeH},Choices, Options)
diff --git a/lib/wx/src/gen/wxContextMenuEvent.erl b/lib/wx/src/gen/wxContextMenuEvent.erl
index 56ed82f37c..0050b97b89 100644
--- a/lib/wx/src/gen/wxContextMenuEvent.erl
+++ b/lib/wx/src/gen/wxContextMenuEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -45,14 +45,14 @@ parent_class(wxCommandEvent) -> true;
 parent_class(wxEvent) -> true;
 parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
 
-%% @spec (This::wxContextMenuEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxContextMenuEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcontextmenuevent.html#wxcontextmenueventgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxContextMenuEvent),
   wxe_util:call(?wxContextMenuEvent_GetPosition,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxContextMenuEvent(), Pos::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxContextMenuEvent(), Pos::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxcontextmenuevent.html#wxcontextmenueventsetposition">external documentation</a>.
 setPosition(#wx_ref{type=ThisT,ref=ThisRef},{PosX,PosY})
  when is_integer(PosX),is_integer(PosY) ->
diff --git a/lib/wx/src/gen/wxDC.erl b/lib/wx/src/gen/wxDC.erl
index 9bce1249f8..ba498c651a 100644
--- a/lib/wx/src/gen/wxDC.erl
+++ b/lib/wx/src/gen/wxDC.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -52,14 +52,14 @@
 %% @hidden
 parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
 
-%% @spec (This::wxDC(), DestPt::{X::integer(),Y::integer()}, Sz::{W::integer(),H::integer()}, Source::wxDC(), SrcPt::{X::integer(),Y::integer()}) -> bool()
+%% @spec (This::wxDC(), DestPt::{X::integer(), Y::integer()}, Sz::{W::integer(), H::integer()}, Source::wxDC(), SrcPt::{X::integer(), Y::integer()}) -> bool()
 %% @equiv blit(This,DestPt,Sz,Source,SrcPt, [])
 blit(This,DestPt={DestPtX,DestPtY},Sz={SzW,SzH},Source,SrcPt={SrcPtX,SrcPtY})
  when is_record(This, wx_ref),is_integer(DestPtX),is_integer(DestPtY),is_integer(SzW),is_integer(SzH),is_record(Source, wx_ref),is_integer(SrcPtX),is_integer(SrcPtY) ->
   blit(This,DestPt,Sz,Source,SrcPt, []).
 
-%% @spec (This::wxDC(), DestPt::{X::integer(),Y::integer()}, Sz::{W::integer(),H::integer()}, Source::wxDC(), SrcPt::{X::integer(),Y::integer()}, [Option]) -> bool()
-%% Option = {rop, integer()} | {useMask, bool()} | {srcPtMask, {X::integer(),Y::integer()}}
+%% @spec (This::wxDC(), DestPt::{X::integer(), Y::integer()}, Sz::{W::integer(), H::integer()}, Source::wxDC(), SrcPt::{X::integer(), Y::integer()}, [Option]) -> bool()
+%% Option = {rop, integer()} | {useMask, bool()} | {srcPtMask, {X::integer(), Y::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcblit">external documentation</a>.
 blit(#wx_ref{type=ThisT,ref=ThisRef},{DestPtX,DestPtY},{SzW,SzH},#wx_ref{type=SourceT,ref=SourceRef},{SrcPtX,SrcPtY}, Options)
  when is_integer(DestPtX),is_integer(DestPtY),is_integer(SzW),is_integer(SzH),is_integer(SrcPtX),is_integer(SrcPtY),is_list(Options) ->
@@ -95,7 +95,7 @@ computeScaleAndOrigin(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:cast(?wxDC_ComputeScaleAndOrigin,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdccrosshair">external documentation</a>.
 crossHair(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -142,7 +142,7 @@ deviceToLogicalYRel(#wx_ref{type=ThisT,ref=ThisRef},Y)
   wxe_util:call(?wxDC_DeviceToLogicalYRel,
   <<ThisRef:32/?UI,Y:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt1::{X::integer(),Y::integer()}, Pt2::{X::integer(),Y::integer()}, Centre::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxDC(), Pt1::{X::integer(), Y::integer()}, Pt2::{X::integer(), Y::integer()}, Centre::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawarc">external documentation</a>.
 drawArc(#wx_ref{type=ThisT,ref=ThisRef},{Pt1X,Pt1Y},{Pt2X,Pt2Y},{CentreX,CentreY})
  when is_integer(Pt1X),is_integer(Pt1Y),is_integer(Pt2X),is_integer(Pt2Y),is_integer(CentreX),is_integer(CentreY) ->
@@ -150,13 +150,13 @@ drawArc(#wx_ref{type=ThisT,ref=ThisRef},{Pt1X,Pt1Y},{Pt2X,Pt2Y},{CentreX,CentreY
   wxe_util:cast(?wxDC_DrawArc,
   <<ThisRef:32/?UI,Pt1X:32/?UI,Pt1Y:32/?UI,Pt2X:32/?UI,Pt2Y:32/?UI,CentreX:32/?UI,CentreY:32/?UI>>).
 
-%% @spec (This::wxDC(), Bmp::wxBitmap:wxBitmap(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxDC(), Bmp::wxBitmap:wxBitmap(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @equiv drawBitmap(This,Bmp,Pt, [])
 drawBitmap(This,Bmp,Pt={PtX,PtY})
  when is_record(This, wx_ref),is_record(Bmp, wx_ref),is_integer(PtX),is_integer(PtY) ->
   drawBitmap(This,Bmp,Pt, []).
 
-%% @spec (This::wxDC(), Bmp::wxBitmap:wxBitmap(), Pt::{X::integer(),Y::integer()}, [Option]) -> ok
+%% @spec (This::wxDC(), Bmp::wxBitmap:wxBitmap(), Pt::{X::integer(), Y::integer()}, [Option]) -> ok
 %% Option = {useMask, bool()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawbitmap">external documentation</a>.
 drawBitmap(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=BmpT,ref=BmpRef},{PtX,PtY}, Options)
@@ -169,7 +169,7 @@ drawBitmap(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=BmpT,ref=BmpRef},{PtX,Pt
   wxe_util:cast(?wxDC_DrawBitmap,
   <<ThisRef:32/?UI,BmpRef:32/?UI,PtX:32/?UI,PtY:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok
+%% @spec (This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawcheckmark">external documentation</a>.
 drawCheckMark(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
@@ -177,7 +177,7 @@ drawCheckMark(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
   wxe_util:cast(?wxDC_DrawCheckMark,
   <<ThisRef:32/?UI,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Radius::integer()) -> ok
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Radius::integer()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawcircle">external documentation</a>.
 drawCircle(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},Radius)
  when is_integer(PtX),is_integer(PtY),is_integer(Radius) ->
@@ -185,7 +185,7 @@ drawCircle(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},Radius)
   wxe_util:cast(?wxDC_DrawCircle,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI,Radius:32/?UI>>).
 
-%% @spec (This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok
+%% @spec (This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawellipse">external documentation</a>.
 drawEllipse(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
@@ -193,7 +193,7 @@ drawEllipse(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
   wxe_util:cast(?wxDC_DrawEllipse_1,
   <<ThisRef:32/?UI,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Sz::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Sz::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawellipse">external documentation</a>.
 drawEllipse(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH})
  when is_integer(PtX),is_integer(PtY),is_integer(SzW),is_integer(SzH) ->
@@ -201,7 +201,7 @@ drawEllipse(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH})
   wxe_util:cast(?wxDC_DrawEllipse_2,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI,SzW:32/?UI,SzH:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Sz::{W::integer(),H::integer()}, Sa::float(), Ea::float()) -> ok
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Sz::{W::integer(), H::integer()}, Sa::float(), Ea::float()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawellipticarc">external documentation</a>.
 drawEllipticArc(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH},Sa,Ea)
  when is_integer(PtX),is_integer(PtY),is_integer(SzW),is_integer(SzH),is_float(Sa),is_float(Ea) ->
@@ -209,7 +209,7 @@ drawEllipticArc(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH},Sa,Ea)
   wxe_util:cast(?wxDC_DrawEllipticArc,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI,SzW:32/?UI,SzH:32/?UI,0:32,Sa:64/?F,Ea:64/?F>>).
 
-%% @spec (This::wxDC(), Icon::wxIcon:wxIcon(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxDC(), Icon::wxIcon:wxIcon(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawicon">external documentation</a>.
 drawIcon(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=IconT,ref=IconRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -218,13 +218,13 @@ drawIcon(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=IconT,ref=IconRef},{PtX,Pt
   wxe_util:cast(?wxDC_DrawIcon,
   <<ThisRef:32/?UI,IconRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxDC(), Text::string(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok
+%% @spec (This::wxDC(), Text::string(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok
 %% @equiv drawLabel(This,Text,Rect, [])
 drawLabel(This,Text,Rect={RectX,RectY,RectW,RectH})
  when is_record(This, wx_ref),is_list(Text),is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
   drawLabel(This,Text,Rect, []).
 
-%% @spec (This::wxDC(), Text::string(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, [Option]) -> ok
+%% @spec (This::wxDC(), Text::string(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, [Option]) -> ok
 %% Option = {alignment, integer()} | {indexAccel, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawlabel">external documentation</a>.
 drawLabel(#wx_ref{type=ThisT,ref=ThisRef},Text,{RectX,RectY,RectW,RectH}, Options)
@@ -238,7 +238,7 @@ drawLabel(#wx_ref{type=ThisT,ref=ThisRef},Text,{RectX,RectY,RectW,RectH}, Option
   wxe_util:cast(?wxDC_DrawLabel,
   <<ThisRef:32/?UI,(byte_size(Text_UC)):32/?UI,(Text_UC)/binary, 0:(((8- ((0+byte_size(Text_UC)) band 16#7)) band 16#7))/unit:8,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxDC(), Pt1::{X::integer(),Y::integer()}, Pt2::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxDC(), Pt1::{X::integer(), Y::integer()}, Pt2::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawline">external documentation</a>.
 drawLine(#wx_ref{type=ThisT,ref=ThisRef},{Pt1X,Pt1Y},{Pt2X,Pt2Y})
  when is_integer(Pt1X),is_integer(Pt1Y),is_integer(Pt2X),is_integer(Pt2Y) ->
@@ -246,13 +246,13 @@ drawLine(#wx_ref{type=ThisT,ref=ThisRef},{Pt1X,Pt1Y},{Pt2X,Pt2Y})
   wxe_util:cast(?wxDC_DrawLine,
   <<ThisRef:32/?UI,Pt1X:32/?UI,Pt1Y:32/?UI,Pt2X:32/?UI,Pt2Y:32/?UI>>).
 
-%% @spec (This::wxDC(), Points::[{X::integer(),Y::integer()}]) -> ok
+%% @spec (This::wxDC(), Points::[{X::integer(), Y::integer()}]) -> ok
 %% @equiv drawLines(This,Points, [])
 drawLines(This,Points)
  when is_record(This, wx_ref),is_list(Points) ->
   drawLines(This,Points, []).
 
-%% @spec (This::wxDC(), Points::[{X::integer(),Y::integer()}], [Option]) -> ok
+%% @spec (This::wxDC(), Points::[{X::integer(), Y::integer()}], [Option]) -> ok
 %% Option = {xoffset, integer()} | {yoffset, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawlines">external documentation</a>.
 drawLines(#wx_ref{type=ThisT,ref=ThisRef},Points, Options)
@@ -266,13 +266,13 @@ drawLines(#wx_ref{type=ThisT,ref=ThisRef},Points, Options)
   <<ThisRef:32/?UI,(length(Points)):32/?UI,
         (<< <<X:32/?I,Y:32/?I>> || {X,Y} <- Points>>)/binary, BinOpt/binary>>).
 
-%% @spec (This::wxDC(), Points::[{X::integer(),Y::integer()}]) -> ok
+%% @spec (This::wxDC(), Points::[{X::integer(), Y::integer()}]) -> ok
 %% @equiv drawPolygon(This,Points, [])
 drawPolygon(This,Points)
  when is_record(This, wx_ref),is_list(Points) ->
   drawPolygon(This,Points, []).
 
-%% @spec (This::wxDC(), Points::[{X::integer(),Y::integer()}], [Option]) -> ok
+%% @spec (This::wxDC(), Points::[{X::integer(), Y::integer()}], [Option]) -> ok
 %% Option = {xoffset, integer()} | {yoffset, integer()} | {fillStyle, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawpolygon">external documentation</a>.
 drawPolygon(#wx_ref{type=ThisT,ref=ThisRef},Points, Options)
@@ -287,7 +287,7 @@ drawPolygon(#wx_ref{type=ThisT,ref=ThisRef},Points, Options)
   <<ThisRef:32/?UI,(length(Points)):32/?UI,
         (<< <<X:32/?I,Y:32/?I>> || {X,Y} <- Points>>)/binary, BinOpt/binary>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawpoint">external documentation</a>.
 drawPoint(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -295,7 +295,7 @@ drawPoint(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
   wxe_util:cast(?wxDC_DrawPoint,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok
+%% @spec (This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawrectangle">external documentation</a>.
 drawRectangle(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
@@ -303,7 +303,7 @@ drawRectangle(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
   wxe_util:cast(?wxDC_DrawRectangle_1,
   <<ThisRef:32/?UI,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Sz::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Sz::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawrectangle">external documentation</a>.
 drawRectangle(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH})
  when is_integer(PtX),is_integer(PtY),is_integer(SzW),is_integer(SzH) ->
@@ -311,7 +311,7 @@ drawRectangle(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH})
   wxe_util:cast(?wxDC_DrawRectangle_2,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI,SzW:32/?UI,SzH:32/?UI>>).
 
-%% @spec (This::wxDC(), Text::string(), Pt::{X::integer(),Y::integer()}, Angle::float()) -> ok
+%% @spec (This::wxDC(), Text::string(), Pt::{X::integer(), Y::integer()}, Angle::float()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawrotatedtext">external documentation</a>.
 drawRotatedText(#wx_ref{type=ThisT,ref=ThisRef},Text,{PtX,PtY},Angle)
  when is_list(Text),is_integer(PtX),is_integer(PtY),is_float(Angle) ->
@@ -320,7 +320,7 @@ drawRotatedText(#wx_ref{type=ThisT,ref=ThisRef},Text,{PtX,PtY},Angle)
   wxe_util:cast(?wxDC_DrawRotatedText,
   <<ThisRef:32/?UI,(byte_size(Text_UC)):32/?UI,(Text_UC)/binary, 0:(((8- ((0+byte_size(Text_UC)) band 16#7)) band 16#7))/unit:8,PtX:32/?UI,PtY:32/?UI,Angle:64/?F>>).
 
-%% @spec (This::wxDC(), R::{X::integer(),Y::integer(),W::integer(),H::integer()}, Radius::float()) -> ok
+%% @spec (This::wxDC(), R::{X::integer(), Y::integer(), W::integer(), H::integer()}, Radius::float()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawroundedrectangle">external documentation</a>.
 drawRoundedRectangle(#wx_ref{type=ThisT,ref=ThisRef},{RX,RY,RW,RH},Radius)
  when is_integer(RX),is_integer(RY),is_integer(RW),is_integer(RH),is_float(Radius) ->
@@ -328,7 +328,7 @@ drawRoundedRectangle(#wx_ref{type=ThisT,ref=ThisRef},{RX,RY,RW,RH},Radius)
   wxe_util:cast(?wxDC_DrawRoundedRectangle_2,
   <<ThisRef:32/?UI,RX:32/?UI,RY:32/?UI,RW:32/?UI,RH:32/?UI,0:32,Radius:64/?F>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Sz::{W::integer(),H::integer()}, Radius::float()) -> ok
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Sz::{W::integer(), H::integer()}, Radius::float()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawroundedrectangle">external documentation</a>.
 drawRoundedRectangle(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH},Radius)
  when is_integer(PtX),is_integer(PtY),is_integer(SzW),is_integer(SzH),is_float(Radius) ->
@@ -336,7 +336,7 @@ drawRoundedRectangle(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH},Radius)
   wxe_util:cast(?wxDC_DrawRoundedRectangle_3,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI,SzW:32/?UI,SzH:32/?UI,0:32,Radius:64/?F>>).
 
-%% @spec (This::wxDC(), Text::string(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxDC(), Text::string(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcdrawtext">external documentation</a>.
 drawText(#wx_ref{type=ThisT,ref=ThisRef},Text,{PtX,PtY})
  when is_list(Text),is_integer(PtX),is_integer(PtY) ->
@@ -359,13 +359,13 @@ endPage(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:cast(?wxDC_EndPage,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Col::wx:colour()) -> bool()
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Col::wx:colour()) -> bool()
 %% @equiv floodFill(This,Pt,Col, [])
 floodFill(This,Pt={PtX,PtY},Col)
  when is_record(This, wx_ref),is_integer(PtX),is_integer(PtY),tuple_size(Col) =:= 3; tuple_size(Col) =:= 4 ->
   floodFill(This,Pt,Col, []).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Col::wx:colour(), [Option]) -> bool()
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Col::wx:colour(), [Option]) -> bool()
 %% Option = {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcfloodfill">external documentation</a>.
 floodFill(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},Col, Options)
@@ -412,7 +412,7 @@ getCharWidth(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxDC_GetCharWidth,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok
+%% @spec (This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgetclippingbox">external documentation</a>.
 getClippingBox(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
@@ -450,7 +450,7 @@ getMapMode(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxDC_GetMapMode,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC(), String::string()) -> {W::integer(),H::integer()}
+%% @spec (This::wxDC(), String::string()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgetmultilinetextextent">external documentation</a>.
 getMultiLineTextExtent(#wx_ref{type=ThisT,ref=ThisRef},String)
  when is_list(String) ->
@@ -459,7 +459,7 @@ getMultiLineTextExtent(#wx_ref{type=ThisT,ref=ThisRef},String)
   wxe_util:call(?wxDC_GetMultiLineTextExtent_1,
   <<ThisRef:32/?UI,(byte_size(String_UC)):32/?UI,(String_UC)/binary, 0:(((8- ((0+byte_size(String_UC)) band 16#7)) band 16#7))/unit:8>>).
 
-%% @spec (This::wxDC(), String::string(), [Option]) -> {Width::integer(),Height::integer(),HeightLine::integer()}
+%% @spec (This::wxDC(), String::string(), [Option]) -> {Width::integer(), Height::integer(), HeightLine::integer()}
 %% Option = {font, wxFont:wxFont()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgetmultilinetextextent">external documentation</a>.
 getMultiLineTextExtent(#wx_ref{type=ThisT,ref=ThisRef},String, Options)
@@ -489,7 +489,7 @@ getPen(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxDC_GetPen,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Col::wx:colour()) -> bool()
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Col::wx:colour()) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgetpixel">external documentation</a>.
 getPixel(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},Col)
  when is_integer(PtX),is_integer(PtY),tuple_size(Col) =:= 3; tuple_size(Col) =:= 4 ->
@@ -497,21 +497,21 @@ getPixel(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},Col)
   wxe_util:call(?wxDC_GetPixel,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI,(wxe_util:colour_bin(Col)):16/binary>>).
 
-%% @spec (This::wxDC()) -> {W::integer(),H::integer()}
+%% @spec (This::wxDC()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgetppi">external documentation</a>.
 getPPI(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxDC),
   wxe_util:call(?wxDC_GetPPI,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC()) -> {W::integer(),H::integer()}
+%% @spec (This::wxDC()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgetsize">external documentation</a>.
 getSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxDC),
   wxe_util:call(?wxDC_GetSize,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC()) -> {W::integer(),H::integer()}
+%% @spec (This::wxDC()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgetsizemm">external documentation</a>.
 getSizeMM(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxDC),
@@ -525,7 +525,7 @@ getTextBackground(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxDC_GetTextBackground,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC(), String::string()) -> {W::integer(),H::integer()}
+%% @spec (This::wxDC(), String::string()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgettextextent">external documentation</a>.
 getTextExtent(#wx_ref{type=ThisT,ref=ThisRef},String)
  when is_list(String) ->
@@ -534,7 +534,7 @@ getTextExtent(#wx_ref{type=ThisT,ref=ThisRef},String)
   wxe_util:call(?wxDC_GetTextExtent_1,
   <<ThisRef:32/?UI,(byte_size(String_UC)):32/?UI,(String_UC)/binary, 0:(((8- ((0+byte_size(String_UC)) band 16#7)) band 16#7))/unit:8>>).
 
-%% @spec (This::wxDC(), String::string(), [Option]) -> {X::integer(),Y::integer(),Descent::integer(),ExternalLeading::integer()}
+%% @spec (This::wxDC(), String::string(), [Option]) -> {X::integer(), Y::integer(), Descent::integer(), ExternalLeading::integer()}
 %% Option = {theFont, wxFont:wxFont()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgettextextent">external documentation</a>.
 getTextExtent(#wx_ref{type=ThisT,ref=ThisRef},String, Options)
@@ -554,14 +554,14 @@ getTextForeground(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxDC_GetTextForeground,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC()) -> {X::float(),Y::float()}
+%% @spec (This::wxDC()) -> {X::float(), Y::float()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgetuserscale">external documentation</a>.
 getUserScale(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxDC),
   wxe_util:call(?wxDC_GetUserScale,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, InitialColour::wx:colour(), DestColour::wx:colour()) -> ok
+%% @spec (This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, InitialColour::wx:colour(), DestColour::wx:colour()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgradientfillconcentric">external documentation</a>.
 gradientFillConcentric(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH},InitialColour,DestColour)
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH),tuple_size(InitialColour) =:= 3; tuple_size(InitialColour) =:= 4,tuple_size(DestColour) =:= 3; tuple_size(DestColour) =:= 4 ->
@@ -569,7 +569,7 @@ gradientFillConcentric(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH}
   wxe_util:cast(?wxDC_GradientFillConcentric_3,
   <<ThisRef:32/?UI,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI,(wxe_util:colour_bin(InitialColour)):16/binary,(wxe_util:colour_bin(DestColour)):16/binary>>).
 
-%% @spec (This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, InitialColour::wx:colour(), DestColour::wx:colour(), CircleCenter::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, InitialColour::wx:colour(), DestColour::wx:colour(), CircleCenter::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgradientfillconcentric">external documentation</a>.
 gradientFillConcentric(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH},InitialColour,DestColour,{CircleCenterX,CircleCenterY})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH),tuple_size(InitialColour) =:= 3; tuple_size(InitialColour) =:= 4,tuple_size(DestColour) =:= 3; tuple_size(DestColour) =:= 4,is_integer(CircleCenterX),is_integer(CircleCenterY) ->
@@ -577,13 +577,13 @@ gradientFillConcentric(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH}
   wxe_util:cast(?wxDC_GradientFillConcentric_4,
   <<ThisRef:32/?UI,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI,(wxe_util:colour_bin(InitialColour)):16/binary,(wxe_util:colour_bin(DestColour)):16/binary,CircleCenterX:32/?UI,CircleCenterY:32/?UI>>).
 
-%% @spec (This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, InitialColour::wx:colour(), DestColour::wx:colour()) -> ok
+%% @spec (This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, InitialColour::wx:colour(), DestColour::wx:colour()) -> ok
 %% @equiv gradientFillLinear(This,Rect,InitialColour,DestColour, [])
 gradientFillLinear(This,Rect={RectX,RectY,RectW,RectH},InitialColour,DestColour)
  when is_record(This, wx_ref),is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH),tuple_size(InitialColour) =:= 3; tuple_size(InitialColour) =:= 4,tuple_size(DestColour) =:= 3; tuple_size(DestColour) =:= 4 ->
   gradientFillLinear(This,Rect,InitialColour,DestColour, []).
 
-%% @spec (This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, InitialColour::wx:colour(), DestColour::wx:colour(), [Option]) -> ok
+%% @spec (This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, InitialColour::wx:colour(), DestColour::wx:colour(), [Option]) -> ok
 %% Option = {nDirection, WxDirection}
 %% WxDirection = integer()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcgradientfilllinear">external documentation</a>.
@@ -710,7 +710,7 @@ setBrush(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=BrushT,ref=BrushRef}) ->
 %% setClippingRegion(This::wxDC(), Region::wxRegion:wxRegion()) -> ok </c>
 %% </p>
 %% <p><c>
-%% setClippingRegion(This::wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok </c>
+%% setClippingRegion(This::wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok </c>
 %% </p>
 setClippingRegion(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=RegionT,ref=RegionRef}) ->
   ?CLASS(ThisT,wxDC),
@@ -723,7 +723,7 @@ setClippingRegion(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
   wxe_util:cast(?wxDC_SetClippingRegion_1_1,
   <<ThisRef:32/?UI,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI>>).
 
-%% @spec (This::wxDC(), Pt::{X::integer(),Y::integer()}, Sz::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxDC(), Pt::{X::integer(), Y::integer()}, Sz::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdc.html#wxdcsetclippingregion">external documentation</a>.
 setClippingRegion(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY},{SzW,SzH})
  when is_integer(PtX),is_integer(PtY),is_integer(SzW),is_integer(SzH) ->
diff --git a/lib/wx/src/gen/wxDatePickerCtrl.erl b/lib/wx/src/gen/wxDatePickerCtrl.erl
index 2de51ce71d..8a1700e9cd 100644
--- a/lib/wx/src/gen/wxDatePickerCtrl.erl
+++ b/lib/wx/src/gen/wxDatePickerCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxDatePickerCtrl()
-%% Option = {date, wx:datetime()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {date, wx:datetime()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdatepickerctrl.html#wxdatepickerctrlwxdatepickerctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxDialog.erl b/lib/wx/src/gen/wxDialog.erl
index 8c0bd2cd76..514a62813e 100644
--- a/lib/wx/src/gen/wxDialog.erl
+++ b/lib/wx/src/gen/wxDialog.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -95,7 +95,7 @@ new(Parent,Id,Title)
   new(Parent,Id,Title, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), [Option]) -> wxDialog()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdialog.html#wxdialogwxdialog">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
@@ -116,7 +116,7 @@ create(This,Parent,Id,Title)
   create(This,Parent,Id,Title, []).
 
 %% @spec (This::wxDialog(), Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdialog.html#wxdialogcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxDirDialog.erl b/lib/wx/src/gen/wxDirDialog.erl
index 7849dce0a7..28db3daf1d 100644
--- a/lib/wx/src/gen/wxDirDialog.erl
+++ b/lib/wx/src/gen/wxDirDialog.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -91,7 +91,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxDirDialog()
-%% Option = {title, string()} | {defaultPath, string()} | {style, integer()} | {pos, {X::integer(),Y::integer()}} | {sz, {W::integer(),H::integer()}}
+%% Option = {title, string()} | {defaultPath, string()} | {style, integer()} | {pos, {X::integer(), Y::integer()}} | {sz, {W::integer(), H::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdirdialog.html#wxdirdialogwxdirdialog">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxDirPickerCtrl.erl b/lib/wx/src/gen/wxDirPickerCtrl.erl
index 7fb70b71e3..2b24bc4bb0 100644
--- a/lib/wx/src/gen/wxDirPickerCtrl.erl
+++ b/lib/wx/src/gen/wxDirPickerCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxDirPickerCtrl()
-%% Option = {path, string()} | {message, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {path, string()} | {message, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdirpickerctrl.html#wxdirpickerctrlwxdirpickerctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -117,7 +117,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxDirPickerCtrl(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {path, string()} | {message, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {path, string()} | {message, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxdirpickerctrl.html#wxdirpickerctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxEvtHandler.erl b/lib/wx/src/gen/wxEvtHandler.erl
index f155351b66..820c2b7a58 100644
--- a/lib/wx/src/gen/wxEvtHandler.erl
+++ b/lib/wx/src/gen/wxEvtHandler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -95,7 +95,7 @@ parse_opts([{callback,Fun}|R], Opts) when is_function(Fun) ->
     %% Check Fun Arity?
     parse_opts(R, Opts#evh{cb=Fun});
 parse_opts([callback|R], Opts) ->
-    parse_opts(R, Opts#evh{cb=1});
+    parse_opts(R, Opts#evh{cb=self()});
 parse_opts([{userData, UserData}|R],Opts) ->
     parse_opts(R, Opts#evh{userdata=UserData});
 parse_opts([{skip, Skip}|R],Opts) when is_boolean(Skip) ->
diff --git a/lib/wx/src/gen/wxFileDialog.erl b/lib/wx/src/gen/wxFileDialog.erl
index cba9705335..c6779927e9 100644
--- a/lib/wx/src/gen/wxFileDialog.erl
+++ b/lib/wx/src/gen/wxFileDialog.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,7 +93,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxFileDialog()
-%% Option = {message, string()} | {defaultDir, string()} | {defaultFile, string()} | {wildCard, string()} | {style, integer()} | {pos, {X::integer(),Y::integer()}} | {sz, {W::integer(),H::integer()}}
+%% Option = {message, string()} | {defaultDir, string()} | {defaultFile, string()} | {wildCard, string()} | {style, integer()} | {pos, {X::integer(), Y::integer()}} | {sz, {W::integer(), H::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxfiledialog.html#wxfiledialogwxfiledialog">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxFilePickerCtrl.erl b/lib/wx/src/gen/wxFilePickerCtrl.erl
index a3034aaa86..93bfa72380 100644
--- a/lib/wx/src/gen/wxFilePickerCtrl.erl
+++ b/lib/wx/src/gen/wxFilePickerCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxFilePickerCtrl()
-%% Option = {path, string()} | {message, string()} | {wildcard, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {path, string()} | {message, string()} | {wildcard, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxfilepickerctrl.html#wxfilepickerctrlwxfilepickerctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -118,7 +118,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxFilePickerCtrl(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {path, string()} | {message, string()} | {wildcard, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {path, string()} | {message, string()} | {wildcard, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxfilepickerctrl.html#wxfilepickerctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxFontPickerCtrl.erl b/lib/wx/src/gen/wxFontPickerCtrl.erl
index 93d63cc930..3050011b60 100644
--- a/lib/wx/src/gen/wxFontPickerCtrl.erl
+++ b/lib/wx/src/gen/wxFontPickerCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -95,7 +95,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxFontPickerCtrl()
-%% Option = {initial, wxFont:wxFont()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {initial, wxFont:wxFont()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxfontpickerctrl.html#wxfontpickerctrlwxfontpickerctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -117,7 +117,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxFontPickerCtrl(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {initial, wxFont:wxFont()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {initial, wxFont:wxFont()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxfontpickerctrl.html#wxfontpickerctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxFrame.erl b/lib/wx/src/gen/wxFrame.erl
index 5cd1e3dfd3..7e25bc8762 100644
--- a/lib/wx/src/gen/wxFrame.erl
+++ b/lib/wx/src/gen/wxFrame.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -97,7 +97,7 @@ new(Parent,Id,Title)
   new(Parent,Id,Title, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), [Option]) -> wxFrame()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxframe.html#wxframewxframe">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
@@ -118,7 +118,7 @@ create(This,Parent,Id,Title)
   create(This,Parent,Id,Title, []).
 
 %% @spec (This::wxFrame(), Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxframe.html#wxframecreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
@@ -172,7 +172,7 @@ createToolBar(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:call(?wxFrame_CreateToolBar,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxFrame()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxFrame()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxframe.html#wxframegetclientareaorigin">external documentation</a>.
 getClientAreaOrigin(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxFrame),
diff --git a/lib/wx/src/gen/wxGLCanvas.erl b/lib/wx/src/gen/wxGLCanvas.erl
index 032d42535d..a30d8cefd9 100644
--- a/lib/wx/src/gen/wxGLCanvas.erl
+++ b/lib/wx/src/gen/wxGLCanvas.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -86,7 +86,7 @@ new(Parent)
 %% new(Parent::wxWindow:wxWindow(), Shared::wxGLContext:wxGLContext() | wxGLCanvas()) -> new(Parent,Shared, []) </c></p>
 %% <p><c>
 %% new(Parent::wxWindow:wxWindow(), [Option]) -> wxGLCanvas() </c>
-%%<br /> Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {name, string()} | {attribList, [integer()]} | {palette, wxPalette:wxPalette()}
+%%<br /> Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {name, string()} | {attribList, [integer()]} | {palette, wxPalette:wxPalette()}
 %% </p>
 
 new(Parent,Shared)
@@ -109,7 +109,7 @@ new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
   <<ParentRef:32/?UI, 0:32,BinOpt/binary>>).
 
 %% @spec (Parent::wxWindow:wxWindow(), Shared::wxGLContext:wxGLContext() | wxGLCanvas(), [Option]) -> wxGLCanvas()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {name, string()} | {attribList, [integer()]} | {palette, wxPalette:wxPalette()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {name, string()} | {attribList, [integer()]} | {palette, wxPalette:wxPalette()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxglcanvas.html#wxglcanvaswxglcanvas">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},#wx_ref{type=SharedT,ref=SharedRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxGauge.erl b/lib/wx/src/gen/wxGauge.erl
index 5028b29bba..484fd36936 100644
--- a/lib/wx/src/gen/wxGauge.erl
+++ b/lib/wx/src/gen/wxGauge.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -90,7 +90,7 @@ new(Parent,Id,Range)
   new(Parent,Id,Range, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Range::integer(), [Option]) -> wxGauge()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgauge.html#wxgaugewxgauge">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Range, Options)
  when is_integer(Id),is_integer(Range),is_list(Options) ->
@@ -111,7 +111,7 @@ create(This,Parent,Id,Range)
   create(This,Parent,Id,Range, []).
 
 %% @spec (This::wxGauge(), Parent::wxWindow:wxWindow(), Id::integer(), Range::integer(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgauge.html#wxgaugecreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Range, Options)
  when is_integer(Id),is_integer(Range),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxGenericDirCtrl.erl b/lib/wx/src/gen/wxGenericDirCtrl.erl
index 97944710f0..626a454d2a 100644
--- a/lib/wx/src/gen/wxGenericDirCtrl.erl
+++ b/lib/wx/src/gen/wxGenericDirCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -91,7 +91,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxGenericDirCtrl()
-%% Option = {id, integer()} | {dir, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {filter, string()} | {defaultFilter, integer()}
+%% Option = {id, integer()} | {dir, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {filter, string()} | {defaultFilter, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgenericdirctrl.html#wxgenericdirctrlwxgenericdirctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -115,7 +115,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxGenericDirCtrl(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {dir, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {filter, string()} | {defaultFilter, integer()}
+%% Option = {id, integer()} | {dir, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {filter, string()} | {defaultFilter, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgenericdirctrl.html#wxgenericdirctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxGraphicsContext.erl b/lib/wx/src/gen/wxGraphicsContext.erl
index 040867cb11..05c56dd4b2 100644
--- a/lib/wx/src/gen/wxGraphicsContext.erl
+++ b/lib/wx/src/gen/wxGraphicsContext.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -192,13 +192,13 @@ drawIcon(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=IconT,ref=IconRef},X,Y,W,H
   wxe_util:cast(?wxGraphicsContext_DrawIcon,
   <<ThisRef:32/?UI,IconRef:32/?UI,X:64/?F,Y:64/?F,W:64/?F,H:64/?F>>).
 
-%% @spec (This::wxGraphicsContext(), N::integer(), Points::{X::float(),Y::float()}) -> ok
+%% @spec (This::wxGraphicsContext(), N::integer(), Points::{X::float(), Y::float()}) -> ok
 %% @equiv drawLines(This,N,Points, [])
 drawLines(This,N,Points={PointsX,PointsY})
  when is_record(This, wx_ref),is_integer(N),is_number(PointsX),is_number(PointsY) ->
   drawLines(This,N,Points, []).
 
-%% @spec (This::wxGraphicsContext(), N::integer(), Points::{X::float(),Y::float()}, [Option]) -> ok
+%% @spec (This::wxGraphicsContext(), N::integer(), Points::{X::float(), Y::float()}, [Option]) -> ok
 %% Option = {fillStyle, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicscontext.html#wxgraphicscontextdrawlines">external documentation</a>.
 drawLines(#wx_ref{type=ThisT,ref=ThisRef},N,{PointsX,PointsY}, Options)
@@ -331,7 +331,7 @@ getPartialTextExtents(#wx_ref{type=ThisT,ref=ThisRef},Text,Widths)
   <<ThisRef:32/?UI,(byte_size(Text_UC)):32/?UI,(Text_UC)/binary, 0:(((8- ((0+byte_size(Text_UC)) band 16#7)) band 16#7))/unit:8,(length(Widths)):32/?UI,
 0:32,  (<< <<C:64/float>> || C <- Widths>>)/binary>>).
 
-%% @spec (This::wxGraphicsContext(), Text::string()) -> {Width::float(),Height::float(),Descent::float(),ExternalLeading::float()}
+%% @spec (This::wxGraphicsContext(), Text::string()) -> {Width::float(), Height::float(), Descent::float(), ExternalLeading::float()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicscontext.html#wxgraphicscontextgettextextent">external documentation</a>.
 getTextExtent(#wx_ref{type=ThisT,ref=ThisRef},Text)
  when is_list(Text) ->
@@ -438,7 +438,7 @@ strokeLine(#wx_ref{type=ThisT,ref=ThisRef},X1,Y1,X2,Y2)
   wxe_util:cast(?wxGraphicsContext_StrokeLine,
   <<ThisRef:32/?UI,0:32,X1:64/?F,Y1:64/?F,X2:64/?F,Y2:64/?F>>).
 
-%% @spec (This::wxGraphicsContext(), N::integer(), Points::{X::float(),Y::float()}) -> ok
+%% @spec (This::wxGraphicsContext(), N::integer(), Points::{X::float(), Y::float()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicscontext.html#wxgraphicscontextstrokelines">external documentation</a>.
 strokeLines(#wx_ref{type=ThisT,ref=ThisRef},N,{PointsX,PointsY})
  when is_integer(N),is_number(PointsX),is_number(PointsY) ->
@@ -446,7 +446,7 @@ strokeLines(#wx_ref{type=ThisT,ref=ThisRef},N,{PointsX,PointsY})
   wxe_util:cast(?wxGraphicsContext_StrokeLines_2,
   <<ThisRef:32/?UI,N:32/?UI,PointsX:64/float,PointsY:64/float>>).
 
-%% @spec (This::wxGraphicsContext(), N::integer(), BeginPoints::{X::float(),Y::float()}, EndPoints::{X::float(),Y::float()}) -> ok
+%% @spec (This::wxGraphicsContext(), N::integer(), BeginPoints::{X::float(), Y::float()}, EndPoints::{X::float(), Y::float()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicscontext.html#wxgraphicscontextstrokelines">external documentation</a>.
 strokeLines(#wx_ref{type=ThisT,ref=ThisRef},N,{BeginPointsX,BeginPointsY},{EndPointsX,EndPointsY})
  when is_integer(N),is_number(BeginPointsX),is_number(BeginPointsY),is_number(EndPointsX),is_number(EndPointsY) ->
diff --git a/lib/wx/src/gen/wxGraphicsMatrix.erl b/lib/wx/src/gen/wxGraphicsMatrix.erl
index 38ea007c58..635a2027b3 100644
--- a/lib/wx/src/gen/wxGraphicsMatrix.erl
+++ b/lib/wx/src/gen/wxGraphicsMatrix.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -45,7 +45,7 @@ concat(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=TT,ref=TRef}) ->
   wxe_util:cast(?wxGraphicsMatrix_Concat,
   <<ThisRef:32/?UI,TRef:32/?UI>>).
 
-%% @spec (This::wxGraphicsMatrix()) -> {A::float(),B::float(),C::float(),D::float(),Tx::float(),Ty::float()}
+%% @spec (This::wxGraphicsMatrix()) -> {A::float(), B::float(), C::float(), D::float(), Tx::float(), Ty::float()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicsmatrix.html#wxgraphicsmatrixget">external documentation</a>.
 get(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGraphicsMatrix),
@@ -128,14 +128,14 @@ set(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:cast(?wxGraphicsMatrix_Set,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxGraphicsMatrix()) -> {X::float(),Y::float()}
+%% @spec (This::wxGraphicsMatrix()) -> {X::float(), Y::float()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicsmatrix.html#wxgraphicsmatrixtransformpoint">external documentation</a>.
 transformPoint(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGraphicsMatrix),
   wxe_util:call(?wxGraphicsMatrix_TransformPoint,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGraphicsMatrix()) -> {Dx::float(),Dy::float()}
+%% @spec (This::wxGraphicsMatrix()) -> {Dx::float(), Dy::float()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicsmatrix.html#wxgraphicsmatrixtransformdistance">external documentation</a>.
 transformDistance(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGraphicsMatrix),
diff --git a/lib/wx/src/gen/wxGraphicsPath.erl b/lib/wx/src/gen/wxGraphicsPath.erl
index ff2dfb07a4..e41496c641 100644
--- a/lib/wx/src/gen/wxGraphicsPath.erl
+++ b/lib/wx/src/gen/wxGraphicsPath.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -40,7 +40,7 @@
 parent_class(wxGraphicsObject) -> true;
 parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
 
-%% @spec (This::wxGraphicsPath(), P::{X::float(),Y::float()}) -> ok
+%% @spec (This::wxGraphicsPath(), P::{X::float(), Y::float()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicspath.html#wxgraphicspathmovetopoint">external documentation</a>.
 moveToPoint(#wx_ref{type=ThisT,ref=ThisRef},{PX,PY})
  when is_number(PX),is_number(PY) ->
@@ -56,7 +56,7 @@ moveToPoint(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
   wxe_util:cast(?wxGraphicsPath_MoveToPoint_2,
   <<ThisRef:32/?UI,0:32,X:64/?F,Y:64/?F>>).
 
-%% @spec (This::wxGraphicsPath(), C::{X::float(),Y::float()}, R::float(), StartAngle::float(), EndAngle::float(), Clockwise::bool()) -> ok
+%% @spec (This::wxGraphicsPath(), C::{X::float(), Y::float()}, R::float(), StartAngle::float(), EndAngle::float(), Clockwise::bool()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicspath.html#wxgraphicspathaddarc">external documentation</a>.
 addArc(#wx_ref{type=ThisT,ref=ThisRef},{CX,CY},R,StartAngle,EndAngle,Clockwise)
  when is_number(CX),is_number(CY),is_float(R),is_float(StartAngle),is_float(EndAngle),is_boolean(Clockwise) ->
@@ -88,7 +88,7 @@ addCircle(#wx_ref{type=ThisT,ref=ThisRef},X,Y,R)
   wxe_util:cast(?wxGraphicsPath_AddCircle,
   <<ThisRef:32/?UI,0:32,X:64/?F,Y:64/?F,R:64/?F>>).
 
-%% @spec (This::wxGraphicsPath(), C1::{X::float(),Y::float()}, C2::{X::float(),Y::float()}, E::{X::float(),Y::float()}) -> ok
+%% @spec (This::wxGraphicsPath(), C1::{X::float(), Y::float()}, C2::{X::float(), Y::float()}, E::{X::float(), Y::float()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicspath.html#wxgraphicspathaddcurvetopoint">external documentation</a>.
 addCurveToPoint(#wx_ref{type=ThisT,ref=ThisRef},{C1X,C1Y},{C2X,C2Y},{EX,EY})
  when is_number(C1X),is_number(C1Y),is_number(C2X),is_number(C2Y),is_number(EX),is_number(EY) ->
@@ -112,7 +112,7 @@ addEllipse(#wx_ref{type=ThisT,ref=ThisRef},X,Y,W,H)
   wxe_util:cast(?wxGraphicsPath_AddEllipse,
   <<ThisRef:32/?UI,0:32,X:64/?F,Y:64/?F,W:64/?F,H:64/?F>>).
 
-%% @spec (This::wxGraphicsPath(), P::{X::float(),Y::float()}) -> ok
+%% @spec (This::wxGraphicsPath(), P::{X::float(), Y::float()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicspath.html#wxgraphicspathaddlinetopoint">external documentation</a>.
 addLineToPoint(#wx_ref{type=ThisT,ref=ThisRef},{PX,PY})
  when is_number(PX),is_number(PY) ->
@@ -167,7 +167,7 @@ closeSubpath(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:cast(?wxGraphicsPath_CloseSubpath,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGraphicsPath(), C::{X::float(),Y::float()}) -> bool()
+%% @spec (This::wxGraphicsPath(), C::{X::float(), Y::float()}) -> bool()
 %% @equiv contains(This,C, [])
 contains(This,C={CX,CY})
  when is_record(This, wx_ref),is_number(CX),is_number(CY) ->
@@ -179,7 +179,7 @@ contains(This,C={CX,CY})
 %% <p><c>
 %% contains(This::wxGraphicsPath(), X::float(), Y::float()) -> contains(This,X,Y, []) </c></p>
 %% <p><c>
-%% contains(This::wxGraphicsPath(), C::{X::float(),Y::float()}, [Option]) -> bool() </c>
+%% contains(This::wxGraphicsPath(), C::{X::float(), Y::float()}, [Option]) -> bool() </c>
 %%<br /> Option = {fillStyle, integer()}
 %% </p>
 
@@ -207,14 +207,14 @@ contains(#wx_ref{type=ThisT,ref=ThisRef},X,Y, Options)
   wxe_util:call(?wxGraphicsPath_Contains_3,
   <<ThisRef:32/?UI,0:32,X:64/?F,Y:64/?F, BinOpt/binary>>).
 
-%% @spec (This::wxGraphicsPath()) -> {X::float(),Y::float(),W::float(),H::float()}
+%% @spec (This::wxGraphicsPath()) -> {X::float(), Y::float(), W::float(), H::float()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicspath.html#wxgraphicspathgetbox">external documentation</a>.
 getBox(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGraphicsPath),
   wxe_util:call(?wxGraphicsPath_GetBox,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGraphicsPath()) -> {X::float(),Y::float()}
+%% @spec (This::wxGraphicsPath()) -> {X::float(), Y::float()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgraphicspath.html#wxgraphicspathgetcurrentpoint">external documentation</a>.
 getCurrentPoint(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGraphicsPath),
diff --git a/lib/wx/src/gen/wxGrid.erl b/lib/wx/src/gen/wxGrid.erl
index 7b62ec33a4..531fed05c1 100644
--- a/lib/wx/src/gen/wxGrid.erl
+++ b/lib/wx/src/gen/wxGrid.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -151,7 +151,7 @@ new(Parent,Id)
 %% new(Parent::wxWindow:wxWindow(), X::integer(), Y::integer()) -> new(Parent,X,Y, []) </c></p>
 %% <p><c>
 %% new(Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxGrid() </c>
-%%<br /> Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%%<br /> Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% </p>
 
 new(Parent,X,Y)
@@ -306,7 +306,7 @@ beginBatch(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:cast(?wxGrid_BeginBatch,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid(), TopLeft::{R::integer(),C::integer()}, BottomRight::{R::integer(),C::integer()}) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxGrid(), TopLeft::{R::integer(), C::integer()}, BottomRight::{R::integer(), C::integer()}) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridblocktodevicerect">external documentation</a>.
 blockToDeviceRect(#wx_ref{type=ThisT,ref=ThisRef},{TopLeftR,TopLeftC},{BottomRightR,BottomRightC})
  when is_integer(TopLeftR),is_integer(TopLeftC),is_integer(BottomRightR),is_integer(BottomRightC) ->
@@ -342,7 +342,7 @@ canEnableCellControl(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_CanEnableCellControl,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid(), Coords::{R::integer(),C::integer()}) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxGrid(), Coords::{R::integer(), C::integer()}) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridcelltorect">external documentation</a>.
 cellToRect(#wx_ref{type=ThisT,ref=ThisRef},{CoordsR,CoordsC})
  when is_integer(CoordsR),is_integer(CoordsC) ->
@@ -350,7 +350,7 @@ cellToRect(#wx_ref{type=ThisT,ref=ThisRef},{CoordsR,CoordsC})
   wxe_util:call(?wxGrid_CellToRect_1,
   <<ThisRef:32/?UI,CoordsR:32/?UI,CoordsC:32/?UI>>).
 
-%% @spec (This::wxGrid(), Row::integer(), Col::integer()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxGrid(), Row::integer(), Col::integer()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridcelltorect">external documentation</a>.
 cellToRect(#wx_ref{type=ThisT,ref=ThisRef},Row,Col)
  when is_integer(Row),is_integer(Col) ->
@@ -586,7 +586,7 @@ getBatchCount(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_GetBatchCount,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid(), Row::integer(), Col::integer()) -> {Horiz::integer(),Vert::integer()}
+%% @spec (This::wxGrid(), Row::integer(), Col::integer()) -> {Horiz::integer(), Vert::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetcellalignment">external documentation</a>.
 getCellAlignment(#wx_ref{type=ThisT,ref=ThisRef},Row,Col)
  when is_integer(Row),is_integer(Col) ->
@@ -634,7 +634,7 @@ getCellTextColour(#wx_ref{type=ThisT,ref=ThisRef},Row,Col)
   wxe_util:call(?wxGrid_GetCellTextColour,
   <<ThisRef:32/?UI,Row:32/?UI,Col:32/?UI>>).
 
-%% @spec (This::wxGrid(), Coords::{R::integer(),C::integer()}) -> string()
+%% @spec (This::wxGrid(), Coords::{R::integer(), C::integer()}) -> string()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetcellvalue">external documentation</a>.
 getCellValue(#wx_ref{type=ThisT,ref=ThisRef},{CoordsR,CoordsC})
  when is_integer(CoordsR),is_integer(CoordsC) ->
@@ -650,7 +650,7 @@ getCellValue(#wx_ref{type=ThisT,ref=ThisRef},Row,Col)
   wxe_util:call(?wxGrid_GetCellValue_2,
   <<ThisRef:32/?UI,Row:32/?UI,Col:32/?UI>>).
 
-%% @spec (This::wxGrid()) -> {Horiz::integer(),Vert::integer()}
+%% @spec (This::wxGrid()) -> {Horiz::integer(), Vert::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetcollabelalignment">external documentation</a>.
 getColLabelAlignment(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGrid),
@@ -679,7 +679,7 @@ getColMinimalAcceptableWidth(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_GetColMinimalAcceptableWidth,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid()) -> {Horiz::integer(),Vert::integer()}
+%% @spec (This::wxGrid()) -> {Horiz::integer(), Vert::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetdefaultcellalignment">external documentation</a>.
 getDefaultCellAlignment(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGrid),
@@ -728,7 +728,7 @@ getDefaultEditor(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_GetDefaultEditor,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid(), C::{R::integer(),C::integer()}) -> wxGridCellEditor:wxGridCellEditor()
+%% @spec (This::wxGrid(), C::{R::integer(), C::integer()}) -> wxGridCellEditor:wxGridCellEditor()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetdefaulteditorforcell">external documentation</a>.
 getDefaultEditorForCell(#wx_ref{type=ThisT,ref=ThisRef},{CR,CC})
  when is_integer(CR),is_integer(CC) ->
@@ -869,7 +869,7 @@ getRowMinimalAcceptableHeight(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_GetRowMinimalAcceptableHeight,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid()) -> {Horiz::integer(),Vert::integer()}
+%% @spec (This::wxGrid()) -> {Horiz::integer(), Vert::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetrowlabelalignment">external documentation</a>.
 getRowLabelAlignment(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGrid),
@@ -913,7 +913,7 @@ getScrollLineY(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_GetScrollLineY,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid()) -> [{R::integer(),C::integer()}]
+%% @spec (This::wxGrid()) -> [{R::integer(), C::integer()}]
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetselectedcells">external documentation</a>.
 getSelectedCells(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGrid),
@@ -941,14 +941,14 @@ getSelectionBackground(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_GetSelectionBackground,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid()) -> [{R::integer(),C::integer()}]
+%% @spec (This::wxGrid()) -> [{R::integer(), C::integer()}]
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetselectionblocktopleft">external documentation</a>.
 getSelectionBlockTopLeft(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGrid),
   wxe_util:call(?wxGrid_GetSelectionBlockTopLeft,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid()) -> [{R::integer(),C::integer()}]
+%% @spec (This::wxGrid()) -> [{R::integer(), C::integer()}]
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridgetselectionblockbottomright">external documentation</a>.
 getSelectionBlockBottomRight(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGrid),
@@ -1065,7 +1065,7 @@ isEditable(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_IsEditable,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid(), Coords::{R::integer(),C::integer()}) -> bool()
+%% @spec (This::wxGrid(), Coords::{R::integer(), C::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridisinselection">external documentation</a>.
 isInSelection(#wx_ref{type=ThisT,ref=ThisRef},{CoordsR,CoordsC})
  when is_integer(CoordsR),is_integer(CoordsC) ->
@@ -1096,7 +1096,7 @@ isSelection(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGrid_IsSelection,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid(), Coords::{R::integer(),C::integer()}) -> bool()
+%% @spec (This::wxGrid(), Coords::{R::integer(), C::integer()}) -> bool()
 %% @equiv isVisible(This,Coords, [])
 isVisible(This,Coords={CoordsR,CoordsC})
  when is_record(This, wx_ref),is_integer(CoordsR),is_integer(CoordsC) ->
@@ -1108,7 +1108,7 @@ isVisible(This,Coords={CoordsR,CoordsC})
 %% <p><c>
 %% isVisible(This::wxGrid(), Row::integer(), Col::integer()) -> isVisible(This,Row,Col, []) </c></p>
 %% <p><c>
-%% isVisible(This::wxGrid(), Coords::{R::integer(),C::integer()}, [Option]) -> bool() </c>
+%% isVisible(This::wxGrid(), Coords::{R::integer(), C::integer()}, [Option]) -> bool() </c>
 %%<br /> Option = {wholeCellVisible, bool()}
 %% </p>
 
@@ -1136,7 +1136,7 @@ isVisible(#wx_ref{type=ThisT,ref=ThisRef},Row,Col, Options)
   wxe_util:call(?wxGrid_IsVisible_3,
   <<ThisRef:32/?UI,Row:32/?UI,Col:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxGrid(), Coords::{R::integer(),C::integer()}) -> ok
+%% @spec (This::wxGrid(), Coords::{R::integer(), C::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridmakecellvisible">external documentation</a>.
 makeCellVisible(#wx_ref{type=ThisT,ref=ThisRef},{CoordsR,CoordsC})
  when is_integer(CoordsR),is_integer(CoordsC) ->
@@ -1255,13 +1255,13 @@ selectAll(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:cast(?wxGrid_SelectAll,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGrid(), TopLeft::{R::integer(),C::integer()}, BottomRight::{R::integer(),C::integer()}) -> ok
+%% @spec (This::wxGrid(), TopLeft::{R::integer(), C::integer()}, BottomRight::{R::integer(), C::integer()}) -> ok
 %% @equiv selectBlock(This,TopLeft,BottomRight, [])
 selectBlock(This,TopLeft={TopLeftR,TopLeftC},BottomRight={BottomRightR,BottomRightC})
  when is_record(This, wx_ref),is_integer(TopLeftR),is_integer(TopLeftC),is_integer(BottomRightR),is_integer(BottomRightC) ->
   selectBlock(This,TopLeft,BottomRight, []).
 
-%% @spec (This::wxGrid(), TopLeft::{R::integer(),C::integer()}, BottomRight::{R::integer(),C::integer()}, [Option]) -> ok
+%% @spec (This::wxGrid(), TopLeft::{R::integer(), C::integer()}, BottomRight::{R::integer(), C::integer()}, [Option]) -> ok
 %% Option = {addToSelected, bool()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridselectblock">external documentation</a>.
 selectBlock(#wx_ref{type=ThisT,ref=ThisRef},{TopLeftR,TopLeftC},{BottomRightR,BottomRightC}, Options)
@@ -1434,7 +1434,7 @@ setCellTextColour(#wx_ref{type=ThisT,ref=ThisRef},Val,Row,Col)
   wxe_util:cast(?wxGrid_SetCellTextColour_3_1,
   <<ThisRef:32/?UI,(wxe_util:colour_bin(Val)):16/binary,Row:32/?UI,Col:32/?UI>>).
 
-%% @spec (This::wxGrid(), Coords::{R::integer(),C::integer()}, S::string()) -> ok
+%% @spec (This::wxGrid(), Coords::{R::integer(), C::integer()}, S::string()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgrid.html#wxgridsetcellvalue">external documentation</a>.
 setCellValue(#wx_ref{type=ThisT,ref=ThisRef},{CoordsR,CoordsC},S)
  when is_integer(CoordsR),is_integer(CoordsC),is_list(S) ->
diff --git a/lib/wx/src/gen/wxGridBagSizer.erl b/lib/wx/src/gen/wxGridBagSizer.erl
index cfc182cf89..d2b8a2b045 100644
--- a/lib/wx/src/gen/wxGridBagSizer.erl
+++ b/lib/wx/src/gen/wxGridBagSizer.erl
@@ -90,7 +90,7 @@ add(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ItemT,ref=ItemRef}) ->
 %% <p><c>
 %% add(This::wxGridBagSizer(), Width::integer(), Height::integer()) -> add(This,Width,Height, []) </c></p>
 %% <p><c>
-%% add(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), Pos::{R::integer(),C::integer()}) -> add(This,Window,Pos, []) </c></p>
+%% add(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), Pos::{R::integer(), C::integer()}) -> add(This,Window,Pos, []) </c></p>
 %% <p><c>
 %% add(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), [Option]) -> wxSizerItem:wxSizerItem() </c>
 %%<br /> Option = {proportion, integer()} | {flag, integer()} | {border, integer()} | {userData, wx:wx()}
@@ -125,14 +125,14 @@ add(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef}, Options
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizeradd">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% add(This::wxGridBagSizer(), Width::integer(), Height::integer(), Pos::{R::integer(),C::integer()}) -> add(This,Width,Height,Pos, []) </c></p>
+%% add(This::wxGridBagSizer(), Width::integer(), Height::integer(), Pos::{R::integer(), C::integer()}) -> add(This,Width,Height,Pos, []) </c></p>
 %% <p><c>
 %% add(This::wxGridBagSizer(), Width::integer(), Height::integer(), [Option]) -> wxSizerItem:wxSizerItem() </c>
 %%<br /> Option = {proportion, integer()} | {flag, integer()} | {border, integer()} | {userData, wx:wx()}
 %% </p>
 %% <p><c>
-%% add(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), Pos::{R::integer(),C::integer()}, [Option]) -> wxSizerItem:wxSizerItem() </c>
-%%<br /> Option = {span, {RS::integer(),CS::integer()}} | {flag, integer()} | {border, integer()} | {userData, wx:wx()}
+%% add(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), Pos::{R::integer(), C::integer()}, [Option]) -> wxSizerItem:wxSizerItem() </c>
+%%<br /> Option = {span, {RS::integer(), CS::integer()}} | {flag, integer()} | {border, integer()} | {userData, wx:wx()}
 %% </p>
 
 add(This,Width,Height,Pos={PosR,PosC})
@@ -167,8 +167,8 @@ add(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef},{PosR,Po
   wxe_util:call(WindowOP,
   <<ThisRef:32/?UI,WindowRef:32/?UI,PosR:32/?UI,PosC:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxGridBagSizer(), Width::integer(), Height::integer(), Pos::{R::integer(),C::integer()}, [Option]) -> wxSizerItem:wxSizerItem()
-%% Option = {span, {RS::integer(),CS::integer()}} | {flag, integer()} | {border, integer()} | {userData, wx:wx()}
+%% @spec (This::wxGridBagSizer(), Width::integer(), Height::integer(), Pos::{R::integer(), C::integer()}, [Option]) -> wxSizerItem:wxSizerItem()
+%% Option = {span, {RS::integer(), CS::integer()}} | {flag, integer()} | {border, integer()} | {userData, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizeradd">external documentation</a>.
 add(#wx_ref{type=ThisT,ref=ThisRef},Width,Height,{PosR,PosC}, Options)
  when is_integer(Width),is_integer(Height),is_integer(PosR),is_integer(PosC),is_list(Options) ->
@@ -182,7 +182,7 @@ add(#wx_ref{type=ThisT,ref=ThisRef},Width,Height,{PosR,PosC}, Options)
   wxe_util:call(?wxGridBagSizer_Add_4,
   <<ThisRef:32/?UI,Width:32/?UI,Height:32/?UI,PosR:32/?UI,PosC:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxGridBagSizer()) -> {W::integer(),H::integer()}
+%% @spec (This::wxGridBagSizer()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizercalcmin">external documentation</a>.
 calcMin(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGridBagSizer),
@@ -199,7 +199,7 @@ checkForIntersection(This,Item)
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizercheckforintersection">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% checkForIntersection(This::wxGridBagSizer(), Pos::{R::integer(),C::integer()}, Span::{RS::integer(),CS::integer()}) -> checkForIntersection(This,Pos,Span, []) </c></p>
+%% checkForIntersection(This::wxGridBagSizer(), Pos::{R::integer(), C::integer()}, Span::{RS::integer(), CS::integer()}) -> checkForIntersection(This,Pos,Span, []) </c></p>
 %% <p><c>
 %% checkForIntersection(This::wxGridBagSizer(), Item::wxGBSizerItem:wxGBSizerItem(), [Option]) -> bool() </c>
 %%<br /> Option = {excludeItem, wxGBSizerItem:wxGBSizerItem()}
@@ -218,7 +218,7 @@ checkForIntersection(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ItemT,ref=Item
   wxe_util:call(?wxGridBagSizer_CheckForIntersection_2,
   <<ThisRef:32/?UI,ItemRef:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxGridBagSizer(), Pos::{R::integer(),C::integer()}, Span::{RS::integer(),CS::integer()}, [Option]) -> bool()
+%% @spec (This::wxGridBagSizer(), Pos::{R::integer(), C::integer()}, Span::{RS::integer(), CS::integer()}, [Option]) -> bool()
 %% Option = {excludeItem, wxGBSizerItem:wxGBSizerItem()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizercheckforintersection">external documentation</a>.
 checkForIntersection(#wx_ref{type=ThisT,ref=ThisRef},{PosR,PosC},{SpanRS,SpanCS}, Options)
@@ -243,7 +243,7 @@ findItem(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef}) ->
   wxe_util:call(WindowOP,
   <<ThisRef:32/?UI,WindowRef:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer(), Pt::{X::integer(),Y::integer()}) -> wxGBSizerItem:wxGBSizerItem()
+%% @spec (This::wxGridBagSizer(), Pt::{X::integer(), Y::integer()}) -> wxGBSizerItem:wxGBSizerItem()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizerfinditematpoint">external documentation</a>.
 findItemAtPoint(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -251,7 +251,7 @@ findItemAtPoint(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
   wxe_util:call(?wxGridBagSizer_FindItemAtPoint,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer(), Pos::{R::integer(),C::integer()}) -> wxGBSizerItem:wxGBSizerItem()
+%% @spec (This::wxGridBagSizer(), Pos::{R::integer(), C::integer()}) -> wxGBSizerItem:wxGBSizerItem()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizerfinditematposition">external documentation</a>.
 findItemAtPosition(#wx_ref{type=ThisT,ref=ThisRef},{PosR,PosC})
  when is_integer(PosR),is_integer(PosC) ->
@@ -267,7 +267,7 @@ findItemWithData(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=UserDataT,ref=User
   wxe_util:call(?wxGridBagSizer_FindItemWithData,
   <<ThisRef:32/?UI,UserDataRef:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer(), Row::integer(), Col::integer()) -> {W::integer(),H::integer()}
+%% @spec (This::wxGridBagSizer(), Row::integer(), Col::integer()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizergetcellsize">external documentation</a>.
 getCellSize(#wx_ref{type=ThisT,ref=ThisRef},Row,Col)
  when is_integer(Row),is_integer(Col) ->
@@ -275,21 +275,21 @@ getCellSize(#wx_ref{type=ThisT,ref=ThisRef},Row,Col)
   wxe_util:call(?wxGridBagSizer_GetCellSize,
   <<ThisRef:32/?UI,Row:32/?UI,Col:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer()) -> {W::integer(),H::integer()}
+%% @spec (This::wxGridBagSizer()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizergetemptycellsize">external documentation</a>.
 getEmptyCellSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGridBagSizer),
   wxe_util:call(?wxGridBagSizer_GetEmptyCellSize,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer(),X::integer()|term()) -> {R::integer(),C::integer()}
+%% @spec (This::wxGridBagSizer(),X::integer()|term()) -> {R::integer(), C::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizergetitemposition">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% getItemPosition(This::wxGridBagSizer(), Index::integer()) -> {R::integer(),C::integer()} </c>
+%% getItemPosition(This::wxGridBagSizer(), Index::integer()) -> {R::integer(), C::integer()} </c>
 %% </p>
 %% <p><c>
-%% getItemPosition(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer()) -> {R::integer(),C::integer()} </c>
+%% getItemPosition(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer()) -> {R::integer(), C::integer()} </c>
 %% </p>
 getItemPosition(#wx_ref{type=ThisT,ref=ThisRef},Index)
  when is_integer(Index) ->
@@ -307,14 +307,14 @@ getItemPosition(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowR
   wxe_util:call(WindowOP,
   <<ThisRef:32/?UI,WindowRef:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer(),X::integer()|term()) -> {RS::integer(),CS::integer()}
+%% @spec (This::wxGridBagSizer(),X::integer()|term()) -> {RS::integer(), CS::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizergetitemspan">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% getItemSpan(This::wxGridBagSizer(), Index::integer()) -> {RS::integer(),CS::integer()} </c>
+%% getItemSpan(This::wxGridBagSizer(), Index::integer()) -> {RS::integer(), CS::integer()} </c>
 %% </p>
 %% <p><c>
-%% getItemSpan(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer()) -> {RS::integer(),CS::integer()} </c>
+%% getItemSpan(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer()) -> {RS::integer(), CS::integer()} </c>
 %% </p>
 getItemSpan(#wx_ref{type=ThisT,ref=ThisRef},Index)
  when is_integer(Index) ->
@@ -332,7 +332,7 @@ getItemSpan(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef})
   wxe_util:call(WindowOP,
   <<ThisRef:32/?UI,WindowRef:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer(), Sz::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxGridBagSizer(), Sz::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizersetemptycellsize">external documentation</a>.
 setEmptyCellSize(#wx_ref{type=ThisT,ref=ThisRef},{SzW,SzH})
  when is_integer(SzW),is_integer(SzH) ->
@@ -340,14 +340,14 @@ setEmptyCellSize(#wx_ref{type=ThisT,ref=ThisRef},{SzW,SzH})
   wxe_util:cast(?wxGridBagSizer_SetEmptyCellSize,
   <<ThisRef:32/?UI,SzW:32/?UI,SzH:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer(),X::integer()|term(),Pos::{R::integer(),C::integer()}) -> bool()
+%% @spec (This::wxGridBagSizer(),X::integer()|term(),Pos::{R::integer(), C::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizersetitemposition">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% setItemPosition(This::wxGridBagSizer(), Index::integer(), Pos::{R::integer(),C::integer()}) -> bool() </c>
+%% setItemPosition(This::wxGridBagSizer(), Index::integer(), Pos::{R::integer(), C::integer()}) -> bool() </c>
 %% </p>
 %% <p><c>
-%% setItemPosition(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), Pos::{R::integer(),C::integer()}) -> bool() </c>
+%% setItemPosition(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), Pos::{R::integer(), C::integer()}) -> bool() </c>
 %% </p>
 setItemPosition(#wx_ref{type=ThisT,ref=ThisRef},Index,{PosR,PosC})
  when is_integer(Index),is_integer(PosR),is_integer(PosC) ->
@@ -366,14 +366,14 @@ setItemPosition(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowR
   wxe_util:call(WindowOP,
   <<ThisRef:32/?UI,WindowRef:32/?UI,PosR:32/?UI,PosC:32/?UI>>).
 
-%% @spec (This::wxGridBagSizer(),X::integer()|term(),Span::{RS::integer(),CS::integer()}) -> bool()
+%% @spec (This::wxGridBagSizer(),X::integer()|term(),Span::{RS::integer(), CS::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridbagsizer.html#wxgridbagsizersetitemspan">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% setItemSpan(This::wxGridBagSizer(), Index::integer(), Span::{RS::integer(),CS::integer()}) -> bool() </c>
+%% setItemSpan(This::wxGridBagSizer(), Index::integer(), Span::{RS::integer(), CS::integer()}) -> bool() </c>
 %% </p>
 %% <p><c>
-%% setItemSpan(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), Span::{RS::integer(),CS::integer()}) -> bool() </c>
+%% setItemSpan(This::wxGridBagSizer(), Window::wxWindow:wxWindow() | wxSizer:wxSizer(), Span::{RS::integer(), CS::integer()}) -> bool() </c>
 %% </p>
 setItemSpan(#wx_ref{type=ThisT,ref=ThisRef},Index,{SpanRS,SpanCS})
  when is_integer(Index),is_integer(SpanRS),is_integer(SpanCS) ->
diff --git a/lib/wx/src/gen/wxGridCellAttr.erl b/lib/wx/src/gen/wxGridCellAttr.erl
index 3d23c2acfc..a9a0c1fb79 100644
--- a/lib/wx/src/gen/wxGridCellAttr.erl
+++ b/lib/wx/src/gen/wxGridCellAttr.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -165,7 +165,7 @@ getFont(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGridCellAttr_GetFont,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGridCellAttr()) -> {HAlign::integer(),VAlign::integer()}
+%% @spec (This::wxGridCellAttr()) -> {HAlign::integer(), VAlign::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridcellattr.html#wxgridcellattrgetalignment">external documentation</a>.
 getAlignment(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGridCellAttr),
diff --git a/lib/wx/src/gen/wxGridCellEditor.erl b/lib/wx/src/gen/wxGridCellEditor.erl
index a27ba7bd0f..de1ebc5a4c 100644
--- a/lib/wx/src/gen/wxGridCellEditor.erl
+++ b/lib/wx/src/gen/wxGridCellEditor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -50,7 +50,7 @@ isCreated(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGridCellEditor_IsCreated,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGridCellEditor(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok
+%% @spec (This::wxGridCellEditor(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridcelleditor.html#wxgridcelleditorsetsize">external documentation</a>.
 setSize(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
@@ -76,7 +76,7 @@ show(#wx_ref{type=ThisT,ref=ThisRef},Show, Options)
   wxe_util:cast(?wxGridCellEditor_Show,
   <<ThisRef:32/?UI,(wxe_util:from_bool(Show)):32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxGridCellEditor(), RectCell::{X::integer(),Y::integer(),W::integer(),H::integer()}, Attr::wxGridCellAttr:wxGridCellAttr()) -> ok
+%% @spec (This::wxGridCellEditor(), RectCell::{X::integer(), Y::integer(), W::integer(), H::integer()}, Attr::wxGridCellAttr:wxGridCellAttr()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridcelleditor.html#wxgridcelleditorpaintbackground">external documentation</a>.
 paintBackground(#wx_ref{type=ThisT,ref=ThisRef},{RectCellX,RectCellY,RectCellW,RectCellH},#wx_ref{type=AttrT,ref=AttrRef})
  when is_integer(RectCellX),is_integer(RectCellY),is_integer(RectCellW),is_integer(RectCellH) ->
diff --git a/lib/wx/src/gen/wxGridCellRenderer.erl b/lib/wx/src/gen/wxGridCellRenderer.erl
index d9520c478f..765c116a48 100644
--- a/lib/wx/src/gen/wxGridCellRenderer.erl
+++ b/lib/wx/src/gen/wxGridCellRenderer.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -32,7 +32,7 @@
 %% @hidden
 parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
 
-%% @spec (This::wxGridCellRenderer(), Grid::wxGrid:wxGrid(), Attr::wxGridCellAttr:wxGridCellAttr(), Dc::wxDC:wxDC(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, Row::integer(), Col::integer(), IsSelected::bool()) -> ok
+%% @spec (This::wxGridCellRenderer(), Grid::wxGrid:wxGrid(), Attr::wxGridCellAttr:wxGridCellAttr(), Dc::wxDC:wxDC(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, Row::integer(), Col::integer(), IsSelected::bool()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridcellrenderer.html#wxgridcellrendererdraw">external documentation</a>.
 draw(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=GridT,ref=GridRef},#wx_ref{type=AttrT,ref=AttrRef},#wx_ref{type=DcT,ref=DcRef},{RectX,RectY,RectW,RectH},Row,Col,IsSelected)
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH),is_integer(Row),is_integer(Col),is_boolean(IsSelected) ->
@@ -43,7 +43,7 @@ draw(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=GridT,ref=GridRef},#wx_ref{typ
   wxe_util:cast(?wxGridCellRenderer_Draw,
   <<ThisRef:32/?UI,GridRef:32/?UI,AttrRef:32/?UI,DcRef:32/?UI,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI,Row:32/?UI,Col:32/?UI,(wxe_util:from_bool(IsSelected)):32/?UI>>).
 
-%% @spec (This::wxGridCellRenderer(), Grid::wxGrid:wxGrid(), Attr::wxGridCellAttr:wxGridCellAttr(), Dc::wxDC:wxDC(), Row::integer(), Col::integer()) -> {W::integer(),H::integer()}
+%% @spec (This::wxGridCellRenderer(), Grid::wxGrid:wxGrid(), Attr::wxGridCellAttr:wxGridCellAttr(), Dc::wxDC:wxDC(), Row::integer(), Col::integer()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridcellrenderer.html#wxgridcellrenderergetbestsize">external documentation</a>.
 getBestSize(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=GridT,ref=GridRef},#wx_ref{type=AttrT,ref=AttrRef},#wx_ref{type=DcT,ref=DcRef},Row,Col)
  when is_integer(Row),is_integer(Col) ->
diff --git a/lib/wx/src/gen/wxGridEvent.erl b/lib/wx/src/gen/wxGridEvent.erl
index 9b7e0012ca..123088afb5 100644
--- a/lib/wx/src/gen/wxGridEvent.erl
+++ b/lib/wx/src/gen/wxGridEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -69,7 +69,7 @@ getCol(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxGridEvent_GetCol,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxGridEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxGridEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxgridevent.html#wxgrideventgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxGridEvent),
diff --git a/lib/wx/src/gen/wxHelpEvent.erl b/lib/wx/src/gen/wxHelpEvent.erl
index ef3c666ab7..b80903c314 100644
--- a/lib/wx/src/gen/wxHelpEvent.erl
+++ b/lib/wx/src/gen/wxHelpEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -50,7 +50,7 @@ getOrigin(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxHelpEvent_GetOrigin,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxHelpEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxHelpEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxhelpevent.html#wxhelpeventgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxHelpEvent),
@@ -67,7 +67,7 @@ setOrigin(#wx_ref{type=ThisT,ref=ThisRef},Origin)
   wxe_util:cast(?wxHelpEvent_SetOrigin,
   <<ThisRef:32/?UI,Origin:32/?UI>>).
 
-%% @spec (This::wxHelpEvent(), Pos::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxHelpEvent(), Pos::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxhelpevent.html#wxhelpeventsetposition">external documentation</a>.
 setPosition(#wx_ref{type=ThisT,ref=ThisRef},{PosX,PosY})
  when is_integer(PosX),is_integer(PosY) ->
diff --git a/lib/wx/src/gen/wxHtmlWindow.erl b/lib/wx/src/gen/wxHtmlWindow.erl
index ba8278ff56..891e5481fb 100644
--- a/lib/wx/src/gen/wxHtmlWindow.erl
+++ b/lib/wx/src/gen/wxHtmlWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -99,7 +99,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxHtmlWindow()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxhtmlwindow.html#wxhtmlwindowwxhtmlwindow">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -217,7 +217,7 @@ selectionToText(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxHtmlWindow_SelectionToText,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxHtmlWindow(), Pos::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxHtmlWindow(), Pos::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxhtmlwindow.html#wxhtmlwindowselectline">external documentation</a>.
 selectLine(#wx_ref{type=ThisT,ref=ThisRef},{PosX,PosY})
  when is_integer(PosX),is_integer(PosY) ->
@@ -225,7 +225,7 @@ selectLine(#wx_ref{type=ThisT,ref=ThisRef},{PosX,PosY})
   wxe_util:cast(?wxHtmlWindow_SelectLine,
   <<ThisRef:32/?UI,PosX:32/?UI,PosY:32/?UI>>).
 
-%% @spec (This::wxHtmlWindow(), Pos::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxHtmlWindow(), Pos::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxhtmlwindow.html#wxhtmlwindowselectword">external documentation</a>.
 selectWord(#wx_ref{type=ThisT,ref=ThisRef},{PosX,PosY})
  when is_integer(PosX),is_integer(PosY) ->
diff --git a/lib/wx/src/gen/wxIconBundle.erl b/lib/wx/src/gen/wxIconBundle.erl
index ee133cbcb9..011b2dd1ac 100644
--- a/lib/wx/src/gen/wxIconBundle.erl
+++ b/lib/wx/src/gen/wxIconBundle.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ getIcon(This)
 %%<br /> Option = {size, integer()}
 %% </p>
 %% <p><c>
-%% getIcon(This::wxIconBundle(), Size::{W::integer(),H::integer()}) -> wxIcon:wxIcon() </c>
+%% getIcon(This::wxIconBundle(), Size::{W::integer(), H::integer()}) -> wxIcon:wxIcon() </c>
 %% </p>
 getIcon(#wx_ref{type=ThisT,ref=ThisRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxImage.erl b/lib/wx/src/gen/wxImage.erl
index 5fe105fbb2..ea41a78a40 100644
--- a/lib/wx/src/gen/wxImage.erl
+++ b/lib/wx/src/gen/wxImage.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -303,13 +303,13 @@ create(#wx_ref{type=ThisT,ref=ThisRef},Width,Height,Data,Alpha, Options)
   wxe_util:cast(?wxImage_Destroy,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxImage()) -> {bool(),R::integer(),G::integer(),B::integer()}
+%% @spec (This::wxImage()) -> {bool(), R::integer(), G::integer(), B::integer()}
 %% @equiv findFirstUnusedColour(This, [])
 findFirstUnusedColour(This)
  when is_record(This, wx_ref) ->
   findFirstUnusedColour(This, []).
 
-%% @spec (This::wxImage(), [Option]) -> {bool(),R::integer(),G::integer(),B::integer()}
+%% @spec (This::wxImage(), [Option]) -> {bool(), R::integer(), G::integer(), B::integer()}
 %% Option = {startR, integer()} | {startG, integer()} | {startB, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wximage.html#wximagefindfirstunusedcolour">external documentation</a>.
 findFirstUnusedColour(#wx_ref{type=ThisT,ref=ThisRef}, Options)
@@ -413,7 +413,7 @@ getMaskRed(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxImage_GetMaskRed,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxImage()) -> {bool(),R::integer(),G::integer(),B::integer()}
+%% @spec (This::wxImage()) -> {bool(), R::integer(), G::integer(), B::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wximage.html#wximagegetorfindmaskcolour">external documentation</a>.
 getOrFindMaskColour(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxImage),
@@ -435,7 +435,7 @@ getRed(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
   wxe_util:call(?wxImage_GetRed,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI>>).
 
-%% @spec (This::wxImage(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> wxImage()
+%% @spec (This::wxImage(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> wxImage()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wximage.html#wximagegetsubimage">external documentation</a>.
 getSubImage(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH})
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
@@ -615,13 +615,13 @@ rescale(#wx_ref{type=ThisT,ref=ThisRef},Width,Height, Options)
   wxe_util:call(?wxImage_Rescale,
   <<ThisRef:32/?UI,Width:32/?UI,Height:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxImage(), Size::{W::integer(),H::integer()}, Pos::{X::integer(),Y::integer()}) -> wxImage()
+%% @spec (This::wxImage(), Size::{W::integer(), H::integer()}, Pos::{X::integer(), Y::integer()}) -> wxImage()
 %% @equiv resize(This,Size,Pos, [])
 resize(This,Size={SizeW,SizeH},Pos={PosX,PosY})
  when is_record(This, wx_ref),is_integer(SizeW),is_integer(SizeH),is_integer(PosX),is_integer(PosY) ->
   resize(This,Size,Pos, []).
 
-%% @spec (This::wxImage(), Size::{W::integer(),H::integer()}, Pos::{X::integer(),Y::integer()}, [Option]) -> wxImage()
+%% @spec (This::wxImage(), Size::{W::integer(), H::integer()}, Pos::{X::integer(), Y::integer()}, [Option]) -> wxImage()
 %% Option = {r, integer()} | {g, integer()} | {b, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wximage.html#wximageresize">external documentation</a>.
 resize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH},{PosX,PosY}, Options)
@@ -635,14 +635,14 @@ resize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH},{PosX,PosY}, Options)
   wxe_util:call(?wxImage_Resize,
   <<ThisRef:32/?UI,SizeW:32/?UI,SizeH:32/?UI,PosX:32/?UI,PosY:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxImage(), Angle::float(), Centre_of_rotation::{X::integer(),Y::integer()}) -> wxImage()
+%% @spec (This::wxImage(), Angle::float(), Centre_of_rotation::{X::integer(), Y::integer()}) -> wxImage()
 %% @equiv rotate(This,Angle,Centre_of_rotation, [])
 rotate(This,Angle,Centre_of_rotation={Centre_of_rotationX,Centre_of_rotationY})
  when is_record(This, wx_ref),is_float(Angle),is_integer(Centre_of_rotationX),is_integer(Centre_of_rotationY) ->
   rotate(This,Angle,Centre_of_rotation, []).
 
-%% @spec (This::wxImage(), Angle::float(), Centre_of_rotation::{X::integer(),Y::integer()}, [Option]) -> wxImage()
-%% Option = {interpolating, bool()} | {offset_after_rotation, {X::integer(),Y::integer()}}
+%% @spec (This::wxImage(), Angle::float(), Centre_of_rotation::{X::integer(), Y::integer()}, [Option]) -> wxImage()
+%% Option = {interpolating, bool()} | {offset_after_rotation, {X::integer(), Y::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wximage.html#wximagerotate">external documentation</a>.
 rotate(#wx_ref{type=ThisT,ref=ThisRef},Angle,{Centre_of_rotationX,Centre_of_rotationY}, Options)
  when is_float(Angle),is_integer(Centre_of_rotationX),is_integer(Centre_of_rotationY),is_list(Options) ->
@@ -730,13 +730,13 @@ scale(#wx_ref{type=ThisT,ref=ThisRef},Width,Height, Options)
   wxe_util:call(?wxImage_Scale,
   <<ThisRef:32/?UI,Width:32/?UI,Height:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxImage(), Size::{W::integer(),H::integer()}, Pos::{X::integer(),Y::integer()}) -> wxImage()
+%% @spec (This::wxImage(), Size::{W::integer(), H::integer()}, Pos::{X::integer(), Y::integer()}) -> wxImage()
 %% @equiv size(This,Size,Pos, [])
 size(This,Size={SizeW,SizeH},Pos={PosX,PosY})
  when is_record(This, wx_ref),is_integer(SizeW),is_integer(SizeH),is_integer(PosX),is_integer(PosY) ->
   size(This,Size,Pos, []).
 
-%% @spec (This::wxImage(), Size::{W::integer(),H::integer()}, Pos::{X::integer(),Y::integer()}, [Option]) -> wxImage()
+%% @spec (This::wxImage(), Size::{W::integer(), H::integer()}, Pos::{X::integer(), Y::integer()}, [Option]) -> wxImage()
 %% Option = {r, integer()} | {g, integer()} | {b, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wximage.html#wximagesize">external documentation</a>.
 size(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH},{PosX,PosY}, Options)
@@ -881,7 +881,7 @@ setPalette(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=PaletteT,ref=PaletteRef}
   wxe_util:cast(?wxImage_SetPalette,
   <<ThisRef:32/?UI,PaletteRef:32/?UI>>).
 
-%% @spec (This::wxImage(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, R::integer(), G::integer(), B::integer()) -> ok
+%% @spec (This::wxImage(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, R::integer(), G::integer(), B::integer()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wximage.html#wximagesetrgb">external documentation</a>.
 setRGB(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH},R,G,B)
  when is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH),is_integer(R),is_integer(G),is_integer(B) ->
diff --git a/lib/wx/src/gen/wxImageList.erl b/lib/wx/src/gen/wxImageList.erl
index dbd51bc47b..f805a234df 100644
--- a/lib/wx/src/gen/wxImageList.erl
+++ b/lib/wx/src/gen/wxImageList.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -150,7 +150,7 @@ getImageCount(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxImageList_GetImageCount,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxImageList(), Index::integer()) -> {bool(),Width::integer(),Height::integer()}
+%% @spec (This::wxImageList(), Index::integer()) -> {bool(), Width::integer(), Height::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wximagelist.html#wximagelistgetsize">external documentation</a>.
 getSize(#wx_ref{type=ThisT,ref=ThisRef},Index)
  when is_integer(Index) ->
diff --git a/lib/wx/src/gen/wxJoystickEvent.erl b/lib/wx/src/gen/wxJoystickEvent.erl
index 2c2d7f3968..2f149a50f8 100644
--- a/lib/wx/src/gen/wxJoystickEvent.erl
+++ b/lib/wx/src/gen/wxJoystickEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -118,7 +118,7 @@ getJoystick(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxJoystickEvent_GetJoystick,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxJoystickEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxJoystickEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxjoystickevent.html#wxjoystickeventgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxJoystickEvent),
diff --git a/lib/wx/src/gen/wxKeyEvent.erl b/lib/wx/src/gen/wxKeyEvent.erl
index 00d1e2033a..edda5ee0a6 100644
--- a/lib/wx/src/gen/wxKeyEvent.erl
+++ b/lib/wx/src/gen/wxKeyEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -78,7 +78,7 @@ getModifiers(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxKeyEvent_GetModifiers,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxKeyEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxKeyEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxkeyevent.html#wxkeyeventgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxKeyEvent),
diff --git a/lib/wx/src/gen/wxLayoutAlgorithm.erl b/lib/wx/src/gen/wxLayoutAlgorithm.erl
index 402d116338..c17abeaed1 100644
--- a/lib/wx/src/gen/wxLayoutAlgorithm.erl
+++ b/lib/wx/src/gen/wxLayoutAlgorithm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -65,7 +65,7 @@ layoutMDIFrame(This,Frame)
   layoutMDIFrame(This,Frame, []).
 
 %% @spec (This::wxLayoutAlgorithm(), Frame::wxMDIParentFrame:wxMDIParentFrame(), [Option]) -> bool()
-%% Option = {rect, {X::integer(),Y::integer(),W::integer(),H::integer()}}
+%% Option = {rect, {X::integer(), Y::integer(), W::integer(), H::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlayoutalgorithm.html#wxlayoutalgorithmlayoutmdiframe">external documentation</a>.
 layoutMDIFrame(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=FrameT,ref=FrameRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxListBox.erl b/lib/wx/src/gen/wxListBox.erl
index 731209c586..cc30bf95e4 100644
--- a/lib/wx/src/gen/wxListBox.erl
+++ b/lib/wx/src/gen/wxListBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxListBox()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {choices, [[string()]]} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {choices, [[string()]]} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistbox.html#wxlistboxwxlistbox">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -109,13 +109,13 @@ new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
   wxe_util:construct(?wxListBox_new_3,
   <<ParentRef:32/?UI,Id:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxListBox(), Parent::wxWindow:wxWindow(), Id::integer(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]]) -> bool()
+%% @spec (This::wxListBox(), Parent::wxWindow:wxWindow(), Id::integer(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]]) -> bool()
 %% @equiv create(This,Parent,Id,Pos,Size,Choices, [])
 create(This,Parent,Id,Pos={PosX,PosY},Size={SizeW,SizeH},Choices)
  when is_record(This, wx_ref),is_record(Parent, wx_ref),is_integer(Id),is_integer(PosX),is_integer(PosY),is_integer(SizeW),is_integer(SizeH),is_list(Choices) ->
   create(This,Parent,Id,Pos,Size,Choices, []).
 
-%% @spec (This::wxListBox(), Parent::wxWindow:wxWindow(), Id::integer(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]], [Option]) -> bool()
+%% @spec (This::wxListBox(), Parent::wxWindow:wxWindow(), Id::integer(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]], [Option]) -> bool()
 %% Option = {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistbox.html#wxlistboxcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,{PosX,PosY},{SizeW,SizeH},Choices, Options)
@@ -139,7 +139,7 @@ deselect(#wx_ref{type=ThisT,ref=ThisRef},N)
   wxe_util:cast(?wxListBox_Deselect,
   <<ThisRef:32/?UI,N:32/?UI>>).
 
-%% @spec (This::wxListBox()) -> {integer(),ASelections::[integer()]}
+%% @spec (This::wxListBox()) -> {integer(), ASelections::[integer()]}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistbox.html#wxlistboxgetselections">external documentation</a>.
 getSelections(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxListBox),
@@ -174,7 +174,7 @@ set(#wx_ref{type=ThisT,ref=ThisRef},Items)
   wxe_util:cast(?wxListBox_Set,
   <<ThisRef:32/?UI,(length(Items_UCA)):32/?UI, (<< <<(byte_size(UC_Str)):32/?UI, UC_Str/binary>>|| UC_Str <- Items_UCA>>)/binary, 0:(((8- ((0 + lists:sum([byte_size(S)+4||S<-Items_UCA])) band 16#7)) band 16#7))/unit:8>>).
 
-%% @spec (This::wxListBox(), Point::{X::integer(),Y::integer()}) -> integer()
+%% @spec (This::wxListBox(), Point::{X::integer(), Y::integer()}) -> integer()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistbox.html#wxlistboxhittest">external documentation</a>.
 hitTest(#wx_ref{type=ThisT,ref=ThisRef},{PointX,PointY})
  when is_integer(PointX),is_integer(PointY) ->
diff --git a/lib/wx/src/gen/wxListCtrl.erl b/lib/wx/src/gen/wxListCtrl.erl
index 5799206b87..fa99897171 100644
--- a/lib/wx/src/gen/wxListCtrl.erl
+++ b/lib/wx/src/gen/wxListCtrl.erl
@@ -263,7 +263,7 @@ findItem(This,Start,Str)
 %%<br /> Option = {partial, bool()}
 %% </p>
 %% <p><c>
-%% findItem(This::wxListCtrl(), Start::integer(), Pt::{X::integer(),Y::integer()}, Direction::integer()) -> integer() </c>
+%% findItem(This::wxListCtrl(), Start::integer(), Pt::{X::integer(), Y::integer()}, Direction::integer()) -> integer() </c>
 %% </p>
 findItem(#wx_ref{type=ThisT,ref=ThisRef},Start,Str, Options)
  when is_integer(Start),is_list(Str),is_list(Options) ->
@@ -365,7 +365,7 @@ getItemFont(#wx_ref{type=ThisT,ref=ThisRef},Item)
   wxe_util:call(?wxListCtrl_GetItemFont,
   <<ThisRef:32/?UI,Item:32/?UI>>).
 
-%% @spec (This::wxListCtrl(), Item::integer(), Pos::{X::integer(),Y::integer()}) -> bool()
+%% @spec (This::wxListCtrl(), Item::integer(), Pos::{X::integer(), Y::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistctrl.html#wxlistctrlgetitemposition">external documentation</a>.
 getItemPosition(#wx_ref{type=ThisT,ref=ThisRef},Item,{PosX,PosY})
  when is_integer(Item),is_integer(PosX),is_integer(PosY) ->
@@ -373,13 +373,13 @@ getItemPosition(#wx_ref{type=ThisT,ref=ThisRef},Item,{PosX,PosY})
   wxe_util:call(?wxListCtrl_GetItemPosition,
   <<ThisRef:32/?UI,Item:32/?UI,PosX:32/?UI,PosY:32/?UI>>).
 
-%% @spec (This::wxListCtrl(), Item::integer(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> bool()
+%% @spec (This::wxListCtrl(), Item::integer(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> bool()
 %% @equiv getItemRect(This,Item,Rect, [])
 getItemRect(This,Item,Rect={RectX,RectY,RectW,RectH})
  when is_record(This, wx_ref),is_integer(Item),is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
   getItemRect(This,Item,Rect, []).
 
-%% @spec (This::wxListCtrl(), Item::integer(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, [Option]) -> bool()
+%% @spec (This::wxListCtrl(), Item::integer(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, [Option]) -> bool()
 %% Option = {code, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistctrl.html#wxlistctrlgetitemrect">external documentation</a>.
 getItemRect(#wx_ref{type=ThisT,ref=ThisRef},Item,{RectX,RectY,RectW,RectH}, Options)
@@ -391,7 +391,7 @@ getItemRect(#wx_ref{type=ThisT,ref=ThisRef},Item,{RectX,RectY,RectW,RectH}, Opti
   wxe_util:call(?wxListCtrl_GetItemRect,
   <<ThisRef:32/?UI,Item:32/?UI,RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxListCtrl()) -> {W::integer(),H::integer()}
+%% @spec (This::wxListCtrl()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistctrl.html#wxlistctrlgetitemspacing">external documentation</a>.
 getItemSpacing(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxListCtrl),
@@ -462,14 +462,14 @@ getTopItem(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxListCtrl_GetTopItem,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxListCtrl()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxListCtrl()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistctrl.html#wxlistctrlgetviewrect">external documentation</a>.
 getViewRect(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxListCtrl),
   wxe_util:call(?wxListCtrl_GetViewRect,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxListCtrl(), Point::{X::integer(),Y::integer()}) -> {integer(),Flags::integer()}
+%% @spec (This::wxListCtrl(), Point::{X::integer(), Y::integer()}) -> {integer(), Flags::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistctrl.html#wxlistctrlhittest">external documentation</a>.
 hitTest(#wx_ref{type=ThisT,ref=ThisRef},{PointX,PointY})
  when is_integer(PointX),is_integer(PointY) ->
@@ -692,7 +692,7 @@ setItemColumnImage(#wx_ref{type=ThisT,ref=ThisRef},Item,Column,Image)
   wxe_util:call(?wxListCtrl_SetItemColumnImage,
   <<ThisRef:32/?UI,Item:32/?UI,Column:32/?UI,Image:32/?UI>>).
 
-%% @spec (This::wxListCtrl(), Item::integer(), Pos::{X::integer(),Y::integer()}) -> bool()
+%% @spec (This::wxListCtrl(), Item::integer(), Pos::{X::integer(), Y::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistctrl.html#wxlistctrlsetitemposition">external documentation</a>.
 setItemPosition(#wx_ref{type=ThisT,ref=ThisRef},Item,{PosX,PosY})
  when is_integer(Item),is_integer(PosX),is_integer(PosY) ->
diff --git a/lib/wx/src/gen/wxListEvent.erl b/lib/wx/src/gen/wxListEvent.erl
index 74f9e6095c..f7d8658acc 100644
--- a/lib/wx/src/gen/wxListEvent.erl
+++ b/lib/wx/src/gen/wxListEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -83,7 +83,7 @@ getColumn(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxListEvent_GetColumn,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxListEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxListEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistevent.html#wxlisteventgetpoint">external documentation</a>.
 getPoint(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxListEvent),
diff --git a/lib/wx/src/gen/wxListbook.erl b/lib/wx/src/gen/wxListbook.erl
index b1f0e3d9a4..c204dc87a1 100644
--- a/lib/wx/src/gen/wxListbook.erl
+++ b/lib/wx/src/gen/wxListbook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,7 +93,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxListbook()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistbook.html#wxlistbookwxlistbook">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -160,7 +160,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxListbook(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistbook.html#wxlistbookcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -249,7 +249,7 @@ getSelection(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxListbook_GetSelection,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxListbook(), Pt::{X::integer(),Y::integer()}) -> {integer(),Flags::integer()}
+%% @spec (This::wxListbook(), Pt::{X::integer(), Y::integer()}) -> {integer(), Flags::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistbook.html#wxlistbookhittest">external documentation</a>.
 hitTest(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -286,7 +286,7 @@ setImageList(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ImageListT,ref=ImageLi
   wxe_util:cast(?wxListbook_SetImageList,
   <<ThisRef:32/?UI,ImageListRef:32/?UI>>).
 
-%% @spec (This::wxListbook(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxListbook(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxlistbook.html#wxlistbooksetpagesize">external documentation</a>.
 setPageSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxMDIChildFrame.erl b/lib/wx/src/gen/wxMDIChildFrame.erl
index 34edac4213..d3e1edda55 100644
--- a/lib/wx/src/gen/wxMDIChildFrame.erl
+++ b/lib/wx/src/gen/wxMDIChildFrame.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -100,7 +100,7 @@ new(Parent,Id,Title)
   new(Parent,Id,Title, []).
 
 %% @spec (Parent::wxMDIParentFrame:wxMDIParentFrame(), Id::integer(), Title::string(), [Option]) -> wxMDIChildFrame()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmdichildframe.html#wxmdichildframewxmdichildframe">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
@@ -128,7 +128,7 @@ create(This,Parent,Id,Title)
   create(This,Parent,Id,Title, []).
 
 %% @spec (This::wxMDIChildFrame(), Parent::wxMDIParentFrame:wxMDIParentFrame(), Id::integer(), Title::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmdichildframe.html#wxmdichildframecreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxMDIParentFrame.erl b/lib/wx/src/gen/wxMDIParentFrame.erl
index db47e7ac74..7f8a305876 100644
--- a/lib/wx/src/gen/wxMDIParentFrame.erl
+++ b/lib/wx/src/gen/wxMDIParentFrame.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -102,7 +102,7 @@ new(Parent,Id,Title)
   new(Parent,Id,Title, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), [Option]) -> wxMDIParentFrame()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmdiparentframe.html#wxmdiparentframewxmdiparentframe">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
@@ -151,7 +151,7 @@ create(This,Parent,Id,Title)
   create(This,Parent,Id,Title, []).
 
 %% @spec (This::wxMDIParentFrame(), Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmdiparentframe.html#wxmdiparentframecreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxMessageDialog.erl b/lib/wx/src/gen/wxMessageDialog.erl
index 916b201d3f..d13bb7cb6e 100644
--- a/lib/wx/src/gen/wxMessageDialog.erl
+++ b/lib/wx/src/gen/wxMessageDialog.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -91,7 +91,7 @@ new(Parent,Message)
   new(Parent,Message, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Message::string(), [Option]) -> wxMessageDialog()
-%% Option = {caption, string()} | {style, integer()} | {pos, {X::integer(),Y::integer()}}
+%% Option = {caption, string()} | {style, integer()} | {pos, {X::integer(), Y::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmessagedialog.html#wxmessagedialogwxmessagedialog">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Message, Options)
  when is_list(Message),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxMiniFrame.erl b/lib/wx/src/gen/wxMiniFrame.erl
index b86f1d7cfa..108ebcfb0e 100644
--- a/lib/wx/src/gen/wxMiniFrame.erl
+++ b/lib/wx/src/gen/wxMiniFrame.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -100,7 +100,7 @@ new(Parent,Id,Title)
   new(Parent,Id,Title, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), [Option]) -> wxMiniFrame()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxminiframe.html#wxminiframewxminiframe">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
@@ -121,7 +121,7 @@ create(This,Parent,Id,Title)
   create(This,Parent,Id,Title, []).
 
 %% @spec (This::wxMiniFrame(), Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxminiframe.html#wxminiframecreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Title, Options)
  when is_integer(Id),is_list(Title),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxMouseEvent.erl b/lib/wx/src/gen/wxMouseEvent.erl
index fed9a33db7..a91d2a2e99 100644
--- a/lib/wx/src/gen/wxMouseEvent.erl
+++ b/lib/wx/src/gen/wxMouseEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -151,14 +151,14 @@ getButton(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxMouseEvent_GetButton,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxMouseEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxMouseEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmouseevent.html#wxmouseeventgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxMouseEvent),
   wxe_util:call(?wxMouseEvent_GetPosition,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxMouseEvent(), Dc::wxDC:wxDC()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxMouseEvent(), Dc::wxDC:wxDC()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmouseevent.html#wxmouseeventgetlogicalposition">external documentation</a>.
 getLogicalPosition(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=DcT,ref=DcRef}) ->
   ?CLASS(ThisT,wxMouseEvent),
diff --git a/lib/wx/src/gen/wxMoveEvent.erl b/lib/wx/src/gen/wxMoveEvent.erl
index 80bf59074a..97cf803310 100644
--- a/lib/wx/src/gen/wxMoveEvent.erl
+++ b/lib/wx/src/gen/wxMoveEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,7 +41,7 @@
 parent_class(wxEvent) -> true;
 parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
 
-%% @spec (This::wxMoveEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxMoveEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmoveevent.html#wxmoveeventgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxMoveEvent),
diff --git a/lib/wx/src/gen/wxMultiChoiceDialog.erl b/lib/wx/src/gen/wxMultiChoiceDialog.erl
index e69889a1e0..6fae0c4860 100644
--- a/lib/wx/src/gen/wxMultiChoiceDialog.erl
+++ b/lib/wx/src/gen/wxMultiChoiceDialog.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -97,7 +97,7 @@ new(Parent,Message,Caption,Choices)
   new(Parent,Message,Caption,Choices, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Message::string(), Caption::string(), Choices::[[string()]], [Option]) -> wxMultiChoiceDialog()
-%% Option = {style, integer()} | {pos, {X::integer(),Y::integer()}}
+%% Option = {style, integer()} | {pos, {X::integer(), Y::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxmultichoicedialog.html#wxmultichoicedialogwxmultichoicedialog">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Message,Caption,Choices, Options)
  when is_list(Message),is_list(Caption),is_list(Choices),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxNotebook.erl b/lib/wx/src/gen/wxNotebook.erl
index da543d7ac6..b918de5bb4 100644
--- a/lib/wx/src/gen/wxNotebook.erl
+++ b/lib/wx/src/gen/wxNotebook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,7 +93,7 @@ new(Parent,Winid)
   new(Parent,Winid, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Winid::integer(), [Option]) -> wxNotebook()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxnotebook.html#wxnotebookwxnotebook">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Winid, Options)
  when is_integer(Winid),is_list(Options) ->
@@ -160,7 +160,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxNotebook(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxnotebook.html#wxnotebookcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -263,7 +263,7 @@ getThemeBackgroundColour(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxNotebook_GetThemeBackgroundColour,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxNotebook(), Pt::{X::integer(),Y::integer()}) -> {integer(),Flags::integer()}
+%% @spec (This::wxNotebook(), Pt::{X::integer(), Y::integer()}) -> {integer(), Flags::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxnotebook.html#wxnotebookhittest">external documentation</a>.
 hitTest(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -300,7 +300,7 @@ setImageList(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ImageListT,ref=ImageLi
   wxe_util:cast(?wxNotebook_SetImageList,
   <<ThisRef:32/?UI,ImageListRef:32/?UI>>).
 
-%% @spec (This::wxNotebook(), Padding::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxNotebook(), Padding::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxnotebook.html#wxnotebooksetpadding">external documentation</a>.
 setPadding(#wx_ref{type=ThisT,ref=ThisRef},{PaddingW,PaddingH})
  when is_integer(PaddingW),is_integer(PaddingH) ->
@@ -308,7 +308,7 @@ setPadding(#wx_ref{type=ThisT,ref=ThisRef},{PaddingW,PaddingH})
   wxe_util:cast(?wxNotebook_SetPadding,
   <<ThisRef:32/?UI,PaddingW:32/?UI,PaddingH:32/?UI>>).
 
-%% @spec (This::wxNotebook(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxNotebook(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxnotebook.html#wxnotebooksetpagesize">external documentation</a>.
 setPageSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxPageSetupDialogData.erl b/lib/wx/src/gen/wxPageSetupDialogData.erl
index 672ec7c083..00b4ca2a36 100644
--- a/lib/wx/src/gen/wxPageSetupDialogData.erl
+++ b/lib/wx/src/gen/wxPageSetupDialogData.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -146,28 +146,28 @@ getDefaultInfo(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxPageSetupDialogData_GetDefaultInfo,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxPageSetupDialogData()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatagetmargintopleft">external documentation</a>.
 getMarginTopLeft(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPageSetupDialogData),
   wxe_util:call(?wxPageSetupDialogData_GetMarginTopLeft,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxPageSetupDialogData()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatagetmarginbottomright">external documentation</a>.
 getMarginBottomRight(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPageSetupDialogData),
   wxe_util:call(?wxPageSetupDialogData_GetMarginBottomRight,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxPageSetupDialogData()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatagetminmargintopleft">external documentation</a>.
 getMinMarginTopLeft(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPageSetupDialogData),
   wxe_util:call(?wxPageSetupDialogData_GetMinMarginTopLeft,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxPageSetupDialogData()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatagetminmarginbottomright">external documentation</a>.
 getMinMarginBottomRight(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPageSetupDialogData),
@@ -181,7 +181,7 @@ getPaperId(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxPageSetupDialogData_GetPaperId,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData()) -> {W::integer(),H::integer()}
+%% @spec (This::wxPageSetupDialogData()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatagetpapersize">external documentation</a>.
 getPaperSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPageSetupDialogData),
@@ -218,7 +218,7 @@ setDefaultMinMargins(#wx_ref{type=ThisT,ref=ThisRef},Flag)
   wxe_util:cast(?wxPageSetupDialogData_SetDefaultMinMargins,
   <<ThisRef:32/?UI,(wxe_util:from_bool(Flag)):32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxPageSetupDialogData(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatasetmargintopleft">external documentation</a>.
 setMarginTopLeft(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -226,7 +226,7 @@ setMarginTopLeft(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
   wxe_util:cast(?wxPageSetupDialogData_SetMarginTopLeft,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxPageSetupDialogData(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatasetmarginbottomright">external documentation</a>.
 setMarginBottomRight(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -234,7 +234,7 @@ setMarginBottomRight(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
   wxe_util:cast(?wxPageSetupDialogData_SetMarginBottomRight,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxPageSetupDialogData(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatasetminmargintopleft">external documentation</a>.
 setMinMarginTopLeft(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -242,7 +242,7 @@ setMinMarginTopLeft(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
   wxe_util:cast(?wxPageSetupDialogData_SetMinMarginTopLeft,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxPageSetupDialogData(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxPageSetupDialogData(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpagesetupdialogdata.html#wxpagesetupdialogdatasetminmarginbottomright">external documentation</a>.
 setMinMarginBottomRight(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -265,7 +265,7 @@ setPaperId(#wx_ref{type=ThisT,ref=ThisRef},Id)
 %% setPaperSize(This::wxPageSetupDialogData(), Id::integer()) -> ok </c>
 %% </p>
 %% <p><c>
-%% setPaperSize(This::wxPageSetupDialogData(), Sz::{W::integer(),H::integer()}) -> ok </c>
+%% setPaperSize(This::wxPageSetupDialogData(), Sz::{W::integer(), H::integer()}) -> ok </c>
 %% </p>
 setPaperSize(#wx_ref{type=ThisT,ref=ThisRef},Id)
  when is_integer(Id) ->
diff --git a/lib/wx/src/gen/wxPalette.erl b/lib/wx/src/gen/wxPalette.erl
index ee1fd0016d..3d8e811988 100644
--- a/lib/wx/src/gen/wxPalette.erl
+++ b/lib/wx/src/gen/wxPalette.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -75,7 +75,7 @@ getPixel(#wx_ref{type=ThisT,ref=ThisRef},Red,Green,Blue)
   wxe_util:call(?wxPalette_GetPixel,
   <<ThisRef:32/?UI,Red:32/?UI,Green:32/?UI,Blue:32/?UI>>).
 
-%% @spec (This::wxPalette(), Pixel::integer()) -> {bool(),Red::integer(),Green::integer(),Blue::integer()}
+%% @spec (This::wxPalette(), Pixel::integer()) -> {bool(), Red::integer(), Green::integer(), Blue::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpalette.html#wxpalettegetrgb">external documentation</a>.
 getRGB(#wx_ref{type=ThisT,ref=ThisRef},Pixel)
  when is_integer(Pixel) ->
diff --git a/lib/wx/src/gen/wxPanel.erl b/lib/wx/src/gen/wxPanel.erl
index 55eaa9f404..59fba03102 100644
--- a/lib/wx/src/gen/wxPanel.erl
+++ b/lib/wx/src/gen/wxPanel.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -86,7 +86,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxPanel()
-%% Option = {winid, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {winid, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpanel.html#wxpanelwxpanel">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxPasswordEntryDialog.erl b/lib/wx/src/gen/wxPasswordEntryDialog.erl
index f79734ab46..07a0bcef56 100644
--- a/lib/wx/src/gen/wxPasswordEntryDialog.erl
+++ b/lib/wx/src/gen/wxPasswordEntryDialog.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ new(Parent,Message)
   new(Parent,Message, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Message::string(), [Option]) -> wxPasswordEntryDialog()
-%% Option = {caption, string()} | {value, string()} | {style, integer()} | {pos, {X::integer(),Y::integer()}}
+%% Option = {caption, string()} | {value, string()} | {style, integer()} | {pos, {X::integer(), Y::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpasswordentrydialog.html#wxpasswordentrydialogwxpasswordentrydialog">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Message, Options)
  when is_list(Message),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxPreviewControlBar.erl b/lib/wx/src/gen/wxPreviewControlBar.erl
index 78d46d1b95..e85af625e2 100644
--- a/lib/wx/src/gen/wxPreviewControlBar.erl
+++ b/lib/wx/src/gen/wxPreviewControlBar.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -83,7 +83,7 @@ new(Preview,Buttons,Parent)
   new(Preview,Buttons,Parent, []).
 
 %% @spec (Preview::wxPrintPreview:wxPrintPreview(), Buttons::integer(), Parent::wxWindow:wxWindow(), [Option]) -> wxPreviewControlBar()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpreviewcontrolbar.html#wxpreviewcontrolbarwxpreviewcontrolbar">external documentation</a>.
 new(#wx_ref{type=PreviewT,ref=PreviewRef},Buttons,#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_integer(Buttons),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxPreviewFrame.erl b/lib/wx/src/gen/wxPreviewFrame.erl
index 91a32e9889..da43f86030 100644
--- a/lib/wx/src/gen/wxPreviewFrame.erl
+++ b/lib/wx/src/gen/wxPreviewFrame.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -95,7 +95,7 @@ new(Preview,Parent)
   new(Preview,Parent, []).
 
 %% @spec (Preview::wxPrintPreview:wxPrintPreview(), Parent::wxWindow:wxWindow(), [Option]) -> wxPreviewFrame()
-%% Option = {title, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {title, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxpreviewframe.html#wxpreviewframewxpreviewframe">external documentation</a>.
 new(#wx_ref{type=PreviewT,ref=PreviewRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxPrintout.erl b/lib/wx/src/gen/wxPrintout.erl
index b5b93921e6..a34c030275 100644
--- a/lib/wx/src/gen/wxPrintout.erl
+++ b/lib/wx/src/gen/wxPrintout.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -125,35 +125,35 @@ getDC(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxPrintout_GetDC,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout()) -> {W::integer(),H::integer()}
+%% @spec (This::wxPrintout()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutgetpagesizemm">external documentation</a>.
 getPageSizeMM(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPrintout),
   wxe_util:call(?wxPrintout_GetPageSizeMM,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout()) -> {W::integer(),H::integer()}
+%% @spec (This::wxPrintout()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutgetpagesizepixels">external documentation</a>.
 getPageSizePixels(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPrintout),
   wxe_util:call(?wxPrintout_GetPageSizePixels,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxPrintout()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutgetpaperrectpixels">external documentation</a>.
 getPaperRectPixels(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPrintout),
   wxe_util:call(?wxPrintout_GetPaperRectPixels,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxPrintout()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutgetppiprinter">external documentation</a>.
 getPPIPrinter(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPrintout),
   wxe_util:call(?wxPrintout_GetPPIPrinter,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxPrintout()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutgetppiscreen">external documentation</a>.
 getPPIScreen(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPrintout),
@@ -174,7 +174,7 @@ isPreview(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxPrintout_IsPreview,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout(), ImageSize::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxPrintout(), ImageSize::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutfitthissizetopaper">external documentation</a>.
 fitThisSizeToPaper(#wx_ref{type=ThisT,ref=ThisRef},{ImageSizeW,ImageSizeH})
  when is_integer(ImageSizeW),is_integer(ImageSizeH) ->
@@ -182,7 +182,7 @@ fitThisSizeToPaper(#wx_ref{type=ThisT,ref=ThisRef},{ImageSizeW,ImageSizeH})
   wxe_util:cast(?wxPrintout_FitThisSizeToPaper,
   <<ThisRef:32/?UI,ImageSizeW:32/?UI,ImageSizeH:32/?UI>>).
 
-%% @spec (This::wxPrintout(), ImageSize::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxPrintout(), ImageSize::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutfitthissizetopage">external documentation</a>.
 fitThisSizeToPage(#wx_ref{type=ThisT,ref=ThisRef},{ImageSizeW,ImageSizeH})
  when is_integer(ImageSizeW),is_integer(ImageSizeH) ->
@@ -190,7 +190,7 @@ fitThisSizeToPage(#wx_ref{type=ThisT,ref=ThisRef},{ImageSizeW,ImageSizeH})
   wxe_util:cast(?wxPrintout_FitThisSizeToPage,
   <<ThisRef:32/?UI,ImageSizeW:32/?UI,ImageSizeH:32/?UI>>).
 
-%% @spec (This::wxPrintout(), ImageSize::{W::integer(),H::integer()}, PageSetupData::wxPageSetupDialogData:wxPageSetupDialogData()) -> ok
+%% @spec (This::wxPrintout(), ImageSize::{W::integer(), H::integer()}, PageSetupData::wxPageSetupDialogData:wxPageSetupDialogData()) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutfitthissizetopagemargins">external documentation</a>.
 fitThisSizeToPageMargins(#wx_ref{type=ThisT,ref=ThisRef},{ImageSizeW,ImageSizeH},#wx_ref{type=PageSetupDataT,ref=PageSetupDataRef})
  when is_integer(ImageSizeW),is_integer(ImageSizeH) ->
@@ -228,21 +228,21 @@ mapScreenSizeToDevice(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:cast(?wxPrintout_MapScreenSizeToDevice,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxPrintout()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutgetlogicalpaperrect">external documentation</a>.
 getLogicalPaperRect(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPrintout),
   wxe_util:call(?wxPrintout_GetLogicalPaperRect,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxPrintout()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutgetlogicalpagerect">external documentation</a>.
 getLogicalPageRect(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxPrintout),
   wxe_util:call(?wxPrintout_GetLogicalPageRect,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxPrintout(), PageSetupData::wxPageSetupDialogData:wxPageSetupDialogData()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxPrintout(), PageSetupData::wxPageSetupDialogData:wxPageSetupDialogData()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxprintout.html#wxprintoutgetlogicalpagemarginsrect">external documentation</a>.
 getLogicalPageMarginsRect(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=PageSetupDataT,ref=PageSetupDataRef}) ->
   ?CLASS(ThisT,wxPrintout),
diff --git a/lib/wx/src/gen/wxRadioBox.erl b/lib/wx/src/gen/wxRadioBox.erl
index 06e8833972..766a691108 100644
--- a/lib/wx/src/gen/wxRadioBox.erl
+++ b/lib/wx/src/gen/wxRadioBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -78,13 +78,13 @@ parent_class(wxWindow) -> true;
 parent_class(wxEvtHandler) -> true;
 parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
 
-%% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]]) -> wxRadioBox()
+%% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]]) -> wxRadioBox()
 %% @equiv new(Parent,Id,Title,Pos,Size,Choices, [])
 new(Parent,Id,Title,Pos={PosX,PosY},Size={SizeW,SizeH},Choices)
  when is_record(Parent, wx_ref),is_integer(Id),is_list(Title),is_integer(PosX),is_integer(PosY),is_integer(SizeW),is_integer(SizeH),is_list(Choices) ->
   new(Parent,Id,Title,Pos,Size,Choices, []).
 
-%% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]], [Option]) -> wxRadioBox()
+%% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]], [Option]) -> wxRadioBox()
 %% Option = {majorDim, integer()} | {style, integer()} | {val, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxradiobox.html#wxradioboxwxradiobox">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Title,{PosX,PosY},{SizeW,SizeH},Choices, Options)
@@ -101,13 +101,13 @@ new(#wx_ref{type=ParentT,ref=ParentRef},Id,Title,{PosX,PosY},{SizeW,SizeH},Choic
   wxe_util:construct(?wxRadioBox_new,
   <<ParentRef:32/?UI,Id:32/?UI,(byte_size(Title_UC)):32/?UI,(Title_UC)/binary, 0:(((8- ((4+byte_size(Title_UC)) band 16#7)) band 16#7))/unit:8,PosX:32/?UI,PosY:32/?UI,SizeW:32/?UI,SizeH:32/?UI,(length(Choices_UCA)):32/?UI, (<< <<(byte_size(UC_Str)):32/?UI, UC_Str/binary>>|| UC_Str <- Choices_UCA>>)/binary, 0:(((8- ((4 + lists:sum([byte_size(S)+4||S<-Choices_UCA])) band 16#7)) band 16#7))/unit:8, BinOpt/binary>>).
 
-%% @spec (This::wxRadioBox(), Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]]) -> bool()
+%% @spec (This::wxRadioBox(), Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]]) -> bool()
 %% @equiv create(This,Parent,Id,Title,Pos,Size,Choices, [])
 create(This,Parent,Id,Title,Pos={PosX,PosY},Size={SizeW,SizeH},Choices)
  when is_record(This, wx_ref),is_record(Parent, wx_ref),is_integer(Id),is_list(Title),is_integer(PosX),is_integer(PosY),is_integer(SizeW),is_integer(SizeH),is_list(Choices) ->
   create(This,Parent,Id,Title,Pos,Size,Choices, []).
 
-%% @spec (This::wxRadioBox(), Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}, Choices::[[string()]], [Option]) -> bool()
+%% @spec (This::wxRadioBox(), Parent::wxWindow:wxWindow(), Id::integer(), Title::string(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}, Choices::[[string()]], [Option]) -> bool()
 %% Option = {majorDim, integer()} | {style, integer()} | {val, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxradiobox.html#wxradioboxcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Title,{PosX,PosY},{SizeW,SizeH},Choices, Options)
@@ -251,7 +251,7 @@ getItemToolTip(#wx_ref{type=ThisT,ref=ThisRef},Item)
   wxe_util:call(?wxRadioBox_GetItemToolTip,
   <<ThisRef:32/?UI,Item:32/?UI>>).
 
-%% @spec (This::wxRadioBox(), Pt::{X::integer(),Y::integer()}) -> integer()
+%% @spec (This::wxRadioBox(), Pt::{X::integer(), Y::integer()}) -> integer()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxradiobox.html#wxradioboxgetitemfrompoint">external documentation</a>.
 getItemFromPoint(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
diff --git a/lib/wx/src/gen/wxRadioButton.erl b/lib/wx/src/gen/wxRadioButton.erl
index c2c5a00be6..c4665837b5 100644
--- a/lib/wx/src/gen/wxRadioButton.erl
+++ b/lib/wx/src/gen/wxRadioButton.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -88,7 +88,7 @@ new(Parent,Id,Label)
   new(Parent,Id,Label, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> wxRadioButton()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxradiobutton.html#wxradiobuttonwxradiobutton">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
@@ -110,7 +110,7 @@ create(This,Parent,Id,Label)
   create(This,Parent,Id,Label, []).
 
 %% @spec (This::wxRadioButton(), Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxradiobutton.html#wxradiobuttoncreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxRegion.erl b/lib/wx/src/gen/wxRegion.erl
index 4e8d98a54f..9107a4d6b1 100644
--- a/lib/wx/src/gen/wxRegion.erl
+++ b/lib/wx/src/gen/wxRegion.erl
@@ -59,7 +59,7 @@ new({RectX,RectY,RectW,RectH})
   wxe_util:construct(?wxRegion_new_1_1,
   <<RectX:32/?UI,RectY:32/?UI,RectW:32/?UI,RectH:32/?UI>>).
 
-%% @spec (TopLeft::{X::integer(),Y::integer()}, BottomRight::{X::integer(),Y::integer()}) -> wxRegion()
+%% @spec (TopLeft::{X::integer(), Y::integer()}, BottomRight::{X::integer(), Y::integer()}) -> wxRegion()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxregion.html#wxregionwxregion">external documentation</a>.
 new({TopLeftX,TopLeftY},{BottomRightX,BottomRightY})
  when is_integer(TopLeftX),is_integer(TopLeftY),is_integer(BottomRightX),is_integer(BottomRightY) ->
@@ -84,12 +84,12 @@ clear(#wx_ref{type=ThisT,ref=ThisRef}) ->
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxregion.html#wxregioncontains">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% contains(This::wxRegion(), Pt::{X::integer(),Y::integer()}) -> WxRegionContain </c>
+%% contains(This::wxRegion(), Pt::{X::integer(), Y::integer()}) -> WxRegionContain </c>
 %%<br /> WxRegionContain = integer()
 %%<br /> WxRegionContain is one of ?wxOutRegion | ?wxPartRegion | ?wxInRegion
 %% </p>
 %% <p><c>
-%% contains(This::wxRegion(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> WxRegionContain </c>
+%% contains(This::wxRegion(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> WxRegionContain </c>
 %%<br /> WxRegionContain = integer()
 %%<br /> WxRegionContain is one of ?wxOutRegion | ?wxPartRegion | ?wxInRegion
 %% </p>
@@ -131,7 +131,7 @@ convertToBitmap(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxRegion_ConvertToBitmap,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxRegion()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxRegion()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxregion.html#wxregiongetbox">external documentation</a>.
 getBox(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxRegion),
@@ -145,7 +145,7 @@ getBox(#wx_ref{type=ThisT,ref=ThisRef}) ->
 %% intersect(This::wxRegion(), Region::wxRegion()) -> bool() </c>
 %% </p>
 %% <p><c>
-%% intersect(This::wxRegion(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> bool() </c>
+%% intersect(This::wxRegion(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> bool() </c>
 %% </p>
 intersect(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=RegionT,ref=RegionRef}) ->
   ?CLASS(ThisT,wxRegion),
@@ -180,7 +180,7 @@ isEmpty(#wx_ref{type=ThisT,ref=ThisRef}) ->
 %% subtract(This::wxRegion(), Region::wxRegion()) -> bool() </c>
 %% </p>
 %% <p><c>
-%% subtract(This::wxRegion(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> bool() </c>
+%% subtract(This::wxRegion(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> bool() </c>
 %% </p>
 subtract(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=RegionT,ref=RegionRef}) ->
   ?CLASS(ThisT,wxRegion),
@@ -201,7 +201,7 @@ subtract(#wx_ref{type=ThisT,ref=ThisRef},X,Y,W,H)
   wxe_util:call(?wxRegion_Subtract_4,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI,W:32/?UI,H:32/?UI>>).
 
-%% @spec (This::wxRegion(), Pt::{X::integer(),Y::integer()}) -> bool()
+%% @spec (This::wxRegion(), Pt::{X::integer(), Y::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxregion.html#wxregionoffset">external documentation</a>.
 offset(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -224,7 +224,7 @@ offset(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
 %% union(This::wxRegion(), Region::wxRegion() | wxBitmap:wxBitmap()) -> bool() </c>
 %% </p>
 %% <p><c>
-%% union(This::wxRegion(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> bool() </c>
+%% union(This::wxRegion(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> bool() </c>
 %% </p>
 union(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=RegionT,ref=RegionRef}) ->
   ?CLASS(ThisT,wxRegion),
@@ -276,7 +276,7 @@ union(#wx_ref{type=ThisT,ref=ThisRef},X,Y,W,H)
 %% 'Xor'(This::wxRegion(), Region::wxRegion()) -> bool() </c>
 %% </p>
 %% <p><c>
-%% 'Xor'(This::wxRegion(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> bool() </c>
+%% 'Xor'(This::wxRegion(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> bool() </c>
 %% </p>
 'Xor'(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=RegionT,ref=RegionRef}) ->
   ?CLASS(ThisT,wxRegion),
diff --git a/lib/wx/src/gen/wxSashEvent.erl b/lib/wx/src/gen/wxSashEvent.erl
index 480e241807..f9c58a04b1 100644
--- a/lib/wx/src/gen/wxSashEvent.erl
+++ b/lib/wx/src/gen/wxSashEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -54,7 +54,7 @@ getEdge(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxSashEvent_GetEdge,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxSashEvent()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxSashEvent()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsashevent.html#wxsasheventgetdragrect">external documentation</a>.
 getDragRect(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSashEvent),
diff --git a/lib/wx/src/gen/wxSashLayoutWindow.erl b/lib/wx/src/gen/wxSashLayoutWindow.erl
index 9bc5a185ba..eb8eb38011 100644
--- a/lib/wx/src/gen/wxSashLayoutWindow.erl
+++ b/lib/wx/src/gen/wxSashLayoutWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,7 +93,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxSashLayoutWindow()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsashlayoutwindow.html#wxsashlayoutwindowwxsashlayoutwindow">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -114,7 +114,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxSashLayoutWindow(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsashlayoutwindow.html#wxsashlayoutwindowcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -157,7 +157,7 @@ setAlignment(#wx_ref{type=ThisT,ref=ThisRef},Align)
   wxe_util:cast(?wxSashLayoutWindow_SetAlignment,
   <<ThisRef:32/?UI,Align:32/?UI>>).
 
-%% @spec (This::wxSashLayoutWindow(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxSashLayoutWindow(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsashlayoutwindow.html#wxsashlayoutwindowsetdefaultsize">external documentation</a>.
 setDefaultSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxSashWindow.erl b/lib/wx/src/gen/wxSashWindow.erl
index 49fb82f828..698cfb8fb6 100644
--- a/lib/wx/src/gen/wxSashWindow.erl
+++ b/lib/wx/src/gen/wxSashWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -88,7 +88,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxSashWindow()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsashwindow.html#wxsashwindowwxsashwindow">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxScrollBar.erl b/lib/wx/src/gen/wxScrollBar.erl
index 41ca8d867f..5c7890009f 100644
--- a/lib/wx/src/gen/wxScrollBar.erl
+++ b/lib/wx/src/gen/wxScrollBar.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxScrollBar()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrollbar.html#wxscrollbarwxscrollbar">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -110,7 +110,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxScrollBar(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrollbar.html#wxscrollbarcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxScrolledWindow.erl b/lib/wx/src/gen/wxScrolledWindow.erl
index a6f813d1a2..0693a79760 100644
--- a/lib/wx/src/gen/wxScrolledWindow.erl
+++ b/lib/wx/src/gen/wxScrolledWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -91,7 +91,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxScrolledWindow()
-%% Option = {winid, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {winid, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrolledwindow.html#wxscrolledwindowwxscrolledwindow">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -105,7 +105,7 @@ new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
   wxe_util:construct(?wxScrolledWindow_new_2,
   <<ParentRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxScrolledWindow(), Pt::{X::integer(),Y::integer()}) -> {X::integer(),Y::integer()}
+%% @spec (This::wxScrolledWindow(), Pt::{X::integer(), Y::integer()}) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrolledwindow.html#wxscrolledwindowcalcscrolledposition">external documentation</a>.
 calcScrolledPosition(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -113,7 +113,7 @@ calcScrolledPosition(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
   wxe_util:call(?wxScrolledWindow_CalcScrolledPosition_1,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxScrolledWindow(), X::integer(), Y::integer()) -> {Xx::integer(),Yy::integer()}
+%% @spec (This::wxScrolledWindow(), X::integer(), Y::integer()) -> {Xx::integer(), Yy::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrolledwindow.html#wxscrolledwindowcalcscrolledposition">external documentation</a>.
 calcScrolledPosition(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
  when is_integer(X),is_integer(Y) ->
@@ -121,7 +121,7 @@ calcScrolledPosition(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
   wxe_util:call(?wxScrolledWindow_CalcScrolledPosition_4,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI>>).
 
-%% @spec (This::wxScrolledWindow(), Pt::{X::integer(),Y::integer()}) -> {X::integer(),Y::integer()}
+%% @spec (This::wxScrolledWindow(), Pt::{X::integer(), Y::integer()}) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrolledwindow.html#wxscrolledwindowcalcunscrolledposition">external documentation</a>.
 calcUnscrolledPosition(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -129,7 +129,7 @@ calcUnscrolledPosition(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
   wxe_util:call(?wxScrolledWindow_CalcUnscrolledPosition_1,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxScrolledWindow(), X::integer(), Y::integer()) -> {Xx::integer(),Yy::integer()}
+%% @spec (This::wxScrolledWindow(), X::integer(), Y::integer()) -> {Xx::integer(), Yy::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrolledwindow.html#wxscrolledwindowcalcunscrolledposition">external documentation</a>.
 calcUnscrolledPosition(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
  when is_integer(X),is_integer(Y) ->
@@ -145,14 +145,14 @@ enableScrolling(#wx_ref{type=ThisT,ref=ThisRef},X_scrolling,Y_scrolling)
   wxe_util:cast(?wxScrolledWindow_EnableScrolling,
   <<ThisRef:32/?UI,(wxe_util:from_bool(X_scrolling)):32/?UI,(wxe_util:from_bool(Y_scrolling)):32/?UI>>).
 
-%% @spec (This::wxScrolledWindow()) -> {PixelsPerUnitX::integer(),PixelsPerUnitY::integer()}
+%% @spec (This::wxScrolledWindow()) -> {PixelsPerUnitX::integer(), PixelsPerUnitY::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrolledwindow.html#wxscrolledwindowgetscrollpixelsperunit">external documentation</a>.
 getScrollPixelsPerUnit(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxScrolledWindow),
   wxe_util:call(?wxScrolledWindow_GetScrollPixelsPerUnit,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxScrolledWindow()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxScrolledWindow()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxscrolledwindow.html#wxscrolledwindowgetviewstart">external documentation</a>.
 getViewStart(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxScrolledWindow),
diff --git a/lib/wx/src/gen/wxSingleChoiceDialog.erl b/lib/wx/src/gen/wxSingleChoiceDialog.erl
index 16e0c3d8ce..e2b835917e 100644
--- a/lib/wx/src/gen/wxSingleChoiceDialog.erl
+++ b/lib/wx/src/gen/wxSingleChoiceDialog.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -97,7 +97,7 @@ new(Parent,Message,Caption,Choices)
   new(Parent,Message,Caption,Choices, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Message::string(), Caption::string(), Choices::[[string()]], [Option]) -> wxSingleChoiceDialog()
-%% Option = {style, integer()} | {pos, {X::integer(),Y::integer()}}
+%% Option = {style, integer()} | {pos, {X::integer(), Y::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsinglechoicedialog.html#wxsinglechoicedialogwxsinglechoicedialog">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Message,Caption,Choices, Options)
  when is_list(Message),is_list(Caption),is_list(Choices),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxSizeEvent.erl b/lib/wx/src/gen/wxSizeEvent.erl
index 9e7619ebbd..0898f4aed9 100644
--- a/lib/wx/src/gen/wxSizeEvent.erl
+++ b/lib/wx/src/gen/wxSizeEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,7 +41,7 @@
 parent_class(wxEvent) -> true;
 parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
 
-%% @spec (This::wxSizeEvent()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizeEvent()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeevent.html#wxsizeeventgetsize">external documentation</a>.
 getSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizeEvent),
diff --git a/lib/wx/src/gen/wxSizer.erl b/lib/wx/src/gen/wxSizer.erl
index e9b83a7333..0f1a92f379 100644
--- a/lib/wx/src/gen/wxSizer.erl
+++ b/lib/wx/src/gen/wxSizer.erl
@@ -132,7 +132,7 @@ addStretchSpacer(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:call(?wxSizer_AddStretchSpacer,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxSizer()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizer()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizer.html#wxsizercalcmin">external documentation</a>.
 calcMin(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizer),
@@ -182,7 +182,7 @@ detach(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef}) ->
   wxe_util:call(WindowOP,
   <<ThisRef:32/?UI,WindowRef:32/?UI>>).
 
-%% @spec (This::wxSizer(), Window::wxWindow:wxWindow()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizer(), Window::wxWindow:wxWindow()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizer.html#wxsizerfit">external documentation</a>.
 fit(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef}) ->
   ?CLASS(ThisT,wxSizer),
@@ -241,21 +241,21 @@ getItem(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=WindowT,ref=WindowRef}, Opt
   wxe_util:call(WindowOP,
   <<ThisRef:32/?UI,WindowRef:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxSizer()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizer()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizer.html#wxsizergetsize">external documentation</a>.
 getSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizer),
   wxe_util:call(?wxSizer_GetSize,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxSizer()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxSizer()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizer.html#wxsizergetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizer),
   wxe_util:call(?wxSizer_GetPosition,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxSizer()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizer()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizer.html#wxsizergetminsize">external documentation</a>.
 getMinSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizer),
@@ -596,7 +596,7 @@ setDimension(#wx_ref{type=ThisT,ref=ThisRef},X,Y,Width,Height)
   wxe_util:cast(?wxSizer_SetDimension,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI,Width:32/?UI,Height:32/?UI>>).
 
-%% @spec (This::wxSizer(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxSizer(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizer.html#wxsizersetminsize">external documentation</a>.
 setMinSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -612,14 +612,14 @@ setMinSize(#wx_ref{type=ThisT,ref=ThisRef},Width,Height)
   wxe_util:cast(?wxSizer_SetMinSize_2,
   <<ThisRef:32/?UI,Width:32/?UI,Height:32/?UI>>).
 
-%% @spec (This::wxSizer(),X::integer()|term(),Size::{W::integer(),H::integer()}) -> bool()
+%% @spec (This::wxSizer(),X::integer()|term(),Size::{W::integer(), H::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizer.html#wxsizersetitemminsize">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% setItemMinSize(This::wxSizer(), Index::integer(), Size::{W::integer(),H::integer()}) -> bool() </c>
+%% setItemMinSize(This::wxSizer(), Index::integer(), Size::{W::integer(), H::integer()}) -> bool() </c>
 %% </p>
 %% <p><c>
-%% setItemMinSize(This::wxSizer(), Window::wxWindow:wxWindow() | wxSizer(), Size::{W::integer(),H::integer()}) -> bool() </c>
+%% setItemMinSize(This::wxSizer(), Window::wxWindow:wxWindow() | wxSizer(), Size::{W::integer(), H::integer()}) -> bool() </c>
 %% </p>
 setItemMinSize(#wx_ref{type=ThisT,ref=ThisRef},Index,{SizeW,SizeH})
  when is_integer(Index),is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxSizerItem.erl b/lib/wx/src/gen/wxSizerItem.erl
index 1e9f05d53c..41cb86eae2 100644
--- a/lib/wx/src/gen/wxSizerItem.erl
+++ b/lib/wx/src/gen/wxSizerItem.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ new(Width,Height,Proportion,Flag,Border,#wx_ref{type=UserDataT,ref=UserDataRef})
   wxe_util:construct(?wxSizerItem_new_6,
   <<Width:32/?UI,Height:32/?UI,Proportion:32/?UI,Flag:32/?UI,Border:32/?UI,UserDataRef:32/?UI>>).
 
-%% @spec (This::wxSizerItem()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizerItem()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemcalcmin">external documentation</a>.
 calcMin(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizerItem),
@@ -124,14 +124,14 @@ getFlag(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxSizerItem_GetFlag,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxSizerItem()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizerItem()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemgetminsize">external documentation</a>.
 getMinSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizerItem),
   wxe_util:call(?wxSizerItem_GetMinSize,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxSizerItem()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxSizerItem()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizerItem),
@@ -152,14 +152,14 @@ getRatio(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxSizerItem_GetRatio,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxSizerItem()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxSizerItem()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemgetrect">external documentation</a>.
 getRect(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizerItem),
   wxe_util:call(?wxSizerItem_GetRect,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxSizerItem()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizerItem()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemgetsize">external documentation</a>.
 getSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizerItem),
@@ -173,7 +173,7 @@ getSizer(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxSizerItem_GetSizer,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxSizerItem()) -> {W::integer(),H::integer()}
+%% @spec (This::wxSizerItem()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemgetspacer">external documentation</a>.
 getSpacer(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxSizerItem),
@@ -230,7 +230,7 @@ setBorder(#wx_ref{type=ThisT,ref=ThisRef},Border)
   wxe_util:cast(?wxSizerItem_SetBorder,
   <<ThisRef:32/?UI,Border:32/?UI>>).
 
-%% @spec (This::wxSizerItem(), Pos::{X::integer(),Y::integer()}, Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxSizerItem(), Pos::{X::integer(), Y::integer()}, Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemsetdimension">external documentation</a>.
 setDimension(#wx_ref{type=ThisT,ref=ThisRef},{PosX,PosY},{SizeW,SizeH})
  when is_integer(PosX),is_integer(PosY),is_integer(SizeW),is_integer(SizeH) ->
@@ -254,7 +254,7 @@ setInitSize(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
   wxe_util:cast(?wxSizerItem_SetInitSize,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI>>).
 
-%% @spec (This::wxSizerItem(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxSizerItem(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemsetminsize">external documentation</a>.
 setMinSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -285,7 +285,7 @@ setProportion(#wx_ref{type=ThisT,ref=ThisRef},Proportion)
 %% setRatio(This::wxSizerItem(), Ratio::float()) -> ok </c>
 %% </p>
 %% <p><c>
-%% setRatio(This::wxSizerItem(), Size::{W::integer(),H::integer()}) -> ok </c>
+%% setRatio(This::wxSizerItem(), Size::{W::integer(), H::integer()}) -> ok </c>
 %% </p>
 setRatio(#wx_ref{type=ThisT,ref=ThisRef},Ratio)
  when is_float(Ratio) ->
@@ -314,7 +314,7 @@ setSizer(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=SizerT,ref=SizerRef}) ->
   wxe_util:cast(?wxSizerItem_SetSizer,
   <<ThisRef:32/?UI,SizerRef:32/?UI>>).
 
-%% @spec (This::wxSizerItem(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxSizerItem(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsizeritem.html#wxsizeritemsetspacer">external documentation</a>.
 setSpacer(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxSlider.erl b/lib/wx/src/gen/wxSlider.erl
index c70f127a5b..c7a3d6f5c0 100644
--- a/lib/wx/src/gen/wxSlider.erl
+++ b/lib/wx/src/gen/wxSlider.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -90,7 +90,7 @@ new(Parent,Id,Value,MinValue,MaxValue)
   new(Parent,Id,Value,MinValue,MaxValue, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Value::integer(), MinValue::integer(), MaxValue::integer(), [Option]) -> wxSlider()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxslider.html#wxsliderwxslider">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Value,MinValue,MaxValue, Options)
  when is_integer(Id),is_integer(Value),is_integer(MinValue),is_integer(MaxValue),is_list(Options) ->
@@ -111,7 +111,7 @@ create(This,Parent,Id,Value,MinValue,MaxValue)
   create(This,Parent,Id,Value,MinValue,MaxValue, []).
 
 %% @spec (This::wxSlider(), Parent::wxWindow:wxWindow(), Id::integer(), Value::integer(), MinValue::integer(), MaxValue::integer(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxslider.html#wxslidercreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Value,MinValue,MaxValue, Options)
  when is_integer(Id),is_integer(Value),is_integer(MinValue),is_integer(MaxValue),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxSpinButton.erl b/lib/wx/src/gen/wxSpinButton.erl
index 027699e295..e269dbe329 100644
--- a/lib/wx/src/gen/wxSpinButton.erl
+++ b/lib/wx/src/gen/wxSpinButton.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxSpinButton()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxspinbutton.html#wxspinbuttonwxspinbutton">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -110,7 +110,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxSpinButton(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxspinbutton.html#wxspinbuttoncreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxSpinCtrl.erl b/lib/wx/src/gen/wxSpinCtrl.erl
index 6b77376b40..c6e8ad2238 100644
--- a/lib/wx/src/gen/wxSpinCtrl.erl
+++ b/lib/wx/src/gen/wxSpinCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxSpinCtrl()
-%% Option = {id, integer()} | {value, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {min, integer()} | {max, integer()} | {initial, integer()}
+%% Option = {id, integer()} | {value, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {min, integer()} | {max, integer()} | {initial, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxspinctrl.html#wxspinctrlwxspinctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -114,7 +114,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxSpinCtrl(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {value, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {min, integer()} | {max, integer()} | {initial, integer()}
+%% Option = {id, integer()} | {value, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {min, integer()} | {max, integer()} | {initial, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxspinctrl.html#wxspinctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxSplashScreen.erl b/lib/wx/src/gen/wxSplashScreen.erl
index 8806d07018..79ef8e413a 100644
--- a/lib/wx/src/gen/wxSplashScreen.erl
+++ b/lib/wx/src/gen/wxSplashScreen.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -100,7 +100,7 @@ new(Bitmap,SplashStyle,Milliseconds,Parent,Id)
   new(Bitmap,SplashStyle,Milliseconds,Parent,Id, []).
 
 %% @spec (Bitmap::wxBitmap:wxBitmap(), SplashStyle::integer(), Milliseconds::integer(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxSplashScreen()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsplashscreen.html#wxsplashscreenwxsplashscreen">external documentation</a>.
 new(#wx_ref{type=BitmapT,ref=BitmapRef},SplashStyle,Milliseconds,#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(SplashStyle),is_integer(Milliseconds),is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxSplitterWindow.erl b/lib/wx/src/gen/wxSplitterWindow.erl
index 9e27be7475..b17fed3151 100644
--- a/lib/wx/src/gen/wxSplitterWindow.erl
+++ b/lib/wx/src/gen/wxSplitterWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -91,7 +91,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxSplitterWindow()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsplitterwindow.html#wxsplitterwindowwxsplitterwindow">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -112,7 +112,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxSplitterWindow(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsplitterwindow.html#wxsplitterwindowcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxStaticBitmap.erl b/lib/wx/src/gen/wxStaticBitmap.erl
index 6fbc59236d..31e39b3a6c 100644
--- a/lib/wx/src/gen/wxStaticBitmap.erl
+++ b/lib/wx/src/gen/wxStaticBitmap.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -88,7 +88,7 @@ new(Parent,Id,Label)
   new(Parent,Id,Label, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Label::wxBitmap:wxBitmap(), [Option]) -> wxStaticBitmap()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstaticbitmap.html#wxstaticbitmapwxstaticbitmap">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,#wx_ref{type=LabelT,ref=LabelRef}, Options)
  when is_integer(Id),is_list(Options) ->
@@ -109,7 +109,7 @@ create(This,Parent,Id,Label)
   create(This,Parent,Id,Label, []).
 
 %% @spec (This::wxStaticBitmap(), Parent::wxWindow:wxWindow(), Id::integer(), Label::wxBitmap:wxBitmap(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstaticbitmap.html#wxstaticbitmapcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,#wx_ref{type=LabelT,ref=LabelRef}, Options)
  when is_integer(Id),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxStaticBox.erl b/lib/wx/src/gen/wxStaticBox.erl
index ad54184867..ec83ff5fd9 100644
--- a/lib/wx/src/gen/wxStaticBox.erl
+++ b/lib/wx/src/gen/wxStaticBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -88,7 +88,7 @@ new(Parent,Id,Label)
   new(Parent,Id,Label, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> wxStaticBox()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstaticbox.html#wxstaticboxwxstaticbox">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
@@ -109,7 +109,7 @@ create(This,Parent,Id,Label)
   create(This,Parent,Id,Label, []).
 
 %% @spec (This::wxStaticBox(), Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstaticbox.html#wxstaticboxcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxStaticLine.erl b/lib/wx/src/gen/wxStaticLine.erl
index e3a1bedbdc..a850065ba0 100644
--- a/lib/wx/src/gen/wxStaticLine.erl
+++ b/lib/wx/src/gen/wxStaticLine.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxStaticLine()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstaticline.html#wxstaticlinewxstaticline">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -110,7 +110,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxStaticLine(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstaticline.html#wxstaticlinecreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
diff --git a/lib/wx/src/gen/wxStaticText.erl b/lib/wx/src/gen/wxStaticText.erl
index 46c73a5998..301999d49a 100644
--- a/lib/wx/src/gen/wxStaticText.erl
+++ b/lib/wx/src/gen/wxStaticText.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -88,7 +88,7 @@ new(Parent,Id,Label)
   new(Parent,Id,Label, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> wxStaticText()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstatictext.html#wxstatictextwxstatictext">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
@@ -109,7 +109,7 @@ create(This,Parent,Id,Label)
   create(This,Parent,Id,Label, []).
 
 %% @spec (This::wxStaticText(), Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstatictext.html#wxstatictextcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxStatusBar.erl b/lib/wx/src/gen/wxStatusBar.erl
index 52467117d7..6e77761f1d 100644
--- a/lib/wx/src/gen/wxStatusBar.erl
+++ b/lib/wx/src/gen/wxStatusBar.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -121,7 +121,7 @@ create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Opti
   wxe_util:call(?wxStatusBar_Create,
   <<ThisRef:32/?UI,ParentRef:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxStatusBar(), I::integer(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> bool()
+%% @spec (This::wxStatusBar(), I::integer(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> bool()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstatusbar.html#wxstatusbargetfieldrect">external documentation</a>.
 getFieldRect(#wx_ref{type=ThisT,ref=ThisRef},I,{RectX,RectY,RectW,RectH})
  when is_integer(I),is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
diff --git a/lib/wx/src/gen/wxStyledTextCtrl.erl b/lib/wx/src/gen/wxStyledTextCtrl.erl
index 71d1bd0d53..61f0e5afef 100644
--- a/lib/wx/src/gen/wxStyledTextCtrl.erl
+++ b/lib/wx/src/gen/wxStyledTextCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -190,7 +190,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxStyledTextCtrl()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstyledtextctrl.html#wxstyledtextctrlwxstyledtextctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -211,7 +211,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxStyledTextCtrl(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstyledtextctrl.html#wxstyledtextctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -385,7 +385,7 @@ setViewWhiteSpace(#wx_ref{type=ThisT,ref=ThisRef},ViewWS)
   wxe_util:cast(?wxStyledTextCtrl_SetViewWhiteSpace,
   <<ThisRef:32/?UI,ViewWS:32/?UI>>).
 
-%% @spec (This::wxStyledTextCtrl(), Pt::{X::integer(),Y::integer()}) -> integer()
+%% @spec (This::wxStyledTextCtrl(), Pt::{X::integer(), Y::integer()}) -> integer()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstyledtextctrl.html#wxstyledtextctrlpositionfrompoint">external documentation</a>.
 positionFromPoint(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -425,7 +425,7 @@ setAnchor(#wx_ref{type=ThisT,ref=ThisRef},PosAnchor)
   wxe_util:cast(?wxStyledTextCtrl_SetAnchor,
   <<ThisRef:32/?UI,PosAnchor:32/?UI>>).
 
-%% @spec (This::wxStyledTextCtrl()) -> {string(),LinePos::integer()}
+%% @spec (This::wxStyledTextCtrl()) -> {string(), LinePos::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstyledtextctrl.html#wxstyledtextctrlgetcurline">external documentation</a>.
 getCurLine(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxStyledTextCtrl),
@@ -1454,7 +1454,7 @@ findText(#wx_ref{type=ThisT,ref=ThisRef},MinPos,MaxPos,Text, Options)
   wxe_util:call(?wxStyledTextCtrl_FindText,
   <<ThisRef:32/?UI,MinPos:32/?UI,MaxPos:32/?UI,(byte_size(Text_UC)):32/?UI,(Text_UC)/binary, 0:(((8- ((0+byte_size(Text_UC)) band 16#7)) band 16#7))/unit:8, BinOpt/binary>>).
 
-%% @spec (This::wxStyledTextCtrl(), DoDraw::bool(), StartPos::integer(), EndPos::integer(), Draw::wxDC:wxDC(), Target::wxDC:wxDC(), RenderRect::{X::integer(),Y::integer(),W::integer(),H::integer()}, PageRect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> integer()
+%% @spec (This::wxStyledTextCtrl(), DoDraw::bool(), StartPos::integer(), EndPos::integer(), Draw::wxDC:wxDC(), Target::wxDC:wxDC(), RenderRect::{X::integer(), Y::integer(), W::integer(), H::integer()}, PageRect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> integer()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstyledtextctrl.html#wxstyledtextctrlformatrange">external documentation</a>.
 formatRange(#wx_ref{type=ThisT,ref=ThisRef},DoDraw,StartPos,EndPos,#wx_ref{type=DrawT,ref=DrawRef},#wx_ref{type=TargetT,ref=TargetRef},{RenderRectX,RenderRectY,RenderRectW,RenderRectH},{PageRectX,PageRectY,PageRectW,PageRectH})
  when is_boolean(DoDraw),is_integer(StartPos),is_integer(EndPos),is_integer(RenderRectX),is_integer(RenderRectY),is_integer(RenderRectW),is_integer(RenderRectH),is_integer(PageRectX),is_integer(PageRectY),is_integer(PageRectW),is_integer(PageRectH) ->
@@ -3417,14 +3417,14 @@ setMargins(#wx_ref{type=ThisT,ref=ThisRef},Left,Right)
   wxe_util:cast(?wxStyledTextCtrl_SetMargins,
   <<ThisRef:32/?UI,Left:32/?UI,Right:32/?UI>>).
 
-%% @spec (This::wxStyledTextCtrl()) -> {StartPos::integer(),EndPos::integer()}
+%% @spec (This::wxStyledTextCtrl()) -> {StartPos::integer(), EndPos::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstyledtextctrl.html#wxstyledtextctrlgetselection">external documentation</a>.
 getSelection(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxStyledTextCtrl),
   wxe_util:call(?wxStyledTextCtrl_GetSelection,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxStyledTextCtrl(), Pos::integer()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxStyledTextCtrl(), Pos::integer()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstyledtextctrl.html#wxstyledtextctrlpointfromposition">external documentation</a>.
 pointFromPosition(#wx_ref{type=ThisT,ref=ThisRef},Pos)
  when is_integer(Pos) ->
@@ -3562,7 +3562,7 @@ insertTextRaw(#wx_ref{type=ThisT,ref=ThisRef},Pos,Text)
   wxe_util:cast(?wxStyledTextCtrl_InsertTextRaw,
   <<ThisRef:32/?UI,Pos:32/?UI>>).
 
-%% @spec (This::wxStyledTextCtrl()) -> {binary(),LinePos::integer()}
+%% @spec (This::wxStyledTextCtrl()) -> {binary(), LinePos::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxstyledtextctrl.html#wxstyledtextctrlgetcurlineraw">external documentation</a>.
 getCurLineRaw(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxStyledTextCtrl),
diff --git a/lib/wx/src/gen/wxSystemOptions.erl b/lib/wx/src/gen/wxSystemOptions.erl
new file mode 100644
index 0000000000..d5e504632b
--- /dev/null
+++ b/lib/wx/src/gen/wxSystemOptions.erl
@@ -0,0 +1,87 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%% This file is generated DO NOT EDIT
+
+%% @doc See external documentation: <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsystemoptions.html">wxSystemOptions</a>.
+%% @type wxSystemOptions().  An object reference, The representation is internal
+%% and can be changed without notice. It can't be used for comparsion
+%% stored on disc or distributed for use on other nodes.
+
+-module(wxSystemOptions).
+-include("wxe.hrl").
+-export([getOption/1,getOptionInt/1,hasOption/1,isFalse/1,setOption/2]).
+
+%% inherited exports
+-export([parent_class/1]).
+
+%% @hidden
+parent_class(_Class) -> erlang:error({badtype, ?MODULE}).
+
+%% @spec (Name::string()) -> string()
+%% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsystemoptions.html#wxsystemoptionsgetoption">external documentation</a>.
+getOption(Name)
+ when is_list(Name) ->
+  Name_UC = unicode:characters_to_binary([Name,0]),
+  wxe_util:call(?wxSystemOptions_GetOption,
+  <<(byte_size(Name_UC)):32/?UI,(Name_UC)/binary, 0:(((8- ((4+byte_size(Name_UC)) band 16#7)) band 16#7))/unit:8>>).
+
+%% @spec (Name::string()) -> integer()
+%% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsystemoptions.html#wxsystemoptionsgetoptionint">external documentation</a>.
+getOptionInt(Name)
+ when is_list(Name) ->
+  Name_UC = unicode:characters_to_binary([Name,0]),
+  wxe_util:call(?wxSystemOptions_GetOptionInt,
+  <<(byte_size(Name_UC)):32/?UI,(Name_UC)/binary, 0:(((8- ((4+byte_size(Name_UC)) band 16#7)) band 16#7))/unit:8>>).
+
+%% @spec (Name::string()) -> bool()
+%% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsystemoptions.html#wxsystemoptionshasoption">external documentation</a>.
+hasOption(Name)
+ when is_list(Name) ->
+  Name_UC = unicode:characters_to_binary([Name,0]),
+  wxe_util:call(?wxSystemOptions_HasOption,
+  <<(byte_size(Name_UC)):32/?UI,(Name_UC)/binary, 0:(((8- ((4+byte_size(Name_UC)) band 16#7)) band 16#7))/unit:8>>).
+
+%% @spec (Name::string()) -> bool()
+%% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsystemoptions.html#wxsystemoptionsisfalse">external documentation</a>.
+isFalse(Name)
+ when is_list(Name) ->
+  Name_UC = unicode:characters_to_binary([Name,0]),
+  wxe_util:call(?wxSystemOptions_IsFalse,
+  <<(byte_size(Name_UC)):32/?UI,(Name_UC)/binary, 0:(((8- ((4+byte_size(Name_UC)) band 16#7)) band 16#7))/unit:8>>).
+
+%% @spec (Name::string(),X::integer()|string()) -> ok
+%% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxsystemoptions.html#wxsystemoptionssetoption">external documentation</a>.
+%% <br /> Alternatives:
+%% <p><c>
+%% setOption(Name::string(), Value::integer()) -> ok </c>
+%% </p>
+%% <p><c>
+%% setOption(Name::string(), Value::string()) -> ok </c>
+%% </p>
+setOption(Name,Value)
+ when is_list(Name),is_integer(Value) ->
+  Name_UC = unicode:characters_to_binary([Name,0]),
+  wxe_util:cast(?wxSystemOptions_SetOption_2_0,
+  <<(byte_size(Name_UC)):32/?UI,(Name_UC)/binary, 0:(((8- ((4+byte_size(Name_UC)) band 16#7)) band 16#7))/unit:8,Value:32/?UI>>);
+setOption(Name,Value)
+ when is_list(Name),is_list(Value) ->
+  Name_UC = unicode:characters_to_binary([Name,0]),
+  Value_UC = unicode:characters_to_binary([Value,0]),
+  wxe_util:cast(?wxSystemOptions_SetOption_2_1,
+  <<(byte_size(Name_UC)):32/?UI,(Name_UC)/binary, 0:(((8- ((4+byte_size(Name_UC)) band 16#7)) band 16#7))/unit:8,(byte_size(Value_UC)):32/?UI,(Value_UC)/binary, 0:(((8- ((4+byte_size(Value_UC)) band 16#7)) band 16#7))/unit:8>>).
+
diff --git a/lib/wx/src/gen/wxTextCtrl.erl b/lib/wx/src/gen/wxTextCtrl.erl
index b4af23bdd9..b32f45b83b 100644
--- a/lib/wx/src/gen/wxTextCtrl.erl
+++ b/lib/wx/src/gen/wxTextCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -96,7 +96,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxTextCtrl()
-%% Option = {value, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {value, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtextctrl.html#wxtextctrlwxtextctrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -176,7 +176,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxTextCtrl(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {value, string()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {value, string()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtextctrl.html#wxtextctrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -266,7 +266,7 @@ getRange(#wx_ref{type=ThisT,ref=ThisRef},From,To)
   wxe_util:call(?wxTextCtrl_GetRange,
   <<ThisRef:32/?UI,From:32/?UI,To:32/?UI>>).
 
-%% @spec (This::wxTextCtrl()) -> {From::integer(),To::integer()}
+%% @spec (This::wxTextCtrl()) -> {From::integer(), To::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtextctrl.html#wxtextctrlgetselection">external documentation</a>.
 getSelection(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxTextCtrl),
@@ -357,7 +357,7 @@ paste(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:cast(?wxTextCtrl_Paste,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxTextCtrl(), Pos::integer()) -> {bool(),X::integer(),Y::integer()}
+%% @spec (This::wxTextCtrl(), Pos::integer()) -> {bool(), X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtextctrl.html#wxtextctrlpositiontoxy">external documentation</a>.
 positionToXY(#wx_ref{type=ThisT,ref=ThisRef},Pos)
  when is_integer(Pos) ->
diff --git a/lib/wx/src/gen/wxTextEntryDialog.erl b/lib/wx/src/gen/wxTextEntryDialog.erl
index a30c32dd53..53694a47e6 100644
--- a/lib/wx/src/gen/wxTextEntryDialog.erl
+++ b/lib/wx/src/gen/wxTextEntryDialog.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -91,7 +91,7 @@ new(Parent,Message)
   new(Parent,Message, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Message::string(), [Option]) -> wxTextEntryDialog()
-%% Option = {caption, string()} | {value, string()} | {style, integer()} | {pos, {X::integer(),Y::integer()}}
+%% Option = {caption, string()} | {value, string()} | {style, integer()} | {pos, {X::integer(), Y::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtextentrydialog.html#wxtextentrydialogwxtextentrydialog">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Message, Options)
  when is_list(Message),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxToggleButton.erl b/lib/wx/src/gen/wxToggleButton.erl
index ab595c1906..d7755cc50b 100644
--- a/lib/wx/src/gen/wxToggleButton.erl
+++ b/lib/wx/src/gen/wxToggleButton.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -88,7 +88,7 @@ new(Parent,Id,Label)
   new(Parent,Id,Label, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> wxToggleButton()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtogglebutton.html#wxtogglebuttonwxtogglebutton">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
@@ -110,7 +110,7 @@ create(This,Parent,Id,Label)
   create(This,Parent,Id,Label, []).
 
 %% @spec (This::wxToggleButton(), Parent::wxWindow:wxWindow(), Id::integer(), Label::string(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtogglebutton.html#wxtogglebuttoncreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id,Label, Options)
  when is_integer(Id),is_list(Label),is_list(Options) ->
diff --git a/lib/wx/src/gen/wxToolBar.erl b/lib/wx/src/gen/wxToolBar.erl
index c68936d493..59369368f0 100644
--- a/lib/wx/src/gen/wxToolBar.erl
+++ b/lib/wx/src/gen/wxToolBar.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -327,21 +327,21 @@ findToolForPosition(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
   wxe_util:call(?wxToolBar_FindToolForPosition,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI>>).
 
-%% @spec (This::wxToolBar()) -> {W::integer(),H::integer()}
+%% @spec (This::wxToolBar()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtoolbar.html#wxtoolbargettoolsize">external documentation</a>.
 getToolSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxToolBar),
   wxe_util:call(?wxToolBar_GetToolSize,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxToolBar()) -> {W::integer(),H::integer()}
+%% @spec (This::wxToolBar()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtoolbar.html#wxtoolbargettoolbitmapsize">external documentation</a>.
 getToolBitmapSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxToolBar),
   wxe_util:call(?wxToolBar_GetToolBitmapSize,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxToolBar()) -> {W::integer(),H::integer()}
+%% @spec (This::wxToolBar()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtoolbar.html#wxtoolbargetmargins">external documentation</a>.
 getMargins(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxToolBar),
@@ -504,7 +504,7 @@ setMargins(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
   wxe_util:cast(?wxToolBar_SetMargins,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI>>).
 
-%% @spec (This::wxToolBar(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxToolBar(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtoolbar.html#wxtoolbarsettoolbitmapsize">external documentation</a>.
 setToolBitmapSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxToolbook.erl b/lib/wx/src/gen/wxToolbook.erl
index 4d188e979d..764f66c2e5 100644
--- a/lib/wx/src/gen/wxToolbook.erl
+++ b/lib/wx/src/gen/wxToolbook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -93,7 +93,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxToolbook()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtoolbook.html#wxtoolbookwxtoolbook">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -160,7 +160,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxToolbook(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtoolbook.html#wxtoolbookcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -249,7 +249,7 @@ getSelection(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxToolbook_GetSelection,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxToolbook(), Pt::{X::integer(),Y::integer()}) -> {integer(),Flags::integer()}
+%% @spec (This::wxToolbook(), Pt::{X::integer(), Y::integer()}) -> {integer(), Flags::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtoolbook.html#wxtoolbookhittest">external documentation</a>.
 hitTest(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -286,7 +286,7 @@ setImageList(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ImageListT,ref=ImageLi
   wxe_util:cast(?wxToolbook_SetImageList,
   <<ThisRef:32/?UI,ImageListRef:32/?UI>>).
 
-%% @spec (This::wxToolbook(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxToolbook(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtoolbook.html#wxtoolbooksetpagesize">external documentation</a>.
 setPageSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxTreeCtrl.erl b/lib/wx/src/gen/wxTreeCtrl.erl
index e3fe4c9612..77705ec76e 100644
--- a/lib/wx/src/gen/wxTreeCtrl.erl
+++ b/lib/wx/src/gen/wxTreeCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,7 +108,7 @@ new(Parent)
   new(Parent, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), [Option]) -> wxTreeCtrl()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreectrl.html#wxtreectrlwxtreectrl">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -204,7 +204,7 @@ create(This,Parent)
   create(This,Parent, []).
 
 %% @spec (This::wxTreeCtrl(), Parent::wxWindow:wxWindow(), [Option]) -> bool()
-%% Option = {id, integer()} | {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()} | {validator, wx:wx()}
+%% Option = {id, integer()} | {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()} | {validator, wx:wx()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreectrl.html#wxtreectrlcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef}, Options)
  when is_list(Options) ->
@@ -267,13 +267,13 @@ expand(#wx_ref{type=ThisT,ref=ThisRef},Item)
   wxe_util:cast(?wxTreeCtrl_Expand,
   <<ThisRef:32/?UI,0:32,Item:64/?UI>>).
 
-%% @spec (This::wxTreeCtrl(), Item::integer(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> bool()
+%% @spec (This::wxTreeCtrl(), Item::integer(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> bool()
 %% @equiv getBoundingRect(This,Item,Rect, [])
 getBoundingRect(This,Item,Rect={RectX,RectY,RectW,RectH})
  when is_record(This, wx_ref),is_integer(Item),is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
   getBoundingRect(This,Item,Rect, []).
 
-%% @spec (This::wxTreeCtrl(), Item::integer(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, [Option]) -> bool()
+%% @spec (This::wxTreeCtrl(), Item::integer(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, [Option]) -> bool()
 %% Option = {textOnly, bool()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreectrl.html#wxtreectrlgetboundingrect">external documentation</a>.
 getBoundingRect(#wx_ref{type=ThisT,ref=ThisRef},Item,{RectX,RectY,RectW,RectH}, Options)
@@ -317,7 +317,7 @@ getEditControl(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxTreeCtrl_GetEditControl,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxTreeCtrl(), Item::integer()) -> {integer(),Cookie::integer()}
+%% @spec (This::wxTreeCtrl(), Item::integer()) -> {integer(), Cookie::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreectrl.html#wxtreectrlgetfirstchild">external documentation</a>.
 getFirstChild(#wx_ref{type=ThisT,ref=ThisRef},Item)
  when is_integer(Item) ->
@@ -325,7 +325,7 @@ getFirstChild(#wx_ref{type=ThisT,ref=ThisRef},Item)
   wxe_util:call(?wxTreeCtrl_GetFirstChild,
   <<ThisRef:32/?UI,0:32,Item:64/?UI>>).
 
-%% @spec (This::wxTreeCtrl(), Item::integer(), Cookie::integer()) -> {integer(),Cookie::integer()}
+%% @spec (This::wxTreeCtrl(), Item::integer(), Cookie::integer()) -> {integer(), Cookie::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreectrl.html#wxtreectrlgetnextchild">external documentation</a>.
 getNextChild(#wx_ref{type=ThisT,ref=ThisRef},Item,Cookie)
  when is_integer(Item),is_integer(Cookie) ->
@@ -478,7 +478,7 @@ getSelection(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxTreeCtrl_GetSelection,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxTreeCtrl()) -> {integer(),Val::[integer()]}
+%% @spec (This::wxTreeCtrl()) -> {integer(), Val::[integer()]}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreectrl.html#wxtreectrlgetselections">external documentation</a>.
 getSelections(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxTreeCtrl),
@@ -492,7 +492,7 @@ getStateImageList(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxTreeCtrl_GetStateImageList,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxTreeCtrl(), Point::{X::integer(),Y::integer()}) -> integer()
+%% @spec (This::wxTreeCtrl(), Point::{X::integer(), Y::integer()}) -> integer()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreectrl.html#wxtreectrlhittest">external documentation</a>.
 hitTest(#wx_ref{type=ThisT,ref=ThisRef},{PointX,PointY})
  when is_integer(PointX),is_integer(PointY) ->
diff --git a/lib/wx/src/gen/wxTreeEvent.erl b/lib/wx/src/gen/wxTreeEvent.erl
index d5379b7abe..0264d43568 100644
--- a/lib/wx/src/gen/wxTreeEvent.erl
+++ b/lib/wx/src/gen/wxTreeEvent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -83,7 +83,7 @@ getOldItem(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxTreeEvent_GetOldItem,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxTreeEvent()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxTreeEvent()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreeevent.html#wxtreeeventgetpoint">external documentation</a>.
 getPoint(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxTreeEvent),
diff --git a/lib/wx/src/gen/wxTreebook.erl b/lib/wx/src/gen/wxTreebook.erl
index a515ec9639..24f5d72c43 100644
--- a/lib/wx/src/gen/wxTreebook.erl
+++ b/lib/wx/src/gen/wxTreebook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> wxTreebook()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreebook.html#wxtreebookwxtreebook">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -161,7 +161,7 @@ create(This,Parent,Id)
   create(This,Parent,Id, []).
 
 %% @spec (This::wxTreebook(), Parent::wxWindow:wxWindow(), Id::integer(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreebook.html#wxtreebookcreate">external documentation</a>.
 create(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -276,7 +276,7 @@ isNodeExpanded(#wx_ref{type=ThisT,ref=ThisRef},Pos)
   wxe_util:call(?wxTreebook_IsNodeExpanded,
   <<ThisRef:32/?UI,Pos:32/?UI>>).
 
-%% @spec (This::wxTreebook(), Pt::{X::integer(),Y::integer()}) -> {integer(),Flags::integer()}
+%% @spec (This::wxTreebook(), Pt::{X::integer(), Y::integer()}) -> {integer(), Flags::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreebook.html#wxtreebookhittest">external documentation</a>.
 hitTest(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -334,7 +334,7 @@ setImageList(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=ImageListT,ref=ImageLi
   wxe_util:cast(?wxTreebook_SetImageList,
   <<ThisRef:32/?UI,ImageListRef:32/?UI>>).
 
-%% @spec (This::wxTreebook(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxTreebook(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxtreebook.html#wxtreebooksetpagesize">external documentation</a>.
 setPageSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
diff --git a/lib/wx/src/gen/wxWindow.erl b/lib/wx/src/gen/wxWindow.erl
index 031314bfe2..6b57cf508e 100644
--- a/lib/wx/src/gen/wxWindow.erl
+++ b/lib/wx/src/gen/wxWindow.erl
@@ -86,7 +86,7 @@ new(Parent,Id)
   new(Parent,Id, []).
 
 %% @spec (Parent::wxWindow(), Id::integer(), [Option]) -> wxWindow()
-%% Option = {pos, {X::integer(),Y::integer()}} | {size, {W::integer(),H::integer()}} | {style, integer()}
+%% Option = {pos, {X::integer(), Y::integer()}} | {size, {W::integer(), H::integer()}} | {style, integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowwxwindow">external documentation</a>.
 new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
  when is_integer(Id),is_list(Options) ->
@@ -99,7 +99,7 @@ new(#wx_ref{type=ParentT,ref=ParentRef},Id, Options)
   wxe_util:construct(?wxWindow_new_3,
   <<ParentRef:32/?UI,Id:32/?UI, BinOpt/binary>>).
 
-%% @spec (This::wxWindow(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxWindow(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowcachebestsize">external documentation</a>.
 cacheBestSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -193,7 +193,7 @@ clearBackground(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:cast(?wxWindow_ClearBackground,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow(), Pt::{X::integer(),Y::integer()}) -> {X::integer(),Y::integer()}
+%% @spec (This::wxWindow(), Pt::{X::integer(), Y::integer()}) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowclienttoscreen">external documentation</a>.
 clientToScreen(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -201,7 +201,7 @@ clientToScreen(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
   wxe_util:call(?wxWindow_ClientToScreen_1,
   <<ThisRef:32/?UI,PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (This::wxWindow(), X::integer(), Y::integer()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxWindow(), X::integer(), Y::integer()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowclienttoscreen">external documentation</a>.
 clientToScreen(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
  when is_integer(X),is_integer(Y) ->
@@ -227,7 +227,7 @@ close(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:call(?wxWindow_Close,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxWindow(), Sz::{W::integer(),H::integer()}) -> {W::integer(),H::integer()}
+%% @spec (This::wxWindow(), Sz::{W::integer(), H::integer()}) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowconvertdialogtopixels">external documentation</a>.
 convertDialogToPixels(#wx_ref{type=ThisT,ref=ThisRef},{SzW,SzH})
  when is_integer(SzW),is_integer(SzH) ->
@@ -235,7 +235,7 @@ convertDialogToPixels(#wx_ref{type=ThisT,ref=ThisRef},{SzW,SzH})
   wxe_util:call(?wxWindow_ConvertDialogToPixels,
   <<ThisRef:32/?UI,SzW:32/?UI,SzH:32/?UI>>).
 
-%% @spec (This::wxWindow(), Sz::{W::integer(),H::integer()}) -> {W::integer(),H::integer()}
+%% @spec (This::wxWindow(), Sz::{W::integer(), H::integer()}) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowconvertpixelstodialog">external documentation</a>.
 convertPixelsToDialog(#wx_ref{type=ThisT,ref=ThisRef},{SzW,SzH})
  when is_integer(SzW),is_integer(SzH) ->
@@ -406,7 +406,7 @@ getBackgroundStyle(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxWindow_GetBackgroundStyle,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {W::integer(),H::integer()}
+%% @spec (This::wxWindow()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetbestsize">external documentation</a>.
 getBestSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
@@ -447,7 +447,7 @@ getChildren(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxWindow_GetChildren,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {W::integer(),H::integer()}
+%% @spec (This::wxWindow()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetclientsize">external documentation</a>.
 getClientSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
@@ -538,14 +538,14 @@ getLabel(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxWindow_GetLabel,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {W::integer(),H::integer()}
+%% @spec (This::wxWindow()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetmaxsize">external documentation</a>.
 getMaxSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
   wxe_util:call(?wxWindow_GetMaxSize,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {W::integer(),H::integer()}
+%% @spec (This::wxWindow()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetminsize">external documentation</a>.
 getMinSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
@@ -566,28 +566,28 @@ getParent(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxWindow_GetParent,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxWindow()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetposition">external documentation</a>.
 getPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
   wxe_util:call(?wxWindow_GetPosition,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxWindow()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetrect">external documentation</a>.
 getRect(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
   wxe_util:call(?wxWindow_GetRect,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxWindow()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetscreenposition">external documentation</a>.
 getScreenPosition(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
   wxe_util:call(?wxWindow_GetScreenPosition,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {X::integer(),Y::integer(),W::integer(),H::integer()}
+%% @spec (This::wxWindow()) -> {X::integer(), Y::integer(), W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetscreenrect">external documentation</a>.
 getScreenRect(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
@@ -618,7 +618,7 @@ getScrollThumb(#wx_ref{type=ThisT,ref=ThisRef},Orient)
   wxe_util:call(?wxWindow_GetScrollThumb,
   <<ThisRef:32/?UI,Orient:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {W::integer(),H::integer()}
+%% @spec (This::wxWindow()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetsize">external documentation</a>.
 getSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
@@ -632,13 +632,13 @@ getSizer(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxWindow_GetSizer,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow(), String::string()) -> {X::integer(),Y::integer(),Descent::integer(),ExternalLeading::integer()}
+%% @spec (This::wxWindow(), String::string()) -> {X::integer(), Y::integer(), Descent::integer(), ExternalLeading::integer()}
 %% @equiv getTextExtent(This,String, [])
 getTextExtent(This,String)
  when is_record(This, wx_ref),is_list(String) ->
   getTextExtent(This,String, []).
 
-%% @spec (This::wxWindow(), String::string(), [Option]) -> {X::integer(),Y::integer(),Descent::integer(),ExternalLeading::integer()}
+%% @spec (This::wxWindow(), String::string(), [Option]) -> {X::integer(), Y::integer(), Descent::integer(), ExternalLeading::integer()}
 %% Option = {theFont, wxFont:wxFont()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgettextextent">external documentation</a>.
 getTextExtent(#wx_ref{type=ThisT,ref=ThisRef},String, Options)
@@ -665,7 +665,7 @@ getUpdateRegion(#wx_ref{type=ThisT,ref=ThisRef}) ->
   wxe_util:call(?wxWindow_GetUpdateRegion,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {W::integer(),H::integer()}
+%% @spec (This::wxWindow()) -> {W::integer(), H::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowgetvirtualsize">external documentation</a>.
 getVirtualSize(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
@@ -749,10 +749,10 @@ isEnabled(#wx_ref{type=ThisT,ref=ThisRef}) ->
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowisexposed">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% isExposed(This::wxWindow(), Pt::{X::integer(),Y::integer()}) -> bool() </c>
+%% isExposed(This::wxWindow(), Pt::{X::integer(), Y::integer()}) -> bool() </c>
 %% </p>
 %% <p><c>
-%% isExposed(This::wxWindow(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> bool() </c>
+%% isExposed(This::wxWindow(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> bool() </c>
 %% </p>
 isExposed(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -848,7 +848,7 @@ makeModal(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:cast(?wxWindow_MakeModal,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxWindow(), Pt::{X::integer(),Y::integer()}) -> ok
+%% @spec (This::wxWindow(), Pt::{X::integer(), Y::integer()}) -> ok
 %% @equiv move(This,Pt, [])
 move(This,Pt={PtX,PtY})
  when is_record(This, wx_ref),is_integer(PtX),is_integer(PtY) ->
@@ -860,7 +860,7 @@ move(This,Pt={PtX,PtY})
 %% <p><c>
 %% move(This::wxWindow(), X::integer(), Y::integer()) -> move(This,X,Y, []) </c></p>
 %% <p><c>
-%% move(This::wxWindow(), Pt::{X::integer(),Y::integer()}, [Option]) -> ok </c>
+%% move(This::wxWindow(), Pt::{X::integer(), Y::integer()}, [Option]) -> ok </c>
 %%<br /> Option = {flags, integer()}
 %% </p>
 
@@ -961,7 +961,7 @@ popupMenu(This,Menu)
   popupMenu(This,Menu, []).
 
 %% @spec (This::wxWindow(), Menu::wxMenu:wxMenu(), [Option]) -> bool()
-%% Option = {pos, {X::integer(),Y::integer()}}
+%% Option = {pos, {X::integer(), Y::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowpopupmenu">external documentation</a>.
 popupMenu(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=MenuT,ref=MenuRef}, Options)
  when is_list(Options) ->
@@ -996,7 +996,7 @@ refresh(This)
   refresh(This, []).
 
 %% @spec (This::wxWindow(), [Option]) -> ok
-%% Option = {eraseBackground, bool()} | {rect, {X::integer(),Y::integer(),W::integer(),H::integer()}}
+%% Option = {eraseBackground, bool()} | {rect, {X::integer(), Y::integer(), W::integer(), H::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowrefresh">external documentation</a>.
 refresh(#wx_ref{type=ThisT,ref=ThisRef}, Options)
  when is_list(Options) ->
@@ -1008,13 +1008,13 @@ refresh(#wx_ref{type=ThisT,ref=ThisRef}, Options)
   wxe_util:cast(?wxWindow_Refresh,
   <<ThisRef:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxWindow(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> ok
+%% @spec (This::wxWindow(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> ok
 %% @equiv refreshRect(This,Rect, [])
 refreshRect(This,Rect={RectX,RectY,RectW,RectH})
  when is_record(This, wx_ref),is_integer(RectX),is_integer(RectY),is_integer(RectW),is_integer(RectH) ->
   refreshRect(This,Rect, []).
 
-%% @spec (This::wxWindow(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, [Option]) -> ok
+%% @spec (This::wxWindow(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, [Option]) -> ok
 %% Option = {eraseBackground, bool()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowrefreshrect">external documentation</a>.
 refreshRect(#wx_ref{type=ThisT,ref=ThisRef},{RectX,RectY,RectW,RectH}, Options)
@@ -1049,14 +1049,14 @@ reparent(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=NewParentT,ref=NewParentRe
   wxe_util:call(?wxWindow_Reparent,
   <<ThisRef:32/?UI,NewParentRef:32/?UI>>).
 
-%% @spec (This::wxWindow()) -> {X::integer(),Y::integer()}
+%% @spec (This::wxWindow()) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowscreentoclient">external documentation</a>.
 screenToClient(#wx_ref{type=ThisT,ref=ThisRef}) ->
   ?CLASS(ThisT,wxWindow),
   wxe_util:call(?wxWindow_ScreenToClient_2,
   <<ThisRef:32/?UI>>).
 
-%% @spec (This::wxWindow(), Pt::{X::integer(),Y::integer()}) -> {X::integer(),Y::integer()}
+%% @spec (This::wxWindow(), Pt::{X::integer(), Y::integer()}) -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowscreentoclient">external documentation</a>.
 screenToClient(#wx_ref{type=ThisT,ref=ThisRef},{PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
@@ -1087,7 +1087,7 @@ scrollWindow(This,Dx,Dy)
   scrollWindow(This,Dx,Dy, []).
 
 %% @spec (This::wxWindow(), Dx::integer(), Dy::integer(), [Option]) -> ok
-%% Option = {rect, {X::integer(),Y::integer(),W::integer(),H::integer()}}
+%% Option = {rect, {X::integer(), Y::integer(), W::integer(), H::integer()}}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowscrollwindow">external documentation</a>.
 scrollWindow(#wx_ref{type=ThisT,ref=ThisRef},Dx,Dy, Options)
  when is_integer(Dx),is_integer(Dy),is_list(Options) ->
@@ -1184,7 +1184,7 @@ setCursor(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=CursorT,ref=CursorRef}) -
   wxe_util:call(?wxWindow_SetCursor,
   <<ThisRef:32/?UI,CursorRef:32/?UI>>).
 
-%% @spec (This::wxWindow(), MaxSize::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxWindow(), MaxSize::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowsetmaxsize">external documentation</a>.
 setMaxSize(#wx_ref{type=ThisT,ref=ThisRef},{MaxSizeW,MaxSizeH})
  when is_integer(MaxSizeW),is_integer(MaxSizeH) ->
@@ -1192,7 +1192,7 @@ setMaxSize(#wx_ref{type=ThisT,ref=ThisRef},{MaxSizeW,MaxSizeH})
   wxe_util:cast(?wxWindow_SetMaxSize,
   <<ThisRef:32/?UI,MaxSizeW:32/?UI,MaxSizeH:32/?UI>>).
 
-%% @spec (This::wxWindow(), MinSize::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxWindow(), MinSize::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowsetminsize">external documentation</a>.
 setMinSize(#wx_ref{type=ThisT,ref=ThisRef},{MinSizeW,MinSizeH})
  when is_integer(MinSizeW),is_integer(MinSizeH) ->
@@ -1353,9 +1353,9 @@ setScrollPos(#wx_ref{type=ThisT,ref=ThisRef},Orient,Pos, Options)
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowsetsize">external documentation</a>.
 %% <br /> Alternatives:
 %% <p><c>
-%% setSize(This::wxWindow(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}) -> setSize(This,Rect, []) </c></p>
+%% setSize(This::wxWindow(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}) -> setSize(This,Rect, []) </c></p>
 %% <p><c>
-%% setSize(This::wxWindow(), Size::{W::integer(),H::integer()}) -> ok </c>
+%% setSize(This::wxWindow(), Size::{W::integer(), H::integer()}) -> ok </c>
 %% </p>
 
 setSize(This,Rect={RectX,RectY,RectW,RectH})
@@ -1374,7 +1374,7 @@ setSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
 %% setSize(This::wxWindow(), Width::integer(), Height::integer()) -> ok </c>
 %% </p>
 %% <p><c>
-%% setSize(This::wxWindow(), Rect::{X::integer(),Y::integer(),W::integer(),H::integer()}, [Option]) -> ok </c>
+%% setSize(This::wxWindow(), Rect::{X::integer(), Y::integer(), W::integer(), H::integer()}, [Option]) -> ok </c>
 %%<br /> Option = {sizeFlags, integer()}
 %% </p>
 setSize(#wx_ref{type=ThisT,ref=ThisRef},Width,Height)
@@ -1409,7 +1409,7 @@ setSize(#wx_ref{type=ThisT,ref=ThisRef},X,Y,Width,Height, Options)
   wxe_util:cast(?wxWindow_SetSize_5,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI,Width:32/?UI,Height:32/?UI, 0:32,BinOpt/binary>>).
 
-%% @spec (This::wxWindow(), MinSize::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxWindow(), MinSize::{W::integer(), H::integer()}) -> ok
 %% @equiv setSizeHints(This,MinSize, [])
 setSizeHints(This,MinSize={MinSizeW,MinSizeH})
  when is_record(This, wx_ref),is_integer(MinSizeW),is_integer(MinSizeH) ->
@@ -1421,8 +1421,8 @@ setSizeHints(This,MinSize={MinSizeW,MinSizeH})
 %% <p><c>
 %% setSizeHints(This::wxWindow(), MinW::integer(), MinH::integer()) -> setSizeHints(This,MinW,MinH, []) </c></p>
 %% <p><c>
-%% setSizeHints(This::wxWindow(), MinSize::{W::integer(),H::integer()}, [Option]) -> ok </c>
-%%<br /> Option = {maxSize, {W::integer(),H::integer()}} | {incSize, {W::integer(),H::integer()}}
+%% setSizeHints(This::wxWindow(), MinSize::{W::integer(), H::integer()}, [Option]) -> ok </c>
+%%<br /> Option = {maxSize, {W::integer(), H::integer()}} | {incSize, {W::integer(), H::integer()}}
 %% </p>
 
 setSizeHints(This,MinW,MinH)
@@ -1520,7 +1520,7 @@ setToolTip(#wx_ref{type=ThisT,ref=ThisRef},#wx_ref{type=TipT,ref=TipRef}) ->
   wxe_util:cast(?wxWindow_SetToolTip_1_1,
   <<ThisRef:32/?UI,TipRef:32/?UI>>).
 
-%% @spec (This::wxWindow(), Size::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxWindow(), Size::{W::integer(), H::integer()}) -> ok
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_wxwindow.html#wxwindowsetvirtualsize">external documentation</a>.
 setVirtualSize(#wx_ref{type=ThisT,ref=ThisRef},{SizeW,SizeH})
  when is_integer(SizeW),is_integer(SizeH) ->
@@ -1536,7 +1536,7 @@ setVirtualSize(#wx_ref{type=ThisT,ref=ThisRef},X,Y)
   wxe_util:cast(?wxWindow_SetVirtualSize_2,
   <<ThisRef:32/?UI,X:32/?UI,Y:32/?UI>>).
 
-%% @spec (This::wxWindow(), MinSize::{W::integer(),H::integer()}) -> ok
+%% @spec (This::wxWindow(), MinSize::{W::integer(), H::integer()}) -> ok
 %% @equiv setVirtualSizeHints(This,MinSize, [])
 setVirtualSizeHints(This,MinSize={MinSizeW,MinSizeH})
  when is_record(This, wx_ref),is_integer(MinSizeW),is_integer(MinSizeH) ->
@@ -1548,8 +1548,8 @@ setVirtualSizeHints(This,MinSize={MinSizeW,MinSizeH})
 %% <p><c>
 %% setVirtualSizeHints(This::wxWindow(), MinW::integer(), MinH::integer()) -> setVirtualSizeHints(This,MinW,MinH, []) </c></p>
 %% <p><c>
-%% setVirtualSizeHints(This::wxWindow(), MinSize::{W::integer(),H::integer()}, [Option]) -> ok </c>
-%%<br /> Option = {maxSize, {W::integer(),H::integer()}}
+%% setVirtualSizeHints(This::wxWindow(), MinSize::{W::integer(), H::integer()}, [Option]) -> ok </c>
+%%<br /> Option = {maxSize, {W::integer(), H::integer()}}
 %% </p>
 
 setVirtualSizeHints(This,MinW,MinH)
diff --git a/lib/wx/src/gen/wx_misc.erl b/lib/wx/src/gen/wx_misc.erl
index cf23d4cf8b..3382d898e4 100644
--- a/lib/wx/src/gen/wx_misc.erl
+++ b/lib/wx/src/gen/wx_misc.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -39,7 +39,7 @@ getKeyState(Key)
   wxe_util:call(?utils_wxGetKeyState,
   <<Key:32/?UI>>).
 
-%% @spec () -> {X::integer(),Y::integer()}
+%% @spec () -> {X::integer(), Y::integer()}
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_miscellany.html#wxgetmouseposition">external documentation</a>.
 getMousePosition() ->
   wxe_util:call(?utils_wxGetMousePosition,
@@ -74,14 +74,14 @@ findMenuItemId(#wx_ref{type=FrameT,ref=FrameRef},MenuString,ItemString)
   wxe_util:call(?utils_wxFindMenuItemId,
   <<FrameRef:32/?UI,(byte_size(MenuString_UC)):32/?UI,(MenuString_UC)/binary, 0:(((8- ((0+byte_size(MenuString_UC)) band 16#7)) band 16#7))/unit:8,(byte_size(ItemString_UC)):32/?UI,(ItemString_UC)/binary, 0:(((8- ((4+byte_size(ItemString_UC)) band 16#7)) band 16#7))/unit:8>>).
 
-%% @spec (Pt::{X::integer(),Y::integer()}) -> wxWindow:wxWindow()
+%% @spec (Pt::{X::integer(), Y::integer()}) -> wxWindow:wxWindow()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_miscellany.html#wxgenericfindwindowatpoint">external documentation</a>.
 genericFindWindowAtPoint({PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
   wxe_util:call(?utils_wxGenericFindWindowAtPoint,
   <<PtX:32/?UI,PtY:32/?UI>>).
 
-%% @spec (Pt::{X::integer(),Y::integer()}) -> wxWindow:wxWindow()
+%% @spec (Pt::{X::integer(), Y::integer()}) -> wxWindow:wxWindow()
 %% @doc See <a href="http://www.wxwidgets.org/manuals/stable/wx_miscellany.html#wxfindwindowatpoint">external documentation</a>.
 findWindowAtPoint({PtX,PtY})
  when is_integer(PtX),is_integer(PtY) ->
diff --git a/lib/wx/src/gen/wxe_debug.hrl b/lib/wx/src/gen/wxe_debug.hrl
index 960f67a1f6..4224c54200 100644
--- a/lib/wx/src/gen/wxe_debug.hrl
+++ b/lib/wx/src/gen/wxe_debug.hrl
@@ -3273,26 +3273,32 @@ wxdebug_table() ->
  {3489, {wxSystemSettings, getFont, 1}},
  {3490, {wxSystemSettings, getMetric, 2}},
  {3491, {wxSystemSettings, getScreenType, 0}},
- {3492, {wxAuiNotebookEvent, setSelection, 1}},
- {3493, {wxAuiNotebookEvent, getSelection, 0}},
- {3494, {wxAuiNotebookEvent, setOldSelection, 1}},
- {3495, {wxAuiNotebookEvent, getOldSelection, 0}},
- {3496, {wxAuiNotebookEvent, setDragSource, 1}},
- {3497, {wxAuiNotebookEvent, getDragSource, 0}},
- {3498, {wxAuiManagerEvent, setManager, 1}},
- {3499, {wxAuiManagerEvent, getManager, 0}},
- {3500, {wxAuiManagerEvent, setPane, 1}},
- {3501, {wxAuiManagerEvent, getPane, 0}},
- {3502, {wxAuiManagerEvent, setButton, 1}},
- {3503, {wxAuiManagerEvent, getButton, 0}},
- {3504, {wxAuiManagerEvent, setDC, 1}},
- {3505, {wxAuiManagerEvent, getDC, 0}},
- {3506, {wxAuiManagerEvent, veto, 1}},
- {3507, {wxAuiManagerEvent, getVeto, 0}},
- {3508, {wxAuiManagerEvent, setCanVeto, 1}},
- {3509, {wxAuiManagerEvent, canVeto, 0}},
- {3510, {wxLogNull, new, 0}},
- {3511, {wxLogNull, 'Destroy', undefined}},
+ {3492, {wxSystemOptions, getOption, 1}},
+ {3493, {wxSystemOptions, getOptionInt, 1}},
+ {3494, {wxSystemOptions, hasOption, 1}},
+ {3495, {wxSystemOptions, isFalse, 1}},
+ {3496, {wxSystemOptions, setOption_2_1, 2}},
+ {3497, {wxSystemOptions, setOption_2_0, 2}},
+ {3498, {wxAuiNotebookEvent, setSelection, 1}},
+ {3499, {wxAuiNotebookEvent, getSelection, 0}},
+ {3500, {wxAuiNotebookEvent, setOldSelection, 1}},
+ {3501, {wxAuiNotebookEvent, getOldSelection, 0}},
+ {3502, {wxAuiNotebookEvent, setDragSource, 1}},
+ {3503, {wxAuiNotebookEvent, getDragSource, 0}},
+ {3504, {wxAuiManagerEvent, setManager, 1}},
+ {3505, {wxAuiManagerEvent, getManager, 0}},
+ {3506, {wxAuiManagerEvent, setPane, 1}},
+ {3507, {wxAuiManagerEvent, getPane, 0}},
+ {3508, {wxAuiManagerEvent, setButton, 1}},
+ {3509, {wxAuiManagerEvent, getButton, 0}},
+ {3510, {wxAuiManagerEvent, setDC, 1}},
+ {3511, {wxAuiManagerEvent, getDC, 0}},
+ {3512, {wxAuiManagerEvent, veto, 1}},
+ {3513, {wxAuiManagerEvent, getVeto, 0}},
+ {3514, {wxAuiManagerEvent, setCanVeto, 1}},
+ {3515, {wxAuiManagerEvent, canVeto, 0}},
+ {3516, {wxLogNull, new, 0}},
+ {3517, {wxLogNull, 'Destroy', undefined}},
  {-1, {mod, func, -1}}
 ].
 
diff --git a/lib/wx/src/gen/wxe_funcs.hrl b/lib/wx/src/gen/wxe_funcs.hrl
index af74caaa25..55cbee5572 100644
--- a/lib/wx/src/gen/wxe_funcs.hrl
+++ b/lib/wx/src/gen/wxe_funcs.hrl
@@ -3270,23 +3270,29 @@
 -define(wxSystemSettings_GetFont, 3489).
 -define(wxSystemSettings_GetMetric, 3490).
 -define(wxSystemSettings_GetScreenType, 3491).
--define(wxAuiNotebookEvent_SetSelection, 3492).
--define(wxAuiNotebookEvent_GetSelection, 3493).
--define(wxAuiNotebookEvent_SetOldSelection, 3494).
--define(wxAuiNotebookEvent_GetOldSelection, 3495).
--define(wxAuiNotebookEvent_SetDragSource, 3496).
--define(wxAuiNotebookEvent_GetDragSource, 3497).
--define(wxAuiManagerEvent_SetManager, 3498).
--define(wxAuiManagerEvent_GetManager, 3499).
--define(wxAuiManagerEvent_SetPane, 3500).
--define(wxAuiManagerEvent_GetPane, 3501).
--define(wxAuiManagerEvent_SetButton, 3502).
--define(wxAuiManagerEvent_GetButton, 3503).
--define(wxAuiManagerEvent_SetDC, 3504).
--define(wxAuiManagerEvent_GetDC, 3505).
--define(wxAuiManagerEvent_Veto, 3506).
--define(wxAuiManagerEvent_GetVeto, 3507).
--define(wxAuiManagerEvent_SetCanVeto, 3508).
--define(wxAuiManagerEvent_CanVeto, 3509).
--define(wxLogNull_new, 3510).
--define(wxLogNull_destroy, 3511).
+-define(wxSystemOptions_GetOption, 3492).
+-define(wxSystemOptions_GetOptionInt, 3493).
+-define(wxSystemOptions_HasOption, 3494).
+-define(wxSystemOptions_IsFalse, 3495).
+-define(wxSystemOptions_SetOption_2_1, 3496).
+-define(wxSystemOptions_SetOption_2_0, 3497).
+-define(wxAuiNotebookEvent_SetSelection, 3498).
+-define(wxAuiNotebookEvent_GetSelection, 3499).
+-define(wxAuiNotebookEvent_SetOldSelection, 3500).
+-define(wxAuiNotebookEvent_GetOldSelection, 3501).
+-define(wxAuiNotebookEvent_SetDragSource, 3502).
+-define(wxAuiNotebookEvent_GetDragSource, 3503).
+-define(wxAuiManagerEvent_SetManager, 3504).
+-define(wxAuiManagerEvent_GetManager, 3505).
+-define(wxAuiManagerEvent_SetPane, 3506).
+-define(wxAuiManagerEvent_GetPane, 3507).
+-define(wxAuiManagerEvent_SetButton, 3508).
+-define(wxAuiManagerEvent_GetButton, 3509).
+-define(wxAuiManagerEvent_SetDC, 3510).
+-define(wxAuiManagerEvent_GetDC, 3511).
+-define(wxAuiManagerEvent_Veto, 3512).
+-define(wxAuiManagerEvent_GetVeto, 3513).
+-define(wxAuiManagerEvent_SetCanVeto, 3514).
+-define(wxAuiManagerEvent_CanVeto, 3515).
+-define(wxLogNull_new, 3516).
+-define(wxLogNull_destroy, 3517).
diff --git a/lib/wx/src/wx_object.erl b/lib/wx/src/wx_object.erl
index bfd38960dd..80f8937656 100644
--- a/lib/wx/src/wx_object.erl
+++ b/lib/wx/src/wx_object.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,7 +108,38 @@
 	 get_pid/1
 	]).
 
--export([behaviour_info/1]).
+%% -export([behaviour_info/1]).
+-callback init(Args :: term()) ->
+    {#wx_ref{}, State :: term()} | {#wx_ref{}, State :: term(), timeout() | hibernate} |
+    {stop, Reason :: term()} | ignore.
+-callback handle_event(Request :: #wx{}, State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_call(Request :: term(), From :: {pid(), Tag :: term()},
+                      State :: term()) ->
+    {reply, Reply :: term(), NewState :: term()} |
+    {reply, Reply :: term(), NewState :: term(), timeout() | hibernate} |
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), Reply :: term(), NewState :: term()} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_cast(Request :: term(), State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_info(Info :: timeout() | term(), State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback terminate(Reason :: (normal | shutdown | {shutdown, term()} |
+                               term()),
+                    State :: term()) ->
+    term().
+-callback code_change(OldVsn :: (term() | {down, term()}), State :: term(),
+                      Extra :: term()) ->
+    {ok, NewState :: term()} | {error, Reason :: term()}.
+
 
 %% System exports
 -export([system_continue/3,
@@ -125,15 +156,15 @@
 %%%  API
 %%%=========================================================================
 %% @hidden
-behaviour_info(callbacks) ->
-    [{init,1},
-     {handle_call,3},
-     {handle_info,2},
-     {handle_event,2},
-     {terminate,2},
-     {code_change,3}];
-behaviour_info(_Other) ->
-    undefined.
+%% behaviour_info(callbacks) ->
+%%     [{init,1},
+%%      {handle_call,3},
+%%      {handle_info,2},
+%%      {handle_event,2},
+%%      {terminate,2},
+%%      {code_change,3}];
+%% behaviour_info(_Other) ->
+%%     undefined.
 
 
 %%  -----------------------------------------------------------------
@@ -226,9 +257,11 @@ call(Name, Request, Timeout) when is_atom(Name) orelse is_pid(Name) ->
 %% Invokes handle_cast(Request, State) in the server
 
 cast(#wx_ref{state=Pid}, Request) when is_pid(Pid) ->
-    Pid ! {'$gen_cast',Request};
+    Pid ! {'$gen_cast',Request},
+    ok;
 cast(Name, Request) when is_atom(Name) orelse is_pid(Name) ->
-    Name ! {'$gen_cast',Request}.
+    Name ! {'$gen_cast',Request},
+    ok.
 
 %% @spec (Ref::wxObject()) -> pid()
 %% @doc Get the pid of the object handle.
@@ -258,9 +291,10 @@ init_it(Starter, self, Name, Mod, Args, Options) ->
     init_it(Starter, self(), Name, Mod, Args, Options);
 init_it(Starter, Parent, Name, Mod, Args, [WxEnv|Options]) ->
     case WxEnv of
-	undefined -> ok;	
+	undefined -> ok;
 	_ -> wx:set_env(WxEnv)
     end,
+    put('_wx_object_', {Mod,'_wx_init_'}),
     Debug = debug_options(Name, Options),
     case catch Mod:init(Args) of
 	{#wx_ref{} = Ref, State} ->
@@ -350,57 +384,16 @@ handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod) ->
 	{noreply, NState, Time1} ->
 	    loop(Parent, Name, NState, Mod, Time1, []);
 	{stop, Reason, Reply, NState} ->
-	    {'EXIT', R} = 
+	    {'EXIT', R} =
 		(catch terminate(Reason, Name, Msg, Mod, NState, [])),
 	    reply(From, Reply),
 	    exit(R);
 	Other -> handle_common_reply(Other, Name, Msg, Mod, State, [])
     end;
-
-handle_msg(Msg = {_,_,'_wx_invoke_cb_'}, Parent, Name, State, Mod) ->
-    Reply = dispatch_cb(Msg, Mod, State),
-    handle_no_reply(Reply, Parent, Name, Msg, Mod, State, []);
 handle_msg(Msg, Parent, Name, State, Mod) ->
     Reply = (catch dispatch(Msg, Mod, State)),
     handle_no_reply(Reply, Parent, Name, Msg, Mod, State, []).
-%% @hidden
-dispatch_cb({{Msg=#wx{}, Obj=#wx_ref{}}, _, '_wx_invoke_cb_'}, Mod, State) ->
-    Callback = fun() ->
-		       wxe_util:cast(?WXE_CB_START, <<>>),
-		       case Mod:handle_sync_event(Msg, Obj, State) of
-			   ok -> <<>>;
-			   noreply -> <<>>;
-			   Other ->
-			       Args = [Msg, Obj, State],
-			       MFA = {Mod, handle_sync_event, Args},
-			       exit({bad_return, Other, MFA})
-		       end
-	       end,
-    wxe_server:invoke_callback(Callback),
-    {noreply, State};
-dispatch_cb({Func, ArgList, '_wx_invoke_cb_'}, Mod, State) ->
-    try  %% This don't work yet....
-	[#wx_ref{type=ThisClass}] = ArgList,
-	case Mod:handle_overloaded(Func, ArgList, State) of
-	    {reply, CBReply, NState} -> 
-		ThisClass:send_return_value(Func, CBReply),
-		{noreply, NState};
-	    {reply, CBReply, NState, Time1} -> 
-		ThisClass:send_return_value(Func, CBReply),
-		{noreply, NState, Time1};
-	    {noreply, NState} ->
-		ThisClass:send_return_value(Func, <<>>),
-		{noreply, NState};
-	    {noreply, NState, Time1} ->
-		ThisClass:send_return_value(Func, <<>>),
-		{noreply, NState, Time1};
-	    Other -> Other
-	end
-    catch _Err:Reason ->
-	    %% Hopefully we can release the wx-thread with this
-	    wxe_util:cast(?WXE_CB_RETURN, <<>>),
-	    {'EXIT', {Reason, erlang:get_stacktrace()}}
-    end.
+
 %% @hidden
 handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod, Debug) ->
     case catch Mod:handle_call(Msg, From, State) of
@@ -426,9 +419,6 @@ handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod, Debug) ->
 	Other ->
 	    handle_common_reply(Other, Name, Msg, Mod, State, Debug)
     end;
-handle_msg(Msg = {_,_,'_wx_invoke_cb_'}, Parent, Name, State, Mod, Debug) ->
-    Reply = dispatch_cb(Msg, Mod, State),
-    handle_no_reply(Reply, Parent, Name, Msg, Mod, State, Debug);
 handle_msg(Msg, Parent, Name, State, Mod, Debug) ->
     Reply = (catch dispatch(Msg, Mod, State)),
     handle_no_reply(Reply, Parent, Name, Msg, Mod, State, Debug).
@@ -537,16 +527,16 @@ error_info(_Reason, application_controller, _Msg, _State, _Debug) ->
 error_info(Reason, Name, Msg, State, Debug) ->
     Reason1 = 
 	case Reason of
-	    {undef,[{M,F,A}|MFAs]} ->
+	    {undef,[{M,F,A,L}|MFAs]} ->
 		case code:is_loaded(M) of
 		    false ->
-			{'module could not be loaded',[{M,F,A}|MFAs]};
+			{'module could not be loaded',[{M,F,A,L}|MFAs]};
 		    _ ->
 			case erlang:function_exported(M, F, length(A)) of
 			    true ->
 				Reason;
 			    false ->
-				{'function not exported',[{M,F,A}|MFAs]}
+				{'function not exported',[{M,F,A,L}|MFAs]}
 			end
 		end;
 	    _ ->
diff --git a/lib/wx/src/wxe_server.erl b/lib/wx/src/wxe_server.erl
index 69e2189fac..6e982c97f6 100644
--- a/lib/wx/src/wxe_server.erl
+++ b/lib/wx/src/wxe_server.erl
@@ -221,7 +221,7 @@ handle_connect(Object, EvData, From, State0 = #state{users=Users}) ->
     Evs = [#event{object=Object,callback=Callback, cb_handler=CBHandler}|Evs0],
     User = User0#user{events=Evs, evt_handler=Handler},
     State1 = State0#state{users=gb_trees:update(From, User, Users)},
-    if is_function(Callback) ->
+    if is_function(Callback) orelse is_pid(Callback) ->
 	    {FunId, State} = attach_fun(Callback,State1),
 	    Res = wxEvtHandler:connect_impl(CBHandler,Object,
 					    wxEvtHandler:replace_fun_with_id(EvData,FunId)),
@@ -229,6 +229,7 @@ handle_connect(Object, EvData, From, State0 = #state{users=Users}) ->
 		ok     -> {reply,Res,State};
 		_Error -> {reply,Res,State0}
 	    end;
+
        true ->
 	    Res = {call_impl, connect_cb, CBHandler},
 	    {reply, Res, State1}
@@ -239,6 +240,8 @@ invoke_cb({{Ev=#wx{}, Ref=#wx_ref{}}, FunId,_}, _S) ->
     case get(FunId) of
 	Fun when is_function(Fun) ->
 	    invoke_callback(fun() -> Fun(Ev, Ref), <<>> end);
+	Pid when is_pid(Pid) -> %% wx_object sync event
+	    invoke_callback(Pid, Ev, Ref);
 	Err ->
 	    ?log("Internal Error ~p~n",[Err])
     end;
@@ -270,6 +273,44 @@ invoke_callback(Fun) ->
     spawn(CB),
     ok.
 
+invoke_callback(Pid, Ev, Ref) ->
+    Env = get(?WXE_IDENTIFIER),
+    CB = fun() ->
+		 wx:set_env(Env),
+		 wxe_util:cast(?WXE_CB_START, <<>>),
+		 try
+		     case get_wx_object_state(Pid) of
+			 ignore ->
+			     %% Ignore early events
+			     wxEvent:skip(Ref);
+			 {Mod, State} ->
+			     case Mod:handle_sync_event(Ev, Ref, State) of
+				 ok -> ok;
+				 noreply -> ok;
+				 Return -> exit({bad_return, Return})
+			     end
+		     end
+		 catch _:Reason ->
+			 wxEvent:skip(Ref),
+			 ?log("Callback fun crashed with {'EXIT, ~p, ~p}~n",
+			      [Reason, erlang:get_stacktrace()])
+		 end,
+		 wxe_util:cast(?WXE_CB_RETURN, <<>>)
+	 end,
+    spawn(CB),
+    ok.
+
+get_wx_object_state(Pid) ->
+    case process_info(Pid, dictionary) of
+	{dictionary, Dict} ->
+	    case lists:keysearch('_wx_object_',1,Dict) of
+		{value, {'_wx_object_', {_Mod, '_wx_init_'}}} -> ignore;
+		{value, {'_wx_object_', Value}} -> Value;
+		_ -> ignore
+	    end;
+	_ -> ignore
+    end.
+
 new_evt_listener(State) ->
     #wx_env{port=Port} = wx:get_env(),
     _ = erlang:port_control(Port,98,<<>>),
diff --git a/lib/wx/test/Makefile b/lib/wx/test/Makefile
index cf51d7918f..333711789f 100644
--- a/lib/wx/test/Makefile
+++ b/lib/wx/test/Makefile
@@ -27,7 +27,7 @@ PWD = $(shell pwd)
 APPDIR = $(shell dirname $(PWD))
 ERL_COMPILE_FLAGS = -pa $(APPDIR)/ebin
 
-Mods =  wxt wx_test_lib \
+Mods =  wxt wx_test_lib wx_obj_test \
 	wx_app_SUITE \
 	wx_basic_SUITE \
 	wx_event_SUITE \
diff --git a/lib/wx/test/wx_basic_SUITE.erl b/lib/wx/test/wx_basic_SUITE.erl
index 9ad34248a9..46c72bb453 100644
--- a/lib/wx/test/wx_basic_SUITE.erl
+++ b/lib/wx/test/wx_basic_SUITE.erl
@@ -48,7 +48,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [create_window, several_apps, wx_api, wx_misc,
-     data_types].
+     data_types, wx_object].
 
 groups() -> 
     [].
@@ -298,3 +298,77 @@ data_types(_Config) ->
     wxClientDC:destroy(CDC),
     %%wx_test_lib:wx_destroy(Frame,Config).
     wx:destroy().
+
+wx_object(TestInfo) when is_atom(TestInfo) -> wx_test_lib:tc_info(TestInfo);
+wx_object(Config) ->
+    wx:new(),
+    Frame = ?mt(wxFrame, wx_obj_test:start([])),
+    timer:sleep(500),
+    ?m(ok, check_events(flush())),
+
+    Me = self(),
+    ?m({call, foobar, {Me, _}}, wx_object:call(Frame, foobar)),
+    ?m(ok, wx_object:cast(Frame, foobar2)),
+    ?m([{cast, foobar2}], flush()),
+    FramePid = wx_object:get_pid(Frame),
+    io:format("wx_object pid ~p~n",[FramePid]),
+    FramePid ! foo3,
+    ?m([{info, foo3}], flush()),
+
+    ?m(ok, wx_object:cast(Frame, fun(_) -> hehe end)),
+    ?m([{cast, hehe}], flush()),
+    wxWindow:refresh(Frame),
+    ?m([{sync_event, #wx{event=#wxPaint{}}, _}], flush()),
+    ?m(ok, wx_object:cast(Frame, fun(_) -> timer:sleep(200), slept end)),
+    %% The sleep above should not hinder the Paint event below
+    %% Which it did in my buggy handling of the sync_callback
+    wxWindow:refresh(Frame),
+    ?m([{sync_event, #wx{event=#wxPaint{}}, _}], flush()),
+    ?m([{cast, slept}], flush()),
+
+    Monitor = erlang:monitor(process, FramePid),
+    case proplists:get_value(user, Config, false) of
+	false ->
+	    timer:sleep(100),
+	    wxFrame:destroy(Frame);
+	true ->
+	    timer:sleep(500),
+	    ?m(ok, wxFrame:destroy(Frame));
+	_ ->
+	    ?m(ok, wxEvtHandler:connect(Frame, close_window, [{skip,true}])),
+	    wx_test_lib:wait_for_close()
+    end,
+    ?m(ok, receive
+	       {'DOWN', Monitor, _, _, _} ->
+		   ?m([{terminate, wx_deleted}], flush()),
+		   ok
+	   after 1000 ->
+		   Msgs = flush(),
+		   io:format("Error ~p Alive ~p~n",[Msgs, is_process_alive(FramePid)])
+	   end),
+    catch wx:destroy(),
+    ok.
+
+check_events(Msgs) ->
+    check_events(Msgs, 0,0).
+
+check_events([{event, #wx{event=#wxSize{}}}|Rest], Async, Sync) ->
+    check_events(Rest, Async+1, Sync);
+check_events([{sync_event, #wx{event=#wxPaint{}}, Obj}|Rest], Async, Sync) ->
+    ?mt(wxPaintEvent, Obj),
+    check_events(Rest, Async, Sync+1);
+check_events([], Async, Sync) ->
+    case Async > 0 of  %% Test sync explictly
+	true -> ok;
+	false -> {Async, Sync}
+    end.
+
+flush() ->
+    flush([], 500).
+
+flush(Acc, Wait) ->
+    receive
+	Msg -> flush([Msg|Acc], Wait div 10)
+    after Wait ->
+	    lists:reverse(Acc)
+    end.
diff --git a/lib/wx/test/wx_event_SUITE.erl b/lib/wx/test/wx_event_SUITE.erl
index 0d8dd4852e..8f364049b4 100644
--- a/lib/wx/test/wx_event_SUITE.erl
+++ b/lib/wx/test/wx_event_SUITE.erl
@@ -47,7 +47,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [connect, disconnect, connect_msg_20, connect_cb_20,
-     mouse_on_grid, spin_event, connect_in_callback].
+     mouse_on_grid, spin_event, connect_in_callback, recursive].
 
 groups() -> 
     [].
@@ -331,3 +331,35 @@ connect_in_callback(Config) ->
     wx_test_lib:flush(),
     
     wx_test_lib:wx_destroy(Frame, Config).
+
+%% Test that event callback which triggers another callback works
+%% i.e. the callback invoker in driver will recurse
+recursive(TestInfo)   when is_atom(TestInfo) -> wx_test_lib:tc_info(TestInfo);
+recursive(Config) ->
+    Wx = wx:new(),
+    Frame = wxFrame:new(Wx, ?wxID_ANY, "Connect in callback"),
+    Panel = wxPanel:new(Frame, []),
+    Sz = wxBoxSizer:new(?wxVERTICAL),
+    ListBox = wxListBox:new(Panel, ?wxID_ANY, [{choices, ["foo", "bar", "baz"]}]),
+    wxSizer:add(Sz, ListBox, [{proportion, 1},{flag, ?wxEXPAND}]),
+    wxWindow:setSizer(Panel, Sz),
+    wxListBox:connect(ListBox, command_listbox_selected,
+		      [{callback,
+			fun(#wx{event=#wxCommand{commandInt=Id}}, _) ->
+				io:format("Selected ~p~n",[Id])
+			end}]),
+    wxListBox:setSelection(ListBox, 0),
+    wxListBox:connect(ListBox, size,
+		      [{callback,
+			fun(#wx{event=#wxSize{}}, _) ->
+				io:format("Size init ~n",[]),
+				case wxListBox:getCount(ListBox) > 0 of
+				    true ->  wxListBox:delete(ListBox, 0);
+				    false -> ok
+				end,
+				io:format("Size done ~n",[])
+			end}]),
+    wxFrame:show(Frame),
+    wx_test_lib:flush(),
+
+    wx_test_lib:wx_destroy(Frame, Config).
diff --git a/lib/wx/test/wx_obj_test.erl b/lib/wx/test/wx_obj_test.erl
new file mode 100644
index 0000000000..b4d7640c7e
--- /dev/null
+++ b/lib/wx/test/wx_obj_test.erl
@@ -0,0 +1,86 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(wx_obj_test).
+-include_lib("wx/include/wx.hrl").
+
+-export([start/1]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_sync_event/3, handle_event/2, handle_cast/2]).
+
+-record(state, {frame, panel, opts}).
+
+start(Opts) ->
+    wx_object:start_link(?MODULE, [{parent, self()}, Opts], []).
+
+init(Opts) ->
+    put(parent_pid, proplists:get_value(parent, Opts)),
+    Frame = wxFrame:new(wx:null(), ?wxID_ANY, "Test wx_object", [{size, {500, 400}}]),
+    Sz = wxBoxSizer:new(?wxHORIZONTAL),
+    Panel = wxPanel:new(Frame),
+    wxSizer:add(Sz, Panel, [{flag, ?wxEXPAND}, {proportion, 1}]),
+    wxPanel:connect(Panel, size, [{skip, true}]),
+    wxPanel:connect(Panel, paint, [callback, {userData, proplists:get_value(parent, Opts)}]),
+    wxWindow:show(Frame),
+    {Frame, #state{frame=Frame, panel=Panel, opts=Opts}}.
+
+handle_sync_event(Event = #wx{obj=Panel}, WxEvent, #state{opts=Opts}) ->
+    DC=wxPaintDC:new(Panel),  %% We must create & destroy paintDC, or call wxEvent:skip(WxEvent))
+    wxPaintDC:destroy(DC),    %% in sync_event. Otherwise wx on windows keeps sending the events.
+    Pid = proplists:get_value(parent, Opts),
+    true = is_pid(Pid),
+    Pid ! {sync_event, Event, WxEvent},
+    ok.
+
+handle_event(Event, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {event, Event},
+    {noreply, State}.
+
+handle_call(What, From, State) when is_function(What) ->
+    Result = What(State),
+    {reply, {call, Result, From}, State};
+handle_call(What, From, State) ->
+    {reply, {call, What, From}, State}.
+
+handle_cast(What, State = #state{opts=Opts})  when is_function(What) ->
+    Result = What(State),
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {cast, Result},
+    {noreply, State};
+
+handle_cast(What, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {cast, What},
+    {noreply, State}.
+
+handle_info(What, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {info, What},
+    {noreply, State}.
+
+terminate(What, #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {terminate, What},
+    ok.
+
+code_change(Ver1, Ver2, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {code_change, Ver1, Ver2},
+    State.
diff --git a/lib/wx/test/wx_test_lib.hrl b/lib/wx/test/wx_test_lib.hrl
index 34e1e9c6b8..820e8f0050 100644
--- a/lib/wx/test/wx_test_lib.hrl
+++ b/lib/wx/test/wx_test_lib.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -40,7 +40,6 @@
 
 -define(m(ExpectedRes, Expr),
 	fun() ->
-		{TeStFILe, TeSTLiNe} = {?FILE, ?LINE},
 		AcTuAlReS = (catch (Expr)),
 		case AcTuAlReS of
 		    ExpectedRes ->
@@ -48,8 +47,8 @@
 			AcTuAlReS;
 		    _ ->
 			wx_test_lib:error("Not Matching Actual result was:~n ~p ~n Expected ~s~n",
-					  [AcTuAlReS, ??ExpectedRes], 
-					  TeStFILe,TeSTLiNe),
+					  [AcTuAlReS, ??ExpectedRes],
+					  ?FILE,?LINE),
 			AcTuAlReS
 		end
 	end()).
diff --git a/lib/wx/vsn.mk b/lib/wx/vsn.mk
index 8685c633d4..3f3e9422a8 100644
--- a/lib/wx/vsn.mk
+++ b/lib/wx/vsn.mk
@@ -1 +1 @@
-WX_VSN = 0.99
+WX_VSN = 0.99.1
diff --git a/lib/xmerl/doc/examples/test_html.erl b/lib/xmerl/doc/examples/test_html.erl
index 3ca15f30f8..3ca15f30f8 100755..100644
--- a/lib/xmerl/doc/examples/test_html.erl
+++ b/lib/xmerl/doc/examples/test_html.erl
diff --git a/lib/xmerl/doc/examples/xml/test.xml b/lib/xmerl/doc/examples/xml/test.xml
index e803a83560..e803a83560 100755..100644
--- a/lib/xmerl/doc/examples/xml/test.xml
+++ b/lib/xmerl/doc/examples/xml/test.xml
diff --git a/lib/xmerl/doc/examples/xml/test2.xml b/lib/xmerl/doc/examples/xml/test2.xml
index 0cb11194fc..0cb11194fc 100755..100644
--- a/lib/xmerl/doc/examples/xml/test2.xml
+++ b/lib/xmerl/doc/examples/xml/test2.xml
diff --git a/lib/xmerl/doc/examples/xml/test3.xml b/lib/xmerl/doc/examples/xml/test3.xml
index dbdc1e62c2..dbdc1e62c2 100755..100644
--- a/lib/xmerl/doc/examples/xml/test3.xml
+++ b/lib/xmerl/doc/examples/xml/test3.xml
diff --git a/lib/xmerl/doc/examples/xml/test4.xml b/lib/xmerl/doc/examples/xml/test4.xml
index e9d85b8d8f..e9d85b8d8f 100755..100644
--- a/lib/xmerl/doc/examples/xml/test4.xml
+++ b/lib/xmerl/doc/examples/xml/test4.xml
diff --git a/lib/xmerl/doc/examples/xml/test5.xml b/lib/xmerl/doc/examples/xml/test5.xml
index e9d85b8d8f..e9d85b8d8f 100755..100644
--- a/lib/xmerl/doc/examples/xml/test5.xml
+++ b/lib/xmerl/doc/examples/xml/test5.xml
diff --git a/lib/xmerl/doc/examples/xml/testdtd.dtd b/lib/xmerl/doc/examples/xml/testdtd.dtd
index 2ce1c513a6..2ce1c513a6 100755..100644
--- a/lib/xmerl/doc/examples/xml/testdtd.dtd
+++ b/lib/xmerl/doc/examples/xml/testdtd.dtd
diff --git a/lib/xmerl/doc/examples/xml/xmerl.xml b/lib/xmerl/doc/examples/xml/xmerl.xml
index f02282dbef..f02282dbef 100755..100644
--- a/lib/xmerl/doc/examples/xml/xmerl.xml
+++ b/lib/xmerl/doc/examples/xml/xmerl.xml
diff --git a/lib/xmerl/doc/src/make.dep b/lib/xmerl/doc/src/make.dep
deleted file mode 100644
index 9c303fc41c..0000000000
--- a/lib/xmerl/doc/src/make.dep
+++ /dev/null
@@ -1,24 +0,0 @@
-# ----------------------------------------------------
-# >>>> Do not edit this file <<<<
-# This file was automaticly generated by
-# /home/otp/bin/docdepend
-# ----------------------------------------------------
-
-
-# ----------------------------------------------------
-# TeX files that the DVI file depend on
-# ----------------------------------------------------
-
-book.dvi: book.tex part.tex ref_man.tex xmerl.tex xmerl_eventp.tex \
-		xmerl_scan.tex xmerl_ug.tex xmerl_xpath.tex \
-		xmerl_xs.tex xmerl_xsd.tex xmerl_sax_parser.tex
-
-# ----------------------------------------------------
-# Source inlined when transforming from source to LaTeX
-# ----------------------------------------------------
-
-book.tex: ref_man.xml
-
-xmerl_ug.tex: motorcycles.txt motorcycles2html.erl motorcycles_dtd.txt \
-		new_motorcycles.txt new_motorcycles2.txt
-
diff --git a/lib/xmerl/doc/src/notes.xml b/lib/xmerl/doc/src/notes.xml
index 15c42d6f6a..8734bd8771 100644
--- a/lib/xmerl/doc/src/notes.xml
+++ b/lib/xmerl/doc/src/notes.xml
@@ -31,6 +31,117 @@
   <p>This document describes the changes made to the Xmerl application.</p>
 
 
+<section><title>Xmerl 1.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Fix character check of non-characters due to change
+	    in unicode module. </p>
+          <p>
+	    Own Id: OTP-9670</p>
+        </item>
+        <item>
+          <p>
+	    Treat , as special in xmerl_xpath_scan. (Thanks to Anneli
+	    Cuss)</p>
+          <p>
+	    Own Id: OTP-9753</p>
+        </item>
+        <item>
+	  <p> 
+	    Fix bug in namespace handling for attributes when the  
+            <c>namespace_conformant</c> flag is set to true. </p>
+          <p>
+	    Own Id: OTP-9821</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Updates to the xml scanner </p> <list> <item>
+	    <p>xmerl_scan is now returning xmlComment records in the
+	    output.<br/><br/> Functions <c>xmerl_scan:file/2</c> and
+	    <c>xmerl_scan:string/2</c> now accepts a new option
+	    <c>{comments, Flag}</c> for filtering of comments.<br/>
+	    Default (<c>true</c>) is that <c>#xmlComment</c> records
+	    are returned from the scanner and this flag should be set
+	    to false if one don't want comments in the output. </p>
+	    </item> <item> <p>Add <i>default_attrs</i>
+	    option<br/><br/> When <i>default_attrs</i> is <c>true</c>
+	    any attribute with a default value defined in the doctype
+	    but not in the attribute axis of the currently scanned
+	    element is added to it. </p> </item> <item> <p>Allow
+	    whole documents to be returned<br/><br/> Functions
+	    <c>xmerl_scan:file/2</c> and <c>xmerl_scan:string/2</c>
+	    now accepts a new option <c>{document, true}</c> to
+	    produce a whole document as a <c>xmlDocument</c> record
+	    instead of just the root element node.<br/> This option
+	    is the only way to get to the top-level comments and
+	    processing instructions without hooking through the
+	    customization functions. Those nodes are needed to
+	    implement [Canonical XML][c14n-xml] support.<br/>
+	    [c14n-xml]:
+	    http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/
+	    <i>Canonical XML</i> </p> </item> <item><p>Parents and
+	    namespace are tracked in <c>#xmlAttribute</c>
+	    nodes</p></item> <item><p>Parents are tracked in
+	    <c>#xmlPI</c> nodes</p></item> <item><p>Set <c>vsn</c>
+	    field in <c>#xmlDecl</c> record</p></item> <item><p>Fix
+	    namespace-conformance constraints<br/><br/> See
+	    [Namespaces in XML 1.0 (Third Edition)][1]: The prefix
+	    xml is by definition bound to the namespace name
+	    http://www.w3.org/XML/1998/namespace. It MAY, but need
+	    not, be declared, and MUST NOT be bound to any other
+	    namespace name. Other prefixes MUST NOT be bound to this
+	    namespace name, and it MUST NOT be declared as the
+	    default namespace.<br/> The prefix xmlns is used only to
+	    declare namespace bindings and is by definition bound to
+	    the namespace name http://www.w3.org/2000/xmlns/. It MUST
+	    NOT be declared . Other prefixes MUST NOT be bound to
+	    this namespace name, and it MUST NOT be declared as the
+	    default namespace. Element names MUST NOT have the prefix
+	    xmlns.<br/> In XML documents conforming to this
+	    specification, no tag may contain two attributes which
+	    have identical names, or have qualified names with the
+	    same local part and with prefixes which have been bound
+	    to namespace names that are identical.<br/> [1]
+	    http://www.w3.org/TR/REC-xml-names/ </p></item> </list>
+	    <p> Updates of xmerl's Xpath functionality. </p> <list>
+	    <item><p>Add <c>#xmlPI</c> support to
+	    xmerl_xpath:write_node/1</p></item> <item><p>Fix
+	    processing-instruction(name?)</p></item> <item><p>Fix
+	    path filters, support more top-level primary
+	    expressions</p></item> <item><p>Accumulate comments in
+	    element nodes</p></item> <item><p>Implement namespace
+	    axis<br/><br/> Namespace nodes are represented as
+	    <c>#xmlNsNode</c> records. Now that the namespace axis is
+	    correctly implemented, attributes nodes corresponding to
+	    attributes that declare namespaces are ignored.<br/> See
+	    [5.3 Attribute Nodes][xpath-5.3]:<br/> There are no
+	    attribute nodes corresponding to attributes that declare
+	    namespaces.<br/> [xpath-5.3]:
+	    http://www.w3.org/TR/xpath/#attribute-nodes </p></item>
+	    </list> <p> (Thanks to Anthony Ramine) </p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9664</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Xmerl 1.2.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/xmerl/doc/src/part_notes.xml b/lib/xmerl/doc/src/part_notes.xml
index 827ffd90e9..b3c0597323 100755..100644
--- a/lib/xmerl/doc/src/part_notes.xml
+++ b/lib/xmerl/doc/src/part_notes.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2004</year><year>2009</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/xmerl/doc/src/xmerl_ug.xmlsrc b/lib/xmerl/doc/src/xmerl_ug.xmlsrc
index 6ee6707e53..9ef8fbb0b9 100644
--- a/lib/xmerl/doc/src/xmerl_ug.xmlsrc
+++ b/lib/xmerl/doc/src/xmerl_ug.xmlsrc
@@ -36,9 +36,9 @@
       <title>Features</title>
       <p>The <em>xmerl</em> XML parser is able to parse XML documents
         according to the XML 1.0 standard. As default it performs
-        well-formed parsing,(syntax checks and checks of well-formed
+        well-formed parsing, (syntax checks and checks of well-formed
         constraints). Optionally one can also use xmerl as a validating
-        parser,(validate according to referenced DTD and validating
+        parser, (validate according to referenced DTD and validating
         constraints). By means of for example the xmerl_xs module it is
         possible to transform the parsed result to other formats,
         e.g. text, HTML, XML etc.</p>
diff --git a/lib/xmerl/include/xmerl.hrl b/lib/xmerl/include/xmerl.hrl
index 7bb3f4de9b..331d1507a0 100755..100644
--- a/lib/xmerl/include/xmerl.hrl
+++ b/lib/xmerl/include/xmerl.hrl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2004-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -61,10 +61,11 @@
 	 }).
 
 %% namespace node - i.e. a {Prefix, URI} pair
-%% TODO: these are not currently used?? /RC
 -record(xmlNsNode,{
-	  prefix,
-	  uri = []
+	  parents = [],	% [{atom(),integer()}]
+	  pos,		% integer()
+	  prefix,	% string()
+	  uri = []	% [] | atom()
 	 }).
 
 %% XML Element
@@ -103,9 +104,10 @@
 
 %% processing instruction
 -record(xmlPI,{
-	  name,	% atom()
-	  pos,	% integer()
-	  value	% IOlist()
+	  name,		% atom()
+	  parents = [],	% [{atom(),integer()}]
+	  pos,		% integer()
+	  value		% IOlist()
 	 }).
 
 -record(xmlDocument,{
@@ -154,6 +156,9 @@
 	  declarations = [],	   % [{Name, Attrs}]
 	  doctype_name,
 	  doctype_DTD = internal, % internal | DTDId
+	  comments = true,
+	  document = false,
+	  default_attrs = false,
 	  rules,
 	  keep_rules = false,	% delete (ets) tab if false
 	  namespace_conformant = false, % true | false
diff --git a/lib/xmerl/include/xmerl_xlink.hrl b/lib/xmerl/include/xmerl_xlink.hrl
index 375e244c23..375e244c23 100755..100644
--- a/lib/xmerl/include/xmerl_xlink.hrl
+++ b/lib/xmerl/include/xmerl_xlink.hrl
diff --git a/lib/xmerl/include/xmerl_xsd.hrl b/lib/xmerl/include/xmerl_xsd.hrl
index 6dad7d8ff0..644cc2e433 100644
--- a/lib/xmerl/include/xmerl_xsd.hrl
+++ b/lib/xmerl/include/xmerl_xsd.hrl
@@ -184,7 +184,7 @@
 %% allowed for a schema.
 %% chain, represents a series of ordered objects, some of whom may be
 %% optional.
-%% alterantive, a collection of objects of which only one is choosen.
+%% alterantive, a collection of objects of which only one is chosen.
 -record(chain,{
 	  content,
 	  occurance={1,1}
diff --git a/lib/xmerl/src/xmerl.erl b/lib/xmerl/src/xmerl.erl
index cf78f7bdf7..3249094e78 100644
--- a/lib/xmerl/src/xmerl.erl
+++ b/lib/xmerl/src/xmerl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -307,7 +307,7 @@ apply_cb(Ms, F, Df, Args) ->
 
 apply_cb([M|Ms], F, Df, Args, Ms0) ->
     case catch apply(M, F, Args) of
-	{'EXIT', {undef,[{M,F,_}|_]}} ->
+	{'EXIT', {undef,[{M,F,_,_}|_]}} ->
 	    apply_cb(Ms, F, Df, Args, Ms0);
 	{'EXIT', Reason} ->
 	    exit(Reason);
diff --git a/lib/xmerl/src/xmerl_lib.erl b/lib/xmerl/src/xmerl_lib.erl
index 6402f1cbeb..aeb821f411 100644
--- a/lib/xmerl/src/xmerl_lib.erl
+++ b/lib/xmerl/src/xmerl_lib.erl
@@ -160,8 +160,9 @@ expand_element(E = #xmlText{}, Pos, Parents, Norm) ->
     E#xmlText{pos = Pos,
 	      parents = Parents,
 	      value = expand_text(E#xmlText.value, Norm)};
-expand_element(E = #xmlPI{}, Pos, _Parents, Norm) ->
+expand_element(E = #xmlPI{}, Pos, Parents, Norm) ->
     E#xmlPI{pos = Pos,
+	    parents = Parents,
 	    value = expand_text(E#xmlPI.value, Norm)};
 expand_element(E = #xmlComment{}, Pos, Parents, Norm) ->
     E#xmlComment{pos = Pos,
diff --git a/lib/xmerl/src/xmerl_sax_parser_base.erlsrc b/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
index 3b9eaa309c..c25cde0472 100644
--- a/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
+++ b/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
@@ -1,7 +1,7 @@
 %%-*-erlang-*-
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -944,14 +944,19 @@ parse_att_value(?STRING_REST("&", Rest), State, Stop, Acc)  ->
 	{unparsed, Name, _}  ->
 	    ?fatal_error(State1, "Unparsed entity reference in  attribute value: " ++ Name)
     end;
-parse_att_value(?STRING_UNBOUND_REST(Stop, Rest), State, Stop, Acc) -> 
+parse_att_value(?STRING_UNBOUND_REST(Stop, Rest), State, Stop, Acc) ->
     {lists:reverse(Acc), Rest, State};
-parse_att_value(?STRING_UNBOUND_REST($<, _Rest), State, _Stop, _Acc)   -> 
+parse_att_value(?STRING_UNBOUND_REST($<, _Rest), State, _Stop, _Acc)   ->
     ?fatal_error(State,  "< not allowed in attribute value");
-parse_att_value(?STRING_UNBOUND_REST(C, Rest), State, Stop, Acc)   -> 
-    parse_att_value(Rest, State, Stop, [C|Acc]);
-parse_att_value(Bytes, State, Stop, Acc)   -> 
-    unicode_incomplete_check([Bytes, State, Stop, Acc, fun parse_att_value/4], 
+parse_att_value(?STRING_UNBOUND_REST(C, Rest), State, Stop, Acc)   ->
+    if
+	?is_char(C) ->
+	    parse_att_value(Rest, State, Stop, [C|Acc]);
+	true ->
+	     ?fatal_error(State, lists:flatten(io_lib:format("Bad character in attribute value: ~p", [C])))
+    end;
+parse_att_value(Bytes, State, Stop, Acc)   ->
+    unicode_incomplete_check([Bytes, State, Stop, Acc, fun parse_att_value/4],
 			     undefined).
 
 
@@ -1120,10 +1125,10 @@ parse_content(?STRING_UNBOUND_REST(C, Rest), State, Acc, _IgnorableWS) ->
 	?is_char(C) ->
 	    parse_content(Rest, State, [C|Acc], false);
 	true ->
-	     ?fatal_error(State, "Bad character in content: " ++ C)
-    end;   
-parse_content(Bytes, State, Acc, IgnorableWS)   -> 
-    unicode_incomplete_check([Bytes, State, Acc, IgnorableWS, fun parse_content/4], 
+	     ?fatal_error(State, lists:flatten(io_lib:format("Bad character in content: ~p", [C])))
+    end;
+parse_content(Bytes, State, Acc, IgnorableWS)   ->
+    unicode_incomplete_check([Bytes, State, Acc, IgnorableWS, fun parse_content/4],
 			     undefined).
 
 
@@ -2522,11 +2527,16 @@ parse_entity_value(?STRING_REST("%", Rest), #xmerl_sax_parser_state{file_type=Ty
 			
 	    end
     end;
-parse_entity_value(?STRING_UNBOUND_REST(Stop, Rest), State, Stop, Acc) -> 
+parse_entity_value(?STRING_UNBOUND_REST(Stop, Rest), State, Stop, Acc) ->
     {lists:reverse(Acc), Rest, State};
-parse_entity_value(?STRING_UNBOUND_REST(C, Rest), State, Stop, Acc)   -> 
-    parse_entity_value(Rest, State, Stop, [C|Acc]);
-parse_entity_value(Bytes, State, Stop, Acc)   -> 
+parse_entity_value(?STRING_UNBOUND_REST(C, Rest), State, Stop, Acc)   ->
+    if
+	?is_char(C) ->
+	    parse_entity_value(Rest, State, Stop, [C|Acc]);
+	true ->
+	     ?fatal_error(State, lists:flatten(io_lib:format("Bad character in entity value: ~p", [C])))
+    end;
+parse_entity_value(Bytes, State, Stop, Acc)   ->
     unicode_incomplete_check([Bytes, State, Stop, Acc, fun parse_entity_value/4],
 			     undefined).
 
diff --git a/lib/xmerl/src/xmerl_scan.erl b/lib/xmerl/src/xmerl_scan.erl
index 25c6547497..05431a5fd2 100644
--- a/lib/xmerl/src/xmerl_scan.erl
+++ b/lib/xmerl/src/xmerl_scan.erl
@@ -20,8 +20,8 @@
 %% Description  : Simgle-pass XML scanner. See xmerl.hrl for data defs.
 
 %% @doc This module is the interface to the XML parser, it handles XML 1.0.
-%%     The XML parser is activated through 
-%%     <tt>xmerl_scan:string/[1,2]</tt> or 
+%%     The XML parser is activated through
+%%     <tt>xmerl_scan:string/[1,2]</tt> or
 %%     <tt>xmerl_scan:file/[1,2]</tt>.
 %%     It returns records of the type defined in xmerl.hrl.
 %% See also <a href="xmerl_examples.html">tutorial</a> on customization
@@ -79,15 +79,15 @@
 %%  <dt><code>{validation, Flag}</code></dt>
 %%    <dd>Controls whether to process as a validating XML parser:
 %%    'off' (default) no validation, or validation 'dtd' by DTD or 'schema'
-%%    by XML Schema. 'false' and 'true' options are obsolete 
-%%    (i.e. they may be removed in a future release), if used 'false' 
+%%    by XML Schema. 'false' and 'true' options are obsolete
+%%    (i.e. they may be removed in a future release), if used 'false'
 %%    equals 'off' and 'true' equals 'dtd'.</dd>
 %%  <dt><code>{schemaLocation, [{Namespace,Link}|...]}</code></dt>
-%%    <dd>Tells explicitly which XML Schema documents to use to validate 
-%%    the XML document. Used together with the 
+%%    <dd>Tells explicitly which XML Schema documents to use to validate
+%%    the XML document. Used together with the
 %%    <code>{validation,schema}</code> option.</dd>
 %%  <dt><code>{quiet, Flag}</code></dt>
-%%    <dd>Set to 'true' if xmerl should behave quietly and not output any 
+%%    <dd>Set to 'true' if xmerl should behave quietly and not output any
 %%    information to standard output (default 'false').</dd>
 %%  <dt><code>{doctype_DTD, DTD}</code></dt>
 %%    <dd>Allows to specify DTD name when it isn't available in the XML
@@ -100,7 +100,21 @@
 %%    <dd>Set default character set used (default UTF-8).
 %%    This character set is used only if not explicitly given by the XML
 %%    declaration. </dd>
+%%  <dt><code>{document, Flag}</code></dt>
+%%    <dd>Set to 'true' if xmerl should return a complete XML document
+%%    as an xmlDocument record (default 'false').</dd>
+%%  <dt><code>{comments, Flag}</code></dt>
+%%    <dd>Set to 'false' if xmerl should skip comments otherwise they will
+%%    be returned as xmlComment records (default 'true').</dd>
+%%  <dt><code>{default_attrs, Flag}</code></dt>
+%%    <dd>Set to 'true' if xmerl should add to elements missing attributes
+%%    with a defined default value (default 'false').</dd>
 %% </dl>
+%% @type document() = xmlElement() | xmlDocument(). <p>
+%% The document returned by <tt>xmerl_scan:string/[1,2]</tt> and
+%% <tt>xmerl_scan:file/[1,2]</tt>. The type of the returned record depends on
+%% the value of the document option passed to the function.
+%% </p>
 
 
 -module(xmerl_scan).
@@ -224,7 +238,7 @@ cont_state(X, S=#xmerl_scanner{fun_states = FS}) ->
 file(F) ->
     file(F, []).
 
-%% @spec file(Filename::string(), Options::option_list()) -> {xmlElement(),Rest}
+%% @spec file(Filename::string(), Options::option_list()) -> {document(),Rest}
 %%   Rest = list()
 %%% @doc Parse file containing an XML document
 file(F, Options) ->
@@ -261,10 +275,10 @@ int_file_decl(F, Options,_ExtCharset) ->
 %% @spec string(Text::list()) -> {xmlElement(),Rest}
 %%   Rest = list()
 %% @equiv string(Test, [])
-string(Str) ->  
+string(Str) ->
     string(Str, []).
 
-%% @spec string(Text::list(),Options::option_list()) -> {xmlElement(),Rest}
+%% @spec string(Text::list(),Options::option_list()) -> {document(),Rest}
 %%   Rest = list()
 %%% @doc Parse string containing an XML document
 string(Str, Options) ->
@@ -292,7 +306,7 @@ int_string(Str, Options, XMLBase, FileName) ->
 	    scan_document(Str2, S#xmerl_scanner{encoding="iso-10646-utf-1"});
 	{undefined,undefined,Str2} -> %% no auto detection
 	    scan_document(Str2, S);
-	{external,ExtCharset,Str2} -> 
+	{external,ExtCharset,Str2} ->
 	    %% no auto detection, ExtCharset is an explicitly provided
 	    %% 7 bit,8 bit or utf-8 encoding
 	    scan_document(Str2, S#xmerl_scanner{encoding=atom_to_list(ExtCharset)})
@@ -311,7 +325,7 @@ int_string_decl(Str, Options, XMLBase, FileName) ->
 	{external,ExtCharset,Str2} ->
 	    scan_decl(Str2, S#xmerl_scanner{encoding=atom_to_list(ExtCharset)})
     end.
-    
+
 
 
 initial_state0(Options,XMLBase) ->
@@ -372,7 +386,7 @@ initial_state([{line, L}|T], S) ->
     initial_state(T, S#xmerl_scanner{line = L});
 initial_state([{namespace_conformant, F}|T], S) when F==true; F==false ->
     initial_state(T, S#xmerl_scanner{namespace_conformant = F});
-initial_state([{validation, F}|T], S) 
+initial_state([{validation, F}|T], S)
   when F==off; F==dtd; F==schema; F==true; F==false ->
     initial_state(T, S#xmerl_scanner{validation = validation_value(F)});
 initial_state([{schemaLocation, SL}|T], S) when is_list(SL) ->
@@ -381,6 +395,12 @@ initial_state([{quiet, F}|T], S) when F==true; F==false ->
     initial_state(T, S#xmerl_scanner{quiet = F});
 initial_state([{doctype_DTD,DTD}|T], S) ->
     initial_state(T,S#xmerl_scanner{doctype_DTD = DTD});
+initial_state([{document, F}|T], S) when is_boolean(F) ->
+    initial_state(T,S#xmerl_scanner{document = F});
+initial_state([{comments, F}|T], S) when is_boolean(F) ->
+    initial_state(T,S#xmerl_scanner{comments = F});
+initial_state([{default_attrs, F}|T], S) when is_boolean(F) ->
+    initial_state(T,S#xmerl_scanner{default_attrs = F});
 initial_state([{text_decl,Bool}|T], S) ->
     initial_state(T,S#xmerl_scanner{text_decl=Bool});
 initial_state([{environment,Env}|T], S) ->
@@ -402,7 +422,7 @@ validation_value(false) ->
 validation_value(F) ->
     F.
 
-%% Used for compacting (some) indentations. 
+%% Used for compacting (some) indentations.
 %% See also fast_accumulate_whitespace().
 common_data() ->
     {comdata(lists:duplicate(60, $\s), []),
@@ -445,7 +465,7 @@ event(_X, S) ->
 %% where Pos' can be derived from X#xmlElement.pos, X#xmlText.pos, or
 %% X#xmlAttribute.pos (whichever is the current object type.)
 %% The acc/3 function is not allowed to redefine the type of object
-%% being defined, but _is_ allowed to either ignore it or split it 
+%% being defined, but _is_ allowed to either ignore it or split it
 %% into multiple objects (in which case {Acc',Pos',S'} should be returned.)
 %% If {Acc',S'} is returned, Pos will be incremented by 1 by default.
 %% Below is an example of an acceptable operation
@@ -468,10 +488,10 @@ fetch_URI(URI, S) ->
     %% assume URI is a filename
     Split = filename:split(URI),
     Filename = fun([])->[];(X)->lists:last(X) end (Split),
-    Fullname = 
+    Fullname =
 	case Split of %% how about Windows systems?
 	    ["file:"|Name]-> %% absolute path, see RFC2396 sect 3
-		%% file:/dtd_name 
+		%% file:/dtd_name
 		filename:join(["/"|Name]);
 	    ["/"|Rest] when Rest /= [] ->
 		%% absolute path name
@@ -518,20 +538,21 @@ scan_document(Str0, S=#xmerl_scanner{event_fun = Event,
 				     line = L, col = C,
 				     environment=Env,
 				     encoding=Charset,
+				     document=Document,
 				     validation=ValidateResult}) ->
     S1 = Event(#xmerl_event{event = started,
 			    line = L,
 			    col = C,
 			    data = document}, S),
-    
+
     %% Transform to given character set.
-    %% Note that if another character set is given in the encoding 
+    %% Note that if another character set is given in the encoding
     %% attribute in a XML declaration that one will be used later
     Str=if
 	    Charset == "utf-8" ->
 		Str0;
-	    Charset=/=undefined -> % Default character set is UTF-8
-		xmerl_ucs:to_unicode(Str0,list_to_atom(Charset));
+	    Charset =/= undefined -> % Default character set is UTF-8
+		xmerl_ucs:to_unicode(Str0, list_to_atom(Charset));
 	    true -> %% Charset is undefined if no external input is
                     %% given, and no auto detection of character
                     %% encoding was made.
@@ -539,63 +560,71 @@ scan_document(Str0, S=#xmerl_scanner{event_fun = Event,
 	end,
 %%     M1 = erlang:memory(),
 %%     io:format("Memory status before prolog: ~p~n",[M1]),
-    {T1, S2} = scan_prolog(Str, S1, _StartPos = 1),
+    {Prolog, Pos, T1, S2} = scan_prolog(Str, S1, _StartPos = 1),
 %%     M2 = erlang:memory(),
 %%     io:format("Memory status after prolog: ~p~n",[M2]),
     %%io:format("scan_document 2, prolog parsed~n",[]),
-    T2 = scan_mandatory("<",T1,1,S2,expected_element_start_tag),
+    T2 = scan_mandatory("<", T1, 1, S2, expected_element_start_tag),
 %%     M3 = erlang:memory(),
 %%     io:format("Memory status before element: ~p~n",[M3]),
-    {Res, T3, S3} =scan_element(T2,S2,_StartPos = 1),
+    {Res, T3, S3} = scan_element(T2,S2,Pos),
 %%     M4 = erlang:memory(),
 %%     io:format("Memory status after element: ~p~n",[M4]),
-    {Tail, S4}=scan_misc(T3, S3, _StartPos = 1),
+    {Misc, _Pos1, Tail, S4}=scan_misc(T3, S3, Pos + 1),
 %%     M5 = erlang:memory(),
 %%     io:format("Memory status after misc: ~p~n",[M5]),
-    
+
     S5 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
 					       line = S4#xmerl_scanner.line,
 					       col = S4#xmerl_scanner.col,
 					       data = document}, S4),
 
-    {Res2,S6} = case validation_mode(ValidateResult) of
+    {Res2, S6} = case validation_mode(ValidateResult) of
 	     off ->
-		 {Res,cleanup(S5)};
+		 {Res, cleanup(S5)};
 	     dtd when Env == element; Env == prolog ->
 		 check_decl2(S5),
-		 case xmerl_validate:validate(S5,Res) of
-		     {'EXIT',{error,Reason}} ->
-			 S5b=cleanup(S5),
-			 ?fatal({failed_validation,Reason}, S5b);
-		     {'EXIT',Reason} ->
-			 S5b=cleanup(S5),
-			 ?fatal({failed_validation,Reason}, S5b);
-		     {error,Reason} ->
-			 S5b=cleanup(S5),
-			 ?fatal({failed_validation,Reason}, S5b);
-		     {error,Reason,_Next} ->
-			 S5b=cleanup(S5),
-			 ?fatal({failed_validation,Reason}, S5b);
+		 case xmerl_validate:validate(S5, Res) of
+		     {'EXIT', {error, Reason}} ->
+			 S5b = cleanup(S5),
+			 ?fatal({failed_validation, Reason}, S5b);
+		     {'EXIT', Reason} ->
+			 S5b = cleanup(S5),
+			 ?fatal({failed_validation, Reason}, S5b);
+		     {error, Reason} ->
+			 S5b = cleanup(S5),
+			 ?fatal({failed_validation, Reason}, S5b);
+		     {error, Reason, _Next} ->
+			 S5b = cleanup(S5),
+			 ?fatal({failed_validation, Reason}, S5b);
 		     _XML ->
-			 {Res,cleanup(S5)}
+			 {Res, cleanup(S5)}
 		 end;
 	     schema ->
-		 case schemaLocations(Res,S5) of
-		     {ok,Schemas} ->
+		 case schemaLocations(Res, S5) of
+		     {ok, Schemas} ->
 			 cleanup(S5),
 			 %%io:format("Schemas: ~p~nRes: ~p~ninhertih_options(S): ~p~n",
 			 %%          [Schemas,Res,inherit_options(S5)]),
-			 XSDRes = xmerl_xsd:process_validate(Schemas,Res,
+			 XSDRes = xmerl_xsd:process_validate(Schemas, Res,
 							     inherit_options(S5)),
-			 handle_schema_result(XSDRes,S5);
+			 handle_schema_result(XSDRes, S5);
 		     _ ->
-			 {Res,cleanup(S5)}
+			 {Res, cleanup(S5)}
 		 end;
 	     _ ->
-		 {Res,cleanup(S5)}
+		 {Res, cleanup(S5)}
 	 end,
 
-    {Res2, Tail, S6}.
+    Res3 =
+	case Document of
+	    true ->
+		Content = lists:reverse(Prolog, [Res2 | lists:reverse(Misc)]),
+		#xmlDocument{content = Content};
+	    false ->
+		Res2
+	end,
+    {Res3, Tail, S6}.
 
 
 scan_decl(Str, S=#xmerl_scanner{event_fun = Event,
@@ -607,13 +636,13 @@ scan_decl(Str, S=#xmerl_scanner{event_fun = Event,
 			    line = L,
 			    col = C,
 			    data = document}, S),
-    
+
     case scan_prolog(Str, S1, _StartPos = 1) of
-	{T2="<"++_, S2} ->
+	{_,_,T2="<"++_, S2} ->
 	    {{S2#xmerl_scanner.user_state,T2},[],S2};
-	{[], S2}->
+	{_,_,[], S2}->
 	    {[],[],S2};
-	{T2, S2} ->
+	{_,_,T2, S2} ->
 	    {_,_,S3} = scan_content(T2,S2,[],_Attrs=[],S2#xmerl_scanner.space,
 				    _Lang=[],_Parents=[],#xmlNamespace{}),
 	    {T2,[],S3}
@@ -624,28 +653,31 @@ scan_decl(Str, S=#xmerl_scanner{event_fun = Event,
 %%% prolog    ::=    XMLDecl? Misc* (doctypedecl Misc*)?
 %%%
 %% empty text declarations are handled by the first function clause.
-scan_prolog([], S=#xmerl_scanner{continuation_fun = F}, Pos) ->
+scan_prolog(T, S, Pos) ->
+    scan_prolog(T, S, Pos, []).
+scan_prolog([], S=#xmerl_scanner{continuation_fun = F}, Pos, Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_prolog(MoreBytes, S1, Pos) end,
-      fun(S1) -> {[], S1} end,
+    F(fun(MoreBytes, S1) -> scan_prolog(MoreBytes, S1, Pos, Acc) end,
+      fun(S1) -> {Acc, Pos, [], S1} end,
       S);
-scan_prolog("<?xml"++T,S0=#xmerl_scanner{encoding=Charset0,col=Col,line=L},Pos)
-  when ?whitespace(hd(T)) ->
-    {Charset,T3, S3}=
+scan_prolog("<?xml"++T,
+	    S0=#xmerl_scanner{encoding=Charset0,col=Col,line=L},
+	    Pos,Acc) when ?whitespace(hd(T)) ->
+    {Charset, T3, S3} =
     if
-	Col==1,L==1,S0#xmerl_scanner.text_decl==true -> 
+	Col==1,L==1,S0#xmerl_scanner.text_decl==true ->
 	    ?dbg("prolog(\"<?xml\")~n", []),
 	    ?bump_col(5),
 	    {_,T1,S1} = mandatory_strip(T,S),
 	    {Decl,T2, S2}=scan_text_decl(T1,S1),
 	    Encoding=Decl#xmlDecl.encoding,
-	    {Encoding,T2, S2#xmerl_scanner{encoding=Encoding}};
-	Col==1,L==1 -> 
+	    {Encoding, T2, S2#xmerl_scanner{encoding=Encoding}};
+	Col==1,L==1 ->
 	    ?dbg("prolog(\"<?xml\")~n", []),
 	    ?bump_col(5),
 	    {Decl,T2, S2}=scan_xml_decl(T, S),
 	    Encoding=Decl#xmlDecl.encoding,
-	    {Encoding,T2, S2#xmerl_scanner{encoding=Encoding}};
+	    {Encoding, T2, S2#xmerl_scanner{encoding=Encoding}};
 	true ->
 	    ?fatal({xml_declaration_must_be_first_in_doc,Col,L},S0)
     end,
@@ -659,7 +691,7 @@ scan_prolog("<?xml"++T,S0=#xmerl_scanner{encoding=Charset0,col=Col,line=L},Pos)
     %% Now transform to declared character set.
     if
 	Charset==Charset0 -> % Document already transformed to this charset!
-	    scan_prolog(T3, S3, Pos);
+	    scan_prolog(T3, S3, Pos, Acc);
 	Charset0=/=undefined ->
 	    %% For example may an external entity
 	    %% have the BOM for utf-16 and the internal
@@ -668,17 +700,18 @@ scan_prolog("<?xml"++T,S0=#xmerl_scanner{encoding=Charset0,col=Col,line=L},Pos)
 	    %% 'iso-10646-utf-1', and Charset will be 'utf-16', all
 	    %% legal.
 	    %%
-	    scan_prolog(T3,S3#xmerl_scanner{encoding=Charset0},Pos);
+	    scan_prolog(T3,S3#xmerl_scanner{encoding=Charset0},Pos,Acc);
 	Charset == "utf-8" ->
-	    scan_prolog(T3, S3, Pos);
+	    scan_prolog(T3, S3, Pos, Acc);
 	Charset=/=undefined -> % Document not previously transformed
 	    T4=xmerl_ucs:to_unicode(T3,list_to_atom(Charset)),
-	    scan_prolog(T4, S3, Pos);
+	    scan_prolog(T4, S3, Pos, Acc);
 	true -> % No encoding info given
-	    scan_prolog(T3, S3, Pos)
+	    scan_prolog(T3, S3, Pos, Acc)
     end;
-scan_prolog("<!DOCTYPE" ++ T, S0=#xmerl_scanner{environment=prolog,
-						encoding=_Charset}, Pos) ->
+scan_prolog("<!DOCTYPE" ++ T,
+	    S0=#xmerl_scanner{environment=prolog,encoding=_Charset},
+	    Pos, Acc) ->
     ?dbg("prolog(\"<!DOCTYPE\")~n", []),
     ?bump_col(9),
     %% If no known character set assume it is UTF-8
@@ -687,12 +720,15 @@ scan_prolog("<!DOCTYPE" ++ T, S0=#xmerl_scanner{environment=prolog,
 	   true -> T
        end,
     {T2, S1} = scan_doctype(T1, S),
-    scan_misc(T2, S1, Pos);
-scan_prolog(Str="%"++_T,S=#xmerl_scanner{environment={external,_}},_Pos) ->
-    scan_ext_subset(Str,S);
-scan_prolog(Str, S0 = #xmerl_scanner{user_state=_US,encoding=_Charset},Pos) ->
+    scan_misc(T2, S1, Pos, Acc);
+scan_prolog(Str="%"++_T,S=#xmerl_scanner{environment={external,_}},
+	    Pos,Acc) ->
+    {T, S1} = scan_ext_subset(Str,S),
+    {Acc, Pos, T, S1};
+scan_prolog(Str, S0 = #xmerl_scanner{user_state=_US,encoding=_Charset},
+	    Pos,Acc) ->
     ?dbg("prolog(\"<\")~n", []),
-    
+
     %% Check for Comments, PI before possible DOCTYPE declaration
     ?bump_col(1),
     %% If no known character set assume it is UTF-8
@@ -700,28 +736,30 @@ scan_prolog(Str, S0 = #xmerl_scanner{user_state=_US,encoding=_Charset},Pos) ->
 %%	  Charset==undefined -> xmerl_ucs:to_unicode(Str,'utf-8');
 	  true -> Str
       end,
-    {T1, S1}=scan_misc(T, S, Pos),
-    scan_prolog2(T1,S1,Pos).
+    {Acc1, Pos1, T1, S1}=scan_misc(T, S, Pos, Acc),
+    scan_prolog2(T1,S1,Pos1,Acc1).
 
 
 
-scan_prolog2([], S=#xmerl_scanner{continuation_fun = F}, Pos) ->
+scan_prolog2([], S=#xmerl_scanner{continuation_fun = F}, Pos, Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_prolog2(MoreBytes, S1, Pos) end,
-      fun(S1) -> {[], S1} end,
+    F(fun(MoreBytes, S1) -> scan_prolog2(MoreBytes, S1, Pos, Acc) end,
+      fun(S1) -> {Acc, Pos, [], S1} end,
       S);
-scan_prolog2("<!DOCTYPE" ++ T, S0=#xmerl_scanner{environment=prolog}, Pos) ->
+scan_prolog2("<!DOCTYPE" ++ T, S0=#xmerl_scanner{environment=prolog},
+	     Pos, Acc) ->
     ?dbg("prolog(\"<!DOCTYPE\")~n", []),
     ?bump_col(9),
     {T1, S1} = scan_doctype(T, S),
-    scan_misc(T1, S1, Pos);
-scan_prolog2(Str = "<!" ++ _, S, _Pos) ->
+    scan_misc(T1, S1, Pos, Acc);
+scan_prolog2(Str = "<!" ++ _, S, Pos, Acc) ->
     ?dbg("prolog(\"<!\")~n", []),
     %% In e.g. a DTD, we jump directly to markup declarations
-    scan_ext_subset(Str, S);
-scan_prolog2(Str, S0 = #xmerl_scanner{user_state=_US},Pos) ->
+    {T, S1} = scan_ext_subset(Str, S),
+    {Acc, Pos, T, S1};
+scan_prolog2(Str, S0 = #xmerl_scanner{user_state=_US},Pos,Acc) ->
     ?dbg("prolog(\"<\")~n", []),
-    
+
     %% Here we consider the DTD provided by doctype_DTD option,
     S1 =
 	case S0 of
@@ -733,7 +771,7 @@ scan_prolog2(Str, S0 = #xmerl_scanner{user_state=_US},Pos) ->
 	end,
     %% Check for more Comments and PI after DOCTYPE declaration
 %    ?bump_col(1),
-    scan_misc(Str, S1, Pos).
+    scan_misc(Str, S1, Pos, Acc).
 
 
 
@@ -743,26 +781,46 @@ scan_prolog2(Str, S0 = #xmerl_scanner{user_state=_US},Pos) ->
 %% - Neither of Comment and PI are returned in the resulting parsed
 %%   structure.
 %% - scan_misc/3 implements Misc* as that is how the rule is always used
-scan_misc([], S=#xmerl_scanner{continuation_fun = F}, Pos) ->
+scan_misc(T, S, Pos) ->
+    scan_misc(T, S, Pos, []).
+scan_misc([], S=#xmerl_scanner{continuation_fun = F}, Pos, Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_misc(MoreBytes, S1, Pos) end,
-      fun(S1) -> {[], S1} end,
+    F(fun(MoreBytes, S1) -> scan_misc(MoreBytes, S1, Pos, Acc) end,
+      fun(S1) -> {Acc, Pos, [], S1} end,
       S);
-scan_misc("<!--" ++ T, S0, Pos) -> % Comment
+scan_misc("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Acc) -> % Comment
     ?bump_col(4),
-    {_, T1, S1} = scan_comment(T, S, Pos, _Parents = [], _Lang = []),
-    scan_misc(T1,S1,Pos);
-scan_misc("<?" ++ T, S0, Pos) -> % PI
+    {C, T1, S1} = scan_comment(T, S, Pos, _Parents = [], _Lang = []),
+    case CF of
+	true ->
+	    {Acc2, Pos2, S3} =
+		case F(C, Acc, S1) of
+		    {Acc1, S2} ->
+			{Acc1, Pos + 1, S2};
+		    {Acc1, Pos1, S2} ->
+			{Acc1, Pos1, S2}
+		end,
+	    scan_misc(T1, S3, Pos2, Acc2);
+	false ->
+	    scan_misc(T1, S1, Pos, Acc)
+    end;
+scan_misc("<?" ++ T, S0=#xmerl_scanner{acc_fun = F}, Pos, Acc) -> % PI
     ?dbg("prolog(\"<?\")~n", []),
     ?bump_col(2),
-    {_PI, T1, S1} = scan_pi(T, S, Pos),
-    scan_misc(T1,S1,Pos);
-scan_misc(T=[H|_T], S, Pos) when ?whitespace(H) ->
+    {PI, T1, S1} = scan_pi(T, S, Pos, []),
+    {Acc2, Pos2, S3} = case F(PI, Acc, S1) of
+			   {Acc1, S2} ->
+			       {Acc1, Pos + 1, S2};
+			   {Acc1, Pos1, S2} ->
+			       {Acc1, Pos1, S2}
+		       end,
+    scan_misc(T1,S3,Pos2,Acc2);
+scan_misc(T=[H|_T], S, Pos, Acc) when ?whitespace(H) ->
     ?dbg("prolog(whitespace)~n", []),
     {_,T1,S1}=strip(T,S),
-    scan_misc(T1,S1,Pos);
-scan_misc(T,S,_Pos) ->
-    {T,S}.
+    scan_misc(T1,S1,Pos,Acc);
+scan_misc(T,S,Pos,Acc) ->
+    {Acc,Pos,T,S}.
 
 
 cleanup(S=#xmerl_scanner{keep_rules = false,
@@ -780,7 +838,7 @@ scan_xml_decl(T, S) ->
     {_,T1,S1} = mandatory_strip(T,S),
     {T2,S2} =
 	case T1 of
-	    "version" ++ _T2 -> 
+	    "version" ++ _T2 ->
 		{_T2,S1#xmerl_scanner{col=S1#xmerl_scanner.col+7}};
 	    _ -> ?fatal(expected_version_attribute,S1)
 	end,
@@ -789,7 +847,8 @@ scan_xml_decl(T, S) ->
     Attr = #xmlAttribute{name = version,
 			 parents = [{xml, _XMLPos = 1}],
 			 value = Vsn},
-    scan_xml_decl(T4, S4, #xmlDecl{attributes = [Attr]}).
+    scan_xml_decl(T4, S4, #xmlDecl{vsn = Vsn,
+				   attributes = [Attr]}).
 
 scan_xml_decl([], S=#xmerl_scanner{continuation_fun = F}, Decl) ->
     ?dbg("cont()...~n", []),
@@ -820,8 +879,8 @@ scan_xml_decl2("encoding" ++ T, S0 = #xmerl_scanner{event_fun = Event},
 			 value = LowEncName},
     Decl = Decl0#xmlDecl{encoding = LowEncName,
 			 attributes = [Attr|Attrs]},
-    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended, 
-					       line = S0#xmerl_scanner.line, 
+    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
+					       line = S0#xmerl_scanner.line,
 					       col = S0#xmerl_scanner.col,
 					       data = Attr}, S2),
     case T2 of
@@ -843,7 +902,7 @@ scan_xml_decl3("?>" ++ T, S0,Decl) ->
     return_xml_decl(T,S,Decl);
 scan_xml_decl3("standalone" ++ T,S0 = #xmerl_scanner{event_fun = Event},
 	      Decl0 = #xmlDecl{attributes = Attrs}) ->
-    %% [32] SDDecl 
+    %% [32] SDDecl
     ?bump_col(10),
     {T1, S1} = scan_eq(T, S),
     {StValue,T2,S2}=scan_standalone_value(T1,S1),
@@ -852,8 +911,8 @@ scan_xml_decl3("standalone" ++ T,S0 = #xmerl_scanner{event_fun = Event},
 			 value = StValue},
     Decl = Decl0#xmlDecl{standalone = StValue,
 			 attributes = [Attr|Attrs]},
-    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended, 
-					       line = S0#xmerl_scanner.line, 
+    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
+					       line = S0#xmerl_scanner.line,
 					       col = S0#xmerl_scanner.col,
 					       data = Attr}, S2),
     {_,T3,S4} = strip(T2,S3),
@@ -874,7 +933,7 @@ return_xml_decl(T,S=#xmerl_scanner{hook_fun = _Hook,
 %%    {Ret, S3} = Hook(Decl, S2),
 %%    {Ret, T1, S3}.
     {Decl, T1, S2}.
-    
+
 
 scan_standalone_value("'yes'" ++T,S0)->
     ?bump_col(5),
@@ -917,7 +976,7 @@ scan_text_decl(T,S=#xmerl_scanner{event_fun = Event}) ->
     scan_text_decl(T5,S6,Decl).
 
 scan_text_decl("?>"++T,S0 = #xmerl_scanner{hook_fun = _Hook,
-					   event_fun = Event}, 
+					   event_fun = Event},
 	       Decl0 = #xmlDecl{attributes = Attrs}) ->
     ?bump_col(2),
     ?strip1,
@@ -942,7 +1001,7 @@ scan_optional_version("version"++T,S0) ->
     {#xmlDecl{attributes=[Attr]},T4,S4};
 scan_optional_version(T,S) ->
     {#xmlDecl{attributes=[]},T,S}.
-    
+
 
 
 %%%%%%% [81] EncName
@@ -951,7 +1010,7 @@ scan_enc_name([], S=#xmerl_scanner{continuation_fun = F}) ->
     F(fun(MoreBytes, S1) -> scan_enc_name(MoreBytes, S1) end,
       fun(S1) -> ?fatal(expected_encoding_name, S1) end,
       S);
-scan_enc_name([H|T], S0) when H >= $"; H =< $' -> 
+scan_enc_name([H|T], S0) when H >= $"; H =< $' ->
     ?bump_col(1),
     scan_enc_name(T, S, H, []).
 
@@ -1004,7 +1063,7 @@ scan_xml_vsn([H|T], S) when H==$"; H==$'->
 
 xml_vsn([], S=#xmerl_scanner{continuation_fun = F}, Delim, Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> xml_vsn(MoreBytes, S1, Delim, Acc) end, 
+    F(fun(MoreBytes, S1) -> xml_vsn(MoreBytes, S1, Delim, Acc) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 xml_vsn([H|T], S=#xmerl_scanner{col = C}, H, Acc) ->
@@ -1025,50 +1084,53 @@ xml_vsn([H|T], S=#xmerl_scanner{col = C}, Delim, Acc) ->
 
 %%%%%%% [16] PI ::= '<?' PITarget (S (Char* - (Char* '?>' Char*)))? '?>'
 
-scan_pi([], S=#xmerl_scanner{continuation_fun = F}, Pos) ->
+scan_pi([], S=#xmerl_scanner{continuation_fun = F}, Pos, Ps) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_pi(MoreBytes, S1, Pos) end,
+    F(fun(MoreBytes, S1) -> scan_pi(MoreBytes, S1, Pos, Ps) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
-scan_pi(Str = [H1,H2,H3 | T],S0=#xmerl_scanner{line = L, col = C}, Pos)
+scan_pi(Str = [H1,H2,H3 | T],S0=#xmerl_scanner{line = L, col = C}, Pos, Ps)
   when H1==$x;H1==$X ->
     %% names beginning with [xX][mM][lL] are reserved for future use.
     ?bump_col(3),
-    if 
+    if
 	((H2==$m) or (H2==$M)) and
 	((H3==$l) or (H3==$L)) ->
-	    scan_wellknown_pi(T,S,Pos);
+	    scan_wellknown_pi(T,S,Pos,Ps);
 	true ->
 	    {Target, _NamespaceInfo, T1, S1} = scan_name(Str, S),
-	    scan_pi(T1, S1, Target, L, C, Pos, [])
+	    scan_pi(T1, S1, Target, L, C, Pos, Ps, [])
     end;
-scan_pi(Str, S=#xmerl_scanner{line = L, col = C}, Pos) ->
+scan_pi(Str, S=#xmerl_scanner{line = L, col = C}, Pos, Ps) ->
     {Target, _NamespaceInfo, T1, S1} = scan_name(Str, S),
-    scan_pi(T1, S1, Target, L, C, Pos,[]).
+    scan_pi(T1, S1, Target, L, C, Pos, Ps, []).
 
 
 %%% More info on xml-stylesheet can be found at:
 %%%   "Associating Style Sheets with XML documents", Version 1.0,
 %%%   W3C Recommendation 29 June 1999 (http://www.w3.org/TR/xml-stylesheet/)
-scan_wellknown_pi("-stylesheet"++T, S0=#xmerl_scanner{line=L,col=C},Pos) ->
+scan_wellknown_pi("-stylesheet"++T, S0=#xmerl_scanner{line=L,col=C},Pos,Ps) ->
     ?dbg("prolog(\"<?xml-stylesheet\")~n", []),
     ?bump_col(16),
-    scan_pi(T, S, "xml-stylesheet",L,C,Pos,[]);
-scan_wellknown_pi(Str,S,_Pos) ->
+    scan_pi(T, S, "xml-stylesheet",L,C,Pos,Ps,[]);
+scan_wellknown_pi(Str,S,_Pos,_Ps) ->
     ?fatal({invalid_target_name, lists:sublist(Str, 1, 10)}, S).
 
 
 
-scan_pi([], S=#xmerl_scanner{continuation_fun = F}, Target,L, C, Pos, Acc) ->
+scan_pi([], S=#xmerl_scanner{continuation_fun = F}, Target,
+	L, C, Pos, Ps, Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_pi(MoreBytes, S1, Target, L, C, Pos, Acc) end,
+    F(fun(MoreBytes, S1) -> scan_pi(MoreBytes, S1, Target,
+				    L, C, Pos, Ps, Acc) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_pi("?>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
-				       event_fun = Event}, 
-	Target, L, C, Pos, Acc) ->
+				       event_fun = Event},
+	Target, L, C, Pos, Ps, Acc) ->
     ?bump_col(2),
     PI = #xmlPI{name = Target,
+		parents = Ps,
 		pos = Pos,
 		value = lists:reverse(Acc)},
     S1 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
@@ -1077,22 +1139,25 @@ scan_pi("?>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
 					       data = PI}, S),
     {Ret, S2} = Hook(PI, S1),
     {Ret, T, S2};
-scan_pi([H|T], S, Target, L, C, Pos, Acc) when ?whitespace(H) ->
+scan_pi([H|T], S, Target, L, C, Pos, Ps, Acc) when ?whitespace(H) ->
     ?strip1,
-    scan_pi2(T1, S1, Target, L, C, Pos, Acc);
-scan_pi([H|_T],S,_Target, _L, _C, _Pos, _Acc) ->
+    scan_pi2(T1, S1, Target, L, C, Pos, Ps, Acc);
+scan_pi([H|_T],S,_Target, _L, _C, _Pos, _Ps, _Acc) ->
     ?fatal({expected_whitespace_OR_end_of_PI,{char,H}}, S).
 
-scan_pi2([], S=#xmerl_scanner{continuation_fun = F}, Target,L, C, Pos, Acc) ->
+scan_pi2([], S=#xmerl_scanner{continuation_fun = F}, Target,
+	 L, C, Pos, Ps, Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_pi2(MoreBytes, S1, Target, L, C, Pos, Acc) end,
+    F(fun(MoreBytes, S1) -> scan_pi2(MoreBytes, S1, Target,
+				     L, C, Pos, Ps, Acc) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_pi2("?>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
-				       event_fun = Event}, 
-	Target, L, C, Pos, Acc) ->
+				       event_fun = Event},
+	 Target, L, C, Pos, Ps, Acc) ->
     ?bump_col(2),
     PI = #xmlPI{name = Target,
+		parents = Ps,
 		pos = Pos,
 		value = lists:reverse(Acc)},
     S1 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
@@ -1101,14 +1166,14 @@ scan_pi2("?>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
 					       data = PI}, S),
     {Ret, S2} = Hook(PI, S1),
     {Ret, T, S2};
-scan_pi2(Str, S0, Target, L, C, Pos, Acc) ->
+scan_pi2(Str, S0, Target, L, C, Pos, Ps, Acc) ->
     ?bump_col(1),
     {Ch,T} = wfc_legal_char(Str,S),
-    scan_pi2(T, S, Target, L, C, Pos, [Ch|Acc]).
+    scan_pi2(T, S, Target, L, C, Pos, Ps, [Ch|Acc]).
 
 
 
-%% [28] doctypedecl ::= 
+%% [28] doctypedecl ::=
 %%   '<!DOCTYPE' S Name (S ExternalID)? S? ('[' intSubset ']' S?)? '>'
 scan_doctype([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
@@ -1214,7 +1279,7 @@ fetch_DTD(undefined, S) ->
     S;
 % fetch_DTD(_,S=#xmerl_scanner{validation=false}) ->
 %     S;
-fetch_DTD(DTDSpec, S)-> 
+fetch_DTD(DTDSpec, S)->
     case fetch_and_parse(DTDSpec,S,[{text_decl,true},
 				    {environment,{external,subset}}]) of
 	NewS when is_record(NewS,xmerl_scanner) ->
@@ -1229,7 +1294,7 @@ fetch_and_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch,
 		Options0) ->
     RetS =
     case Fetch(ExtSpec, S) of
-	{ok, NewS} -> 
+	{ok, NewS} ->
 	    %% For backward compatibility only. This will be removed later!!
 	    NewS;
 	{ok, not_fetched,NewS} ->
@@ -1294,7 +1359,7 @@ fetch_not_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch}) ->
 	{ok, DataRet, NewS} ->
 	    {String,LocationName} =
 		case DataRet of
-		    {file,F} ->	
+		    {file,F} ->
 			{get_file(F,S),F};
 		    {string,Str} ->
 			{binary_to_list(Str),file_name_unknown};
@@ -1310,7 +1375,7 @@ fetch_not_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch}) ->
 get_file(F,S) ->
 %     io:format("get_file F=~p~n",[F]),
     case file:read_file(F) of
-	{ok,Bin} ->	    
+	{ok,Bin} ->
 	    binary_to_list(Bin);
 	Err ->
 	    ?fatal({error_reading_file,F,Err},S)
@@ -1325,7 +1390,7 @@ check_decl(#xmerl_scanner{rules=Tab} = S) ->
     check_notations(Tab,S),
     check_elements(Tab,S), %% check also attribute defs for element
     check_entities(Tab,S).
-	    
+
 check_notations(Tab,S) ->
     case ets:match(Tab,{{notation,'$1'},undeclared}) of
 	[[]] -> ok;
@@ -1374,7 +1439,7 @@ check_attributes([{N1,'ID',_,_,_}=Attr|Rest],S) ->
 check_attributes([{_,{enumeration,_},_,_,_}=Attr|T],S) ->
     vc_Enumeration(Attr,S),
     check_attributes(T,S);
-check_attributes([{_,Ent,_,_,_}=Attr|T],S) 
+check_attributes([{_,Ent,_,_,_}=Attr|T],S)
   when Ent=='ENTITY';Ent=='ENTITIES' ->
     vc_Entity_Name(Attr,S),
     check_attributes(T,S);
@@ -1418,7 +1483,7 @@ scan_ext_subset([], S=#xmerl_scanner{continuation_fun = F}) ->
     F(fun(MoreBytes, S1) -> scan_ext_subset(MoreBytes, S1) end,
       fun(S1) -> {[], S1} end,
       S);
-scan_ext_subset("%" ++ T, S0) -> 
+scan_ext_subset("%" ++ T, S0) ->
     %% DeclSep [28a]: WFC: PE Between Declarations.
     %% The replacement text of a parameter entity reference in a
     %% DeclSep must match the production extSubsetDecl.
@@ -1472,7 +1537,7 @@ scan_decl_sep(T,S) ->
 % 		{" " ++ EntV2 ++ " ",_S3};
 % 	    ExpRef ->
 % 		{ExpRef,S1}
-% 	end,		     
+% 	end,
 %     {_, T3, S3} = strip(ExpandedRef,S2),
 %     {_T4,S4} = scan_ext_subset(T3,S3),
 %     strip(T1,S4).
@@ -1558,7 +1623,7 @@ scan_include(T, S) ->
     scan_include(T1, S1).
 
 
-%%%%%%% [29] markupdecl ::= elementdecl | AttlistDecl | EntityDecl | 
+%%%%%%% [29] markupdecl ::= elementdecl | AttlistDecl | EntityDecl |
 %%%%%%%                     NotationDecl | PI |Comment
 %%%%%%% [45] elementdecl ::= '<!ELEMENT' S Name S contentspec S? '>'
 
@@ -1575,16 +1640,16 @@ scan_markup_decl("<!--" ++ T, S0) ->
     scan_comment(T, S);
 scan_markup_decl("<?" ++ T, S0) ->
     ?bump_col(2),
-    {_PI, T1, S1} = scan_pi(T, S,_Pos=markup),
+    {_PI, T1, S1} = scan_pi(T, S,_Pos=markup,[]),
     strip(T1, S1);
-scan_markup_decl("<!ELEMENT" ++ T, 
+scan_markup_decl("<!ELEMENT" ++ T,
 		 #xmerl_scanner{rules_read_fun = Read,
 				rules_write_fun = Write,
 				rules_delete_fun = Delete} = S0) ->
     ?bump_col(9),
     {_,T1,S1} = mandatory_strip(T,S),
     {Ename, _NamespaceInfo, T2, S2} = scan_name(T1, S1),
-    Element  = 
+    Element  =
 	case Read(elem_def, Ename, S2) of
 	    El = #xmlElement{elementdef=Decl} when Decl =/= undeclared ->
 		case S2#xmerl_scanner.validation of
@@ -1625,7 +1690,7 @@ scan_markup_decl("<!NOTATION" ++ T, S0) ->
     {_,T1,S1} = mandatory_strip(T,S),
     {T2, S2} = scan_notation_decl(T1, S1),
     strip(T2,S2);
-scan_markup_decl("<!ATTLIST" ++ T, 
+scan_markup_decl("<!ATTLIST" ++ T,
 		 #xmerl_scanner{rules_read_fun = Read,
 				rules_write_fun = Write,
 				rules_delete_fun= Delete} = S0) ->
@@ -1642,7 +1707,7 @@ scan_markup_decl("<!ATTLIST" ++ T,
 		%% internal DTD.
 		{#xmlElement{},update_attributes(Attributes,[])};
 	    Edef = #xmlElement{attributes = OldAttrs} ->
-		Delete(elem_def,Ename,S4), 
+		Delete(elem_def,Ename,S4),
 		%% the slot in rules table must be empty so that the
 		%% later write has the assumed effect. Read maybe
 		%% should empty the table slot.
@@ -1661,7 +1726,7 @@ scan_element_completion(T,S) ->
 update_attributes(NewAttrs, OldAttrs) ->
     update_attributes1(NewAttrs,lists:reverse(OldAttrs)).
 
-update_attributes1([A = {Name,_Type,_DefaultV,_DefaultD,_Env}|Attrs], 
+update_attributes1([A = {Name,_Type,_DefaultV,_DefaultD,_Env}|Attrs],
 		   OldAttrs) ->
     case lists:keymember(Name, 1, OldAttrs) of
 	true ->
@@ -1802,7 +1867,7 @@ scan_notation_type("|" ++ T, S0, Acc) ->
     ?strip3,
     scan_notation_type(T3, S3, [Name | Acc]).
 
-%%% Validity constraint for NotationType: 
+%%% Validity constraint for NotationType:
 %%% The used notation names must be declared in the DTD, but they may
 %%% be declared later.
 notation_exists(Name, #xmerl_scanner{rules_read_fun = Read,
@@ -1931,7 +1996,7 @@ scan_entity_def(Str, S, EName) ->
 				  {environment,{external,{entity,EName}}}]) of
 		{{_USret,Entity},_Tail,_Sx} ->
 		    {Entity, external,T2, S2};
-		{Entity,_Tail,Sx} -> 
+		{Entity,_Tail,Sx} ->
 			OldRef=S2#xmerl_scanner.entity_references,
 			NewRef=Sx#xmerl_scanner.entity_references,
 		    {Entity,external,T2,
@@ -1981,28 +2046,28 @@ scan_element(T, S, Pos) ->
 scan_element(T, S=#xmerl_scanner{line=L,col=C},
 	     Pos, SpaceDefault,Lang, Parents, NS) ->
     {Name, NamespaceInfo, T1, S1} = scan_name(T, S),
-    vc_Element_valid(Name,S),
+    vc_Element_valid(Name,NamespaceInfo,S),
     ?strip2,
-    scan_element(T2, S2, Pos, Name, L, C, _Attrs = [], 
-		 Lang, Parents, NamespaceInfo, NS, 
+    scan_element(T2, S2, Pos, Name, L, C, _Attrs = [],
+		 Lang, Parents, NamespaceInfo, NS,
 		 SpaceDefault).
 
 
 scan_element("/", S=#xmerl_scanner{continuation_fun = F},
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("trailing / detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_element("/" ++ MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element("/" ++ MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
-scan_element([], S=#xmerl_scanner{continuation_fun = F}, 
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+scan_element([], S=#xmerl_scanner{continuation_fun = F},
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_element(MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element(MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2010,13 +2075,14 @@ scan_element("/>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
 					    event_fun = Event,
 					    line = L, col = C,
 					    xmlbase_cache=XMLBase}, Pos,
-	     Name, _StartL, _StartC, Attrs0, Lang, Parents, NSI, 
+	     Name, _StartL, _StartC, Attrs0, Lang, Parents, NSI,
 	     Namespace, _SpaceDefault) ->
     ?bump_col(2),
     Attrs = lists:reverse(Attrs0),
     E=processed_whole_element(S, Pos, Name, Attrs, Lang, Parents,NSI,Namespace),
-    
-    wfc_unique_att_spec(Attrs,S),
+
+    #xmlElement{attributes = Attrs1} = E,
+    wfc_unique_att_spec(Attrs1,S),
     S1 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
 					       line = L,
 					       col = C,
@@ -2025,11 +2091,11 @@ scan_element("/>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
     S2b=S2#xmerl_scanner{xmlbase=XMLBase},
     {Ret, T, S2b};
 scan_element(">", S=#xmerl_scanner{continuation_fun = F},
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("trailing > detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_element(">" ++ MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element(">" ++ MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2038,28 +2104,31 @@ scan_element(">" ++ T, S0 = #xmerl_scanner{event_fun = Event,
 					   line = L, col = C,
 					   xmlbase_cache=XMLBase,
 					   space = SpaceOption},
-	     Pos, Name, StartL, StartC, Attrs0, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs0, Lang, Parents,
 	     NSI, Namespace, SpaceDefault) ->
     ?bump_col(1),
     Attrs = lists:reverse(Attrs0),
-    wfc_unique_att_spec(Attrs,S),
-    XMLSpace = case lists:keysearch('xml:space', #xmlAttribute.name, Attrs) of
+    E0=processed_whole_element(S,Pos,Name,Attrs,Lang,Parents,NSI,Namespace),
+
+    #xmlElement{attributes = Attrs1} = E0,
+    wfc_unique_att_spec(Attrs1,S),
+    XMLSpace = case lists:keysearch('xml:space', #xmlAttribute.name, Attrs1) of
 		   false ->			SpaceDefault;
 		   {value, #xmlAttribute{value="default"}} ->	SpaceOption;
 		   {value, #xmlAttribute{value="preserve"}} ->	preserve;
 		   _ ->				SpaceDefault
 	       end,
-    
-    E0=processed_whole_element(S,Pos,Name,Attrs,Lang,Parents,NSI,Namespace),
+
+    E0=processed_whole_element(S,Pos,Name,Attrs1,Lang,Parents,NSI,Namespace),
     S1 = #xmerl_scanner{} = Event(#xmerl_event{event = started,
 					       line = StartL,
 					       col = StartC,
 					       data = E0}, S),
-    
-    {Content, T1, S2} = scan_content(T, S1, Name, Attrs, XMLSpace, 
+
+    {Content, T1, S2} = scan_content(T, S1, Name, Attrs1, XMLSpace,
 				     E0#xmlElement.language,
 				     [{Name, Pos}|Parents], Namespace),
-    
+
     Element=E0#xmlElement{content=Content,
 			  xmlbase=E0#xmlElement.xmlbase},
     S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
@@ -2069,7 +2138,7 @@ scan_element(">" ++ T, S0 = #xmerl_scanner{event_fun = Event,
     {Ret, S4} = Hook(Element, S3),
     S4b=S4#xmerl_scanner{xmlbase=XMLBase},
     {Ret, T1, S4b};
-scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     {AttName, NamespaceInfo, T1, S1} = scan_name(T, S),
     {T2, S2} = scan_eq(T1, S1),
@@ -2078,26 +2147,27 @@ scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 %%    check_default_value(S3,DefaultDecl,AttValue),
     NewNS = check_namespace(AttName, NamespaceInfo, AttValue, NS),
     {T3,S3} = wfc_whitespace_betw_attrs(T3a,S3a),
-    ?strip4,  
+    ?strip4,
     AttrPos = case Attrs of
 		  [] ->
 		      1;
 		  [#xmlAttribute{pos = P}|_] ->
 		      P+1
 	      end,
-    Attr = #xmlAttribute{name = AttName, 
+    Attr = #xmlAttribute{name = AttName,
+			 parents = [{Name, Pos}|Parents],
 			 pos = AttrPos,
 			 language = Lang,
-			 namespace = NamespaceInfo,
+			 nsinfo = NamespaceInfo,
 			 value = AttValue,
 			 normalized = IsNorm},
     XMLBase=if
 		AttName=='xml:base' ->
 		    resolve_relative_uri(AttValue,S4#xmerl_scanner.xmlbase);
-		true ->	
+		true ->
 		    S4#xmerl_scanner.xmlbase
 	    end,
-    
+
     #xmerl_scanner{event_fun = Event,
 		   line = Line,
 		   col = Col} = S4,
@@ -2107,9 +2177,17 @@ scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 			    data = Attr},
 	       S4#xmerl_scanner{xmlbase=XMLBase,
 				xmlbase_cache=S#xmerl_scanner.xmlbase}),
-    scan_element(T4, S5, Pos, Name, StartL, StartC, [Attr|Attrs], 
+    scan_element(T4, S5, Pos, Name, StartL, StartC, [Attr|Attrs],
 		 Lang, Parents, NSI, NewNS, SpaceDefault).
 
+get_default_attrs(S = #xmerl_scanner{rules_read_fun = Read}, ElemName) ->
+    case Read(elem_def, ElemName, S) of
+	#xmlElement{attributes = Attrs} ->
+	    [ {AttName, AttValue} ||
+	      {AttName, _, AttValue, _, _} <- Attrs, AttValue =/= no_value ];
+	_ -> []
+    end.
+
 get_att_type(S=#xmerl_scanner{rules_read_fun=Read},AttName,ElemName) ->
     case Read(elem_def,ElemName,S) of
 	#xmlElement{attributes = Attrs} ->
@@ -2135,11 +2213,28 @@ resolve_relative_uri(NewBase,CurrentBase) ->
 processed_whole_element(S=#xmerl_scanner{hook_fun = _Hook,
 					 xmlbase = XMLBase,
 					 line = _L, col = _C,
-					 event_fun = _Event}, 
+					 event_fun = _Event},
 			Pos, Name, Attrs, Lang, Parents, NSI, Namespace) ->
     Language = check_language(Attrs, Lang),
 
-    {ExpName, ExpAttrs} = 
+    AllAttrs =
+	case S#xmerl_scanner.default_attrs of
+	    true ->
+		[ #xmlAttribute{name = AttName,
+				parents = [{Name, Pos} | Parents],
+				language = Lang,
+				nsinfo = NSI,
+				namespace = Namespace,
+				value = AttValue,
+				normalized = true} ||
+		  {AttName, AttValue} <- get_default_attrs(S, Name),
+		  AttValue =/= no_value,
+		  not lists:keymember(AttName, #xmlAttribute.name, Attrs) ];
+	    false ->
+		Attrs
+	end,
+
+    {ExpName, ExpAttrs} =
 	case S#xmerl_scanner.namespace_conformant of
 	    true ->
 		%% expand attribute names. We need to do this after having
@@ -2151,16 +2246,17 @@ processed_whole_element(S=#xmerl_scanner{hook_fun = _Hook,
 		%% should apply to those attributes as well.
 		%% Note that the default URI does not apply to attrbute names.
 		TempNamespace = Namespace#xmlNamespace{default = []},
-		ExpAttrsX = 
+		ExpAttrsX =
 		    [A#xmlAttribute{
+		       namespace=Namespace,
 		       expanded_name=expanded_name(
-				       A#xmlAttribute.name, 
-				       A#xmlAttribute.namespace,
+				       A#xmlAttribute.name,
+				       A#xmlAttribute.nsinfo,
 						% NSI,
-				       TempNamespace, S)} || A <- Attrs],
+				       TempNamespace, S)} || A <- AllAttrs],
 		{expanded_name(Name, NSI, Namespace, S), ExpAttrsX};
 	    false ->
-		{Name, Attrs}
+		{Name, AllAttrs}
 	end,
 
     #xmlElement{name = Name,
@@ -2184,7 +2280,7 @@ check_language([], Lang) ->
 
 check_namespace(xmlns, _, Value, NS) ->
     NS#xmlNamespace{default = list_to_atom(Value)};
-check_namespace(_, {"xmlns", Prefix}, Value, 
+check_namespace(_, {"xmlns", Prefix}, Value,
 		NS = #xmlNamespace{nodes = Ns}) ->
     NS#xmlNamespace{nodes = keyreplaceadd(
 			      Prefix, 1, Ns, {Prefix, list_to_atom(Value)})};
@@ -2194,10 +2290,32 @@ check_namespace(_, _, _, NS) ->
 
 expanded_name(Name, [], #xmlNamespace{default = []}, _S) ->
     Name;
-expanded_name(Name, [], #xmlNamespace{default = URI}, _S) ->
-    {URI, Name};
-expanded_name(_Name, {"xmlns", Local}, _NS, _S) -> % CHECK THIS /JB
-    {"xmlns",Local};
+expanded_name(Name, [], #xmlNamespace{default = URI}, S) ->
+    case URI of
+	'http://www.w3.org/XML/1998/namespace' ->
+	    ?fatal(cannot_bind_default_namespace_to_xml_namespace_name, S);
+	'http://www.w3.org/2000/xmlns/' ->
+	    ?fatal(cannot_bind_default_namespace_to_xmlns_namespace_name, S);
+	_ ->
+	    {URI, Name}
+    end;
+expanded_name(Name, N = {"xmlns", Local}, #xmlNamespace{nodes = Ns}, S) ->
+    {_, Value} = lists:keyfind(Local, 1, Ns),
+    case Name of
+	'xmlns:xml' when Value =/= 'http://www.w3.org/XML/1998/namespace' ->
+	    ?fatal({xml_prefix_cannot_be_redeclared, Value}, S);
+	'xmlns:xmlns' ->
+	    ?fatal({xmlns_prefix_cannot_be_declared, Value}, S);
+	_ ->
+	    case Value of
+		'http://www.w3.org/XML/1998/namespace' ->
+		    ?fatal({cannot_bind_prefix_to_xml_namespace, Local}, S);
+		'http://www.w3.org/2000/xmlns/' ->
+		    ?fatal({cannot_bind_prefix_to_xmlns_namespace, Local}, S);
+		_ ->
+		    N
+	    end
+    end;
 expanded_name(_Name, {Prefix, Local}, #xmlNamespace{nodes = Ns}, S) ->
     case lists:keysearch(Prefix, 1, Ns) of
 	{value, {_, URI}} ->
@@ -2207,7 +2325,7 @@ expanded_name(_Name, {Prefix, Local}, #xmlNamespace{nodes = Ns}, S) ->
 	    %% must be declared
 	    ?fatal({namespace_prefix_not_declared, Prefix}, S)
     end.
-		    
+
 
 
 
@@ -2233,7 +2351,7 @@ scan_att_value("%"++T,S0=#xmerl_scanner{rules_read_fun=Read,
 					rules_delete_fun=Delete},AttType) ->
     ?bump_col(1),
     {Name,T1,S1} = scan_pe_reference(T,S),
-    {ExpandedRef,S2} = 
+    {ExpandedRef,S2} =
 	case expand_pe_reference(Name,S1,in_literal) of
 	    Tuple when is_tuple(Tuple) ->
 		%% {system,URI} or {public,URI}
@@ -2271,9 +2389,9 @@ scan_att_chars([H|T], S0, H, Acc, TmpAcc,AttType,IsNorm) -> % End quote
     ?bump_col(1),
     check_att_default_val(S#xmerl_scanner.validation,TmpAcc,AttType,S),
     {Acc2,S2,IsNorm2} =
-	if 
+	if
 	    AttType == 'CDATA' -> {Acc,S,IsNorm};
-	    true -> 
+	    true ->
 		normalize(Acc,S,IsNorm)
 	end,
     {lists:flatten(lists:reverse(Acc2)), T, S2,IsNorm2};
@@ -2328,7 +2446,7 @@ check_att_default_val(dtd,RevName,Ent,S) ->
 check_att_default_val(_,_,_,_) ->
     ok.
 
-check_att_default_val(Name,Ent,S=#xmerl_scanner{rules_write_fun=Write}) 
+check_att_default_val(Name,Ent,S=#xmerl_scanner{rules_write_fun=Write})
   when Ent == 'ENTITY'; Ent == 'ENTITIES' ->
     case xmerl_lib:is_letter(hd(Name)) of
 	true -> ok;
@@ -2389,28 +2507,28 @@ valid_Char(_,_,C,S) ->
 %%%%%%% [43] content
 
 scan_content(T, S, Name, Attrs, Space, Lang, Parents, NS) ->
-    scan_content(T, S, _Pos = 1, Name, Attrs, Space, 
+    scan_content(T, S, _Pos = 1, Name, Attrs, Space,
                  Lang, Parents, NS, _Acc = [],_MarkupDel=[]).
 
 scan_content("<", S= #xmerl_scanner{continuation_fun = F},
             Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     ?dbg("trailing < detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_content("<" ++ MoreBytes, S1, 
-					 Pos, Name, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_content("<" ++ MoreBytes, S1,
+					 Pos, Name, Attrs,
 					 Space, Lang, Parents, NS, Acc,[]) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
-scan_content([], S=#xmerl_scanner{environment={external,{entity,_}}}, 
+scan_content([], S=#xmerl_scanner{environment={external,{entity,_}}},
              _Pos, _Name, _Attrs, _Space, _Lang, _Parents, _NS, Acc,_) ->
     {lists:reverse(Acc),[],S};
-scan_content([], S=#xmerl_scanner{environment=internal_parsed_entity}, 
+scan_content([], S=#xmerl_scanner{environment=internal_parsed_entity},
              _Pos, _Name, _Attrs, _Space, _Lang, _Parents, _NS, Acc,_) ->
     {lists:reverse(Acc),[],S};
-scan_content([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_content([], S=#xmerl_scanner{continuation_fun = F},
              Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_content(MoreBytes, S1, 
-					 Pos, Name, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_content(MoreBytes, S1,
+					 Pos, Name, Attrs,
 					 Space, Lang, Parents, NS, Acc,[]) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2427,10 +2545,10 @@ scan_content("</" ++ T, S0, _Pos, Name, _Attrs, _Space, _Lang,
     case T2 of
         ">" ++ T3 ->
             {lists:reverse(Acc), T3, S2};
-        _ -> 
+        _ ->
 	    ?fatal({error,{unexpected_end_of_STag}},S)
     end;
-scan_content([$&|_T]=Str, 
+scan_content([$&|_T]=Str,
 	     #xmerl_scanner{environment={external,{entity,EName}}} = S0,
 	     Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     {_EntV,T1,S1}=scan_entity_value(Str,S0 ,[],EName,general),
@@ -2449,12 +2567,26 @@ scan_content("&" ++ T, S0, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]) -
 	_ ->
 	    scan_content(string_to_char_set(S1#xmerl_scanner.encoding,ExpRef)++T1,S1,Pos,Name,Attrs,Space,Lang,Parents,NS,Acc,[])
     end;
-scan_content("<!--" ++ T, S, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]) ->
-    {_, T1, S1} = scan_comment(T, S, Pos, Parents, Lang),
-    scan_content(T1, S1, Pos+1, Name, Attrs, Space, Lang, Parents, NS, Acc,[]);
+scan_content("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Name, Attrs, Space,
+	     Lang, Parents, NS, Acc,[]) ->
+    ?bump_col(4),
+    {C, T1, S1} = scan_comment(T, S, Pos, Parents, Lang),
+    case CF of
+	true ->
+	    {Acc2, Pos2, S3} =
+		case F(C, Acc, S1) of
+		    {Acc1, S2} ->
+			{Acc1, Pos + 1, S2};
+		    {Acc1, Pos1, S2} ->
+			{Acc1, Pos1, S2}
+		end,
+	    scan_content(T1, S3, Pos2, Name, Attrs, Space, Lang, Parents, NS, Acc2,[]);
+	false ->
+	    scan_content(T1, S1, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[])
+    end;
 scan_content("<" ++ T, S0, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]) ->
     ?bump_col(1),
-    {Markup, T1, S1} = 
+    {Markup, T1, S1} =
         scan_content_markup(T, S, Pos, Name, Attrs, Space, Lang, Parents, NS),
     AccF = S1#xmerl_scanner.acc_fun,
     {NewAcc, NewPos, NewS} = case AccF(Markup, Acc, S1) of
@@ -2470,10 +2602,10 @@ scan_content([_H|T], S= #xmerl_scanner{environment={external,{entity,_}}},
     %% Guess we have to scan the content to find any internal entity
     %% references.
     scan_content(T,S,Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]);
-scan_content(T, S=#xmerl_scanner{acc_fun = F, 
+scan_content(T, S=#xmerl_scanner{acc_fun = F,
 				 event_fun = Event,
 				 hook_fun=Hook,
-				 line = _L}, 
+				 line = _L},
              Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,MarkupDel) ->
     Text0 = #xmlText{pos = Pos,
                      parents = Parents},
@@ -2496,7 +2628,7 @@ scan_content(T, S=#xmerl_scanner{acc_fun = F,
 		 Parents, NS, NewAcc,[]).
 
 
-scan_content_markup([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_content_markup([], S=#xmerl_scanner{continuation_fun = F},
 		    Pos, Name, Attrs, Space, Lang, Parents, NS) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_content_markup(
@@ -2508,9 +2640,9 @@ scan_content_markup("![CDATA[" ++ T, S0, Pos, _Name, _Attrs,
 		    _Space, _Lang, Parents, _NS) ->
     ?bump_col(8),
     scan_cdata(T, S, Pos, Parents);
-scan_content_markup("?"++T,S0,Pos,_Name,_Attrs,_Space,_Lang,_Parents,_NS) ->
+scan_content_markup("?"++T,S0,Pos,_Name,_Attrs,_Space,_Lang,Parents,_NS) ->
     ?bump_col(1),
-    scan_pi(T, S, Pos);
+    scan_pi(T, S, Pos, Parents);
 scan_content_markup(T, S, Pos, _Name, _Attrs, Space, Lang, Parents, NS) ->
     scan_element(T, S, Pos, Space, Lang, Parents, NS).
 
@@ -2521,21 +2653,21 @@ scan_char_data(T, S, Space,MUD) ->
 
 scan_char_data([], S=#xmerl_scanner{environment={external,{entity,_}}},
 	       _Space,_MUD, Acc) ->
-    
+
     {lists:reverse(Acc), [], S};
 scan_char_data([], S=#xmerl_scanner{environment=internal_parsed_entity},
 	       _Space, _MUD,Acc) ->
-    
+
     {lists:reverse(Acc), [], S};
 scan_char_data([], S=#xmerl_scanner{continuation_fun = F}, Space, _MUD,Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_char_data(MoreBytes,S1,Space,_MUD,Acc) end, 
+    F(fun(MoreBytes, S1) -> scan_char_data(MoreBytes,S1,Space,_MUD,Acc) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_char_data([$&|T], S,Space,"&",Acc) ->
     scan_char_data(T, S, Space,[], [$&|Acc]);
 scan_char_data(T=[$&|_], S,_Space,_MUD,Acc) ->
-    
+
     {lists:reverse(Acc), T, S};
 scan_char_data("]]>" ++ _T, S, _Space,_MUD, _Acc) ->
     %% See Section 2.4: Especially:
@@ -2547,7 +2679,7 @@ scan_char_data("]]>" ++ _T, S, _Space,_MUD, _Acc) ->
 scan_char_data([$<|T],S,Space,"<", Acc) ->
     scan_char_data(T, S, Space,[], [$<|Acc]);
 scan_char_data(T = [$<|_], S, _Space,_MUD,Acc) ->
-    
+
     {lists:reverse(Acc), T, S};
 scan_char_data(T = [H|R], S, Space,MUD, Acc) when ?whitespace(H) ->
     if
@@ -2640,7 +2772,7 @@ scan_reference(T, S) ->
 %% ampersand is not recognized as an entity-reference delimiter.)"
 %%
 %% How to achieve this? My current approach is to insert the *strings* "&",
-%% "<", ">", "'", and "\"" instead of the characters. The processor will 
+%% "<", ">", "'", and "\"" instead of the characters. The processor will
 %% ignore them when performing multiple expansions. This means, for now, that
 %% the character data output by the processor is (1-2 levels) deep.
 %% At some suitable point, we should flatten these, so that application-level
@@ -2669,7 +2801,7 @@ scan_entity_ref("quot;" ++ T, S0) ->
 scan_entity_ref(T, S) ->
     {Name, _NamespaceInfo, T1, S1} = scan_name(T, S),
     T2 = scan_mandatory(";",T1,1,S1,expected_entity_reference_semicolon),
-%    ";" ++ T2 = T1, 
+%    ";" ++ T2 = T1,
     S2 = S1,
     Entity = expand_reference(Name, S2),
     {Entity, T2, S2}.
@@ -2680,7 +2812,7 @@ scan_entity_ref(T, S) ->
 scan_pe_reference(T, S) ->
     {Name, _NamespaceInfo, T1, S1} = scan_name(T, S),
     T2 = scan_mandatory(";",T1,1,S1,expected_parsed_entity_reference_semicolon),
-%    ";" ++ T2 = T1, 
+%    ";" ++ T2 = T1,
     {Name, T2, S1#xmerl_scanner{col = S1#xmerl_scanner.col+1}}.
 
 expand_pe_reference(Name, #xmerl_scanner{rules_read_fun = Read} = S,WS) ->
@@ -2707,7 +2839,7 @@ expand_pe_reference(Name, #xmerl_scanner{rules_read_fun = Read} = S,WS) ->
 % 	Result ->
 % 	    fetch_DTD(Result,S)
 %     end.
-    
+
 
 %%%%%%% [68] EntityReference
 
@@ -2786,15 +2918,15 @@ scan_eq(T, S) ->
 
 %% scan_name/2
 %%
-%% We perform some checks here to make sure that the names conform to 
+%% We perform some checks here to make sure that the names conform to
 %% the "Namespaces in XML" specification. This is an option.
-%% 
+%%
 %% Qualified Name:
 %% [6]      QName ::= (Prefix ':')? LocalPart
 %% [7]     Prefix ::= NCName
 %% [8]  LocalPart ::= NCName
 %% [4]     NCName ::= (Letter | '_') (NCNameChar)*
-%% [5] NCNameChar ::= Letter | Digit | '.' | '-' | '_' 
+%% [5] NCNameChar ::= Letter | Digit | '.' | '-' | '_'
 %%                    | CombiningChar | Extender
 
 
@@ -2808,9 +2940,9 @@ scan_eq(T, S) ->
 %%
 scan_name_no_colons(Str, S) ->
     NSC = S#xmerl_scanner.namespace_conformant,
-    case NSC of 
+    case NSC of
 	true ->
-	    {Target, NSI, T1, S1} = 
+	    {Target, NSI, T1, S1} =
 		scan_name(Str,S#xmerl_scanner{namespace_conformant=no_colons}),
 	    {Target,NSI,T1,S1#xmerl_scanner{namespace_conformant=NSC}};
 	false ->
@@ -2822,7 +2954,7 @@ scan_name_no_colons(Str, S) ->
 %% [5] Name ::= (Letter | '_' | ':') (NameChar)*
 scan_name([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_name(MoreBytes, S1) end, 
+    F(fun(MoreBytes, S1) -> scan_name(MoreBytes, S1) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_name(Str = [$:|T], S0 = #xmerl_scanner{namespace_conformant = NSC}) ->
@@ -2885,15 +3017,15 @@ scan_nmtoken(Str, S) ->
     {Ch,T} = to_ucs(S#xmerl_scanner.encoding,Str),
     case xmerl_lib:is_namechar(Ch) of
 	true ->
-	    scan_nmtoken(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
-			 _Acc = [Ch], _Prefix = [], _Local = [Ch], 
+	    scan_nmtoken(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
+			 _Acc = [Ch], _Prefix = [], _Local = [Ch],
 			 _NamespaceConformant = false,isLatin1(Ch,true));
 	false ->
 	    ?fatal({invalid_nmtoken, lists:sublist(Str, 1, 6)}, S)
     end.
 
 
-scan_nmtoken([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_nmtoken([], S=#xmerl_scanner{continuation_fun = F},
 	     Acc, Prefix, Local, NSC,IsLatin1) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_nmtoken(MoreBytes,S1,Acc,Prefix,Local,NSC,IsLatin1) end,
@@ -2907,16 +3039,16 @@ scan_nmtoken(Str = [H|_], S, Acc, Prefix, Local, _NSC,true) when ?whitespace(H)
     NmString = lists:reverse(Acc),
     {list_to_atom(NmString), namespace_info(Prefix, Local), Str, S};
 scan_nmtoken(Str = [$:|_], S, Acc, [], _Local, no_colons,_IsLatin1) ->
-    ?fatal({invalid_NCName, 
+    ?fatal({invalid_NCName,
 	    lists:sublist(lists:reverse(Acc) ++ Str, 1, 6)}, S);
 scan_nmtoken([$:|T], S0, Acc, [], Local, NSC, IsLatin1) ->
     ?bump_col(1),
     scan_nmtoken(T, S, [$:|Acc], lists:reverse(Local), [], NSC,IsLatin1);
 scan_nmtoken(Str = [$:|_T], S, Acc, _Prefix, _Local, _NSC = true,_IsLatin1) ->
     %% non-empty Prefix means that we've encountered a ":" already.
-    %% Conformity with "Namespaces in XML" requires 
+    %% Conformity with "Namespaces in XML" requires
     %% at most one colon in a name
-    ?fatal({invalid_NCName, 
+    ?fatal({invalid_NCName,
 	    lists:sublist(lists:reverse(Acc) ++ Str, 1, 6)}, S);
 
 %% non-namechar also marks the end of a name
@@ -2949,7 +3081,7 @@ isLatin1(_,_) ->
 
 scan_system_literal([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes, S1) end, 
+    F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes, S1) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_system_literal("\"" ++ T, S) ->
@@ -2958,7 +3090,7 @@ scan_system_literal("'" ++ T, S) ->
     scan_system_literal(T, S, $', []).
 
 
-scan_system_literal([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_system_literal([], S=#xmerl_scanner{continuation_fun = F},
 		    Delimiter, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes,S1,Delimiter,Acc) end,
@@ -2971,7 +3103,7 @@ scan_system_literal("#"++_R, S, _H, _Acc) ->
     ?fatal(fragment_identifier_in_system_literal,S);
 scan_system_literal(Str, S, Delimiter, Acc) ->
     {Ch,T} = to_ucs(S#xmerl_scanner.encoding,Str),
-    scan_system_literal(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
+    scan_system_literal(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
 			Delimiter, [Ch|Acc]).
 
 
@@ -2988,7 +3120,7 @@ scan_pubid_literal([H|_T], S) ->
     ?fatal({invalid_pubid_char, H}, S).
 
 
-scan_pubid_literal([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_pubid_literal([], S=#xmerl_scanner{continuation_fun = F},
 		   Delimiter, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_pubid_literal(MoreBytes,S1,Delimiter,Acc) end,
@@ -3005,7 +3137,7 @@ scan_pubid_literal([H|T], S, Delimiter, Acc) ->
     case is_pubid_char(H) of
 	true ->
 	    scan_pubid_literal(
-	      T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
+	      T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
 	      Delimiter, [H|Acc]);
 	false ->
 	    ?fatal({invalid_pubid_char, H}, S)
@@ -3057,7 +3189,7 @@ scan_contentspec(_Str,S) ->
 scan_elem_content(T, S) ->
     scan_elem_content(T, S, _Context = children, _Mode = unknown, _Acc = []).
 
-scan_elem_content([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_elem_content([], S=#xmerl_scanner{continuation_fun = F},
 		  Context, Mode, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes,S1) -> scan_elem_content(MoreBytes,S1,Context,Mode,Acc) end,
@@ -3078,7 +3210,7 @@ scan_elem_content(")" ++ T, S0, Context, Mode0, Acc0) ->
                                          % more names than '#PCDATA'
                                          % and no '*'.
 	{'*', mixed,_} -> ok;
-	{Other, mixed,_} -> 
+	{Other, mixed,_} ->
 	    ?fatal({illegal_for_mixed_content, Other}, S1);
 	_ ->
 	    ok
@@ -3087,7 +3219,7 @@ scan_elem_content(")" ++ T, S0, Context, Mode0, Acc0) ->
     {format_elem_content({Occurrence, {Mode, Acc}}), T2, S2};
 scan_elem_content("#PCDATA" ++ _T, S, not_mixed, _Mode, _Acc) ->
     ?fatal({error,{extra_set_of_parenthesis}},S);
-scan_elem_content("#PCDATA" ++ _T, S, _Cont, Mode, Acc) 
+scan_elem_content("#PCDATA" ++ _T, S, _Cont, Mode, Acc)
   when Mode==choice;Mode==seq;Acc/=[] ->
     ?fatal({error,{invalid_format_of_mixed_content}},S);
 scan_elem_content("#PCDATA" ++ T, S0, _Context, Mode, Acc) ->
@@ -3130,7 +3262,7 @@ scan_elem_content2(T, S, Context, Mode, Acc) ->
     {Occurrence, T2, S2} = scan_occurrence(T1, S1),
     case {Occurrence, Context} of
 	{once, mixed} -> ok;
-	{Other, mixed} -> 
+	{Other, mixed} ->
 	    ?fatal({illegal_for_mixed_content, Other}, S1);
 	_ ->
 	    ok
@@ -3176,17 +3308,17 @@ vc_Valid_Char(_AT,C,S) ->
 
 
 
-vc_ID_Attribute_Default(_,#xmerl_scanner{validation=Valid}) 
+vc_ID_Attribute_Default(_,#xmerl_scanner{validation=Valid})
   when Valid /= dtd ->
-    ok;  
-vc_ID_Attribute_Default({_,'ID',_,Def,_},_S) 
+    ok;
+vc_ID_Attribute_Default({_,'ID',_,Def,_},_S)
   when Def=='#IMPLIED';Def=='#REQUIRED' ->
     ok;
 vc_ID_Attribute_Default({_,'ID',_,Def,_},S) ->
     ?fatal({error,{validity_constraint_error_ID_Attribute_Default,Def}},S).
 
-vc_Enumeration({_Name,{_,NameList},DefaultVal,_,_},S) 
-  when is_list(DefaultVal) ->    
+vc_Enumeration({_Name,{_,NameList},DefaultVal,_,_},S)
+  when is_list(DefaultVal) ->
     case lists:member(list_to_atom(DefaultVal),NameList) of
 	true ->
 	    ok;
@@ -3209,12 +3341,12 @@ vc_Entity_Name({_,'ENTITIES',DefaultVal,_,_},S) when is_list(DefaultVal) ->
     Read = S#xmerl_scanner.rules_read_fun,
     NameListFun = fun([],Acc,_St,_Fun) ->
 		       lists:reverse(Acc);
-		  (Str,Acc,St,Fun) -> 
+		  (Str,Acc,St,Fun) ->
 		       {N,_,St2,Str2} = scan_name(Str,St),
 		       Fun(Str2,[N|Acc],St2,Fun)
 	       end,
     NameList = NameListFun(DefaultVal,[],S,NameListFun),
-    VcFun = 
+    VcFun =
 	fun(X) ->
 		case Read(entity,X,S) of
 		    {_,external,{_,{ndata,_}}} ->
@@ -3227,7 +3359,7 @@ vc_Entity_Name({_,'ENTITIES',_,_,_},_S) ->
     ok.
 
 vc_No_Duplicate_Types(#xmerl_scanner{validation=dtd} = S,mixed,Acc) ->
-    CheckDupl = 
+    CheckDupl =
 	fun([H|T],F) ->
 		case lists:member(H,T) of
 		    true ->
@@ -3259,12 +3391,18 @@ mandatory_delimeter_wfc(T,S) ->
 
 wfc_unique_att_spec([],_S) ->
     ok;
-wfc_unique_att_spec([#xmlAttribute{name=N}|Atts],S) ->
+wfc_unique_att_spec([#xmlAttribute{name=N,expanded_name=EN}|Atts],S) ->
     case lists:keymember(N,#xmlAttribute.name,Atts) of
 	true ->
 	    ?fatal({error,{unique_att_spec_required,N}},S);
 	_ ->
-	    wfc_unique_att_spec(Atts,S)
+	    case S#xmerl_scanner.namespace_conformant andalso
+		    lists:keymember(EN, #xmlAttribute.expanded_name, Atts) of
+		true ->
+		    ?fatal({error,{unique_att_spec_required,EN}},S);
+		_ ->
+		    wfc_unique_att_spec(Atts,S)
+	    end
     end.
 
 wfc_legal_char(Chars,S) when is_list(Chars)->
@@ -3313,6 +3451,11 @@ wfc_Internal_parsed_entity(internal,Value,S) ->
 wfc_Internal_parsed_entity(_,_,_) ->
     ok.
 
+vc_Element_valid(_Name, {"xmlns", _},
+		 S = #xmerl_scanner{namespace_conformant = true}) ->
+    ?fatal({error,{illegal_element_prefix,xmlns}},S);
+vc_Element_valid(Name, _, S) ->
+    vc_Element_valid(Name, S).
 
 vc_Element_valid(_Name,#xmerl_scanner{environment=internal_parsed_entity}) ->
     ok;
@@ -3379,7 +3522,7 @@ scan_notation_decl1("PUBLIC" ++ T, S0) ->
     ?strip3,
     case T3 of
 	">" ++ _ ->
-	    {{public, PIDL}, T3, 
+	    {{public, PIDL}, T3,
 	     S3#xmerl_scanner{col = S3#xmerl_scanner.col+1}};
 	_ ->
 	    {SL, T4, S4} = scan_system_literal(T3, S3),
@@ -3430,7 +3573,7 @@ scan_entity_value([],S,
 scan_entity_value([],S=#xmerl_scanner{validation=dtd},
 		  no_delim,_Acc,PEName,_,_PENesting) ->
     {{error,{failed_VC_Proper_Declaration_PE_Nesting,2,PEName}},[],S};
-scan_entity_value([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_entity_value([], S=#xmerl_scanner{continuation_fun = F},
 		  Delim, Acc, PEName,Namespace,PENesting) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) ->
@@ -3449,7 +3592,7 @@ scan_entity_value([Delim|T], S0,
 scan_entity_value("%" ++ _T,S=#xmerl_scanner{environment=prolog},_,_,_,_,_) ->
     ?fatal({error,{wfc_PEs_In_Internal_Subset}},S);
 % %% This is a PEdecl in an external entity
-% scan_entity_value([$%,WS|T], S0, Delim, Acc, PEName,Namespace,PENesting) 
+% scan_entity_value([$%,WS|T], S0, Delim, Acc, PEName,Namespace,PENesting)
 %   when ?whitespace(WS) ->
 %     ?bump_col(2),
 %     scan_entity_value(T, S, Delim, [WS,$%|Acc], PEName,Namespace,PENesting);
@@ -3459,7 +3602,7 @@ scan_entity_value("%" ++ T, S0, Delim, Acc, PEName,Namespace,PENesting) ->
     if PERefName == PEName,Namespace==parameter ->
 	    ?fatal({illegal_recursion_in_PE, PEName}, S1);
        true ->
-	    {ExpandedRef,S2} = 
+	    {ExpandedRef,S2} =
 		case expand_pe_reference(PERefName, S1, in_literal) of
 		    %% actually should pe ref be expanded as_PE but
 		    %% handle whitespace explicitly in this case.
@@ -3467,7 +3610,7 @@ scan_entity_value("%" ++ T, S0, Delim, Acc, PEName,Namespace,PENesting) ->
 			%% {system,URI} or {public,URI}
 			%% Included in literal.
 			{ExpRef,Sx}=fetch_not_parse(Tuple,S1),
-			{EntV, _, S5} = 
+			{EntV, _, S5} =
 		 	    scan_entity_value(ExpRef, Sx, no_delim,[],
 					      PERefName,parameter,[]),
 			%% should do an update Write(parameter_entity)
@@ -3587,7 +3730,7 @@ scan_entity_value(")"++ T,S0,Delim,Acc,PEName, parameter=NS,PENesting) ->
     scan_entity_value(T,S,Delim,[")"|Acc],PEName,NS,
 		      pe_pop(")",PENesting,S));
 scan_entity_value("\n"++T, S, Delim, Acc, PEName,Namespace,PENesting) ->
-    scan_entity_value(T, S#xmerl_scanner{line=S#xmerl_scanner.line+1}, 
+    scan_entity_value(T, S#xmerl_scanner{line=S#xmerl_scanner.line+1},
 		      Delim, ["\n"|Acc], PEName,Namespace,PENesting);
 scan_entity_value(Str, S0, Delim, Acc, PEName,Namespace,PENesting) ->
     {Ch,T} = to_ucs(S0#xmerl_scanner.encoding,Str),
@@ -3630,7 +3773,7 @@ save_refed_entity_name1(Name,PEName,
 pe_push(Tok,Stack,_S) when Tok=="<!";Tok=="<?";Tok=="<!--";Tok=="<![";
 			   Tok=="[";Tok=="<";Tok=="</";Tok=="(" ->
     [Tok|Stack];
-pe_push(Tok,Stack,#xmerl_scanner{validation=dtd}) 
+pe_push(Tok,Stack,#xmerl_scanner{validation=dtd})
   when Tok==")";Tok==">";Tok=="?>";Tok=="]]>";Tok=="-->";Tok=="/>"->
     [Tok|Stack];
 pe_push(_,Stack,_S) ->
@@ -3698,10 +3841,10 @@ scan_comment(Str,S=#xmerl_scanner{col=C,event_fun=Event}, Pos, Parents, Lang) ->
 					       col = C,
 					       pos = Pos,
 					       data = Comment}, S),
-    
+
     scan_comment1(Str, S1, Pos, Comment, _Acc = []).
 
-scan_comment1([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_comment1([], S=#xmerl_scanner{continuation_fun = F},
 	     Pos, Comment, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_comment1(MoreBytes, S1, Pos, Comment, Acc) end,
@@ -3709,7 +3852,7 @@ scan_comment1([], S=#xmerl_scanner{continuation_fun = F},
       S);
 scan_comment1("-->" ++ T, S0 = #xmerl_scanner{col = C,
 					     event_fun = Event,
-					     hook_fun = Hook}, 
+					     hook_fun = Hook},
 	     _Pos, Comment, Acc) ->
     ?bump_col(3),
     Comment1 = Comment#xmlComment{value = lists:reverse(Acc)},
@@ -3817,9 +3960,9 @@ normalize(T,S,IsNorm) ->
     end.
 
 
-%% Optimization: 
+%% Optimization:
 %% - avoid building list of spaces or tabs;
-%% - avoid reverse; 
+%% - avoid reverse;
 %% - compact two common indentation patterns.
 %% Note: only to be called when a \n was found.
 fast_accumulate_whitespace(" " ++ T, S, _) ->
@@ -3831,7 +3974,7 @@ fast_accumulate_whitespace("<"++_=R, S, _T) ->
     {done, {element(3, CD), R, S#xmerl_scanner{col = 1, line = Line + 1}}};
 fast_accumulate_whitespace(_, S, T) ->
     accumulate_whitespace(T, S, []).
-    
+
 fast_acc_spaces(" " ++ T, S, N) ->
     fast_acc_spaces(T, S, N + 1);
 fast_acc_spaces(T, S, N) ->
@@ -3845,18 +3988,18 @@ fast_acc_tabs(T, S, N) ->
 fast_acc_end(T, S, N, Col, C, CD_I) ->
     #xmerl_scanner{common_data = CD, line = Line0} = S,
     Line = Line0 + 1,
-    try 
+    try
         $< = hd(T),
-        {done,{element(N, element(CD_I, CD)), T, 
+        {done,{element(N, element(CD_I, CD)), T,
                S#xmerl_scanner{col = Col, line = Line}}}
-    catch _:_ -> 
+    catch _:_ ->
         accumulate_whitespace(T, S, Line, Col, lists:duplicate(N, C)++"\n")
     end.
-    
+
 
 %%% @spec accumulate_whitespace(T::string(),S::global_state(),
 %%%                             atom(),Acc::string()) -> {Acc, T1, S1}
-%%%     
+%%%
 %%% @doc Function to accumulate and normalize whitespace.
 accumulate_whitespace(T, S, preserve, Acc) ->
     accumulate_whitespace(T, S, Acc);
@@ -3915,19 +4058,19 @@ schemaLocations(El,#xmerl_scanner{schemaLocation=SL}) ->
 	    schemaLocations(El)
     end.
 
-schemaLocations(#xmlElement{attributes=Atts,xmlbase=_Base}) -> 
+schemaLocations(#xmlElement{attributes=Atts,xmlbase=_Base}) ->
     Pred = fun(#xmlAttribute{name=schemaLocation}) -> false;
-	      (#xmlAttribute{namespace={_,"schemaLocation"}}) -> false;
+	      (#xmlAttribute{nsinfo={_,"schemaLocation"}}) -> false;
 	      (_) -> true
 	   end,
     case lists:dropwhile(Pred,Atts) of
 	[#xmlAttribute{value=Paths}|_] ->
-	    
+
 	    case string:tokens(Paths," \n\t\r") of
 		L when length(L) > 0 ->
 		    case length(L) rem 2 of
 			0 ->
-			    PairList = 
+			    PairList =
 				fun([],_Fun) ->
 					[];
 				   ([SLNS,SLLoc|Rest],Fun) ->
@@ -3997,7 +4140,7 @@ to_ucs(Encoding, Chars) when Encoding=="utf-8"; Encoding == undefined ->
     utf8_2_ucs(Chars);
 to_ucs(_,[C|Rest]) ->
     {C,Rest}.
-    
+
 utf8_2_ucs([A,B,C,D|Rest]) when A band 16#f8 =:= 16#f0,
 			      B band 16#c0 =:= 16#80,
 			      C band 16#c0 =:= 16#80,
@@ -4086,7 +4229,7 @@ string_to_char_set(_,Str) ->
 %% 	{{_,{_,Tot}},Tot110} when Tot > Tot110 ->
 %% 	    io:format("From ~p to ~p, total memory: ~p (~p)~n",[OldLine,Line,Tot,OldTot]),
 %% 	    Tot;
-%% 	{{_,{_,Tot}},_} ->    
+%% 	{{_,{_,Tot}},_} ->
 %% 	    Tot
 %%     end,
 %%     put_total({NewTot,Line}).
diff --git a/lib/xmerl/src/xmerl_uri.erl b/lib/xmerl/src/xmerl_uri.erl
index a0c6f1c2a7..1864651491 100644
--- a/lib/xmerl/src/xmerl_uri.erl
+++ b/lib/xmerl/src/xmerl_uri.erl
@@ -358,7 +358,7 @@ scan_host(C0) ->
 %% 							  Hex3=<?HEX;
 %% 							  Hex4=<?HEX ->
 %% 	    {C1,lists:reverse(lists:append(IPv6address))};
-	{C1,Hostname,[A|_HostF]} -> 
+	{C1,Hostname,[_A|_HostF]} -> 
 	    {C1,lists:reverse(lists:append(Hostname))}
 %%	_ ->
 %%	    {error,no_host}
diff --git a/lib/xmerl/src/xmerl_validate.erl b/lib/xmerl/src/xmerl_validate.erl
index 893e23ca34..60f228474b 100644
--- a/lib/xmerl/src/xmerl_validate.erl
+++ b/lib/xmerl/src/xmerl_validate.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -399,25 +399,28 @@ test_attribute_value(_Rule,Attr,_,_) ->
 
 %% +type valid_contents([rule()],[xmlElement()])->
 %%              [xmlElement() | {error,???}.
-valid_contents(Rule,XMLS,Rules,S,WSActionMode)->
-    case parse(Rule,XMLS,Rules,WSActionMode,S) of
-	{XML_N,[]}->
-	    lists:flatten(XML_N);
-	{_,[#xmlElement{name=Name}|_T]} ->
-	    exit({error,{element,Name,isnt_comprise_in_the_rule,Rule}});
-	{_,[#xmlText{}=Txt|_T]} ->
-	    exit({error,{element,text,Txt,isnt_comprise_in_the_rule,Rule}});
-	{error,Reason} ->
-	    {error,Reason};
-	{error,Reason,N} ->
-	    {error,Reason,N}
+valid_contents(Rule, XMLS, Rules, S, WSActionMode)->
+    case parse(Rule, XMLS, Rules, WSActionMode, S) of
+	{error, Reason} ->
+	    {error, Reason};
+	{error, Reason, N} ->
+	    {error, Reason, N};
+	{XML_N, Rest} ->   %The list may consist of xmlComment{} records
+	    case lists:dropwhile(fun(X) when is_record(X, xmlComment) -> true; (_) -> false end, Rest) of 
+		[] ->
+		    lists:flatten(XML_N);
+		[#xmlElement{name=Name} |_T] ->
+		    exit({error, {element, Name, isnt_comprise_in_the_rule, Rule}});
+		[#xmlText{} = Txt |_T] ->
+		    exit({error, {element, text, Txt, isnt_comprise_in_the_rule, Rule}})
+	    end
     end.
 
-parse({'*',SubRule},XMLS,Rules,WSaction,S)->
-    star(SubRule,XMLS,Rules,WSaction,[],S); 
-parse({'+',SubRule},XMLS,Rules,WSaction,S) ->
-    plus(SubRule,XMLS,Rules,WSaction,S);
-parse({choice,CHOICE},XMLS,Rules,WSaction,S)->
+parse({'*', SubRule}, XMLS, Rules, WSaction, S)->
+    star(SubRule, XMLS, Rules, WSaction, [], S); 
+parse({'+',SubRule}, XMLS, Rules, WSaction, S) ->
+    plus(SubRule, XMLS, Rules, WSaction, S);
+parse({choice,CHOICE}, XMLS, Rules, WSaction, S)->
 %    case XMLS of
 %	[] ->
 %	    io:format("~p~n",[{choice,CHOICE,[]}]);
@@ -426,47 +429,49 @@ parse({choice,CHOICE},XMLS,Rules,WSaction,S)->
 %	[#xmlText{value=V}|_] ->
 %	    io:format("~p~n",[{choice,CHOICE,{text,V}}])
 %    end,
-    choice(CHOICE,XMLS,Rules,WSaction,S);
-parse(empty,[],_Rules,_WSaction,_S) ->
-    {[],[]};
-parse({'?',SubRule},XMLS,Rules,_WSaction,S)->
-    question(SubRule,XMLS,Rules,S);
-parse({seq,List},XMLS,Rules,WSaction,S) ->
-    seq(List,XMLS,Rules,WSaction,S);
-parse(El_Name,[#xmlElement{name=El_Name}=XML|T],Rules,_WSaction,S) 
+    choice(CHOICE, XMLS, Rules, WSaction, S);
+parse(empty, [], _Rules, _WSaction, _S) ->
+    {[], []};
+parse({'?', SubRule}, XMLS, Rules, _WSaction, S)->
+    question(SubRule, XMLS, Rules, S);
+parse({seq,List}, XMLS, Rules, WSaction, S) ->
+    seq(List, XMLS, Rules, WSaction, S);
+parse(El_Name, [#xmlElement{name=El_Name} = XML |T], Rules, _WSaction, S) 
   when is_atom(El_Name)->
-    case do_validation(read_rules(Rules,El_Name),XML,Rules,S) of
-	{error,R} ->
+    case do_validation(read_rules(Rules, El_Name), XML, Rules, S) of
+	{error, R} ->
 %	    {error,R};
 	    exit(R);
-	{error,R,_N}->
+	{error, R, _N}->
 %	    {error,R,N};
 	    exit(R);
 	XML_->
-	    {[XML_],T}
+	    {[XML_], T}
     end;
-parse(any,Cont,Rules,_WSaction,S) ->
-    case catch parse_any(Cont,Rules,S) of
-	Err = {error,_} -> Err;
-	ValidContents -> {ValidContents,[]}
+parse(any, Cont, Rules, _WSaction, S) ->
+    case catch parse_any(Cont, Rules, S) of
+	Err = {error, _} -> Err;
+	ValidContents -> {ValidContents, []}
     end;
-parse(El_Name,[#xmlElement{name=Name}|_T]=S,_Rules,_WSa,_S) when is_atom(El_Name)->
+parse(El_Name, [#xmlElement{name=Name} |_T] = XMLS, _Rules, _WSa, _S) when is_atom(El_Name) ->
     {error,
-     {element_seq_not_conform,{wait,El_Name},{is,Name}},
-     {{next,S},{act,[]}} };
-parse(_El_Name,[#xmlPI{}=H|T],_Rules,_WSa,_S) ->
-    {[H],T};
-parse('#PCDATA',XML,_Rules,_WSa,_S)->
+     {element_seq_not_conform,{wait, El_Name}, {is, Name}},
+     {{next, XMLS}, {act, []}}};
+parse(El_Name, [#xmlComment{} |T], Rules, WSa, S) ->
+    parse(El_Name, T, Rules, WSa, S);
+parse(_El_Name, [#xmlPI{} = H |T], _Rules, _WSa, _S) ->
+    {[H], T};
+parse('#PCDATA', XMLS, _Rules, _WSa, _S)->
     %%% PCDATA it is 0 , 1 or more #xmlText{}.
-    parse_pcdata(XML);
-parse(El_Name,[#xmlText{}|_T]=S,_Rules,_WSa,_S)->
+    parse_pcdata(XMLS);
+parse(El_Name, [#xmlText{}|_T] = XMLS, _Rules, _WSa, _S)->
     {error,
-     {text_in_place_of,El_Name},
-     {{next,S},{act,[]}}};
-parse([],_,_,_,_) ->
-    {error,no_rule};
-parse(Rule,[],_,_,_) ->
-    {error,{no_xml_element,Rule}}.
+     {text_in_place_of, El_Name},
+     {{next, XMLS}, {act, []}}};
+parse([], _, _, _, _) ->
+    {error, no_rule};
+parse(Rule, [], _, _, _) ->
+    {error, {no_xml_element, Rule}}.
 
 parse_any([],_Rules,_S) ->
     [];
@@ -618,11 +623,15 @@ el_name(#xmlElement{name=Name})->
 
 parse_pcdata([#xmlText{}=H|T])->
     parse_pcdata(T,[H]);
+parse_pcdata([#xmlComment{}|T])->
+    parse_pcdata(T,[]);
 parse_pcdata(H) ->
     {[],H}.
 
 parse_pcdata([#xmlText{}=H|T],Acc)->
     parse_pcdata(T,Acc++[H]);
+parse_pcdata([#xmlComment{}|T],Acc)->
+    parse_pcdata(T,Acc);
 parse_pcdata(H,Acc) ->
     {Acc,H}.
 
diff --git a/lib/xmerl/src/xmerl_xpath.erl b/lib/xmerl/src/xmerl_xpath.erl
index db3d3ac2d6..b3301f2faf 100644
--- a/lib/xmerl/src/xmerl_xpath.erl
+++ b/lib/xmerl/src/xmerl_xpath.erl
@@ -41,18 +41,13 @@
 % xmerl_xpath_parse:parse(xmerl_xpath_scan:tokens("parent::processing-instruction('foo')")).
 %% </pre>
 %%
-%% @type docEntity() = 
+%% @type nodeEntity() =
 %%      xmlElement()
 %%    | xmlAttribute()
 %%    | xmlText() 
 %%    | xmlPI()
 %%    | xmlComment()
-%% @type nodeEntity() = 
-%%      xmlElement()
-%%    | xmlAttribute()
-%%    | xmlText() 
-%%    | xmlPI()
-%%    | xmlNamespace()
+%%    | xmlNsNode()
 %%    | xmlDocument()
 %% @type option_list(). <p>Options allows to customize the behaviour of the
 %%     XPath scanner.
@@ -303,6 +298,17 @@ write_node(#xmlNode{pos = Pos,
 		    node = #xmlText{value = Txt,
 				    parents = Ps}}) ->
     {text, Pos, Txt, Ps};
+write_node(#xmlNode{pos = Pos,
+		    node = #xmlComment{parents = Ps}}) ->
+    {comment, Pos, '', Ps};
+write_node(#xmlNode{pos = Pos,
+		    node = #xmlPI{name = Name,
+				  parents = Ps}}) ->
+    {processing_instruction, Pos, Name, Ps};
+write_node(#xmlNode{pos = Pos,
+		    node = #xmlNsNode{parents = Ps,
+				      prefix = Prefix}}) ->
+    {namespace, Pos, Prefix, Ps};
 write_node(_) ->
     other.
 
@@ -330,18 +336,16 @@ eval_path(rel, PathExpr, C = #xmlContext{}) ->
     Context = C#xmlContext{nodeset = NodeSet},
     S = #state{context = Context},
     path_expr(PathExpr, S);
-eval_path(filter, {PathExpr, PredExpr}, C = #xmlContext{}) ->
+eval_path(filter, {PathExpr, {pred, Pred}}, C = #xmlContext{}) ->
     S = #state{context = C},
-    S1 = path_expr(PathExpr, S),
-    pred_expr(PredExpr, S1).
+    S1 = match_expr(PathExpr, S),
+    eval_pred(Pred, S1).
 
-eval_primary_expr(FC = {function_call,_,_},S = #state{context = Context}) ->
+eval_primary_expr(PrimExpr, S = #state{context = Context}) ->
 %%    NewNodeSet = xmerl_xpath_pred:eval(FC, Context),
-    NewNodeSet = xmerl_xpath_lib:eval(primary_expr, FC, Context),
+    NewNodeSet = xmerl_xpath_lib:eval(primary_expr, PrimExpr, Context),
     NewContext = Context#xmlContext{nodeset = NewNodeSet},
-    S#state{context = NewContext};
-eval_primary_expr(PrimExpr,_S) ->
-    exit({primary_expression,{not_implemented, PrimExpr}}).
+    S#state{context = NewContext}.
     
 
 %% axis(Axis,NodeTest,Context::xmlContext()) -> xmlContext()
@@ -384,8 +388,8 @@ axis1(preceding, Tok, N, Acc, Context) ->
     match_preceding(Tok, N, Acc, Context);
 axis1(attribute, Tok, N, Acc, Context) ->
     match_attribute(Tok, N, Acc, Context);
-%axis1(namespace, Tok, N, Acc, Context) ->
-%    match_namespace(Tok, N, Acc, Context);
+axis1(namespace, Tok, N, Acc, Context) ->
+   match_namespace(Tok, N, Acc, Context);
 axis1(ancestor_or_self, Tok, N, Acc, Context) ->
     match_ancestor_or_self(Tok, N, Acc, Context);
 axis1(descendant_or_self, Tok, N, Acc, Context) ->
@@ -627,14 +631,58 @@ node_type(#xmlAttribute{}) ->	attribute;
 node_type(#xmlElement{}) ->	element;
 node_type(#xmlText{}) ->	text;
 node_type(#xmlPI{}) ->		processing_instruction;
-node_type(#xmlNamespace{}) ->	namespace;
+node_type(#xmlNsNode{}) ->	namespace;
+node_type(#xmlComment{}) ->	comment;
 node_type(#xmlDocument{}) ->	root_node.
 
 %% "The namespace axis contains the namespace nodes of the context node;
 %% the axis will be empty unless the context node is an element."
-%match_namespace(_Tok, _N, _Acc, _Context) ->
-    %% TODO: IMPLEMENT NAMESPACE AXIS
-%    erlang:fault(not_yet_implemented).
+match_namespace(Tok, N, Acc, Context) ->
+    case N#xmlNode.type of
+	element ->
+	    #xmlNode{parents = Ps, node = E} = N,
+	    #xmlElement{name = Name,
+			namespace = NS,
+			parents = EPs,
+			pos = Pos} = E,
+	    #xmlNamespace{default = Default, nodes = NSPairs} = NS,
+	    ThisEPs = [{Name, Pos}|EPs],
+	    ThisPs = [N|Ps],
+	    Acc0 =
+		case Default of
+		    D when D =:= []; D =:= '' ->
+			{[], 1};
+		    URI ->
+			DefaultNSNode = #xmlNsNode{parents = ThisEPs,
+						   pos = 1,
+						   prefix = [],
+						   uri = URI},
+			Node = #xmlNode{type = namespace,
+					node = DefaultNSNode,
+					parents = ThisPs},
+			{[Node], 2}
+		end,
+	    {Nodes, _I} =
+		lists:foldr(
+		  fun ({Prefix, URI}, {AccX, I}) ->
+			  NSNode = #xmlNsNode{parents = ThisEPs,
+					      pos = I,
+					      prefix = Prefix,
+					      uri = URI},
+			  ThisN = #xmlNode{pos = I,
+					   type = namespace,
+					   node = NSNode,
+					   parents = ThisPs},
+			  {[ThisN | AccX], I + 1}
+		  end, Acc0, NSPairs),
+	    lists:foldr(
+	      fun (ThisN, AccX) ->
+		      match_self(Tok, ThisN, AccX, Context)
+	      end, Acc, Nodes);
+	_Other ->
+	    %%[]
+	    Acc
+    end.
 
 
 update_nodeset(Context = #xmlContext{axis_type = AxisType}, NodeSet) ->
@@ -655,8 +703,15 @@ update_nodeset(Context = #xmlContext{axis_type = AxisType}, NodeSet) ->
 
 node_test(F, N, Context) when is_function(F) ->
     F(N, Context);
+node_test(_Test, #xmlNode{type=attribute,node=#xmlAttribute{name=xmlns}},
+	  _Context) ->
+    false;
+node_test(_Test,
+	  #xmlNode{type=attribute,node=#xmlAttribute{nsinfo={"xmlns",_Local}}},
+	  _Context) ->
+    false;
 node_test({wildcard, _}, #xmlNode{type=ElAt}, _Context) 
-  when ElAt==element; ElAt==attribute -> 
+  when ElAt==element; ElAt==attribute; ElAt==namespace ->
     true;
 node_test({prefix_test, Prefix}, #xmlNode{node = N}, _Context) ->
     case N of
@@ -720,6 +775,9 @@ node_test({name, {_Tag, Prefix, Local}},
 		 [{_Tag, Prefix, Local}, write_node(NSNodes)]),
 	    false
     end;
+node_test({name, {_Tag, [], Local}},
+	  #xmlNode{node = #xmlNsNode{prefix = Local}}, _Context) ->
+    true;
 node_test({node_type, NT}, #xmlNode{node = N}, _Context) ->
     case {NT, N} of
 	{text, #xmlText{}} ->
@@ -728,14 +786,18 @@ node_test({node_type, NT}, #xmlNode{node = N}, _Context) ->
 	    true;
 	{attribute, #xmlAttribute{}} ->
 	    true;
-	{namespace, #xmlNamespace{}} ->
+	{namespace, #xmlNsNode{}} ->
+	    true;
+	{comment, #xmlComment{}} ->
+	    true;
+	{processing_instruction, #xmlPI{}} ->
 	    true;
 	_ ->
 	    false
     end;
-node_test({processing_instruction, {literal, _, Name}}, 
-	  #xmlNode{node = {processing_instruction, Name, _Data}}, _Context) ->
-    true;
+node_test({processing_instruction, Name1},
+	  #xmlNode{node = #xmlPI{name = Name2}}, _Context) ->
+    Name1 == atom_to_list(Name2);
 node_test(_Other, _N, _Context) ->
     %io:format("node_test(~p, ~p) -> false.~n", [_Other, write_node(_N)]),
     false.
diff --git a/lib/xmerl/src/xmerl_xpath_lib.erl b/lib/xmerl/src/xmerl_xpath_lib.erl
index cfd0e36667..b37bdc93f9 100644
--- a/lib/xmerl/src/xmerl_xpath_lib.erl
+++ b/lib/xmerl/src/xmerl_xpath_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -49,5 +49,7 @@ primary_expr({function_call, F, Args}, C) ->
 	    %% here, we should look up the function in the context provided 
 	    %% by the caller, but we haven't figured this out yet.
 	    exit({not_a_core_function, F})
-    end.
+    end;
+primary_expr(PrimExpr, _C) ->
+    exit({primary_expression, {not_implemented, PrimExpr}}).
 
diff --git a/lib/xmerl/src/xmerl_xpath_parse.yrl b/lib/xmerl/src/xmerl_xpath_parse.yrl
index 37576b9e61..381ea20193 100644
--- a/lib/xmerl/src/xmerl_xpath_parse.yrl
+++ b/lib/xmerl/src/xmerl_xpath_parse.yrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -144,6 +144,7 @@ Expect 2.
 %% [7]
 'NodeTest' -> 'NameTest' : '$1' .
 'NodeTest' -> 'node_type' '(' ')' : {node_type, value('$1')} .
+'NodeTest' -> 'processing-instruction' '(' ')' : {node_type, value('$1')} .
 'NodeTest' -> 'processing-instruction' '(' 'literal' ')' 
 	: {processing_instruction, value('$3')} .
 
diff --git a/lib/xmerl/src/xmerl_xpath_pred.erl b/lib/xmerl/src/xmerl_xpath_pred.erl
index 451a09bee3..b94f3bb14d 100644
--- a/lib/xmerl/src/xmerl_xpath_pred.erl
+++ b/lib/xmerl/src/xmerl_xpath_pred.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -337,6 +337,9 @@ local_name1([#xmlNode{type=element,node=El}|_]) ->
 local_name1([#xmlNode{type=attribute,node=Att}|_]) ->
     #xmlAttribute{name=Name,nsinfo=NSI} = Att,
     local_name2(Name,NSI);
+local_name1([#xmlNode{type=namespace,node=N}|_]) ->
+    #xmlNsNode{prefix=Prefix} = N,
+    ?string(Prefix);
 local_name1([#xmlElement{name = Name, nsinfo = NSI}|_]) ->
     local_name2(Name,NSI).
 local_name2(Name, NSI) ->
@@ -431,6 +434,9 @@ string_value(N=#xmlObj{}) ->
 string_value(A=#xmlNode{type=attribute}) ->
     #xmlAttribute{value=AttVal}=A#xmlNode.node,
     ?string(AttVal);
+string_value(N=#xmlNode{type=namespace}) ->
+    #xmlNsNode{uri=URI}=N#xmlNode.node,
+    ?string(atom_to_list(URI));
 string_value(El=#xmlNode{type=element}) ->
     #xmlElement{content=C} = El#xmlNode.node,
     TextValue = fun(#xmlText{value=T},_Fun) -> T;
@@ -442,6 +448,9 @@ string_value(El=#xmlNode{type=element}) ->
 string_value(T=#xmlNode{type=text}) ->
     #xmlText{value=Txt} = T#xmlNode.node,
     ?string(Txt);
+string_value(T=#xmlNode{type=comment}) ->
+    #xmlComment{value=Txt} = T#xmlNode.node,
+    ?string(Txt);
 string_value(infinity) -> ?string("Infinity");
 string_value(neg_infinity) -> ?string("-Infinity");
 string_value(A) when is_atom(A) ->
diff --git a/lib/xmerl/src/xmerl_xpath_scan.erl b/lib/xmerl/src/xmerl_xpath_scan.erl
index 10e2756e74..f0a5bd35a3 100644
--- a/lib/xmerl/src/xmerl_xpath_scan.erl
+++ b/lib/xmerl/src/xmerl_xpath_scan.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -287,6 +287,7 @@ strip_ws(T) ->
 
 special_token('@') -> true;
 special_token('::') -> true;
+special_token(',') -> true;
 special_token('(') -> true;
 special_token('[') -> true;
 special_token('/') -> true;
diff --git a/lib/xmerl/src/xmerl_xsd.erl b/lib/xmerl/src/xmerl_xsd.erl
index dfdc6138ef..ed0890f0d0 100644
--- a/lib/xmerl/src/xmerl_xsd.erl
+++ b/lib/xmerl/src/xmerl_xsd.erl
@@ -245,21 +245,27 @@ process_validate2({SE,_},Schema,Xml,Opts) ->
     S4 = validation_options(S3,Opts),
     validate3(Schema,Xml,S4).
 
-validate3(Schema,Xml,S=#xsd_state{errors=[]}) -> 
-    Ret = {_,S2} = 
-	case catch validate_xml(Xml,S) of
-	    {[XML2],[],Sx}  ->
-		{XML2,Sx};
-	    {XML2,[],Sx} ->
-		{XML2,Sx};
-	    {_,UnValidated,Sx} ->
-		{Xml,acc_errs(Sx,{error_path(UnValidated,Xml#xmlElement.name),?MODULE,
-				  {unvalidated_rest,UnValidated}})};
-	    _Err = {error,Reason} ->
-		{Xml,acc_errs(S,Reason)};
-	    {'EXIT',Reason} ->
-		{Xml,acc_errs(S,{error_path(Xml,Xml#xmlElement.name),?MODULE,
-				 {undefined,{internal_error,Reason}}})}
+validate3(Schema, Xml,S =#xsd_state{errors=[]}) -> 
+    Ret = {_, S2} = 
+	case catch validate_xml(Xml, S) of
+	    _Err = {error, Reason} ->
+		{Xml, acc_errs(S, Reason)};
+	    {'EXIT', Reason} ->
+		{Xml, acc_errs(S, {error_path(Xml, Xml#xmlElement.name), ?MODULE,
+				 {undefined, {internal_error, Reason}}})};
+	    {XML2, Rest, Sx} ->
+		case lists:dropwhile(fun(X) when is_record(X, xmlComment) -> true; (_) -> false end, Rest) of
+		    [] ->
+			case XML2 of
+			    [XML3] ->
+				{XML3,Sx};
+			    XML3 ->
+				{XML3,Sx}
+			end;
+		    UnValidated ->
+			{Xml,acc_errs(Sx,{error_path(UnValidated,Xml#xmlElement.name),?MODULE,
+					  {unvalidated_rest,UnValidated}})}
+		end
 	end,
     save_to_file(S2,filename:rootname(Schema)++".tab2"),
     case S2#xsd_state.errors of
@@ -1950,7 +1956,7 @@ fetch_external_schema(Path,S) when is_list(Path) ->
 			{EXSD,S#xsd_state{schema_name=File}}
 		end;
 	    {_,{string,String},_} -> %% this is for a user defined fetch fun that returns an xml document on string format.
-		?debug("scanning string: ~p~n",[File]),
+		?debug("scanning string: ~p~n",[String]),
 		case xmerl_scan:string(String,S#xsd_state.xml_options) of
 		    {error,Reason} ->
 			{error,acc_errs(S,{[],?MODULE,{parsing_external_schema_failed,Path,Reason}})};
@@ -2520,9 +2526,9 @@ check_element_type([],#schema_complex_type{name=_Name,block=_Bl,content=C},
 	    {error,{error_path(Checked,undefined),?MODULE,
 		    {empty_content_not_allowed,C}}}
     end;
-check_element_type(C,{anyType,_},_Env,_Block,S,_Checked) ->
+check_element_type(C, {anyType, _}, _Env, _Block, S, _Checked) ->
     %% permitt anything
-    {C,[],S};
+    {lists:reverse(C), [], S};
 
 check_element_type(XML=[#xmlText{}|_],Type=#schema_simple_type{},
 		    _Env,_Block,S,_Checked) ->
@@ -2585,7 +2591,7 @@ check_element_type(XML=[XMLEl=#xmlElement{name=Name}|RestXML],
 	    S6 = check_form(ElName,Name,XMLEl,
 			    actual_form_value(CMEl#schema_element.form,
 					      S5#xsd_state.elementFormDefault),
-			    S5),
+			    S5), 
 	    %Step into content of XML element.
 	    {Content,_,S7} =
 		case
@@ -2605,12 +2611,12 @@ check_element_type(XML=[XMLEl=#xmlElement{name=Name}|RestXML],
 	     RestXML,
 	     set_scope(S5#xsd_state.scope,set_num_el(S7,S6))};
 	true ->
-	    {error,{error_path(XMLEl,Name),?MODULE,
-		    {element_not_suitable_with_schema,ElName,S}}};
+	    {error,{error_path(XMLEl, Name), ?MODULE,
+		    {element_not_suitable_with_schema, ElName, S}}};
 	_ when S#xsd_state.num_el >= Min -> 
 	    %% it may be a match error or an optional element not
 	    %% present
-	    {[],XML,S#xsd_state{num_el=0}}; 
+	    {[], XML, S#xsd_state{num_el=0}}; 
 	_ -> 
 	    {error,{error_path(XMLEl,Name),?MODULE,
 		    {element_not_suitable_with_schema,ElName,CMName,CMEl,S}}}
@@ -2645,7 +2651,7 @@ check_element_type(XML=[#xmlElement{}|_Rest],
 check_element_type(XML=[E=#xmlElement{name=Name}|Rest],
 		   Any={any,{Namespace,_Occ={Min,_},ProcessorContents}},Env,
 		   _Block,S,_Checked) ->
-    ?debug("check any: {any,{~p,~p,~p}}~n",[Namespace,Occ,ProcessorContents]),
+    ?debug("check any: {any,{~p,~p,~p}}~n",[Namespace,_Occ,ProcessorContents]),
     %% ProcessorContents any of lax | strict | skip
     %% lax: may validate if schema is found
     %% strict: must validate
@@ -2710,8 +2716,11 @@ check_element_type([],CM,_Env,_Block,S,Checked) ->
 	    {error,{error_path(Checked,undefined),?MODULE,
 		    {empty_content_not_allowed,CM}}}
     end;
+check_element_type([C = #xmlComment{} |Rest],CM,Env,Block,S,Checked) ->
+     check_element_type(Rest,CM,Env,Block,S,[C |Checked]);
 check_element_type(XML,CM,_Env,_Block,S,_Checked) ->
     {error,{error_path(XML,undefined),?MODULE,{match_failure,XML,CM,S}}}.
+
 %% single xml content object and single schema object
 check_text_type(XML=[#xmlText{}|_],optional_text,S) ->
 %    {XMLTxt,optional_text};
@@ -2730,7 +2739,7 @@ check_text_type([XMLTxt=#xmlText{}|_],CMEl,_S) ->
 	    {cannot_contain_text,XMLTxt,CMEl}}}.
 
 split_xmlText(XML) ->
-    splitwith(fun(#xmlText{}) -> true;(_) -> false end,XML).
+    splitwith(fun(#xmlText{}) -> true;(#xmlComment{}) -> true;(_) -> false end,XML).
 
 %% Sequence
 check_sequence([T=#xmlText{}|Rest],Els,Occ,Env,S,Checked) ->
@@ -2773,6 +2782,8 @@ check_sequence(Seq=[_InstEl=#xmlElement{}|_],[El|Els],Occ={_Min,_Max},Env,S,Chec
 			   count_num_el(set_num_el(S3,S2)),
 			   Ret++Checked)
     end;
+check_sequence([C = #xmlComment{} |Rest], Els, Occ, Env, S, Checked) ->
+    check_sequence(Rest,Els,Occ,Env,S,[C |Checked]);
 check_sequence(Rest,[],_Occ,_Env,S,Checked) ->
     {Checked,Rest,set_num_el(S,0)};
 check_sequence([],Els,_Occ,_Env,S,Checked) ->
@@ -2869,6 +2880,8 @@ check_all(XML=[E=#xmlElement{name=Name}|RestXML],CM,Occ,Env,S,
 		   {element_not_in_all,ElName,E,CM}},
 	    check_all(RestXML,CM,Occ,Env,acc_errs(S,Err),[E|Checked],PrevXML)
     end;
+check_all([C=#xmlComment{} |RestXML], CM, Occ, Env, S, Checked, XML) ->
+    check_all(RestXML, CM, Occ, Env, S, [C |Checked], XML);
 check_all(XML,[],_,_,S,Checked,_) ->
     {Checked,XML,S};
 check_all([],CM,_Occ,_,S,Checked,_PrevXML) ->
@@ -2920,7 +2933,7 @@ check_target_namespace(XMLEl,S) ->
 
 schemaLocations(El=#xmlElement{attributes=Atts},S) ->
     Pred = fun(#xmlAttribute{name=schemaLocation}) -> false;
-	      (#xmlAttribute{namespace={_,"schemaLocation"}}) -> false;
+	      (#xmlAttribute{nsinfo={_,"schemaLocation"}}) -> false;
 	      (_) -> true
 	   end,
     case lists:dropwhile(Pred,Atts) of
diff --git a/lib/xmerl/test/xmerl_SUITE.erl b/lib/xmerl/test/xmerl_SUITE.erl
index 94c38d4d48..55b6d1844c 100644
--- a/lib/xmerl/test/xmerl_SUITE.erl
+++ b/lib/xmerl/test/xmerl_SUITE.erl
@@ -58,7 +58,7 @@ groups() ->
      {ticket_tests, [],
       [ticket_5998, ticket_7211, ticket_7214, ticket_7430,
        ticket_6873, ticket_7496, ticket_8156, ticket_8697,
-       ticket_9411, ticket_9457]},
+       ticket_9411, ticket_9457, ticket_9664_schema, ticket_9664_dtd]},
      {app_test, [], [{xmerl_app_test, all}]},
      {appup_test, [], [{xmerl_appup_test, all}]}].
 
@@ -284,7 +284,7 @@ export(Config) ->
     ?line {E,_} = xmerl_scan:file(TestFile),
     ?line Exported = xmerl:export([E],xmerl_xml,[{prolog,Prolog}]),
     B = list_to_binary(Exported++"\n"),
-    ?line {ok,B} = file:read_file(TestFile),
+    ?line {ok, B} = file:read_file(TestFile),
     ok.
 
 %%----------------------------------------------------------------------
@@ -609,6 +609,38 @@ ticket_9457_cont(Continue, Exception, GlobalState) ->
 	    Exception(GlobalState)
     end.
 
+
+ticket_9664_schema(suite) -> [];
+ticket_9664_schema(doc) -> 
+    ["Test that comments are handled correct whith"];
+ticket_9664_schema(Config) ->
+
+    ?line {E, _} = xmerl_scan:file(filename:join([?config(data_dir, Config), misc,
+						  "ticket_9664_schema.xml"]),[]),
+    ?line {ok, S} = xmerl_xsd:process_schema(filename:join([?config(data_dir, Config), misc,
+							    "motorcycles.xsd"])),
+    ?line {E1, _} = xmerl_xsd:validate(E, S),
+
+    ?line {E1,_} = xmerl_xsd:process_validate(filename:join([?config(data_dir,Config), misc,
+							    "motorcycles.xsd"]),E,[]),
+
+    ?line {E1,_} = xmerl_scan:file(filename:join([?config(data_dir,Config),  misc,
+						 "ticket_9664_schema.xml"]), 
+				  [{schemaLocation, [{"mc", "motorcycles.xsd"}]},
+				   {validation, schema}]),
+    ok.
+
+ticket_9664_dtd(suite) -> [];
+ticket_9664_dtd(doc) -> 
+    ["Test that comments are handled correct whith"];
+ticket_9664_dtd(Config) ->
+    ?line {E, _} = xmerl_scan:file(filename:join([?config(data_dir, Config),  misc,
+						  "ticket_9664_dtd.xml"]),[]),
+    ?line {E, _} = xmerl_scan:file(filename:join([?config(data_dir, Config),  misc,
+						  "ticket_9664_dtd.xml"]),[{validation, true}]),
+    ok.
+
+
 %%======================================================================
 %% Support Functions
 %%======================================================================
diff --git a/lib/xmerl/test/xmerl_SUITE_data/misc.tar.gz b/lib/xmerl/test/xmerl_SUITE_data/misc.tar.gz
index fef7431845..ffc1d327a5 100644
--- a/lib/xmerl/test/xmerl_SUITE_data/misc.tar.gz
+++ b/lib/xmerl/test/xmerl_SUITE_data/misc.tar.gz
diff --git a/lib/xmerl/test/xmerl_SUITE_data/xpath/xpath_abbrev.erl b/lib/xmerl/test/xmerl_SUITE_data/xpath/xpath_abbrev.erl
index 850b7f8135..7b6f1e95b3 100644
--- a/lib/xmerl/test/xmerl_SUITE_data/xpath/xpath_abbrev.erl
+++ b/lib/xmerl/test/xmerl_SUITE_data/xpath/xpath_abbrev.erl
@@ -210,7 +210,7 @@ ticket_7496() ->
     ?line {Doc3,_} = xmerl_scan:file("documentRoot.xml"),
     ?line ok = Test(Doc3,"//child",[child,child,child]),
     ?line ok = Test(Doc3,"//child[@name='beta']",[child]),
-    ?line [{xmlAttribute,id,[],[],[],[],1,[],"2",false}] =
+    ?line [{xmlAttribute,id,[],[],[],_,1,[],"2",false}] =
 	xmerl_xpath:string("/documentRoot/parent/child[@name='beta']/@id",Doc3),
     ?line ok = Test(Doc3,"/documentRoot/parent/child|/documentRoot/parent/pet",
 		    [child,child,child,pet,pet]),
diff --git a/lib/xmerl/test/xmerl_test_lib.erl b/lib/xmerl/test/xmerl_test_lib.erl
index a83956c076..e82ad283b2 100644
--- a/lib/xmerl/test/xmerl_test_lib.erl
+++ b/lib/xmerl/test/xmerl_test_lib.erl
@@ -87,6 +87,6 @@ keysearch_delete(Key,N,List) ->
 %% the original data directory.
 
 get_data_dir(Config) ->
-    Data0 = ?config(data_dir, Config),
-    {ok,Data,_} = regexp:sub(Data0, "xmerl_sax_std_SUITE", "xmerl_std_SUITE"),
-    Data.
+    Data = ?config(data_dir, Config),
+    Opts = [{return,list}],
+    re:replace(Data, "xmerl_sax_std_SUITE", "xmerl_std_SUITE", Opts).
diff --git a/lib/xmerl/test/xmerl_xsd_SUITE_data/mim.xsd b/lib/xmerl/test/xmerl_xsd_SUITE_data/mim.xsd
index 057344cde8..057344cde8 100755..100644
--- a/lib/xmerl/test/xmerl_xsd_SUITE_data/mim.xsd
+++ b/lib/xmerl/test/xmerl_xsd_SUITE_data/mim.xsd
diff --git a/lib/xmerl/vsn.mk b/lib/xmerl/vsn.mk
index 82df8fdeef..de47e3418b 100644
--- a/lib/xmerl/vsn.mk
+++ b/lib/xmerl/vsn.mk
@@ -1 +1 @@
-XMERL_VSN = 1.2.10
+XMERL_VSN = 1.3
diff --git a/lib/xmerl/xmerl.pub b/lib/xmerl/xmerl.pub
index 29a81bbde2..29a81bbde2 100755..100644
--- a/lib/xmerl/xmerl.pub
+++ b/lib/xmerl/xmerl.pub